package/openssl/003-cryptodev-Fix-issue-with-signature-generation.patch - buildroot - Git at Google

 Forward port of 0001-cryptodev-Fix-issue-with-signature-generation.patch
 from http://rt.openssl.org/Ticket/Display.html?id=2770&user=guest&pass=guest
 It was originally targetted at 1.0.2-beta3.

 Without this patch digest acceleration via cryptodev is broken.

 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

 diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto/engine/eng_cryptodev.c
 --- openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c	2015-01-28 14:59:58.146682462 -0300
 +++ openssl-1.0.2/crypto/engine/eng_cryptodev.c	2015-01-28 15:29:25.107649077 -0300
 @@ -2,6 +2,7 @@
   * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
   * Copyright (c) 2002 Theo de Raadt
   * Copyright (c) 2002 Markus Friedl
 + * Copyright (c) 2012 Nikos Mavrogiannopoulos
   * All rights reserved.
   *
   * Redistribution and use in source and binary forms, with or without
 @@ -72,7 +73,6 @@
      struct session_op d_sess;
      int d_fd;
  # ifdef USE_CRYPTODEV_DIGESTS
 -    char dummy_mac_key[HASH_MAX_LEN];
      unsigned char digest_res[HASH_MAX_LEN];
      char *mac_data;
      int mac_len;
 @@ -189,8 +189,10 @@
  static struct {
      int id;
      int nid;
 -    int keylen;
 +    int digestlen;
  } digests[] = {
 +#if 0
 +    /* HMAC is not supported */
      {
          CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16
      },
 @@ -198,15 +200,15 @@
          CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20
      },
      {
 -        CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16
 -        /* ? */
 +        CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA256, 32
      },
      {
 -        CRYPTO_MD5_KPDK, NID_undef, 0
 +        CRYPTO_SHA2_384_HMAC, NID_hmacWithSHA384, 48
      },
      {
 -        CRYPTO_SHA1_KPDK, NID_undef, 0
 +        CRYPTO_SHA2_512_HMAC, NID_hmacWithSHA512, 64
      },
 +#endif
      {
          CRYPTO_MD5, NID_md5, 16
      },
 @@ -214,6 +216,15 @@
          CRYPTO_SHA1, NID_sha1, 20
      },
      {
 +        CRYPTO_SHA2_256, NID_sha256, 32
 +    },
 +    {
 +        CRYPTO_SHA2_384, NID_sha384, 48
 +    },
 +    {
 +        CRYPTO_SHA2_512, NID_sha512, 64
 +    },
 +    {
          0, NID_undef, 0
      },
  };
 @@ -288,13 +299,14 @@
      static int nids[CRYPTO_ALGORITHM_MAX];
      struct session_op sess;
      int fd, i, count = 0;
 +    unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];

      if ((fd = get_dev_crypto()) < 0) {
          *cnids = NULL;
          return (0);
      }
      memset(&sess, 0, sizeof(sess));
 -    sess.key = (caddr_t) "123456789abcdefghijklmno";
 +    sess.key = (void*)fake_key;

      for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
          if (ciphers[i].nid == NID_undef)
 @@ -327,18 +339,19 @@
      static int nids[CRYPTO_ALGORITHM_MAX];
      struct session_op sess;
      int fd, i, count = 0;
 +    unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];

      if ((fd = get_dev_crypto()) < 0) {
          *cnids = NULL;
          return (0);
      }
      memset(&sess, 0, sizeof(sess));
 -    sess.mackey = (caddr_t) "123456789abcdefghijklmno";
 +    sess.mackey = fake_key;
      for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
          if (digests[i].nid == NID_undef)
              continue;
          sess.mac = digests[i].id;
 -        sess.mackeylen = digests[i].keylen;
 +        sess.mackeylen = 8;
          sess.cipher = 0;
          if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
              ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
 @@ -424,14 +437,14 @@
      cryp.ses = sess->ses;
      cryp.flags = 0;
      cryp.len = inl;
 -    cryp.src = (caddr_t) in;
 -    cryp.dst = (caddr_t) out;
 +    cryp.src = (void*) in;
 +    cryp.dst = (void*) out;
      cryp.mac = 0;

      cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;

      if (ctx->cipher->iv_len) {
 -        cryp.iv = (caddr_t) ctx->iv;
 +	cryp.iv = (void*) ctx->iv;
          if (!ctx->encrypt) {
              iiv = in + inl - ctx->cipher->iv_len;
              memcpy(save_iv, iiv, ctx->cipher->iv_len);
 @@ -483,7 +496,7 @@
      if ((state->d_fd = get_dev_crypto()) < 0)
          return (0);

