summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--package/openssl/Makefile15
-rw-r--r--package/openssl/patches/patch-Configure19
-rw-r--r--package/openssl/patches/patch-Makefile96
-rw-r--r--package/openssl/patches/patch-Makefile_org6
-rw-r--r--package/openssl/patches/patch-crypto_engine_eng_cryptodev_c2613
-rw-r--r--package/openssl/patches/patch-crypto_opensslconf_h193
-rw-r--r--package/openssl/patches/patch-crypto_ui_ui_openssl_c15
-rw-r--r--package/openssl/patches/patch-tools_c_rehash14
8 files changed, 2417 insertions, 554 deletions
diff --git a/package/openssl/Makefile b/package/openssl/Makefile
index 535f5cac0..480ce6cc8 100644
--- a/package/openssl/Makefile
+++ b/package/openssl/Makefile
@@ -4,9 +4,9 @@
include ${ADK_TOPDIR}/rules.mk
PKG_NAME:= openssl
-PKG_VERSION:= 1.0.1j
+PKG_VERSION:= 1.0.2a
PKG_RELEASE:= 2
-PKG_HASH:= 1b60ca8789ba6f03e8ef20da2293b8dc131c39d83814e775069f02d26354edf3
+PKG_HASH:= 15b6393c20030aab02c8e2fe0243cb1d1d18062f6c095d67bca91871dc7f324a
PKG_DESCR:= secure socket layer libraries
PKG_SECTION:= libs/crypto
PKG_DEPENDS:= zlib
@@ -64,11 +64,18 @@ else
CONFIG:= linux-embedded
endif
+ifneq (,$(filter CYGWIN%,${OStype}))
+HOSTCONFIG:= Cygwin-x86_64
+endif
+ifeq ($(OStype),Darwin)
+HOSTCONFIG:= darwin64-x86_64-cc
+endif
+
host-configure:
-ifneq ($(OStype),Darwin)
+ifeq ($(HOSTCONFIG),)
(cd $(WRKBUILD); ./config --prefix='$(STAGING_HOST_DIR)/usr' -fPIC)
else
- (cd $(WRKBUILD); OPTIMIZATION_FLAGS="-fPIC" ./Configure darwin64-x86_64-cc --prefix='$(STAGING_HOST_DIR)/usr')
+ (cd $(WRKBUILD); OPTIMIZATION_FLAGS="-fPIC" ./Configure $(HOSTCONFIG) --prefix='$(STAGING_HOST_DIR)/usr')
endif
host-build:
diff --git a/package/openssl/patches/patch-Configure b/package/openssl/patches/patch-Configure
index 5d9f9329f..19d3ef1a8 100644
--- a/package/openssl/patches/patch-Configure
+++ b/package/openssl/patches/patch-Configure
@@ -1,11 +1,12 @@
---- openssl-1.0.1e.orig/Configure 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/Configure 2013-08-17 16:07:11.782623643 +0200
-@@ -402,6 +402,8 @@ my %table=(
- "linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
- "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
-+"linux-embedded","gcc:-DTERMIOS \$(OPTIMIZATION_FLAGS) -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-embedded-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIOS \$(OPTIMIZATION_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+--- openssl-1.0.2a.orig/Configure 2015-03-19 14:30:36.000000000 +0100
++++ openssl-1.0.2a/Configure 2015-04-06 10:56:31.333266600 +0200
+@@ -443,6 +443,9 @@ my %table=(
+ "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+ "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
- # Android: linux-* but without -DTERMIO and pointers to headers and libs.
++"linux-embedded","gcc: \$(OPTIMIZATION_FLAGS) -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-embedded-x86_64","gcc:-m64 -DL_ENDIAN \$(OPTIMIZATION_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++
+ # Android: linux-* but without pointers to headers and libs.
"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/package/openssl/patches/patch-Makefile b/package/openssl/patches/patch-Makefile
deleted file mode 100644
index f1fc87d21..000000000
--- a/package/openssl/patches/patch-Makefile
+++ /dev/null
@@ -1,96 +0,0 @@
---- openssl-1.0.1i.orig/Makefile 2014-08-06 23:18:45.000000000 +0200
-+++ openssl-1.0.1i/Makefile 2014-08-07 10:03:55.000000000 +0200
-@@ -11,11 +11,11 @@ SHLIB_VERSION_NUMBER=1.0.0
- SHLIB_VERSION_HISTORY=
- SHLIB_MAJOR=1
- SHLIB_MINOR=0.0
--SHLIB_EXT=
--PLATFORM=dist
--OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-store no-unit-test no-zlib no-zlib-dynamic static-engine
--CONFIGURE_ARGS=dist
--SHLIB_TARGET=
-+SHLIB_EXT=.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-+PLATFORM=linux-embedded
-+OPTIONS=--prefix=/usr --openssldir=/etc/ssl -I/home/wbx/adk/target_qemu-x86_uclibc-ng_i686/usr/include -L/home/wbx/adk/target_qemu-x86_uclibc-ng_i686/usr/lib -DOPENSSL_SMALL_FOOTPRINT enable-shared enable-threads enable-zlib-dynamic no-aes192 no-camellia no-cast no-ec_nistp_64_gcc_128 no-engines no-err no-gmp no-idea no-jpake no-krb5 no-md2 no-mdc2 no-rc5 no-rfc3779 no-ripemd no-sctp no-sha0 no-smime no-store no-unit-test no-static-engine
-+CONFIGURE_ARGS=linux-embedded --prefix=/usr --openssldir=/etc/ssl -I/home/wbx/adk/target_qemu-x86_uclibc-ng_i686/usr/include -L/home/wbx/adk/target_qemu-x86_uclibc-ng_i686/usr/lib -DOPENSSL_SMALL_FOOTPRINT shared threads no-err no-krb5 zlib-dynamic no-engines no-camellia no-idea no-rc5 no-mdc2 no-sha0 no-smime no-aes192 no-ripemd no-cast
-+SHLIB_TARGET=linux-shared
-
- # HERE indicates where this Makefile lives. This can be used to indicate
- # where sub-Makefiles are expected to be. Currently has very limited usage,
-@@ -26,10 +26,10 @@ HERE=.
- # for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
- # Normally it is left empty.
- INSTALL_PREFIX=
--INSTALLTOP=/usr/local/ssl
-+INSTALLTOP=/usr
-
- # Do not edit this manually. Use Configure --openssldir=DIR do change this!
--OPENSSLDIR=/usr/local/ssl
-+OPENSSLDIR=/etc/ssl
-
- # NO_IDEA - Define to build without the IDEA algorithm
- # NO_RC4 - Define to build without the RC4 algorithm
-@@ -59,16 +59,17 @@ OPENSSLDIR=/usr/local/ssl
- # equal 4.
- # PKCS1_CHECK - pkcs1 tests.
-
--CC= cc
--CFLAG= -O
--DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST
-+CROSS_COMPILE= /home/wbx/adk/toolchain_qemu-x86_uclibc-ng_i686/usr/bin/i686-openadk-linux-uclibc-
-+CC= $(CROSS_COMPILE)/home/wbx/adk/toolchain_qemu-x86_uclibc-ng_i686/usr/bin/i686-openadk-linux-uclibc-gcc
-+CFLAG= -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -I/home/wbx/adk/target_qemu-x86_uclibc-ng_i686/usr/include -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_ERR -DTERMIOS $(OPTIMIZATION_FLAGS) -Wall
-+DEPFLAG= -DOPENSSL_NO_AES192 -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAST -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_ENGINES -DOPENSSL_NO_GMP -DOPENSSL_NO_IDEA -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_SCTP -DOPENSSL_NO_SHA0 -DOPENSSL_NO_SMIME -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST
- PEX_LIBS=
--EX_LIBS=
-+EX_LIBS= -L/home/wbx/adk/target_qemu-x86_uclibc-ng_i686/usr/lib -ldl
- EXE_EXT=
- ARFLAGS=
--AR= ar $(ARFLAGS) r
--RANLIB= /usr/bin/ranlib
--NM= nm
-+AR= $(CROSS_COMPILE)ar $(ARFLAGS) r
-+RANLIB= $(CROSS_COMPILE)ranlib
-+NM= $(CROSS_COMPILE)nm
- PERL= /usr/bin/perl
- TAR= tar
- TARFLAGS= --no-recursion --record-size=10240
-@@ -103,7 +104,7 @@ WP_ASM_OBJ= wp_block.o
- CMLL_ENC= camellia.o cmll_misc.o cmll_cbc.o
- MODES_ASM_OBJ=
- ENGINES_ASM_OBJ=
--PERLASM_SCHEME=
-+PERLASM_SCHEME= void
-
- # KRB5 stuff
- KRB5_INCLUDES=
-@@ -137,15 +138,15 @@ FIPSCANLIB=
-
- BASEADDR=0xFB00000
-
--DIRS= crypto ssl engines apps test tools
-+DIRS= crypto ssl engines apps tools
- ENGDIRS= ccgost
- SHLIBDIRS= crypto ssl
-
- # dirs in crypto to build
- SDIRS= \
- objects \
-- md4 md5 sha mdc2 hmac ripemd whrlpool \
-- des aes rc2 rc4 idea bf cast camellia seed modes \
-+ md4 md5 sha hmac whrlpool \
-+ des aes rc2 rc4 bf seed modes \
- bn ec rsa dsa ecdsa dh ecdh dso engine \
- buffer bio stack lhash rand err \
- evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
-@@ -174,8 +175,8 @@ WDIRS= windows
- LIBS= libcrypto.a libssl.a
- SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
- SHARED_SSL=libssl$(SHLIB_EXT)
--SHARED_LIBS=
--SHARED_LIBS_LINK_EXTS=
-+SHARED_LIBS=$(SHARED_CRYPTO) $(SHARED_SSL)
-+SHARED_LIBS_LINK_EXTS=.so.$(SHLIB_MAJOR) .so
- SHARED_LDFLAGS=
-
- GENERAL= Makefile
diff --git a/package/openssl/patches/patch-Makefile_org b/package/openssl/patches/patch-Makefile_org
index f19124dbe..dca37518d 100644
--- a/package/openssl/patches/patch-Makefile_org
+++ b/package/openssl/patches/patch-Makefile_org
@@ -1,6 +1,6 @@
---- openssl-1.0.1c.orig/Makefile.org 2012-04-22 15:25:19.000000000 +0200
-+++ openssl-1.0.1c/Makefile.org 2013-01-31 14:28:34.000000000 +0100
-@@ -135,7 +135,7 @@ FIPSCANLIB=
+--- openssl-1.0.2a.orig/Makefile.org 2015-03-19 14:30:36.000000000 +0100
++++ openssl-1.0.2a/Makefile.org 2015-04-06 10:52:37.192455300 +0200
+@@ -136,7 +136,7 @@ FIPSCANLIB=
BASEADDR=
diff --git a/package/openssl/patches/patch-crypto_engine_eng_cryptodev_c b/package/openssl/patches/patch-crypto_engine_eng_cryptodev_c
index 7b8898a5d..603e33133 100644
--- a/package/openssl/patches/patch-crypto_engine_eng_cryptodev_c
+++ b/package/openssl/patches/patch-crypto_engine_eng_cryptodev_c
@@ -1,5 +1,5 @@
---- openssl-1.0.1e.orig/crypto/engine/eng_cryptodev.c 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/engine/eng_cryptodev.c 2013-08-09 16:51:49.915851335 +0200
+--- openssl-1.0.2a.orig/crypto/engine/eng_cryptodev.c 2015-03-19 14:30:36.000000000 +0100
++++ openssl-1.0.2a/crypto/engine/eng_cryptodev.c 2015-02-02 21:02:31.009892700 +0100
@@ -2,6 +2,7 @@
* Copyright (c) 2002 Bob Beck <beck@openbsd.org>
* Copyright (c) 2002 Theo de Raadt
@@ -8,250 +8,1502 @@
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
-@@ -74,9 +75,7 @@ struct dev_crypto_state {
- int d_fd;
+@@ -32,8 +33,8 @@
+ #include <openssl/bn.h>
- #ifdef USE_CRYPTODEV_DIGESTS
-- char dummy_mac_key[HASH_MAX_LEN];
+ #if (defined(__unix__) || defined(unix)) && !defined(USG) && \
+- (defined(OpenBSD) || defined(__FreeBSD__))
+-# include <sys/param.h>
++ (defined(OpenBSD) || defined(__FreeBSD__))
++#include <sys/param.h>
+ # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
+ # define HAVE_CRYPTODEV
+ # endif
+@@ -44,39 +45,40 @@
+
+ #ifndef HAVE_CRYPTODEV
+
+-void ENGINE_load_cryptodev(void)
++void
++ENGINE_load_cryptodev(void)
+ {
+- /* This is a NOP on platforms without /dev/crypto */
+- return;
++ /* This is a NOP on platforms without /dev/crypto */
++ return;
+ }
+
+-#else
-
-- unsigned char digest_res[HASH_MAX_LEN];
+-# include <sys/types.h>
+-# include <crypto/cryptodev.h>
+-# include <openssl/dh.h>
+-# include <openssl/dsa.h>
+-# include <openssl/err.h>
+-# include <openssl/rsa.h>
+-# include <sys/ioctl.h>
+-# include <errno.h>
+-# include <stdio.h>
+-# include <unistd.h>
+-# include <fcntl.h>
+-# include <stdarg.h>
+-# include <syslog.h>
+-# include <errno.h>
+-# include <string.h>
++#else
++
++#include <sys/types.h>
++#include <crypto/cryptodev.h>
++#include <crypto/dh/dh.h>
++#include <crypto/dsa/dsa.h>
++#include <crypto/err/err.h>
++#include <crypto/rsa/rsa.h>
++#include <sys/ioctl.h>
++#include <errno.h>
++#include <stdio.h>
++#include <unistd.h>
++#include <fcntl.h>
++#include <stdarg.h>
++#include <syslog.h>
++#include <errno.h>
++#include <string.h>
+
+ struct dev_crypto_state {
+- struct session_op d_sess;
+- int d_fd;
+-# ifdef USE_CRYPTODEV_DIGESTS
+- char dummy_mac_key[HASH_MAX_LEN];
+- unsigned char digest_res[HASH_MAX_LEN];
+- char *mac_data;
+- int mac_len;
+-# endif
++ struct session_op d_sess;
