OpenSSL 1.0 is no longer supported or maintained, dropped from upstream. Signed-off-by: Denys Dmytriyenko <[email protected]> --- ...1-Add-AF_ALG-interface-support-to-OpenSSL.patch | 578 --------------------- ...todev-Fix-issue-with-signature-generation.patch | 445 ---------------- ...cryptodev.c-to-make-SHA1-and-MD5-work-wit.patch | 59 --- ...0002-cryptodev-allow-copying-EVP-contexts.patch | 202 ------- .../openssl10/0004-Sample-AF_ALG-openssl.cnf.patch | 36 -- ...ev-Add-SHA224-initialization-to-cryptodev.patch | 27 - ...dd-AES-CBC-CTR-modes-for-128-192-256-bit-.patch | 142 ----- .../openssl/openssl10_%.bbappend | 27 - 8 files changed, 1516 deletions(-) delete mode 100644 meta-arago-distro/recipes-connectivity/openssl/openssl10/0001-Add-AF_ALG-interface-support-to-OpenSSL.patch delete mode 100644 meta-arago-distro/recipes-connectivity/openssl/openssl10/0001-cryptodev-Fix-issue-with-signature-generation.patch delete mode 100644 meta-arago-distro/recipes-connectivity/openssl/openssl10/0002-Modify-eng_cryptodev.c-to-make-SHA1-and-MD5-work-wit.patch delete mode 100644 meta-arago-distro/recipes-connectivity/openssl/openssl10/0002-cryptodev-allow-copying-EVP-contexts.patch delete mode 100644 meta-arago-distro/recipes-connectivity/openssl/openssl10/0004-Sample-AF_ALG-openssl.cnf.patch delete mode 100644 meta-arago-distro/recipes-connectivity/openssl/openssl10/0009-eng_cryptodev-Add-SHA224-initialization-to-cryptodev.patch delete mode 100644 meta-arago-distro/recipes-connectivity/openssl/openssl10/0011-cryptodev-Add-AES-CBC-CTR-modes-for-128-192-256-bit-.patch delete mode 100644 meta-arago-distro/recipes-connectivity/openssl/openssl10_%.bbappend
diff --git a/meta-arago-distro/recipes-connectivity/openssl/openssl10/0001-Add-AF_ALG-interface-support-to-OpenSSL.patch b/meta-arago-distro/recipes-connectivity/openssl/openssl10/0001-Add-AF_ALG-interface-support-to-OpenSSL.patch deleted file mode 100644 index f10bc5d..0000000 --- a/meta-arago-distro/recipes-connectivity/openssl/openssl10/0001-Add-AF_ALG-interface-support-to-OpenSSL.patch +++ /dev/null @@ -1,578 +0,0 @@ -From 71ca205e8798c04b39b8a9981a05d6ec97b4df2c Mon Sep 17 00:00:00 2001 -From: Joel A Fernandes <[email protected]> -Date: Fri, 29 Mar 2013 07:58:44 -0500 -Subject: [PATCH 01/11] Add AF_ALG interface support to OpenSSL. - -Kernel uses AF_ALG interface to directly talk to crypto API as an alternative to the -out-of-kernel-tree OCF/cryptodev interfaces. Add af_alg engine support to OpenSSL. - -Signed-off-by: Joel A Fernandes <[email protected]> ---- - engines/Makefile | 8 +- - engines/e_af_alg.c | 521 +++++++++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 526 insertions(+), 3 deletions(-) - create mode 100644 engines/e_af_alg.c - -diff --git a/engines/Makefile b/engines/Makefile -index 2fa9534..f46c9f5 100644 ---- a/engines/Makefile -+++ b/engines/Makefile -@@ -26,7 +26,7 @@ TEST= - APPS= - - LIB=$(TOP)/libcrypto.a --LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi -+LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi af_alg - - LIBSRC= e_4758cca.c \ - e_aep.c \ -@@ -38,7 +38,8 @@ LIBSRC= e_4758cca.c \ - e_sureware.c \ - e_ubsec.c \ - e_padlock.c \ -- e_capi.c -+ e_capi.c \ -+ e_af_alg.c - LIBOBJ= e_4758cca.o \ - e_aep.o \ - e_atalla.o \ -@@ -49,7 +50,8 @@ LIBOBJ= e_4758cca.o \ - e_sureware.o \ - e_ubsec.o \ - e_padlock.o \ -- e_capi.o -+ e_capi.o \ -+ e_af_alg.o - - SRC= $(LIBSRC) - -diff --git a/engines/e_af_alg.c b/engines/e_af_alg.c -new file mode 100644 -index 0000000..e253e07 ---- /dev/null -+++ b/engines/e_af_alg.c -@@ -0,0 +1,521 @@ -+/* Written by Markus Koetter ([email protected]) for the OpenSSL -+ * project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * [email protected]. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ */ -+ -+#include <stdio.h> -+#include <stdlib.h> -+#include <stdint.h> -+#include <assert.h> -+#include <memory.h> -+#include <openssl/aes.h> -+#include <openssl/engine.h> -+#include <sys/socket.h> -+#include <linux/if_alg.h> -+#include <unistd.h> -+#include <sys/param.h> -+#include <ctype.h> -+#include <stdbool.h> -+ -+#ifndef AF_ALG -+#define AF_ALG 38 -+#endif -+ -+#ifndef SOL_ALG -+#define SOL_ALG 279 -+#endif -+ -+/* Socket options */ -+#define ALG_SET_KEY 1 -+#define ALG_SET_IV 2 -+#define ALG_SET_OP 3 -+ -+/* Operations */ -+#define ALG_OP_DECRYPT 0 -+#define ALG_OP_ENCRYPT 1 -+ -+#define AES_KEY_SIZE_128 16 -+#define AES_KEY_SIZE_192 24 -+#define AES_KEY_SIZE_256 32 -+ -+static int af_alg_ciphers (ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); -+static int af_alg_aes_ciphers(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, const unsigned char *in_arg, unsigned int nbytes); -+ -+static int af_alg_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); -+ -+#define DYNAMIC_ENGINE -+#define AF_ALG_ENGINE_ID "af_alg" -+#define AF_ALG_ENGINE_NAME "use AF_ALG for AES crypto" -+ -+#define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE -+ -+static bool nid_in_nids(int nid, int nids[], int num) -+{ -+ int i=0; -+ for( i=0;i<num;i++ ) -+ if( nids[i] == nid ) -+ return true; -+ return false; -+} -+ -+struct af_alg_cipher_data -+{ -+ int tfmfd; -+ int op; -+ __u32 type; -+}; -+ -+static int af_alg_cipher_all_nids[] = { -+ NID_aes_128_cbc, -+ NID_aes_192_cbc, -+ NID_aes_256_cbc, -+}; -+static int af_alg_cipher_all_nids_num = (sizeof(af_alg_cipher_all_nids)/sizeof(af_alg_cipher_all_nids[0])); -+static int *af_alg_digest_nids = NULL; -+static int