From 4cc0cf8255a3726fe3f6cbbe1a877fe2fab7edc6 Mon Sep 17 00:00:00 2001 From: Ting Liu Date: Wed, 29 Jul 2015 18:11:18 -0300 Subject: openssl: rename to openssl-qoriq The QorIQ version of openssl needs to use another recipe name and have a common provider, which is than choosen for QorIQ-based machines. The recipe is now called 'openssl-qoriq' and it provides openssl so the preferrence is set just for QorIQ based machines. Signed-off-by: Ting Liu --- conf/machine/include/qoriq.inc | 2 +- ...double-initialization-of-cryptodev-engine.patch | 83 - ...ev-add-support-for-TLS-algorithms-offload.patch | 317 -- ...0003-cryptodev-fix-algorithm-registration.patch | 64 - ...ake-it-more-robust-and-recognize-KERNEL_B.patch | 74 - ...5-ECC-Support-header-for-Cryptodev-Engine.patch | 318 -- .../0006-Fixed-private-key-support-for-DH.patch | 33 - .../0007-Fixed-private-key-support-for-DH.patch | 35 - ...itial-support-for-PKC-in-cryptodev-engine.patch | 1564 ------- ...009-Added-hwrng-dev-file-as-source-of-RNG.patch | 28 - ...s-interface-added-for-PKC-cryptodev-inter.patch | 2039 --------- ...gen-operation-and-support-gendsa-command-.patch | 153 - .../openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch | 64 - .../0013-Removed-local-copy-of-curve_t-type.patch | 164 - ...us-parameter-is-not-populated-by-dhparams.patch | 43 - .../0015-SW-Backoff-mechanism-for-dsa-keygen.patch | 53 - .../0016-Fixed-DH-keygen-pair-generator.patch | 100 - ...dd-support-for-aes-gcm-algorithm-offloadi.patch | 309 -- ...ev-extend-TLS-offload-with-3des_cbc_hmac_.patch | 193 - ...ev-add-support-for-TLSv1.1-record-offload.patch | 355 -- ...ev-add-support-for-TLSv1.2-record-offload.patch | 359 -- .../0021-cryptodev-drop-redundant-function.patch | 75 - ...yptodev-do-not-zero-the-buffer-before-use.patch | 48 - .../0023-cryptodev-clean-up-code-layout.patch | 72 - ...odev-do-not-cache-file-descriptor-in-open.patch | 100 - ...cryptodev-put_dev_crypto-should-be-an-int.patch | 35 - ...todev-simplify-cryptodev-pkc-support-code.patch | 250 -- recipes-connectivity/openssl/openssl-qoriq.inc | 184 + .../openssl/openssl-qoriq/configure-targets.patch | 34 + .../openssl-qoriq/debian/c_rehash-compat.patch | 45 + .../openssl/openssl-qoriq/debian/ca.patch | 22 + .../openssl-qoriq/debian/debian-targets.patch | 66 + .../openssl-qoriq/debian/make-targets.patch | 15 + .../openssl/openssl-qoriq/debian/man-dir.patch | 15 + .../openssl/openssl-qoriq/debian/man-section.patch | 34 + .../openssl/openssl-qoriq/debian/no-rpath.patch | 15 + .../openssl/openssl-qoriq/debian/no-symbolic.patch | 15 + .../openssl/openssl-qoriq/debian/pic.patch | 177 + .../openssl-qoriq/debian/version-script.patch | 4670 ++++++++++++++++++++ .../engines-install-in-libdir-ssl.patch | 56 + recipes-connectivity/openssl/openssl-qoriq/find.pl | 54 + .../openssl-qoriq/fix-cipher-des-ede3-cfb1.patch | 22 + .../openssl-qoriq/initial-aarch64-bits.patch | 119 + .../openssl/openssl-qoriq/oe-ldflags.patch | 24 + ...-pointer-dereference-in-EVP_DigestInit_ex.patch | 21 + ...NULL-pointer-dereference-in-dh_pub_encode.patch | 39 + .../openssl-qoriq/openssl-fix-des.pod-error.patch | 19 + .../openssl/openssl-qoriq/openssl-fix-link.patch | 35 + .../openssl-qoriq/openssl_fix_for_x32.patch | 90 + ...double-initialization-of-cryptodev-engine.patch | 83 + ...ev-add-support-for-TLS-algorithms-offload.patch | 317 ++ ...0003-cryptodev-fix-algorithm-registration.patch | 64 + ...ake-it-more-robust-and-recognize-KERNEL_B.patch | 74 + ...5-ECC-Support-header-for-Cryptodev-Engine.patch | 318 ++ .../0006-Fixed-private-key-support-for-DH.patch | 33 + .../0007-Fixed-private-key-support-for-DH.patch | 35 + ...itial-support-for-PKC-in-cryptodev-engine.patch | 1564 +++++++ ...009-Added-hwrng-dev-file-as-source-of-RNG.patch | 28 + ...s-interface-added-for-PKC-cryptodev-inter.patch | 2039 +++++++++ ...gen-operation-and-support-gendsa-command-.patch | 153 + .../openssl-qoriq/qoriq/0012-RSA-Keygen-Fix.patch | 64 + .../0013-Removed-local-copy-of-curve_t-type.patch | 164 + ...us-parameter-is-not-populated-by-dhparams.patch | 43 + .../0015-SW-Backoff-mechanism-for-dsa-keygen.patch | 53 + .../0016-Fixed-DH-keygen-pair-generator.patch | 100 + ...dd-support-for-aes-gcm-algorithm-offloadi.patch | 309 ++ ...ev-extend-TLS-offload-with-3des_cbc_hmac_.patch | 193 + ...ev-add-support-for-TLSv1.1-record-offload.patch | 355 ++ ...ev-add-support-for-TLSv1.2-record-offload.patch | 359 ++ .../0021-cryptodev-drop-redundant-function.patch | 75 + ...yptodev-do-not-zero-the-buffer-before-use.patch | 48 + .../0023-cryptodev-clean-up-code-layout.patch | 72 + ...odev-do-not-cache-file-descriptor-in-open.patch | 100 + ...cryptodev-put_dev_crypto-should-be-an-int.patch | 35 + ...todev-simplify-cryptodev-pkc-support-code.patch | 250 ++ .../openssl/openssl-qoriq/shared-libs.patch | 41 + .../openssl/openssl-qoriq_1.0.1i.bb | 96 + recipes-connectivity/openssl/openssl.inc | 174 - .../openssl/openssl/configure-targets.patch | 34 - .../openssl/openssl/debian/c_rehash-compat.patch | 45 - .../openssl/openssl/debian/ca.patch | 22 - .../openssl/openssl/debian/debian-targets.patch | 66 - .../openssl/openssl/debian/make-targets.patch | 15 - .../openssl/openssl/debian/man-dir.patch | 15 - .../openssl/openssl/debian/man-section.patch | 34 - .../openssl/openssl/debian/no-rpath.patch | 15 - .../openssl/openssl/debian/no-symbolic.patch | 15 - .../openssl/openssl/debian/pic.patch | 177 - .../openssl/openssl/debian/version-script.patch | 4670 -------------------- .../openssl/engines-install-in-libdir-ssl.patch | 56 - recipes-connectivity/openssl/openssl/find.pl | 54 - .../openssl/openssl/fix-cipher-des-ede3-cfb1.patch | 22 - .../openssl/openssl/initial-aarch64-bits.patch | 119 - .../openssl/openssl/oe-ldflags.patch | 24 - ...-pointer-dereference-in-EVP_DigestInit_ex.patch | 21 - ...NULL-pointer-dereference-in-dh_pub_encode.patch | 39 - .../openssl/openssl-fix-des.pod-error.patch | 19 - .../openssl/openssl/openssl-fix-link.patch | 35 - .../openssl/openssl/openssl_fix_for_x32.patch | 90 - .../openssl/openssl/shared-libs.patch | 41 - recipes-connectivity/openssl/openssl_1.0.1i.bb | 53 - .../openssl/openssl_1.0.1i.bbappend | 40 - 102 files changed, 12837 insertions(+), 12824 deletions(-) delete mode 100644 recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch delete mode 100644 recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch delete mode 100644 recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch delete mode 100644 recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch delete mode 100644 recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch delete mode 100644 recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch delete mode 100644 recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch delete mode 100644 recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch delete mode 100644 recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch delete mode 100644 recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch delete mode 100644 recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch delete mode 100644 recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch delete mode 100644 recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch delete mode 100644 recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch delete mode 100644 recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch delete mode 100644 recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch delete mode 100644 recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch delete mode 100644 recipes-connectivity/openssl/openssl-fsl/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch delete mode 100644 recipes-connectivity/openssl/openssl-fsl/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch delete mode 100644 recipes-connectivity/openssl/openssl-fsl/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch delete mode 100644 recipes-connectivity/openssl/openssl-fsl/0021-cryptodev-drop-redundant-function.patch delete mode 100644 recipes-connectivity/openssl/openssl-fsl/0022-cryptodev-do-not-zero-the-buffer-before-use.patch delete mode 100644 recipes-connectivity/openssl/openssl-fsl/0023-cryptodev-clean-up-code-layout.patch delete mode 100644 recipes-connectivity/openssl/openssl-fsl/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch delete mode 100644 recipes-connectivity/openssl/openssl-fsl/0025-cryptodev-put_dev_crypto-should-be-an-int.patch delete mode 100644 recipes-connectivity/openssl/openssl-fsl/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq.inc create mode 100644 recipes-connectivity/openssl/openssl-qoriq/configure-targets.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/debian/c_rehash-compat.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/debian/ca.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/debian/debian-targets.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/debian/make-targets.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/debian/man-dir.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/debian/man-section.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/debian/no-rpath.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/debian/no-symbolic.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/debian/pic.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/debian/version-script.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/engines-install-in-libdir-ssl.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/find.pl create mode 100644 recipes-connectivity/openssl/openssl-qoriq/fix-cipher-des-ede3-cfb1.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/initial-aarch64-bits.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/oe-ldflags.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/openssl-fix-des.pod-error.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/openssl-fix-link.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/openssl_fix_for_x32.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-ECC-Support-header-for-Cryptodev-Engine.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Fixed-private-key-support-for-DH.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Fixed-private-key-support-for-DH.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Initial-support-for-PKC-in-cryptodev-engine.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-Added-hwrng-dev-file-as-source-of-RNG.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-RSA-Keygen-Fix.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Removed-local-copy-of-curve_t-type.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-Modulus-parameter-is-not-populated-by-dhparams.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-SW-Backoff-mechanism-for-dsa-keygen.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-Fixed-DH-keygen-pair-generator.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-drop-redundant-function.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-do-not-zero-the-buffer-before-use.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-clean-up-code-layout.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-put_dev_crypto-should-be-an-int.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq/shared-libs.patch create mode 100644 recipes-connectivity/openssl/openssl-qoriq_1.0.1i.bb delete mode 100644 recipes-connectivity/openssl/openssl.inc delete mode 100644 recipes-connectivity/openssl/openssl/configure-targets.patch delete mode 100644 recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch delete mode 100644 recipes-connectivity/openssl/openssl/debian/ca.patch delete mode 100644 recipes-connectivity/openssl/openssl/debian/debian-targets.patch delete mode 100644 recipes-connectivity/openssl/openssl/debian/make-targets.patch delete mode 100644 recipes-connectivity/openssl/openssl/debian/man-dir.patch delete mode 100644 recipes-connectivity/openssl/openssl/debian/man-section.patch delete mode 100644 recipes-connectivity/openssl/openssl/debian/no-rpath.patch delete mode 100644 recipes-connectivity/openssl/openssl/debian/no-symbolic.patch delete mode 100644 recipes-connectivity/openssl/openssl/debian/pic.patch delete mode 100644 recipes-connectivity/openssl/openssl/debian/version-script.patch delete mode 100644 recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch delete mode 100644 recipes-connectivity/openssl/openssl/find.pl delete mode 100644 recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch delete mode 100644 recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch delete mode 100644 recipes-connectivity/openssl/openssl/oe-ldflags.patch delete mode 100644 recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch delete mode 100644 recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch delete mode 100644 recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch delete mode 100644 recipes-connectivity/openssl/openssl/openssl-fix-link.patch delete mode 100644 recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch delete mode 100644 recipes-connectivity/openssl/openssl/shared-libs.patch delete mode 100644 recipes-connectivity/openssl/openssl_1.0.1i.bb delete mode 100644 recipes-connectivity/openssl/openssl_1.0.1i.bbappend diff --git a/conf/machine/include/qoriq.inc b/conf/machine/include/qoriq.inc index 84b5abb..70cd56b 100644 --- a/conf/machine/include/qoriq.inc +++ b/conf/machine/include/qoriq.inc @@ -6,9 +6,9 @@ PREFERRED_PROVIDER_u-boot ?= "u-boot-qoriq" PREFERRED_PROVIDER_cryptodev-linux = "cryptodev-qoriq-linux" PREFERRED_PROVIDER_cryptodev-module = "cryptodev-qoriq-module" PREFERRED_PROVIDER_cryptodev-tests = "cryptodev-qoriq-tests" +PREFERRED_PROVIDER_openssl = "openssl-qoriq" PREFERRED_VERSION_qemu = "2.4.0+fsl" -PREFERRED_VERSION_openssl = "1.0.1i" MACHINE_FEATURES = "keyboard pci ext2 ext3 serial" MACHINE_EXTRA_RRECOMMENDS += "udev-rules-qoriq kernel-modules" diff --git a/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch deleted file mode 100644 index e7b874f..0000000 --- a/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch +++ /dev/null @@ -1,83 +0,0 @@ -From 9297e3834518ff0558d6e7004a62adfd107e659a Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Tue, 10 Sep 2013 12:46:46 +0300 -Subject: [PATCH 01/26] remove double initialization of cryptodev engine - -cryptodev engine is initialized together with the other engines in -ENGINE_load_builtin_engines. The initialization done through -OpenSSL_add_all_algorithms is redundant. - -Change-Id: Ic9488500967595543ff846f147b36f383db7cb27 -Signed-off-by: Cristian Stoica -Reviewed-on: http://git.am.freescale.net:8181/17222 ---- - crypto/engine/eng_all.c | 11 ----------- - crypto/engine/engine.h | 4 ---- - crypto/evp/c_all.c | 5 ----- - util/libeay.num | 2 +- - 4 files changed, 1 insertion(+), 21 deletions(-) - -diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c -index 6093376..f16c043 100644 ---- a/crypto/engine/eng_all.c -+++ b/crypto/engine/eng_all.c -@@ -122,14 +122,3 @@ void ENGINE_load_builtin_engines(void) - #endif - ENGINE_register_all_complete(); - } -- --#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) --void ENGINE_setup_bsd_cryptodev(void) { -- static int bsd_cryptodev_default_loaded = 0; -- if (!bsd_cryptodev_default_loaded) { -- ENGINE_load_cryptodev(); -- ENGINE_register_all_complete(); -- } -- bsd_cryptodev_default_loaded=1; --} --#endif -diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h -index f8be497..237a6c9 100644 ---- a/crypto/engine/engine.h -+++ b/crypto/engine/engine.h -@@ -740,10 +740,6 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, - * values. */ - void *ENGINE_get_static_state(void); - --#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) --void ENGINE_setup_bsd_cryptodev(void); --#endif -- - /* BEGIN ERROR CODES */ - /* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. -diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c -index 766c4ce..5d6c21b 100644 ---- a/crypto/evp/c_all.c -+++ b/crypto/evp/c_all.c -@@ -82,9 +82,4 @@ void OPENSSL_add_all_algorithms_noconf(void) - OPENSSL_cpuid_setup(); - OpenSSL_add_all_ciphers(); - OpenSSL_add_all_digests(); --#ifndef OPENSSL_NO_ENGINE --# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) -- ENGINE_setup_bsd_cryptodev(); --# endif --#endif - } -diff --git a/util/libeay.num b/util/libeay.num -index aa86b2b..ae50040 100755 ---- a/util/libeay.num -+++ b/util/libeay.num -@@ -2801,7 +2801,7 @@ BIO_indent 3242 EXIST::FUNCTION: - BUF_strlcpy 3243 EXIST::FUNCTION: - OpenSSLDie 3244 EXIST::FUNCTION: - OPENSSL_cleanse 3245 EXIST::FUNCTION: --ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE -+ENGINE_setup_bsd_cryptodev 3246 NOEXIST::FUNCTION: - ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH - EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES - FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION: --- -2.3.5 - diff --git a/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch b/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch deleted file mode 100644 index ab2b7ea..0000000 --- a/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch +++ /dev/null @@ -1,317 +0,0 @@ -From dfd6ba263dc25ea2a4bbc32448b24ca2b1fc40e8 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Thu, 29 Aug 2013 16:51:18 +0300 -Subject: [PATCH 02/26] eng_cryptodev: add support for TLS algorithms offload - -- aes-128-cbc-hmac-sha1 -- aes-256-cbc-hmac-sha1 - -Requires TLS patches on cryptodev and TLS algorithm support in Linux -kernel driver. - -Change-Id: I43048caa348414daddd6c1a5cdc55e769ac1945f -Signed-off-by: Cristian Stoica -Reviewed-on: http://git.am.freescale.net:8181/17223 ---- - crypto/engine/eng_cryptodev.c | 222 +++++++++++++++++++++++++++++++++++++++--- - 1 file changed, 211 insertions(+), 11 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 5a715ac..7588a28 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -72,6 +72,9 @@ ENGINE_load_cryptodev(void) - struct dev_crypto_state { - struct session_op d_sess; - int d_fd; -+ unsigned char *aad; -+ unsigned int aad_len; -+ unsigned int len; - - #ifdef USE_CRYPTODEV_DIGESTS - char dummy_mac_key[HASH_MAX_LEN]; -@@ -140,17 +143,20 @@ static struct { - int nid; - int ivmax; - int keylen; -+ int mackeylen; - } ciphers[] = { -- { CRYPTO_ARC4, NID_rc4, 0, 16, }, -- { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, -- { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, -- { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, -- { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, -- { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, -- { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, -- { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, -- { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, -- { 0, NID_undef, 0, 0, }, -+ { CRYPTO_ARC4, NID_rc4, 0, 16, 0}, -+ { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, 0}, -+ { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, 0}, -+ { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, 0}, -+ { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, 0}, -+ { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, 0}, -+ { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, 0}, -+ { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0}, -+ { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0}, -+ { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20}, -+ { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20}, -+ { 0, NID_undef, 0, 0, 0}, - }; - - #ifdef USE_CRYPTODEV_DIGESTS -@@ -250,13 +256,15 @@ get_cryptodev_ciphers(const int **cnids) - } - memset(&sess, 0, sizeof(sess)); - sess.key = (caddr_t)"123456789abcdefghijklmno"; -+ sess.mackey = (caddr_t)"123456789ABCDEFGHIJKLMNO"; - - for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { - if (ciphers[i].nid == NID_undef) - continue; - sess.cipher = ciphers[i].id; - sess.keylen = ciphers[i].keylen; -- sess.mac = 0; -+ sess.mackeylen = ciphers[i].mackeylen; -+ - if (ioctl(fd, CIOCGSESSION, &sess) != -1 && - ioctl(fd, CIOCFSESSION, &sess.ses) != -1) - nids[count++] = ciphers[i].nid; -@@ -414,6 +422,67 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - return (1); - } - -+ -+static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -+ const unsigned char *in, size_t len) -+{ -+ struct crypt_auth_op cryp; -+ struct dev_crypto_state *state = ctx->cipher_data; -+ struct session_op *sess = &state->d_sess; -+ const void *iiv; -+ unsigned char save_iv[EVP_MAX_IV_LENGTH]; -+ -+ if (state->d_fd < 0) -+ return (0); -+ if (!len) -+ return (1); -+ if ((len % ctx->cipher->block_size) != 0) -+ return (0); -+ -+ memset(&cryp, 0, sizeof(cryp)); -+ -+ /* TODO: make a seamless integration with cryptodev flags */ -+ switch (ctx->cipher->nid) { -+ case NID_aes_128_cbc_hmac_sha1: -+ case NID_aes_256_cbc_hmac_sha1: -+ cryp.flags = COP_FLAG_AEAD_TLS_TYPE; -+ } -+ cryp.ses = sess->ses; -+ cryp.len = state->len; -+ cryp.src = (caddr_t) in; -+ cryp.dst = (caddr_t) out; -+ cryp.auth_src = state->aad; -+ cryp.auth_len = state->aad_len; -+ -+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; -+ -+ if (ctx->cipher->iv_len) { -+ cryp.iv = (caddr_t) ctx->iv; -+ if (!ctx->encrypt) { -+ iiv = in + len - ctx->cipher->iv_len; -+ memcpy(save_iv, iiv, ctx->cipher->iv_len); -+ } -+ } else -+ cryp.iv = NULL; -+ -+ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) { -+ /* XXX need better errror handling -+ * this can fail for a number of different reasons. -+ */ -+ return (0); -+ } -+ -+ if (ctx->cipher->iv_len) { -+ if (ctx->encrypt) -+ iiv = out + len - ctx->cipher->iv_len; -+ else -+ iiv = save_iv; -+ memcpy(ctx->iv, iiv, ctx->cipher->iv_len); -+ } -+ return (1); -+} -+ -+ - static int - cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -@@ -452,6 +521,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - return (1); - } - -+/* Save the encryption key provided by upper layers. -+ * -+ * This function is called by EVP_CipherInit_ex to initialize the algorithm's -+ * extra data. We can't do much here because the mac key is not available. -+ * The next call should/will be to cryptodev_cbc_hmac_sha1_ctrl with parameter -+ * EVP_CTRL_AEAD_SET_MAC_KEY, to set the hmac key. There we call CIOCGSESSION -+ * with both the crypto and hmac keys. -+ */ -+static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx, -+ const unsigned char *key, const unsigned char *iv, int enc) -+{ -+ struct dev_crypto_state *state = ctx->cipher_data; -+ struct session_op *sess = &state->d_sess; -+ int cipher = -1, i; -+ -+ for (i = 0; ciphers[i].id; i++) -+ if (ctx->cipher->nid == ciphers[i].nid && -+ ctx->cipher->iv_len <= ciphers[i].ivmax && -+ ctx->key_len == ciphers[i].keylen) { -+ cipher = ciphers[i].id; -+ break; -+ } -+ -+ if (!ciphers[i].id) { -+ state->d_fd = -1; -+ return (0); -+ } -+ -+ memset(sess, 0, sizeof(struct session_op)); -+ -+ sess->key = (caddr_t)key; -+ sess->keylen = ctx->key_len; -+ sess->cipher = cipher; -+ -+ /* for whatever reason, (1) means success */ -+ return (1); -+} -+ -+ - /* - * free anything we allocated earlier when initting a - * session, and close the session. -@@ -488,6 +596,63 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx) - return (ret); - } - -+static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, -+ void *ptr) -+{ -+ switch (type) { -+ case EVP_CTRL_AEAD_SET_MAC_KEY: -+ { -+ /* TODO: what happens with hmac keys larger than 64 bytes? */ -+ struct dev_crypto_state *state = ctx->cipher_data; -+ struct session_op *sess = &state->d_sess; -+ -+ if ((state->d_fd = get_dev_crypto()) < 0) -+ return (0); -+ -+ /* the rest should have been set in cryptodev_init_aead_key */ -+ sess->mackey = ptr; -+ sess->mackeylen = arg; -+ -+ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { -+ put_dev_crypto(state->d_fd); -+ state->d_fd = -1; -+ return (0); -+ } -+ return (1); -+ } -+ case EVP_CTRL_AEAD_TLS1_AAD: -+ { -+ /* ptr points to the associated data buffer of 13 bytes */ -+ struct dev_crypto_state *state = ctx->cipher_data; -+ unsigned char *p = ptr; -+ unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1]; -+ unsigned int maclen, padlen; -+ unsigned int bs = ctx->cipher->block_size; -+ -+ state->aad = ptr; -+ state->aad_len = arg; -+ state->len = cryptlen; -+ -+ /* TODO: this should be an extension of EVP_CIPHER struct */ -+ switch (ctx->cipher->nid) { -+ case NID_aes_128_cbc_hmac_sha1: -+ case NID_aes_256_cbc_hmac_sha1: -+ maclen = SHA_DIGEST_LENGTH; -+ } -+ -+ /* space required for encryption (not only TLS padding) */ -+ padlen = maclen; -+ if (ctx->encrypt) { -+ cryptlen += maclen; -+ padlen += bs - (cryptlen % bs); -+ } -+ return padlen; -+ } -+ default: -+ return -1; -+ } -+} -+ - /* - * libcrypto EVP stuff - this is how we get wired to EVP so the engine - * gets called when libcrypto requests a cipher NID. -@@ -600,6 +765,33 @@ const EVP_CIPHER cryptodev_aes_256_cbc = { - NULL - }; - -+const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = { -+ NID_aes_128_cbc_hmac_sha1, -+ 16, 16, 16, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, -+ cryptodev_init_aead_key, -+ cryptodev_aead_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_cbc_hmac_sha1_ctrl, -+ NULL -+}; -+ -+const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = { -+ NID_aes_256_cbc_hmac_sha1, -+ 16, 32, 16, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, -+ cryptodev_init_aead_key, -+ cryptodev_aead_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_cbc_hmac_sha1_ctrl, -+ NULL -+}; - /* - * Registered by the ENGINE when used to find out how to deal with - * a particular NID in the ENGINE. this says what we'll do at the -@@ -637,6 +829,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - case NID_aes_256_cbc: - *cipher = &cryptodev_aes_256_cbc; - break; -+ case NID_aes_128_cbc_hmac_sha1: -+ *cipher = &cryptodev_aes_128_cbc_hmac_sha1; -+ break; -+ case NID_aes_256_cbc_hmac_sha1: -+ *cipher = &cryptodev_aes_256_cbc_hmac_sha1; -+ break; - default: - *cipher = NULL; - break; -@@ -1384,6 +1582,8 @@ ENGINE_load_cryptodev(void) - } - put_dev_crypto(fd); - -+ EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); -+ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); - if (!ENGINE_set_id(engine, "cryptodev") || - !ENGINE_set_name(engine, "BSD cryptodev engine") || - !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || --- -2.3.5 - diff --git a/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch b/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch deleted file mode 100644 index f0d97e9..0000000 --- a/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 084fa469a8fef530d71a0870364df1c7997f6465 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Thu, 31 Jul 2014 14:06:19 +0300 -Subject: [PATCH 03/26] cryptodev: fix algorithm registration - -Cryptodev specific algorithms must register only if available in kernel. - -Change-Id: Iec5af8f4f3138357e4b96f2ec1627278134e4808 -Signed-off-by: Cristian Stoica -Reviewed-on: http://git.am.freescale.net:8181/15326 -Reviewed-by: Horia Ioan Geanta Neag -Reviewed-on: http://git.am.freescale.net:8181/17224 ---- - crypto/engine/eng_cryptodev.c | 20 +++++++++++++++++--- - 1 file changed, 17 insertions(+), 3 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 7588a28..e3eb98b 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -133,6 +133,8 @@ static int cryptodev_dh_compute_key(unsigned char *key, - static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, - void (*f)(void)); - void ENGINE_load_cryptodev(void); -+const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; -+const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; - - static const ENGINE_CMD_DEFN cryptodev_defns[] = { - { 0, NULL, NULL, 0 } -@@ -342,7 +344,21 @@ get_cryptodev_digests(const int **cnids) - static int - cryptodev_usable_ciphers(const int **nids) - { -- return (get_cryptodev_ciphers(nids)); -+ int i, count; -+ -+ count = get_cryptodev_ciphers(nids); -+ /* add ciphers specific to cryptodev if found in kernel */ -+ for(i = 0; i < count; i++) { -+ switch (*(*nids + i)) { -+ case NID_aes_128_cbc_hmac_sha1: -+ EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); -+ break; -+ case NID_aes_256_cbc_hmac_sha1: -+ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); -+ break; -+ } -+ } -+ return count; - } - - static int -@@ -1582,8 +1598,6 @@ ENGINE_load_cryptodev(void) - } - put_dev_crypto(fd); - -- EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); -- EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); - if (!ENGINE_set_id(engine, "cryptodev") || - !ENGINE_set_name(engine, "BSD cryptodev engine") || - !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || --- -2.3.5 - diff --git a/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch b/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch deleted file mode 100644 index 2d722d8..0000000 --- a/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 7d770f0324498d1fa78300cc5cecc8c1dcd3b788 Mon Sep 17 00:00:00 2001 -From: Andy Polyakov -Date: Sun, 21 Oct 2012 18:19:41 +0000 -Subject: [PATCH 04/26] linux-pcc: make it more robust and recognize - KERNEL_BITS variable. - -(cherry picked from commit 78c3e20579d3baa159c8b51b59d415b6e521614b) - -Change-Id: I769c466f052305681ab54a1b6545d94c7fbf5a9d -Signed-off-by: Cristian Stoica ---- - config | 19 +++++++++++++------ - crypto/ppccap.c | 7 +++++++ - 2 files changed, 20 insertions(+), 6 deletions(-) - -diff --git a/config b/config -index 41fa2a6..f37b9e6 100755 ---- a/config -+++ b/config -@@ -587,13 +587,20 @@ case "$GUESSOS" in - fi - ;; - ppc64-*-linux2) -- echo "WARNING! If you wish to build 64-bit library, then you have to" -- echo " invoke './Configure linux-ppc64' *manually*." -- if [ "$TEST" = "false" -a -t 1 ]; then -- echo " You have about 5 seconds to press Ctrl-C to abort." -- (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1 -+ if [ -z "$KERNEL_BITS" ]; then -+ echo "WARNING! If you wish to build 64-bit library, then you have to" -+ echo " invoke './Configure linux-ppc64' *manually*." -+ if [ "$TEST" = "false" -a -t 1 ]; then -+ echo " You have about 5 seconds to press Ctrl-C to abort." -+ (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1 -+ fi -+ fi -+ if [ "$KERNEL_BITS" = "64" ]; then -+ OUT="linux-ppc64" -+ else -+ OUT="linux-ppc" -+ (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || options="$options -m32" - fi -- OUT="linux-ppc" - ;; - ppc-*-linux2) OUT="linux-ppc" ;; - ppc60x-*-vxworks*) OUT="vxworks-ppc60x" ;; -diff --git a/crypto/ppccap.c b/crypto/ppccap.c -index f71ba66..531f1b3 100644 ---- a/crypto/ppccap.c -+++ b/crypto/ppccap.c -@@ -4,6 +4,9 @@ - #include - #include - #include -+#ifdef __linux -+#include -+#endif - #include - #include - -@@ -102,6 +105,10 @@ void OPENSSL_cpuid_setup(void) - - if (sizeof(size_t)==4) - { -+#ifdef __linux -+ struct utsname uts; -+ if (uname(&uts)==0 && strcmp(uts.machine,"ppc64")==0) -+#endif - if (sigsetjmp(ill_jmp,1) == 0) - { - OPENSSL_ppc64_probe(); --- -2.3.5 - diff --git a/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch b/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch deleted file mode 100644 index c9ff5aa..0000000 --- a/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch +++ /dev/null @@ -1,318 +0,0 @@ -From 15abbcd740eafbf2a46b5da24be76acf4982743d Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Tue, 11 Mar 2014 05:56:54 +0545 -Subject: [PATCH 05/26] ECC Support header for Cryptodev Engine - -Upstream-status: Pending - -Signed-off-by: Yashpal Dutta ---- - crypto/engine/eng_cryptodev_ec.h | 296 +++++++++++++++++++++++++++++++++++++++ - 1 file changed, 296 insertions(+) - create mode 100644 crypto/engine/eng_cryptodev_ec.h - -diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h -new file mode 100644 -index 0000000..77aee71 ---- /dev/null -+++ b/crypto/engine/eng_cryptodev_ec.h -@@ -0,0 +1,296 @@ -+/* -+ * Copyright (C) 2012 Freescale Semiconductor, Inc. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN -+ * NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR -+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+#ifndef __ENG_EC_H -+#define __ENG_EC_H -+ -+#define SPCF_CPARAM_INIT(X,...) \ -+static unsigned char X##_c[] = {__VA_ARGS__} \ -+ -+#define SPCF_FREE_BN(X) do { if(X) { BN_clear_free(X); X = NULL; } } while (0) -+ -+#define SPCF_COPY_CPARAMS(NIDBUF) \ -+ do { \ -+ memcpy (buf, NIDBUF, buf_len); \ -+ } while (0) -+ -+#define SPCF_CPARAM_CASE(X) \ -+ case NID_##X: \ -+ SPCF_COPY_CPARAMS(X##_c); \ -+ break -+ -+SPCF_CPARAM_INIT(sect113r1, 0x01, 0x73, 0xE8, 0x34, 0xAF, 0x28, 0xEC, 0x76, -+ 0xCB, 0x83, 0xBD, 0x8D, 0xFE, 0xB2, 0xD5); -+SPCF_CPARAM_INIT(sect113r2, 0x00, 0x54, 0xD9, 0xF0, 0x39, 0x57, 0x17, 0x4A, -+ 0x32, 0x32, 0x91, 0x67, 0xD7, 0xFE, 0x71); -+SPCF_CPARAM_INIT(sect131r1, 0x03, 0xDB, 0x89, 0xB4, 0x05, 0xE4, 0x91, 0x16, -+ 0x0E, 0x3B, 0x2F, 0x07, 0xB0, 0xCE, 0x20, 0xB3, 0x7E); -+SPCF_CPARAM_INIT(sect131r2, 0x07, 0xCB, 0xB9, 0x92, 0x0D, 0x71, 0xA4, 0x8E, -+ 0x09, 0x9C, 0x38, 0xD7, 0x1D, 0xA6, 0x49, 0x0E, 0xB1); -+SPCF_CPARAM_INIT(sect163k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x01); -+SPCF_CPARAM_INIT(sect163r1, 0x05, 0xED, 0x40, 0x3E, 0xD5, 0x8E, 0xB4, 0x5B, -+ 0x1C, 0xCE, 0xCA, 0x0F, 0x4F, 0x61, 0x65, 0x55, 0x49, 0x86, -+ 0x1B, 0xE0, 0x52); -+SPCF_CPARAM_INIT(sect163r2, 0x07, 0x2C, 0x4E, 0x1E, 0xF7, 0xCB, 0x2F, 0x3A, -+ 0x03, 0x5D, 0x33, 0x10, 0x42, 0x94, 0x15, 0x96, 0x09, 0x13, -+ 0x8B, 0xB4, 0x04); -+SPCF_CPARAM_INIT(sect193r1, 0x01, 0x67, 0xB3, 0x5E, 0xB4, 0x31, 0x3F, 0x26, -+ 0x3D, 0x0F, 0x7A, 0x3D, 0x50, 0x36, 0xF0, 0xA0, 0xA3, 0xC9, -+ 0x80, 0xD4, 0x0E, 0x5A, 0x05, 0x3E, 0xD2); -+SPCF_CPARAM_INIT(sect193r2, 0x00, 0x69, 0x89, 0xFE, 0x6B, 0xFE, 0x30, 0xED, -+ 0xDC, 0x32, 0x44, 0x26, 0x9F, 0x3A, 0xAD, 0x18, 0xD6, 0x6C, -+ 0xF3, 0xDB, 0x3E, 0x33, 0x02, 0xFA, 0xA8); -+SPCF_CPARAM_INIT(sect233k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x01); -+SPCF_CPARAM_INIT(sect233r1, 0x00, 0x07, 0xD5, 0xEF, 0x43, 0x89, 0xDF, 0xF1, -+ 0x1E, 0xCD, 0xBA, 0x39, 0xC3, 0x09, 0x70, 0xD3, 0xCE, 0x35, -+ 0xCE, 0xBB, 0xA5, 0x84, 0x73, 0xF6, 0x4B, 0x4D, 0xC0, 0xF2, -+ 0x68, 0x6C); -+SPCF_CPARAM_INIT(sect239k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x01); -+SPCF_CPARAM_INIT(sect283k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01); -+SPCF_CPARAM_INIT(sect283r1, 0x03, 0xD8, 0xC9, 0x3D, 0x3B, 0x0E, 0xA8, 0x1D, -+ 0x92, 0x94, 0x03, 0x4D, 0x7E, 0xE3, 0x13, 0x5D, 0x0A, 0xC5, -+ 0xFC, 0x8D, 0x9C, 0xB0, 0x27, 0x6F, 0x72, 0x11, 0xF8, 0x80, -+ 0xF0, 0xD8, 0x1C, 0xA4, 0xC6, 0xE8, 0x7B, 0x38); -+SPCF_CPARAM_INIT(sect409k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x01); -+SPCF_CPARAM_INIT(sect409r1, 0x01, 0x49, 0xB8, 0xB7, 0xBE, 0xBD, 0x9B, 0x63, -+ 0x65, 0x3E, 0xF1, 0xCD, 0x8C, 0x6A, 0x5D, 0xD1, 0x05, 0xA2, -+ 0xAA, 0xAC, 0x36, 0xFE, 0x2E, 0xAE, 0x43, 0xCF, 0x28, 0xCE, -+ 0x1C, 0xB7, 0xC8, 0x30, 0xC1, 0xEC, 0xDB, 0xFA, 0x41, 0x3A, -+ 0xB0, 0x7F, 0xE3, 0x5A, 0x57, 0x81, 0x1A, 0xE4, 0xF8, 0x8D, -+ 0x30, 0xAC, 0x63, 0xFB); -+SPCF_CPARAM_INIT(sect571k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x01); -+SPCF_CPARAM_INIT(sect571r1, 0x06, 0x39, 0x5D, 0xB2, 0x2A, 0xB5, 0x94, 0xB1, -+ 0x86, 0x8C, 0xED, 0x95, 0x25, 0x78, 0xB6, 0x53, 0x9F, 0xAB, -+ 0xA6, 0x94, 0x06, 0xD9, 0xB2, 0x98, 0x61, 0x23, 0xA1, 0x85, -+ 0xC8, 0x58, 0x32, 0xE2, 0x5F, 0xD5, 0xB6, 0x38, 0x33, 0xD5, -+ 0x14, 0x42, 0xAB, 0xF1, 0xA9, 0xC0, 0x5F, 0xF0, 0xEC, 0xBD, -+ 0x88, 0xD7, 0xF7, 0x79, 0x97, 0xF4, 0xDC, 0x91, 0x56, 0xAA, -+ 0xF1, 0xCE, 0x08, 0x16, 0x46, 0x86, 0xDD, 0xFF, 0x75, 0x11, -+ 0x6F, 0xBC, 0x9A, 0x7A); -+SPCF_CPARAM_INIT(X9_62_c2pnb163v1, 0x04, 0x53, 0xE1, 0xE4, 0xB7, 0x29, 0x1F, -+ 0x5C, 0x2D, 0x53, 0xCE, 0x18, 0x48, 0x3F, 0x00, 0x70, 0x81, -+ 0xE7, 0xEA, 0x26, 0xEC); -+SPCF_CPARAM_INIT(X9_62_c2pnb163v2, 0x04, 0x35, 0xC0, 0x19, 0x66, 0x0E, 0x01, -+ 0x01, 0xBA, 0x87, 0x0C, 0xA3, 0x9F, 0xD9, 0xA7, 0x76, 0x86, -+ 0x50, 0x9D, 0x28, 0x13); -+SPCF_CPARAM_INIT(X9_62_c2pnb163v3, 0x06, 0x55, 0xC4, 0x54, 0xE4, 0x1E, 0x38, -+ 0x0C, 0x7A, 0x60, 0xB6, 0x67, 0x9A, 0x5B, 0x7A, 0x3F, 0x3A, -+ 0xF6, 0x8E, 0x22, 0xC5); -+SPCF_CPARAM_INIT(X9_62_c2pnb176v1, 0x00, 0x69, 0xF7, 0xDA, 0x36, 0x19, 0xA7, -+ 0x42, 0xA3, 0x82, 0xFF, 0x05, 0x08, 0x8F, 0xD3, 0x99, 0x42, -+ 0xCA, 0x0F, 0x1D, 0x90, 0xB6, 0x5B); -+SPCF_CPARAM_INIT(X9_62_c2tnb191v1, 0x4C, 0x45, 0x25, 0xAB, 0x0B, 0x68, 0x4A, -+ 0x64, 0x44, 0x62, 0x0A, 0x86, 0x45, 0xEF, 0x54, 0x6D, 0x54, -+ 0x69, 0x39, 0x68, 0xC2, 0xAE, 0x84, 0xAC); -+SPCF_CPARAM_INIT(X9_62_c2tnb191v2, 0x03, 0x7C, 0x8F, 0x57, 0xA2, 0x25, 0xC7, -+ 0xB3, 0xD4, 0xED, 0xD5, 0x88, 0x0F, 0x38, 0x0A, 0xCC, 0x55, -+ 0x74, 0xEC, 0xB3, 0x6C, 0x9F, 0x51, 0x21); -+SPCF_CPARAM_INIT(X9_62_c2tnb191v3, 0x37, 0x39, 0xFF, 0x98, 0xB4, 0xD1, 0x69, -+ 0x3E, 0xCF, 0x52, 0x7A, 0x98, 0x51, 0xED, 0xCF, 0x99, 0x9D, -+ 0x9E, 0x75, 0x05, 0x43, 0x33, 0x43, 0x24); -+SPCF_CPARAM_INIT(X9_62_c2pnb208w1, 0x00, 0xDB, 0x05, 0x3C, 0x41, 0x76, 0xCC, -+ 0x1D, 0xA1, 0x27, 0x85, 0x2C, 0xA6, 0xD9, 0x88, 0xBE, 0x1A, -+ 0xCC, 0xD1, 0x5B, 0x2A, 0xC1, 0xC1, 0x07, 0x42, 0x57, 0x34); -+SPCF_CPARAM_INIT(X9_62_c2tnb239v1, 0x24, 0x59, 0xFC, 0xF4, 0x51, 0x7B, 0xC5, -+ 0xA6, 0xB9, 0x9B, 0xE5, 0xC6, 0xC5, 0x62, 0x85, 0xC0, 0x21, -+ 0xFE, 0x32, 0xEE, 0x2B, 0x6F, 0x1C, 0x22, 0xEA, 0x5B, 0xE1, -+ 0xB8, 0x4B, 0x93); -+SPCF_CPARAM_INIT(X9_62_c2tnb239v2, 0x64, 0x98, 0x84, 0x19, 0x3B, 0x56, 0x2D, -+ 0x4A, 0x50, 0xB4, 0xFA, 0x56, 0x34, 0xE0, 0x34, 0x41, 0x3F, -+ 0x94, 0xC4, 0x59, 0xDA, 0x7C, 0xDB, 0x16, 0x64, 0x9D, 0xDD, -+ 0xF7, 0xE6, 0x0A); -+SPCF_CPARAM_INIT(X9_62_c2tnb239v3, 0x32, 0x63, 0x2E, 0x65, 0x2B, 0xEE, 0x91, -+ 0xC2, 0xE4, 0xA2, 0xF5, 0x42, 0xA3, 0x2D, 0x67, 0xA8, 0xB5, -+ 0xB4, 0x5F, 0x21, 0xA0, 0x81, 0x02, 0xFB, 0x1F, 0x2A, 0xFB, -+ 0xB6, 0xAC, 0xDA); -+SPCF_CPARAM_INIT(X9_62_c2pnb272w1, 0x00, 0xDA, 0x7B, 0x60, 0x28, 0xF4, 0xC8, -+ 0x09, 0xA0, 0xB9, 0x78, 0x81, 0xC3, 0xA5, 0x7E, 0x4D, 0x71, -+ 0x81, 0x34, 0xD1, 0x3F, 0xEC, 0xE0, 0x90, 0x85, 0x8A, 0xC3, -+ 0x1A, 0xE2, 0xDC, 0x2E, 0xDF, 0x8E, 0x3C, 0x8B); -+SPCF_CPARAM_INIT(X9_62_c2pnb304w1, 0x00, 0x3C, 0x67, 0xB4, 0x07, 0xC6, 0xF3, -+ 0x3F, 0x81, 0x0B, 0x17, 0xDC, 0x16, 0xE2, 0x14, 0x8A, 0x2C, -+ 0x9C, 0xE2, 0x9D, 0x56, 0x05, 0x23, 0x69, 0x6A, 0x55, 0x93, -+ 0x8A, 0x15, 0x40, 0x81, 0xE3, 0xE3, 0xAE, 0xFB, 0xCE, 0x45, -+ 0x70, 0xC9); -+SPCF_CPARAM_INIT(X9_62_c2tnb359v1, 0x22, 0x39, 0xAA, 0x58, 0x4A, 0xC5, 0x9A, -+ 0xF9, 0x61, 0xD0, 0xFA, 0x2D, 0x52, 0x85, 0xB6, 0xFD, 0xF7, -+ 0x34, 0x9B, 0xC6, 0x0E, 0x91, 0xE3, 0x20, 0xF4, 0x71, 0x64, -+ 0xCE, 0x11, 0xF5, 0x18, 0xEF, 0xB4, 0xC0, 0x8B, 0x9B, 0xDA, -+ 0x99, 0x9A, 0x8A, 0x37, 0xF8, 0x2A, 0x22, 0x61); -+SPCF_CPARAM_INIT(X9_62_c2pnb368w1, 0x00, 0xC0, 0x6C, 0xCF, 0x42, 0x89, 0x3A, -+ 0x8A, 0xAA, 0x00, 0x1E, 0x0B, 0xC0, 0xD2, 0xA2, 0x27, 0x66, -+ 0xEF, 0x3E, 0x41, 0x88, 0x7C, 0xC6, 0x77, 0x6F, 0x4A, 0x04, -+ 0x1E, 0xE4, 0x45, 0x14, 0xB2, 0x0A, 0xFC, 0x4E, 0x5C, 0x30, -+ 0x40, 0x60, 0x06, 0x5B, 0xC8, 0xD6, 0xCF, 0x04, 0xD3, 0x25); -+SPCF_CPARAM_INIT(X9_62_c2tnb431r1, 0x64, 0xF5, 0xBB, 0xE9, 0xBB, 0x31, 0x66, -+ 0xA3, 0xA0, 0x2F, 0x2F, 0x22, 0xBF, 0x05, 0xD9, 0xF7, 0xDA, -+ 0x43, 0xEE, 0x70, 0xC1, 0x79, 0x03, 0x15, 0x2B, 0x70, 0xA0, -+ 0xB4, 0x25, 0x9B, 0xD2, 0xFC, 0xB2, 0x20, 0x3B, 0x7F, 0xB8, -+ 0xD3, 0x39, 0x4E, 0x20, 0xEB, 0x0E, 0xA9, 0x84, 0xDD, 0xB1, -+ 0xE1, 0xF1, 0x4C, 0x67, 0xB1, 0x36, 0x2B); -+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01); -+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x01); -+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls4, 0x01, 0x73, 0xE8, 0x34, 0xAF, 0x28, -+ 0xEC, 0x76, 0xCB, 0x83, 0xBD, 0x8D, 0xFE, 0xB2, 0xD5); -+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls5, 0x04, 0x53, 0xE1, 0xE4, 0xB7, 0x29, -+ 0x1F, 0x5C, 0x2D, 0x53, 0xCE, 0x18, 0x48, 0x3F, 0x00, 0x70, -+ 0x81, 0xE7, 0xEA, 0x26, 0xEC); -+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x01); -+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls11, 0x00, 0x07, 0xD5, 0xEF, 0x43, 0x89, -+ 0xDF, 0xF1, 0x1E, 0xCD, 0xBA, 0x39, 0xC3, 0x09, 0x70, 0xD3, -+ 0xCE, 0x35, 0xCE, 0xBB, 0xA5, 0x84, 0x73, 0xF6, 0x4B, 0x4D, -+ 0xC0, 0xF2, 0x68, 0x6C); -+/* Oakley curve #3 over 155 bit binary filed */ -+SPCF_CPARAM_INIT(ipsec3, 0x00, 0x31, 0x10, 0x00, 0x00, 0x02, 0x23, 0xA0, 0x00, -+ 0xC4, 0x47, 0x40, 0x00, 0x08, 0x8E, 0x80, 0x00, 0x11, 0x1D, -+ 0x1D); -+/* Oakley curve #4 over 185 bit binary filed */ -+SPCF_CPARAM_INIT(ipsec4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, -+ 0x01, 0x80, 0x00, 0xC0, 0x0C, 0x00, 0x00, 0x00, 0x63, 0x80, -+ 0x30, 0x00, 0x1C, 0x00, 0x09); -+ -+static inline int -+eng_ec_get_cparam(int nid, unsigned char *buf, unsigned int buf_len) -+{ -+ int ret = 0; -+ switch (nid) { -+ SPCF_CPARAM_CASE(sect113r1); -+ SPCF_CPARAM_CASE(sect113r2); -+ SPCF_CPARAM_CASE(sect131r1); -+ SPCF_CPARAM_CASE(sect131r2); -+ SPCF_CPARAM_CASE(sect163k1); -+ SPCF_CPARAM_CASE(sect163r1); -+ SPCF_CPARAM_CASE(sect163r2); -+ SPCF_CPARAM_CASE(sect193r1); -+ SPCF_CPARAM_CASE(sect193r2); -+ SPCF_CPARAM_CASE(sect233k1); -+ SPCF_CPARAM_CASE(sect233r1); -+ SPCF_CPARAM_CASE(sect239k1); -+ SPCF_CPARAM_CASE(sect283k1); -+ SPCF_CPARAM_CASE(sect283r1); -+ SPCF_CPARAM_CASE(sect409k1); -+ SPCF_CPARAM_CASE(sect409r1); -+ SPCF_CPARAM_CASE(sect571k1); -+ SPCF_CPARAM_CASE(sect571r1); -+ SPCF_CPARAM_CASE(X9_62_c2pnb163v1); -+ SPCF_CPARAM_CASE(X9_62_c2pnb163v2); -+ SPCF_CPARAM_CASE(X9_62_c2pnb163v3); -+ SPCF_CPARAM_CASE(X9_62_c2pnb176v1); -+ SPCF_CPARAM_CASE(X9_62_c2tnb191v1); -+ SPCF_CPARAM_CASE(X9_62_c2tnb191v2); -+ SPCF_CPARAM_CASE(X9_62_c2tnb191v3); -+ SPCF_CPARAM_CASE(X9_62_c2pnb208w1); -+ SPCF_CPARAM_CASE(X9_62_c2tnb239v1); -+ SPCF_CPARAM_CASE(X9_62_c2tnb239v2); -+ SPCF_CPARAM_CASE(X9_62_c2tnb239v3); -+ SPCF_CPARAM_CASE(X9_62_c2pnb272w1); -+ SPCF_CPARAM_CASE(X9_62_c2pnb304w1); -+ SPCF_CPARAM_CASE(X9_62_c2tnb359v1); -+ SPCF_CPARAM_CASE(X9_62_c2pnb368w1); -+ SPCF_CPARAM_CASE(X9_62_c2tnb431r1); -+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls1); -+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls3); -+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls4); -+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls5); -+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls10); -+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls11); -+ /* Oakley curve #3 over 155 bit binary filed */ -+ SPCF_CPARAM_CASE(ipsec3); -+ /* Oakley curve #4 over 185 bit binary filed */ -+ SPCF_CPARAM_CASE(ipsec4); -+ default: -+ ret = -EINVAL; -+ break; -+ } -+ return ret; -+} -+ -+/* Copies the curve points to a flat buffer with appropriate padding */ -+static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y, -+ int xy_len, int crv_len) -+{ -+ unsigned char *xy = NULL; -+ int len1 = 0, len2 = 0; -+ -+ len1 = BN_num_bytes(x); -+ len2 = BN_num_bytes(y); -+ -+ if (!(xy = malloc(xy_len))) { -+ return NULL; -+ } -+ -+ memset(xy, 0, xy_len); -+ -+ if (len1 < crv_len) { -+ if (!BN_is_zero(x)) -+ BN_bn2bin(x, xy + (crv_len - len1)); -+ } else { -+ BN_bn2bin(x, xy); -+ } -+ -+ if (len2 < crv_len) { -+ if (!BN_is_zero(y)) -+ BN_bn2bin(y, xy+crv_len+(crv_len-len2)); -+ } else { -+ BN_bn2bin(y, xy+crv_len); -+ } -+ -+ return xy; -+} -+ -+enum curve_t { -+ DISCRETE_LOG, -+ ECC_PRIME, -+ ECC_BINARY, -+ MAX_ECC_TYPE -+}; -+#endif --- -2.3.5 - diff --git a/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch b/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch deleted file mode 100644 index 01c268b..0000000 --- a/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 39a9e609290a8a1163a721915bcde0c7cf8f92f7 Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Tue, 11 Mar 2014 05:57:47 +0545 -Subject: [PATCH 06/26] Fixed private key support for DH - -Upstream-status: Pending - -Signed-off-by: Yashpal Dutta ---- - crypto/dh/dh_ameth.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c -index 02ec2d4..ed32004 100644 ---- a/crypto/dh/dh_ameth.c -+++ b/crypto/dh/dh_ameth.c -@@ -422,6 +422,13 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) - if (to->pkey.dh->g != NULL) - BN_free(to->pkey.dh->g); - to->pkey.dh->g=a; -+ if ((a=BN_dup(from->pkey.dh->q)) != NULL) { -+ if (to->pkey.dh->q != NULL) -+ BN_free(to->pkey.dh->q); -+ to->pkey.dh->q=a; -+ } -+ -+ to->pkey.dh->length = from->pkey.dh->length; - - return 1; - } --- -2.3.5 - diff --git a/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch b/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch deleted file mode 100644 index 12fcd7d..0000000 --- a/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 8322e4157bf49d992b5b9e460f2c0785865dd1c1 Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Thu, 20 Mar 2014 19:55:51 -0500 -Subject: [PATCH 07/26] Fixed private key support for DH - -Upstream-status: Pending - -Required Length of the DH result is not returned in dh method in openssl - -Tested-by: Yashpal Dutta ---- - crypto/dh/dh_ameth.c | 7 ------- - 1 file changed, 7 deletions(-) - -diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c -index ed32004..02ec2d4 100644 ---- a/crypto/dh/dh_ameth.c -+++ b/crypto/dh/dh_ameth.c -@@ -422,13 +422,6 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) - if (to->pkey.dh->g != NULL) - BN_free(to->pkey.dh->g); - to->pkey.dh->g=a; -- if ((a=BN_dup(from->pkey.dh->q)) != NULL) { -- if (to->pkey.dh->q != NULL) -- BN_free(to->pkey.dh->q); -- to->pkey.dh->q=a; -- } -- -- to->pkey.dh->length = from->pkey.dh->length; - - return 1; - } --- -2.3.5 - diff --git a/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch deleted file mode 100644 index 98272ab..0000000 --- a/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch +++ /dev/null @@ -1,1564 +0,0 @@ -From 107a10d45db0f2e58482f698add04ed9183f7268 Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Tue, 11 Mar 2014 06:29:52 +0545 -Subject: [PATCH 08/26] Initial support for PKC in cryptodev engine - -Upstream-status: Pending - -Signed-off-by: Yashpal Dutta ---- - crypto/engine/eng_cryptodev.c | 1343 ++++++++++++++++++++++++++++++++++++----- - 1 file changed, 1183 insertions(+), 160 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index e3eb98b..7ee314b 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -54,11 +54,14 @@ ENGINE_load_cryptodev(void) - #else - - #include --#include - #include - #include - #include - #include -+#include -+#include -+#include -+#include - #include - #include - #include -@@ -68,6 +71,8 @@ ENGINE_load_cryptodev(void) - #include - #include - #include -+#include "eng_cryptodev_ec.h" -+#include - - struct dev_crypto_state { - struct session_op d_sess; -@@ -116,18 +121,10 @@ static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, - static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, - RSA *rsa, BN_CTX *ctx); - static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); --static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, -- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); --static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, -- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, -- BN_CTX *ctx, BN_MONT_CTX *mont); - static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, - int dlen, DSA *dsa); - static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa); --static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, -- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, -- BN_MONT_CTX *m_ctx); - static int cryptodev_dh_compute_key(unsigned char *key, - const BIGNUM *pub_key, DH *dh); - static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, -@@ -136,6 +133,102 @@ void ENGINE_load_cryptodev(void); - const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; - const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; - -+static int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) -+{ -+ int len; -+ unsigned char *p; -+ -+ len = BN_num_bytes(bn); -+ -+ if (!len) -+ return -1; -+ -+ p = malloc(len); -+ if (!p) -+ return -1; -+ -+ BN_bn2bin(bn,p); -+ -+ *bin = p; -+ *bin_len = len; -+ -+ return 0; -+} -+ -+static int spcf_bn2bin_ex(BIGNUM *bn, unsigned char **bin, int *bin_len) -+{ -+ int len; -+ unsigned char *p; -+ -+ len = BN_num_bytes(bn); -+ -+ if (!len) -+ return -1; -+ -+ if (len < *bin_len) -+ p = malloc(*bin_len); -+ else -+ p = malloc(len); -+ -+ if (!p) -+ return -ENOMEM; -+ -+ if (len < *bin_len) { -+ /* place padding */ -+ memset(p, 0, (*bin_len - len)); -+ BN_bn2bin(bn,p+(*bin_len-len)); -+ } else { -+ BN_bn2bin(bn,p); -+ } -+ -+ *bin = p; -+ if (len >= *bin_len) -+ *bin_len = len; -+ -+ return 0; -+} -+ -+/** -+ * Convert an ECC F2m 'b' parameter into the 'c' parameter. -+ *Inputs: -+ * q, the curve's modulus -+ * b, the curve's b parameter -+ * (a bignum for b, a buffer for c) -+ * Output: -+ * c, written into bin, right-adjusted to fill q_len bytes. -+ */ -+static int -+eng_ec_compute_cparam(const BIGNUM* b, const BIGNUM* q, -+ unsigned char **bin, int *bin_len) -+{ -+ BIGNUM* c = BN_new(); -+ BIGNUM* exp = BN_new(); -+ BN_CTX *ctx = BN_CTX_new(); -+ int m = BN_num_bits(q) - 1; -+ int ok = 0; -+ -+ if (!c || !exp || !ctx || *bin) -+ goto err; -+ -+ /* -+ * We have to compute c, where b = c^4, i.e., the fourth root of b. -+ * The equation for c is c = b^(2^(m-2)) -+ * Compute exp = 2^(m-2) -+ * (1 << x) == 2^x -+ * and then compute c = b^exp -+ */ -+ BN_lshift(exp, BN_value_one(), m-2); -+ BN_GF2m_mod_exp(c, b, exp, q, ctx); -+ /* Store c */ -+ spcf_bn2bin_ex(c, bin, bin_len); -+ ok = 1; -+err: -+ if (ctx) BN_CTX_free(ctx); -+ if (c) BN_free(c); -+ if (exp) BN_free(exp); -+ return ok; -+} -+ - static const ENGINE_CMD_DEFN cryptodev_defns[] = { - { 0, NULL, NULL, 0 } - }; -@@ -1139,7 +1232,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, - static int - bn2crparam(const BIGNUM *a, struct crparam *crp) - { -- int i, j, k; - ssize_t bytes, bits; - u_char *b; - -@@ -1156,15 +1248,7 @@ bn2crparam(const BIGNUM *a, struct crparam *crp) - - crp->crp_p = (caddr_t) b; - crp->crp_nbits = bits; -- -- for (i = 0, j = 0; i < a->top; i++) { -- for (k = 0; k < BN_BITS2 / 8; k++) { -- if ((j + k) >= bytes) -- return (0); -- b[j + k] = a->d[i] >> (k * 8); -- } -- j += BN_BITS2 / 8; -- } -+ BN_bn2bin(a, crp->crp_p); - return (0); - } - -@@ -1172,22 +1256,14 @@ bn2crparam(const BIGNUM *a, struct crparam *crp) - static int - crparam2bn(struct crparam *crp, BIGNUM *a) - { -- u_int8_t *pd; -- int i, bytes; -+ int bytes; - - bytes = (crp->crp_nbits + 7) / 8; - - if (bytes == 0) - return (-1); - -- if ((pd = (u_int8_t *) malloc(bytes)) == NULL) -- return (-1); -- -- for (i = 0; i < bytes; i++) -- pd[i] = crp->crp_p[bytes - i - 1]; -- -- BN_bin2bn(pd, bytes, a); -- free(pd); -+ BN_bin2bn(crp->crp_p, bytes, a); - - return (0); - } -@@ -1235,6 +1311,32 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) - return (ret); - } - -+/* Close an opened instance of cryptodev engine */ -+void cryptodev_close_instance(void *handle) -+{ -+ int fd; -+ -+ if (handle) { -+ fd = *(int *)handle; -+ close(fd); -+ free(handle); -+ } -+} -+ -+/* Create an instance of cryptodev for asynchronous interface */ -+void *cryptodev_init_instance(void) -+{ -+ int *fd = malloc(sizeof(int)); -+ -+ if (fd) { -+ if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) { -+ free(fd); -+ return NULL; -+ } -+ } -+ return fd; -+} -+ - static int - cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) -@@ -1250,9 +1352,9 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - return (ret); - } - -- memset(&kop, 0, sizeof kop); - kop.crk_op = CRK_MOD_EXP; -- -+ kop.crk_oparams = 0; -+ kop.crk_status = 0; - /* inputs: a^p % m */ - if (bn2crparam(a, &kop.crk_param[0])) - goto err; -@@ -1293,28 +1395,38 @@ static int - cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) - { - struct crypt_kop kop; -- int ret = 1; -+ int ret = 1, f_len, p_len, q_len; -+ unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq = NULL, *c = NULL; - - if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { - /* XXX 0 means failure?? */ - return (0); - } - -- memset(&kop, 0, sizeof kop); -+ kop.crk_oparams = 0; -+ kop.crk_status = 0; - kop.crk_op = CRK_MOD_EXP_CRT; -+ f_len = BN_num_bytes(rsa->n); -+ spcf_bn2bin_ex(I, &f, &f_len); -+ spcf_bn2bin(rsa->p, &p, &p_len); -+ spcf_bn2bin(rsa->q, &q, &q_len); -+ spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len); -+ spcf_bn2bin_ex(rsa->iqmp, &c, &p_len); -+ spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len); - /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ -- if (bn2crparam(rsa->p, &kop.crk_param[0])) -- goto err; -- if (bn2crparam(rsa->q, &kop.crk_param[1])) -- goto err; -- if (bn2crparam(I, &kop.crk_param[2])) -- goto err; -- if (bn2crparam(rsa->dmp1, &kop.crk_param[3])) -- goto err; -- if (bn2crparam(rsa->dmq1, &kop.crk_param[4])) -- goto err; -- if (bn2crparam(rsa->iqmp, &kop.crk_param[5])) -- goto err; -+ kop.crk_param[0].crp_p = p; -+ kop.crk_param[0].crp_nbits = p_len * 8; -+ kop.crk_param[1].crp_p = q; -+ kop.crk_param[1].crp_nbits = q_len * 8; -+ kop.crk_param[2].crp_p = f; -+ kop.crk_param[2].crp_nbits = f_len * 8; -+ kop.crk_param[3].crp_p = dp; -+ kop.crk_param[3].crp_nbits = p_len * 8; -+ /* dq must of length q, rest all of length p*/ -+ kop.crk_param[4].crp_p = dq; -+ kop.crk_param[4].crp_nbits = q_len * 8; -+ kop.crk_param[5].crp_p = c; -+ kop.crk_param[5].crp_nbits = p_len * 8; - kop.crk_iparams = 6; - - if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) { -@@ -1350,90 +1462,117 @@ static RSA_METHOD cryptodev_rsa = { - NULL /* rsa_verify */ - }; - --static int --cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, -- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) --{ -- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); --} -- --static int --cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, -- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, -- BN_CTX *ctx, BN_MONT_CTX *mont) -+static DSA_SIG * -+cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) - { -- BIGNUM t2; -- int ret = 0; -- -- BN_init(&t2); -- -- /* v = ( g^u1 * y^u2 mod p ) mod q */ -- /* let t1 = g ^ u1 mod p */ -- ret = 0; -+ struct crypt_kop kop; -+ BIGNUM *c = NULL, *d = NULL; -+ DSA_SIG *dsaret = NULL; -+ int q_len = 0, r_len = 0, g_len = 0; -+ int priv_key_len = 0, ret; -+ unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f = NULL; - -- if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont)) -+ memset(&kop, 0, sizeof kop); -+ if ((c = BN_new()) == NULL) { -+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); - goto err; -+ } - -- /* let t2 = y ^ u2 mod p */ -- if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont)) -+ if ((d = BN_new()) == NULL) { -+ BN_free(c); -+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); - goto err; -- /* let u1 = t1 * t2 mod p */ -- if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx)) -+ } -+ -+ if (spcf_bn2bin(dsa->p, &q, &q_len)) { -+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - goto err; -+ } - -- BN_copy(t1,u1); -+ /* Get order of the field of private keys into plain buffer */ -+ if (spcf_bn2bin (dsa->q, &r, &r_len)) { -+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } - -- ret = 1; --err: -- BN_free(&t2); -- return(ret); --} -+ /* sanity test */ -+ if (dlen > r_len) { -+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); -+ goto err; -+ } - --static DSA_SIG * --cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) --{ -- struct crypt_kop kop; -- BIGNUM *r = NULL, *s = NULL; -- DSA_SIG *dsaret = NULL; -+ g_len = q_len; -+ /** -+ * Get generator into a plain buffer. If length is less than -+ * q_len then add leading padding bytes. -+ */ -+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { -+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } - -- if ((r = BN_new()) == NULL) -+ priv_key_len = r_len; -+ /** -+ * Get private key into a plain buffer. If length is less than -+ * r_len then add leading padding bytes. -+ */ -+ if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) { -+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); - goto err; -- if ((s = BN_new()) == NULL) { -- BN_free(r); -+ } -+ -+ /* Allocate memory to store hash. */ -+ f = OPENSSL_malloc (r_len); -+ if (!f) { -+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); - goto err; - } - -- memset(&kop, 0, sizeof kop); -+ /* Add padding, since SEC expects hash to of size r_len */ -+ if (dlen < r_len) -+ memset(f, 0, r_len - dlen); -+ -+ /* Skip leading bytes if dgst_len < r_len */ -+ memcpy(f + r_len - dlen, dgst, dlen); -+ - kop.crk_op = CRK_DSA_SIGN; - - /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ -- kop.crk_param[0].crp_p = (caddr_t)dgst; -- kop.crk_param[0].crp_nbits = dlen * 8; -- if (bn2crparam(dsa->p, &kop.crk_param[1])) -- goto err; -- if (bn2crparam(dsa->q, &kop.crk_param[2])) -- goto err; -- if (bn2crparam(dsa->g, &kop.crk_param[3])) -- goto err; -- if (bn2crparam(dsa->priv_key, &kop.crk_param[4])) -- goto err; -+ kop.crk_param[0].crp_p = (void*)f; -+ kop.crk_param[0].crp_nbits = r_len * 8; -+ kop.crk_param[1].crp_p = (void*)q; -+ kop.crk_param[1].crp_nbits = q_len * 8; -+ kop.crk_param[2].crp_p = (void*)r; -+ kop.crk_param[2].crp_nbits = r_len * 8; -+ kop.crk_param[3].crp_p = (void*)g; -+ kop.crk_param[3].crp_nbits = g_len * 8; -+ kop.crk_param[4].crp_p = (void*)priv_key; -+ kop.crk_param[4].crp_nbits = priv_key_len * 8; - kop.crk_iparams = 5; - -- if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r, -- BN_num_bytes(dsa->q), s) == 0) { -- dsaret = DSA_SIG_new(); -- dsaret->r = r; -- dsaret->s = s; -- } else { -- const DSA_METHOD *meth = DSA_OpenSSL(); -- BN_free(r); -- BN_free(s); -- dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa); -+ ret = cryptodev_asym(&kop, r_len, c, r_len, d); -+ -+ if (ret) { -+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DECODE_ERROR); -+ goto err; - } --err: -- kop.crk_param[0].crp_p = NULL; -+ -+ dsaret = DSA_SIG_new(); -+ dsaret->r = c; -+ dsaret->s = d; -+ - zapparams(&kop); - return (dsaret); -+err: -+ { -+ const DSA_METHOD *meth = DSA_OpenSSL(); -+ if (c) -+ BN_free(c); -+ if (d) -+ BN_free(d); -+ dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa); -+ return (dsaret); -+ } - } - - static int -@@ -1441,42 +1580,179 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen, - DSA_SIG *sig, DSA *dsa) - { - struct crypt_kop kop; -- int dsaret = 1; -+ int dsaret = 1, q_len = 0, r_len = 0, g_len = 0; -+ int w_len = 0 ,c_len = 0, d_len = 0, ret = -1; -+ unsigned char * q = NULL, * r = NULL, * w = NULL, * g = NULL; -+ unsigned char * c = NULL, * d = NULL, *f = NULL; - - memset(&kop, 0, sizeof kop); - kop.crk_op = CRK_DSA_VERIFY; - -- /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ -- kop.crk_param[0].crp_p = (caddr_t)dgst; -- kop.crk_param[0].crp_nbits = dlen * 8; -- if (bn2crparam(dsa->p, &kop.crk_param[1])) -+ if (spcf_bn2bin(dsa->p, &q, &q_len)) { -+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ return ret; -+ } -+ -+ /* Get Order of field of private keys */ -+ if (spcf_bn2bin(dsa->q, &r, &r_len)) { -+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); - goto err; -- if (bn2crparam(dsa->q, &kop.crk_param[2])) -+ } -+ -+ g_len = q_len; -+ /** -+ * Get generator into a plain buffer. If length is less than -+ * q_len then add leading padding bytes. -+ */ -+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { -+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); - goto err; -- if (bn2crparam(dsa->g, &kop.crk_param[3])) -+ } -+ w_len = q_len; -+ /** -+ * Get public key into a plain buffer. If length is less than -+ * q_len then add leading padding bytes. -+ */ -+ if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) { -+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ /** -+ * Get the 1st part of signature into a flat buffer with -+ * appropriate padding -+ */ -+ c_len = r_len; -+ -+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); - goto err; -- if (bn2crparam(dsa->pub_key, &kop.crk_param[4])) -+ } -+ -+ /** -+ * Get the 2nd part of signature into a flat buffer with -+ * appropriate padding -+ */ -+ d_len = r_len; -+ -+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); - goto err; -- if (bn2crparam(sig->r, &kop.crk_param[5])) -+ } -+ -+ -+ /* Sanity test */ -+ if (dlen > r_len) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); - goto err; -- if (bn2crparam(sig->s, &kop.crk_param[6])) -+ } -+ -+ /* Allocate memory to store hash. */ -+ f = OPENSSL_malloc (r_len); -+ if (!f) { -+ DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); - goto err; -+ } -+ -+ /* Add padding, since SEC expects hash to of size r_len */ -+ if (dlen < r_len) -+ memset(f, 0, r_len - dlen); -+ -+ /* Skip leading bytes if dgst_len < r_len */ -+ memcpy(f + r_len - dlen, dgst, dlen); -+ -+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ -+ kop.crk_param[0].crp_p = (void*)f; -+ kop.crk_param[0].crp_nbits = r_len * 8; -+ kop.crk_param[1].crp_p = q; -+ kop.crk_param[1].crp_nbits = q_len * 8; -+ kop.crk_param[2].crp_p = r; -+ kop.crk_param[2].crp_nbits = r_len * 8; -+ kop.crk_param[3].crp_p = g; -+ kop.crk_param[3].crp_nbits = g_len * 8; -+ kop.crk_param[4].crp_p = w; -+ kop.crk_param[4].crp_nbits = w_len * 8; -+ kop.crk_param[5].crp_p = c; -+ kop.crk_param[5].crp_nbits = c_len * 8; -+ kop.crk_param[6].crp_p = d; -+ kop.crk_param[6].crp_nbits = d_len * 8; - kop.crk_iparams = 7; - -- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { --/*OCF success value is 0, if not zero, change dsaret to fail*/ -- if(0 != kop.crk_status) dsaret = 0; -- } else { -- const DSA_METHOD *meth = DSA_OpenSSL(); -+ if ((cryptodev_asym(&kop, 0, NULL, 0, NULL))) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR); -+ goto err; -+ } - -- dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa); -+ /*OCF success value is 0, if not zero, change dsaret to fail*/ -+ if(0 != kop.crk_status) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR); -+ goto err; - } --err: -- kop.crk_param[0].crp_p = NULL; -+ - zapparams(&kop); - return (dsaret); -+err: -+ { -+ const DSA_METHOD *meth = DSA_OpenSSL(); -+ -+ dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa); -+ } -+ return dsaret; - } - -+/* Cryptodev DSA Key Gen routine */ -+static int cryptodev_dsa_keygen(DSA *dsa) -+{ -+ struct crypt_kop kop; -+ int ret = 1, g_len; -+ unsigned char *g = NULL; -+ -+ if (dsa->priv_key == NULL) { -+ if ((dsa->priv_key=BN_new()) == NULL) -+ goto sw_try; -+ } -+ -+ if (dsa->pub_key == NULL) { -+ if ((dsa->pub_key=BN_new()) == NULL) -+ goto sw_try; -+ } -+ -+ g_len = BN_num_bytes(dsa->p); -+ /** -+ * Get generator into a plain buffer. If length is less than -+ * p_len then add leading padding bytes. -+ */ -+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { -+ DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE); -+ goto sw_try; -+ } -+ -+ memset(&kop, 0, sizeof kop); -+ -+ kop.crk_op = CRK_DSA_GENERATE_KEY; -+ if (bn2crparam(dsa->p, &kop.crk_param[0])) -+ goto sw_try; -+ if (bn2crparam(dsa->q, &kop.crk_param[1])) -+ goto sw_try; -+ kop.crk_param[2].crp_p = g; -+ kop.crk_param[2].crp_nbits = g_len * 8; -+ kop.crk_iparams = 3; -+ -+ /* pub_key is or prime length while priv key is of length of order */ -+ if (cryptodev_asym(&kop, BN_num_bytes(dsa->p), dsa->pub_key, -+ BN_num_bytes(dsa->q), dsa->priv_key)) -+ goto sw_try; -+ -+ return ret; -+sw_try: -+ { -+ const DSA_METHOD *meth = DSA_OpenSSL(); -+ ret = (meth->dsa_keygen)(dsa); -+ } -+ return ret; -+} -+ -+ -+ - static DSA_METHOD cryptodev_dsa = { - "cryptodev DSA method", - NULL, -@@ -1490,12 +1766,543 @@ static DSA_METHOD cryptodev_dsa = { - NULL /* app_data */ - }; - --static int --cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, -- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, -- BN_MONT_CTX *m_ctx) -+static ECDSA_METHOD cryptodev_ecdsa = { -+ "cryptodev ECDSA method", -+ NULL, -+ NULL, /* ecdsa_sign_setup */ -+ NULL, -+ NULL, -+ 0, /* flags */ -+ NULL /* app_data */ -+}; -+ -+typedef enum ec_curve_s -+{ -+ EC_PRIME, -+ EC_BINARY -+} ec_curve_t; -+ -+/* ENGINE handler for ECDSA Sign */ -+static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, -+ int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) - { -- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); -+ BIGNUM *m = NULL, *p = NULL, *a = NULL; -+ BIGNUM *b = NULL, *x = NULL, *y = NULL; -+ BN_CTX *ctx = NULL; -+ ECDSA_SIG *ret = NULL; -+ ECDSA_DATA *ecdsa = NULL; -+ unsigned char * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL; -+ unsigned char * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL; -+ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0; -+ int g_len = 0, d_len = 0, ab_len = 0; -+ const BIGNUM *order = NULL, *priv_key=NULL; -+ const EC_GROUP *group = NULL; -+ struct crypt_kop kop; -+ ec_curve_t ec_crv = EC_PRIME; -+ -+ memset(&kop, 0, sizeof(kop)); -+ ecdsa = ecdsa_check(eckey); -+ if (!ecdsa) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); -+ return NULL; -+ } -+ -+ group = EC_KEY_get0_group(eckey); -+ priv_key = EC_KEY_get0_private_key(eckey); -+ -+ if (!group || !priv_key) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); -+ return NULL; -+ } -+ -+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || -+ (a = BN_new()) == NULL || (b = BN_new()) == NULL || -+ (p = BN_new()) == NULL || (x = BN_new()) == NULL || -+ (y = BN_new()) == NULL) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ order = &group->order; -+ if (!order || BN_is_zero(order)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS); -+ goto err; -+ } -+ -+ i = BN_num_bits(order); -+ /* Need to truncate digest if it is too long: first truncate whole -+ bytes */ -+ if (8 * dgst_len > i) -+ dgst_len = (i + 7)/8; -+ -+ if (!BN_bin2bn(dgst, dgst_len, m)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* If still too long truncate remaining bits with a shift */ -+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* copy the truncated bits into plain buffer */ -+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { -+ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__); -+ goto err; -+ } -+ -+ ret = ECDSA_SIG_new(); -+ if (!ret) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* check if this is prime or binary EC request */ -+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { -+ ec_crv = EC_PRIME; -+ /* get the generator point pair */ -+ if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group), -+ x, y,ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* get the ECC curve parameters */ -+ if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ goto err; -+ } -+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) { -+ ec_crv = EC_BINARY; -+ /* get the ECC curve parameters */ -+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* get the generator point pair */ -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, -+ EC_GROUP_get0_generator(group), x, y,ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ goto err; -+ } -+ } else { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ if (spcf_bn2bin(order, &r, &r_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (spcf_bn2bin(p, &q, &q_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ priv_key_len = r_len; -+ -+ /** -+ * If BN_num_bytes of priv_key returns less then r_len then -+ * add padding bytes before the key -+ */ -+ if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Generation of ECC curve parameters */ -+ ab_len = 2*q_len; -+ ab = eng_copy_curve_points(a, b, ab_len, q_len); -+ if (!ab) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (ec_crv == EC_BINARY) { -+ if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len)) -+ { -+ unsigned char *c_temp = NULL; -+ int c_temp_len = q_len; -+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) -+ memcpy(ab+q_len, c_temp, q_len); -+ else -+ goto err; -+ } -+ kop.curve_type = ECC_BINARY; -+ } -+ -+ /* Calculation of Generator point */ -+ g_len = 2*q_len; -+ g_xy = eng_copy_curve_points(x, y, g_len, q_len); -+ if (!g_xy) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Memory allocation for first part of digital signature */ -+ c = malloc(r_len); -+ if (!c) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ d_len = r_len; -+ -+ /* Memory allocation for second part of digital signature */ -+ d = malloc(d_len); -+ if (!d) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* memory for message representative */ -+ f = malloc(r_len); -+ if (!f) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Add padding, since SEC expects hash to of size r_len */ -+ memset(f, 0, r_len - dgst_len); -+ -+ /* Skip leading bytes if dgst_len < r_len */ -+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len); -+ -+ dgst_len += r_len - dgst_len; -+ kop.crk_op = CRK_DSA_SIGN; -+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ -+ kop.crk_param[0].crp_p = f; -+ kop.crk_param[0].crp_nbits = dgst_len * 8; -+ kop.crk_param[1].crp_p = q; -+ kop.crk_param[1].crp_nbits = q_len * 8; -+ kop.crk_param[2].crp_p = r; -+ kop.crk_param[2].crp_nbits = r_len * 8; -+ kop.crk_param[3].crp_p = g_xy; -+ kop.crk_param[3].crp_nbits = g_len * 8; -+ kop.crk_param[4].crp_p = s; -+ kop.crk_param[4].crp_nbits = priv_key_len * 8; -+ kop.crk_param[5].crp_p = ab; -+ kop.crk_param[5].crp_nbits = ab_len * 8; -+ kop.crk_iparams = 6; -+ kop.crk_param[6].crp_p = c; -+ kop.crk_param[6].crp_nbits = d_len * 8; -+ kop.crk_param[7].crp_p = d; -+ kop.crk_param[7].crp_nbits = d_len * 8; -+ kop.crk_oparams = 2; -+ -+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { -+ /* Check if ret->r and s needs to allocated */ -+ crparam2bn(&kop.crk_param[6], ret->r); -+ crparam2bn(&kop.crk_param[7], ret->s); -+ } else { -+ const ECDSA_METHOD *meth = ECDSA_OpenSSL(); -+ ret = (meth->ecdsa_do_sign)(dgst, dgst_len, in_kinv, in_r, eckey); -+ } -+ kop.crk_param[0].crp_p = NULL; -+ zapparams(&kop); -+err: -+ if (!ret) { -+ ECDSA_SIG_free(ret); -+ ret = NULL; -+ } -+ return ret; -+} -+ -+static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, -+ ECDSA_SIG *sig, EC_KEY *eckey) -+{ -+ BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL; -+ BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL; -+ BN_CTX *ctx = NULL; -+ ECDSA_DATA *ecdsa = NULL; -+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy = NULL; -+ unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL; -+ int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0; -+ int d_len = 0, ab_len = 0, ret = -1; -+ const EC_POINT *pub_key = NULL; -+ const BIGNUM *order = NULL; -+ const EC_GROUP *group=NULL; -+ ec_curve_t ec_crv = EC_PRIME; -+ struct crypt_kop kop; -+ -+ memset(&kop, 0, sizeof kop); -+ ecdsa = ecdsa_check(eckey); -+ if (!ecdsa) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER); -+ return ret; -+ } -+ -+ group = EC_KEY_get0_group(eckey); -+ pub_key = EC_KEY_get0_public_key(eckey); -+ -+ if (!group || !pub_key) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER); -+ return ret; -+ } -+ -+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || -+ (a = BN_new()) == NULL || (b = BN_new()) == NULL || -+ (p = BN_new()) == NULL || (x = BN_new()) == NULL || -+ (y = BN_new()) == NULL || (w_x = BN_new()) == NULL || -+ (w_y = BN_new()) == NULL) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ order = &group->order; -+ if (!order || BN_is_zero(order)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS); -+ goto err; -+ } -+ -+ i = BN_num_bits(order); -+ /* Need to truncate digest if it is too long: first truncate whole -+ * bytes */ -+ if (8 * dgst_len > i) -+ dgst_len = (i + 7)/8; -+ -+ if (!BN_bin2bn(dgst, dgst_len, m)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* If still too long truncate remaining bits with a shift */ -+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); -+ goto err; -+ } -+ /* copy the truncated bits into plain buffer */ -+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* check if this is prime or binary EC request */ -+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { -+ ec_crv = EC_PRIME; -+ -+ /* get the generator point pair */ -+ if (!EC_POINT_get_affine_coordinates_GFp (group, -+ EC_GROUP_get0_generator(group), x, y,ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* get the public key pair for prime curve */ -+ if (!EC_POINT_get_affine_coordinates_GFp (group, -+ pub_key, w_x, w_y,ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* get the ECC curve parameters */ -+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field){ -+ ec_crv = EC_BINARY; -+ /* get the ECC curve parameters */ -+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* get the generator point pair */ -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, -+ EC_GROUP_get0_generator(group),x, y,ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* get the public key pair for binary curve */ -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, -+ pub_key, w_x, w_y,ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ }else { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* Get the order of the subgroup of private keys */ -+ if (spcf_bn2bin((BIGNUM*)order, &r, &r_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Get the irreducible polynomial that creates the field */ -+ if (spcf_bn2bin(p, &q, &q_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Get the public key into a flat buffer with appropriate padding */ -+ pub_key_len = 2 * q_len; -+ -+ w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len); -+ if (!w_xy) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Generation of ECC curve parameters */ -+ ab_len = 2*q_len; -+ -+ ab = eng_copy_curve_points (a, b, ab_len, q_len); -+ if (!ab) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (ec_crv == EC_BINARY) { -+ /* copy b' i.e c(b), instead of only b */ -+ if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len)) -+ { -+ unsigned char *c_temp = NULL; -+ int c_temp_len = q_len; -+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) -+ memcpy(ab+q_len, c_temp, q_len); -+ else -+ goto err; -+ } -+ kop.curve_type = ECC_BINARY; -+ } -+ -+ /* Calculation of Generator point */ -+ g_len = 2 * q_len; -+ -+ g_xy = eng_copy_curve_points (x, y, g_len, q_len); -+ if (!g_xy) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /** -+ * Get the 1st part of signature into a flat buffer with -+ * appropriate padding -+ */ -+ if (BN_num_bytes(sig->r) < r_len) -+ c_len = r_len; -+ -+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /** -+ * Get the 2nd part of signature into a flat buffer with -+ * appropriate padding -+ */ -+ if (BN_num_bytes(sig->s) < r_len) -+ d_len = r_len; -+ -+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* memory for message representative */ -+ f = malloc(r_len); -+ if (!f) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Add padding, since SEC expects hash to of size r_len */ -+ memset(f, 0, r_len-dgst_len); -+ -+ /* Skip leading bytes if dgst_len < r_len */ -+ memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len); -+ dgst_len += r_len-dgst_len; -+ kop.crk_op = CRK_DSA_VERIFY; -+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ -+ kop.crk_param[0].crp_p = f; -+ kop.crk_param[0].crp_nbits = dgst_len * 8; -+ kop.crk_param[1].crp_p = q; -+ kop.crk_param[1].crp_nbits = q_len * 8; -+ kop.crk_param[2].crp_p = r; -+ kop.crk_param[2].crp_nbits = r_len * 8; -+ kop.crk_param[3].crp_p = g_xy; -+ kop.crk_param[3].crp_nbits = g_len * 8; -+ kop.crk_param[4].crp_p = w_xy; -+ kop.crk_param[4].crp_nbits = pub_key_len * 8; -+ kop.crk_param[5].crp_p = ab; -+ kop.crk_param[5].crp_nbits = ab_len * 8; -+ kop.crk_param[6].crp_p = c; -+ kop.crk_param[6].crp_nbits = d_len * 8; -+ kop.crk_param[7].crp_p = d; -+ kop.crk_param[7].crp_nbits = d_len * 8; -+ kop.crk_iparams = 8; -+ -+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { -+ /*OCF success value is 0, if not zero, change ret to fail*/ -+ if(0 == kop.crk_status) -+ ret = 1; -+ } else { -+ const ECDSA_METHOD *meth = ECDSA_OpenSSL(); -+ -+ ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey); -+ } -+ kop.crk_param[0].crp_p = NULL; -+ zapparams(&kop); -+ -+err: -+ return ret; -+} -+ -+static int cryptodev_dh_keygen(DH *dh) -+{ -+ struct crypt_kop kop; -+ int ret = 1, g_len; -+ unsigned char *g = NULL; -+ -+ if (dh->priv_key == NULL) { -+ if ((dh->priv_key=BN_new()) == NULL) -+ goto sw_try; -+ } -+ -+ if (dh->pub_key == NULL) { -+ if ((dh->pub_key=BN_new()) == NULL) -+ goto sw_try; -+ } -+ -+ g_len = BN_num_bytes(dh->p); -+ /** -+ * Get generator into a plain buffer. If length is less than -+ * q_len then add leading padding bytes. -+ */ -+ if (spcf_bn2bin_ex(dh->g, &g, &g_len)) { -+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); -+ goto sw_try; -+ } -+ -+ memset(&kop, 0, sizeof kop); -+ kop.crk_op = CRK_DH_GENERATE_KEY; -+ if (bn2crparam(dh->p, &kop.crk_param[0])) -+ goto sw_try; -+ if (bn2crparam(dh->q, &kop.crk_param[1])) -+ goto sw_try; -+ kop.crk_param[2].crp_p = g; -+ kop.crk_param[2].crp_nbits = g_len * 8; -+ kop.crk_iparams = 3; -+ -+ /* pub_key is or prime length while priv key is of length of order */ -+ if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key, -+ BN_num_bytes(dh->q), dh->priv_key)) -+ goto sw_try; -+ -+ return ret; -+sw_try: -+ { -+ const DH_METHOD *meth = DH_OpenSSL(); -+ ret = (meth->generate_key)(dh); -+ } -+ return ret; - } - - static int -@@ -1503,43 +2310,234 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) - { - struct crypt_kop kop; - int dhret = 1; -- int fd, keylen; -+ int fd, p_len; -+ BIGNUM *temp = NULL; -+ unsigned char *padded_pub_key = NULL, *p = NULL; -+ -+ if ((fd = get_asym_dev_crypto()) < 0) -+ goto sw_try; -+ -+ memset(&kop, 0, sizeof kop); -+ kop.crk_op = CRK_DH_COMPUTE_KEY; -+ /* inputs: dh->priv_key pub_key dh->p key */ -+ spcf_bn2bin(dh->p, &p, &p_len); -+ spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len); -+ if (bn2crparam(dh->priv_key, &kop.crk_param[0])) -+ goto sw_try; -+ -+ kop.crk_param[1].crp_p = padded_pub_key; -+ kop.crk_param[1].crp_nbits = p_len * 8; -+ kop.crk_param[2].crp_p = p; -+ kop.crk_param[2].crp_nbits = p_len * 8; -+ kop.crk_iparams = 3; -+ kop.crk_param[3].crp_p = (void*) key; -+ kop.crk_param[3].crp_nbits = p_len * 8; -+ kop.crk_oparams = 1; -+ dhret = p_len; -+ -+ if (ioctl(fd, CIOCKEY, &kop)) -+ goto sw_try; - -- if ((fd = get_asym_dev_crypto()) < 0) { -+ if ((temp = BN_new())) { -+ if (!BN_bin2bn(key, p_len, temp)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ goto sw_try; -+ } -+ if (dhret > BN_num_bytes(temp)) -+ dhret=BN_bn2bin(temp,key); -+ BN_free(temp); -+ } -+ -+ kop.crk_param[3].crp_p = NULL; -+ zapparams(&kop); -+ return (dhret); -+sw_try: -+ { - const DH_METHOD *meth = DH_OpenSSL(); - -- return ((meth->compute_key)(key, pub_key, dh)); -+ dhret = (meth->compute_key)(key, pub_key, dh); - } -+ return (dhret); -+} - -- keylen = BN_num_bits(dh->p); -+int cryptodev_ecdh_compute_key(void *out, size_t outlen, -+ const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, -+ void *out, size_t *outlen)) -+{ -+ ec_curve_t ec_crv = EC_PRIME; -+ unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; -+ BIGNUM * w_x = NULL, *w_y = NULL; -+ int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; -+ BIGNUM * p = NULL, *a = NULL, *b = NULL; -+ BN_CTX *ctx; -+ EC_POINT *tmp=NULL; -+ BIGNUM *x=NULL, *y=NULL; -+ const BIGNUM *priv_key; -+ const EC_GROUP* group = NULL; -+ int ret = -1; -+ size_t buflen, len; -+ struct crypt_kop kop; - - memset(&kop, 0, sizeof kop); -- kop.crk_op = CRK_DH_COMPUTE_KEY; - -- /* inputs: dh->priv_key pub_key dh->p key */ -- if (bn2crparam(dh->priv_key, &kop.crk_param[0])) -+ if ((ctx = BN_CTX_new()) == NULL) goto err; -+ BN_CTX_start(ctx); -+ x = BN_CTX_get(ctx); -+ y = BN_CTX_get(ctx); -+ p = BN_CTX_get(ctx); -+ a = BN_CTX_get(ctx); -+ b = BN_CTX_get(ctx); -+ w_x = BN_CTX_get(ctx); -+ w_y = BN_CTX_get(ctx); -+ -+ if (!x || !y || !p || !a || !b || !w_x || !w_y) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); - goto err; -- if (bn2crparam(pub_key, &kop.crk_param[1])) -+ } -+ -+ priv_key = EC_KEY_get0_private_key(ecdh); -+ if (priv_key == NULL) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE); - goto err; -- if (bn2crparam(dh->p, &kop.crk_param[2])) -+ } -+ -+ group = EC_KEY_get0_group(ecdh); -+ if ((tmp=EC_POINT_new(group)) == NULL) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); - goto err; -- kop.crk_iparams = 3; -+ } - -- kop.crk_param[3].crp_p = (caddr_t) key; -- kop.crk_param[3].crp_nbits = keylen * 8; -- kop.crk_oparams = 1; -+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == -+ NID_X9_62_prime_field) { -+ ec_crv = EC_PRIME; - -- if (ioctl(fd, CIOCKEY, &kop) == -1) { -- const DH_METHOD *meth = DH_OpenSSL(); -+ if (!EC_POINT_get_affine_coordinates_GFp(group, -+ EC_GROUP_get0_generator(group), x, y, ctx)) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); -+ goto err; -+ } - -- dhret = (meth->compute_key)(key, pub_key, dh); -+ /* get the ECC curve parameters */ -+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* get the public key pair for prime curve */ -+ if (!EC_POINT_get_affine_coordinates_GFp (group, pub_key, w_x, w_y,ctx)) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); -+ goto err; -+ } -+ } else { -+ ec_crv = EC_BINARY; -+ -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, -+ EC_GROUP_get0_generator(group), x, y, ctx)) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); -+ goto err; -+ } -+ -+ /* get the ECC curve parameters */ -+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* get the public key pair for binary curve */ -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, -+ pub_key, w_x, w_y,ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ goto err; -+ } -+ } -+ -+ /* irreducible polynomial that creates the field */ -+ if (spcf_bn2bin((BIGNUM*)&group->order, &r, &r_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Get the irreducible polynomial that creates the field */ -+ if (spcf_bn2bin(p, &q, &q_len)) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); -+ goto err; - } -+ -+ /* Get the public key into a flat buffer with appropriate padding */ -+ pub_key_len = 2 * q_len; -+ w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len); -+ if (!w_xy) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Generation of ECC curve parameters */ -+ ab_len = 2*q_len; -+ ab = eng_copy_curve_points (a, b, ab_len, q_len); -+ if (!ab) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ if (ec_crv == EC_BINARY) { -+ /* copy b' i.e c(b), instead of only b */ -+ if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len)) -+ { -+ unsigned char *c_temp = NULL; -+ int c_temp_len = q_len; -+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) -+ memcpy(ab+q_len, c_temp, q_len); -+ else -+ goto err; -+ } -+ kop.curve_type = ECC_BINARY; -+ } else -+ kop.curve_type = ECC_PRIME; -+ -+ priv_key_len = r_len; -+ -+ /* -+ * If BN_num_bytes of priv_key returns less then r_len then -+ * add padding bytes before the key -+ */ -+ if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ buflen = (EC_GROUP_get_degree(group) + 7)/8; -+ len = BN_num_bytes(x); -+ if (len > buflen || q_len < buflen) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ kop.crk_op = CRK_DH_COMPUTE_KEY; -+ kop.crk_param[0].crp_p = (void*) s; -+ kop.crk_param[0].crp_nbits = priv_key_len*8; -+ kop.crk_param[1].crp_p = (void*) w_xy; -+ kop.crk_param[1].crp_nbits = pub_key_len*8; -+ kop.crk_param[2].crp_p = (void*) q; -+ kop.crk_param[2].crp_nbits = q_len*8; -+ kop.crk_param[3].crp_p = (void*) ab; -+ kop.crk_param[3].crp_nbits = ab_len*8; -+ kop.crk_iparams = 4; -+ kop.crk_param[4].crp_p = (void*) out; -+ kop.crk_param[4].crp_nbits = q_len*8; -+ kop.crk_oparams = 1; -+ ret = q_len; -+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL)) { -+ const ECDH_METHOD *meth = ECDH_OpenSSL(); -+ ret = (meth->compute_key)(out, outlen, pub_key, ecdh, KDF); -+ } else -+ ret = q_len; - err: -- kop.crk_param[3].crp_p = NULL; -+ kop.crk_param[4].crp_p = NULL; - zapparams(&kop); -- return (dhret); -+ return ret; - } - -+ - static DH_METHOD cryptodev_dh = { - "cryptodev DH method", - NULL, /* cryptodev_dh_generate_key */ -@@ -1551,6 +2549,14 @@ static DH_METHOD cryptodev_dh = { - NULL /* app_data */ - }; - -+static ECDH_METHOD cryptodev_ecdh = { -+ "cryptodev ECDH method", -+ NULL, /* cryptodev_ecdh_compute_key */ -+ NULL, -+ 0, /* flags */ -+ NULL /* app_data */ -+}; -+ - /* - * ctrl right now is just a wrapper that doesn't do much - * but I expect we'll want some options soon. -@@ -1634,25 +2640,42 @@ ENGINE_load_cryptodev(void) - memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); - if (cryptodev_asymfeat & CRF_DSA_SIGN) - cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; -- if (cryptodev_asymfeat & CRF_MOD_EXP) { -- cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp; -- cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp; -- } - if (cryptodev_asymfeat & CRF_DSA_VERIFY) - cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; -+ if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) -+ cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen; - } - - if (ENGINE_set_DH(engine, &cryptodev_dh)){ - const DH_METHOD *dh_meth = DH_OpenSSL(); -+ memcpy(&cryptodev_dh, dh_meth, sizeof(DH_METHOD)); -+ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { -+ cryptodev_dh.compute_key = -+ cryptodev_dh_compute_key; -+ } -+ if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) { -+ cryptodev_dh.generate_key = -+ cryptodev_dh_keygen; -+ } -+ } - -- cryptodev_dh.generate_key = dh_meth->generate_key; -- cryptodev_dh.compute_key = dh_meth->compute_key; -- cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp; -- if (cryptodev_asymfeat & CRF_MOD_EXP) { -- cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh; -- if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) -- cryptodev_dh.compute_key = -- cryptodev_dh_compute_key; -+ if (ENGINE_set_ECDSA(engine, &cryptodev_ecdsa)) { -+ const ECDSA_METHOD *meth = ECDSA_OpenSSL(); -+ memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD)); -+ if (cryptodev_asymfeat & CRF_DSA_SIGN) { -+ cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign; -+ } -+ if (cryptodev_asymfeat & CRF_DSA_VERIFY) { -+ cryptodev_ecdsa.ecdsa_do_verify = -+ cryptodev_ecdsa_verify; -+ } -+ } -+ -+ if (ENGINE_set_ECDH(engine, &cryptodev_ecdh)) { -+ const ECDH_METHOD *ecdh_meth = ECDH_OpenSSL(); -+ memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD)); -+ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { -+ cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key; - } - } - --- -2.3.5 - diff --git a/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch b/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch deleted file mode 100644 index 0fb0182..0000000 --- a/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 81c4c62a4f5f5542843381bfb34e39a6171d5cdd Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Tue, 11 Mar 2014 06:42:59 +0545 -Subject: [PATCH 09/26] Added hwrng dev file as source of RNG - -Upstream-status: Pending - -Signed-off-by: Yashpal Dutta ---- - e_os.