++ int d_fd;
++
++#ifdef USE_CRYPTODEV_DIGESTS
+ unsigned char digest_res[64];
- char *mac_data;
- int mac_len;
- #endif
-@@ -157,15 +156,21 @@ static struct {
++ char *mac_data;
++ int mac_len;
++#endif
+ };
+
+ static u_int32_t cryptodev_asymfeat = 0;
+@@ -85,196 +87,153 @@ static int get_asym_dev_crypto(void);
+ static int open_dev_crypto(void);
+ static int get_dev_crypto(void);
+ static int get_cryptodev_ciphers(const int **cnids);
+-# ifdef USE_CRYPTODEV_DIGESTS
++#ifdef USE_CRYPTODEV_DIGESTS
+ static int get_cryptodev_digests(const int **cnids);
+-# endif
++#endif
+ static int cryptodev_usable_ciphers(const int **nids);
+ static int cryptodev_usable_digests(const int **nids);
+ static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- const unsigned char *in, size_t inl);
++ const unsigned char *in, size_t inl);
+ static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+- const unsigned char *iv, int enc);
++ const unsigned char *iv, int enc);
+ static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
+ static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+- const int **nids, int nid);
++ const int **nids, int nid);
+ static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+- const int **nids, int nid);
++ const int **nids, int nid);
+ static int bn2crparam(const BIGNUM *a, struct crparam *crp);
+ static int crparam2bn(struct crparam *crp, BIGNUM *a);
+ static void zapparams(struct crypt_kop *kop);
+ static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
+- int slen, BIGNUM *s);
++ int slen, BIGNUM *s);
+
+ static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
+- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+- BN_MONT_CTX *m_ctx);
+-static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+- BN_CTX *ctx);
+-static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+- BN_CTX *ctx);
++ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
++static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
++ RSA *rsa, BN_CTX *ctx);
++static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
+ static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
+- const BIGNUM *p, const BIGNUM *m,
+- BN_CTX *ctx, BN_MONT_CTX *m_ctx);
++ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+ static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2,
+- BIGNUM *p, BN_CTX *ctx,
+- BN_MONT_CTX *mont);
+-static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
+- DSA *dsa);
++ BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
++ BN_CTX *ctx, BN_MONT_CTX *mont);
++static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,
++ int dlen, DSA *dsa);
+ static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
+- DSA_SIG *sig, DSA *dsa);
++ DSA_SIG *sig, DSA *dsa);
+ static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+- BN_MONT_CTX *m_ctx);
+-static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
+- DH *dh);
++ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
++ BN_MONT_CTX *m_ctx);
++static int cryptodev_dh_compute_key(unsigned char *key,
++ const BIGNUM *pub_key, DH *dh);
+ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
+- void (*f) (void));
++ void (*f)(void));
+ void ENGINE_load_cryptodev(void);
+
+ static const ENGINE_CMD_DEFN cryptodev_defns[] = {
+- {0, NULL, NULL, 0}
++ { 0, NULL, NULL, 0 }
+ };
+
+ static struct {
+- int id;
+- int nid;
+- int ivmax;
+- int keylen;
++ int id;
++ int nid;
++ int ivmax;
++ int keylen;
+ } ciphers[] = {
+- {
+- CRYPTO_ARC4, NID_rc4, 0, 16,
+- },
+- {
+- CRYPTO_DES_CBC, NID_des_cbc, 8, 8,
+- },
+- {
+- CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24,
+- },
+- {
+- CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16,
+- },
+- {
+- CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24,
+- },
+- {
+- CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32,
+- },
+-# ifdef CRYPTO_AES_CTR
+- {
+- CRYPTO_AES_CTR, NID_aes_128_ctr, 14, 16,
+- },
+- {
+- CRYPTO_AES_CTR, NID_aes_192_ctr, 14, 24,
+- },
+- {
+- CRYPTO_AES_CTR, NID_aes_256_ctr, 14, 32,
+- },
+-# endif
+- {
+- CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16,
+- },
+- {
+- CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16,
+- },
+- {
+- CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0,
+- },
+- {
+- 0, NID_undef, 0, 0,
+- },
++ { CRYPTO_ARC4, NID_rc4, 0, 16, },
++ { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, },
++ { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, },
++ { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, },
++ { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, },
++ { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, },
++ { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, },
++ { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, },
++ { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, },
++ { 0, NID_undef, 0, 0, },
+ };
+
+-# ifdef USE_CRYPTODEV_DIGESTS
++#ifdef USE_CRYPTODEV_DIGESTS
static struct {
- int id;
- int nid;
-- int keylen;
+- int id;
+- int nid;
+- int keylen;
++ int id;
++ int nid;
+ int digestlen;
} digests[] = {
+- {
+- CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16
+- },
+- {
+- CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20
+- },
+- {
+- CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16
+- /* ? */
+- },
+- {
+- CRYPTO_MD5_KPDK, NID_undef, 0
+- },
+- {
+- CRYPTO_SHA1_KPDK, NID_undef, 0
+- },
+- {
+- CRYPTO_MD5, NID_md5, 16
+- },
+- {
+- CRYPTO_SHA1, NID_sha1, 20
+- },
+- {
+- 0, NID_undef, 0
+- },
+#if 0
+ /* HMAC is not supported */
- { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16},
- { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20},
-- { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16/*?*/},
-- { CRYPTO_MD5_KPDK, NID_undef, 0},
-- { CRYPTO_SHA1_KPDK, NID_undef, 0},
++ { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16},
++ { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20},
+ { CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA256, 32},
+ { CRYPTO_SHA2_384_HMAC, NID_hmacWithSHA384, 48},
+ { CRYPTO_SHA2_512_HMAC, NID_hmacWithSHA512, 64},
+#endif
- { CRYPTO_MD5, NID_md5, 16},
- { CRYPTO_SHA1, NID_sha1, 20},
++ { CRYPTO_MD5, NID_md5, 16},
++ { CRYPTO_SHA1, NID_sha1, 20},
+ { CRYPTO_SHA2_256, NID_sha256, 32},
+ { CRYPTO_SHA2_384, NID_sha384, 48},
+ { CRYPTO_SHA2_512, NID_sha512, 64},
- { 0, NID_undef, 0},
++ { 0, NID_undef, 0},
};
- #endif
-@@ -182,7 +187,7 @@ open_dev_crypto(void)
- if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
- return (-1);
- /* close on exec */
-- if (fcntl(fd, F_SETFD, 1) == -1) {
+-# endif
++#endif
+
+ /*
+ * Return a fd if /dev/crypto seems usable, 0 otherwise.
+ */
+-static int open_dev_crypto(void)
++static int
++open_dev_crypto(void)
+ {
+- static int fd = -1;
++ static int fd = -1;
+
+- if (fd == -1) {
+- if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
+- return (-1);
+- /* close on exec */
+- if (fcntl(fd, F_SETFD, 1) == -1) {
+- close(fd);
+- fd = -1;
+- return (-1);
+- }
+- }
+- return (fd);
++ if (fd == -1) {
++ if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
++ return (-1);
++ /* close on exec */
+ if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) {
- close(fd);
- fd = -1;
- return (-1);
-@@ -243,13 +248,14 @@ get_cryptodev_ciphers(const int **cnids)
- static int nids[CRYPTO_ALGORITHM_MAX];
- struct session_op sess;
- int fd, i, count = 0;
++ close(fd);
++ fd = -1;
++ return (-1);
++ }
++ }
++ return (fd);
+ }
+
+-static int get_dev_crypto(void)
++static int
++get_dev_crypto(void)
+ {
+- int fd, retfd;
++ int fd, retfd;
+
+- if ((fd = open_dev_crypto()) == -1)
+- return (-1);
+-# ifndef CRIOGET_NOT_NEEDED
+- if (ioctl(fd, CRIOGET, &retfd) == -1)
+- return (-1);
++ if ((fd = open_dev_crypto()) == -1)
++ return (-1);
++#ifndef CRIOGET_NOT_NEEDED
++ if (ioctl(fd, CRIOGET, &retfd) == -1)
++ return (-1);
+
+- /* close on exec */
+- if (fcntl(retfd, F_SETFD, 1) == -1) {
+- close(retfd);
+- return (-1);
+- }
+-# else
+- retfd = fd;
+-# endif
+- return (retfd);
++ /* close on exec */
++ if (fcntl(retfd, F_SETFD, 1) == -1) {
++ close(retfd);
++ return (-1);
++ }
++#else
++ retfd = fd;
++#endif
++ return (retfd);
+ }
+
+ static void put_dev_crypto(int fd)
+ {
+-# ifndef CRIOGET_NOT_NEEDED
+- close(fd);
+-# endif
++#ifndef CRIOGET_NOT_NEEDED
++ close(fd);
++#endif
+ }
+
+ /* Caching version for asym operations */
+-static int get_asym_dev_crypto(void)
++static int
++get_asym_dev_crypto(void)
+ {
+- static int fd = -1;
++ static int fd = -1;
+
+- if (fd == -1)
+- fd = get_dev_crypto();
+- return fd;
++ if (fd == -1)
++ fd = get_dev_crypto();
++ return fd;
+ }
+
+ /*
+@@ -283,76 +242,80 @@ static int get_asym_dev_crypto(void)
+ * returning them here is harmless, as long as we return NULL
+ * when asked for a handler in the cryptodev_engine_ciphers routine
+ */
+-static int get_cryptodev_ciphers(const int **cnids)
++static int
++get_cryptodev_ciphers(const int **cnids)
+ {
+- static int nids[CRYPTO_ALGORITHM_MAX];
+- struct session_op sess;
+- int fd, i, count = 0;
++ static int nids[CRYPTO_ALGORITHM_MAX];
++ struct session_op sess;
++ int fd, i, count = 0;
+ unsigned char fake_key[EVP_MAX_KEY_LENGTH];
- if ((fd = get_dev_crypto()) < 0) {
- *cnids = NULL;
- return (0);
- }
- memset(&sess, 0, sizeof(sess));
-- sess.key = (caddr_t)"123456789abcdefghijklmno";
+- if ((fd = get_dev_crypto()) < 0) {
+- *cnids = NULL;
+- return (0);
+- }
+- memset(&sess, 0, sizeof(sess));
+- sess.key = (caddr_t) "123456789abcdefghijklmno";
++ if ((fd = get_dev_crypto()) < 0) {
++ *cnids = NULL;
++ return (0);
++ }
++ memset(&sess, 0, sizeof(sess));
+ sess.key = (void*)fake_key;
- for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
- if (ciphers[i].nid == NID_undef)
-@@ -281,6 +287,7 @@ static int
- get_cryptodev_digests(const int **cnids)
+- for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+- if (ciphers[i].nid == NID_undef)
+- continue;
+- sess.cipher = ciphers[i].id;
+- sess.keylen = ciphers[i].keylen;
+- sess.mac = 0;
+- if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+- ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+- nids[count++] = ciphers[i].nid;
+- }
+- put_dev_crypto(fd);
++ for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
++ if (ciphers[i].nid == NID_undef)
++ continue;
++ sess.cipher = ciphers[i].id;
++ sess.keylen = ciphers[i].keylen;
++ sess.mac = 0;
++ if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
++ ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
++ nids[count++] = ciphers[i].nid;
++ }
++ put_dev_crypto(fd);
+
+- if (count > 0)
+- *cnids = nids;
+- else
+- *cnids = NULL;
+- return (count);
++ if (count > 0)
++ *cnids = nids;
++ else
++ *cnids = NULL;
++ return (count);
+ }
+
+-# ifdef USE_CRYPTODEV_DIGESTS
++#ifdef USE_CRYPTODEV_DIGESTS
+ /*
+ * Find out what digests /dev/crypto will let us have a session for.
