1
0

ocf.patch 31 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197
  1. Index: libssl/Configure
  2. ===================================================================
  3. RCS file: libssl/Configure,v
  4. retrieving revision 1.1.1.12
  5. retrieving revision 1.21
  6. diff -u -r1.1.1.12 -r1.21
  7. --- libssl/Configure 15 Sep 2008 23:36:40 -0000 1.1.1.12
  8. +++ libssl/Configure 15 Sep 2008 23:44:15 -0000 1.21
  9. @@ -34,6 +34,8 @@
  10. # (Default: KRB5_DIR/include)
  11. # --with-krb5-flavor Declare what flavor of Kerberos 5 is used. Currently
  12. # supported values are "MIT" and "Heimdal". A value is required.
  13. +# --with-cryptodev Force support for cryptodev (ie., ocf-linux)
  14. +# --with-cryptodev-digests Force support for cryptodev digests (generally slow)
  15. #
  16. # --test-sanity Make a number of sanity checks on the data in this file.
  17. # This is a debugging tool for OpenSSL developers.
  18. @@ -538,6 +540,9 @@
  19. ##### Compaq Non-Stop Kernel (Tandem)
  20. "tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",
  21. +# uClinux
  22. +"uClinux-dist","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):BN_LLONG::::::::::::\$(LIBSSL_dlfcn):linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}",
  23. +
  24. );
  25. my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A
  26. @@ -587,6 +592,8 @@
  27. my $no_asm=0;
  28. my $no_dso=0;
  29. my $no_gmp=0;
  30. +my $have_cryptodev=0;
  31. +my $use_cryptodev_digests=0;
  32. my @skip=();
  33. my $Makefile="Makefile";
  34. my $des_locl="crypto/des/des_locl.h";
  35. @@ -714,6 +721,14 @@
  36. {
  37. exit(&test_sanity());
  38. }
  39. + elsif (/^--with-cryptodev$/)
  40. + {
  41. + $have_cryptodev = 1;
  42. + }
  43. + elsif (/^--with-cryptodev-digests$/)
  44. + {
  45. + $use_cryptodev_digests = 1;
  46. + }
  47. elsif (/^reconfigure/ || /^reconf/)
  48. {
  49. if (open(IN,"<$Makefile"))
  50. @@ -922,6 +937,7 @@
  51. print " OPENSSL_NO_$ALGO";
  52. if (/^err$/) { $flags .= "-DOPENSSL_NO_ERR "; }
  53. + elsif (/^hw$/) { $flags .= "-DOPENSSL_NO_HW "; }
  54. elsif (/^asm$/) { $no_asm = 1; }
  55. }
  56. else
  57. @@ -1062,6 +1078,16 @@
  58. $withargs{"krb5-dir"} ne "";
  59. }
  60. +# enable the linux cryptodev (ocf-linux) support
  61. +if ($have_cryptodev)
  62. + {
  63. + if ($use_cryptodev_digests)
  64. + {
  65. + $cflags = "-DUSE_CRYPTODEV_DIGESTS $cflags";
  66. + }
  67. + $cflags = "-DHAVE_CRYPTODEV $cflags";
  68. + }
  69. +
  70. # The DSO code currently always implements all functions so that no
  71. # applications will have to worry about that from a compilation point
  72. # of view. However, the "method"s may return zero unless that platform
  73. Index: libssl/INSTALL
  74. ===================================================================
  75. RCS file: libssl/INSTALL,v
  76. retrieving revision 1.1.1.8
  77. retrieving revision 1.3
  78. diff -u -r1.1.1.8 -r1.3
  79. --- libssl/INSTALL 15 Sep 2008 23:36:40 -0000 1.1.1.8
  80. +++ libssl/INSTALL 15 Sep 2008 23:44:15 -0000 1.3
  81. @@ -103,6 +103,12 @@
  82. define preprocessor symbols, specify additional libraries,
  83. library directories or other compiler options.
  84. + --with-cryptodev Enabled the BSD cryptodev engine even if we are not using
  85. + BSD. Useful if you are running ocf-linux or something
  86. + similar. Once enabled you can also enable the use of
  87. + cryptodev digests, with is usually slower unless you have
  88. + large amounts data. Use --with-cryptodev-digests to force
  89. + it.
