From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <max.oss.09@gmail.com>
Received: by yocto-www.yoctoproject.org (Postfix, from userid 118)
	id C5BF6E00A30; Sun, 12 Jul 2015 04:12:25 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	yocto-www.yoctoproject.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM,
	RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
X-Spam-HAM-Report: * -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at
	http://www.dnswl.org/, low *      trust
	*      [74.125.82.48 listed in list.dnswl.org]
	* 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
	provider *      (max.oss.09[at]gmail.com)
	* -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
	*      [score: 0.0000]
	* -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's *       domain
	*  0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
	*      valid
	* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
Received: from mail-wg0-f48.google.com (mail-wg0-f48.google.com [74.125.82.48])
	by yocto-www.yoctoproject.org (Postfix) with ESMTP id A0710E009FA
	for <meta-freescale@yoctoproject.org>;
	Sun, 12 Jul 2015 04:12:16 -0700 (PDT)
Received: by wgkl9 with SMTP id l9so7024467wgk.1
	for <meta-freescale@yoctoproject.org>;
	Sun, 12 Jul 2015 04:12:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=message-id:subject:from:to:cc:date:in-reply-to:references
	:content-type:mime-version:content-transfer-encoding;
	bh=CQsW8Lb+ARy/qt5ImdCTXcVl6xaW4ZknTrawEwql/fQ=;
	b=0m1zh2rK1OTF2clarMHp2bcVl/NxXjt8Gv5Jo1QMb3+M1SyprT6I8mF3vxECpJgjAs
	m8doVDcCbbsI1eSYIoRpiRJA/xc6/uFUHIDbbVtDLX78BdV1NZzvuierejtgvwX1iuw0
	oKevFjKLS789cRhHw1eTer1H00BX8A6eaOhHxJpEtAQVQ4RsVENb9FRbx9207vmdyywr
	H05OelfFIgmFmFSWedpKqPr/Qk57OZ5AIo5XExeUdSvkcjFLukl+hqfMfOgADdWWE7tv
	nMueIBBC6CDF1IiGRti0FlrMnEiS12fqNgLj69ymGK9h1gRQZyxYPRjLthp4Yqnf8Kym
	wVmw==
X-Received: by 10.194.8.40 with SMTP id o8mr58169085wja.100.1436699536361;
	Sun, 12 Jul 2015 04:12:16 -0700 (PDT)
Received: from [192.168.0.7] (212-41-90-183.adsl.solnet.ch. [212.41.90.183])
	by smtp.gmail.com with ESMTPSA id
	be9sm22792022wjb.26.2015.07.12.04.12.14
	(version=TLSv1.2 cipher=AES128-GCM-SHA256 bits=128/128);
	Sun, 12 Jul 2015 04:12:15 -0700 (PDT)
Message-ID: <1436699534.2312.29.camel@Saturn.local.all>
From: Max Krummenacher <max.oss.09@gmail.com>
To: Lauren Post <lauren.post@freescale.com>
Date: Sun, 12 Jul 2015 13:12:14 +0200
In-Reply-To: <1436625995-7127-31-git-send-email-lauren.post@freescale.com>
References: <lauren.post@freescale.com>
	<1436625995-7127-1-git-send-email-lauren.post@freescale.com>
	<1436625995-7127-31-git-send-email-lauren.post@freescale.com>
X-Mailer: Evolution 3.10.4 
Mime-Version: 1.0
Cc: meta-freescale@yoctoproject.org
Subject: Re: [meta-fsl-arm][PATCH 30/33] openssl: Add cryptodev 1.6 patch
X-BeenThere: meta-freescale@yoctoproject.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Usage and development list for the meta-fsl-* layers
	<meta-freescale.yoctoproject.org>
List-Unsubscribe: <https://lists.yoctoproject.org/options/meta-freescale>,
	<mailto:meta-freescale-request@yoctoproject.org?subject=unsubscribe>
List-Archive: <http://lists.yoctoproject.org/pipermail/meta-freescale>
List-Post: <mailto:meta-freescale@yoctoproject.org>
List-Help: <mailto:meta-freescale-request@yoctoproject.org?subject=help>
List-Subscribe: <https://lists.yoctoproject.org/listinfo/meta-freescale>,
	<mailto:meta-freescale-request@yoctoproject.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Jul 2015 11:12:25 -0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit

Hi Lauren

Without understanding what the code does, what is meta-fsl-arm specific?