 -    sess->key = (caddr_t) key;
 +    sess->key = (void*)key;
      sess->keylen = ctx->key_len;
      sess->cipher = cipher;

 @@ -749,16 +762,6 @@
      return (0);
  }

 -static int digest_key_length(int nid)
 -{
 -    int i;
 -
 -    for (i = 0; digests[i].id; i++)
 -        if (digests[i].nid == nid)
 -            return digests[i].keylen;
 -    return (0);
 -}
 -
  static int cryptodev_digest_init(EVP_MD_CTX *ctx)
  {
      struct dev_crypto_state *state = ctx->md_data;
 @@ -769,7 +772,6 @@
          printf("cryptodev_digest_init: Can't get digest \n");
          return (0);
      }
 -
      memset(state, 0, sizeof(struct dev_crypto_state));

      if ((state->d_fd = get_dev_crypto()) < 0) {
 @@ -777,8 +779,8 @@
          return (0);
      }

 -    sess->mackey = state->dummy_mac_key;
 -    sess->mackeylen = digest_key_length(ctx->digest->type);
 +    sess->mackey = NULL;
 +    sess->mackeylen = 0;
      sess->mac = digest;

      if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
 @@ -794,8 +796,8 @@
  static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
                                     size_t count)
  {
 -    struct crypt_op cryp;
      struct dev_crypto_state *state = ctx->md_data;
 +    struct crypt_op cryp;
      struct session_op *sess = &state->d_sess;

      if (!data || state->d_fd < 0) {
 @@ -804,7 +806,7 @@
      }

      if (!count) {
 -        return (0);
 +        return (1);
      }

      if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
 @@ -828,9 +830,9 @@
      cryp.ses = sess->ses;
      cryp.flags = 0;
      cryp.len = count;
 -    cryp.src = (caddr_t) data;
 +    cryp.src = (void*) data;
      cryp.dst = NULL;
 -    cryp.mac = (caddr_t) state->digest_res;
 +    cryp.mac = (void*) state->digest_res;
      if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
          printf("cryptodev_digest_update: digest failed\n");
          return (0);
 @@ -844,8 +846,6 @@
      struct dev_crypto_state *state = ctx->md_data;
      struct session_op *sess = &state->d_sess;

 -    int ret = 1;
 -
      if (!md || state->d_fd < 0) {
          printf("cryptodev_digest_final: illegal input\n");
          return (0);
 @@ -859,7 +859,7 @@
          cryp.len = state->mac_len;
          cryp.src = state->mac_data;
          cryp.dst = NULL;
 -        cryp.mac = (caddr_t) md;
 +	cryp.mac = (void*)md;
          if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
              printf("cryptodev_digest_final: digest failed\n");
              return (0);
 @@ -870,7 +870,7 @@

      memcpy(md, state->digest_res, ctx->digest->md_size);

 -    return (ret);
 +    return 1;
  }

  static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
 @@ -921,8 +921,8 @@

      digest = digest_nid_to_cryptodev(to->digest->type);

 -    sess->mackey = dstate->dummy_mac_key;
 -    sess->mackeylen = digest_key_length(to->digest->type);
 +    sess->mackey = NULL;
 +    sess->mackeylen = 0;
      sess->mac = digest;

      dstate->d_fd = get_dev_crypto();
 @@ -947,32 +947,116 @@

  const EVP_MD cryptodev_sha1 = {
      NID_sha1,
 -    NID_undef,
 +    NID_sha1WithRSAEncryption,
      SHA_DIGEST_LENGTH,
 +#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
 +    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
 +    EVP_MD_FLAG_DIGALGID_ABSENT|
 +#endif
      EVP_MD_FLAG_ONESHOT,
      cryptodev_digest_init,
      cryptodev_digest_update,
      cryptodev_digest_final,
      cryptodev_digest_copy,
      cryptodev_digest_cleanup,
 -    EVP_PKEY_NULL_method,
 +    EVP_PKEY_RSA_method,
      SHA_CBLOCK,
 -    sizeof(struct dev_crypto_state),
 +    sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
  };

