From 9d9bfaf710bc0648e9259ec9d7e7cc9eb9219cf7 Mon Sep 17 00:00:00 2001 From: Cristian Stoica Date: Wed, 7 Jan 2015 17:55:00 +0800 Subject: [PATCH] openssl: upgrade to 1.0.1i plus Freescale patches - include fixes for algorithm registration and 32-bit application hanging on E5500 cores. - add offloading suport for aes-gcm - upstream patches are kept except for the documentation patch which is no longer necessary Signed-off-by: Cristian Stoica --- .../include/qoriq-default-versions.inc | 2 +- ...e-initialization-of-cryptodev-engine.patch | 18 +- ...-support-for-TLS-algorithms-offload.patch} | 55 ++- ...cryptodev-fix-algorithm-registration.patch | 64 +++ ...t-more-robust-and-recognize-KERNEL_B.patch | 74 ++++ ...Support-header-for-Cryptodev-Engine.patch} | 8 +- ...06-Fixed-private-key-support-for-DH.patch} | 8 +- ...07-Fixed-private-key-support-for-DH.patch} | 8 +- ...support-for-PKC-in-cryptodev-engine.patch} | 39 +- ...ded-hwrng-dev-file-as-source-of-RNG.patch} | 8 +- ...tend-TLS-offload-with-new-algorithms.patch | 106 ----- ...rface-added-for-PKC-cryptodev-inter.patch} | 40 +- ...eration-and-support-gendsa-command-.patch} | 16 +- ...en-Fix.patch => 0012-RSA-Keygen-Fix.patch} | 18 +- ...-Removed-local-copy-of-curve_t-type.patch} | 38 +- ...ameter-is-not-populated-by-dhparams.patch} | 14 +- ...SW-Backoff-mechanism-for-dsa-keygen.patch} | 14 +- ...0016-Fixed-DH-keygen-pair-generator.patch} | 12 +- ...pport-for-aes-gcm-algorithm-offloadi.patch | 309 ++++++++++++++ .../openssl/openssl/openssl-fix-doc.patch | 401 ------------------ .../{openssl_1.0.1g.bb => openssl_1.0.1i.bb} | 0 ....0.1g.bbappend => openssl_1.0.1i.bbappend} | 35 +- 22 files changed, 625 insertions(+), 662 deletions(-) rename meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/{0003-add-support-for-TLS-algorithms-offload.patch => 0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch} (83%) create mode 100644 meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch create mode 100644 meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch rename meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/{0002-ECC-Support-header-for-Cryptodev-Engine.patch => 0005-ECC-Support-header-for-Cryptodev-Engine.patch} (98%) rename meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/{0004-Fixed-private-key-support-for-DH.patch => 0006-Fixed-private-key-support-for-DH.patch} (81%) rename meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/{0005-Fixed-private-key-support-for-DH.patch => 0007-Fixed-private-key-support-for-DH.patch} (82%) rename meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/{0006-Initial-support-for-PKC-in-cryptodev-engine.patch => 0008-Initial-support-for-PKC-in-cryptodev-engine.patch} (97%) rename meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/{0007-Added-hwrng-dev-file-as-source-of-RNG.patch => 0009-Added-hwrng-dev-file-as-source-of-RNG.patch} (82%) delete mode 100644 meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0009-eng_cryptodev-extend-TLS-offload-with-new-algorithms.patch rename meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/{0008-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch => 0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch} (98%) rename meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/{0010-Add-RSA-keygen-operation-and-support-gendsa-command-.patch => 0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch} (92%) rename meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/{0011-RSA-Keygen-Fix.patch => 0012-RSA-Keygen-Fix.patch} (80%) rename meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/{0012-Removed-local-copy-of-curve_t-type.patch => 0013-Removed-local-copy-of-curve_t-type.patch} (79%) rename meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/{0013-Modulus-parameter-is-not-populated-by-dhparams.patch => 0014-Modulus-parameter-is-not-populated-by-dhparams.patch} (78%) rename meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/{0014-SW-Backoff-mechanism-for-dsa-keygen.patch => 0015-SW-Backoff-mechanism-for-dsa-keygen.patch} (77%) rename meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/{0015-Fixed-DH-keygen-pair-generator.patch => 0016-Fixed-DH-keygen-pair-generator.patch} (90%) create mode 100644 meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch delete mode 100644 meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-fix-doc.patch rename meta-fsl-ppc/recipes-connectivity/openssl/{openssl_1.0.1g.bb => openssl_1.0.1i.bb} (100%) rename meta-fsl-ppc/recipes-connectivity/openssl/{openssl_1.0.1g.bbappend => openssl_1.0.1i.bbappend} (63%) diff --git a/meta-fsl-ppc/conf/machine/include/qoriq-default-versions.inc b/meta-fsl-ppc/conf/machine/include/qoriq-default-versions.inc index 3bb03ba0..639e61e9 100644 --- a/meta-fsl-ppc/conf/machine/include/qoriq-default-versions.inc +++ b/meta-fsl-ppc/conf/machine/include/qoriq-default-versions.inc @@ -1,3 +1,3 @@ PREFERRED_VERSION_qemu = "1.7+fsl" -PREFERRED_VERSION_openssl = "1.0.1g" +PREFERRED_VERSION_openssl = "1.0.1i" diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch index eae68780..233cf6e2 100644 --- a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch @@ -1,20 +1,20 @@ -From f174dd904fb4995a89eed53be3e2ebf7bee25a9b Mon Sep 17 00:00:00 2001 +From 9297e3834518ff0558d6e7004a62adfd107e659a Mon Sep 17 00:00:00 2001 From: Cristian Stoica Date: Tue, 10 Sep 2013 12:46:46 +0300 -Subject: [PATCH][fsl 01/15] remove double initialization of cryptodev engine - -Upstream-status: Pending +Subject: [PATCH 01/17] remove double initialization of cryptodev engine cryptodev engine is initialized together with the other engines in ENGINE_load_builtin_engines. The initialization done through OpenSSL_add_all_algorithms is redundant. +Change-Id: Ic9488500967595543ff846f147b36f383db7cb27 Signed-off-by: Cristian Stoica +Reviewed-on: http://git.am.freescale.net:8181/17222 --- - crypto/engine/eng_all.c | 11 ----------- - crypto/engine/engine.h | 4 ---- - crypto/evp/c_all.c | 5 ----- - util/libeay.num | 2 +- + crypto/engine/eng_all.c | 11 ----------- + crypto/engine/engine.h | 4 ---- + crypto/evp/c_all.c | 5 ----- + util/libeay.num | 2 +- 4 files changed, 1 insertion(+), 21 deletions(-) diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c @@ -79,5 +79,5 @@ index aa86b2b..ae50040 100755 EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION: -- -1.7.9.7 +1.8.3.1 diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0003-add-support-for-TLS-algorithms-offload.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch similarity index 83% rename from meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0003-add-support-for-TLS-algorithms-offload.patch rename to meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch index dd99ca9f..0b77bfa8 100644 --- a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0003-add-support-for-TLS-algorithms-offload.patch +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch @@ -1,20 +1,23 @@ -From 1a8886909afc7e4c9e8539644c815baee8ee4816 Mon Sep 17 00:00:00 2001 +From dfd6ba263dc25ea2a4bbc32448b24ca2b1fc40e8 Mon Sep 17 00:00:00 2001 From: Cristian Stoica Date: Thu, 29 Aug 2013 16:51:18 +0300 -Subject: [PATCH][fsl 03/15] add support for TLS algorithms offload +Subject: [PATCH 02/17] eng_cryptodev: add support for TLS algorithms offload -Upstream-status: Pending +- aes-128-cbc-hmac-sha1 +- aes-256-cbc-hmac-sha1 Requires TLS patches on cryptodev and TLS algorithm support in Linux kernel driver. +Change-Id: I43048caa348414daddd6c1a5cdc55e769ac1945f Signed-off-by: Cristian Stoica +Reviewed-on: http://git.am.freescale.net:8181/17223 --- - crypto/engine/eng_cryptodev.c | 204 ++++++++++++++++++++++++++++++++++++++--- - 1 file changed, 193 insertions(+), 11 deletions(-) + crypto/engine/eng_cryptodev.c | 222 +++++++++++++++++++++++++++++++++++++++--- + 1 file changed, 211 insertions(+), 11 deletions(-) diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 5a715ac..123613d 100644 +index 5a715ac..7588a28 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -72,6 +72,9 @@ ENGINE_load_cryptodev(void) @@ -27,7 +30,7 @@ index 5a715ac..123613d 100644 #ifdef USE_CRYPTODEV_DIGESTS char dummy_mac_key[HASH_MAX_LEN]; -@@ -140,17 +143,19 @@ static struct { +@@ -140,17 +143,20 @@ static struct { int nid; int ivmax; int keylen; @@ -53,11 +56,12 @@ index 5a715ac..123613d 100644 + { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0}, + { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0}, + { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20}, ++ { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20}, + { 0, NID_undef, 0, 0, 0}, }; #ifdef USE_CRYPTODEV_DIGESTS -@@ -250,13 +255,15 @@ get_cryptodev_ciphers(const int **cnids) +@@ -250,13 +256,15 @@ get_cryptodev_ciphers(const int **cnids) } memset(&sess, 0, sizeof(sess)); sess.key = (caddr_t)"123456789abcdefghijklmno"; @@ -74,7 +78,7 @@ index 5a715ac..123613d 100644 if (ioctl(fd, CIOCGSESSION, &sess) != -1 && ioctl(fd, CIOCFSESSION, &sess.ses) != -1) nids[count++] = ciphers[i].nid; -@@ -414,6 +421,67 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +@@ -414,6 +422,67 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return (1); } @@ -100,11 +104,11 @@ index 5a715ac..123613d 100644 + /* TODO: make a seamless integration with cryptodev flags */ + switch (ctx->cipher->nid) { + case