openssl: update to version 1.1.1a
This version adds the following functionality: * TLS 1.3 * AFALG engine support for hardware accelleration * x25519 ECC curve support * CRIME protection: disable use of compression by default * Support for ChaCha20 and Poly1305 Patches fixing bugs in the /dev/crypto engine were applied, from https://github.com/openssl/openssl/pull/7585 This increses the size of the ipk binray on MIPS32 by about 32%: old: 693.941 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk 193.827 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk new: 912.493 bin/packages/mips_24kc/base/libopenssl1.1_1.1.1a-2_mips_24kc.ipk 239.316 bin/packages/mips_24kc/base/openssl-util_1.1.1a-2_mips_24kc.ipk Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>v19.07.3_mercusys_ac12_duma
Eneas U de Queiroz
6 years ago
committed by
Hauke Mehrtens
parent
be3892284c
commit
d872d00b2f
@ -0,0 +1,23 @@
|
||||
From bf4f3a5696c65b4a48935599ccba43311c114c95 Mon Sep 17 00:00:00 2001
|
||||
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
Date: Thu, 27 Sep 2018 08:29:21 -0300
|
||||
Subject: Do not use host kernel version to disable AFALG
|
||||
|
||||
This patch prevents the Configure script from using the host kernel
|
||||
version to disable building the AFALG engine on openwrt targets.
|
||||
|
||||
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
|
||||
--- a/Configure
|
||||
+++ b/Configure
|
||||
@@ -1554,7 +1554,9 @@ unless ($disabled{"crypto-mdebug-backtra
|
||||
|
||||
unless ($disabled{afalgeng}) {
|
||||
$config{afalgeng}="";
|
||||
- if (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
|
||||
+ if ($target =~ m/openwrt$/) {
|
||||
+ push @{$config{engdirs}}, "afalg";
|
||||
+ } elsif (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
|
||||
my $minver = 4*10000 + 1*100 + 0;
|
||||
if ($config{CROSS_COMPILE} eq "") {
|
||||
my $verstr = `uname -r`;
|
||||
@ -1,44 +0,0 @@
|
||||
From 1ce02d8c7ce3e4a2c16b92968c8aea5a15746917 Mon Sep 17 00:00:00 2001
|
||||
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
Date: Wed, 26 Sep 2018 16:21:27 -0300
|
||||
Subject: Add openwrt targets
|
||||
|
||||
Targets are named: linux-$(CONFIG_ARCH)-openwrt
|
||||
|
||||
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
|
||||
--- a/Configure
|
||||
+++ b/Configure
|
||||
@@ -470,6 +470,32 @@ my %table=(
|
||||
"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
|
||||
"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
|
||||
|
||||
+# OpenWrt targets
|
||||
+# from linux-aarch64
|
||||
+"linux-aarch64-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
+# from linux-generic32
|
||||
+"linux-arc-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
+# from linux-armv4
|
||||
+"linux-arm-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
+# from linux-armv4
|
||||
+"linux-armeb-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
+# from linux-elf
|
||||
+"linux-i386-openwrt", "gcc:-DL_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
+# from linux-mips32
|
||||
+"linux-mips-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
+# from linux64-mips64
|
||||
+"linux-mips64-openwrt", "gcc:-mabi=64 -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
||||
+# from linux64-mips64
|
||||
+"linux-mips64el-openwrt", "gcc:-mabi=64 -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
||||
+# from linux-mips32
|
||||
+"linux-mipsel-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
+# from linux-ppc
|
||||
+"linux-powerpc-openwrt", "gcc:-DB_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
+# from linux-x86_64
|
||||
+"linux-x86_64-openwrt", "gcc:-m64 -DL_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
||||
+# from linux-generic32
|
||||
+"linux-generic32-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
+
|
||||
# Android: linux-* but without pointers to headers and libs.
|
||||
"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
@ -0,0 +1,60 @@
|
||||
From 9a83f8fb7c46215dfb8d6dc2e2cc612bc2a0fd01 Mon Sep 17 00:00:00 2001
|
||||
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
Date: Thu, 27 Sep 2018 08:30:24 -0300
|
||||
Subject: Add openwrt targets
|
||||
|
||||
Targets are named: linux-$(CONFIG_ARCH)-openwrt
|
||||
|
||||
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
|
||||
--- /dev/null
|
||||
+++ b/Configurations/25-openwrt.conf
|
||||
@@ -0,0 +1,48 @@
|
||||
+## Openwrt "CONFIG_ARCH" matching targets.
|
||||
+
|
||||
+# The targets need to end in '-openwrt' for the AFALG patch to work
|
||||
+
|
||||
+my %targets = (
|
||||
+ "openwrt" => {
|
||||
+ template => 1,
|
||||
+ CFLAGS => add("\$(OPENWRT_OPTIMIZATION_FLAGS)"),
|
||||
+ },
|
||||
+ "linux-aarch64-openwrt" => {
|
||||
+ inherit_from => [ "linux-aarch64", "openwrt" ],
|
||||
+ },
|
||||
+ "linux-arc-openwrt" => {
|
||||
+ inherit_from => [ "linux-generic32", "openwrt" ],
|
||||
+ },
|
||||
+ "linux-arm-openwrt" => {
|
||||
+ inherit_from => [ "linux-armv4", "openwrt" ],
|
||||
+ },
|
||||
+ "linux-armeb-openwrt" => {
|
||||
+ inherit_from => [ "linux-armv4", "openwrt" ],
|
||||
+ },
|
||||
+ "linux-i386-openwrt" => {
|
||||
+ inherit_from => [ "linux-x86", "openwrt" ],
|
||||
+ },
|
||||
+ "linux-mips-openwrt" => {
|
||||
+ inherit_from => [ "linux-mips32", "openwrt" ],
|
||||
+ },
|
||||
+ "linux-mips64-openwrt" => {
|
||||
+ inherit_from => [ "linux64-mips64", "openwrt" ],
|
||||
+ },
|
||||
+ "linux-mips64el-openwrt" => {
|
||||
+ inherit_from => [ "linux64-mips64", "openwrt" ],
|
||||
+ },
|
||||
+ "linux-mipsel-openwrt" => {
|
||||
+ inherit_from => [ "linux-mips32", "openwrt" ],
|
||||
+ },
|
||||
+ "linux-powerpc-openwrt" => {
|
||||
+ inherit_from => [ "linux-ppc", "openwrt" ],
|
||||
+ },
|
||||
+ "linux-x86_64-openwrt" => {
|
||||
+ inherit_from => [ "linux-x86_64", "openwrt" ],
|
||||
+ },
|
||||
+
|
||||
+### Basic default option
|
||||
+ "linux-generic32-openwrt" => {
|
||||
+ inherit_from => [ "linux-generic32", "openwrt" ],
|
||||
+ },
|
||||
+);
|
||||
@ -1,64 +0,0 @@
|
||||
--- a/Configure
|
||||
+++ b/Configure
|
||||
@@ -1,4 +1,4 @@
|
||||
-:
|
||||
+#!/usr/bin/perl
|
||||
eval 'exec perl -S $0 ${1+"$@"}'
|
||||
if $running_under_some_shell;