af_alg_digest_nids_num = 0; -+ -+static int af_alg_digest_all_nids[] = { -+ NID_sha1, -+}; -+static int af_alg_digest_all_nids_num = sizeof(af_alg_digest_all_nids)/sizeof(af_alg_digest_all_nids[0]); -+static int *af_alg_cipher_nids = NULL; -+static int af_alg_cipher_nids_num = 0; -+ -+ -+int af_alg_init(ENGINE * engine) -+{ -+ int sock; -+ if((sock = socket(AF_ALG, SOCK_SEQPACKET, 0)) == -1) -+ return 0; -+ close(sock); -+ return 1; -+} -+ -+int af_alg_finish(ENGINE * engine) -+{ -+ return 1; -+} -+/* The definitions for control commands specific to this engine */ -+#define AF_ALG_CMD_CIPHERS ENGINE_CMD_BASE -+#define AF_ALG_CMD_DIGESTS (ENGINE_CMD_BASE + 1) -+ -+static const ENGINE_CMD_DEFN af_alg_cmd_defns[] = { -+ {AF_ALG_CMD_CIPHERS,"CIPHERS","which ciphers to run",ENGINE_CMD_FLAG_STRING}, -+ {AF_ALG_CMD_DIGESTS,"DIGESTS","which digests to run",ENGINE_CMD_FLAG_STRING}, -+ {0, NULL, NULL, 0} -+}; -+static int cipher_nid(const EVP_CIPHER *c) -+{ -+ return EVP_CIPHER_nid(c); -+} -+static int digest_nid(const EVP_MD *d) -+{ -+ return EVP_MD_type(d); -+} -+static bool names_to_nids(const char *names, const void*(*by_name)(const char *), int (*to_nid)(const void *), int **rnids, int *rnum, int *nids, int num) -+{ -+ char *str, *r; -+ char *c = NULL; -+ r = str = strdup(names); -+ while( (c = strtok_r(r, " ", &r)) != NULL ) -+ { -+ const void *ec = by_name(c); -+ if( ec == NULL ) -+ /* the cipher/digest is unknown */ -+ return false; -+ -+ if( nid_in_nids(to_nid(ec), nids, num) == false ) -+ /* we do not support the cipher */ -+ return false; -+ -+ if((*rnids = realloc(*rnids, (*rnum+1)*sizeof(int))) == NULL) -+ return false; -+ (*rnids)[*rnum]=to_nid(ec); -+ *rnum = *rnum+1; -+ } -+ return true; -+} -+ -+static int af_alg_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) -+{ -+ OpenSSL_add_all_algorithms(); -+ switch( cmd ) -+ { -+ case AF_ALG_CMD_CIPHERS: -+ if( p == NULL ) -+ return 1; -+ if( names_to_nids(p, (void *)EVP_get_cipherbyname, (void *)cipher_nid, &af_alg_cipher_nids, &af_alg_cipher_nids_num, af_alg_cipher_all_nids, af_alg_cipher_all_nids_num) == false ) -+ return 0; -+ ENGINE_unregister_ciphers(e); -+ ENGINE_register_ciphers(e); -+ return 1; -+ case AF_ALG_CMD_DIGESTS: -+ if( p == NULL ) -+ return 1; -+ if( names_to_nids(p, (void *)EVP_get_digestbyname, (void *)digest_nid, &af_alg_digest_nids, &af_alg_digest_nids_num, af_alg_digest_all_nids, af_alg_digest_all_nids_num) == false ) -+ return 0; -+ ENGINE_unregister_digests(e); -+ ENGINE_register_digests(e); -+ return 1; -+ default: -+ break; -+ } -+ return 0; -+} -+ -+static int af_alg_bind_helper(ENGINE * e) -+{ -+ if( !ENGINE_set_id(e, AF_ALG_ENGINE_ID) || -+ !ENGINE_set_init_function(e, af_alg_init) || -+ !ENGINE_set_finish_function(e, af_alg_finish) || -+ !ENGINE_set_name(e, AF_ALG_ENGINE_NAME) || -+ !ENGINE_set_ciphers (e, af_alg_ciphers) || -+ !ENGINE_set_digests (e, af_alg_digests) || -+ !ENGINE_set_ctrl_function(e, af_alg_ctrl) || -+ !ENGINE_set_cmd_defns(e, af_alg_cmd_defns)) -+ return 0; -+ return 1; -+} -+ -+ENGINE *ENGINE_af_alg(void) -+{ -+ ENGINE *eng = ENGINE_new(); -+ if( !eng ) -+ return NULL; -+ -+ if( !af_alg_bind_helper(eng) ) -+ { -+ ENGINE_free(eng); -+ return NULL; -+ } -+ return eng; -+} -+ -+static int af_alg_bind_fn(ENGINE *e, const char *id) -+{ -+ if( id && (strcmp(id, AF_ALG_ENGINE_ID) != 0) ) -+ return 0; -+ -+ if( !af_alg_bind_helper(e) ) -+ return 0; -+ -+ return 1; -+} -+ -+IMPLEMENT_DYNAMIC_CHECK_FN() -+IMPLEMENT_DYNAMIC_BIND_FN(af_alg_bind_fn) -+ -+static int af_alg_aes_init_key (EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) -+{ -+ int keylen = EVP_CIPHER_CTX_key_length(ctx); -+ struct af_alg_cipher_data *acd = (struct af_alg_cipher_data *)ctx->cipher_data; -+ -+ struct sockaddr_alg sa = { -+ .salg_family = AF_ALG, -+ .salg_type = "skcipher", -+ .salg_name = "cbc(aes)", -+ }; -+ -+ acd->op = -1; -+ -+ if( ctx->encrypt ) -+ acd->type = ALG_OP_ENCRYPT; -+ else -+ acd->type = ALG_OP_DECRYPT; -+ -+ if((acd->tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0)) == -1) -+ return 0; -+ -+ if( bind(acd->tfmfd, (struct sockaddr*)&sa, sizeof(sa)) == -1 ) -+ return 0; -+ -+ if (setsockopt(acd->tfmfd, SOL_ALG, ALG_SET_KEY, key, keylen) == -1) -+ return 0; -+ -+ return 1; -+} -+ -+int af_alg_aes_cleanup_key(EVP_CIPHER_CTX *ctx) -+{ -+ struct af_alg_cipher_data *acd = (struct af_alg_cipher_data *)ctx->cipher_data; -+ if( acd->tfmfd != -1 ) -+ close(acd->tfmfd); -+ if( acd->op != -1 ) -+ close(acd->op); -+ return 1; -+} -+ -+#define DECLARE_AES_EVP(ksize,lmode,umode) \ -+static const EVP_CIPHER af_alg_aes_##ksize##_##lmode = { \ -+ .nid = NID_aes_##ksize##_##lmode, \ -+ .block_size = EVP_CIPHER_block_size_##umode, \ -+ .key_len = AES_KEY_SIZE_##ksize, \ -+ .iv_len = AES_BLOCK_SIZE, \ -+ .flags = 0 | EVP_CIPH_##umode##_MODE, \ -+ .init = af_alg_aes_init_key, \ -+ .do_cipher = af_alg_aes_ciphers, \ -+ .cleanup = af_alg_aes_cleanup_key, \ -+ .ctx_size = sizeof(struct af_alg_cipher_data), \ -+ .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, \ -+ .