  90. Installation in Detail
  91. ----------------------
  92. Index: libssl/Makefile.org
  93. ===================================================================
  94. RCS file: libssl/Makefile.org,v
  95. retrieving revision 1.1.1.11
  96. retrieving revision 1.21
  97. diff -u -r1.1.1.11 -r1.21
  98. --- libssl/Makefile.org 15 Sep 2008 23:36:40 -0000 1.1.1.11
  99. +++ libssl/Makefile.org 15 Sep 2008 23:44:15 -0000 1.21
  100. @@ -367,7 +367,7 @@
  101. links:
  102. @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
  103. - @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
  104. + @$(PERL) $(TOP)/util/mklink.pl include/openssl $(HEADER) $(EXHEADER)
  105. @set -e; target=links; $(RECURSIVE_BUILD_CMD)
  106. gentests:
  107. Index: libssl/apps/apps.h
  108. ===================================================================
  109. RCS file: libssl/apps/apps.h,v
  110. retrieving revision 1.1.1.7
  111. retrieving revision 1.6
  112. diff -u -r1.1.1.7 -r1.6
  113. --- libssl/apps/apps.h 15 Sep 2008 23:36:40 -0000 1.1.1.7
  114. +++ libssl/apps/apps.h 15 Sep 2008 23:44:15 -0000 1.6
  115. @@ -112,7 +112,7 @@
  116. #ifndef HEADER_APPS_H
  117. #define HEADER_APPS_H
  118. -#include "e_os.h"
  119. +#include <openssl/e_os.h>
  120. #include <openssl/bio.h>
  121. #include <openssl/x509.h>
  122. Index: libssl/apps/progs.h
  123. ===================================================================
  124. RCS file: libssl/apps/progs.h,v
  125. retrieving revision 1.1.1.8
  126. retrieving revision 1.7
  127. diff -u -r1.1.1.8 -r1.7
  128. --- libssl/apps/progs.h 15 Sep 2008 23:36:40 -0000 1.1.1.8
  129. +++ libssl/apps/progs.h 15 Sep 2008 23:44:15 -0000 1.7
  130. @@ -129,7 +129,9 @@
  131. #ifndef OPENSSL_NO_ENGINE
  132. {FUNC_TYPE_GENERAL,"engine",engine_main},
  133. #endif
  134. +#ifndef OPENSSL_NO_OCSP
  135. {FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
  136. +#endif
  137. {FUNC_TYPE_GENERAL,"prime",prime_main},
  138. #ifndef OPENSSL_NO_MD2
  139. {FUNC_TYPE_MD,"md2",dgst_main},
  140. Index: libssl/apps/speed.c
  141. ===================================================================
  142. RCS file: libssl/apps/speed.c,v
  143. retrieving revision 1.1.1.10
  144. retrieving revision 1.15
  145. diff -u -r1.1.1.10 -r1.15
  146. --- libssl/apps/speed.c 15 Sep 2008 23:36:40 -0000 1.1.1.10
  147. +++ libssl/apps/speed.c 15 Sep 2008 23:44:15 -0000 1.15
  148. @@ -292,7 +292,7 @@
  149. "evp","sha256","sha512",
  150. "aes-128 ige","aes-192 ige","aes-256 ige"};
  151. static double results[ALGOR_NUM][SIZE_NUM];
  152. -static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
  153. +static int lengths[SIZE_NUM]={16,64,256,1024,2*1024,4*1024};
  154. static double rsa_results[RSA_NUM][2];
  155. static double dsa_results[DSA_NUM][2];
  156. #ifndef OPENSSL_NO_ECDSA
  157. @@ -328,6 +328,79 @@
  158. #define START 0
  159. #define STOP 1
  160. +#ifdef __linux__
  161. +/*
  162. + * record CPU usage as well
  163. + */
  164. +
  165. +static int do_cpu = 0;
  166. +
  167. +struct cpu_stat {
  168. + unsigned int user;
  169. + unsigned int nice;
  170. + unsigned int system;
  171. + unsigned int idle;
  172. + unsigned int total;
  173. +};
  174. +
  175. +static unsigned int cpu_usage[ALGOR_NUM][SIZE_NUM];
  176. +static unsigned int rsa_cpu_usage[RSA_NUM][2];
  177. +static unsigned int dsa_cpu_usage[DSA_NUM][2];
  178. +static struct cpu_stat cpu_start, cpu_finish;
  179. +
  180. +static void
  181. +get_cpu(int s)
  182. +{
  183. + FILE *fp = NULL;
  184. + unsigned char buf[80];
  185. + struct cpu_stat *st = s == START ? &cpu_start : &cpu_finish;
  186. +
  187. + memset(st, 0, sizeof(*st));
  188. +
  189. + if (fp == NULL)
  190. + fp = fopen("/proc/stat", "r");
  191. + if (!fp)
  192. + return;
  193. + if (fseek(fp, 0, SEEK_SET) == -1) {
  194. + fclose(fp);
  195. + return;
  196. + }
  197. + fscanf(fp, "%s %d %d %d %d", &buf[0], &st->user, &st->nice,
  198. + &st->system, &st->idle);
  199. + st->total = st->user + st->nice + st->system + st->idle;
  200. + fclose(fp);
  201. +}
  202. +
  203. +static unsigned int
  204. +calc_cpu()
  205. +{
  206. + unsigned int total, res;
  207. +
  208. + total = cpu_finish.total - cpu_start.total;
  209. + if (total <= 0)
  210. + return 0;
  211. +#if 1 // busy
  212. + res = ((cpu_finish.system + cpu_finish.user + cpu_finish.nice) -
  213. + (cpu_start.system + cpu_start.user + cpu_start.nice)) *
  214. + 100 / total;
  215. +#endif
  216. +#if 0 // system
  217. + res = (cpu_finish.system - cpu_start.system) * 100 / total;
  218. +#endif
  219. +#if 0 // user
  220. + res = (cpu_finish.user - cpu_start.user) * 100 / total;
  221. +#endif
  222. +#if 0 // nice
  223. + res = (cpu_finish.nice - cpu_start.nice) * 100 / total;
  224. +#endif
  225. +#if 0 // idle
  226. + res = (cpu_finish.idle - cpu_start.idle) * 100 / total;
