diff options
266 files changed, 26455 insertions, 0 deletions
diff --git a/meta-fsl-ppc/README b/meta-fsl-ppc/README new file mode 100644 index 00000000..10158ef9 --- /dev/null +++ b/meta-fsl-ppc/README @@ -0,0 +1,49 @@ +OpenEmbedded/Yocto BSP layer for Freescale's PPC platforms +========================================================== + +This layer provides support for Freescale's PPC platforms for use with +OpenEmbedded and/or Yocto. + +This layer depends on: + +URI: git://git.openembedded.org/openembedded-core +branch: master +revision: HEAD + +URI: git://git.openembedded.org/meta-openembedded +branch: master +revision: HEAD + +Contributing +------------ + +To contribute to this layer you should the patches for review to the +mailing list. + +Mailing list: + + https://lists.yoctoproject.org/listinfo/meta-freescale + +Source code: + + git://git.yoctoproject.org/meta-fsl-ppc + http://git.yoctoproject.org/git/meta-fsl-ppc + +When creating patches, please use something like: + + git format-patch -s --subject-prefix='meta-fsl-ppc dylan][PATCH' origin +optionally include a branch if the patch applies to multiple branches, +otherwise master is assumed + +When sending patches, please use something like: + + git send-email --to meta-freescale@yoctoproject.org <generated patch> + +git.yoctoproject.org vs. git.freescale.com: +------------------------------------------- + +git.yoctoproject.org hosts the official upstream work of Freescale's OE/YP repos, +for official SDK releases at times we need to do last minute fixes or include things +not supported upstream so we have a different repo on git.freescale.com for the +official release. git.freescale.com should be based off repos from git.yoctoproject.org + diff --git a/meta-fsl-ppc/classes/qoriq_build_64bit_kernel.bbclass b/meta-fsl-ppc/classes/qoriq_build_64bit_kernel.bbclass new file mode 100644 index 00000000..5dd8931f --- /dev/null +++ b/meta-fsl-ppc/classes/qoriq_build_64bit_kernel.bbclass @@ -0,0 +1,14 @@ +inherit distro_features_check +REQUIRED_DISTRO_FEATURES_e6500 += "multiarch" + +python () { + promote_kernel = d.getVar('BUILD_64BIT_KERNEL') + if promote_kernel == "1": + d.setVar('KERNEL_CC_append', ' -m64') + d.setVar('KERNEL_LD_append', ' -melf64ppc') + + error_qa = d.getVar('ERROR_QA', True) + if 'arch' in error_qa: + d.setVar('ERROR_QA', error_qa.replace(' arch', '')) +} + diff --git a/meta-fsl-ppc/conf/layer.conf b/meta-fsl-ppc/conf/layer.conf new file mode 100644 index 00000000..a4d4add9 --- /dev/null +++ b/meta-fsl-ppc/conf/layer.conf @@ -0,0 +1,18 @@ +# We have a packages directory, add to BBFILES +BBPATH .= ":${LAYERDIR}" + +BBFILES += "${LAYERDIR}/recipes-*/*/*.bb*" +BBFILES += "${LAYERDIR}/images/*.bb*" +BBFILES += "${LAYERDIR}/classes/*.bb*" + +BBFILE_COLLECTIONS += "fsl-ppc" +BBFILE_PATTERN_fsl-ppc = "^${LAYERDIR}/" +BBFILE_PRIORITY_fsl-ppc = "5" + +LICENSE_PATH += "${LAYERDIR}/custom-licenses" + +# Let us add layer-specific bbappends which are only applied when that +# layer is included in our configuration +BBFILES += "${@' '.join('${LAYERDIR}/%s/recipes*/*/*.bbappend' % layer \ + for layer in BBFILE_COLLECTIONS.split())}" + diff --git a/meta-fsl-ppc/conf/machine/b4420qds-64b.conf b/meta-fsl-ppc/conf/machine/b4420qds-64b.conf new file mode 100644 index 00000000..c0487d90 --- /dev/null +++ b/meta-fsl-ppc/conf/machine/b4420qds-64b.conf @@ -0,0 +1,15 @@ +#@TYPE: Machine +#@NAME: Freescale B4420QDS-64B +#@SOC: b4420 +#@DESCRIPTION: Machine configuration for running B4420QDS in 64-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e6500-64b.inc + +SOC_FAMILY = "b4:b4420" +UBOOT_MACHINES ?= "B4420QDS" +KERNEL_DEVICETREE ?= "b4420qds.dtb b4420qds-usdpaa.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" + diff --git a/meta-fsl-ppc/conf/machine/b4420qds.conf b/meta-fsl-ppc/conf/machine/b4420qds.conf new file mode 100644 index 00000000..94ab1d33 --- /dev/null +++ b/meta-fsl-ppc/conf/machine/b4420qds.conf @@ -0,0 +1,15 @@ +#@TYPE: Machine +#@NAME: Freescale B4420QDS +#@SOC: b4420 +#@DESCRIPTION: Machine configuration for running B4420QDS in 32-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e6500.inc + +SOC_FAMILY = "b4:b4420" +UBOOT_MACHINES ?= "B4420QDS" +KERNEL_DEVICETREE ?= "b4420qds.dtb b4420qds-usdpaa.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" + diff --git a/meta-fsl-ppc/conf/machine/b4860qds-64b.conf b/meta-fsl-ppc/conf/machine/b4860qds-64b.conf new file mode 100644 index 00000000..7e1f5bf9 --- /dev/null +++ b/meta-fsl-ppc/conf/machine/b4860qds-64b.conf @@ -0,0 +1,15 @@ +#@TYPE: Machine +#@NAME: Freescale B4860QDS-64B +#@SOC: b4860 +#@DESCRIPTION: Machine configuration for running B4860QDS in 64-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e6500-64b.inc + +SOC_FAMILY = "b4:b4860" +UBOOT_MACHINES ?= "B4860QDS B4860QDS_SECURE_BOOT" +KERNEL_DEVICETREE ?= "b4860qds.dtb b4860qds-usdpaa.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" + diff --git a/meta-fsl-ppc/conf/machine/b4860qds.conf b/meta-fsl-ppc/conf/machine/b4860qds.conf new file mode 100644 index 00000000..bae326e0 --- /dev/null +++ b/meta-fsl-ppc/conf/machine/b4860qds.conf @@ -0,0 +1,15 @@ +#@TYPE: Machine +#@NAME: Freescale B4860QDS +#@SOC: b4860 +#@DESCRIPTION: Machine configuration for running B4860QDS in 32-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e6500.inc + +SOC_FAMILY = "b4:b4860" +UBOOT_MACHINES ?= "B4860QDS B4860QDS_SECURE_BOOT" +KERNEL_DEVICETREE ?= "b4860qds.dtb b4860qds-usdpaa.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" + diff --git a/meta-fsl-ppc/conf/machine/bsc9131rdb.conf b/meta-fsl-ppc/conf/machine/bsc9131rdb.conf new file mode 100644 index 00000000..e65f7e4e --- /dev/null +++ b/meta-fsl-ppc/conf/machine/bsc9131rdb.conf @@ -0,0 +1,15 @@ +#@TYPE: Machine +#@NAME: Freescale BSC9131RDB +#@SOC: bsc9131 +#@DESCRIPTION: Machine configuration for running BSC9131RDB +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e500v2.inc + +SOC_FAMILY = "bsc9131" +UBOOT_MACHINES ?= "BSC9131RDB_SPIFLASH BSC9131RDB_NAND BSC9131RDB_NAND_SYSCLK100 BSC9131RDB_SPIFLASH_SYSCLK100" +KERNEL_DEVICETREE ?= "bsc9131rdb.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/bsc913x_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" + diff --git a/meta-fsl-ppc/conf/machine/bsc9132qds.conf b/meta-fsl-ppc/conf/machine/bsc9132qds.conf new file mode 100644 index 00000000..90ac2a3b --- /dev/null +++ b/meta-fsl-ppc/conf/machine/bsc9132qds.conf @@ -0,0 +1,23 @@ +#@TYPE: Machine +#@NAME: Freescale BSC9132QDS +#@SOC: bsc9132 +#@DESCRIPTION: Machine configuration for running BSC9132QDS +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e500v2.inc + +SOC_FAMILY = "bsc9132" +UBOOT_MACHINES ?= " BSC9132QDS_NAND_DDRCLK133 BSC9132QDS_NAND_DDRCLK100 \ + BSC9132QDS_NOR_DDRCLK100 BSC9132QDS_NOR_DDRCLK133 \ + BSC9132QDS_SDCARD_DDRCLK100 BSC9132QDS_SDCARD_DDRCLK133 \ + BSC9132QDS_SPIFLASH_DDRCLK100 BSC9132QDS_SPIFLASH_DDRCLK133 \ + BSC9132QDS_NAND_DDRCLK100_SECURE BSC9132QDS_NAND_DDRCLK133_SECURE \ + BSC9132QDS_NOR_DDRCLK100_SECURE BSC9132QDS_NOR_DDRCLK133_SECURE \ + BSC9132QDS_SDCARD_DDRCLK100_SECURE BSC9132QDS_SDCARD_DDRCLK133_SECURE \ + BSC9132QDS_SPIFLASH_DDRCLK100_SECURE BSC9132QDS_SPIFLASH_DDRCLK133_SECURE \ +" +KERNEL_DEVICETREE ?= "bsc9132qds.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/bsc913x_smp_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" + diff --git a/meta-fsl-ppc/conf/machine/c293pcie.conf b/meta-fsl-ppc/conf/machine/c293pcie.conf new file mode 100644 index 00000000..6a63844e --- /dev/null +++ b/meta-fsl-ppc/conf/machine/c293pcie.conf @@ -0,0 +1,16 @@ +#@TYPE: Machine +#@NAME: Freescale C293PCIE +#@SOC: c293pcie +#@DESCRIPTION: Machine configuration for running C293PCIE in 36-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e500v2.inc + +SOC_FAMILY = "c293pcie" +BOOTFORMAT_CONFIG = "config_ddr3_512m_c29xpcie_800M.dat" +UBOOT_MACHINES ?= "C29XPCIE C29XPCIE_SPIFLASH C29XPCIE_SECBOOT C29XPCIE_SPIFLASH_SECBOOT" +KERNEL_DEVICETREE ?= "c293pcie_36b.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/mpc85xx_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" + diff --git a/meta-fsl-ppc/conf/machine/include/e500mc.inc b/meta-fsl-ppc/conf/machine/include/e500mc.inc new file mode 100644 index 00000000..5871104d --- /dev/null +++ b/meta-fsl-ppc/conf/machine/include/e500mc.inc @@ -0,0 +1,6 @@ +TARGET_FPU = "hard" + +require conf/machine/include/tune-ppce500mc.inc +require conf/machine/include/qoriq-base.inc + +MACHINEOVERRIDES .= ":e500mc" diff --git a/meta-fsl-ppc/conf/machine/include/e500v2.inc b/meta-fsl-ppc/conf/machine/include/e500v2.inc new file mode 100644 index 00000000..a9372549 --- /dev/null +++ b/meta-fsl-ppc/conf/machine/include/e500v2.inc @@ -0,0 +1,4 @@ +require conf/machine/include/tune-ppce500v2.inc +require conf/machine/include/qoriq-base.inc + +MACHINEOVERRIDES .= ":e500v2" diff --git a/meta-fsl-ppc/conf/machine/include/e5500-64b.inc b/meta-fsl-ppc/conf/machine/include/e5500-64b.inc new file mode 100644 index 00000000..d238ca89 --- /dev/null +++ b/meta-fsl-ppc/conf/machine/include/e5500-64b.inc @@ -0,0 +1,12 @@ +TARGET_FPU = "hard" +DEFAULTTUNE ?= "ppc64e5500" + +require conf/machine/include/tune-ppce5500.inc +require conf/machine/include/qoriq-base.inc + +MACHINEOVERRIDES .= ":e5500-64b" + +require conf/multilib.conf +MULTILIBS ?= "multilib:lib32" +DEFAULTTUNE_virtclass-multilib-lib32 ?= "ppce5500" + diff --git a/meta-fsl-ppc/conf/machine/include/e5500.inc b/meta-fsl-ppc/conf/machine/include/e5500.inc new file mode 100644 index 00000000..88f6d06e --- /dev/null +++ b/meta-fsl-ppc/conf/machine/include/e5500.inc @@ -0,0 +1,6 @@ +TARGET_FPU = "hard" + +require conf/machine/include/tune-ppce5500.inc +require conf/machine/include/qoriq-base.inc + +MACHINEOVERRIDES .= ":e5500" diff --git a/meta-fsl-ppc/conf/machine/include/e6500-64b.inc b/meta-fsl-ppc/conf/machine/include/e6500-64b.inc new file mode 100644 index 00000000..522ee71f --- /dev/null +++ b/meta-fsl-ppc/conf/machine/include/e6500-64b.inc @@ -0,0 +1,12 @@ +TARGET_FPU = "hard" +DEFAULTTUNE ?= "ppc64e6500" + +require conf/machine/include/tune-ppce6500.inc +require conf/machine/include/qoriq-base.inc + +MACHINEOVERRIDES .= ":e6500-64b" + +require conf/multilib.conf +MULTILIBS ?= "multilib:lib32" +DEFAULTTUNE_virtclass-multilib-lib32 ?= "ppce6500" + diff --git a/meta-fsl-ppc/conf/machine/include/e6500.inc b/meta-fsl-ppc/conf/machine/include/e6500.inc new file mode 100644 index 00000000..4121fbef --- /dev/null +++ b/meta-fsl-ppc/conf/machine/include/e6500.inc @@ -0,0 +1,13 @@ +TARGET_FPU = "hard" + +require conf/machine/include/tune-ppce6500.inc +require conf/machine/include/qoriq-base.inc + +MACHINEOVERRIDES .= ":e6500" + +BUILD_64BIT_KERNEL = "1" + +require conf/multilib.conf +MULTILIBS ?= "multilib:lib64" +DEFAULTTUNE_virtclass-multilib-lib64 ?= "ppc64e6500" + diff --git a/meta-fsl-ppc/conf/machine/include/qoriq-base.inc b/meta-fsl-ppc/conf/machine/include/qoriq-base.inc new file mode 100644 index 00000000..35ca79ce --- /dev/null +++ b/meta-fsl-ppc/conf/machine/include/qoriq-base.inc @@ -0,0 +1,26 @@ +# Provides the QorIQ common settings +require conf/machine/include/soc-family.inc + +# providers +PREFERRED_PROVIDER_virtual/kernel ?= "linux-qoriq" +PREFERRED_PROVIDER_u-boot ?= "u-boot-qoriq" + +# versions +PREFERRED_VERSION_qemu = "1.7+fsl" +PREFERRED_VERSION_openssl = "1.0.1i" + +# settings +MACHINE_FEATURES = "keyboard pci ext2 ext3 serial" +MACHINE_EXTRA_RRECOMMENDS += "udev-rules-qoriq kernel-modules" +MACHINEOVERRIDES .= ":qoriq-ppc" + +IMAGE_CLASSES += "image_types_uboot" +EXTRA_IMAGEDEPENDS += "u-boot" + +KERNEL_IMAGETYPE ?= "uImage" + +SERIAL_CONSOLES ?= "115200;ttyS0 115200;ttyS1 115200;ttyEHV0" +SERIAL_CONSOLES_CHECK ?= "${SERIAL_CONSOLES}" + +USE_VT = "0" + diff --git a/meta-fsl-ppc/conf/machine/p1010rdb.conf b/meta-fsl-ppc/conf/machine/p1010rdb.conf new file mode 100644 index 00000000..e24c341e --- /dev/null +++ b/meta-fsl-ppc/conf/machine/p1010rdb.conf @@ -0,0 +1,22 @@ +#@TYPE: Machine +#@Name: Freescale P1010RDB +#@SOC: p1010 +#@DESCRIPTION: Machine configuration for running P1010RDB +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e500v2.inc + +SOC_FAMILY = "p1010" +BOOTFORMAT_CONFIG = "config_sram_p1010rdb.dat" +UBOOT_MACHINES ?= "P1010RDB-PB_NAND P1010RDB-PB_NOR \ + P1010RDB-PB_SPIFLASH P1010RDB-PB_36BIT_NOR P1010RDB-PB_36BIT_NAND \ + P1010RDB-PB_36BIT_SPIFLASH P1010RDB-PB_36BIT_NAND_SECBOOT \ + P1010RDB-PB_36BIT_NOR_SECBOOT P1010RDB-PB_36BIT_SPIFLASH_SECBOOT \ + P1010RDB-PB_NAND_SECBOOT P1010RDB-PB_NOR_SECBOOT \ + P1010RDB-PB_SPIFLASH_SECBOOT \ +" +KERNEL_DEVICETREE ?= "p1010rdb-pa.dtb p1010rdb-pb.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/mpc85xx_defconfig" + +JFFS2_ERASEBLOCK = "0x20000" + diff --git a/meta-fsl-ppc/conf/machine/p1020rdb.conf b/meta-fsl-ppc/conf/machine/p1020rdb.conf new file mode 100644 index 00000000..e2b706ed --- /dev/null +++ b/meta-fsl-ppc/conf/machine/p1020rdb.conf @@ -0,0 +1,16 @@ +#@TYPE: Machine +#@NAME: Freescale P1020RDB +#@SOC: p1020 +#@DESCRIPTION: Machine configuration for running P1020RDB +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e500v2.inc + +SOC_FAMILY = "p1020" +BOOTFORMAT_CONFIG = "config_sram_p1022ds.dat" +UBOOT_MACHINES ?= " P1020RDB-PD P1020RDB-PD_NAND P1020RDB-PD_SDCARD P1020RDB-PD_SPIFLASH" +KERNEL_DEVICETREE ?= "p1020rdb-pd_32b.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/mpc85xx_smp_defconfig" + +JFFS2_ERASEBLOCK = "0x20000" + diff --git a/meta-fsl-ppc/conf/machine/p1021rdb.conf b/meta-fsl-ppc/conf/machine/p1021rdb.conf new file mode 100644 index 00000000..03a18215 --- /dev/null +++ b/meta-fsl-ppc/conf/machine/p1021rdb.conf @@ -0,0 +1,17 @@ +#@TYPE: Machine +#@Name: Freescale P1021RDB +#@SOC: p1021 +#@DESCRIPTION: Machine configuration for running P1021RDB +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e500v2.inc + +SOC_FAMILY = "p1021" +BOOTFORMAT_CONFIG = "config_sram_p1022ds.dat" +UBOOT_MACHINES ?= "P1021RDB-PC P1021RDB-PC_NAND P1021RDB-PC_SDCARD P1021RDB-PC_SPIFLASH P1021RDB-PC_36BIT P1021RDB-PC_36BIT_SPIFLASH P1021RDB-PC_36BIT_NAND P1021RDB-PC_36BIT_SDCARD" +KERNEL_DEVICETREE ?= "p1021rdb-pc_32b.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/mpc85xx_smp_defconfig" + +JFFS2_ERASEBLOCK = "0x20000" +QE_UCODE ?= "fsl_qe_ucode_1021_10_A.bin" + diff --git a/meta-fsl-ppc/conf/machine/p1022ds.conf b/meta-fsl-ppc/conf/machine/p1022ds.conf new file mode 100644 index 00000000..823131ad --- /dev/null +++ b/meta-fsl-ppc/conf/machine/p1022ds.conf @@ -0,0 +1,26 @@ +#@TYPE: Machine +#@NAME: Freescale P1022DS +#@SOC: p1022 +#@DESCRIPTION: Machine configuration for running P1022DS +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e500v2.inc + +SOC_FAMILY = "p1022" +BOOTFORMAT_CONFIG = "config_sram_p1022ds.dat" +UBOOT_MACHINES ?= "P1022DS P1022DS_NAND P1022DS_SPIFLASH P1022DS_SDCARD P1022DS_36BIT P1022DS_36BIT_SPIFLASH P1022DS_36BIT_NAND P1022DS_36BIT_SDCARD" +KERNEL_DEVICETREE ?= "p1022ds_32b.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/mpc85xx_smp_defconfig" + +PREFERRED_PROVIDER_virtual/xserver ?= "xserver-xorg" + +XSERVER = " \ + xserver-xorg \ + xf86-input-evdev \ + xf86-input-mouse \ + xf86-input-keyboard \ + xf86-video-fbdev \ +" + +JFFS2_ERASEBLOCK = "0x20000" + diff --git a/meta-fsl-ppc/conf/machine/p1023rdb.conf b/meta-fsl-ppc/conf/machine/p1023rdb.conf new file mode 100644 index 00000000..02ec4a59 --- /dev/null +++ b/meta-fsl-ppc/conf/machine/p1023rdb.conf @@ -0,0 +1,15 @@ +#@TYPE: Machine +#@NAME: Freescale P1023RDB +#@SOC: p1023 +#@DESCRIPTION: Machine configuration for running P1023RDB +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e500v2.inc + +SOC_FAMILY = "p1023" +UBOOT_MACHINES ?= "P1023RDB" +KERNEL_DEVICETREE ?= "p1023rdb.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/p1023_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" + diff --git a/meta-fsl-ppc/conf/machine/p1025twr.conf b/meta-fsl-ppc/conf/machine/p1025twr.conf new file mode 100644 index 00000000..0c6bb57a --- /dev/null +++ b/meta-fsl-ppc/conf/machine/p1025twr.conf @@ -0,0 +1,17 @@ +#@TYPE: Machine +#@Name: Freescale P1025TWR +#@SOC: p1025 +#@DESCRIPTION: Machine configuration for running P1025TWR +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e500v2.inc + +SOC_FAMILY = "p1025" +BOOTFORMAT_CONFIG = "config_ddr3_1gb_p1_p2_rdb_pc_667M.dat" +UBOOT_MACHINES ?= "TWR-P1025" +KERNEL_DEVICETREE ?= "p1025twr_32b.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/mpc85xx_smp_defconfig" + +JFFS2_ERASEBLOCK = "0x20000" +QE_UCODE ?= "fsl_qe_ucode_1021_10_A.bin" + diff --git a/meta-fsl-ppc/conf/machine/p2020rdb.conf b/meta-fsl-ppc/conf/machine/p2020rdb.conf new file mode 100644 index 00000000..9544c256 --- /dev/null +++ b/meta-fsl-ppc/conf/machine/p2020rdb.conf @@ -0,0 +1,16 @@ +#@TYPE: Machine +#@Name: Freescale P2020RDB +#@SOC: p2020 +#@DESCRIPTION: Machine configuration for running P2020RDB +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e500v2.inc + +SOC_FAMILY = "p2020" +BOOTFORMAT_CONFIG = "config_sram_p1022ds.dat" +UBOOT_MACHINES ?= " P2020RDB-PC P2020RDB-PC_NAND P2020RDB-PC_SDCARD P2020RDB-PC_SPIFLASH P2020RDB-PC_36BIT P2020RDB-PC_36BIT_SPIFLASH P2020RDB-PC_36BIT_NAND P2020RDB-PC_36BIT_SDCARD" +KERNEL_DEVICETREE ?= "p2020rdb-pc_32b.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/mpc85xx_smp_defconfig" + +JFFS2_ERASEBLOCK = "0x20000" + diff --git a/meta-fsl-ppc/conf/machine/p2041rdb.conf b/meta-fsl-ppc/conf/machine/p2041rdb.conf new file mode 100644 index 00000000..f641a000 --- /dev/null +++ b/meta-fsl-ppc/conf/machine/p2041rdb.conf @@ -0,0 +1,15 @@ +#@TYPE: Machine +#@NAME: Freescale P2041RDB +#@SOC: p2041 +#@DESCRIPTION: Machine configuration for running P2041RDB +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e500mc.inc + +SOC_FAMILY = "p2041" +UBOOT_MACHINES ?= "P2041RDB P2041RDB_NAND P2041RDB_SECURE_BOOT P2041RDB_SDCARD P2041RDB_SPIFLASH" +KERNEL_DEVICETREE ?= "p2041rdb.dtb p2041rdb-usdpaa.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_smp_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" + diff --git a/meta-fsl-ppc/conf/machine/p3041ds.conf b/meta-fsl-ppc/conf/machine/p3041ds.conf new file mode 100644 index 00000000..01c51e40 --- /dev/null +++ b/meta-fsl-ppc/conf/machine/p3041ds.conf @@ -0,0 +1,15 @@ +#@TYPE: Machine +#@NAME: Freescale P3041DS +#@SOC: p3041 +#@DESCRIPTION: Machine configuration for running P3041DS +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e500mc.inc + +SOC_FAMILY = "p3041" +UBOOT_MACHINES ?= "P3041DS P3041DS_NAND P3041DS_SECURE_BOOT P3041DS_SDCARD P3041DS_SPIFLASH" +KERNEL_DEVICETREE ?= "p3041ds.dtb p3041ds-usdpaa.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_smp_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" + diff --git a/meta-fsl-ppc/conf/machine/p4080ds.conf b/meta-fsl-ppc/conf/machine/p4080ds.conf new file mode 100644 index 00000000..1b6fad74 --- /dev/null +++ b/meta-fsl-ppc/conf/machine/p4080ds.conf @@ -0,0 +1,15 @@ +#@TYPE: Machine +#@NAME: Freescale P4080DS +#@SOC: p4080 +#@DESCRIPTION: Machine configuration for running P4080DS +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e500mc.inc + +SOC_FAMILY = "p4080" +UBOOT_MACHINES ?= "P4080DS P4080DS_SECURE_BOOT P4080DS_SDCARD P4080DS_SPIFLASH " +KERNEL_DEVICETREE ?= "p4080ds.dtb p4080ds-usdpaa.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_smp_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" + diff --git a/meta-fsl-ppc/conf/machine/p5020ds-64b.conf b/meta-fsl-ppc/conf/machine/p5020ds-64b.conf new file mode 100644 index 00000000..615157f8 --- /dev/null +++ b/meta-fsl-ppc/conf/machine/p5020ds-64b.conf @@ -0,0 +1,17 @@ +#@TYPE: Machine +#@NAME: Freescale P5020DS-64B +#@SOC: p5020 +#@DESCRIPTION: Machine configuration for running P5020DS in 64-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e5500-64b.inc + +SOC_FAMILY = "p5020" +UBOOT_MACHINES ?= "P5020DS P5020DS_NAND P5020DS_SECURE_BOOT \ + P5020DS_SDCARD P5020DS_SPIFLASH \ +" +KERNEL_DEVICETREE ?= "p5020ds.dtb p5020ds-usdpaa.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet64_smp_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" + diff --git a/meta-fsl-ppc/conf/machine/p5020ds.conf b/meta-fsl-ppc/conf/machine/p5020ds.conf new file mode 100644 index 00000000..7effe1e9 --- /dev/null +++ b/meta-fsl-ppc/conf/machine/p5020ds.conf @@ -0,0 +1,15 @@ +#@TYPE: Machine +#@NAME: Freescale P5020DS +#@SOC: p5020 +#@DESCRIPTION: Machine configuration for running P5020DS in 32-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e5500.inc + +SOC_FAMILY = "p5020" +UBOOT_MACHINES ?= "P5020DS P5020DS_NAND P5020DS_SECURE_BOOT P5020DS_SDCARD P5020DS_SPIFLASH " +KERNEL_DEVICETREE ?= "p5020ds.dtb p5020ds-usdpaa.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_smp_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" + diff --git a/meta-fsl-ppc/conf/machine/p5040ds-64b.conf b/meta-fsl-ppc/conf/machine/p5040ds-64b.conf new file mode 100644 index 00000000..fbbe9e2f --- /dev/null +++ b/meta-fsl-ppc/conf/machine/p5040ds-64b.conf @@ -0,0 +1,15 @@ +#@TYPE: Machine +#@NAME: Freescale P5040DS-64B +#@SOC: p5040 +#@DESCRIPTION: Machine configuration for running P5040DS in 64-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e5500-64b.inc + +SOC_FAMILY = "p5040" +UBOOT_MACHINES ?= "P5040DS P5040DS_NAND P5040DS_SECURE_BOOT P5040DS_SDCARD P5040DS_SPIFLASH" +KERNEL_DEVICETREE ?= "p5040ds.dtb p5040ds-usdpaa.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet64_smp_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" + diff --git a/meta-fsl-ppc/conf/machine/p5040ds.conf b/meta-fsl-ppc/conf/machine/p5040ds.conf new file mode 100644 index 00000000..1cd95120 --- /dev/null +++ b/meta-fsl-ppc/conf/machine/p5040ds.conf @@ -0,0 +1,15 @@ +#@TYPE: Machine +#@NAME: Freescale P5040DS +#@SOC: p5040 +#@DESCRIPTION: Machine configuration for running P5040DS in 32-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e5500.inc + +SOC_FAMILY = "p5040" +UBOOT_MACHINES ?= "P5040DS P5040DS_NAND P5040DS_SECURE_BOOT P5040DS_SDCARD P5040DS_SPIFLASH" +KERNEL_DEVICETREE ?= "p5040ds.dtb p5040ds-usdpaa.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_smp_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" + diff --git a/meta-fsl-ppc/conf/machine/t1024qds-64b.conf b/meta-fsl-ppc/conf/machine/t1024qds-64b.conf new file mode 100644 index 00000000..9dc047cc --- /dev/null +++ b/meta-fsl-ppc/conf/machine/t1024qds-64b.conf @@ -0,0 +1,16 @@ +#@TYPE: Machine +#@NAME: Freescale T1024QDS +#@SOC: t1024 +#@DESCRIPTION: Machine configuration for running T1024QDS in 64-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e5500-64b.inc + +SOC_FAMILY = "t1:t1024" +UBOOT_MACHINES ?= "T1024QDS T1024QDS_D4 T1024QDS_NAND T1024QDS_SDCARD T1024QDS_SPIFLASH T1024QDS_SECURE_BOOT" +KERNEL_DEVICETREE ?= "t1024qds.dtb t1024qds-usdpaa.dtb t1024qds-usdpaa-capwap.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet64_fmanv3_smp_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" +QE_UCODE ?= "iram_Type_A_T1024_r1.0.bin" + diff --git a/meta-fsl-ppc/conf/machine/t1024qds.conf b/meta-fsl-ppc/conf/machine/t1024qds.conf new file mode 100644 index 00000000..dc043a3f --- /dev/null +++ b/meta-fsl-ppc/conf/machine/t1024qds.conf @@ -0,0 +1,16 @@ +#@TYPE: Machine +#@NAME: Freescale T1024QDS +#@SOC: t1024 +#@DESCRIPTION: Machine configuration for running T1024QDS in 32-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e5500.inc + +SOC_FAMILY = "t1:t1024" +UBOOT_MACHINES ?= "T1024QDS T1024QDS_D4 T1024QDS_NAND T1024QDS_SDCARD T1024QDS_SPIFLASH T1024QDS_SECURE_BOOT" +KERNEL_DEVICETREE ?= "t1024qds.dtb t1024qds-usdpaa.dtb t1024qds-usdpaa-capwap.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_fmanv3_smp_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" +QE_UCODE ?= "iram_Type_A_T1024_r1.0.bin" + diff --git a/meta-fsl-ppc/conf/machine/t1024rdb-64b.conf b/meta-fsl-ppc/conf/machine/t1024rdb-64b.conf new file mode 100644 index 00000000..e9e66b21 --- /dev/null +++ b/meta-fsl-ppc/conf/machine/t1024rdb-64b.conf @@ -0,0 +1,16 @@ +#@TYPE: Machine +#@NAME: Freescale T1024RDB +#@SOC: t1024 +#@DESCRIPTION: Machine configuration for running T1024RDB in 64-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e5500-64b.inc + +SOC_FAMILY = "t1:t1024" +UBOOT_MACHINES ?= "T1024RDB T1024RDB_NAND T1024RDB_SDCARD T1024RDB_SPIFLASH T1024RDB_SECURE_BOOT" +KERNEL_DEVICETREE ?= "t1024rdb.dtb t1024rdb-usdpaa.dtb t1024rdb-usdpaa-capwap.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet64_fmanv3_smp_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" +QE_UCODE ?= "iram_Type_A_T1024_r1.0.bin" + diff --git a/meta-fsl-ppc/conf/machine/t1024rdb.conf b/meta-fsl-ppc/conf/machine/t1024rdb.conf new file mode 100644 index 00000000..80d87bdd --- /dev/null +++ b/meta-fsl-ppc/conf/machine/t1024rdb.conf @@ -0,0 +1,16 @@ +#@TYPE: Machine +#@NAME: Freescale T1024RDB +#@SOC: t1024 +#@DESCRIPTION: Machine configuration for running T1024RDB in 32-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e5500.inc + +SOC_FAMILY = "t1:t1024" +UBOOT_MACHINES ?= "T1024RDB T1024RDB_NAND T1024RDB_SDCARD T1024RDB_SPIFLASH T1024RDB_SECURE_BOOT" +KERNEL_DEVICETREE ?= "t1024rdb.dtb t1024rdb-usdpaa.dtb t1024rdb-usdpaa-capwap.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_fmanv3_smp_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" +QE_UCODE ?= "iram_Type_A_T1024_r1.0.bin" + diff --git a/meta-fsl-ppc/conf/machine/t1040rdb-64b.conf b/meta-fsl-ppc/conf/machine/t1040rdb-64b.conf new file mode 100644 index 00000000..6196097e --- /dev/null +++ b/meta-fsl-ppc/conf/machine/t1040rdb-64b.conf @@ -0,0 +1,16 @@ +#@TYPE: Machine +#@NAME: Freescale T1040RDB +#@SOC: t1040 +#@DESCRIPTION: Machine configuration for running T1040RDB in 64-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e5500-64b.inc + +SOC_FAMILY = "t1:t1040" +UBOOT_MACHINES ?= "T1040RDB T1040RDB_SECURE_BOOT" +KERNEL_DEVICETREE ?= "t1040rdb.dtb t1040rdb-usdpaa.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet64_fmanv3_smp_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" +QE_UCODE ?= "iram_Type_A_T1040_r1.0.bin" + diff --git a/meta-fsl-ppc/conf/machine/t1040rdb.conf b/meta-fsl-ppc/conf/machine/t1040rdb.conf new file mode 100644 index 00000000..e70c44b2 --- /dev/null +++ b/meta-fsl-ppc/conf/machine/t1040rdb.conf @@ -0,0 +1,16 @@ +#@TYPE: Machine +#@NAME: Freescale T1040RDB +#@SOC: t1040 +#@DESCRIPTION: Machine configuration for running T1040RDB in 32-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e5500.inc + +SOC_FAMILY = "t1:t1040" +UBOOT_MACHINES ?= "T1040RDB T1040RDB_SECURE_BOOT" +KERNEL_DEVICETREE ?= "t1040rdb.dtb t1040rdb-usdpaa.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_fmanv3_smp_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" +QE_UCODE ?= "iram_Type_A_T1040_r1.0.bin" + diff --git a/meta-fsl-ppc/conf/machine/t1042rdb-64b.conf b/meta-fsl-ppc/conf/machine/t1042rdb-64b.conf new file mode 100644 index 00000000..d60cdd06 --- /dev/null +++ b/meta-fsl-ppc/conf/machine/t1042rdb-64b.conf @@ -0,0 +1,16 @@ +#@TYPE: Machine +#@NAME: Freescale T1042RDB +#@SOC: t1042 +#@DESCRIPTION: Machine configuration for running T1042RDB in 64-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e5500-64b.inc + +SOC_FAMILY = "t1:t1042" +UBOOT_MACHINES ?= "T1042RDB_PI" +KERNEL_DEVICETREE ?= "t1042rdb_pi.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet64_fmanv3_smp_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" +QE_UCODE ?= "iram_Type_A_T1040_r1.0.bin" + diff --git a/meta-fsl-ppc/conf/machine/t1042rdb-pi-64b.conf b/meta-fsl-ppc/conf/machine/t1042rdb-pi-64b.conf new file mode 100644 index 00000000..4ebef183 --- /dev/null +++ b/meta-fsl-ppc/conf/machine/t1042rdb-pi-64b.conf @@ -0,0 +1,25 @@ +#@TYPE: Machine +#@NAME: Freescale T1042RDB-PI +#@SOC: t1042 +#@DESCRIPTION: Machine configuration for running T1042RDB-PI in 64-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e5500-64b.inc + +SOC_FAMILY = "t1:t1042" +UBOOT_MACHINES ?= "T1042RDB_PI" +KERNEL_DEVICETREE ?= "t1042rdb_pi.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet64_fmanv3_smp_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" +QE_UCODE ?= "iram_Type_A_T1040_r1.0.bin" + +PREFERRED_PROVIDER_virtual/xserver ?= "xserver-xorg" +XSERVER = " \ + xserver-xorg \ + xf86-input-evdev \ + xf86-input-mouse \ + xf86-input-keyboard \ + xf86-video-fbdev \ +" + diff --git a/meta-fsl-ppc/conf/machine/t1042rdb-pi.conf b/meta-fsl-ppc/conf/machine/t1042rdb-pi.conf new file mode 100644 index 00000000..60270f04 --- /dev/null +++ b/meta-fsl-ppc/conf/machine/t1042rdb-pi.conf @@ -0,0 +1,24 @@ +#@TYPE: Machine +#@NAME: Freescale T1042RDB-PI +#@SOC: t1042 +#@DESCRIPTION: Machine configuration for running T1042RDB-PI in 32-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e5500.inc + +SOC_FAMILY = "t1:t1042" +UBOOT_MACHINES ?= "T1042RDB_PI" +KERNEL_DEVICETREE ?= "t1042rdb_pi.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_fmanv3_smp_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" +QE_UCODE ?= "iram_Type_A_T1040_r1.0.bin" + +PREFERRED_PROVIDER_virtual/xserver ?= "xserver-xorg" +XSERVER = " \ + xserver-xorg \ + xf86-input-evdev \ + xf86-input-mouse \ + xf86-input-keyboard \ + xf86-video-fbdev \ +" diff --git a/meta-fsl-ppc/conf/machine/t1042rdb.conf b/meta-fsl-ppc/conf/machine/t1042rdb.conf new file mode 100644 index 00000000..b530b0ed --- /dev/null +++ b/meta-fsl-ppc/conf/machine/t1042rdb.conf @@ -0,0 +1,16 @@ +#@TYPE: Machine +#@NAME: Freescale T1042RDB +#@SOC: t1042 +#@DESCRIPTION: Machine configuration for running T1042RDB in 32-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e5500.inc + +SOC_FAMILY = "t1:t1042" +UBOOT_MACHINES ?= "T1042RDB_PI" +KERNEL_DEVICETREE ?= "t1042rdb_pi.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_fmanv3_smp_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" +QE_UCODE ?= "iram_Type_A_T1040_r1.0.bin" + diff --git a/meta-fsl-ppc/conf/machine/t2080qds-64b.conf b/meta-fsl-ppc/conf/machine/t2080qds-64b.conf new file mode 100644 index 00000000..88cb2c98 --- /dev/null +++ b/meta-fsl-ppc/conf/machine/t2080qds-64b.conf @@ -0,0 +1,17 @@ +#@TYPE: Machine +#@NAME: Freescale T2080QDS-64B +#@SOC: t2080 +#@DESCRIPTION: Machine configuration for running T2080QDS in 64-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e6500-64b.inc + +SOC_FAMILY = "t2:t2080" +UBOOT_MACHINES ?= "T2080QDS T2080QDS_SDCARD T2080QDS_SPIFLASH \ + T2080QDS_NAND T2080QDS_SRIO_PCIE_BOOT T2080QDS_SECURE_BOOT \ +" +KERNEL_DEVICETREE ?= "t2080qds.dtb t2080qds-usdpaa.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" + diff --git a/meta-fsl-ppc/conf/machine/t2080qds.conf b/meta-fsl-ppc/conf/machine/t2080qds.conf new file mode 100644 index 00000000..30478e9d --- /dev/null +++ b/meta-fsl-ppc/conf/machine/t2080qds.conf @@ -0,0 +1,17 @@ +#@TYPE: Machine +#@NAME: Freescale T2080QDS +#@SOC: t2080 +#@DESCRIPTION: Machine configuration for running T2080QDS in 32-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e6500.inc + +SOC_FAMILY = "t2:t2080" +UBOOT_MACHINES ?= "T2080QDS T2080QDS_SDCARD T2080QDS_SPIFLASH \ + T2080QDS_NAND T2080QDS_SRIO_PCIE_BOOT T2080QDS_SECURE_BOOT \ +" +KERNEL_DEVICETREE ?= "t2080qds.dtb t2080qds-usdpaa.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" + diff --git a/meta-fsl-ppc/conf/machine/t2080rdb-64b.conf b/meta-fsl-ppc/conf/machine/t2080rdb-64b.conf new file mode 100644 index 00000000..3892ffba --- /dev/null +++ b/meta-fsl-ppc/conf/machine/t2080rdb-64b.conf @@ -0,0 +1,17 @@ +#@TYPE: Machine +#@NAME: Freescale T2080RDB +#@SOC: t2080 +#@DESCRIPTION: Machine configuration for running T2080RDB in 64-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e6500-64b.inc + +SOC_FAMILY = "t2:t2080" +UBOOT_MACHINES ?= "T2080RDB T2080RDB_SDCARD T2080RDB_SPIFLASH \ + T2080RDB_NAND T2080RDB_SRIO_PCIE_BOOT T2080RDB_SECURE_BOOT \ +" +KERNEL_DEVICETREE ?= "t2080rdb.dtb t2080rdb-usdpaa.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" + diff --git a/meta-fsl-ppc/conf/machine/t2080rdb.conf b/meta-fsl-ppc/conf/machine/t2080rdb.conf new file mode 100644 index 00000000..28dca0db --- /dev/null +++ b/meta-fsl-ppc/conf/machine/t2080rdb.conf @@ -0,0 +1,17 @@ +#@TYPE: Machine +#@NAME: Freescale T2080RDB +#@SOC: t2080 +#@DESCRIPTION: Machine configuration for running T2080RDB in 32-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e6500.inc + +SOC_FAMILY = "t2:t2080" +UBOOT_MACHINES ?= "T2080RDB T2080RDB_SDCARD T2080RDB_SPIFLASH \ + T2080RDB_NAND T2080RDB_SRIO_PCIE_BOOT T2080RDB_SECURE_BOOT \ +" +KERNEL_DEVICETREE ?= "t2080rdb.dtb t2080rdb-usdpaa.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" + diff --git a/meta-fsl-ppc/conf/machine/t4160qds-64b.conf b/meta-fsl-ppc/conf/machine/t4160qds-64b.conf new file mode 100644 index 00000000..c63aba88 --- /dev/null +++ b/meta-fsl-ppc/conf/machine/t4160qds-64b.conf @@ -0,0 +1,15 @@ +#@TYPE: Machine +#@NAME: Freescale T4160QDS-64B +#@SOC: t4160 +#@DESCRIPTION: Machine configuration for running T4160QDS in 64-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e6500-64b.inc + +SOC_FAMILY = "t4:t4160" +UBOOT_MACHINES ?= "T4160QDS T4160QDS_SECURE_BOOT" +KERNEL_DEVICETREE ?= "t4240qds.dtb t4240qds-usdpaa.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" + diff --git a/meta-fsl-ppc/conf/machine/t4160qds.conf b/meta-fsl-ppc/conf/machine/t4160qds.conf new file mode 100644 index 00000000..83fb5c84 --- /dev/null +++ b/meta-fsl-ppc/conf/machine/t4160qds.conf @@ -0,0 +1,15 @@ +#@TYPE: Machine +#@NAME: Freescale T4160QDS +#@SOC: t4160 +#@DESCRIPTION: Machine configuration for running T4160QDS in 32-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e6500.inc + +SOC_FAMILY = "t4:t4160" +UBOOT_MACHINES ?= "T4160QDS T4160QDS_SECURE_BOOT" +KERNEL_DEVICETREE ?= "t4240qds.dtb t4240qds-usdpaa.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" + diff --git a/meta-fsl-ppc/conf/machine/t4240qds-64b.conf b/meta-fsl-ppc/conf/machine/t4240qds-64b.conf new file mode 100644 index 00000000..006c2c1f --- /dev/null +++ b/meta-fsl-ppc/conf/machine/t4240qds-64b.conf @@ -0,0 +1,15 @@ +#@TYPE: Machine +#@NAME: Freescale T4240QDS-64B +#@SOC: t4240 +#@DESCRIPTION: Machine configuration for running T4240QDS in 64-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e6500-64b.inc + +SOC_FAMILY = "t4:t4240" +UBOOT_MACHINES ?= "T4240QDS T4240QDS_SECURE_BOOT" +KERNEL_DEVICETREE ?= "t4240qds.dtb t4240qds-usdpaa.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" + diff --git a/meta-fsl-ppc/conf/machine/t4240qds.conf b/meta-fsl-ppc/conf/machine/t4240qds.conf new file mode 100644 index 00000000..fe67584c --- /dev/null +++ b/meta-fsl-ppc/conf/machine/t4240qds.conf @@ -0,0 +1,15 @@ +#@TYPE: Machine +#@NAME: Freescale T4240QDS +#@SOC: t4240 +#@DESCRIPTION: Machine configuration for running T4240QDS in 32-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e6500.inc + +SOC_FAMILY = "t4:t4240" +UBOOT_MACHINES ?= "T4240QDS T4240QDS_SECURE_BOOT" +KERNEL_DEVICETREE ?= "t4240qds.dtb t4240qds-usdpaa.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" + diff --git a/meta-fsl-ppc/conf/machine/t4240rdb-64b.conf b/meta-fsl-ppc/conf/machine/t4240rdb-64b.conf new file mode 100644 index 00000000..09740664 --- /dev/null +++ b/meta-fsl-ppc/conf/machine/t4240rdb-64b.conf @@ -0,0 +1,15 @@ +#@TYPE: Machine +#@NAME: Freescale T4240RDB +#@SOC: t4240 +#@DESCRIPTION: Machine configuration for running T4240RDB in 64-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e6500-64b.inc + +SOC_FAMILY = "t4:t4240" +UBOOT_MACHINES ?= "T4240RDB" +KERNEL_DEVICETREE ?= "t4240rdb.dtb t4240rdb-usdpaa.dtb t4240rdb-usdpaa-shared-interfaces.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" + diff --git a/meta-fsl-ppc/conf/machine/t4240rdb.conf b/meta-fsl-ppc/conf/machine/t4240rdb.conf new file mode 100644 index 00000000..e4c31f90 --- /dev/null +++ b/meta-fsl-ppc/conf/machine/t4240rdb.conf @@ -0,0 +1,15 @@ +#@TYPE: Machine +#@NAME: Freescale T4240RDB +#@SOC: t4240 +#@DESCRIPTION: Machine configuration for running T4240RDB in 32-bit mode +#@MAINTAINER: Chunrong Guo <B40290@freescale.com> + +require conf/machine/include/e6500.inc + +SOC_FAMILY = "t4:t4240" +UBOOT_MACHINES ?= "T4240RDB" +KERNEL_DEVICETREE ?= "t4240rdb.dtb t4240rdb-usdpaa.dtb t4240rdb-usdpaa-shared-interfaces.dtb" +KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig" + +JFFS2_ERASEBLOCK = "0x10000" + diff --git a/meta-fsl-ppc/custom-licenses/Cortina b/meta-fsl-ppc/custom-licenses/Cortina new file mode 100644 index 00000000..a68417c5 --- /dev/null +++ b/meta-fsl-ppc/custom-licenses/Cortina @@ -0,0 +1,51 @@ +DEFINITIONS:“Device” is the product described in this document or document set. “Cortina” is Cortina Systems, Inc. +“Software” is the software used with the Device, including the Application Programmable Interface (“API”). “You” are a +customer, or potential customer, of Devices with whom Cortina has an NDA. +LICENSE:Subject to the restrictions below, Cortina grants to You a non-exclusive, non-assignable, non-transferable, +royalty-free copyright license to (1) copy and modify the source code of the API; (2) incorporate the API in object code +form or as a library into Your software which is solely used with Your products (that incorporate the Devices); and (3) +distribute to Your customer, inobject code form only, the API. +RESTRICTIONS:The Software must be used solely in conjunction with the Devices and solely for Your internal +evaluation, demonstration, software application development anddistribution for production purposes, either with an +Cortina platform that contains the Device or with Your own product that incorporates the Device. Notwithstanding +anything to the contrary, the API can be incorporated into Your software as described above and distributed to Your +customers in object code form only. You may not distribute the Software as a stand-alone product. You shall not cause +the incorporation, modification or distribution of the Software to become subject to any open source licenses. You will +make reasonable efforts to discontinue the distribution of any portions of the Software that You are licensed hereunder +to distribute upon Cortina’s release of an update, upgrade or new version of the Software. You agree that You are +solely responsible for supporting any code which You modify, incorporate or distribute. You may not reverse-assemble, +reverse-compile, or otherwise reverse-engineer any Software provided in binary or machine readable form. +Distribution of the Software is also subject to the following limitations: You (i) are solely responsible to Your customers +for any update or support obligation or other liability which may arise from the modification, incorporation, and +distribution of the Software, (ii) do notmake any statement that Your product is“certified,” or that its performance is +guaranteed, by Cortina, (iii) do not use Cortina's name or trademarks to market Your product without prior written +permission, (iv) shall prohibit disassembly and reverse engineering, and (v) shall indemnify, hold harmless, and defend +Cortina and its suppliers from and against any claims or lawsuits, including attorney's fees, that arise or result from +Your distribution of any product. +OWNERSHIP OF SOFTWARE AND COPYRIGHTS.The title to all copies of the Software remains with Cortina or its +suppliers. The Software is copyrighted and protected by the laws of the United States and other countries, and +international treaty provisions. You may not remove any copyright notices from the Software. Cortina may make +changes to the Software, or to items referenced therein, at any timewithout notice, but is not obligated to support or +update the Software. Except as otherwise expressly provided,Cortina grants no express or implied right under Cortina +patents, copyrights, trademarks, or other intellectual property rights. +DISCLAIMER OF WARRANTIES.THE SOFTWARE IS PROVIDED “AS IS” WITHOUT ANY EXPRESS OR IMPLIED +WARRANTY OF ANY KIND. CORTINA AND ITS SUPPLIERSHEREBY DISCLAIM ALL WARRANTIES, INCLUDING +ANY IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT, OR FITNESS FOR A PARTICULAR +PURPOSE. +LIMITATION OF LIABILITY.IN NO EVENT SHALL CORTINA OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES +WHATSOEVER (INCLUDING, WITHOUT LIMITATION, LOST PROFITS, BUSINESS INTERRUPTION, OR LOST +INFORMATION) ARISING OUT OF THE USE OF OR INABILITY TO USE THE SOFTWARE, EVEN IF CORTINA HAS +BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. +TERMINATION OF THIS LICENSE.Cortina may terminate this license at any time if You violate its terms. Upon +termination, You will immediately destroy the Software or return all copies of the Software to Cortina. +APPLICABLE LAWS.Claims arising under this license shall be governed by the laws of the State of Delaware, +excluding its principles of conflict of laws. The provisions of the United Nations Convention on Contracts for the +International Sale of Goods shall not apply to this license.You shall not export, either directly or indirectly, any +Software or derived object code without first obtaining any required license or other approval from the applicable +governmental entity, including the U.S. Department of Commerce or any other agency or department of the United +States Government if required. This isthe entire agreement and understanding between You and Cortina relating to +this subject matter, and no amendments will be effective unless in a writing signed by both parties. +GOVERNMENT RESTRICTED RIGHTS.The Software is provided with “RESTRICTED RIGHTS.” Use, duplication, or +disclosure by the Government issubject to restrictions as set forth in FAR52.227-14 and DFAR252.227-7013 et seq. or +its successor. Use of the Software by the Government constitutes acknowledgment of Cortina's proprietary rights +therein. Contractor or Manufacturer is Cortina. diff --git a/meta-fsl-ppc/custom-licenses/Freescale-EULA b/meta-fsl-ppc/custom-licenses/Freescale-EULA new file mode 100644 index 00000000..2122a1fd --- /dev/null +++ b/meta-fsl-ppc/custom-licenses/Freescale-EULA @@ -0,0 +1,214 @@ +IMPORTANT. Read the following Freescale Software License Agreement ("Agreement") +completely. By selecting the "I Accept" button at the end of this page, you +indicate that you accept the terms of the Freescale Proprietary Software License +Agreement and you also acknowledge that you have the authority, on behalf of your +company, to bind your company to such terms. You may then download or install the +file. + +FREESCALE PROPRIETARY SOFTWARE LICENSE AGREEMENT +This is a license agreement ("Agreement") between you (either as an individual +or as an authorized representative acting on behalf of your employer) and Freescale +Semiconductor, Inc. ("Freescale"). It concerns your rights to use the software +provided to you in binary or source code form and any accompanying written materials +(the "Software"). The Software may include any updates or error corrections or +documentation relating to the Software provided to you by Freescale under this +License. In consideration for Freescale allowing you to access the Software, you are +agreeing to be bound by the terms of this Agreement. If you do not agree to all of +the terms of this Agreement, do not download or install the Software. If you change +your mind later, stop using the Software and delete all copies of the Software in +your possession or control. Any copies of the Software that you have already +distributed, where permitted, and do not destroy will continue to be governed by +this Agreement. Your prior use will also continue to be governed by this Agreement. + +1. LICENSE GRANT. Freescale grants to you, free of charge, the non-exclusive, +non-transferable, non-sublicensable right (1) to use the Software, (2) to reproduce +the Software, (3) to prepare derivative works of the Software, (4) to distribute the +Software and derivative works thereof in object (machine-readable) form as part of +a programmable processing unit (e.g. a microprocessor, microcontroller, or digital +signal processor) supplied directly or indirectly from Freescale ("Freescale +System") and (5) to sublicense to others the right to use the distributed Software, +provided that any and all such sublicenses include the same terms and conditions of +this Agreement. Notwithstanding the limitation on damages in Section 8, Licensee +will indemnify, defend, and hold harmless Freescale against any and all claims, +costs, damages, liabilities, judgments and attorneys' fees resulting from or +arising out of any breach by the sublicensee, or resulting from or arising out of +any action by the sublicensee inconsistent with this Agreement. +You must notify Freescale, in writing, any time you create a derivative of the +Software. Freescale owns all derivatives created from the Software, and derivatives +are licensed to you under the same terms as the Software under this Agreement. Upon +request, you must provide Freescale the source code of any derivative of the Software. +If you violate any of the terms or restrictions of this Agreement, Freescale may +immediately terminate this Agreement, and require that you stop using and delete all +copies of the Software and any derivative in your possession or control. Any license +granted above only extends to Freescale's intellectual property rights that would +be necessarily infringed by the Software as provided to you by Freescale and as used +within the scope of the licenses granted. You must advise Freescale of any results +obtained including any problems or suggested improvements thereof. Freescale retains +the right to use such results and related information in any manner it deems +appropriate. + +2. OTHER RESTRICTIONS. Subject to the license grant above, the following restrictions + apply: + +a. Freescale reserves all rights not expressly granted herein. +b. You may not rent, lease, sublicense, lend or encumber the Software, unless + otherwise expressly agreed to within this Agreement +c. You may not distribute, manufacture, have manufactured, sublicense or otherwise + reproduce the Software for purposes other than intended in this Agreement. +d. You may not remove or alter any proprietary legends, notices, or trademarks + contained in the Licensed Software, +e. The terms and conditions of this Agreement will apply to any Software updates, + provided to you at Freescale's discretion, that replace and/or supplement the + original Software, unless such update contains a separate license. +f. You may not translate, reverse engineer, decompile, or disassemble the Software + provided to you solely in object code format (machine readable) except to the + extent applicable law specifically prohibits such restriction. You will prohibit + your sublicensees from translating, reverse engineering, decompiling, or + disassembling the Software except to the extent applicable law specifically + prohibits such restriction. + +3. OPEN SOURCE. You are about to download or install certain software that is +subject to various open source licenses such as the Apache License, the BSD license, +the Free Software Foundation General Public License and Lesser General Public +License, the Mozilla Public License and others. Your use of such open source +software is subject to the terms of each applicable license. You must agree to the +terms of each such applicable license, or you should not use the open source software. +Any open source license that is incompatible with the terms of this Agreement +supersedes the terms of this Agreement. + +4. COPYRIGHT. The Software is licensed to you, not sold. Freescale owns the +Software, and United States copyright laws and international treaty provisions +protect the Software. Therefore, you must treat the Software like any other +copyrighted material (e.g. a book or musical recording). You may not use or +copy the Software for any other purpose than what is described in this Agreement. +Except as expressly provided herein, Freescale does not grant to you any express or +implied rights under any Freescale or third party patents, copyrights, trademarks, +or trade secrets. Additionally, you must reproduce and apply any copyright or other +proprietary rights notices included on or embedded in the Software to any copies +made thereof, in whole or in part, if any. You may not remove any copyright +notices of Freescale incorporated in the Software. + +5. TERM AND TERMINATION. The term of this Agreement shall commence on the date +of installation or download and shall continue perpetually, unless earlier +terminated in accordance with this Agreement. Freescale has the right to terminate +this Agreement without notice and require that you stop using and delete all copies +of the Software in your possession or control if you violate any of the terms or +restrictions of this Agreement. Freescale may terminate this Agreement should any +of the Software become, or in Freescale's reasonable opinion is likely to become, +the subject of a claim of intellectual infringement or trade secret misappropriation. +Upon termination, you must cease use of and destroy, the Software and confirm +compliance in writing to Freescale. Upon termination, the license granted pursuant +to this Agreement immediately terminates and the provisions of Sections 4 through +18 will survive any termination of this Agreement. + +6. SUPPORT. Freescale is NOT obligated to provide any support, upgrades or new +releases of the Software. If you wish, you may contact Freescale and report problems +and provide suggestions regarding the Software. Freescale has no obligation +whatsoever to respond in any way to such a problem report or suggestion. Freescale +may make changes to the Software at any time, without any obligation to notify or +provide updated versions of the Software to you. + +7. NO WARRANTY. TO THE MAXIMUM EXTENT PERMITTED BY LAW, FREESCALE EXPRESSLY +DISCLAIMS ANY WARRANTY FOR THE SOFTWARE. THE SOFTWARE IS PROVIDED "AS IS", +WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT +LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR +PURPOSE, OR NON-INFRINGEMENT. YOU ASSUME THE ENTIRE RISK ARISING OUT OF THE USE +OR PERFORMANCE OF THE SOFTWARE, OR ANY SYSTEMS YOU DESIGN USING THE SOFTWARE (IF +ANY). NOTHING IN THIS AGREEMENT MAY BE CONSTRUED AS A WARRANTY OR REPRESENTATION +BY FREESCALE THAT THE SOFTWARE OR ANY DERIVATIVE WORK DEVELOPED WITH OR INCORPORATING +THE SOFTWARE WILL BE FREE FROM INFRINGEMENT OF THE INTELLECTUAL PROPERTY RIGHTS OF +THIRD PARTIES. + +8. INDEMNITY. You agree to fully defend and indemnify Freescale from any and all +claims, liabilities, and costs (including reasonable attorney's fees) related to +(1) your use (including your sublicensee's use, if permitted) of the Software or +(2) your violation of the terms and conditions of this Agreement. + +9. LIMITATION OF LIABILITY. IN NO EVENT WILL FREESCALE BE LIABLE, WHETHER IN +CONTRACT, TORT, OR OTHERWISE, FOR ANY INCIDENTAL, SPECIAL, INDIRECT, CONSEQUENTIAL +OR PUNITIVE DAMAGES, INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR ANY LOSS OF USE, +LOSS OF TIME, INCONVENIENCE, COMMERCIAL LOSS, OR LOST PROFITS, SAVINGS, OR REVENUES +TO THE FULL EXTENT SUCH MAY BE DISCLAIMED BY LAW EVEN IF INFORMED IN ADVANCE OF THE +POSSIBILITY OF SUCH DAMAGES. FREESCALE'S LIABILITY WILL IN ANY EVENT AND UNDER ANY +THEORY OF RECOVERY BE LIMITED TO THE TOTAL AMOUNT RECEIVED BY FREESCALE UNDER THIS +AGREEMENT. + +10. COMPLIANCE WITH LAWS; EXPORT RESTRICTIONS. You must not resell, re-export, or +provide, directly or indirectly, the licensed software or direct product thereof, +in any form without obtaining appropriate export or re-export licenses from the +United States Government and from the country from which the export or re-export +is to occur. An export occurs when products, technology, or software is transferred +from one country to another by any means, including physical shipments, FTP file +transfers, E-mails, faxes, remote server access, conversations, and the like. An +export also occurs when technology or software is transferred to a foreign national +in the United States, or foreign national of the country in which the business +activity is taking place. A foreign national is any person who is neither a citizen +nor permanent resident of the United States, or the country in which the business +activity is taking place. Furthermore, if an export/import license, permit or other +government required authority (collectively referred to as "government +authorization") is required to transfer technology, software, hardware or other +Freescale property to non- Freescale party(ies) and is not approved, then Freescale +is not obligated to transfer the Software under this Agreement until such +"government authorization" is granted.. + +11. GOVERNMENT RIGHTS. The Licensed Software is a "Commercial Item as defined in +48 C.F.R. $2.101, consisting of "Commercial Computer Software" and "Commercial +Computer Software Documentation," as such terms are used in 48 C.F.R. $ 12.212 or +48 C.F.R. $227.7202, as applicable and are only licensed to U.S. Government end +users with the rights as are set forth herein.. + +12. HIGH RISK ACTIVITIES. You acknowledge that the Software is not fault tolerant +and is not designed, manufactured or intended by Freescale for incorporation into +products intended for use or resale in on-line control equipment in hazardous, +dangerous to life or potentially life-threatening environments requiring fail-safe + performance, such as in the operation of nuclear facilities, aircraft navigation + or communication systems, air traffic control, direct life support machines or +weapons systems, in which the failure of products could lead directly to death, +personal injury or severe physical or environmental damage ("High Risk Activities"). + You specifically represent and warrant that you will not use the Software or any +derivative work of the Software for High Risk Activities. + +13. CHOICE OF LAW; VENUE; LIMITATIONS. You agree that the statutes and laws of the +United States and the State of Texas, USA, without regard to conflicts of laws +principles, will apply to all matters relating to this Agreement or the Software, +and you agree that any litigation will be subject to the exclusive jurisdiction of +the state or federal courts in Texas, USA. You agree that regardless of any +statute or law to the contrary, any claim or cause of action arising out of or +related to this Agreement or the Software must be filed within one (1) year after +such claim or cause of action arose or be forever barred. + +14. CONFIDENTIAL INFORMATION. You must treat the Software as confidential +information and you agree to retain the Software in confidence perpetually, with +respect to Software in source code form (human readable), or for a period of five +(5) years from the date of termination of this Agreement, with respect to all other +parts of the Software. During this period you may not disclose any part of the +Software to anyone other than employees who have a need to know of the Software and + who have executed written agreements obligating them to protect such Licensed +Software to at least the same degree of care as in this Agreement. You agree to use + the same degree of care, but no less than a reasonable degree of care, with the +Software as you do with your own confidential information. You may disclose Software + to the extent required by a court or under operation of law or order provided that + you notify Freescale of such requirement prior to disclosure, which you only +disclose information required, and that you allow Freescale the opportunity to +object to such court or other legal body requiring such disclosure. + +15. PRODUCT LABELING. You are not authorized to use any Freescale trademarks, +brand names, or logos. + +16. ENTIRE AGREEMENT. This Agreement constitutes the entire agreement between you +and Freescale regarding the subject matter of this Agreement, and supersedes all +prior communications, negotiations, understandings, agreements or representations, +either written or oral, if any. This Agreement may only be amended in written form, +executed by you and Freescale. + +17. SEVERABILITY. If any provision of this Agreement is held for any reason to be +invalid or unenforceable, then the remaining provisions of this Agreement will be +unimpaired and, unless a modification or replacement of the invalid or unenforceable +provision is further held to deprive you or Freescale of a material benefit, in +which case the Agreement will immediately terminate, the invalid or unenforceable +provision will be replaced with a provision that is valid and enforceable and that +comes closest to the intention underlying the invalid or unenforceable provision. + +18. NO WAIVER. The waiver by Freescale of any breach of any provision of this +Agreement will not operate or be construed as a waiver of any other or a subsequent +breach of the same or a different provision. diff --git a/meta-fsl-ppc/custom-licenses/TestFloat b/meta-fsl-ppc/custom-licenses/TestFloat new file mode 100644 index 00000000..1a1a23fe --- /dev/null +++ b/meta-fsl-ppc/custom-licenses/TestFloat @@ -0,0 +1,24 @@ +Written by John R. Hauser. This work was made possible in part by the +International Computer Science Institute, located at Suite 600, 1947 Center +Street, Berkeley, California 94704. Funding was partially provided by the +National Science Foundation under grant MIP-9311980. The original version +of this code was written as part of a project to build a fixed-point vector +processor in collaboration with the University of California at Berkeley, +overseen by Profs. Nelson Morgan and John Wawrzynek. More information +is available through the Web page `http://www.cs.berkeley.edu/~jhauser/ +arithmetic/SoftFloat.html'. + +THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE. Although reasonable effort has +been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT TIMES +RESULT IN INCORRECT BEHAVIOR. USE OF THIS SOFTWARE IS RESTRICTED TO PERSONS +AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ALL LOSSES, +COSTS, OR OTHER PROBLEMS THEY INCUR DUE TO THE SOFTWARE, AND WHO FURTHERMORE +EFFECTIVELY INDEMNIFY JOHN HAUSER AND THE INTERNATIONAL COMPUTER SCIENCE +INSTITUTE (possibly via similar legal warning) AGAINST ALL LOSSES, COSTS, OR +OTHER PROBLEMS INCURRED BY THEIR CUSTOMERS AND CLIENTS DUE TO THE SOFTWARE. + +Derivative works are acceptable, even for commercial purposes, so long as +(1) the source code for the derivative work includes prominent notice that +the work is derivative, and (2) the source code includes prominent notice with +these four paragraphs for those parts of this code that are retained. + diff --git a/meta-fsl-ppc/openembedded-layer/recipes-devtools/luajit/luajit/ppc-fixplt.patch b/meta-fsl-ppc/openembedded-layer/recipes-devtools/luajit/luajit/ppc-fixplt.patch new file mode 100644 index 00000000..b9f17f4e --- /dev/null +++ b/meta-fsl-ppc/openembedded-layer/recipes-devtools/luajit/luajit/ppc-fixplt.patch @@ -0,0 +1,105 @@ +Upstream-Status: Unknown + +Signed-off-by: Khem Raj <raj.khem@gmail.com> + +libluajit is having symbols that can't be +resolved the reloc cannot accommodate an offset greater than 24 bits. + +Looking at libluajit with readelf -r, you see a bunch of entries that look like: + 000082f0 00003c0a R_PPC_REL24 00000000 sqrt + 0 + +These should not occur when the code is compiled and linked with -fPIC. + +It turns out that libluajit *is* compiled and linked with -fPIC, however... +There is one assembler file called lj_vm.s which is generated during the build. +This file is missing the `@plt' qualifier from external references. + +This file is generated by a program called buildvm. This in turn uses tables +in a file called buildvm_arch.h which is generated by dynasm.lua. + +Index: LuaJIT-2.0.1/src/host/buildvm.c +=================================================================== +--- LuaJIT-2.0.1.orig/src/host/buildvm.c 2013-02-19 12:15:00.000000000 -0800 ++++ LuaJIT-2.0.1/src/host/buildvm.c 2013-05-14 20:26:05.933444512 -0700 +@@ -107,12 +107,14 @@ + #endif + sprintf(name, "%s%s%s", symprefix, prefix, suffix); + p = strchr(name, '@'); ++#if 0 + if (p) { + if (!LJ_64 && (ctx->mode == BUILD_coffasm || ctx->mode == BUILD_peobj)) + name[0] = '@'; + else + *p = '\0'; + } ++#endif + p = (char *)malloc(strlen(name)+1); /* MSVC doesn't like strdup. */ + strcpy(p, name); + return p; +Index: LuaJIT-2.0.1/src/vm_ppcspe.dasc +=================================================================== +--- LuaJIT-2.0.1.orig/src/vm_ppcspe.dasc 2013-02-19 12:15:00.000000000 -0800 ++++ LuaJIT-2.0.1/src/vm_ppcspe.dasc 2013-05-14 20:26:05.937444512 -0700 +@@ -1390,7 +1390,7 @@ + | checknum CARG2 + | evmergehi CARG1, CARG2, CARG2 + | checkfail ->fff_fallback +- | bl extern func ++ | bl extern func@plt + | evmergelo CRET1, CRET1, CRET2 + | b ->fff_restv + |.endmacro +@@ -1405,7 +1405,7 @@ + | checknum CARG1 + | evmergehi CARG3, CARG4, CARG4 + | checkanyfail ->fff_fallback +- | bl extern func ++ | bl extern func@plt + | evmergelo CRET1, CRET1, CRET2 + | b ->fff_restv + |.endmacro +@@ -1437,7 +1437,7 @@ + | checknum CARG2 + | evmergehi CARG1, CARG2, CARG2 + | checkfail ->fff_fallback +- | bl extern log ++ | bl extern log@plt + | evmergelo CRET1, CRET1, CRET2 + | b ->fff_restv + | +@@ -1471,7 +1471,7 @@ + | checknum CARG1 + | checkanyfail ->fff_fallback + | efdctsi CARG3, CARG4 +- | bl extern ldexp ++ | bl extern ldexp@plt + | evmergelo CRET1, CRET1, CRET2 + | b ->fff_restv + | +@@ -1484,7 +1484,7 @@ + | checkfail ->fff_fallback + | la CARG3, DISPATCH_GL(tmptv)(DISPATCH) + | lwz PC, FRAME_PC(BASE) +- | bl extern frexp ++ | bl extern frexp@plt + | lwz TMP1, DISPATCH_GL(tmptv)(DISPATCH) + | evmergelo CRET1, CRET1, CRET2 + | efdcfsi CRET2, TMP1 +@@ -1503,7 +1503,7 @@ + | checkfail ->fff_fallback + | la CARG3, -8(BASE) + | lwz PC, FRAME_PC(BASE) +- | bl extern modf ++ | bl extern modf@plt + | evmergelo CRET1, CRET1, CRET2 + | la RA, -8(BASE) + | evstdd CRET1, 0(BASE) +@@ -2399,7 +2399,7 @@ + | checknum CARG1 + | evmergehi CARG3, CARG4, CARG4 + | checkanyfail ->vmeta_arith_vv +- | bl extern pow ++ | bl extern pow@plt + | evmergelo CRET2, CRET1, CRET2 + | evstddx CRET2, BASE, RA + | ins_next diff --git a/meta-fsl-ppc/openembedded-layer/recipes-devtools/luajit/luajit_%.bbappend b/meta-fsl-ppc/openembedded-layer/recipes-devtools/luajit/luajit_%.bbappend new file mode 100644 index 00000000..8c6138c5 --- /dev/null +++ b/meta-fsl-ppc/openembedded-layer/recipes-devtools/luajit/luajit_%.bbappend @@ -0,0 +1,4 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:" + +SRC_URI_append_qoriq-ppc = " file://ppc-fixplt.patch " + diff --git a/meta-fsl-ppc/recipes-bsp/apptrk/apptrk_git.bb b/meta-fsl-ppc/recipes-bsp/apptrk/apptrk_git.bb new file mode 100644 index 00000000..09d5de59 --- /dev/null +++ b/meta-fsl-ppc/recipes-bsp/apptrk/apptrk_git.bb @@ -0,0 +1,20 @@ +DESCRIPTION = "Userspace debug agent for PA CodeWarrior" +LICENSE = "Freescale-EULA" +LIC_FILES_CHKSUM = "file://COPYING;md5=95560debfde180684364319811cc1421" + +DEPENDS = "elfutils" + +SRC_URI = "git://git.freescale.com/ppc/sdk/apptrk.git;nobranch=1" +SRCREV = "cbed10997c5e2a4aaa004fb0e1efec858bf1bbe1" + +S = "${WORKDIR}/git" + +CFLAGS += " -I${STAGING_INCDIR} -ISource/Linux -ISource/Portable \ + -ISource/Linux_PA -ISource/PA -DPPC \ +" +CFLAGS_append_powerpc64 = " -DENABLE_64BIT_SUPPORT" + +do_install() { + install -d ${D}/usr/bin + oe_runmake install DESTDIR=${D} +} diff --git a/meta-fsl-ppc/recipes-bsp/boot-format/boot-format/flags.patch b/meta-fsl-ppc/recipes-bsp/boot-format/boot-format/flags.patch new file mode 100644 index 00000000..cddb34cd --- /dev/null +++ b/meta-fsl-ppc/recipes-bsp/boot-format/boot-format/flags.patch @@ -0,0 +1,21 @@ +Index: git/Makefile +=================================================================== +--- git.orig/Makefile ++++ git/Makefile +@@ -3,14 +3,14 @@ + INSTALL=install + PREFIX=/usr + +-CFLAGS=-Wall ++override CFLAGS+=-Wall + + all: boot_format + + boot_format.o: boot_format.c boot_format.h + + boot_format: boot_format.o +- $(CC) $< -o $@ ++ $(CC) $(CFLAGS) $< -o $@ $(LDFLAGS) + + install: boot_format + $(INSTALL) -d $(DESTDIR)$(PREFIX)/bin diff --git a/meta-fsl-ppc/recipes-bsp/boot-format/boot-format_git.bb b/meta-fsl-ppc/recipes-bsp/boot-format/boot-format_git.bb new file mode 100644 index 00000000..2d9f9b1d --- /dev/null +++ b/meta-fsl-ppc/recipes-bsp/boot-format/boot-format_git.bb @@ -0,0 +1,20 @@ +DESCRIPTION = "Boot format utility for booting from eSDHC/eSPI" +LICENSE = "GPLv2" +PR = "r6" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" + +SRC_URI = "git://git.freescale.com/ppc/sdk/boot-format.git;nobranch=1 \ + file://flags.patch" +SRCREV = "4eb81a6797ef4e58bf7d9b2d58afb37a21c1f550" + +S = "${WORKDIR}/git" +EXTRA_OEMAKE = 'CC="${CC}" CFLAGS="${CFLAGS}" LDFLAGS="${LDFLAGS}"' + +do_install(){ + oe_runmake DESTDIR=${D} PREFIX=${prefix} install +} + +PACKAGES =+ "${PN}-config" +FILES_${PN}-config += "${datadir}/*" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-fsl-ppc/recipes-bsp/ipc/ipc-ust_git.bb b/meta-fsl-ppc/recipes-bsp/ipc/ipc-ust_git.bb new file mode 100644 index 00000000..c6b3cfe6 --- /dev/null +++ b/meta-fsl-ppc/recipes-bsp/ipc/ipc-ust_git.bb @@ -0,0 +1,50 @@ +SUMMARY = "Linux IPC Userspace Tool" +DESCRIPTION = "DSP boot application and ipc test application" +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://COPYING;md5=fa38cd73d71527dc6efb546474f64d10" + +require ipc.inc + +S = "${WORKDIR}/git" + +# workaround for issue of parallel build, required a actual fix in ipc source +PARALLEL_MAKE = "" + +EXTRA_OEMAKE = 'CROSS_COMPILE="${TARGET_PREFIX}" CC="${CC}" AR="${AR}"' + +do_compile () { + case ${MACHINE} in + bsc9132qds|bsc9131rdb) SOC=B913x;; + b4860qds|b4420qds|b4860qds-64b) SOC=B4860;; + esac + oe_runmake ${SOC}=1 +} + +do_install () { + install -d ${D}${bindir} + install -d ${D}${includedir} + install -d ${D}/ipc + install -m 755 ${S}/dsp_boot/dsp_bt ${D}/ipc + install -m 755 ${S}/ipc/ipc_test ${D}/ipc + install -m 755 ${S}/ipc/ipc_test67 ${D}/ipc + install -m 755 ${S}/ipc/l1d_app ${D}/ipc + install -m 755 ${S}/fsl_shm/app ${D}${bindir}/lg_shm_test + install -d ${D}${base_libdir} + install -m 755 ${S}/ipc/libipc.so ${D}${base_libdir} + install -m 755 ${S}/ipc/libmem.so ${D}${base_libdir} + install -m 755 ${S}/ipc/libdspboot.so ${D}${base_libdir} + install -d ${D}${includedir}/ipc + install -d ${D}${includedir}/ipc/ipc/include + install -d ${D}${includedir}/ipc/fsl_shm/lib + install ${S}/ipc/include/*.h ${D}${includedir}/ipc/ipc/include + install ${S}/dsp_boot/*.h ${D}${includedir}/ipc/ipc/include + install ${S}/kernel/fsl_ipc_types.h ${D}${includedir}/ipc/ipc/include + install ${S}/kernel/fsl_heterogeneous_common.h ${D}${includedir}/ipc/ipc/include + install ${S}/kernel/fsl_heterogeneous_l1_defense.h ${D}${includedir}/ipc/ipc/include + install ${S}/fsl_shm/include/*.h ${D}${includedir}/ipc/ipc/include + install ${S}/fsl_shm/lib/*.h ${D}${includedir}/ipc/fsl_shm/lib +} + +FILES_${PN} += "/ipc/*" +FILES_${PN}-dbg += "/ipc/.debug" + diff --git a/meta-fsl-ppc/recipes-bsp/ipc/ipc.inc b/meta-fsl-ppc/recipes-bsp/ipc/ipc.inc new file mode 100644 index 00000000..547771ae --- /dev/null +++ b/meta-fsl-ppc/recipes-bsp/ipc/ipc.inc @@ -0,0 +1,7 @@ +DEPENDS = "virtual/kernel" + +SRC_URI = "git://git.freescale.com/ppc/sdk/ipc.git;nobranch=1" +SRCREV = "c9c92ac6a7a31c9d878096eb7d135c22a38f20ff" + +COMPATIBLE_MACHINE = "(bsc9132qds|bsc9131rdb|b4860qds|b4420qds)" + diff --git a/meta-fsl-ppc/recipes-bsp/pkc-firmware/pkc-firmware_git.bb b/meta-fsl-ppc/recipes-bsp/pkc-firmware/pkc-firmware_git.bb new file mode 100644 index 00000000..3cc5d446 --- /dev/null +++ b/meta-fsl-ppc/recipes-bsp/pkc-firmware/pkc-firmware_git.bb @@ -0,0 +1,41 @@ +DESCRIPTION = "U-boot firmware for c293pcie support " +HOMEPAGE = "http://u-boot.sf.net" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=1707d6db1d42237583f50183a5651ecb" + +INHIBIT_DEFAULT_DEPS = "1" +DEPENDS = "virtual/${TARGET_PREFIX}gcc libgcc" + +inherit deploy + +PACKAGE_ARCH = "${MACHINE_ARCH}" + +SRC_URI = "git://git.freescale.com/ppc/sdk/pkc-firmware.git;nobranch=1" +SRCREV = "b891873c1eea7a7d53f9472ea601712897cb17b7" + +S = "${WORKDIR}/git" + +EXTRA_OEMAKE = 'CROSS_COMPILE=${TARGET_PREFIX} CC="${TARGET_PREFIX}gcc ${TOOLCHAIN_OPTIONS}"' + +do_compile () { + unset LDFLAGS + unset CFLAGS + unset CPPFLAGS + oe_runmake C293QDS_36BIT_SDCARD +} + +do_install(){ + install -d ${D}${sysconfdir}/crypto/ + install ${S}/u-boot.bin ${D}${sysconfdir}/crypto/pkc-firmware.bin +} + +do_deploy(){ + install -d ${DEPLOYDIR}/pkc-firmware + install ${S}/u-boot.bin ${DEPLOYDIR}/pkc-firmware/pkc-firmware.bin +} + +addtask deploy after do_install + +FILES_{PN} += "/etc/crypto/pkc-firmware.bin" +COMPATIBLE_MACHINE = "(c293pcie)" + diff --git a/meta-fsl-ppc/recipes-bsp/qe-ucode/qe-ucode_git.bb b/meta-fsl-ppc/recipes-bsp/qe-ucode/qe-ucode_git.bb new file mode 100644 index 00000000..028d9bcd --- /dev/null +++ b/meta-fsl-ppc/recipes-bsp/qe-ucode/qe-ucode_git.bb @@ -0,0 +1,35 @@ +DESCRIPTION = "qe microcode binary" +SECTION = "qe-ucode" +LICENSE = "Freescale-EULA" +LIC_FILES_CHKSUM = "file://EULA;md5=60037ccba533a5995e8d1a838d85799c" + +python () { + if not d.getVar("QE_UCODE", True): + machine = d.getVar("MACHINE", True) + raise bb.parse.SkipPackage("QE_UCODE not set in \ + meta-fsl-ppc/conf/machine/%s.conf" % machine) +} + +inherit deploy + +SRC_URI = "git://git.freescale.com/ppc/sdk/qe-ucode.git;nobranch=1" +SRCREV= "49efc94b553de5c2a9bd28093592eff0068e161c" + +S = "${WORKDIR}/git" + +do_install () { + install -d ${D}/boot + install -m 644 ${QE_UCODE} ${D}/boot/ +} + +do_deploy () { + install -d ${DEPLOYDIR}/boot + install -m 644 ${QE_UCODE} ${DEPLOYDIR}/boot/ +} +addtask deploy before do_build after do_install + +PACKAGES += "${PN}-image" +FILES_${PN}-image += "/boot/*" +ALLOW_EMPTY_${PN} = "1" +COMPATIBLE_MACHINE = "(p1021rdb|p1025twr|t1)" + diff --git a/meta-fsl-ppc/recipes-bsp/rcw/rcw_git.bb b/meta-fsl-ppc/recipes-bsp/rcw/rcw_git.bb new file mode 100644 index 00000000..5714ed0a --- /dev/null +++ b/meta-fsl-ppc/recipes-bsp/rcw/rcw_git.bb @@ -0,0 +1,47 @@ +DESCRIPTION = "Reset Control Words (RCW)" +SECTION = "rcw" +LICENSE = "BSD" +PR = "r8" + +LIC_FILES_CHKSUM = "file://rcw.py;beginline=8;endline=28;md5=9ba0b28922dd187b06b6c8ebcfdd208e" + +# this package is specific to the machine itself +INHIBIT_DEFAULT_DEPS = "1" +PACKAGE_ARCH = "${MACHINE_ARCH}" + +inherit deploy + +SRC_URI = "git://git.freescale.com/ppc/sdk/rcw.git;nobranch=1" +SRCREV = "3e89f378ed70e9b856756de8c3dbdfccb045fa0c" + +S = "${WORKDIR}/git" + +export PYTHON + +do_install () { + make install + + M=`echo ${MACHINE} | sed s/-64b//g` + if [ "t1042rdb" = "${M}" ] || [ "t1042rdb-pi" = "${M}" ];then + M=t1042rdb_pi + fi + install -d ${D}/boot/rcw + cp -r ${S}/${M}/${M}/* ${D}/boot/rcw +} + +do_deploy () { + M=`echo ${MACHINE} | sed s/-64b//g` + if [ "t1042rdb" = "${M}" ] || [ "t1042rdb-pi" = "${M}" ];then + M=t1042rdb_pi + fi + install -d ${DEPLOYDIR}/rcw + cp -r ${S}/${M}/${M}/* ${DEPLOYDIR}/rcw +} +addtask deploy after do_install + +PACKAGES += "${PN}-image" +FILES_${PN}-image += "/boot" + +COMPATIBLE_HOST_qoriq-ppc = ".*" +COMPATIBLE_HOST ?= "(none)" +ALLOW_EMPTY_${PN} = "1" diff --git a/meta-fsl-ppc/recipes-bsp/u-boot/files/0001-u-boot-mpc85xx-u-boot-.lds-remove-_GLOBAL_OFFSET_TAB.patch b/meta-fsl-ppc/recipes-bsp/u-boot/files/0001-u-boot-mpc85xx-u-boot-.lds-remove-_GLOBAL_OFFSET_TAB.patch new file mode 100644 index 00000000..e6b8d2e5 --- /dev/null +++ b/meta-fsl-ppc/recipes-bsp/u-boot/files/0001-u-boot-mpc85xx-u-boot-.lds-remove-_GLOBAL_OFFSET_TAB.patch @@ -0,0 +1,77 @@ +From 9ba002f1b1afc7af84a352f4ecab32a30d7ba353 Mon Sep 17 00:00:00 2001 +From: Zhenhua Luo <zhenhua.luo@freescale.com> +Date: Mon, 9 Feb 2015 18:33:56 +0800 +Subject: [PATCH] u-boot/mpc85xx/u-boot*.lds: remove _GLOBAL_OFFSET_TABLE_ + definition + +In binutils-2.25, the _GLOBAL_OFFSET_TABLE_ symbols defined by PROVIDE in +u-boot.lds overrides the linker built-in symbols +(https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=b893397a4b1316610f49819344817715e4305de9), +so the linker is treating _GLOBAL_OFFSET_TABLE_ as a definition into the .reloc section. + +To align with the change of binutils-2.25, the _GLOBAL_OFFSET_TABLE_ symbol +should not be defined in sections, and the symbols in linker generated .got +section should be used(https://sourceware.org/ml/binutils/2008-09/msg00122.html). + +Fixed the following build errors with binutils-2.25: +| powerpc-poky-linux-gnuspe-ld.bfd: _GLOBAL_OFFSET_TABLE_ not defined in linker created .got + +Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com> +--- + arch/powerpc/cpu/mpc85xx/u-boot-nand.lds | 1 - + arch/powerpc/cpu/mpc85xx/u-boot-nand_spl.lds | 1 - + arch/powerpc/cpu/mpc85xx/u-boot-spl.lds | 1 - + arch/powerpc/cpu/mpc85xx/u-boot.lds | 1 - + 4 files changed, 4 deletions(-) + +diff --git a/arch/powerpc/cpu/mpc85xx/u-boot-nand.lds b/arch/powerpc/cpu/mpc85xx/u-boot-nand.lds +index f933b21..0399f93 100644 +--- a/arch/powerpc/cpu/mpc85xx/u-boot-nand.lds ++++ b/arch/powerpc/cpu/mpc85xx/u-boot-nand.lds +@@ -44,7 +44,6 @@ SECTIONS + _GOT2_TABLE_ = .; + KEEP(*(.got2)) + KEEP(*(.got)) +- PROVIDE(_GLOBAL_OFFSET_TABLE_ = . + 4); + _FIXUP_TABLE_ = .; + KEEP(*(.fixup)) + } +diff --git a/arch/powerpc/cpu/mpc85xx/u-boot-nand_spl.lds b/arch/powerpc/cpu/mpc85xx/u-boot-nand_spl.lds +index b83c553..f044564 100644 +--- a/arch/powerpc/cpu/mpc85xx/u-boot-nand_spl.lds ++++ b/arch/powerpc/cpu/mpc85xx/u-boot-nand_spl.lds +@@ -22,7 +22,6 @@ SECTIONS + _GOT2_TABLE_ = .; + KEEP(*(.got2)) + KEEP(*(.got)) +- PROVIDE(_GLOBAL_OFFSET_TABLE_ = . + 4); + _FIXUP_TABLE_ = .; + KEEP(*(.fixup)) + } +diff --git a/arch/powerpc/cpu/mpc85xx/u-boot-spl.lds b/arch/powerpc/cpu/mpc85xx/u-boot-spl.lds +index 5ae7b3e..889a4c2 100644 +--- a/arch/powerpc/cpu/mpc85xx/u-boot-spl.lds ++++ b/arch/powerpc/cpu/mpc85xx/u-boot-spl.lds +@@ -29,7 +29,6 @@ SECTIONS + _GOT2_TABLE_ = .; + KEEP(*(.got2)) + KEEP(*(.got)) +- PROVIDE(_GLOBAL_OFFSET_TABLE_ = . + 4); + _FIXUP_TABLE_ = .; + KEEP(*(.fixup)) + } +diff --git a/arch/powerpc/cpu/mpc85xx/u-boot.lds b/arch/powerpc/cpu/mpc85xx/u-boot.lds +index 2cf0b25..f15eaf3 100644 +--- a/arch/powerpc/cpu/mpc85xx/u-boot.lds ++++ b/arch/powerpc/cpu/mpc85xx/u-boot.lds +@@ -50,7 +50,6 @@ SECTIONS + _GOT2_TABLE_ = .; + KEEP(*(.got2)) + KEEP(*(.got)) +- PROVIDE(_GLOBAL_OFFSET_TABLE_ = . + 4); + _FIXUP_TABLE_ = .; + KEEP(*(.fixup)) + } +-- +2.1.0 + diff --git a/meta-fsl-ppc/recipes-bsp/u-boot/files/Fix-the-depend-race-issue.patch b/meta-fsl-ppc/recipes-bsp/u-boot/files/Fix-the-depend-race-issue.patch new file mode 100644 index 00000000..1ddc6675 --- /dev/null +++ b/meta-fsl-ppc/recipes-bsp/u-boot/files/Fix-the-depend-race-issue.patch @@ -0,0 +1,38 @@ +Upstream-Status: Pending + +From 301832414369b749918e0d5db850eed19b81c0fc Mon Sep 17 00:00:00 2001 +From: Zhenhua Luo <zhenhua.luo@freescale.com> +Date: Tue, 24 Sep 2013 00:54:40 -0500 +Subject: [PATCH] Fix the depend race issue + +| make[3]: Entering directory `/srv/home/pokybuild/yocto-autobuilder-new/yocto-slave/nightly-fsl-ppc/build/build/tmp/work/p1022ds-poky-linux-gnuspe/u-boot/git-r30/git/arch/powerpc/cpu/mpc85xx' +| /srv/home/pokybuild/yocto-autobuilder-new/yocto-slave/nightly-fsl-ppc/build/build/tmp/work/p1022ds-poky-linux-gnuspe/u-boot/git-r30/git/P1022DS_NAND/spl/arch/powerpc/cpu/mpc85xx/.depend:125: *** missing separator. Stop. +| make[3]: Leaving directory `/srv/home/pokybuild/yocto-autobuilder-new/yocto-slave/nightly-fsl-ppc/build/build/tmp/work/p1022ds-poky-linux-gnuspe/u-boot/git-r30/git/arch/powerpc/cpu/mpc85xx' +| make[2]: *** [/srv/home/pokybuild/yocto-autobuilder-new/yocto-slave/nightly-fsl-ppc/build/build/tmp/work/p1022ds-poky-linux-gnuspe/u-boot/git-r30/git/P1022DS_NAND/spl/arch/powerpc/cpu/mpc85xx/start.o] Error 2 +| make[2]: *** Waiting for unfinished jobs.... + +Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com> +--- + spl/Makefile | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/spl/Makefile b/spl/Makefile +index 6dbb105..3156d87 100644 +--- a/spl/Makefile ++++ b/spl/Makefile +@@ -185,7 +185,11 @@ $(eval $(call make_u_boot_list, $(obj)u-boot.lst, $(LIBS))) + $(obj)u-boot-spl.lds: $(LDSCRIPT) $(obj)u-boot.lst depend + $(CPP) $(CPPFLAGS) $(LDPPFLAGS) -I$(obj). -ansi -D__ASSEMBLY__ -P - < $< > $@ + +-depend: $(obj).depend ++# Explicitly make _depend in subdirs containing multiple targets to prevent ++# parallel sub-makes creating .depend files simultaneously. ++depend dep: $(obj).depend ++ for dir in $(SUBDIRS) $(CPUDIR) $(LDSCRIPT_MAKEFILE_DIR) ; do \ ++ $(MAKE) -C $(SRCTREE)/$$dir _depend ; done + .PHONY: depend + + # defines $(obj).depend target +-- +1.8.2.1 + diff --git a/meta-fsl-ppc/recipes-bsp/u-boot/u-boot-qoriq_2014.07.bb b/meta-fsl-ppc/recipes-bsp/u-boot/u-boot-qoriq_2014.07.bb new file mode 100644 index 00000000..3e519e2f --- /dev/null +++ b/meta-fsl-ppc/recipes-bsp/u-boot/u-boot-qoriq_2014.07.bb @@ -0,0 +1,188 @@ +DESCRIPTION = "U-boot bootloader" +HOMEPAGE = "http://u-boot.sf.net" +SECTION = "bootloaders" +PROVIDES = "virtual/bootloader u-boot" +LICENSE = "GPLv2 & BSD-3-Clause & BSD-2-Clause & LGPL-2.0 & LGPL-2.1" +LIC_FILES_CHKSUM = " \ + file://Licenses/gpl-2.0.txt;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://Licenses/bsd-2-clause.txt;md5=6a31f076f5773aabd8ff86191ad6fdd5 \ + file://Licenses/bsd-3-clause.txt;md5=4a1190eac56a9db675d58ebe86eaf50c \ + file://Licenses/lgpl-2.0.txt;md5=5f30f0716dfdd0d91eb439ebec522ec2 \ + file://Licenses/lgpl-2.1.txt;md5=4fbd65380cdd255951079008b364516c \ +" + +PV = "2014.07+fslgit" +INHIBIT_DEFAULT_DEPS = "1" +DEPENDS = "boot-format-native libgcc ${@base_contains('TCMODE', 'external-fsl', '', 'virtual/${TARGET_PREFIX}gcc', d)}" + +inherit deploy + +SRC_URI = "git://git.freescale.com/ppc/sdk/u-boot.git;nobranch=1 \ + file://0001-u-boot-mpc85xx-u-boot-.lds-remove-_GLOBAL_OFFSET_TAB.patch" +SRCREV = "659b6a23a8b1f3026200bc6352dbacef53f4dcb1" + +python () { + if d.getVar("TCMODE", True) == "external-fsl": + return + + ml = d.getVar("MULTILIB_VARIANTS", True) + arch = d.getVar("OVERRIDES", True) + + if "e5500-64b:" in arch or "e6500-64b:" in arch: + if not "lib32" in ml: + raise bb.parse.SkipPackage("Building the u-boot for this arch requires multilib to be enabled") + sys_multilib = 'powerpc' + d.getVar('TARGET_VENDOR') + 'mllib32-' + d.getVar('HOST_OS') + d.setVar('DEPENDS_append', ' lib32-gcc-cross-powerpc lib32-libgcc') + d.setVar('PATH_append', ':' + d.getVar('STAGING_BINDIR_NATIVE') + '/' + sys_multilib) + d.setVar('TOOLCHAIN_OPTIONS_append', '/../lib32-' + d.getVar("MACHINE")) + d.setVar("WRAP_TARGET_PREFIX", sys_multilib + '-') +} + +WRAP_TARGET_PREFIX ?= "${TARGET_PREFIX}" + +PACKAGE_ARCH = "${MACHINE_ARCH}" + +UBOOT_LOCALVERSION = "${@d.getVar('SDK_VERSION', True).partition(' ')[0]}" + +USRC ?= "" +S = '${@base_conditional("USRC", "", "${WORKDIR}/git", "${USRC}", d)}' + +EXTRA_OEMAKE = 'CROSS_COMPILE=${WRAP_TARGET_PREFIX} CC="${WRAP_TARGET_PREFIX}gcc ${TOOLCHAIN_OPTIONS}"' + +do_compile () { + unset LDFLAGS + unset CFLAGS + unset CPPFLAGS + + if [ ! -e ${B}/.scmversion -a ! -e ${S}/.scmversion ] + then + head=`git rev-parse --verify --short HEAD 2> /dev/null` + printf "%s%s%s" ${UBOOT_LOCALVERSION} +g $head > ${B}/.scmversion + printf "%s%s%s" ${UBOOT_LOCALVERSION} +g $head > ${S}/.scmversion + fi + + if [ "x${UBOOT_MACHINES}" = "x" ]; then + UBOOT_MACHINES=${UBOOT_MACHINE} + fi + + for board in ${UBOOT_MACHINES}; do + if ! grep -wq $board ${S}/boards.cfg;then + echo "WARNING: $board not supported in boards.cfg" + continue + fi + + oe_runmake O=${board} distclean + oe_runmake O=${board} ${board}_config + oe_runmake O=${board} all + + case "${board}" in + *SDCARD*) UBOOT_TARGET="u-boot-sd";; + *SPIFLASH*) UBOOT_TARGET="u-boot-spi";; + *NAND*) UBOOT_TARGET="u-boot-nand";; + *SRIO*) UBOOT_TARGET="u-boot-srio";; + *) UBOOT_TARGET="";; + esac + + # deal with sd/spi/nand/srio image + UBOOT_SOURCE=u-boot.bin + if [ "x${UBOOT_TARGET}" != "x" ] && echo $board |egrep -qi "SECBOOT|SECURE"; then + cp ${S}/${board}/${UBOOT_SOURCE} ${S}/${board}/${UBOOT_TARGET}.bin + elif [ "x${UBOOT_TARGET}" != "x" ]; then + # some boards' final binary was not named as u-boot.bin + if [ "${UBOOT_TARGET}" = "u-boot-nand" ];then + if echo $board |egrep -q "^(BSC|C29|P10|P2020RDB)";then + UBOOT_SOURCE=u-boot-with-spl.bin + elif echo $board |egrep -q "^(B4|T1|T2|T4)";then + UBOOT_SOURCE=u-boot-with-spl-pbl.bin + elif echo $board |egrep -q "^(P2041|P3|P4|P5)";then + UBOOT_SOURCE=u-boot.pbl + fi + elif [ "${UBOOT_TARGET}" = "u-boot-spi" ];then + if echo $board |egrep -q "^(P10|P2020RDB)";then + UBOOT_SOURCE=u-boot-with-spl.bin + elif echo $board |egrep -q "^(T1|T2)";then + UBOOT_SOURCE=u-boot-with-spl-pbl.bin + elif echo $board |egrep -q "^(B4|P2041|P3|P4|P5|T4)";then + UBOOT_SOURCE=u-boot.pbl + fi + elif [ "${UBOOT_TARGET}" = "u-boot-sd" ];then + if echo $board |egrep -q "^(P10|P2020RDB)";then + UBOOT_SOURCE=u-boot-with-spl.bin + elif echo $board |egrep -q "^(B4|T1|T2|T4)";then + UBOOT_SOURCE=u-boot-with-spl-pbl.bin + elif echo $board |egrep -q "^(P2041|P3|P4|P5)";then + UBOOT_SOURCE=u-boot.pbl + fi + fi + cp ${S}/${board}/${UBOOT_SOURCE} ${S}/${board}/${UBOOT_TARGET}.bin + + # use boot-format to regenerate spi image if BOOTFORMAT_CONFIG is not empty + if [ "${UBOOT_TARGET}" = "u-boot-spi" ] && [ -n "${BOOTFORMAT_CONFIG}" ];then + ${STAGING_BINDIR_NATIVE}/boot_format \ + ${STAGING_DATADIR_NATIVE}/boot_format/${BOOTFORMAT_CONFIG} \ + ${S}/${board}/${UBOOT_SOURCE} -spi ${S}/${board}/${UBOOT_TARGET}.bin + fi + fi + done +} + +do_install(){ + if [ "x${UBOOT_MACHINES}" = "x" ]; then + UBOOT_MACHINES=${UBOOT_MACHINE} + fi + + for board in ${UBOOT_MACHINES}; do + if ! grep -wq $board ${S}/boards.cfg;then + continue + fi + + case "${board}" in + *SDCARD*) UBOOT_TARGET="u-boot-sd";; + *SPIFLASH*) UBOOT_TARGET="u-boot-spi";; + *NAND*) UBOOT_TARGET="u-boot-nand";; + *SRIO*) UBOOT_TARGET="u-boot-srio";; + *) UBOOT_TARGET="u-boot";; + esac + + if [ -f ${S}/${board}/${UBOOT_TARGET}.bin ]; then + mkdir -p ${D}/boot/ + install ${S}/${board}/${UBOOT_TARGET}.bin ${D}/boot/${UBOOT_TARGET}-${board}-${PV}-${PR}.bin + ln -sf ${UBOOT_TARGET}-${board}-${PV}-${PR}.bin ${D}/boot/${UBOOT_TARGET}.bin + fi + done +} + +do_deploy(){ + if [ "x${UBOOT_MACHINES}" = "x" ]; then + UBOOT_MACHINES=${UBOOT_MACHINE} + fi + + for board in ${UBOOT_MACHINES}; do + if ! grep -wq $board ${S}/boards.cfg;then + continue + fi + + case "${board}" in + *SDCARD*) UBOOT_TARGET="u-boot-sd";; + *SPIFLASH*) UBOOT_TARGET="u-boot-spi";; + *NAND*) UBOOT_TARGET="u-boot-nand";; + *SRIO*) UBOOT_TARGET="u-boot-srio";; + *) UBOOT_TARGET="u-boot";; + esac + + if [ -f ${S}/${board}/${UBOOT_TARGET}.bin ]; then + mkdir -p ${DEPLOYDIR} + install ${S}/${board}/${UBOOT_TARGET}.bin ${DEPLOYDIR}/${UBOOT_TARGET}-${board}-${PV}-${PR}.bin + + cd ${DEPLOYDIR} + rm -f ${UBOOT_TARGET}-${board}.bin + ln -sf ${UBOOT_TARGET}-${board}-${PV}-${PR}.bin ${UBOOT_TARGET}-${board}.bin + fi + done +} +addtask deploy after do_install + +PACKAGES += "${PN}-images" +FILES_${PN}-images += "/boot" + +ALLOW_EMPTY_${PN} = "1" diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README new file mode 100644 index 00000000..9578982d --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README @@ -0,0 +1,77 @@ +test_setkey script usage + +The scripts in this directory may be used for testing +native Linux IPsec with the talitos driver as a loadable module. + +It's assumed that these scripts have been placed in the directory +named /test_setkey. + +The scripts setup_left and setup_right configure the ip addresses +for two boards named 'left' and 'right', which are two gateways for +an IPsec tunnel. Connect the eth1 interfaces of left and right boards together. +For smartbits testing, connect eth0 on each board to a smartbits port. +For other testing (ping, netperf, iperf), connect eth0 on each board to another system. + +The scripts named left.conf-* and right.conf-* are setkey scripts +which configure the IPsec SA and SPD entries. +The scripts ending in -tunnel use tunnel mode IPsec, and the scripts +ending in -transport used transport mode IPsec. +Transport mode is useful for quickly testing security functionality +using ping or netperf between two boards. +Tunnel mode can be used for testing throughput using smartbits or other +performance test equipment. + +There is a top level script called 'setup' which +is used for a one-step setup on the left and right boards. +'setup' uses two or three parameters. The first parameter is the side, left or right. +The second parameter is the setkey suffix for the left.conf- and right.conf- files. +If the third parameter is supplied, the setup will modprobe that name, so +typically you should provide talitos as the third parameter if you want to load the driver. +If you have built the talitos driver into the kernel, omit the third parameter to setup. +You may test software encryption if talitos is built as a module and you omit the third parameter. + +Below are example uses of the 'setup' script. + +1) One-step setup for smartbits + Use a tunnel mode setup on each side. + AES-HMAC-SHA1: + Left side: + /test_setkey/setup left aes-sha1-tunnel talitos + Right side: + /test_setkey/setup right aes-sha1-tunnel talitos + + 3DES-HMAC-SHA1: + Left side: + /test_setkey/setup left 3des-sha1-tunnel talitos + Right side: + /test_setkey/setup right 3des-sha1-tunnel talitos + +2) One-step setup for testing ping, netperf, or iperf between two boards. + Use a transport mode setup on each side. + AES-HMAC-SHA1: + Left side: + /test_setkey/setup left aes-sha1-transport talitos + Right side: + /test_setkey/setup right aes-sha1-transport talitos + + 3DES-HMAC-SHA1: + Left side: + /test_setkey/setup left 3des-sha1-transport talitos + Right side: + /test_setkey/setup right 3des-sha1-transport talitos + +3) Testing ipv4 + To test ipv4 (with no security) over the two gateways, use steps below. + Testing ipv4 is helpful to get your smartbits configuration verified + and also establish a baseline performance for throughput. + + On the left board: + cd /test_setkey + ./setup_left + ./left.ipv4 + + On the right board: + cd /test_setkey + ./setup_right + ./right.ipv4 + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_left.conf-3des-sha1-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_left.conf-3des-sha1-tunnel new file mode 100755 index 00000000..6bd6c5d8 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_left.conf-3des-sha1-tunnel @@ -0,0 +1,32 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10) +# +# Security policies +spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_right.conf-3des-sha1-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_right.conf-3des-sha1-tunnel new file mode 100755 index 00000000..eebf307a --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_right.conf-3des-sha1-tunnel @@ -0,0 +1,31 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board B setup +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20) +# +# Security policies + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + +spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/flush-setkey b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/flush-setkey new file mode 100755 index 00000000..0be30562 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/flush-setkey @@ -0,0 +1,4 @@ +#!