|
||||
##
|
||||
--- a/tools/c_rehash.in
|
||||
+++ b/tools/c_rehash.in
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/usr/local/bin/perl
|
||||
+#!/usr/bin/perl
|
||||
|
||||
# Perl c_rehash script, scan all files in a directory
|
||||
# and add symbolic links to their hash values.
|
||||
--- a/util/clean-depend.pl
|
||||
+++ b/util/clean-depend.pl
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/usr/local/bin/perl -w
|
||||
+#!/usr/bin/perl
|
||||
# Clean the dependency list in a makefile of standard includes...
|
||||
# Written by Ben Laurie <ben@algroup.co.uk> 19 Jan 1999
|
||||
|
||||
--- a/util/mkdef.pl
|
||||
+++ b/util/mkdef.pl
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/usr/local/bin/perl -w
|
||||
+#!/usr/bin/perl
|
||||
#
|
||||
# generate a .def file
|
||||
#
|
||||
--- a/util/mkerr.pl
|
||||
+++ b/util/mkerr.pl
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/usr/local/bin/perl -w
|
||||
+#!/usr/bin/perl
|
||||
|
||||
my $config = "crypto/err/openssl.ec";
|
||||
my $hprefix = "openssl/";
|
||||
--- a/util/mkstack.pl
|
||||
+++ b/util/mkstack.pl
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/usr/local/bin/perl -w
|
||||
+#!/usr/bin/perl
|
||||
|
||||
# This is a utility that searches out "DECLARE_STACK_OF()"
|
||||
# declarations in .h and .c files, and updates/creates/replaces
|
||||
--- a/util/pod2man.pl
|
||||
+++ b/util/pod2man.pl
|
||||
@@ -1,4 +1,4 @@
|
||||
-: #!/usr/bin/perl-5.005
|
||||
+#!/usr/bin/perl
|
||||
eval 'exec /usr/bin/perl -S $0 ${1+"$@"}'
|
||||
if $running_under_some_shell;
|
||||
|
||||
--- a/util/selftest.pl
|
||||
+++ b/util/selftest.pl
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/usr/local/bin/perl -w
|
||||
+#!/usr/bin/perl
|
||||
#
|
||||
# Run the test suite and generate a report
|
||||
#
|
||||
@ -1,11 +0,0 @@
|
||||
--- a/Makefile.org
|
||||
+++ b/Makefile.org
|
||||
@@ -137,7 +137,7 @@ FIPSCANLIB=
|
||||
|
||||
BASEADDR=
|
||||
|
||||
-DIRS= crypto ssl engines apps test tools
|
||||
+DIRS= crypto ssl engines apps
|
||||
ENGDIRS= ccgost
|
||||
SHLIBDIRS= crypto ssl
|
||||
|
||||
@ -0,0 +1,21 @@
|
||||
From f453f3eccb852740e37e9436dac5670d311c13b0 Mon Sep 17 00:00:00 2001
|
||||
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
Date: Thu, 27 Sep 2018 08:31:38 -0300
|
||||
Subject: void exposing build directories
|
||||
|
||||
The CFLAGS contain the build directories, and are shown by calling
|
||||
OpenSSL_version(OPENSSL_CFLAGS), or running openssl version -a
|
||||
|
||||
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
|
||||
--- a/crypto/build.info
|
||||
+++ b/crypto/build.info
|
||||
@@ -10,7 +10,7 @@ EXTRA= ../ms/uplink-x86.pl ../ms/uplink
|
||||
ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl
|
||||
|
||||
DEPEND[cversion.o]=buildinf.h
|
||||
-GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
|
||||
+GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(filter-out -I% -iremap% -fmacro-prefix-map%,$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q))" "$(PLATFORM)"
|
||||
DEPEND[buildinf.h]=../configdata.pm
|
||||
|
||||
GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME)
|
||||
@ -1,58 +0,0 @@
|
||||
--- a/Makefile
|
||||
+++ b/Makefile
|
||||
@@ -139,7 +139,7 @@ FIPSCANLIB=
|
||||
|
||||
BASEADDR=0xFB00000
|
||||
|
||||
-DIRS= crypto ssl engines apps test tools
|
||||
+DIRS= crypto ssl engines apps tools
|
||||
ENGDIRS= ccgost
|
||||
SHLIBDIRS= crypto ssl
|
||||
|
||||
@@ -157,7 +157,7 @@ SDIRS= \
|
||||
|
||||
# tests to perform. "alltests" is a special word indicating that all tests
|
||||
# should be performed.
|
||||
-TESTS = alltests
|
||||
+TESTS =
|
||||
|
||||
MAKEFILE= Makefile
|
||||
|
||||
@@ -171,7 +171,7 @@ SHELL=/bin/sh
|
||||
|
||||
TOP= .
|
||||
ONEDIRS=out tmp
|
||||
-EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
|
||||
+EDIRS= times bugs util include certs ms shlib mt demos perl sf dep VMS
|
||||
WDIRS= windows
|
||||
LIBS= libcrypto.a libssl.a
|
||||
SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
|
||||
@@ -276,7 +276,7 @@ reflect:
|
||||
|
||||
sub_all: build_all
|
||||
|
||||
-build_all: build_libs build_apps build_tests build_tools
|
||||
+build_all: build_libs build_apps build_tools
|
||||
|
||||
build_libs: build_libcrypto build_libssl openssl.pc
|
||||
|
||||
@@ -542,7 +542,7 @@ dist:
|
||||
@$(MAKE) SDIRS='$(SDIRS)' clean
|
||||
@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
|
||||
|
||||
-install: all install_docs install_sw
|
||||
+install: all install_sw
|
||||
|
||||
install_sw:
|
||||
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
|
||||
--- a/Makefile.org
|
||||
+++ b/Makefile.org
|
||||
@@ -540,7 +540,7 @@ dist:
|
||||
@$(MAKE) SDIRS='$(SDIRS)' clean
|
||||
@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
|
||||
|
||||
-install: all install_docs install_sw
|
||||
+install: all install_sw
|
||||
|
||||
install_sw:
|
||||
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
|
||||
@ -0,0 +1,29 @@
|
||||
From e2339aa9c68837089d17cf309022cee497fe2412 Mon Sep 17 00:00:00 2001
|
||||
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
Date: Thu, 27 Sep 2018 08:34:38 -0300
|
||||
Subject: Do not build tests and fuzz directories
|
||||
|
||||
This shortens build time.