 -const EVP_MD cryptodev_md5 = {
 +static const EVP_MD cryptodev_sha256 = {
 +    NID_sha256,
 +    NID_sha256WithRSAEncryption,
 +    SHA256_DIGEST_LENGTH,
 +#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
 +    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
 +    EVP_MD_FLAG_DIGALGID_ABSENT|
 +#endif
 +    EVP_MD_FLAG_ONESHOT,
 +    cryptodev_digest_init,
 +    cryptodev_digest_update,
 +    cryptodev_digest_final,
 +    cryptodev_digest_copy,
 +    cryptodev_digest_cleanup,
 +    EVP_PKEY_RSA_method,
 +    SHA256_CBLOCK,
 +    sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
 +};
 +
 +static const EVP_MD cryptodev_sha224 = {
 +    NID_sha224,
 +    NID_sha224WithRSAEncryption,
 +    SHA224_DIGEST_LENGTH,
 +#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
 +    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
 +    EVP_MD_FLAG_DIGALGID_ABSENT|
 +#endif
 +    EVP_MD_FLAG_ONESHOT,
 +    cryptodev_digest_init,
 +    cryptodev_digest_update,
 +    cryptodev_digest_final,
 +    cryptodev_digest_copy,
 +    cryptodev_digest_cleanup,
 +    EVP_PKEY_RSA_method,
 +    SHA256_CBLOCK,
 +    sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
 +};
 +
 +static const EVP_MD cryptodev_sha384 = {
 +    NID_sha384,
 +    NID_sha384WithRSAEncryption,
 +    SHA384_DIGEST_LENGTH,
 +#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
 +    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
 +    EVP_MD_FLAG_DIGALGID_ABSENT|
 +#endif
 +    EVP_MD_FLAG_ONESHOT,
 +    cryptodev_digest_init,
 +    cryptodev_digest_update,
 +    cryptodev_digest_final,
 +    cryptodev_digest_copy,
 +    cryptodev_digest_cleanup,
 +    EVP_PKEY_RSA_method,
 +    SHA512_CBLOCK,
 +    sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
 +};
 +
 +static const EVP_MD cryptodev_sha512 = {
 +    NID_sha512,
 +    NID_sha512WithRSAEncryption,
 +    SHA512_DIGEST_LENGTH,
 +#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
 +    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
 +    EVP_MD_FLAG_DIGALGID_ABSENT|
 +#endif
 +    EVP_MD_FLAG_ONESHOT,
 +    cryptodev_digest_init,
 +    cryptodev_digest_update,
 +    cryptodev_digest_final,
 +    cryptodev_digest_copy,
 +    cryptodev_digest_cleanup,
 +    EVP_PKEY_RSA_method,
 +    SHA512_CBLOCK,
 +    sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
 +};
 +
 +static const EVP_MD cryptodev_md5 = {
      NID_md5,
 -    NID_undef,
 +    NID_md5WithRSAEncryption,
      16 /* MD5_DIGEST_LENGTH */ ,
 +#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
 +    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
 +    EVP_MD_FLAG_DIGALGID_ABSENT|
 +#endif
      EVP_MD_FLAG_ONESHOT,
      cryptodev_digest_init,
      cryptodev_digest_update,
      cryptodev_digest_final,
      cryptodev_digest_copy,
      cryptodev_digest_cleanup,
 -    EVP_PKEY_NULL_method,
 +    EVP_PKEY_RSA_method,
      64 /* MD5_CBLOCK */ ,
 -    sizeof(struct dev_crypto_state),
 +    sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
  };

  # endif                         /* USE_CRYPTODEV_DIGESTS */
 @@ -992,6 +1076,18 @@
      case NID_sha1:
          *digest = &cryptodev_sha1;
          break;
 +    case NID_sha224:
 +        *digest = &cryptodev_sha224;
 +	break;
 +    case NID_sha256:
 +        *digest = &cryptodev_sha256;
 +	break;
 +    case NID_sha384:
 +        *digest = &cryptodev_sha384;
 +	break;
 +    case NID_sha512:
 +    	*digest = &cryptodev_sha512;
 +	break;
      default:
  # endif                         /* USE_CRYPTODEV_DIGESTS */
          *digest = NULL;
 @@ -1022,7 +1118,7 @@
          return (1);
      memset(b, 0, bytes);