+ * XXX note, that some of these openssl doesn't deal with yet!
+ * returning them here is harmless, as long as we return NULL
+ * when asked for a handler in the cryptodev_engine_digests routine
+ */
+-static int get_cryptodev_digests(const int **cnids)
++static int
++get_cryptodev_digests(const int **cnids)
{
- static int nids[CRYPTO_ALGORITHM_MAX];
+- static int nids[CRYPTO_ALGORITHM_MAX];
+- struct session_op sess;
+- int fd, i, count = 0;
++ static int nids[CRYPTO_ALGORITHM_MAX];
+ unsigned char fake_key[EVP_MAX_KEY_LENGTH];
- struct session_op sess;
- int fd, i, count = 0;
-
-@@ -289,12 +296,12 @@ get_cryptodev_digests(const int **cnids)
- return (0);
- }
- memset(&sess, 0, sizeof(sess));
-- sess.mackey = (caddr_t)"123456789abcdefghijklmno";
++ struct session_op sess;
++ int fd, i, count = 0;
+
+- if ((fd = get_dev_crypto()) < 0) {
+- *cnids = NULL;
+- return (0);
+- }
+- memset(&sess, 0, sizeof(sess));
+- sess.mackey = (caddr_t) "123456789abcdefghijklmno";
+- for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+- if (digests[i].nid == NID_undef)
+- continue;
+- sess.mac = digests[i].id;
+- sess.mackeylen = digests[i].keylen;
+- sess.cipher = 0;
+- if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+- ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+- nids[count++] = digests[i].nid;
+- }
+- put_dev_crypto(fd);
++ if ((fd = get_dev_crypto()) < 0) {
++ *cnids = NULL;
++ return (0);
++ }
++ memset(&sess, 0, sizeof(sess));
+ sess.mackey = fake_key;
- for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
- if (digests[i].nid == NID_undef)
- continue;
- sess.mac = digests[i].id;
-- sess.mackeylen = digests[i].keylen;
++ for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
++ if (digests[i].nid == NID_undef)
++ continue;
++ sess.mac = digests[i].id;
+ sess.mackeylen = 8;
- sess.cipher = 0;
- if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
- ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
-@@ -382,14 +389,14 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, un
- cryp.ses = sess->ses;
- cryp.flags = 0;
- cryp.len = inl;
-- cryp.src = (caddr_t) in;
-- cryp.dst = (caddr_t) out;
++ sess.cipher = 0;
++ if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
++ ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
++ nids[count++] = digests[i].nid;
++ }
++ put_dev_crypto(fd);
+
+- if (count > 0)
+- *cnids = nids;
+- else
+- *cnids = NULL;
+- return (count);
++ if (count > 0)
++ *cnids = nids;
++ else
++ *cnids = NULL;
++ return (count);
+ }
+-# endif /* 0 */
++#endif /* 0 */
+
+ /*
+ * Find the useable ciphers|digests from dev/crypto - this is the first
+@@ -375,158 +338,161 @@ static int get_cryptodev_digests(const i
+ * want most of the decisions made about what we actually want
+ * to use from /dev/crypto.
+ */
+-static int cryptodev_usable_ciphers(const int **nids)
++static int
++cryptodev_usable_ciphers(const int **nids)
+ {
+- return (get_cryptodev_ciphers(nids));
++ return (get_cryptodev_ciphers(nids));
+ }
+
+-static int cryptodev_usable_digests(const int **nids)
++static int
++cryptodev_usable_digests(const int **nids)
+ {
+-# ifdef USE_CRYPTODEV_DIGESTS
+- return (get_cryptodev_digests(nids));
+-# else
+- /*
+- * XXXX just disable all digests for now, because it sucks.
+- * we need a better way to decide this - i.e. I may not
+- * want digests on slow cards like hifn on fast machines,
+- * but might want them on slow or loaded machines, etc.
+- * will also want them when using crypto cards that don't
+- * suck moose gonads - would be nice to be able to decide something
+- * as reasonable default without having hackery that's card dependent.
+- * of course, the default should probably be just do everything,
+- * with perhaps a sysctl to turn algoritms off (or have them off
+- * by default) on cards that generally suck like the hifn.
+- */
+- *nids = NULL;
+- return (0);
+-# endif
++#ifdef USE_CRYPTODEV_DIGESTS
++ return (get_cryptodev_digests(nids));
++#else
++ /*
++ * XXXX just disable all digests for now, because it sucks.
++ * we need a better way to decide this - i.e. I may not
++ * want digests on slow cards like hifn on fast machines,
++ * but might want them on slow or loaded machines, etc.
++ * will also want them when using crypto cards that don't
++ * suck moose gonads - would be nice to be able to decide something
++ * as reasonable default without having hackery that's card dependent.
++ * of course, the default should probably be just do everything,
++ * with perhaps a sysctl to turn algoritms off (or have them off
++ * by default) on cards that generally suck like the hifn.
++ */
++ *nids = NULL;
++ return (0);
++#endif
+ }
+
+ static int
+ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- const unsigned char *in, size_t inl)
++ const unsigned char *in, size_t inl)
+ {
+- struct crypt_op cryp;
+- struct dev_crypto_state *state = ctx->cipher_data;
+- struct session_op *sess = &state->d_sess;
+- const void *iiv;
+- unsigned char save_iv[EVP_MAX_IV_LENGTH];
++ struct crypt_op cryp;
++ struct dev_crypto_state *state = ctx->cipher_data;
++ struct session_op *sess = &state->d_sess;
++ const void *iiv;
++ unsigned char save_iv[EVP_MAX_IV_LENGTH];
+
+- if (state->d_fd < 0)
+- return (0);
+- if (!inl)
+- return (1);
+- if ((inl % ctx->cipher->block_size) != 0)
+- return (0);
++ if (state->d_fd < 0)
++ return (0);
++ if (!inl)
++ return (1);
++ if ((inl % ctx->cipher->block_size) != 0)
++ return (0);
+
+- memset(&cryp, 0, sizeof(cryp));
++ memset(&cryp, 0, sizeof(cryp));
+
+- cryp.ses = sess->ses;
+- cryp.flags = 0;
+- cryp.len = inl;
+- cryp.src = (caddr_t) in;
+- cryp.dst = (caddr_t) out;
+- cryp.mac = 0;
++ cryp.ses = sess->ses;
++ cryp.flags = 0;
++ cryp.len = inl;
+ cryp.src = (void*) in;
+ cryp.dst = (void*) out;
- cryp.mac = 0;
++ cryp.mac = 0;
- cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+- cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
++ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
- if (ctx->cipher->iv_len) {
-- cryp.iv = (caddr_t) ctx->iv;
+- if (ctx->cipher->iv_len) {
+- cryp.iv = (caddr_t) ctx->iv;
+- if (!ctx->encrypt) {
+- iiv = in + inl - ctx->cipher->iv_len;
+- memcpy(save_iv, iiv, ctx->cipher->iv_len);
+- }
+- } else
+- cryp.iv = NULL;
++ if (ctx->cipher->iv_len) {
+ cryp.iv = (void*) ctx->iv;
- if (!ctx->encrypt) {
- iiv = in + inl - ctx->cipher->iv_len;
- memcpy(save_iv, iiv, ctx->cipher->iv_len);
-@@ -440,7 +447,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx,
- if ((state->d_fd = get_dev_crypto()) < 0)
- return (0);
-
-- sess->key = (caddr_t)key;
++ if (!ctx->encrypt) {
++ iiv = in + inl - ctx->cipher->iv_len;
++ memcpy(save_iv, iiv, ctx->cipher->iv_len);
++ }
++ } else
++ cryp.iv = NULL;
+
+- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
+- /*
+- * XXX need better errror handling this can fail for a number of
+- * different reasons.
+- */
+- return (0);
+- }
++ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
++ /* XXX need better errror handling
++ * this can fail for a number of different reasons.
++ */
++ return (0);
++ }
+
+- if (ctx->cipher->iv_len) {
+- if (ctx->encrypt)
+- iiv = out + inl - ctx->cipher->iv_len;
+- else
+- iiv = save_iv;
+- memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
+- }
+- return (1);
++ if (ctx->cipher->iv_len) {
++ if (ctx->encrypt)
++ iiv = out + inl - ctx->cipher->iv_len;
++ else
++ iiv = save_iv;
++ memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
++ }
++ return (1);
+ }
+
+ static int
+ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+- const unsigned char *iv, int enc)
++ const unsigned char *iv, int enc)
+ {
+- struct dev_crypto_state *state = ctx->cipher_data;
+- struct session_op *sess = &state->d_sess;
+- int cipher = -1, i;
++ struct dev_crypto_state *state = ctx->cipher_data;
++ struct session_op *sess = &state->d_sess;
++ int cipher = -1, i;
+
+- for (i = 0; ciphers[i].id; i++)
+- if (ctx->cipher->nid == ciphers[i].nid &&
+- ctx->cipher->iv_len <= ciphers[i].ivmax &&
+- ctx->key_len == ciphers[i].keylen) {
+- cipher = ciphers[i].id;
+- break;
+- }
++ for (i = 0; ciphers[i].id; i++)
++ if (ctx->cipher->nid == ciphers[i].nid &&
++ ctx->cipher->iv_len <= ciphers[i].ivmax &&
++ ctx->key_len == ciphers[i].keylen) {
++ cipher = ciphers[i].id;
++ break;
++ }
+
+- if (!ciphers[i].id) {
+- state->d_fd = -1;
+- return (0);
+- }
++ if (!ciphers[i].id) {
++ state->d_fd = -1;
++ return (0);
++ }
+
+- memset(sess, 0, sizeof(struct session_op));
++ memset(sess, 0, sizeof(struct session_op));
+
+- if ((state->d_fd = get_dev_crypto()) < 0)
+- return (0);
++ if ((state->d_fd = get_dev_crypto()) < 0)
++ return (0);
+
+- sess->key = (caddr_t) key;
+- sess->keylen = ctx->key_len;
+- sess->cipher = cipher;
+ sess->key = (void*)key;
- sess->keylen = ctx->key_len;
- sess->cipher = cipher;
++ sess->keylen = ctx->key_len;
++ sess->cipher = cipher;
-@@ -660,18 +667,6 @@ digest_nid_to_cryptodev(int nid)
+- if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
+- put_dev_crypto(state->d_fd);
+- state->d_fd = -1;
+- return (0);
+- }
+- return (1);
++ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
++ put_dev_crypto(state->d_fd);
++ state->d_fd = -1;
++ return (0);
++ }
++ return (1);
}
+ /*
+ * free anything we allocated earlier when initting a
+ * session, and close the session.
+ */
+-static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
++static int
++cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
+ {
+- int ret = 0;
+- struct dev_crypto_state *state = ctx->cipher_data;
+- struct session_op *sess = &state->d_sess;
++ int ret = 0;
++ struct dev_crypto_state *state = ctx->cipher_data;
++ struct session_op *sess = &state->d_sess;
--static int
--digest_key_length(int nid)
--{
-- int i;
+- if (state->d_fd < 0)
+- return (0);
++ if (state->d_fd < 0)
++ return (0);
+
+- /*
+- * XXX if this ioctl fails, someting's wrong. the invoker may have called
+- * us with a bogus ctx, or we could have a device that for whatever
+- * reason just doesn't want to play ball - it's not clear what's right
+- * here - should this be an error? should it just increase a counter,
+- * hmm. For right now, we return 0 - I don't believe that to be "right".
+- * we could call the gorpy openssl lib error handlers that print messages
+- * to users of the library. hmm..
+- */
++ /* XXX if this ioctl fails, someting's wrong. the invoker
++ * may have called us with a bogus ctx, or we could
++ * have a device that for whatever reason just doesn't
++ * want to play ball - it's not clear what's right
++ * here - should this be an error? should it just
++ * increase a counter, hmm. For right now, we return
++ * 0 - I don't believe that to be "right". we could
++ * call the gorpy openssl lib error handlers that
++ * print messages to users of the library. hmm..