/usr/sbin/setkey -f + +flush; +spdflush; diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.left b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.left new file mode 100644 index 00000000..d9d6c0c6 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.left @@ -0,0 +1,29 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + charondebug="chd 2, knl 2" + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + type=tunnel + auth=esp + compress=no + mobike=no + +conn net-net + left=200.200.200.10 + leftsubnet=192.168.1.0/24 + leftcert=moonCert.pem + leftid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + leftfirewall=yes + right=200.200.200.20 + rightsubnet=192.168.2.0/24 + rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org" + auto=add diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.right b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.right new file mode 100644 index 00000000..c14dee2b --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.right @@ -0,0 +1,28 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + charondebug="chd 2, knl 2" + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + auth=esp + compress=no + mobike=no + +conn net-net + left=200.200.200.20 + leftcert=sunCert.pem + leftid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org" + leftsubnet=192.168.2.0/24 + leftfirewall=yes + right=200.200.200.10 + rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + rightsubnet=192.168.1.0/24 + auto=add diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.left b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.left new file mode 100644 index 00000000..e86d6aa5 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.left @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA moonKey.pem diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.right b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.right new file mode 100644 index 00000000..1095b74c --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.right @@ -0,0 +1,8 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA sunKey.pem + + + + + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.left b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.left new file mode 100644 index 00000000..55025dbc --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.left @@ -0,0 +1,39 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug=control + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + left=200.200.200.10 + leftcert=moonCert.pem + leftid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + leftfirewall=yes + +conn net-net + left=%defaultroute + leftsubnet=192.168.1.0/24 + leftcert=moonCert.pem + right=200.200.200.20 + rightsubnet=192.168.2.0/24 + rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org" + auto=add + +conn host-host + left=%defaultroute + leftcert=moonCert.pem + right=200.200.200.20 + rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org" + auto=add + +conn rw + leftsubnet=192.168.1.0/24 + right=%any + auto=add diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.right b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.right new file mode 100644 index 00000000..479791ea --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.right @@ -0,0 +1,34 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug=control + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + left=200.200.200.20 + leftcert=sunCert.pem + leftid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org" + leftfirewall=yes + +conn net-net + left=%defaultroute + leftsubnet=192.168.2.0/24 + leftcert=sunCert.pem + right=200.200.200.10 + rightsubnet=192.168.1.0/24 + rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + auto=add + +conn host-host + left=%defaultroute + leftcert=sunCert.pem + right=200.200.200.10 + rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + auto=add diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-transport b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-transport new file mode 100755 index 00000000..5422771b --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.10 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-md5 authentication using 128 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e; + + +spdadd 200.200.200.20 200.200.200.10 any -P in ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P out ipsec + esp/transport//require; + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-tunnel new file mode 100755 index 00000000..52bf9c3f --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10) +# +# Security policies +spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-md5 authentication using 128 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e; + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-transport b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-transport new file mode 100755 index 00000000..e5ee0054 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-transport @@ -0,0 +1,22 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.10 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha1 authentication using 160 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21; + +spdadd 200.200.200.20 200.200.200.10 any -P in ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P out ipsec + esp/transport//require; + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-tunnel new file mode 100755 index 00000000..eb2881db --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10) +# +# Security policies +spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha1 authentication using 160 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21; + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-transport b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-transport new file mode 100755 index 00000000..b5286320 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.10 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha2-256 authentication using 256 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c; + + +spdadd 200.200.200.20 200.200.200.10 any -P in ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P out ipsec + esp/transport//require; + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-tunnel new file mode 100755 index 00000000..e7726f08 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10) +# +# Security policies +spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha2-256 authentication using 256 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198; + +add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c; + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-transport b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-transport new file mode 100755 index 00000000..96f57837 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.10 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-md5 authentication using 128 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e; + + +spdadd 200.200.200.20 200.200.200.10 any -P in ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P out ipsec + esp/transport//require; + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-tunnel new file mode 100755 index 00000000..b2cf84bf --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10) +# +# Security policies +spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-md5 authentication using 128 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e; + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-transport b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-transport new file mode 100755 index 00000000..f3ffaf5c --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-transport @@ -0,0 +1,22 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.10 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha1 authentication using 160 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21; + +spdadd 200.200.200.20 200.200.200.10 any -P in ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P out ipsec + esp/transport//require; + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-tunnel new file mode 100755 index 00000000..1ab7874f --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10) +# +# Security policies +spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha1 authentication using 160 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21; + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-transport b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-transport new file mode 100755 index 00000000..d2645d6f --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.10 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha2-256 authentication using 256 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c; + + +spdadd 200.200.200.20 200.200.200.10 any -P in ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P out ipsec + esp/transport//require; + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-tunnel new file mode 100755 index 00000000..8ed697d1 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10) +# +# Security policies +spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha2-256 authentication using 256 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198; + +add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c; + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-transport b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-transport new file mode 100755 index 00000000..84275d07 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.10 + +flush; +spdflush; + +# ESP SAs doing null encryption +# and null authentication +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E null + -A null; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E null + -A null; + + +spdadd 200.200.200.20 200.200.200.10 any -P in ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P out ipsec + esp/transport//require; + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-tunnel new file mode 100755 index 00000000..478d14a8 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10) +# +# Security policies +spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + + +# ESP SAs doing null encryption +# and null authentication +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E null + -A null; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E null + -A null; + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.ipv4 b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.ipv4 new file mode 100755 index 00000000..e219f2ad --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.ipv4 @@ -0,0 +1,2 @@ +set -v +route add -net 192.168.2.0 netmask 255.255.255.0 gw 200.200.200.20 diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonCert.pem b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonCert.pem new file mode 100644 index 00000000..d5c970f4 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonCert.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEIjCCAwqgAwIBAgIBFzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTA5MDgyNzEwMDMzMloXDTE0MDgyNjEwMDMzMlowRjELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHDAaBgNVBAMTE21vb24u +c3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK +L2M91Lu6BYYhWxWgMS9z9TMSTwszm5rhO7ZIsCtMRo4PAeYw+++SGXt3CPXb/+p+ +SWKGlm11rPE71eQ3ehgh2C3hAurfmWO0iQQaCw+fdreeIVCqOQIOP6UqZ327h5yY +YpHk8VQv4vBJTpxclU1PqnWheqe1ZlLxsW773LRml/fQt/UgvJkCBTZZONLNMfK+ +7TDnYaVsAtncgvDN78nUNEe2qY92KK7SrBJ6SpUEg49m51F+XgsGcsgWVHS85on3 +Om/G48crLEVJjdu8CxewSRVgb+lPJWzHd8QsU0Vg/7vlqs3ZRMyNtNKrr4opSvVb +A6agGlTXhDCreDiXU8KHAgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMAsGA1UdDwQE +AwIDqDAdBgNVHQ4EFgQUapx00fiJeYn2WpTpifH6w2SdKS4wbQYDVR0jBGYwZIAU +XafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQK +ExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GC +AQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzATBgNVHSUEDDAKBggr +BgEFBQcDATA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u +b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCctXg2xeMozaTV +jiBL1P8MY9uEH5JtU0EceQ1RbI5/2vGRdnECND9oADY5vamaaE2Mdq2Qh/vlXnML +o3ii5ELjsQlYdTYZOcMOdcUUXYvbbFX1cwpkBhyBl1H25KptHcgQ/HnceKp3kOuq +wYOYjgwePXulcpWXx0E2QtQCFQQZFPyEWeNJxH0oglg53QPXfHY9I2/Gukj5V0bz +p7ME0Gs8KdnYdmbbDqzQgPsta96/m+HoJlsrVF+4Gqihj6BWMBQ2ybjPWZdG3oH9 +25cE8v60Ry98D0Z/tygbAUFnh5oOvaf642paVgc3aoA77I8U+UZjECxISoiHultY +7QTufOwP +-----END CERTIFICATE----- diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonKey.pem b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonKey.pem new file mode 100644 index 00000000..4d99866f --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAyi9jPdS7ugWGIVsVoDEvc/UzEk8LM5ua4Tu2SLArTEaODwHm +MPvvkhl7dwj12//qfklihpZtdazxO9XkN3oYIdgt4QLq35ljtIkEGgsPn3a3niFQ +qjkCDj+lKmd9u4ecmGKR5PFUL+LwSU6cXJVNT6p1oXqntWZS8bFu+9y0Zpf30Lf1 +ILyZAgU2WTjSzTHyvu0w52GlbALZ3ILwze/J1DRHtqmPdiiu0qwSekqVBIOPZudR +fl4LBnLIFlR0vOaJ9zpvxuPHKyxFSY3bvAsXsEkVYG/pTyVsx3fELFNFYP+75arN +2UTMjbTSq6+KKUr1WwOmoBpU14Qwq3g4l1PChwIDAQABAoIBACBFB/Xqajv6fbn9 +K6pxrz02uXwGmacXAtVIDoPzejWmXS4QA4l17HrJDmelSnhelDKry8nnYHkTrTz7 +mn0wQ4HDWy86o/okJUG/TKRLd6bf79aRQqqohqd3iQkHk43GyzuXH+oGioVKF0fc +ACDWw4wfjL7FMNdHCZ4Bz9DrHO/ysHe9B6rvSYm3VZRhSxaneIkaLkkDadKpVx3f +XNFlMxY4qKPJYYSoJZ61iMqrO7+rnA93tmyDDs8PKU3BtnpfNrdePgleJHhk8Zqy +Ev2/NOCSUxbKE8NCtLpGTs+T0qjjnu4k3WPd3ZOBAan0uPDekHZeHB/aXGLhYcxx +J5SurqECgYEA+F1gppkER5Jtoaudt/CUpdQ1sR9wxf75VBqJ4FiYABGQz9xlG4oj +zL/o572s0iV3bwFpnQa+WuWrxGkP6ZuB/Z82npc0N/vLou/b4dxvg4n7K+eOOEf0 +8FMjsse2tqTIXKCqcmQnR0NPQ1jwuvEKsXP5w/JOlnRXAXnd4jxsJI0CgYEA0GaT +61ySttUW9jC3mxuY6jkQy8TEQqR3nOFvWwmCXIWOpN/MTTPus+Telxp/pdKhU+mo +PmX3Unyne5PvwleWDq3YzltX5ZDZGJ5UJlKuNnfGIzQ6OcHRbb7zBpQG6qSRPuug +bgo688hTnb1L59nK88zWVK45euf6pyuoI+SwIGMCgYEA7yvE8knyhBXvezuv0z1b +eGHmHp5/VDwY0DQKSEAoiBBiWrkLqLybgwXf/KJ8dZZc8En08aFX2GLJyYe/KiB1 +ys3ypEBJqgvRayP+o/9KZ+qNNRd0rqAksPXvL7ABNNt0kzapTSVDae3Yu6s/j1am +DIL5qAeERIDedG5uDPpQzdUCgYB7MtjpP63ABhLv8XbpbBQnCxtByw3W89F+Xcrt +v55gQdhE4cSuMzA/CuMH4vNpPS6AI9aBJNhj3CtKo/cOJachAGb1/wvkO5ALvLW0 +fhZdPstUTnDJain7vfF/hwzbs/PlhXgu9T9KlLfRvXFdG+Sd4g8mumRiozcLkoRw +y6XPTwKBgDJP+s9wXmdG90HST/aqC7FKrVXLpB63dY5swNUfQP6sa0pFnON0r0JC +h/YCsGFFIAebQ2uOkM3g3f9nkwTp7910ov+/5uThvRI2w2BBPy0mVuALPjyyF1Z2 +cb9zpyKiIuXoXRCf4sd8r1lR9bn0Fxx0Svpxf+fpMGSI5quHNBKY +-----END RSA PRIVATE KEY----- diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh new file mode 100755 index 00000000..faefb245 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh @@ -0,0 +1,19 @@ +#!/bin/bash +# +# Usage: ./pingsizes.sh 1440 20 (or greater) +# + +PINGDEST=${PINGDEST:-200.200.200.10} +k=$1 +lim="$((k+$2))" +((k-=1)) +while [ "$k" != "$lim" ] ; do + echo -n "ping -s $((k+=1)) : " + ping -i 1000 -c 1 -s $k $PINGDEST | grep packets & + sleep 1 + PID=`ps -eaf | grep 'ping -i' | grep -v grep | sed 's/[ ][ ]*/ /g' | cut -d " " -f 2` + if [ -n "$PID" ] ; then + echo "****************** killing $PID" + kill $PID > /dev/null + fi +done diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizest.sh b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizest.sh new file mode 100755 index 00000000..d5ff0f7d --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizest.sh @@ -0,0 +1,19 @@ +#!/bin/bash +# +# Usage: ./pingsizes.sh 1440 20 (or greater) +# + +PINGDEST=${PINGDEST:-200.200.200.10} +k=$1 +lim="$((k+$2))" +((k-=1)) +while [ "$k" != "$lim" ] ; do + echo ping -s $((k+=1)) + ping -i 1000 -c 1 -s $k $PINGDEST & + sleep 1 + PID=`ps -eaf | grep 'ping -i' | sed 's/[ ][ ]*/ /g' | cut -d " " -f 2` + if [ -n "$PID" ] ; then + echo "****************** killing $PID" + kill $PID + fi +done diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/psk.txt b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/psk.txt new file mode 100644 index 00000000..46c1ff41 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/psk.txt @@ -0,0 +1,2 @@ +200.200.200.20 secretkeyracoon +200.200.200.10 secretkeyracoon diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/racoon.conf b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/racoon.conf new file mode 100644 index 00000000..cf561f51 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/racoon.conf @@ -0,0 +1,22 @@ +path pre_shared_key "/test_setkey/psk.txt" ; + + remote anonymous + { + exchange_mode main ; + lifetime time 1 hour ; + proposal { + encryption_algorithm 3des; + hash_algorithm sha1; + authentication_method pre_shared_key ; + dh_group 2 ; + } + } + + sainfo anonymous + { + pfs_group 2; + lifetime time 1 hour ; + encryption_algorithm 3des ; + authentication_algorithm hmac_sha1 ; + compression_algorithm deflate ; + } diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-transport b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-transport new file mode 100755 index 00000000..7f82fb46 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.20 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-md5 authentication using 128 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e; + + +spdadd 200.200.200.20 200.200.200.10 any -P out ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P in ipsec + esp/transport//require; + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-tunnel new file mode 100755 index 00000000..5a752579 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board B setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20) +# +# Security policies +spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + +spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-md5 authentication using 128 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e; + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-transport b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-transport new file mode 100755 index 00000000..6ef885d4 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-transport @@ -0,0 +1,22 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.20 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha1 authentication using 160 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21; + +# Security policies +spdadd 200.200.200.20 200.200.200.10 any -P out ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P in ipsec + esp/transport//require; diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-tunnel new file mode 100755 index 00000000..16c31578 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-tunnel @@ -0,0 +1,41 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board B setup +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20) +# +# Security policies + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + +spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha1 authentication using 160 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21; + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-transport b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-transport new file mode 100755 index 00000000..b9772092 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.20 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha2-256 authentication using 256 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c; + + +spdadd 200.200.200.20 200.200.200.10 any -P out ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P in ipsec + esp/transport//require; + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-tunnel new file mode 100755 index 00000000..e7c5b4e6 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20) +# +# Security policies +spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + +spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha2-256 authentication using 256 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198; + +add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c; + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-transport b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-transport new file mode 100755 index 00000000..5d55d001 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.20 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-md5 authentication using 128 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e; + + +spdadd 200.200.200.20 200.200.200.10 any -P out ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P in ipsec + esp/transport//require; + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-tunnel new file mode 100755 index 00000000..f49bd54a --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board B setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20) +# +# Security policies +spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + +spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-md5 authentication using 128 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e; + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-transport b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-transport new file mode 100755 index 00000000..d9c65a45 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-transport @@ -0,0 +1,22 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.20 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha1 authentication using 160 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21; + +# Security policies +spdadd 200.200.200.20 200.200.200.10 any -P out ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P in ipsec + esp/transport//require; diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-tunnel new file mode 100755 index 00000000..1f10136a --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-tunnel @@ -0,0 +1,41 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board B setup +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20) +# +# Security policies + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + +spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha1 authentication using 160 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21; + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-transport b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-transport new file mode 100755 index 00000000..817a8bd4 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.20 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha2-256 authentication using 256 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c; + + +spdadd 200.200.200.20 200.200.200.10 any -P out ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P in ipsec + esp/transport//require; + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-tunnel new file mode 100755 index 00000000..9bca18fb --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20) +# +# Security policies +spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + +spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha2-256 authentication using 256 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198; + +add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c; + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-transport b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-transport new file mode 100755 index 00000000..26dfe2e1 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.20 + +flush; +spdflush; + +# ESP SAs doing null encryption +# and null authentication +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E null + -A null; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E null + -A null; + + +spdadd 200.200.200.20 200.200.200.10 any -P out ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P in ipsec + esp/transport//require; + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-tunnel new file mode 100755 index 00000000..bc4f38eb --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board B setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20) +# +# Security policies +spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + +spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + + +# ESP SAs doing null encryption +# and null authentication +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E null + -A null; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E null + -A null; + diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.ipv4 b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.ipv4 new file mode 100755 index 00000000..67cd1b2c --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.ipv4 @@ -0,0 +1,2 @@ +set -v +route add -net 192.168.1.0 netmask 255.255.255.0 gw 200.200.200.10 diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup new file mode 100755 index 00000000..9e6fa7fa --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup @@ -0,0 +1,47 @@ +# setup - quick setup for left or right side of ipsec test +# see README for example use. + +SCRIPT_HOME=/test_setkey/ +cd $SCRIPT_HOME + +export PATH=$SCRIPT_HOME:$PATH + +if [ "$1" != "left" -a "$1" != "right" ] ; then + echo "Usage: $0 side [config] [driver]" + echo " where side is either left or right." + echo " where config is either" + echo " aes-sha1-tunnel (default)" + echo " or 3des-sha1-tunnel" + echo " if driver is supplied, script does 'modprobe driver'" + exit 1 +fi + +SIDE=$1 +POLICY_CFG=$SIDE.conf +DEFAULT_POLICY=aes-sha1-tunnel + +if [ -n "$2" ] ; then + POLICY=$2 +else + POLICY=$DEFAULT_POLICY +fi + +SETKEY_FILE=$POLICY_CFG-$POLICY + +if [ ! -f $SETKEY_FILE ] ; then + echo "Missing setkey command file: $SETKEY_FILE" + exit 1 +fi + +# modprobe any driver name given as last parameter +if [ -n "$3" ] ; then + modprobe $3 +fi + +SETUP_CMD_FILE=./setup_$SIDE +. $SETUP_CMD_FILE + +$SETKEY_FILE + +setkey -D +setkey -D -P diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_left b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_left new file mode 100755 index 00000000..da769099 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_left @@ -0,0 +1,13 @@ +# board on left setup +set -v +ifconfig eth0 down +ifconfig eth0 hw ether 00:04:9F:11:22:33 +ifconfig eth0 192.168.1.130 netmask 255.255.255.0 +ifconfig eth0 up +ifconfig eth1 down +ifconfig eth1 hw ether 00:E0:0C:00:7D:FD +ifconfig eth1 200.200.200.10 netmask 255.255.255.0 +ifconfig eth1 up +arp -s 192.168.1.21 00:00:00:00:00:01 +route add default dev eth1 +echo 1 > /proc/sys/net/ipv4/ip_forward diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_right b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_right new file mode 100755 index 00000000..f0e333ee --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_right @@ -0,0 +1,13 @@ +# board on right setup +set -v +ifconfig eth0 down +ifconfig eth0 hw ether 00:E0:0C:00:01:FD +ifconfig eth0 192.168.2.130 netmask 255.255.255.0 +ifconfig eth0 up +ifconfig eth1 down +ifconfig eth1 hw ether 00:E0:0C:00:00:FD +ifconfig eth1 200.200.200.20 netmask 255.255.255.0 +ifconfig eth1 up +arp -s 192.168.2.21 00:00:00:00:00:02 +route add default dev eth1 +echo 1 > /proc/sys/net/ipv4/ip_forward diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan.conf b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan.conf new file mode 100644 index 00000000..1701f4ab --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan.conf @@ -0,0 +1,19 @@ +# strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-raw updown + multiple_authentication = no +} + +pluto { + + # plugins to load in pluto + #load = aes des sha1 md5 sha2 hmac gmp random pubkey + +} + +libstrongswan { + + # set to no, the DH exponent size is optimized + # dh_exponent_ansi_x9_42 = no +} diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswanCert.pem b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswanCert.pem new file mode 100644 index 00000000..0865ad22 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswanCert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDuDCCAqCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTA0MDkxMDEwMDExOFoXDTE5MDkwNzEwMDExOFowRTELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u +Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/y +X2LqPVZuWLPIeknK86xhz6ljd3NNhC2z+P1uoCP3sBMuZiZQEjFzhnKcbXxCeo2f +FnvhOOjrrisSuVkzuu82oxXD3fIkzuS7m9V4E10EZzgmKWIf+WuNRfbgAuUINmLc +4YGAXBQLPyzpP4Ou48hhz/YQo58Bics6PHy5v34qCVROIXDvqhj91P8g+pS+F21/ +7P+CH2jRcVIEHZtG8M/PweTPQ95dPzpYd2Ov6SZ/U7EWmbMmT8VcUYn1aChxFmy5 +gweVBWlkH6MP+1DeE0/tL5c87xo5KCeGK8Tdqpe7sBRC4pPEEHDQciTUvkeuJ1Pr +K+1LwdqRxo7HgMRiDw8CAwEAAaOBsjCBrzASBgNVHRMBAf8ECDAGAQH/AgEBMAsG +A1UdDwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0j +BGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkw +FwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJv +b3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACOSmqEBtBLR9aV3UyCI8gmzR5in +Lte9aUXXS+qis6F2h2Stf4sN+Nl6Gj7REC6SpfEH4wWdwiUL5J0CJhyoOjQuDl3n +1Dw3dE4/zqMZdyDKEYTU75TmvusNJBdGsLkrf7EATAjoi/nrTOYPPhSUZvPp/D+Y +vORJ9Ej51GXlK1nwEB5iA8+tDYniNQn6BD1MEgIejzK+fbiy7braZB1kqhoEr2Si +7luBSnU912sw494E88a2EWbmMvg2TVHPNzCpVkpNk7kifCiwmw9VldkqYy9y/lCa +Epyp7lTfKw7cbD04Vk8QJW782L6Csuxkl346b17wmOqn8AZips3tFsuAY3w= +-----END CERTIFICATE----- diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_left b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_left new file mode 100755 index 00000000..e55c3e42 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_left @@ -0,0 +1,10 @@ +#strongswan on left board +set -v +cp -rf ipsec.conf.left /etc/ipsec.conf +cp -rf ipsec.secrets.left /etc/ipsec.secrets +cp -rf strongswan.conf /etc/ +cp -rf strongswanCert.pem /etc/ipsec.d/cacerts/ +cp -rf moonCert.pem /etc/ipsec.d/certs/ +mkdir /etc/ipsec.d/private +cp -rf sunKey.pem /etc/ipsec.d/private/ +cp -rf moonKey.pem /etc/ipsec.d/private/ diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_right b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_right new file mode 100755 index 00000000..bcdbb731 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_right @@ -0,0 +1,10 @@ +#strongswan on left board +set -v +cp -rf ipsec.conf.right /etc/ipsec.conf +cp -rf ipsec.secrets.right /etc/ipsec.secrets +cp -rf strongswan.conf /etc/ +cp -rf strongswanCert.pem /etc/ipsec.d/cacerts/ +cp -rf sunCert.pem /etc/ipsec.d/certs/ +mkdir /etc/ipsec.d/private +cp -rf sunKey.pem /etc/ipsec.d/private/ +cp -rf moonKey.pem /etc/ipsec.d/private/ diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunCert.pem b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunCert.pem new file mode 100644 index 00000000..d0937bab --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunCert.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIBFjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTA5MDgyNzA5NTkwNFoXDTE0MDgyNjA5NTkwNFowRTELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN1bi5z +dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+V +VIpn6Q5jaU//EN6p6A5cSfUfhBK0mFa2laFFZh/Y0h66AXqqrQ3X917h7YNsSk68 +oowY9h9I3gOx7hNVBsJr2VjdYC+b0q5NTha09/A5mimv/prYj6o0yawxoPjoDs9Y +h7D7Kf+F8fkgk0stlHJZX66J7dNrFXbg1xBld+Ep5Or2FbEZ9QWUpRQTuhdpNt/4 +9YuxQ59DemY9IRbwsrKCHH0mGrJsDdqeb0ap+8QvSXHjCt1fr9MNKWaAFAQLKQI4 +e0da1ntPCEQLeE833+NNRBgGufk0KqGT3eAXqrxa9AEIUJnVcPexQdqUMjcUpXFb +8WNzRWB8Egh3BDK6FsECAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AgOoMB0GA1UdDgQWBBRW1p4v2qihzRlcI1PnxbZwluML+zBtBgNVHSMEZjBkgBRd +p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT +EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB +ADAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dhbi5vcmcwEwYDVR0lBAwwCgYIKwYB +BQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9y +Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAo37LYT9Awx0MK/nA +FZpPJqUr0Ey+O5Ukcsdx7nd00SlmpiQRY8KmuRXCBQnDEgdLstd3slQjT0pJEgWF +0pzxybnI6eOzYAhLfhart+X1hURiNGbXjggm2s4I5+K32bVIkNEqlsYnd/6F9oo5 +ZNO0/eTTruLZfkNe/zchBGKe/Z7MacVwlYWWCbMtBV4K1d5dGcRRgpQ9WivDlmat +Nh9wlscDSgSGk3HJkbxnq695VN7zUbDWAUvWWhV5bIDjlAR/xyT9ApqIxiyVVRul +fYrE7U05Hbt6GgAroAKLp6qJup9+TxQAKSjKIwJ0hf7OuYyQ8TZtVHS7AOhm+T/5 +G/jGGA== +-----END CERTIFICATE----- diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunKey.pem b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunKey.pem new file mode 100644 index 00000000..d8fad9aa --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA35VUimfpDmNpT/8Q3qnoDlxJ9R+EErSYVraVoUVmH9jSHroB +eqqtDdf3XuHtg2xKTryijBj2H0jeA7HuE1UGwmvZWN1gL5vSrk1OFrT38DmaKa/+ +mtiPqjTJrDGg+OgOz1iHsPsp/4Xx+SCTSy2Ucllfront02sVduDXEGV34Snk6vYV +sRn1BZSlFBO6F2k23/j1i7FDn0N6Zj0hFvCysoIcfSYasmwN2p5vRqn7xC9JceMK +3V+v0w0pZoAUBAspAjh7R1rWe08IRAt4Tzff401EGAa5+TQqoZPd4BeqvFr0AQhQ +mdVw97FB2pQyNxSlcVvxY3NFYHwSCHcEMroWwQIDAQABAoIBADH51hjN2zk9HVgl +QmcTAWzcUie5cLMhrP+M9mtC8O3jcCwwFY6OwfnbMU8DHy0GMqHg5lB8b99UUVPw +HLAzjDw/ESkc6pgZs4EEhJTsxJLsvTnePgHssEgyXnXf7gRVEqJkPohfy+Zy0UCH +eIUQXiMlOQ7xg7iDMhwNa+UdWSt539DztSKilQn2xdPZjFnMT0/prvl4NA/8Zn54 +/SdWDq5yRdLWb6EK1V7yJ3687GXR1jzGtgy7TXuncUJVTYgX7RdP1Tn6gWD8YAQ/ +RfT0DdWYm4WHSgSb9/NW8lBZH2yy3hg+lNgofXEvTfBkO5QyW31LIr0tCV6zhJIc +Y9MxaKUCgYEA9sktaXfhPLe0ECjdeQEOq5EKuDrCviSKCOuAV4BDSOsdw6+5LWfY +Vb/oke8N70lL3RCblcj1pOKWUi2O/SpEJdDRduiw2gM9cXt3/bChSTHC4TsIxxN/ +Db9OGg72kZ4sRY5Au+zyAAQYBwXhFWux194Jk5qK0JblNG9J5QMqZDcCgYEA5+5h +BgHUMEO+pdME5lAiSc5PcNTejpA6j+OikCh4/HFXy3C/dLx+Cs1+egw64c8iVaIv +NEo7n7E9I0e3XqanPRXhMnBRrP+39OVsWPmZ18Li2Hi84KwJyi8Y11l3XJOqaYpF +wMVUuZpxR0dfG5k/5GwT/tEkmQBglOgG3m2zUMcCgYEA4m3Vd9ahV5dp5AXKpzKc +JjiPMFfhxJo7+FEz0ZUCp03qYljBu/Jy4MKS/grrqyiCLdQGHNlk4SNxLvdUId78 +5gGBnuuDEJU2dAAIKUE9yq2YlBUZSacOxStI2snt28/X6P3LUWHm7LLU5OS1D3Vf +mKPF/6MlSJuas5CEqVZNN+MCgYBH9Qh7IaQgmVQUBKVXg3Mv7OduvUyTdKIGtHxi +N3xZ7hxsDP4JjNWaKmlcGmFGX8pqQRheI83d3NJ4GK8GmbP3Wst0p65fezMqsudr +r30QmPFicgs/tYCQDw6o+aPzwAi2F+VOSqrfrtAIaldSq7hL+VA21dKB+cD9UgOX +jPd+TwKBgQCbKeg2QNS2qhPIG9eaqJDROuxmxb/07d7OBctgMgxVvKhqW9hW42Sy +gJ59fyz5QjFBaSfcOdf4gkKyEawVo45/q6ymIQU37R4vF4CW9Z3CfaIbwJp7LcHV +zH07so/HNsZua6GWCSCLJU5MeCRiZzk2RFiS9KIaLP4gZndv4lXOiQ== +-----END RSA PRIVATE KEY----- diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb new file mode 100644 index 00000000..56070605 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb @@ -0,0 +1,25 @@ +SUMMARY = "Scripts and configuration files for ipsec demo" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" + +RDEPENDS_${PN} = "ipsec-tools" + +inherit allarch + +SRC_URI = "file://test_setkey" + +do_configure() { + : +} + +do_compile() { + : +} + +do_install(){ + install -d ${D}${datadir} + cp -a ${WORKDIR}/test_setkey ${D}${datadir}/ +} + +FILES_${PN} = "${datadir}/*" + diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch new file mode 100644 index 00000000..233cf6e2 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch @@ -0,0 +1,83 @@ +From 9297e3834518ff0558d6e7004a62adfd107e659a Mon Sep 17 00:00:00 2001 +From: Cristian Stoica <cristian.stoica@freescale.com> +Date: Tue, 10 Sep 2013 12:46:46 +0300 +Subject: [PATCH 01/17] remove double initialization of cryptodev engine + +cryptodev engine is initialized together with the other engines in +ENGINE_load_builtin_engines. The initialization done through +OpenSSL_add_all_algorithms is redundant. + +Change-Id: Ic9488500967595543ff846f147b36f383db7cb27 +Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> +Reviewed-on: http://git.am.freescale.net:8181/17222 +--- + crypto/engine/eng_all.c | 11 ----------- + crypto/engine/engine.h | 4 ---- + crypto/evp/c_all.c | 5 ----- + util/libeay.num | 2 +- + 4 files changed, 1 insertion(+), 21 deletions(-) + +diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c +index 6093376..f16c043 100644 +--- a/crypto/engine/eng_all.c ++++ b/crypto/engine/eng_all.c +@@ -122,14 +122,3 @@ void ENGINE_load_builtin_engines(void) + #endif + ENGINE_register_all_complete(); + } +- +-#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) +-void ENGINE_setup_bsd_cryptodev(void) { +- static int bsd_cryptodev_default_loaded = 0; +- if (!bsd_cryptodev_default_loaded) { +- ENGINE_load_cryptodev(); +- ENGINE_register_all_complete(); +- } +- bsd_cryptodev_default_loaded=1; +-} +-#endif +diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h +index f8be497..237a6c9 100644 +--- a/crypto/engine/engine.h ++++ b/crypto/engine/engine.h +@@ -740,10 +740,6 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, + * values. */ + void *ENGINE_get_static_state(void); + +-#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) +-void ENGINE_setup_bsd_cryptodev(void); +-#endif +- + /* BEGIN ERROR CODES */ + /* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. +diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c +index 766c4ce..5d6c21b 100644 +--- a/crypto/evp/c_all.c ++++ b/crypto/evp/c_all.c +@@ -82,9 +82,4 @@ void OPENSSL_add_all_algorithms_noconf(void) + OPENSSL_cpuid_setup(); + OpenSSL_add_all_ciphers(); + OpenSSL_add_all_digests(); +-#ifndef OPENSSL_NO_ENGINE +-# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) +- ENGINE_setup_bsd_cryptodev(); +-# endif +-#endif + } +diff --git a/util/libeay.num b/util/libeay.num +index aa86b2b..ae50040 100755 +--- a/util/libeay.num ++++ b/util/libeay.num +@@ -2801,7 +2801,7 @@ BIO_indent 3242 EXIST::FUNCTION: + BUF_strlcpy 3243 EXIST::FUNCTION: + OpenSSLDie 3244 EXIST::FUNCTION: + OPENSSL_cleanse 3245 EXIST::FUNCTION: +-ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE ++ENGINE_setup_bsd_cryptodev 3246 NOEXIST::FUNCTION: + ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH + EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES + FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION: +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch new file mode 100644 index 00000000..0b77bfa8 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch @@ -0,0 +1,317 @@ +From dfd6ba263dc25ea2a4bbc32448b24ca2b1fc40e8 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica <cristian.stoica@freescale.com> +Date: Thu, 29 Aug 2013 16:51:18 +0300 +Subject: [PATCH 02/17] eng_cryptodev: add support for TLS algorithms offload + +- aes-128-cbc-hmac-sha1 +- aes-256-cbc-hmac-sha1 + +Requires TLS patches on cryptodev and TLS algorithm support in Linux +kernel driver. + +Change-Id: I43048caa348414daddd6c1a5cdc55e769ac1945f +Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> +Reviewed-on: http://git.am.freescale.net:8181/17223 +--- + crypto/engine/eng_cryptodev.c | 222 +++++++++++++++++++++++++++++++++++++++--- + 1 file changed, 211 insertions(+), 11 deletions(-) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index 5a715ac..7588a28 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -72,6 +72,9 @@ ENGINE_load_cryptodev(void) + struct dev_crypto_state { + struct session_op d_sess; + int d_fd; ++ unsigned char *aad; ++ unsigned int aad_len; ++ unsigned int len; + + #ifdef USE_CRYPTODEV_DIGESTS + char dummy_mac_key[HASH_MAX_LEN]; +@@ -140,17 +143,20 @@ static struct { + int nid; + int ivmax; + int keylen; ++ int mackeylen; + } ciphers[] = { +- { CRYPTO_ARC4, NID_rc4, 0, 16, }, +- { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, +- { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, +- { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, +- { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, +- { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, +- { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, +- { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, +- { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, +- { 0, NID_undef, 0, 0, }, ++ { CRYPTO_ARC4, NID_rc4, 0, 16, 0}, ++ { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, 0}, ++ { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, 0}, ++ { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, 0}, ++ { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, 0}, ++ { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, 0}, ++ { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, 0}, ++ { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0}, ++ { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0}, ++ { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20}, ++ { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20}, ++ { 0, NID_undef, 0, 0, 0}, + }; + + #ifdef USE_CRYPTODEV_DIGESTS +@@ -250,13 +256,15 @@ get_cryptodev_ciphers(const int **cnids) + } + memset(&sess, 0, sizeof(sess)); + sess.key = (caddr_t)"123456789abcdefghijklmno"; ++ sess.mackey = (caddr_t)"123456789ABCDEFGHIJKLMNO"; + + for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { + if (ciphers[i].nid == NID_undef) + continue; + sess.cipher = ciphers[i].id; + sess.keylen = ciphers[i].keylen; +- sess.mac = 0; ++ sess.mackeylen = ciphers[i].mackeylen; ++ + if (ioctl(fd, CIOCGSESSION, &sess) != -1 && + ioctl(fd, CIOCFSESSION, &sess.ses) != -1) + nids[count++] = ciphers[i].nid; +@@ -414,6 +422,67 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + return (1); + } + ++ ++static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ struct crypt_auth_op cryp; ++ struct dev_crypto_state *state = ctx->cipher_data; ++ struct session_op *sess = &state->d_sess; ++ const void *iiv; ++ unsigned char save_iv[EVP_MAX_IV_LENGTH]; ++ ++ if (state->d_fd < 0) ++ return (0); ++ if (!len) ++ return (1); ++ if ((len % ctx->cipher->block_size) != 0) ++ return (0); ++ ++ memset(&cryp, 0, sizeof(cryp)); ++ ++ /* TODO: make a seamless integration with cryptodev flags */ ++ switch (ctx->cipher->nid) { ++ case NID_aes_128_cbc_hmac_sha1: ++ case NID_aes_256_cbc_hmac_sha1: ++ cryp.flags = COP_FLAG_AEAD_TLS_TYPE; ++ } ++ cryp.ses = sess->ses; ++ cryp.len = state->len; ++ cryp.src = (caddr_t) in; ++ cryp.dst = (caddr_t) out; ++ cryp.auth_src = state->aad; ++ cryp.auth_len = state->aad_len; ++ ++ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; ++ ++ if (ctx->cipher->iv_len) { ++ cryp.iv = (caddr_t) ctx->iv; ++ if (!ctx->encrypt) { ++ iiv = in + len - ctx->cipher->iv_len; ++ memcpy(save_iv, iiv, ctx->cipher->iv_len); ++ } ++ } else ++ cryp.iv = NULL; ++ ++ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) { ++ /* XXX need better errror handling ++ * this can fail for a number of different reasons. ++ */ ++ return (0); ++ } ++ ++ if (ctx->cipher->iv_len) { ++ if (ctx->encrypt) ++ iiv = out + len - ctx->cipher->iv_len; ++ else ++ iiv = save_iv; ++ memcpy(ctx->iv, iiv, ctx->cipher->iv_len); ++ } ++ return (1); ++} ++ ++ + static int + cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +@@ -452,6 +521,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + return (1); + } + ++/* Save the encryption key provided by upper layers. ++ * ++ * This function is called by EVP_CipherInit_ex to initialize the algorithm's ++ * extra data. We can't do much here because the mac key is not available. ++ * The next call should/will be to cryptodev_cbc_hmac_sha1_ctrl with parameter ++ * EVP_CTRL_AEAD_SET_MAC_KEY, to set the hmac key. There we call CIOCGSESSION ++ * with both the crypto and hmac keys. ++ */ ++static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx, ++ const unsigned char *key, const unsigned char *iv, int enc) ++{ ++ struct dev_crypto_state *state = ctx->cipher_data; ++ struct session_op *sess = &state->d_sess; ++ int cipher = -1, i; ++ ++ for (i = 0; ciphers[i].id; i++) ++ if (ctx->cipher->nid == ciphers[i].nid && ++ ctx->cipher->iv_len <= ciphers[i].ivmax && ++ ctx->key_len == ciphers[i].keylen) { ++ cipher = ciphers[i].id; ++ break; ++ } ++ ++ if (!ciphers[i].id) { ++ state->d_fd = -1; ++ return (0); ++ } ++ ++ memset(sess, 0, sizeof(struct session_op)); ++ ++ sess->key = (caddr_t)key; ++ sess->keylen = ctx->key_len; ++ sess->cipher = cipher; ++ ++ /* for whatever reason, (1) means success */ ++ return (1); ++} ++ ++ + /* + * free anything we allocated earlier when initting a + * session, and close the session. +@@ -488,6 +596,63 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx) + return (ret); + } + ++static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, ++ void *ptr) ++{ ++ switch (type) { ++ case EVP_CTRL_AEAD_SET_MAC_KEY: ++ { ++ /* TODO: what happens with hmac keys larger than 64 bytes? */ ++ struct dev_crypto_state *state = ctx->cipher_data; ++ struct session_op *sess = &state->d_sess; ++ ++ if ((state->d_fd = get_dev_crypto()) < 0) ++ return (0); ++ ++ /* the rest should have been set in cryptodev_init_aead_key */ ++ sess->mackey = ptr; ++ sess->mackeylen = arg; ++ ++ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { ++ put_dev_crypto(state->d_fd); ++ state->d_fd = -1; ++ return (0); ++ } ++ return (1); ++ } ++ case EVP_CTRL_AEAD_TLS1_AAD: ++ { ++ /* ptr points to the associated data buffer of 13 bytes */ ++ struct dev_crypto_state *state = ctx->cipher_data; ++ unsigned char *p = ptr; ++ unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1]; ++ unsigned int maclen, padlen; ++ unsigned int bs = ctx->cipher->block_size; ++ ++ state->aad = ptr; ++ state->aad_len = arg; ++ state->len = cryptlen; ++ ++ /* TODO: this should be an extension of EVP_CIPHER struct */ ++ switch (ctx->cipher->nid) { ++ case NID_aes_128_cbc_hmac_sha1: ++ case NID_aes_256_cbc_hmac_sha1: ++ maclen = SHA_DIGEST_LENGTH; ++ } ++ ++ /* space required for encryption (not only TLS padding) */ ++ padlen = maclen; ++ if (ctx->encrypt) { ++ cryptlen += maclen; ++ padlen += bs - (cryptlen % bs); ++ } ++ return padlen; ++ } ++ default: ++ return -1; ++ } ++} ++ + /* + * libcrypto EVP stuff - this is how we get wired to EVP so the engine + * gets called when libcrypto requests a cipher NID. +@@ -600,6 +765,33 @@ const EVP_CIPHER cryptodev_aes_256_cbc = { + NULL + }; + ++const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = { ++ NID_aes_128_cbc_hmac_sha1, ++ 16, 16, 16, ++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, ++ cryptodev_init_aead_key, ++ cryptodev_aead_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ cryptodev_cbc_hmac_sha1_ctrl, ++ NULL ++}; ++ ++const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = { ++ NID_aes_256_cbc_hmac_sha1, ++ 16, 32, 16, ++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, ++ cryptodev_init_aead_key, ++ cryptodev_aead_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ cryptodev_cbc_hmac_sha1_ctrl, ++ NULL ++}; + /* + * Registered by the ENGINE when used to find out how to deal with + * a particular NID in the ENGINE. this says what we'll do at the +@@ -637,6 +829,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, + case NID_aes_256_cbc: + *cipher = &cryptodev_aes_256_cbc; + break; ++ case NID_aes_128_cbc_hmac_sha1: ++ *cipher = &cryptodev_aes_128_cbc_hmac_sha1; ++ break; ++ case NID_aes_256_cbc_hmac_sha1: ++ *cipher = &cryptodev_aes_256_cbc_hmac_sha1; ++ break; + default: + *cipher = NULL; + break; +@@ -1384,6 +1582,8 @@ ENGINE_load_cryptodev(void) + } + put_dev_crypto(fd); + ++ EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); ++ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); + if (!ENGINE_set_id(engine, "cryptodev") || + !ENGINE_set_name(engine, "BSD cryptodev engine") || + !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch new file mode 100644 index 00000000..b31668e1 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch @@ -0,0 +1,64 @@ +From 084fa469a8fef530d71a0870364df1c7997f6465 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica <cristian.stoica@freescale.com> +Date: Thu, 31 Jul 2014 14:06:19 +0300 +Subject: [PATCH 03/17] cryptodev: fix algorithm registration + +Cryptodev specific algorithms must register only if available in kernel. + +Change-Id: Iec5af8f4f3138357e4b96f2ec1627278134e4808 +Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> +Reviewed-on: http://git.am.freescale.net:8181/15326 +Reviewed-by: Horia Ioan Geanta Neag <horia.geanta@freescale.com> +Reviewed-on: http://git.am.freescale.net:8181/17224 +--- + crypto/engine/eng_cryptodev.c | 20 +++++++++++++++++--- + 1 file changed, 17 insertions(+), 3 deletions(-) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index 7588a28..e3eb98b 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -133,6 +133,8 @@ static int cryptodev_dh_compute_key(unsigned char *key, + static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, + void (*f)(void)); + void ENGINE_load_cryptodev(void); ++const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; ++const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; + + static const ENGINE_CMD_DEFN cryptodev_defns[] = { + { 0, NULL, NULL, 0 } +@@ -342,7 +344,21 @@ get_cryptodev_digests(const int **cnids) + static int + cryptodev_usable_ciphers(const int **nids) + { +- return (get_cryptodev_ciphers(nids)); ++ int i, count; ++ ++ count = get_cryptodev_ciphers(nids); ++ /* add ciphers specific to cryptodev if found in kernel */ ++ for(i = 0; i < count; i++) { ++ switch (*(*nids + i)) { ++ case NID_aes_128_cbc_hmac_sha1: ++ EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); ++ break; ++ case NID_aes_256_cbc_hmac_sha1: ++ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); ++ break; ++ } ++ } ++ return count; + } + + static int +@@ -1582,8 +1598,6 @@ ENGINE_load_cryptodev(void) + } + put_dev_crypto(fd); + +- EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); +- EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); + if (!ENGINE_set_id(engine, "cryptodev") || + !ENGINE_set_name(engine, "BSD cryptodev engine") || + !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch new file mode 100644 index 00000000..af30ad3d --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch @@ -0,0 +1,74 @@ +From 7d770f0324498d1fa78300cc5cecc8c1dcd3b788 Mon Sep 17 00:00:00 2001 +From: Andy Polyakov <appro@openssl.org> +Date: Sun, 21 Oct 2012 18:19:41 +0000 +Subject: [PATCH 04/17] linux-pcc: make it more robust and recognize + KERNEL_BITS variable. + +(cherry picked from commit 78c3e20579d3baa159c8b51b59d415b6e521614b) + +Change-Id: I769c466f052305681ab54a1b6545d94c7fbf5a9d +Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> +--- + config | 19 +++++++++++++------ + crypto/ppccap.c | 7 +++++++ + 2 files changed, 20 insertions(+), 6 deletions(-) + +diff --git a/config b/config +index 41fa2a6..f37b9e6 100755 +--- a/config ++++ b/config +@@ -587,13 +587,20 @@ case "$GUESSOS" in + fi + ;; + ppc64-*-linux2) +- echo "WARNING! If you wish to build 64-bit library, then you have to" +- echo " invoke './Configure linux-ppc64' *manually*." +- if [ "$TEST" = "false" -a -t 1 ]; then +- echo " You have about 5 seconds to press Ctrl-C to abort." +- (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1 ++ if [ -z "$KERNEL_BITS" ]; then ++ echo "WARNING! If you wish to build 64-bit library, then you have to" ++ echo " invoke './Configure linux-ppc64' *manually*." ++ if [ "$TEST" = "false" -a -t 1 ]; then ++ echo " You have about 5 seconds to press Ctrl-C to abort." ++ (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1 ++ fi ++ fi ++ if [ "$KERNEL_BITS" = "64" ]; then ++ OUT="linux-ppc64" ++ else ++ OUT="linux-ppc" ++ (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || options="$options -m32" + fi +- OUT="linux-ppc" + ;; + ppc-*-linux2) OUT="linux-ppc" ;; + ppc60x-*-vxworks*) OUT="vxworks-ppc60x" ;; +diff --git a/crypto/ppccap.c b/crypto/ppccap.c +index f71ba66..531f1b3 100644 +--- a/crypto/ppccap.c ++++ b/crypto/ppccap.c +@@ -4,6 +4,9 @@ + #include <setjmp.h> + #include <signal.h> + #include <unistd.h> ++#ifdef __linux ++#include <sys/utsname.h> ++#endif + #include <crypto.h> + #include <openssl/bn.h> + +@@ -102,6 +105,10 @@ void OPENSSL_cpuid_setup(void) + + if (sizeof(size_t)==4) + { ++#ifdef __linux ++ struct utsname uts; ++ if (uname(&uts)==0 && strcmp(uts.machine,"ppc64")==0) ++#endif + if (sigsetjmp(ill_jmp,1) == 0) + { + OPENSSL_ppc64_probe(); +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch new file mode 100644 index 00000000..cfcf4a66 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch @@ -0,0 +1,318 @@ +From 15abbcd740eafbf2a46b5da24be76acf4982743d Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta <yashpal.dutta@freescale.com> +Date: Tue, 11 Mar 2014 05:56:54 +0545 +Subject: [PATCH 05/17] ECC Support header for Cryptodev Engine + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> +--- + crypto/engine/eng_cryptodev_ec.h | 296 +++++++++++++++++++++++++++++++++++++++ + 1 file changed, 296 insertions(+) + create mode 100644 crypto/engine/eng_cryptodev_ec.h + +diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h +new file mode 100644 +index 0000000..77aee71 +--- /dev/null ++++ b/crypto/engine/eng_cryptodev_ec.h +@@ -0,0 +1,296 @@ ++/* ++ * Copyright (C) 2012 Freescale Semiconductor, Inc. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN ++ * NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED ++ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR ++ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF ++ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING ++ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS ++ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++#ifndef __ENG_EC_H ++#define __ENG_EC_H ++ ++#define SPCF_CPARAM_INIT(X,...) \ ++static unsigned char X##_c[] = {__VA_ARGS__} \ ++ ++#define SPCF_FREE_BN(X) do { if(X) { BN_clear_free(X); X = NULL; } } while (0) ++ ++#define SPCF_COPY_CPARAMS(NIDBUF) \ ++ do { \ ++ memcpy (buf, NIDBUF, buf_len); \ ++ } while (0) ++ ++#define SPCF_CPARAM_CASE(X) \ ++ case NID_##X: \ ++ SPCF_COPY_CPARAMS(X##_c); \ ++ break ++ ++SPCF_CPARAM_INIT(sect113r1, 0x01, 0x73, 0xE8, 0x34, 0xAF, 0x28, 0xEC, 0x76, ++ 0xCB, 0x83, 0xBD, 0x8D, 0xFE, 0xB2, 0xD5); ++SPCF_CPARAM_INIT(sect113r2, 0x00, 0x54, 0xD9, 0xF0, 0x39, 0x57, 0x17, 0x4A, ++ 0x32, 0x32, 0x91, 0x67, 0xD7, 0xFE, 0x71); ++SPCF_CPARAM_INIT(sect131r1, 0x03, 0xDB, 0x89, 0xB4, 0x05, 0xE4, 0x91, 0x16, ++ 0x0E, 0x3B, 0x2F, 0x07, 0xB0, 0xCE, 0x20, 0xB3, 0x7E); ++SPCF_CPARAM_INIT(sect131r2, 0x07, 0xCB, 0xB9, 0x92, 0x0D, 0x71, 0xA4, 0x8E, ++ 0x09, 0x9C, 0x38, 0xD7, 0x1D, 0xA6, 0x49, 0x0E, 0xB1); ++SPCF_CPARAM_INIT(sect163k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x01); ++SPCF_CPARAM_INIT(sect163r1, 0x05, 0xED, 0x40, 0x3E, 0xD5, 0x8E, 0xB4, 0x5B, ++ 0x1C, 0xCE, 0xCA, 0x0F, 0x4F, 0x61, 0x65, 0x55, 0x49, 0x86, ++ 0x1B, 0xE0, 0x52); ++SPCF_CPARAM_INIT(sect163r2, 0x07, 0x2C, 0x4E, 0x1E, 0xF7, 0xCB, 0x2F, 0x3A, ++ 0x03, 0x5D, 0x33, 0x10, 0x42, 0x94, 0x15, 0x96, 0x09, 0x13, ++ 0x8B, 0xB4, 0x04); ++SPCF_CPARAM_INIT(sect193r1, 0x01, 0x67, 0xB3, 0x5E, 0xB4, 0x31, 0x3F, 0x26, ++ 0x3D, 0x0F, 0x7A, 0x3D, 0x50, 0x36, 0xF0, 0xA0, 0xA3, 0xC9, ++ 0x80, 0xD4, 0x0E, 0x5A, 0x05, 0x3E, 0xD2); ++SPCF_CPARAM_INIT(sect193r2, 0x00, 0x69, 0x89, 0xFE, 0x6B, 0xFE, 0x30, 0xED, ++ 0xDC, 0x32, 0x44, 0x26, 0x9F, 0x3A, 0xAD, 0x18, 0xD6, 0x6C, ++ 0xF3, 0xDB, 0x3E, 0x33, 0x02, 0xFA, 0xA8); ++SPCF_CPARAM_INIT(sect233k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x01); ++SPCF_CPARAM_INIT(sect233r1, 0x00, 0x07, 0xD5, 0xEF, 0x43, 0x89, 0xDF, 0xF1, ++ 0x1E, 0xCD, 0xBA, 0x39, 0xC3, 0x09, 0x70, 0xD3, 0xCE, 0x35, ++ 0xCE, 0xBB, 0xA5, 0x84, 0x73, 0xF6, 0x4B, 0x4D, 0xC0, 0xF2, ++ 0x68, 0x6C); ++SPCF_CPARAM_INIT(sect239k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x01); ++SPCF_CPARAM_INIT(sect283k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01); ++SPCF_CPARAM_INIT(sect283r1, 0x03, 0xD8, 0xC9, 0x3D, 0x3B, 0x0E, 0xA8, 0x1D, ++ 0x92, 0x94, 0x03, 0x4D, 0x7E, 0xE3, 0x13, 0x5D, 0x0A, 0xC5, ++ 0xFC, 0x8D, 0x9C, 0xB0, 0x27, 0x6F, 0x72, 0x11, 0xF8, 0x80, ++ 0xF0, 0xD8, 0x1C, 0xA4, 0xC6, 0xE8, 0x7B, 0x38); ++SPCF_CPARAM_INIT(sect409k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x01); ++SPCF_CPARAM_INIT(sect409r1, 0x01, 0x49, 0xB8, 0xB7, 0xBE, 0xBD, 0x9B, 0x63, ++ 0x65, 0x3E, 0xF1, 0xCD, 0x8C, 0x6A, 0x5D, 0xD1, 0x05, 0xA2, ++ 0xAA, 0xAC, 0x36, 0xFE, 0x2E, 0xAE, 0x43, 0xCF, 0x28, 0xCE, ++ 0x1C, 0xB7, 0xC8, 0x30, 0xC1, 0xEC, 0xDB, 0xFA, 0x41, 0x3A, ++ 0xB0, 0x7F, 0xE3, 0x5A, 0x57, 0x81, 0x1A, 0xE4, 0xF8, 0x8D, ++ 0x30, 0xAC, 0x63, 0xFB); ++SPCF_CPARAM_INIT(sect571k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x01); ++SPCF_CPARAM_INIT(sect571r1, 0x06, 0x39, 0x5D, 0xB2, 0x2A, 0xB5, 0x94, 0xB1, ++ 0x86, 0x8C, 0xED, 0x95, 0x25, 0x78, 0xB6, 0x53, 0x9F, 0xAB, ++ 0xA6, 0x94, 0x06, 0xD9, 0xB2, 0x98, 0x61, 0x23, 0xA1, 0x85, ++ 0xC8, 0x58, 0x32, 0xE2, 0x5F, 0xD5, 0xB6, 0x38, 0x33, 0xD5, ++ 0x14, 0x42, 0xAB, 0xF1, 0xA9, 0xC0, 0x5F, 0xF0, 0xEC, 0xBD, ++ 0x88, 0xD7, 0xF7, 0x79, 0x97, 0xF4, 0xDC, 0x91, 0x56, 0xAA, ++ 0xF1, 0xCE, 0x08, 0x16, 0x46, 0x86, 0xDD, 0xFF, 0x75, 0x11, ++ 0x6F, 0xBC, 0x9A, 0x7A); ++SPCF_CPARAM_INIT(X9_62_c2pnb163v1, 0x04, 0x53, 0xE1, 0xE4, 0xB7, 0x29, 0x1F, ++ 0x5C, 0x2D, 0x53, 0xCE, 0x18, 0x48, 0x3F, 0x00, 0x70, 0x81, ++ 0xE7, 0xEA, 0x26, 0xEC); ++SPCF_CPARAM_INIT(X9_62_c2pnb163v2, 0x04, 0x35, 0xC0, 0x19, 0x66, 0x0E, 0x01, ++ 0x01, 0xBA, 0x87, 0x0C, 0xA3, 0x9F, 0xD9, 0xA7, 0x76, 0x86, ++ 0x50, 0x9D, 0x28, 0x13); ++SPCF_CPARAM_INIT(X9_62_c2pnb163v3, 0x06, 0x55, 0xC4, 0x54, 0xE4, 0x1E, 0x38, ++ 0x0C, 0x7A, 0x60, 0xB6, 0x67, 0x9A, 0x5B, 0x7A, 0x3F, 0x3A, ++ 0xF6, 0x8E, 0x22, 0xC5); ++SPCF_CPARAM_INIT(X9_62_c2pnb176v1, 0x00, 0x69, 0xF7, 0xDA, 0x36, 0x19, 0xA7, ++ 0x42, 0xA3, 0x82, 0xFF, 0x05, 0x08, 0x8F, 0xD3, 0x99, 0x42, ++ 0xCA, 0x0F, 0x1D, 0x90, 0xB6, 0x5B); ++SPCF_CPARAM_INIT(X9_62_c2tnb191v1, 0x4C, 0x45, 0x25, 0xAB, 0x0B, 0x68, 0x4A, ++ 0x64, 0x44, 0x62, 0x0A, 0x86, 0x45, 0xEF, 0x54, 0x6D, 0x54, ++ 0x69, 0x39, 0x68, 0xC2, 0xAE, 0x84, 0xAC); ++SPCF_CPARAM_INIT(X9_62_c2tnb191v2, 0x03, 0x7C, 0x8F, 0x57, 0xA2, 0x25, 0xC7, ++ 0xB3, 0xD4, 0xED, 0xD5, 0x88, 0x0F, 0x38, 0x0A, 0xCC, 0x55, ++ 0x74, 0xEC, 0xB3, 0x6C, 0x9F, 0x51, 0x21); ++SPCF_CPARAM_INIT(X9_62_c2tnb191v3, 0x37, 0x39, 0xFF, 0x98, 0xB4, 0xD1, 0x69, ++ 0x3E, 0xCF, 0x52, 0x7A, 0x98, 0x51, 0xED, 0xCF, 0x99, 0x9D, ++ 0x9E, 0x75, 0x05, 0x43, 0x33, 0x43, 0x24); ++SPCF_CPARAM_INIT(X9_62_c2pnb208w1, 0x00, 0xDB, 0x05, 0x3C, 0x41, 0x76, 0xCC, ++ 0x1D, 0xA1, 0x27, 0x85, 0x2C, 0xA6, 0xD9, 0x88, 0xBE, 0x1A, ++ 0xCC, 0xD1, 0x5B, 0x2A, 0xC1, 0xC1, 0x07, 0x42, 0x57, 0x34); ++SPCF_CPARAM_INIT(X9_62_c2tnb239v1, 0x24, 0x59, 0xFC, 0xF4, 0x51, 0x7B, 0xC5, ++ 0xA6, 0xB9, 0x9B, 0xE5, 0xC6, 0xC5, 0x62, 0x85, 0xC0, 0x21, ++ 0xFE, 0x32, 0xEE, 0x2B, 0x6F, 0x1C, 0x22, 0xEA, 0x5B, 0xE1, ++ 0xB8, 0x4B, 0x93); ++SPCF_CPARAM_INIT(X9_62_c2tnb239v2, 0x64, 0x98, 0x84, 0x19, 0x3B, 0x56, 0x2D, ++ 0x4A, 0x50, 0xB4, 0xFA, 0x56, 0x34, 0xE0, 0x34, 0x41, 0x3F, ++ 0x94, 0xC4, 0x59, 0xDA, 0x7C, 0xDB, 0x16, 0x64, 0x9D, 0xDD, ++ 0xF7, 0xE6, 0x0A); ++SPCF_CPARAM_INIT(X9_62_c2tnb239v3, 0x32, 0x63, 0x2E, 0x65, 0x2B, 0xEE, 0x91, ++ 0xC2, 0xE4, 0xA2, 0xF5, 0x42, 0xA3, 0x2D, 0x67, 0xA8, 0xB5, ++ 0xB4, 0x5F, 0x21, 0xA0, 0x81, 0x02, 0xFB, 0x1F, 0x2A, 0xFB, ++ 0xB6, 0xAC, 0xDA); ++SPCF_CPARAM_INIT(X9_62_c2pnb272w1, 0x00, 0xDA, 0x7B, 0x60, 0x28, 0xF4, 0xC8, ++ 0x09, 0xA0, 0xB9, 0x78, 0x81, 0xC3, 0xA5, 0x7E, 0x4D, 0x71, ++ 0x81, 0x34, 0xD1, 0x3F, 0xEC, 0xE0, 0x90, 0x85, 0x8A, 0xC3, ++ 0x1A, 0xE2, 0xDC, 0x2E, 0xDF, 0x8E, 0x3C, 0x8B); ++SPCF_CPARAM_INIT(X9_62_c2pnb304w1, 0x00, 0x3C, 0x67, 0xB4, 0x07, 0xC6, 0xF3, ++ 0x3F, 0x81, 0x0B, 0x17, 0xDC, 0x16, 0xE2, 0x14, 0x8A, 0x2C, ++ 0x9C, 0xE2, 0x9D, 0x56, 0x05, 0x23, 0x69, 0x6A, 0x55, 0x93, ++ 0x8A, 0x15, 0x40, 0x81, 0xE3, 0xE3, 0xAE, 0xFB, 0xCE, 0x45, ++ 0x70, 0xC9); ++SPCF_CPARAM_INIT(X9_62_c2tnb359v1, 0x22, 0x39, 0xAA, 0x58, 0x4A, 0xC5, 0x9A, ++ 0xF9, 0x61, 0xD0, 0xFA, 0x2D, 0x52, 0x85, 0xB6, 0xFD, 0xF7, ++ 0x34, 0x9B, 0xC6, 0x0E, 0x91, 0xE3, 0x20, 0xF4, 0x71, 0x64, ++ 0xCE, 0x11, 0xF5, 0x18, 0xEF, 0xB4, 0xC0, 0x8B, 0x9B, 0xDA, ++ 0x99, 0x9A, 0x8A, 0x37, 0xF8, 0x2A, 0x22, 0x61); ++SPCF_CPARAM_INIT(X9_62_c2pnb368w1, 0x00, 0xC0, 0x6C, 0xCF, 0x42, 0x89, 0x3A, ++ 0x8A, 0xAA, 0x00, 0x1E, 0x0B, 0xC0, 0xD2, 0xA2, 0x27, 0x66, ++ 0xEF, 0x3E, 0x41, 0x88, 0x7C, 0xC6, 0x77, 0x6F, 0x4A, 0x04, ++ 0x1E, 0xE4, 0x45, 0x14, 0xB2, 0x0A, 0xFC, 0x4E, 0x5C, 0x30, ++ 0x40, 0x60, 0x06, 0x5B, 0xC8, 0xD6, 0xCF, 0x04, 0xD3, 0x25); ++SPCF_CPARAM_INIT(X9_62_c2tnb431r1, 0x64, 0xF5, 0xBB, 0xE9, 0xBB, 0x31, 0x66, ++ 0xA3, 0xA0, 0x2F, 0x2F, 0x22, 0xBF, 0x05, 0xD9, 0xF7, 0xDA, ++ 0x43, 0xEE, 0x70, 0xC1, 0x79, 0x03, 0x15, 0x2B, 0x70, 0xA0, ++ 0xB4, 0x25, 0x9B, 0xD2, 0xFC, 0xB2, 0x20, 0x3B, 0x7F, 0xB8, ++ 0xD3, 0x39, 0x4E, 0x20, 0xEB, 0x0E, 0xA9, 0x84, 0xDD, 0xB1, ++ 0xE1, 0xF1, 0x4C, 0x67, 0xB1, 0x36, 0x2B); ++SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01); ++SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x01); ++SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls4, 0x01, 0x73, 0xE8, 0x34, 0xAF, 0x28, ++ 0xEC, 0x76, 0xCB, 0x83, 0xBD, 0x8D, 0xFE, 0xB2, 0xD5); ++SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls5, 0x04, 0x53, 0xE1, 0xE4, 0xB7, 0x29, ++ 0x1F, 0x5C, 0x2D, 0x53, 0xCE, 0x18, 0x48, 0x3F, 0x00, 0x70, ++ 0x81, 0xE7, 0xEA, 0x26, 0xEC); ++SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x01); ++SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls11, 0x00, 0x07, 0xD5, 0xEF, 0x43, 0x89, ++ 0xDF, 0xF1, 0x1E, 0xCD, 0xBA, 0x39, 0xC3, 0x09, 0x70, 0xD3, ++ 0xCE, 0x35, 0xCE, 0xBB, 0xA5, 0x84, 0x73, 0xF6, 0x4B, 0x4D, ++ 0xC0, 0xF2, 0x68, 0x6C); ++/* Oakley curve #3 over 155 bit binary filed */ ++SPCF_CPARAM_INIT(ipsec3, 0x00, 0x31, 0x10, 0x00, 0x00, 0x02, 0x23, 0xA0, 0x00, ++ 0xC4, 0x47, 0x40, 0x00, 0x08, 0x8E, 0x80, 0x00, 0x11, 0x1D, ++ 0x1D); ++/* Oakley curve #4 over 185 bit binary filed */ ++SPCF_CPARAM_INIT(ipsec4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, ++ 0x01, 0x80, 0x00, 0xC0, 0x0C, 0x00, 0x00, 0x00, 0x63, 0x80, ++ 0x30, 0x00, 0x1C, 0x00, 0x09); ++ ++static inline int ++eng_ec_get_cparam(int nid, unsigned char *buf, unsigned int buf_len) ++{ ++ int ret = 0; ++ switch (nid) { ++ SPCF_CPARAM_CASE(sect113r1); ++ SPCF_CPARAM_CASE(sect113r2); ++ SPCF_CPARAM_CASE(sect131r1); ++ SPCF_CPARAM_CASE(sect131r2); ++ SPCF_CPARAM_CASE(sect163k1); ++ SPCF_CPARAM_CASE(sect163r1); ++ SPCF_CPARAM_CASE(sect163r2); ++ SPCF_CPARAM_CASE(sect193r1); ++ SPCF_CPARAM_CASE(sect193r2); ++ SPCF_CPARAM_CASE(sect233k1); ++ SPCF_CPARAM_CASE(sect233r1); ++ SPCF_CPARAM_CASE(sect239k1); ++ SPCF_CPARAM_CASE(sect283k1); ++ SPCF_CPARAM_CASE(sect283r1); ++ SPCF_CPARAM_CASE(sect409k1); ++ SPCF_CPARAM_CASE(sect409r1); ++ SPCF_CPARAM_CASE(sect571k1); ++ SPCF_CPARAM_CASE(sect571r1); ++ SPCF_CPARAM_CASE(X9_62_c2pnb163v1); ++ SPCF_CPARAM_CASE(X9_62_c2pnb163v2); ++ SPCF_CPARAM_CASE(X9_62_c2pnb163v3); ++ SPCF_CPARAM_CASE(X9_62_c2pnb176v1); ++ SPCF_CPARAM_CASE(X9_62_c2tnb191v1); ++ SPCF_CPARAM_CASE(X9_62_c2tnb191v2); ++ SPCF_CPARAM_CASE(X9_62_c2tnb191v3); ++ SPCF_CPARAM_CASE(X9_62_c2pnb208w1); ++ SPCF_CPARAM_CASE(X9_62_c2tnb239v1); ++ SPCF_CPARAM_CASE(X9_62_c2tnb239v2); ++ SPCF_CPARAM_CASE(X9_62_c2tnb239v3); ++ SPCF_CPARAM_CASE(X9_62_c2pnb272w1); ++ SPCF_CPARAM_CASE(X9_62_c2pnb304w1); ++ SPCF_CPARAM_CASE(X9_62_c2tnb359v1); ++ SPCF_CPARAM_CASE(X9_62_c2pnb368w1); ++ SPCF_CPARAM_CASE(X9_62_c2tnb431r1); ++ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls1); ++ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls3); ++ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls4); ++ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls5); ++ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls10); ++ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls11); ++ /* Oakley curve #3 over 155 bit binary filed */ ++ SPCF_CPARAM_CASE(ipsec3); ++ /* Oakley curve #4 over 185 bit binary filed */ ++ SPCF_CPARAM_CASE(ipsec4); ++ default: ++ ret = -EINVAL; ++ break; ++ } ++ return ret; ++} ++ ++/* Copies the curve points to a flat buffer with appropriate padding */ ++static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y, ++ int xy_len, int crv_len) ++{ ++ unsigned char *xy = NULL; ++ int len1 = 0, len2 = 0; ++ ++ len1 = BN_num_bytes(x); ++ len2 = BN_num_bytes(y); ++ ++ if (!(xy = malloc(xy_len))) { ++ return NULL; ++ } ++ ++ memset(xy, 0, xy_len); ++ ++ if (len1 < crv_len) { ++ if (!BN_is_zero(x)) ++ BN_bn2bin(x, xy + (crv_len - len1)); ++ } else { ++ BN_bn2bin(x, xy); ++ } ++ ++ if (len2 < crv_len) { ++ if (!BN_is_zero(y)) ++ BN_bn2bin(y, xy+crv_len+(crv_len-len2)); ++ } else { ++ BN_bn2bin(y, xy+crv_len); ++ } ++ ++ return xy; ++} ++ ++enum curve_t { ++ DISCRETE_LOG, ++ ECC_PRIME, ++ ECC_BINARY, ++ MAX_ECC_TYPE ++}; ++#endif +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch new file mode 100644 index 00000000..41f48a2f --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch @@ -0,0 +1,33 @@ +From 39a9e609290a8a1163a721915bcde0c7cf8f92f7 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta <yashpal.dutta@freescale.com> +Date: Tue, 11 Mar 2014 05:57:47 +0545 +Subject: [PATCH 06/17] Fixed private key support for DH + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> +--- + crypto/dh/dh_ameth.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c +index 02ec2d4..ed32004 100644 +--- a/crypto/dh/dh_ameth.c ++++ b/crypto/dh/dh_ameth.c +@@ -422,6 +422,13 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) + if (to->pkey.dh->g != NULL) + BN_free(to->pkey.dh->g); + to->pkey.dh->g=a; ++ if ((a=BN_dup(from->pkey.dh->q)) != NULL) { ++ if (to->pkey.dh->q != NULL) ++ BN_free(to->pkey.dh->q); ++ to->pkey.dh->q=a; ++ } ++ ++ to->pkey.dh->length = from->pkey.dh->length; + + return 1; + } +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch new file mode 100644 index 00000000..f507fff7 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch @@ -0,0 +1,35 @@ +From 8322e4157bf49d992b5b9e460f2c0785865dd1c1 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta <yashpal.dutta@freescale.com> +Date: Thu, 20 Mar 2014 19:55:51 -0500 +Subject: [PATCH 07/17] Fixed private key support for DH + +Upstream-status: Pending + +Required Length of the DH result is not returned in dh method in openssl + +Tested-by: Yashpal Dutta <yashpal.dutta@freescale.com> +--- + crypto/dh/dh_ameth.c | 7 ------- + 1 file changed, 7 deletions(-) + +diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c +index ed32004..02ec2d4 100644 +--- a/crypto/dh/dh_ameth.c ++++ b/crypto/dh/dh_ameth.c +@@ -422,13 +422,6 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) + if (to->pkey.dh->g != NULL) + BN_free(to->pkey.dh->g); + to->pkey.dh->g=a; +- if ((a=BN_dup(from->pkey.dh->q)) != NULL) { +- if (to->pkey.dh->q != NULL) +- BN_free(to->pkey.dh->q); +- to->pkey.dh->q=a; +- } +- +- to->pkey.dh->length = from->pkey.dh->length; + + return 1; + } +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch new file mode 100644 index 00000000..6903c88d --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch @@ -0,0 +1,1564 @@ +From 107a10d45db0f2e58482f698add04ed9183f7268 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta <yashpal.dutta@freescale.com> +Date: Tue, 11 Mar 2014 06:29:52 +0545 +Subject: [PATCH 08/17] Initial support for PKC in cryptodev engine + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> +--- + crypto/engine/eng_cryptodev.c | 1343 ++++++++++++++++++++++++++++++++++++----- + 1 file changed, 1183 insertions(+), 160 deletions(-) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index e3eb98b..7ee314b 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -54,11 +54,14 @@ ENGINE_load_cryptodev(void) + #else + + #include <sys/types.h> +-#include <crypto/cryptodev.h> + #include <crypto/dh/dh.h> + #include <crypto/dsa/dsa.h> + #include <crypto/err/err.h> + #include <crypto/rsa/rsa.h> ++#include <crypto/ecdsa/ecs_locl.h> ++#include <crypto/ecdh/ech_locl.h> ++#include <crypto/ec/ec_lcl.h> ++#include <crypto/ec/ec.h> + #include <sys/ioctl.h> + #include <errno.h> + #include <stdio.h> +@@ -68,6 +71,8 @@ ENGINE_load_cryptodev(void) + #include <syslog.h> + #include <errno.h> + #include <string.h> ++#include "eng_cryptodev_ec.h" ++#include <crypto/cryptodev.h> + + struct dev_crypto_state { + struct session_op d_sess; +@@ -116,18 +121,10 @@ static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, + static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, + RSA *rsa, BN_CTX *ctx); + static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); +-static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, +- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +-static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, +- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, +- BN_CTX *ctx, BN_MONT_CTX *mont); + static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, + int dlen, DSA *dsa); + static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa); +-static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, +- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, +- BN_MONT_CTX *m_ctx); + static int cryptodev_dh_compute_key(unsigned char *key, + const BIGNUM *pub_key, DH *dh); + static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, +@@ -136,6 +133,102 @@ void ENGINE_load_cryptodev(void); + const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; + const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; + ++inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) ++{ ++ int len; ++ unsigned char *p; ++ ++ len = BN_num_bytes(bn); ++ ++ if (!len) ++ return -1; ++ ++ p = malloc(len); ++ if (!p) ++ return -1; ++ ++ BN_bn2bin(bn,p); ++ ++ *bin = p; ++ *bin_len = len; ++ ++ return 0; ++} ++ ++inline int spcf_bn2bin_ex(BIGNUM *bn, unsigned char **bin, int *bin_len) ++{ ++ int len; ++ unsigned char *p; ++ ++ len = BN_num_bytes(bn); ++ ++ if (!len) ++ return -1; ++ ++ if (len < *bin_len) ++ p = malloc(*bin_len); ++ else ++ p = malloc(len); ++ ++ if (!p) ++ return -ENOMEM; ++ ++ if (len < *bin_len) { ++ /* place padding */ ++ memset(p, 0, (*bin_len - len)); ++ BN_bn2bin(bn,p+(*bin_len-len)); ++ } else { ++ BN_bn2bin(bn,p); ++ } ++ ++ *bin = p; ++ if (len >= *bin_len) ++ *bin_len = len; ++ ++ return 0; ++} ++ ++/** ++ * Convert an ECC F2m 'b' parameter into the 'c' parameter. ++ *Inputs: ++ * q, the curve's modulus ++ * b, the curve's b parameter ++ * (a bignum for b, a buffer for c) ++ * Output: ++ * c, written into bin, right-adjusted to fill q_len bytes. ++ */ ++static int ++eng_ec_compute_cparam(const BIGNUM* b, const BIGNUM* q, ++ unsigned char **bin, int *bin_len) ++{ ++ BIGNUM* c = BN_new(); ++ BIGNUM* exp = BN_new(); ++ BN_CTX *ctx = BN_CTX_new(); ++ int m = BN_num_bits(q) - 1; ++ int ok = 0; ++ ++ if (!c || !exp || !ctx || *bin) ++ goto err; ++ ++ /* ++ * We have to compute c, where b = c^4, i.e., the fourth root of b. ++ * The equation for c is c = b^(2^(m-2)) ++ * Compute exp = 2^(m-2) ++ * (1 << x) == 2^x ++ * and then compute c = b^exp ++ */ ++ BN_lshift(exp, BN_value_one(), m-2); ++ BN_GF2m_mod_exp(c, b, exp, q, ctx); ++ /* Store c */ ++ spcf_bn2bin_ex(c, bin, bin_len); ++ ok = 1; ++err: ++ if (ctx) BN_CTX_free(ctx); ++ if (c) BN_free(c); ++ if (exp) BN_free(exp); ++ return ok; ++} ++ + static const ENGINE_CMD_DEFN cryptodev_defns[] = { + { 0, NULL, NULL, 0 } + }; +@@ -1139,7 +1232,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, + static int + bn2crparam(const BIGNUM *a, struct crparam *crp) + { +- int i, j, k; + ssize_t bytes, bits; + u_char *b; + +@@ -1156,15 +1248,7 @@ bn2crparam(const BIGNUM *a, struct crparam *crp) + + crp->crp_p = (caddr_t) b; + crp->crp_nbits = bits; +- +- for (i = 0, j = 0; i < a->top; i++) { +- for (k = 0; k < BN_BITS2 / 8; k++) { +- if ((j + k) >= bytes) +- return (0); +- b[j + k] = a->d[i] >> (k * 8); +- } +- j += BN_BITS2 / 8; +- } ++ BN_bn2bin(a, crp->crp_p); + return (0); + } + +@@ -1172,22 +1256,14 @@ bn2crparam(const BIGNUM *a, struct crparam *crp) + static int + crparam2bn(struct crparam *crp, BIGNUM *a) + { +- u_int8_t *pd; +- int i, bytes; ++ int bytes; + + bytes = (crp->crp_nbits + 7) / 8; + + if (bytes == 0) + return (-1); + +- if ((pd = (u_int8_t *) malloc(bytes)) == NULL) +- return (-1); +- +- for (i = 0; i < bytes; i++) +- pd[i] = crp->crp_p[bytes - i - 1]; +- +- BN_bin2bn(pd, bytes, a); +- free(pd); ++ BN_bin2bn(crp->crp_p, bytes, a); + + return (0); + } +@@ -1235,6 +1311,32 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) + return (ret); + } + ++/* Close an opened instance of cryptodev engine */ ++void cryptodev_close_instance(void *handle) ++{ ++ int fd; ++ ++ if (handle) { ++ fd = *(int *)handle; ++ close(fd); ++ free(handle); ++ } ++} ++ ++/* Create an instance of cryptodev for asynchronous interface */ ++void *cryptodev_init_instance(void) ++{ ++ int *fd = malloc(sizeof(int)); ++ ++ if (fd) { ++ if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) { ++ free(fd); ++ return NULL; ++ } ++ } ++ return fd; ++} ++ + static int + cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) +@@ -1250,9 +1352,9 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + return (ret); + } + +- memset(&kop, 0, sizeof kop); + kop.crk_op = CRK_MOD_EXP; +- ++ kop.crk_oparams = 0; ++ kop.crk_status = 0; + /* inputs: a^p % m */ + if (bn2crparam(a, &kop.crk_param[0])) + goto err; +@@ -1293,28 +1395,38 @@ static int + cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) + { + struct crypt_kop kop; +- int ret = 1; ++ int ret = 1, f_len, p_len, q_len; ++ unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq = NULL, *c = NULL; + + if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { + /* XXX 0 means failure?? */ + return (0); + } + +- memset(&kop, 0, sizeof kop); ++ kop.crk_oparams = 0; ++ kop.crk_status = 0; + kop.crk_op = CRK_MOD_EXP_CRT; ++ f_len = BN_num_bytes(rsa->n); ++ spcf_bn2bin_ex(I, &f, &f_len); ++ spcf_bn2bin(rsa->p, &p, &p_len); ++ spcf_bn2bin(rsa->q, &q, &q_len); ++ spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len); ++ spcf_bn2bin_ex(rsa->iqmp, &c, &p_len); ++ spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len); + /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ +- if (bn2crparam(rsa->p, &kop.crk_param[0])) +- goto err; +- if (bn2crparam(rsa->q, &kop.crk_param[1])) +- goto err; +- if (bn2crparam(I, &kop.crk_param[2])) +- goto err; +- if (bn2crparam(rsa->dmp1, &kop.crk_param[3])) +- goto err; +- if (bn2crparam(rsa->dmq1, &kop.crk_param[4])) +- goto err; +- if (bn2crparam(rsa->iqmp, &kop.crk_param[5])) +- goto err; ++ kop.crk_param[0].crp_p = p; ++ kop.crk_param[0].crp_nbits = p_len * 8; ++ kop.crk_param[1].crp_p = q; ++ kop.crk_param[1].crp_nbits = q_len * 8; ++ kop.crk_param[2].crp_p = f; ++ kop.crk_param[2].crp_nbits = f_len * 8; ++ kop.crk_param[3].crp_p = dp; ++ kop.crk_param[3].crp_nbits = p_len * 8; ++ /* dq must of length q, rest all of length p*/ ++ kop.crk_param[4].crp_p = dq; ++ kop.crk_param[4].crp_nbits = q_len * 8; ++ kop.crk_param[5].crp_p = c; ++ kop.crk_param[5].crp_nbits = p_len * 8; + kop.crk_iparams = 6; + + if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) { +@@ -1350,90 +1462,117 @@ static RSA_METHOD cryptodev_rsa = { + NULL /* rsa_verify */ + }; + +-static int +-cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) +-{ +- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); +-} +- +-static int +-cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, +- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, +- BN_CTX *ctx, BN_MONT_CTX *mont) ++static DSA_SIG * ++cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) + { +- BIGNUM t2; +- int ret = 0; +- +- BN_init(&t2); +- +- /* v = ( g^u1 * y^u2 mod p ) mod q */ +- /* let t1 = g ^ u1 mod p */ +- ret = 0; ++ struct crypt_kop kop; ++ BIGNUM *c = NULL, *d = NULL; ++ DSA_SIG *dsaret = NULL; ++ int q_len = 0, r_len = 0, g_len = 0; ++ int priv_key_len = 0, ret; ++ unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f = NULL; + +- if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont)) ++ memset(&kop, 0, sizeof kop); ++ if ((c = BN_new()) == NULL) { ++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; ++ } + +- /* let t2 = y ^ u2 mod p */ +- if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont)) ++ if ((d = BN_new()) == NULL) { ++ BN_free(c); ++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; +- /* let u1 = t1 * t2 mod p */ +- if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx)) ++ } ++ ++ if (spcf_bn2bin(dsa->p, &q, &q_len)) { ++ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + goto err; ++ } + +- BN_copy(t1,u1); ++ /* Get order of the field of private keys into plain buffer */ ++ if (spcf_bn2bin (dsa->q, &r, &r_len)) { ++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } + +- ret = 1; +-err: +- BN_free(&t2); +- return(ret); +-} ++ /* sanity test */ ++ if (dlen > r_len) { ++ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); ++ goto err; ++ } + +-static DSA_SIG * +-cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) +-{ +- struct crypt_kop kop; +- BIGNUM *r = NULL, *s = NULL; +- DSA_SIG *dsaret = NULL; ++ g_len = q_len; ++ /** ++ * Get generator into a plain buffer. If length is less than ++ * q_len then add leading padding bytes. ++ */ ++ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { ++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } + +- if ((r = BN_new()) == NULL) ++ priv_key_len = r_len; ++ /** ++ * Get private key into a plain buffer. If length is less than ++ * r_len then add leading padding bytes. ++ */ ++ if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) { ++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; +- if ((s = BN_new()) == NULL) { +- BN_free(r); ++ } ++ ++ /* Allocate memory to store hash. */ ++ f = OPENSSL_malloc (r_len); ++ if (!f) { ++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + +- memset(&kop, 0, sizeof kop); ++ /* Add padding, since SEC expects hash to of size r_len */ ++ if (dlen < r_len) ++ memset(f, 0, r_len - dlen); ++ ++ /* Skip leading bytes if dgst_len < r_len */ ++ memcpy(f + r_len - dlen, dgst, dlen); ++ + kop.crk_op = CRK_DSA_SIGN; + + /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ +- kop.crk_param[0].crp_p = (caddr_t)dgst; +- kop.crk_param[0].crp_nbits = dlen * 8; +- if (bn2crparam(dsa->p, &kop.crk_param[1])) +- goto err; +- if (bn2crparam(dsa->q, &kop.crk_param[2])) +- goto err; +- if (bn2crparam(dsa->g, &kop.crk_param[3])) +- goto err; +- if (bn2crparam(dsa->priv_key, &kop.crk_param[4])) +- goto err; ++ kop.crk_param[0].crp_p = (void*)f; ++ kop.crk_param[0].crp_nbits = r_len * 8; ++ kop.crk_param[1].crp_p = (void*)q; ++ kop.crk_param[1].crp_nbits = q_len * 8; ++ kop.crk_param[2].crp_p = (void*)r; ++ kop.crk_param[2].crp_nbits = r_len * 8; ++ kop.crk_param[3].crp_p = (void*)g; ++ kop.crk_param[3].crp_nbits = g_len * 8; ++ kop.crk_param[4].crp_p = (void*)priv_key; ++ kop.crk_param[4].crp_nbits = priv_key_len * 8; + kop.crk_iparams = 5; + +- if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r, +- BN_num_bytes(dsa->q), s) == 0) { +- dsaret = DSA_SIG_new(); +- dsaret->r = r; +- dsaret->s = s; +- } else { +- const DSA_METHOD *meth = DSA_OpenSSL(); +- BN_free(r); +- BN_free(s); +- dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa); ++ ret = cryptodev_asym(&kop, r_len, c, r_len, d); ++ ++ if (ret) { ++ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DECODE_ERROR); ++ goto err; + } +-err: +- kop.crk_param[0].crp_p = NULL; ++ ++ dsaret = DSA_SIG_new(); ++ dsaret->r = c; ++ dsaret->s = d; ++ + zapparams(&kop); + return (dsaret); ++err: ++ { ++ const DSA_METHOD *meth = DSA_OpenSSL(); ++ if (c) ++ BN_free(c); ++ if (d) ++ BN_free(d); ++ dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa); ++ return (dsaret); ++ } + } + + static int +@@ -1441,42 +1580,179 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen, + DSA_SIG *sig, DSA *dsa) + { + struct crypt_kop kop; +- int dsaret = 1; ++ int dsaret = 1, q_len = 0, r_len = 0, g_len = 0; ++ int w_len = 0 ,c_len = 0, d_len = 0, ret = -1; ++ unsigned char * q = NULL, * r = NULL, * w = NULL, * g = NULL; ++ unsigned char * c = NULL, * d = NULL, *f = NULL; + + memset(&kop, 0, sizeof kop); + kop.crk_op = CRK_DSA_VERIFY; + +- /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ +- kop.crk_param[0].crp_p = (caddr_t)dgst; +- kop.crk_param[0].crp_nbits = dlen * 8; +- if (bn2crparam(dsa->p, &kop.crk_param[1])) ++ if (spcf_bn2bin(dsa->p, &q, &q_len)) { ++ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ return ret; ++ } ++ ++ /* Get Order of field of private keys */ ++ if (spcf_bn2bin(dsa->q, &r, &r_len)) { ++ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; +- if (bn2crparam(dsa->q, &kop.crk_param[2])) ++ } ++ ++ g_len = q_len; ++ /** ++ * Get generator into a plain buffer. If length is less than ++ * q_len then add leading padding bytes. ++ */ ++ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { ++ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; +- if (bn2crparam(dsa->g, &kop.crk_param[3])) ++ } ++ w_len = q_len; ++ /** ++ * Get public key into a plain buffer. If length is less than ++ * q_len then add leading padding bytes. ++ */ ++ if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) { ++ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ /** ++ * Get the 1st part of signature into a flat buffer with ++ * appropriate padding ++ */ ++ c_len = r_len; ++ ++ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; +- if (bn2crparam(dsa->pub_key, &kop.crk_param[4])) ++ } ++ ++ /** ++ * Get the 2nd part of signature into a flat buffer with ++ * appropriate padding ++ */ ++ d_len = r_len; ++ ++ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; +- if (bn2crparam(sig->r, &kop.crk_param[5])) ++ } ++ ++ ++ /* Sanity test */ ++ if (dlen > r_len) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; +- if (bn2crparam(sig->s, &kop.crk_param[6])) ++ } ++ ++ /* Allocate memory to store hash. */ ++ f = OPENSSL_malloc (r_len); ++ if (!f) { ++ DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; ++ } ++ ++ /* Add padding, since SEC expects hash to of size r_len */ ++ if (dlen < r_len) ++ memset(f, 0, r_len - dlen); ++ ++ /* Skip leading bytes if dgst_len < r_len */ ++ memcpy(f + r_len - dlen, dgst, dlen); ++ ++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ ++ kop.crk_param[0].crp_p = (void*)f; ++ kop.crk_param[0].crp_nbits = r_len * 8; ++ kop.crk_param[1].crp_p = q; ++ kop.crk_param[1].crp_nbits = q_len * 8; ++ kop.crk_param[2].crp_p = r; ++ kop.crk_param[2].crp_nbits = r_len * 8; ++ kop.crk_param[3].crp_p = g; ++ kop.crk_param[3].crp_nbits = g_len * 8; ++ kop.crk_param[4].crp_p = w; ++ kop.crk_param[4].crp_nbits = w_len * 8; ++ kop.crk_param[5].crp_p = c; ++ kop.crk_param[5].crp_nbits = c_len * 8; ++ kop.crk_param[6].crp_p = d; ++ kop.crk_param[6].crp_nbits = d_len * 8; + kop.crk_iparams = 7; + +- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { +-/*OCF success value is 0, if not zero, change dsaret to fail*/ +- if(0 != kop.crk_status) dsaret = 0; +- } else { +- const DSA_METHOD *meth = DSA_OpenSSL(); ++ if ((cryptodev_asym(&kop, 0, NULL, 0, NULL))) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR); ++ goto err; ++ } + +- dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa); ++ /*OCF success value is 0, if not zero, change dsaret to fail*/ ++ if(0 != kop.crk_status) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR); ++ goto err; + } +-err: +- kop.crk_param[0].crp_p = NULL; ++ + zapparams(&kop); + return (dsaret); ++err: ++ { ++ const DSA_METHOD *meth = DSA_OpenSSL(); ++ ++ dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa); ++ } ++ return dsaret; + } + ++/* Cryptodev DSA Key Gen routine */ ++static int cryptodev_dsa_keygen(DSA *dsa) ++{ ++ struct crypt_kop kop; ++ int ret = 1, g_len; ++ unsigned char *g = NULL; ++ ++ if (dsa->priv_key == NULL) { ++ if ((dsa->priv_key=BN_new()) == NULL) ++ goto sw_try; ++ } ++ ++ if (dsa->pub_key == NULL) { ++ if ((dsa->pub_key=BN_new()) == NULL) ++ goto sw_try; ++ } ++ ++ g_len = BN_num_bytes(dsa->p); ++ /** ++ * Get generator into a plain buffer. If length is less than ++ * p_len then add leading padding bytes. ++ */ ++ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { ++ DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE); ++ goto sw_try; ++ } ++ ++ memset(&kop, 0, sizeof kop); ++ ++ kop.crk_op = CRK_DSA_GENERATE_KEY; ++ if (bn2crparam(dsa->p, &kop.crk_param[0])) ++ goto sw_try; ++ if (bn2crparam(dsa->q, &kop.crk_param[1])) ++ goto sw_try; ++ kop.crk_param[2].crp_p = g; ++ kop.crk_param[2].crp_nbits = g_len * 8; ++ kop.crk_iparams = 3; ++ ++ /* pub_key is or prime length while priv key is of length of order */ ++ if (cryptodev_asym(&kop, BN_num_bytes(dsa->p), dsa->pub_key, ++ BN_num_bytes(dsa->q), dsa->priv_key)) ++ goto sw_try; ++ ++ return ret; ++sw_try: ++ { ++ const DSA_METHOD *meth = DSA_OpenSSL(); ++ ret = (meth->dsa_keygen)(dsa); ++ } ++ return ret; ++} ++ ++ ++ + static DSA_METHOD cryptodev_dsa = { + "cryptodev DSA method", + NULL, +@@ -1490,12 +1766,543 @@ static DSA_METHOD cryptodev_dsa = { + NULL /* app_data */ + }; + +-static int +-cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, +- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, +- BN_MONT_CTX *m_ctx) ++static ECDSA_METHOD cryptodev_ecdsa = { ++ "cryptodev ECDSA method", ++ NULL, ++ NULL, /* ecdsa_sign_setup */ ++ NULL, ++ NULL, ++ 0, /* flags */ ++ NULL /* app_data */ ++}; ++ ++typedef enum ec_curve_s ++{ ++ EC_PRIME, ++ EC_BINARY ++} ec_curve_t; ++ ++/* ENGINE handler for ECDSA Sign */ ++static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, ++ int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) + { +- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); ++ BIGNUM *m = NULL, *p = NULL, *a = NULL; ++ BIGNUM *b = NULL, *x = NULL, *y = NULL; ++ BN_CTX *ctx = NULL; ++ ECDSA_SIG *ret = NULL; ++ ECDSA_DATA *ecdsa = NULL; ++ unsigned char * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL; ++ unsigned char * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL; ++ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0; ++ int g_len = 0, d_len = 0, ab_len = 0; ++ const BIGNUM *order = NULL, *priv_key=NULL; ++ const EC_GROUP *group = NULL; ++ struct crypt_kop kop; ++ ec_curve_t ec_crv = EC_PRIME; ++ ++ memset(&kop, 0, sizeof(kop)); ++ ecdsa = ecdsa_check(eckey); ++ if (!ecdsa) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); ++ return NULL; ++ } ++ ++ group = EC_KEY_get0_group(eckey); ++ priv_key = EC_KEY_get0_private_key(eckey); ++ ++ if (!group || !priv_key) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); ++ return NULL; ++ } ++ ++ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || ++ (a = BN_new()) == NULL || (b = BN_new()) == NULL || ++ (p = BN_new()) == NULL || (x = BN_new()) == NULL || ++ (y = BN_new()) == NULL) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ order = &group->order; ++ if (!order || BN_is_zero(order)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS); ++ goto err; ++ } ++ ++ i = BN_num_bits(order); ++ /* Need to truncate digest if it is too long: first truncate whole ++ bytes */ ++ if (8 * dgst_len > i) ++ dgst_len = (i + 7)/8; ++ ++ if (!BN_bin2bn(dgst, dgst_len, m)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* If still too long truncate remaining bits with a shift */ ++ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* copy the truncated bits into plain buffer */ ++ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { ++ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__); ++ goto err; ++ } ++ ++ ret = ECDSA_SIG_new(); ++ if (!ret) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* check if this is prime or binary EC request */ ++ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { ++ ec_crv = EC_PRIME; ++ /* get the generator point pair */ ++ if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group), ++ x, y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* get the ECC curve parameters */ ++ if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ goto err; ++ } ++ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) { ++ ec_crv = EC_BINARY; ++ /* get the ECC curve parameters */ ++ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* get the generator point pair */ ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, ++ EC_GROUP_get0_generator(group), x, y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ goto err; ++ } ++ } else { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ if (spcf_bn2bin(order, &r, &r_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (spcf_bn2bin(p, &q, &q_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ priv_key_len = r_len; ++ ++ /** ++ * If BN_num_bytes of priv_key returns less then r_len then ++ * add padding bytes before the key ++ */ ++ if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Generation of ECC curve parameters */ ++ ab_len = 2*q_len; ++ ab = eng_copy_curve_points(a, b, ab_len, q_len); ++ if (!ab) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (ec_crv == EC_BINARY) { ++ if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len)) ++ { ++ unsigned char *c_temp = NULL; ++ int c_temp_len = q_len; ++ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) ++ memcpy(ab+q_len, c_temp, q_len); ++ else ++ goto err; ++ } ++ kop.curve_type = ECC_BINARY; ++ } ++ ++ /* Calculation of Generator point */ ++ g_len = 2*q_len; ++ g_xy = eng_copy_curve_points(x, y, g_len, q_len); ++ if (!g_xy) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Memory allocation for first part of digital signature */ ++ c = malloc(r_len); ++ if (!c) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ d_len = r_len; ++ ++ /* Memory allocation for second part of digital signature */ ++ d = malloc(d_len); ++ if (!d) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* memory for message representative */ ++ f = malloc(r_len); ++ if (!f) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Add padding, since SEC expects hash to of size r_len */ ++ memset(f, 0, r_len - dgst_len); ++ ++ /* Skip leading bytes if dgst_len < r_len */ ++ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len); ++ ++ dgst_len += r_len - dgst_len; ++ kop.crk_op = CRK_DSA_SIGN; ++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ ++ kop.crk_param[0].crp_p = f; ++ kop.crk_param[0].crp_nbits = dgst_len * 8; ++ kop.crk_param[1].crp_p = q; ++ kop.crk_param[1].crp_nbits = q_len * 8; ++ kop.crk_param[2].crp_p = r; ++ kop.crk_param[2].crp_nbits = r_len * 8; ++ kop.crk_param[3].crp_p = g_xy; ++ kop.crk_param[3].crp_nbits = g_len * 8; ++ kop.crk_param[4].crp_p = s; ++ kop.crk_param[4].crp_nbits = priv_key_len * 8; ++ kop.crk_param[5].crp_p = ab; ++ kop.crk_param[5].crp_nbits = ab_len * 8; ++ kop.crk_iparams = 6; ++ kop.crk_param[6].crp_p = c; ++ kop.crk_param[6].crp_nbits = d_len * 8; ++ kop.crk_param[7].crp_p = d; ++ kop.crk_param[7].crp_nbits = d_len * 8; ++ kop.crk_oparams = 2; ++ ++ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { ++ /* Check if ret->r and s needs to allocated */ ++ crparam2bn(&kop.crk_param[6], ret->r); ++ crparam2bn(&kop.crk_param[7], ret->s); ++ } else { ++ const ECDSA_METHOD *meth = ECDSA_OpenSSL(); ++ ret = (meth->ecdsa_do_sign)(dgst, dgst_len, in_kinv, in_r, eckey); ++ } ++ kop.crk_param[0].crp_p = NULL; ++ zapparams(&kop); ++err: ++ if (!ret) { ++ ECDSA_SIG_free(ret); ++ ret = NULL; ++ } ++ return ret; ++} ++ ++static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, ++ ECDSA_SIG *sig, EC_KEY *eckey) ++{ ++ BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL; ++ BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL; ++ BN_CTX *ctx = NULL; ++ ECDSA_DATA *ecdsa = NULL; ++ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy = NULL; ++ unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL; ++ int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0; ++ int d_len = 0, ab_len = 0, ret = -1; ++ const EC_POINT *pub_key = NULL; ++ const BIGNUM *order = NULL; ++ const EC_GROUP *group=NULL; ++ ec_curve_t ec_crv = EC_PRIME; ++ struct crypt_kop kop; ++ ++ memset(&kop, 0, sizeof kop); ++ ecdsa = ecdsa_check(eckey); ++ if (!ecdsa) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER); ++ return ret; ++ } ++ ++ group = EC_KEY_get0_group(eckey); ++ pub_key = EC_KEY_get0_public_key(eckey); ++ ++ if (!group || !pub_key) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER); ++ return ret; ++ } ++ ++ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || ++ (a = BN_new()) == NULL || (b = BN_new()) == NULL || ++ (p = BN_new()) == NULL || (x = BN_new()) == NULL || ++ (y = BN_new()) == NULL || (w_x = BN_new()) == NULL || ++ (w_y = BN_new()) == NULL) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ order = &group->order; ++ if (!order || BN_is_zero(order)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS); ++ goto err; ++ } ++ ++ i = BN_num_bits(order); ++ /* Need to truncate digest if it is too long: first truncate whole ++ * bytes */ ++ if (8 * dgst_len > i) ++ dgst_len = (i + 7)/8; ++ ++ if (!BN_bin2bn(dgst, dgst_len, m)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* If still too long truncate remaining bits with a shift */ ++ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); ++ goto err; ++ } ++ /* copy the truncated bits into plain buffer */ ++ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* check if this is prime or binary EC request */ ++ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { ++ ec_crv = EC_PRIME; ++ ++ /* get the generator point pair */ ++ if (!EC_POINT_get_affine_coordinates_GFp (group, ++ EC_GROUP_get0_generator(group), x, y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* get the public key pair for prime curve */ ++ if (!EC_POINT_get_affine_coordinates_GFp (group, ++ pub_key, w_x, w_y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* get the ECC curve parameters */ ++ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field){ ++ ec_crv = EC_BINARY; ++ /* get the ECC curve parameters */ ++ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* get the generator point pair */ ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, ++ EC_GROUP_get0_generator(group),x, y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* get the public key pair for binary curve */ ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, ++ pub_key, w_x, w_y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ }else { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* Get the order of the subgroup of private keys */ ++ if (spcf_bn2bin((BIGNUM*)order, &r, &r_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Get the irreducible polynomial that creates the field */ ++ if (spcf_bn2bin(p, &q, &q_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Get the public key into a flat buffer with appropriate padding */ ++ pub_key_len = 2 * q_len; ++ ++ w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len); ++ if (!w_xy) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Generation of ECC curve parameters */ ++ ab_len = 2*q_len; ++ ++ ab = eng_copy_curve_points (a, b, ab_len, q_len); ++ if (!ab) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (ec_crv == EC_BINARY) { ++ /* copy b' i.e c(b), instead of only b */ ++ if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len)) ++ { ++ unsigned char *c_temp = NULL; ++ int c_temp_len = q_len; ++ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) ++ memcpy(ab+q_len, c_temp, q_len); ++ else ++ goto err; ++ } ++ kop.curve_type = ECC_BINARY; ++ } ++ ++ /* Calculation of Generator point */ ++ g_len = 2 * q_len; ++ ++ g_xy = eng_copy_curve_points (x, y, g_len, q_len); ++ if (!g_xy) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /** ++ * Get the 1st part of signature into a flat buffer with ++ * appropriate padding ++ */ ++ if (BN_num_bytes(sig->r) < r_len) ++ c_len = r_len; ++ ++ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /** ++ * Get the 2nd part of signature into a flat buffer with ++ * appropriate padding ++ */ ++ if (BN_num_bytes(sig->s) < r_len) ++ d_len = r_len; ++ ++ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* memory for message representative */ ++ f = malloc(r_len); ++ if (!f) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Add padding, since SEC expects hash to of size r_len */ ++ memset(f, 0, r_len-dgst_len); ++ ++ /* Skip leading bytes if dgst_len < r_len */ ++ memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len); ++ dgst_len += r_len-dgst_len; ++ kop.crk_op = CRK_DSA_VERIFY; ++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ ++ kop.crk_param[0].crp_p = f; ++ kop.crk_param[0].crp_nbits = dgst_len * 8; ++ kop.crk_param[1].crp_p = q; ++ kop.crk_param[1].crp_nbits = q_len * 8; ++ kop.crk_param[2].crp_p = r; ++ kop.crk_param[2].crp_nbits = r_len * 8; ++ kop.crk_param[3].crp_p = g_xy; ++ kop.crk_param[3].crp_nbits = g_len * 8; ++ kop.crk_param[4].crp_p = w_xy; ++ kop.crk_param[4].crp_nbits = pub_key_len * 8; ++ kop.crk_param[5].crp_p = ab; ++ kop.crk_param[5].crp_nbits = ab_len * 8; ++ kop.crk_param[6].crp_p = c; ++ kop.crk_param[6].crp_nbits = d_len * 8; ++ kop.crk_param[7].crp_p = d; ++ kop.crk_param[7].crp_nbits = d_len * 8; ++ kop.crk_iparams = 8; ++ ++ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { ++ /*OCF success value is 0, if not zero, change ret to fail*/ ++ if(0 == kop.crk_status) ++ ret = 1; ++ } else { ++ const ECDSA_METHOD *meth = ECDSA_OpenSSL(); ++ ++ ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey); ++ } ++ kop.crk_param[0].crp_p = NULL; ++ zapparams(&kop); ++ ++err: ++ return ret; ++} ++ ++static int cryptodev_dh_keygen(DH *dh) ++{ ++ struct crypt_kop kop; ++ int ret = 1, g_len; ++ unsigned char *g = NULL; ++ ++ if (dh->priv_key == NULL) { ++ if ((dh->priv_key=BN_new()) == NULL) ++ goto sw_try; ++ } ++ ++ if (dh->pub_key == NULL) { ++ if ((dh->pub_key=BN_new()) == NULL) ++ goto sw_try; ++ } ++ ++ g_len = BN_num_bytes(dh->p); ++ /** ++ * Get generator into a plain buffer. If length is less than ++ * q_len then add leading padding bytes. ++ */ ++ if (spcf_bn2bin_ex(dh->g, &g, &g_len)) { ++ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); ++ goto sw_try; ++ } ++ ++ memset(&kop, 0, sizeof kop); ++ kop.crk_op = CRK_DH_GENERATE_KEY; ++ if (bn2crparam(dh->p, &kop.crk_param[0])) ++ goto sw_try; ++ if (bn2crparam(dh->q, &kop.crk_param[1])) ++ goto sw_try; ++ kop.crk_param[2].crp_p = g; ++ kop.crk_param[2].crp_nbits = g_len * 8; ++ kop.crk_iparams = 3; ++ ++ /* pub_key is or prime length while priv key is of length of order */ ++ if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key, ++ BN_num_bytes(dh->q), dh->priv_key)) ++ goto sw_try; ++ ++ return ret; ++sw_try: ++ { ++ const DH_METHOD *meth = DH_OpenSSL(); ++ ret = (meth->generate_key)(dh); ++ } ++ return ret; + } + + static int +@@ -1503,43 +2310,234 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) + { + struct crypt_kop kop; + int dhret = 1; +- int fd, keylen; ++ int fd, p_len; ++ BIGNUM *temp = NULL; ++ unsigned char *padded_pub_key = NULL, *p = NULL; ++ ++ if ((fd = get_asym_dev_crypto()) < 0) ++ goto sw_try; ++ ++ memset(&kop, 0, sizeof kop); ++ kop.crk_op = CRK_DH_COMPUTE_KEY; ++ /* inputs: dh->priv_key pub_key dh->p key */ ++ spcf_bn2bin(dh->p, &p, &p_len); ++ spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len); ++ if (bn2crparam(dh->priv_key, &kop.crk_param[0])) ++ goto sw_try; ++ ++ kop.crk_param[1].crp_p = padded_pub_key; ++ kop.crk_param[1].crp_nbits = p_len * 8; ++ kop.crk_param[2].crp_p = p; ++ kop.crk_param[2].crp_nbits = p_len * 8; ++ kop.crk_iparams = 3; ++ kop.crk_param[3].crp_p = (void*) key; ++ kop.crk_param[3].crp_nbits = p_len * 8; ++ kop.crk_oparams = 1; ++ dhret = p_len; ++ ++ if (ioctl(fd, CIOCKEY, &kop)) ++ goto sw_try; + +- if ((fd = get_asym_dev_crypto()) < 0) { ++ if ((temp = BN_new())) { ++ if (!BN_bin2bn(key, p_len, temp)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ goto sw_try; ++ } ++ if (dhret > BN_num_bytes(temp)) ++ dhret=BN_bn2bin(temp,key); ++ BN_free(temp); ++ } ++ ++ kop.crk_param[3].crp_p = NULL; ++ zapparams(&kop); ++ return (dhret); ++sw_try: ++ { + const DH_METHOD *meth = DH_OpenSSL(); + +- return ((meth->compute_key)(key, pub_key, dh)); ++ dhret = (meth->compute_key)(key, pub_key, dh); + } ++ return (dhret); ++} + +- keylen = BN_num_bits(dh->p); ++int cryptodev_ecdh_compute_key(void *out, size_t outlen, ++ const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, ++ void *out, size_t *outlen)) ++{ ++ ec_curve_t ec_crv = EC_PRIME; ++ unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; ++ BIGNUM * w_x = NULL, *w_y = NULL; ++ int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; ++ BIGNUM * p = NULL, *a = NULL, *b = NULL; ++ BN_CTX *ctx; ++ EC_POINT *tmp=NULL; ++ BIGNUM *x=NULL, *y=NULL; ++ const BIGNUM *priv_key; ++ const EC_GROUP* group = NULL; ++ int ret = -1; ++ size_t buflen, len; ++ struct crypt_kop kop; + + memset(&kop, 0, sizeof kop); +- kop.crk_op = CRK_DH_COMPUTE_KEY; + +- /* inputs: dh->priv_key pub_key dh->p key */ +- if (bn2crparam(dh->priv_key, &kop.crk_param[0])) ++ if ((ctx = BN_CTX_new()) == NULL) goto err; ++ BN_CTX_start(ctx); ++ x = BN_CTX_get(ctx); ++ y = BN_CTX_get(ctx); ++ p = BN_CTX_get(ctx); ++ a = BN_CTX_get(ctx); ++ b = BN_CTX_get(ctx); ++ w_x = BN_CTX_get(ctx); ++ w_y = BN_CTX_get(ctx); ++ ++ if (!x || !y || !p || !a || !b || !w_x || !w_y) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); + goto err; +- if (bn2crparam(pub_key, &kop.crk_param[1])) ++ } ++ ++ priv_key = EC_KEY_get0_private_key(ecdh); ++ if (priv_key == NULL) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE); + goto err; +- if (bn2crparam(dh->p, &kop.crk_param[2])) ++ } ++ ++ group = EC_KEY_get0_group(ecdh); ++ if ((tmp=EC_POINT_new(group)) == NULL) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); + goto err; +- kop.crk_iparams = 3; ++ } + +- kop.crk_param[3].crp_p = (caddr_t) key; +- kop.crk_param[3].crp_nbits = keylen * 8; +- kop.crk_oparams = 1; ++ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == ++ NID_X9_62_prime_field) { ++ ec_crv = EC_PRIME; + +- if (ioctl(fd, CIOCKEY, &kop) == -1) { +- const DH_METHOD *meth = DH_OpenSSL(); ++ if (!EC_POINT_get_affine_coordinates_GFp(group, ++ EC_GROUP_get0_generator(group), x, y, ctx)) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); ++ goto err; ++ } + +- dhret = (meth->compute_key)(key, pub_key, dh); ++ /* get the ECC curve parameters */ ++ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* get the public key pair for prime curve */ ++ if (!EC_POINT_get_affine_coordinates_GFp (group, pub_key, w_x, w_y,ctx)) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); ++ goto err; ++ } ++ } else { ++ ec_crv = EC_BINARY; ++ ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, ++ EC_GROUP_get0_generator(group), x, y, ctx)) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); ++ goto err; ++ } ++ ++ /* get the ECC curve parameters */ ++ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* get the public key pair for binary curve */ ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, ++ pub_key, w_x, w_y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ goto err; ++ } ++ } ++ ++ /* irreducible polynomial that creates the field */ ++ if (spcf_bn2bin((BIGNUM*)&group->order, &r, &r_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Get the irreducible polynomial that creates the field */ ++ if (spcf_bn2bin(p, &q, &q_len)) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); ++ goto err; + } ++ ++ /* Get the public key into a flat buffer with appropriate padding */ ++ pub_key_len = 2 * q_len; ++ w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len); ++ if (!w_xy) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Generation of ECC curve parameters */ ++ ab_len = 2*q_len; ++ ab = eng_copy_curve_points (a, b, ab_len, q_len); ++ if (!ab) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ if (ec_crv == EC_BINARY) { ++ /* copy b' i.e c(b), instead of only b */ ++ if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len)) ++ { ++ unsigned char *c_temp = NULL; ++ int c_temp_len = q_len; ++ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) ++ memcpy(ab+q_len, c_temp, q_len); ++ else ++ goto err; ++ } ++ kop.curve_type = ECC_BINARY; ++ } else ++ kop.curve_type = ECC_PRIME; ++ ++ priv_key_len = r_len; ++ ++ /* ++ * If BN_num_bytes of priv_key returns less then r_len then ++ * add padding bytes before the key ++ */ ++ if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ buflen = (EC_GROUP_get_degree(group) + 7)/8; ++ len = BN_num_bytes(x); ++ if (len > buflen || q_len < buflen) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ kop.crk_op = CRK_DH_COMPUTE_KEY; ++ kop.crk_param[0].crp_p = (void*) s; ++ kop.crk_param[0].crp_nbits = priv_key_len*8; ++ kop.crk_param[1].crp_p = (void*) w_xy; ++ kop.crk_param[1].crp_nbits = pub_key_len*8; ++ kop.crk_param[2].crp_p = (void*) q; ++ kop.crk_param[2].crp_nbits = q_len*8; ++ kop.crk_param[3].crp_p = (void*) ab; ++ kop.crk_param[3].crp_nbits = ab_len*8; ++ kop.crk_iparams = 4; ++ kop.crk_param[4].crp_p = (void*) out; ++ kop.crk_param[4].crp_nbits = q_len*8; ++ kop.crk_oparams = 1; ++ ret = q_len; ++ if (cryptodev_asym(&kop, 0, NULL, 0, NULL)) { ++ const ECDH_METHOD *meth = ECDH_OpenSSL(); ++ ret = (meth->compute_key)(out, outlen, pub_key, ecdh, KDF); ++ } else ++ ret = q_len; + err: +- kop.crk_param[3].crp_p = NULL; ++ kop.crk_param[4].crp_p = NULL; + zapparams(&kop); +- return (dhret); ++ return ret; + } + ++ + static DH_METHOD cryptodev_dh = { + "cryptodev DH method", + NULL, /* cryptodev_dh_generate_key */ +@@ -1551,6 +2549,14 @@ static DH_METHOD cryptodev_dh = { + NULL /* app_data */ + }; + ++static ECDH_METHOD cryptodev_ecdh = { ++ "cryptodev ECDH method", ++ NULL, /* cryptodev_ecdh_compute_key */ ++ NULL, ++ 0, /* flags */ ++ NULL /* app_data */ ++}; ++ + /* + * ctrl right now is just a wrapper that doesn't do much + * but I expect we'll want some options soon. +@@ -1634,25 +2640,42 @@ ENGINE_load_cryptodev(void) + memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); + if (cryptodev_asymfeat & CRF_DSA_SIGN) + cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; +- if (cryptodev_asymfeat & CRF_MOD_EXP) { +- cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp; +- cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp; +- } + if (cryptodev_asymfeat & CRF_DSA_VERIFY) + cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; ++ if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) ++ cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen; + } + + if (ENGINE_set_DH(engine, &cryptodev_dh)){ + const DH_METHOD *dh_meth = DH_OpenSSL(); ++ memcpy(&cryptodev_dh, dh_meth, sizeof(DH_METHOD)); ++ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { ++ cryptodev_dh.compute_key = ++ cryptodev_dh_compute_key; ++ } ++ if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) { ++ cryptodev_dh.generate_key = ++ cryptodev_dh_keygen; ++ } ++ } + +- cryptodev_dh.generate_key = dh_meth->generate_key; +- cryptodev_dh.compute_key = dh_meth->compute_key; +- cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp; +- if (cryptodev_asymfeat & CRF_MOD_EXP) { +- cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh; +- if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) +- cryptodev_dh.compute_key = +- cryptodev_dh_compute_key; ++ if (ENGINE_set_ECDSA(engine, &cryptodev_ecdsa)) { ++ const ECDSA_METHOD *meth = ECDSA_OpenSSL(); ++ memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD)); ++ if (cryptodev_asymfeat & CRF_DSA_SIGN) { ++ cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign; ++ } ++ if (cryptodev_asymfeat & CRF_DSA_VERIFY) { ++ cryptodev_ecdsa.ecdsa_do_verify = ++ cryptodev_ecdsa_verify; ++ } ++ } ++ ++ if (ENGINE_set_ECDH(engine, &cryptodev_ecdh)) { ++ const ECDH_METHOD *ecdh_meth = ECDH_OpenSSL(); ++ memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD)); ++ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { ++ cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key; + } + } + +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch new file mode 100644 index 00000000..6a69c324 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch @@ -0,0 +1,28 @@ +From 81c4c62a4f5f5542843381bfb34e39a6171d5cdd Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta <yashpal.dutta@freescale.com> +Date: Tue, 11 Mar 2014 06:42:59 +0545 +Subject: [PATCH 09/17] Added hwrng dev file as source of RNG + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> +--- + e_os.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/e_os.h b/e_os.h +index 6a0aad1..57c0563 100644 +--- a/e_os.h ++++ b/e_os.h +@@ -79,7 +79,7 @@ extern "C" { + #ifndef DEVRANDOM + /* set this to a comma-separated list of 'random' device files to try out. + * My default, we will try to read at least one of these files */ +-#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom" ++#define DEVRANDOM "/dev/hwrng","/dev/urandom","/dev/random","/dev/srandom" + #endif + #ifndef DEVRANDOM_EGD + /* set this to a comma-seperated list of 'egd' sockets to try out. These +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch new file mode 100644 index 00000000..b7702d10 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch @@ -0,0 +1,2039 @@ +From a933e6341fd8989bdd82f8a5446b6f04aa00eef9 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta <yashpal.dutta@freescale.com> +Date: Tue, 11 Mar 2014 07:14:30 +0545 +Subject: [PATCH 10/17] Asynchronous interface added for PKC cryptodev + interface + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> +--- + crypto/crypto.h | 16 + + crypto/dh/dh.h | 4 +- + crypto/dsa/dsa.h | 5 + + crypto/ecdh/ech_locl.h | 3 + + crypto/ecdsa/ecs_locl.h | 5 + + crypto/engine/eng_cryptodev.c | 1578 +++++++++++++++++++++++++++++++++++++---- + crypto/engine/eng_int.h | 24 +- + crypto/engine/eng_lib.c | 46 ++ + crypto/engine/engine.h | 24 + + crypto/rsa/rsa.h | 23 + + 10 files changed, 1582 insertions(+), 146 deletions(-) + +diff --git a/crypto/crypto.h b/crypto/crypto.h +index f92fc51..ce12731 100644 +--- a/crypto/crypto.h ++++ b/crypto/crypto.h +@@ -605,6 +605,22 @@ void ERR_load_CRYPTO_strings(void); + #define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101 + #define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100 + ++/* Additions for Asynchronous PKC Infrastructure */ ++struct pkc_cookie_s { ++ void *cookie; /* To be filled by openssl library primitive method function caller */ ++ void *eng_cookie; /* To be filled by Engine */ ++ /* ++ * Callback handler to be provided by caller. Ensure to pass a ++ * handler which takes the crypto operation to completion. ++ * cookie: Container cookie from library ++ * status: Status of the crypto Job completion. ++ * 0: Job handled without any issue ++ * -EINVAL: Parameters Invalid ++ */ ++ void (*pkc_callback)(struct pkc_cookie_s *cookie, int status); ++ void *eng_handle; ++}; ++ + #ifdef __cplusplus + } + #endif +diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h +index ea59e61..20ffad2 100644 +--- a/crypto/dh/dh.h ++++ b/crypto/dh/dh.h +@@ -118,7 +118,9 @@ struct dh_method + int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a, + const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); /* Can be null */ +- ++ int (*compute_key_async)(unsigned char *key,const BIGNUM *pub_key,DH *dh, ++ struct pkc_cookie_s *cookie); ++ int (*generate_key_async)(DH *dh, struct pkc_cookie_s *cookie); + int (*init)(DH *dh); + int (*finish)(DH *dh); + int flags; +diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h +index a6f6d0b..b04a029 100644 +--- a/crypto/dsa/dsa.h ++++ b/crypto/dsa/dsa.h +@@ -140,6 +140,10 @@ struct dsa_method + int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); /* Can be null */ ++ int (*dsa_do_sign_async)(const unsigned char *dgst, int dlen, DSA *dsa, ++ DSA_SIG *sig, struct pkc_cookie_s *cookie); ++ int (*dsa_do_verify_async)(const unsigned char *dgst, int dgst_len, ++ DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie); + int (*init)(DSA *dsa); + int (*finish)(DSA *dsa); + int flags; +@@ -151,6 +155,7 @@ struct dsa_method + BN_GENCB *cb); + /* If this is non-NULL, it is used to generate DSA keys */ + int (*dsa_keygen)(DSA *dsa); ++ int (*dsa_keygen_async)(DSA *dsa, struct pkc_cookie_s *cookie); + }; + + struct dsa_st +diff --git a/crypto/ecdh/ech_locl.h b/crypto/ecdh/ech_locl.h +index f6cad6a..adce6b3 100644 +--- a/crypto/ecdh/ech_locl.h ++++ b/crypto/ecdh/ech_locl.h +@@ -67,6 +67,9 @@ struct ecdh_method + const char *name; + int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); ++ int (*compute_key_async)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, ++ void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen), ++ struct pkc_cookie_s *cookie); + #if 0 + int (*init)(EC_KEY *eckey); + int (*finish)(EC_KEY *eckey); +diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h +index cb3be13..eb0ebe0 100644 +--- a/crypto/ecdsa/ecs_locl.h ++++ b/crypto/ecdsa/ecs_locl.h +@@ -74,6 +74,11 @@ struct ecdsa_method + BIGNUM **r); + int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey); ++ int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len, ++ const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey, ++ ECDSA_SIG *sig, struct pkc_cookie_s *cookie); ++ int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len, ++ const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie); + #if 0 + int (*init)(EC_KEY *eckey); + int (*finish)(EC_KEY *eckey); +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index 7ee314b..9f2416e 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -1281,6 +1281,56 @@ zapparams(struct crypt_kop *kop) + } + } + ++/* Any PKC request has at max 2 output parameters and they are stored here to ++be used while copying in the check availability */ ++struct cryptodev_cookie_s { ++ BIGNUM *r; ++ struct crparam r_param; ++ BIGNUM *s; ++ struct crparam s_param; ++ struct crypt_kop *kop; ++}; ++ ++static int ++cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, ++ BIGNUM *s) ++{ ++ int fd; ++ struct pkc_cookie_s *cookie = kop->cookie; ++ struct cryptodev_cookie_s *eng_cookie; ++ ++ fd = *(int *)cookie->eng_handle; ++ ++ eng_cookie = malloc(sizeof(struct cryptodev_cookie_s)); ++ ++ if (eng_cookie) { ++ memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s)); ++ if (r) { ++ kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); ++ if (!kop->crk_param[kop->crk_iparams].crp_p) ++ return -ENOMEM; ++ kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; ++ kop->crk_oparams++; ++ eng_cookie->r = r; ++ eng_cookie->r_param = kop->crk_param[kop->crk_iparams]; ++ } ++ if (s) { ++ kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char)); ++ if (!kop->crk_param[kop->crk_iparams+1].crp_p) ++ return -ENOMEM; ++ kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8; ++ kop->crk_oparams++; ++ eng_cookie->s = s; ++ eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1]; ++ } ++ } else ++ return -ENOMEM; ++ ++ eng_cookie->kop = kop; ++ cookie->eng_cookie = eng_cookie; ++ return ioctl(fd, CIOCASYMASYNCRYPT, kop); ++} ++ + static int + cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) + { +@@ -1337,6 +1387,44 @@ void *cryptodev_init_instance(void) + return fd; + } + ++#include <poll.h> ++ ++/* Return 0 on success and 1 on failure */ ++int cryptodev_check_availability(void *eng_handle) ++{ ++ int fd = *(int *)eng_handle; ++ struct pkc_cookie_list_s cookie_list; ++ struct pkc_cookie_s *cookie; ++ int i; ++ ++ /* FETCH COOKIE returns number of cookies extracted */ ++ if (ioctl(fd, CIOCASYMFETCHCOOKIE, &cookie_list) <= 0) ++ return 1; ++ ++ for (i = 0; i < cookie_list.cookie_available; i++) { ++ cookie = cookie_list.cookie[i]; ++ if (cookie) { ++ struct cryptodev_cookie_s *eng_cookie = cookie->eng_cookie; ++ if (eng_cookie) { ++ struct crypt_kop *kop = eng_cookie->kop; ++ ++ if (eng_cookie->r) ++ crparam2bn(&eng_cookie->r_param, eng_cookie->r); ++ if (eng_cookie->s) ++ crparam2bn(&eng_cookie->s_param, eng_cookie->s); ++ if (kop->crk_op == CRK_DH_COMPUTE_KEY) ++ kop->crk_oparams = 0; ++ ++ zapparams(eng_cookie->kop); ++ free(eng_cookie->kop); ++ free (eng_cookie); ++ } ++ cookie->pkc_callback(cookie, cookie_list.status[i]); ++ } ++ } ++ return 0; ++} ++ + static int + cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) +@@ -1382,6 +1470,63 @@ err: + } + + static int ++cryptodev_bn_mod_exp_async(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont, struct pkc_cookie_s *cookie) ++{ ++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); ++ int ret = 1; ++ ++ /* Currently, we know we can do mod exp iff we can do any ++ * asymmetric operations at all. ++ */ ++ if (cryptodev_asymfeat == 0 || !kop) { ++ ret = BN_mod_exp(r, a, p, m, ctx); ++ return (ret); ++ } ++ ++ kop->crk_oparams = 0; ++ kop->crk_status = 0; ++ kop->crk_op = CRK_MOD_EXP; ++ kop->cookie = cookie; ++ /* inputs: a^p % m */ ++ if (bn2crparam(a, &kop->crk_param[0])) ++ goto err; ++ if (bn2crparam(p, &kop->crk_param[1])) ++ goto err; ++ if (bn2crparam(m, &kop->crk_param[2])) ++ goto err; ++ ++ kop->crk_iparams = 3; ++ if (cryptodev_asym_async(kop, BN_num_bytes(m), r, 0, NULL)) ++ goto err; ++ ++ return ret; ++err: ++ { ++ const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); ++ ++ if (kop) ++ free(kop); ++ ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); ++ if (ret) ++ /* Call the completion handler immediately */ ++ cookie->pkc_callback(cookie, 0); ++ } ++ return ret; ++} ++ ++static int ++cryptodev_rsa_nocrt_mod_exp_async(BIGNUM *r0, const BIGNUM *I, ++ RSA *rsa, BN_CTX *ctx, struct pkc_cookie_s *cookie) ++{ ++ int r; ++ ctx = BN_CTX_new(); ++ r = cryptodev_bn_mod_exp_async(r0, I, rsa->d, rsa->n, ctx, NULL, cookie); ++ BN_CTX_free(ctx); ++ return r; ++} ++ ++static int + cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) + { + int r; +@@ -1446,6 +1591,62 @@ err: + return (ret); + } + ++static int ++cryptodev_rsa_mod_exp_async(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx, ++ struct pkc_cookie_s *cookie) ++{ ++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); ++ int ret = 1, f_len, p_len, q_len; ++ unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq = NULL, *c = NULL; ++ ++ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp || !kop) { ++ return (0); ++ } ++ ++ kop->crk_oparams = 0; ++ kop->crk_status = 0; ++ kop->crk_op = CRK_MOD_EXP_CRT; ++ f_len = BN_num_bytes(rsa->n); ++ spcf_bn2bin_ex(I, &f, &f_len); ++ spcf_bn2bin(rsa->p, &p, &p_len); ++ spcf_bn2bin(rsa->q, &q, &q_len); ++ spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len); ++ spcf_bn2bin_ex(rsa->iqmp, &c, &p_len); ++ spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len); ++ /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ ++ kop->crk_param[0].crp_p = p; ++ kop->crk_param[0].crp_nbits = p_len * 8; ++ kop->crk_param[1].crp_p = q; ++ kop->crk_param[1].crp_nbits = q_len * 8; ++ kop->crk_param[2].crp_p = f; ++ kop->crk_param[2].crp_nbits = f_len * 8; ++ kop->crk_param[3].crp_p = dp; ++ kop->crk_param[3].crp_nbits = p_len * 8; ++ /* dq must of length q, rest all of length p*/ ++ kop->crk_param[4].crp_p = dq; ++ kop->crk_param[4].crp_nbits = q_len * 8; ++ kop->crk_param[5].crp_p = c; ++ kop->crk_param[5].crp_nbits = p_len * 8; ++ kop->crk_iparams = 6; ++ kop->cookie = cookie; ++ if (cryptodev_asym_async(kop, BN_num_bytes(rsa->n), r0, 0, NULL)) ++ goto err; ++ ++ return ret; ++err: ++ { ++ const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); ++ ++ if (kop) ++ free(kop); ++ ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); ++ if (ret) ++ /* Call user completion handler immediately */ ++ cookie->pkc_callback(cookie, 0); ++ } ++ return (ret); ++} ++ + static RSA_METHOD cryptodev_rsa = { + "cryptodev RSA method", + NULL, /* rsa_pub_enc */ +@@ -1454,6 +1655,12 @@ static RSA_METHOD cryptodev_rsa = { + NULL, /* rsa_priv_dec */ + NULL, + NULL, ++ NULL, /* rsa_pub_enc */ ++ NULL, /* rsa_pub_dec */ ++ NULL, /* rsa_priv_enc */ ++ NULL, /* rsa_priv_dec */ ++ NULL, ++ NULL, + NULL, /* init */ + NULL, /* finish */ + 0, /* flags */ +@@ -1751,126 +1958,424 @@ sw_try: + return ret; + } + ++/* Cryptodev DSA Key Gen routine */ ++static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie) ++{ ++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); ++ int ret = 1, g_len; ++ unsigned char *g = NULL; + ++ if (!kop) ++ goto sw_try; + +-static DSA_METHOD cryptodev_dsa = { +- "cryptodev DSA method", +- NULL, +- NULL, /* dsa_sign_setup */ +- NULL, +- NULL, /* dsa_mod_exp */ +- NULL, +- NULL, /* init */ +- NULL, /* finish */ +- 0, /* flags */ +- NULL /* app_data */ +-}; ++ if (dsa->priv_key == NULL) { ++ if ((dsa->priv_key=BN_new()) == NULL) ++ goto sw_try; ++ } + +-static ECDSA_METHOD cryptodev_ecdsa = { +- "cryptodev ECDSA method", +- NULL, +- NULL, /* ecdsa_sign_setup */ +- NULL, +- NULL, +- 0, /* flags */ +- NULL /* app_data */ +-}; ++ if (dsa->pub_key == NULL) { ++ if ((dsa->pub_key=BN_new()) == NULL) ++ goto sw_try; ++ } + +-typedef enum ec_curve_s +-{ +- EC_PRIME, +- EC_BINARY +-} ec_curve_t; ++ g_len = BN_num_bytes(dsa->p); ++ /** ++ * Get generator into a plain buffer. If length is less than ++ * q_len then add leading padding bytes. ++ */ ++ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { ++ DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE); ++ goto sw_try; ++ } + +-/* ENGINE handler for ECDSA Sign */ +-static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, +- int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) +-{ +- BIGNUM *m = NULL, *p = NULL, *a = NULL; +- BIGNUM *b = NULL, *x = NULL, *y = NULL; +- BN_CTX *ctx = NULL; +- ECDSA_SIG *ret = NULL; +- ECDSA_DATA *ecdsa = NULL; +- unsigned char * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL; +- unsigned char * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL; +- int i = 0, q_len = 0, priv_key_len = 0, r_len = 0; +- int g_len = 0, d_len = 0, ab_len = 0; +- const BIGNUM *order = NULL, *priv_key=NULL; +- const EC_GROUP *group = NULL; +- struct crypt_kop kop; +- ec_curve_t ec_crv = EC_PRIME; ++ memset(kop, 0, sizeof(struct crypt_kop)); ++ kop->crk_op = CRK_DSA_GENERATE_KEY; ++ if (bn2crparam(dsa->p, &kop->crk_param[0])) ++ goto sw_try; ++ if (bn2crparam(dsa->q, &kop->crk_param[1])) ++ goto sw_try; ++ kop->crk_param[2].crp_p = g; ++ kop->crk_param[2].crp_nbits = g_len * 8; ++ kop->crk_iparams = 3; ++ kop->cookie = cookie; + +- memset(&kop, 0, sizeof(kop)); +- ecdsa = ecdsa_check(eckey); +- if (!ecdsa) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); +- return NULL; ++ /* pub_key is or prime length while priv key is of length of order */ ++ if (cryptodev_asym_async(kop, BN_num_bytes(dsa->p), dsa->pub_key, ++ BN_num_bytes(dsa->q), dsa->priv_key)) ++ goto sw_try; ++ ++ return ret; ++sw_try: ++ { ++ const DSA_METHOD *meth = DSA_OpenSSL(); ++ ++ if (kop) ++ free(kop); ++ ret = (meth->dsa_keygen)(dsa); ++ cookie->pkc_callback(cookie, 0); + } ++ return ret; ++} + +- group = EC_KEY_get0_group(eckey); +- priv_key = EC_KEY_get0_private_key(eckey); ++static int ++cryptodev_dsa_do_sign_async(const unsigned char *dgst, int dlen, DSA *dsa, ++ DSA_SIG *sig, struct pkc_cookie_s *cookie) ++{ ++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); ++ DSA_SIG *dsaret = NULL; ++ int q_len = 0, r_len = 0, g_len = 0; ++ int priv_key_len = 0, ret = 1; ++ unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f = NULL; + +- if (!group || !priv_key) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); +- return NULL; ++ if (((sig->r = BN_new()) == NULL) || !kop) { ++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; + } + +- if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || +- (a = BN_new()) == NULL || (b = BN_new()) == NULL || +- (p = BN_new()) == NULL || (x = BN_new()) == NULL || +- (y = BN_new()) == NULL) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ if ((sig->s = BN_new()) == NULL) { ++ BN_free(sig->r); ++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + +- order = &group->order; +- if (!order || BN_is_zero(order)) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS); ++ if (spcf_bn2bin(dsa->p, &q, &q_len)) { ++ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + goto err; + } + +- i = BN_num_bits(order); +- /* Need to truncate digest if it is too long: first truncate whole +- bytes */ +- if (8 * dgst_len > i) +- dgst_len = (i + 7)/8; ++ /* Get order of the field of private keys into plain buffer */ ++ if (spcf_bn2bin (dsa->q, &r, &r_len)) { ++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } + +- if (!BN_bin2bn(dgst, dgst_len, m)) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ /* sanity test */ ++ if (dlen > r_len) { ++ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + goto err; + } + +- /* If still too long truncate remaining bits with a shift */ +- if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ g_len = q_len; ++ /** ++ * Get generator into a plain buffer. If length is less than ++ * q_len then add leading padding bytes. ++ */ ++ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { ++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + +- /* copy the truncated bits into plain buffer */ +- if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { +- fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__); ++ priv_key_len = r_len; ++ /** ++ * Get private key into a plain buffer. If length is less than ++ * r_len then add leading padding bytes. ++ */ ++ if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) { ++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + +- ret = ECDSA_SIG_new(); +- if (!ret) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ /* Allocate memory to store hash. */ ++ f = OPENSSL_malloc (r_len); ++ if (!f) { ++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + +- /* check if this is prime or binary EC request */ +- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { +- ec_crv = EC_PRIME; +- /* get the generator point pair */ +- if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group), +- x, y,ctx)) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); +- goto err; +- } ++ /* Add padding, since SEC expects hash to of size r_len */ ++ if (dlen < r_len) ++ memset(f, 0, r_len - dlen); + +- /* get the ECC curve parameters */ +- if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ /* Skip leading bytes if dgst_len < r_len */ ++ memcpy(f + r_len - dlen, dgst, dlen); ++ ++ dlen = r_len; ++ ++ memset(kop, 0, sizeof( struct crypt_kop)); ++ kop->crk_op = CRK_DSA_SIGN; ++ ++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ ++ kop->crk_param[0].crp_p = (void*)f; ++ kop->crk_param[0].crp_nbits = dlen * 8; ++ kop->crk_param[1].crp_p = (void*)q; ++ kop->crk_param[1].crp_nbits = q_len * 8; ++ kop->crk_param[2].crp_p = (void*)r; ++ kop->crk_param[2].crp_nbits = r_len * 8; ++ kop->crk_param[3].crp_p = (void*)g; ++ kop->crk_param[3].crp_nbits = g_len * 8; ++ kop->crk_param[4].crp_p = (void*)priv_key; ++ kop->crk_param[4].crp_nbits = priv_key_len * 8; ++ kop->crk_iparams = 5; ++ kop->cookie = cookie; ++ ++ if (cryptodev_asym_async(kop, r_len, sig->r, r_len, sig->s)) ++ goto err; ++ ++ return ret; ++err: ++ { ++ const DSA_METHOD *meth = DSA_OpenSSL(); ++ ++ if (kop) ++ free(kop); ++ BN_free(sig->r); ++ BN_free(sig->s); ++ dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa); ++ sig->r = dsaret->r; ++ sig->s = dsaret->s; ++ /* Call user callback immediately */ ++ cookie->pkc_callback(cookie, 0); ++ ret = dsaret; ++ } ++ return ret; ++} ++ ++static int ++cryptodev_dsa_verify_async(const unsigned char *dgst, int dlen, ++ DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie) ++{ ++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); ++ int q_len = 0, r_len = 0, g_len = 0; ++ int w_len = 0 ,c_len = 0, d_len = 0, ret = 1; ++ unsigned char * q = NULL, * r = NULL, * w = NULL, * g = NULL; ++ unsigned char *c = NULL, * d = NULL, *f = NULL; ++ ++ if (!kop) ++ goto err; ++ ++ if (spcf_bn2bin(dsa->p, &q, &q_len)) { ++ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ return ret; ++ } ++ ++ /* Get Order of field of private keys */ ++ if (spcf_bn2bin(dsa->q, &r, &r_len)) { ++ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ g_len = q_len; ++ /** ++ * Get generator into a plain buffer. If length is less than ++ * q_len then add leading padding bytes. ++ */ ++ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { ++ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ w_len = q_len; ++ /** ++ * Get public key into a plain buffer. If length is less than ++ * q_len then add leading padding bytes. ++ */ ++ if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) { ++ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ /** ++ * Get the 1st part of signature into a flat buffer with ++ * appropriate padding ++ */ ++ c_len = r_len; ++ ++ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /** ++ * Get the 2nd part of signature into a flat buffer with ++ * appropriate padding ++ */ ++ d_len = r_len; ++ ++ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ ++ /* Sanity test */ ++ if (dlen > r_len) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Allocate memory to store hash. */ ++ f = OPENSSL_malloc (r_len); ++ if (!f) { ++ DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Add padding, since SEC expects hash to of size r_len */ ++ if (dlen < r_len) ++ memset(f, 0, r_len - dlen); ++ ++ /* Skip leading bytes if dgst_len < r_len */ ++ memcpy(f + r_len - dlen, dgst, dlen); ++ ++ dlen = r_len; ++ memset(kop, 0, sizeof(struct crypt_kop)); ++ ++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ ++ kop->crk_param[0].crp_p = (void*)f; ++ kop->crk_param[0].crp_nbits = dlen * 8; ++ kop->crk_param[1].crp_p = q; ++ kop->crk_param[1].crp_nbits = q_len * 8; ++ kop->crk_param[2].crp_p = r; ++ kop->crk_param[2].crp_nbits = r_len * 8; ++ kop->crk_param[3].crp_p = g; ++ kop->crk_param[3].crp_nbits = g_len * 8; ++ kop->crk_param[4].crp_p = w; ++ kop->crk_param[4].crp_nbits = w_len * 8; ++ kop->crk_param[5].crp_p = c; ++ kop->crk_param[5].crp_nbits = c_len * 8; ++ kop->crk_param[6].crp_p = d; ++ kop->crk_param[6].crp_nbits = d_len * 8; ++ kop->crk_iparams = 7; ++ kop->crk_op = CRK_DSA_VERIFY; ++ kop->cookie = cookie; ++ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) ++ goto err; ++ ++ return ret; ++err: ++ { ++ const DSA_METHOD *meth = DSA_OpenSSL(); ++ ++ if (kop) ++ free(kop); ++ ++ ret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa); ++ cookie->pkc_callback(cookie, 0); ++ } ++ return ret; ++} ++ ++static DSA_METHOD cryptodev_dsa = { ++ "cryptodev DSA method", ++ NULL, ++ NULL, /* dsa_sign_setup */ ++ NULL, ++ NULL, /* dsa_mod_exp */ ++ NULL, ++ NULL, ++ NULL, ++ NULL, ++ NULL, /* init */ ++ NULL, /* finish */ ++ 0, /* flags */ ++ NULL /* app_data */ ++}; ++ ++static ECDSA_METHOD cryptodev_ecdsa = { ++ "cryptodev ECDSA method", ++ NULL, ++ NULL, /* ecdsa_sign_setup */ ++ NULL, ++ NULL, ++ NULL, ++ NULL, ++ 0, /* flags */ ++ NULL /* app_data */ ++}; ++ ++typedef enum ec_curve_s ++{ ++ EC_PRIME, ++ EC_BINARY ++} ec_curve_t; ++ ++/* ENGINE handler for ECDSA Sign */ ++static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, ++ int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) ++{ ++ BIGNUM *m = NULL, *p = NULL, *a = NULL; ++ BIGNUM *b = NULL, *x = NULL, *y = NULL; ++ BN_CTX *ctx = NULL; ++ ECDSA_SIG *ret = NULL; ++ ECDSA_DATA *ecdsa = NULL; ++ unsigned char * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL; ++ unsigned char * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL; ++ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0; ++ int g_len = 0, d_len = 0, ab_len = 0; ++ const BIGNUM *order = NULL, *priv_key=NULL; ++ const EC_GROUP *group = NULL; ++ struct crypt_kop kop; ++ ec_curve_t ec_crv = EC_PRIME; ++ ++ memset(&kop, 0, sizeof(kop)); ++ ecdsa = ecdsa_check(eckey); ++ if (!ecdsa) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); ++ return NULL; ++ } ++ ++ group = EC_KEY_get0_group(eckey); ++ priv_key = EC_KEY_get0_private_key(eckey); ++ ++ if (!group || !priv_key) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); ++ return NULL; ++ } ++ ++ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || ++ (a = BN_new()) == NULL || (b = BN_new()) == NULL || ++ (p = BN_new()) == NULL || (x = BN_new()) == NULL || ++ (y = BN_new()) == NULL) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ order = &group->order; ++ if (!order || BN_is_zero(order)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS); ++ goto err; ++ } ++ ++ i = BN_num_bits(order); ++ /* Need to truncate digest if it is too long: first truncate whole ++ bytes */ ++ if (8 * dgst_len > i) ++ dgst_len = (i + 7)/8; ++ ++ if (!BN_bin2bn(dgst, dgst_len, m)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* If still too long truncate remaining bits with a shift */ ++ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* copy the truncated bits into plain buffer */ ++ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { ++ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__); ++ goto err; ++ } ++ ++ ret = ECDSA_SIG_new(); ++ if (!ret) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* check if this is prime or binary EC request */ ++ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { ++ ec_crv = EC_PRIME; ++ /* get the generator point pair */ ++ if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group), ++ x, y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* get the ECC curve parameters */ ++ if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); + goto err; + } + } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) { +@@ -2195,63 +2700,581 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, + } + + /** +- * Get the 2nd part of signature into a flat buffer with +- * appropriate padding ++ * Get the 2nd part of signature into a flat buffer with ++ * appropriate padding ++ */ ++ if (BN_num_bytes(sig->s) < r_len) ++ d_len = r_len; ++ ++ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* memory for message representative */ ++ f = malloc(r_len); ++ if (!f) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Add padding, since SEC expects hash to of size r_len */ ++ memset(f, 0, r_len-dgst_len); ++ ++ /* Skip leading bytes if dgst_len < r_len */ ++ memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len); ++ dgst_len += r_len-dgst_len; ++ kop.crk_op = CRK_DSA_VERIFY; ++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ ++ kop.crk_param[0].crp_p = f; ++ kop.crk_param[0].crp_nbits = dgst_len * 8; ++ kop.crk_param[1].crp_p = q; ++ kop.crk_param[1].crp_nbits = q_len * 8; ++ kop.crk_param[2].crp_p = r; ++ kop.crk_param[2].crp_nbits = r_len * 8; ++ kop.crk_param[3].crp_p = g_xy; ++ kop.crk_param[3].crp_nbits = g_len * 8; ++ kop.crk_param[4].crp_p = w_xy; ++ kop.crk_param[4].crp_nbits = pub_key_len * 8; ++ kop.crk_param[5].crp_p = ab; ++ kop.crk_param[5].crp_nbits = ab_len * 8; ++ kop.crk_param[6].crp_p = c; ++ kop.crk_param[6].crp_nbits = d_len * 8; ++ kop.crk_param[7].crp_p = d; ++ kop.crk_param[7].crp_nbits = d_len * 8; ++ kop.crk_iparams = 8; ++ ++ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { ++ /*OCF success value is 0, if not zero, change ret to fail*/ ++ if(0 == kop.crk_status) ++ ret = 1; ++ } else { ++ const ECDSA_METHOD *meth = ECDSA_OpenSSL(); ++ ++ ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey); ++ } ++ kop.crk_param[0].crp_p = NULL; ++ zapparams(&kop); ++ ++err: ++ return ret; ++} ++ ++static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst, ++ int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey, ++ ECDSA_SIG *sig, struct pkc_cookie_s *cookie) ++{ ++ BIGNUM *m = NULL, *p = NULL, *a = NULL; ++ BIGNUM *b = NULL, *x = NULL, *y = NULL; ++ BN_CTX *ctx = NULL; ++ ECDSA_SIG *sig_ret = NULL; ++ ECDSA_DATA *ecdsa = NULL; ++ unsigned char * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL; ++ unsigned char * s = NULL, *f = NULL, *tmp_dgst = NULL; ++ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0; ++ int g_len = 0, ab_len = 0, ret = 1; ++ const BIGNUM *order = NULL, *priv_key=NULL; ++ const EC_GROUP *group = NULL; ++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); ++ ec_curve_t ec_crv = EC_PRIME; ++ ++ if (!(sig->r = BN_new()) || !kop) ++ goto err; ++ if ((sig->s = BN_new()) == NULL) { ++ BN_free(r); ++ goto err; ++ } ++ ++ memset(kop, 0, sizeof(struct crypt_kop)); ++ ecdsa = ecdsa_check(eckey); ++ if (!ecdsa) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); ++ goto err; ++ } ++ ++ group = EC_KEY_get0_group(eckey); ++ priv_key = EC_KEY_get0_private_key(eckey); ++ ++ if (!group || !priv_key) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); ++ goto err; ++ } ++ ++ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || ++ (a = BN_new()) == NULL || (b = BN_new()) == NULL || ++ (p = BN_new()) == NULL || (x = BN_new()) == NULL || ++ (y = BN_new()) == NULL) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ order = &group->order; ++ if (!order || BN_is_zero(order)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS); ++ goto err; ++ } ++ ++ i = BN_num_bits(order); ++ /* Need to truncate digest if it is too long: first truncate whole ++ bytes */ ++ if (8 * dgst_len > i) ++ dgst_len = (i + 7)/8; ++ ++ if (!BN_bin2bn(dgst, dgst_len, m)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* If still too long truncate remaining bits with a shift */ ++ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* copy the truncated bits into plain buffer */ ++ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { ++ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__); ++ goto err; ++ } ++ ++ /* check if this is prime or binary EC request */ ++ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ++ == NID_X9_62_prime_field) { ++ ec_crv = EC_PRIME; ++ /* get the generator point pair */ ++ if (!EC_POINT_get_affine_coordinates_GFp (group, ++ EC_GROUP_get0_generator(group), x, y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* get the ECC curve parameters */ ++ if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ goto err; ++ } ++ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) { ++ ec_crv = EC_BINARY; ++ /* get the ECC curve parameters */ ++ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* get the generator point pair */ ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, ++ EC_GROUP_get0_generator(group), x, y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ goto err; ++ } ++ } else { ++ printf("Unsupported Curve\n"); ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ if (spcf_bn2bin(order, &r, &r_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (spcf_bn2bin(p, &q, &q_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ priv_key_len = r_len; ++ ++ /** ++ * If BN_num_bytes of priv_key returns less then r_len then ++ * add padding bytes before the key ++ */ ++ if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Generation of ECC curve parameters */ ++ ab_len = 2*q_len; ++ ab = eng_copy_curve_points(a, b, ab_len, q_len); ++ if (!ab) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (ec_crv == EC_BINARY) { ++ if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len)) ++ { ++ unsigned char *c_temp = NULL; ++ int c_temp_len = q_len; ++ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) ++ memcpy(ab+q_len, c_temp, q_len); ++ else ++ goto err; ++ } ++ kop->curve_type = ECC_BINARY; ++ } ++ ++ /* Calculation of Generator point */ ++ g_len = 2*q_len; ++ g_xy = eng_copy_curve_points(x, y, g_len, q_len); ++ if (!g_xy) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* memory for message representative */ ++ f = malloc(r_len); ++ if (!f) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Add padding, since SEC expects hash to of size r_len */ ++ memset(f, 0, r_len - dgst_len); ++ ++ /* Skip leading bytes if dgst_len < r_len */ ++ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len); ++ ++ dgst_len += r_len - dgst_len; ++ ++ kop->crk_op = CRK_DSA_SIGN; ++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ ++ kop->crk_param[0].crp_p = f; ++ kop->crk_param[0].crp_nbits = dgst_len * 8; ++ kop->crk_param[1].crp_p = q; ++ kop->crk_param[1].crp_nbits = q_len * 8; ++ kop->crk_param[2].crp_p = r; ++ kop->crk_param[2].crp_nbits = r_len * 8; ++ kop->crk_param[3].crp_p = g_xy; ++ kop->crk_param[3].crp_nbits = g_len * 8; ++ kop->crk_param[4].crp_p = s; ++ kop->crk_param[4].crp_nbits = priv_key_len * 8; ++ kop->crk_param[5].crp_p = ab; ++ kop->crk_param[5].crp_nbits = ab_len * 8; ++ kop->crk_iparams = 6; ++ kop->cookie = cookie; ++ ++ if (cryptodev_asym_async(kop, r_len, sig->r , r_len, sig->s)) ++ goto err; ++ ++ return ret; ++err: ++ { ++ const ECDSA_METHOD *meth = ECDSA_OpenSSL(); ++ BN_free(sig->r); ++ BN_free(sig->s); ++ if (kop) ++ free(kop); ++ sig_ret = (meth->ecdsa_do_sign)(dgst, dgst_len, in_kinv, in_r, eckey); ++ sig->r = sig_ret->r; ++ sig->s = sig_ret->s; ++ cookie->pkc_callback(cookie, 0); ++ } ++ return ret; ++} ++ ++static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len, ++ const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie) ++{ ++ BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL; ++ BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL; ++ BN_CTX *ctx = NULL; ++ ECDSA_DATA *ecdsa = NULL; ++ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy = NULL; ++ unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL; ++ int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0; ++ int d_len = 0, ab_len = 0, ret = 1; ++ const EC_POINT *pub_key = NULL; ++ const BIGNUM *order = NULL; ++ const EC_GROUP *group=NULL; ++ ec_curve_t ec_crv = EC_PRIME; ++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); ++ ++ if (!kop) ++ goto err; ++ ++ memset(kop, 0, sizeof(struct crypt_kop)); ++ ecdsa = ecdsa_check(eckey); ++ if (!ecdsa) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER); ++ goto err; ++ } ++ ++ group = EC_KEY_get0_group(eckey); ++ pub_key = EC_KEY_get0_public_key(eckey); ++ ++ if (!group || !pub_key) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER); ++ goto err; ++ } ++ ++ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || ++ (a = BN_new()) == NULL || (b = BN_new()) == NULL || ++ (p = BN_new()) == NULL || (x = BN_new()) == NULL || ++ (y = BN_new()) == NULL || (w_x = BN_new()) == NULL || ++ (w_y = BN_new()) == NULL) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ order = &group->order; ++ if (!order || BN_is_zero(order)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS); ++ goto err; ++ } ++ ++ i = BN_num_bits(order); ++ /* Need to truncate digest if it is too long: first truncate whole ++ * bytes */ ++ if (8 * dgst_len > i) ++ dgst_len = (i + 7)/8; ++ ++ if (!BN_bin2bn(dgst, dgst_len, m)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* If still too long truncate remaining bits with a shift */ ++ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); ++ goto err; ++ } ++ /* copy the truncated bits into plain buffer */ ++ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* check if this is prime or binary EC request */ ++ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { ++ ec_crv = EC_PRIME; ++ ++ /* get the generator point pair */ ++ if (!EC_POINT_get_affine_coordinates_GFp (group, ++ EC_GROUP_get0_generator(group), x, y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* get the public key pair for prime curve */ ++ if (!EC_POINT_get_affine_coordinates_GFp (group, ++ pub_key, w_x, w_y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* get the ECC curve parameters */ ++ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field){ ++ ec_crv = EC_BINARY; ++ /* get the ECC curve parameters */ ++ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* get the generator point pair */ ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, ++ EC_GROUP_get0_generator(group),x, y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* get the public key pair for binary curve */ ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, ++ pub_key, w_x, w_y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ }else { ++ printf("Unsupported Curve\n"); ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* Get the order of the subgroup of private keys */ ++ if (spcf_bn2bin((BIGNUM*)order, &r, &r_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Get the irreducible polynomial that creates the field */ ++ if (spcf_bn2bin(p, &q, &q_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Get the public key into a flat buffer with appropriate padding */ ++ pub_key_len = 2 * q_len; ++ ++ w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len); ++ if (!w_xy) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Generation of ECC curve parameters */ ++ ab_len = 2*q_len; ++ ++ ab = eng_copy_curve_points (a, b, ab_len, q_len); ++ if (!ab) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (ec_crv == EC_BINARY) { ++ /* copy b' i.e c(b), instead of only b */ ++ eng_ec_get_cparam (EC_GROUP_get_curve_name(group), ++ ab+q_len, q_len); ++ kop->curve_type = ECC_BINARY; ++ } ++ ++ /* Calculation of Generator point */ ++ g_len = 2 * q_len; ++ ++ g_xy = eng_copy_curve_points (x, y, g_len, q_len); ++ if (!g_xy) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /** ++ * Get the 1st part of signature into a flat buffer with ++ * appropriate padding ++ */ ++ if (BN_num_bytes(sig->r) < r_len) ++ c_len = r_len; ++ ++ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /** ++ * Get the 2nd part of signature into a flat buffer with ++ * appropriate padding ++ */ ++ if (BN_num_bytes(sig->s) < r_len) ++ d_len = r_len; ++ ++ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* memory for message representative */ ++ f = malloc(r_len); ++ if (!f) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Add padding, since SEC expects hash to of size r_len */ ++ memset(f, 0, r_len-dgst_len); ++ ++ /* Skip leading bytes if dgst_len < r_len */ ++ memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len); ++ ++ dgst_len += r_len-dgst_len; ++ ++ kop->crk_op = CRK_DSA_VERIFY; ++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ ++ kop->crk_param[0].crp_p = f; ++ kop->crk_param[0].crp_nbits = dgst_len * 8; ++ kop->crk_param[1].crp_p = q; ++ kop->crk_param[1].crp_nbits = q_len * 8; ++ kop->crk_param[2].crp_p = r; ++ kop->crk_param[2].crp_nbits = r_len * 8; ++ kop->crk_param[3].crp_p = g_xy; ++ kop->crk_param[3].crp_nbits = g_len * 8; ++ kop->crk_param[4].crp_p = w_xy; ++ kop->crk_param[4].crp_nbits = pub_key_len * 8; ++ kop->crk_param[5].crp_p = ab; ++ kop->crk_param[5].crp_nbits = ab_len * 8; ++ kop->crk_param[6].crp_p = c; ++ kop->crk_param[6].crp_nbits = d_len * 8; ++ kop->crk_param[7].crp_p = d; ++ kop->crk_param[7].crp_nbits = d_len * 8; ++ kop->crk_iparams = 8; ++ kop->cookie = cookie; ++ ++ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) ++ goto err; ++ ++ return ret; ++err: ++ { ++ const ECDSA_METHOD *meth = ECDSA_OpenSSL(); ++ ++ if (kop) ++ free(kop); ++ ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey); ++ cookie->pkc_callback(cookie, 0); ++ } ++ ++ return ret; ++} ++ ++/* Cryptodev DH Key Gen routine */ ++static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie) ++{ ++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); ++ int ret = 1, g_len; ++ unsigned char *g = NULL; ++ ++ if (!kop) ++ goto sw_try; ++ ++ if (dh->priv_key == NULL) { ++ if ((dh->priv_key=BN_new()) == NULL) ++ goto sw_try; ++ } ++ ++ if (dh->pub_key == NULL) { ++ if ((dh->pub_key=BN_new()) == NULL) ++ goto sw_try; ++ } ++ ++ g_len = BN_num_bytes(dh->p); ++ /** ++ * Get generator into a plain buffer. If length is less than ++ * q_len then add leading padding bytes. + */ +- if (BN_num_bytes(sig->s) < r_len) +- d_len = r_len; +- +- if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- /* memory for message representative */ +- f = malloc(r_len); +- if (!f) { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); +- goto err; ++ if (spcf_bn2bin_ex(dh->g, &g, &g_len)) { ++ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); ++ goto sw_try; + } + +- /* Add padding, since SEC expects hash to of size r_len */ +- memset(f, 0, r_len-dgst_len); ++ memset(kop, 0, sizeof(struct crypt_kop)); ++ kop->crk_op = CRK_DH_GENERATE_KEY; ++ if (bn2crparam(dh->p, &kop->crk_param[0])) ++ goto sw_try; ++ if (bn2crparam(dh->q, &kop->crk_param[1])) ++ goto sw_try; ++ kop->crk_param[2].crp_p = g; ++ kop->crk_param[2].crp_nbits = g_len * 8; ++ kop->crk_iparams = 3; ++ kop->cookie = cookie; + +- /* Skip leading bytes if dgst_len < r_len */ +- memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len); +- dgst_len += r_len-dgst_len; +- kop.crk_op = CRK_DSA_VERIFY; +- /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ +- kop.crk_param[0].crp_p = f; +- kop.crk_param[0].crp_nbits = dgst_len * 8; +- kop.crk_param[1].crp_p = q; +- kop.crk_param[1].crp_nbits = q_len * 8; +- kop.crk_param[2].crp_p = r; +- kop.crk_param[2].crp_nbits = r_len * 8; +- kop.crk_param[3].crp_p = g_xy; +- kop.crk_param[3].crp_nbits = g_len * 8; +- kop.crk_param[4].crp_p = w_xy; +- kop.crk_param[4].crp_nbits = pub_key_len * 8; +- kop.crk_param[5].crp_p = ab; +- kop.crk_param[5].crp_nbits = ab_len * 8; +- kop.crk_param[6].crp_p = c; +- kop.crk_param[6].crp_nbits = d_len * 8; +- kop.crk_param[7].crp_p = d; +- kop.crk_param[7].crp_nbits = d_len * 8; +- kop.crk_iparams = 8; ++ /* pub_key is or prime length while priv key is of length of order */ ++ if (cryptodev_asym_async(kop, BN_num_bytes(dh->p), dh->pub_key, ++ BN_num_bytes(dh->q), dh->priv_key)) ++ goto sw_try; + +- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { +- /*OCF success value is 0, if not zero, change ret to fail*/ +- if(0 == kop.crk_status) +- ret = 1; +- } else { +- const ECDSA_METHOD *meth = ECDSA_OpenSSL(); ++ return ret; ++sw_try: ++ { ++ const DH_METHOD *meth = DH_OpenSSL(); + +- ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey); ++ if (kop) ++ free(kop); ++ ret = (meth->generate_key)(dh); ++ cookie->pkc_callback(cookie, 0); + } +- kop.crk_param[0].crp_p = NULL; +- zapparams(&kop); +- +-err: + return ret; + } + +@@ -2360,6 +3383,54 @@ sw_try: + return (dhret); + } + ++/* Return Length if successful and 0 on failure */ ++static int ++cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key, ++ DH *dh, struct pkc_cookie_s *cookie) ++{ ++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); ++ int ret = 1; ++ int fd, p_len; ++ unsigned char *padded_pub_key = NULL, *p = NULL; ++ ++ fd = *(int *)cookie->eng_handle; ++ ++ memset(kop, 0, sizeof(struct crypt_kop)); ++ kop->crk_op = CRK_DH_COMPUTE_KEY; ++ /* inputs: dh->priv_key pub_key dh->p key */ ++ spcf_bn2bin(dh->p, &p, &p_len); ++ spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len); ++ ++ if (bn2crparam(dh->priv_key, &kop->crk_param[0])) ++ goto err; ++ kop->crk_param[1].crp_p = padded_pub_key; ++ kop->crk_param[1].crp_nbits = p_len * 8; ++ kop->crk_param[2].crp_p = p; ++ kop->crk_param[2].crp_nbits = p_len * 8; ++ kop->crk_iparams = 3; ++ ++ kop->cookie = cookie; ++ kop->crk_param[3].crp_p = (void*) key; ++ kop->crk_param[3].crp_nbits = p_len * 8; ++ kop->crk_oparams = 1; ++ ++ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) ++ goto err; ++ ++ return p_len; ++err: ++ { ++ const DH_METHOD *meth = DH_OpenSSL(); ++ ++ if (kop) ++ free(kop); ++ ret = (meth->compute_key)(key, pub_key, dh); ++ /* Call user cookie handler */ ++ cookie->pkc_callback(cookie, 0); ++ } ++ return (ret); ++} ++ + int cryptodev_ecdh_compute_key(void *out, size_t outlen, + const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, + void *out, size_t *outlen)) +@@ -2537,6 +3608,190 @@ err: + return ret; + } + ++int cryptodev_ecdh_compute_key_async(void *out, size_t outlen, ++ const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, ++ void *out, size_t *outlen), struct pkc_cookie_s *cookie) ++{ ++ ec_curve_t ec_crv = EC_PRIME; ++ unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; ++ BIGNUM * w_x = NULL, *w_y = NULL; ++ int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; ++ BIGNUM * p = NULL, *a = NULL, *b = NULL; ++ BN_CTX *ctx; ++ EC_POINT *tmp=NULL; ++ BIGNUM *x=NULL, *y=NULL; ++ const BIGNUM *priv_key; ++ const EC_GROUP* group = NULL; ++ int ret = 1; ++ size_t buflen, len; ++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); ++ ++ if (!(ctx = BN_CTX_new()) || !kop) ++ goto err; ++ ++ memset(kop, 0, sizeof(struct crypt_kop)); ++ ++ BN_CTX_start(ctx); ++ x = BN_CTX_get(ctx); ++ y = BN_CTX_get(ctx); ++ p = BN_CTX_get(ctx); ++ a = BN_CTX_get(ctx); ++ b = BN_CTX_get(ctx); ++ w_x = BN_CTX_get(ctx); ++ w_y = BN_CTX_get(ctx); ++ ++ if (!x || !y || !p || !a || !b || !w_x || !w_y) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ priv_key = EC_KEY_get0_private_key(ecdh); ++ if (priv_key == NULL) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE); ++ goto err; ++ } ++ ++ group = EC_KEY_get0_group(ecdh); ++ if ((tmp=EC_POINT_new(group)) == NULL) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == ++ NID_X9_62_prime_field) { ++ ec_crv = EC_PRIME; ++ ++ if (!EC_POINT_get_affine_coordinates_GFp(group, ++ EC_GROUP_get0_generator(group), x, y, ctx)) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); ++ goto err; ++ } ++ ++ /* get the ECC curve parameters */ ++ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* get the public key pair for prime curve */ ++ if (!EC_POINT_get_affine_coordinates_GFp (group, pub_key, w_x, w_y,ctx)) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); ++ goto err; ++ } ++ } else { ++ ec_crv = EC_BINARY; ++ ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, ++ EC_GROUP_get0_generator(group), x, y, ctx)) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); ++ goto err; ++ } ++ ++ /* get the ECC curve parameters */ ++ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* get the public key pair for binary curve */ ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, ++ pub_key, w_x, w_y,ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ goto err; ++ } ++ } ++ ++ /* irreducible polynomial that creates the field */ ++ if (spcf_bn2bin((BIGNUM*)&group->order, &r, &r_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Get the irreducible polynomial that creates the field */ ++ if (spcf_bn2bin(p, &q, &q_len)) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* Get the public key into a flat buffer with appropriate padding */ ++ pub_key_len = 2 * q_len; ++ w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len); ++ if (!w_xy) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Generation of ECC curve parameters */ ++ ab_len = 2*q_len; ++ ab = eng_copy_curve_points (a, b, ab_len, q_len); ++ if (!ab) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ if (ec_crv == EC_BINARY) { ++ /* copy b' i.e c(b), instead of only b */ ++ if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len)) ++ { ++ unsigned char *c_temp = NULL; ++ int c_temp_len = q_len; ++ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) ++ memcpy(ab+q_len, c_temp, q_len); ++ else ++ goto err; ++ } ++ kop->curve_type = ECC_BINARY; ++ } else ++ kop->curve_type = ECC_PRIME; ++ ++ priv_key_len = r_len; ++ ++ /* ++ * If BN_num_bytes of priv_key returns less then r_len then ++ * add padding bytes before the key ++ */ ++ if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ buflen = (EC_GROUP_get_degree(group) + 7)/8; ++ len = BN_num_bytes(x); ++ if (len > buflen || q_len < buflen) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ kop->crk_op = CRK_DH_COMPUTE_KEY; ++ kop->crk_param[0].crp_p = (void *) s; ++ kop->crk_param[0].crp_nbits = priv_key_len*8; ++ kop->crk_param[1].crp_p = (void *) w_xy; ++ kop->crk_param[1].crp_nbits = pub_key_len*8; ++ kop->crk_param[2].crp_p = (void *) q; ++ kop->crk_param[2].crp_nbits = q_len*8; ++ kop->crk_param[3].crp_p = (void *) ab; ++ kop->crk_param[3].crp_nbits = ab_len*8; ++ kop->crk_iparams = 4; ++ kop->crk_param[4].crp_p = (void *) out; ++ kop->crk_param[4].crp_nbits = q_len*8; ++ kop->crk_oparams = 1; ++ kop->cookie = cookie; ++ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) ++ goto err; ++ ++ return q_len; ++err: ++ { ++ const ECDH_METHOD *meth = ECDH_OpenSSL(); ++ ++ if (kop) ++ free(kop); ++ ret = (meth->compute_key)(out, outlen, pub_key, ecdh, KDF); ++ /* Call user cookie handler */ ++ cookie->pkc_callback(cookie, 0); ++ } ++ return ret; ++} + + static DH_METHOD cryptodev_dh = { + "cryptodev DH method", +@@ -2545,6 +3800,8 @@ static DH_METHOD cryptodev_dh = { + NULL, + NULL, + NULL, ++ NULL, ++ NULL, + 0, /* flags */ + NULL /* app_data */ + }; +@@ -2553,6 +3810,7 @@ static ECDH_METHOD cryptodev_ecdh = { + "cryptodev ECDH method", + NULL, /* cryptodev_ecdh_compute_key */ + NULL, ++ NULL, + 0, /* flags */ + NULL /* app_data */ + }; +@@ -2625,12 +3883,19 @@ ENGINE_load_cryptodev(void) + cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; + if (cryptodev_asymfeat & CRF_MOD_EXP) { + cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp; +- if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) ++ cryptodev_rsa.bn_mod_exp_async = ++ cryptodev_bn_mod_exp_async; ++ if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) { + cryptodev_rsa.rsa_mod_exp = + cryptodev_rsa_mod_exp; +- else ++ cryptodev_rsa.rsa_mod_exp_async = ++ cryptodev_rsa_mod_exp_async; ++ } else { + cryptodev_rsa.rsa_mod_exp = + cryptodev_rsa_nocrt_mod_exp; ++ cryptodev_rsa.rsa_mod_exp_async = ++ cryptodev_rsa_nocrt_mod_exp_async; ++ } + } + } + +@@ -2638,12 +3903,21 @@ ENGINE_load_cryptodev(void) + const DSA_METHOD *meth = DSA_OpenSSL(); + + memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); +- if (cryptodev_asymfeat & CRF_DSA_SIGN) ++ if (cryptodev_asymfeat & CRF_DSA_SIGN) { + cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; +- if (cryptodev_asymfeat & CRF_DSA_VERIFY) ++ cryptodev_dsa.dsa_do_sign_async = ++ cryptodev_dsa_do_sign_async; ++ } ++ if (cryptodev_asymfeat & CRF_DSA_VERIFY) { + cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; +- if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) ++ cryptodev_dsa.dsa_do_verify_async = ++ cryptodev_dsa_verify_async; ++ } ++ if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) { + cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen; ++ cryptodev_dsa.dsa_keygen_async = ++ cryptodev_dsa_keygen_async; ++ } + } + + if (ENGINE_set_DH(engine, &cryptodev_dh)){ +@@ -2652,10 +3926,15 @@ ENGINE_load_cryptodev(void) + if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { + cryptodev_dh.compute_key = + cryptodev_dh_compute_key; ++ cryptodev_dh.compute_key_async = ++ cryptodev_dh_compute_key_async; + } + if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) { + cryptodev_dh.generate_key = + cryptodev_dh_keygen; ++ cryptodev_dh.generate_key_async = ++ cryptodev_dh_keygen_async; ++ + } + } + +@@ -2664,10 +3943,14 @@ ENGINE_load_cryptodev(void) + memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD)); + if (cryptodev_asymfeat & CRF_DSA_SIGN) { + cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign; ++ cryptodev_ecdsa.ecdsa_do_sign_async = ++ cryptodev_ecdsa_do_sign_async; + } + if (cryptodev_asymfeat & CRF_DSA_VERIFY) { + cryptodev_ecdsa.ecdsa_do_verify = + cryptodev_ecdsa_verify; ++ cryptodev_ecdsa.ecdsa_do_verify_async = ++ cryptodev_ecdsa_verify_async; + } + } + +@@ -2676,9 +3959,16 @@ ENGINE_load_cryptodev(void) + memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD)); + if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { + cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key; ++ cryptodev_ecdh.compute_key_async = ++ cryptodev_ecdh_compute_key_async; + } + } + ++ ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability); ++ ENGINE_set_close_instance(engine, cryptodev_close_instance); ++ ENGINE_set_init_instance(engine, cryptodev_init_instance); ++ ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC); ++ + ENGINE_add(engine); + ENGINE_free(engine); + ERR_clear_error(); +diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h +index 451ef8f..8fc3077 100644 +--- a/crypto/engine/eng_int.h ++++ b/crypto/engine/eng_int.h +@@ -181,7 +181,29 @@ struct engine_st + ENGINE_LOAD_KEY_PTR load_pubkey; + + ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert; +- ++ /* ++ * Instantiate Engine handle to be passed in check_pkc_availability ++ * Ensure that Engine is instantiated before any pkc asynchronous call. ++ */ ++ void *(*engine_init_instance)(void); ++ /* ++ * Instantiated Engine handle will be closed with this call. ++ * Ensure that no pkc asynchronous call is made after this call ++ */ ++ void (*engine_close_instance)(void *handle); ++ /* ++ * Check availability will extract the data from kernel. ++ * eng_handle: This is the Engine handle corresponds to which ++ * the cookies needs to be polled. ++ * return 0 if cookie available else 1 ++ */ ++ int (*check_pkc_availability)(void *eng_handle); ++ /* ++ * The following map is used to check if the engine supports asynchronous implementation ++ * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous ++ * implementation need to check this features using "int ENGINE_get_async_map(engine *)"; ++ */ ++ int async_map; + const ENGINE_CMD_DEFN *cmd_defns; + int flags; + /* reference count on the structure itself */ +diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c +index 18a6664..6fa621c 100644 +--- a/crypto/engine/eng_lib.c ++++ b/crypto/engine/eng_lib.c +@@ -98,7 +98,11 @@ void engine_set_all_null(ENGINE *e) + e->ctrl = NULL; + e->load_privkey = NULL; + e->load_pubkey = NULL; ++ e->check_pkc_availability = NULL; ++ e->engine_init_instance = NULL; ++ e->engine_close_instance = NULL; + e->cmd_defns = NULL; ++ e->async_map = 0; + e->flags = 0; + } + +@@ -233,6 +237,48 @@ int ENGINE_set_id(ENGINE *e, const char *id) + return 1; + } + ++void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void)) ++ { ++ e->engine_init_instance = engine_init_instance; ++ } ++ ++void ENGINE_set_close_instance(ENGINE *e, ++ void (*engine_close_instance)(void *)) ++ { ++ e->engine_close_instance = engine_close_instance; ++ } ++ ++void ENGINE_set_async_map(ENGINE *e, int async_map) ++ { ++ e->async_map = async_map; ++ } ++ ++void *ENGINE_init_instance(ENGINE *e) ++ { ++ return e->engine_init_instance(); ++ } ++ ++void ENGINE_close_instance(ENGINE *e, void *eng_handle) ++ { ++ e->engine_close_instance(eng_handle); ++ } ++ ++int ENGINE_get_async_map(ENGINE *e) ++ { ++ return e->async_map; ++ } ++ ++void ENGINE_set_check_pkc_availability(ENGINE *e, ++ int (*check_pkc_availability)(void *eng_handle)) ++ { ++ e->check_pkc_availability = check_pkc_availability; ++ } ++ ++int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle) ++ { ++ return e->check_pkc_availability(eng_handle); ++ } ++ + int ENGINE_set_name(ENGINE *e, const char *name) + { + if(name == NULL) +diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h +index 237a6c9..ccff86a 100644 +--- a/crypto/engine/engine.h ++++ b/crypto/engine/engine.h +@@ -473,6 +473,30 @@ ENGINE *ENGINE_new(void); + int ENGINE_free(ENGINE *e); + int ENGINE_up_ref(ENGINE *e); + int ENGINE_set_id(ENGINE *e, const char *id); ++void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void)); ++void ENGINE_set_close_instance(ENGINE *e, ++ void (*engine_free_instance)(void *)); ++/* ++ * Following FLAGS are bitmap store in async_map to set asynchronous interface capability ++ *of the engine ++ */ ++#define ENGINE_RSA_ASYNC 0x0001 ++#define ENGINE_DSA_ASYNC 0x0002 ++#define ENGINE_DH_ASYNC 0x0004 ++#define ENGINE_ECDSA_ASYNC 0x0008 ++#define ENGINE_ECDH_ASYNC 0x0010 ++#define ENGINE_ALLPKC_ASYNC 0x001F ++/* Engine implementation will set the bitmap based on above flags using following API */ ++void ENGINE_set_async_map(ENGINE *e, int async_map); ++ /* Application need to check the bitmap based on above flags using following API ++ * to confirm asynchronous methods supported ++ */ ++int ENGINE_get_async_map(ENGINE *e); ++void *ENGINE_init_instance(ENGINE *e); ++void ENGINE_close_instance(ENGINE *e, void *eng_handle); ++void ENGINE_set_check_pkc_availability(ENGINE *e, ++ int (*check_pkc_availability)(void *eng_handle)); ++int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle); + int ENGINE_set_name(ENGINE *e, const char *name); + int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); + int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); +diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h +index 5f269e5..6ef1b15 100644 +--- a/crypto/rsa/rsa.h ++++ b/crypto/rsa/rsa.h +@@ -101,6 +101,29 @@ struct rsa_meth_st + int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); /* Can be null */ ++ /* ++ * Cookie in the following _async variant must be allocated before ++ * submission and can be freed once its corresponding callback ++ * handler is called ++ */ ++ int (*rsa_pub_enc_asyn)(int flen,const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding, ++ struct pkc_cookie_s *cookie); ++ int (*rsa_pub_dec_async)(int flen,const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding, ++ struct pkc_cookie_s *cookie); ++ int (*rsa_priv_enc_async)(int flen,const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding, ++ struct pkc_cookie_s *cookie); ++ int (*rsa_priv_dec_async)(int flen,const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding, ++ struct pkc_cookie_s *cookie); ++ int (*rsa_mod_exp_async)(BIGNUM *r0, const BIGNUM *I, RSA *rsa, ++ BN_CTX *ctx, struct pkc_cookie_s *cookie); ++ int (*bn_mod_exp_async)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx, ++ BN_MONT_CTX *m_ctx, struct pkc_cookie_s *cookie); ++ + int (*init)(RSA *rsa); /* called at new */ + int (*finish)(RSA *rsa); /* called at free */ + int flags; /* RSA_METHOD_FLAG_* things */ +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch new file mode 100644 index 00000000..5e742986 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch @@ -0,0 +1,153 @@ +From e4fc051f8ae1c093b25ca346c2ec351ff3b700d1 Mon Sep 17 00:00:00 2001 +From: Hou Zhiqiang <B48286@freescale.com> +Date: Wed, 2 Apr 2014 16:10:43 +0800 +Subject: [PATCH 11/17] Add RSA keygen operation and support gendsa command + with hardware engine + +Upstream-status: Pending + +Signed-off-by: Hou Zhiqiang <B48286@freescale.com> +Tested-by: Cristian Stoica <cristian.stoica@freescale.com> +--- + crypto/engine/eng_cryptodev.c | 118 ++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 118 insertions(+) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index 9f2416e..b2919a8 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -1906,6 +1906,121 @@ err: + return dsaret; + } + ++/* Cryptodev RSA Key Gen routine */ ++static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) ++{ ++ struct crypt_kop kop; ++ int ret, fd; ++ int p_len, q_len; ++ int i; ++ ++ if ((fd = get_asym_dev_crypto()) < 0) ++ return fd; ++ ++ if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err; ++ if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err; ++ if(!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err; ++ if(!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err; ++ if(!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err; ++ if(!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err; ++ if(!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err; ++ if(!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err; ++ ++ BN_copy(rsa->e, e); ++ ++ p_len = (bits+1) / (2 * 8); ++ q_len = (bits - p_len * 8) / 8; ++ memset(&kop, 0, sizeof kop); ++ kop.crk_op = CRK_RSA_GENERATE_KEY; ++ ++ /* p length */ ++ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char)); ++ if (!kop.crk_param[kop.crk_iparams].crp_p) ++ goto err; ++ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8; ++ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1); ++ kop.crk_iparams++; ++ kop.crk_oparams++; ++ /* q length */ ++ kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char)); ++ if (!kop.crk_param[kop.crk_iparams].crp_p) ++ goto err; ++ kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8; ++ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1); ++ kop.crk_iparams++; ++ kop.crk_oparams++; ++ /* n length */ ++ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + q_len + 1, sizeof(char)); ++ if (!kop.crk_param[kop.crk_iparams].crp_p) ++ goto err; ++ kop.crk_param[kop.crk_iparams].crp_nbits = bits; ++ memset(kop.crk_param[kop.crk_iparams].crp_p, 0x00, p_len + q_len + 1); ++ kop.crk_iparams++; ++ kop.crk_oparams++; ++ /* d length */ ++ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + q_len + 1, sizeof(char)); ++ if (!kop.crk_param[kop.crk_iparams].crp_p) ++ goto err; ++ kop.crk_param[kop.crk_iparams].crp_nbits = bits; ++ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + q_len + 1); ++ kop.crk_iparams++; ++ kop.crk_oparams++; ++ /* dp1 length */ ++ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char)); ++ if (!kop.crk_param[kop.crk_iparams].crp_p) ++ goto err; ++ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8; ++ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1); ++ kop.crk_iparams++; ++ kop.crk_oparams++; ++ /* dq1 length */ ++ kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char)); ++ if (!kop.crk_param[kop.crk_iparams].crp_p) ++ goto err; ++ kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8; ++ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1); ++ kop.crk_iparams++; ++ kop.crk_oparams++; ++ /* i length */ ++ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char)); ++ if (!kop.crk_param[kop.crk_iparams].crp_p) ++ goto err; ++ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8; ++ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1); ++ kop.crk_iparams++; ++ kop.crk_oparams++; ++ ++ if (ioctl(fd, CIOCKEY, &kop) == 0) { ++ BN_bin2bn(kop.crk_param[0].crp_p, ++ p_len, rsa->p); ++ BN_bin2bn(kop.crk_param[1].crp_p, ++ q_len, rsa->q); ++ BN_bin2bn(kop.crk_param[2].crp_p, ++ bits / 8, rsa->n); ++ BN_bin2bn(kop.crk_param[3].crp_p, ++ bits / 8, rsa->d); ++ BN_bin2bn(kop.crk_param[4].crp_p, ++ p_len, rsa->dmp1); ++ BN_bin2bn(kop.crk_param[5].crp_p, ++ q_len, rsa->dmq1); ++ BN_bin2bn(kop.crk_param[6].crp_p, ++ p_len, rsa->iqmp); ++ return 1; ++ } ++sw_try: ++ { ++ const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); ++ ret = (meth->rsa_keygen)(rsa, bits, e, cb); ++ } ++ return ret; ++ ++err: ++ for (i = 0; i < CRK_MAXPARAM; i++) ++ free(kop.crk_param[i].crp_p); ++ return 0; ++ ++} ++ + /* Cryptodev DSA Key Gen routine */ + static int cryptodev_dsa_keygen(DSA *dsa) + { +@@ -3896,6 +4011,9 @@ ENGINE_load_cryptodev(void) + cryptodev_rsa.rsa_mod_exp_async = + cryptodev_rsa_nocrt_mod_exp_async; + } ++ if (cryptodev_asymfeat & CRF_RSA_GENERATE_KEY) ++ cryptodev_rsa.rsa_keygen = ++ cryptodev_rsa_keygen; + } + } + +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch new file mode 100644 index 00000000..44899733 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch @@ -0,0 +1,64 @@ +From ac777f046da7151386d667391362ecb553ceee90 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta <yashpal.dutta@freescale.com> +Date: Wed, 16 Apr 2014 22:53:04 +0545 +Subject: [PATCH 12/17] RSA Keygen Fix + +Upstream-status: Pending + +If Kernel driver doesn't support RSA Keygen or same returns +error handling the keygen operation, the keygen is gracefully +handled by software supported rsa_keygen handler + +Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> +Tested-by: Cristian Stoica <cristian.stoica@freescale.com> +--- + crypto/engine/eng_cryptodev.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index b2919a8..ed5f20f 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -1915,7 +1915,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) + int i; + + if ((fd = get_asym_dev_crypto()) < 0) +- return fd; ++ goto sw_try; + + if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err; + if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err; +@@ -1936,7 +1936,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) + /* p length */ + kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char)); + if (!kop.crk_param[kop.crk_iparams].crp_p) +- goto err; ++ goto sw_try; + kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8; + memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1); + kop.crk_iparams++; +@@ -1944,7 +1944,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) + /* q length */ + kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char)); + if (!kop.crk_param[kop.crk_iparams].crp_p) +- goto err; ++ goto sw_try; + kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8; + memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1); + kop.crk_iparams++; +@@ -2009,8 +2009,10 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) + } + sw_try: + { +- const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); +- ret = (meth->rsa_keygen)(rsa, bits, e, cb); ++ const RSA_METHOD *meth = rsa->meth; ++ rsa->meth = RSA_PKCS1_SSLeay(); ++ ret = RSA_generate_key_ex(rsa, bits, e, cb); ++ rsa->meth = meth; + } + return ret; + +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch new file mode 100644 index 00000000..183f3fbd --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch @@ -0,0 +1,164 @@ +From 6aaa306cdf878250d7b6eaf30978de313653886b Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta <yashpal.dutta@freescale.com> +Date: Thu, 17 Apr 2014 06:57:59 +0545 +Subject: [PATCH 13/17] Removed local copy of curve_t type + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> +Tested-by: Cristian Stoica <cristian.stoica@freescale.com> +--- + crypto/engine/eng_cryptodev.c | 34 ++++++++++++++-------------------- + crypto/engine/eng_cryptodev_ec.h | 7 ------- + 2 files changed, 14 insertions(+), 27 deletions(-) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index ed5f20f..5d883fa 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -2398,12 +2398,6 @@ static ECDSA_METHOD cryptodev_ecdsa = { + NULL /* app_data */ + }; + +-typedef enum ec_curve_s +-{ +- EC_PRIME, +- EC_BINARY +-} ec_curve_t; +- + /* ENGINE handler for ECDSA Sign */ + static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, + int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) +@@ -2420,7 +2414,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, + const BIGNUM *order = NULL, *priv_key=NULL; + const EC_GROUP *group = NULL; + struct crypt_kop kop; +- ec_curve_t ec_crv = EC_PRIME; ++ enum ec_curve_t ec_crv = EC_PRIME; + + memset(&kop, 0, sizeof(kop)); + ecdsa = ecdsa_check(eckey); +@@ -2553,7 +2547,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, + else + goto err; + } +- kop.curve_type = ECC_BINARY; ++ kop.curve_type = EC_BINARY; + } + + /* Calculation of Generator point */ +@@ -2647,7 +2641,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, + const EC_POINT *pub_key = NULL; + const BIGNUM *order = NULL; + const EC_GROUP *group=NULL; +- ec_curve_t ec_crv = EC_PRIME; ++ enum ec_curve_t ec_crv = EC_PRIME; + struct crypt_kop kop; + + memset(&kop, 0, sizeof kop); +@@ -2792,7 +2786,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, + else + goto err; + } +- kop.curve_type = ECC_BINARY; ++ kop.curve_type = EC_BINARY; + } + + /* Calculation of Generator point */ +@@ -2893,7 +2887,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst, + const BIGNUM *order = NULL, *priv_key=NULL; + const EC_GROUP *group = NULL; + struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); +- ec_curve_t ec_crv = EC_PRIME; ++ enum ec_curve_t ec_crv = EC_PRIME; + + if (!