 -    crp->crp_p = (caddr_t) b;
 +    crp->crp_p = (void*) b;
      crp->crp_nbits = bits;

      for (i = 0, j = 0; i < a->top; i++) {
 @@ -1277,7 +1373,7 @@
      kop.crk_op = CRK_DSA_SIGN;

      /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
 -    kop.crk_param[0].crp_p = (caddr_t) dgst;
 +    kop.crk_param[0].crp_p = (void*)dgst;
      kop.crk_param[0].crp_nbits = dlen * 8;
      if (bn2crparam(dsa->p, &kop.crk_param[1]))
          goto err;
 @@ -1317,7 +1413,7 @@
      kop.crk_op = CRK_DSA_VERIFY;

      /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
 -    kop.crk_param[0].crp_p = (caddr_t) dgst;
 +    kop.crk_param[0].crp_p = (void*)dgst;
      kop.crk_param[0].crp_nbits = dlen * 8;
      if (bn2crparam(dsa->p, &kop.crk_param[1]))
          goto err;
 @@ -1398,9 +1494,10 @@
          goto err;
      kop.crk_iparams = 3;

 -    kop.crk_param[3].crp_p = (caddr_t) key;
 -    kop.crk_param[3].crp_nbits = keylen * 8;
 +    kop.crk_param[3].crp_p = (void*) key;
 +    kop.crk_param[3].crp_nbits = keylen;
      kop.crk_oparams = 1;
 +    dhret = keylen / 8;

      if (ioctl(fd, CIOCKEY, &kop) == -1) {
          const DH_METHOD *meth = DH_OpenSSL();
 @@ -1470,7 +1567,7 @@
      put_dev_crypto(fd);

      if (!ENGINE_set_id(engine, "cryptodev") ||
 -        !ENGINE_set_name(engine, "BSD cryptodev engine") ||
 +        !ENGINE_set_name(engine, "cryptodev engine") ||
          !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
          !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
          !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
	Forward port of 0001-cryptodev-Fix-issue-with-signature-generation.patch
	from http://rt.openssl.org/Ticket/Display.html?id=2770&user=guest&pass=guest
	It was originally targetted at 1.0.2-beta3.

	Without this patch digest acceleration via cryptodev is broken.

	Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

	diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto/engine/eng_cryptodev.c
	--- openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c 2015-01-28 14:59:58.146682462 -0300
	+++ openssl-1.0.2/crypto/engine/eng_cryptodev.c 2015-01-28 15:29:25.107649077 -0300
	@@ -2,6 +2,7 @@
	* Copyright (c) 2002 Bob Beck <beck@openbsd.org>
	* Copyright (c) 2002 Theo de Raadt
	* Copyright (c) 2002 Markus Friedl
	+ * Copyright (c) 2012 Nikos Mavrogiannopoulos
	* All rights reserved.
	*
	* Redistribution and use in source and binary forms, with or without
	@@ -72,7 +73,6 @@
	struct session_op d_sess;
	int d_fd;
	# ifdef USE_CRYPTODEV_DIGESTS
	- char dummy_mac_key[HASH_MAX_LEN];
	unsigned char digest_res[HASH_MAX_LEN];
	char *mac_data;
	int mac_len;
	@@ -189,8 +189,10 @@
	static struct {
	int id;
	int nid;
	- int keylen;
	+ int digestlen;
	} digests[] = {
	+#if 0
	+ /* HMAC is not supported */
	{
	CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16
	},
	@@ -198,15 +200,15 @@
	CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20
	},
	{
	- CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16
	- /* ? */
	+ CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA256, 32
	},
	{
	- CRYPTO_MD5_KPDK, NID_undef, 0
	+ CRYPTO_SHA2_384_HMAC, NID_hmacWithSHA384, 48
	},
	{
	- CRYPTO_SHA1_KPDK, NID_undef, 0
	+ CRYPTO_SHA2_512_HMAC, NID_hmacWithSHA512, 64
	},
	+#endif
	{
	CRYPTO_MD5, NID_md5, 16
	},
	@@ -214,6 +216,15 @@
	CRYPTO_SHA1, NID_sha1, 20
	},
	{
	+ CRYPTO_SHA2_256, NID_sha256, 32
	+ },
	+ {
	+ CRYPTO_SHA2_384, NID_sha384, 48
	+ },
	+ {
	+ CRYPTO_SHA2_512, NID_sha512, 64
	+ },
	+ {
	0, NID_undef, 0
	},
	};
	@@ -288,13 +299,14 @@
	static int nids[CRYPTO_ALGORITHM_MAX];
	struct session_op sess;
	int fd, i, count = 0;
	+ unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];