++ */
+
+- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
+- ret = 0;
+- } else {
+- ret = 1;
+- }
+- put_dev_crypto(state->d_fd);
+- state->d_fd = -1;
++ if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
++ ret = 0;
++ } else {
++ ret = 1;
++ }
++ put_dev_crypto(state->d_fd);
++ state->d_fd = -1;
+
+- return (ret);
++ return (ret);
+ }
+
+ /*
+@@ -536,151 +502,111 @@ static int cryptodev_cleanup(EVP_CIPHER_
+
+ /* RC4 */
+ const EVP_CIPHER cryptodev_rc4 = {
+- NID_rc4,
+- 1, 16, 0,
+- EVP_CIPH_VARIABLE_LENGTH,
+- cryptodev_init_key,
+- cryptodev_cipher,
+- cryptodev_cleanup,
+- sizeof(struct dev_crypto_state),
+- NULL,
+- NULL,
+- NULL
++ NID_rc4,
++ 1, 16, 0,
++ EVP_CIPH_VARIABLE_LENGTH,
++ cryptodev_init_key,
++ cryptodev_cipher,
++ cryptodev_cleanup,
++ sizeof(struct dev_crypto_state),
++ NULL,
++ NULL,
++ NULL
+ };
+
+ /* DES CBC EVP */
+ const EVP_CIPHER cryptodev_des_cbc = {
+- NID_des_cbc,
+- 8, 8, 8,
+- EVP_CIPH_CBC_MODE,
+- cryptodev_init_key,
+- cryptodev_cipher,
+- cryptodev_cleanup,
+- sizeof(struct dev_crypto_state),
+- EVP_CIPHER_set_asn1_iv,
+- EVP_CIPHER_get_asn1_iv,
+- NULL
++ NID_des_cbc,
++ 8, 8, 8,
++ EVP_CIPH_CBC_MODE,
++ cryptodev_init_key,
++ cryptodev_cipher,
++ cryptodev_cleanup,
++ sizeof(struct dev_crypto_state),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
+ };
+
+ /* 3DES CBC EVP */
+ const EVP_CIPHER cryptodev_3des_cbc = {
+- NID_des_ede3_cbc,
+- 8, 24, 8,
+- EVP_CIPH_CBC_MODE,
+- cryptodev_init_key,
+- cryptodev_cipher,
+- cryptodev_cleanup,
+- sizeof(struct dev_crypto_state),
+- EVP_CIPHER_set_asn1_iv,
+- EVP_CIPHER_get_asn1_iv,
+- NULL
++ NID_des_ede3_cbc,
++ 8, 24, 8,
++ EVP_CIPH_CBC_MODE,
++ cryptodev_init_key,
++ cryptodev_cipher,
++ cryptodev_cleanup,
++ sizeof(struct dev_crypto_state),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
+ };
+
+ const EVP_CIPHER cryptodev_bf_cbc = {
+- NID_bf_cbc,
+- 8, 16, 8,
+- EVP_CIPH_CBC_MODE,
+- cryptodev_init_key,
+- cryptodev_cipher,
+- cryptodev_cleanup,
+- sizeof(struct dev_crypto_state),
+- EVP_CIPHER_set_asn1_iv,
+- EVP_CIPHER_get_asn1_iv,
+- NULL
++ NID_bf_cbc,
++ 8, 16, 8,
++ EVP_CIPH_CBC_MODE,
++ cryptodev_init_key,
++ cryptodev_cipher,
++ cryptodev_cleanup,
++ sizeof(struct dev_crypto_state),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
+ };
+
+ const EVP_CIPHER cryptodev_cast_cbc = {
+- NID_cast5_cbc,
+- 8, 16, 8,
+- EVP_CIPH_CBC_MODE,
+- cryptodev_init_key,
+- cryptodev_cipher,
+- cryptodev_cleanup,
+- sizeof(struct dev_crypto_state),
+- EVP_CIPHER_set_asn1_iv,
+- EVP_CIPHER_get_asn1_iv,
+- NULL
++ NID_cast5_cbc,
++ 8, 16, 8,
++ EVP_CIPH_CBC_MODE,
++ cryptodev_init_key,
++ cryptodev_cipher,
++ cryptodev_cleanup,
++ sizeof(struct dev_crypto_state),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
+ };
+
+ const EVP_CIPHER cryptodev_aes_cbc = {
+- NID_aes_128_cbc,
+- 16, 16, 16,
+- EVP_CIPH_CBC_MODE,
+- cryptodev_init_key,
+- cryptodev_cipher,
+- cryptodev_cleanup,
+- sizeof(struct dev_crypto_state),
+- EVP_CIPHER_set_asn1_iv,
+- EVP_CIPHER_get_asn1_iv,
+- NULL
++ NID_aes_128_cbc,
++ 16, 16, 16,
++ EVP_CIPH_CBC_MODE,
++ cryptodev_init_key,
++ cryptodev_cipher,
++ cryptodev_cleanup,
++ sizeof(struct dev_crypto_state),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
+ };
+
+ const EVP_CIPHER cryptodev_aes_192_cbc = {
+- NID_aes_192_cbc,
+- 16, 24, 16,
+- EVP_CIPH_CBC_MODE,
+- cryptodev_init_key,
+- cryptodev_cipher,
+- cryptodev_cleanup,
+- sizeof(struct dev_crypto_state),
+- EVP_CIPHER_set_asn1_iv,
+- EVP_CIPHER_get_asn1_iv,
+- NULL
++ NID_aes_192_cbc,
++ 16, 24, 16,
++ EVP_CIPH_CBC_MODE,
++ cryptodev_init_key,
++ cryptodev_cipher,
++ cryptodev_cleanup,
++ sizeof(struct dev_crypto_state),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
+ };
+
+ const EVP_CIPHER cryptodev_aes_256_cbc = {
+- NID_aes_256_cbc,
+- 16, 32, 16,
+- EVP_CIPH_CBC_MODE,
+- cryptodev_init_key,
+- cryptodev_cipher,
+- cryptodev_cleanup,
+- sizeof(struct dev_crypto_state),
+- EVP_CIPHER_set_asn1_iv,
+- EVP_CIPHER_get_asn1_iv,
+- NULL
+-};
-
-- for (i = 0; digests[i].id; i++)
-- if (digests[i].nid == nid)
-- return digests[i].keylen;
-- return (0);
--}
+-# ifdef CRYPTO_AES_CTR
+-const EVP_CIPHER cryptodev_aes_ctr = {
+- NID_aes_128_ctr,
+- 16, 16, 14,
+- EVP_CIPH_CTR_MODE,
+- cryptodev_init_key,
+- cryptodev_cipher,
+- cryptodev_cleanup,
+- sizeof(struct dev_crypto_state),
+- EVP_CIPHER_set_asn1_iv,
+- EVP_CIPHER_get_asn1_iv,
+- NULL
+-};
-
+-const EVP_CIPHER cryptodev_aes_ctr_192 = {
+- NID_aes_192_ctr,
+- 16, 24, 14,
+- EVP_CIPH_CTR_MODE,
+- cryptodev_init_key,
+- cryptodev_cipher,
+- cryptodev_cleanup,
+- sizeof(struct dev_crypto_state),
+- EVP_CIPHER_set_asn1_iv,
+- EVP_CIPHER_get_asn1_iv,
+- NULL
++ NID_aes_256_cbc,
++ 16, 32, 16,
++ EVP_CIPH_CBC_MODE,
++ cryptodev_init_key,
++ cryptodev_cipher,
++ cryptodev_cleanup,
++ sizeof(struct dev_crypto_state),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
+ };
+
+-const EVP_CIPHER cryptodev_aes_ctr_256 = {
+- NID_aes_256_ctr,
+- 16, 32, 14,
+- EVP_CIPH_CTR_MODE,
+- cryptodev_init_key,
+- cryptodev_cipher,
+- cryptodev_cleanup,
+- sizeof(struct dev_crypto_state),
+- EVP_CIPHER_set_asn1_iv,
+- EVP_CIPHER_get_asn1_iv,
+- NULL
+-};
+-# endif
+ /*
+ * Registered by the ENGINE when used to find out how to deal with
+ * a particular NID in the ENGINE. this says what we'll do at the
+@@ -688,316 +614,353 @@ const EVP_CIPHER cryptodev_aes_ctr_256 =
+ */
+ static int
+ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+- const int **nids, int nid)
++ const int **nids, int nid)
+ {
+- if (!cipher)
+- return (cryptodev_usable_ciphers(nids));
++ if (!cipher)
++ return (cryptodev_usable_ciphers(nids));
+
+- switch (nid) {
+- case NID_rc4:
+- *cipher = &cryptodev_rc4;
+- break;
+- case NID_des_ede3_cbc:
+- *cipher = &cryptodev_3des_cbc;
+- break;
+- case NID_des_cbc:
+- *cipher = &cryptodev_des_cbc;
+- break;
+- case NID_bf_cbc:
+- *cipher = &cryptodev_bf_cbc;
+- break;
+- case NID_cast5_cbc:
+- *cipher = &cryptodev_cast_cbc;
+- break;
+- case NID_aes_128_cbc:
+- *cipher = &cryptodev_aes_cbc;
+- break;
+- case NID_aes_192_cbc:
+- *cipher = &cryptodev_aes_192_cbc;
+- break;
+- case NID_aes_256_cbc:
+- *cipher = &cryptodev_aes_256_cbc;
+- break;
+-# ifdef CRYPTO_AES_CTR
+- case NID_aes_128_ctr:
+- *cipher = &cryptodev_aes_ctr;
+- break;
+- case NID_aes_192_ctr:
+- *cipher = &cryptodev_aes_ctr_192;
+- break;
+- case NID_aes_256_ctr:
+- *cipher = &cryptodev_aes_ctr_256;
+- break;
+-# endif
+- default:
+- *cipher = NULL;
+- break;
+- }
+- return (*cipher != NULL);
++ switch (nid) {
++ case NID_rc4:
++ *cipher = &cryptodev_rc4;
++ break;
++ case NID_des_ede3_cbc:
++ *cipher = &cryptodev_3des_cbc;
++ break;
++ case NID_des_cbc:
++ *cipher = &cryptodev_des_cbc;
++ break;
++ case NID_bf_cbc:
++ *cipher = &cryptodev_bf_cbc;
++ break;
++ case NID_cast5_cbc:
++ *cipher = &cryptodev_cast_cbc;
++ break;
++ case NID_aes_128_cbc:
++ *cipher = &cryptodev_aes_cbc;
++ break;
++ case NID_aes_192_cbc:
++ *cipher = &cryptodev_aes_192_cbc;
++ break;
++ case NID_aes_256_cbc:
++ *cipher = &cryptodev_aes_256_cbc;
++ break;
++ default:
++ *cipher = NULL;
++ break;
++ }
++ return (*cipher != NULL);
+ }
+
+-# ifdef USE_CRYPTODEV_DIGESTS
++
++#ifdef USE_CRYPTODEV_DIGESTS
+
+ /* convert digest type to cryptodev */
+-static int digest_nid_to_cryptodev(int nid)
++static int
++digest_nid_to_cryptodev(int nid)
+ {
+- int i;
++ int i;
+
+- for (i = 0; digests[i].id; i++)
+- if (digests[i].nid == nid)
+- return (digests[i].id);
+- return (0);
++ for (i = 0; digests[i].id; i++)
++ if (digests[i].nid == nid)
++ return (digests[i].id);
++ return (0);
+ }
+
+-static int digest_key_length(int nid)
+-{
+- int i;
-
+- for (i = 0; digests[i].id; i++)
+- if (digests[i].nid == nid)
+- return digests[i].keylen;
+- return (0);
+-}
+
static int cryptodev_digest_init(EVP_MD_CTX *ctx)
{
- struct dev_crypto_state *state = ctx->md_data;
-@@ -682,7 +677,6 @@ static int cryptodev_digest_init(EVP_MD_
- printf("cryptodev_digest_init: Can't get digest \n");
- return (0);
- }
+- struct dev_crypto_state *state = ctx->md_data;
+- struct session_op *sess = &state->d_sess;
+- int digest;
-
- memset(state, 0, sizeof(struct dev_crypto_state));
+- if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef) {
+- printf("cryptodev_digest_init: Can't get digest \n");
+- return (0);
+- }
++ struct dev_crypto_state *state = ctx->md_data;
++ struct session_op *sess = &state->d_sess;
++ int digest;
+
+- memset(state, 0, sizeof(struct dev_crypto_state));
++ if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){
++ printf("cryptodev_digest_init: Can't get digest \n");
++ return (0);
++ }
++ memset(state, 0, sizeof(struct dev_crypto_state));
- if ((state->d_fd = get_dev_crypto()) < 0) {
-@@ -690,8 +684,8 @@ static int cryptodev_digest_init(EVP_MD_
- return (0);
- }
+- if ((state->d_fd = get_dev_crypto()) < 0) {
+- printf("cryptodev_digest_init: Can't get Dev \n");
+- return (0);
+- }
++ if ((state->d_fd = get_dev_crypto()) < 0) {
++ printf("cryptodev_digest_init: Can't get Dev \n");
++ return (0);
++ }
-- sess->mackey = state->dummy_mac_key;
-- sess->mackeylen = digest_key_length(ctx->digest->type);
+- sess->mackey = state->dummy_mac_key;
+- sess->mackeylen = digest_key_length(ctx->digest->type);
+- sess->mac = digest;
+ sess->mackey = NULL;
+ sess->mackeylen = 0;
- sess->mac = digest;
++ sess->mac = digest;
+
+- if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
+- put_dev_crypto(state->d_fd);
+- state->d_fd = -1;
+- printf("cryptodev_digest_init: Open session failed\n");
+- return (0);
+- }
++ if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
++ put_dev_crypto(state->d_fd);
++ state->d_fd = -1;
++ printf("cryptodev_digest_init: Open session failed\n");
++ return (0);
++ }
+
+- return (1);
++ return (1);
+ }
- if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-@@ -707,8 +701,8 @@ static int cryptodev_digest_init(EVP_MD_
static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
- size_t count)
+- size_t count)
++ size_t count)
{
-- struct crypt_op cryp;
- struct dev_crypto_state *state = ctx->md_data;
+- struct crypt_op cryp;
+- struct dev_crypto_state *state = ctx->md_data;
+- struct session_op *sess = &state->d_sess;
+-
+- if (!data || state->d_fd < 0) {
+- printf("cryptodev_digest_update: illegal inputs \n");
+- return (0);
+- }
++ struct dev_crypto_state *state = ctx->md_data;
+ struct crypt_op cryp;
- struct session_op *sess = &state->d_sess;
++ struct session_op *sess = &state->d_sess;
- if (!data || state->d_fd < 0) {
-@@ -717,7 +711,7 @@ static int cryptodev_digest_update(EVP_M
- }
+- if (!count) {
+- return (0);
+- }
++ if (!data || state->d_fd < 0) {
++ printf("cryptodev_digest_update: illegal inputs \n");
++ return (0);
++ }
- if (!count) {
-- return (0);
+- if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
+- /* if application doesn't support one buffer */
+- state->mac_data =
+- OPENSSL_realloc(state->mac_data, state->mac_len + count);
++ if (!count) {
+ return (1);
- }
-
- if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
-@@ -740,9 +734,9 @@ static int cryptodev_digest_update(EVP_M
- cryp.ses = sess->ses;
- cryp.flags = 0;
- cryp.len = count;
-- cryp.src = (caddr_t) data;
++ }