Shouldn't that go to openembedded-core and be applied with the bb file
directly?

Regards
Max


Am Samstag, den 11.07.2015, 09:46 -0500 schrieb Lauren Post:
> Signed-off-by: Lauren Post <lauren.post@freescale.com>
> ---
>  .../openssl/openssl/use_cryptodev_1.6.patch        |  389 ++++++++++++++++++++
>  recipes-connectivity/openssl/openssl_%.bbappend    |    3 +
>  2 files changed, 392 insertions(+)
>  create mode 100644 recipes-connectivity/openssl/openssl/use_cryptodev_1.6.patch
>  create mode 100644 recipes-connectivity/openssl/openssl_%.bbappend
> 
> diff --git a/recipes-connectivity/openssl/openssl/use_cryptodev_1.6.patch b/recipes-connectivity/openssl/openssl/use_cryptodev_1.6.patch
> new file mode 100644
> index 0000000..3bffb12
> --- /dev/null
> +++ b/recipes-connectivity/openssl/openssl/use_cryptodev_1.6.patch
> @@ -0,0 +1,389 @@
> +From: Ulises Cardenas <ulises.cardenas@freescale.com> 
> +
> +Updating OpenSSL Cryptodev engine to version 1.6
> +
> +Upstream-Status: Pending
> +Signed-off-by: Ulises Cardenas <ulises.cardenas@freescale.com> 
> +
> +--- a/crypto/engine/eng_cryptodev.c	2015-03-19 08:30:36.000000000 -0500
> ++++ b/crypto/engine/eng_cryptodev.c	2015-03-27 08:54:52.815387345 -0500
> +@@ -2,6 +2,7 @@
> +  * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
> +  * Copyright (c) 2002 Theo de Raadt
> +  * Copyright (c) 2002 Markus Friedl
> ++ * Copyright (c) 2012 Nikos Mavrogiannopoulos
> +  * All rights reserved.
> +  *
> +  * Redistribution and use in source and binary forms, with or without
> +@@ -72,7 +73,6 @@
> +     struct session_op d_sess;
> +     int d_fd;
> + # ifdef USE_CRYPTODEV_DIGESTS
> +-    char dummy_mac_key[HASH_MAX_LEN];
> +     unsigned char digest_res[HASH_MAX_LEN];
> +     char *mac_data;
> +     int mac_len;
> +@@ -189,8 +189,10 @@
> + static struct {
> +     int id;
> +     int nid;
> +-    int keylen;
> ++    int digestlen;
> + } digests[] = {
> ++#if 0
> ++    /* HMAC is not supported */
> +     {
> +         CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16
> +     },
> +@@ -198,15 +200,15 @@
> +         CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20
> +     },
> +     {
> +-        CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16
> +-        /* ? */
> ++        CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA256, 32 
> +     },
> +     {
> +-        CRYPTO_MD5_KPDK, NID_undef, 0
> ++        CRYPTO_SHA2_384_HMAC, NID_hmacWithSHA384, 48 
> +     },
> +     {
> +-        CRYPTO_SHA1_KPDK, NID_undef, 0
> ++        CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA512, 64 
> +     },
> ++#endif
> +     {
> +         CRYPTO_MD5, NID_md5, 16
> +     },
> +@@ -214,6 +216,15 @@
> +         CRYPTO_SHA1, NID_sha1, 20
> +     },
> +     {
> ++        CRYPTO_SHA2_256, NID_sha256, 32 
> ++    },
> ++    {
> ++        CRYPTO_SHA2_384, NID_sha384, 48 
> ++    },
> ++    {
> ++        CRYPTO_SHA2_256, NID_sha512, 64 
> ++    },
> ++    {
> +         0, NID_undef, 0
> +     },
> + };
> +@@ -288,13 +299,14 @@
> +     static int nids[CRYPTO_ALGORITHM_MAX];
> +     struct session_op sess;
> +     int fd, i, count = 0;
> ++    unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
> + 
> +     if ((fd = get_dev_crypto()) < 0) {
> +         *cnids = NULL;
> +         return (0);
> +     }
> +     memset(&sess, 0, sizeof(sess));
> +-    sess.key = (caddr_t) "123456789abcdefghijklmno";
> ++    sess.key = (void*)fake_key;
