Index: eng_cryptodev.c =================================================================== RCS file: /usr/repo/src/crypto/openssl/crypto/engine/eng_cryptodev.c,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 eng_cryptodev.c --- eng_cryptodev.c 29 Jul 2006 19:10:18 -0000 1.1.1.1 +++ eng_cryptodev.c 11 Aug 2006 13:54:17 -0000 @@ -31,8 +31,8 @@ #include #include -#if (defined(__unix__) || defined(unix)) && !defined(USG) && \ - (defined(OpenBSD) || defined(__FreeBSD_version)) +#if (defined(__unix__) || defined(unix) || defined(__FreeBSD__) || \ + defined(__OpenBSD__)) && !defined(USG) #include # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) # define HAVE_CRYPTODEV @@ -100,7 +100,7 @@ static int cryptodev_asym(struct crypt_k static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, - RSA *rsa); + RSA *rsa, BN_CTX *ctx); static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); @@ -133,11 +133,13 @@ static struct { { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, + { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, + { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, - { 0, NID_undef, 0, 0, }, }; +#define NCIPHERS (sizeof(ciphers) / sizeof(ciphers[0])) static struct { int id; @@ -149,8 +151,11 @@ static struct { { CRYPTO_SHA1_KPDK, NID_undef, }, { CRYPTO_MD5, NID_md5, }, { CRYPTO_SHA1, NID_undef, }, - { 0, NID_undef, }, + { CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA256, }, + { CRYPTO_SHA2_384_HMAC, NID_hmacWithSHA384, }, + { CRYPTO_SHA2_512_HMAC, NID_hmacWithSHA512, }, }; +#define NDIGESTS (sizeof(digests) / sizeof(digests[0])) /* * Return a fd if /dev/crypto seems usable, 0 otherwise. @@ -211,7 +216,7 @@ cryptodev_max_iv(int cipher) { int i; - for (i = 0; ciphers[i].id; i++) + for (i = 0; i < NCIPHERS; i++) if (ciphers[i].id == cipher) return (ciphers[i].ivmax); return (0); @@ -228,9 +233,9 @@ cryptodev_key_length_valid(int cipher, i { int i; - for (i = 0; ciphers[i].id; i++) - if (ciphers[i].id == cipher) - return (ciphers[i].keylen == len); + for (i = 0; i < NCIPHERS; i++) + if (ciphers[i].id == cipher && ciphers[i].keylen == len) + return (1); return (0); } @@ -240,7 +245,7 @@ cipher_nid_to_cryptodev(int nid) { int i; - for (i = 0; ciphers[i].id; i++) + for (i = 0; i < NCIPHERS; i++) if (ciphers[i].nid == nid) return (ciphers[i].id); return (0); @@ -255,7 +260,7 @@ cipher_nid_to_cryptodev(int nid) static int get_cryptodev_ciphers(const int **cnids) { - static int nids[CRYPTO_ALGORITHM_MAX]; + static int nids[NCIPHERS]; struct session_op sess; int fd, i, count = 0; @@ -266,7 +271,7 @@ get_cryptodev_ciphers(const int **cnids) memset(&sess, 0, sizeof(sess)); sess.key = (caddr_t)"123456781234567812345678"; - for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { + for (i = 0; i < NCIPHERS; i++) { if (ciphers[i].nid == NID_undef) continue; sess.cipher = ciphers[i].id; @@ -294,7 +299,7 @@ get_cryptodev_ciphers(const int **cnids) static int get_cryptodev_digests(const int **cnids) { - static int nids[CRYPTO_ALGORITHM_MAX]; + static int nids[NDIGESTS]; struct session_op sess; int fd, i, count = 0; @@ -303,7 +308,7 @@ get_cryptodev_digests(const int **cnids) return (0); } memset(&sess, 0, sizeof(sess)); - for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { + for (i = 0; i < NDIGESTS; i++) { if (digests[i].nid == NID_undef) continue; sess.mac = digests[i].id; @@ -550,7 +555,7 @@ const EVP_CIPHER cryptodev_cast_cbc = { NULL }; -const EVP_CIPHER cryptodev_aes_cbc = { +const EVP_CIPHER cryptodev_aes128_cbc = { NID_aes_128_cbc, 16, 16, 16, EVP_CIPH_CBC_MODE, @@ -563,6 +568,32 @@ const EVP_CIPHER cryptodev_aes_cbc = { NULL }; +const EVP_CIPHER cryptodev_aes192_cbc = { + NID_aes_192_cbc, + 16, 24, 16, + EVP_CIPH_CBC_MODE, + cryptodev_init_key, + cryptodev_cipher, + cryptodev_cleanup, + sizeof(struct dev_crypto_state), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL +}; + +const EVP_CIPHER cryptodev_aes256_cbc = { + NID_aes_128_cbc, + 16, 32, 16, + EVP_CIPH_CBC_MODE, + cryptodev_init_key, + cryptodev_cipher, + cryptodev_cleanup, + sizeof(struct dev_crypto_state), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL +}; + /* * Registered by the ENGINE when used to find out how to deal with * a particular NID in the ENGINE. this says what we'll do at the @@ -589,7 +620,13 @@ cryptodev_engine_ciphers(ENGINE *e, cons *cipher = &cryptodev_cast_cbc; break; case NID_aes_128_cbc: - *cipher = &cryptodev_aes_cbc; + *cipher = &cryptodev_aes128_cbc; + break; + case NID_aes_192_cbc: + *cipher = &cryptodev_aes192_cbc; + break; + case NID_aes_256_cbc: + *cipher = &cryptodev_aes256_cbc; break; default: *cipher = NULL; @@ -756,15 +793,10 @@ err: } static int -cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) +cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { - int r; - BN_CTX *ctx; - ctx = BN_CTX_new(); - r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); - BN_CTX_free(ctx); - return (r); + return (cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL)); } static int