diff options
| author | Waldemar Brodkorb <wbx@uclibc-ng.org> | 2015-12-04 07:06:04 +0100 |
|---|---|---|
| committer | Waldemar Brodkorb <wbx@uclibc-ng.org> | 2015-12-04 07:06:04 +0100 |
| commit | 686c1b8f0c86d2d2cfcf894c321cd9821ab06ef6 (patch) | |
| tree | 3cb01cf7e2c41fc741971da78705f431e8bd6a35 /package/openssl | |
| parent | a41d6d1d3e94f57ea4c5956a6428b2da0c5e0911 (diff) | |
openssl: update to latest stable version
Diffstat (limited to 'package/openssl')
| -rw-r--r-- | package/openssl/Makefile | 6 | ||||
| -rw-r--r-- | package/openssl/patches/patch-crypto_engine_eng_cryptodev_c | 2539 |
2 files changed, 3 insertions, 2542 deletions
diff --git a/package/openssl/Makefile b/package/openssl/Makefile index b1adfea5f..d5f96035e 100644 --- a/package/openssl/Makefile +++ b/package/openssl/Makefile @@ -4,9 +4,9 @@ include ${ADK_TOPDIR}/rules.mk PKG_NAME:= openssl -PKG_VERSION:= 1.0.2d +PKG_VERSION:= 1.0.2e PKG_RELEASE:= 1 -PKG_HASH:= 671c36487785628a703374c652ad2cebea45fa920ae5681515df25d9f2c9a8c8 +PKG_HASH:= e23ccafdb75cfcde782da0151731aa2185195ac745eea3846133f2e05c0e0bff PKG_DESCR:= secure socket layer libraries PKG_SECTION:= libs/crypto PKG_DEPENDS:= zlib @@ -42,7 +42,7 @@ ALL_TARGET+= build-shared TARGET_CFLAGS+= -ldl endif -OPENSSL_OPTIONS+= threads no-err no-krb5 no-engines no-camellia no-idea no-rc5 no-mdc2 no-sha0 no-smime no-aes192 no-cast +OPENSSL_OPTIONS+= threads no-err no-krb5 no-engines no-rc5 no-sha0 no-smime no-aes192 HOST_STYLE:= manual CONFIG_STYLE:= manual diff --git a/package/openssl/patches/patch-crypto_engine_eng_cryptodev_c b/package/openssl/patches/patch-crypto_engine_eng_cryptodev_c deleted file mode 100644 index 603e33133..000000000 --- a/package/openssl/patches/patch-crypto_engine_eng_cryptodev_c +++ /dev/null @@ -1,2539 +0,0 @@ ---- openssl-1.0.2a.orig/crypto/engine/eng_cryptodev.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/engine/eng_cryptodev.c 2015-02-02 21:02:31.009892700 +0100 -@@ -2,6 +2,7 @@ - * Copyright (c) 2002 Bob Beck <beck@openbsd.org> - * Copyright (c) 2002 Theo de Raadt - * Copyright (c) 2002 Markus Friedl -+ * Copyright (c) 2012 Nikos Mavrogiannopoulos - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without -@@ -32,8 +33,8 @@ - #include <openssl/bn.h> - - #if (defined(__unix__) || defined(unix)) && !defined(USG) && \ -- (defined(OpenBSD) || defined(__FreeBSD__)) --# include <sys/param.h> -+ (defined(OpenBSD) || defined(__FreeBSD__)) -+#include <sys/param.h> - # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) - # define HAVE_CRYPTODEV - # endif -@@ -44,39 +45,40 @@ - - #ifndef HAVE_CRYPTODEV - --void ENGINE_load_cryptodev(void) -+void -+ENGINE_load_cryptodev(void) - { -- /* This is a NOP on platforms without /dev/crypto */ -- return; -+ /* This is a NOP on platforms without /dev/crypto */ -+ return; - } - --#else -- --# include <sys/types.h> --# include <crypto/cryptodev.h> --# include <openssl/dh.h> --# include <openssl/dsa.h> --# include <openssl/err.h> --# include <openssl/rsa.h> --# include <sys/ioctl.h> --# include <errno.h> --# include <stdio.h> --# include <unistd.h> --# include <fcntl.h> --# include <stdarg.h> --# include <syslog.h> --# include <errno.h> --# include <string.h> -+#else -+ -+#include <sys/types.h> -+#include <crypto/cryptodev.h> -+#include <crypto/dh/dh.h> -+#include <crypto/dsa/dsa.h> -+#include <crypto/err/err.h> -+#include <crypto/rsa/rsa.h> -+#include <sys/ioctl.h> -+#include <errno.h> -+#include <stdio.h> -+#include <unistd.h> -+#include <fcntl.h> -+#include <stdarg.h> -+#include <syslog.h> -+#include <errno.h> -+#include <string.h> - - struct dev_crypto_state { -- struct session_op d_sess; -- int d_fd; --# ifdef USE_CRYPTODEV_DIGESTS -- char