> + 
> +     for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
> +         if (ciphers[i].nid == NID_undef)
> +@@ -325,6 +337,7 @@
> + static int get_cryptodev_digests(const int **cnids)
> + {
> +     static int nids[CRYPTO_ALGORITHM_MAX];
> ++    unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
> +     struct session_op sess;
> +     int fd, i, count = 0;
> + 
> +@@ -333,12 +346,12 @@
> +         return (0);
> +     }
> +     memset(&sess, 0, sizeof(sess));
> +-    sess.mackey = (caddr_t) "123456789abcdefghijklmno";
> ++    sess.mackey = fake_key;
> +     for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
> +         if (digests[i].nid == NID_undef)
> +             continue;
> +         sess.mac = digests[i].id;
> +-        sess.mackeylen = digests[i].keylen;
> ++        sess.mackeylen = 8;
> +         sess.cipher = 0;
> +         if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
> +             ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
> +@@ -424,14 +437,14 @@
> +     cryp.ses = sess->ses;
> +     cryp.flags = 0;
> +     cryp.len = inl;
> +-    cryp.src = (caddr_t) in;
> +-    cryp.dst = (caddr_t) out;
> ++    cryp.src = (void*) in;
> ++    cryp.dst = (void*) out;
> +     cryp.mac = 0;
> + 
> +     cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
> + 
> +     if (ctx->cipher->iv_len) {
> +-        cryp.iv = (caddr_t) ctx->iv;
> ++        cryp.iv = (void*) ctx->iv;
> +         if (!ctx->encrypt) {
> +             iiv = in + inl - ctx->cipher->iv_len;
> +             memcpy(save_iv, iiv, ctx->cipher->iv_len);
> +@@ -483,7 +496,7 @@
> +     if ((state->d_fd = get_dev_crypto()) < 0)
> +         return (0);
> + 
> +-    sess->key = (caddr_t) key;
> ++    sess->key = (void*) key;
> +     sess->keylen = ctx->key_len;
> +     sess->cipher = cipher;
> + 
> +@@ -749,16 +762,6 @@
> +     return (0);
> + }
> + 
> +-static int digest_key_length(int nid)
> +-{
> +-    int i;
> +-
> +-    for (i = 0; digests[i].id; i++)
> +-        if (digests[i].nid == nid)
> +-            return digests[i].keylen;
> +-    return (0);
> +-}
> +-
> + static int cryptodev_digest_init(EVP_MD_CTX *ctx)
> + {
> +     struct dev_crypto_state *state = ctx->md_data;
> +@@ -777,8 +780,8 @@
> +         return (0);
> +     }
> + 
> +-    sess->mackey = state->dummy_mac_key;
> +-    sess->mackeylen = digest_key_length(ctx->digest->type);
> ++    sess->mackey = NULL;
> ++    sess->mackeylen = 0;
> +     sess->mac = digest;
> + 
> +     if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
> +@@ -804,7 +807,7 @@
> +     }
> + 
> +     if (!count) {
> +-        return (0);
> ++        return (1);
> +     }
> + 
> +     if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
> +@@ -828,9 +831,9 @@
> +     cryp.ses = sess->ses;
> +     cryp.flags = 0;
> +     cryp.len = count;
> +-    cryp.src = (caddr_t) data;
> ++    cryp.src = (void*) data;
> +     cryp.dst = NULL;
> +-    cryp.mac = (caddr_t) state->digest_res;
> ++    cryp.mac = (void*) state->digest_res;
> +     if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
> +         printf("cryptodev_digest_update: digest failed\n");
> +         return (0);
> +@@ -859,7 +862,7 @@
> +         cryp.len = state->mac_len;
> +         cryp.src = state->mac_data;
> +         cryp.dst = NULL;
> +-        cryp.mac = (caddr_t) md;
> ++        cryp.mac = (void*) md;
> +         if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