  227. +#endif
  228. + return(res);
  229. +}
  230. +
  231. +#endif
  232. +
  233. #if defined(OPENSSL_SYS_NETWARE)
  234. /* for NetWare the best we can do is use clock() which returns the
  235. @@ -358,6 +431,11 @@
  236. {
  237. double ret;
  238. +#ifdef __linux__
  239. + if (do_cpu)
  240. + get_cpu(s);
  241. +#endif
  242. +
  243. #ifdef USE_TOD
  244. if(usertime)
  245. {
  246. @@ -832,6 +910,14 @@
  247. j--; /* Otherwise, -elapsed gets confused with
  248. an algorithm. */
  249. }
  250. +#ifdef __linux__
  251. + else if ((argc > 0) && (strcmp(*argv,"-cpu") == 0))
  252. + {
  253. + do_cpu = 1;
  254. + j--; /* Otherwise, -cpu gets confused with
  255. + an algorithm. */
  256. + }
  257. +#endif
  258. else if ((argc > 0) && (strcmp(*argv,"-evp") == 0))
  259. {
  260. argc--;
  261. @@ -1260,6 +1346,9 @@
  262. #ifdef HAVE_FORK
  263. BIO_printf(bio_err,"-multi n run n benchmarks in parallel.\n");
  264. #endif
  265. +#ifdef __linux__
  266. + BIO_printf(bio_err,"-cpu calculate cpu utilisation.\n");
  267. +#endif
  268. goto end;
  269. }
  270. argc--;
  271. @@ -1267,11 +1356,6 @@
  272. j++;
  273. }
  274. -#ifdef HAVE_FORK
  275. - if(multi && do_multi(multi))
  276. - goto show_res;
  277. -#endif
  278. -
  279. if (j == 0)
  280. {
  281. for (i=0; i<ALGOR_NUM; i++)
  282. @@ -1604,6 +1688,11 @@
  283. signal(SIGALRM,sig_done);
  284. #endif /* SIGALRM */
  285. +#ifdef HAVE_FORK /* DM */
  286. + if(multi && do_multi(multi))
  287. + goto show_res;
  288. +#endif
  289. +
  290. #ifndef OPENSSL_NO_MD2
  291. if (doit[D_MD2])
  292. {
  293. @@ -2033,8 +2122,6 @@
  294. /* -O3 -fschedule-insns messes up an
  295. * optimization here! names[D_EVP]
  296. * somehow becomes NULL */
  297. - print_message(names[D_EVP],save_count,
  298. - lengths[j]);
  299. EVP_CIPHER_CTX_init(&ctx);
  300. if(decrypt)
  301. @@ -2043,6 +2130,9 @@
  302. EVP_EncryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
  303. EVP_CIPHER_CTX_set_padding(&ctx, 0);
  304. + print_message(names[D_EVP],save_count,
  305. + lengths[j]);
  306. +
  307. Time_F(START);
  308. if(decrypt)
  309. for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
  310. @@ -2107,6 +2197,8 @@
  311. }
  312. }
  313. d=Time_F(STOP);
  314. + if (do_cpu)
  315. + rsa_cpu_usage[j][0] = calc_cpu();
  316. BIO_printf(bio_err,mr ? "+R1:%ld:%d:%.2f\n"
  317. : "%ld %d bit private RSA's in %.2fs\n",
  318. count,rsa_bits[j],d);
  319. @@ -2142,6 +2234,8 @@
  320. }
  321. }
  322. d=Time_F(STOP);
  323. + if (do_cpu)
  324. + rsa_cpu_usage[j][1] = calc_cpu();
  325. BIO_printf(bio_err,mr ? "+R2:%ld:%d:%.2f\n"
  326. : "%ld %d bit public RSA's in %.2fs\n",
  327. count,rsa_bits[j],d);
  328. @@ -2201,6 +2295,8 @@
  329. }
  330. }
  331. d=Time_F(STOP);
  332. + if (do_cpu)
  333. + dsa_cpu_usage[j][0] = calc_cpu();
  334. BIO_printf(bio_err,mr ? "+R3:%ld:%d:%.2f\n"
  335. : "%ld %d bit DSA signs in %.2fs\n",
  336. count,dsa_bits[j],d);
  337. @@ -2236,6 +2332,8 @@
  338. }
  339. }
  340. d=Time_F(STOP);
  341. + if (do_cpu)
  342. + dsa_cpu_usage[j][1] = calc_cpu();
  343. BIO_printf(bio_err,mr ? "+R4:%ld:%d:%.2f\n"
  344. : "%ld %d bit DSA verify in %.2fs\n",
  345. count,dsa_bits[j],d);
  346. @@ -2530,14 +2628,23 @@
  347. fprintf(stdout,"The 'numbers' are in 1000s of bytes per second processed.\n");
  348. fprintf(stdout,"type ");
  349. }
  350. - for (j=0; j<SIZE_NUM; j++)
  351. + for (j=0; j<SIZE_NUM; j++) {
  352. fprintf(stdout,mr ? ":%d" : "%7d bytes",lengths[j]);
  353. + if (do_cpu && !mr)
  354. + fprintf(stdout, " /cpu");
  355. + }
  356. fprintf(stdout,"\n");
  357. }
  358. for (k=0; k<ALGOR_NUM; k++)
  359. {
  360. if (!doit[k]) continue;
  361. + if (k == D_EVP) {
  362. + if (evp_cipher)
  363. + names[D_EVP]=OBJ_nid2ln(evp_cipher->nid);
  364. + else
  365. + names[D_EVP]=OBJ_nid2ln(evp_md->type);
  366. + }
  367. if(mr)
  368. fprintf(stdout,"+F:%d:%s",k,names[k]);
  369. else
  370. @@ -2548,6 +2655,8 @@
  371. fprintf(stdout," %11.2fk",results[k][j]/1e3);
  372. else
  373. fprintf(stdout,mr ? ":%.2f" : " %11.2f ",results[k][j]);
  374. + if (do_cpu)
  375. + fprintf(stdout, mr ? "/%d" : "/%%%-3d", cpu_usage[k][j]);
  376. }
  377. fprintf(stdout,"\n");
  378. }
  379. @@ -2562,13 +2671,18 @@
  380. j=0;
  381. }
  382. if(mr)
  383. - fprintf(stdout,"+F2:%u:%u:%f:%f\n",
  384. - k,rsa_bits[k],rsa_results[k][0],
  385. - rsa_results[k][1]);
  386. - else
  387. - fprintf(stdout,"rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
  388. - rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
  389. - 1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
  390. + fprintf(stdout,"+F2:%u:%u:%f", k,rsa_bits[k],rsa_results[k][0]);
  391. + else
  392. + fprintf(stdout,"rsa %4u bits %8.6fs",rsa_bits[k],rsa_results[k][0]);
  393. + if (do_cpu)
  394. + fprintf(stdout, mr ? "/%d": "/%%%-3d", rsa_cpu_usage[k][0]);
