From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by yocto-www.yoctoproject.org (Postfix, from userid 118) id 48E61E00D24; Tue, 14 Nov 2017 21:26:28 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on yocto-www.yoctoproject.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS autolearn=ham version=3.3.1 X-Spam-HAM-Report: * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no * trust * [104.47.38.137 listed in list.dnswl.org] * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0137.outbound.protection.outlook.com [104.47.38.137]) by yocto-www.yoctoproject.org (Postfix) with ESMTP id 870F4E00C11 for ; Tue, 14 Nov 2017 21:26:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freescale.onmicrosoft.com; s=selector1-freescale-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=i2GW2OhJWqs/d0kxPqiJnqZx2AXoe0dTJBWiAJ+Wx0w=; b=CGygRdFSd47eCJSTlTUUTvGgshdt0X86+hooNVyLWaFDGmqnn5OQFhyc97QXsqEMwlIUlEFbqhwv128hsFNilK3sKMd1+0B1HwvgcpfWRPcrruc8fY8MggbHVaSOHSk1sfnQmTr9d9IOR2lNo0cMxww1SZEa5k1OTI5H+nju4sA= Received: from BN6PR03CA0088.namprd03.prod.outlook.com (10.164.122.154) by BN6PR03MB2977.namprd03.prod.outlook.com (10.175.126.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.218.12; Wed, 15 Nov 2017 05:26:22 +0000 Received: from BN1BFFO11FD014.protection.gbl (2a01:111:f400:7c10::1:121) by BN6PR03CA0088.outlook.office365.com (2603:10b6:405:6f::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.239.5 via Frontend Transport; Wed, 15 Nov 2017 05:26:22 +0000 Authentication-Results: spf=neutral (sender IP is 192.88.168.50) smtp.mailfrom=freescale.com; nxp.com; dkim=none (message not signed) header.d=none; nxp.com; dmarc=none action=none header.from=freescale.com; Received-SPF: Neutral (protection.outlook.com: 192.88.168.50 is neither permitted nor denied by domain of freescale.com) Received: from tx30smr01.am.freescale.net (192.88.168.50) by BN1BFFO11FD014.mail.protection.outlook.com (10.58.144.77) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.20.197.9 via Frontend Transport; Wed, 15 Nov 2017 05:26:22 +0000 Received: from sun.ap.freescale.net (sun.ap.freescale.net [10.192.208.75]) by tx30smr01.am.freescale.net (8.14.3/8.14.0) with ESMTP id vAF5QIG9014795; Tue, 14 Nov 2017 22:26:19 -0700 From: Chunrong Guo To: Date: Wed, 15 Nov 2017 13:26:09 +0800 Message-ID: <1510723572-27606-1-git-send-email-B40290@freescale.com> X-Mailer: git-send-email 1.9.0 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:192.88.168.50; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(7966004)(39860400002)(376002)(346002)(2980300002)(189002)(199003)(508600001)(36756003)(8656006)(2351001)(50226002)(8936002)(189998001)(6916009)(4326008)(7110500001)(5660300001)(48376002)(42882006)(50466002)(106466001)(105606002)(2906002)(305945005)(10710500007)(54906003)(16586007)(316002)(8676002)(5003940100001)(356003)(68736007)(47776003)(50986999)(53376002)(2420400007)(104016004)(77096006)(97736004)(53366004)(6306002)(53946003)(53936002)(575784001)(81166006)(6666003)(81156014)(15650500001)(10090945008); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR03MB2977; H:tx30smr01.am.freescale.net; FPR:; SPF:Neutral; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; BN1BFFO11FD014; 1:Po9Mpt3arauMlLI2BUi+bVeAhN8grEdMXPZuqRlqxh//dbBNXB/fZdnR5s9yLiKBcSz7ZEjpQCP32cdQnQzpRwtSInw0QQ8HqdA0t8XR5H2Vlx7NnzPsx5gP+PGDzMto MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: aab628ed-4cc0-4f07-f640-08d52be9686d X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603199); SRVR:BN6PR03MB2977; X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2977; 3:005wQquuoNYQgwf9Y1ykEFmUIkaJtD8elSdCo+XWJ5btbMuJvn/+cKa/HY3Imc8deEdzpWY2NkVY8Vjm7+vkOLNJZhL0tHDvCFAT0O7/uBFdZpBWSJII+KzGGEA9JeEx54BVhn/u+fC53UynIuLJg4HAhUH93yU3xjSPTrcy+yMium3tK9AE1NLLyV91xrKqcl4LWgZoxU7AyQBC6Wj07YWF+qrIeSImrOd/2VfUNMtyEnBeOqz8uZwDtGBvQPtI9fJ+xmS19QSNzcKR65+gsYZXA5cGQSim0e0OjAYdPuZ9LAWUo03603M4oHiE1vgmhauLwEKjosOgECA4byXpj06VR2U9wa1EY//IAtxCynk=; 25:yO34L+f+iPX8iSlP1Yb0Kf9ykoM0hi9w+czrnCL60g/cJZOoA5OjD9AfC4i/mVMZKTe2lZmC/12+E4vnzVjgdW+j9cFYdJmVQ2Kujvsb8mQk//TsPadB/ARZ0tGAU/qBWNFgn4aKD/8p1EFg+gQUpd93gds8UbV/D94eBTxAzVVNuAHi/VCRkbwBvrDJsbYJPfFDoOrZbTSAN6werta6P9oAFD0qHJ1J69F5e4cLPfIOIIbwUu4u6h9YiLYDwViN0hCqDFjQrw510MxOCv51auA6xZ0W9uju9Zn5Gs42lLxJq7wKD+TldpvYTioFFHBjZ2OPHi02KU+UZt8RNm+gAg== X-MS-TrafficTypeDiagnostic: BN6PR03MB2977: X-LD-Processed: 710a03f5-10f6-4d38-9ff4-a80b81da590d,ExtAddr X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2977; 31:Gjrp1syPHi6b3wxZ5RdnMBMaL6i1TYzpkP2Mpqwc2D01zD5fGU5ofCXcHUNY6Rd2uHFzf0RRqN9U0oDi++jdgf5FlNUfRRbnZ8sVlQ42lmY/ImkQwqsDvTXvfcCB+qkxzN054EHJrz2quqy22lMRr15maGQjSIic45yEEXYlaU+mRiZl7qy4tbSJTf9oUtEqufFBPjUo380mBpDYniQH33KTf7xsip7JaOQgRn6+Fwo=; 20:D9x4nNfm64b573WmJYrIt2aSLKNPbUNoNojvvSUNNVoiB01Hsg4x2TaS4CM8ZuGt15SXlYOsryS9N7zHnQq5A+HZftUYdLJHwzyx2lfNqFf8ZPo4eqBy2Ew6QS8mDgOAsxBFXUwJcbvxHZASXmih+25u2A5lWXE3vx2HqNYEHQ8CIqXtWAorErh0VGXWiBmlocoO08x+ZURaFexr4U+SGJ3KdTaxTNF4PlOpzzJ/AQtZ5sNda03YW7fk4qF7iRHC59gzolvf6OQ9Qo6m5F2OQYnom0vGG3YW9qmVAK/3oZcD3IMoNQgSJzYOB0ZJ9LN1X7YRhHaerTJpXfyecO6gtcoIbOvaYiZoMuvd5HRDZPIb6ZMlgM+hPvw/lLWce8rlIk1hmqffNRbvt9w7lXU8h7ig7k7sw79F37+6Z2wz8QmZyk6SDkVB8gsWQFm0IViCYkszjzSK2WBENcYh105ZkWzxT4N2P3nJNI2Lo4pbfpNxFTfZuLO0yXlDR/39vpPqW2cD022xfzZo7jv5Ajy+nqlO7G8LjzcfE89JfBLQETHeh/neJDzZOiI2ttE6wemkBIuCzjFL5RnMttGNSf9B6raoIqSUeM0IXTIpl6S1lUk= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(166708455590820)(185117386973197)(788757137089); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(3231022)(93006095)(10201501046)(3002001)(100000703101)(100105400095)(6055026)(6041248)(20161123555025)(20161123558100)(20161123564025)(20161123560025)(20161123562025)(201703131423075)(201703011903075)(201702281528075)(201703061421075)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BN6PR03MB2977; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BN6PR03MB2977; X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2977; 4:Ca5MLHXVfUkPbbkpe9FjL1vn+kBY4oyTo0KxfgAb2lBhMyZfVIvnLho4dD942zw7/1DQ9x1ZfRfRB0ygMQVwiwVIhBTXEIcaCQ0PW6fnuXvfQLUURJKrecNWQNSkddHS3SbzoEWW1u0enE7/erQaAjsws/Rlpc/a0o7x2x4DLL1o8YYb6nWykD/3uDDS/qdOKbvw4X9dUvkL9kc1oRsND4WYApjk/R7asdOwJx/EjHox8AvsUGCWmWZLUOCxZx8k27BEMfR8TPA/qr7lkOa+Z+PzzJIBQPY8mXrO43cQADN5GE7vybBh7xdfPZWEjJ3fKllcF0Z/p2iwxJPqexjMJ+uvioxlXvSQczH2PPtXGc7A/gfPQaVDFEPF+YY8ULQs X-Forefront-PRVS: 0492FD61DD X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BN6PR03MB2977; 23:pcSg6agT5AkUoCa5juBCayctmyO8oc6kkuwHbKboz?