dummy_mac_key[HASH_MAX_LEN]; -- unsigned char digest_res[HASH_MAX_LEN]; -- char *mac_data; -- int mac_len; --# endif -+ struct session_op d_sess; -+ int d_fd; -+ -+#ifdef USE_CRYPTODEV_DIGESTS -+ unsigned char digest_res[64]; -+ char *mac_data; -+ int mac_len; -+#endif - }; - - static u_int32_t cryptodev_asymfeat = 0; -@@ -85,196 +87,153 @@ static int get_asym_dev_crypto(void); - static int open_dev_crypto(void); - static int get_dev_crypto(void); - static int get_cryptodev_ciphers(const int **cnids); --# ifdef USE_CRYPTODEV_DIGESTS -+#ifdef USE_CRYPTODEV_DIGESTS - static int get_cryptodev_digests(const int **cnids); --# endif -+#endif - static int cryptodev_usable_ciphers(const int **nids); - static int cryptodev_usable_digests(const int **nids); - static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, size_t inl); -+ const unsigned char *in, size_t inl); - static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv, int enc); -+ const unsigned char *iv, int enc); - static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); - static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, -- const int **nids, int nid); -+ const int **nids, int nid); - static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, -- const int **nids, int nid); -+ const int **nids, int nid); - static int bn2crparam(const BIGNUM *a, struct crparam *crp); - static int crparam2bn(struct crparam *crp, BIGNUM *a); - static void zapparams(struct crypt_kop *kop); - static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, -- int slen, BIGNUM *s); -+ int slen, BIGNUM *s); - - static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, -- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, -- BN_MONT_CTX *m_ctx); --static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, -- BN_CTX *ctx); --static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, -- BN_CTX *ctx); -+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -+static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, -+ RSA *rsa, BN_CTX *ctx); -+static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); - static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, -- const BIGNUM *p, const BIGNUM *m, -- BN_CTX *ctx, BN_MONT_CTX *m_ctx); -+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); - static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, -- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, -- BIGNUM *p, BN_CTX *ctx, -- BN_MONT_CTX *mont); --static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, -- DSA *dsa); -+ BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, -+ BN_CTX *ctx, BN_MONT_CTX *mont); -+static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, -+ int dlen, DSA *dsa); - static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, -- DSA_SIG *sig, DSA *dsa); -+ DSA_SIG *sig, DSA *dsa); - static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, -- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, -- BN_MONT_CTX *m_ctx); --static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, -- DH *dh); -+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, -+ BN_MONT_CTX *m_ctx); -+static int cryptodev_dh_compute_key(unsigned char *key, -+ const BIGNUM *pub_key, DH *dh); - static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, -- void (*f) (void)); -+ void (*f)(void)); - void ENGINE_load_cryptodev(void); - - static const ENGINE_CMD_DEFN cryptodev_defns[] = { -- {0, NULL, NULL, 0} -+ { 0, NULL, NULL, 0 } - }; - - static struct { -- int id; -- int nid; -- int ivmax; -- int keylen; -+ int id; -+ int nid; -+ int ivmax; -+ int keylen; - } ciphers[] = { -- { -- CRYPTO_ARC4, NID_rc4, 0, 16, -- }, -- { -- CRYPTO_DES_CBC, NID_des_cbc, 