	if ((fd = get_dev_crypto()) < 0) {
	*cnids = NULL;
	return (0);
	}
	memset(&sess, 0, sizeof(sess));
	- sess.key = (caddr_t) "123456789abcdefghijklmno";
	+ sess.key = (void*)fake_key;

	for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
	if (ciphers[i].nid == NID_undef)
	@@ -327,18 +339,19 @@
	static int nids[CRYPTO_ALGORITHM_MAX];
	struct session_op sess;
	int fd, i, count = 0;
	+ unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];

	if ((fd = get_dev_crypto()) < 0) {
	*cnids = NULL;
	return (0);
	}
	memset(&sess, 0, sizeof(sess));
	- sess.mackey = (caddr_t) "123456789abcdefghijklmno";
	+ sess.mackey = fake_key;
	for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
	if (digests[i].nid == NID_undef)
	continue;
	sess.mac = digests[i].id;
	- sess.mackeylen = digests[i].keylen;
	+ sess.mackeylen = 8;
	sess.cipher = 0;
	if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
	ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
	@@ -424,14 +437,14 @@
	cryp.ses = sess->ses;
	cryp.flags = 0;
	cryp.len = inl;
	- cryp.src = (caddr_t) in;
	- cryp.dst = (caddr_t) out;
	+ cryp.src = (void*) in;
	+ cryp.dst = (void*) out;
	cryp.mac = 0;

	cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;

	if (ctx->cipher->iv_len) {
	- cryp.iv = (caddr_t) ctx->iv;
	+ cryp.iv = (void*) ctx->iv;
	if (!ctx->encrypt) {
	iiv = in + inl - ctx->cipher->iv_len;
	memcpy(save_iv, iiv, ctx->cipher->iv_len);
	@@ -483,7 +496,7 @@
	if ((state->d_fd = get_dev_crypto()) < 0)
	return (0);

	- sess->key = (caddr_t) key;
	+ sess->key = (void*)key;
	sess->keylen = ctx->key_len;
	sess->cipher = cipher;

	@@ -749,16 +762,6 @@
	return (0);
	}

	-static int digest_key_length(int nid)
	-{
	- int i;
	-
	- for (i = 0; digests[i].id; i++)
	- if (digests[i].nid == nid)
	- return digests[i].keylen;
	- return (0);
	-}
	-
	static int cryptodev_digest_init(EVP_MD_CTX *ctx)
	{
	struct dev_crypto_state *state = ctx->md_data;
	@@ -769,7 +772,6 @@
	printf("cryptodev_digest_init: Can't get digest \n");
	return (0);
	}
	-
	memset(state, 0, sizeof(struct dev_crypto_state));

	if ((state->d_fd = get_dev_crypto()) < 0) {
	@@ -777,8 +779,8 @@
	return (0);
	}

	- sess->mackey = state->dummy_mac_key;
	- sess->mackeylen = digest_key_length(ctx->digest->type);
	+ sess->mackey = NULL;
	+ sess->mackeylen = 0;
	sess->mac = digest;

	if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
	@@ -794,8 +796,8 @@
	static int cryptodev_digest_update(EVP_MD_CTX ctx, const void data,
	size_t count)
	{
	- struct crypt_op cryp;
	struct dev_crypto_state *state = ctx->md_data;
	+ struct crypt_op cryp;
	struct session_op *sess = &state->d_sess;

	if (!data \|\| state->d_fd < 0) {
	@@ -804,7 +806,7 @@
	}

	if (!count) {
	- return (0);
	+ return (1);
	}

	if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
	@@ -828,9 +830,9 @@
	cryp.ses = sess->ses;
	cryp.flags = 0;
	cryp.len = count;
	- cryp.src = (caddr_t) data;
	+ cryp.src = (void*) data;
	cryp.dst = NULL;
	- cryp.mac = (caddr_t) state->digest_res;
	+ cryp.mac = (void*) state->digest_res;
	if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
	printf("cryptodev_digest_update: digest failed\n");
	return (0);
	@@ -844,8 +846,6 @@
	struct dev_crypto_state *state = ctx->md_data;
	struct session_op *sess = &state->d_sess;