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/e_os.h b/e_os.h -index 6a0aad1..57c0563 100644 ---- a/e_os.h -+++ b/e_os.h -@@ -79,7 +79,7 @@ extern "C" { - #ifndef DEVRANDOM - /* set this to a comma-separated list of 'random' device files to try out. - * My default, we will try to read at least one of these files */ --#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom" -+#define DEVRANDOM "/dev/hwrng","/dev/urandom","/dev/random","/dev/srandom" - #endif - #ifndef DEVRANDOM_EGD - /* set this to a comma-seperated list of 'egd' sockets to try out. These --- -2.3.5 - diff --git a/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch b/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch deleted file mode 100644 index 0f889c0..0000000 --- a/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch +++ /dev/null @@ -1,2039 +0,0 @@ -From a933e6341fd8989bdd82f8a5446b6f04aa00eef9 Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Tue, 11 Mar 2014 07:14:30 +0545 -Subject: [PATCH 10/26] Asynchronous interface added for PKC cryptodev - interface - -Upstream-status: Pending - -Signed-off-by: Yashpal Dutta ---- - crypto/crypto.h | 16 + - crypto/dh/dh.h | 4 +- - crypto/dsa/dsa.h | 5 + - crypto/ecdh/ech_locl.h | 3 + - crypto/ecdsa/ecs_locl.h | 5 + - crypto/engine/eng_cryptodev.c | 1578 +++++++++++++++++++++++++++++++++++++---- - crypto/engine/eng_int.h | 24 +- - crypto/engine/eng_lib.c | 46 ++ - crypto/engine/engine.h | 24 + - crypto/rsa/rsa.h | 23 + - 10 files changed, 1582 insertions(+), 146 deletions(-) - -diff --git a/crypto/crypto.h b/crypto/crypto.h -index f92fc51..ce12731 100644 ---- a/crypto/crypto.h -+++ b/crypto/crypto.h -@@ -605,6 +605,22 @@ void ERR_load_CRYPTO_strings(void); - #define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101 - #define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100 - -+/* Additions for Asynchronous PKC Infrastructure */ -+struct pkc_cookie_s { -+ void *cookie; /* To be filled by openssl library primitive method function caller */ -+ void *eng_cookie; /* To be filled by Engine */ -+ /* -+ * Callback handler to be provided by caller. Ensure to pass a -+ * handler which takes the crypto operation to completion. -+ * cookie: Container cookie from library -+ * status: Status of the crypto Job completion. -+ * 0: Job handled without any issue -+ * -EINVAL: Parameters Invalid -+ */ -+ void (*pkc_callback)(struct pkc_cookie_s *cookie, int status); -+ void *eng_handle; -+}; -+ - #ifdef __cplusplus - } - #endif -diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h -index ea59e61..20ffad2 100644 ---- a/crypto/dh/dh.h -+++ b/crypto/dh/dh.h -@@ -118,7 +118,9 @@ struct dh_method - int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); /* Can be null */ -- -+ int (*compute_key_async)(unsigned char *key,const BIGNUM *pub_key,DH *dh, -+ struct pkc_cookie_s *cookie); -+ int (*generate_key_async)(DH *dh, struct pkc_cookie_s *cookie); - int (*init)(DH *dh); - int (*finish)(DH *dh); - int flags; -diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h -index a6f6d0b..b04a029 100644 ---- a/crypto/dsa/dsa.h -+++ b/crypto/dsa/dsa.h -@@ -140,6 +140,10 @@ struct dsa_method - int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); /* Can be null */ -+ int (*dsa_do_sign_async)(const unsigned char *dgst, int dlen, DSA *dsa, -+ DSA_SIG *sig, struct pkc_cookie_s *cookie); -+ int (*dsa_do_verify_async)(const unsigned char *dgst, int dgst_len, -+ DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie); - int (*init)(DSA *dsa); - int (*finish)(DSA *dsa); - int flags; -@@ -151,6 +155,7 @@ struct dsa_method - BN_GENCB *cb); - /* If this is non-NULL, it is used to generate DSA keys */ - int (*dsa_keygen)(DSA *dsa); -+ int (*dsa_keygen_async)(DSA *dsa, struct pkc_cookie_s *cookie); - }; - - struct dsa_st -diff --git a/crypto/ecdh/ech_locl.h b/crypto/ecdh/ech_locl.h -index f6cad6a..adce6b3 100644 ---- a/crypto/ecdh/ech_locl.h -+++ b/crypto/ecdh/ech_locl.h -@@ -67,6 +67,9 @@ struct ecdh_method - const char *name; - int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, - void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); -+ int (*compute_key_async)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, -+ void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen), -+ struct pkc_cookie_s *cookie); - #if 0 - int (*init)(EC_KEY *eckey); - int (*finish)(EC_KEY *eckey); -diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h -index cb3be13..eb0ebe0 100644 ---- a/crypto/ecdsa/ecs_locl.h -+++ b/crypto/ecdsa/ecs_locl.h -@@ -74,6 +74,11 @@ struct ecdsa_method - BIGNUM **r); - int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey); -+ int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len, -+ const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey, -+ ECDSA_SIG *sig, struct pkc_cookie_s *cookie); -+ int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len, -+ const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie); - #if 0 - int (*init)(EC_KEY *eckey); - int (*finish)(EC_KEY *eckey); -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 7ee314b..9f2416e 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -1281,6 +1281,56 @@ zapparams(struct crypt_kop *kop) - } - } - -+/* Any PKC request has at max 2 output parameters and they are stored here to -+be used while copying in the check availability */ -+struct cryptodev_cookie_s { -+ BIGNUM *r; -+ struct crparam r_param; -+ BIGNUM *s; -+ struct crparam s_param; -+ struct crypt_kop *kop; -+}; -+ -+static int -+cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, -+ BIGNUM *s) -+{ -+ int fd; -+ struct pkc_cookie_s *cookie = kop->cookie; -+ struct cryptodev_cookie_s *eng_cookie; -+ -+ fd = *(int *)cookie->eng_handle; -+ -+ eng_cookie = malloc(sizeof(struct cryptodev_cookie_s)); -+ -+ if (eng_cookie) { -+ memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s)); -+ if (r) { -+ kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); -+ if (!kop->crk_param[kop->crk_iparams].crp_p) -+ return -ENOMEM; -+ kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; -+ kop->crk_oparams++; -+ eng_cookie->r = r; -+ eng_cookie->r_param = kop->crk_param[kop->crk_iparams]; -+ } -+ if (s) { -+ kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char)); -+ if (!kop->crk_param[kop->crk_iparams+1].crp_p) -+ return -ENOMEM; -+ kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8; -+ kop->crk_oparams++; -+ eng_cookie->s = s; -+ eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1]; -+ } -+ } else -+ return -ENOMEM; -+ -+ eng_cookie->kop = kop; -+ cookie->eng_cookie = eng_cookie; -+ return ioctl(fd, CIOCASYMASYNCRYPT, kop); -+} -+ - static int - cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) - { -@@ -1337,6 +1387,44 @@ void *cryptodev_init_instance(void) - return fd; - } - -+#include -+ -+/* Return 0 on success and 1 on failure */ -+int cryptodev_check_availability(void *eng_handle) -+{ -+ int fd = *(int *)eng_handle; -+ struct pkc_cookie_list_s cookie_list; -+ struct pkc_cookie_s *cookie; -+ int i; -+ -+ /* FETCH COOKIE returns number of cookies extracted */ -+ if (ioctl(fd, CIOCASYMFETCHCOOKIE, &cookie_list) <= 0) -+ return 1; -+ -+ for (i = 0; i < cookie_list.cookie_available; i++) { -+ cookie = cookie_list.cookie[i]; -+ if (cookie) { -+ struct cryptodev_cookie_s *eng_cookie = cookie->eng_cookie; -+ if (eng_cookie) { -+ struct crypt_kop *kop = eng_cookie->kop; -+ -+ if (eng_cookie->r) -+ crparam2bn(&eng_cookie->r_param, eng_cookie->r); -+ if (eng_cookie->s) -+ crparam2bn(&eng_cookie->s_param, eng_cookie->s); -+ if (kop->crk_op == CRK_DH_COMPUTE_KEY) -+ kop->crk_oparams = 0; -+ -+ zapparams(eng_cookie->kop); -+ free(eng_cookie->kop); -+ free (eng_cookie); -+ } -+ cookie->pkc_callback(cookie, cookie_list.status[i]); -+ } -+ } -+ return 0; -+} -+ - static int - cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) -@@ -1382,6 +1470,63 @@ err: - } - - static int -+cryptodev_bn_mod_exp_async(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont, struct pkc_cookie_s *cookie) -+{ -+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); -+ int ret = 1; -+ -+ /* Currently, we know we can do mod exp iff we can do any -+ * asymmetric operations at all. -+ */ -+ if (cryptodev_asymfeat == 0 || !kop) { -+ ret = BN_mod_exp(r, a, p, m, ctx); -+ return (ret); -+ } -+ -+ kop->crk_oparams = 0; -+ kop->crk_status = 0; -+ kop->crk_op = CRK_MOD_EXP; -+ kop->cookie = cookie; -+ /* inputs: a^p % m */ -+ if (bn2crparam(a, &kop->crk_param[0])) -+ goto err; -+ if (bn2crparam(p, &kop->crk_param[1])) -+ goto err; -+ if (bn2crparam(m, &kop->crk_param[2])) -+ goto err; -+ -+ kop->crk_iparams = 3; -+ if (cryptodev_asym_async(kop, BN_num_bytes(m), r, 0, NULL)) -+ goto err; -+ -+ return ret; -+err: -+ { -+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); -+ -+ if (kop) -+ free(kop); -+ ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); -+ if (ret) -+ /* Call the completion handler immediately */ -+ cookie->pkc_callback(cookie, 0); -+ } -+ return ret; -+} -+ -+static int -+cryptodev_rsa_nocrt_mod_exp_async(BIGNUM *r0, const BIGNUM *I, -+ RSA *rsa, BN_CTX *ctx, struct pkc_cookie_s *cookie) -+{ -+ int r; -+ ctx = BN_CTX_new(); -+ r = cryptodev_bn_mod_exp_async(r0, I, rsa->d, rsa->n, ctx, NULL, cookie); -+ BN_CTX_free(ctx); -+ return r; -+} -+ -+static int - cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) - { - int r; -@@ -1446,6 +1591,62 @@ err: - return (ret); - } - -+static int -+cryptodev_rsa_mod_exp_async(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx, -+ struct pkc_cookie_s *cookie) -+{ -+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); -+ int ret = 1, f_len, p_len, q_len; -+ unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq = NULL, *c = NULL; -+ -+ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp || !kop) { -+ return (0); -+ } -+ -+ kop->crk_oparams = 0; -+ kop->crk_status = 0; -+ kop->crk_op = CRK_MOD_EXP_CRT; -+ f_len = BN_num_bytes(rsa->n); -+ spcf_bn2bin_ex(I, &f, &f_len); -+ spcf_bn2bin(rsa->p, &p, &p_len); -+ spcf_bn2bin(rsa->q, &q, &q_len); -+ spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len); -+ spcf_bn2bin_ex(rsa->iqmp, &c, &p_len); -+ spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len); -+ /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ -+ kop->crk_param[0].crp_p = p; -+ kop->crk_param[0].crp_nbits = p_len * 8; -+ kop->crk_param[1].crp_p = q; -+ kop->crk_param[1].crp_nbits = q_len * 8; -+ kop->crk_param[2].crp_p = f; -+ kop->crk_param[2].crp_nbits = f_len * 8; -+ kop->crk_param[3].crp_p = dp; -+ kop->crk_param[3].crp_nbits = p_len * 8; -+ /* dq must of length q, rest all of length p*/ -+ kop->crk_param[4].crp_p = dq; -+ kop->crk_param[4].crp_nbits = q_len * 8; -+ kop->crk_param[5].crp_p = c; -+ kop->crk_param[5].crp_nbits = p_len * 8; -+ kop->crk_iparams = 6; -+ kop->cookie = cookie; -+ if (cryptodev_asym_async(kop, BN_num_bytes(rsa->n), r0, 0, NULL)) -+ goto err; -+ -+ return ret; -+err: -+ { -+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); -+ -+ if (kop) -+ free(kop); -+ ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); -+ if (ret) -+ /* Call user completion handler immediately */ -+ cookie->pkc_callback(cookie, 0); -+ } -+ return (ret); -+} -+ - static RSA_METHOD cryptodev_rsa = { - "cryptodev RSA method", - NULL, /* rsa_pub_enc */ -@@ -1454,6 +1655,12 @@ static RSA_METHOD cryptodev_rsa = { - NULL, /* rsa_priv_dec */ - NULL, - NULL, -+ NULL, /* rsa_pub_enc */ -+ NULL, /* rsa_pub_dec */ -+ NULL, /* rsa_priv_enc */ -+ NULL, /* rsa_priv_dec */ -+ NULL, -+ NULL, - NULL, /* init */ - NULL, /* finish */ - 0, /* flags */ -@@ -1751,126 +1958,424 @@ sw_try: - return ret; - } - -+/* Cryptodev DSA Key Gen routine */ -+static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie) -+{ -+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); -+ int ret = 1, g_len; -+ unsigned char *g = NULL; - -+ if (!kop) -+ goto sw_try; - --static DSA_METHOD cryptodev_dsa = { -- "cryptodev DSA method", -- NULL, -- NULL, /* dsa_sign_setup */ -- NULL, -- NULL, /* dsa_mod_exp */ -- NULL, -- NULL, /* init */ -- NULL, /* finish */ -- 0, /* flags */ -- NULL /* app_data */ --}; -+ if (dsa->priv_key == NULL) { -+ if ((dsa->priv_key=BN_new()) == NULL) -+ goto sw_try; -+ } - --static ECDSA_METHOD cryptodev_ecdsa = { -- "cryptodev ECDSA method", -- NULL, -- NULL, /* ecdsa_sign_setup */ -- NULL, -- NULL, -- 0, /* flags */ -- NULL /* app_data */ --}; -+ if (dsa->pub_key == NULL) { -+ if ((dsa->pub_key=BN_new()) == NULL) -+ goto sw_try; -+ } - --typedef enum ec_curve_s --{ -- EC_PRIME, -- EC_BINARY --} ec_curve_t; -+ g_len = BN_num_bytes(dsa->p); -+ /** -+ * Get generator into a plain buffer. If length is less than -+ * q_len then add leading padding bytes. -+ */ -+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { -+ DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE); -+ goto sw_try; -+ } - --/* ENGINE handler for ECDSA Sign */ --static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, -- int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) --{ -- BIGNUM *m = NULL, *p = NULL, *a = NULL; -- BIGNUM *b = NULL, *x = NULL, *y = NULL; -- BN_CTX *ctx = NULL; -- ECDSA_SIG *ret = NULL; -- ECDSA_DATA *ecdsa = NULL; -- unsigned char * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL; -- unsigned char * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL; -- int i = 0, q_len = 0, priv_key_len = 0, r_len = 0; -- int g_len = 0, d_len = 0, ab_len = 0; -- const BIGNUM *order = NULL, *priv_key=NULL; -- const EC_GROUP *group = NULL; -- struct crypt_kop kop; -- ec_curve_t ec_crv = EC_PRIME; -+ memset(kop, 0, sizeof(struct crypt_kop)); -+ kop->crk_op = CRK_DSA_GENERATE_KEY; -+ if (bn2crparam(dsa->p, &kop->crk_param[0])) -+ goto sw_try; -+ if (bn2crparam(dsa->q, &kop->crk_param[1])) -+ goto sw_try; -+ kop->crk_param[2].crp_p = g; -+ kop->crk_param[2].crp_nbits = g_len * 8; -+ kop->crk_iparams = 3; -+ kop->cookie = cookie; - -- memset(&kop, 0, sizeof(kop)); -- ecdsa = ecdsa_check(eckey); -- if (!ecdsa) { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); -- return NULL; -+ /* pub_key is or prime length while priv key is of length of order */ -+ if (cryptodev_asym_async(kop, BN_num_bytes(dsa->p), dsa->pub_key, -+ BN_num_bytes(dsa->q), dsa->priv_key)) -+ goto sw_try; -+ -+ return ret; -+sw_try: -+ { -+ const DSA_METHOD *meth = DSA_OpenSSL(); -+ -+ if (kop) -+ free(kop); -+ ret = (meth->dsa_keygen)(dsa); -+ cookie->pkc_callback(cookie, 0); - } -+ return ret; -+} - -- group = EC_KEY_get0_group(eckey); -- priv_key = EC_KEY_get0_private_key(eckey); -+static int -+cryptodev_dsa_do_sign_async(const unsigned char *dgst, int dlen, DSA *dsa, -+ DSA_SIG *sig, struct pkc_cookie_s *cookie) -+{ -+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); -+ DSA_SIG *dsaret = NULL; -+ int q_len = 0, r_len = 0, g_len = 0; -+ int priv_key_len = 0, ret = 1; -+ unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f = NULL; - -- if (!group || !priv_key) { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); -- return NULL; -+ if (((sig->r = BN_new()) == NULL) || !kop) { -+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; - } - -- if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || -- (a = BN_new()) == NULL || (b = BN_new()) == NULL || -- (p = BN_new()) == NULL || (x = BN_new()) == NULL || -- (y = BN_new()) == NULL) { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ if ((sig->s = BN_new()) == NULL) { -+ BN_free(sig->r); -+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); - goto err; - } - -- order = &group->order; -- if (!order || BN_is_zero(order)) { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS); -+ if (spcf_bn2bin(dsa->p, &q, &q_len)) { -+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - goto err; - } - -- i = BN_num_bits(order); -- /* Need to truncate digest if it is too long: first truncate whole -- bytes */ -- if (8 * dgst_len > i) -- dgst_len = (i + 7)/8; -+ /* Get order of the field of private keys into plain buffer */ -+ if (spcf_bn2bin (dsa->q, &r, &r_len)) { -+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } - -- if (!BN_bin2bn(dgst, dgst_len, m)) { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ /* sanity test */ -+ if (dlen > r_len) { -+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - goto err; - } - -- /* If still too long truncate remaining bits with a shift */ -- if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ g_len = q_len; -+ /** -+ * Get generator into a plain buffer. If length is less than -+ * q_len then add leading padding bytes. -+ */ -+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { -+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); - goto err; - } - -- /* copy the truncated bits into plain buffer */ -- if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { -- fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__); -+ priv_key_len = r_len; -+ /** -+ * Get private key into a plain buffer. If length is less than -+ * r_len then add leading padding bytes. -+ */ -+ if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) { -+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); - goto err; - } - -- ret = ECDSA_SIG_new(); -- if (!ret) { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ /* Allocate memory to store hash. */ -+ f = OPENSSL_malloc (r_len); -+ if (!f) { -+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); - goto err; - } - -- /* check if this is prime or binary EC request */ -- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { -- ec_crv = EC_PRIME; -- /* get the generator point pair */ -- if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group), -- x, y,ctx)) { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -- goto err; -- } -+ /* Add padding, since SEC expects hash to of size r_len */ -+ if (dlen < r_len) -+ memset(f, 0, r_len - dlen); - -- /* get the ECC curve parameters */ -- if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ /* Skip leading bytes if dgst_len < r_len */ -+ memcpy(f + r_len - dlen, dgst, dlen); -+ -+ dlen = r_len; -+ -+ memset(kop, 0, sizeof( struct crypt_kop)); -+ kop->crk_op = CRK_DSA_SIGN; -+ -+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ -+ kop->crk_param[0].crp_p = (void*)f; -+ kop->crk_param[0].crp_nbits = dlen * 8; -+ kop->crk_param[1].crp_p = (void*)q; -+ kop->crk_param[1].crp_nbits = q_len * 8; -+ kop->crk_param[2].crp_p = (void*)r; -+ kop->crk_param[2].crp_nbits = r_len * 8; -+ kop->crk_param[3].crp_p = (void*)g; -+ kop->crk_param[3].crp_nbits = g_len * 8; -+ kop->crk_param[4].crp_p = (void*)priv_key; -+ kop->crk_param[4].crp_nbits = priv_key_len * 8; -+ kop->crk_iparams = 5; -+ kop->cookie = cookie; -+ -+ if (cryptodev_asym_async(kop, r_len, sig->r, r_len, sig->s)) -+ goto err; -+ -+ return ret; -+err: -+ { -+ const DSA_METHOD *meth = DSA_OpenSSL(); -+ -+ if (kop) -+ free(kop); -+ BN_free(sig->r); -+ BN_free(sig->s); -+ dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa); -+ sig->r = dsaret->r; -+ sig->s = dsaret->s; -+ /* Call user callback immediately */ -+ cookie->pkc_callback(cookie, 0); -+ ret = dsaret; -+ } -+ return ret; -+} -+ -+static int -+cryptodev_dsa_verify_async(const unsigned char *dgst, int dlen, -+ DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie) -+{ -+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); -+ int q_len = 0, r_len = 0, g_len = 0; -+ int w_len = 0 ,c_len = 0, d_len = 0, ret = 1; -+ unsigned char * q = NULL, * r = NULL, * w = NULL, * g = NULL; -+ unsigned char *c = NULL, * d = NULL, *f = NULL; -+ -+ if (!kop) -+ goto err; -+ -+ if (spcf_bn2bin(dsa->p, &q, &q_len)) { -+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ return ret; -+ } -+ -+ /* Get Order of field of private keys */ -+ if (spcf_bn2bin(dsa->q, &r, &r_len)) { -+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ g_len = q_len; -+ /** -+ * Get generator into a plain buffer. If length is less than -+ * q_len then add leading padding bytes. -+ */ -+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { -+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ w_len = q_len; -+ /** -+ * Get public key into a plain buffer. If length is less than -+ * q_len then add leading padding bytes. -+ */ -+ if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) { -+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ /** -+ * Get the 1st part of signature into a flat buffer with -+ * appropriate padding -+ */ -+ c_len = r_len; -+ -+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /** -+ * Get the 2nd part of signature into a flat buffer with -+ * appropriate padding -+ */ -+ d_len = r_len; -+ -+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ -+ /* Sanity test */ -+ if (dlen > r_len) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Allocate memory to store hash. */ -+ f = OPENSSL_malloc (r_len); -+ if (!f) { -+ DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Add padding, since SEC expects hash to of size r_len */ -+ if (dlen < r_len) -+ memset(f, 0, r_len - dlen); -+ -+ /* Skip leading bytes if dgst_len < r_len */ -+ memcpy(f + r_len - dlen, dgst, dlen); -+ -+ dlen = r_len; -+ memset(kop, 0, sizeof(struct crypt_kop)); -+ -+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ -+ kop->crk_param[0].crp_p = (void*)f; -+ kop->crk_param[0].crp_nbits = dlen * 8; -+ kop->crk_param[1].crp_p = q; -+ kop->crk_param[1].crp_nbits = q_len * 8; -+ kop->crk_param[2].crp_p = r; -+ kop->crk_param[2].crp_nbits = r_len * 8; -+ kop->crk_param[3].crp_p = g; -+ kop->crk_param[3].crp_nbits = g_len * 8; -+ kop->crk_param[4].crp_p = w; -+ kop->crk_param[4].crp_nbits = w_len * 8; -+ kop->crk_param[5].crp_p = c; -+ kop->crk_param[5].crp_nbits = c_len * 8; -+ kop->crk_param[6].crp_p = d; -+ kop->crk_param[6].crp_nbits = d_len * 8; -+ kop->crk_iparams = 7; -+ kop->crk_op = CRK_DSA_VERIFY; -+ kop->cookie = cookie; -+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) -+ goto err; -+ -+ return ret; -+err: -+ { -+ const DSA_METHOD *meth = DSA_OpenSSL(); -+ -+ if (kop) -+ free(kop); -+ -+ ret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa); -+ cookie->pkc_callback(cookie, 0); -+ } -+ return ret; -+} -+ -+static DSA_METHOD cryptodev_dsa = { -+ "cryptodev DSA method", -+ NULL, -+ NULL, /* dsa_sign_setup */ -+ NULL, -+ NULL, /* dsa_mod_exp */ -+ NULL, -+ NULL, -+ NULL, -+ NULL, -+ NULL, /* init */ -+ NULL, /* finish */ -+ 0, /* flags */ -+ NULL /* app_data */ -+}; -+ -+static ECDSA_METHOD cryptodev_ecdsa = { -+ "cryptodev ECDSA method", -+ NULL, -+ NULL, /* ecdsa_sign_setup */ -+ NULL, -+ NULL, -+ NULL, -+ NULL, -+ 0, /* flags */ -+ NULL /* app_data */ -+}; -+ -+typedef enum ec_curve_s -+{ -+ EC_PRIME, -+ EC_BINARY -+} ec_curve_t; -+ -+/* ENGINE handler for ECDSA Sign */ -+static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, -+ int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) -+{ -+ BIGNUM *m = NULL, *p = NULL, *a = NULL; -+ BIGNUM *b = NULL, *x = NULL, *y = NULL; -+ BN_CTX *ctx = NULL; -+ ECDSA_SIG *ret = NULL; -+ ECDSA_DATA *ecdsa = NULL; -+ unsigned char * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL; -+ unsigned char * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL; -+ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0; -+ int g_len = 0, d_len = 0, ab_len = 0; -+ const BIGNUM *order = NULL, *priv_key=NULL; -+ const EC_GROUP *group = NULL; -+ struct crypt_kop kop; -+ ec_curve_t ec_crv = EC_PRIME; -+ -+ memset(&kop, 0, sizeof(kop)); -+ ecdsa = ecdsa_check(eckey); -+ if (!ecdsa) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); -+ return NULL; -+ } -+ -+ group = EC_KEY_get0_group(eckey); -+ priv_key = EC_KEY_get0_private_key(eckey); -+ -+ if (!group || !priv_key) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); -+ return NULL; -+ } -+ -+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || -+ (a = BN_new()) == NULL || (b = BN_new()) == NULL || -+ (p = BN_new()) == NULL || (x = BN_new()) == NULL || -+ (y = BN_new()) == NULL) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ order = &group->order; -+ if (!order || BN_is_zero(order)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS); -+ goto err; -+ } -+ -+ i = BN_num_bits(order); -+ /* Need to truncate digest if it is too long: first truncate whole -+ bytes */ -+ if (8 * dgst_len > i) -+ dgst_len = (i + 7)/8; -+ -+ if (!BN_bin2bn(dgst, dgst_len, m)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* If still too long truncate remaining bits with a shift */ -+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* copy the truncated bits into plain buffer */ -+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { -+ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__); -+ goto err; -+ } -+ -+ ret = ECDSA_SIG_new(); -+ if (!ret) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* check if this is prime or binary EC request */ -+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { -+ ec_crv = EC_PRIME; -+ /* get the generator point pair */ -+ if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group), -+ x, y,ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* get the ECC curve parameters */ -+ if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); - goto err; - } - } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) { -@@ -2195,63 +2700,581 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, - } - - /** -- * Get the 2nd part of signature into a flat buffer with -- * appropriate padding -+ * Get the 2nd part of signature into a flat buffer with -+ * appropriate padding -+ */ -+ if (BN_num_bytes(sig->s) < r_len) -+ d_len = r_len; -+ -+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* memory for message representative */ -+ f = malloc(r_len); -+ if (!f) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Add padding, since SEC expects hash to of size r_len */ -+ memset(f, 0, r_len-dgst_len); -+ -+ /* Skip leading bytes if dgst_len < r_len */ -+ memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len); -+ dgst_len += r_len-dgst_len; -+ kop.crk_op = CRK_DSA_VERIFY; -+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ -+ kop.crk_param[0].crp_p = f; -+ kop.crk_param[0].crp_nbits = dgst_len * 8; -+ kop.crk_param[1].crp_p = q; -+ kop.crk_param[1].crp_nbits = q_len * 8; -+ kop.crk_param[2].crp_p = r; -+ kop.crk_param[2].crp_nbits = r_len * 8; -+ kop.crk_param[3].crp_p = g_xy; -+ kop.crk_param[3].crp_nbits = g_len * 8; -+ kop.crk_param[4].crp_p = w_xy; -+ kop.crk_param[4].crp_nbits = pub_key_len * 8; -+ kop.crk_param[5].crp_p = ab; -+ kop.crk_param[5].crp_nbits = ab_len * 8; -+ kop.crk_param[6].crp_p = c; -+ kop.crk_param[6].crp_nbits = d_len * 8; -+ kop.crk_param[7].crp_p = d; -+ kop.crk_param[7].crp_nbits = d_len * 8; -+ kop.crk_iparams = 8; -+ -+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { -+ /*OCF success value is 0, if not zero, change ret to fail*/ -+ if(0 == kop.crk_status) -+ ret = 1; -+ } else { -+ const ECDSA_METHOD *meth = ECDSA_OpenSSL(); -+ -+ ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey); -+ } -+ kop.crk_param[0].crp_p = NULL; -+ zapparams(&kop); -+ -+err: -+ return ret; -+} -+ -+static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst, -+ int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey, -+ ECDSA_SIG *sig, struct pkc_cookie_s *cookie) -+{ -+ BIGNUM *m = NULL, *p = NULL, *a = NULL; -+ BIGNUM *b = NULL, *x = NULL, *y = NULL; -+ BN_CTX *ctx = NULL; -+ ECDSA_SIG *sig_ret = NULL; -+ ECDSA_DATA *ecdsa = NULL; -+ unsigned char * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL; -+ unsigned char * s = NULL, *f = NULL, *tmp_dgst = NULL; -+ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0; -+ int g_len = 0, ab_len = 0, ret = 1; -+ const BIGNUM *order = NULL, *priv_key=NULL; -+ const EC_GROUP *group = NULL; -+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); -+ ec_curve_t ec_crv = EC_PRIME; -+ -+ if (!(sig->r = BN_new()) || !kop) -+ goto err; -+ if ((sig->s = BN_new()) == NULL) { -+ BN_free(r); -+ goto err; -+ } -+ -+ memset(kop, 0, sizeof(struct crypt_kop)); -+ ecdsa = ecdsa_check(eckey); -+ if (!ecdsa) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); -+ goto err; -+ } -+ -+ group = EC_KEY_get0_group(eckey); -+ priv_key = EC_KEY_get0_private_key(eckey); -+ -+ if (!group || !priv_key) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); -+ goto err; -+ } -+ -+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || -+ (a = BN_new()) == NULL || (b = BN_new()) == NULL || -+ (p = BN_new()) == NULL || (x = BN_new()) == NULL || -+ (y = BN_new()) == NULL) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ order = &group->order; -+ if (!order || BN_is_zero(order)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS); -+ goto err; -+ } -+ -+ i = BN_num_bits(order); -+ /* Need to truncate digest if it is too long: first truncate whole -+ bytes */ -+ if (8 * dgst_len > i) -+ dgst_len = (i + 7)/8; -+ -+ if (!BN_bin2bn(dgst, dgst_len, m)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* If still too long truncate remaining bits with a shift */ -+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* copy the truncated bits into plain buffer */ -+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { -+ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__); -+ goto err; -+ } -+ -+ /* check if this is prime or binary EC request */ -+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) -+ == NID_X9_62_prime_field) { -+ ec_crv = EC_PRIME; -+ /* get the generator point pair */ -+ if (!EC_POINT_get_affine_coordinates_GFp (group, -+ EC_GROUP_get0_generator(group), x, y,ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* get the ECC curve parameters */ -+ if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ goto err; -+ } -+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) { -+ ec_crv = EC_BINARY; -+ /* get the ECC curve parameters */ -+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* get the generator point pair */ -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, -+ EC_GROUP_get0_generator(group), x, y,ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ goto err; -+ } -+ } else { -+ printf("Unsupported Curve\n"); -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ if (spcf_bn2bin(order, &r, &r_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (spcf_bn2bin(p, &q, &q_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ priv_key_len = r_len; -+ -+ /** -+ * If BN_num_bytes of priv_key returns less then r_len then -+ * add padding bytes before the key -+ */ -+ if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Generation of ECC curve parameters */ -+ ab_len = 2*q_len; -+ ab = eng_copy_curve_points(a, b, ab_len, q_len); -+ if (!ab) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (ec_crv == EC_BINARY) { -+ if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len)) -+ { -+ unsigned char *c_temp = NULL; -+ int c_temp_len = q_len; -+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) -+ memcpy(ab+q_len, c_temp, q_len); -+ else -+ goto err; -+ } -+ kop->curve_type = ECC_BINARY; -+ } -+ -+ /* Calculation of Generator point */ -+ g_len = 2*q_len; -+ g_xy = eng_copy_curve_points(x, y, g_len, q_len); -+ if (!g_xy) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* memory for message representative */ -+ f = malloc(r_len); -+ if (!f) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Add padding, since SEC expects hash to of size r_len */ -+ memset(f, 0, r_len - dgst_len); -+ -+ /* Skip leading bytes if dgst_len < r_len */ -+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len); -+ -+ dgst_len += r_len - dgst_len; -+ -+ kop->crk_op = CRK_DSA_SIGN; -+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ -+ kop->crk_param[0].crp_p = f; -+ kop->crk_param[0].crp_nbits = dgst_len * 8; -+ kop->crk_param[1].crp_p = q; -+ kop->crk_param[1].crp_nbits = q_len * 8; -+ kop->crk_param[2].crp_p = r; -+ kop->crk_param[2].crp_nbits = r_len * 8; -+ kop->crk_param[3].crp_p = g_xy; -+ kop->crk_param[3].crp_nbits = g_len * 8; -+ kop->crk_param[4].crp_p = s; -+ kop->crk_param[4].crp_nbits = priv_key_len * 8; -+ kop->crk_param[5].crp_p = ab; -+ kop->crk_param[5].crp_nbits = ab_len * 8; -+ kop->crk_iparams = 6; -+ kop->cookie = cookie; -+ -+ if (cryptodev_asym_async(kop, r_len, sig->r , r_len, sig->s)) -+ goto err; -+ -+ return ret; -+err: -+ { -+ const ECDSA_METHOD *meth = ECDSA_OpenSSL(); -+ BN_free(sig->r); -+ BN_free(sig->s); -+ if (kop) -+ free(kop); -+ sig_ret = (meth->ecdsa_do_sign)(dgst, dgst_len, in_kinv, in_r, eckey); -+ sig->r = sig_ret->r; -+ sig->s = sig_ret->s; -+ cookie->pkc_callback(cookie, 0); -+ } -+ return ret; -+} -+ -+static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len, -+ const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie) -+{ -+ BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL; -+ BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL; -+ BN_CTX *ctx = NULL; -+ ECDSA_DATA *ecdsa = NULL; -+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy = NULL; -+ unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL; -+ int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0; -+ int d_len = 0, ab_len = 0, ret = 1; -+ const EC_POINT *pub_key = NULL; -+ const BIGNUM *order = NULL; -+ const EC_GROUP *group=NULL; -+ ec_curve_t ec_crv = EC_PRIME; -+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); -+ -+ if (!kop) -+ goto err; -+ -+ memset(kop, 0, sizeof(struct crypt_kop)); -+ ecdsa = ecdsa_check(eckey); -+ if (!ecdsa) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER); -+ goto err; -+ } -+ -+ group = EC_KEY_get0_group(eckey); -+ pub_key = EC_KEY_get0_public_key(eckey); -+ -+ if (!group || !pub_key) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER); -+ goto err; -+ } -+ -+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || -+ (a = BN_new()) == NULL || (b = BN_new()) == NULL || -+ (p = BN_new()) == NULL || (x = BN_new()) == NULL || -+ (y = BN_new()) == NULL || (w_x = BN_new()) == NULL || -+ (w_y = BN_new()) == NULL) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ order = &group->order; -+ if (!order || BN_is_zero(order)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS); -+ goto err; -+ } -+ -+ i = BN_num_bits(order); -+ /* Need to truncate digest if it is too long: first truncate whole -+ * bytes */ -+ if (8 * dgst_len > i) -+ dgst_len = (i + 7)/8; -+ -+ if (!BN_bin2bn(dgst, dgst_len, m)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* If still too long truncate remaining bits with a shift */ -+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); -+ goto err; -+ } -+ /* copy the truncated bits into plain buffer */ -+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* check if this is prime or binary EC request */ -+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { -+ ec_crv = EC_PRIME; -+ -+ /* get the generator point pair */ -+ if (!EC_POINT_get_affine_coordinates_GFp (group, -+ EC_GROUP_get0_generator(group), x, y,ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* get the public key pair for prime curve */ -+ if (!EC_POINT_get_affine_coordinates_GFp (group, -+ pub_key, w_x, w_y,ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* get the ECC curve parameters */ -+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field){ -+ ec_crv = EC_BINARY; -+ /* get the ECC curve parameters */ -+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* get the generator point pair */ -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, -+ EC_GROUP_get0_generator(group),x, y,ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* get the public key pair for binary curve */ -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, -+ pub_key, w_x, w_y,ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ }else { -+ printf("Unsupported Curve\n"); -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* Get the order of the subgroup of private keys */ -+ if (spcf_bn2bin((BIGNUM*)order, &r, &r_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Get the irreducible polynomial that creates the field */ -+ if (spcf_bn2bin(p, &q, &q_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Get the public key into a flat buffer with appropriate padding */ -+ pub_key_len = 2 * q_len; -+ -+ w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len); -+ if (!w_xy) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Generation of ECC curve parameters */ -+ ab_len = 2*q_len; -+ -+ ab = eng_copy_curve_points (a, b, ab_len, q_len); -+ if (!ab) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (ec_crv == EC_BINARY) { -+ /* copy b' i.e c(b), instead of only b */ -+ eng_ec_get_cparam (EC_GROUP_get_curve_name(group), -+ ab+q_len, q_len); -+ kop->curve_type = ECC_BINARY; -+ } -+ -+ /* Calculation of Generator point */ -+ g_len = 2 * q_len; -+ -+ g_xy = eng_copy_curve_points (x, y, g_len, q_len); -+ if (!g_xy) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /** -+ * Get the 1st part of signature into a flat buffer with -+ * appropriate padding -+ */ -+ if (BN_num_bytes(sig->r) < r_len) -+ c_len = r_len; -+ -+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /** -+ * Get the 2nd part of signature into a flat buffer with -+ * appropriate padding -+ */ -+ if (BN_num_bytes(sig->s) < r_len) -+ d_len = r_len; -+ -+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* memory for message representative */ -+ f = malloc(r_len); -+ if (!f) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Add padding, since SEC expects hash to of size r_len */ -+ memset(f, 0, r_len-dgst_len); -+ -+ /* Skip leading bytes if dgst_len < r_len */ -+ memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len); -+ -+ dgst_len += r_len-dgst_len; -+ -+ kop->crk_op = CRK_DSA_VERIFY; -+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ -+ kop->crk_param[0].crp_p = f; -+ kop->crk_param[0].crp_nbits = dgst_len * 8; -+ kop->crk_param[1].crp_p = q; -+ kop->crk_param[1].crp_nbits = q_len * 8; -+ kop->crk_param[2].crp_p = r; -+ kop->crk_param[2].crp_nbits = r_len * 8; -+ kop->crk_param[3].crp_p = g_xy; -+ kop->crk_param[3].crp_nbits = g_len * 8; -+ kop->crk_param[4].crp_p = w_xy; -+ kop->crk_param[4].crp_nbits = pub_key_len * 8; -+ kop->crk_param[5].crp_p = ab; -+ kop->crk_param[5].crp_nbits = ab_len * 8; -+ kop->crk_param[6].crp_p = c; -+ kop->crk_param[6].crp_nbits = d_len * 8; -+ kop->crk_param[7].crp_p = d; -+ kop->crk_param[7].crp_nbits = d_len * 8; -+ kop->crk_iparams = 8; -+ kop->cookie = cookie; -+ -+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) -+ goto err; -+ -+ return ret; -+err: -+ { -+ const ECDSA_METHOD *meth = ECDSA_OpenSSL(); -+ -+ if (kop) -+ free(kop); -+ ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey); -+ cookie->pkc_callback(cookie, 0); -+ } -+ -+ return ret; -+} -+ -+/* Cryptodev DH Key Gen routine */ -+static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie) -+{ -+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); -+ int ret = 1, g_len; -+ unsigned char *g = NULL; -+ -+ if (!kop) -+ goto sw_try; -+ -+ if (dh->priv_key == NULL) { -+ if ((dh->priv_key=BN_new()) == NULL) -+ goto sw_try; -+ } -+ -+ if (dh->pub_key == NULL) { -+ if ((dh->pub_key=BN_new()) == NULL) -+ goto sw_try; -+ } -+ -+ g_len = BN_num_bytes(dh->p); -+ /** -+ * Get generator into a plain buffer. If length is less than -+ * q_len then add leading padding bytes. - */ -- if (BN_num_bytes(sig->s) < r_len) -- d_len = r_len; -- -- if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { -- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- /* memory for message representative */ -- f = malloc(r_len); -- if (!f) { -- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -- goto err; -+ if (spcf_bn2bin_ex(dh->g, &g, &g_len)) { -+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); -+ goto sw_try; - } - -- /* Add padding, since SEC expects hash to of size r_len */ -- memset(f, 0, r_len-dgst_len); -+ memset(kop, 0, sizeof(struct crypt_kop)); -+ kop->crk_op = CRK_DH_GENERATE_KEY; -+ if (bn2crparam(dh->p, &kop->crk_param[0])) -+ goto sw_try; -+ if (bn2crparam(dh->q, &kop->crk_param[1])) -+ goto sw_try; -+ kop->crk_param[2].crp_p = g; -+ kop->crk_param[2].crp_nbits = g_len * 8; -+ kop->crk_iparams = 3; -+ kop->cookie = cookie; - -- /* Skip leading bytes if dgst_len < r_len */ -- memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len); -- dgst_len += r_len-dgst_len; -- kop.crk_op = CRK_DSA_VERIFY; -- /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ -- kop.crk_param[0].crp_p = f; -- kop.crk_param[0].crp_nbits = dgst_len * 8; -- kop.crk_param[1].crp_p = q; -- kop.crk_param[1].crp_nbits = q_len * 8; -- kop.crk_param[2].crp_p = r; -- kop.crk_param[2].crp_nbits = r_len * 8; -- kop.crk_param[3].crp_p = g_xy; -- kop.crk_param[3].crp_nbits = g_len * 8; -- kop.crk_param[4].crp_p = w_xy; -- kop.crk_param[4].crp_nbits = pub_key_len * 8; -- kop.crk_param[5].crp_p = ab; -- kop.crk_param[5].crp_nbits = ab_len * 8; -- kop.crk_param[6].crp_p = c; -- kop.crk_param[6].crp_nbits = d_len * 8; -- kop.crk_param[7].crp_p = d; -- kop.crk_param[7].crp_nbits = d_len * 8; -- kop.crk_iparams = 8; -+ /* pub_key is or prime length while priv key is of length of order */ -+ if (cryptodev_asym_async(kop, BN_num_bytes(dh->p), dh->pub_key, -+ BN_num_bytes(dh->q), dh->priv_key)) -+ goto sw_try; - -- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { -- /*OCF success value is 0, if not zero, change ret to fail*/ -- if(0 == kop.crk_status) -- ret = 1; -- } else { -- const ECDSA_METHOD *meth = ECDSA_OpenSSL(); -+ return ret; -+sw_try: -+ { -+ const DH_METHOD *meth = DH_OpenSSL(); - -- ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey); -+ if (kop) -+ free(kop); -+ ret = (meth->generate_key)(dh); -+ cookie->pkc_callback(cookie, 0); - } -- kop.crk_param[0].crp_p = NULL; -- zapparams(&kop); -- --err: - return ret; - } - -@@ -2360,6 +3383,54 @@ sw_try: - return (dhret); - } - -+/* Return Length if successful and 0 on failure */ -+static int -+cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key, -+ DH *dh, struct pkc_cookie_s *cookie) -+{ -+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); -+ int ret = 1; -+ int fd, p_len; -+ unsigned char *padded_pub_key = NULL, *p = NULL; -+ -+ fd = *(int *)cookie->eng_handle; -+ -+ memset(kop, 0, sizeof(struct crypt_kop)); -+ kop->crk_op = CRK_DH_COMPUTE_KEY; -+ /* inputs: dh->priv_key pub_key dh->p key */ -+ spcf_bn2bin(dh->p, &p, &p_len); -+ spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len); -+ -+ if (bn2crparam(dh->priv_key, &kop->crk_param[0])) -+ goto err; -+ kop->crk_param[1].crp_p = padded_pub_key; -+ kop->crk_param[1].crp_nbits = p_len * 8; -+ kop->crk_param[2].crp_p = p; -+ kop->crk_param[2].crp_nbits = p_len * 8; -+ kop->crk_iparams = 3; -+ -+ kop->cookie = cookie; -+ kop->crk_param[3].crp_p = (void*) key; -+ kop->crk_param[3].crp_nbits = p_len * 8; -+ kop->crk_oparams = 1; -+ -+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) -+ goto err; -+ -+ return p_len; -+err: -+ { -+ const DH_METHOD *meth = DH_OpenSSL(); -+ -+ if (kop) -+ free(kop); -+ ret = (meth->compute_key)(key, pub_key, dh); -+ /* Call user cookie handler */ -+ cookie->pkc_callback(cookie, 0); -+ } -+ return (ret); -+} -+ - int cryptodev_ecdh_compute_key(void *out, size_t outlen, - const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, - void *out, size_t *outlen)) -@@ -2537,6 +3608,190 @@ err: - return ret; - } - -+int cryptodev_ecdh_compute_key_async(void *out, size_t outlen, -+ const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, -+ void *out, size_t *outlen), struct pkc_cookie_s *cookie) -+{ -+ ec_curve_t ec_crv = EC_PRIME; -+ unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; -+ BIGNUM * w_x = NULL, *w_y = NULL; -+ int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; -+ BIGNUM * p = NULL, *a = NULL, *b = NULL; -+ BN_CTX *ctx; -+ EC_POINT *tmp=NULL; -+ BIGNUM *x=NULL, *y=NULL; -+ const BIGNUM *priv_key; -+ const EC_GROUP* group = NULL; -+ int ret = 1; -+ size_t buflen, len; -+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); -+ -+ if (!(ctx = BN_CTX_new()) || !kop) -+ goto err; -+ -+ memset(kop, 0, sizeof(struct crypt_kop)); -+ -+ BN_CTX_start(ctx); -+ x = BN_CTX_get(ctx); -+ y = BN_CTX_get(ctx); -+ p = BN_CTX_get(ctx); -+ a = BN_CTX_get(ctx); -+ b = BN_CTX_get(ctx); -+ w_x = BN_CTX_get(ctx); -+ w_y = BN_CTX_get(ctx); -+ -+ if (!x || !y || !p || !a || !b || !w_x || !w_y) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ priv_key = EC_KEY_get0_private_key(ecdh); -+ if (priv_key == NULL) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE); -+ goto err; -+ } -+ -+ group = EC_KEY_get0_group(ecdh); -+ if ((tmp=EC_POINT_new(group)) == NULL) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == -+ NID_X9_62_prime_field) { -+ ec_crv = EC_PRIME; -+ -+ if (!EC_POINT_get_affine_coordinates_GFp(group, -+ EC_GROUP_get0_generator(group), x, y, ctx)) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); -+ goto err; -+ } -+ -+ /* get the ECC curve parameters */ -+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* get the public key pair for prime curve */ -+ if (!EC_POINT_get_affine_coordinates_GFp (group, pub_key, w_x, w_y,ctx)) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); -+ goto err; -+ } -+ } else { -+ ec_crv = EC_BINARY; -+ -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, -+ EC_GROUP_get0_generator(group), x, y, ctx)) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); -+ goto err; -+ } -+ -+ /* get the ECC curve parameters */ -+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* get the public key pair for binary curve */ -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, -+ pub_key, w_x, w_y,ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ goto err; -+ } -+ } -+ -+ /* irreducible polynomial that creates the field */ -+ if (spcf_bn2bin((BIGNUM*)&group->order, &r, &r_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Get the irreducible polynomial that creates the field */ -+ if (spcf_bn2bin(p, &q, &q_len)) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* Get the public key into a flat buffer with appropriate padding */ -+ pub_key_len = 2 * q_len; -+ w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len); -+ if (!w_xy) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Generation of ECC curve parameters */ -+ ab_len = 2*q_len; -+ ab = eng_copy_curve_points (a, b, ab_len, q_len); -+ if (!ab) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ if (ec_crv == EC_BINARY) { -+ /* copy b' i.e c(b), instead of only b */ -+ if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len)) -+ { -+ unsigned char *c_temp = NULL; -+ int c_temp_len = q_len; -+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) -+ memcpy(ab+q_len, c_temp, q_len); -+ else -+ goto err; -+ } -+ kop->curve_type = ECC_BINARY; -+ } else -+ kop->curve_type = ECC_PRIME; -+ -+ priv_key_len = r_len; -+ -+ /* -+ * If BN_num_bytes of priv_key returns less then r_len then -+ * add padding bytes before the key -+ */ -+ if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ buflen = (EC_GROUP_get_degree(group) + 7)/8; -+ len = BN_num_bytes(x); -+ if (len > buflen || q_len < buflen) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ kop->crk_op = CRK_DH_COMPUTE_KEY; -+ kop->crk_param[0].crp_p = (void *) s; -+ kop->crk_param[0].crp_nbits = priv_key_len*8; -+ kop->crk_param[1].crp_p = (void *) w_xy; -+ kop->crk_param[1].crp_nbits = pub_key_len*8; -+ kop->crk_param[2].crp_p = (void *) q; -+ kop->crk_param[2].crp_nbits = q_len*8; -+ kop->crk_param[3].crp_p = (void *) ab; -+ kop->crk_param[3].crp_nbits = ab_len*8; -+ kop->crk_iparams = 4; -+ kop->crk_param[4].crp_p = (void *) out; -+ kop->crk_param[4].crp_nbits = q_len*8; -+ kop->crk_oparams = 1; -+ kop->cookie = cookie; -+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) -+ goto err; -+ -+ return q_len; -+err: -+ { -+ const ECDH_METHOD *meth = ECDH_OpenSSL(); -+ -+ if (kop) -+ free(kop); -+ ret = (meth->compute_key)(out, outlen, pub_key, ecdh, KDF); -+ /* Call user cookie handler */ -+ cookie->pkc_callback(cookie, 0); -+ } -+ return ret; -+} - - static DH_METHOD cryptodev_dh = { - "cryptodev DH method", -@@ -2545,6 +3800,8 @@ static DH_METHOD cryptodev_dh = { - NULL, - NULL, - NULL, -+ NULL, -+ NULL, - 0, /* flags */ - NULL /* app_data */ - }; -@@ -2553,6 +3810,7 @@ static ECDH_METHOD cryptodev_ecdh = { - "cryptodev ECDH method", - NULL, /* cryptodev_ecdh_compute_key */ - NULL, -+ NULL, - 0, /* flags */ - NULL /* app_data */ - }; -@@ -2625,12 +3883,19 @@ ENGINE_load_cryptodev(void) - cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; - if (cryptodev_asymfeat & CRF_MOD_EXP) { - cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp; -- if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) -+ cryptodev_rsa.bn_mod_exp_async = -+ cryptodev_bn_mod_exp_async; -+ if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) { - cryptodev_rsa.rsa_mod_exp = - cryptodev_rsa_mod_exp; -- else -+ cryptodev_rsa.rsa_mod_exp_async = -+ cryptodev_rsa_mod_exp_async; -+ } else { - cryptodev_rsa.rsa_mod_exp = - cryptodev_rsa_nocrt_mod_exp; -+ cryptodev_rsa.rsa_mod_exp_async = -+ cryptodev_rsa_nocrt_mod_exp_async; -+ } - } - } - -@@ -2638,12 +3903,21 @@ ENGINE_load_cryptodev(void) - const DSA_METHOD *meth = DSA_OpenSSL(); - - memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); -- if (cryptodev_asymfeat & CRF_DSA_SIGN) -+ if (cryptodev_asymfeat & CRF_DSA_SIGN) { - cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; -- if (cryptodev_asymfeat & CRF_DSA_VERIFY) -+ cryptodev_dsa.dsa_do_sign_async = -+ cryptodev_dsa_do_sign_async; -+ } -+ if (cryptodev_asymfeat & CRF_DSA_VERIFY) { - cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; -- if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) -+ cryptodev_dsa.dsa_do_verify_async = -+ cryptodev_dsa_verify_async; -+ } -+ if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) { - cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen; -+ cryptodev_dsa.dsa_keygen_async = -+ cryptodev_dsa_keygen_async; -+ } - } - - if (ENGINE_set_DH(engine, &cryptodev_dh)){ -@@ -2652,10 +3926,15 @@ ENGINE_load_cryptodev(void) - if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { - cryptodev_dh.compute_key = - cryptodev_dh_compute_key; -+ cryptodev_dh.compute_key_async = -+ cryptodev_dh_compute_key_async; - } - if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) { - cryptodev_dh.generate_key = - cryptodev_dh_keygen; -+ cryptodev_dh.generate_key_async = -+ cryptodev_dh_keygen_async; -+ - } - } - -@@ -2664,10 +3943,14 @@ ENGINE_load_cryptodev(void) - memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD)); - if (cryptodev_asymfeat & CRF_DSA_SIGN) { - cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign; -+ cryptodev_ecdsa.ecdsa_do_sign_async = -+ cryptodev_ecdsa_do_sign_async; - } - if (cryptodev_asymfeat & CRF_DSA_VERIFY) { - cryptodev_ecdsa.ecdsa_do_verify = - cryptodev_ecdsa_verify; -+ cryptodev_ecdsa.ecdsa_do_verify_async = -+ cryptodev_ecdsa_verify_async; - } - } - -@@ -2676,9 +3959,16 @@ ENGINE_load_cryptodev(void) - memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD)); - if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { - cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key; -+ cryptodev_ecdh.compute_key_async = -+ cryptodev_ecdh_compute_key_async; - } - } - -+ ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability); -+ ENGINE_set_close_instance(engine, cryptodev_close_instance); -+ ENGINE_set_init_instance(engine, cryptodev_init_instance); -+ ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC); -+ - ENGINE_add(engine); - ENGINE_free(engine); - ERR_clear_error(); -diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h -index 451ef8f..8fc3077 100644 ---- a/crypto/engine/eng_int.h -+++ b/crypto/engine/eng_int.h -@@ -181,7 +181,29 @@ struct engine_st - ENGINE_LOAD_KEY_PTR load_pubkey; - - ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert; -- -+ /* -+ * Instantiate Engine handle to be passed in check_pkc_availability -+ * Ensure that Engine is instantiated before any pkc asynchronous call. -+ */ -+ void *(*engine_init_instance)(void); -+ /* -+ * Instantiated Engine handle will be closed with this call. -+ * Ensure that no pkc asynchronous call is made after this call -+ */ -+ void (*engine_close_instance)(void *handle); -+ /* -+ * Check availability will extract the data from kernel. -+ * eng_handle: This is the Engine handle corresponds to which -+ * the cookies needs to be polled. -+ * return 0 if cookie available else 1 -+ */ -+ int (*check_pkc_availability)(void *eng_handle); -+ /* -+ * The following map is used to check if the engine supports asynchronous implementation -+ * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous -+ * implementation need to check this features using "int ENGINE_get_async_map(engine *)"; -+ */ -+ int async_map; - const ENGINE_CMD_DEFN *cmd_defns; - int flags; - /* reference count on the structure itself */ -diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c -index 18a6664..6fa621c 100644 ---- a/crypto/engine/eng_lib.c -+++ b/crypto/engine/eng_lib.c -@@ -98,7 +98,11 @@ void engine_set_all_null(ENGINE *e) - e->ctrl = NULL; - e->load_privkey = NULL; - e->load_pubkey = NULL; -+ e->check_pkc_availability = NULL; -+ e->engine_init_instance = NULL; -+ e->engine_close_instance = NULL; - e->cmd_defns = NULL; -+ e->async_map = 0; - e->flags = 0; - } - -@@ -233,6 +237,48 @@ int ENGINE_set_id(ENGINE *e, const char *id) - return 1; - } - -+void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void)) -+ { -+ e->engine_init_instance = engine_init_instance; -+ } -+ -+void ENGINE_set_close_instance(ENGINE *e, -+ void (*engine_close_instance)(void *)) -+ { -+ e->engine_close_instance = engine_close_instance; -+ } -+ -+void ENGINE_set_async_map(ENGINE *e, int async_map) -+ { -+ e->async_map = async_map; -+ } -+ -+void *ENGINE_init_instance(ENGINE *e) -+ { -+ return e->engine_init_instance(); -+ } -+ -+void ENGINE_close_instance(ENGINE *e, void *eng_handle) -+ { -+ e->engine_close_instance(eng_handle); -+ } -+ -+int ENGINE_get_async_map(ENGINE *e) -+ { -+ return e->async_map; -+ } -+ -+void ENGINE_set_check_pkc_availability(ENGINE *e, -+ int (*check_pkc_availability)(void *eng_handle)) -+ { -+ e->check_pkc_availability = check_pkc_availability; -+ } -+ -+int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle) -+ { -+ return e->check_pkc_availability(eng_handle); -+ } -+ - int ENGINE_set_name(ENGINE *e, const char *name) - { - if(name == NULL) -diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h -index 237a6c9..ccff86a 100644 ---- a/crypto/engine/engine.h -+++ b/crypto/engine/engine.h -@@ -473,6 +473,30 @@ ENGINE *ENGINE_new(void); - int ENGINE_free(ENGINE *e); - int ENGINE_up_ref(ENGINE *e); - int ENGINE_set_id(ENGINE *e, const char *id); -+void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void)); -+void ENGINE_set_close_instance(ENGINE *e, -+ void (*engine_free_instance)(void *)); -+/* -+ * Following FLAGS are bitmap store in async_map to set asynchronous interface capability -+ *of the engine -+ */ -+#define ENGINE_RSA_ASYNC 0x0001 -+#define ENGINE_DSA_ASYNC 0x0002 -+#define ENGINE_DH_ASYNC 0x0004 -+#define ENGINE_ECDSA_ASYNC 0x0008 -+#define ENGINE_ECDH_ASYNC 0x0010 -+#define ENGINE_ALLPKC_ASYNC 0x001F -+/* Engine implementation will set the bitmap based on above flags using following API */ -+void ENGINE_set_async_map(ENGINE *e, int async_map); -+ /* Application need to check the bitmap based on above flags using following API -+ * to confirm asynchronous methods supported -+ */ -+int ENGINE_get_async_map(ENGINE *e); -+void *ENGINE_init_instance(ENGINE *e); -+void ENGINE_close_instance(ENGINE *e, void *eng_handle); -+void ENGINE_set_check_pkc_availability(ENGINE *e, -+ int (*check_pkc_availability)(void *eng_handle)); -+int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle); - int ENGINE_set_name(ENGINE *e, const char *name); - int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); - int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); -diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h -index 5f269e5..6ef1b15 100644 ---- a/crypto/rsa/rsa.h -+++ b/crypto/rsa/rsa.h -@@ -101,6 +101,29 @@ struct rsa_meth_st - int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); /* Can be null */ -+ /* -+ * Cookie in the following _async variant must be allocated before -+ * submission and can be freed once its corresponding callback -+ * handler is called -+ */ -+ int (*rsa_pub_enc_asyn)(int flen,const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding, -+ struct pkc_cookie_s *cookie); -+ int (*rsa_pub_dec_async)(int flen,const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding, -+ struct pkc_cookie_s *cookie); -+ int (*rsa_priv_enc_async)(int flen,const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding, -+ struct pkc_cookie_s *cookie); -+ int (*rsa_priv_dec_async)(int flen,const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding, -+ struct pkc_cookie_s *cookie); -+ int (*rsa_mod_exp_async)(BIGNUM *r0, const BIGNUM *I, RSA *rsa, -+ BN_CTX *ctx, struct pkc_cookie_s *cookie); -+ int (*bn_mod_exp_async)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -+ const BIGNUM *m, BN_CTX *ctx, -+ BN_MONT_CTX *m_ctx, struct pkc_cookie_s *cookie); -+ - int (*init)(RSA *rsa); /* called at new */ - int (*finish)(RSA *rsa); /* called at free */ - int flags; /* RSA_METHOD_FLAG_* things */ --- -2.3.5 - diff --git a/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch b/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch deleted file mode 100644 index 244d230..0000000 --- a/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch +++ /dev/null @@ -1,153 +0,0 @@ -From e4fc051f8ae1c093b25ca346c2ec351ff3b700d1 Mon Sep 17 00:00:00 2001 -From: Hou Zhiqiang -Date: Wed, 2 Apr 2014 16:10:43 +0800 -Subject: [PATCH 11/26] Add RSA keygen operation and support gendsa command - with hardware engine - -Upstream-status: Pending - -Signed-off-by: Hou Zhiqiang -Tested-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 118 ++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 118 insertions(+) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 9f2416e..b2919a8 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -1906,6 +1906,121 @@ err: - return dsaret; - } - -+/* Cryptodev RSA Key Gen routine */ -+static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) -+{ -+ struct crypt_kop kop; -+ int ret, fd; -+ int p_len, q_len; -+ int i; -+ -+ if ((fd = get_asym_dev_crypto()) < 0) -+ return fd; -+ -+ if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err; -+ if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err; -+ if(!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err; -+ if(!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err; -+ if(!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err; -+ if(!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err; -+ if(!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err; -+ if(!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err; -+ -+ BN_copy(rsa->e, e); -+ -+ p_len = (bits+1) / (2 * 8); -+ q_len = (bits - p_len * 8) / 8; -+ memset(&kop, 0, sizeof kop); -+ kop.crk_op = CRK_RSA_GENERATE_KEY; -+ -+ /* p length */ -+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char)); -+ if (!kop.crk_param[kop.crk_iparams].crp_p) -+ goto err; -+ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8; -+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1); -+ kop.crk_iparams++; -+ kop.crk_oparams++; -+ /* q length */ -+ kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char)); -+ if (!kop.crk_param[kop.crk_iparams].crp_p) -+ goto err; -+ kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8; -+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1); -+ kop.crk_iparams++; -+ kop.crk_oparams++; -+ /* n length */ -+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + q_len + 1, sizeof(char)); -+ if (!kop.crk_param[kop.crk_iparams].crp_p) -+ goto err; -+ kop.crk_param[kop.crk_iparams].crp_nbits = bits; -+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0x00, p_len + q_len + 1); -+ kop.crk_iparams++; -+ kop.crk_oparams++; -+ /* d length */ -+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + q_len + 1, sizeof(char)); -+ if (!kop.crk_param[kop.crk_iparams].crp_p) -+ goto err; -+ kop.crk_param[kop.crk_iparams].crp_nbits = bits; -+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + q_len + 1); -+ kop.crk_iparams++; -+ kop.crk_oparams++; -+ /* dp1 length */ -+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char)); -+ if (!kop.crk_param[kop.crk_iparams].crp_p) -+ goto err; -+ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8; -+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1); -+ kop.crk_iparams++; -+ kop.crk_oparams++; -+ /* dq1 length */ -+ kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char)); -+ if (!kop.crk_param[kop.crk_iparams].crp_p) -+ goto err; -+ kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8; -+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1); -+ kop.crk_iparams++; -+ kop.crk_oparams++; -+ /* i length */ -+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char)); -+ if (!kop.crk_param[kop.crk_iparams].crp_p) -+ goto err; -+ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8; -+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1); -+ kop.crk_iparams++; -+ kop.crk_oparams++; -+ -+ if (ioctl(fd, CIOCKEY, &kop) == 0) { -+ BN_bin2bn(kop.crk_param[0].crp_p, -+ p_len, rsa->p); -+ BN_bin2bn(kop.crk_param[1].crp_p, -+ q_len, rsa->q); -+ BN_bin2bn(kop.crk_param[2].crp_p, -+ bits / 8, rsa->n); -+ BN_bin2bn(kop.crk_param[3].crp_p, -+ bits / 8, rsa->d); -+ BN_bin2bn(kop.crk_param[4].crp_p, -+ p_len, rsa->dmp1); -+ BN_bin2bn(kop.crk_param[5].crp_p, -+ q_len, rsa->dmq1); -+ BN_bin2bn(kop.crk_param[6].crp_p, -+ p_len, rsa->iqmp); -+ return 1; -+ } -+sw_try: -+ { -+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); -+ ret = (meth->rsa_keygen)(rsa, bits, e, cb); -+ } -+ return ret; -+ -+err: -+ for (i = 0; i < CRK_MAXPARAM; i++) -+ free(kop.crk_param[i].crp_p); -+ return 0; -+ -+} -+ - /* Cryptodev DSA Key Gen routine */ - static int cryptodev_dsa_keygen(DSA *dsa) - { -@@ -3896,6 +4011,9 @@ ENGINE_load_cryptodev(void) - cryptodev_rsa.rsa_mod_exp_async = - cryptodev_rsa_nocrt_mod_exp_async; - } -+ if (cryptodev_asymfeat & CRF_RSA_GENERATE_KEY) -+ cryptodev_rsa.rsa_keygen = -+ cryptodev_rsa_keygen; - } - } - --- -2.3.5 - diff --git a/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch b/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch deleted file mode 100644 index 7f907da..0000000 --- a/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch +++ /dev/null @@ -1,64 +0,0 @@ -From ac777f046da7151386d667391362ecb553ceee90 Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Wed, 16 Apr 2014 22:53:04 +0545 -Subject: [PATCH 12/26] RSA Keygen Fix - -Upstream-status: Pending - -If Kernel driver doesn't support RSA Keygen or same returns -error handling the keygen operation, the keygen is gracefully -handled by software supported rsa_keygen handler - -Signed-off-by: Yashpal Dutta -Tested-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 12 +++++++----- - 1 file changed, 7 insertions(+), 5 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index b2919a8..ed5f20f 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -1915,7 +1915,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) - int i; - - if ((fd = get_asym_dev_crypto()) < 0) -- return fd; -+ goto sw_try; - - if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err; - if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err; -@@ -1936,7 +1936,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) - /* p length */ - kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char)); - if (!kop.crk_param[kop.crk_iparams].crp_p) -- goto err; -+ goto sw_try; - kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8; - memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1); - kop.crk_iparams++; -@@ -1944,7 +1944,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) - /* q length */ - kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char)); - if (!kop.crk_param[kop.crk_iparams].crp_p) -- goto err; -+ goto sw_try; - kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8; - memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1); - kop.crk_iparams++; -@@ -2009,8 +2009,10 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) - } - sw_try: - { -- const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); -- ret = (meth->rsa_keygen)(rsa, bits, e, cb); -+ const RSA_METHOD *meth = rsa->meth; -+ rsa->meth = RSA_PKCS1_SSLeay(); -+ ret = RSA_generate_key_ex(rsa, bits, e, cb); -+ rsa->meth = meth; - } - return ret; - --- -2.3.5 - diff --git a/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch b/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch deleted file mode 100644 index c9d8ace..0000000 --- a/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch +++ /dev/null @@ -1,164 +0,0 @@ -From 6aaa306cdf878250d7b6eaf30978de313653886b Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Thu, 17 Apr 2014 06:57:59 +0545 -Subject: [PATCH 13/26] Removed local copy of curve_t type - -Upstream-status: Pending - -Signed-off-by: Yashpal Dutta -Tested-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 34 ++++++++++++++-------------------- - crypto/engine/eng_cryptodev_ec.h | 7 ------- - 2 files changed, 14 insertions(+), 27 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index ed5f20f..5d883fa 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -2398,12 +2398,6 @@ static ECDSA_METHOD cryptodev_ecdsa = { - NULL /* app_data */ - }; - --typedef enum ec_curve_s --{ -- EC_PRIME, -- EC_BINARY --} ec_curve_t; -- - /* ENGINE handler for ECDSA Sign */ - static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, - int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) -@@ -2420,7 +2414,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, - const BIGNUM *order = NULL, *priv_key=NULL; - const EC_GROUP *group = NULL; - struct crypt_kop kop; -- ec_curve_t ec_crv = EC_PRIME; -+ enum ec_curve_t ec_crv = EC_PRIME; - - memset(&kop, 0, sizeof(kop)); - ecdsa = ecdsa_check(eckey); -@@ -2553,7 +2547,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, - else - goto err; - } -- kop.curve_type = ECC_BINARY; -+ kop.curve_type = EC_BINARY; - } - - /* Calculation of Generator point */ -@@ -2647,7 +2641,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, - const EC_POINT *pub_key = NULL; - const BIGNUM *order = NULL; - const EC_GROUP *group=NULL; -- ec_curve_t ec_crv = EC_PRIME; -+ enum ec_curve_t ec_crv = EC_PRIME; - struct crypt_kop kop; - - memset(&kop, 0, sizeof kop); -@@ -2792,7 +2786,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, - else - goto err; - } -- kop.curve_type = ECC_BINARY; -+ kop.curve_type = EC_BINARY; - } - - /* Calculation of Generator point */ -@@ -2893,7 +2887,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst, - const BIGNUM *order = NULL, *priv_key=NULL; - const EC_GROUP *group = NULL; - struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); -- ec_curve_t ec_crv = EC_PRIME; -+ enum ec_curve_t ec_crv = EC_PRIME; - - if (!(sig->r = BN_new()) || !kop) - goto err; -@@ -3029,7 +3023,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst, - else - goto err; - } -- kop->curve_type = ECC_BINARY; -+ kop->curve_type = EC_BINARY; - } - - /* Calculation of Generator point */ -@@ -3105,7 +3099,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len, - const EC_POINT *pub_key = NULL; - const BIGNUM *order = NULL; - const EC_GROUP *group=NULL; -- ec_curve_t ec_crv = EC_PRIME; -+ enum ec_curve_t ec_crv = EC_PRIME; - struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); - - if (!kop) -@@ -3247,7 +3241,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len, - /* copy b' i.e c(b), instead of only b */ - eng_ec_get_cparam (EC_GROUP_get_curve_name(group), - ab+q_len, q_len); -- kop->curve_type = ECC_BINARY; -+ kop->curve_type = EC_BINARY; - } - - /* Calculation of Generator point */ -@@ -3552,7 +3546,7 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen, - const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, - void *out, size_t *outlen)) - { -- ec_curve_t ec_crv = EC_PRIME; -+ enum ec_curve_t ec_crv = EC_PRIME; - unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; - BIGNUM * w_x = NULL, *w_y = NULL; - int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; -@@ -3678,9 +3672,9 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen, - else - goto err; - } -- kop.curve_type = ECC_BINARY; -+ kop.curve_type = EC_BINARY; - } else -- kop.curve_type = ECC_PRIME; -+ kop.curve_type = EC_PRIME; - - priv_key_len = r_len; - -@@ -3729,7 +3723,7 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen, - const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, - void *out, size_t *outlen), struct pkc_cookie_s *cookie) - { -- ec_curve_t ec_crv = EC_PRIME; -+ enum ec_curve_t ec_crv = EC_PRIME; - unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; - BIGNUM * w_x = NULL, *w_y = NULL; - int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; -@@ -3857,9 +3851,9 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen, - else - goto err; - } -- kop->curve_type = ECC_BINARY; -+ kop->curve_type = EC_BINARY; - } else -- kop->curve_type = ECC_PRIME; -+ kop->curve_type = EC_PRIME; - - priv_key_len = r_len; - -diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h -index 77aee71..a4b8da5 100644 ---- a/crypto/engine/eng_cryptodev_ec.h -+++ b/crypto/engine/eng_cryptodev_ec.h -@@ -286,11 +286,4 @@ static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y, - - return xy; - } -- --enum curve_t { -- DISCRETE_LOG, -- ECC_PRIME, -- ECC_BINARY, -- MAX_ECC_TYPE --}; - #endif --- -2.3.5 - diff --git a/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch b/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch deleted file mode 100644 index 198bed7..0000000 --- a/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 14623ca9e417ccef1ad3f4138acfac0ebe682f1f Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Tue, 22 Apr 2014 22:58:33 +0545 -Subject: [PATCH 14/26] Modulus parameter is not populated by dhparams - -Upstream-status: Pending - -When dhparams are created, modulus parameter required for -private key generation is not populated. So, falling back -to software for proper population of modulus parameters followed -by private key generation - -Signed-off-by: Yashpal Dutta -Tested-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 5d883fa..6d69336 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -3364,7 +3364,7 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie) - kop->crk_op = CRK_DH_GENERATE_KEY; - if (bn2crparam(dh->p, &kop->crk_param[0])) - goto sw_try; -- if (bn2crparam(dh->q, &kop->crk_param[1])) -+ if (!dh->q || bn2crparam(dh->q, &kop->crk_param[1])) - goto sw_try; - kop->crk_param[2].crp_p = g; - kop->crk_param[2].crp_nbits = g_len * 8; -@@ -3419,7 +3419,7 @@ static int cryptodev_dh_keygen(DH *dh) - kop.crk_op = CRK_DH_GENERATE_KEY; - if (bn2crparam(dh->p, &kop.crk_param[0])) - goto sw_try; -- if (bn2crparam(dh->q, &kop.crk_param[1])) -+ if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1])) - goto sw_try; - kop.crk_param[2].crp_p = g; - kop.crk_param[2].crp_nbits = g_len * 8; --- -2.3.5 - diff --git a/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch b/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch deleted file mode 100644 index 59330a1..0000000 --- a/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 10be401a33e6ebcc325d6747914c70595cd53d0a Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Thu, 24 Apr 2014 00:35:34 +0545 -Subject: [PATCH 15/26] SW Backoff mechanism for dsa keygen - -Upstream-status: Pending - -DSA Keygen is not handled in default openssl dsa method. Due to -same null function pointer in SW DSA method, the backoff for dsa -keygen gives segmentation fault. - -Signed-off-by: Yashpal Dutta -Tested-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 6d69336..dab8fea 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -2069,8 +2069,10 @@ static int cryptodev_dsa_keygen(DSA *dsa) - return ret; - sw_try: - { -- const DSA_METHOD *meth = DSA_OpenSSL(); -- ret = (meth->dsa_keygen)(dsa); -+ const DSA_METHOD *meth = dsa->meth; -+ dsa->meth = DSA_OpenSSL(); -+ ret = DSA_generate_key(dsa); -+ dsa->meth = meth; - } - return ret; - } -@@ -2124,11 +2126,13 @@ static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie) - return ret; - sw_try: - { -- const DSA_METHOD *meth = DSA_OpenSSL(); -+ const DSA_METHOD *meth = dsa->meth; - -+ dsa->meth = DSA_OpenSSL(); - if (kop) - free(kop); -- ret = (meth->dsa_keygen)(dsa); -+ ret = DSA_generate_key(dsa); -+ dsa->meth = meth; - cookie->pkc_callback(cookie, 0); - } - return ret; --- -2.3.5 - diff --git a/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch b/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch deleted file mode 100644 index 8923cb6..0000000 --- a/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch +++ /dev/null @@ -1,100 +0,0 @@ -From d2c868c6370bcc0d0a254e641907da2cdf992d62 Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Thu, 1 May 2014 06:35:45 +0545 -Subject: [PATCH 16/26] Fixed DH keygen pair generator - -Upstream-status: Pending - -Wrong Padding results into keygen length error - -Signed-off-by: Yashpal Dutta -Tested-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 50 ++++++++++++++++++++++++++++--------------- - 1 file changed, 33 insertions(+), 17 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index dab8fea..13d924f 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -3396,44 +3396,60 @@ sw_try: - static int cryptodev_dh_keygen(DH *dh) - { - struct crypt_kop kop; -- int ret = 1, g_len; -- unsigned char *g = NULL; -+ int ret = 1, q_len = 0; -+ unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL; -+ BIGNUM *pub_key = NULL, *priv_key = NULL; -+ int generate_new_key = 1; - -- if (dh->priv_key == NULL) { -- if ((dh->priv_key=BN_new()) == NULL) -- goto sw_try; -- } -+ if (dh->priv_key) -+ priv_key = dh->priv_key; - -- if (dh->pub_key == NULL) { -- if ((dh->pub_key=BN_new()) == NULL) -- goto sw_try; -- } -+ if (dh->pub_key) -+ pub_key = dh->pub_key; - -- g_len = BN_num_bytes(dh->p); -+ q_len = BN_num_bytes(dh->p); - /** - * Get generator into a plain buffer. If length is less than - * q_len then add leading padding bytes. - */ -- if (spcf_bn2bin_ex(dh->g, &g, &g_len)) { -+ if (spcf_bn2bin_ex(dh->g, &g, &q_len)) { -+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); -+ goto sw_try; -+ } -+ -+ if (spcf_bn2bin_ex(dh->p, &q, &q_len)) { - DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); - goto sw_try; - } - - memset(&kop, 0, sizeof kop); - kop.crk_op = CRK_DH_GENERATE_KEY; -- if (bn2crparam(dh->p, &kop.crk_param[0])) -- goto sw_try; -+ kop.crk_param[0].crp_p = q; -+ kop.crk_param[0].crp_nbits = q_len * 8; - if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1])) - goto sw_try; - kop.crk_param[2].crp_p = g; -- kop.crk_param[2].crp_nbits = g_len * 8; -+ kop.crk_param[2].crp_nbits = q_len * 8; - kop.crk_iparams = 3; - -+ s = OPENSSL_malloc (q_len); -+ if (!s) { -+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); -+ goto sw_try; -+ } -+ -+ w = OPENSSL_malloc (q_len); -+ if (!w) { -+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); -+ goto sw_try; -+ } -+ - /* pub_key is or prime length while priv key is of length of order */ -- if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key, -- BN_num_bytes(dh->q), dh->priv_key)) -+ if (cryptodev_asym(&kop, q_len, w, q_len, s)) - goto sw_try; - -+ dh->pub_key = BN_bin2bn(w, q_len, pub_key); -+ dh->pub_key = BN_bin2bn(s, q_len, priv_key); - return ret; - sw_try: - { --- -2.3.5 - diff --git a/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch b/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch deleted file mode 100644 index bd9e61a..0000000 --- a/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch +++ /dev/null @@ -1,309 +0,0 @@ -From 11b55103463bac614e00d74e9f196ec4ec6bade1 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Mon, 16 Jun 2014 14:06:21 +0300 -Subject: [PATCH 17/26] cryptodev: add support for aes-gcm algorithm offloading - -Change-Id: I3b77dc5ef8b8f707309549244a02852d95b36168 -Signed-off-by: Cristian Stoica -Reviewed-on: http://git.am.freescale.net:8181/17226 ---- - apps/speed.c | 6 +- - crypto/engine/eng_cryptodev.c | 229 +++++++++++++++++++++++++++++++++++++++++- - 2 files changed, 233 insertions(+), 2 deletions(-) - -diff --git a/apps/speed.c b/apps/speed.c -index 9886ca3..099dede 100644 ---- a/apps/speed.c -+++ b/apps/speed.c -@@ -224,7 +224,11 @@ - #endif - - #undef BUFSIZE --#define BUFSIZE ((long)1024*8+1) -+/* The buffer overhead allows GCM tag at the end of the encrypted data. This -+ avoids buffer overflows from cryptodev since Linux kernel GCM -+ implementation allways adds the tag - unlike e_aes.c:aes_gcm_cipher() -+ which doesn't */ -+#define BUFSIZE ((long)1024*8 + EVP_GCM_TLS_TAG_LEN) - int run=0; - - static int mr=0; -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 13d924f..4493490 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -78,8 +78,10 @@ struct dev_crypto_state { - struct session_op d_sess; - int d_fd; - unsigned char *aad; -- unsigned int aad_len; -+ int aad_len; - unsigned int len; -+ unsigned char *iv; -+ int ivlen; - - #ifdef USE_CRYPTODEV_DIGESTS - char dummy_mac_key[HASH_MAX_LEN]; -@@ -251,6 +253,7 @@ static struct { - { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0}, - { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20}, - { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20}, -+ { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0}, - { 0, NID_undef, 0, 0, 0}, - }; - -@@ -271,6 +274,19 @@ static struct { - }; - #endif - -+/* increment counter (64-bit int) by 1 */ -+static void ctr64_inc(unsigned char *counter) { -+ int n=8; -+ unsigned char c; -+ -+ do { -+ --n; -+ c = counter[n]; -+ ++c; -+ counter[n] = c; -+ if (c) return; -+ } while (n); -+} - /* - * Return a fd if /dev/crypto seems usable, 0 otherwise. - */ -@@ -762,6 +778,197 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - } - } - -+static int cryptodev_init_gcm_key(EVP_CIPHER_CTX *ctx, -+ const unsigned char *key, const unsigned char *iv, int enc) -+{ -+ struct dev_crypto_state *state = ctx->cipher_data; -+ struct session_op *sess = &state->d_sess; -+ int cipher = -1, i; -+ if (!iv && !key) -+ return 1; -+ -+ if (iv) -+ memcpy(ctx->iv, iv, ctx->cipher->iv_len); -+ -+ for (i = 0; ciphers[i].id; i++) -+ if (ctx->cipher->nid == ciphers[i].nid && -+ ctx->cipher->iv_len <= ciphers[i].ivmax && -+ ctx->key_len == ciphers[i].keylen) { -+ cipher = ciphers[i].id; -+ break; -+ } -+ -+ if (!ciphers[i].id) { -+ state->d_fd = -1; -+ return 0; -+ } -+ -+ memset(sess, 0, sizeof(struct session_op)); -+ -+ if ((state->d_fd = get_dev_crypto()) < 0) -+ return 0; -+ -+ sess->key = (unsigned char *) key; -+ sess->keylen = ctx->key_len; -+ sess->cipher = cipher; -+ -+ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { -+ put_dev_crypto(state->d_fd); -+ state->d_fd = -1; -+ return 0; -+ } -+ return 1; -+} -+ -+static int cryptodev_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -+ const unsigned char *in, size_t len) -+{ -+ struct crypt_auth_op cryp = {0}; -+ struct dev_crypto_state *state = ctx->cipher_data; -+ struct session_op *sess = &state->d_sess; -+ int rv = len; -+ -+ if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ? -+ EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV, -+ EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) -+ return 0; -+ -+ in += EVP_GCM_TLS_EXPLICIT_IV_LEN; -+ out += EVP_GCM_TLS_EXPLICIT_IV_LEN; -+ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; -+ -+ if (ctx->encrypt) { -+ len -= EVP_GCM_TLS_TAG_LEN; -+ } -+ cryp.ses = sess->ses; -+ cryp.len = len; -+ cryp.src = (unsigned char*) in; -+ cryp.dst = out; -+ cryp.auth_src = state->aad; -+ cryp.auth_len = state->aad_len; -+ cryp.iv = ctx->iv; -+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; -+ -+ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) { -+ return 0; -+ } -+ -+ if (ctx->encrypt) -+ ctr64_inc(state->iv + state->ivlen - 8); -+ else -+ rv = len - EVP_GCM_TLS_TAG_LEN; -+ -+ return rv; -+} -+ -+static int cryptodev_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -+ const unsigned char *in, size_t len) -+{ -+ struct crypt_auth_op cryp; -+ struct dev_crypto_state *state = ctx->cipher_data; -+ struct session_op *sess = &state->d_sess; -+ -+ if (state->d_fd < 0) -+ return 0; -+ -+ if ((len % ctx->cipher->block_size) != 0) -+ return 0; -+ -+ if (state->aad_len >= 0) -+ return cryptodev_gcm_tls_cipher(ctx, out, in, len); -+ -+ memset(&cryp, 0, sizeof(cryp)); -+ -+ cryp.ses = sess->ses; -+ cryp.len = len; -+ cryp.src = (unsigned char*) in; -+ cryp.dst = out; -+ cryp.auth_src = NULL; -+ cryp.auth_len = 0; -+ cryp.iv = ctx->iv; -+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; -+ -+ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) { -+ return 0; -+ } -+ -+ return len; -+} -+ -+static int cryptodev_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, -+ void *ptr) -+{ -+ struct dev_crypto_state *state = ctx->cipher_data; -+ switch (type) { -+ case EVP_CTRL_INIT: -+ { -+ state->ivlen = ctx->cipher->iv_len; -+ state->iv = ctx->iv; -+ state->aad_len = -1; -+ return 1; -+ } -+ case EVP_CTRL_GCM_SET_IV_FIXED: -+ { -+ /* Special case: -1 length restores whole IV */ -+ if (arg == -1) -+ { -+ memcpy(state->iv, ptr, state->ivlen); -+ return 1; -+ } -+ /* Fixed field must be at least 4 bytes and invocation field -+ * at least 8. -+ */ -+ if ((arg < 4) || (state->ivlen - arg) < 8) -+ return 0; -+ if (arg) -+ memcpy(state->iv, ptr, arg); -+ if (ctx->encrypt && -+ RAND_bytes(state->iv + arg, state->ivlen - arg) <= 0) -+ return 0; -+ return 1; -+ } -+ case EVP_CTRL_AEAD_TLS1_AAD: -+ { -+ unsigned int len; -+ if (arg != 13) -+ return 0; -+ -+ memcpy(ctx->buf, ptr, arg); -+ len=ctx->buf[arg-2] << 8 | ctx->buf[arg-1]; -+ -+ /* Correct length for explicit IV */ -+ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; -+ -+ /* If decrypting correct for tag too */ -+ if (!ctx->encrypt) -+ len -= EVP_GCM_TLS_TAG_LEN; -+ -+ ctx->buf[arg-2] = len >> 8; -+ ctx->buf[arg-1] = len & 0xff; -+ -+ state->aad = ctx->buf; -+ state->aad_len = arg; -+ state->len = len; -+ -+ /* Extra padding: tag appended to record */ -+ return EVP_GCM_TLS_TAG_LEN; -+ } -+ case EVP_CTRL_GCM_SET_IV_INV: -+ { -+ if (ctx->encrypt) -+ return 0; -+ memcpy(state->iv + state->ivlen - arg, ptr, arg); -+ return 1; -+ } -+ case EVP_CTRL_GCM_IV_GEN: -+ if (arg <= 0 || arg > state->ivlen) -+ arg = state->ivlen; -+ memcpy(ptr, state->iv + state->ivlen - arg, arg); -+ return 1; -+ default: -+ return -1; -+ } -+} - /* - * libcrypto EVP stuff - this is how we get wired to EVP so the engine - * gets called when libcrypto requests a cipher NID. -@@ -901,6 +1108,23 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = { - cryptodev_cbc_hmac_sha1_ctrl, - NULL - }; -+ -+const EVP_CIPHER cryptodev_aes_128_gcm = { -+ NID_aes_128_gcm, -+ 1, 16, 12, -+ EVP_CIPH_GCM_MODE | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1 \ -+ | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ -+ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT, -+ cryptodev_init_gcm_key, -+ cryptodev_gcm_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_gcm_ctrl, -+ NULL -+}; -+ - /* - * Registered by the ENGINE when used to find out how to deal with - * a particular NID in the ENGINE. this says what we'll do at the -@@ -944,6 +1168,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - case NID_aes_256_cbc_hmac_sha1: - *cipher = &cryptodev_aes_256_cbc_hmac_sha1; - break; -+ case NID_aes_128_gcm: -+ *cipher = &cryptodev_aes_128_gcm; -+ break; - default: - *cipher = NULL; - break; --- -2.3.5 - diff --git a/recipes-connectivity/openssl/openssl-fsl/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch b/recipes-connectivity/openssl/openssl-fsl/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch deleted file mode 100644 index 1118a6f..0000000 --- a/recipes-connectivity/openssl/openssl-fsl/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch +++ /dev/null @@ -1,193 +0,0 @@ -From 21e3ca4ec77f9258aa4001f07faac1c4942b48b4 Mon Sep 17 00:00:00 2001 -From: Tudor Ambarus -Date: Fri, 9 May 2014 17:54:06 +0300 -Subject: [PATCH 18/26] eng_cryptodev: extend TLS offload with - 3des_cbc_hmac_sha1 - -Both obj_mac.h and obj_dat.h were generated using the scripts -from crypto/objects: - -$ cd crypto/objects -$ perl objects.pl objects.txt obj_mac.num obj_mac.h -$ perl obj_dat.pl obj_mac.h obj_dat.h - -Change-Id: I94f13cdd09df67e33e6acd3c00aab47cb358ac46 -Signed-off-by: Tudor Ambarus -Signed-off-by: Cristian Stoica -Reviewed-on: http://git.am.freescale.net:8181/34001 ---- - crypto/engine/eng_cryptodev.c | 24 ++++++++++++++++++++++++ - crypto/objects/obj_dat.h | 10 +++++++--- - crypto/objects/obj_mac.h | 4 ++++ - crypto/objects/obj_mac.num | 1 + - crypto/objects/objects.txt | 1 + - ssl/ssl_ciph.c | 4 ++++ - 6 files changed, 41 insertions(+), 3 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 79b2678..299e84b 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -135,6 +135,7 @@ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, - void ENGINE_load_cryptodev(void); - const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; - const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; -+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1; - - inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) - { -@@ -252,6 +253,7 @@ static struct { - { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, 0}, - { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0}, - { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0}, -+ { CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20}, - { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20}, - { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20}, - { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0}, -@@ -466,6 +468,9 @@ cryptodev_usable_ciphers(const int **nids) - case NID_aes_256_cbc_hmac_sha1: - EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); - break; -+ case NID_des_ede3_cbc_hmac_sha1: -+ EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1); -+ break; - } - } - return count; -@@ -571,6 +576,7 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - switch (ctx->cipher->nid) { - case NID_aes_128_cbc_hmac_sha1: - case NID_aes_256_cbc_hmac_sha1: -+ case NID_des_ede3_cbc_hmac_sha1: - cryp.flags = COP_FLAG_AEAD_TLS_TYPE; - } - cryp.ses = sess->ses; -@@ -763,6 +769,7 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - switch (ctx->cipher->nid) { - case NID_aes_128_cbc_hmac_sha1: - case NID_aes_256_cbc_hmac_sha1: -+ case NID_des_ede3_cbc_hmac_sha1: - maclen = SHA_DIGEST_LENGTH; - } - -@@ -1082,6 +1089,20 @@ const EVP_CIPHER cryptodev_aes_256_cbc = { - NULL - }; - -+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1 = { -+ NID_des_ede3_cbc_hmac_sha1, -+ 8, 24, 8, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, -+ cryptodev_init_aead_key, -+ cryptodev_aead_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_cbc_hmac_sha1_ctrl, -+ NULL -+}; -+ - const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = { - NID_aes_128_cbc_hmac_sha1, - 16, 16, 16, -@@ -1163,6 +1184,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - case NID_aes_256_cbc: - *cipher = &cryptodev_aes_256_cbc; - break; -+ case NID_des_ede3_cbc_hmac_sha1: -+ *cipher = &cryptodev_3des_cbc_hmac_sha1; -+ break; - case NID_aes_128_cbc_hmac_sha1: - *cipher = &cryptodev_aes_128_cbc_hmac_sha1; - break; -diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h -index bc69665..9f2267a 100644 ---- a/crypto/objects/obj_dat.h -+++ b/crypto/objects/obj_dat.h -@@ -62,9 +62,9 @@ - * [including the GNU Public Licence.] - */ - --#define NUM_NID 920 --#define NUM_SN 913 --#define NUM_LN 913 -+#define NUM_NID 921 -+#define NUM_SN 914 -+#define NUM_LN 914 - #define NUM_OBJ 857 - - static const unsigned char lvalues[5974]={ -@@ -2399,6 +2399,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ - {"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1", - NID_aes_256_cbc_hmac_sha1,0,NULL,0}, - {"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0}, -+{"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1", -+ NID_des_ede3_cbc_hmac_sha1,0,NULL,0}, - }; - - static const unsigned int sn_objs[NUM_SN]={ -@@ -2474,6 +2476,7 @@ static const unsigned int sn_objs[NUM_SN]={ - 62, /* "DES-EDE-OFB" */ - 33, /* "DES-EDE3" */ - 44, /* "DES-EDE3-CBC" */ -+920, /* "DES-EDE3-CBC-HMAC-SHA1" */ - 61, /* "DES-EDE3-CFB" */ - 658, /* "DES-EDE3-CFB1" */ - 659, /* "DES-EDE3-CFB8" */ -@@ -3585,6 +3588,7 @@ static const unsigned int ln_objs[NUM_LN]={ - 62, /* "des-ede-ofb" */ - 33, /* "des-ede3" */ - 44, /* "des-ede3-cbc" */ -+920, /* "des-ede3-cbc-hmac-sha1" */ - 61, /* "des-ede3-cfb" */ - 658, /* "des-ede3-cfb1" */ - 659, /* "des-ede3-cfb8" */ -diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h -index b5ea7cd..8751902 100644 ---- a/crypto/objects/obj_mac.h -+++ b/crypto/objects/obj_mac.h -@@ -4030,3 +4030,7 @@ - #define LN_aes_256_cbc_hmac_sha1 "aes-256-cbc-hmac-sha1" - #define NID_aes_256_cbc_hmac_sha1 918 - -+#define SN_des_ede3_cbc_hmac_sha1 "DES-EDE3-CBC-HMAC-SHA1" -+#define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1" -+#define NID_des_ede3_cbc_hmac_sha1 920 -+ -diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num -index 1d0a7c8..9d44bb5 100644 ---- a/crypto/objects/obj_mac.num -+++ b/crypto/objects/obj_mac.num -@@ -917,3 +917,4 @@ aes_128_cbc_hmac_sha1 916 - aes_192_cbc_hmac_sha1 917 - aes_256_cbc_hmac_sha1 918 - rsaesOaep 919 -+des_ede3_cbc_hmac_sha1 920 -diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt -index d3bfad7..90d2fc5 100644 ---- a/crypto/objects/objects.txt -+++ b/crypto/objects/objects.txt -@@ -1290,3 +1290,4 @@ kisa 1 6 : SEED-OFB : seed-ofb - : AES-128-CBC-HMAC-SHA1 : aes-128-cbc-hmac-sha1 - : AES-192-CBC-HMAC-SHA1 : aes-192-cbc-hmac-sha1 - : AES-256-CBC-HMAC-SHA1 : aes-256-cbc-hmac-sha1 -+ : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1 -diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index 8188ff5..310fe76 100644 ---- a/ssl/ssl_ciph.c -+++ b/ssl/ssl_ciph.c -@@ -639,6 +639,10 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, - c->algorithm_mac == SSL_SHA1 && - (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) - *enc = evp, *md = NULL; -+ else if (c->algorithm_enc == SSL_3DES && -+ c->algorithm_mac == SSL_SHA1 && -+ (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1"))) -+ *enc = evp, *md = NULL; - return(1); - } - else --- -2.3.5 - diff --git a/recipes-connectivity/openssl/openssl-fsl/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch b/recipes-connectivity/openssl/openssl-fsl/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch deleted file mode 100644 index 988d79e..0000000 --- a/recipes-connectivity/openssl/openssl-fsl/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch +++ /dev/null @@ -1,355 +0,0 @@ -From 1de2b740a3bdcd8e98abb5f4e176d46fd817b932 Mon Sep 17 00:00:00 2001 -From: Tudor Ambarus -Date: Tue, 31 Mar 2015 16:30:17 +0300 -Subject: [PATCH 19/26] eng_cryptodev: add support for TLSv1.1 record offload - -Supported cipher suites: -- 3des-ede-cbc-sha -- aes-128-cbc-hmac-sha -- aes-256-cbc-hmac-sha - -Requires TLS patches on cryptodev and TLS algorithm support in Linux -kernel driver. - -Signed-off-by: Tudor Ambarus -Change-Id: Id414f36a528de3f476b72688cf85714787d7ccae -Reviewed-on: http://git.am.freescale.net:8181/34002 -Reviewed-by: Cristian Stoica -Tested-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 101 ++++++++++++++++++++++++++++++++++++++---- - crypto/objects/obj_dat.h | 18 ++++++-- - crypto/objects/obj_mac.h | 12 +++++ - crypto/objects/obj_mac.num | 3 ++ - crypto/objects/objects.txt | 3 ++ - ssl/ssl_ciph.c | 26 +++++++++-- - 6 files changed, 148 insertions(+), 15 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 299e84b..f71ab27 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -66,6 +66,7 @@ ENGINE_load_cryptodev(void) - #include - #include - #include -+#include - #include - #include - #include -@@ -133,9 +134,12 @@ static int cryptodev_dh_compute_key(unsigned char *key, - static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, - void (*f)(void)); - void ENGINE_load_cryptodev(void); -+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1; - const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; - const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; --const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1; -+const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1; -+const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1; -+const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1; - - inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) - { -@@ -256,6 +260,9 @@ static struct { - { CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20}, - { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20}, - { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20}, -+ { CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8, 24, 20}, -+ { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16, 20}, -+ { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32, 20}, - { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0}, - { 0, NID_undef, 0, 0, 0}, - }; -@@ -462,14 +469,23 @@ cryptodev_usable_ciphers(const int **nids) - /* add ciphers specific to cryptodev if found in kernel */ - for(i = 0; i < count; i++) { - switch (*(*nids + i)) { -+ case NID_des_ede3_cbc_hmac_sha1: -+ EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1); -+ break; - case NID_aes_128_cbc_hmac_sha1: - EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); - break; - case NID_aes_256_cbc_hmac_sha1: - EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); - break; -- case NID_des_ede3_cbc_hmac_sha1: -- EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1); -+ case NID_tls11_des_ede3_cbc_hmac_sha1: -+ EVP_add_cipher(&cryptodev_tls11_3des_cbc_hmac_sha1); -+ break; -+ case NID_tls11_aes_128_cbc_hmac_sha1: -+ EVP_add_cipher(&cryptodev_tls11_aes_128_cbc_hmac_sha1); -+ break; -+ case NID_tls11_aes_256_cbc_hmac_sha1: -+ EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1); - break; - } - } -@@ -574,9 +590,12 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - - /* TODO: make a seamless integration with cryptodev flags */ - switch (ctx->cipher->nid) { -+ case NID_des_ede3_cbc_hmac_sha1: - case NID_aes_128_cbc_hmac_sha1: - case NID_aes_256_cbc_hmac_sha1: -- case NID_des_ede3_cbc_hmac_sha1: -+ case NID_tls11_des_ede3_cbc_hmac_sha1: -+ case NID_tls11_aes_128_cbc_hmac_sha1: -+ case NID_tls11_aes_256_cbc_hmac_sha1: - cryp.flags = COP_FLAG_AEAD_TLS_TYPE; - } - cryp.ses = sess->ses; -@@ -758,8 +777,9 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - struct dev_crypto_state *state = ctx->cipher_data; - unsigned char *p = ptr; - unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1]; -- unsigned int maclen, padlen; -+ unsigned int maclen, padlen, len; - unsigned int bs = ctx->cipher->block_size; -+ bool aad_needs_fix = false; - - state->aad = ptr; - state->aad_len = arg; -@@ -767,10 +787,24 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - - /* TODO: this should be an extension of EVP_CIPHER struct */ - switch (ctx->cipher->nid) { -+ case NID_des_ede3_cbc_hmac_sha1: - case NID_aes_128_cbc_hmac_sha1: - case NID_aes_256_cbc_hmac_sha1: -- case NID_des_ede3_cbc_hmac_sha1: - maclen = SHA_DIGEST_LENGTH; -+ break; -+ case NID_tls11_des_ede3_cbc_hmac_sha1: -+ case NID_tls11_aes_128_cbc_hmac_sha1: -+ case NID_tls11_aes_256_cbc_hmac_sha1: -+ maclen = SHA_DIGEST_LENGTH; -+ aad_needs_fix = true; -+ break; -+ } -+ -+ /* Correct length for AAD Length field */ -+ if (ctx->encrypt && aad_needs_fix) { -+ len = cryptlen - bs; -+ p[arg-2] = len >> 8; -+ p[arg-1] = len & 0xff; - } - - /* space required for encryption (not only TLS padding) */ -@@ -1131,6 +1165,48 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = { - NULL - }; - -+const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1 = { -+ NID_tls11_des_ede3_cbc_hmac_sha1, -+ 8, 24, 8, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, -+ cryptodev_init_aead_key, -+ cryptodev_aead_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_cbc_hmac_sha1_ctrl, -+ NULL -+}; -+ -+const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1 = { -+ NID_tls11_aes_128_cbc_hmac_sha1, -+ 16, 16, 16, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, -+ cryptodev_init_aead_key, -+ cryptodev_aead_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_cbc_hmac_sha1_ctrl, -+ NULL -+}; -+ -+const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = { -+ NID_tls11_aes_256_cbc_hmac_sha1, -+ 16, 32, 16, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, -+ cryptodev_init_aead_key, -+ cryptodev_aead_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_cbc_hmac_sha1_ctrl, -+ NULL -+}; -+ - const EVP_CIPHER cryptodev_aes_128_gcm = { - NID_aes_128_gcm, - 1, 16, 12, -@@ -1184,6 +1260,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - case NID_aes_256_cbc: - *cipher = &cryptodev_aes_256_cbc; - break; -+ case NID_aes_128_gcm: -+ *cipher = &cryptodev_aes_128_gcm; -+ break; - case NID_des_ede3_cbc_hmac_sha1: - *cipher = &cryptodev_3des_cbc_hmac_sha1; - break; -@@ -1193,8 +1272,14 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - case NID_aes_256_cbc_hmac_sha1: - *cipher = &cryptodev_aes_256_cbc_hmac_sha1; - break; -- case NID_aes_128_gcm: -- *cipher = &cryptodev_aes_128_gcm; -+ case NID_tls11_des_ede3_cbc_hmac_sha1: -+ *cipher = &cryptodev_tls11_3des_cbc_hmac_sha1; -+ break; -+ case NID_tls11_aes_128_cbc_hmac_sha1: -+ *cipher = &cryptodev_tls11_aes_128_cbc_hmac_sha1; -+ break; -+ case NID_tls11_aes_256_cbc_hmac_sha1: -+ *cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1; - break; - default: - *cipher = NULL; -diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h -index 9f2267a..dc89b0a 100644 ---- a/crypto/objects/obj_dat.h -+++ b/crypto/objects/obj_dat.h -@@ -62,9 +62,9 @@ - * [including the GNU Public Licence.] - */ - --#define NUM_NID 921 --#define NUM_SN 914 --#define NUM_LN 914 -+#define NUM_NID 924 -+#define NUM_SN 917 -+#define NUM_LN 917 - #define NUM_OBJ 857 - - static const unsigned char lvalues[5974]={ -@@ -2401,6 +2401,12 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ - {"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0}, - {"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1", - NID_des_ede3_cbc_hmac_sha1,0,NULL,0}, -+{"TLS11-DES-EDE3-CBC-HMAC-SHA1","tls11-des-ede3-cbc-hmac-sha1", -+ NID_tls11_des_ede3_cbc_hmac_sha1,0,NULL,0}, -+{"TLS11-AES-128-CBC-HMAC-SHA1","tls11-aes-128-cbc-hmac-sha1", -+ NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0}, -+{"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1", -+ NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0}, - }; - - static const unsigned int sn_objs[NUM_SN]={ -@@ -2586,6 +2592,9 @@ static