From: Yashpal Dutta <[email protected]> 1) Endianness fix for openssl to work with CAAM block 2) cryptodev engine file updated to support cryptodev-1.5
Signed-off-by: Yashpal Dutta <[email protected]> --- .../openssl/openssl-1.0.1c/openssl.patch | 464 ++++++++++++++++++++ .../openssl-1.0.1c/openssl_async_asym.patch | 326 ++++++++++++++ recipes-connectivity/openssl/openssl.inc | 3 +- recipes-connectivity/openssl/openssl_1.0.1c.bb | 2 - 4 files changed, 792 insertions(+), 3 deletions(-) create mode 100644 recipes-connectivity/openssl/openssl-1.0.1c/openssl.patch create mode 100644 recipes-connectivity/openssl/openssl-1.0.1c/openssl_async_asym.patch diff --git a/recipes-connectivity/openssl/openssl-1.0.1c/openssl.patch b/recipes-connectivity/openssl/openssl-1.0.1c/openssl.patch new file mode 100644 index 0000000..8b49816 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-1.0.1c/openssl.patch @@ -0,0 +1,464 @@ +From b0f8ca1f6272eaf8aa9df625950cc5065257f385 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta <[email protected]> +Date: Thu, 15 Nov 2012 00:02:20 +0545 +Subject: [PATCH] OpenSSL changes for Freescale Chips + +1) Support for upto 32k buffers +2) Endianness fix +3) Update engine file as per cryptodev-1.5 + +Signed-off-by: Yashpal Dutta <[email protected]> +--- + apps/speed.c | 6 +- + crypto/engine/eng_cryptodev.c | 175 ++++++++++++++++++++++++----------------- + 2 files changed, 105 insertions(+), 76 deletions(-) + +diff --git a/apps/speed.c b/apps/speed.c +index 8358b12..b83bfd0 100644 +--- a/apps/speed.c ++++ b/apps/speed.c +@@ -224,7 +224,7 @@ + #endif + + #undef BUFSIZE +-#define BUFSIZE ((long)1024*8+1) ++#define BUFSIZE ((long)1024*64+1) + int run=0; + + static int mr=0; +@@ -240,7 +240,7 @@ static int do_multi(int multi); + #endif + + #define ALGOR_NUM 30 +-#define SIZE_NUM 5 ++#define SIZE_NUM 6 + #define RSA_NUM 4 + #define DSA_NUM 3 + +@@ -256,7 +256,7 @@ static const char *names[ALGOR_NUM]={ + "evp","sha256","sha512","whirlpool", + "aes-128 ige","aes-192 ige","aes-256 ige","ghash"}; + static double results[ALGOR_NUM][SIZE_NUM]; +-static int lengths[SIZE_NUM]={16,64,256,1024,8*1024}; ++static int lengths[SIZE_NUM]={64,256,1024,8*1024, 16*1024, 32*1024}; + #ifndef OPENSSL_NO_RSA + static double rsa_results[RSA_NUM][2]; + #endif +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index 5a715ac..ac62743 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -2,6 +2,7 @@ + * Copyright (c) 2002 Bob Beck <[email protected]> + * Copyright (c) 2002 Theo de Raadt + * Copyright (c) 2002 Markus Friedl ++ * Copyright (c) 2012 Nikos Mavrogiannopoulos + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without +@@ -74,8 +75,6 @@ struct dev_crypto_state { + int d_fd; + + #ifdef USE_CRYPTODEV_DIGESTS +- char dummy_mac_key[HASH_MAX_LEN]; +- + unsigned char digest_res[HASH_MAX_LEN]; + char *mac_data; + int mac_len; +@@ -157,15 +156,21 @@ static struct { + static struct { + int id; + int nid; +- int keylen; ++ int digestlen; + } digests[] = { ++#if 0 ++ /* HMAC is not supported */ + { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16}, + { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20}, +- { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16/*?