(sig->r = BN_new()) || !kop) + goto err; +@@ -3029,7 +3023,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst, + else + goto err; + } +- kop->curve_type = ECC_BINARY; ++ kop->curve_type = EC_BINARY; + } + + /* Calculation of Generator point */ +@@ -3105,7 +3099,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len, + const EC_POINT *pub_key = NULL; + const BIGNUM *order = NULL; + const EC_GROUP *group=NULL; +- ec_curve_t ec_crv = EC_PRIME; ++ enum ec_curve_t ec_crv = EC_PRIME; + struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); + + if (!kop) +@@ -3247,7 +3241,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len, + /* copy b' i.e c(b), instead of only b */ + eng_ec_get_cparam (EC_GROUP_get_curve_name(group), + ab+q_len, q_len); +- kop->curve_type = ECC_BINARY; ++ kop->curve_type = EC_BINARY; + } + + /* Calculation of Generator point */ +@@ -3552,7 +3546,7 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen, + const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, + void *out, size_t *outlen)) + { +- ec_curve_t ec_crv = EC_PRIME; ++ enum ec_curve_t ec_crv = EC_PRIME; + unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; + BIGNUM * w_x = NULL, *w_y = NULL; + int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; +@@ -3678,9 +3672,9 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen, + else + goto err; + } +- kop.curve_type = ECC_BINARY; ++ kop.curve_type = EC_BINARY; + } else +- kop.curve_type = ECC_PRIME; ++ kop.curve_type = EC_PRIME; + + priv_key_len = r_len; + +@@ -3729,7 +3723,7 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen, + const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, + void *out, size_t *outlen), struct pkc_cookie_s *cookie) + { +- ec_curve_t ec_crv = EC_PRIME; ++ enum ec_curve_t ec_crv = EC_PRIME; + unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; + BIGNUM * w_x = NULL, *w_y = NULL; + int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; +@@ -3857,9 +3851,9 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen, + else + goto err; + } +- kop->curve_type = ECC_BINARY; ++ kop->curve_type = EC_BINARY; + } else +- kop->curve_type = ECC_PRIME; ++ kop->curve_type = EC_PRIME; + + priv_key_len = r_len; + +diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h +index 77aee71..a4b8da5 100644 +--- a/crypto/engine/eng_cryptodev_ec.h ++++ b/crypto/engine/eng_cryptodev_ec.h +@@ -286,11 +286,4 @@ static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y, + + return xy; + } +- +-enum curve_t { +- DISCRETE_LOG, +- ECC_PRIME, +- ECC_BINARY, +- MAX_ECC_TYPE +-}; + #endif +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch new file mode 100644 index 00000000..46846f8f --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch @@ -0,0 +1,43 @@ +From 14623ca9e417ccef1ad3f4138acfac0ebe682f1f Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta <yashpal.dutta@freescale.com> +Date: Tue, 22 Apr 2014 22:58:33 +0545 +Subject: [PATCH 14/17] Modulus parameter is not populated by dhparams + +Upstream-status: Pending + +When dhparams are created, modulus parameter required for +private key generation is not populated. So, falling back +to software for proper population of modulus parameters followed +by private key generation + +Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> +Tested-by: Cristian Stoica <cristian.stoica@freescale.com> +--- + crypto/engine/eng_cryptodev.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index 5d883fa..6d69336 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -3364,7 +3364,7 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie) + kop->crk_op = CRK_DH_GENERATE_KEY; + if (bn2crparam(dh->p, &kop->crk_param[0])) + goto sw_try; +- if (bn2crparam(dh->q, &kop->crk_param[1])) ++ if (!dh->q || bn2crparam(dh->q, &kop->crk_param[1])) + goto sw_try; + kop->crk_param[2].crp_p = g; + kop->crk_param[2].crp_nbits = g_len * 8; +@@ -3419,7 +3419,7 @@ static int cryptodev_dh_keygen(DH *dh) + kop.crk_op = CRK_DH_GENERATE_KEY; + if (bn2crparam(dh->p, &kop.crk_param[0])) + goto sw_try; +- if (bn2crparam(dh->q, &kop.crk_param[1])) ++ if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1])) + goto sw_try; + kop.crk_param[2].crp_p = g; + kop.crk_param[2].crp_nbits = g_len * 8; +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch new file mode 100644 index 00000000..c20f9d71 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch @@ -0,0 +1,53 @@ +From 10be401a33e6ebcc325d6747914c70595cd53d0a Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta <yashpal.dutta@freescale.com> +Date: Thu, 24 Apr 2014 00:35:34 +0545 +Subject: [PATCH 15/17] SW Backoff mechanism for dsa keygen + +Upstream-status: Pending + +DSA Keygen is not handled in default openssl dsa method. Due to +same null function pointer in SW DSA method, the backoff for dsa +keygen gives segmentation fault. + +Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> +Tested-by: Cristian Stoica <cristian.stoica@freescale.com> +--- + crypto/engine/eng_cryptodev.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index 6d69336..dab8fea 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -2069,8 +2069,10 @@ static int cryptodev_dsa_keygen(DSA *dsa) + return ret; + sw_try: + { +- const DSA_METHOD *meth = DSA_OpenSSL(); +- ret = (meth->dsa_keygen)(dsa); ++ const DSA_METHOD *meth = dsa->meth; ++ dsa->meth = DSA_OpenSSL(); ++ ret = DSA_generate_key(dsa); ++ dsa->meth = meth; + } + return ret; + } +@@ -2124,11 +2126,13 @@ static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie) + return ret; + sw_try: + { +- const DSA_METHOD *meth = DSA_OpenSSL(); ++ const DSA_METHOD *meth = dsa->meth; + ++ dsa->meth = DSA_OpenSSL(); + if (kop) + free(kop); +- ret = (meth->dsa_keygen)(dsa); ++ ret = DSA_generate_key(dsa); ++ dsa->meth = meth; + cookie->pkc_callback(cookie, 0); + } + return ret; +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch new file mode 100644 index 00000000..abcc2efc --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch @@ -0,0 +1,100 @@ +From d2c868c6370bcc0d0a254e641907da2cdf992d62 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta <yashpal.dutta@freescale.com> +Date: Thu, 1 May 2014 06:35:45 +0545 +Subject: [PATCH 16/17] Fixed DH keygen pair generator + +Upstream-status: Pending + +Wrong Padding results into keygen length error + +Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> +Tested-by: Cristian Stoica <cristian.stoica@freescale.com> +--- + crypto/engine/eng_cryptodev.c | 50 ++++++++++++++++++++++++++++--------------- + 1 file changed, 33 insertions(+), 17 deletions(-) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index dab8fea..13d924f 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -3396,44 +3396,60 @@ sw_try: + static int cryptodev_dh_keygen(DH *dh) + { + struct crypt_kop kop; +- int ret = 1, g_len; +- unsigned char *g = NULL; ++ int ret = 1, q_len = 0; ++ unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL; ++ BIGNUM *pub_key = NULL, *priv_key = NULL; ++ int generate_new_key = 1; + +- if (dh->priv_key == NULL) { +- if ((dh->priv_key=BN_new()) == NULL) +- goto sw_try; +- } ++ if (dh->priv_key) ++ priv_key = dh->priv_key; + +- if (dh->pub_key == NULL) { +- if ((dh->pub_key=BN_new()) == NULL) +- goto sw_try; +- } ++ if (dh->pub_key) ++ pub_key = dh->pub_key; + +- g_len = BN_num_bytes(dh->p); ++ q_len = BN_num_bytes(dh->p); + /** + * Get generator into a plain buffer. If length is less than + * q_len then add leading padding bytes. + */ +- if (spcf_bn2bin_ex(dh->g, &g, &g_len)) { ++ if (spcf_bn2bin_ex(dh->g, &g, &q_len)) { ++ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); ++ goto sw_try; ++ } ++ ++ if (spcf_bn2bin_ex(dh->p, &q, &q_len)) { + DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); + goto sw_try; + } + + memset(&kop, 0, sizeof kop); + kop.crk_op = CRK_DH_GENERATE_KEY; +- if (bn2crparam(dh->p, &kop.crk_param[0])) +- goto sw_try; ++ kop.crk_param[0].crp_p = q; ++ kop.crk_param[0].crp_nbits = q_len * 8; + if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1])) + goto sw_try; + kop.crk_param[2].crp_p = g; +- kop.crk_param[2].crp_nbits = g_len * 8; ++ kop.crk_param[2].crp_nbits = q_len * 8; + kop.crk_iparams = 3; + ++ s = OPENSSL_malloc (q_len); ++ if (!s) { ++ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); ++ goto sw_try; ++ } ++ ++ w = OPENSSL_malloc (q_len); ++ if (!w) { ++ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); ++ goto sw_try; ++ } ++ + /* pub_key is or prime length while priv key is of length of order */ +- if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key, +- BN_num_bytes(dh->q), dh->priv_key)) ++ if (cryptodev_asym(&kop, q_len, w, q_len, s)) + goto sw_try; + ++ dh->pub_key = BN_bin2bn(w, q_len, pub_key); ++ dh->pub_key = BN_bin2bn(s, q_len, priv_key); + return ret; + sw_try: + { +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch new file mode 100644 index 00000000..a71bb456 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch @@ -0,0 +1,309 @@ +From 11b55103463bac614e00d74e9f196ec4ec6bade1 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica <cristian.stoica@freescale.com> +Date: Mon, 16 Jun 2014 14:06:21 +0300 +Subject: [PATCH 17/17] cryptodev: add support for aes-gcm algorithm offloading + +Change-Id: I3b77dc5ef8b8f707309549244a02852d95b36168 +Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> +Reviewed-on: http://git.am.freescale.net:8181/17226 +--- + apps/speed.c | 6 +- + crypto/engine/eng_cryptodev.c | 229 +++++++++++++++++++++++++++++++++++++++++- + 2 files changed, 233 insertions(+), 2 deletions(-) + +diff --git a/apps/speed.c b/apps/speed.c +index 9886ca3..099dede 100644 +--- a/apps/speed.c ++++ b/apps/speed.c +@@ -224,7 +224,11 @@ + #endif + + #undef BUFSIZE +-#define BUFSIZE ((long)1024*8+1) ++/* The buffer overhead allows GCM tag at the end of the encrypted data. This ++ avoids buffer overflows from cryptodev since Linux kernel GCM ++ implementation allways adds the tag - unlike e_aes.c:aes_gcm_cipher() ++ which doesn't */ ++#define BUFSIZE ((long)1024*8 + EVP_GCM_TLS_TAG_LEN) + int run=0; + + static int mr=0; +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index 13d924f..4493490 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -78,8 +78,10 @@ struct dev_crypto_state { + struct session_op d_sess; + int d_fd; + unsigned char *aad; +- unsigned int aad_len; ++ int aad_len; + unsigned int len; ++ unsigned char *iv; ++ int ivlen; + + #ifdef USE_CRYPTODEV_DIGESTS + char dummy_mac_key[HASH_MAX_LEN]; +@@ -251,6 +253,7 @@ static struct { + { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0}, + { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20}, + { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20}, ++ { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0}, + { 0, NID_undef, 0, 0, 0}, + }; + +@@ -271,6 +274,19 @@ static struct { + }; + #endif + ++/* increment counter (64-bit int) by 1 */ ++static void ctr64_inc(unsigned char *counter) { ++ int n=8; ++ unsigned char c; ++ ++ do { ++ --n; ++ c = counter[n]; ++ ++c; ++ counter[n] = c; ++ if (c) return; ++ } while (n); ++} + /* + * Return a fd if /dev/crypto seems usable, 0 otherwise. + */ +@@ -762,6 +778,197 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + } + } + ++static int cryptodev_init_gcm_key(EVP_CIPHER_CTX *ctx, ++ const unsigned char *key, const unsigned char *iv, int enc) ++{ ++ struct dev_crypto_state *state = ctx->cipher_data; ++ struct session_op *sess = &state->d_sess; ++ int cipher = -1, i; ++ if (!iv && !key) ++ return 1; ++ ++ if (iv) ++ memcpy(ctx->iv, iv, ctx->cipher->iv_len); ++ ++ for (i = 0; ciphers[i].id; i++) ++ if (ctx->cipher->nid == ciphers[i].nid && ++ ctx->cipher->iv_len <= ciphers[i].ivmax && ++ ctx->key_len == ciphers[i].keylen) { ++ cipher = ciphers[i].id; ++ break; ++ } ++ ++ if (!ciphers[i].id) { ++ state->d_fd = -1; ++ return 0; ++ } ++ ++ memset(sess, 0, sizeof(struct session_op)); ++ ++ if ((state->d_fd = get_dev_crypto()) < 0) ++ return 0; ++ ++ sess->key = (unsigned char *) key; ++ sess->keylen = ctx->key_len; ++ sess->cipher = cipher; ++ ++ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { ++ put_dev_crypto(state->d_fd); ++ state->d_fd = -1; ++ return 0; ++ } ++ return 1; ++} ++ ++static int cryptodev_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ struct crypt_auth_op cryp = {0}; ++ struct dev_crypto_state *state = ctx->cipher_data; ++ struct session_op *sess = &state->d_sess; ++ int rv = len; ++ ++ if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ? ++ EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV, ++ EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) ++ return 0; ++ ++ in += EVP_GCM_TLS_EXPLICIT_IV_LEN; ++ out += EVP_GCM_TLS_EXPLICIT_IV_LEN; ++ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; ++ ++ if (ctx->encrypt) { ++ len -= EVP_GCM_TLS_TAG_LEN; ++ } ++ cryp.ses = sess->ses; ++ cryp.len = len; ++ cryp.src = (unsigned char*) in; ++ cryp.dst = out; ++ cryp.auth_src = state->aad; ++ cryp.auth_len = state->aad_len; ++ cryp.iv = ctx->iv; ++ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; ++ ++ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) { ++ return 0; ++ } ++ ++ if (ctx->encrypt) ++ ctr64_inc(state->iv + state->ivlen - 8); ++ else ++ rv = len - EVP_GCM_TLS_TAG_LEN; ++ ++ return rv; ++} ++ ++static int cryptodev_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ struct crypt_auth_op cryp; ++ struct dev_crypto_state *state = ctx->cipher_data; ++ struct session_op *sess = &state->d_sess; ++ ++ if (state->d_fd < 0) ++ return 0; ++ ++ if ((len % ctx->cipher->block_size) != 0) ++ return 0; ++ ++ if (state->aad_len >= 0) ++ return cryptodev_gcm_tls_cipher(ctx, out, in, len); ++ ++ memset(&cryp, 0, sizeof(cryp)); ++ ++ cryp.ses = sess->ses; ++ cryp.len = len; ++ cryp.src = (unsigned char*) in; ++ cryp.dst = out; ++ cryp.auth_src = NULL; ++ cryp.auth_len = 0; ++ cryp.iv = ctx->iv; ++ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; ++ ++ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) { ++ return 0; ++ } ++ ++ return len; ++} ++ ++static int cryptodev_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, ++ void *ptr) ++{ ++ struct dev_crypto_state *state = ctx->cipher_data; ++ switch (type) { ++ case EVP_CTRL_INIT: ++ { ++ state->ivlen = ctx->cipher->iv_len; ++ state->iv = ctx->iv; ++ state->aad_len = -1; ++ return 1; ++ } ++ case EVP_CTRL_GCM_SET_IV_FIXED: ++ { ++ /* Special case: -1 length restores whole IV */ ++ if (arg == -1) ++ { ++ memcpy(state->iv, ptr, state->ivlen); ++ return 1; ++ } ++ /* Fixed field must be at least 4 bytes and invocation field ++ * at least 8. ++ */ ++ if ((arg < 4) || (state->ivlen - arg) < 8) ++ return 0; ++ if (arg) ++ memcpy(state->iv, ptr, arg); ++ if (ctx->encrypt && ++ RAND_bytes(state->iv + arg, state->ivlen - arg) <= 0) ++ return 0; ++ return 1; ++ } ++ case EVP_CTRL_AEAD_TLS1_AAD: ++ { ++ unsigned int len; ++ if (arg != 13) ++ return 0; ++ ++ memcpy(ctx->buf, ptr, arg); ++ len=ctx->buf[arg-2] << 8 | ctx->buf[arg-1]; ++ ++ /* Correct length for explicit IV */ ++ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; ++ ++ /* If decrypting correct for tag too */ ++ if (!ctx->encrypt) ++ len -= EVP_GCM_TLS_TAG_LEN; ++ ++ ctx->buf[arg-2] = len >> 8; ++ ctx->buf[arg-1] = len & 0xff; ++ ++ state->aad = ctx->buf; ++ state->aad_len = arg; ++ state->len = len; ++ ++ /* Extra padding: tag appended to record */ ++ return EVP_GCM_TLS_TAG_LEN; ++ } ++ case EVP_CTRL_GCM_SET_IV_INV: ++ { ++ if (ctx->encrypt) ++ return 0; ++ memcpy(state->iv + state->ivlen - arg, ptr, arg); ++ return 1; ++ } ++ case EVP_CTRL_GCM_IV_GEN: ++ if (arg <= 0 || arg > state->ivlen) ++ arg = state->ivlen; ++ memcpy(ptr, state->iv + state->ivlen - arg, arg); ++ return 1; ++ default: ++ return -1; ++ } ++} + /* + * libcrypto EVP stuff - this is how we get wired to EVP so the engine + * gets called when libcrypto requests a cipher NID. +@@ -901,6 +1108,23 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = { + cryptodev_cbc_hmac_sha1_ctrl, + NULL + }; ++ ++const EVP_CIPHER cryptodev_aes_128_gcm = { ++ NID_aes_128_gcm, ++ 1, 16, 12, ++ EVP_CIPH_GCM_MODE | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1 \ ++ | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ ++ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT, ++ cryptodev_init_gcm_key, ++ cryptodev_gcm_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ cryptodev_gcm_ctrl, ++ NULL ++}; ++ + /* + * Registered by the ENGINE when used to find out how to deal with + * a particular NID in the ENGINE. this says what we'll do at the +@@ -944,6 +1168,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, + case NID_aes_256_cbc_hmac_sha1: + *cipher = &cryptodev_aes_256_cbc_hmac_sha1; + break; ++ case NID_aes_128_gcm: ++ *cipher = &cryptodev_aes_128_gcm; ++ break; + default: + *cipher = NULL; + break; +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl.inc b/meta-fsl-ppc/recipes-connectivity/openssl/openssl.inc new file mode 100644 index 00000000..ee02fb79 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl.inc @@ -0,0 +1,173 @@ +SUMMARY = "Secure Socket Layer" +DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." +HOMEPAGE = "http://www.openssl.org/" +BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" +SECTION = "libs/network" + +# "openssl | SSLeay" dual license +LICENSE = "openssl" +LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" + +DEPENDS = "perl-native-runtime" + +SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ + " +S = "${WORKDIR}/openssl-${PV}" + +PACKAGECONFIG[perl] = ",,," + +AR_append = " r" +# Avoid binaries being marked as requiring an executable stack since it +# doesn't(which causes and this causes issues with SELinux +CFLAG = "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \ + -DTERMIO ${CFLAGS} -Wall -Wa,--noexecstack" + +# -02 does not work on mipsel: ssh hangs when it tries to read /dev/urandom +CFLAG_mtx-1 := "${@'${CFLAG}'.replace('-O2', '')}" +CFLAG_mtx-2 := "${@'${CFLAG}'.replace('-O2', '')}" + +export DIRS = "crypto ssl apps" +export EX_LIBS = "-lgcc -ldl" +export AS = "${CC} -c" + +inherit pkgconfig siteinfo multilib_header + +PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf" +FILES_libcrypto = "${base_libdir}/libcrypto${SOLIBS}" +FILES_libssl = "${libdir}/libssl.so.*" +FILES_${PN} =+ " ${libdir}/ssl/*" +FILES_${PN}-misc = "${libdir}/ssl/misc ${bindir}/c_rehash" +RDEPENDS_${PN}-misc = "${@base_contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" +FILES_${PN}-dev += "${base_libdir}/libcrypto${SOLIBSDEV}" + +# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto +# package RRECOMMENDS on this package. This will enable the configuration +# file to be installed for both the base openssl package and the libcrypto +# package since the base openssl package depends on the libcrypto package. +FILES_openssl-conf = "${libdir}/ssl/openssl.cnf" +CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf" +RRECOMMENDS_libcrypto += "openssl-conf" + +do_configure_prepend_darwin () { + sed -i -e '/version-script=openssl\.ld/d' Configure +} + +do_configure () { + cd util + perl perlpath.pl ${STAGING_BINDIR_NATIVE} + cd .. + ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/ + + os=${HOST_OS} + if [ "x$os" = "xlinux-uclibc" ]; then + os=linux + elif [ "x$os" = "xlinux-uclibceabi" ]; then + os=linux + elif [ "x$os" = "xlinux-uclibcspe" ]; then + os=linux + elif [ "x$os" = "xlinux-gnuspe" ]; then + os=linux + elif [ "x$os" = "xlinux-gnueabi" ]; then + os=linux + fi + target="$os-${HOST_ARCH}" + case $target in + linux-arm) + target=linux-armv4 + ;; + linux-armeb) + target=linux-elf-armeb + ;; + linux-aarch64*) + target=linux-generic64 + ;; + linux-sh3) + target=debian-sh3 + ;; + linux-sh4) + target=debian-sh4 + ;; + linux-i486) + target=debian-i386-i486 + ;; + linux-i586 | linux-viac3) + target=debian-i386-i586 + ;; + linux-i686) + target=debian-i386-i686/cmov + ;; + linux-gnux32-x86_64) + target=linux-x32 + ;; + linux-gnu64-x86_64) + target=linux-x86_64 + ;; + linux-mips) + target=debian-mips + ;; + linux-mipsel) + target=debian-mipsel + ;; + linux-*-mips64) + target=linux-mips + ;; + linux-powerpc) + target=linux-ppc + ;; + linux-powerpc64) + target=linux-ppc64 + ;; + linux-supersparc) + target=linux-sparcv8 + ;; + linux-sparc) + target=linux-sparcv8 + ;; + darwin-i386) + target=darwin-i386-cc + ;; + esac + # inject machine-specific flags + sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure + useprefix=${prefix} + if [ "x$useprefix" = "x" ]; then + useprefix=/ + fi + perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target +} + +do_compile () { + oe_runmake +} + +do_install () { + oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install + + oe_libinstall -so libcrypto ${D}${libdir} + oe_libinstall -so libssl ${D}${libdir} + + # Moving libcrypto to /lib + if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then + mkdir -p ${D}/${base_libdir}/ + mv ${D}${libdir}/libcrypto* ${D}${base_libdir}/ + sed -i s#libdir=\$\{exec_prefix\}\/lib#libdir=${base_libdir}# ${D}/${libdir}/pkgconfig/libcrypto.pc + fi + + install -d ${D}${includedir} + cp --dereference -R include/openssl ${D}${includedir} + + oe_multilib_header openssl/opensslconf.h + if [ "${@base_contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then + install -m 0755 ${S}/tools/c_rehash ${D}${bindir} + sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${bindir}/c_rehash + sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl + sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget + # The c_rehash utility isn't installed by the normal installation process. + else + rm -f ${D}${bindir}/c_rehash + rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget + fi +} + +BBCLASSEXTEND = "native nativesdk" + diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/configure-targets.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/configure-targets.patch new file mode 100644 index 00000000..c1f3d087 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/configure-targets.patch @@ -0,0 +1,34 @@ +Upstream-Status: Inappropriate [embedded specific] + +The number of colons are important :) + + +--- + Configure | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +--- a/Configure ++++ b/Configure +@@ -403,6 +403,22 @@ my %table=( + "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", + "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", + ++ # Linux on ARM ++"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++ ++"linux-avr32","$ENV{'CC'}:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).", ++ ++#### Linux on MIPS/MIPS64 ++"linux-mips","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++ + # Android: linux-* but without -DTERMIO and pointers to headers and libs. + "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch new file mode 100644 index 00000000..ac1b19b9 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch @@ -0,0 +1,45 @@ +Upstream-Status: Backport [debian] + +From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001 +From: Ludwig Nussel <ludwig.nussel@suse.de> +Date: Wed, 21 Apr 2010 15:52:10 +0200 +Subject: [PATCH] also create old hash for compatibility + +--- + tools/c_rehash.in | 8 +++++++- + 1 files changed, 7 insertions(+), 1 deletions(-) + +Index: openssl-1.0.0d/tools/c_rehash.in +=================================================================== +--- openssl-1.0.0d.orig/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000 ++++ openssl-1.0.0d/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000 +@@ -86,6 +86,7 @@ + } + } + link_hash_cert($fname) if($cert); ++ link_hash_cert_old($fname) if($cert); + link_hash_crl($fname) if($crl); + } + } +@@ -119,8 +120,9 @@ + + sub link_hash_cert { + my $fname = $_[0]; ++ my $hashopt = $_[1] || '-subject_hash'; + $fname =~ s/'/'\\''/g; +- my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`; ++ my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$fname"`; + chomp $hash; + chomp $fprint; + $fprint =~ s/^.*=//; +@@ -150,6 +152,10 @@ + $hashlist{$hash} = $fprint; + } + ++sub link_hash_cert_old { ++ link_hash_cert($_[0], '-subject_hash_old'); ++} ++ + # Same as above except for a CRL. CRL links are of the form <hash>.r<n> + + sub link_hash_crl { diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/ca.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/ca.patch new file mode 100644 index 00000000..aba4d429 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/ca.patch @@ -0,0 +1,22 @@ +Upstream-Status: Backport [debian] + +Index: openssl-0.9.8m/apps/CA.pl.in +=================================================================== +--- openssl-0.9.8m.orig/apps/CA.pl.in 2006-04-28 00:28:51.000000000 +0000 ++++ openssl-0.9.8m/apps/CA.pl.in 2010-02-27 00:36:51.000000000 +0000 +@@ -65,6 +65,7 @@ + foreach (@ARGV) { + if ( /^(-\?|-h|-help)$/ ) { + print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; ++ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; + exit 0; + } elsif (/^-newcert$/) { + # create a certificate +@@ -165,6 +166,7 @@ + } else { + print STDERR "Unknown arg $_\n"; + print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; ++ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; + exit 1; + } + } diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/debian-targets.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/debian-targets.patch new file mode 100644 index 00000000..8101edf0 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/debian-targets.patch @@ -0,0 +1,66 @@ +Upstream-Status: Backport [debian] + +Index: openssl-1.0.1/Configure +=================================================================== +--- openssl-1.0.1.orig/Configure 2012-03-17 15:37:54.000000000 +0000 ++++ openssl-1.0.1/Configure 2012-03-17 16:13:49.000000000 +0000 +@@ -105,6 +105,10 @@ + + my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; + ++# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS ++my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall"; ++$debian_cflags =~ s/\n/ /g; ++ + my $strict_warnings = 0; + + my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; +@@ -338,6 +342,48 @@ + "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", + "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", + ++# Debian GNU/* (various architectures) ++"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-armeb","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", ++"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-kfreebsd-i386","gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-hppa","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-hurd-i386","gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -mtune=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-ia64","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386-i486","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386-i586","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i586::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386-i686/cmov","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i686::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mips", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mipsel", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-netbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-netbsd-m68k", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-openbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sh3", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sh4", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sh3eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sh4eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-m32r","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sparc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++ + #### + #### Variety of LINUX:-) + #### diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/make-targets.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/make-targets.patch new file mode 100644 index 00000000..ee0a62c3 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/make-targets.patch @@ -0,0 +1,15 @@ +Upstream-Status: Backport [debian] + +Index: openssl-1.0.1/Makefile.org +=================================================================== +--- openssl-1.0.1.orig/Makefile.org 2012-03-17 09:41:07.000000000 +0000 ++++ openssl-1.0.1/Makefile.org 2012-03-17 09:41:21.000000000 +0000 +@@ -135,7 +135,7 @@ + + BASEADDR= + +-DIRS= crypto ssl engines apps test tools ++DIRS= crypto ssl engines apps tools + ENGDIRS= ccgost + SHLIBDIRS= crypto ssl + diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/man-dir.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/man-dir.patch new file mode 100644 index 00000000..4085e3b1 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/man-dir.patch @@ -0,0 +1,15 @@ +Upstream-Status: Backport [debian] + +Index: openssl-1.0.0c/Makefile.org +=================================================================== +--- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:27.000000000 +0100 ++++ openssl-1.0.0c/Makefile.org 2010-12-12 16:11:37.000000000 +0100 +@@ -131,7 +131,7 @@ + + MAKEFILE= Makefile + +-MANDIR=$(OPENSSLDIR)/man ++MANDIR=/usr/share/man + MAN1=1 + MAN3=3 + MANSUFFIX= diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/man-section.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/man-section.patch new file mode 100644 index 00000000..21c1d1a4 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/man-section.patch @@ -0,0 +1,34 @@ +Upstream-Status: Backport [debian] + +Index: openssl-1.0.0c/Makefile.org +=================================================================== +--- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:37.000000000 +0100 ++++ openssl-1.0.0c/Makefile.org 2010-12-12 16:13:28.000000000 +0100 +@@ -160,7 +160,8 @@ + MANDIR=/usr/share/man + MAN1=1 + MAN3=3 +-MANSUFFIX= ++MANSUFFIX=ssl ++MANSECTION=SSL + HTMLSUFFIX=html + HTMLDIR=$(OPENSSLDIR)/html + SHELL=/bin/sh +@@ -651,7 +652,7 @@ + echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ + (cd `$(PERL) util/dirname.pl $$i`; \ + sh -c "$$pod2man \ +- --section=$$sec --center=OpenSSL \ ++ --section=$${sec}$(MANSECTION) --center=OpenSSL \ + --release=$(VERSION) `basename $$i`") \ + > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ + $(PERL) util/extract-names.pl < $$i | \ +@@ -668,7 +669,7 @@ + echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ + (cd `$(PERL) util/dirname.pl $$i`; \ + sh -c "$$pod2man \ +- --section=$$sec --center=OpenSSL \ ++ --section=$${sec}$(MANSECTION) --center=OpenSSL \ + --release=$(VERSION) `basename $$i`") \ + > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ + $(PERL) util/extract-names.pl < $$i | \ diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/no-rpath.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/no-rpath.patch new file mode 100644 index 00000000..1ccb3b86 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/no-rpath.patch @@ -0,0 +1,15 @@ +Upstream-Status: Backport [debian] + +Index: openssl-1.0.0c/Makefile.shared +=================================================================== +--- openssl-1.0.0c.orig/Makefile.shared 2010-08-21 13:36:49.000000000 +0200 ++++ openssl-1.0.0c/Makefile.shared 2010-12-12 16:13:36.000000000 +0100 +@@ -153,7 +153,7 @@ + NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" + +-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" ++DO_GNU_APP=LDFLAGS="$(CFLAGS)" + + #This is rather special. It's a special target with which one can link + #applications without bothering with any features that have anything to diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch new file mode 100644 index 00000000..cc4408ab --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch @@ -0,0 +1,15 @@ +Upstream-Status: Backport [debian] + +Index: openssl-1.0.0c/Makefile.shared +=================================================================== +--- openssl-1.0.0c.orig/Makefile.shared 2010-12-12 16:13:36.000000000 +0100 ++++ openssl-1.0.0c/Makefile.shared 2010-12-12 16:13:44.000000000 +0100 +@@ -151,7 +151,7 @@ + SHLIB_SUFFIX=; \ + ALLSYMSFLAGS='-Wl,--whole-archive'; \ + NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ +- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" ++ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" + + DO_GNU_APP=LDFLAGS="$(CFLAGS)" + diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/pic.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/pic.patch new file mode 100644 index 00000000..bfda3888 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/pic.patch @@ -0,0 +1,177 @@ +Upstream-Status: Backport [debian] + +Index: openssl-1.0.1c/crypto/des/asm/desboth.pl +=================================================================== +--- openssl-1.0.1c.orig/crypto/des/asm/desboth.pl 2001-10-24 23:20:56.000000000 +0200 ++++ openssl-1.0.1c/crypto/des/asm/desboth.pl 2012-07-29 14:15:26.000000000 +0200 +@@ -16,6 +16,11 @@ + + &push("edi"); + ++ &call (&label("pic_point0")); ++ &set_label("pic_point0"); ++ &blindpop("ebp"); ++ &add ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); ++ + &comment(""); + &comment("Load the data words"); + &mov($L,&DWP(0,"ebx","",0)); +@@ -47,15 +52,21 @@ + &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); + &mov(&swtmp(1), "eax"); + &mov(&swtmp(0), "ebx"); +- &call("DES_encrypt2"); ++ &exch("ebx", "ebp"); ++ &call("DES_encrypt2\@PLT"); ++ &exch("ebx", "ebp"); + &mov(&swtmp(2), (DWC(($enc)?"0":"1"))); + &mov(&swtmp(1), "edi"); + &mov(&swtmp(0), "ebx"); +- &call("DES_encrypt2"); ++ &exch("ebx", "ebp"); ++ &call("DES_encrypt2\@PLT"); ++ &exch("ebx", "ebp"); + &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); + &mov(&swtmp(1), "esi"); + &mov(&swtmp(0), "ebx"); +- &call("DES_encrypt2"); ++ &exch("ebx", "ebp"); ++ &call("DES_encrypt2\@PLT"); ++ &exch("ebx", "ebp"); + + &stack_pop(3); + &mov($L,&DWP(0,"ebx","",0)); +Index: openssl-1.0.1c/crypto/perlasm/cbc.pl +=================================================================== +--- openssl-1.0.1c.orig/crypto/perlasm/cbc.pl 2011-07-13 08:22:46.000000000 +0200 ++++ openssl-1.0.1c/crypto/perlasm/cbc.pl 2012-07-29 14:15:26.000000000 +0200 +@@ -122,7 +122,11 @@ + &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call + &mov(&DWP($data_off+4,"esp","",0), "ebx"); # + +- &call($enc_func); ++ &call (&label("pic_point0")); ++ &set_label("pic_point0"); ++ &blindpop("ebx"); ++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); ++ &call("$enc_func\@PLT"); + + &mov("eax", &DWP($data_off,"esp","",0)); + &mov("ebx", &DWP($data_off+4,"esp","",0)); +@@ -185,7 +189,11 @@ + &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call + &mov(&DWP($data_off+4,"esp","",0), "ebx"); # + +- &call($enc_func); ++ &call (&label("pic_point1")); ++ &set_label("pic_point1"); ++ &blindpop("ebx"); ++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]"); ++ &call("$enc_func\@PLT"); + + &mov("eax", &DWP($data_off,"esp","",0)); + &mov("ebx", &DWP($data_off+4,"esp","",0)); +@@ -218,7 +226,11 @@ + &mov(&DWP($data_off,"esp","",0), "eax"); # put back + &mov(&DWP($data_off+4,"esp","",0), "ebx"); # + +- &call($dec_func); ++ &call (&label("pic_point2")); ++ &set_label("pic_point2"); ++ &blindpop("ebx"); ++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]"); ++ &call("$dec_func\@PLT"); + + &mov("eax", &DWP($data_off,"esp","",0)); # get return + &mov("ebx", &DWP($data_off+4,"esp","",0)); # +@@ -261,7 +273,11 @@ + &mov(&DWP($data_off,"esp","",0), "eax"); # put back + &mov(&DWP($data_off+4,"esp","",0), "ebx"); # + +- &call($dec_func); ++ &call (&label("pic_point3")); ++ &set_label("pic_point3"); ++ &blindpop("ebx"); ++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]"); ++ &call("$dec_func\@PLT"); + + &mov("eax", &DWP($data_off,"esp","",0)); # get return + &mov("ebx", &DWP($data_off+4,"esp","",0)); # +Index: openssl-1.0.1c/crypto/perlasm/x86gas.pl +=================================================================== +--- openssl-1.0.1c.orig/crypto/perlasm/x86gas.pl 2011-12-09 20:16:35.000000000 +0100 ++++ openssl-1.0.1c/crypto/perlasm/x86gas.pl 2012-07-29 14:15:26.000000000 +0200 +@@ -161,6 +161,7 @@ + if ($::macosx) { push (@out,"$tmp,2\n"); } + elsif ($::elf) { push (@out,"$tmp,4\n"); } + else { push (@out,"$tmp\n"); } ++ if ($::elf) { push (@out,".hidden\tOPENSSL_ia32cap_P\n"); } + } + push(@out,$initseg) if ($initseg); + } +@@ -218,8 +219,23 @@ + elsif ($::elf) + { $initseg.=<<___; + .section .init ++___ ++ if ($::pic) ++ { $initseg.=<<___; ++ pushl %ebx ++ call .pic_point0 ++.pic_point0: ++ popl %ebx ++ addl \$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx ++ call $f\@PLT ++ popl %ebx ++___ ++ } ++ else ++ { $initseg.=<<___; + call $f + ___ ++ } + } + elsif ($::coff) + { $initseg.=<<___; # applies to both Cygwin and Mingw +Index: openssl-1.0.1c/crypto/x86cpuid.pl +=================================================================== +--- openssl-1.0.1c.orig/crypto/x86cpuid.pl 2012-02-28 15:20:34.000000000 +0100 ++++ openssl-1.0.1c/crypto/x86cpuid.pl 2012-07-29 14:15:26.000000000 +0200 +@@ -8,6 +8,8 @@ + + for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } + ++push(@out, ".hidden OPENSSL_ia32cap_P\n"); ++ + &function_begin("OPENSSL_ia32_cpuid"); + &xor ("edx","edx"); + &pushf (); +@@ -139,9 +141,7 @@ + &set_label("nocpuid"); + &function_end("OPENSSL_ia32_cpuid"); + +-&external_label("OPENSSL_ia32cap_P"); +- +-&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); ++&function_begin_B("OPENSSL_rdtsc"); + &xor ("eax","eax"); + &xor ("edx","edx"); + &picmeup("ecx","OPENSSL_ia32cap_P"); +@@ -155,7 +155,7 @@ + # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host], + # but it's safe to call it on any [supported] 32-bit platform... + # Just check for [non-]zero return value... +-&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); ++&function_begin_B("OPENSSL_instrument_halt"); + &picmeup("ecx","OPENSSL_ia32cap_P"); + &bt (&DWP(0,"ecx"),4); + &jnc (&label("nohalt")); # no TSC +@@ -222,7 +222,7 @@ + &ret (); + &function_end_B("OPENSSL_far_spin"); + +-&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); ++&function_begin_B("OPENSSL_wipe_cpu"); + &xor ("eax","eax"); + &xor ("edx","edx"); + &picmeup("ecx","OPENSSL_ia32cap_P"); diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/version-script.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/version-script.patch new file mode 100644 index 00000000..ece8b9b4 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/version-script.patch @@ -0,0 +1,4670 @@ +Upstream-Status: Backport [debian] + +Index: openssl-1.0.1d/Configure +=================================================================== +--- openssl-1.0.1d.orig/Configure 2013-02-06 19:41:43.000000000 +0100 ++++ openssl-1.0.1d/Configure 2013-02-06 19:41:43.000000000 +0100 +@@ -1621,6 +1621,8 @@ + } + } + ++$shared_ldflag .= " -Wl,--version-script=openssl.ld"; ++ + open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n"; + unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new"; + open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n"; +Index: openssl-1.0.1d/openssl.ld +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1d/openssl.ld 2013-02-06 19:44:25.000000000 +0100 +@@ -0,0 +1,4620 @@ ++OPENSSL_1.0.0 { ++ global: ++ BIO_f_ssl; ++ BIO_new_buffer_ssl_connect; ++ BIO_new_ssl; ++ BIO_new_ssl_connect; ++ BIO_proxy_ssl_copy_session_id; ++ BIO_ssl_copy_session_id; ++ BIO_ssl_shutdown; ++ d2i_SSL_SESSION; ++ DTLSv1_client_method; ++ DTLSv1_method; ++ DTLSv1_server_method; ++ ERR_load_SSL_strings; ++ i2d_SSL_SESSION; ++ kssl_build_principal_2; ++ kssl_cget_tkt; ++ kssl_check_authent; ++ kssl_ctx_free; ++ kssl_ctx_new; ++ kssl_ctx_setkey; ++ kssl_ctx_setprinc; ++ kssl_ctx_setstring; ++ kssl_ctx_show; ++ kssl_err_set; ++ kssl_krb5_free_data_contents; ++ kssl_sget_tkt; ++ kssl_skip_confound; ++ kssl_validate_times; ++ PEM_read_bio_SSL_SESSION; ++ PEM_read_SSL_SESSION; ++ PEM_write_bio_SSL_SESSION; ++ PEM_write_SSL_SESSION; ++ SSL_accept; ++ SSL_add_client_CA; ++ SSL_add_dir_cert_subjects_to_stack; ++ SSL_add_dir_cert_subjs_to_stk; ++ SSL_add_file_cert_subjects_to_stack; ++ SSL_add_file_cert_subjs_to_stk; ++ SSL_alert_desc_string; ++ SSL_alert_desc_string_long; ++ SSL_alert_type_string; ++ SSL_alert_type_string_long; ++ SSL_callback_ctrl; ++ SSL_check_private_key; ++ SSL_CIPHER_description; ++ SSL_CIPHER_get_bits; ++ SSL_CIPHER_get_name; ++ SSL_CIPHER_get_version; ++ SSL_clear; ++ SSL_COMP_add_compression_method; ++ SSL_COMP_get_compression_methods; ++ SSL_COMP_get_compress_methods; ++ SSL_COMP_get_name; ++ SSL_connect; ++ SSL_copy_session_id; ++ SSL_ctrl; ++ SSL_CTX_add_client_CA; ++ SSL_CTX_add_session; ++ SSL_CTX_callback_ctrl; ++ SSL_CTX_check_private_key; ++ SSL_CTX_ctrl; ++ SSL_CTX_flush_sessions; ++ SSL_CTX_free; ++ SSL_CTX_get_cert_store; ++ SSL_CTX_get_client_CA_list; ++ SSL_CTX_get_client_cert_cb; ++ SSL_CTX_get_ex_data; ++ SSL_CTX_get_ex_new_index; ++ SSL_CTX_get_info_callback; ++ SSL_CTX_get_quiet_shutdown; ++ SSL_CTX_get_timeout; ++ SSL_CTX_get_verify_callback; ++ SSL_CTX_get_verify_depth; ++ SSL_CTX_get_verify_mode; ++ SSL_CTX_load_verify_locations; ++ SSL_CTX_new; ++ SSL_CTX_remove_session; ++ SSL_CTX_sess_get_get_cb; ++ SSL_CTX_sess_get_new_cb; ++ SSL_CTX_sess_get_remove_cb; ++ SSL_CTX_sessions; ++ SSL_CTX_sess_set_get_cb; ++ SSL_CTX_sess_set_new_cb; ++ SSL_CTX_sess_set_remove_cb; ++ SSL_CTX_set1_param; ++ SSL_CTX_set_cert_store; ++ SSL_CTX_set_cert_verify_callback; ++ SSL_CTX_set_cert_verify_cb; ++ SSL_CTX_set_cipher_list; ++ SSL_CTX_set_client_CA_list; ++ SSL_CTX_set_client_cert_cb; ++ SSL_CTX_set_client_cert_engine; ++ SSL_CTX_set_cookie_generate_cb; ++ SSL_CTX_set_cookie_verify_cb; ++ SSL_CTX_set_default_passwd_cb; ++ SSL_CTX_set_default_passwd_cb_userdata; ++ SSL_CTX_set_default_verify_paths; ++ SSL_CTX_set_def_passwd_cb_ud; ++ SSL_CTX_set_def_verify_paths; ++ SSL_CTX_set_ex_data; ++ SSL_CTX_set_generate_session_id; ++ SSL_CTX_set_info_callback; ++ SSL_CTX_set_msg_callback; ++ SSL_CTX_set_psk_client_callback; ++ SSL_CTX_set_psk_server_callback; ++ SSL_CTX_set_purpose; ++ SSL_CTX_set_quiet_shutdown; ++ SSL_CTX_set_session_id_context; ++ SSL_CTX_set_ssl_version; ++ SSL_CTX_set_timeout; ++ SSL_CTX_set_tmp_dh_callback; ++ SSL_CTX_set_tmp_ecdh_callback; ++ SSL_CTX_set_tmp_rsa_callback; ++ SSL_CTX_set_trust; ++ SSL_CTX_set_verify; ++ SSL_CTX_set_verify_depth; ++ SSL_CTX_use_cert_chain_file; ++ SSL_CTX_use_certificate; ++ SSL_CTX_use_certificate_ASN1; ++ SSL_CTX_use_certificate_chain_file; ++ SSL_CTX_use_certificate_file; ++ SSL_CTX_use_PrivateKey; ++ SSL_CTX_use_PrivateKey_ASN1; ++ SSL_CTX_use_PrivateKey_file; ++ SSL_CTX_use_psk_identity_hint; ++ SSL_CTX_use_RSAPrivateKey; ++ SSL_CTX_use_RSAPrivateKey_ASN1; ++ SSL_CTX_use_RSAPrivateKey_file; ++ SSL_do_handshake; ++ SSL_dup; ++ SSL_dup_CA_list; ++ SSLeay_add_ssl_algorithms; ++ SSL_free; ++ SSL_get1_session; ++ SSL_get_certificate; ++ SSL_get_cipher_list; ++ SSL_get_ciphers; ++ SSL_get_client_CA_list; ++ SSL_get_current_cipher; ++ SSL_get_current_compression; ++ SSL_get_current_expansion; ++ SSL_get_default_timeout; ++ SSL_get_error; ++ SSL_get_ex_data; ++ SSL_get_ex_data_X509_STORE_CTX_idx; ++ SSL_get_ex_d_X509_STORE_CTX_idx; ++ SSL_get_ex_new_index; ++ SSL_get_fd; ++ SSL_get_finished; ++ SSL_get_info_callback; ++ SSL_get_peer_cert_chain; ++ SSL_get_peer_certificate; ++ SSL_get_peer_finished; ++ SSL_get_privatekey; ++ SSL_get_psk_identity; ++ SSL_get_psk_identity_hint; ++ SSL_get_quiet_shutdown; ++ SSL_get_rbio; ++ SSL_get_read_ahead; ++ SSL_get_rfd; ++ SSL_get_servername; ++ SSL_get_servername_type; ++ SSL_get_session; ++ SSL_get_shared_ciphers; ++ SSL_get_shutdown; ++ SSL_get_SSL_CTX; ++ SSL_get_ssl_method; ++ SSL_get_verify_callback; ++ SSL_get_verify_depth; ++ SSL_get_verify_mode; ++ SSL_get_verify_result; ++ SSL_get_version; ++ SSL_get_wbio; ++ SSL_get_wfd; ++ SSL_has_matching_session_id; ++ SSL_library_init; ++ SSL_load_client_CA_file; ++ SSL_load_error_strings; ++ SSL_new; ++ SSL_peek; ++ SSL_pending; ++ SSL_read; ++ SSL_renegotiate; ++ SSL_renegotiate_pending; ++ SSL_rstate_string; ++ SSL_rstate_string_long; ++ SSL_SESSION_cmp; ++ SSL_SESSION_free; ++ SSL_SESSION_get_ex_data; ++ SSL_SESSION_get_ex_new_index; ++ SSL_SESSION_get_id; ++ SSL_SESSION_get_time; ++ SSL_SESSION_get_timeout; ++ SSL_SESSION_hash; ++ SSL_SESSION_new; ++ SSL_SESSION_print; ++ SSL_SESSION_print_fp; ++ SSL_SESSION_set_ex_data; ++ SSL_SESSION_set_time; ++ SSL_SESSION_set_timeout; ++ SSL_set1_param; ++ SSL_set_accept_state; ++ SSL_set_bio; ++ SSL_set_cipher_list; ++ SSL_set_client_CA_list; ++ SSL_set_connect_state; ++ SSL_set_ex_data; ++ SSL_set_fd; ++ SSL_set_generate_session_id; ++ SSL_set_info_callback; ++ SSL_set_msg_callback; ++ SSL_set_psk_client_callback; ++ SSL_set_psk_server_callback; ++ SSL_set_purpose; ++ SSL_set_quiet_shutdown; ++ SSL_set_read_ahead; ++ SSL_set_rfd; ++ SSL_set_session; ++ SSL_set_session_id_context; ++ SSL_set_session_secret_cb; ++ SSL_set_session_ticket_ext; ++ SSL_set_session_ticket_ext_cb; ++ SSL_set_shutdown; ++ SSL_set_SSL_CTX; ++ SSL_set_ssl_method; ++ SSL_set_tmp_dh_callback; ++ SSL_set_tmp_ecdh_callback; ++ SSL_set_tmp_rsa_callback; ++ SSL_set_trust; ++ SSL_set_verify; ++ SSL_set_verify_depth; ++ SSL_set_verify_result; ++ SSL_set_wfd; ++ SSL_shutdown; ++ SSL_state; ++ SSL_state_string; ++ SSL_state_string_long; ++ SSL_use_certificate; ++ SSL_use_certificate_ASN1; ++ SSL_use_certificate_file; ++ SSL_use_PrivateKey; ++ SSL_use_PrivateKey_ASN1; ++ SSL_use_PrivateKey_file; ++ SSL_use_psk_identity_hint; ++ SSL_use_RSAPrivateKey; ++ SSL_use_RSAPrivateKey_ASN1; ++ SSL_use_RSAPrivateKey_file; ++ SSLv23_client_method; ++ SSLv23_method; ++ SSLv23_server_method; ++ SSLv2_client_method; ++ SSLv2_method; ++ SSLv2_server_method; ++ SSLv3_client_method; ++ SSLv3_method; ++ SSLv3_server_method; ++ SSL_version; ++ SSL_want; ++ SSL_write; ++ TLSv1_client_method; ++ TLSv1_method; ++ TLSv1_server_method; ++ ++ ++ SSLeay; ++ SSLeay_version; ++ ASN1_BIT_STRING_asn1_meth; ++ ASN1_HEADER_free; ++ ASN1_HEADER_new; ++ ASN1_IA5STRING_asn1_meth; ++ ASN1_INTEGER_get; ++ ASN1_INTEGER_set; ++ ASN1_INTEGER_to_BN; ++ ASN1_OBJECT_create; ++ ASN1_OBJECT_free; ++ ASN1_OBJECT_new; ++ ASN1_PRINTABLE_type; ++ ASN1_STRING_cmp; ++ ASN1_STRING_dup; ++ ASN1_STRING_free; ++ ASN1_STRING_new; ++ ASN1_STRING_print; ++ ASN1_STRING_set; ++ ASN1_STRING_type_new; ++ ASN1_TYPE_free; ++ ASN1_TYPE_new; ++ ASN1_UNIVERSALSTRING_to_string; ++ ASN1_UTCTIME_check; ++ ASN1_UTCTIME_print; ++ ASN1_UTCTIME_set; ++ ASN1_check_infinite_end; ++ ASN1_d2i_bio; ++ ASN1_d2i_fp; ++ ASN1_digest; ++ ASN1_dup; ++ ASN1_get_object; ++ ASN1_i2d_bio; ++ ASN1_i2d_fp; ++ ASN1_object_size; ++ ASN1_parse; ++ ASN1_put_object; ++ ASN1_sign; ++ ASN1_verify; ++ BF_cbc_encrypt; ++ BF_cfb64_encrypt; ++ BF_ecb_encrypt; ++ BF_encrypt; ++ BF_ofb64_encrypt; ++ BF_options; ++ BF_set_key; ++ BIO_CONNECT_free; ++ BIO_CONNECT_new; ++ BIO_accept; ++ BIO_ctrl; ++ BIO_int_ctrl; ++ BIO_debug_callback; ++ BIO_dump; ++ BIO_dup_chain; ++ BIO_f_base64; ++ BIO_f_buffer; ++ BIO_f_cipher; ++ BIO_f_md; ++ BIO_f_null; ++ BIO_f_proxy_server; ++ BIO_fd_non_fatal_error; ++ BIO_fd_should_retry; ++ BIO_find_type; ++ BIO_free; ++ BIO_free_all; ++ BIO_get_accept_socket; ++ BIO_get_filter_bio; ++ BIO_get_host_ip; ++ BIO_get_port; ++ BIO_get_retry_BIO; ++ BIO_get_retry_reason; ++ BIO_gethostbyname; ++ BIO_gets; ++ BIO_new; ++ BIO_new_accept; ++ BIO_new_connect; ++ BIO_new_fd; ++ BIO_new_file; ++ BIO_new_fp; ++ BIO_new_socket; ++ BIO_pop; ++ BIO_printf; ++ BIO_push; ++ BIO_puts; ++ BIO_read; ++ BIO_s_accept; ++ BIO_s_connect; ++ BIO_s_fd; ++ BIO_s_file; ++ BIO_s_mem; ++ BIO_s_null; ++ BIO_s_proxy_client; ++ BIO_s_socket; ++ BIO_set; ++ BIO_set_cipher; ++ BIO_set_tcp_ndelay; ++ BIO_sock_cleanup; ++ BIO_sock_error; ++ BIO_sock_init; ++ BIO_sock_non_fatal_error; ++ BIO_sock_should_retry; ++ BIO_socket_ioctl; ++ BIO_write; ++ BN_CTX_free; ++ BN_CTX_new; ++ BN_MONT_CTX_free; ++ BN_MONT_CTX_new; ++ BN_MONT_CTX_set; ++ BN_add; ++ BN_add_word; ++ BN_hex2bn; ++ BN_bin2bn; ++ BN_bn2hex; ++ BN_bn2bin; ++ BN_clear; ++ BN_clear_bit; ++ BN_clear_free; ++ BN_cmp; ++ BN_copy; ++ BN_div; ++ BN_div_word; ++ BN_dup; ++ BN_free; ++ BN_from_montgomery; ++ BN_gcd; ++ BN_generate_prime; ++ BN_get_word; ++ BN_is_bit_set; ++ BN_is_prime; ++ BN_lshift; ++ BN_lshift1; ++ BN_mask_bits; ++ BN_mod; ++ BN_mod_exp; ++ BN_mod_exp_mont; ++ BN_mod_exp_simple; ++ BN_mod_inverse; ++ BN_mod_mul; ++ BN_mod_mul_montgomery; ++ BN_mod_word; ++ BN_mul; ++ BN_new; ++ BN_num_bits; ++ BN_num_bits_word; ++ BN_options; ++ BN_print; ++ BN_print_fp; ++ BN_rand; ++ BN_reciprocal; ++ BN_rshift; ++ BN_rshift1; ++ BN_set_bit; ++ BN_set_word; ++ BN_sqr; ++ BN_sub; ++ BN_to_ASN1_INTEGER; ++ BN_ucmp; ++ BN_value_one; ++ BUF_MEM_free; ++ BUF_MEM_grow; ++ BUF_MEM_new; ++ BUF_strdup; ++ CONF_free; ++ CONF_get_number; ++ CONF_get_section; ++ CONF_get_string; ++ CONF_load; ++ CRYPTO_add_lock; ++ CRYPTO_dbg_free; ++ CRYPTO_dbg_malloc; ++ CRYPTO_dbg_realloc; ++ CRYPTO_dbg_remalloc; ++ CRYPTO_free; ++ CRYPTO_get_add_lock_callback; ++ CRYPTO_get_id_callback; ++ CRYPTO_get_lock_name; ++ CRYPTO_get_locking_callback; ++ CRYPTO_get_mem_functions; ++ CRYPTO_lock; ++ CRYPTO_malloc; ++ CRYPTO_mem_ctrl; ++ CRYPTO_mem_leaks; ++ CRYPTO_mem_leaks_cb; ++ CRYPTO_mem_leaks_fp; ++ CRYPTO_realloc; ++ CRYPTO_remalloc; ++ CRYPTO_set_add_lock_callback; ++ CRYPTO_set_id_callback; ++ CRYPTO_set_locking_callback; ++ CRYPTO_set_mem_functions; ++ CRYPTO_thread_id; ++ DH_check; ++ DH_compute_key; ++ DH_free; ++ DH_generate_key; ++ DH_generate_parameters; ++ DH_new; ++ DH_size; ++ DHparams_print; ++ DHparams_print_fp; ++ DSA_free; ++ DSA_generate_key; ++ DSA_generate_parameters; ++ DSA_is_prime; ++ DSA_new; ++ DSA_print; ++ DSA_print_fp; ++ DSA_sign; ++ DSA_sign_setup; ++ DSA_size; ++ DSA_verify; ++ DSAparams_print; ++ DSAparams_print_fp; ++ ERR_clear_error; ++ ERR_error_string; ++ ERR_free_strings; ++ ERR_func_error_string; ++ ERR_get_err_state_table; ++ ERR_get_error; ++ ERR_get_error_line; ++ ERR_get_state; ++ ERR_get_string_table; ++ ERR_lib_error_string; ++ ERR_load_ASN1_strings; ++ ERR_load_BIO_strings; ++ ERR_load_BN_strings; ++ ERR_load_BUF_strings; ++ ERR_load_CONF_strings; ++ ERR_load_DH_strings; ++ ERR_load_DSA_strings; ++ ERR_load_ERR_strings; ++ ERR_load_EVP_strings; ++ ERR_load_OBJ_strings; ++ ERR_load_PEM_strings; ++ ERR_load_PROXY_strings; ++ ERR_load_RSA_strings; ++ ERR_load_X509_strings; ++ ERR_load_crypto_strings; ++ ERR_load_strings; ++ ERR_peek_error; ++ ERR_peek_error_line; ++ ERR_print_errors; ++ ERR_print_errors_fp; ++ ERR_put_error; ++ ERR_reason_error_string; ++ ERR_remove_state; ++ EVP_BytesToKey; ++ EVP_CIPHER_CTX_cleanup; ++ EVP_CipherFinal; ++ EVP_CipherInit; ++ EVP_CipherUpdate; ++ EVP_DecodeBlock; ++ EVP_DecodeFinal; ++ EVP_DecodeInit; ++ EVP_DecodeUpdate; ++ EVP_DecryptFinal; ++ EVP_DecryptInit; ++ EVP_DecryptUpdate; ++ EVP_DigestFinal; ++ EVP_DigestInit; ++ EVP_DigestUpdate; ++ EVP_EncodeBlock; ++ EVP_EncodeFinal; ++ EVP_EncodeInit; ++ EVP_EncodeUpdate; ++ EVP_EncryptFinal; ++ EVP_EncryptInit; ++ EVP_EncryptUpdate; ++ EVP_OpenFinal; ++ EVP_OpenInit; ++ EVP_PKEY_assign; ++ EVP_PKEY_copy_parameters; ++ EVP_PKEY_free; ++ EVP_PKEY_missing_parameters; ++ EVP_PKEY_new; ++ EVP_PKEY_save_parameters; ++ EVP_PKEY_size; ++ EVP_PKEY_type; ++ EVP_SealFinal; ++ EVP_SealInit; ++ EVP_SignFinal; ++ EVP_VerifyFinal; ++ EVP_add_alias; ++ EVP_add_cipher; ++ EVP_add_digest; ++ EVP_bf_cbc; ++ EVP_bf_cfb64; ++ EVP_bf_ecb; ++ EVP_bf_ofb; ++ EVP_cleanup; ++ EVP_des_cbc; ++ EVP_des_cfb64; ++ EVP_des_ecb; ++ EVP_des_ede; ++ EVP_des_ede3; ++ EVP_des_ede3_cbc; ++ EVP_des_ede3_cfb64; ++ EVP_des_ede3_ofb; ++ EVP_des_ede_cbc; ++ EVP_des_ede_cfb64; ++ EVP_des_ede_ofb; ++ EVP_des_ofb; ++ EVP_desx_cbc; ++ EVP_dss; ++ EVP_dss1; ++ EVP_enc_null; ++ EVP_get_cipherbyname; ++ EVP_get_digestbyname; ++ EVP_get_pw_prompt; ++ EVP_idea_cbc; ++ EVP_idea_cfb64; ++ EVP_idea_ecb; ++ EVP_idea_ofb; ++ EVP_md2; ++ EVP_md5; ++ EVP_md_null; ++ EVP_rc2_cbc; ++ EVP_rc2_cfb64; ++ EVP_rc2_ecb; ++ EVP_rc2_ofb; ++ EVP_rc4; ++ EVP_read_pw_string; ++ EVP_set_pw_prompt; ++ EVP_sha; ++ EVP_sha1; ++ MD2; ++ MD2_Final; ++ MD2_Init; ++ MD2_Update; ++ MD2_options; ++ MD5; ++ MD5_Final; ++ MD5_Init; ++ MD5_Update; ++ MDC2; ++ MDC2_Final; ++ MDC2_Init; ++ MDC2_Update; ++ NETSCAPE_SPKAC_free; ++ NETSCAPE_SPKAC_new; ++ NETSCAPE_SPKI_free; ++ NETSCAPE_SPKI_new; ++ NETSCAPE_SPKI_sign; ++ NETSCAPE_SPKI_verify; ++ OBJ_add_object; ++ OBJ_bsearch; ++ OBJ_cleanup; ++ OBJ_cmp; ++ OBJ_create; ++ OBJ_dup; ++ OBJ_ln2nid; ++ OBJ_new_nid; ++ OBJ_nid2ln; ++ OBJ_nid2obj; ++ OBJ_nid2sn; ++ OBJ_obj2nid; ++ OBJ_sn2nid; ++ OBJ_txt2nid; ++ PEM_ASN1_read; ++ PEM_ASN1_read_bio; ++ PEM_ASN1_write; ++ PEM_ASN1_write_bio; ++ PEM_SealFinal; ++ PEM_SealInit; ++ PEM_SealUpdate; ++ PEM_SignFinal; ++ PEM_SignInit; ++ PEM_SignUpdate; ++ PEM_X509_INFO_read; ++ PEM_X509_INFO_read_bio; ++ PEM_X509_INFO_write_bio; ++ PEM_dek_info; ++ PEM_do_header; ++ PEM_get_EVP_CIPHER_INFO; ++ PEM_proc_type; ++ PEM_read; ++ PEM_read_DHparams; ++ PEM_read_DSAPrivateKey; ++ PEM_read_DSAparams; ++ PEM_read_PKCS7; ++ PEM_read_PrivateKey; ++ PEM_read_RSAPrivateKey; ++ PEM_read_X509; ++ PEM_read_X509_CRL; ++ PEM_read_X509_REQ; ++ PEM_read_bio; ++ PEM_read_bio_DHparams; ++ PEM_read_bio_DSAPrivateKey; ++ PEM_read_bio_DSAparams; ++ PEM_read_bio_PKCS7; ++ PEM_read_bio_PrivateKey; ++ PEM_read_bio_RSAPrivateKey; ++ PEM_read_bio_X509; ++ PEM_read_bio_X509_CRL; ++ PEM_read_bio_X509_REQ; ++ PEM_write; ++ PEM_write_DHparams; ++ PEM_write_DSAPrivateKey; ++ PEM_write_DSAparams; ++ PEM_write_PKCS7; ++ PEM_write_PrivateKey; ++ PEM_write_RSAPrivateKey; ++ PEM_write_X509; ++ PEM_write_X509_CRL; ++ PEM_write_X509_REQ; ++ PEM_write_bio; ++ PEM_write_bio_DHparams; ++ PEM_write_bio_DSAPrivateKey; ++ PEM_write_bio_DSAparams; ++ PEM_write_bio_PKCS7; ++ PEM_write_bio_PrivateKey; ++ PEM_write_bio_RSAPrivateKey; ++ PEM_write_bio_X509; ++ PEM_write_bio_X509_CRL; ++ PEM_write_bio_X509_REQ; ++ PKCS7_DIGEST_free; ++ PKCS7_DIGEST_new; ++ PKCS7_ENCRYPT_free; ++ PKCS7_ENCRYPT_new; ++ PKCS7_ENC_CONTENT_free; ++ PKCS7_ENC_CONTENT_new; ++ PKCS7_ENVELOPE_free; ++ PKCS7_ENVELOPE_new; ++ PKCS7_ISSUER_AND_SERIAL_digest; ++ PKCS7_ISSUER_AND_SERIAL_free; ++ PKCS7_ISSUER_AND_SERIAL_new; ++ PKCS7_RECIP_INFO_free; ++ PKCS7_RECIP_INFO_new; ++ PKCS7_SIGNED_free; ++ PKCS7_SIGNED_new; ++ PKCS7_SIGNER_INFO_free; ++ PKCS7_SIGNER_INFO_new; ++ PKCS7_SIGN_ENVELOPE_free; ++ PKCS7_SIGN_ENVELOPE_new; ++ PKCS7_dup; ++ PKCS7_free; ++ PKCS7_new; ++ PROXY_ENTRY_add_noproxy; ++ PROXY_ENTRY_clear_noproxy; ++ PROXY_ENTRY_free; ++ PROXY_ENTRY_get_noproxy; ++ PROXY_ENTRY_new; ++ PROXY_ENTRY_set_server; ++ PROXY_add_noproxy; ++ PROXY_add_server; ++ PROXY_check_by_host; ++ PROXY_check_url; ++ PROXY_clear_noproxy; ++ PROXY_free; ++ PROXY_get_noproxy; ++ PROXY_get_proxies; ++ PROXY_get_proxy_entry; ++ PROXY_load_conf; ++ PROXY_new; ++ PROXY_print; ++ RAND_bytes; ++ RAND_cleanup; ++ RAND_file_name; ++ RAND_load_file; ++ RAND_screen; ++ RAND_seed; ++ RAND_write_file; ++ RC2_cbc_encrypt; ++ RC2_cfb64_encrypt; ++ RC2_ecb_encrypt; ++ RC2_encrypt; ++ RC2_ofb64_encrypt; ++ RC2_set_key; ++ RC4; ++ RC4_options; ++ RC4_set_key; ++ RSAPrivateKey_asn1_meth; ++ RSAPrivateKey_dup; ++ RSAPublicKey_dup; ++ RSA_PKCS1_SSLeay; ++ RSA_free; ++ RSA_generate_key; ++ RSA_new; ++ RSA_new_method; ++ RSA_print; ++ RSA_print_fp; ++ RSA_private_decrypt; ++ RSA_private_encrypt; ++ RSA_public_decrypt; ++ RSA_public_encrypt; ++ RSA_set_default_method; ++ RSA_sign; ++ RSA_sign_ASN1_OCTET_STRING; ++ RSA_size; ++ RSA_verify; ++ RSA_verify_ASN1_OCTET_STRING; ++ SHA; ++ SHA1; ++ SHA1_Final; ++ SHA1_Init; ++ SHA1_Update; ++ SHA_Final; ++ SHA_Init; ++ SHA_Update; ++ OpenSSL_add_all_algorithms; ++ OpenSSL_add_all_ciphers; ++ OpenSSL_add_all_digests; ++ TXT_DB_create_index; ++ TXT_DB_free; ++ TXT_DB_get_by_index; ++ TXT_DB_insert; ++ TXT_DB_read; ++ TXT_DB_write; ++ X509_ALGOR_free; ++ X509_ALGOR_new; ++ X509_ATTRIBUTE_free; ++ X509_ATTRIBUTE_new; ++ X509_CINF_free; ++ X509_CINF_new; ++ X509_CRL_INFO_free; ++ X509_CRL_INFO_new; ++ X509_CRL_add_ext; ++ X509_CRL_cmp; ++ X509_CRL_delete_ext; ++ X509_CRL_dup; ++ X509_CRL_free; ++ X509_CRL_get_ext; ++ X509_CRL_get_ext_by_NID; ++ X509_CRL_get_ext_by_OBJ; ++ X509_CRL_get_ext_by_critical; ++ X509_CRL_get_ext_count; ++ X509_CRL_new; ++ X509_CRL_sign; ++ X509_CRL_verify; ++ X509_EXTENSION_create_by_NID; ++ X509_EXTENSION_create_by_OBJ; ++ X509_EXTENSION_dup; ++ X509_EXTENSION_free; ++ X509_EXTENSION_get_critical; ++ X509_EXTENSION_get_data; ++ X509_EXTENSION_get_object; ++ X509_EXTENSION_new; ++ X509_EXTENSION_set_critical; ++ X509_EXTENSION_set_data; ++ X509_EXTENSION_set_object; ++ X509_INFO_free; ++ X509_INFO_new; ++ X509_LOOKUP_by_alias; ++ X509_LOOKUP_by_fingerprint; ++ X509_LOOKUP_by_issuer_serial; ++ X509_LOOKUP_by_subject; ++ X509_LOOKUP_ctrl; ++ X509_LOOKUP_file; ++ X509_LOOKUP_free; ++ X509_LOOKUP_hash_dir; ++ X509_LOOKUP_init; ++ X509_LOOKUP_new; ++ X509_LOOKUP_shutdown; ++ X509_NAME_ENTRY_create_by_NID; ++ X509_NAME_ENTRY_create_by_OBJ; ++ X509_NAME_ENTRY_dup; ++ X509_NAME_ENTRY_free; ++ X509_NAME_ENTRY_get_data; ++ X509_NAME_ENTRY_get_object; ++ X509_NAME_ENTRY_new; ++ X509_NAME_ENTRY_set_data; ++ X509_NAME_ENTRY_set_object; ++ X509_NAME_add_entry; ++ X509_NAME_cmp; ++ X509_NAME_delete_entry; ++ X509_NAME_digest; ++ X509_NAME_dup; ++ X509_NAME_entry_count; ++ X509_NAME_free; ++ X509_NAME_get_entry; ++ X509_NAME_get_index_by_NID; ++ X509_NAME_get_index_by_OBJ; ++ X509_NAME_get_text_by_NID; ++ X509_NAME_get_text_by_OBJ; ++ X509_NAME_hash; ++ X509_NAME_new; ++ X509_NAME_oneline; ++ X509_NAME_print; ++ X509_NAME_set; ++ X509_OBJECT_free_contents; ++ X509_OBJECT_retrieve_by_subject; ++ X509_OBJECT_up_ref_count; ++ X509_PKEY_free; ++ X509_PKEY_new; ++ X509_PUBKEY_free; ++ X509_PUBKEY_get; ++ X509_PUBKEY_new; ++ X509_PUBKEY_set; ++ X509_REQ_INFO_free; ++ X509_REQ_INFO_new; ++ X509_REQ_dup; ++ X509_REQ_free; ++ X509_REQ_get_pubkey; ++ X509_REQ_new; ++ X509_REQ_print; ++ X509_REQ_print_fp; ++ X509_REQ_set_pubkey; ++ X509_REQ_set_subject_name; ++ X509_REQ_set_version; ++ X509_REQ_sign; ++ X509_REQ_to_X509; ++ X509_REQ_verify; ++ X509_REVOKED_add_ext; ++ X509_REVOKED_delete_ext; ++ X509_REVOKED_free; ++ X509_REVOKED_get_ext; ++ X509_REVOKED_get_ext_by_NID; ++ X509_REVOKED_get_ext_by_OBJ; ++ X509_REVOKED_get_ext_by_critical; ++ X509_REVOKED_get_ext_by_critic; ++ X509_REVOKED_get_ext_count; ++ X509_REVOKED_new; ++ X509_SIG_free; ++ X509_SIG_new; ++ X509_STORE_CTX_cleanup; ++ X509_STORE_CTX_init; ++ X509_STORE_add_cert; ++ X509_STORE_add_lookup; ++ X509_STORE_free; ++ X509_STORE_get_by_subject; ++ X509_STORE_load_locations; ++ X509_STORE_new; ++ X509_STORE_set_default_paths; ++ X509_VAL_free; ++ X509_VAL_new; ++ X509_add_ext; ++ X509_asn1_meth; ++ X509_certificate_type; ++ X509_check_private_key; ++ X509_cmp_current_time; ++ X509_delete_ext; ++ X509_digest; ++ X509_dup; ++ X509_free; ++ X509_get_default_cert_area; ++ X509_get_default_cert_dir; ++ X509_get_default_cert_dir_env; ++ X509_get_default_cert_file; ++ X509_get_default_cert_file_env; ++ X509_get_default_private_dir; ++ X509_get_ext; ++ X509_get_ext_by_NID; ++ X509_get_ext_by_OBJ; ++ X509_get_ext_by_critical; ++ X509_get_ext_count; ++ X509_get_issuer_name; ++ X509_get_pubkey; ++ X509_get_pubkey_parameters; ++ X509_get_serialNumber; ++ X509_get_subject_name; ++ X509_gmtime_adj; ++ X509_issuer_and_serial_cmp; ++ X509_issuer_and_serial_hash; ++ X509_issuer_name_cmp; ++ X509_issuer_name_hash; ++ X509_load_cert_file; ++ X509_new; ++ X509_print; ++ X509_print_fp; ++ X509_set_issuer_name; ++ X509_set_notAfter; ++ X509_set_notBefore; ++ X509_set_pubkey; ++ X509_set_serialNumber; ++ X509_set_subject_name; ++ X509_set_version; ++ X509_sign; ++ X509_subject_name_cmp; ++ X509_subject_name_hash; ++ X509_to_X509_REQ; ++ X509_verify; ++ X509_verify_cert; ++ X509_verify_cert_error_string; ++ X509v3_add_ext; ++ X509v3_add_extension; ++ X509v3_add_netscape_extensions; ++ X509v3_add_standard_extensions; ++ X509v3_cleanup_extensions; ++ X509v3_data_type_by_NID; ++ X509v3_data_type_by_OBJ; ++ X509v3_delete_ext; ++ X509v3_get_ext; ++ X509v3_get_ext_by_NID; ++ X509v3_get_ext_by_OBJ; ++ X509v3_get_ext_by_critical; ++ X509v3_get_ext_count; ++ X509v3_pack_string; ++ X509v3_pack_type_by_NID; ++ X509v3_pack_type_by_OBJ; ++ X509v3_unpack_string; ++ _des_crypt; ++ a2d_ASN1_OBJECT; ++ a2i_ASN1_INTEGER; ++ a2i_ASN1_STRING; ++ asn1_Finish; ++ asn1_GetSequence; ++ bn_div_words; ++ bn_expand2; ++ bn_mul_add_words; ++ bn_mul_words; ++ BN_uadd; ++ BN_usub; ++ bn_sqr_words; ++ _ossl_old_crypt; ++ d2i_ASN1_BIT_STRING; ++ d2i_ASN1_BOOLEAN; ++ d2i_ASN1_HEADER; ++ d2i_ASN1_IA5STRING; ++ d2i_ASN1_INTEGER; ++ d2i_ASN1_OBJECT; ++ d2i_ASN1_OCTET_STRING; ++ d2i_ASN1_PRINTABLE; ++ d2i_ASN1_PRINTABLESTRING; ++ d2i_ASN1_SET; ++ d2i_ASN1_T61STRING; ++ d2i_ASN1_TYPE; ++ d2i_ASN1_UTCTIME; ++ d2i_ASN1_bytes; ++ d2i_ASN1_type_bytes; ++ d2i_DHparams; ++ d2i_DSAPrivateKey; ++ d2i_DSAPrivateKey_bio; ++ d2i_DSAPrivateKey_fp; ++ d2i_DSAPublicKey; ++ d2i_DSAparams; ++ d2i_NETSCAPE_SPKAC; ++ d2i_NETSCAPE_SPKI; ++ d2i_Netscape_RSA; ++ d2i_PKCS7; ++ d2i_PKCS7_DIGEST; ++ d2i_PKCS7_ENCRYPT; ++ d2i_PKCS7_ENC_CONTENT; ++ d2i_PKCS7_ENVELOPE; ++ d2i_PKCS7_ISSUER_AND_SERIAL; ++ d2i_PKCS7_RECIP_INFO; ++ d2i_PKCS7_SIGNED; ++ d2i_PKCS7_SIGNER_INFO; ++ d2i_PKCS7_SIGN_ENVELOPE; ++ d2i_PKCS7_bio; ++ d2i_PKCS7_fp; ++ d2i_PrivateKey; ++ d2i_PublicKey; ++ d2i_RSAPrivateKey; ++ d2i_RSAPrivateKey_bio; ++ d2i_RSAPrivateKey_fp; ++ d2i_RSAPublicKey; ++ d2i_X509; ++ d2i_X509_ALGOR; ++ d2i_X509_ATTRIBUTE; ++ d2i_X509_CINF; ++ d2i_X509_CRL; ++ d2i_X509_CRL_INFO; ++ d2i_X509_CRL_bio; ++ d2i_X509_CRL_fp; ++ d2i_X509_EXTENSION; ++ d2i_X509_NAME; ++ d2i_X509_NAME_ENTRY; ++ d2i_X509_PKEY; ++ d2i_X509_PUBKEY; ++ d2i_X509_REQ; ++ d2i_X509_REQ_INFO; ++ d2i_X509_REQ_bio; ++ d2i_X509_REQ_fp; ++ d2i_X509_REVOKED; ++ d2i_X509_SIG; ++ d2i_X509_VAL; ++ d2i_X509_bio; ++ d2i_X509_fp; ++ DES_cbc_cksum; ++ DES_cbc_encrypt; ++ DES_cblock_print_file; ++ DES_cfb64_encrypt; ++ DES_cfb_encrypt; ++ DES_decrypt3; ++ DES_ecb3_encrypt; ++ DES_ecb_encrypt; ++ DES_ede3_cbc_encrypt; ++ DES_ede3_cfb64_encrypt; ++ DES_ede3_ofb64_encrypt; ++ DES_enc_read; ++ DES_enc_write; ++ DES_encrypt1; ++ DES_encrypt2; ++ DES_encrypt3; ++ DES_fcrypt; ++ DES_is_weak_key; ++ DES_key_sched; ++ DES_ncbc_encrypt; ++ DES_ofb64_encrypt; ++ DES_ofb_encrypt; ++ DES_options; ++ DES_pcbc_encrypt; ++ DES_quad_cksum; ++ DES_random_key; ++ _ossl_old_des_random_seed; ++ _ossl_old_des_read_2passwords; ++ _ossl_old_des_read_password; ++ _ossl_old_des_read_pw; ++ _ossl_old_des_read_pw_string; ++ DES_set_key; ++ DES_set_odd_parity; ++ DES_string_to_2keys; ++ DES_string_to_key; ++ DES_xcbc_encrypt; ++ DES_xwhite_in2out; ++ fcrypt_body; ++ i2a_ASN1_INTEGER; ++ i2a_ASN1_OBJECT; ++ i2a_ASN1_STRING; ++ i2d_ASN1_BIT_STRING; ++ i2d_ASN1_BOOLEAN; ++ i2d_ASN1_HEADER; ++ i2d_ASN1_IA5STRING; ++ i2d_ASN1_INTEGER; ++ i2d_ASN1_OBJECT; ++ i2d_ASN1_OCTET_STRING; ++ i2d_ASN1_PRINTABLE; ++ i2d_ASN1_SET; ++ i2d_ASN1_TYPE; ++ i2d_ASN1_UTCTIME; ++ i2d_ASN1_bytes; ++ i2d_DHparams; ++ i2d_DSAPrivateKey; ++ i2d_DSAPrivateKey_bio; ++ i2d_DSAPrivateKey_fp; ++ i2d_DSAPublicKey; ++ i2d_DSAparams; ++ i2d_NETSCAPE_SPKAC; ++ i2d_NETSCAPE_SPKI; ++ i2d_Netscape_RSA; ++ i2d_PKCS7; ++ i2d_PKCS7_DIGEST; ++ i2d_PKCS7_ENCRYPT; ++ i2d_PKCS7_ENC_CONTENT; ++ i2d_PKCS7_ENVELOPE; ++ i2d_PKCS7_ISSUER_AND_SERIAL; ++ i2d_PKCS7_RECIP_INFO; ++ i2d_PKCS7_SIGNED; ++ i2d_PKCS7_SIGNER_INFO; ++ i2d_PKCS7_SIGN_ENVELOPE; ++ i2d_PKCS7_bio; ++ i2d_PKCS7_fp; ++ i2d_PrivateKey; ++ i2d_PublicKey; ++ i2d_RSAPrivateKey; ++ i2d_RSAPrivateKey_bio; ++ i2d_RSAPrivateKey_fp; ++ i2d_RSAPublicKey; ++ i2d_X509; ++ i2d_X509_ALGOR; ++ i2d_X509_ATTRIBUTE; ++ i2d_X509_CINF; ++ i2d_X509_CRL; ++ i2d_X509_CRL_INFO; ++ i2d_X509_CRL_bio; ++ i2d_X509_CRL_fp; ++ i2d_X509_EXTENSION; ++ i2d_X509_NAME; ++ i2d_X509_NAME_ENTRY; ++ i2d_X509_PKEY; ++ i2d_X509_PUBKEY; ++ i2d_X509_REQ; ++ i2d_X509_REQ_INFO; ++ i2d_X509_REQ_bio; ++ i2d_X509_REQ_fp; ++ i2d_X509_REVOKED; ++ i2d_X509_SIG; ++ i2d_X509_VAL; ++ i2d_X509_bio; ++ i2d_X509_fp; ++ idea_cbc_encrypt; ++ idea_cfb64_encrypt; ++ idea_ecb_encrypt; ++ idea_encrypt; ++ idea_ofb64_encrypt; ++ idea_options; ++ idea_set_decrypt_key; ++ idea_set_encrypt_key; ++ lh_delete; ++ lh_doall; ++ lh_doall_arg; ++ lh_free; ++ lh_insert; ++ lh_new; ++ lh_node_stats; ++ lh_node_stats_bio; ++ lh_node_usage_stats; ++ lh_node_usage_stats_bio; ++ lh_retrieve; ++ lh_stats; ++ lh_stats_bio; ++ lh_strhash; ++ sk_delete; ++ sk_delete_ptr; ++ sk_dup; ++ sk_find; ++ sk_free; ++ sk_insert; ++ sk_new; ++ sk_pop; ++ sk_pop_free; ++ sk_push; ++ sk_set_cmp_func; ++ sk_shift; ++ sk_unshift; ++ sk_zero; ++ BIO_f_nbio_test; ++ ASN1_TYPE_get; ++ ASN1_TYPE_set; ++ PKCS7_content_free; ++ ERR_load_PKCS7_strings; ++ X509_find_by_issuer_and_serial; ++ X509_find_by_subject; ++ PKCS7_ctrl; ++ PKCS7_set_type; ++ PKCS7_set_content; ++ PKCS7_SIGNER_INFO_set; ++ PKCS7_add_signer; ++ PKCS7_add_certificate; ++ PKCS7_add_crl; ++ PKCS7_content_new; ++ PKCS7_dataSign; ++ PKCS7_dataVerify; ++ PKCS7_dataInit; ++ PKCS7_add_signature; ++ PKCS7_cert_from_signer_info; ++ PKCS7_get_signer_info; ++ EVP_delete_alias; ++ EVP_mdc2; ++ PEM_read_bio_RSAPublicKey; ++ PEM_write_bio_RSAPublicKey; ++ d2i_RSAPublicKey_bio; ++ i2d_RSAPublicKey_bio; ++ PEM_read_RSAPublicKey; ++ PEM_write_RSAPublicKey; ++ d2i_RSAPublicKey_fp; ++ i2d_RSAPublicKey_fp; ++ BIO_copy_next_retry; ++ RSA_flags; ++ X509_STORE_add_crl; ++ X509_load_crl_file; ++ EVP_rc2_40_cbc; ++ EVP_rc4_40; ++ EVP_CIPHER_CTX_init; ++ HMAC; ++ HMAC_Init; ++ HMAC_Update; ++ HMAC_Final; ++ ERR_get_next_error_library; ++ EVP_PKEY_cmp_parameters; ++ HMAC_cleanup; ++ BIO_ptr_ctrl; ++ BIO_new_file_internal; ++ BIO_new_fp_internal; ++ BIO_s_file_internal; ++ BN_BLINDING_convert; ++ BN_BLINDING_invert; ++ BN_BLINDING_update; ++ RSA_blinding_on; ++ RSA_blinding_off; ++ i2t_ASN1_OBJECT; ++ BN_BLINDING_new; ++ BN_BLINDING_free; ++ EVP_cast5_cbc; ++ EVP_cast5_cfb64; ++ EVP_cast5_ecb; ++ EVP_cast5_ofb; ++ BF_decrypt; ++ CAST_set_key; ++ CAST_encrypt; ++ CAST_decrypt; ++ CAST_ecb_encrypt; ++ CAST_cbc_encrypt; ++ CAST_cfb64_encrypt; ++ CAST_ofb64_encrypt; ++ RC2_decrypt; ++ OBJ_create_objects; ++ BN_exp; ++ BN_mul_word; ++ BN_sub_word; ++ BN_dec2bn; ++ BN_bn2dec; ++ BIO_ghbn_ctrl; ++ CRYPTO_free_ex_data; ++ CRYPTO_get_ex_data; ++ CRYPTO_set_ex_data; ++ ERR_load_CRYPTO_strings; ++ ERR_load_CRYPTOlib_strings; ++ EVP_PKEY_bits; ++ MD5_Transform; ++ SHA1_Transform; ++ SHA_Transform; ++ X509_STORE_CTX_get_chain; ++ X509_STORE_CTX_get_current_cert; ++ X509_STORE_CTX_get_error; ++ X509_STORE_CTX_get_error_depth; ++ X509_STORE_CTX_get_ex_data; ++ X509_STORE_CTX_set_cert; ++ X509_STORE_CTX_set_chain; ++ X509_STORE_CTX_set_error; ++ X509_STORE_CTX_set_ex_data; ++ CRYPTO_dup_ex_data; ++ CRYPTO_get_new_lockid; ++ CRYPTO_new_ex_data; ++ RSA_set_ex_data; ++ RSA_get_ex_data; ++ RSA_get_ex_new_index; ++ RSA_padding_add_PKCS1_type_1; ++ RSA_padding_add_PKCS1_type_2; ++ RSA_padding_add_SSLv23; ++ RSA_padding_add_none; ++ RSA_padding_check_PKCS1_type_1; ++ RSA_padding_check_PKCS1_type_2; ++ RSA_padding_check_SSLv23; ++ RSA_padding_check_none; ++ bn_add_words; ++ d2i_Netscape_RSA_2; ++ CRYPTO_get_ex_new_index; ++ RIPEMD160_Init; ++ RIPEMD160_Update; ++ RIPEMD160_Final; ++ RIPEMD160; ++ RIPEMD160_Transform; ++ RC5_32_set_key; ++ RC5_32_ecb_encrypt; ++ RC5_32_encrypt; ++ RC5_32_decrypt; ++ RC5_32_cbc_encrypt; ++ RC5_32_cfb64_encrypt; ++ RC5_32_ofb64_encrypt; ++ BN_bn2mpi; ++ BN_mpi2bn; ++ ASN1_BIT_STRING_get_bit; ++ ASN1_BIT_STRING_set_bit; ++ BIO_get_ex_data; ++ BIO_get_ex_new_index; ++ BIO_set_ex_data; ++ X509v3_get_key_usage; ++ X509v3_set_key_usage; ++ a2i_X509v3_key_usage; ++ i2a_X509v3_key_usage; ++ EVP_PKEY_decrypt; ++ EVP_PKEY_encrypt; ++ PKCS7_RECIP_INFO_set; ++ PKCS7_add_recipient; ++ PKCS7_add_recipient_info; ++ PKCS7_set_cipher; ++ ASN1_TYPE_get_int_octetstring; ++ ASN1_TYPE_get_octetstring; ++ ASN1_TYPE_set_int_octetstring; ++ ASN1_TYPE_set_octetstring; ++ ASN1_UTCTIME_set_string; ++ ERR_add_error_data; ++ ERR_set_error_data; ++ EVP_CIPHER_asn1_to_param; ++ EVP_CIPHER_param_to_asn1; ++ EVP_CIPHER_get_asn1_iv; ++ EVP_CIPHER_set_asn1_iv; ++ EVP_rc5_32_12_16_cbc; ++ EVP_rc5_32_12_16_cfb64; ++ EVP_rc5_32_12_16_ecb; ++ EVP_rc5_32_12_16_ofb; ++ asn1_add_error; ++ d2i_ASN1_BMPSTRING; ++ i2d_ASN1_BMPSTRING; ++ BIO_f_ber; ++ BN_init; ++ COMP_CTX_new; ++ COMP_CTX_free; ++ COMP_CTX_compress_block; ++ COMP_CTX_expand_block; ++ X509_STORE_CTX_get_ex_new_index; ++ OBJ_NAME_add; ++ BIO_socket_nbio; ++ EVP_rc2_64_cbc; ++ OBJ_NAME_cleanup; ++ OBJ_NAME_get; ++ OBJ_NAME_init; ++ OBJ_NAME_new_index; ++ OBJ_NAME_remove; ++ BN_MONT_CTX_copy; ++ BIO_new_socks4a_connect; ++ BIO_s_socks4a_connect; ++ PROXY_set_connect_mode; ++ RAND_SSLeay; ++ RAND_set_rand_method; ++ RSA_memory_lock; ++ bn_sub_words; ++ bn_mul_normal; ++ bn_mul_comba8; ++ bn_mul_comba4; ++ bn_sqr_normal; ++ bn_sqr_comba8; ++ bn_sqr_comba4; ++ bn_cmp_words; ++ bn_mul_recursive; ++ bn_mul_part_recursive; ++ bn_sqr_recursive; ++ bn_mul_low_normal; ++ BN_RECP_CTX_init; ++ BN_RECP_CTX_new; ++ BN_RECP_CTX_free; ++ BN_RECP_CTX_set; ++ BN_mod_mul_reciprocal; ++ BN_mod_exp_recp; ++ BN_div_recp; ++ BN_CTX_init; ++ BN_MONT_CTX_init; ++ RAND_get_rand_method; ++ PKCS7_add_attribute; ++ PKCS7_add_signed_attribute; ++ PKCS7_digest_from_attributes; ++ PKCS7_get_attribute; ++ PKCS7_get_issuer_and_serial; ++ PKCS7_get_signed_attribute; ++ COMP_compress_block; ++ COMP_expand_block; ++ COMP_rle; ++ COMP_zlib; ++ ms_time_diff; ++ ms_time_new; ++ ms_time_free; ++ ms_time_cmp; ++ ms_time_get; ++ PKCS7_set_attributes; ++ PKCS7_set_signed_attributes; ++ X509_ATTRIBUTE_create; ++ X509_ATTRIBUTE_dup; ++ ASN1_GENERALIZEDTIME_check; ++ ASN1_GENERALIZEDTIME_print; ++ ASN1_GENERALIZEDTIME_set; ++ ASN1_GENERALIZEDTIME_set_string; ++ ASN1_TIME_print; ++ BASIC_CONSTRAINTS_free; ++ BASIC_CONSTRAINTS_new; ++ ERR_load_X509V3_strings; ++ NETSCAPE_CERT_SEQUENCE_free; ++ NETSCAPE_CERT_SEQUENCE_new; ++ OBJ_txt2obj; ++ PEM_read_NETSCAPE_CERT_SEQUENCE; ++ PEM_read_NS_CERT_SEQ; ++ PEM_read_bio_NETSCAPE_CERT_SEQUENCE; ++ PEM_read_bio_NS_CERT_SEQ; ++ PEM_write_NETSCAPE_CERT_SEQUENCE; ++ PEM_write_NS_CERT_SEQ; ++ PEM_write_bio_NETSCAPE_CERT_SEQUENCE; ++ PEM_write_bio_NS_CERT_SEQ; ++ X509V3_EXT_add; ++ X509V3_EXT_add_alias; ++ X509V3_EXT_add_conf; ++ X509V3_EXT_cleanup; ++ X509V3_EXT_conf; ++ X509V3_EXT_conf_nid; ++ X509V3_EXT_get; ++ X509V3_EXT_get_nid; ++ X509V3_EXT_print; ++ X509V3_EXT_print_fp; ++ X509V3_add_standard_extensions; ++ X509V3_add_value; ++ X509V3_add_value_bool; ++ X509V3_add_value_int; ++ X509V3_conf_free; ++ X509V3_get_value_bool; ++ X509V3_get_value_int; ++ X509V3_parse_list; ++ d2i_ASN1_GENERALIZEDTIME; ++ d2i_ASN1_TIME; ++ d2i_BASIC_CONSTRAINTS; ++ d2i_NETSCAPE_CERT_SEQUENCE; ++ d2i_ext_ku; ++ ext_ku_free; ++ ext_ku_new; ++ i2d_ASN1_GENERALIZEDTIME; ++ i2d_ASN1_TIME; ++ i2d_BASIC_CONSTRAINTS; ++ i2d_NETSCAPE_CERT_SEQUENCE; ++ i2d_ext_ku; ++ EVP_MD_CTX_copy; ++ i2d_ASN1_ENUMERATED; ++ d2i_ASN1_ENUMERATED; ++ ASN1_ENUMERATED_set; ++ ASN1_ENUMERATED_get; ++ BN_to_ASN1_ENUMERATED; ++ ASN1_ENUMERATED_to_BN; ++ i2a_ASN1_ENUMERATED; ++ a2i_ASN1_ENUMERATED; ++ i2d_GENERAL_NAME; ++ d2i_GENERAL_NAME; ++ GENERAL_NAME_new; ++ GENERAL_NAME_free; ++ GENERAL_NAMES_new; ++ GENERAL_NAMES_free; ++ d2i_GENERAL_NAMES; ++ i2d_GENERAL_NAMES; ++ i2v_GENERAL_NAMES; ++ i2s_ASN1_OCTET_STRING; ++ s2i_ASN1_OCTET_STRING; ++ X509V3_EXT_check_conf; ++ hex_to_string; ++ string_to_hex; ++ DES_ede3_cbcm_encrypt; ++ RSA_padding_add_PKCS1_OAEP; ++ RSA_padding_check_PKCS1_OAEP; ++ X509_CRL_print_fp; ++ X509_CRL_print; ++ i2v_GENERAL_NAME; ++ v2i_GENERAL_NAME; ++ i2d_PKEY_USAGE_PERIOD; ++ d2i_PKEY_USAGE_PERIOD; ++ PKEY_USAGE_PERIOD_new; ++ PKEY_USAGE_PERIOD_free; ++ v2i_GENERAL_NAMES; ++ i2s_ASN1_INTEGER; ++ X509V3_EXT_d2i; ++ name_cmp; ++ str_dup; ++ i2s_ASN1_ENUMERATED; ++ i2s_ASN1_ENUMERATED_TABLE; ++ BIO_s_log; ++ BIO_f_reliable; ++ PKCS7_dataFinal; ++ PKCS7_dataDecode; ++ X509V3_EXT_CRL_add_conf; ++ BN_set_params; ++ BN_get_params; ++ BIO_get_ex_num; ++ BIO_set_ex_free_func; ++ EVP_ripemd160; ++ ASN1_TIME_set; ++ i2d_AUTHORITY_KEYID; ++ d2i_AUTHORITY_KEYID; ++ AUTHORITY_KEYID_new; ++ AUTHORITY_KEYID_free; ++ ASN1_seq_unpack; ++ ASN1_seq_pack; ++ ASN1_unpack_string; ++ ASN1_pack_string; ++ PKCS12_pack_safebag; ++ PKCS12_MAKE_KEYBAG; ++ PKCS8_encrypt; ++ PKCS12_MAKE_SHKEYBAG; ++ PKCS12_pack_p7data; ++ PKCS12_pack_p7encdata; ++ PKCS12_add_localkeyid; ++ PKCS12_add_friendlyname_asc; ++ PKCS12_add_friendlyname_uni; ++ PKCS12_get_friendlyname; ++ PKCS12_pbe_crypt; ++ PKCS12_decrypt_d2i; ++ PKCS12_i2d_encrypt; ++ PKCS12_init; ++ PKCS12_key_gen_asc; ++ PKCS12_key_gen_uni; ++ PKCS12_gen_mac; ++ PKCS12_verify_mac; ++ PKCS12_set_mac; ++ PKCS12_setup_mac; ++ OPENSSL_asc2uni; ++ OPENSSL_uni2asc; ++ i2d_PKCS12_BAGS; ++ PKCS12_BAGS_new; ++ d2i_PKCS12_BAGS; ++ PKCS12_BAGS_free; ++ i2d_PKCS12; ++ d2i_PKCS12; ++ PKCS12_new; ++ PKCS12_free; ++ i2d_PKCS12_MAC_DATA; ++ PKCS12_MAC_DATA_new; ++ d2i_PKCS12_MAC_DATA; ++ PKCS12_MAC_DATA_free; ++ i2d_PKCS12_SAFEBAG; ++ PKCS12_SAFEBAG_new; ++ d2i_PKCS12_SAFEBAG; ++ PKCS12_SAFEBAG_free; ++ ERR_load_PKCS12_strings; ++ PKCS12_PBE_add; ++ PKCS8_add_keyusage; ++ PKCS12_get_attr_gen; ++ PKCS12_parse; ++ PKCS12_create; ++ i2d_PKCS12_bio; ++ i2d_PKCS12_fp; ++ d2i_PKCS12_bio; ++ d2i_PKCS12_fp; ++ i2d_PBEPARAM; ++ PBEPARAM_new; ++ d2i_PBEPARAM; ++ PBEPARAM_free; ++ i2d_PKCS8_PRIV_KEY_INFO; ++ PKCS8_PRIV_KEY_INFO_new; ++ d2i_PKCS8_PRIV_KEY_INFO; ++ PKCS8_PRIV_KEY_INFO_free; ++ EVP_PKCS82PKEY; ++ EVP_PKEY2PKCS8; ++ PKCS8_set_broken; ++ EVP_PBE_ALGOR_CipherInit; ++ EVP_PBE_alg_add; ++ PKCS5_pbe_set; ++ EVP_PBE_cleanup; ++ i2d_SXNET; ++ d2i_SXNET; ++ SXNET_new; ++ SXNET_free; ++ i2d_SXNETID; ++ d2i_SXNETID; ++ SXNETID_new; ++ SXNETID_free; ++ DSA_SIG_new; ++ DSA_SIG_free; ++ DSA_do_sign; ++ DSA_do_verify; ++ d2i_DSA_SIG; ++ i2d_DSA_SIG; ++ i2d_ASN1_VISIBLESTRING; ++ d2i_ASN1_VISIBLESTRING; ++ i2d_ASN1_UTF8STRING; ++ d2i_ASN1_UTF8STRING; ++ i2d_DIRECTORYSTRING; ++ d2i_DIRECTORYSTRING; ++ i2d_DISPLAYTEXT; ++ d2i_DISPLAYTEXT; ++ d2i_ASN1_SET_OF_X509; ++ i2d_ASN1_SET_OF_X509; ++ i2d_PBKDF2PARAM; ++ PBKDF2PARAM_new; ++ d2i_PBKDF2PARAM; ++ PBKDF2PARAM_free; ++ i2d_PBE2PARAM; ++ PBE2PARAM_new; ++ d2i_PBE2PARAM; ++ PBE2PARAM_free; ++ d2i_ASN1_SET_OF_GENERAL_NAME; ++ i2d_ASN1_SET_OF_GENERAL_NAME; ++ d2i_ASN1_SET_OF_SXNETID; ++ i2d_ASN1_SET_OF_SXNETID; ++ d2i_ASN1_SET_OF_POLICYQUALINFO; ++ i2d_ASN1_SET_OF_POLICYQUALINFO; ++ d2i_ASN1_SET_OF_POLICYINFO; ++ i2d_ASN1_SET_OF_POLICYINFO; ++ SXNET_add_id_asc; ++ SXNET_add_id_ulong; ++ SXNET_add_id_INTEGER; ++ SXNET_get_id_asc; ++ SXNET_get_id_ulong; ++ SXNET_get_id_INTEGER; ++ X509V3_set_conf_lhash; ++ i2d_CERTIFICATEPOLICIES; ++ CERTIFICATEPOLICIES_new; ++ CERTIFICATEPOLICIES_free; ++ d2i_CERTIFICATEPOLICIES; ++ i2d_POLICYINFO; ++ POLICYINFO_new; ++ d2i_POLICYINFO; ++ POLICYINFO_free; ++ i2d_POLICYQUALINFO; ++ POLICYQUALINFO_new; ++ d2i_POLICYQUALINFO; ++ POLICYQUALINFO_free; ++ i2d_USERNOTICE; ++ USERNOTICE_new; ++ d2i_USERNOTICE; ++ USERNOTICE_free; ++ i2d_NOTICEREF; ++ NOTICEREF_new; ++ d2i_NOTICEREF; ++ NOTICEREF_free; ++ X509V3_get_string; ++ X509V3_get_section; ++ X509V3_string_free; ++ X509V3_section_free; ++ X509V3_set_ctx; ++ s2i_ASN1_INTEGER; ++ CRYPTO_set_locked_mem_functions; ++ CRYPTO_get_locked_mem_functions; ++ CRYPTO_malloc_locked; ++ CRYPTO_free_locked; ++ BN_mod_exp2_mont; ++ ERR_get_error_line_data; ++ ERR_peek_error_line_data; ++ PKCS12_PBE_keyivgen; ++ X509_ALGOR_dup; ++ d2i_ASN1_SET_OF_DIST_POINT; ++ i2d_ASN1_SET_OF_DIST_POINT; ++ i2d_CRL_DIST_POINTS; ++ CRL_DIST_POINTS_new; ++ CRL_DIST_POINTS_free; ++ d2i_CRL_DIST_POINTS; ++ i2d_DIST_POINT; ++ DIST_POINT_new; ++ d2i_DIST_POINT; ++ DIST_POINT_free; ++ i2d_DIST_POINT_NAME; ++ DIST_POINT_NAME_new; ++ DIST_POINT_NAME_free; ++ d2i_DIST_POINT_NAME; ++ X509V3_add_value_uchar; ++ d2i_ASN1_SET_OF_X509_ATTRIBUTE; ++ i2d_ASN1_SET_OF_ASN1_TYPE; ++ d2i_ASN1_SET_OF_X509_EXTENSION; ++ d2i_ASN1_SET_OF_X509_NAME_ENTRY; ++ d2i_ASN1_SET_OF_ASN1_TYPE; ++ i2d_ASN1_SET_OF_X509_ATTRIBUTE; ++ i2d_ASN1_SET_OF_X509_EXTENSION; ++ i2d_ASN1_SET_OF_X509_NAME_ENTRY; ++ X509V3_EXT_i2d; ++ X509V3_EXT_val_prn; ++ X509V3_EXT_add_list; ++ EVP_CIPHER_type; ++ EVP_PBE_CipherInit; ++ X509V3_add_value_bool_nf; ++ d2i_ASN1_UINTEGER; ++ sk_value; ++ sk_num; ++ sk_set; ++ i2d_ASN1_SET_OF_X509_REVOKED; ++ sk_sort; ++ d2i_ASN1_SET_OF_X509_REVOKED; ++ i2d_ASN1_SET_OF_X509_ALGOR; ++ i2d_ASN1_SET_OF_X509_CRL; ++ d2i_ASN1_SET_OF_X509_ALGOR; ++ d2i_ASN1_SET_OF_X509_CRL; ++ i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO; ++ i2d_ASN1_SET_OF_PKCS7_RECIP_INFO; ++ d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO; ++ d2i_ASN1_SET_OF_PKCS7_RECIP_INFO; ++ PKCS5_PBE_add; ++ PEM_write_bio_PKCS8; ++ i2d_PKCS8_fp; ++ PEM_read_bio_PKCS8_PRIV_KEY_INFO; ++ PEM_read_bio_P8_PRIV_KEY_INFO; ++ d2i_PKCS8_bio; ++ d2i_PKCS8_PRIV_KEY_INFO_fp; ++ PEM_write_bio_PKCS8_PRIV_KEY_INFO; ++ PEM_write_bio_P8_PRIV_KEY_INFO; ++ PEM_read_PKCS8; ++ d2i_PKCS8_PRIV_KEY_INFO_bio; ++ d2i_PKCS8_fp; ++ PEM_write_PKCS8; ++ PEM_read_PKCS8_PRIV_KEY_INFO; ++ PEM_read_P8_PRIV_KEY_INFO; ++ PEM_read_bio_PKCS8; ++ PEM_write_PKCS8_PRIV_KEY_INFO; ++ PEM_write_P8_PRIV_KEY_INFO; ++ PKCS5_PBE_keyivgen; ++ i2d_PKCS8_bio; ++ i2d_PKCS8_PRIV_KEY_INFO_fp; ++ i2d_PKCS8_PRIV_KEY_INFO_bio; ++ BIO_s_bio; ++ PKCS5_pbe2_set; ++ PKCS5_PBKDF2_HMAC_SHA1; ++ PKCS5_v2_PBE_keyivgen; ++ PEM_write_bio_PKCS8PrivateKey; ++ PEM_write_PKCS8PrivateKey; ++ BIO_ctrl_get_read_request; ++ BIO_ctrl_pending; ++ BIO_ctrl_wpending; ++ BIO_new_bio_pair; ++ BIO_ctrl_get_write_guarantee; ++ CRYPTO_num_locks; ++ CONF_load_bio; ++ CONF_load_fp; ++ i2d_ASN1_SET_OF_ASN1_OBJECT; ++ d2i_ASN1_SET_OF_ASN1_OBJECT; ++ PKCS7_signatureVerify; ++ RSA_set_method; ++ RSA_get_method; ++ RSA_get_default_method; ++ RSA_check_key; ++ OBJ_obj2txt; ++ DSA_dup_DH; ++ X509_REQ_get_extensions; ++ X509_REQ_set_extension_nids; ++ BIO_nwrite; ++ X509_REQ_extension_nid; ++ BIO_nread; ++ X509_REQ_get_extension_nids; ++ BIO_nwrite0; ++ X509_REQ_add_extensions_nid; ++ BIO_nread0; ++ X509_REQ_add_extensions; ++ BIO_new_mem_buf; ++ DH_set_ex_data; ++ DH_set_method; ++ DSA_OpenSSL; ++ DH_get_ex_data; ++ DH_get_ex_new_index; ++ DSA_new_method; ++ DH_new_method; ++ DH_OpenSSL; ++ DSA_get_ex_new_index; ++ DH_get_default_method; ++ DSA_set_ex_data; ++ DH_set_default_method; ++ DSA_get_ex_data; ++ X509V3_EXT_REQ_add_conf; ++ NETSCAPE_SPKI_print; ++ NETSCAPE_SPKI_set_pubkey; ++ NETSCAPE_SPKI_b64_encode; ++ NETSCAPE_SPKI_get_pubkey; ++ NETSCAPE_SPKI_b64_decode; ++ UTF8_putc; ++ UTF8_getc; ++ RSA_null_method; ++ ASN1_tag2str; ++ BIO_ctrl_reset_read_request; ++ DISPLAYTEXT_new; ++ ASN1_GENERALIZEDTIME_free; ++ X509_REVOKED_get_ext_d2i; ++ X509_set_ex_data; ++ X509_reject_set_bit_asc; ++ X509_NAME_add_entry_by_txt; ++ X509_NAME_add_entry_by_NID; ++ X509_PURPOSE_get0; ++ PEM_read_X509_AUX; ++ d2i_AUTHORITY_INFO_ACCESS; ++ PEM_write_PUBKEY; ++ ACCESS_DESCRIPTION_new; ++ X509_CERT_AUX_free; ++ d2i_ACCESS_DESCRIPTION; ++ X509_trust_clear; ++ X509_TRUST_add; ++ ASN1_VISIBLESTRING_new; ++ X509_alias_set1; ++ ASN1_PRINTABLESTRING_free; ++ EVP_PKEY_get1_DSA; ++ ASN1_BMPSTRING_new; ++ ASN1_mbstring_copy; ++ ASN1_UTF8STRING_new; ++ DSA_get_default_method; ++ i2d_ASN1_SET_OF_ACCESS_DESCRIPTION; ++ ASN1_T61STRING_free; ++ DSA_set_method; ++ X509_get_ex_data; ++ ASN1_STRING_type; ++ X509_PURPOSE_get_by_sname; ++ ASN1_TIME_free; ++ ASN1_OCTET_STRING_cmp; ++ ASN1_BIT_STRING_new; ++ X509_get_ext_d2i; ++ PEM_read_bio_X509_AUX; ++ ASN1_STRING_set_default_mask_asc; ++ ASN1_STRING_set_def_mask_asc; ++ PEM_write_bio_RSA_PUBKEY; ++ ASN1_INTEGER_cmp; ++ d2i_RSA_PUBKEY_fp; ++ X509_trust_set_bit_asc; ++ PEM_write_bio_DSA_PUBKEY; ++ X509_STORE_CTX_free; ++ EVP_PKEY_set1_DSA; ++ i2d_DSA_PUBKEY_fp; ++ X509_load_cert_crl_file; ++ ASN1_TIME_new; ++ i2d_RSA_PUBKEY; ++ X509_STORE_CTX_purpose_inherit; ++ PEM_read_RSA_PUBKEY; ++ d2i_X509_AUX; ++ i2d_DSA_PUBKEY; ++ X509_CERT_AUX_print; ++ PEM_read_DSA_PUBKEY; ++ i2d_RSA_PUBKEY_bio; ++ ASN1_BIT_STRING_num_asc; ++ i2d_PUBKEY; ++ ASN1_UTCTIME_free; ++ DSA_set_default_method; ++ X509_PURPOSE_get_by_id; ++ ACCESS_DESCRIPTION_free; ++ PEM_read_bio_PUBKEY; ++ ASN1_STRING_set_by_NID; ++ X509_PURPOSE_get_id; ++ DISPLAYTEXT_free; ++ OTHERNAME_new; ++ X509_CERT_AUX_new; ++ X509_TRUST_cleanup; ++ X509_NAME_add_entry_by_OBJ; ++ X509_CRL_get_ext_d2i; ++ X509_PURPOSE_get0_name; ++ PEM_read_PUBKEY; ++ i2d_DSA_PUBKEY_bio; ++ i2d_OTHERNAME; ++ ASN1_OCTET_STRING_free; ++ ASN1_BIT_STRING_set_asc; ++ X509_get_ex_new_index; ++ ASN1_STRING_TABLE_cleanup; ++ X509_TRUST_get_by_id; ++ X509_PURPOSE_get_trust; ++ ASN1_STRING_length; ++ d2i_ASN1_SET_OF_ACCESS_DESCRIPTION; ++ ASN1_PRINTABLESTRING_new; ++ X509V3_get_d2i; ++ ASN1_ENUMERATED_free; ++ i2d_X509_CERT_AUX; ++ X509_STORE_CTX_set_trust; ++ ASN1_STRING_set_default_mask; ++ X509_STORE_CTX_new; ++ EVP_PKEY_get1_RSA; ++ DIRECTORYSTRING_free; ++ PEM_write_X509_AUX; ++ ASN1_OCTET_STRING_set; ++ d2i_DSA_PUBKEY_fp; ++ d2i_RSA_PUBKEY; ++ X509_TRUST_get0_name; ++ X509_TRUST_get0; ++ AUTHORITY_INFO_ACCESS_free; ++ ASN1_IA5STRING_new; ++ d2i_DSA_PUBKEY; ++ X509_check_purpose; ++ ASN1_ENUMERATED_new; ++ d2i_RSA_PUBKEY_bio; ++ d2i_PUBKEY; ++ X509_TRUST_get_trust; ++ X509_TRUST_get_flags; ++ ASN1_BMPSTRING_free; ++ ASN1_T61STRING_new; ++ ASN1_UTCTIME_new; ++ i2d_AUTHORITY_INFO_ACCESS; ++ EVP_PKEY_set1_RSA; ++ X509_STORE_CTX_set_purpose; ++ ASN1_IA5STRING_free; ++ PEM_write_bio_X509_AUX; ++ X509_PURPOSE_get_count; ++ CRYPTO_add_info; ++ X509_NAME_ENTRY_create_by_txt; ++ ASN1_STRING_get_default_mask; ++ X509_alias_get0; ++ ASN1_STRING_data; ++ i2d_ACCESS_DESCRIPTION; ++ X509_trust_set_bit; ++ ASN1_BIT_STRING_free; ++ PEM_read_bio_RSA_PUBKEY; ++ X509_add1_reject_object; ++ X509_check_trust; ++ PEM_read_bio_DSA_PUBKEY; ++ X509_PURPOSE_add; ++ ASN1_STRING_TABLE_get; ++ ASN1_UTF8STRING_free; ++ d2i_DSA_PUBKEY_bio; ++ PEM_write_RSA_PUBKEY; ++ d2i_OTHERNAME; ++ X509_reject_set_bit; ++ PEM_write_DSA_PUBKEY; ++ X509_PURPOSE_get0_sname; ++ EVP_PKEY_set1_DH; ++ ASN1_OCTET_STRING_dup; ++ ASN1_BIT_STRING_set; ++ X509_TRUST_get_count; ++ ASN1_INTEGER_free; ++ OTHERNAME_free; ++ i2d_RSA_PUBKEY_fp; ++ ASN1_INTEGER_dup; ++ d2i_X509_CERT_AUX; ++ PEM_write_bio_PUBKEY; ++ ASN1_VISIBLESTRING_free; ++ X509_PURPOSE_cleanup; ++ ASN1_mbstring_ncopy; ++ ASN1_GENERALIZEDTIME_new; ++ EVP_PKEY_get1_DH; ++ ASN1_OCTET_STRING_new; ++ ASN1_INTEGER_new; ++ i2d_X509_AUX; ++ ASN1_BIT_STRING_name_print; ++ X509_cmp; ++ ASN1_STRING_length_set; ++ DIRECTORYSTRING_new; ++ X509_add1_trust_object; ++ PKCS12_newpass; ++ SMIME_write_PKCS7; ++ SMIME_read_PKCS7; ++ DES_set_key_checked; ++ PKCS7_verify; ++ PKCS7_encrypt; ++ DES_set_key_unchecked; ++ SMIME_crlf_copy; ++ i2d_ASN1_PRINTABLESTRING; ++ PKCS7_get0_signers; ++ PKCS7_decrypt; ++ SMIME_text; ++ PKCS7_simple_smimecap; ++ PKCS7_get_smimecap; ++ PKCS7_sign; ++ PKCS7_add_attrib_smimecap; ++ CRYPTO_dbg_set_options; ++ CRYPTO_remove_all_info; ++ CRYPTO_get_mem_debug_functions; ++ CRYPTO_is_mem_check_on; ++ CRYPTO_set_mem_debug_functions; ++ CRYPTO_pop_info; ++ CRYPTO_push_info_; ++ CRYPTO_set_mem_debug_options; ++ PEM_write_PKCS8PrivateKey_nid; ++ PEM_write_bio_PKCS8PrivateKey_nid; ++ PEM_write_bio_PKCS8PrivKey_nid; ++ d2i_PKCS8PrivateKey_bio; ++ ASN1_NULL_free; ++ d2i_ASN1_NULL; ++ ASN1_NULL_new; ++ i2d_PKCS8PrivateKey_bio; ++ i2d_PKCS8PrivateKey_fp; ++ i2d_ASN1_NULL; ++ i2d_PKCS8PrivateKey_nid_fp; ++ d2i_PKCS8PrivateKey_fp; ++ i2d_PKCS8PrivateKey_nid_bio; ++ i2d_PKCS8PrivateKeyInfo_fp; ++ i2d_PKCS8PrivateKeyInfo_bio; ++ PEM_cb; ++ i2d_PrivateKey_fp; ++ d2i_PrivateKey_bio; ++ d2i_PrivateKey_fp; ++ i2d_PrivateKey_bio; ++ X509_reject_clear; ++ X509_TRUST_set_default; ++ d2i_AutoPrivateKey; ++ X509_ATTRIBUTE_get0_type; ++ X509_ATTRIBUTE_set1_data; ++ X509at_get_attr; ++ X509at_get_attr_count; ++ X509_ATTRIBUTE_create_by_NID; ++ X509_ATTRIBUTE_set1_object; ++ X509_ATTRIBUTE_count; ++ X509_ATTRIBUTE_create_by_OBJ; ++ X509_ATTRIBUTE_get0_object; ++ X509at_get_attr_by_NID; ++ X509at_add1_attr; ++ X509_ATTRIBUTE_get0_data; ++ X509at_delete_attr; ++ X509at_get_attr_by_OBJ; ++ RAND_add; ++ BIO_number_written; ++ BIO_number_read; ++ X509_STORE_CTX_get1_chain; ++ ERR_load_RAND_strings; ++ RAND_pseudo_bytes; ++ X509_REQ_get_attr_by_NID; ++ X509_REQ_get_attr; ++ X509_REQ_add1_attr_by_NID; ++ X509_REQ_get_attr_by_OBJ; ++ X509at_add1_attr_by_NID; ++ X509_REQ_add1_attr_by_OBJ; ++ X509_REQ_get_attr_count; ++ X509_REQ_add1_attr; ++ X509_REQ_delete_attr; ++ X509at_add1_attr_by_OBJ; ++ X509_REQ_add1_attr_by_txt; ++ X509_ATTRIBUTE_create_by_txt; ++ X509at_add1_attr_by_txt; ++ BN_pseudo_rand; ++ BN_is_prime_fasttest; ++ BN_CTX_end; ++ BN_CTX_start; ++ BN_CTX_get; ++ EVP_PKEY2PKCS8_broken; ++ ASN1_STRING_TABLE_add; ++ CRYPTO_dbg_get_options; ++ AUTHORITY_INFO_ACCESS_new; ++ CRYPTO_get_mem_debug_options; ++ DES_crypt; ++ PEM_write_bio_X509_REQ_NEW; ++ PEM_write_X509_REQ_NEW; ++ BIO_callback_ctrl; ++ RAND_egd; ++ RAND_status; ++ bn_dump1; ++ DES_check_key_parity; ++ lh_num_items; ++ RAND_event; ++ DSO_new; ++ DSO_new_method; ++ DSO_free; ++ DSO_flags; ++ DSO_up; ++ DSO_set_default_method; ++ DSO_get_default_method; ++ DSO_get_method; ++ DSO_set_method; ++ DSO_load; ++ DSO_bind_var; ++ DSO_METHOD_null; ++ DSO_METHOD_openssl; ++ DSO_METHOD_dlfcn; ++ DSO_METHOD_win32; ++ ERR_load_DSO_strings; ++ DSO_METHOD_dl; ++ NCONF_load; ++ NCONF_load_fp; ++ NCONF_new; ++ NCONF_get_string; ++ NCONF_free; ++ NCONF_get_number; ++ CONF_dump_fp; ++ NCONF_load_bio; ++ NCONF_dump_fp; ++ NCONF_get_section; ++ NCONF_dump_bio; ++ CONF_dump_bio; ++ NCONF_free_data; ++ CONF_set_default_method; ++ ERR_error_string_n; ++ BIO_snprintf; ++ DSO_ctrl; ++ i2d_ASN1_SET_OF_ASN1_INTEGER; ++ i2d_ASN1_SET_OF_PKCS12_SAFEBAG; ++ i2d_ASN1_SET_OF_PKCS7; ++ BIO_vfree; ++ d2i_ASN1_SET_OF_ASN1_INTEGER; ++ d2i_ASN1_SET_OF_PKCS12_SAFEBAG; ++ ASN1_UTCTIME_get; ++ X509_REQ_digest; ++ X509_CRL_digest; ++ d2i_ASN1_SET_OF_PKCS7; ++ EVP_CIPHER_CTX_set_key_length; ++ EVP_CIPHER_CTX_ctrl; ++ BN_mod_exp_mont_word; ++ RAND_egd_bytes; ++ X509_REQ_get1_email; ++ X509_get1_email; ++ X509_email_free; ++ i2d_RSA_NET; ++ d2i_RSA_NET_2; ++ d2i_RSA_NET; ++ DSO_bind_func; ++ CRYPTO_get_new_dynlockid; ++ sk_new_null; ++ CRYPTO_set_dynlock_destroy_callback; ++ CRYPTO_set_dynlock_destroy_cb; ++ CRYPTO_destroy_dynlockid; ++ CRYPTO_set_dynlock_size; ++ CRYPTO_set_dynlock_create_callback; ++ CRYPTO_set_dynlock_create_cb; ++ CRYPTO_set_dynlock_lock_callback; ++ CRYPTO_set_dynlock_lock_cb; ++ CRYPTO_get_dynlock_lock_callback; ++ CRYPTO_get_dynlock_lock_cb; ++ CRYPTO_get_dynlock_destroy_callback; ++ CRYPTO_get_dynlock_destroy_cb; ++ CRYPTO_get_dynlock_value; ++ CRYPTO_get_dynlock_create_callback; ++ CRYPTO_get_dynlock_create_cb; ++ c2i_ASN1_BIT_STRING; ++ i2c_ASN1_BIT_STRING; ++ RAND_poll; ++ c2i_ASN1_INTEGER; ++ i2c_ASN1_INTEGER; ++ BIO_dump_indent; ++ ASN1_parse_dump; ++ c2i_ASN1_OBJECT; ++ X509_NAME_print_ex_fp; ++ ASN1_STRING_print_ex_fp; ++ X509_NAME_print_ex; ++ ASN1_STRING_print_ex; ++ MD4; ++ MD4_Transform; ++ MD4_Final; ++ MD4_Update; ++ MD4_Init; ++ EVP_md4; ++ i2d_PUBKEY_bio; ++ i2d_PUBKEY_fp; ++ d2i_PUBKEY_bio; ++ ASN1_STRING_to_UTF8; ++ BIO_vprintf; ++ BIO_vsnprintf; ++ d2i_PUBKEY_fp; ++ X509_cmp_time; ++ X509_STORE_CTX_set_time; ++ X509_STORE_CTX_get1_issuer; ++ X509_OBJECT_retrieve_match; ++ X509_OBJECT_idx_by_subject; ++ X509_STORE_CTX_set_flags; ++ X509_STORE_CTX_trusted_stack; ++ X509_time_adj; ++ X509_check_issued; ++ ASN1_UTCTIME_cmp_time_t; ++ DES_set_weak_key_flag; ++ DES_check_key; ++ DES_rw_mode; ++ RSA_PKCS1_RSAref; ++ X509_keyid_set1; ++ BIO_next; ++ DSO_METHOD_vms; ++ BIO_f_linebuffer; ++ BN_bntest_rand; ++ OPENSSL_issetugid; ++ BN_rand_range; ++ ERR_load_ENGINE_strings; ++ ENGINE_set_DSA; ++ ENGINE_get_finish_function; ++ ENGINE_get_default_RSA; ++ ENGINE_get_BN_mod_exp; ++ DSA_get_default_openssl_method; ++ ENGINE_set_DH; ++ ENGINE_set_def_BN_mod_exp_crt; ++ ENGINE_set_default_BN_mod_exp_crt; ++ ENGINE_init; ++ DH_get_default_openssl_method; ++ RSA_set_default_openssl_method; ++ ENGINE_finish; ++ ENGINE_load_public_key; ++ ENGINE_get_DH; ++ ENGINE_ctrl; ++ ENGINE_get_init_function; ++ ENGINE_set_init_function; ++ ENGINE_set_default_DSA; ++ ENGINE_get_name; ++ ENGINE_get_last; ++ ENGINE_get_prev; ++ ENGINE_get_default_DH; ++ ENGINE_get_RSA; ++ ENGINE_set_default; ++ ENGINE_get_RAND; ++ ENGINE_get_first; ++ ENGINE_by_id; ++ ENGINE_set_finish_function; ++ ENGINE_get_def_BN_mod_exp_crt; ++ ENGINE_get_default_BN_mod_exp_crt; ++ RSA_get_default_openssl_method; ++ ENGINE_set_RSA; ++ ENGINE_load_private_key; ++ ENGINE_set_default_RAND; ++ ENGINE_set_BN_mod_exp; ++ ENGINE_remove; ++ ENGINE_free; ++ ENGINE_get_BN_mod_exp_crt; ++ ENGINE_get_next; ++ ENGINE_set_name; ++ ENGINE_get_default_DSA; ++ ENGINE_set_default_BN_mod_exp; ++ ENGINE_set_default_RSA; ++ ENGINE_get_default_RAND; ++ ENGINE_get_default_BN_mod_exp; ++ ENGINE_set_RAND; ++ ENGINE_set_id; ++ ENGINE_set_BN_mod_exp_crt; ++ ENGINE_set_default_DH; ++ ENGINE_new; ++ ENGINE_get_id; ++ DSA_set_default_openssl_method; ++ ENGINE_add; ++ DH_set_default_openssl_method; ++ ENGINE_get_DSA; ++ ENGINE_get_ctrl_function; ++ ENGINE_set_ctrl_function; ++ BN_pseudo_rand_range; ++ X509_STORE_CTX_set_verify_cb; ++ ERR_load_COMP_strings; ++ PKCS12_item_decrypt_d2i; ++ ASN1_UTF8STRING_it; ++ ASN1_UTF8STRING_it; ++ ENGINE_unregister_ciphers; ++ ENGINE_get_ciphers; ++ d2i_OCSP_BASICRESP; ++ KRB5_CHECKSUM_it; ++ KRB5_CHECKSUM_it; ++ EC_POINT_add; ++ ASN1_item_ex_i2d; ++ OCSP_CERTID_it; ++ OCSP_CERTID_it; ++ d2i_OCSP_RESPBYTES; ++ X509V3_add1_i2d; ++ PKCS7_ENVELOPE_it; ++ PKCS7_ENVELOPE_it; ++ UI_add_input_boolean; ++ ENGINE_unregister_RSA; ++ X509V3_EXT_nconf; ++ ASN1_GENERALSTRING_free; ++ d2i_OCSP_CERTSTATUS; ++ X509_REVOKED_set_serialNumber; ++ X509_print_ex; ++ OCSP_ONEREQ_get1_ext_d2i; ++ ENGINE_register_all_RAND; ++ ENGINE_load_dynamic; ++ PBKDF2PARAM_it; ++ PBKDF2PARAM_it; ++ EXTENDED_KEY_USAGE_new; ++ EC_GROUP_clear_free; ++ OCSP_sendreq_bio; ++ ASN1_item_digest; ++ OCSP_BASICRESP_delete_ext; ++ OCSP_SIGNATURE_it; ++ OCSP_SIGNATURE_it; ++ X509_CRL_it; ++ X509_CRL_it; ++ OCSP_BASICRESP_add_ext; ++ KRB5_ENCKEY_it; ++ KRB5_ENCKEY_it; ++ UI_method_set_closer; ++ X509_STORE_set_purpose; ++ i2d_ASN1_GENERALSTRING; ++ OCSP_response_status; ++ i2d_OCSP_SERVICELOC; ++ ENGINE_get_digest_engine; ++ EC_GROUP_set_curve_GFp; ++ OCSP_REQUEST_get_ext_by_OBJ; ++ _ossl_old_des_random_key; ++ ASN1_T61STRING_it; ++ ASN1_T61STRING_it; ++ EC_GROUP_method_of; ++ i2d_KRB5_APREQ; ++ _ossl_old_des_encrypt; ++ ASN1_PRINTABLE_new; ++ HMAC_Init_ex; ++ d2i_KRB5_AUTHENT; ++ OCSP_archive_cutoff_new; ++ EC_POINT_set_Jprojective_coordinates_GFp; ++ EC_POINT_set_Jproj_coords_GFp; ++ _ossl_old_des_is_weak_key; ++ OCSP_BASICRESP_get_ext_by_OBJ; ++ EC_POINT_oct2point; ++ OCSP_SINGLERESP_get_ext_count; ++ UI_ctrl; ++ _shadow_DES_rw_mode; ++ _shadow_DES_rw_mode; ++ asn1_do_adb; ++ ASN1_template_i2d; ++ ENGINE_register_DH; ++ UI_construct_prompt; ++ X509_STORE_set_trust; ++ UI_dup_input_string; ++ d2i_KRB5_APREQ; ++ EVP_MD_CTX_copy_ex; ++ OCSP_request_is_signed; ++ i2d_OCSP_REQINFO; ++ KRB5_ENCKEY_free; ++ OCSP_resp_get0; ++ GENERAL_NAME_it; ++ GENERAL_NAME_it; ++ ASN1_GENERALIZEDTIME_it; ++ ASN1_GENERALIZEDTIME_it; ++ X509_STORE_set_flags; ++ EC_POINT_set_compressed_coordinates_GFp; ++ EC_POINT_set_compr_coords_GFp; ++ OCSP_response_status_str; ++ d2i_OCSP_REVOKEDINFO; ++ OCSP_basic_add1_cert; ++ ERR_get_implementation; ++ EVP_CipherFinal_ex; ++ OCSP_CERTSTATUS_new; ++ CRYPTO_cleanup_all_ex_data; ++ OCSP_resp_find; ++ BN_nnmod; ++ X509_CRL_sort; ++ X509_REVOKED_set_revocationDate; ++ ENGINE_register_RAND; ++ OCSP_SERVICELOC_new; ++ EC_POINT_set_affine_coordinates_GFp; ++ EC_POINT_set_affine_coords_GFp; ++ _ossl_old_des_options; ++ SXNET_it; ++ SXNET_it; ++ UI_dup_input_boolean; ++ PKCS12_add_CSPName_asc; ++ EC_POINT_is_at_infinity; ++ ENGINE_load_cryptodev; ++ DSO_convert_filename; ++ POLICYQUALINFO_it; ++ POLICYQUALINFO_it; ++ ENGINE_register_ciphers; ++ BN_mod_lshift_quick; ++ DSO_set_filename; ++ ASN1_item_free; ++ KRB5_TKTBODY_free; ++ AUTHORITY_KEYID_it; ++ AUTHORITY_KEYID_it; ++ KRB5_APREQBODY_new; ++ X509V3_EXT_REQ_add_nconf; ++ ENGINE_ctrl_cmd_string; ++ i2d_OCSP_RESPDATA; ++ EVP_MD_CTX_init; ++ EXTENDED_KEY_USAGE_free; ++ PKCS7_ATTR_SIGN_it; ++ PKCS7_ATTR_SIGN_it; ++ UI_add_error_string; ++ KRB5_CHECKSUM_free; ++ OCSP_REQUEST_get_ext; ++ ENGINE_load_ubsec; ++ ENGINE_register_all_digests; ++ PKEY_USAGE_PERIOD_it; ++ PKEY_USAGE_PERIOD_it; ++ PKCS12_unpack_authsafes; ++ ASN1_item_unpack; ++ NETSCAPE_SPKAC_it; ++ NETSCAPE_SPKAC_it; ++ X509_REVOKED_it; ++ X509_REVOKED_it; ++ ASN1_STRING_encode; ++ EVP_aes_128_ecb; ++ KRB5_AUTHENT_free; ++ OCSP_BASICRESP_get_ext_by_critical; ++ OCSP_BASICRESP_get_ext_by_crit; ++ OCSP_cert_status_str; ++ d2i_OCSP_REQUEST; ++ UI_dup_info_string; ++ _ossl_old_des_xwhite_in2out; ++ PKCS12_it; ++ PKCS12_it; ++ OCSP_SINGLERESP_get_ext_by_critical; ++ OCSP_SINGLERESP_get_ext_by_crit; ++ OCSP_CERTSTATUS_free; ++ _ossl_old_des_crypt; ++ ASN1_item_i2d; ++ EVP_DecryptFinal_ex; ++ ENGINE_load_openssl; ++ ENGINE_get_cmd_defns; ++ ENGINE_set_load_privkey_function; ++ ENGINE_set_load_privkey_fn; ++ EVP_EncryptFinal_ex; ++ ENGINE_set_default_digests; ++ X509_get0_pubkey_bitstr; ++ asn1_ex_i2c; ++ ENGINE_register_RSA; ++ ENGINE_unregister_DSA; ++ _ossl_old_des_key_sched; ++ X509_EXTENSION_it; ++ X509_EXTENSION_it; ++ i2d_KRB5_AUTHENT; ++ SXNETID_it; ++ SXNETID_it; ++ d2i_OCSP_SINGLERESP; ++ EDIPARTYNAME_new; ++ PKCS12_certbag2x509; ++ _ossl_old_des_ofb64_encrypt; ++ d2i_EXTENDED_KEY_USAGE; ++ ERR_print_errors_cb; ++ ENGINE_set_ciphers; ++ d2i_KRB5_APREQBODY; ++ UI_method_get_flusher; ++ X509_PUBKEY_it; ++ X509_PUBKEY_it; ++ _ossl_old_des_enc_read; ++ PKCS7_ENCRYPT_it; ++ PKCS7_ENCRYPT_it; ++ i2d_OCSP_RESPONSE; ++ EC_GROUP_get_cofactor; ++ PKCS12_unpack_p7data; ++ d2i_KRB5_AUTHDATA; ++ OCSP_copy_nonce; ++ KRB5_AUTHDATA_new; ++ OCSP_RESPDATA_new; ++ EC_GFp_mont_method; ++ OCSP_REVOKEDINFO_free; ++ UI_get_ex_data; ++ KRB5_APREQBODY_free; ++ EC_GROUP_get0_generator; ++ UI_get_default_method; ++ X509V3_set_nconf; ++ PKCS12_item_i2d_encrypt; ++ X509_add1_ext_i2d; ++ PKCS7_SIGNER_INFO_it; ++ PKCS7_SIGNER_INFO_it; ++ KRB5_PRINCNAME_new; ++ PKCS12_SAFEBAG_it; ++ PKCS12_SAFEBAG_it; ++ EC_GROUP_get_order; ++ d2i_OCSP_RESPID; ++ OCSP_request_verify; ++ NCONF_get_number_e; ++ _ossl_old_des_decrypt3; ++ X509_signature_print; ++ OCSP_SINGLERESP_free; ++ ENGINE_load_builtin_engines; ++ i2d_OCSP_ONEREQ; ++ OCSP_REQUEST_add_ext; ++ OCSP_RESPBYTES_new; ++ EVP_MD_CTX_create; ++ OCSP_resp_find_status; ++ X509_ALGOR_it; ++ X509_ALGOR_it; ++ ASN1_TIME_it; ++ ASN1_TIME_it; ++ OCSP_request_set1_name; ++ OCSP_ONEREQ_get_ext_count; ++ UI_get0_result; ++ PKCS12_AUTHSAFES_it; ++ PKCS12_AUTHSAFES_it; ++ EVP_aes_256_ecb; ++ PKCS12_pack_authsafes; ++ ASN1_IA5STRING_it; ++ ASN1_IA5STRING_it; ++ UI_get_input_flags; ++ EC_GROUP_set_generator; ++ _ossl_old_des_string_to_2keys; ++ OCSP_CERTID_free; ++ X509_CERT_AUX_it; ++ X509_CERT_AUX_it; ++ CERTIFICATEPOLICIES_it; ++ CERTIFICATEPOLICIES_it; ++ _ossl_old_des_ede3_cbc_encrypt; ++ RAND_set_rand_engine; ++ DSO_get_loaded_filename; ++ X509_ATTRIBUTE_it; ++ X509_ATTRIBUTE_it; ++ OCSP_ONEREQ_get_ext_by_NID; ++ PKCS12_decrypt_skey; ++ KRB5_AUTHENT_it; ++ KRB5_AUTHENT_it; ++ UI_dup_error_string; ++ RSAPublicKey_it; ++ RSAPublicKey_it; ++ i2d_OCSP_REQUEST; ++ PKCS12_x509crl2certbag; ++ OCSP_SERVICELOC_it; ++ OCSP_SERVICELOC_it; ++ ASN1_item_sign; ++ X509_CRL_set_issuer_name; ++ OBJ_NAME_do_all_sorted; ++ i2d_OCSP_BASICRESP; ++ i2d_OCSP_RESPBYTES; ++ PKCS12_unpack_p7encdata; ++ HMAC_CTX_init; ++ ENGINE_get_digest; ++ OCSP_RESPONSE_print; ++ KRB5_TKTBODY_it; ++ KRB5_TKTBODY_it; ++ ACCESS_DESCRIPTION_it; ++ ACCESS_DESCRIPTION_it; ++ PKCS7_ISSUER_AND_SERIAL_it; ++ PKCS7_ISSUER_AND_SERIAL_it; ++ PBE2PARAM_it; ++ PBE2PARAM_it; ++ PKCS12_certbag2x509crl; ++ PKCS7_SIGNED_it; ++ PKCS7_SIGNED_it; ++ ENGINE_get_cipher; ++ i2d_OCSP_CRLID; ++ OCSP_SINGLERESP_new; ++ ENGINE_cmd_is_executable; ++ RSA_up_ref; ++ ASN1_GENERALSTRING_it; ++ ASN1_GENERALSTRING_it; ++ ENGINE_register_DSA; ++ X509V3_EXT_add_nconf_sk; ++ ENGINE_set_load_pubkey_function; ++ PKCS8_decrypt; ++ PEM_bytes_read_bio; ++ DIRECTORYSTRING_it; ++ DIRECTORYSTRING_it; ++ d2i_OCSP_CRLID; ++ EC_POINT_is_on_curve; ++ CRYPTO_set_locked_mem_ex_functions; ++ CRYPTO_set_locked_mem_ex_funcs; ++ d2i_KRB5_CHECKSUM; ++ ASN1_item_dup; ++ X509_it; ++ X509_it; ++ BN_mod_add; ++ KRB5_AUTHDATA_free; ++ _ossl_old_des_cbc_cksum; ++ ASN1_item_verify; ++ CRYPTO_set_mem_ex_functions; ++ EC_POINT_get_Jprojective_coordinates_GFp; ++ EC_POINT_get_Jproj_coords_GFp; ++ ZLONG_it; ++ ZLONG_it; ++ CRYPTO_get_locked_mem_ex_functions; ++ CRYPTO_get_locked_mem_ex_funcs; ++ ASN1_TIME_check; ++ UI_get0_user_data; ++ HMAC_CTX_cleanup; ++ DSA_up_ref; ++ _ossl_old_des_ede3_cfb64_encrypt; ++ _ossl_odes_ede3_cfb64_encrypt; ++ ASN1_BMPSTRING_it; ++ ASN1_BMPSTRING_it; ++ ASN1_tag2bit; ++ UI_method_set_flusher; ++ X509_ocspid_print; ++ KRB5_ENCDATA_it; ++ KRB5_ENCDATA_it; ++ ENGINE_get_load_pubkey_function; ++ UI_add_user_data; ++ OCSP_REQUEST_delete_ext; ++ UI_get_method; ++ OCSP_ONEREQ_free; ++ ASN1_PRINTABLESTRING_it; ++ ASN1_PRINTABLESTRING_it; ++ X509_CRL_set_nextUpdate; ++ OCSP_REQUEST_it; ++ OCSP_REQUEST_it; ++ OCSP_BASICRESP_it; ++ OCSP_BASICRESP_it; ++ AES_ecb_encrypt; ++ BN_mod_sqr; ++ NETSCAPE_CERT_SEQUENCE_it; ++ NETSCAPE_CERT_SEQUENCE_it; ++ GENERAL_NAMES_it; ++ GENERAL_NAMES_it; ++ AUTHORITY_INFO_ACCESS_it; ++ AUTHORITY_INFO_ACCESS_it; ++ ASN1_FBOOLEAN_it; ++ ASN1_FBOOLEAN_it; ++ UI_set_ex_data; ++ _ossl_old_des_string_to_key; ++ ENGINE_register_all_RSA; ++ d2i_KRB5_PRINCNAME; ++ OCSP_RESPBYTES_it; ++ OCSP_RESPBYTES_it; ++ X509_CINF_it; ++ X509_CINF_it; ++ ENGINE_unregister_digests; ++ d2i_EDIPARTYNAME; ++ d2i_OCSP_SERVICELOC; ++ ENGINE_get_digests; ++ _ossl_old_des_set_odd_parity; ++ OCSP_RESPDATA_free; ++ d2i_KRB5_TICKET; ++ OTHERNAME_it; ++ OTHERNAME_it; ++ EVP_MD_CTX_cleanup; ++ d2i_ASN1_GENERALSTRING; ++ X509_CRL_set_version; ++ BN_mod_sub; ++ OCSP_SINGLERESP_get_ext_by_NID; ++ ENGINE_get_ex_new_index; ++ OCSP_REQUEST_free; ++ OCSP_REQUEST_add1_ext_i2d; ++ X509_VAL_it; ++ X509_VAL_it; ++ EC_POINTs_make_affine; ++ EC_POINT_mul; ++ X509V3_EXT_add_nconf; ++ X509_TRUST_set; ++ X509_CRL_add1_ext_i2d; ++ _ossl_old_des_fcrypt; ++ DISPLAYTEXT_it; ++ DISPLAYTEXT_it; ++ X509_CRL_set_lastUpdate; ++ OCSP_BASICRESP_free; ++ OCSP_BASICRESP_add1_ext_i2d; ++ d2i_KRB5_AUTHENTBODY; ++ CRYPTO_set_ex_data_implementation; ++ CRYPTO_set_ex_data_impl; ++ KRB5_ENCDATA_new; ++ DSO_up_ref; ++ OCSP_crl_reason_str; ++ UI_get0_result_string; ++ ASN1_GENERALSTRING_new; ++ X509_SIG_it; ++ X509_SIG_it; ++ ERR_set_implementation; ++ ERR_load_EC_strings; ++ UI_get0_action_string; ++ OCSP_ONEREQ_get_ext; ++ EC_POINT_method_of; ++ i2d_KRB5_APREQBODY; ++ _ossl_old_des_ecb3_encrypt; ++ CRYPTO_get_mem_ex_functions; ++ ENGINE_get_ex_data; ++ UI_destroy_method; ++ ASN1_item_i2d_bio; ++ OCSP_ONEREQ_get_ext_by_OBJ; ++ ASN1_primitive_new; ++ ASN1_PRINTABLE_it; ++ ASN1_PRINTABLE_it; ++ EVP_aes_192_ecb; ++ OCSP_SIGNATURE_new; ++ LONG_it; ++ LONG_it; ++ ASN1_VISIBLESTRING_it; ++ ASN1_VISIBLESTRING_it; ++ OCSP_SINGLERESP_add1_ext_i2d; ++ d2i_OCSP_CERTID; ++ ASN1_item_d2i_fp; ++ CRL_DIST_POINTS_it; ++ CRL_DIST_POINTS_it; ++ GENERAL_NAME_print; ++ OCSP_SINGLERESP_delete_ext; ++ PKCS12_SAFEBAGS_it; ++ PKCS12_SAFEBAGS_it; ++ d2i_OCSP_SIGNATURE; ++ OCSP_request_add1_nonce; ++ ENGINE_set_cmd_defns; ++ OCSP_SERVICELOC_free; ++ EC_GROUP_free; ++ ASN1_BIT_STRING_it; ++ ASN1_BIT_STRING_it; ++ X509_REQ_it; ++ X509_REQ_it; ++ _ossl_old_des_cbc_encrypt; ++ ERR_unload_strings; ++ PKCS7_SIGN_ENVELOPE_it; ++ PKCS7_SIGN_ENVELOPE_it; ++ EDIPARTYNAME_free; ++ OCSP_REQINFO_free; ++ EC_GROUP_new_curve_GFp; ++ OCSP_REQUEST_get1_ext_d2i; ++ PKCS12_item_pack_safebag; ++ asn1_ex_c2i; ++ ENGINE_register_digests; ++ i2d_OCSP_REVOKEDINFO; ++ asn1_enc_restore; ++ UI_free; ++ UI_new_method; ++ EVP_EncryptInit_ex; ++ X509_pubkey_digest; ++ EC_POINT_invert; ++ OCSP_basic_sign; ++ i2d_OCSP_RESPID; ++ OCSP_check_nonce; ++ ENGINE_ctrl_cmd; ++ d2i_KRB5_ENCKEY; ++ OCSP_parse_url; ++ OCSP_SINGLERESP_get_ext; ++ OCSP_CRLID_free; ++ OCSP_BASICRESP_get1_ext_d2i; ++ RSAPrivateKey_it; ++ RSAPrivateKey_it; ++ ENGINE_register_all_DH; ++ i2d_EDIPARTYNAME; ++ EC_POINT_get_affine_coordinates_GFp; ++ EC_POINT_get_affine_coords_GFp; ++ OCSP_CRLID_new; ++ ENGINE_get_flags; ++ OCSP_ONEREQ_it; ++ OCSP_ONEREQ_it; ++ UI_process; ++ ASN1_INTEGER_it; ++ ASN1_INTEGER_it; ++ EVP_CipherInit_ex; ++ UI_get_string_type; ++ ENGINE_unregister_DH; ++ ENGINE_register_all_DSA; ++ OCSP_ONEREQ_get_ext_by_critical; ++ bn_dup_expand; ++ OCSP_cert_id_new; ++ BASIC_CONSTRAINTS_it; ++ BASIC_CONSTRAINTS_it; ++ BN_mod_add_quick; ++ EC_POINT_new; ++ EVP_MD_CTX_destroy; ++ OCSP_RESPBYTES_free; ++ EVP_aes_128_cbc; ++ OCSP_SINGLERESP_get1_ext_d2i; ++ EC_POINT_free; ++ DH_up_ref; ++ X509_NAME_ENTRY_it; ++ X509_NAME_ENTRY_it; ++ UI_get_ex_new_index; ++ BN_mod_sub_quick; ++ OCSP_ONEREQ_add_ext; ++ OCSP_request_sign; ++ EVP_DigestFinal_ex; ++ ENGINE_set_digests; ++ OCSP_id_issuer_cmp; ++ OBJ_NAME_do_all; ++ EC_POINTs_mul; ++ ENGINE_register_complete; ++ X509V3_EXT_nconf_nid; ++ ASN1_SEQUENCE_it; ++ ASN1_SEQUENCE_it; ++ UI_set_default_method; ++ RAND_query_egd_bytes; ++ UI_method_get_writer; ++ UI_OpenSSL; ++ PEM_def_callback; ++ ENGINE_cleanup; ++ DIST_POINT_it; ++ DIST_POINT_it; ++ OCSP_SINGLERESP_it; ++ OCSP_SINGLERESP_it; ++ d2i_KRB5_TKTBODY; ++ EC_POINT_cmp; ++ OCSP_REVOKEDINFO_new; ++ i2d_OCSP_CERTSTATUS; ++ OCSP_basic_add1_nonce; ++ ASN1_item_ex_d2i; ++ BN_mod_lshift1_quick; ++ UI_set_method; ++ OCSP_id_get0_info; ++ BN_mod_sqrt; ++ EC_GROUP_copy; ++ KRB5_ENCDATA_free; ++ _ossl_old_des_cfb_encrypt; ++ OCSP_SINGLERESP_get_ext_by_OBJ; ++ OCSP_cert_to_id; ++ OCSP_RESPID_new; ++ OCSP_RESPDATA_it; ++ OCSP_RESPDATA_it; ++ d2i_OCSP_RESPDATA; ++ ENGINE_register_all_complete; ++ OCSP_check_validity; ++ PKCS12_BAGS_it; ++ PKCS12_BAGS_it; ++ OCSP_url_svcloc_new; ++ ASN1_template_free; ++ OCSP_SINGLERESP_add_ext; ++ KRB5_AUTHENTBODY_it; ++ KRB5_AUTHENTBODY_it; ++ X509_supported_extension; ++ i2d_KRB5_AUTHDATA; ++ UI_method_get_opener; ++ ENGINE_set_ex_data; ++ OCSP_REQUEST_print; ++ CBIGNUM_it; ++ CBIGNUM_it; ++ KRB5_TICKET_new; ++ KRB5_APREQ_new; ++ EC_GROUP_get_curve_GFp; ++ KRB5_ENCKEY_new; ++ ASN1_template_d2i; ++ _ossl_old_des_quad_cksum; ++ OCSP_single_get0_status; ++ BN_swap; ++ POLICYINFO_it; ++ POLICYINFO_it; ++ ENGINE_set_destroy_function; ++ asn1_enc_free; ++ OCSP_RESPID_it; ++ OCSP_RESPID_it; ++ EC_GROUP_new; ++ EVP_aes_256_cbc; ++ i2d_KRB5_PRINCNAME; ++ _ossl_old_des_encrypt2; ++ _ossl_old_des_encrypt3; ++ PKCS8_PRIV_KEY_INFO_it; ++ PKCS8_PRIV_KEY_INFO_it; ++ OCSP_REQINFO_it; ++ OCSP_REQINFO_it; ++ PBEPARAM_it; ++ PBEPARAM_it; ++ KRB5_AUTHENTBODY_new; ++ X509_CRL_add0_revoked; ++ EDIPARTYNAME_it; ++ EDIPARTYNAME_it; ++ NETSCAPE_SPKI_it; ++ NETSCAPE_SPKI_it; ++ UI_get0_test_string; ++ ENGINE_get_cipher_engine; ++ ENGINE_register_all_ciphers; ++ EC_POINT_copy; ++ BN_kronecker; ++ _ossl_old_des_ede3_ofb64_encrypt; ++ _ossl_odes_ede3_ofb64_encrypt; ++ UI_method_get_reader; ++ OCSP_BASICRESP_get_ext_count; ++ ASN1_ENUMERATED_it; ++ ASN1_ENUMERATED_it; ++ UI_set_result; ++ i2d_KRB5_TICKET; ++ X509_print_ex_fp; ++ EVP_CIPHER_CTX_set_padding; ++ d2i_OCSP_RESPONSE; ++ ASN1_UTCTIME_it; ++ ASN1_UTCTIME_it; ++ _ossl_old_des_enc_write; ++ OCSP_RESPONSE_new; ++ AES_set_encrypt_key; ++ OCSP_resp_count; ++ KRB5_CHECKSUM_new; ++ ENGINE_load_cswift; ++ OCSP_onereq_get0_id; ++ ENGINE_set_default_ciphers; ++ NOTICEREF_it; ++ NOTICEREF_it; ++ X509V3_EXT_CRL_add_nconf; ++ OCSP_REVOKEDINFO_it; ++ OCSP_REVOKEDINFO_it; ++ AES_encrypt; ++ OCSP_REQUEST_new; ++ ASN1_ANY_it; ++ ASN1_ANY_it; ++ CRYPTO_ex_data_new_class; ++ _ossl_old_des_ncbc_encrypt; ++ i2d_KRB5_TKTBODY; ++ EC_POINT_clear_free; ++ AES_decrypt; ++ asn1_enc_init; ++ UI_get_result_maxsize; ++ OCSP_CERTID_new; ++ ENGINE_unregister_RAND; ++ UI_method_get_closer; ++ d2i_KRB5_ENCDATA; ++ OCSP_request_onereq_count; ++ OCSP_basic_verify; ++ KRB5_AUTHENTBODY_free; ++ ASN1_item_d2i; ++ ASN1_primitive_free; ++ i2d_EXTENDED_KEY_USAGE; ++ i2d_OCSP_SIGNATURE; ++ asn1_enc_save; ++ ENGINE_load_nuron; ++ _ossl_old_des_pcbc_encrypt; ++ PKCS12_MAC_DATA_it; ++ PKCS12_MAC_DATA_it; ++ OCSP_accept_responses_new; ++ asn1_do_lock; ++ PKCS7_ATTR_VERIFY_it; ++ PKCS7_ATTR_VERIFY_it; ++ KRB5_APREQBODY_it; ++ KRB5_APREQBODY_it; ++ i2d_OCSP_SINGLERESP; ++ ASN1_item_ex_new; ++ UI_add_verify_string; ++ _ossl_old_des_set_key; ++ KRB5_PRINCNAME_it; ++ KRB5_PRINCNAME_it; ++ EVP_DecryptInit_ex; ++ i2d_OCSP_CERTID; ++ ASN1_item_d2i_bio; ++ EC_POINT_dbl; ++ asn1_get_choice_selector; ++ i2d_KRB5_CHECKSUM; ++ ENGINE_set_table_flags; ++ AES_options; ++ ENGINE_load_chil; ++ OCSP_id_cmp; ++ OCSP_BASICRESP_new; ++ OCSP_REQUEST_get_ext_by_NID; ++ KRB5_APREQ_it; ++ KRB5_APREQ_it; ++ ENGINE_get_destroy_function; ++ CONF_set_nconf; ++ ASN1_PRINTABLE_free; ++ OCSP_BASICRESP_get_ext_by_NID; ++ DIST_POINT_NAME_it; ++ DIST_POINT_NAME_it; ++ X509V3_extensions_print; ++ _ossl_old_des_cfb64_encrypt; ++ X509_REVOKED_add1_ext_i2d; ++ _ossl_old_des_ofb_encrypt; ++ KRB5_TKTBODY_new; ++ ASN1_OCTET_STRING_it; ++ ASN1_OCTET_STRING_it; ++ ERR_load_UI_strings; ++ i2d_KRB5_ENCKEY; ++ ASN1_template_new; ++ OCSP_SIGNATURE_free; ++ ASN1_item_i2d_fp; ++ KRB5_PRINCNAME_free; ++ PKCS7_RECIP_INFO_it; ++ PKCS7_RECIP_INFO_it; ++ EXTENDED_KEY_USAGE_it; ++ EXTENDED_KEY_USAGE_it; ++ EC_GFp_simple_method; ++ EC_GROUP_precompute_mult; ++ OCSP_request_onereq_get0; ++ UI_method_set_writer; ++ KRB5_AUTHENT_new; ++ X509_CRL_INFO_it; ++ X509_CRL_INFO_it; ++ DSO_set_name_converter; ++ AES_set_decrypt_key; ++ PKCS7_DIGEST_it; ++ PKCS7_DIGEST_it; ++ PKCS12_x5092certbag; ++ EVP_DigestInit_ex; ++ i2a_ACCESS_DESCRIPTION; ++ OCSP_RESPONSE_it; ++ OCSP_RESPONSE_it; ++ PKCS7_ENC_CONTENT_it; ++ PKCS7_ENC_CONTENT_it; ++ OCSP_request_add0_id; ++ EC_POINT_make_affine; ++ DSO_get_filename; ++ OCSP_CERTSTATUS_it; ++ OCSP_CERTSTATUS_it; ++ OCSP_request_add1_cert; ++ UI_get0_output_string; ++ UI_dup_verify_string; ++ BN_mod_lshift; ++ KRB5_AUTHDATA_it; ++ KRB5_AUTHDATA_it; ++ asn1_set_choice_selector; ++ OCSP_basic_add1_status; ++ OCSP_RESPID_free; ++ asn1_get_field_ptr; ++ UI_add_input_string; ++ OCSP_CRLID_it; ++ OCSP_CRLID_it; ++ i2d_KRB5_AUTHENTBODY; ++ OCSP_REQUEST_get_ext_count; ++ ENGINE_load_atalla; ++ X509_NAME_it; ++ X509_NAME_it; ++ USERNOTICE_it; ++ USERNOTICE_it; ++ OCSP_REQINFO_new; ++ OCSP_BASICRESP_get_ext; ++ CRYPTO_get_ex_data_implementation; ++ CRYPTO_get_ex_data_impl; ++ ASN1_item_pack; ++ i2d_KRB5_ENCDATA; ++ X509_PURPOSE_set; ++ X509_REQ_INFO_it; ++ X509_REQ_INFO_it; ++ UI_method_set_opener; ++ ASN1_item_ex_free; ++ ASN1_BOOLEAN_it; ++ ASN1_BOOLEAN_it; ++ ENGINE_get_table_flags; ++ UI_create_method; ++ OCSP_ONEREQ_add1_ext_i2d; ++ _shadow_DES_check_key; ++ _shadow_DES_check_key; ++ d2i_OCSP_REQINFO; ++ UI_add_info_string; ++ UI_get_result_minsize; ++ ASN1_NULL_it; ++ ASN1_NULL_it; ++ BN_mod_lshift1; ++ d2i_OCSP_ONEREQ; ++ OCSP_ONEREQ_new; ++ KRB5_TICKET_it; ++ KRB5_TICKET_it; ++ EVP_aes_192_cbc; ++ KRB5_TICKET_free; ++ UI_new; ++ OCSP_response_create; ++ _ossl_old_des_xcbc_encrypt; ++ PKCS7_it; ++ PKCS7_it; ++ OCSP_REQUEST_get_ext_by_critical; ++ OCSP_REQUEST_get_ext_by_crit; ++ ENGINE_set_flags; ++ _ossl_old_des_ecb_encrypt; ++ OCSP_response_get1_basic; ++ EVP_Digest; ++ OCSP_ONEREQ_delete_ext; ++ ASN1_TBOOLEAN_it; ++ ASN1_TBOOLEAN_it; ++ ASN1_item_new; ++ ASN1_TIME_to_generalizedtime; ++ BIGNUM_it; ++ BIGNUM_it; ++ AES_cbc_encrypt; ++ ENGINE_get_load_privkey_function; ++ ENGINE_get_load_privkey_fn; ++ OCSP_RESPONSE_free; ++ UI_method_set_reader; ++ i2d_ASN1_T61STRING; ++ EC_POINT_set_to_infinity; ++ ERR_load_OCSP_strings; ++ EC_POINT_point2oct; ++ KRB5_APREQ_free; ++ ASN1_OBJECT_it; ++ ASN1_OBJECT_it; ++ OCSP_crlID_new; ++ OCSP_crlID2_new; ++ CONF_modules_load_file; ++ CONF_imodule_set_usr_data; ++ ENGINE_set_default_string; ++ CONF_module_get_usr_data; ++ ASN1_add_oid_module; ++ CONF_modules_finish; ++ OPENSSL_config; ++ CONF_modules_unload; ++ CONF_imodule_get_value; ++ CONF_module_set_usr_data; ++ CONF_parse_list; ++ CONF_module_add; ++ CONF_get1_default_config_file; ++ CONF_imodule_get_flags; ++ CONF_imodule_get_module; ++ CONF_modules_load; ++ CONF_imodule_get_name; ++ ERR_peek_top_error; ++ CONF_imodule_get_usr_data; ++ CONF_imodule_set_flags; ++ ENGINE_add_conf_module; ++ ERR_peek_last_error_line; ++ ERR_peek_last_error_line_data; ++ ERR_peek_last_error; ++ DES_read_2passwords; ++ DES_read_password; ++ UI_UTIL_read_pw; ++ UI_UTIL_read_pw_string; ++ ENGINE_load_aep; ++ ENGINE_load_sureware; ++ OPENSSL_add_all_algorithms_noconf; ++ OPENSSL_add_all_algo_noconf; ++ OPENSSL_add_all_algorithms_conf; ++ OPENSSL_add_all_algo_conf; ++ OPENSSL_load_builtin_modules; ++ AES_ofb128_encrypt; ++ AES_ctr128_encrypt; ++ AES_cfb128_encrypt; ++ ENGINE_load_4758cca; ++ _ossl_096_des_random_seed; ++ EVP_aes_256_ofb; ++ EVP_aes_192_ofb; ++ EVP_aes_128_cfb128; ++ EVP_aes_256_cfb128; ++ EVP_aes_128_ofb; ++ EVP_aes_192_cfb128; ++ CONF_modules_free; ++ NCONF_default; ++ OPENSSL_no_config; ++ NCONF_WIN32; ++ ASN1_UNIVERSALSTRING_new; ++ EVP_des_ede_ecb; ++ i2d_ASN1_UNIVERSALSTRING; ++ ASN1_UNIVERSALSTRING_free; ++ ASN1_UNIVERSALSTRING_it; ++ ASN1_UNIVERSALSTRING_it; ++ d2i_ASN1_UNIVERSALSTRING; ++ EVP_des_ede3_ecb; ++ X509_REQ_print_ex; ++ ENGINE_up_ref; ++ BUF_MEM_grow_clean; ++ CRYPTO_realloc_clean; ++ BUF_strlcat; ++ BIO_indent; ++ BUF_strlcpy; ++ OpenSSLDie; ++ OPENSSL_cleanse; ++ ENGINE_setup_bsd_cryptodev; ++ ERR_release_err_state_table; ++ EVP_aes_128_cfb8; ++ FIPS_corrupt_rsa; ++ FIPS_selftest_des; ++ EVP_aes_128_cfb1; ++ EVP_aes_192_cfb8; ++ FIPS_mode_set; ++ FIPS_selftest_dsa; ++ EVP_aes_256_cfb8; ++ FIPS_allow_md5; ++ DES_ede3_cfb_encrypt; ++ EVP_des_ede3_cfb8; ++ FIPS_rand_seeded; ++ AES_cfbr_encrypt_block; ++ AES_cfb8_encrypt; ++ FIPS_rand_seed; ++ FIPS_corrupt_des; ++ EVP_aes_192_cfb1; ++ FIPS_selftest_aes; ++ FIPS_set_prng_key; ++ EVP_des_cfb8; ++ FIPS_corrupt_dsa; ++ FIPS_test_mode; ++ FIPS_rand_method; ++ EVP_aes_256_cfb1; ++ ERR_load_FIPS_strings; ++ FIPS_corrupt_aes; ++ FIPS_selftest_sha1; ++ FIPS_selftest_rsa; ++ FIPS_corrupt_sha1; ++ EVP_des_cfb1; ++ FIPS_dsa_check; ++ AES_cfb1_encrypt; ++ EVP_des_ede3_cfb1; ++ FIPS_rand_check; ++ FIPS_md5_allowed; ++ FIPS_mode; ++ FIPS_selftest_failed; ++ sk_is_sorted; ++ X509_check_ca; ++ HMAC_CTX_set_flags; ++ d2i_PROXY_CERT_INFO_EXTENSION; ++ PROXY_POLICY_it; ++ PROXY_POLICY_it; ++ i2d_PROXY_POLICY; ++ i2d_PROXY_CERT_INFO_EXTENSION; ++ d2i_PROXY_POLICY; ++ PROXY_CERT_INFO_EXTENSION_new; ++ PROXY_CERT_INFO_EXTENSION_free; ++ PROXY_CERT_INFO_EXTENSION_it; ++ PROXY_CERT_INFO_EXTENSION_it; ++ PROXY_POLICY_free; ++ PROXY_POLICY_new; ++ BN_MONT_CTX_set_locked; ++ FIPS_selftest_rng; ++ EVP_sha384; ++ EVP_sha512; ++ EVP_sha224; ++ EVP_sha256; ++ FIPS_selftest_hmac; ++ FIPS_corrupt_rng; ++ BN_mod_exp_mont_consttime; ++ RSA_X931_hash_id; ++ RSA_padding_check_X931; ++ RSA_verify_PKCS1_PSS; ++ RSA_padding_add_X931; ++ RSA_padding_add_PKCS1_PSS; ++ PKCS1_MGF1; ++ BN_X931_generate_Xpq; ++ RSA_X931_generate_key; ++ BN_X931_derive_prime; ++ BN_X931_generate_prime; ++ RSA_X931_derive; ++ BIO_new_dgram; ++ BN_get0_nist_prime_384; ++ ERR_set_mark; ++ X509_STORE_CTX_set0_crls; ++ ENGINE_set_STORE; ++ ENGINE_register_ECDSA; ++ STORE_meth_set_list_start_fn; ++ STORE_method_set_list_start_function; ++ BN_BLINDING_invert_ex; ++ NAME_CONSTRAINTS_free; ++ STORE_ATTR_INFO_set_number; ++ BN_BLINDING_get_thread_id; ++ X509_STORE_CTX_set0_param; ++ POLICY_MAPPING_it; ++ POLICY_MAPPING_it; ++ STORE_parse_attrs_start; ++ POLICY_CONSTRAINTS_free; ++ EVP_PKEY_add1_attr_by_NID; ++ BN_nist_mod_192; ++ EC_GROUP_get_trinomial_basis; ++ STORE_set_method; ++ GENERAL_SUBTREE_free; ++ NAME_CONSTRAINTS_it; ++ NAME_CONSTRAINTS_it; ++ ECDH_get_default_method; ++ PKCS12_add_safe; ++ EC_KEY_new_by_curve_name; ++ STORE_meth_get_update_store_fn; ++ STORE_method_get_update_store_function; ++ ENGINE_register_ECDH; ++ SHA512_Update; ++ i2d_ECPrivateKey; ++ BN_get0_nist_prime_192; ++ STORE_modify_certificate; ++ EC_POINT_set_affine_coordinates_GF2m; ++ EC_POINT_set_affine_coords_GF2m; ++ BN_GF2m_mod_exp_arr; ++ STORE_ATTR_INFO_modify_number; ++ X509_keyid_get0; ++ ENGINE_load_gmp; ++ pitem_new; ++ BN_GF2m_mod_mul_arr; ++ STORE_list_public_key_endp; ++ o2i_ECPublicKey; ++ EC_KEY_copy; ++ BIO_dump_fp; ++ X509_policy_node_get0_parent; ++ EC_GROUP_check_discriminant; ++ i2o_ECPublicKey; ++ EC_KEY_precompute_mult; ++ a2i_IPADDRESS; ++ STORE_meth_set_initialise_fn; ++ STORE_method_set_initialise_function; ++ X509_STORE_CTX_set_depth; ++ X509_VERIFY_PARAM_inherit; ++ EC_POINT_point2bn; ++ STORE_ATTR_INFO_set_dn; ++ X509_policy_tree_get0_policies; ++ EC_GROUP_new_curve_GF2m; ++ STORE_destroy_method; ++ ENGINE_unregister_STORE; ++ EVP_PKEY_get1_EC_KEY; ++ STORE_ATTR_INFO_get0_number; ++ ENGINE_get_default_ECDH; ++ EC_KEY_get_conv_form; ++ ASN1_OCTET_STRING_NDEF_it; ++ ASN1_OCTET_STRING_NDEF_it; ++ STORE_delete_public_key; ++ STORE_get_public_key; ++ STORE_modify_arbitrary; ++ ENGINE_get_static_state; ++ pqueue_iterator; ++ ECDSA_SIG_new; ++ OPENSSL_DIR_end; ++ BN_GF2m_mod_sqr; ++ EC_POINT_bn2point; ++ X509_VERIFY_PARAM_set_depth; ++ EC_KEY_set_asn1_flag; ++ STORE_get_method; ++ EC_KEY_get_key_method_data; ++ ECDSA_sign_ex; ++ STORE_parse_attrs_end; ++ EC_GROUP_get_point_conversion_form; ++ EC_GROUP_get_point_conv_form; ++ STORE_method_set_store_function; ++ STORE_ATTR_INFO_in; ++ PEM_read_bio_ECPKParameters; ++ EC_GROUP_get_pentanomial_basis; ++ EVP_PKEY_add1_attr_by_txt; ++ BN_BLINDING_set_flags; ++ X509_VERIFY_PARAM_set1_policies; ++ X509_VERIFY_PARAM_set1_name; ++ X509_VERIFY_PARAM_set_purpose; ++ STORE_get_number; ++ ECDSA_sign_setup; ++ BN_GF2m_mod_solve_quad_arr; ++ EC_KEY_up_ref; ++ POLICY_MAPPING_free; ++ BN_GF2m_mod_div; ++ X509_VERIFY_PARAM_set_flags; ++ EC_KEY_free; ++ STORE_meth_set_list_next_fn; ++ STORE_method_set_list_next_function; ++ PEM_write_bio_ECPrivateKey; ++ d2i_EC_PUBKEY; ++ STORE_meth_get_generate_fn; ++ STORE_method_get_generate_function; ++ STORE_meth_set_list_end_fn; ++ STORE_method_set_list_end_function; ++ pqueue_print; ++ EC_GROUP_have_precompute_mult; ++ EC_KEY_print_fp; ++ BN_GF2m_mod_arr; ++ PEM_write_bio_X509_CERT_PAIR; ++ EVP_PKEY_cmp; ++ X509_policy_level_node_count; ++ STORE_new_engine; ++ STORE_list_public_key_start; ++ X509_VERIFY_PARAM_new; ++ ECDH_get_ex_data; ++ EVP_PKEY_get_attr; ++ ECDSA_do_sign; ++ ENGINE_unregister_ECDH; ++ ECDH_OpenSSL; ++ EC_KEY_set_conv_form; ++ EC_POINT_dup; ++ GENERAL_SUBTREE_new; ++ STORE_list_crl_endp; ++ EC_get_builtin_curves; ++ X509_policy_node_get0_qualifiers; ++ X509_pcy_node_get0_qualifiers; ++ STORE_list_crl_end; ++ EVP_PKEY_set1_EC_KEY; ++ BN_GF2m_mod_sqrt_arr; ++ i2d_ECPrivateKey_bio; ++ ECPKParameters_print_fp; ++ pqueue_find; ++ ECDSA_SIG_free; ++ PEM_write_bio_ECPKParameters; ++ STORE_method_set_ctrl_function; ++ STORE_list_public_key_end; ++ EC_KEY_set_private_key; ++ pqueue_peek; ++ STORE_get_arbitrary; ++ STORE_store_crl; ++ X509_policy_node_get0_policy; ++ PKCS12_add_safes; ++ BN_BLINDING_convert_ex; ++ X509_policy_tree_free; ++ OPENSSL_ia32cap_loc; ++ BN_GF2m_poly2arr; ++ STORE_ctrl; ++ STORE_ATTR_INFO_compare; ++ BN_get0_nist_prime_224; ++ i2d_ECParameters; ++ i2d_ECPKParameters; ++ BN_GENCB_call; ++ d2i_ECPKParameters; ++ STORE_meth_set_generate_fn; ++ STORE_method_set_generate_function; ++ ENGINE_set_ECDH; ++ NAME_CONSTRAINTS_new; ++ SHA256_Init; ++ EC_KEY_get0_public_key; ++ PEM_write_bio_EC_PUBKEY; ++ STORE_ATTR_INFO_set_cstr; ++ STORE_list_crl_next; ++ STORE_ATTR_INFO_in_range; ++ ECParameters_print; ++ STORE_meth_set_delete_fn; ++ STORE_method_set_delete_function; ++ STORE_list_certificate_next; ++ ASN1_generate_nconf; ++ BUF_memdup; ++ BN_GF2m_mod_mul; ++ STORE_meth_get_list_next_fn; ++ STORE_method_get_list_next_function; ++ STORE_ATTR_INFO_get0_dn; ++ STORE_list_private_key_next; ++ EC_GROUP_set_seed; ++ X509_VERIFY_PARAM_set_trust; ++ STORE_ATTR_INFO_free; ++ STORE_get_private_key; ++ EVP_PKEY_get_attr_count; ++ STORE_ATTR_INFO_new; ++ EC_GROUP_get_curve_GF2m; ++ STORE_meth_set_revoke_fn; ++ STORE_method_set_revoke_function; ++ STORE_store_number; ++ BN_is_prime_ex; ++ STORE_revoke_public_key; ++ X509_STORE_CTX_get0_param; ++ STORE_delete_arbitrary; ++ PEM_read_X509_CERT_PAIR; ++ X509_STORE_set_depth; ++ ECDSA_get_ex_data; ++ SHA224; ++ BIO_dump_indent_fp; ++ EC_KEY_set_group; ++ BUF_strndup; ++ STORE_list_certificate_start; ++ BN_GF2m_mod; ++ X509_REQ_check_private_key; ++ EC_GROUP_get_seed_len; ++ ERR_load_STORE_strings; ++ PEM_read_bio_EC_PUBKEY; ++ STORE_list_private_key_end; ++ i2d_EC_PUBKEY; ++ ECDSA_get_default_method; ++ ASN1_put_eoc; ++ X509_STORE_CTX_get_explicit_policy; ++ X509_STORE_CTX_get_expl_policy; ++ X509_VERIFY_PARAM_table_cleanup; ++ STORE_modify_private_key; ++ X509_VERIFY_PARAM_free; ++ EC_METHOD_get_field_type; ++ EC_GFp_nist_method; ++ STORE_meth_set_modify_fn; ++ STORE_method_set_modify_function; ++ STORE_parse_attrs_next; ++ ENGINE_load_padlock; ++ EC_GROUP_set_curve_name; ++ X509_CERT_PAIR_it; ++ X509_CERT_PAIR_it; ++ STORE_meth_get_revoke_fn; ++ STORE_method_get_revoke_function; ++ STORE_method_set_get_function; ++ STORE_modify_number; ++ STORE_method_get_store_function; ++ STORE_store_private_key; ++ BN_GF2m_mod_sqr_arr; ++ RSA_setup_blinding; ++ BIO_s_datagram; ++ STORE_Memory; ++ sk_find_ex; ++ EC_GROUP_set_curve_GF2m; ++ ENGINE_set_default_ECDSA; ++ POLICY_CONSTRAINTS_new; ++ BN_GF2m_mod_sqrt; ++ ECDH_set_default_method; ++ EC_KEY_generate_key; ++ SHA384_Update; ++ BN_GF2m_arr2poly; ++ STORE_method_get_get_function; ++ STORE_meth_set_cleanup_fn; ++ STORE_method_set_cleanup_function; ++ EC_GROUP_check; ++ d2i_ECPrivateKey_bio; ++ EC_KEY_insert_key_method_data; ++ STORE_meth_get_lock_store_fn; ++ STORE_method_get_lock_store_function; ++ X509_VERIFY_PARAM_get_depth; ++ SHA224_Final; ++ STORE_meth_set_update_store_fn; ++ STORE_method_set_update_store_function; ++ SHA224_Update; ++ d2i_ECPrivateKey; ++ ASN1_item_ndef_i2d; ++ STORE_delete_private_key; ++ ERR_pop_to_mark; ++ ENGINE_register_all_STORE; ++ X509_policy_level_get0_node; ++ i2d_PKCS7_NDEF; ++ EC_GROUP_get_degree; ++ ASN1_generate_v3; ++ STORE_ATTR_INFO_modify_cstr; ++ X509_policy_tree_level_count; ++ BN_GF2m_add; ++ EC_KEY_get0_group; ++ STORE_generate_crl; ++ STORE_store_public_key; ++ X509_CERT_PAIR_free; ++ STORE_revoke_private_key; ++ BN_nist_mod_224; ++ SHA512_Final; ++ STORE_ATTR_INFO_modify_dn; ++ STORE_meth_get_initialise_fn; ++ STORE_method_get_initialise_function; ++ STORE_delete_number; ++ i2d_EC_PUBKEY_bio; ++ BIO_dgram_non_fatal_error; ++ EC_GROUP_get_asn1_flag; ++ STORE_ATTR_INFO_in_ex; ++ STORE_list_crl_start; ++ ECDH_get_ex_new_index; ++ STORE_meth_get_modify_fn; ++ STORE_method_get_modify_function; ++ v2i_ASN1_BIT_STRING; ++ STORE_store_certificate; ++ OBJ_bsearch_ex; ++ X509_STORE_CTX_set_default; ++ STORE_ATTR_INFO_set_sha1str; ++ BN_GF2m_mod_inv; ++ BN_GF2m_mod_exp; ++ STORE_modify_public_key; ++ STORE_meth_get_list_start_fn; ++ STORE_method_get_list_start_function; ++ EC_GROUP_get0_seed; ++ STORE_store_arbitrary; ++ STORE_meth_set_unlock_store_fn; ++ STORE_method_set_unlock_store_function; ++ BN_GF2m_mod_div_arr; ++ ENGINE_set_ECDSA; ++ STORE_create_method; ++ ECPKParameters_print; ++ EC_KEY_get0_private_key; ++ PEM_write_EC_PUBKEY; ++ X509_VERIFY_PARAM_set1; ++ ECDH_set_method; ++ v2i_GENERAL_NAME_ex; ++ ECDH_set_ex_data; ++ STORE_generate_key; ++ BN_nist_mod_521; ++ X509_policy_tree_get0_level; ++ EC_GROUP_set_point_conversion_form; ++ EC_GROUP_set_point_conv_form; ++ PEM_read_EC_PUBKEY; ++ i2d_ECDSA_SIG; ++ ECDSA_OpenSSL; ++ STORE_delete_crl; ++ EC_KEY_get_enc_flags; ++ ASN1_const_check_infinite_end; ++ EVP_PKEY_delete_attr; ++ ECDSA_set_default_method; ++ EC_POINT_set_compressed_coordinates_GF2m; ++ EC_POINT_set_compr_coords_GF2m; ++ EC_GROUP_cmp; ++ STORE_revoke_certificate; ++ BN_get0_nist_prime_256; ++ STORE_meth_get_delete_fn; ++ STORE_method_get_delete_function; ++ SHA224_Init; ++ PEM_read_ECPrivateKey; ++ SHA512_Init; ++ STORE_parse_attrs_endp; ++ BN_set_negative; ++ ERR_load_ECDSA_strings; ++ EC_GROUP_get_basis_type; ++ STORE_list_public_key_next; ++ i2v_ASN1_BIT_STRING; ++ STORE_OBJECT_free; ++ BN_nist_mod_384; ++ i2d_X509_CERT_PAIR; ++ PEM_write_ECPKParameters; ++ ECDH_compute_key; ++ STORE_ATTR_INFO_get0_sha1str; ++ ENGINE_register_all_ECDH; ++ pqueue_pop; ++ STORE_ATTR_INFO_get0_cstr; ++ POLICY_CONSTRAINTS_it; ++ POLICY_CONSTRAINTS_it; ++ STORE_get_ex_new_index; ++ EVP_PKEY_get_attr_by_OBJ; ++ X509_VERIFY_PARAM_add0_policy; ++ BN_GF2m_mod_solve_quad; ++ SHA256; ++ i2d_ECPrivateKey_fp; ++ X509_policy_tree_get0_user_policies; ++ X509_pcy_tree_get0_usr_policies; ++ OPENSSL_DIR_read; ++ ENGINE_register_all_ECDSA; ++ X509_VERIFY_PARAM_lookup; ++ EC_POINT_get_affine_coordinates_GF2m; ++ EC_POINT_get_affine_coords_GF2m; ++ EC_GROUP_dup; ++ ENGINE_get_default_ECDSA; ++ EC_KEY_new; ++ SHA256_Transform; ++ EC_KEY_set_enc_flags; ++ ECDSA_verify; ++ EC_POINT_point2hex; ++ ENGINE_get_STORE; ++ SHA512; ++ STORE_get_certificate; ++ ECDSA_do_sign_ex; ++ ECDSA_do_verify; ++ d2i_ECPrivateKey_fp; ++ STORE_delete_certificate; ++ SHA512_Transform; ++ X509_STORE_set1_param; ++ STORE_method_get_ctrl_function; ++ STORE_free; ++ PEM_write_ECPrivateKey; ++ STORE_meth_get_unlock_store_fn; ++ STORE_method_get_unlock_store_function; ++ STORE_get_ex_data; ++ EC_KEY_set_public_key; ++ PEM_read_ECPKParameters; ++ X509_CERT_PAIR_new; ++ ENGINE_register_STORE; ++ RSA_generate_key_ex; ++ DSA_generate_parameters_ex; ++ ECParameters_print_fp; ++ X509V3_NAME_from_section; ++ EVP_PKEY_add1_attr; ++ STORE_modify_crl; ++ STORE_list_private_key_start; ++ POLICY_MAPPINGS_it; ++ POLICY_MAPPINGS_it; ++ GENERAL_SUBTREE_it; ++ GENERAL_SUBTREE_it; ++ EC_GROUP_get_curve_name; ++ PEM_write_X509_CERT_PAIR; ++ BIO_dump_indent_cb; ++ d2i_X509_CERT_PAIR; ++ STORE_list_private_key_endp; ++ asn1_const_Finish; ++ i2d_EC_PUBKEY_fp; ++ BN_nist_mod_256; ++ X509_VERIFY_PARAM_add0_table; ++ pqueue_free; ++ BN_BLINDING_create_param; ++ ECDSA_size; ++ d2i_EC_PUBKEY_bio; ++ BN_get0_nist_prime_521; ++ STORE_ATTR_INFO_modify_sha1str; ++ BN_generate_prime_ex; ++ EC_GROUP_new_by_curve_name; ++ SHA256_Final; ++ DH_generate_parameters_ex; ++ PEM_read_bio_ECPrivateKey; ++ STORE_meth_get_cleanup_fn; ++ STORE_method_get_cleanup_function; ++ ENGINE_get_ECDH; ++ d2i_ECDSA_SIG; ++ BN_is_prime_fasttest_ex; ++ ECDSA_sign; ++ X509_policy_check; ++ EVP_PKEY_get_attr_by_NID; ++ STORE_set_ex_data; ++ ENGINE_get_ECDSA; ++ EVP_ecdsa; ++ BN_BLINDING_get_flags; ++ PKCS12_add_cert; ++ STORE_OBJECT_new; ++ ERR_load_ECDH_strings; ++ EC_KEY_dup; ++ EVP_CIPHER_CTX_rand_key; ++ ECDSA_set_method; ++ a2i_IPADDRESS_NC; ++ d2i_ECParameters; ++ STORE_list_certificate_end; ++ STORE_get_crl; ++ X509_POLICY_NODE_print; ++ SHA384_Init; ++ EC_GF2m_simple_method; ++ ECDSA_set_ex_data; ++ SHA384_Final; ++ PKCS7_set_digest; ++ EC_KEY_print; ++ STORE_meth_set_lock_store_fn; ++ STORE_method_set_lock_store_function; ++ ECDSA_get_ex_new_index; ++ SHA384; ++ POLICY_MAPPING_new; ++ STORE_list_certificate_endp; ++ X509_STORE_CTX_get0_policy_tree; ++ EC_GROUP_set_asn1_flag; ++ EC_KEY_check_key; ++ d2i_EC_PUBKEY_fp; ++ PKCS7_set0_type_other; ++ PEM_read_bio_X509_CERT_PAIR; ++ pqueue_next; ++ STORE_meth_get_list_end_fn; ++ STORE_method_get_list_end_function; ++ EVP_PKEY_add1_attr_by_OBJ; ++ X509_VERIFY_PARAM_set_time; ++ pqueue_new; ++ ENGINE_set_default_ECDH; ++ STORE_new_method; ++ PKCS12_add_key; ++ DSO_merge; ++ EC_POINT_hex2point; ++ BIO_dump_cb; ++ SHA256_Update; ++ pqueue_insert; ++ pitem_free; ++ BN_GF2m_mod_inv_arr; ++ ENGINE_unregister_ECDSA; ++ BN_BLINDING_set_thread_id; ++ get_rfc3526_prime_8192; ++ X509_VERIFY_PARAM_clear_flags; ++ get_rfc2409_prime_1024; ++ DH_check_pub_key; ++ get_rfc3526_prime_2048; ++ get_rfc3526_prime_6144; ++ get_rfc3526_prime_1536; ++ get_rfc3526_prime_3072; ++ get_rfc3526_prime_4096; ++ get_rfc2409_prime_768; ++ X509_VERIFY_PARAM_get_flags; ++ EVP_CIPHER_CTX_new; ++ EVP_CIPHER_CTX_free; ++ Camellia_cbc_encrypt; ++ Camellia_cfb128_encrypt; ++ Camellia_cfb1_encrypt; ++ Camellia_cfb8_encrypt; ++ Camellia_ctr128_encrypt; ++ Camellia_cfbr_encrypt_block; ++ Camellia_decrypt; ++ Camellia_ecb_encrypt; ++ Camellia_encrypt; ++ Camellia_ofb128_encrypt; ++ Camellia_set_key; ++ EVP_camellia_128_cbc; ++ EVP_camellia_128_cfb128; ++ EVP_camellia_128_cfb1; ++ EVP_camellia_128_cfb8; ++ EVP_camellia_128_ecb; ++ EVP_camellia_128_ofb; ++ EVP_camellia_192_cbc; ++ EVP_camellia_192_cfb128; ++ EVP_camellia_192_cfb1; ++ EVP_camellia_192_cfb8; ++ EVP_camellia_192_ecb; ++ EVP_camellia_192_ofb; ++ EVP_camellia_256_cbc; ++ EVP_camellia_256_cfb128; ++ EVP_camellia_256_cfb1; ++ EVP_camellia_256_cfb8; ++ EVP_camellia_256_ecb; ++ EVP_camellia_256_ofb; ++ a2i_ipadd; ++ ASIdentifiers_free; ++ i2d_ASIdOrRange; ++ EVP_CIPHER_block_size; ++ v3_asid_is_canonical; ++ IPAddressChoice_free; ++ EVP_CIPHER_CTX_set_app_data; ++ BIO_set_callback_arg; ++ v3_addr_add_prefix; ++ IPAddressOrRange_it; ++ IPAddressOrRange_it; ++ BIO_set_flags; ++ ASIdentifiers_it; ++ ASIdentifiers_it; ++ v3_addr_get_range; ++ BIO_method_type; ++ v3_addr_inherits; ++ IPAddressChoice_it; ++ IPAddressChoice_it; ++ AES_ige_encrypt; ++ v3_addr_add_range; ++ EVP_CIPHER_CTX_nid; ++ d2i_ASRange; ++ v3_addr_add_inherit; ++ v3_asid_add_id_or_range; ++ v3_addr_validate_resource_set; ++ EVP_CIPHER_iv_length; ++ EVP_MD_type; ++ v3_asid_canonize; ++ IPAddressRange_free; ++ v3_asid_add_inherit; ++ EVP_CIPHER_CTX_key_length; ++ IPAddressRange_new; ++ ASIdOrRange_new; ++ EVP_MD_size; ++ EVP_MD_CTX_test_flags; ++ BIO_clear_flags; ++ i2d_ASRange; ++ IPAddressRange_it; ++ IPAddressRange_it; ++ IPAddressChoice_new; ++ ASIdentifierChoice_new; ++ ASRange_free; ++ EVP_MD_pkey_type; ++ EVP_MD_CTX_clear_flags; ++ IPAddressFamily_free; ++ i2d_IPAddressFamily; ++ IPAddressOrRange_new; ++ EVP_CIPHER_flags; ++ v3_asid_validate_resource_set; ++ d2i_IPAddressRange; ++ AES_bi_ige_encrypt; ++ BIO_get_callback; ++ IPAddressOrRange_free; ++ v3_addr_subset; ++ d2i_IPAddressFamily; ++ v3_asid_subset; ++ BIO_test_flags; ++ i2d_ASIdentifierChoice; ++ ASRange_it; ++ ASRange_it; ++ d2i_ASIdentifiers; ++ ASRange_new; ++ d2i_IPAddressChoice; ++ v3_addr_get_afi; ++ EVP_CIPHER_key_length; ++ EVP_Cipher; ++ i2d_IPAddressOrRange; ++ ASIdOrRange_it; ++ ASIdOrRange_it; ++ EVP_CIPHER_nid; ++ i2d_IPAddressChoice; ++ EVP_CIPHER_CTX_block_size; ++ ASIdentifiers_new; ++ v3_addr_validate_path; ++ IPAddressFamily_new; ++ EVP_MD_CTX_set_flags; ++ v3_addr_is_canonical; ++ i2d_IPAddressRange; ++ IPAddressFamily_it; ++ IPAddressFamily_it; ++ v3_asid_inherits; ++ EVP_CIPHER_CTX_cipher; ++ EVP_CIPHER_CTX_get_app_data; ++ EVP_MD_block_size; ++ EVP_CIPHER_CTX_flags; ++ v3_asid_validate_path; ++ d2i_IPAddressOrRange; ++ v3_addr_canonize; ++ ASIdentifierChoice_it; ++ ASIdentifierChoice_it; ++ EVP_MD_CTX_md; ++ d2i_ASIdentifierChoice; ++ BIO_method_name; ++ EVP_CIPHER_CTX_iv_length; ++ ASIdOrRange_free; ++ ASIdentifierChoice_free; ++ BIO_get_callback_arg; ++ BIO_set_callback; ++ d2i_ASIdOrRange; ++ i2d_ASIdentifiers; ++ SEED_decrypt; ++ SEED_encrypt; ++ SEED_cbc_encrypt; ++ EVP_seed_ofb; ++ SEED_cfb128_encrypt; ++ SEED_ofb128_encrypt; ++ EVP_seed_cbc; ++ SEED_ecb_encrypt; ++ EVP_seed_ecb; ++ SEED_set_key; ++ EVP_seed_cfb128; ++ X509_EXTENSIONS_it; ++ X509_EXTENSIONS_it; ++ X509_get1_ocsp; ++ OCSP_REQ_CTX_free; ++ i2d_X509_EXTENSIONS; ++ OCSP_sendreq_nbio; ++ OCSP_sendreq_new; ++ d2i_X509_EXTENSIONS; ++ X509_ALGORS_it; ++ X509_ALGORS_it; ++ X509_ALGOR_get0; ++ X509_ALGOR_set0; ++ AES_unwrap_key; ++ AES_wrap_key; ++ X509at_get0_data_by_OBJ; ++ ASN1_TYPE_set1; ++ ASN1_STRING_set0; ++ i2d_X509_ALGORS; ++ BIO_f_zlib; ++ COMP_zlib_cleanup; ++ d2i_X509_ALGORS; ++ CMS_ReceiptRequest_free; ++ PEM_write_CMS; ++ CMS_add0_CertificateChoices; ++ CMS_unsigned_add1_attr_by_OBJ; ++ ERR_load_CMS_strings; ++ CMS_sign_receipt; ++ i2d_CMS_ContentInfo; ++ CMS_signed_delete_attr; ++ d2i_CMS_bio; ++ CMS_unsigned_get_attr_by_NID; ++ CMS_verify; ++ SMIME_read_CMS; ++ CMS_decrypt_set1_key; ++ CMS_SignerInfo_get0_algs; ++ CMS_add1_cert; ++ CMS_set_detached; ++ CMS_encrypt; ++ CMS_EnvelopedData_create; ++ CMS_uncompress; ++ CMS_add0_crl; ++ CMS_SignerInfo_verify_content; ++ CMS_unsigned_get0_data_by_OBJ; ++ PEM_write_bio_CMS; ++ CMS_unsigned_get_attr; ++ CMS_RecipientInfo_ktri_cert_cmp; ++ CMS_RecipientInfo_ktri_get0_algs; ++ CMS_RecipInfo_ktri_get0_algs; ++ CMS_ContentInfo_free; ++ CMS_final; ++ CMS_add_simple_smimecap; ++ CMS_SignerInfo_verify; ++ CMS_data; ++ CMS_ContentInfo_it; ++ CMS_ContentInfo_it; ++ d2i_CMS_ReceiptRequest; ++ CMS_compress; ++ CMS_digest_create; ++ CMS_SignerInfo_cert_cmp; ++ CMS_SignerInfo_sign; ++ CMS_data_create; ++ i2d_CMS_bio; ++ CMS_EncryptedData_set1_key; ++ CMS_decrypt; ++ int_smime_write_ASN1; ++ CMS_unsigned_delete_attr; ++ CMS_unsigned_get_attr_count; ++ CMS_add_smimecap; ++ PEM_read_CMS; ++ CMS_signed_get_attr_by_OBJ; ++ d2i_CMS_ContentInfo; ++ CMS_add_standard_smimecap; ++ CMS_ContentInfo_new; ++ CMS_RecipientInfo_type; ++ CMS_get0_type; ++ CMS_is_detached; ++ CMS_sign; ++ CMS_signed_add1_attr; ++ CMS_unsigned_get_attr_by_OBJ; ++ SMIME_write_CMS; ++ CMS_EncryptedData_decrypt; ++ CMS_get0_RecipientInfos; ++ CMS_add0_RevocationInfoChoice; ++ CMS_decrypt_set1_pkey; ++ CMS_SignerInfo_set1_signer_cert; ++ CMS_get0_signers; ++ CMS_ReceiptRequest_get0_values; ++ CMS_signed_get0_data_by_OBJ; ++ CMS_get0_SignerInfos; ++ CMS_add0_cert; ++ CMS_EncryptedData_encrypt; ++ CMS_digest_verify; ++ CMS_set1_signers_certs; ++ CMS_signed_get_attr; ++ CMS_RecipientInfo_set0_key; ++ CMS_SignedData_init; ++ CMS_RecipientInfo_kekri_get0_id; ++ CMS_verify_receipt; ++ CMS_ReceiptRequest_it; ++ CMS_ReceiptRequest_it; ++ PEM_read_bio_CMS; ++ CMS_get1_crls; ++ CMS_add0_recipient_key; ++ SMIME_read_ASN1; ++ CMS_ReceiptRequest_new; ++ CMS_get0_content; ++ CMS_get1_ReceiptRequest; ++ CMS_signed_add1_attr_by_OBJ; ++ CMS_RecipientInfo_kekri_id_cmp; ++ CMS_add1_ReceiptRequest; ++ CMS_SignerInfo_get0_signer_id; ++ CMS_unsigned_add1_attr_by_NID; ++ CMS_unsigned_add1_attr; ++ CMS_signed_get_attr_by_NID; ++ CMS_get1_certs; ++ CMS_signed_add1_attr_by_NID; ++ CMS_unsigned_add1_attr_by_txt; ++ CMS_dataFinal; ++ CMS_RecipientInfo_ktri_get0_signer_id; ++ CMS_RecipInfo_ktri_get0_sigr_id; ++ i2d_CMS_ReceiptRequest; ++ CMS_add1_recipient_cert; ++ CMS_dataInit; ++ CMS_signed_add1_attr_by_txt; ++ CMS_RecipientInfo_decrypt; ++ CMS_signed_get_attr_count; ++ CMS_get0_eContentType; ++ CMS_set1_eContentType; ++ CMS_ReceiptRequest_create0; ++ CMS_add1_signer; ++ CMS_RecipientInfo_set0_pkey; ++ ENGINE_set_load_ssl_client_cert_function; ++ ENGINE_set_ld_ssl_clnt_cert_fn; ++ ENGINE_get_ssl_client_cert_function; ++ ENGINE_get_ssl_client_cert_fn; ++ ENGINE_load_ssl_client_cert; ++ ENGINE_load_capi; ++ OPENSSL_isservice; ++ FIPS_dsa_sig_decode; ++ EVP_CIPHER_CTX_clear_flags; ++ FIPS_rand_status; ++ FIPS_rand_set_key; ++ CRYPTO_set_mem_info_functions; ++ RSA_X931_generate_key_ex; ++ int_ERR_set_state_func; ++ int_EVP_MD_set_engine_callbacks; ++ int_CRYPTO_set_do_dynlock_callback; ++ FIPS_rng_stick; ++ EVP_CIPHER_CTX_set_flags; ++ BN_X931_generate_prime_ex; ++ FIPS_selftest_check; ++ FIPS_rand_set_dt; ++ CRYPTO_dbg_pop_info; ++ FIPS_dsa_free; ++ RSA_X931_derive_ex; ++ FIPS_rsa_new; ++ FIPS_rand_bytes; ++ fips_cipher_test; ++ EVP_CIPHER_CTX_test_flags; ++ CRYPTO_malloc_debug_init; ++ CRYPTO_dbg_push_info; ++ FIPS_corrupt_rsa_keygen; ++ FIPS_dh_new; ++ FIPS_corrupt_dsa_keygen; ++ FIPS_dh_free; ++ fips_pkey_signature_test; ++ EVP_add_alg_module; ++ int_RAND_init_engine_callbacks; ++ int_EVP_CIPHER_set_engine_callbacks; ++ int_EVP_MD_init_engine_callbacks; ++ FIPS_rand_test_mode; ++ FIPS_rand_reset; ++ FIPS_dsa_new; ++ int_RAND_set_callbacks; ++ BN_X931_derive_prime_ex; ++ int_ERR_lib_init; ++ int_EVP_CIPHER_init_engine_callbacks; ++ FIPS_rsa_free; ++ FIPS_dsa_sig_encode; ++ CRYPTO_dbg_remove_all_info; ++ OPENSSL_init; ++ CRYPTO_strdup; ++ JPAKE_STEP3A_process; ++ JPAKE_STEP1_release; ++ JPAKE_get_shared_key; ++ JPAKE_STEP3B_init; ++ JPAKE_STEP1_generate; ++ JPAKE_STEP1_init; ++ JPAKE_STEP3B_process; ++ JPAKE_STEP2_generate; ++ JPAKE_CTX_new; ++ JPAKE_CTX_free; ++ JPAKE_STEP3B_release; ++ JPAKE_STEP3A_release; ++ JPAKE_STEP2_process; ++ JPAKE_STEP3B_generate; ++ JPAKE_STEP1_process; ++ JPAKE_STEP3A_generate; ++ JPAKE_STEP2_release; ++ JPAKE_STEP3A_init; ++ ERR_load_JPAKE_strings; ++ JPAKE_STEP2_init; ++ pqueue_size; ++ i2d_TS_ACCURACY; ++ i2d_TS_MSG_IMPRINT_fp; ++ i2d_TS_MSG_IMPRINT; ++ EVP_PKEY_print_public; ++ EVP_PKEY_CTX_new; ++ i2d_TS_TST_INFO; ++ EVP_PKEY_asn1_find; ++ DSO_METHOD_beos; ++ TS_CONF_load_cert; ++ TS_REQ_get_ext; ++ EVP_PKEY_sign_init; ++ ASN1_item_print; ++ TS_TST_INFO_set_nonce; ++ TS_RESP_dup; ++ ENGINE_register_pkey_meths; ++ EVP_PKEY_asn1_add0; ++ PKCS7_add0_attrib_signing_time; ++ i2d_TS_TST_INFO_fp; ++ BIO_asn1_get_prefix; ++ TS_TST_INFO_set_time; ++ EVP_PKEY_meth_set_decrypt; ++ EVP_PKEY_set_type_str; ++ EVP_PKEY_CTX_get_keygen_info; ++ TS_REQ_set_policy_id; ++ d2i_TS_RESP_fp; ++ ENGINE_get_pkey_asn1_meth_engine; ++ ENGINE_get_pkey_asn1_meth_eng; ++ WHIRLPOOL_Init; ++ TS_RESP_set_status_info; ++ EVP_PKEY_keygen; ++ EVP_DigestSignInit; ++ TS_ACCURACY_set_millis; ++ TS_REQ_dup; ++ GENERAL_NAME_dup; ++ ASN1_SEQUENCE_ANY_it; ++ ASN1_SEQUENCE_ANY_it; ++ WHIRLPOOL; ++ X509_STORE_get1_crls; ++ ENGINE_get_pkey_asn1_meth; ++ EVP_PKEY_asn1_new; ++ BIO_new_NDEF; ++ ENGINE_get_pkey_meth; ++ TS_MSG_IMPRINT_set_algo; ++ i2d_TS_TST_INFO_bio; ++ TS_TST_INFO_set_ordering; ++ TS_TST_INFO_get_ext_by_OBJ; ++ CRYPTO_THREADID_set_pointer; ++ TS_CONF_get_tsa_section; ++ SMIME_write_ASN1; ++ TS_RESP_CTX_set_signer_key; ++ EVP_PKEY_encrypt_old; ++ EVP_PKEY_encrypt_init; ++ CRYPTO_THREADID_cpy; ++ ASN1_PCTX_get_cert_flags; ++ i2d_ESS_SIGNING_CERT; ++ TS_CONF_load_key; ++ i2d_ASN1_SEQUENCE_ANY; ++ d2i_TS_MSG_IMPRINT_bio; ++ EVP_PKEY_asn1_set_public; ++ b2i_PublicKey_bio; ++ BIO_asn1_set_prefix; ++ EVP_PKEY_new_mac_key; ++ BIO_new_CMS; ++ CRYPTO_THREADID_cmp; ++ TS_REQ_ext_free; ++ EVP_PKEY_asn1_set_free; ++ EVP_PKEY_get0_asn1; ++ d2i_NETSCAPE_X509; ++ EVP_PKEY_verify_recover_init; ++ EVP_PKEY_CTX_set_data; ++ EVP_PKEY_keygen_init; ++ TS_RESP_CTX_set_status_info; ++ TS_MSG_IMPRINT_get_algo; ++ TS_REQ_print_bio; ++ EVP_PKEY_CTX_ctrl_str; ++ EVP_PKEY_get_default_digest_nid; ++ PEM_write_bio_PKCS7_stream; ++ TS_MSG_IMPRINT_print_bio; ++ BN_asc2bn; ++ TS_REQ_get_policy_id; ++ ENGINE_set_default_pkey_asn1_meths; ++ ENGINE_set_def_pkey_asn1_meths; ++ d2i_TS_ACCURACY; ++ DSO_global_lookup; ++ TS_CONF_set_tsa_name; ++ i2d_ASN1_SET_ANY; ++ ENGINE_load_gost; ++ WHIRLPOOL_BitUpdate; ++ ASN1_PCTX_get_flags; ++ TS_TST_INFO_get_ext_by_NID; ++ TS_RESP_new; ++ ESS_CERT_ID_dup; ++ TS_STATUS_INFO_dup; ++ TS_REQ_delete_ext; ++ EVP_DigestVerifyFinal; ++ EVP_PKEY_print_params; ++ i2d_CMS_bio_stream; ++ TS_REQ_get_msg_imprint; ++ OBJ_find_sigid_by_algs; ++ TS_TST_INFO_get_serial; ++ TS_REQ_get_nonce; ++ X509_PUBKEY_set0_param; ++ EVP_PKEY_CTX_set0_keygen_info; ++ DIST_POINT_set_dpname; ++ i2d_ISSUING_DIST_POINT; ++ ASN1_SET_ANY_it; ++ ASN1_SET_ANY_it; ++ EVP_PKEY_CTX_get_data; ++ TS_STATUS_INFO_print_bio; ++ EVP_PKEY_derive_init; ++ d2i_TS_TST_INFO; ++ EVP_PKEY_asn1_add_alias; ++ d2i_TS_RESP_bio; ++ OTHERNAME_cmp; ++ GENERAL_NAME_set0_value; ++ PKCS7_RECIP_INFO_get0_alg; ++ TS_RESP_CTX_new; ++ TS_RESP_set_tst_info; ++ PKCS7_final; ++ EVP_PKEY_base_id; ++ TS_RESP_CTX_set_signer_cert; ++ TS_REQ_set_msg_imprint; ++ EVP_PKEY_CTX_ctrl; ++ TS_CONF_set_digests; ++ d2i_TS_MSG_IMPRINT; ++ EVP_PKEY_meth_set_ctrl; ++ TS_REQ_get_ext_by_NID; ++ PKCS5_pbe_set0_algor; ++ BN_BLINDING_thread_id; ++ TS_ACCURACY_new; ++ X509_CRL_METHOD_free; ++ ASN1_PCTX_get_nm_flags; ++ EVP_PKEY_meth_set_sign; ++ CRYPTO_THREADID_current; ++ EVP_PKEY_decrypt_init; ++ NETSCAPE_X509_free; ++ i2b_PVK_bio; ++ EVP_PKEY_print_private; ++ GENERAL_NAME_get0_value; ++ b2i_PVK_bio; ++ ASN1_UTCTIME_adj; ++ TS_TST_INFO_new; ++ EVP_MD_do_all_sorted; ++ TS_CONF_set_default_engine; ++ TS_ACCURACY_set_seconds; ++ TS_TST_INFO_get_time; ++ PKCS8_pkey_get0; ++ EVP_PKEY_asn1_get0; ++ OBJ_add_sigid; ++ PKCS7_SIGNER_INFO_sign; ++ EVP_PKEY_paramgen_init; ++ EVP_PKEY_sign; ++ OBJ_sigid_free; ++ EVP_PKEY_meth_set_init; ++ d2i_ESS_ISSUER_SERIAL; ++ ISSUING_DIST_POINT_new; ++ ASN1_TIME_adj; ++ TS_OBJ_print_bio; ++ EVP_PKEY_meth_set_verify_recover; ++ EVP_PKEY_meth_set_vrfy_recover; ++ TS_RESP_get_status_info; ++ CMS_stream; ++ EVP_PKEY_CTX_set_cb; ++ PKCS7_to_TS_TST_INFO; ++ ASN1_PCTX_get_oid_flags; ++ TS_TST_INFO_add_ext; ++ EVP_PKEY_meth_set_derive; ++ i2d_TS_RESP_fp; ++ i2d_TS_MSG_IMPRINT_bio; ++ TS_RESP_CTX_set_accuracy; ++ TS_REQ_set_nonce; ++ ESS_CERT_ID_new; ++ ENGINE_pkey_asn1_find_str; ++ TS_REQ_get_ext_count; ++ BUF_reverse; ++ TS_TST_INFO_print_bio; ++ d2i_ISSUING_DIST_POINT; ++ ENGINE_get_pkey_meths; ++ i2b_PrivateKey_bio; ++ i2d_TS_RESP; ++ b2i_PublicKey; ++ TS_VERIFY_CTX_cleanup; ++ TS_STATUS_INFO_free; ++ TS_RESP_verify_token; ++ OBJ_bsearch_ex_; ++ ASN1_bn_print; ++ EVP_PKEY_asn1_get_count; ++ ENGINE_register_pkey_asn1_meths; ++ ASN1_PCTX_set_nm_flags; ++ EVP_DigestVerifyInit; ++ ENGINE_set_default_pkey_meths; ++ TS_TST_INFO_get_policy_id; ++ TS_REQ_get_cert_req; ++ X509_CRL_set_meth_data; ++ PKCS8_pkey_set0; ++ ASN1_STRING_copy; ++ d2i_TS_TST_INFO_fp; ++ X509_CRL_match; ++ EVP_PKEY_asn1_set_private; ++ TS_TST_INFO_get_ext_d2i; ++ TS_RESP_CTX_add_policy; ++ d2i_TS_RESP; ++ TS_CONF_load_certs; ++ TS_TST_INFO_get_msg_imprint; ++ ERR_load_TS_strings; ++ TS_TST_INFO_get_version; ++ EVP_PKEY_CTX_dup; ++ EVP_PKEY_meth_set_verify; ++ i2b_PublicKey_bio; ++ TS_CONF_set_certs; ++ EVP_PKEY_asn1_get0_info; ++ TS_VERIFY_CTX_free; ++ TS_REQ_get_ext_by_critical; ++ TS_RESP_CTX_set_serial_cb; ++ X509_CRL_get_meth_data; ++ TS_RESP_CTX_set_time_cb; ++ TS_MSG_IMPRINT_get_msg; ++ TS_TST_INFO_ext_free; ++ TS_REQ_get_version; ++ TS_REQ_add_ext; ++ EVP_PKEY_CTX_set_app_data; ++ OBJ_bsearch_; ++ EVP_PKEY_meth_set_verifyctx; ++ i2d_PKCS7_bio_stream; ++ CRYPTO_THREADID_set_numeric; ++ PKCS7_sign_add_signer; ++ d2i_TS_TST_INFO_bio; ++ TS_TST_INFO_get_ordering; ++ TS_RESP_print_bio; ++ TS_TST_INFO_get_exts; ++ HMAC_CTX_copy; ++ PKCS5_pbe2_set_iv; ++ ENGINE_get_pkey_asn1_meths; ++ b2i_PrivateKey; ++ EVP_PKEY_CTX_get_app_data; ++ TS_REQ_set_cert_req; ++ CRYPTO_THREADID_set_callback; ++ TS_CONF_set_serial; ++ TS_TST_INFO_free; ++ d2i_TS_REQ_fp; ++ TS_RESP_verify_response; ++ i2d_ESS_ISSUER_SERIAL; ++ TS_ACCURACY_get_seconds; ++ EVP_CIPHER_do_all; ++ b2i_PrivateKey_bio; ++ OCSP_CERTID_dup; ++ X509_PUBKEY_get0_param; ++ TS_MSG_IMPRINT_dup; ++ PKCS7_print_ctx; ++ i2d_TS_REQ_bio; ++ EVP_whirlpool; ++ EVP_PKEY_asn1_set_param; ++ EVP_PKEY_meth_set_encrypt; ++ ASN1_PCTX_set_flags; ++ i2d_ESS_CERT_ID; ++ TS_VERIFY_CTX_new; ++ TS_RESP_CTX_set_extension_cb; ++ ENGINE_register_all_pkey_meths; ++ TS_RESP_CTX_set_status_info_cond; ++ TS_RESP_CTX_set_stat_info_cond; ++ EVP_PKEY_verify; ++ WHIRLPOOL_Final; ++ X509_CRL_METHOD_new; ++ EVP_DigestSignFinal; ++ TS_RESP_CTX_set_def_policy; ++ NETSCAPE_X509_it; ++ NETSCAPE_X509_it; ++ TS_RESP_create_response; ++ PKCS7_SIGNER_INFO_get0_algs; ++ TS_TST_INFO_get_nonce; ++ EVP_PKEY_decrypt_old; ++ TS_TST_INFO_set_policy_id; ++ TS_CONF_set_ess_cert_id_chain; ++ EVP_PKEY_CTX_get0_pkey; ++ d2i_TS_REQ; ++ EVP_PKEY_asn1_find_str; ++ BIO_f_asn1; ++ ESS_SIGNING_CERT_new; ++ EVP_PBE_find; ++ X509_CRL_get0_by_cert; ++ EVP_PKEY_derive; ++ i2d_TS_REQ; ++ TS_TST_INFO_delete_ext; ++ ESS_ISSUER_SERIAL_free; ++ ASN1_PCTX_set_str_flags; ++ ENGINE_get_pkey_asn1_meth_str; ++ TS_CONF_set_signer_key; ++ TS_ACCURACY_get_millis; ++ TS_RESP_get_token; ++ TS_ACCURACY_dup; ++ ENGINE_register_all_pkey_asn1_meths; ++ ENGINE_reg_all_pkey_asn1_meths; ++ X509_CRL_set_default_method; ++ CRYPTO_THREADID_hash; ++ CMS_ContentInfo_print_ctx; ++ TS_RESP_free; ++ ISSUING_DIST_POINT_free; ++ ESS_ISSUER_SERIAL_new; ++ CMS_add1_crl; ++ PKCS7_add1_attrib_digest; ++ TS_RESP_CTX_add_md; ++ TS_TST_INFO_dup; ++ ENGINE_set_pkey_asn1_meths; ++ PEM_write_bio_Parameters; ++ TS_TST_INFO_get_accuracy; ++ X509_CRL_get0_by_serial; ++ TS_TST_INFO_set_version; ++ TS_RESP_CTX_get_tst_info; ++ TS_RESP_verify_signature; ++ CRYPTO_THREADID_get_callback; ++ TS_TST_INFO_get_tsa; ++ TS_STATUS_INFO_new; ++ EVP_PKEY_CTX_get_cb; ++ TS_REQ_get_ext_d2i; ++ GENERAL_NAME_set0_othername; ++ TS_TST_INFO_get_ext_count; ++ TS_RESP_CTX_get_request; ++ i2d_NETSCAPE_X509; ++ ENGINE_get_pkey_meth_engine; ++ EVP_PKEY_meth_set_signctx; ++ EVP_PKEY_asn1_copy; ++ ASN1_TYPE_cmp; ++ EVP_CIPHER_do_all_sorted; ++ EVP_PKEY_CTX_free; ++ ISSUING_DIST_POINT_it; ++ ISSUING_DIST_POINT_it; ++ d2i_TS_MSG_IMPRINT_fp; ++ X509_STORE_get1_certs; ++ EVP_PKEY_CTX_get_operation; ++ d2i_ESS_SIGNING_CERT; ++ TS_CONF_set_ordering; ++ EVP_PBE_alg_add_type; ++ TS_REQ_set_version; ++ EVP_PKEY_get0; ++ BIO_asn1_set_suffix; ++ i2d_TS_STATUS_INFO; ++ EVP_MD_do_all; ++ TS_TST_INFO_set_accuracy; ++ PKCS7_add_attrib_content_type; ++ ERR_remove_thread_state; ++ EVP_PKEY_meth_add0; ++ TS_TST_INFO_set_tsa; ++ EVP_PKEY_meth_new; ++ WHIRLPOOL_Update; ++ TS_CONF_set_accuracy; ++ ASN1_PCTX_set_oid_flags; ++ ESS_SIGNING_CERT_dup; ++ d2i_TS_REQ_bio; ++ X509_time_adj_ex; ++ TS_RESP_CTX_add_flags; ++ d2i_TS_STATUS_INFO; ++ TS_MSG_IMPRINT_set_msg; ++ BIO_asn1_get_suffix; ++ TS_REQ_free; ++ EVP_PKEY_meth_free; ++ TS_REQ_get_exts; ++ TS_RESP_CTX_set_clock_precision_digits; ++ TS_RESP_CTX_set_clk_prec_digits; ++ TS_RESP_CTX_add_failure_info; ++ i2d_TS_RESP_bio; ++ EVP_PKEY_CTX_get0_peerkey; ++ PEM_write_bio_CMS_stream; ++ TS_REQ_new; ++ TS_MSG_IMPRINT_new; ++ EVP_PKEY_meth_find; ++ EVP_PKEY_id; ++ TS_TST_INFO_set_serial; ++ a2i_GENERAL_NAME; ++ TS_CONF_set_crypto_device; ++ EVP_PKEY_verify_init; ++ TS_CONF_set_policies; ++ ASN1_PCTX_new; ++ ESS_CERT_ID_free; ++ ENGINE_unregister_pkey_meths; ++ TS_MSG_IMPRINT_free; ++ TS_VERIFY_CTX_init; ++ PKCS7_stream; ++ TS_RESP_CTX_set_certs; ++ TS_CONF_set_def_policy; ++ ASN1_GENERALIZEDTIME_adj; ++ NETSCAPE_X509_new; ++ TS_ACCURACY_free; ++ TS_RESP_get_tst_info; ++ EVP_PKEY_derive_set_peer; ++ PEM_read_bio_Parameters; ++ TS_CONF_set_clock_precision_digits; ++ TS_CONF_set_clk_prec_digits; ++ ESS_ISSUER_SERIAL_dup; ++ TS_ACCURACY_get_micros; ++ ASN1_PCTX_get_str_flags; ++ NAME_CONSTRAINTS_check; ++ ASN1_BIT_STRING_check; ++ X509_check_akid; ++ ENGINE_unregister_pkey_asn1_meths; ++ ENGINE_unreg_pkey_asn1_meths; ++ ASN1_PCTX_free; ++ PEM_write_bio_ASN1_stream; ++ i2d_ASN1_bio_stream; ++ TS_X509_ALGOR_print_bio; ++ EVP_PKEY_meth_set_cleanup; ++ EVP_PKEY_asn1_free; ++ ESS_SIGNING_CERT_free; ++ TS_TST_INFO_set_msg_imprint; ++ GENERAL_NAME_cmp; ++ d2i_ASN1_SET_ANY; ++ ENGINE_set_pkey_meths; ++ i2d_TS_REQ_fp; ++ d2i_ASN1_SEQUENCE_ANY; ++ GENERAL_NAME_get0_otherName; ++ d2i_ESS_CERT_ID; ++ OBJ_find_sigid_algs; ++ EVP_PKEY_meth_set_keygen; ++ PKCS5_PBKDF2_HMAC; ++ EVP_PKEY_paramgen; ++ EVP_PKEY_meth_set_paramgen; ++ BIO_new_PKCS7; ++ EVP_PKEY_verify_recover; ++ TS_ext_print_bio; ++ TS_ASN1_INTEGER_print_bio; ++ check_defer; ++ DSO_pathbyaddr; ++ EVP_PKEY_set_type; ++ TS_ACCURACY_set_micros; ++ TS_REQ_to_TS_VERIFY_CTX; ++ EVP_PKEY_meth_set_copy; ++ ASN1_PCTX_set_cert_flags; ++ TS_TST_INFO_get_ext; ++ EVP_PKEY_asn1_set_ctrl; ++ TS_TST_INFO_get_ext_by_critical; ++ EVP_PKEY_CTX_new_id; ++ TS_REQ_get_ext_by_OBJ; ++ TS_CONF_set_signer_cert; ++ X509_NAME_hash_old; ++ ASN1_TIME_set_string; ++ EVP_MD_flags; ++ TS_RESP_CTX_free; ++ DSAparams_dup; ++ DHparams_dup; ++ OCSP_REQ_CTX_add1_header; ++ OCSP_REQ_CTX_set1_req; ++ X509_STORE_set_verify_cb; ++ X509_STORE_CTX_get0_current_crl; ++ X509_STORE_CTX_get0_parent_ctx; ++ X509_STORE_CTX_get0_current_issuer; ++ X509_STORE_CTX_get0_cur_issuer; ++ X509_issuer_name_hash_old; ++ X509_subject_name_hash_old; ++ EVP_CIPHER_CTX_copy; ++ UI_method_get_prompt_constructor; ++ UI_method_get_prompt_constructr; ++ UI_method_set_prompt_constructor; ++ UI_method_set_prompt_constructr; ++ EVP_read_pw_string_min; ++ CRYPTO_cts128_encrypt; ++ CRYPTO_cts128_decrypt_block; ++ CRYPTO_cfb128_1_encrypt; ++ CRYPTO_cbc128_encrypt; ++ CRYPTO_ctr128_encrypt; ++ CRYPTO_ofb128_encrypt; ++ CRYPTO_cts128_decrypt; ++ CRYPTO_cts128_encrypt_block; ++ CRYPTO_cbc128_decrypt; ++ CRYPTO_cfb128_encrypt; ++ CRYPTO_cfb128_8_encrypt; ++ ++ local: ++ *; ++}; ++ ++ ++OPENSSL_1.0.1 { ++ global: ++ SSL_renegotiate_abbreviated; ++ TLSv1_1_method; ++ TLSv1_1_client_method; ++ TLSv1_1_server_method; ++ SSL_CTX_set_srp_client_pwd_callback; ++ SSL_CTX_set_srp_client_pwd_cb; ++ SSL_get_srp_g; ++ SSL_CTX_set_srp_username_callback; ++ SSL_CTX_set_srp_un_cb; ++ SSL_get_srp_userinfo; ++ SSL_set_srp_server_param; ++ SSL_set_srp_server_param_pw; ++ SSL_get_srp_N; ++ SSL_get_srp_username; ++ SSL_CTX_set_srp_password; ++ SSL_CTX_set_srp_strength; ++ SSL_CTX_set_srp_verify_param_callback; ++ SSL_CTX_set_srp_vfy_param_cb; ++ SSL_CTX_set_srp_cb_arg; ++ SSL_CTX_set_srp_username; ++ SSL_CTX_SRP_CTX_init; ++ SSL_SRP_CTX_init; ++ SRP_Calc_A_param; ++ SRP_generate_server_master_secret; ++ SRP_gen_server_master_secret; ++ SSL_CTX_SRP_CTX_free; ++ SRP_generate_client_master_secret; ++ SRP_gen_client_master_secret; ++ SSL_srp_server_param_with_username; ++ SSL_srp_server_param_with_un; ++ SSL_SRP_CTX_free; ++ SSL_set_debug; ++ SSL_SESSION_get0_peer; ++ TLSv1_2_client_method; ++ SSL_SESSION_set1_id_context; ++ TLSv1_2_server_method; ++ SSL_cache_hit; ++ SSL_get0_kssl_ctx; ++ SSL_set0_kssl_ctx; ++ SSL_set_state; ++ SSL_CIPHER_get_id; ++ TLSv1_2_method; ++ kssl_ctx_get0_client_princ; ++ SSL_export_keying_material; ++ SSL_set_tlsext_use_srtp; ++ SSL_CTX_set_next_protos_advertised_cb; ++ SSL_CTX_set_next_protos_adv_cb; ++ SSL_get0_next_proto_negotiated; ++ SSL_get_selected_srtp_profile; ++ SSL_CTX_set_tlsext_use_srtp; ++ SSL_select_next_proto; ++ SSL_get_srtp_profiles; ++ SSL_CTX_set_next_proto_select_cb; ++ SSL_CTX_set_next_proto_sel_cb; ++ SSL_SESSION_get_compress_id; ++ ++ SRP_VBASE_get_by_user; ++ SRP_Calc_server_key; ++ SRP_create_verifier; ++ SRP_create_verifier_BN; ++ SRP_Calc_u; ++ SRP_VBASE_free; ++ SRP_Calc_client_key; ++ SRP_get_default_gN; ++ SRP_Calc_x; ++ SRP_Calc_B; ++ SRP_VBASE_new; ++ SRP_check_known_gN_param; ++ SRP_Calc_A; ++ SRP_Verify_A_mod_N; ++ SRP_VBASE_init; ++ SRP_Verify_B_mod_N; ++ EC_KEY_set_public_key_affine_coordinates; ++ EC_KEY_set_pub_key_aff_coords; ++ EVP_aes_192_ctr; ++ EVP_PKEY_meth_get0_info; ++ EVP_PKEY_meth_copy; ++ ERR_add_error_vdata; ++ EVP_aes_128_ctr; ++ EVP_aes_256_ctr; ++ EC_GFp_nistp224_method; ++ EC_KEY_get_flags; ++ RSA_padding_add_PKCS1_PSS_mgf1; ++ EVP_aes_128_xts; ++ EVP_aes_256_xts; ++ EVP_aes_128_gcm; ++ EC_KEY_clear_flags; ++ EC_KEY_set_flags; ++ EVP_aes_256_ccm; ++ RSA_verify_PKCS1_PSS_mgf1; ++ EVP_aes_128_ccm; ++ EVP_aes_192_gcm; ++ X509_ALGOR_set_md; ++ RAND_init_fips; ++ EVP_aes_256_gcm; ++ EVP_aes_192_ccm; ++ CMAC_CTX_copy; ++ CMAC_CTX_free; ++ CMAC_CTX_get0_cipher_ctx; ++ CMAC_CTX_cleanup; ++ CMAC_Init; ++ CMAC_Update; ++ CMAC_resume; ++ CMAC_CTX_new; ++ CMAC_Final; ++ CRYPTO_ctr128_encrypt_ctr32; ++ CRYPTO_gcm128_release; ++ CRYPTO_ccm128_decrypt_ccm64; ++ CRYPTO_ccm128_encrypt; ++ CRYPTO_gcm128_encrypt; ++ CRYPTO_xts128_encrypt; ++ EVP_rc4_hmac_md5; ++ CRYPTO_nistcts128_decrypt_block; ++ CRYPTO_gcm128_setiv; ++ CRYPTO_nistcts128_encrypt; ++ EVP_aes_128_cbc_hmac_sha1; ++ CRYPTO_gcm128_tag; ++ CRYPTO_ccm128_encrypt_ccm64; ++ ENGINE_load_rdrand; ++ CRYPTO_ccm128_setiv; ++ CRYPTO_nistcts128_encrypt_block; ++ CRYPTO_gcm128_aad; ++ CRYPTO_ccm128_init; ++ CRYPTO_nistcts128_decrypt; ++ CRYPTO_gcm128_new; ++ CRYPTO_ccm128_tag; ++ CRYPTO_ccm128_decrypt; ++ CRYPTO_ccm128_aad; ++ CRYPTO_gcm128_init; ++ CRYPTO_gcm128_decrypt; ++ ENGINE_load_rsax; ++ CRYPTO_gcm128_decrypt_ctr32; ++ CRYPTO_gcm128_encrypt_ctr32; ++ CRYPTO_gcm128_finish; ++ EVP_aes_256_cbc_hmac_sha1; ++ PKCS5_pbkdf2_set; ++ CMS_add0_recipient_password; ++ CMS_decrypt_set1_password; ++ CMS_RecipientInfo_set0_password; ++ RAND_set_fips_drbg_type; ++ X509_REQ_sign_ctx; ++ RSA_PSS_PARAMS_new; ++ X509_CRL_sign_ctx; ++ X509_signature_dump; ++ d2i_RSA_PSS_PARAMS; ++ RSA_PSS_PARAMS_it; ++ RSA_PSS_PARAMS_it; ++ RSA_PSS_PARAMS_free; ++ X509_sign_ctx; ++ i2d_RSA_PSS_PARAMS; ++ ASN1_item_sign_ctx; ++ EC_GFp_nistp521_method; ++ EC_GFp_nistp256_method; ++ OPENSSL_stderr; ++ OPENSSL_cpuid_setup; ++ OPENSSL_showfatal; ++ BIO_new_dgram_sctp; ++ BIO_dgram_sctp_msg_waiting; ++ BIO_dgram_sctp_wait_for_dry; ++ BIO_s_datagram_sctp; ++ BIO_dgram_is_sctp; ++ BIO_dgram_sctp_notification_cb; ++} OPENSSL_1.0.0; ++ ++OPENSSL_1.0.1d { ++ global: ++ CRYPTO_memcmp; ++} OPENSSL_1.0.1; ++ +Index: openssl-1.0.1d/engines/openssl.ld +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1d/engines/openssl.ld 2013-02-06 19:41:43.000000000 +0100 +@@ -0,0 +1,10 @@ ++OPENSSL_1.0.0 { ++ global: ++ bind_engine; ++ v_check; ++ OPENSSL_init; ++ OPENSSL_finish; ++ local: ++ *; ++}; ++ +Index: openssl-1.0.1d/engines/ccgost/openssl.ld +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1d/engines/ccgost/openssl.ld 2013-02-06 19:41:43.000000000 +0100 +@@ -0,0 +1,10 @@ ++OPENSSL_1.0.0 { ++ global: ++ bind_engine; ++ v_check; ++ OPENSSL_init; ++ OPENSSL_finish; ++ local: ++ *; ++}; ++ diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch new file mode 100644 index 00000000..d8a6f1a2 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch @@ -0,0 +1,56 @@ +Upstream-Status: Inappropriate [configuration] + + +Index: openssl-1.0.0/engines/Makefile +=================================================================== +--- openssl-1.0.0.orig/engines/Makefile ++++ openssl-1.0.0/engines/Makefile +@@ -107,7 +107,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @if [ -n "$(SHARED_LIBS)" ]; then \ + set -e; \ +- $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \ ++ $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines; \ + for l in $(LIBNAMES); do \ + ( echo installing $$l; \ + pfx=lib; \ +@@ -119,13 +119,13 @@ + *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ + *) sfx=".bad";; \ + esac; \ +- cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ ++ cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \ + else \ + sfx=".so"; \ +- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ ++ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \ + fi; \ +- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ +- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ ++ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \ ++ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx ); \ + done; \ + fi + @target=install; $(RECURSIVE_MAKE) +Index: openssl-1.0.0/engines/ccgost/Makefile +=================================================================== +--- openssl-1.0.0.orig/engines/ccgost/Makefile ++++ openssl-1.0.0/engines/ccgost/Makefile +@@ -53,13 +53,13 @@ + *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ + *) sfx=".bad";; \ + esac; \ +- cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ ++ cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \ + else \ + sfx=".so"; \ +- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ ++ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \ + fi; \ +- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ +- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \ ++ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \ ++ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx; \ + fi + + links: diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/find.pl b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/find.pl new file mode 100644 index 00000000..8e1b42c8 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/find.pl @@ -0,0 +1,54 @@ +warn "Legacy library @{[(caller(0))[6]]} will be removed from the Perl core distribution in the next major release. Please install it from the CPAN distribution Perl4::CoreLibs. It is being used at @{[(caller)[1]]}, line @{[(caller)[2]]}.\n"; + +# This library is deprecated and unmaintained. It is included for +# compatibility with Perl 4 scripts which may use it, but it will be +# removed in a future version of Perl. Please use the File::Find module +# instead. + +# Usage: +# require "find.pl"; +# +# &find('/foo','/bar'); +# +# sub wanted { ... } +# where wanted does whatever you want. $dir contains the +# current directory name, and $_ the current filename within +# that directory. $name contains "$dir/$_". You are cd'ed +# to $dir when the function is called. The function may +# set $prune to prune the tree. +# +# For example, +# +# find / -name .nfs\* -mtime +7 -exec rm -f {} \; -o -fstype nfs -prune +# +# corresponds to this +# +# sub wanted { +# /^\.nfs.*$/ && +# (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_)) && +# int(-M _) > 7 && +# unlink($_) +# || +# ($nlink || (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_))) && +# $dev < 0 && +# ($prune = 1); +# } +# +# Set the variable $dont_use_nlink if you're using AFS, since AFS cheats. + +use File::Find (); + +*name = *File::Find::name; +*prune = *File::Find::prune; +*dir = *File::Find::dir; +*topdir = *File::Find::topdir; +*topdev = *File::Find::topdev; +*topino = *File::Find::topino; +*topmode = *File::Find::topmode; +*topnlink = *File::Find::topnlink; + +sub find { + &File::Find::find(\&wanted, @_); +} + +1; diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch new file mode 100644 index 00000000..f0e17784 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch @@ -0,0 +1,22 @@ +Upstream-Status: Submitted + +This patch adds the fix for one of the ciphers used in openssl, namely +the cipher des-ede3-cfb1. Complete bug log and patch is present here: +http://rt.openssl.org/Ticket/Display.html?id=2867 + +Signed-Off-By: Muhammad Shakeel <muhammad_shakeel@mentor.com> + +diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c +index 3232cfe..df84922 100644 +=================================================================== +--- a/crypto/evp/e_des3.c ++++ b/crypto/evp/e_des3.c +@@ -173,7 +173,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + size_t n; + unsigned char c[1],d[1]; + +- for(n=0 ; n < inl ; ++n) ++ for(n=0 ; n < inl*8 ; ++n) + { + c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; + DES_ede3_cfb_encrypt(c,d,1,1, diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch new file mode 100644 index 00000000..2185ff8a --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch @@ -0,0 +1,119 @@ +From: Andy Polyakov <appro@openssl.org> +Date: Sun, 13 Oct 2013 17:15:15 +0000 (+0200) +Subject: Initial aarch64 bits. +X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=039081b80977e2a5de84e1f88f8b4d025b559956 + +Initial aarch64 bits. +--- + crypto/bn/bn_lcl.h | 9 +++++++++ + crypto/md32_common.h | 18 ++++++++++++++++++ + crypto/modes/modes_lcl.h | 8 ++++++++ + crypto/sha/sha512.c | 13 +++++++++++++ + 4 files changed, 48 insertions(+) + +Index: openssl-1.0.1f/crypto/bn/bn_lcl.h +=================================================================== +--- openssl-1.0.1f.orig/crypto/bn/bn_lcl.h 2014-01-06 15:47:42.000000000 +0200 ++++ openssl-1.0.1f/crypto/bn/bn_lcl.h 2014-02-28 10:37:55.495979037 +0200 +@@ -300,6 +300,15 @@ + : "r"(a), "r"(b)); + # endif + # endif ++# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG) ++# if defined(__GNUC__) && __GNUC__>=2 ++# define BN_UMULT_HIGH(a,b) ({ \ ++ register BN_ULONG ret; \ ++ asm ("umulh %0,%1,%2" \ ++ : "=r"(ret) \ ++ : "r"(a), "r"(b)); \ ++ ret; }) ++# endif + # endif /* cpu */ + #endif /* OPENSSL_NO_ASM */ + +Index: openssl-1.0.1f/crypto/md32_common.h +=================================================================== +--- openssl-1.0.1f.orig/crypto/md32_common.h 2014-01-06 15:47:42.000000000 +0200 ++++ openssl-1.0.1f/crypto/md32_common.h 2014-02-28 10:39:21.751979107 +0200 +@@ -213,6 +213,24 @@ + asm ("bswapl %0":"=r"(r):"0"(r)); \ + *((unsigned int *)(c))=r; (c)+=4; r; }) + # endif ++# elif defined(__aarch64__) ++# if defined(__BYTE_ORDER__) ++# if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ ++# define HOST_c2l(c,l) ({ unsigned int r; \ ++ asm ("rev %w0,%w1" \ ++ :"=r"(r) \ ++ :"r"(*((const unsigned int *)(c))));\ ++ (c)+=4; (l)=r; }) ++# define HOST_l2c(l,c) ({ unsigned int r; \ ++ asm ("rev %w0,%w1" \ ++ :"=r"(r) \ ++ :"r"((unsigned int)(l)));\ ++ *((unsigned int *)(c))=r; (c)+=4; r; }) ++# elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__ ++# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l)) ++# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l)) ++# endif ++# endif + # endif + # endif + #endif +Index: openssl-1.0.1f/crypto/modes/modes_lcl.h +=================================================================== +--- openssl-1.0.1f.orig/crypto/modes/modes_lcl.h 2014-02-28 10:47:48.731979011 +0200 ++++ openssl-1.0.1f/crypto/modes/modes_lcl.h 2014-02-28 10:48:49.707978919 +0200 +@@ -29,6 +29,7 @@ + #if defined(__i386) || defined(__i386__) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ ++ defined(__aarch64__) || \ + defined(__s390__) || defined(__s390x__) + # undef STRICT_ALIGNMENT + #endif +@@ -50,6 +51,13 @@ + # define BSWAP4(x) ({ u32 ret=(x); \ + asm ("bswapl %0" \ + : "+r"(ret)); ret; }) ++# elif defined(__aarch64__) ++# define BSWAP8(x) ({ u64 ret; \ ++ asm ("rev %0,%1" \ ++ : "=r"(ret) : "r"(x)); ret; }) ++# define BSWAP4(x) ({ u32 ret; \ ++ asm ("rev %w0,%w1" \ ++ : "=r"(ret) : "r"(x)); ret; }) + # elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT) + # define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \ + asm ("rev %0,%0; rev %1,%1" \ +Index: openssl-1.0.1f/crypto/sha/sha512.c +=================================================================== +--- openssl-1.0.1f.orig/crypto/sha/sha512.c 2014-01-06 15:47:42.000000000 +0200 ++++ openssl-1.0.1f/crypto/sha/sha512.c 2014-02-28 10:52:14.579978981 +0200 +@@ -55,6 +55,7 @@ + #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ + defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \ + defined(__s390__) || defined(__s390x__) || \ ++ defined(__aarch64__) || \ + defined(SHA512_ASM) + #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA + #endif +@@ -347,6 +348,18 @@ + asm ("rotrdi %0,%1,%2" \ + : "=r"(ret) \ + : "r"(a),"K"(n)); ret; }) ++# elif defined(__aarch64__) ++# define ROTR(a,n) ({ SHA_LONG64 ret; \ ++ asm ("ror %0,%1,%2" \ ++ : "=r"(ret) \ ++ : "r"(a),"I"(n)); ret; }) ++# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ ++ __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ ++# define PULL64(x) ({ SHA_LONG64 ret; \ ++ asm ("rev %0,%1" \ ++ : "=r"(ret) \ ++ : "r"(*((const SHA_LONG64 *)(&(x))))); ret; }) ++# endif + # endif + # elif defined(_MSC_VER) + # if defined(_WIN64) /* applies to both IA-64 and AMD64 */ diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/oe-ldflags.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/oe-ldflags.patch new file mode 100644 index 00000000..292e13dc --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/oe-ldflags.patch @@ -0,0 +1,24 @@ +Upstream-Status: Inappropriate [open-embedded] + +Index: openssl-1.0.0/Makefile.shared +=================================================================== +--- openssl-1.0.0.orig/Makefile.shared ++++ openssl-1.0.0/Makefile.shared +@@ -92,7 +92,7 @@ + LINK_APP= \ + ( $(SET_X); \ + LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \ +- LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \ ++ LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$(OE_LDFLAGS) $${LDFLAGS:-$(CFLAGS)}"; \ + LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ + LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ + LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ +@@ -102,7 +102,7 @@ + ( $(SET_X); \ + LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \ + SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \ +- SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ ++ SHAREDFLAGS="$(OE_LDFLAGS) $${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ + LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ + LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ + LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch new file mode 100644 index 00000000..c161e62f --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch @@ -0,0 +1,21 @@ +openssl: avoid NULL pointer dereference in EVP_DigestInit_ex() + +We should avoid accessing the type pointer if it's NULL, +this could happen if ctx->digest is not NULL. + +Upstream-Status: Submitted +http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html + +Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com> +--- +--- a/crypto/evp/digest.c ++++ b/crypto/evp/digest.c +@@ -199,7 +199,7 @@ + return 0; + } + #endif +- if (ctx->digest != type) ++ if (type && (ctx->digest != type)) + { + if (ctx->digest && ctx->digest->ctx_size) + OPENSSL_free(ctx->md_data); diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch new file mode 100644 index 00000000..3e93fe4e --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch @@ -0,0 +1,39 @@ +openssl: avoid NULL pointer dereference in dh_pub_encode()/dsa_pub_encode() + +We should avoid accessing the pointer if ASN1_STRING_new() +allocates memory failed. + +Upstream-Status: Submitted +http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html + +Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com> +--- +--- a/crypto/dh/dh_ameth.c ++++ b/crypto/dh/dh_ameth.c +@@ -139,6 +139,12 @@ + dh=pkey->pkey.dh; + + str = ASN1_STRING_new(); ++ if (!str) ++ { ++ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ + str->length = i2d_DHparams(dh, &str->data); + if (str->length <= 0) + { +--- a/crypto/dsa/dsa_ameth.c ++++ b/crypto/dsa/dsa_ameth.c +@@ -148,6 +148,11 @@ + { + ASN1_STRING *str; + str = ASN1_STRING_new(); ++ if (!str) ++ { ++ DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } + str->length = i2d_DSAparams(dsa, &str->data); + if (str->length <= 0) + { diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch new file mode 100644 index 00000000..de49729e --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch @@ -0,0 +1,19 @@ +openssl: Fix pod2man des.pod error on Ubuntu 12.04 + +This is a formatting fix, '=back' is required before +'=head1' on Ubuntu 12.04. + +Upstream-Status: Pending +Signed-off-by: Baogen Shang <baogen.shang@windriver.com> +diff -urpN a_origin/des.pod b_modify/des.pod +--- a_origin/crypto/des/des.pod 2013-08-15 15:02:56.211674589 +0800 ++++ b_modify/crypto/des/des.pod 2013-08-15 15:04:14.439674580 +0800 +@@ -181,6 +181,8 @@ the uuencoded file to embed in the begin + output. If there is no name specified after the B<-u>, the name text.des + will be embedded in the header. + ++=back ++ + =head1 SEE ALSO + + ps(1), diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-fix-link.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-fix-link.patch new file mode 100644 index 00000000..154106cb --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-fix-link.patch @@ -0,0 +1,35 @@ +From aabfb6f78af8e337d3239142117ba303fce55e7e Mon Sep 17 00:00:00 2001 +From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> +Date: Thu, 22 Sep 2011 08:55:26 +0200 +Subject: [PATCH] fix the parallel build regarding shared libraries. + +Upstream-Status: Pending +--- + .../openssl-1.0.0e/Makefile.org | 8 ++++---- + 1 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/Makefile.org +index 3c7aea1..6326cd6 100644 +--- a/Makefile.org ++++ b/Makefile.org +@@ -243,13 +243,13 @@ build_libs: build_crypto build_ssl build_engines + + build_crypto: + @dir=crypto; target=all; $(BUILD_ONE_CMD) +-build_ssl: ++build_ssl: build_crypto + @dir=ssl; target=all; $(BUILD_ONE_CMD) +-build_engines: ++build_engines: build_crypto + @dir=engines; target=all; $(BUILD_ONE_CMD) +-build_apps: ++build_apps: build_crypto build_ssl + @dir=apps; target=all; $(BUILD_ONE_CMD) +-build_tests: ++build_tests: build_crypto build_ssl + @dir=test; target=all; $(BUILD_ONE_CMD) + build_tools: + @dir=tools; target=all; $(BUILD_ONE_CMD) +-- +1.6.6.1 + diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch new file mode 100644 index 00000000..93ce0343 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch @@ -0,0 +1,90 @@ +Upstream-Status: Pending + +Received from H J Liu @ Intel +Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors. +Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13 + +ported the patch to the 1.0.0e version +Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01 +Index: openssl-1.0.1e/Configure +=================================================================== +--- openssl-1.0.1e.orig/Configure ++++ openssl-1.0.1e/Configure +@@ -402,6 +402,7 @@ my %table=( + "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", ++"linux-x32", "gcc:-mx32 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", + "linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", + #### So called "highgprs" target for z/Architecture CPUs + # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see +Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c +=================================================================== +--- openssl-1.0.1e.orig/crypto/bn/asm/x86_64-gcc.c ++++ openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c +@@ -55,7 +55,7 @@ + * machine. + */ + +-#ifdef _WIN64 ++#if defined _WIN64 || !defined __LP64__ + #define BN_ULONG unsigned long long + #else + #define BN_ULONG unsigned long +@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con + asm ( + " subq %2,%2 \n" + ".p2align 4 \n" +- "1: movq (%4,%2,8),%0 \n" +- " adcq (%5,%2,8),%0 \n" +- " movq %0,(%3,%2,8) \n" ++ "1: movq (%q4,%2,8),%0 \n" ++ " adcq (%q5,%2,8),%0 \n" ++ " movq %0,(%q3,%2,8) \n" + " leaq 1(%2),%2 \n" + " loop 1b \n" + " sbbq %0,%0 \n" +@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con + asm ( + " subq %2,%2 \n" + ".p2align 4 \n" +- "1: movq (%4,%2,8),%0 \n" +- " sbbq (%5,%2,8),%0 \n" +- " movq %0,(%3,%2,8) \n" ++ "1: movq (%q4,%2,8),%0 \n" ++ " sbbq (%q5,%2,8),%0 \n" ++ " movq %0,(%q3,%2,8) \n" + " leaq 1(%2),%2 \n" + " loop 1b \n" + " sbbq %0,%0 \n" +Index: openssl-1.0.1e/crypto/bn/bn.h +=================================================================== +--- openssl-1.0.1e.orig/crypto/bn/bn.h ++++ openssl-1.0.1e/crypto/bn/bn.h +@@ -172,6 +172,13 @@ extern "C" { + # endif + #endif + ++/* Address type. */ ++#ifdef _WIN64 ++#define BN_ADDR unsigned long long ++#else ++#define BN_ADDR unsigned long ++#endif ++ + /* assuming long is 64bit - this is the DEC Alpha + * unsigned long long is only 64 bits :-(, don't define + * BN_LLONG for the DEC Alpha */ +Index: openssl-1.0.1e/crypto/bn/bn_exp.c +=================================================================== +--- openssl-1.0.1e.orig/crypto/bn/bn_exp.c ++++ openssl-1.0.1e/crypto/bn/bn_exp.c +@@ -567,7 +567,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU + + /* Given a pointer value, compute the next address that is a cache line multiple. */ + #define MOD_EXP_CTIME_ALIGN(x_) \ +- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) ++ ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) + + /* This variant of BN_mod_exp_mont() uses fixed windows and the special + * precomputation memory layout to limit data-dependency to a minimum diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/shared-libs.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/shared-libs.patch new file mode 100644 index 00000000..a7ca0a30 --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/shared-libs.patch @@ -0,0 +1,41 @@ +Upstream-Status: Inappropriate [configuration] + +Index: openssl-1.0.1e/crypto/Makefile +=================================================================== +--- openssl-1.0.1e.orig/crypto/Makefile ++++ openssl-1.0.1e/crypto/Makefile +@@ -108,7 +108,7 @@ $(LIB): $(LIBOBJ) + + shared: buildinf.h lib subdirs + if [ -n "$(SHARED_LIBS)" ]; then \ +- (cd ..; $(MAKE) $(SHARED_LIB)); \ ++ (cd ..; $(MAKE) -e $(SHARED_LIB)); \ + fi + + libs: +Index: openssl-1.0.1e/Makefile.org +=================================================================== +--- openssl-1.0.1e.orig/Makefile.org ++++ openssl-1.0.1e/Makefile.org +@@ -310,7 +310,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_ + + libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a + @if [ "$(SHLIB_TARGET)" != "" ]; then \ +- $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \ ++ $(MAKE) -e SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \ + else \ + echo "There's no support for shared libraries on this platform" >&2; \ + exit 1; \ +Index: openssl-1.0.1e/ssl/Makefile +=================================================================== +--- openssl-1.0.1e.orig/ssl/Makefile ++++ openssl-1.0.1e/ssl/Makefile +@@ -62,7 +62,7 @@ lib: $(LIBOBJ) + + shared: lib + if [ -n "$(SHARED_LIBS)" ]; then \ +- (cd ..; $(MAKE) $(SHARED_LIB)); \ ++ (cd ..; $(MAKE) -e $(SHARED_LIB)); \ + fi + + files: diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl_1.0.1i.bb b/meta-fsl-ppc/recipes-connectivity/openssl/openssl_1.0.1i.bb new file mode 100644 index 00000000..f3c20e8c --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl_1.0.1i.bb @@ -0,0 +1,55 @@ +require openssl.inc + +# For target side versions of openssl enable support for OCF Linux driver +# if they are available. +DEPENDS += "cryptodev-linux" + +CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" + +export DIRS = "crypto ssl apps engines" +export OE_LDFLAGS="${LDFLAGS}" + +SRC_URI += "file://configure-targets.patch \ + file://shared-libs.patch \ + file://oe-ldflags.patch \ + file://engines-install-in-libdir-ssl.patch \ + file://openssl-fix-link.patch \ + file://debian/version-script.patch \ + file://debian/pic.patch \ + file://debian/c_rehash-compat.patch \ + file://debian/ca.patch \ + file://debian/make-targets.patch \ + file://debian/no-rpath.patch \ + file://debian/man-dir.patch \ + file://debian/man-section.patch \ + file://debian/no-symbolic.patch \ + file://debian/debian-targets.patch \ + file://openssl_fix_for_x32.patch \ + file://openssl-fix-doc.patch \ + file://fix-cipher-des-ede3-cfb1.patch \ + file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ + file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \ + file://initial-aarch64-bits.patch \ + file://find.pl \ + file://openssl-fix-des.pod-error.patch \ + " + +SRC_URI[md5sum] = "de62b43dfcd858e66a74bee1c834e959" +SRC_URI[sha256sum] = "53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028" + +PACKAGES =+ " \ + ${PN}-engines \ + ${PN}-engines-dbg \ + " + +FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" +FILES_${PN}-engines-dbg = "${libdir}/ssl/engines/.debug" + +PARALLEL_MAKE = "" +PARALLEL_MAKEINST = "" + +do_configure_prepend() { + cp ${WORKDIR}/find.pl ${S}/util/find.pl +} diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl_1.0.1i.bbappend b/meta-fsl-ppc/recipes-connectivity/openssl/openssl_1.0.1i.bbappend new file mode 100644 index 00000000..89d7339a --- /dev/null +++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl_1.0.1i.bbappend @@ -0,0 +1,60 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/openssl-fsl:" + +RDEPENDS_${PN}_class-target += "cryptodev-module" + +# base package is taken from Freescale repository +SRCBRANCH = "OpenSSL_1_0_1-stable" +SRC_URI = "git://git.openssl.org/openssl.git;branch=${SRCBRANCH} \ + file://0001-remove-double-initialization-of-cryptodev-engine.patch \ + file://0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch \ + file://0003-cryptodev-fix-algorithm-registration.patch \ + file://0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch \ + file://0005-ECC-Support-header-for-Cryptodev-Engine.patch \ + file://0006-Fixed-private-key-support-for-DH.patch \ + file://0007-Fixed-private-key-support-for-DH.patch \ + file://0008-Initial-support-for-PKC-in-cryptodev-engine.patch \ + file://0009-Added-hwrng-dev-file-as-source-of-RNG.patch \ + file://0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch \ + file://0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch \ + file://0012-RSA-Keygen-Fix.patch \ + file://0013-Removed-local-copy-of-curve_t-type.patch \ + file://0014-Modulus-parameter-is-not-populated-by-dhparams.patch \ + file://0015-SW-Backoff-mechanism-for-dsa-keygen.patch \ + file://0016-Fixed-DH-keygen-pair-generator.patch \ + file://0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch \ +" +SRCREV = "2b456034457b58454aae3998a2765b6a5b9bc837" + +SRC_URI += "file://configure-targets.patch \ + file://shared-libs.patch \ + file://oe-ldflags.patch \ + file://engines-install-in-libdir-ssl.patch \ + file://openssl-fix-link.patch \ + file://debian/version-script.patch \ + file://debian/pic.patch \ + file://debian/c_rehash-compat.patch \ + file://debian/ca.patch \ + file://debian/make-targets.patch \ + file://debian/no-rpath.patch \ + file://debian/man-dir.patch \ + file://debian/man-section.patch \ + file://debian/no-symbolic.patch \ + file://debian/debian-targets.patch \ + file://openssl_fix_for_x32.patch \ + file://fix-cipher-des-ede3-cfb1.patch \ + file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ + file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \ + file://initial-aarch64-bits.patch \ + file://find.pl \ + file://openssl-fix-des.pod-error.patch \ + " +S = "${WORKDIR}/git" + +# Digest offloading through cryptodev is not recommended because of the +# performance penalty of the Openssl engine interface. Openssl generates a huge +# number of calls to digest functions for even a small amount of work data. +# For example there are 70 calls to cipher code and over 10000 to digest code +# when downloading only 10 files of 700 bytes each. +# Do not build OpenSSL with cryptodev digest support until engine digest +# interface gets some rework: +CFLAG := "${@'${CFLAG}'.replace('-DUSE_CRYPTODEV_DIGESTS', '')}" diff --git a/meta-fsl-ppc/recipes-core/init-ifupdown/init-ifupdown/qoriq-ppc/interfaces b/meta-fsl-ppc/recipes-core/init-ifupdown/init-ifupdown/qoriq-ppc/interfaces new file mode 100644 index 00000000..3737c8b2 --- /dev/null +++ b/meta-fsl-ppc/recipes-core/init-ifupdown/init-ifupdown/qoriq-ppc/interfaces @@ -0,0 +1,6 @@ +# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8) + +# The loopback interface +auto lo +iface lo inet loopback + diff --git a/meta-fsl-ppc/recipes-core/init-ifupdown/init-ifupdown_%.bbappend b/meta-fsl-ppc/recipes-core/init-ifupdown/init-ifupdown_%.bbappend new file mode 100644 index 00000000..00057874 --- /dev/null +++ b/meta-fsl-ppc/recipes-core/init-ifupdown/init-ifupdown_%.bbappend @@ -0,0 +1,2 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:" + diff --git a/meta-fsl-ppc/recipes-core/udev/udev-rules-qoriq.bb b/meta-fsl-ppc/recipes-core/udev/udev-rules-qoriq.bb new file mode 100644 index 00000000..546f9e8d --- /dev/null +++ b/meta-fsl-ppc/recipes-core/udev/udev-rules-qoriq.bb @@ -0,0 +1,23 @@ +DESCRIPTION = "udev rules for Freescale QorIQ SOCs" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690" + +SRC_URI = "\ + file://71-fsl-dpaa-persistent-networking.rules \ + file://72-fsl-dpaa-persistent-networking.rules \ +" +RULE ?= "71-fsl-dpaa-persistent-networking.rules" +RULE_e6500 = "72-fsl-dpaa-persistent-networking.rules" +RULE_e6500-64b = "72-fsl-dpaa-persistent-networking.rules" +RULE_t1024 = "72-fsl-dpaa-persistent-networking.rules" + +do_install () { + install -d ${D}${sysconfdir}/udev/rules.d/ + install -m 0644 ${WORKDIR}/${RULE} ${D}${sysconfdir}/udev/rules.d/ + + # skip mmc rpmb partitions + echo "/dev/mmcblk.