PREFERRED_VERSION_qemu = "1.7+fsl"
-PREFERRED_VERSION_openssl = "1.0.1g"
+PREFERRED_VERSION_openssl = "1.0.1i"
-From f174dd904fb4995a89eed53be3e2ebf7bee25a9b Mon Sep 17 00:00:00 2001
+From 9297e3834518ff0558d6e7004a62adfd107e659a Mon Sep 17 00:00:00 2001
From: Cristian Stoica <cristian.stoica@freescale.com>
Date: Tue, 10 Sep 2013 12:46:46 +0300
-Subject: [PATCH][fsl 01/15] remove double initialization of cryptodev engine
-
-Upstream-status: Pending
+Subject: [PATCH 01/17] remove double initialization of cryptodev engine
cryptodev engine is initialized together with the other engines in
ENGINE_load_builtin_engines. The initialization done through
OpenSSL_add_all_algorithms is redundant.
+Change-Id: Ic9488500967595543ff846f147b36f383db7cb27
Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/17222
---
- crypto/engine/eng_all.c | 11 -----------
- crypto/engine/engine.h | 4 ----
- crypto/evp/c_all.c | 5 -----
- util/libeay.num | 2 +-
+ crypto/engine/eng_all.c | 11 -----------
+ crypto/engine/engine.h | 4 ----
+ crypto/evp/c_all.c | 5 -----
+ util/libeay.num | 2 +-
4 files changed, 1 insertion(+), 21 deletions(-)
diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES
FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION:
--
-1.7.9.7
+1.8.3.1
-From 1a8886909afc7e4c9e8539644c815baee8ee4816 Mon Sep 17 00:00:00 2001
+From dfd6ba263dc25ea2a4bbc32448b24ca2b1fc40e8 Mon Sep 17 00:00:00 2001
From: Cristian Stoica <cristian.stoica@freescale.com>
Date: Thu, 29 Aug 2013 16:51:18 +0300
-Subject: [PATCH][fsl 03/15] add support for TLS algorithms offload
+Subject: [PATCH 02/17] eng_cryptodev: add support for TLS algorithms offload
-Upstream-status: Pending
+- aes-128-cbc-hmac-sha1
+- aes-256-cbc-hmac-sha1
Requires TLS patches on cryptodev and TLS algorithm support in Linux
kernel driver.
+Change-Id: I43048caa348414daddd6c1a5cdc55e769ac1945f
Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/17223
---
- crypto/engine/eng_cryptodev.c | 204 ++++++++++++++++++++++++++++++++++++++---
- 1 file changed, 193 insertions(+), 11 deletions(-)
+ crypto/engine/eng_cryptodev.c | 222 +++++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 211 insertions(+), 11 deletions(-)
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 5a715ac..123613d 100644
+index 5a715ac..7588a28 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
@@ -72,6 +72,9 @@ ENGINE_load_cryptodev(void)
#ifdef USE_CRYPTODEV_DIGESTS
char dummy_mac_key[HASH_MAX_LEN];
-@@ -140,17 +143,19 @@ static struct {
+@@ -140,17 +143,20 @@ static struct {
int nid;
int ivmax;
int keylen;
+ { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0},
+ { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0},
+ { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
++ { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
+ { 0, NID_undef, 0, 0, 0},
};
#ifdef USE_CRYPTODEV_DIGESTS
-@@ -250,13 +255,15 @@ get_cryptodev_ciphers(const int **cnids)
+@@ -250,13 +256,15 @@ get_cryptodev_ciphers(const int **cnids)
}
memset(&sess, 0, sizeof(sess));
sess.key = (caddr_t)"123456789abcdefghijklmno";
if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
nids[count++] = ciphers[i].nid;
-@@ -414,6 +421,67 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+@@ -414,6 +422,67 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
return (1);
}
+ /* TODO: make a seamless integration with cryptodev flags */
+ switch (ctx->cipher->nid) {
+ case NID_aes_128_cbc_hmac_sha1:
++ case NID_aes_256_cbc_hmac_sha1:
+ cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
+ }
+ cryp.ses = sess->ses;
+ cryp.len = state->len;
-+ cryp.dst_len = len;
+ cryp.src = (caddr_t) in;
+ cryp.dst = (caddr_t) out;
+ cryp.auth_src = state->aad;
static int
cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
-@@ -452,6 +520,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+@@ -452,6 +521,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
return (1);
}
/*
* free anything we allocated earlier when initting a
* session, and close the session.
-@@ -488,6 +595,63 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
+@@ -488,6 +596,63 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
return (ret);
}
+ unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
+ unsigned int maclen, padlen;
+ unsigned int bs = ctx->cipher->block_size;
-+ int j;
+
+ state->aad = ptr;
+ state->aad_len = arg;
+ /* TODO: this should be an extension of EVP_CIPHER struct */
+ switch (ctx->cipher->nid) {
+ case NID_aes_128_cbc_hmac_sha1:
++ case NID_aes_256_cbc_hmac_sha1:
+ maclen = SHA_DIGEST_LENGTH;
+ }
+
/*
* libcrypto EVP stuff - this is how we get wired to EVP so the engine
* gets called when libcrypto requests a cipher NID.
-@@ -600,6 +764,20 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
+@@ -600,6 +765,33 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
NULL
};
+ NULL
+};
+
++const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
++ NID_aes_256_cbc_hmac_sha1,
++ 16, 32, 16,
++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++ cryptodev_init_aead_key,
++ cryptodev_aead_cipher,
++ cryptodev_cleanup,
++ sizeof(struct dev_crypto_state),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ cryptodev_cbc_hmac_sha1_ctrl,
++ NULL
++};
/*
* Registered by the ENGINE when used to find out how to deal with
* a particular NID in the ENGINE. this says what we'll do at the
-@@ -637,6 +815,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+@@ -637,6 +829,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
case NID_aes_256_cbc:
*cipher = &cryptodev_aes_256_cbc;
break;
+ case NID_aes_128_cbc_hmac_sha1:
+ *cipher = &cryptodev_aes_128_cbc_hmac_sha1;
++ break;
++ case NID_aes_256_cbc_hmac_sha1:
++ *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
+ break;
default:
*cipher = NULL;
break;
-@@ -1384,6 +1565,7 @@ ENGINE_load_cryptodev(void)
+@@ -1384,6 +1582,8 @@ ENGINE_load_cryptodev(void)
}
put_dev_crypto(fd);
+ EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
++ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
if (!ENGINE_set_id(engine, "cryptodev") ||
!ENGINE_set_name(engine, "BSD cryptodev engine") ||
!ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
--
-1.7.9.7
+1.8.3.1
--- /dev/null
+From 084fa469a8fef530d71a0870364df1c7997f6465 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Thu, 31 Jul 2014 14:06:19 +0300
+Subject: [PATCH 03/17] cryptodev: fix algorithm registration
+
+Cryptodev specific algorithms must register only if available in kernel.