= =?us-ascii?Q?gzudT1lmPa49Bdt+nuc2OujIL6YZmJy+KSnfyMVEJxNFx008wReP1F3n/fma?= =?us-ascii?Q?SBF7fGmoE5I78YSvWbm5X1vfSoyI3rNX8jIHJqXWEVz0Enc0gVaQKSllRyKd?= =?us-ascii?Q?Ra8oAL8dqPnc2zFjmEgBImlwQmuVWIuj/CkJdcNCoI0zjr4li0k6+801eS1y?= =?us-ascii?Q?gl1s1fkzlkqQ/r6KTlve5ZdZlM5u4OJSwef0MFbJAo7YhWMrAe3t7MNMm7BX?= =?us-ascii?Q?fxy4TD6JNhCBmpg9uQcv4NI5JDGpQSdqcoRMqoemoA4K45kkXP+1R1pfZ3iC?= =?us-ascii?Q?qj34RydQM5x8tRVptCzg4PwM9i5egWRugI/qHTnVcwb+AH6FH90ZfqNN671c?= =?us-ascii?Q?gQbmIFkphn6JivSml2e9RdR2GwyQwaNKjQzfY0+4y744Nnag8KzbYUD4C3S5?= =?us-ascii?Q?wJs+hVpcpM0eztGRz+MCYdYOmAQcTqZbfTjClIhNu7lbzXJgddI+OHB+BocY?= =?us-ascii?Q?gMZ/dLp+9vSflE/JprLvpmq8UuKkKqDCBE7FMgDnPOHiH8JfSTG+J/lW0SkB?= =?us-ascii?Q?tJBQDXi90jecCbLQINiZT4uMsRHsVH/ir6sqY2vsFQDRu9ZwIozHhvRaeakc?= =?us-ascii?Q?10o48wWzSeTluZESOnJ51YlsybjH2/2fFsVtMvlFTpIyTvbFWg3bs2NLkmu2?= =?us-ascii?Q?G/35b+BWlSv9kGMB5x/OFn9mQP9rwxi6rWjJiVfBKb6iKl3capMpkD09PdGH?= =?us-ascii?Q?e9qhro50YBZX4D/XUtziFUgrMvDRzl9tNKeT08QVOlAuBp4WnMK10O9cB9If?= =?us-ascii?Q?UaG/hLwDRMKYIvX0FbtkIfPmjqbflDfktbbeNCdlXQW0j+wTYHLZWgphBJst?= =?us-ascii?Q?BLopUCUnZFFxhtAR/Yst0HdPMFfaGssylZH6+jtiPbqmx3UFFdYVA2LLllMS?= =?us-ascii?Q?ujTbCz+TTuT/g7f83SSo3nBY5wwSpSH6I7dnH7K7qG9EEaAwwVP+1CZiZHUC?= =?us-ascii?Q?g6OtBpvEO1gJqax7gu9OjutkPS53GLz2KqXfD3Dky32Z1ilZK9tT7YykBHLO?= =?us-ascii?Q?VFv+f6bK8nPHKqLQ0TOFOJDoWy4sM79o3b2dlVPCT28RQ6F9N+9Y2wOgPy5E?= =?us-ascii?Q?62rgr1jrUcFxmSelxgcbmpWkuY7kuWUuBsVIV7ZoR6miCpGA4MPWuRvDM6w6?= =?us-ascii?Q?MkHHeuS4BKw146/u6EL3eQSKbCN87/DysIG6Kr3n11x3TWbxxWB0hRrng=3D?= =?us-ascii?Q?=3D?= X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2977; 6:F+k/TARic/+ENA8oU45tKa5JuIZ+9l/YMl5Lprchc/zptTaW3tsNfUB1BMmob2Htv/0MTdAg3dTe5vykCGcTFBeEea/XLV06n/gREK1FYHKiPQ3dVaUCbpLpT5/PwfRqZvzTsMTmkz/q3LvB4LmT2JR1gL+66ViB5baqglq8YGxhQrdWBjFsUJDWrqomx0pRaGJDrnBCEZFZ7mf71VAST+XNjQ+ny22QJ2TfxP3fqJzq0MiAqhM6K1KBRNBn7Jj6H3+PeE86VdhW2y/fuOwKNI9lA4oEAE+kSBkYP6d3R2pFuZclaAP/fn6SvbH5lvHTDKkJ+RN9zlWGoJnsJIwBbrDh4YOnZKXIeIhFkUOV/xY=; 5:V7ecj/R8H8NInti2/szfLVABdkQKsw2FDDh7LxpglRGzUxTbjoIkv79llwJZNHXf/cMXfWE6XzHR5VHO8zESjSzSrTEXabTXRaOP49X6uYFyvQqH1z6Rs9NGPFqCfTlDT6CIB+D7YsFxpNQyjciSscGE8VISdGCiHyO7E7z25i4=; 24:JFH8f1jD7jap96R3SMIC91DId30WVXVxDsR/Fu+ehvq0IDMESHDJt032vPhXmvKIv9XwtU7wBRLnCH54Qnd4M471RLt10VhzVdmkFcThsjc=; 7:LDLq9wstpPgpIpbRiwucfaJdpic8iGm8VXqXlzFa/4Yyo9fpgH8oK+VAFhpw+SxS65Wi7XIf3QYHRxj8Rm7eVqbVfPD8bLp9Zf3dlPjWML7Ehg0MbdGy+aNJg66aIuexB0u1KAViqybuqpT39x4FnvnjNlUx7L9T+ImhJkYtKjfU3BE88jA1YLHZA3mxHeg0ksDIjoATpOrbl/PcWL9CAkDArlvMxGBg4SRjSAR1dx6xgixNCAYQOINc85Pm2Jil SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: freescale.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Nov 2017 05:26:22.0332 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: aab628ed-4cc0-4f07-f640-08d52be9686d X-MS-Exchange-CrossTenant-Id: 710a03f5-10f6-4d38-9ff4-a80b81da590d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=710a03f5-10f6-4d38-9ff4-a80b81da590d; Ip=[192.88.168.50]; Helo=[tx30smr01.am.freescale.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR03MB2977 Cc: chunrong.guo@nxp.com Subject: [PATCH 1/4] cryptodev: update recipes X-BeenThere: meta-freescale@yoctoproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: Usage and development list for the meta-fsl-* layers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2017 05:26:28 -0000 Content-Type: text/plain From: Chunrong Guo *Update URL to fetch qoriq-open-source github *Update to f365c69d785 This includes the following changes: f365c69 - add support for composite TLS10(SHA1,AES) algorithm offload ec25290 - check session flags early to avoid incorrect failure modes 6213ae5 - add support for RSA public and private key operations 3245b0f - move structure definition to cryptodev_int.h 00a6861 - remove unnecessary header inclusion 1d7c848 - fix type of returned value a705360 - convert to new AEAD interface in kernels v4.2+ c2bf0e4 - refactoring: relocate code to simplify later patches 20dcf07 - refactoring: split big function to simplify maintainance 87d959d - Release version 1.9 6818263 - Fix ablkcipher algorithms usage in v4.8+ kernels 26e167f - zc: Use the power of #elif 2b29be8 - adjust to API changes in kernel >=4.10 2dbbb23 - do more strict code checking to avoid maintenance issues 88223e4 - avoid implicit conversion between signed and unsigned char 8db6905 - use buf_align macro to reduce code duplication b6d0e0f - rename header file to clarify purpose 1fd6062 - fix warnings of "implicit declaration of function" in async_speed ff3c8ab - remove not used local variables 25a1276 - fix incorrect return code in case of error from openssl_cioccrypt e7ef4ea - Merge pull request #17 from michaelweiser/gup_flags 99c6d21 - fix ignored SIGALRM signals on some platforms 71975fa - setting KERNEL_DIR is not necessary to build tests a96ff97 - fix issues with install target *Cryptodev-linux git includes all sdk patches so remove sdk patches folder Signed-off-by: Chunrong Guo --- recipes-kernel/cryptodev/cryptodev-qoriq_1.9.inc | 22 +- ...-split-big-function-to-simplify-maintaina.patch | 244 ------------ ...g-relocate-code-to-simplify-later-patches.patch | 58 --- ...ert-to-new-AEAD-interface-in-kernels-v4.2.patch | 96 ----- .../0004-fix-type-of-returned-value.patch | 29 -- .../0005-remove-unnecessary-header-inclusion.patch | 26 -- ...e-structure-definition-to-cryptodev_int.h.patch | 51 --- ...