diff options
author | dinoex <dinoex@FreeBSD.org> | 2004-10-12 12:19:11 +0800 |
---|---|---|
committer | dinoex <dinoex@FreeBSD.org> | 2004-10-12 12:19:11 +0800 |
commit | 2b95d69c186ef20410ac4b20fe3988a1ed110402 (patch) | |
tree | 84cd8c8d65159736d182a95c951bff24717f9501 /security/openssl | |
parent | 0293248a7068db5e2766a3556db34c043460eb17 (diff) | |
download | freebsd-ports-gnome-2b95d69c186ef20410ac4b20fe3988a1ed110402.tar.gz freebsd-ports-gnome-2b95d69c186ef20410ac4b20fe3988a1ed110402.tar.zst freebsd-ports-gnome-2b95d69c186ef20410ac4b20fe3988a1ed110402.zip |
- add patch to support AES-192-CBC and AES-256-CBC
to the crypto engine (assuming your card supports them).
This make the Hifn cards much more useful as AES-256 is
the default encryption for many client applications.
Submitted by: Spike Ilacqua
Obtained from: OpenBSD
Diffstat (limited to 'security/openssl')
-rw-r--r-- | security/openssl/files/patch-hw_cryptodev.c-aes_256 | 210 |
1 files changed, 210 insertions, 0 deletions
diff --git a/security/openssl/files/patch-hw_cryptodev.c-aes_256 b/security/openssl/files/patch-hw_cryptodev.c-aes_256 new file mode 100644 index 000000000000..e4efffa21530 --- /dev/null +++ b/security/openssl/files/patch-hw_cryptodev.c-aes_256 @@ -0,0 +1,210 @@ +=================================================================== +RCS file: crypto/engine/hw_cryptodev.c,v +retrieving revision 1.17 +retrieving revision 1.18 +diff -u -p -r1.17 -r1.18 +--- crypto/engine/hw_cryptodev.c 2003/06/03 15:57:44 1.17 ++++ crypto/engine/hw_cryptodev.c 2003/08/07 16:27:47 1.18 +@@ -68,14 +68,19 @@ struct dev_crypto_state { + int d_fd; + }; + ++struct dev_crypto_cipher { ++ int c_id; ++ int c_nid; ++ int c_ivmax; ++ int c_keylen; ++}; ++ + static u_int32_t cryptodev_asymfeat = 0; + + static int get_asym_dev_crypto(void); + static int open_dev_crypto(void); + static int get_dev_crypto(void); +-static int cryptodev_max_iv(int cipher); +-static int cryptodev_key_length_valid(int cipher, int len); +-static int cipher_nid_to_cryptodev(int nid); ++static struct dev_crypto_cipher *cipher_nid_to_cryptodev(int nid); + static int get_cryptodev_ciphers(const int **cnids); + static int get_cryptodev_digests(const int **cnids); + static int cryptodev_usable_ciphers(const int **nids); +@@ -122,15 +127,12 @@ static const ENGINE_CMD_DEFN cryptodev_d + { 0, NULL, NULL, 0 } + }; + +-static struct { +- int id; +- int nid; +- int ivmax; +- int keylen; +-} ciphers[] = { ++static struct dev_crypto_cipher ciphers[] = { + { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, + { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, + { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, ++ { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, ++ { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, + { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, + { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, + { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, +@@ -200,48 +202,16 @@ get_asym_dev_crypto(void) + return fd; + } + +-/* +- * XXXX this needs to be set for each alg - and determined from +- * a running card. +- */ +-static int +-cryptodev_max_iv(int cipher) +-{ +- int i; +- +- for (i = 0; ciphers[i].id; i++) +- if (ciphers[i].id == cipher) +- return (ciphers[i].ivmax); +- return (0); +-} +- +-/* +- * XXXX this needs to be set for each alg - and determined from +- * a running card. For now, fake it out - but most of these +- * for real devices should return 1 for