NID_aes_128_cbc_hmac_sha1: ++ case NID_aes_256_cbc_hmac_sha1: + cryp.flags = COP_FLAG_AEAD_TLS_TYPE; + } + cryp.ses = sess->ses; + cryp.len = state->len; -+ cryp.dst_len = len; + cryp.src = (caddr_t) in; + cryp.dst = (caddr_t) out; + cryp.auth_src = state->aad; @@ -142,7 +146,7 @@ index 5a715ac..123613d 100644 static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) -@@ -452,6 +520,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +@@ -452,6 +521,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return (1); } @@ -188,7 +192,7 @@ index 5a715ac..123613d 100644 /* * free anything we allocated earlier when initting a * session, and close the session. -@@ -488,6 +595,63 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx) +@@ -488,6 +596,63 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx) return (ret); } @@ -224,7 +228,6 @@ index 5a715ac..123613d 100644 + unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1]; + unsigned int maclen, padlen; + unsigned int bs = ctx->cipher->block_size; -+ int j; + + state->aad = ptr; + state->aad_len = arg; @@ -233,6 +236,7 @@ index 5a715ac..123613d 100644 + /* TODO: this should be an extension of EVP_CIPHER struct */ + switch (ctx->cipher->nid) { + case NID_aes_128_cbc_hmac_sha1: ++ case NID_aes_256_cbc_hmac_sha1: + maclen = SHA_DIGEST_LENGTH; + } + @@ -252,7 +256,7 @@ index 5a715ac..123613d 100644 /* * libcrypto EVP stuff - this is how we get wired to EVP so the engine * gets called when libcrypto requests a cipher NID. -@@ -600,6 +764,20 @@ const EVP_CIPHER cryptodev_aes_256_cbc = { +@@ -600,6 +765,33 @@ const EVP_CIPHER cryptodev_aes_256_cbc = { NULL }; @@ -270,27 +274,44 @@ index 5a715ac..123613d 100644 + NULL +}; + ++const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = { ++ NID_aes_256_cbc_hmac_sha1, ++ 16, 32, 16, ++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, ++ cryptodev_init_aead_key, ++ cryptodev_aead_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ cryptodev_cbc_hmac_sha1_ctrl, ++ NULL ++}; /* * Registered by the ENGINE when used to find out how to deal with * a particular NID in the ENGINE. this says what we'll do at the -@@ -637,6 +815,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, +@@ -637,6 +829,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, case NID_aes_256_cbc: *cipher = &cryptodev_aes_256_cbc; break; + case NID_aes_128_cbc_hmac_sha1: + *cipher = &cryptodev_aes_128_cbc_hmac_sha1; ++ break; ++ case NID_aes_256_cbc_hmac_sha1: ++ *cipher = &cryptodev_aes_256_cbc_hmac_sha1; + break; default: *cipher = NULL; break; -@@ -1384,6 +1565,7 @@ ENGINE_load_cryptodev(void) +@@ -1384,6 +1582,8 @@ ENGINE_load_cryptodev(void) } put_dev_crypto(fd); + EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); ++ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); if (!ENGINE_set_id(engine, "cryptodev") || !ENGINE_set_name(engine, "BSD cryptodev engine") || !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || -- -1.7.9.7 +1.8.3.1 diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch new file mode 100644 index 00000000..b31668e1 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch @@ -0,0 +1,64 @@ +From 084fa469a8fef530d71a0870364df1c7997f6465 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Thu, 31 Jul 2014 14:06:19 +0300 +Subject: [PATCH 03/17] cryptodev: fix algorithm registration + +Cryptodev specific algorithms must register only if available in kernel. + +Change-Id: Iec5af8f4f3138357e4b96f2ec1627278134e4808 +Signed-off-by: Cristian Stoica +Reviewed-on: http://git.am.freescale.net:8181/15326 +Reviewed-by: Horia Ioan Geanta Neag +Reviewed-on: http://git.am.freescale.net:8181/17224 +--- + crypto/engine/eng_cryptodev.c | 20 +++++++++++++++++--- + 1 file changed, 17 insertions(+), 3 deletions(-) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index 7588a28..e3eb98b 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -133,6 +133,8 @@ static int cryptodev_dh_compute_key(unsigned char *key, + static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, + void (*f)(void)); + void ENGINE_load_cryptodev(void); ++const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; ++const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; + + static const ENGINE_CMD_DEFN cryptodev_defns[] = { + { 0, NULL, NULL, 0 } +@@ -342,7 +344,21 @@ get_cryptodev_digests(const int **cnids) + static int + cryptodev_usable_ciphers(const int **nids) + { +- return (get_cryptodev_ciphers(nids)); ++ int i, count; ++ ++ count = get_cryptodev_ciphers(nids); ++ /* add ciphers specific to cryptodev if found in kernel */ ++ for(i = 0; i < count; i++) { ++ switch (*(*nids + i)) { ++ case NID_aes_128_cbc_hmac_sha1: ++ EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); ++ break; ++ case NID_aes_256_cbc_hmac_sha1: ++ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); ++ break; ++ } ++ } ++ return count; + } + + static int +@@ -1582,8 +1598,6 @@ ENGINE_load_cryptodev(void) + } + put_dev_crypto(fd); + +- EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); +- EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); + if (!ENGINE_set_id(engine, "cryptodev") || + !ENGINE_set_name(engine, "BSD cryptodev engine") || + !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch new file mode 100644 index 00000000..af30ad3d --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch @@ -0,0 +1,74 @@ +From 7d770f0324498d1fa78300cc5cecc8c1dcd3b788 Mon Sep 17 00:00:00 2001 +From: Andy Polyakov +Date: Sun, 21 Oct 2012 18:19:41 +0000 +Subject: [PATCH 04/17] linux-pcc: make it more robust and recognize + KERNEL_BITS variable. + +(cherry picked from commit 78c3e20579d3baa159c8b51b59d415b6e521614b) + +Change-Id: I769c466f052305681ab54a1b6545d94c7fbf5a9d +Signed-off-by: Cristian Stoica +--- + config | 19 +++++++++++++------ + crypto/ppccap.c | 7 +++++++ + 2 files changed, 20 insertions(+), 6 deletions(-) + +diff --git a/config b/config +index 41fa2a6..f37b9e6 100755 +--- a/config ++++ b/config +@@ -587,13 +587,20 @@ case "$GUESSOS" in + fi + ;; + ppc64-*-linux2) +- echo "WARNING! If you wish to build 64-bit library, then you have to" +- echo " invoke './Configure linux-ppc64' *manually*." +- if [ "$TEST" = "false" -a -t 1 ]; then +- echo " You have about 5 seconds to press Ctrl-C to abort." +- (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1 ++ if [ -z "$KERNEL_BITS" ]; then ++ echo "WARNING! If you wish to build 64-bit library, then you have to" ++ echo " invoke './Configure linux-ppc64' *manually*." ++ if [ "$TEST" = "false" -a -t 1 ]; then ++ echo " You have about 5 seconds to press Ctrl-C to abort." ++ (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1 ++ fi ++ fi ++ if [ "$KERNEL_BITS" = "64" ]; then ++ OUT="linux-ppc64" ++ else ++ OUT="linux-ppc" ++ (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || options="$options -m32" + fi +- OUT="linux-ppc" + ;; + ppc-*-linux2) OUT="linux-ppc" ;; + ppc60x-*-vxworks*) OUT="vxworks-ppc60x" ;; +diff --git a/crypto/ppccap.c b/crypto/ppccap.c +index f71ba66..531f1b3 100644 +--- a/crypto/ppccap.c ++++ b/crypto/ppccap.c +@@ -4,6 +4,9 @@ + #include + #include + #include ++#ifdef __linux ++#include ++#endif + #include + #include + +@@ -102,6 +105,10 @@ void OPENSSL_cpuid_setup(void) + + if (sizeof(size_t)==4) + { ++#ifdef __linux ++ struct utsname uts; ++ if (uname(&uts)==0 && strcmp(uts.machine,"ppc64")==0) ++#endif + if (sigsetjmp(ill_jmp,1) == 0) + { + OPENSSL_ppc64_probe(); +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0002-ECC-Support-header-for-Cryptodev-Engine.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch similarity index 98% rename from meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0002-ECC-Support-header-for-Cryptodev-Engine.patch rename to meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch index 717a345a..cfcf4a66 100644 --- a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0002-ECC-Support-header-for-Cryptodev-Engine.patch +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch @@ -1,13 +1,13 @@ -From 154601fba4907a7eb3f98e670d62cfa15a767500 Mon Sep 17 00:00:00 2001 +From 15abbcd740eafbf2a46b5da24be76acf4982743d Mon Sep 17 00:00:00 2001 From: Yashpal Dutta Date: Tue, 11 Mar 2014 05:56:54 +0545 -Subject: [PATCH][fsl 02/15] ECC Support header for Cryptodev Engine +Subject: [PATCH 05/17] ECC Support header for Cryptodev Engine Upstream-status: Pending Signed-off-by: Yashpal Dutta --- - crypto/engine/eng_cryptodev_ec.h | 296 ++++++++++++++++++++++++++++++++++++++ + crypto/engine/eng_cryptodev_ec.h | 296 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 296 insertions(+) create mode 100644 crypto/engine/eng_cryptodev_ec.h @@ -314,5 +314,5 @@ index 0000000..77aee71 +}; +#endif -- -1.7.9.7 +1.8.3.1 diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0004-Fixed-private-key-support-for-DH.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch similarity index 81% rename from meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0004-Fixed-private-key-support-for-DH.patch rename to meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch index 607f6035..41f48a2f 100644 --- a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0004-Fixed-private-key-support-for-DH.patch +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch @@ -1,13 +1,13 @@ -From c994fa6c5eb9b684dd6aff45dd5e8eb98237c31e Mon Sep 17 00:00:00 2001 +From 39a9e609290a8a1163a721915bcde0c7cf8f92f7 Mon Sep 17 00:00:00 2001 From: Yashpal Dutta Date: Tue, 11 Mar 2014 05:57:47 +0545 -Subject: [PATCH][fsl 04/15] Fixed private key support for DH +Subject: [PATCH 06/17] Fixed private key support for DH Upstream-status: Pending Signed-off-by: Yashpal Dutta --- - crypto/dh/dh_ameth.c | 7 +++++++ + crypto/dh/dh_ameth.