8, 8, -- }, -- { -- CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, -- }, -- { -- CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, -- }, -- { -- CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, -- }, -- { -- CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, -- }, --# ifdef CRYPTO_AES_CTR -- { -- CRYPTO_AES_CTR, NID_aes_128_ctr, 14, 16, -- }, -- { -- CRYPTO_AES_CTR, NID_aes_192_ctr, 14, 24, -- }, -- { -- CRYPTO_AES_CTR, NID_aes_256_ctr, 14, 32, -- }, --# endif -- { -- CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, -- }, -- { -- CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, -- }, -- { -- CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, -- }, -- { -- 0, NID_undef, 0, 0, -- }, -+ { CRYPTO_ARC4, NID_rc4, 0, 16, }, -+ { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, -+ { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, -+ { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, -+ { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, -+ { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, -+ { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, -+ { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, -+ { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, -+ { 0, NID_undef, 0, 0, }, - }; - --# ifdef USE_CRYPTODEV_DIGESTS -+#ifdef USE_CRYPTODEV_DIGESTS - static struct { -- int id; -- int nid; -- int keylen; -+ int id; -+ int nid; -+ int digestlen; - } digests[] = { -- { -- CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16 -- }, -- { -- CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20 -- }, -- { -- CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16 -- /* ? */ -- }, -- { -- CRYPTO_MD5_KPDK, NID_undef, 0 -- }, -- { -- CRYPTO_SHA1_KPDK, NID_undef, 0 -- }, -- { -- CRYPTO_MD5, NID_md5, 16 -- }, -- { -- CRYPTO_SHA1, NID_sha1, 20 -- }, -- { -- 0, NID_undef, 0 -- }, -+#if 0 -+ /* HMAC is not supported */ -+ { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16}, -+ { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20}, -+ { CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA256, 32}, -+ { CRYPTO_SHA2_384_HMAC, NID_hmacWithSHA384, 48}, -+ { CRYPTO_SHA2_512_HMAC, NID_hmacWithSHA512, 64}, -+#endif -+ { CRYPTO_MD5, NID_md5, 16}, -+ { CRYPTO_SHA1, NID_sha1, 20}, -+ { CRYPTO_SHA2_256, NID_sha256, 32}, -+ { CRYPTO_SHA2_384, NID_sha384, 48}, -+ { CRYPTO_SHA2_512, NID_sha512, 64}, -+ { 0, NID_undef, 0}, - }; --# endif -+#endif - - /* - * Return a fd if /dev/crypto seems usable, 0 otherwise. - */ --static int open_dev_crypto(void) -+static int -+open_dev_crypto(void) - { -- static int fd = -1; -+ static int fd = -1; - -- if (fd == -1) { -- if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) -- return (-1); -- /* close on exec */ -- if (fcntl(fd, F_SETFD, 1) == -1) { -- close(fd); -- fd = -1; -- return (-1); -- } -- } -- return (fd); -+ if (fd == -1) { -+ if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) -+ return (-1); -+ /* close on exec */ -+ if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) { -+ close(fd); -+ fd = -1; -+ return (-1); -+ } -+ } -+ return (fd); - } - --static int get_dev_crypto(void) -+static int -+get_dev_crypto(void) - { -- int fd, retfd; -+ int fd, retfd; - -- if ((fd = open_dev_crypto()) == -1) -- return (-1); --# ifndef CRIOGET_NOT_NEEDED -- if (ioctl(fd, CRIOGET, &retfd) == -1) -- return (-1); -+ if ((fd = open_dev_crypto()) == -1) -+ return (-1); -+#ifndef CRIOGET_NOT_NEEDED -+ if (ioctl(fd, CRIOGET, &retfd) == -1) -+ return (-1); - -- /* close on exec */ -- if (fcntl(retfd, F_SETFD, 1) == -1) { -- close(retfd); -- return (-1); -- } --# else -- retfd = fd; --# endif -- return (retfd); -+ /* close on exec */ -+ if (fcntl(retfd, F_SETFD, 1) == -1) { -+ close(retfd); -+ return (-1); -+ } -+#else -+ retfd = fd; -+#endif -+ return (retfd); - } - - static void put_dev_crypto(int fd) - { --# ifndef CRIOGET_NOT_NEEDED -- close(fd); --# endif -+#ifndef CRIOGET_NOT_NEEDED -+ close(fd); -+#endif - } - - /* Caching version for asym operations */ --static int get_asym_dev_crypto(void) -+static int -+get_asym_dev_crypto(void) - { -- static int fd = -1; -+ static int fd = -1; - -- if (fd == -1) -- fd = get_dev_crypto(); -- return fd; -+ if (fd == -1) -+ fd = get_dev_crypto(); -+ return fd; - } - - /* -@@ -283,76 +242,80 @@ static int get_asym_dev_crypto(void) - * returning them here is harmless, as long as we return NULL - * when asked for a handler in the cryptodev_engine_ciphers routine - */ --static int get_cryptodev_ciphers(const int **cnids) -+static int -+get_cryptodev_ciphers(const int **cnids) - { -- static int nids[CRYPTO_ALGORITHM_MAX]; -- struct session_op sess; -- int fd, i, count = 0; -+ static int nids[CRYPTO_ALGORITHM_MAX]; -+ struct session_op sess; -+ int fd, i, count = 0; -+ unsigned char fake_key[EVP_MAX_KEY_LENGTH]; - -- if ((fd = get_dev_crypto()) < 0) { -- *cnids = NULL; -- return (0); -- } -- memset(&sess, 0, sizeof(sess)); -- sess.key = (caddr_t) "123456789abcdefghijklmno"; -+ if ((fd = get_dev_crypto()) < 0) { -+ *cnids = NULL; -+ return (0); -+ } -+ memset(&sess, 0, sizeof(sess)); -+ sess.key = (void*)fake_key; - -- for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { -- if (ciphers[i].nid == NID_undef) -- continue; -- sess.cipher = ciphers[i].id; -- sess.keylen = ciphers[i].keylen; -- sess.mac = 0; -- if (ioctl(fd, CIOCGSESSION, &sess) != -1 && -- ioctl(fd, CIOCFSESSION, &sess.ses) != -1) -- nids[count++] = ciphers[i].nid; -- } -- put_dev_crypto(fd); -+ for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { -+ if (ciphers[i].nid == NID_undef) -+ continue; -+ sess.cipher = ciphers[i].id; -+ sess.keylen = ciphers[i].keylen; -+ sess.mac = 0; -+ if (ioctl(fd, CIOCGSESSION, &sess) != -1 && -+ ioctl(fd, CIOCFSESSION, &sess.ses) != -1) -+ nids[count++] = ciphers[i].nid; -+ } -+ put_dev_crypto(fd); - -- if (count > 0) -- *cnids = nids; -- else -- *cnids = NULL; -- return (count); -+ if (count > 0) -+ *cnids = nids; -+ else -+ *cnids = NULL; -+ return (count); - } - --# ifdef USE_CRYPTODEV_DIGESTS -+#ifdef USE_CRYPTODEV_DIGESTS - /* - * Find out what digests /dev/crypto will let us have a session for. - * XXX note, that some of these openssl doesn't deal with yet! - * returning them here is harmless, as long as we return NULL - * when asked for a handler in the cryptodev_engine_digests routine - */ --static int get_cryptodev_digests(const int **cnids) -+static int -+get_cryptodev_digests(const int **cnids) - { -- static int nids[CRYPTO_ALGORITHM_MAX]; -- struct session_op sess; -- int fd, i, count = 0; -+ static int nids[CRYPTO_ALGORITHM_MAX]; -+ unsigned char fake_key[EVP_MAX_KEY_LENGTH]; -+ struct session_op sess; -+ int fd, i, count = 0; - -- if ((fd = get_dev_crypto()) < 0) { -- *cnids = NULL; -- return (0); -- } -- memset(&sess, 0, sizeof(sess)); -- sess.mackey = (caddr_t) "123456789abcdefghijklmno"; -- for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { -- if (digests[i].nid == NID_undef) -- continue; -- sess.mac = digests[i].id; -- sess.mackeylen = digests[i].keylen; -- sess.cipher = 0; -- if (ioctl(fd, CIOCGSESSION, &sess) != -1 && -- ioctl(fd, CIOCFSESSION, &sess.ses) != -1) -- nids[count++] = digests[i].nid; -- } -- put_dev_crypto(fd); -+ if ((fd = get_dev_crypto()) < 0) { -+ *cnids = NULL; -+ return (0); -+ } -+ memset(&sess, 0, sizeof(sess)); -+ sess.mackey = fake_key; -+ for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { -+ if (digests[i].nid == NID_undef) -+ continue; -+ sess.mac = digests[i].id; -+ sess.mackeylen = 8; -+ sess.cipher = 0; -+ if (ioctl(fd, CIOCGSESSION, &sess) != -1 && -+ ioctl(fd, CIOCFSESSION, &sess.ses) != -1) -+ nids[count++] = digests[i].nid; -+ } -+ put_dev_crypto(fd); - -- if (count > 0) -- *cnids = nids; -- else -- *cnids = NULL; -- return (count); -+ if (count > 0) -+ *cnids = nids; -+ else -+ *cnids = NULL; -+ return (count); - } --# endif /* 0 */ -+#endif /* 0 */ - - /* - * Find the useable ciphers|digests from dev/crypto - this is the first -@@ -375,158 +338,161 @@ static int get_cryptodev_digests(const i - * want most of the decisions made about what we actually want - * to use from /dev/crypto. - */ --static int cryptodev_usable_ciphers(const int **nids) -+static int -+cryptodev_usable_ciphers(const int **nids) - { -- return (get_cryptodev_ciphers(nids)); -+ return (get_cryptodev_ciphers(nids)); - } - --static int cryptodev_usable_digests(const int **nids) -+static int -+cryptodev_usable_digests(const int **nids) - { --# ifdef USE_CRYPTODEV_DIGESTS -- return (get_cryptodev_digests(nids)); --# else -- /* -- * XXXX just disable all digests for now, because it sucks. -- * we need a better way to decide this - i.e. I may not -- * want digests on slow cards like hifn on fast machines, -- * but might want them on slow or loaded machines, etc. -- * will also want them when using crypto cards that don't -- * suck moose gonads - would be nice to be able to decide something -- * as reasonable default without having hackery that's card dependent. -- * of course, the default should probably be just do everything, -- * with perhaps a sysctl to turn algoritms off (or have them off -- * by default) on cards that generally suck like the hifn. -- */ -- *nids = NULL; -- return (0); --# endif -+#ifdef USE_CRYPTODEV_DIGESTS -+ return (get_cryptodev_digests(nids)); -+#else -+ /* -+ * XXXX just disable all digests for now, because it sucks. -+ * we need a better way to decide this - i.e. I may not -+ * want digests on slow cards like hifn on fast machines, -+ * but might want them on slow or loaded machines, etc. -+ * will also want them when using crypto cards that don't -+ * suck moose gonads - would be nice to be able to decide something -+ * as reasonable default without having hackery that's card dependent. -+ * of course, the default should probably be just do everything, -+ * with perhaps a sysctl to turn algoritms off (or have them off -+ * by default) on cards that generally suck like the hifn. -+ */ -+ *nids = NULL; -+ return (0); -+#endif - } - - static int - cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, size_t inl) -+ const unsigned char *in, size_t inl) - { -- struct crypt_op cryp; -- struct dev_crypto_state *state = ctx->cipher_data; -- struct session_op *sess = &state->d_sess; -- const void *iiv; -- unsigned char save_iv[EVP_MAX_IV_LENGTH]; -+ struct crypt_op cryp; -+ struct dev_crypto_state *state = ctx->cipher_data; -+ struct session_op *sess = &state->d_sess; -+ const void *iiv; -+ unsigned char save_iv[EVP_MAX_IV_LENGTH]; - -- if (state->d_fd < 0) -- return (0); -- if (!inl) -- return (1); -- if ((inl % ctx->cipher->block_size) != 0) -- return (0); -+ if (state->d_fd < 0) -+ return (0); -+ if (!inl) -+ return (1); -+ if ((inl % ctx->cipher->block_size) != 0) -+ return (0); - -- memset(&cryp, 0, sizeof(cryp)); -+ memset(&cryp, 0, sizeof(cryp)); - -- cryp.ses = sess->ses; -- cryp.flags = 0; -- cryp.len = inl; -- cryp.src = (caddr_t) in; -- cryp.dst = (caddr_t) out; -- cryp.mac = 0; -+ cryp.ses = sess->ses; -+ cryp.flags = 0; -+ cryp.len = inl; -+ cryp.src = (void*) in; -+ cryp.dst = (void*) out; -+ cryp.mac = 0; - -- cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; -+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; - -- if (ctx->cipher->iv_len) { -- cryp.iv = (caddr_t) ctx->iv; -- if (!ctx->encrypt) { -- iiv = in + inl - ctx->cipher->iv_len; -- memcpy(save_iv, iiv, ctx->cipher->iv_len); -- } -- } else -- cryp.iv = NULL; -+ if (ctx->cipher->iv_len) { -+ cryp.iv = (void*) ctx->iv; -+ if (!ctx->encrypt) { -+ iiv = in + inl - ctx->cipher->iv_len; -+ memcpy(save_iv, iiv, ctx->cipher->iv_len); -+ } -+ } else -+ cryp.iv = NULL; - -- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) { -- /* -- * XXX need better errror handling this can fail for a number of -- * different reasons. -- */ -- return (0); -- } -+ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) { -+ /* XXX need better errror handling -+ * this can fail for a number of different reasons. -+ */ -+ return (0); -+ } - -- if (ctx->cipher->iv_len) { -- if (ctx->encrypt) -- iiv = out + inl - ctx->cipher->iv_len; -- else -- iiv = save_iv; -- memcpy(ctx->iv, iiv, ctx->cipher->iv_len); -- } -- return (1); -+ if (ctx->cipher->iv_len) { -+ if (ctx->encrypt) -+ iiv = out + inl - ctx->cipher->iv_len; -+ else -+ iiv = save_iv; -+ memcpy(ctx->iv, iiv, ctx->cipher->iv_len); -+ } -+ return (1); - } - - static int - cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv, int enc) -+ const unsigned char *iv, int enc) - { -- struct dev_crypto_state *state = ctx->cipher_data; -- struct session_op *sess = &state->d_sess; -- int cipher = -1, i; -+ struct dev_crypto_state *state = ctx->cipher_data; -+ struct session_op *sess = &state->d_sess; -+ int cipher = -1, i; - -- for (i = 0; ciphers[i].id; i++) -- if (ctx->cipher->nid == ciphers[i].nid && -- ctx->cipher->iv_len <= ciphers[i].ivmax && -- ctx->key_len == ciphers[i].keylen) { -- cipher = ciphers[i].id; -- break; -- } -+ for (i = 0; ciphers[i].id; i++) -+ if (ctx->cipher->nid == ciphers[i].nid && -+ ctx->cipher->iv_len <= ciphers[i].ivmax && -+ ctx->key_len == ciphers[i].keylen) { -+ cipher = ciphers[i].id; -+ break; -+ } - -- if (!ciphers[i].id) { -- state->d_fd = -1; -- return (0); -- } -+ if (!ciphers[i].id) { -+ state->d_fd = -1; -+ return (0); -+ } - -- memset(sess, 0, sizeof(struct session_op)); -+ memset(sess, 0, sizeof(struct session_op)); - -- if ((state->d_fd = get_dev_crypto()) < 0) -- return (0); -+ if ((state->d_fd = get_dev_crypto()) < 0) -+ return (0); - -- sess->key = (caddr_t) key; -- sess->keylen = ctx->key_len; -- sess->cipher = cipher; -+ sess->key = (void*)key; -+ sess->keylen = ctx->key_len; -+ sess->cipher = cipher; - -- if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { -- put_dev_crypto(state->d_fd); -- state->d_fd = -1; -- return (0); -- } -- return (1); -+ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { -+ put_dev_crypto(state->d_fd); -+ state->d_fd = -1; -+ return (0); -+ } -+ return (1); - } - - /* - * free anything we allocated earlier when initting a - * session, and close the session. - */ --static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx) -+static int -+cryptodev_cleanup(EVP_CIPHER_CTX *ctx) - { -- int ret = 0; -- struct dev_crypto_state *state = ctx->cipher_data; -- struct session_op *sess = &state->d_sess; -+ int ret = 0; -+ struct dev_crypto_state *state = ctx->cipher_data; -+ struct session_op *sess = &state->d_sess; - -- if (state->d_fd < 0) -- return (0); -+ if (state->d_fd < 0) -+ return (0); - -- /* -- * XXX if this ioctl fails, someting's wrong. the invoker may have called -- * us with a bogus ctx, or we could have a device that for whatever -- * reason just doesn't want to play ball - it's not clear what's right -- * here - should this be an