> +             printf("cryptodev_digest_final: digest failed\n");
> +             return (0);
> +@@ -921,8 +924,8 @@
> + 
> +     digest = digest_nid_to_cryptodev(to->digest->type);
> + 
> +-    sess->mackey = dstate->dummy_mac_key;
> +-    sess->mackeylen = digest_key_length(to->digest->type);
> ++    sess->mackey = NULL;
> ++    sess->mackeylen = 0;
> +     sess->mac = digest;
> + 
> +     dstate->d_fd = get_dev_crypto();
> +@@ -947,32 +950,115 @@
> + 
> + const EVP_MD cryptodev_sha1 = {
> +     NID_sha1,
> +-    NID_undef,
> ++    NID_sha1WithRSAEncryption,
> +     SHA_DIGEST_LENGTH,
> ++#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
> ++    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
> ++    EVP_MD_FLAG_DIGALGID_ABSENT|
> ++#endif
> +     EVP_MD_FLAG_ONESHOT,
> +     cryptodev_digest_init,
> +     cryptodev_digest_update,
> +     cryptodev_digest_final,
> +     cryptodev_digest_copy,
> +     cryptodev_digest_cleanup,
> +-    EVP_PKEY_NULL_method,
> ++    EVP_PKEY_RSA_method,
> +     SHA_CBLOCK,
> +-    sizeof(struct dev_crypto_state),
> ++    sizeof(EVP_MD *)+sizeof(struct dev_crypto_state)
> ++};
> ++
> ++static const EVP_MD cryptodev_sha256 = {
> ++       NID_sha256,
> ++       NID_sha256WithRSAEncryption,
> ++       SHA256_DIGEST_LENGTH, 
> ++#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
> ++       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
> ++       EVP_MD_FLAG_DIGALGID_ABSENT|
> ++#endif
> ++       EVP_MD_FLAG_ONESHOT,
> ++       cryptodev_digest_init,
> ++       cryptodev_digest_update,
> ++       cryptodev_digest_final,
> ++       cryptodev_digest_copy,
> ++       cryptodev_digest_cleanup,
> ++       EVP_PKEY_RSA_method,
> ++       SHA256_CBLOCK,
> ++       sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
> ++};
> ++static const EVP_MD cryptodev_sha224 = {
> ++       NID_sha224,
> ++       NID_sha224WithRSAEncryption, 
> ++       SHA224_DIGEST_LENGTH, 
> ++#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
> ++       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
> ++       EVP_MD_FLAG_DIGALGID_ABSENT|
> ++#endif
> ++       EVP_MD_FLAG_ONESHOT,
> ++       cryptodev_digest_init,
> ++       cryptodev_digest_update,
> ++       cryptodev_digest_final,
> ++       cryptodev_digest_copy,
> ++       cryptodev_digest_cleanup,
> ++       EVP_PKEY_RSA_method,
> ++       SHA256_CBLOCK,
> ++       sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
> ++};
> ++
> ++static const EVP_MD cryptodev_sha384 = {
> ++       NID_sha384,
> ++       NID_sha384WithRSAEncryption, 
> ++       SHA384_DIGEST_LENGTH, 
> ++#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
> ++       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
> ++       EVP_MD_FLAG_DIGALGID_ABSENT|
> ++#endif
> ++       EVP_MD_FLAG_ONESHOT,
> ++       cryptodev_digest_init,
> ++       cryptodev_digest_update,
> ++       cryptodev_digest_final,
> ++       cryptodev_digest_copy,
> ++       cryptodev_digest_cleanup,
> ++       EVP_PKEY_RSA_method,
> ++       SHA512_CBLOCK,
> ++       sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
> + };
> + 
> ++static const EVP_MD cryptodev_sha512 = {
> ++       NID_sha512,
> ++       NID_sha512WithRSAEncryption, 
> ++       SHA512_DIGEST_LENGTH, 
> ++#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
> ++       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