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c @@ -29,5 +29,5 @@ index 02ec2d4..ed32004 100644 return 1; } -- -1.7.9.7 +1.8.3.1 diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0005-Fixed-private-key-support-for-DH.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch similarity index 82% rename from meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0005-Fixed-private-key-support-for-DH.patch rename to meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch index 06dff881..f507fff7 100644 --- a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0005-Fixed-private-key-support-for-DH.patch +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch @@ -1,7 +1,7 @@ -From 408bdb2a3971edd6a949f5a93bd44d0a6f3eb823 Mon Sep 17 00:00:00 2001 +From 8322e4157bf49d992b5b9e460f2c0785865dd1c1 Mon Sep 17 00:00:00 2001 From: Yashpal Dutta Date: Thu, 20 Mar 2014 19:55:51 -0500 -Subject: [PATCH][fsl 05/15] Fixed private key support for DH +Subject: [PATCH 07/17] Fixed private key support for DH Upstream-status: Pending @@ -9,7 +9,7 @@ Required Length of the DH result is not returned in dh method in openssl Tested-by: Yashpal Dutta --- - crypto/dh/dh_ameth.c | 7 ------- + crypto/dh/dh_ameth.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c @@ -31,5 +31,5 @@ index ed32004..02ec2d4 100644 return 1; } -- -1.7.9.7 +1.8.3.1 diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0006-Initial-support-for-PKC-in-cryptodev-engine.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch similarity index 97% rename from meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0006-Initial-support-for-PKC-in-cryptodev-engine.patch rename to meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch index b5ac55db..6903c88d 100644 --- a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0006-Initial-support-for-PKC-in-cryptodev-engine.patch +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch @@ -1,7 +1,7 @@ -From 8e9a39aab2fce48c117460eb1d14bcc02be6de6c Mon Sep 17 00:00:00 2001 +From 107a10d45db0f2e58482f698add04ed9183f7268 Mon Sep 17 00:00:00 2001 From: Yashpal Dutta Date: Tue, 11 Mar 2014 06:29:52 +0545 -Subject: [PATCH][fsl 06/15] Initial support for PKC in cryptodev engine +Subject: [PATCH 08/17] Initial support for PKC in cryptodev engine Upstream-status: Pending @@ -11,7 +11,7 @@ Signed-off-by: Yashpal Dutta 1 file changed, 1183 insertions(+), 160 deletions(-) diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 123613d..88caec1 100644 +index e3eb98b..7ee314b 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -54,11 +54,14 @@ ENGINE_load_cryptodev(void) @@ -39,7 +39,7 @@ index 123613d..88caec1 100644 struct dev_crypto_state { struct session_op d_sess; -@@ -116,24 +121,112 @@ static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, +@@ -116,18 +121,10 @@ static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); @@ -58,8 +58,9 @@ index 123613d..88caec1 100644 static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, - void (*f)(void)); - void ENGINE_load_cryptodev(void); +@@ -136,6 +133,102 @@ void ENGINE_load_cryptodev(void); + const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; + const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; +inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) +{ @@ -160,7 +161,7 @@ index 123613d..88caec1 100644 static const ENGINE_CMD_DEFN cryptodev_defns[] = { { 0, NULL, NULL, 0 } }; -@@ -1106,7 +1199,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, +@@ -1139,7 +1232,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, static int bn2crparam(const BIGNUM *a, struct crparam *crp) { @@ -168,7 +169,7 @@ index 123613d..88caec1 100644 ssize_t bytes, bits; u_char *b; -@@ -1123,15 +1215,7 @@ bn2crparam(const BIGNUM *a, struct crparam *crp) +@@ -1156,15 +1248,7 @@ bn2crparam(const BIGNUM *a, struct crparam *crp) crp->crp_p = (caddr_t) b; crp->crp_nbits = bits; @@ -185,7 +186,7 @@ index 123613d..88caec1 100644 return (0); } -@@ -1139,22 +1223,14 @@ bn2crparam(const BIGNUM *a, struct crparam *crp) +@@ -1172,22 +1256,14 @@ bn2crparam(const BIGNUM *a, struct crparam *crp) static int crparam2bn(struct crparam *crp, BIGNUM *a) { @@ -210,7 +211,7 @@ index 123613d..88caec1 100644 return (0); } -@@ -1202,6 +1278,32 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) +@@ -1235,6 +1311,32 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) return (ret); } @@ -243,7 +244,7 @@ index 123613d..88caec1 100644 static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) -@@ -1217,9 +1319,9 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +@@ -1250,9 +1352,9 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, return (ret); } @@ -255,7 +256,7 @@ index 123613d..88caec1 100644 /* inputs: a^p % m */ if (bn2crparam(a, &kop.crk_param[0])) goto err; -@@ -1260,28 +1362,38 @@ static int +@@ -1293,28 +1395,38 @@ static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { struct crypt_kop kop; @@ -308,7 +309,7 @@ index 123613d..88caec1 100644 kop.crk_iparams = 6; if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) { -@@ -1317,90 +1429,117 @@ static RSA_METHOD cryptodev_rsa = { +@@ -1350,90 +1462,117 @@ static RSA_METHOD cryptodev_rsa = { NULL /* rsa_verify */ }; @@ -488,7 +489,7 @@ index 123613d..88caec1 100644 } static int -@@ -1408,42 +1547,179 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen, +@@ -1441,42 +1580,179 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen, DSA_SIG *sig, DSA *dsa) { struct crypt_kop kop; @@ -686,7 +687,7 @@ index 123613d..88caec1 100644 static DSA_METHOD cryptodev_dsa = { "cryptodev DSA method", NULL, -@@ -1457,12 +1733,543 @@ static DSA_METHOD cryptodev_dsa = { +@@ -1490,12 +1766,543 @@ static DSA_METHOD cryptodev_dsa = { NULL /* app_data */ }; @@ -1235,7 +1236,7 @@ index 123613d..88caec1 100644 } static int -@@ -1470,43 +2277,234 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) +@@ -1503,43 +2310,234 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) { struct crypt_kop kop; int dhret = 1; @@ -1488,7 +1489,7 @@ index 123613d..88caec1 100644 static DH_METHOD cryptodev_dh = { "cryptodev DH method", NULL, /* cryptodev_dh_generate_key */ -@@ -1518,6 +2516,14 @@ static DH_METHOD cryptodev_dh = { +@@ -1551,6 +2549,14 @@ static DH_METHOD cryptodev_dh = { NULL /* app_data */ }; @@ -1503,7 +1504,7 @@ index 123613d..88caec1 100644 /* * ctrl right now is just a wrapper that doesn't do much * but I expect we'll want some options soon. -@@ -1602,25 +2608,42 @@ ENGINE_load_cryptodev(void) +@@ -1634,25 +2640,42 @@ ENGINE_load_cryptodev(void) memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); if (cryptodev_asymfeat & CRF_DSA_SIGN) cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; @@ -1559,5 +1560,5 @@ index 123613d..88caec1 100644 } -- -1.7.9.7 +1.8.3.1 diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0007-Added-hwrng-dev-file-as-source-of-RNG.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch similarity index 82% rename from meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0007-Added-hwrng-dev-file-as-source-of-RNG.patch rename to meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch index afe9f7cf..6a69c324 100644 --- a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0007-Added-hwrng-dev-file-as-source-of-RNG.patch +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch @@ -1,13 +1,13 @@ -From 6ee6f7acad9824244b32ac23248f1d12f2c2b201 Mon Sep 17 00:00:00 2001 +From 81c4c62a4f5f5542843381bfb34e39a6171d5cdd Mon Sep 17 00:00:00 2001 From: Yashpal Dutta Date: Tue, 11 Mar 2014 06:42:59 +0545 -Subject: [PATCH][fsl 07/15] Added hwrng dev file as source of RNG +Subject: [PATCH 09/17] Added hwrng dev file as source of RNG Upstream-status: Pending Signed-off-by: Yashpal Dutta --- - e_os.h | 2 +- + e_os.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e_os.h b/e_os.h @@ -24,5 +24,5 @@ index 6a0aad1..57c0563 100644 #ifndef DEVRANDOM_EGD /* set this to a comma-seperated list of 'egd' sockets to try out. These -- -1.7.9.7 +1.8.3.1 diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0009-eng_cryptodev-extend-TLS-offload-with-new-algorithms.