|
||||
|
||||
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
|
||||
--- a/Configure
|
||||
+++ b/Configure
|
||||
@@ -299,7 +299,7 @@ my $auto_threads=1; # enable threads
|
||||
my $default_ranlib;
|
||||
|
||||
# Top level directories to build
|
||||
-$config{dirs} = [ "crypto", "ssl", "engines", "apps", "test", "util", "tools", "fuzz" ];
|
||||
+$config{dirs} = [ "crypto", "ssl", "engines", "apps", "util", "tools" ];
|
||||
# crypto/ subdirectories to build
|
||||
$config{sdirs} = [
|
||||
"objects",
|
||||
@@ -311,7 +311,7 @@ $config{sdirs} = [
|
||||
"cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store"
|
||||
];
|
||||
# test/ subdirectories to build
|
||||
-$config{tdirs} = [ "ossl_shim" ];
|
||||
+$config{tdirs} = [];
|
||||
|
||||
# Known TLS and DTLS protocols
|
||||
my @tls = qw(ssl3 tls1 tls1_1 tls1_2 tls1_3);
|
||||
@ -1,8 +0,0 @@
|
||||
--- a/util/domd
|
||||
+++ b/util/domd
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/bin/sh
|
||||
+#!/usr/bin/env bash
|
||||
# Do a makedepend, only leave out the standard headers
|
||||
# Written by Ben Laurie <ben@algroup.co.uk> 19 Jan 1999
|
||||
|
||||
@ -1,18 +0,0 @@
|
||||
--- a/Makefile.shared
|
||||
+++ b/Makefile.shared
|
||||
@@ -95,7 +95,6 @@ LINK_APP= \
|
||||
LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
|
||||
LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
|
||||
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
|
||||
- LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
|
||||
$${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} )
|
||||
|
||||
LINK_SO= \
|
||||
@@ -105,7 +104,6 @@ LINK_SO= \
|
||||
SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
|
||||
LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
|
||||
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
|
||||
- LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
|
||||
$${SHAREDCMD} $${SHAREDFLAGS} \
|
||||
-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
|
||||
$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
|
||||
@ -1,23 +0,0 @@
|
||||
--- a/Makefile.org
|
||||
+++ b/Makefile.org
|
||||
@@ -185,7 +185,7 @@ TARFILE= ../$(NAME).tar
|
||||
EXHEADER= e_os2.h
|
||||
HEADER= e_os.h
|
||||
|
||||
-all: Makefile build_all
|
||||
+all: build_all
|
||||
|
||||
# as we stick to -e, CLEARENV ensures that local variables in lower
|
||||
# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
|
||||
@@ -404,11 +404,6 @@ openssl.pc: Makefile
|
||||
echo 'Version: '$(VERSION); \
|
||||
echo 'Requires: libssl libcrypto' ) > openssl.pc
|
||||
|
||||
-Makefile: Makefile.org Configure config
|
||||
- @echo "Makefile is older than Makefile.org, Configure or config."
|
||||
- @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
|
||||
- @false
|
||||
-
|
||||
libclean:
|
||||
rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib
|
||||
|
||||
@ -1,184 +0,0 @@
|
||||
--- a/Makefile.org
|
||||
+++ b/Makefile.org
|
||||
@@ -282,17 +282,17 @@ build_libcrypto: build_crypto build_engi
|
||||
build_libssl: build_ssl libssl.pc
|
||||
|
||||
build_crypto:
|
||||
- @dir=crypto; target=all; $(BUILD_ONE_CMD)
|
||||
+ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
|
||||
build_ssl: build_crypto
|
||||
- @dir=ssl; target=all; $(BUILD_ONE_CMD)
|
||||
+ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
|
||||
build_engines: build_crypto
|
||||
- @dir=engines; target=all; $(BUILD_ONE_CMD)
|
||||
+ +@dir=engines; target=all; $(BUILD_ONE_CMD)
|
||||
build_apps: build_libs
|
||||
- @dir=apps; target=all; $(BUILD_ONE_CMD)
|
||||
+ +@dir=apps; target=all; $(BUILD_ONE_CMD)
|
||||
build_tests: build_libs
|
||||
- @dir=test; target=all; $(BUILD_ONE_CMD)
|
||||
+ +@dir=test; target=all; $(BUILD_ONE_CMD)
|
||||
build_tools: build_libs
|
||||
- @dir=tools; target=all; $(BUILD_ONE_CMD)
|
||||
+ +@dir=tools; target=all; $(BUILD_ONE_CMD)
|
||||
|
||||
all_testapps: build_libs build_testapps
|
||||
build_testapps:
|
||||
@@ -473,7 +473,7 @@ update: errors stacks util/libeay.num ut
|
||||
@set -e; target=update; $(RECURSIVE_BUILD_CMD)
|
||||
|
||||
depend:
|
||||
- @set -e; target=depend; $(RECURSIVE_BUILD_CMD)
|
||||
+ +@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
|
||||
|
||||
lint:
|
||||
@set -e; target=lint; $(RECURSIVE_BUILD_CMD)
|
||||
@@ -535,9 +535,9 @@ dist:
|
||||
@$(MAKE) SDIRS='$(SDIRS)' clean
|
||||
@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
|
||||
|
||||
-install: all install_sw
|
||||
+install: install_sw
|
||||
|
||||
-install_sw:
|
||||
+install_dirs:
|
||||
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
|
||||
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
|
||||
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
|
||||
@@ -546,12 +546,19 @@ install_sw:
|
||||
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
|
||||
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
|
||||
$(INSTALL_PREFIX)$(OPENSSLDIR)/private
|
||||
+ @$(PERL) $(TOP)/util/mkdir-p.pl \
|
||||
+ $(INSTALL_PREFIX)$(MANDIR)/man1 \
|
||||
+ $(INSTALL_PREFIX)$(MANDIR)/man3 \
|
||||
+ $(INSTALL_PREFIX)$(MANDIR)/man5 \
|
||||
+ $(INSTALL_PREFIX)$(MANDIR)/man7
|
||||
+
|
||||
+install_sw: install_dirs
|
||||
@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