+
+- if (!state->mac_data) {
+- printf("cryptodev_digest_update: realloc failed\n");
+- return (0);
+- }
++ if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
++ /* if application doesn't support one buffer */
++ state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count);
+
+- memcpy(state->mac_data + state->mac_len, data, count);
+- state->mac_len += count;
++ if (!state->mac_data) {
++ printf("cryptodev_digest_update: realloc failed\n");
++ return (0);
++ }
+
+- return (1);
+- }
++ memcpy(state->mac_data + state->mac_len, data, count);
++ state->mac_len += count;
++
++ return (1);
++ }
+
+- memset(&cryp, 0, sizeof(cryp));
++ memset(&cryp, 0, sizeof(cryp));
+
+- cryp.ses = sess->ses;
+- cryp.flags = 0;
+- cryp.len = count;
+- cryp.src = (caddr_t) data;
+- cryp.dst = NULL;
+- cryp.mac = (caddr_t) state->digest_res;
+- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+- printf("cryptodev_digest_update: digest failed\n");
+- return (0);
+- }
+- return (1);
++ cryp.ses = sess->ses;
++ cryp.flags = 0;
++ cryp.len = count;
+ cryp.src = (void*) data;
- cryp.dst = NULL;
-- cryp.mac = (caddr_t) state->digest_res;
++ cryp.dst = NULL;
+ cryp.mac = (void*) state->digest_res;
- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
- printf("cryptodev_digest_update: digest failed\n");
- return (0);
-@@ -757,8 +751,6 @@ static int cryptodev_digest_final(EVP_MD
- struct dev_crypto_state *state = ctx->md_data;
- struct session_op *sess = &state->d_sess;
-
-- int ret = 1;
++ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
++ printf("cryptodev_digest_update: digest failed\n");
++ return (0);
++ }
++ return (1);
+ }
+
++
+ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+ {
+- struct crypt_op cryp;
+- struct dev_crypto_state *state = ctx->md_data;
+- struct session_op *sess = &state->d_sess;
-
- if (!md || state->d_fd < 0) {
- printf("cryptodev_digest_final: illegal input\n");
- return(0);
-@@ -772,7 +764,7 @@ static int cryptodev_digest_final(EVP_MD
- cryp.len = state->mac_len;
- cryp.src = state->mac_data;
- cryp.dst = NULL;
-- cryp.mac = (caddr_t)md;
+- int ret = 1;
++ struct crypt_op cryp;
++ struct dev_crypto_state *state = ctx->md_data;
++ struct session_op *sess = &state->d_sess;
+
+- if (!md || state->d_fd < 0) {
+- printf("cryptodev_digest_final: illegal input\n");
+- return (0);
+- }
++ if (!md || state->d_fd < 0) {
++ printf("cryptodev_digest_final: illegal input\n");
++ return(0);
++ }
+
+- if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
+- /* if application doesn't support one buffer */
+- memset(&cryp, 0, sizeof(cryp));
+- cryp.ses = sess->ses;
+- cryp.flags = 0;
+- cryp.len = state->mac_len;
+- cryp.src = state->mac_data;
+- cryp.dst = NULL;
+- cryp.mac = (caddr_t) md;
+- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+- printf("cryptodev_digest_final: digest failed\n");
+- return (0);
+- }
++ if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
++ /* if application doesn't support one buffer */
++ memset(&cryp, 0, sizeof(cryp));
++ cryp.ses = sess->ses;
++ cryp.flags = 0;
++ cryp.len = state->mac_len;
++ cryp.src = state->mac_data;
++ cryp.dst = NULL;
+ cryp.mac = (void*)md;
- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
- printf("cryptodev_digest_final: digest failed\n");
- return (0);
-@@ -783,7 +775,7 @@ static int cryptodev_digest_final(EVP_MD
++ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
++ printf("cryptodev_digest_final: digest failed\n");
++ return (0);
++ }
- memcpy(md, state->digest_res, ctx->digest->md_size);
+- return 1;
+- }
++ return 1;
++ }
-- return (ret);
+- memcpy(md, state->digest_res, ctx->digest->md_size);
++ memcpy(md, state->digest_res, ctx->digest->md_size);
+
+- return (ret);
+ return 1;
}
++
+ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
+ {
+- int ret = 1;
+- struct dev_crypto_state *state = ctx->md_data;
+- struct session_op *sess = &state->d_sess;
++ int ret = 1;
++ struct dev_crypto_state *state = ctx->md_data;
++ struct session_op *sess = &state->d_sess;
+
+- if (state == NULL)
+- return 0;
++ if (state == NULL)
++ return 0;
-@@ -835,8 +827,8 @@ static int cryptodev_digest_copy(EVP_MD_
+- if (state->d_fd < 0) {
+- printf("cryptodev_digest_cleanup: illegal input\n");
+- return (0);
+- }
++ if (state->d_fd < 0) {
++ printf("cryptodev_digest_cleanup: illegal input\n");
++ return (0);
++ }
- digest = digest_nid_to_cryptodev(to->digest->type);
+- if (state->mac_data) {
+- OPENSSL_free(state->mac_data);
+- state->mac_data = NULL;
+- state->mac_len = 0;
+- }
++ if (state->mac_data) {
++ OPENSSL_free(state->mac_data);
++ state->mac_data = NULL;
++ state->mac_len = 0;
++ }
-- sess->mackey = dstate->dummy_mac_key;
-- sess->mackeylen = digest_key_length(to->digest->type);
+- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
+- printf("cryptodev_digest_cleanup: failed to close session\n");
+- ret = 0;
+- } else {
+- ret = 1;
+- }
+- put_dev_crypto(state->d_fd);
+- state->d_fd = -1;
++ if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
++ printf("cryptodev_digest_cleanup: failed to close session\n");
++ ret = 0;
++ } else {
++ ret = 1;
++ }
++ put_dev_crypto(state->d_fd);
++ state->d_fd = -1;
+
+- return (ret);
++ return (ret);
+ }
+
+-static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
++static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
+ {
+- struct dev_crypto_state *fstate = from->md_data;
+- struct dev_crypto_state *dstate = to->md_data;
+- struct session_op *sess;
+- int digest;
++ struct dev_crypto_state *fstate = from->md_data;
++ struct dev_crypto_state *dstate = to->md_data;
++ struct session_op *sess;
++ int digest;
+
+- if (dstate == NULL || fstate == NULL)
+- return 1;
++ if (dstate == NULL || fstate == NULL)
++ return 1;
+
+- memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
++ memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
+
+- sess = &dstate->d_sess;
++ sess = &dstate->d_sess;
+
+- digest = digest_nid_to_cryptodev(to->digest->type);
++ digest = digest_nid_to_cryptodev(to->digest->type);
+
+- sess->mackey = dstate->dummy_mac_key;
+- sess->mackeylen = digest_key_length(to->digest->type);
+- sess->mac = digest;
+ sess->mackey = NULL;
+ sess->mackeylen = 0;
- sess->mac = digest;
++ sess->mac = digest;
- dstate->d_fd = get_dev_crypto();
-@@ -861,34 +853,79 @@ static int cryptodev_digest_copy(EVP_MD_
- }
+- dstate->d_fd = get_dev_crypto();
++ dstate->d_fd = get_dev_crypto();
+- if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
+- put_dev_crypto(dstate->d_fd);
+- dstate->d_fd = -1;
+- printf("cryptodev_digest_init: Open session failed\n");
+- return (0);
+- }
++ if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
++ put_dev_crypto(dstate->d_fd);
++ dstate->d_fd = -1;
++ printf("cryptodev_digest_init: Open session failed\n");
++ return (0);
++ }
+
+- if (fstate->mac_len != 0) {
+- if (fstate->mac_data != NULL) {
+- dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
+- memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
+- dstate->mac_len = fstate->mac_len;
+- }
+- }
++ if (fstate->mac_len != 0) {
++ if (fstate->mac_data != NULL)
++ {
++ dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
++ memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
++ dstate->mac_len = fstate->mac_len;
++ }
++ }
+
+- return 1;
++ return 1;
+ }
-const EVP_MD cryptodev_sha1 = {
+- NID_sha1,
+- NID_undef,
+- SHA_DIGEST_LENGTH,
+- EVP_MD_FLAG_ONESHOT,
+- cryptodev_digest_init,
+- cryptodev_digest_update,
+- cryptodev_digest_final,
+- cryptodev_digest_copy,
+- cryptodev_digest_cleanup,
+- EVP_PKEY_NULL_method,
+- SHA_CBLOCK,
+- sizeof(struct dev_crypto_state),
++
+static const EVP_MD cryptodev_sha1 = {
- NID_sha1,
-- NID_undef,
++ NID_sha1,
+ NID_sha1WithRSAEncryption,
- SHA_DIGEST_LENGTH,
-- EVP_MD_FLAG_ONESHOT,
++ SHA_DIGEST_LENGTH,
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT,
- cryptodev_digest_init,
- cryptodev_digest_update,
- cryptodev_digest_final,
- cryptodev_digest_copy,
- cryptodev_digest_cleanup,
-- EVP_PKEY_NULL_method,
++ cryptodev_digest_init,
++ cryptodev_digest_update,
++ cryptodev_digest_final,
++ cryptodev_digest_copy,
++ cryptodev_digest_cleanup,
+ EVP_PKEY_RSA_method,
- SHA_CBLOCK,
-- sizeof(struct dev_crypto_state),
++ SHA_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
};
-const EVP_MD cryptodev_md5 = {
+- NID_md5,
+- NID_undef,
+- 16 /* MD5_DIGEST_LENGTH */ ,
+- EVP_MD_FLAG_ONESHOT,
+- cryptodev_digest_init,
+- cryptodev_digest_update,
+- cryptodev_digest_final,
+- cryptodev_digest_copy,
+- cryptodev_digest_cleanup,
+- EVP_PKEY_NULL_method,
+- 64 /* MD5_CBLOCK */ ,
+- sizeof(struct dev_crypto_state),
+static const EVP_MD cryptodev_sha256 = {
+ NID_sha256,
+ NID_sha256WithRSAEncryption,
@@ -265,8 +1517,9 @@
+ EVP_PKEY_RSA_method,
+ SHA256_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
-+};
-+
+ };
+
+-# endif /* USE_CRYPTODEV_DIGESTS */
+static const EVP_MD cryptodev_sha384 = {
+ NID_sha384,
+ NID_sha384WithRSAEncryption,
@@ -298,29 +1551,55 @@
+};
+
+static const EVP_MD cryptodev_md5 = {
- NID_md5,
-- NID_undef,
++ NID_md5,
+ NID_md5WithRSAEncryption,
- 16 /* MD5_DIGEST_LENGTH */,
-- EVP_MD_FLAG_ONESHOT,
++ 16 /* MD5_DIGEST_LENGTH */,
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT,
- cryptodev_digest_init,
- cryptodev_digest_update,
- cryptodev_digest_final,
- cryptodev_digest_copy,
- cryptodev_digest_cleanup,
-- EVP_PKEY_NULL_method,
++ cryptodev_digest_init,
++ cryptodev_digest_update,
++ cryptodev_digest_final,
++ cryptodev_digest_copy,
++ cryptodev_digest_cleanup,
+ EVP_PKEY_RSA_method,
- 64 /* MD5_CBLOCK */,
-- sizeof(struct dev_crypto_state),
++ 64 /* MD5_CBLOCK */,
+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
- };
++};
++
++#endif /* USE_CRYPTODEV_DIGESTS */
++
- #endif /* USE_CRYPTODEV_DIGESTS */
-@@ -909,6 +946,15 @@ cryptodev_engine_digests(ENGINE *e, cons
- case NID_sha1:
- *digest = &cryptodev_sha1;
- break;
+ static int
+ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+- const int **nids, int nid)
++ const int **nids, int nid)
+ {
+- if (!digest)
+- return (cryptodev_usable_digests(nids));
++ if (!digest)
++ return (cryptodev_usable_digests(nids));
+
+- switch (nid) {
+-# ifdef USE_CRYPTODEV_DIGESTS
+- case NID_md5:
+- *digest = &cryptodev_md5;
+- break;
+- case NID_sha1:
+- *digest = &cryptodev_sha1;
+- break;
+- default:
+-# endif /* USE_CRYPTODEV_DIGESTS */
+- *digest = NULL;
+- break;
+- }
+- return (*digest != NULL);
++ switch (nid) {
++#ifdef USE_CRYPTODEV_DIGESTS
++ case NID_md5:
++ *digest = &cryptodev_md5;
++ break;
++ case NID_sha1:
++ *digest = &cryptodev_sha1;
++ break;
+ case NID_sha256:
+ *digest = &cryptodev_sha256;
+ break;
@@ -330,51 +1609,931 @@
+ case NID_sha512:
+ *digest = &cryptodev_sha512;
+ break;
- default:
- #endif /* USE_CRYPTODEV_DIGESTS */
- *digest = NULL;
-@@ -940,7 +986,7 @@ bn2crparam(const BIGNUM *a, struct crpar
- return (1);
- memset(b, 0, bytes);
-
-- crp->crp_p = (caddr_t) b;
++ default:
++#endif /* USE_CRYPTODEV_DIGESTS */
++ *digest = NULL;
++ break;
++ }
++ return (*digest != NULL);
+ }
+
+ /*
+@@ -1005,423 +968,419 @@ cryptodev_engine_digests(ENGINE *e, cons
+ * Upon completion of use, the caller is responsible for freeing
+ * crp->crp_p.