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0009-eng_cryptodev-extend-TLS-offload-with-new-algorithms.patch deleted file mode 100644 index a4178841..00000000 --- a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0009-eng_cryptodev-extend-TLS-offload-with-new-algorithms.patch +++ /dev/null @@ -1,106 +0,0 @@ -From 6555c11c9f62fc37c60bb335cfeb5c9d641e493a Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Fri, 21 Mar 2014 16:22:27 +0200 -Subject: [PATCH][fsl 09/15] eng_cryptodev: extend TLS offload with new - algorithms - -Upstream-status: Pending - -- aes-192-cbc-hmac-sha1 -- aes-256-cbc-hmac-sha1 - -Signed-off-by: Cristian Stoica ---- - crypto/engine/eng_cryptodev.c | 41 +++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 41 insertions(+) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index c5e8fb3..e2d4c53 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -248,6 +248,8 @@ static struct { - { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0}, - { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0}, - { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20}, -+ { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_192_cbc_hmac_sha1, 16, 24, 20}, -+ { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20}, - { 0, NID_undef, 0, 0, 0}, - }; - -@@ -536,6 +538,8 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - /* TODO: make a seamless integration with cryptodev flags */ - switch (ctx->cipher->nid) { - case NID_aes_128_cbc_hmac_sha1: -+ case NID_aes_192_cbc_hmac_sha1: -+ case NID_aes_256_cbc_hmac_sha1: - cryp.flags = COP_FLAG_AEAD_TLS_TYPE; - } - cryp.ses = sess->ses; -@@ -729,6 +733,8 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - /* TODO: this should be an extension of EVP_CIPHER struct */ - switch (ctx->cipher->nid) { - case NID_aes_128_cbc_hmac_sha1: -+ case NID_aes_192_cbc_hmac_sha1: -+ case NID_aes_256_cbc_hmac_sha1: - maclen = SHA_DIGEST_LENGTH; - } - -@@ -871,6 +877,33 @@ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = { - NULL - }; - -+const EVP_CIPHER cryptodev_aes_192_cbc_hmac_sha1 = { -+ NID_aes_192_cbc_hmac_sha1, -+ 16, 24, 16, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, -+ cryptodev_init_aead_key, -+ cryptodev_aead_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_cbc_hmac_sha1_ctrl, -+ NULL -+}; -+ -+const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = { -+ NID_aes_256_cbc_hmac_sha1, -+ 16, 32, 16, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, -+ cryptodev_init_aead_key, -+ cryptodev_aead_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_cbc_hmac_sha1_ctrl, -+ NULL -+}; - /* - * Registered by the ENGINE when used to find out how to deal with - * a particular NID in the ENGINE. this says what we'll do at the -@@ -911,6 +944,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - case NID_aes_128_cbc_hmac_sha1: - *cipher = &cryptodev_aes_128_cbc_hmac_sha1; - break; -+ case NID_aes_192_cbc_hmac_sha1: -+ *cipher = &cryptodev_aes_192_cbc_hmac_sha1; -+ break; -+ case NID_aes_256_cbc_hmac_sha1: -+ *cipher = &cryptodev_aes_256_cbc_hmac_sha1; -+ break; - default: - *cipher = NULL; - break; -@@ -3830,6 +3869,8 @@ ENGINE_load_cryptodev(void) - put_dev_crypto(fd); - - EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); -+ EVP_add_cipher(&cryptodev_aes_192_cbc_hmac_sha1); -+ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); - if (!ENGINE_set_id(engine, "cryptodev") || - !ENGINE_set_name(engine, "BSD cryptodev engine") || - !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || --- -1.7.9.7 - diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0008-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch similarity index 98% rename from meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0008-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch rename to meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch index d8b5d952..b7702d10 100644 --- a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0008-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch @@ -1,7 +1,7 @@ -From 68f8054c5a1f72e40884782d2d548892406d6049 Mon Sep 17 00:00:00 2001 +From a933e6341fd8989bdd82f8a5446b6f04aa00eef9 Mon Sep 17 00:00:00 2001 From: Yashpal Dutta Date: Tue, 11 Mar 2014 07:14:30 +0545 -Subject: [PATCH][fsl 08/15] Asynchronous interface added for PKC cryptodev +Subject: [PATCH 10/17] Asynchronous interface added for PKC cryptodev interface Upstream-status: Pending @@ -116,10 +116,10 @@ index cb3be13..eb0ebe0 100644 int (*init)(EC_KEY *eckey); int (*finish)(EC_KEY *eckey); diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 88caec1..c5e8fb3 100644 +index 7ee314b..9f2416e 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c -@@ -1248,6 +1248,56 @@ zapparams(struct crypt_kop *kop) +@@ -1281,6 +1281,56 @@ zapparams(struct crypt_kop *kop) } } @@ -176,7 +176,7 @@ index 88caec1..c5e8fb3 100644 static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) { -@@ -1304,6 +1354,44 @@ void *cryptodev_init_instance(void) +@@ -1337,6 +1387,44 @@ void *cryptodev_init_instance(void) return fd; } @@ -221,7 +221,7 @@ index 88caec1..c5e8fb3 100644 static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) -@@ -1349,6 +1437,63 @@ err: +@@ -1382,6 +1470,63 @@ err: } static int @@ -285,7 +285,7 @@ index 88caec1..c5e8fb3 100644 cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { int r; -@@ -1413,6 +1558,62 @@ err: +@@ -1446,6 +1591,62 @@ err: return (ret); } @@ -348,7 +348,7 @@ index 88caec1..c5e8fb3 100644 static RSA_METHOD cryptodev_rsa = { "cryptodev RSA method", NULL, /* rsa_pub_enc */ -@@ -1421,6 +1622,12 @@ static RSA_METHOD cryptodev_rsa = { +@@ -1454,6 +1655,12 @@ static RSA_METHOD cryptodev_rsa = { NULL, /* rsa_priv_dec */ NULL, NULL, @@ -361,7 +361,7 @@ index 88caec1..c5e8fb3 100644 NULL, /* init */ NULL, /* finish */ 0, /* flags */ -@@ -1718,126 +1925,424 @@ sw_try: +@@ -1751,126 +1958,424 @@ sw_try: return ret; } @@ -875,7 +875,7 @@ index 88caec1..c5e8fb3 100644 goto err; } } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) { -@@ -2162,63 +2667,581 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, +@@ -2195,63 +2700,581 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, } /** @@ -1507,7 +1507,7 @@ index 88caec1..c5e8fb3 100644 return ret; } -@@ -2327,6 +3350,54 @@ sw_try: +@@ -2360,6 +3383,54 @@ sw_try: return (dhret); } @@ -1562,7 +1562,7 @@ index 88caec1..c5e8fb3 100644 int cryptodev_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)) -@@ -2504,6 +3575,190 @@ err: +@@ -2537,6 +3608,190 @@ err: return ret; } @@ -1753,7 +1753,7 @@ index 88caec1..c5e8fb3 100644 static DH_METHOD cryptodev_dh = { "cryptodev DH method", -@@ -2512,6 +3767,8 @@ static DH_METHOD cryptodev_dh = { +@@ -2545,6 +3800,8 @@ static DH_METHOD cryptodev_dh = { NULL, NULL, NULL, @@ -1762,7 +1762,7 @@ index 88caec1..c5e8fb3 100644 0, /* flags */ NULL /* app_data */ }; -@@ -2520,6 +3777,7 @@ static ECDH_METHOD cryptodev_ecdh = { +@@ -2553,6 +3810,7 @@ static ECDH_METHOD cryptodev_ecdh = { "cryptodev ECDH method", NULL, /* cryptodev_ecdh_compute_key */ NULL, @@ -1770,7 +1770,7 @@ index 88caec1..c5e8fb3 100644 0, /* flags */ NULL /* app_data */ }; -@@ -2593,12 +3851,19 @@ ENGINE_load_cryptodev(void) +@@ -2625,12 +3883,19 @@ ENGINE_load_cryptodev(void) cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; if (cryptodev_asymfeat & CRF_MOD_EXP) { cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp; @@ -1792,7 +1792,7 @@ index 88caec1..c5e8fb3 100644 } } -@@ -2606,12 +3871,21 @@ ENGINE_load_cryptodev(void) +@@ -2638,12 +3903,21 @@ ENGINE_load_cryptodev(void) const DSA_METHOD *meth = DSA_OpenSSL(); memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); @@ -1817,7 +1817,7 @@ index 88caec1..c5e8fb3 100644 } if (ENGINE_set_DH(engine, &cryptodev_dh)){ -@@ -2620,10 +3894,15 @@ ENGINE_load_cryptodev(void) +@@ -2652,10 +3926,15 @@ ENGINE_load_cryptodev(void) if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { cryptodev_dh.compute_key = cryptodev_dh_compute_key; @@ -1833,7 +1833,7 @@ index 88caec1..c5e8fb3 100644 } } -@@ -2632,10 +3911,14 @@ ENGINE_load_cryptodev(void) +@@ -2664,10 +3943,14 @@ ENGINE_load_cryptodev(void) memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD)); if (cryptodev_asymfeat & CRF_DSA_SIGN) { cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign; @@ -1848,7 +1848,7 @@ index 88caec1..c5e8fb3 100644 } } -@@ -2644,9 +3927,16 @@ ENGINE_load_cryptodev(void) +@@ -2676,9 +3959,16 @@ ENGINE_load_cryptodev(void) memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD)); if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key; @@ -2035,5 +2035,5 @@ index 5f269e5..6ef1b15 100644 int (*finish)(RSA *rsa); /* called at free */ int flags; /* RSA_METHOD_FLAG_* things */ -- -1.7.9.7 +1.8.3.1 diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0010-Add-RSA-keygen-operation-and-support-gendsa-command-.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch similarity index 92% rename from meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0010-Add-RSA-keygen-operation-and-support-gendsa-command-.patch rename to meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch index 4eaaeaaa..5e742986 100644 --- a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0010-Add-RSA-keygen-operation-and-support-gendsa-command-.patch +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch @@ -1,22 +1,22 @@ -From a08f27a22d2c78f058b63dd2565925ca92ad08b2 Mon Sep 17 00:00:00 2001 +From e4fc051f8ae1c093b25ca346c2ec351ff3b700d1 Mon Sep 17 00:00:00 2001 From: Hou Zhiqiang Date: Wed, 2 Apr 2014 16:10:43 +0800 -Subject: [PATCH][fsl 10/15] Add RSA keygen operation and support gendsa - command with hardware engine +Subject: [PATCH 11/17] Add RSA keygen operation and support gendsa command + with hardware engine Upstream-status: Pending Signed-off-by: Hou Zhiqiang Tested-by: Cristian Stoica --- - crypto/engine/eng_cryptodev.c | 118 +++++++++++++++++++++++++++++++++++++++++ + crypto/engine/eng_cryptodev.c | 118 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 118 insertions(+) diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index e2d4c53..0a6567c 100644 +index 9f2416e..b2919a8 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c -@@ -1912,6 +1912,121 @@ err: +@@ -1906,6 +1906,121 @@ err: return dsaret; } @@ -138,7 +138,7 @@ index e2d4c53..0a6567c 100644 /* Cryptodev DSA Key Gen routine */ static int cryptodev_dsa_keygen(DSA *dsa) { -@@ -3905,6 +4020,9 @@ ENGINE_load_cryptodev(void) +@@ -3896,6 +4011,9 @@ ENGINE_load_cryptodev(void) cryptodev_rsa.rsa_mod_exp_async = cryptodev_rsa_nocrt_mod_exp_async; } @@ -149,5 +149,5 @@ index e2d4c53..0a6567c 100644 } -- -1.7.9.7 +1.8.3.1 diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0011-RSA-Keygen-Fix.