aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authordinoex <dinoex@FreeBSD.org>2004-10-12 12:19:11 +0800
committerdinoex <dinoex@FreeBSD.org>2004-10-12 12:19:11 +0800
commit2b95d69c186ef20410ac4b20fe3988a1ed110402 (patch)
tree84cd8c8d65159736d182a95c951bff24717f9501 /security
parent0293248a7068db5e2766a3556db34c043460eb17 (diff)
downloadfreebsd-ports-gnome-2b95d69c186ef20410ac4b20fe3988a1ed110402.tar.gz
freebsd-ports-gnome-2b95d69c186ef20410ac4b20fe3988a1ed110402.tar.zst
freebsd-ports-gnome-2b95d69c186ef20410ac4b20fe3988a1ed110402.zip
- add patch to support AES-192-CBC and AES-256-CBC
to the crypto engine (assuming your card supports them). This make the Hifn cards much more useful as AES-256 is the default encryption for many client applications. Submitted by: Spike Ilacqua Obtained from: OpenBSD
Diffstat (limited to 'security')
-rw-r--r--security/openssl/files/patch-hw_cryptodev.c-aes_256210
1 files changed, 210 insertions, 0 deletions
diff --git a/security/openssl/files/patch-hw_cryptodev.c-aes_256 b/security/openssl/files/patch-hw_cryptodev.c-aes_256
new file mode 100644
index 000000000000..e4efffa21530
--- /dev/null
+++ b/security/openssl/files/patch-hw_cryptodev.c-aes_256
@@ -0,0 +1,210 @@
+===================================================================
+RCS file: crypto/engine/hw_cryptodev.c,v
+retrieving revision 1.17
+retrieving revision 1.18
+diff -u -p -r1.17 -r1.18
+--- crypto/engine/hw_cryptodev.c 2003/06/03 15:57:44 1.17
++++ crypto/engine/hw_cryptodev.c 2003/08/07 16:27:47 1.18
+@@ -68,14 +68,19 @@ struct dev_crypto_state {
+ int d_fd;
+ };
+
++struct dev_crypto_cipher {
++ int c_id;
++ int c_nid;
++ int c_ivmax;
++ int c_keylen;
++};
++
+ static u_int32_t cryptodev_asymfeat = 0;
+
+ static int get_asym_dev_crypto(void);
+ static int open_dev_crypto(void);
+ static int get_dev_crypto(void);
+-static int cryptodev_max_iv(int cipher);
+-static int cryptodev_key_length_valid(int cipher, int len);
+-static int cipher_nid_to_cryptodev(int nid);
++static struct dev_crypto_cipher *cipher_nid_to_cryptodev(int nid);
+ static int get_cryptodev_ciphers(const int **cnids);
+ static int get_cryptodev_digests(const int **cnids);
+ static int cryptodev_usable_ciphers(const int **nids);
+@@ -122,15 +127,12 @@ static const ENGINE_CMD_DEFN cryptodev_d
+ { 0, NULL, NULL, 0 }
+ };
+
+-static struct {
+- int id;
+- int nid;
+- int ivmax;
+- int keylen;
+-} ciphers[] = {
++static struct dev_crypto_cipher ciphers[] = {
+ { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, },
+ { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, },
+ { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, },
++ { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, },
++ { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, },
+ { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, },
+ { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, },
+ { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, },
+@@ -200,48 +202,16 @@ get_asym_dev_crypto(void)
+ return fd;
+ }
+
+-/*
+- * XXXX this needs to be set for each alg - and determined from
+- * a running card.
+- */
+-static int
+-cryptodev_max_iv(int cipher)
+-{
+- int i;
+-
+- for (i = 0; ciphers[i].id; i++)
+- if (ciphers[i].id == cipher)
+- return (ciphers[i].ivmax);
+- return (0);
+-}
+-
+-/*
+- * XXXX this needs to be set for each alg - and determined from
+- * a running card. For now, fake it out - but most of these
+- * for real devices should return 1 for the supported key
+- * sizes the device can handle.