  395. + fprintf(stdout, mr ? ":%f" : " %8.6fs", rsa_results[k][1]);
  396. + if (do_cpu)
  397. + fprintf(stdout, mr ? "/%d": "/%%%-3d", rsa_cpu_usage[k][1]);
  398. + if(!mr)
  399. + fprintf(stdout, " %8.1f %8.1f",
  400. + 1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
  401. + fprintf(stdout, "\n");
  402. }
  403. #endif
  404. #ifndef OPENSSL_NO_DSA
  405. @@ -2582,12 +2696,18 @@
  406. j=0;
  407. }
  408. if(mr)
  409. - fprintf(stdout,"+F3:%u:%u:%f:%f\n",
  410. - k,dsa_bits[k],dsa_results[k][0],dsa_results[k][1]);
  411. + fprintf(stdout,"+F3:%u:%u:%f", k,dsa_bits[k],dsa_results[k][0]);
  412. else
  413. - fprintf(stdout,"dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
  414. - dsa_bits[k],dsa_results[k][0],dsa_results[k][1],
  415. - 1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
  416. + fprintf(stdout,"dsa %4u bits %8.6fs",dsa_bits[k],dsa_results[k][0]);
  417. + if (do_cpu)
  418. + fprintf(stdout, mr ? "/%d": "/%%%-3d", dsa_cpu_usage[k][0]);
  419. + fprintf(stdout, mr ? ":%f" : " %8.6fs", dsa_results[k][1]);
  420. + if (do_cpu)
  421. + fprintf(stdout, mr ? "/%d": "/%%%-3d", dsa_cpu_usage[k][1]);
  422. + if(!mr)
  423. + fprintf(stdout, " %8.1f %8.1f",
  424. + 1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
  425. + fprintf(stdout, "\n");
  426. }
  427. #endif
  428. #ifndef OPENSSL_NO_ECDSA
  429. @@ -2712,8 +2832,10 @@
  430. static void print_result(int alg,int run_no,int count,double time_used)
  431. {
  432. - BIO_printf(bio_err,mr ? "+R:%d:%s:%f\n"
  433. - : "%d %s's in %.2fs\n",count,names[alg],time_used);
  434. + if (do_cpu)
  435. + cpu_usage[alg][run_no] = calc_cpu();
  436. + BIO_printf(bio_err,mr ? "+R:%ld:%s:%f\n"
  437. + : "%ld %s's in %.2fs\n",count,names[alg],time_used);
  438. results[alg][run_no]=((double)count)/time_used*lengths[run_no];
  439. }
  440. @@ -2806,29 +2928,11 @@
  441. p=buf+3;
  442. alg=atoi(sstrsep(&p,sep));
  443. sstrsep(&p,sep);
  444. - for(j=0 ; j < SIZE_NUM ; ++j)
  445. + for(j=0 ; j < SIZE_NUM ; ++j) {
  446. + if (do_cpu && strchr(p, '/'))
  447. + cpu_usage[alg][j] = atoi(strchr(p, '/') + 1);
  448. results[alg][j]+=atof(sstrsep(&p,sep));
  449. }
  450. - else if(!strncmp(buf,"+F2:",4))
  451. - {
  452. - int k;
  453. - double d;
  454. -
  455. - p=buf+4;
  456. - k=atoi(sstrsep(&p,sep));
  457. - sstrsep(&p,sep);
  458. -
  459. - d=atof(sstrsep(&p,sep));
  460. - if(n)
  461. - rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
  462. - else
  463. - rsa_results[k][0]=d;
  464. -
  465. - d=atof(sstrsep(&p,sep));
  466. - if(n)
  467. - rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
  468. - else
  469. - rsa_results[k][1]=d;
  470. }
  471. else if(!strncmp(buf,"+F2:",4))
  472. {
  473. @@ -2839,12 +2943,18 @@
  474. k=atoi(sstrsep(&p,sep));
  475. sstrsep(&p,sep);
  476. + /* before we move the token along */
  477. + if (do_cpu && strchr(p, '/'))
  478. + rsa_cpu_usage[k][0] = atoi(strchr(p, '/') + 1);
  479. d=atof(sstrsep(&p,sep));
  480. if(n)
  481. rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
  482. else
  483. rsa_results[k][0]=d;
  484. + /* before we move the token along */
  485. + if (do_cpu && strchr(p, '/'))
  486. + rsa_cpu_usage[k][1] = atoi(strchr(p, '/') + 1);
  487. d=atof(sstrsep(&p,sep));
  488. if(n)
  489. rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
  490. @@ -2860,12 +2970,18 @@
  491. k=atoi(sstrsep(&p,sep));
  492. sstrsep(&p,sep);
  493. + /* before we move the token along */
  494. + if (do_cpu && strchr(p, '/'))
  495. + dsa_cpu_usage[k][0] = atoi(strchr(p, '/') + 1);
  496. d=atof(sstrsep(&p,sep));
  497. if(n)
  498. dsa_results[k][0]=1/(1/dsa_results[k][0]+1/d);
  499. else
  500. dsa_results[k][0]=d;
  501. + /* before we move the token along */
  502. + if (do_cpu && strchr(p, '/'))
  503. + dsa_cpu_usage[k][1] = atoi(strchr(p, '/') + 1);
  504. d=atof(sstrsep(&p,sep));
  505. if(n)
  506. dsa_results[k][1]=1/(1/dsa_results[k][1]+1/d);
  507. Index: libssl/crypto/cryptlib.h
  508. ===================================================================
  509. RCS file: libssl/crypto/cryptlib.h,v
  510. retrieving revision 1.1.1.5
  511. retrieving revision 1.4
  512. diff -u -r1.1.1.5 -r1.4
  513. --- libssl/crypto/cryptlib.h 15 Sep 2008 23:36:40 -0000 1.1.1.5
  514. +++ libssl/crypto/cryptlib.h 15 Sep 2008 23:44:15 -0000 1.4
  515. @@ -62,7 +62,7 @@
  516. #include <stdlib.h>
  517. #include <string.h>
  518. -#include "e_os.h"
  519. +#include <openssl/e_os.h>
  520. #ifdef OPENSSL_USE_APPLINK
  521. #define BIO_FLAGS_UPLINK 0x8000
  522. Index: libssl/crypto/engine/eng_all.c
  523. ===================================================================
  524. RCS file: libssl/crypto/engine/eng_all.c,v
  525. retrieving revision 1.1.1.4
  526. retrieving revision 1.6
  527. diff -u -r1.1.1.4 -r1.6