the supported key +- * sizes the device can handle. +- */ +-static int +-cryptodev_key_length_valid(int cipher, int len) +-{ +- int i; +- +- for (i = 0; ciphers[i].id; i++) +- if (ciphers[i].id == cipher) +- return (ciphers[i].keylen == len); +- return (0); +-} +- + /* convert libcrypto nids to cryptodev */ +-static int ++static struct dev_crypto_cipher * + cipher_nid_to_cryptodev(int nid) + { + int i; + +- for (i = 0; ciphers[i].id; i++) +- if (ciphers[i].nid == nid) +- return (ciphers[i].id); +- return (0); ++ for (i = 0; ciphers[i].c_id; i++) ++ if (ciphers[i].c_nid == nid) ++ return (&ciphers[i]); ++ return (NULL); + } + + /* +@@ -264,15 +234,15 @@ get_cryptodev_ciphers(const int **cnids) + memset(&sess, 0, sizeof(sess)); + sess.key = (caddr_t)"123456781234567812345678"; + +- for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { +- if (ciphers[i].nid == NID_undef) ++ for (i = 0; ciphers[i].c_id && count < CRYPTO_ALGORITHM_MAX; i++) { ++ if (ciphers[i].c_nid == NID_undef) + continue; +- sess.cipher = ciphers[i].id; +- sess.keylen = ciphers[i].keylen; ++ sess.cipher = ciphers[i].c_id; ++ sess.keylen = ciphers[i].c_keylen; + sess.mac = 0; + if (ioctl(fd, CIOCGSESSION, &sess) != -1 && + ioctl(fd, CIOCFSESSION, &sess.ses) != -1) +- nids[count++] = ciphers[i].nid; ++ nids[count++] = ciphers[i].c_nid; + } + close(fd); + +@@ -425,15 +395,15 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, + { + struct dev_crypto_state *state = ctx->cipher_data; + struct session_op *sess = &state->d_sess; +- int cipher; ++ struct dev_crypto_cipher *cipher; + +- if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef) ++ if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NULL) + return (0); + +- if (ctx->cipher->iv_len > cryptodev_max_iv(cipher)) ++ if (ctx->cipher->iv_len > cipher->c_ivmax) + return (0); + +- if (!cryptodev_key_length_valid(cipher, ctx->key_len)) ++ if (ctx->key_len != cipher->c_keylen) + return (0); + + memset(sess, 0, sizeof(struct session_op)); +@@ -443,7 +413,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, + + sess->key = (unsigned char *)key; + sess->keylen = ctx->key_len; +- sess->cipher = cipher; ++ sess->cipher = cipher->c_id; + + if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { + close(state->d_fd); +@@ -548,7 +518,7 @@ const EVP_CIPHER cryptodev_cast_cbc = { + NULL + }; + +-const EVP_CIPHER cryptodev_aes_cbc = { ++const EVP_CIPHER cryptodev_aes_128_cbc = { + NID_aes_128_cbc, + 16, 16, 16, + EVP_CIPH_CBC_MODE, +@@ -561,6 +531,32 @@ const EVP_CIPHER cryptodev_aes_cbc = { + NULL + }; + ++const EVP_CIPHER cryptodev_aes_192_cbc = { ++ NID_aes_192_cbc, ++ 16, 24, 16, ++ EVP_CIPH_CBC_MODE, ++ cryptodev_init_key, ++ cryptodev_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ NULL ++}; ++ ++const EVP_CIPHER cryptodev_aes_256_cbc = { ++ NID_aes_256_cbc, ++ 16, 32, 16, ++ EVP_CIPH_CBC_MODE, ++ cryptodev_init_key, ++ cryptodev_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ NULL ++}; ++ + /* + * Registered by the ENGINE when used to find out how to deal with + * a particular NID in the ENGINE. this says what we'll do at the +@@ -587,7 +583,13 @@ cryptodev_engine_ciphers(ENGINE *e, cons + *cipher = &cryptodev_cast_cbc; + break; + case NID_aes_128_cbc: +- *cipher = &cryptodev_aes_cbc; ++ *cipher = &cryptodev_aes_128_cbc; ++ break; ++ case NID_aes_192_cbc: ++ *cipher = &cryptodev_aes_192_cbc; ++ break; ++ case NID_aes_256_cbc: ++ *cipher = &cryptodev_aes_256_cbc; + break; + default: + *cipher = NULL; |