From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by yocto-www.yoctoproject.org (Postfix, from userid 118) id 1297BE00D74; Tue, 14 Nov 2017 21:26:57 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on yocto-www.yoctoproject.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,LOTS_OF_MONEY,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS,WEIRD_PORT autolearn=ham version=3.3.1 X-Spam-HAM-Report: * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no * trust * [104.47.34.106 listed in list.dnswl.org] * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP * -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * 0.0 LOTS_OF_MONEY Huge... sums of money Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0106.outbound.protection.outlook.com [104.47.34.106]) by yocto-www.yoctoproject.org (Postfix) with ESMTP id F0060E00D41 for ; Tue, 14 Nov 2017 21:26:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freescale.onmicrosoft.com; s=selector1-freescale-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=YJFl5/28Zj/fyDtins0NLYYRQgh5XmKcH3Q6MB2vq2g=; b=DptQbR/7QJb3DvHhnDgjrpGnPg6d/uujBI6vvHLJgTi0z+uB0FF6F6V8mJI/HKoZ284ZArSt6z7BWEjZzkc/BlnE6/AQFIPjNkiefv+tSewx64YZziycPwFYtNYklfdIn/oN2ZUy2fm1jMDbnOPE4mybr4FzXiLUD6CznU1JNBE= Received: from CY4PR03CA0079.namprd03.prod.outlook.com (10.171.242.148) by CY1PR0301MB0780.namprd03.prod.outlook.com (10.160.160.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.218.12; Wed, 15 Nov 2017 05:26:29 +0000 Received: from BN1BFFO11FD015.protection.gbl (2a01:111:f400:7c10::1:118) by CY4PR03CA0079.outlook.office365.com (2603:10b6:910:4d::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.239.5 via Frontend Transport; Wed, 15 Nov 2017 05:26:28 +0000 Authentication-Results: spf=neutral (sender IP is 192.88.168.50) smtp.mailfrom=freescale.com; nxp.com; dkim=none (message not signed) header.d=none; nxp.com; dmarc=none action=none header.from=freescale.com; Received-SPF: Neutral (protection.outlook.com: 192.88.168.50 is neither permitted nor denied by domain of freescale.com) Received: from tx30smr01.am.freescale.net (192.88.168.50) by BN1BFFO11FD015.mail.protection.outlook.com (10.58.144.78) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.20.197.9 via Frontend Transport; Wed, 15 Nov 2017 05:26:28 +0000 Received: from sun.ap.freescale.net (sun.ap.freescale.net [10.192.208.75]) by tx30smr01.am.freescale.net (8.14.3/8.14.0) with ESMTP id vAF5QIGA014795; Tue, 14 Nov 2017 22:26:21 -0700 From: Chunrong Guo To: Date: Wed, 15 Nov 2017 13:26:10 +0800 Message-ID: <1510723572-27606-2-git-send-email-B40290@freescale.com> X-Mailer: git-send-email 1.9.0 In-Reply-To: <1510723572-27606-1-git-send-email-B40290@freescale.com> References: <1510723572-27606-1-git-send-email-B40290@freescale.com> X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:192.88.168.50; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(7966004)(39860400002)(346002)(376002)(2980300002)(279900001)(199003)(189002)(7110500001)(50466002)(54906003)(508600001)(5003940100001)(966005)(189998001)(16586007)(19625305001)(47776003)(97736004)(2420400007)(77096006)(16200700003)(15650500001)(316002)(8656006)(53946003)(104016004)(2351001)(6666003)(53936002)(42882006)(4326008)(6916009)(2950100002)(105606002)(68736007)(305945005)(81166006)(81156014)(76176999)(5660300001)(356003)(8936002)(575784001)(48376002)(6306002)(106466001)(8676002)(50226002)(36756003)(2906002)(10710500007)(50986999)(21314002)(569006); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR0301MB0780; H:tx30smr01.am.freescale.net; FPR:; SPF:Neutral; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; BN1BFFO11FD015; 1:sKwViC52TGDnkjGEt6Jl7PldNURbgaVsbdKV5kthXubkw+7Y4U7Qg+I++/CQrE3iz9fO7gtyBM2AkD2IVIz0w3ChstKu7XTygj3tjDD9IYvr6qo9P9Zb4US+tkIMywGE MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b75bbca9-c4e6-49e0-60c0-08d52be96c43 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603199); SRVR:CY1PR0301MB0780; X-Microsoft-Exchange-Diagnostics: 1; CY1PR0301MB0780; 3:ROipde9W0bpKfZxtN067ymhIWAa3XSS52nMj3JefLKB82SO0viQhmOfzT5NsrWwxlvHiMpsrCVDRqlkwpcmiWesb1fBwCD/LONjcHnQGyf257LOQU3sZJFEUjmjiqiluVjfp0vFYa2mAI/BCd4NCESfV/5R/9WWPZVLIS5xh8oyW0ym6j9CeopOFTjdfYCN+ujziErO5bwECDlGnYcdY/wsTFUJXWauNTDDRqIZSLUTahhwB/kWB7gYL0rXS8t8HhUvXHMJyJF7lQND4vlTG/wMLvMBMMfLECc3OGLWIqoLxfLltQeEE11RW3dVu/PfAx+2lCLi99dP7RWlsftJyKUhJUm5P2lHkAcxxRdQOhbI=; 25:xYNUI/Ow+suQkwEi3U46pPjBNgAV3xDK83tlOrSVcDiJGbOlf+yTWva5XNtEq14633OMcbb4gRP/N0VJPMYlUgYqI8J5TXiXueoyFJo0e3kNVIqQljGN8fBICph9kMYVdE9X138IPqYo6x+u4YuwsYXN2ry1SrHkSq7UBMFL+wCXk+Jrr2GOSkU+TNecmrF14ePCkFbvoUCoDASj9jFS5+1iC9IDpdkj6MdYMfsT5MoXw38ZhHQw5kheIV7h7sDwnWnjr+4wMFK4zb+AJ2kV/SqwO+8PK20gVB52WCfyzQjyb3yErel9ZPg0+JBNtpTs8cyXzeyH8+BGtUgk1MZiuDzCXVAzIV6/4pQDN+iQrkE= X-MS-TrafficTypeDiagnostic: CY1PR0301MB0780: X-LD-Processed: 710a03f5-10f6-4d38-9ff4-a80b81da590d,ExtAddr X-Microsoft-Exchange-Diagnostics: 1; CY1PR0301MB0780; 31:EcwOwX3lj7e4r+abfC7a/fjMxawTiTjkDndqfrsCcID/vXqqMEUVz4ctyZgXmErHGtr5iaVYwp3ohMY41cyyiTf3gYOX+VWTUNIosiD8p15M2NRXUR2UWfT2xqwpUo93s9NAEjrGbxDqeObScqUxpEEkR59eKYvKOn+lbzfp1W/QhaEsxxyUtlEZe9eIZkR8v3Zm3eNkaTTcrHu/w9t90fIrfy7iW1zMTJ441/7xYaI=; 20:hmg/fPWQtHEIQIwA+ZGvaPb4iZliinWdqS4tJIKNtwi55tX2SccBjJ4WOFa+qNZ/iZQyLyNUI3vZNJxtAwGANET7PzGe1EUO5XTQXxrXSYJp3Z+G1mPUzW5JvlSsFInpzV4pVu6IH9ua03YZ7Psnoa+5zefQb5zHHezKTFfxJ9FXJ1eejOxUKXg5uDNlAMVKez8lA3J6R2p5a4rgw1YLz0EbXIqS4p5lXWZ5+OGmSr3BC49muJ37c5UJCf4mn2FyI4ir+R5/drslAtCum2Ft00DN632H8ve5MsziBMMQu0gYzbtac+3k6SuANIw+zDHBwovlwjdW2pD1fnMX6N2v3VZXg/p811QFOx8Z3dcisNyKs6a1bgQFp6SDQbsfccj1tb94+l9IO8BZjQ7ydu9Y3UDL99aEq2TEc3ldNRbUhMwJh9lrtdPh6vx4jhUIoR8ONHHRz24ZkPdFEvASj57o6CP0H6Ve2zhkKuWteM0Zf1+PIe6MDmR6xjvnDux29UPtzg4CZek14tCTvNy96JGk5Pp66AgcR9U5rO4NFMV/OrTkxI/99ZCJRE/Af+n1p6pBQqvGPKMLOdbVc+vc2UUfWIc9Xf4d0Cs66IlceebNJ7s= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(166708455590820)(131327999870524)(185117386973197)(788757137089)(101931422205132)(36789356921836)(17755550239193); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(93006095)(3231022)(10201501046)(100000703101)(100105400095)(3002001)(6055026)(6041248)(20161123564025)(20161123562025)(20161123560025)(20161123555025)(201703131423075)(201703011903075)(201702281528075)(201703061421075)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY1PR0301MB0780; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY1PR0301MB0780; X-Microsoft-Exchange-Diagnostics: 1; CY1PR0301MB0780; 4:+4cftwa36jwOa3CqdAbxLgh3ibcHo2wyEV8IYKAUtYFPQLPamfE20osXvOu6kUBeBrs5KyByMV5C5hAKECXj/jEnAyIU7YOYgIEKb5e96CkPWuVFAgA/L5jD+4M+2GKlRJrFtlPyTAsbt/G72026hTt1r4nOgg86w2GIGIpuWB4EZ9KsQrLcT8wOs3Tq8V7xel8FsOunJs8PKlh2TlGsARlqoUBjSAAxeDK277UkHL2m3xAPrYM5q37HUf0Up3TiT02uZleadmgsWf9heMN6pEi2FQlZRHjVZeZgOi6wPx26SjG3ilIwZpB+Uuy/QaN5Ya+uxl1VmAjODHLriH4p363Fjcfdfv/cY2Zj9tii9CsKGq1EU4Hq1MwR6Ut17FIVwaps8ycTPpSQa1CrC++UfSgsQUpSH828rYXIIK0QZahTxNsvkWsb/27WunDQ8GIXw5ApZO21npOqUFp1q/yCi8k5wn6cMp+KokemXm05JKz7LlbjsrmG0APvKGf2Q1NHKyRfWwsCs663tWUsMfaMLQ== X-Forefront-PRVS: 0492FD61DD X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; CY1PR0301MB0780; 23:gtRdJBWtaIxqh14gyEHbqmCQiQeJ6Eddjm9kz+h?= =?us-ascii?Q?Xcn0+UNsNcjkkkhE8CEDnSoBpUYMRvnrmWgavkTYrjwL2oO69h5yThWvbNlB?= =?us-ascii?Q?4vCINEMNRLuG+jaFpEOsNElJyYCsuVN1pIc7aJLN4l34xDZH7hZrQ7PLu0qL?= =?us-ascii?Q?DN/QEs1MLgeepQ4Z/SsfOloIB1uL7QodQkA45uWCmRo1MgnT1y5OXiJxmLw6?= =?us-ascii?Q?hF0a52m++8deBWLrUBhzGQjnAZZGTnrwmfcVmNoIPkNuq30DFvOUhoZL81/u?= =?us-ascii?Q?nN8Ye/2Om9jn+WRpvSWi3DfmpP8d8FjBtrFwulyztRQTw18OpnQe5tbT6efj?= =?us-ascii?Q?cM/Ea85hMu0HH/b4MzpRvGbCmnVvKg866etpRFlnIp9NlC5sWErZXBs000/6?= =?us-ascii?Q?BZ+c35oMNe66EKilZi59OA0YN9CK3yPsXcmmXDIRATEFCxho9HY/LMbmGf+K?= =?us-ascii?Q?Ew6je6qMyxwaBzkzDGC/tZcbKJvFRe89euBgm03gx6nEpqtGAF41tfa9sgZ5?= =?us-ascii?Q?ewDegA3eDNnppf0Dtk9LT6VDgSwpk3rYtkTRumbuOG/CZ5iVmeB6J3PYwxrY?= =?us-ascii?Q?k2k3I3XaHnbWkK2v5t2HQS3r2y6dGQCDKh2GW7okHTS/T8Jk3RrNYlz3pQBh?= =?us-ascii?Q?Ubknn8S5dZBoN1Vlk6mYjlm6hcBasx3vg4YqZAkowWdcFX58FuR8UOQWPFca?= =?us-ascii?Q?rl1CDvXGo994CflsNOSNr/MtOOcTyhtw7Toarv/qAqo7859CW52qJsQz9PYc?= =?us-ascii?Q?xyfvk7w6tjZnl8oQ844dSTI+J6oSNEPeJn/GDDP4i4oJNOd/ZyCX6JDMUZ+6?= =?us-ascii?Q?0aQrnWvhTocq/DBfR6E/Yycy1eO1yM1hsBovgj2k8WOzLcT4srYC22Ox66MQ?= =?us-ascii?Q?55ae2VpHupMa5LwrQO7A1BNAOYZY7Nqc030UDzOQ9feKHooIhnSvsZ6QaVLI?= =?us-ascii?Q?0l+/SvtHCTkZeyvcX47PgoaNSmX7siW55wqt22esXDCeDzFt75l58JWD8tQB?= =?us-ascii?Q?mAYxVBuRigUgppEZncbyiZ47j69AmunENLfBBDSGNK76cqyJSdTeJuXm05Ac?= =?us-ascii?Q?RmJO4UD37Kedy+AxA5SyX6FlZnRqFZUP08H361fEmtzmCA/xt+QpazXturQu?= =?us-ascii?Q?P4qln2CF8Gu4FCf9Zp3BJAID6PvsBXK40xCJkjoOHBQelTbeKTXfovg3VHyn?= =?us-ascii?Q?u3vMgNRrms1qqiMNAfD0dN/DwJgBgDYNlMmOtBWmfkO6F92DLWt5JuRTEzwV?= =?us-ascii?Q?zhv6IicMwQPdLaB/FtQs5ZBy8jImwR/jHHXzWOl/brog3PWCpqeaRX5df7Yq?= =?us-ascii?Q?uxBPb6MSRpgNqW5bBqqRbgivr3lF/4nyNl5UgjXao06jW?= X-Microsoft-Exchange-Diagnostics: 1; CY1PR0301MB0780; 6:HAM+pph4e5BS90Uc156utJXyOo7DUiZzEJXJiaaUyX6dB5dqR1gafPY3oo43CMFwFie5y67HV7QySweUzAEsj1toXFdrRA7BlN2wsAcgcAcB+Imso28B0aa+/09w7KfyzaWbVu9mM40SzhMuLxYc97ADCqSQ4DA2x44t4edoIuqksN1Pln4vXKUtmfeyJmxV2NOMBAfxE0M6PB/I9GB0jC0wQsXDt8xJp1oWJ6ufLJ9CKa6ovAl7UwFTFxqxOLikAdwn6I+0jiHu9Z/yc75Jgav1jsvrcsd39rz+liBA/31f9lCWITpNtrCI+MJzE/zN/5J2k8MwwDrlqJdkZl5IgPle1AFtIc1pcsbPKk0G5Rs=; 5:NvIgT8I67tSL7X9eUvlRjWyE/nHAmz001p1vB3hzXJJ/RVHkfJ9T/brIo3jsun4rSDd2/5wiDqKAKYmC0RohpgBTju9rxb+CDwwRo2modnTrxiJpjB4bjXEZZ1XZZUXq5k1u8eyjSIkX/PflbLYyPFztacIvlPnDa6T4XQHvK7A=; 24:18HP7szYgwzThJG8yIcJVi+lPAcAILRbGfsswWKGiLPwg2c8GJxSOf1MmufHHiItxHhqWrBR9viRFuPBpBHP8c9/pxG8t+PqBJ6XGRm14oM=; 7:r1R7pJUooj/sf+MvJmuvJs8X+RL3WJ52D0BC+NccSk6hToMlsmDog/uB4iaJi7bkm2nTx1zqcTiCO1riwvcMiGXWSFKCY0sgTNiyDLH79llYBPtiEo00pH9mD3+NWFy7A9eqcVhprfnhpgkAd8Uy6GKvHAcTpahOhGpiacfEJznZVyJJ+SKvHliXeURZ4EmBGN69fAEmrO/MVctIk36HIUZCi4d/mZ1Jo670kB/U2CkL2ozIn7yEb46SbVB3x8gb SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: freescale.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Nov 2017 05:26:28.4806 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b75bbca9-c4e6-49e0-60c0-08d52be96c43 X-MS-Exchange-CrossTenant-Id: 710a03f5-10f6-4d38-9ff4-a80b81da590d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=710a03f5-10f6-4d38-9ff4-a80b81da590d; Ip=[192.88.168.50]; Helo=[tx30smr01.am.freescale.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0301MB0780 Cc: chunrong.guo@nxp.com Subject: [PATCH 2/4] openssl-qoriq: update recipes X-BeenThere: meta-freescale@yoctoproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: Usage and development list for the meta-fsl-* layers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2017 05:26:57 -0000 Content-Type: text/plain From: Chunrong Guo *Update URL to fetch qoriq-open-source github *Update to b9e6572 This includes the following changes: b9e6572 - eng_cryptodev: add support for TLS algorithms offload b3a3bab - Prepare for 1.0.2l release 539c4d3 - make update cde19ec - Update CHANGES and NEWS for new release 8ded5f1 - Ignore -rle and -comp when compiled with OPENSSL_NO_COMP. Fixes make test when configured with no-comp. d130456 - Fix regression in openssl req -x509 behaviour. 7c300b9 - Remove notification settings from appveyor.yml b020bf6 - Remove dead code. ea3fc60 - Copy custom extension flags in a call to SSL_set_SSL_CTX() 4ae5993 - perlasm/x86_64-xlate.pl: work around problem with hex constants in masm. 16d78fb - Fix some error path logic in i2v_AUTHORITY_INFO_ACCESS and i2v_GENERAL_NAME 6b8fa5b - RT2867: des_ede3_cfb1 ignored "size in bits" flag 5453820 - Fix URL links in comment d2335f3 - Fix time offset calculation. 13f70ae - Check fflush on BIO_ctrl call de46e82 - Remove unnecessary loop in pkey_rsa_decrypt. b99f102 - check length sanity before correcting in EVP_CTRL_AEAD_TLS1_AAD fb2345a - Annotate ASN.1 attributes of the jurisdictionCountryName NID 60a70a5 - Fixed typo in X509_STORE_CTX_new description 74bcd77 - Numbers greater than 1 are usually non-negative. e8f2e2f - pkeyutl exit with 0 if the verification succeeded 71d66c4 - Additional check to handle BAD SSL_write retry a91bfe2 - crypto/ppccap.c: SIGILL-free processor capabilities detection on MacOS X. 3f524f7 - Ensure dhparams can handle X9.42 params in DER 1f3b0fe - Add missing macros for DHxparams 248cf95 - Fix for #2730. Add CRLDP extension to list of supported extensions d75c56f - Free the compression methods in s_server and s_client 4bc46d - doc: Add stitched ciphers to EVP_EncryptInit.pod 8625e92 - doc: Add missing options in s_{server,client} 62f488d - Fix the error handling in CRYPTO_dup_ex_data. 144ab9b - Add documentation for SNI APIs *Openssl git includes all qoriq patches so remove qoriq patches folder Signed-off-by: Chunrong Guo --- recipes-connectivity/openssl/openssl-qoriq.inc | 6 +- ...double-initialization-of-cryptodev-engine.patch | 69 - ...ev-add-support-for-TLS-algorithms-offload.patch | 343 ---- ...0003-cryptodev-fix-algorithm-registration.patch | 61 - ...4-ECC-Support-header-for-Cryptodev-Engine.patch | 319 --- ...itial-support-for-PKC-in-cryptodev-engine.patch | 1578 --------------- ...006-Added-hwrng-dev-file-as-source-of-RNG.patch | 28 - ...s-interface-added-for-PKC-cryptodev-inter.patch | 2050 -------------------- ...gen-operation-and-support-gendsa-command-.patch | 155 -- .../openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch | 64 - .../0010-Removed-local-copy-of-curve_t-type.patch | 163 -- ...us-parameter-is-not-populated-by-dhparams.patch | 43 - .../0012-SW-Backoff-mechanism-for-dsa-keygen.patch | 53 - .../0013-Fixed-DH-keygen-pair-generator.patch | 100 - ...dd-support-for-aes-gcm-algorithm-offloadi.patch | 321 --- ...ev-extend-TLS-offload-with-3des_cbc_hmac_.patch | 199 -- ...ev-add-support-for-TLSv1.1-record-offload.patch | 338 ---- ...ev-add-support-for-TLSv1.2-record-offload.patch | 377 ---- .../0018-cryptodev-drop-redundant-function.patch | 72 - ...yptodev-do-not-zero-the-buffer-before-use.patch | 48 - .../0020-cryptodev-clean-up-code-layout.patch | 73 - ...odev-do-not-cache-file-descriptor-in-open.patch | 93 - ...cryptodev-put_dev_crypto-should-be-an-int.patch | 35 - ...todev-simplify-cryptodev-pkc-support-code.patch | 260 --- ...larify-code-remove-assignments-from-condi.patch | 37 - ...lean-up-context-state-before-anything-els.patch | 34 - ...emove-code-duplication-in-digest-operatio.patch | 155 -- ...ut-all-digest-ioctls-into-a-single-functi.patch | 108 -- .../0028-cryptodev-fix-debug-print-messages.patch | 90 - ...-use-CIOCHASH-ioctl-for-digest-operations.patch | 91 - ...educe-duplicated-efforts-for-searching-in.patch | 106 - ...cryptodev-remove-not-used-local-variables.patch | 46 - ...odev-hide-not-used-variable-behind-ifndef.patch | 27 - ...3-cryptodev-fix-function-declaration-typo.patch | 26 - ...ryptodev-fix-incorrect-function-signature.patch | 26 - ...ix-warnings-on-excess-elements-in-struct-.patch | 110 -- .../0036-cryptodev-fix-free-on-error-path.patch | 46 - .../0037-cryptodev-fix-return-value-on-error.patch | 28 - ...38-cryptodev-match-types-with-cryptodev.h.patch | 29 - ...ptodev-explicitly-discard-const-qualifier.patch | 30 - .../0040-cryptodev-replace-caddr_t-with-void.patch | 95 - ...heck-for-errors-inside-cryptodev_rsa_mod_.patch | 49 - ...heck-for-errors-inside-cryptodev_rsa_mod_.patch | 69 - ...heck-for-errors-inside-cryptodev_dh_compu.patch | 52 - ...heck-for-errors-inside-cryptodev_dh_compu.patch | 76 - ...change-signature-for-conversion-functions.patch | 38 - ...add-explicit-cast-for-known-BIGNUM-values.patch | 26 - ...ptodev-treat-all-build-warnings-as-errors.patch | 28 - ...is-used-uninitialized-warning-on-some-com.patch | 29 - .../openssl/openssl-qoriq_1.0.2l.bb | 11 +- 50 files changed, 5 insertions(+), 8305 deletions(-) delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch diff --git a/recipes-connectivity/openssl/openssl-qoriq.inc b/recipes-connectivity/openssl/openssl-qoriq.inc index 306da3a..d7e4e33 100644 --- a/recipes-connectivity/openssl/openssl-qoriq.inc +++ b/recipes-connectivity/openssl/openssl-qoriq.inc @@ -22,9 +22,9 @@ python() { d.appendVar("RREPLACES_%s" % p, p.replace('openssl-qoriq', 'openssl')) } -SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ - " -S = "${WORKDIR}/openssl-${PV}" +SRC_URI = "git://github.com/qoriq-open-source/openssl.git;nobranch=1" + +S = "${WORKDIR}/git" PACKAGECONFIG[perl] = ",,," diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch deleted file mode 100644 index 67314cd..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 90d5822f09f0b6a0f1d8d2e7189e702a18686ab7 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Tue, 10 Sep 2013 12:46:46 +0300 -Subject: [PATCH 01/48] remove double initialization of cryptodev engine - -cryptodev engine is initialized together with the other engines in -ENGINE_load_builtin_engines. The initialization done through -OpenSSL_add_all_algorithms is redundant. - -Change-Id: Ic9488500967595543ff846f147b36f383db7cb27 -Signed-off-by: Cristian Stoica -Reviewed-on: http://git.am.freescale.net:8181/17222 ---- - crypto/engine/eng_all.c | 12 ------------ - crypto/engine/engine.h | 4 ---- - util/libeay.num | 2 +- - 3 files changed, 1 insertion(+), 17 deletions(-) - -diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c -index 48ad0d2..a198c5f 100644 ---- a/crypto/engine/eng_all.c -+++ b/crypto/engine/eng_all.c -@@ -122,15 +122,3 @@ void ENGINE_load_builtin_engines(void) - #endif - ENGINE_register_all_complete(); - } -- --#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) --void ENGINE_setup_bsd_cryptodev(void) --{ -- static int bsd_cryptodev_default_loaded = 0; -- if (!bsd_cryptodev_default_loaded) { -- ENGINE_load_cryptodev(); -- ENGINE_register_all_complete(); -- } -- bsd_cryptodev_default_loaded = 1; --} --#endif -diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h -index bd7b591..020d912 100644 ---- a/crypto/engine/engine.h -+++ b/crypto/engine/engine.h -@@ -857,10 +857,6 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, - */ - void *ENGINE_get_static_state(void); - --# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) --void ENGINE_setup_bsd_cryptodev(void); --# endif -- - /* BEGIN ERROR CODES */ - /* - * The following lines are auto generated by the script mkerr.pl. Any changes -diff --git a/util/libeay.num b/util/libeay.num -index 2094ab3..2742cf5 100755 ---- a/util/libeay.num -+++ b/util/libeay.num -@@ -2805,7 +2805,7 @@ BIO_indent 3242 EXIST::FUNCTION: - BUF_strlcpy 3243 EXIST::FUNCTION: - OpenSSLDie 3244 EXIST::FUNCTION: - OPENSSL_cleanse 3245 EXIST::FUNCTION: --ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE -+ENGINE_setup_bsd_cryptodev 3246 NOEXIST::FUNCTION: - ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH - EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES - FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION: --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch deleted file mode 100644 index a5c0f6d..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch +++ /dev/null @@ -1,343 +0,0 @@ -From 305ab3fd8a8620fd11f7aef7e42170ba205040a9 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Thu, 29 Aug 2013 16:51:18 +0300 -Subject: [PATCH 02/48] eng_cryptodev: add support for TLS algorithms offload - -- aes-128-cbc-hmac-sha1 -- aes-256-cbc-hmac-sha1 - -Requires TLS patches on cryptodev and TLS algorithm support in Linux -kernel driver. - -Signed-off-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 226 ++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 215 insertions(+), 11 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 2a2b95c..d4da7fb 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -72,6 +72,9 @@ void ENGINE_load_cryptodev(void) - struct dev_crypto_state { - struct session_op d_sess; - int d_fd; -+ unsigned char *aad; -+ unsigned int aad_len; -+ unsigned int len; - # ifdef USE_CRYPTODEV_DIGESTS - char dummy_mac_key[HASH_MAX_LEN]; - unsigned char digest_res[HASH_MAX_LEN]; -@@ -142,24 +145,25 @@ static struct { - int nid; - int ivmax; - int keylen; -+ int mackeylen; - } ciphers[] = { - { -- CRYPTO_ARC4, NID_rc4, 0, 16, -+ CRYPTO_ARC4, NID_rc4, 0, 16, 0 - }, - { -- CRYPTO_DES_CBC, NID_des_cbc, 8, 8, -+ CRYPTO_DES_CBC, NID_des_cbc, 8, 8, 0 - }, - { -- CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, -+ CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, 0 - }, - { -- CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, -+ CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, 0 - }, - { -- CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, -+ CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, 0 - }, - { -- CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, -+ CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, 0 - }, - # ifdef CRYPTO_AES_CTR - { -@@ -173,16 +177,22 @@ static struct { - }, - # endif - { -- CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, -+ CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, 0 - }, - { -- CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, -+ CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0 - }, - { -- CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, -+ CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0 - }, - { -- 0, NID_undef, 0, 0, -+ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20 -+ }, -+ { -+ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20 -+ }, -+ { -+ 0, NID_undef, 0, 0, 0 - }, - }; - -@@ -296,13 +306,15 @@ static int get_cryptodev_ciphers(const int **cnids) - } - memset(&sess, 0, sizeof(sess)); - sess.key = (caddr_t) "123456789abcdefghijklmno"; -+ sess.mackey = (caddr_t) "123456789ABCDEFGHIJKLMNO"; - - for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { - if (ciphers[i].nid == NID_undef) - continue; - sess.cipher = ciphers[i].id; - sess.keylen = ciphers[i].keylen; -- sess.mac = 0; -+ sess.mackeylen = ciphers[i].mackeylen; -+ - if (ioctl(fd, CIOCGSESSION, &sess) != -1 && - ioctl(fd, CIOCFSESSION, &sess.ses) != -1) - nids[count++] = ciphers[i].nid; -@@ -458,6 +470,66 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - return (1); - } - -+static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -+ const unsigned char *in, size_t len) -+{ -+ struct crypt_auth_op cryp; -+ struct dev_crypto_state *state = ctx->cipher_data; -+ struct session_op *sess = &state->d_sess; -+ const void *iiv; -+ unsigned char save_iv[EVP_MAX_IV_LENGTH]; -+ -+ if (state->d_fd < 0) -+ return (0); -+ if (!len) -+ return (1); -+ if ((len % ctx->cipher->block_size) != 0) -+ return (0); -+ -+ memset(&cryp, 0, sizeof(cryp)); -+ -+ /* TODO: make a seamless integration with cryptodev flags */ -+ switch (ctx->cipher->nid) { -+ case NID_aes_128_cbc_hmac_sha1: -+ case NID_aes_256_cbc_hmac_sha1: -+ cryp.flags = COP_FLAG_AEAD_TLS_TYPE; -+ } -+ cryp.ses = sess->ses; -+ cryp.len = state->len; -+ cryp.src = (caddr_t) in; -+ cryp.dst = (caddr_t) out; -+ cryp.auth_src = state->aad; -+ cryp.auth_len = state->aad_len; -+ -+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; -+ -+ if (ctx->cipher->iv_len) { -+ cryp.iv = (caddr_t) ctx->iv; -+ if (!ctx->encrypt) { -+ iiv = in + len - ctx->cipher->iv_len; -+ memcpy(save_iv, iiv, ctx->cipher->iv_len); -+ } -+ } else -+ cryp.iv = NULL; -+ -+ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) { -+ /* -+ * XXX need better errror handling this can fail for a number of -+ * different reasons. -+ */ -+ return (0); -+ } -+ -+ if (ctx->cipher->iv_len) { -+ if (ctx->encrypt) -+ iiv = out + len - ctx->cipher->iv_len; -+ else -+ iiv = save_iv; -+ memcpy(ctx->iv, iiv, ctx->cipher->iv_len); -+ } -+ return (1); -+} -+ - static int - cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -@@ -497,6 +569,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - } - - /* -+ * Save the encryption key provided by upper layers. This function is called -+ * by EVP_CipherInit_ex to initialize the algorithm's extra data. We can't do -+ * much here because the mac key is not available. The next call should/will -+ * be to cryptodev_cbc_hmac_sha1_ctrl with parameter -+ * EVP_CTRL_AEAD_SET_MAC_KEY, to set the hmac key. There we call CIOCGSESSION -+ * with both the crypto and hmac keys. -+ */ -+static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx, -+ const unsigned char *key, -+ const unsigned char *iv, int enc) -+{ -+ struct dev_crypto_state *state = ctx->cipher_data; -+ struct session_op *sess = &state->d_sess; -+ int cipher = -1, i; -+ -+ for (i = 0; ciphers[i].id; i++) -+ if (ctx->cipher->nid == ciphers[i].nid && -+ ctx->cipher->iv_len <= ciphers[i].ivmax && -+ ctx->key_len == ciphers[i].keylen) { -+ cipher = ciphers[i].id; -+ break; -+ } -+ -+ if (!ciphers[i].id) { -+ state->d_fd = -1; -+ return (0); -+ } -+ -+ memset(sess, 0, sizeof(struct session_op)); -+ -+ sess->key = (caddr_t) key; -+ sess->keylen = ctx->key_len; -+ sess->cipher = cipher; -+ -+ /* for whatever reason, (1) means success */ -+ return (1); -+} -+ -+/* - * free anything we allocated earlier when initting a - * session, and close the session. - */ -@@ -530,6 +641,63 @@ static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx) - return (ret); - } - -+static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, -+ int arg, void *ptr) -+{ -+ switch (type) { -+ case EVP_CTRL_AEAD_SET_MAC_KEY: -+ { -+ /* TODO: what happens with hmac keys larger than 64 bytes? */ -+ struct dev_crypto_state *state = ctx->cipher_data; -+ struct session_op *sess = &state->d_sess; -+ -+ if ((state->d_fd = get_dev_crypto()) < 0) -+ return (0); -+ -+ /* the rest should have been set in cryptodev_init_aead_key */ -+ sess->mackey = ptr; -+ sess->mackeylen = arg; -+ -+ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { -+ put_dev_crypto(state->d_fd); -+ state->d_fd = -1; -+ return (0); -+ } -+ return (1); -+ } -+ case EVP_CTRL_AEAD_TLS1_AAD: -+ { -+ /* ptr points to the associated data buffer of 13 bytes */ -+ struct dev_crypto_state *state = ctx->cipher_data; -+ unsigned char *p = ptr; -+ unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1]; -+ unsigned int maclen, padlen; -+ unsigned int bs = ctx->cipher->block_size; -+ -+ state->aad = ptr; -+ state->aad_len = arg; -+ state->len = cryptlen; -+ -+ /* TODO: this should be an extension of EVP_CIPHER struct */ -+ switch (ctx->cipher->nid) { -+ case NID_aes_128_cbc_hmac_sha1: -+ case NID_aes_256_cbc_hmac_sha1: -+ maclen = SHA_DIGEST_LENGTH; -+ } -+ -+ /* space required for encryption (not only TLS padding) */ -+ padlen = maclen; -+ if (ctx->encrypt) { -+ cryptlen += maclen; -+ padlen += bs - (cryptlen % bs); -+ } -+ return padlen; -+ } -+ default: -+ return -1; -+ } -+} -+ - /* - * libcrypto EVP stuff - this is how we get wired to EVP so the engine - * gets called when libcrypto requests a cipher NID. -@@ -642,6 +810,34 @@ const EVP_CIPHER cryptodev_aes_256_cbc = { - NULL - }; - -+const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = { -+ NID_aes_128_cbc_hmac_sha1, -+ 16, 16, 16, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, -+ cryptodev_init_aead_key, -+ cryptodev_aead_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_cbc_hmac_sha1_ctrl, -+ NULL -+}; -+ -+const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = { -+ NID_aes_256_cbc_hmac_sha1, -+ 16, 32, 16, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, -+ cryptodev_init_aead_key, -+ cryptodev_aead_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_cbc_hmac_sha1_ctrl, -+ NULL -+}; -+ - # ifdef CRYPTO_AES_CTR - const EVP_CIPHER cryptodev_aes_ctr = { - NID_aes_128_ctr, -@@ -730,6 +926,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - *cipher = &cryptodev_aes_ctr_256; - break; - # endif -+ case NID_aes_128_cbc_hmac_sha1: -+ *cipher = &cryptodev_aes_128_cbc_hmac_sha1; -+ break; -+ case NID_aes_256_cbc_hmac_sha1: -+ *cipher = &cryptodev_aes_256_cbc_hmac_sha1; -+ break; - default: - *cipher = NULL; - break; -@@ -1485,6 +1687,8 @@ void ENGINE_load_cryptodev(void) - } - put_dev_crypto(fd); - -+ EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); -+ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); - if (!ENGINE_set_id(engine, "cryptodev") || - !ENGINE_set_name(engine, "BSD cryptodev engine") || - !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch deleted file mode 100644 index c53ffc9..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch +++ /dev/null @@ -1,61 +0,0 @@ -From ce6fa215fa58e7ca7a81c70ce8c91f871a20a9dd Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Thu, 31 Jul 2014 14:06:19 +0300 -Subject: [PATCH 03/48] cryptodev: fix algorithm registration - -Cryptodev specific algorithms must register only if available in kernel. - -Signed-off-by: Cristian Stoica -Reviewed-by: Horia Ioan Geanta Neag ---- - crypto/engine/eng_cryptodev.c | 20 +++++++++++++++++--- - 1 file changed, 17 insertions(+), 3 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index d4da7fb..49ed638 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -135,6 +135,8 @@ static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, - static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, - void (*f) (void)); - void ENGINE_load_cryptodev(void); -+const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; -+const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; - - static const ENGINE_CMD_DEFN cryptodev_defns[] = { - {0, NULL, NULL, 0} -@@ -390,7 +392,21 @@ static int get_cryptodev_digests(const int **cnids) - */ - static int cryptodev_usable_ciphers(const int **nids) - { -- return (get_cryptodev_ciphers(nids)); -+ int i, count; -+ -+ count = get_cryptodev_ciphers(nids); -+ /* add ciphers specific to cryptodev if found in kernel */ -+ for (i = 0; i < count; i++) { -+ switch (*(*nids + i)) { -+ case NID_aes_128_cbc_hmac_sha1: -+ EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); -+ break; -+ case NID_aes_256_cbc_hmac_sha1: -+ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); -+ break; -+ } -+ } -+ return count; - } - - static int cryptodev_usable_digests(const int **nids) -@@ -1687,8 +1703,6 @@ void ENGINE_load_cryptodev(void) - } - put_dev_crypto(fd); - -- EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); -- EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); - if (!ENGINE_set_id(engine, "cryptodev") || - !ENGINE_set_name(engine, "BSD cryptodev engine") || - !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch deleted file mode 100644 index 5b6fda1..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch +++ /dev/null @@ -1,319 +0,0 @@ -From 63ed25dadde23d01eaac6f4c4dae463ba4d7c368 Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Tue, 11 Mar 2014 05:56:54 +0545 -Subject: [PATCH 04/48] ECC Support header for Cryptodev Engine - -Upstream-status: Pending - -Signed-off-by: Yashpal Dutta ---- - crypto/engine/eng_cryptodev_ec.h | 297 +++++++++++++++++++++++++++++++++++++++ - 1 file changed, 297 insertions(+) - create mode 100644 crypto/engine/eng_cryptodev_ec.h - -diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h -new file mode 100644 -index 0000000..af54c51 ---- /dev/null -+++ b/crypto/engine/eng_cryptodev_ec.h -@@ -0,0 +1,297 @@ -+/* -+ * Copyright (C) 2012 Freescale Semiconductor, Inc. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY -+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY -+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+#ifndef __ENG_EC_H -+#define __ENG_EC_H -+ -+#define SPCF_CPARAM_INIT(X,...) \ -+static unsigned char X##_c[] = {__VA_ARGS__} \ -+ -+#define SPCF_FREE_BN(X) do { if(X) { BN_clear_free(X); X = NULL; } } while (0) -+ -+#define SPCF_COPY_CPARAMS(NIDBUF) \ -+ do { \ -+ memcpy (buf, NIDBUF, buf_len); \ -+ } while (0) -+ -+#define SPCF_CPARAM_CASE(X) \ -+ case NID_##X: \ -+ SPCF_COPY_CPARAMS(X##_c); \ -+ break -+ -+SPCF_CPARAM_INIT(sect113r1, 0x01, 0x73, 0xE8, 0x34, 0xAF, 0x28, 0xEC, 0x76, -+ 0xCB, 0x83, 0xBD, 0x8D, 0xFE, 0xB2, 0xD5); -+SPCF_CPARAM_INIT(sect113r2, 0x00, 0x54, 0xD9, 0xF0, 0x39, 0x57, 0x17, 0x4A, -+ 0x32, 0x32, 0x91, 0x67, 0xD7, 0xFE, 0x71); -+SPCF_CPARAM_INIT(sect131r1, 0x03, 0xDB, 0x89, 0xB4, 0x05, 0xE4, 0x91, 0x16, -+ 0x0E, 0x3B, 0x2F, 0x07, 0xB0, 0xCE, 0x20, 0xB3, 0x7E); -+SPCF_CPARAM_INIT(sect131r2, 0x07, 0xCB, 0xB9, 0x92, 0x0D, 0x71, 0xA4, 0x8E, -+ 0x09, 0x9C, 0x38, 0xD7, 0x1D, 0xA6, 0x49, 0x0E, 0xB1); -+SPCF_CPARAM_INIT(sect163k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x01); -+SPCF_CPARAM_INIT(sect163r1, 0x05, 0xED, 0x40, 0x3E, 0xD5, 0x8E, 0xB4, 0x5B, -+ 0x1C, 0xCE, 0xCA, 0x0F, 0x4F, 0x61, 0x65, 0x55, 0x49, 0x86, -+ 0x1B, 0xE0, 0x52); -+SPCF_CPARAM_INIT(sect163r2, 0x07, 0x2C, 0x4E, 0x1E, 0xF7, 0xCB, 0x2F, 0x3A, -+ 0x03, 0x5D, 0x33, 0x10, 0x42, 0x94, 0x15, 0x96, 0x09, 0x13, -+ 0x8B, 0xB4, 0x04); -+SPCF_CPARAM_INIT(sect193r1, 0x01, 0x67, 0xB3, 0x5E, 0xB4, 0x31, 0x3F, 0x26, -+ 0x3D, 0x0F, 0x7A, 0x3D, 0x50, 0x36, 0xF0, 0xA0, 0xA3, 0xC9, -+ 0x80, 0xD4, 0x0E, 0x5A, 0x05, 0x3E, 0xD2); -+SPCF_CPARAM_INIT(sect193r2, 0x00, 0x69, 0x89, 0xFE, 0x6B, 0xFE, 0x30, 0xED, -+ 0xDC, 0x32, 0x44, 0x26, 0x9F, 0x3A, 0xAD, 0x18, 0xD6, 0x6C, -+ 0xF3, 0xDB, 0x3E, 0x33, 0x02, 0xFA, 0xA8); -+SPCF_CPARAM_INIT(sect233k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x01); -+SPCF_CPARAM_INIT(sect233r1, 0x00, 0x07, 0xD5, 0xEF, 0x43, 0x89, 0xDF, 0xF1, -+ 0x1E, 0xCD, 0xBA, 0x39, 0xC3, 0x09, 0x70, 0xD3, 0xCE, 0x35, -+ 0xCE, 0xBB, 0xA5, 0x84, 0x73, 0xF6, 0x4B, 0x4D, 0xC0, 0xF2, -+ 0x68, 0x6C); -+SPCF_CPARAM_INIT(sect239k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x01); -+SPCF_CPARAM_INIT(sect283k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01); -+SPCF_CPARAM_INIT(sect283r1, 0x03, 0xD8, 0xC9, 0x3D, 0x3B, 0x0E, 0xA8, 0x1D, -+ 0x92, 0x94, 0x03, 0x4D, 0x7E, 0xE3, 0x13, 0x5D, 0x0A, 0xC5, -+ 0xFC, 0x8D, 0x9C, 0xB0, 0x27, 0x6F, 0x72, 0x11, 0xF8, 0x80, -+ 0xF0, 0xD8, 0x1C, 0xA4, 0xC6, 0xE8, 0x7B, 0x38); -+SPCF_CPARAM_INIT(sect409k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x01); -+SPCF_CPARAM_INIT(sect409r1, 0x01, 0x49, 0xB8, 0xB7, 0xBE, 0xBD, 0x9B, 0x63, -+ 0x65, 0x3E, 0xF1, 0xCD, 0x8C, 0x6A, 0x5D, 0xD1, 0x05, 0xA2, -+ 0xAA, 0xAC, 0x36, 0xFE, 0x2E, 0xAE, 0x43, 0xCF, 0x28, 0xCE, -+ 0x1C, 0xB7, 0xC8, 0x30, 0xC1, 0xEC, 0xDB, 0xFA, 0x41, 0x3A, -+ 0xB0, 0x7F, 0xE3, 0x5A, 0x57, 0x81, 0x1A, 0xE4, 0xF8, 0x8D, -+ 0x30, 0xAC, 0x63, 0xFB); -+SPCF_CPARAM_INIT(sect571k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x01); -+SPCF_CPARAM_INIT(sect571r1, 0x06, 0x39, 0x5D, 0xB2, 0x2A, 0xB5, 0x94, 0xB1, -+ 0x86, 0x8C, 0xED, 0x95, 0x25, 0x78, 0xB6, 0x53, 0x9F, 0xAB, -+ 0xA6, 0x94, 0x06, 0xD9, 0xB2, 0x98, 0x61, 0x23, 0xA1, 0x85, -+ 0xC8, 0x58, 0x32, 0xE2, 0x5F, 0xD5, 0xB6, 0x38, 0x33, 0xD5, -+ 0x14, 0x42, 0xAB, 0xF1, 0xA9, 0xC0, 0x5F, 0xF0, 0xEC, 0xBD, -+ 0x88, 0xD7, 0xF7, 0x79, 0x97, 0xF4, 0xDC, 0x91, 0x56, 0xAA, -+ 0xF1, 0xCE, 0x08, 0x16, 0x46, 0x86, 0xDD, 0xFF, 0x75, 0x11, -+ 0x6F, 0xBC, 0x9A, 0x7A); -+SPCF_CPARAM_INIT(X9_62_c2pnb163v1, 0x04, 0x53, 0xE1, 0xE4, 0xB7, 0x29, 0x1F, -+ 0x5C, 0x2D, 0x53, 0xCE, 0x18, 0x48, 0x3F, 0x00, 0x70, 0x81, -+ 0xE7, 0xEA, 0x26, 0xEC); -+SPCF_CPARAM_INIT(X9_62_c2pnb163v2, 0x04, 0x35, 0xC0, 0x19, 0x66, 0x0E, 0x01, -+ 0x01, 0xBA, 0x87, 0x0C, 0xA3, 0x9F, 0xD9, 0xA7, 0x76, 0x86, -+ 0x50, 0x9D, 0x28, 0x13); -+SPCF_CPARAM_INIT(X9_62_c2pnb163v3, 0x06, 0x55, 0xC4, 0x54, 0xE4, 0x1E, 0x38, -+ 0x0C, 0x7A, 0x60, 0xB6, 0x67, 0x9A, 0x5B, 0x7A, 0x3F, 0x3A, -+ 0xF6, 0x8E, 0x22, 0xC5); -+SPCF_CPARAM_INIT(X9_62_c2pnb176v1, 0x00, 0x69, 0xF7, 0xDA, 0x36, 0x19, 0xA7, -+ 0x42, 0xA3, 0x82, 0xFF, 0x05, 0x08, 0x8F, 0xD3, 0x99, 0x42, -+ 0xCA, 0x0F, 0x1D, 0x90, 0xB6, 0x5B); -+SPCF_CPARAM_INIT(X9_62_c2tnb191v1, 0x4C, 0x45, 0x25, 0xAB, 0x0B, 0x68, 0x4A, -+ 0x64, 0x44, 0x62, 0x0A, 0x86, 0x45, 0xEF, 0x54, 0x6D, 0x54, -+ 0x69, 0x39, 0x68, 0xC2, 0xAE, 0x84, 0xAC); -+SPCF_CPARAM_INIT(X9_62_c2tnb191v2, 0x03, 0x7C, 0x8F, 0x57, 0xA2, 0x25, 0xC7, -+ 0xB3, 0xD4, 0xED, 0xD5, 0x88, 0x0F, 0x38, 0x0A, 0xCC, 0x55, -+ 0x74, 0xEC, 0xB3, 0x6C, 0x9F, 0x51, 0x21); -+SPCF_CPARAM_INIT(X9_62_c2tnb191v3, 0x37, 0x39, 0xFF, 0x98, 0xB4, 0xD1, 0x69, -+ 0x3E, 0xCF, 0x52, 0x7A, 0x98, 0x51, 0xED, 0xCF, 0x99, 0x9D, -+ 0x9E, 0x75, 0x05, 0x43, 0x33, 0x43, 0x24); -+SPCF_CPARAM_INIT(X9_62_c2pnb208w1, 0x00, 0xDB, 0x05, 0x3C, 0x41, 0x76, 0xCC, -+ 0x1D, 0xA1, 0x27, 0x85, 0x2C, 0xA6, 0xD9, 0x88, 0xBE, 0x1A, -+ 0xCC, 0xD1, 0x5B, 0x2A, 0xC1, 0xC1, 0x07, 0x42, 0x57, 0x34); -+SPCF_CPARAM_INIT(X9_62_c2tnb239v1, 0x24, 0x59, 0xFC, 0xF4, 0x51, 0x7B, 0xC5, -+ 0xA6, 0xB9, 0x9B, 0xE5, 0xC6, 0xC5, 0x62, 0x85, 0xC0, 0x21, -+ 0xFE, 0x32, 0xEE, 0x2B, 0x6F, 0x1C, 0x22, 0xEA, 0x5B, 0xE1, -+ 0xB8, 0x4B, 0x93); -+SPCF_CPARAM_INIT(X9_62_c2tnb239v2, 0x64, 0x98, 0x84, 0x19, 0x3B, 0x56, 0x2D, -+ 0x4A, 0x50, 0xB4, 0xFA, 0x56, 0x34, 0xE0, 0x34, 0x41, 0x3F, -+ 0x94, 0xC4, 0x59, 0xDA, 0x7C, 0xDB, 0x16, 0x64, 0x9D, 0xDD, -+ 0xF7, 0xE6, 0x0A); -+SPCF_CPARAM_INIT(X9_62_c2tnb239v3, 0x32, 0x63, 0x2E, 0x65, 0x2B, 0xEE, 0x91, -+ 0xC2, 0xE4, 0xA2, 0xF5, 0x42, 0xA3, 0x2D, 0x67, 0xA8, 0xB5, -+ 0xB4, 0x5F, 0x21, 0xA0, 0x81, 0x02, 0xFB, 0x1F, 0x2A, 0xFB, -+ 0xB6, 0xAC, 0xDA); -+SPCF_CPARAM_INIT(X9_62_c2pnb272w1, 0x00, 0xDA, 0x7B, 0x60, 0x28, 0xF4, 0xC8, -+ 0x09, 0xA0, 0xB9, 0x78, 0x81, 0xC3, 0xA5, 0x7E, 0x4D, 0x71, -+ 0x81, 0x34, 0xD1, 0x3F, 0xEC, 0xE0, 0x90, 0x85, 0x8A, 0xC3, -+ 0x1A, 0xE2, 0xDC, 0x2E, 0xDF, 0x8E, 0x3C, 0x8B); -+SPCF_CPARAM_INIT(X9_62_c2pnb304w1, 0x00, 0x3C, 0x67, 0xB4, 0x07, 0xC6, 0xF3, -+ 0x3F, 0x81, 0x0B, 0x17, 0xDC, 0x16, 0xE2, 0x14, 0x8A, 0x2C, -+ 0x9C, 0xE2, 0x9D, 0x56, 0x05, 0x23, 0x69, 0x6A, 0x55, 0x93, -+ 0x8A, 0x15, 0x40, 0x81, 0xE3, 0xE3, 0xAE, 0xFB, 0xCE, 0x45, -+ 0x70, 0xC9); -+SPCF_CPARAM_INIT(X9_62_c2tnb359v1, 0x22, 0x39, 0xAA, 0x58, 0x4A, 0xC5, 0x9A, -+ 0xF9, 0x61, 0xD0, 0xFA, 0x2D, 0x52, 0x85, 0xB6, 0xFD, 0xF7, -+ 0x34, 0x9B, 0xC6, 0x0E, 0x91, 0xE3, 0x20, 0xF4, 0x71, 0x64, -+ 0xCE, 0x11, 0xF5, 0x18, 0xEF, 0xB4, 0xC0, 0x8B, 0x9B, 0xDA, -+ 0x99, 0x9A, 0x8A, 0x37, 0xF8, 0x2A, 0x22, 0x61); -+SPCF_CPARAM_INIT(X9_62_c2pnb368w1, 0x00, 0xC0, 0x6C, 0xCF, 0x42, 0x89, 0x3A, -+ 0x8A, 0xAA, 0x00, 0x1E, 0x0B, 0xC0, 0xD2, 0xA2, 0x27, 0x66, -+ 0xEF, 0x3E, 0x41, 0x88, 0x7C, 0xC6, 0x77, 0x6F, 0x4A, 0x04, -+ 0x1E, 0xE4, 0x45, 0x14, 0xB2, 0x0A, 0xFC, 0x4E, 0x5C, 0x30, -+ 0x40, 0x60, 0x06, 0x5B, 0xC8, 0xD6, 0xCF, 0x04, 0xD3, 0x25); -+SPCF_CPARAM_INIT(X9_62_c2tnb431r1, 0x64, 0xF5, 0xBB, 0xE9, 0xBB, 0x31, 0x66, -+ 0xA3, 0xA0, 0x2F, 0x2F, 0x22, 0xBF, 0x05, 0xD9, 0xF7, 0xDA, -+ 0x43, 0xEE, 0x70, 0xC1, 0x79, 0x03, 0x15, 0x2B, 0x70, 0xA0, -+ 0xB4, 0x25, 0x9B, 0xD2, 0xFC, 0xB2, 0x20, 0x3B, 0x7F, 0xB8, -+ 0xD3, 0x39, 0x4E, 0x20, 0xEB, 0x0E, 0xA9, 0x84, 0xDD, 0xB1, -+ 0xE1, 0xF1, 0x4C, 0x67, 0xB1, 0x36, 0x2B); -+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01); -+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x01); -+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls4, 0x01, 0x73, 0xE8, 0x34, 0xAF, 0x28, -+ 0xEC, 0x76, 0xCB, 0x83, 0xBD, 0x8D, 0xFE, 0xB2, 0xD5); -+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls5, 0x04, 0x53, 0xE1, 0xE4, 0xB7, 0x29, -+ 0x1F, 0x5C, 0x2D, 0x53, 0xCE, 0x18, 0x48, 0x3F, 0x00, 0x70, -+ 0x81, 0xE7, 0xEA, 0x26, 0xEC); -+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x01); -+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls11, 0x00, 0x07, 0xD5, 0xEF, 0x43, 0x89, -+ 0xDF, 0xF1, 0x1E, 0xCD, 0xBA, 0x39, 0xC3, 0x09, 0x70, 0xD3, -+ 0xCE, 0x35, 0xCE, 0xBB, 0xA5, 0x84, 0x73, 0xF6, 0x4B, 0x4D, -+ 0xC0, 0xF2, 0x68, 0x6C); -+/* Oakley curve #3 over 155 bit binary filed */ -+SPCF_CPARAM_INIT(ipsec3, 0x00, 0x31, 0x10, 0x00, 0x00, 0x02, 0x23, 0xA0, 0x00, -+ 0xC4, 0x47, 0x40, 0x00, 0x08, 0x8E, 0x80, 0x00, 0x11, 0x1D, -+ 0x1D); -+/* Oakley curve #4 over 185 bit binary filed */ -+SPCF_CPARAM_INIT(ipsec4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, -+ 0x01, 0x80, 0x00, 0xC0, 0x0C, 0x00, 0x00, 0x00, 0x63, 0x80, -+ 0x30, 0x00, 0x1C, 0x00, 0x09); -+ -+static inline int -+eng_ec_get_cparam(int nid, unsigned char *buf, unsigned int buf_len) -+{ -+ int ret = 0; -+ switch (nid) { -+ SPCF_CPARAM_CASE(sect113r1); -+ SPCF_CPARAM_CASE(sect113r2); -+ SPCF_CPARAM_CASE(sect131r1); -+ SPCF_CPARAM_CASE(sect131r2); -+ SPCF_CPARAM_CASE(sect163k1); -+ SPCF_CPARAM_CASE(sect163r1); -+ SPCF_CPARAM_CASE(sect163r2); -+ SPCF_CPARAM_CASE(sect193r1); -+ SPCF_CPARAM_CASE(sect193r2); -+ SPCF_CPARAM_CASE(sect233k1); -+ SPCF_CPARAM_CASE(sect233r1); -+ SPCF_CPARAM_CASE(sect239k1); -+ SPCF_CPARAM_CASE(sect283k1); -+ SPCF_CPARAM_CASE(sect283r1); -+ SPCF_CPARAM_CASE(sect409k1); -+ SPCF_CPARAM_CASE(sect409r1); -+ SPCF_CPARAM_CASE(sect571k1); -+ SPCF_CPARAM_CASE(sect571r1); -+ SPCF_CPARAM_CASE(X9_62_c2pnb163v1); -+ SPCF_CPARAM_CASE(X9_62_c2pnb163v2); -+ SPCF_CPARAM_CASE(X9_62_c2pnb163v3); -+ SPCF_CPARAM_CASE(X9_62_c2pnb176v1); -+ SPCF_CPARAM_CASE(X9_62_c2tnb191v1); -+ SPCF_CPARAM_CASE(X9_62_c2tnb191v2); -+ SPCF_CPARAM_CASE(X9_62_c2tnb191v3); -+ SPCF_CPARAM_CASE(X9_62_c2pnb208w1); -+ SPCF_CPARAM_CASE(X9_62_c2tnb239v1); -+ SPCF_CPARAM_CASE(X9_62_c2tnb239v2); -+ SPCF_CPARAM_CASE(X9_62_c2tnb239v3); -+ SPCF_CPARAM_CASE(X9_62_c2pnb272w1); -+ SPCF_CPARAM_CASE(X9_62_c2pnb304w1); -+ SPCF_CPARAM_CASE(X9_62_c2tnb359v1); -+ SPCF_CPARAM_CASE(X9_62_c2pnb368w1); -+ SPCF_CPARAM_CASE(X9_62_c2tnb431r1); -+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls1); -+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls3); -+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls4); -+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls5); -+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls10); -+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls11); -+ /* Oakley curve #3 over 155 bit binary filed */ -+ SPCF_CPARAM_CASE(ipsec3); -+ /* Oakley curve #4 over 185 bit binary filed */ -+ SPCF_CPARAM_CASE(ipsec4); -+ default: -+ ret = -EINVAL; -+ break; -+ } -+ return ret; -+} -+ -+/* Copies the curve points to a flat buffer with appropriate padding */ -+static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y, -+ int xy_len, int crv_len) -+{ -+ unsigned char *xy = NULL; -+ int len1 = 0, len2 = 0; -+ -+ len1 = BN_num_bytes(x); -+ len2 = BN_num_bytes(y); -+ -+ if (!(xy = malloc(xy_len))) { -+ return NULL; -+ } -+ -+ memset(xy, 0, xy_len); -+ -+ if (len1 < crv_len) { -+ if (!BN_is_zero(x)) -+ BN_bn2bin(x, xy + (crv_len - len1)); -+ } else { -+ BN_bn2bin(x, xy); -+ } -+ -+ if (len2 < crv_len) { -+ if (!BN_is_zero(y)) -+ BN_bn2bin(y, xy+crv_len+(crv_len-len2)); -+ } else { -+ BN_bn2bin(y, xy+crv_len); -+ } -+ -+ return xy; -+} -+ -+enum curve_t { -+ DISCRETE_LOG, -+ ECC_PRIME, -+ ECC_BINARY, -+ MAX_ECC_TYPE -+}; -+#endif --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch deleted file mode 100644 index 156b743..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch +++ /dev/null @@ -1,1578 +0,0 @@ -From aff25bbf6b5b833931a5281d30a6f26fda9f0a52 Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Tue, 11 Mar 2014 06:29:52 +0545 -Subject: [PATCH 05/48] Initial support for PKC in cryptodev engine - -Upstream-status: Pending - -Signed-off-by: Yashpal Dutta ---- - crypto/engine/eng_cryptodev.c | 1365 ++++++++++++++++++++++++++++++++++++----- - 1 file changed, 1202 insertions(+), 163 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 49ed638..cc9b63b 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -59,6 +59,10 @@ void ENGINE_load_cryptodev(void) - # include - # include - # include -+# include -+# include -+# include -+# include - # include - # include - # include -@@ -68,6 +72,7 @@ void ENGINE_load_cryptodev(void) - # include - # include - # include -+# include "eng_cryptodev_ec.h" - - struct dev_crypto_state { - struct session_op d_sess; -@@ -116,20 +121,10 @@ static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, - BN_CTX *ctx); - static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, - BN_CTX *ctx); --static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, -- const BIGNUM *p, const BIGNUM *m, -- BN_CTX *ctx, BN_MONT_CTX *m_ctx); --static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, -- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, -- BIGNUM *p, BN_CTX *ctx, -- BN_MONT_CTX *mont); - static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, - DSA *dsa); - static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa); --static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, -- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, -- BN_MONT_CTX *m_ctx); - static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, - DH *dh); - static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, -@@ -138,6 +133,105 @@ void ENGINE_load_cryptodev(void); - const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; - const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; - -+inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) -+{ -+ int len; -+ unsigned char *p; -+ -+ len = BN_num_bytes(bn); -+ -+ if (!len) -+ return -1; -+ -+ p = malloc(len); -+ if (!p) -+ return -1; -+ -+ BN_bn2bin(bn, p); -+ -+ *bin = p; -+ *bin_len = len; -+ -+ return 0; -+} -+ -+inline int spcf_bn2bin_ex(BIGNUM *bn, unsigned char **bin, int *bin_len) -+{ -+ int len; -+ unsigned char *p; -+ -+ len = BN_num_bytes(bn); -+ -+ if (!len) -+ return -1; -+ -+ if (len < *bin_len) -+ p = malloc(*bin_len); -+ else -+ p = malloc(len); -+ -+ if (!p) -+ return -ENOMEM; -+ -+ if (len < *bin_len) { -+ /* place padding */ -+ memset(p, 0, (*bin_len - len)); -+ BN_bn2bin(bn, p + (*bin_len - len)); -+ } else { -+ BN_bn2bin(bn, p); -+ } -+ -+ *bin = p; -+ if (len >= *bin_len) -+ *bin_len = len; -+ -+ return 0; -+} -+ -+/** -+ * Convert an ECC F2m 'b' parameter into the 'c' parameter. -+ *Inputs: -+ * q, the curve's modulus -+ * b, the curve's b parameter -+ * (a bignum for b, a buffer for c) -+ * Output: -+ * c, written into bin, right-adjusted to fill q_len bytes. -+ */ -+static int -+eng_ec_compute_cparam(const BIGNUM *b, const BIGNUM *q, -+ unsigned char **bin, int *bin_len) -+{ -+ BIGNUM *c = BN_new(); -+ BIGNUM *exp = BN_new(); -+ BN_CTX *ctx = BN_CTX_new(); -+ int m = BN_num_bits(q) - 1; -+ int ok = 0; -+ -+ if (!c || !exp || !ctx || *bin) -+ goto err; -+ -+ /* -+ * We have to compute c, where b = c^4, i.e., the fourth root of b. -+ * The equation for c is c = b^(2^(m-2)) -+ * Compute exp = 2^(m-2) -+ * (1 << x) == 2^x -+ * and then compute c = b^exp -+ */ -+ BN_lshift(exp, BN_value_one(), m - 2); -+ BN_GF2m_mod_exp(c, b, exp, q, ctx); -+ /* Store c */ -+ spcf_bn2bin_ex(c, bin, bin_len); -+ ok = 1; -+ err: -+ if (ctx) -+ BN_CTX_free(ctx); -+ if (c) -+ BN_free(c); -+ if (exp) -+ BN_free(exp); -+ return ok; -+} -+ - static const ENGINE_CMD_DEFN cryptodev_defns[] = { - {0, NULL, NULL, 0} - }; -@@ -1230,7 +1324,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, - */ - static int bn2crparam(const BIGNUM *a, struct crparam *crp) - { -- int i, j, k; - ssize_t bytes, bits; - u_char *b; - -@@ -1248,36 +1341,21 @@ static int bn2crparam(const BIGNUM *a, struct crparam *crp) - crp->crp_p = (caddr_t) b; - crp->crp_nbits = bits; - -- for (i = 0, j = 0; i < a->top; i++) { -- for (k = 0; k < BN_BITS2 / 8; k++) { -- if ((j + k) >= bytes) -- return (0); -- b[j + k] = a->d[i] >> (k * 8); -- } -- j += BN_BITS2 / 8; -- } -+ BN_bn2bin(a, crp->crp_p); - return (0); - } - - /* Convert a /dev/crypto parameter to a BIGNUM */ - static int crparam2bn(struct crparam *crp, BIGNUM *a) - { -- u_int8_t *pd; -- int i, bytes; -+ int bytes; - - bytes = (crp->crp_nbits + 7) / 8; - - if (bytes == 0) - return (-1); - -- if ((pd = (u_int8_t *) malloc(bytes)) == NULL) -- return (-1); -- -- for (i = 0; i < bytes; i++) -- pd[i] = crp->crp_p[bytes - i - 1]; -- -- BN_bin2bn(pd, bytes, a); -- free(pd); -+ BN_bin2bn(crp->crp_p, bytes, a); - - return (0); - } -@@ -1334,6 +1412,32 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, - return ret; - } - -+/* Close an opened instance of cryptodev engine */ -+void cryptodev_close_instance(void *handle) -+{ -+ int fd; -+ -+ if (handle) { -+ fd = *(int *)handle; -+ close(fd); -+ free(handle); -+ } -+} -+ -+/* Create an instance of cryptodev for asynchronous interface */ -+void *cryptodev_init_instance(void) -+{ -+ int *fd = malloc(sizeof(int)); -+ -+ if (fd) { -+ if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) { -+ free(fd); -+ return NULL; -+ } -+ } -+ return fd; -+} -+ - static int - cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) -@@ -1350,8 +1454,9 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - return (ret); - } - -- memset(&kop, 0, sizeof kop); - kop.crk_op = CRK_MOD_EXP; -+ kop.crk_oparams = 0; -+ kop.crk_status = 0; - - /* inputs: a^p % m */ - if (bn2crparam(a, &kop.crk_param[0])) -@@ -1394,28 +1499,39 @@ static int - cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) - { - struct crypt_kop kop; -- int ret = 1; -+ int ret = 1, f_len, p_len, q_len; -+ unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq = -+ NULL, *c = NULL; - - if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { - /* XXX 0 means failure?? */ - return (0); - } - -- memset(&kop, 0, sizeof kop); -+ kop.crk_oparams = 0; -+ kop.crk_status = 0; - kop.crk_op = CRK_MOD_EXP_CRT; -+ f_len = BN_num_bytes(rsa->n); -+ spcf_bn2bin_ex(I, &f, &f_len); -+ spcf_bn2bin(rsa->p, &p, &p_len); -+ spcf_bn2bin(rsa->q, &q, &q_len); -+ spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len); -+ spcf_bn2bin_ex(rsa->iqmp, &c, &p_len); -+ spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len); - /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ -- if (bn2crparam(rsa->p, &kop.crk_param[0])) -- goto err; -- if (bn2crparam(rsa->q, &kop.crk_param[1])) -- goto err; -- if (bn2crparam(I, &kop.crk_param[2])) -- goto err; -- if (bn2crparam(rsa->dmp1, &kop.crk_param[3])) -- goto err; -- if (bn2crparam(rsa->dmq1, &kop.crk_param[4])) -- goto err; -- if (bn2crparam(rsa->iqmp, &kop.crk_param[5])) -- goto err; -+ kop.crk_param[0].crp_p = p; -+ kop.crk_param[0].crp_nbits = p_len * 8; -+ kop.crk_param[1].crp_p = q; -+ kop.crk_param[1].crp_nbits = q_len * 8; -+ kop.crk_param[2].crp_p = f; -+ kop.crk_param[2].crp_nbits = f_len * 8; -+ kop.crk_param[3].crp_p = dp; -+ kop.crk_param[3].crp_nbits = p_len * 8; -+ /* dq must of length q, rest all of length p */ -+ kop.crk_param[4].crp_p = dq; -+ kop.crk_param[4].crp_nbits = q_len * 8; -+ kop.crk_param[5].crp_p = c; -+ kop.crk_param[5].crp_nbits = p_len * 8; - kop.crk_iparams = 6; - - if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) { -@@ -1451,93 +1567,120 @@ static RSA_METHOD cryptodev_rsa = { - NULL /* rsa_verify */ - }; - --static int --cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, -- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) --{ -- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); --} -- --static int --cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, -- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, -- BN_CTX *ctx, BN_MONT_CTX *mont) -+static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, -+ DSA *dsa) - { -- BIGNUM t2; -- int ret = 0; -- -- BN_init(&t2); -- -- /* v = ( g^u1 * y^u2 mod p ) mod q */ -- /* let t1 = g ^ u1 mod p */ -- ret = 0; -+ struct crypt_kop kop; -+ BIGNUM *c = NULL, *d = NULL; -+ DSA_SIG *dsaret = NULL; -+ int q_len = 0, r_len = 0, g_len = 0; -+ int priv_key_len = 0, ret; -+ unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f = -+ NULL; - -- if (!dsa->meth->bn_mod_exp(dsa, t1, dsa->g, u1, dsa->p, ctx, mont)) -+ memset(&kop, 0, sizeof kop); -+ if ((c = BN_new()) == NULL) { -+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); - goto err; -+ } - -- /* let t2 = y ^ u2 mod p */ -- if (!dsa->meth->bn_mod_exp(dsa, &t2, dsa->pub_key, u2, dsa->p, ctx, mont)) -+ if ((d = BN_new()) == NULL) { -+ BN_free(c); -+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); - goto err; -- /* let u1 = t1 * t2 mod p */ -- if (!BN_mod_mul(u1, t1, &t2, dsa->p, ctx)) -+ } -+ -+ if (spcf_bn2bin(dsa->p, &q, &q_len)) { -+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - goto err; -+ } - -- BN_copy(t1, u1); -+ /* Get order of the field of private keys into plain buffer */ -+ if (spcf_bn2bin(dsa->q, &r, &r_len)) { -+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } - -- ret = 1; -- err: -- BN_free(&t2); -- return (ret); --} -+ /* sanity test */ -+ if (dlen > r_len) { -+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); -+ goto err; -+ } - --static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, -- DSA *dsa) --{ -- struct crypt_kop kop; -- BIGNUM *r = NULL, *s = NULL; -- DSA_SIG *dsaret = NULL; -+ g_len = q_len; -+ /** -+ * Get generator into a plain buffer. If length is less than -+ * q_len then add leading padding bytes. -+ */ -+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { -+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } - -- if ((r = BN_new()) == NULL) -+ priv_key_len = r_len; -+ /** -+ * Get private key into a plain buffer. If length is less than -+ * r_len then add leading padding bytes. -+ */ -+ if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) { -+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); - goto err; -- if ((s = BN_new()) == NULL) { -- BN_free(r); -+ } -+ -+ /* Allocate memory to store hash. */ -+ f = OPENSSL_malloc(r_len); -+ if (!f) { -+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); - goto err; - } - -- memset(&kop, 0, sizeof kop); -+ /* Add padding, since SEC expects hash to of size r_len */ -+ if (dlen < r_len) -+ memset(f, 0, r_len - dlen); -+ -+ /* Skip leading bytes if dgst_len < r_len */ -+ memcpy(f + r_len - dlen, dgst, dlen); -+ - kop.crk_op = CRK_DSA_SIGN; - - /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ -- kop.crk_param[0].crp_p = (caddr_t) dgst; -- kop.crk_param[0].crp_nbits = dlen * 8; -- if (bn2crparam(dsa->p, &kop.crk_param[1])) -- goto err; -- if (bn2crparam(dsa->q, &kop.crk_param[2])) -- goto err; -- if (bn2crparam(dsa->g, &kop.crk_param[3])) -+ kop.crk_param[0].crp_p = (void *)f; -+ kop.crk_param[0].crp_nbits = r_len * 8; -+ kop.crk_param[1].crp_p = (void *)q; -+ kop.crk_param[1].crp_nbits = q_len * 8; -+ kop.crk_param[2].crp_p = (void *)r; -+ kop.crk_param[2].crp_nbits = r_len * 8; -+ kop.crk_param[3].crp_p = (void *)g; -+ kop.crk_param[3].crp_nbits = g_len * 8; -+ kop.crk_param[4].crp_p = (void *)priv_key; -+ kop.crk_param[4].crp_nbits = priv_key_len * 8; -+ kop.crk_iparams = 5; -+ -+ ret = cryptodev_asym(&kop, r_len, c, r_len, d); -+ -+ if (ret) { -+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DECODE_ERROR); - goto err; -- if (bn2crparam(dsa->priv_key, &kop.crk_param[4])) -+ } -+ -+ dsaret = DSA_SIG_new(); -+ if (dsaret == NULL) - goto err; -- kop.crk_iparams = 5; -+ dsaret->r = c; -+ dsaret->s = d; - -- if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r, -- BN_num_bytes(dsa->q), s) == 0) { -- dsaret = DSA_SIG_new(); -- if (dsaret == NULL) -- goto err; -- dsaret->r = r; -- dsaret->s = s; -- r = s = NULL; -- } else { -+ zapparams(&kop); -+ return (dsaret); -+ err: -+ { - const DSA_METHOD *meth = DSA_OpenSSL(); -+ if (c) -+ BN_free(c); -+ if (d) -+ BN_free(d); - dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa); -+ return (dsaret); - } -- err: -- BN_free(r); -- BN_free(s); -- kop.crk_param[0].crp_p = NULL; -- zapparams(&kop); -- return (dsaret); - } - - static int -@@ -1545,43 +1688,175 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen, - DSA_SIG *sig, DSA *dsa) - { - struct crypt_kop kop; -- int dsaret = 1; -+ int dsaret = 1, q_len = 0, r_len = 0, g_len = 0; -+ int w_len = 0, c_len = 0, d_len = 0, ret = -1; -+ unsigned char *q = NULL, *r = NULL, *w = NULL, *g = NULL; -+ unsigned char *c = NULL, *d = NULL, *f = NULL; - - memset(&kop, 0, sizeof kop); - kop.crk_op = CRK_DSA_VERIFY; - -- /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ -- kop.crk_param[0].crp_p = (caddr_t) dgst; -- kop.crk_param[0].crp_nbits = dlen * 8; -- if (bn2crparam(dsa->p, &kop.crk_param[1])) -+ if (spcf_bn2bin(dsa->p, &q, &q_len)) { -+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ return ret; -+ } -+ -+ /* Get Order of field of private keys */ -+ if (spcf_bn2bin(dsa->q, &r, &r_len)) { -+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); - goto err; -- if (bn2crparam(dsa->q, &kop.crk_param[2])) -+ } -+ -+ g_len = q_len; -+ /** -+ * Get generator into a plain buffer. If length is less than -+ * q_len then add leading padding bytes. -+ */ -+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { -+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ w_len = q_len; -+ /** -+ * Get public key into a plain buffer. If length is less than -+ * q_len then add leading padding bytes. -+ */ -+ if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) { -+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); - goto err; -- if (bn2crparam(dsa->g, &kop.crk_param[3])) -+ } -+ /** -+ * Get the 1st part of signature into a flat buffer with -+ * appropriate padding -+ */ -+ c_len = r_len; -+ -+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); - goto err; -- if (bn2crparam(dsa->pub_key, &kop.crk_param[4])) -+ } -+ -+ /** -+ * Get the 2nd part of signature into a flat buffer with -+ * appropriate padding -+ */ -+ d_len = r_len; -+ -+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); - goto err; -- if (bn2crparam(sig->r, &kop.crk_param[5])) -+ } -+ -+ /* Sanity test */ -+ if (dlen > r_len) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); - goto err; -- if (bn2crparam(sig->s, &kop.crk_param[6])) -+ } -+ -+ /* Allocate memory to store hash. */ -+ f = OPENSSL_malloc(r_len); -+ if (!f) { -+ DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); - goto err; -+ } -+ -+ /* Add padding, since SEC expects hash to of size r_len */ -+ if (dlen < r_len) -+ memset(f, 0, r_len - dlen); -+ -+ /* Skip leading bytes if dgst_len < r_len */ -+ memcpy(f + r_len - dlen, dgst, dlen); -+ -+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ -+ kop.crk_param[0].crp_p = (void *)f; -+ kop.crk_param[0].crp_nbits = r_len * 8; -+ kop.crk_param[1].crp_p = q; -+ kop.crk_param[1].crp_nbits = q_len * 8; -+ kop.crk_param[2].crp_p = r; -+ kop.crk_param[2].crp_nbits = r_len * 8; -+ kop.crk_param[3].crp_p = g; -+ kop.crk_param[3].crp_nbits = g_len * 8; -+ kop.crk_param[4].crp_p = w; -+ kop.crk_param[4].crp_nbits = w_len * 8; -+ kop.crk_param[5].crp_p = c; -+ kop.crk_param[5].crp_nbits = c_len * 8; -+ kop.crk_param[6].crp_p = d; -+ kop.crk_param[6].crp_nbits = d_len * 8; - kop.crk_iparams = 7; - -- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { -- /* -- * OCF success value is 0, if not zero, change dsaret to fail -- */ -- if (0 != kop.crk_status) -- dsaret = 0; -- } else { -- const DSA_METHOD *meth = DSA_OpenSSL(); -+ if ((cryptodev_asym(&kop, 0, NULL, 0, NULL))) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR); -+ goto err; -+ } - -- dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa); -+ /* -+ * OCF success value is 0, if not zero, change dsaret to fail -+ */ -+ if (0 != kop.crk_status) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR); -+ goto err; - } -- err: -- kop.crk_param[0].crp_p = NULL; -+ - zapparams(&kop); - return (dsaret); -+ err: -+ { -+ const DSA_METHOD *meth = DSA_OpenSSL(); -+ dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa); -+ return dsaret; -+ } -+} -+ -+/* Cryptodev DSA Key Gen routine */ -+static int cryptodev_dsa_keygen(DSA *dsa) -+{ -+ struct crypt_kop kop; -+ int ret = 1, g_len; -+ unsigned char *g = NULL; -+ -+ if (dsa->priv_key == NULL) { -+ if ((dsa->priv_key = BN_new()) == NULL) -+ goto sw_try; -+ } -+ -+ if (dsa->pub_key == NULL) { -+ if ((dsa->pub_key = BN_new()) == NULL) -+ goto sw_try; -+ } -+ -+ g_len = BN_num_bytes(dsa->p); -+ /** -+ * Get generator into a plain buffer. If length is less than -+ * p_len then add leading padding bytes. -+ */ -+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { -+ DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE); -+ goto sw_try; -+ } -+ -+ memset(&kop, 0, sizeof kop); -+ -+ kop.crk_op = CRK_DSA_GENERATE_KEY; -+ if (bn2crparam(dsa->p, &kop.crk_param[0])) -+ goto sw_try; -+ if (bn2crparam(dsa->q, &kop.crk_param[1])) -+ goto sw_try; -+ kop.crk_param[2].crp_p = g; -+ kop.crk_param[2].crp_nbits = g_len * 8; -+ kop.crk_iparams = 3; -+ -+ /* pub_key is or prime length while priv key is of length of order */ -+ if (cryptodev_asym(&kop, BN_num_bytes(dsa->p), dsa->pub_key, -+ BN_num_bytes(dsa->q), dsa->priv_key)) -+ goto sw_try; -+ -+ return ret; -+ sw_try: -+ { -+ const DSA_METHOD *meth = DSA_OpenSSL(); -+ ret = (meth->dsa_keygen) (dsa); -+ } -+ return ret; - } - - static DSA_METHOD cryptodev_dsa = { -@@ -1597,12 +1872,558 @@ static DSA_METHOD cryptodev_dsa = { - NULL /* app_data */ - }; - --static int --cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, -- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, -- BN_MONT_CTX *m_ctx) -+static ECDSA_METHOD cryptodev_ecdsa = { -+ "cryptodev ECDSA method", -+ NULL, -+ NULL, /* ecdsa_sign_setup */ -+ NULL, -+ NULL, -+ 0, /* flags */ -+ NULL /* app_data */ -+}; -+ -+typedef enum ec_curve_s { -+ EC_PRIME, -+ EC_BINARY -+} ec_curve_t; -+ -+/* ENGINE handler for ECDSA Sign */ -+static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst, -+ int dgst_len, const BIGNUM *in_kinv, -+ const BIGNUM *in_r, EC_KEY *eckey) - { -- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); -+ BIGNUM *m = NULL, *p = NULL, *a = NULL; -+ BIGNUM *b = NULL, *x = NULL, *y = NULL; -+ BN_CTX *ctx = NULL; -+ ECDSA_SIG *ret = NULL; -+ ECDSA_DATA *ecdsa = NULL; -+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL; -+ unsigned char *s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = -+ NULL; -+ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0; -+ int g_len = 0, d_len = 0, ab_len = 0; -+ const BIGNUM *order = NULL, *priv_key = NULL; -+ const EC_GROUP *group = NULL; -+ struct crypt_kop kop; -+ ec_curve_t ec_crv = EC_PRIME; -+ -+ memset(&kop, 0, sizeof(kop)); -+ ecdsa = ecdsa_check(eckey); -+ if (!ecdsa) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); -+ return NULL; -+ } -+ -+ group = EC_KEY_get0_group(eckey); -+ priv_key = EC_KEY_get0_private_key(eckey); -+ -+ if (!group || !priv_key) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); -+ return NULL; -+ } -+ -+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || -+ (a = BN_new()) == NULL || (b = BN_new()) == NULL || -+ (p = BN_new()) == NULL || (x = BN_new()) == NULL || -+ (y = BN_new()) == NULL) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ order = &group->order; -+ if (!order || BN_is_zero(order)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS); -+ goto err; -+ } -+ -+ i = BN_num_bits(order); -+ /* -+ * Need to truncate digest if it is too long: first truncate whole bytes -+ */ -+ if (8 * dgst_len > i) -+ dgst_len = (i + 7) / 8; -+ -+ if (!BN_bin2bn(dgst, dgst_len, m)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* If still too long truncate remaining bits with a shift */ -+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* copy the truncated bits into plain buffer */ -+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { -+ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, -+ __LINE__); -+ goto err; -+ } -+ -+ ret = ECDSA_SIG_new(); -+ if (!ret) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* check if this is prime or binary EC request */ -+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == -+ NID_X9_62_prime_field) { -+ ec_crv = EC_PRIME; -+ /* get the generator point pair */ -+ if (!EC_POINT_get_affine_coordinates_GFp -+ (group, EC_GROUP_get0_generator(group), x, y, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* get the ECC curve parameters */ -+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ goto err; -+ } -+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == -+ NID_X9_62_characteristic_two_field) { -+ ec_crv = EC_BINARY; -+ /* get the ECC curve parameters */ -+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* get the generator point pair */ -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, -+ EC_GROUP_get0_generator -+ (group), x, y, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ goto err; -+ } -+ } else { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ if (spcf_bn2bin(order, &r, &r_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (spcf_bn2bin(p, &q, &q_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ priv_key_len = r_len; -+ -+ /** -+ * If BN_num_bytes of priv_key returns less then r_len then -+ * add padding bytes before the key -+ */ -+ if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Generation of ECC curve parameters */ -+ ab_len = 2 * q_len; -+ ab = eng_copy_curve_points(a, b, ab_len, q_len); -+ if (!ab) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (ec_crv == EC_BINARY) { -+ if (eng_ec_get_cparam -+ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) { -+ unsigned char *c_temp = NULL; -+ int c_temp_len = q_len; -+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) -+ memcpy(ab + q_len, c_temp, q_len); -+ else -+ goto err; -+ } -+ kop.curve_type = ECC_BINARY; -+ } -+ -+ /* Calculation of Generator point */ -+ g_len = 2 * q_len; -+ g_xy = eng_copy_curve_points(x, y, g_len, q_len); -+ if (!g_xy) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Memory allocation for first part of digital signature */ -+ c = malloc(r_len); -+ if (!c) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ d_len = r_len; -+ -+ /* Memory allocation for second part of digital signature */ -+ d = malloc(d_len); -+ if (!d) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* memory for message representative */ -+ f = malloc(r_len); -+ if (!f) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Add padding, since SEC expects hash to of size r_len */ -+ memset(f, 0, r_len - dgst_len); -+ -+ /* Skip leading bytes if dgst_len < r_len */ -+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len); -+ -+ dgst_len += r_len - dgst_len; -+ kop.crk_op = CRK_DSA_SIGN; -+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ -+ kop.crk_param[0].crp_p = f; -+ kop.crk_param[0].crp_nbits = dgst_len * 8; -+ kop.crk_param[1].crp_p = q; -+ kop.crk_param[1].crp_nbits = q_len * 8; -+ kop.crk_param[2].crp_p = r; -+ kop.crk_param[2].crp_nbits = r_len * 8; -+ kop.crk_param[3].crp_p = g_xy; -+ kop.crk_param[3].crp_nbits = g_len * 8; -+ kop.crk_param[4].crp_p = s; -+ kop.crk_param[4].crp_nbits = priv_key_len * 8; -+ kop.crk_param[5].crp_p = ab; -+ kop.crk_param[5].crp_nbits = ab_len * 8; -+ kop.crk_iparams = 6; -+ kop.crk_param[6].crp_p = c; -+ kop.crk_param[6].crp_nbits = d_len * 8; -+ kop.crk_param[7].crp_p = d; -+ kop.crk_param[7].crp_nbits = d_len * 8; -+ kop.crk_oparams = 2; -+ -+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { -+ /* Check if ret->r and s needs to allocated */ -+ crparam2bn(&kop.crk_param[6], ret->r); -+ crparam2bn(&kop.crk_param[7], ret->s); -+ } else { -+ const ECDSA_METHOD *meth = ECDSA_OpenSSL(); -+ ret = (meth->ecdsa_do_sign) (dgst, dgst_len, in_kinv, in_r, eckey); -+ } -+ kop.crk_param[0].crp_p = NULL; -+ zapparams(&kop); -+ err: -+ if (!ret) { -+ ECDSA_SIG_free(ret); -+ ret = NULL; -+ } -+ return ret; -+} -+ -+static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, -+ ECDSA_SIG *sig, EC_KEY *eckey) -+{ -+ BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL; -+ BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL; -+ BN_CTX *ctx = NULL; -+ ECDSA_DATA *ecdsa = NULL; -+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy = -+ NULL; -+ unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL; -+ int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0; -+ int d_len = 0, ab_len = 0, ret = -1; -+ const EC_POINT *pub_key = NULL; -+ const BIGNUM *order = NULL; -+ const EC_GROUP *group = NULL; -+ ec_curve_t ec_crv = EC_PRIME; -+ struct crypt_kop kop; -+ -+ memset(&kop, 0, sizeof kop); -+ ecdsa = ecdsa_check(eckey); -+ if (!ecdsa) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER); -+ return ret; -+ } -+ -+ group = EC_KEY_get0_group(eckey); -+ pub_key = EC_KEY_get0_public_key(eckey); -+ -+ if (!group || !pub_key) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER); -+ return ret; -+ } -+ -+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || -+ (a = BN_new()) == NULL || (b = BN_new()) == NULL || -+ (p = BN_new()) == NULL || (x = BN_new()) == NULL || -+ (y = BN_new()) == NULL || (w_x = BN_new()) == NULL || -+ (w_y = BN_new()) == NULL) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ order = &group->order; -+ if (!order || BN_is_zero(order)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS); -+ goto err; -+ } -+ -+ i = BN_num_bits(order); -+ /* -+ * Need to truncate digest if it is too long: first truncate whole * -+ * bytes -+ */ -+ if (8 * dgst_len > i) -+ dgst_len = (i + 7) / 8; -+ -+ if (!BN_bin2bn(dgst, dgst_len, m)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* If still too long truncate remaining bits with a shift */ -+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); -+ goto err; -+ } -+ /* copy the truncated bits into plain buffer */ -+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* check if this is prime or binary EC request */ -+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == -+ NID_X9_62_prime_field) { -+ ec_crv = EC_PRIME; -+ -+ /* get the generator point pair */ -+ if (!EC_POINT_get_affine_coordinates_GFp(group, -+ EC_GROUP_get0_generator -+ (group), x, y, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* get the public key pair for prime curve */ -+ if (!EC_POINT_get_affine_coordinates_GFp(group, -+ pub_key, w_x, w_y, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* get the ECC curve parameters */ -+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == -+ NID_X9_62_characteristic_two_field) { -+ ec_crv = EC_BINARY; -+ /* get the ECC curve parameters */ -+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* get the generator point pair */ -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, -+ EC_GROUP_get0_generator -+ (group), x, y, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* get the public key pair for binary curve */ -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, -+ pub_key, w_x, w_y, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ } else { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* Get the order of the subgroup of private keys */ -+ if (spcf_bn2bin((BIGNUM *)order, &r, &r_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Get the irreducible polynomial that creates the field */ -+ if (spcf_bn2bin(p, &q, &q_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Get the public key into a flat buffer with appropriate padding */ -+ pub_key_len = 2 * q_len; -+ -+ w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len); -+ if (!w_xy) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Generation of ECC curve parameters */ -+ ab_len = 2 * q_len; -+ -+ ab = eng_copy_curve_points(a, b, ab_len, q_len); -+ if (!ab) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (ec_crv == EC_BINARY) { -+ /* copy b' i.e c(b), instead of only b */ -+ if (eng_ec_get_cparam -+ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) { -+ unsigned char *c_temp = NULL; -+ int c_temp_len = q_len; -+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) -+ memcpy(ab + q_len, c_temp, q_len); -+ else -+ goto err; -+ } -+ kop.curve_type = ECC_BINARY; -+ } -+ -+ /* Calculation of Generator point */ -+ g_len = 2 * q_len; -+ -+ g_xy = eng_copy_curve_points(x, y, g_len, q_len); -+ if (!g_xy) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /** -+ * Get the 1st part of signature into a flat buffer with -+ * appropriate padding -+ */ -+ if (BN_num_bytes(sig->r) < r_len) -+ c_len = r_len; -+ -+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /** -+ * Get the 2nd part of signature into a flat buffer with -+ * appropriate padding -+ */ -+ if (BN_num_bytes(sig->s) < r_len) -+ d_len = r_len; -+ -+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* memory for message representative */ -+ f = malloc(r_len); -+ if (!f) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Add padding, since SEC expects hash to of size r_len */ -+ memset(f, 0, r_len - dgst_len); -+ -+ /* Skip leading bytes if dgst_len < r_len */ -+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len); -+ dgst_len += r_len - dgst_len; -+ kop.crk_op = CRK_DSA_VERIFY; -+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ -+ kop.crk_param[0].crp_p = f; -+ kop.crk_param[0].crp_nbits = dgst_len * 8; -+ kop.crk_param[1].crp_p = q; -+ kop.crk_param[1].crp_nbits = q_len * 8; -+ kop.crk_param[2].crp_p = r; -+ kop.crk_param[2].crp_nbits = r_len * 8; -+ kop.crk_param[3].crp_p = g_xy; -+ kop.crk_param[3].crp_nbits = g_len * 8; -+ kop.crk_param[4].crp_p = w_xy; -+ kop.crk_param[4].crp_nbits = pub_key_len * 8; -+ kop.crk_param[5].crp_p = ab; -+ kop.crk_param[5].crp_nbits = ab_len * 8; -+ kop.crk_param[6].crp_p = c; -+ kop.crk_param[6].crp_nbits = d_len * 8; -+ kop.crk_param[7].crp_p = d; -+ kop.crk_param[7].crp_nbits = d_len * 8; -+ kop.crk_iparams = 8; -+ -+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { -+ /* -+ * OCF success value is 0, if not zero, change ret to fail -+ */ -+ if (0 == kop.crk_status) -+ ret = 1; -+ } else { -+ const ECDSA_METHOD *meth = ECDSA_OpenSSL(); -+ -+ ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey); -+ } -+ kop.crk_param[0].crp_p = NULL; -+ zapparams(&kop); -+ -+ err: -+ return ret; -+} -+ -+static int cryptodev_dh_keygen(DH *dh) -+{ -+ struct crypt_kop kop; -+ int ret = 1, g_len; -+ unsigned char *g = NULL; -+ -+ if (dh->priv_key == NULL) { -+ if ((dh->priv_key = BN_new()) == NULL) -+ goto sw_try; -+ } -+ -+ if (dh->pub_key == NULL) { -+ if ((dh->pub_key = BN_new()) == NULL) -+ goto sw_try; -+ } -+ -+ g_len = BN_num_bytes(dh->p); -+ /** -+ * Get generator into a plain buffer. If length is less than -+ * q_len then add leading padding bytes. -+ */ -+ if (spcf_bn2bin_ex(dh->g, &g, &g_len)) { -+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); -+ goto sw_try; -+ } -+ -+ memset(&kop, 0, sizeof kop); -+ kop.crk_op = CRK_DH_GENERATE_KEY; -+ if (bn2crparam(dh->p, &kop.crk_param[0])) -+ goto sw_try; -+ if (bn2crparam(dh->q, &kop.crk_param[1])) -+ goto sw_try; -+ kop.crk_param[2].crp_p = g; -+ kop.crk_param[2].crp_nbits = g_len * 8; -+ kop.crk_iparams = 3; -+ -+ /* pub_key is or prime length while priv key is of length of order */ -+ if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key, -+ BN_num_bytes(dh->q), dh->priv_key)) -+ goto sw_try; -+ -+ return ret; -+ sw_try: -+ { -+ const DH_METHOD *meth = DH_OpenSSL(); -+ ret = (meth->generate_key) (dh); -+ } -+ return ret; - } - - static int -@@ -1610,41 +2431,236 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) - { - struct crypt_kop kop; - int dhret = 1; -- int fd, keylen; -+ int fd, p_len; -+ BIGNUM *temp = NULL; -+ unsigned char *padded_pub_key = NULL, *p = NULL; -+ -+ if ((fd = get_asym_dev_crypto()) < 0) -+ goto sw_try; -+ -+ memset(&kop, 0, sizeof kop); -+ kop.crk_op = CRK_DH_COMPUTE_KEY; -+ /* inputs: dh->priv_key pub_key dh->p key */ -+ spcf_bn2bin(dh->p, &p, &p_len); -+ spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len); -+ if (bn2crparam(dh->priv_key, &kop.crk_param[0])) -+ goto sw_try; -+ -+ kop.crk_param[1].crp_p = padded_pub_key; -+ kop.crk_param[1].crp_nbits = p_len * 8; -+ kop.crk_param[2].crp_p = p; -+ kop.crk_param[2].crp_nbits = p_len * 8; -+ kop.crk_iparams = 3; -+ kop.crk_param[3].crp_p = (void *)key; -+ kop.crk_param[3].crp_nbits = p_len * 8; -+ kop.crk_oparams = 1; -+ dhret = p_len; -+ -+ if (ioctl(fd, CIOCKEY, &kop)) -+ goto sw_try; -+ -+ if ((temp = BN_new())) { -+ if (!BN_bin2bn(key, p_len, temp)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ goto sw_try; -+ } -+ if (dhret > BN_num_bytes(temp)) -+ dhret = BN_bn2bin(temp, key); -+ BN_free(temp); -+ } - -- if ((fd = get_asym_dev_crypto()) < 0) { -+ kop.crk_param[3].crp_p = NULL; -+ zapparams(&kop); -+ return (dhret); -+ sw_try: -+ { - const DH_METHOD *meth = DH_OpenSSL(); - -- return ((meth->compute_key) (key, pub_key, dh)); -+ dhret = (meth->compute_key) (key, pub_key, dh); - } -+ return (dhret); -+} - -- keylen = BN_num_bits(dh->p); -+int cryptodev_ecdh_compute_key(void *out, size_t outlen, -+ const EC_POINT *pub_key, EC_KEY *ecdh, -+ void *(*KDF) (const void *in, size_t inlen, -+ void *out, size_t *outlen)) -+{ -+ ec_curve_t ec_crv = EC_PRIME; -+ unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; -+ BIGNUM *w_x = NULL, *w_y = NULL; -+ int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; -+ BIGNUM *p = NULL, *a = NULL, *b = NULL; -+ BN_CTX *ctx; -+ EC_POINT *tmp = NULL; -+ BIGNUM *x = NULL, *y = NULL; -+ const BIGNUM *priv_key; -+ const EC_GROUP *group = NULL; -+ int ret = -1; -+ size_t buflen, len; -+ struct crypt_kop kop; - - memset(&kop, 0, sizeof kop); -- kop.crk_op = CRK_DH_COMPUTE_KEY; - -- /* inputs: dh->priv_key pub_key dh->p key */ -- if (bn2crparam(dh->priv_key, &kop.crk_param[0])) -+ if ((ctx = BN_CTX_new()) == NULL) - goto err; -- if (bn2crparam(pub_key, &kop.crk_param[1])) -+ BN_CTX_start(ctx); -+ x = BN_CTX_get(ctx); -+ y = BN_CTX_get(ctx); -+ p = BN_CTX_get(ctx); -+ a = BN_CTX_get(ctx); -+ b = BN_CTX_get(ctx); -+ w_x = BN_CTX_get(ctx); -+ w_y = BN_CTX_get(ctx); -+ -+ if (!x || !y || !p || !a || !b || !w_x || !w_y) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); - goto err; -- if (bn2crparam(dh->p, &kop.crk_param[2])) -+ } -+ -+ priv_key = EC_KEY_get0_private_key(ecdh); -+ if (priv_key == NULL) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE); - goto err; -- kop.crk_iparams = 3; -+ } - -- kop.crk_param[3].crp_p = (caddr_t) key; -- kop.crk_param[3].crp_nbits = keylen * 8; -- kop.crk_oparams = 1; -+ group = EC_KEY_get0_group(ecdh); -+ if ((tmp = EC_POINT_new(group)) == NULL) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } - -- if (ioctl(fd, CIOCKEY, &kop) == -1) { -- const DH_METHOD *meth = DH_OpenSSL(); -+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == -+ NID_X9_62_prime_field) { -+ ec_crv = EC_PRIME; - -- dhret = (meth->compute_key) (key, pub_key, dh); -+ if (!EC_POINT_get_affine_coordinates_GFp(group, -+ EC_GROUP_get0_generator -+ (group), x, y, ctx)) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE); -+ goto err; -+ } -+ -+ /* get the ECC curve parameters */ -+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* get the public key pair for prime curve */ -+ if (!EC_POINT_get_affine_coordinates_GFp -+ (group, pub_key, w_x, w_y, ctx)) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB); -+ goto err; -+ } -+ } else { -+ ec_crv = EC_BINARY; -+ -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, -+ EC_GROUP_get0_generator -+ (group), x, y, ctx)) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE); -+ goto err; -+ } -+ -+ /* get the ECC curve parameters */ -+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* get the public key pair for binary curve */ -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, -+ pub_key, w_x, w_y, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ goto err; -+ } - } -+ -+ /* irreducible polynomial that creates the field */ -+ if (spcf_bn2bin((BIGNUM *)&group->order, &r, &r_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Get the irreducible polynomial that creates the field */ -+ if (spcf_bn2bin(p, &q, &q_len)) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* Get the public key into a flat buffer with appropriate padding */ -+ pub_key_len = 2 * q_len; -+ w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len); -+ if (!w_xy) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Generation of ECC curve parameters */ -+ ab_len = 2 * q_len; -+ ab = eng_copy_curve_points(a, b, ab_len, q_len); -+ if (!ab) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ if (ec_crv == EC_BINARY) { -+ /* copy b' i.e c(b), instead of only b */ -+ if (eng_ec_get_cparam -+ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) { -+ unsigned char *c_temp = NULL; -+ int c_temp_len = q_len; -+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) -+ memcpy(ab + q_len, c_temp, q_len); -+ else -+ goto err; -+ } -+ kop.curve_type = ECC_BINARY; -+ } else -+ kop.curve_type = ECC_PRIME; -+ -+ priv_key_len = r_len; -+ -+ /* -+ * If BN_num_bytes of priv_key returns less then r_len then -+ * add padding bytes before the key -+ */ -+ if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ buflen = (EC_GROUP_get_degree(group) + 7) / 8; -+ len = BN_num_bytes(x); -+ if (len > buflen || q_len < buflen) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ kop.crk_op = CRK_DH_COMPUTE_KEY; -+ kop.crk_param[0].crp_p = (void *)s; -+ kop.crk_param[0].crp_nbits = priv_key_len * 8; -+ kop.crk_param[1].crp_p = (void *)w_xy; -+ kop.crk_param[1].crp_nbits = pub_key_len * 8; -+ kop.crk_param[2].crp_p = (void *)q; -+ kop.crk_param[2].crp_nbits = q_len * 8; -+ kop.crk_param[3].crp_p = (void *)ab; -+ kop.crk_param[3].crp_nbits = ab_len * 8; -+ kop.crk_iparams = 4; -+ kop.crk_param[4].crp_p = (void *)out; -+ kop.crk_param[4].crp_nbits = q_len * 8; -+ kop.crk_oparams = 1; -+ ret = q_len; -+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL)) { -+ const ECDH_METHOD *meth = ECDH_OpenSSL(); -+ ret = (meth->compute_key) (out, outlen, pub_key, ecdh, KDF); -+ } else -+ ret = q_len; - err: -- kop.crk_param[3].crp_p = NULL; -+ kop.crk_param[4].crp_p = NULL; - zapparams(&kop); -- return (dhret); -+ return ret; - } - - static DH_METHOD cryptodev_dh = { -@@ -1658,6 +2674,14 @@ static DH_METHOD cryptodev_dh = { - NULL /* app_data */ - }; - -+static ECDH_METHOD cryptodev_ecdh = { -+ "cryptodev ECDH method", -+ NULL, /* cryptodev_ecdh_compute_key */ -+ NULL, -+ 0, /* flags */ -+ NULL /* app_data */ -+}; -+ - /* - * ctrl right now is just a wrapper that doesn't do much - * but I expect we'll want some options soon. -@@ -1737,24 +2761,39 @@ void ENGINE_load_cryptodev(void) - memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); - if (cryptodev_asymfeat & CRF_DSA_SIGN) - cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; -- if (cryptodev_asymfeat & CRF_MOD_EXP) { -- cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp; -- cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp; -- } - if (cryptodev_asymfeat & CRF_DSA_VERIFY) - cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; -+ if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) -+ cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen; - } - - if (ENGINE_set_DH(engine, &cryptodev_dh)) { - const DH_METHOD *dh_meth = DH_OpenSSL(); -+ memcpy(&cryptodev_dh, dh_meth, sizeof(DH_METHOD)); -+ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { -+ cryptodev_dh.compute_key = cryptodev_dh_compute_key; -+ } -+ if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) { -+ cryptodev_dh.generate_key = cryptodev_dh_keygen; -+ } -+ } - -- cryptodev_dh.generate_key = dh_meth->generate_key; -- cryptodev_dh.compute_key = dh_meth->compute_key; -- cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp; -- if (cryptodev_asymfeat & CRF_MOD_EXP) { -- cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh; -- if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) -- cryptodev_dh.compute_key = cryptodev_dh_compute_key; -+ if (ENGINE_set_ECDSA(engine, &cryptodev_ecdsa)) { -+ const ECDSA_METHOD *meth = ECDSA_OpenSSL(); -+ memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD)); -+ if (cryptodev_asymfeat & CRF_DSA_SIGN) { -+ cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign; -+ } -+ if (cryptodev_asymfeat & CRF_DSA_VERIFY) { -+ cryptodev_ecdsa.ecdsa_do_verify = cryptodev_ecdsa_verify; -+ } -+ } -+ -+ if (ENGINE_set_ECDH(engine, &cryptodev_ecdh)) { -+ const ECDH_METHOD *ecdh_meth = ECDH_OpenSSL(); -+ memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD)); -+ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { -+ cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key; - } - } - --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch deleted file mode 100644 index 049f963..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch +++ /dev/null @@ -1,28 +0,0 @@ -From e9981377fe8e2081fcd5b4e43a5ef4d8f1cc1e67 Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Tue, 11 Mar 2014 06:42:59 +0545 -Subject: [PATCH 06/48] Added hwrng dev file as source of RNG - -Upstream-status: Pending - -Signed-off-by: Yashpal Dutta ---- - e_os.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/e_os.h b/e_os.h -index 1fa36c1..6c0917b 100644 ---- a/e_os.h -+++ b/e_os.h -@@ -82,7 +82,7 @@ extern "C" { - * set this to a comma-separated list of 'random' device files to try out. My - * default, we will try to read at least one of these files - */ --# define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom" -+# define DEVRANDOM "/dev/hwrng","/dev/urandom","/dev/random","/dev/srandom" - # endif - # ifndef DEVRANDOM_EGD - /* --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch deleted file mode 100644 index 154ae80..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch +++ /dev/null @@ -1,2050 +0,0 @@ -From ea28474ed5e1e21a6efba7570bf0d27d02923bce Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Tue, 11 Mar 2014 07:14:30 +0545 -Subject: [PATCH 07/48] Asynchronous interface added for PKC cryptodev - interface - -Upstream-status: Pending - -Change-Id: Ia8974f793dc18a959ed6798dcdd7d3fad81cb7da -Signed-off-by: Yashpal Dutta ---- - crypto/crypto.h | 16 + - crypto/dh/dh.h | 3 + - crypto/dsa/dsa.h | 5 + - crypto/ecdh/ech_locl.h | 3 + - crypto/ecdsa/ecs_locl.h | 5 + - crypto/engine/eng_cryptodev.c | 1598 +++++++++++++++++++++++++++++++++++++---- - crypto/engine/eng_int.h | 23 + - crypto/engine/eng_lib.c | 46 ++ - crypto/engine/engine.h | 24 + - crypto/rsa/rsa.h | 23 + - 10 files changed, 1605 insertions(+), 141 deletions(-) - -diff --git a/crypto/crypto.h b/crypto/crypto.h -index 6c644ce..2b4ec59 100644 ---- a/crypto/crypto.h -+++ b/crypto/crypto.h -@@ -655,6 +655,22 @@ void ERR_load_CRYPTO_strings(void); - # define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101 - # define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100 - -+/* Additions for Asynchronous PKC Infrastructure */ -+struct pkc_cookie_s { -+ void *cookie; /* To be filled by openssl library primitive method function caller */ -+ void *eng_cookie; /* To be filled by Engine */ -+ /* -+ * Callback handler to be provided by caller. Ensure to pass a -+ * handler which takes the crypto operation to completion. -+ * cookie: Container cookie from library -+ * status: Status of the crypto Job completion. -+ * 0: Job handled without any issue -+ * -EINVAL: Parameters Invalid -+ */ -+ void (*pkc_callback)(struct pkc_cookie_s *cookie, int status); -+ void *eng_handle; -+}; -+ - #ifdef __cplusplus - } - #endif -diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h -index a5bd901..31dd762 100644 ---- a/crypto/dh/dh.h -+++ b/crypto/dh/dh.h -@@ -123,6 +123,9 @@ struct dh_method { - int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); -+ int (*compute_key_async)(unsigned char *key,const BIGNUM *pub_key,DH *dh, -+ struct pkc_cookie_s *cookie); -+ int (*generate_key_async)(DH *dh, struct pkc_cookie_s *cookie); - int (*init) (DH *dh); - int (*finish) (DH *dh); - int flags; -diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h -index 545358f..8584731 100644 ---- a/crypto/dsa/dsa.h -+++ b/crypto/dsa/dsa.h -@@ -139,6 +139,10 @@ struct dsa_method { - /* Can be null */ - int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -+ int (*dsa_do_sign_async)(const unsigned char *dgst, int dlen, DSA *dsa, -+ DSA_SIG *sig, struct pkc_cookie_s *cookie); -+ int (*dsa_do_verify_async)(const unsigned char *dgst, int dgst_len, -+ DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie); - int (*init) (DSA *dsa); - int (*finish) (DSA *dsa); - int flags; -@@ -150,6 +154,7 @@ struct dsa_method { - BN_GENCB *cb); - /* If this is non-NULL, it is used to generate DSA keys */ - int (*dsa_keygen) (DSA *dsa); -+ int (*dsa_keygen_async)(DSA *dsa, struct pkc_cookie_s *cookie); - }; - - struct dsa_st { -diff --git a/crypto/ecdh/ech_locl.h b/crypto/ecdh/ech_locl.h -index 4e66024..502507b 100644 ---- a/crypto/ecdh/ech_locl.h -+++ b/crypto/ecdh/ech_locl.h -@@ -68,6 +68,9 @@ struct ecdh_method { - EC_KEY *ecdh, void *(*KDF) (const void *in, - size_t inlen, void *out, - size_t *outlen)); -+ int (*compute_key_async)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, -+ void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen), -+ struct pkc_cookie_s *cookie); - # if 0 - int (*init) (EC_KEY *eckey); - int (*finish) (EC_KEY *eckey); -diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h -index d3a5efc..9b28c04 100644 ---- a/crypto/ecdsa/ecs_locl.h -+++ b/crypto/ecdsa/ecs_locl.h -@@ -74,6 +74,11 @@ struct ecdsa_method { - BIGNUM **r); - int (*ecdsa_do_verify) (const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey); -+ int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len, -+ const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey, -+ ECDSA_SIG *sig, struct pkc_cookie_s *cookie); -+ int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len, -+ const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie); - # if 0 - int (*init) (EC_KEY *eckey); - int (*finish) (EC_KEY *eckey); -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index cc9b63b..90fe9b8 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -1371,6 +1371,60 @@ static void zapparams(struct crypt_kop *kop) - } - } - -+/* -+ * Any PKC request has at max 2 output parameters and they are stored here to -+ * be used while copying in the check availability -+ */ -+struct cryptodev_cookie_s { -+ BIGNUM *r; -+ struct crparam r_param; -+ BIGNUM *s; -+ struct crparam s_param; -+ struct crypt_kop *kop; -+}; -+ -+static int -+cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, -+ BIGNUM *s) -+{ -+ int fd; -+ struct pkc_cookie_s *cookie = kop->cookie; -+ struct cryptodev_cookie_s *eng_cookie; -+ -+ fd = *(int *)cookie->eng_handle; -+ -+ eng_cookie = malloc(sizeof(struct cryptodev_cookie_s)); -+ -+ if (eng_cookie) { -+ memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s)); -+ if (r) { -+ kop->crk_param[kop->crk_iparams].crp_p = -+ calloc(rlen, sizeof(char)); -+ if (!kop->crk_param[kop->crk_iparams].crp_p) -+ return -ENOMEM; -+ kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; -+ kop->crk_oparams++; -+ eng_cookie->r = r; -+ eng_cookie->r_param = kop->crk_param[kop->crk_iparams]; -+ } -+ if (s) { -+ kop->crk_param[kop->crk_iparams + 1].crp_p = -+ calloc(slen, sizeof(char)); -+ if (!kop->crk_param[kop->crk_iparams + 1].crp_p) -+ return -ENOMEM; -+ kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8; -+ kop->crk_oparams++; -+ eng_cookie->s = s; -+ eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1]; -+ } -+ } else -+ return -ENOMEM; -+ -+ eng_cookie->kop = kop; -+ cookie->eng_cookie = eng_cookie; -+ return ioctl(fd, CIOCASYMASYNCRYPT, kop); -+} -+ - static int - cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, - BIGNUM *s) -@@ -1438,6 +1492,44 @@ void *cryptodev_init_instance(void) - return fd; - } - -+# include -+ -+/* Return 0 on success and 1 on failure */ -+int cryptodev_check_availability(void *eng_handle) -+{ -+ int fd = *(int *)eng_handle; -+ struct pkc_cookie_list_s cookie_list; -+ struct pkc_cookie_s *cookie; -+ int i; -+ -+ /* FETCH COOKIE returns number of cookies extracted */ -+ if (ioctl(fd, CIOCASYMFETCHCOOKIE, &cookie_list) <= 0) -+ return 1; -+ -+ for (i = 0; i < cookie_list.cookie_available; i++) { -+ cookie = cookie_list.cookie[i]; -+ if (cookie) { -+ struct cryptodev_cookie_s *eng_cookie = cookie->eng_cookie; -+ if (eng_cookie) { -+ struct crypt_kop *kop = eng_cookie->kop; -+ -+ if (eng_cookie->r) -+ crparam2bn(&eng_cookie->r_param, eng_cookie->r); -+ if (eng_cookie->s) -+ crparam2bn(&eng_cookie->s_param, eng_cookie->s); -+ if (kop->crk_op == CRK_DH_COMPUTE_KEY) -+ kop->crk_oparams = 0; -+ -+ zapparams(eng_cookie->kop); -+ free(eng_cookie->kop); -+ free(eng_cookie); -+ } -+ cookie->pkc_callback(cookie, cookie_list.status[i]); -+ } -+ } -+ return 0; -+} -+ - static int - cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) -@@ -1485,6 +1577,66 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - } - - static int -+cryptodev_bn_mod_exp_async(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont, -+ struct pkc_cookie_s *cookie) -+{ -+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); -+ int ret = 1; -+ -+ /* -+ * Currently, we know we can do mod exp iff we can do any asymmetric -+ * operations at all. -+ */ -+ if (cryptodev_asymfeat == 0 || !kop) { -+ ret = BN_mod_exp(r, a, p, m, ctx); -+ return (ret); -+ } -+ -+ kop->crk_oparams = 0; -+ kop->crk_status = 0; -+ kop->crk_op = CRK_MOD_EXP; -+ kop->cookie = cookie; -+ /* inputs: a^p % m */ -+ if (bn2crparam(a, &kop->crk_param[0])) -+ goto err; -+ if (bn2crparam(p, &kop->crk_param[1])) -+ goto err; -+ if (bn2crparam(m, &kop->crk_param[2])) -+ goto err; -+ -+ kop->crk_iparams = 3; -+ if (cryptodev_asym_async(kop, BN_num_bytes(m), r, 0, NULL)) -+ goto err; -+ -+ return ret; -+ err: -+ { -+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); -+ -+ if (kop) -+ free(kop); -+ ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); -+ if (ret) -+ /* Call the completion handler immediately */ -+ cookie->pkc_callback(cookie, 0); -+ } -+ return ret; -+} -+ -+static int -+cryptodev_rsa_nocrt_mod_exp_async(BIGNUM *r0, const BIGNUM *I, -+ RSA *rsa, BN_CTX *ctx, -+ struct pkc_cookie_s *cookie) -+{ -+ int r; -+ ctx = BN_CTX_new(); -+ r = cryptodev_bn_mod_exp_async(r0, I, rsa->d, rsa->n, ctx, NULL, cookie); -+ BN_CTX_free(ctx); -+ return r; -+} -+ -+static int - cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, - BN_CTX *ctx) - { -@@ -1551,6 +1703,63 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) - return (ret); - } - -+static int -+cryptodev_rsa_mod_exp_async(BIGNUM *r0, const BIGNUM *I, RSA *rsa, -+ BN_CTX *ctx, struct pkc_cookie_s *cookie) -+{ -+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); -+ int ret = 1, f_len, p_len, q_len; -+ unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq = -+ NULL, *c = NULL; -+ -+ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp || !kop) { -+ return (0); -+ } -+ -+ kop->crk_oparams = 0; -+ kop->crk_status = 0; -+ kop->crk_op = CRK_MOD_EXP_CRT; -+ f_len = BN_num_bytes(rsa->n); -+ spcf_bn2bin_ex(I, &f, &f_len); -+ spcf_bn2bin(rsa->p, &p, &p_len); -+ spcf_bn2bin(rsa->q, &q, &q_len); -+ spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len); -+ spcf_bn2bin_ex(rsa->iqmp, &c, &p_len); -+ spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len); -+ /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ -+ kop->crk_param[0].crp_p = p; -+ kop->crk_param[0].crp_nbits = p_len * 8; -+ kop->crk_param[1].crp_p = q; -+ kop->crk_param[1].crp_nbits = q_len * 8; -+ kop->crk_param[2].crp_p = f; -+ kop->crk_param[2].crp_nbits = f_len * 8; -+ kop->crk_param[3].crp_p = dp; -+ kop->crk_param[3].crp_nbits = p_len * 8; -+ /* dq must of length q, rest all of length p */ -+ kop->crk_param[4].crp_p = dq; -+ kop->crk_param[4].crp_nbits = q_len * 8; -+ kop->crk_param[5].crp_p = c; -+ kop->crk_param[5].crp_nbits = p_len * 8; -+ kop->crk_iparams = 6; -+ kop->cookie = cookie; -+ if (cryptodev_asym_async(kop, BN_num_bytes(rsa->n), r0, 0, NULL)) -+ goto err; -+ -+ return ret; -+ err: -+ { -+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); -+ -+ if (kop) -+ free(kop); -+ ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx); -+ if (ret) -+ /* Call user completion handler immediately */ -+ cookie->pkc_callback(cookie, 0); -+ } -+ return (ret); -+} -+ - static RSA_METHOD cryptodev_rsa = { - "cryptodev RSA method", - NULL, /* rsa_pub_enc */ -@@ -1559,6 +1768,12 @@ static RSA_METHOD cryptodev_rsa = { - NULL, /* rsa_priv_dec */ - NULL, - NULL, -+ NULL, /* rsa_pub_enc */ -+ NULL, /* rsa_pub_dec */ -+ NULL, /* rsa_priv_enc */ -+ NULL, /* rsa_priv_dec */ -+ NULL, -+ NULL, - NULL, /* init */ - NULL, /* finish */ - 0, /* flags */ -@@ -1859,128 +2074,428 @@ static int cryptodev_dsa_keygen(DSA *dsa) - return ret; - } - --static DSA_METHOD cryptodev_dsa = { -- "cryptodev DSA method", -- NULL, -- NULL, /* dsa_sign_setup */ -- NULL, -- NULL, /* dsa_mod_exp */ -- NULL, -- NULL, /* init */ -- NULL, /* finish */ -- 0, /* flags */ -- NULL /* app_data */ --}; -+/* Cryptodev DSA Key Gen routine */ -+static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie) -+{ -+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); -+ int ret = 1, g_len; -+ unsigned char *g = NULL; - --static ECDSA_METHOD cryptodev_ecdsa = { -- "cryptodev ECDSA method", -- NULL, -- NULL, /* ecdsa_sign_setup */ -- NULL, -- NULL, -- 0, /* flags */ -- NULL /* app_data */ --}; -+ if (!kop) -+ goto sw_try; - --typedef enum ec_curve_s { -- EC_PRIME, -- EC_BINARY --} ec_curve_t; -+ if (dsa->priv_key == NULL) { -+ if ((dsa->priv_key = BN_new()) == NULL) -+ goto sw_try; -+ } - --/* ENGINE handler for ECDSA Sign */ --static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst, -- int dgst_len, const BIGNUM *in_kinv, -- const BIGNUM *in_r, EC_KEY *eckey) --{ -- BIGNUM *m = NULL, *p = NULL, *a = NULL; -- BIGNUM *b = NULL, *x = NULL, *y = NULL; -- BN_CTX *ctx = NULL; -- ECDSA_SIG *ret = NULL; -- ECDSA_DATA *ecdsa = NULL; -- unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL; -- unsigned char *s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = -- NULL; -- int i = 0, q_len = 0, priv_key_len = 0, r_len = 0; -- int g_len = 0, d_len = 0, ab_len = 0; -- const BIGNUM *order = NULL, *priv_key = NULL; -- const EC_GROUP *group = NULL; -- struct crypt_kop kop; -- ec_curve_t ec_crv = EC_PRIME; -+ if (dsa->pub_key == NULL) { -+ if ((dsa->pub_key = BN_new()) == NULL) -+ goto sw_try; -+ } - -- memset(&kop, 0, sizeof(kop)); -- ecdsa = ecdsa_check(eckey); -- if (!ecdsa) { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); -- return NULL; -+ g_len = BN_num_bytes(dsa->p); -+ /** -+ * Get generator into a plain buffer. If length is less than -+ * q_len then add leading padding bytes. -+ */ -+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { -+ DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE); -+ goto sw_try; - } - -- group = EC_KEY_get0_group(eckey); -- priv_key = EC_KEY_get0_private_key(eckey); -+ memset(kop, 0, sizeof(struct crypt_kop)); -+ kop->crk_op = CRK_DSA_GENERATE_KEY; -+ if (bn2crparam(dsa->p, &kop->crk_param[0])) -+ goto sw_try; -+ if (bn2crparam(dsa->q, &kop->crk_param[1])) -+ goto sw_try; -+ kop->crk_param[2].crp_p = g; -+ kop->crk_param[2].crp_nbits = g_len * 8; -+ kop->crk_iparams = 3; -+ kop->cookie = cookie; - -- if (!group || !priv_key) { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); -- return