*/}, +- { CRYPTO_MD5_KPDK, NID_undef, 0}, +- { CRYPTO_SHA1_KPDK, NID_undef, 0}, ++ { CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA256, 32}, ++ { CRYPTO_SHA2_384_HMAC, NID_hmacWithSHA384, 48}, ++ { CRYPTO_SHA2_512_HMAC, NID_hmacWithSHA512, 64}, ++#endif + { CRYPTO_MD5, NID_md5, 16}, + { CRYPTO_SHA1, NID_sha1, 20}, ++ { CRYPTO_SHA2_256, NID_sha256, 32}, ++ { CRYPTO_SHA2_384, NID_sha384, 48}, ++ { CRYPTO_SHA2_512, NID_sha512, 64}, + { 0, NID_undef, 0}, + }; + #endif +@@ -243,13 +248,14 @@ get_cryptodev_ciphers(const int **cnids) + static int nids[CRYPTO_ALGORITHM_MAX]; + struct session_op sess; + int fd, i, count = 0; ++ unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN]; + + if ((fd = get_dev_crypto()) < 0) { + *cnids = NULL; + return (0); + } + memset(&sess, 0, sizeof(sess)); +- sess.key = (caddr_t)"123456789abcdefghijklmno"; ++ sess.key = (void*)fake_key; + + for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { + if (ciphers[i].nid == NID_undef) +@@ -281,6 +287,7 @@ static int + get_cryptodev_digests(const int **cnids) + { + static int nids[CRYPTO_ALGORITHM_MAX]; ++ unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN]; + struct session_op sess; + int fd, i, count = 0; + +@@ -289,12 +296,12 @@ get_cryptodev_digests(const int **cnids) + return (0); + } + memset(&sess, 0, sizeof(sess)); +- sess.mackey = (caddr_t)"123456789abcdefghijklmno"; ++ sess.mackey = fake_key; + for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { + if (digests[i].nid == NID_undef) + continue; + sess.mac = digests[i].id; +- sess.mackeylen = digests[i].keylen; ++ sess.mackeylen = 8; + sess.cipher = 0; + if (ioctl(fd, CIOCGSESSION, &sess) != -1 && + ioctl(fd, CIOCFSESSION, &sess.ses) != -1) +@@ -382,14 +389,14 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + cryp.ses = sess->ses; + cryp.flags = 0; + cryp.len = inl; +- cryp.src = (caddr_t) in; +- cryp.dst = (caddr_t) out; ++ cryp.src = (void*) in; ++ cryp.dst = (void*) out; + cryp.mac = 0; + + cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; + + if (ctx->cipher->iv_len) { +- cryp.iv = (caddr_t) ctx->iv; ++ cryp.iv = (void*) ctx->iv; + if (!ctx->encrypt) { + iiv = in + inl - ctx->cipher->iv_len; + memcpy(save_iv, iiv, ctx->cipher->iv_len); +@@ -440,7 +447,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + if ((state->d_fd = get_dev_crypto()) < 0) + return (0); + +- sess->key = (caddr_t)key; ++ sess->key = (void*)key; + sess->keylen = ctx->key_len; + sess->cipher = cipher; + +@@ -660,18 +667,6 @@ digest_nid_to_cryptodev(int nid) + } + + +-static int +-digest_key_length(int nid) +-{ +- int i; +- +- for (i = 0; digests[i].id; i++) +- if (digests[i].nid == nid) +- return digests[i].keylen; +- return (0); +-} +- +- + static int cryptodev_digest_init(EVP_MD_CTX *ctx) + { + struct dev_crypto_state *state = ctx->md_data; +@@ -682,7 +677,6 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx) + printf("cryptodev_digest_init: Can't get digest \n"); + return (0); + } +- + memset(state, 0, sizeof(struct dev_crypto_state)); + + if ((state->d_fd = get_dev_crypto()) < 0) { +@@ -690,8 +684,8 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx) + return (0); + } + +- sess->mackey = state->dummy_mac_key; +- sess->mackeylen = digest_key_length(ctx->digest->type); ++ sess->mackey = NULL; ++ sess->mackeylen = 0; + sess->mac = digest; + + if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { +@@ -707,8 +701,8 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx) + static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, + size_t count) + { +- struct crypt_op cryp; + struct dev_crypto_state *state = ctx->md_data; ++ struct crypt_op cryp; + struct session_op *sess = &state->d_sess; + + if (!data || state->d_fd < 0) { +@@ -717,7 +711,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, + } + + if (!count) { +- return (0); ++ return (1); + } + + if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { +@@ -740,9 +734,9 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, + cryp.ses = sess->ses; + cryp.flags = 0; + cryp.len = count; +- cryp.src = (caddr_t) data; ++ cryp.src = (void*) data; + cryp.dst = NULL; +- cryp.mac = (caddr_t) state->digest_res; ++ cryp.mac = (void*) state->digest_res; + if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { + printf("cryptodev_digest_update: digest failed\n"); + return (0); +@@ -757,8 +751,6 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) + struct dev_crypto_state *state = ctx->md_data; + struct session_op *sess = &state->d_sess; + +- int ret = 1; +- + if (!md || state->d_fd < 0) { + printf("cryptodev_digest_final: illegal input\n"); + return(0); +@@ -772,7 +764,7 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) + cryp.len = state->mac_len; + cryp.src = state->mac_data; + cryp.dst = NULL; +- cryp.mac = (caddr_t)md; ++ cryp.mac = (void*)md; + if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { + printf("cryptodev_digest_final: digest failed\n"); + return (0); +@@ -783,7 +775,7 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) + + memcpy(md, state->digest_res, ctx->digest->md_size); + +- return (ret); ++ return 1; + } + + +@@ -835,8 +827,8 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from) + + digest = digest_nid_to_cryptodev(to->digest->type); + +- sess->mackey = dstate->dummy_mac_key; +- sess->mackeylen = digest_key_length(to->digest->type); ++ sess->mackey = NULL; ++ sess->mackeylen = 0; + sess->mac = digest; + + dstate->d_fd = get_dev_crypto(); +@@ -861,34 +853,79 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from) + } + + +-const EVP_MD cryptodev_sha1 = { ++static const EVP_MD cryptodev_sha1 = { + NID_sha1, +- NID_undef, ++ NID_sha1WithRSAEncryption, + SHA_DIGEST_LENGTH, +- EVP_MD_FLAG_ONESHOT, ++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, + cryptodev_digest_init, + cryptodev_digest_update, + cryptodev_digest_final, + cryptodev_digest_copy, + cryptodev_digest_cleanup, +- EVP_PKEY_NULL_method, ++ EVP_PKEY_RSA_method, + SHA_CBLOCK, +- sizeof(struct dev_crypto_state), ++ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), + }; + +-const EVP_MD cryptodev_md5 = { ++static const EVP_MD cryptodev_sha256 = { ++ NID_sha256, ++ NID_sha256WithRSAEncryption, ++ SHA256_DIGEST_LENGTH, ++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, ++ cryptodev_digest_init, ++ cryptodev_digest_update, ++ cryptodev_digest_final, ++ cryptodev_digest_copy, ++ cryptodev_digest_cleanup, ++ EVP_PKEY_RSA_method, ++ SHA256_CBLOCK, ++ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), ++}; ++ ++static const EVP_MD cryptodev_sha384 = { ++ NID_sha384, ++ NID_sha384WithRSAEncryption, ++ SHA384_DIGEST_LENGTH, ++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, ++ cryptodev_digest_init, ++ cryptodev_digest_update, ++ cryptodev_digest_final, ++ cryptodev_digest_copy, ++ cryptodev_digest_cleanup, ++ EVP_PKEY_RSA_method, ++ SHA512_CBLOCK, ++ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), ++}; ++ ++static const EVP_MD cryptodev_sha512 = { ++ NID_sha512, ++ NID_sha512WithRSAEncryption, ++ SHA512_DIGEST_LENGTH, ++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, ++ cryptodev_digest_init, ++ cryptodev_digest_update, ++ cryptodev_digest_final, ++ cryptodev_digest_copy, ++ cryptodev_digest_cleanup, ++ EVP_PKEY_RSA_method, ++ SHA512_CBLOCK, ++ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), ++}; ++ ++static const EVP_MD cryptodev_md5 = { + NID_md5, +- NID_undef, ++ NID_md5WithRSAEncryption, + 16 /* MD5_DIGEST_LENGTH */, +- EVP_MD_FLAG_ONESHOT, ++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, + cryptodev_digest_init, + cryptodev_digest_update, + cryptodev_digest_final, + cryptodev_digest_copy, + cryptodev_digest_cleanup, +- EVP_PKEY_NULL_method, ++ EVP_PKEY_RSA_method, + 64 /* MD5_CBLOCK */, +- sizeof(struct dev_crypto_state), ++ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), + }; + + #endif /* USE_CRYPTODEV_DIGESTS */ +@@ -909,6 +946,15 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, + case NID_sha1: + *digest = &cryptodev_sha1; + break; ++ case NID_sha256: ++ *digest = &cryptodev_sha256; ++ break; ++ case NID_sha384: ++ *digest = &cryptodev_sha384; ++ break; ++ case NID_sha512: ++ *digest = &cryptodev_sha512; ++ break; + default: + #endif /* USE_CRYPTODEV_DIGESTS */ + *digest = NULL; +@@ -925,7 +971,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, + static int + bn2crparam(const BIGNUM *a, struct crparam *crp) + { +- int i, j, k; + ssize_t bytes, bits; + u_char *b; + +@@ -940,17 +985,9 @@ bn2crparam(const BIGNUM *a, struct crparam *crp) + return (1); + memset(b, 0, bytes); + +- crp->crp_p = (caddr_t) b; ++ crp->crp_p = (void*) b; + crp->crp_nbits = bits; +- +- for (i = 0, j = 0; i < a->top; i++) { +- for (k = 0; k < BN_BITS2 / 8; k++) { +- if ((j + k) >= bytes) +- return (0); +- b[j + k] = a->d[i] >> (k * 8); +- } +- j += BN_BITS2 / 8; +- } ++ BN_bn2bin(a, crp->crp_p); + return (0); + } + +@@ -958,22 +995,14 @@ bn2crparam(const BIGNUM *a, struct crparam *crp) + static int + crparam2bn(struct crparam *crp, BIGNUM *a) + { +- u_int8_t *pd; +- int i, bytes; ++ int bytes; + + bytes = (crp->crp_nbits + 7) / 8; + + if (bytes == 0) + return (-1); + +- if ((pd = (u_int8_t *) malloc(bytes)) == NULL) +- return (-1); +- +- for (i = 0; i < bytes; i++) +- pd[i] = crp->crp_p[bytes - i - 1]; +- +- BN_bin2bn(pd, bytes, a); +- free(pd); ++ BN_bin2bn(crp->crp_p, bytes, a); + + return (0); + } +@@ -1193,7 +1222,7 @@ cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) + kop.crk_op = CRK_DSA_SIGN; + + /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ +- kop.crk_param[0].crp_p = (caddr_t)dgst; ++ kop.crk_param[0].crp_p = (void*)dgst; + kop.crk_param[0].crp_nbits = dlen * 8; + if (bn2crparam(dsa->p, &kop.crk_param[1])) + goto err; +@@ -1233,7 +1262,7 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen, + kop.crk_op = CRK_DSA_VERIFY; + + /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ +- kop.crk_param[0].crp_p = (caddr_t)dgst; ++ kop.crk_param[0].crp_p = (void*)dgst; + kop.crk_param[0].crp_nbits = dlen * 8; + if (bn2crparam(dsa->p, &kop.crk_param[1])) + goto err; +@@ -1311,7 +1340,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) + goto err; + kop.crk_iparams = 3; + +- kop.crk_param[3].crp_p = (caddr_t) key; ++ kop.crk_param[3].crp_p = (void*) key; + kop.crk_param[3].crp_nbits = keylen * 8; + kop.crk_oparams = 1; + +@@ -1385,7 +1414,7 @@ ENGINE_load_cryptodev(void) + put_dev_crypto(fd); + + if (!ENGINE_set_id(engine, "cryptodev") || +- !ENGINE_set_name(engine, "BSD cryptodev engine") || ++ !ENGINE_set_name(engine, "cryptodev engine") || + !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || + !ENGINE_set_digests(engine, cryptodev_engine_digests) || + !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || +-- +1.7.0.4 + diff --git a/recipes-connectivity/openssl/openssl-1.0.1c/openssl_async_asym.patch b/recipes-connectivity/openssl/openssl-1.0.1c/openssl_async_asym.patch new file mode 100644 index 0000000..f797a09 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-1.0.1c/openssl_async_asym.patch @@ -0,0 +1,326 @@ +From bb39088b7899651433140d5cbd65dd318b32c820 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta <[email protected]> +Date: Fri, 16 Nov 2012 01:41:18 +0545 +Subject: [PATCH] Added Ring Offset for PKC operations + +Signed-off-by: Yashpal Dutta <[email protected]> +--- + crypto/engine/cryptodev.h | 292 +++++++++++++++++++++++++++++++++++++++++ + crypto/engine/eng_cryptodev.c | 2 +- + 2 files changed, 293 insertions(+), 1 deletions(-) + create mode 100644 crypto/engine/cryptodev.h + +diff --git a/crypto/engine/cryptodev.h b/crypto/engine/cryptodev.h +new file mode 100644 +index 0000000..ab75f29 +--- /dev/null ++++ b/crypto/engine/cryptodev.h +@@ -0,0 +1,292 @@ ++/* This is a source compatible implementation with the original API of ++ * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h. ++ * Placed under public domain */ ++ ++#ifndef L_CRYPTODEV_H ++#define L_CRYPTODEV_H ++ ++#include <linux/types.h> ++#ifndef __KERNEL__ ++#define __user ++#endif ++ ++/* API extensions for linux */ ++#define CRYPTO_HMAC_MAX_KEY_LEN 512 ++#define CRYPTO_CIPHER_MAX_KEY_LEN 64 ++ ++/* All the supported algorithms ++ */ ++enum cryptodev_crypto_op_t { ++ CRYPTO_DES_CBC = 1, ++ CRYPTO_3DES_CBC = 2, ++ CRYPTO_BLF_CBC = 3, ++ CRYPTO_CAST_CBC = 4, ++ CRYPTO_SKIPJACK_CBC = 5, ++ CRYPTO_MD5_HMAC = 6, ++ CRYPTO_SHA1_HMAC = 7, ++ CRYPTO_RIPEMD160_HMAC = 8, ++ CRYPTO_MD5_KPDK = 9, ++ CRYPTO_SHA1_KPDK = 10, ++ CRYPTO_RIJNDAEL128_CBC = 11, ++ CRYPTO_AES_CBC = CRYPTO_RIJNDAEL128_CBC, ++ CRYPTO_ARC4 = 12, ++ CRYPTO_MD5 = 13, ++ CRYPTO_SHA1 = 14, ++ CRYPTO_DEFLATE_COMP = 15, ++ CRYPTO_NULL = 16, ++ CRYPTO_LZS_COMP = 17, ++ CRYPTO_SHA2_256_HMAC = 18, ++ CRYPTO_SHA2_384_HMAC = 19, ++ CRYPTO_SHA2_512_HMAC = 20, ++ CRYPTO_AES_CTR = 21, ++ CRYPTO_AES_XTS = 22, ++ CRYPTO_AES_ECB = 23, ++ CRYPTO_AES_GCM = 50, ++ ++ CRYPTO_CAMELLIA_CBC = 101, ++ CRYPTO_RIPEMD160, ++ CRYPTO_SHA2_256, ++ CRYPTO_SHA2_384, ++ CRYPTO_SHA2_512, ++ CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ ++}; ++ ++#define CRYPTO_ALGORITHM_MAX (CRYPTO_ALGORITHM_ALL - 1) ++ ++/* Values for ciphers */ ++#define DES_BLOCK_LEN 8 ++#define DES3_BLOCK_LEN 8 ++#define RIJNDAEL128_BLOCK_LEN 16 ++#define AES_BLOCK_LEN RIJNDAEL128_BLOCK_LEN ++#define CAMELLIA_BLOCK_LEN 16 ++#define BLOWFISH_BLOCK_LEN 8 ++#define SKIPJACK_BLOCK_LEN 8 ++#define CAST128_BLOCK_LEN 8 ++ ++/* the maximum of the above */ ++#define EALG_MAX_BLOCK_LEN 16 ++ ++/* Values for hashes/MAC */ ++#define AALG_MAX_RESULT_LEN 64 ++ ++/* maximum length of verbose alg names (depends on CRYPTO_MAX_ALG_NAME) */ ++#define CRYPTODEV_MAX_ALG_NAME 64 ++ ++#define HASH_MAX_LEN 64 ++ ++/* input of CIOCGSESSION */ ++struct session_op { ++ /* Specify either cipher or mac ++ */ ++ __u32 cipher; /* cryptodev_crypto_op_t */ ++ __u32 mac; /* cryptodev_crypto_op_t */ ++ ++ __u32 keylen; ++ __u8 __user *key; ++ __u32 mackeylen; ++ __u8 __user *mackey; ++ ++ __u32 ses; /* session identifier */ ++}; ++ ++struct session_info_op { ++ __u32 ses; /* session identifier */ ++ ++ /* verbose names for the requested ciphers */ ++ struct alg_info { ++ char cra_name[CRYPTODEV_MAX_ALG_NAME]; ++ char cra_driver_name[CRYPTODEV_MAX_ALG_NAME]; ++ } cipher_info, hash_info; ++ ++ __u16 alignmask; /* alignment constraints */ ++ __u32 flags; /* SIOP_FLAGS_* */ ++}; ++ ++/* If this flag is set then this algorithm uses ++ * a driver only available in kernel (software drivers, ++ * or drivers based on instruction sets do not set this flag). ++ * ++ * If multiple algorithms are involved (as in AEAD case), then ++ * if one of them is kernel-driver-only this flag will be set. ++ */ ++#define SIOP_FLAG_KERNEL_DRIVER_ONLY 1 ++ ++#define COP_ENCRYPT 0 ++#define COP_DECRYPT 1 ++ ++/* input of CIOCCRYPT */ ++struct crypt_op { ++ __u32 ses; /* session identifier */ ++ __u16 op; /* COP_ENCRYPT or COP_DECRYPT */ ++ __u16 flags; /* see COP_FLAG_* */ ++ __u32 len; /* length of source data */ ++ __u8 __user *src; /* source data */ ++ __u8 __user *dst; /* pointer to output data */ ++ /* pointer to output data for hash/MAC operations */ ++ __u8 __user *mac; ++ /* initialization vector for encryption operations */ ++ __u8 __user *iv; ++}; ++ ++/* input of CIOCAUTHCRYPT */ ++struct crypt_auth_op { ++ __u32 ses; /* session identifier */ ++ __u16 op; /* COP_ENCRYPT or COP_DECRYPT */ ++ __u16 flags; /* see COP_FLAG_AEAD_* */ ++ __u32 len; /* length of source data */ ++ __u32 auth_len; /* length of auth data */ ++ __u8 __user *auth_src; /* authenticated-only data */ ++ ++ /* The current implementation is more efficient if data are ++ * encrypted in-place (src==dst). */ ++ __u8 __user *src; /* data to be encrypted and authenticated */ ++ __u8 __user *dst; /* pointer to output data. Must have ++ * space for tag. For TLS this should be at least ++ * len + tag_size + block_size for padding */ ++ ++ __u8 __user *tag; /* where the tag will be copied to. TLS mode ++ * doesn't use that as tag is copied to dst. ++ * SRTP mode copies tag there. */ ++ __u32 tag_len; /* the length of the tag. Use zero for digest size or max tag. */ ++ ++ /* initialization vector for encryption operations */ ++ __u8 __user *iv; ++ __u32 iv_len; ++}; ++ ++/* In plain AEAD mode the following are required: ++ * flags : 0 ++ * iv : the initialization vector (12 bytes) ++ * auth_len: the length of the data to be authenticated ++ * auth_src: the data to be authenticated ++ * len : length of data to be encrypted ++ * src : the data to be encrypted ++ * dst : space to hold encrypted data. It must have ++ * at least a size of len + tag_size. ++ * tag_size: the size of the desired authentication tag or zero to use ++ * the maximum tag output. ++ * ++ * Note tag isn't being used because the Linux AEAD interface ++ * copies the tag just after data. ++ */ ++ ++/* In TLS mode (used for CBC ciphers that required padding) ++ * the following are required: ++ * flags : COP_FLAG_AEAD_TLS_TYPE ++ * iv : the initialization vector ++ * auth_len: the length of the data to be authenticated only ++ * len : length of data to be encrypted ++ * auth_src: the data to be authenticated ++ * src : the data to be encrypted ++ * dst : space to hold encrypted data (preferably in-place). It must have ++ * at least a size of len + tag_size + blocksize. ++ * tag_size: the size of the desired authentication tag or zero to use ++ * the default mac output. ++ * ++ * Note that the padding used is the minimum padding. ++ */ ++ ++/* In SRTP mode the following are required: ++ * flags : COP_FLAG_AEAD_SRTP_TYPE ++ * iv : the initialization vector ++ * auth_len: the length of the data to be authenticated. This must ++ * include the SRTP header + SRTP payload (data to be encrypted) + rest ++ * ++ * len : length of data to be encrypted ++ * auth_src: pointer the data to be authenticated. Should point at the same buffer as src. ++ * src : pointer to the data to be encrypted. ++ * dst : This is mandatory to be the same as src (in-place only). ++ * tag_size: the size of the desired authentication tag or zero to use ++ * the default mac output. ++ * tag : Pointer to an address where the authentication tag will be copied. ++ */ ++ ++ ++/* struct crypt_op flags */ ++ ++#define COP_FLAG_NONE (0 << 0) /* totally no flag */ ++#define COP_FLAG_UPDATE (1 << 0) /* multi-update hash mode */ ++#define COP_FLAG_FINAL (1 << 1) /* multi-update final hash mode */ ++#define COP_FLAG_WRITE_IV (1 << 2) /* update the IV during operation */ ++#define COP_FLAG_NO_ZC (1 << 3) /* do not zero-copy */ ++#define COP_FLAG_AEAD_TLS_TYPE (1 << 4) /* authenticate and encrypt using the ++ * TLS protocol rules */ ++#define COP_FLAG_AEAD_SRTP_TYPE (1 << 5) /* authenticate and encrypt using the ++ * SRTP protocol rules */ ++#define COP_FLAG_RESET (1 << 6) /* multi-update reset the state. ++ * should be used in combination ++ * with COP_FLAG_UPDATE */ ++ ++ ++/* Stuff for bignum arithmetic and public key ++ * cryptography - not supported yet by linux ++ * cryptodev. ++ */ ++ ++#define CRYPTO_ALG_FLAG_SUPPORTED 1 ++#define CRYPTO_ALG_FLAG_RNG_ENABLE 2 ++#define CRYPTO_ALG_FLAG_DSA_SHA 4 ++ ++struct crparam { ++ __u8 *crp_p; ++ __u32 crp_nbits; ++}; ++ ++#define CRK_MAXPARAM 8 ++ ++/* input of CIOCKEY */ ++struct crypt_kop { ++ __u32 crk_op; /* cryptodev_crk_ot_t */ ++ __u32 crk_status; ++ __u16 