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch similarity index 80% rename from meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0011-RSA-Keygen-Fix.patch rename to meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch index b2d636a4..44899733 100644 --- a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0011-RSA-Keygen-Fix.patch +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch @@ -1,7 +1,7 @@ -From f44fc935d5bc601cd625a64a366e64b19f2bb730 Mon Sep 17 00:00:00 2001 +From ac777f046da7151386d667391362ecb553ceee90 Mon Sep 17 00:00:00 2001 From: Yashpal Dutta Date: Wed, 16 Apr 2014 22:53:04 +0545 -Subject: [PATCH][fsl 11/15] RSA Keygen Fix +Subject: [PATCH 12/17] RSA Keygen Fix Upstream-status: Pending @@ -12,14 +12,14 @@ handled by software supported rsa_keygen handler Signed-off-by: Yashpal Dutta Tested-by: Cristian Stoica --- - crypto/engine/eng_cryptodev.c | 12 +++++++----- + crypto/engine/eng_cryptodev.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 0a6567c..5d54f7e 100644 +index b2919a8..ed5f20f 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c -@@ -1921,7 +1921,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) +@@ -1915,7 +1915,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) int i; if ((fd = get_asym_dev_crypto()) < 0) @@ -28,7 +28,7 @@ index 0a6567c..5d54f7e 100644 if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err; if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err; -@@ -1942,7 +1942,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) +@@ -1936,7 +1936,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) /* p length */ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char)); if (!kop.crk_param[kop.crk_iparams].crp_p) @@ -37,7 +37,7 @@ index 0a6567c..5d54f7e 100644 kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8; memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1); kop.crk_iparams++; -@@ -1950,7 +1950,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) +@@ -1944,7 +1944,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) /* q length */ kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char)); if (!kop.crk_param[kop.crk_iparams].crp_p) @@ -46,7 +46,7 @@ index 0a6567c..5d54f7e 100644 kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8; memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1); kop.crk_iparams++; -@@ -2015,8 +2015,10 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) +@@ -2009,8 +2009,10 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) } sw_try: { @@ -60,5 +60,5 @@ index 0a6567c..5d54f7e 100644 return ret; -- -1.7.9.7 +1.8.3.1 diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0012-Removed-local-copy-of-curve_t-type.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch similarity index 79% rename from meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0012-Removed-local-copy-of-curve_t-type.patch rename to meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch index 077b08e7..183f3fbd 100644 --- a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0012-Removed-local-copy-of-curve_t-type.patch +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch @@ -1,22 +1,22 @@ -From 7a6848210c3b2f42aed4de60646e0e63c0e35fcb Mon Sep 17 00:00:00 2001 +From 6aaa306cdf878250d7b6eaf30978de313653886b Mon Sep 17 00:00:00 2001 From: Yashpal Dutta Date: Thu, 17 Apr 2014 06:57:59 +0545 -Subject: [PATCH][fsl 12/15] Removed local copy of curve_t type +Subject: [PATCH 13/17] Removed local copy of curve_t type Upstream-status: Pending Signed-off-by: Yashpal Dutta Tested-by: Cristian Stoica --- - crypto/engine/eng_cryptodev.c | 34 ++++++++++++++-------------------- - crypto/engine/eng_cryptodev_ec.h | 7 ------- + crypto/engine/eng_cryptodev.c | 34 ++++++++++++++-------------------- + crypto/engine/eng_cryptodev_ec.h | 7 ------- 2 files changed, 14 insertions(+), 27 deletions(-) diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 5d54f7e..33447c8 100644 +index ed5f20f..5d883fa 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c -@@ -2404,12 +2404,6 @@ static ECDSA_METHOD cryptodev_ecdsa = { +@@ -2398,12 +2398,6 @@ static ECDSA_METHOD cryptodev_ecdsa = { NULL /* app_data */ }; @@ -29,7 +29,7 @@ index 5d54f7e..33447c8 100644 /* ENGINE handler for ECDSA Sign */ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) -@@ -2426,7 +2420,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, +@@ -2420,7 +2414,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, const BIGNUM *order = NULL, *priv_key=NULL; const EC_GROUP *group = NULL; struct crypt_kop kop; @@ -38,7 +38,7 @@ index 5d54f7e..33447c8 100644 memset(&kop, 0, sizeof(kop)); ecdsa = ecdsa_check(eckey); -@@ -2559,7 +2553,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, +@@ -2553,7 +2547,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, else goto err; } @@ -47,7 +47,7 @@ index 5d54f7e..33447c8 100644 } /* Calculation of Generator point */ -@@ -2653,7 +2647,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, +@@ -2647,7 +2641,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, const EC_POINT *pub_key = NULL; const BIGNUM *order = NULL; const EC_GROUP *group=NULL; @@ -56,7 +56,7 @@ index 5d54f7e..33447c8 100644 struct crypt_kop kop; memset(&kop, 0, sizeof kop); -@@ -2798,7 +2792,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, +@@ -2792,7 +2786,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, else goto err; } @@ -65,7 +65,7 @@ index 5d54f7e..33447c8 100644 } /* Calculation of Generator point */ -@@ -2899,7 +2893,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst, +@@ -2893,7 +2887,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst, const BIGNUM *order = NULL, *priv_key=NULL; const EC_GROUP *group = NULL; struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); @@ -74,7 +74,7 @@ index 5d54f7e..33447c8 100644 if (!(sig->r = BN_new()) || !kop) goto err; -@@ -3035,7 +3029,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst, +@@ -3029,7 +3023,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst, else goto err; } @@ -83,7 +83,7 @@ index 5d54f7e..33447c8 100644 } /* Calculation of Generator point */ -@@ -3111,7 +3105,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len, +@@ -3105,7 +3099,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len, const EC_POINT *pub_key = NULL; const BIGNUM *order = NULL; const EC_GROUP *group=NULL; @@ -92,7 +92,7 @@ index 5d54f7e..33447c8 100644 struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); if (!kop) -@@ -3253,7 +3247,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len, +@@ -3247,7 +3241,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len, /* copy b' i.e c(b), instead of only b */ eng_ec_get_cparam (EC_GROUP_get_curve_name(group), ab+q_len, q_len); @@ -101,7 +101,7 @@ index 5d54f7e..33447c8 100644 } /* Calculation of Generator point */ -@@ -3558,7 +3552,7 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen, +@@ -3552,7 +3546,7 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)) { @@ -110,7 +110,7 @@ index 5d54f7e..33447c8 100644 unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; BIGNUM * w_x = NULL, *w_y = NULL; int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; -@@ -3684,9 +3678,9 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen, +@@ -3678,9 +3672,9 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen, else goto err; } @@ -122,7 +122,7 @@ index 5d54f7e..33447c8 100644 priv_key_len = r_len; -@@ -3735,7 +3729,7 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen, +@@ -3729,7 +3723,7 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen), struct pkc_cookie_s *cookie) { @@ -131,7 +131,7 @@ index 5d54f7e..33447c8 100644 unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; BIGNUM * w_x = NULL, *w_y = NULL; int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; -@@ -3863,9 +3857,9 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen, +@@ -3857,9 +3851,9 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen, else goto err; } @@ -160,5 +160,5 @@ index 77aee71..a4b8da5 100644 -}; #endif -- -1.7.9.7 +1.8.3.1 diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0013-Modulus-parameter-is-not-populated-by-dhparams.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch similarity index 78% rename from meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0013-Modulus-parameter-is-not-populated-by-dhparams.patch rename to meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch index 11f06226..46846f8f 100644 --- a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0013-Modulus-parameter-is-not-populated-by-dhparams.patch +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch @@ -1,7 +1,7 @@ -From 8aabfeb1308188a46d3f370cd757de130e73eb9b Mon Sep 17 00:00:00 2001 +From 14623ca9e417ccef1ad3f4138acfac0ebe682f1f Mon Sep 17 00:00:00 2001 From: Yashpal Dutta Date: Tue, 22 Apr 2014 22:58:33 +0545 -Subject: [PATCH][fsl 13/15] Modulus parameter is not populated by dhparams +Subject: [PATCH 14/17] Modulus parameter is not populated by dhparams Upstream-status: Pending @@ -13,14 +13,14 @@ by private key generation Signed-off-by: Yashpal Dutta Tested-by: Cristian Stoica --- - crypto/engine/eng_cryptodev.c | 4 ++-- + crypto/engine/eng_cryptodev.