  528. --- libssl/crypto/engine/eng_all.c 15 Sep 2008 23:36:41 -0000 1.1.1.4
  529. +++ libssl/crypto/engine/eng_all.c 15 Sep 2008 23:44:16 -0000 1.6
  530. @@ -104,7 +104,7 @@
  531. #endif
  532. #endif
  533. #ifndef OPENSSL_NO_HW
  534. -#if defined(__OpenBSD__) || defined(__FreeBSD__)
  535. +#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
  536. ENGINE_load_cryptodev();
  537. #endif
  538. #if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
  539. @@ -113,7 +113,7 @@
  540. #endif
  541. }
  542. -#if defined(__OpenBSD__) || defined(__FreeBSD__)
  543. +#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
  544. void ENGINE_setup_bsd_cryptodev(void) {
  545. static int bsd_cryptodev_default_loaded = 0;
  546. if (!bsd_cryptodev_default_loaded) {
  547. Index: libssl/crypto/engine/eng_cryptodev.c
  548. ===================================================================
  549. RCS file: libssl/crypto/engine/eng_cryptodev.c,v
  550. retrieving revision 1.1.1.1
  551. retrieving revision 1.9
  552. diff -u -r1.1.1.1 -r1.9
  553. --- libssl/crypto/engine/eng_cryptodev.c 3 Feb 2006 00:06:09 -0000 1.1.1.1
  554. +++ libssl/crypto/engine/eng_cryptodev.c 4 Aug 2008 00:51:09 -0000 1.9
  555. @@ -68,6 +68,16 @@
  556. struct dev_crypto_state {
  557. struct session_op d_sess;
  558. int d_fd;
  559. +
  560. +#ifdef USE_CRYPTODEV_DIGESTS
  561. + char dummy_mac_key[20];
  562. +
  563. + unsigned char digest_res[20];
  564. + char *mac_data;
  565. + int mac_len;
  566. +
  567. + int copy;
  568. +#endif
  569. };
  570. static u_int32_t cryptodev_asymfeat = 0;
  571. @@ -75,9 +85,11 @@
  572. static int get_asym_dev_crypto(void);
  573. static int open_dev_crypto(void);
  574. static int get_dev_crypto(void);
  575. +#if 0
  576. static int cryptodev_max_iv(int cipher);
  577. static int cryptodev_key_length_valid(int cipher, int len);
  578. static int cipher_nid_to_cryptodev(int nid);
  579. +#endif
  580. static int get_cryptodev_ciphers(const int **cnids);
  581. static int get_cryptodev_digests(const int **cnids);
  582. static int cryptodev_usable_ciphers(const int **nids);
  583. @@ -100,7 +112,7 @@
  584. static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
  585. const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
  586. static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
  587. - RSA *rsa);
  588. + RSA *rsa, BN_CTX *ctx);
  589. static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
  590. static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
  591. const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
  592. @@ -130,9 +142,12 @@
  593. int ivmax;
  594. int keylen;
  595. } ciphers[] = {
  596. + { CRYPTO_ARC4, NID_rc4, 0, 16, },
  597. { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, },
  598. { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, },
  599. { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, },
  600. + { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, },
  601. + { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, },
  602. { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, },
  603. { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, },
  604. { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, },
  605. @@ -142,14 +157,15 @@
  606. static struct {
  607. int id;
  608. int nid;
  609. + int keylen;
  610. } digests[] = {
  611. - { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, },
  612. - { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, },
  613. - { CRYPTO_MD5_KPDK, NID_undef, },
  614. - { CRYPTO_SHA1_KPDK, NID_undef, },
  615. - { CRYPTO_MD5, NID_md5, },
  616. - { CRYPTO_SHA1, NID_undef, },
  617. - { 0, NID_undef, },
  618. + { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20},
  619. + { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16/*?*/},
  620. + { CRYPTO_MD5_KPDK, NID_undef, 0},
  621. + { CRYPTO_SHA1_KPDK, NID_undef, 0},
  622. + { CRYPTO_MD5, NID_md5, 16},
  623. + { CRYPTO_SHA1, NID_sha1, 20},
  624. + { 0, NID_undef, 0},
  625. };
  626. /*
  627. @@ -176,10 +192,17 @@
  628. static int
  629. get_dev_crypto(void)
  630. {
  631. - int fd, retfd;
  632. + static int fd = -1;
  633. + int retfd;
  634. - if ((fd = open_dev_crypto()) == -1)
  635. - return (-1);
  636. + if (fd == -1) {
  637. + if ((fd = open_dev_crypto()) == -1)
  638. + return (-1);
  639. + if (fcntl(fd, F_SETFD, 1) == -1) {
  640. + close(fd);
  641. + return (-1);
  642. + }
  643. + }
  644. if (ioctl(fd, CRIOGET, &retfd) == -1)
  645. return (-1);
  646. @@ -202,6 +225,7 @@
  647. return fd;
  648. }
  649. +#if 0
  650. /*
  651. * XXXX this needs to be set for each alg - and determined from
  652. * a running card.
  653. @@ -245,6 +269,7 @@
  654. return (ciphers[i].id);
  655. return (0);
  656. }
  657. +#endif
  658. /*
  659. * Find out what ciphers /dev/crypto will let us have a session for.