NULL; -+ /* pub_key is or prime length while priv key is of length of order */ -+ if (cryptodev_asym_async(kop, BN_num_bytes(dsa->p), dsa->pub_key, -+ BN_num_bytes(dsa->q), dsa->priv_key)) -+ goto sw_try; -+ -+ return ret; -+ sw_try: -+ { -+ const DSA_METHOD *meth = DSA_OpenSSL(); -+ -+ if (kop) -+ free(kop); -+ ret = (meth->dsa_keygen) (dsa); -+ cookie->pkc_callback(cookie, 0); - } -+ return ret; -+} - -- if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || -- (a = BN_new()) == NULL || (b = BN_new()) == NULL || -- (p = BN_new()) == NULL || (x = BN_new()) == NULL || -- (y = BN_new()) == NULL) { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+static int -+cryptodev_dsa_do_sign_async(const unsigned char *dgst, int dlen, DSA *dsa, -+ DSA_SIG *sig, struct pkc_cookie_s *cookie) -+{ -+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); -+ DSA_SIG *dsaret = NULL; -+ int q_len = 0, r_len = 0, g_len = 0; -+ int priv_key_len = 0, ret = 1; -+ unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f = -+ NULL; -+ if (((sig->r = BN_new()) == NULL) || !kop) { -+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); - goto err; - } - -- order = &group->order; -- if (!order || BN_is_zero(order)) { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS); -+ if ((sig->s = BN_new()) == NULL) { -+ BN_free(sig->r); -+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); - goto err; - } - -- i = BN_num_bits(order); -- /* -- * Need to truncate digest if it is too long: first truncate whole bytes -- */ -- if (8 * dgst_len > i) -- dgst_len = (i + 7) / 8; -- -- if (!BN_bin2bn(dgst, dgst_len, m)) { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ if (spcf_bn2bin(dsa->p, &q, &q_len)) { -+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - goto err; - } - -- /* If still too long truncate remaining bits with a shift */ -- if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ /* Get order of the field of private keys into plain buffer */ -+ if (spcf_bn2bin(dsa->q, &r, &r_len)) { -+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); - goto err; - } - -- /* copy the truncated bits into plain buffer */ -- if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { -- fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, -- __LINE__); -+ /* sanity test */ -+ if (dlen > r_len) { -+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - goto err; - } - -- ret = ECDSA_SIG_new(); -- if (!ret) { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ g_len = q_len; -+ /** -+ * Get generator into a plain buffer. If length is less than -+ * q_len then add leading padding bytes. -+ */ -+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { -+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); - goto err; - } - -- /* check if this is prime or binary EC request */ -- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == -- NID_X9_62_prime_field) { -- ec_crv = EC_PRIME; -- /* get the generator point pair */ -- if (!EC_POINT_get_affine_coordinates_GFp -- (group, EC_GROUP_get0_generator(group), x, y, ctx)) { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -- goto err; -- } -+ priv_key_len = r_len; -+ /** -+ * Get private key into a plain buffer. If length is less than -+ * r_len then add leading padding bytes. -+ */ -+ if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) { -+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } - -- /* get the ECC curve parameters */ -- if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ /* Allocate memory to store hash. */ -+ f = OPENSSL_malloc(r_len); -+ if (!f) { -+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Add padding, since SEC expects hash to of size r_len */ -+ if (dlen < r_len) -+ memset(f, 0, r_len - dlen); -+ -+ /* Skip leading bytes if dgst_len < r_len */ -+ memcpy(f + r_len - dlen, dgst, dlen); -+ -+ dlen = r_len; -+ -+ memset(kop, 0, sizeof(struct crypt_kop)); -+ kop->crk_op = CRK_DSA_SIGN; -+ -+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ -+ kop->crk_param[0].crp_p = (void *)f; -+ kop->crk_param[0].crp_nbits = dlen * 8; -+ kop->crk_param[1].crp_p = (void *)q; -+ kop->crk_param[1].crp_nbits = q_len * 8; -+ kop->crk_param[2].crp_p = (void *)r; -+ kop->crk_param[2].crp_nbits = r_len * 8; -+ kop->crk_param[3].crp_p = (void *)g; -+ kop->crk_param[3].crp_nbits = g_len * 8; -+ kop->crk_param[4].crp_p = (void *)priv_key; -+ kop->crk_param[4].crp_nbits = priv_key_len * 8; -+ kop->crk_iparams = 5; -+ kop->cookie = cookie; -+ -+ if (cryptodev_asym_async(kop, r_len, sig->r, r_len, sig->s)) -+ goto err; -+ -+ return ret; -+ err: -+ { -+ const DSA_METHOD *meth = DSA_OpenSSL(); -+ -+ if (kop) -+ free(kop); -+ BN_free(sig->r); -+ BN_free(sig->s); -+ dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa); -+ sig->r = dsaret->r; -+ sig->s = dsaret->s; -+ /* Call user callback immediately */ -+ cookie->pkc_callback(cookie, 0); -+ ret = dsaret; -+ } -+ return ret; -+} -+ -+static int -+cryptodev_dsa_verify_async(const unsigned char *dgst, int dlen, -+ DSA_SIG *sig, DSA *dsa, -+ struct pkc_cookie_s *cookie) -+{ -+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); -+ int q_len = 0, r_len = 0, g_len = 0; -+ int w_len = 0, c_len = 0, d_len = 0, ret = 1; -+ unsigned char *q = NULL, *r = NULL, *w = NULL, *g = NULL; -+ unsigned char *c = NULL, *d = NULL, *f = NULL; -+ -+ if (!kop) -+ goto err; -+ -+ if (spcf_bn2bin(dsa->p, &q, &q_len)) { -+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ return ret; -+ } -+ -+ /* Get Order of field of private keys */ -+ if (spcf_bn2bin(dsa->q, &r, &r_len)) { -+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ g_len = q_len; -+ /** -+ * Get generator into a plain buffer. If length is less than -+ * q_len then add leading padding bytes. -+ */ -+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { -+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ w_len = q_len; -+ /** -+ * Get public key into a plain buffer. If length is less than -+ * q_len then add leading padding bytes. -+ */ -+ if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) { -+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ /** -+ * Get the 1st part of signature into a flat buffer with -+ * appropriate padding -+ */ -+ c_len = r_len; -+ -+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /** -+ * Get the 2nd part of signature into a flat buffer with -+ * appropriate padding -+ */ -+ d_len = r_len; -+ -+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Sanity test */ -+ if (dlen > r_len) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Allocate memory to store hash. */ -+ f = OPENSSL_malloc(r_len); -+ if (!f) { -+ DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Add padding, since SEC expects hash to of size r_len */ -+ if (dlen < r_len) -+ memset(f, 0, r_len - dlen); -+ -+ /* Skip leading bytes if dgst_len < r_len */ -+ memcpy(f + r_len - dlen, dgst, dlen); -+ -+ dlen = r_len; -+ memset(kop, 0, sizeof(struct crypt_kop)); -+ -+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ -+ kop->crk_param[0].crp_p = (void *)f; -+ kop->crk_param[0].crp_nbits = dlen * 8; -+ kop->crk_param[1].crp_p = q; -+ kop->crk_param[1].crp_nbits = q_len * 8; -+ kop->crk_param[2].crp_p = r; -+ kop->crk_param[2].crp_nbits = r_len * 8; -+ kop->crk_param[3].crp_p = g; -+ kop->crk_param[3].crp_nbits = g_len * 8; -+ kop->crk_param[4].crp_p = w; -+ kop->crk_param[4].crp_nbits = w_len * 8; -+ kop->crk_param[5].crp_p = c; -+ kop->crk_param[5].crp_nbits = c_len * 8; -+ kop->crk_param[6].crp_p = d; -+ kop->crk_param[6].crp_nbits = d_len * 8; -+ kop->crk_iparams = 7; -+ kop->crk_op = CRK_DSA_VERIFY; -+ kop->cookie = cookie; -+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) -+ goto err; -+ -+ return ret; -+ err: -+ { -+ const DSA_METHOD *meth = DSA_OpenSSL(); -+ -+ if (kop) -+ free(kop); -+ -+ ret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa); -+ cookie->pkc_callback(cookie, 0); -+ } -+ return ret; -+} -+ -+static DSA_METHOD cryptodev_dsa = { -+ "cryptodev DSA method", -+ NULL, -+ NULL, /* dsa_sign_setup */ -+ NULL, -+ NULL, /* dsa_mod_exp */ -+ NULL, -+ NULL, -+ NULL, -+ NULL, -+ NULL, /* init */ -+ NULL, /* finish */ -+ 0, /* flags */ -+ NULL /* app_data */ -+}; -+ -+static ECDSA_METHOD cryptodev_ecdsa = { -+ "cryptodev ECDSA method", -+ NULL, -+ NULL, /* ecdsa_sign_setup */ -+ NULL, -+ NULL, -+ NULL, -+ NULL, -+ 0, /* flags */ -+ NULL /* app_data */ -+}; -+ -+typedef enum ec_curve_s { -+ EC_PRIME, -+ EC_BINARY -+} ec_curve_t; -+ -+/* ENGINE handler for ECDSA Sign */ -+static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst, -+ int dgst_len, const BIGNUM *in_kinv, -+ const BIGNUM *in_r, EC_KEY *eckey) -+{ -+ BIGNUM *m = NULL, *p = NULL, *a = NULL; -+ BIGNUM *b = NULL, *x = NULL, *y = NULL; -+ BN_CTX *ctx = NULL; -+ ECDSA_SIG *ret = NULL; -+ ECDSA_DATA *ecdsa = NULL; -+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL; -+ unsigned char *s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = -+ NULL; -+ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0; -+ int g_len = 0, d_len = 0, ab_len = 0; -+ const BIGNUM *order = NULL, *priv_key = NULL; -+ const EC_GROUP *group = NULL; -+ struct crypt_kop kop; -+ ec_curve_t ec_crv = EC_PRIME; -+ -+ memset(&kop, 0, sizeof(kop)); -+ ecdsa = ecdsa_check(eckey); -+ if (!ecdsa) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); -+ return NULL; -+ } -+ -+ group = EC_KEY_get0_group(eckey); -+ priv_key = EC_KEY_get0_private_key(eckey); -+ -+ if (!group || !priv_key) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); -+ return NULL; -+ } -+ -+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || -+ (a = BN_new()) == NULL || (b = BN_new()) == NULL || -+ (p = BN_new()) == NULL || (x = BN_new()) == NULL || -+ (y = BN_new()) == NULL) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ order = &group->order; -+ if (!order || BN_is_zero(order)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS); -+ goto err; -+ } -+ -+ i = BN_num_bits(order); -+ /* -+ * Need to truncate digest if it is too long: first truncate whole bytes -+ */ -+ if (8 * dgst_len > i) -+ dgst_len = (i + 7) / 8; -+ -+ if (!BN_bin2bn(dgst, dgst_len, m)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* If still too long truncate remaining bits with a shift */ -+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* copy the truncated bits into plain buffer */ -+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { -+ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, -+ __LINE__); -+ goto err; -+ } -+ -+ ret = ECDSA_SIG_new(); -+ if (!ret) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* check if this is prime or binary EC request */ -+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == -+ NID_X9_62_prime_field) { -+ ec_crv = EC_PRIME; -+ /* get the generator point pair */ -+ if (!EC_POINT_get_affine_coordinates_GFp -+ (group, EC_GROUP_get0_generator(group), x, y, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* get the ECC curve parameters */ -+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); - goto err; - } - } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == -@@ -2325,54 +2840,588 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, - goto err; - } - -- /* memory for message representative */ -- f = malloc(r_len); -- if (!f) { -- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -- goto err; -+ /* memory for message representative */ -+ f = malloc(r_len); -+ if (!f) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Add padding, since SEC expects hash to of size r_len */ -+ memset(f, 0, r_len - dgst_len); -+ -+ /* Skip leading bytes if dgst_len < r_len */ -+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len); -+ dgst_len += r_len - dgst_len; -+ kop.crk_op = CRK_DSA_VERIFY; -+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ -+ kop.crk_param[0].crp_p = f; -+ kop.crk_param[0].crp_nbits = dgst_len * 8; -+ kop.crk_param[1].crp_p = q; -+ kop.crk_param[1].crp_nbits = q_len * 8; -+ kop.crk_param[2].crp_p = r; -+ kop.crk_param[2].crp_nbits = r_len * 8; -+ kop.crk_param[3].crp_p = g_xy; -+ kop.crk_param[3].crp_nbits = g_len * 8; -+ kop.crk_param[4].crp_p = w_xy; -+ kop.crk_param[4].crp_nbits = pub_key_len * 8; -+ kop.crk_param[5].crp_p = ab; -+ kop.crk_param[5].crp_nbits = ab_len * 8; -+ kop.crk_param[6].crp_p = c; -+ kop.crk_param[6].crp_nbits = d_len * 8; -+ kop.crk_param[7].crp_p = d; -+ kop.crk_param[7].crp_nbits = d_len * 8; -+ kop.crk_iparams = 8; -+ -+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { -+ /* -+ * OCF success value is 0, if not zero, change ret to fail -+ */ -+ if (0 == kop.crk_status) -+ ret = 1; -+ } else { -+ const ECDSA_METHOD *meth = ECDSA_OpenSSL(); -+ -+ ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey); -+ } -+ kop.crk_param[0].crp_p = NULL; -+ zapparams(&kop); -+ -+ err: -+ return ret; -+} -+ -+static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst, -+ int dgst_len, const BIGNUM *in_kinv, -+ const BIGNUM *in_r, EC_KEY *eckey, -+ ECDSA_SIG *sig, -+ struct pkc_cookie_s *cookie) -+{ -+ BIGNUM *m = NULL, *p = NULL, *a = NULL; -+ BIGNUM *b = NULL, *x = NULL, *y = NULL; -+ BN_CTX *ctx = NULL; -+ ECDSA_SIG *sig_ret = NULL; -+ ECDSA_DATA *ecdsa = NULL; -+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL; -+ unsigned char *s = NULL, *f = NULL, *tmp_dgst = NULL; -+ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0; -+ int g_len = 0, ab_len = 0, ret = 1; -+ const BIGNUM *order = NULL, *priv_key = NULL; -+ const EC_GROUP *group = NULL; -+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); -+ ec_curve_t ec_crv = EC_PRIME; -+ -+ if (!(sig->r = BN_new()) || !kop) -+ goto err; -+ if ((sig->s = BN_new()) == NULL) { -+ BN_free(r); -+ goto err; -+ } -+ -+ memset(kop, 0, sizeof(struct crypt_kop)); -+ ecdsa = ecdsa_check(eckey); -+ if (!ecdsa) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); -+ goto err; -+ } -+ -+ group = EC_KEY_get0_group(eckey); -+ priv_key = EC_KEY_get0_private_key(eckey); -+ -+ if (!group || !priv_key) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); -+ goto err; -+ } -+ -+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || -+ (a = BN_new()) == NULL || (b = BN_new()) == NULL || -+ (p = BN_new()) == NULL || (x = BN_new()) == NULL || -+ (y = BN_new()) == NULL) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ order = &group->order; -+ if (!order || BN_is_zero(order)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS); -+ goto err; -+ } -+ -+ i = BN_num_bits(order); -+ /* -+ * Need to truncate digest if it is too long: first truncate whole bytes -+ */ -+ if (8 * dgst_len > i) -+ dgst_len = (i + 7) / 8; -+ -+ if (!BN_bin2bn(dgst, dgst_len, m)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* If still too long truncate remaining bits with a shift */ -+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* copy the truncated bits into plain buffer */ -+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { -+ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, -+ __LINE__); -+ goto err; -+ } -+ -+ /* check if this is prime or binary EC request */ -+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) -+ == NID_X9_62_prime_field) { -+ ec_crv = EC_PRIME; -+ /* get the generator point pair */ -+ if (!EC_POINT_get_affine_coordinates_GFp(group, -+ EC_GROUP_get0_generator -+ (group), x, y, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* get the ECC curve parameters */ -+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ goto err; -+ } -+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == -+ NID_X9_62_characteristic_two_field) { -+ ec_crv = EC_BINARY; -+ /* get the ECC curve parameters */ -+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* get the generator point pair */ -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, -+ EC_GROUP_get0_generator -+ (group), x, y, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ goto err; -+ } -+ } else { -+ printf("Unsupported Curve\n"); -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ if (spcf_bn2bin(order, &r, &r_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (spcf_bn2bin(p, &q, &q_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ priv_key_len = r_len; -+ -+ /** -+ * If BN_num_bytes of priv_key returns less then r_len then -+ * add padding bytes before the key -+ */ -+ if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Generation of ECC curve parameters */ -+ ab_len = 2 * q_len; -+ ab = eng_copy_curve_points(a, b, ab_len, q_len); -+ if (!ab) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (ec_crv == EC_BINARY) { -+ if (eng_ec_get_cparam -+ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) { -+ unsigned char *c_temp = NULL; -+ int c_temp_len = q_len; -+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) -+ memcpy(ab + q_len, c_temp, q_len); -+ else -+ goto err; -+ } -+ kop->curve_type = ECC_BINARY; -+ } -+ -+ /* Calculation of Generator point */ -+ g_len = 2 * q_len; -+ g_xy = eng_copy_curve_points(x, y, g_len, q_len); -+ if (!g_xy) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* memory for message representative */ -+ f = malloc(r_len); -+ if (!f) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Add padding, since SEC expects hash to of size r_len */ -+ memset(f, 0, r_len - dgst_len); -+ -+ /* Skip leading bytes if dgst_len < r_len */ -+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len); -+ -+ dgst_len += r_len - dgst_len; -+ -+ kop->crk_op = CRK_DSA_SIGN; -+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ -+ kop->crk_param[0].crp_p = f; -+ kop->crk_param[0].crp_nbits = dgst_len * 8; -+ kop->crk_param[1].crp_p = q; -+ kop->crk_param[1].crp_nbits = q_len * 8; -+ kop->crk_param[2].crp_p = r; -+ kop->crk_param[2].crp_nbits = r_len * 8; -+ kop->crk_param[3].crp_p = g_xy; -+ kop->crk_param[3].crp_nbits = g_len * 8; -+ kop->crk_param[4].crp_p = s; -+ kop->crk_param[4].crp_nbits = priv_key_len * 8; -+ kop->crk_param[5].crp_p = ab; -+ kop->crk_param[5].crp_nbits = ab_len * 8; -+ kop->crk_iparams = 6; -+ kop->cookie = cookie; -+ -+ if (cryptodev_asym_async(kop, r_len, sig->r, r_len, sig->s)) -+ goto err; -+ -+ return ret; -+ err: -+ { -+ const ECDSA_METHOD *meth = ECDSA_OpenSSL(); -+ BN_free(sig->r); -+ BN_free(sig->s); -+ if (kop) -+ free(kop); -+ sig_ret = -+ (meth->ecdsa_do_sign) (dgst, dgst_len, in_kinv, in_r, eckey); -+ sig->r = sig_ret->r; -+ sig->s = sig_ret->s; -+ cookie->pkc_callback(cookie, 0); -+ } -+ return ret; -+} -+ -+static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, -+ int dgst_len, const ECDSA_SIG *sig, -+ EC_KEY *eckey, -+ struct pkc_cookie_s *cookie) -+{ -+ BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL; -+ BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL; -+ BN_CTX *ctx = NULL; -+ ECDSA_DATA *ecdsa = NULL; -+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy = -+ NULL; -+ unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL; -+ int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0; -+ int d_len = 0, ab_len = 0, ret = 1; -+ const EC_POINT *pub_key = NULL; -+ const BIGNUM *order = NULL; -+ const EC_GROUP *group = NULL; -+ ec_curve_t ec_crv = EC_PRIME; -+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); -+ -+ if (!kop) -+ goto err; -+ -+ memset(kop, 0, sizeof(struct crypt_kop)); -+ ecdsa = ecdsa_check(eckey); -+ if (!ecdsa) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER); -+ goto err; -+ } -+ -+ group = EC_KEY_get0_group(eckey); -+ pub_key = EC_KEY_get0_public_key(eckey); -+ -+ if (!group || !pub_key) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER); -+ goto err; -+ } -+ -+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || -+ (a = BN_new()) == NULL || (b = BN_new()) == NULL || -+ (p = BN_new()) == NULL || (x = BN_new()) == NULL || -+ (y = BN_new()) == NULL || (w_x = BN_new()) == NULL || -+ (w_y = BN_new()) == NULL) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ order = &group->order; -+ if (!order || BN_is_zero(order)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS); -+ goto err; -+ } -+ -+ i = BN_num_bits(order); -+ /* -+ * Need to truncate digest if it is too long: first truncate whole * -+ * bytes -+ */ -+ if (8 * dgst_len > i) -+ dgst_len = (i + 7) / 8; -+ -+ if (!BN_bin2bn(dgst, dgst_len, m)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* If still too long truncate remaining bits with a shift */ -+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); -+ goto err; -+ } -+ /* copy the truncated bits into plain buffer */ -+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* check if this is prime or binary EC request */ -+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == -+ NID_X9_62_prime_field) { -+ ec_crv = EC_PRIME; -+ -+ /* get the generator point pair */ -+ if (!EC_POINT_get_affine_coordinates_GFp(group, -+ EC_GROUP_get0_generator -+ (group), x, y, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* get the public key pair for prime curve */ -+ if (!EC_POINT_get_affine_coordinates_GFp(group, -+ pub_key, w_x, w_y, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* get the ECC curve parameters */ -+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == -+ NID_X9_62_characteristic_two_field) { -+ ec_crv = EC_BINARY; -+ /* get the ECC curve parameters */ -+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* get the generator point pair */ -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, -+ EC_GROUP_get0_generator -+ (group), x, y, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* get the public key pair for binary curve */ -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, -+ pub_key, w_x, w_y, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ } else { -+ printf("Unsupported Curve\n"); -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* Get the order of the subgroup of private keys */ -+ if (spcf_bn2bin((BIGNUM *)order, &r, &r_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Get the irreducible polynomial that creates the field */ -+ if (spcf_bn2bin(p, &q, &q_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Get the public key into a flat buffer with appropriate padding */ -+ pub_key_len = 2 * q_len; -+ -+ w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len); -+ if (!w_xy) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Generation of ECC curve parameters */ -+ ab_len = 2 * q_len; -+ -+ ab = eng_copy_curve_points(a, b, ab_len, q_len); -+ if (!ab) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (ec_crv == EC_BINARY) { -+ /* copy b' i.e c(b), instead of only b */ -+ eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab + q_len, q_len); -+ kop->curve_type = ECC_BINARY; -+ } -+ -+ /* Calculation of Generator point */ -+ g_len = 2 * q_len; -+ -+ g_xy = eng_copy_curve_points(x, y, g_len, q_len); -+ if (!g_xy) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /** -+ * Get the 1st part of signature into a flat buffer with -+ * appropriate padding -+ */ -+ if (BN_num_bytes(sig->r) < r_len) -+ c_len = r_len; -+ -+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /** -+ * Get the 2nd part of signature into a flat buffer with -+ * appropriate padding -+ */ -+ if (BN_num_bytes(sig->s) < r_len) -+ d_len = r_len; -+ -+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* memory for message representative */ -+ f = malloc(r_len); -+ if (!f) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Add padding, since SEC expects hash to of size r_len */ -+ memset(f, 0, r_len - dgst_len); -+ -+ /* Skip leading bytes if dgst_len < r_len */ -+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len); -+ -+ dgst_len += r_len - dgst_len; -+ -+ kop->crk_op = CRK_DSA_VERIFY; -+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ -+ kop->crk_param[0].crp_p = f; -+ kop->crk_param[0].crp_nbits = dgst_len * 8; -+ kop->crk_param[1].crp_p = q; -+ kop->crk_param[1].crp_nbits = q_len * 8; -+ kop->crk_param[2].crp_p = r; -+ kop->crk_param[2].crp_nbits = r_len * 8; -+ kop->crk_param[3].crp_p = g_xy; -+ kop->crk_param[3].crp_nbits = g_len * 8; -+ kop->crk_param[4].crp_p = w_xy; -+ kop->crk_param[4].crp_nbits = pub_key_len * 8; -+ kop->crk_param[5].crp_p = ab; -+ kop->crk_param[5].crp_nbits = ab_len * 8; -+ kop->crk_param[6].crp_p = c; -+ kop->crk_param[6].crp_nbits = d_len * 8; -+ kop->crk_param[7].crp_p = d; -+ kop->crk_param[7].crp_nbits = d_len * 8; -+ kop->crk_iparams = 8; -+ kop->cookie = cookie; -+ -+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) -+ goto err; -+ -+ return ret; -+ err: -+ { -+ const ECDSA_METHOD *meth = ECDSA_OpenSSL(); -+ -+ if (kop) -+ free(kop); -+ ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey); -+ cookie->pkc_callback(cookie, 0); -+ } -+ -+ return ret; -+} -+ -+/* Cryptodev DH Key Gen routine */ -+static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie) -+{ -+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); -+ int ret = 1, g_len; -+ unsigned char *g = NULL; -+ -+ if (!kop) -+ goto sw_try; -+ -+ if (dh->priv_key == NULL) { -+ if ((dh->priv_key = BN_new()) == NULL) -+ goto sw_try; -+ } -+ -+ if (dh->pub_key == NULL) { -+ if ((dh->pub_key = BN_new()) == NULL) -+ goto sw_try; -+ } -+ -+ g_len = BN_num_bytes(dh->p); -+ /** -+ * Get generator into a plain buffer. If length is less than -+ * q_len then add leading padding bytes. -+ */ -+ if (spcf_bn2bin_ex(dh->g, &g, &g_len)) { -+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); -+ goto sw_try; - } - -- /* Add padding, since SEC expects hash to of size r_len */ -- memset(f, 0, r_len - dgst_len); -+ memset(kop, 0, sizeof(struct crypt_kop)); -+ kop->crk_op = CRK_DH_GENERATE_KEY; -+ if (bn2crparam(dh->p, &kop->crk_param[0])) -+ goto sw_try; -+ if (bn2crparam(dh->q, &kop->crk_param[1])) -+ goto sw_try; -+ kop->crk_param[2].crp_p = g; -+ kop->crk_param[2].crp_nbits = g_len * 8; -+ kop->crk_iparams = 3; -+ kop->cookie = cookie; - -- /* Skip leading bytes if dgst_len < r_len */ -- memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len); -- dgst_len += r_len - dgst_len; -- kop.crk_op = CRK_DSA_VERIFY; -- /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ -- kop.crk_param[0].crp_p = f; -- kop.crk_param[0].crp_nbits = dgst_len * 8; -- kop.crk_param[1].crp_p = q; -- kop.crk_param[1].crp_nbits = q_len * 8; -- kop.crk_param[2].crp_p = r; -- kop.crk_param[2].crp_nbits = r_len * 8; -- kop.crk_param[3].crp_p = g_xy; -- kop.crk_param[3].crp_nbits = g_len * 8; -- kop.crk_param[4].crp_p = w_xy; -- kop.crk_param[4].crp_nbits = pub_key_len * 8; -- kop.crk_param[5].crp_p = ab; -- kop.crk_param[5].crp_nbits = ab_len * 8; -- kop.crk_param[6].crp_p = c; -- kop.crk_param[6].crp_nbits = d_len * 8; -- kop.crk_param[7].crp_p = d; -- kop.crk_param[7].crp_nbits = d_len * 8; -- kop.crk_iparams = 8; -+ /* pub_key is or prime length while priv key is of length of order */ -+ if (cryptodev_asym_async(kop, BN_num_bytes(dh->p), dh->pub_key, -+ BN_num_bytes(dh->q), dh->priv_key)) -+ goto sw_try; - -- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { -- /* -- * OCF success value is 0, if not zero, change ret to fail -- */ -- if (0 == kop.crk_status) -- ret = 1; -- } else { -- const ECDSA_METHOD *meth = ECDSA_OpenSSL(); -+ return ret; -+ sw_try: -+ { -+ const DH_METHOD *meth = DH_OpenSSL(); - -- ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey); -+ if (kop) -+ free(kop); -+ ret = (meth->generate_key) (dh); -+ cookie->pkc_callback(cookie, 0); - } -- kop.crk_param[0].crp_p = NULL; -- zapparams(&kop); -- -- err: - return ret; - } - -@@ -2481,6 +3530,54 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) - return (dhret); - } - -+/* Return Length if successful and 0 on failure */ -+static int -+cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key, -+ DH *dh, struct pkc_cookie_s *cookie) -+{ -+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); -+ int ret = 1; -+ int fd, p_len; -+ unsigned char *padded_pub_key = NULL, *p = NULL; -+ -+ fd = *(int *)cookie->eng_handle; -+ -+ memset(kop, 0, sizeof(struct crypt_kop)); -+ kop->crk_op = CRK_DH_COMPUTE_KEY; -+ /* inputs: dh->priv_key pub_key dh->p key */ -+ spcf_bn2bin(dh->p, &p, &p_len); -+ spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len); -+ -+ if (bn2crparam(dh->priv_key, &kop->crk_param[0])) -+ goto err; -+ kop->crk_param[1].crp_p = padded_pub_key; -+ kop->crk_param[1].crp_nbits = p_len * 8; -+ kop->crk_param[2].crp_p = p; -+ kop->crk_param[2].crp_nbits = p_len * 8; -+ kop->crk_iparams = 3; -+ -+ kop->cookie = cookie; -+ kop->crk_param[3].crp_p = (void *)key; -+ kop->crk_param[3].crp_nbits = p_len * 8; -+ kop->crk_oparams = 1; -+ -+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) -+ goto err; -+ -+ return p_len; -+ err: -+ { -+ const DH_METHOD *meth = DH_OpenSSL(); -+ -+ if (kop) -+ free(kop); -+ ret = (meth->compute_key) (key, pub_key, dh); -+ /* Call user cookie handler */ -+ cookie->pkc_callback(cookie, 0); -+ } -+ return (ret); -+} -+ - int cryptodev_ecdh_compute_key(void *out, size_t outlen, - const EC_POINT *pub_key, EC_KEY *ecdh, - void *(*KDF) (const void *in, size_t inlen, -@@ -2663,6 +3760,197 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen, - return ret; - } - -+int cryptodev_ecdh_compute_key_async(void *out, size_t outlen, -+ const EC_POINT *pub_key, EC_KEY *ecdh, -+ void *(*KDF) (const void *in, -+ size_t inlen, void *out, -+ size_t *outlen), -+ struct pkc_cookie_s *cookie) -+{ -+ ec_curve_t ec_crv = EC_PRIME; -+ unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; -+ BIGNUM *w_x = NULL, *w_y = NULL; -+ int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; -+ BIGNUM *p = NULL, *a = NULL, *b = NULL; -+ BN_CTX *ctx; -+ EC_POINT *tmp = NULL; -+ BIGNUM *x = NULL, *y = NULL; -+ const BIGNUM *priv_key; -+ const EC_GROUP *group = NULL; -+ int ret = 1; -+ size_t buflen, len; -+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); -+ -+ if (!