+ */
+-static int bn2crparam(const BIGNUM *a, struct crparam *crp)
++static int
++bn2crparam(const BIGNUM *a, struct crparam *crp)
+ {
+- int i, j, k;
+- ssize_t bytes, bits;
+- u_char *b;
++ int i, j, k;
++ ssize_t bytes, bits;
++ u_char *b;
+
+- crp->crp_p = NULL;
+- crp->crp_nbits = 0;
++ crp->crp_p = NULL;
++ crp->crp_nbits = 0;
+
+- bits = BN_num_bits(a);
+- bytes = (bits + 7) / 8;
++ bits = BN_num_bits(a);
++ bytes = (bits + 7) / 8;
+
+- b = malloc(bytes);
+- if (b == NULL)
+- return (1);
+- memset(b, 0, bytes);
++ b = malloc(bytes);
++ if (b == NULL)
++ return (1);
++ memset(b, 0, bytes);
+
+- crp->crp_p = (caddr_t) b;
+- crp->crp_nbits = bits;
+ crp->crp_p = (void*) b;
- crp->crp_nbits = bits;
++ crp->crp_nbits = bits;
+
+- for (i = 0, j = 0; i < a->top; i++) {
+- for (k = 0; k < BN_BITS2 / 8; k++) {
+- if ((j + k) >= bytes)
+- return (0);
+- b[j + k] = a->d[i] >> (k * 8);
+- }
+- j += BN_BITS2 / 8;
+- }
+- return (0);
++ for (i = 0, j = 0; i < a->top; i++) {
++ for (k = 0; k < BN_BITS2 / 8; k++) {
++ if ((j + k) >= bytes)
++ return (0);
++ b[j + k] = a->d[i] >> (k * 8);
++ }
++ j += BN_BITS2 / 8;
++ }
++ return (0);
+ }
+
+ /* Convert a /dev/crypto parameter to a BIGNUM */
+-static int crparam2bn(struct crparam *crp, BIGNUM *a)
++static int
++crparam2bn(struct crparam *crp, BIGNUM *a)
+ {
+- u_int8_t *pd;
+- int i, bytes;
++ u_int8_t *pd;
++ int i, bytes;
+
+- bytes = (crp->crp_nbits + 7) / 8;
++ bytes = (crp->crp_nbits + 7) / 8;
+
+- if (bytes == 0)
+- return (-1);
++ if (bytes == 0)
++ return (-1);
+
+- if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
+- return (-1);
++ if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
++ return (-1);
+
+- for (i = 0; i < bytes; i++)
+- pd[i] = crp->crp_p[bytes - i - 1];
++ for (i = 0; i < bytes; i++)
++ pd[i] = crp->crp_p[bytes - i - 1];
+
+- BN_bin2bn(pd, bytes, a);
+- free(pd);
++ BN_bin2bn(pd, bytes, a);
++ free(pd);
+
+- return (0);
++ return (0);
+ }
+
+-static void zapparams(struct crypt_kop *kop)
++static void
++zapparams(struct crypt_kop *kop)
+ {
+- int i;
++ int i;
+
+- for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
+- if (kop->crk_param[i].crp_p)
+- free(kop->crk_param[i].crp_p);
+- kop->crk_param[i].crp_p = NULL;
+- kop->crk_param[i].crp_nbits = 0;
+- }
++ for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
++ if (kop->crk_param[i].crp_p)
++ free(kop->crk_param[i].crp_p);
++ kop->crk_param[i].crp_p = NULL;
++ kop->crk_param[i].crp_nbits = 0;
++ }
+ }
+
+ static int
+-cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+- BIGNUM *s)
++cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
+ {
+- int fd, ret = -1;
++ int fd, ret = -1;
+
+- if ((fd = get_asym_dev_crypto()) < 0)
+- return (ret);
++ if ((fd = get_asym_dev_crypto()) < 0)
++ return (ret);
+
+- if (r) {
+- kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
+- kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
+- kop->crk_oparams++;
+- }
+- if (s) {
+- kop->crk_param[kop->crk_iparams + 1].crp_p =
+- calloc(slen, sizeof(char));
+- kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
+- kop->crk_oparams++;
+- }
++ if (r) {
++ kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
++ kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
++ kop->crk_oparams++;
++ }
++ if (s) {
++ kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
++ kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
++ kop->crk_oparams++;
++ }
+
+- if (ioctl(fd, CIOCKEY, kop) == 0) {
+- if (r)
+- crparam2bn(&kop->crk_param[kop->crk_iparams], r);
+- if (s)
+- crparam2bn(&kop->crk_param[kop->crk_iparams + 1], s);
+- ret = 0;
+- }
++ if (ioctl(fd, CIOCKEY, kop) == 0) {
++ if (r)
++ crparam2bn(&kop->crk_param[kop->crk_iparams], r);
++ if (s)
++ crparam2bn(&kop->crk_param[kop->crk_iparams+1], s);
++ ret = 0;
++ }
+
+- return (ret);
++ return (ret);
+ }
+
+ static int
+ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
++ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+ {
+- struct crypt_kop kop;
+- int ret = 1;
++ struct crypt_kop kop;
++ int ret = 1;
+
+- /*
+- * Currently, we know we can do mod exp iff we can do any asymmetric
+- * operations at all.
+- */
+- if (cryptodev_asymfeat == 0) {
+- ret = BN_mod_exp(r, a, p, m, ctx);
+- return (ret);
+- }
++ /* Currently, we know we can do mod exp iff we can do any
++ * asymmetric operations at all.
++ */
++ if (cryptodev_asymfeat == 0) {
++ ret = BN_mod_exp(r, a, p, m, ctx);
++ return (ret);
++ }
+
+- memset(&kop, 0, sizeof kop);
+- kop.crk_op = CRK_MOD_EXP;
++ memset(&kop, 0, sizeof kop);
++ kop.crk_op = CRK_MOD_EXP;
+
+- /* inputs: a^p % m */
+- if (bn2crparam(a, &kop.crk_param[0]))
+- goto err;
+- if (bn2crparam(p, &kop.crk_param[1]))
+- goto err;
+- if (bn2crparam(m, &kop.crk_param[2]))
+- goto err;
+- kop.crk_iparams = 3;
++ /* inputs: a^p % m */
++ if (bn2crparam(a, &kop.crk_param[0]))
++ goto err;
++ if (bn2crparam(p, &kop.crk_param[1]))
++ goto err;
++ if (bn2crparam(m, &kop.crk_param[2]))
++ goto err;
++ kop.crk_iparams = 3;
+
+- if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
+- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+- printf("OCF asym process failed, Running in software\n");
+- ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
++ if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
++ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
++ printf("OCF asym process failed, Running in software\n");
++ ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
+
+- } else if (ECANCELED == kop.crk_status) {
+- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+- printf("OCF hardware operation cancelled. Running in Software\n");
+- ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
+- }
+- /* else cryptodev operation worked ok ==> ret = 1 */
++ } else if (ECANCELED == kop.crk_status) {
++ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
++ printf("OCF hardware operation cancelled. Running in Software\n");
++ ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
++ }
++ /* else cryptodev operation worked ok ==> ret = 1*/
+
+- err:
+- zapparams(&kop);
+- return (ret);
++err:
++ zapparams(&kop);
++ return (ret);
+ }
+
+ static int
+-cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+- BN_CTX *ctx)
++cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+ {
+- int r;
+- ctx = BN_CTX_new();
+- r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
+- BN_CTX_free(ctx);
+- return (r);
++ int r;
++ ctx = BN_CTX_new();
++ r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
++ BN_CTX_free(ctx);
++ return (r);
+ }
+
+ static int
+ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+ {
+- struct crypt_kop kop;
+- int ret = 1;
++ struct crypt_kop kop;
++ int ret = 1;
+
+- if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+- /* XXX 0 means failure?? */
+- return (0);
+- }
++ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
++ /* XXX 0 means failure?? */
++ return (0);
++ }
+
+- memset(&kop, 0, sizeof kop);
+- kop.crk_op = CRK_MOD_EXP_CRT;
+- /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
+- if (bn2crparam(rsa->p, &kop.crk_param[0]))
+- goto err;
+- if (bn2crparam(rsa->q, &kop.crk_param[1]))
+- goto err;
+- if (bn2crparam(I, &kop.crk_param[2]))
+- goto err;
+- if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
+- goto err;
+- if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
+- goto err;
+- if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
+- goto err;
+- kop.crk_iparams = 6;
++ memset(&kop, 0, sizeof kop);
++ kop.crk_op = CRK_MOD_EXP_CRT;
++ /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
++ if (bn2crparam(rsa->p, &kop.crk_param[0]))
++ goto err;
++ if (bn2crparam(rsa->q, &kop.crk_param[1]))
++ goto err;
++ if (bn2crparam(I, &kop.crk_param[2]))
++ goto err;
++ if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
++ goto err;
++ if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
++ goto err;
++ if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
++ goto err;
++ kop.crk_iparams = 6;
+
+- if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
+- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+- printf("OCF asym process failed, running in Software\n");
+- ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
++ if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
++ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
++ printf("OCF asym process failed, running in Software\n");
++ ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
+
+- } else if (ECANCELED == kop.crk_status) {
+- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+- printf("OCF hardware operation cancelled. Running in Software\n");
+- ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
+- }
+- /* else cryptodev operation worked ok ==> ret = 1 */
++ } else if (ECANCELED == kop.crk_status) {
++ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
++ printf("OCF hardware operation cancelled. Running in Software\n");
++ ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
++ }
++ /* else cryptodev operation worked ok ==> ret = 1*/
+
+- err:
+- zapparams(&kop);
+- return (ret);
++err:
++ zapparams(&kop);
++ return (ret);
+ }
+
+ static RSA_METHOD cryptodev_rsa = {
+- "cryptodev RSA method",
+- NULL, /* rsa_pub_enc */
+- NULL, /* rsa_pub_dec */
+- NULL, /* rsa_priv_enc */
+- NULL, /* rsa_priv_dec */
+- NULL,
+- NULL,
+- NULL, /* init */
+- NULL, /* finish */
+- 0, /* flags */
+- NULL, /* app_data */
+- NULL, /* rsa_sign */
+- NULL /* rsa_verify */
++ "cryptodev RSA method",
++ NULL, /* rsa_pub_enc */
++ NULL, /* rsa_pub_dec */
++ NULL, /* rsa_priv_enc */
++ NULL, /* rsa_priv_dec */
++ NULL,
++ NULL,
++ NULL, /* init */
++ NULL, /* finish */
++ 0, /* flags */
++ NULL, /* app_data */
++ NULL, /* rsa_sign */
++ NULL /* rsa_verify */
+ };
+
+ static int
+ cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
++ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+ {
+- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
++ return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+ }
+
+ static int
+ cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+- BN_CTX *ctx, BN_MONT_CTX *mont)
++ BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
++ BN_CTX *ctx, BN_MONT_CTX *mont)
+ {
+- BIGNUM t2;
+- int ret = 0;
++ BIGNUM t2;
++ int ret = 0;
+
+- BN_init(&t2);
++ BN_init(&t2);
+
+- /* v = ( g^u1 * y^u2 mod p ) mod q */
+- /* let t1 = g ^ u1 mod p */
+- ret = 0;
++ /* v = ( g^u1 * y^u2 mod p ) mod q */
++ /* let t1 = g ^ u1 mod p */
++ ret = 0;
+
+- if (!dsa->meth->bn_mod_exp(dsa, t1, dsa->g, u1, dsa->p, ctx, mont))
+- goto err;
++ if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
++ goto err;
+
+- /* let t2 = y ^ u2 mod p */
+- if (!dsa->meth->bn_mod_exp(dsa, &t2, dsa->pub_key, u2, dsa->p, ctx, mont))
+- goto err;
+- /* let u1 = t1 * t2 mod p */
+- if (!BN_mod_mul(u1, t1, &t2, dsa->p, ctx))
+- goto err;
++ /* let t2 = y ^ u2 mod p */
++ if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
++ goto err;
++ /* let u1 = t1 * t2 mod p */
++ if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
++ goto err;
- for (i = 0, j = 0; i < a->top; i++) {
-@@ -1193,7 +1239,7 @@ cryptodev_dsa_do_sign(const unsigned cha
- kop.crk_op = CRK_DSA_SIGN;
+- BN_copy(t1, u1);
++ BN_copy(t1,u1);
- /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-- kop.crk_param[0].crp_p = (caddr_t)dgst;
+- ret = 1;
+- err:
+- BN_free(&t2);
+- return (ret);
++ ret = 1;
++err:
++ BN_free(&t2);
++ return(ret);
+ }
+
+-static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
+- DSA *dsa)
++static DSA_SIG *
++cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+ {
+- struct crypt_kop kop;
+- BIGNUM *r = NULL, *s = NULL;
+- DSA_SIG *dsaret = NULL;
++ struct crypt_kop kop;
++ BIGNUM *r = NULL, *s = NULL;
++ DSA_SIG *dsaret = NULL;
+
+- if ((r = BN_new()) == NULL)
+- goto err;
+- if ((s = BN_new()) == NULL) {
+- BN_free(r);
+- goto err;
+- }
++ if ((r = BN_new()) == NULL)
++ goto err;
++ if ((s = BN_new()) == NULL) {
++ BN_free(r);
++ goto err;
++ }
+
+- memset(&kop, 0, sizeof kop);
+- kop.crk_op = CRK_DSA_SIGN;
++ memset(&kop, 0, sizeof kop);
++ kop.crk_op = CRK_DSA_SIGN;
+
+- /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+- kop.crk_param[0].crp_p = (caddr_t) dgst;
+- kop.crk_param[0].crp_nbits = dlen * 8;
+- if (bn2crparam(dsa->p, &kop.crk_param[1]))
+- goto err;
+- if (bn2crparam(dsa->q, &kop.crk_param[2]))
+- goto err;
+- if (bn2crparam(dsa->g, &kop.crk_param[3]))
+- goto err;
+- if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
+- goto err;
+- kop.crk_iparams = 5;
++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+ kop.crk_param[0].crp_p = (void*)dgst;
- kop.crk_param[0].crp_nbits = dlen * 8;
- if (bn2crparam(dsa->p, &kop.crk_param[1]))
- goto err;
-@@ -1233,7 +1279,7 @@ cryptodev_dsa_verify(const unsigned char
- kop.crk_op = CRK_DSA_VERIFY;
-
- /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
-- kop.crk_param[0].crp_p = (caddr_t)dgst;
++ kop.crk_param[0].crp_nbits = dlen * 8;
++ if (bn2crparam(dsa->p, &kop.crk_param[1]))
++ goto err;
++ if (bn2crparam(dsa->q, &kop.crk_param[2]))
++ goto err;
++ if (bn2crparam(dsa->g, &kop.crk_param[3]))
++ goto err;
++ if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
++ goto err;
++ kop.crk_iparams = 5;
+
+- if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
+- BN_num_bytes(dsa->q), s) == 0) {
+- dsaret = DSA_SIG_new();
+- dsaret->r = r;
+- dsaret->s = s;
+- } else {
+- const DSA_METHOD *meth = DSA_OpenSSL();
+- BN_free(r);
+- BN_free(s);
+- dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);
+- }
+- err:
+- kop.crk_param[0].crp_p = NULL;
+- zapparams(&kop);
+- return (dsaret);
++ if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
++ BN_num_bytes(dsa->q), s) == 0) {
++ dsaret = DSA_SIG_new();
++ dsaret->r = r;
++ dsaret->s = s;
++ } else {
++ const DSA_METHOD *meth = DSA_OpenSSL();
++ BN_free(r);
++ BN_free(s);
++ dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
++ }
++err:
++ kop.crk_param[0].crp_p = NULL;
++ zapparams(&kop);
++ return (dsaret);
+ }
+
+ static int
+ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
+- DSA_SIG *sig, DSA *dsa)
++ DSA_SIG *sig, DSA *dsa)
+ {
+- struct crypt_kop kop;
+- int dsaret = 1;
++ struct crypt_kop kop;
++ int dsaret = 1;
+
+- memset(&kop, 0, sizeof kop);
+- kop.crk_op = CRK_DSA_VERIFY;
++ memset(&kop, 0, sizeof kop);
++ kop.crk_op = CRK_DSA_VERIFY;
+
+- /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
+- kop.crk_param[0].crp_p = (caddr_t) dgst;
+- kop.crk_param[0].crp_nbits = dlen * 8;
+- if (bn2crparam(dsa->p, &kop.crk_param[1]))
+- goto err;
+- if (bn2crparam(dsa->q, &kop.crk_param[2]))
+- goto err;
+- if (bn2crparam(dsa->g, &kop.crk_param[3]))
+- goto err;
+- if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
+- goto err;
+- if (bn2crparam(sig->r, &kop.crk_param[5]))
+- goto err;
+- if (bn2crparam(sig->s, &kop.crk_param[6]))
+- goto err;
+- kop.crk_iparams = 7;
++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
+ kop.crk_param[0].crp_p = (void*)dgst;
- kop.crk_param[0].crp_nbits = dlen * 8;
- if (bn2crparam(dsa->p, &kop.crk_param[1]))
- goto err;
-@@ -1311,7 +1357,7 @@ cryptodev_dh_compute_key(unsigned char *
- goto err;
- kop.crk_iparams = 3;
-
-- kop.crk_param[3].crp_p = (caddr_t) key;
++ kop.crk_param[0].crp_nbits = dlen * 8;
++ if (bn2crparam(dsa->p, &kop.crk_param[1]))
++ goto err;
++ if (bn2crparam(dsa->q, &kop.crk_param[2]))
++ goto err;
++ if (bn2crparam(dsa->g, &kop.crk_param[3]))
++ goto err;
++ if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
++ goto err;
++ if (bn2crparam(sig->r, &kop.crk_param[5]))
++ goto err;
++ if (bn2crparam(sig->s, &kop.crk_param[6]))
++ goto err;
++ kop.crk_iparams = 7;
+
+- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
+- /*
+- * OCF success value is 0, if not zero, change dsaret to fail
+- */
+- if (0 != kop.crk_status)
+- dsaret = 0;
+- } else {
+- const DSA_METHOD *meth = DSA_OpenSSL();
++ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
++/*OCF success value is 0, if not zero, change dsaret to fail*/
++ if(0 != kop.crk_status) dsaret = 0;
++ } else {
++ const DSA_METHOD *meth = DSA_OpenSSL();
+
+- dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
+- }
+- err:
+- kop.crk_param[0].crp_p = NULL;
+- zapparams(&kop);
+- return (dsaret);
++ dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
++ }
++err:
++ kop.crk_param[0].crp_p = NULL;
++ zapparams(&kop);
++ return (dsaret);
+ }
+
+ static DSA_METHOD cryptodev_dsa = {
+- "cryptodev DSA method",
+- NULL,
+- NULL, /* dsa_sign_setup */
+- NULL,
+- NULL, /* dsa_mod_exp */
+- NULL,
+- NULL, /* init */
+- NULL, /* finish */
+- 0, /* flags */
+- NULL /* app_data */
++ "cryptodev DSA method",
++ NULL,
++ NULL, /* dsa_sign_setup */
++ NULL,
++ NULL, /* dsa_mod_exp */
++ NULL,
++ NULL, /* init */
++ NULL, /* finish */
++ 0, /* flags */
++ NULL /* app_data */
+ };
+
+ static int
+ cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+- BN_MONT_CTX *m_ctx)
++ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
++ BN_MONT_CTX *m_ctx)
+ {
+- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
++ return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+ }
+
+ static int
+ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+ {
+- struct crypt_kop kop;
+- int dhret = 1;
+- int fd, keylen;
++ struct crypt_kop kop;
++ int dhret = 1;
++ int fd, keylen;
+
+- if ((fd = get_asym_dev_crypto()) < 0) {
+- const DH_METHOD *meth = DH_OpenSSL();
++ if ((fd = get_asym_dev_crypto()) < 0) {
++ const DH_METHOD *meth = DH_OpenSSL();
+
+- return ((meth->compute_key) (key, pub_key, dh));
+- }
++ return ((meth->compute_key)(key, pub_key, dh));
++ }
+
+- keylen = BN_num_bits(dh->p);
++ keylen = BN_num_bits(dh->p);
+
+- memset(&kop, 0, sizeof kop);
+- kop.crk_op = CRK_DH_COMPUTE_KEY;
++ memset(&kop, 0, sizeof kop);
++ kop.crk_op = CRK_DH_COMPUTE_KEY;
+
+- /* inputs: dh->priv_key pub_key dh->p key */
+- if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
+- goto err;
+- if (bn2crparam(pub_key, &kop.crk_param[1]))
+- goto err;
+- if (bn2crparam(dh->p, &kop.crk_param[2]))
+- goto err;
+- kop.crk_iparams = 3;
++ /* inputs: dh->priv_key pub_key dh->p key */
++ if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
++ goto err;
++ if (bn2crparam(pub_key, &kop.crk_param[1]))
++ goto err;
++ if (bn2crparam(dh->p, &kop.crk_param[2]))
++ goto err;
++ kop.crk_iparams = 3;
+
+- kop.crk_param[3].crp_p = (caddr_t) key;
+- kop.crk_param[3].crp_nbits = keylen * 8;
+- kop.crk_oparams = 1;
+ kop.crk_param[3].crp_p = (void*) key;
- kop.crk_param[3].crp_nbits = keylen * 8;
- kop.crk_oparams = 1;
++ kop.crk_param[3].crp_nbits = keylen * 8;
++ kop.crk_oparams = 1;
+
+- if (ioctl(fd, CIOCKEY, &kop) == -1) {
+- const DH_METHOD *meth = DH_OpenSSL();
++ if (ioctl(fd, CIOCKEY, &kop) == -1) {
++ const DH_METHOD *meth = DH_OpenSSL();
+
+- dhret = (meth->compute_key) (key, pub_key, dh);
+- }
+- err:
+- kop.crk_param[3].crp_p = NULL;
+- zapparams(&kop);
+- return (dhret);
++ dhret = (meth->compute_key)(key, pub_key, dh);
++ }
++err:
++ kop.crk_param[3].crp_p = NULL;
++ zapparams(&kop);
++ return (dhret);
+ }
+
+ static DH_METHOD cryptodev_dh = {
+- "cryptodev DH method",
+- NULL, /* cryptodev_dh_generate_key */
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- 0, /* flags */
+- NULL /* app_data */
++ "cryptodev DH method",
++ NULL, /* cryptodev_dh_generate_key */
++ NULL,
++ NULL,
++ NULL,
++ NULL,
++ 0, /* flags */
++ NULL /* app_data */
+ };
+
+ /*
+@@ -1429,104 +1388,109 @@ static DH_METHOD cryptodev_dh = {
+ * but I expect we'll want some options soon.
