- update to 0.9.8j

- move patches from files-beta back to files
- FIPS disabled with force
- support for crypto_hw device cloning restored
- support for crypto_hw aes_256 restored

1 files changed, 0 insertions, 210 deletions

diff --git a/security/openssl/files/patch-hw_cryptodev.c-aes_256 b/security/openssl/files/patch-hw_cryptodev.c-aes_256
deleted file mode 100644
index e4efffa21530..000000000000
--- a/security/openssl/files/patch-hw_cryptodev.c-aes_256
+++ /dev/null
@@ -1,210 +0,0 @@
-===================================================================
-RCS file: crypto/engine/hw_cryptodev.c,v
-retrieving revision 1.17
-retrieving revision 1.18
-diff -u -p -r1.17 -r1.18
---- crypto/engine/hw_cryptodev.c	2003/06/03 15:57:44	1.17
-+++ crypto/engine/hw_cryptodev.c	2003/08/07 16:27:47	1.18
-@@ -68,14 +68,19 @@ struct dev_crypto_state {
- 	int d_fd;
- };
- 
-+struct dev_crypto_cipher {
-+	int	c_id;
-+	int	c_nid;
-+	int	c_ivmax;
-+	int	c_keylen;
-+};
-+
- static u_int32_t cryptodev_asymfeat = 0;
- 
- static int get_asym_dev_crypto(void);
- static int open_dev_crypto(void);
- static int get_dev_crypto(void);
--static int cryptodev_max_iv(int cipher);
--static int cryptodev_key_length_valid(int cipher, int len);
--static int cipher_nid_to_cryptodev(int nid);
-+static struct dev_crypto_cipher *cipher_nid_to_cryptodev(int nid);
- static int get_cryptodev_ciphers(const int **cnids);
- static int get_cryptodev_digests(const int **cnids);
- static int cryptodev_usable_ciphers(const int **nids);
-@@ -122,15 +127,12 @@ static const ENGINE_CMD_DEFN cryptodev_d
- 	{ 0, NULL, NULL, 0 }
- };
- 
--static struct {
--	int	id;
--	int	nid;
--	int	ivmax;
--	int	keylen;
--} ciphers[] = {
-+static struct dev_crypto_cipher ciphers[] = {
- 	{ CRYPTO_DES_CBC,		NID_des_cbc,		8,	 8, },
- 	{ CRYPTO_3DES_CBC,		NID_des_ede3_cbc,	8,	24, },
- 	{ CRYPTO_AES_CBC,		NID_aes_128_cbc,	16,	16, },
-+	{ CRYPTO_AES_CBC,		NID_aes_192_cbc,	16,	24, },
-+	{ CRYPTO_AES_CBC,		NID_aes_256_cbc,	16,	32, },
- 	{ CRYPTO_BLF_CBC,		NID_bf_cbc,		8,	16, },
- 	{ CRYPTO_CAST_CBC,		NID_cast5_cbc,		8,	16, },
- 	{ CRYPTO_SKIPJACK_CBC,		NID_undef,		0,	 0, },
-@@ -200,48 +202,16 @@ get_asym_dev_crypto(void)
- 	return fd;
- }
- 
--/*
-- * XXXX this needs to be set for each alg - and determined from
-- * a running card.
-- */
--static int
--cryptodev_max_iv(int cipher)
--{
--	int i;
--
--	for (i = 0; ciphers[i].id; i++)
--		if (ciphers[i].id == cipher)
--			return (ciphers[i].ivmax);
--	return (0);
--}
--
--/*
-- * XXXX this needs to be set for each alg - and determined from
-- * a running card. For now, fake it out - but most of these
-- * for real devices should return 1 for the supported key
-- * sizes the device can handle.
-- */
--static int
--cryptodev_key_length_valid(int cipher, int len)
--{
--	int i;
--
--	for (i = 0; ciphers[i].id; i++)
--		if (ciphers[i].id == cipher)
--			return (ciphers[i].keylen == len);
--	return (0);
--}
--
- /* convert libcrypto nids to cryptodev */
--static int
-+static struct dev_crypto_cipher *
- cipher_nid_to_cryptodev(int nid)
- {
- 	int i;
- 
--	for (i = 0; ciphers[i].id; i++)
--		if (ciphers[i].nid == nid)
--			return (ciphers[i].id);
--	return (0);