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, \ -+ .ctrl = NULL, \ -+ .app_data = NULL \ -+} -+ -+DECLARE_AES_EVP(128,cbc,CBC); -+DECLARE_AES_EVP(192,cbc,CBC); -+DECLARE_AES_EVP(256,cbc,CBC); -+ -+static int af_alg_aes_ciphers(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, const unsigned char *in_arg, unsigned int nbytes) -+{ -+ struct af_alg_cipher_data *acd = (struct af_alg_cipher_data *)ctx->cipher_data; -+ struct msghdr msg = {}; -+ struct cmsghdr *cmsg; -+ struct af_alg_iv *ivm; -+ struct iovec iov; -+ char buf[CMSG_SPACE(sizeof(acd->type)) + CMSG_SPACE(offsetof(struct af_alg_iv, iv) + AES_BLOCK_SIZE)]; -+ ssize_t len; -+ unsigned char save_iv[AES_BLOCK_SIZE]; -+ -+ memset(buf, 0, sizeof(buf)); -+ -+ msg.msg_control = buf; -+ msg.msg_controllen = 0; -+ msg.msg_controllen = sizeof(buf); -+ if( acd->op == -1 ) -+ { -+ if((acd->op = accept(acd->tfmfd, NULL, 0)) == -1) -+ return 0; -+ } -+ /* set operation type encrypt|decrypt */ -+ cmsg = CMSG_FIRSTHDR(&msg); -+ cmsg->cmsg_level = SOL_ALG; -+ cmsg->cmsg_type = ALG_SET_OP; -+ cmsg->cmsg_len = CMSG_LEN(4); -+ memcpy(CMSG_DATA(cmsg),&acd->type, 4); -+ -+ /* set IV - or update if it was set before */ -+ if(!ctx->encrypt) -+ memcpy(save_iv, in_arg + nbytes - AES_BLOCK_SIZE, AES_BLOCK_SIZE); -+ -+ cmsg = CMSG_NXTHDR(&msg, cmsg); -+ cmsg->cmsg_level = SOL_ALG; -+ cmsg->cmsg_type = ALG_SET_IV; -+ cmsg->cmsg_len = CMSG_LEN(offsetof(struct af_alg_iv, iv) + AES_BLOCK_SIZE); -+ ivm = (void*)CMSG_DATA(cmsg); -+ ivm->ivlen = AES_BLOCK_SIZE; -+ memcpy(ivm->iv, ctx->iv, AES_BLOCK_SIZE); -+ -+ msg.msg_iov = &iov; -+ msg.msg_iovlen = 1; -+ -+ unsigned int todo = nbytes; -+ unsigned int done = 0; -+ while( todo-done > 0 ) -+ { -+ iov.iov_base = (void *)(in_arg + done); -+ iov.iov_len = todo-done; -+ -+ if((len = sendmsg(acd->op, &msg, 0)) == -1) -+ return 0; -+ -+ if (read(acd->op, out_arg+done, len) != len) -+ return 0; -+ -+ /* do not update IV for following chunks */ -+ msg.msg_controllen = 0; -+ done += len; -+ } -+ -+ /* copy IV for next iteration */ -+ if(ctx->encrypt) -+ memcpy(ctx->iv, out_arg + done - AES_BLOCK_SIZE, AES_BLOCK_SIZE); -+ else -+ memcpy(ctx->iv, save_iv, AES_BLOCK_SIZE); -+ return 1; -+} -+ -+static int af_alg_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid) -+{ -+ if( !cipher ) -+ { -+ *nids = af_alg_cipher_nids; -+ return af_alg_cipher_nids_num; -+ } -+ -+ if( ! nid_in_nids(nid, af_alg_cipher_nids, af_alg_cipher_nids_num) ) -+ return 0; -+ -+ switch( nid ) -+ { -+ case NID_aes_128_cbc: -+ *cipher = &af_alg_aes_128_cbc; -+ break; -+ case NID_aes_192_cbc: -+ *cipher = &af_alg_aes_192_cbc; -+ break; -+ case NID_aes_256_cbc: -+ *cipher = &af_alg_aes_256_cbc; -+ break; -+ default: -+ *cipher = NULL; -+ } -+ return(*cipher != 0); -+} -+ -+struct af_alg_digest_data -+{ -+ int tfmfd; -+ int opfd; -+}; -+ -+#define DIGEST_DATA(ctx) ((struct af_alg_digest_data*)(ctx->md_data)) -+ -+static int af_alg_sha1_init(EVP_MD_CTX *ctx) -+{ -+ struct af_alg_digest_data *ddata = DIGEST_DATA(ctx); -+ struct sockaddr_alg sa = { -+ .salg_family = AF_ALG, -+ .salg_type = "hash", -+ .salg_name = "sha1" -+ }; -+ -+ if( (ddata->tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0)) == -1 ) -+ return 0; -+ -+ if( bind(ddata->tfmfd, (struct sockaddr *)&sa, sizeof(sa)) != 0 ) -+ return 0; -+ -+ if( (ddata->opfd = accept(ddata->tfmfd,NULL,0)) == -1 ) -+ return 0; -+ -+ return 1; -+} -+ -+static int af_alg_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t length) -+{ -+ struct af_alg_digest_data *ddata = DIGEST_DATA(ctx); -+ ssize_t r; -+ r = send(ddata->opfd, data, length, MSG_MORE); -+ if( r < 0 || (size_t)r < length ) -+ return 0; -+ return 1; -+} -+ -+static int af_alg_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ struct af_alg_digest_data *ddata = DIGEST_DATA(ctx); -+ if( read(ddata->opfd, md, SHA_DIGEST_LENGTH) != SHA_DIGEST_LENGTH ) -+ return 0; -+ -+ return 1; -+} -+ -+static int af_alg_sha1_copy(EVP_MD_CTX *_to,const EVP_MD_CTX *_from) -+{ -+ struct af_alg_digest_data *from = DIGEST_DATA(_from); -+ struct af_alg_digest_data *to = DIGEST_DATA(_to); -+ if( (to->opfd = accept(from->opfd, NULL, 0)) == -1 ) -+ return 0; -+ if( (to->tfmfd = accept(from->tfmfd, NULL, 0)) == -1 ) -+ return 0; -+ return 1; -+} -+ -+static int af_alg_sha1_cleanup(EVP_MD_CTX *ctx) -+{ -+ struct af_alg_digest_data *ddata = DIGEST_DATA(ctx); -+ if( ddata->opfd != -1 ) -+ close(ddata->opfd); -+ if( ddata->tfmfd != -1 ) -+ close(ddata->tfmfd); -+ return 0; -+} -+ -+#define DECLARE_MD_SHA(digest) \ -+static const EVP_MD af_alg_##digest##_md = { \ -+ NID_##digest, \ -+ NID_##digest##WithRSAEncryption, \ -+ SHA_DIGEST_LENGTH, \ -+ 0, \ -+ af_alg_##digest##_init, \ -+ af_alg_##digest##_update, \ -+ af_alg_##digest##_final, \ -+ af_alg_##digest##_copy, \ -+ af_alg_##digest##_cleanup, \ -+ EVP_PKEY_RSA_method, \ -+ SHA_CBLOCK, \ -+ sizeof(struct af_alg_digest_data), \ -+}; -+ -+DECLARE_MD_SHA(sha1) -+ -+static int af_alg_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid) -+{ -+ if( !digest ) -+ { -+ *nids = af_alg_digest_nids; -+ return af_alg_digest_nids_num; -+ } -+ -+ if( nid_in_nids(nid, af_alg_digest_nids, af_alg_digest_nids_num) == false ) -+ return 0; -+ -+ switch( nid ) -+ { -+ case NID_sha1: -+ *digest = &af_alg_sha1_md; -+ break; -+ default: -+ *digest = NULL; -+ } -+ return (*digest != NULL); -+} -+ --- -1.8.3.2 - diff --git a/meta-arago-distro/recipes-connectivity/openssl/openssl10/0001-cryptodev-Fix-issue-with-signature-generation.patch b/meta-arago-distro/recipes-connectivity/openssl/openssl10/0001-cryptodev-Fix-issue-with-signature-generation.patch deleted file mode 100644 index 327c204..0000000 --- a/meta-arago-distro/recipes-connectivity/openssl/openssl10/0001-cryptodev-Fix-issue-with-signature-generation.patch +++ /dev/null @@ -1,445 +0,0 @@ -From 86abebcfddaecf6492a7893c1ae2403679358a51 Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos <[email