|
||||
do \
|
||||
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
|
||||
done;
|
||||
- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
|
||||
+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
|
||||
@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
|
||||
do \
|
||||
if [ -f "$$i" ]; then \
|
||||
@@ -635,12 +642,7 @@ install_html_docs:
|
||||
done; \
|
||||
done
|
||||
|
||||
-install_docs:
|
||||
- @$(PERL) $(TOP)/util/mkdir-p.pl \
|
||||
- $(INSTALL_PREFIX)$(MANDIR)/man1 \
|
||||
- $(INSTALL_PREFIX)$(MANDIR)/man3 \
|
||||
- $(INSTALL_PREFIX)$(MANDIR)/man5 \
|
||||
- $(INSTALL_PREFIX)$(MANDIR)/man7
|
||||
+install_docs: install_dirs
|
||||
@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
|
||||
here="`pwd`"; \
|
||||
filecase=; \
|
||||
--- a/Makefile.shared
|
||||
+++ b/Makefile.shared
|
||||
@@ -120,6 +120,7 @@ SYMLINK_SO= \
|
||||
done; \
|
||||
fi; \
|
||||
if [ -n "$$SHLIB_SOVER" ]; then \
|
||||
+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
|
||||
( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
|
||||
ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
|
||||
fi; \
|
||||
--- a/crypto/Makefile
|
||||
+++ b/crypto/Makefile
|
||||
@@ -87,11 +87,11 @@ testapps:
|
||||
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
|
||||
|
||||
subdirs:
|
||||
- @target=all; $(RECURSIVE_MAKE)
|
||||
+ +@target=all; $(RECURSIVE_MAKE)
|
||||
|
||||
files:
|
||||
$(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
|
||||
- @target=files; $(RECURSIVE_MAKE)
|
||||
+ +@target=files; $(RECURSIVE_MAKE)
|
||||
|
||||
links:
|
||||
@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
|
||||
@@ -102,7 +102,7 @@ links:
|
||||
# lib: $(LIB): are splitted to avoid end-less loop
|
||||
lib: $(LIB)
|
||||
@touch lib
|
||||
-$(LIB): $(LIBOBJ)
|
||||
+$(LIB): $(LIBOBJ) | subdirs
|
||||
$(AR) $(LIB) $(LIBOBJ)
|
||||
test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
|
||||
$(RANLIB) $(LIB) || echo Never mind.
|
||||
@@ -113,7 +113,7 @@ shared: buildinf.h lib subdirs
|
||||
fi
|
||||
|
||||
libs:
|
||||
- @target=lib; $(RECURSIVE_MAKE)
|
||||
+ +@target=lib; $(RECURSIVE_MAKE)
|
||||
|
||||
install:
|
||||
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
|
||||
@@ -122,7 +122,7 @@ install:
|
||||
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
|
||||
done;
|
||||
- @target=install; $(RECURSIVE_MAKE)
|
||||
+ +@target=install; $(RECURSIVE_MAKE)
|
||||
|
||||
lint:
|
||||
@target=lint; $(RECURSIVE_MAKE)
|
||||
--- a/engines/Makefile
|
||||
+++ b/engines/Makefile
|
||||
@@ -72,7 +72,7 @@ top:
|
||||
|
||||
all: lib subdirs
|
||||
|
||||
-lib: $(LIBOBJ)
|
||||
+lib: $(LIBOBJ) | subdirs
|
||||
@if [ -n "$(SHARED_LIBS)" ]; then \
|
||||
set -e; \
|
||||
for l in $(LIBNAMES); do \
|
||||
@@ -89,7 +89,7 @@ lib: $(LIBOBJ)
|
||||
|
||||
subdirs:
|
||||
echo $(EDIRS)
|
||||
- @target=all; $(RECURSIVE_MAKE)
|
||||
+ +@target=all; $(RECURSIVE_MAKE)
|
||||
|
||||
files:
|
||||
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
|
||||
@@ -128,7 +128,7 @@ install:
|
||||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
|
||||
done; \
|
||||
fi
|
||||
- @target=install; $(RECURSIVE_MAKE)
|
||||
+ +@target=install; $(RECURSIVE_MAKE)
|
||||
|
||||
tags:
|
||||
ctags $(SRC)
|
||||
--- a/test/Makefile
|
||||
+++ b/test/Makefile
|
||||
@@ -145,7 +145,7 @@ install:
|
||||
tags:
|
||||
ctags $(SRC)
|
||||
|
||||
-tests: exe apps $(TESTS)
|
||||
+tests: exe $(TESTS)
|
||||
|
||||
apps:
|
||||
@(cd ..; $(MAKE) DIRS=apps all)
|
||||
@@ -593,7 +593,7 @@ $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssl
|
||||
# fi
|
||||
|
||||
dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
|
||||
- @target=dummytest; $(BUILD_CMD)
|
||||
+ +@target=dummytest; $(BUILD_CMD)
|
||||
|
||||
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
||||
|
||||
@ -1,21 +0,0 @@
|
||||
From f17f027c258338994a6167091a398c0cc1588acb Mon Sep 17 00:00:00 2001
|
||||
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
Date: Wed, 26 Sep 2018 18:04:58 -0300
|
||||
Subject: Avoid exposing build directories
|
||||
|
||||
The CFLAGS contain the build directories, and are shown by calling
|
||||
SSLeay_version(SSLEAY_CFLAGS), or running openssl version -a
|
||||
|
||||
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
|
||||
--- a/crypto/Makefile
|
||||
+++ b/crypto/Makefile
|
||||
@@ -57,7 +57,7 @@ top:
|
||||
all: shared
|
||||
|
||||
buildinf.h: ../Makefile
|
||||
- $(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" >buildinf.h
|
||||
+ $(PERL) $(TOP)/util/mkbuildinf.pl "$(filter-out -I% -iremap% -fmacro-prefix-map%,$(CC) $(CFLAGS))" "$(PLATFORM)" >buildinf.h
|
||||
|
||||
x86cpuid.s: x86cpuid.pl perlasm/x86asm.pl
|
||||
$(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
|
||||
@ -0,0 +1,42 @@
|
||||
From be5cf61caa425070ec4f3e925d4e9aa484c8315b Mon Sep 17 00:00:00 2001
|
||||
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
Date: Mon, 5 Nov 2018 17:59:42 -0200
|
||||
Subject: [PATCH 1/7] eng_devcrypto: don't leak methods tables
|
||||
|
||||
Call functions to prepare methods after confirming that /dev/crytpo was
|
||||
sucessfully open and that the destroy function has been set.