+- */
+-static int
+-cryptodev_key_length_valid(int cipher, int len)
+-{
+- int i;
+-
+- for (i = 0; ciphers[i].id; i++)
+- if (ciphers[i].id == cipher)
+- return (ciphers[i].keylen == len);
+- return (0);
+-}
+-
+ /* convert libcrypto nids to cryptodev */
+-static int
++static struct dev_crypto_cipher *
+ cipher_nid_to_cryptodev(int nid)
+ {
+ int i;
+
+- for (i = 0; ciphers[i].id; i++)
+- if (ciphers[i].nid == nid)
+- return (ciphers[i].id);
+- return (0);
++ for (i = 0; ciphers[i].c_id; i++)
++ if (ciphers[i].c_nid == nid)
++ return (&ciphers[i]);
++ return (NULL);
+ }
+
+ /*
+@@ -264,15 +234,15 @@ get_cryptodev_ciphers(const int **cnids)
+ memset(&sess, 0, sizeof(sess));
+ sess.key = (caddr_t)"123456781234567812345678";
+
+- for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+- if (ciphers[i].nid == NID_undef)
++ for (i = 0; ciphers[i].c_id && count < CRYPTO_ALGORITHM_MAX; i++) {
++ if (ciphers[i].c_nid == NID_undef)
+ continue;
+- sess.cipher = ciphers[i].id;
+- sess.keylen = ciphers[i].keylen;
++ sess.cipher = ciphers[i].c_id;
++ sess.keylen = ciphers[i].c_keylen;
+ sess.mac = 0;
+ if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+ ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+- nids[count++] = ciphers[i].nid;
++ nids[count++] = ciphers[i].c_nid;
+ }
+ close(fd);
+
+@@ -425,15 +395,15 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx,
+ {
+ struct dev_crypto_state *state = ctx->cipher_data;
+ struct session_op *sess = &state->d_sess;
+- int cipher;
++ struct dev_crypto_cipher *cipher;
+
+- if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef)
++ if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NULL)
+ return (0);
+
+- if (ctx->cipher->iv_len > cryptodev_max_iv(cipher))
++ if (ctx->cipher->iv_len > cipher->c_ivmax)
+ return (0);
+
+- if (!cryptodev_key_length_valid(cipher, ctx->key_len))
++ if (ctx->key_len != cipher->c_keylen)
+ return (0);
+
+ memset(sess, 0, sizeof(struct session_op));
+@@ -443,7 +413,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx,
+
+ sess->key = (unsigned char *)key;
+ sess->keylen = ctx->key_len;
+- sess->cipher = cipher;
++ sess->cipher = cipher->c_id;
+
+ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
+ close(state->d_fd);
+@@ -548,7 +518,7 @@ const EVP_CIPHER cryptodev_cast_cbc = {
+ NULL
+ };
+
+-const EVP_CIPHER cryptodev_aes_cbc = {
++const EVP_CIPHER cryptodev_aes_128_cbc = {
+ NID_aes_128_cbc,
+ 16, 16, 16,
+ EVP_CIPH_CBC_MODE,
+@@ -561,6 +531,32 @@ const EVP_CIPHER cryptodev_aes_cbc = {
+ NULL
+ };
+
++const EVP_CIPHER cryptodev_aes_192_cbc = {
++ NID_aes_192_cbc,
++ 16, 24, 16,
++ EVP_CIPH_CBC_MODE,
++ cryptodev_init_key,
++ cryptodev_cipher,
++ cryptodev_cleanup,
++ sizeof(struct dev_crypto_state),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++};
++
++const EVP_CIPHER cryptodev_aes_256_cbc = {
++ NID_aes_256_cbc,
++ 16, 32, 16,
++ EVP_CIPH_CBC_MODE,
++ cryptodev_init_key,
++ cryptodev_cipher,
++ cryptodev_cleanup,
++ sizeof(struct dev_crypto_state),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ NULL
++};
++
+ /*
+ * Registered by the ENGINE when used to find out how to deal with
+ * a particular NID in the ENGINE. this says what we'll do at the
+@@ -587,7 +583,13 @@ cryptodev_engine_ciphers(ENGINE *e, cons
+ *cipher = &cryptodev_cast_cbc;
+ break;
+ case NID_aes_128_cbc:
+- *cipher = &cryptodev_aes_cbc;
++ *cipher = &cryptodev_aes_128_cbc;
++ break;
++ case NID_aes_192_cbc:
++ *cipher = &cryptodev_aes_192_cbc;
++ break;
++ case NID_aes_256_cbc:
++ *cipher = &cryptodev_aes_256_cbc;
+ break;
+ default:
+ *cipher = NULL;