diff options
Diffstat (limited to 'package/openssl/patches/patch-crypto_engine_eng_cryptodev_c')
-rw-r--r-- | package/openssl/patches/patch-crypto_engine_eng_cryptodev_c | 2613 |
1 files changed, 2386 insertions, 227 deletions
diff --git a/package/openssl/patches/patch-crypto_engine_eng_cryptodev_c b/package/openssl/patches/patch-crypto_engine_eng_cryptodev_c index 7b8898a5d..603e33133 100644 --- a/package/openssl/patches/patch-crypto_engine_eng_cryptodev_c +++ b/package/openssl/patches/patch-crypto_engine_eng_cryptodev_c @@ -1,5 +1,5 @@ ---- openssl-1.0.1e.orig/crypto/engine/eng_cryptodev.c 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/engine/eng_cryptodev.c 2013-08-09 16:51:49.915851335 +0200 +--- openssl-1.0.2a.orig/crypto/engine/eng_cryptodev.c 2015-03-19 14:30:36.000000000 +0100 ++++ openssl-1.0.2a/crypto/engine/eng_cryptodev.c 2015-02-02 21:02:31.009892700 +0100 @@ -2,6 +2,7 @@ * Copyright (c) 2002 Bob Beck <beck@openbsd.org> * Copyright (c) 2002 Theo de Raadt @@ -8,250 +8,1502 @@ * All rights reserved. * * Redistribution and use in source and binary forms, with or without -@@ -74,9 +75,7 @@ struct dev_crypto_state { - int d_fd; +@@ -32,8 +33,8 @@ + #include <openssl/bn.h> - #ifdef USE_CRYPTODEV_DIGESTS -- char dummy_mac_key[HASH_MAX_LEN]; + #if (defined(__unix__) || defined(unix)) && !defined(USG) && \ +- (defined(OpenBSD) || defined(__FreeBSD__)) +-# include <sys/param.h> ++ (defined(OpenBSD) || defined(__FreeBSD__)) ++#include <sys/param.h> + # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) + # define HAVE_CRYPTODEV + # endif +@@ -44,39 +45,40 @@ + + #ifndef HAVE_CRYPTODEV + +-void ENGINE_load_cryptodev(void) ++void ++ENGINE_load_cryptodev(void) + { +- /* This is a NOP on platforms without /dev/crypto */ +- return; ++ /* This is a NOP on platforms without /dev/crypto */ ++ return; + } + +-#else - -- unsigned char digest_res[HASH_MAX_LEN]; +-# include <sys/types.h> +-# include <crypto/cryptodev.h> +-# include <openssl/dh.h> +-# include <openssl/dsa.h> +-# include <openssl/err.h> +-# include <openssl/rsa.h> +-# include <sys/ioctl.h> +-# include <errno.h> +-# include <stdio.h> +-# include <unistd.h> +-# include <fcntl.h> +-# include <stdarg.h> +-# include <syslog.h> +-# include <errno.h> +-# include <string.h> ++#else ++ ++#include <sys/types.h> ++#include <crypto/cryptodev.h> ++#include <crypto/dh/dh.h> ++#include <crypto/dsa/dsa.h> ++#include <crypto/err/err.h> ++#include <crypto/rsa/rsa.h> ++#include <sys/ioctl.h> ++#include <errno.h> ++#include <stdio.h> ++#include <unistd.h> ++#include <fcntl.h> ++#include <stdarg.h> ++#include <syslog.h> ++#include <errno.h> ++#include <string.h> + + struct dev_crypto_state { +- struct session_op d_sess; +- int d_fd; +-# ifdef USE_CRYPTODEV_DIGESTS +- char dummy_mac_key[HASH_MAX_LEN]; +- unsigned char digest_res[HASH_MAX_LEN]; +- char *mac_data; +- int mac_len; +-# endif ++ struct session_op d_sess; ++ int d_fd; ++ ++#ifdef USE_CRYPTODEV_DIGESTS + unsigned char digest_res[64]; - char *mac_data; - int mac_len; - #endif -@@ -157,15 +156,21 @@ static struct { ++ char *mac_data; ++ int mac_len; ++#endif + }; + + static u_int32_t cryptodev_asymfeat = 0; +@@ -85,196 +87,153 @@ static int get_asym_dev_crypto(void); + static int open_dev_crypto(void); + static int get_dev_crypto(void); + static int get_cryptodev_ciphers(const int **cnids); +-# ifdef USE_CRYPTODEV_DIGESTS ++#ifdef USE_CRYPTODEV_DIGESTS + static int get_cryptodev_digests(const int **cnids); +-# endif ++#endif + static int cryptodev_usable_ciphers(const int **nids); + static int cryptodev_usable_digests(const int **nids); + static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, size_t inl); ++ const unsigned char *in, size_t inl); + static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc); ++ const unsigned char *iv, int enc); + static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); + static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, +- const int **nids, int nid); ++ const int **nids, int nid); + static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, +- const int **nids, int nid); ++ const int **nids, int nid); + static int bn2crparam(const BIGNUM *a, struct crparam *crp); + static int crparam2bn(struct crparam *crp, BIGNUM *a); + static void zapparams(struct crypt_kop *kop); + static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, +- int slen, BIGNUM *s); ++ int slen, BIGNUM *s); + + static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, +- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, +- BN_MONT_CTX *m_ctx); +-static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, +- BN_CTX *ctx); +-static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, +- BN_CTX *ctx); ++ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); ++static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, ++ RSA *rsa, BN_CTX *ctx); ++static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); + static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, +- const BIGNUM *p, const BIGNUM *m, +- BN_CTX *ctx, BN_MONT_CTX *m_ctx); ++ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); + static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, +- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, +- BIGNUM *p, BN_CTX *ctx, +- BN_MONT_CTX *mont); +-static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, +- DSA *dsa); ++ BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, ++ BN_CTX *ctx, BN_MONT_CTX *mont); ++static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, ++ int dlen, DSA *dsa); + static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, +- DSA_SIG *sig, DSA *dsa); ++ DSA_SIG *sig, DSA *dsa); + static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, +- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, +- BN_MONT_CTX *m_ctx); +-static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, +- DH *dh); ++ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, ++ BN_MONT_CTX *m_ctx); ++static int cryptodev_dh_compute_key(unsigned char *key, ++ const BIGNUM *pub_key, DH *dh); + static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, +- void (*f) (void)); ++ void (*f)(void)); + void ENGINE_load_cryptodev(void); + + static const ENGINE_CMD_DEFN cryptodev_defns[] = { +- {0, NULL, NULL, 0} ++ { 0, NULL, NULL, 0 } + }; + + static struct { +- int id; +- int nid; +- int ivmax; +- int keylen; ++ int id; ++ int nid; ++ int ivmax; ++ int keylen; + } ciphers[] = { +- { +- CRYPTO_ARC4, NID_rc4, 0, 16, +- }, +- { +- CRYPTO_DES_CBC, NID_des_cbc, 8, 8, +- }, +- { +- CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, +- }, +- { +- CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, +- }, +- { +- CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, +- }, +- { +- CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, +- }, +-# ifdef CRYPTO_AES_CTR +- { +- CRYPTO_AES_CTR, NID_aes_128_ctr, 14, 16, +- }, +- { +- CRYPTO_AES_CTR, NID_aes_192_ctr, 14, 24, +- }, +- { +- CRYPTO_AES_CTR, NID_aes_256_ctr, 14, 32, +- }, +-# endif +- { +- CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, +- }, +- { +- CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, +- }, +- { +- CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, +- }, +- { +- 0, NID_undef, 0, 0, +- }, ++ { CRYPTO_ARC4, NID_rc4, 0, 16, }, ++ { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, ++ { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, ++ { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, ++ { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, ++ { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, ++ { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, ++ { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, ++ { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, ++ { 0, NID_undef, 0, 0, }, + }; + +-# ifdef USE_CRYPTODEV_DIGESTS ++#ifdef USE_CRYPTODEV_DIGESTS static struct { - int id; - int nid; -- int keylen; +- int id; +- int nid; +- int keylen; ++ int id; ++ int nid; + int digestlen; } digests[] = { +- { +- CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16 +- }, +- { +- CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20 +- }, +- { +- CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16 +- /* ? */ +- }, +- { +- CRYPTO_MD5_KPDK, NID_undef, 0 +- }, +- { +- CRYPTO_SHA1_KPDK, NID_undef, 0 +- }, +- { +- CRYPTO_MD5, NID_md5, 16 +- }, +- { +- CRYPTO_SHA1, NID_sha1, 20 +- }, +- { +- 0, NID_undef, 0 +- }, +#if 0 + /* HMAC is not supported */ - { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16}, - { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20}, -- { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16/*?*/}, -- { CRYPTO_MD5_KPDK, NID_undef, 0}, -- { CRYPTO_SHA1_KPDK, NID_undef, 0}, ++ { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16}, ++ { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20}, + { CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA256, 32}, + { CRYPTO_SHA2_384_HMAC, NID_hmacWithSHA384, 48}, + { CRYPTO_SHA2_512_HMAC, NID_hmacWithSHA512, 64}, +#endif - { CRYPTO_MD5, NID_md5, 16}, - { CRYPTO_SHA1, NID_sha1, 20}, ++ { CRYPTO_MD5, NID_md5, 16}, ++ { CRYPTO_SHA1, NID_sha1, 20}, + { CRYPTO_SHA2_256, NID_sha256, 32}, + { CRYPTO_SHA2_384, NID_sha384, 48}, + { CRYPTO_SHA2_512, NID_sha512, 64}, - { 0, NID_undef, 0}, ++ { 0, NID_undef, 0}, }; - #endif -@@ -182,7 +187,7 @@ open_dev_crypto(void) - if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) - return (-1); - /* close on exec */ -- if (fcntl(fd, F_SETFD, 1) == -1) { +-# endif ++#endif + + /* + * Return a fd if /dev/crypto seems usable, 0 otherwise. + */ +-static int open_dev_crypto(void) ++static int ++open_dev_crypto(void) + { +- static int fd = -1; ++ static int fd = -1; + +- if (fd == -1) { +- if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) +- return (-1); +- /* close on exec */ +- if (fcntl(fd, F_SETFD, 1) == -1) { +- close(fd); +- fd = -1; +- return (-1); +- } +- } +- return (fd); ++ if (fd == -1) { ++ if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) ++ return (-1); ++ /* close on exec */ + if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) { - close(fd); - fd = -1; - return (-1); -@@ -243,13 +248,14 @@ get_cryptodev_ciphers(const int **cnids) - static int nids[CRYPTO_ALGORITHM_MAX]; - struct session_op sess; - int fd, i, count = 0; ++ close(fd); ++ fd = -1; ++ return (-1); ++ } ++ } ++ return (fd); + } + +-static int get_dev_crypto(void) ++static int ++get_dev_crypto(void) + { +- int fd, retfd; ++ int fd, retfd; + +- if ((fd = open_dev_crypto()) == -1) +- return (-1); +-# ifndef CRIOGET_NOT_NEEDED +- if (ioctl(fd, CRIOGET, &retfd) == -1) +- return (-1); ++ if ((fd = open_dev_crypto()) == -1) ++ return (-1); ++#ifndef CRIOGET_NOT_NEEDED ++ if (ioctl(fd, CRIOGET, &retfd) == -1) ++ return (-1); + +- /* close on exec */ +- if (fcntl(retfd, F_SETFD, 1) == -1) { +- close(retfd); +- return (-1); +- } +-# else +- retfd = fd; +-# endif +- return (retfd); ++ /* close on exec */ ++ if (fcntl(retfd, F_SETFD, 1) == -1) { ++ close(retfd); ++ return (-1); ++ } ++#else ++ retfd = fd; ++#endif ++ return (retfd); + } + + static void put_dev_crypto(int fd) + { +-# ifndef CRIOGET_NOT_NEEDED +- close(fd); +-# endif ++#ifndef CRIOGET_NOT_NEEDED ++ close(fd); ++#endif + } + + /* Caching version for asym operations */ +-static int get_asym_dev_crypto(void) ++static int ++get_asym_dev_crypto(void) + { +- static int fd = -1; ++ static int fd = -1; + +- if (fd == -1) +- fd = get_dev_crypto(); +- return fd; ++ if (fd == -1) ++ fd = get_dev_crypto(); ++ return fd; + } + + /* +@@ -283,76 +242,80 @@ static int get_asym_dev_crypto(void) + * returning them here is harmless, as long as we return NULL + * when asked for a handler in the cryptodev_engine_ciphers routine + */ +-static int get_cryptodev_ciphers(const int **cnids) ++static int ++get_cryptodev_ciphers(const int **cnids) + { +- static int nids[CRYPTO_ALGORITHM_MAX]; +- struct session_op sess; +- int fd, i, count = 0; ++ static int nids[CRYPTO_ALGORITHM_MAX]; ++ struct session_op sess; ++ int fd, i, count = 0; + unsigned char fake_key[EVP_MAX_KEY_LENGTH]; - if ((fd = get_dev_crypto()) < 0) { - *cnids = NULL; - return (0); - } - memset(&sess, 0, sizeof(sess)); -- sess.key = (caddr_t)"123456789abcdefghijklmno"; +- if ((fd = get_dev_crypto()) < 0) { +- *cnids = NULL; +- return (0); +- } +- memset(&sess, 0, sizeof(sess)); +- sess.key = (caddr_t) "123456789abcdefghijklmno"; ++ if ((fd = get_dev_crypto()) < 0) { ++ *cnids = NULL; ++ return (0); ++ } ++ memset(&sess, 0, sizeof(sess)); + sess.key = (void*)fake_key; - for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { - if (ciphers[i].nid == NID_undef) -@@ -281,6 +287,7 @@ static int - get_cryptodev_digests(const int **cnids) +- for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { +- if (ciphers[i].nid == NID_undef) +- continue; +- sess.cipher = ciphers[i].id; +- sess.keylen = ciphers[i].keylen; +- sess.mac = 0; +- if (ioctl(fd, CIOCGSESSION, &sess) != -1 && +- ioctl(fd, CIOCFSESSION, &sess.ses) != -1) +- nids[count++] = ciphers[i].nid; +- } +- put_dev_crypto(fd); ++ for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { ++ if (ciphers[i].nid == NID_undef) ++ continue; ++ sess.cipher = ciphers[i].id; ++ sess.keylen = ciphers[i].keylen; ++ sess.mac = 0; ++ if (ioctl(fd, CIOCGSESSION, &sess) != -1 && ++ ioctl(fd, CIOCFSESSION, &sess.ses) != -1) ++ nids[count++] = ciphers[i].nid; ++ } ++ put_dev_crypto(fd); + +- if (count > 0) +- *cnids = nids; +- else +- *cnids = NULL; +- return (count); ++ if (count > 0) ++ *cnids = nids; ++ else ++ *cnids = NULL; ++ return (count); + } + +-# ifdef USE_CRYPTODEV_DIGESTS ++#ifdef USE_CRYPTODEV_DIGESTS + /* + * Find out what digests /dev/crypto will let us have a session for. + * XXX note, that some of these openssl doesn't deal with yet! + * returning them here is harmless, as long as we return NULL + * when asked for a handler in the cryptodev_engine_digests routine + */ +-static int get_cryptodev_digests(const int **cnids) ++static int ++get_cryptodev_digests(const int **cnids) { - static int nids[CRYPTO_ALGORITHM_MAX]; +- static int nids[CRYPTO_ALGORITHM_MAX]; +- struct session_op sess; +- int fd, i, count = 0; ++ static int nids[CRYPTO_ALGORITHM_MAX]; + unsigned char fake_key[EVP_MAX_KEY_LENGTH]; - struct session_op sess; - int fd, i, count = 0; - -@@ -289,12 +296,12 @@ get_cryptodev_digests(const int **cnids) - return (0); - } - memset(&sess, 0, sizeof(sess)); -- sess.mackey = (caddr_t)"123456789abcdefghijklmno"; ++ struct session_op sess; ++ int fd, i, count = 0; + +- if ((fd = get_dev_crypto()) < 0) { +- *cnids = NULL; +- return (0); +- } +- memset(&sess, 0, sizeof(sess)); +- sess.mackey = (caddr_t) "123456789abcdefghijklmno"; +- for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { +- if (digests[i].nid == NID_undef) +- continue; +- sess.mac = digests[i].id; +- sess.mackeylen = digests[i].keylen; +- sess.cipher = 0; +- if (ioctl(fd, CIOCGSESSION, &sess) != -1 && +- ioctl(fd, CIOCFSESSION, &sess.ses) != -1) +- nids[count++] = digests[i].nid; +- } +- put_dev_crypto(fd); ++ if ((fd = get_dev_crypto()) < 0) { ++ *cnids = NULL; ++ return (0); ++ } ++ memset(&sess, 0, sizeof(sess)); + sess.mackey = fake_key; - for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { - if (digests[i].nid == NID_undef) - continue; - sess.mac = digests[i].id; -- sess.mackeylen = digests[i].keylen; ++ for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { ++ if (digests[i].nid == NID_undef) ++ continue; ++ sess.mac = digests[i].id; + sess.mackeylen = 8; - sess.cipher = 0; - if (ioctl(fd, CIOCGSESSION, &sess) != -1 && - ioctl(fd, CIOCFSESSION, &sess.ses) != -1) -@@ -382,14 +389,14 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, un - cryp.ses = sess->ses; - cryp.flags = 0; - cryp.len = inl; -- cryp.src = (caddr_t) in; -- cryp.dst = (caddr_t) out; ++ sess.cipher = 0; ++ if (ioctl(fd, CIOCGSESSION, &sess) != -1 && ++ ioctl(fd, CIOCFSESSION, &sess.ses) != -1) ++ nids[count++] = digests[i].nid; ++ } ++ put_dev_crypto(fd); + +- if (count > 0) +- *cnids = nids; +- else +- *cnids = NULL; +- return (count); ++ if (count > 0) ++ *cnids = nids; ++ else ++ *cnids = NULL; ++ return (count); + } +-# endif /* 0 */ ++#endif /* 0 */ + + /* + * Find the useable ciphers|digests from dev/crypto - this is the first +@@ -375,158 +338,161 @@ static int get_cryptodev_digests(const i + * want most of the decisions made about what we actually want + * to use from /dev/crypto. + */ +-static int cryptodev_usable_ciphers(const int **nids) ++static int ++cryptodev_usable_ciphers(const int **nids) + { +- return (get_cryptodev_ciphers(nids)); ++ return (get_cryptodev_ciphers(nids)); + } + +-static int cryptodev_usable_digests(const int **nids) ++static int ++cryptodev_usable_digests(const int **nids) + { +-# ifdef USE_CRYPTODEV_DIGESTS +- return (get_cryptodev_digests(nids)); +-# else +- /* +- * XXXX just disable all digests for now, because it sucks. +- * we need a better way to decide this - i.e. I may not +- * want digests on slow cards like hifn on fast machines, +- * but might want them on slow or loaded machines, etc. +- * will also want them when using crypto cards that don't +- * suck moose gonads - would be nice to be able to decide something +- * as reasonable default without having hackery that's card dependent. +- * of course, the default should probably be just do everything, +- * with perhaps a sysctl to turn algoritms off (or have them off +- * by default) on cards that generally suck like the hifn. +- */ +- *nids = NULL; +- return (0); +-# endif ++#ifdef USE_CRYPTODEV_DIGESTS ++ return (get_cryptodev_digests(nids)); ++#else ++ /* ++ * XXXX just disable all digests for now, because it sucks. ++ * we need a better way to decide this - i.e. I may not ++ * want digests on slow cards like hifn on fast machines, ++ * but might want them on slow or loaded machines, etc. ++ * will also want them when using crypto cards that don't ++ * suck moose gonads - would be nice to be able to decide something ++ * as reasonable default without having hackery that's card dependent. ++ * of course, the default should probably be just do everything, ++ * with perhaps a sysctl to turn algoritms off (or have them off ++ * by default) on cards that generally suck like the hifn. ++ */ ++ *nids = NULL; ++ return (0); ++#endif + } + + static int + cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, size_t inl) ++ const unsigned char *in, size_t inl) + { +- struct crypt_op cryp; +- struct dev_crypto_state *state = ctx->cipher_data; +- struct session_op *sess = &state->d_sess; +- const void *iiv; +- unsigned char save_iv[EVP_MAX_IV_LENGTH]; ++ struct crypt_op cryp; ++ struct dev_crypto_state *state = ctx->cipher_data; ++ struct session_op *sess = &state->d_sess; ++ const void *iiv; ++ unsigned char save_iv[EVP_MAX_IV_LENGTH]; + +- if (state->d_fd < 0) +- return (0); +- if (!inl) +- return (1); +- if ((inl % ctx->cipher->block_size) != 0) +- return (0); ++ if (state->d_fd < 0) ++ return (0); ++ if (!inl) ++ return (1); ++ if ((inl % ctx->cipher->block_size) != 0) ++ return (0); + +- memset(&cryp, 0, sizeof(cryp)); ++ memset(&cryp, 0, sizeof(cryp)); + +- cryp.ses = sess->ses; +- cryp.flags = 0; +- cryp.len = inl; +- cryp.src = (caddr_t) in; +- cryp.dst = (caddr_t) out; +- cryp.mac = 0; ++ cryp.ses = sess->ses; ++ cryp.flags = 0; ++ cryp.len = inl; + cryp.src = (void*) in; + cryp.dst = (void*) out; - cryp.mac = 0; ++ cryp.mac = 0; - cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; +- cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; ++ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; - if (ctx->cipher->iv_len) { -- cryp.iv = (caddr_t) ctx->iv; +- if (ctx->cipher->iv_len) { +- cryp.iv = (caddr_t) ctx->iv; +- if (!ctx->encrypt) { +- iiv = in + inl - ctx->cipher->iv_len; +- memcpy(save_iv, iiv, ctx->cipher->iv_len); +- } +- } else +- cryp.iv = NULL; ++ if (ctx->cipher->iv_len) { + cryp.iv = (void*) ctx->iv; - if (!ctx->encrypt) { - iiv = in + inl - ctx->cipher->iv_len; - memcpy(save_iv, iiv, ctx->cipher->iv_len); -@@ -440,7 +447,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, - if ((state->d_fd = get_dev_crypto()) < 0) - return (0); - -- sess->key = (caddr_t)key; ++ if (!ctx->encrypt) { ++ iiv = in + inl - ctx->cipher->iv_len; ++ memcpy(save_iv, iiv, ctx->cipher->iv_len); ++ } ++ } else ++ cryp.iv = NULL; + +- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) { +- /* +- * XXX need better errror handling this can fail for a number of +- * different reasons. +- */ +- return (0); +- } ++ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) { ++ /* XXX need better errror handling ++ * this can fail for a number of different reasons. ++ */ ++ return (0); ++ } + +- if (ctx->cipher->iv_len) { +- if (ctx->encrypt) +- iiv = out + inl - ctx->cipher->iv_len; +- else +- iiv = save_iv; +- memcpy(ctx->iv, iiv, ctx->cipher->iv_len); +- } +- return (1); ++ if (ctx->cipher->iv_len) { ++ if (ctx->encrypt) ++ iiv = out + inl - ctx->cipher->iv_len; ++ else ++ iiv = save_iv; ++ memcpy(ctx->iv, iiv, ctx->cipher->iv_len); ++ } ++ return (1); + } + + static int + cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc) ++ const unsigned char *iv, int enc) + { +- struct dev_crypto_state *state = ctx->cipher_data; +- struct session_op *sess = &state->d_sess; +- int cipher = -1, i; ++ struct dev_crypto_state *state = ctx->cipher_data; ++ struct session_op *sess = &state->d_sess; ++ int cipher = -1, i; + +- for (i = 0; ciphers[i].id; i++) +- if (ctx->cipher->nid == ciphers[i].nid && +- ctx->cipher->iv_len <= ciphers[i].ivmax && +- ctx->key_len == ciphers[i].keylen) { +- cipher = ciphers[i].id; +- break; +- } ++ for (i = 0; ciphers[i].id; i++) ++ if (ctx->cipher->nid == ciphers[i].nid && ++ ctx->cipher->iv_len <= ciphers[i].ivmax && ++ ctx->key_len == ciphers[i].keylen) { ++ cipher = ciphers[i].id; ++ break; ++ } + +- if (!ciphers[i].id) { +- state->d_fd = -1; +- return (0); +- } ++ if (!ciphers[i].id) { ++ state->d_fd = -1; ++ return (0); ++ } + +- memset(sess, 0, sizeof(struct session_op)); ++ memset(sess, 0, sizeof(struct session_op)); + +- if ((state->d_fd = get_dev_crypto()) < 0) +- return (0); ++ if ((state->d_fd = get_dev_crypto()) < 0) ++ return (0); + +- sess->key = (caddr_t) key; +- sess->keylen = ctx->key_len; +- sess->cipher = cipher; + sess->key = (void*)key; - sess->keylen = ctx->key_len; - sess->cipher = cipher; ++ sess->keylen = ctx->key_len; ++ sess->cipher = cipher; -@@ -660,18 +667,6 @@ digest_nid_to_cryptodev(int nid) +- if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { +- put_dev_crypto(state->d_fd); +- state->d_fd = -1; +- return (0); +- } +- return (1); ++ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { ++ put_dev_crypto(state->d_fd); ++ state->d_fd = -1; ++ return (0); ++ } ++ return (1); } + /* + * free anything we allocated earlier when initting a + * session, and close the session. + */ +-static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx) ++static int ++cryptodev_cleanup(EVP_CIPHER_CTX *ctx) + { +- int ret = 0; +- struct dev_crypto_state *state = ctx->cipher_data; +- struct session_op *sess = &state->d_sess; ++ int ret = 0; ++ struct dev_crypto_state *state = ctx->cipher_data; ++ struct session_op *sess = &state->d_sess; --static int --digest_key_length(int nid) --{ -- int i; +- if (state->d_fd < 0) +- return (0); ++ if (state->d_fd < 0) ++ return (0); + +- /* +- * XXX if this ioctl fails, someting's wrong. the invoker may have called +- * us with a bogus ctx, or we could have a device that for whatever +- * reason just doesn't want to play ball - it's not clear what's right +- * here - should this be an error? should it just increase a counter, +- * hmm. For right now, we return 0 - I don't believe that to be "right". +- * we could call the gorpy openssl lib error handlers that print messages +- * to users of the library. hmm.. +- */ ++ /* XXX if this ioctl fails, someting's wrong. the invoker ++ * may have called us with a bogus ctx, or we could ++ * have a device that for whatever reason just doesn't ++ * want to play ball - it's not clear what's right ++ * here - should this be an error? should it just ++ * increase a counter, hmm. For right now, we return ++ * 0 - I don't believe that to be "right". we could ++ * call the gorpy openssl lib error handlers that ++ * print messages to users of the library. hmm.. ++ */ + +- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) { +- ret = 0; +- } else { +- ret = 1; +- } +- put_dev_crypto(state->d_fd); +- state->d_fd = -1; ++ if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) { ++ ret = 0; ++ } else { ++ ret = 1; ++ } ++ put_dev_crypto(state->d_fd); ++ state->d_fd = -1; + +- return (ret); ++ return (ret); + } + + /* +@@ -536,151 +502,111 @@ static int cryptodev_cleanup(EVP_CIPHER_ + + /* RC4 */ + const EVP_CIPHER cryptodev_rc4 = { +- NID_rc4, +- 1, 16, 0, +- EVP_CIPH_VARIABLE_LENGTH, +- cryptodev_init_key, +- cryptodev_cipher, +- cryptodev_cleanup, +- sizeof(struct dev_crypto_state), +- NULL, +- NULL, +- NULL ++ NID_rc4, ++ 1, 16, 0, ++ EVP_CIPH_VARIABLE_LENGTH, ++ cryptodev_init_key, ++ cryptodev_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ NULL, ++ NULL, ++ NULL + }; + + /* DES CBC EVP */ + const EVP_CIPHER cryptodev_des_cbc = { +- NID_des_cbc, +- 8, 8, 8, +- EVP_CIPH_CBC_MODE, +- cryptodev_init_key, +- cryptodev_cipher, +- cryptodev_cleanup, +- sizeof(struct dev_crypto_state), +- EVP_CIPHER_set_asn1_iv, +- EVP_CIPHER_get_asn1_iv, +- NULL ++ NID_des_cbc, ++ 8, 8, 8, ++ EVP_CIPH_CBC_MODE, ++ cryptodev_init_key, ++ cryptodev_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ NULL + }; + + /* 3DES CBC EVP */ + const EVP_CIPHER cryptodev_3des_cbc = { +- NID_des_ede3_cbc, +- 8, 24, 8, +- EVP_CIPH_CBC_MODE, +- cryptodev_init_key, +- cryptodev_cipher, +- cryptodev_cleanup, +- sizeof(struct dev_crypto_state), +- EVP_CIPHER_set_asn1_iv, +- EVP_CIPHER_get_asn1_iv, +- NULL ++ NID_des_ede3_cbc, ++ 8, 24, 8, ++ EVP_CIPH_CBC_MODE, ++ cryptodev_init_key, ++ cryptodev_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ NULL + }; + + const EVP_CIPHER cryptodev_bf_cbc = { +- NID_bf_cbc, +- 8, 16, 8, +- EVP_CIPH_CBC_MODE, +- cryptodev_init_key, +- cryptodev_cipher, +- cryptodev_cleanup, +- sizeof(struct dev_crypto_state), +- EVP_CIPHER_set_asn1_iv, +- EVP_CIPHER_get_asn1_iv, +- NULL ++ NID_bf_cbc, ++ 8, 16, 8, ++ EVP_CIPH_CBC_MODE, ++ cryptodev_init_key, ++ cryptodev_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ NULL + }; + + const EVP_CIPHER cryptodev_cast_cbc = { +- NID_cast5_cbc, +- 8, 16, 8, +- EVP_CIPH_CBC_MODE, +- cryptodev_init_key, +- cryptodev_cipher, +- cryptodev_cleanup, +- sizeof(struct dev_crypto_state), +- EVP_CIPHER_set_asn1_iv, +- EVP_CIPHER_get_asn1_iv, +- NULL ++ NID_cast5_cbc, ++ 8, 16, 8, ++ EVP_CIPH_CBC_MODE, ++ cryptodev_init_key, ++ cryptodev_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ NULL + }; + + const EVP_CIPHER cryptodev_aes_cbc = { +- NID_aes_128_cbc, +- 16, 16, 16, +- EVP_CIPH_CBC_MODE, +- cryptodev_init_key, +- cryptodev_cipher, +- cryptodev_cleanup, +- sizeof(struct dev_crypto_state), +- EVP_CIPHER_set_asn1_iv, +- EVP_CIPHER_get_asn1_iv, +- NULL ++ NID_aes_128_cbc, ++ 16, 16, 16, ++ EVP_CIPH_CBC_MODE, ++ cryptodev_init_key, ++ cryptodev_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ NULL + }; + + const EVP_CIPHER cryptodev_aes_192_cbc = { +- NID_aes_192_cbc, +- 16, 24, 16, +- EVP_CIPH_CBC_MODE, +- cryptodev_init_key, +- cryptodev_cipher, +- cryptodev_cleanup, +- sizeof(struct dev_crypto_state), +- EVP_CIPHER_set_asn1_iv, +- EVP_CIPHER_get_asn1_iv, +- NULL ++ NID_aes_192_cbc, ++ 16, 24, 16, ++ EVP_CIPH_CBC_MODE, ++ cryptodev_init_key, ++ cryptodev_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ NULL + }; + + const EVP_CIPHER cryptodev_aes_256_cbc = { +- NID_aes_256_cbc, +- 16, 32, 16, +- EVP_CIPH_CBC_MODE, +- cryptodev_init_key, +- cryptodev_cipher, +- cryptodev_cleanup, +- sizeof(struct dev_crypto_state), +- EVP_CIPHER_set_asn1_iv, +- EVP_CIPHER_get_asn1_iv, +- NULL +-}; - -- for (i = 0; digests[i].id; i++) -- if (digests[i].nid == nid) -- return digests[i].keylen; -- return (0); --} +-# ifdef CRYPTO_AES_CTR +-const EVP_CIPHER cryptodev_aes_ctr = { +- NID_aes_128_ctr, +- 16, 16, 14, +- EVP_CIPH_CTR_MODE, +- cryptodev_init_key, +- cryptodev_cipher, +- cryptodev_cleanup, +- sizeof(struct dev_crypto_state), +- EVP_CIPHER_set_asn1_iv, +- EVP_CIPHER_get_asn1_iv, +- NULL +-}; - +-const EVP_CIPHER cryptodev_aes_ctr_192 = { +- NID_aes_192_ctr, +- 16, 24, 14, +- EVP_CIPH_CTR_MODE, +- cryptodev_init_key, +- cryptodev_cipher, +- cryptodev_cleanup, +- sizeof(struct dev_crypto_state), +- EVP_CIPHER_set_asn1_iv, +- EVP_CIPHER_get_asn1_iv, +- NULL ++ NID_aes_256_cbc, ++ 16, 32, 16, ++ EVP_CIPH_CBC_MODE, ++ cryptodev_init_key, ++ cryptodev_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ NULL + }; + +-const EVP_CIPHER cryptodev_aes_ctr_256 = { +- NID_aes_256_ctr, +- 16, 32, 14, +- EVP_CIPH_CTR_MODE, +- cryptodev_init_key, +- cryptodev_cipher, +- cryptodev_cleanup, +- sizeof(struct dev_crypto_state), +- EVP_CIPHER_set_asn1_iv, +- EVP_CIPHER_get_asn1_iv, +- NULL +-}; +-# endif + /* + * Registered by the ENGINE when used to find out how to deal with + * a particular NID in the ENGINE. this says what we'll do at the +@@ -688,316 +614,353 @@ const EVP_CIPHER cryptodev_aes_ctr_256 = + */ + static int + cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, +- const int **nids, int nid) ++ const int **nids, int nid) + { +- if (!cipher) +- return (cryptodev_usable_ciphers(nids)); ++ if (!cipher) ++ return (cryptodev_usable_ciphers(nids)); + +- switch (nid) { +- case NID_rc4: +- *cipher = &cryptodev_rc4; +- break; +- case NID_des_ede3_cbc: +- *cipher = &cryptodev_3des_cbc; +- break; +- case NID_des_cbc: +- *cipher = &cryptodev_des_cbc; +- break; +- case NID_bf_cbc: +- *cipher = &cryptodev_bf_cbc; +- break; +- case NID_cast5_cbc: +- *cipher = &cryptodev_cast_cbc; +- break; +- case NID_aes_128_cbc: +- *cipher = &cryptodev_aes_cbc; +- break; +- case NID_aes_192_cbc: +- *cipher = &cryptodev_aes_192_cbc; +- break; +- case NID_aes_256_cbc: +- *cipher = &cryptodev_aes_256_cbc; +- break; +-# ifdef CRYPTO_AES_CTR +- case NID_aes_128_ctr: +- *cipher = &cryptodev_aes_ctr; +- break; +- case NID_aes_192_ctr: +- *cipher = &cryptodev_aes_ctr_192; +- break; +- case NID_aes_256_ctr: +- *cipher = &cryptodev_aes_ctr_256; +- break; +-# endif +- default: +- *cipher = NULL; +- break; +- } +- return (*cipher != NULL); ++ switch (nid) { ++ case NID_rc4: ++ *cipher = &cryptodev_rc4; ++ break; ++ case NID_des_ede3_cbc: ++ *cipher = &cryptodev_3des_cbc; ++ break; ++ case NID_des_cbc: ++ *cipher = &cryptodev_des_cbc; ++ break; ++ case NID_bf_cbc: ++ *cipher = &cryptodev_bf_cbc; ++ break; ++ case NID_cast5_cbc: ++ *cipher = &cryptodev_cast_cbc; ++ break; ++ case NID_aes_128_cbc: ++ *cipher = &cryptodev_aes_cbc; ++ break; ++ case NID_aes_192_cbc: ++ *cipher = &cryptodev_aes_192_cbc; ++ break; ++ case NID_aes_256_cbc: ++ *cipher = &cryptodev_aes_256_cbc; ++ break; ++ default: ++ *cipher = NULL; ++ break; ++ } ++ return (*cipher != NULL); + } + +-# ifdef USE_CRYPTODEV_DIGESTS ++ ++#ifdef USE_CRYPTODEV_DIGESTS + + /* convert digest type to cryptodev */ +-static int digest_nid_to_cryptodev(int nid) ++static int ++digest_nid_to_cryptodev(int nid) + { +- int i; ++ int i; + +- for (i = 0; digests[i].id; i++) +- if (digests[i].nid == nid) +- return (digests[i].id); +- return (0); ++ for (i = 0; digests[i].id; i++) ++ if (digests[i].nid == nid) ++ return (digests[i].id); ++ return (0); + } + +-static int digest_key_length(int nid) +-{ +- int i; - +- for (i = 0; digests[i].id; i++) +- if (digests[i].nid == nid) +- return digests[i].keylen; +- return (0); +-} + static int cryptodev_digest_init(EVP_MD_CTX *ctx) { - struct dev_crypto_state *state = ctx->md_data; -@@ -682,7 +677,6 @@ static int cryptodev_digest_init(EVP_MD_ - printf("cryptodev_digest_init: Can't get digest \n"); - return (0); - } +- struct dev_crypto_state *state = ctx->md_data; +- struct session_op *sess = &state->d_sess; +- int digest; - - memset(state, 0, sizeof(struct dev_crypto_state)); +- if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef) { +- printf("cryptodev_digest_init: Can't get digest \n"); +- return (0); +- } ++ struct dev_crypto_state *state = ctx->md_data; ++ struct session_op *sess = &state->d_sess; ++ int digest; + +- memset(state, 0, sizeof(struct dev_crypto_state)); ++ if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){ ++ printf("cryptodev_digest_init: Can't get digest \n"); ++ return (0); ++ } ++ memset(state, 0, sizeof(struct dev_crypto_state)); - if ((state->d_fd = get_dev_crypto()) < 0) { -@@ -690,8 +684,8 @@ static int cryptodev_digest_init(EVP_MD_ - return (0); - } +- if ((state->d_fd = get_dev_crypto()) < 0) { +- printf("cryptodev_digest_init: Can't get Dev \n"); +- return (0); +- } ++ if ((state->d_fd = get_dev_crypto()) < 0) { ++ printf("cryptodev_digest_init: Can't get Dev \n"); ++ return (0); ++ } -- sess->mackey = state->dummy_mac_key; -- sess->mackeylen = digest_key_length(ctx->digest->type); +- sess->mackey = state->dummy_mac_key; +- sess->mackeylen = digest_key_length(ctx->digest->type); +- sess->mac = digest; + sess->mackey = NULL; + sess->mackeylen = 0; - sess->mac = digest; ++ sess->mac = digest; + +- if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { +- put_dev_crypto(state->d_fd); +- state->d_fd = -1; +- printf("cryptodev_digest_init: Open session failed\n"); +- return (0); +- } ++ if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { ++ put_dev_crypto(state->d_fd); ++ state->d_fd = -1; ++ printf("cryptodev_digest_init: Open session failed\n"); ++ return (0); ++ } + +- return (1); ++ return (1); + } - if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { -@@ -707,8 +701,8 @@ static int cryptodev_digest_init(EVP_MD_ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, - size_t count) +- size_t count) ++ size_t count) { -- struct crypt_op cryp; - struct dev_crypto_state *state = ctx->md_data; +- struct crypt_op cryp; +- struct dev_crypto_state *state = ctx->md_data; +- struct session_op *sess = &state->d_sess; +- +- if (!data || state->d_fd < 0) { +- printf("cryptodev_digest_update: illegal inputs \n"); +- return (0); +- } ++ struct dev_crypto_state *state = ctx->md_data; + struct crypt_op cryp; - struct session_op *sess = &state->d_sess; ++ struct session_op *sess = &state->d_sess; - if (!data || state->d_fd < 0) { -@@ -717,7 +711,7 @@ static int cryptodev_digest_update(EVP_M - } +- if (!count) { +- return (0); +- } ++ if (!data || state->d_fd < 0) { ++ printf("cryptodev_digest_update: illegal inputs \n"); ++ return (0); ++ } - if (!count) { -- return (0); +- if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { +- /* if application doesn't support one buffer */ +- state->mac_data = +- OPENSSL_realloc(state->mac_data, state->mac_len + count); ++ if (!count) { + return (1); - } - - if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { -@@ -740,9 +734,9 @@ static int cryptodev_digest_update(EVP_M - cryp.ses = sess->ses; - cryp.flags = 0; - cryp.len = count; -- cryp.src = (caddr_t) data; ++ } + +- if (!state->mac_data) { +- printf("cryptodev_digest_update: realloc failed\n"); +- return (0); +- } ++ if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { ++ /* if application doesn't support one buffer */ ++ state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count); + +- memcpy(state->mac_data + state->mac_len, data, count); +- state->mac_len += count; ++ if (!state->mac_data) { ++ printf("cryptodev_digest_update: realloc failed\n"); ++ return (0); ++ } + +- return (1); +- } ++ memcpy(state->mac_data + state->mac_len, data, count); ++ state->mac_len += count; ++ ++ return (1); ++ } + +- memset(&cryp, 0, sizeof(cryp)); ++ memset(&cryp, 0, sizeof(cryp)); + +- cryp.ses = sess->ses; +- cryp.flags = 0; +- cryp.len = count; +- cryp.src = (caddr_t) data; +- cryp.dst = NULL; +- cryp.mac = (caddr_t) state->digest_res; +- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { +- printf("cryptodev_digest_update: digest failed\n"); +- return (0); +- } +- return (1); ++ cryp.ses = sess->ses; ++ cryp.flags = 0; ++ cryp.len = count; + cryp.src = (void*) data; - cryp.dst = NULL; -- cryp.mac = (caddr_t) state->digest_res; ++ cryp.dst = NULL; + cryp.mac = (void*) state->digest_res; - if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { - printf("cryptodev_digest_update: digest failed\n"); - return (0); -@@ -757,8 +751,6 @@ static int cryptodev_digest_final(EVP_MD - struct dev_crypto_state *state = ctx->md_data; - struct session_op *sess = &state->d_sess; - -- int ret = 1; ++ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { ++ printf("cryptodev_digest_update: digest failed\n"); ++ return (0); ++ } ++ return (1); + } + ++ + static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) + { +- struct crypt_op cryp; +- struct dev_crypto_state *state = ctx->md_data; +- struct session_op *sess = &state->d_sess; - - if (!md || state->d_fd < 0) { - printf("cryptodev_digest_final: illegal input\n"); - return(0); -@@ -772,7 +764,7 @@ static int cryptodev_digest_final(EVP_MD - cryp.len = state->mac_len; - cryp.src = state->mac_data; - cryp.dst = NULL; -- cryp.mac = (caddr_t)md; +- int ret = 1; ++ struct crypt_op cryp; ++ struct dev_crypto_state *state = ctx->md_data; ++ struct session_op *sess = &state->d_sess; + +- if (!md || state->d_fd < 0) { +- printf("cryptodev_digest_final: illegal input\n"); +- return (0); +- } ++ if (!md || state->d_fd < 0) { ++ printf("cryptodev_digest_final: illegal input\n"); ++ return(0); ++ } + +- if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { +- /* if application doesn't support one buffer */ +- memset(&cryp, 0, sizeof(cryp)); +- cryp.ses = sess->ses; +- cryp.flags = 0; +- cryp.len = state->mac_len; +- cryp.src = state->mac_data; +- cryp.dst = NULL; +- cryp.mac = (caddr_t) md; +- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { +- printf("cryptodev_digest_final: digest failed\n"); +- return (0); +- } ++ if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) { ++ /* if application doesn't support one buffer */ ++ memset(&cryp, 0, sizeof(cryp)); ++ cryp.ses = sess->ses; ++ cryp.flags = 0; ++ cryp.len = state->mac_len; ++ cryp.src = state->mac_data; ++ cryp.dst = NULL; + cryp.mac = (void*)md; - if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { - printf("cryptodev_digest_final: digest failed\n"); - return (0); -@@ -783,7 +775,7 @@ static int cryptodev_digest_final(EVP_MD ++ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { ++ printf("cryptodev_digest_final: digest failed\n"); ++ return (0); ++ } - memcpy(md, state->digest_res, ctx->digest->md_size); +- return 1; +- } ++ return 1; ++ } -- return (ret); +- memcpy(md, state->digest_res, ctx->digest->md_size); ++ memcpy(md, state->digest_res, ctx->digest->md_size); + +- return (ret); + return 1; } ++ + static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx) + { +- int ret = 1; +- struct dev_crypto_state *state = ctx->md_data; +- struct session_op *sess = &state->d_sess; ++ int ret = 1; ++ struct dev_crypto_state *state = ctx->md_data; ++ struct session_op *sess = &state->d_sess; + +- if (state == NULL) +- return 0; ++ if (state == NULL) ++ return 0; -@@ -835,8 +827,8 @@ static int cryptodev_digest_copy(EVP_MD_ +- if (state->d_fd < 0) { +- printf("cryptodev_digest_cleanup: illegal input\n"); +- return (0); +- } ++ if (state->d_fd < 0) { ++ printf("cryptodev_digest_cleanup: illegal input\n"); ++ return (0); ++ } - digest = digest_nid_to_cryptodev(to->digest->type); +- if (state->mac_data) { +- OPENSSL_free(state->mac_data); +- state->mac_data = NULL; +- state->mac_len = 0; +- } ++ if (state->mac_data) { ++ OPENSSL_free(state->mac_data); ++ state->mac_data = NULL; ++ state->mac_len = 0; ++ } -- sess->mackey = dstate->dummy_mac_key; -- sess->mackeylen = digest_key_length(to->digest->type); +- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) { +- printf("cryptodev_digest_cleanup: failed to close session\n"); +- ret = 0; +- } else { +- ret = 1; +- } +- put_dev_crypto(state->d_fd); +- state->d_fd = -1; ++ if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) { ++ printf("cryptodev_digest_cleanup: failed to close session\n"); ++ ret = 0; ++ } else { ++ ret = 1; ++ } ++ put_dev_crypto(state->d_fd); ++ state->d_fd = -1; + +- return (ret); ++ return (ret); + } + +-static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) ++static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from) + { +- struct dev_crypto_state *fstate = from->md_data; +- struct dev_crypto_state *dstate = to->md_data; +- struct session_op *sess; +- int digest; ++ struct dev_crypto_state *fstate = from->md_data; ++ struct dev_crypto_state *dstate = to->md_data; ++ struct session_op *sess; ++ int digest; + +- if (dstate == NULL || fstate == NULL) +- return 1; ++ if (dstate == NULL || fstate == NULL) ++ return 1; + +- memcpy(dstate, fstate, sizeof(struct dev_crypto_state)); ++ memcpy(dstate, fstate, sizeof(struct dev_crypto_state)); + +- sess = &dstate->d_sess; ++ sess = &dstate->d_sess; + +- digest = digest_nid_to_cryptodev(to->digest->type); ++ digest = digest_nid_to_cryptodev(to->digest->type); + +- sess->mackey = dstate->dummy_mac_key; +- sess->mackeylen = digest_key_length(to->digest->type); +- sess->mac = digest; + sess->mackey = NULL; + sess->mackeylen = 0; - sess->mac = digest; ++ sess->mac = digest; - dstate->d_fd = get_dev_crypto(); -@@ -861,34 +853,79 @@ static int cryptodev_digest_copy(EVP_MD_ - } +- dstate->d_fd = get_dev_crypto(); ++ dstate->d_fd = get_dev_crypto(); +- if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) { +- put_dev_crypto(dstate->d_fd); +- dstate->d_fd = -1; +- printf("cryptodev_digest_init: Open session failed\n"); +- return (0); +- } ++ if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) { ++ put_dev_crypto(dstate->d_fd); ++ dstate->d_fd = -1; ++ printf("cryptodev_digest_init: Open session failed\n"); ++ return (0); ++ } + +- if (fstate->mac_len != 0) { +- if (fstate->mac_data != NULL) { +- dstate->mac_data = OPENSSL_malloc(fstate->mac_len); +- memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len); +- dstate->mac_len = fstate->mac_len; +- } +- } ++ if (fstate->mac_len != 0) { ++ if (fstate->mac_data != NULL) ++ { ++ dstate->mac_data = OPENSSL_malloc(fstate->mac_len); ++ memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len); ++ dstate->mac_len = fstate->mac_len; ++ } ++ } + +- return 1; ++ return 1; + } -const EVP_MD cryptodev_sha1 = { +- NID_sha1, +- NID_undef, +- SHA_DIGEST_LENGTH, +- EVP_MD_FLAG_ONESHOT, +- cryptodev_digest_init, +- cryptodev_digest_update, +- cryptodev_digest_final, +- cryptodev_digest_copy, +- cryptodev_digest_cleanup, +- EVP_PKEY_NULL_method, +- SHA_CBLOCK, +- sizeof(struct dev_crypto_state), ++ +static const EVP_MD cryptodev_sha1 = { - NID_sha1, -- NID_undef, ++ NID_sha1, + NID_sha1WithRSAEncryption, - SHA_DIGEST_LENGTH, -- EVP_MD_FLAG_ONESHOT, ++ SHA_DIGEST_LENGTH, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, - cryptodev_digest_init, - cryptodev_digest_update, - cryptodev_digest_final, - cryptodev_digest_copy, - cryptodev_digest_cleanup, -- EVP_PKEY_NULL_method, ++ cryptodev_digest_init, ++ cryptodev_digest_update, ++ cryptodev_digest_final, ++ cryptodev_digest_copy, ++ cryptodev_digest_cleanup, + EVP_PKEY_RSA_method, - SHA_CBLOCK, -- sizeof(struct dev_crypto_state), ++ SHA_CBLOCK, + sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), }; -const EVP_MD cryptodev_md5 = { +- NID_md5, +- NID_undef, +- 16 /* MD5_DIGEST_LENGTH */ , +- EVP_MD_FLAG_ONESHOT, +- cryptodev_digest_init, +- cryptodev_digest_update, +- cryptodev_digest_final, +- cryptodev_digest_copy, +- cryptodev_digest_cleanup, +- EVP_PKEY_NULL_method, +- 64 /* MD5_CBLOCK */ , +- sizeof(struct dev_crypto_state), +static const EVP_MD cryptodev_sha256 = { + NID_sha256, + NID_sha256WithRSAEncryption, @@ -265,8 +1517,9 @@ + EVP_PKEY_RSA_method, + SHA256_CBLOCK, + sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), -+}; -+ + }; + +-# endif /* USE_CRYPTODEV_DIGESTS */ +static const EVP_MD cryptodev_sha384 = { + NID_sha384, + NID_sha384WithRSAEncryption, @@ -298,29 +1551,55 @@ +}; + +static const EVP_MD cryptodev_md5 = { - NID_md5, -- NID_undef, ++ NID_md5, + NID_md5WithRSAEncryption, - 16 /* MD5_DIGEST_LENGTH */, -- EVP_MD_FLAG_ONESHOT, ++ 16 /* MD5_DIGEST_LENGTH */, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, - cryptodev_digest_init, - cryptodev_digest_update, - cryptodev_digest_final, - cryptodev_digest_copy, - cryptodev_digest_cleanup, -- EVP_PKEY_NULL_method, ++ cryptodev_digest_init, ++ cryptodev_digest_update, ++ cryptodev_digest_final, ++ cryptodev_digest_copy, ++ cryptodev_digest_cleanup, + EVP_PKEY_RSA_method, - 64 /* MD5_CBLOCK */, -- sizeof(struct dev_crypto_state), ++ 64 /* MD5_CBLOCK */, + sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), - }; ++}; ++ ++#endif /* USE_CRYPTODEV_DIGESTS */ ++ - #endif /* USE_CRYPTODEV_DIGESTS */ -@@ -909,6 +946,15 @@ cryptodev_engine_digests(ENGINE *e, cons - case NID_sha1: - *digest = &cryptodev_sha1; - break; + static int + cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, +- const int **nids, int nid) ++ const int **nids, int nid) + { +- if (!digest) +- return (cryptodev_usable_digests(nids)); ++ if (!digest) ++ return (cryptodev_usable_digests(nids)); + +- switch (nid) { +-# ifdef USE_CRYPTODEV_DIGESTS +- case NID_md5: +- *digest = &cryptodev_md5; +- break; +- case NID_sha1: +- *digest = &cryptodev_sha1; +- break; +- default: +-# endif /* USE_CRYPTODEV_DIGESTS */ +- *digest = NULL; +- break; +- } +- return (*digest != NULL); ++ switch (nid) { ++#ifdef USE_CRYPTODEV_DIGESTS ++ case NID_md5: ++ *digest = &cryptodev_md5; ++ break; ++ case NID_sha1: ++ *digest = &cryptodev_sha1; ++ break; + case NID_sha256: + *digest = &cryptodev_sha256; + break; @@ -330,51 +1609,931 @@ + case NID_sha512: + *digest = &cryptodev_sha512; + break; - default: - #endif /* USE_CRYPTODEV_DIGESTS */ - *digest = NULL; -@@ -940,7 +986,7 @@ bn2crparam(const BIGNUM *a, struct crpar - return (1); - memset(b, 0, bytes); - -- crp->crp_p = (caddr_t) b; ++ default: ++#endif /* USE_CRYPTODEV_DIGESTS */ ++ *digest = NULL; ++ break; ++ } ++ return (*digest != NULL); + } + + /* +@@ -1005,423 +968,419 @@ cryptodev_engine_digests(ENGINE *e, cons + * Upon completion of use, the caller is responsible for freeing + * crp->crp_p. + */ +-static int bn2crparam(const BIGNUM *a, struct crparam *crp) ++static int ++bn2crparam(const BIGNUM *a, struct crparam *crp) + { +- int i, j, k; +- ssize_t bytes, bits; +- u_char *b; ++ int i, j, k; ++ ssize_t bytes, bits; ++ u_char *b; + +- crp->crp_p = NULL; +- crp->crp_nbits = 0; ++ crp->crp_p = NULL; ++ crp->crp_nbits = 0; + +- bits = BN_num_bits(a); +- bytes = (bits + 7) / 8; ++ bits = BN_num_bits(a); ++ bytes = (bits + 7) / 8; + +- b = malloc(bytes); +- if (b == NULL) +- return (1); +- memset(b, 0, bytes); ++ b = malloc(bytes); ++ if (b == NULL) ++ return (1); ++ memset(b, 0, bytes); + +- crp->crp_p = (caddr_t) b; +- crp->crp_nbits = bits; + crp->crp_p = (void*) b; - crp->crp_nbits = bits; ++ crp->crp_nbits = bits; + +- for (i = 0, j = 0; i < a->top; i++) { +- for (k = 0; k < BN_BITS2 / 8; k++) { +- if ((j + k) >= bytes) +- return (0); +- b[j + k] = a->d[i] >> (k * 8); +- } +- j += BN_BITS2 / 8; +- } +- return (0); ++ for (i = 0, j = 0; i < a->top; i++) { ++ for (k = 0; k < BN_BITS2 / 8; k++) { ++ if ((j + k) >= bytes) ++ return (0); ++ b[j + k] = a->d[i] >> (k * 8); ++ } ++ j += BN_BITS2 / 8; ++ } ++ return (0); + } + + /* Convert a /dev/crypto parameter to a BIGNUM */ +-static int crparam2bn(struct crparam *crp, BIGNUM *a) ++static int ++crparam2bn(struct crparam *crp, BIGNUM *a) + { +- u_int8_t *pd; +- int i, bytes; ++ u_int8_t *pd; ++ int i, bytes; + +- bytes = (crp->crp_nbits + 7) / 8; ++ bytes = (crp->crp_nbits + 7) / 8; + +- if (bytes == 0) +- return (-1); ++ if (bytes == 0) ++ return (-1); + +- if ((pd = (u_int8_t *) malloc(bytes)) == NULL) +- return (-1); ++ if ((pd = (u_int8_t *) malloc(bytes)) == NULL) ++ return (-1); + +- for (i = 0; i < bytes; i++) +- pd[i] = crp->crp_p[bytes - i - 1]; ++ for (i = 0; i < bytes; i++) ++ pd[i] = crp->crp_p[bytes - i - 1]; + +- BN_bin2bn(pd, bytes, a); +- free(pd); ++ BN_bin2bn(pd, bytes, a); ++ free(pd); + +- return (0); ++ return (0); + } + +-static void zapparams(struct crypt_kop *kop) ++static void ++zapparams(struct crypt_kop *kop) + { +- int i; ++ int i; + +- for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) { +- if (kop->crk_param[i].crp_p) +- free(kop->crk_param[i].crp_p); +- kop->crk_param[i].crp_p = NULL; +- kop->crk_param[i].crp_nbits = 0; +- } ++ for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) { ++ if (kop->crk_param[i].crp_p) ++ free(kop->crk_param[i].crp_p); ++ kop->crk_param[i].crp_p = NULL; ++ kop->crk_param[i].crp_nbits = 0; ++ } + } + + static int +-cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, +- BIGNUM *s) ++cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) + { +- int fd, ret = -1; ++ int fd, ret = -1; + +- if ((fd = get_asym_dev_crypto()) < 0) +- return (ret); ++ if ((fd = get_asym_dev_crypto()) < 0) ++ return (ret); + +- if (r) { +- kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); +- kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; +- kop->crk_oparams++; +- } +- if (s) { +- kop->crk_param[kop->crk_iparams + 1].crp_p = +- calloc(slen, sizeof(char)); +- kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8; +- kop->crk_oparams++; +- } ++ if (r) { ++ kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); ++ kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; ++ kop->crk_oparams++; ++ } ++ if (s) { ++ kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char)); ++ kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8; ++ kop->crk_oparams++; ++ } + +- if (ioctl(fd, CIOCKEY, kop) == 0) { +- if (r) +- crparam2bn(&kop->crk_param[kop->crk_iparams], r); +- if (s) +- crparam2bn(&kop->crk_param[kop->crk_iparams + 1], s); +- ret = 0; +- } ++ if (ioctl(fd, CIOCKEY, kop) == 0) { ++ if (r) ++ crparam2bn(&kop->crk_param[kop->crk_iparams], r); ++ if (s) ++ crparam2bn(&kop->crk_param[kop->crk_iparams+1], s); ++ ret = 0; ++ } + +- return (ret); ++ return (ret); + } + + static int + cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) ++ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) + { +- struct crypt_kop kop; +- int ret = 1; ++ struct crypt_kop kop; ++ int ret = 1; + +- /* +- * Currently, we know we can do mod exp iff we can do any asymmetric +- * operations at all. +- */ +- if (cryptodev_asymfeat == 0) { +- ret = BN_mod_exp(r, a, p, m, ctx); +- return (ret); +- } ++ /* Currently, we know we can do mod exp iff we can do any ++ * asymmetric operations at all. ++ */ ++ if (cryptodev_asymfeat == 0) { ++ ret = BN_mod_exp(r, a, p, m, ctx); ++ return (ret); ++ } + +- memset(&kop, 0, sizeof kop); +- kop.crk_op = CRK_MOD_EXP; ++ memset(&kop, 0, sizeof kop); ++ kop.crk_op = CRK_MOD_EXP; + +- /* inputs: a^p % m */ +- if (bn2crparam(a, &kop.crk_param[0])) +- goto err; +- if (bn2crparam(p, &kop.crk_param[1])) +- goto err; +- if (bn2crparam(m, &kop.crk_param[2])) +- goto err; +- kop.crk_iparams = 3; ++ /* inputs: a^p % m */ ++ if (bn2crparam(a, &kop.crk_param[0])) ++ goto err; ++ if (bn2crparam(p, &kop.crk_param[1])) ++ goto err; ++ if (bn2crparam(m, &kop.crk_param[2])) ++ goto err; ++ kop.crk_iparams = 3; + +- if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) { +- const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); +- printf("OCF asym process failed, Running in software\n"); +- ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); ++ if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) { ++ const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); ++ printf("OCF asym process failed, Running in software\n"); ++ ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); + +- } else if (ECANCELED == kop.crk_status) { +- const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); +- printf("OCF hardware operation cancelled. Running in Software\n"); +- ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); +- } +- /* else cryptodev operation worked ok ==> ret = 1 */ ++ } else if (ECANCELED == kop.crk_status) { ++ const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); ++ printf("OCF hardware operation cancelled. Running in Software\n"); ++ ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); ++ } ++ /* else cryptodev operation worked ok ==> ret = 1*/ + +- err: +- zapparams(&kop); +- return (ret); ++err: ++ zapparams(&kop); ++ return (ret); + } + + static int +-cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, +- BN_CTX *ctx) ++cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) + { +- int r; +- ctx = BN_CTX_new(); +- r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); +- BN_CTX_free(ctx); +- return (r); ++ int r; ++ ctx = BN_CTX_new(); ++ r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); ++ BN_CTX_free(ctx); ++ return (r); + } + + static int + cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) + { +- struct crypt_kop kop; +- int ret = 1; ++ struct crypt_kop kop; ++ int ret = 1; + +- if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { +- /* XXX 0 means failure?? */ +- return (0); +- } ++ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { ++ /* XXX 0 means failure?? */ ++ return (0); ++ } + +- memset(&kop, 0, sizeof kop); +- kop.crk_op = CRK_MOD_EXP_CRT; +- /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ +- if (bn2crparam(rsa->p, &kop.crk_param[0])) +- goto err; +- if (bn2crparam(rsa->q, &kop.crk_param[1])) +- goto err; +- if (bn2crparam(I, &kop.crk_param[2])) +- goto err; +- if (bn2crparam(rsa->dmp1, &kop.crk_param[3])) +- goto err; +- if (bn2crparam(rsa->dmq1, &kop.crk_param[4])) +- goto err; +- if (bn2crparam(rsa->iqmp, &kop.crk_param[5])) +- goto err; +- kop.crk_iparams = 6; ++ memset(&kop, 0, sizeof kop); ++ kop.crk_op = CRK_MOD_EXP_CRT; ++ /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ ++ if (bn2crparam(rsa->p, &kop.crk_param[0])) ++ goto err; ++ if (bn2crparam(rsa->q, &kop.crk_param[1])) ++ goto err; ++ if (bn2crparam(I, &kop.crk_param[2])) ++ goto err; ++ if (bn2crparam(rsa->dmp1, &kop.crk_param[3])) ++ goto err; ++ if (bn2crparam(rsa->dmq1, &kop.crk_param[4])) ++ goto err; ++ if (bn2crparam(rsa->iqmp, &kop.crk_param[5])) ++ goto err; ++ kop.crk_iparams = 