|
||||
|
||||
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
|
||||
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/7585)
|
||||
|
||||
(cherry picked from commit d9d4dff5c640990d45af115353fc9f88a497a56c)
|
||||
|
||||
--- a/crypto/engine/eng_devcrypto.c
|
||||
+++ b/crypto/engine/eng_devcrypto.c
|
||||
@@ -619,11 +619,6 @@ void engine_load_devcrypto_int()
|
||||
return;
|
||||
}
|
||||
|
||||
- prepare_cipher_methods();
|
||||
-#ifdef IMPLEMENT_DIGEST
|
||||
- prepare_digest_methods();
|
||||
-#endif
|
||||
-
|
||||
if ((e = ENGINE_new()) == NULL
|
||||
|| !ENGINE_set_destroy_function(e, devcrypto_unload)) {
|
||||
ENGINE_free(e);
|
||||
@@ -636,6 +631,11 @@ void engine_load_devcrypto_int()
|
||||
return;
|
||||
}
|
||||
|
||||
+ prepare_cipher_methods();
|
||||
+#ifdef IMPLEMENT_DIGEST
|
||||
+ prepare_digest_methods();
|
||||
+#endif
|
||||
+
|
||||
if (!ENGINE_set_id(e, "devcrypto")
|
||||
|| !ENGINE_set_name(e, "/dev/crypto engine")
|
||||
|
||||
@ -0,0 +1,37 @@
|
||||
From add2ab1f289c24a1563c5b895d5cd133fe874f12 Mon Sep 17 00:00:00 2001
|
||||
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
Date: Wed, 14 Nov 2018 11:22:14 -0200
|
||||
Subject: [PATCH 2/7] eng_devcrypto: expand digest failure cases
|
||||
|
||||
Return failure when the digest_ctx is null in digest_update and
|
||||
digest_final, and when md is null in digest_final.
|
||||
|
||||
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
|
||||
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/7585)
|
||||
|
||||
(cherry picked from commit 4d9f99654441e36fdcb49540a1dbc9d4c70ccb68)
|
||||
|
||||
--- a/crypto/engine/eng_devcrypto.c
|
||||
+++ b/crypto/engine/eng_devcrypto.c
|
||||
@@ -438,6 +438,9 @@ static int digest_update(EVP_MD_CTX *ctx
|
||||
if (count == 0)
|
||||
return 1;
|
||||
|
||||
+ if (digest_ctx == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
if (digest_op(digest_ctx, data, count, NULL, COP_FLAG_UPDATE) < 0) {
|
||||
SYSerr(SYS_F_IOCTL, errno);
|
||||
return 0;
|
||||
@@ -451,6 +454,8 @@ static int digest_final(EVP_MD_CTX *ctx,
|
||||
struct digest_ctx *digest_ctx =
|
||||
(struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
|
||||
|
||||
+ if (md == NULL || digest_ctx == NULL)
|
||||
+ return 0;
|
||||
if (digest_op(digest_ctx, NULL, 0, md, COP_FLAG_FINAL) < 0) {
|
||||
SYSerr(SYS_F_IOCTL, errno);
|
||||
return 0;
|
||||
@ -0,0 +1,53 @@
|
||||
From 68b02a8ab798b7e916c8141a36ab69d7493fc707 Mon Sep 17 00:00:00 2001
|
||||
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
Date: Wed, 14 Nov 2018 13:58:06 -0200
|
||||
Subject: [PATCH 3/7] eng_devcrypto: fix copy of unitilialized digest
|
||||
|
||||
If the source ctx has not been initialized, don't initialize the copy
|
||||
either.
|
||||
|
||||
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
|
||||
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/7585)
|
||||
|
||||
(cherry picked from commit ae8183690fa53b978d4647563f5a521c4cafe94c)
|
||||
|
||||
--- a/crypto/engine/eng_devcrypto.c
|
||||
+++ b/crypto/engine/eng_devcrypto.c
|
||||
@@ -338,7 +338,8 @@ static int devcrypto_ciphers(ENGINE *e,
|
||||
|
||||
struct digest_ctx {
|
||||
struct session_op sess;
|
||||
- int init;
|
||||
+ /* This signals that the init function was called, not that it succeeded. */
|
||||
+ int init_called;
|
||||
};
|
||||
|
||||
static const struct digest_data_st {
|
||||
@@ -403,7 +404,7 @@ static int digest_init(EVP_MD_CTX *ctx)
|
||||
const struct digest_data_st *digest_d =
|
||||
get_digest_data(EVP_MD_CTX_type(ctx));
|
||||
|
||||
- digest_ctx->init = 1;
|
||||
+ digest_ctx->init_called = 1;
|
||||
|
||||
memset(&digest_ctx->sess, 0, sizeof(digest_ctx->sess));
|
||||
digest_ctx->sess.mac = digest_d->devcryptoid;
|
||||
@@ -476,14 +477,9 @@ static int digest_copy(EVP_MD_CTX *to, c
|
||||
(struct digest_ctx *)EVP_MD_CTX_md_data(to);
|
||||
struct cphash_op cphash;
|
||||
|
||||
- if (digest_from == NULL)
|
||||
+ if (digest_from == NULL || digest_from->init_called != 1)
|
||||
return 1;
|
||||
|
||||
- if (digest_from->init != 1) {
|
||||
- SYSerr(SYS_F_IOCTL, EINVAL);
|
||||
- return 0;
|
||||
- }
|
||||
-
|
||||
if (!digest_init(to)) {
|
||||
SYSerr(SYS_F_IOCTL, errno);
|
||||
return 0;
|
||||
@ -0,0 +1,46 @@
|
||||
From 5378c582c8d3f1130b17abb2950bfd09cde099c6 Mon Sep 17 00:00:00 2001
|
||||
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
Date: Mon, 5 Nov 2018 15:59:44 -0200
|
||||
Subject: [PATCH 4/7] eng_devcrypto: close session on cleanup, not final
|
||||
|
||||
Close the session in digest_cleanup instead of digest_final. A failure
|
||||
in closing the session does not mean a previous successful digest final
|
||||
has failed as well.
|
||||
|
||||
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
|
||||
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/7585)
|
||||
|
||||
(cherry picked from commit a67203a19d379a8cc8b369587c60c46eb4e19014)
|
||||
|
||||
--- a/crypto/engine/eng_devcrypto.c
|
||||
+++ b/crypto/engine/eng_devcrypto.c
|
||||
@@ -461,10 +461,6 @@ static int digest_final(EVP_MD_CTX *ctx,
|
||||
SYSerr(SYS_F_IOCTL, errno);
|
||||
return 0;
|
||||
}
|
||||
- if (ioctl(cfd, CIOCFSESSION, &digest_ctx->sess.ses) < 0) {
|
||||
- SYSerr(SYS_F_IOCTL, errno);
|
||||
- return 0;
|
||||
- }
|
||||
|
||||
return 1;
|
||||
}
|
||||
@@ -496,6 +492,15 @@ static int digest_copy(EVP_MD_CTX *to, c
|
||||
|
||||
static int digest_cleanup(EVP_MD_CTX *ctx)
|
||||
{
|
||||
+ struct digest_ctx *digest_ctx =
|
||||
+ (struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
|
||||
+
|
||||
+ if (digest_ctx == NULL)
|
||||
+ return 1;
|
||||
+ if (ioctl(cfd, CIOCFSESSION, &digest_ctx->sess.ses) < 0) {
|
||||
+ SYSerr(SYS_F_IOCTL, errno);
|
||||
+ return 0;
|
||||
+ }
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -0,0 +1,54 @@
|
||||
From a19d1a1d370e2959555fccbafc4e970634840352 Mon Sep 17 00:00:00 2001
|
||||
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
Date: Tue, 13 Nov 2018 09:23:22 -0200
|
||||
Subject: [PATCH 5/7] eng_devcrypto: add cipher CTX copy function
|
||||
|
||||
The engine needs a custom cipher context copy function to open a new
|
||||
/dev/crypto session.
|
||||
|
||||
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
|
||||
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/7585)
|
||||
|
||||
(cherry picked from commit 6d99e238397859f2df58c60e28905193b2dd6762)
|
||||
|
||||
--- a/crypto/engine/eng_devcrypto.c
|
||||
+++ b/crypto/engine/eng_devcrypto.c
|
||||
@@ -207,6 +207,22 @@ static int cipher_do_cipher(EVP_CIPHER_C
|
||||
return 1;
|
||||
}
|
||||
|
||||
+static int cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void* p2)
|
||||
+{
|
||||
+ EVP_CIPHER_CTX *to_ctx = (EVP_CIPHER_CTX *)p2;
|
||||
+ struct cipher_ctx *cipher_ctx;
|
||||
+
|
||||
+ if (type == EVP_CTRL_COPY) {
|
||||
+ /* when copying the context, a new session needs to be initialized */
|
||||
+ cipher_ctx = (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
|
||||
+ return (cipher_ctx == NULL)
|
||||
+ || cipher_init(to_ctx, cipher_ctx->sess.key, EVP_CIPHER_CTX_iv(ctx),
|
||||
+ (cipher_ctx->op == COP_ENCRYPT));
|
||||
+ }
|
||||
+
|
||||
+ return -1;
|
||||
+}
|
||||
+
|
||||
static int cipher_cleanup(EVP_CIPHER_CTX *ctx)
|
||||
{
|
||||
struct cipher_ctx *cipher_ctx =
|
||||
@@ -258,10 +274,12 @@ static void prepare_cipher_methods(void)
|
||||
cipher_data[i].ivlen)
|
||||
|| !EVP_CIPHER_meth_set_flags(known_cipher_methods[i],
|
||||
cipher_data[i].flags
|
||||
+ | EVP_CIPH_CUSTOM_COPY
|
||||
| EVP_CIPH_FLAG_DEFAULT_ASN1)
|
||||
|| !EVP_CIPHER_meth_set_init(known_cipher_methods[i], cipher_init)
|
||||
|| !EVP_CIPHER_meth_set_do_cipher(known_cipher_methods[i],
|
||||
cipher_do_cipher)
|
||||
+ || !EVP_CIPHER_meth_set_ctrl(known_cipher_methods[i], cipher_ctrl)
|
||||
|| !EVP_CIPHER_meth_set_cleanup(known_cipher_methods[i],
|
||||
cipher_cleanup)
|
||||
|| !EVP_CIPHER_meth_set_impl_ctx_size(known_cipher_methods[i],
|
||||
@ -0,0 +1,217 @@
|
||||
From 2887a5c8f9a385b3ebee12b98f68e7d1f9cc0ea0 Mon Sep 17 00:00:00 2001
|
||||
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
Date: Wed, 28 Nov 2018 11:26:27 -0200
|
||||
Subject: [PATCH 6/7] eng_devcrypto: fix ctr mode
|
||||
|
||||
Make CTR mode behave like a stream cipher.