protected]> -Date: Tue, 8 Sep 2015 17:14:55 -0400 -Subject: [PATCH] cryptodev: Fix issue with signature generation - -That patch also enables support for SHA2 hashes, and -removes support for hashes that were never supported by -cryptodev. ---- - crypto/engine/eng_cryptodev.c | 195 +++++++++++++++++++++++++++++++----------- - 1 file changed, 146 insertions(+), 49 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 926d95c..b7bff89 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -2,6 +2,7 @@ - * Copyright (c) 2002 Bob Beck <[email protected]> - * Copyright (c) 2002 Theo de Raadt - * Copyright (c) 2002 Markus Friedl -+ * Copyright (c) 2012 Nikos Mavrogiannopoulos - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without -@@ -72,7 +73,6 @@ struct dev_crypto_state { - struct session_op d_sess; - int d_fd; - # ifdef USE_CRYPTODEV_DIGESTS -- char dummy_mac_key[HASH_MAX_LEN]; - unsigned char digest_res[HASH_MAX_LEN]; - char *mac_data; - int mac_len; -@@ -189,8 +189,10 @@ static struct { - static struct { - int id; - int nid; -- int keylen; -+ int digestlen; - } digests[] = { -+#if 0 -+ /* HMAC is not supported */ - { - CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16 - }, -@@ -198,15 +200,15 @@ static struct { - CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20 - }, - { -- CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16 -- /* ? */ -+ CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA256, 32 - }, - { -- CRYPTO_MD5_KPDK, NID_undef, 0 -+ CRYPTO_SHA2_384_HMAC, NID_hmacWithSHA384, 48 - }, - { -- CRYPTO_SHA1_KPDK, NID_undef, 0 -+ CRYPTO_SHA2_512_HMAC, NID_hmacWithSHA512, 64 - }, -+#endif - { - CRYPTO_MD5, NID_md5, 16 - }, -@@ -214,6 +216,15 @@ static struct { - CRYPTO_SHA1, NID_sha1, 20 - }, - { -+ CRYPTO_SHA2_256, NID_sha256, 32 -+ }, -+ { -+ CRYPTO_SHA2_384, NID_sha384, 48 -+ }, -+ { -+ CRYPTO_SHA2_512, NID_sha512, 64 -+ }, -+ { - 0, NID_undef, 0 - }, - }; -@@ -288,13 +299,14 @@ static int get_cryptodev_ciphers(const int **cnids) - static int nids[CRYPTO_ALGORITHM_MAX]; - struct session_op sess; - int fd, i, count = 0; -+ unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN]; - - if ((fd = get_dev_crypto()) < 0) { - *cnids = NULL; - return (0); - } - memset(&sess, 0, sizeof(sess)); -- sess.key = (caddr_t) "123456789abcdefghijklmno"; -+ sess.key = (void*)fake_key; - - for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { - if (ciphers[i].nid == NID_undef) -@@ -327,18 +339,19 @@ static int get_cryptodev_digests(const int **cnids) - static int nids[CRYPTO_ALGORITHM_MAX]; - struct session_op sess; - int fd, i, count = 0; -+ unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN]; - - if ((fd = get_dev_crypto()) < 0) { - *cnids = NULL; - return (0); - } - memset(&sess, 0, sizeof(sess)); -- sess.mackey = (caddr_t) "123456789abcdefghijklmno"; -+ sess.mackey = fake_key; - for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { - if (digests[i].nid == NID_undef) - continue; - sess.mac = digests[i].id; -- sess.mackeylen = digests[i].keylen; -+ sess.mackeylen = 8; - sess.cipher = 0; - if (ioctl(fd, CIOCGSESSION, &sess) != -1 && - ioctl(fd, CIOCFSESSION, &sess.ses) != -1) -@@ -424,14 +437,14 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - cryp.ses = sess->ses; - cryp.flags = 0; - cryp.len = inl; -- cryp.src = (caddr_t) in; -- cryp.dst = (caddr_t) out; -+ cryp.src = (void*) in; -+ cryp.dst = (void*) out; - cryp.mac = 0; - - cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; - - if (ctx->cipher->iv_len) { -- cryp.iv = (caddr_t) ctx->iv; -+ cryp.iv = (void*) ctx->iv; - if (!ctx->encrypt) { - iiv = in + inl - ctx->cipher->iv_len; - memcpy(save_iv, iiv, ctx->cipher->iv_len); -@@ -483,7 +496,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - if ((state->d_fd = get_dev_crypto()) < 0) - return (0); - -- sess->key = (caddr_t) key; -+ sess->key = (void*)key; - sess->keylen = ctx->key_len; - sess->cipher = cipher; - -@@ -749,16 +762,6 @@ static int digest_nid_to_cryptodev(int nid) - return (0); - } - --static int digest_key_length(int nid) --{ -- int i; -- -- for (i = 0; digests[i].id; i++) -- if (digests[i].nid == nid) -- return digests[i].keylen; -- return (0); --} -- - static int cryptodev_digest_init(EVP_MD_CTX *ctx) - { - struct dev_crypto_state *state = ctx->md_data; -@@ -769,7 +772,6 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx) - printf("cryptodev_digest_init: Can't get digest \n"); - return (0); - } -- - memset(state, 0, sizeof(struct dev_crypto_state)); - - if ((state->d_fd = get_dev_crypto()) < 0) { -@@ -777,8 +779,8 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx) - return (0); - } - -- sess->mackey = state->dummy_mac_key; -- sess->mackeylen = digest_key_length(ctx->digest->type); -+ sess->mackey = NULL; -+ sess->mackeylen = 0; - sess->mac = digest; - - if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { -@@ -794,8 +796,8 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx) - static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, - size_t count) - { -- struct crypt_op cryp; - struct dev_crypto_state *state = ctx->md_data; -+ struct crypt_op cryp; - struct session_op *sess = &state->d_sess; - - if (!data || state->d_fd < 0) { -@@ -804,7 +806,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, - } - - if (!count) { -- return (0); -+ return (1); - } - - if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { -@@ -828,9 +830,9 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, - cryp.ses = sess->ses; - cryp.flags = 0; - cryp.len = count; -- cryp.src = (caddr_t) data; -+ cryp.src = (void*) data; - cryp.dst = NULL; -- cryp.mac = (caddr_t) state->digest_res; -+ cryp.mac = (void*) state->digest_res; - if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { - printf("cryptodev_digest_update: digest failed\n"); - return (0); -@@ -844,8 +846,6 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) - struct dev_crypto_state *state = ctx->md_data; - struct session_op *sess = &state->d_sess; - -- int ret = 1; -- - if (!md || state->d_fd < 0) { - printf("cryptodev_digest_final: illegal input\n"); - return (0); -@@ -859,7 +859,7 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) - cryp.len = state->mac_len; - cryp.src = state->mac_data; - cryp.dst = NULL; -- cryp.mac = (caddr_t) md; -+ cryp.mac = (void*)md; - if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { - printf("cryptodev_digest_final: digest failed\n"); - return (0); -@@ -870,7 +870,7 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) - - memcpy(md, state->digest_res, ctx->digest->md_size); - -- return (ret); -+ return 1; - } - - static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx) -@@ -921,8 +921,8 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) - - digest = digest_nid_to_cryptodev(to->digest->type); - -- sess->mackey = dstate->dummy_mac_key; -- sess->mackeylen = digest_key_length(to->digest->type); -+ sess->mackey = NULL; -+ sess->mackeylen = 0; - sess->mac = digest; - - dstate->d_fd = get_dev_crypto(); -@@ -947,32 +947,116 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) - - const EVP_MD cryptodev_sha1 = { - NID_sha1, -- NID_undef, -+ NID_sha1WithRSAEncryption, - SHA_DIGEST_LENGTH, -+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT) -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE| -+ EVP_MD_FLAG_DIGALGID_ABSENT| -+#endif - EVP_MD_FLAG_ONESHOT, - cryptodev_digest_init, - cryptodev_digest_update, - cryptodev_digest_final, - cryptodev_digest_copy, - cryptodev_digest_cleanup, -- EVP_PKEY_NULL_method, -+ EVP_PKEY_RSA_method, - SHA_CBLOCK, -- sizeof(struct dev_crypto_state), -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), - }; - --const EVP_MD cryptodev_md5 = { -+static const EVP_MD cryptodev_sha256 = { -+ NID_sha256, -+ NID_sha256WithRSAEncryption, -+ SHA256_DIGEST_LENGTH, -+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT) -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE| -+ EVP_MD_FLAG_DIGALGID_ABSENT| -+#endif -+ EVP_MD_FLAG_ONESHOT, -+ cryptodev_digest_init, -+ cryptodev_digest_update, -+ cryptodev_digest_final, -+ cryptodev_digest_copy, -+ cryptodev_digest_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA256_CBLOCK, -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), -+}; -+ -+static const EVP_MD cryptodev_sha224 = { -+ NID_sha224, -+ NID_sha224WithRSAEncryption, -+ SHA224_DIGEST_LENGTH, -+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT) -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE| -+ EVP_MD_FLAG_DIGALGID_ABSENT| -+#endif -+ EVP_MD_FLAG_ONESHOT, -+ cryptodev_digest_init, -+ cryptodev_digest_update, -+ cryptodev_digest_final, -+ cryptodev_digest_copy, -+ cryptodev_digest_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA256_CBLOCK, -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), -+}; -+ -+static const EVP_MD cryptodev_sha384 = { -+ NID_sha384, -+ NID_sha384WithRSAEncryption, -+ SHA384_DIGEST_LENGTH, -+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT) -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE| -+ EVP_MD_FLAG_DIGALGID_ABSENT| -+#endif -+ EVP_MD_FLAG_ONESHOT, -+ cryptodev_digest_init, -+ cryptodev_digest_update, -+ cryptodev_digest_final, -+ cryptodev_digest_copy, -+ cryptodev_digest_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA512_CBLOCK, -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), -+}; -+ -+static const EVP_MD cryptodev_sha512 = { -+ NID_sha512, -+ NID_sha512WithRSAEncryption, -+ SHA512_DIGEST_LENGTH, -+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT) -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE| -+ EVP_MD_FLAG_DIGALGID_ABSENT| -+#endif -+ EVP_MD_FLAG_ONESHOT, -+ cryptodev_digest_init, -+ cryptodev_digest_update, -+ cryptodev_digest_final, -+ cryptodev_digest_copy, -+ cryptodev_digest_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA512_CBLOCK, -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), -+}; -+ -+static const EVP_MD cryptodev_md5 = { - NID_md5, -- NID_undef, -+ NID_md5WithRSAEncryption, - 16 /* MD5_DIGEST_LENGTH */ , -+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT) -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE| -+ EVP_MD_FLAG_DIGALGID_ABSENT| -+#endif - EVP_MD_FLAG_ONESHOT, - cryptodev_digest_init, - cryptodev_digest_update, - cryptodev_digest_final, - cryptodev_digest_copy, - cryptodev_digest_cleanup, -- EVP_PKEY_NULL_method, -+ EVP_PKEY_RSA_method, - 64 /* MD5_CBLOCK */ , -- sizeof(struct dev_crypto_state), -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), - }; - - # endif /* USE_CRYPTODEV_DIGESTS */ -@@ -992,6 +1076,18 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, - case NID_sha1: - *digest = &cryptodev_sha1; - break; -+ case NID_sha224: -+ *digest = &cryptodev_sha224; -+ break; -+ case NID_sha256: -+ *digest = &cryptodev_sha256; -+ break; -+ case NID_sha384: -+ *digest = &cryptodev_sha384; -+ break; -+ case NID_sha512: -+ *digest = &cryptodev_sha512; -+ break; - default: - # endif /* USE_CRYPTODEV_DIGESTS */ - *digest = NULL; -@@ -1022,7 +1118,7 @@ static int bn2crparam(const BIGNUM *a, struct crparam *crp) - return (1); - memset(b, 0, bytes); - -- crp->crp_p = (caddr_t) b; -+ crp->crp_p = (void*) b; - crp->crp_nbits = bits; - - for (i = 0, j = 0; i < a->top; i++) { -@@ -1277,7 +1373,7 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, - kop.crk_op = CRK_DSA_SIGN; - - /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ -- kop.crk_param[0].crp_p = (caddr_t) dgst; -+ kop.crk_param[0].crp_p = (void*)dgst; - kop.crk_param[0].crp_nbits = dlen * 8; - if (bn2crparam(dsa->p, &kop.crk_param[1])) - goto err; -@@ -1317,7 +1413,7 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen, - kop.crk_op = CRK_DSA_VERIFY; - - /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ -- kop.crk_param[0].crp_p = (caddr_t) dgst; -+ kop.crk_param[0].crp_p = (void*)dgst; - kop.crk_param[0].crp_nbits = dlen * 8; - if (bn2crparam(dsa->p, &kop.crk_param[1])) - goto err; -@@ -1398,9 +1494,10 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) - goto err; - kop.crk_iparams = 3; - -- kop.crk_param[3].crp_p = (caddr_t) key; -- kop.crk_param[3].crp_nbits = keylen * 8; -+ kop.crk_param[3].crp_p = (void*) key; -+ kop.crk_param[3].crp_nbits = keylen; - kop.crk_oparams = 1; -+ dhret = keylen / 8; - - if (ioctl(fd, CIOCKEY, &kop) == -1) { - const DH_METHOD *meth = DH_OpenSSL(); -@@ -1470,7 +1567,7 @@ void ENGINE_load_cryptodev(void) - put_dev_crypto(fd); - - if (!ENGINE_set_id(engine, "cryptodev") || -- !ENGINE_set_name(engine, "BSD cryptodev engine") || -+ !ENGINE_set_name(engine, "cryptodev engine") || - !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || - !ENGINE_set_digests(engine, cryptodev_engine_digests) || - !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || --- -2.2.0 - diff --git a/meta-arago-distro/recipes-connectivity/openssl/openssl10/0002-Modify-eng_cryptodev.c-to-make-SHA1-and-MD5-work-wit.patch b/meta-arago-distro/recipes-connectivity/openssl/openssl10/0002-Modify-eng_cryptodev.c-to-make-SHA1-and-MD5-work-wit.patch deleted file mode 100644 index 9f3d1cb..0000000 --- a/meta-arago-distro/recipes-connectivity/openssl/openssl10/0002-Modify-eng_cryptodev.c-to-make-SHA1-and-MD5-work-wit.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 6c7f195aadd770476b714f5c3075fbc74366d535 Mon Sep 17 00:00:00 2001 -From: Greg Turner <[email protected]> -Date: Wed, 7 Mar 2012 15:45:53 -0600 -Subject: [PATCH 2/2] Modify eng_cryptodev.c to make SHA1 and MD5 work with big file sizes - -Upstream-Status: pending - * Will be submitted upstream - ---- - crypto/engine/eng_cryptodev.c | 6 ++++++ - 1 files changed, 6 insertions(+), 0 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 52f4ca3..44f3c10 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -42,6 +42,8 @@ - # endif - #endif - -+#define OPENSSL_CRYPTODEF_HASH_NO_ONESHOT 1 -+ - #ifndef HAVE_CRYPTODEV - - void -@@ -711,6 +713,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, - return (0); - } - -+#ifndef OPENSSL_CRYPTODEF_HASH_NO_ONESHOT - if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { - /* if application doesn't support one buffer */ - state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count); -@@ -725,6 +728,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, - - return (1); - } -+#endif - - memset(&cryp, 0, sizeof(cryp)); - -@@ -755,6 +759,7 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) - return(0); - } - -+#ifndef OPENSSL_CRYPTODEF_HASH_NO_ONESHOT - if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) { - /* if application doesn't support one buffer */ - memset(&cryp, 0, sizeof(cryp)); -@@ -773,6 +778,7 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) - - return 1; - } -+#endif - - memcpy(md, state->digest_res, ctx->digest->md_size); - --- -1.7.0.4 diff --git a/meta-arago-distro/recipes-connectivity/openssl/openssl10/0002-cryptodev-allow-copying-EVP-contexts.patch b/meta-arago-distro/recipes-connectivity/openssl/openssl10/0002-cryptodev-allow-copying-EVP-contexts.patch deleted file mode 100644 index c4ab53c..0000000 --- a/meta-arago-distro/recipes-connectivity/openssl/openssl10/0002-cryptodev-allow-copying-EVP-contexts.patch +++ /dev/null @@ -1,202 +0,0 @@ -From 656b55e39ab22ed135221214ccc47a00369f3ff6 Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos <[email protected]> -Date: Fri, 4 Jul 2014 08:41:04 +0200 -Subject: [PATCH 2/2] cryptodev: allow copying EVP contexts - ---- - crypto/engine/eng_cryptodev.c | 57 ++++++++++++++++++++++++++----------------- - 1 file changed, 35 insertions(+), 22 deletions(-) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index a1c39e5..0d54613 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -505,150 +505,163 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx) - * gets called when libcrypto requests a cipher NID. - */ - -+static int cryptodev_cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void *p2) -+{ -+ struct dev_crypto_state *state = ctx->cipher_data; -+ struct session_op *sess = &state->d_sess; -+ -+ if (type == EVP_CTRL_COPY) { -+ EVP_CIPHER_CTX *out = p2; -+ return cryptodev_init_key(out, sess->key, ctx->iv, 0); -+ } -+ -+ return 0; -+} -+ - /* RC4 */ - const EVP_CIPHER cryptodev_rc4 = { - NID_rc4, - 1, 16, 0, -- EVP_CIPH_VARIABLE_LENGTH, -+ EVP_CIPH_VARIABLE_LENGTH|EVP_CIPH_CUSTOM_COPY, - cryptodev_init_key, - cryptodev_cipher, - cryptodev_cleanup, - sizeof(struct dev_crypto_state), - NULL, - NULL, -- NULL -+ cryptodev_cipher_ctrl - }; - - /* DES CBC EVP */ - const EVP_CIPHER cryptodev_des_cbc = { - NID_des_cbc, - 8, 8, 8, -- EVP_CIPH_CBC_MODE, -+ EVP_CIPH_CBC_MODE|EVP_CIPH_CUSTOM_COPY, - cryptodev_init_key, - cryptodev_cipher, - cryptodev_cleanup, - sizeof(struct dev_crypto_state), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, -- NULL -+ cryptodev_cipher_ctrl - }; - - /* 3DES CBC EVP */ - const EVP_CIPHER cryptodev_3des_cbc = { - NID_des_ede3_cbc, - 8, 24, 8, -- EVP_CIPH_CBC_MODE, -+ EVP_CIPH_CBC_MODE|EVP_CIPH_CUSTOM_COPY, - cryptodev_init_key, - cryptodev_cipher, - cryptodev_cleanup, - sizeof(struct dev_crypto_state), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, -- NULL -+ cryptodev_cipher_ctrl - }; - - const EVP_CIPHER cryptodev_bf_cbc = { - NID_bf_cbc, - 8, 16, 8, -- EVP_CIPH_CBC_MODE, -+ EVP_CIPH_CBC_MODE|EVP_CIPH_CUSTOM_COPY, - cryptodev_init_key, - cryptodev_cipher, - cryptodev_cleanup, - sizeof(struct dev_crypto_state), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, -- NULL -+ cryptodev_cipher_ctrl - }; - - const EVP_CIPHER cryptodev_cast_cbc = { - NID_cast5_cbc, - 8, 16, 8, -- EVP_CIPH_CBC_MODE, -+ EVP_CIPH_CBC_MODE|EVP_CIPH_CUSTOM_COPY, - cryptodev_init_key, - cryptodev_cipher, - cryptodev_cleanup, - sizeof(struct dev_crypto_state), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, -- NULL -+ cryptodev_cipher_ctrl - }; - - const EVP_CIPHER cryptodev_aes_cbc = { - NID_aes_128_cbc, - 16, 16, 16, -- EVP_CIPH_CBC_MODE, -+ EVP_CIPH_CBC_MODE|EVP_CIPH_CUSTOM_COPY, - cryptodev_init_key, - cryptodev_cipher, - cryptodev_cleanup, - sizeof(struct dev_crypto_state), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, -- NULL -+ cryptodev_cipher_ctrl - }; - - const EVP_CIPHER cryptodev_aes_192_cbc = { - NID_aes_192_cbc, - 16, 24, 16, -- EVP_CIPH_CBC_MODE, -+ EVP_CIPH_CBC_MODE|EVP_CIPH_CUSTOM_COPY, - cryptodev_init_key, - cryptodev_cipher, - cryptodev_cleanup, - sizeof(struct dev_crypto_state), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, -- NULL -+ cryptodev_cipher_ctrl - }; - - const EVP_CIPHER cryptodev_aes_256_cbc = { - NID_aes_256_cbc, - 16, 32, 16, -- EVP_CIPH_CBC_MODE, -+ EVP_CIPH_CBC_MODE|EVP_CIPH_CUSTOM_COPY, - cryptodev_init_key, - cryptodev_cipher, - cryptodev_cleanup, - sizeof(struct dev_crypto_state), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, -- NULL -+ cryptodev_cipher_ctrl - }; - #ifdef CRYPTO_AES_CTR - const EVP_CIPHER cryptodev_aes_ctr = { - NID_aes_128_ctr, - 16, 16, 14, -- EVP_CIPH_CTR_MODE, -+ EVP_CIPH_CTR_MODE|EVP_CIPH_CUSTOM_COPY, - cryptodev_init_key, - cryptodev_cipher, - cryptodev_cleanup, - sizeof(struct dev_crypto_state), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, -- NULL -+ cryptodev_cipher_ctrl - }; - - const EVP_CIPHER cryptodev_aes_ctr_192 = { - NID_aes_192_ctr, - 16, 24, 14, -- EVP_CIPH_CTR_MODE, -+ EVP_CIPH_CTR_MODE|EVP_CIPH_CUSTOM_COPY, - cryptodev_init_key, - cryptodev_cipher, - cryptodev_cleanup, - sizeof(struct dev_crypto_state), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, -- NULL -+ cryptodev_cipher_ctrl - }; - - const EVP_CIPHER cryptodev_aes_ctr_256 = { - NID_aes_256_ctr, - 16, 32, 14, -- EVP_CIPH_CTR_MODE, -+ EVP_CIPH_CTR_MODE|EVP_CIPH_CUSTOM_COPY, - cryptodev_init_key, - cryptodev_cipher, - cryptodev_cleanup, - sizeof(struct dev_crypto_state), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, -- NULL -+ cryptodev_cipher_ctrl - }; - #endif - /* --- -2.0.0 - diff --git a/meta-arago-distro/recipes-connectivity/openssl/openssl10/0004-Sample-AF_ALG-openssl.cnf.patch b/meta-arago-distro/recipes-connectivity/openssl/openssl10/0004-Sample-AF_ALG-openssl.cnf.patch deleted file mode 100644 index d223375..0000000 --- a/meta-arago-distro/recipes-connectivity/openssl/openssl10/0004-Sample-AF_ALG-openssl.cnf.patch +++ /dev/null @@ -1,36 +0,0 @@ -From a790ddb9694aff023fdcdbcfadf0b11ee9781b87 Mon Sep 17 00:00:00 2001 -From: Joel A Fernandes <[email protected]> -Date: Sun, 31 Mar 2013 07:33:27 -0500 -Subject: [PATCH 04/11] Sample AF_ALG openssl.cnf To be copied to - /usr/lib/ssl/openssl.cnf - -Specifies which algorithms to register for AF_ALG - -Signed-off-by: Joel A Fernandes <[email protected]> ---- - engines/af_alg_openssl.cnf | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - create mode 100644 engines/af_alg_openssl.cnf - -diff --git a/engines/af_alg_openssl.cnf b/engines/af_alg_openssl.cnf -new file mode 100644 -index 0000000..138ed16 ---- /dev/null -+++ b/engines/af_alg_openssl.cnf -@@ -0,0 +1,13 @@ -+openssl_conf = openssl_def -+ -+[openssl_def] -+engines = openssl_engines -+ -+[openssl_engines] -+af_alg = af_alg_engine -+ -+[af_alg_engine] -+default_algorithms = ALL -+CIPHERS=aes-128-cbc -+DIGESTS=sha1 -+ --- -1.8.3.2 - diff --git a/meta-arago-distro/recipes-connectivity/openssl/openssl10/0009-eng_cryptodev-Add-SHA224-initialization-to-cryptodev.patch b/meta-arago-distro/recipes-connectivity/openssl/openssl10/0009-eng_cryptodev-Add-SHA224-initialization-to-cryptodev.patch deleted file mode 100644 index f5a3da2..0000000 --- a/meta-arago-distro/recipes-connectivity/openssl/openssl10/0009-eng_cryptodev-Add-SHA224-initialization-to-cryptodev.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 67f8fdee6e979173c7c6793593147030df6aaa40 Mon Sep 17 00:00:00 2001 -From: Denys Dmytriyenko <[email protected]> -Date: Tue, 8 Sep 2015 17:19:57 -0400 -Subject: [PATCH] eng_cryptodev: Add SHA224 initialization to cryptodev engine. - -Signed-off-by: Denys Dmytriyenko <[email protected]> ---- - crypto/engine/eng_cryptodev.