| blob | cf9bbbc80c6e62e8d02f0eef3e3b3d22481a302d |
1 This is http://people.freebsd.org/~pjd/patches/hw_cryptodev.c.patch adopted for
2 openssl-0.9.8l. It makes AES192 and AES256 CBC known to the cryptodev engine.
4 There's also http://people.freebsd.org/~pjd/patches/eng_cryptodev.c.patch,
5 which seems more current, also adds SHA digests and does somehting CTX-related
6 to cryptodev_rsa_nocrt_mod_exp(). But since digests are disabled in
7 cryptodev_usable_digests() anyway and cryptodev_rsa_nocrt_mod_exp() is used for
8 RSA only, I didn't bother with it.
10 --- openssl-0.9.8l/crypto/engine/eng_cryptodev.caes256 2004-06-15 13:45:42.000000000 +0200
11 +++ openssl-0.9.8l/crypto/engine/eng_cryptodev.c 2010-02-16 21:57:15.000000000 +0100
12 @@ -133,11 +133,14 @@
13 { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, },
14 { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, },
15 { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, },
16 + { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, },
17 + { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, },
18 { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, },
19 { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, },
20 { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, },
21 { 0, NID_undef, 0, 0, },
22 };
23 +#define NCIPHERS (sizeof(ciphers) / sizeof(ciphers[0]))
25 static struct {
26 int id;
27 @@ -229,8 +232,8 @@
28 int i;
30 for (i = 0; ciphers[i].id; i++)
31 - if (ciphers[i].id == cipher)
32 - return (ciphers[i].keylen == len);
33 + if (ciphers[i].id == cipher && ciphers[i].keylen == len)
34 + return (1);
35 return (0);
36 }
38 @@ -255,7 +258,7 @@
39 static int
40 get_cryptodev_ciphers(const int **cnids)
41 {
42 - static int nids[CRYPTO_ALGORITHM_MAX];
43 + static int nids[NCIPHERS];
44 struct session_op sess;
45 int fd, i, count = 0;
47 @@ -266,7 +269,7 @@
48 memset(&sess, 0, sizeof(sess));
49 sess.key = (caddr_t)"123456781234567812345678";
51 - for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
52 + for (i = 0; ciphers[i].id && count < NCIPHERS; i++) {
53 if (ciphers[i].nid == NID_undef)
54 continue;
55 sess.cipher = ciphers[i].id;
56 @@ -550,7 +553,7 @@
57 NULL
58 };
60 -const EVP_CIPHER cryptodev_aes_cbc = {
61 +const EVP_CIPHER cryptodev_aes128_cbc = {
62 NID_aes_128_cbc,
63 16, 16, 16,
64 EVP_CIPH_CBC_MODE,
65 @@ -563,6 +566,32 @@
66 NULL
67 };
69 +const EVP_CIPHER cryptodev_aes192_cbc = {
70 + NID_aes_192_cbc,
71 + 16, 24, 16,
72 + EVP_CIPH_CBC_MODE,
73 + cryptodev_init_key,
74 + cryptodev_cipher,
75 + cryptodev_cleanup,
76 + sizeof(struct dev_crypto_state),
77 + EVP_CIPHER_set_asn1_iv,
78 + EVP_CIPHER_get_asn1_iv,
79 + NULL
80 +};
81 +
82 +const EVP_CIPHER cryptodev_aes256_cbc = {
83 + NID_aes_256_cbc,
84 + 16, 32, 16,
85 + EVP_CIPH_CBC_MODE,
86 + cryptodev_init_key,
87 + cryptodev_cipher,
88 + cryptodev_cleanup,
89 + sizeof(struct dev_crypto_state),
90 + EVP_CIPHER_set_asn1_iv,
91 + EVP_CIPHER_get_asn1_iv,
92 + NULL
93 +};
94 +
95 /*
96 * Registered by the ENGINE when used to find out how to deal with
97 * a particular NID in the ENGINE. this says what we'll do at the
98 @@ -589,7 +618,13 @@
99 *cipher = &cryptodev_cast_cbc;
100 break;
101 case NID_aes_128_cbc:
102 - *cipher = &cryptodev_aes_cbc;
103 + *cipher = &cryptodev_aes128_cbc;
104 + break;
105 + case NID_aes_192_cbc:
106 + *cipher = &cryptodev_aes192_cbc;
107 + break;
108 + case NID_aes_256_cbc:
109 + *cipher = &cryptodev_aes256_cbc;
110 break;
111 default:
112 *cipher = NULL;