|
||||
|
||||
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
|
||||
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/7585)
|
||||
|
||||
(cherry picked from commit b5015e834aa7d3f0a5d7585a8fae05cecbdbb848)
|
||||
|
||||
--- a/crypto/engine/eng_devcrypto.c
|
||||
+++ b/crypto/engine/eng_devcrypto.c
|
||||
@@ -47,10 +47,12 @@ static int cfd;
|
||||
|
||||
struct cipher_ctx {
|
||||
struct session_op sess;
|
||||
-
|
||||
- /* to pass from init to do_cipher */
|
||||
- const unsigned char *iv;
|
||||
int op; /* COP_ENCRYPT or COP_DECRYPT */
|
||||
+ unsigned long mode; /* EVP_CIPH_*_MODE */
|
||||
+
|
||||
+ /* to handle ctr mode being a stream cipher */
|
||||
+ unsigned char partial[EVP_MAX_BLOCK_LENGTH];
|
||||
+ unsigned int blocksize, num;
|
||||
};
|
||||
|
||||
static const struct cipher_data_st {
|
||||
@@ -87,9 +89,9 @@ static const struct cipher_data_st {
|
||||
{ NID_aes_256_xts, 16, 256 / 8 * 2, 16, EVP_CIPH_XTS_MODE, CRYPTO_AES_XTS },
|
||||
#endif
|
||||
#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_AES_ECB)
|
||||
- { NID_aes_128_ecb, 16, 128 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
|
||||
- { NID_aes_192_ecb, 16, 192 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
|
||||
- { NID_aes_256_ecb, 16, 256 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
|
||||
+ { NID_aes_128_ecb, 16, 128 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
|
||||
+ { NID_aes_192_ecb, 16, 192 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
|
||||
+ { NID_aes_256_ecb, 16, 256 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
|
||||
#endif
|
||||
#if 0 /* Not yet supported */
|
||||
{ NID_aes_128_gcm, 16, 128 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM },
|
||||
@@ -146,6 +148,8 @@ static int cipher_init(EVP_CIPHER_CTX *c
|
||||
cipher_ctx->sess.keylen = cipher_d->keylen;
|
||||
cipher_ctx->sess.key = (void *)key;
|
||||
cipher_ctx->op = enc ? COP_ENCRYPT : COP_DECRYPT;
|
||||
+ cipher_ctx->mode = cipher_d->flags & EVP_CIPH_MODE;
|
||||
+ cipher_ctx->blocksize = cipher_d->blocksize;
|
||||
if (ioctl(cfd, CIOCGSESSION, &cipher_ctx->sess) < 0) {
|
||||
SYSerr(SYS_F_IOCTL, errno);
|
||||
return 0;
|
||||
@@ -160,8 +164,11 @@ static int cipher_do_cipher(EVP_CIPHER_C
|
||||
struct cipher_ctx *cipher_ctx =
|
||||
(struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
|
||||
struct crypt_op cryp;
|
||||
+ unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
|
||||
#if !defined(COP_FLAG_WRITE_IV)
|
||||
unsigned char saved_iv[EVP_MAX_IV_LENGTH];
|
||||
+ const unsigned char *ivptr;
|
||||
+ size_t nblocks, ivlen;
|
||||
#endif
|
||||
|
||||
memset(&cryp, 0, sizeof(cryp));
|
||||
@@ -169,19 +176,28 @@ static int cipher_do_cipher(EVP_CIPHER_C
|
||||
cryp.len = inl;
|
||||
cryp.src = (void *)in;
|
||||
cryp.dst = (void *)out;
|
||||
- cryp.iv = (void *)EVP_CIPHER_CTX_iv_noconst(ctx);
|
||||
+ cryp.iv = (void *)iv;
|
||||
cryp.op = cipher_ctx->op;
|
||||
#if !defined(COP_FLAG_WRITE_IV)
|
||||
cryp.flags = 0;
|
||||
|
||||
- if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
|
||||
- assert(inl >= EVP_CIPHER_CTX_iv_length(ctx));
|
||||
- if (!EVP_CIPHER_CTX_encrypting(ctx)) {
|
||||
- unsigned char *ivptr = in + inl - EVP_CIPHER_CTX_iv_length(ctx);
|
||||
+ ivlen = EVP_CIPHER_CTX_iv_length(ctx);
|
||||
+ if (ivlen > 0)
|
||||
+ switch (cipher_ctx->mode) {
|
||||
+ case EVP_CIPH_CBC_MODE:
|
||||
+ assert(inl >= ivlen);
|
||||
+ if (!EVP_CIPHER_CTX_encrypting(ctx)) {
|
||||
+ ivptr = in + inl - ivlen;
|
||||
+ memcpy(saved_iv, ivptr, ivlen);
|
||||
+ }
|
||||
+ break;
|
||||
+
|
||||
+ case EVP_CIPH_CTR_MODE:
|
||||
+ break;
|
||||
|
||||
- memcpy(saved_iv, ivptr, EVP_CIPHER_CTX_iv_length(ctx));
|
||||
+ default: /* should not happen */
|
||||
+ return 0;
|
||||
}
|
||||
- }
|
||||
#else
|
||||
cryp.flags = COP_FLAG_WRITE_IV;
|
||||
#endif
|
||||
@@ -192,17 +208,74 @@ static int cipher_do_cipher(EVP_CIPHER_C
|
||||
}
|
||||
|
||||
#if !defined(COP_FLAG_WRITE_IV)
|
||||
- if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
|
||||
- unsigned char *ivptr = saved_iv;
|
||||
+ if (ivlen > 0)
|
||||
+ switch (cipher_ctx->mode) {
|
||||
+ case EVP_CIPH_CBC_MODE:
|
||||
+ assert(inl >= ivlen);
|
||||
+ if (EVP_CIPHER_CTX_encrypting(ctx))
|
||||
+ ivptr = out + inl - ivlen;
|
||||
+ else
|
||||
+ ivptr = saved_iv;
|
||||
+
|
||||
+ memcpy(iv, ivptr, ivlen);
|
||||
+ break;
|
||||
+
|
||||
+ case EVP_CIPH_CTR_MODE:
|
||||
+ nblocks = (inl + cipher_ctx->blocksize - 1)
|
||||
+ / cipher_ctx->blocksize;
|
||||
+ do {
|
||||
+ ivlen--;
|
||||
+ nblocks += iv[ivlen];
|
||||
+ iv[ivlen] = (uint8_t) nblocks;
|
||||
+ nblocks >>= 8;
|
||||
+ } while (ivlen);
|
||||
+ break;
|
||||
+
|
||||
+ default: /* should not happen */
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
|
||||
- assert(inl >= EVP_CIPHER_CTX_iv_length(ctx));
|
||||
- if (!EVP_CIPHER_CTX_encrypting(ctx))
|
||||
- ivptr = out + inl - EVP_CIPHER_CTX_iv_length(ctx);
|
||||
+static int ctr_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
+ const unsigned char *in, size_t inl)
|
||||
+{
|
||||
+ struct cipher_ctx *cipher_ctx =
|
||||