-for-RSA-public-and-private-key-operation.patch | 440 --------------------- ...on-flags-early-to-avoid-incorrect-failure.patch | 54 --- ...-for-composite-TLS10-SHA1-AES-algorithm-o.patch | 50 --- 10 files changed, 3 insertions(+), 1067 deletions(-) delete mode 100644 recipes-kernel/cryptodev/sdk_patches/0001-refactoring-split-big-function-to-simplify-maintaina.patch delete mode 100644 recipes-kernel/cryptodev/sdk_patches/0002-refactoring-relocate-code-to-simplify-later-patches.patch delete mode 100644 recipes-kernel/cryptodev/sdk_patches/0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch delete mode 100644 recipes-kernel/cryptodev/sdk_patches/0004-fix-type-of-returned-value.patch delete mode 100644 recipes-kernel/cryptodev/sdk_patches/0005-remove-unnecessary-header-inclusion.patch delete mode 100644 recipes-kernel/cryptodev/sdk_patches/0006-move-structure-definition-to-cryptodev_int.h.patch delete mode 100644 recipes-kernel/cryptodev/sdk_patches/0007-add-support-for-RSA-public-and-private-key-operation.patch delete mode 100644 recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch delete mode 100644 recipes-kernel/cryptodev/sdk_patches/0009-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch diff --git a/recipes-kernel/cryptodev/cryptodev-qoriq_1.9.inc b/recipes-kernel/cryptodev/cryptodev-qoriq_1.9.inc index 24cc87c..3e6fcf7 100644 --- a/recipes-kernel/cryptodev/cryptodev-qoriq_1.9.inc +++ b/recipes-kernel/cryptodev/cryptodev-qoriq_1.9.inc @@ -12,31 +12,15 @@ python() { d.appendVar("RREPLACES_%s" % p, p.replace('cryptodev-qoriq', 'cryptodev')) } -FILESEXTRAPATHS_prepend := "${THISDIR}/sdk_patches:" FILESEXTRAPATHS_prepend := "${THISDIR}/yocto_patches:" -SRC_URI = "http://nwl.cc/pub/cryptodev-linux/cryptodev-linux-${PV}.tar.gz" - -SRC_URI[md5sum] = "cb4e0ed9e5937716c7c8a7be84895b6d" -SRC_URI[sha256sum] = "9f4c0b49b30e267d776f79455d09c70cc9c12c86eee400a0d0a0cd1d8e467950" - -# SDK patches -SRC_URI_append = " file://0001-refactoring-split-big-function-to-simplify-maintaina.patch \ - file://0002-refactoring-relocate-code-to-simplify-later-patches.patch \ - file://0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch \ - file://0004-fix-type-of-returned-value.patch \ - file://0005-remove-unnecessary-header-inclusion.patch \ - file://0006-move-structure-definition-to-cryptodev_int.h.patch \ - file://0007-add-support-for-RSA-public-and-private-key-operation.patch \ - file://0008-check-session-flags-early-to-avoid-incorrect-failure.patch \ - file://0009-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch \ -" -#SRC_URI_append = " file://0003-update-the-install-path-for-cryptodev-tests.patch" +SRC_URI = "git://github.com/qoriq-open-source/cryptodev-linux.git;nobranch=1" +SRCREV = "f365c69d7852d6579952825c9f90a27129f92d22" # NOTE: remove this patch and all traces of DISTRO_FEATURE c29x_pkc # if pkc-host does not need customized cryptodev patches anymore #SRC_URI_append = "${@bb.utils.contains('DISTRO_FEATURES', 'c29x_pkc', ' file://0001-don-t-advertise-RSA-keygen.patch', '', d)}" -S = "${WORKDIR}/cryptodev-linux-${PV}" +S = "${WORKDIR}/git" CLEANBROKEN = "1" diff --git a/recipes-kernel/cryptodev/sdk_patches/0001-refactoring-split-big-function-to-simplify-maintaina.patch b/recipes-kernel/cryptodev/sdk_patches/0001-refactoring-split-big-function-to-simplify-maintaina.patch deleted file mode 100644 index 57ac8e1..0000000 --- a/recipes-kernel/cryptodev/sdk_patches/0001-refactoring-split-big-function-to-simplify-maintaina.patch +++ /dev/null @@ -1,244 +0,0 @@ -From 20dcf071bc3076ee7db9d603cfbe6a06e86c7d5f Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Thu, 4 May 2017 15:06:20 +0300 -Subject: [PATCH 1/9] refactoring: split big function to simplify maintainance - -The setup of auth_buf in tls and aead is now duplicated but this -is temporary and allows necessary corrections for the aead case -with v4.2+ kernels. - -Signed-off-by: Cristian Stoica ---- - authenc.c | 197 ++++++++++++++++++++++++++++++++++++++++---------------------- - 1 file changed, 126 insertions(+), 71 deletions(-) - -diff --git a/authenc.c b/authenc.c -index 1bd7377..28eb0f9 100644 ---- a/authenc.c -+++ b/authenc.c -@@ -609,96 +609,151 @@ auth_n_crypt(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop, - return 0; - } - --/* This is the main crypto function - zero-copy edition */ --static int --__crypto_auth_run_zc(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop) -+static int crypto_auth_zc_srtp(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop) - { -- struct scatterlist *dst_sg, *auth_sg, *src_sg; -+ struct scatterlist *dst_sg, *auth_sg; - struct crypt_auth_op *caop = &kcaop->caop; -- int ret = 0; -+ int ret; - -- if (caop->flags & COP_FLAG_AEAD_SRTP_TYPE) { -- if (unlikely(ses_ptr->cdata.init != 0 && -- (ses_ptr->cdata.stream == 0 || -- ses_ptr->cdata.aead != 0))) { -- derr(0, "Only stream modes are allowed in SRTP mode (but not AEAD)"); -- return -EINVAL; -- } -+ if (unlikely(ses_ptr->cdata.init != 0 && -+ (ses_ptr->cdata.stream == 0 || ses_ptr->cdata.aead != 0))) { -+ derr(0, "Only stream modes are allowed in SRTP mode (but not AEAD)"); -+ return -EINVAL; -+ } - -- ret = get_userbuf_srtp(ses_ptr, kcaop, &auth_sg, &dst_sg); -- if (unlikely(ret)) { -- derr(1, "get_userbuf_srtp(): Error getting user pages."); -- return ret; -- } -+ ret = get_userbuf_srtp(ses_ptr, kcaop, &auth_sg, &dst_sg); -+ if (unlikely(ret)) { -+ derr(1, "get_userbuf_srtp(): Error getting user pages."); -+ return ret; -+ } - -- ret = srtp_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len, -- dst_sg, caop->len); -+ ret = srtp_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len, -+ dst_sg, caop->len); - -- release_user_pages(ses_ptr); -- } else { /* TLS and normal cases. Here auth data are usually small -- * so we just copy them to a free page, instead of trying -- * to map them. -- */ -- unsigned char *auth_buf = NULL; -- struct scatterlist tmp; -+ release_user_pages(ses_ptr); - -- if (unlikely(caop->auth_len > PAGE_SIZE)) { -- derr(1, "auth data len is excessive."); -- return -EINVAL; -- } -+ return ret; -+} - -- auth_buf = (char *)__get_free_page(GFP_KERNEL); -- if (unlikely(!auth_buf)) { -- derr(1, "unable to get a free page."); -- return -ENOMEM; -- } -+static int crypto_auth_zc_tls(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop) -+{ -+ struct crypt_auth_op *caop = &kcaop->caop; -+ struct scatterlist *dst_sg, *auth_sg; -+ unsigned char *auth_buf = NULL; -+ struct scatterlist tmp; -+ int ret; - -- if (caop->auth_src && caop->auth_len > 0) { -- if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) { -- derr(1, "unable to copy auth data from userspace."); -- ret = -EFAULT; -- goto free_auth_buf; -- } -+ if (unlikely(ses_ptr->cdata.aead != 0)) { -+ return -EINVAL; -+ } -+ -+ if (unlikely(caop->auth_len > PAGE_SIZE)) { -+ derr(1, "auth data len is excessive."); -+ return -EINVAL; -+ } -+ -+ auth_buf = (char *)__get_free_page(GFP_KERNEL); -+ if (unlikely(!auth_buf)) { -+ derr(1, "unable to get a free page."); -+ return -ENOMEM; -+ } - -- sg_init_one(&tmp, auth_buf, caop->auth_len); -- auth_sg = &tmp; -- } else { -- auth_sg = NULL; -+ if (caop->auth_src && caop->auth_len > 0) { -+ if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) { -+ derr(1, "unable to copy auth data from userspace."); -+ ret = -EFAULT; -+ goto free_auth_buf; - } - -- if (caop->flags & COP_FLAG_AEAD_TLS_TYPE && ses_ptr->cdata.aead == 0) { -- ret = get_userbuf_tls(ses_ptr, kcaop, &dst_sg); -- if (unlikely(ret)) { -- derr(1, "get_userbuf_tls(): Error getting user pages."); -- goto free_auth_buf; -- } -+ sg_init_one(&tmp, auth_buf, caop->auth_len); -+ auth_sg = &tmp; -+ } else { -+ auth_sg = NULL; -+ } - -- ret = tls_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len, -- dst_sg, caop->len); -- } else { -- if (unlikely(ses_ptr->cdata.init == 0 || -- (ses_ptr->cdata.stream == 0 && -- ses_ptr->cdata.aead == 0))) { -- derr(0, "Only stream and AEAD ciphers are allowed for authenc"); -- ret = -EINVAL; -- goto free_auth_buf; -- } -+ ret = get_userbuf_tls(ses_ptr, kcaop, &dst_sg); -+ if (unlikely(ret)) { -+ derr(1, "get_userbuf_tls(): Error getting user pages."); -+ goto free_auth_buf; -+ } - -- ret = get_userbuf(ses_ptr, caop->src, caop->len, caop->dst, kcaop->dst_len, -- kcaop->task, kcaop->mm, &src_sg, &dst_sg); -- if (unlikely(ret)) { -- derr(1, "get_userbuf(): Error getting user pages."); -- goto free_auth_buf; -- } -+ ret = tls_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len, -+ dst_sg, caop->len); -+ release_user_pages(ses_ptr); -+ -+free_auth_buf: -+ free_page((unsigned long)auth_buf); -+ return ret; -+} -+ -+static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop) -+{ -+ struct scatterlist *dst_sg, *auth_sg, *src_sg; -+ struct crypt_auth_op *caop = &kcaop->caop; -+ unsigned char *auth_buf = NULL; -+ struct scatterlist tmp; -+ int ret; - -- ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len, -- src_sg, dst_sg, caop->len); -+ if (unlikely(ses_ptr->cdata.init == 0 || -+ (ses_ptr->cdata.stream == 0 && ses_ptr->cdata.aead == 0))) { -+ derr(0, "Only stream and AEAD ciphers are allowed for authenc"); -+ return -EINVAL; -+ } -+ -+ if (unlikely(caop->auth_len > PAGE_SIZE)) { -+ derr(1, "auth data len is excessive."); -+ return -EINVAL; -+ } -+ -+ auth_buf = (char *)__get_free_page(GFP_KERNEL); -+ if (unlikely(!auth_buf)) { -+ derr(1, "unable to get a free page."); -+ return -ENOMEM; -+ } -+ -+ if (caop->auth_src && caop->auth_len > 0) { -+ if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) { -+ derr(1, "unable to copy auth data from userspace."); -+ ret = -EFAULT; -+ goto free_auth_buf; - } - -- release_user_pages(ses_ptr); -+ sg_init_one(&tmp, auth_buf, caop->auth_len); -+ auth_sg = &tmp; -+ } else { -+ auth_sg = NULL; -+ } -+ -+ ret = get_userbuf(ses_ptr, caop->src, caop->len, caop->dst, kcaop->dst_len, -+ kcaop->task, kcaop->mm, &src_sg, &dst_sg); -+ if (unlikely(ret)) { -+ derr(1, "get_userbuf(): Error getting user pages."); -+ goto free_auth_buf; -+ } -+ -+ ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len, -+ src_sg, dst_sg, caop->len); -+ -+ release_user_pages(ses_ptr); - - free_auth_buf: -- free_page((unsigned long)auth_buf); -+ free_page((unsigned long)auth_buf); -+ -+ return ret; -+} -+ -+static int -+__crypto_auth_run_zc(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop) -+{ -+ struct crypt_auth_op *caop = &kcaop->caop; -+ int ret; -+ -+ if (caop->flags & COP_FLAG_AEAD_SRTP_TYPE) { -+ ret = crypto_auth_zc_srtp(ses_ptr, kcaop); -+ } else if (caop->flags & COP_FLAG_AEAD_TLS_TYPE) { -+ ret = crypto_auth_zc_tls(ses_ptr, kcaop); -+ } else { -+ ret = crypto_auth_zc_aead(ses_ptr, kcaop); - } - - return ret; --- -2.7.4 - diff --git a/recipes-kernel/cryptodev/sdk_patches/0002-refactoring-relocate-code-to-simplify-later-patches.patch b/recipes-kernel/cryptodev/sdk_patches/0002-refactoring-relocate-code-to-simplify-later-patches.patch deleted file mode 100644 index b948c91..0000000 --- a/recipes-kernel/cryptodev/sdk_patches/0002-refactoring-relocate-code-to-simplify-later-patches.patch +++ /dev/null @@ -1,58 +0,0 @@ -From c2bf0e42b1d9fda60cde4a3a682784d349ef1c0b Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Thu, 4 May 2017 15:06:21 +0300 -Subject: [PATCH 2/9] refactoring: relocate code to simplify later patches - -This code move will simplify the conversion to new AEAD interface in -next patches - -Signed-off-by: Cristian