(ctx = BN_CTX_new()) || !kop) -+ goto err; -+ -+ memset(kop, 0, sizeof(struct crypt_kop)); -+ -+ BN_CTX_start(ctx); -+ x = BN_CTX_get(ctx); -+ y = BN_CTX_get(ctx); -+ p = BN_CTX_get(ctx); -+ a = BN_CTX_get(ctx); -+ b = BN_CTX_get(ctx); -+ w_x = BN_CTX_get(ctx); -+ w_y = BN_CTX_get(ctx); -+ -+ if (!x || !y || !p || !a || !b || !w_x || !w_y) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ priv_key = EC_KEY_get0_private_key(ecdh); -+ if (priv_key == NULL) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE); -+ goto err; -+ } -+ -+ group = EC_KEY_get0_group(ecdh); -+ if ((tmp = EC_POINT_new(group)) == NULL) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == -+ NID_X9_62_prime_field) { -+ ec_crv = EC_PRIME; -+ -+ if (!EC_POINT_get_affine_coordinates_GFp(group, -+ EC_GROUP_get0_generator -+ (group), x, y, ctx)) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE); -+ goto err; -+ } -+ -+ /* get the ECC curve parameters */ -+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* get the public key pair for prime curve */ -+ if (!EC_POINT_get_affine_coordinates_GFp -+ (group, pub_key, w_x, w_y, ctx)) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB); -+ goto err; -+ } -+ } else { -+ ec_crv = EC_BINARY; -+ -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, -+ EC_GROUP_get0_generator -+ (group), x, y, ctx)) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE); -+ goto err; -+ } -+ -+ /* get the ECC curve parameters */ -+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* get the public key pair for binary curve */ -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, -+ pub_key, w_x, w_y, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ goto err; -+ } -+ } -+ -+ /* irreducible polynomial that creates the field */ -+ if (spcf_bn2bin((BIGNUM *)&group->order, &r, &r_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Get the irreducible polynomial that creates the field */ -+ if (spcf_bn2bin(p, &q, &q_len)) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* Get the public key into a flat buffer with appropriate padding */ -+ pub_key_len = 2 * q_len; -+ w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len); -+ if (!w_xy) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Generation of ECC curve parameters */ -+ ab_len = 2 * q_len; -+ ab = eng_copy_curve_points(a, b, ab_len, q_len); -+ if (!ab) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ if (ec_crv == EC_BINARY) { -+ /* copy b' i.e c(b), instead of only b */ -+ if (eng_ec_get_cparam -+ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) { -+ unsigned char *c_temp = NULL; -+ int c_temp_len = q_len; -+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) -+ memcpy(ab + q_len, c_temp, q_len); -+ else -+ goto err; -+ } -+ kop->curve_type = ECC_BINARY; -+ } else -+ kop->curve_type = ECC_PRIME; -+ -+ priv_key_len = r_len; -+ -+ /* -+ * If BN_num_bytes of priv_key returns less then r_len then -+ * add padding bytes before the key -+ */ -+ if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ buflen = (EC_GROUP_get_degree(group) + 7) / 8; -+ len = BN_num_bytes(x); -+ if (len > buflen || q_len < buflen) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ kop->crk_op = CRK_DH_COMPUTE_KEY; -+ kop->crk_param[0].crp_p = (void *)s; -+ kop->crk_param[0].crp_nbits = priv_key_len * 8; -+ kop->crk_param[1].crp_p = (void *)w_xy; -+ kop->crk_param[1].crp_nbits = pub_key_len * 8; -+ kop->crk_param[2].crp_p = (void *)q; -+ kop->crk_param[2].crp_nbits = q_len * 8; -+ kop->crk_param[3].crp_p = (void *)ab; -+ kop->crk_param[3].crp_nbits = ab_len * 8; -+ kop->crk_iparams = 4; -+ kop->crk_param[4].crp_p = (void *)out; -+ kop->crk_param[4].crp_nbits = q_len * 8; -+ kop->crk_oparams = 1; -+ kop->cookie = cookie; -+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) -+ goto err; -+ -+ return q_len; -+ err: -+ { -+ const ECDH_METHOD *meth = ECDH_OpenSSL(); -+ -+ if (kop) -+ free(kop); -+ ret = (meth->compute_key) (out, outlen, pub_key, ecdh, KDF); -+ /* Call user cookie handler */ -+ cookie->pkc_callback(cookie, 0); -+ } -+ return ret; -+} -+ - static DH_METHOD cryptodev_dh = { - "cryptodev DH method", - NULL, /* cryptodev_dh_generate_key */ -@@ -2670,6 +3958,8 @@ static DH_METHOD cryptodev_dh = { - NULL, - NULL, - NULL, -+ NULL, -+ NULL, - 0, /* flags */ - NULL /* app_data */ - }; -@@ -2678,6 +3968,7 @@ static ECDH_METHOD cryptodev_ecdh = { - "cryptodev ECDH method", - NULL, /* cryptodev_ecdh_compute_key */ - NULL, -+ NULL, - 0, /* flags */ - NULL /* app_data */ - }; -@@ -2748,10 +4039,15 @@ void ENGINE_load_cryptodev(void) - cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; - if (cryptodev_asymfeat & CRF_MOD_EXP) { - cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp; -- if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) -+ cryptodev_rsa.bn_mod_exp_async = cryptodev_bn_mod_exp_async; -+ if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) { - cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_mod_exp; -- else -+ cryptodev_rsa.rsa_mod_exp_async = cryptodev_rsa_mod_exp_async; -+ } else { - cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_nocrt_mod_exp; -+ cryptodev_rsa.rsa_mod_exp_async = -+ cryptodev_rsa_nocrt_mod_exp_async; -+ } - } - } - -@@ -2759,12 +4055,18 @@ void ENGINE_load_cryptodev(void) - const DSA_METHOD *meth = DSA_OpenSSL(); - - memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); -- if (cryptodev_asymfeat & CRF_DSA_SIGN) -+ if (cryptodev_asymfeat & CRF_DSA_SIGN) { - cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; -- if (cryptodev_asymfeat & CRF_DSA_VERIFY) -+ cryptodev_dsa.dsa_do_sign_async = cryptodev_dsa_do_sign_async; -+ } -+ if (cryptodev_asymfeat & CRF_DSA_VERIFY) { - cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; -- if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) -+ cryptodev_dsa.dsa_do_verify_async = cryptodev_dsa_verify_async; -+ } -+ if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) { - cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen; -+ cryptodev_dsa.dsa_keygen_async = cryptodev_dsa_keygen_async; -+ } - } - - if (ENGINE_set_DH(engine, &cryptodev_dh)) { -@@ -2772,9 +4074,12 @@ void ENGINE_load_cryptodev(void) - memcpy(&cryptodev_dh, dh_meth, sizeof(DH_METHOD)); - if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { - cryptodev_dh.compute_key = cryptodev_dh_compute_key; -+ cryptodev_dh.compute_key_async = cryptodev_dh_compute_key_async; - } - if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) { - cryptodev_dh.generate_key = cryptodev_dh_keygen; -+ cryptodev_dh.generate_key_async = cryptodev_dh_keygen_async; -+ - } - } - -@@ -2783,9 +4088,13 @@ void ENGINE_load_cryptodev(void) - memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD)); - if (cryptodev_asymfeat & CRF_DSA_SIGN) { - cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign; -+ cryptodev_ecdsa.ecdsa_do_sign_async = -+ cryptodev_ecdsa_do_sign_async; - } - if (cryptodev_asymfeat & CRF_DSA_VERIFY) { - cryptodev_ecdsa.ecdsa_do_verify = cryptodev_ecdsa_verify; -+ cryptodev_ecdsa.ecdsa_do_verify_async = -+ cryptodev_ecdsa_verify_async; - } - } - -@@ -2794,9 +4103,16 @@ void ENGINE_load_cryptodev(void) - memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD)); - if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { - cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key; -+ cryptodev_ecdh.compute_key_async = -+ cryptodev_ecdh_compute_key_async; - } - } - -+ ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability); -+ ENGINE_set_close_instance(engine, cryptodev_close_instance); -+ ENGINE_set_init_instance(engine, cryptodev_init_instance); -+ ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC); -+ - ENGINE_add(engine); - ENGINE_free(engine); - ERR_clear_error(); -diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h -index 46f163b..b698a0c 100644 ---- a/crypto/engine/eng_int.h -+++ b/crypto/engine/eng_int.h -@@ -198,6 +198,29 @@ struct engine_st { - ENGINE_LOAD_KEY_PTR load_privkey; - ENGINE_LOAD_KEY_PTR load_pubkey; - ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert; -+ /* -+ * Instantiate Engine handle to be passed in check_pkc_availability -+ * Ensure that Engine is instantiated before any pkc asynchronous call. -+ */ -+ void *(*engine_init_instance)(void); -+ /* -+ * Instantiated Engine handle will be closed with this call. -+ * Ensure that no pkc asynchronous call is made after this call -+ */ -+ void (*engine_close_instance)(void *handle); -+ /* -+ * Check availability will extract the data from kernel. -+ * eng_handle: This is the Engine handle corresponds to which -+ * the cookies needs to be polled. -+ * return 0 if cookie available else 1 -+ */ -+ int (*check_pkc_availability)(void *eng_handle); -+ /* -+ * The following map is used to check if the engine supports asynchronous implementation -+ * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous -+ * implementation need to check this features using "int ENGINE_get_async_map(engine *)"; -+ */ -+ int async_map; - const ENGINE_CMD_DEFN *cmd_defns; - int flags; - /* reference count on the structure itself */ -diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c -index dc2abd2..0c57e12 100644 ---- a/crypto/engine/eng_lib.c -+++ b/crypto/engine/eng_lib.c -@@ -100,7 +100,11 @@ void engine_set_all_null(ENGINE *e) - e->ctrl = NULL; - e->load_privkey = NULL; - e->load_pubkey = NULL; -+ e->check_pkc_availability = NULL; -+ e->engine_init_instance = NULL; -+ e->engine_close_instance = NULL; - e->cmd_defns = NULL; -+ e->async_map = 0; - e->flags = 0; - } - -@@ -246,6 +250,48 @@ int ENGINE_set_id(ENGINE *e, const char *id) - } - e->id = id; - return 1; -+ } -+ -+void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void)) -+ { -+ e->engine_init_instance = engine_init_instance; -+ } -+ -+void ENGINE_set_close_instance(ENGINE *e, -+ void (*engine_close_instance)(void *)) -+ { -+ e->engine_close_instance = engine_close_instance; -+ } -+ -+void ENGINE_set_async_map(ENGINE *e, int async_map) -+ { -+ e->async_map = async_map; -+ } -+ -+void *ENGINE_init_instance(ENGINE *e) -+ { -+ return e->engine_init_instance(); -+ } -+ -+void ENGINE_close_instance(ENGINE *e, void *eng_handle) -+ { -+ e->engine_close_instance(eng_handle); -+ } -+ -+int ENGINE_get_async_map(ENGINE *e) -+ { -+ return e->async_map; -+ } -+ -+void ENGINE_set_check_pkc_availability(ENGINE *e, -+ int (*check_pkc_availability)(void *eng_handle)) -+ { -+ e->check_pkc_availability = check_pkc_availability; -+ } -+ -+int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle) -+ { -+ return e->check_pkc_availability(eng_handle); - } - - int ENGINE_set_name(ENGINE *e, const char *name) -diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h -index 020d912..4527aa1 100644 ---- a/crypto/engine/engine.h -+++ b/crypto/engine/engine.h -@@ -551,6 +551,30 @@ ENGINE *ENGINE_new(void); - int ENGINE_free(ENGINE *e); - int ENGINE_up_ref(ENGINE *e); - int ENGINE_set_id(ENGINE *e, const char *id); -+void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void)); -+void ENGINE_set_close_instance(ENGINE *e, -+ void (*engine_free_instance)(void *)); -+/* -+ * Following FLAGS are bitmap store in async_map to set asynchronous interface capability -+ *of the engine -+ */ -+#define ENGINE_RSA_ASYNC 0x0001 -+#define ENGINE_DSA_ASYNC 0x0002 -+#define ENGINE_DH_ASYNC 0x0004 -+#define ENGINE_ECDSA_ASYNC 0x0008 -+#define ENGINE_ECDH_ASYNC 0x0010 -+#define ENGINE_ALLPKC_ASYNC 0x001F -+/* Engine implementation will set the bitmap based on above flags using following API */ -+void ENGINE_set_async_map(ENGINE *e, int async_map); -+ /* Application need to check the bitmap based on above flags using following API -+ * to confirm asynchronous methods supported -+ */ -+int ENGINE_get_async_map(ENGINE *e); -+void *ENGINE_init_instance(ENGINE *e); -+void ENGINE_close_instance(ENGINE *e, void *eng_handle); -+void ENGINE_set_check_pkc_availability(ENGINE *e, -+ int (*check_pkc_availability)(void *eng_handle)); -+int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle); - int ENGINE_set_name(ENGINE *e, const char *name); - int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); - int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); -diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h -index d2ee374..7c539fc 100644 ---- a/crypto/rsa/rsa.h -+++ b/crypto/rsa/rsa.h -@@ -97,6 +97,29 @@ struct rsa_meth_st { - /* Can be null */ - int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -+ /* -+ * Cookie in the following _async variant must be allocated before -+ * submission and can be freed once its corresponding callback -+ * handler is called -+ */ -+ int (*rsa_pub_enc_asyn)(int flen,const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding, -+ struct pkc_cookie_s *cookie); -+ int (*rsa_pub_dec_async)(int flen,const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding, -+ struct pkc_cookie_s *cookie); -+ int (*rsa_priv_enc_async)(int flen,const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding, -+ struct pkc_cookie_s *cookie); -+ int (*rsa_priv_dec_async)(int flen,const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding, -+ struct pkc_cookie_s *cookie); -+ int (*rsa_mod_exp_async)(BIGNUM *r0, const BIGNUM *I, RSA *rsa, -+ BN_CTX *ctx, struct pkc_cookie_s *cookie); -+ int (*bn_mod_exp_async)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -+ const BIGNUM *m, BN_CTX *ctx, -+ BN_MONT_CTX *m_ctx, struct pkc_cookie_s *cookie); -+ - /* called at new */ - int (*init) (RSA *rsa); - /* called at free */ --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch deleted file mode 100644 index 070b93a..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch +++ /dev/null @@ -1,155 +0,0 @@ -From 73629969c6fe54529441530674b061ce31a41d93 Mon Sep 17 00:00:00 2001 -From: Hou Zhiqiang -Date: Wed, 2 Apr 2014 16:10:43 +0800 -Subject: [PATCH 08/48] Add RSA keygen operation and support gendsa command - with hardware engine - -Upstream-status: Pending - -Signed-off-by: Hou Zhiqiang -Tested-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 120 ++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 120 insertions(+) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 90fe9b8..8c9ad5c 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -2022,6 +2022,124 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen, - } - } - -+/* Cryptodev RSA Key Gen routine */ -+static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) -+{ -+ struct crypt_kop kop; -+ int ret, fd; -+ int p_len, q_len; -+ int i; -+ -+ if ((fd = get_asym_dev_crypto()) < 0) -+ return fd; -+ -+ if (!rsa->n && ((rsa->n = BN_new()) == NULL)) -+ goto err; -+ if (!rsa->d && ((rsa->d = BN_new()) == NULL)) -+ goto err; -+ if (!rsa->e && ((rsa->e = BN_new()) == NULL)) -+ goto err; -+ if (!rsa->p && ((rsa->p = BN_new()) == NULL)) -+ goto err; -+ if (!rsa->q && ((rsa->q = BN_new()) == NULL)) -+ goto err; -+ if (!rsa->dmp1 && ((rsa->dmp1 = BN_new()) == NULL)) -+ goto err; -+ if (!rsa->dmq1 && ((rsa->dmq1 = BN_new()) == NULL)) -+ goto err; -+ if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL)) -+ goto err; -+ -+ BN_copy(rsa->e, e); -+ -+ p_len = (bits + 1) / (2 * 8); -+ q_len = (bits - p_len * 8) / 8; -+ memset(&kop, 0, sizeof kop); -+ kop.crk_op = CRK_RSA_GENERATE_KEY; -+ -+ /* p length */ -+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char)); -+ if (!kop.crk_param[kop.crk_iparams].crp_p) -+ goto err; -+ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8; -+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1); -+ kop.crk_iparams++; -+ kop.crk_oparams++; -+ /* q length */ -+ kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char)); -+ if (!kop.crk_param[kop.crk_iparams].crp_p) -+ goto err; -+ kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8; -+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1); -+ kop.crk_iparams++; -+ kop.crk_oparams++; -+ /* n length */ -+ kop.crk_param[kop.crk_iparams].crp_p = -+ calloc(p_len + q_len + 1, sizeof(char)); -+ if (!kop.crk_param[kop.crk_iparams].crp_p) -+ goto err; -+ kop.crk_param[kop.crk_iparams].crp_nbits = bits; -+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0x00, p_len + q_len + 1); -+ kop.crk_iparams++; -+ kop.crk_oparams++; -+ /* d length */ -+ kop.crk_param[kop.crk_iparams].crp_p = -+ calloc(p_len + q_len + 1, sizeof(char)); -+ if (!kop.crk_param[kop.crk_iparams].crp_p) -+ goto err; -+ kop.crk_param[kop.crk_iparams].crp_nbits = bits; -+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + q_len + 1); -+ kop.crk_iparams++; -+ kop.crk_oparams++; -+ /* dp1 length */ -+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char)); -+ if (!kop.crk_param[kop.crk_iparams].crp_p) -+ goto err; -+ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8; -+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1); -+ kop.crk_iparams++; -+ kop.crk_oparams++; -+ /* dq1 length */ -+ kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char)); -+ if (!kop.crk_param[kop.crk_iparams].crp_p) -+ goto err; -+ kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8; -+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1); -+ kop.crk_iparams++; -+ kop.crk_oparams++; -+ /* i length */ -+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char)); -+ if (!kop.crk_param[kop.crk_iparams].crp_p) -+ goto err; -+ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8; -+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1); -+ kop.crk_iparams++; -+ kop.crk_oparams++; -+ -+ if (ioctl(fd, CIOCKEY, &kop) == 0) { -+ BN_bin2bn(kop.crk_param[0].crp_p, p_len, rsa->p); -+ BN_bin2bn(kop.crk_param[1].crp_p, q_len, rsa->q); -+ BN_bin2bn(kop.crk_param[2].crp_p, bits / 8, rsa->n); -+ BN_bin2bn(kop.crk_param[3].crp_p, bits / 8, rsa->d); -+ BN_bin2bn(kop.crk_param[4].crp_p, p_len, rsa->dmp1); -+ BN_bin2bn(kop.crk_param[5].crp_p, q_len, rsa->dmq1); -+ BN_bin2bn(kop.crk_param[6].crp_p, p_len, rsa->iqmp); -+ return 1; -+ } -+ sw_try: -+ { -+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); -+ ret = (meth->rsa_keygen) (rsa, bits, e, cb); -+ } -+ return ret; -+ -+ err: -+ for (i = 0; i < CRK_MAXPARAM; i++) -+ free(kop.crk_param[i].crp_p); -+ return 0; -+ -+} -+ - /* Cryptodev DSA Key Gen routine */ - static int cryptodev_dsa_keygen(DSA *dsa) - { -@@ -4048,6 +4166,8 @@ void ENGINE_load_cryptodev(void) - cryptodev_rsa.rsa_mod_exp_async = - cryptodev_rsa_nocrt_mod_exp_async; - } -+ if (cryptodev_asymfeat & CRF_RSA_GENERATE_KEY) -+ cryptodev_rsa.rsa_keygen = cryptodev_rsa_keygen; - } - } - --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch deleted file mode 100644 index faa1690..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch +++ /dev/null @@ -1,64 +0,0 @@ -From b3726ca2b823fe2a4c675b750e6f96d4a03ce93c Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Wed, 16 Apr 2014 22:53:04 +0545 -Subject: [PATCH 09/48] RSA Keygen Fix - -Upstream-status: Pending - -If Kernel driver doesn't support RSA Keygen or same returns -error handling the keygen operation, the keygen is gracefully -handled by software supported rsa_keygen handler - -Signed-off-by: Yashpal Dutta -Tested-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 12 +++++++----- - 1 file changed, 7 insertions(+), 5 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 8c9ad5c..3686c23 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -2031,7 +2031,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) - int i; - - if ((fd = get_asym_dev_crypto()) < 0) -- return fd; -+ goto sw_try; - - if (!rsa->n && ((rsa->n = BN_new()) == NULL)) - goto err; -@@ -2060,7 +2060,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) - /* p length */ - kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char)); - if (!kop.crk_param[kop.crk_iparams].crp_p) -- goto err; -+ goto sw_try; - kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8; - memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1); - kop.crk_iparams++; -@@ -2068,7 +2068,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) - /* q length */ - kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char)); - if (!kop.crk_param[kop.crk_iparams].crp_p) -- goto err; -+ goto sw_try; - kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8; - memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1); - kop.crk_iparams++; -@@ -2128,8 +2128,10 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) - } - sw_try: - { -- const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); -- ret = (meth->rsa_keygen) (rsa, bits, e, cb); -+ const RSA_METHOD *meth = rsa->meth; -+ rsa->meth = RSA_PKCS1_SSLeay(); -+ ret = RSA_generate_key_ex(rsa, bits, e, cb); -+ rsa->meth = meth; - } - return ret; - --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch deleted file mode 100644 index 22258b4..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch +++ /dev/null @@ -1,163 +0,0 @@ -From 1a7d37d609b5ce61d0c1454292dd4500859ed65c Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Thu, 17 Apr 2014 06:57:59 +0545 -Subject: [PATCH 10/48] Removed local copy of curve_t type - -Upstream-status: Pending - -Signed-off-by: Yashpal Dutta -Tested-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 33 ++++++++++++++------------------- - crypto/engine/eng_cryptodev_ec.h | 7 ------- - 2 files changed, 14 insertions(+), 26 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 3686c23..afcf72b 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -2517,11 +2517,6 @@ static ECDSA_METHOD cryptodev_ecdsa = { - NULL /* app_data */ - }; - --typedef enum ec_curve_s { -- EC_PRIME, -- EC_BINARY --} ec_curve_t; -- - /* ENGINE handler for ECDSA Sign */ - static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst, - int dgst_len, const BIGNUM *in_kinv, -@@ -2540,7 +2535,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst, - const BIGNUM *order = NULL, *priv_key = NULL; - const EC_GROUP *group = NULL; - struct crypt_kop kop; -- ec_curve_t ec_crv = EC_PRIME; -+ enum ec_curve_t ec_crv = EC_PRIME; - - memset(&kop, 0, sizeof(kop)); - ecdsa = ecdsa_check(eckey); -@@ -2678,7 +2673,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst, - else - goto err; - } -- kop.curve_type = ECC_BINARY; -+ kop.curve_type = EC_BINARY; - } - - /* Calculation of Generator point */ -@@ -2773,7 +2768,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, - const EC_POINT *pub_key = NULL; - const BIGNUM *order = NULL; - const EC_GROUP *group = NULL; -- ec_curve_t ec_crv = EC_PRIME; -+ enum ec_curve_t ec_crv = EC_PRIME; - struct crypt_kop kop; - - memset(&kop, 0, sizeof kop); -@@ -2924,7 +2919,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, - else - goto err; - } -- kop.curve_type = ECC_BINARY; -+ kop.curve_type = EC_BINARY; - } - - /* Calculation of Generator point */ -@@ -3029,7 +3024,7 @@ static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst, - const BIGNUM *order = NULL, *priv_key = NULL; - const EC_GROUP *group = NULL; - struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); -- ec_curve_t ec_crv = EC_PRIME; -+ enum ec_curve_t ec_crv = EC_PRIME; - - if (!(sig->r = BN_new()) || !kop) - goto err; -@@ -3170,7 +3165,7 @@ static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst, - else - goto err; - } -- kop->curve_type = ECC_BINARY; -+ kop->curve_type = EC_BINARY; - } - - /* Calculation of Generator point */ -@@ -3250,7 +3245,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, - const EC_POINT *pub_key = NULL; - const BIGNUM *order = NULL; - const EC_GROUP *group = NULL; -- ec_curve_t ec_crv = EC_PRIME; -+ enum ec_curve_t ec_crv = EC_PRIME; - struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); - - if (!kop) -@@ -3397,7 +3392,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, - if (ec_crv == EC_BINARY) { - /* copy b' i.e c(b), instead of only b */ - eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab + q_len, q_len); -- kop->curve_type = ECC_BINARY; -+ kop->curve_type = EC_BINARY; - } - - /* Calculation of Generator point */ -@@ -3703,7 +3698,7 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen, - void *(*KDF) (const void *in, size_t inlen, - void *out, size_t *outlen)) - { -- ec_curve_t ec_crv = EC_PRIME; -+ enum ec_curve_t ec_crv = EC_PRIME; - unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; - BIGNUM *w_x = NULL, *w_y = NULL; - int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; -@@ -3833,9 +3828,9 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen, - else - goto err; - } -- kop.curve_type = ECC_BINARY; -+ kop.curve_type = EC_BINARY; - } else -- kop.curve_type = ECC_PRIME; -+ kop.curve_type = EC_PRIME; - - priv_key_len = r_len; - -@@ -3887,7 +3882,7 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen, - size_t *outlen), - struct pkc_cookie_s *cookie) - { -- ec_curve_t ec_crv = EC_PRIME; -+ enum ec_curve_t ec_crv = EC_PRIME; - unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; - BIGNUM *w_x = NULL, *w_y = NULL; - int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; -@@ -4018,9 +4013,9 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen, - else - goto err; - } -- kop->curve_type = ECC_BINARY; -+ kop->curve_type = EC_BINARY; - } else -- kop->curve_type = ECC_PRIME; -+ kop->curve_type = EC_PRIME; - - priv_key_len = r_len; - -diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h -index af54c51..41a8702 100644 ---- a/crypto/engine/eng_cryptodev_ec.h -+++ b/crypto/engine/eng_cryptodev_ec.h -@@ -287,11 +287,4 @@ static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y, - - return xy; - } -- --enum curve_t { -- DISCRETE_LOG, -- ECC_PRIME, -- ECC_BINARY, -- MAX_ECC_TYPE --}; - #endif --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch deleted file mode 100644 index d7fb223..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 82afed6364dfcced7458dbd2bda7932054078f04 Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Tue, 22 Apr 2014 22:58:33 +0545 -Subject: [PATCH 11/48] Modulus parameter is not populated by dhparams - -Upstream-status: Pending - -When dhparams are created, modulus parameter required for -private key generation is not populated. So, falling back -to software for proper population of modulus parameters followed -by private key generation - -Signed-off-by: Yashpal Dutta -Tested-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index afcf72b..2013746 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -3515,7 +3515,7 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie) - kop->crk_op = CRK_DH_GENERATE_KEY; - if (bn2crparam(dh->p, &kop->crk_param[0])) - goto sw_try; -- if (bn2crparam(dh->q, &kop->crk_param[1])) -+ if (!dh->q || bn2crparam(dh->q, &kop->crk_param[1])) - goto sw_try; - kop->crk_param[2].crp_p = g; - kop->crk_param[2].crp_nbits = g_len * 8; -@@ -3570,7 +3570,7 @@ static int cryptodev_dh_keygen(DH *dh) - kop.crk_op = CRK_DH_GENERATE_KEY; - if (bn2crparam(dh->p, &kop.crk_param[0])) - goto sw_try; -- if (bn2crparam(dh->q, &kop.crk_param[1])) -+ if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1])) - goto sw_try; - kop.crk_param[2].crp_p = g; - kop.crk_param[2].crp_nbits = g_len * 8; --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch deleted file mode 100644 index b665f7a..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch +++ /dev/null @@ -1,53 +0,0 @@ -From f7817245b35156ec2b15514c952db806140c6ebc Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Thu, 24 Apr 2014 00:35:34 +0545 -Subject: [PATCH 12/48] SW Backoff mechanism for dsa keygen - -Upstream-status: Pending - -DSA Keygen is not handled in default openssl dsa method. Due to -same null function pointer in SW DSA method, the backoff for dsa -keygen gives segmentation fault. - -Signed-off-by: Yashpal Dutta -Tested-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 2013746..a3a97d2 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -2188,8 +2188,10 @@ static int cryptodev_dsa_keygen(DSA *dsa) - return ret; - sw_try: - { -- const DSA_METHOD *meth = DSA_OpenSSL(); -- ret = (meth->dsa_keygen) (dsa); -+ const DSA_METHOD *meth = dsa->meth; -+ dsa->meth = DSA_OpenSSL(); -+ ret = DSA_generate_key(dsa); -+ dsa->meth = meth; - } - return ret; - } -@@ -2243,11 +2245,13 @@ static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie) - return ret; - sw_try: - { -- const DSA_METHOD *meth = DSA_OpenSSL(); -+ const DSA_METHOD *meth = dsa->meth; - -+ dsa->meth = DSA_OpenSSL(); - if (kop) - free(kop); -- ret = (meth->dsa_keygen) (dsa); -+ ret = DSA_generate_key(dsa); -+ dsa->meth = meth; - cookie->pkc_callback(cookie, 0); - } - return ret; --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch deleted file mode 100644 index 4f8fd4d..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch +++ /dev/null @@ -1,100 +0,0 @@ -From 0075a1d36133523a40efc66d6491a4f11aca87fd Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Thu, 1 May 2014 06:35:45 +0545 -Subject: [PATCH 13/48] Fixed DH keygen pair generator - -Upstream-status: Pending - -Wrong Padding results into keygen length error - -Signed-off-by: Yashpal Dutta -Tested-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 50 ++++++++++++++++++++++++++++--------------- - 1 file changed, 33 insertions(+), 17 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index a3a97d2..5a9f4b7 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -3547,44 +3547,60 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie) - static int cryptodev_dh_keygen(DH *dh) - { - struct crypt_kop kop; -- int ret = 1, g_len; -- unsigned char *g = NULL; -+ int ret = 1, q_len = 0; -+ unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL; -+ BIGNUM *pub_key = NULL, *priv_key = NULL; -+ int generate_new_key = 1; - -- if (dh->priv_key == NULL) { -- if ((dh->priv_key = BN_new()) == NULL) -- goto sw_try; -- } -+ if (dh->priv_key) -+ priv_key = dh->priv_key; - -- if (dh->pub_key == NULL) { -- if ((dh->pub_key = BN_new()) == NULL) -- goto sw_try; -- } -+ if (dh->pub_key) -+ pub_key = dh->pub_key; - -- g_len = BN_num_bytes(dh->p); -+ q_len = BN_num_bytes(dh->p); - /** - * Get generator into a plain buffer. If length is less than - * q_len then add leading padding bytes. - */ -- if (spcf_bn2bin_ex(dh->g, &g, &g_len)) { -+ if (spcf_bn2bin_ex(dh->g, &g, &q_len)) { -+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); -+ goto sw_try; -+ } -+ -+ if (spcf_bn2bin_ex(dh->p, &q, &q_len)) { - DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); - goto sw_try; - } - - memset(&kop, 0, sizeof kop); - kop.crk_op = CRK_DH_GENERATE_KEY; -- if (bn2crparam(dh->p, &kop.crk_param[0])) -- goto sw_try; -+ kop.crk_param[0].crp_p = q; -+ kop.crk_param[0].crp_nbits = q_len * 8; - if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1])) - goto sw_try; - kop.crk_param[2].crp_p = g; -- kop.crk_param[2].crp_nbits = g_len * 8; -+ kop.crk_param[2].crp_nbits = q_len * 8; - kop.crk_iparams = 3; - -+ s = OPENSSL_malloc(q_len); -+ if (!s) { -+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); -+ goto sw_try; -+ } -+ -+ w = OPENSSL_malloc(q_len); -+ if (!w) { -+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); -+ goto sw_try; -+ } -+ - /* pub_key is or prime length while priv key is of length of order */ -- if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key, -- BN_num_bytes(dh->q), dh->priv_key)) -+ if (cryptodev_asym(&kop, q_len, w, q_len, s)) - goto sw_try; - -+ dh->pub_key = BN_bin2bn(w, q_len, pub_key); -+ dh->pub_key = BN_bin2bn(s, q_len, priv_key); - return ret; - sw_try: - { --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch deleted file mode 100644 index 898499b..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch +++ /dev/null @@ -1,321 +0,0 @@ -From fcbd6199deb715b117153b7df00cdd4cdec44d79 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Mon, 16 Jun 2014 14:06:21 +0300 -Subject: [PATCH 14/48] cryptodev: add support for aes-gcm algorithm offloading - -Signed-off-by: Cristian Stoica ---- - apps/speed.c | 6 +- - crypto/engine/eng_cryptodev.c | 236 +++++++++++++++++++++++++++++++++++++++++- - 2 files changed, 240 insertions(+), 2 deletions(-) - -diff --git a/apps/speed.c b/apps/speed.c -index b862868..fd2a2a5 100644 ---- a/apps/speed.c -+++ b/apps/speed.c -@@ -226,7 +226,11 @@ - # endif - - # undef BUFSIZE --# define BUFSIZE ((long)1024*8+1) -+/* The buffer overhead allows GCM tag at the end of the encrypted data. This -+ avoids buffer overflows from cryptodev since Linux kernel GCM -+ implementation allways adds the tag - unlike e_aes.c:aes_gcm_cipher() -+ which doesn't */ -+#define BUFSIZE ((long)1024*8 + EVP_GCM_TLS_TAG_LEN) - static volatile int run = 0; - - static int mr = 0; -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 5a9f4b7..1754917 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -2,6 +2,7 @@ - * Copyright (c) 2002 Bob Beck - * Copyright (c) 2002 Theo de Raadt - * Copyright (c) 2002 Markus Friedl -+ * Copyright (c) 2013-2014 Freescale Semiconductor, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without -@@ -78,8 +79,10 @@ struct dev_crypto_state { - struct session_op d_sess; - int d_fd; - unsigned char *aad; -- unsigned int aad_len; -+ int aad_len; - unsigned int len; -+ unsigned char *iv; -+ int ivlen; - # ifdef USE_CRYPTODEV_DIGESTS - char dummy_mac_key[HASH_MAX_LEN]; - unsigned char digest_res[HASH_MAX_LEN]; -@@ -288,6 +291,9 @@ static struct { - CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20 - }, - { -+ CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0 -+ }, -+ { - 0, NID_undef, 0, 0, 0 - }, - }; -@@ -326,6 +332,22 @@ static struct { - }; - # endif - -+/* increment counter (64-bit int) by 1 */ -+static void ctr64_inc(unsigned char *counter) -+{ -+ int n = 8; -+ unsigned char c; -+ -+ do { -+ --n; -+ c = counter[n]; -+ ++c; -+ counter[n] = c; -+ if (c) -+ return; -+ } while (n); -+} -+ - /* - * Return a fd if /dev/crypto seems usable, 0 otherwise. - */ -@@ -808,6 +830,199 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, - } - } - -+static int cryptodev_init_gcm_key(EVP_CIPHER_CTX *ctx, -+ const unsigned char *key, -+ const unsigned char *iv, int enc) -+{ -+ struct dev_crypto_state *state = ctx->cipher_data; -+ struct session_op *sess = &state->d_sess; -+ int cipher = -1, i; -+ if (!iv && !key) -+ return 1; -+ -+ if (iv) -+ memcpy(ctx->iv, iv, ctx->cipher->iv_len); -+ -+ for (i = 0; ciphers[i].id; i++) -+ if (ctx->cipher->nid == ciphers[i].nid && -+ ctx->cipher->iv_len <= ciphers[i].ivmax && -+ ctx->key_len == ciphers[i].keylen) { -+ cipher = ciphers[i].id; -+ break; -+ } -+ -+ if (!ciphers[i].id) { -+ state->d_fd = -1; -+ return 0; -+ } -+ -+ memset(sess, 0, sizeof(struct session_op)); -+ -+ if ((state->d_fd = get_dev_crypto()) < 0) -+ return 0; -+ -+ sess->key = (unsigned char *)key; -+ sess->keylen = ctx->key_len; -+ sess->cipher = cipher; -+ -+ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { -+ put_dev_crypto(state->d_fd); -+ state->d_fd = -1; -+ return 0; -+ } -+ return 1; -+} -+ -+static int cryptodev_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -+ const unsigned char *in, size_t len) -+{ -+ struct crypt_auth_op cryp = { 0 }; -+ struct dev_crypto_state *state = ctx->cipher_data; -+ struct session_op *sess = &state->d_sess; -+ int rv = len; -+ -+ if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ? -+ EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV, -+ EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) -+ return 0; -+ -+ in += EVP_GCM_TLS_EXPLICIT_IV_LEN; -+ out += EVP_GCM_TLS_EXPLICIT_IV_LEN; -+ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; -+ -+ if (ctx->encrypt) { -+ len -= EVP_GCM_TLS_TAG_LEN; -+ } -+ cryp.ses = sess->ses; -+ cryp.len = len; -+ cryp.src = (unsigned char *)in; -+ cryp.dst = out; -+ cryp.auth_src = state->aad; -+ cryp.auth_len = state->aad_len; -+ cryp.iv = ctx->iv; -+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; -+ -+ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) { -+ return 0; -+ } -+ -+ if (ctx->encrypt) -+ ctr64_inc(state->iv + state->ivlen - 8); -+ else -+ rv = len - EVP_GCM_TLS_TAG_LEN; -+ -+ return rv; -+} -+ -+static int cryptodev_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -+ const unsigned char *in, size_t len) -+{ -+ struct crypt_auth_op cryp; -+ struct dev_crypto_state *state = ctx->cipher_data; -+ struct session_op *sess = &state->d_sess; -+ -+ if (state->d_fd < 0) -+ return 0; -+ -+ if ((len % ctx->cipher->block_size) != 0) -+ return 0; -+ -+ if (state->aad_len >= 0) -+ return cryptodev_gcm_tls_cipher(ctx, out, in, len); -+ -+ memset(&cryp, 0, sizeof(cryp)); -+ -+ cryp.ses = sess->ses; -+ cryp.len = len; -+ cryp.src = (unsigned char *)in; -+ cryp.dst = out; -+ cryp.auth_src = NULL; -+ cryp.auth_len = 0; -+ cryp.iv = ctx->iv; -+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; -+ -+ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) { -+ return 0; -+ } -+ -+ return len; -+} -+ -+static int cryptodev_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, -+ void *ptr) -+{ -+ struct dev_crypto_state *state = ctx->cipher_data; -+ switch (type) { -+ case EVP_CTRL_INIT: -+ { -+ state->ivlen = ctx->cipher->iv_len; -+ state->iv = ctx->iv; -+ state->aad_len = -1; -+ return 1; -+ } -+ case EVP_CTRL_GCM_SET_IV_FIXED: -+ { -+ /* Special case: -1 length restores whole IV */ -+ if (arg == -1) { -+ memcpy(state->iv, ptr, state->ivlen); -+ return 1; -+ } -+ /* -+ * Fixed field must be at least 4 bytes and invocation field at -+ * least 8. -+ */ -+ if ((arg < 4) || (state->ivlen - arg) < 8) -+ return 0; -+ if (arg) -+ memcpy(state->iv, ptr, arg); -+ if (ctx->encrypt && -+ RAND_bytes(state->iv + arg, state->ivlen - arg) <= 0) -+ return 0; -+ return 1; -+ } -+ case EVP_CTRL_AEAD_TLS1_AAD: -+ { -+ unsigned int len; -+ if (arg != 13) -+ return 0; -+ -+ memcpy(ctx->buf, ptr, arg); -+ len = ctx->buf[arg - 2] << 8 | ctx->buf[arg - 1]; -+ -+ /* Correct length for explicit IV */ -+ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; -+ -+ /* If decrypting correct for tag too */ -+ if (!ctx->encrypt) -+ len -= EVP_GCM_TLS_TAG_LEN; -+ -+ ctx->buf[arg - 2] = len >> 8; -+ ctx->buf[arg - 1] = len & 0xff; -+ -+ state->aad = ctx->buf; -+ state->aad_len = arg; -+ state->len = len; -+ -+ /* Extra padding: tag appended to record */ -+ return EVP_GCM_TLS_TAG_LEN; -+ } -+ case EVP_CTRL_GCM_SET_IV_INV: -+ { -+ if (ctx->encrypt) -+ return 0; -+ memcpy(state->iv + state->ivlen - arg, ptr, arg); -+ return 1; -+ } -+ case EVP_CTRL_GCM_IV_GEN: -+ if (arg <= 0 || arg > state->ivlen) -+ arg = state->ivlen; -+ memcpy(ptr, state->iv + state->ivlen - arg, arg); -+ return 1; -+ default: -+ return -1; -+ } -+} -+ - /* - * libcrypto EVP stuff - this is how we get wired to EVP so the engine - * gets called when libcrypto requests a cipher NID. -@@ -948,6 +1163,22 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = { - NULL - }; - -+const EVP_CIPHER cryptodev_aes_128_gcm = { -+ NID_aes_128_gcm, -+ 1, 16, 12, -+ EVP_CIPH_GCM_MODE | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1 -+ | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER -+ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT, -+ cryptodev_init_gcm_key, -+ cryptodev_gcm_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_gcm_ctrl, -+ NULL -+}; -+ - # ifdef CRYPTO_AES_CTR - const EVP_CIPHER cryptodev_aes_ctr = { - NID_aes_128_ctr, -@@ -1042,6 +1273,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - case NID_aes_256_cbc_hmac_sha1: - *cipher = &cryptodev_aes_256_cbc_hmac_sha1; - break; -+ case NID_aes_128_gcm: -+ *cipher = &cryptodev_aes_128_gcm; -+ break; - default: - *cipher = NULL; - break; --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch deleted file mode 100644 index c1201f2..