-+	for (i = 0; ciphers[i].c_id; i++)
-+		if (ciphers[i].c_nid == nid)
-+			return (&ciphers[i]);
-+	return (NULL);
- }
- 
- /*
-@@ -264,15 +234,15 @@ get_cryptodev_ciphers(const int **cnids)
- 	memset(&sess, 0, sizeof(sess));
- 	sess.key = (caddr_t)"123456781234567812345678";
- 
--	for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
--		if (ciphers[i].nid == NID_undef)
-+	for (i = 0; ciphers[i].c_id && count < CRYPTO_ALGORITHM_MAX; i++) {
-+		if (ciphers[i].c_nid == NID_undef)
- 			continue;
--		sess.cipher = ciphers[i].id;
--		sess.keylen = ciphers[i].keylen;
-+		sess.cipher = ciphers[i].c_id;
-+		sess.keylen = ciphers[i].c_keylen;
- 		sess.mac = 0;
- 		if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
- 		    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
--			nids[count++] = ciphers[i].nid;
-+			nids[count++] = ciphers[i].c_nid;
- 	}
- 	close(fd);
- 
-@@ -425,15 +395,15 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, 
- {
- 	struct dev_crypto_state *state = ctx->cipher_data;
- 	struct session_op *sess = &state->d_sess;
--	int cipher;
-+	struct dev_crypto_cipher *cipher;
- 
--	if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef)
-+	if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NULL)
- 		return (0);
- 
--	if (ctx->cipher->iv_len > cryptodev_max_iv(cipher))
-+	if (ctx->cipher->iv_len > cipher->c_ivmax)
- 		return (0);
- 
--	if (!cryptodev_key_length_valid(cipher, ctx->key_len))
-+	if (ctx->key_len != cipher->c_keylen)
- 		return (0);
- 
- 	memset(sess, 0, sizeof(struct session_op));
-@@ -443,7 +413,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, 
- 
- 	sess->key = (unsigned char *)key;
- 	sess->keylen = ctx->key_len;
--	sess->cipher = cipher;
-+	sess->cipher = cipher->c_id;
- 
- 	if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
- 		close(state->d_fd);
-@@ -548,7 +518,7 @@ const EVP_CIPHER cryptodev_cast_cbc = {
- 	NULL
- };
- 
--const EVP_CIPHER cryptodev_aes_cbc = {
-+const EVP_CIPHER cryptodev_aes_128_cbc = {
- 	NID_aes_128_cbc,
- 	16, 16, 16,
- 	EVP_CIPH_CBC_MODE,
-@@ -561,6 +531,32 @@ const EVP_CIPHER cryptodev_aes_cbc = {
- 	NULL
- };
- 
-+const EVP_CIPHER cryptodev_aes_192_cbc = {
-+	NID_aes_192_cbc,
-+	16, 24, 16,
-+	EVP_CIPH_CBC_MODE,
-+	cryptodev_init_key,
-+	cryptodev_cipher,
-+	cryptodev_cleanup,
-+	sizeof(struct dev_crypto_state),
-+	EVP_CIPHER_set_asn1_iv,
-+	EVP_CIPHER_get_asn1_iv,
-+	NULL
-+};
-+
-+const EVP_CIPHER cryptodev_aes_256_cbc = {
-+	NID_aes_256_cbc,
-+	16, 32, 16,
-+	EVP_CIPH_CBC_MODE,
-+	cryptodev_init_key,
-+	cryptodev_cipher,
-+	cryptodev_cleanup,
-+	sizeof(struct dev_crypto_state),
-+	EVP_CIPHER_set_asn1_iv,
-+	EVP_CIPHER_get_asn1_iv,
-+	NULL
-+};
-+
- /*
-  * Registered by the ENGINE when used to find out how to deal with
-  * a particular NID in the ENGINE. this says what we'll do at the
-@@ -587,7 +583,13 @@ cryptodev_engine_ciphers(ENGINE *e, cons
- 		*cipher = &cryptodev_cast_cbc;
- 		break;
- 	case NID_aes_128_cbc:
--		*cipher = &cryptodev_aes_cbc;
-+		*cipher = &cryptodev_aes_128_cbc;
-+		break;
-+	case NID_aes_192_cbc:
-+		*cipher = &cryptodev_aes_192_cbc;
-+		break;
-+	case NID_aes_256_cbc:
-+		*cipher = &cryptodev_aes_256_cbc;
- 		break;
- 	default:
- 		*cipher = NULL;