Stoica ---- - authenc.c | 17 +++++++++-------- - 1 file changed, 9 insertions(+), 8 deletions(-) - -diff --git a/authenc.c b/authenc.c -index 28eb0f9..95727b4 100644 ---- a/authenc.c -+++ b/authenc.c -@@ -711,11 +711,18 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut - return -ENOMEM; - } - -+ ret = get_userbuf(ses_ptr, caop->src, caop->len, caop->dst, kcaop->dst_len, -+ kcaop->task, kcaop->mm, &src_sg, &dst_sg); -+ if (unlikely(ret)) { -+ derr(1, "get_userbuf(): Error getting user pages."); -+ goto free_auth_buf; -+ } -+ - if (caop->auth_src && caop->auth_len > 0) { - if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) { - derr(1, "unable to copy auth data from userspace."); - ret = -EFAULT; -- goto free_auth_buf; -+ goto free_pages; - } - - sg_init_one(&tmp, auth_buf, caop->auth_len); -@@ -724,16 +731,10 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut - auth_sg = NULL; - } - -- ret = get_userbuf(ses_ptr, caop->src, caop->len, caop->dst, kcaop->dst_len, -- kcaop->task, kcaop->mm, &src_sg, &dst_sg); -- if (unlikely(ret)) { -- derr(1, "get_userbuf(): Error getting user pages."); -- goto free_auth_buf; -- } -- - ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len, - src_sg, dst_sg, caop->len); - -+free_pages: - release_user_pages(ses_ptr); - - free_auth_buf: --- -2.7.4 - diff --git a/recipes-kernel/cryptodev/sdk_patches/0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch b/recipes-kernel/cryptodev/sdk_patches/0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch deleted file mode 100644 index ab3c7a8..0000000 --- a/recipes-kernel/cryptodev/sdk_patches/0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch +++ /dev/null @@ -1,96 +0,0 @@ -From a705360197260d28535746ae98c461ba2cfb7a9e Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Thu, 4 May 2017 15:06:22 +0300 -Subject: [PATCH 3/9] convert to new AEAD interface in kernels v4.2+ - -The crypto API for AEAD ciphers changed in recent kernels so that -associated data is now part of both source and destination scatter -gathers. The source, destination and associated data buffers need -to be stiched accordingly for the operations to succeed: - -src_sg: auth_buf + src_buf -dst_sg: auth_buf + (dst_buf + tag space) - -This patch fixes a kernel crash observed with cipher-gcm test. - -See also kernel patch: 81c4c35eb61a69c229871c490b011c1171511d5a - crypto: ccm - Convert to new AEAD interface - -Reported-by: Phil Sutter -Signed-off-by: Cristian Stoica ---- - authenc.c | 40 ++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 38 insertions(+), 2 deletions(-) - -diff --git a/authenc.c b/authenc.c -index 95727b4..692951f 100644 ---- a/authenc.c -+++ b/authenc.c -@@ -688,12 +688,20 @@ free_auth_buf: - - static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop) - { -- struct scatterlist *dst_sg, *auth_sg, *src_sg; -+ struct scatterlist *dst_sg; -+ struct scatterlist *src_sg; - struct crypt_auth_op *caop = &kcaop->caop; - unsigned char *auth_buf = NULL; -- struct scatterlist tmp; - int ret; - -+#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 2, 0)) -+ struct scatterlist tmp; -+ struct scatterlist *auth_sg; -+#else -+ struct scatterlist auth1[2]; -+ struct scatterlist auth2[2]; -+#endif -+ - if (unlikely(ses_ptr->cdata.init == 0 || - (ses_ptr->cdata.stream == 0 && ses_ptr->cdata.aead == 0))) { - derr(0, "Only stream and AEAD ciphers are allowed for authenc"); -@@ -718,6 +726,7 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut - goto free_auth_buf; - } - -+#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 2, 0)) - if (caop->auth_src && caop->auth_len > 0) { - if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) { - derr(1, "unable to copy auth data from userspace."); -@@ -733,6 +742,33 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut - - ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len, - src_sg, dst_sg, caop->len); -+#else -+ if (caop->auth_src && caop->auth_len > 0) { -+ if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) { -+ derr(1, "unable to copy auth data from userspace."); -+ ret = -EFAULT; -+ goto free_pages; -+ } -+ -+ sg_init_table(auth1, 2); -+ sg_set_buf(auth1, auth_buf, caop->auth_len); -+ sg_chain(auth1, 2, src_sg); -+ -+ if (src_sg == dst_sg) { -+ src_sg = auth1; -+ dst_sg = auth1; -+ } else { -+ sg_init_table(auth2, 2); -+ sg_set_buf(auth2, auth_buf, caop->auth_len); -+ sg_chain(auth2, 2, dst_sg); -+ src_sg = auth1; -+ dst_sg = auth2; -+ } -+ } -+ -+ ret = auth_n_crypt(ses_ptr, kcaop, NULL, caop->auth_len, -+ src_sg, dst_sg, caop->len); -+#endif - - free_pages: - release_user_pages(ses_ptr); --- -2.7.4 - diff --git a/recipes-kernel/cryptodev/sdk_patches/0004-fix-type-of-returned-value.patch b/recipes-kernel/cryptodev/sdk_patches/0004-fix-type-of-returned-value.patch deleted file mode 100644 index faad6cc..0000000 --- a/recipes-kernel/cryptodev/sdk_patches/0004-fix-type-of-returned-value.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 1d7c84838445981a06812869f8906bdef52e69eb Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Mon, 15 Feb 2016 18:27:35 +0200 -Subject: [PATCH 4/9] fix type of returned value - -The function is declared as unsigned int so we return an -unsigned int as well - -Signed-off-by: Cristian Stoica ---- - ioctl.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ioctl.c b/ioctl.c -index 0385203..db7207a 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -1065,7 +1065,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) - static unsigned int cryptodev_poll(struct file *file, poll_table *wait) - { - struct crypt_priv *pcr = file->private_data; -- int ret = 0; -+ unsigned int ret = 0; - - poll_wait(file, &pcr->user_waiter, wait); - --- -2.7.4 - diff --git a/recipes-kernel/cryptodev/sdk_patches/0005-remove-unnecessary-header-inclusion.patch b/recipes-kernel/cryptodev/sdk_patches/0005-remove-unnecessary-header-inclusion.patch deleted file mode 100644 index f9c8f3a..0000000 --- a/recipes-kernel/cryptodev/sdk_patches/0005-remove-unnecessary-header-inclusion.