  660. @@ -264,7 +289,7 @@
  661. return (0);
  662. }
  663. memset(&sess, 0, sizeof(sess));
  664. - sess.key = (caddr_t)"123456781234567812345678";
  665. + sess.key = (caddr_t)"123456789abcdefghijklmno";
  666. for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
  667. if (ciphers[i].nid == NID_undef)
  668. @@ -303,10 +328,12 @@
  669. return (0);
  670. }
  671. memset(&sess, 0, sizeof(sess));
  672. + sess.mackey = (caddr_t)"123456789abcdefghijklmno";
  673. for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
  674. if (digests[i].nid == NID_undef)
  675. continue;
  676. sess.mac = digests[i].id;
  677. + sess.mackeylen = digests[i].keylen;
  678. sess.cipher = 0;
  679. if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
  680. ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
  681. @@ -351,6 +378,9 @@
  682. static int
  683. cryptodev_usable_digests(const int **nids)
  684. {
  685. +#ifdef USE_CRYPTODEV_DIGESTS
  686. + return (get_cryptodev_digests(nids));
  687. +#else
  688. /*
  689. * XXXX just disable all digests for now, because it sucks.
  690. * we need a better way to decide this - i.e. I may not
  691. @@ -365,6 +395,7 @@
  692. */
  693. *nids = NULL;
  694. return (0);
  695. +#endif
  696. }
  697. static int
  698. @@ -427,16 +458,20 @@
  699. {
  700. struct dev_crypto_state *state = ctx->cipher_data;
  701. struct session_op *sess = &state->d_sess;
  702. - int cipher;
  703. + int cipher, i;
  704. - if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef)
  705. - return (0);
  706. -
  707. - if (ctx->cipher->iv_len > cryptodev_max_iv(cipher))
  708. - return (0);
  709. + for (i = 0; ciphers[i].id; i++)
  710. + if (ctx->cipher->nid == ciphers[i].nid &&
  711. + ctx->cipher->iv_len <= ciphers[i].ivmax &&
  712. + ctx->key_len == ciphers[i].keylen) {
  713. + cipher = ciphers[i].id;
  714. + break;
  715. + }
  716. - if (!cryptodev_key_length_valid(cipher, ctx->key_len))
  717. + if (!ciphers[i].id) {
  718. + state->d_fd = -1;
  719. return (0);
  720. + }
  721. memset(sess, 0, sizeof(struct session_op));
  722. @@ -496,6 +531,20 @@
  723. * gets called when libcrypto requests a cipher NID.
  724. */
  725. +/* RC4 */
  726. +const EVP_CIPHER cryptodev_rc4 = {
  727. + NID_rc4,
  728. + 1, 16, 0,
  729. + EVP_CIPH_VARIABLE_LENGTH,
  730. + cryptodev_init_key,
  731. + cryptodev_cipher,
  732. + cryptodev_cleanup,
  733. + sizeof(struct dev_crypto_state),
  734. + NULL,
  735. + NULL,
  736. + NULL
  737. +};
  738. +
  739. /* DES CBC EVP */
  740. const EVP_CIPHER cryptodev_des_cbc = {
  741. NID_des_cbc,
  742. @@ -563,6 +612,32 @@
  743. NULL
  744. };
  745. +const EVP_CIPHER cryptodev_aes_192_cbc = {
  746. + NID_aes_192_cbc,
  747. + 16, 24, 16,
  748. + EVP_CIPH_CBC_MODE,
  749. + cryptodev_init_key,
  750. + cryptodev_cipher,
  751. + cryptodev_cleanup,
  752. + sizeof(struct dev_crypto_state),
  753. + EVP_CIPHER_set_asn1_iv,
  754. + EVP_CIPHER_get_asn1_iv,
  755. + NULL
  756. +};
  757. +
  758. +const EVP_CIPHER cryptodev_aes_256_cbc = {
  759. + NID_aes_256_cbc,
  760. + 16, 32, 16,
  761. + EVP_CIPH_CBC_MODE,
  762. + cryptodev_init_key,
  763. + cryptodev_cipher,
  764. + cryptodev_cleanup,
  765. + sizeof(struct dev_crypto_state),
  766. + EVP_CIPHER_set_asn1_iv,
  767. + EVP_CIPHER_get_asn1_iv,
  768. + NULL
  769. +};
  770. +
  771. /*
  772. * Registered by the ENGINE when used to find out how to deal with
  773. * a particular NID in the ENGINE. this says what we'll do at the
  774. @@ -576,6 +651,9 @@
  775. return (cryptodev_usable_ciphers(nids));
  776. switch (nid) {
  777. + case NID_rc4:
  778. + *cipher = &cryptodev_rc4;
  779. + break;
  780. case NID_des_ede3_cbc:
  781. *cipher = &cryptodev_3des_cbc;
  782. break;
  783. @@ -591,6 +669,12 @@
  784. case NID_aes_128_cbc:
  785. *cipher = &cryptodev_aes_cbc;
  786. break;
  787. + case NID_aes_192_cbc:
  788. + *cipher = &cryptodev_aes_192_cbc;
  789. + break;
  790. + case NID_aes_256_cbc:
  791. + *cipher = &cryptodev_aes_256_cbc;
  792. + break;
  793. default:
  794. *cipher = NULL;
  795. break;
  796. @@ -598,6 +682,234 @@
  797. return (*cipher != NULL);
  798. }
  799. +
  800. +#ifdef USE_CRYPTODEV_DIGESTS
  801. +
  802. +/* convert digest type to cryptodev */
  803. +static int
  804. +digest_nid_to_cryptodev(int nid)
  805. +{
  806. + int i;
  807. +
  808. + for (i = 0; digests[i].id; i++)
  809. + if (digests[i].nid == nid)
  810. + return (digests[i].id);
  811. + return (0);
  812. +}
  813. +
  814. +
  815. +static int
  816. +digest_key_length(int nid)
  817. +{
  818. + int i;
  819. +
  820. + for (i = 0; digests[i].id; i++)
  821. + if (digests[i].nid == nid)
  822. + return digests[i].keylen;
  823. + return (0);
  824. +}
  825. +
  826. +
  827. +static int cryptodev_digest_init(EVP_MD_CTX *ctx)
  828. +{
  829. + struct dev_crypto_state *state = ctx->md_data;
  830. + struct session_op *sess = &state->d_sess;
  831. + int digest;
  832. +
  833. + if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){