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 33447c8..8de8f09 100644 +index 5d883fa..6d69336 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c -@@ -3370,7 +3370,7 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie) +@@ -3364,7 +3364,7 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie) kop->crk_op = CRK_DH_GENERATE_KEY; if (bn2crparam(dh->p, &kop->crk_param[0])) goto sw_try; @@ -29,7 +29,7 @@ index 33447c8..8de8f09 100644 goto sw_try; kop->crk_param[2].crp_p = g; kop->crk_param[2].crp_nbits = g_len * 8; -@@ -3425,7 +3425,7 @@ static int cryptodev_dh_keygen(DH *dh) +@@ -3419,7 +3419,7 @@ static int cryptodev_dh_keygen(DH *dh) kop.crk_op = CRK_DH_GENERATE_KEY; if (bn2crparam(dh->p, &kop.crk_param[0])) goto sw_try; @@ -39,5 +39,5 @@ index 33447c8..8de8f09 100644 kop.crk_param[2].crp_p = g; kop.crk_param[2].crp_nbits = g_len * 8; -- -1.7.9.7 +1.8.3.1 diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0014-SW-Backoff-mechanism-for-dsa-keygen.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch similarity index 77% rename from meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0014-SW-Backoff-mechanism-for-dsa-keygen.patch rename to meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch index e5aa1baa..c20f9d71 100644 --- a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0014-SW-Backoff-mechanism-for-dsa-keygen.patch +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch @@ -1,7 +1,7 @@ -From 8b1ed323d08dce8b6e303ce63a82337543e9187f Mon Sep 17 00:00:00 2001 +From 10be401a33e6ebcc325d6747914c70595cd53d0a Mon Sep 17 00:00:00 2001 From: Yashpal Dutta Date: Thu, 24 Apr 2014 00:35:34 +0545 -Subject: [PATCH][fsl 14/15] SW Backoff mechanism for dsa keygen +Subject: [PATCH 15/17] SW Backoff mechanism for dsa keygen Upstream-status: Pending @@ -12,14 +12,14 @@ keygen gives segmentation fault. Signed-off-by: Yashpal Dutta Tested-by: Cristian Stoica --- - crypto/engine/eng_cryptodev.c | 12 ++++++++---- + crypto/engine/eng_cryptodev.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 8de8f09..7c2661f 100644 +index 6d69336..dab8fea 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c -@@ -2075,8 +2075,10 @@ static int cryptodev_dsa_keygen(DSA *dsa) +@@ -2069,8 +2069,10 @@ static int cryptodev_dsa_keygen(DSA *dsa) return ret; sw_try: { @@ -32,7 +32,7 @@ index 8de8f09..7c2661f 100644 } return ret; } -@@ -2130,11 +2132,13 @@ static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie) +@@ -2124,11 +2126,13 @@ static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie) return ret; sw_try: { @@ -49,5 +49,5 @@ index 8de8f09..7c2661f 100644 } return ret; -- -1.7.9.7 +1.8.3.1 diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0015-Fixed-DH-keygen-pair-generator.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch similarity index 90% rename from meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0015-Fixed-DH-keygen-pair-generator.patch rename to meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch index 99e6094f..abcc2efc 100644 --- a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0015-Fixed-DH-keygen-pair-generator.patch +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch @@ -1,7 +1,7 @@ -From 9dfc18846063a110070782ede699c513b30257e5 Mon Sep 17 00:00:00 2001 +From d2c868c6370bcc0d0a254e641907da2cdf992d62 Mon Sep 17 00:00:00 2001 From: Yashpal Dutta Date: Thu, 1 May 2014 06:35:45 +0545 -Subject: [PATCH][fsl 15/15] Fixed DH keygen pair generator +Subject: [PATCH 16/17] Fixed DH keygen pair generator Upstream-status: Pending @@ -10,14 +10,14 @@ Wrong Padding results into keygen length error Signed-off-by: Yashpal Dutta Tested-by: Cristian Stoica --- - crypto/engine/eng_cryptodev.c | 50 +++++++++++++++++++++++++++-------------- + crypto/engine/eng_cryptodev.c | 50 ++++++++++++++++++++++++++++--------------- 1 file changed, 33 insertions(+), 17 deletions(-) diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 7c2661f..703eee4 100644 +index dab8fea..13d924f 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c -@@ -3402,44 +3402,60 @@ sw_try: +@@ -3396,44 +3396,60 @@ sw_try: static int cryptodev_dh_keygen(DH *dh) { struct crypt_kop kop; @@ -96,5 +96,5 @@ index 7c2661f..703eee4 100644 sw_try: { -- -1.7.9.7 +1.8.3.1 diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch new file mode 100644 index 00000000..a71bb456 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch @@ -0,0 +1,309 @@ +From 11b55103463bac614e00d74e9f196ec4ec6bade1 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Mon, 16 Jun 2014 14:06:21 +0300 +Subject: [PATCH 17/17] cryptodev: add support for aes-gcm algorithm offloading + +Change-Id: I3b77dc5ef8b8f707309549244a02852d95b36168 +Signed-off-by: Cristian Stoica +Reviewed-on: http://git.am.freescale.net:8181/17226 +--- + apps/speed.c | 6 +- + crypto/engine/eng_cryptodev.c | 229 +++++++++++++++++++++++++++++++++++++++++- + 2 files changed, 233 insertions(+), 2 deletions(-) + +diff --git a/apps/speed.c b/apps/speed.c +index 9886ca3..099dede 100644 +--- a/apps/speed.c ++++ b/apps/speed.c +@@ -224,7 +224,11 @@ + #endif + + #undef BUFSIZE +-#define BUFSIZE ((long)1024*8+1) ++/* The buffer overhead allows GCM tag at the end of the encrypted data. This ++ avoids buffer overflows from cryptodev since Linux kernel GCM ++ implementation allways adds the tag - unlike e_aes.c:aes_gcm_cipher() ++ which doesn't */ ++#define BUFSIZE ((long)1024*8 + EVP_GCM_TLS_TAG_LEN) + int run=0; + + static int mr=0; +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index 13d924f..4493490 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -78,8 +78,10 @@ struct dev_crypto_state { + struct session_op d_sess; + int d_fd; + unsigned char *aad; +- unsigned int aad_len; ++ int aad_len; + unsigned int len; ++ unsigned char *iv; ++ int ivlen; + + #ifdef USE_CRYPTODEV_DIGESTS + char dummy_mac_key[HASH_MAX_LEN]; +@@ -251,6 +253,7 @@ static struct { + { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0}, + { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20}, + { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20}, ++ { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0}, + { 0, NID_undef, 0, 0, 0}, + }; + +@@ -271,6 +274,19 @@ static struct { + }; + #endif + ++/* increment counter (64-bit int) by 1 */ ++static void ctr64_inc(unsigned char *counter) { ++ int n=8; ++ unsigned char c; ++ ++ do { ++ --n; ++ c = counter[n]; ++ ++c; ++ counter[n] = c; ++ if (c) return; ++ } while (n); ++} + /* + * Return a fd if /dev/crypto seems usable, 0 otherwise. + */ +@@ -762,6 +778,197 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + } + } + ++static int cryptodev_init_gcm_key(EVP_CIPHER_CTX *ctx, ++ const unsigned char *key, const unsigned char *iv, int enc) ++{ ++ struct dev_crypto_state *state = ctx->cipher_data; ++ struct session_op *sess = &state->d_sess; ++ int cipher = -1, i; ++ if (!iv && !key) ++ return 1; ++ ++ if (iv) ++ memcpy(ctx->iv, iv, ctx->cipher->iv_len); ++ ++ for (i = 0; ciphers[i].id; i++) ++ if (ctx->cipher->nid == ciphers[i].nid && ++ ctx->cipher->iv_len <= ciphers[i].ivmax && ++ ctx->key_len == ciphers[i].keylen) { ++ cipher = ciphers[i].id; ++ break; ++ } ++ ++ if (!ciphers[i].id) { ++ state->d_fd = -1; ++ return 0; ++ } ++ ++ memset(sess, 0, sizeof(struct session_op)); ++ ++ if ((state->d_fd = get_dev_crypto()) < 0) ++ return 0; ++ ++ sess->key = (unsigned char *) key; ++ sess->keylen = ctx->key_len; ++ sess->cipher = cipher; ++ ++ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { ++ put_dev_crypto(state->d_fd); ++ state->d_fd = -1; ++ return 0; ++ } ++ return 1; ++} ++ ++static int cryptodev_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ struct crypt_auth_op cryp = {0}; ++ struct dev_crypto_state *state = ctx->cipher_data; ++ struct session_op *sess = &state->d_sess; ++ int rv = len; ++ ++ if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ? ++ EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV, ++ EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) ++ return 0; ++ ++ in += EVP_GCM_TLS_EXPLICIT_IV_LEN; ++ out += EVP_GCM_TLS_EXPLICIT_IV_LEN; ++ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; ++ ++ if (ctx->encrypt) { ++ len -= EVP_GCM_TLS_TAG_LEN; ++ } ++ cryp.ses = sess->ses; ++ cryp.len = len; ++ cryp.src = (unsigned char*) in; ++ cryp.dst = out; ++ cryp.auth_src = state->aad; ++ cryp.auth_len = state->aad_len; ++ cryp.iv = ctx->iv; ++ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; ++ ++ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) { ++ return 0; ++ } ++ ++ if (ctx->encrypt) ++ ctr64_inc(state->iv + state->ivlen - 8); ++ else ++ rv = len - EVP_GCM_TLS_TAG_LEN; ++ ++ return rv; ++} ++ ++static int cryptodev_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ struct crypt_auth_op cryp; ++ struct dev_crypto_state *state = ctx->cipher_data; ++ struct session_op *sess = &state->d_sess; ++ ++ if (state->d_fd < 0) ++ return 0; ++ ++ if ((len % ctx->cipher->block_size) != 0) ++ return 0; ++ ++ if (state->aad_len >= 0) ++ return