+
+Change-Id: Iec5af8f4f3138357e4b96f2ec1627278134e4808
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/15326
+Reviewed-by: Horia Ioan Geanta Neag <horia.geanta@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/17224
+---
+ crypto/engine/eng_cryptodev.c | 20 +++++++++++++++++---
+ 1 file changed, 17 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 7588a28..e3eb98b 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -133,6 +133,8 @@ static int cryptodev_dh_compute_key(unsigned char *key,
+ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
+ void (*f)(void));
+ void ENGINE_load_cryptodev(void);
++const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
++const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
+
+ static const ENGINE_CMD_DEFN cryptodev_defns[] = {
+ { 0, NULL, NULL, 0 }
+@@ -342,7 +344,21 @@ get_cryptodev_digests(const int **cnids)
+ static int
+ cryptodev_usable_ciphers(const int **nids)
+ {
+- return (get_cryptodev_ciphers(nids));
++ int i, count;
++
++ count = get_cryptodev_ciphers(nids);
++ /* add ciphers specific to cryptodev if found in kernel */
++ for(i = 0; i < count; i++) {
++ switch (*(*nids + i)) {
++ case NID_aes_128_cbc_hmac_sha1:
++ EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
++ break;
++ case NID_aes_256_cbc_hmac_sha1:
++ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
++ break;
++ }
++ }
++ return count;
+ }
+
+ static int
+@@ -1582,8 +1598,6 @@ ENGINE_load_cryptodev(void)
+ }
+ put_dev_crypto(fd);
+
+- EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
+- EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
+ if (!ENGINE_set_id(engine, "cryptodev") ||
+ !ENGINE_set_name(engine, "BSD cryptodev engine") ||
+ !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
+--
+1.8.3.1
+
--- /dev/null
+From 7d770f0324498d1fa78300cc5cecc8c1dcd3b788 Mon Sep 17 00:00:00 2001
+From: Andy Polyakov <appro@openssl.org>
+Date: Sun, 21 Oct 2012 18:19:41 +0000
+Subject: [PATCH 04/17] linux-pcc: make it more robust and recognize
+ KERNEL_BITS variable.
+
+(cherry picked from commit 78c3e20579d3baa159c8b51b59d415b6e521614b)
+
+Change-Id: I769c466f052305681ab54a1b6545d94c7fbf5a9d
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ config | 19 +++++++++++++------
+ crypto/ppccap.c | 7 +++++++
+ 2 files changed, 20 insertions(+), 6 deletions(-)
+
+diff --git a/config b/config
+index 41fa2a6..f37b9e6 100755
+--- a/config
++++ b/config
+@@ -587,13 +587,20 @@ case "$GUESSOS" in
+ fi
+ ;;
+ ppc64-*-linux2)
+- echo "WARNING! If you wish to build 64-bit library, then you have to"
+- echo " invoke './Configure linux-ppc64' *manually*."
+- if [ "$TEST" = "false" -a -t 1 ]; then
+- echo " You have about 5 seconds to press Ctrl-C to abort."
+- (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
++ if [ -z "$KERNEL_BITS" ]; then
++ echo "WARNING! If you wish to build 64-bit library, then you have to"
++ echo " invoke './Configure linux-ppc64' *manually*."
++ if [ "$TEST" = "false" -a -t 1 ]; then
++ echo " You have about 5 seconds to press Ctrl-C to abort."
++ (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
++ fi
++ fi
++ if [ "$KERNEL_BITS" = "64" ]; then
++ OUT="linux-ppc64"
++ else
++ OUT="linux-ppc"
++ (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || options="$options -m32"
+ fi
+- OUT="linux-ppc"
+ ;;
+ ppc-*-linux2) OUT="linux-ppc" ;;
+ ppc60x-*-vxworks*) OUT="vxworks-ppc60x" ;;
+diff --git a/crypto/ppccap.c b/crypto/ppccap.c
+index f71ba66..531f1b3 100644
+--- a/crypto/ppccap.c
++++ b/crypto/ppccap.c
+@@ -4,6 +4,9 @@
+ #include <setjmp.h>
+ #include <signal.h>
+ #include <unistd.h>
++#ifdef __linux
++#include <sys/utsname.h>
++#endif
+ #include <crypto.h>
+ #include <openssl/bn.h>
+
+@@ -102,6 +105,10 @@ void OPENSSL_cpuid_setup(void)
+
+ if (sizeof(size_t)==4)
+ {
++#ifdef __linux
++ struct utsname uts;
++ if (uname(&uts)==0 && strcmp(uts.machine,"ppc64")==0)
++#endif
+ if (sigsetjmp(ill_jmp,1) == 0)
+ {
+ OPENSSL_ppc64_probe();
+--
+1.8.3.1
+
-From 154601fba4907a7eb3f98e670d62cfa15a767500 Mon Sep 17 00:00:00 2001
+From 15abbcd740eafbf2a46b5da24be76acf4982743d Mon Sep 17 00:00:00 2001
From: Yashpal Dutta <yashpal.dutta@freescale.com>
Date: Tue, 11 Mar 2014 05:56:54 +0545
-Subject: [PATCH][fsl 02/15] ECC Support header for Cryptodev Engine
+Subject: [PATCH 05/17] ECC Support header for Cryptodev Engine
Upstream-status: Pending
Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
---
- crypto/engine/eng_cryptodev_ec.h | 296 ++++++++++++++++++++++++++++++++++++++
+ crypto/engine/eng_cryptodev_ec.h | 296 +++++++++++++++++++++++++++++++++++++++
1 file changed, 296 insertions(+)
create mode 100644 crypto/engine/eng_cryptodev_ec.h
+};
+#endif
--
-1.7.9.7
+1.8.3.1
-From c994fa6c5eb9b684dd6aff45dd5e8eb98237c31e Mon Sep 17 00:00:00 2001
+From 39a9e609290a8a1163a721915bcde0c7cf8f92f7 Mon Sep 17 00:00:00 2001
From: Yashpal Dutta <yashpal.dutta@freescale.com>
Date: Tue, 11 Mar 2014 05:57:47 +0545
-Subject: [PATCH][fsl 04/15] Fixed private key support for DH
+Subject: [PATCH 06/17] Fixed private key support for DH
Upstream-status: Pending
Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
---
- crypto/dh/dh_ameth.c | 7 +++++++
+ crypto/dh/dh_ameth.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
return 1;
}
--
-1.7.9.7
+1.8.3.1
-From 408bdb2a3971edd6a949f5a93bd44d0a6f3eb823 Mon Sep 17 00:00:00 2001
+From 8322e4157bf49d992b5b9e460f2c0785865dd1c1 Mon Sep 17 00:00:00 2001
From: Yashpal Dutta <yashpal.dutta@freescale.com>
Date: Thu, 20 Mar 2014 19:55:51 -0500
-Subject: [PATCH][fsl 05/15] Fixed private key support for DH
+Subject: [PATCH 07/17] Fixed private key support for DH
Upstream-status: Pending
Tested-by: Yashpal Dutta <yashpal.dutta@freescale.com>
---
- crypto/dh/dh_ameth.c | 7 -------
+ crypto/dh/dh_ameth.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
return 1;
}
--
-1.7.9.7
+1.8.3.1
-From 8e9a39aab2fce48c117460eb1d14bcc02be6de6c Mon Sep 17 00:00:00 2001
+From 107a10d45db0f2e58482f698add04ed9183f7268 Mon Sep 17 00:00:00 2001
From: Yashpal Dutta <yashpal.dutta@freescale.com>
Date: Tue, 11 Mar 2014 06:29:52 +0545
-Subject: [PATCH][fsl 06/15] Initial support for PKC in cryptodev engine
+Subject: [PATCH 08/17] Initial support for PKC in cryptodev engine
Upstream-status: Pending
1 file changed, 1183 insertions(+), 160 deletions(-)
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 123613d..88caec1 100644
+index e3eb98b..7ee314b 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
@@ -54,11 +54,14 @@ ENGINE_load_cryptodev(void)
struct dev_crypto_state {
struct session_op d_sess;
-@@ -116,24 +121,112 @@ static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
+@@ -116,18 +121,10 @@ static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
RSA *rsa, BN_CTX *ctx);