*rpmb" >>${D}${sysconfdir}/udev/mount.blacklist + # skip nbd (network block device) + echo "/dev/nbd*" >>${D}${sysconfdir}/udev/mount.blacklist +} + diff --git a/meta-fsl-ppc/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/71-fsl-dpaa-persistent-networking.rules b/meta-fsl-ppc/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/71-fsl-dpaa-persistent-networking.rules new file mode 100644 index 00000000..6c6dc354 --- /dev/null +++ b/meta-fsl-ppc/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/71-fsl-dpaa-persistent-networking.rules @@ -0,0 +1,20 @@ +# Rules for handling naming the DPAA FMan ethernet ports in a consistent way +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e0000", NAME="fm1-gb0" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e2000", NAME="fm1-gb1" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e4000", NAME="fm1-gb2" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e6000", NAME="fm1-gb3" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e8000", NAME="fm1-gb4" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4f0000", NAME="fm1-10g" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e0000", NAME="fm2-gb0" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e2000", NAME="fm2-gb1" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e4000", NAME="fm2-gb2" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e6000", NAME="fm2-gb3" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e8000", NAME="fm2-gb4" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5f0000", NAME="fm2-10g" + +# P1023 has its Fman @ different offsets +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ff7e0000", NAME="fm1-gb0" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ff7e2000", NAME="fm1-gb1" + +# Rename macless0 port to "macless0" +SUBSYSTEM=="net", ATTR{device_type}=="macless0", NAME="macless0" diff --git a/meta-fsl-ppc/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/72-fsl-dpaa-persistent-networking.rules b/meta-fsl-ppc/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/72-fsl-dpaa-persistent-networking.rules new file mode 100644 index 00000000..d0eec9ce --- /dev/null +++ b/meta-fsl-ppc/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/72-fsl-dpaa-persistent-networking.rules @@ -0,0 +1,24 @@ +# Rules for handling naming the DPAA FMan ethernet ports in a consistent way +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e0000", NAME="fm1-mac1" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e2000", NAME="fm1-mac2" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e4000", NAME="fm1-mac3" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e6000", NAME="fm1-mac4" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e8000", NAME="fm1-mac5" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4ea000", NAME="fm1-mac6" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4ec000", NAME="fm1-mac7" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4ee000", NAME="fm1-mac8" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4f0000", NAME="fm1-mac9" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4f2000", NAME="fm1-mac10" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e0000", NAME="fm2-mac1" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e2000", NAME="fm2-mac2" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e4000", NAME="fm2-mac3" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e6000", NAME="fm2-mac4" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e8000", NAME="fm2-mac5" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5ea000", NAME="fm2-mac6" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5ec000", NAME="fm2-mac7" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5ee000", NAME="fm2-mac8" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5f0000", NAME="fm2-mac9" +SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5f2000", NAME="fm2-mac10" + +# Rename macless0 to "macless0" +SUBSYSTEM=="net", ATTR{device_type}=="macless0", NAME="macless0" diff --git a/meta-fsl-ppc/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/automount.rules b/meta-fsl-ppc/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/automount.rules new file mode 100644 index 00000000..a47efdab --- /dev/null +++ b/meta-fsl-ppc/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/automount.rules @@ -0,0 +1,23 @@ +# There are a number of modifiers that are allowed to be used in some +# of the different fields. They provide the following subsitutions: +# +# %n the "kernel number" of the device. +# For example, 'sda3' has a "kernel number" of '3' +# %e the smallest number for that name which does not matches an existing node +# %k the kernel name for the device +# %M the kernel major number for the device +# %m the kernel minor number for the device +# %b the bus id for the device +# %c the string returned by the PROGRAM +# %s{filename} the content of a sysfs attribute +# %% the '%' char itself +# + +SUBSYSTEM=="block", ENV{DEVTYPE}=="partition", GOTO="automount_end" + +# Media automounting +SUBSYSTEM=="block", ACTION=="add" RUN+="/etc/udev/scripts/mount.sh" +SUBSYSTEM=="block", ACTION=="remove" RUN+="/etc/udev/scripts/mount.sh" + +LABEL="automount_end" + diff --git a/meta-fsl-ppc/recipes-core/udev/udev/skip-rules-for-mmc-rpmb-partition.patch b/meta-fsl-ppc/recipes-core/udev/udev/skip-rules-for-mmc-rpmb-partition.patch new file mode 100644 index 00000000..edbc0b3d --- /dev/null +++ b/meta-fsl-ppc/recipes-core/udev/udev/skip-rules-for-mmc-rpmb-partition.patch @@ -0,0 +1,41 @@ +From 68a780f4cbba18c01d8409faafb1f7904afa86a9 Mon Sep 17 00:00:00 2001 +From: Ting Liu <ting.liu@freescale.com> +Date: Thu, 31 Jul 2014 16:12:32 +0800 +Subject: [PATCH] skip rules for mmc rpmb partition + +Upstream-status: Pending + +In FSL SDK 1.6 Kernel, mmc driver has created a new partition +with "mmcblkXrpmb" if device expresses it support of RPMB. + +RPMB (Replay Protected Memory Block), A signed access to a Replay +Protected Memory Block is provided. This function provides means +for the system to store data to the specific memory area in an +authenticated and replay protected manner. + +In that case, any read/write access to this partition device will +report errors which will not impact any fuction. + +add rules to skip it. + +Signed-off-by: Ting Liu <ting.liu@freescale.com> +--- + rules/60-persistent-storage.rules | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/rules/60-persistent-storage.rules b/rules/60-persistent-storage.rules +index fa687f2..bb3f8f9 100644 +--- a/rules/60-persistent-storage.rules ++++ b/rules/60-persistent-storage.rules +@@ -14,7 +14,7 @@ ACTION=="add", SUBSYSTEM=="module", KERNEL=="block", ATTR{parameters/events_dfl_ + SUBSYSTEM!="block", GOTO="persistent_storage_end" + + # skip rules for inappropriate block devices +-KERNEL=="fd*|mtd*|nbd*|gnbd*|btibm*|dm-*|md*", GOTO="persistent_storage_end" ++KERNEL=="fd*|mtd*|nbd*|gnbd*|btibm*|dm-*|md*|mmcblk*rpmb", GOTO="persistent_storage_end" + + # ignore partitions that span the entire disk + TEST=="whole_disk", GOTO="persistent_storage_end" +-- +1.8.3.2 + diff --git a/meta-fsl-ppc/recipes-core/udev/udev_182.bbappend b/meta-fsl-ppc/recipes-core/udev/udev_182.bbappend new file mode 100644 index 00000000..4eedfd89 --- /dev/null +++ b/meta-fsl-ppc/recipes-core/udev/udev_182.bbappend @@ -0,0 +1,6 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:" + +SRC_URI_append_qoriq-ppc = " \ + file://skip-rules-for-mmc-rpmb-partition.patch \ +" + diff --git a/meta-fsl-ppc/recipes-devtools/qemu/qemu_fslgit.bb b/meta-fsl-ppc/recipes-devtools/qemu/qemu_fslgit.bb new file mode 100644 index 00000000..32e738e9 --- /dev/null +++ b/meta-fsl-ppc/recipes-devtools/qemu/qemu_fslgit.bb @@ -0,0 +1,57 @@ +require recipes-devtools/qemu/qemu.inc + +LIC_FILES_CHKSUM = "file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac \ + file://COPYING.LIB;endline=24;md5=c04def7ae38850e7d3ef548588159913" + +# This means QEMU v1.7 with FSL specific patches applied +PV = "1.7+fsl" + +# NOTE: these options are note available in qemu 1.7, but qemu.inc assumes +# version 2.0+ where they are available. For now we unset them, but we should +# remove the following lines when upgrading to qemu 2.0+: +PACKAGECONFIG[quorum] = "" +PACKAGECONFIG[lzo] = "" +PACKAGECONFIG[numa] = "" +PACKAGECONFIG[gtk+] = "" + +SRC_URI = "git://git.freescale.com/ppc/sdk/qemu.git;nobranch=1" +SRCREV = "6ac4597c059d35e2737b234747243e56d340f4db" + +S = "${WORKDIR}/git" + +QEMU_TARGETS = "ppc" +PPC_OECONF = '${SDL} --cross-prefix=${TARGET_PREFIX} --disable-werror --disable-vnc --disable-bluez --disable-curl --enable-libusb' +EXTRA_OECONF_e5500-64b = "--target-list=ppc64-softmmu ${PPC_OECONF}" +EXTRA_OECONF_e6500-64b = "--target-list=ppc64-softmmu ${PPC_OECONF}" +EXTRA_OECONF_e6500 = "--target-list=ppc64-softmmu ${PPC_OECONF}" +EXTRA_OECONF_e5500 = "--target-list=ppc64-softmmu ${PPC_OECONF}" +EXTRA_OECONF_e500v2 = "--target-list=ppc-softmmu ${PPC_OECONF}" +EXTRA_OECONF_e500mc = "--target-list=ppc-softmmu ${PPC_OECONF}" + +do_configure_prepend() { + export PKG_CONFIG=${STAGING_DIR_NATIVE}${bindir_native}/pkg-config +} + +do_configure_append () { + grep 'CONFIG_FDT=y' config-host.mak +} + +# gets around qemu.inc trying to install powerpc_rom.bin +do_install_prepend() { + touch ${WORKDIR}/powerpc_rom.bin +} + +do_install_append() { + rm ${WORKDIR}/powerpc_rom.bin + # Prevent QA warnings about installed ${localstatedir}/run + if [ -d ${D}${localstatedir}/run ]; then rmdir ${D}${localstatedir}/run; fi +} + +INSANE_SKIP_${PN} += "dev-deps" + +# This is only meant to be build to run on the target +# for the given arch types listed, otherwise don't let +# the package get built. COMPATIBLE_HOST would not work +# because it was too generic +COMPATIBLE_MACHINE = "a^" +COMPATIBLE_MACHINE_libc-glibc_qoriq-ppc = ".*" diff --git a/meta-fsl-ppc/recipes-dpaa/eth-config/eth-config_git.bb b/meta-fsl-ppc/recipes-dpaa/eth-config/eth-config_git.bb new file mode 100644 index 00000000..878121f2 --- /dev/null +++ b/meta-fsl-ppc/recipes-dpaa/eth-config/eth-config_git.bb @@ -0,0 +1,17 @@ +DESCRIPTION = "Ethernet Configuration Files" +SECTION = "eth-config" +LICENSE = "BSD & GPLv2+" +LIC_FILES_CHKSUM = "file://COPYING;md5=8ed5eddbfbb84af5089ea94c382d423c" + +PR = "r2" + +SRC_URI = "git://git.freescale.com/ppc/sdk/eth-config.git;branch=sdk-v1.7.x" +SRCREV = "8040e0b1a7cb18cecfe0c7657d42f59f222b7930" + +S = "${WORKDIR}/git" + +EXTRA_OEMAKE = "D=${D}" + +do_install() { + oe_runmake install +} diff --git a/meta-fsl-ppc/recipes-dpaa/flib/flib_git.bb b/meta-fsl-ppc/recipes-dpaa/flib/flib_git.bb new file mode 100644 index 00000000..3ac7886b --- /dev/null +++ b/meta-fsl-ppc/recipes-dpaa/flib/flib_git.bb @@ -0,0 +1,15 @@ +DESCRIPTION = "Foundation Library" +SECTION = "flib" +LICENSE = "BSD & GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=75d2f6a74299640c05ae6c69ed7a4ad6" + +SRC_URI = "git://git.freescale.com/ppc/sdk/flib.git;nobranch=1" +SRCREV = "4bd48d4d6dbb1bd57c3c608fe66e97f4eb8e05b9" + +S = "${WORKDIR}/git" + +do_install(){ + oe_runmake install DESTDIR=${D} +} + +ALLOW_EMPTY_${PN} = "1" diff --git a/meta-fsl-ppc/recipes-dpaa/fm-ucode/fm-ucode_git.bb b/meta-fsl-ppc/recipes-dpaa/fm-ucode/fm-ucode_git.bb new file mode 100644 index 00000000..1bb70988 --- /dev/null +++ b/meta-fsl-ppc/recipes-dpaa/fm-ucode/fm-ucode_git.bb @@ -0,0 +1,37 @@ +DESCRIPTION = "Fman microcode binary" +SECTION = "fm-ucode" +LICENSE = "Freescale-EULA" +LIC_FILES_CHKSUM = "file://EULA;md5=60037ccba533a5995e8d1a838d85799c" + +PR = "r1" + +inherit deploy + +SRC_URI = "git://git.freescale.com/ppc/sdk/fm-ucode.git;nobranch=1" +SRCREV = "4cda2e3f36408ded79022cf599260add07769786" + +S = "${WORKDIR}/git" + +REGLEX ?= "${MACHINE}" +REGLEX_t1042 = "t1040" +REGLEX_b4420 = "b4860" +REGLEX_t4160 = "t4240" + +do_install () { + UCODE=`echo ${REGLEX} | sed -e 's,-.*$,,' -e 's,[a-zA-Z]*$,,'` + install -d ${D}/boot + install -m 644 fsl_fman_ucode_${UCODE}*.bin ${D}/boot/ +} + +do_deploy () { + UCODE=`echo ${REGLEX} | sed -e 's,-.*$,,' -e 's,[a-zA-Z]*$,,'` + install -d ${DEPLOYDIR}/ + install -m 644 fsl_fman_ucode_${UCODE}*.bin ${DEPLOYDIR}/ +} +addtask deploy before do_build after do_install + +PACKAGES += "${PN}-image" +FILES_${PN}-image += "/boot" +ALLOW_EMPTY_${PN} = "1" +COMPATIBLE_MACHINE = "(p1023rdb|e500mc|e5500|e5500-64b|e6500|e6500-64b)" + diff --git a/meta-fsl-ppc/recipes-dpaa/fmc/fmc_git.bb b/meta-fsl-ppc/recipes-dpaa/fmc/fmc_git.bb new file mode 100644 index 00000000..a9da96f8 --- /dev/null +++ b/meta-fsl-ppc/recipes-dpaa/fmc/fmc_git.bb @@ -0,0 +1,53 @@ +DESCRIPTION = "Frame Manager Configuration tool" +SECTION = "fmc" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://COPYING;md5=a504ab5a8ff235e67c7301214749346c" + +PR = "r2" + +SRC_URI = "git://git.freescale.com/ppc/sdk/fmc.git;nobranch=1" +SRCREV = "4f4a3ebe447c3c982d453596a82af7b40ac3a28a" + +DEPENDS = "libxml2 fmlib tclap" + +PACKAGE_ARCH = "${MACHINE_ARCH}" +COMPATIBLE_HOST_qoriq-ppc = ".*" +COMPATIBLE_HOST ?= "(none)" + +S = "${WORKDIR}/git" + +EXTRA_OEMAKE = 'FMD_USPACE_HEADER_PATH="${STAGING_INCDIR}/fmd" \ + FMD_USPACE_LIB_PATH="${STAGING_LIBDIR}" LIBXML2_HEADER_PATH="${STAGING_INCDIR}/libxml2" \ + TCLAP_HEADER_PATH="${STAGING_INCDIR}" ' +EXTRA_OEMAKE_virtclass-native = 'FMCHOSTMODE=1 FMD_USPACE_HEADER_PATH="${STAGING_INCDIR}/fmd" \ + FMD_USPACE_LIB_PATH="${STAGING_LIBDIR}" LIBXML2_HEADER_PATH="${STAGING_INCDIR}/libxml2" \ + TCLAP_HEADER_PATH="${STAGING_INCDIR}" ' + +PARALLEL_MAKE = "" + +do_compile () { + if echo ${MACHINE} | egrep -q "^(b4|t1|t2|t4)"; then + EXTRA_OEMAKE_PLATFORM="b4860qds" + elif [ "p1023rds" = "${MACHINE}" ];then + EXTRA_OEMAKE_PLATFORM="p1023rds" + else + EXTRA_OEMAKE_PLATFORM="" + fi + oe_runmake MACHINE=${EXTRA_OEMAKE_PLATFORM} -C source +} + +do_install () { + install -d ${D}/${bindir} + install -m 755 ${S}/source/fmc ${D}/${bindir}/fmc + + install -d ${D}/etc/fmc/config + install -m 644 ${S}/etc/fmc/config/hxs_pdl_v3.xml ${D}/etc/fmc/config + + install -d ${D}/${includedir}/fmc + install ${S}/source/fmc.h ${D}/${includedir}/fmc + + install -d ${D}/${libdir} + install ${S}/source/libfmc.a ${D}/${libdir} +} + +BBCLASSEXTEND = "native" diff --git a/meta-fsl-ppc/recipes-dpaa/fmlib/fmlib_git.bb b/meta-fsl-ppc/recipes-dpaa/fmlib/fmlib_git.bb new file mode 100644 index 00000000..4d394a5d --- /dev/null +++ b/meta-fsl-ppc/recipes-dpaa/fmlib/fmlib_git.bb @@ -0,0 +1,45 @@ +DESCRIPTION = "Frame Manager User Space Library" +SECTION = "fman" +LICENSE = "BSD & GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=3f16fa8e677e45af3127c5c4bafc3c00" + +PR = "r1" + +DEPENDS += "virtual/kernel" +DEPENDS_virtclass-native = "" + +SRC_URI = "git://git.freescale.com/ppc/sdk/fmlib.git;nobranch=1" +SRCREV = "661d7822aa182f720029134008d7e1db07b0d504" + +S = "${WORKDIR}/git" + +TARGET_ARCH_FMLIB = "${DEFAULTTUNE}" +TARGET_ARCH_FMLIB_e5500 = "ppc32e5500" +TARGET_ARCH_FMLIB_e6500 = "ppc32e6500" +COMPATIBLE_HOST_qoriq-ppc = ".*" +COMPATIBLE_HOST ?= "(none)" + +EXTRA_OEMAKE = "DESTDIR=${D} PREFIX=${prefix} LIB_DEST_DIR=${libdir} \ + CROSS_COMPILE=${TARGET_PREFIX} KERNEL_SRC=${STAGING_KERNEL_DIR}" + +FMLIB_TARGET = "libfm-${TARGET_ARCH_FMLIB}" +FMLIB_TARGET_t1 = "libfm-${TARGET_ARCH_FMLIB}-fmv3" +do_compile () { + oe_runmake ${FMLIB_TARGET}.a +} + +do_compile_virtclass-native () { +} + +do_install () { + oe_runmake install-${FMLIB_TARGET} +} + +do_install_virtclass-native () { + install -d ${D}/${includedir} + cp -rf ${S}/include/* ${D}/${includedir} +} + +ALLOW_EMPTY_${PN} = "1" + +BBCLASSEXTEND = "native" diff --git a/meta-fsl-ppc/recipes-dpaa/usdpaa/usdpaa_git.bb b/meta-fsl-ppc/recipes-dpaa/usdpaa/usdpaa_git.bb new file mode 100644 index 00000000..e6bf5f6c --- /dev/null +++ b/meta-fsl-ppc/recipes-dpaa/usdpaa/usdpaa_git.bb @@ -0,0 +1,62 @@ +DESCRIPTION = "User-Space Data-Path Acceleration Architecture drivers" +LICENSE = "BSD & GPLv2" +LIC_FILES_CHKSUM = "file://Makefile;endline=30;md5=39e58bedc879163c9338596e52df5b1f" +PR = "r4" + +inherit pkgconfig + +PACKAGE_ARCH = "${MACHINE_ARCH}" + +DEPENDS = "libxml2 libedit ncurses readline flib fmc" +DEPENDS_append_b4860qds = " ipc-ust" +DEPENDS_append_b4420qds = " ipc-ust" + +RDEPENDS_${PN} = "libgcc bash" + +SRC_URI = "git://git.freescale.com/ppc/sdk/usdpaa.git;nobranch=1" +SRCREV = "d9975948bb6bf9fdcec189c0f1c31ce45f74961c" + +S = "${WORKDIR}/git" + +EXTRA_OEMAKE = 'CC="${CC}" LD="${LD}" AR="${AR}"' +export ARCH="${TARGET_ARCH}" + +SOC ?= "P4080" +SOC_b4 = "B4860" +SOC_t1 = "T1040" +SOC_t2 = "T2080" +SOC_t4 = "T4240" +SOC_p1023rdb = "P1023" + +FMAN_VARIANT ?= "P4080" +FMAN_VARIANT_b4 = "B4860" +FMAN_VARIANT_t1 = "B4860" +FMAN_VARIANT_t2 = "B4860" +FMAN_VARIANT_t4 = "B4860" +FMAN_VARIANT_p1023rdb = "P1023" + +do_compile_prepend () { + export SOC=${SOC} + export FMC_EXTRA_CFLAGS="-I ${STAGING_INCDIR}/fmc" + export FMLIB_EXTRA_CFLAGS="-I ${STAGING_INCDIR}/fmd \ + -I ${STAGING_INCDIR}/fmd/Peripherals \ + -I ${STAGING_INCDIR}/fmd/integrations \ + -D${FMAN_VARIANT}" + + export LIBXML2_CFLAGS="$(pkg-config --cflags libxml-2.0)" + export LIBXML2_LDFLAGS="$(pkg-config --libs --static libxml-2.0)" + export LIBEDIT_CFLAGS="$(pkg-config --cflags libedit)" + export LIBEDIT_LDFLAGS="$(pkg-config --libs --static libedit)" +} + +do_install () { + export SOC=${SOC} + oe_runmake install DESTDIR=${D} +} + +PARALLEL_MAKE_pn-${PN} = "" +FILES_${PN} += "/root/SOURCE_THIS /usr/etc/" + +COMPATIBLE_HOST_qoriq-ppc = ".*" +COMPATIBLE_HOST ?= "(none)" + diff --git a/meta-fsl-ppc/recipes-extended/cst/cst_git.bb b/meta-fsl-ppc/recipes-extended/cst/cst_git.bb new file mode 100644 index 00000000..e9f1b6f0 --- /dev/null +++ b/meta-fsl-ppc/recipes-extended/cst/cst_git.bb @@ -0,0 +1,26 @@ +SUMMARY = "utility for security boot" +SECTION = "cst" +LICENSE = "BSD" + +# TODO: fix license - this file is not a license +LIC_FILES_CHKSUM = "file://RELEASENOTES;beginline=8;endline=43;md5=5a7b22a2c96b5f94e0498c5f413aa8d3" + +DEPENDS += "openssl" + +inherit kernel-arch + +SRC_URI = "git://git.freescale.com/ppc/sdk/cst.git;nobranch=1" +SRCREV = "2d35e98539c0daa2bc8049e3bd44994d3d93bbe7" + +S = "${WORKDIR}/git" + +EXTRA_OEMAKE = 'CC="${CC}" LD="${CC}"' + +PARALLEL_MAKE = "" + +do_install () { + oe_runmake install DESTDIR=${D} BIN_DEST_DIR=${bindir} +} + +FILES_${PN}-dbg += "${bindir}/cst/.debug" +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-fsl-ppc/recipes-extended/merge-files/merge-files/merge/README b/meta-fsl-ppc/recipes-extended/merge-files/merge-files/merge/README new file mode 100644 index 00000000..8f0d85af --- /dev/null +++ b/meta-fsl-ppc/recipes-extended/merge-files/merge-files/merge/README @@ -0,0 +1,7 @@ +This package is used to merge specified files into rootfs. + +Steps: +1> copy files to recipes-*/merge-files/merge-files/merge/ +2> add 'IMAGE_INSTALL += "merge-files"' into rootfs recipe +3> bitbake <rootfs_image_type> + diff --git a/meta-fsl-ppc/recipes-extended/merge-files/merge-files_1.0.bb b/meta-fsl-ppc/recipes-extended/merge-files/merge-files_1.0.bb new file mode 100644 index 00000000..f64b909f --- /dev/null +++ b/meta-fsl-ppc/recipes-extended/merge-files/merge-files_1.0.bb @@ -0,0 +1,25 @@ +DESCRIPTION = "Merge prebuilt/extra files into rootfs" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \ + file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" + +inherit allarch + +SRC_URI = "file://merge" + +MERGED_DST ?= "${ROOT_HOME}" +do_install () { + install -d ${D}/${MERGED_DST} + find ${WORKDIR}/merge/ -maxdepth 1 -mindepth 1 -not -name README \ + -exec cp -fr '{}' ${D}/${MERGED_DST}/ \; + find ${WORKDIR}/merge/ -maxdepth 1 -mindepth 1 -exec rm -fr '{}' \; +} +do_unpack[nostamp] = "1" +do_install[nostamp] = "1" +do_configure[noexec] = "1" +do_compile[noexec] = "1" + +FILES_${PN} = "/*" +ALLOW_EMPTY_${PN} = "1" +INSANE_SKIP_${PN} = "debug-files dev-so" + diff --git a/meta-fsl-ppc/recipes-extended/procps/procps_%.bbappend b/meta-fsl-ppc/recipes-extended/procps/procps_%.bbappend new file mode 100644 index 00000000..face0ccc --- /dev/null +++ b/meta-fsl-ppc/recipes-extended/procps/procps_%.bbappend @@ -0,0 +1,9 @@ +do_install_append_qoriq-ppc() { + for keyword in \ + net.ipv4.conf.default.rp_filter \ + net.ipv4.conf.all.rp_filter \ + ; do + sed -i 's,'"$keyword"'=.*,'"$keyword"'=0,' ${D}${sysconfdir}/sysctl.conf + done +} + diff --git a/meta-fsl-ppc/recipes-extended/skmm-ep/skmm-ep/add-two-missing-header-files.patch b/meta-fsl-ppc/recipes-extended/skmm-ep/skmm-ep/add-two-missing-header-files.patch new file mode 100644 index 00000000..2a7bb9f2 --- /dev/null +++ b/meta-fsl-ppc/recipes-extended/skmm-ep/skmm-ep/add-two-missing-header-files.patch @@ -0,0 +1,660 @@ +add two missing header files + +Upstream-status: Pending + +--- + include/linux/fsl_pci_ep_vfio.h | 79 ++++++ + include/linux/vfio.h | 555 ++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 634 insertions(+) + create mode 100644 include/linux/fsl_pci_ep_vfio.h + create mode 100644 include/linux/vfio.h + +diff --git a/include/linux/fsl_pci_ep_vfio.h b/include/linux/fsl_pci_ep_vfio.h +new file mode 100644 +index 0000000..8960157 +--- /dev/null ++++ b/include/linux/fsl_pci_ep_vfio.h +@@ -0,0 +1,79 @@ ++/* ++ * Copyright 2013 Freescale Semiconductor, Inc. ++ * ++ * Author: Minghuan Lian <Minghuan.Lian@freescale.com> ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License, version 2, as ++ * published by the Free Software Foundation. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. ++ * ++ */ ++ ++#ifndef _FSL_PCI_EP_VFIO_H ++#define _FSL_PCI_EP_VFIO_H ++ ++#include <linux/vfio.h> ++ ++enum { ++ PCI_EP_TYPE_PF, ++ PCI_EP_TYPE_VF, ++}; ++ ++enum PCI_EP_REGION_TYPE { ++ PCI_EP_REGION_IBWIN, ++ PCI_EP_REGION_OBWIN, ++ PCI_EP_REGION_VF_IBWIN, ++ PCI_EP_REGION_VF_OBWIN, ++ PCI_EP_REGION_REGS, ++ PCI_EP_REGION_CONFIG, ++ PCI_EP_REGION_MEM, ++ PCI_EP_REGION_MSIX_OBWIN ++}; ++ ++enum PCI_EP_REGION_INDEX { ++ PCI_EP_WIN0_INDEX, ++ PCI_EP_WIN1_INDEX, ++ PCI_EP_WIN2_INDEX, ++ PCI_EP_WIN3_INDEX, ++ PCI_EP_WIN4_INDEX, ++ PCI_EP_WIN5_INDEX, ++}; ++ ++#define PCI_EP_MSI_WIN_INDEX PCI_EP_WIN1_INDEX ++#define PCI_EP_CCSR_WIN_INDEX PCI_EP_WIN0_INDEX ++#define PCI_EP_DEFAULT_OW_INDEX PCI_EP_WIN0_INDEX ++ ++struct pci_ep_win { ++ uint64_t pci_addr; ++ uint64_t cpu_addr; ++ uint64_t size; ++ uint64_t offset; ++ uint32_t attr; ++ uint32_t type; ++ uint32_t idx; ++}; ++ ++#define VFIO_DEVICE_SET_WIN_INFO _IO(VFIO_TYPE, VFIO_BASE + 20) ++#define VFIO_DEVICE_GET_WIN_INFO _IO(VFIO_TYPE, VFIO_BASE + 21) ++ ++struct pci_ep_info { ++ uint32_t type; ++ uint32_t pf_idx; ++ uint32_t vf_idx; ++ uint32_t iw_num; ++ uint32_t ow_num; ++ uint32_t vf_iw_num; ++ uint32_t vf_ow_num; ++ bool msix_enable; ++}; ++ ++#endif +diff --git a/include/linux/vfio.h b/include/linux/vfio.h +new file mode 100644 +index 0000000..44578d2 +--- /dev/null ++++ b/include/linux/vfio.h +@@ -0,0 +1,555 @@ ++/* ++ * VFIO API definition ++ * ++ * Copyright (C) 2012 Red Hat, Inc. All rights reserved. ++ * Author: Alex Williamson <alex.williamson@redhat.com> ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License version 2 as ++ * published by the Free Software Foundation. ++ */ ++#ifndef _UAPIVFIO_H ++#define _UAPIVFIO_H ++ ++#include <linux/types.h> ++#include <linux/ioctl.h> ++ ++#define VFIO_API_VERSION 0 ++ ++ ++/* Kernel & User level defines for VFIO IOCTLs. */ ++ ++/* Extensions */ ++ ++#define VFIO_TYPE1_IOMMU 1 ++#define VFIO_SPAPR_TCE_IOMMU 2 ++#define VFIO_FSL_PAMU_IOMMU 1000 ++#define VFIO_IOMMU_DUMMY 1001 ++ ++/* ++ * The IOCTL interface is designed for extensibility by embedding the ++ * structure length (argsz) and flags into structures passed between ++ * kernel and userspace. We therefore use the _IO() macro for these ++ * defines to avoid implicitly embedding a size into the ioctl request. ++ * As structure fields are added, argsz will increase to match and flag ++ * bits will be defined to indicate additional fields with valid data. ++ * It's *always* the caller's responsibility to indicate the size of ++ * the structure passed by setting argsz appropriately. ++ */ ++ ++#define VFIO_TYPE (';') ++#define VFIO_BASE 100 ++ ++/* -------- IOCTLs for VFIO file descriptor (/dev/vfio/vfio) -------- */ ++ ++/** ++ * VFIO_GET_API_VERSION - _IO(VFIO_TYPE, VFIO_BASE + 0) ++ * ++ * Report the version of the VFIO API. This allows us to bump the entire ++ * API version should we later need to add or change features in incompatible ++ * ways. ++ * Return: VFIO_API_VERSION ++ * Availability: Always ++ */ ++#define VFIO_GET_API_VERSION _IO(VFIO_TYPE, VFIO_BASE + 0) ++ ++/** ++ * VFIO_CHECK_EXTENSION - _IOW(VFIO_TYPE, VFIO_BASE + 1, __u32) ++ * ++ * Check whether an extension is supported. ++ * Return: 0 if not supported, 1 (or some other positive integer) if supported. ++ * Availability: Always ++ */ ++#define VFIO_CHECK_EXTENSION _IO(VFIO_TYPE, VFIO_BASE + 1) ++ ++/** ++ * VFIO_SET_IOMMU - _IOW(VFIO_TYPE, VFIO_BASE + 2, __s32) ++ * ++ * Set the iommu to the given type. The type must be supported by an ++ * iommu driver as verified by calling CHECK_EXTENSION using the same ++ * type. A group must be set to this file descriptor before this ++ * ioctl is available. The IOMMU interfaces enabled by this call are ++ * specific to the value set. ++ * Return: 0 on success, -errno on failure ++ * Availability: When VFIO group attached ++ */ ++#define VFIO_SET_IOMMU _IO(VFIO_TYPE, VFIO_BASE + 2) ++ ++/* -------- IOCTLs for GROUP file descriptors (/dev/vfio/$GROUP) -------- */ ++ ++/** ++ * VFIO_GROUP_GET_STATUS - _IOR(VFIO_TYPE, VFIO_BASE + 3, ++ * struct vfio_group_status) ++ * ++ * Retrieve information about the group. Fills in provided ++ * struct vfio_group_info. Caller sets argsz. ++ * Return: 0 on succes, -errno on failure. ++ * Availability: Always ++ */ ++struct vfio_group_status { ++ __u32 argsz; ++ __u32 flags; ++#define VFIO_GROUP_FLAGS_VIABLE (1 << 0) ++#define VFIO_GROUP_FLAGS_CONTAINER_SET (1 << 1) ++}; ++#define VFIO_GROUP_GET_STATUS _IO(VFIO_TYPE, VFIO_BASE + 3) ++ ++/** ++ * VFIO_GROUP_SET_CONTAINER - _IOW(VFIO_TYPE, VFIO_BASE + 4, __s32) ++ * ++ * Set the container for the VFIO group to the open VFIO file ++ * descriptor provided. Groups may only belong to a single ++ * container. Containers may, at their discretion, support multiple ++ * groups. Only when a container is set are all of the interfaces ++ * of the VFIO file descriptor and the VFIO group file descriptor ++ * available to the user. ++ * Return: 0 on success, -errno on failure. ++ * Availability: Always ++ */ ++#define VFIO_GROUP_SET_CONTAINER _IO(VFIO_TYPE, VFIO_BASE + 4) ++ ++/** ++ * VFIO_GROUP_UNSET_CONTAINER - _IO(VFIO_TYPE, VFIO_BASE + 5) ++ * ++ * Remove the group from the attached container. This is the ++ * opposite of the SET_CONTAINER call and returns the group to ++ * an initial state. All device file descriptors must be released ++ * prior to calling this interface. When removing the last group ++ * from a container, the IOMMU will be disabled and all state lost, ++ * effectively also returning the VFIO file descriptor to an initial ++ * state. ++ * Return: 0 on success, -errno on failure. ++ * Availability: When attached to container ++ */ ++#define VFIO_GROUP_UNSET_CONTAINER _IO(VFIO_TYPE, VFIO_BASE + 5) ++ ++/** ++ * VFIO_GROUP_GET_DEVICE_FD - _IOW(VFIO_TYPE, VFIO_BASE + 6, char) ++ * ++ * Return a new file descriptor for the device object described by ++ * the provided string. The string should match a device listed in ++ * the devices subdirectory of the IOMMU group sysfs entry. The ++ * group containing the device must already be added to this context. ++ * Return: new file descriptor on success, -errno on failure. ++ * Availability: When attached to container ++ */ ++#define VFIO_GROUP_GET_DEVICE_FD _IO(VFIO_TYPE, VFIO_BASE + 6) ++ ++/* --------------- IOCTLs for DEVICE file descriptors --------------- */ ++ ++/** ++ * VFIO_DEVICE_GET_INFO - _IOR(VFIO_TYPE, VFIO_BASE + 7, ++ * struct vfio_device_info) ++ * ++ * Retrieve information about the device. Fills in provided ++ * struct vfio_device_info. Caller sets argsz. ++ * Return: 0 on success, -errno on failure. ++ */ ++struct vfio_device_info { ++ __u32 argsz; ++ __u32 flags; ++#define VFIO_DEVICE_FLAGS_RESET (1 << 0) /* Device supports reset */ ++#define VFIO_DEVICE_FLAGS_PCI (1 << 1) /* vfio-pci device */ ++ __u32 num_regions; /* Max region index + 1 */ ++ __u32 num_irqs; /* Max IRQ index + 1 */ ++}; ++#define VFIO_DEVICE_GET_INFO _IO(VFIO_TYPE, VFIO_BASE + 7) ++ ++/** ++ * VFIO_DEVICE_GET_REGION_INFO - _IOWR(VFIO_TYPE, VFIO_BASE + 8, ++ * struct vfio_region_info) ++ * ++ * Retrieve information about a device region. Caller provides ++ * struct vfio_region_info with index value set. Caller sets argsz. ++ * Implementation of region mapping is bus driver specific. This is ++ * intended to describe MMIO, I/O port, as well as bus specific ++ * regions (ex. PCI config space). Zero sized regions may be used ++ * to describe unimplemented regions (ex. unimplemented PCI BARs). ++ * Return: 0 on success, -errno on failure. ++ */ ++struct vfio_region_info { ++ __u32 argsz; ++ __u32 flags; ++#define VFIO_REGION_INFO_FLAG_READ (1 << 0) /* Region supports read */ ++#define VFIO_REGION_INFO_FLAG_WRITE (1 << 1) /* Region supports write */ ++#define VFIO_REGION_INFO_FLAG_MMAP (1 << 2) /* Region supports mmap */ ++ __u32 index; /* Region index */ ++ __u32 resv; /* Reserved for alignment */ ++ __u64 size; /* Region size (bytes) */ ++ __u64 offset; /* Region offset from start of device fd */ ++}; ++#define VFIO_DEVICE_GET_REGION_INFO _IO(VFIO_TYPE, VFIO_BASE + 8) ++ ++/** ++ * VFIO_DEVICE_GET_IRQ_INFO - _IOWR(VFIO_TYPE, VFIO_BASE + 9, ++ * struct vfio_irq_info) ++ * ++ * Retrieve information about a device IRQ. Caller provides ++ * struct vfio_irq_info with index value set. Caller sets argsz. ++ * Implementation of IRQ mapping is bus driver specific. Indexes ++ * using multiple IRQs are primarily intended to support MSI-like ++ * interrupt blocks. Zero count irq blocks may be used to describe ++ * unimplemented interrupt types. ++ * ++ * The EVENTFD flag indicates the interrupt index supports eventfd based ++ * signaling. ++ * ++ * The MASKABLE flags indicates the index supports MASK and UNMASK ++ * actions described below. ++ * ++ * AUTOMASKED indicates that after signaling, the interrupt line is ++ * automatically masked by VFIO and the user needs to unmask the line ++ * to receive new interrupts. This is primarily intended to distinguish ++ * level triggered interrupts. ++ * ++ * The NORESIZE flag indicates that the interrupt lines within the index ++ * are setup as a set and new subindexes cannot be enabled without first ++ * disabling the entire index. This is used for interrupts like PCI MSI ++ * and MSI-X where the driver may only use a subset of the available ++ * indexes, but VFIO needs to enable a specific number of vectors ++ * upfront. In the case of MSI-X, where the user can enable MSI-X and ++ * then add and unmask vectors, it's up to userspace to make the decision ++ * whether to allocate the maximum supported number of vectors or tear ++ * down setup and incrementally increase the vectors as each is enabled. ++ */ ++struct vfio_irq_info { ++ __u32 argsz; ++ __u32 flags; ++#define VFIO_IRQ_INFO_EVENTFD (1 << 0) ++#define VFIO_IRQ_INFO_MASKABLE (1 << 1) ++#define VFIO_IRQ_INFO_AUTOMASKED (1 << 2) ++#define VFIO_IRQ_INFO_NORESIZE (1 << 3) ++ __u32 index; /* IRQ index */ ++ __u32 count; /* Number of IRQs within this index */ ++}; ++#define VFIO_DEVICE_GET_IRQ_INFO _IO(VFIO_TYPE, VFIO_BASE + 9) ++ ++/** ++ * VFIO_DEVICE_SET_IRQS - _IOW(VFIO_TYPE, VFIO_BASE + 10, struct vfio_irq_set) ++ * ++ * Set signaling, masking, and unmasking of interrupts. Caller provides ++ * struct vfio_irq_set with all fields set. 'start' and 'count' indicate ++ * the range of subindexes being specified. ++ * ++ * The DATA flags specify the type of data provided. If DATA_NONE, the ++ * operation performs the specified action immediately on the specified ++ * interrupt(s). For example, to unmask AUTOMASKED interrupt [0,0]: ++ * flags = (DATA_NONE|ACTION_UNMASK), index = 0, start = 0, count = 1. ++ * ++ * DATA_BOOL allows sparse support for the same on arrays of interrupts. ++ * For example, to mask interrupts [0,1] and [0,3] (but not [0,2]): ++ * flags = (DATA_BOOL|ACTION_MASK), index = 0, start = 1, count = 3, ++ * data = {1,0,1} ++ * ++ * DATA_EVENTFD binds the specified ACTION to the provided __s32 eventfd. ++ * A value of -1 can be used to either de-assign interrupts if already ++ * assigned or skip un-assigned interrupts. For example, to set an eventfd ++ * to be trigger for interrupts [0,0] and [0,2]: ++ * flags = (DATA_EVENTFD|ACTION_TRIGGER), index = 0, start = 0, count = 3, ++ * data = {fd1, -1, fd2} ++ * If index [0,1] is previously set, two count = 1 ioctls calls would be ++ * required to set [0,0] and [0,2] without changing [0,1]. ++ * ++ * Once a signaling mechanism is set, DATA_BOOL or DATA_NONE can be used ++ * with ACTION_TRIGGER to perform kernel level interrupt loopback testing ++ * from userspace (ie. simulate hardware triggering). ++ * ++ * Setting of an event triggering mechanism to userspace for ACTION_TRIGGER ++ * enables the interrupt index for the device. Individual subindex interrupts ++ * can be disabled using the -1 value for DATA_EVENTFD or the index can be ++ * disabled as a whole with: flags = (DATA_NONE|ACTION_TRIGGER), count = 0. ++ * ++ * Note that ACTION_[UN]MASK specify user->kernel signaling (irqfds) while ++ * ACTION_TRIGGER specifies kernel->user signaling. ++ */ ++struct vfio_irq_set { ++ __u32 argsz; ++ __u32 flags; ++#define VFIO_IRQ_SET_DATA_NONE (1 << 0) /* Data not present */ ++#define VFIO_IRQ_SET_DATA_BOOL (1 << 1) /* Data is bool (u8) */ ++#define VFIO_IRQ_SET_DATA_EVENTFD (1 << 2) /* Data is eventfd (s32) */ ++#define VFIO_IRQ_SET_ACTION_MASK (1 << 3) /* Mask interrupt */ ++#define VFIO_IRQ_SET_ACTION_UNMASK (1 << 4) /* Unmask interrupt */ ++#define VFIO_IRQ_SET_ACTION_TRIGGER (1 << 5) /* Trigger interrupt */ ++ __u32 index; ++ __u32 start; ++ __u32 count; ++ __u8 data[]; ++}; ++#define VFIO_DEVICE_SET_IRQS _IO(VFIO_TYPE, VFIO_BASE + 10) ++ ++#define VFIO_IRQ_SET_DATA_TYPE_MASK (VFIO_IRQ_SET_DATA_NONE | \ ++ VFIO_IRQ_SET_DATA_BOOL | \ ++ VFIO_IRQ_SET_DATA_EVENTFD) ++#define VFIO_IRQ_SET_ACTION_TYPE_MASK (VFIO_IRQ_SET_ACTION_MASK | \ ++ VFIO_IRQ_SET_ACTION_UNMASK | \ ++ VFIO_IRQ_SET_ACTION_TRIGGER) ++/** ++ * VFIO_DEVICE_RESET - _IO(VFIO_TYPE, VFIO_BASE + 11) ++ * ++ * Reset a device. ++ */ ++#define VFIO_DEVICE_RESET _IO(VFIO_TYPE, VFIO_BASE + 11) ++ ++/* ++ * The VFIO-PCI bus driver makes use of the following fixed region and ++ * IRQ index mapping. Unimplemented regions return a size of zero. ++ * Unimplemented IRQ types return a count of zero. ++ */ ++ ++enum { ++ VFIO_PCI_BAR0_REGION_INDEX, ++ VFIO_PCI_BAR1_REGION_INDEX, ++ VFIO_PCI_BAR2_REGION_INDEX, ++ VFIO_PCI_BAR3_REGION_INDEX, ++ VFIO_PCI_BAR4_REGION_INDEX, ++ VFIO_PCI_BAR5_REGION_INDEX, ++ VFIO_PCI_ROM_REGION_INDEX, ++ VFIO_PCI_CONFIG_REGION_INDEX, ++ /* ++ * Expose VGA regions defined for PCI base class 03, subclass 00. ++ * This includes I/O port ranges 0x3b0 to 0x3bb and 0x3c0 to 0x3df ++ * as well as the MMIO range 0xa0000 to 0xbffff. Each implemented ++ * range is found at it's identity mapped offset from the region ++ * offset, for example 0x3b0 is region_info.offset + 0x3b0. Areas ++ * between described ranges are unimplemented. ++ */ ++ VFIO_PCI_VGA_REGION_INDEX, ++ VFIO_PCI_NUM_REGIONS ++}; ++ ++enum { ++ VFIO_PCI_INTX_IRQ_INDEX, ++ VFIO_PCI_MSI_IRQ_INDEX, ++ VFIO_PCI_MSIX_IRQ_INDEX, ++ VFIO_PCI_ERR_IRQ_INDEX, ++ VFIO_PCI_NUM_IRQS ++}; ++ ++/** ++ * VFIO_DEVICE_GET_PCI_HOT_RESET_INFO - _IORW(VFIO_TYPE, VFIO_BASE + 12, ++ * struct vfio_pci_hot_reset_info) ++ * ++ * Return: 0 on success, -errno on failure: ++ * -enospc = insufficient buffer, -enodev = unsupported for device. ++ */ ++struct vfio_pci_dependent_device { ++ __u32 group_id; ++ __u16 segment; ++ __u8 bus; ++ __u8 devfn; /* Use PCI_SLOT/PCI_FUNC */ ++}; ++ ++struct vfio_pci_hot_reset_info { ++ __u32 argsz; ++ __u32 flags; ++ __u32 count; ++ struct vfio_pci_dependent_device devices[]; ++}; ++ ++#define VFIO_DEVICE_GET_PCI_HOT_RESET_INFO _IO(VFIO_TYPE, VFIO_BASE + 12) ++ ++/** ++ * VFIO_DEVICE_PCI_HOT_RESET - _IOW(VFIO_TYPE, VFIO_BASE + 13, ++ * struct vfio_pci_hot_reset) ++ * ++ * Return: 0 on success, -errno on failure. ++ */ ++struct vfio_pci_hot_reset { ++ __u32 argsz; ++ __u32 flags; ++ __u32 count; ++ __s32 group_fds[]; ++}; ++ ++#define VFIO_DEVICE_PCI_HOT_RESET _IO(VFIO_TYPE, VFIO_BASE + 13) ++ ++/* -------- API for Type1 VFIO IOMMU -------- */ ++ ++/** ++ * VFIO_IOMMU_GET_INFO - _IOR(VFIO_TYPE, VFIO_BASE + 12, struct vfio_iommu_info) ++ * ++ * Retrieve information about the IOMMU object. Fills in provided ++ * struct vfio_iommu_info. Caller sets argsz. ++ * ++ * XXX Should we do these by CHECK_EXTENSION too? ++ */ ++struct vfio_iommu_type1_info { ++ __u32 argsz; ++ __u32 flags; ++#define VFIO_IOMMU_INFO_PGSIZES (1 << 0) /* supported page sizes info */ ++ __u64 iova_pgsizes; /* Bitmap of supported page sizes */ ++}; ++ ++#define VFIO_IOMMU_GET_INFO _IO(VFIO_TYPE, VFIO_BASE + 12) ++ ++/** ++ * VFIO_IOMMU_MAP_DMA - _IOW(VFIO_TYPE, VFIO_BASE + 13, struct vfio_dma_map) ++ * ++ * Map process virtual addresses to IO virtual addresses using the ++ * provided struct vfio_dma_map. Caller sets argsz. READ &/ WRITE required. ++ */ ++struct vfio_iommu_type1_dma_map { ++ __u32 argsz; ++ __u32 flags; ++#define VFIO_DMA_MAP_FLAG_READ (1 << 0) /* readable from device */ ++#define VFIO_DMA_MAP_FLAG_WRITE (1 << 1) /* writable from device */ ++ __u64 vaddr; /* Process virtual address */ ++ __u64 iova; /* IO virtual address */ ++ __u64 size; /* Size of mapping (bytes) */ ++}; ++ ++#define VFIO_IOMMU_MAP_DMA _IO(VFIO_TYPE, VFIO_BASE + 13) ++ ++/** ++ * VFIO_IOMMU_UNMAP_DMA - _IOWR(VFIO_TYPE, VFIO_BASE + 14, ++ * struct vfio_dma_unmap) ++ * ++ * Unmap IO virtual addresses using the provided struct vfio_dma_unmap. ++ * Caller sets argsz. The actual unmapped size is returned in the size ++ * field. No guarantee is made to the user that arbitrary unmaps of iova ++ * or size different from those used in the original mapping call will ++ * succeed. ++ */ ++struct vfio_iommu_type1_dma_unmap { ++ __u32 argsz; ++ __u32 flags; ++ __u64 iova; /* IO virtual address */ ++ __u64 size; /* Size of mapping (bytes) */ ++}; ++ ++#define VFIO_IOMMU_UNMAP_DMA _IO(VFIO_TYPE, VFIO_BASE + 14) ++ ++/*********** APIs for VFIO_PAMU type only ****************/ ++/* ++ * VFIO_IOMMU_PAMU_GET_ATTR - _IO(VFIO_TYPE, VFIO_BASE + 15, ++ * struct vfio_pamu_attr) ++ * ++ * Gets the iommu attributes for the current vfio container. ++ * Caller sets argsz and attribute. The ioctl fills in ++ * the provided struct vfio_pamu_attr based on the attribute ++ * value that was set. ++ * Return: 0 on success, -errno on failure ++ */ ++struct vfio_pamu_attr { ++ __u32 argsz; ++ __u32 flags; /* no flags currently */ ++#define VFIO_ATTR_GEOMETRY 0 ++#define VFIO_ATTR_WINDOWS 1 ++#define VFIO_ATTR_PAMU_STASH 2 ++ __u32 attribute; ++ ++ union { ++ /* VFIO_ATTR_GEOMETRY */ ++ struct { ++ /* first addr that can be mapped */ ++ __u64 aperture_start; ++ /* last addr that can be mapped */ ++ __u64 aperture_end; ++ } attr; ++ ++ /* VFIO_ATTR_WINDOWS */ ++ __u32 windows; /* number of windows in the aperture ++ * initially this will be the max number ++ * of windows that can be set ++ */ ++ /* VFIO_ATTR_PAMU_STASH */ ++ struct { ++ __u32 cpu; /* CPU number for stashing */ ++ __u32 cache; /* cache ID for stashing */ ++ } stash; ++ } attr_info; ++}; ++#define VFIO_IOMMU_PAMU_GET_ATTR _IO(VFIO_TYPE, VFIO_BASE + 15) ++ ++/* ++ * VFIO_IOMMU_PAMU_SET_ATTR - _IO(VFIO_TYPE, VFIO_BASE + 16, ++ * struct vfio_pamu_attr) ++ * ++ * Sets the iommu attributes for the current vfio container. ++ * Caller sets struct vfio_pamu attr, including argsz and attribute and ++ * setting any fields that are valid for the attribute. ++ * Return: 0 on success, -errno on failure ++ */ ++#define VFIO_IOMMU_PAMU_SET_ATTR _IO(VFIO_TYPE, VFIO_BASE + 16) ++ ++/* ++ * VFIO_IOMMU_PAMU_GET_MSI_BANK_COUNT - _IO(VFIO_TYPE, VFIO_BASE + 17, __u32) ++ * ++ * Returns the number of MSI banks for this platform. This tells user space ++ * how many aperture windows should be reserved for MSI banks when setting ++ * the PAMU geometry and window count. ++ * Return: __u32 bank count on success, -errno on failure ++ */ ++#define VFIO_IOMMU_PAMU_GET_MSI_BANK_COUNT _IO(VFIO_TYPE, VFIO_BASE + 17) ++ ++/* ++ * VFIO_IOMMU_PAMU_MAP_MSI_BANK - _IO(VFIO_TYPE, VFIO_BASE + 18, ++ * struct vfio_pamu_msi_bank_map) ++ * ++ * Maps the MSI bank at the specified index and iova. User space must ++ * call this ioctl once for each MSI bank (count of banks is returned by ++ * VFIO_IOMMU_PAMU_GET_MSI_BANK_COUNT). ++ * Caller provides struct vfio_pamu_msi_bank_map with all fields set. ++ * Return: 0 on success, -errno on failure ++ */ ++ ++struct vfio_pamu_msi_bank_map { ++ __u32 argsz; ++ __u32 flags; /* no flags currently */ ++ __u32 msi_bank_index; /* the index of the MSI bank */ ++ __u64 iova; /* the iova the bank is to be mapped to */ ++}; ++#define VFIO_IOMMU_PAMU_MAP_MSI_BANK _IO(VFIO_TYPE, VFIO_BASE + 18) ++ ++/* ++ * VFIO_IOMMU_PAMU_UNMAP_MSI_BANK - _IO(VFIO_TYPE, VFIO_BASE + 19, ++ * struct vfio_pamu_msi_bank_unmap) ++ * ++ * Unmaps the MSI bank at the specified iova. ++ * Caller provides struct vfio_pamu_msi_bank_unmap with all fields set. ++ * Operates on VFIO file descriptor (/dev/vfio/vfio). ++ * Return: 0 on success, -errno on failure ++ */ ++ ++struct vfio_pamu_msi_bank_unmap { ++ __u32 argsz; ++ __u32 flags; /* no flags currently */ ++ __u64 iova; /* the iova to be unmapped to */ ++}; ++#define VFIO_IOMMU_PAMU_UNMAP_MSI_BANK _IO(VFIO_TYPE, VFIO_BASE + 19) ++ ++/* ++ * IOCTLs to enable/disable IOMMU container usage. ++ * No parameters are supported. ++ */ ++#define VFIO_IOMMU_ENABLE _IO(VFIO_TYPE, VFIO_BASE + 15) ++#define VFIO_IOMMU_DISABLE _IO(VFIO_TYPE, VFIO_BASE + 16) ++ ++/* -------- Additional API for SPAPR TCE (Server POWERPC) IOMMU -------- */ ++ ++/* ++ * The SPAPR TCE info struct provides the information about the PCI bus ++ * address ranges available for DMA, these values are programmed into ++ * the hardware so the guest has to know that information. ++ * ++ * The DMA 32 bit window start is an absolute PCI bus address. ++ * The IOVA address passed via map/unmap ioctls are absolute PCI bus ++ * addresses too so the window works as a filter rather than an offset ++ * for IOVA addresses. ++ * ++ * A flag will need to be added if other page sizes are supported, ++ * so as defined here, it is always 4k. ++ */ ++struct vfio_iommu_spapr_tce_info { ++ __u32 argsz; ++ __u32 flags; /* reserved for future use */ ++ __u32 dma32_window_start; /* 32 bit window start (bytes) */ ++ __u32 dma32_window_size; /* 32 bit window size (bytes) */ ++}; ++ ++#define VFIO_IOMMU_SPAPR_TCE_GET_INFO _IO(VFIO_TYPE, VFIO_BASE + 12) ++ ++/* ***************************************************************** */ ++ ++#endif /* _UAPIVFIO_H */ +-- +1.8.3.2 + diff --git a/meta-fsl-ppc/recipes-extended/skmm-ep/skmm-ep_git.bb b/meta-fsl-ppc/recipes-extended/skmm-ep/skmm-ep_git.bb new file mode 100644 index 00000000..ca5d6734 --- /dev/null +++ b/meta-fsl-ppc/recipes-extended/skmm-ep/skmm-ep_git.bb @@ -0,0 +1,31 @@ +DESCRIPTION = "SKMM application for PCIe endpoint" +SECTION = "skmm-ep" +LICENSE = "BSD & GPLv2" +LIC_FILES_CHKSUM = "file://Makefile;endline=30;md5=39e58bedc879163c9338596e52df5b1f" + +DEPENDS = "libedit openssl virtual/kernel" + +PACKAGE_ARCH = "${MACHINE_ARCH}" + +SRC_URI = "git://git.freescale.com/ppc/sdk/skmm-ep.git;nobranch=1 \ + file://add-two-missing-header-files.patch \ +" +SRCREV = "27156a6621c8f6d7f98210b1ca5cd97bde926875" + +COMPATIBLE_MACHINE = "(p4080ds|t4240qds|c293pcie)" + +S = "${WORKDIR}/git" + +EXTRA_OEMAKE = 'MACHINE=${MACHINE}' + +export LIBEDIT_CFLAGS = "`pkg-config --cflags libedit`" +export LIBEDIT_LDFLAGS = "`pkg-config --libs --static libedit`" + +do_compile () { + export ARCH=${TARGET_ARCH} + oe_runmake +} + +do_install () { + oe_runmake ARCH=${TARGET_ARCH} install DESTDIR=${D} +} diff --git a/meta-fsl-ppc/recipes-extended/testfloat/files/SoftFloat-powerpc-1.patch b/meta-fsl-ppc/recipes-extended/testfloat/files/SoftFloat-powerpc-1.patch new file mode 100644 index 00000000..b6db2de2 --- /dev/null +++ b/meta-fsl-ppc/recipes-extended/testfloat/files/SoftFloat-powerpc-1.patch @@ -0,0 +1,1427 @@ +This patch adds PowerPC support in SoftFloat. + +Signed-off-by: Ebony Zhu <ebony.zhu@freescale.com> +Signed-off-by: Liu Yu <Yu.Liu@freescale.com> +--- + SoftFloat-2b/processors/powerpc-GCC.h | 87 ++++ + SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile | 26 ++ + SoftFloat-2b/softfloat/bits32/powerpc-GCC/milieu.h | 55 +++ + .../bits32/powerpc-GCC/softfloat-specialize | 252 ++++++++++++ + .../softfloat/bits32/powerpc-GCC/softfloat.h | 155 +++++++ + SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile | 24 ++ + SoftFloat-2b/softfloat/bits64/powerpc-GCC/milieu.h | 55 +++ + .../bits64/powerpc-GCC/softfloat-specialize | 422 ++++++++++++++++++++ + .../softfloat/bits64/powerpc-GCC/softfloat.h | 269 +++++++++++++ + 9 files changed, 1345 insertions(+), 0 deletions(-) + create mode 100644 SoftFloat-2b/processors/powerpc-GCC.h + create mode 100644 SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile + create mode 100644 SoftFloat-2b/softfloat/bits32/powerpc-GCC/milieu.h + create mode 100644 SoftFloat-2b/softfloat/bits32/powerpc-GCC/softfloat-specialize + create mode 100644 SoftFloat-2b/softfloat/bits32/powerpc-GCC/softfloat.h + create mode 100644 SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile + create mode 100644 SoftFloat-2b/softfloat/bits64/powerpc-GCC/milieu.h + create mode 100644 SoftFloat-2b/softfloat/bits64/powerpc-GCC/softfloat-specialize + create mode 100644 SoftFloat-2b/softfloat/bits64/powerpc-GCC/softfloat.h + +diff --git a/SoftFloat-2b/processors/powerpc-GCC.h b/SoftFloat-2b/processors/powerpc-GCC.h +new file mode 100644 +index 0000000..002a786 +--- /dev/null ++++ b/SoftFloat-2b/processors/powerpc-GCC.h +@@ -0,0 +1,87 @@ ++/* ++ * This file is derived from processors/386-gcc.h, ++ * the copyright for that material belongs to the original owners. ++ * ++ * Additional material and changes where applicable is: ++ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved. ++ * ++ * Author: Ebony Zhu, <ebony.zhu@freescale.com> ++ * Yu Liu, <yu.liu@freescale.com> ++ * ++ * THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE. Although reasonable effort has ++ * been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT TIMES ++ * RESULT IN INCORRECT BEHAVIOR. USE OF THIS SOFTWARE IS RESTRICTED TO PERSONS ++ * AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ALL LOSSES, ++ * COSTS, OR OTHER PROBLEMS THEY INCUR DUE TO THE SOFTWARE, AND WHO FURTHERMORE ++ * EFFECTIVELY INDEMNIFY JOHN HAUSER AND THE INTERNATIONAL COMPUTER SCIENCE ++ * INSTITUTE (possibly via similar legal warning) AGAINST ALL LOSSES, COSTS, OR ++ * OTHER PROBLEMS INCURRED BY THEIR CUSTOMERS AND CLIENTS DUE TO THE SOFTWARE. ++ */ ++ ++/*---------------------------------------------------------------------------- ++| One of the macros `BIGENDIAN' or `LITTLEENDIAN' must be defined. ++*----------------------------------------------------------------------------*/ ++#define BIGENDIAN ++ ++/*---------------------------------------------------------------------------- ++| The macro `BITS64' can be defined to indicate that 64-bit integer types are ++| supported by the compiler. ++*----------------------------------------------------------------------------*/ ++#define BITS32 ++ ++/*---------------------------------------------------------------------------- ++| Each of the following `typedef's defines the most convenient type that holds ++| integers of at least as many bits as specified. For example, `uint8' should ++| be the most convenient type that can hold unsigned integers of as many as ++| 8 bits. The `flag' type must be able to hold either a 0 or 1. For most ++| implementations of C, `flag', `uint8', and `int8' should all be `typedef'ed ++| to the same as `int'. ++*----------------------------------------------------------------------------*/ ++typedef int flag; ++typedef int uint8; ++typedef int int8; ++typedef int uint16; ++typedef int int16; ++typedef unsigned int uint32; ++typedef signed int int32; ++#ifdef BITS64 ++typedef unsigned long long int uint64; ++typedef signed long long int int64; ++#endif ++ ++/*---------------------------------------------------------------------------- ++| Each of the following `typedef's defines a type that holds integers ++| of _exactly_ the number of bits specified. For instance, for most ++| implementation of C, `bits16' and `sbits16' should be `typedef'ed to ++| `unsigned short int' and `signed short int' (or `short int'), respectively. ++*----------------------------------------------------------------------------*/ ++typedef unsigned char bits8; ++typedef signed char sbits8; ++typedef unsigned short int bits16; ++typedef signed short int sbits16; ++typedef unsigned int bits32; ++typedef signed int sbits32; ++#ifdef BITS64 ++typedef unsigned long long int bits64; ++typedef signed long long int sbits64; ++#endif ++ ++#ifdef BITS64 ++/*---------------------------------------------------------------------------- ++| The `LIT64' macro takes as its argument a textual integer literal and ++| if necessary ``marks'' the literal as having a 64-bit integer type. ++| For example, the GNU C Compiler (`gcc') requires that 64-bit literals be ++| appended with the letters `LL' standing for `long long', which is `gcc's ++| name for the 64-bit integer type. Some compilers may allow `LIT64' to be ++| defined as the identity macro: `#define LIT64( a ) a'. ++*----------------------------------------------------------------------------*/ ++#define LIT64( a ) a##LL ++#endif ++ ++/*---------------------------------------------------------------------------- ++| The macro `INLINE' can be used before functions that should be inlined. If ++| a compiler does not support explicit inlining, this macro should be defined ++| to be `static'. ++*----------------------------------------------------------------------------*/ ++#define INLINE extern inline ++ +diff --git a/SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile +new file mode 100644 +index 0000000..28f1e33 +--- /dev/null ++++ b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile +@@ -0,0 +1,26 @@ ++ ++PROCESSOR_H = ../../../processors/powerpc-GCC.h ++SOFTFLOAT_MACROS = ../softfloat-macros ++ ++OBJ = .o ++EXE = ++INCLUDES = -I. -I.. ++COMPILE_C = $(COMPILE_PREFIX)gcc -msoft-float -c -o $@ $(INCLUDES) -I- -O2 ++LINK = $(COMPILE_PREFIX)gcc -o $@ ++ ++ALL: softfloat$(OBJ) timesoftfloat$(EXE) ++ ++milieu.h: $(PROCESSOR_H) ++ touch milieu.h ++ ++softfloat$(OBJ): milieu.h softfloat.h softfloat-specialize $(SOFTFLOAT_MACROS) ../softfloat.c ++ $(COMPILE_C) ../softfloat.c ++ ++timesoftfloat$(OBJ): milieu.h softfloat.h ../timesoftfloat.c ++ $(COMPILE_C) ../timesoftfloat.c ++ ++timesoftfloat$(EXE): softfloat$(OBJ) timesoftfloat$(OBJ) ++ $(LINK) softfloat$(OBJ) timesoftfloat$(OBJ) ++ ++clean: ++ rm -f *.o timesoftfloat$(EXE) +diff --git a/SoftFloat-2b/softfloat/bits32/powerpc-GCC/milieu.h b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/milieu.h +new file mode 100644 +index 0000000..d8b6012 +--- /dev/null ++++ b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/milieu.h +@@ -0,0 +1,55 @@ ++/* ++ * This file is derived from softfloat/bits32/386-Win32-GCC/milieu.h, ++ * the copyright for that material belongs to the original owners. ++ * ++ * Additional material and changes where applicable is: ++ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved. ++ * ++ * Author: Ebony Zhu, <ebony.zhu@freescale.com> ++ * Yu Liu, <yu.liu@freescale.com> ++ */ ++ ++/*============================================================================ ++ ++This C header file is part of the SoftFloat IEC/IEEE Floating-point Arithmetic ++Package, Release 2b. ++ ++Written by John R. Hauser. This work was made possible in part by the ++International Computer Science Institute, located at Suite 600, 1947 Center ++Street, Berkeley, California 94704. Funding was partially provided by the ++National Science Foundation under grant MIP-9311980. The original version ++of this code was written as part of a project to build a fixed-point vector ++processor in collaboration with the University of California at Berkeley, ++overseen by Profs. Nelson Morgan and John Wawrzynek. More information ++is available through the Web page `http://www.cs.berkeley.edu/~jhauser/ ++arithmetic/SoftFloat.html'. ++ ++THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE. Although reasonable effort has ++been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT TIMES ++RESULT IN INCORRECT BEHAVIOR. USE OF THIS SOFTWARE IS RESTRICTED TO PERSONS ++AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ALL LOSSES, ++COSTS, OR OTHER PROBLEMS THEY INCUR DUE TO THE SOFTWARE, AND WHO FURTHERMORE ++EFFECTIVELY INDEMNIFY JOHN HAUSER AND THE INTERNATIONAL COMPUTER SCIENCE ++INSTITUTE (possibly via similar legal warning) AGAINST ALL LOSSES, COSTS, OR ++OTHER PROBLEMS INCURRED BY THEIR CUSTOMERS AND CLIENTS DUE TO THE SOFTWARE. ++ ++Derivative works are acceptable, even for commercial purposes, so long as ++(1) the source code for the derivative work includes prominent notice that ++the work is derivative, and (2) the source code includes prominent notice with ++these four paragraphs for those parts of this code that are retained. ++ ++=============================================================================*/ ++ ++/*---------------------------------------------------------------------------- ++| Include common integer types and flags. ++*----------------------------------------------------------------------------*/ ++#include "../../../processors/powerpc-GCC.h" ++ ++/*---------------------------------------------------------------------------- ++| Symbolic Boolean literals. ++*----------------------------------------------------------------------------*/ ++enum { ++ FALSE = 0, ++ TRUE = 1 ++}; ++ +diff --git a/SoftFloat-2b/softfloat/bits32/powerpc-GCC/softfloat-specialize b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/softfloat-specialize +new file mode 100644 +index 0000000..fd2caa4 +--- /dev/null ++++ b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/softfloat-specialize +@@ -0,0 +1,252 @@ ++/* ++ * This file is derived from softfloat/bits32/386-Win32-GCC/softfloat-specialize, ++ * the copyright for that material belongs to the original owners. ++ * ++ * Additional material and changes where applicable is: ++ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved. ++ * ++ * Author: Ebony Zhu, <ebony.zhu@freescale.com> ++ * Yu Liu, <yu.liu@freescale.com> ++ */ ++ ++/*============================================================================ ++ ++This C source fragment is part of the SoftFloat IEC/IEEE Floating-point ++Arithmetic Package, Release 2b. ++ ++Written by John R. Hauser. This work was made possible in part by the ++International Computer Science Institute, located at Suite 600, 1947 Center ++Street, Berkeley, California 94704. Funding was partially provided by the ++National Science Foundation under grant MIP-9311980. The original version ++of this code was written as part of a project to build a fixed-point vector ++processor in collaboration with the University of California at Berkeley, ++overseen by Profs. Nelson Morgan and John Wawrzynek. More information ++is available through the Web page `http://www.cs.berkeley.edu/~jhauser/ ++arithmetic/SoftFloat.html'. ++ ++THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE. Although reasonable effort has ++been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT TIMES ++RESULT IN INCORRECT BEHAVIOR. USE OF THIS SOFTWARE IS RESTRICTED TO PERSONS ++AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ALL LOSSES, ++COSTS, OR OTHER PROBLEMS THEY INCUR DUE TO THE SOFTWARE, AND WHO FURTHERMORE ++EFFECTIVELY INDEMNIFY JOHN HAUSER AND THE INTERNATIONAL COMPUTER SCIENCE ++INSTITUTE (possibly via similar legal warning) AGAINST ALL LOSSES, COSTS, OR ++OTHER PROBLEMS INCURRED BY THEIR CUSTOMERS AND CLIENTS DUE TO THE SOFTWARE. ++ ++Derivative works are acceptable, even for commercial purposes, so long as ++(1) the source code for the derivative work includes prominent notice that ++the work is derivative, and (2) the source code includes prominent notice with ++these four paragraphs for those parts of this code that are retained. ++ ++=============================================================================*/ ++ ++/*---------------------------------------------------------------------------- ++| Underflow tininess-detection mode, statically initialized to default value. ++| (The declaration in `softfloat.h' must match the `int8' type here.) ++*----------------------------------------------------------------------------*/ ++int8 float_detect_tininess = float_tininess_after_rounding; ++ ++/*---------------------------------------------------------------------------- ++| Raises the exceptions specified by `flags'. Floating-point traps can be ++| defined here if desired. It is currently not possible for such a trap ++| to substitute a result value. If traps are not implemented, this routine ++| should be simply `float_exception_flags |= flags;'. ++*----------------------------------------------------------------------------*/ ++ ++void float_raise( int8 flags ) ++{ ++ ++ float_exception_flags |= flags; ++ ++} ++ ++/*---------------------------------------------------------------------------- ++| Internal canonical NaN format. ++*----------------------------------------------------------------------------*/ ++typedef struct { ++ flag sign; ++ bits32 high, low; ++} commonNaNT; ++ ++/*---------------------------------------------------------------------------- ++| The pattern for a default generated single-precision NaN. ++*----------------------------------------------------------------------------*/ ++enum { ++ float32_default_nan = 0xFFFFFFFF ++}; ++ ++/*---------------------------------------------------------------------------- ++| Returns 1 if the single-precision floating-point value `a' is a NaN; ++| otherwise returns 0. ++*----------------------------------------------------------------------------*/ ++ ++flag float32_is_nan( float32 a ) ++{ ++ ++ return ( 0xFF000000 < (bits32) ( a<<1 ) ); ++ ++} ++ ++/*---------------------------------------------------------------------------- ++| Returns 1 if the single-precision floating-point value `a' is a signaling ++| NaN; otherwise returns 0. ++*----------------------------------------------------------------------------*/ ++ ++flag float32_is_signaling_nan( float32 a ) ++{ ++ ++ return ( ( ( a>>22 ) & 0x1FF ) == 0x1FE ) && ( a & 0x003FFFFF ); ++ ++} ++ ++/*---------------------------------------------------------------------------- ++| Returns the result of converting the single-precision floating-point NaN ++| `a' to the canonical NaN format. If `a' is a signaling NaN, the invalid ++| exception is raised. ++*----------------------------------------------------------------------------*/ ++ ++static commonNaNT float32ToCommonNaN( float32 a ) ++{ ++ commonNaNT z; ++ ++ if ( float32_is_signaling_nan( a ) ) float_raise( float_flag_invalid ); ++ z.sign = a>>31; ++ z.low = 0; ++ z.high = a<<9; ++ return z; ++ ++} ++ ++/*---------------------------------------------------------------------------- ++| Returns the result of converting the canonical NaN `a' to the single- ++| precision floating-point format. ++*----------------------------------------------------------------------------*/ ++ ++static float32 commonNaNToFloat32( commonNaNT a ) ++{ ++ ++ return ( ( (bits32) a.sign )<<31 ) | 0x7FC00000 | ( a.high>>9 ); ++ ++} ++ ++/*---------------------------------------------------------------------------- ++| Takes two single-precision floating-point values `a' and `b', one of which ++| is a NaN, and returns the appropriate NaN result. If either `a' or `b' is a ++| signaling NaN, the invalid exception is raised. ++*----------------------------------------------------------------------------*/ ++ ++static float32 propagateFloat32NaN( float32 a, float32 b ) ++{ ++ flag aIsNaN, aIsSignalingNaN, bIsNaN, bIsSignalingNaN; ++ ++ aIsNaN = float32_is_nan( a ); ++ aIsSignalingNaN = float32_is_signaling_nan( a ); ++ bIsNaN = float32_is_nan( b ); ++ bIsSignalingNaN = float32_is_signaling_nan( b ); ++ a |= 0x00400000; ++ b |= 0x00400000; ++ if ( aIsSignalingNaN | bIsSignalingNaN ) float_raise( float_flag_invalid ); ++ if ( aIsNaN ) { ++ return ( aIsSignalingNaN & bIsNaN ) ? b : a; ++ } ++ else { ++ return b; ++ } ++ ++} ++ ++/*---------------------------------------------------------------------------- ++| The pattern for a default generated double-precision NaN. The `high' and ++| `low' values hold the most- and least-significant bits, respectively. ++*----------------------------------------------------------------------------*/ ++enum { ++ float64_default_nan_high = 0xFFFFFFFF, ++ float64_default_nan_low = 0xFFFFFFFF ++}; ++ ++/*---------------------------------------------------------------------------- ++| Returns 1 if the double-precision floating-point value `a' is a NaN; ++| otherwise returns 0. ++*----------------------------------------------------------------------------*/ ++ ++flag float64_is_nan( float64 a ) ++{ ++ ++ return ++ ( 0xFFE00000 <= (bits32) ( a.high<<1 ) ) ++ && ( a.low || ( a.high & 0x000FFFFF ) ); ++ ++} ++ ++/*---------------------------------------------------------------------------- ++| Returns 1 if the double-precision floating-point value `a' is a signaling ++| NaN; otherwise returns 0. ++*----------------------------------------------------------------------------*/ ++ ++flag float64_is_signaling_nan( float64 a ) ++{ ++ ++ return ++ ( ( ( a.high>>19 ) & 0xFFF ) == 0xFFE ) ++ && ( a.low || ( a.high & 0x0007FFFF ) ); ++ ++} ++ ++/*---------------------------------------------------------------------------- ++| Returns the result of converting the double-precision floating-point NaN ++| `a' to the canonical NaN format. If `a' is a signaling NaN, the invalid ++| exception is raised. ++*----------------------------------------------------------------------------*/ ++ ++static commonNaNT float64ToCommonNaN( float64 a ) ++{ ++ commonNaNT z; ++ ++ if ( float64_is_signaling_nan( a ) ) float_raise( float_flag_invalid ); ++ z.sign = a.high>>31; ++ shortShift64Left( a.high, a.low, 12, &z.high, &z.low ); ++ return z; ++ ++} ++ ++/*---------------------------------------------------------------------------- ++| Returns the result of converting the canonical NaN `a' to the double- ++| precision floating-point format. ++*----------------------------------------------------------------------------*/ ++ ++static float64 commonNaNToFloat64( commonNaNT a ) ++{ ++ float64 z; ++ ++ shift64Right( a.high, a.low, 12, &z.high, &z.low ); ++ z.high |= ( ( (bits32) a.sign )<<31 ) | 0x7FF80000; ++ return z; ++ ++} ++ ++/*---------------------------------------------------------------------------- ++| Takes two double-precision floating-point values `a' and `b', one of which ++| is a NaN, and returns the appropriate NaN result. If either `a' or `b' is a ++| signaling NaN, the invalid exception is raised. ++*----------------------------------------------------------------------------*/ ++ ++static float64 propagateFloat64NaN( float64 a, float64 b ) ++{ ++ flag aIsNaN, aIsSignalingNaN, bIsNaN, bIsSignalingNaN; ++ ++ aIsNaN = float64_is_nan( a ); ++ aIsSignalingNaN = float64_is_signaling_nan( a ); ++ bIsNaN = float64_is_nan( b ); ++ bIsSignalingNaN = float64_is_signaling_nan( b ); ++ a.high |= 0x00080000; ++ b.high |= 0x00080000; ++ if ( aIsSignalingNaN | bIsSignalingNaN ) float_raise( float_flag_invalid ); ++ if ( aIsNaN ) { ++ return ( aIsSignalingNaN & bIsNaN ) ? b : a; ++ } ++ else { ++ return b; ++ } ++ ++} ++ +diff --git a/SoftFloat-2b/softfloat/bits32/powerpc-GCC/softfloat.h b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/softfloat.h +new file mode 100644 +index 0000000..0015b8e +--- /dev/null ++++ b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/softfloat.h +@@ -0,0 +1,155 @@ ++/* ++ * This file is derived from softfloat/bits32/386-Win32-GCC/softfloat.h, ++ * the copyright for that material belongs to the original owners. ++ * ++ * Additional material and changes where applicable is: ++ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved. ++ * ++ * Author: Ebony Zhu, <ebony.zhu@freescale.com> ++ * Yu Liu, <yu.liu@freescale.com> ++ */ ++ ++/*============================================================================ ++ ++This C header file is part of the SoftFloat IEC/IEEE Floating-point Arithmetic ++Package, Release 2b. ++ ++Written by John R. Hauser. This work was made possible in part by the ++International Computer Science Institute, located at Suite 600, 1947 Center ++Street, Berkeley, California 94704. Funding was partially provided by the ++National Science Foundation under grant MIP-9311980. The original version ++of this code was written as part of a project to build a fixed-point vector ++processor in collaboration with the University of California at Berkeley, ++overseen by Profs. Nelson Morgan and John Wawrzynek. More information ++is available through the Web page `http://www.cs.berkeley.edu/~jhauser/ ++arithmetic/SoftFloat.html'. ++ ++THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE. Although reasonable effort has ++been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT TIMES ++RESULT IN INCORRECT BEHAVIOR. USE OF THIS SOFTWARE IS RESTRICTED TO PERSONS ++AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ALL LOSSES, ++COSTS, OR OTHER PROBLEMS THEY INCUR DUE TO THE SOFTWARE, AND WHO FURTHERMORE ++EFFECTIVELY INDEMNIFY JOHN HAUSER AND THE INTERNATIONAL COMPUTER SCIENCE ++INSTITUTE (possibly via similar legal warning) AGAINST ALL LOSSES, COSTS, OR ++OTHER PROBLEMS INCURRED BY THEIR CUSTOMERS AND CLIENTS DUE TO THE SOFTWARE. ++ ++Derivative works are acceptable, even for commercial purposes, so long as ++(1) the source code for the derivative work includes prominent notice that ++the work is derivative, and (2) the source code includes prominent notice with ++these four paragraphs for those parts of this code that are retained. ++ ++=============================================================================*/ ++ ++/*---------------------------------------------------------------------------- ++| Software IEC/IEEE floating-point types. ++*----------------------------------------------------------------------------*/ ++typedef bits32 float32; ++typedef struct { ++ bits32 high, low; ++} float64; ++ ++/*---------------------------------------------------------------------------- ++| Software IEC/IEEE floating-point underflow tininess-detection mode. ++*----------------------------------------------------------------------------*/ ++extern int8 float_detect_tininess; ++enum { ++ float_tininess_after_rounding = 0, ++ float_tininess_before_rounding = 1 ++}; ++ ++/*---------------------------------------------------------------------------- ++| Software IEC/IEEE floating-point rounding mode. ++*----------------------------------------------------------------------------*/ ++extern int8 float_rounding_mode; ++enum { ++ float_round_nearest_even = 0, ++ float_round_to_zero = 1, ++ float_round_up = 2, ++ float_round_down = 3 ++}; ++ ++/*---------------------------------------------------------------------------- ++| Software IEC/IEEE floating-point exception flags. ++*----------------------------------------------------------------------------*/ ++/* ++extern int8 float_exception_flags; ++enum { ++ float_flag_inexact = 1, ++ float_flag_underflow = 2, ++ float_flag_overflow = 4, ++ float_flag_divbyzero = 8, ++ float_flag_invalid = 16 ++}; ++*/ ++ ++extern int8 float_exception_flags; ++enum { ++ float_flag_inexact = 16, ++ float_flag_underflow = 2, ++ float_flag_overflow = 1, ++ float_flag_divbyzero = 4, ++ float_flag_invalid = 8 ++}; ++ ++/*---------------------------------------------------------------------------- ++| Routine to raise any or all of the software IEC/IEEE floating-point ++| exception flags. ++*----------------------------------------------------------------------------*/ ++void float_raise( int8 ); ++ ++/*---------------------------------------------------------------------------- ++| Software IEC/IEEE integer-to-floating-point conversion routines. ++*----------------------------------------------------------------------------*/ ++float32 int32_to_float32( int32 ); ++float64 int32_to_float64( int32 ); ++ ++/*---------------------------------------------------------------------------- ++| Software IEC/IEEE single-precision conversion routines. ++*----------------------------------------------------------------------------*/ ++int32 float32_to_int32( float32 ); ++int32 float32_to_int32_round_to_zero( float32 ); ++float64 float32_to_float64( float32 ); ++ ++/*---------------------------------------------------------------------------- ++| Software IEC/IEEE single-precision operations. ++*----------------------------------------------------------------------------*/ ++float32 float32_round_to_int( float32 ); ++float32 float32_add( float32, float32 ); ++float32 float32_sub( float32, float32 ); ++float32 float32_mul( float32, float32 ); ++float32 float32_div( float32, float32 ); ++float32 float32_rem( float32, float32 ); ++float32 float32_sqrt( float32 ); ++flag float32_eq( float32, float32 ); ++flag float32_le( float32, float32 ); ++flag float32_lt( float32, float32 ); ++flag float32_eq_signaling( float32, float32 ); ++flag float32_le_quiet( float32, float32 ); ++flag float32_lt_quiet( float32, float32 ); ++flag float32_is_signaling_nan( float32 ); ++ ++/*---------------------------------------------------------------------------- ++| Software IEC/IEEE double-precision conversion routines. ++*----------------------------------------------------------------------------*/ ++int32 float64_to_int32( float64 ); ++int32 float64_to_int32_round_to_zero( float64 ); ++float32 float64_to_float32( float64 ); ++ ++/*---------------------------------------------------------------------------- ++| Software IEC/IEEE double-precision operations. ++*----------------------------------------------------------------------------*/ ++float64 float64_round_to_int( float64 ); ++float64 float64_add( float64, float64 ); ++float64 float64_sub( float64, float64 ); ++float64 float64_mul( float64, float64 ); ++float64 float64_div( float64, float64 ); ++float64 float64_rem( float64, float64 ); ++float64 float64_sqrt( float64 ); ++flag float64_eq( float64, float64 ); ++flag float64_le( float64, float64 ); ++flag float64_lt( float64, float64 ); ++flag float64_eq_signaling( float64, float64 ); ++flag float64_le_quiet( float64, float64 ); ++flag float64_lt_quiet( float64, float64 ); ++flag float64_is_signaling_nan( float64 ); ++ +diff --git a/SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile +new file mode 100644 +index 0000000..a5e2cc7 +--- /dev/null ++++ b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile +@@ -0,0 +1,24 @@ ++ ++PROCESSOR_H = ../../../processors/powerpc-GCC.h ++SOFTFLOAT_MACROS = ../softfloat-macros ++ ++OBJ = .o ++EXE = ++INCLUDES = -I. -I.. ++COMPILE_C = $(COMPILE_PREFIX) -mcpu=8548 -mhard-float -mfloat-gprs=double -o $@ $(INCLUDES) -I- -O2 ++LINK = $(COMPILE_PREFIX) -o $@ ++ ++ALL: softfloat$(OBJ) timesoftfloat$(EXE) ++ ++milieu.h: $(PROCESSOR_H) ++ touch milieu.h ++ ++softfloat$(OBJ): milieu.h softfloat.h softfloat-specialize $(SOFTFLOAT_MACROS) ../softfloat.c ++ $(COMPILE_C) ../softfloat.c ++ ++timesoftfloat$(OBJ): milieu.h softfloat.h ../timesoftfloat.c ++ $(COMPILE_C) ../timesoftfloat.c ++ ++timesoftfloat$(EXE): softfloat$(OBJ) timesoftfloat$(OBJ) ++ $(LINK) softfloat$(OBJ) timesoftfloat$(OBJ) ++ +diff --git a/SoftFloat-2b/softfloat/bits64/powerpc-GCC/milieu.h b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/milieu.h +new file mode 100644 +index 0000000..1b66490 +--- /dev/null ++++ b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/milieu.h +@@ -0,0 +1,55 @@ ++/* ++ * This file is derived from softfloat/bits64/386-Win32-GCC/milieu.h, ++ * the copyright for that material belongs to the original owners. ++ * ++ * Additional material and changes where applicable is: ++ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved. ++ * ++ * Author: Ebony Zhu, <ebony.zhu@freescale.com> ++ * Yu Liu, <yu.liu@freescale.com> ++ */ ++ ++/*============================================================================ ++ ++This C header file is part of the SoftFloat IEC/IEEE Floating-point Arithmetic ++Package, Release 2b. ++ ++Written by John R. Hauser. This work was made possible in part by the ++International Computer Science Institute, located at Suite 600, 1947 Center ++Street, Berkeley, California 94704. Funding was partially provided by the ++National Science Foundation under grant MIP-9311980. The original version ++of this code was written as part of a project to build a fixed-point vector ++processor in collaboration with the University of California at Berkeley, ++overseen by Profs. Nelson Morgan and John Wawrzynek. More information ++is available through the Web page `http://www.cs.berkeley.edu/~jhauser/ ++arithmetic/SoftFloat.html'. ++ ++THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE. Although reasonable effort has ++been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT TIMES ++RESULT IN INCORRECT BEHAVIOR. USE OF THIS SOFTWARE IS RESTRICTED TO PERSONS ++AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ALL LOSSES, ++COSTS, OR OTHER PROBLEMS THEY INCUR DUE TO THE SOFTWARE, AND WHO FURTHERMORE ++EFFECTIVELY INDEMNIFY JOHN HAUSER AND THE INTERNATIONAL COMPUTER SCIENCE ++INSTITUTE (possibly via similar legal warning) AGAINST ALL LOSSES, COSTS, OR ++OTHER PROBLEMS INCURRED BY THEIR CUSTOMERS AND CLIENTS DUE TO THE SOFTWARE. ++ ++Derivative works are acceptable, even for commercial purposes, so long as ++(1) the source code for the derivative work includes prominent notice that ++the work is derivative, and (2) the source code includes prominent notice with ++these four paragraphs for those parts of this code that are retained. ++ ++=============================================================================*/ ++ ++/*---------------------------------------------------------------------------- ++| Include common integer types and flags. ++*----------------------------------------------------------------------------*/ ++#include "../../../processors/SPARC-GCC.h" ++ ++/*---------------------------------------------------------------------------- ++| Symbolic Boolean literals. ++*----------------------------------------------------------------------------*/ ++enum { ++ FALSE = 0, ++ TRUE = 1 ++}; ++ +diff --git a/SoftFloat-2b/softfloat/bits64/powerpc-GCC/softfloat-specialize b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/softfloat-specialize +new file mode 100644 +index 0000000..b1d0bc8 +--- /dev/null ++++ b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/softfloat-specialize +@@ -0,0 +1,422 @@ ++/* ++ * This file is derived from softfloat/bits64/386-Win32-GCC/softfloat-specialize, ++ * the copyright for that material belongs to the original owners. ++ * ++ * Additional material and changes where applicable is: ++ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved. ++ * ++ * Author: Ebony Zhu, <ebony.zhu@freescale.com> ++ * Yu Liu, <yu.liu@freescale.com> ++ */ ++ ++/*============================================================================ ++ ++This C source fragment is part of the SoftFloat IEC/IEEE Floating-point ++Arithmetic Package, Release 2b. ++ ++Written by John R. Hauser. This work was made possible in part by the ++International Computer Science Institute, located at Suite 600, 1947 Center ++Street, Berkeley, California 94704. Funding was partially provided by the ++National Science Foundation under grant MIP-9311980. The original version ++of this code was written as part of a project to build a fixed-point vector ++processor in collaboration with the University of California at Berkeley, ++overseen by Profs. Nelson Morgan and John Wawrzynek. More information ++is available through the Web page `http://www.cs.berkeley.edu/~jhauser/ ++arithmetic/SoftFloat.html'. ++ ++THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE. Although reasonable effort has ++been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT TIMES ++RESULT IN INCORRECT BEHAVIOR. USE OF THIS SOFTWARE IS RESTRICTED TO PERSONS ++AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ALL LOSSES, ++COSTS, OR OTHER PROBLEMS THEY INCUR DUE TO THE SOFTWARE, AND WHO FURTHERMORE ++EFFECTIVELY INDEMNIFY JOHN HAUSER AND THE INTERNATIONAL COMPUTER SCIENCE ++INSTITUTE (possibly via similar legal warning) AGAINST ALL LOSSES, COSTS, OR ++OTHER PROBLEMS INCURRED BY THEIR CUSTOMERS AND CLIENTS DUE TO THE SOFTWARE. ++ ++Derivative works are acceptable, even for commercial purposes, so long as ++(1) the source code for the derivative work includes prominent notice that ++the work is derivative, and (2) the source code includes prominent notice with ++these four paragraphs for those parts of this code that are retained. ++ ++=============================================================================*/ ++ ++/*---------------------------------------------------------------------------- ++| Underflow tininess-detection mode, statically initialized to default value. ++| (The declaration in `softfloat.h' must match the `int8' type here.) ++*----------------------------------------------------------------------------*/ ++int8 float_detect_tininess = float_tininess_before_rounding; ++ ++/*---------------------------------------------------------------------------- ++| Raises the exceptions specified by `flags'. Floating-point traps can be ++| defined here if desired. It is currently not possible for such a trap ++| to substitute a result value. If traps are not implemented, this routine ++| should be simply `float_exception_flags |= flags;'. ++*----------------------------------------------------------------------------*/ ++ ++void float_raise( int8 flags ) ++{ ++ ++ float_exception_flags |= flags; ++ ++} ++ ++/*---------------------------------------------------------------------------- ++| Internal canonical NaN format. ++*----------------------------------------------------------------------------*/ ++typedef struct { ++ flag sign; ++ bits64 high, low; ++} commonNaNT; ++ ++/*---------------------------------------------------------------------------- ++| The pattern for a default generated single-precision NaN. ++*----------------------------------------------------------------------------*/ ++#define float32_default_nan 0x7FFFFFFF ++ ++/*---------------------------------------------------------------------------- ++| Returns 1 if the single-precision floating-point value `a' is a NaN; ++| otherwise returns 0. ++*----------------------------------------------------------------------------*/ ++ ++flag float32_is_nan( float32 a ) ++{ ++ ++ return ( 0xFF000000 < (bits32) ( a<<1 ) ); ++ ++} ++ ++/*---------------------------------------------------------------------------- ++| Returns 1 if the single-precision floating-point value `a' is a signaling ++| NaN; otherwise returns 0. ++*----------------------------------------------------------------------------*/ ++ ++flag float32_is_signaling_nan( float32 a ) ++{ ++ ++ return ( ( ( a>>22 ) & 0x1FF ) == 0x1FE ) && ( a & 0x003FFFFF ); ++ ++} ++ ++/*---------------------------------------------------------------------------- ++| Returns the result of converting the single-precision floating-point NaN ++| `a' to the canonical NaN format. If `a' is a signaling NaN, the invalid ++| exception is raised. ++*----------------------------------------------------------------------------*/ ++ ++static commonNaNT float32ToCommonNaN( float32 a ) ++{ ++ commonNaNT z; ++ ++ if ( float32_is_signaling_nan( a ) ) float_raise( float_flag_invalid ); ++ z.sign = a>>31; ++ z.low = 0; ++ z.high = ( (bits64) a )<<41; ++ return z; ++ ++} ++ ++/*---------------------------------------------------------------------------- ++| Returns the result of converting the canonical NaN `a' to the single- ++| precision floating-point format. ++*----------------------------------------------------------------------------*/ ++ ++static float32 commonNaNToFloat32( commonNaNT a ) ++{ ++ ++ return ( ( (bits32) a.sign )<<31 ) | 0x7FC00000 | ( a.high>>41 ); ++ ++} ++ ++/*---------------------------------------------------------------------------- ++| Takes two single-precision floating-point values `a' and `b', one of which ++| is a NaN, and returns the appropriate NaN result. If either `a' or `b' is a ++| signaling NaN, the invalid exception is raised. ++*----------------------------------------------------------------------------*/ ++ ++static float32 propagateFloat32NaN( float32 a, float32 b ) ++{ ++ flag aIsNaN, aIsSignalingNaN, bIsNaN, bIsSignalingNaN; ++ ++ aIsNaN = float32_is_nan( a ); ++ aIsSignalingNaN = float32_is_signaling_nan( a ); ++ bIsNaN = float32_is_nan( b ); ++ bIsSignalingNaN = float32_is_signaling_nan( b ); ++ a |= 0x00400000; ++ b |= 0x00400000; ++ if ( aIsSignalingNaN | bIsSignalingNaN ) float_raise( float_flag_invalid ); ++ return bIsSignalingNaN ? b : aIsSignalingNaN ? a : bIsNaN ? b : a; ++ ++} ++ ++/*---------------------------------------------------------------------------- ++| The pattern for a default generated double-precision NaN. ++*----------------------------------------------------------------------------*/ ++#define float64_default_nan LIT64( 0x7FFFFFFFFFFFFFFF ) ++ ++/*---------------------------------------------------------------------------- ++| Returns 1 if the double-precision floating-point value `a' is a NaN; ++| otherwise returns 0. ++*----------------------------------------------------------------------------*/ ++ ++flag float64_is_nan( float64 a ) ++{ ++ ++ return ( LIT64( 0xFFE0000000000000 ) < (bits64) ( a<<1 ) ); ++ ++} ++ ++/*---------------------------------------------------------------------------- ++| Returns 1 if the double-precision floating-point value `a' is a signaling ++| NaN; otherwise returns 0. ++*----------------------------------------------------------------------------*/ ++ ++flag float64_is_signaling_nan( float64 a ) ++{ ++ ++ return ++ ( ( ( a>>51 ) & 0xFFF ) == 0xFFE ) ++ && ( a & LIT64( 0x0007FFFFFFFFFFFF ) ); ++ ++} ++ ++/*---------------------------------------------------------------------------- ++| Returns the result of converting the double-precision floating-point NaN ++| `a' to the canonical NaN format. If `a' is a signaling NaN, the invalid ++| exception is raised. ++*----------------------------------------------------------------------------*/ ++ ++static commonNaNT float64ToCommonNaN( float64 a ) ++{ ++ commonNaNT z; ++ ++ if ( float64_is_signaling_nan( a ) ) float_raise( float_flag_invalid ); ++ z.sign = a>>63; ++ z.low = 0; ++ z.high = a<<12; ++ return z; ++ ++} ++ ++/*---------------------------------------------------------------------------- ++| Returns the result of converting the canonical NaN `a' to the double- ++| precision floating-point format. ++*----------------------------------------------------------------------------*/ ++ ++static float64 commonNaNToFloat64( commonNaNT a ) ++{ ++ ++ return ++ ( ( (bits64) a.sign )<<63 ) ++ | LIT64( 0x7FF8000000000000 ) ++ | ( a.high>>12 ); ++ ++} ++ ++/*---------------------------------------------------------------------------- ++| Takes two double-precision floating-point values `a' and `b', one of which ++| is a NaN, and returns the appropriate NaN result. If either `a' or `b' is a ++| signaling NaN, the invalid exception is raised. ++*----------------------------------------------------------------------------*/ ++ ++static float64 propagateFloat64NaN( float64 a, float64 b ) ++{ ++ flag aIsNaN, aIsSignalingNaN, bIsNaN, bIsSignalingNaN; ++ ++ aIsNaN = float64_is_nan( a ); ++ aIsSignalingNaN = float64_is_signaling_nan( a ); ++ bIsNaN = float64_is_nan( b ); ++ bIsSignalingNaN = float64_is_signaling_nan( b ); ++ a |= LIT64( 0x0008000000000000 ); ++ b |= LIT64( 0x0008000000000000 ); ++ if ( aIsSignalingNaN | bIsSignalingNaN ) float_raise( float_flag_invalid ); ++ return bIsSignalingNaN ? b : aIsSignalingNaN ? a : bIsNaN ? b : a; ++ ++} ++ ++#ifdef FLOATX80 ++ ++/*---------------------------------------------------------------------------- ++| The pattern for a default generated extended double-precision NaN. The ++| `high' and `low' values hold the most- and least-significant bits, ++| respectively. ++*----------------------------------------------------------------------------*/ ++#define floatx80_default_nan_high 0x7FFF ++#define floatx80_default_nan_low LIT64( 0xFFFFFFFFFFFFFFFF ) ++ ++/*---------------------------------------------------------------------------- ++| Returns 1 if the extended double-precision floating-point value `a' is a ++| NaN; otherwise returns 0. ++*----------------------------------------------------------------------------*/ ++ ++flag floatx80_is_nan( floatx80 a ) ++{ ++ ++ return ( ( a.high & 0x7FFF ) == 0x7FFF ) && (bits64) ( a.low<<1 ); ++ ++} ++ ++/*---------------------------------------------------------------------------- ++| Returns 1 if the extended double-precision floating-point value `a' is a ++| signaling NaN; otherwise returns 0. ++*----------------------------------------------------------------------------*/ ++ ++flag floatx80_is_signaling_nan( floatx80 a ) ++{ ++ bits64 aLow; ++ ++ aLow = a.low & ~ LIT64( 0x4000000000000000 ); ++ return ++ ( ( a.high & 0x7FFF ) == 0x7FFF ) ++ && (bits64) ( aLow<<1 ) ++ && ( a.low == aLow ); ++ ++} ++ ++/*---------------------------------------------------------------------------- ++| Returns the result of converting the extended double-precision floating- ++| point NaN `a' to the canonical NaN format. If `a' is a signaling NaN, the ++| invalid exception is raised. ++*----------------------------------------------------------------------------*/ ++ ++static commonNaNT floatx80ToCommonNaN( floatx80 a ) ++{ ++ commonNaNT z; ++ ++ if ( floatx80_is_signaling_nan( a ) ) float_raise( float_flag_invalid ); ++ z.sign = a.high>>15; ++ z.low = 0; ++ z.high = a.low<<1; ++ return z; ++ ++} ++ ++/*---------------------------------------------------------------------------- ++| Returns the result of converting the canonical NaN `a' to the extended ++| double-precision floating-point format. ++*----------------------------------------------------------------------------*/ ++ ++static floatx80 commonNaNToFloatx80( commonNaNT a ) ++{ ++ floatx80 z; ++ ++ z.low = LIT64( 0xC000000000000000 ) | ( a.high>>1 ); ++ z.high = ( ( (bits16) a.sign )<<15 ) | 0x7FFF; ++ return z; ++ ++} ++ ++/*---------------------------------------------------------------------------- ++| Takes two extended double-precision floating-point values `a' and `b', one ++| of which is a NaN, and returns the appropriate NaN result. If either `a' or ++| `b' is a signaling NaN, the invalid exception is raised. ++*----------------------------------------------------------------------------*/ ++ ++static floatx80 propagateFloatx80NaN( floatx80 a, floatx80 b ) ++{ ++ flag aIsNaN, aIsSignalingNaN, bIsNaN, bIsSignalingNaN; ++ ++ aIsNaN = floatx80_is_nan( a ); ++ aIsSignalingNaN = floatx80_is_signaling_nan( a ); ++ bIsNaN = floatx80_is_nan( b ); ++ bIsSignalingNaN = floatx80_is_signaling_nan( b ); ++ a.low |= LIT64( 0xC000000000000000 ); ++ b.low |= LIT64( 0xC000000000000000 ); ++ if ( aIsSignalingNaN | bIsSignalingNaN ) float_raise( float_flag_invalid ); ++ return bIsSignalingNaN ? b : aIsSignalingNaN ? a : bIsNaN ? b : a; ++ ++} ++ ++#endif ++ ++#ifdef FLOAT128 ++ ++/*---------------------------------------------------------------------------- ++| The pattern for a default generated quadruple-precision NaN. The `high' and ++| `low' values hold the most- and least-significant bits, respectively. ++*----------------------------------------------------------------------------*/ ++#define float128_default_nan_high LIT64( 0x7FFFFFFFFFFFFFFF ) ++#define float128_default_nan_low LIT64( 0xFFFFFFFFFFFFFFFF ) ++ ++/*---------------------------------------------------------------------------- ++| Returns 1 if the quadruple-precision floating-point value `a' is a NaN; ++| otherwise returns 0. ++*----------------------------------------------------------------------------*/ ++ ++flag float128_is_nan( float128 a ) ++{ ++ ++ return ++ ( LIT64( 0xFFFE000000000000 ) <= (bits64) ( a.high<<1 ) ) ++ && ( a.low || ( a.high & LIT64( 0x0000FFFFFFFFFFFF ) ) ); ++ ++} ++ ++/*---------------------------------------------------------------------------- ++| Returns 1 if the quadruple-precision floating-point value `a' is a ++| signaling NaN; otherwise returns 0. ++*----------------------------------------------------------------------------*/ ++ ++flag float128_is_signaling_nan( float128 a ) ++{ ++ ++ return ++ ( ( ( a.high>>47 ) & 0xFFFF ) == 0xFFFE ) ++ && ( a.low || ( a.high & LIT64( 0x00007FFFFFFFFFFF ) ) ); ++ ++} ++ ++/*---------------------------------------------------------------------------- ++| Returns the result of converting the quadruple-precision floating-point NaN ++| `a' to the canonical NaN format. If `a' is a signaling NaN, the invalid ++| exception is raised. ++*----------------------------------------------------------------------------*/ ++ ++static commonNaNT float128ToCommonNaN( float128 a ) ++{ ++ commonNaNT z; ++ ++ if ( float128_is_signaling_nan( a ) ) float_raise( float_flag_invalid ); ++ z.sign = a.high>>63; ++ shortShift128Left( a.high, a.low, 16, &z.high, &z.low ); ++ return z; ++ ++} ++ ++/*---------------------------------------------------------------------------- ++| Returns the result of converting the canonical NaN `a' to the quadruple- ++| precision floating-point format. ++*----------------------------------------------------------------------------*/ ++ ++static float128 commonNaNToFloat128( commonNaNT a ) ++{ ++ float128 z; ++ ++ shift128Right( a.high, a.low, 16, &z.high, &z.low ); ++ z.high |= ( ( (bits64) a.sign )<<63 ) | LIT64( 0x7FFF800000000000 ); ++ return z; ++ ++} ++ ++/*---------------------------------------------------------------------------- ++| Takes two quadruple-precision floating-point values `a' and `b', one of ++| which is a NaN, and returns the appropriate NaN result. If either `a' or ++| `b' is a signaling NaN, the invalid exception is raised. ++*----------------------------------------------------------------------------*/ ++ ++static float128 propagateFloat128NaN( float128 a, float128 b ) ++{ ++ flag aIsNaN, aIsSignalingNaN, bIsNaN, bIsSignalingNaN; ++ ++ aIsNaN = float128_is_nan( a ); ++ aIsSignalingNaN = float128_is_signaling_nan( a ); ++ bIsNaN = float128_is_nan( b ); ++ bIsSignalingNaN = float128_is_signaling_nan( b ); ++ a.high |= LIT64( 0x0000800000000000 ); ++ b.high |= LIT64( 0x0000800000000000 ); ++ if ( aIsSignalingNaN | bIsSignalingNaN ) float_raise( float_flag_invalid ); ++ return bIsSignalingNaN ? b : aIsSignalingNaN ? a : bIsNaN ? b : a; ++ ++} ++ ++#endif ++ +diff --git a/SoftFloat-2b/softfloat/bits64/powerpc-GCC/softfloat.h b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/softfloat.h +new file mode 100644 +index 0000000..5b7cb1c +--- /dev/null ++++ b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/softfloat.h +@@ -0,0 +1,269 @@ ++/* ++ * This file is derived from softfloat/bits64/386-Win32-GCC/softfloat.h, ++ * the copyright for that material belongs to the original owners. ++ * ++ * Additional material and changes where applicable is: ++ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved. ++ * ++ * Author: Ebony Zhu, <ebony.zhu@freescale.com> ++ * Yu Liu, <yu.liu@freescale.com> ++ */ ++ ++/*============================================================================ ++ ++This C header file is part of the SoftFloat IEC/IEEE Floating-point Arithmetic ++Package, Release 2b. ++ ++Written by John R. Hauser. This work was made possible in part by the ++International Computer Science Institute, located at Suite 600, 1947 Center ++Street, Berkeley, California 94704. Funding was partially provided by the ++National Science Foundation under grant MIP-9311980. The original version ++of this code was written as part of a project to build a fixed-point vector ++processor in collaboration with the University of California at Berkeley, ++overseen by Profs. Nelson Morgan and John Wawrzynek. More information ++is available through the Web page `http://www.cs.berkeley.edu/~jhauser/ ++arithmetic/SoftFloat.html'. ++ ++THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE. Although reasonable effort has ++been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT TIMES ++RESULT IN INCORRECT BEHAVIOR. USE OF THIS SOFTWARE IS RESTRICTED TO PERSONS ++AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ALL LOSSES, ++COSTS, OR OTHER PROBLEMS THEY INCUR DUE TO THE SOFTWARE, AND WHO FURTHERMORE ++EFFECTIVELY INDEMNIFY JOHN HAUSER AND THE INTERNATIONAL COMPUTER SCIENCE ++INSTITUTE (possibly via similar legal warning) AGAINST ALL LOSSES, COSTS, OR ++OTHER PROBLEMS INCURRED BY THEIR CUSTOMERS AND CLIENTS DUE TO THE SOFTWARE. ++ ++Derivative works are acceptable, even for commercial purposes, so long as ++(1) the source code for the derivative work includes prominent notice that ++the work is derivative, and (2) the source code includes prominent notice with ++these four paragraphs for those parts of this code that are retained. ++ ++=============================================================================*/ ++ ++/*---------------------------------------------------------------------------- ++| The macro `FLOATX80' must be defined to enable the extended double-precision ++| floating-point format `floatx80'. If this macro is not defined, the ++| `floatx80' type will not be defined, and none of the functions that either ++| input or output the `floatx80' type will be defined. The same applies to ++| the `FLOAT128' macro and the quadruple-precision format `float128'. ++*----------------------------------------------------------------------------*/ ++#define FLOATX80 ++#define FLOAT128 ++ ++/*---------------------------------------------------------------------------- ++| Software IEC/IEEE floating-point types. ++*----------------------------------------------------------------------------*/ ++typedef unsigned int float32; ++typedef unsigned long long float64; ++#ifdef FLOATX80 ++typedef struct { ++ unsigned short high; ++ unsigned long long low; ++} floatx80; ++#endif ++#ifdef FLOAT128 ++typedef struct { ++ unsigned long long high, low; ++} float128; ++#endif ++ ++/*---------------------------------------------------------------------------- ++| Software IEC/IEEE floating-point underflow tininess-detection mode. ++*----------------------------------------------------------------------------*/ ++extern int float_detect_tininess; ++enum { ++ float_tininess_after_rounding = 0, ++ float_tininess_before_rounding = 1 ++}; ++ ++/*---------------------------------------------------------------------------- ++| Software IEC/IEEE floating-point rounding mode. ++*----------------------------------------------------------------------------*/ ++extern int float_rounding_mode; ++enum { ++ float_round_nearest_even = 0, ++ float_round_to_zero = 1, ++ float_round_up = 2, ++ float_round_down = 3 ++}; ++ ++/*---------------------------------------------------------------------------- ++| Software IEC/IEEE floating-point exception flags. ++*----------------------------------------------------------------------------*/ ++extern int float_exception_flags; ++enum { ++ float_flag_inexact = 1, ++ float_flag_divbyzero = 2, ++ float_flag_underflow = 4, ++ float_flag_overflow = 8, ++ float_flag_invalid = 16 ++}; ++ ++/*---------------------------------------------------------------------------- ++| Routine to raise any or all of the software IEC/IEEE floating-point ++| exception flags. ++*----------------------------------------------------------------------------*/ ++void float_raise( int ); ++ ++/*---------------------------------------------------------------------------- ++| Software IEC/IEEE integer-to-floating-point conversion routines. ++*----------------------------------------------------------------------------*/ ++float32 int32_to_float32( int ); ++float64 int32_to_float64( int ); ++#ifdef FLOATX80 ++floatx80 int32_to_floatx80( int ); ++#endif ++#ifdef FLOAT128 ++float128 int32_to_float128( int ); ++#endif ++float32 int64_to_float32( long long ); ++float64 int64_to_float64( long long ); ++#ifdef FLOATX80 ++floatx80 int64_to_floatx80( long long ); ++#endif ++#ifdef FLOAT128 ++float128 int64_to_float128( long long ); ++#endif ++ ++/*---------------------------------------------------------------------------- ++| Software IEC/IEEE single-precision conversion routines. ++*----------------------------------------------------------------------------*/ ++int float32_to_int32( float32 ); ++int float32_to_int32_round_to_zero( float32 ); ++long long float32_to_int64( float32 ); ++long long float32_to_int64_round_to_zero( float32 ); ++float64 float32_to_float64( float32 ); ++#ifdef FLOATX80 ++floatx80 float32_to_floatx80( float32 ); ++#endif ++#ifdef FLOAT128 ++float128 float32_to_float128( float32 ); ++#endif ++ ++/*---------------------------------------------------------------------------- ++| Software IEC/IEEE single-precision operations. ++*----------------------------------------------------------------------------*/ ++float32 float32_round_to_int( float32 ); ++float32 float32_add( float32, float32 ); ++float32 float32_sub( float32, float32 ); ++float32 float32_mul( float32, float32 ); ++float32 float32_div( float32, float32 ); ++float32 float32_rem( float32, float32 ); ++float32 float32_sqrt( float32 ); ++int float32_eq( float32, float32 ); ++int float32_le( float32, float32 ); ++int float32_lt( float32, float32 ); ++int float32_eq_signaling( float32, float32 ); ++int float32_le_quiet( float32, float32 ); ++int float32_lt_quiet( float32, float32 ); ++int float32_is_signaling_nan( float32 ); ++ ++/*---------------------------------------------------------------------------- ++| Software IEC/IEEE double-precision conversion routines. ++*----------------------------------------------------------------------------*/ ++int float64_to_int32( float64 ); ++int float64_to_int32_round_to_zero( float64 ); ++long long float64_to_int64( float64 ); ++long long float64_to_int64_round_to_zero( float64 ); ++float32 float64_to_float32( float64 ); ++#ifdef FLOATX80 ++floatx80 float64_to_floatx80( float64 ); ++#endif ++#ifdef FLOAT128 ++float128 float64_to_float128( float64 ); ++#endif ++ ++/*---------------------------------------------------------------------------- ++| Software IEC/IEEE double-precision operations. ++*----------------------------------------------------------------------------*/ ++float64 float64_round_to_int( float64 ); ++float64 float64_add( float64, float64 ); ++float64 float64_sub( float64, float64 ); ++float64 float64_mul( float64, float64 ); ++float64 float64_div( float64, float64 ); ++float64 float64_rem( float64, float64 ); ++float64 float64_sqrt( float64 ); ++int float64_eq( float64, float64 ); ++int float64_le( float64, float64 ); ++int float64_lt( float64, float64 ); ++int float64_eq_signaling( float64, float64 ); ++int float64_le_quiet( float64, float64 ); ++int float64_lt_quiet( float64, float64 ); ++int float64_is_signaling_nan( float64 ); ++ ++#ifdef FLOATX80 ++ ++/*---------------------------------------------------------------------------- ++| Software IEC/IEEE extended double-precision conversion routines. ++*----------------------------------------------------------------------------*/ ++int floatx80_to_int32( floatx80 ); ++int floatx80_to_int32_round_to_zero( floatx80 ); ++long long floatx80_to_int64( floatx80 ); ++long long floatx80_to_int64_round_to_zero( floatx80 ); ++float32 floatx80_to_float32( floatx80 ); ++float64 floatx80_to_float64( floatx80 ); ++#ifdef FLOAT128 ++float128 floatx80_to_float128( floatx80 ); ++#endif ++ ++/*---------------------------------------------------------------------------- ++| Software IEC/IEEE extended double-precision rounding precision. Valid ++| values are 32, 64, and 80. ++*----------------------------------------------------------------------------*/ ++extern int floatx80_rounding_precision; ++ ++/*---------------------------------------------------------------------------- ++| Software IEC/IEEE extended double-precision operations. ++*----------------------------------------------------------------------------*/ ++floatx80 floatx80_round_to_int( floatx80 ); ++floatx80 floatx80_add( floatx80, floatx80 ); ++floatx80 floatx80_sub( floatx80, floatx80 ); ++floatx80 floatx80_mul( floatx80, floatx80 ); ++floatx80 floatx80_div( floatx80, floatx80 ); ++floatx80 floatx80_rem( floatx80, floatx80 ); ++floatx80 floatx80_sqrt( floatx80 ); ++int floatx80_eq( floatx80, floatx80 ); ++int floatx80_le( floatx80, floatx80 ); ++int floatx80_lt( floatx80, floatx80 ); ++int floatx80_eq_signaling( floatx80, floatx80 ); ++int floatx80_le_quiet( floatx80, floatx80 ); ++int floatx80_lt_quiet( floatx80, floatx80 ); ++int floatx80_is_signaling_nan( floatx80 ); ++ ++#endif ++ ++#ifdef FLOAT128 ++ ++/*---------------------------------------------------------------------------- ++| Software IEC/IEEE quadruple-precision conversion routines. ++*----------------------------------------------------------------------------*/ ++int float128_to_int32( float128 ); ++int float128_to_int32_round_to_zero( float128 ); ++long long float128_to_int64( float128 ); ++long long float128_to_int64_round_to_zero( float128 ); ++float32 float128_to_float32( float128 ); ++float64 float128_to_float64( float128 ); ++#ifdef FLOATX80 ++floatx80 float128_to_floatx80( float128 ); ++#endif ++ ++/*---------------------------------------------------------------------------- ++| Software IEC/IEEE quadruple-precision operations. ++*----------------------------------------------------------------------------*/ ++float128 float128_round_to_int( float128 ); ++float128 float128_add( float128, float128 ); ++float128 float128_sub( float128, float128 ); ++float128 float128_mul( float128, float128 ); ++float128 float128_div( float128, float128 ); ++float128 float128_rem( float128, float128 ); ++float128 float128_sqrt( float128 ); ++int float128_eq( float128, float128 ); ++int float128_le( float128, float128 ); ++int float128_lt( float128, float128 ); ++int float128_eq_signaling( float128, float128 ); ++int float128_le_quiet( float128, float128 ); ++int float128_lt_quiet( float128, float128 ); ++int float128_is_signaling_nan( float128 ); ++ ++#endif ++ +-- +1.5.4 + diff --git a/meta-fsl-ppc/recipes-extended/testfloat/files/TestFloat-powerpc-E500v2-SPE-1.patch b/meta-fsl-ppc/recipes-extended/testfloat/files/TestFloat-powerpc-E500v2-SPE-1.patch new file mode 100644 index 00000000..c34421cf --- /dev/null +++ b/meta-fsl-ppc/recipes-extended/testfloat/files/TestFloat-powerpc-E500v2-SPE-1.patch @@ -0,0 +1,1644 @@ +This patch adds PowerPC E500v2 SPE support in TestFloat. +And it disables the testing for hardware that can not trigger SPE interrupt. + +Signed-off-by: Ebony Zhu <ebony.zhu@freescale.com> +Signed-off-by: Liu Yu <Yu.Liu@freescale.com> +--- + processors/POWERPC-gcc.h | 99 +++++ + testfloat/powerpc-linux-gcc/Makefile | 83 +++++ + testfloat/powerpc-linux-gcc/milieu.h | 71 ++++ + testfloat/powerpc-linux-gcc/systflags.c | 107 ++++++ + testfloat/powerpc-linux-gcc/systfloat.c | 595 +++++++++++++++++++++++++++++++ + testfloat/powerpc-linux-gcc/systmodes.c | 67 ++++ + testfloat/templates/Makefile | 18 +- + testfloat/templates/milieu.h | 2 +- + testfloat/testFunction.h | 2 +- + testfloat/testLoops.c | 216 +++++++++++ + 10 files changed, 1252 insertions(+), 8 deletions(-) + create mode 100644 processors/POWERPC-gcc.h + create mode 100644 testfloat/powerpc-linux-gcc/Makefile + create mode 100644 testfloat/powerpc-linux-gcc/milieu.h + create mode 100644 testfloat/powerpc-linux-gcc/systflags.c + create mode 100644 testfloat/powerpc-linux-gcc/systfloat.c + create mode 100644 testfloat/powerpc-linux-gcc/systmodes.c + +diff --git a/processors/POWERPC-gcc.h b/processors/POWERPC-gcc.h +new file mode 100644 +index 0000000..4201faa +--- /dev/null ++++ b/processors/POWERPC-gcc.h +@@ -0,0 +1,99 @@ ++/* ++ * This file is derived from processors/i386-GCC.h, ++ * the copyright for that material belongs to the original owners. ++ * ++ * Additional material and changes where applicable is: ++ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved. ++ * ++ * Author: Ebony Zhu, <ebony.zhu@freescale.com> ++ * Yu Liu, <yu.liu@freescale.com> ++ * ++ * THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE. Although reasonable effort has ++ * been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT TIMES ++ * RESULT IN INCORRECT BEHAVIOR. USE OF THIS SOFTWARE IS RESTRICTED TO PERSONS ++ * AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ALL LOSSES, ++ * COSTS, OR OTHER PROBLEMS THEY INCUR DUE TO THE SOFTWARE, AND WHO FURTHERMORE ++ * EFFECTIVELY INDEMNIFY JOHN HAUSER AND THE INTERNATIONAL COMPUTER SCIENCE ++ * INSTITUTE (possibly via similar legal warning) AGAINST ALL LOSSES, COSTS, OR ++ * OTHER PROBLEMS INCURRED BY THEIR CUSTOMERS AND CLIENTS DUE TO THE SOFTWARE. ++ */ ++ ++/* ++------------------------------------------------------------------------------- ++One of the macros `BIGENDIAN' or `LITTLEENDIAN' must be defined. ++------------------------------------------------------------------------------- ++*/ ++#define BIGENDIAN ++ ++/* ++------------------------------------------------------------------------------- ++The macro `BITS64' can be defined to indicate that 64-bit integer types are ++supported by the compiler. ++------------------------------------------------------------------------------- ++*/ ++#undef BITS64 ++ ++/* ++------------------------------------------------------------------------------- ++Each of the following `typedef's defines the most convenient type that holds ++integers of at least as many bits as specified. For example, `uint8' should ++be the most convenient type that can hold unsigned integers of as many as ++8 bits. The `flag' type must be able to hold either a 0 or 1. For most ++implementations of C, `flag', `uint8', and `int8' should all be `typedef'ed ++to the same as `int'. ++------------------------------------------------------------------------------- ++*/ ++typedef int flag; ++typedef int uint8; ++typedef int int8; ++typedef int uint16; ++typedef int int16; ++typedef unsigned int uint32; ++typedef signed int int32; ++#ifdef BITS64 ++typedef unsigned long long int uint64; ++typedef signed long long int int64; ++#endif ++ ++/* ++------------------------------------------------------------------------------- ++Each of the following `typedef's defines a type that holds integers ++of _exactly_ the number of bits specified. For instance, for most ++implementation of C, `bits16' and `sbits16' should be `typedef'ed to ++`unsigned short int' and `signed short int' (or `short int'), respectively. ++------------------------------------------------------------------------------- ++*/ ++typedef unsigned char bits8; ++typedef signed char sbits8; ++typedef unsigned short int bits16; ++typedef signed short int sbits16; ++typedef unsigned int bits32; ++typedef signed int sbits32; ++#ifdef BITS64 ++typedef unsigned long long int bits64; ++typedef signed long long int sbits64; ++#endif ++ ++#ifdef BITS64 ++/* ++------------------------------------------------------------------------------- ++The `LIT64' macro takes as its argument a textual integer literal and ++if necessary ``marks'' the literal as having a 64-bit integer type. ++For example, the GNU C Compiler (`gcc') requires that 64-bit literals be ++appended with the letters `LL' standing for `long long', which is `gcc's ++name for the 64-bit integer type. Some compilers may allow `LIT64' to be ++defined as the identity macro: `#define LIT64( a ) a'. ++------------------------------------------------------------------------------- ++*/ ++#define LIT64( a ) a##LL ++#endif ++ ++/* ++------------------------------------------------------------------------------- ++The macro `INLINE' can be used before functions that should be inlined. If ++a compiler does not support explicit inlining, this macro should be defined ++to be `static'. ++------------------------------------------------------------------------------- ++*/ ++#define INLINE extern inline ++ +diff --git a/testfloat/powerpc-linux-gcc/Makefile b/testfloat/powerpc-linux-gcc/Makefile +new file mode 100644 +index 0000000..de50aad +--- /dev/null ++++ b/testfloat/powerpc-linux-gcc/Makefile +@@ -0,0 +1,83 @@ ++ ++PROCESSOR_H = ../../processors/POWERPC-gcc.h ++SOFTFLOAT_VERSION = bits32 ++TARGET = powerpc-GCC ++SOFTFLOAT_DIR = ../../SoftFloat-2b/softfloat/$(SOFTFLOAT_VERSION)/$(TARGET) ++ ++OBJ = .o ++EXE = ++INCLUDES = -I. -I.. -I$(SOFTFLOAT_DIR) ++ ++COMPILE_C = $(COMPILE_PREFIX)gcc -c -o $@ $(INCLUDES) -I- -O $(EXTRA_CFLAGS) ++ ++COMPILE_C_HARD = $(COMPILE_PREFIX)gcc -c -te500v2 -o $@ $(INCLUDES) ++ ++COMPILE_SLOWFLOAT_C = $(COMPILE_PREFIX)gcc -c -o $@ $(INCLUDES) -I- -O ++ ++LINK = $(COMPILE_PREFIX)gcc -lm -o $@ ++ ++SOFTFLOAT_H = $(SOFTFLOAT_DIR)/softfloat.h ++SOFTFLOAT_OBJ = $(SOFTFLOAT_DIR)/softfloat$(OBJ) ++ ++ALL: testsoftfloat$(EXE) testfloat$(EXE) ++ ++systmodes$(OBJ): milieu.h systmodes.c ++ $(COMPILE_C) systmodes.c ++ ++systflags$(OBJ): milieu.h ../systflags.h systflags.c ++ $(COMPILE_C) systflags.c ++ ++systfloat$(OBJ): milieu.h $(SOFTFLOAT_H) ../systfloat.h systfloat.c ++ $(COMPILE_C_HARD) systfloat.c ++ ++#------------------------------------------------------------------------------ ++# Probably O.K. below here. ++#------------------------------------------------------------------------------ ++ ++milieu.h: $(PROCESSOR_H) ++ touch milieu.h ++ ++fail$(OBJ): milieu.h ../fail.h ++ $(COMPILE_C) ../fail.c ++ ++random$(OBJ): milieu.h ../random.h ++ $(COMPILE_C) ../random.c ++ ++testCases$(OBJ): milieu.h ../fail.h ../random.h $(SOFTFLOAT_H) ../testCases.h ../testCases.c ++ $(COMPILE_C) ../testCases.c ++ ++writeHex$(OBJ): milieu.h $(SOFTFLOAT_H) ../writeHex.h ../writeHex.c ++ $(COMPILE_C) ../writeHex.c ++ ++testLoops$(OBJ): milieu.h $(SOFTFLOAT_H) ../testCases.h ../writeHex.h ../testLoops.h ../testLoops.c ++ $(COMPILE_C) ../testLoops.c ++ ++slowfloat$(OBJ): milieu.h $(SOFTFLOAT_H) ../slowfloat.h ../slowfloat-32.c ../slowfloat-64.c ../slowfloat.c ++ $(COMPILE_SLOWFLOAT_C) ../slowfloat.c ++ ++testsoftfloat$(OBJ): milieu.h ../fail.h $(SOFTFLOAT_H) ../testCases.h ../testLoops.h ../slowfloat.h ../testsoftfloat.c ++ $(COMPILE_C) ../testsoftfloat.c ++ ++testsoftfloat$(EXE): fail$(OBJ) random$(OBJ) $(SOFTFLOAT_OBJ) testCases$(OBJ) writeHex$(OBJ) testLoops$(OBJ) slowfloat$(OBJ) testsoftfloat$(OBJ) systflags$(OBJ) systmodes$(OBJ) ++ $(LINK) fail$(OBJ) random$(OBJ) $(SOFTFLOAT_OBJ) testCases$(OBJ) writeHex$(OBJ) testLoops$(OBJ) slowfloat$(OBJ) testsoftfloat$(OBJ) systflags$(OBJ) systmodes$(OBJ) ++ ++testFunction$(OBJ): milieu.h $(SOFTFLOAT_H) ../testCases.h ../testLoops.h ../systmodes.h ../systflags.h ../systfloat.h ../testFunction.h ../testFunction.c ++ $(COMPILE_C) ../testFunction.c ++ ++testfloat$(OBJ): milieu.h ../fail.h $(SOFTFLOAT_H) ../testCases.h ../testLoops.h ../systflags.h ../testFunction.h ../testfloat.c ++ $(COMPILE_C) ../testfloat.c ++ ++testfloat$(EXE): fail$(OBJ) random$(OBJ) $(SOFTFLOAT_OBJ) testCases$(OBJ) writeHex$(OBJ) testLoops$(OBJ) systmodes$(OBJ) systflags$(OBJ) systfloat$(OBJ) testFunction$(OBJ) testfloat$(OBJ) ++ $(LINK) fail$(OBJ) random$(OBJ) $(SOFTFLOAT_OBJ) testCases$(OBJ) writeHex$(OBJ) testLoops$(OBJ) systmodes$(OBJ) systflags$(OBJ) systfloat$(OBJ) testFunction$(OBJ) testfloat$(OBJ) ++ ++$(SOFTFLOAT_OBJ): ++ make -C $(SOFTFLOAT_DIR) ++ ++cp: ALL ++ cp testsoftfloat$(EXE) ../../test_softfloat$(EXE) ++ cp testfloat$(EXE) ../../test_float$(EXE) ++ ++clean: ++ make -C $(SOFTFLOAT_DIR) clean ++ rm -f *.o testfloat$(EXE) testsoftfloat$(EXE) ++ rm -f ../../test_softfloat$(EXE) ../../test_float$(EXE) +diff --git a/testfloat/powerpc-linux-gcc/milieu.h b/testfloat/powerpc-linux-gcc/milieu.h +new file mode 100644 +index 0000000..29d2b18 +--- /dev/null ++++ b/testfloat/powerpc-linux-gcc/milieu.h +@@ -0,0 +1,71 @@ ++/* ++ * This file is derived from testfloat/386-Win32-gcc/milieu.h, ++ * the copyright for that material belongs to the original owners. ++ * ++ * Additional material and changes where applicable is: ++ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved. ++ * ++ * Author: Ebony Zhu, <ebony.zhu@freescale.com> ++ * Yu Liu, <yu.liu@freescale.com> ++ */ ++ ++/* ++=============================================================================== ++ ++This C header file is part of TestFloat, Release 2a, a package of programs ++for testing the correctness of floating-point arithmetic complying to the ++IEC/IEEE Standard for Floating-Point. ++ ++Written by John R. Hauser. More information is available through the Web ++page `http://HTTP.CS.Berkeley.EDU/~jhauser/arithmetic/TestFloat.html'. ++ ++THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE. Although reasonable effort ++has been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT ++TIMES RESULT IN INCORRECT BEHAVIOR. USE OF THIS SOFTWARE IS RESTRICTED TO ++PERSONS AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ANY ++AND ALL LOSSES, COSTS, OR OTHER PROBLEMS ARISING FROM ITS USE. ++ ++Derivative works are acceptable, even for commercial purposes, so long as ++(1) they include prominent notice that the work is derivative, and (2) they ++include prominent notice akin to these four paragraphs for those parts of ++this code that are retained. ++ ++=============================================================================== ++*/ ++ ++/* ++------------------------------------------------------------------------------- ++Include common integer types and flags. ++------------------------------------------------------------------------------- ++*/ ++#include "../../processors/POWERPC-gcc.h" ++/* ++------------------------------------------------------------------------------- ++If the `BITS64' macro is defined by the processor header file but the ++version of SoftFloat being used/tested is the 32-bit one (`bits32'), the ++`BITS64' macro must be undefined here. ++------------------------------------------------------------------------------- ++*/ ++ ++#undef BITS64 ++/* ++------------------------------------------------------------------------------- ++The macro `LONG_DOUBLE_IS_FLOATX80' can be defined to indicate that the ++C compiler supports the type `long double' as an extended double-precision ++format. Alternatively, the macro `LONG_DOUBLE_IS_FLOAT128' can be defined ++to indicate that `long double' is a quadruple-precision format. If neither ++of these macros is defined, `long double' will be ignored. ++------------------------------------------------------------------------------- ++#define LONG_DOUBLE_IS_FLOATX80 ++*/ ++ ++/* ++------------------------------------------------------------------------------- ++Symbolic Boolean literals. ++------------------------------------------------------------------------------- ++*/ ++enum { ++ FALSE = 0, ++ TRUE = 1 ++}; ++ +diff --git a/testfloat/powerpc-linux-gcc/systflags.c b/testfloat/powerpc-linux-gcc/systflags.c +new file mode 100644 +index 0000000..c382442 +--- /dev/null ++++ b/testfloat/powerpc-linux-gcc/systflags.c +@@ -0,0 +1,107 @@ ++/* ++ * This file is derived from testfloat/386-Win32-gcc/systflags.c, ++ * the copyright for that material belongs to the original owners. ++ * ++ * Additional material and changes where applicable is: ++ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved. ++ * ++ * Author: Ebony Zhu, <ebony.zhu@freescale.com> ++ * Yu Liu, <yu.liu@freescale.com> ++ */ ++ ++/* ++=============================================================================== ++ ++This C source file is part of TestFloat, Release 2a, a package of programs ++for testing the correctness of floating-point arithmetic complying to the ++IEC/IEEE Standard for Floating-Point. ++ ++Written by John R. Hauser. More information is available through the Web ++page `http://HTTP.CS.Berkeley.EDU/~jhauser/arithmetic/TestFloat.html'. ++ ++THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE. Although reasonable effort ++has been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT ++TIMES RESULT IN INCORRECT BEHAVIOR. USE OF THIS SOFTWARE IS RESTRICTED TO ++PERSONS AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ANY ++AND ALL LOSSES, COSTS, OR OTHER PROBLEMS ARISING FROM ITS USE. ++ ++Derivative works are acceptable, even for commercial purposes, so long as ++(1) they include prominent notice that the work is derivative, and (2) they ++include prominent notice akin to these four paragraphs for those parts of ++this code that are retained. ++ ++=============================================================================== ++*/ ++ ++#include "milieu.h" ++#include "systflags.h" ++#include <fenv.h> ++#include <stdio.h> ++#include <math.h> ++#include <bits/nan.h> ++#include <bits/inf.h> ++ ++#ifdef __SPE__ ++ ++#include <spe.h> ++ ++ ++#define SPE_FINV_ENABLE (1UL << 5) ++#define SPE_FDBZ_ENABLE (1UL << 4) ++#define SPE_FUNF_ENABLE (1UL << 3) ++#define SPE_FOVF_ENABLE (1UL << 2) ++ ++#define SPE_FG (1UL << 13) ++#define SPE_FX (1UL << 12) ++#define SPE_FINV (1UL << 11) ++#define SPE_FDBZ (1UL << 10) ++#define SPE_FUNF (1UL << 9) ++#define SPE_FOVF (1UL << 8) ++ ++#define SPE_FG_H (1UL << 29) ++#define SPE_FX_H (1UL << 28) ++#define SPE_FINV_H (1UL << 27) ++#define SPE_FDBZ_H (1UL << 26) ++#define SPE_FUNF_H (1UL << 25) ++#define SPE_FOVF_H (1UL << 24) ++ ++static int is_soft_emu = 0; ++ ++#endif ++/* ++------------------------------------------------------------------------------- ++Clears the system's IEC/IEEE floating-point exception flags. Returns the ++previous value of the flags. ++------------------------------------------------------------------------------- ++*/ ++extern int rounding; ++unsigned int spefscr = 0; ++ ++int8 syst_float_flags_clear( void ) ++{ ++#ifdef TEST_KERNEL_EMU ++ if( (spefscr & (SPE_FINV | SPE_FINV_H)) ++ || (spefscr & (SPE_FDBZ | SPE_FDBZ_H)) ++ || (spefscr & (SPE_FUNF | SPE_FUNF_H)) ++ || (spefscr & (SPE_FOVF | SPE_FOVF_H)) ++ || (spefscr & (SPE_FX | SPE_FG | SPE_FX_H | SPE_FG_H))){ ++ is_soft_emu = 1; ++ } else { ++ is_soft_emu = 0; ++ } ++#endif ++ __builtin_spe_mtspefscr(0x3c|(rounding & 0x3)); ++ ++ return ((spefscr>>17) & 0x1f); ++} ++ ++int syst_float_is_soft_emu(void) ++{ ++ int ret = 0; ++#ifdef TEST_KERNEL_EMU ++ ret = is_soft_emu; ++#endif ++ return ret; ++} ++ ++ +diff --git a/testfloat/powerpc-linux-gcc/systfloat.c b/testfloat/powerpc-linux-gcc/systfloat.c +new file mode 100644 +index 0000000..8d06f9f +--- /dev/null ++++ b/testfloat/powerpc-linux-gcc/systfloat.c +@@ -0,0 +1,595 @@ ++/* ++ * This file is derived from testfloat/systfloat.c, ++ * the copyright for that material belongs to the original owners. ++ * ++ * Additional material and changes where applicable is: ++ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved. ++ * ++ * Author: Ebony Zhu, <ebony.zhu@freescale.com> ++ * Yu Liu, <yu.liu@freescale.com> ++ */ ++ ++/* ++=============================================================================== ++ ++This C source file is part of TestFloat, Release 2a, a package of programs ++for testing the correctness of floating-point arithmetic complying to the ++IEC/IEEE Standard for Floating-Point. ++ ++Written by John R. Hauser. More information is available through the Web ++page `http://HTTP.CS.Berkeley.EDU/~jhauser/arithmetic/TestFloat.html'. ++ ++THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE. Although reasonable effort ++has been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT ++TIMES RESULT IN INCORRECT BEHAVIOR. USE OF THIS SOFTWARE IS RESTRICTED TO ++PERSONS AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ANY ++AND ALL LOSSES, COSTS, OR OTHER PROBLEMS ARISING FROM ITS USE. ++ ++Derivative works are acceptable, even for commercial purposes, so long as ++(1) they include prominent notice that the work is derivative, and (2) they ++include prominent notice akin to these four paragraphs for those parts of ++this code that are retained. ++ ++=============================================================================== ++*/ ++ ++#include <math.h> ++#include "milieu.h" ++#include "softfloat.h" ++#include "systfloat.h" ++ ++extern unsigned int spefscr; ++ ++float32 syst_int32_to_float32( int32 a ) ++{ ++ float32 z; ++ ++ *( (float *) &z ) = a; ++ spefscr = __builtin_spe_mfspefscr(); ++ return z; ++ ++} ++ ++float64 syst_int32_to_float64( int32 a ) ++{ ++ float64 z; ++ ++ *( (double *) &z ) = a; ++ spefscr = __builtin_spe_mfspefscr(); ++ return z; ++ ++} ++ ++#if defined( FLOATX80 ) && defined( LONG_DOUBLE_IS_FLOATX80 ) ++ ++floatx80 syst_int32_to_floatx80( int32 a ) ++{ ++ floatx80 z; ++ ++ *( (long double *) &z ) = a; ++ return z; ++ ++} ++ ++#endif ++ ++#if defined( FLOAT128 ) && defined( LONG_DOUBLE_IS_FLOAT128 ) ++ ++float128 syst_int32_to_float128( int32 a ) ++{ ++ float128 z; ++ ++ *( (long double *) &z ) = a; ++ return z; ++ ++} ++ ++#endif ++ ++#ifdef BITS64 ++ ++float32 syst_int64_to_float32( int64 a ) ++{ ++ float32 z; ++ ++ *( (float *) &z ) = a; ++ spefscr = __builtin_spe_mfspefscr(); ++ return z; ++ ++} ++ ++float64 syst_int64_to_float64( int64 a ) ++{ ++ float64 z; ++ ++ *( (double *) &z ) = a; ++ spefscr = __builtin_spe_mfspefscr(); ++ return z; ++ ++} ++ ++#if defined( FLOATX80 ) && defined( LONG_DOUBLE_IS_FLOATX80 ) ++ ++floatx80 syst_int64_to_floatx80( int64 a ) ++{ ++ floatx80 z; ++ ++ *( (long double *) &z ) = a; ++ return z; ++ ++} ++ ++#endif ++ ++#if defined( FLOAT128 ) && defined( LONG_DOUBLE_IS_FLOAT128 ) ++ ++float128 syst_int64_to_float128( int64 a ) ++{ ++ float128 z; ++ ++ *( (long double *) &z ) = a; ++ return z; ++ ++} ++ ++#endif ++ ++#endif ++ ++int32 syst_float32_to_int32_round_to_zero( float32 a ) ++{ ++ int32 z = *( (float *) &a ); ++ spefscr = __builtin_spe_mfspefscr(); ++ ++ return z; ++ ++} ++ ++#ifdef BITS64 ++ ++int64 syst_float32_to_int64_round_to_zero( float32 a ) ++{ ++ int64 z = *( (float *) &a ); ++ spefscr = __builtin_spe_mfspefscr(); ++ return z; ++ ++} ++ ++#endif ++ ++float64 syst_float32_to_float64( float32 a ) ++{ ++ float64 z; ++ ++ *( (double *) &z ) = *( (float *) &a ); ++ spefscr = __builtin_spe_mfspefscr(); ++ return z; ++ ++} ++ ++#if defined( FLOATX80 ) && defined( LONG_DOUBLE_IS_FLOATX80 ) ++ ++floatx80 syst_float32_to_floatx80( float32 a ) ++{ ++ floatx80 z; ++ ++ *( (long double *) &z ) = *( (float *) &a ); ++ return z; ++ ++} ++ ++#endif ++ ++#if defined( FLOAT128 ) && defined( LONG_DOUBLE_IS_FLOAT128 ) ++ ++float128 syst_float32_to_float128( float32 a ) ++{ ++ float128 z; ++ ++ *( (long double *) &z ) = *( (float *) &a ); ++ return z; ++ ++} ++ ++#endif ++ ++float32 syst_float32_add( float32 a, float32 b ) ++{ ++ float32 z; ++ ++ *( (float *) &z ) = *( (float *) &a ) + *( (float *) &b ); ++ spefscr = __builtin_spe_mfspefscr(); ++ return z; ++ ++} ++ ++float32 syst_float32_sub( float32 a, float32 b ) ++{ ++ float32 z; ++ ++ *( (float *) &z ) = *( (float *) &a ) - *( (float *) &b ); ++ spefscr = __builtin_spe_mfspefscr(); ++ return z; ++ ++} ++ ++float32 syst_float32_mul( float32 a, float32 b ) ++{ ++ float32 z; ++ ++ *( (float *) &z ) = *( (float *) &a ) * *( (float *) &b ); ++ spefscr = __builtin_spe_mfspefscr(); ++ return z; ++ ++} ++ ++float32 syst_float32_div( float32 a, float32 b ) ++{ ++ float32 z; ++ ++ *( (float *) &z ) = *( (float *) &a ) / *( (float *) &b ); ++ spefscr = __builtin_spe_mfspefscr(); ++ return z; ++ ++} ++ ++flag syst_float32_eq( float32 a, float32 b ) ++{ ++ flag f = ( *( (float *) &a ) == *( (float *) &b ) ); ++ spefscr = __builtin_spe_mfspefscr(); ++ return f; ++ ++} ++ ++flag syst_float32_le( float32 a, float32 b ) ++{ ++ flag f = ( *( (float *) &a ) <= *( (float *) &b ) ); ++ spefscr = __builtin_spe_mfspefscr(); ++ return f; ++ ++} ++ ++flag syst_float32_lt( float32 a, float32 b ) ++{ ++ flag f = ( *( (float *) &a ) < *( (float *) &b ) ); ++ spefscr = __builtin_spe_mfspefscr(); ++ return f; ++ ++} ++ ++int32 syst_float64_to_int32_round_to_zero( float64 a ) ++{ ++ int32 z = *( (double *) &a ); ++ spefscr = __builtin_spe_mfspefscr(); ++ return z; ++ ++} ++ ++#ifdef BITS64 ++ ++int64 syst_float64_to_int64_round_to_zero( float64 a ) ++{ ++ int64 z = *( (double *) &a ); ++ spefscr = __builtin_spe_mfspefscr(); ++ return z; ++ ++} ++ ++#endif ++ ++float32 syst_float64_to_float32( float64 a ) ++{ ++ float32 z; ++ ++ *( (float *) &z ) = *( (double *) &a ); ++ spefscr = __builtin_spe_mfspefscr(); ++ return z; ++ ++} ++ ++#if defined( FLOATX80 ) && defined( LONG_DOUBLE_IS_FLOATX80 ) ++ ++floatx80 syst_float64_to_floatx80( float64 a ) ++{ ++ floatx80 z; ++ ++ *( (long double *) &z ) = *( (double *) &a ); ++ return z; ++ ++} ++ ++#endif ++ ++#if defined( FLOAT128 ) && defined( LONG_DOUBLE_IS_FLOAT128 ) ++ ++float128 syst_float64_to_float128( float64 a ) ++{ ++ float128 z; ++ ++ *( (long double *) &z ) = *( (double *) &a ); ++ return z; ++ ++} ++ ++#endif ++ ++float64 syst_float64_add( float64 a, float64 b ) ++{ ++ float64 z; ++ ++ *( (double *) &z ) = *( (double *) &a ) + *( (double *) &b ); ++ spefscr = __builtin_spe_mfspefscr(); ++ return z; ++ ++} ++ ++float64 syst_float64_sub( float64 a, float64 b ) ++{ ++ float64 z; ++ ++ *( (double *) &z ) = *( (double *) &a ) - *( (double *) &b ); ++ spefscr = __builtin_spe_mfspefscr(); ++ return z; ++ ++} ++ ++float64 syst_float64_mul( float64 a, float64 b ) ++{ ++ float64 z; ++ ++ *( (double *) &z ) = *( (double *) &a ) * *( (double *) &b ); ++ spefscr = __builtin_spe_mfspefscr(); ++ return z; ++ ++} ++ ++float64 syst_float64_div( float64 a, float64 b ) ++{ ++ float64 z; ++ ++ *( (double *) &z ) = *( (double *) &a ) / *( (double *) &b ); ++ spefscr = __builtin_spe_mfspefscr(); ++ return z; ++ ++} ++ ++float64 syst_float64_sqrt( float64 a ) ++{ ++ /* Ebony ++ float64 z; ++ ++ *( (double *) &z ) = sqrt( *( (double *) &a ) ); ++ spefscr = __builtin_spe_mfspefscr(); ++ return z; ++ */ ++ ++} ++ ++flag syst_float64_eq( float64 a, float64 b ) ++{ ++ flag f = ( *( (double *) &a ) == *( (double *) &b ) ); ++ spefscr = __builtin_spe_mfspefscr(); ++ return f; ++ ++} ++ ++flag syst_float64_le( float64 a, float64 b ) ++{ ++ flag f = ( *( (double *) &a ) <= *( (double *) &b ) ); ++ spefscr = __builtin_spe_mfspefscr(); ++ return f; ++ ++} ++ ++flag syst_float64_lt( float64 a, float64 b ) ++{ ++ flag f = ( *( (double *) &a ) < *( (double *) &b ) ); ++ spefscr = __builtin_spe_mfspefscr(); ++ return f; ++ ++} ++ ++#if defined( FLOATX80 ) && defined( LONG_DOUBLE_IS_FLOATX80 ) ++ ++int32 syst_floatx80_to_int32_round_to_zero( floatx80 a ) ++{ ++ ++ return *( (long double *) &a ); ++ ++} ++ ++#ifdef BITS64 ++ ++int64 syst_floatx80_to_int64_round_to_zero( floatx80 a ) ++{ ++ ++ return *( (long double *) &a ); ++ ++} ++ ++#endif ++ ++float32 syst_floatx80_to_float32( floatx80 a ) ++{ ++ float32 z; ++ ++ *( (float *) &z ) = *( (long double *) &a ); ++ return z; ++ ++} ++ ++float64 syst_floatx80_to_float64( floatx80 a ) ++{ ++ float64 z; ++ ++ *( (double *) &z ) = *( (long double *) &a ); ++ return z; ++ ++} ++ ++floatx80 syst_floatx80_add( floatx80 a, floatx80 b ) ++{ ++ floatx80 z; ++ ++ *( (long double *) &z ) = ++ *( (long double *) &a ) + *( (long double *) &b ); ++ return z; ++ ++} ++ ++floatx80 syst_floatx80_sub( floatx80 a, floatx80 b ) ++{ ++ floatx80 z; ++ ++ *( (long double *) &z ) = ++ *( (long double *) &a ) - *( (long double *) &b ); ++ return z; ++ ++} ++ ++floatx80 syst_floatx80_mul( floatx80 a, floatx80 b ) ++{ ++ floatx80 z; ++ ++ *( (long double *) &z ) = ++ *( (long double *) &a ) * *( (long double *) &b ); ++ return z; ++ ++} ++ ++floatx80 syst_floatx80_div( floatx80 a, floatx80 b ) ++{ ++ floatx80 z; ++ ++ *( (long double *) &z ) = ++ *( (long double *) &a ) / *( (long double *) &b ); ++ spefscr = __builtin_spe_mfspefscr(); ++ return z; ++ ++} ++ ++flag syst_floatx80_eq( floatx80 a, floatx80 b ) ++{ ++ ++ return ( *( (long double *) &a ) == *( (long double *) &b ) ); ++ ++} ++ ++flag syst_floatx80_le( floatx80 a, floatx80 b ) ++{ ++ ++ return ( *( (long double *) &a ) <= *( (long double *) &b ) ); ++ ++} ++ ++flag syst_floatx80_lt( floatx80 a, floatx80 b ) ++{ ++ ++ return ( *( (long double *) &a ) < *( (long double *) &b ) ); ++ ++} ++ ++#endif ++ ++#if defined( FLOAT128 ) && defined( LONG_DOUBLE_IS_FLOAT128 ) ++ ++int32 syst_float128_to_int32_round_to_zero( float128 a ) ++{ ++ ++ return *( (long double *) &a ); ++ ++} ++ ++#ifdef BITS64 ++ ++int64 syst_float128_to_int64_round_to_zero( float128 a ) ++{ ++ ++ return *( (long double *) &a ); ++ ++} ++ ++#endif ++ ++float32 syst_float128_to_float32( float128 a ) ++{ ++ float32 z; ++ ++ *( (float *) &z ) = *( (long double *) &a ); ++ return z; ++ ++} ++ ++float64 syst_float128_to_float64( float128 a ) ++{ ++ float64 z; ++ ++ *( (double *) &z ) = *( (long double *) &a ); ++ return z; ++ ++} ++ ++float128 syst_float128_add( float128 a, float128 b ) ++{ ++ float128 z; ++ ++ *( (long double *) &z ) = ++ *( (long double *) &a ) + *( (long double *) &b ); ++ return z; ++ ++} ++ ++float128 syst_float128_sub( float128 a, float128 b ) ++{ ++ float128 z; ++ ++ *( (long double *) &z ) = ++ *( (long double *) &a ) - *( (long double *) &b ); ++ return z; ++ ++} ++ ++float128 syst_float128_mul( float128 a, float128 b ) ++{ ++ float128 z; ++ ++ *( (long double *) &z ) = ++ *( (long double *) &a ) * *( (long double *) &b ); ++ return z; ++ ++} ++ ++float128 syst_float128_div( float128 a, float128 b ) ++{ ++ float128 z; ++ ++ *( (long double *) &z ) = ++ *( (long double *) &a ) / *( (long double *) &b ); ++ spefscr = __builtin_spe_mfspefscr(); ++ return z; ++ ++} ++ ++flag syst_float128_eq( float128 a, float128 b ) ++{ ++ ++ return ( *( (long double *) &a ) == *( (long double *) &b ) ); ++ ++} ++ ++flag syst_float128_le( float128 a, float128 b ) ++{ ++ ++ return ( *( (long double *) &a ) <= *( (long double *) &b ) ); ++ ++} ++ ++flag syst_float128_lt( float128 a, float128 b ) ++{ ++ ++ return ( *( (long double *) &a ) < *( (long double *) &b ) ); ++ ++} ++ ++#endif ++ +diff --git a/testfloat/powerpc-linux-gcc/systmodes.c b/testfloat/powerpc-linux-gcc/systmodes.c +new file mode 100644 +index 0000000..143cdea +--- /dev/null ++++ b/testfloat/powerpc-linux-gcc/systmodes.c +@@ -0,0 +1,67 @@ ++/* ++ * This file is derived from testfloat/386-Win32-gcc/systmodes.S, ++ * the copyright for that material belongs to the original owners. ++ * ++ * Additional material and changes where applicable is: ++ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved. ++ * ++ * Author: Ebony Zhu, <ebony.zhu@freescale.com> ++ * Yu Liu, <yu.liu@freescale.com> ++ */ ++ ++/* ++=============================================================================== ++ ++This C source file is part of TestFloat, Release 2a, a package of programs ++for testing the correctness of floating-point arithmetic complying to the ++IEC/IEEE Standard for Floating-Point. ++ ++Written by John R. Hauser. More information is available through the Web ++page `http://HTTP.CS.Berkeley.EDU/~jhauser/arithmetic/TestFloat.html'. ++ ++THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE. Although reasonable effort ++has been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT ++TIMES RESULT IN INCORRECT BEHAVIOR. USE OF THIS SOFTWARE IS RESTRICTED TO ++PERSONS AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ANY ++AND ALL LOSSES, COSTS, OR OTHER PROBLEMS ARISING FROM ITS USE. ++ ++Derivative works are acceptable, even for commercial purposes, so long as ++(1) they include prominent notice that the work is derivative, and (2) they ++include prominent notice akin to these four paragraphs for those parts of ++this code that are retained. ++ ++=============================================================================== ++*/ ++ ++#include <fenv.h> ++#include "milieu.h" ++#include "systmodes.h" ++/* ++------------------------------------------------------------------------------- ++Sets the system's IEC/IEEE floating-point rounding mode. Also disables all ++system exception traps. ++------------------------------------------------------------------------------- ++*/ ++int rounding; ++ ++void syst_float_set_rounding_mode( int8 roundingMode ) ++{ ++ (void) fesetround ( roundingMode ); ++ rounding = roundingMode; ++} ++ ++/* ++------------------------------------------------------------------------------- ++Sets the rounding precision of subsequent extended double-precision ++operations. The `precision' argument should be one of 0, 32, 64, or 80. ++If `precision' is 32, the rounding precision is set equivalent to single ++precision; else if `precision' is 64, the rounding precision is set ++equivalent to double precision; else the rounding precision is set to full ++extended double precision. ++------------------------------------------------------------------------------- ++*/ ++void syst_float_set_rounding_precision( int8 precision ) ++{ ++ ++} ++ +diff --git a/testfloat/templates/Makefile b/testfloat/templates/Makefile +index f5f3cde..18cffe0 100644 +--- a/testfloat/templates/Makefile ++++ b/testfloat/templates/Makefile +@@ -1,15 +1,21 @@ + +-PROCESSOR_H = ../../processors/!!!processor.h ++#PROCESSOR_H = ../../processors/!!!processor.h ++PROCESSOR_H = ../../processors/POWERPC-gcc.h + SOFTFLOAT_VERSION = bits64 +-TARGET = !!!target +-SOFTFLOAT_DIR = ../../softfloat/$(SOFTFLOAT_VERSION)/$(TARGET) ++ ++#TARGET = !!!target ++TARGET = powerpc-GCC ++SOFTFLOAT_DIR = ../../../SoftFloat-2b/softfloat/$(SOFTFLOAT_VERSION)/$(TARGET) + + OBJ = .o + EXE = + INCLUDES = -I. -I.. -I$(SOFTFLOAT_DIR) +-COMPILE_C = gcc -c -o $@ $(INCLUDES) -I- -O2 +-COMPILE_SLOWFLOAT_C = gcc -c -o $@ $(INCLUDES) -I- -O3 +-LINK = gcc -o $@ ++#COMPILE_C = gcc -c -o $@ $(INCLUDES) -I- -O2 ++#COMPILE_SLOWFLOAT_C = gcc -c -o $@ $(INCLUDES) -I- -O3 ++#LINK = gcc -o $@ ++COMPILE_C = /opt/mtwk/usr/local/gcc-3_4-e500-glibc-2.3.4-dp/powerpc-linux-gnuspe/bin/powerpc-linux-gnuspe-gcc -c -o $@ $(INCLUDES) -I- -O2 ++COMPILE_SLOWFLOAT_C = /opt/mtwk/usr/local/gcc-3_4-e500-glibc-2.3.4-dp/powerpc-linux-gnuspe/bin/powerpc-linux-gnuspe-gcc -c -o $@ $(INCLUDES) -I- -O3 ++LINK = /opt/mtwk/usr/local/gcc-3_4-e500-glibc-2.3.4-dp/powerpc-linux-gnuspe/bin/powerpc-linux-gnuspe-gcc -o $@ + + SOFTFLOAT_H = $(SOFTFLOAT_DIR)/softfloat.h + SOFTFLOAT_OBJ = $(SOFTFLOAT_DIR)/softfloat$(OBJ) +diff --git a/testfloat/templates/milieu.h b/testfloat/templates/milieu.h +index 56d3ac4..3214ca8 100644 +--- a/testfloat/templates/milieu.h ++++ b/testfloat/templates/milieu.h +@@ -28,7 +28,7 @@ this code that are retained. + Include common integer types and flags. + ------------------------------------------------------------------------------- + */ +-#include "../../processors/!!!processor.h" ++#include "../../processors/SPARC-gcc.h" + + /* + ------------------------------------------------------------------------------- +diff --git a/testfloat/testFunction.h b/testfloat/testFunction.h +index 04bf856..00139a7 100644 +--- a/testfloat/testFunction.h ++++ b/testfloat/testFunction.h +@@ -126,8 +126,8 @@ extern const flag functionExists[ NUM_FUNCTIONS ]; + enum { + ROUND_NEAREST_EVEN = 1, + ROUND_TO_ZERO, +- ROUND_DOWN, + ROUND_UP, ++ ROUND_DOWN, + NUM_ROUNDINGMODES + }; + +diff --git a/testfloat/testLoops.c b/testfloat/testLoops.c +index 8ba92f3..ba05548 100644 +--- a/testfloat/testLoops.c ++++ b/testfloat/testLoops.c +@@ -488,6 +488,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_int32 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -539,6 +544,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_int32 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -592,6 +602,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_int32 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -647,6 +662,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_int32 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -702,6 +722,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_int64 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -753,6 +778,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_int64 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -806,6 +836,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_int64 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -861,6 +896,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_int64 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -916,6 +956,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_float32 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -973,6 +1018,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_float32 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -1030,6 +1080,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_float32 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -1087,6 +1142,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_float32 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -1146,6 +1206,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_float32 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -1203,6 +1268,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_float32 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -1260,6 +1330,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_float32, testCases_b_float32 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -1312,6 +1387,25 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_float32, testCases_b_float32 ); + testFlags = testFlagsFunctionPtr(); ++ ++if(testCases_a_float32 == 0x7ffffe && testCases_b_float32 == 0x3f7ffffe) ++{ ++ ++ writeErrorFound( 10000 - count ); ++ writeInputs_ab_float32(); ++ fputs( " ", stdout ); ++ writeOutputs_z_float32( trueZ, trueFlags, testZ, testFlags ); ++ fflush( stdout ); ++ if (! syst_float_is_soft_emu()){ ++ exit(-1); ++ } ++} ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif ++ + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -1370,6 +1464,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_float64 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -1427,6 +1526,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_float64 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -1484,6 +1588,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_float64 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -1541,6 +1650,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_float64 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -1600,6 +1714,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_float64 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -1657,6 +1776,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_float64 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -1714,6 +1838,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_float64, testCases_b_float64 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -1766,6 +1895,13 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_float64, testCases_b_float64 ); + testFlags = testFlagsFunctionPtr(); ++ ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif ++ + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -1826,6 +1962,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_floatx80 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -1883,6 +2024,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_floatx80 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -1940,6 +2086,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_floatx80 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -1995,6 +2146,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_floatx80 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -2052,6 +2208,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_floatx80 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -2109,6 +2270,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_floatx80 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -2166,6 +2332,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_floatx80, testCases_b_floatx80 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -2218,6 +2389,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_floatx80, testCases_b_floatx80 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -2280,6 +2456,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_float128 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -2337,6 +2518,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_float128 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -2394,6 +2580,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_float128 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -2449,6 +2640,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_float128 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -2506,6 +2702,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_float128 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -2563,6 +2764,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_float128 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -2620,6 +2826,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_float128, testCases_b_float128 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +@@ -2672,6 +2883,11 @@ void + (void) testFlagsFunctionPtr(); + testZ = testFunction( testCases_a_float128, testCases_b_float128 ); + testFlags = testFlagsFunctionPtr(); ++#ifdef TEST_KERNEL_EMU ++ if (! syst_float_is_soft_emu()){ ++ continue; ++ } ++#endif + --count; + if ( count == 0 ) { + checkEarlyExit(); +-- +1.5.4 + diff --git a/meta-fsl-ppc/recipes-extended/testfloat/files/Yocto-replace-COMPILE_PREFIX-gcc.patch b/meta-fsl-ppc/recipes-extended/testfloat/files/Yocto-replace-COMPILE_PREFIX-gcc.patch new file mode 100644 index 00000000..42de56d3 --- /dev/null +++ b/meta-fsl-ppc/recipes-extended/testfloat/files/Yocto-replace-COMPILE_PREFIX-gcc.patch @@ -0,0 +1,67 @@ +From 6c7567e05c28b8cb6c7dc68c278950a32feb6f64 Mon Sep 17 00:00:00 2001 +From: Ting Liu <b28495@freescale.com> +Date: Wed, 9 May 2012 02:42:57 -0500 +Subject: [PATCH] Yocto: replace $(COMPILE_PREFIX)gcc with $(CC) and remove -te500v2 flags + +Signed-off-by: Ting Liu <b28495@freescale.com> +--- + SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile | 4 ++-- + SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile | 4 ++-- + testfloat/powerpc-linux-gcc/Makefile | 8 ++++---- + 3 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile +index 28f1e33..4098048 100644 +--- a/SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile ++++ b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile +@@ -5,8 +5,8 @@ SOFTFLOAT_MACROS = ../softfloat-macros + OBJ = .o + EXE = + INCLUDES = -I. -I.. +-COMPILE_C = $(COMPILE_PREFIX)gcc -msoft-float -c -o $@ $(INCLUDES) -I- -O2 +-LINK = $(COMPILE_PREFIX)gcc -o $@ ++COMPILE_C = $(CC) -msoft-float -c -o $@ $(INCLUDES) -I- -O2 ++LINK = $(CC) -o $@ + + ALL: softfloat$(OBJ) timesoftfloat$(EXE) + +diff --git a/SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile +index a5e2cc7..c34e16e 100644 +--- a/SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile ++++ b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile +@@ -5,8 +5,8 @@ SOFTFLOAT_MACROS = ../softfloat-macros + OBJ = .o + EXE = + INCLUDES = -I. -I.. +-COMPILE_C = $(COMPILE_PREFIX) -mcpu=8548 -mhard-float -mfloat-gprs=double -o $@ $(INCLUDES) -I- -O2 +-LINK = $(COMPILE_PREFIX) -o $@ ++COMPILE_C = $(CC) -mcpu=8548 -mhard-float -mfloat-gprs=double -o $@ $(INCLUDES) -I- -O2 ++LINK = $(CC) -o $@ + + ALL: softfloat$(OBJ) timesoftfloat$(EXE) + +diff --git a/testfloat/powerpc-linux-gcc/Makefile b/testfloat/powerpc-linux-gcc/Makefile +index de50aad..1a8b5f7 100644 +--- a/testfloat/powerpc-linux-gcc/Makefile ++++ b/testfloat/powerpc-linux-gcc/Makefile +@@ -8,13 +8,13 @@ OBJ = .o + EXE = + INCLUDES = -I. -I.. -I$(SOFTFLOAT_DIR) + +-COMPILE_C = $(COMPILE_PREFIX)gcc -c -o $@ $(INCLUDES) -I- -O $(EXTRA_CFLAGS) ++COMPILE_C = $(CC) -c -o $@ $(INCLUDES) -I- -O $(EXTRA_CFLAGS) + +-COMPILE_C_HARD = $(COMPILE_PREFIX)gcc -c -te500v2 -o $@ $(INCLUDES) ++COMPILE_C_HARD = $(CC) -c -o $@ $(INCLUDES) + +-COMPILE_SLOWFLOAT_C = $(COMPILE_PREFIX)gcc -c -o $@ $(INCLUDES) -I- -O ++COMPILE_SLOWFLOAT_C = $(CC) -c -o $@ $(INCLUDES) -I- -O + +-LINK = $(COMPILE_PREFIX)gcc -lm -o $@ ++LINK = $(CC) -lm -o $@ + + SOFTFLOAT_H = $(SOFTFLOAT_DIR)/softfloat.h + SOFTFLOAT_OBJ = $(SOFTFLOAT_DIR)/softfloat$(OBJ) +-- +1.7.3.4 + diff --git a/meta-fsl-ppc/recipes-extended/testfloat/testfloat_2a.bb b/meta-fsl-ppc/recipes-extended/testfloat/testfloat_2a.bb new file mode 100644 index 00000000..800cef3d --- /dev/null +++ b/meta-fsl-ppc/recipes-extended/testfloat/testfloat_2a.bb @@ -0,0 +1,45 @@ +DESCRIPTION = "A program for testing floating-point implementation" +LICENSE = "TestFloat" + +LIC_FILES_CHKSUM = "file://testfloat/testfloat.txt;beginline=87;endline=95;md5=bdb2e8111838a48015c29bd97f5b6145" + +SRC_URI = " http://www.jhauser.us/arithmetic/TestFloat-2a.tar.Z;name=TestFloat \ + http://www.jhauser.us/arithmetic/SoftFloat-2b.tar.Z;name=SoftFloat \ + " +SRC_URI_append_qoriq-ppc = " file://SoftFloat-powerpc-1.patch \ + file://TestFloat-powerpc-E500v2-SPE-1.patch \ + file://Yocto-replace-COMPILE_PREFIX-gcc.patch \ + " +SRC_URI[TestFloat.md5sum] = "4dc889319ae1e0c5381ec511f784553a" +SRC_URI[TestFloat.sha256sum] = "84d14aa42adefbda2ec9708b42946f7fa59f93689b042684bd027863481f8e4e" +SRC_URI[SoftFloat.md5sum] = "b4a58b5c941f1a2317e4c2500086e3fa" +SRC_URI[SoftFloat.sha256sum] = "89d14b55113a2ba8cbda7011443ba1d298d381c89d939515d56c5f18f2febf81" + +S = "${WORKDIR}/TestFloat-2a" + +do_unpack2(){ + mv ${WORKDIR}/SoftFloat-2b ${S}/SoftFloat-2b + cd ${S} + if [ -n "$(which fromdos)" ];then + find -type f -exec fromdos {} \; + elif [ -n "$(which dos2unix)" ];then + find -type f -exec dos2unix {} \; + else + echo -e "\nERROR: command dos2unix or fromdos not found\n" && return 1 + fi +} +addtask do_unpack2 after do_unpack before do_patch + +do_compile(){ + oe_runmake -C testfloat/powerpc-linux-gcc/ CC="${CC}" EXTRA_CFLAGS="-DTEST_KERNEL_EMU" +} + +do_install(){ + install -d ${D}/${bindir} + install testfloat/powerpc-linux-gcc/testfloat ${D}/${bindir} + install testfloat/powerpc-linux-gcc/testsoftfloat ${D}/${bindir} +} + +COMPATIBLE_HOST_e500v2 = ".*" +COMPATIBLE_HOST ?= "(none)" + diff --git a/meta-fsl-ppc/recipes-extended/web-sysmon/web-sysmon_git.bb b/meta-fsl-ppc/recipes-extended/web-sysmon/web-sysmon_git.bb new file mode 100644 index 00000000..84f60d51 --- /dev/null +++ b/meta-fsl-ppc/recipes-extended/web-sysmon/web-sysmon_git.bb @@ -0,0 +1,23 @@ +DESCRIPTION = "Web System Monitor Files" +SECTION = "web-sysmon" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e" + +SRC_URI = "git://git.freescale.com/ppc/sdk/web-sysmon-dev.git;nobranch=1" +SRCREV = "8d0c6eca1113832fabe917fd0cb25abe2d4d7157" + +inherit update-rc.d + +S = "${WORKDIR}/git" + +RDEPENDS_${PN} = "lighttpd" + +EXTRA_OEMAKE += "D=${D}" +do_install () { + oe_runmake install +} + +FILES_${PN} += "/" + +INITSCRIPT_NAME = "web-sysmon.sh" +INITSCRIPT_PARAMS = "defaults 99 20" diff --git a/meta-fsl-ppc/recipes-graphics/xorg-driver/xf86-video-fbdev_0.4.2.bb b/meta-fsl-ppc/recipes-graphics/xorg-driver/xf86-video-fbdev_0.4.2.bb new file mode 100644 index 00000000..038c421d --- /dev/null +++ b/meta-fsl-ppc/recipes-graphics/xorg-driver/xf86-video-fbdev_0.4.2.bb @@ -0,0 +1,11 @@ +require xorg-driver-video.inc +LIC_FILES_CHKSUM = "file://COPYING;md5=d8cbd99fff773f92e844948f74ef0df8" + +DESCRIPTION = "X.Org X server -- fbdev display driver" +PE = "1" +PR = "${INC_PR}.1" + +DEPENDS += "virtual/xserver" + +SRC_URI[md5sum] = "53a533d9e0c2da50962282526bace074" +SRC_URI[sha256sum] = "93b271b4b41d7e5ca108849a583b9523e96c51813d046282285355b7001f82d5" diff --git a/meta-fsl-ppc/recipes-graphics/xorg-driver/xorg-driver-common.inc b/meta-fsl-ppc/recipes-graphics/xorg-driver/xorg-driver-common.inc new file mode 100644 index 00000000..c0f4a15a --- /dev/null +++ b/meta-fsl-ppc/recipes-graphics/xorg-driver/xorg-driver-common.inc @@ -0,0 +1,40 @@ +DESCRIPTION = "X driver" +HOMEPAGE = "http://www.x.org" +SECTION = "x11/drivers" +LICENSE = "MIT-X" +INC_PR = "r15" + +DEPENDS = "randrproto virtual/xserver-xf86 xproto" + +SRC_URI = "${XORG_MIRROR}/individual/driver/${BPN}-${PV}.tar.bz2" + +S = "${WORKDIR}/${BPN}-${PV}" + +FILES_${PN} += " ${libdir}/xorg/modules" +FILES_${PN}-dbg += "${libdir}/xorg/modules/*/.debug" + +inherit autotools pkgconfig + +TARGET_CPPFLAGS += "-I${STAGING_DIR_HOST}/usr/include/xorg" + +# Another sucky behavor from Xorg configure scripts. +# They use AC_CHECK_FILE to check for DRI headers. Yuck! +# Of course this will blow up when cross compiling. + +do_configure_prepend() { + incdir=${layout_includedir}/xorg + for f in dri.h sarea.h dristruct.h exa.h damage.h xf86Module.h; do + path="$incdir/$f" + if [ -f "${STAGING_DIR_HOST}/$path" ]; then + p=`echo "$path" | sed 'y%*+%pp%;s%[^_[:alnum:]]%_%g'` + eval "export ac_cv_file_$p=yes" + fi + done +} + +# FIXME: We don't want to include the libtool archives (*.la) from modules +# directory, as they serve no useful purpose. Upstream should fix Makefile.am +do_install_append() { + find ${D}${libdir}/xorg/modules -regex ".*\.la$" | xargs rm -f -- +} + diff --git a/meta-fsl-ppc/recipes-graphics/xorg-driver/xorg-driver-video.inc b/meta-fsl-ppc/recipes-graphics/xorg-driver/xorg-driver-video.inc new file mode 100644 index 00000000..bce8c9a7 --- /dev/null +++ b/meta-fsl-ppc/recipes-graphics/xorg-driver/xorg-driver-video.inc @@ -0,0 +1,4 @@ +include xorg-driver-common.inc + +DEPENDS = "randrproto renderproto videoproto xextproto fontsproto xproto" + diff --git a/meta-fsl-ppc/recipes-graphics/xorg-xserver/xserver-xf86-config/p1022ds/xorg.conf b/meta-fsl-ppc/recipes-graphics/xorg-xserver/xserver-xf86-config/p1022ds/xorg.conf new file mode 100644 index 00000000..57f284e8 --- /dev/null +++ b/meta-fsl-ppc/recipes-graphics/xorg-xserver/xserver-xf86-config/p1022ds/xorg.conf @@ -0,0 +1,27 @@ +Section "Screen" + Identifier "Builtin Default fbdev Screen 0" + Device "Builtin Default fbdev Device 0" +EndSection + +Section "ServerLayout" + Identifier "Builtin Default Layout" + Screen "Builtin Default fbdev Screen 0" +EndSection + +Section "ServerFlags" + Option "DontZap" "0" +EndSection + +Section "InputClass" + Identifier "keyboard-all" + Driver "evdev" + MatchIsKeyboard "on" +EndSection + + +Section "InputClass" + Identifier "mouse-all" + Driver "evdev" + MatchIsPointer "on" +EndSection + diff --git a/meta-fsl-ppc/recipes-graphics/xorg-xserver/xserver-xf86-config_%.bbappend b/meta-fsl-ppc/recipes-graphics/xorg-xserver/xserver-xf86-config_%.bbappend new file mode 100644 index 00000000..6d4804d1 --- /dev/null +++ b/meta-fsl-ppc/recipes-graphics/xorg-xserver/xserver-xf86-config_%.bbappend @@ -0,0 +1,2 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + diff --git a/meta-fsl-ppc/recipes-kernel/asf/asf_git.bb b/meta-fsl-ppc/recipes-kernel/asf/asf_git.bb new file mode 100644 index 00000000..1ca4c8ea --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/asf/asf_git.bb @@ -0,0 +1,33 @@ +DESCRIPTION = "Non-DPAA software Application Specific Fast-path" +SECTION = "asf" +LICENSE = "GPLv2 & GPLv2+ & BSD" +LIC_FILES_CHKSUM = "file://COPYING;md5=b5881ecf398da8a03a3f4c501e29d287" + +SRC_URI = "git://git.freescale.com/ppc/sdk/asf.git;nobranch=1" +SRCREV = "16eb472d6b2b34c8b605a86c469611bc8ddec1c9" + +inherit module qoriq_build_64bit_kernel + +S = "${WORKDIR}/git/asfmodule" + +EXTRA_OEMAKE = "CROSS_COMPILE=${TARGET_PREFIX}" +export KERNEL_PATH = "${STAGING_KERNEL_DIR}" + +INHIBIT_PACKAGE_STRIP = "1" + +do_configure[depends] += "virtual/kernel:do_shared_workdir" +do_configure_prepend () { + sed -i 's,$(KERNEL_PATH)/.config,$(KBUILD_OUTPUT)/.config,' ${S}/Makefile +} + +do_install(){ + install -d ${D}/${libexecdir} + install -d ${D}/lib/modules/${KERNEL_VERSION}/asf + cp -rf ${S}/bin/full ${D}/lib/modules/${KERNEL_VERSION}/asf + cp -rf ${S}/bin/min ${D}/lib/modules/${KERNEL_VERSION}/asf + cp -rf ${S}/../scripts ${D}/${libexecdir}/ +} + +FILES_${PN} += "${libexecdir} /lib/modules/${KERNEL_VERSION}/asf" +RDEPENDS_${PN} += "ipsec-tools" + diff --git a/meta-fsl-ppc/recipes-kernel/auto-resp/ar_git.bb b/meta-fsl-ppc/recipes-kernel/auto-resp/ar_git.bb new file mode 100644 index 00000000..52d9f57d --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/auto-resp/ar_git.bb @@ -0,0 +1,29 @@ +SUMMARY = "Auto Response Control Module" +LICENSE = "GPLv2 & BSD" +LIC_FILES_CHKSUM = "file://COPYING;md5=b5881ecf398da8a03a3f4c501e29d287" + +inherit module + +SRC_URI = "git://git.freescale.com/ppc/sdk/auto-resp.git;branch=sdk-v1.7.x" +SRCREV = "dbede76fb4020a370baa393f7c53af4c0db8f175" + +S = "${WORKDIR}/git" + +EXTRA_OEMAKE = "CROSS_COMPILE=${TARGET_PREFIX} SYSROOT=${STAGING_DIR_TARGET}" +export KERNEL_PATH + +INHIBIT_PACKAGE_STRIP = "1" + +do_compile_prepend() { + sed -i -e 's,EXTRA_CFLAGS += -I$(PWD),EXTRA_CFLAGS += -I${S},' ${S}/armodule/source/Makefile +} + +do_install(){ + install -d ${D}/lib/modules/${KERNEL_VERSION} + install -d ${D}${bindir} + install -m 644 ${B}/bin/ar.ko ${D}/lib/modules/${KERNEL_VERSION}/ + cp -f ${S}/bin/ar_* ${D}${bindir}/ +} + +FILES_${PN} += "${bindir}/" + diff --git a/meta-fsl-ppc/recipes-kernel/ceetm/ceetm_git.bb b/meta-fsl-ppc/recipes-kernel/ceetm/ceetm_git.bb new file mode 100644 index 00000000..beaed31e --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/ceetm/ceetm_git.bb @@ -0,0 +1,30 @@ +DESCRIPTION = "CEETM TC QDISC" +LICENSE = "GPLv2 & BSD" +LIC_FILES_CHKSUM = "file://COPYING;md5=b5881ecf398da8a03a3f4c501e29d287" + +DEPENDS="virtual/kernel" + +inherit module qoriq_build_64bit_kernel + +SRC_URI = "git://git.freescale.com/ppc/sdk/ceetm.git;nobranch=1" +SRCREV = "ecf55c9ca0cd42a212653e1f99c19cd611e3a008" + +S = "${WORKDIR}/git" + +EXTRA_OEMAKE = "CROSS_COMPILE=${TARGET_PREFIX} SYSROOT=${STAGING_DIR_TARGET}" +export KERNEL_PATH = "${STAGING_KERNEL_DIR}" + +do_configure[depends] += "virtual/kernel:do_shared_workdir" +do_configure_prepend () { + sed -i 's,$(KERNEL_PATH)/.config,$(KBUILD_OUTPUT)/.config,' ${S}/ceetm_module/Makefile +} + +do_install(){ + mkdir -p ${D}/usr/driver/ceetm + mkdir -p ${D}/${libdir}/tc + cp ${S}/bin/ceetm.ko ${D}/usr/driver/ceetm + cp ${S}/bin/q_ceetm.so ${D}/${libdir}/tc/. +} + +FILES_${PN} += "/usr/driver/ceetm ${libdir}/tc" +INHIBIT_PACKAGE_STRIP = "1" diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl.inc b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl.inc new file mode 100644 index 00000000..e32e3502 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl.inc @@ -0,0 +1,17 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/cryptodev-fsl:" + +SRC_URI_qoriq-ppc = "git://github.com/cryptodev-linux/cryptodev-linux.git \ + file://0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch \ + file://0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch \ + file://0003-PKC-support-added-in-cryptodev-module.patch \ + file://0004-Compat-versions-of-PKC-IOCTLs.patch \ + file://0005-Asynchronous-interface-changes-in-cryptodev.patch \ + file://0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch \ + file://0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch \ + file://0008-Add-RSA-Key-generation-offloading.patch \ + file://0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch \ +" +SRCREV_qoriq-ppc = "6aa62a2c320b04f55fdfe0ed015c3d9b48997239" + +S_qoriq-ppc = "${WORKDIR}/git" + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch new file mode 100644 index 00000000..796e5484 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch @@ -0,0 +1,52 @@ +From 715ade8236f40cf811c39f9538dfd60803967fcd Mon Sep 17 00:00:00 2001 +From: Cristian Stoica <cristian.stoica@freescale.com> +Date: Thu, 29 Aug 2013 16:52:30 +0300 +Subject: [PATCH 1/9] add support for composite TLS10(SHA1,AES) algorithm + offload + +This adds support for composite algorithm offload as a primitive +crypto (cipher + hmac) operation. + +It requires kernel support for tls10(hmac(sha1),cbc(aes)) algorithm +provided either in software or accelerated by hardware such as +Freescale B*, P* and T* platforms. + +Change-Id: Ia1c605da3860e91e681295dfc8df7c09eb4006cf +Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> +Reviewed-on: http://git.am.freescale.net:8181/17218 +--- + crypto/cryptodev.h | 1 + + ioctl.c | 5 +++++ + 2 files changed, 6 insertions(+) + +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index 7fb9c7d..c0e8cd4 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -50,6 +50,7 @@ enum cryptodev_crypto_op_t { + CRYPTO_SHA2_384, + CRYPTO_SHA2_512, + CRYPTO_SHA2_224_HMAC, ++ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, + CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ + }; + +diff --git a/ioctl.c b/ioctl.c +index 5a55a76..f9b9b2e 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -159,6 +159,11 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop) + stream = 1; + aead = 1; + break; ++ case CRYPTO_TLS10_AES_CBC_HMAC_SHA1: ++ alg_name = "tls10(hmac(sha1),cbc(aes))"; ++ stream = 0; ++ aead = 1; ++ break; + case CRYPTO_NULL: + alg_name = "ecb(cipher_null)"; + stream = 1; +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-don-t-advertise-RSA-keygen.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-don-t-advertise-RSA-keygen.patch new file mode 100644 index 00000000..3d7c6086 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-don-t-advertise-RSA-keygen.patch @@ -0,0 +1,32 @@ +From b6e2a3747e3cffdf3cc515b0ce35d6bcdcb051c5 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica <cristian.stoica@freescale.com> +Date: Tue, 9 Dec 2014 16:41:25 +0200 +Subject: [PATCH] don't advertise RSA keygen + +This is supposed to avoid RSA keygen operations when they are not +available. Since no testing can be done, the patch should be applied +selectively (for example when offloading through pkc driver on C293) + +Change-Id: I60765f46fd7a39053d42e075d2ec71b032b2ed8a +Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> +--- + ioctl.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/ioctl.c b/ioctl.c +index e907167..3239093 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -961,8 +961,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + case CIOCASYMFEAT: + return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | + CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | +- CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY | +- CRF_RSA_GENERATE_KEY, p); ++ CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p); + case CRIOGET: + fd = clonefd(filp); + ret = put_user(fd, p); +-- +2.2.0 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch new file mode 100644 index 00000000..086a97f8 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch @@ -0,0 +1,207 @@ +From 4b766c93e4ee19248dd66bbebb61fb5cc9c8a012 Mon Sep 17 00:00:00 2001 +From: Horia Geanta <horia.geanta@freescale.com> +Date: Wed, 4 Dec 2013 15:43:41 +0200 +Subject: [PATCH 2/9] add support for COMPAT_CIOCAUTHCRYPT ioctl() + +Upstream-status: Pending + +Needed for 64b kernel with 32b user space. + +Change-Id: I44a999a4164e7ae7122dee6ed0716b2f25cadbc1 +Signed-off-by: Horia Geanta <horia.geanta@freescale.com> +Tested-by: Cristian Stoica <cristian.stoica@freescale.com> +--- + authenc.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + cryptodev_int.h | 40 +++++++++++++++++++++++++++++ + ioctl.c | 16 ++++++++++++ + 3 files changed, 134 insertions(+) + +diff --git a/authenc.c b/authenc.c +index 1bd7377..ef0d3db 100644 +--- a/authenc.c ++++ b/authenc.c +@@ -272,6 +272,84 @@ static int fill_caop_from_kcaop(struct kernel_crypt_auth_op *kcaop, struct fcryp + return 0; + } + ++/* compatibility code for 32bit userlands */ ++#ifdef CONFIG_COMPAT ++ ++static inline void ++compat_to_crypt_auth_op(struct compat_crypt_auth_op *compat, ++ struct crypt_auth_op *caop) ++{ ++ caop->ses = compat->ses; ++ caop->op = compat->op; ++ caop->flags = compat->flags; ++ caop->len = compat->len; ++ caop->auth_len = compat->auth_len; ++ caop->tag_len = compat->tag_len; ++ caop->iv_len = compat->iv_len; ++ ++ caop->auth_src = compat_ptr(compat->auth_src); ++ caop->src = compat_ptr(compat->src); ++ caop->dst = compat_ptr(compat->dst); ++ caop->tag = compat_ptr(compat->tag); ++ caop->iv = compat_ptr(compat->iv); ++} ++ ++static inline void ++crypt_auth_op_to_compat(struct crypt_auth_op *caop, ++ struct compat_crypt_auth_op *compat) ++{ ++ compat->ses = caop->ses; ++ compat->op = caop->op; ++ compat->flags = caop->flags; ++ compat->len = caop->len; ++ compat->auth_len = caop->auth_len; ++ compat->tag_len = caop->tag_len; ++ compat->iv_len = caop->iv_len; ++ ++ compat->auth_src = ptr_to_compat(caop->auth_src); ++ compat->src = ptr_to_compat(caop->src); ++ compat->dst = ptr_to_compat(caop->dst); ++ compat->tag = ptr_to_compat(caop->tag); ++ compat->iv = ptr_to_compat(caop->iv); ++} ++ ++int compat_kcaop_from_user(struct kernel_crypt_auth_op *kcaop, ++ struct fcrypt *fcr, void __user *arg) ++{ ++ struct compat_crypt_auth_op compat_caop; ++ ++ if (unlikely(copy_from_user(&compat_caop, arg, sizeof(compat_caop)))) { ++ dprintk(1, KERN_ERR, "Error in copying from userspace\n"); ++ return -EFAULT; ++ } ++ ++ compat_to_crypt_auth_op(&compat_caop, &kcaop->caop); ++ ++ return fill_kcaop_from_caop(kcaop, fcr); ++} ++ ++int compat_kcaop_to_user(struct kernel_crypt_auth_op *kcaop, ++ struct fcrypt *fcr, void __user *arg) ++{ ++ int ret; ++ struct compat_crypt_auth_op compat_caop; ++ ++ ret = fill_caop_from_kcaop(kcaop, fcr); ++ if (unlikely(ret)) { ++ dprintk(1, KERN_ERR, "fill_caop_from_kcaop\n"); ++ return ret; ++ } ++ ++ crypt_auth_op_to_compat(&kcaop->caop, &compat_caop); ++ ++ if (unlikely(copy_to_user(arg, &compat_caop, sizeof(compat_caop)))) { ++ dprintk(1, KERN_ERR, "Error in copying to userspace\n"); ++ return -EFAULT; ++ } ++ return 0; ++} ++ ++#endif /* CONFIG_COMPAT */ + + int kcaop_from_user(struct kernel_crypt_auth_op *kcaop, + struct fcrypt *fcr, void __user *arg) +diff --git a/cryptodev_int.h b/cryptodev_int.h +index d7660fa..8e687e7 100644 +--- a/cryptodev_int.h ++++ b/cryptodev_int.h +@@ -73,11 +73,42 @@ struct compat_crypt_op { + compat_uptr_t iv;/* initialization vector for encryption operations */ + }; + ++ /* input of CIOCAUTHCRYPT */ ++struct compat_crypt_auth_op { ++ uint32_t ses; /* session identifier */ ++ uint16_t op; /* COP_ENCRYPT or COP_DECRYPT */ ++ uint16_t flags; /* see COP_FLAG_AEAD_* */ ++ uint32_t len; /* length of source data */ ++ uint32_t auth_len; /* length of auth data */ ++ compat_uptr_t auth_src; /* authenticated-only data */ ++ ++ /* The current implementation is more efficient if data are ++ * encrypted in-place (src==dst). */ ++ compat_uptr_t src; /* data to be encrypted and ++ authenticated */ ++ compat_uptr_t dst; /* pointer to output data. Must have ++ * space for tag. For TLS this should be ++ * at least len + tag_size + block_size ++ * for padding */ ++ ++ compat_uptr_t tag; /* where the tag will be copied to. TLS ++ * mode doesn't use that as tag is ++ * copied to dst. ++ * SRTP mode copies tag there. */ ++ uint32_t tag_len; /* the length of the tag. Use zero for ++ * digest size or max tag. */ ++ ++ /* initialization vector for encryption operations */ ++ compat_uptr_t iv; ++ uint32_t iv_len; ++}; ++ + /* compat ioctls, defined for the above structs */ + #define COMPAT_CIOCGSESSION _IOWR('c', 102, struct compat_session_op) + #define COMPAT_CIOCCRYPT _IOWR('c', 104, struct compat_crypt_op) + #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op) + #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op) ++#define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op) + + #endif /* CONFIG_COMPAT */ + +@@ -108,6 +139,15 @@ struct kernel_crypt_auth_op { + + /* auth */ + ++#ifdef CONFIG_COMPAT ++int compat_kcaop_from_user(struct kernel_crypt_auth_op *kcaop, ++ struct fcrypt *fcr, void __user *arg); ++ ++int compat_kcaop_to_user(struct kernel_crypt_auth_op *kcaop, ++ struct fcrypt *fcr, void __user *arg); ++#endif /* CONFIG_COMPAT */ ++ ++ + int kcaop_from_user(struct kernel_crypt_auth_op *kcop, + struct fcrypt *fcr, void __user *arg); + int kcaop_to_user(struct kernel_crypt_auth_op *kcaop, +diff --git a/ioctl.c b/ioctl.c +index f9b9b2e..1563c75 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -998,6 +998,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + struct session_op sop; + struct compat_session_op compat_sop; + struct kernel_crypt_op kcop; ++ struct kernel_crypt_auth_op kcaop; + int ret; + + if (unlikely(!pcr)) +@@ -1040,6 +1041,21 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + return ret; + + return compat_kcop_to_user(&kcop, fcr, arg); ++ ++ case COMPAT_CIOCAUTHCRYPT: ++ if (unlikely(ret = compat_kcaop_from_user(&kcaop, fcr, arg))) { ++ dprintk(1, KERN_WARNING, "Error copying from user\n"); ++ return ret; ++ } ++ ++ ret = crypto_auth_run(fcr, &kcaop); ++ if (unlikely(ret)) { ++ dprintk(1, KERN_WARNING, "Error in crypto_auth_run\n"); ++ return ret; ++ } ++ ++ return compat_kcaop_to_user(&kcaop, fcr, arg); ++ + #ifdef ENABLE_ASYNC + case COMPAT_CIOCASYNCCRYPT: + if (unlikely(ret = compat_kcop_from_user(&kcop, fcr, arg))) +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0003-PKC-support-added-in-cryptodev-module.