cryptodev_gcm_tls_cipher(ctx, out, in, len); ++ ++ memset(&cryp, 0, sizeof(cryp)); ++ ++ cryp.ses = sess->ses; ++ cryp.len = len; ++ cryp.src = (unsigned char*) in; ++ cryp.dst = out; ++ cryp.auth_src = NULL; ++ cryp.auth_len = 0; ++ cryp.iv = ctx->iv; ++ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; ++ ++ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) { ++ return 0; ++ } ++ ++ return len; ++} ++ ++static int cryptodev_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, ++ void *ptr) ++{ ++ struct dev_crypto_state *state = ctx->cipher_data; ++ switch (type) { ++ case EVP_CTRL_INIT: ++ { ++ state->ivlen = ctx->cipher->iv_len; ++ state->iv = ctx->iv; ++ state->aad_len = -1; ++ return 1; ++ } ++ case EVP_CTRL_GCM_SET_IV_FIXED: ++ { ++ /* Special case: -1 length restores whole IV */ ++ if (arg == -1) ++ { ++ memcpy(state->iv, ptr, state->ivlen); ++ return 1; ++ } ++ /* Fixed field must be at least 4 bytes and invocation field ++ * at least 8. ++ */ ++ if ((arg < 4) || (state->ivlen - arg) < 8) ++ return 0; ++ if (arg) ++ memcpy(state->iv, ptr, arg); ++ if (ctx->encrypt && ++ RAND_bytes(state->iv + arg, state->ivlen - arg) <= 0) ++ return 0; ++ return 1; ++ } ++ case EVP_CTRL_AEAD_TLS1_AAD: ++ { ++ unsigned int len; ++ if (arg != 13) ++ return 0; ++ ++ memcpy(ctx->buf, ptr, arg); ++ len=ctx->buf[arg-2] << 8 | ctx->buf[arg-1]; ++ ++ /* Correct length for explicit IV */ ++ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; ++ ++ /* If decrypting correct for tag too */ ++ if (!ctx->encrypt) ++ len -= EVP_GCM_TLS_TAG_LEN; ++ ++ ctx->buf[arg-2] = len >> 8; ++ ctx->buf[arg-1] = len & 0xff; ++ ++ state->aad = ctx->buf; ++ state->aad_len = arg; ++ state->len = len; ++ ++ /* Extra padding: tag appended to record */ ++ return EVP_GCM_TLS_TAG_LEN; ++ } ++ case EVP_CTRL_GCM_SET_IV_INV: ++ { ++ if (ctx->encrypt) ++ return 0; ++ memcpy(state->iv + state->ivlen - arg, ptr, arg); ++ return 1; ++ } ++ case EVP_CTRL_GCM_IV_GEN: ++ if (arg <= 0 || arg > state->ivlen) ++ arg = state->ivlen; ++ memcpy(ptr, state->iv + state->ivlen - arg, arg); ++ return 1; ++ default: ++ return -1; ++ } ++} + /* + * libcrypto EVP stuff - this is how we get wired to EVP so the engine + * gets called when libcrypto requests a cipher NID. +@@ -901,6 +1108,23 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = { + cryptodev_cbc_hmac_sha1_ctrl, + NULL + }; ++ ++const EVP_CIPHER cryptodev_aes_128_gcm = { ++ NID_aes_128_gcm, ++ 1, 16, 12, ++ EVP_CIPH_GCM_MODE | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1 \ ++ | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ ++ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT, ++ cryptodev_init_gcm_key, ++ cryptodev_gcm_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ cryptodev_gcm_ctrl, ++ NULL ++}; ++ + /* + * Registered by the ENGINE when used to find out how to deal with + * a particular NID in the ENGINE. this says what we'll do at the +@@ -944,6 +1168,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, + case NID_aes_256_cbc_hmac_sha1: + *cipher = &cryptodev_aes_256_cbc_hmac_sha1; + break; ++ case NID_aes_128_gcm: ++ *cipher = &cryptodev_aes_128_gcm; ++ break; + default: + *cipher = NULL; + break; +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-fix-doc.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-fix-doc.patch deleted file mode 100644 index 451256ea..00000000 --- a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-fix-doc.patch +++ /dev/null @@ -1,401 +0,0 @@ -Fix documentation build errors with Perl 5.18 pod2man - -This fixes errors building man pages with newer versions of pod2man -included with Perl 5.18. - -Upstream-Status: Submitted -Signed-off-by: Jonathan Liu - -Index: openssl-1.0.1f/doc/apps/cms.pod -=================================================================== ---- openssl-1.0.1f.orig/doc/apps/cms.pod 2014-01-06 15:47:42.000000000 +0200 -+++ openssl-1.0.1f/doc/apps/cms.pod 2014-02-28 10:13:51.899979213 +0200 -@@ -450,28 +450,28 @@ - - =over 4 - --=item 0 -+=item Z<>0 - - the operation was completely successfully. - --=item 1 -+=item Z<>1 - - an error occurred parsing the command options. - --=item 2 -+=item Z<>2 - - one of the input files could not be read. - --=item 3 -+=item Z<>3 - - an error occurred creating the CMS file or when reading the MIME - message. - --=item 4 -+=item Z<>4 - - an error occurred decrypting or verifying the message. - --=item 5 -+=item Z<>5 - - the message was verified correctly but an error occurred writing out - the signers certificates. -Index: openssl-1.0.1f/doc/apps/smime.pod -=================================================================== ---- openssl-1.0.1f.orig/doc/apps/smime.pod 2014-01-06 15:47:42.000000000 +0200 -+++ openssl-1.0.1f/doc/apps/smime.pod 2014-02-28 10:16:57.795979233 +0200 -@@ -308,28 +308,28 @@ - - =over 4 - --=item 0 -+=item Z<>0 - - the operation was completely successfully. - --=item 1 -+=item Z<>1 - - an error occurred parsing the command options. - --=item 2 -+=item Z<>2 - - one of the input files could not be read. - --=item 3 -+=item Z<>3 - - an error occurred creating the PKCS#7 file or when reading the MIME - message. - --=item 4 -+=item Z<>4 - - an error occurred decrypting or verifying the message. - --=item 5 -+=item Z<>5 - - the message was verified correctly but an error occurred writing out - the signers certificates. -Index: openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod -=================================================================== ---- openssl-1.0.1f.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2014-01-06 15:47:42.000000000 +0200 -+++ openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod 2014-02-28 10:18:09.679979225 +0200 -@@ -53,11 +53,11 @@ - - =over 4 - --=item 0 -+=item Z<>0 - - The operation succeeded. - --=item 1 -+=item Z<>1 - - The operation failed. Check the error queue to find out the reason. - -Index: openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod -=================================================================== ---- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_add_session.pod 2014-01-06 15:47:42.000000000 +0200 -+++ openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod 2014-02-28 10:18:42.687979221 +0200 -@@ -52,13 +52,13 @@ - - =over 4 - --=item 0 -+=item Z<>0 - - The operation failed. In case of the add operation, it was tried to add - the same (identical) session twice. In case of the remove operation, the - session was not found in the cache. - --=item 1 -+=item Z<>1 - - The operation succeeded. - -Index: openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod -=================================================================== ---- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_load_verify_locations.pod 2014-01-06 15:47:42.000000000 +0200 -+++ openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod 2014-02-28 10:19:09.079979218 +0200 -@@ -100,13 +100,13 @@ - - =over 4 - --=item 0 -+=item Z<>0 - - The operation failed because B and B are NULL or the - processing at one of the locations specified failed. Check the error - stack to find out the reason. - --=item 1 -+=item Z<>1 - - The operation succeeded. - -Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod -=================================================================== ---- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod 2014-01-06 15:47:42.000000000 +0200 -+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod 2014-02-28 10:19:42.999979220 +0200 -@@ -66,13 +66,13 @@ - - =over 4 - --=item 0 -+=item Z<>0 - - A failure while manipulating the STACK_OF(X509_NAME) object occurred or - the X509_NAME could not be extracted from B. Check the error stack - to find out the reason. - --=item 1 -+=item Z<>1 - - The operation succeeded. - -Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod -=================================================================== ---- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_session_id_context.pod 2014-01-06 15:47:42.000000000 +0200 -+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod 2014-02-28 10:20:06.495979211 +0200 -@@ -64,13 +64,13 @@ - - =over 4 - --=item 0 -+=item Z<>0 - - The length B of the session id context B exceeded - the maximum allowed length of B. The error - is logged to the error stack. - --=item 1 -+=item Z<>1 - - The operation succeeded. - -Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod -=================================================================== ---- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_ssl_version.pod 2014-01-06 15:47:42.000000000 +0200 -+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod 2014-02-28 10:20:32.111979208 +0200 -@@ -42,11 +42,11 @@ - - =over 4 - --=item 0 -+=item Z<>0 - - The new choice failed, check the error stack to find out the reason. - --=item 1 -+=item Z<>1 - - The operation succeeded. - -Index: openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod -=================================================================== ---- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2014-01-06 15:47:42.000000000 +0200 -+++ openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2014-02-28 10:21:12.351979203 +0200 -@@ -96,7 +96,7 @@ - connection will fail with decryption_error before it will be finished - completely. - --=item 0 -+=item Z<>0 - - PSK identity was not found. An "unknown_psk_identity" alert message - will be sent and the connection setup fails. -Index: openssl-1.0.1f/doc/ssl/SSL_accept.pod -=================================================================== ---- openssl-1.0.1f.orig/doc/ssl/SSL_accept.pod 2014-01-06 15:47:42.000000000 +0200 -+++ openssl-1.0.1f/doc/ssl/SSL_accept.pod 2014-02-28 10:21:51.535979215 +0200 -@@ -44,13 +44,13 @@ - - =over 4 - --=item 0 -+=item Z<>0 - - The TLS/SSL handshake was not successful but was shut down controlled and - by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the - return value B to find out the reason. - --=item 1 -+=item Z<>1 - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. -Index: openssl-1.0.1f/doc/ssl/SSL_clear.pod -=================================================================== ---- openssl-1.0.1f.orig/doc/ssl/SSL_clear.pod 2014-01-06 15:47:42.000000000 +0200 -+++ openssl-1.0.1f/doc/ssl/SSL_clear.pod 2014-02-28 10:22:13.087979196 +0200 -@@ -56,12 +56,12 @@ - - =over 4 - --=item 0 -+=item Z<>0 - - The SSL_clear() operation could not be performed. Check the error stack to - find out the reason. - --=item 1 -+=item Z<>1 - - The SSL_clear() operation was successful. - -Index: openssl-1.0.1f/doc/ssl/SSL_connect.pod -=================================================================== ---- openssl-1.0.1f.orig/doc/ssl/SSL_connect.pod 2014-01-06 15:47:42.000000000 +0200 -+++ openssl-1.0.1f/doc/ssl/SSL_connect.pod 2014-02-28 10:22:33.991979193 +0200 -@@ -41,13 +41,13 @@ - - =over 4 - --=item 0 -+=item Z<>0 - - The TLS/SSL handshake was not successful but was shut down controlled and - by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the - return value B to find out the reason. - --=item 1 -+=item Z<>1 - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. -Index: openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod -=================================================================== ---- openssl-1.0.1f.orig/doc/ssl/SSL_do_handshake.pod 2014-01-06 15:47:42.000000000 +0200 -+++ openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod 2014-02-28 10:22:56.887979159 +0200 -@@ -45,13 +45,13 @@ - - =over 4 - --=item 0 -+=item Z<>0 - - The TLS/SSL handshake was not successful but was shut down controlled and - by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the - return value B to find out the reason. - --=item 1 -+=item Z<>1 - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. -Index: openssl-1.0.1f/doc/ssl/SSL_read.pod -=================================================================== ---- openssl-1.0.1f.orig/doc/ssl/SSL_read.pod 2014-01-06 15:47:42.000000000 +0200 -+++ openssl-1.0.1f/doc/ssl/SSL_read.pod 2014-02-28 10:23:15.303979188 +0200 -@@ -86,7 +86,7 @@ - The read operation was successful; the return value is the number of - bytes actually read from the TLS/SSL connection. - --=item 0 -+=item Z<>0 - - The read operation was not successful. The reason may either be a clean - shutdown due to a "close notify" alert sent by the peer (in which case -Index: openssl-1.0.1f/doc/ssl/SSL_session_reused.pod -=================================================================== ---- openssl-1.0.1f.orig/doc/ssl/SSL_session_reused.pod 2014-01-06 15:47:42.000000000 +0200 -+++ openssl-1.0.1f/doc/ssl/SSL_session_reused.pod 2014-02-28 10:23:36.615979186 +0200 -@@ -27,11 +27,11 @@ - - =over 4 - --=item 0 -+=item Z<>0 - - A new session was negotiated. - --=item 1 -+=item Z<>1 - - A session was reused. - -Index: openssl-1.0.1f/doc/ssl/SSL_set_fd.pod -=================================================================== ---- openssl-1.0.1f.orig/doc/ssl/SSL_set_fd.pod 2014-01-06 15:47:42.000000000 +0200 -+++ openssl-1.0.1f/doc/ssl/SSL_set_fd.pod 2014-02-28 10:23:57.599979183 +0200 -@@ -35,11 +35,11 @@ - - =over 4 - --=item 0 -+=item Z<>0 - - The operation failed. Check the error stack to find out why. - --=item 1 -+=item Z<>1 - - The operation succeeded. - -Index: openssl-1.0.1f/doc/ssl/SSL_set_session.pod -=================================================================== ---- openssl-1.0.1f.orig/doc/ssl/SSL_set_session.pod 2014-01-06 15:47:42.000000000 +0200 -+++ openssl-1.0.1f/doc/ssl/SSL_set_session.pod 2014-02-28 10:24:16.943979181 +0200 -@@ -37,11 +37,11 @@ - - =over 4 - --=item 0 -+=item Z<>0 - - The operation failed; check the error stack to find out the reason. - --=item 1 -+=item Z<>1 - - The operation succeeded. - -Index: openssl-1.0.1f/doc/ssl/SSL_shutdown.pod -=================================================================== ---- openssl-1.0.1f.orig/doc/ssl/SSL_shutdown.pod 2014-01-06 15:47:42.000000000 +0200 -+++ openssl-1.0.1f/doc/ssl/SSL_shutdown.pod 2014-02-28 10:25:03.623979175 +0200 -@@ -92,19 +92,19 @@ - - =over 4 - --=item 0 -+=item Z<>0 - - The shutdown is not yet finished. Call SSL_shutdown() for a second time, - if a bidirectional shutdown shall be performed. - The output of L may be misleading, as an - erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred. - --=item 1 -+=item Z<>1 - - The shutdown was successfully completed. The "close notify" alert was sent - and the peer's "close notify" alert was received. - --=item -1 -+=item Z<>-1 - - The shutdown was not successful because a fatal error occurred either - at the protocol level or a connection failure occurred. It can also occur if -Index: openssl-1.0.1f/doc/ssl/SSL_write.pod -=================================================================== ---- openssl-1.0.1f.orig/doc/ssl/SSL_write.pod 2014-01-06 15:47:42.000000000 +0200 -+++ openssl-1.0.1f/doc/ssl/SSL_write.pod 2014-02-28 10:25:36.031979168 +0200 -@@ -79,7 +79,7 @@ - The write operation was successful, the return value is the number of - bytes actually written to the TLS/SSL connection. - --=item 0 -+=item Z<>0 - - The write operation was not successful. Probably the underlying connection - was closed. Call SSL_get_error() with the return value B to find out, diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl_1.0.1g.bb b/meta-fsl-ppc/recipes-connectivity/openssl/openssl_1.0.1i.bb similarity index 100% rename from meta-fsl-ppc/recipes-connectivity/openssl/openssl_1.0.1g.bb rename to meta-fsl-ppc/recipes-connectivity/openssl/openssl_1.0.1i.bb diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl_1.0.1g.bbappend b/meta-fsl-ppc/recipes-connectivity/openssl/openssl_1.0.1i.bbappend similarity index 63% rename from meta-fsl-ppc/recipes-connectivity/openssl/openssl_1.0.1g.bbappend rename to meta-fsl-ppc/recipes-connectivity/openssl/openssl_1.0.1i.bbappend index ab1985bb..89d7339a 100644 --- a/meta-fsl-ppc/recipes-connectivity/openssl/openssl_1.0.1g.bbappend +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl_1.0.1i.bbappend @@ -5,23 +5,25 @@ RDEPENDS_${PN}_class-target += "cryptodev-module" # base package is taken from Freescale repository SRCBRANCH = "OpenSSL_1_0_1-stable" SRC_URI = "git://git.openssl.org/openssl.git;branch=${SRCBRANCH} \ - file://0001-remove-double-initialization-of-cryptodev-engine.patch \ - file://0002-ECC-Support-header-for-Cryptodev-Engine.patch \ - file://0003-add-support-for-TLS-algorithms-offload.patch \ - file://0004-Fixed-private-key-support-for-DH.patch \ - file://0005-Fixed-private-key-support-for-DH.patch \ - file://0006-Initial-support-for-PKC-in-cryptodev-engine.patch \ - file://0007-Added-hwrng-dev-file-as-source-of-RNG.patch \ - file://0008-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch \ - file://0009-eng_cryptodev-extend-TLS-offload-with-new-algorithms.patch \ - file://0010-Add-RSA-keygen-operation-and-support-gendsa-command-.patch \ - file://0011-RSA-Keygen-Fix.patch \ - file://0012-Removed-local-copy-of-curve_t-type.patch \ - file://0013-Modulus-parameter-is-not-populated-by-dhparams.patch \ - file://0014-SW-Backoff-mechanism-for-dsa-keygen.patch \ - file://0015-Fixed-DH-keygen-pair-generator.patch \ + file://0001-remove-double-initialization-of-cryptodev-engine.patch \ + file://0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch \ + file://0003-cryptodev-fix-algorithm-registration.patch \ + file://0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch \ + file://0005-ECC-Support-header-for-Cryptodev-Engine.patch \ + file://0006-Fixed-private-key-support-for-DH.patch \ + file://0007-Fixed-private-key-support-for-DH.patch \ + file://0008-Initial-support-for-PKC-in-cryptodev-engine.patch \ + file://0009-Added-hwrng-dev-file-as-source-of-RNG.patch \ + file://0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch \ + file://0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch \ + file://0012-RSA-Keygen-Fix.patch \ + file://0013-Removed-local-copy-of-curve_t-type.patch \ + file://0014-Modulus-parameter-is-not-populated-by-dhparams.patch \ + file://0015-SW-Backoff-mechanism-for-dsa-keygen.patch \ + file://0016-Fixed-DH-keygen-pair-generator.patch \ + file://0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch \ " -SRCREV = "b2d951e4232d2f90168f9a3dd0b7df9ecf2d81a8" +SRCREV = "2b456034457b58454aae3998a2765b6a5b9bc837" SRC_URI += "file://configure-targets.patch \ file://shared-libs.patch \ @@ -39,7 +41,6 @@ SRC_URI += "file://configure-targets.patch \ file://debian/no-symbolic.patch \ file://debian/debian-targets.patch \ file://openssl_fix_for_x32.patch \ - file://openssl-fix-doc.patch \ file://fix-cipher-des-ede3-cfb1.patch \ file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \ -- 2.40.1