static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
static int cryptodev_dh_compute_key(unsigned char *key,
const BIGNUM *pub_key, DH *dh);
static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
- void (*f)(void));
- void ENGINE_load_cryptodev(void);
+@@ -136,6 +133,102 @@ void ENGINE_load_cryptodev(void);
+ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
+inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
+{
static const ENGINE_CMD_DEFN cryptodev_defns[] = {
{ 0, NULL, NULL, 0 }
};
-@@ -1106,7 +1199,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+@@ -1139,7 +1232,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
static int
bn2crparam(const BIGNUM *a, struct crparam *crp)
{
ssize_t bytes, bits;
u_char *b;
-@@ -1123,15 +1215,7 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
+@@ -1156,15 +1248,7 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
crp->crp_p = (caddr_t) b;
crp->crp_nbits = bits;
return (0);
}
-@@ -1139,22 +1223,14 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
+@@ -1172,22 +1256,14 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
static int
crparam2bn(struct crparam *crp, BIGNUM *a)
{
return (0);
}
-@@ -1202,6 +1278,32 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
+@@ -1235,6 +1311,32 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
return (ret);
}
static int
cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-@@ -1217,9 +1319,9 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+@@ -1250,9 +1352,9 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
return (ret);
}
/* inputs: a^p % m */
if (bn2crparam(a, &kop.crk_param[0]))
goto err;
-@@ -1260,28 +1362,38 @@ static int
+@@ -1293,28 +1395,38 @@ static int
cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
{
struct crypt_kop kop;
kop.crk_iparams = 6;
if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
-@@ -1317,90 +1429,117 @@ static RSA_METHOD cryptodev_rsa = {
+@@ -1350,90 +1462,117 @@ static RSA_METHOD cryptodev_rsa = {
NULL /* rsa_verify */
};
}
static int
-@@ -1408,42 +1547,179 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
+@@ -1441,42 +1580,179 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
DSA_SIG *sig, DSA *dsa)
{
struct crypt_kop kop;
static DSA_METHOD cryptodev_dsa = {
"cryptodev DSA method",
NULL,
-@@ -1457,12 +1733,543 @@ static DSA_METHOD cryptodev_dsa = {
+@@ -1490,12 +1766,543 @@ static DSA_METHOD cryptodev_dsa = {
NULL /* app_data */
};
}
static int
-@@ -1470,43 +2277,234 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+@@ -1503,43 +2310,234 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
struct crypt_kop kop;
int dhret = 1;
static DH_METHOD cryptodev_dh = {
"cryptodev DH method",
NULL, /* cryptodev_dh_generate_key */
-@@ -1518,6 +2516,14 @@ static DH_METHOD cryptodev_dh = {
+@@ -1551,6 +2549,14 @@ static DH_METHOD cryptodev_dh = {
NULL /* app_data */
};
/*
* ctrl right now is just a wrapper that doesn't do much
* but I expect we'll want some options soon.
-@@ -1602,25 +2608,42 @@ ENGINE_load_cryptodev(void)
+@@ -1634,25 +2640,42 @@ ENGINE_load_cryptodev(void)
memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
if (cryptodev_asymfeat & CRF_DSA_SIGN)
cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
}
--
-1.7.9.7
+1.8.3.1
-From 6ee6f7acad9824244b32ac23248f1d12f2c2b201 Mon Sep 17 00:00:00 2001
+From 81c4c62a4f5f5542843381bfb34e39a6171d5cdd Mon Sep 17 00:00:00 2001
From: Yashpal Dutta <yashpal.dutta@freescale.com>
Date: Tue, 11 Mar 2014 06:42:59 +0545
-Subject: [PATCH][fsl 07/15] Added hwrng dev file as source of RNG
+Subject: [PATCH 09/17] Added hwrng dev file as source of RNG
Upstream-status: Pending
Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
---
- e_os.h | 2 +-
+ e_os.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/e_os.h b/e_os.h
#ifndef DEVRANDOM_EGD
/* set this to a comma-seperated list of 'egd' sockets to try out. These
--
-1.7.9.7
+1.8.3.1
+++ /dev/null
-From 6555c11c9f62fc37c60bb335cfeb5c9d641e493a Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@freescale.com>
-Date: Fri, 21 Mar 2014 16:22:27 +0200
-Subject: [PATCH][fsl 09/15] eng_cryptodev: extend TLS offload with new
- algorithms
-
-Upstream-status: Pending
-
-- aes-192-cbc-hmac-sha1
-- aes-256-cbc-hmac-sha1
-
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 41 +++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 41 insertions(+)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index c5e8fb3..e2d4c53 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -248,6 +248,8 @@ static struct {
- { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0},
- { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0},
- { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
-+ { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_192_cbc_hmac_sha1, 16, 24, 20},
-+ { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
- { 0, NID_undef, 0, 0, 0},
- };
-
-@@ -536,6 +538,8 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- /* TODO: make a seamless integration with cryptodev flags */
- switch (ctx->cipher->nid) {
- case NID_aes_128_cbc_hmac_sha1:
-+ case NID_aes_192_cbc_hmac_sha1:
-+ case NID_aes_256_cbc_hmac_sha1:
- cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
- }
- cryp.ses = sess->ses;
-@@ -729,6 +733,8 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
- /* TODO: this should be an extension of EVP_CIPHER struct */
- switch (ctx->cipher->nid) {
- case NID_aes_128_cbc_hmac_sha1:
-+ case NID_aes_192_cbc_hmac_sha1:
-+ case NID_aes_256_cbc_hmac_sha1:
- maclen = SHA_DIGEST_LENGTH;
- }
-
-@@ -871,6 +877,33 @@ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
- NULL
- };
-
-+const EVP_CIPHER cryptodev_aes_192_cbc_hmac_sha1 = {
-+ NID_aes_192_cbc_hmac_sha1,
-+ 16, 24, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
-+ NID_aes_256_cbc_hmac_sha1,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
- /*
- * Registered by the ENGINE when used to find out how to deal with
- * a particular NID in the ENGINE. this says what we'll do at the
-@@ -911,6 +944,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- case NID_aes_128_cbc_hmac_sha1:
- *cipher = &cryptodev_aes_128_cbc_hmac_sha1;
- break;
-+ case NID_aes_192_cbc_hmac_sha1:
-+ *cipher = &cryptodev_aes_192_cbc_hmac_sha1;
-+ break;
-+ case NID_aes_256_cbc_hmac_sha1:
-+ *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
-+ break;
- default:
- *cipher = NULL;
- break;
-@@ -3830,6 +3869,8 @@ ENGINE_load_cryptodev(void)
- put_dev_crypto(fd);
-
- EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
-+ EVP_add_cipher(&cryptodev_aes_192_cbc_hmac_sha1);
-+ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
- if (!ENGINE_set_id(engine, "cryptodev") ||
- !ENGINE_set_name(engine, "BSD cryptodev engine") ||
- !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