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch +++ /dev/null @@ -1,199 +0,0 @@ -From 6094ec91a5b8dde4bc3a7928b7cb6c81cac8a169 Mon Sep 17 00:00:00 2001 -From: Tudor Ambarus -Date: Fri, 9 May 2014 17:54:06 +0300 -Subject: [PATCH 15/48] eng_cryptodev: extend TLS offload with - 3des_cbc_hmac_sha1 - -Both obj_mac.h and obj_dat.h were generated using the scripts -from crypto/objects: - -$ cd crypto/objects -$ perl objects.pl objects.txt obj_mac.num obj_mac.h -$ perl obj_dat.pl obj_mac.h obj_dat.h - -Signed-off-by: Tudor Ambarus -Signed-off-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 26 ++++++++++++++++++++++++++ - crypto/objects/obj_dat.h | 10 +++++++--- - crypto/objects/obj_mac.h | 4 ++++ - crypto/objects/obj_mac.num | 1 + - crypto/objects/objects.txt | 1 + - ssl/ssl_ciph.c | 4 ++++ - 6 files changed, 43 insertions(+), 3 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 1754917..ae644b9 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -133,6 +133,7 @@ static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, - static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, - void (*f) (void)); - void ENGINE_load_cryptodev(void); -+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1; - const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; - const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; - -@@ -285,6 +286,9 @@ static struct { - CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0 - }, - { -+ CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20 -+ }, -+ { - CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20 - }, - { -@@ -520,6 +524,9 @@ static int cryptodev_usable_ciphers(const int **nids) - case NID_aes_256_cbc_hmac_sha1: - EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); - break; -+ case NID_des_ede3_cbc_hmac_sha1: -+ EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1); -+ break; - } - } - return count; -@@ -624,6 +631,7 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - switch (ctx->cipher->nid) { - case NID_aes_128_cbc_hmac_sha1: - case NID_aes_256_cbc_hmac_sha1: -+ case NID_des_ede3_cbc_hmac_sha1: - cryp.flags = COP_FLAG_AEAD_TLS_TYPE; - } - cryp.ses = sess->ses; -@@ -814,6 +822,7 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, - switch (ctx->cipher->nid) { - case NID_aes_128_cbc_hmac_sha1: - case NID_aes_256_cbc_hmac_sha1: -+ case NID_des_ede3_cbc_hmac_sha1: - maclen = SHA_DIGEST_LENGTH; - } - -@@ -1135,6 +1144,20 @@ const EVP_CIPHER cryptodev_aes_256_cbc = { - NULL - }; - -+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1 = { -+ NID_des_ede3_cbc_hmac_sha1, -+ 8, 24, 8, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, -+ cryptodev_init_aead_key, -+ cryptodev_aead_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_cbc_hmac_sha1_ctrl, -+ NULL -+}; -+ - const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = { - NID_aes_128_cbc_hmac_sha1, - 16, 16, 16, -@@ -1256,6 +1279,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - case NID_aes_256_cbc: - *cipher = &cryptodev_aes_256_cbc; - break; -+ case NID_des_ede3_cbc_hmac_sha1: -+ *cipher = &cryptodev_3des_cbc_hmac_sha1; -+ break; - # ifdef CRYPTO_AES_CTR - case NID_aes_128_ctr: - *cipher = &cryptodev_aes_ctr; -diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h -index b7e3cf2..35d1abc 100644 ---- a/crypto/objects/obj_dat.h -+++ b/crypto/objects/obj_dat.h -@@ -62,9 +62,9 @@ - * [including the GNU Public Licence.] - */ - --#define NUM_NID 958 --#define NUM_SN 951 --#define NUM_LN 951 -+#define NUM_NID 959 -+#define NUM_SN 952 -+#define NUM_LN 952 - #define NUM_OBJ 890 - - static const unsigned char lvalues[6255]={ -@@ -2514,6 +2514,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ - NID_jurisdictionStateOrProvinceName,11,&(lvalues[6232]),0}, - {"jurisdictionC","jurisdictionCountryName", - NID_jurisdictionCountryName,11,&(lvalues[6243]),0}, -+{"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1", -+ NID_des_ede3_cbc_hmac_sha1,0,NULL,0}, - }; - - static const unsigned int sn_objs[NUM_SN]={ -@@ -2592,6 +2594,7 @@ static const unsigned int sn_objs[NUM_SN]={ - 62, /* "DES-EDE-OFB" */ - 33, /* "DES-EDE3" */ - 44, /* "DES-EDE3-CBC" */ -+958, /* "DES-EDE3-CBC-HMAC-SHA1" */ - 61, /* "DES-EDE3-CFB" */ - 658, /* "DES-EDE3-CFB1" */ - 659, /* "DES-EDE3-CFB8" */ -@@ -3760,6 +3763,7 @@ static const unsigned int ln_objs[NUM_LN]={ - 62, /* "des-ede-ofb" */ - 33, /* "des-ede3" */ - 44, /* "des-ede3-cbc" */ -+958, /* "des-ede3-cbc-hmac-sha1" */ - 61, /* "des-ede3-cfb" */ - 658, /* "des-ede3-cfb1" */ - 659, /* "des-ede3-cfb8" */ -diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h -index 779c309..cb318bc 100644 ---- a/crypto/objects/obj_mac.h -+++ b/crypto/objects/obj_mac.h -@@ -4047,6 +4047,10 @@ - #define LN_aes_256_cbc_hmac_sha256 "aes-256-cbc-hmac-sha256" - #define NID_aes_256_cbc_hmac_sha256 950 - -+#define SN_des_ede3_cbc_hmac_sha1 "DES-EDE3-CBC-HMAC-SHA1" -+#define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1" -+#define NID_des_ede3_cbc_hmac_sha1 958 -+ - #define SN_dhpublicnumber "dhpublicnumber" - #define LN_dhpublicnumber "X9.42 DH" - #define NID_dhpublicnumber 920 -diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num -index 8e5ea83..02d1bb8 100644 ---- a/crypto/objects/obj_mac.num -+++ b/crypto/objects/obj_mac.num -@@ -955,3 +955,4 @@ ct_cert_scts 954 - jurisdictionLocalityName 955 - jurisdictionStateOrProvinceName 956 - jurisdictionCountryName 957 -+des_ede3_cbc_hmac_sha1 958 -diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt -index b57aabb..4e1ff18 100644 ---- a/crypto/objects/objects.txt -+++ b/crypto/objects/objects.txt -@@ -1294,6 +1294,7 @@ kisa 1 6 : SEED-OFB : seed-ofb - : AES-128-CBC-HMAC-SHA256 : aes-128-cbc-hmac-sha256 - : AES-192-CBC-HMAC-SHA256 : aes-192-cbc-hmac-sha256 - : AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256 -+ : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1 - - ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH - -diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index 2ad8f43..fdf6be9 100644 ---- a/ssl/ssl_ciph.c -+++ b/ssl/ssl_ciph.c -@@ -668,6 +668,10 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, - c->algorithm_mac == SSL_SHA256 && - (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256"))) - *enc = evp, *md = NULL; -+ else if (c->algorithm_enc == SSL_3DES && -+ c->algorithm_mac == SSL_SHA1 && -+ (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1"))) -+ *enc = evp, *md = NULL; - return (1); - } else - return (0); --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch deleted file mode 100644 index d6b72b5..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch +++ /dev/null @@ -1,338 +0,0 @@ -From 4a229203e276283cb894b08b2607204a647d7594 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Fri, 22 Jan 2016 11:58:34 +0200 -Subject: [PATCH 16/48] eng_cryptodev: add support for TLSv1.1 record offload - -Supported cipher suites: -- 3des-ede-cbc-sha -- aes-128-cbc-hmac-sha -- aes-256-cbc-hmac-sha - -Requires TLS patches on cryptodev and TLS algorithm support in Linux -kernel driver. - -Signed-off-by: Tudor Ambarus -Signed-off-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 96 ++++++++++++++++++++++++++++++++++++++++++- - crypto/objects/obj_dat.h | 18 ++++++-- - crypto/objects/obj_mac.h | 12 ++++++ - crypto/objects/obj_mac.num | 3 ++ - crypto/objects/objects.txt | 3 ++ - ssl/ssl_ciph.c | 28 ++++++++++--- - 6 files changed, 151 insertions(+), 9 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index ae644b9..80b20e5 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -67,6 +67,7 @@ void ENGINE_load_cryptodev(void) - # include - # include - # include -+# include - # include - # include - # include -@@ -136,6 +137,9 @@ void ENGINE_load_cryptodev(void); - const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1; - const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; - const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; -+const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1; -+const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1; -+const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1; - - inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) - { -@@ -295,6 +299,18 @@ static struct { - CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20 - }, - { -+ CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8, -+ 24, 20 -+ }, -+ { -+ CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16, -+ 20 -+ }, -+ { -+ CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32, -+ 20 -+ }, -+ { - CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0 - }, - { -@@ -527,6 +543,15 @@ static int cryptodev_usable_ciphers(const int **nids) - case NID_des_ede3_cbc_hmac_sha1: - EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1); - break; -+ case NID_tls11_des_ede3_cbc_hmac_sha1: -+ EVP_add_cipher(&cryptodev_tls11_3des_cbc_hmac_sha1); -+ break; -+ case NID_tls11_aes_128_cbc_hmac_sha1: -+ EVP_add_cipher(&cryptodev_tls11_aes_128_cbc_hmac_sha1); -+ break; -+ case NID_tls11_aes_256_cbc_hmac_sha1: -+ EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1); -+ break; - } - } - return count; -@@ -632,6 +657,9 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - case NID_aes_128_cbc_hmac_sha1: - case NID_aes_256_cbc_hmac_sha1: - case NID_des_ede3_cbc_hmac_sha1: -+ case NID_tls11_des_ede3_cbc_hmac_sha1: -+ case NID_tls11_aes_128_cbc_hmac_sha1: -+ case NID_tls11_aes_256_cbc_hmac_sha1: - cryp.flags = COP_FLAG_AEAD_TLS_TYPE; - } - cryp.ses = sess->ses; -@@ -811,8 +839,9 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, - struct dev_crypto_state *state = ctx->cipher_data; - unsigned char *p = ptr; - unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1]; -- unsigned int maclen, padlen; -+ unsigned int maclen, padlen, len; - unsigned int bs = ctx->cipher->block_size; -+ bool aad_needs_fix = false; - - state->aad = ptr; - state->aad_len = arg; -@@ -824,6 +853,20 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, - case NID_aes_256_cbc_hmac_sha1: - case NID_des_ede3_cbc_hmac_sha1: - maclen = SHA_DIGEST_LENGTH; -+ break; -+ case NID_tls11_des_ede3_cbc_hmac_sha1: -+ case NID_tls11_aes_128_cbc_hmac_sha1: -+ case NID_tls11_aes_256_cbc_hmac_sha1: -+ maclen = SHA_DIGEST_LENGTH; -+ aad_needs_fix = true; -+ break; -+ } -+ -+ /* Correct length for AAD Length field */ -+ if (ctx->encrypt && aad_needs_fix) { -+ len = cryptlen - bs; -+ p[arg - 2] = len >> 8; -+ p[arg - 1] = len & 0xff; - } - - /* space required for encryption (not only TLS padding) */ -@@ -1186,6 +1229,48 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = { - NULL - }; - -+const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1 = { -+ NID_tls11_des_ede3_cbc_hmac_sha1, -+ 8, 24, 8, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, -+ cryptodev_init_aead_key, -+ cryptodev_aead_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_cbc_hmac_sha1_ctrl, -+ NULL -+}; -+ -+const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1 = { -+ NID_tls11_aes_128_cbc_hmac_sha1, -+ 16, 16, 16, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, -+ cryptodev_init_aead_key, -+ cryptodev_aead_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_cbc_hmac_sha1_ctrl, -+ NULL -+}; -+ -+const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = { -+ NID_tls11_aes_256_cbc_hmac_sha1, -+ 16, 32, 16, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, -+ cryptodev_init_aead_key, -+ cryptodev_aead_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_cbc_hmac_sha1_ctrl, -+ NULL -+}; -+ - const EVP_CIPHER cryptodev_aes_128_gcm = { - NID_aes_128_gcm, - 1, 16, 12, -@@ -1299,6 +1384,15 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - case NID_aes_256_cbc_hmac_sha1: - *cipher = &cryptodev_aes_256_cbc_hmac_sha1; - break; -+ case NID_tls11_des_ede3_cbc_hmac_sha1: -+ *cipher = &cryptodev_tls11_3des_cbc_hmac_sha1; -+ break; -+ case NID_tls11_aes_128_cbc_hmac_sha1: -+ *cipher = &cryptodev_tls11_aes_128_cbc_hmac_sha1; -+ break; -+ case NID_tls11_aes_256_cbc_hmac_sha1: -+ *cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1; -+ break; - case NID_aes_128_gcm: - *cipher = &cryptodev_aes_128_gcm; - break; -diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h -index 35d1abc..4dd32a1 100644 ---- a/crypto/objects/obj_dat.h -+++ b/crypto/objects/obj_dat.h -@@ -62,9 +62,9 @@ - * [including the GNU Public Licence.] - */ - --#define NUM_NID 959 --#define NUM_SN 952 --#define NUM_LN 952 -+#define NUM_NID 962 -+#define NUM_SN 955 -+#define NUM_LN 955 - #define NUM_OBJ 890 - - static const unsigned char lvalues[6255]={ -@@ -2516,6 +2516,12 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ - NID_jurisdictionCountryName,11,&(lvalues[6243]),0}, - {"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1", - NID_des_ede3_cbc_hmac_sha1,0,NULL,0}, -+{"TLS11-DES-EDE3-CBC-HMAC-SHA1","tls11-des-ede3-cbc-hmac-sha1", -+ NID_tls11_des_ede3_cbc_hmac_sha1,0,NULL,0}, -+{"TLS11-AES-128-CBC-HMAC-SHA1","tls11-aes-128-cbc-hmac-sha1", -+ NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0}, -+{"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1", -+ NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0}, - }; - - static const unsigned int sn_objs[NUM_SN]={ -@@ -2705,6 +2711,9 @@ static const unsigned int sn_objs[NUM_SN]={ - 100, /* "SN" */ - 16, /* "ST" */ - 143, /* "SXNetID" */ -+960, /* "TLS11-AES-128-CBC-HMAC-SHA1" */ -+961, /* "TLS11-AES-256-CBC-HMAC-SHA1" */ -+959, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */ - 458, /* "UID" */ - 0, /* "UNDEF" */ - 11, /* "X500" */ -@@ -4396,6 +4405,9 @@ static const unsigned int ln_objs[NUM_LN]={ - 459, /* "textEncodedORAddress" */ - 293, /* "textNotice" */ - 106, /* "title" */ -+960, /* "tls11-aes-128-cbc-hmac-sha1" */ -+961, /* "tls11-aes-256-cbc-hmac-sha1" */ -+959, /* "tls11-des-ede3-cbc-hmac-sha1" */ - 682, /* "tpBasis" */ - 436, /* "ucl" */ - 0, /* "undefined" */ -diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h -index cb318bc..5930563 100644 ---- a/crypto/objects/obj_mac.h -+++ b/crypto/objects/obj_mac.h -@@ -4051,6 +4051,18 @@ - #define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1" - #define NID_des_ede3_cbc_hmac_sha1 958 - -+#define SN_tls11_des_ede3_cbc_hmac_sha1 "TLS11-DES-EDE3-CBC-HMAC-SHA1" -+#define LN_tls11_des_ede3_cbc_hmac_sha1 "tls11-des-ede3-cbc-hmac-sha1" -+#define NID_tls11_des_ede3_cbc_hmac_sha1 959 -+ -+#define SN_tls11_aes_128_cbc_hmac_sha1 "TLS11-AES-128-CBC-HMAC-SHA1" -+#define LN_tls11_aes_128_cbc_hmac_sha1 "tls11-aes-128-cbc-hmac-sha1" -+#define NID_tls11_aes_128_cbc_hmac_sha1 960 -+ -+#define SN_tls11_aes_256_cbc_hmac_sha1 "TLS11-AES-256-CBC-HMAC-SHA1" -+#define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1" -+#define NID_tls11_aes_256_cbc_hmac_sha1 961 -+ - #define SN_dhpublicnumber "dhpublicnumber" - #define LN_dhpublicnumber "X9.42 DH" - #define NID_dhpublicnumber 920 -diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num -index 02d1bb8..02f1728 100644 ---- a/crypto/objects/obj_mac.num -+++ b/crypto/objects/obj_mac.num -@@ -956,3 +956,6 @@ jurisdictionLocalityName 955 - jurisdictionStateOrProvinceName 956 - jurisdictionCountryName 957 - des_ede3_cbc_hmac_sha1 958 -+tls11_des_ede3_cbc_hmac_sha1 959 -+tls11_aes_128_cbc_hmac_sha1 960 -+tls11_aes_256_cbc_hmac_sha1 961 -diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt -index 4e1ff18..cda81da 100644 ---- a/crypto/objects/objects.txt -+++ b/crypto/objects/objects.txt -@@ -1295,6 +1295,9 @@ kisa 1 6 : SEED-OFB : seed-ofb - : AES-192-CBC-HMAC-SHA256 : aes-192-cbc-hmac-sha256 - : AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256 - : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1 -+ : TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1 -+ : TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1 -+ : TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1 - - ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH - -diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index fdf6be9..b4af7dc 100644 ---- a/ssl/ssl_ciph.c -+++ b/ssl/ssl_ciph.c -@@ -652,11 +652,13 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, - c->algorithm_mac == SSL_MD5 && - (evp = EVP_get_cipherbyname("RC4-HMAC-MD5"))) - *enc = evp, *md = NULL; -- else if (c->algorithm_enc == SSL_AES128 && -+ else if (s->ssl_version == TLS1_VERSION && -+ c->algorithm_enc == SSL_AES128 && - c->algorithm_mac == SSL_SHA1 && - (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) - *enc = evp, *md = NULL; -- else if (c->algorithm_enc == SSL_AES256 && -+ else if (s->ssl_version == TLS1_VERSION && -+ c->algorithm_enc == SSL_AES256 && - c->algorithm_mac == SSL_SHA1 && - (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) - *enc = evp, *md = NULL; -@@ -668,9 +670,25 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, - c->algorithm_mac == SSL_SHA256 && - (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256"))) - *enc = evp, *md = NULL; -- else if (c->algorithm_enc == SSL_3DES && -- c->algorithm_mac == SSL_SHA1 && -- (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1"))) -+ else if (s->ssl_version == TLS1_VERSION && -+ c->algorithm_enc == SSL_3DES && -+ c->algorithm_mac == SSL_SHA1 && -+ (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1"))) -+ *enc = evp, *md = NULL; -+ else if (s->ssl_version == TLS1_1_VERSION && -+ c->algorithm_enc == SSL_3DES && -+ c->algorithm_mac == SSL_SHA1 && -+ (evp = EVP_get_cipherbyname("TLS11-DES-EDE3-CBC-HMAC-SHA1"))) -+ *enc = evp, *md = NULL; -+ else if (s->ssl_version == TLS1_1_VERSION && -+ c->algorithm_enc == SSL_AES128 && -+ c->algorithm_mac == SSL_SHA1 && -+ (evp = EVP_get_cipherbyname("TLS11-AES-128-CBC-HMAC-SHA1"))) -+ *enc = evp, *md = NULL; -+ else if (s->ssl_version == TLS1_1_VERSION && -+ c->algorithm_enc == SSL_AES256 && -+ c->algorithm_mac == SSL_SHA1 && -+ (evp = EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1"))) - *enc = evp, *md = NULL; - return (1); - } else --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch deleted file mode 100644 index 3034894..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch +++ /dev/null @@ -1,377 +0,0 @@ -From 0103fb8e6fc412462968224ec9315609c54eccc1 Mon Sep 17 00:00:00 2001 -From: Tudor Ambarus -Date: Tue, 31 Mar 2015 16:32:35 +0300 -Subject: [PATCH 17/48] eng_cryptodev: add support for TLSv1.2 record offload - -Supported cipher suites: -- 3des-ede-cbc-sha -- aes-128-cbc-hmac-sha -- aes-256-cbc-hmac-sha -- aes-128-cbc-hmac-sha256 -- aes-256-cbc-hmac-sha256 - -Requires TLS patches on cryptodev and TLS algorithm support in Linux -kernel driver. - -Signed-off-by: Tudor Ambarus -Tested-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 138 ++++++++++++++++++++++++++++++++++++++++++ - crypto/objects/obj_dat.h | 26 +++++++- - crypto/objects/obj_mac.h | 20 ++++++ - crypto/objects/obj_mac.num | 5 ++ - crypto/objects/objects.txt | 5 ++ - ssl/ssl_ciph.c | 25 ++++++++ - 6 files changed, 216 insertions(+), 3 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 80b20e5..455868e 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -140,6 +140,11 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; - const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1; - const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1; - const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1; -+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1; -+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1; -+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1; -+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256; -+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256; - - inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) - { -@@ -311,6 +316,26 @@ static struct { - 20 - }, - { -+ CRYPTO_TLS12_3DES_CBC_HMAC_SHA1, NID_tls12_des_ede3_cbc_hmac_sha1, 8, -+ 24, 20 -+ }, -+ { -+ CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_128_cbc_hmac_sha1, 16, 16, -+ 20 -+ }, -+ { -+ CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_256_cbc_hmac_sha1, 16, 32, -+ 20 -+ }, -+ { -+ CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_128_cbc_hmac_sha256, 16, -+ 16, 32 -+ }, -+ { -+ CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_256_cbc_hmac_sha256, 16, -+ 32, 32 -+ }, -+ { - CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0 - }, - { -@@ -552,6 +577,21 @@ static int cryptodev_usable_ciphers(const int **nids) - case NID_tls11_aes_256_cbc_hmac_sha1: - EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1); - break; -+ case NID_tls12_des_ede3_cbc_hmac_sha1: -+ EVP_add_cipher(&cryptodev_tls12_3des_cbc_hmac_sha1); -+ break; -+ case NID_tls12_aes_128_cbc_hmac_sha1: -+ EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha1); -+ break; -+ case NID_tls12_aes_256_cbc_hmac_sha1: -+ EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha1); -+ break; -+ case NID_tls12_aes_128_cbc_hmac_sha256: -+ EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha256); -+ break; -+ case NID_tls12_aes_256_cbc_hmac_sha256: -+ EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha256); -+ break; - } - } - return count; -@@ -660,6 +700,11 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - case NID_tls11_des_ede3_cbc_hmac_sha1: - case NID_tls11_aes_128_cbc_hmac_sha1: - case NID_tls11_aes_256_cbc_hmac_sha1: -+ case NID_tls12_des_ede3_cbc_hmac_sha1: -+ case NID_tls12_aes_128_cbc_hmac_sha1: -+ case NID_tls12_aes_256_cbc_hmac_sha1: -+ case NID_tls12_aes_128_cbc_hmac_sha256: -+ case NID_tls12_aes_256_cbc_hmac_sha256: - cryp.flags = COP_FLAG_AEAD_TLS_TYPE; - } - cryp.ses = sess->ses; -@@ -857,9 +902,17 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, - case NID_tls11_des_ede3_cbc_hmac_sha1: - case NID_tls11_aes_128_cbc_hmac_sha1: - case NID_tls11_aes_256_cbc_hmac_sha1: -+ case NID_tls12_des_ede3_cbc_hmac_sha1: -+ case NID_tls12_aes_128_cbc_hmac_sha1: -+ case NID_tls12_aes_256_cbc_hmac_sha1: - maclen = SHA_DIGEST_LENGTH; - aad_needs_fix = true; - break; -+ case NID_tls12_aes_128_cbc_hmac_sha256: -+ case NID_tls12_aes_256_cbc_hmac_sha256: -+ maclen = SHA256_DIGEST_LENGTH; -+ aad_needs_fix = true; -+ break; - } - - /* Correct length for AAD Length field */ -@@ -1271,6 +1324,76 @@ const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = { - NULL - }; - -+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1 = { -+ NID_tls12_des_ede3_cbc_hmac_sha1, -+ 8, 24, 8, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, -+ cryptodev_init_aead_key, -+ cryptodev_aead_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_cbc_hmac_sha1_ctrl, -+ NULL -+}; -+ -+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1 = { -+ NID_tls12_aes_128_cbc_hmac_sha1, -+ 16, 16, 16, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, -+ cryptodev_init_aead_key, -+ cryptodev_aead_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_cbc_hmac_sha1_ctrl, -+ NULL -+}; -+ -+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1 = { -+ NID_tls12_aes_256_cbc_hmac_sha1, -+ 16, 32, 16, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, -+ cryptodev_init_aead_key, -+ cryptodev_aead_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_cbc_hmac_sha1_ctrl, -+ NULL -+}; -+ -+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256 = { -+ NID_tls12_aes_128_cbc_hmac_sha256, -+ 16, 16, 16, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, -+ cryptodev_init_aead_key, -+ cryptodev_aead_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_cbc_hmac_sha1_ctrl, -+ NULL -+}; -+ -+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256 = { -+ NID_tls12_aes_256_cbc_hmac_sha256, -+ 16, 32, 16, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, -+ cryptodev_init_aead_key, -+ cryptodev_aead_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_cbc_hmac_sha1_ctrl, -+ NULL -+}; -+ - const EVP_CIPHER cryptodev_aes_128_gcm = { - NID_aes_128_gcm, - 1, 16, 12, -@@ -1396,6 +1519,21 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - case NID_aes_128_gcm: - *cipher = &cryptodev_aes_128_gcm; - break; -+ case NID_tls12_des_ede3_cbc_hmac_sha1: -+ *cipher = &cryptodev_tls12_3des_cbc_hmac_sha1; -+ break; -+ case NID_tls12_aes_128_cbc_hmac_sha1: -+ *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha1; -+ break; -+ case NID_tls12_aes_256_cbc_hmac_sha1: -+ *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha1; -+ break; -+ case NID_tls12_aes_128_cbc_hmac_sha256: -+ *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha256; -+ break; -+ case NID_tls12_aes_256_cbc_hmac_sha256: -+ *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha256; -+ break; - default: - *cipher = NULL; - break; -diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h -index 4dd32a1..e3a2505 100644 ---- a/crypto/objects/obj_dat.h -+++ b/crypto/objects/obj_dat.h -@@ -62,9 +62,9 @@ - * [including the GNU Public Licence.] - */ - --#define NUM_NID 962 --#define NUM_SN 955 --#define NUM_LN 955 -+#define NUM_NID 967 -+#define NUM_SN 960 -+#define NUM_LN 960 - #define NUM_OBJ 890 - - static const unsigned char lvalues[6255]={ -@@ -2522,6 +2522,16 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ - NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0}, - {"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1", - NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0}, -+{"TLS12-DES-EDE3-CBC-HMAC-SHA1","tls12-des-ede3-cbc-hmac-sha1", -+ NID_tls12_des_ede3_cbc_hmac_sha1,0,NULL,0}, -+{"TLS12-AES-128-CBC-HMAC-SHA1","tls12-aes-128-cbc-hmac-sha1", -+ NID_tls12_aes_128_cbc_hmac_sha1,0,NULL,0}, -+{"TLS12-AES-256-CBC-HMAC-SHA1","tls12-aes-256-cbc-hmac-sha1", -+ NID_tls12_aes_256_cbc_hmac_sha1,0,NULL,0}, -+{"TLS12-AES-128-CBC-HMAC-SHA256","tls12-aes-128-cbc-hmac-sha256", -+ NID_tls12_aes_128_cbc_hmac_sha256,0,NULL,0}, -+{"TLS12-AES-256-CBC-HMAC-SHA256","tls12-aes-256-cbc-hmac-sha256", -+ NID_tls12_aes_256_cbc_hmac_sha256,0,NULL,0}, - }; - - static const unsigned int sn_objs[NUM_SN]={ -@@ -2714,6 +2724,11 @@ static const unsigned int sn_objs[NUM_SN]={ - 960, /* "TLS11-AES-128-CBC-HMAC-SHA1" */ - 961, /* "TLS11-AES-256-CBC-HMAC-SHA1" */ - 959, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */ -+963, /* "TLS12-AES-128-CBC-HMAC-SHA1" */ -+965, /* "TLS12-AES-128-CBC-HMAC-SHA256" */ -+964, /* "TLS12-AES-256-CBC-HMAC-SHA1" */ -+966, /* "TLS12-AES-256-CBC-HMAC-SHA256" */ -+962, /* "TLS12-DES-EDE3-CBC-HMAC-SHA1" */ - 458, /* "UID" */ - 0, /* "UNDEF" */ - 11, /* "X500" */ -@@ -4408,6 +4423,11 @@ static const unsigned int ln_objs[NUM_LN]={ - 960, /* "tls11-aes-128-cbc-hmac-sha1" */ - 961, /* "tls11-aes-256-cbc-hmac-sha1" */ - 959, /* "tls11-des-ede3-cbc-hmac-sha1" */ -+963, /* "tls12-aes-128-cbc-hmac-sha1" */ -+965, /* "tls12-aes-128-cbc-hmac-sha256" */ -+964, /* "tls12-aes-256-cbc-hmac-sha1" */ -+966, /* "tls12-aes-256-cbc-hmac-sha256" */ -+962, /* "tls12-des-ede3-cbc-hmac-sha1" */ - 682, /* "tpBasis" */ - 436, /* "ucl" */ - 0, /* "undefined" */ -diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h -index 5930563..f4a81cb 100644 ---- a/crypto/objects/obj_mac.h -+++ b/crypto/objects/obj_mac.h -@@ -4063,6 +4063,26 @@ - #define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1" - #define NID_tls11_aes_256_cbc_hmac_sha1 961 - -+#define SN_tls12_des_ede3_cbc_hmac_sha1 "TLS12-DES-EDE3-CBC-HMAC-SHA1" -+#define LN_tls12_des_ede3_cbc_hmac_sha1 "tls12-des-ede3-cbc-hmac-sha1" -+#define NID_tls12_des_ede3_cbc_hmac_sha1 962 -+ -+#define SN_tls12_aes_128_cbc_hmac_sha1 "TLS12-AES-128-CBC-HMAC-SHA1" -+#define LN_tls12_aes_128_cbc_hmac_sha1 "tls12-aes-128-cbc-hmac-sha1" -+#define NID_tls12_aes_128_cbc_hmac_sha1 963 -+ -+#define SN_tls12_aes_256_cbc_hmac_sha1 "TLS12-AES-256-CBC-HMAC-SHA1" -+#define LN_tls12_aes_256_cbc_hmac_sha1 "tls12-aes-256-cbc-hmac-sha1" -+#define NID_tls12_aes_256_cbc_hmac_sha1 964 -+ -+#define SN_tls12_aes_128_cbc_hmac_sha256 "TLS12-AES-128-CBC-HMAC-SHA256" -+#define LN_tls12_aes_128_cbc_hmac_sha256 "tls12-aes-128-cbc-hmac-sha256" -+#define NID_tls12_aes_128_cbc_hmac_sha256 965 -+ -+#define SN_tls12_aes_256_cbc_hmac_sha256 "TLS12-AES-256-CBC-HMAC-SHA256" -+#define LN_tls12_aes_256_cbc_hmac_sha256 "tls12-aes-256-cbc-hmac-sha256" -+#define NID_tls12_aes_256_cbc_hmac_sha256 966 -+ - #define SN_dhpublicnumber "dhpublicnumber" - #define LN_dhpublicnumber "X9.42 DH" - #define NID_dhpublicnumber 920 -diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num -index 02f1728..401be03 100644 ---- a/crypto/objects/obj_mac.num -+++ b/crypto/objects/obj_mac.num -@@ -959,3 +959,8 @@ des_ede3_cbc_hmac_sha1 958 - tls11_des_ede3_cbc_hmac_sha1 959 - tls11_aes_128_cbc_hmac_sha1 960 - tls11_aes_256_cbc_hmac_sha1 961 -+tls12_des_ede3_cbc_hmac_sha1 962 -+tls12_aes_128_cbc_hmac_sha1 963 -+tls12_aes_256_cbc_hmac_sha1 964 -+tls12_aes_128_cbc_hmac_sha256 965 -+tls12_aes_256_cbc_hmac_sha256 966 -diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt -index cda81da..68a8da8 100644 ---- a/crypto/objects/objects.txt -+++ b/crypto/objects/objects.txt -@@ -1298,6 +1298,11 @@ kisa 1 6 : SEED-OFB : seed-ofb - : TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1 - : TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1 - : TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1 -+ : TLS12-DES-EDE3-CBC-HMAC-SHA1 : tls12-des-ede3-cbc-hmac-sha1 -+ : TLS12-AES-128-CBC-HMAC-SHA1 : tls12-aes-128-cbc-hmac-sha1 -+ : TLS12-AES-256-CBC-HMAC-SHA1 : tls12-aes-256-cbc-hmac-sha1 -+ : TLS12-AES-128-CBC-HMAC-SHA256 : tls12-aes-128-cbc-hmac-sha256 -+ : TLS12-AES-256-CBC-HMAC-SHA256 : tls12-aes-256-cbc-hmac-sha256 - - ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH - -diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index b4af7dc..359cb5d 100644 ---- a/ssl/ssl_ciph.c -+++ b/ssl/ssl_ciph.c -@@ -690,6 +690,31 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, - c->algorithm_mac == SSL_SHA1 && - (evp = EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1"))) - *enc = evp, *md = NULL; -+ else if (s->ssl_version == TLS1_2_VERSION && -+ c->algorithm_enc == SSL_3DES && -+ c->algorithm_mac == SSL_SHA1 && -+ (evp=EVP_get_cipherbyname("TLS12-DES-EDE3-CBC-HMAC-SHA1"))) -+ *enc = evp, *md = NULL; -+ else if (s->ssl_version == TLS1_2_VERSION && -+ c->algorithm_enc == SSL_AES128 && -+ c->algorithm_mac == SSL_SHA1 && -+ (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA1"))) -+ *enc = evp, *md = NULL; -+ else if (s->ssl_version == TLS1_2_VERSION && -+ c->algorithm_enc == SSL_AES256 && -+ c->algorithm_mac == SSL_SHA1 && -+ (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA1"))) -+ *enc = evp, *md = NULL; -+ else if (s->ssl_version == TLS1_2_VERSION && -+ c->algorithm_enc == SSL_AES128 && -+ c->algorithm_mac == SSL_SHA256 && -+ (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA256"))) -+ *enc = evp, *md = NULL; -+ else if (s->ssl_version == TLS1_2_VERSION && -+ c->algorithm_enc == SSL_AES256 && -+ c->algorithm_mac == SSL_SHA256 && -+ (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA256"))) -+ *enc = evp, *md = NULL; - return (1); - } else - return (0); --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch deleted file mode 100644 index cf6cce2..