	- int ret = 1;
	-
	if (!md \|\| state->d_fd < 0) {
	printf("cryptodev_digest_final: illegal input\n");
	return (0);
	@@ -859,7 +859,7 @@
	cryp.len = state->mac_len;
	cryp.src = state->mac_data;
	cryp.dst = NULL;
	- cryp.mac = (caddr_t) md;
	+ cryp.mac = (void*)md;
	if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
	printf("cryptodev_digest_final: digest failed\n");
	return (0);
	@@ -870,7 +870,7 @@

	memcpy(md, state->digest_res, ctx->digest->md_size);

	- return (ret);
	+ return 1;
	}

	static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
	@@ -921,8 +921,8 @@

	digest = digest_nid_to_cryptodev(to->digest->type);

	- sess->mackey = dstate->dummy_mac_key;
	- sess->mackeylen = digest_key_length(to->digest->type);
	+ sess->mackey = NULL;
	+ sess->mackeylen = 0;
	sess->mac = digest;

	dstate->d_fd = get_dev_crypto();
	@@ -947,32 +947,116 @@

	const EVP_MD cryptodev_sha1 = {
	NID_sha1,
	- NID_undef,
	+ NID_sha1WithRSAEncryption,
	SHA_DIGEST_LENGTH,
	+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
	+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE\|
	+ EVP_MD_FLAG_DIGALGID_ABSENT\|
	+#endif
	EVP_MD_FLAG_ONESHOT,
	cryptodev_digest_init,
	cryptodev_digest_update,
	cryptodev_digest_final,
	cryptodev_digest_copy,
	cryptodev_digest_cleanup,
	- EVP_PKEY_NULL_method,
	+ EVP_PKEY_RSA_method,
	SHA_CBLOCK,
	- sizeof(struct dev_crypto_state),
	+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
	};

	-const EVP_MD cryptodev_md5 = {
	+static const EVP_MD cryptodev_sha256 = {
	+ NID_sha256,
	+ NID_sha256WithRSAEncryption,
	+ SHA256_DIGEST_LENGTH,
	+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
	+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE\|
	+ EVP_MD_FLAG_DIGALGID_ABSENT\|
	+#endif
	+ EVP_MD_FLAG_ONESHOT,
	+ cryptodev_digest_init,
	+ cryptodev_digest_update,
	+ cryptodev_digest_final,
	+ cryptodev_digest_copy,
	+ cryptodev_digest_cleanup,
	+ EVP_PKEY_RSA_method,
	+ SHA256_CBLOCK,
	+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
	+};
	+
	+static const EVP_MD cryptodev_sha224 = {
	+ NID_sha224,
	+ NID_sha224WithRSAEncryption,
	+ SHA224_DIGEST_LENGTH,
	+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
	+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE\|
	+ EVP_MD_FLAG_DIGALGID_ABSENT\|
	+#endif
	+ EVP_MD_FLAG_ONESHOT,
	+ cryptodev_digest_init,
	+ cryptodev_digest_update,
	+ cryptodev_digest_final,
	+ cryptodev_digest_copy,
	+ cryptodev_digest_cleanup,
	+ EVP_PKEY_RSA_method,
	+ SHA256_CBLOCK,
	+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
	+};
	+
	+static const EVP_MD cryptodev_sha384 = {
	+ NID_sha384,
	+ NID_sha384WithRSAEncryption,
	+ SHA384_DIGEST_LENGTH,
	+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
	+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE\|
	+ EVP_MD_FLAG_DIGALGID_ABSENT\|
	+#endif
	+ EVP_MD_FLAG_ONESHOT,
	+ cryptodev_digest_init,
	+ cryptodev_digest_update,
	+ cryptodev_digest_final,
	+ cryptodev_digest_copy,
	+ cryptodev_digest_cleanup,
	+ EVP_PKEY_RSA_method,
	+ SHA512_CBLOCK,
	+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
	+};
	+
	+static const EVP_MD cryptodev_sha512 = {
	+ NID_sha512,
	+ NID_sha512WithRSAEncryption,
	+ SHA512_DIGEST_LENGTH,
	+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
	+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE\|
	+ EVP_MD_FLAG_DIGALGID_ABSENT\|
	+#endif
	+ EVP_MD_FLAG_ONESHOT,
	+ cryptodev_digest_init,
	+ cryptodev_digest_update,
	+ cryptodev_digest_final,
	+ cryptodev_digest_copy,
	+ cryptodev_digest_cleanup,
	+ EVP_PKEY_RSA_method,
	+ SHA512_CBLOCK,
	+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
	+};
	+
	+static const EVP_MD cryptodev_md5 = {
	NID_md5,
	- NID_undef,
	+ NID_md5WithRSAEncryption,
	16 /* MD5_DIGEST_LENGTH */ ,
	+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
	+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE\|
	+ EVP_MD_FLAG_DIGALGID_ABSENT\|
	+#endif
	EVP_MD_FLAG_ONESHOT,
	cryptodev_digest_init,
	cryptodev_digest_update,
	cryptodev_digest_final,
	cryptodev_digest_copy,
	cryptodev_digest_cleanup,
	- EVP_PKEY_NULL_method,
	+ EVP_PKEY_RSA_method,
	64 /* MD5_CBLOCK */ ,
	- sizeof(struct dev_crypto_state),
	+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
	};