---
-1.7.9.7
-
-From 68f8054c5a1f72e40884782d2d548892406d6049 Mon Sep 17 00:00:00 2001
+From a933e6341fd8989bdd82f8a5446b6f04aa00eef9 Mon Sep 17 00:00:00 2001
From: Yashpal Dutta <yashpal.dutta@freescale.com>
Date: Tue, 11 Mar 2014 07:14:30 +0545
-Subject: [PATCH][fsl 08/15] Asynchronous interface added for PKC cryptodev
+Subject: [PATCH 10/17] Asynchronous interface added for PKC cryptodev
interface
Upstream-status: Pending
int (*init)(EC_KEY *eckey);
int (*finish)(EC_KEY *eckey);
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 88caec1..c5e8fb3 100644
+index 7ee314b..9f2416e 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
-@@ -1248,6 +1248,56 @@ zapparams(struct crypt_kop *kop)
+@@ -1281,6 +1281,56 @@ zapparams(struct crypt_kop *kop)
}
}
static int
cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
{
-@@ -1304,6 +1354,44 @@ void *cryptodev_init_instance(void)
+@@ -1337,6 +1387,44 @@ void *cryptodev_init_instance(void)
return fd;
}
static int
cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-@@ -1349,6 +1437,63 @@ err:
+@@ -1382,6 +1470,63 @@ err:
}
static int
cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
{
int r;
-@@ -1413,6 +1558,62 @@ err:
+@@ -1446,6 +1591,62 @@ err:
return (ret);
}
static RSA_METHOD cryptodev_rsa = {
"cryptodev RSA method",
NULL, /* rsa_pub_enc */
-@@ -1421,6 +1622,12 @@ static RSA_METHOD cryptodev_rsa = {
+@@ -1454,6 +1655,12 @@ static RSA_METHOD cryptodev_rsa = {
NULL, /* rsa_priv_dec */
NULL,
NULL,
NULL, /* init */
NULL, /* finish */
0, /* flags */
-@@ -1718,126 +1925,424 @@ sw_try:
+@@ -1751,126 +1958,424 @@ sw_try:
return ret;
}
goto err;
}
} else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) {
-@@ -2162,63 +2667,581 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
+@@ -2195,63 +2700,581 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
}
/**
return ret;
}
-@@ -2327,6 +3350,54 @@ sw_try:
+@@ -2360,6 +3383,54 @@ sw_try:
return (dhret);
}
int cryptodev_ecdh_compute_key(void *out, size_t outlen,
const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
void *out, size_t *outlen))
-@@ -2504,6 +3575,190 @@ err:
+@@ -2537,6 +3608,190 @@ err:
return ret;
}
static DH_METHOD cryptodev_dh = {
"cryptodev DH method",
-@@ -2512,6 +3767,8 @@ static DH_METHOD cryptodev_dh = {
+@@ -2545,6 +3800,8 @@ static DH_METHOD cryptodev_dh = {
NULL,
NULL,
NULL,
0, /* flags */
NULL /* app_data */
};
-@@ -2520,6 +3777,7 @@ static ECDH_METHOD cryptodev_ecdh = {
+@@ -2553,6 +3810,7 @@ static ECDH_METHOD cryptodev_ecdh = {
"cryptodev ECDH method",
NULL, /* cryptodev_ecdh_compute_key */
NULL,
0, /* flags */
NULL /* app_data */
};
-@@ -2593,12 +3851,19 @@ ENGINE_load_cryptodev(void)
+@@ -2625,12 +3883,19 @@ ENGINE_load_cryptodev(void)
cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
if (cryptodev_asymfeat & CRF_MOD_EXP) {
cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
}
}
-@@ -2606,12 +3871,21 @@ ENGINE_load_cryptodev(void)
+@@ -2638,12 +3903,21 @@ ENGINE_load_cryptodev(void)
const DSA_METHOD *meth = DSA_OpenSSL();
memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
}
if (ENGINE_set_DH(engine, &cryptodev_dh)){
-@@ -2620,10 +3894,15 @@ ENGINE_load_cryptodev(void)
+@@ -2652,10 +3926,15 @@ ENGINE_load_cryptodev(void)
if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
cryptodev_dh.compute_key =
cryptodev_dh_compute_key;
}
}
-@@ -2632,10 +3911,14 @@ ENGINE_load_cryptodev(void)
+@@ -2664,10 +3943,14 @@ ENGINE_load_cryptodev(void)
memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD));
if (cryptodev_asymfeat & CRF_DSA_SIGN) {
cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign;
}
}
-@@ -2644,9 +3927,16 @@ ENGINE_load_cryptodev(void)
+@@ -2676,9 +3959,16 @@ ENGINE_load_cryptodev(void)
memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD));
if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key;
int (*finish)(RSA *rsa); /* called at free */
int flags; /* RSA_METHOD_FLAG_* things */
--
-1.7.9.7
+1.8.3.1
-From a08f27a22d2c78f058b63dd2565925ca92ad08b2 Mon Sep 17 00:00:00 2001
+From e4fc051f8ae1c093b25ca346c2ec351ff3b700d1 Mon Sep 17 00:00:00 2001
From: Hou Zhiqiang <B48286@freescale.com>
Date: Wed, 2 Apr 2014 16:10:43 +0800
-Subject: [PATCH][fsl 10/15] Add RSA keygen operation and support gendsa
- command with hardware engine
+Subject: [PATCH 11/17] Add RSA keygen operation and support gendsa command
+ with hardware engine
Upstream-status: Pending
Signed-off-by: Hou Zhiqiang <B48286@freescale.com>
Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
---
- crypto/engine/eng_cryptodev.c | 118 +++++++++++++++++++++++++++++++++++++++++
+ crypto/engine/eng_cryptodev.c | 118 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 118 insertions(+)
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index e2d4c53..0a6567c 100644
+index 9f2416e..b2919a8 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
-@@ -1912,6 +1912,121 @@ err:
+@@ -1906,6 +1906,121 @@ err:
return dsaret;
}
/* Cryptodev DSA Key Gen routine */
static int cryptodev_dsa_keygen(DSA *dsa)
{
-@@ -3905,6 +4020,9 @@ ENGINE_load_cryptodev(void)
+@@ -3896,6 +4011,9 @@ ENGINE_load_cryptodev(void)
cryptodev_rsa.rsa_mod_exp_async =
cryptodev_rsa_nocrt_mod_exp_async;
}
}
--
-1.7.9.7
+1.8.3.1
-From f44fc935d5bc601cd625a64a366e64b19f2bb730 Mon Sep 17 00:00:00 2001
+From ac777f046da7151386d667391362ecb553ceee90 Mon Sep 17 00:00:00 2001
From: Yashpal Dutta <yashpal.dutta@freescale.com>
Date: Wed, 16 Apr 2014 22:53:04 +0545
-Subject: [PATCH][fsl 11/15] RSA Keygen Fix
+Subject: [PATCH 12/17] RSA Keygen Fix
Upstream-status: Pending
Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
---
- crypto/engine/eng_cryptodev.c | 12 +++++++-----
+ crypto/engine/eng_cryptodev.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 0a6567c..5d54f7e 100644
+index b2919a8..ed5f20f 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
-@@ -1921,7 +1921,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+@@ -1915,7 +1915,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
int i;
if ((fd = get_asym_dev_crypto()) < 0)
if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err;
-@@ -1942,7 +1942,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+@@ -1936,7 +1936,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
/* p length */
kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
if (!kop.crk_param[kop.crk_iparams].crp_p)
kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
kop.crk_iparams++;
-@@ -1950,7 +1950,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+@@ -1944,7 +1944,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
/* q length */
kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
if (!kop.crk_param[kop.crk_iparams].crp_p)
kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
kop.crk_iparams++;