crk_iparams; ++ __u16 crk_oparams; ++ __u32 crk_pad1; ++ struct crparam crk_param[CRK_MAXPARAM]; ++ __u32 ring_offset; /* Offset of HW Ring to enqueue this Job */ ++}; ++ ++enum cryptodev_crk_op_t { ++ CRK_MOD_EXP = 0, ++ CRK_MOD_EXP_CRT = 1, ++ CRK_DSA_SIGN = 2, ++ CRK_DSA_VERIFY = 3, ++ CRK_DH_COMPUTE_KEY = 4, ++ CRK_ALGORITHM_ALL ++}; ++ ++#define CRK_ALGORITHM_MAX (CRK_ALGORITHM_ALL-1) ++ ++/* features to be queried with CIOCASYMFEAT ioctl ++ */ ++#define CRF_MOD_EXP (1 << CRK_MOD_EXP) ++#define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT) ++#define CRF_DSA_SIGN (1 << CRK_DSA_SIGN) ++#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) ++#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) ++ ++ ++/* ioctl's. Compatible with old linux cryptodev.h ++ */ ++#define CRIOGET _IOWR('c', 101, __u32) ++#define CIOCGSESSION _IOWR('c', 102, struct session_op) ++#define CIOCFSESSION _IOW('c', 103, __u32) ++#define CIOCCRYPT _IOWR('c', 104, struct crypt_op) ++#define CIOCKEY _IOWR('c', 105, struct crypt_kop) ++#define CIOCASYMFEAT _IOR('c', 106, __u32) ++#define CIOCGSESSINFO _IOWR('c', 107, struct session_info_op) ++ ++/* to indicate that CRIOGET is not required in linux ++ */ ++#define CRIOGET_NOT_NEEDED 1 ++ ++/* additional ioctls for asynchronous operation */ ++#define CIOCASYNCCRYPT _IOW('c', 107, struct crypt_op) ++#define CIOCASYNCFETCH _IOR('c', 108, struct crypt_op) ++ ++/* additional ioctls for AEAD */ ++#define CIOCAUTHCRYPT _IOWR('c', 109, struct crypt_auth_op) ++ ++/* additional ioctls for asynchronous operation for asymmetric ciphers*/ ++#define CIOCASYMASYNCRYPT _IOW('c', 110, struct crypt_kop) ++#define CIOCASYMASYNFETCH _IOR('c', 111, struct crypt_kop) ++#endif /* L_CRYPTODEV_H */ +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index ac62743..1e634ca 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -55,7 +55,7 @@ ENGINE_load_cryptodev(void) + #else + + #include <sys/types.h> +-#include <crypto/cryptodev.h> ++#include "cryptodev.h" + #include <crypto/dh/dh.h> + #include <crypto/dsa/dsa.h> + #include <crypto/err/err.h> +-- +1.7.0.4 + diff --git a/recipes-connectivity/openssl/openssl.inc b/recipes-connectivity/openssl/openssl.inc index 089b9a4..fb0d3e2 100644 --- a/recipes-connectivity/openssl/openssl.inc +++ b/recipes-connectivity/openssl/openssl.inc @@ -14,7 +14,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" DEPENDS = "perl-native-runtime" SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ - " + file://openssl.patch \ + file://openssl_async_asym.patch" S = "${WORKDIR}/openssl-${PV}" AR_append = " r" diff --git a/recipes-connectivity/openssl/openssl_1.0.1c.bb b/recipes-connectivity/openssl/openssl_1.0.1c.bb index 2e8897b..0e05b54 100644 --- a/recipes-connectivity/openssl/openssl_1.0.1c.bb +++ b/recipes-connectivity/openssl/openssl_1.0.1c.bb @@ -2,8 +2,6 @@ require openssl.inc # For target side versions of openssl enable support for OCF Linux driver # if they are available. -DEPENDS += "ocf-linux" - CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" PR = "${INC_PR}.0" -- 1.7.9.5 _______________________________________________ meta-freescale mailing list [email protected] https://lists.yoctoproject.org/listinfo/meta-freescale