	# endif /* USE_CRYPTODEV_DIGESTS */
	@@ -992,6 +1076,18 @@
	case NID_sha1:
	*digest = &cryptodev_sha1;
	break;
	+ case NID_sha224:
	+ *digest = &cryptodev_sha224;
	+ break;
	+ case NID_sha256:
	+ *digest = &cryptodev_sha256;
	+ break;
	+ case NID_sha384:
	+ *digest = &cryptodev_sha384;
	+ break;
	+ case NID_sha512:
	+ *digest = &cryptodev_sha512;
	+ break;
	default:
	# endif /* USE_CRYPTODEV_DIGESTS */
	*digest = NULL;
	@@ -1022,7 +1118,7 @@
	return (1);
	memset(b, 0, bytes);

	- crp->crp_p = (caddr_t) b;
	+ crp->crp_p = (void*) b;
	crp->crp_nbits = bits;

	for (i = 0, j = 0; i < a->top; i++) {
	@@ -1277,7 +1373,7 @@
	kop.crk_op = CRK_DSA_SIGN;

	/* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
	- kop.crk_param[0].crp_p = (caddr_t) dgst;
	+ kop.crk_param[0].crp_p = (void*)dgst;
	kop.crk_param[0].crp_nbits = dlen * 8;
	if (bn2crparam(dsa->p, &kop.crk_param[1]))
	goto err;
	@@ -1317,7 +1413,7 @@
	kop.crk_op = CRK_DSA_VERIFY;

	/* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
	- kop.crk_param[0].crp_p = (caddr_t) dgst;
	+ kop.crk_param[0].crp_p = (void*)dgst;
	kop.crk_param[0].crp_nbits = dlen * 8;
	if (bn2crparam(dsa->p, &kop.crk_param[1]))
	goto err;
	@@ -1398,9 +1494,10 @@
	goto err;
	kop.crk_iparams = 3;

	- kop.crk_param[3].crp_p = (caddr_t) key;
	- kop.crk_param[3].crp_nbits = keylen * 8;
	+ kop.crk_param[3].crp_p = (void*) key;
	+ kop.crk_param[3].crp_nbits = keylen;
	kop.crk_oparams = 1;
	+ dhret = keylen / 8;

	if (ioctl(fd, CIOCKEY, &kop) == -1) {
	const DH_METHOD *meth = DH_OpenSSL();
	@@ -1470,7 +1567,7 @@
	put_dev_crypto(fd);

	if (!ENGINE_set_id(engine, "cryptodev") \|\|
	- !ENGINE_set_name(engine, "BSD cryptodev engine") \|\|
	+ !ENGINE_set_name(engine, "cryptodev engine") \|\|
	!ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) \|\|
	!ENGINE_set_digests(engine, cryptodev_engine_digests) \|\|
	!ENGINE_set_ctrl_function(engine, cryptodev_ctrl) \|\|