+ (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
|
||||
+ size_t nblocks, len;
|
||||
|
||||
- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), ivptr,
|
||||
- EVP_CIPHER_CTX_iv_length(ctx));
|
||||
+ /* initial partial block */
|
||||
+ while (cipher_ctx->num && inl) {
|
||||
+ (*out++) = *(in++) ^ cipher_ctx->partial[cipher_ctx->num];
|
||||
+ --inl;
|
||||
+ cipher_ctx->num = (cipher_ctx->num + 1) % cipher_ctx->blocksize;
|
||||
+ }
|
||||
+
|
||||
+ /* full blocks */
|
||||
+ if (inl > (unsigned int) cipher_ctx->blocksize) {
|
||||
+ nblocks = inl/cipher_ctx->blocksize;
|
||||
+ len = nblocks * cipher_ctx->blocksize;
|
||||
+ if (cipher_do_cipher(ctx, out, in, len) < 1)
|
||||
+ return 0;
|
||||
+ inl -= len;
|
||||
+ out += len;
|
||||
+ in += len;
|
||||
+ }
|
||||
+
|
||||
+ /* final partial block */
|
||||
+ if (inl) {
|
||||
+ memset(cipher_ctx->partial, 0, cipher_ctx->blocksize);
|
||||
+ if (cipher_do_cipher(ctx, cipher_ctx->partial, cipher_ctx->partial,
|
||||
+ cipher_ctx->blocksize) < 1)
|
||||
+ return 0;
|
||||
+ while (inl--) {
|
||||
+ out[cipher_ctx->num] = in[cipher_ctx->num]
|
||||
+ ^ cipher_ctx->partial[cipher_ctx->num];
|
||||
+ cipher_ctx->num++;
|
||||
+ }
|
||||
}
|
||||
-#endif
|
||||
|
||||
return 1;
|
||||
}
|
||||
@@ -249,6 +322,7 @@ static void prepare_cipher_methods(void)
|
||||
{
|
||||
size_t i;
|
||||
struct session_op sess;
|
||||
+ unsigned long cipher_mode;
|
||||
|
||||
memset(&sess, 0, sizeof(sess));
|
||||
sess.key = (void *)"01234567890123456789012345678901234567890123456789";
|
||||
@@ -266,9 +340,12 @@ static void prepare_cipher_methods(void)
|
||||
|| ioctl(cfd, CIOCFSESSION, &sess.ses) < 0)
|
||||
continue;
|
||||
|
||||
+ cipher_mode = cipher_data[i].flags & EVP_CIPH_MODE;
|
||||
+
|
||||
if ((known_cipher_methods[i] =
|
||||
EVP_CIPHER_meth_new(cipher_data[i].nid,
|
||||
- cipher_data[i].blocksize,
|
||||
+ cipher_mode == EVP_CIPH_CTR_MODE ? 1 :
|
||||
+ cipher_data[i].blocksize,
|
||||
cipher_data[i].keylen)) == NULL
|
||||
|| !EVP_CIPHER_meth_set_iv_length(known_cipher_methods[i],
|
||||
cipher_data[i].ivlen)
|
||||
@@ -278,6 +355,8 @@ static void prepare_cipher_methods(void)
|
||||
| EVP_CIPH_FLAG_DEFAULT_ASN1)
|
||||
|| !EVP_CIPHER_meth_set_init(known_cipher_methods[i], cipher_init)
|
||||
|| !EVP_CIPHER_meth_set_do_cipher(known_cipher_methods[i],
|
||||
+ cipher_mode == EVP_CIPH_CTR_MODE ?
|
||||
+ ctr_do_cipher :
|
||||
cipher_do_cipher)
|
||||
|| !EVP_CIPHER_meth_set_ctrl(known_cipher_methods[i], cipher_ctrl)
|
||||
|| !EVP_CIPHER_meth_set_cleanup(known_cipher_methods[i],
|
||||
@ -0,0 +1,71 @@
|
||||
From 488521d77fdc1de5ae256ce0d9203e35ebc92993 Mon Sep 17 00:00:00 2001
|
||||
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
Date: Sat, 8 Dec 2018 18:01:04 -0200
|
||||
Subject: [PATCH 7/7] eng_devcrypto: make sure digest can do copy
|
||||
|
||||
Digest must be able to do partial-state copy to be used.
|
||||
|
||||
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
|
||||
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/7585)
|
||||
|
||||
(cherry picked from commit 16e252a01b754a13e83d5e5e87afbe389997926b)
|
||||
|
||||
--- a/crypto/engine/eng_devcrypto.c
|
||||
+++ b/crypto/engine/eng_devcrypto.c
|
||||
@@ -601,6 +601,30 @@ static int digest_cleanup(EVP_MD_CTX *ct
|
||||
return 1;
|
||||
}
|
||||
|
||||
+static int devcrypto_test_digest(size_t digest_data_index)
|
||||
+{
|
||||
+ struct session_op sess1, sess2;
|
||||
+ struct cphash_op cphash;
|
||||
+ int ret=0;
|
||||
+
|
||||
+ memset(&sess1, 0, sizeof(sess1));
|
||||
+ memset(&sess2, 0, sizeof(sess2));
|
||||
+ sess1.mac = digest_data[digest_data_index].devcryptoid;
|
||||
+ if (ioctl(cfd, CIOCGSESSION, &sess1) < 0)
|
||||
+ return 0;
|
||||
+ /* Make sure the driver is capable of hash state copy */
|
||||
+ sess2.mac = sess1.mac;
|
||||
+ if (ioctl(cfd, CIOCGSESSION, &sess2) >= 0) {
|
||||
+ cphash.src_ses = sess1.ses;
|
||||
+ cphash.dst_ses = sess2.ses;
|
||||
+ if (ioctl(cfd, CIOCCPHASH, &cphash) >= 0)
|
||||
+ ret = 1;
|
||||
+ ioctl(cfd, CIOCFSESSION, &sess2.ses);
|
||||
+ }
|
||||
+ ioctl(cfd, CIOCFSESSION, &sess1.ses);
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* Keep a table of known nids and associated methods.
|
||||
* Note that known_digest_nids[] isn't necessarily indexed the same way as
|
||||
@@ -613,20 +637,14 @@ static EVP_MD *known_digest_methods[OSSL
|
||||
static void prepare_digest_methods(void)
|
||||
{
|
||||
size_t i;
|
||||
- struct session_op sess;
|
||||
-
|
||||
- memset(&sess, 0, sizeof(sess));
|
||||
|
||||
for (i = 0, known_digest_nids_amount = 0; i < OSSL_NELEM(digest_data);
|
||||
i++) {
|
||||
|
||||
/*
|
||||
- * Check that the algo is really availably by trying to open and close
|
||||
- * a session.
|
||||
+ * Check that the algo is usable
|
||||
*/
|
||||
- sess.mac = digest_data[i].devcryptoid;
|
||||
- if (ioctl(cfd, CIOCGSESSION, &sess) < 0
|
||||
- || ioctl(cfd, CIOCFSESSION, &sess.ses) < 0)
|
||||
+ if (!devcrypto_test_digest(i))
|
||||
continue;
|
||||
|
||||
if ((known_digest_methods[i] = EVP_MD_meth_new(digest_data[i].nid,
|
||||
Loading…
Reference in New Issue