const unsigned int sn_objs[NUM_SN]={ - 100, /* "SN" */ - 16, /* "ST" */ - 143, /* "SXNetID" */ -+922, /* "TLS11-AES-128-CBC-HMAC-SHA1" */ -+923, /* "TLS11-AES-256-CBC-HMAC-SHA1" */ -+921, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */ - 458, /* "UID" */ - 0, /* "UNDEF" */ - 11, /* "X500" */ -@@ -4205,6 +4214,9 @@ static const unsigned int ln_objs[NUM_LN]={ - 459, /* "textEncodedORAddress" */ - 293, /* "textNotice" */ - 106, /* "title" */ -+922, /* "tls11-aes-128-cbc-hmac-sha1" */ -+923, /* "tls11-aes-256-cbc-hmac-sha1" */ -+921, /* "tls11-des-ede3-cbc-hmac-sha1" */ - 682, /* "tpBasis" */ - 436, /* "ucl" */ - 0, /* "undefined" */ -diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h -index 8751902..f181890 100644 ---- a/crypto/objects/obj_mac.h -+++ b/crypto/objects/obj_mac.h -@@ -4034,3 +4034,15 @@ - #define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1" - #define NID_des_ede3_cbc_hmac_sha1 920 - -+#define SN_tls11_des_ede3_cbc_hmac_sha1 "TLS11-DES-EDE3-CBC-HMAC-SHA1" -+#define LN_tls11_des_ede3_cbc_hmac_sha1 "tls11-des-ede3-cbc-hmac-sha1" -+#define NID_tls11_des_ede3_cbc_hmac_sha1 921 -+ -+#define SN_tls11_aes_128_cbc_hmac_sha1 "TLS11-AES-128-CBC-HMAC-SHA1" -+#define LN_tls11_aes_128_cbc_hmac_sha1 "tls11-aes-128-cbc-hmac-sha1" -+#define NID_tls11_aes_128_cbc_hmac_sha1 922 -+ -+#define SN_tls11_aes_256_cbc_hmac_sha1 "TLS11-AES-256-CBC-HMAC-SHA1" -+#define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1" -+#define NID_tls11_aes_256_cbc_hmac_sha1 923 -+ -diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num -index 9d44bb5..a02b58c 100644 ---- a/crypto/objects/obj_mac.num -+++ b/crypto/objects/obj_mac.num -@@ -918,3 +918,6 @@ aes_192_cbc_hmac_sha1 917 - aes_256_cbc_hmac_sha1 918 - rsaesOaep 919 - des_ede3_cbc_hmac_sha1 920 -+tls11_des_ede3_cbc_hmac_sha1 921 -+tls11_aes_128_cbc_hmac_sha1 922 -+tls11_aes_256_cbc_hmac_sha1 923 -diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt -index 90d2fc5..1973658 100644 ---- a/crypto/objects/objects.txt -+++ b/crypto/objects/objects.txt -@@ -1291,3 +1291,6 @@ kisa 1 6 : SEED-OFB : seed-ofb - : AES-192-CBC-HMAC-SHA1 : aes-192-cbc-hmac-sha1 - : AES-256-CBC-HMAC-SHA1 : aes-256-cbc-hmac-sha1 - : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1 -+ : TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1 -+ : TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1 -+ : TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1 -diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index 310fe76..0408986 100644 ---- a/ssl/ssl_ciph.c -+++ b/ssl/ssl_ciph.c -@@ -631,17 +631,35 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, - c->algorithm_mac == SSL_MD5 && - (evp=EVP_get_cipherbyname("RC4-HMAC-MD5"))) - *enc = evp, *md = NULL; -- else if (c->algorithm_enc == SSL_AES128 && -+ else if (s->ssl_version == TLS1_VERSION && -+ c->algorithm_enc == SSL_3DES && -+ c->algorithm_mac == SSL_SHA1 && -+ (evp=EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1"))) -+ *enc = evp, *md = NULL; -+ else if (s->ssl_version == TLS1_VERSION && -+ c->algorithm_enc == SSL_AES128 && - c->algorithm_mac == SSL_SHA1 && - (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) - *enc = evp, *md = NULL; -- else if (c->algorithm_enc == SSL_AES256 && -+ else if (s->ssl_version == TLS1_VERSION && -+ c->algorithm_enc == SSL_AES256 && - c->algorithm_mac == SSL_SHA1 && - (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) - *enc = evp, *md = NULL; -- else if (c->algorithm_enc == SSL_3DES && -+ else if (s->ssl_version == TLS1_1_VERSION && -+ c->algorithm_enc == SSL_3DES && -+ c->algorithm_mac == SSL_SHA1 && -+ (evp=EVP_get_cipherbyname("TLS11-DES-EDE3-CBC-HMAC-SHA1"))) -+ *enc = evp, *md = NULL; -+ else if (s->ssl_version == TLS1_1_VERSION && -+ c->algorithm_enc == SSL_AES128 && -+ c->algorithm_mac == SSL_SHA1 && -+ (evp=EVP_get_cipherbyname("TLS11-AES-128-CBC-HMAC-SHA1"))) -+ *enc = evp, *md = NULL; -+ else if (s->ssl_version == TLS1_1_VERSION && -+ c->algorithm_enc == SSL_AES256 && - c->algorithm_mac == SSL_SHA1 && -- (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1"))) -+ (evp=EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1"))) - *enc = evp, *md = NULL; - return(1); - } --- -2.3.5 - diff --git a/recipes-connectivity/openssl/openssl-fsl/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch b/recipes-connectivity/openssl/openssl-fsl/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch deleted file mode 100644 index 7370c49..0000000 --- a/recipes-connectivity/openssl/openssl-fsl/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch +++ /dev/null @@ -1,359 +0,0 @@ -From a58703e6601fcfcfe69fdb3e7152ed76b40d67e9 Mon Sep 17 00:00:00 2001 -From: Tudor Ambarus -Date: Tue, 31 Mar 2015 16:32:35 +0300 -Subject: [PATCH 20/26] eng_cryptodev: add support for TLSv1.2 record offload - -Supported cipher suites: -- 3des-ede-cbc-sha -- aes-128-cbc-hmac-sha -- aes-256-cbc-hmac-sha -- aes-128-cbc-hmac-sha256 -- aes-256-cbc-hmac-sha256 - -Requires TLS patches on cryptodev and TLS algorithm support in Linux -kernel driver. - -Signed-off-by: Tudor Ambarus -Change-Id: I0ac6953dd62e2655a59d8f3eaefd012b7ecebf55 -Reviewed-on: http://git.am.freescale.net:8181/34003 -Reviewed-by: Cristian Stoica -Tested-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 123 ++++++++++++++++++++++++++++++++++++++++++ - crypto/objects/obj_dat.h | 26 +++++++-- - crypto/objects/obj_mac.h | 20 +++++++ - crypto/objects/obj_mac.num | 5 ++ - crypto/objects/objects.txt | 5 ++ - ssl/ssl_ciph.c | 25 +++++++++ - 6 files changed, 201 insertions(+), 3 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index f71ab27..fa5fe1b 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -140,6 +140,11 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; - const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1; - const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1; - const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1; -+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1; -+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1; -+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1; -+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256; -+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256; - - inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) - { -@@ -263,6 +268,11 @@ static struct { - { CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8, 24, 20}, - { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16, 20}, - { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32, 20}, -+ { CRYPTO_TLS12_3DES_CBC_HMAC_SHA1, NID_tls12_des_ede3_cbc_hmac_sha1, 8, 24, 20}, -+ { CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_128_cbc_hmac_sha1, 16, 16, 20}, -+ { CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_256_cbc_hmac_sha1, 16, 32, 20}, -+ { CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_128_cbc_hmac_sha256, 16, 16, 32}, -+ { CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_256_cbc_hmac_sha256, 16, 32, 32}, - { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0}, - { 0, NID_undef, 0, 0, 0}, - }; -@@ -487,6 +497,21 @@ cryptodev_usable_ciphers(const int **nids) - case NID_tls11_aes_256_cbc_hmac_sha1: - EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1); - break; -+ case NID_tls12_des_ede3_cbc_hmac_sha1: -+ EVP_add_cipher(&cryptodev_tls12_3des_cbc_hmac_sha1); -+ break; -+ case NID_tls12_aes_128_cbc_hmac_sha1: -+ EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha1); -+ break; -+ case NID_tls12_aes_256_cbc_hmac_sha1: -+ EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha1); -+ break; -+ case NID_tls12_aes_128_cbc_hmac_sha256: -+ EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha256); -+ break; -+ case NID_tls12_aes_256_cbc_hmac_sha256: -+ EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha256); -+ break; - } - } - return count; -@@ -596,6 +621,11 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - case NID_tls11_des_ede3_cbc_hmac_sha1: - case NID_tls11_aes_128_cbc_hmac_sha1: - case NID_tls11_aes_256_cbc_hmac_sha1: -+ case NID_tls12_des_ede3_cbc_hmac_sha1: -+ case NID_tls12_aes_128_cbc_hmac_sha1: -+ case NID_tls12_aes_256_cbc_hmac_sha1: -+ case NID_tls12_aes_128_cbc_hmac_sha256: -+ case NID_tls12_aes_256_cbc_hmac_sha256: - cryp.flags = COP_FLAG_AEAD_TLS_TYPE; - } - cryp.ses = sess->ses; -@@ -795,9 +825,17 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - case NID_tls11_des_ede3_cbc_hmac_sha1: - case NID_tls11_aes_128_cbc_hmac_sha1: - case NID_tls11_aes_256_cbc_hmac_sha1: -+ case NID_tls12_des_ede3_cbc_hmac_sha1: -+ case NID_tls12_aes_128_cbc_hmac_sha1: -+ case NID_tls12_aes_256_cbc_hmac_sha1: - maclen = SHA_DIGEST_LENGTH; - aad_needs_fix = true; - break; -+ case NID_tls12_aes_128_cbc_hmac_sha256: -+ case NID_tls12_aes_256_cbc_hmac_sha256: -+ maclen = SHA256_DIGEST_LENGTH; -+ aad_needs_fix = true; -+ break; - } - - /* Correct length for AAD Length field */ -@@ -1207,6 +1245,76 @@ const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = { - NULL - }; - -+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1 = { -+ NID_tls12_des_ede3_cbc_hmac_sha1, -+ 8, 24, 8, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, -+ cryptodev_init_aead_key, -+ cryptodev_aead_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_cbc_hmac_sha1_ctrl, -+ NULL -+}; -+ -+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1 = { -+ NID_tls12_aes_128_cbc_hmac_sha1, -+ 16, 16, 16, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, -+ cryptodev_init_aead_key, -+ cryptodev_aead_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_cbc_hmac_sha1_ctrl, -+ NULL -+}; -+ -+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1 = { -+ NID_tls12_aes_256_cbc_hmac_sha1, -+ 16, 32, 16, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, -+ cryptodev_init_aead_key, -+ cryptodev_aead_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_cbc_hmac_sha1_ctrl, -+ NULL -+}; -+ -+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256 = { -+ NID_tls12_aes_128_cbc_hmac_sha256, -+ 16, 16, 16, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, -+ cryptodev_init_aead_key, -+ cryptodev_aead_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_cbc_hmac_sha1_ctrl, -+ NULL -+}; -+ -+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256 = { -+ NID_tls12_aes_256_cbc_hmac_sha256, -+ 16, 32, 16, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, -+ cryptodev_init_aead_key, -+ cryptodev_aead_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_cbc_hmac_sha1_ctrl, -+ NULL -+}; -+ - const EVP_CIPHER cryptodev_aes_128_gcm = { - NID_aes_128_gcm, - 1, 16, 12, -@@ -1281,6 +1389,21 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - case NID_tls11_aes_256_cbc_hmac_sha1: - *cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1; - break; -+ case NID_tls12_des_ede3_cbc_hmac_sha1: -+ *cipher = &cryptodev_tls12_3des_cbc_hmac_sha1; -+ break; -+ case NID_tls12_aes_128_cbc_hmac_sha1: -+ *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha1; -+ break; -+ case NID_tls12_aes_256_cbc_hmac_sha1: -+ *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha1; -+ break; -+ case NID_tls12_aes_128_cbc_hmac_sha256: -+ *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha256; -+ break; -+ case NID_tls12_aes_256_cbc_hmac_sha256: -+ *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha256; -+ break; - default: - *cipher = NULL; - break; -diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h -index dc89b0a..dfe19da 100644 ---- a/crypto/objects/obj_dat.h -+++ b/crypto/objects/obj_dat.h -@@ -62,9 +62,9 @@ - * [including the GNU Public Licence.] - */ - --#define NUM_NID 924 --#define NUM_SN 917 --#define NUM_LN 917 -+#define NUM_NID 929 -+#define NUM_SN 922 -+#define NUM_LN 922 - #define NUM_OBJ 857 - - static const unsigned char lvalues[5974]={ -@@ -2407,6 +2407,16 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ - NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0}, - {"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1", - NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0}, -+{"TLS12-DES-EDE3-CBC-HMAC-SHA1","tls12-des-ede3-cbc-hmac-sha1", -+ NID_tls12_des_ede3_cbc_hmac_sha1,0,NULL,0}, -+{"TLS12-AES-128-CBC-HMAC-SHA1","tls12-aes-128-cbc-hmac-sha1", -+ NID_tls12_aes_128_cbc_hmac_sha1,0,NULL,0}, -+{"TLS12-AES-256-CBC-HMAC-SHA1","tls12-aes-256-cbc-hmac-sha1", -+ NID_tls12_aes_256_cbc_hmac_sha1,0,NULL,0}, -+{"TLS12-AES-128-CBC-HMAC-SHA256","tls12-aes-128-cbc-hmac-sha256", -+ NID_tls12_aes_128_cbc_hmac_sha256,0,NULL,0}, -+{"TLS12-AES-256-CBC-HMAC-SHA256","tls12-aes-256-cbc-hmac-sha256", -+ NID_tls12_aes_256_cbc_hmac_sha256,0,NULL,0}, - }; - - static const unsigned int sn_objs[NUM_SN]={ -@@ -2595,6 +2605,11 @@ static const unsigned int sn_objs[NUM_SN]={ - 922, /* "TLS11-AES-128-CBC-HMAC-SHA1" */ - 923, /* "TLS11-AES-256-CBC-HMAC-SHA1" */ - 921, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */ -+925, /* "TLS12-AES-128-CBC-HMAC-SHA1" */ -+927, /* "TLS12-AES-128-CBC-HMAC-SHA256" */ -+926, /* "TLS12-AES-256-CBC-HMAC-SHA1" */ -+928, /* "TLS12-AES-256-CBC-HMAC-SHA256" */ -+924, /* "TLS12-DES-EDE3-CBC-HMAC-SHA1" */ - 458, /* "UID" */ - 0, /* "UNDEF" */ - 11, /* "X500" */ -@@ -4217,6 +4232,11 @@ static const unsigned int ln_objs[NUM_LN]={ - 922, /* "tls11-aes-128-cbc-hmac-sha1" */ - 923, /* "tls11-aes-256-cbc-hmac-sha1" */ - 921, /* "tls11-des-ede3-cbc-hmac-sha1" */ -+925, /* "tls12-aes-128-cbc-hmac-sha1" */ -+927, /* "tls12-aes-128-cbc-hmac-sha256" */ -+926, /* "tls12-aes-256-cbc-hmac-sha1" */ -+928, /* "tls12-aes-256-cbc-hmac-sha256" */ -+924, /* "tls12-des-ede3-cbc-hmac-sha1" */ - 682, /* "tpBasis" */ - 436, /* "ucl" */ - 0, /* "undefined" */ -diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h -index f181890..5af125e 100644 ---- a/crypto/objects/obj_mac.h -+++ b/crypto/objects/obj_mac.h -@@ -4046,3 +4046,23 @@ - #define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1" - #define NID_tls11_aes_256_cbc_hmac_sha1 923 - -+#define SN_tls12_des_ede3_cbc_hmac_sha1 "TLS12-DES-EDE3-CBC-HMAC-SHA1" -+#define LN_tls12_des_ede3_cbc_hmac_sha1 "tls12-des-ede3-cbc-hmac-sha1" -+#define NID_tls12_des_ede3_cbc_hmac_sha1 924 -+ -+#define SN_tls12_aes_128_cbc_hmac_sha1 "TLS12-AES-128-CBC-HMAC-SHA1" -+#define LN_tls12_aes_128_cbc_hmac_sha1 "tls12-aes-128-cbc-hmac-sha1" -+#define NID_tls12_aes_128_cbc_hmac_sha1 925 -+ -+#define SN_tls12_aes_256_cbc_hmac_sha1 "TLS12-AES-256-CBC-HMAC-SHA1" -+#define LN_tls12_aes_256_cbc_hmac_sha1 "tls12-aes-256-cbc-hmac-sha1" -+#define NID_tls12_aes_256_cbc_hmac_sha1 926 -+ -+#define SN_tls12_aes_128_cbc_hmac_sha256 "TLS12-AES-128-CBC-HMAC-SHA256" -+#define LN_tls12_aes_128_cbc_hmac_sha256 "tls12-aes-128-cbc-hmac-sha256" -+#define NID_tls12_aes_128_cbc_hmac_sha256 927 -+ -+#define SN_tls12_aes_256_cbc_hmac_sha256 "TLS12-AES-256-CBC-HMAC-SHA256" -+#define LN_tls12_aes_256_cbc_hmac_sha256 "tls12-aes-256-cbc-hmac-sha256" -+#define NID_tls12_aes_256_cbc_hmac_sha256 928 -+ -diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num -index a02b58c..deeba3a 100644 ---- a/crypto/objects/obj_mac.num -+++ b/crypto/objects/obj_mac.num -@@ -921,3 +921,8 @@ des_ede3_cbc_hmac_sha1 920 - tls11_des_ede3_cbc_hmac_sha1 921 - tls11_aes_128_cbc_hmac_sha1 922 - tls11_aes_256_cbc_hmac_sha1 923 -+tls12_des_ede3_cbc_hmac_sha1 924 -+tls12_aes_128_cbc_hmac_sha1 925 -+tls12_aes_256_cbc_hmac_sha1 926 -+tls12_aes_128_cbc_hmac_sha256 927 -+tls12_aes_256_cbc_hmac_sha256 928 -diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt -index 1973658..6e4ac93 100644 ---- a/crypto/objects/objects.txt -+++ b/crypto/objects/objects.txt -@@ -1294,3 +1294,8 @@ kisa 1 6 : SEED-OFB : seed-ofb - : TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1 - : TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1 - : TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1 -+ : TLS12-DES-EDE3-CBC-HMAC-SHA1 : tls12-des-ede3-cbc-hmac-sha1 -+ : TLS12-AES-128-CBC-HMAC-SHA1 : tls12-aes-128-cbc-hmac-sha1 -+ : TLS12-AES-256-CBC-HMAC-SHA1 : tls12-aes-256-cbc-hmac-sha1 -+ : TLS12-AES-128-CBC-HMAC-SHA256 : tls12-aes-128-cbc-hmac-sha256 -+ : TLS12-AES-256-CBC-HMAC-SHA256 : tls12-aes-256-cbc-hmac-sha256 -diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index 0408986..77a82f6 100644 ---- a/ssl/ssl_ciph.c -+++ b/ssl/ssl_ciph.c -@@ -661,6 +661,31 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, - c->algorithm_mac == SSL_SHA1 && - (evp=EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1"))) - *enc = evp, *md = NULL; -+ else if (s->ssl_version == TLS1_2_VERSION && -+ c->algorithm_enc == SSL_3DES && -+ c->algorithm_mac == SSL_SHA1 && -+ (evp=EVP_get_cipherbyname("TLS12-DES-EDE3-CBC-HMAC-SHA1"))) -+ *enc = evp, *md = NULL; -+ else if (s->ssl_version == TLS1_2_VERSION && -+ c->algorithm_enc == SSL_AES128 && -+ c->algorithm_mac == SSL_SHA1 && -+ (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA1"))) -+ *enc = evp, *md = NULL; -+ else if (s->ssl_version == TLS1_2_VERSION && -+ c->algorithm_enc == SSL_AES256 && -+ c->algorithm_mac == SSL_SHA1 && -+ (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA1"))) -+ *enc = evp, *md = NULL; -+ else if (s->ssl_version == TLS1_2_VERSION && -+ c->algorithm_enc == SSL_AES128 && -+ c->algorithm_mac == SSL_SHA256 && -+ (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA256"))) -+ *enc = evp, *md = NULL; -+ else if (s->ssl_version == TLS1_2_VERSION && -+ c->algorithm_enc == SSL_AES256 && -+ c->algorithm_mac == SSL_SHA256 && -+ (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA256"))) -+ *enc = evp, *md = NULL; - return(1); - } - else --- -2.3.5 - diff --git a/recipes-connectivity/openssl/openssl-fsl/0021-cryptodev-drop-redundant-function.patch b/recipes-connectivity/openssl/openssl-fsl/0021-cryptodev-drop-redundant-function.patch deleted file mode 100644 index 16cc688..0000000 --- a/recipes-connectivity/openssl/openssl-fsl/0021-cryptodev-drop-redundant-function.patch +++ /dev/null @@ -1,75 +0,0 @@ -From ea4abc255c6c5feec01cb1e30c6082cfe47860e2 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Thu, 19 Feb 2015 16:11:53 +0200 -Subject: [PATCH 21/26] cryptodev: drop redundant function - -get_dev_crypto already caches the result. Another cache in-between is -useless. - -Change-Id: Ibd162529d3fb7a561a17f1a707d5d287c1586a3a -Signed-off-by: Cristian Stoica -Reviewed-on: http://git.am.freescale.net:8181/34216 ---- - crypto/engine/eng_cryptodev.c | 18 +++--------------- - 1 file changed, 3 insertions(+), 15 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index fa5fe1b..1ab5551 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -96,7 +96,6 @@ struct dev_crypto_state { - - static u_int32_t cryptodev_asymfeat = 0; - --static int get_asym_dev_crypto(void); - static int open_dev_crypto(void); - static int get_dev_crypto(void); - static int get_cryptodev_ciphers(const int **cnids); -@@ -357,17 +356,6 @@ static void put_dev_crypto(int fd) - #endif - } - --/* Caching version for asym operations */ --static int --get_asym_dev_crypto(void) --{ -- static int fd = -1; -- -- if (fd == -1) -- fd = get_dev_crypto(); -- return fd; --} -- - /* - * Find out what ciphers /dev/crypto will let us have a session for. - * XXX note, that some of these openssl doesn't deal with yet! -@@ -1796,7 +1784,7 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) - { - int fd, ret = -1; - -- if ((fd = get_asym_dev_crypto()) < 0) -+ if ((fd = get_dev_crypto()) < 0) - return (ret); - - if (r) { -@@ -2374,7 +2362,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) - int p_len, q_len; - int i; - -- if ((fd = get_asym_dev_crypto()) < 0) -+ if ((fd = get_dev_crypto()) < 0) - goto sw_try; - - if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err; -@@ -3928,7 +3916,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) - BIGNUM *temp = NULL; - unsigned char *padded_pub_key = NULL, *p = NULL; - -- if ((fd = get_asym_dev_crypto()) < 0) -+ if ((fd = get_dev_crypto()) < 0) - goto sw_try; - - memset(&kop, 0, sizeof kop); --- -2.3.5 - diff --git a/recipes-connectivity/openssl/openssl-fsl/0022-cryptodev-do-not-zero-the-buffer-before-use.patch b/recipes-connectivity/openssl/openssl-fsl/0022-cryptodev-do-not-zero-the-buffer-before-use.patch deleted file mode 100644 index 0b2f0f1..0000000 --- a/recipes-connectivity/openssl/openssl-fsl/0022-cryptodev-do-not-zero-the-buffer-before-use.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 75e3e7d600eb72e7374b1ecf5ece7b831bc98ed8 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Tue, 17 Feb 2015 13:12:53 +0200 -Subject: [PATCH 22/26] cryptodev: do not zero the buffer before use - -- The buffer is just about to be overwritten. Zeroing it before that has - no purpose - -Change-Id: I478c31bd2e254561474a7edf5e37980ca04217ce -Signed-off-by: Cristian Stoica -Reviewed-on: http://git.am.freescale.net:8181/34217 ---- - crypto/engine/eng_cryptodev.c | 13 ++++--------- - 1 file changed, 4 insertions(+), 9 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 1ab5551..dbc5989 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -1681,21 +1681,16 @@ static int - bn2crparam(const BIGNUM *a, struct crparam *crp) - { - ssize_t bytes, bits; -- u_char *b; -- -- crp->crp_p = NULL; -- crp->crp_nbits = 0; - - bits = BN_num_bits(a); - bytes = (bits + 7) / 8; - -- b = malloc(bytes); -- if (b == NULL) -+ crp->crp_nbits = bits; -+ crp->crp_p = malloc(bytes); -+ -+ if (crp->crp_p == NULL) - return (1); -- memset(b, 0, bytes); - -- crp->crp_p = (caddr_t) b; -- crp->crp_nbits = bits; - BN_bn2bin(a, crp->crp_p); - return (0); - } --- -2.3.5 - diff --git a/recipes-connectivity/openssl/openssl-fsl/0023-cryptodev-clean-up-code-layout.patch b/recipes-connectivity/openssl/openssl-fsl/0023-cryptodev-clean-up-code-layout.patch deleted file mode 100644 index 5ff1c5c..0000000 --- a/recipes-connectivity/openssl/openssl-fsl/0023-cryptodev-clean-up-code-layout.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 4453b06b940fc03a0973cfd96f908e46cce61054 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Wed, 18 Feb 2015 10:39:46 +0200 -Subject: [PATCH 23/26] cryptodev: clean-up code layout - -This is just a refactoring that uses else branch to check for malloc failures - -Change-Id: I6dc157af36d6ec51a4edfc82cf97fae2e7e83628 -Signed-off-by: Cristian Stoica -Reviewed-on: http://git.am.freescale.net:8181/34218 ---- - crypto/engine/eng_cryptodev.c | 42 ++++++++++++++++++++---------------------- - 1 file changed, 20 insertions(+), 22 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index dbc5989..dceb4f5 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -1745,30 +1745,28 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, - fd = *(int *)cookie->eng_handle; - - eng_cookie = malloc(sizeof(struct cryptodev_cookie_s)); -- -- if (eng_cookie) { -- memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s)); -- if (r) { -- kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); -- if (!kop->crk_param[kop->crk_iparams].crp_p) -- return -ENOMEM; -- kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; -- kop->crk_oparams++; -- eng_cookie->r = r; -- eng_cookie->r_param = kop->crk_param[kop->crk_iparams]; -- } -- if (s) { -- kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char)); -- if (!kop->crk_param[kop->crk_iparams+1].crp_p) -- return -ENOMEM; -- kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8; -- kop->crk_oparams++; -- eng_cookie->s = s; -- eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1]; -- } -- } else -+ if (!eng_cookie) - return -ENOMEM; - -+ memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s)); -+ if (r) { -+ kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); -+ if (!kop->crk_param[kop->crk_iparams].crp_p) -+ return -ENOMEM; -+ kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; -+ kop->crk_oparams++; -+ eng_cookie->r = r; -+ eng_cookie->r_param = kop->crk_param[kop->crk_iparams]; -+ } -+ if (s) { -+ kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char)); -+ if (!kop->crk_param[kop->crk_iparams+1].crp_p) -+ return -ENOMEM; -+ kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8; -+ kop->crk_oparams++; -+ eng_cookie->s = s; -+ eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1]; -+ } - eng_cookie->kop = kop; - cookie->eng_cookie = eng_cookie; - return ioctl(fd, CIOCASYMASYNCRYPT, kop); --- -2.3.5 - diff --git a/recipes-connectivity/openssl/openssl-fsl/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch b/recipes-connectivity/openssl/openssl-fsl/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch deleted file mode 100644 index e798d3e..0000000 --- a/recipes-connectivity/openssl/openssl-fsl/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch +++ /dev/null @@ -1,100 +0,0 @@ -From a44701abd995b3db80001d0c5d88e9ead05972c1 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Thu, 19 Feb 2015 16:43:29 +0200 -Subject: [PATCH 24/26] cryptodev: do not cache file descriptor in 'open' - -The file descriptor returned by get_dev_crypto is cached after a -successful return. The issue is, it is cached inside 'open_dev_crypto' -which is no longer useful as a general purpose open("/dev/crypto") -function. - -This patch is a refactoring that moves the caching operation from -open_dev_crypto to get_dev_crypto and leaves the former as a simpler -function true to its name - -Change-Id: I980170969410381973ce75f6679a4a1401738847 -Signed-off-by: Cristian Stoica -Reviewed-on: http://git.am.freescale.net:8181/34219 ---- - crypto/engine/eng_cryptodev.c | 50 +++++++++++++++++++++---------------------- - 1 file changed, 24 insertions(+), 26 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index dceb4f5..b74fc7c 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -306,47 +306,45 @@ static void ctr64_inc(unsigned char *counter) { - if (c) return; - } while (n); - } --/* -- * Return a fd if /dev/crypto seems usable, 0 otherwise. -- */ --static int --open_dev_crypto(void) -+ -+static int open_dev_crypto(void) - { -- static int fd = -1; -+ int fd; - -- if (fd == -1) { -- if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) -- return (-1); -- /* close on exec */ -- if (fcntl(fd, F_SETFD, 1) == -1) { -- close(fd); -- fd = -1; -- return (-1); -- } -+ fd = open("/dev/crypto", O_RDWR, 0); -+ if ( fd < 0) -+ return -1; -+ -+ /* close on exec */ -+ if (fcntl(fd, F_SETFD, 1) == -1) { -+ close(fd); -+ return -1; - } -- return (fd); -+ -+ return fd; - } - --static int --get_dev_crypto(void) -+static int get_dev_crypto(void) - { -- int fd, retfd; -+ static int fd = -1; -+ int retfd; - -- if ((fd = open_dev_crypto()) == -1) -- return (-1); --#ifndef CRIOGET_NOT_NEEDED -+ if (fd == -1) -+ fd = open_dev_crypto(); -+#ifdef CRIOGET_NOT_NEEDED -+ return fd; -+#else -+ if (fd == -1) -+ return -1; - if (ioctl(fd, CRIOGET, &retfd) == -1) - return (-1); -- - /* close on exec */ - if (fcntl(retfd, F_SETFD, 1) == -1) { - close(retfd); - return (-1); - } --#else -- retfd = fd; -+ return retfd; - #endif -- return (retfd); - } - - static void put_dev_crypto(int fd) --- -2.3.5 - diff --git a/recipes-connectivity/openssl/openssl-fsl/0025-cryptodev-put_dev_crypto-should-be-an-int.patch b/recipes-connectivity/openssl/openssl-fsl/0025-cryptodev-put_dev_crypto-should-be-an-int.patch deleted file mode 100644 index a48dc6a..0000000 --- a/recipes-connectivity/openssl/openssl-fsl/0025-cryptodev-put_dev_crypto-should-be-an-int.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 84a8007b6e92fe4c2696cc9e330207ee03303a20 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Thu, 19 Feb 2015 13:09:32 +0200 -Subject: [PATCH 25/26] cryptodev: put_dev_crypto should be an int - -Change-Id: Ie0a83bc07a37132286c098b17ef35d98de74b043 -Signed-off-by: Cristian Stoica -Reviewed-on: http://git.am.freescale.net:8181/34220 ---- - crypto/engine/eng_cryptodev.c | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index b74fc7c..c9db27d 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -347,10 +347,12 @@ static int get_dev_crypto(void) - #endif - } - --static void put_dev_crypto(int fd) -+static int put_dev_crypto(int fd) - { --#ifndef CRIOGET_NOT_NEEDED -- close(fd); -+#ifdef CRIOGET_NOT_NEEDED -+ return 0; -+#else -+ return close(fd); - #endif - } - --- -2.3.5 - diff --git a/recipes-connectivity/openssl/openssl-fsl/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch b/recipes-connectivity/openssl/openssl-fsl/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch deleted file mode 100644 index 6527ac8..0000000 --- a/recipes-connectivity/openssl/openssl-fsl/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch +++ /dev/null @@ -1,250 +0,0 @@ -From 787539e7720c99785f6c664a7484842bba08f6ed Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Thu, 19 Feb 2015 13:39:52 +0200 -Subject: [PATCH 26/26] cryptodev: simplify cryptodev pkc support code - -- Engine init returns directly a file descriptor instead of a pointer to one -- Similarly, the Engine close will now just close the file - -Change-Id: Ief736d0776c7009dee002204fb1d4ce9d31c8787 -Signed-off-by: Cristian Stoica -Reviewed-on: http://git.am.freescale.net:8181/34221 ---- - crypto/crypto.h | 2 +- - crypto/engine/eng_cryptodev.c | 35 +++----------------------- - crypto/engine/eng_int.h | 14 +++-------- - crypto/engine/eng_lib.c | 57 +++++++++++++++++++++---------------------- - crypto/engine/engine.h | 13 +++++----- - 5 files changed, 42 insertions(+), 79 deletions(-) - -diff --git a/crypto/crypto.h b/crypto/crypto.h -index ce12731..292427e 100644 ---- a/crypto/crypto.h -+++ b/crypto/crypto.h -@@ -618,7 +618,7 @@ struct pkc_cookie_s { - * -EINVAL: Parameters Invalid - */ - void (*pkc_callback)(struct pkc_cookie_s *cookie, int status); -- void *eng_handle; -+ int eng_handle; - }; - - #ifdef __cplusplus -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index c9db27d..f173bde 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -1742,7 +1742,7 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, - struct pkc_cookie_s *cookie = kop->cookie; - struct cryptodev_cookie_s *eng_cookie; - -- fd = *(int *)cookie->eng_handle; -+ fd = cookie->eng_handle; - - eng_cookie = malloc(sizeof(struct cryptodev_cookie_s)); - if (!eng_cookie) -@@ -1802,38 +1802,11 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) - return (ret); - } - --/* Close an opened instance of cryptodev engine */ --void cryptodev_close_instance(void *handle) --{ -- int fd; -- -- if (handle) { -- fd = *(int *)handle; -- close(fd); -- free(handle); -- } --} -- --/* Create an instance of cryptodev for asynchronous interface */ --void *cryptodev_init_instance(void) --{ -- int *fd = malloc(sizeof(int)); -- -- if (fd) { -- if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) { -- free(fd); -- return NULL; -- } -- } -- return fd; --} -- - #include - - /* Return 0 on success and 1 on failure */ --int cryptodev_check_availability(void *eng_handle) -+int cryptodev_check_availability(int fd) - { -- int fd = *(int *)eng_handle; - struct pkc_cookie_list_s cookie_list; - struct pkc_cookie_s *cookie; - int i; -@@ -4540,8 +4513,8 @@ ENGINE_load_cryptodev(void) - } - - ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability); -- ENGINE_set_close_instance(engine, cryptodev_close_instance); -- ENGINE_set_init_instance(engine, cryptodev_init_instance); -+ ENGINE_set_close_instance(engine, put_dev_crypto); -+ ENGINE_set_open_instance(engine, open_dev_crypto); - ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC); - - ENGINE_add(engine); -diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h -index 8fc3077..8fb79c0 100644 ---- a/crypto/engine/eng_int.h -+++ b/crypto/engine/eng_int.h -@@ -181,23 +181,15 @@ struct engine_st - ENGINE_LOAD_KEY_PTR load_pubkey; - - ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert; -- /* -- * Instantiate Engine handle to be passed in check_pkc_availability -- * Ensure that Engine is instantiated before any pkc asynchronous call. -- */ -- void *(*engine_init_instance)(void); -- /* -- * Instantiated Engine handle will be closed with this call. -- * Ensure that no pkc asynchronous call is made after this call -- */ -- void (*engine_close_instance)(void *handle); -+ int (*engine_open_instance)(void); -+ int (*engine_close_instance)(int fd); - /* - * Check availability will extract the data from kernel. - * eng_handle: This is the Engine handle corresponds to which - * the cookies needs to be polled. - * return 0 if cookie available else 1 - */ -- int (*check_pkc_availability)(void *eng_handle); -+ int (*check_pkc_availability)(int fd); - /* - * The following map is used to check if the engine supports asynchronous implementation - * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous -diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c -index 6fa621c..6c9471b 100644 ---- a/crypto/engine/eng_lib.c -+++ b/crypto/engine/eng_lib.c -@@ -99,7 +99,7 @@ void engine_set_all_null(ENGINE *e) - e->load_privkey = NULL; - e->load_pubkey = NULL; - e->check_pkc_availability = NULL; -- e->engine_init_instance = NULL; -+ e->engine_open_instance = NULL; - e->engine_close_instance = NULL; - e->cmd_defns = NULL; - e->async_map = 0; -@@ -237,47 +237,46 @@ int ENGINE_set_id(ENGINE *e, const char *id) - return 1; - } - --void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void)) -- { -- e->engine_init_instance = engine_init_instance; -- } -+void ENGINE_set_open_instance(ENGINE *e, int (*engine_open_instance)(void)) -+{ -+ e->engine_open_instance = engine_open_instance; -+} - --void ENGINE_set_close_instance(ENGINE *e, -- void (*engine_close_instance)(void *)) -- { -- e->engine_close_instance = engine_close_instance; -- } -+void ENGINE_set_close_instance(ENGINE *e, int (*engine_close_instance)(int)) -+{ -+ e->engine_close_instance = engine_close_instance; -+} - - void ENGINE_set_async_map(ENGINE *e, int async_map) - { - e->async_map = async_map; - } - --void *ENGINE_init_instance(ENGINE *e) -- { -- return e->engine_init_instance(); -- } -- --void ENGINE_close_instance(ENGINE *e, void *eng_handle) -- { -- e->engine_close_instance(eng_handle); -- } -- - int ENGINE_get_async_map(ENGINE *e) - { - return e->async_map; - } - --void ENGINE_set_check_pkc_availability(ENGINE *e, -- int (*check_pkc_availability)(void *eng_handle)) -- { -- e->check_pkc_availability = check_pkc_availability; -- } -+int ENGINE_open_instance(ENGINE *e) -+{ -+ return e->engine_open_instance(); -+} - --int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle) -- { -- return e->check_pkc_availability(eng_handle); -- } -+int ENGINE_close_instance(ENGINE *e, int fd) -+{ -+ return e->engine_close_instance(fd); -+} -+ -+void ENGINE_set_check_pkc_availability(ENGINE *e, -+ int (*check_pkc_availability)(int fd)) -+{ -+ e->check_pkc_availability = check_pkc_availability; -+} -+ -+int ENGINE_check_pkc_availability(ENGINE *e, int fd) -+{ -+ return e->check_pkc_availability(fd); -+} - - int ENGINE_set_name(ENGINE *e, const char *name) - { -diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h -index ccff86a..3ba3e97 100644 ---- a/crypto/engine/engine.h -+++ b/crypto/engine/engine.h -@@ -473,9 +473,6 @@ ENGINE *ENGINE_new(void); - int ENGINE_free(ENGINE *e); - int ENGINE_up_ref(ENGINE *e); - int ENGINE_set_id(ENGINE *e, const char *id); --void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void)); --void ENGINE_set_close_instance(ENGINE *e, -- void (*engine_free_instance)(void *)); - /* - * Following FLAGS are bitmap store in async_map to set asynchronous interface capability - *of the engine -@@ -492,11 +489,13 @@ void ENGINE_set_async_map(ENGINE *e, int async_map); - * to confirm asynchronous methods supported - */ - int ENGINE_get_async_map(ENGINE *e); --void *ENGINE_init_instance(ENGINE *e); --void ENGINE_close_instance(ENGINE *e, void *eng_handle); -+int ENGINE_open_instance(ENGINE *e); -+int ENGINE_close_instance(ENGINE *e, int fd); -+void ENGINE_set_init_instance(ENGINE *e, int(*engine_init_instance)(void)); -+void ENGINE_set_close_instance(ENGINE *e, int(*engine_close_instance)(int)); - void ENGINE_set_check_pkc_availability(ENGINE *e, -- int (*check_pkc_availability)(void *eng_handle)); --int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle); -+ int (*check_pkc_availability)(int fd)); -+int ENGINE_check_pkc_availability(ENGINE *e, int fd); - int ENGINE_set_name(ENGINE *e, const char *name); - int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); - int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); --- -2.3.5 - diff --git a/recipes-connectivity/openssl/openssl-qoriq.inc b/recipes-connectivity/openssl/openssl-qoriq.inc new file mode 100644 index 0000000..87ba1c3 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq.inc @@ -0,0 +1,184 @@ +SUMMARY = "Secure Socket Layer" +DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." +HOMEPAGE = "http://www.openssl.org/" +BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" +SECTION = "libs/network" + +# "openssl | SSLeay" dual license +LICENSE = "openssl" +LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" + +PROVIDES = "openssl" + +python() { + pkgs = d.getVar('PACKAGES', True).split() + for p in pkgs: + if 'openssl-qoriq' in p: + d.appendVar("RPROVIDES_%s" % p, p.replace('openssl-qoriq', 'openssl')) + d.appendVar("RCONFLICTS_%s" % p, p.replace('openssl-qoriq', 'openssl')) + d.appendVar("RREPLACES_%s" % p, p.replace('openssl-qoriq', 'openssl')) +} + +DEPENDS = "perl-native-runtime" + +SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ + " +S = "${WORKDIR}/openssl-${PV}" + +PACKAGECONFIG[perl] = ",,," + +AR_append = " r" +# Avoid binaries being marked as requiring an executable stack since it +# doesn't(which causes and this causes issues with SELinux +CFLAG = "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \ + -DTERMIO ${CFLAGS} -Wall -Wa,--noexecstack" + +# -02 does not work on mipsel: ssh hangs when it tries to read /dev/urandom +CFLAG_mtx-1 := "${@'${CFLAG}'.replace('-O2', '')}" +CFLAG_mtx-2 := "${@'${CFLAG}'.replace('-O2', '')}" + +export DIRS = "crypto ssl apps" +export EX_LIBS = "-lgcc -ldl" +export AS = "${CC} -c" +EXTRA_OEMAKE = "-e MAKEFLAGS=" + +inherit pkgconfig siteinfo multilib_header + +PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf" +FILES_libcrypto = "${base_libdir}/libcrypto${SOLIBS}" +FILES_libssl = "${libdir}/libssl.so.*" +FILES_${PN} =+ " ${libdir}/ssl/*" +FILES_${PN}-misc = "${libdir}/ssl/misc ${bindir}/c_rehash" +RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" +FILES_${PN}-dev += "${base_libdir}/libcrypto${SOLIBSDEV}" + +# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto +# package RRECOMMENDS on this package. This will enable the configuration +# file to be installed for both the base openssl package and the libcrypto +# package since the base openssl package depends on the libcrypto package. +FILES_openssl-conf = "${libdir}/ssl/openssl.cnf" +CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf" +RRECOMMENDS_libcrypto += "openssl-conf" + +do_configure_prepend_darwin () { + sed -i -e '/version-script=openssl\.ld/d' Configure +} + +do_configure () { + cd util + perl perlpath.pl ${STAGING_BINDIR_NATIVE} + cd .. + ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/ + + os=${HOST_OS} + if [ "x$os" = "xlinux-uclibc" ]; then + os=linux + elif [ "x$os" = "xlinux-uclibceabi" ]; then + os=linux + elif [ "x$os" = "xlinux-uclibcspe" ]; then + os=linux + elif [ "x$os" = "xlinux-gnuspe" ]; then + os=linux + elif [ "x$os" = "xlinux-gnueabi" ]; then + os=linux + fi + target="$os-${HOST_ARCH}" + case $target in + linux-arm) + target=linux-armv4 + ;; + linux-armeb) + target=linux-elf-armeb + ;; + linux-aarch64*) + target=linux-generic64 + ;; + linux-sh3) + target=debian-sh3 + ;; + linux-sh4) + target=debian-sh4 + ;; + linux-i486) + target=debian-i386-i486 + ;; + linux-i586 | linux-viac3) + target=debian-i386-i586 + ;; + linux-i686) + target=debian-i386-i686/cmov + ;; + linux-gnux32-x86_64) + target=linux-x32 + ;; + linux-gnu64-x86_64) + target=linux-x86_64 + ;; + linux-mips) + target=debian-mips + ;; + linux-mipsel) + target=debian-mipsel + ;; + linux-*-mips64) + target=linux-mips + ;; + linux-powerpc) + target=linux-ppc + ;; + linux-powerpc64) + target=linux-ppc64 + ;; + linux-supersparc) + target=linux-sparcv8 + ;; + linux-sparc) + target=linux-sparcv8 + ;; + darwin-i386) + target=darwin-i386-cc + ;; + esac + # inject machine-specific flags + sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure + useprefix=${prefix} + if [ "x$useprefix" = "x" ]; then + useprefix=/ + fi + perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target +} + +do_compile () { + oe_runmake +} + +do_install () { + oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install + + oe_libinstall -so libcrypto ${D}${libdir} + oe_libinstall -so libssl ${D}${libdir} + + # Moving libcrypto to /lib + if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then + mkdir -p ${D}/${base_libdir}/ + mv ${D}${libdir}/libcrypto* ${D}${base_libdir}/ + sed -i s#libdir=\$\{exec_prefix\}\/lib#libdir=${base_libdir}# ${D}/${libdir}/pkgconfig/libcrypto.pc + fi + + install -d ${D}${includedir} + cp --dereference -R include/openssl ${D}${includedir} + + oe_multilib_header openssl/opensslconf.h + if [ "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then + install -m 0755 ${S}/tools/c_rehash ${D}${bindir} + sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${bindir}/c_rehash + sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl + sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget + # The c_rehash utility isn't installed by the normal installation process. + else + rm -f ${D}${bindir}/c_rehash + rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget + fi +} + +BBCLASSEXTEND = "native nativesdk" diff --git a/recipes-connectivity/openssl/openssl-qoriq/configure-targets.patch b/recipes-connectivity/openssl/openssl-qoriq/configure-targets.patch new file mode 100644 index 0000000..c1f3d08 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/configure-targets.patch @@ -0,0 +1,34 @@ +Upstream-Status: Inappropriate [embedded specific] + +The number of colons are important :) + + +--- + Configure | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +--- a/Configure ++++ b/Configure +@@ -403,6 +403,22 @@ my %table=( + "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", + "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", + ++ # Linux on ARM ++"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++ ++"linux-avr32","$ENV{'CC'}:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).", ++ ++#### Linux on MIPS/MIPS64 ++"linux-mips","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++ + # Android: linux-* but without -DTERMIO and pointers to headers and libs. + "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian/c_rehash-compat.patch b/recipes-connectivity/openssl/openssl-qoriq/debian/c_rehash-compat.patch new file mode 100644 index 0000000..ac1b19b --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/debian/c_rehash-compat.patch @@ -0,0 +1,45 @@ +Upstream-Status: Backport [debian] + +From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001 +From: Ludwig Nussel +Date: Wed, 21 Apr 2010 15:52:10 +0200 +Subject: [PATCH] also create old hash for compatibility + +--- + tools/c_rehash.in | 8 +++++++- + 1 files changed, 7 insertions(+), 1 deletions(-) + +Index: openssl-1.0.0d/tools/c_rehash.in +=================================================================== +--- openssl-1.0.0d.orig/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000 ++++ openssl-1.0.0d/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000 +@@ -86,6 +86,7 @@ + } + } + link_hash_cert($fname) if($cert); ++ link_hash_cert_old($fname) if($cert); + link_hash_crl($fname) if($crl); + } + } +@@ -119,8 +120,9 @@ + + sub link_hash_cert { + my $fname = $_[0]; ++ my $hashopt = $_[1] || '-subject_hash'; + $fname =~ s/'/'\\''/g; +- my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`; ++ my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$fname"`; + chomp $hash; + chomp $fprint; + $fprint =~ s/^.*=//; +@@ -150,6 +152,10 @@ + $hashlist{$hash} = $fprint; + } + ++sub link_hash_cert_old { ++ link_hash_cert($_[0], '-subject_hash_old'); ++} ++ + # Same as above except for a CRL. CRL links are of the form .r + + sub link_hash_crl { diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian/ca.patch b/recipes-connectivity/openssl/openssl-qoriq/debian/ca.patch new file mode 100644 index 0000000..aba4d42 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/debian/ca.patch @@ -0,0 +1,22 @@ +Upstream-Status: Backport [debian] + +Index: openssl-0.9.8m/apps/CA.pl.in +=================================================================== +--- openssl-0.9.8m.orig/apps/CA.pl.in 2006-04-28 00:28:51.000000000 +0000 ++++ openssl-0.9.8m/apps/CA.pl.in 2010-02-27 00:36:51.000000000 +0000 +@@ -65,6 +65,7 @@ + foreach (@ARGV) { + if ( /^(-\?|-h|-help)$/ ) { + print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; ++ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; + exit 0; + } elsif (/^-newcert$/) { + # create a certificate +@@ -165,6 +166,7 @@ + } else { + print STDERR "Unknown arg $_\n"; + print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; ++ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; + exit 1; + } + } diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian/debian-targets.patch b/recipes-connectivity/openssl/openssl-qoriq/debian/debian-targets.patch new file mode 100644 index 0000000..8101edf --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/debian/debian-targets.patch @@ -0,0 +1,66 @@ +Upstream-Status: Backport [debian] + +Index: openssl-1.0.1/Configure +=================================================================== +--- openssl-1.0.1.orig/Configure 2012-03-17 15:37:54.000000000 +0000 ++++ openssl-1.0.1/Configure 2012-03-17 16:13:49.000000000 +0000 +@@ -105,6 +105,10 @@ + + my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; + ++# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS ++my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall"; ++$debian_cflags =~ s/\n/ /g; ++ + my $strict_warnings = 0; + + my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; +@@ -338,6 +342,48 @@ + "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", + "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", + ++# Debian GNU/* (various architectures) ++"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-armeb","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", ++"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-kfreebsd-i386","gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-hppa","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-hurd-i386","gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -mtune=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-ia64","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386-i486","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386-i586","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i586::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386-i686/cmov","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i686::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mips", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mipsel", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-netbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-netbsd-m68k", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-openbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sh3", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sh4", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sh3eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sh4eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-m32r","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sparc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++ + #### + #### Variety of LINUX:-) + #### diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian/make-targets.patch b/recipes-connectivity/openssl/openssl-qoriq/debian/make-targets.patch new file mode 100644 index 0000000..ee0a62c --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/debian/make-targets.patch @@ -0,0 +1,15 @@ +Upstream-Status: Backport [debian] + +Index: openssl-1.0.1/Makefile.org +=================================================================== +--- openssl-1.0.1.orig/Makefile.org 2012-03-17 09:41:07.000000000 +0000 ++++ openssl-1.0.1/Makefile.org 2012-03-17 09:41:21.000000000 +0000 +@@ -135,7 +135,7 @@ + + BASEADDR= + +-DIRS= crypto ssl engines apps test tools ++DIRS= crypto ssl engines apps tools + ENGDIRS= ccgost + SHLIBDIRS= crypto ssl + diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian/man-dir.patch b/recipes-connectivity/openssl/openssl-qoriq/debian/man-dir.patch new file mode 100644 index 0000000..4085e3b --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/debian/man-dir.patch @@ -0,0 +1,15 @@ +Upstream-Status: Backport [debian] + +Index: openssl-1.0.0c/Makefile.org +=================================================================== +--- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:27.000000000 +0100 ++++ openssl-1.0.0c/Makefile.org 2010-12-12 16:11:37.000000000 +0100 +@@ -131,7 +131,7 @@ + + MAKEFILE= Makefile + +-MANDIR=$(OPENSSLDIR)/man ++MANDIR=/usr/share/man + MAN1=1 + MAN3=3 + MANSUFFIX= diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian/man-section.patch b/recipes-connectivity/openssl/openssl-qoriq/debian/man-section.patch new file mode 100644 index 0000000..21c1d1a --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/debian/man-section.patch @@ -0,0 +1,34 @@ +Upstream-Status: Backport [debian] + +Index: openssl-1.0.0c/Makefile.org +=================================================================== +--- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:37.000000000 +0100 ++++ openssl-1.0.0c/Makefile.org 2010-12-12 16:13:28.000000000 +0100 +@@ -160,7 +160,8 @@ + MANDIR=/usr/share/man + MAN1=1 + MAN3=3 +-MANSUFFIX= ++MANSUFFIX=ssl ++MANSECTION=SSL + HTMLSUFFIX=html + HTMLDIR=$(OPENSSLDIR)/html + SHELL=/bin/sh +@@ -651,7 +652,7 @@ + echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ + (cd `$(PERL) util/dirname.pl $$i`; \ + sh -c "$$pod2man \ +- --section=$$sec --center=OpenSSL \ ++ --section=$${sec}$(MANSECTION) --center=OpenSSL \ + --release=$(VERSION) `basename $$i`") \ + > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ + $(PERL) util/extract-names.pl < $$i | \ +@@ -668,7 +669,7 @@ + echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ + (cd `$(PERL) util/dirname.pl $$i`; \ + sh -c "$$pod2man \ +- --section=$$sec --center=OpenSSL \ ++ --section=$${sec}$(MANSECTION) --center=OpenSSL \ + --release=$(VERSION) `basename $$i`") \ + > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ + $(PERL) util/extract-names.pl < $$i | \ diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian/no-rpath.patch b/recipes-connectivity/openssl/openssl-qoriq/debian/no-rpath.patch new file mode 100644 index 0000000..1ccb3b8 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/debian/no-rpath.patch @@ -0,0 +1,15 @@ +Upstream-Status: Backport [debian] + +Index: openssl-1.0.0c/Makefile.shared +=================================================================== +--- openssl-1.0.0c.orig/Makefile.shared 2010-08-21 13:36:49.000000000 +0200 ++++ openssl-1.0.0c/Makefile.shared 2010-12-12 16:13:36.000000000 +0100 +@@ -153,7 +153,7 @@ + NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" + +-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" ++DO_GNU_APP=LDFLAGS="$(CFLAGS)" + + #This is rather special. It's a special target with which one can link + #applications without bothering with any features that have anything to diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian/no-symbolic.patch b/recipes-connectivity/openssl/openssl-qoriq/debian/no-symbolic.patch new file mode 100644 index 0000000..cc4408a --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/debian/no-symbolic.patch @@ -0,0 +1,15 @@ +Upstream-Status: Backport [debian] + +Index: openssl-1.0.0c/Makefile.shared +=================================================================== +--- openssl-1.0.0c.orig/Makefile.shared 2010-12-12 16:13:36.000000000 +0100 ++++ openssl-1.0.0c/Makefile.shared 2010-12-12 16:13:44.000000000 +0100 +@@ -151,7 +151,7 @@ + SHLIB_SUFFIX=; \ + ALLSYMSFLAGS='-Wl,--whole-archive'; \ + NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ +- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" ++ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" + + DO_GNU_APP=LDFLAGS="$(CFLAGS)" + diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian/pic.patch b/recipes-connectivity/openssl/openssl-qoriq/debian/pic.patch new file mode 100644 index 0000000..bfda388 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/debian/pic.patch @@ -0,0 +1,177 @@ +Upstream-Status: Backport [debian] + +Index: openssl-1.0.1c/crypto/des/asm/desboth.pl +=================================================================== +--- openssl-1.0.1c.orig/crypto/des/asm/desboth.pl 2001-10-24 23:20:56.000000000 +0200 ++++ openssl-1.0.1c/crypto/des/asm/desboth.pl 2012-07-29 14:15:26.000000000 +0200 +@@ -16,6 +16,11 @@ + + &push("edi"); + ++ &call (&label("pic_point0")); ++ &set_label("pic_point0"); ++ &blindpop("ebp"); ++ &add ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); ++ + &comment(""); + &comment("Load the data words"); + &mov($L,&DWP(0,"ebx","",0)); +@@ -47,15 +52,21 @@ + &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); + &mov(&swtmp(1), "eax"); + &mov(&swtmp(0), "ebx"); +- &call("DES_encrypt2"); ++ &exch("ebx", "ebp"); ++ &call("DES_encrypt2\@PLT"); ++ &exch("ebx", "ebp"); + &mov(&swtmp(2), (DWC(($enc)?"0":"1"))); + &mov(&swtmp(1), "edi"); + &mov(&swtmp(0), "ebx"); +- &call("DES_encrypt2"); ++ &exch("ebx", "ebp"); ++ &call("DES_encrypt2\@PLT"); ++ &exch("ebx", "ebp"); + &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); + &mov(&swtmp(1), "esi"); + &mov(&swtmp(0), "ebx"); +- &call("DES_encrypt2"); ++ &exch("ebx", "ebp"); ++ &call("DES_encrypt2\@PLT"); ++ &exch("ebx", "ebp"); + + &stack_pop(3); + &mov($L,&DWP(0,"ebx","",0)); +Index: openssl-1.0.1c/crypto/perlasm/cbc.pl +=================================================================== +--- openssl-1.0.1c.orig/crypto/perlasm/cbc.pl 2011-07-13 08:22:46.000000000 +0200 ++++ openssl-1.0.1c/crypto/perlasm/cbc.pl 2012-07-29 14:15:26.000000000 +0200 +@@ -122,7 +122,11 @@ + &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call + &mov(&DWP($data_off+4,"esp","",0), "ebx"); # + +- &call($enc_func); ++ &call (&label("pic_point0")); ++ &set_label("pic_point0"); ++ &blindpop("ebx"); ++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); ++ &call("$enc_func\@PLT"); + + &mov("eax", &DWP($data_off,"esp","",0)); + &mov("ebx", &DWP($data_off+4,"esp","",0)); +@@ -185,7 +189,11 @@ + &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call + &mov(&DWP($data_off+4,"esp","",0), "ebx"); # + +- &call($enc_func); ++ &call (&label("pic_point1")); ++ &set_label("pic_point1"); ++ &blindpop("ebx"); ++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]"); ++ &call("$enc_func\@PLT"); + + &mov("eax", &DWP($data_off,"esp","",0)); + &mov("ebx", &DWP($data_off+4,"esp","",0)); +@@ -218,7 +226,11 @@ + &mov(&DWP($data_off,"esp","",0), "eax"); # put back + &mov(&DWP($data_off+4,"esp","",0), "ebx"); # + +- &call($dec_func); ++ &call (&label("pic_point2")); ++ &set_label("pic_point2"); ++ &blindpop("ebx"); ++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]"); ++ &call("$dec_func\@PLT"); + + &mov("eax", &DWP($data_off,"esp","",0)); # get return + &mov("ebx", &DWP($data_off+4,"esp","",0)); # +@@ -261,7 +273,11 @@ + &mov(&DWP($data_off,"esp","",0), "eax"); # put back + &mov(&DWP($data_off+4,"esp","",0), "ebx"); # + +- &call($dec_func); ++ &call (&label("pic_point3")); ++ &set_label("pic_point3"); ++ &blindpop("ebx"); ++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]"); ++ &call("$dec_func\@PLT"); + + &mov("eax", &DWP($data_off,"esp","",0)); # get return + &mov("ebx", &DWP($data_off+4,"esp","",0)); # +Index: openssl-1.0.1c/crypto/perlasm/x86gas.pl +=================================================================== +--- openssl-1.0.1c.orig/crypto/perlasm/x86gas.pl 2011-12-09 20:16:35.000000000 +0100 ++++ openssl-1.0.1c/crypto/perlasm/x86gas.pl 2012-07-29 14:15:26.000000000 +0200 +@@ -161,6 +161,7 @@ + if ($::macosx) { push (@out,"$tmp,2\n"); } + elsif ($::elf) { push (@out,"$tmp,4\n"); } + else { push (@out,"$tmp\n"); } ++ if ($::elf) { push (@out,".hidden\tOPENSSL_ia32cap_P\n"); } + } + push(@out,$initseg) if ($initseg); + } +@@ -218,8 +219,23 @@ + elsif ($::elf) + { $initseg.=<<___; + .section .init ++___ ++ if ($::pic) ++ { $initseg.=<<___; ++ pushl %ebx ++ call .pic_point0 ++.pic_point0: ++ popl %ebx ++ addl \$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx ++ call $f\@PLT ++ popl %ebx ++___ ++ } ++ else ++ { $initseg.=<<___; + call $f + ___ ++ } + } + elsif ($::coff) + { $initseg.=<<___; # applies to both Cygwin and Mingw +Index: openssl-1.0.1c/crypto/x86cpuid.pl +=================================================================== +--- openssl-1.0.1c.orig/crypto/x86cpuid.pl 2012-02-28 15:20:34.000000000 +0100 ++++ openssl-1.0.1c/crypto/x86cpuid.pl 2012-07-29 14:15:26.000000000 +0200 +@@ -8,6 +8,8 @@ + + for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } + ++push(@out, ".hidden OPENSSL_ia32cap_P\n"); ++ + &function_begin("OPENSSL_ia32_cpuid"); + &xor ("edx","edx"); + &pushf (); +@@ -139,9 +141,7 @@ + &set_label("nocpuid"); + &function_end("OPENSSL_ia32_cpuid"); + +-&external_label("OPENSSL_ia32cap_P"); +- +-&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); ++&function_begin_B("OPENSSL_rdtsc"); + &xor ("eax","eax"); + &xor ("edx","edx"); + &picmeup("ecx","OPENSSL_ia32cap_P"); +@@ -155,7 +155,7 @@ + # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host], + # but it's safe to call it on any [supported] 32-bit platform... + # Just check for [non-]zero return value... +-&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); ++&function_begin_B("OPENSSL_instrument_halt"); + &picmeup("ecx","OPENSSL_ia32cap_P"); + &bt (&DWP(0,"ecx"),4); + &jnc (&label("nohalt")); # no TSC +@@ -222,7 +222,7 @@ + &ret (); + &function_end_B("OPENSSL_far_spin"); + +-&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); ++&function_begin_B("OPENSSL_wipe_cpu"); + &xor ("eax","eax"); + &xor ("edx","edx"); + &picmeup("ecx","OPENSSL_ia32cap_P"); diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian/version-script.patch b/recipes-connectivity/openssl/openssl-qoriq/debian/version-script.patch new file mode 100644 index 0000000..ece8b9b --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/debian/version-script.patch @@ -0,0 +1,4670 @@ +Upstream-Status: Backport [debian] + +Index: openssl-1.0.1d/Configure +=================================================================== +--- openssl-1.0.1d.orig/Configure 2013-02-06 19:41:43.000000000 +0100 ++++ openssl-1.0.1d/Configure 2013-02-06 19:41:43.000000000 +0100 +@@ -1621,6 +1621,8 @@ + } + } + ++$shared_ldflag .= " -Wl,--version-script=openssl.ld"; ++ + open(IN,'$Makefile.new") || die "unable to create $Makefile.new:$!\n"; +Index: openssl-1.0.1d/openssl.ld +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1d/openssl.ld 2013-02-06 19:44:25.000000000 +0100 +@@ -0,0 +1,4620 @@ ++OPENSSL_1.0.0 { ++ global: ++ BIO_f_ssl; ++ BIO_new_buffer_ssl_connect; ++ BIO_new_ssl; ++ BIO_new_ssl_connect; ++ BIO_proxy_ssl_copy_session_id; ++ BIO_ssl_copy_session_id; ++ BIO_ssl_shutdown; ++ d2i_SSL_SESSION; ++ DTLSv1_client_method; ++ DTLSv1_method; ++ DTLSv1_server_method; ++ ERR_load_SSL_strings; ++ i2d_SSL_SESSION; ++ kssl_build_principal_2; ++ kssl_cget_tkt; ++ kssl_check_authent; ++ kssl_ctx_free; ++ kssl_ctx_new; ++ kssl_ctx_setkey; ++ kssl_ctx_setprinc; ++ kssl_ctx_setstring; ++ kssl_ctx_show; ++ kssl_err_set; ++ kssl_krb5_free_data_contents; ++ kssl_sget_tkt; ++ kssl_skip_confound; ++ kssl_validate_times; ++ PEM_read_bio_SSL_SESSION; ++ PEM_read_SSL_SESSION; ++ PEM_write_bio_SSL_SESSION; ++ PEM_write_SSL_SESSION; ++ SSL_accept; ++ SSL_add_client_CA; ++ SSL_add_dir_cert_subjects_to_stack; ++ SSL_add_dir_cert_subjs_to_stk; ++ SSL_add_file_cert_subjects_to_stack; ++ SSL_add_file_cert_subjs_to_stk; ++ SSL_alert_desc_string; ++ SSL_alert_desc_string_long; ++ SSL_alert_type_string; ++ SSL_alert_type_string_long; ++ SSL_callback_ctrl; ++ SSL_check_private_key; ++ SSL_CIPHER_description; ++ SSL_CIPHER_get_bits; ++ SSL_CIPHER_get_name; ++ SSL_CIPHER_get_version; ++ SSL_clear; ++ SSL_COMP_add_compression_method; ++ SSL_COMP_get_compression_methods; ++ SSL_COMP_get_compress_methods; ++ SSL_COMP_get_name; ++ SSL_connect; ++ SSL_copy_session_id; ++ SSL_ctrl; ++ SSL_CTX_add_client_CA; ++ SSL_CTX_add_session; ++ SSL_CTX_callback_ctrl; ++ SSL_CTX_check_private_key; ++ SSL_CTX_ctrl; ++ SSL_CTX_flush_sessions; ++ SSL_CTX_free; ++ SSL_CTX_get_cert_store; ++ SSL_CTX_get_client_CA_list; ++ SSL_CTX_get_client_cert_cb; ++ SSL_CTX_get_ex_data; ++ SSL_CTX_get_ex_new_index; ++ SSL_CTX_get_info_callback; ++ SSL_CTX_get_quiet_shutdown; ++ SSL_CTX_get_timeout; ++ SSL_CTX_get_verify_callback; ++ SSL_CTX_get_verify_depth; ++ SSL_CTX_get_verify_mode; ++ SSL_CTX_load_verify_locations; ++ SSL_CTX_new; ++ SSL_CTX_remove_session; ++ SSL_CTX_sess_get_get_cb; ++ SSL_CTX_sess_get_new_cb; ++ SSL_CTX_sess_get_remove_cb; ++ SSL_CTX_sessions; ++ SSL_CTX_sess_set_get_cb; ++ SSL_CTX_sess_set_new_cb; ++ SSL_CTX_sess_set_remove_cb; ++ SSL_CTX_set1_param; ++ SSL_CTX_set_cert_store; ++ SSL_CTX_set_cert_verify_callback; ++ SSL_CTX_set_cert_verify_cb; ++ SSL_CTX_set_cipher_list; ++ SSL_CTX_set_client_CA_list; ++ SSL_CTX_set_client_cert_cb; ++ SSL_CTX_set_client_cert_engine; ++ SSL_CTX_set_cookie_generate_cb; ++ SSL_CTX_set_cookie_verify_cb; ++ SSL_CTX_set_default_passwd_cb; ++ SSL_CTX_set_default_passwd_cb_userdata; ++ SSL_CTX_set_default_verify_paths; ++ SSL_CTX_set_def_passwd_cb_ud; ++ SSL_CTX_set_def_verify_paths; ++ SSL_CTX_set_ex_data; ++ SSL_CTX_set_generate_session_id; ++ SSL_CTX_set_info_callback; ++ SSL_CTX_set_msg_callback; ++ SSL_CTX_set_psk_client_callback; ++ SSL_CTX_set_psk_server_callback; ++ SSL_CTX_set_purpose; ++ SSL_CTX_set_quiet_shutdown; ++ SSL_CTX_set_session_id_context; ++ SSL_CTX_set_ssl_version; ++ SSL_CTX_set_timeout; ++ SSL_CTX_set_tmp_dh_callback; ++ SSL_CTX_set_tmp_ecdh_callback; ++ SSL_CTX_set_tmp_rsa_callback; ++ SSL_CTX_set_trust; ++ SSL_CTX_set_verify; ++ SSL_CTX_set_verify_depth; ++ SSL_CTX_use_cert_chain_file; ++ SSL_CTX_use_certificate; ++ SSL_CTX_use_certificate_ASN1; ++ SSL_CTX_use_certificate_chain_file; ++ SSL_CTX_use_certificate_file; ++ SSL_CTX_use_PrivateKey; ++ SSL_CTX_use_PrivateKey_ASN1; ++ SSL_CTX_use_PrivateKey_file; ++ SSL_CTX_use_psk_identity_hint; ++ SSL_CTX_use_RSAPrivateKey; ++ SSL_CTX_use_RSAPrivateKey_ASN1; ++ SSL_CTX_use_RSAPrivateKey_file; ++ SSL_do_handshake; ++ SSL_dup; ++ SSL_dup_CA_list; ++ SSLeay_add_ssl_algorithms; ++ SSL_free; ++ SSL_get1_session; ++ SSL_get_certificate; ++ SSL_get_cipher_list; ++ SSL_get_ciphers; ++ SSL_get_client_CA_list; ++ SSL_get_current_cipher; ++ SSL_get_current_compression; ++ SSL_get_current_expansion; ++ SSL_get_default_timeout; ++ SSL_get_error; ++ SSL_get_ex_data; ++ SSL_get_ex_data_X509_STORE_CTX_idx; ++ SSL_get_ex_d_X509_STORE_CTX_idx; ++ SSL_get_ex_new_index; ++ SSL_get_fd; ++ SSL_get_finished; ++ SSL_get_info_callback; ++ SSL_get_peer_cert_chain; ++ SSL_get_peer_certificate; ++ SSL_get_peer_finished; ++ SSL_get_privatekey; ++ SSL_get_psk_identity; ++ SSL_get_psk_identity_hint; ++ SSL_get_quiet_shutdown; ++ SSL_get_rbio; ++ SSL_get_read_ahead; ++ SSL_get_rfd; ++ SSL_get_servername; ++ SSL_get_servername_type; ++ SSL_get_session; ++ SSL_get_shared_ciphers; ++ SSL_get_shutdown; ++ SSL_get_SSL_CTX; ++ SSL_get_ssl_method; ++ SSL_get_verify_callback; ++ SSL_get_verify_depth; ++ SSL_get_verify_mode; ++ SSL_get_verify_result; ++ SSL_get_version; ++ SSL_get_wbio; ++ SSL_get_wfd; ++ SSL_has_matching_session_id; ++ SSL_library_init; ++ SSL_load_client_CA_file; ++ SSL_load_error_strings; ++ SSL_new; ++ SSL_peek; ++ SSL_pending; ++ SSL_read; ++ SSL_renegotiate; ++ SSL_renegotiate_pending; ++ SSL_rstate_string; ++ SSL_rstate_string_long; ++ SSL_SESSION_cmp; ++ SSL_SESSION_free; ++ SSL_SESSION_get_ex_data; ++ SSL_SESSION_get_ex_new_index; ++ SSL_SESSION_get_id; ++ SSL_SESSION_get_time; ++ SSL_SESSION_get_timeout; ++ SSL_SESSION_hash; ++ SSL_SESSION_new; ++ SSL_SESSION_print; ++ SSL_SESSION_print_fp; ++ SSL_SESSION_set_ex_data; ++ SSL_SESSION_set_time; ++ SSL_SESSION_set_timeout; ++ SSL_set1_param; ++ SSL_set_accept_state; ++ SSL_set_bio; ++ SSL_set_cipher_list; ++ SSL_set_client_CA_list; ++ SSL_set_connect_state; ++ SSL_set_ex_data; ++ SSL_set_fd; ++ SSL_set_generate_session_id; ++ SSL_set_info_callback; ++ SSL_set_msg_callback; ++ SSL_set_psk_client_callback; ++ SSL_set_psk_server_callback; ++ SSL_set_purpose; ++ SSL_set_quiet_shutdown; ++ SSL_set_read_ahead; ++ SSL_set_rfd; ++ SSL_set_session; ++ SSL_set_session_id_context; ++ SSL_set_session_secret_cb; ++ SSL_set_session_ticket_ext; ++ SSL_set_session_ticket_ext_cb; ++ SSL_set_shutdown; ++ SSL_set_SSL_CTX; ++ SSL_set_ssl_method; ++ SSL_set_tmp_dh_callback; ++ SSL_set_tmp_ecdh_callback; ++ SSL_set_tmp_rsa_callback; ++ SSL_set_trust; ++ SSL_set_verify; ++ SSL_set_verify_depth; ++ SSL_set_verify_result; ++ SSL_set_wfd; ++ SSL_shutdown; ++ SSL_state; ++ SSL_state_string; ++ SSL_state_string_long; ++ SSL_use_certificate; ++ SSL_use_certificate_ASN1; ++ SSL_use_certificate_file; ++ SSL_use_PrivateKey; ++ SSL_use_PrivateKey_ASN1; ++ SSL_use_PrivateKey_file; ++ SSL_use_psk_identity_hint; ++ SSL_use_RSAPrivateKey; ++ SSL_use_RSAPrivateKey_ASN1; ++ SSL_use_RSAPrivateKey_file; ++ SSLv23_client_method; ++ SSLv23_method; ++ SSLv23_server_method; ++ SSLv2_client_method; ++ SSLv2_method; ++ SSLv2_server_method; ++ SSLv3_client_method; ++ SSLv3_method; ++ SSLv3_server_method; ++ SSL_version; ++ SSL_want; ++ SSL_write; ++ TLSv1_client_method; ++ TLSv1_method; ++ TLSv1_server_method; ++ ++ ++ SSLeay; ++ SSLeay_version; ++ ASN1_BIT_STRING_asn1_meth; ++ ASN1_HEADER_free; ++ ASN1_HEADER_new; ++ ASN1_IA5STRING_asn1_meth; ++ ASN1_INTEGER_get; ++ ASN1_INTEGER_set; ++ ASN1_INTEGER_to_BN; ++ ASN1_OBJECT_create; ++ ASN1_OBJECT_free; ++ ASN1_OBJECT_new; ++ ASN1_PRINTABLE_type; ++ ASN1_STRING_cmp; ++ ASN1_STRING_dup; ++ ASN1_STRING_free; ++ ASN1_STRING_new; ++ ASN1_STRING_print; ++ ASN1_STRING_set; ++ ASN1_STRING_type_new; ++ ASN1_TYPE_free; ++ ASN1_TYPE_new; ++ ASN1_UNIVERSALSTRING_to_string; ++ ASN1_UTCTIME_check; ++ ASN1_UTCTIME_print; ++ ASN1_UTCTIME_set; ++ ASN1_check_infinite_end; ++ ASN1_d2i_bio; ++ ASN1_d2i_fp; ++ ASN1_digest; ++ ASN1_dup; ++ ASN1_get_object; ++ ASN1_i2d_bio; ++ ASN1_i2d_fp; ++ ASN1_object_size; ++ ASN1_parse; ++ ASN1_put_object; ++ ASN1_sign; ++ ASN1_verify; ++ BF_cbc_encrypt; ++ BF_cfb64_encrypt; ++ BF_ecb_encrypt; ++ BF_encrypt; ++ BF_ofb64_encrypt; ++ BF_options; ++ BF_set_key; ++ BIO_CONNECT_free; ++ BIO_CONNECT_new; ++ BIO_accept; ++ BIO_ctrl; ++ BIO_int_ctrl; ++ BIO_debug_callback; ++ BIO_dump; ++ BIO_dup_chain; ++ BIO_f_base64; ++ BIO_f_buffer; ++ BIO_f_cipher; ++ BIO_f_md; ++ BIO_f_null; ++ BIO_f_proxy_server; ++ BIO_fd_non_fatal_error; ++ BIO_fd_should_retry; ++ BIO_find_type; ++ BIO_free; ++ BIO_free_all; ++ BIO_get_accept_socket; ++ BIO_get_filter_bio; ++ BIO_get_host_ip; ++ BIO_get_port; ++ BIO_get_retry_BIO; ++ BIO_get_retry_reason; ++ BIO_gethostbyname; ++ BIO_gets; ++ BIO_new; ++ BIO_new_accept; ++ BIO_new_connect; ++ BIO_new_fd; ++ BIO_new_file; ++ BIO_new_fp; ++ BIO_new_socket; ++ BIO_pop; ++ BIO_printf; ++ BIO_push; ++ BIO_puts; ++ BIO_read; ++ BIO_s_accept; ++ BIO_s_connect; ++ BIO_s_fd; ++ BIO_s_file; ++ BIO_s_mem; ++ BIO_s_null; ++ BIO_s_proxy_client; ++ BIO_s_socket; ++ BIO_set; ++ BIO_set_cipher; ++ BIO_set_tcp_ndelay; ++ BIO_sock_cleanup; ++ BIO_sock_error; ++ BIO_sock_init; ++ BIO_sock_non_fatal_error; ++ BIO_sock_should_retry; ++ BIO_socket_ioctl; ++ BIO_write; ++ BN_CTX_free; ++ BN_CTX_new; ++ BN_MONT_CTX_free; ++ BN_MONT_CTX_new; ++ BN_MONT_CTX_set; ++ BN_add; ++ BN_add_word; ++ BN_hex2bn; ++ BN_bin2bn; ++ BN_bn2hex; ++ BN_bn2bin; ++ BN_clear; ++ BN_clear_bit; ++ BN_clear_free; ++ BN_cmp; ++ BN_copy; ++ BN_div; ++ BN_div_word; ++ BN_dup; ++ BN_free; ++ BN_from_montgomery; ++ BN_gcd; ++ BN_generate_prime; ++ BN_get_word; ++ BN_is_bit_set; ++ BN_is_prime; ++ BN_lshift; ++ BN_lshift1; ++ BN_mask_bits; ++ BN_mod; ++ BN_mod_exp; ++ BN_mod_exp_mont; ++ BN_mod_exp_simple; ++ BN_mod_inverse; ++ BN_mod_mul; ++ BN_mod_mul_montgomery; ++ BN_mod_word; ++ BN_mul; ++ BN_new; ++ BN_num_bits; ++ BN_num_bits_word; ++ BN_options; ++ BN_print; ++ BN_print_fp; ++ BN_rand; ++ BN_reciprocal; ++ BN_rshift; ++ BN_rshift1; ++ BN_set_bit; ++ BN_set_word; ++ BN_sqr; ++ BN_sub; ++ BN_to_ASN1_INTEGER; ++ BN_ucmp; ++ BN_value_one; ++ BUF_MEM_free; ++ BUF_MEM_grow; ++ BUF_MEM_new; ++ BUF_strdup; ++ CONF_free; ++ CONF_get_number; ++ CONF_get_section; ++ CONF_get_string; ++ CONF_load; ++ CRYPTO_add_lock; ++ CRYPTO_dbg_free; ++ CRYPTO_dbg_malloc; ++ CRYPTO_dbg_realloc; ++ CRYPTO_dbg_remalloc; ++ CRYPTO_free; ++ CRYPTO_get_add_lock_callback; ++ CRYPTO_get_id_callback; ++ CRYPTO_get_lock_name; ++ CRYPTO_get_locking_callback; ++ CRYPTO_get_mem_functions; ++ CRYPTO_lock; ++ CRYPTO_malloc; ++ CRYPTO_mem_ctrl; ++ CRYPTO_mem_leaks; ++ CRYPTO_mem_leaks_cb; ++ CRYPTO_mem_leaks_fp; ++ CRYPTO_realloc; ++ CRYPTO_remalloc; ++ CRYPTO_set_add_lock_callback; ++ CRYPTO_set_id_callback; ++ CRYPTO_set_locking_callback; ++ CRYPTO_set_mem_functions; ++ CRYPTO_thread_id; ++ DH_check; ++ DH_compute_key; ++ DH_free; ++ DH_generate_key; ++ DH_generate_parameters; ++ DH_new; ++ DH_size; ++ DHparams_print; ++ DHparams_print_fp; ++ DSA_free; ++ DSA_generate_key; ++ DSA_generate_parameters; ++ DSA_is_prime; ++ DSA_new; ++ DSA_print; ++ DSA_print_fp; ++ DSA_sign; ++ DSA_sign_setup; ++ DSA_size; ++ DSA_verify; ++ DSAparams_print; ++ DSAparams_print_fp; ++ ERR_clear_error; ++ ERR_error_string; ++ ERR_free_strings; ++ ERR_func_error_string; ++ ERR_get_err_state_table; ++ ERR_get_error; ++ ERR_get_error_line; ++ ERR_get_state; ++ ERR_get_string_table; ++ ERR_lib_error_string; ++ ERR_load_ASN1_strings; ++ ERR_load_BIO_strings; ++ ERR_load_BN_strings; ++ ERR_load_BUF_strings; ++ ERR_load_CONF_strings; ++ ERR_load_DH_strings; ++ ERR_load_DSA_strings; ++ ERR_load_ERR_strings; ++ ERR_load_EVP_strings; ++ ERR_load_OBJ_strings; ++ ERR_load_PEM_strings; ++ ERR_load_PROXY_strings; ++ ERR_load_RSA_strings; ++ ERR_load_X509_strings; ++ ERR_load_crypto_strings; ++ ERR_load_strings; ++ ERR_peek_error; ++ ERR_peek_error_line; ++ ERR_print_errors; ++ ERR_print_errors_fp; ++ ERR_put_error; ++ ERR_reason_error_string; ++ ERR_remove_state; ++ EVP_BytesToKey; ++ EVP_CIPHER_CTX_cleanup; ++ EVP_CipherFinal; ++ EVP_CipherInit; ++ EVP_CipherUpdate; ++ EVP_DecodeBlock; ++ EVP_DecodeFinal; ++ EVP_DecodeInit; ++ EVP_DecodeUpdate; ++ EVP_DecryptFinal; ++ EVP_DecryptInit; ++ EVP_DecryptUpdate; ++ EVP_DigestFinal; ++ EVP_DigestInit; ++ EVP_DigestUpdate; ++ EVP_EncodeBlock; ++ EVP_EncodeFinal; ++ EVP_EncodeInit; ++ EVP_EncodeUpdate; ++ EVP_EncryptFinal; ++ EVP_EncryptInit; ++ EVP_EncryptUpdate; ++ EVP_OpenFinal; ++ EVP_OpenInit; ++ EVP_PKEY_assign; ++ EVP_PKEY_copy_parameters; ++ EVP_PKEY_free; ++ EVP_PKEY_missing_parameters; ++ EVP_PKEY_new; ++ EVP_PKEY_save_parameters; ++ EVP_PKEY_size; ++ EVP_PKEY_type; ++ EVP_SealFinal; ++ EVP_SealInit; ++ EVP_SignFinal; ++ EVP_VerifyFinal; ++ EVP_add_alias; ++ EVP_add_cipher; ++ EVP_add_digest; ++ EVP_bf_cbc; ++ EVP_bf_cfb64; ++ EVP_bf_ecb; ++ EVP_bf_ofb; ++ EVP_cleanup; ++ EVP_des_cbc; ++ EVP_des_cfb64; ++ EVP_des_ecb; ++ EVP_des_ede; ++ EVP_des_ede3; ++ EVP_des_ede3_cbc; ++ EVP_des_ede3_cfb64; ++ EVP_des_ede3_ofb; ++ EVP_des_ede_cbc; ++ EVP_des_ede_cfb64; ++ EVP_des_ede_ofb; ++ EVP_des_ofb; ++ EVP_desx_cbc; ++ EVP_dss; ++ EVP_dss1; ++ EVP_enc_null; ++ EVP_get_cipherbyname; ++ EVP_get_digestbyname; ++ EVP_get_pw_prompt; ++ EVP_idea_cbc; ++ EVP_idea_cfb64; ++ EVP_idea_ecb; ++ EVP_idea_ofb; ++ EVP_md2; ++ EVP_md5; ++ EVP_md_null; ++ EVP_rc2_cbc; ++ EVP_rc2_cfb64; ++ EVP_rc2_ecb; ++ EVP_rc2_ofb; ++ EVP_rc4; ++ EVP_read_pw_string; ++ EVP_set_pw_prompt; ++ EVP_sha; ++ EVP_sha1; ++ MD2; ++ MD2_Final; ++ MD2_Init; ++ MD2_Update; ++ MD2_options; ++ MD5; ++ MD5_Final; ++ MD5_Init; ++ MD5_Update; ++ MDC2; ++ MDC2_Final; ++ MDC2_Init; ++ MDC2_Update; ++ NETSCAPE_SPKAC_free; ++ NETSCAPE_SPKAC_new; ++ NETSCAPE_SPKI_free; ++ NETSCAPE_SPKI_new; ++ NETSCAPE_SPKI_sign; ++ NETSCAPE_SPKI_verify; ++ OBJ_add_object; ++ OBJ_bsearch; ++ OBJ_cleanup; ++ OBJ_cmp; ++ OBJ_create; ++ OBJ_dup; ++ OBJ_ln2nid; ++ OBJ_new_nid; ++ OBJ_nid2ln; ++ OBJ_nid2obj; ++ OBJ_nid2sn; ++ OBJ_obj2nid; ++ OBJ_sn2nid; ++ OBJ_txt2nid; ++ PEM_ASN1_read; ++ PEM_ASN1_read_bio; ++ PEM_ASN1_write; ++ PEM_ASN1_write_bio; ++ PEM_SealFinal; ++ PEM_SealInit; ++ PEM_SealUpdate; ++ PEM_SignFinal; ++ PEM_SignInit; ++ PEM_SignUpdate; ++ PEM_X509_INFO_read; ++ PEM_X509_INFO_read_bio; ++ PEM_X509_INFO_write_bio; ++ PEM_dek_info; ++ PEM_do_header; ++ PEM_get_EVP_CIPHER_INFO; ++ PEM_proc_type; ++ PEM_read; ++ PEM_read_DHparams; ++ PEM_read_DSAPrivateKey; ++ PEM_read_DSAparams; ++ PEM_read_PKCS7; ++ PEM_read_PrivateKey; ++ PEM_read_RSAPrivateKey; ++ PEM_read_X509; ++ PEM_read_X509_CRL; ++ PEM_read_X509_REQ; ++ PEM_read_bio; ++ PEM_read_bio_DHparams; ++ PEM_read_bio_DSAPrivateKey; ++ PEM_read_bio_DSAparams; ++ PEM_read_bio_PKCS7; ++ PEM_read_bio_PrivateKey; ++ PEM_read_bio_RSAPrivateKey; ++ PEM_read_bio_X509; ++ PEM_read_bio_X509_CRL; ++ PEM_read_bio_X509_REQ; ++ PEM_write; ++ PEM_write_DHparams; ++ PEM_write_DSAPrivateKey; ++ PEM_write_DSAparams; ++ PEM_write_PKCS7; ++ PEM_write_PrivateKey; ++ PEM_write_RSAPrivateKey; ++ PEM_write_X509; ++ PEM_write_X509_CRL; ++ PEM_write_X509_REQ; ++ PEM_write_bio; ++ PEM_write_bio_DHparams; ++ PEM_write_bio_DSAPrivateKey; ++ PEM_write_bio_DSAparams; ++ PEM_write_bio_PKCS7; ++ PEM_write_bio_PrivateKey; ++ PEM_write_bio_RSAPrivateKey; ++ PEM_write_bio_X509; ++ PEM_write_bio_X509_CRL; ++ PEM_write_bio_X509_REQ; ++ PKCS7_DIGEST_free; ++ PKCS7_DIGEST_new; ++ PKCS7_ENCRYPT_free; ++ PKCS7_ENCRYPT_new; ++ PKCS7_ENC_CONTENT_free; ++ PKCS7_ENC_CONTENT_new; ++ PKCS7_ENVELOPE_free; ++ PKCS7_ENVELOPE_new; ++ PKCS7_ISSUER_AND_SERIAL_digest; ++ PKCS7_ISSUER_AND_SERIAL_free; ++ PKCS7_ISSUER_AND_SERIAL_new; ++ PKCS7_RECIP_INFO_free; ++ PKCS7_RECIP_INFO_new; ++ PKCS7_SIGNED_free; ++ PKCS7_SIGNED_new; ++ PKCS7_SIGNER_INFO_free; ++ PKCS7_SIGNER_INFO_new; ++ PKCS7_SIGN_ENVELOPE_free; ++ PKCS7_SIGN_ENVELOPE_new; ++ PKCS7_dup; ++ PKCS7_free; ++ PKCS7_new; ++ PROXY_ENTRY_add_noproxy; ++ PROXY_ENTRY_clear_noproxy; ++ PROXY_ENTRY_free; ++ PROXY_ENTRY_get_noproxy; ++ PROXY_ENTRY_new; ++ PROXY_ENTRY_set_server; ++ PROXY_add_noproxy; ++ PROXY_add_server; ++ PROXY_check_by_host; ++ PROXY_check_url; ++ PROXY_clear_noproxy; ++ PROXY_free; ++ PROXY_get_noproxy; ++ PROXY_get_proxies; ++ PROXY_get_proxy_entry; ++ PROXY_load_conf; ++ PROXY_new; ++ PROXY_print; ++ RAND_bytes; ++ RAND_cleanup; ++ RAND_file_name; ++ RAND_load_file; ++ RAND_screen; ++ RAND_seed; ++ RAND_write_file; ++ RC2_cbc_encrypt; ++ RC2_cfb64_encrypt; ++ RC2_ecb_encrypt; ++ RC2_encrypt; ++ RC2_ofb64_encrypt; ++ RC2_set_key; ++ RC4; ++ RC4_options; ++ RC4_set_key; ++ RSAPrivateKey_asn1_meth; ++ RSAPrivateKey_dup; ++ RSAPublicKey_dup; ++ RSA_PKCS1_SSLeay; ++ RSA_free; ++ RSA_generate_key; ++ RSA_new; ++ RSA_new_method; ++ RSA_print; ++ RSA_print_fp; ++ RSA_private_decrypt; ++ RSA_private_encrypt; ++ RSA_public_decrypt; ++ RSA_public_encrypt; ++ RSA_set_default_method; ++ RSA_sign; ++ RSA_sign_ASN1_OCTET_STRING; ++ RSA_size; ++ RSA_verify; ++ RSA_verify_ASN1_OCTET_STRING; ++ SHA; ++ SHA1; ++ SHA1_Final; ++ SHA1_Init; ++ SHA1_Update; ++ SHA_Final; ++ SHA_Init; ++ SHA_Update; ++ OpenSSL_add_all_algorithms; ++ OpenSSL_add_all_ciphers; ++ OpenSSL_add_all_digests; ++ TXT_DB_create_index; ++ TXT_DB_free; ++ TXT_DB_get_by_index; ++ TXT_DB_insert; ++ TXT_DB_read; ++ TXT_DB_write; ++ X509_ALGOR_free; ++ X509_ALGOR_new; ++ X509_ATTRIBUTE_free; ++ X509_ATTRIBUTE_new; ++ X509_CINF_free; ++ X509_CINF_new; ++ X509_CRL_INFO_free; ++ X509_CRL_INFO_new; ++ X509_CRL_add_ext; ++ X509_CRL_cmp; ++ X509_CRL_delete_ext; ++ X509_CRL_dup; ++ X509_CRL_free; ++ X509_CRL_get_ext; ++ X509_CRL_get_ext_by_NID; ++ X509_CRL_get_ext_by_OBJ; ++ X509_CRL_get_ext_by_critical; ++ X509_CRL_get_ext_count; ++ X509_CRL_new; ++ X509_CRL_sign; ++ X509_CRL_verify; ++ X509_EXTENSION_create_by_NID; ++ X509_EXTENSION_create_by_OBJ; ++ X509_EXTENSION_dup; ++ X509_EXTENSION_free; ++ X509_EXTENSION_get_critical; ++ X509_EXTENSION_get_data; ++ X509_EXTENSION_get_object; ++ X509_EXTENSION_new; ++ X509_EXTENSION_set_critical; ++ X509_EXTENSION_set_data; ++ X509_EXTENSION_set_object; ++ X509_INFO_free; ++ X509_INFO_new; ++ X509_LOOKUP_by_alias; ++ X509_LOOKUP_by_fingerprint; ++ X509_LOOKUP_by_issuer_serial; ++ X509_LOOKUP_by_subject; ++ X509_LOOKUP_ctrl; ++ X509_LOOKUP_file; ++ X509_LOOKUP_free; ++ X509_LOOKUP_hash_dir; ++ X509_LOOKUP_init; ++ X509_LOOKUP_new; ++ X509_LOOKUP_shutdown; ++ X509_NAME_ENTRY_create_by_NID; ++ X509_NAME_ENTRY_create_by_OBJ; ++ X509_NAME_ENTRY_dup; ++ X509_NAME_ENTRY_free; ++ X509_NAME_ENTRY_get_data; ++ X509_NAME_ENTRY_get_object; ++ X509_NAME_ENTRY_new; ++ X509_NAME_ENTRY_set_data; ++ X509_NAME_ENTRY_set_object; ++ X509_NAME_add_entry; ++ X509_NAME_cmp; ++ X509_NAME_delete_entry; ++ X509_NAME_digest; ++ X509_NAME_dup; ++ X509_NAME_entry_count; ++ X509_NAME_free; ++ X509_NAME_get_entry; ++ X509_NAME_get_index_by_NID; ++ X509_NAME_get_index_by_OBJ; ++ X509_NAME_get_text_by_NID; ++ X509_NAME_get_text_by_OBJ; ++ X509_NAME_hash; ++ X509_NAME_new; ++ X509_NAME_oneline; ++ X509_NAME_print; ++ X509_NAME_set; ++ X509_OBJECT_free_contents; ++ X509_OBJECT_retrieve_by_subject; ++ X509_OBJECT_up_ref_count; ++ X509_PKEY_free; ++ X509_PKEY_new; ++ X509_PUBKEY_free; ++ X509_PUBKEY_get; ++ X509_PUBKEY_new; ++ X509_PUBKEY_set; ++ X509_REQ_INFO_free; ++ X509_REQ_INFO_new; ++ X509_REQ_dup; ++ X509_REQ_free; ++ X509_REQ_get_pubkey; ++ X509_REQ_new; ++ X509_REQ_print; ++ X509_REQ_print_fp; ++ X509_REQ_set_pubkey; ++ X509_REQ_set_subject_name; ++ X509_REQ_set_version; ++ X509_REQ_sign; ++ X509_REQ_to_X509; ++ X509_REQ_verify; ++ X509_REVOKED_add_ext; ++ X509_REVOKED_delete_ext; ++ X509_REVOKED_free; ++ X509_REVOKED_get_ext; ++ X509_REVOKED_get_ext_by_NID; ++ X509_REVOKED_get_ext_by_OBJ; ++ X509_REVOKED_get_ext_by_critical; ++ X509_REVOKED_get_ext_by_critic; ++ X509_REVOKED_get_ext_count; ++ X509_REVOKED_new; ++ X509_SIG_free; ++ X509_SIG_new; ++ X509_STORE_CTX_cleanup; ++ X509_STORE_CTX_init; ++ X509_STORE_add_cert; ++ X509_STORE_add_lookup; ++ X509_STORE_free; ++ X509_STORE_get_by_subject; ++ X509_STORE_load_locations; ++ X509_STORE_new; ++ X509_STORE_set_default_paths; ++ X509_VAL_free; ++ X509_VAL_new; ++ X509_add_ext; ++ X509_asn1_meth; ++ X509_certificate_type; ++ X509_check_private_key; ++ X509_cmp_current_time; ++ X509_delete_ext; ++ X509_digest; ++ X509_dup; ++ X509_free; ++ X509_get_default_cert_area; ++ X509_get_default_cert_dir; ++ X509_get_default_cert_dir_env; ++ X509_get_default_cert_file; ++ X509_get_default_cert_file_env; ++ X509_get_default_private_dir; ++ X509_get_ext; ++ X509_get_ext_by_NID; ++ X509_get_ext_by_OBJ; ++ X509_get_ext_by_critical; ++ X509_get_ext_count; ++ X509_get_issuer_name; ++ X509_get_pubkey; ++ X509_get_pubkey_parameters; ++ X509_get_serialNumber; ++ X509_get_subject_name; ++ X509_gmtime_adj; ++ X509_issuer_and_serial_cmp; ++ X509_issuer_and_serial_hash; ++ X509_issuer_name_cmp; ++ X509_issuer_name_hash; ++ X509_load_cert_file; ++ X509_new; ++ X509_print; ++ X509_print_fp; ++ X509_set_issuer_name; ++ X509_set_notAfter; ++ X509_set_notBefore; ++ X509_set_pubkey; ++ X509_set_serialNumber; ++ X509_set_subject_name; ++ X509_set_version; ++ X509_sign; ++ X509_subject_name_cmp; ++ X509_subject_name_hash; ++ X509_to_X509_REQ; ++ X509_verify; ++ X509_verify_cert; ++ X509_verify_cert_error_string; ++ X509v3_add_ext; ++ X509v3_add_extension; ++ X509v3_add_netscape_extensions; ++ X509v3_add_standard_extensions; ++ X509v3_cleanup_extensions; ++ X509v3_data_type_by_NID; ++ X509v3_data_type_by_OBJ; ++ X509v3_delete_ext; ++ X509v3_get_ext; ++ X509v3_get_ext_by_NID; ++ X509v3_get_ext_by_OBJ; ++ X509v3_get_ext_by_critical; ++ X509v3_get_ext_count; ++ X509v3_pack_string; ++ X509v3_pack_type_by_NID; ++ X509v3_pack_type_by_OBJ; ++ X509v3_unpack_string; ++ _des_crypt; ++ a2d_ASN1_OBJECT; ++ a2i_ASN1_INTEGER; ++ a2i_ASN1_STRING; ++ asn1_Finish; ++ asn1_GetSequence; ++ bn_div_words; ++ bn_expand2; ++ bn_mul_add_words; ++ bn_mul_words; ++ BN_uadd; ++ BN_usub; ++ bn_sqr_words; ++ _ossl_old_crypt; ++ d2i_ASN1_BIT_STRING; ++ d2i_ASN1_BOOLEAN; ++ d2i_ASN1_HEADER; ++ d2i_ASN1_IA5STRING; ++ d2i_ASN1_INTEGER; ++ d2i_ASN1_OBJECT; ++ d2i_ASN1_OCTET_STRING; ++ d2i_ASN1_PRINTABLE; ++ d2i_ASN1_PRINTABLESTRING; ++ d2i_ASN1_SET; ++ d2i_ASN1_T61STRING; ++ d2i_ASN1_TYPE; ++ d2i_ASN1_UTCTIME; ++ d2i_ASN1_bytes; ++ d2i_ASN1_type_bytes; ++ d2i_DHparams; ++ d2i_DSAPrivateKey; ++ d2i_DSAPrivateKey_bio; ++ d2i_DSAPrivateKey_fp; ++ d2i_DSAPublicKey; ++ d2i_DSAparams; ++ d2i_NETSCAPE_SPKAC; ++ d2i_NETSCAPE_SPKI; ++ d2i_Netscape_RSA; ++ d2i_PKCS7; ++ d2i_PKCS7_DIGEST; ++ d2i_PKCS7_ENCRYPT; ++ d2i_PKCS7_ENC_CONTENT; ++ d2i_PKCS7_ENVELOPE; ++ d2i_PKCS7_ISSUER_AND_SERIAL; ++ d2i_PKCS7_RECIP_INFO; ++ d2i_PKCS7_SIGNED; ++ d2i_PKCS7_SIGNER_INFO; ++ d2i_PKCS7_SIGN_ENVELOPE; ++ d2i_PKCS7_bio; ++ d2i_PKCS7_fp; ++ d2i_PrivateKey; ++ d2i_PublicKey; ++ d2i_RSAPrivateKey; ++ d2i_RSAPrivateKey_bio; ++ d2i_RSAPrivateKey_fp; ++ d2i_RSAPublicKey; ++ d2i_X509; ++ d2i_X509_ALGOR; ++ d2i_X509_ATTRIBUTE; ++ d2i_X509_CINF; ++ d2i_X509_CRL; ++ d2i_X509_CRL_INFO; ++ d2i_X509_CRL_bio; ++ d2i_X509_CRL_fp; ++ d2i_X509_EXTENSION; ++ d2i_X509_NAME; ++ d2i_X509_NAME_ENTRY; ++ d2i_X509_PKEY; ++ d2i_X509_PUBKEY; ++ d2i_X509_REQ; ++ d2i_X509_REQ_INFO; ++ d2i_X509_REQ_bio; ++ d2i_X509_REQ_fp; ++ d2i_X509_REVOKED; ++ d2i_X509_SIG; ++ d2i_X509_VAL; ++ d2i_X509_bio; ++ d2i_X509_fp; ++ DES_cbc_cksum; ++ DES_cbc_encrypt; ++ DES_cblock_print_file; ++ DES_cfb64_encrypt; ++ DES_cfb_encrypt; ++ DES_decrypt3; ++ DES_ecb3_encrypt; ++ DES_ecb_encrypt; ++ DES_ede3_cbc_encrypt; ++ DES_ede3_cfb64_encrypt; ++ DES_ede3_ofb64_encrypt; ++ DES_enc_read; ++ DES_enc_write; ++ DES_encrypt1; ++ DES_encrypt2; ++ DES_encrypt3; ++ DES_fcrypt; ++ DES_is_weak_key; ++ DES_key_sched; ++ DES_ncbc_encrypt; ++ DES_ofb64_encrypt; ++ DES_ofb_encrypt; ++ DES_options; ++ DES_pcbc_encrypt; ++ DES_quad_cksum; ++ DES_random_key; ++ _ossl_old_des_random_seed; ++ _ossl_old_des_read_2passwords; ++ _ossl_old_des_read_password; ++ _ossl_old_des_read_pw; ++ _ossl_old_des_read_pw_string; ++ DES_set_key; ++ DES_set_odd_parity; ++ DES_string_to_2keys; ++ DES_string_to_key; ++ DES_xcbc_encrypt; ++ DES_xwhite_in2out; ++ fcrypt_body; ++ i2a_ASN1_INTEGER; ++ i2a_ASN1_OBJECT; ++ i2a_ASN1_STRING; ++ i2d_ASN1_BIT_STRING; ++ i2d_ASN1_BOOLEAN; ++ i2d_ASN1_HEADER; ++ i2d_ASN1_IA5STRING; ++ i2d_ASN1_INTEGER; ++ i2d_ASN1_OBJECT; ++ i2d_ASN1_OCTET_STRING; ++ i2d_ASN1_PRINTABLE; ++ i2d_ASN1_SET; ++ i2d_ASN1_TYPE; ++ i2d_ASN1_UTCTIME; ++ i2d_ASN1_bytes; ++ i2d_DHparams; ++ i2d_DSAPrivateKey; ++ i2d_DSAPrivateKey_bio; ++ i2d_DSAPrivateKey_fp; ++ i2d_DSAPublicKey; ++ i2d_DSAparams; ++ i2d_NETSCAPE_SPKAC; ++ i2d_NETSCAPE_SPKI; ++ i2d_Netscape_RSA; ++ i2d_PKCS7; ++ i2d_PKCS7_DIGEST; ++ i2d_PKCS7_ENCRYPT; ++ i2d_PKCS7_ENC_CONTENT; ++ i2d_PKCS7_ENVELOPE; ++ i2d_PKCS7_ISSUER_AND_SERIAL; ++ i2d_PKCS7_RECIP_INFO; ++ i2d_PKCS7_SIGNED; ++ i2d_PKCS7_SIGNER_INFO; ++ i2d_PKCS7_SIGN_ENVELOPE; ++ i2d_PKCS7_bio; ++ i2d_PKCS7_fp; ++ i2d_PrivateKey; ++ i2d_PublicKey; ++ i2d_RSAPrivateKey; ++ i2d_RSAPrivateKey_bio; ++ i2d_RSAPrivateKey_fp; ++ i2d_RSAPublicKey; ++ i2d_X509; ++ i2d_X509_ALGOR; ++ i2d_X509_ATTRIBUTE; ++ i2d_X509_CINF; ++ i2d_X509_CRL; ++ i2d_X509_CRL_INFO; ++ i2d_X509_CRL_bio; ++ i2d_X509_CRL_fp; ++ i2d_X509_EXTENSION; ++ i2d_X509_NAME; ++ i2d_X509_NAME_ENTRY; ++ i2d_X509_PKEY; ++ i2d_X509_PUBKEY; ++ i2d_X509_REQ; ++ i2d_X509_REQ_INFO; ++ i2d_X509_REQ_bio; ++ i2d_X509_REQ_fp; ++ i2d_X509_REVOKED; ++ i2d_X509_SIG; ++ i2d_X509_VAL; ++ i2d_X509_bio; ++ i2d_X509_fp; ++ idea_cbc_encrypt; ++ idea_cfb64_encrypt; ++ idea_ecb_encrypt; ++ idea_encrypt; ++ idea_ofb64_encrypt; ++ idea_options; ++ idea_set_decrypt_key; ++ idea_set_encrypt_key; ++ lh_delete; ++ lh_doall; ++ lh_doall_arg; ++ lh_free; ++ lh_insert; ++ lh_new; ++ lh_node_stats; ++ lh_node_stats_bio; ++ lh_node_usage_stats; ++ lh_node_usage_stats_bio; ++ lh_retrieve; ++ lh_stats; ++ lh_stats_bio; ++ lh_strhash; ++ sk_delete; ++ sk_delete_ptr; ++ sk_dup; ++ sk_find; ++ sk_free; ++ sk_insert; ++ sk_new; ++ sk_pop; ++ sk_pop_free; ++ sk_push; ++ sk_set_cmp_func; ++ sk_shift; ++ sk_unshift; ++ sk_zero; ++ BIO_f_nbio_test; ++ ASN1_TYPE_get; ++ ASN1_TYPE_set; ++ PKCS7_content_free; ++ ERR_load_PKCS7_strings; ++ X509_find_by_issuer_and_serial; ++ X509_find_by_subject; ++ PKCS7_ctrl; ++ PKCS7_set_type; ++ PKCS7_set_content; ++ PKCS7_SIGNER_INFO_set; ++ PKCS7_add_signer; ++ PKCS7_add_certificate; ++ PKCS7_add_crl; ++ PKCS7_content_new; ++ PKCS7_dataSign; ++ PKCS7_dataVerify; ++ PKCS7_dataInit; ++ PKCS7_add_signature; ++ PKCS7_cert_from_signer_info; ++ PKCS7_get_signer_info; ++ EVP_delete_alias; ++ EVP_mdc2; ++ PEM_read_bio_RSAPublicKey; ++ PEM_write_bio_RSAPublicKey; ++ d2i_RSAPublicKey_bio; ++ i2d_RSAPublicKey_bio; ++ PEM_read_RSAPublicKey; ++ PEM_write_RSAPublicKey; ++ d2i_RSAPublicKey_fp; ++ i2d_RSAPublicKey_fp; ++ BIO_copy_next_retry; ++ RSA_flags; ++ X509_STORE_add_crl; ++ X509_load_crl_file; ++ EVP_rc2_40_cbc; ++ EVP_rc4_40; ++ EVP_CIPHER_CTX_init; ++ HMAC; ++ HMAC_Init; ++ HMAC_Update; ++ HMAC_Final; ++ ERR_get_next_error_library; ++ EVP_PKEY_cmp_parameters; ++ HMAC_cleanup; ++ BIO_ptr_ctrl; ++ BIO_new_file_internal; ++ BIO_new_fp_internal; ++ BIO_s_file_internal; ++ BN_BLINDING_convert; ++ BN_BLINDING_invert; ++ BN_BLINDING_update; ++ RSA_blinding_on; ++ RSA_blinding_off; ++ i2t_ASN1_OBJECT; ++ BN_BLINDING_new; ++ BN_BLINDING_free; ++ EVP_cast5_cbc; ++ EVP_cast5_cfb64; ++ EVP_cast5_ecb; ++ EVP_cast5_ofb; ++ BF_decrypt; ++ CAST_set_key; ++ CAST_encrypt; ++ CAST_decrypt; ++ CAST_ecb_encrypt; ++ CAST_cbc_encrypt; ++ CAST_cfb64_encrypt; ++ CAST_ofb64_encrypt; ++ RC2_decrypt; ++ OBJ_create_objects; ++ BN_exp; ++ BN_mul_word; ++ BN_sub_word; ++ BN_dec2bn; ++ BN_bn2dec; ++ BIO_ghbn_ctrl; ++ CRYPTO_free_ex_data; ++ CRYPTO_get_ex_data; ++ CRYPTO_set_ex_data; ++ ERR_load_CRYPTO_strings; ++ ERR_load_CRYPTOlib_strings; ++ EVP_PKEY_bits; ++ MD5_Transform; ++ SHA1_Transform; ++ SHA_Transform; ++ X509_STORE_CTX_get_chain; ++ X509_STORE_CTX_get_current_cert; ++ X509_STORE_CTX_get_error; ++ X509_STORE_CTX_get_error_depth; ++ X509_STORE_CTX_get_ex_data; ++ X509_STORE_CTX_set_cert; ++ X509_STORE_CTX_set_chain; ++ X509_STORE_CTX_set_error; ++ X509_STORE_CTX_set_ex_data; ++ CRYPTO_dup_ex_data; ++ CRYPTO_get_new_lockid; ++ CRYPTO_new_ex_data; ++ RSA_set_ex_data; ++ RSA_get_ex_data; ++ RSA_get_ex_new_index; ++ RSA_padding_add_PKCS1_type_1; ++ RSA_padding_add_PKCS1_type_2; ++ RSA_padding_add_SSLv23; ++ RSA_padding_add_none; ++ RSA_padding_check_PKCS1_type_1; ++ RSA_padding_check_PKCS1_type_2; ++ RSA_padding_check_SSLv23; ++ RSA_padding_check_none; ++ bn_add_words; ++ d2i_Netscape_RSA_2; ++ CRYPTO_get_ex_new_index; ++ RIPEMD160_Init; ++ RIPEMD160_Update; ++ RIPEMD160_Final; ++ RIPEMD160; ++ RIPEMD160_Transform; ++ RC5_32_set_key; ++ RC5_32_ecb_encrypt; ++ RC5_32_encrypt; ++ RC5_32_decrypt; ++ RC5_32_cbc_encrypt; ++ RC5_32_cfb64_encrypt; ++ RC5_32_ofb64_encrypt; ++ BN_bn2mpi; ++ BN_mpi2bn; ++ ASN1_BIT_STRING_get_bit; ++ ASN1_BIT_STRING_set_bit; ++ BIO_get_ex_data; ++ BIO_get_ex_new_index; ++ BIO_set_ex_data; ++ X509v3_get_key_usage; ++ X509v3_set_key_usage; ++ a2i_X509v3_key_usage; ++ i2a_X509v3_key_usage; ++ EVP_PKEY_decrypt; ++ EVP_PKEY_encrypt; ++ PKCS7_RECIP_INFO_set; ++ PKCS7_add_recipient; ++ PKCS7_add_recipient_info; ++ PKCS7_set_cipher; ++ ASN1_TYPE_get_int_octetstring; ++ ASN1_TYPE_get_octetstring; ++ ASN1_TYPE_set_int_octetstring; ++ ASN1_TYPE_set_octetstring; ++ ASN1_UTCTIME_set_string; ++ ERR_add_error_data; ++ ERR_set_error_data; ++ EVP_CIPHER_asn1_to_param; ++ EVP_CIPHER_param_to_asn1; ++ EVP_CIPHER_get_asn1_iv; ++ EVP_CIPHER_set_asn1_iv; ++ EVP_rc5_32_12_16_cbc; ++ EVP_rc5_32_12_16_cfb64; ++ EVP_rc5_32_12_16_ecb; ++ EVP_rc5_32_12_16_ofb; ++ asn1_add_error; ++ d2i_ASN1_BMPSTRING; ++ i2d_ASN1_BMPSTRING; ++ BIO_f_ber; ++ BN_init; ++ COMP_CTX_new; ++ COMP_CTX_free; ++ COMP_CTX_compress_block; ++ COMP_CTX_expand_block; ++ X509_STORE_CTX_get_ex_new_index; ++ OBJ_NAME_add; ++ BIO_socket_nbio; ++ EVP_rc2_64_cbc; ++ OBJ_NAME_cleanup; ++ OBJ_NAME_get; ++ OBJ_NAME_init; ++ OBJ_NAME_new_index; ++ OBJ_NAME_remove; ++ BN_MONT_CTX_copy; ++ BIO_new_socks4a_connect; ++ BIO_s_socks4a_connect; ++ PROXY_set_connect_mode; ++ RAND_SSLeay; ++ RAND_set_rand_method; ++ RSA_memory_lock; ++ bn_sub_words; ++ bn_mul_normal; ++ bn_mul_comba8; ++ bn_mul_comba4; ++ bn_sqr_normal; ++ bn_sqr_comba8; ++ bn_sqr_comba4; ++ bn_cmp_words; ++ bn_mul_recursive; ++ bn_mul_part_recursive; ++ bn_sqr_recursive; ++ bn_mul_low_normal; ++ BN_RECP_CTX_init; ++ BN_RECP_CTX_new; ++ BN_RECP_CTX_free; ++ BN_RECP_CTX_set; ++ BN_mod_mul_reciprocal; ++ BN_mod_exp_recp; ++ BN_div_recp; ++ BN_CTX_init; ++ BN_MONT_CTX_init; ++ RAND_get_rand_method; ++ PKCS7_add_attribute; ++ PKCS7_add_signed_attribute; ++ PKCS7_digest_from_attributes; ++ PKCS7_get_attribute; ++ PKCS7_get_issuer_and_serial; ++ PKCS7_get_signed_attribute; ++ COMP_compress_block; ++ COMP_expand_block; ++ COMP_rle; ++ COMP_zlib; ++ ms_time_diff; ++ ms_time_new; ++ ms_time_free; ++ ms_time_cmp; ++ ms_time_get; ++ PKCS7_set_attributes; ++ PKCS7_set_signed_attributes; ++ X509_ATTRIBUTE_create; ++ X509_ATTRIBUTE_dup; ++ ASN1_GENERALIZEDTIME_check; ++ ASN1_GENERALIZEDTIME_print; ++ ASN1_GENERALIZEDTIME_set; ++ ASN1_GENERALIZEDTIME_set_string; ++ ASN1_TIME_print; ++ BASIC_CONSTRAINTS_free; ++ BASIC_CONSTRAINTS_new; ++ ERR_load_X509V3_strings; ++ NETSCAPE_CERT_SEQUENCE_free; ++ NETSCAPE_CERT_SEQUENCE_new; ++ OBJ_txt2obj; ++ PEM_read_NETSCAPE_CERT_SEQUENCE; ++ PEM_read_NS_CERT_SEQ; ++ PEM_read_bio_NETSCAPE_CERT_SEQUENCE; ++ PEM_read_bio_NS_CERT_SEQ; ++ PEM_write_NETSCAPE_CERT_SEQUENCE; ++ PEM_write_NS_CERT_SEQ; ++ PEM_write_bio_NETSCAPE_CERT_SEQUENCE; ++ PEM_write_bio_NS_CERT_SEQ; ++ X509V3_EXT_add; ++ X509V3_EXT_add_alias; ++ X509V3_EXT_add_conf; ++ X509V3_EXT_cleanup; ++ X509V3_EXT_conf; ++ X509V3_EXT_conf_nid; ++ X509V3_EXT_get; ++ X509V3_EXT_get_nid; ++ X509V3_EXT_print; ++ X509V3_EXT_print_fp; ++ X509V3_add_standard_extensions; ++ X509V3_add_value; ++ X509V3_add_value_bool; ++ X509V3_add_value_int; ++ X509V3_conf_free; ++ X509V3_get_value_bool; ++ X509V3_get_value_int; ++ X509V3_parse_list; ++ d2i_ASN1_GENERALIZEDTIME; ++ d2i_ASN1_TIME; ++ d2i_BASIC_CONSTRAINTS; ++ d2i_NETSCAPE_CERT_SEQUENCE; ++ d2i_ext_ku; ++ ext_ku_free; ++ ext_ku_new; ++ i2d_ASN1_GENERALIZEDTIME; ++ i2d_ASN1_TIME; ++ i2d_BASIC_CONSTRAINTS; ++ i2d_NETSCAPE_CERT_SEQUENCE; ++ i2d_ext_ku; ++ EVP_MD_CTX_copy; ++ i2d_ASN1_ENUMERATED; ++ d2i_ASN1_ENUMERATED; ++ ASN1_ENUMERATED_set; ++ ASN1_ENUMERATED_get; ++ BN_to_ASN1_ENUMERATED; ++ ASN1_ENUMERATED_to_BN; ++ i2a_ASN1_ENUMERATED; ++ a2i_ASN1_ENUMERATED; ++ i2d_GENERAL_NAME; ++ d2i_GENERAL_NAME; ++ GENERAL_NAME_new; ++ GENERAL_NAME_free; ++ GENERAL_NAMES_new; ++ GENERAL_NAMES_free; ++ d2i_GENERAL_NAMES; ++ i2d_GENERAL_NAMES; ++ i2v_GENERAL_NAMES; ++ i2s_ASN1_OCTET_STRING; ++ s2i_ASN1_OCTET_STRING; ++ X509V3_EXT_check_conf; ++ hex_to_string; ++ string_to_hex; ++ DES_ede3_cbcm_encrypt; ++ RSA_padding_add_PKCS1_OAEP; ++ RSA_padding_check_PKCS1_OAEP; ++ X509_CRL_print_fp; ++ X509_CRL_print; ++ i2v_GENERAL_NAME; ++ v2i_GENERAL_NAME; ++ i2d_PKEY_USAGE_PERIOD; ++ d2i_PKEY_USAGE_PERIOD; ++ PKEY_USAGE_PERIOD_new; ++ PKEY_USAGE_PERIOD_free; ++ v2i_GENERAL_NAMES; ++ i2s_ASN1_INTEGER; ++ X509V3_EXT_d2i; ++ name_cmp; ++ str_dup; ++ i2s_ASN1_ENUMERATED; ++ i2s_ASN1_ENUMERATED_TABLE; ++ BIO_s_log; ++ BIO_f_reliable; ++ PKCS7_dataFinal; ++ PKCS7_dataDecode; ++ X509V3_EXT_CRL_add_conf; ++ BN_set_params; ++ BN_get_params; ++ BIO_get_ex_num; ++ BIO_set_ex_free_func; ++ EVP_ripemd160; ++ ASN1_TIME_set; ++ i2d_AUTHORITY_KEYID; ++ d2i_AUTHORITY_KEYID; ++ AUTHORITY_KEYID_new; ++ AUTHORITY_KEYID_free; ++ ASN1_seq_unpack; ++ ASN1_seq_pack; ++ ASN1_unpack_string; ++ ASN1_pack_string; ++ PKCS12_pack_safebag; ++ PKCS12_MAKE_KEYBAG; ++ PKCS8_encrypt; ++ PKCS12_MAKE_SHKEYBAG; ++ PKCS12_pack_p7data; ++ PKCS12_pack_p7encdata; ++ PKCS12_add_localkeyid; ++ PKCS12_add_friendlyname_asc; ++ PKCS12_add_friendlyname_uni; ++ PKCS12_get_friendlyname; ++ PKCS12_pbe_crypt; ++ PKCS12_decrypt_d2i; ++ PKCS12_i2d_encrypt; ++ PKCS12_init; ++ PKCS12_key_gen_asc; ++ PKCS12_key_gen_uni; ++ PKCS12_gen_mac; ++ PKCS12_verify_mac; ++ PKCS12_set_mac; ++ PKCS12_setup_mac; ++ OPENSSL_asc2uni; ++ OPENSSL_uni2asc; ++ i2d_PKCS12_BAGS; ++ PKCS12_BAGS_new; ++ d2i_PKCS12_BAGS; ++ PKCS12_BAGS_free; ++ i2d_PKCS12; ++ d2i_PKCS12; ++ PKCS12_new; ++ PKCS12_free; ++ i2d_PKCS12_MAC_DATA; ++ PKCS12_MAC_DATA_new; ++ d2i_PKCS12_MAC_DATA; ++ PKCS12_MAC_DATA_free; ++ i2d_PKCS12_SAFEBAG; ++ PKCS12_SAFEBAG_new; ++ d2i_PKCS12_SAFEBAG; ++ PKCS12_SAFEBAG_free; ++ ERR_load_PKCS12_strings; ++ PKCS12_PBE_add; ++ PKCS8_add_keyusage; ++ PKCS12_get_attr_gen; ++ PKCS12_parse; ++ PKCS12_create; ++ i2d_PKCS12_bio; ++ i2d_PKCS12_fp; ++ d2i_PKCS12_bio; ++ d2i_PKCS12_fp; ++ i2d_PBEPARAM; ++ PBEPARAM_new; ++ d2i_PBEPARAM; ++ PBEPARAM_free; ++ i2d_PKCS8_PRIV_KEY_INFO; ++ PKCS8_PRIV_KEY_INFO_new; ++ d2i_PKCS8_PRIV_KEY_INFO; ++ PKCS8_PRIV_KEY_INFO_free; ++ EVP_PKCS82PKEY; ++ EVP_PKEY2PKCS8; ++ PKCS8_set_broken; ++ EVP_PBE_ALGOR_CipherInit; ++ EVP_PBE_alg_add; ++ PKCS5_pbe_set; ++ EVP_PBE_cleanup; ++ i2d_SXNET; ++ d2i_SXNET; ++ SXNET_new; ++ SXNET_free; ++ i2d_SXNETID; ++ d2i_SXNETID; ++ SXNETID_new; ++ SXNETID_free; ++ DSA_SIG_new; ++ DSA_SIG_free; ++ DSA_do_sign; ++ DSA_do_verify; ++ d2i_DSA_SIG; ++ i2d_DSA_SIG; ++ i2d_ASN1_VISIBLESTRING; ++ d2i_ASN1_VISIBLESTRING; ++ i2d_ASN1_UTF8STRING; ++ d2i_ASN1_UTF8STRING; ++ i2d_DIRECTORYSTRING; ++ d2i_DIRECTORYSTRING; ++ i2d_DISPLAYTEXT; ++ d2i_DISPLAYTEXT; ++ d2i_ASN1_SET_OF_X509; ++ i2d_ASN1_SET_OF_X509; ++ i2d_PBKDF2PARAM; ++ PBKDF2PARAM_new; ++ d2i_PBKDF2PARAM; ++ PBKDF2PARAM_free; ++ i2d_PBE2PARAM; ++ PBE2PARAM_new; ++ d2i_PBE2PARAM; ++ PBE2PARAM_free; ++ d2i_ASN1_SET_OF_GENERAL_NAME; ++ i2d_ASN1_SET_OF_GENERAL_NAME; ++ d2i_ASN1_SET_OF_SXNETID; ++ i2d_ASN1_SET_OF_SXNETID; ++ d2i_ASN1_SET_OF_POLICYQUALINFO; ++ i2d_ASN1_SET_OF_POLICYQUALINFO; ++ d2i_ASN1_SET_OF_POLICYINFO; ++ i2d_ASN1_SET_OF_POLICYINFO; ++ SXNET_add_id_asc; ++ SXNET_add_id_ulong; ++ SXNET_add_id_INTEGER; ++ SXNET_get_id_asc; ++ SXNET_get_id_ulong; ++ SXNET_get_id_INTEGER; ++ X509V3_set_conf_lhash; ++ i2d_CERTIFICATEPOLICIES; ++ CERTIFICATEPOLICIES_new; ++ CERTIFICATEPOLICIES_free; ++ d2i_CERTIFICATEPOLICIES; ++ i2d_POLICYINFO; ++ POLICYINFO_new; ++ d2i_POLICYINFO; ++ POLICYINFO_free; ++ i2d_POLICYQUALINFO; ++ POLICYQUALINFO_new; ++ d2i_POLICYQUALINFO; ++ POLICYQUALINFO_free; ++ i2d_USERNOTICE; ++ USERNOTICE_new; ++ d2i_USERNOTICE; ++ USERNOTICE_free; ++ i2d_NOTICEREF; ++ NOTICEREF_new; ++ d2i_NOTICEREF; ++ NOTICEREF_free; ++ X509V3_get_string; ++ X509V3_get_section; ++ X509V3_string_free; ++ X509V3_section_free; ++ X509V3_set_ctx; ++ s2i_ASN1_INTEGER; ++ CRYPTO_set_locked_mem_functions; ++ CRYPTO_get_locked_mem_functions; ++ CRYPTO_malloc_locked; ++ CRYPTO_free_locked; ++ BN_mod_exp2_mont; ++ ERR_get_error_line_data; ++ ERR_peek_error_line_data; ++ PKCS12_PBE_keyivgen; ++ X509_ALGOR_dup; ++ d2i_ASN1_SET_OF_DIST_POINT; ++ i2d_ASN1_SET_OF_DIST_POINT; ++ i2d_CRL_DIST_POINTS; ++ CRL_DIST_POINTS_new; ++ CRL_DIST_POINTS_free; ++ d2i_CRL_DIST_POINTS; ++ i2d_DIST_POINT; ++ DIST_POINT_new; ++ d2i_DIST_POINT; ++ DIST_POINT_free; ++ i2d_DIST_POINT_NAME; ++ DIST_POINT_NAME_new; ++ DIST_POINT_NAME_free; ++ d2i_DIST_POINT_NAME; ++ X509V3_add_value_uchar; ++ d2i_ASN1_SET_OF_X509_ATTRIBUTE; ++ i2d_ASN1_SET_OF_ASN1_TYPE; ++ d2i_ASN1_SET_OF_X509_EXTENSION; ++ d2i_ASN1_SET_OF_X509_NAME_ENTRY; ++ d2i_ASN1_SET_OF_ASN1_TYPE; ++ i2d_ASN1_SET_OF_X509_ATTRIBUTE; ++ i2d_ASN1_SET_OF_X509_EXTENSION; ++ i2d_ASN1_SET_OF_X509_NAME_ENTRY; ++ X509V3_EXT_i2d; ++ X509V3_EXT_val_prn; ++ X509V3_EXT_add_list; ++ EVP_CIPHER_type; ++ EVP_PBE_CipherInit; ++ X509V3_add_value_bool_nf; ++ d2i_ASN1_UINTEGER; ++ sk_value; ++ sk_num; ++ sk_set; ++ i2d_ASN1_SET_OF_X509_REVOKED; ++ sk_sort; ++ d2i_ASN1_SET_OF_X509_REVOKED; ++ i2d_ASN1_SET_OF_X509_ALGOR; ++ i2d_ASN1_SET_OF_X509_CRL; ++ d2i_ASN1_SET_OF_X509_ALGOR; ++ d2i_ASN1_SET_OF_X509_CRL; ++ i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO; ++ i2d_ASN1_SET_OF_PKCS7_RECIP_INFO; ++ d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO; ++ d2i_ASN1_SET_OF_PKCS7_RECIP_INFO; ++ PKCS5_PBE_add; ++ PEM_write_bio_PKCS8; ++ i2d_PKCS8_fp; ++ PEM_read_bio_PKCS8_PRIV_KEY_INFO; ++ PEM_read_bio_P8_PRIV_KEY_INFO; ++ d2i_PKCS8_bio; ++ d2i_PKCS8_PRIV_KEY_INFO_fp; ++ PEM_write_bio_PKCS8_PRIV_KEY_INFO; ++ PEM_write_bio_P8_PRIV_KEY_INFO; ++ PEM_read_PKCS8; ++ d2i_PKCS8_PRIV_KEY_INFO_bio; ++ d2i_PKCS8_fp; ++ PEM_write_PKCS8; ++ PEM_read_PKCS8_PRIV_KEY_INFO; ++ PEM_read_P8_PRIV_KEY_INFO; ++ PEM_read_bio_PKCS8; ++ PEM_write_PKCS8_PRIV_KEY_INFO; ++ PEM_write_P8_PRIV_KEY_INFO; ++ PKCS5_PBE_keyivgen; ++ i2d_PKCS8_bio; ++ i2d_PKCS8_PRIV_KEY_INFO_fp; ++ i2d_PKCS8_PRIV_KEY_INFO_bio; ++ BIO_s_bio; ++ PKCS5_pbe2_set; ++ PKCS5_PBKDF2_HMAC_SHA1; ++ PKCS5_v2_PBE_keyivgen; ++ PEM_write_bio_PKCS8PrivateKey; ++ PEM_write_PKCS8PrivateKey; ++ BIO_ctrl_get_read_request; ++ BIO_ctrl_pending; ++ BIO_ctrl_wpending; ++ BIO_new_bio_pair; ++ BIO_ctrl_get_write_guarantee; ++ CRYPTO_num_locks; ++ CONF_load_bio; ++ CONF_load_fp; ++ i2d_ASN1_SET_OF_ASN1_OBJECT; ++ d2i_ASN1_SET_OF_ASN1_OBJECT; ++ PKCS7_signatureVerify; ++ RSA_set_method; ++ RSA_get_method; ++ RSA_get_default_method; ++ RSA_check_key; ++ OBJ_obj2txt; ++ DSA_dup_DH; ++ X509_REQ_get_extensions; ++ X509_REQ_set_extension_nids; ++ BIO_nwrite; ++ X509_REQ_extension_nid; ++ BIO_nread; ++ X509_REQ_get_extension_nids; ++ BIO_nwrite0; ++ X509_REQ_add_extensions_nid; ++ BIO_nread0; ++ X509_REQ_add_extensions; ++ BIO_new_mem_buf; ++ DH_set_ex_data; ++ DH_set_method; ++ DSA_OpenSSL; ++ DH_get_ex_data; ++ DH_get_ex_new_index; ++ DSA_new_method; ++ DH_new_method; ++ DH_OpenSSL; ++ DSA_get_ex_new_index; ++ DH_get_default_method; ++ DSA_set_ex_data; ++ DH_set_default_method; ++ DSA_get_ex_data; ++ X509V3_EXT_REQ_add_conf; ++ NETSCAPE_SPKI_print; ++ NETSCAPE_SPKI_set_pubkey; ++ NETSCAPE_SPKI_b64_encode; ++ NETSCAPE_SPKI_get_pubkey; ++ NETSCAPE_SPKI_b64_decode; ++ UTF8_putc; ++ UTF8_getc; ++ RSA_null_method; ++ ASN1_tag2str; ++ BIO_ctrl_reset_read_request; ++ DISPLAYTEXT_new; ++ ASN1_GENERALIZEDTIME_free; ++ X509_REVOKED_get_ext_d2i; ++ X509_set_ex_data; ++ X509_reject_set_bit_asc; ++ X509_NAME_add_entry_by_txt; ++ X509_NAME_add_entry_by_NID; ++ X509_PURPOSE_get0; ++ PEM_read_X509_AUX; ++ d2i_AUTHORITY_INFO_ACCESS; ++ PEM_write_PUBKEY; ++ ACCESS_DESCRIPTION_new; ++ X509_CERT_AUX_free; ++ d2i_ACCESS_DESCRIPTION; ++ X509_trust_clear; ++ X509_TRUST_add; ++ ASN1_VISIBLESTRING_new; ++ X509_alias_set1; ++ ASN1_PRINTABLESTRING_free; ++ EVP_PKEY_get1_DSA; ++ ASN1_BMPSTRING_new; ++ ASN1_mbstring_copy; ++ ASN1_UTF8STRING_new; ++ DSA_get_default_method; ++ i2d_ASN1_SET_OF_ACCESS_DESCRIPTION; ++ ASN1_T61STRING_free; ++ DSA_set_method; ++ X509_get_ex_data; ++ ASN1_STRING_type; ++ X509_PURPOSE_get_by_sname; ++ ASN1_TIME_free; ++ ASN1_OCTET_STRING_cmp; ++ ASN1_BIT_STRING_new; ++ X509_get_ext_d2i; ++ PEM_read_bio_X509_AUX; ++ ASN1_STRING_set_default_mask_asc; ++ ASN1_STRING_set_def_mask_asc; ++ PEM_write_bio_RSA_PUBKEY; ++ ASN1_INTEGER_cmp; ++ d2i_RSA_PUBKEY_fp; ++ X509_trust_set_bit_asc; ++ PEM_write_bio_DSA_PUBKEY; ++ X509_STORE_CTX_free; ++ EVP_PKEY_set1_DSA; ++ i2d_DSA_PUBKEY_fp; ++ X509_load_cert_crl_file; ++ ASN1_TIME_new; ++ i2d_RSA_PUBKEY; ++ X509_STORE_CTX_purpose_inherit; ++ PEM_read_RSA_PUBKEY; ++ d2i_X509_AUX; ++ i2d_DSA_PUBKEY; ++ X509_CERT_AUX_print; ++ PEM_read_DSA_PUBKEY; ++ i2d_RSA_PUBKEY_bio; ++ ASN1_BIT_STRING_num_asc; ++ i2d_PUBKEY; ++ ASN1_UTCTIME_free; ++ DSA_set_default_method; ++ X509_PURPOSE_get_by_id; ++ ACCESS_DESCRIPTION_free; ++ PEM_read_bio_PUBKEY; ++ ASN1_STRING_set_by_NID; ++ X509_PURPOSE_get_id; ++ DISPLAYTEXT_free; ++ OTHERNAME_new; ++ X509_CERT_AUX_new; ++ X509_TRUST_cleanup; ++ X509_NAME_add_entry_by_OBJ; ++ X509_CRL_get_ext_d2i; ++ X509_PURPOSE_get0_name; ++ PEM_read_PUBKEY; ++ i2d_DSA_PUBKEY_bio; ++ i2d_OTHERNAME; ++ ASN1_OCTET_STRING_free; ++ ASN1_BIT_STRING_set_asc; ++ X509_get_ex_new_index; ++ ASN1_STRING_TABLE_cleanup; ++ X509_TRUST_get_by_id; ++ X509_PURPOSE_get_trust; ++ ASN1_STRING_length; ++ d2i_ASN1_SET_OF_ACCESS_DESCRIPTION; ++ ASN1_PRINTABLESTRING_new; ++ X509V3_get_d2i; ++ ASN1_ENUMERATED_free; ++ i2d_X509_CERT_AUX; ++ X509_STORE_CTX_set_trust; ++ ASN1_STRING_set_default_mask; ++ X509_STORE_CTX_new; ++ EVP_PKEY_get1_RSA; ++ DIRECTORYSTRING_free; ++ PEM_write_X509_AUX; ++ ASN1_OCTET_STRING_set; ++ d2i_DSA_PUBKEY_fp; ++ d2i_RSA_PUBKEY; ++ X509_TRUST_get0_name; ++ X509_TRUST_get0; ++ AUTHORITY_INFO_ACCESS_free; ++ ASN1_IA5STRING_new; ++ d2i_DSA_PUBKEY; ++ X509_check_purpose; ++ ASN1_ENUMERATED_new; ++ d2i_RSA_PUBKEY_bio; ++ d2i_PUBKEY; ++ X509_TRUST_get_trust; ++ X509_TRUST_get_flags; ++ ASN1_BMPSTRING_free; ++ ASN1_T61STRING_new; ++ ASN1_UTCTIME_new; ++ i2d_AUTHORITY_INFO_ACCESS; ++ EVP_PKEY_set1_RSA; ++ X509_STORE_CTX_set_purpose; ++ ASN1_IA5STRING_free; ++ PEM_write_bio_X509_AUX; ++ X509_PURPOSE_get_count; ++ CRYPTO_add_info; ++ X509_NAME_ENTRY_create_by_txt; ++ ASN1_STRING_get_default_mask; ++ X509_alias_get0; ++ ASN1_STRING_data; ++ i2d_ACCESS_DESCRIPTION; ++ X509_trust_set_bit; ++ ASN1_BIT_STRING_free; ++ PEM_read_bio_RSA_PUBKEY; ++ X509_add1_reject_object; ++ X509_check_trust; ++ PEM_read_bio_DSA_PUBKEY; ++ X509_PURPOSE_add; ++ ASN1_STRING_TABLE_get; ++ ASN1_UTF8STRING_free; ++ d2i_DSA_PUBKEY_bio; ++ PEM_write_RSA_PUBKEY; ++ d2i_OTHERNAME; ++ X509_reject_set_bit; ++ PEM_write_DSA_PUBKEY; ++ X509_PURPOSE_get0_sname; ++ EVP_PKEY_set1_DH; ++ ASN1_OCTET_STRING_dup; ++ ASN1_BIT_STRING_set; ++ X509_TRUST_get_count; ++ ASN1_INTEGER_free; ++ OTHERNAME_free; ++ i2d_RSA_PUBKEY_fp; ++ ASN1_INTEGER_dup; ++ d2i_X509_CERT_AUX; ++ PEM_write_bio_PUBKEY; ++ ASN1_VISIBLESTRING_free; ++ X509_PURPOSE_cleanup; ++ ASN1_mbstring_ncopy; ++ ASN1_GENERALIZEDTIME_new; ++ EVP_PKEY_get1_DH; ++ ASN1_OCTET_STRING_new; ++ ASN1_INTEGER_new; ++ i2d_X509_AUX; ++ ASN1_BIT_STRING_name_print; ++ X509_cmp; ++ ASN1_STRING_length_set; ++ DIRECTORYSTRING_new; ++ X509_add1_trust_object; ++ PKCS12_newpass; ++ SMIME_write_PKCS7; ++ SMIME_read_PKCS7; ++ DES_set_key_checked; ++ PKCS7_verify; ++ PKCS7_encrypt; ++ DES_set_key_unchecked; ++ SMIME_crlf_copy; ++ i2d_ASN1_PRINTABLESTRING; ++ PKCS7_get0_signers; ++ PKCS7_decrypt; ++ SMIME_text; ++ PKCS7_simple_smimecap; ++ PKCS7_get_smimecap; ++ PKCS7_sign; ++ PKCS7_add_attrib_smimecap; ++ CRYPTO_dbg_set_options; ++ CRYPTO_remove_all_info; ++ CRYPTO_get_mem_debug_functions; ++ CRYPTO_is_mem_check_on; ++ CRYPTO_set_mem_debug_functions; ++ CRYPTO_pop_info; ++ CRYPTO_push_info_; ++ CRYPTO_set_mem_debug_options; ++ PEM_write_PKCS8PrivateKey_nid; ++ PEM_write_bio_PKCS8PrivateKey_nid; ++ PEM_write_bio_PKCS8PrivKey_nid; ++ d2i_PKCS8PrivateKey_bio; ++ ASN1_NULL_free; ++ d2i_ASN1_NULL; ++ ASN1_NULL_new; ++ i2d_PKCS8PrivateKey_bio; ++ i2d_PKCS8PrivateKey_fp; ++ i2d_ASN1_NULL; ++ i2d_PKCS8PrivateKey_nid_fp; ++ d2i_PKCS8PrivateKey_fp; ++ i2d_PKCS8PrivateKey_nid_bio; ++ i2d_PKCS8PrivateKeyInfo_fp; ++ i2d_PKCS8PrivateKeyInfo_bio; ++ PEM_cb; ++ i2d_PrivateKey_fp; ++ d2i_PrivateKey_bio; ++ d2i_PrivateKey_fp; ++ i2d_PrivateKey_bio; ++ X509_reject_clear; ++ X509_TRUST_set_default; ++ d2i_AutoPrivateKey; ++ X509_ATTRIBUTE_get0_type; ++ X509_ATTRIBUTE_set1_data; ++ X509at_get_attr; ++ X509at_get_attr_count; ++ X509_ATTRIBUTE_create_by_NID; ++ X509_ATTRIBUTE_set1_object; ++ X509_ATTRIBUTE_count; ++ X509_ATTRIBUTE_create_by_OBJ; ++ X509_ATTRIBUTE_get0_object; ++ X509at_get_attr_by_NID; ++ X509at_add1_attr; ++ X509_ATTRIBUTE_get0_data; ++ X509at_delete_attr; ++ X509at_get_attr_by_OBJ; ++ RAND_add; ++ BIO_number_written; ++ BIO_number_read; ++ X509_STORE_CTX_get1_chain; ++ ERR_load_RAND_strings; ++ RAND_pseudo_bytes; ++ X509_REQ_get_attr_by_NID; ++ X509_REQ_get_attr; ++ X509_REQ_add1_attr_by_NID; ++ X509_REQ_get_attr_by_OBJ; ++ X509at_add1_attr_by_NID; ++ X509_REQ_add1_attr_by_OBJ; ++ X509_REQ_get_attr_count; ++ X509_REQ_add1_attr; ++ X509_REQ_delete_attr; ++ X509at_add1_attr_by_OBJ; ++ X509_REQ_add1_attr_by_txt; ++ X509_ATTRIBUTE_create_by_txt; ++ X509at_add1_attr_by_txt; ++ BN_pseudo_rand; ++ BN_is_prime_fasttest; ++ BN_CTX_end; ++ BN_CTX_start; ++ BN_CTX_get; ++ EVP_PKEY2PKCS8_broken; ++ ASN1_STRING_TABLE_add; ++ CRYPTO_dbg_get_options; ++ AUTHORITY_INFO_ACCESS_new; ++ CRYPTO_get_mem_debug_options; ++ DES_crypt; ++ PEM_write_bio_X509_REQ_NEW; ++ PEM_write_X509_REQ_NEW; ++ BIO_callback_ctrl; ++ RAND_egd; ++ RAND_status; ++ bn_dump1; ++ DES_check_key_parity; ++ lh_num_items; ++ RAND_event; ++ DSO_new; ++ DSO_new_method; ++ DSO_free; ++ DSO_flags; ++ DSO_up; ++ DSO_set_default_method; ++ DSO_get_default_method; ++ DSO_get_method; ++ DSO_set_method; ++ DSO_load; ++ DSO_bind_var; ++ DSO_METHOD_null; ++ DSO_METHOD_openssl; ++ DSO_METHOD_dlfcn; ++ DSO_METHOD_win32; ++ ERR_load_DSO_strings; ++ DSO_METHOD_dl; ++ NCONF_load; ++ NCONF_load_fp; ++ NCONF_new; ++ NCONF_get_string; ++ NCONF_free; ++ NCONF_get_number; ++ CONF_dump_fp; ++ NCONF_load_bio; ++ NCONF_dump_fp; ++ NCONF_get_section; ++ NCONF_dump_bio; ++ CONF_dump_bio; ++ NCONF_free_data; ++ CONF_set_default_method; ++ ERR_error_string_n; ++ BIO_snprintf; ++ DSO_ctrl; ++ i2d_ASN1_SET_OF_ASN1_INTEGER; ++ i2d_ASN1_SET_OF_PKCS12_SAFEBAG; ++ i2d_ASN1_SET_OF_PKCS7; ++ BIO_vfree; ++ d2i_ASN1_SET_OF_ASN1_INTEGER; ++ d2i_ASN1_SET_OF_PKCS12_SAFEBAG; ++ ASN1_UTCTIME_get; ++ X509_REQ_digest; ++ X509_CRL_digest; ++ d2i_ASN1_SET_OF_PKCS7; ++ EVP_CIPHER_CTX_set_key_length; ++ EVP_CIPHER_CTX_ctrl; ++ BN_mod_exp_mont_word; ++ RAND_egd_bytes; ++ X509_REQ_get1_email; ++ X509_get1_email; ++ X509_email_free; ++ i2d_RSA_NET; ++ d2i_RSA_NET_2; ++ d2i_RSA_NET; ++ DSO_bind_func; ++ CRYPTO_get_new_dynlockid; ++ sk_new_null; ++ CRYPTO_set_dynlock_destroy_callback; ++ CRYPTO_set_dynlock_destroy_cb; ++ CRYPTO_destroy_dynlockid; ++ CRYPTO_set_dynlock_size; ++ CRYPTO_set_dynlock_create_callback; ++ CRYPTO_set_dynlock_create_cb; ++ CRYPTO_set_dynlock_lock_callback; ++ CRYPTO_set_dynlock_lock_cb; ++ CRYPTO_get_dynlock_lock_callback; ++ CRYPTO_get_dynlock_lock_cb; ++ CRYPTO_get_dynlock_destroy_callback; ++ CRYPTO_get_dynlock_destroy_cb; ++ CRYPTO_get_dynlock_value; ++ CRYPTO_get_dynlock_create_callback; ++ CRYPTO_get_dynlock_create_cb; ++ c2i_ASN1_BIT_STRING; ++ i2c_ASN1_BIT_STRING; ++ RAND_poll; ++ c2i_ASN1_INTEGER; ++ i2c_ASN1_INTEGER; ++ BIO_dump_indent; ++ ASN1_parse_dump; ++ c2i_ASN1_OBJECT; ++ X509_NAME_print_ex_fp; ++ ASN1_STRING_print_ex_fp; ++ X509_NAME_print_ex; ++ ASN1_STRING_print_ex; ++ MD4; ++ MD4_Transform; ++ MD4_Final; ++ MD4_Update; ++ MD4_Init; ++ EVP_md4; ++ i2d_PUBKEY_bio; ++ i2d_PUBKEY_fp; ++ d2i_PUBKEY_bio; ++ ASN1_STRING_to_UTF8; ++ BIO_vprintf; ++ BIO_vsnprintf; ++ d2i_PUBKEY_fp; ++ X509_cmp_time; ++ X509_STORE_CTX_set_time; ++ X509_STORE_CTX_get1_issuer; ++ X509_OBJECT_retrieve_match; ++ X509_OBJECT_idx_by_subject; ++ X509_STORE_CTX_set_flags; ++ X509_STORE_CTX_trusted_stack; ++ X509_time_adj; ++ X509_check_issued; ++ ASN1_UTCTIME_cmp_time_t; ++ DES_set_weak_key_flag; ++ DES_check_key; ++ DES_rw_mode; ++ RSA_PKCS1_RSAref; ++ X509_keyid_set1; ++ BIO_next; ++ DSO_METHOD_vms; ++ BIO_f_linebuffer; ++ BN_bntest_rand; ++ OPENSSL_issetugid; ++ BN_rand_range; ++ ERR_load_ENGINE_strings; ++ ENGINE_set_DSA; ++ ENGINE_get_finish_function; ++ ENGINE_get_default_RSA; ++ ENGINE_get_BN_mod_exp; ++ DSA_get_default_openssl_method; ++ ENGINE_set_DH; ++ ENGINE_set_def_BN_mod_exp_crt; ++ ENGINE_set_default_BN_mod_exp_crt; ++ ENGINE_init; ++ DH_get_default_openssl_method; ++ RSA_set_default_openssl_method; ++ ENGINE_finish; ++ ENGINE_load_public_key; ++ ENGINE_get_DH; ++ ENGINE_ctrl; ++ ENGINE_get_init_function; ++ ENGINE_set_init_function; ++ ENGINE_set_default_DSA; ++ ENGINE_get_name; ++ ENGINE_get_last; ++ ENGINE_get_prev; ++ ENGINE_get_default_DH; ++ ENGINE_get_RSA; ++ ENGINE_set_default; ++ ENGINE_get_RAND; ++ ENGINE_get_first; ++ ENGINE_by_id; ++ ENGINE_set_finish_function; ++ ENGINE_get_def_BN_mod_exp_crt; ++ ENGINE_get_default_BN_mod_exp_crt; ++ RSA_get_default_openssl_method; ++ ENGINE_set_RSA; ++ ENGINE_load_private_key; ++ ENGINE_set_default_RAND; ++ ENGINE_set_BN_mod_exp; ++ ENGINE_remove; ++ ENGINE_free; ++ ENGINE_get_BN_mod_exp_crt; ++ ENGINE_get_next; ++ ENGINE_set_name; ++ ENGINE_get_default_DSA; ++ ENGINE_set_default_BN_mod_exp; ++ ENGINE_set_default_RSA; ++ ENGINE_get_default_RAND; ++ ENGINE_get_default_BN_mod_exp; ++ ENGINE_set_RAND; ++ ENGINE_set_id; ++ ENGINE_set_BN_mod_exp_crt; ++ ENGINE_set_default_DH; ++ ENGINE_new; ++ ENGINE_get_id; ++ DSA_set_default_openssl_method; ++ ENGINE_add; ++ DH_set_default_openssl_method; ++ ENGINE_get_DSA; ++ ENGINE_get_ctrl_function; ++ ENGINE_set_ctrl_function; ++ BN_pseudo_rand_range; ++ X509_STORE_CTX_set_verify_cb; ++ ERR_load_COMP_strings; ++ PKCS12_item_decrypt_d2i; ++ ASN1_UTF8STRING_it; ++ ASN1_UTF8STRING_it; ++ ENGINE_unregister_ciphers; ++ ENGINE_get_ciphers; ++ d2i_OCSP_BASICRESP; ++ KRB5_CHECKSUM_it; ++ KRB5_CHECKSUM_it; ++ EC_POINT_add; ++ ASN1_item_ex_i2d; ++ OCSP_CERTID_it; ++ OCSP_CERTID_it; ++ d2i_OCSP_RESPBYTES; ++ X509V3_add1_i2d; ++ PKCS7_ENVELOPE_it; ++ PKCS7_ENVELOPE_it; ++ UI_add_input_boolean; ++ ENGINE_unregister_RSA; ++ X509V3_EXT_nconf; ++ ASN1_GENERALSTRING_free; ++ d2i_OCSP_CERTSTATUS; ++ X509_REVOKED_set_serialNumber; ++ X509_print_ex; ++ OCSP_ONEREQ_get1_ext_d2i; ++ ENGINE_register_all_RAND; ++ ENGINE_load_dynamic; ++ PBKDF2PARAM_it; ++ PBKDF2PARAM_it; ++ EXTENDED_KEY_USAGE_new; ++ EC_GROUP_clear_free; ++ OCSP_sendreq_bio; ++ ASN1_item_digest; ++ OCSP_BASICRESP_delete_ext; ++ OCSP_SIGNATURE_it; ++ OCSP_SIGNATURE_it; ++ X509_CRL_it; ++ X509_CRL_it; ++ OCSP_BASICRESP_add_ext; ++ KRB5_ENCKEY_it; ++ KRB5_ENCKEY_it; ++ UI_method_set_closer; ++ X509_STORE_set_purpose; ++ i2d_ASN1_GENERALSTRING; ++ OCSP_response_status; ++ i2d_OCSP_SERVICELOC; ++ ENGINE_get_digest_engine; ++ EC_GROUP_set_curve_GFp; ++ OCSP_REQUEST_get_ext_by_OBJ; ++ _ossl_old_des_random_key; ++ ASN1_T61STRING_it; ++ ASN1_T61STRING_it; ++ EC_GROUP_method_of; ++ i2d_KRB5_APREQ; ++ _ossl_old_des_encrypt; ++ ASN1_PRINTABLE_new; ++ HMAC_Init_ex; ++ d2i_KRB5_AUTHENT; ++ OCSP_archive_cutoff_new; ++ EC_POINT_set_Jprojective_coordinates_GFp; ++ EC_POINT_set_Jproj_coords_GFp; ++ _ossl_old_des_is_weak_key; ++ OCSP_BASICRESP_get_ext_by_OBJ; ++ EC_POINT_oct2point; ++ OCSP_SINGLERESP_get_ext_count; ++ UI_ctrl; ++ _shadow_DES_rw_mode; ++ _shadow_DES_rw_mode; ++ asn1_do_adb; ++ ASN1_template_i2d; ++ ENGINE_register_DH; ++ UI_construct_prompt; ++ X509_STORE_set_trust; ++ UI_dup_input_string; ++ d2i_KRB5_APREQ; ++ EVP_MD_CTX_copy_ex; ++ OCSP_request_is_signed; ++ i2d_OCSP_REQINFO; ++ KRB5_ENCKEY_free; ++ OCSP_resp_get0; ++ GENERAL_NAME_it; ++ GENERAL_NAME_it; ++ ASN1_GENERALIZEDTIME_it; ++ ASN1_GENERALIZEDTIME_it; ++ X509_STORE_set_flags; ++ EC_POINT_set_compressed_coordinates_GFp; ++ EC_POINT_set_compr_coords_GFp; ++ OCSP_response_status_str; ++ d2i_OCSP_REVOKEDINFO; ++ OCSP_basic_add1_cert; ++ ERR_get_implementation; ++ EVP_CipherFinal_ex; ++ OCSP_CERTSTATUS_new; ++ CRYPTO_cleanup_all_ex_data; ++ OCSP_resp_find; ++ BN_nnmod; ++ X509_CRL_sort; ++ X509_REVOKED_set_revocationDate; ++ ENGINE_register_RAND; ++ OCSP_SERVICELOC_new; ++ EC_POINT_set_affine_coordinates_GFp; ++ EC_POINT_set_affine_coords_GFp; ++ _ossl_old_des_options; ++ SXNET_it; ++ SXNET_it; ++ UI_dup_input_boolean; ++ PKCS12_add_CSPName_asc; ++ EC_POINT_is_at_infinity; ++ ENGINE_load_cryptodev; ++ DSO_convert_filename; ++ POLICYQUALINFO_it; ++ POLICYQUALINFO_it; ++ ENGINE_register_ciphers; ++ BN_mod_lshift_quick; ++ DSO_set_filename; ++ ASN1_item_free; ++ KRB5_TKTBODY_free; ++ AUTHORITY_KEYID_it; ++ AUTHORITY_KEYID_it; ++ KRB5_APREQBODY_new; ++ X509V3_EXT_REQ_add_nconf; ++ ENGINE_ctrl_cmd_string; ++ i2d_OCSP_RESPDATA; ++ EVP_MD_CTX_init; ++ EXTENDED_KEY_USAGE_free; ++ PKCS7_ATTR_SIGN_it; ++ PKCS7_ATTR_SIGN_it; ++ UI_add_error_string; ++ KRB5_CHECKSUM_free; ++ OCSP_REQUEST_get_ext; ++ ENGINE_load_ubsec; ++ ENGINE_register_all_digests; ++ PKEY_USAGE_PERIOD_it; ++ PKEY_USAGE_PERIOD_it; ++ PKCS12_unpack_authsafes; ++ ASN1_item_unpack; ++ NETSCAPE_SPKAC_it; ++ NETSCAPE_SPKAC_it; ++ X509_REVOKED_it; ++ X509_REVOKED_it; ++ ASN1_STRING_encode; ++ EVP_aes_128_ecb; ++ KRB5_AUTHENT_free; ++ OCSP_BASICRESP_get_ext_by_critical; ++ OCSP_BASICRESP_get_ext_by_crit; ++ OCSP_cert_status_str; ++ d2i_OCSP_REQUEST; ++ UI_dup_info_string; ++ _ossl_old_des_xwhite_in2out; ++ PKCS12_it; ++ PKCS12_it; ++ OCSP_SINGLERESP_get_ext_by_critical; ++ OCSP_SINGLERESP_get_ext_by_crit; ++ OCSP_CERTSTATUS_free; ++ _ossl_old_des_crypt; ++ ASN1_item_i2d; ++ EVP_DecryptFinal_ex; ++ ENGINE_load_openssl; ++ ENGINE_get_cmd_defns; ++ ENGINE_set_load_privkey_function; ++ ENGINE_set_load_privkey_fn; ++ EVP_EncryptFinal_ex; ++ ENGINE_set_default_digests; ++ X509_get0_pubkey_bitstr; ++ asn1_ex_i2c; ++ ENGINE_register_RSA; ++ ENGINE_unregister_DSA; ++ _ossl_old_des_key_sched; ++ X509_EXTENSION_it; ++ X509_EXTENSION_it; ++ i2d_KRB5_AUTHENT; ++ SXNETID_it; ++ SXNETID_it; ++ d2i_OCSP_SINGLERESP; ++ EDIPARTYNAME_new; ++ PKCS12_certbag2x509; ++ _ossl_old_des_ofb64_encrypt; ++ d2i_EXTENDED_KEY_USAGE; ++ ERR_print_errors_cb; ++ ENGINE_set_ciphers; ++ d2i_KRB5_APREQBODY; ++ UI_method_get_flusher; ++ X509_PUBKEY_it; ++ X509_PUBKEY_it; ++ _ossl_old_des_enc_read; ++ PKCS7_ENCRYPT_it; ++ PKCS7_ENCRYPT_it; ++ i2d_OCSP_RESPONSE; ++ EC_GROUP_get_cofactor; ++ PKCS12_unpack_p7data; ++ d2i_KRB5_AUTHDATA; ++ OCSP_copy_nonce; ++ KRB5_AUTHDATA_new; ++ OCSP_RESPDATA_new; ++ EC_GFp_mont_method; ++ OCSP_REVOKEDINFO_free; ++ UI_get_ex_data; ++ KRB5_APREQBODY_free; ++ EC_GROUP_get0_generator; ++ UI_get_default_method; ++ X509V3_set_nconf; ++ PKCS12_item_i2d_encrypt; ++ X509_add1_ext_i2d; ++ PKCS7_SIGNER_INFO_it; ++ PKCS7_SIGNER_INFO_it; ++ KRB5_PRINCNAME_new; ++ PKCS12_SAFEBAG_it; ++ PKCS12_SAFEBAG_it; ++ EC_GROUP_get_order; ++ d2i_OCSP_RESPID; ++ OCSP_request_verify; ++ NCONF_get_number_e; ++ _ossl_old_des_decrypt3; ++ X509_signature_print; ++ OCSP_SINGLERESP_free; ++ ENGINE_load_builtin_engines; ++ i2d_OCSP_ONEREQ; ++ OCSP_REQUEST_add_ext; ++ OCSP_RESPBYTES_new; ++ EVP_MD_CTX_create; ++ OCSP_resp_find_status; ++ X509_ALGOR_it; ++ X509_ALGOR_it; ++ ASN1_TIME_it; ++ ASN1_TIME_it; ++ OCSP_request_set1_name; ++ OCSP_ONEREQ_get_ext_count; ++ UI_get0_result; ++ PKCS12_AUTHSAFES_it; ++ PKCS12_AUTHSAFES_it; ++ EVP_aes_256_ecb; ++ PKCS12_pack_authsafes; ++ ASN1_IA5STRING_it; ++ ASN1_IA5STRING_it; ++ UI_get_input_flags; ++ EC_GROUP_set_generator; ++ _ossl_old_des_string_to_2keys; ++ OCSP_CERTID_free; ++ X509_CERT_AUX_it; ++ X509_CERT_AUX_it; ++ CERTIFICATEPOLICIES_it; ++ CERTIFICATEPOLICIES_it; ++ _ossl_old_des_ede3_cbc_encrypt; ++ RAND_set_rand_engine; ++ DSO_get_loaded_filename; ++ X509_ATTRIBUTE_it; ++ X509_ATTRIBUTE_it; ++ OCSP_ONEREQ_get_ext_by_NID; ++ PKCS12_decrypt_skey; ++ KRB5_AUTHENT_it; ++ KRB5_AUTHENT_it; ++ UI_dup_error_string; ++ RSAPublicKey_it; ++ RSAPublicKey_it; ++ i2d_OCSP_REQUEST; ++ PKCS12_x509crl2certbag; ++ OCSP_SERVICELOC_it; ++ OCSP_SERVICELOC_it; ++ ASN1_item_sign; ++ X509_CRL_set_issuer_name; ++ OBJ_NAME_do_all_sorted; ++ i2d_OCSP_BASICRESP; ++ i2d_OCSP_RESPBYTES; ++ PKCS12_unpack_p7encdata; ++ HMAC_CTX_init; ++ ENGINE_get_digest; ++ OCSP_RESPONSE_print; ++ KRB5_TKTBODY_it; ++ KRB5_TKTBODY_it; ++ ACCESS_DESCRIPTION_it; ++ ACCESS_DESCRIPTION_it; ++ PKCS7_ISSUER_AND_SERIAL_it; ++ PKCS7_ISSUER_AND_SERIAL_it; ++ PBE2PARAM_it; ++ PBE2PARAM_it; ++ PKCS12_certbag2x509crl; ++ PKCS7_SIGNED_it; ++ PKCS7_SIGNED_it; ++ ENGINE_get_cipher; ++ i2d_OCSP_CRLID; ++ OCSP_SINGLERESP_new; ++ ENGINE_cmd_is_executable; ++ RSA_up_ref; ++ ASN1_GENERALSTRING_it; ++ ASN1_GENERALSTRING_it; ++ ENGINE_register_DSA; ++ X509V3_EXT_add_nconf_sk; ++ ENGINE_set_load_pubkey_function; ++ PKCS8_decrypt; ++ PEM_bytes_read_bio; ++ DIRECTORYSTRING_it; ++ DIRECTORYSTRING_it; ++ d2i_OCSP_CRLID; ++ EC_POINT_is_on_curve; ++ CRYPTO_set_locked_mem_ex_functions; ++ CRYPTO_set_locked_mem_ex_funcs; ++ d2i_KRB5_CHECKSUM; ++ ASN1_item_dup; ++ X509_it; ++ X509_it; ++ BN_mod_add; ++ KRB5_AUTHDATA_free; ++ _ossl_old_des_cbc_cksum; ++ ASN1_item_verify; ++ CRYPTO_set_mem_ex_functions; ++ EC_POINT_get_Jprojective_coordinates_GFp; ++ EC_POINT_get_Jproj_coords_GFp; ++ ZLONG_it; ++ ZLONG_it; ++ CRYPTO_get_locked_mem_ex_functions; ++ CRYPTO_get_locked_mem_ex_funcs; ++ ASN1_TIME_check; ++ UI_get0_user_data; ++ HMAC_CTX_cleanup; ++ DSA_up_ref; ++ _ossl_old_des_ede3_cfb64_encrypt; ++ _ossl_odes_ede3_cfb64_encrypt; ++ ASN1_BMPSTRING_it; ++ ASN1_BMPSTRING_it; ++ ASN1_tag2bit; ++ UI_method_set_flusher; ++ X509_ocspid_print; ++ KRB5_ENCDATA_it; ++ KRB5_ENCDATA_it; ++ ENGINE_get_load_pubkey_function; ++ UI_add_user_data; ++ OCSP_REQUEST_delete_ext; ++ UI_get_method; ++ OCSP_ONEREQ_free; ++ ASN1_PRINTABLESTRING_it; ++ ASN1_PRINTABLESTRING_it; ++ X509_CRL_set_nextUpdate; ++ OCSP_REQUEST_it; ++ OCSP_REQUEST_it; ++ OCSP_BASICRESP_it; ++ OCSP_BASICRESP_it; ++ AES_ecb_encrypt; ++ BN_mod_sqr; ++ NETSCAPE_CERT_SEQUENCE_it; ++ NETSCAPE_CERT_SEQUENCE_it; ++ GENERAL_NAMES_it; ++ GENERAL_NAMES_it; ++ AUTHORITY_INFO_ACCESS_it; ++ AUTHORITY_INFO_ACCESS_it; ++ ASN1_FBOOLEAN_it; ++ ASN1_FBOOLEAN_it; ++ UI_set_ex_data; ++ _ossl_old_des_string_to_key; ++ ENGINE_register_all_RSA; ++ d2i_KRB5_PRINCNAME; ++ OCSP_RESPBYTES_it; ++ OCSP_RESPBYTES_it; ++ X509_CINF_it; ++ X509_CINF_it; ++ ENGINE_unregister_digests; ++ d2i_EDIPARTYNAME; ++ d2i_OCSP_SERVICELOC; ++ ENGINE_get_digests; ++ _ossl_old_des_set_odd_parity; ++ OCSP_RESPDATA_free; ++ d2i_KRB5_TICKET; ++ OTHERNAME_it; ++ OTHERNAME_it; ++ EVP_MD_CTX_cleanup; ++ d2i_ASN1_GENERALSTRING; ++ X509_CRL_set_version; ++ BN_mod_sub; ++ OCSP_SINGLERESP_get_ext_by_NID; ++ ENGINE_get_ex_new_index; ++ OCSP_REQUEST_free; ++ OCSP_REQUEST_add1_ext_i2d; ++ X509_VAL_it; ++ X509_VAL_it; ++ EC_POINTs_make_affine; ++ EC_POINT_mul; ++ X509V3_EXT_add_nconf; ++ X509_TRUST_set; ++ X509_CRL_add1_ext_i2d; ++ _ossl_old_des_fcrypt; ++ DISPLAYTEXT_it; ++ DISPLAYTEXT_it; ++ X509_CRL_set_lastUpdate; ++ OCSP_BASICRESP_free; ++ OCSP_BASICRESP_add1_ext_i2d; ++ d2i_KRB5_AUTHENTBODY; ++ CRYPTO_set_ex_data_implementation; ++ CRYPTO_set_ex_data_impl; ++ KRB5_ENCDATA_new; ++ DSO_up_ref; ++ OCSP_crl_reason_str; ++ UI_get0_result_string; ++ ASN1_GENERALSTRING_new; ++ X509_SIG_it; ++ X509_SIG_it; ++ ERR_set_implementation; ++ ERR_load_EC_strings; ++ UI_get0_action_string; ++ OCSP_ONEREQ_get_ext; ++ EC_POINT_method_of; ++ i2d_KRB5_APREQBODY; ++ _ossl_old_des_ecb3_encrypt; ++ CRYPTO_get_mem_ex_functions; ++ ENGINE_get_ex_data; ++ UI_destroy_method; ++ ASN1_item_i2d_bio; ++ OCSP_ONEREQ_get_ext_by_OBJ; ++ ASN1_primitive_new; ++ ASN1_PRINTABLE_it; ++ ASN1_PRINTABLE_it; ++ EVP_aes_192_ecb; ++ OCSP_SIGNATURE_new; ++ LONG_it; ++ LONG_it; ++ ASN1_VISIBLESTRING_it; ++ ASN1_VISIBLESTRING_it; ++ OCSP_SINGLERESP_add1_ext_i2d; ++ d2i_OCSP_CERTID; ++ ASN1_item_d2i_fp; ++ CRL_DIST_POINTS_it; ++ CRL_DIST_POINTS_it; ++ GENERAL_NAME_print; ++ OCSP_SINGLERESP_delete_ext; ++ PKCS12_SAFEBAGS_it; ++ PKCS12_SAFEBAGS_it; ++ d2i_OCSP_SIGNATURE; ++ OCSP_request_add1_nonce; ++ ENGINE_set_cmd_defns; ++ OCSP_SERVICELOC_free; ++ EC_GROUP_free; ++ ASN1_BIT_STRING_it; ++ ASN1_BIT_STRING_it; ++ X509_REQ_it; ++ X509_REQ_it; ++ _ossl_old_des_cbc_encrypt; ++ ERR_unload_strings; ++ PKCS7_SIGN_ENVELOPE_it; ++ PKCS7_SIGN_ENVELOPE_it; ++ EDIPARTYNAME_free; ++ OCSP_REQINFO_free; ++ EC_GROUP_new_curve_GFp; ++ OCSP_REQUEST_get1_ext_d2i; ++ PKCS12_item_pack_safebag; ++ asn1_ex_c2i; ++ ENGINE_register_digests; ++ i2d_OCSP_REVOKEDINFO; ++ asn1_enc_restore; ++ UI_free; ++ UI_new_method; ++ EVP_EncryptInit_ex; ++ X509_pubkey_digest; ++ EC_POINT_invert; ++ OCSP_basic_sign; ++ i2d_OCSP_RESPID; ++ OCSP_check_nonce; ++ ENGINE_ctrl_cmd; ++ d2i_KRB5_ENCKEY; ++ OCSP_parse_url; ++ OCSP_SINGLERESP_get_ext; ++ OCSP_CRLID_free; ++ OCSP_BASICRESP_get1_ext_d2i; ++ RSAPrivateKey_it; ++ RSAPrivateKey_it; ++ ENGINE_register_all_DH; ++ i2d_EDIPARTYNAME; ++ EC_POINT_get_affine_coordinates_GFp; ++ EC_POINT_get_affine_coords_GFp; ++ OCSP_CRLID_new; ++ ENGINE_get_flags; ++ OCSP_ONEREQ_it; ++ OCSP_ONEREQ_it; ++ UI_process; ++ ASN1_INTEGER_it; ++ ASN1_INTEGER_it; ++ EVP_CipherInit_ex; ++ UI_get_string_type; ++ ENGINE_unregister_DH; ++ ENGINE_register_all_DSA; ++ OCSP_ONEREQ_get_ext_by_critical; ++ bn_dup_expand; ++ OCSP_cert_id_new; ++ BASIC_CONSTRAINTS_it; ++ BASIC_CONSTRAINTS_it; ++ BN_mod_add_quick; ++ EC_POINT_new; ++ EVP_MD_CTX_destroy; ++ OCSP_RESPBYTES_free; ++ EVP_aes_128_cbc; ++ OCSP_SINGLERESP_get1_ext_d2i; ++ EC_POINT_free; ++ DH_up_ref; ++ X509_NAME_ENTRY_it; ++ X509_NAME_ENTRY_it; ++ UI_get_ex_new_index; ++ BN_mod_sub_quick; ++ OCSP_ONEREQ_add_ext; ++ OCSP_request_sign; ++ EVP_DigestFinal_ex; ++ ENGINE_set_digests; ++ OCSP_id_issuer_cmp; ++ OBJ_NAME_do_all; ++ EC_POINTs_mul; ++ ENGINE_register_complete; ++ X509V3_EXT_nconf_nid; ++ ASN1_SEQUENCE_it; ++ ASN1_SEQUENCE_it; ++ UI_set_default_method; ++ RAND_query_egd_bytes; ++ UI_method_get_writer; ++ UI_OpenSSL; ++ PEM_def_callback; ++ ENGINE_cleanup; ++ DIST_POINT_it; ++ DIST_POINT_it; ++ OCSP_SINGLERESP_it; ++ OCSP_SINGLERESP_it; ++ d2i_KRB5_TKTBODY; ++ EC_POINT_cmp; ++ OCSP_REVOKEDINFO_new; ++ i2d_OCSP_CERTSTATUS; ++ OCSP_basic_add1_nonce; ++ ASN1_item_ex_d2i; ++ BN_mod_lshift1_quick; ++ UI_set_method; ++ OCSP_id_get0_info; ++ BN_mod_sqrt; ++ EC_GROUP_copy; ++ KRB5_ENCDATA_free; ++ _ossl_old_des_cfb_encrypt; ++ OCSP_SINGLERESP_get_ext_by_OBJ; ++ OCSP_cert_to_id; ++ OCSP_RESPID_new; ++ OCSP_RESPDATA_it; ++ OCSP_RESPDATA_it; ++ d2i_OCSP_RESPDATA; ++ ENGINE_register_all_complete; ++ OCSP_check_validity; ++ PKCS12_BAGS_it; ++ PKCS12_BAGS_it; ++ OCSP_url_svcloc_new; ++ ASN1_template_free; ++ OCSP_SINGLERESP_add_ext; ++ KRB5_AUTHENTBODY_it; ++ KRB5_AUTHENTBODY_it; ++ X509_supported_extension; ++ i2d_KRB5_AUTHDATA; ++ UI_method_get_opener; ++ ENGINE_set_ex_data; ++ OCSP_REQUEST_print; ++ CBIGNUM_it; ++ CBIGNUM_it; ++ KRB5_TICKET_new; ++ KRB5_APREQ_new; ++ EC_GROUP_get_curve_GFp; ++ KRB5_ENCKEY_new; ++ ASN1_template_d2i; ++ _ossl_old_des_quad_cksum; ++ OCSP_single_get0_status; ++ BN_swap; ++ POLICYINFO_it; ++ POLICYINFO_it; ++ ENGINE_set_destroy_function; ++ asn1_enc_free; ++ OCSP_RESPID_it; ++ OCSP_RESPID_it; ++ EC_GROUP_new; ++ EVP_aes_256_cbc; ++ i2d_KRB5_PRINCNAME; ++ _ossl_old_des_encrypt2; ++ _ossl_old_des_encrypt3; ++ PKCS8_PRIV_KEY_INFO_it; ++ PKCS8_PRIV_KEY_INFO_it; ++ OCSP_REQINFO_it; ++ OCSP_REQINFO_it; ++ PBEPARAM_it; ++ PBEPARAM_it; ++ KRB5_AUTHENTBODY_new; ++ X509_CRL_add0_revoked; ++ EDIPARTYNAME_it; ++ EDIPARTYNAME_it; ++ NETSCAPE_SPKI_it; ++ NETSCAPE_SPKI_it; ++ UI_get0_test_string; ++ ENGINE_get_cipher_engine; ++ ENGINE_register_all_ciphers; ++ EC_POINT_copy; ++ BN_kronecker; ++ _ossl_old_des_ede3_ofb64_encrypt; ++ _ossl_odes_ede3_ofb64_encrypt; ++ UI_method_get_reader; ++ OCSP_BASICRESP_get_ext_count; ++ ASN1_ENUMERATED_it; ++ ASN1_ENUMERATED_it; ++ UI_set_result; ++ i2d_KRB5_TICKET; ++ X509_print_ex_fp; ++ EVP_CIPHER_CTX_set_padding; ++ d2i_OCSP_RESPONSE; ++ ASN1_UTCTIME_it; ++ ASN1_UTCTIME_it; ++ _ossl_old_des_enc_write; ++ OCSP_RESPONSE_new; ++ AES_set_encrypt_key; ++ OCSP_resp_count; ++ KRB5_CHECKSUM_new; ++ ENGINE_load_cswift; ++ OCSP_onereq_get0_id; ++ ENGINE_set_default_ciphers; ++ NOTICEREF_it; ++ NOTICEREF_it; ++ X509V3_EXT_CRL_add_nconf; ++ OCSP_REVOKEDINFO_it; ++ OCSP_REVOKEDINFO_it; ++ AES_encrypt; ++ OCSP_REQUEST_new; ++ ASN1_ANY_it; ++ ASN1_ANY_it; ++ CRYPTO_ex_data_new_class; ++ _ossl_old_des_ncbc_encrypt; ++ i2d_KRB5_TKTBODY; ++ EC_POINT_clear_free; ++ AES_decrypt; ++ asn1_enc_init; ++ UI_get_result_maxsize; ++ OCSP_CERTID_new; ++ ENGINE_unregister_RAND; ++ UI_method_get_closer; ++ d2i_KRB5_ENCDATA; ++ OCSP_request_onereq_count; ++ OCSP_basic_verify; ++ KRB5_AUTHENTBODY_free; ++ ASN1_item_d2i; ++ ASN1_primitive_free; ++ i2d_EXTENDED_KEY_USAGE; ++ i2d_OCSP_SIGNATURE; ++ asn1_enc_save; ++ ENGINE_load_nuron; ++ _ossl_old_des_pcbc_encrypt; ++ PKCS12_MAC_DATA_it; ++ PKCS12_MAC_DATA_it; ++ OCSP_accept_responses_new; ++ asn1_do_lock; ++ PKCS7_ATTR_VERIFY_it; ++ PKCS7_ATTR_VERIFY_it; ++ KRB5_APREQBODY_it; ++ KRB5_APREQBODY_it; ++ i2d_OCSP_SINGLERESP; ++ ASN1_item_ex_new; ++ UI_add_verify_string; ++ _ossl_old_des_set_key; ++ KRB5_PRINCNAME_it; ++ KRB5_PRINCNAME_it; ++ EVP_DecryptInit_ex; ++ i2d_OCSP_CERTID; ++ ASN1_item_d2i_bio; ++ EC_POINT_dbl; ++ asn1_get_choice_selector; ++ i2d_KRB5_CHECKSUM; ++ ENGINE_set_table_flags; ++ AES_options; ++ ENGINE_load_chil; ++ OCSP_id_cmp; ++ OCSP_BASICRESP_new; ++ OCSP_REQUEST_get_ext_by_NID; ++ KRB5_APREQ_it; ++ KRB5_APREQ_it; ++ ENGINE_get_destroy_function; ++ CONF_set_nconf; ++ ASN1_PRINTABLE_free; ++ OCSP_BASICRESP_get_ext_by_NID; ++ DIST_POINT_NAME_it; ++ DIST_POINT_NAME_it; ++ X509V3_extensions_print; ++ _ossl_old_des_cfb64_encrypt; ++ X509_REVOKED_add1_ext_i2d; ++ _ossl_old_des_ofb_encrypt; ++ KRB5_TKTBODY_new; ++ ASN1_OCTET_STRING_it; ++ ASN1_OCTET_STRING_it; ++ ERR_load_UI_strings; ++ i2d_KRB5_ENCKEY; ++ ASN1_template_new; ++ OCSP_SIGNATURE_free; ++ ASN1_item_i2d_fp; ++ KRB5_PRINCNAME_free; ++ PKCS7_RECIP_INFO_it; ++ PKCS7_RECIP_INFO_it; ++ EXTENDED_KEY_USAGE_it; ++ EXTENDED_KEY_USAGE_it; ++ EC_GFp_simple_method; ++ EC_GROUP_precompute_mult; ++ OCSP_request_onereq_get0; ++ UI_method_set_writer; ++ KRB5_AUTHENT_new; ++ X509_CRL_INFO_it; ++ X509_CRL_INFO_it; ++ DSO_set_name_converter; ++ AES_set_decrypt_key; ++ PKCS7_DIGEST_it; ++ PKCS7_DIGEST_it; ++ PKCS12_x5092certbag; ++ EVP_DigestInit_ex; ++ i2a_ACCESS_DESCRIPTION; ++ OCSP_RESPONSE_it; ++ OCSP_RESPONSE_it; ++ PKCS7_ENC_CONTENT_it; ++ PKCS7_ENC_CONTENT_it; ++ OCSP_request_add0_id; ++ EC_POINT_make_affine; ++ DSO_get_filename; ++ OCSP_CERTSTATUS_it; ++ OCSP_CERTSTATUS_it; ++ OCSP_request_add1_cert; ++ UI_get0_output_string; ++ UI_dup_verify_string; ++ BN_mod_lshift; ++ KRB5_AUTHDATA_it; ++ KRB5_AUTHDATA_it; ++ asn1_set_choice_selector; ++ OCSP_basic_add1_status; ++ OCSP_RESPID_free; ++ asn1_get_field_ptr; ++ UI_add_input_string; ++ OCSP_CRLID_it; ++ OCSP_CRLID_it; ++ i2d_KRB5_AUTHENTBODY; ++ OCSP_REQUEST_get_ext_count; ++ ENGINE_load_atalla; ++ X509_NAME_it; ++ X509_NAME_it; ++ USERNOTICE_it; ++ USERNOTICE_it; ++ OCSP_REQINFO_new; ++ OCSP_BASICRESP_get_ext; ++ CRYPTO_get_ex_data_implementation; ++ CRYPTO_get_ex_data_impl; ++ ASN1_item_pack; ++ i2d_KRB5_ENCDATA; ++ X509_PURPOSE_set; ++ X509_REQ_INFO_it; ++ X509_REQ_INFO_it; ++ UI_method_set_opener; ++ ASN1_item_ex_free; ++ ASN1_BOOLEAN_it; ++ ASN1_BOOLEAN_it; ++ ENGINE_get_table_flags; ++ UI_create_method; ++ OCSP_ONEREQ_add1_ext_i2d; ++ _shadow_DES_check_key; ++ _shadow_DES_check_key; ++ d2i_OCSP_REQINFO; ++ UI_add_info_string; ++ UI_get_result_minsize; ++ ASN1_NULL_it; ++ ASN1_NULL_it; ++ BN_mod_lshift1; ++ d2i_OCSP_ONEREQ; ++ OCSP_ONEREQ_new; ++ KRB5_TICKET_it; ++ KRB5_TICKET_it; ++ EVP_aes_192_cbc; ++ KRB5_TICKET_free; ++ UI_new; ++ OCSP_response_create; ++ _ossl_old_des_xcbc_encrypt; ++ PKCS7_it; ++ PKCS7_it; ++ OCSP_REQUEST_get_ext_by_critical; ++ OCSP_REQUEST_get_ext_by_crit; ++ ENGINE_set_flags; ++ _ossl_old_des_ecb_encrypt; ++ OCSP_response_get1_basic; ++ EVP_Digest; ++ OCSP_ONEREQ_delete_ext; ++ ASN1_TBOOLEAN_it; ++ ASN1_TBOOLEAN_it; ++ ASN1_item_new; ++ ASN1_TIME_to_generalizedtime; ++ BIGNUM_it; ++ BIGNUM_it; ++ AES_cbc_encrypt; ++ ENGINE_get_load_privkey_function; ++ ENGINE_get_load_privkey_fn; ++ OCSP_RESPONSE_free; ++ UI_method_set_reader; ++ i2d_ASN1_T61STRING; ++ EC_POINT_set_to_infinity; ++ ERR_load_OCSP_strings; ++ EC_POINT_point2oct; ++ KRB5_APREQ_free; ++ ASN1_OBJECT_it; ++ ASN1_OBJECT_it; ++ OCSP_crlID_new; ++ OCSP_crlID2_new; ++ CONF_modules_load_file; ++ CONF_imodule_set_usr_data; ++ ENGINE_set_default_string; ++ CONF_module_get_usr_data; ++ ASN1_add_oid_module; ++ CONF_modules_finish; ++ OPENSSL_config; ++ CONF_modules_unload; ++ CONF_imodule_get_value; ++ CONF_module_set_usr_data; ++ CONF_parse_list; ++ CONF_module_add; ++ CONF_get1_default_config_file; ++ CONF_imodule_get_flags; ++ CONF_imodule_get_module; ++ CONF_modules_load; ++ CONF_imodule_get_name; ++ ERR_peek_top_error; ++ CONF_imodule_get_usr_data; ++ CONF_imodule_set_flags; ++ ENGINE_add_conf_module; ++ ERR_peek_last_error_line; ++ ERR_peek_last_error_line_data; ++ ERR_peek_last_error; ++ DES_read_2passwords; ++ DES_read_password; ++ UI_UTIL_read_pw; ++ UI_UTIL_read_pw_string; ++ ENGINE_load_aep; ++ ENGINE_load_sureware; ++ OPENSSL_add_all_algorithms_noconf; ++ OPENSSL_add_all_algo_noconf; ++ OPENSSL_add_all_algorithms_conf; ++ OPENSSL_add_all_algo_conf; ++ OPENSSL_load_builtin_modules; ++ AES_ofb128_encrypt; ++ AES_ctr128_encrypt; ++ AES_cfb128_encrypt; ++ ENGINE_load_4758cca; ++ _ossl_096_des_random_seed; ++ EVP_aes_256_ofb; ++ EVP_aes_192_ofb; ++ EVP_aes_128_cfb128; ++ EVP_aes_256_cfb128; ++ EVP_aes_128_ofb; ++ EVP_aes_192_cfb128; ++ CONF_modules_free; ++ NCONF_default; ++ OPENSSL_no_config; ++ NCONF_WIN32; ++ ASN1_UNIVERSALSTRING_new; ++ EVP_des_ede_ecb; ++ i2d_ASN1_UNIVERSALSTRING; ++ ASN1_UNIVERSALSTRING_free; ++ ASN1_UNIVERSALSTRING_it; ++ ASN1_UNIVERSALSTRING_it; ++ d2i_ASN1_UNIVERSALSTRING; ++ EVP_des_ede3_ecb; ++ X509_REQ_print_ex; ++ ENGINE_up_ref; ++ BUF_MEM_grow_clean; ++ CRYPTO_realloc_clean; ++ BUF_strlcat; ++ BIO_indent; ++ BUF_strlcpy; ++ OpenSSLDie; ++ OPENSSL_cleanse; ++ ENGINE_setup_bsd_cryptodev; ++ ERR_release_err_state_table; ++ EVP_aes_128_cfb8; ++ FIPS_corrupt_rsa; ++ FIPS_selftest_des; ++ EVP_aes_128_cfb1; ++ EVP_aes_192_cfb8; ++ FIPS_mode_set; ++ FIPS_selftest_dsa; ++ EVP_aes_256_cfb8; ++ FIPS_allow_md5; ++ DES_ede3_cfb_encrypt; ++ EVP_des_ede3_cfb8; ++ FIPS_rand_seeded; ++ AES_cfbr_encrypt_block; ++ AES_cfb8_encrypt; ++ FIPS_rand_seed; ++ FIPS_corrupt_des; ++ EVP_aes_192_cfb1; ++ FIPS_selftest_aes; ++ FIPS_set_prng_key; ++ EVP_des_cfb8; ++ FIPS_corrupt_dsa; ++ FIPS_test_mode; ++ FIPS_rand_method; ++ EVP_aes_256_cfb1; ++ ERR_load_FIPS_strings; ++ FIPS_corrupt_aes; ++ FIPS_selftest_sha1; ++ FIPS_selftest_rsa; ++ FIPS_corrupt_sha1; ++ EVP_des_cfb1; ++ FIPS_dsa_check; ++ AES_cfb1_encrypt; ++ EVP_des_ede3_cfb1; ++ FIPS_rand_check; ++ FIPS_md5_allowed; ++ FIPS_mode; ++ FIPS_selftest_failed; ++ sk_is_sorted; ++ X509_check_ca; ++ HMAC_CTX_set_flags; ++ d2i_PROXY_CERT_INFO_EXTENSION; ++ PROXY_POLICY_it; ++ PROXY_POLICY_it; ++ i2d_PROXY_POLICY; ++ i2d_PROXY_CERT_INFO_EXTENSION; ++ d2i_PROXY_POLICY; ++ PROXY_CERT_INFO_EXTENSION_new; ++ PROXY_CERT_INFO_EXTENSION_free; ++ PROXY_CERT_INFO_EXTENSION_it; ++ PROXY_CERT_INFO_EXTENSION_it; ++ PROXY_POLICY_free; ++ PROXY_POLICY_new; ++ BN_MONT_CTX_set_locked; ++ FIPS_selftest_rng; ++ EVP_sha384; ++ EVP_sha512; ++ EVP_sha224; ++ EVP_sha256; ++ FIPS_selftest_hmac; ++ FIPS_corrupt_rng; ++ BN_mod_exp_mont_consttime; ++ RSA_X931_hash_id; ++ RSA_padding_check_X931; ++ RSA_verify_PKCS1_PSS; ++ RSA_padding_add_X931; ++ RSA_padding_add_PKCS1_PSS; ++ PKCS1_MGF1; ++ BN_X931_generate_Xpq; ++ RSA_X931_generate_key; ++ BN_X931_derive_prime; ++ BN_X931_generate_prime; ++ RSA_X931_derive; ++ BIO_new_dgram; ++ BN_get0_nist_prime_384; ++ ERR_set_mark; ++ X509_STORE_CTX_set0_crls; ++ ENGINE_set_STORE; ++ ENGINE_register_ECDSA; ++ STORE_meth_set_list_start_fn; ++ STORE_method_set_list_start_function; ++ BN_BLINDING_invert_ex; ++ NAME_CONSTRAINTS_free; ++ STORE_ATTR_INFO_set_number; ++ BN_BLINDING_get_thread_id; ++ X509_STORE_CTX_set0_param; ++ POLICY_MAPPING_it; ++ POLICY_MAPPING_it; ++ STORE_parse_attrs_start; ++ POLICY_CONSTRAINTS_free; ++ EVP_PKEY_add1_attr_by_NID; ++ BN_nist_mod_192; ++ EC_GROUP_get_trinomial_basis; ++ STORE_set_method; ++ GENERAL_SUBTREE_free; ++ NAME_CONSTRAINTS_it; ++ NAME_CONSTRAINTS_it; ++ ECDH_get_default_method; ++ PKCS12_add_safe; ++ EC_KEY_new_by_curve_name; ++ STORE_meth_get_update_store_fn; ++ STORE_method_get_update_store_function; ++ ENGINE_register_ECDH; ++ SHA512_Update; ++ i2d_ECPrivateKey; ++ BN_get0_nist_prime_192; ++ STORE_modify_certificate; ++ EC_POINT_set_affine_coordinates_GF2m; ++ EC_POINT_set_affine_coords_GF2m; ++ BN_GF2m_mod_exp_arr; ++ STORE_ATTR_INFO_modify_number; ++ X509_keyid_get0; ++ ENGINE_load_gmp; ++ pitem_new; ++ BN_GF2m_mod_mul_arr; ++ STORE_list_public_key_endp; ++ o2i_ECPublicKey; ++ EC_KEY_copy; ++ BIO_dump_fp; ++ X509_policy_node_get0_parent; ++ EC_GROUP_check_discriminant; ++ i2o_ECPublicKey; ++ EC_KEY_precompute_mult; ++ a2i_IPADDRESS; ++ STORE_meth_set_initialise_fn; ++ STORE_method_set_initialise_function; ++ X509_STORE_CTX_set_depth; ++ X509_VERIFY_PARAM_inherit; ++ EC_POINT_point2bn; ++ STORE_ATTR_INFO_set_dn; ++ X509_policy_tree_get0_policies; ++ EC_GROUP_new_curve_GF2m; ++ STORE_destroy_method; ++ ENGINE_unregister_STORE; ++ EVP_PKEY_get1_EC_KEY; ++ STORE_ATTR_INFO_get0_number; ++ ENGINE_get_default_ECDH; ++ EC_KEY_get_conv_form; ++ ASN1_OCTET_STRING_NDEF_it; ++ ASN1_OCTET_STRING_NDEF_it; ++ STORE_delete_public_key; ++ STORE_get_public_key; ++ STORE_modify_arbitrary; ++ ENGINE_get_static_state; ++ pqueue_iterator; ++ ECDSA_SIG_new; ++ OPENSSL_DIR_end; ++ BN_GF2m_mod_sqr; ++ EC_POINT_bn2point; ++ X509_VERIFY_PARAM_set_depth; ++ EC_KEY_set_asn1_flag; ++ STORE_get_method; ++ EC_KEY_get_key_method_data; ++ ECDSA_sign_ex; ++ STORE_parse_attrs_end; ++ EC_GROUP_get_point_conversion_form; ++ EC_GROUP_get_point_conv_form; ++ STORE_method_set_store_function; ++ STORE_ATTR_INFO_in; ++ PEM_read_bio_ECPKParameters; ++ EC_GROUP_get_pentanomial_basis; ++ EVP_PKEY_add1_attr_by_txt; ++ BN_BLINDING_set_flags; ++ X509_VERIFY_PARAM_set1_policies; ++ X509_VERIFY_PARAM_set1_name; ++ X509_VERIFY_PARAM_set_purpose; ++ STORE_get_number; ++ ECDSA_sign_setup; ++ BN_GF2m_mod_solve_quad_arr; ++ EC_KEY_up_ref; ++ POLICY_MAPPING_free; ++ BN_GF2m_mod_div; ++ X509_VERIFY_PARAM_set_flags; ++ EC_KEY_free; ++ STORE_meth_set_list_next_fn; ++ STORE_method_set_list_next_function; ++ PEM_write_bio_ECPrivateKey; ++ d2i_EC_PUBKEY; ++ STORE_meth_get_generate_fn; ++ STORE_method_get_generate_function; ++ STORE_meth_set_list_end_fn; ++ STORE_method_set_list_end_function; ++ pqueue_print; ++ EC_GROUP_have_precompute_mult; ++ EC_KEY_print_fp; ++ BN_GF2m_mod_arr; ++ PEM_write_bio_X509_CERT_PAIR; ++ EVP_PKEY_cmp; ++ X509_policy_level_node_count; ++ STORE_new_engine; ++ STORE_list_public_key_start; ++ X509_VERIFY_PARAM_new; ++ ECDH_get_ex_data; ++ EVP_PKEY_get_attr; ++ ECDSA_do_sign; ++ ENGINE_unregister_ECDH; ++ ECDH_OpenSSL; ++ EC_KEY_set_conv_form; ++ EC_POINT_dup; ++ GENERAL_SUBTREE_new; ++ STORE_list_crl_endp; ++ EC_get_builtin_curves; ++ X509_policy_node_get0_qualifiers; ++ X509_pcy_node_get0_qualifiers; ++ STORE_list_crl_end; ++ EVP_PKEY_set1_EC_KEY; ++ BN_GF2m_mod_sqrt_arr; ++ i2d_ECPrivateKey_bio; ++ ECPKParameters_print_fp; ++ pqueue_find; ++ ECDSA_SIG_free; ++ PEM_write_bio_ECPKParameters; ++ STORE_method_set_ctrl_function; ++ STORE_list_public_key_end; ++ EC_KEY_set_private_key; ++ pqueue_peek; ++ STORE_get_arbitrary; ++ STORE_store_crl; ++ X509_policy_node_get0_policy; ++ PKCS12_add_safes; ++ BN_BLINDING_convert_ex; ++ X509_policy_tree_free; ++ OPENSSL_ia32cap_loc; ++ BN_GF2m_poly2arr; ++ STORE_ctrl; ++ STORE_ATTR_INFO_compare; ++ BN_get0_nist_prime_224; ++ i2d_ECParameters; ++ i2d_ECPKParameters; ++ BN_GENCB_call; ++ d2i_ECPKParameters; ++ STORE_meth_set_generate_fn; ++ STORE_method_set_generate_function; ++ ENGINE_set_ECDH; ++ NAME_CONSTRAINTS_new; ++ SHA256_Init; ++ EC_KEY_get0_public_key; ++ PEM_write_bio_EC_PUBKEY; ++ STORE_ATTR_INFO_set_cstr; ++ STORE_list_crl_next; ++ STORE_ATTR_INFO_in_range; ++ ECParameters_print; ++ STORE_meth_set_delete_fn; ++ STORE_method_set_delete_function; ++ STORE_list_certificate_next; ++ ASN1_generate_nconf; ++ BUF_memdup; ++ BN_GF2m_mod_mul; ++ STORE_meth_get_list_next_fn; ++ STORE_method_get_list_next_function; ++ STORE_ATTR_INFO_get0_dn; ++ STORE_list_private_key_next; ++ EC_GROUP_set_seed; ++ X509_VERIFY_PARAM_set_trust; ++ STORE_ATTR_INFO_free; ++ STORE_get_private_key; ++ EVP_PKEY_get_attr_count; ++ STORE_ATTR_INFO_new; ++ EC_GROUP_get_curve_GF2m; ++ STORE_meth_set_revoke_fn; ++ STORE_method_set_revoke_function; ++ STORE_store_number; ++ BN_is_prime_ex; ++ STORE_revoke_public_key; ++ X509_STORE_CTX_get0_param; ++ STORE_delete_arbitrary; ++ PEM_read_X509_CERT_PAIR; ++ X509_STORE_set_depth; ++ ECDSA_get_ex_data; ++ SHA224; ++ BIO_dump_indent_fp; ++ EC_KEY_set_group; ++ BUF_strndup; ++ STORE_list_certificate_start; ++ BN_GF2m_mod; ++ X509_REQ_check_private_key; ++ EC_GROUP_get_seed_len; ++ ERR_load_STORE_strings; ++ PEM_read_bio_EC_PUBKEY; ++ STORE_list_private_key_end; ++ i2d_EC_PUBKEY; ++ ECDSA_get_default_method; ++ ASN1_put_eoc; ++ X509_STORE_CTX_get_explicit_policy; ++ X509_STORE_CTX_get_expl_policy; ++ X509_VERIFY_PARAM_table_cleanup; ++ STORE_modify_private_key; ++ X509_VERIFY_PARAM_free; ++ EC_METHOD_get_field_type; ++ EC_GFp_nist_method; ++ STORE_meth_set_modify_fn; ++ STORE_method_set_modify_function; ++ STORE_parse_attrs_next; ++ ENGINE_load_padlock; ++ EC_GROUP_set_curve_name; ++ X509_CERT_PAIR_it; ++ X509_CERT_PAIR_it; ++ STORE_meth_get_revoke_fn; ++ STORE_method_get_revoke_function; ++ STORE_method_set_get_function; ++ STORE_modify_number; ++ STORE_method_get_store_function; ++ STORE_store_private_key; ++ BN_GF2m_mod_sqr_arr; ++ RSA_setup_blinding; ++ BIO_s_datagram; ++ STORE_Memory; ++ sk_find_ex; ++ EC_GROUP_set_curve_GF2m; ++ ENGINE_set_default_ECDSA; ++ POLICY_CONSTRAINTS_new; ++ BN_GF2m_mod_sqrt; ++ ECDH_set_default_method; ++ EC_KEY_generate_key; ++ SHA384_Update; ++ BN_GF2m_arr2poly; ++ STORE_method_get_get_function; ++ STORE_meth_set_cleanup_fn; ++ STORE_method_set_cleanup_function; ++ EC_GROUP_check; ++ d2i_ECPrivateKey_bio; ++ EC_KEY_insert_key_method_data; ++ STORE_meth_get_lock_store_fn; ++ STORE_method_get_lock_store_function; ++ X509_VERIFY_PARAM_get_depth; ++ SHA224_Final; ++ STORE_meth_set_update_store_fn; ++ STORE_method_set_update_store_function; ++ SHA224_Update; ++ d2i_ECPrivateKey; ++ ASN1_item_ndef_i2d; ++ STORE_delete_private_key; ++ ERR_pop_to_mark; ++ ENGINE_register_all_STORE; ++ X509_policy_level_get0_node; ++ i2d_PKCS7_NDEF; ++ EC_GROUP_get_degree; ++ ASN1_generate_v3; ++ STORE_ATTR_INFO_modify_cstr; ++ X509_policy_tree_level_count; ++ BN_GF2m_add; ++ EC_KEY_get0_group; ++ STORE_generate_crl; ++ STORE_store_public_key; ++ X509_CERT_PAIR_free; ++ STORE_revoke_private_key; ++ BN_nist_mod_224; ++ SHA512_Final; ++ STORE_ATTR_INFO_modify_dn; ++ STORE_meth_get_initialise_fn; ++ STORE_method_get_initialise_function; ++ STORE_delete_number; ++ i2d_EC_PUBKEY_bio; ++ BIO_dgram_non_fatal_error; ++ EC_GROUP_get_asn1_flag; ++ STORE_ATTR_INFO_in_ex; ++ STORE_list_crl_start; ++ ECDH_get_ex_new_index; ++ STORE_meth_get_modify_fn; ++ STORE_method_get_modify_function; ++ v2i_ASN1_BIT_STRING; ++ STORE_store_certificate; ++ OBJ_bsearch_ex; ++ X509_STORE_CTX_set_default; ++ STORE_ATTR_INFO_set_sha1str; ++ BN_GF2m_mod_inv; ++ BN_GF2m_mod_exp; ++ STORE_modify_public_key; ++ STORE_meth_get_list_start_fn; ++ STORE_method_get_list_start_function; ++ EC_GROUP_get0_seed; ++ STORE_store_arbitrary; ++ STORE_meth_set_unlock_store_fn; ++ STORE_method_set_unlock_store_function; ++ BN_GF2m_mod_div_arr; ++ ENGINE_set_ECDSA; ++ STORE_create_method; ++ ECPKParameters_print; ++ EC_KEY_get0_private_key; ++ PEM_write_EC_PUBKEY; ++ X509_VERIFY_PARAM_set1; ++ ECDH_set_method; ++ v2i_GENERAL_NAME_ex; ++ ECDH_set_ex_data; ++ STORE_generate_key; ++ BN_nist_mod_521; ++ X509_policy_tree_get0_level; ++ EC_GROUP_set_point_conversion_form; ++ EC_GROUP_set_point_conv_form; ++ PEM_read_EC_PUBKEY; ++ i2d_ECDSA_SIG; ++ ECDSA_OpenSSL; ++ STORE_delete_crl; ++ EC_KEY_get_enc_flags; ++ ASN1_const_check_infinite_end; ++ EVP_PKEY_delete_attr; ++ ECDSA_set_default_method; ++ EC_POINT_set_compressed_coordinates_GF2m; ++ EC_POINT_set_compr_coords_GF2m; ++ EC_GROUP_cmp; ++ STORE_revoke_certificate; ++ BN_get0_nist_prime_256; ++ STORE_meth_get_delete_fn; ++ STORE_method_get_delete_function; ++ SHA224_Init; ++ PEM_read_ECPrivateKey; ++ SHA512_Init; ++ STORE_parse_attrs_endp; ++ BN_set_negative; ++ ERR_load_ECDSA_strings; ++ EC_GROUP_get_basis_type; ++ STORE_list_public_key_next; ++ i2v_ASN1_BIT_STRING; ++ STORE_OBJECT_free; ++ BN_nist_mod_384; ++ i2d_X509_CERT_PAIR; ++ PEM_write_ECPKParameters; ++ ECDH_compute_key; ++ STORE_ATTR_INFO_get0_sha1str; ++ ENGINE_register_all_ECDH; ++ pqueue_pop; ++ STORE_ATTR_INFO_get0_cstr; ++ POLICY_CONSTRAINTS_it; ++ POLICY_CONSTRAINTS_it; ++ STORE_get_ex_new_index; ++ EVP_PKEY_get_attr_by_OBJ; ++ X509_VERIFY_PARAM_add0_policy; ++ BN_GF2m_mod_solve_quad; ++ SHA256; ++ i2d_ECPrivateKey_fp; ++ X509_policy_tree_get0_user_policies; ++ X509_pcy_tree_get0_usr_policies; ++ OPENSSL_DIR_read; ++ ENGINE_register_all_ECDSA; ++ X509_VERIFY_PARAM_lookup; ++ EC_POINT_get_affine_coordinates_GF2m; ++ EC_POINT_get_affine_coords_GF2m; ++ EC_GROUP_dup; ++ ENGINE_get_default_ECDSA; ++ EC_KEY_new; ++ SHA256_Transform; ++ EC_KEY_set_enc_flags; ++ ECDSA_verify; ++ EC_POINT_point2hex; ++ ENGINE_get_STORE; ++ SHA512; ++ STORE_get_certificate; ++ ECDSA_do_sign_ex; ++ ECDSA_do_verify; ++ d2i_ECPrivateKey_fp; ++ STORE_delete_certificate; ++ SHA512_Transform; ++ X509_STORE_set1_param; ++ STORE_method_get_ctrl_function; ++ STORE_free; ++ PEM_write_ECPrivateKey; ++ STORE_meth_get_unlock_store_fn; ++ STORE_method_get_unlock_store_function; ++ STORE_get_ex_data; ++ EC_KEY_set_public_key; ++ PEM_read_ECPKParameters; ++ X509_CERT_PAIR_new; ++ ENGINE_register_STORE; ++ RSA_generate_key_ex; ++ DSA_generate_parameters_ex; ++ ECParameters_print_fp; ++ X509V3_NAME_from_section; ++ EVP_PKEY_add1_attr; ++ STORE_modify_crl; ++ STORE_list_private_key_start; ++ POLICY_MAPPINGS_it; ++ POLICY_MAPPINGS_it; ++ GENERAL_SUBTREE_it; ++ GENERAL_SUBTREE_it; ++ EC_GROUP_get_curve_name; ++ PEM_write_X509_CERT_PAIR; ++ BIO_dump_indent_cb; ++ d2i_X509_CERT_PAIR; ++ STORE_list_private_key_endp; ++ asn1_const_Finish; ++ i2d_EC_PUBKEY_fp; ++ BN_nist_mod_256; ++ X509_VERIFY_PARAM_add0_table; ++ pqueue_free; ++ BN_BLINDING_create_param; ++ ECDSA_size; ++ d2i_EC_PUBKEY_bio; ++ BN_get0_nist_prime_521; ++ STORE_ATTR_INFO_modify_sha1str; ++ BN_generate_prime_ex; ++ EC_GROUP_new_by_curve_name; ++ SHA256_Final; ++ DH_generate_parameters_ex; ++ PEM_read_bio_ECPrivateKey; ++ STORE_meth_get_cleanup_fn; ++ STORE_method_get_cleanup_function; ++ ENGINE_get_ECDH; ++ d2i_ECDSA_SIG; ++ BN_is_prime_fasttest_ex; ++ ECDSA_sign; ++ X509_policy_check; ++ EVP_PKEY_get_attr_by_NID; ++ STORE_set_ex_data; ++ ENGINE_get_ECDSA; ++ EVP_ecdsa; ++ BN_BLINDING_get_flags; ++ PKCS12_add_cert; ++ STORE_OBJECT_new; ++ ERR_load_ECDH_strings; ++ EC_KEY_dup; ++ EVP_CIPHER_CTX_rand_key; ++ ECDSA_set_method; ++ a2i_IPADDRESS_NC; ++ d2i_ECParameters; ++ STORE_list_certificate_end; ++ STORE_get_crl; ++ X509_POLICY_NODE_print; ++ SHA384_Init; ++ EC_GF2m_simple_method; ++ ECDSA_set_ex_data; ++ SHA384_Final; ++ PKCS7_set_digest; ++ EC_KEY_print; ++ STORE_meth_set_lock_store_fn; ++ STORE_method_set_lock_store_function; ++ ECDSA_get_ex_new_index; ++ SHA384; ++ POLICY_MAPPING_new; ++ STORE_list_certificate_endp; ++ X509_STORE_CTX_get0_policy_tree; ++ EC_GROUP_set_asn1_flag; ++ EC_KEY_check_key; ++ d2i_EC_PUBKEY_fp; ++ PKCS7_set0_type_other; ++ PEM_read_bio_X509_CERT_PAIR; ++ pqueue_next; ++ STORE_meth_get_list_end_fn; ++ STORE_method_get_list_end_function; ++ EVP_PKEY_add1_attr_by_OBJ; ++ X509_VERIFY_PARAM_set_time; ++ pqueue_new; ++ ENGINE_set_default_ECDH; ++ STORE_new_method; ++ PKCS12_add_key; ++ DSO_merge; ++ EC_POINT_hex2point; ++ BIO_dump_cb; ++ SHA256_Update; ++ pqueue_insert; ++ pitem_free; ++ BN_GF2m_mod_inv_arr; ++ ENGINE_unregister_ECDSA; ++ BN_BLINDING_set_thread_id; ++ get_rfc3526_prime_8192; ++ X509_VERIFY_PARAM_clear_flags; ++ get_rfc2409_prime_1024; ++ DH_check_pub_key; ++ get_rfc3526_prime_2048; ++ get_rfc3526_prime_6144; ++ get_rfc3526_prime_1536; ++ get_rfc3526_prime_3072; ++ get_rfc3526_prime_4096; ++ get_rfc2409_prime_768; ++ X509_VERIFY_PARAM_get_flags; ++ EVP_CIPHER_CTX_new; ++ EVP_CIPHER_CTX_free; ++ Camellia_cbc_encrypt; ++ Camellia_cfb128_encrypt; ++ Camellia_cfb1_encrypt; ++ Camellia_cfb8_encrypt; ++ Camellia_ctr128_encrypt; ++ Camellia_cfbr_encrypt_block; ++ Camellia_decrypt; ++ Camellia_ecb_encrypt; ++ Camellia_encrypt; ++ Camellia_ofb128_encrypt; ++ Camellia_set_key; ++ EVP_camellia_128_cbc; ++ EVP_camellia_128_cfb128; ++ EVP_camellia_128_cfb1; ++ EVP_camellia_128_cfb8; ++ EVP_camellia_128_ecb; ++ EVP_camellia_128_ofb; ++ EVP_camellia_192_cbc; ++ EVP_camellia_192_cfb128; ++ EVP_camellia_192_cfb1; ++ EVP_camellia_192_cfb8; ++ EVP_camellia_192_ecb; ++ EVP_camellia_192_ofb; ++ EVP_camellia_256_cbc; ++ EVP_camellia_256_cfb128; ++ EVP_camellia_256_cfb1; ++ EVP_camellia_256_cfb8; ++ EVP_camellia_256_ecb; ++ EVP_camellia_256_ofb; ++ a2i_ipadd; ++ ASIdentifiers_free; ++ i2d_ASIdOrRange; ++ EVP_CIPHER_block_size; ++ v3_asid_is_canonical; ++ IPAddressChoice_free; ++ EVP_CIPHER_CTX_set_app_data; ++ BIO_set_callback_arg; ++ v3_addr_add_prefix; ++ IPAddressOrRange_it; ++ IPAddressOrRange_it; ++ BIO_set_flags; ++ ASIdentifiers_it; ++ ASIdentifiers_it; ++ v3_addr_get_range; ++ BIO_method_type; ++ v3_addr_inherits; ++ IPAddressChoice_it; ++ IPAddressChoice_it; ++ AES_ige_encrypt; ++ v3_addr_add_range; ++ EVP_CIPHER_CTX_nid; ++ d2i_ASRange; ++ v3_addr_add_inherit; ++ v3_asid_add_id_or_range; ++ v3_addr_validate_resource_set; ++ EVP_CIPHER_iv_length; ++ EVP_MD_type; ++ v3_asid_canonize; ++ IPAddressRange_free; ++ v3_asid_add_inherit; ++ EVP_CIPHER_CTX_key_length; ++ IPAddressRange_new; ++ ASIdOrRange_new; ++ EVP_MD_size; ++ EVP_MD_CTX_test_flags; ++ BIO_clear_flags; ++ i2d_ASRange; ++ IPAddressRange_it; ++ IPAddressRange_it; ++ IPAddressChoice_new; ++ ASIdentifierChoice_new; ++ ASRange_free; ++ EVP_MD_pkey_type; ++ EVP_MD_CTX_clear_flags; ++ IPAddressFamily_free; ++ i2d_IPAddressFamily; ++ IPAddressOrRange_new; ++ EVP_CIPHER_flags; ++ v3_asid_validate_resource_set; ++ d2i_IPAddressRange; ++ AES_bi_ige_encrypt; ++ BIO_get_callback; ++ IPAddressOrRange_free; ++ v3_addr_subset; ++ d2i_IPAddressFamily; ++ v3_asid_subset; ++ BIO_test_flags; ++ i2d_ASIdentifierChoice; ++ ASRange_it; ++ ASRange_it; ++ d2i_ASIdentifiers; ++ ASRange_new; ++ d2i_IPAddressChoice; ++ v3_addr_get_afi; ++ EVP_CIPHER_key_length; ++ EVP_Cipher; ++ i2d_IPAddressOrRange; ++ ASIdOrRange_it; ++ ASIdOrRange_it; ++ EVP_CIPHER_nid; ++ i2d_IPAddressChoice; ++ EVP_CIPHER_CTX_block_size; ++ ASIdentifiers_new; ++ v3_addr_validate_path; ++ IPAddressFamily_new; ++ EVP_MD_CTX_set_flags; ++ v3_addr_is_canonical; ++ i2d_IPAddressRange; ++ IPAddressFamily_it; ++ IPAddressFamily_it; ++ v3_asid_inherits; ++ EVP_CIPHER_CTX_cipher; ++ EVP_CIPHER_CTX_get_app_data; ++ EVP_MD_block_size; ++ EVP_CIPHER_CTX_flags; ++ v3_asid_validate_path; ++ d2i_IPAddressOrRange; ++ v3_addr_canonize; ++ ASIdentifierChoice_it; ++ ASIdentifierChoice_it; ++ EVP_MD_CTX_md; ++ d2i_ASIdentifierChoice; ++ BIO_method_name; ++ EVP_CIPHER_CTX_iv_length; ++ ASIdOrRange_free; ++ ASIdentifierChoice_free; ++ BIO_get_callback_arg; ++ BIO_set_callback; ++ d2i_ASIdOrRange; ++ i2d_ASIdentifiers; ++ SEED_decrypt; ++ SEED_encrypt; ++ SEED_cbc_encrypt; ++ EVP_seed_ofb; ++ SEED_cfb128_encrypt; ++ SEED_ofb128_encrypt; ++ EVP_seed_cbc; ++ SEED_ecb_encrypt; ++ EVP_seed_ecb; ++ SEED_set_key; ++ EVP_seed_cfb128; ++ X509_EXTENSIONS_it; ++ X509_EXTENSIONS_it; ++ X509_get1_ocsp; ++ OCSP_REQ_CTX_free; ++ i2d_X509_EXTENSIONS; ++ OCSP_sendreq_nbio; ++ OCSP_sendreq_new; ++ d2i_X509_EXTENSIONS; ++ X509_ALGORS_it; ++ X509_ALGORS_it; ++ X509_ALGOR_get0; ++ X509_ALGOR_set0; ++ AES_unwrap_key; ++ AES_wrap_key; ++ X509at_get0_data_by_OBJ; ++ ASN1_TYPE_set1; ++ ASN1_STRING_set0; ++ i2d_X509_ALGORS; ++ BIO_f_zlib; ++ COMP_zlib_cleanup; ++ d2i_X509_ALGORS; ++ CMS_ReceiptRequest_free; ++ PEM_write_CMS; ++ CMS_add0_CertificateChoices; ++ CMS_unsigned_add1_attr_by_OBJ; ++ ERR_load_CMS_strings; ++ CMS_sign_receipt; ++ i2d_CMS_ContentInfo; ++ CMS_signed_delete_attr; ++ d2i_CMS_bio; ++ CMS_unsigned_get_attr_by_NID; ++ CMS_verify; ++ SMIME_read_CMS; ++ CMS_decrypt_set1_key; ++ CMS_SignerInfo_get0_algs; ++ CMS_add1_cert; ++ CMS_set_detached; ++ CMS_encrypt; ++ CMS_EnvelopedData_create; ++ CMS_uncompress; ++ CMS_add0_crl; ++ CMS_SignerInfo_verify_content; ++ CMS_unsigned_get0_data_by_OBJ; ++ PEM_write_bio_CMS; ++ CMS_unsigned_get_attr; ++ CMS_RecipientInfo_ktri_cert_cmp; ++ CMS_RecipientInfo_ktri_get0_algs; ++ CMS_RecipInfo_ktri_get0_algs; ++ CMS_ContentInfo_free; ++ CMS_final; ++ CMS_add_simple_smimecap; ++ CMS_SignerInfo_verify; ++ CMS_data; ++ CMS_ContentInfo_it; ++ CMS_ContentInfo_it; ++ d2i_CMS_ReceiptRequest; ++ CMS_compress; ++ CMS_digest_create; ++ CMS_SignerInfo_cert_cmp; ++ CMS_SignerInfo_sign; ++ CMS_data_create; ++ i2d_CMS_bio; ++ CMS_EncryptedData_set1_key; ++ CMS_decrypt; ++ int_smime_write_ASN1; ++ CMS_unsigned_delete_attr; ++ CMS_unsigned_get_attr_count; ++ CMS_add_smimecap; ++ PEM_read_CMS; ++ CMS_signed_get_attr_by_OBJ; ++ d2i_CMS_ContentInfo; ++ CMS_add_standard_smimecap; ++ CMS_ContentInfo_new; ++ CMS_RecipientInfo_type; ++ CMS_get0_type; ++ CMS_is_detached; ++ CMS_sign; ++ CMS_signed_add1_attr; ++ CMS_unsigned_get_attr_by_OBJ; ++ SMIME_write_CMS; ++ CMS_EncryptedData_decrypt; ++ CMS_get0_RecipientInfos; ++ CMS_add0_RevocationInfoChoice; ++ CMS_decrypt_set1_pkey; ++ CMS_SignerInfo_set1_signer_cert; ++ CMS_get0_signers; ++ CMS_ReceiptRequest_get0_values; ++ CMS_signed_get0_data_by_OBJ; ++ CMS_get0_SignerInfos; ++ CMS_add0_cert; ++ CMS_EncryptedData_encrypt; ++ CMS_digest_verify; ++ CMS_set1_signers_certs; ++ CMS_signed_get_attr; ++ CMS_RecipientInfo_set0_key; ++ CMS_SignedData_init; ++ CMS_RecipientInfo_kekri_get0_id; ++ CMS_verify_receipt; ++ CMS_ReceiptRequest_it; ++ CMS_ReceiptRequest_it; ++ PEM_read_bio_CMS; ++ CMS_get1_crls; ++ CMS_add0_recipient_key; ++ SMIME_read_ASN1; ++ CMS_ReceiptRequest_new; ++ CMS_get0_content; ++ CMS_get1_ReceiptRequest; ++ CMS_signed_add1_attr_by_OBJ; ++ CMS_RecipientInfo_kekri_id_cmp; ++ CMS_add1_ReceiptRequest; ++ CMS_SignerInfo_get0_signer_id; ++ CMS_unsigned_add1_attr_by_NID; ++ CMS_unsigned_add1_attr; ++ CMS_signed_get_attr_by_NID; ++ CMS_get1_certs; ++ CMS_signed_add1_attr_by_NID; ++ CMS_unsigned_add1_attr_by_txt; ++ CMS_dataFinal; ++ CMS_RecipientInfo_ktri_get0_signer_id; ++ CMS_RecipInfo_ktri_get0_sigr_id; ++ i2d_CMS_ReceiptRequest; ++ CMS_add1_recipient_cert; ++ CMS_dataInit; ++ CMS_signed_add1_attr_by_txt; ++ CMS_RecipientInfo_decrypt; ++ CMS_signed_get_attr_count; ++ CMS_get0_eContentType; ++ CMS_set1_eContentType; ++ CMS_ReceiptRequest_create0; ++ CMS_add1_signer; ++ CMS_RecipientInfo_set0_pkey; ++ ENGINE_set_load_ssl_client_cert_function; ++ ENGINE_set_ld_ssl_clnt_cert_fn; ++ ENGINE_get_ssl_client_cert_function; ++ ENGINE_get_ssl_client_cert_fn; ++ ENGINE_load_ssl_client_cert; ++ ENGINE_load_capi; ++ OPENSSL_isservice; ++ FIPS_dsa_sig_decode; ++ EVP_CIPHER_CTX_clear_flags; ++ FIPS_rand_status; ++ FIPS_rand_set_key; ++ CRYPTO_set_mem_info_functions; ++ RSA_X931_generate_key_ex; ++ int_ERR_set_state_func; ++ int_EVP_MD_set_engine_callbacks; ++ int_CRYPTO_set_do_dynlock_callback; ++ FIPS_rng_stick; ++ EVP_CIPHER_CTX_set_flags; ++ BN_X931_generate_prime_ex; ++ FIPS_selftest_check; ++ FIPS_rand_set_dt; ++ CRYPTO_dbg_pop_info; ++ FIPS_dsa_free; ++ RSA_X931_derive_ex; ++ FIPS_rsa_new; ++ FIPS_rand_bytes; ++ fips_cipher_test; ++ EVP_CIPHER_CTX_test_flags; ++ CRYPTO_malloc_debug_init; ++ CRYPTO_dbg_push_info; ++ FIPS_corrupt_rsa_keygen; ++ FIPS_dh_new; ++ FIPS_corrupt_dsa_keygen; ++ FIPS_dh_free; ++ fips_pkey_signature_test; ++ EVP_add_alg_module; ++ int_RAND_init_engine_callbacks; ++ int_EVP_CIPHER_set_engine_callbacks; ++ int_EVP_MD_init_engine_callbacks; ++ FIPS_rand_test_mode; ++ FIPS_rand_reset; ++ FIPS_dsa_new; ++ int_RAND_set_callbacks; ++ BN_X931_derive_prime_ex; ++ int_ERR_lib_init; ++ int_EVP_CIPHER_init_engine_callbacks; ++ FIPS_rsa_free; ++ FIPS_dsa_sig_encode; ++ CRYPTO_dbg_remove_all_info; ++ OPENSSL_init; ++ CRYPTO_strdup; ++ JPAKE_STEP3A_process; ++ JPAKE_STEP1_release; ++ JPAKE_get_shared_key; ++ JPAKE_STEP3B_init; ++ JPAKE_STEP1_generate; ++ JPAKE_STEP1_init; ++ JPAKE_STEP3B_process; ++ JPAKE_STEP2_generate; ++ JPAKE_CTX_new; ++ JPAKE_CTX_free; ++ JPAKE_STEP3B_release; ++ JPAKE_STEP3A_release; ++ JPAKE_STEP2_process; ++ JPAKE_STEP3B_generate; ++ JPAKE_STEP1_process; ++ JPAKE_STEP3A_generate; ++ JPAKE_STEP2_release; ++ JPAKE_STEP3A_init; ++ ERR_load_JPAKE_strings; ++ JPAKE_STEP2_init; ++ pqueue_size; ++ i2d_TS_ACCURACY; ++ i2d_TS_MSG_IMPRINT_fp; ++ i2d_TS_MSG_IMPRINT; ++ EVP_PKEY_print_public; ++ EVP_PKEY_CTX_new; ++ i2d_TS_TST_INFO; ++ EVP_PKEY_asn1_find; ++ DSO_METHOD_beos; ++ TS_CONF_load_cert; ++ TS_REQ_get_ext; ++ EVP_PKEY_sign_init; ++ ASN1_item_print; ++ TS_TST_INFO_set_nonce; ++ TS_RESP_dup; ++ ENGINE_register_pkey_meths; ++ EVP_PKEY_asn1_add0; ++ PKCS7_add0_attrib_signing_time; ++ i2d_TS_TST_INFO_fp; ++ BIO_asn1_get_prefix; ++ TS_TST_INFO_set_time; ++ EVP_PKEY_meth_set_decrypt; ++ EVP_PKEY_set_type_str; ++ EVP_PKEY_CTX_get_keygen_info; ++ TS_REQ_set_policy_id; ++ d2i_TS_RESP_fp; ++ ENGINE_get_pkey_asn1_meth_engine; ++ ENGINE_get_pkey_asn1_meth_eng; ++ WHIRLPOOL_Init; ++ TS_RESP_set_status_info; ++ EVP_PKEY_keygen; ++ EVP_DigestSignInit; ++ TS_ACCURACY_set_millis; ++ TS_REQ_dup; ++ GENERAL_NAME_dup; ++ ASN1_SEQUENCE_ANY_it; ++ ASN1_SEQUENCE_ANY_it; ++ WHIRLPOOL; ++ X509_STORE_get1_crls; ++ ENGINE_get_pkey_asn1_meth; ++ EVP_PKEY_asn1_new; ++ BIO_new_NDEF; ++ ENGINE_get_pkey_meth; ++ TS_MSG_IMPRINT_set_algo; ++ i2d_TS_TST_INFO_bio; ++ TS_TST_INFO_set_ordering; ++ TS_TST_INFO_get_ext_by_OBJ; ++ CRYPTO_THREADID_set_pointer; ++ TS_CONF_get_tsa_section; ++ SMIME_write_ASN1; ++ TS_RESP_CTX_set_signer_key; ++ EVP_PKEY_encrypt_old; ++ EVP_PKEY_encrypt_init; ++ CRYPTO_THREADID_cpy; ++ ASN1_PCTX_get_cert_flags; ++ i2d_ESS_SIGNING_CERT; ++ TS_CONF_load_key; ++ i2d_ASN1_SEQUENCE_ANY; ++ d2i_TS_MSG_IMPRINT_bio; ++ EVP_PKEY_asn1_set_public; ++ b2i_PublicKey_bio; ++ BIO_asn1_set_prefix; ++ EVP_PKEY_new_mac_key; ++ BIO_new_CMS; ++ CRYPTO_THREADID_cmp; ++ TS_REQ_ext_free; ++ EVP_PKEY_asn1_set_free; ++ EVP_PKEY_get0_asn1; ++ d2i_NETSCAPE_X509; ++ EVP_PKEY_verify_recover_init; ++ EVP_PKEY_CTX_set_data; ++ EVP_PKEY_keygen_init; ++ TS_RESP_CTX_set_status_info; ++ TS_MSG_IMPRINT_get_algo; ++ TS_REQ_print_bio; ++ EVP_PKEY_CTX_ctrl_str; ++ EVP_PKEY_get_default_digest_nid; ++ PEM_write_bio_PKCS7_stream; ++ TS_MSG_IMPRINT_print_bio; ++ BN_asc2bn; ++ TS_REQ_get_policy_id; ++ ENGINE_set_default_pkey_asn1_meths; ++ ENGINE_set_def_pkey_asn1_meths; ++ d2i_TS_ACCURACY; ++ DSO_global_lookup; ++ TS_CONF_set_tsa_name; ++ i2d_ASN1_SET_ANY; ++ ENGINE_load_gost; ++ WHIRLPOOL_BitUpdate; ++ ASN1_PCTX_get_flags; ++ TS_TST_INFO_get_ext_by_NID; ++ TS_RESP_new; ++ ESS_CERT_ID_dup; ++ TS_STATUS_INFO_dup; ++ TS_REQ_delete_ext; ++ EVP_DigestVerifyFinal; ++ EVP_PKEY_print_params; ++ i2d_CMS_bio_stream; ++ TS_REQ_get_msg_imprint; ++ OBJ_find_sigid_by_algs; ++ TS_TST_INFO_get_serial; ++ TS_REQ_get_nonce; ++ X509_PUBKEY_set0_param; ++ EVP_PKEY_CTX_set0_keygen_info; ++ DIST_POINT_set_dpname; ++ i2d_ISSUING_DIST_POINT; ++ ASN1_SET_ANY_it; ++ ASN1_SET_ANY_it; ++ EVP_PKEY_CTX_get_data; ++ TS_STATUS_INFO_print_bio; ++ EVP_PKEY_derive_init; ++ d2i_TS_TST_INFO; ++ EVP_PKEY_asn1_add_alias; ++ d2i_TS_RESP_bio; ++ OTHERNAME_cmp; ++ GENERAL_NAME_set0_value; ++ PKCS7_RECIP_INFO_get0_alg; ++ TS_RESP_CTX_new; ++ TS_RESP_set_tst_info; ++ PKCS7_final; ++ EVP_PKEY_base_id; ++ TS_RESP_CTX_set_signer_cert; ++ TS_REQ_set_msg_imprint; ++ EVP_PKEY_CTX_ctrl; ++ TS_CONF_set_digests; ++ d2i_TS_MSG_IMPRINT; ++ EVP_PKEY_meth_set_ctrl; ++ TS_REQ_get_ext_by_NID; ++ PKCS5_pbe_set0_algor; ++ BN_BLINDING_thread_id; ++ TS_ACCURACY_new; ++ X509_CRL_METHOD_free; ++ ASN1_PCTX_get_nm_flags; ++ EVP_PKEY_meth_set_sign; ++ CRYPTO_THREADID_current; ++ EVP_PKEY_decrypt_init; ++ NETSCAPE_X509_free; ++ i2b_PVK_bio; ++ EVP_PKEY_print_private; ++ GENERAL_NAME_get0_value; ++ b2i_PVK_bio; ++ ASN1_UTCTIME_adj; ++ TS_TST_INFO_new; ++ EVP_MD_do_all_sorted; ++ TS_CONF_set_default_engine; ++ TS_ACCURACY_set_seconds; ++ TS_TST_INFO_get_time; ++ PKCS8_pkey_get0; ++ EVP_PKEY_asn1_get0; ++ OBJ_add_sigid; ++ PKCS7_SIGNER_INFO_sign; ++ EVP_PKEY_paramgen_init; ++ EVP_PKEY_sign; ++ OBJ_sigid_free; ++ EVP_PKEY_meth_set_init; ++ d2i_ESS_ISSUER_SERIAL; ++ ISSUING_DIST_POINT_new; ++ ASN1_TIME_adj; ++ TS_OBJ_print_bio; ++ EVP_PKEY_meth_set_verify_recover; ++ EVP_PKEY_meth_set_vrfy_recover; ++ TS_RESP_get_status_info; ++ CMS_stream; ++ EVP_PKEY_CTX_set_cb; ++ PKCS7_to_TS_TST_INFO; ++ ASN1_PCTX_get_oid_flags; ++ TS_TST_INFO_add_ext; ++ EVP_PKEY_meth_set_derive; ++ i2d_TS_RESP_fp; ++ i2d_TS_MSG_IMPRINT_bio; ++ TS_RESP_CTX_set_accuracy; ++ TS_REQ_set_nonce; ++ ESS_CERT_ID_new; ++ ENGINE_pkey_asn1_find_str; ++ TS_REQ_get_ext_count; ++ BUF_reverse; ++ TS_TST_INFO_print_bio; ++ d2i_ISSUING_DIST_POINT; ++ ENGINE_get_pkey_meths; ++ i2b_PrivateKey_bio; ++ i2d_TS_RESP; ++ b2i_PublicKey; ++ TS_VERIFY_CTX_cleanup; ++ TS_STATUS_INFO_free; ++ TS_RESP_verify_token; ++ OBJ_bsearch_ex_; ++ ASN1_bn_print; ++ EVP_PKEY_asn1_get_count; ++ ENGINE_register_pkey_asn1_meths; ++ ASN1_PCTX_set_nm_flags; ++ EVP_DigestVerifyInit; ++ ENGINE_set_default_pkey_meths; ++ TS_TST_INFO_get_policy_id; ++ TS_REQ_get_cert_req; ++ X509_CRL_set_meth_data; ++ PKCS8_pkey_set0; ++ ASN1_STRING_copy; ++ d2i_TS_TST_INFO_fp; ++ X509_CRL_match; ++ EVP_PKEY_asn1_set_private; ++ TS_TST_INFO_get_ext_d2i; ++ TS_RESP_CTX_add_policy; ++ d2i_TS_RESP; ++ TS_CONF_load_certs; ++ TS_TST_INFO_get_msg_imprint; ++ ERR_load_TS_strings; ++ TS_TST_INFO_get_version; ++ EVP_PKEY_CTX_dup; ++ EVP_PKEY_meth_set_verify; ++ i2b_PublicKey_bio; ++ TS_CONF_set_certs; ++ EVP_PKEY_asn1_get0_info; ++ TS_VERIFY_CTX_free; ++ TS_REQ_get_ext_by_critical; ++ TS_RESP_CTX_set_serial_cb; ++ X509_CRL_get_meth_data; ++ TS_RESP_CTX_set_time_cb; ++ TS_MSG_IMPRINT_get_msg; ++ TS_TST_INFO_ext_free; ++ TS_REQ_get_version; ++ TS_REQ_add_ext; ++ EVP_PKEY_CTX_set_app_data; ++ OBJ_bsearch_; ++ EVP_PKEY_meth_set_verifyctx; ++ i2d_PKCS7_bio_stream; ++ CRYPTO_THREADID_set_numeric; ++ PKCS7_sign_add_signer; ++ d2i_TS_TST_INFO_bio; ++ TS_TST_INFO_get_ordering; ++ TS_RESP_print_bio; ++ TS_TST_INFO_get_exts; ++ HMAC_CTX_copy; ++ PKCS5_pbe2_set_iv; ++ ENGINE_get_pkey_asn1_meths; ++ b2i_PrivateKey; ++ EVP_PKEY_CTX_get_app_data; ++ TS_REQ_set_cert_req; ++ CRYPTO_THREADID_set_callback; ++ TS_CONF_set_serial; ++ TS_TST_INFO_free; ++ d2i_TS_REQ_fp; ++ TS_RESP_verify_response; ++ i2d_ESS_ISSUER_SERIAL; ++ TS_ACCURACY_get_seconds; ++ EVP_CIPHER_do_all; ++ b2i_PrivateKey_bio; ++ OCSP_CERTID_dup; ++ X509_PUBKEY_get0_param; ++ TS_MSG_IMPRINT_dup; ++ PKCS7_print_ctx; ++ i2d_TS_REQ_bio; ++ EVP_whirlpool; ++ EVP_PKEY_asn1_set_param; ++ EVP_PKEY_meth_set_encrypt; ++ ASN1_PCTX_set_flags; ++ i2d_ESS_CERT_ID; ++ TS_VERIFY_CTX_new; ++ TS_RESP_CTX_set_extension_cb; ++ ENGINE_register_all_pkey_meths; ++ TS_RESP_CTX_set_status_info_cond; ++ TS_RESP_CTX_set_stat_info_cond; ++ EVP_PKEY_verify; ++ WHIRLPOOL_Final; ++ X509_CRL_METHOD_new; ++ EVP_DigestSignFinal; ++ TS_RESP_CTX_set_def_policy; ++ NETSCAPE_X509_it; ++ NETSCAPE_X509_it; ++ TS_RESP_create_response; ++ PKCS7_SIGNER_INFO_get0_algs; ++ TS_TST_INFO_get_nonce; ++ EVP_PKEY_decrypt_old; ++ TS_TST_INFO_set_policy_id; ++ TS_CONF_set_ess_cert_id_chain; ++ EVP_PKEY_CTX_get0_pkey; ++ d2i_TS_REQ; ++ EVP_PKEY_asn1_find_str; ++ BIO_f_asn1; ++ ESS_SIGNING_CERT_new; ++ EVP_PBE_find; ++ X509_CRL_get0_by_cert; ++ EVP_PKEY_derive; ++ i2d_TS_REQ; ++ TS_TST_INFO_delete_ext; ++ ESS_ISSUER_SERIAL_free; ++ ASN1_PCTX_set_str_flags; ++ ENGINE_get_pkey_asn1_meth_str; ++ TS_CONF_set_signer_key; ++ TS_ACCURACY_get_millis; ++ TS_RESP_get_token; ++ TS_ACCURACY_dup; ++ ENGINE_register_all_pkey_asn1_meths; ++ ENGINE_reg_all_pkey_asn1_meths; ++ X509_CRL_set_default_method; ++ CRYPTO_THREADID_hash; ++ CMS_ContentInfo_print_ctx; ++ TS_RESP_free; ++ ISSUING_DIST_POINT_free; ++ ESS_ISSUER_SERIAL_new; ++ CMS_add1_crl; ++ PKCS7_add1_attrib_digest; ++ TS_RESP_CTX_add_md; ++ TS_TST_INFO_dup; ++ ENGINE_set_pkey_asn1_meths; ++ PEM_write_bio_Parameters; ++ TS_TST_INFO_get_accuracy; ++ X509_CRL_get0_by_serial; ++ TS_TST_INFO_set_version; ++ TS_RESP_CTX_get_tst_info; ++ TS_RESP_verify_signature; ++ CRYPTO_THREADID_get_callback; ++ TS_TST_INFO_get_tsa; ++ TS_STATUS_INFO_new; ++ EVP_PKEY_CTX_get_cb; ++ TS_REQ_get_ext_d2i; ++ GENERAL_NAME_set0_othername; ++ TS_TST_INFO_get_ext_count; ++ TS_RESP_CTX_get_request; ++ i2d_NETSCAPE_X509; ++ ENGINE_get_pkey_meth_engine; ++ EVP_PKEY_meth_set_signctx; ++ EVP_PKEY_asn1_copy; ++ ASN1_TYPE_cmp; ++ EVP_CIPHER_do_all_sorted; ++ EVP_PKEY_CTX_free; ++ ISSUING_DIST_POINT_it; ++ ISSUING_DIST_POINT_it; ++ d2i_TS_MSG_IMPRINT_fp; ++ X509_STORE_get1_certs; ++ EVP_PKEY_CTX_get_operation; ++ d2i_ESS_SIGNING_CERT; ++ TS_CONF_set_ordering; ++ EVP_PBE_alg_add_type; ++ TS_REQ_set_version; ++ EVP_PKEY_get0; ++ BIO_asn1_set_suffix; ++ i2d_TS_STATUS_INFO; ++ EVP_MD_do_all; ++ TS_TST_INFO_set_accuracy; ++ PKCS7_add_attrib_content_type; ++ ERR_remove_thread_state; ++ EVP_PKEY_meth_add0; ++ TS_TST_INFO_set_tsa; ++ EVP_PKEY_meth_new; ++ WHIRLPOOL_Update; ++ TS_CONF_set_accuracy; ++ ASN1_PCTX_set_oid_flags; ++ ESS_SIGNING_CERT_dup; ++ d2i_TS_REQ_bio; ++ X509_time_adj_ex; ++ TS_RESP_CTX_add_flags; ++ d2i_TS_STATUS_INFO; ++ TS_MSG_IMPRINT_set_msg; ++ BIO_asn1_get_suffix; ++ TS_REQ_free; ++ EVP_PKEY_meth_free; ++ TS_REQ_get_exts; ++ TS_RESP_CTX_set_clock_precision_digits; ++ TS_RESP_CTX_set_clk_prec_digits; ++ TS_RESP_CTX_add_failure_info; ++ i2d_TS_RESP_bio; ++ EVP_PKEY_CTX_get0_peerkey; ++ PEM_write_bio_CMS_stream; ++ TS_REQ_new; ++ TS_MSG_IMPRINT_new; ++ EVP_PKEY_meth_find; ++ EVP_PKEY_id; ++ TS_TST_INFO_set_serial; ++ a2i_GENERAL_NAME; ++ TS_CONF_set_crypto_device; ++ EVP_PKEY_verify_init; ++ TS_CONF_set_policies; ++ ASN1_PCTX_new; ++ ESS_CERT_ID_free; ++ ENGINE_unregister_pkey_meths; ++ TS_MSG_IMPRINT_free; ++ TS_VERIFY_CTX_init; ++ PKCS7_stream; ++ TS_RESP_CTX_set_certs; ++ TS_CONF_set_def_policy; ++ ASN1_GENERALIZEDTIME_adj; ++ NETSCAPE_X509_new; ++ TS_ACCURACY_free; ++ TS_RESP_get_tst_info; ++ EVP_PKEY_derive_set_peer; ++ PEM_read_bio_Parameters; ++ TS_CONF_set_clock_precision_digits; ++ TS_CONF_set_clk_prec_digits; ++ ESS_ISSUER_SERIAL_dup; ++ TS_ACCURACY_get_micros; ++ ASN1_PCTX_get_str_flags; ++ NAME_CONSTRAINTS_check; ++ ASN1_BIT_STRING_check; ++ X509_check_akid; ++ ENGINE_unregister_pkey_asn1_meths; ++ ENGINE_unreg_pkey_asn1_meths; ++ ASN1_PCTX_free; ++ PEM_write_bio_ASN1_stream; ++ i2d_ASN1_bio_stream; ++ TS_X509_ALGOR_print_bio; ++ EVP_PKEY_meth_set_cleanup; ++ EVP_PKEY_asn1_free; ++ ESS_SIGNING_CERT_free; ++ TS_TST_INFO_set_msg_imprint; ++ GENERAL_NAME_cmp; ++ d2i_ASN1_SET_ANY; ++ ENGINE_set_pkey_meths; ++ i2d_TS_REQ_fp; ++ d2i_ASN1_SEQUENCE_ANY; ++ GENERAL_NAME_get0_otherName; ++ d2i_ESS_CERT_ID; ++ OBJ_find_sigid_algs; ++ EVP_PKEY_meth_set_keygen; ++ PKCS5_PBKDF2_HMAC; ++ EVP_PKEY_paramgen; ++ EVP_PKEY_meth_set_paramgen; ++ BIO_new_PKCS7; ++ EVP_PKEY_verify_recover; ++ TS_ext_print_bio; ++ TS_ASN1_INTEGER_print_bio; ++ check_defer; ++ DSO_pathbyaddr; ++ EVP_PKEY_set_type; ++ TS_ACCURACY_set_micros; ++ TS_REQ_to_TS_VERIFY_CTX; ++ EVP_PKEY_meth_set_copy; ++ ASN1_PCTX_set_cert_flags; ++ TS_TST_INFO_get_ext; ++ EVP_PKEY_asn1_set_ctrl; ++ TS_TST_INFO_get_ext_by_critical; ++ EVP_PKEY_CTX_new_id; ++ TS_REQ_get_ext_by_OBJ; ++ TS_CONF_set_signer_cert; ++ X509_NAME_hash_old; ++ ASN1_TIME_set_string; ++ EVP_MD_flags; ++ TS_RESP_CTX_free; ++ DSAparams_dup; ++ DHparams_dup; ++ OCSP_REQ_CTX_add1_header; ++ OCSP_REQ_CTX_set1_req; ++ X509_STORE_set_verify_cb; ++ X509_STORE_CTX_get0_current_crl; ++ X509_STORE_CTX_get0_parent_ctx; ++ X509_STORE_CTX_get0_current_issuer; ++ X509_STORE_CTX_get0_cur_issuer; ++ X509_issuer_name_hash_old; ++ X509_subject_name_hash_old; ++ EVP_CIPHER_CTX_copy; ++ UI_method_get_prompt_constructor; ++ UI_method_get_prompt_constructr; ++ UI_method_set_prompt_constructor; ++ UI_method_set_prompt_constructr; ++ EVP_read_pw_string_min; ++ CRYPTO_cts128_encrypt; ++ CRYPTO_cts128_decrypt_block; ++ CRYPTO_cfb128_1_encrypt; ++ CRYPTO_cbc128_encrypt; ++ CRYPTO_ctr128_encrypt; ++ CRYPTO_ofb128_encrypt; ++ CRYPTO_cts128_decrypt; ++ CRYPTO_cts128_encrypt_block; ++ CRYPTO_cbc128_decrypt; ++ CRYPTO_cfb128_encrypt; ++ CRYPTO_cfb128_8_encrypt; ++ ++ local: ++ *; ++}; ++ ++ ++OPENSSL_1.0.1 { ++ global: ++ SSL_renegotiate_abbreviated; ++ TLSv1_1_method; ++ TLSv1_1_client_method; ++ TLSv1_1_server_method; ++ SSL_CTX_set_srp_client_pwd_callback; ++ SSL_CTX_set_srp_client_pwd_cb; ++ SSL_get_srp_g; ++ SSL_CTX_set_srp_username_callback; ++ SSL_CTX_set_srp_un_cb; ++ SSL_get_srp_userinfo; ++ SSL_set_srp_server_param; ++ SSL_set_srp_server_param_pw; ++ SSL_get_srp_N; ++ SSL_get_srp_username; ++ SSL_CTX_set_srp_password; ++ SSL_CTX_set_srp_strength; ++ SSL_CTX_set_srp_verify_param_callback; ++ SSL_CTX_set_srp_vfy_param_cb; ++ SSL_CTX_set_srp_cb_arg; ++ SSL_CTX_set_srp_username; ++ SSL_CTX_SRP_CTX_init; ++ SSL_SRP_CTX_init; ++ SRP_Calc_A_param; ++ SRP_generate_server_master_secret; ++ SRP_gen_server_master_secret; ++ SSL_CTX_SRP_CTX_free; ++ SRP_generate_client_master_secret; ++ SRP_gen_client_master_secret; ++ SSL_srp_server_param_with_username; ++ SSL_srp_server_param_with_un; ++ SSL_SRP_CTX_free; ++ SSL_set_debug; ++ SSL_SESSION_get0_peer; ++ TLSv1_2_client_method; ++ SSL_SESSION_set1_id_context; ++ TLSv1_2_server_method; ++ SSL_cache_hit; ++ SSL_get0_kssl_ctx; ++ SSL_set0_kssl_ctx; ++ SSL_set_state; ++ SSL_CIPHER_get_id; ++ TLSv1_2_method; ++ kssl_ctx_get0_client_princ; ++ SSL_export_keying_material; ++ SSL_set_tlsext_use_srtp; ++ SSL_CTX_set_next_protos_advertised_cb; ++ SSL_CTX_set_next_protos_adv_cb; ++ SSL_get0_next_proto_negotiated; ++ SSL_get_selected_srtp_profile; ++ SSL_CTX_set_tlsext_use_srtp; ++ SSL_select_next_proto; ++ SSL_get_srtp_profiles; ++ SSL_CTX_set_next_proto_select_cb; ++ SSL_CTX_set_next_proto_sel_cb; ++ SSL_SESSION_get_compress_id; ++ ++ SRP_VBASE_get_by_user; ++ SRP_Calc_server_key; ++ SRP_create_verifier; ++ SRP_create_verifier_BN; ++ SRP_Calc_u; ++ SRP_VBASE_free; ++ SRP_Calc_client_key; ++ SRP_get_default_gN; ++ SRP_Calc_x; ++ SRP_Calc_B; ++ SRP_VBASE_new; ++ SRP_check_known_gN_param; ++ SRP_Calc_A; ++ SRP_Verify_A_mod_N; ++ SRP_VBASE_init; ++ SRP_Verify_B_mod_N; ++ EC_KEY_set_public_key_affine_coordinates; ++ EC_KEY_set_pub_key_aff_coords; ++ EVP_aes_192_ctr; ++ EVP_PKEY_meth_get0_info; ++ EVP_PKEY_meth_copy; ++ ERR_add_error_vdata; ++ EVP_aes_128_ctr; ++ EVP_aes_256_ctr; ++ EC_GFp_nistp224_method; ++ EC_KEY_get_flags; ++ RSA_padding_add_PKCS1_PSS_mgf1; ++ EVP_aes_128_xts; ++ EVP_aes_256_xts; ++ EVP_aes_128_gcm; ++ EC_KEY_clear_flags; ++ EC_KEY_set_flags; ++ EVP_aes_256_ccm; ++ RSA_verify_PKCS1_PSS_mgf1; ++ EVP_aes_128_ccm; ++ EVP_aes_192_gcm; ++ X509_ALGOR_set_md; ++ RAND_init_fips; ++ EVP_aes_256_gcm; ++ EVP_aes_192_ccm; ++ CMAC_CTX_copy; ++ CMAC_CTX_free; ++ CMAC_CTX_get0_cipher_ctx; ++ CMAC_CTX_cleanup; ++ CMAC_Init; ++ CMAC_Update; ++ CMAC_resume; ++ CMAC_CTX_new; ++ CMAC_Final; ++ CRYPTO_ctr128_encrypt_ctr32; ++ CRYPTO_gcm128_release; ++ CRYPTO_ccm128_decrypt_ccm64; ++ CRYPTO_ccm128_encrypt; ++ CRYPTO_gcm128_encrypt; ++ CRYPTO_xts128_encrypt; ++ EVP_rc4_hmac_md5; ++ CRYPTO_nistcts128_decrypt_block; ++ CRYPTO_gcm128_setiv; ++ CRYPTO_nistcts128_encrypt; ++ EVP_aes_128_cbc_hmac_sha1; ++ CRYPTO_gcm128_tag; ++ CRYPTO_ccm128_encrypt_ccm64; ++ ENGINE_load_rdrand; ++ CRYPTO_ccm128_setiv; ++ CRYPTO_nistcts128_encrypt_block; ++ CRYPTO_gcm128_aad; ++ CRYPTO_ccm128_init; ++ CRYPTO_nistcts128_decrypt; ++ CRYPTO_gcm128_new; ++ CRYPTO_ccm128_tag; ++ CRYPTO_ccm128_decrypt; ++ CRYPTO_ccm128_aad; ++ CRYPTO_gcm128_init; ++ CRYPTO_gcm128_decrypt; ++ ENGINE_load_rsax; ++ CRYPTO_gcm128_decrypt_ctr32; ++ CRYPTO_gcm128_encrypt_ctr32; ++ CRYPTO_gcm128_finish; ++ EVP_aes_256_cbc_hmac_sha1; ++ PKCS5_pbkdf2_set; ++ CMS_add0_recipient_password; ++ CMS_decrypt_set1_password; ++ CMS_RecipientInfo_set0_password; ++ RAND_set_fips_drbg_type; ++ X509_REQ_sign_ctx; ++ RSA_PSS_PARAMS_new; ++ X509_CRL_sign_ctx; ++ X509_signature_dump; ++ d2i_RSA_PSS_PARAMS; ++ RSA_PSS_PARAMS_it; ++ RSA_PSS_PARAMS_it; ++ RSA_PSS_PARAMS_free; ++ X509_sign_ctx; ++ i2d_RSA_PSS_PARAMS; ++ ASN1_item_sign_ctx; ++ EC_GFp_nistp521_method; ++ EC_GFp_nistp256_method; ++ OPENSSL_stderr; ++ OPENSSL_cpuid_setup; ++ OPENSSL_showfatal; ++ BIO_new_dgram_sctp; ++ BIO_dgram_sctp_msg_waiting; ++ BIO_dgram_sctp_wait_for_dry; ++ BIO_s_datagram_sctp; ++ BIO_dgram_is_sctp; ++ BIO_dgram_sctp_notification_cb; ++} OPENSSL_1.0.0; ++ ++OPENSSL_1.0.1d { ++ global: ++ CRYPTO_memcmp; ++} OPENSSL_1.0.1; ++ +Index: openssl-1.0.1d/engines/openssl.ld +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1d/engines/openssl.ld 2013-02-06 19:41:43.000000000 +0100 +@@ -0,0 +1,10 @@ ++OPENSSL_1.0.0 { ++ global: ++ bind_engine; ++ v_check; ++ OPENSSL_init; ++ OPENSSL_finish; ++ local: ++ *; ++}; ++ +Index: openssl-1.0.1d/engines/ccgost/openssl.ld +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1d/engines/ccgost/openssl.ld 2013-02-06 19:41:43.000000000 +0100 +@@ -0,0 +1,10 @@ ++OPENSSL_1.0.0 { ++ global: ++ bind_engine; ++ v_check; ++ OPENSSL_init; ++ OPENSSL_finish; ++ local: ++ *; ++}; ++ diff --git a/recipes-connectivity/openssl/openssl-qoriq/engines-install-in-libdir-ssl.patch b/recipes-connectivity/openssl/openssl-qoriq/engines-install-in-libdir-ssl.patch new file mode 100644 index 0000000..d8a6f1a --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/engines-install-in-libdir-ssl.patch @@ -0,0 +1,56 @@ +Upstream-Status: Inappropriate [configuration] + + +Index: openssl-1.0.0/engines/Makefile +=================================================================== +--- openssl-1.0.0.orig/engines/Makefile ++++ openssl-1.0.0/engines/Makefile +@@ -107,7 +107,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @if [ -n "$(SHARED_LIBS)" ]; then \ + set -e; \ +- $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \ ++ $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines; \ + for l in $(LIBNAMES); do \ + ( echo installing $$l; \ + pfx=lib; \ +@@ -119,13 +119,13 @@ + *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ + *) sfx=".bad";; \ + esac; \ +- cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ ++ cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \ + else \ + sfx=".so"; \ +- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ ++ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \ + fi; \ +- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ +- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ ++ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \ ++ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx ); \ + done; \ + fi + @target=install; $(RECURSIVE_MAKE) +Index: openssl-1.0.0/engines/ccgost/Makefile +=================================================================== +--- openssl-1.0.0.orig/engines/ccgost/Makefile ++++ openssl-1.0.0/engines/ccgost/Makefile +@@ -53,13 +53,13 @@ + *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ + *) sfx=".bad";; \ + esac; \ +- cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ ++ cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \ + else \ + sfx=".so"; \ +- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ ++ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \ + fi; \ +- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ +- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \ ++ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \ ++ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx; \ + fi + + links: diff --git a/recipes-connectivity/openssl/openssl-qoriq/find.pl b/recipes-connectivity/openssl/openssl-qoriq/find.pl new file mode 100644 index 0000000..8e1b42c --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/find.pl @@ -0,0 +1,54 @@ +warn "Legacy library @{[(caller(0))[6]]} will be removed from the Perl core distribution in the next major release. Please install it from the CPAN distribution Perl4::CoreLibs. It is being used at @{[(caller)[1]]}, line @{[(caller)[2]]}.\n"; + +# This library is deprecated and unmaintained. It is included for +# compatibility with Perl 4 scripts which may use it, but it will be +# removed in a future version of Perl. Please use the File::Find module +# instead. + +# Usage: +# require "find.pl"; +# +# &find('/foo','/bar'); +# +# sub wanted { ... } +# where wanted does whatever you want. $dir contains the +# current directory name, and $_ the current filename within +# that directory. $name contains "$dir/$_". You are cd'ed +# to $dir when the function is called. The function may +# set $prune to prune the tree. +# +# For example, +# +# find / -name .nfs\* -mtime +7 -exec rm -f {} \; -o -fstype nfs -prune +# +# corresponds to this +# +# sub wanted { +# /^\.nfs.