diff options
Diffstat (limited to 'extras/openssl-0.9.8l-cryptodev-aes256.patch')
-rw-r--r-- | extras/openssl-0.9.8l-cryptodev-aes256.patch | 112 |
1 files changed, 0 insertions, 112 deletions
diff --git a/extras/openssl-0.9.8l-cryptodev-aes256.patch b/extras/openssl-0.9.8l-cryptodev-aes256.patch deleted file mode 100644 index cf9bbbc80c6..00000000000 --- a/extras/openssl-0.9.8l-cryptodev-aes256.patch +++ /dev/null @@ -1,112 +0,0 @@ -This is http://people.freebsd.org/~pjd/patches/hw_cryptodev.c.patch adopted for -openssl-0.9.8l. It makes AES192 and AES256 CBC known to the cryptodev engine. - -There's also http://people.freebsd.org/~pjd/patches/eng_cryptodev.c.patch, -which seems more current, also adds SHA digests and does somehting CTX-related -to cryptodev_rsa_nocrt_mod_exp(). But since digests are disabled in -cryptodev_usable_digests() anyway and cryptodev_rsa_nocrt_mod_exp() is used for -RSA only, I didn't bother with it. - ---- openssl-0.9.8l/crypto/engine/eng_cryptodev.caes256 2004-06-15 13:45:42.000000000 +0200 -+++ openssl-0.9.8l/crypto/engine/eng_cryptodev.c 2010-02-16 21:57:15.000000000 +0100 -@@ -133,11 +133,14 @@ - { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, - { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, - { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, -+ { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, -+ { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, - { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, - { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, - { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, - { 0, NID_undef, 0, 0, }, - }; -+#define NCIPHERS (sizeof(ciphers) / sizeof(ciphers[0])) - - static struct { - int id; -@@ -229,8 +232,8 @@ - int i; - - for (i = 0; ciphers[i].id; i++) -- if (ciphers[i].id == cipher) -- return (ciphers[i].keylen == len); -+ if (ciphers[i].id == cipher && ciphers[i].keylen == len) -+ return (1); - return (0); - } - -@@ -255,7 +258,7 @@ - static int - get_cryptodev_ciphers(const int **cnids) - { -- static int nids[CRYPTO_ALGORITHM_MAX]; -+ static int nids[NCIPHERS]; - struct session_op sess; - int fd, i, count = 0; - -@@ -266,7 +269,7 @@ - memset(&sess, 0, sizeof(sess)); - sess.key = (caddr_t)"123456781234567812345678"; - -- for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { -+ for (i = 0; ciphers[i].id && count < NCIPHERS; i++) { - if (ciphers[i].nid == NID_undef) - continue; - sess.cipher = ciphers[i].id; -@@ -550,7 +553,7 @@ - NULL - }; - --const EVP_CIPHER cryptodev_aes_cbc = { -+const EVP_CIPHER cryptodev_aes128_cbc = { - NID_aes_128_cbc, - 16, 16, 16, - EVP_CIPH_CBC_MODE, -@@ -563,6 +566,32 @@ - NULL - }; - -+const EVP_CIPHER cryptodev_aes192_cbc = { -+ NID_aes_192_cbc, -+ 16, 24, 16, -+ EVP_CIPH_CBC_MODE, -+ cryptodev_init_key, -+ cryptodev_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ NULL -+}; -+ -+const EVP_CIPHER cryptodev_aes256_cbc = { -+ NID_aes_256_cbc, -+ 16, 32, 16, -+ EVP_CIPH_CBC_MODE, -+ cryptodev_init_key, -+ cryptodev_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ NULL -+}; -+ - /* - * Registered by the ENGINE when used to find out how to deal with - * a particular NID in the ENGINE. this says what we'll do at the -@@ -589,7 +618,13 @@ - *cipher = &cryptodev_cast_cbc; - break; - case NID_aes_128_cbc: -- *cipher = &cryptodev_aes_cbc; -+ *cipher = &cryptodev_aes128_cbc; -+ break; -+ case NID_aes_192_cbc: -+ *cipher = &cryptodev_aes192_cbc; -+ break; -+ case NID_aes_256_cbc: -+ *cipher = &cryptodev_aes256_cbc; - break; - default: - *cipher = NULL; |