  834. + printf("cryptodev_digest_init: Can't get digest \n");
  835. + return (0);
  836. + }
  837. +
  838. + memset(state, 0, sizeof(struct dev_crypto_state));
  839. +
  840. + if ((state->d_fd = get_dev_crypto()) < 0) {
  841. + printf("cryptodev_digest_init: Can't get Dev \n");
  842. + return (0);
  843. + }
  844. +
  845. + sess->mackey = state->dummy_mac_key;
  846. + sess->mackeylen = digest_key_length(ctx->digest->type);
  847. + sess->mac = digest;
  848. +
  849. + if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
  850. + close(state->d_fd);
  851. + state->d_fd = -1;
  852. + printf("cryptodev_digest_init: Open session failed\n");
  853. + return (0);
  854. + }
  855. +
  856. + return (1);
  857. +}
  858. +
  859. +static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
  860. + size_t count)
  861. +{
  862. + struct crypt_op cryp;
  863. + struct dev_crypto_state *state = ctx->md_data;
  864. + struct session_op *sess = &state->d_sess;
  865. +
  866. + if (!data || state->d_fd < 0) {
  867. + printf("cryptodev_digest_update: illegal inputs \n");
  868. + return (0);
  869. + }
  870. +
  871. + if (!count) {
  872. + return (0);
  873. + }
  874. +
  875. + if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
  876. + /* if application doesn't support one buffer */
  877. + state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count);
  878. +
  879. + if (!state->mac_data) {
  880. + printf("cryptodev_digest_update: realloc failed\n");
  881. + return (0);
  882. + }
  883. +
  884. + memcpy(state->mac_data + state->mac_len, data, count);
  885. + state->mac_len += count;
  886. +
  887. + return (1);
  888. + }
  889. +
  890. + memset(&cryp, 0, sizeof(cryp));
  891. +
  892. + cryp.ses = sess->ses;
  893. + cryp.flags = 0;
  894. + cryp.len = count;
  895. + cryp.src = (caddr_t) data;
  896. + cryp.dst = NULL;
  897. + cryp.mac = state->digest_res;
  898. + if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
  899. + printf("cryptodev_digest_update: digest failed\n");
  900. + return (0);
  901. + }
  902. + return (1);
  903. +}
  904. +
  905. +
  906. +static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
  907. +{
  908. + struct crypt_op cryp;
  909. + struct dev_crypto_state *state = ctx->md_data;
  910. + struct session_op *sess = &state->d_sess;
  911. +
  912. + int ret = 1;
  913. +
  914. + if (!md || state->d_fd < 0) {
  915. + printf("cryptodev_digest_final: illegal input\n");
  916. + return(0);
  917. + }
  918. +
  919. + if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
  920. + /* if application doesn't support one buffer */
  921. + memset(&cryp, 0, sizeof(cryp));
  922. +
  923. + cryp.ses = sess->ses;
  924. + cryp.flags = 0;
  925. + cryp.len = state->mac_len;
  926. + cryp.src = state->mac_data;
  927. + cryp.dst = NULL;
  928. + cryp.mac = md;
  929. +
  930. + if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
  931. + printf("cryptodev_digest_final: digest failed\n");
  932. + return (0);
  933. + }
  934. +
  935. + return 1;
  936. + }
  937. +
  938. + memcpy(md, state->digest_res, ctx->digest->md_size);
  939. +
  940. + return (ret);
  941. +}
  942. +
  943. +
  944. +static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
  945. +{
  946. + int ret = 1;
  947. + struct dev_crypto_state *state = ctx->md_data;
  948. + struct session_op *sess = &state->d_sess;
  949. +
  950. + if (state->d_fd < 0) {
  951. + printf("cryptodev_digest_cleanup: illegal input\n");
  952. + return (0);
  953. + }
  954. +
  955. + if (state->mac_data) {
  956. + OPENSSL_free(state->mac_data);
  957. + state->mac_data = NULL;
  958. + state->mac_len = 0;
  959. + }
  960. +
  961. + if (state->copy)
  962. + return 1;
  963. +
  964. + if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
  965. + printf("cryptodev_digest_cleanup: failed to close session\n");
  966. + ret = 0;
  967. + } else {
  968. + ret = 1;
  969. + }
  970. + close(state->d_fd);
  971. + state->d_fd = -1;
  972. +
  973. + return (ret);
  974. +}
  975. +
  976. +static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
  977. +{
  978. + struct dev_crypto_state *fstate = from->md_data;
  979. + struct dev_crypto_state *dstate = to->md_data;
  980. +
  981. + memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
  982. +
  983. + if (fstate->mac_len != 0) {
  984. + dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
  985. + memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
  986. + }
  987. +
  988. + dstate->copy = 1;
  989. +
  990. + return 1;
  991. +}
  992. +
  993. +
  994. +const EVP_MD cryptodev_sha1 = {
  995. + NID_sha1,
  996. + NID_undef,
  997. + SHA_DIGEST_LENGTH,
  998. + EVP_MD_FLAG_ONESHOT,
  999. + cryptodev_digest_init,
  1000. + cryptodev_digest_update,
  1001. + cryptodev_digest_final,
  1002. + cryptodev_digest_copy,
  1003. + cryptodev_digest_cleanup,
  1004. + EVP_PKEY_NULL_method,
  1005. + SHA_CBLOCK,
  1006. + sizeof(struct dev_crypto_state),
  1007. +};
  1008. +
  1009. +const EVP_MD cryptodev_md5 = {