error? should it just increase a counter, -- * hmm. For right now, we return 0 - I don't believe that to be "right". -- * we could call the gorpy openssl lib error handlers that print messages -- * to users of the library. hmm.. -- */ -+ /* XXX if this ioctl fails, someting's wrong. the invoker -+ * may have called us with a bogus ctx, or we could -+ * have a device that for whatever reason just doesn't -+ * want to play ball - it's not clear what's right -+ * here - should this be an error? should it just -+ * increase a counter, hmm. For right now, we return -+ * 0 - I don't believe that to be "right". we could -+ * call the gorpy openssl lib error handlers that -+ * print messages to users of the library. hmm.. -+ */ - -- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) { -- ret = 0; -- } else { -- ret = 1; -- } -- put_dev_crypto(state->d_fd); -- state->d_fd = -1; -+ if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) { -+ ret = 0; -+ } else { -+ ret = 1; -+ } -+ put_dev_crypto(state->d_fd); -+ state->d_fd = -1; - -- return (ret); -+ return (ret); - } - - /* -@@ -536,151 +502,111 @@ static int cryptodev_cleanup(EVP_CIPHER_ - - /* RC4 */ - const EVP_CIPHER cryptodev_rc4 = { -- NID_rc4, -- 1, 16, 0, -- EVP_CIPH_VARIABLE_LENGTH, -- cryptodev_init_key, -- cryptodev_cipher, -- cryptodev_cleanup, -- sizeof(struct dev_crypto_state), -- NULL, -- NULL, -- NULL -+ NID_rc4, -+ 1, 16, 0, -+ EVP_CIPH_VARIABLE_LENGTH, -+ cryptodev_init_key, -+ cryptodev_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ NULL, -+ NULL, -+ NULL - }; - - /* DES CBC EVP */ - const EVP_CIPHER cryptodev_des_cbc = { -- NID_des_cbc, -- 8, 8, 8, -- EVP_CIPH_CBC_MODE, -- cryptodev_init_key, -- cryptodev_cipher, -- cryptodev_cleanup, -- sizeof(struct dev_crypto_state), -- EVP_CIPHER_set_asn1_iv, -- EVP_CIPHER_get_asn1_iv, -- NULL -+ NID_des_cbc, -+ 8, 8, 8, -+ EVP_CIPH_CBC_MODE, -+ cryptodev_init_key, -+ cryptodev_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ NULL - }; - - /* 3DES CBC EVP */ - const EVP_CIPHER cryptodev_3des_cbc = { -- NID_des_ede3_cbc, -- 8, 24, 8, -- EVP_CIPH_CBC_MODE, -- cryptodev_init_key, -- cryptodev_cipher, -- cryptodev_cleanup, -- sizeof(struct dev_crypto_state), -- EVP_CIPHER_set_asn1_iv, -- EVP_CIPHER_get_asn1_iv, -- NULL -+ NID_des_ede3_cbc, -+ 8, 24, 8, -+ EVP_CIPH_CBC_MODE, -+ cryptodev_init_key, -+ cryptodev_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ NULL - }; - - const EVP_CIPHER cryptodev_bf_cbc = { -- NID_bf_cbc, -- 8, 16, 8, -- EVP_CIPH_CBC_MODE, -- cryptodev_init_key, -- cryptodev_cipher, -- cryptodev_cleanup, -- sizeof(struct dev_crypto_state), -- EVP_CIPHER_set_asn1_iv, -- EVP_CIPHER_get_asn1_iv, -- NULL -+ NID_bf_cbc, -+ 8, 16, 8, -+ EVP_CIPH_CBC_MODE, -+ cryptodev_init_key, -+ cryptodev_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ NULL - }; - - const EVP_CIPHER cryptodev_cast_cbc = { -- NID_cast5_cbc, -- 8, 16, 8, -- EVP_CIPH_CBC_MODE, -- cryptodev_init_key, -- cryptodev_cipher, -- cryptodev_cleanup, -- sizeof(struct dev_crypto_state), -- EVP_CIPHER_set_asn1_iv, -- EVP_CIPHER_get_asn1_iv, -- NULL -+ NID_cast5_cbc, -+ 8, 16, 8, -+ EVP_CIPH_CBC_MODE, -+ cryptodev_init_key, -+ cryptodev_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ NULL - }; - - const EVP_CIPHER cryptodev_aes_cbc = { -- NID_aes_128_cbc, -- 16, 16, 16, -- EVP_CIPH_CBC_MODE, -- cryptodev_init_key, -- cryptodev_cipher, -- cryptodev_cleanup, -- sizeof(struct dev_crypto_state), -- EVP_CIPHER_set_asn1_iv, -- EVP_CIPHER_get_asn1_iv, -- NULL -+ NID_aes_128_cbc, -+ 16, 16, 16, -+ EVP_CIPH_CBC_MODE, -+ cryptodev_init_key, -+ cryptodev_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ NULL - }; - - const EVP_CIPHER cryptodev_aes_192_cbc = { -- NID_aes_192_cbc, -- 16, 24, 16, -- EVP_CIPH_CBC_MODE, -- cryptodev_init_key, -- cryptodev_cipher, -- cryptodev_cleanup, -- sizeof(struct dev_crypto_state), -- EVP_CIPHER_set_asn1_iv, -- EVP_CIPHER_get_asn1_iv, -- NULL -+ NID_aes_192_cbc, -+ 16, 24, 16, -+ EVP_CIPH_CBC_MODE, -+ cryptodev_init_key, -+ cryptodev_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ NULL - }; - - const EVP_CIPHER cryptodev_aes_256_cbc = { -- NID_aes_256_cbc, -- 16, 32, 16, -- EVP_CIPH_CBC_MODE, -- cryptodev_init_key, -- cryptodev_cipher, -- cryptodev_cleanup, -- sizeof(struct dev_crypto_state), -- EVP_CIPHER_set_asn1_iv, -- EVP_CIPHER_get_asn1_iv, -- NULL --}; -- --# ifdef CRYPTO_AES_CTR --const EVP_CIPHER cryptodev_aes_ctr = { -- NID_aes_128_ctr, -- 16, 16, 14, -- EVP_CIPH_CTR_MODE, -- cryptodev_init_key, -- cryptodev_cipher, -- cryptodev_cleanup, -- sizeof(struct dev_crypto_state), -- EVP_CIPHER_set_asn1_iv, -- EVP_CIPHER_get_asn1_iv, -- NULL --}; -- --const EVP_CIPHER cryptodev_aes_ctr_192 = { -- NID_aes_192_ctr, -- 16, 24, 14, -- EVP_CIPH_CTR_MODE, -- cryptodev_init_key, -- cryptodev_cipher, -- cryptodev_cleanup, -- sizeof(struct dev_crypto_state), -- EVP_CIPHER_set_asn1_iv, -- EVP_CIPHER_get_asn1_iv, -- NULL -+ NID_aes_256_cbc, -+ 16, 32, 16, -+ EVP_CIPH_CBC_MODE, -+ cryptodev_init_key, -+ cryptodev_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ NULL - }; - --const EVP_CIPHER cryptodev_aes_ctr_256 = { -- NID_aes_256_ctr, -- 16, 32, 14, -- EVP_CIPH_CTR_MODE, -- cryptodev_init_key, -- cryptodev_cipher, -- cryptodev_cleanup, -- sizeof(struct dev_crypto_state), -- EVP_CIPHER_set_asn1_iv, -- EVP_CIPHER_get_asn1_iv, -- NULL --}; --# endif - /* - * Registered by the ENGINE when used to find out how to deal with - * a particular NID in the ENGINE. this says what we'll do at the -@@ -688,316 +614,353 @@ const EVP_CIPHER cryptodev_aes_ctr_256 = - */ - static int - cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, -- const int **nids, int nid) -+ const int **nids, int nid) - { -- if (!cipher) -- return (cryptodev_usable_ciphers(nids)); -+ if (!cipher) -+ return (cryptodev_usable_ciphers(nids)); - -- switch (nid) { -- case NID_rc4: -- *cipher = &cryptodev_rc4; -- break; -- case NID_des_ede3_cbc: -- *cipher = &cryptodev_3des_cbc; -- break; -- case NID_des_cbc: -- *cipher = &cryptodev_des_cbc; -- break; -- case NID_bf_cbc: -- *cipher = &cryptodev_bf_cbc; -- break; -- case NID_cast5_cbc: -- *cipher = &cryptodev_cast_cbc; -- break; -- case NID_aes_128_cbc: -- *cipher = &cryptodev_aes_cbc; -- break; -- case NID_aes_192_cbc: -- *cipher = &cryptodev_aes_192_cbc; -- break; -- case NID_aes_256_cbc: -- *cipher = &cryptodev_aes_256_cbc; -- break; --# ifdef CRYPTO_AES_CTR -- case NID_aes_128_ctr: -- *cipher = &cryptodev_aes_ctr; -- break; -- case NID_aes_192_ctr: -- *cipher = &cryptodev_aes_ctr_192; -- break; -- case NID_aes_256_ctr: -- *cipher = &cryptodev_aes_ctr_256; -- break; --# endif -- default: -- *cipher = NULL; -- break; -- } -- return (*cipher != NULL); -+ switch (nid) { -+ case NID_rc4: -+ *cipher = &cryptodev_rc4; -+ break; -+ case NID_des_ede3_cbc: -+ *cipher = &cryptodev_3des_cbc; -+ break; -+ case NID_des_cbc: -+ *cipher = &cryptodev_des_cbc; -+ break; -+ case NID_bf_cbc: -+ *cipher = &cryptodev_bf_cbc; -+ break; -+ case NID_cast5_cbc: -+ *cipher = &cryptodev_cast_cbc; -+ break; -+ case NID_aes_128_cbc: -+ *cipher = &cryptodev_aes_cbc; -+ break; -+ case NID_aes_192_cbc: -+ *cipher = &cryptodev_aes_192_cbc; -+ break; -+ case NID_aes_256_cbc: -+ *cipher = &cryptodev_aes_256_cbc; -+ break; -+ default: -+ *cipher = NULL; -+ break; -+ } -+ return (*cipher != NULL); - } - --# ifdef USE_CRYPTODEV_DIGESTS -+ -+#ifdef USE_CRYPTODEV_DIG |