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch +++ /dev/null @@ -1,72 +0,0 @@ -From dddb8bc7eea34dfc73c1f5c8863d19894d9a18ac Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Thu, 19 Feb 2015 16:11:53 +0200 -Subject: [PATCH 18/48] cryptodev: drop redundant function - -get_dev_crypto already caches the result. Another cache in-between is -useless. - -Signed-off-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 17 +++-------------- - 1 file changed, 3 insertions(+), 14 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 455868e..d229f61 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -94,7 +94,6 @@ struct dev_crypto_state { - - static u_int32_t cryptodev_asymfeat = 0; - --static int get_asym_dev_crypto(void); - static int open_dev_crypto(void); - static int get_dev_crypto(void); - static int get_cryptodev_ciphers(const int **cnids); -@@ -441,16 +440,6 @@ static void put_dev_crypto(int fd) - # endif - } - --/* Caching version for asym operations */ --static int get_asym_dev_crypto(void) --{ -- static int fd = -1; -- -- if (fd == -1) -- fd = get_dev_crypto(); -- return fd; --} -- - /* - * Find out what ciphers /dev/crypto will let us have a session for. - * XXX note, that some of these openssl doesn't deal with yet! -@@ -1923,7 +1912,7 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, - { - int fd, ret = -1; - -- if ((fd = get_asym_dev_crypto()) < 0) -+ if ((fd = get_dev_crypto()) < 0) - return ret; - - if (r) { -@@ -2522,7 +2511,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) - int p_len, q_len; - int i; - -- if ((fd = get_asym_dev_crypto()) < 0) -+ if ((fd = get_dev_crypto()) < 0) - goto sw_try; - - if (!rsa->n && ((rsa->n = BN_new()) == NULL)) -@@ -4111,7 +4100,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) - BIGNUM *temp = NULL; - unsigned char *padded_pub_key = NULL, *p = NULL; - -- if ((fd = get_asym_dev_crypto()) < 0) -+ if ((fd = get_dev_crypto()) < 0) - goto sw_try; - - memset(&kop, 0, sizeof kop); --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch deleted file mode 100644 index d423dd1..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 413ef57790244fc521d40ade62358abaf0a55d10 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Tue, 17 Feb 2015 13:12:53 +0200 -Subject: [PATCH 19/48] cryptodev: do not zero the buffer before use - -- The buffer is just about to be overwritten. Zeroing it before that has - no purpose - -Change-Id: I478c31bd2e254561474a7edf5e37980ca04217ce -Signed-off-by: Cristian Stoica -Reviewed-on: http://git.am.freescale.net:8181/34217 ---- - crypto/engine/eng_cryptodev.c | 14 ++++---------- - 1 file changed, 4 insertions(+), 10 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index d229f61..4d370ad 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -1806,21 +1806,15 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, - static int bn2crparam(const BIGNUM *a, struct crparam *crp) - { - ssize_t bytes, bits; -- u_char *b; -- -- crp->crp_p = NULL; -- crp->crp_nbits = 0; - - bits = BN_num_bits(a); - bytes = (bits + 7) / 8; - -- b = malloc(bytes); -- if (b == NULL) -- return (1); -- memset(b, 0, bytes); -- -- crp->crp_p = (caddr_t) b; - crp->crp_nbits = bits; -+ crp->crp_p = malloc(bytes); -+ -+ if (crp->crp_p == NULL) -+ return (1); - - BN_bn2bin(a, crp->crp_p); - return (0); --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch deleted file mode 100644 index d82dc5c..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch +++ /dev/null @@ -1,73 +0,0 @@ -From ac3dfaf10125f08454d51e8fc4b3a77d33fd96d0 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Wed, 18 Feb 2015 10:39:46 +0200 -Subject: [PATCH 20/48] cryptodev: clean-up code layout - -This is just a refactoring that uses else branch to check for malloc failures - -Signed-off-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 45 ++++++++++++++++++++----------------------- - 1 file changed, 21 insertions(+), 24 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 4d370ad..487a2c9 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -1869,32 +1869,29 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, - fd = *(int *)cookie->eng_handle; - - eng_cookie = malloc(sizeof(struct cryptodev_cookie_s)); -- -- if (eng_cookie) { -- memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s)); -- if (r) { -- kop->crk_param[kop->crk_iparams].crp_p = -- calloc(rlen, sizeof(char)); -- if (!kop->crk_param[kop->crk_iparams].crp_p) -- return -ENOMEM; -- kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; -- kop->crk_oparams++; -- eng_cookie->r = r; -- eng_cookie->r_param = kop->crk_param[kop->crk_iparams]; -- } -- if (s) { -- kop->crk_param[kop->crk_iparams + 1].crp_p = -- calloc(slen, sizeof(char)); -- if (!kop->crk_param[kop->crk_iparams + 1].crp_p) -- return -ENOMEM; -- kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8; -- kop->crk_oparams++; -- eng_cookie->s = s; -- eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1]; -- } -- } else -+ if (!eng_cookie) - return -ENOMEM; - -+ memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s)); -+ if (r) { -+ kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); -+ if (!kop->crk_param[kop->crk_iparams].crp_p) -+ return -ENOMEM; -+ kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; -+ kop->crk_oparams++; -+ eng_cookie->r = r; -+ eng_cookie->r_param = kop->crk_param[kop->crk_iparams]; -+ } -+ if (s) { -+ kop->crk_param[kop->crk_iparams + 1].crp_p = -+ calloc(slen, sizeof(char)); -+ if (!kop->crk_param[kop->crk_iparams + 1].crp_p) -+ return -ENOMEM; -+ kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8; -+ kop->crk_oparams++; -+ eng_cookie->s = s; -+ eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1]; -+ } - eng_cookie->kop = kop; - cookie->eng_cookie = eng_cookie; - return ioctl(fd, CIOCASYMASYNCRYPT, kop); --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch deleted file mode 100644 index fa825bb..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch +++ /dev/null @@ -1,93 +0,0 @@ -From b96074f4e44b2147d4d771dd086463c9cb7d42a3 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Thu, 19 Feb 2015 16:43:29 +0200 -Subject: [PATCH 21/48] cryptodev: do not cache file descriptor in 'open' - -The file descriptor returned by get_dev_crypto is cached after a -successful return. The issue is, it is cached inside 'open_dev_crypto' -which is no longer useful as a general purpose open("/dev/crypto") -function. - -This patch is a refactoring that moves the caching operation from -open_dev_crypto to get_dev_crypto and leaves the former as a simpler -function true to its name - -Signed-off-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 43 +++++++++++++++++++++---------------------- - 1 file changed, 21 insertions(+), 22 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 487a2c9..d7188a6 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -392,45 +392,44 @@ static void ctr64_inc(unsigned char *counter) - } while (n); - } - --/* -- * Return a fd if /dev/crypto seems usable, 0 otherwise. -- */ - static int open_dev_crypto(void) - { -- static int fd = -1; -+ int fd; - -- if (fd == -1) { -- if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) -- return (-1); -- /* close on exec */ -- if (fcntl(fd, F_SETFD, 1) == -1) { -- close(fd); -- fd = -1; -- return (-1); -- } -+ fd = open("/dev/crypto", O_RDWR, 0); -+ if (fd < 0) -+ return -1; -+ -+ /* close on exec */ -+ if (fcntl(fd, F_SETFD, 1) == -1) { -+ close(fd); -+ return -1; - } -- return (fd); -+ -+ return fd; - } - - static int get_dev_crypto(void) - { -- int fd, retfd; -+ static int fd = -1; -+ int retfd; - -- if ((fd = open_dev_crypto()) == -1) -- return (-1); --# ifndef CRIOGET_NOT_NEEDED -+ if (fd == -1) -+ fd = open_dev_crypto(); -+# ifdef CRIOGET_NOT_NEEDED -+ return fd; -+# else -+ if (fd == -1) -+ return -1; - if (ioctl(fd, CRIOGET, &retfd) == -1) - return (-1); -- - /* close on exec */ - if (fcntl(retfd, F_SETFD, 1) == -1) { - close(retfd); - return (-1); - } --# else -- retfd = fd; -+ return retfd; - # endif -- return (retfd); - } - - static void put_dev_crypto(int fd) --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch deleted file mode 100644 index eddb1f2..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 43710e60fd8bae1ebc4d1eef6d86cb4e82653ac4 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Thu, 19 Feb 2015 13:09:32 +0200 -Subject: [PATCH 22/48] cryptodev: put_dev_crypto should be an int - -Change-Id: Ie0a83bc07a37132286c098b17ef35d98de74b043 -Signed-off-by: Cristian Stoica -Reviewed-on: http://git.am.freescale.net:8181/34220 ---- - crypto/engine/eng_cryptodev.c | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index d7188a6..7b3dbd1 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -432,10 +432,12 @@ static int get_dev_crypto(void) - # endif - } - --static void put_dev_crypto(int fd) -+static int put_dev_crypto(int fd) - { --# ifndef CRIOGET_NOT_NEEDED -- close(fd); -+#ifdef CRIOGET_NOT_NEEDED -+ return 0; -+#else -+ return close(fd); - # endif - } - --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch deleted file mode 100644 index 4f589af..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch +++ /dev/null @@ -1,260 +0,0 @@ -From b706132a33555162e6dbf26d9fde4bcb1136d553 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Thu, 19 Feb 2015 13:39:52 +0200 -Subject: [PATCH 23/48] cryptodev: simplify cryptodev pkc support code - -- Engine init returns directly a file descriptor instead of a pointer to one -- Similarly, the Engine close will now just close the file - -Signed-off-by: Cristian Stoica ---- - crypto/crypto.h | 2 +- - crypto/engine/eng_cryptodev.c | 43 +++++++---------------------------- - crypto/engine/eng_int.h | 14 +++--------- - crypto/engine/eng_lib.c | 53 +++++++++++++++++++++---------------------- - crypto/engine/engine.h | 13 +++++------ - 5 files changed, 44 insertions(+), 81 deletions(-) - -diff --git a/crypto/crypto.h b/crypto/crypto.h -index 2b4ec59..ddb9b69 100644 ---- a/crypto/crypto.h -+++ b/crypto/crypto.h -@@ -668,7 +668,7 @@ struct pkc_cookie_s { - * -EINVAL: Parameters Invalid - */ - void (*pkc_callback)(struct pkc_cookie_s *cookie, int status); -- void *eng_handle; -+ int eng_handle; - }; - - #ifdef __cplusplus -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 7b3dbd1..34c8d18 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -434,10 +434,10 @@ static int get_dev_crypto(void) - - static int put_dev_crypto(int fd) - { --#ifdef CRIOGET_NOT_NEEDED -- return 0; --#else -- return close(fd); -+# ifdef CRIOGET_NOT_NEEDED -+ return 0; -+# else -+ return close(fd); - # endif - } - -@@ -1867,7 +1867,7 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, - struct pkc_cookie_s *cookie = kop->cookie; - struct cryptodev_cookie_s *eng_cookie; - -- fd = *(int *)cookie->eng_handle; -+ fd = cookie->eng_handle; - - eng_cookie = malloc(sizeof(struct cryptodev_cookie_s)); - if (!eng_cookie) -@@ -1939,38 +1939,11 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, - return ret; - } - --/* Close an opened instance of cryptodev engine */ --void cryptodev_close_instance(void *handle) --{ -- int fd; -- -- if (handle) { -- fd = *(int *)handle; -- close(fd); -- free(handle); -- } --} -- --/* Create an instance of cryptodev for asynchronous interface */ --void *cryptodev_init_instance(void) --{ -- int *fd = malloc(sizeof(int)); -- -- if (fd) { -- if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) { -- free(fd); -- return NULL; -- } -- } -- return fd; --} -- - # include - - /* Return 0 on success and 1 on failure */ --int cryptodev_check_availability(void *eng_handle) -+int cryptodev_check_availability(int fd) - { -- int fd = *(int *)eng_handle; - struct pkc_cookie_list_s cookie_list; - struct pkc_cookie_s *cookie; - int i; -@@ -4719,8 +4692,8 @@ void ENGINE_load_cryptodev(void) - } - - ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability); -- ENGINE_set_close_instance(engine, cryptodev_close_instance); -- ENGINE_set_init_instance(engine, cryptodev_init_instance); -+ ENGINE_set_close_instance(engine, put_dev_crypto); -+ ENGINE_set_open_instance(engine, open_dev_crypto); - ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC); - - ENGINE_add(engine); -diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h -index b698a0c..7541beb 100644 ---- a/crypto/engine/eng_int.h -+++ b/crypto/engine/eng_int.h -@@ -198,23 +198,15 @@ struct engine_st { - ENGINE_LOAD_KEY_PTR load_privkey; - ENGINE_LOAD_KEY_PTR load_pubkey; - ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert; -- /* -- * Instantiate Engine handle to be passed in check_pkc_availability -- * Ensure that Engine is instantiated before any pkc asynchronous call. -- */ -- void *(*engine_init_instance)(void); -- /* -- * Instantiated Engine handle will be closed with this call. -- * Ensure that no pkc asynchronous call is made after this call -- */ -- void (*engine_close_instance)(void *handle); -+ int (*engine_open_instance)(void); -+ int (*engine_close_instance)(int fd); - /* - * Check availability will extract the data from kernel. - * eng_handle: This is the Engine handle corresponds to which - * the cookies needs to be polled. - * return 0 if cookie available else 1 - */ -- int (*check_pkc_availability)(void *eng_handle); -+ int (*check_pkc_availability)(int fd); - /* - * The following map is used to check if the engine supports asynchronous implementation - * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous -diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c -index 0c57e12..4fdcfd6 100644 ---- a/crypto/engine/eng_lib.c -+++ b/crypto/engine/eng_lib.c -@@ -101,7 +101,7 @@ void engine_set_all_null(ENGINE *e) - e->load_privkey = NULL; - e->load_pubkey = NULL; - e->check_pkc_availability = NULL; -- e->engine_init_instance = NULL; -+ e->engine_open_instance = NULL; - e->engine_close_instance = NULL; - e->cmd_defns = NULL; - e->async_map = 0; -@@ -252,46 +252,45 @@ int ENGINE_set_id(ENGINE *e, const char *id) - return 1; - } - --void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void)) -- { -- e->engine_init_instance = engine_init_instance; -- } -+void ENGINE_set_open_instance(ENGINE *e, int (*engine_open_instance)(void)) -+{ -+ e->engine_open_instance = engine_open_instance; -+} - --void ENGINE_set_close_instance(ENGINE *e, -- void (*engine_close_instance)(void *)) -- { -- e->engine_close_instance = engine_close_instance; -- } -+void ENGINE_set_close_instance(ENGINE *e, int (*engine_close_instance)(int)) -+{ -+ e->engine_close_instance = engine_close_instance; -+} - - void ENGINE_set_async_map(ENGINE *e, int async_map) - { - e->async_map = async_map; - } - --void *ENGINE_init_instance(ENGINE *e) -- { -- return e->engine_init_instance(); -- } -- --void ENGINE_close_instance(ENGINE *e, void *eng_handle) -- { -- e->engine_close_instance(eng_handle); -- } -- - int ENGINE_get_async_map(ENGINE *e) - { - return e->async_map; - } - -+int ENGINE_open_instance(ENGINE *e) -+{ -+ return e->engine_open_instance(); -+} -+ -+int ENGINE_close_instance(ENGINE *e, int fd) -+{ -+ return e->engine_close_instance(fd); -+} -+ - void ENGINE_set_check_pkc_availability(ENGINE *e, -- int (*check_pkc_availability)(void *eng_handle)) -- { -- e->check_pkc_availability = check_pkc_availability; -- } -+ int (*check_pkc_availability)(int fd)) -+{ -+ e->check_pkc_availability = check_pkc_availability; -+} - --int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle) -- { -- return e->check_pkc_availability(eng_handle); -+int ENGINE_check_pkc_availability(ENGINE *e, int fd) -+{ -+ return e->check_pkc_availability(fd); - } - - int ENGINE_set_name(ENGINE *e, const char *name) -diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h -index 4527aa1..f83ee73 100644 ---- a/crypto/engine/engine.h -+++ b/crypto/engine/engine.h -@@ -551,9 +551,6 @@ ENGINE *ENGINE_new(void); - int ENGINE_free(ENGINE *e); - int ENGINE_up_ref(ENGINE *e); - int ENGINE_set_id(ENGINE *e, const char *id); --void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void)); --void ENGINE_set_close_instance(ENGINE *e, -- void (*engine_free_instance)(void *)); - /* - * Following FLAGS are bitmap store in async_map to set asynchronous interface capability - *of the engine -@@ -570,11 +567,13 @@ void ENGINE_set_async_map(ENGINE *e, int async_map); - * to confirm asynchronous methods supported - */ - int ENGINE_get_async_map(ENGINE *e); --void *ENGINE_init_instance(ENGINE *e); --void ENGINE_close_instance(ENGINE *e, void *eng_handle); -+int ENGINE_open_instance(ENGINE *e); -+int ENGINE_close_instance(ENGINE *e, int fd); -+void ENGINE_set_init_instance(ENGINE *e, int(*engine_init_instance)(void)); -+void ENGINE_set_close_instance(ENGINE *e, int(*engine_close_instance)(int)); - void ENGINE_set_check_pkc_availability(ENGINE *e, -- int (*check_pkc_availability)(void *eng_handle)); --int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle); -+ int (*check_pkc_availability)(int fd)); -+int ENGINE_check_pkc_availability(ENGINE *e, int fd); - int ENGINE_set_name(ENGINE *e, const char *name); - int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); - int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch deleted file mode 100644 index 0daa2a4..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch +++ /dev/null @@ -1,37 +0,0 @@ -From e1de7751808d5196a9a719ad49a1281d2a3c453d Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Mon, 14 Dec 2015 14:02:00 +0200 -Subject: [PATCH 24/48] cryptodev: clarify code, remove assignments from - conditionals - -Signed-off-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 34c8d18..31687d8 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -1560,14 +1560,16 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx) - struct session_op *sess = &state->d_sess; - int digest; - -- if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef) { -+ digest = digest_nid_to_cryptodev(ctx->digest->type); -+ if (digest == NID_undef) { - printf("cryptodev_digest_init: Can't get digest \n"); - return (0); - } - - memset(state, 0, sizeof(struct dev_crypto_state)); - -- if ((state->d_fd = get_dev_crypto()) < 0) { -+ state->d_fd = get_dev_crypto(); -+ if (state->d_fd < 0) { - printf("cryptodev_digest_init: Can't get Dev \n"); - return (0); - } --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch deleted file mode 100644 index 3e02c72..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 9ffa46ff1348817f4c8d24e9d42fa0f739a652d7 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Tue, 15 Dec 2015 12:10:37 +0200 -Subject: [PATCH 25/48] cryptodev: clean-up context state before anything else - -Signed-off-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 31687d8..e6616e9 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -1560,14 +1560,14 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx) - struct session_op *sess = &state->d_sess; - int digest; - -+ memset(state, 0, sizeof(struct dev_crypto_state)); -+ - digest = digest_nid_to_cryptodev(ctx->digest->type); - if (digest == NID_undef) { - printf("cryptodev_digest_init: Can't get digest \n"); - return (0); - } - -- memset(state, 0, sizeof(struct dev_crypto_state)); -- - state->d_fd = get_dev_crypto(); - if (state->d_fd < 0) { - printf("cryptodev_digest_init: Can't get Dev \n"); --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch deleted file mode 100644 index 4e1ce65..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch +++ /dev/null @@ -1,155 +0,0 @@ -From 7f6a709ed46d79d765ee0bb2fc16b84d0bb4c8a6 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Mon, 14 Dec 2015 17:49:08 +0200 -Subject: [PATCH 26/48] cryptodev: remove code duplication in digest operations - -This patch simplifies code and removes duplication in digest_update and -digest_final for cryptodev engine. - -Note: The current design of eng_cryptodev for digests operations assumes - the presence of all the data before processing (this is suboptimal - with cryptodev-linux because Linux kernel has support for digest-update - operations and there is no need to accumulate the input data). - -Signed-off-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 76 ++++++++++++++++--------------------------- - 1 file changed, 28 insertions(+), 48 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index e6616e9..a8652bf 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -1591,24 +1591,25 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx) - static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, - size_t count) - { -- struct crypt_op cryp; - struct dev_crypto_state *state = ctx->md_data; -- struct session_op *sess = &state->d_sess; - -- if (!data || state->d_fd < 0) { -+ if (!data || !count) { - printf("cryptodev_digest_update: illegal inputs \n"); -- return (0); -- } -- -- if (!count) { -- return (0); -+ return 0; - } - -- if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { -- /* if application doesn't support one buffer */ -+ /* -+ * Accumulate input data if it is scattered in several buffers. TODO: -+ * Depending on number of calls and data size, this code can be optimized -+ * to take advantage of Linux kernel crypto API, balancing between -+ * cryptodev calls and accumulating small amounts of data -+ */ -+ if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) { -+ state->mac_data = data; -+ state->mac_len = count; -+ } else { - state->mac_data = - OPENSSL_realloc(state->mac_data, state->mac_len + count); -- - if (!state->mac_data) { - printf("cryptodev_digest_update: realloc failed\n"); - return (0); -@@ -1616,23 +1617,9 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, - - memcpy(state->mac_data + state->mac_len, data, count); - state->mac_len += count; -- -- return (1); - } - -- memset(&cryp, 0, sizeof(cryp)); -- -- cryp.ses = sess->ses; -- cryp.flags = 0; -- cryp.len = count; -- cryp.src = (caddr_t) data; -- cryp.dst = NULL; -- cryp.mac = (caddr_t) state->digest_res; -- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { -- printf("cryptodev_digest_update: digest failed\n"); -- return (0); -- } -- return (1); -+ return 1; - } - - static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) -@@ -1641,33 +1628,25 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) - struct dev_crypto_state *state = ctx->md_data; - struct session_op *sess = &state->d_sess; - -- int ret = 1; -- - if (!md || state->d_fd < 0) { - printf("cryptodev_digest_final: illegal input\n"); - return (0); - } - -- if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { -- /* if application doesn't support one buffer */ -- memset(&cryp, 0, sizeof(cryp)); -- cryp.ses = sess->ses; -- cryp.flags = 0; -- cryp.len = state->mac_len; -- cryp.src = state->mac_data; -- cryp.dst = NULL; -- cryp.mac = (caddr_t) md; -- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { -- printf("cryptodev_digest_final: digest failed\n"); -- return (0); -- } -+ memset(&cryp, 0, sizeof(cryp)); - -- return 1; -- } -+ cryp.ses = sess->ses; -+ cryp.flags = 0; -+ cryp.len = state->mac_len; -+ cryp.src = state->mac_data; -+ cryp.mac = md; - -- memcpy(md, state->digest_res, ctx->digest->md_size); -+ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { -+ printf("cryptodev_digest_final: digest failed\n"); -+ return (0); -+ } - -- return (ret); -+ return (1); - } - - static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx) -@@ -1684,11 +1663,11 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx) - return (0); - } - -- if (state->mac_data) { -+ if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { - OPENSSL_free(state->mac_data); -- state->mac_data = NULL; -- state->mac_len = 0; - } -+ state->mac_data = NULL; -+ state->mac_len = 0; - - if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) { - printf("cryptodev_digest_cleanup: failed to close session\n"); -@@ -1696,6 +1675,7 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx) - } else { - ret = 1; - } -+ - put_dev_crypto(state->d_fd); - state->d_fd = -1; - --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch deleted file mode 100644 index 0810889..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch +++ /dev/null @@ -1,108 +0,0 @@ -From 0307a70fc4399a0ee758172e385d4daaae669ce6 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Tue, 15 Dec 2015 12:23:13 +0200 -Subject: [PATCH 27/48] cryptodev: put all digest ioctls into a single function - -Signed-off-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 44 +++++++++++++++++++------------------------ - 1 file changed, 19 insertions(+), 25 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index a8652bf..8b8710a 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -1578,13 +1578,6 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx) - sess->mackeylen = digest_key_length(ctx->digest->type); - sess->mac = digest; - -- if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { -- put_dev_crypto(state->d_fd); -- state->d_fd = -1; -- printf("cryptodev_digest_init: Open session failed\n"); -- return (0); -- } -- - return (1); - } - -@@ -1624,6 +1617,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, - - static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) - { -+ int ret = 1; - struct crypt_op cryp; - struct dev_crypto_state *state = ctx->md_data; - struct session_op *sess = &state->d_sess; -@@ -1633,6 +1627,11 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) - return (0); - } - -+ if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { -+ printf("cryptodev_digest_init: Open session failed\n"); -+ return (0); -+ } -+ - memset(&cryp, 0, sizeof(cryp)); - - cryp.ses = sess->ses; -@@ -1643,43 +1642,38 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) - - if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { - printf("cryptodev_digest_final: digest failed\n"); -- return (0); -+ ret = 0; - } - -- return (1); -+ if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) { -+ printf("cryptodev_digest_cleanup: failed to close session\n"); -+ } -+ -+ return ret; - } - - static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx) - { -- int ret = 1; - struct dev_crypto_state *state = ctx->md_data; - struct session_op *sess = &state->d_sess; - -- if (state == NULL) -+ if (state == NULL) { - return 0; -- -- if (state->d_fd < 0) { -- printf("cryptodev_digest_cleanup: illegal input\n"); -- return (0); - } - - if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { - OPENSSL_free(state->mac_data); - } -- state->mac_data = NULL; -- state->mac_len = 0; - -- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) { -- printf("cryptodev_digest_cleanup: failed to close session\n"); -- ret = 0; -- } else { -- ret = 1; -+ if (state->d_fd >= 0) { -+ put_dev_crypto(state->d_fd); -+ state->d_fd = -1; - } - -- put_dev_crypto(state->d_fd); -- state->d_fd = -1; -+ state->mac_data = NULL; -+ state->mac_len = 0; - -- return (ret); -+ return 1; - } - - static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch deleted file mode 100644 index 91bd4a4..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch +++ /dev/null @@ -1,90 +0,0 @@ -From 07f16d70cf7993c43e2c24a1e121c197db9ce1bc Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Tue, 15 Dec 2015 12:51:36 +0200 -Subject: [PATCH 28/48] cryptodev: fix debug print messages - -Signed-off-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 18 +++++++++--------- - 1 file changed, 9 insertions(+), 9 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 8b8710a..b74f21c 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -1564,13 +1564,13 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx) - - digest = digest_nid_to_cryptodev(ctx->digest->type); - if (digest == NID_undef) { -- printf("cryptodev_digest_init: Can't get digest \n"); -+ printf("%s: Can't get digest\n", __func__); - return (0); - } - - state->d_fd = get_dev_crypto(); - if (state->d_fd < 0) { -- printf("cryptodev_digest_init: Can't get Dev \n"); -+ printf("%s: Can't get Dev\n", __func__); - return (0); - } - -@@ -1587,7 +1587,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, - struct dev_crypto_state *state = ctx->md_data; - - if (!data || !count) { -- printf("cryptodev_digest_update: illegal inputs \n"); -+ printf("%s: illegal inputs\n", __func__); - return 0; - } - -@@ -1604,7 +1604,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, - state->mac_data = - OPENSSL_realloc(state->mac_data, state->mac_len + count); - if (!state->mac_data) { -- printf("cryptodev_digest_update: realloc failed\n"); -+ printf("%s: realloc failed\n", __func__); - return (0); - } - -@@ -1623,12 +1623,12 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) - struct session_op *sess = &state->d_sess; - - if (!md || state->d_fd < 0) { -- printf("cryptodev_digest_final: illegal input\n"); -+ printf("%s: illegal input\n", __func__); - return (0); - } - - if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { -- printf("cryptodev_digest_init: Open session failed\n"); -+ printf("%s: Open session failed\n", __func__); - return (0); - } - -@@ -1641,12 +1641,12 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) - cryp.mac = md; - - if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { -- printf("cryptodev_digest_final: digest failed\n"); -+ printf("%s: digest failed\n", __func__); - ret = 0; - } - - if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) { -- printf("cryptodev_digest_cleanup: failed to close session\n"); -+ printf("%s: failed to close session\n", __func__); - } - - return ret; -@@ -1701,7 +1701,7 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) - if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) { - put_dev_crypto(dstate->d_fd); - dstate->d_fd = -1; -- printf("cryptodev_digest_init: Open session failed\n"); -+ printf("%s: Open session failed\n", __func__); - return (0); - } - --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch deleted file mode 100644 index abf8084..