Added patch that makes AES192 and 256 known to the openssl cryptodev engine.

1 files changed, 112 insertions, 0 deletions

diff --git a/extras/openssl-0.9.8l-cryptodev-aes256.patch b/extras/openssl-0.9.8l-cryptodev-aes256.patch
new file mode 100644
index 0000000..cf9bbbc
--- /dev/null
+++ b/extras/openssl-0.9.8l-cryptodev-aes256.patch
@@ -0,0 +1,112 @@
+This is http://people.freebsd.org/~pjd/patches/hw_cryptodev.c.patch adopted for
+openssl-0.9.8l. It makes AES192 and AES256 CBC known to the cryptodev engine.
+
+There's also http://people.freebsd.org/~pjd/patches/eng_cryptodev.c.patch,
+which seems more current, also adds SHA digests and does somehting CTX-related
+to cryptodev_rsa_nocrt_mod_exp(). But since digests are disabled in
+cryptodev_usable_digests() anyway and cryptodev_rsa_nocrt_mod_exp() is used for
+RSA only, I didn't bother with it.
+
+--- openssl-0.9.8l/crypto/engine/eng_cryptodev.caes256	2004-06-15 13:45:42.000000000 +0200
++++ openssl-0.9.8l/crypto/engine/eng_cryptodev.c	2010-02-16 21:57:15.000000000 +0100
+@@ -133,11 +133,14 @@
+ 	{ CRYPTO_DES_CBC,		NID_des_cbc,		8,	 8, },
+ 	{ CRYPTO_3DES_CBC,		NID_des_ede3_cbc,	8,	24, },
+ 	{ CRYPTO_AES_CBC,		NID_aes_128_cbc,	16,	16, },
++	{ CRYPTO_AES_CBC,		NID_aes_192_cbc,	16,	24, },
++	{ CRYPTO_AES_CBC,		NID_aes_256_cbc,	16,	32, },
+ 	{ CRYPTO_BLF_CBC,		NID_bf_cbc,		8,	16, },
+ 	{ CRYPTO_CAST_CBC,		NID_cast5_cbc,		8,	16, },
+ 	{ CRYPTO_SKIPJACK_CBC,		NID_undef,		0,	 0, },
+ 	{ 0,				NID_undef,		0,	 0, },
+ };
++#define	NCIPHERS	(sizeof(ciphers) / sizeof(ciphers[0]))
+ 
+ static struct {
+ 	int	id;
+@@ -229,8 +232,8 @@
+ 	int i;
+ 
+ 	for (i = 0; ciphers[i].id; i++)
+-		if (ciphers[i].id == cipher)
+-			return (ciphers[i].keylen == len);
++		if (ciphers[i].id == cipher && ciphers[i].keylen == len)
++			return (1);
+ 	return (0);
+ }
+ 
+@@ -255,7 +258,7 @@
+ static int
+ get_cryptodev_ciphers(const int **cnids)
+ {
+-	static int nids[CRYPTO_ALGORITHM_MAX];
++	static int nids[NCIPHERS];
+ 	struct session_op sess;
+ 	int fd, i, count = 0;
+ 
+@@ -266,7 +269,7 @@
+ 	memset(&sess, 0, sizeof(sess));
+ 	sess.key = (caddr_t)"123456781234567812345678";
+ 
+-	for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
++	for (i = 0; ciphers[i].id && count < NCIPHERS; i++) {
+ 		if (ciphers[i].nid == NID_undef)
+ 			continue;
+ 		sess.cipher = ciphers[i].id;
+@@ -550,7 +553,7 @@
+ 	NULL
+ };
+ 
+-const EVP_CIPHER cryptodev_aes_cbc = {
++const EVP_CIPHER cryptodev_aes128_cbc = {
+ 	NID_aes_128_cbc,
+ 	16, 16, 16,
+ 	EVP_CIPH_CBC_MODE,
+@@ -563,6 +566,32 @@
+ 	NULL
+ };
+ 
++const EVP_CIPHER cryptodev_aes192_cbc = {
++	NID_aes_192_cbc,
++	16, 24, 16,
++	EVP_CIPH_CBC_MODE,
++	cryptodev_init_key,
++	cryptodev_cipher,
++	cryptodev_cleanup,
++	sizeof(struct dev_crypto_state),
++	EVP_CIPHER_set_asn1_iv,
++	EVP_CIPHER_get_asn1_iv,
++	NULL
++};
++
++const EVP_CIPHER cryptodev_aes256_cbc = {
++	NID_aes_256_cbc,
++	16, 32, 16,
++	EVP_CIPH_CBC_MODE,
++	cryptodev_init_key,
++	cryptodev_cipher,
++	cryptodev_cleanup,
++	sizeof(struct dev_crypto_state),
++	EVP_CIPHER_set_asn1_iv,
++	EVP_CIPHER_get_asn1_iv,
++	NULL
++};
++
+ /*
+  * Registered by the ENGINE when used to find out how to deal with
+  * a particular NID in the ENGINE. this says what we'll do at the
+@@ -589,7 +618,13 @@
+ 		*cipher = &cryptodev_cast_cbc;
+ 		break;
+ 	case NID_aes_128_cbc:
+-		*cipher = &cryptodev_aes_cbc;
++		*cipher = &cryptodev_aes128_cbc;
++		break;
++	case NID_aes_192_cbc:
++		*cipher = &cryptodev_aes192_cbc;
++		break;
++	case NID_aes_256_cbc:
++		*cipher = &cryptodev_aes256_cbc;
+ 		break;
+ 	default:
+ 		*cipher = NULL;