-@@ -2015,8 +2015,10 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+@@ -2009,8 +2009,10 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
}
sw_try:
{
return ret;
--
-1.7.9.7
+1.8.3.1
-From 7a6848210c3b2f42aed4de60646e0e63c0e35fcb Mon Sep 17 00:00:00 2001
+From 6aaa306cdf878250d7b6eaf30978de313653886b Mon Sep 17 00:00:00 2001
From: Yashpal Dutta <yashpal.dutta@freescale.com>
Date: Thu, 17 Apr 2014 06:57:59 +0545
-Subject: [PATCH][fsl 12/15] Removed local copy of curve_t type
+Subject: [PATCH 13/17] Removed local copy of curve_t type
Upstream-status: Pending
Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
---
- crypto/engine/eng_cryptodev.c | 34 ++++++++++++++--------------------
- crypto/engine/eng_cryptodev_ec.h | 7 -------
+ crypto/engine/eng_cryptodev.c | 34 ++++++++++++++--------------------
+ crypto/engine/eng_cryptodev_ec.h | 7 -------
2 files changed, 14 insertions(+), 27 deletions(-)
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 5d54f7e..33447c8 100644
+index ed5f20f..5d883fa 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
-@@ -2404,12 +2404,6 @@ static ECDSA_METHOD cryptodev_ecdsa = {
+@@ -2398,12 +2398,6 @@ static ECDSA_METHOD cryptodev_ecdsa = {
NULL /* app_data */
};
/* ENGINE handler for ECDSA Sign */
static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst,
int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
-@@ -2426,7 +2420,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst,
+@@ -2420,7 +2414,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst,
const BIGNUM *order = NULL, *priv_key=NULL;
const EC_GROUP *group = NULL;
struct crypt_kop kop;
memset(&kop, 0, sizeof(kop));
ecdsa = ecdsa_check(eckey);
-@@ -2559,7 +2553,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst,
+@@ -2553,7 +2547,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst,
else
goto err;
}
}
/* Calculation of Generator point */
-@@ -2653,7 +2647,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
+@@ -2647,7 +2641,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
const EC_POINT *pub_key = NULL;
const BIGNUM *order = NULL;
const EC_GROUP *group=NULL;
struct crypt_kop kop;
memset(&kop, 0, sizeof kop);
-@@ -2798,7 +2792,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
+@@ -2792,7 +2786,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
else
goto err;
}
}
/* Calculation of Generator point */
-@@ -2899,7 +2893,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst,
+@@ -2893,7 +2887,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst,
const BIGNUM *order = NULL, *priv_key=NULL;
const EC_GROUP *group = NULL;
struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
if (!(sig->r = BN_new()) || !kop)
goto err;
-@@ -3035,7 +3029,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst,
+@@ -3029,7 +3023,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst,
else
goto err;
}
}
/* Calculation of Generator point */
-@@ -3111,7 +3105,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len,
+@@ -3105,7 +3099,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len,
const EC_POINT *pub_key = NULL;
const BIGNUM *order = NULL;
const EC_GROUP *group=NULL;
struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
if (!kop)
-@@ -3253,7 +3247,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len,
+@@ -3247,7 +3241,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len,
/* copy b' i.e c(b), instead of only b */
eng_ec_get_cparam (EC_GROUP_get_curve_name(group),
ab+q_len, q_len);
}
/* Calculation of Generator point */
-@@ -3558,7 +3552,7 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
+@@ -3552,7 +3546,7 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
void *out, size_t *outlen))
{
unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
BIGNUM * w_x = NULL, *w_y = NULL;
int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
-@@ -3684,9 +3678,9 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
+@@ -3678,9 +3672,9 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
else
goto err;
}
priv_key_len = r_len;
-@@ -3735,7 +3729,7 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
+@@ -3729,7 +3723,7 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
void *out, size_t *outlen), struct pkc_cookie_s *cookie)
{
unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
BIGNUM * w_x = NULL, *w_y = NULL;
int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
-@@ -3863,9 +3857,9 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
+@@ -3857,9 +3851,9 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
else
goto err;
}
-};
#endif
--
-1.7.9.7
+1.8.3.1
-From 8aabfeb1308188a46d3f370cd757de130e73eb9b Mon Sep 17 00:00:00 2001
+From 14623ca9e417ccef1ad3f4138acfac0ebe682f1f Mon Sep 17 00:00:00 2001
From: Yashpal Dutta <yashpal.dutta@freescale.com>
Date: Tue, 22 Apr 2014 22:58:33 +0545
-Subject: [PATCH][fsl 13/15] Modulus parameter is not populated by dhparams
+Subject: [PATCH 14/17] Modulus parameter is not populated by dhparams
Upstream-status: Pending
Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
---
- crypto/engine/eng_cryptodev.c | 4 ++--
+ crypto/engine/eng_cryptodev.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 33447c8..8de8f09 100644
+index 5d883fa..6d69336 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
-@@ -3370,7 +3370,7 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie)
+@@ -3364,7 +3364,7 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie)
kop->crk_op = CRK_DH_GENERATE_KEY;
if (bn2crparam(dh->p, &kop->crk_param[0]))
goto sw_try;
goto sw_try;
kop->crk_param[2].crp_p = g;
kop->crk_param[2].crp_nbits = g_len * 8;
-@@ -3425,7 +3425,7 @@ static int cryptodev_dh_keygen(DH *dh)
+@@ -3419,7 +3419,7 @@ static int cryptodev_dh_keygen(DH *dh)
kop.crk_op = CRK_DH_GENERATE_KEY;
if (bn2crparam(dh->p, &kop.crk_param[0]))
goto sw_try;
kop.crk_param[2].crp_p = g;
kop.crk_param[2].crp_nbits = g_len * 8;
--
-1.7.9.7
+1.8.3.1
-From 8b1ed323d08dce8b6e303ce63a82337543e9187f Mon Sep 17 00:00:00 2001
+From 10be401a33e6ebcc325d6747914c70595cd53d0a Mon Sep 17 00:00:00 2001
From: Yashpal Dutta <yashpal.dutta@freescale.com>
Date: Thu, 24 Apr 2014 00:35:34 +0545
-Subject: [PATCH][fsl 14/15] SW Backoff mechanism for dsa keygen
+Subject: [PATCH 15/17] SW Backoff mechanism for dsa keygen
Upstream-status: Pending
Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
---
- crypto/engine/eng_cryptodev.c | 12 ++++++++----
+ crypto/engine/eng_cryptodev.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 8de8f09..7c2661f 100644
+index 6d69336..dab8fea 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
-@@ -2075,8 +2075,10 @@ static int cryptodev_dsa_keygen(DSA *dsa)
+@@ -2069,8 +2069,10 @@ static int cryptodev_dsa_keygen(DSA *dsa)
return ret;
sw_try:
{
}
return ret;
}
-@@ -2130,11 +2132,13 @@ static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie)