*$/ && +# (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_)) && +# int(-M _) > 7 && +# unlink($_) +# || +# ($nlink || (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_))) && +# $dev < 0 && +# ($prune = 1); +# } +# +# Set the variable $dont_use_nlink if you're using AFS, since AFS cheats. + +use File::Find (); + +*name = *File::Find::name; +*prune = *File::Find::prune; +*dir = *File::Find::dir; +*topdir = *File::Find::topdir; +*topdev = *File::Find::topdev; +*topino = *File::Find::topino; +*topmode = *File::Find::topmode; +*topnlink = *File::Find::topnlink; + +sub find { + &File::Find::find(\&wanted, @_); +} + +1; diff --git a/recipes-connectivity/openssl/openssl-qoriq/fix-cipher-des-ede3-cfb1.patch b/recipes-connectivity/openssl/openssl-qoriq/fix-cipher-des-ede3-cfb1.patch new file mode 100644 index 0000000..f0e1778 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/fix-cipher-des-ede3-cfb1.patch @@ -0,0 +1,22 @@ +Upstream-Status: Submitted + +This patch adds the fix for one of the ciphers used in openssl, namely +the cipher des-ede3-cfb1. Complete bug log and patch is present here: +http://rt.openssl.org/Ticket/Display.html?id=2867 + +Signed-Off-By: Muhammad Shakeel + +diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c +index 3232cfe..df84922 100644 +=================================================================== +--- a/crypto/evp/e_des3.c ++++ b/crypto/evp/e_des3.c +@@ -173,7 +173,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + size_t n; + unsigned char c[1],d[1]; + +- for(n=0 ; n < inl ; ++n) ++ for(n=0 ; n < inl*8 ; ++n) + { + c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; + DES_ede3_cfb_encrypt(c,d,1,1, diff --git a/recipes-connectivity/openssl/openssl-qoriq/initial-aarch64-bits.patch b/recipes-connectivity/openssl/openssl-qoriq/initial-aarch64-bits.patch new file mode 100644 index 0000000..2185ff8 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/initial-aarch64-bits.patch @@ -0,0 +1,119 @@ +From: Andy Polyakov +Date: Sun, 13 Oct 2013 17:15:15 +0000 (+0200) +Subject: Initial aarch64 bits. +X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=039081b80977e2a5de84e1f88f8b4d025b559956 + +Initial aarch64 bits. +--- + crypto/bn/bn_lcl.h | 9 +++++++++ + crypto/md32_common.h | 18 ++++++++++++++++++ + crypto/modes/modes_lcl.h | 8 ++++++++ + crypto/sha/sha512.c | 13 +++++++++++++ + 4 files changed, 48 insertions(+) + +Index: openssl-1.0.1f/crypto/bn/bn_lcl.h +=================================================================== +--- openssl-1.0.1f.orig/crypto/bn/bn_lcl.h 2014-01-06 15:47:42.000000000 +0200 ++++ openssl-1.0.1f/crypto/bn/bn_lcl.h 2014-02-28 10:37:55.495979037 +0200 +@@ -300,6 +300,15 @@ + : "r"(a), "r"(b)); + # endif + # endif ++# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG) ++# if defined(__GNUC__) && __GNUC__>=2 ++# define BN_UMULT_HIGH(a,b) ({ \ ++ register BN_ULONG ret; \ ++ asm ("umulh %0,%1,%2" \ ++ : "=r"(ret) \ ++ : "r"(a), "r"(b)); \ ++ ret; }) ++# endif + # endif /* cpu */ + #endif /* OPENSSL_NO_ASM */ + +Index: openssl-1.0.1f/crypto/md32_common.h +=================================================================== +--- openssl-1.0.1f.orig/crypto/md32_common.h 2014-01-06 15:47:42.000000000 +0200 ++++ openssl-1.0.1f/crypto/md32_common.h 2014-02-28 10:39:21.751979107 +0200 +@@ -213,6 +213,24 @@ + asm ("bswapl %0":"=r"(r):"0"(r)); \ + *((unsigned int *)(c))=r; (c)+=4; r; }) + # endif ++# elif defined(__aarch64__) ++# if defined(__BYTE_ORDER__) ++# if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ ++# define HOST_c2l(c,l) ({ unsigned int r; \ ++ asm ("rev %w0,%w1" \ ++ :"=r"(r) \ ++ :"r"(*((const unsigned int *)(c))));\ ++ (c)+=4; (l)=r; }) ++# define HOST_l2c(l,c) ({ unsigned int r; \ ++ asm ("rev %w0,%w1" \ ++ :"=r"(r) \ ++ :"r"((unsigned int)(l)));\ ++ *((unsigned int *)(c))=r; (c)+=4; r; }) ++# elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__ ++# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l)) ++# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l)) ++# endif ++# endif + # endif + # endif + #endif +Index: openssl-1.0.1f/crypto/modes/modes_lcl.h +=================================================================== +--- openssl-1.0.1f.orig/crypto/modes/modes_lcl.h 2014-02-28 10:47:48.731979011 +0200 ++++ openssl-1.0.1f/crypto/modes/modes_lcl.h 2014-02-28 10:48:49.707978919 +0200 +@@ -29,6 +29,7 @@ + #if defined(__i386) || defined(__i386__) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ ++ defined(__aarch64__) || \ + defined(__s390__) || defined(__s390x__) + # undef STRICT_ALIGNMENT + #endif +@@ -50,6 +51,13 @@ + # define BSWAP4(x) ({ u32 ret=(x); \ + asm ("bswapl %0" \ + : "+r"(ret)); ret; }) ++# elif defined(__aarch64__) ++# define BSWAP8(x) ({ u64 ret; \ ++ asm ("rev %0,%1" \ ++ : "=r"(ret) : "r"(x)); ret; }) ++# define BSWAP4(x) ({ u32 ret; \ ++ asm ("rev %w0,%w1" \ ++ : "=r"(ret) : "r"(x)); ret; }) + # elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT) + # define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \ + asm ("rev %0,%0; rev %1,%1" \ +Index: openssl-1.0.1f/crypto/sha/sha512.c +=================================================================== +--- openssl-1.0.1f.orig/crypto/sha/sha512.c 2014-01-06 15:47:42.000000000 +0200 ++++ openssl-1.0.1f/crypto/sha/sha512.c 2014-02-28 10:52:14.579978981 +0200 +@@ -55,6 +55,7 @@ + #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ + defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \ + defined(__s390__) || defined(__s390x__) || \ ++ defined(__aarch64__) || \ + defined(SHA512_ASM) + #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA + #endif +@@ -347,6 +348,18 @@ + asm ("rotrdi %0,%1,%2" \ + : "=r"(ret) \ + : "r"(a),"K"(n)); ret; }) ++# elif defined(__aarch64__) ++# define ROTR(a,n) ({ SHA_LONG64 ret; \ ++ asm ("ror %0,%1,%2" \ ++ : "=r"(ret) \ ++ : "r"(a),"I"(n)); ret; }) ++# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ ++ __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ ++# define PULL64(x) ({ SHA_LONG64 ret; \ ++ asm ("rev %0,%1" \ ++ : "=r"(ret) \ ++ : "r"(*((const SHA_LONG64 *)(&(x))))); ret; }) ++# endif + # endif + # elif defined(_MSC_VER) + # if defined(_WIN64) /* applies to both IA-64 and AMD64 */ diff --git a/recipes-connectivity/openssl/openssl-qoriq/oe-ldflags.patch b/recipes-connectivity/openssl/openssl-qoriq/oe-ldflags.patch new file mode 100644 index 0000000..292e13d --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/oe-ldflags.patch @@ -0,0 +1,24 @@ +Upstream-Status: Inappropriate [open-embedded] + +Index: openssl-1.0.0/Makefile.shared +=================================================================== +--- openssl-1.0.0.orig/Makefile.shared ++++ openssl-1.0.0/Makefile.shared +@@ -92,7 +92,7 @@ + LINK_APP= \ + ( $(SET_X); \ + LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \ +- LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \ ++ LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$(OE_LDFLAGS) $${LDFLAGS:-$(CFLAGS)}"; \ + LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ + LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ + LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ +@@ -102,7 +102,7 @@ + ( $(SET_X); \ + LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \ + SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \ +- SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ ++ SHAREDFLAGS="$(OE_LDFLAGS) $${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ + LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ + LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ + LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch new file mode 100644 index 0000000..c161e62 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch @@ -0,0 +1,21 @@ +openssl: avoid NULL pointer dereference in EVP_DigestInit_ex() + +We should avoid accessing the type pointer if it's NULL, +this could happen if ctx->digest is not NULL. + +Upstream-Status: Submitted +http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html + +Signed-off-by: Xufeng Zhang +--- +--- a/crypto/evp/digest.c ++++ b/crypto/evp/digest.c +@@ -199,7 +199,7 @@ + return 0; + } + #endif +- if (ctx->digest != type) ++ if (type && (ctx->digest != type)) + { + if (ctx->digest && ctx->digest->ctx_size) + OPENSSL_free(ctx->md_data); diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch b/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch new file mode 100644 index 0000000..3e93fe4 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch @@ -0,0 +1,39 @@ +openssl: avoid NULL pointer dereference in dh_pub_encode()/dsa_pub_encode() + +We should avoid accessing the pointer if ASN1_STRING_new() +allocates memory failed. + +Upstream-Status: Submitted +http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html + +Signed-off-by: Xufeng Zhang +--- +--- a/crypto/dh/dh_ameth.c ++++ b/crypto/dh/dh_ameth.c +@@ -139,6 +139,12 @@ + dh=pkey->pkey.dh; + + str = ASN1_STRING_new(); ++ if (!str) ++ { ++ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ + str->length = i2d_DHparams(dh, &str->data); + if (str->length <= 0) + { +--- a/crypto/dsa/dsa_ameth.c ++++ b/crypto/dsa/dsa_ameth.c +@@ -148,6 +148,11 @@ + { + ASN1_STRING *str; + str = ASN1_STRING_new(); ++ if (!str) ++ { ++ DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } + str->length = i2d_DSAparams(dsa, &str->data); + if (str->length <= 0) + { diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl-fix-des.pod-error.patch b/recipes-connectivity/openssl/openssl-qoriq/openssl-fix-des.pod-error.patch new file mode 100644 index 0000000..de49729 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/openssl-fix-des.pod-error.patch @@ -0,0 +1,19 @@ +openssl: Fix pod2man des.pod error on Ubuntu 12.04 + +This is a formatting fix, '=back' is required before +'=head1' on Ubuntu 12.04. + +Upstream-Status: Pending +Signed-off-by: Baogen Shang +diff -urpN a_origin/des.pod b_modify/des.pod +--- a_origin/crypto/des/des.pod 2013-08-15 15:02:56.211674589 +0800 ++++ b_modify/crypto/des/des.pod 2013-08-15 15:04:14.439674580 +0800 +@@ -181,6 +181,8 @@ the uuencoded file to embed in the begin + output. If there is no name specified after the B<-u>, the name text.des + will be embedded in the header. + ++=back ++ + =head1 SEE ALSO + + ps(1), diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl-fix-link.patch b/recipes-connectivity/openssl/openssl-qoriq/openssl-fix-link.patch new file mode 100644 index 0000000..154106c --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/openssl-fix-link.patch @@ -0,0 +1,35 @@ +From aabfb6f78af8e337d3239142117ba303fce55e7e Mon Sep 17 00:00:00 2001 +From: Dmitry Eremin-Solenikov +Date: Thu, 22 Sep 2011 08:55:26 +0200 +Subject: [PATCH] fix the parallel build regarding shared libraries. + +Upstream-Status: Pending +--- + .../openssl-1.0.0e/Makefile.org | 8 ++++---- + 1 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/Makefile.org +index 3c7aea1..6326cd6 100644 +--- a/Makefile.org ++++ b/Makefile.org +@@ -243,13 +243,13 @@ build_libs: build_crypto build_ssl build_engines + + build_crypto: + @dir=crypto; target=all; $(BUILD_ONE_CMD) +-build_ssl: ++build_ssl: build_crypto + @dir=ssl; target=all; $(BUILD_ONE_CMD) +-build_engines: ++build_engines: build_crypto + @dir=engines; target=all; $(BUILD_ONE_CMD) +-build_apps: ++build_apps: build_crypto build_ssl + @dir=apps; target=all; $(BUILD_ONE_CMD) +-build_tests: ++build_tests: build_crypto build_ssl + @dir=test; target=all; $(BUILD_ONE_CMD) + build_tools: + @dir=tools; target=all; $(BUILD_ONE_CMD) +-- +1.6.6.1 + diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl_fix_for_x32.patch b/recipes-connectivity/openssl/openssl-qoriq/openssl_fix_for_x32.patch new file mode 100644 index 0000000..93ce034 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/openssl_fix_for_x32.patch @@ -0,0 +1,90 @@ +Upstream-Status: Pending + +Received from H J Liu @ Intel +Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors. +Signed-Off-By: Nitin A Kamble 2011/07/13 + +ported the patch to the 1.0.0e version +Signed-Off-By: Nitin A Kamble 2011/12/01 +Index: openssl-1.0.1e/Configure +=================================================================== +--- openssl-1.0.1e.orig/Configure ++++ openssl-1.0.1e/Configure +@@ -402,6 +402,7 @@ my %table=( + "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", ++"linux-x32", "gcc:-mx32 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", + "linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", + #### So called "highgprs" target for z/Architecture CPUs + # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see +Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c +=================================================================== +--- openssl-1.0.1e.orig/crypto/bn/asm/x86_64-gcc.c ++++ openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c +@@ -55,7 +55,7 @@ + * machine. + */ + +-#ifdef _WIN64 ++#if defined _WIN64 || !defined __LP64__ + #define BN_ULONG unsigned long long + #else + #define BN_ULONG unsigned long +@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con + asm ( + " subq %2,%2 \n" + ".p2align 4 \n" +- "1: movq (%4,%2,8),%0 \n" +- " adcq (%5,%2,8),%0 \n" +- " movq %0,(%3,%2,8) \n" ++ "1: movq (%q4,%2,8),%0 \n" ++ " adcq (%q5,%2,8),%0 \n" ++ " movq %0,(%q3,%2,8) \n" + " leaq 1(%2),%2 \n" + " loop 1b \n" + " sbbq %0,%0 \n" +@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con + asm ( + " subq %2,%2 \n" + ".p2align 4 \n" +- "1: movq (%4,%2,8),%0 \n" +- " sbbq (%5,%2,8),%0 \n" +- " movq %0,(%3,%2,8) \n" ++ "1: movq (%q4,%2,8),%0 \n" ++ " sbbq (%q5,%2,8),%0 \n" ++ " movq %0,(%q3,%2,8) \n" + " leaq 1(%2),%2 \n" + " loop 1b \n" + " sbbq %0,%0 \n" +Index: openssl-1.0.1e/crypto/bn/bn.h +=================================================================== +--- openssl-1.0.1e.orig/crypto/bn/bn.h ++++ openssl-1.0.1e/crypto/bn/bn.h +@@ -172,6 +172,13 @@ extern "C" { + # endif + #endif + ++/* Address type. */ ++#ifdef _WIN64 ++#define BN_ADDR unsigned long long ++#else ++#define BN_ADDR unsigned long ++#endif ++ + /* assuming long is 64bit - this is the DEC Alpha + * unsigned long long is only 64 bits :-(, don't define + * BN_LLONG for the DEC Alpha */ +Index: openssl-1.0.1e/crypto/bn/bn_exp.c +=================================================================== +--- openssl-1.0.1e.orig/crypto/bn/bn_exp.c ++++ openssl-1.0.1e/crypto/bn/bn_exp.c +@@ -567,7 +567,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU + + /* Given a pointer value, compute the next address that is a cache line multiple. */ + #define MOD_EXP_CTIME_ALIGN(x_) \ +- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) ++ ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) + + /* This variant of BN_mod_exp_mont() uses fixed windows and the special + * precomputation memory layout to limit data-dependency to a minimum diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch new file mode 100644 index 0000000..e7b874f --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch @@ -0,0 +1,83 @@ +From 9297e3834518ff0558d6e7004a62adfd107e659a Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Tue, 10 Sep 2013 12:46:46 +0300 +Subject: [PATCH 01/26] remove double initialization of cryptodev engine + +cryptodev engine is initialized together with the other engines in +ENGINE_load_builtin_engines. The initialization done through +OpenSSL_add_all_algorithms is redundant. + +Change-Id: Ic9488500967595543ff846f147b36f383db7cb27 +Signed-off-by: Cristian Stoica +Reviewed-on: http://git.am.freescale.net:8181/17222 +--- + crypto/engine/eng_all.c | 11 ----------- + crypto/engine/engine.h | 4 ---- + crypto/evp/c_all.c | 5 ----- + util/libeay.num | 2 +- + 4 files changed, 1 insertion(+), 21 deletions(-) + +diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c +index 6093376..f16c043 100644 +--- a/crypto/engine/eng_all.c ++++ b/crypto/engine/eng_all.c +@@ -122,14 +122,3 @@ void ENGINE_load_builtin_engines(void) + #endif + ENGINE_register_all_complete(); + } +- +-#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) +-void ENGINE_setup_bsd_cryptodev(void) { +- static int bsd_cryptodev_default_loaded = 0; +- if (!bsd_cryptodev_default_loaded) { +- ENGINE_load_cryptodev(); +- ENGINE_register_all_complete(); +- } +- bsd_cryptodev_default_loaded=1; +-} +-#endif +diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h +index f8be497..237a6c9 100644 +--- a/crypto/engine/engine.h ++++ b/crypto/engine/engine.h +@@ -740,10 +740,6 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, + * values. */ + void *ENGINE_get_static_state(void); + +-#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) +-void ENGINE_setup_bsd_cryptodev(void); +-#endif +- + /* BEGIN ERROR CODES */ + /* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. +diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c +index 766c4ce..5d6c21b 100644 +--- a/crypto/evp/c_all.c ++++ b/crypto/evp/c_all.c +@@ -82,9 +82,4 @@ void OPENSSL_add_all_algorithms_noconf(void) + OPENSSL_cpuid_setup(); + OpenSSL_add_all_ciphers(); + OpenSSL_add_all_digests(); +-#ifndef OPENSSL_NO_ENGINE +-# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) +- ENGINE_setup_bsd_cryptodev(); +-# endif +-#endif + } +diff --git a/util/libeay.num b/util/libeay.num +index aa86b2b..ae50040 100755 +--- a/util/libeay.num ++++ b/util/libeay.num +@@ -2801,7 +2801,7 @@ BIO_indent 3242 EXIST::FUNCTION: + BUF_strlcpy 3243 EXIST::FUNCTION: + OpenSSLDie 3244 EXIST::FUNCTION: + OPENSSL_cleanse 3245 EXIST::FUNCTION: +-ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE ++ENGINE_setup_bsd_cryptodev 3246 NOEXIST::FUNCTION: + ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH + EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES + FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION: +-- +2.3.5 + diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch new file mode 100644 index 0000000..ab2b7ea --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch @@ -0,0 +1,317 @@ +From dfd6ba263dc25ea2a4bbc32448b24ca2b1fc40e8 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Thu, 29 Aug 2013 16:51:18 +0300 +Subject: [PATCH 02/26] eng_cryptodev: add support for TLS algorithms offload + +- aes-128-cbc-hmac-sha1 +- aes-256-cbc-hmac-sha1 + +Requires TLS patches on cryptodev and TLS algorithm support in Linux +kernel driver. + +Change-Id: I43048caa348414daddd6c1a5cdc55e769ac1945f +Signed-off-by: Cristian Stoica +Reviewed-on: http://git.am.freescale.net:8181/17223 +--- + crypto/engine/eng_cryptodev.c | 222 +++++++++++++++++++++++++++++++++++++++--- + 1 file changed, 211 insertions(+), 11 deletions(-) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index 5a715ac..7588a28 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -72,6 +72,9 @@ ENGINE_load_cryptodev(void) + struct dev_crypto_state { + struct session_op d_sess; + int d_fd; ++ unsigned char *aad; ++ unsigned int aad_len; ++ unsigned int len; + + #ifdef USE_CRYPTODEV_DIGESTS + char dummy_mac_key[HASH_MAX_LEN]; +@@ -140,17 +143,20 @@ static struct { + int nid; + int ivmax; + int keylen; ++ int mackeylen; + } ciphers[] = { +- { CRYPTO_ARC4, NID_rc4, 0, 16, }, +- { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, +- { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, +- { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, +- { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, +- { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, +- { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, +- { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, +- { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, +- { 0, NID_undef, 0, 0, }, ++ { CRYPTO_ARC4, NID_rc4, 0, 16, 0}, ++ { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, 0}, ++ { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, 0}, ++ { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, 0}, ++ { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, 0}, ++ { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, 0}, ++ { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, 0}, ++ { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0}, ++ { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0}, ++ { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20}, ++ { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20}, ++ { 0, NID_undef, 0, 0, 0}, + }; + + #ifdef USE_CRYPTODEV_DIGESTS +@@ -250,13 +256,15 @@ get_cryptodev_ciphers(const int **cnids) + } + memset(&sess, 0, sizeof(sess)); + sess.key = (caddr_t)"123456789abcdefghijklmno"; ++ sess.mackey = (caddr_t)"123456789ABCDEFGHIJKLMNO"; + + for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { + if (ciphers[i].nid == NID_undef) + continue; + sess.cipher = ciphers[i].id; + sess.keylen = ciphers[i].keylen; +- sess.mac = 0; ++ sess.mackeylen = ciphers[i].mackeylen; ++ + if (ioctl(fd, CIOCGSESSION, &sess) != -1 && + ioctl(fd, CIOCFSESSION, &sess.ses) != -1) + nids[count++] = ciphers[i].nid; +@@ -414,6 +422,67 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + return (1); + } + ++ ++static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ struct crypt_auth_op cryp; ++ struct dev_crypto_state *state = ctx->cipher_data; ++ struct session_op *sess = &state->d_sess; ++ const void *iiv; ++ unsigned char save_iv[EVP_MAX_IV_LENGTH]; ++ ++ if (state->d_fd < 0) ++ return (0); ++ if (!len) ++ return (1); ++ if ((len % ctx->cipher->block_size) != 0) ++ return (0); ++ ++ memset(&cryp, 0, sizeof(cryp)); ++ ++ /* TODO: make a seamless integration with cryptodev flags */ ++ switch (ctx->cipher->nid) { ++ case NID_aes_128_cbc_hmac_sha1: ++ case NID_aes_256_cbc_hmac_sha1: ++ cryp.flags = COP_FLAG_AEAD_TLS_TYPE; ++ } ++ cryp.ses = sess->ses; ++ cryp.len = state->len; ++ cryp.src = (caddr_t) in; ++ cryp.dst = (caddr_t) out; ++ cryp.auth_src = state->aad; ++ cryp.auth_len = state->aad_len; ++ ++ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; ++ ++ if (ctx->cipher->iv_len) { ++ cryp.iv = (caddr_t) ctx->iv; ++ if (!ctx->encrypt) { ++ iiv = in + len - ctx->cipher->iv_len; ++ memcpy(save_iv, iiv, ctx->cipher->iv_len); ++ } ++ } else ++ cryp.iv = NULL; ++ ++ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) { ++ /* XXX need better errror handling ++ * this can fail for a number of different reasons. ++ */ ++ return (0); ++ } ++ ++ if (ctx->cipher->iv_len) { ++ if (ctx->encrypt) ++ iiv = out + len - ctx->cipher->iv_len; ++ else ++ iiv = save_iv; ++ memcpy(ctx->iv, iiv, ctx->cipher->iv_len); ++ } ++ return (1); ++} ++ ++ + static int + cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +@@ -452,6 +521,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + return (1); + } + ++/* Save the encryption key provided by upper layers. ++ * ++ * This function is called by EVP_CipherInit_ex to initialize the algorithm's ++ * extra data. We can't do much here because the mac key is not available. ++ * The next call should/will be to cryptodev_cbc_hmac_sha1_ctrl with parameter ++ * EVP_CTRL_AEAD_SET_MAC_KEY, to set the hmac key. There we call CIOCGSESSION ++ * with both the crypto and hmac keys. ++ */ ++static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx, ++ const unsigned char *key, const unsigned char *iv, int enc) ++{ ++ struct dev_crypto_state *state = ctx->cipher_data; ++ struct session_op *sess = &state->d_sess; ++ int cipher = -1, i; ++ ++ for (i = 0; ciphers[i].id; i++) ++ if (ctx->cipher->nid == ciphers[i].nid && ++ ctx->cipher->iv_len <= ciphers[i].ivmax && ++ ctx->key_len == ciphers[i].keylen) { ++ cipher = ciphers[i].id; ++ break; ++ } ++ ++ if (!ciphers[i].id) { ++ state->d_fd = -1; ++ return (0); ++ } ++ ++ memset(sess, 0, sizeof(struct session_op)); ++ ++ sess->key = (caddr_t)key; ++ sess->keylen = ctx->key_len; ++ sess->cipher = cipher; ++ ++ /* for whatever reason, (1) means success */ ++ return (1); ++} ++ ++ + /* + * free anything we allocated earlier when initting a + * session, and close the session. +@@ -488,6 +596,63 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx) + return (ret); + } + ++static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, ++ void *ptr) ++{ ++ switch (type) { ++ case EVP_CTRL_AEAD_SET_MAC_KEY: ++ { ++ /* TODO: what happens with hmac keys larger than 64 bytes? */ ++ struct dev_crypto_state *state = ctx->cipher_data; ++ struct session_op *sess = &state->d_sess; ++ ++ if ((state->d_fd = get_dev_crypto()) < 0) ++ return (0); ++ ++ /* the rest should have been set in cryptodev_init_aead_key */ ++ sess->mackey = ptr; ++ sess->mackeylen = arg; ++ ++ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { ++ put_dev_crypto(state->d_fd); ++ state->d_fd = -1; ++ return (0); ++ } ++ return (1); ++ } ++ case EVP_CTRL_AEAD_TLS1_AAD: ++ { ++ /* ptr points to the associated data buffer of 13 bytes */ ++ struct dev_crypto_state *state = ctx->cipher_data; ++ unsigned char *p = ptr; ++ unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1]; ++ unsigned int maclen, padlen; ++ unsigned int bs = ctx->cipher->block_size; ++ ++ state->aad = ptr; ++ state->aad_len = arg; ++ state->len = cryptlen; ++ ++ /* TODO: this should be an extension of EVP_CIPHER struct */ ++ switch (ctx->cipher->nid) { ++ case NID_aes_128_cbc_hmac_sha1: ++ case NID_aes_256_cbc_hmac_sha1: ++ maclen = SHA_DIGEST_LENGTH; ++ } ++ ++ /* space required for encryption (not only TLS padding) */ ++ padlen = maclen; ++ if (ctx->encrypt) { ++ cryptlen += maclen; ++ padlen += bs - (cryptlen % bs); ++ } ++ return padlen; ++ } ++ default: ++ return -1; ++ } ++} ++ + /* + * libcrypto EVP stuff - this is how we get wired to EVP so the engine + * gets called when libcrypto requests a cipher NID. +@@ -600,6 +765,33 @@ const EVP_CIPHER cryptodev_aes_256_cbc = { + NULL + }; + ++const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = { ++ NID_aes_128_cbc_hmac_sha1, ++ 16, 16, 16, ++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, ++ cryptodev_init_aead_key, ++ cryptodev_aead_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ cryptodev_cbc_hmac_sha1_ctrl, ++ NULL ++}; ++ ++const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = { ++ NID_aes_256_cbc_hmac_sha1, ++ 16, 32, 16, ++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, ++ cryptodev_init_aead_key, ++ cryptodev_aead_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ cryptodev_cbc_hmac_sha1_ctrl, ++ NULL ++}; + /* + * Registered by the ENGINE when used to find out how to deal with + * a particular NID in the ENGINE. this says what we'll do at the +@@ -637,6 +829,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, + case NID_aes_256_cbc: + *cipher = &cryptodev_aes_256_cbc; + break; ++ case NID_aes_128_cbc_hmac_sha1: ++ *cipher = &cryptodev_aes_128_cbc_hmac_sha1; ++ break; ++ case NID_aes_256_cbc_hmac_sha1: ++ *cipher = &cryptodev_aes_256_cbc_hmac_sha1; ++ break; + default: + *cipher = NULL; + break; +@@ -1384,6 +1582,8 @@ ENGINE_load_cryptodev(void) + } + put_dev_crypto(fd); + ++ EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); ++ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); + if (!ENGINE_set_id(engine, "cryptodev") || + !ENGINE_set_name(engine, "BSD cryptodev engine") || + !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || +-- +2.3.5 + diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch new file mode 100644 index 0000000..f0d97e9 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch @@ -0,0 +1,64 @@ +From 084fa469a8fef530d71a0870364df1c7997f6465 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Thu, 31 Jul 2014 14:06:19 +0300 +Subject: [PATCH 03/26] cryptodev: fix algorithm registration + +Cryptodev specific algorithms must register only if available in kernel. + +Change-Id: Iec5af8f4f3138357e4b96f2ec1627278134e4808 +Signed-off-by: Cristian Stoica +Reviewed-on: http://git.am.freescale.net:8181/15326 +Reviewed-by: Horia Ioan Geanta Neag +Reviewed-on: http://git.am.freescale.net:8181/17224 +--- + crypto/engine/eng_cryptodev.c | 20 +++++++++++++++++--- + 1 file changed, 17 insertions(+), 3 deletions(-) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index 7588a28..e3eb98b 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -133,6 +133,8 @@ static int cryptodev_dh_compute_key(unsigned char *key, + static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, + void (*f)(void)); + void ENGINE_load_cryptodev(void); ++const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; ++const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; + + static const ENGINE_CMD_DEFN cryptodev_defns[] = { + { 0, NULL, NULL, 0 } +@@ -342,7 +344,21 @@ get_cryptodev_digests(const int **cnids) + static int + cryptodev_usable_ciphers(const int **nids) + { +- return (get_cryptodev_ciphers(nids)); ++ int i, count; ++ ++ count = get_cryptodev_ciphers(nids); ++ /* add ciphers specific to cryptodev if found in kernel */ ++ for(i = 0; i < count; i++) { ++ switch (*(*nids + i)) { ++ case NID_aes_128_cbc_hmac_sha1: ++ EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); ++ break; ++ case NID_aes_256_cbc_hmac_sha1: ++ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); ++ break; ++ } ++ } ++ return count; + } + + static int +@@ -1582,8 +1598,6 @@ ENGINE_load_cryptodev(void) + } + put_dev_crypto(fd); + +- EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); +- EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); + if (!ENGINE_set_id(engine, "cryptodev") || + !ENGINE_set_name(engine, "BSD cryptodev engine") || + !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || +-- +2.3.5 + diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch new file mode 100644 index 0000000..2d722d8 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch @@ -0,0 +1,74 @@ +From 7d770f0324498d1fa78300cc5cecc8c1dcd3b788 Mon Sep 17 00:00:00 2001 +From: Andy Polyakov +Date: Sun, 21 Oct 2012 18:19:41 +0000 +Subject: [PATCH 04/26] linux-pcc: make it more robust and recognize + KERNEL_BITS variable. + +(cherry picked from commit 78c3e20579d3baa159c8b51b59d415b6e521614b) + +Change-Id: I769c466f052305681ab54a1b6545d94c7fbf5a9d +Signed-off-by: Cristian Stoica +--- + config | 19 +++++++++++++------ + crypto/ppccap.c | 7 +++++++ + 2 files changed, 20 insertions(+), 6 deletions(-) + +diff --git a/config b/config +index 41fa2a6..f37b9e6 100755 +--- a/config ++++ b/config +@@ -587,13 +587,20 @@ case "$GUESSOS" in + fi + ;; + ppc64-*-linux2) +- echo "WARNING! If you wish to build 64-bit library, then you have to" +- echo " invoke './Configure linux-ppc64' *manually*." +- if [ "$TEST" = "false" -a -t 1 ]; then +- echo " You have about 5 seconds to press Ctrl-C to abort." +- (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1 ++ if [ -z "$KERNEL_BITS" ]; then ++ echo "WARNING! If you wish to build 64-bit library, then you have to" ++ echo " invoke './Configure linux-ppc64' *manually*." ++ if [ "$TEST" = "false" -a -t 1 ]; then ++ echo " You have about 5 seconds to press Ctrl-C to abort." ++ (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1 ++ fi ++ fi ++ if [ "$KERNEL_BITS" = "64" ]; then ++ OUT="linux-ppc64" ++ else ++ OUT="linux-ppc" ++ (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || options="$options -m32" + fi +- OUT="linux-ppc" + ;; + ppc-*-linux2) OUT="linux-ppc" ;; + ppc60x-*-vxworks*) OUT="vxworks-ppc60x" ;; +diff --git a/crypto/ppccap.c b/crypto/ppccap.c +index f71ba66..531f1b3 100644 +--- a/crypto/ppccap.c ++++ b/crypto/ppccap.c +@@ -4,6 +4,9 @@ + #include + #include + #include ++#ifdef __linux ++#include ++#endif + #include + #include + +@@ -102,6 +105,10 @@ void OPENSSL_cpuid_setup(void) + + if (sizeof(size_t)==4) + { ++#ifdef __linux ++ struct utsname uts; ++ if (uname(&uts)==0 && strcmp(uts.machine,"ppc64")==0) ++#endif + if (sigsetjmp(ill_jmp,1) == 0) + { + OPENSSL_ppc64_probe(); +-- +2.3.5 + diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-ECC-Support-header-for-Cryptodev-Engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-ECC-Support-header-for-Cryptodev-Engine.patch new file mode 100644 index 0000000..c9ff5aa --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-ECC-Support-header-for-Cryptodev-Engine.patch @@ -0,0 +1,318 @@ +From 15abbcd740eafbf2a46b5da24be76acf4982743d Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta +Date: Tue, 11 Mar 2014 05:56:54 +0545 +Subject: [PATCH 05/26] ECC Support header for Cryptodev Engine + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta +--- + crypto/engine/eng_cryptodev_ec.h | 296 +++++++++++++++++++++++++++++++++++++++ + 1 file changed, 296 insertions(+) + create mode 100644 crypto/engine/eng_cryptodev_ec.h + +diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h +new file mode 100644 +index 0000000..77aee71 +--- /dev/null ++++ b/crypto/engine/eng_cryptodev_ec.h +@@ -0,0 +1,296 @@ ++/* ++ * Copyright (C) 2012 Freescale Semiconductor, Inc. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN ++ * NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED ++ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR ++ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF ++ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING ++ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS ++ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++#ifndef __ENG_EC_H ++#define __ENG_EC_H ++ ++#define SPCF_CPARAM_INIT(X,...) \ ++static unsigned char X##_c[] = {__VA_ARGS__} \ ++ ++#define SPCF_FREE_BN(X) do { if(X) { BN_clear_free(X); X = NULL; } } while (0) ++ ++#define SPCF_COPY_CPARAMS(NIDBUF) \ ++ do { \ ++ memcpy (buf, NIDBUF, buf_len); \ ++ } while (0) ++ ++#define SPCF_CPARAM_CASE(X) \ ++ case NID_##X: \ ++ SPCF_COPY_CPARAMS(X##_c); \ ++ break ++ ++SPCF_CPARAM_INIT(sect113r1, 0x01, 0x73, 0xE8, 0x34, 0xAF, 0x28, 0xEC, 0x76, ++ 0xCB, 0x83, 0xBD, 0x8D, 0xFE, 0xB2, 0xD5); ++SPCF_CPARAM_INIT(sect113r2, 0x00, 0x54, 0xD9, 0xF0, 0x39, 0x57, 0x17, 0x4A, ++ 0x32, 0x32, 0x91, 0x67, 0xD7, 0xFE, 0x71); ++SPCF_CPARAM_INIT(sect131r1, 0x03, 0xDB, 0x89, 0xB4, 0x05, 0xE4, 0x91, 0x16, ++ 0x0E, 0x3B, 0x2F, 0x07, 0xB0, 0xCE, 0x20, 0xB3, 0x7E); ++SPCF_CPARAM_INIT(sect131r2, 0x07, 0xCB, 0xB9, 0x92, 0x0D, 0x71, 0xA4, 0x8E, ++ 0x09, 0x9C, 0x38, 0xD7, 0x1D, 0xA6, 0x49, 0x0E, 0xB1); ++SPCF_CPARAM_INIT(sect163k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x01); ++SPCF_CPARAM_INIT(sect163r1, 0x05, 0xED, 0x40, 0x3E, 0xD5, 0x8E, 0xB4, 0x5B, ++ 0x1C, 0xCE, 0xCA, 0x0F, 0x4F, 0x61, 0x65, 0x55, 0x49, 0x86, ++ 0x1B, 0xE0, 0x52); ++SPCF_CPARAM_INIT(sect163r2, 0x07, 0x2C, 0x4E, 0x1E, 0xF7, 0xCB, 0x2F, 0x3A, ++ 0x03, 0x5D, 0x33, 0x10, 0x42, 0x94, 0x15, 0x96, 0x09, 0x13, ++ 0x8B, 0xB4, 0x04); ++SPCF_CPARAM_INIT(sect193r1, 0x01, 0x67, 0xB3, 0x5E, 0xB4, 0x31, 0x3F, 0x26, ++ 0x3D, 0x0F, 0x7A, 0x3D, 0x50, 0x36, 0xF0, 0xA0, 0xA3, 0xC9, ++ 0x80, 0xD4, 0x0E, 0x5A, 0x05, 0x3E, 0xD2); ++SPCF_CPARAM_INIT(sect193r2, 0x00, 0x69, 0x89, 0xFE, 0x6B, 0xFE, 0x30, 0xED, ++ 0xDC, 0x32, 0x44, 0x26, 0x9F, 0x3A, 0xAD, 0x18, 0xD6, 0x6C, ++ 0xF3, 0xDB, 0x3E, 0x33, 0x02, 0xFA, 0xA8); ++SPCF_CPARAM_INIT(sect233k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x01); ++SPCF_CPARAM_INIT(sect233r1, 0x00, 0x07, 0xD5, 0xEF, 0x43, 0x89, 0xDF, 0xF1, ++ 0x1E, 0xCD, 0xBA, 0x39, 0xC3, 0x09, 0x70, 0xD3, 0xCE, 0x35, ++ 0xCE, 0xBB, 0xA5, 0x84, 0x73, 0xF6, 0x4B, 0x4D, 0xC0, 0xF2, ++ 0x68, 0x6C); ++SPCF_CPARAM_INIT(sect239k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x01); ++SPCF_CPARAM_INIT(sect283k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01); ++SPCF_CPARAM_INIT(sect283r1, 0x03, 0xD8, 0xC9, 0x3D, 0x3B, 0x0E, 0xA8, 0x1D, ++ 0x92, 0x94, 0x03, 0x4D, 0x7E, 0xE3, 0x13, 0x5D, 0x0A, 0xC5, ++ 0xFC, 0x8D, 0x9C, 0xB0, 0x27, 0x6F, 0x72, 0x11, 0xF8, 0x80, ++ 0xF0, 0xD8, 0x1C, 0xA4, 0xC6, 0xE8, 0x7B, 0x38); ++SPCF_CPARAM_INIT(sect409k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x01); ++SPCF_CPARAM_INIT(sect409r1, 0x01, 0x49, 0xB8, 0xB7, 0xBE, 0xBD, 0x9B, 0x63, ++ 0x65, 0x3E, 0xF1, 0xCD, 0x8C, 0x6A, 0x5D, 0xD1, 0x05, 0xA2, ++ 0xAA, 0xAC, 0x36, 0xFE, 0x2E, 0xAE, 0x43, 0xCF, 0x28, 0xCE, ++ 0x1C, 0xB7, 0xC8, 0x30, 0xC1, 0xEC, 0xDB, 0xFA, 0x41, 0x3A, ++ 0xB0, 0x7F, 0xE3, 0x5A, 0x57, 0x81, 0x1A, 0xE4, 0xF8, 0x8D, ++ 0x30, 0xAC, 0x63, 0xFB); ++SPCF_CPARAM_INIT(sect571k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x01); ++SPCF_CPARAM_INIT(sect571r1, 0x06, 0x39, 0x5D, 0xB2, 0x2A, 0xB5, 0x94, 0xB1, ++ 0x86, 0x8C, 0xED, 0x95, 0x25, 0x78, 0xB6, 0x53, 0x9F, 0xAB, ++ 0xA6, 0x94, 0x06, 0xD9, 0xB2, 0x98, 0x61, 0x23, 0xA1, 0x85, ++ 0xC8, 0x58, 0x32, 0xE2, 0x5F, 0xD5, 0xB6, 0x38, 0x33, 0xD5, ++ 0x14, 0x42, 0xAB, 0xF1, 0xA9, 0xC0, 0x5F, 0xF0, 0xEC, 0xBD, ++ 0x88, 0xD7, 0xF7, 0x79, 0x97, 0xF4, 0xDC, 0x91, 0x56, 0xAA, ++ 0xF1, 0xCE, 0x08, 0x16, 0x46, 0x86, 0xDD, 0xFF, 0x75, 0x11, ++ 0x6F, 0xBC, 0x9A, 0x7A); ++SPCF_CPARAM_INIT(X9_62_c2pnb163v1, 0x04, 0x53, 0xE1, 0xE4, 0xB7, 0x29, 0x1F, ++ 0x5C, 0x2D, 0x53, 0xCE, 0x18, 0x48, 0x3F, 0x00, 0x70, 0x81, ++ 0xE7, 0xEA, 0x26, 0xEC); ++SPCF_CPARAM_INIT(X9_62_c2pnb163v2, 0x04, 0x35, 0xC0, 0x19, 0x66, 0x0E, 0x01, ++ 0x01, 0xBA, 0x87, 0x0C, 0xA3, 0x9F, 0xD9, 0xA7, 0x76, 0x86, ++ 0x50, 0x9D, 0x28, 0x13); ++SPCF_CPARAM_INIT(X9_62_c2pnb163v3, 0x06, 0x55, 0xC4, 0x54, 0xE4, 0x1E, 0x38, ++ 0x0C, 0x7A, 0x60, 0xB6, 0x67, 0x9A, 0x5B, 0x7A, 0x3F, 0x3A, ++ 0xF6, 0x8E, 0x22, 0xC5); ++SPCF_CPARAM_INIT(X9_62_c2pnb176v1, 0x00, 0x69, 0xF7, 0xDA, 0x36, 0x19, 0xA7, ++ 0x42, 0xA3, 0x82, 0xFF, 0x05, 0x08, 0x8F, 0xD3, 0x99, 0x42, ++ 0xCA, 0x0F, 0x1D, 0x90, 0xB6, 0x5B); ++SPCF_CPARAM_INIT(X9_62_c2tnb191v1, 0x4C, 0x45, 0x25, 0xAB, 0x0B, 0x68, 0x4A, ++ 0x64, 0x44, 0x62, 0x0A, 0x86, 0x45, 0xEF, 0x54, 0x6D, 0x54, ++ 0x69, 0x39, 0x68, 0xC2, 0xAE, 0x84, 0xAC); ++SPCF_CPARAM_INIT(X9_62_c2tnb191v2, 0x03, 0x7C, 0x8F, 0x57, 0xA2, 0x25, 0xC7, ++ 0xB3, 0xD4, 0xED, 0xD5, 0x88, 0x0F, 0x38, 0x0A, 0xCC, 0x55, ++ 0x74, 0xEC, 0xB3, 0x6C, 0x9F, 0x51, 0x21); ++SPCF_CPARAM_INIT(X9_62_c2tnb191v3, 0x37, 0x39, 0xFF, 0x98, 0xB4, 0xD1, 0x69, ++ 0x3E, 0xCF, 0x52, 0x7A, 0x98, 0x51, 0xED, 0xCF, 0x99, 0x9D, ++ 0x9E, 0x75, 0x05, 0x43, 0x33, 0x43, 0x24); ++SPCF_CPARAM_INIT(X9_62_c2pnb208w1, 0x00, 0xDB, 0x05, 0x3C, 0x41, 0x76, 0xCC, ++ 0x1D, 0xA1, 0x27, 0x85, 0x2C, 0xA6, 0xD9, 0x88, 0xBE, 0x1A, ++ 0xCC, 0xD1, 0x5B, 0x2A, 0xC1, 0xC1, 0x07, 0x42, 0x57, 0x34); ++SPCF_CPARAM_INIT(X9_62_c2tnb239v1, 0x24, 0x59, 0xFC, 0xF4, 0x51, 0x7B, 0xC5, ++ 0xA6, 0xB9, 0x9B, 0xE5, 0xC6, 0xC5, 0x62, 0x85, 0xC0, 0x21, ++ 0xFE, 0x32, 0xEE, 0x2B, 0x6F, 0x1C, 0x22, 0xEA, 0x5B, 0xE1, ++ 0xB8, 0x4B, 0x93); ++SPCF_CPARAM_INIT(X9_62_c2tnb239v2, 0x64, 0x98, 0x84, 0x19, 0x3B, 0x56, 0x2D, ++ 0x4A, 0x50, 0xB4, 0xFA, 0x56, 0x34, 0xE0, 0x34, 0x41, 0x3F, ++ 0x94, 0xC4, 0x59, 0xDA, 0x7C, 0xDB, 0x16, 0x64, 0x9D, 0xDD, ++ 0xF7, 0xE6, 0x0A); ++SPCF_CPARAM_INIT(X9_62_c2tnb239v3, 0x32, 0x63, 0x2E, 0x65, 0x2B, 0xEE, 0x91, ++ 0xC2, 0xE4, 0xA2, 0xF5, 0x42, 0xA3, 0x2D, 0x67, 0xA8, 0xB5, ++ 0xB4, 0x5F, 0x21, 0xA0, 0x81, 0x02, 0xFB, 0x1F, 0x2A, 0xFB, ++ 0xB6, 0xAC, 0xDA); ++SPCF_CPARAM_INIT(X9_62_c2pnb272w1, 0x00, 0xDA, 0x7B, 0x60, 0x28, 0xF4, 0xC8, ++ 0x09, 0xA0, 0xB9, 0x78, 0x81, 0xC3, 0xA5, 0x7E, 0x4D, 0x71, ++ 0x81, 0x34, 0xD1, 0x3F, 0xEC, 0xE0, 0x90, 0x85, 0x8A, 0xC3, ++ 0x1A, 0xE2, 0xDC, 0x2E, 0xDF, 0x8E, 0x3C, 0x8B); ++SPCF_CPARAM_INIT(X9_62_c2pnb304w1, 0x00, 0x3C, 0x67, 0xB4, 0x07, 0xC6, 0xF3, ++ 0x3F, 0x81, 0x0B, 0x17, 0xDC, 0x16, 0xE2, 0x14, 0x8A, 0x2C, ++ 0x9C, 0xE2, 0x9D, 0x56, 0x05, 0x23, 0x69, 0x6A, 0x55, 0x93, ++ 0x8A, 0x15, 0x40, 0x81, 0xE3, 0xE3, 0xAE, 0xFB, 0xCE, 0x45, ++ 0x70, 0xC9); ++SPCF_CPARAM_INIT(X9_62_c2tnb359v1, 0x22, 0x39, 0xAA, 0x58, 0x4A, 0xC5, 0x9A, ++ 0xF9, 0x61, 0xD0, 0xFA, 0x2D, 0x52, 0x85, 0xB6, 0xFD, 0xF7, ++ 0x34, 0x9B, 0xC6, 0x0E, 0x91, 0xE3, 0x20, 0xF4, 0x71, 0x64, ++ 0xCE, 0x11, 0xF5, 0x18, 0xEF, 0xB4, 0xC0, 0x8B, 0x9B, 0xDA, ++ 0x99, 0x9A, 0x8A, 0x37, 0xF8, 0x2A, 0x22, 0x61); ++SPCF_CPARAM_INIT(X9_62_c2pnb368w1, 0x00, 0xC0, 0x6C, 0xCF, 0x42, 0x89, 0x3A, ++ 0x8A, 0xAA, 0x00, 0x1E, 0x0B, 0xC0, 0xD2, 0xA2, 0x27, 0x66, ++ 0xEF, 0x3E, 0x41, 0x88, 0x7C, 0xC6, 0x77, 0x6F, 0x4A, 0x04, ++ 0x1E, 0xE4, 0x45, 0x14, 0xB2, 0x0A, 0xFC, 0x4E, 0x5C, 0x30, ++ 0x40, 0x60, 0x06, 0x5B, 0xC8, 0xD6, 0xCF, 0x04, 0xD3, 0x25); ++SPCF_CPARAM_INIT(X9_62_c2tnb431r1, 0x64, 0xF5, 0xBB, 0xE9, 0xBB, 0x31, 0x66, ++ 0xA3, 0xA0, 0x2F, 0x2F, 0x22, 0xBF, 0x05, 0xD9, 0xF7, 0xDA, ++ 0x43, 0xEE, 0x70, 0xC1, 0x79, 0x03, 0x15, 0x2B, 0x70, 0xA0, ++ 0xB4, 0x25, 0x9B, 0xD2, 0xFC, 0xB2, 0x20, 0x3B, 0x7F, 0xB8, ++ 0xD3, 0x39, 0x4E, 0x20, 0xEB, 0x0E, 0xA9, 0x84, 0xDD, 0xB1, ++ 0xE1, 0xF1, 0x4C, 0x67, 0xB1, 0x36, 0x2B); ++SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01); ++SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x01); ++SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls4, 0x01, 0x73, 0xE8, 0x34, 0xAF, 0x28, ++ 0xEC, 0x76, 0xCB, 0x83, 0xBD, 0x8D, 0xFE, 0xB2, 0xD5); ++SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls5, 0x04, 0x53, 0xE1, 0xE4, 0xB7, 0x29, ++ 0x1F, 0x5C, 0x2D, 0x53, 0xCE, 0x18, 0x48, 0x3F, 0x00, 0x70, ++ 0x81, 0xE7, 0xEA, 0x26, 0xEC); ++SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x01); ++SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls11, 0x00, 0x07, 0xD5, 0xEF, 0x43, 0x89, ++ 0xDF, 0xF1, 0x1E, 0xCD, 0xBA, 0x39, 0xC3, 0x09, 0x70, 0xD3, ++ 0xCE, 0x35, 0xCE, 0xBB, 0xA5, 0x84, 0x73, 0xF6, 0x4B, 0x4D, ++ 0xC0, 0xF2, 0x68, 0x6C); ++/* Oakley curve #3 over 155 bit binary filed */ ++SPCF_CPARAM_INIT(ipsec3, 0x00, 0x31, 0x10, 0x00, 0x00, 0x02, 0x23, 0xA0, 0x00, ++ 0xC4, 0x47, 0x40, 0x00, 0x08, 0x8E, 0x80, 0x00, 0x11, 0x1D, ++ 0x1D); ++/* Oakley curve #4 over 185 bit binary filed */ ++SPCF_CPARAM_INIT(ipsec4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, ++ 0x01, 0x80, 0x00, 0xC0, 0x0C, 0x00, 0x00, 0x00, 0x63, 0x80, ++ 0x30, 0x00, 0x1C, 0x00, 0x09); ++ ++static inline int ++eng_ec_get_cparam(int nid, unsigned char *buf, unsigned int buf_len) ++{ ++ int ret = 0; ++ switch (nid) { ++ SPCF_CPARAM_CASE(sect113r1); ++ SPCF_CPARAM_CASE(sect113r2); ++ SPCF_CPARAM_CASE(sect131r1); ++ SPCF_CPARAM_CASE(sect131r2); ++ SPCF_CPARAM_CASE(sect163k1); ++ SPCF_CPARAM_CASE(sect163r1); ++ SPCF_CPARAM_CASE(sect163r2); ++ SPCF_CPARAM_CASE(sect193r1); ++ SPCF_CPARAM_CASE(sect193r2); ++ SPCF_CPARAM_CASE(sect233k1); ++ SPCF_CPARAM_CASE(sect233r1); ++ SPCF_CPARAM_CASE(sect239k1); ++ SPCF_CPARAM_CASE(sect283k1); ++ SPCF_CPARAM_CASE(sect283r1); ++ SPCF_CPARAM_CASE(sect409k1); ++ SPCF_CPARAM_CASE(sect409r1); ++ SPCF_CPARAM_CASE(sect571k1); ++ SPCF_CPARAM_CASE(sect571r1); ++ SPCF_CPARAM_CASE(X9_62_c2pnb163v1); ++ SPCF_CPARAM_CASE(X9_62_c2pnb163v2); ++ SPCF_CPARAM_CASE(X9_62_c2pnb163v3); ++ SPCF_CPARAM_CASE(X9_62_c2pnb176v1); ++ SPCF_CPARAM_CASE(X9_62_c2tnb191v1); ++ SPCF_CPARAM_CASE(X9_62_c2tnb191v2); ++ SPCF_CPARAM_CASE(X9_62_c2tnb191v3); ++ SPCF_CPARAM_CASE(X9_62_c2pnb208w1); ++ SPCF_CPARAM_CASE(X9_62_c2tnb239v1); ++ SPCF_CPARAM_CASE(X9_62_c2tnb239v2); ++ SPCF_CPARAM_CASE(X9_62_c2tnb239v3); ++ SPCF_CPARAM_CASE(X9_62_c2pnb272w1); ++ SPCF_CPARAM_CASE(X9_62_c2pnb304w1); ++ SPCF_CPARAM_CASE(X9_62_c2tnb359v1); ++ SPCF_CPARAM_CASE(X9_62_c2pnb368w1); ++ SPCF_CPARAM_CASE(X9_62_c2tnb431r1); ++ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls1); ++ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls3); ++ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls4); ++ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls5); ++ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls10); ++ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls11); ++ /* Oakley curve #3 over 155 bit binary filed */ ++ SPCF_CPARAM_CASE(ipsec3); ++ /* Oakley curve #4 over 185 bit binary filed */ ++ SPCF_CPARAM_CASE(ipsec4); ++ default: ++ ret = -EINVAL; ++ break; ++ } ++ return ret; ++} ++ ++/* Copies the curve points to a flat buffer with appropriate padding */ ++static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y, ++ int xy_len, int crv_len) ++{ ++ unsigned char *xy = NULL; ++ int len1 = 0, len2 = 0; ++ ++ len1 = BN_num_bytes(x); ++ len2 = BN_num_bytes(y); ++ ++ if (!(xy = malloc(xy_len))) { ++ return NULL; ++ } ++ ++ memset(xy, 0, xy_len); ++ ++ if (len1 < crv_len) { ++ if (!BN_is_zero(x)) ++ BN_bn2bin(x, xy + (crv_len - len1)); ++ } else { ++ BN_bn2bin(x, xy); ++ } ++ ++ if (len2 < crv_len) { ++ if (!BN_is_zero(y)) ++ BN_bn2bin(y, xy+crv_len+(crv_len-len2)); ++ } else { ++ BN_bn2bin(y, xy+crv_len); ++ } ++ ++ return xy; ++} ++ ++enum curve_t { ++ DISCRETE_LOG, ++ ECC_PRIME, ++ ECC_BINARY, ++ MAX_ECC_TYPE ++}; ++#endif +-- +2.3.5 + diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Fixed-private-key-support-for-DH.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Fixed-private-key-support-for-DH.patch new file mode 100644 index 0000000..01c268b --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Fixed-private-key-support-for-DH.patch @@ -0,0 +1,33 @@ +From 39a9e609290a8a1163a721915bcde0c7cf8f92f7 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta +Date: Tue, 11 Mar 2014 05:57:47 +0545 +Subject: [PATCH 06/26] Fixed private key support for DH + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta +--- + crypto/dh/dh_ameth.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c +index 02ec2d4..ed32004 100644 +--- a/crypto/dh/dh_ameth.c ++++ b/crypto/dh/dh_ameth.c +@@ -422,6 +422,13 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) + if (to->pkey.dh->g != NULL) + BN_free(to->pkey.dh->g); + to->pkey.dh->g=a; ++ if ((a=BN_dup(from->pkey.dh->q)) != NULL) { ++ if (to->pkey.dh->q != NULL) ++ BN_free(to->pkey.dh->q); ++ to->pkey.dh->q=a; ++ } ++ ++ to->pkey.dh->length = from->pkey.dh->length; + + return 1; + } +-- +2.3.5 + diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Fixed-private-key-support-for-DH.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Fixed-private-key-support-for-DH.patch new file mode 100644 index 0000000..12fcd7d --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Fixed-private-key-support-for-DH.patch @@ -0,0 +1,35 @@ +From 8322e4157bf49d992b5b9e460f2c0785865dd1c1 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta +Date: Thu, 20 Mar 2014 19:55:51 -0500 +Subject: [PATCH 07/26] Fixed private key support for DH + +Upstream-status: Pending + +Required Length of the DH result is not returned in dh method in openssl + +Tested-by: Yashpal Dutta +--- + crypto/dh/dh_ameth.c | 7 ------- + 1 file changed, 7 deletions(-) + +diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c +index ed32004..02ec2d4 100644 +--- a/crypto/dh/dh_ameth.c ++++ b/crypto/dh/dh_ameth.c +@@ -422,13 +422,6 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) + if (to->pkey.dh->g != NULL) + BN_free(to->pkey.dh->g); + to->pkey.dh->g=a; +- if ((a=BN_dup(from->pkey.dh->q)) != NULL) { +- if (to->pkey.dh->q != NULL) +- BN_free(to->pkey.dh->q); +- to->pkey.dh->q=a; +- } +- +- to->pkey.dh->length = from->pkey.dh->length; + + return 1; + } +-- +2.3.5 + diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Initial-support-for-PKC-in-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Initial-support-for-PKC-in-cryptodev-engine.patch new file mode 100644 index 0000000..98272ab --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Initial-support-for-PKC-in-cryptodev-engine.patch @@ -0,0 +1,1564 @@ +From 107a10d45db0f2e58482f698add04ed9183f7268 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta +Date: Tue, 11 Mar 2014 06:29:52 +0545 +Subject: [PATCH 08/26] Initial support for PKC in cryptodev engine + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta +--- + crypto/engine/eng_cryptodev.c | 1343 ++++++++++++++++++++++++++++++++++++----- + 1 file changed, 1183 insertions(+), 160 deletions(-) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index e3eb98b..7ee314b 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -54,11 +54,14 @@ ENGINE_load_cryptodev(void) + #else + + #include +-#include + #include + #include + #include + #include ++#include ++#include ++#include ++#include + #include + #include + #include +@@ -68,6 +71,8 @@ ENGINE_load_cryptodev(void) + #include + #include + #include ++#include "eng_cryptodev_ec.h" ++#include + + struct dev_crypto_state { + struct session_op d_sess; +@@ -116,18 +121,10 @@ static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, + static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, + RSA *rsa, BN_CTX *ctx); + static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); +-static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, +- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +-static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, +- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, +- BN_CTX *ctx, BN_MONT_CTX *mont); + static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, + int dlen, DSA *dsa); + static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa); +-static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, +- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, +- BN_MONT_CTX *m_ctx); + static int cryptodev_dh_compute_key(unsigned char *key, + const BIGNUM *pub_key, DH *dh); + static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, +@@ -136,6 +133,102 @@ void ENGINE_load_cryptodev(void); + const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; + const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; + ++static int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) ++{ ++ int len; ++ unsigned char *p; ++ ++ len = BN_num_bytes(bn); ++ ++ if (!len) ++ return -1; ++ ++ p = malloc(len); ++ if (!p) ++ return -1; ++ ++ BN_bn2bin(bn,p); ++ ++ *bin = p; ++ *bin_len = len; ++ ++ return 0; ++} ++ ++static int spcf_bn2bin_ex(BIGNUM *bn, unsigned char **bin, int *bin_len) ++{ ++ int len; ++ unsigned char *p; ++ ++ len = BN_num_bytes(bn); ++ ++ if (!len) ++ return -1; ++ ++ if (len < *bin_len) ++ p = malloc(*bin_len); ++ else ++ p = malloc(len); ++ ++ if (!p) ++ return -ENOMEM; ++ ++ if (len < *bin_len) { ++ /* place padding */ ++ memset(p, 0, (*bin_len - len)); ++ BN_bn2bin(bn,p+(*bin_len-len)); ++ } else { ++ BN_bn2bin(bn,p); ++ } ++ ++ *bin = p; ++ if (len >= *bin_len) ++ *bin_len = len; ++ ++ return 0; ++} ++ ++/** ++ * Convert an ECC F2m 'b' parameter into the 'c' parameter. ++ *Inputs: ++ * q, the curve's modulus ++ * b, the curve's b parameter ++ * (a bignum for b, a buffer for c) ++ * Output: ++ * c, written into bin, right-adjusted to fill q_len bytes. ++ */ ++static int ++eng_ec_compute_cparam(const BIGNUM* b, const BIGNUM* q, ++ unsigned char **bin, int *bin_len) ++{ ++ BIGNUM* c = BN_new(); ++ BIGNUM* exp = BN_new(); ++ BN_CTX *ctx = BN_CTX_new(); ++ int m = BN_num_bits(q) - 1; ++ int ok = 0; ++ ++ if (!c || !exp || !ctx || *bin) ++ goto err; ++ ++ /* ++ * We have to compute c, where b = c^4, i.e., the fourth root of b. ++ * The equation for c is c = b^(2^(m-2)) ++ * Compute exp = 2^(m-2) ++ * (1 << x) == 2^x ++ * and then compute c = b^exp ++ */ ++ BN_lshift(exp, BN_value_one(), m-2); ++ BN_GF2m_mod_exp(c, b, exp, q, ctx); ++ /* Store c */ ++ spcf_bn2bin_ex(c, bin, bin_len); ++ ok = 1; ++err: ++ if (ctx) BN_CTX_free(ctx); ++ if (c) BN_free(c); ++ if (exp) BN_free(exp); ++ return ok; ++} ++ + static const ENGINE_CMD_DEFN cryptodev_defns[] = { + { 0, NULL, NULL, 0 } + }; +@@ -1139,7 +1232,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, + static int + bn2crparam(const BIGNUM *a, struct crparam *crp) + { +- int i, j, k; + ssize_t bytes, bits; + u_char *b; + +@@ -1156,15 +1248,7 @@ bn2crparam(const BIGNUM *a, struct crparam *crp) + + crp->crp_p = (caddr_t) b; + crp->crp_nbits = bits; +- +- for (i = 0, j = 0; i < a->top; i++) { +- for (k = 0; k < BN_BITS2 / 8; k++) { +- if ((j + k) >= bytes) +- return (0); +- b[j + k] = a->d[i] >> (k * 8); +- } +- j += BN_BITS2 / 8; +- } ++ BN_bn2bin(a, crp->crp_p); + return (0); + } + +@@ -1172,22 +1256,14 @@ bn2crparam(const BIGNUM *a, struct crparam *crp) + static int + crparam2bn(struct crparam *crp, BIGNUM *a) + { +- u_int8_t *pd; +- int i, bytes; ++ int bytes; + + bytes = (crp->crp_nbits + 7) / 8; + + if (bytes == 0) + return (-1); + +- if ((pd = (u_int8_t *) malloc(bytes)) == NULL) +- return (-1); +- +- for (i = 0; i < bytes; i++) +- pd[i] = crp->crp_p[bytes - i - 1]; +- +- BN_bin2bn(pd, bytes, a); +- free(pd); ++ BN_bin2bn(crp->crp_p, bytes, a); + + return (0); + } +@@ -1235,6 +1311,32 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) + return (ret); + } + ++/* Close an opened instance of cryptodev engine */ ++void cryptodev_close_instance(void *handle) ++{ ++ int fd; ++ ++ if (handle) { ++ fd = *(int *)handle; ++ close(fd); ++ free(handle); ++ } ++} ++ ++/* Create an instance of cryptodev for asynchronous interface */ ++void *cryptodev_init_instance(void) ++{ ++ int *fd = malloc(sizeof(int)); ++ ++ if (fd) { ++ if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) { ++ free(fd); ++ return NULL; ++ } ++ } ++ return fd; ++} ++ + static int + cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) +@@ -1250,9 +1352,9 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + return (ret); + } + +- memset(&kop, 0, sizeof kop); + kop.crk_op = CRK_MOD_EXP; +- ++ kop.crk_oparams = 0; ++ kop.crk_status = 0; + /* inputs: a^p % m */ + if (bn2crparam(a, &kop.crk_param[0])) + goto err; +@@ -1293,28 +1395,38 @@ static int + cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) + { + struct crypt_kop kop; +- int ret = 1; ++ int ret = 1, f_len, p_len, q_len; ++ unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq = NULL, *c = NULL; + + if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { + /* XXX 0 means failure?? */ + return (0); + } + +- memset(&kop, 0, sizeof kop); ++ kop.crk_oparams = 0; ++ kop.crk_status = 0; + kop.crk_op = CRK_MOD_EXP_CRT; ++ f_len = BN_num_bytes(rsa->n); ++ spcf_bn2bin_ex(I, &f, &f_len); ++ spcf_bn2bin(rsa->p, &p, &p_len); ++ spcf_bn2bin(rsa->q, &q, &q_len); ++ spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len); ++ spcf_bn2bin_ex(rsa->iqmp, &c, &p_len); ++ spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len); + /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ +- if (bn2crparam(rsa->p, &kop.crk_param[0])) +- goto err; +- if (bn2crparam(rsa->q, &kop.crk_param[1])) +- goto err; +- if (bn2crparam(I, &kop.crk_param[2])) +- goto err; +- if (bn2crparam(rsa->dmp1, &kop.crk_param[3])) +- goto err; +- if (bn2crparam(rsa->dmq1, &kop.crk_param[4])) +- goto err; +- if (bn2crparam(rsa->iqmp, &kop.crk_param[5])) +- goto err; ++ kop.crk_param[0].crp_p = p; ++ kop.crk_param[0].crp_nbits = p_len * 8; ++ kop.crk_param[1].crp_p = q; ++ kop.crk_param[1].crp_nbits = q_len * 8; ++ kop.crk_param[2].crp_p = f; ++ kop.crk_param[2].crp_nbits = f_len * 8; ++ kop.crk_param[3].crp_p = dp; ++ kop.crk_param[3].crp_nbits = p_len * 8; ++ /* dq must of length q, rest all of length p*/ ++ kop.crk_param[4].crp_p = dq; ++ kop.crk_param[4].crp_nbits = q_len * 8; ++ kop.crk_param[5].crp_p = c; ++ kop.crk_param[5].crp_nbits = p_len * 8; + kop.crk_iparams = 6; + + if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) { +@@ -1350,90 +1462,117 @@ static RSA_METHOD cryptodev_rsa = { + NULL /* rsa_verify */ + }; + +-static int +-cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) +-{ +- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); +-} +- +-static int +-cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, +- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, +- BN_CTX *ctx, BN_MONT_CTX *mont) ++static DSA_SIG * ++cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) + { +- BIGNUM t2; +- int ret = 0; +- +- BN_init(&t2); +- +- /* v = ( g^u1 * y^u2 mod p ) mod q */ +- /* let t1 = g ^ u1 mod p */ +- ret = 0; ++ struct crypt_kop kop; ++ BIGNUM *c = NULL, *d = NULL; ++ DSA_SIG *dsaret = NULL; ++ int q_len = 0, r_len = 0, g_len = 0; ++ int priv_key_len = 0, ret; ++ unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f = NULL; + +- if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont)) ++ memset(&kop, 0, sizeof kop); ++ if ((c = BN_new()) == NULL) { ++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; ++ } + +- /* let t2 = y ^ u2 mod p */ +- if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont)) ++ if ((d = BN_new()) == NULL) { ++ BN_free(c); ++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; +- /* let u1 = t1 * t2 mod p */ +- if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx)) ++ } ++ ++ if (spcf_bn2bin(dsa->p, &q, &q_len)) { ++ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + goto err; ++ } + +- BN_copy(t1,u1); ++ /* Get order of the field of private keys into plain buffer */ ++ if (spcf_bn2bin (dsa->q, &r, &r_len)) { ++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } + +- ret = 1; +-err: +- BN_free(&t2); +- return(ret); +-} ++ /* sanity test */ ++ if (dlen > r_len) { ++ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); ++ goto err; ++ } + +-static DSA_SIG * +-cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) +-{ +- struct crypt_kop kop; +- BIGNUM *r = NULL, *s = NULL; +- DSA_SIG *dsaret = NULL; ++ g_len = q_len; ++ /** ++ * Get generator into a plain buffer. If length is less than ++ * q_len then add leading padding bytes. ++ */ ++ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { ++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } + +- if ((r = BN_new()) == NULL) ++ priv_key_len = r_len; ++ /** ++ * Get private key into a plain buffer. If length is less than ++ * r_len then add leading padding bytes. ++ */ ++ if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) { ++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; +- if ((s = BN_new()) == NULL) { +- BN_free(r); ++ } ++ ++ /* Allocate memory to store hash. */ ++ f = OPENSSL_malloc (r_len); ++ if (!f) { ++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + +- memset(&kop, 0, sizeof kop); ++ /* Add padding, since SEC expects hash to of size r_len */ ++ if (dlen < r_len) ++ memset(f, 0, r_len - dlen); ++ ++ /* Skip leading bytes if dgst_len < r_len */ ++ memcpy(f + r_len - dlen, dgst, dlen); ++ + kop.crk_op = CRK_DSA_SIGN; + + /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ +- kop.crk_param[0].crp_p = (caddr_t)dgst; +- kop.crk_param[0].crp_nbits = dlen * 8; +- if (bn2crparam(dsa->p, &kop.crk_param[1])) +- goto err; +- if (bn2crparam(dsa->q, &kop.crk_param[2])) +- goto err; +- if (bn2crparam(dsa->g, &kop.crk_param[3])) +- goto err; +- if (bn2crparam(dsa->priv_key, &kop.crk_param[4])) +- goto err; ++ kop.crk_param[0].crp_p = (void*)f; ++ kop.crk_param[0].crp_nbits = r_len * 8; ++ kop.crk_param[1].crp_p = (void*)q; ++ kop.crk_param[1].crp_nbits = q_len * 8; ++ kop.crk_param[2].crp_p = (void*)r; ++ kop.crk_param[2].crp_nbits = r_len * 8; ++ kop.crk_param[3].crp_p = (void*)g; ++ kop.crk_param[3].crp_nbits = g_len * 8; ++ kop.crk_param[4].crp_p = (void*)priv_key; ++ kop.crk_param[4].crp_nbits = priv_key_len * 8; + kop.crk_iparams = 5; + +- if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r, +- BN_num_bytes(dsa->q), s) == 0) { +- dsaret = DSA_SIG_new(); +- dsaret->r = r; +- dsaret->s = s; +- } else { +- const DSA_METHOD *meth = DSA_OpenSSL(); +- BN_free(r); +- BN_free(s); +- dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa); ++ ret = cryptodev_asym(&kop, r_len, c, r_len, d); ++ ++ if (ret) { ++ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DECODE_ERROR); ++ goto err; + } +-err: +- kop.crk_param[0].crp_p = NULL; ++ ++ dsaret = DSA_SIG_new(); ++ dsaret->r = c; ++ dsaret->s = d; ++ + zapparams(&kop); + return (dsaret); ++err: ++ { ++ const DSA_METHOD *meth = DSA_OpenSSL(); ++ if (c) ++ BN_free(c); ++ if (d) ++ BN_free(d); ++ dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa); ++ return (dsaret); ++ } + } + + static int +@@ -1441,42 +1580,179 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen, + DSA_SIG *sig, DSA *dsa) + { + struct crypt_kop kop; +- int dsaret = 1; ++ int dsaret = 1, q_len = 0, r_len = 0, g_len = 0; ++ int w_len = 0 ,c_len = 0, d_len = 0, ret = -1; ++ unsigned char * q = NULL, * r = NULL, * w = NULL, * g = NULL; ++ unsigned char * c = NULL, * d = NULL, *f = NULL; + + memset(&kop, 0, sizeof kop); + kop.crk_op = CRK_DSA_VERIFY; + +- /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ +- kop.crk_param[0].crp_p = (caddr_t)dgst; +- kop.crk_param[0].crp_nbits = dlen * 8; +- if (bn2crparam(dsa->p, &kop.crk_param[1])) ++ if (spcf_bn2bin(dsa->p, &q, &q_len)) { ++ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ return ret; ++ } ++ ++ /* Get Order of field of private keys */ ++ if (spcf_bn2bin(dsa->q, &r, &r_len)) { ++ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; +- if (bn2crparam(dsa->q, &kop.crk_param[2])) ++ } ++ ++ g_len = q_len; ++ /** ++ * Get generator into a plain buffer. If length is less than ++ * q_len then add leading padding bytes. ++ */ ++ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { ++ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; +- if (bn2crparam(dsa->g, &kop.crk_param[3])) ++ } ++ w_len = q_len; ++ /** ++ * Get public key into a plain buffer. If length is less than ++ * q_len then add leading padding bytes. ++ */ ++ if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) { ++ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ /** ++ * Get the 1st part of signature into a flat buffer with ++ * appropriate padding ++ */ ++ c_len = r_len; ++ ++ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; +- if (bn2crparam(dsa->pub_key, &kop.crk_param[4])) ++ } ++ ++ /** ++ * Get the 2nd part of signature into a flat buffer with ++ * appropriate padding ++ */ ++ d_len = r_len; ++ ++ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; +- if (bn2crparam(sig->r, &kop.crk_param[5])) ++ } ++ ++ ++ /* Sanity test */ ++ if (dlen > r_len) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; +- if (bn2crparam(sig->s, &kop.crk_param[6])) ++ } ++ ++ /* Allocate memory to store hash. */ ++ f = OPENSSL_malloc (r_len); ++ if (!f) { ++ DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; ++ } ++ ++ /* Add padding, since SEC expects hash to of size r_len */ ++ if (dlen < r_len) ++ memset(f, 0, r_len - dlen); ++ ++ /* Skip leading bytes if dgst_len < r_len */ ++ memcpy(f + r_len - dlen, dgst, dlen); ++ ++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ ++ kop.crk_param[0].crp_p = (void*)f; ++ kop.crk_param[0].crp_nbits = r_len * 8; ++ kop.crk_param[1].crp_p = q; ++ kop.crk_param[1].crp_nbits = q_len * 8; ++ kop.crk_param[2].crp_p = r; ++ kop.crk_param[2].crp_nbits = r_len * 8; ++ kop.crk_param[3].crp_p = g; ++ kop.crk_param[3].crp_nbits = g_len * 8; ++ kop.crk_param[4].crp_p = w; ++ kop.crk_param[4].crp_nbits = w_len * 8; ++ kop.crk_param[5].crp_p = c; ++ kop.crk_param[5].crp_nbits = c_len * 8; ++ kop.crk_param[6].crp_p = d; ++ kop.crk_param[6].crp_nbits = d_len * 8; + kop.crk_iparams = 7; + +- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { +-/*OCF success value is 0, if not zero, change dsaret to fail*/ +- if(0 != kop.crk_status) dsaret = 0; +- } else { +- const DSA_METHOD *meth = DSA_OpenSSL(); ++ if ((cryptodev_asym(&kop, 0, NULL, 0, NULL))) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR); ++ goto err; ++ } + +- dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa); ++ /*OCF success value is 0, if not zero, change dsaret to fail*/ ++ if(0 != kop.crk_status) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR); ++ goto err; + } +-err: +- kop.crk_param[0].crp_p = NULL; ++ + zapparams(&kop); + return (dsaret); ++err: ++ { ++ const DSA_METHOD *meth = DSA_OpenSSL(); ++ ++ dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa); ++ } ++ return dsaret; + } + ++/* Cryptodev DSA Key Gen routine */ ++static int cryptodev_dsa_keygen(DSA *dsa) ++{ ++ struct crypt_kop kop; ++ int ret = 1, g_len; ++ unsigned char *g = NULL; ++ ++ if (dsa->priv_key == NULL) { ++ if ((dsa->priv_key=BN_new()) == NULL) ++ goto sw_try; ++ } ++ ++ if (dsa->pub_key == NULL) { ++ if ((dsa->pub_key=BN_new()) == NULL) ++ goto sw_try; ++ } ++ ++ g_len = BN_num_bytes(dsa->p); ++ /** ++ * Get generator into a plain buffer. If length is less than ++ * p_len then add leading padding bytes. ++ */ ++ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { ++ DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE); ++ goto sw_try; ++ } ++ ++ memset(&kop, 0, sizeof kop); ++ ++ kop.crk_op = CRK_DSA_GENERATE_KEY; ++ if (bn2crparam(dsa->p, &kop.crk_param[0])) ++ goto sw_try; ++ if (bn2crparam(dsa->q, &kop.crk_param[1])) ++ goto sw_try; ++ kop.crk_param[2].crp_p = g; ++ kop.crk_param[2].crp_nbits = g_len * 8; ++ kop.crk_iparams = 3; ++ ++ /* pub_key is or prime length while priv key is of length of order */ ++ if (cryptodev_asym(&kop, BN_num_bytes(dsa->p), dsa->pub_key, ++ BN_num_bytes(dsa->q), dsa->priv_key)) ++ goto sw_try; ++ ++ return ret; ++sw_try: ++ { ++ const DSA_METHOD *meth = DSA_OpenSSL(); ++ ret = (meth->dsa_keygen)(dsa); ++ } ++ return ret; ++} ++ ++ ++ + static DSA_METHOD cryptodev_dsa = { + "cryptodev DSA method", + NULL, +@@ -1490,12 +1766,543 @@ static DSA_METHOD cryptodev_dsa = { + NULL /* app_data */ + }; + +-static int +-cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, +- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, +- BN_MONT_CTX *m_ctx) ++static ECDSA_METHOD cryptodev_ecdsa = { ++ "cryptodev ECDSA method", ++ NULL, ++ NULL, /* ecdsa_sign_setup */ ++ NULL, ++ NULL, ++ 0, /* flags */ ++ NULL /* app_data */ ++}; ++ ++typedef enum ec_curve_s ++{ ++ EC_PRIME, ++ EC_BINARY ++} ec_curve_t; ++ ++/* ENGINE handler for ECDSA Sign */ ++static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, ++ int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) + { +- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); ++ BIGNUM *m = NULL, *p = NULL, *a = NULL; ++ BIGNUM *b = NULL, *x = NULL, *y = NULL; ++ BN_CTX *ctx = NULL; ++ ECDSA_SIG *ret = NULL; ++ ECDSA_DATA *ecdsa = NULL; ++ unsigned char * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL; ++ unsigned char * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL; ++ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0; ++ int g_len = 0, d_len = 0, ab_len = 0; ++ const BIGNUM *order = NULL, *priv_key=NULL; ++ const EC_GROUP *group = NULL; ++ struct crypt_kop kop; ++ ec_curve_t ec_crv = EC_PRIME; ++ ++ memset(&kop, 0, sizeof(kop)); ++ ecdsa = ecdsa_check(eckey); ++ if (!ecdsa) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); ++ return NULL; ++ } ++ ++ group = EC_KEY_get0_group(eckey); ++ priv_key = EC_KEY_get0_private_key(eckey); ++ ++ if (!group || !priv_key) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); ++ return NULL; ++ } ++ ++ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || ++ (a = BN_new()) == NULL || (b = BN_new()) == NULL || ++ (p = BN_new()) == NULL || (x = BN_new()) == NULL || ++ (y = BN_new()) == NULL) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ order = &group->order; ++ if (!order || BN_is_zero(order)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS); ++ goto err; ++ } ++ ++ i = BN_num_bits(order); ++ /* Need to truncate digest if it is too long: first truncate whole ++ bytes */ ++ if (8 * dgst_len > i) ++ dgst_len = (i + 7)/8; ++ ++ if (!BN_bin2bn(dgst, dgst_len, m)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* If still too long truncate remaining bits with a shift */ ++ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* copy the truncated bits into plain buffer */ ++ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { ++ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__); ++ goto err; ++ } ++ ++ ret = ECDSA_SIG_new(); ++ if (!ret) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* check if this is prime or binary EC request */ ++ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { ++ ec_crv = EC_PRIME; ++ /* get the generator point pair */ ++ if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group), ++ x, y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* get the ECC curve parameters */ ++ if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ goto err; ++ } ++ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) { ++ ec_crv = EC_BINARY; ++ /* get the ECC curve parameters */ ++ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* get the generator point pair */ ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, ++ EC_GROUP_get0_generator(group), x, y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ goto err; ++ } ++ } else { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ if (spcf_bn2bin(order, &r, &r_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (spcf_bn2bin(p, &q, &q_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ priv_key_len = r_len; ++ ++ /** ++ * If BN_num_bytes of priv_key returns less then r_len then ++ * add padding bytes before the key ++ */ ++ if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Generation of ECC curve parameters */ ++ ab_len = 2*q_len; ++ ab = eng_copy_curve_points(a, b, ab_len, q_len); ++ if (!ab) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (ec_crv == EC_BINARY) { ++ if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len)) ++ { ++ unsigned char *c_temp = NULL; ++ int c_temp_len = q_len; ++ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) ++ memcpy(ab+q_len, c_temp, q_len); ++ else ++ goto err; ++ } ++ kop.curve_type = ECC_BINARY; ++ } ++ ++ /* Calculation of Generator point */ ++ g_len = 2*q_len; ++ g_xy = eng_copy_curve_points(x, y, g_len, q_len); ++ if (!g_xy) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Memory allocation for first part of digital signature */ ++ c = malloc(r_len); ++ if (!c) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ d_len = r_len; ++ ++ /* Memory allocation for second part of digital signature */ ++ d = malloc(d_len); ++ if (!d) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* memory for message representative */ ++ f = malloc(r_len); ++ if (!f) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Add padding, since SEC expects hash to of size r_len */ ++ memset(f, 0, r_len - dgst_len); ++ ++ /* Skip leading bytes if dgst_len < r_len */ ++ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len); ++ ++ dgst_len += r_len - dgst_len; ++ kop.crk_op = CRK_DSA_SIGN; ++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ ++ kop.crk_param[0].crp_p = f; ++ kop.crk_param[0].crp_nbits = dgst_len * 8; ++ kop.crk_param[1].crp_p = q; ++ kop.crk_param[1].crp_nbits = q_len * 8; ++ kop.crk_param[2].crp_p = r; ++ kop.crk_param[2].crp_nbits = r_len * 8; ++ kop.crk_param[3].crp_p = g_xy; ++ kop.crk_param[3].crp_nbits = g_len * 8; ++ kop.crk_param[4].crp_p = s; ++ kop.crk_param[4].crp_nbits = priv_key_len * 8; ++ kop.crk_param[5].crp_p = ab; ++ kop.crk_param[5].crp_nbits = ab_len * 8; ++ kop.crk_iparams = 6; ++ kop.crk_param[6].crp_p = c; ++ kop.crk_param[6].crp_nbits = d_len * 8; ++ kop.crk_param[7].crp_p = d; ++ kop.crk_param[7].crp_nbits = d_len * 8; ++ kop.crk_oparams = 2; ++ ++ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { ++ /* Check if ret->r and s needs to allocated */ ++ crparam2bn(&kop.crk_param[6], ret->r); ++ crparam2bn(&kop.crk_param[7], ret->s); ++ } else { ++ const ECDSA_METHOD *meth = ECDSA_OpenSSL(); ++ ret = (meth->ecdsa_do_sign)(dgst, dgst_len, in_kinv, in_r, eckey); ++ } ++ kop.crk_param[0].crp_p = NULL; ++ zapparams(&kop); ++err: ++ if (!ret) { ++ ECDSA_SIG_free(ret); ++ ret = NULL; ++ } ++ return ret; ++} ++ ++static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, ++ ECDSA_SIG *sig, EC_KEY *eckey) ++{ ++ BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL; ++ BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL; ++ BN_CTX *ctx = NULL; ++ ECDSA_DATA *ecdsa = NULL; ++ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy = NULL; ++ unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL; ++ int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0; ++ int d_len = 0, ab_len = 0, ret = -1; ++ const EC_POINT *pub_key = NULL; ++ const BIGNUM *order = NULL; ++ const EC_GROUP *group=NULL; ++ ec_curve_t ec_crv = EC_PRIME; ++ struct crypt_kop kop; ++ ++ memset(&kop, 0, sizeof kop); ++ ecdsa = ecdsa_check(eckey); ++ if (!ecdsa) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER); ++ return ret; ++ } ++ ++ group = EC_KEY_get0_group(eckey); ++ pub_key = EC_KEY_get0_public_key(eckey); ++ ++ if (!group || !pub_key) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER); ++ return ret; ++ } ++ ++ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || ++ (a = BN_new()) == NULL || (b = BN_new()) == NULL || ++ (p = BN_new()) == NULL || (x = BN_new()) == NULL || ++ (y = BN_new()) == NULL || (w_x = BN_new()) == NULL || ++ (w_y = BN_new()) == NULL) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ order = &group->order; ++ if (!order || BN_is_zero(order)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS); ++ goto err; ++ } ++ ++ i = BN_num_bits(order); ++ /* Need to truncate digest if it is too long: first truncate whole ++ * bytes */ ++ if (8 * dgst_len > i) ++ dgst_len = (i + 7)/8; ++ ++ if (!BN_bin2bn(dgst, dgst_len, m)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* If still too long truncate remaining bits with a shift */ ++ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); ++ goto err; ++ } ++ /* copy the truncated bits into plain buffer */ ++ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* check if this is prime or binary EC request */ ++ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { ++ ec_crv = EC_PRIME; ++ ++ /* get the generator point pair */ ++ if (!EC_POINT_get_affine_coordinates_GFp (group, ++ EC_GROUP_get0_generator(group), x, y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* get the public key pair for prime curve */ ++ if (!EC_POINT_get_affine_coordinates_GFp (group, ++ pub_key, w_x, w_y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* get the ECC curve parameters */ ++ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field){ ++ ec_crv = EC_BINARY; ++ /* get the ECC curve parameters */ ++ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* get the generator point pair */ ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, ++ EC_GROUP_get0_generator(group),x, y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* get the public key pair for binary curve */ ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, ++ pub_key, w_x, w_y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ }else { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* Get the order of the subgroup of private keys */ ++ if (spcf_bn2bin((BIGNUM*)order, &r, &r_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Get the irreducible polynomial that creates the field */ ++ if (spcf_bn2bin(p, &q, &q_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Get the public key into a flat buffer with appropriate padding */ ++ pub_key_len = 2 * q_len; ++ ++ w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len); ++ if (!w_xy) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Generation of ECC curve parameters */ ++ ab_len = 2*q_len; ++ ++ ab = eng_copy_curve_points (a, b, ab_len, q_len); ++ if (!ab) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (ec_crv == EC_BINARY) { ++ /* copy b' i.e c(b), instead of only b */ ++ if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len)) ++ { ++ unsigned char *c_temp = NULL; ++ int c_temp_len = q_len; ++ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) ++ memcpy(ab+q_len, c_temp, q_len); ++ else ++ goto err; ++ } ++ kop.curve_type = ECC_BINARY; ++ } ++ ++ /* Calculation of Generator point */ ++ g_len = 2 * q_len; ++ ++ g_xy = eng_copy_curve_points (x, y, g_len, q_len); ++ if (!g_xy) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /** ++ * Get the 1st part of signature into a flat buffer with ++ * appropriate padding ++ */ ++ if (BN_num_bytes(sig->r) < r_len) ++ c_len = r_len; ++ ++ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /** ++ * Get the 2nd part of signature into a flat buffer with ++ * appropriate padding ++ */ ++ if (BN_num_bytes(sig->s) < r_len) ++ d_len = r_len; ++ ++ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* memory for message representative */ ++ f = malloc(r_len); ++ if (!f) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Add padding, since SEC expects hash to of size r_len */ ++ memset(f, 0, r_len-dgst_len); ++ ++ /* Skip leading bytes if dgst_len < r_len */ ++ memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len); ++ dgst_len += r_len-dgst_len; ++ kop.crk_op = CRK_DSA_VERIFY; ++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ ++ kop.crk_param[0].crp_p = f; ++ kop.crk_param[0].crp_nbits = dgst_len * 8; ++ kop.crk_param[1].crp_p = q; ++ kop.crk_param[1].crp_nbits = q_len * 8; ++ kop.crk_param[2].crp_p = r; ++ kop.crk_param[2].crp_nbits = r_len * 8; ++ kop.crk_param[3].crp_p = g_xy; ++ kop.crk_param[3].crp_nbits = g_len * 8; ++ kop.crk_param[4].crp_p = w_xy; ++ kop.crk_param[4].crp_nbits = pub_key_len * 8; ++ kop.crk_param[5].crp_p = ab; ++ kop.crk_param[5].crp_nbits = ab_len * 8; ++ kop.crk_param[6].crp_p = c; ++ kop.crk_param[6].crp_nbits = d_len * 8; ++ kop.crk_param[7].crp_p = d; ++ kop.crk_param[7].crp_nbits = d_len * 8; ++ kop.crk_iparams = 8; ++ ++ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { ++ /*OCF success value is 0, if not zero, change ret to fail*/ ++ if(0 == kop.crk_status) ++ ret = 1; ++ } else { ++ const ECDSA_METHOD *meth = ECDSA_OpenSSL(); ++ ++ ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey); ++ } ++ kop.crk_param[0].crp_p = NULL; ++ zapparams(&kop); ++ ++err: ++ return ret; ++} ++ ++static int cryptodev_dh_keygen(DH *dh) ++{ ++ struct crypt_kop kop; ++ int ret = 1, g_len; ++ unsigned char *g = NULL; ++ ++ if (dh->priv_key == NULL) { ++ if ((dh->priv_key=BN_new()) == NULL) ++ goto sw_try; ++ } ++ ++ if (dh->pub_key == NULL) { ++ if ((dh->pub_key=BN_new()) == NULL) ++ goto sw_try; ++ } ++ ++ g_len = BN_num_bytes(dh->p); ++ /** ++ * Get generator into a plain buffer. If length is less than ++ * q_len then add leading padding bytes. ++ */ ++ if (spcf_bn2bin_ex(dh->g, &g, &g_len)) { ++ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); ++ goto sw_try; ++ } ++ ++ memset(&kop, 0, sizeof kop); ++ kop.crk_op = CRK_DH_GENERATE_KEY; ++ if (bn2crparam(dh->p, &kop.crk_param[0])) ++ goto sw_try; ++ if (bn2crparam(dh->q, &kop.crk_param[1])) ++ goto sw_try; ++ kop.crk_param[2].crp_p = g; ++ kop.crk_param[2].crp_nbits = g_len * 8; ++ kop.crk_iparams = 3; ++ ++ /* pub_key is or prime length while priv key is of length of order */ ++ if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key, ++ BN_num_bytes(dh->q), dh->priv_key)) ++ goto sw_try; ++ ++ return ret; ++sw_try: ++ { ++ const DH_METHOD *meth = DH_OpenSSL(); ++ ret = (meth->generate_key)(dh); ++ } ++ return ret; + } + + static int +@@ -1503,43 +2310,234 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) + { + struct crypt_kop kop; + int dhret = 1; +- int fd, keylen; ++ int fd, p_len; ++ BIGNUM *temp = NULL; ++ unsigned char *padded_pub_key = NULL, *p = NULL; ++ ++ if ((fd = get_asym_dev_crypto()) < 0) ++ goto sw_try; ++ ++ memset(&kop, 0, sizeof kop); ++ kop.crk_op = CRK_DH_COMPUTE_KEY; ++ /* inputs: dh->priv_key pub_key dh->p key */ ++ spcf_bn2bin(dh->p, &p, &p_len); ++ spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len); ++ if (bn2crparam(dh->priv_key, &kop.crk_param[0])) ++ goto sw_try; ++ ++ kop.crk_param[1].crp_p = padded_pub_key; ++ kop.crk_param[1].crp_nbits = p_len * 8; ++ kop.crk_param[2].crp_p = p; ++ kop.crk_param[2].crp_nbits = p_len * 8; ++ kop.crk_iparams = 3; ++ kop.crk_param[3].crp_p = (void*) key; ++ kop.crk_param[3].crp_nbits = p_len * 8; ++ kop.crk_oparams = 1; ++ dhret = p_len; ++ ++ if (ioctl(fd, CIOCKEY, &kop)) ++ goto sw_try; + +- if ((fd = get_asym_dev_crypto()) < 0) { ++ if ((temp = BN_new())) { ++ if (!BN_bin2bn(key, p_len, temp)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ goto sw_try; ++ } ++ if (dhret > BN_num_bytes(temp)) ++ dhret=BN_bn2bin(temp,key); ++ BN_free(temp); ++ } ++ ++ kop.crk_param[3].crp_p = NULL; ++ zapparams(&kop); ++ return (dhret); ++sw_try: ++ { + const DH_METHOD *meth = DH_OpenSSL(); + +- return ((meth->compute_key)(key, pub_key, dh)); ++ dhret = (meth->compute_key)(key, pub_key, dh); + } ++ return (dhret); ++} + +- keylen = BN_num_bits(dh->p); ++int cryptodev_ecdh_compute_key(void *out, size_t outlen, ++ const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, ++ void *out, size_t *outlen)) ++{ ++ ec_curve_t ec_crv = EC_PRIME; ++ unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; ++ BIGNUM * w_x = NULL, *w_y = NULL; ++ int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; ++ BIGNUM * p = NULL, *a = NULL, *b = NULL; ++ BN_CTX *ctx; ++ EC_POINT *tmp=NULL; ++ BIGNUM *x=NULL, *y=NULL; ++ const BIGNUM *priv_key; ++ const EC_GROUP* group = NULL; ++ int ret = -1; ++ size_t buflen, len; ++ struct crypt_kop kop; + + memset(&kop, 0, sizeof kop); +- kop.crk_op = CRK_DH_COMPUTE_KEY; + +- /* inputs: dh->priv_key pub_key dh->p key */ +- if (bn2crparam(dh->priv_key, &kop.crk_param[0])) ++ if ((ctx = BN_CTX_new()) == NULL) goto err; ++ BN_CTX_start(ctx); ++ x = BN_CTX_get(ctx); ++ y = BN_CTX_get(ctx); ++ p = BN_CTX_get(ctx); ++ a = BN_CTX_get(ctx); ++ b = BN_CTX_get(ctx); ++ w_x = BN_CTX_get(ctx); ++ w_y = BN_CTX_get(ctx); ++ ++ if (!x || !y || !p || !a || !b || !w_x || !w_y) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); + goto err; +- if (bn2crparam(pub_key, &kop.crk_param[1])) ++ } ++ ++ priv_key = EC_KEY_get0_private_key(ecdh); ++ if (priv_key == NULL) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE); + goto err; +- if (bn2crparam(dh->p, &kop.crk_param[2])) ++ } ++ ++ group = EC_KEY_get0_group(ecdh); ++ if ((tmp=EC_POINT_new(group)) == NULL) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); + goto err; +- kop.crk_iparams = 3; ++ } + +- kop.crk_param[3].crp_p = (caddr_t) key; +- kop.crk_param[3].crp_nbits = keylen * 8; +- kop.crk_oparams = 1; ++ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == ++ NID_X9_62_prime_field) { ++ ec_crv = EC_PRIME; + +- if (ioctl(fd, CIOCKEY, &kop) == -1) { +- const DH_METHOD *meth = DH_OpenSSL(); ++ if (!EC_POINT_get_affine_coordinates_GFp(group, ++ EC_GROUP_get0_generator(group), x, y, ctx)) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); ++ goto err; ++ } + +- dhret = (meth->compute_key)(key, pub_key, dh); ++ /* get the ECC curve parameters */ ++ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* get the public key pair for prime curve */ ++ if (!EC_POINT_get_affine_coordinates_GFp (group, pub_key, w_x, w_y,ctx)) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); ++ goto err; ++ } ++ } else { ++ ec_crv = EC_BINARY; ++ ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, ++ EC_GROUP_get0_generator(group), x, y, ctx)) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); ++ goto err; ++ } ++ ++ /* get the ECC curve parameters */ ++ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* get the public key pair for binary curve */ ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, ++ pub_key, w_x, w_y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ goto err; ++ } ++ } ++ ++ /* irreducible polynomial that creates the field */ ++ if (spcf_bn2bin((BIGNUM*)&group->order, &r, &r_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Get the irreducible polynomial that creates the field */ ++ if (spcf_bn2bin(p, &q, &q_len)) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); ++ goto err; + } ++ ++ /* Get the public key into a flat buffer with appropriate padding */ ++ pub_key_len = 2 * q_len; ++ w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len); ++ if (!w_xy) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Generation of ECC curve parameters */ ++ ab_len = 2*q_len; ++ ab = eng_copy_curve_points (a, b, ab_len, q_len); ++ if (!ab) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ if (ec_crv == EC_BINARY) { ++ /* copy b' i.e c(b), instead of only b */ ++ if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len)) ++ { ++ unsigned char *c_temp = NULL; ++ int c_temp_len = q_len; ++ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) ++ memcpy(ab+q_len, c_temp, q_len); ++ else ++ goto err; ++ } ++ kop.curve_type = ECC_BINARY; ++ } else ++ kop.curve_type = ECC_PRIME; ++ ++ priv_key_len = r_len; ++ ++ /* ++ * If BN_num_bytes of priv_key returns less then r_len then ++ * add padding bytes before the key ++ */ ++ if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ buflen = (EC_GROUP_get_degree(group) + 7)/8; ++ len = BN_num_bytes(x); ++ if (len > buflen || q_len < buflen) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ kop.crk_op = CRK_DH_COMPUTE_KEY; ++ kop.crk_param[0].crp_p = (void*) s; ++ kop.crk_param[0].crp_nbits = priv_key_len*8; ++ kop.crk_param[1].crp_p = (void*) w_xy; ++ kop.crk_param[1].crp_nbits = pub_key_len*8; ++ kop.crk_param[2].crp_p = (void*) q; ++ kop.crk_param[2].crp_nbits = q_len*8; ++ kop.crk_param[3].crp_p = (void*) ab; ++ kop.crk_param[3].crp_nbits = ab_len*8; ++ kop.crk_iparams = 4; ++ kop.crk_param[4].crp_p = (void*) out; ++ kop.crk_param[4].crp_nbits = q_len*8; ++ kop.crk_oparams = 1; ++ ret = q_len; ++ if (cryptodev_asym(&kop, 0, NULL, 0, NULL)) { ++ const ECDH_METHOD *meth = ECDH_OpenSSL(); ++ ret = (meth->compute_key)(out, outlen, pub_key, ecdh, KDF); ++ } else ++ ret = q_len; + err: +- kop.crk_param[3].crp_p = NULL; ++ kop.crk_param[4].crp_p = NULL; + zapparams(&kop); +- return (dhret); ++ return ret; + } + ++ + static DH_METHOD cryptodev_dh = { + "cryptodev DH method", + NULL, /* cryptodev_dh_generate_key */ +@@ -1551,6 +2549,14 @@ static DH_METHOD cryptodev_dh = { + NULL /* app_data */ + }; + ++static ECDH_METHOD cryptodev_ecdh = { ++ "cryptodev ECDH method", ++ NULL, /* cryptodev_ecdh_compute_key */ ++ NULL, ++ 0, /* flags */ ++ NULL /* app_data */ ++}; ++ + /* + * ctrl right now is just a wrapper that doesn't do much + * but I expect we'll want some options soon. +@@ -1634,25 +2640,42 @@ ENGINE_load_cryptodev(void) + memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); + if (cryptodev_asymfeat & CRF_DSA_SIGN) + cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; +- if (cryptodev_asymfeat & CRF_MOD_EXP) { +- cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp; +- cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp; +- } + if (cryptodev_asymfeat & CRF_DSA_VERIFY) + cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; ++ if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) ++ cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen; + } + + if (ENGINE_set_DH(engine, &cryptodev_dh)){ + const DH_METHOD *dh_meth = DH_OpenSSL(); ++ memcpy(&cryptodev_dh, dh_meth, sizeof(DH_METHOD)); ++ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { ++ cryptodev_dh.compute_key = ++ cryptodev_dh_compute_key; ++ } ++ if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) { ++ cryptodev_dh.generate_key = ++ cryptodev_dh_keygen; ++ } ++ } + +- cryptodev_dh.generate_key = dh_meth->generate_key; +- cryptodev_dh.compute_key = dh_meth->compute_key; +- cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp; +- if (cryptodev_asymfeat & CRF_MOD_EXP) { +- cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh; +- if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) +- cryptodev_dh.compute_key = +- cryptodev_dh_compute_key; ++ if (ENGINE_set_ECDSA(engine, &cryptodev_ecdsa)) { ++ const ECDSA_METHOD *meth = ECDSA_OpenSSL(); ++ memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD)); ++ if (cryptodev_asymfeat & CRF_DSA_SIGN) { ++ cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign; ++ } ++ if (cryptodev_asymfeat & CRF_DSA_VERIFY) { ++ cryptodev_ecdsa.ecdsa_do_verify = ++ cryptodev_ecdsa_verify; ++ } ++ } ++ ++ if (ENGINE_set_ECDH(engine, &cryptodev_ecdh)) { ++ const ECDH_METHOD *ecdh_meth = ECDH_OpenSSL(); ++ memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD)); ++ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { ++ cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key; + } + } + +-- +2.3.5 + diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-Added-hwrng-dev-file-as-source-of-RNG.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-Added-hwrng-dev-file-as-source-of-RNG.patch new file mode 100644 index 0000000..0fb0182 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-Added-hwrng-dev-file-as-source-of-RNG.patch @@ -0,0 +1,28 @@ +From 81c4c62a4f5f5542843381bfb34e39a6171d5cdd Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta +Date: Tue, 11 Mar 2014 06:42:59 +0545 +Subject: [PATCH 09/26] Added hwrng dev file as source of RNG + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta +--- + e_os.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/e_os.h b/e_os.h +index 6a0aad1..57c0563 100644 +--- a/e_os.h ++++ b/e_os.h +@@ -79,7 +79,7 @@ extern "C" { + #ifndef DEVRANDOM + /* set this to a comma-separated list of 'random' device files to try out. + * My default, we will try to read at least one of these files */ +-#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom" ++#define DEVRANDOM "/dev/hwrng","/dev/urandom","/dev/random","/dev/srandom" + #endif + #ifndef DEVRANDOM_EGD + /* set this to a comma-seperated list of 'egd' sockets to try out. These +-- +2.3.5 + diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch new file mode 100644 index 0000000..0f889c0 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch @@ -0,0 +1,2039 @@ +From a933e6341fd8989bdd82f8a5446b6f04aa00eef9 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta +Date: Tue, 11 Mar 2014 07:14:30 +0545 +Subject: [PATCH 10/26] Asynchronous interface added for PKC cryptodev + interface + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta +--- + crypto/crypto.h | 16 + + crypto/dh/dh.h | 4 +- + crypto/dsa/dsa.h | 5 + + crypto/ecdh/ech_locl.h | 3 + + crypto/ecdsa/ecs_locl.h | 5 + + crypto/engine/eng_cryptodev.c | 1578 +++++++++++++++++++++++++++++++++++++---- + crypto/engine/eng_int.h | 24 +- + crypto/engine/eng_lib.c | 46 ++ + crypto/engine/engine.h | 24 + + crypto/rsa/rsa.h | 23 + + 10 files changed, 1582 insertions(+), 146 deletions(-) + +diff --git a/crypto/crypto.h b/crypto/crypto.h +index f92fc51..ce12731 100644 +--- a/crypto/crypto.h ++++ b/crypto/crypto.h +@@ -605,6 +605,22 @@ void ERR_load_CRYPTO_strings(void); + #define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101 + #define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100 + ++/* Additions for Asynchronous PKC Infrastructure */ ++struct pkc_cookie_s { ++ void *cookie; /* To be filled by openssl library primitive method function caller */ ++ void *eng_cookie; /* To be filled by Engine */ ++ /* ++ * Callback handler to be provided by caller. Ensure to pass a ++ * handler which takes the crypto operation to completion. ++ * cookie: Container cookie from library ++ * status: Status of the crypto Job completion. ++ * 0: Job handled without any issue ++ * -EINVAL: Parameters Invalid ++ */ ++ void (*pkc_callback)(struct pkc_cookie_s *cookie, int status); ++ void *eng_handle; ++}; ++ + #ifdef __cplusplus + } + #endif +diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h +index ea59e61..20ffad2 100644 +--- a/crypto/dh/dh.h ++++ b/crypto/dh/dh.h +@@ -118,7 +118,9 @@ struct dh_method + int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a, + const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); /* Can be null */ +- ++ int (*compute_key_async)(unsigned char *key,const BIGNUM *pub_key,DH *dh, ++ struct pkc_cookie_s *cookie); ++ int (*generate_key_async)(DH *dh, struct pkc_cookie_s *cookie); + int (*init)(DH *dh); + int (*finish)(DH *dh); + int flags; +diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h +index a6f6d0b..b04a029 100644 +--- a/crypto/dsa/dsa.h ++++ b/crypto/dsa/dsa.h +@@ -140,6 +140,10 @@ struct dsa_method + int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); /* Can be null */ ++ int (*dsa_do_sign_async)(const unsigned char *dgst, int dlen, DSA *dsa, ++ DSA_SIG *sig, struct pkc_cookie_s *cookie); ++ int (*dsa_do_verify_async)(const unsigned char *dgst, int dgst_len, ++ DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie); + int (*init)(DSA *dsa); + int (*finish)(DSA *dsa); + int flags; +@@ -151,6 +155,7 @@ struct dsa_method + BN_GENCB *cb); + /* If this is non-NULL, it is used to generate DSA keys */ + int (*dsa_keygen)(DSA *dsa); ++ int (*dsa_keygen_async)(DSA *dsa, struct pkc_cookie_s *cookie); + }; + + struct dsa_st +diff --git a/crypto/ecdh/ech_locl.h b/crypto/ecdh/ech_locl.h +index f6cad6a..adce6b3 100644 +--- a/crypto/ecdh/ech_locl.h ++++ b/crypto/ecdh/ech_locl.h +@@ -67,6 +67,9 @@ struct ecdh_method + const char *name; + int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); ++ int (*compute_key_async)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, ++ void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen), ++ struct pkc_cookie_s *cookie); + #if 0 + int (*init)(EC_KEY *eckey); + int (*finish)(EC_KEY *eckey); +diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h +index cb3be13..eb0ebe0 100644 +--- a/crypto/ecdsa/ecs_locl.h ++++ b/crypto/ecdsa/ecs_locl.h +@@ -74,6 +74,11 @@ struct ecdsa_method + BIGNUM **r); + int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey); ++ int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len, ++ const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey, ++ ECDSA_SIG *sig, struct pkc_cookie_s *cookie); ++ int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len, ++ const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie); + #if 0 + int (*init)(EC_KEY *eckey); + int (*finish)(EC_KEY *eckey); +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index 7ee314b..9f2416e 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -1281,6 +1281,56 @@ zapparams(struct crypt_kop *kop) + } + } + ++/* Any PKC request has at max 2 output parameters and they are stored here to ++be used while copying in the check availability */ ++struct cryptodev_cookie_s { ++ BIGNUM *r; ++ struct crparam r_param; ++ BIGNUM *s; ++ struct crparam s_param; ++ struct crypt_kop *kop; ++}; ++ ++static int ++cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, ++ BIGNUM *s) ++{ ++ int fd; ++ struct pkc_cookie_s *cookie = kop->cookie; ++ struct cryptodev_cookie_s *eng_cookie; ++ ++ fd = *(int *)cookie->eng_handle; ++ ++ eng_cookie = malloc(sizeof(struct cryptodev_cookie_s)); ++ ++ if (eng_cookie) { ++ memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s)); ++ if (r) { ++ kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); ++ if (!kop->crk_param[kop->crk_iparams].crp_p) ++ return -ENOMEM; ++ kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; ++ kop->crk_oparams++; ++ eng_cookie->r = r; ++ eng_cookie->r_param = kop->crk_param[kop->crk_iparams]; ++ } ++ if (s) { ++ kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char)); ++ if (!kop->crk_param[kop->crk_iparams+1].crp_p) ++ return -ENOMEM; ++ kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8; ++ kop->crk_oparams++; ++ eng_cookie->s = s; ++ eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1]; ++ } ++ } else ++ return -ENOMEM; ++ ++ eng_cookie->kop = kop; ++ cookie->eng_cookie = eng_cookie; ++ return ioctl(fd, CIOCASYMASYNCRYPT, kop); ++} ++ + static int + cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) + { +@@ -1337,6 +1387,44 @@ void *cryptodev_init_instance(void) + return fd; + } + ++#include ++ ++/* Return 0 on success and 1 on failure */ ++int cryptodev_check_availability(void *eng_handle) ++{ ++ int fd = *(int *)eng_handle; ++ struct pkc_cookie_list_s cookie_list; ++ struct pkc_cookie_s *cookie; ++ int i; ++ ++ /* FETCH COOKIE returns number of cookies extracted */ ++ if (ioctl(fd, CIOCASYMFETCHCOOKIE, &cookie_list) <= 0) ++ return 1; ++ ++ for (i = 0; i < cookie_list.cookie_available; i++) { ++ cookie = cookie_list.cookie[i]; ++ if (cookie) { ++ struct cryptodev_cookie_s *eng_cookie = cookie->eng_cookie; ++ if (eng_cookie) { ++ struct crypt_kop *kop = eng_cookie->kop; ++ ++ if (eng_cookie->r) ++ crparam2bn(&eng_cookie->r_param, eng_cookie->r); ++ if (eng_cookie->s) ++ crparam2bn(&eng_cookie->s_param, eng_cookie->s); ++ if (kop->crk_op == CRK_DH_COMPUTE_KEY) ++ kop->crk_oparams = 0; ++ ++ zapparams(eng_cookie->kop); ++ free(eng_cookie->kop); ++ free (eng_cookie); ++ } ++ cookie->pkc_callback(cookie, cookie_list.status[i]); ++ } ++ } ++ return 0; ++} ++ + static int + cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) +@@ -1382,6 +1470,63 @@ err: + } + + static int ++cryptodev_bn_mod_exp_async(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont, struct pkc_cookie_s *cookie) ++{ ++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); ++ int ret = 1; ++ ++ /* Currently, we know we can do mod exp iff we can do any ++ * asymmetric operations at all. ++ */ ++ if (cryptodev_asymfeat == 0 || !kop) { ++ ret = BN_mod_exp(r, a, p, m, ctx); ++ return (ret); ++ } ++ ++ kop->crk_oparams = 0; ++ kop->crk_status = 0; ++ kop->crk_op = CRK_MOD_EXP; ++ kop->cookie = cookie; ++ /* inputs: a^p % m */ ++ if (bn2crparam(a, &kop->crk_param[0])) ++ goto err; ++ if (bn2crparam(p, &kop->crk_param[1])) ++ goto err; ++ if (bn2crparam(m, &kop->crk_param[2])) ++ goto err; ++ ++ kop->crk_iparams = 3; ++ if (cryptodev_asym_async(kop, BN_num_bytes(m), r, 0, NULL)) ++ goto err; ++ ++ return ret; ++err: ++ { ++ const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); ++ ++ if (kop) ++ free(kop); ++ ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); ++ if (ret) ++ /* Call the completion handler immediately */ ++ cookie->pkc_callback(cookie, 0); ++ } ++ return ret; ++} ++ ++static int ++cryptodev_rsa_nocrt_mod_exp_async(BIGNUM *r0, const BIGNUM *I, ++ RSA *rsa, BN_CTX *ctx, struct pkc_cookie_s *cookie) ++{ ++ int r; ++ ctx = BN_CTX_new(); ++ r = cryptodev_bn_mod_exp_async(r0, I, rsa->d, rsa->n, ctx, NULL, cookie); ++ BN_CTX_free(ctx); ++ return r; ++} ++ ++static int + cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) + { + int r; +@@ -1446,6 +1591,62 @@ err: + return (ret); + } + ++static int ++cryptodev_rsa_mod_exp_async(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx, ++ struct pkc_cookie_s *cookie) ++{ ++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); ++ int ret = 1, f_len, p_len, q_len; ++ unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq = NULL, *c = NULL; ++ ++ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp || !kop) { ++ return (0); ++ } ++ ++ kop->crk_oparams = 0; ++ kop->crk_status = 0; ++ kop->crk_op = CRK_MOD_EXP_CRT; ++ f_len = BN_num_bytes(rsa->n); ++ spcf_bn2bin_ex(I, &f, &f_len); ++ spcf_bn2bin(rsa->p, &p, &p_len); ++ spcf_bn2bin(rsa->q, &q, &q_len); ++ spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len); ++ spcf_bn2bin_ex(rsa->iqmp, &c, &p_len); ++ spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len); ++ /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ ++ kop->crk_param[0].crp_p = p; ++ kop->crk_param[0].crp_nbits = p_len * 8; ++ kop->crk_param[1].crp_p = q; ++ kop->crk_param[1].crp_nbits = q_len * 8; ++ kop->crk_param[2].crp_p = f; ++ kop->crk_param[2].crp_nbits = f_len * 8; ++ kop->crk_param[3].crp_p = dp; ++ kop->crk_param[3].crp_nbits = p_len * 8; ++ /* dq must of length q, rest all of length p*/ ++ kop->crk_param[4].crp_p = dq; ++ kop->crk_param[4].crp_nbits = q_len * 8; ++ kop->crk_param[5].crp_p = c; ++ kop->crk_param[5].crp_nbits = p_len * 8; ++ kop->crk_iparams = 6; ++ kop->cookie = cookie; ++ if (cryptodev_asym_async(kop, BN_num_bytes(rsa->n), r0, 0, NULL)) ++ goto err; ++ ++ return ret; ++err: ++ { ++ const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); ++ ++ if (kop) ++ free(kop); ++ ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); ++ if (ret) ++ /* Call user completion handler immediately */ ++ cookie->pkc_callback(cookie, 0); ++ } ++ return (ret); ++} ++ + static RSA_METHOD cryptodev_rsa = { + "cryptodev RSA method", + NULL, /* rsa_pub_enc */ +@@ -1454,6 +1655,12 @@ static RSA_METHOD cryptodev_rsa = { + NULL, /* rsa_priv_dec */ + NULL, + NULL, ++ NULL, /* rsa_pub_enc */ ++ NULL, /* rsa_pub_dec */ ++ NULL, /* rsa_priv_enc */ ++ NULL, /* rsa_priv_dec */ ++ NULL, ++ NULL, + NULL, /* init */ + NULL, /* finish */ + 0, /* flags */ +@@ -1751,126 +1958,424 @@ sw_try: + return ret; + } + ++/* Cryptodev DSA Key Gen routine */ ++static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie) ++{ ++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); ++ int ret = 1, g_len; ++ unsigned char *g = NULL; + ++ if (!kop) ++ goto sw_try; + +-static DSA_METHOD cryptodev_dsa = { +- "cryptodev DSA method", +- NULL, +- NULL, /* dsa_sign_setup */ +- NULL, +- NULL, /* dsa_mod_exp */ +- NULL, +- NULL, /* init */ +- NULL, /* finish */ +- 0, /* flags */ +- NULL /* app_data */ +-}; ++ if (dsa->priv_key == NULL) { ++ if ((dsa->priv_key=BN_new()) == NULL) ++ goto sw_try; ++ } + +-static ECDSA_METHOD cryptodev_ecdsa = { +- "cryptodev ECDSA method", +- NULL, +- NULL, /* ecdsa_sign_setup */ +- NULL, +- NULL, +- 0, /* flags */ +- NULL /* app_data */ +-}; ++ if (dsa->pub_key == NULL) { ++ if ((dsa->pub_key=BN_new()) == NULL) ++ goto sw_try; ++ } + +-typedef enum ec_curve_s +-{ +- EC_PRIME, +- EC_BINARY +-} ec_curve_t; ++ g_len = BN_num_bytes(dsa->p); ++ /** ++ * Get generator into a plain buffer. If length is less than ++ * q_len then add leading padding bytes. ++ */ ++ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { ++ DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE); ++ goto sw_try; ++ } + +-/* ENGINE handler for ECDSA Sign */ +-static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, +- int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) +-{ +- BIGNUM *m = NULL, *p = NULL, *a = NULL; +- BIGNUM *b = NULL, *x = NULL, *y = NULL; +- BN_CTX *ctx = NULL; +- ECDSA_SIG *ret = NULL; +- ECDSA_DATA *ecdsa = NULL; +- unsigned char * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL; +- unsigned char * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL; +- int i = 0, q_len = 0, priv_key_len = 0, r_len = 0; +- int g_len = 0, d_len = 0, ab_len = 0; +- const BIGNUM *order = NULL, *priv_key=NULL; +- const EC_GROUP *group = NULL; +- struct crypt_kop kop; +- ec_curve_t ec_crv = EC_PRIME; ++ memset(kop, 0, sizeof(struct crypt_kop)); ++ kop->crk_op = CRK_DSA_GENERATE_KEY; ++ if (bn2crparam(dsa->p, &kop->crk_param[0])) ++ goto sw_try; ++ if (bn2crparam(dsa->q, &kop->crk_param[1])) ++ goto sw_try; ++ kop->crk_param[2].crp_p = g; ++ kop->crk_param[2].crp_nbits = g_len * 8; ++ kop->crk_iparams = 3; ++ kop->cookie = cookie; + +- memset(&kop, 0, sizeof(kop)); +- ecdsa = ecdsa_check(eckey); +- if (!ecdsa) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); +- return NULL; ++ /* pub_key is or prime length while priv key is of length of order */ ++ if (cryptodev_asym_async(kop, BN_num_bytes(dsa->p), dsa->pub_key, ++ BN_num_bytes(dsa->q), dsa->priv_key)) ++ goto sw_try; ++ ++ return ret; ++sw_try: ++ { ++ const DSA_METHOD *meth = DSA_OpenSSL(); ++ ++ if (kop) ++ free(kop); ++ ret = (meth->dsa_keygen)(dsa); ++ cookie->pkc_callback(cookie, 0); + } ++ return ret; ++} + +- group = EC_KEY_get0_group(eckey); +- priv_key = EC_KEY_get0_private_key(eckey); ++static int ++cryptodev_dsa_do_sign_async(const unsigned char *dgst, int dlen, DSA *dsa, ++ DSA_SIG *sig, struct pkc_cookie_s *cookie) ++{ ++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); ++ DSA_SIG *dsaret = NULL; ++ int q_len = 0, r_len = 0, g_len = 0; ++ int priv_key_len = 0, ret = 1; ++ unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f = NULL; + +- if (!group || !priv_key) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); +- return NULL; ++ if (((sig->r = BN_new()) == NULL) || !kop) { ++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; + } + +- if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || +- (a = BN_new()) == NULL || (b = BN_new()) == NULL || +- (p = BN_new()) == NULL || (x = BN_new()) == NULL || +- (y = BN_new()) == NULL) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ if ((sig->s = BN_new()) == NULL) { ++ BN_free(sig->r); ++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + +- order = &group->order; +- if (!order || BN_is_zero(order)) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS); ++ if (spcf_bn2bin(dsa->p, &q, &q_len)) { ++ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + goto err; + } + +- i = BN_num_bits(order); +- /* Need to truncate digest if it is too long: first truncate whole +- bytes */ +- if (8 * dgst_len > i) +- dgst_len = (i + 7)/8; ++ /* Get order of the field of private keys into plain buffer */ ++ if (spcf_bn2bin (dsa->q, &r, &r_len)) { ++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } + +- if (!BN_bin2bn(dgst, dgst_len, m)) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ /* sanity test */ ++ if (dlen > r_len) { ++ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + goto err; + } + +- /* If still too long truncate remaining bits with a shift */ +- if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ g_len = q_len; ++ /** ++ * Get generator into a plain buffer. If length is less than ++ * q_len then add leading padding bytes. ++ */ ++ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { ++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + +- /* copy the truncated bits into plain buffer */ +- if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { +- fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__); ++ priv_key_len = r_len; ++ /** ++ * Get private key into a plain buffer. If length is less than ++ * r_len then add leading padding bytes. ++ */ ++ if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) { ++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + +- ret = ECDSA_SIG_new(); +- if (!ret) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ /* Allocate memory to store hash. */ ++ f = OPENSSL_malloc (r_len); ++ if (!f) { ++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + +- /* check if this is prime or binary EC request */ +- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { +- ec_crv = EC_PRIME; +- /* get the generator point pair */ +- if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group), +- x, y,ctx)) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); +- goto err; +- } ++ /* Add padding, since SEC expects hash to of size r_len */ ++ if (dlen < r_len) ++ memset(f, 0, r_len - dlen); + +- /* get the ECC curve parameters */ +- if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ /* Skip leading bytes if dgst_len < r_len */ ++ memcpy(f + r_len - dlen, dgst, dlen); ++ ++ dlen = r_len; ++ ++ memset(kop, 0, sizeof( struct crypt_kop)); ++ kop->crk_op = CRK_DSA_SIGN; ++ ++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ ++ kop->crk_param[0].crp_p = (void*)f; ++ kop->crk_param[0].crp_nbits = dlen * 8; ++ kop->crk_param[1].crp_p = (void*)q; ++ kop->crk_param[1].crp_nbits = q_len * 8; ++ kop->crk_param[2].crp_p = (void*)r; ++ kop->crk_param[2].crp_nbits = r_len * 8; ++ kop->crk_param[3].crp_p = (void*)g; ++ kop->crk_param[3].crp_nbits = g_len * 8; ++ kop->crk_param[4].crp_p = (void*)priv_key; ++ kop->crk_param[4].crp_nbits = priv_key_len * 8; ++ kop->crk_iparams = 5; ++ kop->cookie = cookie; ++ ++ if (cryptodev_asym_async(kop, r_len, sig->r, r_len, sig->s)) ++ goto err; ++ ++ return ret; ++err: ++ { ++ const DSA_METHOD *meth = DSA_OpenSSL(); ++ ++ if (kop) ++ free(kop); ++ BN_free(sig->r); ++ BN_free(sig->s); ++ dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa); ++ sig->r = dsaret->r; ++ sig->s = dsaret->s; ++ /* Call user callback immediately */ ++ cookie->pkc_callback(cookie, 0); ++ ret = dsaret; ++ } ++ return ret; ++} ++ ++static int ++cryptodev_dsa_verify_async(const unsigned char *dgst, int dlen, ++ DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie) ++{ ++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); ++ int q_len = 0, r_len = 0, g_len = 0; ++ int w_len = 0 ,c_len = 0, d_len = 0, ret = 1; ++ unsigned char * q = NULL, * r = NULL, * w = NULL, * g = NULL; ++ unsigned char *c = NULL, * d = NULL, *f = NULL; ++ ++ if (!kop) ++ goto err; ++ ++ if (spcf_bn2bin(dsa->p, &q, &q_len)) { ++ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ return ret; ++ } ++ ++ /* Get Order of field of private keys */ ++ if (spcf_bn2bin(dsa->q, &r, &r_len)) { ++ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ g_len = q_len; ++ /** ++ * Get generator into a plain buffer. If length is less than ++ * q_len then add leading padding bytes. ++ */ ++ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { ++ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ w_len = q_len; ++ /** ++ * Get public key into a plain buffer. If length is less than ++ * q_len then add leading padding bytes. ++ */ ++ if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) { ++ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ /** ++ * Get the 1st part of signature into a flat buffer with ++ * appropriate padding ++ */ ++ c_len = r_len; ++ ++ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /** ++ * Get the 2nd part of signature into a flat buffer with ++ * appropriate padding ++ */ ++ d_len = r_len; ++ ++ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ ++ /* Sanity test */ ++ if (dlen > r_len) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Allocate memory to store hash. */ ++ f = OPENSSL_malloc (r_len); ++ if (!f) { ++ DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Add padding, since SEC expects hash to of size r_len */ ++ if (dlen < r_len) ++ memset(f, 0, r_len - dlen); ++ ++ /* Skip leading bytes if dgst_len < r_len */ ++ memcpy(f + r_len - dlen, dgst, dlen); ++ ++ dlen = r_len; ++ memset(kop, 0, sizeof(struct crypt_kop)); ++ ++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ ++ kop->crk_param[0].crp_p = (void*)f; ++ kop->crk_param[0].crp_nbits = dlen * 8; ++ kop->crk_param[1].crp_p = q; ++ kop->crk_param[1].crp_nbits = q_len * 8; ++ kop->crk_param[2].crp_p = r; ++ kop->crk_param[2].crp_nbits = r_len * 8; ++ kop->crk_param[3].crp_p = g; ++ kop->crk_param[3].crp_nbits = g_len * 8; ++ kop->crk_param[4].crp_p = w; ++ kop->crk_param[4].crp_nbits = w_len * 8; ++ kop->crk_param[5].crp_p = c; ++ kop->crk_param[5].crp_nbits = c_len * 8; ++ kop->crk_param[6].crp_p = d; ++ kop->crk_param[6].crp_nbits = d_len * 8; ++ kop->crk_iparams = 7; ++ kop->crk_op = CRK_DSA_VERIFY; ++ kop->cookie = cookie; ++ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) ++ goto err; ++ ++ return ret; ++err: ++ { ++ const DSA_METHOD *meth = DSA_OpenSSL(); ++ ++ if (kop) ++ free(kop); ++ ++ ret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa); ++ cookie->pkc_callback(cookie, 0); ++ } ++ return ret; ++} ++ ++static DSA_METHOD cryptodev_dsa = { ++ "cryptodev DSA method", ++ NULL, ++ NULL, /* dsa_sign_setup */ ++ NULL, ++ NULL, /* dsa_mod_exp */ ++ NULL, ++ NULL, ++ NULL, ++ NULL, ++ NULL, /* init */ ++ NULL, /* finish */ ++ 0, /* flags */ ++ NULL /* app_data */ ++}; ++ ++static ECDSA_METHOD cryptodev_ecdsa = { ++ "cryptodev ECDSA method", ++ NULL, ++ NULL, /* ecdsa_sign_setup */ ++ NULL, ++ NULL, ++ NULL, ++ NULL, ++ 0, /* flags */ ++ NULL /* app_data */ ++}; ++ ++typedef enum ec_curve_s ++{ ++ EC_PRIME, ++ EC_BINARY ++} ec_curve_t; ++ ++/* ENGINE handler for ECDSA Sign */ ++static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, ++ int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) ++{ ++ BIGNUM *m = NULL, *p = NULL, *a = NULL; ++ BIGNUM *b = NULL, *x = NULL, *y = NULL; ++ BN_CTX *ctx = NULL; ++ ECDSA_SIG *ret = NULL; ++ ECDSA_DATA *ecdsa = NULL; ++ unsigned char * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL; ++ unsigned char * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL; ++ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0; ++ int g_len = 0, d_len = 0, ab_len = 0; ++ const BIGNUM *order = NULL, *priv_key=NULL; ++ const EC_GROUP *group = NULL; ++ struct crypt_kop kop; ++ ec_curve_t ec_crv = EC_PRIME; ++ ++ memset(&kop, 0, sizeof(kop)); ++ ecdsa = ecdsa_check(eckey); ++ if (!ecdsa) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); ++ return NULL; ++ } ++ ++ group = EC_KEY_get0_group(eckey); ++ priv_key = EC_KEY_get0_private_key(eckey); ++ ++ if (!group || !priv_key) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); ++ return NULL; ++ } ++ ++ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || ++ (a = BN_new()) == NULL || (b = BN_new()) == NULL || ++ (p = BN_new()) == NULL || (x = BN_new()) == NULL || ++ (y = BN_new()) == NULL) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ order = &group->order; ++ if (!order || BN_is_zero(order)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS); ++ goto err; ++ } ++ ++ i = BN_num_bits(order); ++ /* Need to truncate digest if it is too long: first truncate whole ++ bytes */ ++ if (8 * dgst_len > i) ++ dgst_len = (i + 7)/8; ++ ++ if (!BN_bin2bn(dgst, dgst_len, m)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* If still too long truncate remaining bits with a shift */ ++ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* copy the truncated bits into plain buffer */ ++ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { ++ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__); ++ goto err; ++ } ++ ++ ret = ECDSA_SIG_new(); ++ if (!ret) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* check if this is prime or binary EC request */ ++ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { ++ ec_crv = EC_PRIME; ++ /* get the generator point pair */ ++ if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group), ++ x, y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* get the ECC curve parameters */ ++ if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); + goto err; + } + } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) { +@@ -2195,63 +2700,581 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, + } + + /** +- * Get the 2nd part of signature into a flat buffer with +- * appropriate padding ++ * Get the 2nd part of signature into a flat buffer with ++ * appropriate padding ++ */ ++ if (BN_num_bytes(sig->s) < r_len) ++ d_len = r_len; ++ ++ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* memory for message representative */ ++ f = malloc(r_len); ++ if (!f) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Add padding, since SEC expects hash to of size r_len */ ++ memset(f, 0, r_len-dgst_len); ++ ++ /* Skip leading bytes if dgst_len < r_len */ ++ memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len); ++ dgst_len += r_len-dgst_len; ++ kop.crk_op = CRK_DSA_VERIFY; ++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ ++ kop.crk_param[0].crp_p = f; ++ kop.crk_param[0].crp_nbits = dgst_len * 8; ++ kop.crk_param[1].crp_p = q; ++ kop.crk_param[1].crp_nbits = q_len * 8; ++ kop.crk_param[2].crp_p = r; ++ kop.crk_param[2].crp_nbits = r_len * 8; ++ kop.crk_param[3].crp_p = g_xy; ++ kop.crk_param[3].crp_nbits = g_len * 8; ++ kop.crk_param[4].crp_p = w_xy; ++ kop.crk_param[4].crp_nbits = pub_key_len * 8; ++ kop.crk_param[5].crp_p = ab; ++ kop.crk_param[5].crp_nbits = ab_len * 8; ++ kop.crk_param[6].crp_p = c; ++ kop.crk_param[6].crp_nbits = d_len * 8; ++ kop.crk_param[7].crp_p = d; ++ kop.crk_param[7].crp_nbits = d_len * 8; ++ kop.crk_iparams = 8; ++ ++ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { ++ /*OCF success value is 0, if not zero, change ret to fail*/ ++ if(0 == kop.crk_status) ++ ret = 1; ++ } else { ++ const ECDSA_METHOD *meth = ECDSA_OpenSSL(); ++ ++ ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey); ++ } ++ kop.crk_param[0].crp_p = NULL; ++ zapparams(&kop); ++ ++err: ++ return ret; ++} ++ ++static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst, ++ int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey, ++ ECDSA_SIG *sig, struct pkc_cookie_s *cookie) ++{ ++ BIGNUM *m = NULL, *p = NULL, *a = NULL; ++ BIGNUM *b = NULL, *x = NULL, *y = NULL; ++ BN_CTX *ctx = NULL; ++ ECDSA_SIG *sig_ret = NULL; ++ ECDSA_DATA *ecdsa = NULL; ++ unsigned char * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL; ++ unsigned char * s = NULL, *f = NULL, *tmp_dgst = NULL; ++ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0; ++ int g_len = 0, ab_len = 0, ret = 1; ++ const BIGNUM *order = NULL, *priv_key=NULL; ++ const EC_GROUP *group = NULL; ++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); ++ ec_curve_t ec_crv = EC_PRIME; ++ ++ if (!(sig->r = BN_new()) || !kop) ++ goto err; ++ if ((sig->s = BN_new()) == NULL) { ++ BN_free(r); ++ goto err; ++ } ++ ++ memset(kop, 0, sizeof(struct crypt_kop)); ++ ecdsa = ecdsa_check(eckey); ++ if (!ecdsa) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); ++ goto err; ++ } ++ ++ group = EC_KEY_get0_group(eckey); ++ priv_key = EC_KEY_get0_private_key(eckey); ++ ++ if (!group || !priv_key) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); ++ goto err; ++ } ++ ++ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || ++ (a = BN_new()) == NULL || (b = BN_new()) == NULL || ++ (p = BN_new()) == NULL || (x = BN_new()) == NULL || ++ (y = BN_new()) == NULL) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ order = &group->order; ++ if (!order || BN_is_zero(order)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS); ++ goto err; ++ } ++ ++ i = BN_num_bits(order); ++ /* Need to truncate digest if it is too long: first truncate whole ++ bytes */ ++ if (8 * dgst_len > i) ++ dgst_len = (i + 7)/8; ++ ++ if (!BN_bin2bn(dgst, dgst_len, m)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* If still too long truncate remaining bits with a shift */ ++ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* copy the truncated bits into plain buffer */ ++ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { ++ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__); ++ goto err; ++ } ++ ++ /* check if this is prime or binary EC request */ ++ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ++ == NID_X9_62_prime_field) { ++ ec_crv = EC_PRIME; ++ /* get the generator point pair */ ++ if (!EC_POINT_get_affine_coordinates_GFp (group, ++ EC_GROUP_get0_generator(group), x, y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* get the ECC curve parameters */ ++ if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ goto err; ++ } ++ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) { ++ ec_crv = EC_BINARY; ++ /* get the ECC curve parameters */ ++ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* get the generator point pair */ ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, ++ EC_GROUP_get0_generator(group), x, y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ goto err; ++ } ++ } else { ++ printf("Unsupported Curve\n"); ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ if (spcf_bn2bin(order, &r, &r_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (spcf_bn2bin(p, &q, &q_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ priv_key_len = r_len; ++ ++ /** ++ * If BN_num_bytes of priv_key returns less then r_len then ++ * add padding bytes before the key ++ */ ++ if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Generation of ECC curve parameters */ ++ ab_len = 2*q_len; ++ ab = eng_copy_curve_points(a, b, ab_len, q_len); ++ if (!ab) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (ec_crv == EC_BINARY) { ++ if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len)) ++ { ++ unsigned char *c_temp = NULL; ++ int c_temp_len = q_len; ++ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) ++ memcpy(ab+q_len, c_temp, q_len); ++ else ++ goto err; ++ } ++ kop->curve_type = ECC_BINARY; ++ } ++ ++ /* Calculation of Generator point */ ++ g_len = 2*q_len; ++ g_xy = eng_copy_curve_points(x, y, g_len, q_len); ++ if (!g_xy) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* memory for message representative */ ++ f = malloc(r_len); ++ if (!f) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Add padding, since SEC expects hash to of size r_len */ ++ memset(f, 0, r_len - dgst_len); ++ ++ /* Skip leading bytes if dgst_len < r_len */ ++ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len); ++ ++ dgst_len += r_len - dgst_len; ++ ++ kop->crk_op = CRK_DSA_SIGN; ++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ ++ kop->crk_param[0].crp_p = f; ++ kop->crk_param[0].crp_nbits = dgst_len * 8; ++ kop->crk_param[1].crp_p = q; ++ kop->crk_param[1].crp_nbits = q_len * 8; ++ kop->crk_param[2].crp_p = r; ++ kop->crk_param[2].crp_nbits = r_len * 8; ++ kop->crk_param[3].crp_p = g_xy; ++ kop->crk_param[3].crp_nbits = g_len * 8; ++ kop->crk_param[4].crp_p = s; ++ kop->crk_param[4].crp_nbits = priv_key_len * 8; ++ kop->crk_param[5].crp_p = ab; ++ kop->crk_param[5].crp_nbits = ab_len * 8; ++ kop->crk_iparams = 6; ++ kop->cookie = cookie; ++ ++ if (cryptodev_asym_async(kop, r_len, sig->r , r_len, sig->s)) ++ goto err; ++ ++ return ret; ++err: ++ { ++ const ECDSA_METHOD *meth = ECDSA_OpenSSL(); ++ BN_free(sig->r); ++ BN_free(sig->s); ++ if (kop) ++ free(kop); ++ sig_ret = (meth->ecdsa_do_sign)(dgst, dgst_len, in_kinv, in_r, eckey); ++ sig->r = sig_ret->r; ++ sig->s = sig_ret->s; ++ cookie->pkc_callback(cookie, 0); ++ } ++ return ret; ++} ++ ++static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len, ++ const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie) ++{ ++ BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL; ++ BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL; ++ BN_CTX *ctx = NULL; ++ ECDSA_DATA *ecdsa = NULL; ++ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy = NULL; ++ unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL; ++ int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0; ++ int d_len = 0, ab_len = 0, ret = 1; ++ const EC_POINT *pub_key = NULL; ++ const BIGNUM *order = NULL; ++ const EC_GROUP *group=NULL; ++ ec_curve_t ec_crv = EC_PRIME; ++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); ++ ++ if (!kop) ++ goto err; ++ ++ memset(kop, 0, sizeof(struct crypt_kop)); ++ ecdsa = ecdsa_check(eckey); ++ if (!ecdsa) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER); ++ goto err; ++ } ++ ++ group = EC_KEY_get0_group(eckey); ++ pub_key = EC_KEY_get0_public_key(eckey); ++ ++ if (!group || !pub_key) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER); ++ goto err; ++ } ++ ++ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || ++ (a = BN_new()) == NULL || (b = BN_new()) == NULL || ++ (p = BN_new()) == NULL || (x = BN_new()) == NULL || ++ (y = BN_new()) == NULL || (w_x = BN_new()) == NULL || ++ (w_y = BN_new()) == NULL) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ order = &group->order; ++ if (!order || BN_is_zero(order)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS); ++ goto err; ++ } ++ ++ i = BN_num_bits(order); ++ /* Need to truncate digest if it is too long: first truncate whole ++ * bytes */ ++ if (8 * dgst_len > i) ++ dgst_len = (i + 7)/8; ++ ++ if (!BN_bin2bn(dgst, dgst_len, m)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* If still too long truncate remaining bits with a shift */ ++ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); ++ goto err; ++ } ++ /* copy the truncated bits into plain buffer */ ++ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* check if this is prime or binary EC request */ ++ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { ++ ec_crv = EC_PRIME; ++ ++ /* get the generator point pair */ ++ if (!EC_POINT_get_affine_coordinates_GFp (group, ++ EC_GROUP_get0_generator(group), x, y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* get the public key pair for prime curve */ ++ if (!EC_POINT_get_affine_coordinates_GFp (group, ++ pub_key, w_x, w_y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* get the ECC curve parameters */ ++ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field){ ++ ec_crv = EC_BINARY; ++ /* get the ECC curve parameters */ ++ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* get the generator point pair */ ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, ++ EC_GROUP_get0_generator(group),x, y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* get the public key pair for binary curve */ ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, ++ pub_key, w_x, w_y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ }else { ++ printf("Unsupported Curve\n"); ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* Get the order of the subgroup of private keys */ ++ if (spcf_bn2bin((BIGNUM*)order, &r, &r_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Get the irreducible polynomial that creates the field */ ++ if (spcf_bn2bin(p, &q, &q_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Get the public key into a flat buffer with appropriate padding */ ++ pub_key_len = 2 * q_len; ++ ++ w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len); ++ if (!w_xy) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Generation of ECC curve parameters */ ++ ab_len = 2*q_len; ++ ++ ab = eng_copy_curve_points (a, b, ab_len, q_len); ++ if (!ab) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (ec_crv == EC_BINARY) { ++ /* copy b' i.e c(b), instead of only b */ ++ eng_ec_get_cparam (EC_GROUP_get_curve_name(group), ++ ab+q_len, q_len); ++ kop->curve_type = ECC_BINARY; ++ } ++ ++ /* Calculation of Generator point */ ++ g_len = 2 * q_len; ++ ++ g_xy = eng_copy_curve_points (x, y, g_len, q_len); ++ if (!g_xy) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /** ++ * Get the 1st part of signature into a flat buffer with ++ * appropriate padding ++ */ ++ if (BN_num_bytes(sig->r) < r_len) ++ c_len = r_len; ++ ++ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /** ++ * Get the 2nd part of signature into a flat buffer with ++ * appropriate padding ++ */ ++ if (BN_num_bytes(sig->s) < r_len) ++ d_len = r_len; ++ ++ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* memory for message representative */ ++ f = malloc(r_len); ++ if (!f) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Add padding, since SEC expects hash to of size r_len */ ++ memset(f, 0, r_len-dgst_len); ++ ++ /* Skip leading bytes if dgst_len < r_len */ ++ memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len); ++ ++ dgst_len += r_len-dgst_len; ++ ++ kop->crk_op = CRK_DSA_VERIFY; ++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ ++ kop->crk_param[0].crp_p = f; ++ kop->crk_param[0].crp_nbits = dgst_len * 8; ++ kop->crk_param[1].crp_p = q; ++ kop->crk_param[1].crp_nbits = q_len * 8; ++ kop->crk_param[2].crp_p = r; ++ kop->crk_param[2].crp_nbits = r_len * 8; ++ kop->crk_param[3].crp_p = g_xy; ++ kop->crk_param[3].crp_nbits = g_len * 8; ++ kop->crk_param[4].crp_p = w_xy; ++ kop->crk_param[4].crp_nbits = pub_key_len * 8; ++ kop->crk_param[5].crp_p = ab; ++ kop->crk_param[5].crp_nbits = ab_len * 8; ++ kop->crk_param[6].crp_p = c; ++ kop->crk_param[6].crp_nbits = d_len * 8; ++ kop->crk_param[7].crp_p = d; ++ kop->crk_param[7].crp_nbits = d_len * 8; ++ kop->crk_iparams = 8; ++ kop->cookie = cookie; ++ ++ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) ++ goto err; ++ ++ return ret; ++err: ++ { ++ const ECDSA_METHOD *meth = ECDSA_OpenSSL(); ++ ++ if (kop) ++ free(kop); ++ ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey); ++ cookie->pkc_callback(cookie, 0); ++ } ++ ++ return ret; ++} ++ ++/* Cryptodev DH Key Gen routine */ ++static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie) ++{ ++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); ++ int ret = 1, g_len; ++ unsigned char *g = NULL; ++ ++ if (!kop) ++ goto sw_try; ++ ++ if (dh->priv_key == NULL) { ++ if ((dh->priv_key=BN_new()) == NULL) ++ goto sw_try; ++ } ++ ++ if (dh->pub_key == NULL) { ++ if ((dh->pub_key=BN_new()) == NULL) ++ goto sw_try; ++ } ++ ++ g_len = BN_num_bytes(dh->p); ++ /** ++ * Get generator into a plain buffer. If length is less than ++ * q_len then add leading padding bytes. + */ +- if (BN_num_bytes(sig->s) < r_len) +- d_len = r_len; +- +- if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- /* memory for message representative */ +- f = malloc(r_len); +- if (!f) { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); +- goto err; ++ if (spcf_bn2bin_ex(dh->g, &g, &g_len)) { ++ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); ++ goto sw_try; + } + +- /* Add padding, since SEC expects hash to of size r_len */ +- memset(f, 0, r_len-dgst_len); ++ memset(kop, 0, sizeof(struct crypt_kop)); ++ kop->crk_op = CRK_DH_GENERATE_KEY; ++ if (bn2crparam(dh->p, &kop->crk_param[0])) ++ goto sw_try; ++ if (bn2crparam(dh->q, &kop->crk_param[1])) ++ goto sw_try; ++ kop->crk_param[2].crp_p = g; ++ kop->crk_param[2].crp_nbits = g_len * 8; ++ kop->crk_iparams = 3; ++ kop->cookie = cookie; + +- /* Skip leading bytes if dgst_len < r_len */ +- memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len); +- dgst_len += r_len-dgst_len; +- kop.crk_op = CRK_DSA_VERIFY; +- /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ +- kop.crk_param[0].crp_p = f; +- kop.crk_param[0].crp_nbits = dgst_len * 8; +- kop.crk_param[1].crp_p = q; +- kop.crk_param[1].crp_nbits = q_len * 8; +- kop.crk_param[2].crp_p = r; +- kop.crk_param[2].crp_nbits = r_len * 8; +- kop.crk_param[3].crp_p = g_xy; +- kop.crk_param[3].crp_nbits = g_len * 8; +- kop.crk_param[4].crp_p = w_xy; +- kop.crk_param[4].crp_nbits = pub_key_len * 8; +- kop.crk_param[5].crp_p = ab; +- kop.crk_param[5].crp_nbits = ab_len * 8; +- kop.crk_param[6].crp_p = c; +- kop.crk_param[6].crp_nbits = d_len * 8; +- kop.crk_param[7].crp_p = d; +- kop.crk_param[7].crp_nbits = d_len * 8; +- kop.crk_iparams = 8; ++ /* pub_key is or prime length while priv key is of length of order */ ++ if (cryptodev_asym_async(kop, BN_num_bytes(dh->p), dh->pub_key, ++ BN_num_bytes(dh->q), dh->priv_key)) ++ goto sw_try; + +- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { +- /*OCF success value is 0, if not zero, change ret to fail*/ +- if(0 == kop.crk_status) +- ret = 1; +- } else { +- const ECDSA_METHOD *meth = ECDSA_OpenSSL(); ++ return ret; ++sw_try: ++ { ++ const DH_METHOD *meth = DH_OpenSSL(); + +- ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey); ++ if (kop) ++ free(kop); ++ ret = (meth->generate_key)(dh); ++ cookie->pkc_callback(cookie, 0); + } +- kop.crk_param[0].crp_p = NULL; +- zapparams(&kop); +- +-err: + return ret; + } + +@@ -2360,6 +3383,54 @@ sw_try: + return (dhret); + } + ++/* Return Length if successful and 0 on failure */ ++static int ++cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key, ++ DH *dh, struct pkc_cookie_s *cookie) ++{ ++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); ++ int ret = 1; ++ int fd, p_len; ++ unsigned char *padded_pub_key = NULL, *p = NULL; ++ ++ fd = *(int *)cookie->eng_handle; ++ ++ memset(kop, 0, sizeof(struct crypt_kop)); ++ kop->crk_op = CRK_DH_COMPUTE_KEY; ++ /* inputs: dh->priv_key pub_key dh->p key */ ++ spcf_bn2bin(dh->p, &p, &p_len); ++ spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len); ++ ++ if (bn2crparam(dh->priv_key, &kop->crk_param[0])) ++ goto err; ++ kop->crk_param[1].crp_p = padded_pub_key; ++ kop->crk_param[1].crp_nbits = p_len * 8; ++ kop->crk_param[2].crp_p = p; ++ kop->crk_param[2].crp_nbits = p_len * 8; ++ kop->crk_iparams = 3; ++ ++ kop->cookie = cookie; ++ kop->crk_param[3].crp_p = (void*) key; ++ kop->crk_param[3].crp_nbits = p_len * 8; ++ kop->crk_oparams = 1; ++ ++ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) ++ goto err; ++ ++ return p_len; ++err: ++ { ++ const DH_METHOD *meth = DH_OpenSSL(); ++ ++ if (kop) ++ free(kop); ++ ret = (meth->compute_key)(key, pub_key, dh); ++ /* Call user cookie handler */ ++ cookie->pkc_callback(cookie, 0); ++ } ++ return (ret); ++} ++ + int cryptodev_ecdh_compute_key(void *out, size_t outlen, + const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, + void *out, size_t *outlen)) +@@ -2537,6 +3608,190 @@ err: + return ret; + } + ++int cryptodev_ecdh_compute_key_async(void *out, size_t outlen, ++ const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, ++ void *out, size_t *outlen), struct pkc_cookie_s *cookie) ++{ ++ ec_curve_t ec_crv = EC_PRIME; ++ unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; ++ BIGNUM * w_x = NULL, *w_y = NULL; ++ int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; ++ BIGNUM * p = NULL, *a = NULL, *b = NULL; ++ BN_CTX *ctx; ++ EC_POINT *tmp=NULL; ++ BIGNUM *x=NULL, *y=NULL; ++ const BIGNUM *priv_key; ++ const EC_GROUP* group = NULL; ++ int ret = 1; ++ size_t buflen, len; ++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); ++ ++ if (!(ctx = BN_CTX_new()) || !kop) ++ goto err; ++ ++ memset(kop, 0, sizeof(struct crypt_kop)); ++ ++ BN_CTX_start(ctx); ++ x = BN_CTX_get(ctx); ++ y = BN_CTX_get(ctx); ++ p = BN_CTX_get(ctx); ++ a = BN_CTX_get(ctx); ++ b = BN_CTX_get(ctx); ++ w_x = BN_CTX_get(ctx); ++ w_y = BN_CTX_get(ctx); ++ ++ if (!x || !y || !p || !a || !b || !w_x || !w_y) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ priv_key = EC_KEY_get0_private_key(ecdh); ++ if (priv_key == NULL) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE); ++ goto err; ++ } ++ ++ group = EC_KEY_get0_group(ecdh); ++ if ((tmp=EC_POINT_new(group)) == NULL) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == ++ NID_X9_62_prime_field) { ++ ec_crv = EC_PRIME; ++ ++ if (!EC_POINT_get_affine_coordinates_GFp(group, ++ EC_GROUP_get0_generator(group), x, y, ctx)) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); ++ goto err; ++ } ++ ++ /* get the ECC curve parameters */ ++ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* get the public key pair for prime curve */ ++ if (!EC_POINT_get_affine_coordinates_GFp (group, pub_key, w_x, w_y,ctx)) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); ++ goto err; ++ } ++ } else { ++ ec_crv = EC_BINARY; ++ ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, ++ EC_GROUP_get0_generator(group), x, y, ctx)) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); ++ goto err; ++ } ++ ++ /* get the ECC curve parameters */ ++ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* get the public key pair for binary curve */ ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, ++ pub_key, w_x, w_y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ goto err; ++ } ++ } ++ ++ /* irreducible polynomial that creates the field */ ++ if (spcf_bn2bin((BIGNUM*)&group->order, &r, &r_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Get the irreducible polynomial that creates the field */ ++ if (spcf_bn2bin(p, &q, &q_len)) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* Get the public key into a flat buffer with appropriate padding */ ++ pub_key_len = 2 * q_len; ++ w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len); ++ if (!w_xy) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Generation of ECC curve parameters */ ++ ab_len = 2*q_len; ++ ab = eng_copy_curve_points (a, b, ab_len, q_len); ++ if (!ab) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ if (ec_crv == EC_BINARY) { ++ /* copy b' i.e c(b), instead of only b */ ++ if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len)) ++ { ++ unsigned char *c_temp = NULL; ++ int c_temp_len = q_len; ++ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) ++ memcpy(ab+q_len, c_temp, q_len); ++ else ++ goto err; ++ } ++ kop->curve_type = ECC_BINARY; ++ } else ++ kop->curve_type = ECC_PRIME; ++ ++ priv_key_len = r_len; ++ ++ /* ++ * If BN_num_bytes of priv_key returns less then r_len then ++ * add padding bytes before the key ++ */ ++ if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ buflen = (EC_GROUP_get_degree(group) + 7)/8; ++ len = BN_num_bytes(x); ++ if (len > buflen || q_len < buflen) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ kop->crk_op = CRK_DH_COMPUTE_KEY; ++ kop->crk_param[0].crp_p = (void *) s; ++ kop->crk_param[0].crp_nbits = priv_key_len*8; ++ kop->crk_param[1].crp_p = (void *) w_xy; ++ kop->crk_param[1].crp_nbits = pub_key_len*8; ++ kop->crk_param[2].crp_p = (void *) q; ++ kop->crk_param[2].crp_nbits = q_len*8; ++ kop->crk_param[3].crp_p = (void *) ab; ++ kop->crk_param[3].crp_nbits = ab_len*8; ++ kop->crk_iparams = 4; ++ kop->crk_param[4].crp_p = (void *) out; ++ kop->crk_param[4].crp_nbits = q_len*8; ++ kop->crk_oparams = 1; ++ kop->cookie = cookie; ++ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) ++ goto err; ++ ++ return q_len; ++err: ++ { ++ const ECDH_METHOD *meth = ECDH_OpenSSL(); ++ ++ if (kop) ++ free(kop); ++ ret = (meth->compute_key)(out, outlen, pub_key, ecdh, KDF); ++ /* Call user cookie handler */ ++ cookie->pkc_callback(cookie, 0); ++ } ++ return ret; ++} + + static DH_METHOD cryptodev_dh = { + "cryptodev DH method", +@@ -2545,6 +3800,8 @@ static DH_METHOD cryptodev_dh = { + NULL, + NULL, + NULL, ++ NULL, ++ NULL, + 0, /* flags */ + NULL /* app_data */ + }; +@@ -2553,6 +3810,7 @@ static ECDH_METHOD cryptodev_ecdh = { + "cryptodev ECDH method", + NULL, /* cryptodev_ecdh_compute_key */ + NULL, ++ NULL, + 0, /* flags */ + NULL /* app_data */ + }; +@@ -2625,12 +3883,19 @@ ENGINE_load_cryptodev(void) + cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; + if (cryptodev_asymfeat & CRF_MOD_EXP) { + cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp; +- if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) ++ cryptodev_rsa.bn_mod_exp_async = ++ cryptodev_bn_mod_exp_async; ++ if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) { + cryptodev_rsa.rsa_mod_exp = + cryptodev_rsa_mod_exp; +- else ++ cryptodev_rsa.rsa_mod_exp_async = ++ cryptodev_rsa_mod_exp_async; ++ } else { + cryptodev_rsa.rsa_mod_exp = + cryptodev_rsa_nocrt_mod_exp; ++ cryptodev_rsa.rsa_mod_exp_async = ++ cryptodev_rsa_nocrt_mod_exp_async; ++ } + } + } + +@@ -2638,12 +3903,21 @@ ENGINE_load_cryptodev(void) + const DSA_METHOD *meth = DSA_OpenSSL(); + + memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); +- if (cryptodev_asymfeat & CRF_DSA_SIGN) ++ if (cryptodev_asymfeat & CRF_DSA_SIGN) { + cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; +- if (cryptodev_asymfeat & CRF_DSA_VERIFY) ++ cryptodev_dsa.dsa_do_sign_async = ++ cryptodev_dsa_do_sign_async; ++ } ++ if (cryptodev_asymfeat & CRF_DSA_VERIFY) { + cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; +- if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) ++ cryptodev_dsa.dsa_do_verify_async = ++ cryptodev_dsa_verify_async; ++ } ++ if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) { + cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen; ++ cryptodev_dsa.dsa_keygen_async = ++ cryptodev_dsa_keygen_async; ++ } + } + + if (ENGINE_set_DH(engine, &cryptodev_dh)){ +@@ -2652,10 +3926,15 @@ ENGINE_load_cryptodev(void) + if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { + cryptodev_dh.compute_key = + cryptodev_dh_compute_key; ++ cryptodev_dh.compute_key_async = ++ cryptodev_dh_compute_key_async; + } + if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) { + cryptodev_dh.generate_key = + cryptodev_dh_keygen; ++ cryptodev_dh.generate_key_async = ++ cryptodev_dh_keygen_async; ++ + } + } + +@@ -2664,10 +3943,14 @@ ENGINE_load_cryptodev(void) + memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD)); + if (cryptodev_asymfeat & CRF_DSA_SIGN) { + cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign; ++ cryptodev_ecdsa.ecdsa_do_sign_async = ++ cryptodev_ecdsa_do_sign_async; + } + if (cryptodev_asymfeat & CRF_DSA_VERIFY) { + cryptodev_ecdsa.ecdsa_do_verify = + cryptodev_ecdsa_verify; ++ cryptodev_ecdsa.ecdsa_do_verify_async = ++ cryptodev_ecdsa_verify_async; + } + } + +@@ -2676,9 +3959,16 @@ ENGINE_load_cryptodev(void) + memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD)); + if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { + cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key; ++ cryptodev_ecdh.compute_key_async = ++ cryptodev_ecdh_compute_key_async; + } + } + ++ ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability); ++ ENGINE_set_close_instance(engine, cryptodev_close_instance); ++ ENGINE_set_init_instance(engine, cryptodev_init_instance); ++ ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC); ++ + ENGINE_add(engine); + ENGINE_free(engine); + ERR_clear_error(); +diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h +index 451ef8f..8fc3077 100644 +--- a/crypto/engine/eng_int.h ++++ b/crypto/engine/eng_int.h +@@ -181,7 +181,29 @@ struct engine_st + ENGINE_LOAD_KEY_PTR load_pubkey; + + ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert; +- ++ /* ++ * Instantiate Engine handle to be passed in check_pkc_availability ++ * Ensure that Engine is instantiated before any pkc asynchronous call. ++ */ ++ void *(*engine_init_instance)(void); ++ /* ++ * Instantiated Engine handle will be closed with this call. ++ * Ensure that no pkc asynchronous call is made after this call ++ */ ++ void (*engine_close_instance)(void *handle); ++ /* ++ * Check availability will extract the data from kernel. ++ * eng_handle: This is the Engine handle corresponds to which ++ * the cookies needs to be polled. ++ * return 0 if cookie available else 1 ++ */ ++ int (*check_pkc_availability)(void *eng_handle); ++ /* ++ * The following map is used to check if the engine supports asynchronous implementation ++ * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous ++ * implementation need to check this features using "int ENGINE_get_async_map(engine *)"; ++ */ ++ int async_map; + const ENGINE_CMD_DEFN *cmd_defns; + int flags; + /* reference count on the structure itself */ +diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c +index 18a6664..6fa621c 100644 +--- a/crypto/engine/eng_lib.c ++++ b/crypto/engine/eng_lib.c +@@ -98,7 +98,11 @@ void engine_set_all_null(ENGINE *e) + e->ctrl = NULL; + e->load_privkey = NULL; + e->load_pubkey = NULL; ++ e->check_pkc_availability = NULL; ++ e->engine_init_instance = NULL; ++ e->engine_close_instance = NULL; + e->cmd_defns = NULL; ++ e->async_map = 0; + e->flags = 0; + } + +@@ -233,6 +237,48 @@ int ENGINE_set_id(ENGINE *e, const char *id) + return 1; + } + ++void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void)) ++ { ++ e->engine_init_instance = engine_init_instance; ++ } ++ ++void ENGINE_set_close_instance(ENGINE *e, ++ void (*engine_close_instance)(void *)) ++ { ++ e->engine_close_instance = engine_close_instance; ++ } ++ ++void ENGINE_set_async_map(ENGINE *e, int async_map) ++ { ++ e->async_map = async_map; ++ } ++ ++void *ENGINE_init_instance(ENGINE *e) ++ { ++ return e->engine_init_instance(); ++ } ++ ++void ENGINE_close_instance(ENGINE *e, void *eng_handle) ++ { ++ e->engine_close_instance(eng_handle); ++ } ++ ++int ENGINE_get_async_map(ENGINE *e) ++ { ++ return e->async_map; ++ } ++ ++void ENGINE_set_check_pkc_availability(ENGINE *e, ++ int (*check_pkc_availability)(void *eng_handle)) ++ { ++ e->check_pkc_availability = check_pkc_availability; ++ } ++ ++int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle) ++ { ++ return e->check_pkc_availability(eng_handle); ++ } ++ + int ENGINE_set_name(ENGINE *e, const char *name) + { + if(name == NULL) +diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h +index 237a6c9..ccff86a 100644 +--- a/crypto/engine/engine.h ++++ b/crypto/engine/engine.h +@@ -473,6 +473,30 @@ ENGINE *ENGINE_new(void); + int ENGINE_free(ENGINE *e); + int ENGINE_up_ref(ENGINE *e); + int ENGINE_set_id(ENGINE *e, const char *id); ++void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void)); ++void ENGINE_set_close_instance(ENGINE *e, ++ void (*engine_free_instance)(void *)); ++/* ++ * Following FLAGS are bitmap store in async_map to set asynchronous interface capability ++ *of the engine ++ */ ++#define ENGINE_RSA_ASYNC 0x0001 ++#define ENGINE_DSA_ASYNC 0x0002 ++#define ENGINE_DH_ASYNC 0x0004 ++#define ENGINE_ECDSA_ASYNC 0x0008 ++#define ENGINE_ECDH_ASYNC 0x0010 ++#define ENGINE_ALLPKC_ASYNC 0x001F ++/* Engine implementation will set the bitmap based on above flags using following API */ ++void ENGINE_set_async_map(ENGINE *e, int async_map); ++ /* Application need to check the bitmap based on above flags using following API ++ * to confirm asynchronous methods supported ++ */ ++int ENGINE_get_async_map(ENGINE *e); ++void *ENGINE_init_instance(ENGINE *e); ++void ENGINE_close_instance(ENGINE *e, void *eng_handle); ++void ENGINE_set_check_pkc_availability(ENGINE *e, ++ int (*check_pkc_availability)(void *eng_handle)); ++int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle); + int ENGINE_set_name(ENGINE *e, const char *name); + int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); + int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); +diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h +index 5f269e5..6ef1b15 100644 +--- a/crypto/rsa/rsa.h ++++ b/crypto/rsa/rsa.h +@@ -101,6 +101,29 @@ struct rsa_meth_st + int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); /* Can be null */ ++ /* ++ * Cookie in the following _async variant must be allocated before ++ * submission and can be freed once its corresponding callback ++ * handler is called ++ */ ++ int (*rsa_pub_enc_asyn)(int flen,const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding, ++ struct pkc_cookie_s *cookie); ++ int (*rsa_pub_dec_async)(int flen,const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding, ++ struct pkc_cookie_s *cookie); ++ int (*rsa_priv_enc_async)(int flen,const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding, ++ struct pkc_cookie_s *cookie); ++ int (*rsa_priv_dec_async)(int flen,const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding, ++ struct pkc_cookie_s *cookie); ++ int (*rsa_mod_exp_async)(BIGNUM *r0, const BIGNUM *I, RSA *rsa, ++ BN_CTX *ctx, struct pkc_cookie_s *cookie); ++ int (*bn_mod_exp_async)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx, ++ BN_MONT_CTX *m_ctx, struct pkc_cookie_s *cookie); ++ + int (*init)(RSA *rsa); /* called at new */ + int (*finish)(RSA *rsa); /* called at free */ + int flags; /* RSA_METHOD_FLAG_* things */ +-- +2.3.5 + diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch new file mode 100644 index 0000000..244d230 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch @@ -0,0 +1,153 @@ +From e4fc051f8ae1c093b25ca346c2ec351ff3b700d1 Mon Sep 17 00:00:00 2001 +From: Hou Zhiqiang +Date: Wed, 2 Apr 2014 16:10:43 +0800 +Subject: [PATCH 11/26] Add RSA keygen operation and support gendsa command + with hardware engine + +Upstream-status: Pending + +Signed-off-by: Hou Zhiqiang +Tested-by: Cristian Stoica +--- + crypto/engine/eng_cryptodev.c | 118 ++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 118 insertions(+) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index 9f2416e..b2919a8 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -1906,6 +1906,121 @@ err: + return dsaret; + } + ++/* Cryptodev RSA Key Gen routine */ ++static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) ++{ ++ struct crypt_kop kop; ++ int ret, fd; ++ int p_len, q_len; ++ int i; ++ ++ if ((fd = get_asym_dev_crypto()) < 0) ++ return fd; ++ ++ if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err; ++ if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err; ++ if(!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err; ++ if(!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err; ++ if(!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err; ++ if(!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err; ++ if(!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err; ++ if(!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err; ++ ++ BN_copy(rsa->e, e); ++ ++ p_len = (bits+1) / (2 * 8); ++ q_len = (bits - p_len * 8) / 8; ++ memset(&kop, 0, sizeof kop); ++ kop.crk_op = CRK_RSA_GENERATE_KEY; ++ ++ /* p length */ ++ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char)); ++ if (!kop.crk_param[kop.crk_iparams].crp_p) ++ goto err; ++ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8; ++ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1); ++ kop.crk_iparams++; ++ kop.crk_oparams++; ++ /* q length */ ++ kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char)); ++ if (!kop.crk_param[kop.crk_iparams].crp_p) ++ goto err; ++ kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8; ++ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1); ++ kop.crk_iparams++; ++ kop.crk_oparams++; ++ /* n length */ ++ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + q_len + 1, sizeof(char)); ++ if (!kop.crk_param[kop.crk_iparams].crp_p) ++ goto err; ++ kop.crk_param[kop.crk_iparams].crp_nbits = bits; ++ memset(kop.crk_param[kop.crk_iparams].crp_p, 0x00, p_len + q_len + 1); ++ kop.crk_iparams++; ++ kop.crk_oparams++; ++ /* d length */ ++ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + q_len + 1, sizeof(char)); ++ if (!kop.crk_param[kop.crk_iparams].crp_p) ++ goto err; ++ kop.crk_param[kop.crk_iparams].crp_nbits = bits; ++ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + q_len + 1); ++ kop.crk_iparams++; ++ kop.crk_oparams++; ++ /* dp1 length */ ++ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char)); ++ if (!kop.crk_param[kop.crk_iparams].crp_p) ++ goto err; ++ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8; ++ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1); ++ kop.crk_iparams++; ++ kop.crk_oparams++; ++ /* dq1 length */ ++ kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char)); ++ if (!kop.crk_param[kop.crk_iparams].crp_p) ++ goto err; ++ kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8; ++ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1); ++ kop.crk_iparams++; ++ kop.crk_oparams++; ++ /* i length */ ++ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char)); ++ if (!kop.crk_param[kop.crk_iparams].crp_p) ++ goto err; ++ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8; ++ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1); ++ kop.crk_iparams++; ++ kop.crk_oparams++; ++ ++ if (ioctl(fd, CIOCKEY, &kop) == 0) { ++ BN_bin2bn(kop.crk_param[0].crp_p, ++ p_len, rsa->p); ++ BN_bin2bn(kop.crk_param[1].crp_p, ++ q_len, rsa->q); ++ BN_bin2bn(kop.crk_param[2].crp_p, ++ bits / 8, rsa->n); ++ BN_bin2bn(kop.crk_param[3].crp_p, ++ bits / 8, rsa->d); ++ BN_bin2bn(kop.crk_param[4].crp_p, ++ p_len, rsa->dmp1); ++ BN_bin2bn(kop.crk_param[5].crp_p, ++ q_len, rsa->dmq1); ++ BN_bin2bn(kop.crk_param[6].crp_p, ++ p_len, rsa->iqmp); ++ return 1; ++ } ++sw_try: ++ { ++ const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); ++ ret = (meth->rsa_keygen)(rsa, bits, e, cb); ++ } ++ return ret; ++ ++err: ++ for (i = 0; i < CRK_MAXPARAM; i++) ++ free(kop.crk_param[i].crp_p); ++ return 0; ++ ++} ++ + /* Cryptodev DSA Key Gen routine */ + static int cryptodev_dsa_keygen(DSA *dsa) + { +@@ -3896,6 +4011,9 @@ ENGINE_load_cryptodev(void) + cryptodev_rsa.rsa_mod_exp_async = + cryptodev_rsa_nocrt_mod_exp_async; + } ++ if (cryptodev_asymfeat & CRF_RSA_GENERATE_KEY) ++ cryptodev_rsa.rsa_keygen = ++ cryptodev_rsa_keygen; + } + } + +-- +2.3.5 + diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-RSA-Keygen-Fix.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-RSA-Keygen-Fix.patch new file mode 100644 index 0000000..7f907da --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-RSA-Keygen-Fix.patch @@ -0,0 +1,64 @@ +From ac777f046da7151386d667391362ecb553ceee90 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta +Date: Wed, 16 Apr 2014 22:53:04 +0545 +Subject: [PATCH 12/26] RSA Keygen Fix + +Upstream-status: Pending + +If Kernel driver doesn't support RSA Keygen or same returns +error handling the keygen operation, the keygen is gracefully +handled by software supported rsa_keygen handler + +Signed-off-by: Yashpal Dutta +Tested-by: Cristian Stoica +--- + crypto/engine/eng_cryptodev.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index b2919a8..ed5f20f 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -1915,7 +1915,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) + int i; + + if ((fd = get_asym_dev_crypto()) < 0) +- return fd; ++ goto sw_try; + + if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err; + if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err; +@@ -1936,7 +1936,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) + /* p length */ + kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char)); + if (!kop.crk_param[kop.crk_iparams].crp_p) +- goto err; ++ goto sw_try; + kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8; + memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1); + kop.crk_iparams++; +@@ -1944,7 +1944,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) + /* q length */ + kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char)); + if (!kop.crk_param[kop.crk_iparams].crp_p) +- goto err; ++ goto sw_try; + kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8; + memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1); + kop.crk_iparams++; +@@ -2009,8 +2009,10 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) + } + sw_try: + { +- const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); +- ret = (meth->rsa_keygen)(rsa, bits, e, cb); ++ const RSA_METHOD *meth = rsa->meth; ++ rsa->meth = RSA_PKCS1_SSLeay(); ++ ret = RSA_generate_key_ex(rsa, bits, e, cb); ++ rsa->meth = meth; + } + return ret; + +-- +2.3.5 + diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Removed-local-copy-of-curve_t-type.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Removed-local-copy-of-curve_t-type.patch new file mode 100644 index 0000000..c9d8ace --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Removed-local-copy-of-curve_t-type.patch @@ -0,0 +1,164 @@ +From 6aaa306cdf878250d7b6eaf30978de313653886b Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta +Date: Thu, 17 Apr 2014 06:57:59 +0545 +Subject: [PATCH 13/26] Removed local copy of curve_t type + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta +Tested-by: Cristian Stoica +--- + crypto/engine/eng_cryptodev.c | 34 ++++++++++++++-------------------- + crypto/engine/eng_cryptodev_ec.h | 7 ------- + 2 files changed, 14 insertions(+), 27 deletions(-) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index ed5f20f..5d883fa 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -2398,12 +2398,6 @@ static ECDSA_METHOD cryptodev_ecdsa = { + NULL /* app_data */ + }; + +-typedef enum ec_curve_s +-{ +- EC_PRIME, +- EC_BINARY +-} ec_curve_t; +- + /* ENGINE handler for ECDSA Sign */ + static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, + int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) +@@ -2420,7 +2414,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, + const BIGNUM *order = NULL, *priv_key=NULL; + const EC_GROUP *group = NULL; + struct crypt_kop kop; +- ec_curve_t ec_crv = EC_PRIME; ++ enum ec_curve_t ec_crv = EC_PRIME; + + memset(&kop, 0, sizeof(kop)); + ecdsa = ecdsa_check(eckey); +@@ -2553,7 +2547,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, + else + goto err; + } +- kop.curve_type = ECC_BINARY; ++ kop.curve_type = EC_BINARY; + } + + /* Calculation of Generator point */ +@@ -2647,7 +2641,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, + const EC_POINT *pub_key = NULL; + const BIGNUM *order = NULL; + const EC_GROUP *group=NULL; +- ec_curve_t ec_crv = EC_PRIME; ++ enum ec_curve_t ec_crv = EC_PRIME; + struct crypt_kop kop; + + memset(&kop, 0, sizeof kop); +@@ -2792,7 +2786,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, + else + goto err; + } +- kop.curve_type = ECC_BINARY; ++ kop.curve_type = EC_BINARY; + } + + /* Calculation of Generator point */ +@@ -2893,7 +2887,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst, + const BIGNUM *order = NULL, *priv_key=NULL; + const EC_GROUP *group = NULL; + struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); +- ec_curve_t ec_crv = EC_PRIME; ++ enum ec_curve_t ec_crv = EC_PRIME; + + if (!(sig->r = BN_new()) || !kop) + goto err; +@@ -3029,7 +3023,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst, + else + goto err; + } +- kop->curve_type = ECC_BINARY; ++ kop->curve_type = EC_BINARY; + } + + /* Calculation of Generator point */ +@@ -3105,7 +3099,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len, + const EC_POINT *pub_key = NULL; + const BIGNUM *order = NULL; + const EC_GROUP *group=NULL; +- ec_curve_t ec_crv = EC_PRIME; ++ enum ec_curve_t ec_crv = EC_PRIME; + struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); + + if (!kop) +@@ -3247,7 +3241,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len, + /* copy b' i.e c(b), instead of only b */ + eng_ec_get_cparam (EC_GROUP_get_curve_name(group), + ab+q_len, q_len); +- kop->curve_type = ECC_BINARY; ++ kop->curve_type = EC_BINARY; + } + + /* Calculation of Generator point */ +@@ -3552,7 +3546,7 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen, + const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, + void *out, size_t *outlen)) + { +- ec_curve_t ec_crv = EC_PRIME; ++ enum ec_curve_t ec_crv = EC_PRIME; + unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; + BIGNUM * w_x = NULL, *w_y = NULL; + int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; +@@ -3678,9 +3672,9 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen, + else + goto err; + } +- kop.curve_type = ECC_BINARY; ++ kop.curve_type = EC_BINARY; + } else +- kop.curve_type = ECC_PRIME; ++ kop.curve_type = EC_PRIME; + + priv_key_len = r_len; + +@@ -3729,7 +3723,7 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen, + const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, + void *out, size_t *outlen), struct pkc_cookie_s *cookie) + { +- ec_curve_t ec_crv = EC_PRIME; ++ enum ec_curve_t ec_crv = EC_PRIME; + unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; + BIGNUM * w_x = NULL, *w_y = NULL; + int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; +@@ -3857,9 +3851,9 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen, + else + goto err; + } +- kop->curve_type = ECC_BINARY; ++ kop->curve_type = EC_BINARY; + } else +- kop->curve_type = ECC_PRIME; ++ kop->curve_type = EC_PRIME; + + priv_key_len = r_len; + +diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h +index 77aee71..a4b8da5 100644 +--- a/crypto/engine/eng_cryptodev_ec.h ++++ b/crypto/engine/eng_cryptodev_ec.h +@@ -286,11 +286,4 @@ static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y, + + return xy; + } +- +-enum curve_t { +- DISCRETE_LOG, +- ECC_PRIME, +- ECC_BINARY, +- MAX_ECC_TYPE +-}; + #endif +-- +2.3.5 + diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-Modulus-parameter-is-not-populated-by-dhparams.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-Modulus-parameter-is-not-populated-by-dhparams.patch new file mode 100644 index 0000000..198bed7 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-Modulus-parameter-is-not-populated-by-dhparams.patch @@ -0,0 +1,43 @@ +From 14623ca9e417ccef1ad3f4138acfac0ebe682f1f Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta +Date: Tue, 22 Apr 2014 22:58:33 +0545 +Subject: [PATCH 14/26] Modulus parameter is not populated by dhparams + +Upstream-status: Pending + +When dhparams are created, modulus parameter required for +private key generation is not populated. So, falling back +to software for proper population of modulus parameters followed +by private key generation + +Signed-off-by: Yashpal Dutta +Tested-by: Cristian Stoica +--- + crypto/engine/eng_cryptodev.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index 5d883fa..6d69336 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -3364,7 +3364,7 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie) + kop->crk_op = CRK_DH_GENERATE_KEY; + if (bn2crparam(dh->p, &kop->crk_param[0])) + goto sw_try; +- if (bn2crparam(dh->q, &kop->crk_param[1])) ++ if (!dh->q || bn2crparam(dh->q, &kop->crk_param[1])) + goto sw_try; + kop->crk_param[2].crp_p = g; + kop->crk_param[2].crp_nbits = g_len * 8; +@@ -3419,7 +3419,7 @@ static int cryptodev_dh_keygen(DH *dh) + kop.crk_op = CRK_DH_GENERATE_KEY; + if (bn2crparam(dh->p, &kop.crk_param[0])) + goto sw_try; +- if (bn2crparam(dh->q, &kop.crk_param[1])) ++ if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1])) + goto sw_try; + kop.crk_param[2].crp_p = g; + kop.crk_param[2].crp_nbits = g_len * 8; +-- +2.3.5 + diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-SW-Backoff-mechanism-for-dsa-keygen.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-SW-Backoff-mechanism-for-dsa-keygen.patch new file mode 100644 index 0000000..59330a1 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-SW-Backoff-mechanism-for-dsa-keygen.patch @@ -0,0 +1,53 @@ +From 10be401a33e6ebcc325d6747914c70595cd53d0a Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta +Date: Thu, 24 Apr 2014 00:35:34 +0545 +Subject: [PATCH 15/26] SW Backoff mechanism for dsa keygen + +Upstream-status: Pending + +DSA Keygen is not handled in default openssl dsa method. Due to +same null function pointer in SW DSA method, the backoff for dsa +keygen gives segmentation fault. + +Signed-off-by: Yashpal Dutta +Tested-by: Cristian Stoica +--- + crypto/engine/eng_cryptodev.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index 6d69336..dab8fea 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -2069,8 +2069,10 @@ static int cryptodev_dsa_keygen(DSA *dsa) + return ret; + sw_try: + { +- const DSA_METHOD *meth = DSA_OpenSSL(); +- ret = (meth->dsa_keygen)(dsa); ++ const DSA_METHOD *meth = dsa->meth; ++ dsa->meth = DSA_OpenSSL(); ++ ret = DSA_generate_key(dsa); ++ dsa->meth = meth; + } + return ret; + } +@@ -2124,11 +2126,13 @@ static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie) + return ret; + sw_try: + { +- const DSA_METHOD *meth = DSA_OpenSSL(); ++ const DSA_METHOD *meth = dsa->meth; + ++ dsa->meth = DSA_OpenSSL(); + if (kop) + free(kop); +- ret = (meth->dsa_keygen)(dsa); ++ ret = DSA_generate_key(dsa); ++ dsa->meth = meth; + cookie->pkc_callback(cookie, 0); + } + return ret; +-- +2.3.5 + diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-Fixed-DH-keygen-pair-generator.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-Fixed-DH-keygen-pair-generator.patch new file mode 100644 index 0000000..8923cb6 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-Fixed-DH-keygen-pair-generator.patch @@ -0,0 +1,100 @@ +From d2c868c6370bcc0d0a254e641907da2cdf992d62 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta +Date: Thu, 1 May 2014 06:35:45 +0545 +Subject: [PATCH 16/26] Fixed DH keygen pair generator + +Upstream-status: Pending + +Wrong Padding results into keygen length error + +Signed-off-by: Yashpal Dutta +Tested-by: Cristian Stoica +--- + crypto/engine/eng_cryptodev.c | 50 ++++++++++++++++++++++++++++--------------- + 1 file changed, 33 insertions(+), 17 deletions(-) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index dab8fea..13d924f 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -3396,44 +3396,60 @@ sw_try: + static int cryptodev_dh_keygen(DH *dh) + { + struct crypt_kop kop; +- int ret = 1, g_len; +- unsigned char *g = NULL; ++ int ret = 1, q_len = 0; ++ unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL; ++ BIGNUM *pub_key = NULL, *priv_key = NULL; ++ int generate_new_key = 1; + +- if (dh->priv_key == NULL) { +- if ((dh->priv_key=BN_new()) == NULL) +- goto sw_try; +- } ++ if (dh->priv_key) ++ priv_key = dh->priv_key; + +- if (dh->pub_key == NULL) { +- if ((dh->pub_key=BN_new()) == NULL) +- goto sw_try; +- } ++ if (dh->pub_key) ++ pub_key = dh->pub_key; + +- g_len = BN_num_bytes(dh->p); ++ q_len = BN_num_bytes(dh->p); + /** + * Get generator into a plain buffer. If length is less than + * q_len then add leading padding bytes. + */ +- if (spcf_bn2bin_ex(dh->g, &g, &g_len)) { ++ if (spcf_bn2bin_ex(dh->g, &g, &q_len)) { ++ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); ++ goto sw_try; ++ } ++ ++ if (spcf_bn2bin_ex(dh->p, &q, &q_len)) { + DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); + goto sw_try; + } + + memset(&kop, 0, sizeof kop); + kop.crk_op = CRK_DH_GENERATE_KEY; +- if (bn2crparam(dh->p, &kop.crk_param[0])) +- goto sw_try; ++ kop.crk_param[0].crp_p = q; ++ kop.crk_param[0].crp_nbits = q_len * 8; + if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1])) + goto sw_try; + kop.crk_param[2].crp_p = g; +- kop.crk_param[2].crp_nbits = g_len * 8; ++ kop.crk_param[2].crp_nbits = q_len * 8; + kop.crk_iparams = 3; + ++ s = OPENSSL_malloc (q_len); ++ if (!s) { ++ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); ++ goto sw_try; ++ } ++ ++ w = OPENSSL_malloc (q_len); ++ if (!w) { ++ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); ++ goto sw_try; ++ } ++ + /* pub_key is or prime length while priv key is of length of order */ +- if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key, +- BN_num_bytes(dh->q), dh->priv_key)) ++ if (cryptodev_asym(&kop, q_len, w, q_len, s)) + goto sw_try; + ++ dh->pub_key = BN_bin2bn(w, q_len, pub_key); ++ dh->pub_key = BN_bin2bn(s, q_len, priv_key); + return ret; + sw_try: + { +-- +2.3.5 + diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch new file mode 100644 index 0000000..bd9e61a --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch @@ -0,0 +1,309 @@ +From 11b55103463bac614e00d74e9f196ec4ec6bade1 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Mon, 16 Jun 2014 14:06:21 +0300 +Subject: [PATCH 17/26] cryptodev: add support for aes-gcm algorithm offloading + +Change-Id: I3b77dc5ef8b8f707309549244a02852d95b36168 +Signed-off-by: Cristian Stoica +Reviewed-on: http://git.am.freescale.net:8181/17226 +--- + apps/speed.c | 6 +- + crypto/engine/eng_cryptodev.c | 229 +++++++++++++++++++++++++++++++++++++++++- + 2 files changed, 233 insertions(+), 2 deletions(-) + +diff --git a/apps/speed.c b/apps/speed.c +index 9886ca3..099dede 100644 +--- a/apps/speed.c ++++ b/apps/speed.c +@@ -224,7 +224,11 @@ + #endif + + #undef BUFSIZE +-#define BUFSIZE ((long)1024*8+1) ++/* The buffer overhead allows GCM tag at the end of the encrypted data. This ++ avoids buffer overflows from cryptodev since Linux kernel GCM ++ implementation allways adds the tag - unlike e_aes.c:aes_gcm_cipher() ++ which doesn't */ ++#define BUFSIZE ((long)1024*8 + EVP_GCM_TLS_TAG_LEN) + int run=0; + + static int mr=0; +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index 13d924f..4493490 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -78,8 +78,10 @@ struct dev_crypto_state { + struct session_op d_sess; + int d_fd; + unsigned char *aad; +- unsigned int aad_len; ++ int aad_len; + unsigned int len; ++ unsigned char *iv; ++ int ivlen; + + #ifdef USE_CRYPTODEV_DIGESTS + char dummy_mac_key[HASH_MAX_LEN]; +@@ -251,6 +253,7 @@ static struct { + { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0}, + { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20}, + { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20}, ++ { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0}, + { 0, NID_undef, 0, 0, 0}, + }; + +@@ -271,6 +274,19 @@ static struct { + }; + #endif + ++/* increment counter (64-bit int) by 1 */ ++static void ctr64_inc(unsigned char *counter) { ++ int n=8; ++ unsigned char c; ++ ++ do { ++ --n; ++ c = counter[n]; ++ ++c; ++ counter[n] = c; ++ if (c) return; ++ } while (n); ++} + /* + * Return a fd if /dev/crypto seems usable, 0 otherwise. + */ +@@ -762,6 +778,197 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + } + } + ++static int cryptodev_init_gcm_key(EVP_CIPHER_CTX *ctx, ++ const unsigned char *key, const unsigned char *iv, int enc) ++{ ++ struct dev_crypto_state *state = ctx->cipher_data; ++ struct session_op *sess = &state->d_sess; ++ int cipher = -1, i; ++ if (!iv && !key) ++ return 1; ++ ++ if (iv) ++ memcpy(ctx->iv, iv, ctx->cipher->iv_len); ++ ++ for (i = 0; ciphers[i].id; i++) ++ if (ctx->cipher->nid == ciphers[i].nid && ++ ctx->cipher->iv_len <= ciphers[i].ivmax && ++ ctx->key_len == ciphers[i].keylen) { ++ cipher = ciphers[i].id; ++ break; ++ } ++ ++ if (!ciphers[i].id) { ++ state->d_fd = -1; ++ return 0; ++ } ++ ++ memset(sess, 0, sizeof(struct session_op)); ++ ++ if ((state->d_fd = get_dev_crypto()) < 0) ++ return 0; ++ ++ sess->key = (unsigned char *) key; ++ sess->keylen = ctx->key_len; ++ sess->cipher = cipher; ++ ++ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { ++ put_dev_crypto(state->d_fd); ++ state->d_fd = -1; ++ return 0; ++ } ++ return 1; ++} ++ ++static int cryptodev_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ struct crypt_auth_op cryp = {0}; ++ struct dev_crypto_state *state = ctx->cipher_data; ++ struct session_op *sess = &state->d_sess; ++ int rv = len; ++ ++ if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ? ++ EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV, ++ EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) ++ return 0; ++ ++ in += EVP_GCM_TLS_EXPLICIT_IV_LEN; ++ out += EVP_GCM_TLS_EXPLICIT_IV_LEN; ++ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; ++ ++ if (ctx->encrypt) { ++ len -= EVP_GCM_TLS_TAG_LEN; ++ } ++ cryp.ses = sess->ses; ++ cryp.len = len; ++ cryp.src = (unsigned char*) in; ++ cryp.dst = out; ++ cryp.auth_src = state->aad; ++ cryp.auth_len = state->aad_len; ++ cryp.iv = ctx->iv; ++ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; ++ ++ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) { ++ return 0; ++ } ++ ++ if (ctx->encrypt) ++ ctr64_inc(state->iv + state->ivlen - 8); ++ else ++ rv = len - EVP_GCM_TLS_TAG_LEN; ++ ++ return rv; ++} ++ ++static int cryptodev_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ struct crypt_auth_op cryp; ++ struct dev_crypto_state *state = ctx->cipher_data; ++ struct session_op *sess = &state->d_sess; ++ ++ if (state->d_fd < 0) ++ return 0; ++ ++ if ((len % ctx->cipher->block_size) != 0) ++ return 0; ++ ++ if (state->aad_len >= 0) ++ return cryptodev_gcm_tls_cipher(ctx, out, in, len); ++ ++ memset(&cryp, 0, sizeof(cryp)); ++ ++ cryp.ses = sess->ses; ++ cryp.len = len; ++ cryp.src = (unsigned char*) in; ++ cryp.dst = out; ++ cryp.auth_src = NULL; ++ cryp.auth_len = 0; ++ cryp.iv = ctx->iv; ++ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; ++ ++ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) { ++ return 0; ++ } ++ ++ return len; ++} ++ ++static int cryptodev_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, ++ void *ptr) ++{ ++ struct dev_crypto_state *state = ctx->cipher_data; ++ switch (type) { ++ case EVP_CTRL_INIT: ++ { ++ state->ivlen = ctx->cipher->iv_len; ++ state->iv = ctx->iv; ++ state->aad_len = -1; ++ return 1; ++ } ++ case EVP_CTRL_GCM_SET_IV_FIXED: ++ { ++ /* Special case: -1 length restores whole IV */ ++ if (arg == -1) ++ { ++ memcpy(state->iv, ptr, state->ivlen); ++ return 1; ++ } ++ /* Fixed field must be at least 4 bytes and invocation field ++ * at least 8. ++ */ ++ if ((arg < 4) || (state->ivlen - arg) < 8) ++ return 0; ++ if (arg) ++ memcpy(state->iv, ptr, arg); ++ if (ctx->encrypt && ++ RAND_bytes(state->iv + arg, state->ivlen - arg) <= 0) ++ return 0; ++ return 1; ++ } ++ case EVP_CTRL_AEAD_TLS1_AAD: ++ { ++ unsigned int len; ++ if (arg != 13) ++ return 0; ++ ++ memcpy(ctx->buf, ptr, arg); ++ len=ctx->buf[arg-2] << 8 | ctx->buf[arg-1]; ++ ++ /* Correct length for explicit IV */ ++ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; ++ ++ /* If decrypting correct for tag too */ ++ if (!ctx->encrypt) ++ len -= EVP_GCM_TLS_TAG_LEN; ++ ++ ctx->buf[arg-2] = len >> 8; ++ ctx->buf[arg-1] = len & 0xff; ++ ++ state->aad = ctx->buf; ++ state->aad_len = arg; ++ state->len = len; ++ ++ /* Extra padding: tag appended to record */ ++ return EVP_GCM_TLS_TAG_LEN; ++ } ++ case EVP_CTRL_GCM_SET_IV_INV: ++ { ++ if (ctx->encrypt) ++ return 0; ++ memcpy(state->iv + state->ivlen - arg, ptr, arg); ++ return 1; ++ } ++ case EVP_CTRL_GCM_IV_GEN: ++ if (arg <= 0 || arg > state->ivlen) ++ arg = state->ivlen; ++ memcpy(ptr, state->iv + state->ivlen - arg, arg); ++ return 1; ++ default: ++ return -1; ++ } ++} + /* + * libcrypto EVP stuff - this is how we get wired to EVP so the engine + * gets called when libcrypto requests a cipher NID. +@@ -901,6 +1108,23 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = { + cryptodev_cbc_hmac_sha1_ctrl, + NULL + }; ++ ++const EVP_CIPHER cryptodev_aes_128_gcm = { ++ NID_aes_128_gcm, ++ 1, 16, 12, ++ EVP_CIPH_GCM_MODE | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1 \ ++ | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ ++ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT, ++ cryptodev_init_gcm_key, ++ cryptodev_gcm_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ cryptodev_gcm_ctrl, ++ NULL ++}; ++ + /* + * Registered by the ENGINE when used to find out how to deal with + * a particular NID in the ENGINE. this says what we'll do at the +@@ -944,6 +1168,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, + case NID_aes_256_cbc_hmac_sha1: + *cipher = &cryptodev_aes_256_cbc_hmac_sha1; + break; ++ case NID_aes_128_gcm: ++ *cipher = &cryptodev_aes_128_gcm; ++ break; + default: + *cipher = NULL; + break; +-- +2.3.5 + diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch new file mode 100644 index 0000000..1118a6f --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch @@ -0,0 +1,193 @@ +From 21e3ca4ec77f9258aa4001f07faac1c4942b48b4 Mon Sep 17 00:00:00 2001 +From: Tudor Ambarus +Date: Fri, 9 May 2014 17:54:06 +0300 +Subject: [PATCH 18/26] eng_cryptodev: extend TLS offload with + 3des_cbc_hmac_sha1 + +Both obj_mac.h and obj_dat.h were generated using the scripts +from crypto/objects: + +$ cd crypto/objects +$ perl objects.pl objects.txt obj_mac.num obj_mac.h +$ perl obj_dat.pl obj_mac.h obj_dat.h + +Change-Id: I94f13cdd09df67e33e6acd3c00aab47cb358ac46 +Signed-off-by: Tudor Ambarus +Signed-off-by: Cristian Stoica +Reviewed-on: http://git.am.freescale.net:8181/34001 +--- + crypto/engine/eng_cryptodev.c | 24 ++++++++++++++++++++++++ + crypto/objects/obj_dat.h | 10 +++++++--- + crypto/objects/obj_mac.h | 4 ++++ + crypto/objects/obj_mac.num | 1 + + crypto/objects/objects.txt | 1 + + ssl/ssl_ciph.c | 4 ++++ + 6 files changed, 41 insertions(+), 3 deletions(-) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index 79b2678..299e84b 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -135,6 +135,7 @@ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, + void ENGINE_load_cryptodev(void); + const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; + const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; ++const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1; + + inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) + { +@@ -252,6 +253,7 @@ static struct { + { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, 0}, + { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0}, + { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0}, ++ { CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20}, + { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20}, + { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20}, + { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0}, +@@ -466,6 +468,9 @@ cryptodev_usable_ciphers(const int **nids) + case NID_aes_256_cbc_hmac_sha1: + EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); + break; ++ case NID_des_ede3_cbc_hmac_sha1: ++ EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1); ++ break; + } + } + return count; +@@ -571,6 +576,7 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + switch (ctx->cipher->nid) { + case NID_aes_128_cbc_hmac_sha1: + case NID_aes_256_cbc_hmac_sha1: ++ case NID_des_ede3_cbc_hmac_sha1: + cryp.flags = COP_FLAG_AEAD_TLS_TYPE; + } + cryp.ses = sess->ses; +@@ -763,6 +769,7 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + switch (ctx->cipher->nid) { + case NID_aes_128_cbc_hmac_sha1: + case NID_aes_256_cbc_hmac_sha1: ++ case NID_des_ede3_cbc_hmac_sha1: + maclen = SHA_DIGEST_LENGTH; + } + +@@ -1082,6 +1089,20 @@ const EVP_CIPHER cryptodev_aes_256_cbc = { + NULL + }; + ++const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1 = { ++ NID_des_ede3_cbc_hmac_sha1, ++ 8, 24, 8, ++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, ++ cryptodev_init_aead_key, ++ cryptodev_aead_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ cryptodev_cbc_hmac_sha1_ctrl, ++ NULL ++}; ++ + const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = { + NID_aes_128_cbc_hmac_sha1, + 16, 16, 16, +@@ -1163,6 +1184,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, + case NID_aes_256_cbc: + *cipher = &cryptodev_aes_256_cbc; + break; ++ case NID_des_ede3_cbc_hmac_sha1: ++ *cipher = &cryptodev_3des_cbc_hmac_sha1; ++ break; + case NID_aes_128_cbc_hmac_sha1: + *cipher = &cryptodev_aes_128_cbc_hmac_sha1; + break; +diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h +index bc69665..9f2267a 100644 +--- a/crypto/objects/obj_dat.h ++++ b/crypto/objects/obj_dat.h +@@ -62,9 +62,9 @@ + * [including the GNU Public Licence.] + */ + +-#define NUM_NID 920 +-#define NUM_SN 913 +-#define NUM_LN 913 ++#define NUM_NID 921 ++#define NUM_SN 914 ++#define NUM_LN 914 + #define NUM_OBJ 857 + + static const unsigned char lvalues[5974]={ +@@ -2399,6 +2399,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ + {"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1", + NID_aes_256_cbc_hmac_sha1,0,NULL,0}, + {"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0}, ++{"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1", ++ NID_des_ede3_cbc_hmac_sha1,0,NULL,0}, + }; + + static const unsigned int sn_objs[NUM_SN]={ +@@ -2474,6 +2476,7 @@ static const unsigned int sn_objs[NUM_SN]={ + 62, /* "DES-EDE-OFB" */ + 33, /* "DES-EDE3" */ + 44, /* "DES-EDE3-CBC" */ ++920, /* "DES-EDE3-CBC-HMAC-SHA1" */ + 61, /* "DES-EDE3-CFB" */ + 658, /* "DES-EDE3-CFB1" */ + 659, /* "DES-EDE3-CFB8" */ +@@ -3585,6 +3588,7 @@ static const unsigned int ln_objs[NUM_LN]={ + 62, /* "des-ede-ofb" */ + 33, /* "des-ede3" */ + 44, /* "des-ede3-cbc" */ ++920, /* "des-ede3-cbc-hmac-sha1" */ + 61, /* "des-ede3-cfb" */ + 658, /* "des-ede3-cfb1" */ + 659, /* "des-ede3-cfb8" */ +diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h +index b5ea7cd..8751902 100644 +--- a/crypto/objects/obj_mac.h ++++ b/crypto/objects/obj_mac.h +@@ -4030,3 +4030,7 @@ + #define LN_aes_256_cbc_hmac_sha1 "aes-256-cbc-hmac-sha1" + #define NID_aes_256_cbc_hmac_sha1 918 + ++#define SN_des_ede3_cbc_hmac_sha1 "DES-EDE3-CBC-HMAC-SHA1" ++#define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1" ++#define NID_des_ede3_cbc_hmac_sha1 920 ++ +diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num +index 1d0a7c8..9d44bb5 100644 +--- a/crypto/objects/obj_mac.num ++++ b/crypto/objects/obj_mac.num +@@ -917,3 +917,4 @@ aes_128_cbc_hmac_sha1 916 + aes_192_cbc_hmac_sha1 917 + aes_256_cbc_hmac_sha1 918 + rsaesOaep 919 ++des_ede3_cbc_hmac_sha1 920 +diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt +index d3bfad7..90d2fc5 100644 +--- a/crypto/objects/objects.txt ++++ b/crypto/objects/objects.txt +@@ -1290,3 +1290,4 @@ kisa 1 6 : SEED-OFB : seed-ofb + : AES-128-CBC-HMAC-SHA1 : aes-128-cbc-hmac-sha1 + : AES-192-CBC-HMAC-SHA1 : aes-192-cbc-hmac-sha1 + : AES-256-CBC-HMAC-SHA1 : aes-256-cbc-hmac-sha1 ++ : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1 +diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c +index 8188ff5..310fe76 100644 +--- a/ssl/ssl_ciph.c ++++ b/ssl/ssl_ciph.c +@@ -639,6 +639,10 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, + c->algorithm_mac == SSL_SHA1 && + (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) + *enc = evp, *md = NULL; ++ else if (c->algorithm_enc == SSL_3DES && ++ c->algorithm_mac == SSL_SHA1 && ++ (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1"))) ++ *enc = evp, *md = NULL; + return(1); + } + else +-- +2.3.5 + diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch new file mode 100644 index 0000000..988d79e --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch @@ -0,0 +1,355 @@ +From 1de2b740a3bdcd8e98abb5f4e176d46fd817b932 Mon Sep 17 00:00:00 2001 +From: Tudor Ambarus +Date: Tue, 31 Mar 2015 16:30:17 +0300 +Subject: [PATCH 19/26] eng_cryptodev: add support for TLSv1.1 record offload + +Supported cipher suites: +- 3des-ede-cbc-sha +- aes-128-cbc-hmac-sha +- aes-256-cbc-hmac-sha + +Requires TLS patches on cryptodev and TLS algorithm support in Linux +kernel driver. + +Signed-off-by: Tudor Ambarus +Change-Id: Id414f36a528de3f476b72688cf85714787d7ccae +Reviewed-on: http://git.am.freescale.net:8181/34002 +Reviewed-by: Cristian Stoica +Tested-by: Cristian Stoica +--- + crypto/engine/eng_cryptodev.c | 101 ++++++++++++++++++++++++++++++++++++++---- + crypto/objects/obj_dat.h | 18 ++++++-- + crypto/objects/obj_mac.h | 12 +++++ + crypto/objects/obj_mac.num | 3 ++ + crypto/objects/objects.txt | 3 ++ + ssl/ssl_ciph.c | 26 +++++++++-- + 6 files changed, 148 insertions(+), 15 deletions(-) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index 299e84b..f71ab27 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -66,6 +66,7 @@ ENGINE_load_cryptodev(void) + #include + #include + #include ++#include + #include + #include + #include +@@ -133,9 +134,12 @@ static int cryptodev_dh_compute_key(unsigned char *key, + static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, + void (*f)(void)); + void ENGINE_load_cryptodev(void); ++const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1; + const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; + const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; +-const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1; ++const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1; ++const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1; ++const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1; + + inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) + { +@@ -256,6 +260,9 @@ static struct { + { CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20}, + { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20}, + { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20}, ++ { CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8, 24, 20}, ++ { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16, 20}, ++ { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32, 20}, + { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0}, + { 0, NID_undef, 0, 0, 0}, + }; +@@ -462,14 +469,23 @@ cryptodev_usable_ciphers(const int **nids) + /* add ciphers specific to cryptodev if found in kernel */ + for(i = 0; i < count; i++) { + switch (*(*nids + i)) { ++ case NID_des_ede3_cbc_hmac_sha1: ++ EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1); ++ break; + case NID_aes_128_cbc_hmac_sha1: + EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); + break; + case NID_aes_256_cbc_hmac_sha1: + EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); + break; +- case NID_des_ede3_cbc_hmac_sha1: +- EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1); ++ case NID_tls11_des_ede3_cbc_hmac_sha1: ++ EVP_add_cipher(&cryptodev_tls11_3des_cbc_hmac_sha1); ++ break; ++ case NID_tls11_aes_128_cbc_hmac_sha1: ++ EVP_add_cipher(&cryptodev_tls11_aes_128_cbc_hmac_sha1); ++ break; ++ case NID_tls11_aes_256_cbc_hmac_sha1: ++ EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1); + break; + } + } +@@ -574,9 +590,12 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + + /* TODO: make a seamless integration with cryptodev flags */ + switch (ctx->cipher->nid) { ++ case NID_des_ede3_cbc_hmac_sha1: + case NID_aes_128_cbc_hmac_sha1: + case NID_aes_256_cbc_hmac_sha1: +- case NID_des_ede3_cbc_hmac_sha1: ++ case NID_tls11_des_ede3_cbc_hmac_sha1: ++ case NID_tls11_aes_128_cbc_hmac_sha1: ++ case NID_tls11_aes_256_cbc_hmac_sha1: + cryp.flags = COP_FLAG_AEAD_TLS_TYPE; + } + cryp.ses = sess->ses; +@@ -758,8 +777,9 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + struct dev_crypto_state *state = ctx->cipher_data; + unsigned char *p = ptr; + unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1]; +- unsigned int maclen, padlen; ++ unsigned int maclen, padlen, len; + unsigned int bs = ctx->cipher->block_size; ++ bool aad_needs_fix = false; + + state->aad = ptr; + state->aad_len = arg; +@@ -767,10 +787,24 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + + /* TODO: this should be an extension of EVP_CIPHER struct */ + switch (ctx->cipher->nid) { ++ case NID_des_ede3_cbc_hmac_sha1: + case NID_aes_128_cbc_hmac_sha1: + case NID_aes_256_cbc_hmac_sha1: +- case NID_des_ede3_cbc_hmac_sha1: + maclen = SHA_DIGEST_LENGTH; ++ break; ++ case NID_tls11_des_ede3_cbc_hmac_sha1: ++ case NID_tls11_aes_128_cbc_hmac_sha1: ++ case NID_tls11_aes_256_cbc_hmac_sha1: ++ maclen = SHA_DIGEST_LENGTH; ++ aad_needs_fix = true; ++ break; ++ } ++ ++ /* Correct length for AAD Length field */ ++ if (ctx->encrypt && aad_needs_fix) { ++ len = cryptlen - bs; ++ p[arg-2] = len >> 8; ++ p[arg-1] = len & 0xff; + } + + /* space required for encryption (not only TLS padding) */ +@@ -1131,6 +1165,48 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = { + NULL + }; + ++const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1 = { ++ NID_tls11_des_ede3_cbc_hmac_sha1, ++ 8, 24, 8, ++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, ++ cryptodev_init_aead_key, ++ cryptodev_aead_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ cryptodev_cbc_hmac_sha1_ctrl, ++ NULL ++}; ++ ++const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1 = { ++ NID_tls11_aes_128_cbc_hmac_sha1, ++ 16, 16, 16, ++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, ++ cryptodev_init_aead_key, ++ cryptodev_aead_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ cryptodev_cbc_hmac_sha1_ctrl, ++ NULL ++}; ++ ++const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = { ++ NID_tls11_aes_256_cbc_hmac_sha1, ++ 16, 32, 16, ++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, ++ cryptodev_init_aead_key, ++ cryptodev_aead_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ cryptodev_cbc_hmac_sha1_ctrl, ++ NULL ++}; ++ + const EVP_CIPHER cryptodev_aes_128_gcm = { + NID_aes_128_gcm, + 1, 16, 12, +@@ -1184,6 +1260,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, + case NID_aes_256_cbc: + *cipher = &cryptodev_aes_256_cbc; + break; ++ case NID_aes_128_gcm: ++ *cipher = &cryptodev_aes_128_gcm; ++ break; + case NID_des_ede3_cbc_hmac_sha1: + *cipher = &cryptodev_3des_cbc_hmac_sha1; + break; +@@ -1193,8 +1272,14 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, + case NID_aes_256_cbc_hmac_sha1: + *cipher = &cryptodev_aes_256_cbc_hmac_sha1; + break; +- case NID_aes_128_gcm: +- *cipher = &cryptodev_aes_128_gcm; ++ case NID_tls11_des_ede3_cbc_hmac_sha1: ++ *cipher = &cryptodev_tls11_3des_cbc_hmac_sha1; ++ break; ++ case NID_tls11_aes_128_cbc_hmac_sha1: ++ *cipher = &cryptodev_tls11_aes_128_cbc_hmac_sha1; ++ break; ++ case NID_tls11_aes_256_cbc_hmac_sha1: ++ *cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1; + break; + default: + *cipher = NULL; +diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h +index 9f2267a..dc89b0a 100644 +--- a/crypto/objects/obj_dat.h ++++ b/crypto/objects/obj_dat.h +@@ -62,9 +62,9 @@ + * [including the GNU Public Licence.] + */ + +-#define NUM_NID 921 +-#define NUM_SN 914 +-#define NUM_LN 914 ++#define NUM_NID 924 ++#define NUM_SN 917 ++#define NUM_LN 917 + #define NUM_OBJ 857 + + static const unsigned char lvalues[5974]={ +@@ -2401,6 +2401,12 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ + {"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0}, + {"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1", + NID_des_ede3_cbc_hmac_sha1,0,NULL,0}, ++{"TLS11-DES-EDE3-CBC-HMAC-SHA1","tls11-des-ede3-cbc-hmac-sha1", ++ NID_tls11_des_ede3_cbc_hmac_sha1,0,NULL,0}, ++{"TLS11-AES-128-CBC-HMAC-SHA1","tls11-aes-128-cbc-hmac-sha1", ++ NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0}, ++{"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1", ++ NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0}, + }; + + static const unsigned int sn_objs[NUM_SN]={ +@@ -2586,6 +2592,9 @@ static const unsigned int sn_objs[NUM_SN]={ + 100, /* "SN" */ + 16, /* "ST" */ + 143, /* "SXNetID" */ ++922, /* "TLS11-AES-128-CBC-HMAC-SHA1" */ ++923, /* "TLS11-AES-256-CBC-HMAC-SHA1" */ ++921, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */ + 458, /* "UID" */ + 0, /* "UNDEF" */ + 11, /* "X500" */ +@@ -4205,6 +4214,9 @@ static const unsigned int ln_objs[NUM_LN]={ + 459, /* "textEncodedORAddress" */ + 293, /* "textNotice" */ + 106, /* "title" */ ++922, /* "tls11-aes-128-cbc-hmac-sha1" */ ++923, /* "tls11-aes-256-cbc-hmac-sha1" */ ++921, /* "tls11-des-ede3-cbc-hmac-sha1" */ + 682, /* "tpBasis" */ + 436, /* "ucl" */ + 0, /* "undefined" */ +diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h +index 8751902..f181890 100644 +--- a/crypto/objects/obj_mac.h ++++ b/crypto/objects/obj_mac.h +@@ -4034,3 +4034,15 @@ + #define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1" + #define NID_des_ede3_cbc_hmac_sha1 920 + ++#define SN_tls11_des_ede3_cbc_hmac_sha1 "TLS11-DES-EDE3-CBC-HMAC-SHA1" ++#define LN_tls11_des_ede3_cbc_hmac_sha1 "tls11-des-ede3-cbc-hmac-sha1" ++#define NID_tls11_des_ede3_cbc_hmac_sha1 921 ++ ++#define SN_tls11_aes_128_cbc_hmac_sha1 "TLS11-AES-128-CBC-HMAC-SHA1" ++#define LN_tls11_aes_128_cbc_hmac_sha1 "tls11-aes-128-cbc-hmac-sha1" ++#define NID_tls11_aes_128_cbc_hmac_sha1 922 ++ ++#define SN_tls11_aes_256_cbc_hmac_sha1 "TLS11-AES-256-CBC-HMAC-SHA1" ++#define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1" ++#define NID_tls11_aes_256_cbc_hmac_sha1 923 ++ +diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num +index 9d44bb5..a02b58c 100644 +--- a/crypto/objects/obj_mac.num ++++ b/crypto/objects/obj_mac.num +@@ -918,3 +918,6 @@ aes_192_cbc_hmac_sha1 917 + aes_256_cbc_hmac_sha1 918 + rsaesOaep 919 + des_ede3_cbc_hmac_sha1 920 ++tls11_des_ede3_cbc_hmac_sha1 921 ++tls11_aes_128_cbc_hmac_sha1 922 ++tls11_aes_256_cbc_hmac_sha1 923 +diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt +index 90d2fc5..1973658 100644 +--- a/crypto/objects/objects.txt ++++ b/crypto/objects/objects.txt +@@ -1291,3 +1291,6 @@ kisa 1 6 : SEED-OFB : seed-ofb + : AES-192-CBC-HMAC-SHA1 : aes-192-cbc-hmac-sha1 + : AES-256-CBC-HMAC-SHA1 : aes-256-cbc-hmac-sha1 + : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1 ++ : TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1 ++ : TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1 ++ : TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1 +diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c +index 310fe76..0408986 100644 +--- a/ssl/ssl_ciph.c ++++ b/ssl/ssl_ciph.c +@@ -631,17 +631,35 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, + c->algorithm_mac == SSL_MD5 && + (evp=EVP_get_cipherbyname("RC4-HMAC-MD5"))) + *enc = evp, *md = NULL; +- else if (c->algorithm_enc == SSL_AES128 && ++ else if (s->ssl_version == TLS1_VERSION && ++ c->algorithm_enc == SSL_3DES && ++ c->algorithm_mac == SSL_SHA1 && ++ (evp=EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1"))) ++ *enc = evp, *md = NULL; ++ else if (s->ssl_version == TLS1_VERSION && ++ c->algorithm_enc == SSL_AES128 && + c->algorithm_mac == SSL_SHA1 && + (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) + *enc = evp, *md = NULL; +- else if (c->algorithm_enc == SSL_AES256 && ++ else if (s->ssl_version == TLS1_VERSION && ++ c->algorithm_enc == SSL_AES256 && + c->algorithm_mac == SSL_SHA1 && + (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) + *enc = evp, *md = NULL; +- else if (c->algorithm_enc == SSL_3DES && ++ else if (s->ssl_version == TLS1_1_VERSION && ++ c->algorithm_enc == SSL_3DES && ++ c->algorithm_mac == SSL_SHA1 && ++ (evp=EVP_get_cipherbyname("TLS11-DES-EDE3-CBC-HMAC-SHA1"))) ++ *enc = evp, *md = NULL; ++ else if (s->ssl_version == TLS1_1_VERSION && ++ c->algorithm_enc == SSL_AES128 && ++ c->algorithm_mac == SSL_SHA1 && ++ (evp=EVP_get_cipherbyname("TLS11-AES-128-CBC-HMAC-SHA1"))) ++ *enc = evp, *md = NULL; ++ else if (s->ssl_version == TLS1_1_VERSION && ++ c->algorithm_enc == SSL_AES256 && + c->algorithm_mac == SSL_SHA1 && +- (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1"))) ++ (evp=EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1"))) + *enc = evp, *md = NULL; + return(1); + } +-- +2.3.5 + diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch new file mode 100644 index 0000000..7370c49 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch @@ -0,0 +1,359 @@ +From a58703e6601fcfcfe69fdb3e7152ed76b40d67e9 Mon Sep 17 00:00:00 2001 +From: Tudor Ambarus +Date: Tue, 31 Mar 2015 16:32:35 +0300 +Subject: [PATCH 20/26] eng_cryptodev: add support for TLSv1.2 record offload + +Supported cipher suites: +- 3des-ede-cbc-sha +- aes-128-cbc-hmac-sha +- aes-256-cbc-hmac-sha +- aes-128-cbc-hmac-sha256 +- aes-256-cbc-hmac-sha256 + +Requires TLS patches on cryptodev and TLS algorithm support in Linux +kernel driver. + +Signed-off-by: Tudor Ambarus +Change-Id: I0ac6953dd62e2655a59d8f3eaefd012b7ecebf55 +Reviewed-on: http://git.am.freescale.net:8181/34003 +Reviewed-by: Cristian Stoica +Tested-by: Cristian Stoica +--- + crypto/engine/eng_cryptodev.c | 123 ++++++++++++++++++++++++++++++++++++++++++ + crypto/objects/obj_dat.h | 26 +++++++-- + crypto/objects/obj_mac.h | 20 +++++++ + crypto/objects/obj_mac.num | 5 ++ + crypto/objects/objects.txt | 5 ++ + ssl/ssl_ciph.c | 25 +++++++++ + 6 files changed, 201 insertions(+), 3 deletions(-) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index f71ab27..fa5fe1b 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -140,6 +140,11 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; + const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1; + const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1; + const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1; ++const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1; ++const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1; ++const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1; ++const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256; ++const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256; + + inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) + { +@@ -263,6 +268,11 @@ static struct { + { CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8, 24, 20}, + { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16, 20}, + { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32, 20}, ++ { CRYPTO_TLS12_3DES_CBC_HMAC_SHA1, NID_tls12_des_ede3_cbc_hmac_sha1, 8, 24, 20}, ++ { CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_128_cbc_hmac_sha1, 16, 16, 20}, ++ { CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_256_cbc_hmac_sha1, 16, 32, 20}, ++ { CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_128_cbc_hmac_sha256, 16, 16, 32}, ++ { CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_256_cbc_hmac_sha256, 16, 32, 32}, + { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0}, + { 0, NID_undef, 0, 0, 0}, + }; +@@ -487,6 +497,21 @@ cryptodev_usable_ciphers(const int **nids) + case NID_tls11_aes_256_cbc_hmac_sha1: + EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1); + break; ++ case NID_tls12_des_ede3_cbc_hmac_sha1: ++ EVP_add_cipher(&cryptodev_tls12_3des_cbc_hmac_sha1); ++ break; ++ case NID_tls12_aes_128_cbc_hmac_sha1: ++ EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha1); ++ break; ++ case NID_tls12_aes_256_cbc_hmac_sha1: ++ EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha1); ++ break; ++ case NID_tls12_aes_128_cbc_hmac_sha256: ++ EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha256); ++ break; ++ case NID_tls12_aes_256_cbc_hmac_sha256: ++ EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha256); ++ break; + } + } + return count; +@@ -596,6 +621,11 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + case NID_tls11_des_ede3_cbc_hmac_sha1: + case NID_tls11_aes_128_cbc_hmac_sha1: + case NID_tls11_aes_256_cbc_hmac_sha1: ++ case NID_tls12_des_ede3_cbc_hmac_sha1: ++ case NID_tls12_aes_128_cbc_hmac_sha1: ++ case NID_tls12_aes_256_cbc_hmac_sha1: ++ case NID_tls12_aes_128_cbc_hmac_sha256: ++ case NID_tls12_aes_256_cbc_hmac_sha256: + cryp.flags = COP_FLAG_AEAD_TLS_TYPE; + } + cryp.ses = sess->ses; +@@ -795,9 +825,17 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + case NID_tls11_des_ede3_cbc_hmac_sha1: + case NID_tls11_aes_128_cbc_hmac_sha1: + case NID_tls11_aes_256_cbc_hmac_sha1: ++ case NID_tls12_des_ede3_cbc_hmac_sha1: ++ case NID_tls12_aes_128_cbc_hmac_sha1: ++ case NID_tls12_aes_256_cbc_hmac_sha1: + maclen = SHA_DIGEST_LENGTH; + aad_needs_fix = true; + break; ++ case NID_tls12_aes_128_cbc_hmac_sha256: ++ case NID_tls12_aes_256_cbc_hmac_sha256: ++ maclen = SHA256_DIGEST_LENGTH; ++ aad_needs_fix = true; ++ break; + } + + /* Correct length for AAD Length field */ +@@ -1207,6 +1245,76 @@ const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = { + NULL + }; + ++const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1 = { ++ NID_tls12_des_ede3_cbc_hmac_sha1, ++ 8, 24, 8, ++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, ++ cryptodev_init_aead_key, ++ cryptodev_aead_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ cryptodev_cbc_hmac_sha1_ctrl, ++ NULL ++}; ++ ++const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1 = { ++ NID_tls12_aes_128_cbc_hmac_sha1, ++ 16, 16, 16, ++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, ++ cryptodev_init_aead_key, ++ cryptodev_aead_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ cryptodev_cbc_hmac_sha1_ctrl, ++ NULL ++}; ++ ++const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1 = { ++ NID_tls12_aes_256_cbc_hmac_sha1, ++ 16, 32, 16, ++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, ++ cryptodev_init_aead_key, ++ cryptodev_aead_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ cryptodev_cbc_hmac_sha1_ctrl, ++ NULL ++}; ++ ++const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256 = { ++ NID_tls12_aes_128_cbc_hmac_sha256, ++ 16, 16, 16, ++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, ++ cryptodev_init_aead_key, ++ cryptodev_aead_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ cryptodev_cbc_hmac_sha1_ctrl, ++ NULL ++}; ++ ++const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256 = { ++ NID_tls12_aes_256_cbc_hmac_sha256, ++ 16, 32, 16, ++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, ++ cryptodev_init_aead_key, ++ cryptodev_aead_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ cryptodev_cbc_hmac_sha1_ctrl, ++ NULL ++}; ++ + const EVP_CIPHER cryptodev_aes_128_gcm = { + NID_aes_128_gcm, + 1, 16, 12, +@@ -1281,6 +1389,21 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, + case NID_tls11_aes_256_cbc_hmac_sha1: + *cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1; + break; ++ case NID_tls12_des_ede3_cbc_hmac_sha1: ++ *cipher = &cryptodev_tls12_3des_cbc_hmac_sha1; ++ break; ++ case NID_tls12_aes_128_cbc_hmac_sha1: ++ *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha1; ++ break; ++ case NID_tls12_aes_256_cbc_hmac_sha1: ++ *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha1; ++ break; ++ case NID_tls12_aes_128_cbc_hmac_sha256: ++ *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha256; ++ break; ++ case NID_tls12_aes_256_cbc_hmac_sha256: ++ *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha256; ++ break; + default: + *cipher = NULL; + break; +diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h +index dc89b0a..dfe19da 100644 +--- a/crypto/objects/obj_dat.h ++++ b/crypto/objects/obj_dat.h +@@ -62,9 +62,9 @@ + * [including the GNU Public Licence.] + */ + +-#define NUM_NID 924 +-#define NUM_SN 917 +-#define NUM_LN 917 ++#define NUM_NID 929 ++#define NUM_SN 922 ++#define NUM_LN 922 + #define NUM_OBJ 857 + + static const unsigned char lvalues[5974]={ +@@ -2407,6 +2407,16 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ + NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0}, + {"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1", + NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0}, ++{"TLS12-DES-EDE3-CBC-HMAC-SHA1","tls12-des-ede3-cbc-hmac-sha1", ++ NID_tls12_des_ede3_cbc_hmac_sha1,0,NULL,0}, ++{"TLS12-AES-128-CBC-HMAC-SHA1","tls12-aes-128-cbc-hmac-sha1", ++ NID_tls12_aes_128_cbc_hmac_sha1,0,NULL,0}, ++{"TLS12-AES-256-CBC-HMAC-SHA1","tls12-aes-256-cbc-hmac-sha1", ++ NID_tls12_aes_256_cbc_hmac_sha1,0,NULL,0}, ++{"TLS12-AES-128-CBC-HMAC-SHA256","tls12-aes-128-cbc-hmac-sha256", ++ NID_tls12_aes_128_cbc_hmac_sha256,0,NULL,0}, ++{"TLS12-AES-256-CBC-HMAC-SHA256","tls12-aes-256-cbc-hmac-sha256", ++ NID_tls12_aes_256_cbc_hmac_sha256,0,NULL,0}, + }; + + static const unsigned int sn_objs[NUM_SN]={ +@@ -2595,6 +2605,11 @@ static const unsigned int sn_objs[NUM_SN]={ + 922, /* "TLS11-AES-128-CBC-HMAC-SHA1" */ + 923, /* "TLS11-AES-256-CBC-HMAC-SHA1" */ + 921, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */ ++925, /* "TLS12-AES-128-CBC-HMAC-SHA1" */ ++927, /* "TLS12-AES-128-CBC-HMAC-SHA256" */ ++926, /* "TLS12-AES-256-CBC-HMAC-SHA1" */ ++928, /* "TLS12-AES-256-CBC-HMAC-SHA256" */ ++924, /* "TLS12-DES-EDE3-CBC-HMAC-SHA1" */ + 458, /* "UID" */ + 0, /* "UNDEF" */ + 11, /* "X500" */ +@@ -4217,6 +4232,11 @@ static const unsigned int ln_objs[NUM_LN]={ + 922, /* "tls11-aes-128-cbc-hmac-sha1" */ + 923, /* "tls11-aes-256-cbc-hmac-sha1" */ + 921, /* "tls11-des-ede3-cbc-hmac-sha1" */ ++925, /* "tls12-aes-128-cbc-hmac-sha1" */ ++927, /* "tls12-aes-128-cbc-hmac-sha256" */ ++926, /* "tls12-aes-256-cbc-hmac-sha1" */ ++928, /* "tls12-aes-256-cbc-hmac-sha256" */ ++924, /* "tls12-des-ede3-cbc-hmac-sha1" */ + 682, /* "tpBasis" */ + 436, /* "ucl" */ + 0, /* "undefined" */ +diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h +index f181890..5af125e 100644 +--- a/crypto/objects/obj_mac.h ++++ b/crypto/objects/obj_mac.h +@@ -4046,3 +4046,23 @@ + #define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1" + #define NID_tls11_aes_256_cbc_hmac_sha1 923 + ++#define SN_tls12_des_ede3_cbc_hmac_sha1 "TLS12-DES-EDE3-CBC-HMAC-SHA1" ++#define LN_tls12_des_ede3_cbc_hmac_sha1 "tls12-des-ede3-cbc-hmac-sha1" ++#define NID_tls12_des_ede3_cbc_hmac_sha1 924 ++ ++#define SN_tls12_aes_128_cbc_hmac_sha1 "TLS12-AES-128-CBC-HMAC-SHA1" ++#define LN_tls12_aes_128_cbc_hmac_sha1 "tls12-aes-128-cbc-hmac-sha1" ++#define NID_tls12_aes_128_cbc_hmac_sha1 925 ++ ++#define SN_tls12_aes_256_cbc_hmac_sha1 "TLS12-AES-256-CBC-HMAC-SHA1" ++#define LN_tls12_aes_256_cbc_hmac_sha1 "tls12-aes-256-cbc-hmac-sha1" ++#define NID_tls12_aes_256_cbc_hmac_sha1 926 ++ ++#define SN_tls12_aes_128_cbc_hmac_sha256 "TLS12-AES-128-CBC-HMAC-SHA256" ++#define LN_tls12_aes_128_cbc_hmac_sha256 "tls12-aes-128-cbc-hmac-sha256" ++#define NID_tls12_aes_128_cbc_hmac_sha256 927 ++ ++#define SN_tls12_aes_256_cbc_hmac_sha256 "TLS12-AES-256-CBC-HMAC-SHA256" ++#define LN_tls12_aes_256_cbc_hmac_sha256 "tls12-aes-256-cbc-hmac-sha256" ++#define NID_tls12_aes_256_cbc_hmac_sha256 928 ++ +diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num +index a02b58c..deeba3a 100644 +--- a/crypto/objects/obj_mac.num ++++ b/crypto/objects/obj_mac.num +@@ -921,3 +921,8 @@ des_ede3_cbc_hmac_sha1 920 + tls11_des_ede3_cbc_hmac_sha1 921 + tls11_aes_128_cbc_hmac_sha1 922 + tls11_aes_256_cbc_hmac_sha1 923 ++tls12_des_ede3_cbc_hmac_sha1 924 ++tls12_aes_128_cbc_hmac_sha1 925 ++tls12_aes_256_cbc_hmac_sha1 926 ++tls12_aes_128_cbc_hmac_sha256 927 ++tls12_aes_256_cbc_hmac_sha256 928 +diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt +index 1973658..6e4ac93 100644 +--- a/crypto/objects/objects.txt ++++ b/crypto/objects/objects.txt +@@ -1294,3 +1294,8 @@ kisa 1 6 : SEED-OFB : seed-ofb + : TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1 + : TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1 + : TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1 ++ : TLS12-DES-EDE3-CBC-HMAC-SHA1 : tls12-des-ede3-cbc-hmac-sha1 ++ : TLS12-AES-128-CBC-HMAC-SHA1 : tls12-aes-128-cbc-hmac-sha1 ++ : TLS12-AES-256-CBC-HMAC-SHA1 : tls12-aes-256-cbc-hmac-sha1 ++ : TLS12-AES-128-CBC-HMAC-SHA256 : tls12-aes-128-cbc-hmac-sha256 ++ : TLS12-AES-256-CBC-HMAC-SHA256 : tls12-aes-256-cbc-hmac-sha256 +diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c +index 0408986..77a82f6 100644 +--- a/ssl/ssl_ciph.c ++++ b/ssl/ssl_ciph.c +@@ -661,6 +661,31 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, + c->algorithm_mac == SSL_SHA1 && + (evp=EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1"))) + *enc = evp, *md = NULL; ++ else if (s->ssl_version == TLS1_2_VERSION && ++ c->algorithm_enc == SSL_3DES && ++ c->algorithm_mac == SSL_SHA1 && ++ (evp=EVP_get_cipherbyname("TLS12-DES-EDE3-CBC-HMAC-SHA1"))) ++ *enc = evp, *md = NULL; ++ else if (s->ssl_version == TLS1_2_VERSION && ++ c->algorithm_enc == SSL_AES128 && ++ c->algorithm_mac == SSL_SHA1 && ++ (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA1"))) ++ *enc = evp, *md = NULL; ++ else if (s->ssl_version == TLS1_2_VERSION && ++ c->algorithm_enc == SSL_AES256 && ++ c->algorithm_mac == SSL_SHA1 && ++ (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA1"))) ++ *enc = evp, *md = NULL; ++ else if (s->ssl_version == TLS1_2_VERSION && ++ c->algorithm_enc == SSL_AES128 && ++ c->algorithm_mac == SSL_SHA256 && ++ (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA256"))) ++ *enc = evp, *md = NULL; ++ else if (s->ssl_version == TLS1_2_VERSION && ++ c->algorithm_enc == SSL_AES256 && ++ c->algorithm_mac == SSL_SHA256 && ++ (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA256"))) ++ *enc = evp, *md = NULL; + return(1); + } + else +-- +2.3.5 + diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-drop-redundant-function.