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 00a686189f7e05d70a7184cd6218f7424ab21b0d Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Tue, 23 May 2017 15:28:58 +0300 -Subject: [PATCH 5/9] remove unnecessary header inclusion - -Signed-off-by: Cristian Stoica ---- - zc.h | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/zc.h b/zc.h -index 6f975d6..666c4a5 100644 ---- a/zc.h -+++ b/zc.h -@@ -1,8 +1,6 @@ - #ifndef ZC_H - # define ZC_H - --#include "cryptodev_int.h" -- - /* For zero copy */ - int __get_userbuf(uint8_t __user *addr, uint32_t len, int write, - unsigned int pgcount, struct page **pg, struct scatterlist *sg, --- -2.7.4 - diff --git a/recipes-kernel/cryptodev/sdk_patches/0006-move-structure-definition-to-cryptodev_int.h.patch b/recipes-kernel/cryptodev/sdk_patches/0006-move-structure-definition-to-cryptodev_int.h.patch deleted file mode 100644 index 9a7ef3d..0000000 --- a/recipes-kernel/cryptodev/sdk_patches/0006-move-structure-definition-to-cryptodev_int.h.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 3245b0f9ed2085f6167068409fb344166093808c Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Tue, 23 May 2017 15:50:40 +0300 -Subject: [PATCH 6/9] move structure definition to cryptodev_int.h - -This is necessary for the rsa patch and makes this data structure -visible to kernel_crypt_pkop structure which will be defined in -cryptodev_int.h as well. - -Signed-off-by: Cristian Stoica ---- - cryptlib.h | 6 ------ - cryptodev_int.h | 5 +++++ - 2 files changed, 5 insertions(+), 6 deletions(-) - -diff --git a/cryptlib.h b/cryptlib.h -index 8e8aa71..48fe9bd 100644 ---- a/cryptlib.h -+++ b/cryptlib.h -@@ -2,12 +2,6 @@ - # define CRYPTLIB_H - - #include -- --struct cryptodev_result { -- struct completion completion; -- int err; --}; -- - #include "cipherapi.h" - - struct cipher_data { -diff --git a/cryptodev_int.h b/cryptodev_int.h -index d7660fa..c1879fd 100644 ---- a/cryptodev_int.h -+++ b/cryptodev_int.h -@@ -35,6 +35,11 @@ - #define ddebug(level, format, a...) dprintk(level, KERN_DEBUG, format, ##a) - - -+struct cryptodev_result { -+ struct completion completion; -+ int err; -+}; -+ - extern int cryptodev_verbosity; - - struct fcrypt { --- -2.7.4 - diff --git a/recipes-kernel/cryptodev/sdk_patches/0007-add-support-for-RSA-public-and-private-key-operation.patch b/recipes-kernel/cryptodev/sdk_patches/0007-add-support-for-RSA-public-and-private-key-operation.patch deleted file mode 100644 index 803b90a..0000000 --- a/recipes-kernel/cryptodev/sdk_patches/0007-add-support-for-RSA-public-and-private-key-operation.patch +++ /dev/null @@ -1,440 +0,0 @@ -From 6213ae5228a2ff0bb3521474ae37effda95a5d46 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Fri, 12 May 2017 17:04:40 +0300 -Subject: [PATCH 7/9] add support for RSA public and private key operations - -Only form 1 support is added with this patch. To maintain -compatibility with OpenBSD we need to reverse bignum buffers before -giving them to the kernel. This adds an artificial performance -penalty that can be resolved only with a CIOCKEY extension in -cryptodev API. - -As of Linux kernel 4.12 it is not possible to give to the kernel -directly a pointer to a RSA key structure and must resort to a BER -encoding scheme. - -Support for private keys in form 3 (CRT) must wait for updates and -fixes in Linux kernel crypto API. - -Known issue: -Kernels <= v4.7 strip leading zeros from the result and we get padding -errors from Openssl: RSA_EAY_PUBLIC_DECRYPT: padding check failed -(Fixed with kernel commit "crypto: rsa - Generate fixed-length output" -9b45b7bba3d22de52e09df63c50f390a193a3f53) - -Signed-off-by: Cristian Stoica ---- - cryptlib.c | 234 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - cryptlib.h | 4 +- - cryptodev_int.h | 17 ++++ - ioctl.c | 17 +++- - main.c | 42 ++++++++++ - 5 files changed, 312 insertions(+), 2 deletions(-) - -diff --git a/cryptlib.c b/cryptlib.c -index 2c6028e..1c044a4 100644 ---- a/cryptlib.c -+++ b/cryptlib.c -@@ -37,6 +37,10 @@ - #include - #include "cryptodev_int.h" - #include "cipherapi.h" -+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0)) -+#include -+#include -+#endif - - extern const struct crypto_type crypto_givcipher_type; - -@@ -435,3 +439,233 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output) - return waitfor(&hdata->async.result, ret); - } - -+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0)) -+/* This function is necessary because the bignums in Linux kernel are MSB first -+ * (big endian) as opposed to LSB first as OpenBSD crypto layer uses */ -+void reverse_buf(uint8_t *buf, size_t sz) -+{ -+ int i; -+ uint8_t *end; -+ uint8_t tmp; -+ -+ end = buf + sz; -+ -+ for (i = 0; i < sz/2; i++) { -+ end--; -+ -+ tmp = *buf; -+ *buf = *end; -+ *end = tmp; -+ -+ buf++; -+ } -+} -+ -+int ber_wr_tag(uint8_t **ber_ptr, uint8_t tag) -+{ -+ **ber_ptr = tag; -+ *ber_ptr += 1; -+ -+ return 0; -+} -+ -+int ber_wr_len(uint8_t **ber_ptr, size_t len, size_t sz) -+{ -+ if (len < 127) { -+ **ber_ptr = len; -+ *ber_ptr += 1; -+ } else { -+ size_t sz_save = sz; -+ -+ sz--; -+ **ber_ptr = 0x80 | sz; -+ -+ while (sz > 0) { -+ *(*ber_ptr + sz) = len & 0xff; -+ len >>= 8; -+ sz--; -+ } -+ *ber_ptr += sz_save; -+ } -+ -+ return 0; -+} -+ -+int ber_wr_int(uint8_t **ber_ptr, uint8_t *crp_p, size_t sz) -+{ -+ int ret; -+ -+ ret = copy_from_user(*ber_ptr, crp_p, sz); -+ reverse_buf(*ber_ptr, sz); -+ -+ *ber_ptr += sz; -+ -+ return ret; -+} -+ -+/* calculate the size of the length field itself in BER encoding */ -+size_t ber_enc_len(size_t len) -+{ -+ size_t sz; -+ -+ sz = 1; -+ if (len > 127) { /* long encoding */ -+ while (len != 0) { -+ len >>= 8; -+ sz++; -+ } -+ } -+ -+ return sz; -+} -+ -+void *cryptodev_alloc_rsa_pub_key(struct kernel_crypt_pkop *pkop, -+ uint32_t *key_len) -+{ -+ struct crypt_kop *cop = &pkop->pkop; -+ uint8_t *ber_key; -+ uint8_t *ber_ptr; -+ uint32_t ber_key_len; -+ size_t s_sz; -+ size_t e_sz; -+ size_t n_sz; -+ size_t s_enc_len; -+ size_t e_enc_len; -+ size_t n_enc_len; -+ int err; -+ -+ /* BER public key format: -+ * SEQUENCE TAG 1 byte -+ * SEQUENCE LENGTH s_enc_len bytes -+ * INTEGER TAG 1 byte -+ * INTEGER LENGTH n_enc_len bytes -+ * INTEGER (n modulus) n_sz bytes -+ * INTEGER TAG 1 byte -+ * INTEGER LENGTH e_enc_len bytes -+ * INTEGER (e exponent) e_sz bytes -+ */ -+ -+ e_sz = (cop->crk_param[1].crp_nbits + 7)/8; -+ n_sz = (cop->crk_param[2].crp_nbits + 7)/8; -+ -+ e_enc_len = ber_enc_len(e_sz); -+ n_enc_len = ber_enc_len(n_sz); -+ -+ /* -+ * Sequence length is the size of all the fields following the sequence -+ * tag, added together. The two added bytes account for the two INT -+ * tags in the Public Key sequence -+ */ -+ s_sz = e_sz + e_enc_len + n_sz + n_enc_len + 2; -+ s_enc_len = ber_enc_len(s_sz); -+ -+ /* The added byte accounts for the SEQ tag at the start of the key */ -+ ber_key_len = s_sz + s_enc_len + 1; -+ -+ /* Linux asn1_ber_decoder doesn't like keys that are too large */ -+ if (ber_key_len > 65535) { -+ return NULL; -+ } -+ -+ ber_key = kmalloc(ber_key_len, GFP_DMA); -+ if (!ber_key) { -+ return NULL; -+ } -+ -+ ber_ptr = ber_key; -+ -+ err = ber_wr_tag(&ber_ptr, _tag(UNIV, CONS, SEQ)) || -+ ber_wr_len(&ber_ptr, s_sz, s_enc_len) || -+ ber_wr_tag(&ber_ptr, _tag(UNIV, PRIM, INT)) || -+ ber_wr_len(&ber_ptr, n_sz, n_enc_len) || -+ ber_wr_int(&ber_ptr, cop->crk_param[2].crp_p, n_sz) || -+ ber_wr_tag(&ber_ptr, _tag(UNIV, PRIM, INT)) || -+ ber_wr_len(&ber_ptr, e_sz, e_enc_len) || -+ ber_wr_int(&ber_ptr, cop->crk_param[1].crp_p, e_sz); -+ if (err != 0) { -+ goto free_key; -+ } -+ -+ *key_len = ber_key_len; -+ return ber_key; -+ -+free_key: -+ kfree(ber_key); -+ return NULL; -+} -+ -+int crypto_bn_modexp(struct kernel_crypt_pkop *pkop) -+{ -+ struct crypt_kop *cop = &pkop->pkop; -+ uint8_t *ber_key; -+ uint32_t ber_key_len; -+ size_t m_sz; -+ size_t c_sz; -+ size_t c_sz_max; -+ uint8_t *m_buf; -+ uint8_t *c_buf; -+ struct scatterlist src; -+ struct scatterlist dst; -+ int err; -+ -+ ber_key = cryptodev_alloc_rsa_pub_key(pkop, &ber_key_len); -+ if (!ber_key) { -+ return -ENOMEM; -+ } -+ -+ err = crypto_akcipher_set_pub_key(pkop->s, ber_key, ber_key_len); -+ if (err != 0) { -+ goto free_key; -+ } -+ -+ m_sz = (cop->crk_param[0].crp_nbits + 7)/8; -+ c_sz = (cop->crk_param[3].crp_nbits + 7)/8; -+ -+ m_buf = kmalloc(m_sz, GFP_DMA); -+ if (!m_buf) { -+ err = -ENOMEM; -+ goto free_key; -+ } -+ -+ err = copy_from_user(m_buf, cop->crk_param[0].crp_p, m_sz); -+ if (err != 0) { -+ goto free_m_buf; -+ } -+ reverse_buf(m_buf, m_sz); -+ -+ c_sz_max = crypto_akcipher_maxsize(pkop->s); -+ if (c_sz > c_sz_max) { -+ err = -EINVAL; -+ goto free_m_buf; -+ } -+ -+ c_buf = kzalloc(c_sz_max, GFP_KERNEL); -+ if (!c_buf) { -+ goto free_m_buf; -+ } -+ -+ sg_init_one(&src, m_buf, m_sz); -+ sg_init_one(&dst, c_buf, c_sz); -+ -+ init_completion(&pkop->result.completion); -+ akcipher_request_set_callback(pkop->req, 0, -+ cryptodev_complete, &pkop->result); -+ akcipher_request_set_crypt(pkop->req, &src, &dst, m_sz, c_sz); -+ -+ err = crypto_akcipher_encrypt(pkop->req); -+ err = waitfor(&pkop->result, err); -+ -+ if (err == 0) { -+ reverse_buf(c_buf, c_sz); -+ err = copy_to_user(cop->crk_param[3].crp_p, c_buf, c_sz); -+ } -+ -+ kfree(c_buf); -+free_m_buf: -+ kfree(m_buf); -+free_key: -+ kfree(ber_key); -+ -+ return err; -+} -+#endif -diff --git a/cryptlib.h b/cryptlib.h -index 48fe9bd..f909c34 100644 ---- a/cryptlib.h -+++ b/cryptlib.h -@@ -95,6 +95,8 @@ int cryptodev_hash_reset(struct hash_data *hdata); - void cryptodev_hash_deinit(struct hash_data *hdata); - int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name, - int hmac_mode, void *mackey, size_t mackeylen); -- -+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0)) -+int crypto_bn_modexp(struct kernel_crypt_pkop *pkop); -+#endif - - #endif -diff --git a/cryptodev_int.h b/cryptodev_int.h -index c1879fd..7860c39 100644 ---- a/cryptodev_int.h -+++ b/cryptodev_int.h -@@ -19,6 +19,10 @@ - #include - #include - #include -+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0)) -+#include -+#endif -+ - - #define PFX "cryptodev: " - #define dprintk(level, severity, format, a...) \ -@@ -111,6 +115,18 @@ struct kernel_crypt_auth_op { - struct mm_struct *mm; - }; - -+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0)) -+struct kernel_crypt_pkop { -+ struct crypt_kop pkop; -+ -+ struct crypto_akcipher *s; /* Transform pointer from CryptoAPI */ -+ struct akcipher_request *req; /* PKC request allocated from CryptoAPI */ -+ struct cryptodev_result result; /* updated by completion handler */ -+}; -+ -+int crypto_run_asym(struct kernel_crypt_pkop *pkop); -+#endif -+ - /* auth */ - - int kcaop_from_user(struct kernel_crypt_auth_op *kcop, -@@ -122,6 +138,7 @@ int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop); - - #include - -+ - /* other internal structs */ - struct csession { - struct list_head entry; -diff --git a/ioctl.c b/ioctl.c -index db7207a..8b0df4e 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -810,6 +810,9 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - struct session_op sop; - struct kernel_crypt_op kcop; - struct kernel_crypt_auth_op kcaop; -+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0)) -+ struct kernel_crypt_pkop pkop; -+#endif - struct crypt_priv *pcr = filp->private_data; - struct fcrypt *fcr; - struct session_info_op siop; -@@ -823,7 +826,11 