+@@ -2124,11 +2126,13 @@ static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie)
return ret;
sw_try:
{
}
return ret;
--
-1.7.9.7
+1.8.3.1
-From 9dfc18846063a110070782ede699c513b30257e5 Mon Sep 17 00:00:00 2001
+From d2c868c6370bcc0d0a254e641907da2cdf992d62 Mon Sep 17 00:00:00 2001
From: Yashpal Dutta <yashpal.dutta@freescale.com>
Date: Thu, 1 May 2014 06:35:45 +0545
-Subject: [PATCH][fsl 15/15] Fixed DH keygen pair generator
+Subject: [PATCH 16/17] Fixed DH keygen pair generator
Upstream-status: Pending
Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
---
- crypto/engine/eng_cryptodev.c | 50 +++++++++++++++++++++++++++--------------
+ crypto/engine/eng_cryptodev.c | 50 ++++++++++++++++++++++++++++---------------
1 file changed, 33 insertions(+), 17 deletions(-)
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 7c2661f..703eee4 100644
+index dab8fea..13d924f 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
-@@ -3402,44 +3402,60 @@ sw_try:
+@@ -3396,44 +3396,60 @@ sw_try:
static int cryptodev_dh_keygen(DH *dh)
{
struct crypt_kop kop;
sw_try:
{
--
-1.7.9.7
+1.8.3.1
--- /dev/null
+From 11b55103463bac614e00d74e9f196ec4ec6bade1 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Mon, 16 Jun 2014 14:06:21 +0300
+Subject: [PATCH 17/17] cryptodev: add support for aes-gcm algorithm offloading
+
+Change-Id: I3b77dc5ef8b8f707309549244a02852d95b36168
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/17226
+---
+ apps/speed.c | 6 +-
+ crypto/engine/eng_cryptodev.c | 229 +++++++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 233 insertions(+), 2 deletions(-)
+
+diff --git a/apps/speed.c b/apps/speed.c
+index 9886ca3..099dede 100644
+--- a/apps/speed.c
++++ b/apps/speed.c
+@@ -224,7 +224,11 @@
+ #endif
+
+ #undef BUFSIZE
+-#define BUFSIZE ((long)1024*8+1)
++/* The buffer overhead allows GCM tag at the end of the encrypted data. This
++ avoids buffer overflows from cryptodev since Linux kernel GCM
++ implementation allways adds the tag - unlike e_aes.c:aes_gcm_cipher()
++ which doesn't */
++#define BUFSIZE ((long)1024*8 + EVP_GCM_TLS_TAG_LEN)
+ int run=0;
+
+ static int mr=0;
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 13d924f..4493490 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -78,8 +78,10 @@ struct dev_crypto_state {
+ struct session_op d_sess;
+ int d_fd;
+ unsigned char *aad;
+- unsigned int aad_len;
++ int aad_len;
+ unsigned int len;
++ unsigned char *iv;
++ int ivlen;
+
+ #ifdef USE_CRYPTODEV_DIGESTS
+ char dummy_mac_key[HASH_MAX_LEN];
+@@ -251,6 +253,7 @@ static struct {
+ { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0},
+ { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
+ { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
++ { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0},
+ { 0, NID_undef, 0, 0, 0},
+ };
+
+@@ -271,6 +274,19 @@ static struct {
+ };
+ #endif
+
++/* increment counter (64-bit int) by 1 */
++static void ctr64_inc(unsigned char *counter) {
++ int n=8;
++ unsigned char c;
++
++ do {
++ --n;
++ c = counter[n];
++ ++c;
++ counter[n] = c;
++ if (c) return;
++ } while (n);
++}
+ /*
+ * Return a fd if /dev/crypto seems usable, 0 otherwise.
+ */
+@@ -762,6 +778,197 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+ }
+ }
+
++static int cryptodev_init_gcm_key(EVP_CIPHER_CTX *ctx,
++ const unsigned char *key, const unsigned char *iv, int enc)
++{
++ struct dev_crypto_state *state = ctx->cipher_data;
++ struct session_op *sess = &state->d_sess;
++ int cipher = -1, i;
++ if (!iv && !key)
++ return 1;
++
++ if (iv)
++ memcpy(ctx->iv, iv, ctx->cipher->iv_len);
++
++ for (i = 0; ciphers[i].id; i++)
++ if (ctx->cipher->nid == ciphers[i].nid &&
++ ctx->cipher->iv_len <= ciphers[i].ivmax &&
++ ctx->key_len == ciphers[i].keylen) {
++ cipher = ciphers[i].id;
++ break;
++ }
++
++ if (!ciphers[i].id) {
++ state->d_fd = -1;
++ return 0;
++ }
++
++ memset(sess, 0, sizeof(struct session_op));
++
++ if ((state->d_fd = get_dev_crypto()) < 0)
++ return 0;
++
++ sess->key = (unsigned char *) key;
++ sess->keylen = ctx->key_len;
++ sess->cipher = cipher;
++
++ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
++ put_dev_crypto(state->d_fd);
++ state->d_fd = -1;
++ return 0;
++ }
++ return 1;
++}
++
++static int cryptodev_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++ const unsigned char *in, size_t len)
++{
++ struct crypt_auth_op cryp = {0};
++ struct dev_crypto_state *state = ctx->cipher_data;
++ struct session_op *sess = &state->d_sess;
++ int rv = len;
++
++ if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ?
++ EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
++ EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
++ return 0;
++
++ in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
++ out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
++ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
++
++ if (ctx->encrypt) {
++ len -= EVP_GCM_TLS_TAG_LEN;
++ }
++ cryp.ses = sess->ses;
++ cryp.len = len;
++ cryp.src = (unsigned char*) in;
++ cryp.dst = out;
++ cryp.auth_src = state->aad;
++ cryp.auth_len = state->aad_len;
++ cryp.iv = ctx->iv;
++ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
++
++ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
++ return 0;
++ }
++
++ if (ctx->encrypt)
++ ctr64_inc(state->iv + state->ivlen - 8);
++ else
++ rv = len - EVP_GCM_TLS_TAG_LEN;
++
++ return rv;
++}
++
++static int cryptodev_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++ const unsigned char *in, size_t len)
++{
++ struct crypt_auth_op cryp;
++ struct dev_crypto_state *state = ctx->cipher_data;
++ struct session_op *sess = &state->d_sess;
++
++ if (state->d_fd < 0)
++ return 0;
++
++ if ((len % ctx->cipher->block_size) != 0)
++ return 0;
++
++ if (state->aad_len >= 0)
++ return cryptodev_gcm_tls_cipher(ctx, out, in, len);
++
++ memset(&cryp, 0, sizeof(cryp));
++
++ cryp.ses = sess->ses;
++ cryp.len = len;
++ cryp.src = (unsigned char*) in;
++ cryp.dst = out;
++ cryp.auth_src = NULL;
++ cryp.auth_len = 0;
++ cryp.iv = ctx->iv;
++ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
++
++ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
++ return 0;
++ }
++
++ return len;
++}
++
++static int cryptodev_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
++ void *ptr)
++{
++ struct dev_crypto_state *state = ctx->cipher_data;
++ switch (type) {
++ case EVP_CTRL_INIT:
++ {
++ state->ivlen = ctx->cipher->iv_len;
++ state->iv = ctx->iv;
++ state->aad_len = -1;
++ return 1;
++ }
++ case EVP_CTRL_GCM_SET_IV_FIXED:
++ {
++ /* Special case: -1 length restores whole IV */
++ if (arg == -1)
++ {
++ memcpy(state->iv, ptr, state->ivlen);
++ return 1;
++ }
++ /* Fixed field must be at least 4 bytes and invocation field
++ * at least 8.