> ++       EVP_MD_FLAG_DIGALGID_ABSENT|
> ++#endif
> ++       EVP_MD_FLAG_ONESHOT,
> ++       cryptodev_digest_init,
> ++       cryptodev_digest_update,
> ++       cryptodev_digest_final,
> ++       cryptodev_digest_copy,
> ++       cryptodev_digest_cleanup,
> ++       EVP_PKEY_RSA_method,
> ++       SHA512_CBLOCK,
> ++       sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
> ++ };
> ++
> + const EVP_MD cryptodev_md5 = {
> +     NID_md5,
> +-    NID_undef,
> ++    NID_md5WithRSAEncryption,
> +     16 /* MD5_DIGEST_LENGTH */ ,
> ++#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
> ++    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
> ++    EVP_MD_FLAG_DIGALGID_ABSENT|
> ++#endif
> +     EVP_MD_FLAG_ONESHOT,
> +     cryptodev_digest_init,
> +     cryptodev_digest_update,
> +     cryptodev_digest_final,
> +     cryptodev_digest_copy,
> +     cryptodev_digest_cleanup,
> +-    EVP_PKEY_NULL_method,
> ++    EVP_PKEY_RSA_method,
> +     64 /* MD5_CBLOCK */ ,
> +-    sizeof(struct dev_crypto_state),
> ++    sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
> + };
> + 
> + # endif                         /* USE_CRYPTODEV_DIGESTS */
> +@@ -992,6 +1078,18 @@
> +     case NID_sha1:
> +         *digest = &cryptodev_sha1;
> +         break;
> ++    case NID_sha224:
> ++        *digest = &cryptodev_sha224;
> ++        break;
> ++    case NID_sha256:
> ++        *digest = &cryptodev_sha256;
> ++        break;
> ++    case NID_sha384:
> ++        *digest = &cryptodev_sha384;
> ++        break;
> ++    case NID_sha512:
> ++        *digest = &cryptodev_sha512;
> ++        break;
> +     default:
> + # endif                         /* USE_CRYPTODEV_DIGESTS */
> +         *digest = NULL;
> +@@ -1022,7 +1120,7 @@
> +         return (1);
> +     memset(b, 0, bytes);
> + 
> +-    crp->crp_p = (caddr_t) b;
> ++    crp->crp_p = (void*) b;
> +     crp->crp_nbits = bits;
> + 
> +     for (i = 0, j = 0; i < a->top; i++) {
> +@@ -1277,7 +1375,7 @@
> +     kop.crk_op = CRK_DSA_SIGN;
> + 
> +     /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
> +-    kop.crk_param[0].crp_p = (caddr_t) dgst;
> ++    kop.crk_param[0].crp_p = (void*) dgst;
> +     kop.crk_param[0].crp_nbits = dlen * 8;
> +     if (bn2crparam(dsa->p, &kop.crk_param[1]))
> +         goto err;
> +@@ -1317,7 +1415,7 @@
> +     kop.crk_op = CRK_DSA_VERIFY;
> + 
> +     /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
> +-    kop.crk_param[0].crp_p = (caddr_t) dgst;
> ++    kop.crk_param[0].crp_p = (void*) dgst;
> +     kop.crk_param[0].crp_nbits = dlen * 8;
> +     if (bn2crparam(dsa->p, &kop.crk_param[1]))
> +         goto err;
> +@@ -1398,9 +1496,10 @@
> +         goto err;
> +     kop.crk_iparams = 3;
> + 
> +-    kop.crk_param[3].crp_p = (caddr_t) key;
> +-    kop.crk_param[3].crp_nbits = keylen * 8;
> ++    kop.crk_param[3].crp_p = (void*) key;
> ++    kop.crk_param[3].crp_nbits = keylen;
> +     kop.crk_oparams = 1;
> ++    dhret = keylen/8;
> + 
> +     if (ioctl(fd, CIOCKEY, &kop) == -1) {
> +         const DH_METHOD *meth = DH_OpenSSL();
> diff --git a/recipes-connectivity/openssl/openssl_%.bbappend b/recipes-connectivity/openssl/openssl_%.bbappend
> new file mode 100644
> index 0000000..1b7bd2f
> --- /dev/null
> +++ b/recipes-connectivity/openssl/openssl_%.bbappend
> @@ -0,0 +1,3 @@
> +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
> +
> +SRC_URI += "file://use_cryptodev_1.6.patch "
> -- 
> 1.7.9.5
>