diff options
| -rw-r--r-- | extras/openssl-0.9.8l-cryptodev-aes256.patch | 112 |
1 files changed, 112 insertions, 0 deletions
diff --git a/extras/openssl-0.9.8l-cryptodev-aes256.patch b/extras/openssl-0.9.8l-cryptodev-aes256.patch new file mode 100644 index 0000000..cf9bbbc --- /dev/null +++ b/extras/openssl-0.9.8l-cryptodev-aes256.patch @@ -0,0 +1,112 @@ +This is http://people.freebsd.org/~pjd/patches/hw_cryptodev.c.patch adopted for +openssl-0.9.8l. It makes AES192 and AES256 CBC known to the cryptodev engine. + +There's also http://people.freebsd.org/~pjd/patches/eng_cryptodev.c.patch, +which seems more current, also adds SHA digests and does somehting CTX-related +to cryptodev_rsa_nocrt_mod_exp(). But since digests are disabled in +cryptodev_usable_digests() anyway and cryptodev_rsa_nocrt_mod_exp() is used for +RSA only, I didn't bother with it. + +--- openssl-0.9.8l/crypto/engine/eng_cryptodev.caes256 2004-06-15 13:45:42.000000000 +0200 ++++ openssl-0.9.8l/crypto/engine/eng_cryptodev.c 2010-02-16 21:57:15.000000000 +0100 +@@ -133,11 +133,14 @@ + { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, + { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, + { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, ++ { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, ++ { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, + { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, + { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, + { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, + { 0, NID_undef, 0, 0, }, + }; ++#define NCIPHERS (sizeof(ciphers) / sizeof(ciphers[0])) + + static struct { + int id; +@@ -229,8 +232,8 @@ + int i; + + for (i = 0; ciphers[i].id; i++) +- if (ciphers[i].id == cipher) +- return (ciphers[i].keylen == len); ++ if (ciphers[i].id == cipher && ciphers[i].keylen == len) ++ return (1); + return (0); + } + +@@ -255,7 +258,7 @@ + static int + get_cryptodev_ciphers(const int **cnids) + { +- static int nids[CRYPTO_ALGORITHM_MAX]; ++ static int nids[NCIPHERS]; + struct session_op sess; + int fd, i, count = 0; + +@@ -266,7 +269,7 @@ + memset(&sess, 0, sizeof(sess)); + sess.key = (caddr_t)"123456781234567812345678"; + +- for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { ++ for (i = 0; ciphers[i].id && count < NCIPHERS; i++) { + if (ciphers[i].nid == NID_undef) + continue; + sess.cipher = ciphers[i].id; +@@ -550,7 +553,7 @@ + NULL + }; + +-const EVP_CIPHER cryptodev_aes_cbc = { ++const EVP_CIPHER cryptodev_aes128_cbc = { + NID_aes_128_cbc, + 16, 16, 16, + EVP_CIPH_CBC_MODE, +@@ -563,6 +566,32 @@ + NULL + }; + ++const EVP_CIPHER cryptodev_aes192_cbc = { ++ NID_aes_192_cbc, ++ 16, 24, 16, ++ EVP_CIPH_CBC_MODE, ++ cryptodev_init_key, ++ cryptodev_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ NULL ++}; ++ ++const EVP_CIPHER cryptodev_aes256_cbc = { ++ NID_aes_256_cbc, ++ 16, 32, 16, ++ EVP_CIPH_CBC_MODE, ++ cryptodev_init_key, ++ cryptodev_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ NULL ++}; ++ + /* + * Registered by the ENGINE when used to find out how to deal with + * a particular NID in the ENGINE. this says what we'll do at the +@@ -589,7 +618,13 @@ + *cipher = &cryptodev_cast_cbc; + break; + case NID_aes_128_cbc: +- *cipher = &cryptodev_aes_cbc; ++ *cipher = &cryptodev_aes128_cbc; ++ break; ++ case NID_aes_192_cbc: ++ *cipher = &cryptodev_aes192_cbc; ++ break; ++ case NID_aes_256_cbc: ++ *cipher = &cryptodev_aes256_cbc; + break; + default: + *cipher = NULL; |