  1010. + NID_md5,
  1011. + NID_undef,
  1012. + 16 /* MD5_DIGEST_LENGTH */,
  1013. + EVP_MD_FLAG_ONESHOT,
  1014. + cryptodev_digest_init,
  1015. + cryptodev_digest_update,
  1016. + cryptodev_digest_final,
  1017. + cryptodev_digest_copy,
  1018. + cryptodev_digest_cleanup,
  1019. + EVP_PKEY_NULL_method,
  1020. + 64 /* MD5_CBLOCK */,
  1021. + sizeof(struct dev_crypto_state),
  1022. +};
  1023. +
  1024. +#endif /* USE_CRYPTODEV_DIGESTS */
  1025. +
  1026. +
  1027. static int
  1028. cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
  1029. const int **nids, int nid)
  1030. @@ -606,10 +918,15 @@
  1031. return (cryptodev_usable_digests(nids));
  1032. switch (nid) {
  1033. +#ifdef USE_CRYPTODEV_DIGESTS
  1034. case NID_md5:
  1035. - *digest = NULL; /* need to make a clean md5 critter */
  1036. + *digest = &cryptodev_md5;
  1037. break;
  1038. + case NID_sha1:
  1039. + *digest = &cryptodev_sha1;
  1040. + break;
  1041. default:
  1042. +#endif /* USE_CRYPTODEV_DIGESTS */
  1043. *digest = NULL;
  1044. break;
  1045. }
  1046. @@ -625,7 +942,7 @@
  1047. bn2crparam(const BIGNUM *a, struct crparam *crp)
  1048. {
  1049. int i, j, k;
  1050. - ssize_t words, bytes, bits;
  1051. + ssize_t bytes, bits;
  1052. u_char *b;
  1053. crp->crp_p = NULL;
  1054. @@ -637,6 +954,7 @@
  1055. b = malloc(bytes);
  1056. if (b == NULL)
  1057. return (1);
  1058. + memset(b, 0, bytes);
  1059. crp->crp_p = b;
  1060. crp->crp_nbits = bits;
  1061. @@ -681,7 +999,7 @@
  1062. {
  1063. int i;
  1064. - for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) {
  1065. + for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
  1066. if (kop->crk_param[i].crp_p)
  1067. free(kop->crk_param[i].crp_p);
  1068. kop->crk_param[i].crp_p = NULL;
  1069. @@ -756,12 +1074,10 @@
  1070. }
  1071. static int
  1072. -cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
  1073. +cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
  1074. {
  1075. int r;
  1076. - BN_CTX *ctx;
  1077. -
  1078. - ctx = BN_CTX_new();
  1079. + ctx = BN_CTX_new(); /* not sure why we reallocate this. DM */
  1080. r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
  1081. BN_CTX_free(ctx);
  1082. return (r);
  1083. Index: libssl/crypto/engine/engine.h
  1084. ===================================================================
  1085. RCS file: libssl/crypto/engine/engine.h,v
  1086. retrieving revision 1.1.1.6
  1087. retrieving revision 1.6
  1088. diff -u -r1.1.1.6 -r1.6
  1089. --- libssl/crypto/engine/engine.h 15 Sep 2008 23:36:41 -0000 1.1.1.6
  1090. +++ libssl/crypto/engine/engine.h 15 Sep 2008 23:44:16 -0000 1.6
  1091. @@ -703,7 +703,7 @@
  1092. * values. */
  1093. void *ENGINE_get_static_state(void);
  1094. -#if defined(__OpenBSD__) || defined(__FreeBSD__)
  1095. +#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
  1096. void ENGINE_setup_bsd_cryptodev(void);
  1097. #endif
  1098. Index: libssl/crypto/evp/c_all.c
  1099. ===================================================================
  1100. RCS file: libssl/crypto/evp/c_all.c,v
  1101. retrieving revision 1.1.1.4
  1102. retrieving revision 1.3
  1103. diff -u -r1.1.1.4 -r1.3
  1104. --- libssl/crypto/evp/c_all.c 3 Feb 2006 00:06:07 -0000 1.1.1.4
  1105. +++ libssl/crypto/evp/c_all.c 23 Jul 2007 12:23:31 -0000 1.3
  1106. @@ -83,7 +83,7 @@
  1107. OpenSSL_add_all_ciphers();
  1108. OpenSSL_add_all_digests();
  1109. #ifndef OPENSSL_NO_ENGINE
  1110. -# if defined(__OpenBSD__) || defined(__FreeBSD__)
  1111. +# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
  1112. ENGINE_setup_bsd_cryptodev();
  1113. # endif
  1114. #endif
  1115. Index: libssl/crypto/evp/c_alld.c
  1116. ===================================================================
  1117. RCS file: libssl/crypto/evp/c_alld.c,v
  1118. retrieving revision 1.1.1.4
  1119. retrieving revision 1.3
  1120. diff -u -r1.1.1.4 -r1.3
  1121. --- libssl/crypto/evp/c_alld.c 3 Feb 2006 00:06:07 -0000 1.1.1.4
  1122. +++ libssl/crypto/evp/c_alld.c 3 Feb 2006 00:36:44 -0000 1.3
  1123. @@ -81,7 +81,7 @@
  1124. EVP_add_digest(EVP_dss());
  1125. #endif
  1126. #endif
  1127. -#ifndef OPENSSL_NO_SHA
  1128. +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
  1129. EVP_add_digest(EVP_sha1());
  1130. EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
  1131. EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
  1132. Index: libssl/engines/Makefile
  1133. ===================================================================
  1134. RCS file: libssl/engines/Makefile,v
  1135. retrieving revision 1.1.1.3
  1136. retrieving revision 1.3
  1137. diff -u -r1.1.1.3 -r1.3
  1138. --- libssl/engines/Makefile 15 Sep 2008 23:36:41 -0000 1.1.1.3
  1139. +++ libssl/engines/Makefile 15 Sep 2008 23:44:16 -0000 1.3
  1140. @@ -96,6 +96,7 @@
  1141. ( echo installing $$l; \
  1142. if [ "$(PLATFORM)" != "Cygwin" ]; then \
  1143. case "$(CFLAGS)" in \
  1144. + *OPENSSL_NO_HW*) continue;; \
  1145. *DSO_DLFCN*) sfx="so";; \
  1146. *DSO_DL*) sfx="sl";; \
  1147. *) sfx="bad";; \