+ */
+ static int
+-cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
++cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
+ {
+-# ifdef HAVE_SYSLOG_R
+- struct syslog_data sd = SYSLOG_DATA_INIT;
+-# endif
++#ifdef HAVE_SYSLOG_R
++ struct syslog_data sd = SYSLOG_DATA_INIT;
++#endif
-@@ -1385,7 +1431,7 @@ ENGINE_load_cryptodev(void)
- put_dev_crypto(fd);
+- switch (cmd) {
+- default:
+-# ifdef HAVE_SYSLOG_R
+- syslog_r(LOG_ERR, &sd, "cryptodev_ctrl: unknown command %d", cmd);
+-# else
+- syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
+-# endif
+- break;
+- }
+- return (1);
++ switch (cmd) {
++ default:
++#ifdef HAVE_SYSLOG_R
++ syslog_r(LOG_ERR, &sd,
++ "cryptodev_ctrl: unknown command %d", cmd);
++#else
++ syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
++#endif
++ break;
++ }
++ return (1);
+ }
- if (!ENGINE_set_id(engine, "cryptodev") ||
-- !ENGINE_set_name(engine, "BSD cryptodev engine") ||
+-void ENGINE_load_cryptodev(void)
++void
++ENGINE_load_cryptodev(void)
+ {
+- ENGINE *engine = ENGINE_new();
+- int fd;
++ ENGINE *engine = ENGINE_new();
++ int fd;
+
+- if (engine == NULL)
+- return;
+- if ((fd = get_dev_crypto()) < 0) {
+- ENGINE_free(engine);
+- return;
+- }
++ if (engine == NULL)
++ return;
++ if ((fd = get_dev_crypto()) < 0) {
++ ENGINE_free(engine);
++ return;
++ }
+
+- /*
+- * find out what asymmetric crypto algorithms we support
+- */
+- if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
+- put_dev_crypto(fd);
+- ENGINE_free(engine);
+- return;
+- }
+- put_dev_crypto(fd);
++ /*
++ * find out what asymmetric crypto algorithms we support
++ */
++ if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
++ put_dev_crypto(fd);
++ ENGINE_free(engine);
++ return;
++ }
++ put_dev_crypto(fd);
+
+- if (!ENGINE_set_id(engine, "cryptodev") ||
+- !ENGINE_set_name(engine, "BSD cryptodev engine") ||
+- !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
+- !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
+- !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
+- !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
+- ENGINE_free(engine);
+- return;
+- }
++ if (!ENGINE_set_id(engine, "cryptodev") ||
+ !ENGINE_set_name(engine, "cryptodev engine") ||
- !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
- !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
- !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
++ !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
++ !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
++ !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
++ !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
++ ENGINE_free(engine);
++ return;
++ }
+
+- if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
+- const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
++ if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
++ const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
+
+- cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
+- cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
+- cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
+- cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
+- cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
+- cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
+- if (cryptodev_asymfeat & CRF_MOD_EXP) {
+- cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
+- if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
+- cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_mod_exp;
+- else
+- cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_nocrt_mod_exp;
+- }
+- }
++ cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
++ cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
++ cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
++ cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
++ cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
++ cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
++ if (cryptodev_asymfeat & CRF_MOD_EXP) {
++ cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
++ if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
++ cryptodev_rsa.rsa_mod_exp =
++ cryptodev_rsa_mod_exp;
++ else
++ cryptodev_rsa.rsa_mod_exp =
++ cryptodev_rsa_nocrt_mod_exp;
++ }
++ }
+
+- if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
+- const DSA_METHOD *meth = DSA_OpenSSL();
++ if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
++ const DSA_METHOD *meth = DSA_OpenSSL();
+
+- memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
+- if (cryptodev_asymfeat & CRF_DSA_SIGN)
+- cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
+- if (cryptodev_asymfeat & CRF_MOD_EXP) {
+- cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
+- cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
+- }
+- if (cryptodev_asymfeat & CRF_DSA_VERIFY)
+- cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
+- }
++ memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
++ if (cryptodev_asymfeat & CRF_DSA_SIGN)
++ cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
++ if (cryptodev_asymfeat & CRF_MOD_EXP) {
++ cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
++ cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
++ }
++ if (cryptodev_asymfeat & CRF_DSA_VERIFY)
++ cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
++ }
+
+- if (ENGINE_set_DH(engine, &cryptodev_dh)) {
+- const DH_METHOD *dh_meth = DH_OpenSSL();
++ if (ENGINE_set_DH(engine, &cryptodev_dh)){
++ const DH_METHOD *dh_meth = DH_OpenSSL();
+
+- cryptodev_dh.generate_key = dh_meth->generate_key;
+- cryptodev_dh.compute_key = dh_meth->compute_key;
+- cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
+- if (cryptodev_asymfeat & CRF_MOD_EXP) {
+- cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
+- if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
+- cryptodev_dh.compute_key = cryptodev_dh_compute_key;
+- }
+- }
++ cryptodev_dh.generate_key = dh_meth->generate_key;
++ cryptodev_dh.compute_key = dh_meth->compute_key;
++ cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
++ if (cryptodev_asymfeat & CRF_MOD_EXP) {
++ cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
++ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
++ cryptodev_dh.compute_key =
++ cryptodev_dh_compute_key;
++ }
++ }
+
+- ENGINE_add(engine);
+- ENGINE_free(engine);
+- ERR_clear_error();
++ ENGINE_add(engine);
++ ENGINE_free(engine);
++ ERR_clear_error();
+ }
+
+-#endif /* HAVE_CRYPTODEV */
++#endif /* HAVE_CRYPTODEV */
diff --git a/package/openssl/patches/patch-crypto_opensslconf_h b/package/openssl/patches/patch-crypto_opensslconf_h
deleted file mode 100644
index 4961408c6..000000000
--- a/package/openssl/patches/patch-crypto_opensslconf_h
+++ /dev/null
@@ -1,193 +0,0 @@
---- openssl-1.0.1i.orig/crypto/opensslconf.h 2014-08-06 23:18:45.000000000 +0200
-+++ openssl-1.0.1i/crypto/opensslconf.h 2014-08-07 10:03:55.000000000 +0200
-@@ -5,12 +5,27 @@
- #ifndef OPENSSL_DOING_MAKEDEPEND
-
-
-+#ifndef OPENSSL_NO_AES192
-+# define OPENSSL_NO_AES192
-+#endif
-+#ifndef OPENSSL_NO_CAMELLIA
-+# define OPENSSL_NO_CAMELLIA
-+#endif
-+#ifndef OPENSSL_NO_CAST
-+# define OPENSSL_NO_CAST
-+#endif
- #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
- # define OPENSSL_NO_EC_NISTP_64_GCC_128
- #endif
-+#ifndef OPENSSL_NO_ENGINES
-+# define OPENSSL_NO_ENGINES
-+#endif
- #ifndef OPENSSL_NO_GMP
- # define OPENSSL_NO_GMP
- #endif
-+#ifndef OPENSSL_NO_IDEA
-+# define OPENSSL_NO_IDEA
-+#endif
- #ifndef OPENSSL_NO_JPAKE
- # define OPENSSL_NO_JPAKE
- #endif
-@@ -20,15 +35,27 @@
- #ifndef OPENSSL_NO_MD2
- # define OPENSSL_NO_MD2
- #endif
-+#ifndef OPENSSL_NO_MDC2
-+# define OPENSSL_NO_MDC2
-+#endif
- #ifndef OPENSSL_NO_RC5
- # define OPENSSL_NO_RC5
- #endif
- #ifndef OPENSSL_NO_RFC3779
- # define OPENSSL_NO_RFC3779
- #endif
-+#ifndef OPENSSL_NO_RIPEMD
-+# define OPENSSL_NO_RIPEMD
-+#endif
- #ifndef OPENSSL_NO_SCTP
- # define OPENSSL_NO_SCTP
- #endif
-+#ifndef OPENSSL_NO_SHA0
-+# define OPENSSL_NO_SHA0
-+#endif
-+#ifndef OPENSSL_NO_SMIME
-+# define OPENSSL_NO_SMIME
-+#endif
- #ifndef OPENSSL_NO_STORE
- # define OPENSSL_NO_STORE
- #endif
-@@ -38,8 +65,14 @@
-
- #endif /* OPENSSL_DOING_MAKEDEPEND */
-
--#ifndef OPENSSL_NO_DYNAMIC_ENGINE
--# define OPENSSL_NO_DYNAMIC_ENGINE
-+#ifndef OPENSSL_THREADS
-+# define OPENSSL_THREADS
-+#endif
-+#ifndef OPENSSL_NO_ERR
-+# define OPENSSL_NO_ERR
-+#endif
-+#ifndef OPENSSL_NO_STATIC_ENGINE
-+# define OPENSSL_NO_STATIC_ENGINE
- #endif
-
- /* The OPENSSL_NO_* macros are also defined as NO_* if the application
-@@ -47,12 +80,27 @@
- who haven't had the time to do the appropriate changes in their
- applications. */
- #ifdef OPENSSL_ALGORITHM_DEFINES
-+# if defined(OPENSSL_NO_AES192) && !defined(NO_AES192)
-+# define NO_AES192
-+# endif
-+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
-+# define NO_CAMELLIA
-+# endif
-+# if defined(OPENSSL_NO_CAST) && !defined(NO_CAST)
-+# define NO_CAST
-+# endif
- # if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
- # define NO_EC_NISTP_64_GCC_128
- # endif
-+# if defined(OPENSSL_NO_ENGINES) && !defined(NO_ENGINES)
-+# define NO_ENGINES
-+# endif
- # if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
- # define NO_GMP
- # endif
-+# if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA)
-+# define NO_IDEA
-+# endif
- # if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
- # define NO_JPAKE
- # endif
-@@ -62,15 +110,27 @@
- # if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
- # define NO_MD2
- # endif
-+# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
-+# define NO_MDC2
-+# endif
- # if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
- # define NO_RC5
- # endif
- # if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
- # define NO_RFC3779
- # endif
-+# if defined(OPENSSL_NO_RIPEMD) && !defined(NO_RIPEMD)
-+# define NO_RIPEMD
-+# endif
- # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
- # define NO_SCTP
- # endif
-+# if defined(OPENSSL_NO_SHA0) && !defined(NO_SHA0)
-+# define NO_SHA0
-+# endif
-+# if defined(OPENSSL_NO_SMIME) && !defined(NO_SMIME)
-+# define NO_SMIME
-+# endif
- # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
- # define NO_STORE
- # endif
-@@ -86,8 +146,8 @@
-
- #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
- #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
--#define ENGINESDIR "/usr/local/ssl/lib/engines"
--#define OPENSSLDIR "/usr/local/ssl"
-+#define ENGINESDIR "/usr/lib/engines"
-+#define OPENSSLDIR "/etc/ssl"
- #endif
- #endif
-
-@@ -118,14 +178,14 @@
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
--#define RC4_INT unsigned int
-+#define RC4_INT unsigned char
- #endif
- #if !defined(RC4_CHUNK)
- /*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
--#undef RC4_CHUNK
-+#define RC4_CHUNK unsigned long
- #endif
- #endif
-
-@@ -133,13 +193,13 @@
- /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
- #ifndef DES_LONG
--#define DES_LONG unsigned long
-+#define DES_LONG unsigned int
- #endif
- #endif
-
- #if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
- #define CONFIG_HEADER_BN_H
--#undef BN_LLONG
-+#define BN_LLONG
-
- /* Should we define BN_DIV2W here? */
-
-@@ -158,7 +218,7 @@
-
- #if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
- #define CONFIG_HEADER_BF_LOCL_H
--#undef BF_PTR
-+#define BF_PTR
- #endif /* HEADER_BF_LOCL_H */
-
- #if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-@@ -188,7 +248,7 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND D
- /* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
- #ifndef DES_UNROLL
--#undef DES_UNROLL
-+#define DES_UNROLL
- #endif
-
- /* These default values were supplied by
diff --git a/package/openssl/patches/patch-crypto_ui_ui_openssl_c b/package/openssl/patches/patch-crypto_ui_ui_openssl_c
deleted file mode 100644
index ac6d2a91f..000000000
--- a/package/openssl/patches/patch-crypto_ui_ui_openssl_c
+++ /dev/null
@@ -1,15 +0,0 @@
---- openssl-1.0.1e.orig/crypto/ui/ui_openssl.c 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ui/ui_openssl.c 2013-08-17 16:07:11.798623440 +0200
-@@ -190,12 +190,6 @@
- # undef SGTTY
- #endif
-
--#if defined(linux) && !defined(TERMIO)
--# undef TERMIOS
--# define TERMIO
--# undef SGTTY
--#endif
--
- #ifdef _LIBC
- # undef TERMIOS
- # define TERMIO
diff --git a/package/openssl/patches/patch-tools_c_rehash b/package/openssl/patches/patch-tools_c_rehash
index ae682d661..16acf856d 100644
--- a/package/openssl/patches/patch-tools_c_rehash
+++ b/package/openssl/patches/patch-tools_c_rehash
@@ -1,13 +1,13 @@
---- openssl-1.0.1e.orig/tools/c_rehash 2013-02-11 16:26:11.000000000 +0100
-+++ openssl-1.0.1e/tools/c_rehash 2013-08-17 16:07:16.970558422 +0200
-@@ -6,8 +6,8 @@
-
- my $openssl;
+--- openssl-1.0.2a.orig/tools/c_rehash 2015-03-19 14:31:17.000000000 +0100
++++ openssl-1.0.2a/tools/c_rehash 2015-04-06 10:52:37.395255700 +0200
+@@ -3,8 +3,8 @@
+ # Perl c_rehash script, scan all files in a directory
+ # and add symbolic links to their hash values.
-my $dir = "/usr/local/ssl";
-my $prefix = "/usr/local/ssl";
+my $dir = "/etc/ssl";
+my $prefix = "/usr";
- if(defined $ENV{OPENSSL}) {
- $openssl = $ENV{OPENSSL};
+ my $openssl = $ENV{OPENSSL} || "openssl";
+ my $pwd;