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - - switch (cmd) { - case CIOCASYMFEAT: -- return put_user(0, p); -+ ses = 0; -+ if (crypto_has_alg("rsa", 0, 0)) { -+ ses = CRF_MOD_EXP; -+ } -+ return put_user(ses, p); - case CRIOGET: - fd = clonefd(filp); - ret = put_user(fd, p); -@@ -859,6 +866,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - if (unlikely(ret)) - return ret; - return copy_to_user(arg, &siop, sizeof(siop)); -+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0)) -+ case CIOCKEY: -+ ret = copy_from_user(&pkop.pkop, arg, sizeof(struct crypt_kop)); -+ if (ret == 0) { -+ ret = crypto_run_asym(&pkop); -+ } -+ return ret; -+#endif - case CIOCCRYPT: - if (unlikely(ret = kcop_from_user(&kcop, fcr, arg))) { - dwarning(1, "Error copying from user"); -diff --git a/main.c b/main.c -index 57e5c38..2bfe6f0 100644 ---- a/main.c -+++ b/main.c -@@ -48,6 +48,9 @@ - #include "zc.h" - #include "cryptlib.h" - #include "version.h" -+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0)) -+#include -+#endif - - /* This file contains the traditional operations of encryption - * and hashing of /dev/crypto. -@@ -265,3 +268,42 @@ out_unlock: - crypto_put_session(ses_ptr); - return ret; - } -+ -+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0)) -+int crypto_run_asym(struct kernel_crypt_pkop *pkop) -+{ -+ int err; -+ -+ pkop->s = crypto_alloc_akcipher("rsa", 0, 0); -+ if (IS_ERR(pkop->s)) { -+ return PTR_ERR(pkop->s); -+ } -+ -+ pkop->req = akcipher_request_alloc(pkop->s, GFP_KERNEL); -+ if (pkop->req == NULL) { -+ err = -ENOMEM; -+ goto out_free_tfm; -+ } -+ -+ switch (pkop->pkop.crk_op) { -+ case CRK_MOD_EXP: /* RSA_PUB or PRIV form 1 */ -+ if (pkop->pkop.crk_iparams != 3 && pkop->pkop.crk_oparams != 1) { -+ err = -EINVAL; -+ goto out_free_req; -+ } -+ err = crypto_bn_modexp(pkop); -+ break; -+ default: -+ err = -EINVAL; -+ break; -+ } -+ -+out_free_req: -+ kfree(pkop->req); -+ -+out_free_tfm: -+ crypto_free_akcipher(pkop->s); -+ -+ return err; -+} -+#endif --- -2.7.4 - diff --git a/recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch b/recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch deleted file mode 100644 index 1fce558..0000000 --- a/recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch +++ /dev/null @@ -1,54 +0,0 @@ -From ec2529027a6565fdede79e7bda4a0232757acf70 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Wed, 14 Jun 2017 11:23:18 +0300 -Subject: [PATCH 8/9] check session flags early to avoid incorrect failure - modes - -This verification of aead flag was incorrectly removed in -"refactoring: split big function to simplify maintainance" -20dcf071bc3076ee7db9d603cfbe6a06e86c7d5f -resulting in an incorrect dispatching of functions. - -Add back this check and at the same time remove the second check from -the called function which now becomes redundant. -Add another guard check for aead modes and reject not supported combinations. - -Signed-off-by: Cristian Stoica ---- - authenc.c | 11 +++++------ - 1 file changed, 5 insertions(+), 6 deletions(-) - -diff --git a/authenc.c b/authenc.c -index 692951f..fc32f43 100644 ---- a/authenc.c -+++ b/authenc.c -@@ -643,10 +643,6 @@ static int crypto_auth_zc_tls(struct csession *ses_ptr, struct kernel_crypt_auth - struct scatterlist tmp; - int ret; - -- if (unlikely(ses_ptr->cdata.aead != 0)) { -- return -EINVAL; -- } -- - if (unlikely(caop->auth_len > PAGE_SIZE)) { - derr(1, "auth data len is excessive."); - return -EINVAL; -@@ -787,10 +783,13 @@ __crypto_auth_run_zc(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcao - - if (caop->flags & COP_FLAG_AEAD_SRTP_TYPE) { - ret = crypto_auth_zc_srtp(ses_ptr, kcaop); -- } else if (caop->flags & COP_FLAG_AEAD_TLS_TYPE) { -+ } else if (caop->flags & COP_FLAG_AEAD_TLS_TYPE && -+ ses_ptr->cdata.aead == 0) { - ret = crypto_auth_zc_tls(ses_ptr, kcaop); -- } else { -+ } else if (ses_ptr->cdata.aead) { - ret = crypto_auth_zc_aead(ses_ptr, kcaop); -+ } else { -+ ret = -EINVAL; - } - - return ret; --- -2.7.4 - diff --git a/recipes-kernel/cryptodev/sdk_patches/0009-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch b/recipes-kernel/cryptodev/sdk_patches/0009-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch deleted file mode 100644 index 795abdf..0000000 --- a/recipes-kernel/cryptodev/sdk_patches/0009-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch +++ /dev/null @@ -1,50 +0,0 @@ -From f365c69d7852d6579952825c9f90a27129f92d22 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Tue, 13 Jun 2017 11:13:33 +0300 -Subject: [PATCH 9/9] add support for composite TLS10(SHA1,AES) algorithm - offload - -This adds support for composite algorithm offload as a primitive -crypto (cipher + hmac) operation. - -It requires kernel support for tls10(hmac(sha1),cbc(aes)) algorithm -provided either in software or accelerated by hardware such as -Freescale B*, P* and T* platforms. - -Signed-off-by: Cristian Stoica ---- - crypto/cryptodev.h | 1 + - ioctl.c | 5 +++++ - 2 files changed, 6 insertions(+) - -diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h -index 7fb9c7d..c0e8cd4 100644 ---- a/crypto/cryptodev.h -+++ b/crypto/cryptodev.h -@@ -50,6 +50,7 @@ enum cryptodev_crypto_op_t { - CRYPTO_SHA2_384, - CRYPTO_SHA2_512, - CRYPTO_SHA2_224_HMAC, -+ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, - CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ - }; - -diff --git a/ioctl.c b/ioctl.c -index 8b0df4e..998f51a 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -159,6 +159,11 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop) - stream = 1; - aead = 1; - break; -+ case CRYPTO_TLS10_AES_CBC_HMAC_SHA1: -+ alg_name = "tls10(hmac(sha1),cbc(aes))"; -+ stream = 0; -+ aead = 1; -+ break; - case CRYPTO_NULL: - alg_name = "ecb(cipher_null)"; - stream = 1; --- -2.7.4 - -- 1.9.0