++ */
++ if ((arg < 4) || (state->ivlen - arg) < 8)
++ return 0;
++ if (arg)
++ memcpy(state->iv, ptr, arg);
++ if (ctx->encrypt &&
++ RAND_bytes(state->iv + arg, state->ivlen - arg) <= 0)
++ return 0;
++ return 1;
++ }
++ case EVP_CTRL_AEAD_TLS1_AAD:
++ {
++ unsigned int len;
++ if (arg != 13)
++ return 0;
++
++ memcpy(ctx->buf, ptr, arg);
++ len=ctx->buf[arg-2] << 8 | ctx->buf[arg-1];
++
++ /* Correct length for explicit IV */
++ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
++
++ /* If decrypting correct for tag too */
++ if (!ctx->encrypt)
++ len -= EVP_GCM_TLS_TAG_LEN;
++
++ ctx->buf[arg-2] = len >> 8;
++ ctx->buf[arg-1] = len & 0xff;
++
++ state->aad = ctx->buf;
++ state->aad_len = arg;
++ state->len = len;
++
++ /* Extra padding: tag appended to record */
++ return EVP_GCM_TLS_TAG_LEN;
++ }
++ case EVP_CTRL_GCM_SET_IV_INV:
++ {
++ if (ctx->encrypt)
++ return 0;
++ memcpy(state->iv + state->ivlen - arg, ptr, arg);
++ return 1;
++ }
++ case EVP_CTRL_GCM_IV_GEN:
++ if (arg <= 0 || arg > state->ivlen)
++ arg = state->ivlen;
++ memcpy(ptr, state->iv + state->ivlen - arg, arg);
++ return 1;
++ default:
++ return -1;
++ }
++}
+ /*
+ * libcrypto EVP stuff - this is how we get wired to EVP so the engine
+ * gets called when libcrypto requests a cipher NID.
+@@ -901,6 +1108,23 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
+ cryptodev_cbc_hmac_sha1_ctrl,
+ NULL
+ };
++
++const EVP_CIPHER cryptodev_aes_128_gcm = {
++ NID_aes_128_gcm,
++ 1, 16, 12,
++ EVP_CIPH_GCM_MODE | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1 \
++ | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
++ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT,
++ cryptodev_init_gcm_key,
++ cryptodev_gcm_cipher,
++ cryptodev_cleanup,
++ sizeof(struct dev_crypto_state),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ cryptodev_gcm_ctrl,
++ NULL
++};
++
+ /*
+ * Registered by the ENGINE when used to find out how to deal with
+ * a particular NID in the ENGINE. this says what we'll do at the
+@@ -944,6 +1168,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+ case NID_aes_256_cbc_hmac_sha1:
+ *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
+ break;
++ case NID_aes_128_gcm:
++ *cipher = &cryptodev_aes_128_gcm;
++ break;
+ default:
+ *cipher = NULL;
+ break;
+--
+1.8.3.1
+
+++ /dev/null
-Fix documentation build errors with Perl 5.18 pod2man
-
-This fixes errors building man pages with newer versions of pod2man
-included with Perl 5.18.
-
-Upstream-Status: Submitted
-Signed-off-by: Jonathan Liu
-
-Index: openssl-1.0.1f/doc/apps/cms.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/apps/cms.pod 2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/apps/cms.pod 2014-02-28 10:13:51.899979213 +0200
-@@ -450,28 +450,28 @@
-
- =over 4
-
--=item 0
-+=item Z<>0
-
- the operation was completely successfully.
-
--=item 1
-+=item Z<>1
-
- an error occurred parsing the command options.
-
--=item 2
-+=item Z<>2
-
- one of the input files could not be read.
-
--=item 3
-+=item Z<>3
-
- an error occurred creating the CMS file or when reading the MIME
- message.
-
--=item 4
-+=item Z<>4
-
- an error occurred decrypting or verifying the message.
-
--=item 5
-+=item Z<>5
-
- the message was verified correctly but an error occurred writing out
- the signers certificates.
-Index: openssl-1.0.1f/doc/apps/smime.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/apps/smime.pod 2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/apps/smime.pod 2014-02-28 10:16:57.795979233 +0200
-@@ -308,28 +308,28 @@
-
- =over 4
-
--=item 0
-+=item Z<>0
-
- the operation was completely successfully.
-
--=item 1
-+=item Z<>1
-
- an error occurred parsing the command options.
-
--=item 2
-+=item Z<>2
-
- one of the input files could not be read.
-
--=item 3
-+=item Z<>3
-
- an error occurred creating the PKCS#7 file or when reading the MIME
- message.
-
--=item 4
-+=item Z<>4
-
- an error occurred decrypting or verifying the message.
-
--=item 5
-+=item Z<>5
-
- the message was verified correctly but an error occurred writing out
- the signers certificates.
-Index: openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod 2014-02-28 10:18:09.679979225 +0200
-@@ -53,11 +53,11 @@
-
- =over 4
-
--=item 0
-+=item Z<>0
-
- The operation succeeded.
-
--=item 1
-+=item Z<>1
-
- The operation failed. Check the error queue to find out the reason.
-
-Index: openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_add_session.pod 2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod 2014-02-28 10:18:42.687979221 +0200
-@@ -52,13 +52,13 @@
-
- =over 4
-
--=item 0
-+=item Z<>0
-
- The operation failed. In case of the add operation, it was tried to add
- the same (identical) session twice. In case of the remove operation, the
- session was not found in the cache.
-
--=item 1
-+=item Z<>1
-
- The operation succeeded.
-
-Index: openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_load_verify_locations.pod 2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod 2014-02-28 10:19:09.079979218 +0200
-@@ -100,13 +100,13 @@
-
- =over 4
-
--=item 0
-+=item Z<>0
-
- The operation failed because B<CAfile> and B<CApath> are NULL or the
- processing at one of the locations specified failed. Check the error
- stack to find out the reason.
-
--=item 1
-+=item Z<>1
-
- The operation succeeded.
-
-Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod 2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod 2014-02-28 10:19:42.999979220 +0200
-@@ -66,13 +66,13 @@
-
- =over 4
-
--=item 0
-+=item Z<>0
-
- A failure while manipulating the STACK_OF(X509_NAME) object occurred or
- the X509_NAME could not be extracted from B<cacert>. Check the error stack
- to find out the reason.
-
--=item 1
-+=item Z<>1
-
- The operation succeeded.
-
-Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_session_id_context.pod 2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod 2014-02-28 10:20:06.495979211 +0200
-@@ -64,13 +64,13 @@
-
- =over 4
-
--=item 0
-+=item Z<>0
-
- The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
- the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
- is logged to the error stack.
-
--=item 1
-+=item Z<>1
-
- The operation succeeded.
-
-Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_ssl_version.pod 2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod 2014-02-28 10:20:32.111979208 +0200
-@@ -42,11 +42,11 @@
-
- =over 4
-
--=item 0
-+=item Z<>0
-
- The new choice failed, check the error stack to find out the reason.
-
--=item 1
-+=item Z<>1
-
- The operation succeeded.
-
-Index: openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2014-02-28 10:21:12.351979203 +0200
-@@ -96,7 +96,7 @@
- connection will fail with decryption_error before it will be finished
- completely.
-
--=item 0
-+=item Z<>0
-
- PSK identity was not found. An "unknown_psk_identity" alert message
- will be sent and the connection setup fails.