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-drop-redundant-function.patch new file mode 100644 index 0000000..16cc688 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-drop-redundant-function.patch @@ -0,0 +1,75 @@ +From ea4abc255c6c5feec01cb1e30c6082cfe47860e2 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Thu, 19 Feb 2015 16:11:53 +0200 +Subject: [PATCH 21/26] cryptodev: drop redundant function + +get_dev_crypto already caches the result. Another cache in-between is +useless. + +Change-Id: Ibd162529d3fb7a561a17f1a707d5d287c1586a3a +Signed-off-by: Cristian Stoica +Reviewed-on: http://git.am.freescale.net:8181/34216 +--- + crypto/engine/eng_cryptodev.c | 18 +++--------------- + 1 file changed, 3 insertions(+), 15 deletions(-) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index fa5fe1b..1ab5551 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -96,7 +96,6 @@ struct dev_crypto_state { + + static u_int32_t cryptodev_asymfeat = 0; + +-static int get_asym_dev_crypto(void); + static int open_dev_crypto(void); + static int get_dev_crypto(void); + static int get_cryptodev_ciphers(const int **cnids); +@@ -357,17 +356,6 @@ static void put_dev_crypto(int fd) + #endif + } + +-/* Caching version for asym operations */ +-static int +-get_asym_dev_crypto(void) +-{ +- static int fd = -1; +- +- if (fd == -1) +- fd = get_dev_crypto(); +- return fd; +-} +- + /* + * Find out what ciphers /dev/crypto will let us have a session for. + * XXX note, that some of these openssl doesn't deal with yet! +@@ -1796,7 +1784,7 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) + { + int fd, ret = -1; + +- if ((fd = get_asym_dev_crypto()) < 0) ++ if ((fd = get_dev_crypto()) < 0) + return (ret); + + if (r) { +@@ -2374,7 +2362,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) + int p_len, q_len; + int i; + +- if ((fd = get_asym_dev_crypto()) < 0) ++ if ((fd = get_dev_crypto()) < 0) + goto sw_try; + + if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err; +@@ -3928,7 +3916,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) + BIGNUM *temp = NULL; + unsigned char *padded_pub_key = NULL, *p = NULL; + +- if ((fd = get_asym_dev_crypto()) < 0) ++ if ((fd = get_dev_crypto()) < 0) + goto sw_try; + + memset(&kop, 0, sizeof kop); +-- +2.3.5 + diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-do-not-zero-the-buffer-before-use.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-do-not-zero-the-buffer-before-use.patch new file mode 100644 index 0000000..0b2f0f1 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-do-not-zero-the-buffer-before-use.patch @@ -0,0 +1,48 @@ +From 75e3e7d600eb72e7374b1ecf5ece7b831bc98ed8 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Tue, 17 Feb 2015 13:12:53 +0200 +Subject: [PATCH 22/26] cryptodev: do not zero the buffer before use + +- The buffer is just about to be overwritten. Zeroing it before that has + no purpose + +Change-Id: I478c31bd2e254561474a7edf5e37980ca04217ce +Signed-off-by: Cristian Stoica +Reviewed-on: http://git.am.freescale.net:8181/34217 +--- + crypto/engine/eng_cryptodev.c | 13 ++++--------- + 1 file changed, 4 insertions(+), 9 deletions(-) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index 1ab5551..dbc5989 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -1681,21 +1681,16 @@ static int + bn2crparam(const BIGNUM *a, struct crparam *crp) + { + ssize_t bytes, bits; +- u_char *b; +- +- crp->crp_p = NULL; +- crp->crp_nbits = 0; + + bits = BN_num_bits(a); + bytes = (bits + 7) / 8; + +- b = malloc(bytes); +- if (b == NULL) ++ crp->crp_nbits = bits; ++ crp->crp_p = malloc(bytes); ++ ++ if (crp->crp_p == NULL) + return (1); +- memset(b, 0, bytes); + +- crp->crp_p = (caddr_t) b; +- crp->crp_nbits = bits; + BN_bn2bin(a, crp->crp_p); + return (0); + } +-- +2.3.5 + diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-clean-up-code-layout.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-clean-up-code-layout.patch new file mode 100644 index 0000000..5ff1c5c --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-clean-up-code-layout.patch @@ -0,0 +1,72 @@ +From 4453b06b940fc03a0973cfd96f908e46cce61054 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Wed, 18 Feb 2015 10:39:46 +0200 +Subject: [PATCH 23/26] cryptodev: clean-up code layout + +This is just a refactoring that uses else branch to check for malloc failures + +Change-Id: I6dc157af36d6ec51a4edfc82cf97fae2e7e83628 +Signed-off-by: Cristian Stoica +Reviewed-on: http://git.am.freescale.net:8181/34218 +--- + crypto/engine/eng_cryptodev.c | 42 ++++++++++++++++++++---------------------- + 1 file changed, 20 insertions(+), 22 deletions(-) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index dbc5989..dceb4f5 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -1745,30 +1745,28 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, + fd = *(int *)cookie->eng_handle; + + eng_cookie = malloc(sizeof(struct cryptodev_cookie_s)); +- +- if (eng_cookie) { +- memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s)); +- if (r) { +- kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); +- if (!kop->crk_param[kop->crk_iparams].crp_p) +- return -ENOMEM; +- kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; +- kop->crk_oparams++; +- eng_cookie->r = r; +- eng_cookie->r_param = kop->crk_param[kop->crk_iparams]; +- } +- if (s) { +- kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char)); +- if (!kop->crk_param[kop->crk_iparams+1].crp_p) +- return -ENOMEM; +- kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8; +- kop->crk_oparams++; +- eng_cookie->s = s; +- eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1]; +- } +- } else ++ if (!eng_cookie) + return -ENOMEM; + ++ memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s)); ++ if (r) { ++ kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); ++ if (!kop->crk_param[kop->crk_iparams].crp_p) ++ return -ENOMEM; ++ kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; ++ kop->crk_oparams++; ++ eng_cookie->r = r; ++ eng_cookie->r_param = kop->crk_param[kop->crk_iparams]; ++ } ++ if (s) { ++ kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char)); ++ if (!kop->crk_param[kop->crk_iparams+1].crp_p) ++ return -ENOMEM; ++ kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8; ++ kop->crk_oparams++; ++ eng_cookie->s = s; ++ eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1]; ++ } + eng_cookie->kop = kop; + cookie->eng_cookie = eng_cookie; + return ioctl(fd, CIOCASYMASYNCRYPT, kop); +-- +2.3.5 + diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch new file mode 100644 index 0000000..e798d3e --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch @@ -0,0 +1,100 @@ +From a44701abd995b3db80001d0c5d88e9ead05972c1 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Thu, 19 Feb 2015 16:43:29 +0200 +Subject: [PATCH 24/26] cryptodev: do not cache file descriptor in 'open' + +The file descriptor returned by get_dev_crypto is cached after a +successful return. The issue is, it is cached inside 'open_dev_crypto' +which is no longer useful as a general purpose open("/dev/crypto") +function. + +This patch is a refactoring that moves the caching operation from +open_dev_crypto to get_dev_crypto and leaves the former as a simpler +function true to its name + +Change-Id: I980170969410381973ce75f6679a4a1401738847 +Signed-off-by: Cristian Stoica +Reviewed-on: http://git.am.freescale.net:8181/34219 +--- + crypto/engine/eng_cryptodev.c | 50 +++++++++++++++++++++---------------------- + 1 file changed, 24 insertions(+), 26 deletions(-) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index dceb4f5..b74fc7c 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -306,47 +306,45 @@ static void ctr64_inc(unsigned char *counter) { + if (c) return; + } while (n); + } +-/* +- * Return a fd if /dev/crypto seems usable, 0 otherwise. +- */ +-static int +-open_dev_crypto(void) ++ ++static int open_dev_crypto(void) + { +- static int fd = -1; ++ int fd; + +- if (fd == -1) { +- if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) +- return (-1); +- /* close on exec */ +- if (fcntl(fd, F_SETFD, 1) == -1) { +- close(fd); +- fd = -1; +- return (-1); +- } ++ fd = open("/dev/crypto", O_RDWR, 0); ++ if ( fd < 0) ++ return -1; ++ ++ /* close on exec */ ++ if (fcntl(fd, F_SETFD, 1) == -1) { ++ close(fd); ++ return -1; + } +- return (fd); ++ ++ return fd; + } + +-static int +-get_dev_crypto(void) ++static int get_dev_crypto(void) + { +- int fd, retfd; ++ static int fd = -1; ++ int retfd; + +- if ((fd = open_dev_crypto()) == -1) +- return (-1); +-#ifndef CRIOGET_NOT_NEEDED ++ if (fd == -1) ++ fd = open_dev_crypto(); ++#ifdef CRIOGET_NOT_NEEDED ++ return fd; ++#else ++ if (fd == -1) ++ return -1; + if (ioctl(fd, CRIOGET, &retfd) == -1) + return (-1); +- + /* close on exec */ + if (fcntl(retfd, F_SETFD, 1) == -1) { + close(retfd); + return (-1); + } +-#else +- retfd = fd; ++ return retfd; + #endif +- return (retfd); + } + + static void put_dev_crypto(int fd) +-- +2.3.5 + diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-put_dev_crypto-should-be-an-int.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-put_dev_crypto-should-be-an-int.patch new file mode 100644 index 0000000..a48dc6a --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-put_dev_crypto-should-be-an-int.patch @@ -0,0 +1,35 @@ +From 84a8007b6e92fe4c2696cc9e330207ee03303a20 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Thu, 19 Feb 2015 13:09:32 +0200 +Subject: [PATCH 25/26] cryptodev: put_dev_crypto should be an int + +Change-Id: Ie0a83bc07a37132286c098b17ef35d98de74b043 +Signed-off-by: Cristian Stoica +Reviewed-on: http://git.am.freescale.net:8181/34220 +--- + crypto/engine/eng_cryptodev.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index b74fc7c..c9db27d 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -347,10 +347,12 @@ static int get_dev_crypto(void) + #endif + } + +-static void put_dev_crypto(int fd) ++static int put_dev_crypto(int fd) + { +-#ifndef CRIOGET_NOT_NEEDED +- close(fd); ++#ifdef CRIOGET_NOT_NEEDED ++ return 0; ++#else ++ return close(fd); + #endif + } + +-- +2.3.5 + diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch new file mode 100644 index 0000000..6527ac8 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch @@ -0,0 +1,250 @@ +From 787539e7720c99785f6c664a7484842bba08f6ed Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Thu, 19 Feb 2015 13:39:52 +0200 +Subject: [PATCH 26/26] cryptodev: simplify cryptodev pkc support code + +- Engine init returns directly a file descriptor instead of a pointer to one +- Similarly, the Engine close will now just close the file + +Change-Id: Ief736d0776c7009dee002204fb1d4ce9d31c8787 +Signed-off-by: Cristian Stoica +Reviewed-on: http://git.am.freescale.net:8181/34221 +--- + crypto/crypto.h | 2 +- + crypto/engine/eng_cryptodev.c | 35 +++----------------------- + crypto/engine/eng_int.h | 14 +++-------- + crypto/engine/eng_lib.c | 57 +++++++++++++++++++++---------------------- + crypto/engine/engine.h | 13 +++++----- + 5 files changed, 42 insertions(+), 79 deletions(-) + +diff --git a/crypto/crypto.h b/crypto/crypto.h +index ce12731..292427e 100644 +--- a/crypto/crypto.h ++++ b/crypto/crypto.h +@@ -618,7 +618,7 @@ struct pkc_cookie_s { + * -EINVAL: Parameters Invalid + */ + void (*pkc_callback)(struct pkc_cookie_s *cookie, int status); +- void *eng_handle; ++ int eng_handle; + }; + + #ifdef __cplusplus +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index c9db27d..f173bde 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -1742,7 +1742,7 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, + struct pkc_cookie_s *cookie = kop->cookie; + struct cryptodev_cookie_s *eng_cookie; + +- fd = *(int *)cookie->eng_handle; ++ fd = cookie->eng_handle; + + eng_cookie = malloc(sizeof(struct cryptodev_cookie_s)); + if (!eng_cookie) +@@ -1802,38 +1802,11 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) + return (ret); + } + +-/* Close an opened instance of cryptodev engine */ +-void cryptodev_close_instance(void *handle) +-{ +- int fd; +- +- if (handle) { +- fd = *(int *)handle; +- close(fd); +- free(handle); +- } +-} +- +-/* Create an instance of cryptodev for asynchronous interface */ +-void *cryptodev_init_instance(void) +-{ +- int *fd = malloc(sizeof(int)); +- +- if (fd) { +- if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) { +- free(fd); +- return NULL; +- } +- } +- return fd; +-} +- + #include + + /* Return 0 on success and 1 on failure */ +-int cryptodev_check_availability(void *eng_handle) ++int cryptodev_check_availability(int fd) + { +- int fd = *(int *)eng_handle; + struct pkc_cookie_list_s cookie_list; + struct pkc_cookie_s *cookie; + int i; +@@ -4540,8 +4513,8 @@ ENGINE_load_cryptodev(void) + } + + ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability); +- ENGINE_set_close_instance(engine, cryptodev_close_instance); +- ENGINE_set_init_instance(engine, cryptodev_init_instance); ++ ENGINE_set_close_instance(engine, put_dev_crypto); ++ ENGINE_set_open_instance(engine, open_dev_crypto); + ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC); + + ENGINE_add(engine); +diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h +index 8fc3077..8fb79c0 100644 +--- a/crypto/engine/eng_int.h ++++ b/crypto/engine/eng_int.h +@@ -181,23 +181,15 @@ struct engine_st + ENGINE_LOAD_KEY_PTR load_pubkey; + + ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert; +- /* +- * Instantiate Engine handle to be passed in check_pkc_availability +- * Ensure that Engine is instantiated before any pkc asynchronous call. +- */ +- void *(*engine_init_instance)(void); +- /* +- * Instantiated Engine handle will be closed with this call. +- * Ensure that no pkc asynchronous call is made after this call +- */ +- void (*engine_close_instance)(void *handle); ++ int (*engine_open_instance)(void); ++ int (*engine_close_instance)(int fd); + /* + * Check availability will extract the data from kernel. + * eng_handle: This is the Engine handle corresponds to which + * the cookies needs to be polled. + * return 0 if cookie available else 1 + */ +- int (*check_pkc_availability)(void *eng_handle); ++ int (*check_pkc_availability)(int fd); + /* + * The following map is used to check if the engine supports asynchronous implementation + * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous +diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c +index 6fa621c..6c9471b 100644 +--- a/crypto/engine/eng_lib.c ++++ b/crypto/engine/eng_lib.c +@@ -99,7 +99,7 @@ void engine_set_all_null(ENGINE *e) + e->load_privkey = NULL; + e->load_pubkey = NULL; + e->check_pkc_availability = NULL; +- e->engine_init_instance = NULL; ++ e->engine_open_instance = NULL; + e->engine_close_instance = NULL; + e->cmd_defns = NULL; + e->async_map = 0; +@@ -237,47 +237,46 @@ int ENGINE_set_id(ENGINE *e, const char *id) + return 1; + } + +-void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void)) +- { +- e->engine_init_instance = engine_init_instance; +- } ++void ENGINE_set_open_instance(ENGINE *e, int (*engine_open_instance)(void)) ++{ ++ e->engine_open_instance = engine_open_instance; ++} + +-void ENGINE_set_close_instance(ENGINE *e, +- void (*engine_close_instance)(void *)) +- { +- e->engine_close_instance = engine_close_instance; +- } ++void ENGINE_set_close_instance(ENGINE *e, int (*engine_close_instance)(int)) ++{ ++ e->engine_close_instance = engine_close_instance; ++} + + void ENGINE_set_async_map(ENGINE *e, int async_map) + { + e->async_map = async_map; + } + +-void *ENGINE_init_instance(ENGINE *e) +- { +- return e->engine_init_instance(); +- } +- +-void ENGINE_close_instance(ENGINE *e, void *eng_handle) +- { +- e->engine_close_instance(eng_handle); +- } +- + int ENGINE_get_async_map(ENGINE *e) + { + return e->async_map; + } + +-void ENGINE_set_check_pkc_availability(ENGINE *e, +- int (*check_pkc_availability)(void *eng_handle)) +- { +- e->check_pkc_availability = check_pkc_availability; +- } ++int ENGINE_open_instance(ENGINE *e) ++{ ++ return e->engine_open_instance(); ++} + +-int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle) +- { +- return e->check_pkc_availability(eng_handle); +- } ++int ENGINE_close_instance(ENGINE *e, int fd) ++{ ++ return e->engine_close_instance(fd); ++} ++ ++void ENGINE_set_check_pkc_availability(ENGINE *e, ++ int (*check_pkc_availability)(int fd)) ++{ ++ e->check_pkc_availability = check_pkc_availability; ++} ++ ++int ENGINE_check_pkc_availability(ENGINE *e, int fd) ++{ ++ return e->check_pkc_availability(fd); ++} + + int ENGINE_set_name(ENGINE *e, const char *name) + { +diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h +index ccff86a..3ba3e97 100644 +--- a/crypto/engine/engine.h ++++ b/crypto/engine/engine.h +@@ -473,9 +473,6 @@ ENGINE *ENGINE_new(void); + int ENGINE_free(ENGINE *e); + int ENGINE_up_ref(ENGINE *e); + int ENGINE_set_id(ENGINE *e, const char *id); +-void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void)); +-void ENGINE_set_close_instance(ENGINE *e, +- void (*engine_free_instance)(void *)); + /* + * Following FLAGS are bitmap store in async_map to set asynchronous interface capability + *of the engine +@@ -492,11 +489,13 @@ void ENGINE_set_async_map(ENGINE *e, int async_map); + * to confirm asynchronous methods supported + */ + int ENGINE_get_async_map(ENGINE *e); +-void *ENGINE_init_instance(ENGINE *e); +-void ENGINE_close_instance(ENGINE *e, void *eng_handle); ++int ENGINE_open_instance(ENGINE *e); ++int ENGINE_close_instance(ENGINE *e, int fd); ++void ENGINE_set_init_instance(ENGINE *e, int(*engine_init_instance)(void)); ++void ENGINE_set_close_instance(ENGINE *e, int(*engine_close_instance)(int)); + void ENGINE_set_check_pkc_availability(ENGINE *e, +- int (*check_pkc_availability)(void *eng_handle)); +-int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle); ++ int (*check_pkc_availability)(int fd)); ++int ENGINE_check_pkc_availability(ENGINE *e, int fd); + int ENGINE_set_name(ENGINE *e, const char *name); + int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); + int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); +-- +2.3.5 + diff --git a/recipes-connectivity/openssl/openssl-qoriq/shared-libs.patch b/recipes-connectivity/openssl/openssl-qoriq/shared-libs.patch new file mode 100644 index 0000000..a7ca0a3 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/shared-libs.patch @@ -0,0 +1,41 @@ +Upstream-Status: Inappropriate [configuration] + +Index: openssl-1.0.1e/crypto/Makefile +=================================================================== +--- openssl-1.0.1e.orig/crypto/Makefile ++++ openssl-1.0.1e/crypto/Makefile +@@ -108,7 +108,7 @@ $(LIB): $(LIBOBJ) + + shared: buildinf.h lib subdirs + if [ -n "$(SHARED_LIBS)" ]; then \ +- (cd ..; $(MAKE) $(SHARED_LIB)); \ ++ (cd ..; $(MAKE) -e $(SHARED_LIB)); \ + fi + + libs: +Index: openssl-1.0.1e/Makefile.org +=================================================================== +--- openssl-1.0.1e.orig/Makefile.org ++++ openssl-1.0.1e/Makefile.org +@@ -310,7 +310,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_ + + libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a + @if [ "$(SHLIB_TARGET)" != "" ]; then \ +- $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \ ++ $(MAKE) -e SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \ + else \ + echo "There's no support for shared libraries on this platform" >&2; \ + exit 1; \ +Index: openssl-1.0.1e/ssl/Makefile +=================================================================== +--- openssl-1.0.1e.orig/ssl/Makefile ++++ openssl-1.0.1e/ssl/Makefile +@@ -62,7 +62,7 @@ lib: $(LIBOBJ) + + shared: lib + if [ -n "$(SHARED_LIBS)" ]; then \ +- (cd ..; $(MAKE) $(SHARED_LIB)); \ ++ (cd ..; $(MAKE) -e $(SHARED_LIB)); \ + fi + + files: diff --git a/recipes-connectivity/openssl/openssl-qoriq_1.0.1i.bb b/recipes-connectivity/openssl/openssl-qoriq_1.0.1i.bb new file mode 100644 index 0000000..3b9d56e --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq_1.0.1i.bb @@ -0,0 +1,96 @@ +require openssl-qoriq.inc + +# For target side versions of openssl enable support for cryptodev Linux driver +# if they are available. +DEPENDS_class-target += "cryptodev-linux" +CFLAG_class-target += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" + +export DIRS = "crypto ssl apps engines" +export OE_LDFLAGS="${LDFLAGS}" + +SRC_URI += "file://configure-targets.patch \ + file://shared-libs.patch \ + file://oe-ldflags.patch \ + file://engines-install-in-libdir-ssl.patch \ + file://openssl-fix-link.patch \ + file://debian/version-script.patch \ + file://debian/pic.patch \ + file://debian/c_rehash-compat.patch \ + file://debian/ca.patch \ + file://debian/make-targets.patch \ + file://debian/no-rpath.patch \ + file://debian/man-dir.patch \ + file://debian/man-section.patch \ + file://debian/no-symbolic.patch \ + file://debian/debian-targets.patch \ + file://openssl_fix_for_x32.patch \ + file://fix-cipher-des-ede3-cfb1.patch \ + file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ + file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \ + file://initial-aarch64-bits.patch \ + file://find.pl \ + file://openssl-fix-des.pod-error.patch \ + " + +SRC_URI_append_class-target = "\ + file://qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch \ + file://qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch \ + file://qoriq/0003-cryptodev-fix-algorithm-registration.patch \ + file://qoriq/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch \ + file://qoriq/0005-ECC-Support-header-for-Cryptodev-Engine.patch \ + file://qoriq/0006-Fixed-private-key-support-for-DH.patch \ + file://qoriq/0007-Fixed-private-key-support-for-DH.patch \ + file://qoriq/0008-Initial-support-for-PKC-in-cryptodev-engine.patch \ + file://qoriq/0009-Added-hwrng-dev-file-as-source-of-RNG.patch \ + file://qoriq/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch \ + file://qoriq/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch \ + file://qoriq/0012-RSA-Keygen-Fix.patch \ + file://qoriq/0013-Removed-local-copy-of-curve_t-type.patch \ + file://qoriq/0014-Modulus-parameter-is-not-populated-by-dhparams.patch \ + file://qoriq/0015-SW-Backoff-mechanism-for-dsa-keygen.patch \ + file://qoriq/0016-Fixed-DH-keygen-pair-generator.patch \ + file://qoriq/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch \ + file://qoriq/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch \ + file://qoriq/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch \ + file://qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch \ + file://qoriq/0021-cryptodev-drop-redundant-function.patch \ + file://qoriq/0022-cryptodev-do-not-zero-the-buffer-before-use.patch \ + file://qoriq/0023-cryptodev-clean-up-code-layout.patch \ + file://qoriq/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch \ + file://qoriq/0025-cryptodev-put_dev_crypto-should-be-an-int.patch \ + file://qoriq/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch \ +" + +SRC_URI[md5sum] = "c8dc151a671b9b92ff3e4c118b174972" +SRC_URI[sha256sum] = "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7" + +PACKAGES =+ " \ + ${PN}-engines-dbg \ + ${PN}-engines \ +" + +FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" +FILES_${PN}-engines-dbg = "${libdir}/engines/.debug ${libdir}/ssl/engines/.debug" + +PARALLEL_MAKE = "" +PARALLEL_MAKEINST = "" + +# Digest offloading through cryptodev is not recommended because of the +# performance penalty of the Openssl engine interface. Openssl generates a huge +# number of calls to digest functions for even a small amount of work data. +# For example there are 70 calls to cipher code and over 10000 to digest code +# when downloading only 10 files of 700 bytes each. +# Do not build OpenSSL with cryptodev digest support until engine digest +# interface gets some rework: +CFLAG_class-target := "${@'${CFLAG}'.replace('-DUSE_CRYPTODEV_DIGESTS', '')}" + +do_configure_prepend() { + cp ${WORKDIR}/find.pl ${S}/util/find.pl +} + + +RDEPENDS_${PN}_class-target += "cryptodev-module" + +COMPATIBLE_MACHINE = "(qoriq)" diff --git a/recipes-connectivity/openssl/openssl.inc b/recipes-connectivity/openssl/openssl.inc deleted file mode 100644 index aa1143d..0000000 --- a/recipes-connectivity/openssl/openssl.inc +++ /dev/null @@ -1,174 +0,0 @@ -SUMMARY = "Secure Socket Layer" -DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." -HOMEPAGE = "http://www.openssl.org/" -BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" -SECTION = "libs/network" - -# "openssl | SSLeay" dual license -LICENSE = "openssl" -LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" - -DEPENDS = "perl-native-runtime" - -SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ - " -S = "${WORKDIR}/openssl-${PV}" - -PACKAGECONFIG[perl] = ",,," - -AR_append = " r" -# Avoid binaries being marked as requiring an executable stack since it -# doesn't(which causes and this causes issues with SELinux -CFLAG = "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \ - -DTERMIO ${CFLAGS} -Wall -Wa,--noexecstack" - -# -02 does not work on mipsel: ssh hangs when it tries to read /dev/urandom -CFLAG_mtx-1 := "${@'${CFLAG}'.replace('-O2', '')}" -CFLAG_mtx-2 := "${@'${CFLAG}'.replace('-O2', '')}" - -export DIRS = "crypto ssl apps" -export EX_LIBS = "-lgcc -ldl" -export AS = "${CC} -c" -EXTRA_OEMAKE = "-e MAKEFLAGS=" - -inherit pkgconfig siteinfo multilib_header - -PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf" -FILES_libcrypto = "${base_libdir}/libcrypto${SOLIBS}" -FILES_libssl = "${libdir}/libssl.so.*" -FILES_${PN} =+ " ${libdir}/ssl/*" -FILES_${PN}-misc = "${libdir}/ssl/misc ${bindir}/c_rehash" -RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" -FILES_${PN}-dev += "${base_libdir}/libcrypto${SOLIBSDEV}" - -# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto -# package RRECOMMENDS on this package. This will enable the configuration -# file to be installed for both the base openssl package and the libcrypto -# package since the base openssl package depends on the libcrypto package. -FILES_openssl-conf = "${libdir}/ssl/openssl.cnf" -CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf" -RRECOMMENDS_libcrypto += "openssl-conf" - -do_configure_prepend_darwin () { - sed -i -e '/version-script=openssl\.ld/d' Configure -} - -do_configure () { - cd util - perl perlpath.pl ${STAGING_BINDIR_NATIVE} - cd .. - ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/ - - os=${HOST_OS} - if [ "x$os" = "xlinux-uclibc" ]; then - os=linux - elif [ "x$os" = "xlinux-uclibceabi" ]; then - os=linux - elif [ "x$os" = "xlinux-uclibcspe" ]; then - os=linux - elif [ "x$os" = "xlinux-gnuspe" ]; then - os=linux - elif [ "x$os" = "xlinux-gnueabi" ]; then - os=linux - fi - target="$os-${HOST_ARCH}" - case $target in - linux-arm) - target=linux-armv4 - ;; - linux-armeb) - target=linux-elf-armeb - ;; - linux-aarch64*) - target=linux-generic64 - ;; - linux-sh3) - target=debian-sh3 - ;; - linux-sh4) - target=debian-sh4 - ;; - linux-i486) - target=debian-i386-i486 - ;; - linux-i586 | linux-viac3) - target=debian-i386-i586 - ;; - linux-i686) - target=debian-i386-i686/cmov - ;; - linux-gnux32-x86_64) - target=linux-x32 - ;; - linux-gnu64-x86_64) - target=linux-x86_64 - ;; - linux-mips) - target=debian-mips - ;; - linux-mipsel) - target=debian-mipsel - ;; - linux-*-mips64) - target=linux-mips - ;; - linux-powerpc) - target=linux-ppc - ;; - linux-powerpc64) - target=linux-ppc64 - ;; - linux-supersparc) - target=linux-sparcv8 - ;; - linux-sparc) - target=linux-sparcv8 - ;; - darwin-i386) - target=darwin-i386-cc - ;; - esac - # inject machine-specific flags - sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure - useprefix=${prefix} - if [ "x$useprefix" = "x" ]; then - useprefix=/ - fi - perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target -} - -do_compile () { - oe_runmake -} - -do_install () { - oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install - - oe_libinstall -so libcrypto ${D}${libdir} - oe_libinstall -so libssl ${D}${libdir} - - # Moving libcrypto to /lib - if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then - mkdir -p ${D}/${base_libdir}/ - mv ${D}${libdir}/libcrypto* ${D}${base_libdir}/ - sed -i s#libdir=\$\{exec_prefix\}\/lib#libdir=${base_libdir}# ${D}/${libdir}/pkgconfig/libcrypto.pc - fi - - install -d ${D}${includedir} - cp --dereference -R include/openssl ${D}${includedir} - - oe_multilib_header openssl/opensslconf.h - if [ "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then - install -m 0755 ${S}/tools/c_rehash ${D}${bindir} - sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${bindir}/c_rehash - sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl - sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget - # The c_rehash utility isn't installed by the normal installation process. - else - rm -f ${D}${bindir}/c_rehash - rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget - fi -} - -BBCLASSEXTEND = "native nativesdk" - diff --git a/recipes-connectivity/openssl/openssl/configure-targets.patch b/recipes-connectivity/openssl/openssl/configure-targets.patch deleted file mode 100644 index c1f3d08..0000000 --- a/recipes-connectivity/openssl/openssl/configure-targets.patch +++ /dev/null @@ -1,34 +0,0 @@ -Upstream-Status: Inappropriate [embedded specific] - -The number of colons are important :) - - ---- - Configure | 16 ++++++++++++++++ - 1 file changed, 16 insertions(+) - ---- a/Configure -+++ b/Configure -@@ -403,6 +403,22 @@ my %table=( - "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", - "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", - -+ # Linux on ARM -+"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+ -+"linux-avr32","$ENV{'CC'}:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).", -+ -+#### Linux on MIPS/MIPS64 -+"linux-mips","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+ - # Android: linux-* but without -DTERMIO and pointers to headers and libs. - "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff --git a/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch b/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch deleted file mode 100644 index ac1b19b..0000000 --- a/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch +++ /dev/null @@ -1,45 +0,0 @@ -Upstream-Status: Backport [debian] - -From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001 -From: Ludwig Nussel -Date: Wed, 21 Apr 2010 15:52:10 +0200 -Subject: [PATCH] also create old hash for compatibility - ---- - tools/c_rehash.in | 8 +++++++- - 1 files changed, 7 insertions(+), 1 deletions(-) - -Index: openssl-1.0.0d/tools/c_rehash.in -=================================================================== ---- openssl-1.0.0d.orig/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000 -+++ openssl-1.0.0d/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000 -@@ -86,6 +86,7 @@ - } - } - link_hash_cert($fname) if($cert); -+ link_hash_cert_old($fname) if($cert); - link_hash_crl($fname) if($crl); - } - } -@@ -119,8 +120,9 @@ - - sub link_hash_cert { - my $fname = $_[0]; -+ my $hashopt = $_[1] || '-subject_hash'; - $fname =~ s/'/'\\''/g; -- my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`; -+ my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$fname"`; - chomp $hash; - chomp $fprint; - $fprint =~ s/^.*=//; -@@ -150,6 +152,10 @@ - $hashlist{$hash} = $fprint; - } - -+sub link_hash_cert_old { -+ link_hash_cert($_[0], '-subject_hash_old'); -+} -+ - # Same as above except for a CRL. CRL links are of the form .r - - sub link_hash_crl { diff --git a/recipes-connectivity/openssl/openssl/debian/ca.patch b/recipes-connectivity/openssl/openssl/debian/ca.patch deleted file mode 100644 index aba4d42..0000000 --- a/recipes-connectivity/openssl/openssl/debian/ca.patch +++ /dev/null @@ -1,22 +0,0 @@ -Upstream-Status: Backport [debian] - -Index: openssl-0.9.8m/apps/CA.pl.in -=================================================================== ---- openssl-0.9.8m.orig/apps/CA.pl.in 2006-04-28 00:28:51.000000000 +0000 -+++ openssl-0.9.8m/apps/CA.pl.in 2010-02-27 00:36:51.000000000 +0000 -@@ -65,6 +65,7 @@ - foreach (@ARGV) { - if ( /^(-\?|-h|-help)$/ ) { - print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; -+ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; - exit 0; - } elsif (/^-newcert$/) { - # create a certificate -@@ -165,6 +166,7 @@ - } else { - print STDERR "Unknown arg $_\n"; - print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; -+ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; - exit 1; - } - } diff --git a/recipes-connectivity/openssl/openssl/debian/debian-targets.patch b/recipes-connectivity/openssl/openssl/debian/debian-targets.patch deleted file mode 100644 index 8101edf..0000000 --- a/recipes-connectivity/openssl/openssl/debian/debian-targets.patch +++ /dev/null @@ -1,66 +0,0 @@ -Upstream-Status: Backport [debian] - -Index: openssl-1.0.1/Configure -=================================================================== ---- openssl-1.0.1.orig/Configure 2012-03-17 15:37:54.000000000 +0000 -+++ openssl-1.0.1/Configure 2012-03-17 16:13:49.000000000 +0000 -@@ -105,6 +105,10 @@ - - my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; - -+# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS -+my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall"; -+$debian_cflags =~ s/\n/ /g; -+ - my $strict_warnings = 0; - - my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; -@@ -338,6 +342,48 @@ - "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", - "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", - -+# Debian GNU/* (various architectures) -+"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-armeb","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", -+"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-kfreebsd-i386","gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-hppa","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-hurd-i386","gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -mtune=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-ia64","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-i386","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-i386-i486","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-i386-i586","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i586::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-i386-i686/cmov","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i686::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-mips", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-mipsel", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-netbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-netbsd-m68k", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-openbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sh3", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sh4", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sh3eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sh4eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-m32r","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sparc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+ - #### - #### Variety of LINUX:-) - #### diff --git a/recipes-connectivity/openssl/openssl/debian/make-targets.patch b/recipes-connectivity/openssl/openssl/debian/make-targets.patch deleted file mode 100644 index ee0a62c..0000000 --- a/recipes-connectivity/openssl/openssl/debian/make-targets.patch +++ /dev/null @@ -1,15 +0,0 @@ -Upstream-Status: Backport [debian] - -Index: openssl-1.0.1/Makefile.org -=================================================================== ---- openssl-1.0.1.orig/Makefile.org 2012-03-17 09:41:07.000000000 +0000 -+++ openssl-1.0.1/Makefile.org 2012-03-17 09:41:21.000000000 +0000 -@@ -135,7 +135,7 @@ - - BASEADDR= - --DIRS= crypto ssl engines apps test tools -+DIRS= crypto ssl engines apps tools - ENGDIRS= ccgost - SHLIBDIRS= crypto ssl - diff --git a/recipes-connectivity/openssl/openssl/debian/man-dir.patch b/recipes-connectivity/openssl/openssl/debian/man-dir.patch deleted file mode 100644 index 4085e3b..0000000 --- a/recipes-connectivity/openssl/openssl/debian/man-dir.patch +++ /dev/null @@ -1,15 +0,0 @@ -Upstream-Status: Backport [debian] - -Index: openssl-1.0.0c/Makefile.org -=================================================================== ---- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:27.000000000 +0100 -+++ openssl-1.0.0c/Makefile.org 2010-12-12 16:11:37.000000000 +0100 -@@ -131,7 +131,7 @@ - - MAKEFILE= Makefile - --MANDIR=$(OPENSSLDIR)/man -+MANDIR=/usr/share/man - MAN1=1 - MAN3=3 - MANSUFFIX= diff --git a/recipes-connectivity/openssl/openssl/debian/man-section.patch b/recipes-connectivity/openssl/openssl/debian/man-section.patch deleted file mode 100644 index 21c1d1a..0000000 --- a/recipes-connectivity/openssl/openssl/debian/man-section.patch +++ /dev/null @@ -1,34 +0,0 @@ -Upstream-Status: Backport [debian] - -Index: openssl-1.0.0c/Makefile.org -=================================================================== ---- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:37.000000000 +0100 -+++ openssl-1.0.0c/Makefile.org 2010-12-12 16:13:28.000000000 +0100 -@@ -160,7 +160,8 @@ - MANDIR=/usr/share/man - MAN1=1 - MAN3=3 --MANSUFFIX= -+MANSUFFIX=ssl -+MANSECTION=SSL - HTMLSUFFIX=html - HTMLDIR=$(OPENSSLDIR)/html - SHELL=/bin/sh -@@ -651,7 +652,7 @@ - echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ - (cd `$(PERL) util/dirname.pl $$i`; \ - sh -c "$$pod2man \ -- --section=$$sec --center=OpenSSL \ -+ --section=$${sec}$(MANSECTION) --center=OpenSSL \ - --release=$(VERSION) `basename $$i`") \ - > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ - $(PERL) util/extract-names.pl < $$i | \ -@@ -668,7 +669,7 @@ - echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ - (cd `$(PERL) util/dirname.pl $$i`; \ - sh -c "$$pod2man \ -- --section=$$sec --center=OpenSSL \ -+ --section=$${sec}$(MANSECTION) --center=OpenSSL \ - --release=$(VERSION) `basename $$i`") \ - > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ - $(PERL) util/extract-names.pl < $$i | \ diff --git a/recipes-connectivity/openssl/openssl/debian/no-rpath.patch b/recipes-connectivity/openssl/openssl/debian/no-rpath.patch deleted file mode 100644 index 1ccb3b8..0000000 --- a/recipes-connectivity/openssl/openssl/debian/no-rpath.patch +++ /dev/null @@ -1,15 +0,0 @@ -Upstream-Status: Backport [debian] - -Index: openssl-1.0.0c/Makefile.shared -=================================================================== ---- openssl-1.0.0c.orig/Makefile.shared 2010-08-21 13:36:49.000000000 +0200 -+++ openssl-1.0.0c/Makefile.shared 2010-12-12 16:13:36.000000000 +0100 -@@ -153,7 +153,7 @@ - NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" - --DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" -+DO_GNU_APP=LDFLAGS="$(CFLAGS)" - - #This is rather special. It's a special target with which one can link - #applications without bothering with any features that have anything to diff --git a/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch b/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch deleted file mode 100644 index cc4408a..0000000 --- a/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch +++ /dev/null @@ -1,15 +0,0 @@ -Upstream-Status: Backport [debian] - -Index: openssl-1.0.0c/Makefile.shared -=================================================================== ---- openssl-1.0.0c.orig/Makefile.shared 2010-12-12 16:13:36.000000000 +0100 -+++ openssl-1.0.0c/Makefile.shared 2010-12-12 16:13:44.000000000 +0100 -@@ -151,7 +151,7 @@ - SHLIB_SUFFIX=; \ - ALLSYMSFLAGS='-Wl,--whole-archive'; \ - NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ -- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" -+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" - - DO_GNU_APP=LDFLAGS="$(CFLAGS)" - diff --git a/recipes-connectivity/openssl/openssl/debian/pic.patch b/recipes-connectivity/openssl/openssl/debian/pic.patch deleted file mode 100644 index bfda388..0000000 --- a/recipes-connectivity/openssl/openssl/debian/pic.patch +++ /dev/null @@ -1,177 +0,0 @@ -Upstream-Status: Backport [debian] - -Index: openssl-1.0.1c/crypto/des/asm/desboth.pl -=================================================================== ---- openssl-1.0.1c.orig/crypto/des/asm/desboth.pl 2001-10-24 23:20:56.000000000 +0200 -+++ openssl-1.0.1c/crypto/des/asm/desboth.pl 2012-07-29 14:15:26.000000000 +0200 -@@ -16,6 +16,11 @@ - - &push("edi"); - -+ &call (&label("pic_point0")); -+ &set_label("pic_point0"); -+ &blindpop("ebp"); -+ &add ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); -+ - &comment(""); - &comment("Load the data words"); - &mov($L,&DWP(0,"ebx","",0)); -@@ -47,15 +52,21 @@ - &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); - &mov(&swtmp(1), "eax"); - &mov(&swtmp(0), "ebx"); -- &call("DES_encrypt2"); -+ &exch("ebx", "ebp"); -+ &call("DES_encrypt2\@PLT"); -+ &exch("ebx", "ebp"); - &mov(&swtmp(2), (DWC(($enc)?"0":"1"))); - &mov(&swtmp(1), "edi"); - &mov(&swtmp(0), "ebx"); -- &call("DES_encrypt2"); -+ &exch("ebx", "ebp"); -+ &call("DES_encrypt2\@PLT"); -+ &exch("ebx", "ebp"); - &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); - &mov(&swtmp(1), "esi"); - &mov(&swtmp(0), "ebx"); -- &call("DES_encrypt2"); -+ &exch("ebx", "ebp"); -+ &call("DES_encrypt2\@PLT"); -+ &exch("ebx", "ebp"); - - &stack_pop(3); - &mov($L,&DWP(0,"ebx","",0)); -Index: openssl-1.0.1c/crypto/perlasm/cbc.pl -=================================================================== ---- openssl-1.0.1c.orig/crypto/perlasm/cbc.pl 2011-07-13 08:22:46.000000000 +0200 -+++ openssl-1.0.1c/crypto/perlasm/cbc.pl 2012-07-29 14:15:26.000000000 +0200 -@@ -122,7 +122,11 @@ - &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - -- &call($enc_func); -+ &call (&label("pic_point0")); -+ &set_label("pic_point0"); -+ &blindpop("ebx"); -+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); -+ &call("$enc_func\@PLT"); - - &mov("eax", &DWP($data_off,"esp","",0)); - &mov("ebx", &DWP($data_off+4,"esp","",0)); -@@ -185,7 +189,11 @@ - &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - -- &call($enc_func); -+ &call (&label("pic_point1")); -+ &set_label("pic_point1"); -+ &blindpop("ebx"); -+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]"); -+ &call("$enc_func\@PLT"); - - &mov("eax", &DWP($data_off,"esp","",0)); - &mov("ebx", &DWP($data_off+4,"esp","",0)); -@@ -218,7 +226,11 @@ - &mov(&DWP($data_off,"esp","",0), "eax"); # put back - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - -- &call($dec_func); -+ &call (&label("pic_point2")); -+ &set_label("pic_point2"); -+ &blindpop("ebx"); -+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]"); -+ &call("$dec_func\@PLT"); - - &mov("eax", &DWP($data_off,"esp","",0)); # get return - &mov("ebx", &DWP($data_off+4,"esp","",0)); # -@@ -261,7 +273,11 @@ - &mov(&DWP($data_off,"esp","",0), "eax"); # put back - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - -- &call($dec_func); -+ &call (&label("pic_point3")); -+ &set_label("pic_point3"); -+ &blindpop("ebx"); -+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]"); -+ &call("$dec_func\@PLT"); - - &mov("eax", &DWP($data_off,"esp","",0)); # get return - &mov("ebx", &DWP($data_off+4,"esp","",0)); # -Index: openssl-1.0.1c/crypto/perlasm/x86gas.pl -=================================================================== ---- openssl-1.0.1c.orig/crypto/perlasm/x86gas.pl 2011-12-09 20:16:35.000000000 +0100 -+++ openssl-1.0.1c/crypto/perlasm/x86gas.pl 2012-07-29 14:15:26.000000000 +0200 -@@ -161,6 +161,7 @@ - if ($::macosx) { push (@out,"$tmp,2\n"); } - elsif ($::elf) { push (@out,"$tmp,4\n"); } - else { push (@out,"$tmp\n"); } -+ if ($::elf) { push (@out,".hidden\tOPENSSL_ia32cap_P\n"); } - } - push(@out,$initseg) if ($initseg); - } -@@ -218,8 +219,23 @@ - elsif ($::elf) - { $initseg.=<<___; - .section .init -+___ -+ if ($::pic) -+ { $initseg.=<<___; -+ pushl %ebx -+ call .pic_point0 -+.pic_point0: -+ popl %ebx -+ addl \$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx -+ call $f\@PLT -+ popl %ebx -+___ -+ } -+ else -+ { $initseg.=<<___; - call $f - ___ -+ } - } - elsif ($::coff) - { $initseg.=<<___; # applies to both Cygwin and Mingw -Index: openssl-1.0.1c/crypto/x86cpuid.pl -=================================================================== ---- openssl-1.0.1c.orig/crypto/x86cpuid.pl 2012-02-28 15:20:34.000000000 +0100 -+++ openssl-1.0.1c/crypto/x86cpuid.pl 2012-07-29 14:15:26.000000000 +0200 -@@ -8,6 +8,8 @@ - - for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } - -+push(@out, ".hidden OPENSSL_ia32cap_P\n"); -+ - &function_begin("OPENSSL_ia32_cpuid"); - &xor ("edx","edx"); - &pushf (); -@@ -139,9 +141,7 @@ - &set_label("nocpuid"); - &function_end("OPENSSL_ia32_cpuid"); - --&external_label("OPENSSL_ia32cap_P"); -- --&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); -+&function_begin_B("OPENSSL_rdtsc"); - &xor ("eax","eax"); - &xor ("edx","edx"); - &picmeup("ecx","OPENSSL_ia32cap_P"); -@@ -155,7 +155,7 @@ - # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host], - # but it's safe to call it on any [supported] 32-bit platform... - # Just check for [non-]zero return value... --&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); -+&function_begin_B("OPENSSL_instrument_halt"); - &picmeup("ecx","OPENSSL_ia32cap_P"); - &bt (&DWP(0,"ecx"),4); - &jnc (&label("nohalt")); # no TSC -@@ -222,7 +222,7 @@ - &ret (); - &function_end_B("OPENSSL_far_spin"); - --&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); -+&function_begin_B("OPENSSL_wipe_cpu"); - &xor ("eax","eax"); - &xor ("edx","edx"); - &picmeup("ecx","OPENSSL_ia32cap_P"); diff --git a/recipes-connectivity/openssl/openssl/debian/version-script.patch b/recipes-connectivity/openssl/openssl/debian/version-script.patch deleted file mode 100644 index ece8b9b..0000000 --- a/recipes-connectivity/openssl/openssl/debian/version-script.patch +++ /dev/null @@ -1,4670 +0,0 @@ -Upstream-Status: Backport [debian] - -Index: openssl-1.0.1d/Configure -=================================================================== ---- openssl-1.0.1d.orig/Configure 2013-02-06 19:41:43.000000000 +0100 -+++ openssl-1.0.1d/Configure 2013-02-06 19:41:43.000000000 +0100 -@@ -1621,6 +1621,8 @@ - } - } - -+$shared_ldflag .= " -Wl,--version-script=openssl.ld"; -+ - open(IN,'$Makefile.new") || die "unable to create $Makefile.new:$!\n"; -Index: openssl-1.0.1d/openssl.ld -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.1d/openssl.ld 2013-02-06 19:44:25.000000000 +0100 -@@ -0,0 +1,4620 @@ -+OPENSSL_1.0.0 { -+ global: -+ BIO_f_ssl; -+ BIO_new_buffer_ssl_connect; -+ BIO_new_ssl; -+ BIO_new_ssl_connect; -+ BIO_proxy_ssl_copy_session_id; -+ BIO_ssl_copy_session_id; -+ BIO_ssl_shutdown; -+ d2i_SSL_SESSION; -+ DTLSv1_client_method; -+ DTLSv1_method; -+ DTLSv1_server_method; -+ ERR_load_SSL_strings; -+ i2d_SSL_SESSION; -+ kssl_build_principal_2; -+ kssl_cget_tkt; -+ kssl_check_authent; -+ kssl_ctx_free; -+ kssl_ctx_new; -+ kssl_ctx_setkey; -+ kssl_ctx_setprinc; -+ kssl_ctx_setstring; -+ kssl_ctx_show; -+ kssl_err_set; -+ kssl_krb5_free_data_contents; -+ kssl_sget_tkt; -+ kssl_skip_confound; -+ kssl_validate_times; -+ PEM_read_bio_SSL_SESSION; -+ PEM_read_SSL_SESSION; -+ PEM_write_bio_SSL_SESSION; -+ PEM_write_SSL_SESSION; -+ SSL_accept; -+ SSL_add_client_CA; -+ SSL_add_dir_cert_subjects_to_stack; -+ SSL_add_dir_cert_subjs_to_stk; -+ SSL_add_file_cert_subjects_to_stack; -+ SSL_add_file_cert_subjs_to_stk; -+ SSL_alert_desc_string; -+ SSL_alert_desc_string_long; -+ SSL_alert_type_string; -+ SSL_alert_type_string_long; -+ SSL_callback_ctrl; -+ SSL_check_private_key; -+ SSL_CIPHER_description; -+ SSL_CIPHER_get_bits; -+ SSL_CIPHER_get_name; -+ SSL_CIPHER_get_version; -+ SSL_clear; -+ SSL_COMP_add_compression_method; -+ SSL_COMP_get_compression_methods; -+ SSL_COMP_get_compress_methods; -+ SSL_COMP_get_name; -+ SSL_connect; -+ SSL_copy_session_id; -+ SSL_ctrl; -+ SSL_CTX_add_client_CA; -+ SSL_CTX_add_session; -+ SSL_CTX_callback_ctrl; -+ SSL_CTX_check_private_key; -+ SSL_CTX_ctrl; -+ SSL_CTX_flush_sessions; -+ SSL_CTX_free; -+ SSL_CTX_get_cert_store; -+ SSL_CTX_get_client_CA_list; -+ SSL_CTX_get_client_cert_cb; -+ SSL_CTX_get_ex_data; -+ SSL_CTX_get_ex_new_index; -+ SSL_CTX_get_info_callback; -+ SSL_CTX_get_quiet_shutdown; -+ SSL_CTX_get_timeout; -+ SSL_CTX_get_verify_callback; -+ SSL_CTX_get_verify_depth; -+ SSL_CTX_get_verify_mode; -+ SSL_CTX_load_verify_locations; -+ SSL_CTX_new; -+ SSL_CTX_remove_session; -+ SSL_CTX_sess_get_get_cb; -+ SSL_CTX_sess_get_new_cb; -+ SSL_CTX_sess_get_remove_cb; -+ SSL_CTX_sessions; -+ SSL_CTX_sess_set_get_cb; -+ SSL_CTX_sess_set_new_cb; -+ SSL_CTX_sess_set_remove_cb; -+ SSL_CTX_set1_param; -+ SSL_CTX_set_cert_store; -+ SSL_CTX_set_cert_verify_callback; -+ SSL_CTX_set_cert_verify_cb; -+ SSL_CTX_set_cipher_list; -+ SSL_CTX_set_client_CA_list; -+ SSL_CTX_set_client_cert_cb; -+ SSL_CTX_set_client_cert_engine; -+ SSL_CTX_set_cookie_generate_cb; -+ SSL_CTX_set_cookie_verify_cb; -+ SSL_CTX_set_default_passwd_cb; -+ SSL_CTX_set_default_passwd_cb_userdata; -+ SSL_CTX_set_default_verify_paths; -+ SSL_CTX_set_def_passwd_cb_ud; -+ SSL_CTX_set_def_verify_paths; -+ SSL_CTX_set_ex_data; -+ SSL_CTX_set_generate_session_id; -+ SSL_CTX_set_info_callback; -+ SSL_CTX_set_msg_callback; -+ SSL_CTX_set_psk_client_callback; -+ SSL_CTX_set_psk_server_callback; -+ SSL_CTX_set_purpose; -+ SSL_CTX_set_quiet_shutdown; -+ SSL_CTX_set_session_id_context; -+ SSL_CTX_set_ssl_version; -+ SSL_CTX_set_timeout; -+ SSL_CTX_set_tmp_dh_callback; -+ SSL_CTX_set_tmp_ecdh_callback; -+ SSL_CTX_set_tmp_rsa_callback; -+ SSL_CTX_set_trust; -+ SSL_CTX_set_verify; -+ SSL_CTX_set_verify_depth; -+ SSL_CTX_use_cert_chain_file; -+ SSL_CTX_use_certificate; -+ SSL_CTX_use_certificate_ASN1; -+ SSL_CTX_use_certificate_chain_file; -+ SSL_CTX_use_certificate_file; -+ SSL_CTX_use_PrivateKey; -+ SSL_CTX_use_PrivateKey_ASN1; -+ SSL_CTX_use_PrivateKey_file; -+ SSL_CTX_use_psk_identity_hint; -+ SSL_CTX_use_RSAPrivateKey; -+ SSL_CTX_use_RSAPrivateKey_ASN1; -+ SSL_CTX_use_RSAPrivateKey_file; -+ SSL_do_handshake; -+ SSL_dup; -+ SSL_dup_CA_list; -+ SSLeay_add_ssl_algorithms; -+ SSL_free; -+ SSL_get1_session; -+ SSL_get_certificate; -+ SSL_get_cipher_list; -+ SSL_get_ciphers; -+ SSL_get_client_CA_list; -+ SSL_get_current_cipher; -+ SSL_get_current_compression; -+ SSL_get_current_expansion; -+ SSL_get_default_timeout; -+ SSL_get_error; -+ SSL_get_ex_data; -+ SSL_get_ex_data_X509_STORE_CTX_idx; -+ SSL_get_ex_d_X509_STORE_CTX_idx; -+ SSL_get_ex_new_index; -+ SSL_get_fd; -+ SSL_get_finished; -+ SSL_get_info_callback; -+ SSL_get_peer_cert_chain; -+ SSL_get_peer_certificate; -+ SSL_get_peer_finished; -+ SSL_get_privatekey; -+ SSL_get_psk_identity; -+ SSL_get_psk_identity_hint; -+ SSL_get_quiet_shutdown; -+ SSL_get_rbio; -+ SSL_get_read_ahead; -+ SSL_get_rfd; -+ SSL_get_servername; -+ SSL_get_servername_type; -+ SSL_get_session; -+ SSL_get_shared_ciphers; -+ SSL_get_shutdown; -+ SSL_get_SSL_CTX; -+ SSL_get_ssl_method; -+ SSL_get_verify_callback; -+ SSL_get_verify_depth; -+ SSL_get_verify_mode; -+ SSL_get_verify_result; -+ SSL_get_version; -+ SSL_get_wbio; -+ SSL_get_wfd; -+ SSL_has_matching_session_id; -+ SSL_library_init; -+ SSL_load_client_CA_file; -+ SSL_load_error_strings; -+ SSL_new; -+ SSL_peek; -+ SSL_pending; -+ SSL_read; -+ SSL_renegotiate; -+ SSL_renegotiate_pending; -+ SSL_rstate_string; -+ SSL_rstate_string_long; -+ SSL_SESSION_cmp; -+ SSL_SESSION_free; -+ SSL_SESSION_get_ex_data; -+ SSL_SESSION_get_ex_new_index; -+ SSL_SESSION_get_id; -+ SSL_SESSION_get_time; -+ SSL_SESSION_get_timeout; -+ SSL_SESSION_hash; -+ SSL_SESSION_new; -+ SSL_SESSION_print; -+ SSL_SESSION_print_fp; -+ SSL_SESSION_set_ex_data; -+ SSL_SESSION_set_time; -+ SSL_SESSION_set_timeout; -+ SSL_set1_param; -+ SSL_set_accept_state; -+ SSL_set_bio; -+ SSL_set_cipher_list; -+ SSL_set_client_CA_list; -+ SSL_set_connect_state; -+ SSL_set_ex_data; -+ SSL_set_fd; -+ SSL_set_generate_session_id; -+ SSL_set_info_callback; -+ SSL_set_msg_callback; -+ SSL_set_psk_client_callback; -+ SSL_set_psk_server_callback; -+ SSL_set_purpose; -+ SSL_set_quiet_shutdown; -+ SSL_set_read_ahead; -+ SSL_set_rfd; -+ SSL_set_session; -+ SSL_set_session_id_context; -+ SSL_set_session_secret_cb; -+ SSL_set_session_ticket_ext; -+ SSL_set_session_ticket_ext_cb; -+ SSL_set_shutdown; -+ SSL_set_SSL_CTX; -+ SSL_set_ssl_method; -+ SSL_set_tmp_dh_callback; -+ SSL_set_tmp_ecdh_callback; -+ SSL_set_tmp_rsa_callback; -+ SSL_set_trust; -+ SSL_set_verify; -+ SSL_set_verify_depth; -+ SSL_set_verify_result; -+ SSL_set_wfd; -+ SSL_shutdown; -+ SSL_state; -+ SSL_state_string; -+ SSL_state_string_long; -+ SSL_use_certificate; -+ SSL_use_certificate_ASN1; -+ SSL_use_certificate_file; -+ SSL_use_PrivateKey; -+ SSL_use_PrivateKey_ASN1; -+ SSL_use_PrivateKey_file; -+ SSL_use_psk_identity_hint; -+ SSL_use_RSAPrivateKey; -+ SSL_use_RSAPrivateKey_ASN1; -+ SSL_use_RSAPrivateKey_file; -+ SSLv23_client_method; -+ SSLv23_method; -+ SSLv23_server_method; -+ SSLv2_client_method; -+ SSLv2_method; -+ SSLv2_server_method; -+ SSLv3_client_method; -+ SSLv3_method; -+ SSLv3_server_method; -+ SSL_version; -+ SSL_want; -+ SSL_write; -+ TLSv1_client_method; -+ TLSv1_method; -+ TLSv1_server_method; -+ -+ -+ SSLeay; -+ SSLeay_version; -+ ASN1_BIT_STRING_asn1_meth; -+ ASN1_HEADER_free; -+ ASN1_HEADER_new; -+ ASN1_IA5STRING_asn1_meth; -+ ASN1_INTEGER_get; -+ ASN1_INTEGER_set; -+ ASN1_INTEGER_to_BN; -+ ASN1_OBJECT_create; -+ ASN1_OBJECT_free; -+ ASN1_OBJECT_new; -+ ASN1_PRINTABLE_type; -+ ASN1_STRING_cmp; -+ ASN1_STRING_dup; -+ ASN1_STRING_free; -+ ASN1_STRING_new; -+ ASN1_STRING_print; -+ ASN1_STRING_set; -+ ASN1_STRING_type_new; -+ ASN1_TYPE_free; -+ ASN1_TYPE_new; -+ ASN1_UNIVERSALSTRING_to_string; -+ ASN1_UTCTIME_check; -+ ASN1_UTCTIME_print; -+ ASN1_UTCTIME_set; -+ ASN1_check_infinite_end; -+ ASN1_d2i_bio; -+ ASN1_d2i_fp; -+ ASN1_digest; -+ ASN1_dup; -+ ASN1_get_object; -+ ASN1_i2d_bio; -+ ASN1_i2d_fp; -+ ASN1_object_size; -+ ASN1_parse; -+ ASN1_put_object; -+ ASN1_sign; -+ ASN1_verify; -+ BF_cbc_encrypt; -+ BF_cfb64_encrypt; -+ BF_ecb_encrypt; -+ BF_encrypt; -+ BF_ofb64_encrypt; -+ BF_options; -+ BF_set_key; -+ BIO_CONNECT_free; -+ BIO_CONNECT_new; -+ BIO_accept; -+ BIO_ctrl; -+ BIO_int_ctrl; -+ BIO_debug_callback; -+ BIO_dump; -+ BIO_dup_chain; -+ BIO_f_base64; -+ BIO_f_buffer; -+ BIO_f_cipher; -+ BIO_f_md; -+ BIO_f_null; -+ BIO_f_proxy_server; -+ BIO_fd_non_fatal_error; -+ BIO_fd_should_retry; -+ BIO_find_type; -+ BIO_free; -+ BIO_free_all; -+ BIO_get_accept_socket; -+ BIO_get_filter_bio; -+ BIO_get_host_ip; -+ BIO_get_port; -+ BIO_get_retry_BIO; -+ BIO_get_retry_reason; -+ BIO_gethostbyname; -+ BIO_gets; -+ BIO_new; -+ BIO_new_accept; -+ BIO_new_connect; -+ BIO_new_fd; -+ BIO_new_file; -+ BIO_new_fp; -+ BIO_new_socket; -+ BIO_pop; -+ BIO_printf; -+ BIO_push; -+ BIO_puts; -+ BIO_read; -+ BIO_s_accept; -+ BIO_s_connect; -+ BIO_s_fd; -+ BIO_s_file; -+ BIO_s_mem; -+ BIO_s_null; -+ BIO_s_proxy_client; -+ BIO_s_socket; -+ BIO_set; -+ BIO_set_cipher; -+ BIO_set_tcp_ndelay; -+ BIO_sock_cleanup; -+ BIO_sock_error; -+ BIO_sock_init; -+ BIO_sock_non_fatal_error; -+ BIO_sock_should_retry; -+ BIO_socket_ioctl; -+ BIO_write; -+ BN_CTX_free; -+ BN_CTX_new; -+ BN_MONT_CTX_free; -+ BN_MONT_CTX_new; -+ BN_MONT_CTX_set; -+ BN_add; -+ BN_add_word; -+ BN_hex2bn; -+ BN_bin2bn; -+ BN_bn2hex; -+ BN_bn2bin; -+ BN_clear; -+ BN_clear_bit; -+ BN_clear_free; -+ BN_cmp; -+ BN_copy; -+ BN_div; -+ BN_div_word; -+ BN_dup; -+ BN_free; -+ BN_from_montgomery; -+ BN_gcd; -+ BN_generate_prime; -+ BN_get_word; -+ BN_is_bit_set; -+ BN_is_prime; -+ BN_lshift; -+ BN_lshift1; -+ BN_mask_bits; -+ BN_mod; -+ BN_mod_exp; -+ BN_mod_exp_mont; -+ BN_mod_exp_simple; -+ BN_mod_inverse; -+ BN_mod_mul; -+ BN_mod_mul_montgomery; -+ BN_mod_word; -+ BN_mul; -+ BN_new; -+ BN_num_bits; -+ BN_num_bits_word; -+ BN_options; -+ BN_print; -+ BN_print_fp; -+ BN_rand; -+ BN_reciprocal; -+ BN_rshift; -+ BN_rshift1; -+ BN_set_bit; -+ BN_set_word; -+ BN_sqr; -+ BN_sub; -+ BN_to_ASN1_INTEGER; -+ BN_ucmp; -+ BN_value_one; -+ BUF_MEM_free; -+ BUF_MEM_grow; -+ BUF_MEM_new; -+ BUF_strdup; -+ CONF_free; -+ CONF_get_number; -+ CONF_get_section; -+ CONF_get_string; -+ CONF_load; -+ CRYPTO_add_lock; -+ CRYPTO_dbg_free; -+ CRYPTO_dbg_malloc; -+ CRYPTO_dbg_realloc; -+ CRYPTO_dbg_remalloc; -+ CRYPTO_free; -+ CRYPTO_get_add_lock_callback; -+ CRYPTO_get_id_callback; -+ CRYPTO_get_lock_name; -+ CRYPTO_get_locking_callback; -+ CRYPTO_get_mem_functions; -+ CRYPTO_lock; -+ CRYPTO_malloc; -+ CRYPTO_mem_ctrl; -+ CRYPTO_mem_leaks; -+ CRYPTO_mem_leaks_cb; -+ CRYPTO_mem_leaks_fp; -+ CRYPTO_realloc; -+ CRYPTO_remalloc; -+ CRYPTO_set_add_lock_callback; -+ CRYPTO_set_id_callback; -+ CRYPTO_set_locking_callback; -+ CRYPTO_set_mem_functions; -+ CRYPTO_thread_id; -+ DH_check; -+ DH_compute_key; -+ DH_free; -+ DH_generate_key; -+ DH_generate_parameters; -+ DH_new; -+ DH_size; -+ DHparams_print; -+ DHparams_print_fp; -+ DSA_free; -+ DSA_generate_key; -+ DSA_generate_parameters; -+ DSA_is_prime; -+ DSA_new; -+ DSA_print; -+ DSA_print_fp; -+ DSA_sign; -+ DSA_sign_setup; -+ DSA_size; -+ DSA_verify; -+ DSAparams_print; -+ DSAparams_print_fp; -+ ERR_clear_error; -+ ERR_error_string; -+ ERR_free_strings; -+ ERR_func_error_string; -+ ERR_get_err_state_table; -+ ERR_get_error; -+ ERR_get_error_line; -+ ERR_get_state; -+ ERR_get_string_table; -+ ERR_lib_error_string; -+ ERR_load_ASN1_strings; -+ ERR_load_BIO_strings; -+ ERR_load_BN_strings; -+ ERR_load_BUF_strings; -+ ERR_load_CONF_strings; -+ ERR_load_DH_strings; -+ ERR_load_DSA_strings; -+ ERR_load_ERR_strings; -+ ERR_load_EVP_strings; -+ ERR_load_OBJ_strings; -+ ERR_load_PEM_strings; -+ ERR_load_PROXY_strings; -+ ERR_load_RSA_strings; -+ ERR_load_X509_strings; -+ ERR_load_crypto_strings; -+ ERR_load_strings; -+ ERR_peek_error; -+ ERR_peek_error_line; -+ ERR_print_errors; -+ ERR_print_errors_fp; -+ ERR_put_error; -+ ERR_reason_error_string; -+ ERR_remove_state; -+ EVP_BytesToKey; -+ EVP_CIPHER_CTX_cleanup; -+ EVP_CipherFinal; -+ EVP_CipherInit; -+ EVP_CipherUpdate; -+ EVP_DecodeBlock; -+ EVP_DecodeFinal; -+ EVP_DecodeInit; -+ EVP_DecodeUpdate; -+ EVP_DecryptFinal; -+ EVP_DecryptInit; -+ EVP_DecryptUpdate; -+ EVP_DigestFinal; -+ EVP_DigestInit; -+ EVP_DigestUpdate; -+ EVP_EncodeBlock; -+ EVP_EncodeFinal; -+ EVP_EncodeInit; -+ EVP_EncodeUpdate; -+ EVP_EncryptFinal; -+ EVP_EncryptInit; -+ EVP_EncryptUpdate; -+ EVP_OpenFinal; -+ EVP_OpenInit; -+ EVP_PKEY_assign; -+ EVP_PKEY_copy_parameters; -+ EVP_PKEY_free; -+ EVP_PKEY_missing_parameters; -+ EVP_PKEY_new; -+ EVP_PKEY_save_parameters; -+ EVP_PKEY_size; -+ EVP_PKEY_type; -+ EVP_SealFinal; -+ EVP_SealInit; -+ EVP_SignFinal; -+ EVP_VerifyFinal; -+ EVP_add_alias; -+ EVP_add_cipher; -+ EVP_add_digest; -+ EVP_bf_cbc; -+ EVP_bf_cfb64; -+ EVP_bf_ecb; -+ EVP_bf_ofb; -+ EVP_cleanup; -+ EVP_des_cbc; -+ EVP_des_cfb64; -+ EVP_des_ecb; -+ EVP_des_ede; -+ EVP_des_ede3; -+ EVP_des_ede3_cbc; -+ EVP_des_ede3_cfb64; -+ EVP_des_ede3_ofb; -+ EVP_des_ede_cbc; -+ EVP_des_ede_cfb64; -+ EVP_des_ede_ofb; -+ EVP_des_ofb; -+ EVP_desx_cbc; -+ EVP_dss; -+ EVP_dss1; -+ EVP_enc_null; -+ EVP_get_cipherbyname; -+ EVP_get_digestbyname; -+ EVP_get_pw_prompt; -+ EVP_idea_cbc; -+ EVP_idea_cfb64; -+ EVP_idea_ecb; -+ EVP_idea_ofb; -+ EVP_md2; -+ EVP_md5; -+ EVP_md_null; -+ EVP_rc2_cbc; -+ EVP_rc2_cfb64; -+ EVP_rc2_ecb; -+ EVP_rc2_ofb; -+ EVP_rc4; -+ EVP_read_pw_string; -+ EVP_set_pw_prompt; -+ EVP_sha; -+ EVP_sha1; -+ MD2; -+ MD2_Final; -+ MD2_Init; -+ MD2_Update; -+ MD2_options; -+ MD5; -+ MD5_Final; -+ MD5_Init; -+ MD5_Update; -+ MDC2; -+ MDC2_Final; -+ MDC2_Init; -+ MDC2_Update; -+ NETSCAPE_SPKAC_free; -+ NETSCAPE_SPKAC_new; -+ NETSCAPE_SPKI_free; -+ NETSCAPE_SPKI_new; -+ NETSCAPE_SPKI_sign; -+ NETSCAPE_SPKI_verify; -+ OBJ_add_object; -+ OBJ_bsearch; -+ OBJ_cleanup; -+ OBJ_cmp; -+ OBJ_create; -+ OBJ_dup; -+ OBJ_ln2nid; -+ OBJ_new_nid; -+ OBJ_nid2ln; -+ OBJ_nid2obj; -+ OBJ_nid2sn; -+ OBJ_obj2nid; -+ OBJ_sn2nid; -+ OBJ_txt2nid; -+ PEM_ASN1_read; -+ PEM_ASN1_read_bio; -+ PEM_ASN1_write; -+ PEM_ASN1_write_bio; -+ PEM_SealFinal; -+ PEM_SealInit; -+ PEM_SealUpdate; -+ PEM_SignFinal; -+ PEM_SignInit; -+ PEM_SignUpdate; -+ PEM_X509_INFO_read; -+ PEM_X509_INFO_read_bio; -+ PEM_X509_INFO_write_bio; -+ PEM_dek_info; -+ PEM_do_header; -+ PEM_get_EVP_CIPHER_INFO; -+ PEM_proc_type; -+ PEM_read; -+ PEM_read_DHparams; -+ PEM_read_DSAPrivateKey; -+ PEM_read_DSAparams; -+ PEM_read_PKCS7; -+ PEM_read_PrivateKey; -+ PEM_read_RSAPrivateKey; -+ PEM_read_X509; -+ PEM_read_X509_CRL; -+ PEM_read_X509_REQ; -+ PEM_read_bio; -+ PEM_read_bio_DHparams; -+ PEM_read_bio_DSAPrivateKey; -+ PEM_read_bio_DSAparams; -+ PEM_read_bio_PKCS7; -+ PEM_read_bio_PrivateKey; -+ PEM_read_bio_RSAPrivateKey; -+ PEM_read_bio_X509; -+ PEM_read_bio_X509_CRL; -+ PEM_read_bio_X509_REQ; -+ PEM_write; -+ PEM_write_DHparams; -+ PEM_write_DSAPrivateKey; -+ PEM_write_DSAparams; -+ PEM_write_PKCS7; -+ PEM_write_PrivateKey; -+ PEM_write_RSAPrivateKey; -+ PEM_write_X509; -+ PEM_write_X509_CRL; -+ PEM_write_X509_REQ; -+ PEM_write_bio; -+ PEM_write_bio_DHparams; -+ PEM_write_bio_DSAPrivateKey; -+ PEM_write_bio_DSAparams; -+ PEM_write_bio_PKCS7; -+ PEM_write_bio_PrivateKey; -+ PEM_write_bio_RSAPrivateKey; -+ PEM_write_bio_X509; -+ PEM_write_bio_X509_CRL; -+ PEM_write_bio_X509_REQ; -+ PKCS7_DIGEST_free; -+ PKCS7_DIGEST_new; -+ PKCS7_ENCRYPT_free; -+ PKCS7_ENCRYPT_new; -+ PKCS7_ENC_CONTENT_free; -+ PKCS7_ENC_CONTENT_new; -+ PKCS7_ENVELOPE_free; -+ PKCS7_ENVELOPE_new; -+ PKCS7_ISSUER_AND_SERIAL_digest; -+ PKCS7_ISSUER_AND_SERIAL_free; -+ PKCS7_ISSUER_AND_SERIAL_new; -+ PKCS7_RECIP_INFO_free; -+ PKCS7_RECIP_INFO_new; -+ PKCS7_SIGNED_free; -+ PKCS7_SIGNED_new; -+ PKCS7_SIGNER_INFO_free; -+ PKCS7_SIGNER_INFO_new; -+ PKCS7_SIGN_ENVELOPE_free; -+ PKCS7_SIGN_ENVELOPE_new; -+ PKCS7_dup; -+ PKCS7_free; -+ PKCS7_new; -+ PROXY_ENTRY_add_noproxy; -+ PROXY_ENTRY_clear_noproxy; -+ PROXY_ENTRY_free; -+ PROXY_ENTRY_get_noproxy; -+ PROXY_ENTRY_new; -+ PROXY_ENTRY_set_server; -+ PROXY_add_noproxy; -+ PROXY_add_server; -+ PROXY_check_by_host; -+ PROXY_check_url; -+ PROXY_clear_noproxy; -+ PROXY_free; -+ PROXY_get_noproxy; -+ PROXY_get_proxies; -+ PROXY_get_proxy_entry; -+ PROXY_load_conf; -+ PROXY_new; -+ PROXY_print; -+ RAND_bytes; -+ RAND_cleanup; -+ RAND_file_name; -+ RAND_load_file; -+ RAND_screen; -+ RAND_seed; -+ RAND_write_file; -+ RC2_cbc_encrypt; -+ RC2_cfb64_encrypt; -+ RC2_ecb_encrypt; -+ RC2_encrypt; -+ RC2_ofb64_encrypt; -+ RC2_set_key; -+ RC4; -+ RC4_options; -+ RC4_set_key; -+ RSAPrivateKey_asn1_meth; -+ RSAPrivateKey_dup; -+ RSAPublicKey_dup; -+ RSA_PKCS1_SSLeay; -+ RSA_free; -+ RSA_generate_key; -+ RSA_new; -+ RSA_new_method; -+ RSA_print; -+ RSA_print_fp; -+ RSA_private_decrypt; -+ RSA_private_encrypt; -+ RSA_public_decrypt; -+ RSA_public_encrypt; -+ RSA_set_default_method; -+ RSA_sign; -+ RSA_sign_ASN1_OCTET_STRING; -+ RSA_size; -+ RSA_verify; -+ RSA_verify_ASN1_OCTET_STRING; -+ SHA; -+ SHA1; -+ SHA1_Final; -+ SHA1_Init; -+ SHA1_Update; -+ SHA_Final; -+ SHA_Init; -+ SHA_Update; -+ OpenSSL_add_all_algorithms; -+ OpenSSL_add_all_ciphers; -+ OpenSSL_add_all_digests; -+ TXT_DB_create_index; -+ TXT_DB_free; -+ TXT_DB_get_by_index; -+ TXT_DB_insert; -+ TXT_DB_read; -+ TXT_DB_write; -+ X509_ALGOR_free; -+ X509_ALGOR_new; -+ X509_ATTRIBUTE_free; -+ X509_ATTRIBUTE_new; -+ X509_CINF_free; -+ X509_CINF_new; -+ X509_CRL_INFO_free; -+ X509_CRL_INFO_new; -+ X509_CRL_add_ext; -+ X509_CRL_cmp; -+ X509_CRL_delete_ext; -+ X509_CRL_dup; -+ X509_CRL_free; -+ X509_CRL_get_ext; -+ X509_CRL_get_ext_by_NID; -+ X509_CRL_get_ext_by_OBJ; -+ X509_CRL_get_ext_by_critical; -+ X509_CRL_get_ext_count; -+ X509_CRL_new; -+ X509_CRL_sign; -+ X509_CRL_verify; -+ X509_EXTENSION_create_by_NID; -+ X509_EXTENSION_create_by_OBJ; -+ X509_EXTENSION_dup; -+ X509_EXTENSION_free; -+ X509_EXTENSION_get_critical; -+ X509_EXTENSION_get_data; -+ X509_EXTENSION_get_object; -+ X509_EXTENSION_new; -+ X509_EXTENSION_set_critical; -+ X509_EXTENSION_set_data; -+ X509_EXTENSION_set_object; -+ X509_INFO_free; -+ X509_INFO_new; -+ X509_LOOKUP_by_alias; -+ X509_LOOKUP_by_fingerprint; -+ X509_LOOKUP_by_issuer_serial; -+ X509_LOOKUP_by_subject; -+ X509_LOOKUP_ctrl; -+ X509_LOOKUP_file; -+ X509_LOOKUP_free; -+ X509_LOOKUP_hash_dir; -+ X509_LOOKUP_init; -+ X509_LOOKUP_new; -+ X509_LOOKUP_shutdown; -+ X509_NAME_ENTRY_create_by_NID; -+ X509_NAME_ENTRY_create_by_OBJ; -+ X509_NAME_ENTRY_dup; -+ X509_NAME_ENTRY_free; -+ X509_NAME_ENTRY_get_data; -+ X509_NAME_ENTRY_get_object; -+ X509_NAME_ENTRY_new; -+ X509_NAME_ENTRY_set_data; -+ X509_NAME_ENTRY_set_object; -+ X509_NAME_add_entry; -+ X509_NAME_cmp; -+ X509_NAME_delete_entry; -+ X509_NAME_digest; -+ X509_NAME_dup; -+ X509_NAME_entry_count; -+ X509_NAME_free; -+ X509_NAME_get_entry; -+ X509_NAME_get_index_by_NID; -+ X509_NAME_get_index_by_OBJ; -+ X509_NAME_get_text_by_NID; -+ X509_NAME_get_text_by_OBJ; -+ X509_NAME_hash; -+ X509_NAME_new; -+ X509_NAME_oneline; -+ X509_NAME_print; -+ X509_NAME_set; -+ X509_OBJECT_free_contents; -+ X509_OBJECT_retrieve_by_subject; -+ X509_OBJECT_up_ref_count; -+ X509_PKEY_free; -+ X509_PKEY_new; -+ X509_PUBKEY_free; -+ X509_PUBKEY_get; -+ X509_PUBKEY_new; -+ X509_PUBKEY_set; -+ X509_REQ_INFO_free; -+ X509_REQ_INFO_new; -+ X509_REQ_dup; -+ X509_REQ_free; -+ X509_REQ_get_pubkey; -+ X509_REQ_new; -+ X509_REQ_print; -+ X509_REQ_print_fp; -+ X509_REQ_set_pubkey; -+ X509_REQ_set_subject_name; -+ X509_REQ_set_version; -+ X509_REQ_sign; -+ X509_REQ_to_X509; -+ X509_REQ_verify; -+ X509_REVOKED_add_ext; -+ X509_REVOKED_delete_ext; -+ X509_REVOKED_free; -+ X509_REVOKED_get_ext; -+ X509_REVOKED_get_ext_by_NID; -+ X509_REVOKED_get_ext_by_OBJ; -+ X509_REVOKED_get_ext_by_critical; -+ X509_REVOKED_get_ext_by_critic; -+ X509_REVOKED_get_ext_count; -+ X509_REVOKED_new; -+ X509_SIG_free; -+ X509_SIG_new; -+ X509_STORE_CTX_cleanup; -+ X509_STORE_CTX_init; -+ X509_STORE_add_cert; -+ X509_STORE_add_lookup; -+ X509_STORE_free; -+ X509_STORE_get_by_subject; -+ X509_STORE_load_locations; -+ X509_STORE_new; -+ X509_STORE_set_default_paths; -+ X509_VAL_free; -+ X509_VAL_new; -+ X509_add_ext; -+ X509_asn1_meth; -+ X509_certificate_type; -+ X509_check_private_key; -+ X509_cmp_current_time; -+ X509_delete_ext; -+ X509_digest; -+ X509_dup; -+ X509_free; -+ X509_get_default_cert_area; -+ X509_get_default_cert_dir; -+ X509_get_default_cert_dir_env; -+ X509_get_default_cert_file; -+ X509_get_default_cert_file_env; -+ X509_get_default_private_dir; -+ X509_get_ext; -+ X509_get_ext_by_NID; -+ X509_get_ext_by_OBJ; -+ X509_get_ext_by_critical; -+ X509_get_ext_count; -+ X509_get_issuer_name; -+ X509_get_pubkey; -+ X509_get_pubkey_parameters; -+ X509_get_serialNumber; -+ X509_get_subject_name; -+ X509_gmtime_adj; -+ X509_issuer_and_serial_cmp; -+ X509_issuer_and_serial_hash; -+ X509_issuer_name_cmp; -+ X509_issuer_name_hash; -+ X509_load_cert_file; -+ X509_new; -+ X509_print; -+ X509_print_fp; -+ X509_set_issuer_name; -+ X509_set_notAfter; -+ X509_set_notBefore; -+ X509_set_pubkey; -+ X509_set_serialNumber; -+ X509_set_subject_name; -+ X509_set_version; -+ X509_sign; -+ X509_subject_name_cmp; -+ X509_subject_name_hash; -+ X509_to_X509_REQ; -+ X509_verify; -+ X509_verify_cert; -+ X509_verify_cert_error_string; -+ X509v3_add_ext; -+ X509v3_add_extension; -+ X509v3_add_netscape_extensions; -+ X509v3_add_standard_extensions; -+ X509v3_cleanup_extensions; -+ X509v3_data_type_by_NID; -+ X509v3_data_type_by_OBJ; -+ X509v3_delete_ext; -+ X509v3_get_ext; -+ X509v3_get_ext_by_NID; -+ X509v3_get_ext_by_OBJ; -+ X509v3_get_ext_by_critical; -+ X509v3_get_ext_count; -+ X509v3_pack_string; -+ X509v3_pack_type_by_NID; -+ X509v3_pack_type_by_OBJ; -+ X509v3_unpack_string; -+ _des_crypt; -+ a2d_ASN1_OBJECT; -+ a2i_ASN1_INTEGER; -+ a2i_ASN1_STRING; -+ asn1_Finish; -+ asn1_GetSequence; -+ bn_div_words; -+ bn_expand2; -+ bn_mul_add_words; -+ bn_mul_words; -+ BN_uadd; -+ BN_usub; -+ bn_sqr_words; -+ _ossl_old_crypt; -+ d2i_ASN1_BIT_STRING; -+ d2i_ASN1_BOOLEAN; -+ d2i_ASN1_HEADER; -+ d2i_ASN1_IA5STRING; -+ d2i_ASN1_INTEGER; -+ d2i_ASN1_OBJECT; -+ d2i_ASN1_OCTET_STRING; -+ d2i_ASN1_PRINTABLE; -+ d2i_ASN1_PRINTABLESTRING; -+ d2i_ASN1_SET; -+ d2i_ASN1_T61STRING; -+ d2i_ASN1_TYPE; -+ d2i_ASN1_UTCTIME; -+ d2i_ASN1_bytes; -+ d2i_ASN1_type_bytes; -+ d2i_DHparams; -+ d2i_DSAPrivateKey; -+ d2i_DSAPrivateKey_bio; -+ d2i_DSAPrivateKey_fp; -+ d2i_DSAPublicKey; -+ d2i_DSAparams; -+ d2i_NETSCAPE_SPKAC; -+ d2i_NETSCAPE_SPKI; -+ d2i_Netscape_RSA; -+ d2i_PKCS7; -+ d2i_PKCS7_DIGEST; -+ d2i_PKCS7_ENCRYPT; -+ d2i_PKCS7_ENC_CONTENT; -+ d2i_PKCS7_ENVELOPE; -+ d2i_PKCS7_ISSUER_AND_SERIAL; -+ d2i_PKCS7_RECIP_INFO; -+ d2i_PKCS7_SIGNED; -+ d2i_PKCS7_SIGNER_INFO; -+ d2i_PKCS7_SIGN_ENVELOPE; -+ d2i_PKCS7_bio; -+ d2i_PKCS7_fp; -+ d2i_PrivateKey; -+ d2i_PublicKey; -+ d2i_RSAPrivateKey; -+ d2i_RSAPrivateKey_bio; -+ d2i_RSAPrivateKey_fp; -+ d2i_RSAPublicKey; -+ d2i_X509; -+ d2i_X509_ALGOR; -+ d2i_X509_ATTRIBUTE; -+ d2i_X509_CINF; -+ d2i_X509_CRL; -+ d2i_X509_CRL_INFO; -+ d2i_X509_CRL_bio; -+ d2i_X509_CRL_fp; -+ d2i_X509_EXTENSION; -+ d2i_X509_NAME; -+ d2i_X509_NAME_ENTRY; -+ d2i_X509_PKEY; -+ d2i_X509_PUBKEY; -+ d2i_X509_REQ; -+ d2i_X509_REQ_INFO; -+ d2i_X509_REQ_bio; -+ d2i_X509_REQ_fp; -+ d2i_X509_REVOKED; -+ d2i_X509_SIG; -+ d2i_X509_VAL; -+ d2i_X509_bio; -+ d2i_X509_fp; -+ DES_cbc_cksum; -+ DES_cbc_encrypt; -+ DES_cblock_print_file; -+ DES_cfb64_encrypt; -+ DES_cfb_encrypt; -+ DES_decrypt3; -+ DES_ecb3_encrypt; -+ DES_ecb_encrypt; -+ DES_ede3_cbc_encrypt; -+ DES_ede3_cfb64_encrypt; -+ DES_ede3_ofb64_encrypt; -+ DES_enc_read; -+ DES_enc_write; -+ DES_encrypt1; -+ DES_encrypt2; -+ DES_encrypt3; -+ DES_fcrypt; -+ DES_is_weak_key; -+ DES_key_sched; -+ DES_ncbc_encrypt; -+ DES_ofb64_encrypt; -+ DES_ofb_encrypt; -+ DES_options; -+ DES_pcbc_encrypt; -+ DES_quad_cksum; -+ DES_random_key; -+ _ossl_old_des_random_seed; -+ _ossl_old_des_read_2passwords; -+ _ossl_old_des_read_password; -+ _ossl_old_des_read_pw; -+ _ossl_old_des_read_pw_string; -+ DES_set_key; -+ DES_set_odd_parity; -+ DES_string_to_2keys; -+ DES_string_to_key; -+ DES_xcbc_encrypt; -+ DES_xwhite_in2out; -+ fcrypt_body; -+ i2a_ASN1_INTEGER; -+ i2a_ASN1_OBJECT; -+ i2a_ASN1_STRING; -+ i2d_ASN1_BIT_STRING; -+ i2d_ASN1_BOOLEAN; -+ i2d_ASN1_HEADER; -+ i2d_ASN1_IA5STRING; -+ i2d_ASN1_INTEGER; -+ i2d_ASN1_OBJECT; -+ i2d_ASN1_OCTET_STRING; -+ i2d_ASN1_PRINTABLE; -+ i2d_ASN1_SET; -+ i2d_ASN1_TYPE; -+ i2d_ASN1_UTCTIME; -+ i2d_ASN1_bytes; -+ i2d_DHparams; -+ i2d_DSAPrivateKey; -+ i2d_DSAPrivateKey_bio; -+ i2d_DSAPrivateKey_fp; -+ i2d_DSAPublicKey; -+ i2d_DSAparams; -+ i2d_NETSCAPE_SPKAC; -+ i2d_NETSCAPE_SPKI; -+ i2d_Netscape_RSA; -+ i2d_PKCS7; -+ i2d_PKCS7_DIGEST; -+ i2d_PKCS7_ENCRYPT; -+ i2d_PKCS7_ENC_CONTENT; -+ i2d_PKCS7_ENVELOPE; -+ i2d_PKCS7_ISSUER_AND_SERIAL; -+ i2d_PKCS7_RECIP_INFO; -+ i2d_PKCS7_SIGNED; -+ i2d_PKCS7_SIGNER_INFO; -+ i2d_PKCS7_SIGN_ENVELOPE; -+ i2d_PKCS7_bio; -+ i2d_PKCS7_fp; -+ i2d_PrivateKey; -+ i2d_PublicKey; -+ i2d_RSAPrivateKey; -+ i2d_RSAPrivateKey_bio; -+ i2d_RSAPrivateKey_fp; -+ i2d_RSAPublicKey; -+ i2d_X509; -+ i2d_X509_ALGOR; -+ i2d_X509_ATTRIBUTE; -+ i2d_X509_CINF; -+ i2d_X509_CRL; -+ i2d_X509_CRL_INFO; -+ i2d_X509_CRL_bio; -+ i2d_X509_CRL_fp; -+ i2d_X509_EXTENSION; -+ i2d_X509_NAME; -+ i2d_X509_NAME_ENTRY; -+ i2d_X509_PKEY; -+ i2d_X509_PUBKEY; -+ i2d_X509_REQ; -+ i2d_X509_REQ_INFO; -+ i2d_X509_REQ_bio; -+ i2d_X509_REQ_fp; -+ i2d_X509_REVOKED; -+ i2d_X509_SIG; -+ i2d_X509_VAL; -+ i2d_X509_bio; -+ i2d_X509_fp; -+ idea_cbc_encrypt; -+ idea_cfb64_encrypt; -+ idea_ecb_encrypt; -+ idea_encrypt; -+ idea_ofb64_encrypt; -+ idea_options; -+ idea_set_decrypt_key; -+ idea_set_encrypt_key; -+ lh_delete; -+ lh_doall; -+ lh_doall_arg; -+ lh_free; -+ lh_insert; -+ lh_new; -+ lh_node_stats; -+ lh_node_stats_bio; -+ lh_node_usage_stats; -+ lh_node_usage_stats_bio; -+ lh_retrieve; -+ lh_stats; -+ lh_stats_bio; -+ lh_strhash; -+ sk_delete; -+ sk_delete_ptr; -+ sk_dup; -+ sk_find; -+ sk_free; -+ sk_insert; -+ sk_new; -+ sk_pop; -+ sk_pop_free; -+ sk_push; -+ sk_set_cmp_func; -+ sk_shift; -+ sk_unshift; -+ sk_zero; -+ BIO_f_nbio_test; -+ ASN1_TYPE_get; -+ ASN1_TYPE_set; -+ PKCS7_content_free; -+ ERR_load_PKCS7_strings; -+ X509_find_by_issuer_and_serial; -+ X509_find_by_subject; -+ PKCS7_ctrl; -+ PKCS7_set_type; -+ PKCS7_set_content; -+ PKCS7_SIGNER_INFO_set; -+ PKCS7_add_signer; -+ PKCS7_add_certificate; -+ PKCS7_add_crl; -+ PKCS7_content_new; -+ PKCS7_dataSign; -+ PKCS7_dataVerify; -+ PKCS7_dataInit; -+ PKCS7_add_signature; -+ PKCS7_cert_from_signer_info; -+ PKCS7_get_signer_info; -+ EVP_delete_alias; -+ EVP_mdc2; -+ PEM_read_bio_RSAPublicKey; -+ PEM_write_bio_RSAPublicKey; -+ d2i_RSAPublicKey_bio; -+ i2d_RSAPublicKey_bio; -+ PEM_read_RSAPublicKey; -+ PEM_write_RSAPublicKey; -+ d2i_RSAPublicKey_fp; -+ i2d_RSAPublicKey_fp; -+ BIO_copy_next_retry; -+ RSA_flags; -+ X509_STORE_add_crl; -+ X509_load_crl_file; -+ EVP_rc2_40_cbc; -+ EVP_rc4_40; -+ EVP_CIPHER_CTX_init; -+ HMAC; -+ HMAC_Init; -+ HMAC_Update; -+ HMAC_Final; -+ ERR_get_next_error_library; -+ EVP_PKEY_cmp_parameters; -+ HMAC_cleanup; -+ BIO_ptr_ctrl; -+ BIO_new_file_internal; -+ BIO_new_fp_internal; -+ BIO_s_file_internal; -+ BN_BLINDING_convert; -+ BN_BLINDING_invert; -+ BN_BLINDING_update; -+ RSA_blinding_on; -+ RSA_blinding_off; -+ i2t_ASN1_OBJECT; -+ BN_BLINDING_new; -+ BN_BLINDING_free; -+ EVP_cast5_cbc; -+ EVP_cast5_cfb64; -+ EVP_cast5_ecb; -+ EVP_cast5_ofb; -+ BF_decrypt; -+ CAST_set_key; -+ CAST_encrypt; -+ CAST_decrypt; -+ CAST_ecb_encrypt; -+ CAST_cbc_encrypt; -+ CAST_cfb64_encrypt; -+ CAST_ofb64_encrypt; -+ RC2_decrypt; -+ OBJ_create_objects; -+ BN_exp; -+ BN_mul_word; -+ BN_sub_word; -+ BN_dec2bn; -+ BN_bn2dec; -+ BIO_ghbn_ctrl; -+ CRYPTO_free_ex_data; -+ CRYPTO_get_ex_data; -+ CRYPTO_set_ex_data; -+ ERR_load_CRYPTO_strings; -+ ERR_load_CRYPTOlib_strings; -+ EVP_PKEY_bits; -+ MD5_Transform; -+ SHA1_Transform; -+ SHA_Transform; -+ X509_STORE_CTX_get_chain; -+ X509_STORE_CTX_get_current_cert; -+ X509_STORE_CTX_get_error; -+ X509_STORE_CTX_get_error_depth; -+ X509_STORE_CTX_get_ex_data; -+ X509_STORE_CTX_set_cert; -+ X509_STORE_CTX_set_chain; -+ X509_STORE_CTX_set_error; -+ X509_STORE_CTX_set_ex_data; -+ CRYPTO_dup_ex_data; -+ CRYPTO_get_new_lockid; -+ CRYPTO_new_ex_data; -+ RSA_set_ex_data; -+ RSA_get_ex_data; -+ RSA_get_ex_new_index; -+ RSA_padding_add_PKCS1_type_1; -+ RSA_padding_add_PKCS1_type_2; -+ RSA_padding_add_SSLv23; -+ RSA_padding_add_none; -+ RSA_padding_check_PKCS1_type_1; -+ RSA_padding_check_PKCS1_type_2; -+ RSA_padding_check_SSLv23; -+ RSA_padding_check_none; -+ bn_add_words; -+ d2i_Netscape_RSA_2; -+ CRYPTO_get_ex_new_index; -+ RIPEMD160_Init; -+ RIPEMD160_Update; -+ RIPEMD160_Final; -+ RIPEMD160; -+ RIPEMD160_Transform; -+ RC5_32_set_key; -+ RC5_32_ecb_encrypt; -+ RC5_32_encrypt; -+ RC5_32_decrypt; -+ RC5_32_cbc_encrypt; -+ RC5_32_cfb64_encrypt; -+ RC5_32_ofb64_encrypt; -+ BN_bn2mpi; -+ BN_mpi2bn; -+ ASN1_BIT_STRING_get_bit; -+ ASN1_BIT_STRING_set_bit; -+ BIO_get_ex_data; -+ BIO_get_ex_new_index; -+ BIO_set_ex_data; -+ X509v3_get_key_usage; -+ X509v3_set_key_usage; -+ a2i_X509v3_key_usage; -+ i2a_X509v3_key_usage; -+ EVP_PKEY_decrypt; -+ EVP_PKEY_encrypt; -+ PKCS7_RECIP_INFO_set; -+ PKCS7_add_recipient; -+ PKCS7_add_recipient_info; -+ PKCS7_set_cipher; -+ ASN1_TYPE_get_int_octetstring; -+ ASN1_TYPE_get_octetstring; -+ ASN1_TYPE_set_int_octetstring; -+ ASN1_TYPE_set_octetstring; -+ ASN1_UTCTIME_set_string; -+ ERR_add_error_data; -+ ERR_set_error_data; -+ EVP_CIPHER_asn1_to_param; -+ EVP_CIPHER_param_to_asn1; -+ EVP_CIPHER_get_asn1_iv; -+ EVP_CIPHER_set_asn1_iv; -+ EVP_rc5_32_12_16_cbc; -+ EVP_rc5_32_12_16_cfb64; -+ EVP_rc5_32_12_16_ecb; -+ EVP_rc5_32_12_16_ofb; -+ asn1_add_error; -+ d2i_ASN1_BMPSTRING; -+ i2d_ASN1_BMPSTRING; -+ BIO_f_ber; -+ BN_init; -+ COMP_CTX_new; -+ COMP_CTX_free; -+ COMP_CTX_compress_block; -+ COMP_CTX_expand_block; -+ X509_STORE_CTX_get_ex_new_index; -+ OBJ_NAME_add; -+ BIO_socket_nbio; -+ EVP_rc2_64_cbc; -+ OBJ_NAME_cleanup; -+ OBJ_NAME_get; -+ OBJ_NAME_init; -+ OBJ_NAME_new_index; -+ OBJ_NAME_remove; -+ BN_MONT_CTX_copy; -+ BIO_new_socks4a_connect; -+ BIO_s_socks4a_connect; -+ PROXY_set_connect_mode; -+ RAND_SSLeay; -+ RAND_set_rand_method; -+ RSA_memory_lock; -+ bn_sub_words; -+ bn_mul_normal; -+ bn_mul_comba8; -+ bn_mul_comba4; -+ bn_sqr_normal; -+ bn_sqr_comba8; -+ bn_sqr_comba4; -+ bn_cmp_words; -+ bn_mul_recursive; -+ bn_mul_part_recursive; -+ bn_sqr_recursive; -+ bn_mul_low_normal; -+ BN_RECP_CTX_init; -+ BN_RECP_CTX_new; -+ BN_RECP_CTX_free; -+ BN_RECP_CTX_set; -+ BN_mod_mul_reciprocal; -+ BN_mod_exp_recp; -+ BN_div_recp; -+ BN_CTX_init; -+ BN_MONT_CTX_init; -+ RAND_get_rand_method; -+ PKCS7_add_attribute; -+ PKCS7_add_signed_attribute; -+ PKCS7_digest_from_attributes; -+ PKCS7_get_attribute; -+ PKCS7_get_issuer_and_serial; -+ PKCS7_get_signed_attribute; -+ COMP_compress_block; -+ COMP_expand_block; -+ COMP_rle; -+ COMP_zlib; -+ ms_time_diff; -+ ms_time_new; -+ ms_time_free; -+ ms_time_cmp; -+ ms_time_get; -+ PKCS7_set_attributes; -+ PKCS7_set_signed_attributes; -+ X509_ATTRIBUTE_create; -+ X509_ATTRIBUTE_dup; -+ ASN1_GENERALIZEDTIME_check; -+ ASN1_GENERALIZEDTIME_print; -+ ASN1_GENERALIZEDTIME_set; -+ ASN1_GENERALIZEDTIME_set_string; -+ ASN1_TIME_print; -+ BASIC_CONSTRAINTS_free; -+ BASIC_CONSTRAINTS_new; -+ ERR_load_X509V3_strings; -+ NETSCAPE_CERT_SEQUENCE_free; -+ NETSCAPE_CERT_SEQUENCE_new; -+ OBJ_txt2obj; -+ PEM_read_NETSCAPE_CERT_SEQUENCE; -+ PEM_read_NS_CERT_SEQ; -+ PEM_read_bio_NETSCAPE_CERT_SEQUENCE; -+ PEM_read_bio_NS_CERT_SEQ; -+ PEM_write_NETSCAPE_CERT_SEQUENCE; -+ PEM_write_NS_CERT_SEQ; -+ PEM_write_bio_NETSCAPE_CERT_SEQUENCE; -+ PEM_write_bio_NS_CERT_SEQ; -+ X509V3_EXT_add; -+ X509V3_EXT_add_alias; -+ X509V3_EXT_add_conf; -+ X509V3_EXT_cleanup; -+ X509V3_EXT_conf; -+ X509V3_EXT_conf_nid; -+ X509V3_EXT_get; -+ X509V3_EXT_get_nid; -+ X509V3_EXT_print; -+ X509V3_EXT_print_fp; -+ X509V3_add_standard_extensions; -+ X509V3_add_value; -+ X509V3_add_value_bool; -+ X509V3_add_value_int; -+ X509V3_conf_free; -+ X509V3_get_value_bool; -+ X509V3_get_value_int; -+ X509V3_parse_list; -+ d2i_ASN1_GENERALIZEDTIME; -+ d2i_ASN1_TIME; -+ d2i_BASIC_CONSTRAINTS; -+ d2i_NETSCAPE_CERT_SEQUENCE; -+ d2i_ext_ku; -+ ext_ku_free; -+ ext_ku_new; -+ i2d_ASN1_GENERALIZEDTIME; -+ i2d_ASN1_TIME; -+ i2d_BASIC_CONSTRAINTS; -+ i2d_NETSCAPE_CERT_SEQUENCE; -+ i2d_ext_ku; -+ EVP_MD_CTX_copy; -+ i2d_ASN1_ENUMERATED; -+ d2i_ASN1_ENUMERATED; -+ ASN1_ENUMERATED_set; -+ ASN1_ENUMERATED_get; -+ BN_to_ASN1_ENUMERATED; -+ ASN1_ENUMERATED_to_BN; -+ i2a_ASN1_ENUMERATED; -+ a2i_ASN1_ENUMERATED; -+ i2d_GENERAL_NAME; -+ d2i_GENERAL_NAME; -+ GENERAL_NAME_new; -+ GENERAL_NAME_free; -+ GENERAL_NAMES_new; -+ GENERAL_NAMES_free; -+ d2i_GENERAL_NAMES; -+ i2d_GENERAL_NAMES; -+ i2v_GENERAL_NAMES; -+ i2s_ASN1_OCTET_STRING; -+ s2i_ASN1_OCTET_STRING; -+ X509V3_EXT_check_conf; -+ hex_to_string; -+ string_to_hex; -+ DES_ede3_cbcm_encrypt; -+ RSA_padding_add_PKCS1_OAEP; -+ RSA_padding_check_PKCS1_OAEP; -+ X509_CRL_print_fp; -+ X509_CRL_print; -+ i2v_GENERAL_NAME; -+ v2i_GENERAL_NAME; -+ i2d_PKEY_USAGE_PERIOD; -+ d2i_PKEY_USAGE_PERIOD; -+ PKEY_USAGE_PERIOD_new; -+ PKEY_USAGE_PERIOD_free; -+ v2i_GENERAL_NAMES; -+ i2s_ASN1_INTEGER; -+ X509V3_EXT_d2i; -+ name_cmp; -+ str_dup; -+ i2s_ASN1_ENUMERATED; -+ i2s_ASN1_ENUMERATED_TABLE; -+ BIO_s_log; -+ BIO_f_reliable; -+ PKCS7_dataFinal; -+ PKCS7_dataDecode; -+ X509V3_EXT_CRL_add_conf; -+ BN_set_params; -+ BN_get_params; -+ BIO_get_ex_num; -+ BIO_set_ex_free_func; -+ EVP_ripemd160; -+ ASN1_TIME_set; -+ i2d_AUTHORITY_KEYID; -+ d2i_AUTHORITY_KEYID; -+ AUTHORITY_KEYID_new; -+ AUTHORITY_KEYID_free; -+ ASN1_seq_unpack; -+ ASN1_seq_pack; -+ ASN1_unpack_string; -+ ASN1_pack_string; -+ PKCS12_pack_safebag; -+ PKCS12_MAKE_KEYBAG; -+ PKCS8_encrypt; -+ PKCS12_MAKE_SHKEYBAG; -+ PKCS12_pack_p7data; -+ PKCS12_pack_p7encdata; -+ PKCS12_add_localkeyid; -+ PKCS12_add_friendlyname_asc; -+ PKCS12_add_friendlyname_uni; -+ PKCS12_get_friendlyname; -+ PKCS12_pbe_crypt; -+ PKCS12_decrypt_d2i; -+ PKCS12_i2d_encrypt; -+ PKCS12_init; -+ PKCS12_key_gen_asc; -+ PKCS12_key_gen_uni; -+ PKCS12_gen_mac; -+ PKCS12_verify_mac; -+ PKCS12_set_mac; -+ PKCS12_setup_mac; -+ OPENSSL_asc2uni; -+ OPENSSL_uni2asc; -+ i2d_PKCS12_BAGS; -+ PKCS12_BAGS_new; -+ d2i_PKCS12_BAGS; -+ PKCS12_BAGS_free; -+ i2d_PKCS12; -+ d2i_PKCS12; -+ PKCS12_new; -+ PKCS12_free; -+ i2d_PKCS12_MAC_DATA; -+ PKCS12_MAC_DATA_new; -+ d2i_PKCS12_MAC_DATA; -+ PKCS12_MAC_DATA_free; -+ i2d_PKCS12_SAFEBAG; -+ PKCS12_SAFEBAG_new; -+ d2i_PKCS12_SAFEBAG; -+ PKCS12_SAFEBAG_free; -+ ERR_load_PKCS12_strings; -+ PKCS12_PBE_add; -+ PKCS8_add_keyusage; -+ PKCS12_get_attr_gen; -+ PKCS12_parse; -+ PKCS12_create; -+ i2d_PKCS12_bio; -+ i2d_PKCS12_fp; -+ d2i_PKCS12_bio; -+ d2i_PKCS12_fp; -+ i2d_PBEPARAM; -+ PBEPARAM_new; -+ d2i_PBEPARAM; -+ PBEPARAM_free; -+ i2d_PKCS8_PRIV_KEY_INFO; -+ PKCS8_PRIV_KEY_INFO_new; -+ d2i_PKCS8_PRIV_KEY_INFO; -+ PKCS8_PRIV_KEY_INFO_free; -+ EVP_PKCS82PKEY; -+ EVP_PKEY2PKCS8; -+ PKCS8_set_broken; -+ EVP_PBE_ALGOR_CipherInit; -+ EVP_PBE_alg_add; -+ PKCS5_pbe_set; -+ EVP_PBE_cleanup; -+ i2d_SXNET; -+ d2i_SXNET; -+ SXNET_new; -+ SXNET_free; -+ i2d_SXNETID; -+ d2i_SXNETID; -+ SXNETID_new; -+ SXNETID_free; -+ DSA_SIG_new; -+ DSA_SIG_free; -+ DSA_do_sign; -+ DSA_do_verify; -+ d2i_DSA_SIG; -+ i2d_DSA_SIG; -+ i2d_ASN1_VISIBLESTRING; -+ d2i_ASN1_VISIBLESTRING; -+ i2d_ASN1_UTF8STRING; -+ d2i_ASN1_UTF8STRING; -+ i2d_DIRECTORYSTRING; -+ d2i_DIRECTORYSTRING; -+ i2d_DISPLAYTEXT; -+ d2i_DISPLAYTEXT; -+ d2i_ASN1_SET_OF_X509; -+ i2d_ASN1_SET_OF_X509; -+ i2d_PBKDF2PARAM; -+ PBKDF2PARAM_new; -+ d2i_PBKDF2PARAM; -+ PBKDF2PARAM_free; -+ i2d_PBE2PARAM; -+ PBE2PARAM_new; -+ d2i_PBE2PARAM; -+ PBE2PARAM_free; -+ d2i_ASN1_SET_OF_GENERAL_NAME; -+ i2d_ASN1_SET_OF_GENERAL_NAME; -+ d2i_ASN1_SET_OF_SXNETID; -+ i2d_ASN1_SET_OF_SXNETID; -+ d2i_ASN1_SET_OF_POLICYQUALINFO; -+ i2d_ASN1_SET_OF_POLICYQUALINFO; -+ d2i_ASN1_SET_OF_POLICYINFO; -+ i2d_ASN1_SET_OF_POLICYINFO; -+ SXNET_add_id_asc; -+ SXNET_add_id_ulong; -+ SXNET_add_id_INTEGER; -+ SXNET_get_id_asc; -+ SXNET_get_id_ulong; -+ SXNET_get_id_INTEGER; -+ X509V3_set_conf_lhash; -+ i2d_CERTIFICATEPOLICIES; -+ CERTIFICATEPOLICIES_new; -+ CERTIFICATEPOLICIES_free; -+ d2i_CERTIFICATEPOLICIES; -+ i2d_POLICYINFO; -+ POLICYINFO_new; -+ d2i_POLICYINFO; -+ POLICYINFO_free; -+ i2d_POLICYQUALINFO; -+ POLICYQUALINFO_new; -+ d2i_POLICYQUALINFO; -+ POLICYQUALINFO_free; -+ i2d_USERNOTICE; -+ USERNOTICE_new; -+ d2i_USERNOTICE; -+ USERNOTICE_free; -+ i2d_NOTICEREF; -+ NOTICEREF_new; -+ d2i_NOTICEREF; -+ NOTICEREF_free; -+ X509V3_get_string; -+ X509V3_get_section; -+ X509V3_string_free; -+ X509V3_section_free; -+ X509V3_set_ctx; -+ s2i_ASN1_INTEGER; -+ CRYPTO_set_locked_mem_functions; -+ CRYPTO_get_locked_mem_functions; -+ CRYPTO_malloc_locked; -+ CRYPTO_free_locked; -+ BN_mod_exp2_mont; -+ ERR_get_error_line_data; -+ ERR_peek_error_line_data; -+ PKCS12_PBE_keyivgen; -+ X509_ALGOR_dup; -+ d2i_ASN1_SET_OF_DIST_POINT; -+ i2d_ASN1_SET_OF_DIST_POINT; -+ i2d_CRL_DIST_POINTS; -+ CRL_DIST_POINTS_new; -+ CRL_DIST_POINTS_free; -+ d2i_CRL_DIST_POINTS; -+ i2d_DIST_POINT; -+ DIST_POINT_new; -+ d2i_DIST_POINT; -+ DIST_POINT_free; -+ i2d_DIST_POINT_NAME; -+ DIST_POINT_NAME_new; -+ DIST_POINT_NAME_free; -+ d2i_DIST_POINT_NAME; -+ X509V3_add_value_uchar; -+ d2i_ASN1_SET_OF_X509_ATTRIBUTE; -+ i2d_ASN1_SET_OF_ASN1_TYPE; -+ d2i_ASN1_SET_OF_X509_EXTENSION; -+ d2i_ASN1_SET_OF_X509_NAME_ENTRY; -+ d2i_ASN1_SET_OF_ASN1_TYPE; -+ i2d_ASN1_SET_OF_X509_ATTRIBUTE; -+ i2d_ASN1_SET_OF_X509_EXTENSION; -+ i2d_ASN1_SET_OF_X509_NAME_ENTRY; -+ X509V3_EXT_i2d; -+ X509V3_EXT_val_prn; -+ X509V3_EXT_add_list; -+ EVP_CIPHER_type; -+ EVP_PBE_CipherInit; -+ X509V3_add_value_bool_nf; -+ d2i_ASN1_UINTEGER; -+ sk_value; -+ sk_num; -+ sk_set; -+ i2d_ASN1_SET_OF_X509_REVOKED; -+ sk_sort; -+ d2i_ASN1_SET_OF_X509_REVOKED; -+ i2d_ASN1_SET_OF_X509_ALGOR; -+ i2d_ASN1_SET_OF_X509_CRL; -+ d2i_ASN1_SET_OF_X509_ALGOR; -+ d2i_ASN1_SET_OF_X509_CRL; -+ i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO; -+ i2d_ASN1_SET_OF_PKCS7_RECIP_INFO; -+ d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO; -+ d2i_ASN1_SET_OF_PKCS7_RECIP_INFO; -+ PKCS5_PBE_add; -+ PEM_write_bio_PKCS8; -+ i2d_PKCS8_fp; -+ PEM_read_bio_PKCS8_PRIV_KEY_INFO; -+ PEM_read_bio_P8_PRIV_KEY_INFO; -+ d2i_PKCS8_bio; -+ d2i_PKCS8_PRIV_KEY_INFO_fp; -+ PEM_write_bio_PKCS8_PRIV_KEY_INFO; -+ PEM_write_bio_P8_PRIV_KEY_INFO; -+ PEM_read_PKCS8; -+ d2i_PKCS8_PRIV_KEY_INFO_bio; -+ d2i_PKCS8_fp; -+ PEM_write_PKCS8; -+ PEM_read_PKCS8_PRIV_KEY_INFO; -+ PEM_read_P8_PRIV_KEY_INFO; -+ PEM_read_bio_PKCS8; -+ PEM_write_PKCS8_PRIV_KEY_INFO; -+ PEM_write_P8_PRIV_KEY_INFO; -+ PKCS5_PBE_keyivgen; -+ i2d_PKCS8_bio; -+ i2d_PKCS8_PRIV_KEY_INFO_fp; -+ i2d_PKCS8_PRIV_KEY_INFO_bio; -+ BIO_s_bio; -+ PKCS5_pbe2_set; -+ PKCS5_PBKDF2_HMAC_SHA1; -+ PKCS5_v2_PBE_keyivgen; -+ PEM_write_bio_PKCS8PrivateKey; -+ PEM_write_PKCS8PrivateKey; -+ BIO_ctrl_get_read_request; -+ BIO_ctrl_pending; -+ BIO_ctrl_wpending; -+ BIO_new_bio_pair; -+ BIO_ctrl_get_write_guarantee; -+ CRYPTO_num_locks; -+ CONF_load_bio; -+ CONF_load_fp; -+ i2d_ASN1_SET_OF_ASN1_OBJECT; -+ d2i_ASN1_SET_OF_ASN1_OBJECT; -+ PKCS7_signatureVerify; -+ RSA_set_method; -+ RSA_get_method; -+ RSA_get_default_method; -+ RSA_check_key; -+ OBJ_obj2txt; -+ DSA_dup_DH; -+ X509_REQ_get_extensions; -+ X509_REQ_set_extension_nids; -+ BIO_nwrite; -+ X509_REQ_extension_nid; -+ BIO_nread; -+ X509_REQ_get_extension_nids; -+ BIO_nwrite0; -+ X509_REQ_add_extensions_nid; -+ BIO_nread0; -+ X509_REQ_add_extensions; -+ BIO_new_mem_buf; -+ DH_set_ex_data; -+ DH_set_method; -+ DSA_OpenSSL; -+ DH_get_ex_data; -+ DH_get_ex_new_index; -+ DSA_new_method; -+ DH_new_method; -+ DH_OpenSSL; -+ DSA_get_ex_new_index; -+ DH_get_default_method; -+ DSA_set_ex_data; -+ DH_set_default_method; -+ DSA_get_ex_data; -+ X509V3_EXT_REQ_add_conf; -+ NETSCAPE_SPKI_print; -+ NETSCAPE_SPKI_set_pubkey; -+ NETSCAPE_SPKI_b64_encode; -+ NETSCAPE_SPKI_get_pubkey; -+ NETSCAPE_SPKI_b64_decode; -+ UTF8_putc; -+ UTF8_getc; -+ RSA_null_method; -+ ASN1_tag2str; -+ BIO_ctrl_reset_read_request; -+ DISPLAYTEXT_new; -+ ASN1_GENERALIZEDTIME_free; -+ X509_REVOKED_get_ext_d2i; -+ X509_set_ex_data; -+ X509_reject_set_bit_asc; -+ X509_NAME_add_entry_by_txt; -+ X509_NAME_add_entry_by_NID; -+ X509_PURPOSE_get0; -+ PEM_read_X509_AUX; -+ d2i_AUTHORITY_INFO_ACCESS; -+ PEM_write_PUBKEY; -+ ACCESS_DESCRIPTION_new; -+ X509_CERT_AUX_free; -+ d2i_ACCESS_DESCRIPTION; -+ X509_trust_clear; -+ X509_TRUST_add; -+ ASN1_VISIBLESTRING_new; -+ X509_alias_set1; -+ ASN1_PRINTABLESTRING_free; -+ EVP_PKEY_get1_DSA; -+ ASN1_BMPSTRING_new; -+ ASN1_mbstring_copy; -+ ASN1_UTF8STRING_new; -+ DSA_get_default_method; -+ i2d_ASN1_SET_OF_ACCESS_DESCRIPTION; -+ ASN1_T61STRING_free; -+ DSA_set_method; -+ X509_get_ex_data; -+ ASN1_STRING_type; -+ X509_PURPOSE_get_by_sname; -+ ASN1_TIME_free; -+ ASN1_OCTET_STRING_cmp; -+ ASN1_BIT_STRING_new; -+ X509_get_ext_d2i; -+ PEM_read_bio_X509_AUX; -+ ASN1_STRING_set_default_mask_asc; -+ ASN1_STRING_set_def_mask_asc; -+ PEM_write_bio_RSA_PUBKEY; -+ ASN1_INTEGER_cmp; -+ d2i_RSA_PUBKEY_fp; -+ X509_trust_set_bit_asc; -+ PEM_write_bio_DSA_PUBKEY; -+ X509_STORE_CTX_free; -+ EVP_PKEY_set1_DSA; -+ i2d_DSA_PUBKEY_fp; -+ X509_load_cert_crl_file; -+ ASN1_TIME_new; -+ i2d_RSA_PUBKEY; -+ X509_STORE_CTX_purpose_inherit; -+ PEM_read_RSA_PUBKEY; -+ d2i_X509_AUX; -+ i2d_DSA_PUBKEY; -+ X509_CERT_AUX_print; -+ PEM_read_DSA_PUBKEY; -+ i2d_RSA_PUBKEY_bio; -+ ASN1_BIT_STRING_num_asc; -+ i2d_PUBKEY; -+ ASN1_UTCTIME_free; -+ DSA_set_default_method; -+ X509_PURPOSE_get_by_id; -+ ACCESS_DESCRIPTION_free; -+ PEM_read_bio_PUBKEY; -+ ASN1_STRING_set_by_NID; -+ X509_PURPOSE_get_id; -+ DISPLAYTEXT_free; -+ OTHERNAME_new; -+ X509_CERT_AUX_new; -+ X509_TRUST_cleanup; -+ X509_NAME_add_entry_by_OBJ; -+ X509_CRL_get_ext_d2i; -+ X509_PURPOSE_get0_name; -+ PEM_read_PUBKEY; -+ i2d_DSA_PUBKEY_bio; -+ i2d_OTHERNAME; -+ ASN1_OCTET_STRING_free; -+ ASN1_BIT_STRING_set_asc; -+ X509_get_ex_new_index; -+ ASN1_STRING_TABLE_cleanup; -+ X509_TRUST_get_by_id; -+ X509_PURPOSE_get_trust; -+ ASN1_STRING_length; -+ d2i_ASN1_SET_OF_ACCESS_DESCRIPTION; -+ ASN1_PRINTABLESTRING_new; -+ X509V3_get_d2i; -+ ASN1_ENUMERATED_free; -+ i2d_X509_CERT_AUX; -+ X509_STORE_CTX_set_trust; -+ ASN1_STRING_set_default_mask; -+ X509_STORE_CTX_new; -+ EVP_PKEY_get1_RSA; -+ DIRECTORYSTRING_free; -+ PEM_write_X509_AUX; -+ ASN1_OCTET_STRING_set; -+ d2i_DSA_PUBKEY_fp; -+ d2i_RSA_PUBKEY; -+ X509_TRUST_get0_name; -+ X509_TRUST_get0; -+ AUTHORITY_INFO_ACCESS_free; -+ ASN1_IA5STRING_new; -+ d2i_DSA_PUBKEY; -+ X509_check_purpose; -+ ASN1_ENUMERATED_new; -+ d2i_RSA_PUBKEY_bio; -+ d2i_PUBKEY; -+ X509_TRUST_get_trust; -+ X509_TRUST_get_flags; -+ ASN1_BMPSTRING_free; -+ ASN1_T61STRING_new; -+ ASN1_UTCTIME_new; -+ i2d_AUTHORITY_INFO_ACCESS; -+ EVP_PKEY_set1_RSA; -+ X509_STORE_CTX_set_purpose; -+ ASN1_IA5STRING_free; -+ PEM_write_bio_X509_AUX; -+ X509_PURPOSE_get_count; -+ CRYPTO_add_info; -+ X509_NAME_ENTRY_create_by_txt; -+ ASN1_STRING_get_default_mask; -+ X509_alias_get0; -+ ASN1_STRING_data; -+ i2d_ACCESS_DESCRIPTION; -+ X509_trust_set_bit; -+ ASN1_BIT_STRING_free; -+ PEM_read_bio_RSA_PUBKEY; -+ X509_add1_reject_object; -+ X509_check_trust; -+ PEM_read_bio_DSA_PUBKEY; -+ X509_PURPOSE_add; -+ ASN1_STRING_TABLE_get; -+ ASN1_UTF8STRING_free; -+ d2i_DSA_PUBKEY_bio; -+ PEM_write_RSA_PUBKEY; -+ d2i_OTHERNAME; -+ X509_reject_set_bit; -+ PEM_write_DSA_PUBKEY; -+ X509_PURPOSE_get0_sname; -+ EVP_PKEY_set1_DH; -+ ASN1_OCTET_STRING_dup; -+ ASN1_BIT_STRING_set; -+ X509_TRUST_get_count; -+ ASN1_INTEGER_free; -+ OTHERNAME_free; -+ i2d_RSA_PUBKEY_fp; -+ ASN1_INTEGER_dup; -+ d2i_X509_CERT_AUX; -+ PEM_write_bio_PUBKEY; -+ ASN1_VISIBLESTRING_free; -+ X509_PURPOSE_cleanup; -+ ASN1_mbstring_ncopy; -+ ASN1_GENERALIZEDTIME_new; -+ EVP_PKEY_get1_DH; -+ ASN1_OCTET_STRING_new; -+ ASN1_INTEGER_new; -+ i2d_X509_AUX; -+ ASN1_BIT_STRING_name_print; -+ X509_cmp; -+ ASN1_STRING_length_set; -+ DIRECTORYSTRING_new; -+ X509_add1_trust_object; -+ PKCS12_newpass; -+ SMIME_write_PKCS7; -+ SMIME_read_PKCS7; -+ DES_set_key_checked; -+ PKCS7_verify; -+ PKCS7_encrypt; -+ DES_set_key_unchecked; -+ SMIME_crlf_copy; -+ i2d_ASN1_PRINTABLESTRING; -+ PKCS7_get0_signers; -+ PKCS7_decrypt; -+ SMIME_text; -+ PKCS7_simple_smimecap; -+ PKCS7_get_smimecap; -+ PKCS7_sign; -+ PKCS7_add_attrib_smimecap; -+ CRYPTO_dbg_set_options; -+ CRYPTO_remove_all_info; -+ CRYPTO_get_mem_debug_functions; -+ CRYPTO_is_mem_check_on; -+ CRYPTO_set_mem_debug_functions; -+ CRYPTO_pop_info; -+ CRYPTO_push_info_; -+ CRYPTO_set_mem_debug_options; -+ PEM_write_PKCS8PrivateKey_nid; -+ PEM_write_bio_PKCS8PrivateKey_nid; -+ PEM_write_bio_PKCS8PrivKey_nid; -+ d2i_PKCS8PrivateKey_bio; -+ ASN1_NULL_free; -+ d2i_ASN1_NULL; -+ ASN1_NULL_new; -+ i2d_PKCS8PrivateKey_bio; -+ i2d_PKCS8PrivateKey_fp; -+ i2d_ASN1_NULL; -+ i2d_PKCS8PrivateKey_nid_fp; -+ d2i_PKCS8PrivateKey_fp; -+ i2d_PKCS8PrivateKey_nid_bio; -+ i2d_PKCS8PrivateKeyInfo_fp; -+ i2d_PKCS8PrivateKeyInfo_bio; -+ PEM_cb; -+ i2d_PrivateKey_fp; -+ d2i_PrivateKey_bio; -+ d2i_PrivateKey_fp; -+ i2d_PrivateKey_bio; -+ X509_reject_clear; -+ X509_TRUST_set_default; -+ d2i_AutoPrivateKey; -+ X509_ATTRIBUTE_get0_type; -+ X509_ATTRIBUTE_set1_data; -+ X509at_get_attr; -+ X509at_get_attr_count; -+ X509_ATTRIBUTE_create_by_NID; -+ X509_ATTRIBUTE_set1_object; -+ X509_ATTRIBUTE_count; -+ X509_ATTRIBUTE_create_by_OBJ; -+ X509_ATTRIBUTE_get0_object; -+ X509at_get_attr_by_NID; -+ X509at_add1_attr; -+ X509_ATTRIBUTE_get0_data; -+ X509at_delete_attr; -+ X509at_get_attr_by_OBJ; -+ RAND_add; -+ BIO_number_written; -+ BIO_number_read; -+ X509_STORE_CTX_get1_chain; -+ ERR_load_RAND_strings; -+ RAND_pseudo_bytes; -+ X509_REQ_get_attr_by_NID; -+ X509_REQ_get_attr; -+ X509_REQ_add1_attr_by_NID; -+ X509_REQ_get_attr_by_OBJ; -+ X509at_add1_attr_by_NID; -+ X509_REQ_add1_attr_by_OBJ; -+ X509_REQ_get_attr_count; -+ X509_REQ_add1_attr; -+ X509_REQ_delete_attr; -+ X509at_add1_attr_by_OBJ; -+ X509_REQ_add1_attr_by_txt; -+ X509_ATTRIBUTE_create_by_txt; -+ X509at_add1_attr_by_txt; -+ BN_pseudo_rand; -+ BN_is_prime_fasttest; -+ BN_CTX_end; -+ BN_CTX_start; -+ BN_CTX_get; -+ EVP_PKEY2PKCS8_broken; -+ ASN1_STRING_TABLE_add; -+ CRYPTO_dbg_get_options; -+ AUTHORITY_INFO_ACCESS_new; -+ CRYPTO_get_mem_debug_options; -+ DES_crypt; -+ PEM_write_bio_X509_REQ_NEW; -+ PEM_write_X509_REQ_NEW; -+ BIO_callback_ctrl; -+ RAND_egd; -+ RAND_status; -+ bn_dump1; -+ DES_check_key_parity; -+ lh_num_items; -+ RAND_event; -+ DSO_new; -+ DSO_new_method; -+ DSO_free; -+ DSO_flags; -+ DSO_up; -+ DSO_set_default_method; -+ DSO_get_default_method; -+ DSO_get_method; -+ DSO_set_method; -+ DSO_load; -+ DSO_bind_var; -+ DSO_METHOD_null; -+ DSO_METHOD_openssl; -+ DSO_METHOD_dlfcn; -+ DSO_METHOD_win32; -+ ERR_load_DSO_strings; -+ DSO_METHOD_dl; -+ NCONF_load; -+ NCONF_load_fp; -+ NCONF_new; -+ NCONF_get_string; -+ NCONF_free; -+ NCONF_get_number; -+ CONF_dump_fp; -+ NCONF_load_bio; -+ NCONF_dump_fp; -+ NCONF_get_section; -+ NCONF_dump_bio; -+ CONF_dump_bio; -+ NCONF_free_data; -+ CONF_set_default_method; -+ ERR_error_string_n; -+ BIO_snprintf; -+ DSO_ctrl; -+ i2d_ASN1_SET_OF_ASN1_INTEGER; -+ i2d_ASN1_SET_OF_PKCS12_SAFEBAG; -+ i2d_ASN1_SET_OF_PKCS7; -+ BIO_vfree; -+ d2i_ASN1_SET_OF_ASN1_INTEGER; -+ d2i_ASN1_SET_OF_PKCS12_SAFEBAG; -+ ASN1_UTCTIME_get; -+ X509_REQ_digest; -+ X509_CRL_digest; -+ d2i_ASN1_SET_OF_PKCS7; -+ EVP_CIPHER_CTX_set_key_length; -+ EVP_CIPHER_CTX_ctrl; -+ BN_mod_exp_mont_word; -+ RAND_egd_bytes; -+ X509_REQ_get1_email; -+ X509_get1_email; -+ X509_email_free; -+ i2d_RSA_NET; -+ d2i_RSA_NET_2; -+ d2i_RSA_NET; -+ DSO_bind_func; -+ CRYPTO_get_new_dynlockid; -+ sk_new_null; -+ CRYPTO_set_dynlock_destroy_callback; -+ CRYPTO_set_dynlock_destroy_cb; -+ CRYPTO_destroy_dynlockid; -+ CRYPTO_set_dynlock_size; -+ CRYPTO_set_dynlock_create_callback; -+ CRYPTO_set_dynlock_create_cb; -+ CRYPTO_set_dynlock_lock_callback; -+ CRYPTO_set_dynlock_lock_cb; -+ CRYPTO_get_dynlock_lock_callback; -+ CRYPTO_get_dynlock_lock_cb; -+ CRYPTO_get_dynlock_destroy_callback; -+ CRYPTO_get_dynlock_destroy_cb; -+ CRYPTO_get_dynlock_value; -+ CRYPTO_get_dynlock_create_callback; -+ CRYPTO_get_dynlock_create_cb; -+ c2i_ASN1_BIT_STRING; -+ i2c_ASN1_BIT_STRING; -+ RAND_poll; -+ c2i_ASN1_INTEGER; -+ i2c_ASN1_INTEGER; -+ BIO_dump_indent; -+ ASN1_parse_dump; -+ c2i_ASN1_OBJECT; -+ X509_NAME_print_ex_fp; -+ ASN1_STRING_print_ex_fp; -+ X509_NAME_print_ex; -+ ASN1_STRING_print_ex; -+ MD4; -+ MD4_Transform; -+ MD4_Final; -+ MD4_Update; -+ MD4_Init; -+ EVP_md4; -+ i2d_PUBKEY_bio; -+ i2d_PUBKEY_fp; -+ d2i_PUBKEY_bio; -+ ASN1_STRING_to_UTF8; -+ BIO_vprintf; -+ BIO_vsnprintf; -+ d2i_PUBKEY_fp; -+ X509_cmp_time; -+ X509_STORE_CTX_set_time; -+ X509_STORE_CTX_get1_issuer; -+ X509_OBJECT_retrieve_match; -+ X509_OBJECT_idx_by_subject; -+ X509_STORE_CTX_set_flags; -+ X509_STORE_CTX_trusted_stack; -+ X509_time_adj; -+ X509_check_issued; -+ ASN1_UTCTIME_cmp_time_t; -+ DES_set_weak_key_flag; -+ DES_check_key; -+ DES_rw_mode; -+ RSA_PKCS1_RSAref; -+ X509_keyid_set1; -+ BIO_next; -+ DSO_METHOD_vms; -+ BIO_f_linebuffer; -+ BN_bntest_rand; -+ OPENSSL_issetugid; -+ BN_rand_range; -+ ERR_load_ENGINE_strings; -+ ENGINE_set_DSA; -+ ENGINE_get_finish_function; -+ ENGINE_get_default_RSA; -+ ENGINE_get_BN_mod_exp; -+ DSA_get_default_openssl_method; -+ ENGINE_set_DH; -+ ENGINE_set_def_BN_mod_exp_crt; -+ ENGINE_set_default_BN_mod_exp_crt; -+ ENGINE_init; -+ DH_get_default_openssl_method; -+ RSA_set_default_openssl_method; -+ ENGINE_finish; -+ ENGINE_load_public_key; -+ ENGINE_get_DH; -+ ENGINE_ctrl; -+ ENGINE_get_init_function; -+ ENGINE_set_init_function; -+ ENGINE_set_default_DSA; -+ ENGINE_get_name; -+ ENGINE_get_last; -+ ENGINE_get_prev; -+ ENGINE_get_default_DH; -+ ENGINE_get_RSA; -+ ENGINE_set_default; -+ ENGINE_get_RAND; -+ ENGINE_get_first; -+ ENGINE_by_id; -+ ENGINE_set_finish_function; -+ ENGINE_get_def_BN_mod_exp_crt; -+ ENGINE_get_default_BN_mod_exp_crt; -+ RSA_get_default_openssl_method; -+ ENGINE_set_RSA; -+ ENGINE_load_private_key; -+ ENGINE_set_default_RAND; -+ ENGINE_set_BN_mod_exp; -+ ENGINE_remove; -+ ENGINE_free; -+ ENGINE_get_BN_mod_exp_crt; -+ ENGINE_get_next; -+ ENGINE_set_name; -+ ENGINE_get_default_DSA; -+ ENGINE_set_default_BN_mod_exp; -+ ENGINE_set_default_RSA; -+ ENGINE_get_default_RAND; -+ ENGINE_get_default_BN_mod_exp; -+ ENGINE_set_RAND; -+ ENGINE_set_id; -+ ENGINE_set_BN_mod_exp_crt; -+ ENGINE_set_default_DH; -+ ENGINE_new; -+ ENGINE_get_id; -+ DSA_set_default_openssl_method; -+ ENGINE_add; -+ DH_set_default_openssl_method; -+ ENGINE_get_DSA; -+ ENGINE_get_ctrl_function; -+ ENGINE_set_ctrl_function; -+ BN_pseudo_rand_range; -+ X509_STORE_CTX_set_verify_cb; -+ ERR_load_COMP_strings; -+ PKCS12_item_decrypt_d2i; -+ ASN1_UTF8STRING_it; -+ ASN1_UTF8STRING_it; -+ ENGINE_unregister_ciphers; -+ ENGINE_get_ciphers; -+ d2i_OCSP_BASICRESP; -+ KRB5_CHECKSUM_it; -+ KRB5_CHECKSUM_it; -+ EC_POINT_add; -+ ASN1_item_ex_i2d; -+ OCSP_CERTID_it; -+ OCSP_CERTID_it; -+ d2i_OCSP_RESPBYTES; -+ X509V3_add1_i2d; -+ PKCS7_ENVELOPE_it; -+ PKCS7_ENVELOPE_it; -+ UI_add_input_boolean; -+ ENGINE_unregister_RSA; -+ X509V3_EXT_nconf; -+ ASN1_GENERALSTRING_free; -+ d2i_OCSP_CERTSTATUS; -+ X509_REVOKED_set_serialNumber; -+ X509_print_ex; -+ OCSP_ONEREQ_get1_ext_d2i; -+ ENGINE_register_all_RAND; -+ ENGINE_load_dynamic; -+ PBKDF2PARAM_it; -+ PBKDF2PARAM_it; -+ EXTENDED_KEY_USAGE_new; -+ EC_GROUP_clear_free; -+ OCSP_sendreq_bio; -+ ASN1_item_digest; -+ OCSP_BASICRESP_delete_ext; -+ OCSP_SIGNATURE_it; -+ OCSP_SIGNATURE_it; -+ X509_CRL_it; -+ X509_CRL_it; -+ OCSP_BASICRESP_add_ext; -+ KRB5_ENCKEY_it; -+ KRB5_ENCKEY_it; -+ UI_method_set_closer; -+ X509_STORE_set_purpose; -+ i2d_ASN1_GENERALSTRING; -+ OCSP_response_status; -+ i2d_OCSP_SERVICELOC; -+ ENGINE_get_digest_engine; -+ EC_GROUP_set_curve_GFp; -+ OCSP_REQUEST_get_ext_by_OBJ; -+ _ossl_old_des_random_key; -+ ASN1_T61STRING_it; -+ ASN1_T61STRING_it; -+ EC_GROUP_method_of; -+ i2d_KRB5_APREQ; -+ _ossl_old_des_encrypt; -+ ASN1_PRINTABLE_new; -+ HMAC_Init_ex; -+ d2i_KRB5_AUTHENT; -+ OCSP_archive_cutoff_new; -+ EC_POINT_set_Jprojective_coordinates_GFp; -+ EC_POINT_set_Jproj_coords_GFp; -+ _ossl_old_des_is_weak_key; -+ OCSP_BASICRESP_get_ext_by_OBJ; -+ EC_POINT_oct2point; -+ OCSP_SINGLERESP_get_ext_count; -+ UI_ctrl; -+ _shadow_DES_rw_mode; -+ _shadow_DES_rw_mode; -+ asn1_do_adb; -+ ASN1_template_i2d; -+ ENGINE_register_DH; -+ UI_construct_prompt; -+ X509_STORE_set_trust; -+ UI_dup_input_string; -+ d2i_KRB5_APREQ; -+ EVP_MD_CTX_copy_ex; -+ OCSP_request_is_signed; -+ i2d_OCSP_REQINFO; -+ KRB5_ENCKEY_free; -+ OCSP_resp_get0; -+ GENERAL_NAME_it; -+ GENERAL_NAME_it; -+ ASN1_GENERALIZEDTIME_it; -+ ASN1_GENERALIZEDTIME_it; -+ X509_STORE_set_flags; -+ EC_POINT_set_compressed_coordinates_GFp; -+ EC_POINT_set_compr_coords_GFp; -+ OCSP_response_status_str; -+ d2i_OCSP_REVOKEDINFO; -+ OCSP_basic_add1_cert; -+ ERR_get_implementation; -+ EVP_CipherFinal_ex; -+ OCSP_CERTSTATUS_new; -+ CRYPTO_cleanup_all_ex_data; -+ OCSP_resp_find; -+ BN_nnmod; -+ X509_CRL_sort; -+ X509_REVOKED_set_revocationDate; -+ ENGINE_register_RAND; -+ OCSP_SERVICELOC_new; -+ EC_POINT_set_affine_coordinates_GFp; -+ EC_POINT_set_affine_coords_GFp; -+ _ossl_old_des_options; -+ SXNET_it; -+ SXNET_it; -+ UI_dup_input_boolean; -+ PKCS12_add_CSPName_asc; -+ EC_POINT_is_at_infinity; -+ ENGINE_load_cryptodev; -+ DSO_convert_filename; -+ POLICYQUALINFO_it; -+ POLICYQUALINFO_it; -+ ENGINE_register_ciphers; -+ BN_mod_lshift_quick; -+ DSO_set_filename; -+ ASN1_item_free; -+ KRB5_TKTBODY_free; -+ AUTHORITY_KEYID_it; -+ AUTHORITY_KEYID_it; -+ KRB5_APREQBODY_new; -+ X509V3_EXT_REQ_add_nconf; -+ ENGINE_ctrl_cmd_string; -+ i2d_OCSP_RESPDATA; -+ EVP_MD_CTX_init; -+ EXTENDED_KEY_USAGE_free; -+ PKCS7_ATTR_SIGN_it; -+ PKCS7_ATTR_SIGN_it; -+ UI_add_error_string; -+ KRB5_CHECKSUM_free; -+ OCSP_REQUEST_get_ext; -+ ENGINE_load_ubsec; -+ ENGINE_register_all_digests; -+ PKEY_USAGE_PERIOD_it; -+ PKEY_USAGE_PERIOD_it; -+ PKCS12_unpack_authsafes; -+ ASN1_item_unpack; -+ NETSCAPE_SPKAC_it; -+ NETSCAPE_SPKAC_it; -+ X509_REVOKED_it; -+ X509_REVOKED_it; -+ ASN1_STRING_encode; -+ EVP_aes_128_ecb; -+ KRB5_AUTHENT_free; -+ OCSP_BASICRESP_get_ext_by_critical; -+ OCSP_BASICRESP_get_ext_by_crit; -+ OCSP_cert_status_str; -+ d2i_OCSP_REQUEST; -+ UI_dup_info_string; -+ _ossl_old_des_xwhite_in2out; -+ PKCS12_it; -+ PKCS12_it; -+ OCSP_SINGLERESP_get_ext_by_critical; -+ OCSP_SINGLERESP_get_ext_by_crit; -+ OCSP_CERTSTATUS_free; -+ _ossl_old_des_crypt; -+ ASN1_item_i2d; -+ EVP_DecryptFinal_ex; -+ ENGINE_load_openssl; -+ ENGINE_get_cmd_defns; -+ ENGINE_set_load_privkey_function; -+ ENGINE_set_load_privkey_fn; -+ EVP_EncryptFinal_ex; -+ ENGINE_set_default_digests; -+ X509_get0_pubkey_bitstr; -+ asn1_ex_i2c; -+ ENGINE_register_RSA; -+ ENGINE_unregister_DSA; -+ _ossl_old_des_key_sched; -+ X509_EXTENSION_it; -+ X509_EXTENSION_it; -+ i2d_KRB5_AUTHENT; -+ SXNETID_it; -+ SXNETID_it; -+ d2i_OCSP_SINGLERESP; -+ EDIPARTYNAME_new; -+ PKCS12_certbag2x509; -+ _ossl_old_des_ofb64_encrypt; -+ d2i_EXTENDED_KEY_USAGE; -+ ERR_print_errors_cb; -+ ENGINE_set_ciphers; -+ d2i_KRB5_APREQBODY; -+ UI_method_get_flusher; -+ X509_PUBKEY_it; -+ X509_PUBKEY_it; -+ _ossl_old_des_enc_read; -+ PKCS7_ENCRYPT_it; -+ PKCS7_ENCRYPT_it; -+ i2d_OCSP_RESPONSE; -+ EC_GROUP_get_cofactor; -+ PKCS12_unpack_p7data; -+ d2i_KRB5_AUTHDATA; -+ OCSP_copy_nonce; -+ KRB5_AUTHDATA_new; -+ OCSP_RESPDATA_new; -+ EC_GFp_mont_method; -+ OCSP_REVOKEDINFO_free; -+ UI_get_ex_data; -+ KRB5_APREQBODY_free; -+ EC_GROUP_get0_generator; -+ UI_get_default_method; -+ X509V3_set_nconf; -+ PKCS12_item_i2d_encrypt; -+ X509_add1_ext_i2d; -+ PKCS7_SIGNER_INFO_it; -+ PKCS7_SIGNER_INFO_it; -+ KRB5_PRINCNAME_new; -+ PKCS12_SAFEBAG_it; -+ PKCS12_SAFEBAG_it; -+ EC_GROUP_get_order; -+ d2i_OCSP_RESPID; -+ OCSP_request_verify; -+ NCONF_get_number_e; -+ _ossl_old_des_decrypt3; -+ X509_signature_print; -+ OCSP_SINGLERESP_free; -+ ENGINE_load_builtin_engines; -+ i2d_OCSP_ONEREQ; -+ OCSP_REQUEST_add_ext; -+ OCSP_RESPBYTES_new; -+ EVP_MD_CTX_create; -+ OCSP_resp_find_status; -+ X509_ALGOR_it; -+ X509_ALGOR_it; -+ ASN1_TIME_it; -+ ASN1_TIME_it; -+ OCSP_request_set1_name; -+ OCSP_ONEREQ_get_ext_count; -+ UI_get0_result; -+ PKCS12_AUTHSAFES_it; -+ PKCS12_AUTHSAFES_it; -+ EVP_aes_256_ecb; -+ PKCS12_pack_authsafes; -+ ASN1_IA5STRING_it; -+ ASN1_IA5STRING_it; -+ UI_get_input_flags; -+ EC_GROUP_set_generator; -+ _ossl_old_des_string_to_2keys; -+ OCSP_CERTID_free; -+ X509_CERT_AUX_it; -+ X509_CERT_AUX_it; -+ CERTIFICATEPOLICIES_it; -+ CERTIFICATEPOLICIES_it; -+ _ossl_old_des_ede3_cbc_encrypt; -+ RAND_set_rand_engine; -+ DSO_get_loaded_filename; -+ X509_ATTRIBUTE_it; -+ X509_ATTRIBUTE_it; -+ OCSP_ONEREQ_get_ext_by_NID; -+ PKCS12_decrypt_skey; -+ KRB5_AUTHENT_it; -+ KRB5_AUTHENT_it; -+ UI_dup_error_string; -+ RSAPublicKey_it; -+ RSAPublicKey_it; -+ i2d_OCSP_REQUEST; -+ PKCS12_x509crl2certbag; -+ OCSP_SERVICELOC_it; -+ OCSP_SERVICELOC_it; -+ ASN1_item_sign; -+ X509_CRL_set_issuer_name; -+ OBJ_NAME_do_all_sorted; -+ i2d_OCSP_BASICRESP; -+ i2d_OCSP_RESPBYTES; -+ PKCS12_unpack_p7encdata; -+ HMAC_CTX_init; -+ ENGINE_get_digest; -+ OCSP_RESPONSE_print; -+ KRB5_TKTBODY_it; -+ KRB5_TKTBODY_it; -+ ACCESS_DESCRIPTION_it; -+ ACCESS_DESCRIPTION_it; -+ PKCS7_ISSUER_AND_SERIAL_it; -+ PKCS7_ISSUER_AND_SERIAL_it; -+ PBE2PARAM_it; -+ PBE2PARAM_it; -+ PKCS12_certbag2x509crl; -+ PKCS7_SIGNED_it; -+ PKCS7_SIGNED_it; -+ ENGINE_get_cipher; -+ i2d_OCSP_CRLID; -+ OCSP_SINGLERESP_new; -+ ENGINE_cmd_is_executable; -+ RSA_up_ref; -+ ASN1_GENERALSTRING_it; -+ ASN1_GENERALSTRING_it; -+ ENGINE_register_DSA; -+ X509V3_EXT_add_nconf_sk; -+ ENGINE_set_load_pubkey_function; -+ PKCS8_decrypt; -+ PEM_bytes_read_bio; -+ DIRECTORYSTRING_it; -+ DIRECTORYSTRING_it; -+ d2i_OCSP_CRLID; -+ EC_POINT_is_on_curve; -+ CRYPTO_set_locked_mem_ex_functions; -+ CRYPTO_set_locked_mem_ex_funcs; -+ d2i_KRB5_CHECKSUM; -+ ASN1_item_dup; -+ X509_it; -+ X509_it; -+ BN_mod_add; -+ KRB5_AUTHDATA_free; -+ _ossl_old_des_cbc_cksum; -+ ASN1_item_verify; -+ CRYPTO_set_mem_ex_functions; -+ EC_POINT_get_Jprojective_coordinates_GFp; -+ EC_POINT_get_Jproj_coords_GFp; -+ ZLONG_it; -+ ZLONG_it; -+ CRYPTO_get_locked_mem_ex_functions; -+ CRYPTO_get_locked_mem_ex_funcs; -+ ASN1_TIME_check; -+ UI_get0_user_data; -+ HMAC_CTX_cleanup; -+ DSA_up_ref; -+ _ossl_old_des_ede3_cfb64_encrypt; -+ _ossl_odes_ede3_cfb64_encrypt; -+ ASN1_BMPSTRING_it; -+ ASN1_BMPSTRING_it; -+ ASN1_tag2bit; -+ UI_method_set_flusher; -+ X509_ocspid_print; -+ KRB5_ENCDATA_it; -+ KRB5_ENCDATA_it; -+ ENGINE_get_load_pubkey_function; -+ UI_add_user_data; -+ OCSP_REQUEST_delete_ext; -+ UI_get_method; -+ OCSP_ONEREQ_free; -+ ASN1_PRINTABLESTRING_it; -+ ASN1_PRINTABLESTRING_it; -+ X509_CRL_set_nextUpdate; -+ OCSP_REQUEST_it; -+ OCSP_REQUEST_it; -+ OCSP_BASICRESP_it; -+ OCSP_BASICRESP_it; -+ AES_ecb_encrypt; -+ BN_mod_sqr; -+ NETSCAPE_CERT_SEQUENCE_it; -+ NETSCAPE_CERT_SEQUENCE_it; -+ GENERAL_NAMES_it; -+ GENERAL_NAMES_it; -+ AUTHORITY_INFO_ACCESS_it; -+ AUTHORITY_INFO_ACCESS_it; -+ ASN1_FBOOLEAN_it; -+ ASN1_FBOOLEAN_it; -+ UI_set_ex_data; -+ _ossl_old_des_string_to_key; -+ ENGINE_register_all_RSA; -+ d2i_KRB5_PRINCNAME; -+ OCSP_RESPBYTES_it; -+ OCSP_RESPBYTES_it; -+ X509_CINF_it; -+ X509_CINF_it; -+ ENGINE_unregister_digests; -+ d2i_EDIPARTYNAME; -+ d2i_OCSP_SERVICELOC; -+ ENGINE_get_digests; -+ _ossl_old_des_set_odd_parity; -+ OCSP_RESPDATA_free; -+ d2i_KRB5_TICKET; -+ OTHERNAME_it; -+ OTHERNAME_it; -+ EVP_MD_CTX_cleanup; -+ d2i_ASN1_GENERALSTRING; -+ X509_CRL_set_version; -+ BN_mod_sub; -+ OCSP_SINGLERESP_get_ext_by_NID; -+ ENGINE_get_ex_new_index; -+ OCSP_REQUEST_free; -+ OCSP_REQUEST_add1_ext_i2d; -+ X509_VAL_it; -+ X509_VAL_it; -+ EC_POINTs_make_affine; -+ EC_POINT_mul; -+ X509V3_EXT_add_nconf; -+ X509_TRUST_set; -+ X509_CRL_add1_ext_i2d; -+ _ossl_old_des_fcrypt; -+ DISPLAYTEXT_it; -+ DISPLAYTEXT_it; -+ X509_CRL_set_lastUpdate; -+ OCSP_BASICRESP_free; -+ OCSP_BASICRESP_add1_ext_i2d; -+ d2i_KRB5_AUTHENTBODY; -+ CRYPTO_set_ex_data_implementation; -+ CRYPTO_set_ex_data_impl; -+ KRB5_ENCDATA_new; -+ DSO_up_ref; -+ OCSP_crl_reason_str; -+ UI_get0_result_string; -+ ASN1_GENERALSTRING_new; -+ X509_SIG_it; -+ X509_SIG_it; -+ ERR_set_implementation; -+ ERR_load_EC_strings; -+ UI_get0_action_string; -+ OCSP_ONEREQ_get_ext; -+ EC_POINT_method_of; -+ i2d_KRB5_APREQBODY; -+ _ossl_old_des_ecb3_encrypt; -+ CRYPTO_get_mem_ex_functions; -+ ENGINE_get_ex_data; -+ UI_destroy_method; -+ ASN1_item_i2d_bio; -+ OCSP_ONEREQ_get_ext_by_OBJ; -+ ASN1_primitive_new; -+ ASN1_PRINTABLE_it; -+ ASN1_PRINTABLE_it; -+ EVP_aes_192_ecb; -+ OCSP_SIGNATURE_new; -+ LONG_it; -+ LONG_it; -+ ASN1_VISIBLESTRING_it; -+ ASN1_VISIBLESTRING_it; -+ OCSP_SINGLERESP_add1_ext_i2d; -+ d2i_OCSP_CERTID; -+ ASN1_item_d2i_fp; -+ CRL_DIST_POINTS_it; -+ CRL_DIST_POINTS_it; -+ GENERAL_NAME_print; -+ OCSP_SINGLERESP_delete_ext; -+ PKCS12_SAFEBAGS_it; -+ PKCS12_SAFEBAGS_it; -+ d2i_OCSP_SIGNATURE; -+ OCSP_request_add1_nonce; -+ ENGINE_set_cmd_defns; -+ OCSP_SERVICELOC_free; -+ EC_GROUP_free; -+ ASN1_BIT_STRING_it; -+ ASN1_BIT_STRING_it; -+ X509_REQ_it; -+ X509_REQ_it; -+ _ossl_old_des_cbc_encrypt; -+ ERR_unload_strings; -+ PKCS7_SIGN_ENVELOPE_it; -+ PKCS7_SIGN_ENVELOPE_it; -+ EDIPARTYNAME_free; -+ OCSP_REQINFO_free; -+ EC_GROUP_new_curve_GFp; -+ OCSP_REQUEST_get1_ext_d2i; -+ PKCS12_item_pack_safebag; -+ asn1_ex_c2i; -+ ENGINE_register_digests; -+ i2d_OCSP_REVOKEDINFO; -+ asn1_enc_restore; -+ UI_free; -+ UI_new_method; -+ EVP_EncryptInit_ex; -+ X509_pubkey_digest; -+ EC_POINT_invert; -+ OCSP_basic_sign; -+ i2d_OCSP_RESPID; -+ OCSP_check_nonce; -+ ENGINE_ctrl_cmd; -+ d2i_KRB5_ENCKEY; -+ OCSP_parse_url; -+ OCSP_SINGLERESP_get_ext; -+ OCSP_CRLID_free; -+ OCSP_BASICRESP_get1_ext_d2i; -+ RSAPrivateKey_it; -+ RSAPrivateKey_it; -+ ENGINE_register_all_DH; -+ i2d_EDIPARTYNAME; -+ EC_POINT_get_affine_coordinates_GFp; -+ EC_POINT_get_affine_coords_GFp; -+ OCSP_CRLID_new; -+ ENGINE_get_flags; -+ OCSP_ONEREQ_it; -+ OCSP_ONEREQ_it; -+ UI_process; -+ ASN1_INTEGER_it; -+ ASN1_INTEGER_it; -+ EVP_CipherInit_ex; -+ UI_get_string_type; -+ ENGINE_unregister_DH; -+ ENGINE_register_all_DSA; -+ OCSP_ONEREQ_get_ext_by_critical; -+ bn_dup_expand; -+ OCSP_cert_id_new; -+ BASIC_CONSTRAINTS_it; -+ BASIC_CONSTRAINTS_it; -+ BN_mod_add_quick; -+ EC_POINT_new; -+ EVP_MD_CTX_destroy; -+ OCSP_RESPBYTES_free; -+ EVP_aes_128_cbc; -+ OCSP_SINGLERESP_get1_ext_d2i; -+ EC_POINT_free; -+ DH_up_ref; -+ X509_NAME_ENTRY_it; -+ X509_NAME_ENTRY_it; -+ UI_get_ex_new_index; -+ BN_mod_sub_quick; -+ OCSP_ONEREQ_add_ext; -+ OCSP_request_sign; -+ EVP_DigestFinal_ex; -+ ENGINE_set_digests; -+ OCSP_id_issuer_cmp; -+ OBJ_NAME_do_all; -+ EC_POINTs_mul; -+ ENGINE_register_complete; -+ X509V3_EXT_nconf_nid; -+ ASN1_SEQUENCE_it; -+ ASN1_SEQUENCE_it; -+ UI_set_default_method; -+ RAND_query_egd_bytes; -+ UI_method_get_writer; -+ UI_OpenSSL; -+ PEM_def_callback; -+ ENGINE_cleanup; -+ DIST_POINT_it; -+ DIST_POINT_it; -+ OCSP_SINGLERESP_it; -+ OCSP_SINGLERESP_it; -+ d2i_KRB5_TKTBODY; -+ EC_POINT_cmp; -+ OCSP_REVOKEDINFO_new; -+ i2d_OCSP_CERTSTATUS; -+ OCSP_basic_add1_nonce; -+ ASN1_item_ex_d2i; -+ BN_mod_lshift1_quick; -+ UI_set_method; -+ OCSP_id_get0_info; -+ BN_mod_sqrt; -+ EC_GROUP_copy; -+ KRB5_ENCDATA_free; -+ _ossl_old_des_cfb_encrypt; -+ OCSP_SINGLERESP_get_ext_by_OBJ; -+ OCSP_cert_to_id; -+ OCSP_RESPID_new; -+ OCSP_RESPDATA_it; -+ OCSP_RESPDATA_it; -+ d2i_OCSP_RESPDATA; -+ ENGINE_register_all_complete; -+ OCSP_check_validity; -+ PKCS12_BAGS_it; -+ PKCS12_BAGS_it; -+ OCSP_url_svcloc_new; -+ ASN1_template_free; -+ OCSP_SINGLERESP_add_ext; -+ KRB5_AUTHENTBODY_it; -+ KRB5_AUTHENTBODY_it; -+ X509_supported_extension; -+ i2d_KRB5_AUTHDATA; -+ UI_method_get_opener; -+ ENGINE_set_ex_data; -+ OCSP_REQUEST_print; -+ CBIGNUM_it; -+ CBIGNUM_it; -+ KRB5_TICKET_new; -+ KRB5_APREQ_new; -+ EC_GROUP_get_curve_GFp; -+ KRB5_ENCKEY_new; -+ ASN1_template_d2i; -+ _ossl_old_des_quad_cksum; -+ OCSP_single_get0_status; -+ BN_swap; -+ POLICYINFO_it; -+ POLICYINFO_it; -+ ENGINE_set_destroy_function; -+ asn1_enc_free; -+ OCSP_RESPID_it; -+ OCSP_RESPID_it; -+ EC_GROUP_new; -+ EVP_aes_256_cbc; -+ i2d_KRB5_PRINCNAME; -+ _ossl_old_des_encrypt2; -+ _ossl_old_des_encrypt3; -+ PKCS8_PRIV_KEY_INFO_it; -+ PKCS8_PRIV_KEY_INFO_it; -+ OCSP_REQINFO_it; -+ OCSP_REQINFO_it; -+ PBEPARAM_it; -+ PBEPARAM_it; -+ KRB5_AUTHENTBODY_new; -+ X509_CRL_add0_revoked; -+ EDIPARTYNAME_it; -+ EDIPARTYNAME_it; -+ NETSCAPE_SPKI_it; -+ NETSCAPE_SPKI_it; -+ UI_get0_test_string; -+ ENGINE_get_cipher_engine; -+ ENGINE_register_all_ciphers; -+ EC_POINT_copy; -+ BN_kronecker; -+ _ossl_old_des_ede3_ofb64_encrypt; -+ _ossl_odes_ede3_ofb64_encrypt; -+ UI_method_get_reader; -+ OCSP_BASICRESP_get_ext_count; -+ ASN1_ENUMERATED_it; -+ ASN1_ENUMERATED_it; -+ UI_set_result; -+ i2d_KRB5_TICKET; -+ X509_print_ex_fp; -+ EVP_CIPHER_CTX_set_padding; -+ d2i_OCSP_RESPONSE; -+ ASN1_UTCTIME_it; -+ ASN1_UTCTIME_it; -+ _ossl_old_des_enc_write; -+ OCSP_RESPONSE_new; -+ AES_set_encrypt_key; -+ OCSP_resp_count; -+ KRB5_CHECKSUM_new; -+ ENGINE_load_cswift; -+ OCSP_onereq_get0_id; -+ ENGINE_set_default_ciphers; -+ NOTICEREF_it; -+ NOTICEREF_it; -+ X509V3_EXT_CRL_add_nconf; -+ OCSP_REVOKEDINFO_it; -+ OCSP_REVOKEDINFO_it; -+ AES_encrypt; -+ OCSP_REQUEST_new; -+ ASN1_ANY_it; -+ ASN1_ANY_it; -+ CRYPTO_ex_data_new_class; -+ _ossl_old_des_ncbc_encrypt; -+ i2d_KRB5_TKTBODY; -+ EC_POINT_clear_free; -+ AES_decrypt; -+ asn1_enc_init; -+ UI_get_result_maxsize; -+ OCSP_CERTID_new; -+ ENGINE_unregister_RAND; -+ UI_method_get_closer; -+ d2i_KRB5_ENCDATA; -+ OCSP_request_onereq_count; -+ OCSP_basic_verify; -+ KRB5_AUTHENTBODY_free; -+ ASN1_item_d2i; -+ ASN1_primitive_free; -+ i2d_EXTENDED_KEY_USAGE; -+ i2d_OCSP_SIGNATURE; -+ asn1_enc_save; -+ ENGINE_load_nuron; -+ _ossl_old_des_pcbc_encrypt; -+ PKCS12_MAC_DATA_it; -+ PKCS12_MAC_DATA_it; -+ OCSP_accept_responses_new; -+ asn1_do_lock; -+ PKCS7_ATTR_VERIFY_it; -+ PKCS7_ATTR_VERIFY_it; -+ KRB5_APREQBODY_it; -+ KRB5_APREQBODY_it; -+ i2d_OCSP_SINGLERESP; -+ ASN1_item_ex_new; -+ UI_add_verify_string; -+ _ossl_old_des_set_key; -+ KRB5_PRINCNAME_it; -+ KRB5_PRINCNAME_it; -+ EVP_DecryptInit_ex; -+ i2d_OCSP_CERTID; -+ ASN1_item_d2i_bio; -+ EC_POINT_dbl; -+ asn1_get_choice_selector; -+ i2d_KRB5_CHECKSUM; -+ ENGINE_set_table_flags; -+ AES_options; -+ ENGINE_load_chil; -+ OCSP_id_cmp; -+ OCSP_BASICRESP_new; -+ OCSP_REQUEST_get_ext_by_NID; -+ KRB5_APREQ_it; -+ KRB5_APREQ_it; -+ ENGINE_get_destroy_function; -+ CONF_set_nconf; -+ ASN1_PRINTABLE_free; -+ OCSP_BASICRESP_get_ext_by_NID; -+ DIST_POINT_NAME_it; -+ DIST_POINT_NAME_it; -+ X509V3_extensions_print; -+ _ossl_old_des_cfb64_encrypt; -+ X509_REVOKED_add1_ext_i2d; -+ _ossl_old_des_ofb_encrypt; -+ KRB5_TKTBODY_new; -+ ASN1_OCTET_STRING_it; -+ ASN1_OCTET_STRING_it; -+ ERR_load_UI_strings; -+ i2d_KRB5_ENCKEY; -+ ASN1_template_new; -+ OCSP_SIGNATURE_free; -+ ASN1_item_i2d_fp; -+ KRB5_PRINCNAME_free; -+ PKCS7_RECIP_INFO_it; -+ PKCS7_RECIP_INFO_it; -+ EXTENDED_KEY_USAGE_it; -+ EXTENDED_KEY_USAGE_it; -+ EC_GFp_simple_method; -+ EC_GROUP_precompute_mult; -+ OCSP_request_onereq_get0; -+ UI_method_set_writer; -+ KRB5_AUTHENT_new; -+ X509_CRL_INFO_it; -+ X509_CRL_INFO_it; -+ DSO_set_name_converter; -+ AES_set_decrypt_key; -+ PKCS7_DIGEST_it; -+ PKCS7_DIGEST_it; -+ PKCS12_x5092certbag; -+ EVP_DigestInit_ex; -+ i2a_ACCESS_DESCRIPTION; -+ OCSP_RESPONSE_it; -+ OCSP_RESPONSE_it; -+ PKCS7_ENC_CONTENT_it; -+ PKCS7_ENC_CONTENT_it; -+ OCSP_request_add0_id; -+ EC_POINT_make_affine; -+ DSO_get_filename; -+ OCSP_CERTSTATUS_it; -+ OCSP_CERTSTATUS_it; -+ OCSP_request_add1_cert; -+ UI_get0_output_string; -+ UI_dup_verify_string; -+ BN_mod_lshift; -+ KRB5_AUTHDATA_it; -+ KRB5_AUTHDATA_it; -+ asn1_set_choice_selector; -+ OCSP_basic_add1_status; -+ OCSP_RESPID_free; -+ asn1_get_field_ptr; -+ UI_add_input_string; -+ OCSP_CRLID_it; -+ OCSP_CRLID_it; -+ i2d_KRB5_AUTHENTBODY; -+ OCSP_REQUEST_get_ext_count; -+ ENGINE_load_atalla; -+ X509_NAME_it; -+ X509_NAME_it; -+ USERNOTICE_it; -+ USERNOTICE_it; -+ OCSP_REQINFO_new; -+ OCSP_BASICRESP_get_ext; -+ CRYPTO_get_ex_data_implementation; -+ CRYPTO_get_ex_data_impl; -+ ASN1_item_pack; -+ i2d_KRB5_ENCDATA; -+ X509_PURPOSE_set; -+ X509_REQ_INFO_it; -+ X509_REQ_INFO_it; -+ UI_method_set_opener; -+ ASN1_item_ex_free; -+ ASN1_BOOLEAN_it; -+ ASN1_BOOLEAN_it; -+ ENGINE_get_table_flags; -+ UI_create_method; -+ OCSP_ONEREQ_add1_ext_i2d; -+ _shadow_DES_check_key; -+ _shadow_DES_check_key; -+ d2i_OCSP_REQINFO; -+ UI_add_info_string; -+ UI_get_result_minsize; -+ ASN1_NULL_it; -+ ASN1_NULL_it; -+ BN_mod_lshift1; -+ d2i_OCSP_ONEREQ; -+ OCSP_ONEREQ_new; -+ KRB5_TICKET_it; -+ KRB5_TICKET_it; -+ EVP_aes_192_cbc; -+ KRB5_TICKET_free; -+ UI_new; -+ OCSP_response_create; -+ _ossl_old_des_xcbc_encrypt; -+ PKCS7_it; -+ PKCS7_it; -+ OCSP_REQUEST_get_ext_by_critical; -+ OCSP_REQUEST_get_ext_by_crit; -+ ENGINE_set_flags; -+ _ossl_old_des_ecb_encrypt; -+ OCSP_response_get1_basic; -+ EVP_Digest; -+ OCSP_ONEREQ_delete_ext; -+ ASN1_TBOOLEAN_it; -+ ASN1_TBOOLEAN_it; -+ ASN1_item_new; -+ ASN1_TIME_to_generalizedtime; -+ BIGNUM_it; -+ BIGNUM_it; -+ AES_cbc_encrypt; -+ ENGINE_get_load_privkey_function; -+ ENGINE_get_load_privkey_fn; -+ OCSP_RESPONSE_free; -+ UI_method_set_reader; -+ i2d_ASN1_T61STRING; -+ EC_POINT_set_to_infinity; -+ ERR_load_OCSP_strings; -+ EC_POINT_point2oct; -+ KRB5_APREQ_free; -+ ASN1_OBJECT_it; -+ ASN1_OBJECT_it; -+ OCSP_crlID_new; -+ OCSP_crlID2_new; -+ CONF_modules_load_file; -+ CONF_imodule_set_usr_data; -+ ENGINE_set_default_string; -+ CONF_module_get_usr_data; -+ ASN1_add_oid_module; -+ CONF_modules_finish; -+ OPENSSL_config; -+ CONF_modules_unload; -+ CONF_imodule_get_value; -+ CONF_module_set_usr_data; -+ CONF_parse_list; -+ CONF_module_add; -+ CONF_get1_default_config_file; -+ CONF_imodule_get_flags; -+ CONF_imodule_get_module; -+ CONF_modules_load; -+ CONF_imodule_get_name; -+ ERR_peek_top_error; -+ CONF_imodule_get_usr_data; -+ CONF_imodule_set_flags; -+ ENGINE_add_conf_module; -+ ERR_peek_last_error_line; -+ ERR_peek_last_error_line_data; -+ ERR_peek_last_error; -+ DES_read_2passwords; -+ DES_read_password; -+ UI_UTIL_read_pw; -+ UI_UTIL_read_pw_string; -+ ENGINE_load_aep; -+ ENGINE_load_sureware; -+ OPENSSL_add_all_algorithms_noconf; -+ OPENSSL_add_all_algo_noconf; -+ OPENSSL_add_all_algorithms_conf; -+ OPENSSL_add_all_algo_conf; -+ OPENSSL_load_builtin_modules; -+ AES_ofb128_encrypt; -+ AES_ctr128_encrypt; -+ AES_cfb128_encrypt; -+ ENGINE_load_4758cca; -+ _ossl_096_des_random_seed; -+ EVP_aes_256_ofb; -+ EVP_aes_192_ofb; -+ EVP_aes_128_cfb128; -+ EVP_aes_256_cfb128; -+ EVP_aes_128_ofb; -+ EVP_aes_192_cfb128; -+ CONF_modules_free; -+ NCONF_default; -+ OPENSSL_no_config; -+ NCONF_WIN32; -+ ASN1_UNIVERSALSTRING_new; -+ EVP_des_ede_ecb; -+ i2d_ASN1_UNIVERSALSTRING; -+ ASN1_UNIVERSALSTRING_free; -+ ASN1_UNIVERSALSTRING_it; -+ ASN1_UNIVERSALSTRING_it; -+ d2i_ASN1_UNIVERSALSTRING; -+ EVP_des_ede3_ecb; -+ X509_REQ_print_ex; -+ ENGINE_up_ref; -+ BUF_MEM_grow_clean; -+ CRYPTO_realloc_clean; -+ BUF_strlcat; -+ BIO_indent; -+ BUF_strlcpy; -+ OpenSSLDie; -+ OPENSSL_cleanse; -+ ENGINE_setup_bsd_cryptodev; -+ ERR_release_err_state_table; -+ EVP_aes_128_cfb8; -+ FIPS_corrupt_rsa; -+ FIPS_selftest_des; -+ EVP_aes_128_cfb1; -+ EVP_aes_192_cfb8; -+ FIPS_mode_set; -+ FIPS_selftest_dsa; -+ EVP_aes_256_cfb8; -+ FIPS_allow_md5; -+ DES_ede3_cfb_encrypt; -+ EVP_des_ede3_cfb8; -+ FIPS_rand_seeded; -+ AES_cfbr_encrypt_block; -+ AES_cfb8_encrypt; -+ FIPS_rand_seed; -+ FIPS_corrupt_des; -+ EVP_aes_192_cfb1; -+ FIPS_selftest_aes; -+ FIPS_set_prng_key; -+ EVP_des_cfb8; -+ FIPS_corrupt_dsa; -+ FIPS_test_mode; -+ FIPS_rand_method; -+ EVP_aes_256_cfb1; -+ ERR_load_FIPS_strings; -+ FIPS_corrupt_aes; -+ FIPS_selftest_sha1; -+ FIPS_selftest_rsa; -+ FIPS_corrupt_sha1; -+ EVP_des_cfb1; -+ FIPS_dsa_check; -+ AES_cfb1_encrypt; -+ EVP_des_ede3_cfb1; -+ FIPS_rand_check; -+ FIPS_md5_allowed; -+ FIPS_mode; -+ FIPS_selftest_failed; -+ sk_is_sorted; -+ X509_check_ca; -+ HMAC_CTX_set_flags; -+ d2i_PROXY_CERT_INFO_EXTENSION; -+ PROXY_POLICY_it; -+ PROXY_POLICY_it; -+ i2d_PROXY_POLICY; -+ i2d_PROXY_CERT_INFO_EXTENSION; -+ d2i_PROXY_POLICY; -+ PROXY_CERT_INFO_EXTENSION_new; -+ PROXY_CERT_INFO_EXTENSION_free; -+ PROXY_CERT_INFO_EXTENSION_it; -+ PROXY_CERT_INFO_EXTENSION_it; -+ PROXY_POLICY_free; -+ PROXY_POLICY_new; -+ BN_MONT_CTX_set_locked; -+ FIPS_selftest_rng; -+ EVP_sha384; -+ EVP_sha512; -+ EVP_sha224; -+ EVP_sha256; -+ FIPS_selftest_hmac; -+ FIPS_corrupt_rng; -+ BN_mod_exp_mont_consttime; -+ RSA_X931_hash_id; -+ RSA_padding_check_X931; -+ RSA_verify_PKCS1_PSS; -+ RSA_padding_add_X931; -+ RSA_padding_add_PKCS1_PSS; -+ PKCS1_MGF1; -+ BN_X931_generate_Xpq; -+ RSA_X931_generate_key; -+ BN_X931_derive_prime; -+ BN_X931_generate_prime; -+ RSA_X931_derive; -+ BIO_new_dgram; -+ BN_get0_nist_prime_384; -+ ERR_set_mark; -+ X509_STORE_CTX_set0_crls; -+ ENGINE_set_STORE; -+ ENGINE_register_ECDSA; -+ STORE_meth_set_list_start_fn; -+ STORE_method_set_list_start_function; -+ BN_BLINDING_invert_ex; -+ NAME_CONSTRAINTS_free; -+ STORE_ATTR_INFO_set_number; -+ BN_BLINDING_get_thread_id; -+ X509_STORE_CTX_set0_param; -+ POLICY_MAPPING_it; -+ POLICY_MAPPING_it; -+ STORE_parse_attrs_start; -+ POLICY_CONSTRAINTS_free; -+ EVP_PKEY_add1_attr_by_NID; -+ BN_nist_mod_192; -+ EC_GROUP_get_trinomial_basis; -+ STORE_set_method; -+ GENERAL_SUBTREE_free; -+ NAME_CONSTRAINTS_it; -+ NAME_CONSTRAINTS_it; -+ ECDH_get_default_method; -+ PKCS12_add_safe; -+ EC_KEY_new_by_curve_name; -+ STORE_meth_get_update_store_fn; -+ STORE_method_get_update_store_function; -+ ENGINE_register_ECDH; -+ SHA512_Update; -+ i2d_ECPrivateKey; -+ BN_get0_nist_prime_192; -+ STORE_modify_certificate; -+ EC_POINT_set_affine_coordinates_GF2m; -+ EC_POINT_set_affine_coords_GF2m; -+ BN_GF2m_mod_exp_arr; -+ STORE_ATTR_INFO_modify_number; -+ X509_keyid_get0; -+ ENGINE_load_gmp; -+ pitem_new; -+ BN_GF2m_mod_mul_arr; -+ STORE_list_public_key_endp; -+ o2i_ECPublicKey; -+ EC_KEY_copy; -+ BIO_dump_fp; -+ X509_policy_node_get0_parent; -+ EC_GROUP_check_discriminant; -+ i2o_ECPublicKey; -+ EC_KEY_precompute_mult; -+ a2i_IPADDRESS; -+ STORE_meth_set_initialise_fn; -+ STORE_method_set_initialise_function; -+ X509_STORE_CTX_set_depth; -+ X509_VERIFY_PARAM_inherit; -+ EC_POINT_point2bn; -+ STORE_ATTR_INFO_set_dn; -+ X509_policy_tree_get0_policies; -+ EC_GROUP_new_curve_GF2m; -+ STORE_destroy_method; -+ ENGINE_unregister_STORE; -+ EVP_PKEY_get1_EC_KEY; -+ STORE_ATTR_INFO_get0_number; -+ ENGINE_get_default_ECDH; -+ EC_KEY_get_conv_form; -+ ASN1_OCTET_STRING_NDEF_it; -+ ASN1_OCTET_STRING_NDEF_it; -+ STORE_delete_public_key; -+ STORE_get_public_key; -+ STORE_modify_arbitrary; -+ ENGINE_get_static_state; -+ pqueue_iterator; -+ ECDSA_SIG_new; -+ OPENSSL_DIR_end; -+ BN_GF2m_mod_sqr; -+ EC_POINT_bn2point; -+ X509_VERIFY_PARAM_set_depth; -+ EC_KEY_set_asn1_flag; -+ STORE_get_method; -+ EC_KEY_get_key_method_data; -+ ECDSA_sign_ex; -+ STORE_parse_attrs_end; -+ EC_GROUP_get_point_conversion_form; -+ EC_GROUP_get_point_conv_form; -+ STORE_method_set_store_function; -+ STORE_ATTR_INFO_in; -+ PEM_read_bio_ECPKParameters; -+ EC_GROUP_get_pentanomial_basis; -+ EVP_PKEY_add1_attr_by_txt; -+ BN_BLINDING_set_flags; -+ X509_VERIFY_PARAM_set1_policies; -+ X509_VERIFY_PARAM_set1_name; -+ X509_VERIFY_PARAM_set_purpose; -+ STORE_get_number; -+ ECDSA_sign_setup; -+ BN_GF2m_mod_solve_quad_arr; -+ EC_KEY_up_ref; -+ POLICY_MAPPING_free; -+ BN_GF2m_mod_div; -+ X509_VERIFY_PARAM_set_flags; -+ EC_KEY_free; -+ STORE_meth_set_list_next_fn; -+ STORE_method_set_list_next_function; -+ PEM_write_bio_ECPrivateKey; -+ d2i_EC_PUBKEY; -+ STORE_meth_get_generate_fn; -+ STORE_method_get_generate_function; -+ STORE_meth_set_list_end_fn; -+ STORE_method_set_list_end_function; -+ pqueue_print; -+ EC_GROUP_have_precompute_mult; -+ EC_KEY_print_fp; -+ BN_GF2m_mod_arr; -+ PEM_write_bio_X509_CERT_PAIR; -+ EVP_PKEY_cmp; -+ X509_policy_level_node_count; -+ STORE_new_engine; -+ STORE_list_public_key_start; -+ X509_VERIFY_PARAM_new; -+ ECDH_get_ex_data; -+ EVP_PKEY_get_attr; -+ ECDSA_do_sign; -+ ENGINE_unregister_ECDH; -+ ECDH_OpenSSL; -+ EC_KEY_set_conv_form; -+ EC_POINT_dup; -+ GENERAL_SUBTREE_new; -+ STORE_list_crl_endp; -+ EC_get_builtin_curves; -+ X509_policy_node_get0_qualifiers; -+ X509_pcy_node_get0_qualifiers; -+ STORE_list_crl_end; -+ EVP_PKEY_set1_EC_KEY; -+ BN_GF2m_mod_sqrt_arr; -+ i2d_ECPrivateKey_bio; -+ ECPKParameters_print_fp; -+ pqueue_find; -+ ECDSA_SIG_free; -+ PEM_write_bio_ECPKParameters; -+ STORE_method_set_ctrl_function; -+ STORE_list_public_key_end; -+ EC_KEY_set_private_key; -+ pqueue_peek; -+ STORE_get_arbitrary; -+ STORE_store_crl; -+ X509_policy_node_get0_policy; -+ PKCS12_add_safes; -+ BN_BLINDING_convert_ex; -+ X509_policy_tree_free; -+ OPENSSL_ia32cap_loc; -+ BN_GF2m_poly2arr; -+ STORE_ctrl; -+ STORE_ATTR_INFO_compare; -+ BN_get0_nist_prime_224; -+ i2d_ECParameters; -+ i2d_ECPKParameters; -+ BN_GENCB_call; -+ d2i_ECPKParameters; -+ STORE_meth_set_generate_fn; -+ STORE_method_set_generate_function; -+ ENGINE_set_ECDH; -+ NAME_CONSTRAINTS_new; -+ SHA256_Init; -+ EC_KEY_get0_public_key; -+ PEM_write_bio_EC_PUBKEY; -+ STORE_ATTR_INFO_set_cstr; -+ STORE_list_crl_next; -+ STORE_ATTR_INFO_in_range; -+ ECParameters_print; -+ STORE_meth_set_delete_fn; -+ STORE_method_set_delete_function; -+ STORE_list_certificate_next; -+ ASN1_generate_nconf; -+ BUF_memdup; -+ BN_GF2m_mod_mul; -+ STORE_meth_get_list_next_fn; -+ STORE_method_get_list_next_function; -+ STORE_ATTR_INFO_get0_dn; -+ STORE_list_private_key_next; -+ EC_GROUP_set_seed; -+ X509_VERIFY_PARAM_set_trust; -+ STORE_ATTR_INFO_free; -+ STORE_get_private_key; -+ EVP_PKEY_get_attr_count; -+ STORE_ATTR_INFO_new; -+ EC_GROUP_get_curve_GF2m; -+ STORE_meth_set_revoke_fn; -+ STORE_method_set_revoke_function; -+ STORE_store_number; -+ BN_is_prime_ex; -+ STORE_revoke_public_key; -+ X509_STORE_CTX_get0_param; -+ STORE_delete_arbitrary; -+ PEM_read_X509_CERT_PAIR; -+ X509_STORE_set_depth; -+ ECDSA_get_ex_data; -+ SHA224; -+ BIO_dump_indent_fp; -+ EC_KEY_set_group; -+ BUF_strndup; -+ STORE_list_certificate_start; -+ BN_GF2m_mod; -+ X509_REQ_check_private_key; -+ EC_GROUP_get_seed_len; -+ ERR_load_STORE_strings; -+ PEM_read_bio_EC_PUBKEY; -+ STORE_list_private_key_end; -+ i2d_EC_PUBKEY; -+ ECDSA_get_default_method; -+ ASN1_put_eoc; -+ X509_STORE_CTX_get_explicit_policy; -+ X509_STORE_CTX_get_expl_policy; -+ X509_VERIFY_PARAM_table_cleanup; -+ STORE_modify_private_key; -+ X509_VERIFY_PARAM_free; -+ EC_METHOD_get_field_type; -+ EC_GFp_nist_method; -+ STORE_meth_set_modify_fn; -+ STORE_method_set_modify_function; -+ STORE_parse_attrs_next; -+ ENGINE_load_padlock; -+ EC_GROUP_set_curve_name; -+ X509_CERT_PAIR_it; -+ X509_CERT_PAIR_it; -+ STORE_meth_get_revoke_fn; -+ STORE_method_get_revoke_function; -+ STORE_method_set_get_function; -+ STORE_modify_number; -+ STORE_method_get_store_function; -+ STORE_store_private_key; -+ BN_GF2m_mod_sqr_arr; -+ RSA_setup_blinding; -+ BIO_s_datagram; -+ STORE_Memory; -+ sk_find_ex; -+ EC_GROUP_set_curve_GF2m; -+ ENGINE_set_default_ECDSA; -+ POLICY_CONSTRAINTS_new; -+ BN_GF2m_mod_sqrt; -+ ECDH_set_default_method; -+ EC_KEY_generate_key; -+ SHA384_Update; -+ BN_GF2m_arr2poly; -+ STORE_method_get_get_function; -+ STORE_meth_set_cleanup_fn; -+ STORE_method_set_cleanup_function; -+ EC_GROUP_check; -+ d2i_ECPrivateKey_bio; -+ EC_KEY_insert_key_method_data; -+ STORE_meth_get_lock_store_fn; -+ STORE_method_get_lock_store_function; -+ X509_VERIFY_PARAM_get_depth; -+ SHA224_Final; -+ STORE_meth_set_update_store_fn; -+ STORE_method_set_update_store_function; -+ SHA224_Update; -+ d2i_ECPrivateKey; -+ ASN1_item_ndef_i2d; -+ STORE_delete_private_key; -+ ERR_pop_to_mark; -+ ENGINE_register_all_STORE; -+ X509_policy_level_get0_node; -+ i2d_PKCS7_NDEF; -+ EC_GROUP_get_degree; -+ ASN1_generate_v3; -+ STORE_ATTR_INFO_modify_cstr; -+ X509_policy_tree_level_count; -+ BN_GF2m_add; -+ EC_KEY_get0_group; -+ STORE_generate_crl; -+ STORE_store_public_key; -+ X509_CERT_PAIR_free; -+ STORE_revoke_private_key; -+ BN_nist_mod_224; -+ SHA512_Final; -+ STORE_ATTR_INFO_modify_dn; -+ STORE_meth_get_initialise_fn; -+ STORE_method_get_initialise_function; -+ STORE_delete_number; -+ i2d_EC_PUBKEY_bio; -+ BIO_dgram_non_fatal_error; -+ EC_GROUP_get_asn1_flag; -+ STORE_ATTR_INFO_in_ex; -+ STORE_list_crl_start; -+ ECDH_get_ex_new_index; -+ STORE_meth_get_modify_fn; -+ STORE_method_get_modify_function; -+ v2i_ASN1_BIT_STRING; -+ STORE_store_certificate; -+ OBJ_bsearch_ex; -+ X509_STORE_CTX_set_default; -+ STORE_ATTR_INFO_set_sha1str; -+ BN_GF2m_mod_inv; -+ BN_GF2m_mod_exp; -+ STORE_modify_public_key; -+ STORE_meth_get_list_start_fn; -+ STORE_method_get_list_start_function; -+ EC_GROUP_get0_seed; -+ STORE_store_arbitrary; -+ STORE_meth_set_unlock_store_fn; -+ STORE_method_set_unlock_store_function; -+ BN_GF2m_mod_div_arr; -+ ENGINE_set_ECDSA; -+ STORE_create_method; -+ ECPKParameters_print; -+ EC_KEY_get0_private_key; -+ PEM_write_EC_PUBKEY; -+ X509_VERIFY_PARAM_set1; -+ ECDH_set_method; -+ v2i_GENERAL_NAME_ex; -+ ECDH_set_ex_data; -+ STORE_generate_key; -+ BN_nist_mod_521; -+ X509_policy_tree_get0_level; -+ EC_GROUP_set_point_conversion_form; -+ EC_GROUP_set_point_conv_form; -+ PEM_read_EC_PUBKEY; -+ i2d_ECDSA_SIG; -+ ECDSA_OpenSSL; -+ STORE_delete_crl; -+ EC_KEY_get_enc_flags; -+ ASN1_const_check_infinite_end; -+ EVP_PKEY_delete_attr; -+ ECDSA_set_default_method; -+ EC_POINT_set_compressed_coordinates_GF2m; -+ EC_POINT_set_compr_coords_GF2m; -+ EC_GROUP_cmp; -+ STORE_revoke_certificate; -+ BN_get0_nist_prime_256; -+ STORE_meth_get_delete_fn; -+ STORE_method_get_delete_function; -+ SHA224_Init; -+ PEM_read_ECPrivateKey; -+ SHA512_Init; -+ STORE_parse_attrs_endp; -+ BN_set_negative; -+ ERR_load_ECDSA_strings; -+ EC_GROUP_get_basis_type; -+ STORE_list_public_key_next; -+ i2v_ASN1_BIT_STRING; -+ STORE_OBJECT_free; -+ BN_nist_mod_384; -+ i2d_X509_CERT_PAIR; -+ PEM_write_ECPKParameters; -+ ECDH_compute_key; -+ STORE_ATTR_INFO_get0_sha1str; -+ ENGINE_register_all_ECDH; -+ pqueue_pop; -+ STORE_ATTR_INFO_get0_cstr; -+ POLICY_CONSTRAINTS_it; -+ POLICY_CONSTRAINTS_it; -+ STORE_get_ex_new_index; -+ EVP_PKEY_get_attr_by_OBJ; -+ X509_VERIFY_PARAM_add0_policy; -+ BN_GF2m_mod_solve_quad; -+ SHA256; -+ i2d_ECPrivateKey_fp; -+ X509_policy_tree_get0_user_policies; -+ X509_pcy_tree_get0_usr_policies; -+ OPENSSL_DIR_read; -+ ENGINE_register_all_ECDSA; -+ X509_VERIFY_PARAM_lookup; -+ EC_POINT_get_affine_coordinates_GF2m; -+ EC_POINT_get_affine_coords_GF2m; -+ EC_GROUP_dup; -+ ENGINE_get_default_ECDSA; -+ EC_KEY_new; -+ SHA256_Transform; -+ EC_KEY_set_enc_flags; -+ ECDSA_verify; -+ EC_POINT_point2hex; -+ ENGINE_get_STORE; -+ SHA512; -+ STORE_get_certificate; -+ ECDSA_do_sign_ex; -+ ECDSA_do_verify; -+ d2i_ECPrivateKey_fp; -+ STORE_delete_certificate; -+ SHA512_Transform; -+ X509_STORE_set1_param; -+ STORE_method_get_ctrl_function; -+ STORE_free; -+ PEM_write_ECPrivateKey; -+ STORE_meth_get_unlock_store_fn; -+ STORE_method_get_unlock_store_function; -+ STORE_get_ex_data; -+ EC_KEY_set_public_key; -+ PEM_read_ECPKParameters; -+ X509_CERT_PAIR_new; -+ ENGINE_register_STORE; -+ RSA_generate_key_ex; -+ DSA_generate_parameters_ex; -+ ECParameters_print_fp; -+ X509V3_NAME_from_section; -+ EVP_PKEY_add1_attr; -+ STORE_modify_crl; -+ STORE_list_private_key_start; -+ POLICY_MAPPINGS_it; -+ POLICY_MAPPINGS_it; -+ GENERAL_SUBTREE_it; -+ GENERAL_SUBTREE_it; -+ EC_GROUP_get_curve_name; -+ PEM_write_X509_CERT_PAIR; -+ BIO_dump_indent_cb; -+ d2i_X509_CERT_PAIR; -+ STORE_list_private_key_endp; -+ asn1_const_Finish; -+ i2d_EC_PUBKEY_fp; -+ BN_nist_mod_256; -+ X509_VERIFY_PARAM_add0_table; -+ pqueue_free; -+ BN_BLINDING_create_param; -+ ECDSA_size; -+ d2i_EC_PUBKEY_bio; -+ BN_get0_nist_prime_521; -+ STORE_ATTR_INFO_modify_sha1str; -+ BN_generate_prime_ex; -+ EC_GROUP_new_by_curve_name; -+ SHA256_Final; -+ DH_generate_parameters_ex; -+ PEM_read_bio_ECPrivateKey; -+ STORE_meth_get_cleanup_fn; -+ STORE_method_get_cleanup_function; -+ ENGINE_get_ECDH; -+ d2i_ECDSA_SIG; -+ BN_is_prime_fasttest_ex; -+ ECDSA_sign; -+ X509_policy_check; -+ EVP_PKEY_get_attr_by_NID; -+ STORE_set_ex_data; -+ ENGINE_get_ECDSA; -+ EVP_ecdsa; -+ BN_BLINDING_get_flags; -+ PKCS12_add_cert; -+ STORE_OBJECT_new; -+ ERR_load_ECDH_strings; -+ EC_KEY_dup; -+ EVP_CIPHER_CTX_rand_key; -+ ECDSA_set_method; -+ a2i_IPADDRESS_NC; -+ d2i_ECParameters; -+ STORE_list_certificate_end; -+ STORE_get_crl; -+ X509_POLICY_NODE_print; -+ SHA384_Init; -+ EC_GF2m_simple_method; -+ ECDSA_set_ex_data; -+ SHA384_Final; -+ PKCS7_set_digest; -+ EC_KEY_print; -+ STORE_meth_set_lock_store_fn; -+ STORE_method_set_lock_store_function; -+ ECDSA_get_ex_new_index; -+ SHA384; -+ POLICY_MAPPING_new; -+ STORE_list_certificate_endp; -+ X509_STORE_CTX_get0_policy_tree; -+ EC_GROUP_set_asn1_flag; -+ EC_KEY_check_key; -+ d2i_EC_PUBKEY_fp; -+ PKCS7_set0_type_other; -+ PEM_read_bio_X509_CERT_PAIR; -+ pqueue_next; -+ STORE_meth_get_list_end_fn; -+ STORE_method_get_list_end_function; -+ EVP_PKEY_add1_attr_by_OBJ; -+ X509_VERIFY_PARAM_set_time; -+ pqueue_new; -+ ENGINE_set_default_ECDH; -+ STORE_new_method; -+ PKCS12_add_key; -+ DSO_merge; -+ EC_POINT_hex2point; -+ BIO_dump_cb; -+ SHA256_Update; -+ pqueue_insert; -+ pitem_free; -+ BN_GF2m_mod_inv_arr; -+ ENGINE_unregister_ECDSA; -+ BN_BLINDING_set_thread_id; -+ get_rfc3526_prime_8192; -+ X509_VERIFY_PARAM_clear_flags; -+ get_rfc2409_prime_1024; -+ DH_check_pub_key; -+ get_rfc3526_prime_2048; -+ get_rfc3526_prime_6144; -+ get_rfc3526_prime_1536; -+ get_rfc3526_prime_3072; -+ get_rfc3526_prime_4096; -+ get_rfc2409_prime_768; -+ X509_VERIFY_PARAM_get_flags; -+ EVP_CIPHER_CTX_new; -+ EVP_CIPHER_CTX_free; -+ Camellia_cbc_encrypt; -+ Camellia_cfb128_encrypt; -+ Camellia_cfb1_encrypt; -+ Camellia_cfb8_encrypt; -+ Camellia_ctr128_encrypt; -+ Camellia_cfbr_encrypt_block; -+ Camellia_decrypt; -+ Camellia_ecb_encrypt; -+ Camellia_encrypt; -+ Camellia_ofb128_encrypt; -+ Camellia_set_key; -+ EVP_camellia_128_cbc; -+ EVP_camellia_128_cfb128; -+ EVP_camellia_128_cfb1; -+ EVP_camellia_128_cfb8; -+ EVP_camellia_128_ecb; -+ EVP_camellia_128_ofb; -+ EVP_camellia_192_cbc; -+ EVP_camellia_192_cfb128; -+ EVP_camellia_192_cfb1; -+ EVP_camellia_192_cfb8; -+ EVP_camellia_192_ecb; -+ EVP_camellia_192_ofb; -+ EVP_camellia_256_cbc; -+ EVP_camellia_256_cfb128; -+ EVP_camellia_256_cfb1; -+ EVP_camellia_256_cfb8; -+ EVP_camellia_256_ecb; -+ EVP_camellia_256_ofb; -+ a2i_ipadd; -+ ASIdentifiers_free; -+ i2d_ASIdOrRange; -+ EVP_CIPHER_block_size; -+ v3_asid_is_canonical; -+ IPAddressChoice_free; -+ EVP_CIPHER_CTX_set_app_data; -+ BIO_set_callback_arg; -+ v3_addr_add_prefix; -+ IPAddressOrRange_it; -+ IPAddressOrRange_it; -+ BIO_set_flags; -+ ASIdentifiers_it; -+ ASIdentifiers_it; -+ v3_addr_get_range; -+ BIO_method_type; -+ v3_addr_inherits; -+ IPAddressChoice_it; -+ IPAddressChoice_it; -+ AES_ige_encrypt; -+ v3_addr_add_range; -+ EVP_CIPHER_CTX_nid; -+ d2i_ASRange; -+ v3_addr_add_inherit; -+ v3_asid_add_id_or_range; -+ v3_addr_validate_resource_set; -+ EVP_CIPHER_iv_length; -+ EVP_MD_type; -+ v3_asid_canonize; -+ IPAddressRange_free; -+ v3_asid_add_inherit; -+ EVP_CIPHER_CTX_key_length; -+ IPAddressRange_new; -+ ASIdOrRange_new; -+ EVP_MD_size; -+ EVP_MD_CTX_test_flags; -+ BIO_clear_flags; -+ i2d_ASRange; -+ IPAddressRange_it; -+ IPAddressRange_it; -+ IPAddressChoice_new; -+ ASIdentifierChoice_new; -+ ASRange_free; -+ EVP_MD_pkey_type; -+ EVP_MD_CTX_clear_flags; -+ IPAddressFamily_free; -+ i2d_IPAddressFamily; -+ IPAddressOrRange_new; -+ EVP_CIPHER_flags; -+ v3_asid_validate_resource_set; -+ d2i_IPAddressRange; -+ AES_bi_ige_encrypt; -+ BIO_get_callback; -+ IPAddressOrRange_free; -+ v3_addr_subset; -+ d2i_IPAddressFamily; -+ v3_asid_subset; -+ BIO_test_flags; -+ i2d_ASIdentifierChoice; -+ ASRange_it; -+ ASRange_it; -+ d2i_ASIdentifiers; -+ ASRange_new; -+ d2i_IPAddressChoice; -+ v3_addr_get_afi; -+ EVP_CIPHER_key_length; -+ EVP_Cipher; -+ i2d_IPAddressOrRange; -+ ASIdOrRange_it; -+ ASIdOrRange_it; -+ EVP_CIPHER_nid; -+ i2d_IPAddressChoice; -+ EVP_CIPHER_CTX_block_size; -+ ASIdentifiers_new; -+ v3_addr_validate_path; -+ IPAddressFamily_new; -+ EVP_MD_CTX_set_flags; -+ v3_addr_is_canonical; -+ i2d_IPAddressRange; -+ IPAddressFamily_it; -+ IPAddressFamily_it; -+ v3_asid_inherits; -+ EVP_CIPHER_CTX_cipher; -+ EVP_CIPHER_CTX_get_app_data; -+ EVP_MD_block_size; -+ EVP_CIPHER_CTX_flags; -+ v3_asid_validate_path; -+ d2i_IPAddressOrRange; -+ v3_addr_canonize; -+ ASIdentifierChoice_it; -+ ASIdentifierChoice_it; -+ EVP_MD_CTX_md; -+ d2i_ASIdentifierChoice; -+ BIO_method_name; -+ EVP_CIPHER_CTX_iv_length; -+ ASIdOrRange_free; -+ ASIdentifierChoice_free; -+ BIO_get_callback_arg; -+ BIO_set_callback; -+ d2i_ASIdOrRange; -+ i2d_ASIdentifiers; -+ SEED_decrypt; -+ SEED_encrypt; -+ SEED_cbc_encrypt; -+ EVP_seed_ofb; -+ SEED_cfb128_encrypt; -+ SEED_ofb128_encrypt; -+ EVP_seed_cbc; -+ SEED_ecb_encrypt; -+ EVP_seed_ecb; -+ SEED_set_key; -+ EVP_seed_cfb128; -+ X509_EXTENSIONS_it; -+ X509_EXTENSIONS_it; -+ X509_get1_ocsp; -+ OCSP_REQ_CTX_free; -+ i2d_X509_EXTENSIONS; -+ OCSP_sendreq_nbio; -+ OCSP_sendreq_new; -+ d2i_X509_EXTENSIONS; -+ X509_ALGORS_it; -+ X509_ALGORS_it; -+ X509_ALGOR_get0; -+ X509_ALGOR_set0; -+ AES_unwrap_key; -+ AES_wrap_key; -+ X509at_get0_data_by_OBJ; -+ ASN1_TYPE_set1; -+ ASN1_STRING_set0; -+ i2d_X509_ALGORS; -+ BIO_f_zlib; -+ COMP_zlib_cleanup; -+ d2i_X509_ALGORS; -+ CMS_ReceiptRequest_free; -+ PEM_write_CMS; -+ CMS_add0_CertificateChoices; -+ CMS_unsigned_add1_attr_by_OBJ; -+ ERR_load_CMS_strings; -+ CMS_sign_receipt; -+ i2d_CMS_ContentInfo; -+ CMS_signed_delete_attr; -+ d2i_CMS_bio; -+ CMS_unsigned_get_attr_by_NID; -+ CMS_verify; -+ SMIME_read_CMS; -+ CMS_decrypt_set1_key; -+ CMS_SignerInfo_get0_algs; -+ CMS_add1_cert; -+ CMS_set_detached; -+ CMS_encrypt; -+ CMS_EnvelopedData_create; -+ CMS_uncompress; -+ CMS_add0_crl; -+ CMS_SignerInfo_verify_content; -+ CMS_unsigned_get0_data_by_OBJ; -+ PEM_write_bio_CMS; -+ CMS_unsigned_get_attr; -+ CMS_RecipientInfo_ktri_cert_cmp; -+ CMS_RecipientInfo_ktri_get0_algs; -+ CMS_RecipInfo_ktri_get0_algs; -+ CMS_ContentInfo_free; -+ CMS_final; -+ CMS_add_simple_smimecap; -+ CMS_SignerInfo_verify; -+ CMS_data; -+ CMS_ContentInfo_it; -+ CMS_ContentInfo_it; -+ d2i_CMS_ReceiptRequest; -+ CMS_compress; -+ CMS_digest_create; -+ CMS_SignerInfo_cert_cmp; -+ CMS_SignerInfo_sign; -+ CMS_data_create; -+ i2d_CMS_bio; -+ CMS_EncryptedData_set1_key; -+ CMS_decrypt; -+ int_smime_write_ASN1; -+ CMS_unsigned_delete_attr; -+ CMS_unsigned_get_attr_count; -+ CMS_add_smimecap; -+ PEM_read_CMS; -+ CMS_signed_get_attr_by_OBJ; -+ d2i_CMS_ContentInfo; -+ CMS_add_standard_smimecap; -+ CMS_ContentInfo_new; -+ CMS_RecipientInfo_type; -+ CMS_get0_type; -+ CMS_is_detached; -+ CMS_sign; -+ CMS_signed_add1_attr; -+ CMS_unsigned_get_attr_by_OBJ; -+ SMIME_write_CMS; -+ CMS_EncryptedData_decrypt; -+ CMS_get0_RecipientInfos; -+ CMS_add0_RevocationInfoChoice; -+ CMS_decrypt_set1_pkey; -+ CMS_SignerInfo_set1_signer_cert; -+ CMS_get0_signers; -+ CMS_ReceiptRequest_get0_values; -+ CMS_signed_get0_data_by_OBJ; -+ CMS_get0_SignerInfos; -+ CMS_add0_cert; -+ CMS_EncryptedData_encrypt; -+ CMS_digest_verify; -+ CMS_set1_signers_certs; -+ CMS_signed_get_attr; -+ CMS_RecipientInfo_set0_key; -+ CMS_SignedData_init; -+ CMS_RecipientInfo_kekri_get0_id; -+ CMS_verify_receipt; -+ CMS_ReceiptRequest_it; -+ CMS_ReceiptRequest_it; -+ PEM_read_bio_CMS; -+ CMS_get1_crls; -+ CMS_add0_recipient_key; -+ SMIME_read_ASN1; -+ CMS_ReceiptRequest_new; -+ CMS_get0_content; -+ CMS_get1_ReceiptRequest; -+ CMS_signed_add1_attr_by_OBJ; -+ CMS_RecipientInfo_kekri_id_cmp; -+ CMS_add1_ReceiptRequest; -+ CMS_SignerInfo_get0_signer_id; -+ CMS_unsigned_add1_attr_by_NID; -+ CMS_unsigned_add1_attr; -+ CMS_signed_get_attr_by_NID; -+ CMS_get1_certs; -+ CMS_signed_add1_attr_by_NID; -+ CMS_unsigned_add1_attr_by_txt; -+ CMS_dataFinal; -+ CMS_RecipientInfo_ktri_get0_signer_id; -+ CMS_RecipInfo_ktri_get0_sigr_id; -+ i2d_CMS_ReceiptRequest; -+ CMS_add1_recipient_cert; -+ CMS_dataInit; -+ CMS_signed_add1_attr_by_txt; -+ CMS_RecipientInfo_decrypt; -+ CMS_signed_get_attr_count; -+ CMS_get0_eContentType; -+ CMS_set1_eContentType; -+ CMS_ReceiptRequest_create0; -+ CMS_add1_signer; -+ CMS_RecipientInfo_set0_pkey; -+ ENGINE_set_load_ssl_client_cert_function; -+ ENGINE_set_ld_ssl_clnt_cert_fn; -+ ENGINE_get_ssl_client_cert_function; -+ ENGINE_get_ssl_client_cert_fn; -+ ENGINE_load_ssl_client_cert; -+ ENGINE_load_capi; -+ OPENSSL_isservice; -+ FIPS_dsa_sig_decode; -+ EVP_CIPHER_CTX_clear_flags; -+ FIPS_rand_status; -+ FIPS_rand_set_key; -+ CRYPTO_set_mem_info_functions; -+ RSA_X931_generate_key_ex; -+ int_ERR_set_state_func; -+ int_EVP_MD_set_engine_callbacks; -+ int_CRYPTO_set_do_dynlock_callback; -+ FIPS_rng_stick; -+ EVP_CIPHER_CTX_set_flags; -+ BN_X931_generate_prime_ex; -+ FIPS_selftest_check; -+ FIPS_rand_set_dt; -+ CRYPTO_dbg_pop_info; -+ FIPS_dsa_free; -+ RSA_X931_derive_ex; -+ FIPS_rsa_new; -+ FIPS_rand_bytes; -+ fips_cipher_test; -+ EVP_CIPHER_CTX_test_flags; -+ CRYPTO_malloc_debug_init; -+ CRYPTO_dbg_push_info; -+ FIPS_corrupt_rsa_keygen; -+ FIPS_dh_new; -+ FIPS_corrupt_dsa_keygen; -+ FIPS_dh_free; -+ fips_pkey_signature_test; -+ EVP_add_alg_module; -+ int_RAND_init_engine_callbacks; -+ int_EVP_CIPHER_set_engine_callbacks; -+ int_EVP_MD_init_engine_callbacks; -+ FIPS_rand_test_mode; -+ FIPS_rand_reset; -+ FIPS_dsa_new; -+ int_RAND_set_callbacks; -+ BN_X931_derive_prime_ex; -+ int_ERR_lib_init; -+ int_EVP_CIPHER_init_engine_callbacks; -+ FIPS_rsa_free; -+ FIPS_dsa_sig_encode; -+ CRYPTO_dbg_remove_all_info; -+ OPENSSL_init; -+ CRYPTO_strdup; -+ JPAKE_STEP3A_process; -+ JPAKE_STEP1_release; -+ JPAKE_get_shared_key; -+ JPAKE_STEP3B_init; -+ JPAKE_STEP1_generate; -+ JPAKE_STEP1_init; -+ JPAKE_STEP3B_process; -+ JPAKE_STEP2_generate; -+ JPAKE_CTX_new; -+ JPAKE_CTX_free; -+ JPAKE_STEP3B_release; -+ JPAKE_STEP3A_release; -+ JPAKE_STEP2_process; -+ JPAKE_STEP3B_generate; -+ JPAKE_STEP1_process; -+ JPAKE_STEP3A_generate; -+ JPAKE_STEP2_release; -+ JPAKE_STEP3A_init; -+ ERR_load_JPAKE_strings; -+ JPAKE_STEP2_init; -+ pqueue_size; -+ i2d_TS_ACCURACY; -+ i2d_TS_MSG_IMPRINT_fp; -+ i2d_TS_MSG_IMPRINT; -+ EVP_PKEY_print_public; -+ EVP_PKEY_CTX_new; -+ i2d_TS_TST_INFO; -+ EVP_PKEY_asn1_find; -+ DSO_METHOD_beos; -+ TS_CONF_load_cert; -+ TS_REQ_get_ext; -+ EVP_PKEY_sign_init; -+ ASN1_item_print; -+ TS_TST_INFO_set_nonce; -+ TS_RESP_dup; -+ ENGINE_register_pkey_meths; -+ EVP_PKEY_asn1_add0; -+ PKCS7_add0_attrib_signing_time; -+ i2d_TS_TST_INFO_fp; -+ BIO_asn1_get_prefix; -+ TS_TST_INFO_set_time; -+ EVP_PKEY_meth_set_decrypt; -+ EVP_PKEY_set_type_str; -+ EVP_PKEY_CTX_get_keygen_info; -+ TS_REQ_set_policy_id; -+ d2i_TS_RESP_fp; -+ ENGINE_get_pkey_asn1_meth_engine; -+ ENGINE_get_pkey_asn1_meth_eng; -+ WHIRLPOOL_Init; -+ TS_RESP_set_status_info; -+ EVP_PKEY_keygen; -+ EVP_DigestSignInit; -+ TS_ACCURACY_set_millis; -+ TS_REQ_dup; -+ GENERAL_NAME_dup; -+ ASN1_SEQUENCE_ANY_it; -+ ASN1_SEQUENCE_ANY_it; -+ WHIRLPOOL; -+ X509_STORE_get1_crls; -+ ENGINE_get_pkey_asn1_meth; -+ EVP_PKEY_asn1_new; -+ BIO_new_NDEF; -+ ENGINE_get_pkey_meth; -+ TS_MSG_IMPRINT_set_algo; -+ i2d_TS_TST_INFO_bio; -+ TS_TST_INFO_set_ordering; -+ TS_TST_INFO_get_ext_by_OBJ; -+ CRYPTO_THREADID_set_pointer; -+ TS_CONF_get_tsa_section; -+ SMIME_write_ASN1; -+ TS_RESP_CTX_set_signer_key; -+ EVP_PKEY_encrypt_old; -+ EVP_PKEY_encrypt_init; -+ CRYPTO_THREADID_cpy; -+ ASN1_PCTX_get_cert_flags; -+ i2d_ESS_SIGNING_CERT; -+ TS_CONF_load_key; -+ i2d_ASN1_SEQUENCE_ANY; -+ d2i_TS_MSG_IMPRINT_bio; -+ EVP_PKEY_asn1_set_public; -+ b2i_PublicKey_bio; -+ BIO_asn1_set_prefix; -+ EVP_PKEY_new_mac_key; -+ BIO_new_CMS; -+ CRYPTO_THREADID_cmp; -+ TS_REQ_ext_free; -+ EVP_PKEY_asn1_set_free; -+ EVP_PKEY_get0_asn1; -+ d2i_NETSCAPE_X509; -+ EVP_PKEY_verify_recover_init; -+ EVP_PKEY_CTX_set_data; -+ EVP_PKEY_keygen_init; -+ TS_RESP_CTX_set_status_info; -+ TS_MSG_IMPRINT_get_algo; -+ TS_REQ_print_bio; -+ EVP_PKEY_CTX_ctrl_str; -+ EVP_PKEY_get_default_digest_nid; -+ PEM_write_bio_PKCS7_stream; -+ TS_MSG_IMPRINT_print_bio; -+ BN_asc2bn; -+ TS_REQ_get_policy_id; -+ ENGINE_set_default_pkey_asn1_meths; -+ ENGINE_set_def_pkey_asn1_meths; -+ d2i_TS_ACCURACY; -+ DSO_global_lookup; -+ TS_CONF_set_tsa_name; -+ i2d_ASN1_SET_ANY; -+ ENGINE_load_gost; -+ WHIRLPOOL_BitUpdate; -+ ASN1_PCTX_get_flags; -+ TS_TST_INFO_get_ext_by_NID; -+ TS_RESP_new; -+ ESS_CERT_ID_dup; -+ TS_STATUS_INFO_dup; -+ TS_REQ_delete_ext; -+ EVP_DigestVerifyFinal; -+ EVP_PKEY_print_params; -+ i2d_CMS_bio_stream; -+ TS_REQ_get_msg_imprint; -+ OBJ_find_sigid_by_algs; -+ TS_TST_INFO_get_serial; -+ TS_REQ_get_nonce; -+ X509_PUBKEY_set0_param; -+ EVP_PKEY_CTX_set0_keygen_info; -+ DIST_POINT_set_dpname; -+ i2d_ISSUING_DIST_POINT; -+ ASN1_SET_ANY_it; -+ ASN1_SET_ANY_it; -+ EVP_PKEY_CTX_get_data; -+ TS_STATUS_INFO_print_bio; -+ EVP_PKEY_derive_init; -+ d2i_TS_TST_INFO; -+ EVP_PKEY_asn1_add_alias; -+ d2i_TS_RESP_bio; -+ OTHERNAME_cmp; -+ GENERAL_NAME_set0_value; -+ PKCS7_RECIP_INFO_get0_alg; -+ TS_RESP_CTX_new; -+ TS_RESP_set_tst_info; -+ PKCS7_final; -+ EVP_PKEY_base_id; -+ TS_RESP_CTX_set_signer_cert; -+ TS_REQ_set_msg_imprint; -+ EVP_PKEY_CTX_ctrl; -+ TS_CONF_set_digests; -+ d2i_TS_MSG_IMPRINT; -+ EVP_PKEY_meth_set_ctrl; -+ TS_REQ_get_ext_by_NID; -+ PKCS5_pbe_set0_algor; -+ BN_BLINDING_thread_id; -+ TS_ACCURACY_new; -+ X509_CRL_METHOD_free; -+ ASN1_PCTX_get_nm_flags; -+ EVP_PKEY_meth_set_sign; -+ CRYPTO_THREADID_current; -+ EVP_PKEY_decrypt_init; -+ NETSCAPE_X509_free; -+ i2b_PVK_bio; -+ EVP_PKEY_print_private; -+ GENERAL_NAME_get0_value; -+ b2i_PVK_bio; -+ ASN1_UTCTIME_adj; -+ TS_TST_INFO_new; -+ EVP_MD_do_all_sorted; -+ TS_CONF_set_default_engine; -+ TS_ACCURACY_set_seconds; -+ TS_TST_INFO_get_time; -+ PKCS8_pkey_get0; -+ EVP_PKEY_asn1_get0; -+ OBJ_add_sigid; -+ PKCS7_SIGNER_INFO_sign; -+ EVP_PKEY_paramgen_init; -+ EVP_PKEY_sign; -+ OBJ_sigid_free; -+ EVP_PKEY_meth_set_init; -+ d2i_ESS_ISSUER_SERIAL; -+ ISSUING_DIST_POINT_new; -+ ASN1_TIME_adj; -+ TS_OBJ_print_bio; -+ EVP_PKEY_meth_set_verify_recover; -+ EVP_PKEY_meth_set_vrfy_recover; -+ TS_RESP_get_status_info; -+ CMS_stream; -+ EVP_PKEY_CTX_set_cb; -+ PKCS7_to_TS_TST_INFO; -+ ASN1_PCTX_get_oid_flags; -+ TS_TST_INFO_add_ext; -+ EVP_PKEY_meth_set_derive; -+ i2d_TS_RESP_fp; -+ i2d_TS_MSG_IMPRINT_bio; -+ TS_RESP_CTX_set_accuracy; -+ TS_REQ_set_nonce; -+ ESS_CERT_ID_new; -+ ENGINE_pkey_asn1_find_str; -+ TS_REQ_get_ext_count; -+ BUF_reverse; -+ TS_TST_INFO_print_bio; -+ d2i_ISSUING_DIST_POINT; -+ ENGINE_get_pkey_meths; -+ i2b_PrivateKey_bio; -+ i2d_TS_RESP; -+ b2i_PublicKey; -+ TS_VERIFY_CTX_cleanup; -+ TS_STATUS_INFO_free; -+ TS_RESP_verify_token; -+ OBJ_bsearch_ex_; -+ ASN1_bn_print; -+ EVP_PKEY_asn1_get_count; -+ ENGINE_register_pkey_asn1_meths; -+ ASN1_PCTX_set_nm_flags; -+ EVP_DigestVerifyInit; -+ ENGINE_set_default_pkey_meths; -+ TS_TST_INFO_get_policy_id; -+ TS_REQ_get_cert_req; -+ X509_CRL_set_meth_data; -+ PKCS8_pkey_set0; -+ ASN1_STRING_copy; -+ d2i_TS_TST_INFO_fp; -+ X509_CRL_match; -+ EVP_PKEY_asn1_set_private; -+ TS_TST_INFO_get_ext_d2i; -+ TS_RESP_CTX_add_policy; -+ d2i_TS_RESP; -+ TS_CONF_load_certs; -+ TS_TST_INFO_get_msg_imprint; -+ ERR_load_TS_strings; -+ TS_TST_INFO_get_version; -+ EVP_PKEY_CTX_dup; -+ EVP_PKEY_meth_set_verify; -+ i2b_PublicKey_bio; -+ TS_CONF_set_certs; -+ EVP_PKEY_asn1_get0_info; -+ TS_VERIFY_CTX_free; -+ TS_REQ_get_ext_by_critical; -+ TS_RESP_CTX_set_serial_cb; -+ X509_CRL_get_meth_data; -+ TS_RESP_CTX_set_time_cb; -+ TS_MSG_IMPRINT_get_msg; -+ TS_TST_INFO_ext_free; -+ TS_REQ_get_version; -+ TS_REQ_add_ext; -+ EVP_PKEY_CTX_set_app_data; -+ OBJ_bsearch_; -+ EVP_PKEY_meth_set_verifyctx; -+ i2d_PKCS7_bio_stream; -+ CRYPTO_THREADID_set_numeric; -+ PKCS7_sign_add_signer; -+ d2i_TS_TST_INFO_bio; -+ TS_TST_INFO_get_ordering; -+ TS_RESP_print_bio; -+ TS_TST_INFO_get_exts; -+ HMAC_CTX_copy; -+ PKCS5_pbe2_set_iv; -+ ENGINE_get_pkey_asn1_meths; -+ b2i_PrivateKey; -+ EVP_PKEY_CTX_get_app_data; -+ TS_REQ_set_cert_req; -+ CRYPTO_THREADID_set_callback; -+ TS_CONF_set_serial; -+ TS_TST_INFO_free; -+ d2i_TS_REQ_fp; -+ TS_RESP_verify_response; -+ i2d_ESS_ISSUER_SERIAL; -+ TS_ACCURACY_get_seconds; -+ EVP_CIPHER_do_all; -+ b2i_PrivateKey_bio; -+ OCSP_CERTID_dup; -+ X509_PUBKEY_get0_param; -+ TS_MSG_IMPRINT_dup; -+ PKCS7_print_ctx; -+ i2d_TS_REQ_bio; -+ EVP_whirlpool; -+ EVP_PKEY_asn1_set_param; -+ EVP_PKEY_meth_set_encrypt; -+ ASN1_PCTX_set_flags; -+ i2d_ESS_CERT_ID; -+ TS_VERIFY_CTX_new; -+ TS_RESP_CTX_set_extension_cb; -+ ENGINE_register_all_pkey_meths; -+ TS_RESP_CTX_set_status_info_cond; -+ TS_RESP_CTX_set_stat_info_cond; -+ EVP_PKEY_verify; -+ WHIRLPOOL_Final; -+ X509_CRL_METHOD_new; -+ EVP_DigestSignFinal; -+ TS_RESP_CTX_set_def_policy; -+ NETSCAPE_X509_it; -+ NETSCAPE_X509_it; -+ TS_RESP_create_response; -+ PKCS7_SIGNER_INFO_get0_algs; -+ TS_TST_INFO_get_nonce; -+ EVP_PKEY_decrypt_old; -+ TS_TST_INFO_set_policy_id; -+ TS_CONF_set_ess_cert_id_chain; -+ EVP_PKEY_CTX_get0_pkey; -+ d2i_TS_REQ; -+ EVP_PKEY_asn1_find_str; -+ BIO_f_asn1; -+ ESS_SIGNING_CERT_new; -+ EVP_PBE_find; -+ X509_CRL_get0_by_cert; -+ EVP_PKEY_derive; -+ i2d_TS_REQ; -+ TS_TST_INFO_delete_ext; -+ ESS_ISSUER_SERIAL_free; -+ ASN1_PCTX_set_str_flags; -+ ENGINE_get_pkey_asn1_meth_str; -+ TS_CONF_set_signer_key; -+ TS_ACCURACY_get_millis; -+ TS_RESP_get_token; -+ TS_ACCURACY_dup; -+ ENGINE_register_all_pkey_asn1_meths; -+ ENGINE_reg_all_pkey_asn1_meths; -+ X509_CRL_set_default_method; -+ CRYPTO_THREADID_hash; -+ CMS_ContentInfo_print_ctx; -+ TS_RESP_free; -+ ISSUING_DIST_POINT_free; -+ ESS_ISSUER_SERIAL_new; -+ CMS_add1_crl; -+ PKCS7_add1_attrib_digest; -+ TS_RESP_CTX_add_md; -+ TS_TST_INFO_dup; -+ ENGINE_set_pkey_asn1_meths; -+ PEM_write_bio_Parameters; -+ TS_TST_INFO_get_accuracy; -+ X509_CRL_get0_by_serial; -+ TS_TST_INFO_set_version; -+ TS_RESP_CTX_get_tst_info; -+ TS_RESP_verify_signature; -+ CRYPTO_THREADID_get_callback; -+ TS_TST_INFO_get_tsa; -+ TS_STATUS_INFO_new; -+ EVP_PKEY_CTX_get_cb; -+ TS_REQ_get_ext_d2i; -+ GENERAL_NAME_set0_othername; -+ TS_TST_INFO_get_ext_count; -+ TS_RESP_CTX_get_request; -+ i2d_NETSCAPE_X509; -+ ENGINE_get_pkey_meth_engine; -+ EVP_PKEY_meth_set_signctx; -+ EVP_PKEY_asn1_copy; -+ ASN1_TYPE_cmp; -+ EVP_CIPHER_do_all_sorted; -+ EVP_PKEY_CTX_free; -+ ISSUING_DIST_POINT_it; -+ ISSUING_DIST_POINT_it; -+ d2i_TS_MSG_IMPRINT_fp; -+ X509_STORE_get1_certs; -+ EVP_PKEY_CTX_get_operation; -+ d2i_ESS_SIGNING_CERT; -+ TS_CONF_set_ordering; -+ EVP_PBE_alg_add_type; -+ TS_REQ_set_version; -+ EVP_PKEY_get0; -+ BIO_asn1_set_suffix; -+ i2d_TS_STATUS_INFO; -+ EVP_MD_do_all; -+ TS_TST_INFO_set_accuracy; -+ PKCS7_add_attrib_content_type; -+ ERR_remove_thread_state; -+ EVP_PKEY_meth_add0; -+ TS_TST_INFO_set_tsa; -+ EVP_PKEY_meth_new; -+ WHIRLPOOL_Update; -+ TS_CONF_set_accuracy; -+ ASN1_PCTX_set_oid_flags; -+ ESS_SIGNING_CERT_dup; -+ d2i_TS_REQ_bio; -+ X509_time_adj_ex; -+ TS_RESP_CTX_add_flags; -+ d2i_TS_STATUS_INFO; -+ TS_MSG_IMPRINT_set_msg; -+ BIO_asn1_get_suffix; -+ TS_REQ_free; -+ EVP_PKEY_meth_free; -+ TS_REQ_get_exts; -+ TS_RESP_CTX_set_clock_precision_digits; -+ TS_RESP_CTX_set_clk_prec_digits; -+ TS_RESP_CTX_add_failure_info; -+ i2d_TS_RESP_bio; -+ EVP_PKEY_CTX_get0_peerkey; -+ PEM_write_bio_CMS_stream; -+ TS_REQ_new; -+ TS_MSG_IMPRINT_new; -+ EVP_PKEY_meth_find; -+ EVP_PKEY_id; -+ TS_TST_INFO_set_serial; -+ a2i_GENERAL_NAME; -+ TS_CONF_set_crypto_device; -+ EVP_PKEY_verify_init; -+ TS_CONF_set_policies; -+ ASN1_PCTX_new; -+ ESS_CERT_ID_free; -+ ENGINE_unregister_pkey_meths; -+ TS_MSG_IMPRINT_free; -+ TS_VERIFY_CTX_init; -+ PKCS7_stream; -+ TS_RESP_CTX_set_certs; -+ TS_CONF_set_def_policy; -+ ASN1_GENERALIZEDTIME_adj; -+ NETSCAPE_X509_new; -+ TS_ACCURACY_free; -+ TS_RESP_get_tst_info; -+ EVP_PKEY_derive_set_peer; -+ PEM_read_bio_Parameters; -+ TS_CONF_set_clock_precision_digits; -+ TS_CONF_set_clk_prec_digits; -+ ESS_ISSUER_SERIAL_dup; -+ TS_ACCURACY_get_micros; -+ ASN1_PCTX_get_str_flags; -+ NAME_CONSTRAINTS_check; -+ ASN1_BIT_STRING_check; -+ X509_check_akid; -+ ENGINE_unregister_pkey_asn1_meths; -+ ENGINE_unreg_pkey_asn1_meths; -+ ASN1_PCTX_free; -+ PEM_write_bio_ASN1_stream; -+ i2d_ASN1_bio_stream; -+ TS_X509_ALGOR_print_bio; -+ EVP_PKEY_meth_set_cleanup; -+ EVP_PKEY_asn1_free; -+ ESS_SIGNING_CERT_free; -+ TS_TST_INFO_set_msg_imprint; -+ GENERAL_NAME_cmp; -+ d2i_ASN1_SET_ANY; -+ ENGINE_set_pkey_meths; -+ i2d_TS_REQ_fp; -+ d2i_ASN1_SEQUENCE_ANY; -+ GENERAL_NAME_get0_otherName; -+ d2i_ESS_CERT_ID; -+ OBJ_find_sigid_algs; -+ EVP_PKEY_meth_set_keygen; -+ PKCS5_PBKDF2_HMAC; -+ EVP_PKEY_paramgen; -+ EVP_PKEY_meth_set_paramgen; -+ BIO_new_PKCS7; -+ EVP_PKEY_verify_recover; -+ TS_ext_print_bio; -+ TS_ASN1_INTEGER_print_bio; -+ check_defer; -+ DSO_pathbyaddr; -+ EVP_PKEY_set_type; -+ TS_ACCURACY_set_micros; -+ TS_REQ_to_TS_VERIFY_CTX; -+ EVP_PKEY_meth_set_copy; -+ ASN1_PCTX_set_cert_flags; -+ TS_TST_INFO_get_ext; -+ EVP_PKEY_asn1_set_ctrl; -+ TS_TST_INFO_get_ext_by_critical; -+ EVP_PKEY_CTX_new_id; -+ TS_REQ_get_ext_by_OBJ; -+ TS_CONF_set_signer_cert; -+ X509_NAME_hash_old; -+ ASN1_TIME_set_string; -+ EVP_MD_flags; -+ TS_RESP_CTX_free; -+ DSAparams_dup; -+ DHparams_dup; -+ OCSP_REQ_CTX_add1_header; -+ OCSP_REQ_CTX_set1_req; -+ X509_STORE_set_verify_cb; -+ X509_STORE_CTX_get0_current_crl; -+ X509_STORE_CTX_get0_parent_ctx; -+ X509_STORE_CTX_get0_current_issuer; -+ X509_STORE_CTX_get0_cur_issuer; -+ X509_issuer_name_hash_old; -+ X509_subject_name_hash_old; -+ EVP_CIPHER_CTX_copy; -+ UI_method_get_prompt_constructor; -+ UI_method_get_prompt_constructr; -+ UI_method_set_prompt_constructor; -+ UI_method_set_prompt_constructr; -+ EVP_read_pw_string_min; -+ CRYPTO_cts128_encrypt; -+ CRYPTO_cts128_decrypt_block; -+ CRYPTO_cfb128_1_encrypt; -+ CRYPTO_cbc128_encrypt; -+ CRYPTO_ctr128_encrypt; -+ CRYPTO_ofb128_encrypt; -+ CRYPTO_cts128_decrypt; -+ CRYPTO_cts128_encrypt_block; -+ CRYPTO_cbc128_decrypt; -+ CRYPTO_cfb128_encrypt; -+ CRYPTO_cfb128_8_encrypt; -+ -+ local: -+ *; -+}; -+ -+ -+OPENSSL_1.0.1 { -+ global: -+ SSL_renegotiate_abbreviated; -+ TLSv1_1_method; -+ TLSv1_1_client_method; -+ TLSv1_1_server_method; -+ SSL_CTX_set_srp_client_pwd_callback; -+ SSL_CTX_set_srp_client_pwd_cb; -+ SSL_get_srp_g; -+ SSL_CTX_set_srp_username_callback; -+ SSL_CTX_set_srp_un_cb; -+ SSL_get_srp_userinfo; -+ SSL_set_srp_server_param; -+ SSL_set_srp_server_param_pw; -+ SSL_get_srp_N; -+ SSL_get_srp_username; -+ SSL_CTX_set_srp_password; -+ SSL_CTX_set_srp_strength; -+ SSL_CTX_set_srp_verify_param_callback; -+ SSL_CTX_set_srp_vfy_param_cb; -+ SSL_CTX_set_srp_cb_arg; -+ SSL_CTX_set_srp_username; -+ SSL_CTX_SRP_CTX_init; -+ SSL_SRP_CTX_init; -+ SRP_Calc_A_param; -+ SRP_generate_server_master_secret; -+ SRP_gen_server_master_secret; -+ SSL_CTX_SRP_CTX_free; -+ SRP_generate_client_master_secret; -+ SRP_gen_client_master_secret; -+ SSL_srp_server_param_with_username; -+ SSL_srp_server_param_with_un; -+ SSL_SRP_CTX_free; -+ SSL_set_debug; -+ SSL_SESSION_get0_peer; -+ TLSv1_2_client_method; -+ SSL_SESSION_set1_id_context; -+ TLSv1_2_server_method; -+ SSL_cache_hit; -+ SSL_get0_kssl_ctx; -+ SSL_set0_kssl_ctx; -+ SSL_set_state; -+ SSL_CIPHER_get_id; -+ TLSv1_2_method; -+ kssl_ctx_get0_client_princ; -+ SSL_export_keying_material; -+ SSL_set_tlsext_use_srtp; -+ SSL_CTX_set_next_protos_advertised_cb; -+ SSL_CTX_set_next_protos_adv_cb; -+ SSL_get0_next_proto_negotiated; -+ SSL_get_selected_srtp_profile; -+ SSL_CTX_set_tlsext_use_srtp; -+ SSL_select_next_proto; -+ SSL_get_srtp_profiles; -+ SSL_CTX_set_next_proto_select_cb; -+ SSL_CTX_set_next_proto_sel_cb; -+ SSL_SESSION_get_compress_id; -+ -+ SRP_VBASE_get_by_user; -+ SRP_Calc_server_key; -+ SRP_create_verifier; -+ SRP_create_verifier_BN; -+ SRP_Calc_u; -+ SRP_VBASE_free; -+ SRP_Calc_client_key; -+ SRP_get_default_gN; -+ SRP_Calc_x; -+ SRP_Calc_B; -+ SRP_VBASE_new; -+ SRP_check_known_gN_param; -+ SRP_Calc_A; -+ SRP_Verify_A_mod_N; -+ SRP_VBASE_init; -+ SRP_Verify_B_mod_N; -+ EC_KEY_set_public_key_affine_coordinates; -+ EC_KEY_set_pub_key_aff_coords; -+ EVP_aes_192_ctr; -+ EVP_PKEY_meth_get0_info; -+ EVP_PKEY_meth_copy; -+ ERR_add_error_vdata; -+ EVP_aes_128_ctr; -+ EVP_aes_256_ctr; -+ EC_GFp_nistp224_method; -+ EC_KEY_get_flags; -+ RSA_padding_add_PKCS1_PSS_mgf1; -+ EVP_aes_128_xts; -+ EVP_aes_256_xts; -+ EVP_aes_128_gcm; -+ EC_KEY_clear_flags; -+ EC_KEY_set_flags; -+ EVP_aes_256_ccm; -+ RSA_verify_PKCS1_PSS_mgf1; -+ EVP_aes_128_ccm; -+ EVP_aes_192_gcm; -+ X509_ALGOR_set_md; -+ RAND_init_fips; -+ EVP_aes_256_gcm; -+ EVP_aes_192_ccm; -+ CMAC_CTX_copy; -+ CMAC_CTX_free; -+ CMAC_CTX_get0_cipher_ctx; -+ CMAC_CTX_cleanup; -+ CMAC_Init; -+ CMAC_Update; -+ CMAC_resume; -+ CMAC_CTX_new; -+ CMAC_Final; -+ CRYPTO_ctr128_encrypt_ctr32; -+ CRYPTO_gcm128_release; -+ CRYPTO_ccm128_decrypt_ccm64; -+ CRYPTO_ccm128_encrypt; -+ CRYPTO_gcm128_encrypt; -+ CRYPTO_xts128_encrypt; -+ EVP_rc4_hmac_md5; -+ CRYPTO_nistcts128_decrypt_block; -+ CRYPTO_gcm128_setiv; -+ CRYPTO_nistcts128_encrypt; -+ EVP_aes_128_cbc_hmac_sha1; -+ CRYPTO_gcm128_tag; -+ CRYPTO_ccm128_encrypt_ccm64; -+ ENGINE_load_rdrand; -+ CRYPTO_ccm128_setiv; -+ CRYPTO_nistcts128_encrypt_block; -+ CRYPTO_gcm128_aad; -+ CRYPTO_ccm128_init; -+ CRYPTO_nistcts128_decrypt; -+ CRYPTO_gcm128_new; -+ CRYPTO_ccm128_tag; -+ CRYPTO_ccm128_decrypt; -+ CRYPTO_ccm128_aad; -+ CRYPTO_gcm128_init; -+ CRYPTO_gcm128_decrypt; -+ ENGINE_load_rsax; -+ CRYPTO_gcm128_decrypt_ctr32; -+ CRYPTO_gcm128_encrypt_ctr32; -+ CRYPTO_gcm128_finish; -+ EVP_aes_256_cbc_hmac_sha1; -+ PKCS5_pbkdf2_set; -+ CMS_add0_recipient_password; -+ CMS_decrypt_set1_password; -+ CMS_RecipientInfo_set0_password; -+ RAND_set_fips_drbg_type; -+ X509_REQ_sign_ctx; -+ RSA_PSS_PARAMS_new; -+ X509_CRL_sign_ctx; -+ X509_signature_dump; -+ d2i_RSA_PSS_PARAMS; -+ RSA_PSS_PARAMS_it; -+ RSA_PSS_PARAMS_it; -+ RSA_PSS_PARAMS_free; -+ X509_sign_ctx; -+ i2d_RSA_PSS_PARAMS; -+ ASN1_item_sign_ctx; -+ EC_GFp_nistp521_method; -+ EC_GFp_nistp256_method; -+ OPENSSL_stderr; -+ OPENSSL_cpuid_setup; -+ OPENSSL_showfatal; -+ BIO_new_dgram_sctp; -+ BIO_dgram_sctp_msg_waiting; -+ BIO_dgram_sctp_wait_for_dry; -+ BIO_s_datagram_sctp; -+ BIO_dgram_is_sctp; -+ BIO_dgram_sctp_notification_cb; -+} OPENSSL_1.0.0; -+ -+OPENSSL_1.0.1d { -+ global: -+ CRYPTO_memcmp; -+} OPENSSL_1.0.1; -+ -Index: openssl-1.0.1d/engines/openssl.ld -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.1d/engines/openssl.ld 2013-02-06 19:41:43.000000000 +0100 -@@ -0,0 +1,10 @@ -+OPENSSL_1.0.0 { -+ global: -+ bind_engine; -+ v_check; -+ OPENSSL_init; -+ OPENSSL_finish; -+ local: -+ *; -+}; -+ -Index: openssl-1.0.1d/engines/ccgost/openssl.ld -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.1d/engines/ccgost/openssl.ld 2013-02-06 19:41:43.000000000 +0100 -@@ -0,0 +1,10 @@ -+OPENSSL_1.0.0 { -+ global: -+ bind_engine; -+ v_check; -+ OPENSSL_init; -+ OPENSSL_finish; -+ local: -+ *; -+}; -+ diff --git a/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch b/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch deleted file mode 100644 index d8a6f1a..0000000 --- a/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch +++ /dev/null @@ -1,56 +0,0 @@ -Upstream-Status: Inappropriate [configuration] - - -Index: openssl-1.0.0/engines/Makefile -=================================================================== ---- openssl-1.0.0.orig/engines/Makefile -+++ openssl-1.0.0/engines/Makefile -@@ -107,7 +107,7 @@ - @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... - @if [ -n "$(SHARED_LIBS)" ]; then \ - set -e; \ -- $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \ -+ $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines; \ - for l in $(LIBNAMES); do \ - ( echo installing $$l; \ - pfx=lib; \ -@@ -119,13 +119,13 @@ - *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ - *) sfx=".bad";; \ - esac; \ -- cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ -+ cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \ - else \ - sfx=".so"; \ -- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ -+ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \ - fi; \ -- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ -- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ -+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \ -+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx ); \ - done; \ - fi - @target=install; $(RECURSIVE_MAKE) -Index: openssl-1.0.0/engines/ccgost/Makefile -=================================================================== ---- openssl-1.0.0.orig/engines/ccgost/Makefile -+++ openssl-1.0.0/engines/ccgost/Makefile -@@ -53,13 +53,13 @@ - *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ - *) sfx=".bad";; \ - esac; \ -- cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ -+ cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \ - else \ - sfx=".so"; \ -- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ -+ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \ - fi; \ -- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ -- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \ -+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \ -+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx; \ - fi - - links: diff --git a/recipes-connectivity/openssl/openssl/find.pl b/recipes-connectivity/openssl/openssl/find.pl deleted file mode 100644 index 8e1b42c..0000000 --- a/recipes-connectivity/openssl/openssl/find.pl +++ /dev/null @@ -1,54 +0,0 @@ -warn "Legacy library @{[(caller(0))[6]]} will be removed from the Perl core distribution in the next major release. Please install it from the CPAN distribution Perl4::CoreLibs. It is being used at @{[(caller)[1]]}, line @{[(caller)[2]]}.\n"; - -# This library is deprecated and unmaintained. It is included for -# compatibility with Perl 4 scripts which may use it, but it will be -# removed in a future version of Perl. Please use the File::Find module -# instead. - -# Usage: -# require "find.pl"; -# -# &find('/foo','/bar'); -# -# sub wanted { ... } -# where wanted does whatever you want. $dir contains the -# current directory name, and $_ the current filename within -# that directory. $name contains "$dir/$_". You are cd'ed -# to $dir when the function is called. The function may -# set $prune to prune the tree. -# -# For example, -# -# find / -name .nfs\* -mtime +7 -exec rm -f {} \; -o -fstype nfs -prune -# -# corresponds to this -# -# sub wanted { -# /^\.nfs.*$/ && -# (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_)) && -# int(-M _) > 7 && -# unlink($_) -# || -# ($nlink || (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_))) && -# $dev < 0 && -# ($prune = 1); -# } -# -# Set the variable $dont_use_nlink if you're using AFS, since AFS cheats. - -use File::Find (); - -*name = *File::Find::name; -*prune = *File::Find::prune; -*dir = *File::Find::dir; -*topdir = *File::Find::topdir; -*topdev = *File::Find::topdev; -*topino = *File::Find::topino; -*topmode = *File::Find::topmode; -*topnlink = *File::Find::topnlink; - -sub find { - &File::Find::find(\&wanted, @_); -} - -1; diff --git a/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch b/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch deleted file mode 100644 index f0e1778..0000000 --- a/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch +++ /dev/null @@ -1,22 +0,0 @@ -Upstream-Status: Submitted - -This patch adds the fix for one of the ciphers used in openssl, namely -the cipher des-ede3-cfb1. Complete bug log and patch is present here: -http://rt.openssl.org/Ticket/Display.html?id=2867 - -Signed-Off-By: Muhammad Shakeel - -diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c -index 3232cfe..df84922 100644 -=================================================================== ---- a/crypto/evp/e_des3.c -+++ b/crypto/evp/e_des3.c -@@ -173,7 +173,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - size_t n; - unsigned char c[1],d[1]; - -- for(n=0 ; n < inl ; ++n) -+ for(n=0 ; n < inl*8 ; ++n) - { - c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; - DES_ede3_cfb_encrypt(c,d,1,1, diff --git a/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch b/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch deleted file mode 100644 index 2185ff8..0000000 --- a/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch +++ /dev/null @@ -1,119 +0,0 @@ -From: Andy Polyakov -Date: Sun, 13 Oct 2013 17:15:15 +0000 (+0200) -Subject: Initial aarch64 bits. -X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=039081b80977e2a5de84e1f88f8b4d025b559956 - -Initial aarch64 bits. ---- - crypto/bn/bn_lcl.h | 9 +++++++++ - crypto/md32_common.h | 18 ++++++++++++++++++ - crypto/modes/modes_lcl.h | 8 ++++++++ - crypto/sha/sha512.c | 13 +++++++++++++ - 4 files changed, 48 insertions(+) - -Index: openssl-1.0.1f/crypto/bn/bn_lcl.h -=================================================================== ---- openssl-1.0.1f.orig/crypto/bn/bn_lcl.h 2014-01-06 15:47:42.000000000 +0200 -+++ openssl-1.0.1f/crypto/bn/bn_lcl.h 2014-02-28 10:37:55.495979037 +0200 -@@ -300,6 +300,15 @@ - : "r"(a), "r"(b)); - # endif - # endif -+# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG) -+# if defined(__GNUC__) && __GNUC__>=2 -+# define BN_UMULT_HIGH(a,b) ({ \ -+ register BN_ULONG ret; \ -+ asm ("umulh %0,%1,%2" \ -+ : "=r"(ret) \ -+ : "r"(a), "r"(b)); \ -+ ret; }) -+# endif - # endif /* cpu */ - #endif /* OPENSSL_NO_ASM */ - -Index: openssl-1.0.1f/crypto/md32_common.h -=================================================================== ---- openssl-1.0.1f.orig/crypto/md32_common.h 2014-01-06 15:47:42.000000000 +0200 -+++ openssl-1.0.1f/crypto/md32_common.h 2014-02-28 10:39:21.751979107 +0200 -@@ -213,6 +213,24 @@ - asm ("bswapl %0":"=r"(r):"0"(r)); \ - *((unsigned int *)(c))=r; (c)+=4; r; }) - # endif -+# elif defined(__aarch64__) -+# if defined(__BYTE_ORDER__) -+# if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ -+# define HOST_c2l(c,l) ({ unsigned int r; \ -+ asm ("rev %w0,%w1" \ -+ :"=r"(r) \ -+ :"r"(*((const unsigned int *)(c))));\ -+ (c)+=4; (l)=r; }) -+# define HOST_l2c(l,c) ({ unsigned int r; \ -+ asm ("rev %w0,%w1" \ -+ :"=r"(r) \ -+ :"r"((unsigned int)(l)));\ -+ *((unsigned int *)(c))=r; (c)+=4; r; }) -+# elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__ -+# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l)) -+# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l)) -+# endif -+# endif - # endif - # endif - #endif -Index: openssl-1.0.1f/crypto/modes/modes_lcl.h -=================================================================== ---- openssl-1.0.1f.orig/crypto/modes/modes_lcl.h 2014-02-28 10:47:48.731979011 +0200 -+++ openssl-1.0.1f/crypto/modes/modes_lcl.h 2014-02-28 10:48:49.707978919 +0200 -@@ -29,6 +29,7 @@ - #if defined(__i386) || defined(__i386__) || \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ -+ defined(__aarch64__) || \ - defined(__s390__) || defined(__s390x__) - # undef STRICT_ALIGNMENT - #endif -@@ -50,6 +51,13 @@ - # define BSWAP4(x) ({ u32 ret=(x); \ - asm ("bswapl %0" \ - : "+r"(ret)); ret; }) -+# elif defined(__aarch64__) -+# define BSWAP8(x) ({ u64 ret; \ -+ asm ("rev %0,%1" \ -+ : "=r"(ret) : "r"(x)); ret; }) -+# define BSWAP4(x) ({ u32 ret; \ -+ asm ("rev %w0,%w1" \ -+ : "=r"(ret) : "r"(x)); ret; }) - # elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT) - # define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \ - asm ("rev %0,%0; rev %1,%1" \ -Index: openssl-1.0.1f/crypto/sha/sha512.c -=================================================================== ---- openssl-1.0.1f.orig/crypto/sha/sha512.c 2014-01-06 15:47:42.000000000 +0200 -+++ openssl-1.0.1f/crypto/sha/sha512.c 2014-02-28 10:52:14.579978981 +0200 -@@ -55,6 +55,7 @@ - #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ - defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \ - defined(__s390__) || defined(__s390x__) || \ -+ defined(__aarch64__) || \ - defined(SHA512_ASM) - #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA - #endif -@@ -347,6 +348,18 @@ - asm ("rotrdi %0,%1,%2" \ - : "=r"(ret) \ - : "r"(a),"K"(n)); ret; }) -+# elif defined(__aarch64__) -+# define ROTR(a,n) ({ SHA_LONG64 ret; \ -+ asm ("ror %0,%1,%2" \ -+ : "=r"(ret) \ -+ : "r"(a),"I"(n)); ret; }) -+# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ -+ __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ -+# define PULL64(x) ({ SHA_LONG64 ret; \ -+ asm ("rev %0,%1" \ -+ : "=r"(ret) \ -+ : "r"(*((const SHA_LONG64 *)(&(x))))); ret; }) -+# endif - # endif - # elif defined(_MSC_VER) - # if defined(_WIN64) /* applies to both IA-64 and AMD64 */ diff --git a/recipes-connectivity/openssl/openssl/oe-ldflags.patch b/recipes-connectivity/openssl/openssl/oe-ldflags.patch deleted file mode 100644 index 292e13d..0000000 --- a/recipes-connectivity/openssl/openssl/oe-ldflags.patch +++ /dev/null @@ -1,24 +0,0 @@ -Upstream-Status: Inappropriate [open-embedded] - -Index: openssl-1.0.0/Makefile.shared -=================================================================== ---- openssl-1.0.0.orig/Makefile.shared -+++ openssl-1.0.0/Makefile.shared -@@ -92,7 +92,7 @@ - LINK_APP= \ - ( $(SET_X); \ - LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \ -- LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \ -+ LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$(OE_LDFLAGS) $${LDFLAGS:-$(CFLAGS)}"; \ - LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ - LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ -@@ -102,7 +102,7 @@ - ( $(SET_X); \ - LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \ - SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \ -- SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ -+ SHAREDFLAGS="$(OE_LDFLAGS) $${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ - LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ - LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ diff --git a/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch deleted file mode 100644 index c161e62..0000000 --- a/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch +++ /dev/null @@ -1,21 +0,0 @@ -openssl: avoid NULL pointer dereference in EVP_DigestInit_ex() - -We should avoid accessing the type pointer if it's NULL, -this could happen if ctx->digest is not NULL. - -Upstream-Status: Submitted -http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html - -Signed-off-by: Xufeng Zhang ---- ---- a/crypto/evp/digest.c -+++ b/crypto/evp/digest.c -@@ -199,7 +199,7 @@ - return 0; - } - #endif -- if (ctx->digest != type) -+ if (type && (ctx->digest != type)) - { - if (ctx->digest && ctx->digest->ctx_size) - OPENSSL_free(ctx->md_data); diff --git a/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch b/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch deleted file mode 100644 index 3e93fe4..0000000 --- a/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch +++ /dev/null @@ -1,39 +0,0 @@ -openssl: avoid NULL pointer dereference in dh_pub_encode()/dsa_pub_encode() - -We should avoid accessing the pointer if ASN1_STRING_new() -allocates memory failed. - -Upstream-Status: Submitted -http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html - -Signed-off-by: Xufeng Zhang ---- ---- a/crypto/dh/dh_ameth.c -+++ b/crypto/dh/dh_ameth.c -@@ -139,6 +139,12 @@ - dh=pkey->pkey.dh; - - str = ASN1_STRING_new(); -+ if (!str) -+ { -+ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ - str->length = i2d_DHparams(dh, &str->data); - if (str->length <= 0) - { ---- a/crypto/dsa/dsa_ameth.c -+++ b/crypto/dsa/dsa_ameth.c -@@ -148,6 +148,11 @@ - { - ASN1_STRING *str; - str = ASN1_STRING_new(); -+ if (!str) -+ { -+ DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } - str->length = i2d_DSAparams(dsa, &str->data); - if (str->length <= 0) - { diff --git a/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch b/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch deleted file mode 100644 index de49729..0000000 --- a/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch +++ /dev/null @@ -1,19 +0,0 @@ -openssl: Fix pod2man des.pod error on Ubuntu 12.04 - -This is a formatting fix, '=back' is required before -'=head1' on Ubuntu 12.04. - -Upstream-Status: Pending -Signed-off-by: Baogen Shang -diff -urpN a_origin/des.pod b_modify/des.pod ---- a_origin/crypto/des/des.pod 2013-08-15 15:02:56.211674589 +0800 -+++ b_modify/crypto/des/des.pod 2013-08-15 15:04:14.439674580 +0800 -@@ -181,6 +181,8 @@ the uuencoded file to embed in the begin - output. If there is no name specified after the B<-u>, the name text.des - will be embedded in the header. - -+=back -+ - =head1 SEE ALSO - - ps(1), diff --git a/recipes-connectivity/openssl/openssl/openssl-fix-link.patch b/recipes-connectivity/openssl/openssl/openssl-fix-link.patch deleted file mode 100644 index 154106c..0000000 --- a/recipes-connectivity/openssl/openssl/openssl-fix-link.patch +++ /dev/null @@ -1,35 +0,0 @@ -From aabfb6f78af8e337d3239142117ba303fce55e7e Mon Sep 17 00:00:00 2001 -From: Dmitry Eremin-Solenikov -Date: Thu, 22 Sep 2011 08:55:26 +0200 -Subject: [PATCH] fix the parallel build regarding shared libraries. - -Upstream-Status: Pending ---- - .../openssl-1.0.0e/Makefile.org | 8 ++++---- - 1 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/Makefile.org -index 3c7aea1..6326cd6 100644 ---- a/Makefile.org -+++ b/Makefile.org -@@ -243,13 +243,13 @@ build_libs: build_crypto build_ssl build_engines - - build_crypto: - @dir=crypto; target=all; $(BUILD_ONE_CMD) --build_ssl: -+build_ssl: build_crypto - @dir=ssl; target=all; $(BUILD_ONE_CMD) --build_engines: -+build_engines: build_crypto - @dir=engines; target=all; $(BUILD_ONE_CMD) --build_apps: -+build_apps: build_crypto build_ssl - @dir=apps; target=all; $(BUILD_ONE_CMD) --build_tests: -+build_tests: build_crypto build_ssl - @dir=test; target=all; $(BUILD_ONE_CMD) - build_tools: - @dir=tools; target=all; $(BUILD_ONE_CMD) --- -1.6.6.1 - diff --git a/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch b/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch deleted file mode 100644 index 93ce034..0000000 --- a/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch +++ /dev/null @@ -1,90 +0,0 @@ -Upstream-Status: Pending - -Received from H J Liu @ Intel -Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors. -Signed-Off-By: Nitin A Kamble 2011/07/13 - -ported the patch to the 1.0.0e version -Signed-Off-By: Nitin A Kamble 2011/12/01 -Index: openssl-1.0.1e/Configure -=================================================================== ---- openssl-1.0.1e.orig/Configure -+++ openssl-1.0.1e/Configure -@@ -402,6 +402,7 @@ my %table=( - "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -+"linux-x32", "gcc:-mx32 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", - "linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", - #### So called "highgprs" target for z/Architecture CPUs - # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see -Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c -=================================================================== ---- openssl-1.0.1e.orig/crypto/bn/asm/x86_64-gcc.c -+++ openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c -@@ -55,7 +55,7 @@ - * machine. - */ - --#ifdef _WIN64 -+#if defined _WIN64 || !defined __LP64__ - #define BN_ULONG unsigned long long - #else - #define BN_ULONG unsigned long -@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con - asm ( - " subq %2,%2 \n" - ".p2align 4 \n" -- "1: movq (%4,%2,8),%0 \n" -- " adcq (%5,%2,8),%0 \n" -- " movq %0,(%3,%2,8) \n" -+ "1: movq (%q4,%2,8),%0 \n" -+ " adcq (%q5,%2,8),%0 \n" -+ " movq %0,(%q3,%2,8) \n" - " leaq 1(%2),%2 \n" - " loop 1b \n" - " sbbq %0,%0 \n" -@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con - asm ( - " subq %2,%2 \n" - ".p2align 4 \n" -- "1: movq (%4,%2,8),%0 \n" -- " sbbq (%5,%2,8),%0 \n" -- " movq %0,(%3,%2,8) \n" -+ "1: movq (%q4,%2,8),%0 \n" -+ " sbbq (%q5,%2,8),%0 \n" -+ " movq %0,(%q3,%2,8) \n" - " leaq 1(%2),%2 \n" - " loop 1b \n" - " sbbq %0,%0 \n" -Index: openssl-1.0.1e/crypto/bn/bn.h -=================================================================== ---- openssl-1.0.1e.orig/crypto/bn/bn.h -+++ openssl-1.0.1e/crypto/bn/bn.h -@@ -172,6 +172,13 @@ extern "C" { - # endif - #endif - -+/* Address type. */ -+#ifdef _WIN64 -+#define BN_ADDR unsigned long long -+#else -+#define BN_ADDR unsigned long -+#endif -+ - /* assuming long is 64bit - this is the DEC Alpha - * unsigned long long is only 64 bits :-(, don't define - * BN_LLONG for the DEC Alpha */ -Index: openssl-1.0.1e/crypto/bn/bn_exp.c -=================================================================== ---- openssl-1.0.1e.orig/crypto/bn/bn_exp.c -+++ openssl-1.0.1e/crypto/bn/bn_exp.c -@@ -567,7 +567,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU - - /* Given a pointer value, compute the next address that is a cache line multiple. */ - #define MOD_EXP_CTIME_ALIGN(x_) \ -- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) -+ ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) - - /* This variant of BN_mod_exp_mont() uses fixed windows and the special - * precomputation memory layout to limit data-dependency to a minimum diff --git a/recipes-connectivity/openssl/openssl/shared-libs.patch b/recipes-connectivity/openssl/openssl/shared-libs.patch deleted file mode 100644 index a7ca0a3..0000000 --- a/recipes-connectivity/openssl/openssl/shared-libs.patch +++ /dev/null @@ -1,41 +0,0 @@ -Upstream-Status: Inappropriate [configuration] - -Index: openssl-1.0.1e/crypto/Makefile -=================================================================== ---- openssl-1.0.1e.orig/crypto/Makefile -+++ openssl-1.0.1e/crypto/Makefile -@@ -108,7 +108,7 @@ $(LIB): $(LIBOBJ) - - shared: buildinf.h lib subdirs - if [ -n "$(SHARED_LIBS)" ]; then \ -- (cd ..; $(MAKE) $(SHARED_LIB)); \ -+ (cd ..; $(MAKE) -e $(SHARED_LIB)); \ - fi - - libs: -Index: openssl-1.0.1e/Makefile.org -=================================================================== ---- openssl-1.0.1e.orig/Makefile.org -+++ openssl-1.0.1e/Makefile.org -@@ -310,7 +310,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_ - - libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a - @if [ "$(SHLIB_TARGET)" != "" ]; then \ -- $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \ -+ $(MAKE) -e SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \ - else \ - echo "There's no support for shared libraries on this platform" >&2; \ - exit 1; \ -Index: openssl-1.0.1e/ssl/Makefile -=================================================================== ---- openssl-1.0.1e.orig/ssl/Makefile -+++ openssl-1.0.1e/ssl/Makefile -@@ -62,7 +62,7 @@ lib: $(LIBOBJ) - - shared: lib - if [ -n "$(SHARED_LIBS)" ]; then \ -- (cd ..; $(MAKE) $(SHARED_LIB)); \ -+ (cd ..; $(MAKE) -e $(SHARED_LIB)); \ - fi - - files: diff --git a/recipes-connectivity/openssl/openssl_1.0.1i.bb b/recipes-connectivity/openssl/openssl_1.0.1i.bb deleted file mode 100644 index 9d093ef..0000000 --- a/recipes-connectivity/openssl/openssl_1.0.1i.bb +++ /dev/null @@ -1,53 +0,0 @@ -require openssl.inc - -# For target side versions of openssl enable support for cryptodev Linux driver -# if they are available. -DEPENDS_class-target += "cryptodev-linux" -CFLAG_class-target += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" - -export DIRS = "crypto ssl apps engines" -export OE_LDFLAGS="${LDFLAGS}" - -SRC_URI += "file://configure-targets.patch \ - file://shared-libs.patch \ - file://oe-ldflags.patch \ - file://engines-install-in-libdir-ssl.patch \ - file://openssl-fix-link.patch \ - file://debian/version-script.patch \ - file://debian/pic.patch \ - file://debian/c_rehash-compat.patch \ - file://debian/ca.patch \ - file://debian/make-targets.patch \ - file://debian/no-rpath.patch \ - file://debian/man-dir.patch \ - file://debian/man-section.patch \ - file://debian/no-symbolic.patch \ - file://debian/debian-targets.patch \ - file://openssl_fix_for_x32.patch \ - file://fix-cipher-des-ede3-cfb1.patch \ - file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ - file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \ - file://initial-aarch64-bits.patch \ - file://find.pl \ - file://openssl-fix-des.pod-error.patch \ - " - -SRC_URI[md5sum] = "c8dc151a671b9b92ff3e4c118b174972" -SRC_URI[sha256sum] = "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7" - -PACKAGES =+ " \ - ${PN}-engines-dbg \ - ${PN}-engines \ -" - -FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" -FILES_${PN}-engines-dbg = "${libdir}/engines/.debug ${libdir}/ssl/engines/.debug" - -PARALLEL_MAKE = "" -PARALLEL_MAKEINST = "" - -do_configure_prepend() { - cp ${WORKDIR}/find.pl ${S}/util/find.pl -} diff --git a/recipes-connectivity/openssl/openssl_1.0.1i.bbappend b/recipes-connectivity/openssl/openssl_1.0.1i.bbappend deleted file mode 100644 index 7b381ff..0000000 --- a/recipes-connectivity/openssl/openssl_1.0.1i.bbappend +++ /dev/null @@ -1,40 +0,0 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/openssl-fsl:" - -RDEPENDS_${PN}_class-target += "cryptodev-module" - -SRC_URI_append_class-target = " file://0001-remove-double-initialization-of-cryptodev-engine.patch \ - file://0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch \ - file://0003-cryptodev-fix-algorithm-registration.patch \ - file://0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch \ - file://0005-ECC-Support-header-for-Cryptodev-Engine.patch \ - file://0006-Fixed-private-key-support-for-DH.patch \ - file://0007-Fixed-private-key-support-for-DH.patch \ - file://0008-Initial-support-for-PKC-in-cryptodev-engine.patch \ - file://0009-Added-hwrng-dev-file-as-source-of-RNG.patch \ - file://0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch \ - file://0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch \ - file://0012-RSA-Keygen-Fix.patch \ - file://0013-Removed-local-copy-of-curve_t-type.patch \ - file://0014-Modulus-parameter-is-not-populated-by-dhparams.patch \ - file://0015-SW-Backoff-mechanism-for-dsa-keygen.patch \ - file://0016-Fixed-DH-keygen-pair-generator.patch \ - file://0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch \ - file://0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch \ - file://0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch \ - file://0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch \ - file://0021-cryptodev-drop-redundant-function.patch \ - file://0022-cryptodev-do-not-zero-the-buffer-before-use.patch \ - file://0023-cryptodev-clean-up-code-layout.patch \ - file://0024-cryptodev-do-not-cache-file-descriptor-in-open.patch \ - file://0025-cryptodev-put_dev_crypto-should-be-an-int.patch \ - file://0026-cryptodev-simplify-cryptodev-pkc-support-code.patch \ -" - -# Digest offloading through cryptodev is not recommended because of the -# performance penalty of the Openssl engine interface. Openssl generates a huge -# number of calls to digest functions for even a small amount of work data. -# For example there are 70 calls to cipher code and over 10000 to digest code -# when downloading only 10 files of 700 bytes each. -# Do not build OpenSSL with cryptodev digest support until engine digest -# interface gets some rework: -CFLAG_class-target := "${@'${CFLAG}'.replace('-DUSE_CRYPTODEV_DIGESTS', '')}" -- cgit v1.2.3-54-g00ecf