6; + +- if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) { +- const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); +- printf("OCF asym process failed, running in Software\n"); +- ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx); ++ if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) { ++ const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); ++ printf("OCF asym process failed, running in Software\n"); ++ ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); + +- } else if (ECANCELED == kop.crk_status) { +- const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); +- printf("OCF hardware operation cancelled. Running in Software\n"); +- ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx); +- } +- /* else cryptodev operation worked ok ==> ret = 1 */ ++ } else if (ECANCELED == kop.crk_status) { ++ const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); ++ printf("OCF hardware operation cancelled. Running in Software\n"); ++ ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); ++ } ++ /* else cryptodev operation worked ok ==> ret = 1*/ + +- err: +- zapparams(&kop); +- return (ret); ++err: ++ zapparams(&kop); ++ return (ret); + } + + static RSA_METHOD cryptodev_rsa = { +- "cryptodev RSA method", +- NULL, /* rsa_pub_enc */ +- NULL, /* rsa_pub_dec */ +- NULL, /* rsa_priv_enc */ +- NULL, /* rsa_priv_dec */ +- NULL, +- NULL, +- NULL, /* init */ +- NULL, /* finish */ +- 0, /* flags */ +- NULL, /* app_data */ +- NULL, /* rsa_sign */ +- NULL /* rsa_verify */ ++ "cryptodev RSA method", ++ NULL, /* rsa_pub_enc */ ++ NULL, /* rsa_pub_dec */ ++ NULL, /* rsa_priv_enc */ ++ NULL, /* rsa_priv_dec */ ++ NULL, ++ NULL, ++ NULL, /* init */ ++ NULL, /* finish */ ++ 0, /* flags */ ++ NULL, /* app_data */ ++ NULL, /* rsa_sign */ ++ NULL /* rsa_verify */ + }; + + static int + cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) ++ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) + { +- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); ++ return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); + } + + static int + cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, +- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, +- BN_CTX *ctx, BN_MONT_CTX *mont) ++ BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, ++ BN_CTX *ctx, BN_MONT_CTX *mont) + { +- BIGNUM t2; +- int ret = 0; ++ BIGNUM t2; ++ int ret = 0; + +- BN_init(&t2); ++ BN_init(&t2); + +- /* v = ( g^u1 * y^u2 mod p ) mod q */ +- /* let t1 = g ^ u1 mod p */ +- ret = 0; ++ /* v = ( g^u1 * y^u2 mod p ) mod q */ ++ /* let t1 = g ^ u1 mod p */ ++ ret = 0; + +- if (!dsa->meth->bn_mod_exp(dsa, t1, dsa->g, u1, dsa->p, ctx, mont)) +- goto err; ++ if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont)) ++ goto err; + +- /* let t2 = y ^ u2 mod p */ +- if (!dsa->meth->bn_mod_exp(dsa, &t2, dsa->pub_key, u2, dsa->p, ctx, mont)) +- goto err; +- /* let u1 = t1 * t2 mod p */ +- if (!BN_mod_mul(u1, t1, &t2, dsa->p, ctx)) +- goto err; ++ /* let t2 = y ^ u2 mod p */ ++ if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont)) ++ goto err; ++ /* let u1 = t1 * t2 mod p */ ++ if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx)) ++ goto err; - for (i = 0, j = 0; i < a->top; i++) { -@@ -1193,7 +1239,7 @@ cryptodev_dsa_do_sign(const unsigned cha - kop.crk_op = CRK_DSA_SIGN; +- BN_copy(t1, u1); ++ BN_copy(t1,u1); - /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ -- kop.crk_param[0].crp_p = (caddr_t)dgst; +- ret = 1; +- err: +- BN_free(&t2); +- return (ret); ++ ret = 1; ++err: ++ BN_free(&t2); ++ return(ret); + } + +-static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, +- DSA *dsa) ++static DSA_SIG * ++cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) + { +- struct crypt_kop kop; +- BIGNUM *r = NULL, *s = NULL; +- DSA_SIG *dsaret = NULL; ++ struct crypt_kop kop; ++ BIGNUM *r = NULL, *s = NULL; ++ DSA_SIG *dsaret = NULL; + +- if ((r = BN_new()) == NULL) +- goto err; +- if ((s = BN_new()) == NULL) { +- BN_free(r); +- goto err; +- } ++ if ((r = BN_new()) == NULL) ++ goto err; ++ if ((s = BN_new()) == NULL) { ++ BN_free(r); ++ goto err; ++ } + +- memset(&kop, 0, sizeof kop); +- kop.crk_op = CRK_DSA_SIGN; ++ memset(&kop, 0, sizeof kop); ++ kop.crk_op = CRK_DSA_SIGN; + +- /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ +- kop.crk_param[0].crp_p = (caddr_t) dgst; +- kop.crk_param[0].crp_nbits = dlen * 8; +- if (bn2crparam(dsa->p, &kop.crk_param[1])) +- goto err; +- if (bn2crparam(dsa->q, &kop.crk_param[2])) +- goto err; +- if (bn2crparam(dsa->g, &kop.crk_param[3])) +- goto err; +- if (bn2crparam(dsa->priv_key, &kop.crk_param[4])) +- goto err; +- kop.crk_iparams = 5; ++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ + kop.crk_param[0].crp_p = (void*)dgst; - kop.crk_param[0].crp_nbits = dlen * 8; - if (bn2crparam(dsa->p, &kop.crk_param[1])) - goto err; -@@ -1233,7 +1279,7 @@ cryptodev_dsa_verify(const unsigned char - kop.crk_op = CRK_DSA_VERIFY; - - /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ -- kop.crk_param[0].crp_p = (caddr_t)dgst; ++ kop.crk_param[0].crp_nbits = dlen * 8; ++ if (bn2crparam(dsa->p, &kop.crk_param[1])) ++ goto err; ++ if (bn2crparam(dsa->q, &kop.crk_param[2])) ++ goto err; ++ if (bn2crparam(dsa->g, &kop.crk_param[3])) ++ goto err; ++ if (bn2crparam(dsa->priv_key, &kop.crk_param[4])) ++ goto err; ++ kop.crk_iparams = 5; + +- if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r, +- BN_num_bytes(dsa->q), s) == 0) { +- dsaret = DSA_SIG_new(); +- dsaret->r = r; +- dsaret->s = s; +- } else { +- const DSA_METHOD *meth = DSA_OpenSSL(); +- BN_free(r); +- BN_free(s); +- dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa); +- } +- err: +- kop.crk_param[0].crp_p = NULL; +- zapparams(&kop); +- return (dsaret); ++ if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r, ++ BN_num_bytes(dsa->q), s) == 0) { ++ dsaret = DSA_SIG_new(); ++ dsaret->r = r; ++ dsaret->s = s; ++ } else { ++ const DSA_METHOD *meth = DSA_OpenSSL(); ++ BN_free(r); ++ BN_free(s); ++ dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa); ++ } ++err: ++ kop.crk_param[0].crp_p = NULL; ++ zapparams(&kop); ++ return (dsaret); + } + + static int + cryptodev_dsa_verify(const unsigned char *dgst, int dlen, +- DSA_SIG *sig, DSA *dsa) ++ DSA_SIG *sig, DSA *dsa) + { +- struct crypt_kop kop; +- int dsaret = 1; ++ struct crypt_kop kop; ++ int dsaret = 1; + +- memset(&kop, 0, sizeof kop); +- kop.crk_op = CRK_DSA_VERIFY; ++ memset(&kop, 0, sizeof kop); ++ kop.crk_op = CRK_DSA_VERIFY; + +- /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ +- kop.crk_param[0].crp_p = (caddr_t) dgst; +- kop.crk_param[0].crp_nbits = dlen * 8; +- if (bn2crparam(dsa->p, &kop.crk_param[1])) +- goto err; +- if (bn2crparam(dsa->q, &kop.crk_param[2])) +- goto err; +- if (bn2crparam(dsa->g, &kop.crk_param[3])) +- goto err; +- if (bn2crparam(dsa->pub_key, &kop.crk_param[4])) +- goto err; +- if (bn2crparam(sig->r, &kop.crk_param[5])) +- goto err; +- if (bn2crparam(sig->s, &kop.crk_param[6])) +- goto err; +- kop.crk_iparams = 7; ++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ + kop.crk_param[0].crp_p = (void*)dgst; - kop.crk_param[0].crp_nbits = dlen * 8; - if (bn2crparam(dsa->p, &kop.crk_param[1])) - goto err; -@@ -1311,7 +1357,7 @@ cryptodev_dh_compute_key(unsigned char * - goto err; - kop.crk_iparams = 3; - -- kop.crk_param[3].crp_p = (caddr_t) key; ++ kop.crk_param[0].crp_nbits = dlen * 8; ++ if (bn2crparam(dsa->p, &kop.crk_param[1])) ++ goto err; ++ if (bn2crparam(dsa->q, &kop.crk_param[2])) ++ goto err; ++ if (bn2crparam(dsa->g, &kop.crk_param[3])) ++ goto err; ++ if (bn2crparam(dsa->pub_key, &kop.crk_param[4])) ++ goto err; ++ if (bn2crparam(sig->r, &kop.crk_param[5])) ++ goto err; ++ if (bn2crparam(sig->s, &kop.crk_param[6])) ++ goto err; ++ kop.crk_iparams = 7; + +- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { +- /* +- * OCF success value is 0, if not zero, change dsaret to fail +- */ +- if (0 != kop.crk_status) +- dsaret = 0; +- } else { +- const DSA_METHOD *meth = DSA_OpenSSL(); ++ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { ++/*OCF success value is 0, if not zero, change dsaret to fail*/ ++ if(0 != kop.crk_status) dsaret = 0; ++ } else { ++ const DSA_METHOD *meth = DSA_OpenSSL(); + +- dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa); +- } +- err: +- kop.crk_param[0].crp_p = NULL; +- zapparams(&kop); +- return (dsaret); ++ dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa); ++ } ++err: ++ kop.crk_param[0].crp_p = NULL; ++ zapparams(&kop); ++ return (dsaret); + } + + static DSA_METHOD cryptodev_dsa = { +- "cryptodev DSA method", +- NULL, +- NULL, /* dsa_sign_setup */ +- NULL, +- NULL, /* dsa_mod_exp */ +- NULL, +- NULL, /* init */ +- NULL, /* finish */ +- 0, /* flags */ +- NULL /* app_data */ ++ "cryptodev DSA method", ++ NULL, ++ NULL, /* dsa_sign_setup */ ++ NULL, ++ NULL, /* dsa_mod_exp */ ++ NULL, ++ NULL, /* init */ ++ NULL, /* finish */ ++ 0, /* flags */ ++ NULL /* app_data */ + }; + + static int + cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, +- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, +- BN_MONT_CTX *m_ctx) ++ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, ++ BN_MONT_CTX *m_ctx) + { +- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); ++ return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); + } + + static int + cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) + { +- struct crypt_kop kop; +- int dhret = 1; +- int fd, keylen; ++ struct crypt_kop kop; ++ int dhret = 1; ++ int fd, keylen; + +- if ((fd = get_asym_dev_crypto()) < 0) { +- const DH_METHOD *meth = DH_OpenSSL(); ++ if ((fd = get_asym_dev_crypto()) < 0) { ++ const DH_METHOD *meth = DH_OpenSSL(); + +- return ((meth->compute_key) (key, pub_key, dh)); +- } ++ return ((meth->compute_key)(key, pub_key, dh)); ++ } + +- keylen = BN_num_bits(dh->p); ++ keylen = BN_num_bits(dh->p); + +- memset(&kop, 0, sizeof kop); +- kop.crk_op = CRK_DH_COMPUTE_KEY; ++ memset(&kop, 0, sizeof kop); ++ kop.crk_op = CRK_DH_COMPUTE_KEY; + +- /* inputs: dh->priv_key pub_key dh->p key */ +- if (bn2crparam(dh->priv_key, &kop.crk_param[0])) +- goto err; +- if (bn2crparam(pub_key, &kop.crk_param[1])) +- goto err; +- if (bn2crparam(dh->p, &kop.crk_param[2])) +- goto err; +- kop.crk_iparams = 3; ++ /* inputs: dh->priv_key pub_key dh->p key */ ++ if (bn2crparam(dh->priv_key, &kop.crk_param[0])) ++ goto err; ++ if (bn2crparam(pub_key, &kop.crk_param[1])) ++ goto err; ++ if (bn2crparam(dh->p, &kop.crk_param[2])) ++ goto err; ++ kop.crk_iparams = 3; + +- kop.crk_param[3].crp_p = (caddr_t) key; +- kop.crk_param[3].crp_nbits = keylen * 8; +- kop.crk_oparams = 1; + kop.crk_param[3].crp_p = (void*) key; - kop.crk_param[3].crp_nbits = keylen * 8; - kop.crk_oparams = 1; ++ kop.crk_param[3].crp_nbits = keylen * 8; ++ kop.crk_oparams = 1; + +- if (ioctl(fd, CIOCKEY, &kop) == -1) { +- const DH_METHOD *meth = DH_OpenSSL(); ++ if (ioctl(fd, CIOCKEY, &kop) == -1) { ++ const DH_METHOD *meth = DH_OpenSSL(); + +- dhret = (meth->compute_key) (key, pub_key, dh); +- } +- err: +- kop.crk_param[3].crp_p = NULL; +- zapparams(&kop); +- return (dhret); ++ dhret = (meth->compute_key)(key, pub_key, dh); ++ } ++err: ++ kop.crk_param[3].crp_p = NULL; ++ zapparams(&kop); ++ return (dhret); + } + + static DH_METHOD cryptodev_dh = { +- "cryptodev DH method", +- NULL, /* cryptodev_dh_generate_key */ +- NULL, +- NULL, +- NULL, +- NULL, +- 0, /* flags */ +- NULL /* app_data */ ++ "cryptodev DH method", ++ NULL, /* cryptodev_dh_generate_key */ ++ NULL, ++ NULL, ++ NULL, ++ NULL, ++ 0, /* flags */ ++ NULL /* app_data */ + }; + + /* +@@ -1429,104 +1388,109 @@ static DH_METHOD cryptodev_dh = { + * but I expect we'll want some options soon. + */ + static int +-cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) ++cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) + { +-# ifdef HAVE_SYSLOG_R +- struct syslog_data sd = SYSLOG_DATA_INIT; +-# endif ++#ifdef HAVE_SYSLOG_R ++ struct syslog_data sd = SYSLOG_DATA_INIT; ++#endif -@@ -1385,7 +1431,7 @@ ENGINE_load_cryptodev(void) - put_dev_crypto(fd); +- switch (cmd) { +- default: +-# ifdef HAVE_SYSLOG_R +- syslog_r(LOG_ERR, &sd, "cryptodev_ctrl: unknown command %d", cmd); +-# else +- syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd); +-# endif +- break; +- } +- return (1); ++ switch (cmd) { ++ default: ++#ifdef HAVE_SYSLOG_R ++ syslog_r(LOG_ERR, &sd, ++ "cryptodev_ctrl: unknown command %d", cmd); ++#else ++ syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd); ++#endif ++ break; ++ } ++ return (1); + } - if (!ENGINE_set_id(engine, "cryptodev") || -- !ENGINE_set_name(engine, "BSD cryptodev engine") || +-void ENGINE_load_cryptodev(void) ++void ++ENGINE_load_cryptodev(void) + { +- ENGINE *engine = ENGINE_new(); +- int fd; ++ ENGINE *engine = ENGINE_new(); ++ int fd; + +- if (engine == NULL) +- return; +- if ((fd = get_dev_crypto()) < 0) { +- ENGINE_free(engine); +- return; +- } ++ if (engine == NULL) ++ return; ++ if ((fd = get_dev_crypto()) < 0) { ++ ENGINE_free(engine); ++ return; ++ } + +- /* +- * find out what asymmetric crypto algorithms we support +- */ +- if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { +- put_dev_crypto(fd); +- ENGINE_free(engine); +- return; +- } +- put_dev_crypto(fd); ++ /* ++ * find out what asymmetric crypto algorithms we support ++ */ ++ if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { ++ put_dev_crypto(fd); ++ ENGINE_free(engine); ++ return; ++ } ++ put_dev_crypto(fd); + +- if (!ENGINE_set_id(engine, "cryptodev") || +- !ENGINE_set_name(engine, "BSD cryptodev engine") || +- !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || +- !ENGINE_set_digests(engine, cryptodev_engine_digests) || +- !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || +- !ENGINE_set_cmd_defns(engine, cryptodev_defns)) { +- ENGINE_free(engine); +- return; +- } ++ if (!ENGINE_set_id(engine, "cryptodev") || + !ENGINE_set_name(engine, "cryptodev engine") || - !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || - !ENGINE_set_digests(engine, cryptodev_engine_digests) || - !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || ++ !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || ++ !ENGINE_set_digests(engine, cryptodev_engine_digests) || ++ !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || ++ !ENGINE_set_cmd_defns(engine, cryptodev_defns)) { ++ ENGINE_free(engine); ++ return; ++ } + +- if (ENGINE_set_RSA(engine, &cryptodev_rsa)) { +- const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay(); ++ if (ENGINE_set_RSA(engine, &cryptodev_rsa)) { ++ const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay(); + +- cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp; +- cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp; +- cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc; +- cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec; +- cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc; +- cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; +- if (cryptodev_asymfeat & CRF_MOD_EXP) { +- cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp; +- if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) +- cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_mod_exp; +- else +- cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_nocrt_mod_exp; +- } +- } ++ cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp; ++ cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp; ++ cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc; ++ cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec; ++ cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc; ++ cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; ++ if (cryptodev_asymfeat & CRF_MOD_EXP) { ++ cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp; ++ if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) ++ cryptodev_rsa.rsa_mod_exp = ++ cryptodev_rsa_mod_exp; ++ else ++ cryptodev_rsa.rsa_mod_exp = ++ cryptodev_rsa_nocrt_mod_exp; ++ } ++ } + +- if (ENGINE_set_DSA(engine, &cryptodev_dsa)) { +- const DSA_METHOD *meth = DSA_OpenSSL(); ++ if (ENGINE_set_DSA(engine, &cryptodev_dsa)) { ++ const DSA_METHOD *meth = DSA_OpenSSL(); + +- memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); +- if (cryptodev_asymfeat & CRF_DSA_SIGN) +- cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; +- if (cryptodev_asymfeat & CRF_MOD_EXP) { +- cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp; +- cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp; +- } +- if (cryptodev_asymfeat & CRF_DSA_VERIFY) +- cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; +- } ++ memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); ++ if (cryptodev_asymfeat & CRF_DSA_SIGN) ++ cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; ++ if (cryptodev_asymfeat & CRF_MOD_EXP) { ++ cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp; ++ cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp; ++ } ++ if (cryptodev_asymfeat & CRF_DSA_VERIFY) ++ cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; ++ } + +- if (ENGINE_set_DH(engine, &cryptodev_dh)) { +- const DH_METHOD *dh_meth = DH_OpenSSL(); ++ if (ENGINE_set_DH(engine, &cryptodev_dh)){ ++ const DH_METHOD *dh_meth = DH_OpenSSL(); + +- cryptodev_dh.generate_key = dh_meth->generate_key; +- cryptodev_dh.compute_key = dh_meth->compute_key; +- cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp; +- if (cryptodev_asymfeat & CRF_MOD_EXP) { +- cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh; +- if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) +- cryptodev_dh.compute_key = cryptodev_dh_compute_key; +- } +- } ++ cryptodev_dh.generate_key = dh_meth->generate_key; ++ cryptodev_dh.compute_key = dh_meth->compute_key; ++ cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp; ++ if (cryptodev_asymfeat & CRF_MOD_EXP) { ++ cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh; ++ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) ++ cryptodev_dh.compute_key = ++ cryptodev_dh_compute_key; ++ } ++ } + +- ENGINE_add(engine); +- ENGINE_free(engine); +- ERR_clear_error(); ++ ENGINE_add(engine); ++ ENGINE_free(engine); ++ ERR_clear_error(); + } + +-#endif /* HAVE_CRYPTODEV */ ++#endif /* HAVE_CRYPTODEV */ |