-Index: openssl-1.0.1f/doc/ssl/SSL_accept.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_accept.pod 2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_accept.pod 2014-02-28 10:21:51.535979215 +0200
-@@ -44,13 +44,13 @@
-
- =over 4
-
--=item 0
-+=item Z<>0
-
- The TLS/SSL handshake was not successful but was shut down controlled and
- by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
- return value B<ret> to find out the reason.
-
--=item 1
-+=item Z<>1
-
- The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
- established.
-Index: openssl-1.0.1f/doc/ssl/SSL_clear.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_clear.pod 2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_clear.pod 2014-02-28 10:22:13.087979196 +0200
-@@ -56,12 +56,12 @@
-
- =over 4
-
--=item 0
-+=item Z<>0
-
- The SSL_clear() operation could not be performed. Check the error stack to
- find out the reason.
-
--=item 1
-+=item Z<>1
-
- The SSL_clear() operation was successful.
-
-Index: openssl-1.0.1f/doc/ssl/SSL_connect.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_connect.pod 2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_connect.pod 2014-02-28 10:22:33.991979193 +0200
-@@ -41,13 +41,13 @@
-
- =over 4
-
--=item 0
-+=item Z<>0
-
- The TLS/SSL handshake was not successful but was shut down controlled and
- by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
- return value B<ret> to find out the reason.
-
--=item 1
-+=item Z<>1
-
- The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
- established.
-Index: openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_do_handshake.pod 2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod 2014-02-28 10:22:56.887979159 +0200
-@@ -45,13 +45,13 @@
-
- =over 4
-
--=item 0
-+=item Z<>0
-
- The TLS/SSL handshake was not successful but was shut down controlled and
- by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
- return value B<ret> to find out the reason.
-
--=item 1
-+=item Z<>1
-
- The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
- established.
-Index: openssl-1.0.1f/doc/ssl/SSL_read.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_read.pod 2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_read.pod 2014-02-28 10:23:15.303979188 +0200
-@@ -86,7 +86,7 @@
- The read operation was successful; the return value is the number of
- bytes actually read from the TLS/SSL connection.
-
--=item 0
-+=item Z<>0
-
- The read operation was not successful. The reason may either be a clean
- shutdown due to a "close notify" alert sent by the peer (in which case
-Index: openssl-1.0.1f/doc/ssl/SSL_session_reused.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_session_reused.pod 2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_session_reused.pod 2014-02-28 10:23:36.615979186 +0200
-@@ -27,11 +27,11 @@
-
- =over 4
-
--=item 0
-+=item Z<>0
-
- A new session was negotiated.
-
--=item 1
-+=item Z<>1
-
- A session was reused.
-
-Index: openssl-1.0.1f/doc/ssl/SSL_set_fd.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_set_fd.pod 2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_set_fd.pod 2014-02-28 10:23:57.599979183 +0200
-@@ -35,11 +35,11 @@
-
- =over 4
-
--=item 0
-+=item Z<>0
-
- The operation failed. Check the error stack to find out why.
-
--=item 1
-+=item Z<>1
-
- The operation succeeded.
-
-Index: openssl-1.0.1f/doc/ssl/SSL_set_session.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_set_session.pod 2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_set_session.pod 2014-02-28 10:24:16.943979181 +0200
-@@ -37,11 +37,11 @@
-
- =over 4
-
--=item 0
-+=item Z<>0
-
- The operation failed; check the error stack to find out the reason.
-
--=item 1
-+=item Z<>1
-
- The operation succeeded.
-
-Index: openssl-1.0.1f/doc/ssl/SSL_shutdown.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_shutdown.pod 2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_shutdown.pod 2014-02-28 10:25:03.623979175 +0200
-@@ -92,19 +92,19 @@
-
- =over 4
-
--=item 0
-+=item Z<>0
-
- The shutdown is not yet finished. Call SSL_shutdown() for a second time,
- if a bidirectional shutdown shall be performed.
- The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
- erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
-
--=item 1
-+=item Z<>1
-
- The shutdown was successfully completed. The "close notify" alert was sent
- and the peer's "close notify" alert was received.
-
--=item -1
-+=item Z<>-1
-
- The shutdown was not successful because a fatal error occurred either
- at the protocol level or a connection failure occurred. It can also occur if
-Index: openssl-1.0.1f/doc/ssl/SSL_write.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_write.pod 2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_write.pod 2014-02-28 10:25:36.031979168 +0200
-@@ -79,7 +79,7 @@
- The write operation was successful, the return value is the number of
- bytes actually written to the TLS/SSL connection.
-
--=item 0
-+=item Z<>0
-
- The write operation was not successful. Probably the underlying connection
- was closed. Call SSL_get_error() with the return value B<ret> to find out,
# base package is taken from Freescale repository
SRCBRANCH = "OpenSSL_1_0_1-stable"
SRC_URI = "git://git.openssl.org/openssl.git;branch=${SRCBRANCH} \
- file://0001-remove-double-initialization-of-cryptodev-engine.patch \
- file://0002-ECC-Support-header-for-Cryptodev-Engine.patch \
- file://0003-add-support-for-TLS-algorithms-offload.patch \
- file://0004-Fixed-private-key-support-for-DH.patch \
- file://0005-Fixed-private-key-support-for-DH.patch \
- file://0006-Initial-support-for-PKC-in-cryptodev-engine.patch \
- file://0007-Added-hwrng-dev-file-as-source-of-RNG.patch \
- file://0008-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch \
- file://0009-eng_cryptodev-extend-TLS-offload-with-new-algorithms.patch \
- file://0010-Add-RSA-keygen-operation-and-support-gendsa-command-.patch \
- file://0011-RSA-Keygen-Fix.patch \
- file://0012-Removed-local-copy-of-curve_t-type.patch \
- file://0013-Modulus-parameter-is-not-populated-by-dhparams.patch \
- file://0014-SW-Backoff-mechanism-for-dsa-keygen.patch \
- file://0015-Fixed-DH-keygen-pair-generator.patch \
+ file://0001-remove-double-initialization-of-cryptodev-engine.patch \
+ file://0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch \
+ file://0003-cryptodev-fix-algorithm-registration.patch \
+ file://0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch \
+ file://0005-ECC-Support-header-for-Cryptodev-Engine.patch \
+ file://0006-Fixed-private-key-support-for-DH.patch \
+ file://0007-Fixed-private-key-support-for-DH.patch \
+ file://0008-Initial-support-for-PKC-in-cryptodev-engine.patch \
+ file://0009-Added-hwrng-dev-file-as-source-of-RNG.patch \
+ file://0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch \
+ file://0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch \
+ file://0012-RSA-Keygen-Fix.patch \
+ file://0013-Removed-local-copy-of-curve_t-type.patch \
+ file://0014-Modulus-parameter-is-not-populated-by-dhparams.patch \
+ file://0015-SW-Backoff-mechanism-for-dsa-keygen.patch \
+ file://0016-Fixed-DH-keygen-pair-generator.patch \
+ file://0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch \
"
-SRCREV = "b2d951e4232d2f90168f9a3dd0b7df9ecf2d81a8"
+SRCREV = "2b456034457b58454aae3998a2765b6a5b9bc837"
SRC_URI += "file://configure-targets.patch \
file://shared-libs.patch \
file://debian/no-symbolic.patch \
file://debian/debian-targets.patch \
file://openssl_fix_for_x32.patch \
- file://openssl-fix-doc.patch \
file://fix-cipher-des-ede3-cfb1.patch \
file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \