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index b7bff89..3cd4bcf 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -216,6 +216,9 @@ static struct { - CRYPTO_SHA1, NID_sha1, 20 - }, - { -+ CRYPTO_SHA2_224, NID_sha224, 28 -+ }, -+ { - CRYPTO_SHA2_256, NID_sha256, 32 - }, - { --- -2.2.0 - diff --git a/meta-arago-distro/recipes-connectivity/openssl/openssl10/0011-cryptodev-Add-AES-CBC-CTR-modes-for-128-192-256-bit-.patch b/meta-arago-distro/recipes-connectivity/openssl/openssl10/0011-cryptodev-Add-AES-CBC-CTR-modes-for-128-192-256-bit-.patch deleted file mode 100644 index fb43b16..0000000 --- a/meta-arago-distro/recipes-connectivity/openssl/openssl10/0011-cryptodev-Add-AES-CBC-CTR-modes-for-128-192-256-bit-.patch +++ /dev/null @@ -1,142 +0,0 @@ -From 26384c393fed398ebaddcdcfd54ac12242808bba Mon Sep 17 00:00:00 2001 -From: Joel Fernandes <[email protected]> -Date: Fri, 6 Dec 2013 16:15:40 +0530 -Subject: [PATCH 11/11] cryptodev: Add AES CBC & CTR modes for 128/192/256 bit - key sizes - -Signed-off-by: Joel Fernandes <[email protected]> ---- - crypto/engine/eng_cryptodev.c | 103 ++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 103 insertions(+) - -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index d095a58..565ed26 100644 ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -148,6 +148,12 @@ static struct { - { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, - { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, - { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, -+ { CRYPTO_AES_ECB, NID_aes_128_ecb, 16, 16, }, -+ { CRYPTO_AES_ECB, NID_aes_192_ecb, 16, 24, }, -+ { CRYPTO_AES_ECB, NID_aes_256_ecb, 16, 32, }, -+ { CRYPTO_AES_CTR, NID_aes_128_ctr, 16, 16, }, -+ { CRYPTO_AES_CTR, NID_aes_192_ctr, 16, 24, }, -+ { CRYPTO_AES_CTR, NID_aes_256_ctr, 16, 32, }, - { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, - { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, - { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, -@@ -610,6 +616,85 @@ const EVP_CIPHER cryptodev_aes_256_cbc = { - NULL - }; - -+const EVP_CIPHER cryptodev_aes_ecb = { -+ NID_aes_128_ecb, -+ 16, 16, 16, -+ EVP_CIPH_ECB_MODE, -+ cryptodev_init_key, -+ cryptodev_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ NULL -+}; -+ -+const EVP_CIPHER cryptodev_aes_192_ecb = { -+ NID_aes_192_ecb, -+ 16, 24, 16, -+ EVP_CIPH_ECB_MODE, -+ cryptodev_init_key, -+ cryptodev_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ NULL -+}; -+ -+const EVP_CIPHER cryptodev_aes_256_ecb = { -+ NID_aes_256_ecb, -+ 16, 32, 16, -+ EVP_CIPH_ECB_MODE, -+ cryptodev_init_key, -+ cryptodev_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ NULL -+}; -+ -+const EVP_CIPHER cryptodev_aes_ctr = { -+ NID_aes_128_ctr, -+ 16, 16, 16, -+ EVP_CIPH_CTR_MODE, -+ cryptodev_init_key, -+ cryptodev_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ NULL -+}; -+ -+const EVP_CIPHER cryptodev_aes_192_ctr = { -+ NID_aes_192_ctr, -+ 16, 24, 16, -+ EVP_CIPH_CTR_MODE, -+ cryptodev_init_key, -+ cryptodev_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ NULL -+}; -+ -+const EVP_CIPHER cryptodev_aes_256_ctr = { -+ NID_aes_256_ctr, -+ 16, 32, 16, -+ EVP_CIPH_CTR_MODE, -+ cryptodev_init_key, -+ cryptodev_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ NULL -+}; -+ -+ - /* - * Registered by the ENGINE when used to find out how to deal with - * a particular NID in the ENGINE. this says what we'll do at the -@@ -647,6 +732,24 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - case NID_aes_256_cbc: - *cipher = &cryptodev_aes_256_cbc; - break; -+ case NID_aes_128_ecb: -+ *cipher = &cryptodev_aes_ecb; -+ break; -+ case NID_aes_192_ecb: -+ *cipher = &cryptodev_aes_192_ecb; -+ break; -+ case NID_aes_256_ecb: -+ *cipher = &cryptodev_aes_256_ecb; -+ break; -+ case NID_aes_128_ctr: -+ *cipher = &cryptodev_aes_ctr; -+ break; -+ case NID_aes_192_ctr: -+ *cipher = &cryptodev_aes_192_ctr; -+ break; -+ case NID_aes_256_ctr: -+ *cipher = &cryptodev_aes_256_ctr; -+ break; - default: - *cipher = NULL; - break; --- -1.8.3.2 - diff --git a/meta-arago-distro/recipes-connectivity/openssl/openssl10_%.bbappend b/meta-arago-distro/recipes-connectivity/openssl/openssl10_%.bbappend deleted file mode 100644 index 21fcb3e..0000000 --- a/meta-arago-distro/recipes-connectivity/openssl/openssl10_%.bbappend +++ /dev/null @@ -1,27 +0,0 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" - -PR_append = ".arago0" - -DEPENDS += "cryptodev-linux" -RDEPENDS_${PN}_class-target += "cryptodev-module" - -CRYPTODEV_AFALG_PATCHES = " \ - file://0001-cryptodev-Fix-issue-with-signature-generation.patch \ - file://0001-Add-AF_ALG-interface-support-to-OpenSSL.patch \ - file://0004-Sample-AF_ALG-openssl.cnf.patch \ - file://0009-eng_cryptodev-Add-SHA224-initialization-to-cryptodev.patch \ -" - -SRC_URI += "${CRYPTODEV_AFALG_PATCHES}" - -# override this from upstream to preserve engine libs, binaries and config -# w/o clashing with 1.1 -openssl_package_preprocess () { - for file in `find ${PKGD} -name *.h -o -name *.pc`; do - rm $file - done - rm ${PKGD}${libdir}/*.so - mv ${PKGD}${bindir}/openssl ${PKGD}${bindir}/openssl10 - mv ${PKGD}${bindir}/c_rehash ${PKGD}${bindir}/c_rehash10 - mv ${PKGD}${sysconfdir}/ssl/openssl.cnf ${PKGD}${sysconfdir}/ssl/openssl10.cnf -} -- 2.7.4 _______________________________________________ meta-arago mailing list [email protected] http://arago-project.org/cgi-bin/mailman/listinfo/meta-arago