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 64d5378080c14a9cf9fd673457af0fa80f3a94ee Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Tue, 15 Dec 2015 15:43:28 +0200 -Subject: [PATCH 29/48] cryptodev: use CIOCHASH ioctl for digest operations - -Signed-off-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 34 +++++++++++----------------------- - 1 file changed, 11 insertions(+), 23 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index b74f21c..4f375e0 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -85,6 +85,7 @@ struct dev_crypto_state { - unsigned char *iv; - int ivlen; - # ifdef USE_CRYPTODEV_DIGESTS -+ struct hash_op_data hash_op; - char dummy_mac_key[HASH_MAX_LEN]; - unsigned char digest_res[HASH_MAX_LEN]; - char *mac_data; -@@ -1557,7 +1558,7 @@ static int digest_key_length(int nid) - static int cryptodev_digest_init(EVP_MD_CTX *ctx) - { - struct dev_crypto_state *state = ctx->md_data; -- struct session_op *sess = &state->d_sess; -+ struct hash_op_data *hash_op = &state->hash_op; - int digest; - - memset(state, 0, sizeof(struct dev_crypto_state)); -@@ -1574,9 +1575,9 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx) - return (0); - } - -- sess->mackey = state->dummy_mac_key; -- sess->mackeylen = digest_key_length(ctx->digest->type); -- sess->mac = digest; -+ hash_op->mac_op = digest; -+ hash_op->mackey = state->dummy_mac_key; -+ hash_op->mackeylen = digest_key_length(ctx->digest->type); - - return (1); - } -@@ -1618,37 +1619,24 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, - static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) - { - int ret = 1; -- struct crypt_op cryp; - struct dev_crypto_state *state = ctx->md_data; -- struct session_op *sess = &state->d_sess; -+ struct hash_op_data *hash_op = &state->hash_op; - - if (!md || state->d_fd < 0) { - printf("%s: illegal input\n", __func__); - return (0); - } - -- if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { -- printf("%s: Open session failed\n", __func__); -- return (0); -- } -- -- memset(&cryp, 0, sizeof(cryp)); -+ hash_op->flags = 0; -+ hash_op->len = state->mac_len; -+ hash_op->src = state->mac_data; -+ hash_op->mac_result = md; - -- cryp.ses = sess->ses; -- cryp.flags = 0; -- cryp.len = state->mac_len; -- cryp.src = state->mac_data; -- cryp.mac = md; -- -- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { -+ if (ioctl(state->d_fd, CIOCHASH, hash_op) < 0) { - printf("%s: digest failed\n", __func__); - ret = 0; - } - -- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) { -- printf("%s: failed to close session\n", __func__); -- } -- - return ret; - } - --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch deleted file mode 100644 index 28de567..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch +++ /dev/null @@ -1,106 +0,0 @@ -From 328b2890d5a9baf9f936bd9facaf411c01931f08 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Wed, 13 Jan 2016 15:18:20 +0200 -Subject: [PATCH 30/48] cryptodev: reduce duplicated efforts for searching - inside digests table - -Signed-off-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 44 ++++++++++++++++++------------------------- - 1 file changed, 18 insertions(+), 26 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 4f375e0..163a37d 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -1534,37 +1534,31 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - - # ifdef USE_CRYPTODEV_DIGESTS - --/* convert digest type to cryptodev */ --static int digest_nid_to_cryptodev(int nid) -+static int digest_nid_to_id(int nid) - { - int i; - -- for (i = 0; digests[i].id; i++) -- if (digests[i].nid == nid) -- return (digests[i].id); -- return (0); --} -- --static int digest_key_length(int nid) --{ -- int i; -- -- for (i = 0; digests[i].id; i++) -- if (digests[i].nid == nid) -- return digests[i].keylen; -- return (0); -+ for (i = 0;; i++) { -+ if ((digests[i].nid == nid) || (digests[i].id == 0)) { -+ break; -+ } -+ } -+ return i; - } - - static int cryptodev_digest_init(EVP_MD_CTX *ctx) - { - struct dev_crypto_state *state = ctx->md_data; - struct hash_op_data *hash_op = &state->hash_op; -- int digest; -+ int id; - - memset(state, 0, sizeof(struct dev_crypto_state)); - -- digest = digest_nid_to_cryptodev(ctx->digest->type); -- if (digest == NID_undef) { -+ id = digest_nid_to_id(ctx->digest->type); -+ -+ hash_op->mac_op = digests[id].id; -+ hash_op->mackeylen = digests[id].keylen; -+ if (hash_op->mac_op == 0) { - printf("%s: Can't get digest\n", __func__); - return (0); - } -@@ -1575,11 +1569,9 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx) - return (0); - } - -- hash_op->mac_op = digest; - hash_op->mackey = state->dummy_mac_key; -- hash_op->mackeylen = digest_key_length(ctx->digest->type); - -- return (1); -+ return 1; - } - - static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, -@@ -1669,7 +1661,7 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) - struct dev_crypto_state *fstate = from->md_data; - struct dev_crypto_state *dstate = to->md_data; - struct session_op *sess; -- int digest; -+ int id; - - if (dstate == NULL || fstate == NULL) - return 1; -@@ -1678,11 +1670,11 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) - - sess = &dstate->d_sess; - -- digest = digest_nid_to_cryptodev(to->digest->type); -+ id = digest_nid_to_id(to->digest->type); - - sess->mackey = dstate->dummy_mac_key; -- sess->mackeylen = digest_key_length(to->digest->type); -- sess->mac = digest; -+ sess->mackeylen = digests[id].keylen; -+ sess->mac = digests[id].id; - - dstate->d_fd = get_dev_crypto(); - --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch deleted file mode 100644 index d7af9cb..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 9faaca759390bba5aeeb049d31f74806e78137e1 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Mon, 8 Feb 2016 16:00:22 +0200 -Subject: [PATCH 31/48] cryptodev: remove not used local variables - -Signed-off-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 6 +----- - 1 file changed, 1 insertion(+), 5 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 163a37d..b13bf8c 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -1635,7 +1635,6 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) - static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx) - { - struct dev_crypto_state *state = ctx->md_data; -- struct session_op *sess = &state->d_sess; - - if (state == NULL) { - return 0; -@@ -3952,7 +3951,6 @@ static int cryptodev_dh_keygen(DH *dh) - int ret = 1, q_len = 0; - unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL; - BIGNUM *pub_key = NULL, *priv_key = NULL; -- int generate_new_key = 1; - - if (dh->priv_key) - priv_key = dh->priv_key; -@@ -4074,11 +4072,9 @@ cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key, - { - struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); - int ret = 1; -- int fd, p_len; -+ int p_len; - unsigned char *padded_pub_key = NULL, *p = NULL; - -- fd = *(int *)cookie->eng_handle; -- - memset(kop, 0, sizeof(struct crypt_kop)); - kop->crk_op = CRK_DH_COMPUTE_KEY; - /* inputs: dh->priv_key pub_key dh->p key */ --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch deleted file mode 100644 index a53705f..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch +++ /dev/null @@ -1,27 +0,0 @@ -From a6dc52cbcda9b4dcb0fda3b780e7c89219388982 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Mon, 8 Feb 2016 17:22:49 +0200 -Subject: [PATCH 32/48] cryptodev: hide not used variable behind #ifndef - -Signed-off-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index b13bf8c..cdd99b8 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -413,7 +413,9 @@ static int open_dev_crypto(void) - static int get_dev_crypto(void) - { - static int fd = -1; -+# ifndef CRIOGET_NOT_NEEDED - int retfd; -+# endif - - if (fd == -1) - fd = open_dev_crypto(); --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch deleted file mode 100644 index f0863bd..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 6d335627ec5bdf89c89ced9d2fa7610e6dc50e31 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Mon, 8 Feb 2016 16:08:25 +0200 -Subject: [PATCH 33/48] cryptodev: fix function declaration typo - -Signed-off-by: Cristian Stoica ---- - crypto/engine/engine.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h -index f83ee73..c8efbe1 100644 ---- a/crypto/engine/engine.h -+++ b/crypto/engine/engine.h -@@ -569,7 +569,7 @@ void ENGINE_set_async_map(ENGINE *e, int async_map); - int ENGINE_get_async_map(ENGINE *e); - int ENGINE_open_instance(ENGINE *e); - int ENGINE_close_instance(ENGINE *e, int fd); --void ENGINE_set_init_instance(ENGINE *e, int(*engine_init_instance)(void)); -+void ENGINE_set_open_instance(ENGINE *e, int(*engine_open_instance)(void)); - void ENGINE_set_close_instance(ENGINE *e, int(*engine_close_instance)(int)); - void ENGINE_set_check_pkc_availability(ENGINE *e, - int (*check_pkc_availability)(int fd)); --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch deleted file mode 100644 index 50aa45c..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch +++ /dev/null @@ -1,26 +0,0 @@ -From fcb63347ddb004825e05250fd082fe84ff3689df Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Mon, 8 Feb 2016 16:12:54 +0200 -Subject: [PATCH 34/48] cryptodev: fix incorrect function signature - -Signed-off-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index cdd99b8..1c71bc7 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -3161,7 +3161,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst, - } - - static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, -- ECDSA_SIG *sig, EC_KEY *eckey) -+ const ECDSA_SIG *sig, EC_KEY *eckey) - { - BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL; - BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL; --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch deleted file mode 100644 index e028f66..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch +++ /dev/null @@ -1,110 +0,0 @@ -From 6ed8710043b5dc947afab8fffa80ea97f4c84ad6 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Mon, 8 Feb 2016 16:21:46 +0200 -Subject: [PATCH 35/48] cryptodev: fix warnings on excess elements in struct - initializer - -The initialization data for these structures had either missing or excess -values and did not match the structure definitions. - -Signed-off-by: Cristian Stoica ---- - crypto/dh/dh.h | 6 +++--- - crypto/dsa/dsa.h | 11 ++++++----- - crypto/engine/eng_cryptodev.c | 11 ++++++----- - 3 files changed, 15 insertions(+), 13 deletions(-) - -diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h -index 31dd762..11c6c7d 100644 ---- a/crypto/dh/dh.h -+++ b/crypto/dh/dh.h -@@ -123,9 +123,9 @@ struct dh_method { - int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); -- int (*compute_key_async)(unsigned char *key,const BIGNUM *pub_key,DH *dh, -- struct pkc_cookie_s *cookie); -- int (*generate_key_async)(DH *dh, struct pkc_cookie_s *cookie); -+ int (*compute_key_async) (unsigned char *key, const BIGNUM *pub_key, -+ DH *dh, struct pkc_cookie_s * cookie); -+ int (*generate_key_async) (DH *dh, struct pkc_cookie_s * cookie); - int (*init) (DH *dh); - int (*finish) (DH *dh); - int flags; -diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h -index 8584731..ab52add 100644 ---- a/crypto/dsa/dsa.h -+++ b/crypto/dsa/dsa.h -@@ -139,10 +139,11 @@ struct dsa_method { - /* Can be null */ - int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -- int (*dsa_do_sign_async)(const unsigned char *dgst, int dlen, DSA *dsa, -- DSA_SIG *sig, struct pkc_cookie_s *cookie); -- int (*dsa_do_verify_async)(const unsigned char *dgst, int dgst_len, -- DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie); -+ int (*dsa_do_sign_async) (const unsigned char *dgst, int dlen, DSA *dsa, -+ DSA_SIG *sig, struct pkc_cookie_s * cookie); -+ int (*dsa_do_verify_async) (const unsigned char *dgst, int dgst_len, -+ DSA_SIG *sig, DSA *dsa, -+ struct pkc_cookie_s * cookie); - int (*init) (DSA *dsa); - int (*finish) (DSA *dsa); - int flags; -@@ -154,7 +155,7 @@ struct dsa_method { - BN_GENCB *cb); - /* If this is non-NULL, it is used to generate DSA keys */ - int (*dsa_keygen) (DSA *dsa); -- int (*dsa_keygen_async)(DSA *dsa, struct pkc_cookie_s *cookie); -+ int (*dsa_keygen_async) (DSA *dsa, struct pkc_cookie_s * cookie); - }; - - struct dsa_st { -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 1c71bc7..20e1ec3 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -2905,11 +2905,13 @@ static DSA_METHOD cryptodev_dsa = { - NULL, - NULL, - NULL, -- NULL, - NULL, /* init */ - NULL, /* finish */ - 0, /* flags */ -- NULL /* app_data */ -+ NULL, /* app_data */ -+ NULL, -+ NULL, -+ NULL - }; - - static ECDSA_METHOD cryptodev_ecdsa = { -@@ -2919,7 +2921,6 @@ static ECDSA_METHOD cryptodev_ecdsa = { - NULL, - NULL, - NULL, -- NULL, - 0, /* flags */ - NULL /* app_data */ - }; -@@ -4496,14 +4497,14 @@ static DH_METHOD cryptodev_dh = { - NULL, - NULL, - 0, /* flags */ -- NULL /* app_data */ -+ NULL, /* app_data */ -+ NULL, /* generate_params */ - }; - - static ECDH_METHOD cryptodev_ecdh = { - "cryptodev ECDH method", - NULL, /* cryptodev_ecdh_compute_key */ - NULL, -- NULL, - 0, /* flags */ - NULL /* app_data */ - }; --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch deleted file mode 100644 index e59744e..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch +++ /dev/null @@ -1,46 +0,0 @@ -From bf4e61a53459358185a73dffa5f79af9bd739149 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Mon, 8 Feb 2016 16:36:33 +0200 -Subject: [PATCH 36/48] cryptodev: fix free on error path - -This was most likely a typo that escaped code review - -Signed-off-by: Cristian Stoica ---- - crypto/ecdsa/ecs_locl.h | 4 ++-- - crypto/engine/eng_cryptodev.c | 2 +- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h -index 9b28c04..c3843c6 100644 ---- a/crypto/ecdsa/ecs_locl.h -+++ b/crypto/ecdsa/ecs_locl.h -@@ -74,10 +74,10 @@ struct ecdsa_method { - BIGNUM **r); - int (*ecdsa_do_verify) (const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey); -- int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len, -+ int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len, - const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey, - ECDSA_SIG *sig, struct pkc_cookie_s *cookie); -- int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len, -+ int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie); - # if 0 - int (*init) (EC_KEY *eckey); -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 20e1ec3..1f13079 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -3437,7 +3437,7 @@ static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst, - if (!(sig->r = BN_new()) || !kop) - goto err; - if ((sig->s = BN_new()) == NULL) { -- BN_free(r); -+ BN_free(sig->r); - goto err; - } - --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch deleted file mode 100644 index ea1f4b2..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch +++ /dev/null @@ -1,28 +0,0 @@ -From ec6b6531e3e67b4e82a4bc6829777052f39807b1 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Mon, 8 Feb 2016 16:55:32 +0200 -Subject: [PATCH 37/48] cryptodev: fix return value on error - -Even though we're on error path, the operation is taken care of on -software; return success (ret is 1) - -Signed-off-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 1f13079..b87fa7d 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -2768,7 +2768,6 @@ cryptodev_dsa_do_sign_async(const unsigned char *dgst, int dlen, DSA *dsa, - sig->s = dsaret->s; - /* Call user callback immediately */ - cookie->pkc_callback(cookie, 0); -- ret = dsaret; - } - return ret; - } --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch deleted file mode 100644 index acd6e32..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 77c84d99b5b0ab95efc9e1efc083e5cca8aa4eb5 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Mon, 8 Feb 2016 17:11:43 +0200 -Subject: [PATCH 38/48] cryptodev: match types with cryptodev.h - -Signed-off-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index b87fa7d..4296704 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -86,9 +86,9 @@ struct dev_crypto_state { - int ivlen; - # ifdef USE_CRYPTODEV_DIGESTS - struct hash_op_data hash_op; -- char dummy_mac_key[HASH_MAX_LEN]; -+ unsigned char dummy_mac_key[HASH_MAX_LEN]; - unsigned char digest_res[HASH_MAX_LEN]; -- char *mac_data; -+ unsigned char *mac_data; - int mac_len; - # endif - }; --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch deleted file mode 100644 index 70319e4..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 4366920bb2a97c10c49c5e6d035c0c82629b9f0a Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Mon, 8 Feb 2016 17:15:25 +0200 -Subject: [PATCH 39/48] cryptodev: explicitly discard const qualifier - -The const qualifier is discarded by the assignment as a result of how -the variables are defined. This patch drops the const qualifier -explicitly to avoid build errors. - -Signed-off-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 4296704..f8619b0 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -1593,7 +1593,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, - * cryptodev calls and accumulating small amounts of data - */ - if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) { -- state->mac_data = data; -+ state->mac_data = (void *)data; - state->mac_len = count; - } else { - state->mac_data = --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch deleted file mode 100644 index c835967..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch +++ /dev/null @@ -1,95 +0,0 @@ -From f256bb9574f77206b289b265d1d46bb53e54c71c Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Tue, 9 Feb 2016 11:28:23 +0200 -Subject: [PATCH 40/48] cryptodev: replace caddr_t with void * - -This avoids warnings such as "pointer targets in assignment differ in -signedness" when compiling the code - -Signed-off-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 22 +++++++++++----------- - 1 file changed, 11 insertions(+), 11 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index f8619b0..aac2740 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -461,8 +461,8 @@ static int get_cryptodev_ciphers(const int **cnids) - return (0); - } - memset(&sess, 0, sizeof(sess)); -- sess.key = (caddr_t) "123456789abcdefghijklmno"; -- sess.mackey = (caddr_t) "123456789ABCDEFGHIJKLMNO"; -+ sess.key = (void *)"123456789abcdefghijklmno"; -+ sess.mackey = (void *)"123456789ABCDEFGHIJKLMNO"; - - for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { - if (ciphers[i].nid == NID_undef) -@@ -502,7 +502,7 @@ static int get_cryptodev_digests(const int **cnids) - return (0); - } - memset(&sess, 0, sizeof(sess)); -- sess.mackey = (caddr_t) "123456789abcdefghijklmno"; -+ sess.mackey = (void *)"123456789abcdefghijklmno"; - for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { - if (digests[i].nid == NID_undef) - continue; -@@ -634,14 +634,14 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - cryp.ses = sess->ses; - cryp.flags = 0; - cryp.len = inl; -- cryp.src = (caddr_t) in; -- cryp.dst = (caddr_t) out; -+ cryp.src = (void *)in; -+ cryp.dst = (void *)out; - cryp.mac = 0; - - cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; - - if (ctx->cipher->iv_len) { -- cryp.iv = (caddr_t) ctx->iv; -+ cryp.iv = (void *)ctx->iv; - if (!ctx->encrypt) { - iiv = in + inl - ctx->cipher->iv_len; - memcpy(save_iv, iiv, ctx->cipher->iv_len); -@@ -702,15 +702,15 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - } - cryp.ses = sess->ses; - cryp.len = state->len; -- cryp.src = (caddr_t) in; -- cryp.dst = (caddr_t) out; -+ cryp.src = (void *)in; -+ cryp.dst = (void *)out; - cryp.auth_src = state->aad; - cryp.auth_len = state->aad_len; - - cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; - - if (ctx->cipher->iv_len) { -- cryp.iv = (caddr_t) ctx->iv; -+ cryp.iv = (void *)ctx->iv; - if (!ctx->encrypt) { - iiv = in + len - ctx->cipher->iv_len; - memcpy(save_iv, iiv, ctx->cipher->iv_len); -@@ -762,7 +762,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - if ((state->d_fd = get_dev_crypto()) < 0) - return (0); - -- sess->key = (caddr_t) key; -+ sess->key = (void *)key; - sess->keylen = ctx->key_len; - sess->cipher = cipher; - -@@ -805,7 +805,7 @@ static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx, - - memset(sess, 0, sizeof(struct session_op)); - -- sess->key = (caddr_t) key; -+ sess->key = (void *)key; - sess->keylen = ctx->key_len; - sess->cipher = cipher; - --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch deleted file mode 100644 index 6c46061..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch +++ /dev/null @@ -1,49 +0,0 @@ -From c714cb7a33e994ff2278149d4a7a20a21215a2f6 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Mon, 8 Feb 2016 17:04:25 +0200 -Subject: [PATCH 41/48] cryptodev: check for errors inside - cryptodev_rsa_mod_exp - -Signed-off-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 24 ++++++++++++++++++------ - 1 file changed, 18 insertions(+), 6 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index aac2740..e419bef 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -2067,12 +2067,24 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) - kop.crk_status = 0; - kop.crk_op = CRK_MOD_EXP_CRT; - f_len = BN_num_bytes(rsa->n); -- spcf_bn2bin_ex(I, &f, &f_len); -- spcf_bn2bin(rsa->p, &p, &p_len); -- spcf_bn2bin(rsa->q, &q, &q_len); -- spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len); -- spcf_bn2bin_ex(rsa->iqmp, &c, &p_len); -- spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len); -+ if (spcf_bn2bin_ex(I, &f, &f_len) != 0) { -+ goto err; -+ } -+ if (spcf_bn2bin(rsa->p, &p, &p_len) != 0) { -+ goto err; -+ } -+ if (spcf_bn2bin(rsa->q, &q, &q_len) != 0) { -+ goto err; -+ } -+ if (spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len) != 0) { -+ goto err; -+ } -+ if (spcf_bn2bin_ex(rsa->iqmp, &c, &p_len) != 0) { -+ goto err; -+ } -+ if (spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len) != 0) { -+ goto err; -+ } - /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ - kop.crk_param[0].crp_p = p; - kop.crk_param[0].crp_nbits = p_len * 8; --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch deleted file mode 100644 index 4b9b086..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 7f444e52acada23977b89d42f8dd8ebd915ccd83 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Tue, 9 Feb 2016 11:47:52 +0200 -Subject: [PATCH 42/48] cryptodev: check for errors inside - cryptodev_rsa_mod_exp_async - -Signed-off-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 33 +++++++++++++++++++++++++-------- - 1 file changed, 25 insertions(+), 8 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index e419bef..7c391d6 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -2122,25 +2122,42 @@ static int - cryptodev_rsa_mod_exp_async(BIGNUM *r0, const BIGNUM *I, RSA *rsa, - BN_CTX *ctx, struct pkc_cookie_s *cookie) - { -- struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); -+ struct crypt_kop *kop; - int ret = 1, f_len, p_len, q_len; - unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq = - NULL, *c = NULL; - -- if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp || !kop) { -+ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { - return (0); - } - -+ kop = malloc(sizeof(struct crypt_kop)); -+ if (kop == NULL) { -+ goto err; -+ } -+ - kop->crk_oparams = 0; - kop->crk_status = 0; - kop->crk_op = CRK_MOD_EXP_CRT; - f_len = BN_num_bytes(rsa->n); -- spcf_bn2bin_ex(I, &f, &f_len); -- spcf_bn2bin(rsa->p, &p, &p_len); -- spcf_bn2bin(rsa->q, &q, &q_len); -- spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len); -- spcf_bn2bin_ex(rsa->iqmp, &c, &p_len); -- spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len); -+ if (spcf_bn2bin_ex(I, &f, &f_len) != 0) { -+ goto err; -+ } -+ if (spcf_bn2bin(rsa->p, &p, &p_len) != 0) { -+ goto err; -+ } -+ if (spcf_bn2bin(rsa->q, &q, &q_len) != 0) { -+ goto err; -+ } -+ if (spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len) != 0) { -+ goto err; -+ } -+ if (spcf_bn2bin_ex(rsa->iqmp, &c, &p_len) != 0) { -+ goto err; -+ } -+ if (spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len) != 0) { -+ goto err; -+ } - /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ - kop->crk_param[0].crp_p = p; - kop->crk_param[0].crp_nbits = p_len * 8; --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch deleted file mode 100644 index 879d5c2..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 73115f243f0a65326888537f125e31f28c9f570d Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Tue, 9 Feb 2016 11:53:22 +0200 -Subject: [PATCH 43/48] cryptodev: check for errors inside - cryptodev_dh_compute_key - -Signed-off-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 15 +++++++++++---- - 1 file changed, 11 insertions(+), 4 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 7c391d6..753e326 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -4056,11 +4056,15 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) - memset(&kop, 0, sizeof kop); - kop.crk_op = CRK_DH_COMPUTE_KEY; - /* inputs: dh->priv_key pub_key dh->p key */ -- spcf_bn2bin(dh->p, &p, &p_len); -- spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len); -- if (bn2crparam(dh->priv_key, &kop.crk_param[0])) -+ if (spcf_bn2bin(dh->p, &p, &p_len) != 0) { - goto sw_try; -- -+ } -+ if (spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len) != 0) { -+ goto sw_try; -+ } -+ if (bn2crparam(dh->priv_key, &kop.crk_param[0]) != 0) { -+ goto sw_try; -+ } - kop.crk_param[1].crp_p = padded_pub_key; - kop.crk_param[1].crp_nbits = p_len * 8; - kop.crk_param[2].crp_p = p; -@@ -4087,10 +4091,13 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) - kop.crk_param[3].crp_p = NULL; - zapparams(&kop); - return (dhret); -+ - sw_try: - { - const DH_METHOD *meth = DH_OpenSSL(); - -+ free(p); -+ free(padded_pub_key); - dhret = (meth->compute_key) (key, pub_key, dh); - } - return (dhret); --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch deleted file mode 100644 index 37bdff8..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 0901ff383524e896424921f4e8a1ba7020e7613d Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Tue, 9 Feb 2016 11:53:33 +0200 -Subject: [PATCH 44/48] cryptodev: check for errors inside - cryptodev_dh_compute_key_async - -Signed-off-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 29 +++++++++++++++++++++-------- - 1 file changed, 21 insertions(+), 8 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 753e326..b9c7ff3 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -4108,19 +4108,28 @@ static int - cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key, - DH *dh, struct pkc_cookie_s *cookie) - { -- struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); -+ struct crypt_kop *kop; - int ret = 1; - int p_len; - unsigned char *padded_pub_key = NULL, *p = NULL; - -+ kop = malloc(sizeof(struct crypt_kop)); -+ if (kop == NULL) { -+ goto err; -+ } -+ - memset(kop, 0, sizeof(struct crypt_kop)); - kop->crk_op = CRK_DH_COMPUTE_KEY; - /* inputs: dh->priv_key pub_key dh->p key */ -- spcf_bn2bin(dh->p, &p, &p_len); -- spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len); -- -- if (bn2crparam(dh->priv_key, &kop->crk_param[0])) -+ if (spcf_bn2bin(dh->p, &p, &p_len) != 0) { -+ goto err; -+ } -+ if (spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len) != 0) { - goto err; -+ } -+ if (bn2crparam(dh->priv_key, &kop->crk_param[0]) != 0) { -+ goto err; -+ } - kop->crk_param[1].crp_p = padded_pub_key; - kop->crk_param[1].crp_nbits = p_len * 8; - kop->crk_param[2].crp_p = p; -@@ -4132,16 +4141,20 @@ cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key, - kop->crk_param[3].crp_nbits = p_len * 8; - kop->crk_oparams = 1; - -- if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) -+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) { - goto err; -+ } - - return p_len; - err: - { - const DH_METHOD *meth = DH_OpenSSL(); -- -- if (kop) -+ free(p); -+ free(padded_pub_key); -+ if (kop) { - free(kop); -+ } -+ - ret = (meth->compute_key) (key, pub_key, dh); - /* Call user cookie handler */ - cookie->pkc_callback(cookie, 0); --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch deleted file mode 100644 index 12b5f6c..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 6ca53b6d6519d52021e642230bb51ae7834b3e67 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Tue, 9 Feb 2016 12:11:32 +0200 -Subject: [PATCH 45/48] cryptodev: change signature for conversion functions - -These functions are called with const BIGNUMs, so we change the -signatures to avoid compilation warnings - -Signed-off-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index b9c7ff3..58e539c 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -146,7 +146,7 @@ const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1; - const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256; - const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256; - --inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) -+static int spcf_bn2bin(const BIGNUM *bn, unsigned char **bin, int *bin_len) - { - int len; - unsigned char *p; -@@ -168,7 +168,7 @@ inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) - return 0; - } - --inline int spcf_bn2bin_ex(BIGNUM *bn, unsigned char **bin, int *bin_len) -+static int spcf_bn2bin_ex(const BIGNUM *bn, unsigned char **bin, int *bin_len) - { - int len; - unsigned char *p; --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch deleted file mode 100644 index d8b56de..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 8f6e948f5f6bb2b517a5436dd6294e7e5536cf8f Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Tue, 9 Feb 2016 12:13:59 +0200 -Subject: [PATCH 46/48] cryptodev: add explicit cast for known BIGNUM values - -Signed-off-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 58e539c..ddd3462 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -4027,7 +4027,7 @@ static int cryptodev_dh_keygen(DH *dh) - } - - /* pub_key is or prime length while priv key is of length of order */ -- if (cryptodev_asym(&kop, q_len, w, q_len, s)) -+ if (cryptodev_asym(&kop, q_len, (BIGNUM *)w, q_len, (BIGNUM *)s)) - goto sw_try; - - dh->pub_key = BN_bin2bn(w, q_len, pub_key); --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch deleted file mode 100644 index 7cfad9c..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch +++ /dev/null @@ -1,28 +0,0 @@ -From e50560cb9a201c0b0130bb29d4c99121a8ec97ba Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Mon, 8 Feb 2016 15:15:02 +0200 -Subject: [PATCH 47/48] cryptodev: treat all build warnings as errors - -This patch has the purpose of maintaining a higher level of code quality. - -Signed-off-by: Cristian Stoica ---- - crypto/engine/Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/crypto/engine/Makefile b/crypto/engine/Makefile -index 426388e..010f21d 100644 ---- a/crypto/engine/Makefile -+++ b/crypto/engine/Makefile -@@ -10,7 +10,7 @@ CFLAG=-g - MAKEFILE= Makefile - AR= ar r - --CFLAGS= $(INCLUDES) $(CFLAG) -+CFLAGS= -Wall -Werror $(INCLUDES) $(CFLAG) - - GENERAL=Makefile - TEST= enginetest.c --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch deleted file mode 100644 index 57ff7f1..0000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch +++ /dev/null @@ -1,29 +0,0 @@ -From c79e7a4a818ea86bf6045197173d5c4e243d1f4f Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Wed, 6 Apr 2016 15:22:58 +0300 -Subject: [PATCH 48/48] fix 'maclen is used uninitialized' warning on some - compilers - -Signed-off-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index ddd3462..2266b26 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -906,6 +906,10 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, - maclen = SHA256_DIGEST_LENGTH; - aad_needs_fix = true; - break; -+ default: -+ fprintf(stderr, "%s: unsupported NID: %d\n", -+ __func__, ctx->cipher->nid); -+ return -1; - } - - /* Correct length for AAD Length field */ --- -2.7.3 - diff --git a/recipes-connectivity/openssl/openssl-qoriq_1.0.2l.bb b/recipes-connectivity/openssl/openssl-qoriq_1.0.2l.bb index a2346ba..04052ac 100644 --- a/recipes-connectivity/openssl/openssl-qoriq_1.0.2l.bb +++ b/recipes-connectivity/openssl/openssl-qoriq_1.0.2l.bb @@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=057d9218c6180e1d9ee407572b2dd225" export DIRS = "crypto ssl apps engines" export OE_LDFLAGS="${LDFLAGS}" -SRC_URI += "file://find.pl;subdir=${BP}/util \ +SRC_URI += "file://find.pl;subdir=git/util \ file://run-ptest \ file://openssl-c_rehash.sh \ file://configure-targets.patch \ @@ -44,14 +44,7 @@ SRC_URI += "file://find.pl;subdir=${BP}/util \ file://Use-SHA256-not-MD5-as-default-digest.patch \ file://0001-Fix-build-with-clang-using-external-assembler.patch \ " -SRC_URI[md5sum] = "f85123cd390e864dfbe517e7616e6566" -SRC_URI[sha256sum] = "ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c" - -SRC_URI += " \ - file://find.pl;subdir=openssl-${PV}/util/ \ - file://0001-remove-double-initialization-of-cryptodev-engine.patch \ - file://0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch \ -" +SRCREV = "b9e6572a0dcbaaf84a8925cabd1a86bd594ca69f" PACKAGES =+ "${PN}-engines" FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" -- 1.9.0