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0003-PKC-support-added-in-cryptodev-module.patch new file mode 100644 index 00000000..a4f7816b --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0003-PKC-support-added-in-cryptodev-module.patch @@ -0,0 +1,898 @@ +From 5b57fc2124cef0acc3c7e8de376ebd9aa4f1fdd3 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta <yashpal.dutta@freescale.com> +Date: Fri, 7 Mar 2014 06:16:09 +0545 +Subject: [PATCH 3/9] PKC support added in cryptodev module + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> +--- + cryptlib.c | 66 +++++++++- + cryptlib.h | 28 ++++ + crypto/cryptodev.h | 15 ++- + cryptodev_int.h | 20 ++- + ioctl.c | 196 +++++++++++++++++++++++++-- + main.c | 378 +++++++++++++++++++++++++++++++++++++++++++++++++++++ + 6 files changed, 685 insertions(+), 18 deletions(-) + +diff --git a/cryptlib.c b/cryptlib.c +index 44ce763..6900028 100644 +--- a/cryptlib.c ++++ b/cryptlib.c +@@ -5,6 +5,8 @@ + * Portions Copyright (c) 2010 Michael Weiser + * Portions Copyright (c) 2010 Phil Sutter + * ++ * Copyright 2012 Freescale Semiconductor, Inc. ++ * + * This file is part of linux cryptodev. + * + * This program is free software; you can redistribute it and/or +@@ -39,11 +41,6 @@ + #include "cryptodev_int.h" + + +-struct cryptodev_result { +- struct completion completion; +- int err; +-}; +- + static void cryptodev_complete(struct crypto_async_request *req, int err) + { + struct cryptodev_result *res = req->data; +@@ -259,7 +256,6 @@ static inline int waitfor(struct cryptodev_result *cr, ssize_t ret) + case 0: + break; + case -EINPROGRESS: +- case -EBUSY: + wait_for_completion(&cr->completion); + /* At this point we known for sure the request has finished, + * because wait_for_completion above was not interruptible. +@@ -439,3 +435,61 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output) + return waitfor(hdata->async.result, ret); + } + ++int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) ++{ ++ int ret = 0; ++ struct pkc_request *pkc_req = &pkc->req, *pkc_requested; ++ ++ switch (pkc_req->type) { ++ case RSA_PUB: ++ case RSA_PRIV_FORM1: ++ case RSA_PRIV_FORM2: ++ case RSA_PRIV_FORM3: ++ pkc->s = crypto_alloc_pkc("pkc(rsa)", ++ CRYPTO_ALG_TYPE_PKC_RSA, 0); ++ break; ++ case DSA_SIGN: ++ case DSA_VERIFY: ++ case ECDSA_SIGN: ++ case ECDSA_VERIFY: ++ pkc->s = crypto_alloc_pkc("pkc(dsa)", ++ CRYPTO_ALG_TYPE_PKC_DSA, 0); ++ break; ++ case DH_COMPUTE_KEY: ++ case ECDH_COMPUTE_KEY: ++ pkc->s = crypto_alloc_pkc("pkc(dh)", ++ CRYPTO_ALG_TYPE_PKC_DH, 0); ++ break; ++ default: ++ return -EINVAL; ++ } ++ ++ if (IS_ERR_OR_NULL(pkc->s)) ++ return -EINVAL; ++ ++ init_completion(&pkc->result.completion); ++ pkc_requested = pkc_request_alloc(pkc->s, GFP_KERNEL); ++ ++ if (unlikely(IS_ERR_OR_NULL(pkc_requested))) { ++ ret = -ENOMEM; ++ goto error; ++ } ++ pkc_requested->type = pkc_req->type; ++ pkc_requested->curve_type = pkc_req->curve_type; ++ memcpy(&pkc_requested->req_u, &pkc_req->req_u, sizeof(pkc_req->req_u)); ++ pkc_request_set_callback(pkc_requested, CRYPTO_TFM_REQ_MAY_BACKLOG, ++ cryptodev_complete_asym, pkc); ++ ret = crypto_pkc_op(pkc_requested); ++ if (ret != -EINPROGRESS && ret != 0) ++ goto error2; ++ ++ if (pkc->type == SYNCHRONOUS) ++ ret = waitfor(&pkc->result, ret); ++ ++ return ret; ++error2: ++ kfree(pkc_requested); ++error: ++ crypto_free_pkc(pkc->s); ++ return ret; ++} +diff --git a/cryptlib.h b/cryptlib.h +index a0a8a63..56d325a 100644 +--- a/cryptlib.h ++++ b/cryptlib.h +@@ -1,3 +1,6 @@ ++/* ++ * Copyright 2012 Freescale Semiconductor, Inc. ++ */ + #ifndef CRYPTLIB_H + # define CRYPTLIB_H + +@@ -89,5 +92,30 @@ void cryptodev_hash_deinit(struct hash_data *hdata); + int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name, + int hmac_mode, void *mackey, size_t mackeylen); + ++/* Operation Type */ ++enum offload_type { ++ SYNCHRONOUS, ++ ASYNCHRONOUS ++}; ++ ++struct cryptodev_result { ++ struct completion completion; ++ int err; ++}; ++ ++struct cryptodev_pkc { ++ struct list_head list; /* To maintain the Jobs in completed ++ cryptodev lists */ ++ struct kernel_crypt_kop kop; ++ struct crypto_pkc *s; /* Transform pointer from CryptoAPI */ ++ struct cryptodev_result result; /* Result to be updated by ++ completion handler */ ++ struct pkc_request req; /* PKC request structure allocated ++ from CryptoAPI */ ++ enum offload_type type; /* Synchronous Vs Asynchronous request */ ++ void *cookie; /*Additional opaque cookie to be used in future */ ++ struct crypt_priv *priv; ++}; + ++int cryptodev_pkc_offload(struct cryptodev_pkc *); + #endif +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index c0e8cd4..96675fe 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -1,6 +1,10 @@ +-/* This is a source compatible implementation with the original API of ++/* ++ * Copyright 2012 Freescale Semiconductor, Inc. ++ * ++ * This is a source compatible implementation with the original API of + * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h. +- * Placed under public domain */ ++ * Placed under public domain ++ */ + + #ifndef L_CRYPTODEV_H + #define L_CRYPTODEV_H +@@ -245,6 +249,9 @@ struct crypt_kop { + __u16 crk_oparams; + __u32 crk_pad1; + struct crparam crk_param[CRK_MAXPARAM]; ++ enum curve_t curve_type; /* 0 == Discrete Log, ++ 1 = EC_PRIME, 2 = EC_BINARY */ ++ void *cookie; + }; + + enum cryptodev_crk_op_t { +@@ -289,5 +296,7 @@ enum cryptodev_crk_op_t { + */ + #define CIOCASYNCCRYPT _IOW('c', 110, struct crypt_op) + #define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op) +- ++/* additional ioctls for asynchronous operation for asymmetric ciphers*/ ++#define CIOCASYMASYNCRYPT _IOW('c', 112, struct crypt_kop) ++#define CIOCASYMASYNFETCH _IOR('c', 113, struct crypt_kop) + #endif /* L_CRYPTODEV_H */ +diff --git a/cryptodev_int.h b/cryptodev_int.h +index 8e687e7..fdbcc61 100644 +--- a/cryptodev_int.h ++++ b/cryptodev_int.h +@@ -1,4 +1,6 @@ +-/* cipher stuff */ ++/* cipher stuff ++ * Copyright 2012 Freescale Semiconductor, Inc. ++ */ + #ifndef CRYPTODEV_INT_H + # define CRYPTODEV_INT_H + +@@ -112,6 +114,14 @@ struct compat_crypt_auth_op { + + #endif /* CONFIG_COMPAT */ + ++/* kernel-internal extension to struct crypt_kop */ ++struct kernel_crypt_kop { ++ struct crypt_kop kop; ++ ++ struct task_struct *task; ++ struct mm_struct *mm; ++}; ++ + /* kernel-internal extension to struct crypt_op */ + struct kernel_crypt_op { + struct crypt_op cop; +@@ -157,6 +167,14 @@ int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop); + + #include <cryptlib.h> + ++/* Cryptodev Key operation handler */ ++int crypto_bn_modexp(struct cryptodev_pkc *); ++int crypto_modexp_crt(struct cryptodev_pkc *); ++int crypto_kop_dsasign(struct cryptodev_pkc *); ++int crypto_kop_dsaverify(struct cryptodev_pkc *); ++int crypto_run_asym(struct cryptodev_pkc *); ++void cryptodev_complete_asym(struct crypto_async_request *, int); ++ + /* other internal structs */ + struct csession { + struct list_head entry; +diff --git a/ioctl.c b/ioctl.c +index 1563c75..782d7fe 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -4,6 +4,7 @@ + * Copyright (c) 2004 Michal Ludvig <mludvig@logix.net.nz>, SuSE Labs + * Copyright (c) 2009,2010,2011 Nikos Mavrogiannopoulos <nmav@gnutls.org> + * Copyright (c) 2010 Phil Sutter ++ * Copyright 2012 Freescale Semiconductor, Inc. + * + * This file is part of linux cryptodev. + * +@@ -89,8 +90,37 @@ struct crypt_priv { + int itemcount; + struct work_struct cryptask; + wait_queue_head_t user_waiter; ++ /* List of pending cryptodev_pkc asym requests */ ++ struct list_head asym_completed_list; ++ /* For addition/removal of entry in pending list of asymmetric request*/ ++ spinlock_t completion_lock; + }; + ++/* Asymmetric request Completion handler */ ++void cryptodev_complete_asym(struct crypto_async_request *req, int err) ++{ ++ struct cryptodev_pkc *pkc = req->data; ++ struct cryptodev_result *res = &pkc->result; ++ ++ crypto_free_pkc(pkc->s); ++ res->err = err; ++ if (pkc->type == SYNCHRONOUS) { ++ if (err == -EINPROGRESS) ++ return; ++ complete(&res->completion); ++ } else { ++ struct crypt_priv *pcr = pkc->priv; ++ unsigned long flags; ++ spin_lock_irqsave(&pcr->completion_lock, flags); ++ list_add_tail(&pkc->list, &pcr->asym_completed_list); ++ spin_unlock_irqrestore(&pcr->completion_lock, flags); ++ /* wake for POLLIN */ ++ wake_up_interruptible(&pcr->user_waiter); ++ } ++ ++ kfree(req); ++} ++ + #define FILL_SG(sg, ptr, len) \ + do { \ + (sg)->page = virt_to_page(ptr); \ +@@ -472,7 +502,8 @@ cryptodev_open(struct inode *inode, struct file *filp) + INIT_LIST_HEAD(&pcr->free.list); + INIT_LIST_HEAD(&pcr->todo.list); + INIT_LIST_HEAD(&pcr->done.list); +- ++ INIT_LIST_HEAD(&pcr->asym_completed_list); ++ spin_lock_init(&pcr->completion_lock); + INIT_WORK(&pcr->cryptask, cryptask_routine); + + init_waitqueue_head(&pcr->user_waiter); +@@ -639,6 +670,79 @@ static int crypto_async_fetch(struct crypt_priv *pcr, + } + #endif + ++/* get the first asym cipher completed job from the "done" queue ++ * ++ * returns: ++ * -EBUSY if no completed jobs are ready (yet) ++ * the return value otherwise */ ++static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) ++{ ++ int ret = 0; ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *ckop = &kop->kop; ++ struct pkc_request *pkc_req = &pkc->req; ++ ++ switch (ckop->crk_op) { ++ case CRK_MOD_EXP: ++ { ++ struct rsa_pub_req_s *rsa_req = &pkc_req->req_u.rsa_pub_req; ++ copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, ++ rsa_req->g_len); ++ } ++ break; ++ case CRK_MOD_EXP_CRT: ++ { ++ struct rsa_priv_frm3_req_s *rsa_req = ++ &pkc_req->req_u.rsa_priv_f3; ++ copy_to_user(ckop->crk_param[6].crp_p, ++ rsa_req->f, rsa_req->f_len); ++ } ++ break; ++ case CRK_DSA_SIGN: ++ { ++ struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign; ++ ++ if (pkc_req->type == ECDSA_SIGN) { ++ copy_to_user(ckop->crk_param[6].crp_p, ++ dsa_req->c, dsa_req->d_len); ++ copy_to_user(ckop->crk_param[7].crp_p, ++ dsa_req->d, dsa_req->d_len); ++ } else { ++ copy_to_user(ckop->crk_param[5].crp_p, ++ dsa_req->c, dsa_req->d_len); ++ copy_to_user(ckop->crk_param[6].crp_p, ++ dsa_req->d, dsa_req->d_len); ++ } ++ } ++ break; ++ case CRK_DSA_VERIFY: ++ break; ++ case CRK_DH_COMPUTE_KEY: ++ { ++ struct dh_key_req_s *dh_req = &pkc_req->req_u.dh_req; ++ if (pkc_req->type == ECDH_COMPUTE_KEY) ++ copy_to_user(ckop->crk_param[4].crp_p, ++ dh_req->z, dh_req->z_len); ++ else ++ copy_to_user(ckop->crk_param[3].crp_p, ++ dh_req->z, dh_req->z_len); ++ } ++ break; ++ default: ++ ret = -EINVAL; ++ } ++ kfree(pkc->cookie); ++ return ret; ++} ++ ++/* this function has to be called from process context */ ++static int fill_kop_from_cop(struct kernel_crypt_kop *kop) ++{ ++ kop->task = current; ++ kop->mm = current->mm; ++ return 0; ++} ++ + /* this function has to be called from process context */ + static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr) + { +@@ -662,11 +766,8 @@ static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr) + + if (cop->iv) { + rc = copy_from_user(kcop->iv, cop->iv, kcop->ivlen); +- if (unlikely(rc)) { +- derr(1, "error copying IV (%d bytes), copy_from_user returned %d for address %p", +- kcop->ivlen, rc, cop->iv); ++ if (unlikely(rc)) + return -EFAULT; +- } + } + + return 0; +@@ -692,6 +793,25 @@ static int fill_cop_from_kcop(struct kernel_crypt_op *kcop, struct fcrypt *fcr) + return 0; + } + ++static int kop_from_user(struct kernel_crypt_kop *kop, ++ void __user *arg) ++{ ++ if (unlikely(copy_from_user(&kop->kop, arg, sizeof(kop->kop)))) ++ return -EFAULT; ++ ++ return fill_kop_from_cop(kop); ++} ++ ++static int kop_to_user(struct kernel_crypt_kop *kop, ++ void __user *arg) ++{ ++ if (unlikely(copy_to_user(arg, &kop->kop, sizeof(kop->kop)))) { ++ dprintk(1, KERN_ERR, "Cannot copy to userspace\n"); ++ return -EFAULT; ++ } ++ return 0; ++} ++ + static int kcop_from_user(struct kernel_crypt_op *kcop, + struct fcrypt *fcr, void __user *arg) + { +@@ -821,7 +941,8 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + + switch (cmd) { + case CIOCASYMFEAT: +- return put_user(0, p); ++ return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | ++ CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY, p); + case CRIOGET: + fd = clonefd(filp); + ret = put_user(fd, p); +@@ -857,6 +978,24 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + if (unlikely(ret)) + return ret; + return copy_to_user(arg, &siop, sizeof(siop)); ++ case CIOCKEY: ++ { ++ struct cryptodev_pkc *pkc = ++ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); ++ ++ if (!pkc) ++ return -ENOMEM; ++ ++ ret = kop_from_user(&pkc->kop, arg); ++ if (unlikely(ret)) { ++ kfree(pkc); ++ return ret; ++ } ++ pkc->type = SYNCHRONOUS; ++ ret = crypto_run_asym(pkc); ++ kfree(pkc); ++ } ++ return ret; + case CIOCCRYPT: + if (unlikely(ret = kcop_from_user(&kcop, fcr, arg))) { + dwarning(1, "Error copying from user"); +@@ -895,6 +1034,45 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + + return kcop_to_user(&kcop, fcr, arg); + #endif ++ case CIOCASYMASYNCRYPT: ++ { ++ struct cryptodev_pkc *pkc = ++ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); ++ ret = kop_from_user(&pkc->kop, arg); ++ ++ if (unlikely(ret)) ++ return -EINVAL; ++ ++ /* Store associated FD priv data with asymmetric request */ ++ pkc->priv = pcr; ++ pkc->type = ASYNCHRONOUS; ++ ret = crypto_run_asym(pkc); ++ if (ret == -EINPROGRESS) ++ ret = 0; ++ } ++ return ret; ++ case CIOCASYMASYNFETCH: ++ { ++ struct cryptodev_pkc *pkc; ++ unsigned long flags; ++ ++ spin_lock_irqsave(&pcr->completion_lock, flags); ++ if (list_empty(&pcr->asym_completed_list)) { ++ spin_unlock_irqrestore(&pcr->completion_lock, flags); ++ return -ENOMEM; ++ } ++ pkc = list_first_entry(&pcr->asym_completed_list, ++ struct cryptodev_pkc, list); ++ list_del(&pkc->list); ++ spin_unlock_irqrestore(&pcr->completion_lock, flags); ++ ret = crypto_async_fetch_asym(pkc); ++ ++ /* Reflect the updated request to user-space */ ++ if (!ret) ++ kop_to_user(&pkc->kop, arg); ++ kfree(pkc); ++ } ++ return ret; + default: + return -EINVAL; + } +@@ -1083,9 +1261,11 @@ static unsigned int cryptodev_poll(struct file *file, poll_table *wait) + + poll_wait(file, &pcr->user_waiter, wait); + +- if (!list_empty_careful(&pcr->done.list)) ++ if (!list_empty_careful(&pcr->done.list) || ++ !list_empty_careful(&pcr->asym_completed_list)) + ret |= POLLIN | POLLRDNORM; +- if (!list_empty_careful(&pcr->free.list) || pcr->itemcount < MAX_COP_RINGSIZE) ++ if (!list_empty_careful(&pcr->free.list) || ++ pcr->itemcount < MAX_COP_RINGSIZE) + ret |= POLLOUT | POLLWRNORM; + + return ret; +diff --git a/main.c b/main.c +index 57e5c38..0b7951e 100644 +--- a/main.c ++++ b/main.c +@@ -181,6 +181,384 @@ __crypto_run_zc(struct csession *ses_ptr, struct kernel_crypt_op *kcop) + return ret; + } + ++int crypto_kop_dsasign(struct cryptodev_pkc *pkc) ++{ ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *cop = &kop->kop; ++ struct pkc_request *pkc_req = &pkc->req; ++ struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign; ++ int rc, buf_size; ++ uint8_t *buf; ++ ++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || ++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || ++ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits || ++ !cop->crk_param[6].crp_nbits || (cop->crk_iparams == 6 && ++ !cop->crk_param[7].crp_nbits)) ++ return -EINVAL; ++ ++ dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8; ++ dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; ++ dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8; ++ dsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ dsa_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8; ++ dsa_req->d_len = (cop->crk_param[6].crp_nbits + 7)/8; ++ buf_size = dsa_req->m_len + dsa_req->q_len + dsa_req->r_len + ++ dsa_req->g_len + dsa_req->priv_key_len + dsa_req->d_len + ++ dsa_req->d_len; ++ if (cop->crk_iparams == 6) { ++ dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8; ++ buf_size += dsa_req->ab_len; ++ pkc_req->type = ECDSA_SIGN; ++ pkc_req->curve_type = cop->curve_type; ++ } else { ++ pkc_req->type = DSA_SIGN; ++ } ++ ++ buf = kzalloc(buf_size, GFP_DMA); ++ ++ dsa_req->q = buf; ++ dsa_req->r = dsa_req->q + dsa_req->q_len; ++ dsa_req->g = dsa_req->r + dsa_req->r_len; ++ dsa_req->priv_key = dsa_req->g + dsa_req->g_len; ++ dsa_req->m = dsa_req->priv_key + dsa_req->priv_key_len; ++ dsa_req->c = dsa_req->m + dsa_req->m_len; ++ dsa_req->d = dsa_req->c + dsa_req->d_len; ++ copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len); ++ copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len); ++ copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len); ++ copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len); ++ copy_from_user(dsa_req->priv_key, cop->crk_param[4].crp_p, ++ dsa_req->priv_key_len); ++ if (cop->crk_iparams == 6) { ++ dsa_req->ab = dsa_req->d + dsa_req->d_len; ++ copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, ++ dsa_req->ab_len); ++ } ++ rc = cryptodev_pkc_offload(pkc); ++ if (pkc->type == SYNCHRONOUS) { ++ if (rc) ++ goto err; ++ if (cop->crk_iparams == 6) { ++ copy_to_user(cop->crk_param[6].crp_p, dsa_req->c, ++ dsa_req->d_len); ++ copy_to_user(cop->crk_param[7].crp_p, dsa_req->d, ++ dsa_req->d_len); ++ } else { ++ copy_to_user(cop->crk_param[5].crp_p, dsa_req->c, ++ dsa_req->d_len); ++ copy_to_user(cop->crk_param[6].crp_p, dsa_req->d, ++ dsa_req->d_len); ++ } ++ } else { ++ if (rc != -EINPROGRESS && rc != 0) ++ goto err; ++ ++ pkc->cookie = buf; ++ return rc; ++ } ++err: ++ kfree(buf); ++ return rc; ++} ++ ++int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) ++{ ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *cop = &kop->kop; ++ struct pkc_request *pkc_req; ++ struct dsa_verify_req_s *dsa_req; ++ int rc, buf_size; ++ uint8_t *buf; ++ ++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || ++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || ++ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits || ++ !cop->crk_param[6].crp_nbits || (cop->crk_iparams == 8 && ++ !cop->crk_param[7].crp_nbits)) ++ return -EINVAL; ++ ++ pkc_req = &pkc->req; ++ dsa_req = &pkc_req->req_u.dsa_verify; ++ dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8; ++ dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; ++ dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8; ++ dsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ dsa_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8; ++ dsa_req->d_len = (cop->crk_param[6].crp_nbits + 7)/8; ++ buf_size = dsa_req->m_len + dsa_req->q_len + dsa_req->r_len + ++ dsa_req->g_len + dsa_req->pub_key_len + dsa_req->d_len + ++ dsa_req->d_len; ++ if (cop->crk_iparams == 8) { ++ dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8; ++ buf_size += dsa_req->ab_len; ++ pkc_req->type = ECDSA_VERIFY; ++ pkc_req->curve_type = cop->curve_type; ++ } else { ++ pkc_req->type = DSA_VERIFY; ++ } ++ ++ buf = kzalloc(buf_size, GFP_DMA); ++ ++ dsa_req->q = buf; ++ dsa_req->r = dsa_req->q + dsa_req->q_len; ++ dsa_req->g = dsa_req->r + dsa_req->r_len; ++ dsa_req->pub_key = dsa_req->g + dsa_req->g_len; ++ dsa_req->m = dsa_req->pub_key + dsa_req->pub_key_len; ++ dsa_req->c = dsa_req->m + dsa_req->m_len; ++ dsa_req->d = dsa_req->c + dsa_req->d_len; ++ copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len); ++ copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len); ++ copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len); ++ copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len); ++ copy_from_user(dsa_req->pub_key, cop->crk_param[4].crp_p, ++ dsa_req->pub_key_len); ++ if (cop->crk_iparams == 8) { ++ dsa_req->ab = dsa_req->d + dsa_req->d_len; ++ copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, ++ dsa_req->ab_len); ++ copy_from_user(dsa_req->c, cop->crk_param[6].crp_p, ++ dsa_req->d_len); ++ copy_from_user(dsa_req->d, cop->crk_param[7].crp_p, ++ dsa_req->d_len); ++ } else { ++ copy_from_user(dsa_req->c, cop->crk_param[5].crp_p, ++ dsa_req->d_len); ++ copy_from_user(dsa_req->d, cop->crk_param[6].crp_p, ++ dsa_req->d_len); ++ } ++ rc = cryptodev_pkc_offload(pkc); ++ if (pkc->type == SYNCHRONOUS) { ++ if (rc) ++ goto err; ++ } else { ++ if (rc != -EINPROGRESS && !rc) ++ goto err; ++ pkc->cookie = buf; ++ return rc; ++ } ++err: ++ kfree(buf); ++ return rc; ++} ++ ++int crypto_kop_dh_key(struct cryptodev_pkc *pkc) ++{ ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *cop = &kop->kop; ++ struct pkc_request *pkc_req; ++ struct dh_key_req_s *dh_req; ++ int buf_size; ++ uint8_t *buf; ++ int rc = -EINVAL; ++ ++ pkc_req = &pkc->req; ++ dh_req = &pkc_req->req_u.dh_req; ++ dh_req->s_len = (cop->crk_param[0].crp_nbits + 7)/8; ++ dh_req->pub_key_len = (cop->crk_param[1].crp_nbits + 7)/8; ++ dh_req->q_len = (cop->crk_param[2].crp_nbits + 7)/8; ++ buf_size = dh_req->q_len + dh_req->pub_key_len + dh_req->s_len; ++ if (cop->crk_iparams == 4) { ++ pkc_req->type = ECDH_COMPUTE_KEY; ++ dh_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ dh_req->z_len = (cop->crk_param[4].crp_nbits + 7)/8; ++ buf_size += dh_req->ab_len; ++ } else { ++ dh_req->z_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ pkc_req->type = DH_COMPUTE_KEY; ++ } ++ buf_size += dh_req->z_len; ++ buf = kzalloc(buf_size, GFP_DMA); ++ dh_req->q = buf; ++ dh_req->s = dh_req->q + dh_req->q_len; ++ dh_req->pub_key = dh_req->s + dh_req->s_len; ++ dh_req->z = dh_req->pub_key + dh_req->pub_key_len; ++ if (cop->crk_iparams == 4) { ++ dh_req->ab = dh_req->z + dh_req->z_len; ++ pkc_req->curve_type = cop->curve_type; ++ copy_from_user(dh_req->ab, cop->crk_param[3].crp_p, ++ dh_req->ab_len); ++ } ++ copy_from_user(dh_req->s, cop->crk_param[0].crp_p, dh_req->s_len); ++ copy_from_user(dh_req->pub_key, cop->crk_param[1].crp_p, ++ dh_req->pub_key_len); ++ copy_from_user(dh_req->q, cop->crk_param[2].crp_p, dh_req->q_len); ++ rc = cryptodev_pkc_offload(pkc); ++ if (pkc->type == SYNCHRONOUS) { ++ if (rc) ++ goto err; ++ if (cop->crk_iparams == 4) ++ copy_to_user(cop->crk_param[4].crp_p, dh_req->z, ++ dh_req->z_len); ++ else ++ copy_to_user(cop->crk_param[3].crp_p, dh_req->z, ++ dh_req->z_len); ++ } else { ++ if (rc != -EINPROGRESS && rc != 0) ++ goto err; ++ ++ pkc->cookie = buf; ++ return rc; ++ } ++err: ++ kfree(buf); ++ return rc; ++} ++ ++int crypto_modexp_crt(struct cryptodev_pkc *pkc) ++{ ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *cop = &kop->kop; ++ struct pkc_request *pkc_req; ++ struct rsa_priv_frm3_req_s *rsa_req; ++ int rc; ++ uint8_t *buf; ++ ++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || ++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || ++ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits) ++ return -EINVAL; ++ ++ pkc_req = &pkc->req; ++ pkc_req->type = RSA_PRIV_FORM3; ++ rsa_req = &pkc_req->req_u.rsa_priv_f3; ++ rsa_req->p_len = (cop->crk_param[0].crp_nbits + 7)/8; ++ rsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; ++ rsa_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8; ++ rsa_req->dp_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ rsa_req->dq_len = (cop->crk_param[4].crp_nbits + 7)/8; ++ rsa_req->c_len = (cop->crk_param[5].crp_nbits + 7)/8; ++ rsa_req->f_len = (cop->crk_param[6].crp_nbits + 7)/8; ++ buf = kzalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len + ++ rsa_req->dp_len + rsa_req->dp_len + rsa_req->c_len + ++ rsa_req->g_len, GFP_DMA); ++ rsa_req->p = buf; ++ rsa_req->q = rsa_req->p + rsa_req->p_len; ++ rsa_req->g = rsa_req->q + rsa_req->q_len; ++ rsa_req->dp = rsa_req->g + rsa_req->g_len; ++ rsa_req->dq = rsa_req->dp + rsa_req->dp_len; ++ rsa_req->c = rsa_req->dq + rsa_req->dq_len; ++ rsa_req->f = rsa_req->c + rsa_req->c_len; ++ copy_from_user(rsa_req->p, cop->crk_param[0].crp_p, rsa_req->p_len); ++ copy_from_user(rsa_req->q, cop->crk_param[1].crp_p, rsa_req->q_len); ++ copy_from_user(rsa_req->g, cop->crk_param[2].crp_p, rsa_req->g_len); ++ copy_from_user(rsa_req->dp, cop->crk_param[3].crp_p, rsa_req->dp_len); ++ copy_from_user(rsa_req->dq, cop->crk_param[4].crp_p, rsa_req->dq_len); ++ copy_from_user(rsa_req->c, cop->crk_param[5].crp_p, rsa_req->c_len); ++ rc = cryptodev_pkc_offload(pkc); ++ ++ if (pkc->type == SYNCHRONOUS) { ++ if (rc) ++ goto err; ++ copy_to_user(cop->crk_param[6].crp_p, rsa_req->f, ++ rsa_req->f_len); ++ } else { ++ if (rc != -EINPROGRESS && rc != 0) ++ goto err; ++ ++ pkc->cookie = buf; ++ return rc; ++ } ++err: ++ kfree(buf); ++ return rc; ++} ++ ++int crypto_bn_modexp(struct cryptodev_pkc *pkc) ++{ ++ struct pkc_request *pkc_req; ++ struct rsa_pub_req_s *rsa_req; ++ int rc; ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *cop = &kop->kop; ++ uint8_t *buf; ++ ++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || ++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits) ++ return -EINVAL; ++ ++ pkc_req = &pkc->req; ++ pkc_req->type = RSA_PUB; ++ rsa_req = &pkc_req->req_u.rsa_pub_req; ++ rsa_req->f_len = (cop->crk_param[0].crp_nbits + 7)/8; ++ rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8; ++ rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; ++ rsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ buf = kzalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len ++ + rsa_req->g_len, GFP_DMA); ++ if (!buf) ++ return -ENOMEM; ++ ++ rsa_req->e = buf; ++ rsa_req->f = rsa_req->e + rsa_req->e_len; ++ rsa_req->g = rsa_req->f + rsa_req->f_len; ++ rsa_req->n = rsa_req->g + rsa_req->g_len; ++ copy_from_user(rsa_req->f, cop->crk_param[0].crp_p, rsa_req->f_len); ++ copy_from_user(rsa_req->e, cop->crk_param[1].crp_p, rsa_req->e_len); ++ copy_from_user(rsa_req->n, cop->crk_param[2].crp_p, rsa_req->n_len); ++ rc = cryptodev_pkc_offload(pkc); ++ if (pkc->type == SYNCHRONOUS) { ++ if (rc) ++ goto err; ++ ++ copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, ++ rsa_req->g_len); ++ } else { ++ if (rc != -EINPROGRESS && rc != 0) ++ goto err; ++ ++ /* This one will be freed later in fetch handler */ ++ pkc->cookie = buf; ++ return rc; ++ } ++err: ++ kfree(buf); ++ return rc; ++} ++ ++int crypto_run_asym(struct cryptodev_pkc *pkc) ++{ ++ int ret = -EINVAL; ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ ++ switch (kop->kop.crk_op) { ++ case CRK_MOD_EXP: ++ if (kop->kop.crk_iparams != 3 && kop->kop.crk_oparams != 1) ++ goto err; ++ ++ ret = crypto_bn_modexp(pkc); ++ break; ++ case CRK_MOD_EXP_CRT: ++ if (kop->kop.crk_iparams != 6 && kop->kop.crk_oparams != 1) ++ goto err; ++ ++ ret = crypto_modexp_crt(pkc); ++ break; ++ case CRK_DSA_SIGN: ++ if ((kop->kop.crk_iparams != 5 && kop->kop.crk_iparams != 6) || ++ kop->kop.crk_oparams != 2) ++ goto err; ++ ++ ret = crypto_kop_dsasign(pkc); ++ break; ++ case CRK_DSA_VERIFY: ++ if ((kop->kop.crk_iparams != 7 && kop->kop.crk_iparams != 8) || ++ kop->kop.crk_oparams != 0) ++ goto err; ++ ++ ret = crypto_kop_dsaverify(pkc); ++ break; ++ case CRK_DH_COMPUTE_KEY: ++ if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4) || ++ kop->kop.crk_oparams != 1) ++ goto err; ++ ret = crypto_kop_dh_key(pkc); ++ break; ++ } ++err: ++ return ret; ++} ++ + int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop) + { + struct csession *ses_ptr; +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0004-Compat-versions-of-PKC-IOCTLs.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0004-Compat-versions-of-PKC-IOCTLs.patch new file mode 100644 index 00000000..2eedcc72 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0004-Compat-versions-of-PKC-IOCTLs.patch @@ -0,0 +1,200 @@ +From 5435dfd329cd90837ce36c6dadc26166c7906cab Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta <yashpal.dutta@freescale.com> +Date: Fri, 7 Mar 2014 06:52:13 +0545 +Subject: [PATCH 4/9] Compat versions of PKC IOCTLs + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> +--- + cryptodev_int.h | 20 ++++++++++ + ioctl.c | 120 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 140 insertions(+) + +diff --git a/cryptodev_int.h b/cryptodev_int.h +index fdbcc61..cf54dac 100644 +--- a/cryptodev_int.h ++++ b/cryptodev_int.h +@@ -75,6 +75,24 @@ struct compat_crypt_op { + compat_uptr_t iv;/* initialization vector for encryption operations */ + }; + ++/* input of CIOCKEY */ ++struct compat_crparam { ++ compat_uptr_t crp_p; ++ uint32_t crp_nbits; ++}; ++ ++struct compat_crypt_kop { ++ uint32_t crk_op; /* cryptodev_crk_ot_t */ ++ uint32_t crk_status; ++ uint16_t crk_iparams; ++ uint16_t crk_oparams; ++ uint32_t crk_pad1; ++ struct compat_crparam crk_param[CRK_MAXPARAM]; ++ enum curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME, ++ 2 = EC_BINARY */ ++ compat_uptr_t cookie; ++}; ++ + /* input of CIOCAUTHCRYPT */ + struct compat_crypt_auth_op { + uint32_t ses; /* session identifier */ +@@ -111,6 +129,8 @@ struct compat_crypt_auth_op { + #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op) + #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op) + #define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op) ++#define COMPAT_CIOCASYMASYNCRYPT _IOW('c', 110, struct compat_crypt_kop) ++#define COMPAT_CIOCASYMASYNFETCH _IOR('c', 111, struct compat_crypt_kop) + + #endif /* CONFIG_COMPAT */ + +diff --git a/ioctl.c b/ioctl.c +index 782d7fe..3baf3e6 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -1081,6 +1081,68 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + /* compatibility code for 32bit userlands */ + #ifdef CONFIG_COMPAT + ++static inline void compat_to_crypt_kop(struct compat_crypt_kop *compat, ++ struct crypt_kop *kop) ++{ ++ int i; ++ kop->crk_op = compat->crk_op; ++ kop->crk_status = compat->crk_status; ++ kop->crk_iparams = compat->crk_iparams; ++ kop->crk_oparams = compat->crk_oparams; ++ ++ for (i = 0; i < CRK_MAXPARAM; i++) { ++ kop->crk_param[i].crp_p = ++ compat_ptr(compat->crk_param[i].crp_p); ++ kop->crk_param[i].crp_nbits = compat->crk_param[i].crp_nbits; ++ } ++ ++ kop->curve_type = compat->curve_type; ++ kop->cookie = compat->cookie; ++} ++ ++static int compat_kop_from_user(struct kernel_crypt_kop *kop, ++ void __user *arg) ++{ ++ struct compat_crypt_kop compat_kop; ++ ++ if (unlikely(copy_from_user(&compat_kop, arg, sizeof(compat_kop)))) ++ return -EFAULT; ++ ++ compat_to_crypt_kop(&compat_kop, &kop->kop); ++ return fill_kop_from_cop(kop); ++} ++ ++static inline void crypt_kop_to_compat(struct crypt_kop *kop, ++ struct compat_crypt_kop *compat) ++{ ++ int i; ++ ++ compat->crk_op = kop->crk_op; ++ compat->crk_status = kop->crk_status; ++ compat->crk_iparams = kop->crk_iparams; ++ compat->crk_oparams = kop->crk_oparams; ++ ++ for (i = 0; i < CRK_MAXPARAM; i++) { ++ compat->crk_param[i].crp_p = ++ ptr_to_compat(kop->crk_param[i].crp_p); ++ compat->crk_param[i].crp_nbits = kop->crk_param[i].crp_nbits; ++ } ++ compat->cookie = kop->cookie; ++ compat->curve_type = kop->curve_type; ++} ++ ++static int compat_kop_to_user(struct kernel_crypt_kop *kop, void __user *arg) ++{ ++ struct compat_crypt_kop compat_kop; ++ ++ crypt_kop_to_compat(&kop->kop, &compat_kop); ++ if (unlikely(copy_to_user(arg, &compat_kop, sizeof(compat_kop)))) { ++ dprintk(1, KERN_ERR, "Cannot copy to userspace\n"); ++ return -EFAULT; ++ } ++ return 0; ++} ++ + static inline void + compat_to_session_op(struct compat_session_op *compat, struct session_op *sop) + { +@@ -1208,7 +1270,26 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + return -EFAULT; + } + return ret; ++ case COMPAT_CIOCKEY: ++ { ++ struct cryptodev_pkc *pkc = ++ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); ++ ++ if (!pkc) ++ return -ENOMEM; ++ ++ ret = compat_kop_from_user(&pkc->kop, arg); ++ ++ if (unlikely(ret)) { ++ kfree(pkc); ++ return ret; ++ } + ++ pkc->type = SYNCHRONOUS; ++ ret = crypto_run_asym(pkc); ++ kfree(pkc); ++ } ++ return ret; + case COMPAT_CIOCCRYPT: + ret = compat_kcop_from_user(&kcop, fcr, arg); + if (unlikely(ret)) +@@ -1247,6 +1328,45 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + + return compat_kcop_to_user(&kcop, fcr, arg); + #endif ++ case COMPAT_CIOCASYMASYNCRYPT: ++ { ++ struct cryptodev_pkc *pkc = ++ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); ++ ++ ret = compat_kop_from_user(&pkc->kop, arg); ++ if (unlikely(ret)) ++ return -EINVAL; ++ ++ /* Store associated FD priv data with asymmetric request */ ++ pkc->priv = pcr; ++ pkc->type = ASYNCHRONOUS; ++ ret = crypto_run_asym(pkc); ++ if (ret == -EINPROGRESS) ++ ret = 0; ++ } ++ return ret; ++ case COMPAT_CIOCASYMASYNFETCH: ++ { ++ struct cryptodev_pkc *pkc; ++ unsigned long flags; ++ ++ spin_lock_irqsave(&pcr->completion_lock, flags); ++ if (list_empty(&pcr->asym_completed_list)) { ++ spin_unlock_irqrestore(&pcr->completion_lock, flags); ++ return -ENOMEM; ++ } ++ pkc = list_first_entry(&pcr->asym_completed_list, ++ struct cryptodev_pkc, list); ++ list_del(&pkc->list); ++ spin_unlock_irqrestore(&pcr->completion_lock, flags); ++ ret = crypto_async_fetch_asym(pkc); ++ ++ /* Reflect the updated request to user-space */ ++ if (!ret) ++ compat_kop_to_user(&pkc->kop, arg); ++ kfree(pkc); ++ } ++ return ret; + default: + return -EINVAL; + } +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0005-Asynchronous-interface-changes-in-cryptodev.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0005-Asynchronous-interface-changes-in-cryptodev.patch new file mode 100644 index 00000000..2f88eda3 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0005-Asynchronous-interface-changes-in-cryptodev.patch @@ -0,0 +1,213 @@ +From ddc4179a454cea79c8385fd6756d20cbf3c6dcb5 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta <yashpal.dutta@freescale.com> +Date: Fri, 7 Mar 2014 07:24:00 +0545 +Subject: [PATCH 5/9] Asynchronous interface changes in cryptodev + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> +--- + cryptlib.h | 7 ++++- + crypto/cryptodev.h | 10 ++++++- + cryptodev_int.h | 10 ++++++- + ioctl.c | 76 +++++++++++++++++++++++++++++++++++++----------------- + 4 files changed, 76 insertions(+), 27 deletions(-) + +diff --git a/cryptlib.h b/cryptlib.h +index 56d325a..7ffa54c 100644 +--- a/cryptlib.h ++++ b/cryptlib.h +@@ -113,7 +113,12 @@ struct cryptodev_pkc { + struct pkc_request req; /* PKC request structure allocated + from CryptoAPI */ + enum offload_type type; /* Synchronous Vs Asynchronous request */ +- void *cookie; /*Additional opaque cookie to be used in future */ ++ /* ++ * cookie used for transfering tranparent information from async ++ * submission to async fetch. Currently some dynamic allocated ++ * buffers are maintained which will be freed later during fetch ++ */ ++ void *cookie; + struct crypt_priv *priv; + }; + +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index 96675fe..4436fbf 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -254,6 +254,14 @@ struct crypt_kop { + void *cookie; + }; + ++#define MAX_COOKIES 4 ++ ++struct pkc_cookie_list_s { ++ int cookie_available; ++ void *cookie[MAX_COOKIES]; ++ int status[MAX_COOKIES]; ++}; ++ + enum cryptodev_crk_op_t { + CRK_MOD_EXP = 0, + CRK_MOD_EXP_CRT = 1, +@@ -298,5 +306,5 @@ enum cryptodev_crk_op_t { + #define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op) + /* additional ioctls for asynchronous operation for asymmetric ciphers*/ + #define CIOCASYMASYNCRYPT _IOW('c', 112, struct crypt_kop) +-#define CIOCASYMASYNFETCH _IOR('c', 113, struct crypt_kop) ++#define CIOCASYMFETCHCOOKIE _IOR('c', 113, struct pkc_cookie_list_s) + #endif /* L_CRYPTODEV_H */ +diff --git a/cryptodev_int.h b/cryptodev_int.h +index cf54dac..5347cae 100644 +--- a/cryptodev_int.h ++++ b/cryptodev_int.h +@@ -93,6 +93,12 @@ struct compat_crypt_kop { + compat_uptr_t cookie; + }; + ++struct compat_pkc_cookie_list_s { ++ int cookie_available; ++ compat_uptr_t cookie[MAX_COOKIES]; ++ int status[MAX_COOKIES]; ++}; ++ + /* input of CIOCAUTHCRYPT */ + struct compat_crypt_auth_op { + uint32_t ses; /* session identifier */ +@@ -126,11 +132,13 @@ struct compat_crypt_auth_op { + /* compat ioctls, defined for the above structs */ + #define COMPAT_CIOCGSESSION _IOWR('c', 102, struct compat_session_op) + #define COMPAT_CIOCCRYPT _IOWR('c', 104, struct compat_crypt_op) ++#define COMPAT_CIOCKEY _IOW('c', 105, struct compat_crypt_kop) + #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op) + #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op) + #define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op) + #define COMPAT_CIOCASYMASYNCRYPT _IOW('c', 110, struct compat_crypt_kop) +-#define COMPAT_CIOCASYMASYNFETCH _IOR('c', 111, struct compat_crypt_kop) ++#define COMPAT_CIOCASYMFETCHCOOKIE _IOR('c', 111, \ ++ struct compat_pkc_cookie_list_s) + + #endif /* CONFIG_COMPAT */ + +diff --git a/ioctl.c b/ioctl.c +index 3baf3e6..2eb7f03 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -105,8 +105,6 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err) + crypto_free_pkc(pkc->s); + res->err = err; + if (pkc->type == SYNCHRONOUS) { +- if (err == -EINPROGRESS) +- return; + complete(&res->completion); + } else { + struct crypt_priv *pcr = pkc->priv; +@@ -1051,26 +1049,41 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + ret = 0; + } + return ret; +- case CIOCASYMASYNFETCH: ++ case CIOCASYMFETCHCOOKIE: + { + struct cryptodev_pkc *pkc; + unsigned long flags; ++ int i; ++ struct pkc_cookie_list_s cookie_list; + + spin_lock_irqsave(&pcr->completion_lock, flags); +- if (list_empty(&pcr->asym_completed_list)) { +- spin_unlock_irqrestore(&pcr->completion_lock, flags); +- return -ENOMEM; ++ cookie_list.cookie_available = 0; ++ for (i = 0; i < MAX_COOKIES; i++) { ++ if (!list_empty(&pcr->asym_completed_list)) { ++ /* Run a loop in the list for upto elements ++ and copy their response back */ ++ pkc = ++ list_first_entry(&pcr->asym_completed_list, ++ struct cryptodev_pkc, list); ++ list_del(&pkc->list); ++ ret = crypto_async_fetch_asym(pkc); ++ if (!ret) { ++ cookie_list.cookie_available++; ++ cookie_list.cookie[i] = ++ pkc->kop.kop.cookie; ++ cookie_list.status[i] = pkc->result.err; ++ } ++ kfree(pkc); ++ } else { ++ break; ++ } + } +- pkc = list_first_entry(&pcr->asym_completed_list, +- struct cryptodev_pkc, list); +- list_del(&pkc->list); + spin_unlock_irqrestore(&pcr->completion_lock, flags); +- ret = crypto_async_fetch_asym(pkc); + + /* Reflect the updated request to user-space */ +- if (!ret) +- kop_to_user(&pkc->kop, arg); +- kfree(pkc); ++ if (cookie_list.cookie_available) ++ copy_to_user(arg, &cookie_list, ++ sizeof(struct pkc_cookie_list_s)); + } + return ret; + default: +@@ -1345,26 +1358,41 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + ret = 0; + } + return ret; +- case COMPAT_CIOCASYMASYNFETCH: ++ case COMPAT_CIOCASYMFETCHCOOKIE: + { + struct cryptodev_pkc *pkc; + unsigned long flags; ++ int i = 0; ++ struct compat_pkc_cookie_list_s cookie_list; + + spin_lock_irqsave(&pcr->completion_lock, flags); +- if (list_empty(&pcr->asym_completed_list)) { +- spin_unlock_irqrestore(&pcr->completion_lock, flags); +- return -ENOMEM; ++ cookie_list.cookie_available = 0; ++ ++ for (i = 0; i < MAX_COOKIES; i++) { ++ if (!list_empty(&pcr->asym_completed_list)) { ++ /* Run a loop in the list for upto elements ++ and copy their response back */ ++ pkc = ++ list_first_entry(&pcr->asym_completed_list, ++ struct cryptodev_pkc, list); ++ list_del(&pkc->list); ++ ret = crypto_async_fetch_asym(pkc); ++ if (!ret) { ++ cookie_list.cookie_available++; ++ cookie_list.cookie[i] = ++ pkc->kop.kop.cookie; ++ } ++ kfree(pkc); ++ } else { ++ break; ++ } + } +- pkc = list_first_entry(&pcr->asym_completed_list, +- struct cryptodev_pkc, list); +- list_del(&pkc->list); + spin_unlock_irqrestore(&pcr->completion_lock, flags); +- ret = crypto_async_fetch_asym(pkc); + + /* Reflect the updated request to user-space */ +- if (!ret) +- compat_kop_to_user(&pkc->kop, arg); +- kfree(pkc); ++ if (cookie_list.cookie_available) ++ copy_to_user(arg, &cookie_list, ++ sizeof(struct compat_pkc_cookie_list_s)); + } + return ret; + default: +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch new file mode 100644 index 00000000..e70a057b --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch @@ -0,0 +1,212 @@ +From 30fc86a09109f169815befc2cd8bbfcae79fe7e0 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta <yashpal.dutta@freescale.com> +Date: Fri, 7 Mar 2014 07:53:53 +0545 +Subject: [PATCH 6/9] ECC_KEYGEN and DLC_KEYGEN supported in cryptodev module + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> +--- + cryptlib.c | 2 ++ + crypto/cryptodev.h | 5 +++- + ioctl.c | 29 +++++++++++++++++-- + main.c | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 118 insertions(+), 3 deletions(-) + +diff --git a/cryptlib.c b/cryptlib.c +index 6900028..47cd568 100644 +--- a/cryptlib.c ++++ b/cryptlib.c +@@ -452,6 +452,8 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) + case DSA_VERIFY: + case ECDSA_SIGN: + case ECDSA_VERIFY: ++ case DLC_KEYGEN: ++ case ECC_KEYGEN: + pkc->s = crypto_alloc_pkc("pkc(dsa)", + CRYPTO_ALG_TYPE_PKC_DSA, 0); + break; +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index 4436fbf..275a55c 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -268,6 +268,8 @@ enum cryptodev_crk_op_t { + CRK_DSA_SIGN = 2, + CRK_DSA_VERIFY = 3, + CRK_DH_COMPUTE_KEY = 4, ++ CRK_DSA_GENERATE_KEY = 5, ++ CRK_DH_GENERATE_KEY = 6, + CRK_ALGORITHM_ALL + }; + +@@ -280,7 +282,8 @@ enum cryptodev_crk_op_t { + #define CRF_DSA_SIGN (1 << CRK_DSA_SIGN) + #define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) + #define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) +- ++#define CRF_DSA_GENERATE_KEY (1 << CRK_DSA_GENERATE_KEY) ++#define CRF_DH_GENERATE_KEY (1 << CRK_DH_GENERATE_KEY) + + /* ioctl's. Compatible with old linux cryptodev.h + */ +diff --git a/ioctl.c b/ioctl.c +index 2eb7f03..c813c8c 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -726,6 +726,23 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) + dh_req->z, dh_req->z_len); + } + break; ++ case CRK_DSA_GENERATE_KEY: ++ case CRK_DH_GENERATE_KEY: ++ { ++ struct keygen_req_s *key_req = &pkc_req->req_u.keygen; ++ ++ if (pkc_req->type == ECC_KEYGEN) { ++ copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key, ++ key_req->pub_key_len); ++ copy_to_user(ckop->crk_param[5].crp_p, ++ key_req->priv_key, key_req->priv_key_len); ++ } else { ++ copy_to_user(ckop->crk_param[3].crp_p, ++ key_req->pub_key, key_req->pub_key_len); ++ copy_to_user(ckop->crk_param[4].crp_p, ++ key_req->priv_key, key_req->priv_key_len); ++ } ++ } + default: + ret = -EINVAL; + } +@@ -939,8 +956,9 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + + switch (cmd) { + case CIOCASYMFEAT: +- return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | +- CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY, p); ++ return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | ++ CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | ++ CRF_DSA_GENERATE_KEY, p); + case CRIOGET: + fd = clonefd(filp); + ret = put_user(fd, p); +@@ -1084,7 +1102,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + if (cookie_list.cookie_available) + copy_to_user(arg, &cookie_list, + sizeof(struct pkc_cookie_list_s)); ++ else { ++ struct pkc_cookie_list_s *user_ck_list = (void *)arg; ++ ++ put_user(0, &(user_ck_list->cookie_available)); ++ } ++ ret = cookie_list.cookie_available; + } ++ + return ret; + default: + return -EINVAL; +diff --git a/main.c b/main.c +index 0b7951e..c901bc7 100644 +--- a/main.c ++++ b/main.c +@@ -342,6 +342,85 @@ err: + return rc; + } + ++int crypto_kop_keygen(struct cryptodev_pkc *pkc) ++{ ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *cop = &kop->kop; ++ struct pkc_request *pkc_req; ++ struct keygen_req_s *key_req; ++ int rc, buf_size; ++ uint8_t *buf; ++ ++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || ++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || ++ !cop->crk_param[4].crp_nbits) ++ return -EINVAL; ++ ++ pkc_req = &pkc->req; ++ key_req = &pkc_req->req_u.keygen; ++ key_req->q_len = (cop->crk_param[0].crp_nbits + 7)/8; ++ key_req->r_len = (cop->crk_param[1].crp_nbits + 7)/8; ++ key_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8; ++ if (cop->crk_iparams == 3) { ++ key_req->pub_key_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ key_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8; ++ buf_size = key_req->q_len + key_req->r_len + key_req->g_len + ++ key_req->pub_key_len + key_req->priv_key_len; ++ pkc_req->type = DLC_KEYGEN; ++ } else { ++ key_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ key_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8; ++ key_req->priv_key_len = (cop->crk_param[5].crp_nbits + 7)/8; ++ buf_size = key_req->q_len + key_req->r_len + key_req->g_len + ++ key_req->pub_key_len + key_req->priv_key_len + ++ key_req->ab_len; ++ pkc_req->type = ECC_KEYGEN; ++ pkc_req->curve_type = cop->curve_type; ++ } ++ ++ buf = kzalloc(buf_size, GFP_DMA); ++ if (!buf) ++ return -ENOMEM; ++ ++ key_req->q = buf; ++ key_req->r = key_req->q + key_req->q_len; ++ key_req->g = key_req->r + key_req->r_len; ++ key_req->pub_key = key_req->g + key_req->g_len; ++ key_req->priv_key = key_req->pub_key + key_req->pub_key_len; ++ copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len); ++ copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len); ++ copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len); ++ if (cop->crk_iparams == 3) { ++ copy_from_user(key_req->pub_key, cop->crk_param[3].crp_p, ++ key_req->pub_key_len); ++ copy_from_user(key_req->priv_key, cop->crk_param[4].crp_p, ++ key_req->priv_key_len); ++ } else { ++ key_req->ab = key_req->priv_key + key_req->priv_key_len; ++ copy_from_user(key_req->ab, cop->crk_param[3].crp_p, ++ key_req->ab_len); ++ copy_from_user(key_req->pub_key, cop->crk_param[4].crp_p, ++ key_req->pub_key_len); ++ copy_from_user(key_req->priv_key, cop->crk_param[5].crp_p, ++ key_req->priv_key_len); ++ } ++ ++ rc = cryptodev_pkc_offload(pkc); ++ if (pkc->type == SYNCHRONOUS) { ++ if (rc) ++ goto err; ++ } else { ++ if (rc != -EINPROGRESS && !rc) ++ goto err; ++ ++ pkc->cookie = buf; ++ return rc; ++ } ++err: ++ kfree(buf); ++ return rc; ++} ++ + int crypto_kop_dh_key(struct cryptodev_pkc *pkc) + { + struct kernel_crypt_kop *kop = &pkc->kop; +@@ -554,6 +633,12 @@ int crypto_run_asym(struct cryptodev_pkc *pkc) + goto err; + ret = crypto_kop_dh_key(pkc); + break; ++ case CRK_DH_GENERATE_KEY: ++ case CRK_DSA_GENERATE_KEY: ++ if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4)) ++ goto err; ++ ret = crypto_kop_keygen(pkc); ++ break; + } + err: + return ret; +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch new file mode 100644 index 00000000..93a2248c --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch @@ -0,0 +1,238 @@ +From d60b9dbf53d63092fd292c00bb03c250c26703cf Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta <yashpal.dutta@freescale.com> +Date: Fri, 7 Mar 2014 08:49:15 +0545 +Subject: [PATCH 7/9] RCU stall fixed in PKC asynchronous interface + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> +--- + ioctl.c | 23 +++++++++++------------ + main.c | 43 +++++++++++++++++++++++++++---------------- + 2 files changed, 38 insertions(+), 28 deletions(-) + +diff --git a/ioctl.c b/ioctl.c +index c813c8c..7e4c671 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -108,10 +108,9 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err) + complete(&res->completion); + } else { + struct crypt_priv *pcr = pkc->priv; +- unsigned long flags; +- spin_lock_irqsave(&pcr->completion_lock, flags); ++ spin_lock_bh(&pcr->completion_lock); + list_add_tail(&pkc->list, &pcr->asym_completed_list); +- spin_unlock_irqrestore(&pcr->completion_lock, flags); ++ spin_unlock_bh(&pcr->completion_lock); + /* wake for POLLIN */ + wake_up_interruptible(&pcr->user_waiter); + } +@@ -958,7 +957,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + case CIOCASYMFEAT: + return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | + CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | +- CRF_DSA_GENERATE_KEY, p); ++ CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p); + case CRIOGET: + fd = clonefd(filp); + ret = put_user(fd, p); +@@ -997,7 +996,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + case CIOCKEY: + { + struct cryptodev_pkc *pkc = +- kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); ++ kmalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); + + if (!pkc) + return -ENOMEM; +@@ -1053,7 +1052,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + case CIOCASYMASYNCRYPT: + { + struct cryptodev_pkc *pkc = +- kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); ++ kmalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); + ret = kop_from_user(&pkc->kop, arg); + + if (unlikely(ret)) +@@ -1070,13 +1069,12 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + case CIOCASYMFETCHCOOKIE: + { + struct cryptodev_pkc *pkc; +- unsigned long flags; + int i; + struct pkc_cookie_list_s cookie_list; + +- spin_lock_irqsave(&pcr->completion_lock, flags); + cookie_list.cookie_available = 0; + for (i = 0; i < MAX_COOKIES; i++) { ++ spin_lock_bh(&pcr->completion_lock); + if (!list_empty(&pcr->asym_completed_list)) { + /* Run a loop in the list for upto elements + and copy their response back */ +@@ -1084,6 +1082,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + list_first_entry(&pcr->asym_completed_list, + struct cryptodev_pkc, list); + list_del(&pkc->list); ++ spin_unlock_bh(&pcr->completion_lock); + ret = crypto_async_fetch_asym(pkc); + if (!ret) { + cookie_list.cookie_available++; +@@ -1093,10 +1092,10 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + } + kfree(pkc); + } else { ++ spin_unlock_bh(&pcr->completion_lock); + break; + } + } +- spin_unlock_irqrestore(&pcr->completion_lock, flags); + + /* Reflect the updated request to user-space */ + if (cookie_list.cookie_available) +@@ -1386,14 +1385,13 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + case COMPAT_CIOCASYMFETCHCOOKIE: + { + struct cryptodev_pkc *pkc; +- unsigned long flags; + int i = 0; + struct compat_pkc_cookie_list_s cookie_list; + +- spin_lock_irqsave(&pcr->completion_lock, flags); + cookie_list.cookie_available = 0; + + for (i = 0; i < MAX_COOKIES; i++) { ++ spin_lock_bh(&pcr->completion_lock); + if (!list_empty(&pcr->asym_completed_list)) { + /* Run a loop in the list for upto elements + and copy their response back */ +@@ -1401,6 +1399,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + list_first_entry(&pcr->asym_completed_list, + struct cryptodev_pkc, list); + list_del(&pkc->list); ++ spin_unlock_bh(&pcr->completion_lock); + ret = crypto_async_fetch_asym(pkc); + if (!ret) { + cookie_list.cookie_available++; +@@ -1409,10 +1408,10 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + } + kfree(pkc); + } else { ++ spin_unlock_bh(&pcr->completion_lock); + break; + } + } +- spin_unlock_irqrestore(&pcr->completion_lock, flags); + + /* Reflect the updated request to user-space */ + if (cookie_list.cookie_available) +diff --git a/main.c b/main.c +index c901bc7..2747706 100644 +--- a/main.c ++++ b/main.c +@@ -215,7 +215,9 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc) + pkc_req->type = DSA_SIGN; + } + +- buf = kzalloc(buf_size, GFP_DMA); ++ buf = kmalloc(buf_size, GFP_DMA); ++ if (!buf) ++ return -ENOMEM; + + dsa_req->q = buf; + dsa_req->r = dsa_req->q + dsa_req->q_len; +@@ -298,7 +300,9 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) + pkc_req->type = DSA_VERIFY; + } + +- buf = kzalloc(buf_size, GFP_DMA); ++ buf = kmalloc(buf_size, GFP_DMA); ++ if (!buf) ++ return -ENOMEM; + + dsa_req->q = buf; + dsa_req->r = dsa_req->q + dsa_req->q_len; +@@ -378,7 +382,7 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) + pkc_req->curve_type = cop->curve_type; + } + +- buf = kzalloc(buf_size, GFP_DMA); ++ buf = kmalloc(buf_size, GFP_DMA); + if (!buf) + return -ENOMEM; + +@@ -390,25 +394,28 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) + copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len); + copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len); + copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len); +- if (cop->crk_iparams == 3) { +- copy_from_user(key_req->pub_key, cop->crk_param[3].crp_p, +- key_req->pub_key_len); +- copy_from_user(key_req->priv_key, cop->crk_param[4].crp_p, +- key_req->priv_key_len); +- } else { ++ if (cop->crk_iparams == 4) { + key_req->ab = key_req->priv_key + key_req->priv_key_len; + copy_from_user(key_req->ab, cop->crk_param[3].crp_p, + key_req->ab_len); +- copy_from_user(key_req->pub_key, cop->crk_param[4].crp_p, +- key_req->pub_key_len); +- copy_from_user(key_req->priv_key, cop->crk_param[5].crp_p, +- key_req->priv_key_len); + } + + rc = cryptodev_pkc_offload(pkc); + if (pkc->type == SYNCHRONOUS) { + if (rc) + goto err; ++ ++ if (cop->crk_iparams == 4) { ++ copy_to_user(cop->crk_param[4].crp_p, key_req->pub_key, ++ key_req->pub_key_len); ++ copy_to_user(cop->crk_param[5].crp_p, key_req->priv_key, ++ key_req->priv_key_len); ++ } else { ++ copy_to_user(cop->crk_param[3].crp_p, key_req->pub_key, ++ key_req->pub_key_len); ++ copy_to_user(cop->crk_param[4].crp_p, ++ key_req->priv_key, key_req->priv_key_len); ++ } + } else { + if (rc != -EINPROGRESS && !rc) + goto err; +@@ -447,7 +454,9 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc) + pkc_req->type = DH_COMPUTE_KEY; + } + buf_size += dh_req->z_len; +- buf = kzalloc(buf_size, GFP_DMA); ++ buf = kmalloc(buf_size, GFP_DMA); ++ if (!buf) ++ return -ENOMEM; + dh_req->q = buf; + dh_req->s = dh_req->q + dh_req->q_len; + dh_req->pub_key = dh_req->s + dh_req->s_len; +@@ -508,9 +517,11 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc) + rsa_req->dq_len = (cop->crk_param[4].crp_nbits + 7)/8; + rsa_req->c_len = (cop->crk_param[5].crp_nbits + 7)/8; + rsa_req->f_len = (cop->crk_param[6].crp_nbits + 7)/8; +- buf = kzalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len + ++ buf = kmalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len + + rsa_req->dp_len + rsa_req->dp_len + rsa_req->c_len + + rsa_req->g_len, GFP_DMA); ++ if (!buf) ++ return -ENOMEM; + rsa_req->p = buf; + rsa_req->q = rsa_req->p + rsa_req->p_len; + rsa_req->g = rsa_req->q + rsa_req->q_len; +@@ -563,7 +574,7 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc) + rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8; + rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; + rsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8; +- buf = kzalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len ++ buf = kmalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len + + rsa_req->g_len, GFP_DMA); + if (!buf) + return -ENOMEM; +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0008-Add-RSA-Key-generation-offloading.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0008-Add-RSA-Key-generation-offloading.patch new file mode 100644 index 00000000..affb2e72 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0008-Add-RSA-Key-generation-offloading.patch @@ -0,0 +1,170 @@ +From af5e4289f60c38ab17adab14c82d6204d155f25f Mon Sep 17 00:00:00 2001 +From: Hou Zhiqiang <B48286@freescale.com> +Date: Wed, 19 Mar 2014 14:02:46 +0800 +Subject: [PATCH 8/9] Add RSA Key generation offloading + +Upstream-status: Pending + +Signed-off-by: Hou Zhiqiang <B48286@freescale.com> +Tested-by: Cristian Stoica <cristian.stoica@freescale.com> +--- + cryptlib.c | 1 + + crypto/cryptodev.h | 2 ++ + ioctl.c | 3 +- + main.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++- + 4 files changed, 84 insertions(+), 2 deletions(-) + +diff --git a/cryptlib.c b/cryptlib.c +index 47cd568..4dd1847 100644 +--- a/cryptlib.c ++++ b/cryptlib.c +@@ -441,6 +441,7 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) + struct pkc_request *pkc_req = &pkc->req, *pkc_requested; + + switch (pkc_req->type) { ++ case RSA_KEYGEN: + case RSA_PUB: + case RSA_PRIV_FORM1: + case RSA_PRIV_FORM2: +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index 275a55c..d0cc542 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -270,6 +270,7 @@ enum cryptodev_crk_op_t { + CRK_DH_COMPUTE_KEY = 4, + CRK_DSA_GENERATE_KEY = 5, + CRK_DH_GENERATE_KEY = 6, ++ CRK_RSA_GENERATE_KEY = 7, + CRK_ALGORITHM_ALL + }; + +@@ -279,6 +280,7 @@ enum cryptodev_crk_op_t { + */ + #define CRF_MOD_EXP (1 << CRK_MOD_EXP) + #define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT) ++#define CRF_RSA_GENERATE_KEY (1 << CRK_RSA_GENERATE_KEY) + #define CRF_DSA_SIGN (1 << CRK_DSA_SIGN) + #define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) + #define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) +diff --git a/ioctl.c b/ioctl.c +index 7e4c671..14888d6 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -957,7 +957,8 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + case CIOCASYMFEAT: + return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | + CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | +- CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p); ++ CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY | ++ CRF_RSA_GENERATE_KEY, p); + case CRIOGET: + fd = clonefd(filp); + ret = put_user(fd, p); +diff --git a/main.c b/main.c +index 2747706..14dcf40 100644 +--- a/main.c ++++ b/main.c +@@ -346,6 +346,82 @@ err: + return rc; + } + ++int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc) ++{ ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *cop = &kop->kop; ++ struct pkc_request *pkc_req; ++ struct rsa_keygen_req_s *key_req; ++ int rc, buf_size; ++ uint8_t *buf; ++ ++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || ++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || ++ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits || ++ !cop->crk_param[6].crp_nbits) ++ return -EINVAL; ++ ++ pkc_req = &pkc->req; ++ pkc_req->type = RSA_KEYGEN; ++ key_req = &pkc_req->req_u.rsa_keygen; ++ key_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; ++ key_req->p_len = (cop->crk_param[0].crp_nbits + 7) / 8; ++ key_req->q_len = (cop->crk_param[1].crp_nbits + 7) / 8; ++ key_req->n_len = (cop->crk_param[2].crp_nbits + 7) / 8; ++ key_req->d_len = (cop->crk_param[3].crp_nbits + 7) / 8; ++ key_req->dp_len = (cop->crk_param[4].crp_nbits + 7) / 8; ++ key_req->dq_len = (cop->crk_param[5].crp_nbits + 7) / 8; ++ key_req->c_len = (cop->crk_param[6].crp_nbits + 7) / 8; ++ ++ buf_size = key_req->p_len + key_req->q_len + key_req->n_len + ++ key_req->d_len + key_req->dp_len + ++ key_req->dq_len + key_req->c_len; ++ ++ buf = kmalloc(buf_size, GFP_DMA); ++ if (!buf) ++ return -ENOMEM; ++ key_req->p = buf; ++ key_req->q = key_req->p + key_req->p_len; ++ key_req->n = key_req->q + key_req->q_len; ++ key_req->d = key_req->n + key_req->n_len; ++ key_req->dp = key_req->d + key_req->d_len; ++ key_req->dq = key_req->dp + key_req->dp_len; ++ key_req->c = key_req->dq + key_req->dq_len; ++ ++ rc = cryptodev_pkc_offload(pkc); ++ ++ if (pkc->type == SYNCHRONOUS) { ++ if (rc) ++ goto err; ++ ++ copy_to_user(cop->crk_param[0].crp_p, ++ key_req->p, key_req->p_len); ++ copy_to_user(cop->crk_param[1].crp_p, ++ key_req->q, key_req->q_len); ++ copy_to_user(cop->crk_param[2].crp_p, ++ key_req->n, key_req->n_len); ++ copy_to_user(cop->crk_param[3].crp_p, ++ key_req->d, key_req->d_len); ++ copy_to_user(cop->crk_param[4].crp_p, ++ key_req->dp, key_req->dp_len); ++ copy_to_user(cop->crk_param[5].crp_p, ++ key_req->dq, key_req->dq_len); ++ copy_to_user(cop->crk_param[6].crp_p, ++ key_req->c, key_req->c_len); ++ } else { ++ if (rc != -EINPROGRESS && !rc) { ++ printk("%s: Failed\n", __func__); ++ goto err; ++ } ++ pkc->cookie = buf; ++ return rc; ++ } ++err: ++ kfree(buf); ++ return rc; ++ ++} ++ + int crypto_kop_keygen(struct cryptodev_pkc *pkc) + { + struct kernel_crypt_kop *kop = &pkc->kop; +@@ -385,7 +461,6 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) + buf = kmalloc(buf_size, GFP_DMA); + if (!buf) + return -ENOMEM; +- + key_req->q = buf; + key_req->r = key_req->q + key_req->q_len; + key_req->g = key_req->r + key_req->r_len; +@@ -650,6 +725,9 @@ int crypto_run_asym(struct cryptodev_pkc *pkc) + goto err; + ret = crypto_kop_keygen(pkc); + break; ++ case CRK_RSA_GENERATE_KEY: ++ ret = crypto_kop_rsa_keygen(pkc); ++ break; + } + err: + return ret; +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch new file mode 100644 index 00000000..32757ca9 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch @@ -0,0 +1,160 @@ +From e791b55b03d295ee11476382a7bd93ab131e2e52 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta <yashpal.dutta@freescale.com> +Date: Thu, 17 Apr 2014 07:08:47 +0545 +Subject: [PATCH 9/9] Fixed compilation error of openssl with fsl cryptodev + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> +Tested-by: Cristian Stoica <cristian.stoica@freescale.com> +--- + authenc.c | 1 + + cryptlib.c | 9 ++++----- + crypto/cryptodev.h | 9 ++++++++- + cryptodev_int.h | 2 +- + ioctl.c | 8 ++++++-- + main.c | 1 + + 6 files changed, 21 insertions(+), 9 deletions(-) + +diff --git a/authenc.c b/authenc.c +index ef0d3db..2aa4d38 100644 +--- a/authenc.c ++++ b/authenc.c +@@ -2,6 +2,7 @@ + * Driver for /dev/crypto device (aka CryptoDev) + * + * Copyright (c) 2011, 2012 OpenSSL Software Foundation, Inc. ++ * Copyright (c) 2014 Freescale Semiconductor, Inc. + * + * Author: Nikos Mavrogiannopoulos + * +diff --git a/cryptlib.c b/cryptlib.c +index 4dd1847..ec6693e 100644 +--- a/cryptlib.c ++++ b/cryptlib.c +@@ -4,8 +4,7 @@ + * Copyright (c) 2010,2011 Nikos Mavrogiannopoulos <nmav@gnutls.org> + * Portions Copyright (c) 2010 Michael Weiser + * Portions Copyright (c) 2010 Phil Sutter +- * +- * Copyright 2012 Freescale Semiconductor, Inc. ++ * Copyright 2012-2014 Freescale Semiconductor, Inc. + * + * This file is part of linux cryptodev. + * +@@ -144,7 +143,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, + if (alg->max_keysize > 0 && + unlikely((keylen < alg->min_keysize) || + (keylen > alg->max_keysize))) { +- ddebug(1, "Wrong keylen '%zu' for algorithm '%s'. Use %u to %u.", ++ ddebug(1, "Wrong keylen '%u' for algorithm '%s'. Use %u to %u.", + keylen, alg_name, alg->min_keysize, alg->max_keysize); + ret = -EINVAL; + goto error; +@@ -171,7 +170,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, + } + + if (unlikely(ret)) { +- ddebug(1, "Setting key failed for %s-%zu.", alg_name, keylen*8); ++ ddebug(1, "Setting key failed for %s-%u.", alg_name, keylen*8); + ret = -EINVAL; + goto error; + } +@@ -338,7 +337,7 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name, + if (hmac_mode != 0) { + ret = crypto_ahash_setkey(hdata->async.s, mackey, mackeylen); + if (unlikely(ret)) { +- ddebug(1, "Setting hmac key failed for %s-%zu.", ++ ddebug(1, "Setting hmac key failed for %s-%u.", + alg_name, mackeylen*8); + ret = -EINVAL; + goto error; +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index d0cc542..e7edd97 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -234,6 +234,13 @@ struct crypt_auth_op { + #define CRYPTO_ALG_FLAG_RNG_ENABLE 2 + #define CRYPTO_ALG_FLAG_DSA_SHA 4 + ++enum ec_curve_t { ++ EC_DISCRETE_LOG, ++ EC_PRIME, ++ EC_BINARY, ++ MAX_EC_TYPE ++}; ++ + struct crparam { + __u8 *crp_p; + __u32 crp_nbits; +@@ -249,7 +256,7 @@ struct crypt_kop { + __u16 crk_oparams; + __u32 crk_pad1; + struct crparam crk_param[CRK_MAXPARAM]; +- enum curve_t curve_type; /* 0 == Discrete Log, ++ enum ec_curve_t curve_type; /* 0 == Discrete Log, + 1 = EC_PRIME, 2 = EC_BINARY */ + void *cookie; + }; +diff --git a/cryptodev_int.h b/cryptodev_int.h +index 5347cae..c83c885 100644 +--- a/cryptodev_int.h ++++ b/cryptodev_int.h +@@ -88,7 +88,7 @@ struct compat_crypt_kop { + uint16_t crk_oparams; + uint32_t crk_pad1; + struct compat_crparam crk_param[CRK_MAXPARAM]; +- enum curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME, ++ enum ec_curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME, + 2 = EC_BINARY */ + compat_uptr_t cookie; + }; +diff --git a/ioctl.c b/ioctl.c +index 14888d6..20ab4ca 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -4,7 +4,7 @@ + * Copyright (c) 2004 Michal Ludvig <mludvig@logix.net.nz>, SuSE Labs + * Copyright (c) 2009,2010,2011 Nikos Mavrogiannopoulos <nmav@gnutls.org> + * Copyright (c) 2010 Phil Sutter +- * Copyright 2012 Freescale Semiconductor, Inc. ++ * Copyright 2012-2014 Freescale Semiconductor, Inc. + * + * This file is part of linux cryptodev. + * +@@ -501,6 +501,7 @@ cryptodev_open(struct inode *inode, struct file *filp) + INIT_LIST_HEAD(&pcr->done.list); + INIT_LIST_HEAD(&pcr->asym_completed_list); + spin_lock_init(&pcr->completion_lock); ++ + INIT_WORK(&pcr->cryptask, cryptask_routine); + + init_waitqueue_head(&pcr->user_waiter); +@@ -780,8 +781,11 @@ static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr) + + if (cop->iv) { + rc = copy_from_user(kcop->iv, cop->iv, kcop->ivlen); +- if (unlikely(rc)) ++ if (unlikely(rc)) { ++ derr(1, "error copying IV (%d bytes), copy_from_user returned %d for address %p", ++ kcop->ivlen, rc, cop->iv); + return -EFAULT; ++ } + } + + return 0; +diff --git a/main.c b/main.c +index 14dcf40..6365911 100644 +--- a/main.c ++++ b/main.c +@@ -3,6 +3,7 @@ + * + * Copyright (c) 2004 Michal Ludvig <mludvig@logix.net.nz>, SuSE Labs + * Copyright (c) 2009-2013 Nikos Mavrogiannopoulos <nmav@gnutls.org> ++ * Copyright (c) 2014 Freescale Semiconductor, Inc. + * + * This file is part of linux cryptodev. + * +-- +2.2.0 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-linux_1.7.bbappend b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-linux_1.7.bbappend new file mode 100644 index 00000000..3cbbb3dd --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-linux_1.7.bbappend @@ -0,0 +1,2 @@ +require recipes-kernel/cryptodev/cryptodev-fsl.inc + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-module_1.7.bbappend b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-module_1.7.bbappend new file mode 100644 index 00000000..2bf012c1 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-module_1.7.bbappend @@ -0,0 +1,12 @@ +require recipes-kernel/cryptodev/cryptodev-fsl.inc + +inherit qoriq_build_64bit_kernel + +do_install_append_qoriq-ppc () { + rm -fr ${D}/usr +} + +# Currently pkc-host does not support RSA_KEYGEN, remove this +# if it is fixed. +SRC_URI_append_qoriq-ppc = "${@base_contains('DISTRO_FEATURES', 'c29x_pkc', ' file://0001-don-t-advertise-RSA-keygen.patch', '', d)}" + diff --git a/meta-fsl-ppc/recipes-kernel/ipc/ipc-modules-multi_git.bb b/meta-fsl-ppc/recipes-kernel/ipc/ipc-modules-multi_git.bb new file mode 100644 index 00000000..e5dc1151 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/ipc/ipc-modules-multi_git.bb @@ -0,0 +1,11 @@ +require ipc-modules.inc + +EXTRA_OEMAKE ="KERNEL_DIR=${STAGING_KERNEL_DIR} ${SOC}=1 CONFIG_MULTI_RAT=1" + +do_install(){ + install -d ${D}/usr/driver/IPC/multi_rat + install -m 755 ${S}/kernel/*.ko ${D}/usr/driver/IPC/multi_rat +} + +FILES_${PN} += "/usr/driver/IPC/multi_rat/*.ko" +FILES_${PN}-dbg += "/usr/driver/IPC/multi_rat/.debug" diff --git a/meta-fsl-ppc/recipes-kernel/ipc/ipc-modules-single_git.bb b/meta-fsl-ppc/recipes-kernel/ipc/ipc-modules-single_git.bb new file mode 100644 index 00000000..03817e0e --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/ipc/ipc-modules-single_git.bb @@ -0,0 +1,11 @@ +require ipc-modules.inc + +EXTRA_OEMAKE ="KERNEL_DIR=${STAGING_KERNEL_DIR} ${SOC}=1" + +do_install(){ + install -d ${D}/usr/driver/IPC/single_rat + install -m 755 ${S}/kernel/*.ko ${D}/usr/driver/IPC/single_rat +} + +FILES_${PN} += "/usr/driver/IPC/single_rat/*.ko" +FILES_${PN}-dbg += "/usr/driver/IPC/single_rat/.debug" diff --git a/meta-fsl-ppc/recipes-kernel/ipc/ipc-modules.inc b/meta-fsl-ppc/recipes-kernel/ipc/ipc-modules.inc new file mode 100644 index 00000000..79ba7ef1 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/ipc/ipc-modules.inc @@ -0,0 +1,26 @@ +SUMMARY = "Linux IPC KERNEL MODULE " +DESCRIPTION = "DSP boot application and ipc test application" +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://COPYING;md5=fa38cd73d71527dc6efb546474f64d10" + +require recipes-bsp/ipc/ipc.inc + +inherit module qoriq_build_64bit_kernel + +S = "${WORKDIR}/git" + +do_configure[depends] += "virtual/kernel:do_shared_workdir" +do_configure_prepend() { + sed -i 's,$(KERNEL_DIR)/.config,$(KBUILD_OUTPUT)/.config,' ${S}/kernel/Makefile +} + +do_compile_prepend () { + cd ${S}/kernel + case ${MACHINE} in + bsc9132qds|bsc9131rdb) SOC=B913x;; + b4860qds|b4420qds) SOC=B4860;; + esac +} + +INHIBIT_PACKAGE_STRIP = "1" + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0001-ALSA-CVE-2014-4652.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0001-ALSA-CVE-2014-4652.patch new file mode 100644 index 00000000..01307688 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/0001-ALSA-CVE-2014-4652.patch @@ -0,0 +1,140 @@ +From ed81e6b21790b717cda5f5bab2bdb07d2ce17ab1 Mon Sep 17 00:00:00 2001 +From: Lars-Peter Clausen <lars@metafoo.de> +Date: Wed, 18 Jun 2014 13:32:31 +0200 +Subject: [PATCH] ALSA: control: Protect user controls against concurrent + access + +commit 07f4d9d74a04aa7c72c5dae0ef97565f28f17b92 upstream. + +The user-control put and get handlers as well as the tlv do not protect against +concurrent access from multiple threads. Since the state of the control is not +updated atomically it is possible that either two write operations or a write +and a read operation race against each other. Both can lead to arbitrary memory +disclosure. This patch introduces a new lock that protects user-controls from +concurrent access. Since applications typically access controls sequentially +than in parallel a single lock per card should be fine. + +This fixes CVE-2014-4652 +Upstream-Status: Backport + +Signed-off-by: Lars-Peter Clausen <lars@metafoo.de> +Acked-by: Jaroslav Kysela <perex@perex.cz> +Signed-off-by: Takashi Iwai <tiwai@suse.de> +Signed-off-by: Jiri Slaby <jslaby@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + include/sound/core.h | 2 ++ + sound/core/control.c | 31 +++++++++++++++++++++++++------ + sound/core/init.c | 1 + + 3 files changed, 28 insertions(+), 6 deletions(-) + +diff --git a/include/sound/core.h b/include/sound/core.h +index 2a14f1f..d6bc961 100644 +--- a/include/sound/core.h ++++ b/include/sound/core.h +@@ -121,6 +121,8 @@ struct snd_card { + int user_ctl_count; /* count of all user controls */ + struct list_head controls; /* all controls for this card */ + struct list_head ctl_files; /* active control files */ ++ struct mutex user_ctl_lock; /* protects user controls against ++ concurrent access */ + + struct snd_info_entry *proc_root; /* root for soundcard specific files */ + struct snd_info_entry *proc_id; /* the card id */ +diff --git a/sound/core/control.c b/sound/core/control.c +index d8aa206..183fab2 100644 +--- a/sound/core/control.c ++++ b/sound/core/control.c +@@ -992,6 +992,7 @@ static int snd_ctl_elem_unlock(struct snd_ctl_file *file, + + struct user_element { + struct snd_ctl_elem_info info; ++ struct snd_card *card; + void *elem_data; /* element data */ + unsigned long elem_data_size; /* size of element data in bytes */ + void *tlv_data; /* TLV data */ +@@ -1035,7 +1036,9 @@ static int snd_ctl_elem_user_get(struct snd_kcontrol *kcontrol, + { + struct user_element *ue = kcontrol->private_data; + ++ mutex_lock(&ue->card->user_ctl_lock); + memcpy(&ucontrol->value, ue->elem_data, ue->elem_data_size); ++ mutex_unlock(&ue->card->user_ctl_lock); + return 0; + } + +@@ -1044,10 +1047,12 @@ static int snd_ctl_elem_user_put(struct snd_kcontrol *kcontrol, + { + int change; + struct user_element *ue = kcontrol->private_data; +- ++ ++ mutex_lock(&ue->card->user_ctl_lock); + change = memcmp(&ucontrol->value, ue->elem_data, ue->elem_data_size) != 0; + if (change) + memcpy(ue->elem_data, &ucontrol->value, ue->elem_data_size); ++ mutex_unlock(&ue->card->user_ctl_lock); + return change; + } + +@@ -1067,19 +1072,32 @@ static int snd_ctl_elem_user_tlv(struct snd_kcontrol *kcontrol, + new_data = memdup_user(tlv, size); + if (IS_ERR(new_data)) + return PTR_ERR(new_data); ++ mutex_lock(&ue->card->user_ctl_lock); + change = ue->tlv_data_size != size; + if (!change) + change = memcmp(ue->tlv_data, new_data, size); + kfree(ue->tlv_data); + ue->tlv_data = new_data; + ue->tlv_data_size = size; ++ mutex_unlock(&ue->card->user_ctl_lock); + } else { +- if (! ue->tlv_data_size || ! ue->tlv_data) +- return -ENXIO; +- if (size < ue->tlv_data_size) +- return -ENOSPC; ++ int ret = 0; ++ ++ mutex_lock(&ue->card->user_ctl_lock); ++ if (!ue->tlv_data_size || !ue->tlv_data) { ++ ret = -ENXIO; ++ goto err_unlock; ++ } ++ if (size < ue->tlv_data_size) { ++ ret = -ENOSPC; ++ goto err_unlock; ++ } + if (copy_to_user(tlv, ue->tlv_data, ue->tlv_data_size)) +- return -EFAULT; ++ ret = -EFAULT; ++err_unlock: ++ mutex_unlock(&ue->card->user_ctl_lock); ++ if (ret) ++ return ret; + } + return change; + } +@@ -1211,6 +1229,7 @@ static int snd_ctl_elem_add(struct snd_ctl_file *file, + ue = kzalloc(sizeof(struct user_element) + private_size, GFP_KERNEL); + if (ue == NULL) + return -ENOMEM; ++ ue->card = card; + ue->info = *info; + ue->info.access = 0; + ue->elem_data = (char *)ue + sizeof(*ue); +diff --git a/sound/core/init.c b/sound/core/init.c +index d047851..b9268a5 100644 +--- a/sound/core/init.c ++++ b/sound/core/init.c +@@ -215,6 +215,7 @@ int snd_card_create(int idx, const char *xid, + INIT_LIST_HEAD(&card->devices); + init_rwsem(&card->controls_rwsem); + rwlock_init(&card->ctl_files_rwlock); ++ mutex_init(&card->user_ctl_lock); + INIT_LIST_HEAD(&card->controls); + INIT_LIST_HEAD(&card->ctl_files); + spin_lock_init(&card->files_lock); +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0001-ALSA-CVE-2014-4656.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0001-ALSA-CVE-2014-4656.patch new file mode 100644 index 00000000..98590252 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/0001-ALSA-CVE-2014-4656.patch @@ -0,0 +1,43 @@ +From 7ee7663da07717a1b31ce60d2ebf12d2058ee975 Mon Sep 17 00:00:00 2001 +From: Lars-Peter Clausen <lars@metafoo.de> +Date: Wed, 18 Jun 2014 13:32:35 +0200 +Subject: [PATCH] ALSA: control: Make sure that id->index does not overflow + +commit 883a1d49f0d77d30012f114b2e19fc141beb3e8e upstream. + +The ALSA control code expects that the range of assigned indices to a control is +continuous and does not overflow. Currently there are no checks to enforce this. +If a control with a overflowing index range is created that control becomes +effectively inaccessible and unremovable since snd_ctl_find_id() will not be +able to find it. This patch adds a check that makes sure that controls with a +overflowing index range can not be created. + +Fixes CVE-2014-4656 +Upstream-Status: Backport + +Signed-off-by: Lars-Peter Clausen <lars@metafoo.de> +Acked-by: Jaroslav Kysela <perex@perex.cz> +Signed-off-by: Takashi Iwai <tiwai@suse.de> +Signed-off-by: Jiri Slaby <jslaby@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + sound/core/control.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/sound/core/control.c b/sound/core/control.c +index 93215b4..98a29b2 100644 +--- a/sound/core/control.c ++++ b/sound/core/control.c +@@ -343,6 +343,9 @@ int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol) + if (snd_BUG_ON(!card || !kcontrol->info)) + goto error; + id = kcontrol->id; ++ if (id.index > UINT_MAX - kcontrol->count) ++ goto error; ++ + down_write(&card->controls_rwsem); + if (snd_ctl_find_id(card, &id)) { + up_write(&card->controls_rwsem); +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0001-HID-CVE-2014-3181.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0001-HID-CVE-2014-3181.patch new file mode 100644 index 00000000..4355c68f --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/0001-HID-CVE-2014-3181.patch @@ -0,0 +1,52 @@ +From c54def7bd64d7c0b6993336abcffb8444795bf38 Mon Sep 17 00:00:00 2001 +From: Jiri Kosina <jkosina@suse.cz> +Date: Wed, 27 Aug 2014 09:12:24 +0200 +Subject: [PATCH] HID: magicmouse: sanity check report size in raw_event() + callback + +The report passed to us from transport driver could potentially be +arbitrarily large, therefore we better sanity-check it so that +magicmouse_emit_touch() gets only valid values of raw_id. + +This fixes CVE-2014-3181 +Upstream-Status: Backport + +Cc: stable@vger.kernel.org +Reported-by: Steven Vittitoe <scvitti@google.com> +Signed-off-by: Jiri Kosina <jkosina@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + drivers/hid/hid-magicmouse.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/drivers/hid/hid-magicmouse.c b/drivers/hid/hid-magicmouse.c +index ecc2cbf..29a74c1 100644 +--- a/drivers/hid/hid-magicmouse.c ++++ b/drivers/hid/hid-magicmouse.c +@@ -290,6 +290,11 @@ static int magicmouse_raw_event(struct hid_device *hdev, + if (size < 4 || ((size - 4) % 9) != 0) + return 0; + npoints = (size - 4) / 9; ++ if (npoints > 15) { ++ hid_warn(hdev, "invalid size value (%d) for TRACKPAD_REPORT_ID\n", ++ size); ++ return 0; ++ } + msc->ntouches = 0; + for (ii = 0; ii < npoints; ii++) + magicmouse_emit_touch(msc, ii, data + ii * 9 + 4); +@@ -307,6 +312,11 @@ static int magicmouse_raw_event(struct hid_device *hdev, + if (size < 6 || ((size - 6) % 8) != 0) + return 0; + npoints = (size - 6) / 8; ++ if (npoints > 15) { ++ hid_warn(hdev, "invalid size value (%d) for MOUSE_REPORT_ID\n", ++ size); ++ return 0; ++ } + msc->ntouches = 0; + for (ii = 0; ii < npoints; ii++) + magicmouse_emit_touch(msc, ii, data + ii * 8 + 6); +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0001-kvm-iommu-CVE-2014-3601.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0001-kvm-iommu-CVE-2014-3601.patch new file mode 100644 index 00000000..e19a3c10 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/0001-kvm-iommu-CVE-2014-3601.patch @@ -0,0 +1,94 @@ +From e35b1e9f17e0567f96502f3a2a31dace727ed3da Mon Sep 17 00:00:00 2001 +From: "Michael S. Tsirkin" <mst@redhat.com> +Date: Tue, 19 Aug 2014 19:14:50 +0800 +Subject: [PATCH] kvm: iommu: fix the third parameter of kvm_iommu_put_pages + (CVE-2014-3601) + +commit 350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7 upstream. + +The third parameter of kvm_iommu_put_pages is wrong, +It should be 'gfn - slot->base_gfn'. + +By making gfn very large, malicious guest or userspace can cause kvm to +go to this error path, and subsequently to pass a huge value as size. +Alternatively if gfn is small, then pages would be pinned but never +unpinned, causing host memory leak and local DOS. + +Passing a reasonable but large value could be the most dangerous case, +because it would unpin a page that should have stayed pinned, and thus +allow the device to DMA into arbitrary memory. However, this cannot +happen because of the condition that can trigger the error: + +- out of memory (where you can't allocate even a single page) + should not be possible for the attacker to trigger + +- when exceeding the iommu's address space, guest pages after gfn + will also exceed the iommu's address space, and inside + kvm_iommu_put_pages() the iommu_iova_to_phys() will fail. The + page thus would not be unpinned at all. + +Upstream-Status: Backport + +Reported-by: Jack Morgenstein <jackm@mellanox.com> +Signed-off-by: Michael S. Tsirkin <mst@redhat.com> +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> +Signed-off-by: Jiri Slaby <jslaby@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + virt/kvm/iommu.c | 19 ++++++++++--------- + 1 file changed, 10 insertions(+), 9 deletions(-) + +diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c +index c329c8f..dec9971 100644 +--- a/virt/kvm/iommu.c ++++ b/virt/kvm/iommu.c +@@ -61,6 +61,14 @@ static pfn_t kvm_pin_pages(struct kvm_memory_slot *slot, gfn_t gfn, + return pfn; + } + ++static void kvm_unpin_pages(struct kvm *kvm, pfn_t pfn, unsigned long npages) ++{ ++ unsigned long i; ++ ++ for (i = 0; i < npages; ++i) ++ kvm_release_pfn_clean(pfn + i); ++} ++ + int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot) + { + gfn_t gfn, end_gfn; +@@ -123,6 +131,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot) + if (r) { + printk(KERN_ERR "kvm_iommu_map_address:" + "iommu failed to map pfn=%llx\n", pfn); ++ kvm_unpin_pages(kvm, pfn, page_size); + goto unmap_pages; + } + +@@ -134,7 +143,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot) + return 0; + + unmap_pages: +- kvm_iommu_put_pages(kvm, slot->base_gfn, gfn); ++ kvm_iommu_put_pages(kvm, slot->base_gfn, gfn - slot->base_gfn); + return r; + } + +@@ -272,14 +281,6 @@ out_unlock: + return r; + } + +-static void kvm_unpin_pages(struct kvm *kvm, pfn_t pfn, unsigned long npages) +-{ +- unsigned long i; +- +- for (i = 0; i < npages; ++i) +- kvm_release_pfn_clean(pfn + i); +-} +- + static void kvm_iommu_put_pages(struct kvm *kvm, + gfn_t base_gfn, unsigned long npages) + { +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0001-mnt-CVE-2014-5206_CVE-2014-5207.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0001-mnt-CVE-2014-5206_CVE-2014-5207.patch new file mode 100644 index 00000000..aec89301 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/0001-mnt-CVE-2014-5206_CVE-2014-5207.patch @@ -0,0 +1,62 @@ +From 25c1def33a2f74079f3062b7afdf98fcf9f34e6d Mon Sep 17 00:00:00 2001 +From: "Eric W. Biederman" <ebiederm@xmission.com> +Date: Mon, 28 Jul 2014 16:26:53 -0700 +Subject: [PATCH] mnt: Only change user settable mount flags in remount + +commit a6138db815df5ee542d848318e5dae681590fccd upstream. + +Kenton Varda <kenton@sandstorm.io> discovered that by remounting a +read-only bind mount read-only in a user namespace the +MNT_LOCK_READONLY bit would be cleared, allowing an unprivileged user +to the remount a read-only mount read-write. + +Correct this by replacing the mask of mount flags to preserve +with a mask of mount flags that may be changed, and preserve +all others. This ensures that any future bugs with this mask and +remount will fail in an easy to detect way where new mount flags +simply won't change. + +Fix for CVE-2014-5206 and CVE-2014-5207 +Upstream-Status: backport + +Cc: stable@vger.kernel.org +Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> +Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> +Signed-off-by: Jiri Slaby <jslaby@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + fs/namespace.c | 2 +- + include/linux/mount.h | 4 +++- + 2 files changed, 4 insertions(+), 2 deletions(-) + +diff --git a/fs/namespace.c b/fs/namespace.c +index 84447db..34fa7a5 100644 +--- a/fs/namespace.c ++++ b/fs/namespace.c +@@ -1847,7 +1847,7 @@ static int do_remount(struct path *path, int flags, int mnt_flags, + err = do_remount_sb(sb, flags, data, 0); + if (!err) { + br_write_lock(&vfsmount_lock); +- mnt_flags |= mnt->mnt.mnt_flags & MNT_PROPAGATION_MASK; ++ mnt_flags |= mnt->mnt.mnt_flags & ~MNT_USER_SETTABLE_MASK; + mnt->mnt.mnt_flags = mnt_flags; + br_write_unlock(&vfsmount_lock); + } +diff --git a/include/linux/mount.h b/include/linux/mount.h +index 38cd98f..8707c9e 100644 +--- a/include/linux/mount.h ++++ b/include/linux/mount.h +@@ -42,7 +42,9 @@ struct mnt_namespace; + * flag, consider how it interacts with shared mounts. + */ + #define MNT_SHARED_MASK (MNT_UNBINDABLE) +-#define MNT_PROPAGATION_MASK (MNT_SHARED | MNT_UNBINDABLE) ++#define MNT_USER_SETTABLE_MASK (MNT_NOSUID | MNT_NODEV | MNT_NOEXEC \ ++ | MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME \ ++ | MNT_READONLY) + + + #define MNT_INTERNAL 0x4000 +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0001-net-sctp-CVE-2014-3673.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0001-net-sctp-CVE-2014-3673.patch new file mode 100644 index 00000000..68289f28 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/0001-net-sctp-CVE-2014-3673.patch @@ -0,0 +1,348 @@ +From bbd951a21e0fd555cd9ede44c7196af09d04d171 Mon Sep 17 00:00:00 2001 +From: Daniel Borkmann <dborkman@redhat.com> +Date: Thu, 9 Oct 2014 22:55:31 +0200 +Subject: [PATCH] net: sctp: fix skb_over_panic when receiving malformed ASCONF + chunks + +commit 9de7922bc709eee2f609cd01d98aaedc4cf5ea74 upstream. + +Commit 6f4c618ddb0 ("SCTP : Add paramters validity check for +ASCONF chunk") added basic verification of ASCONF chunks, however, +it is still possible to remotely crash a server by sending a +special crafted ASCONF chunk, even up to pre 2.6.12 kernels: + +skb_over_panic: text:ffffffffa01ea1c3 len:31056 put:30768 + head:ffff88011bd81800 data:ffff88011bd81800 tail:0x7950 + end:0x440 dev:<NULL> + ------------[ cut here ]------------ +kernel BUG at net/core/skbuff.c:129! +[...] +Call Trace: + <IRQ> + [<ffffffff8144fb1c>] skb_put+0x5c/0x70 + [<ffffffffa01ea1c3>] sctp_addto_chunk+0x63/0xd0 [sctp] + [<ffffffffa01eadaf>] sctp_process_asconf+0x1af/0x540 [sctp] + [<ffffffff8152d025>] ? _read_unlock_bh+0x15/0x20 + [<ffffffffa01e0038>] sctp_sf_do_asconf+0x168/0x240 [sctp] + [<ffffffffa01e3751>] sctp_do_sm+0x71/0x1210 [sctp] + [<ffffffff8147645d>] ? fib_rules_lookup+0xad/0xf0 + [<ffffffffa01e6b22>] ? sctp_cmp_addr_exact+0x32/0x40 [sctp] + [<ffffffffa01e8393>] sctp_assoc_bh_rcv+0xd3/0x180 [sctp] + [<ffffffffa01ee986>] sctp_inq_push+0x56/0x80 [sctp] + [<ffffffffa01fcc42>] sctp_rcv+0x982/0xa10 [sctp] + [<ffffffffa01d5123>] ? ipt_local_in_hook+0x23/0x28 [iptable_filter] + [<ffffffff8148bdc9>] ? nf_iterate+0x69/0xb0 + [<ffffffff81496d10>] ? ip_local_deliver_finish+0x0/0x2d0 + [<ffffffff8148bf86>] ? nf_hook_slow+0x76/0x120 + [<ffffffff81496d10>] ? ip_local_deliver_finish+0x0/0x2d0 + [<ffffffff81496ded>] ip_local_deliver_finish+0xdd/0x2d0 + [<ffffffff81497078>] ip_local_deliver+0x98/0xa0 + [<ffffffff8149653d>] ip_rcv_finish+0x12d/0x440 + [<ffffffff81496ac5>] ip_rcv+0x275/0x350 + [<ffffffff8145c88b>] __netif_receive_skb+0x4ab/0x750 + [<ffffffff81460588>] netif_receive_skb+0x58/0x60 + +This can be triggered e.g., through a simple scripted nmap +connection scan injecting the chunk after the handshake, for +example, ... + + -------------- INIT[ASCONF; ASCONF_ACK] -------------> + <----------- INIT-ACK[ASCONF; ASCONF_ACK] ------------ + -------------------- COOKIE-ECHO --------------------> + <-------------------- COOKIE-ACK --------------------- + ------------------ ASCONF; UNKNOWN ------------------> + +... where ASCONF chunk of length 280 contains 2 parameters ... + + 1) Add IP address parameter (param length: 16) + 2) Add/del IP address parameter (param length: 255) + +... followed by an UNKNOWN chunk of e.g. 4 bytes. Here, the +Address Parameter in the ASCONF chunk is even missing, too. +This is just an example and similarly-crafted ASCONF chunks +could be used just as well. + +The ASCONF chunk passes through sctp_verify_asconf() as all +parameters passed sanity checks, and after walking, we ended +up successfully at the chunk end boundary, and thus may invoke +sctp_process_asconf(). Parameter walking is done with +WORD_ROUND() to take padding into account. + +In sctp_process_asconf()'s TLV processing, we may fail in +sctp_process_asconf_param() e.g., due to removal of the IP +address that is also the source address of the packet containing +the ASCONF chunk, and thus we need to add all TLVs after the +failure to our ASCONF response to remote via helper function +sctp_add_asconf_response(), which basically invokes a +sctp_addto_chunk() adding the error parameters to the given +skb. + +When walking to the next parameter this time, we proceed +with ... + + length = ntohs(asconf_param->param_hdr.length); + asconf_param = (void *)asconf_param + length; + +... instead of the WORD_ROUND()'ed length, thus resulting here +in an off-by-one that leads to reading the follow-up garbage +parameter length of 12336, and thus throwing an skb_over_panic +for the reply when trying to sctp_addto_chunk() next time, +which implicitly calls the skb_put() with that length. + +Fix it by using sctp_walk_params() [ which is also used in +INIT parameter processing ] macro in the verification *and* +in ASCONF processing: it will make sure we don't spill over, +that we walk parameters WORD_ROUND()'ed. Moreover, we're being +more defensive and guard against unknown parameter types and +missized addresses. + +Joint work with Vlad Yasevich. + +Fixes CVE-2014-3673 +Upstream-Status: Backport + +Fixes: b896b82be4ae ("[SCTP] ADDIP: Support for processing incoming ASCONF_ACK chunks.") +Signed-off-by: Daniel Borkmann <dborkman@redhat.com> +Signed-off-by: Vlad Yasevich <vyasevich@gmail.com> +Acked-by: Neil Horman <nhorman@tuxdriver.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +Cc: Josh Boyer <jwboyer@fedoraproject.org> +Signed-off-by: Jiri Slaby <jslaby@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + include/net/sctp/sm.h | 6 +-- + net/sctp/sm_make_chunk.c | 99 +++++++++++++++++++++++++++--------------------- + net/sctp/sm_statefuns.c | 18 +-------- + 3 files changed, 60 insertions(+), 63 deletions(-) + +diff --git a/include/net/sctp/sm.h b/include/net/sctp/sm.h +index 4ef75af..c91b6f5 100644 +--- a/include/net/sctp/sm.h ++++ b/include/net/sctp/sm.h +@@ -249,9 +249,9 @@ struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *, + int, __be16); + struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, + union sctp_addr *addr); +-int sctp_verify_asconf(const struct sctp_association *asoc, +- struct sctp_paramhdr *param_hdr, void *chunk_end, +- struct sctp_paramhdr **errp); ++bool sctp_verify_asconf(const struct sctp_association *asoc, ++ struct sctp_chunk *chunk, bool addr_param_needed, ++ struct sctp_paramhdr **errp); + struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, + struct sctp_chunk *asconf); + int sctp_process_asconf_ack(struct sctp_association *asoc, +diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c +index e342387..d800160 100644 +--- a/net/sctp/sm_make_chunk.c ++++ b/net/sctp/sm_make_chunk.c +@@ -3126,50 +3126,63 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc, + return SCTP_ERROR_NO_ERROR; + } + +-/* Verify the ASCONF packet before we process it. */ +-int sctp_verify_asconf(const struct sctp_association *asoc, +- struct sctp_paramhdr *param_hdr, void *chunk_end, +- struct sctp_paramhdr **errp) { +- sctp_addip_param_t *asconf_param; ++/* Verify the ASCONF packet before we process it. */ ++bool sctp_verify_asconf(const struct sctp_association *asoc, ++ struct sctp_chunk *chunk, bool addr_param_needed, ++ struct sctp_paramhdr **errp) ++{ ++ sctp_addip_chunk_t *addip = (sctp_addip_chunk_t *) chunk->chunk_hdr; + union sctp_params param; +- int length, plen; +- +- param.v = (sctp_paramhdr_t *) param_hdr; +- while (param.v <= chunk_end - sizeof(sctp_paramhdr_t)) { +- length = ntohs(param.p->length); +- *errp = param.p; ++ bool addr_param_seen = false; + +- if (param.v > chunk_end - length || +- length < sizeof(sctp_paramhdr_t)) +- return 0; ++ sctp_walk_params(param, addip, addip_hdr.params) { ++ size_t length = ntohs(param.p->length); + ++ *errp = param.p; + switch (param.p->type) { ++ case SCTP_PARAM_ERR_CAUSE: ++ break; ++ case SCTP_PARAM_IPV4_ADDRESS: ++ if (length != sizeof(sctp_ipv4addr_param_t)) ++ return false; ++ addr_param_seen = true; ++ break; ++ case SCTP_PARAM_IPV6_ADDRESS: ++ if (length != sizeof(sctp_ipv6addr_param_t)) ++ return false; ++ addr_param_seen = true; ++ break; + case SCTP_PARAM_ADD_IP: + case SCTP_PARAM_DEL_IP: + case SCTP_PARAM_SET_PRIMARY: +- asconf_param = (sctp_addip_param_t *)param.v; +- plen = ntohs(asconf_param->param_hdr.length); +- if (plen < sizeof(sctp_addip_param_t) + +- sizeof(sctp_paramhdr_t)) +- return 0; ++ /* In ASCONF chunks, these need to be first. */ ++ if (addr_param_needed && !addr_param_seen) ++ return false; ++ length = ntohs(param.addip->param_hdr.length); ++ if (length < sizeof(sctp_addip_param_t) + ++ sizeof(sctp_paramhdr_t)) ++ return false; + break; + case SCTP_PARAM_SUCCESS_REPORT: + case SCTP_PARAM_ADAPTATION_LAYER_IND: + if (length != sizeof(sctp_addip_param_t)) +- return 0; +- ++ return false; + break; + default: +- break; ++ /* This is unkown to us, reject! */ ++ return false; + } +- +- param.v += WORD_ROUND(length); + } + +- if (param.v != chunk_end) +- return 0; ++ /* Remaining sanity checks. */ ++ if (addr_param_needed && !addr_param_seen) ++ return false; ++ if (!addr_param_needed && addr_param_seen) ++ return false; ++ if (param.v != chunk->chunk_end) ++ return false; + +- return 1; ++ return true; + } + + /* Process an incoming ASCONF chunk with the next expected serial no. and +@@ -3178,16 +3191,17 @@ int sctp_verify_asconf(const struct sctp_association *asoc, + struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, + struct sctp_chunk *asconf) + { ++ sctp_addip_chunk_t *addip = (sctp_addip_chunk_t *) asconf->chunk_hdr; ++ bool all_param_pass = true; ++ union sctp_params param; + sctp_addiphdr_t *hdr; + union sctp_addr_param *addr_param; + sctp_addip_param_t *asconf_param; + struct sctp_chunk *asconf_ack; +- + __be16 err_code; + int length = 0; + int chunk_len; + __u32 serial; +- int all_param_pass = 1; + + chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t); + hdr = (sctp_addiphdr_t *)asconf->skb->data; +@@ -3215,9 +3229,14 @@ struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, + goto done; + + /* Process the TLVs contained within the ASCONF chunk. */ +- while (chunk_len > 0) { ++ sctp_walk_params(param, addip, addip_hdr.params) { ++ /* Skip preceeding address parameters. */ ++ if (param.p->type == SCTP_PARAM_IPV4_ADDRESS || ++ param.p->type == SCTP_PARAM_IPV6_ADDRESS) ++ continue; ++ + err_code = sctp_process_asconf_param(asoc, asconf, +- asconf_param); ++ param.addip); + /* ADDIP 4.1 A7) + * If an error response is received for a TLV parameter, + * all TLVs with no response before the failed TLV are +@@ -3225,28 +3244,20 @@ struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, + * the failed response are considered unsuccessful unless + * a specific success indication is present for the parameter. + */ +- if (SCTP_ERROR_NO_ERROR != err_code) +- all_param_pass = 0; +- ++ if (err_code != SCTP_ERROR_NO_ERROR) ++ all_param_pass = false; + if (!all_param_pass) +- sctp_add_asconf_response(asconf_ack, +- asconf_param->crr_id, err_code, +- asconf_param); ++ sctp_add_asconf_response(asconf_ack, param.addip->crr_id, ++ err_code, param.addip); + + /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add + * an IP address sends an 'Out of Resource' in its response, it + * MUST also fail any subsequent add or delete requests bundled + * in the ASCONF. + */ +- if (SCTP_ERROR_RSRC_LOW == err_code) ++ if (err_code == SCTP_ERROR_RSRC_LOW) + goto done; +- +- /* Move to the next ASCONF param. */ +- length = ntohs(asconf_param->param_hdr.length); +- asconf_param = (void *)asconf_param + length; +- chunk_len -= length; + } +- + done: + asoc->peer.addip_serial++; + +diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c +index 62623cc..bf12098 100644 +--- a/net/sctp/sm_statefuns.c ++++ b/net/sctp/sm_statefuns.c +@@ -3595,9 +3595,7 @@ sctp_disposition_t sctp_sf_do_asconf(struct net *net, + struct sctp_chunk *asconf_ack = NULL; + struct sctp_paramhdr *err_param = NULL; + sctp_addiphdr_t *hdr; +- union sctp_addr_param *addr_param; + __u32 serial; +- int length; + + if (!sctp_vtag_verify(chunk, asoc)) { + sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG, +@@ -3622,17 +3620,8 @@ sctp_disposition_t sctp_sf_do_asconf(struct net *net, + hdr = (sctp_addiphdr_t *)chunk->skb->data; + serial = ntohl(hdr->serial); + +- addr_param = (union sctp_addr_param *)hdr->params; +- length = ntohs(addr_param->p.length); +- if (length < sizeof(sctp_paramhdr_t)) +- return sctp_sf_violation_paramlen(net, ep, asoc, type, arg, +- (void *)addr_param, commands); +- + /* Verify the ASCONF chunk before processing it. */ +- if (!sctp_verify_asconf(asoc, +- (sctp_paramhdr_t *)((void *)addr_param + length), +- (void *)chunk->chunk_end, +- &err_param)) ++ if (!sctp_verify_asconf(asoc, chunk, true, &err_param)) + return sctp_sf_violation_paramlen(net, ep, asoc, type, arg, + (void *)err_param, commands); + +@@ -3750,10 +3739,7 @@ sctp_disposition_t sctp_sf_do_asconf_ack(struct net *net, + rcvd_serial = ntohl(addip_hdr->serial); + + /* Verify the ASCONF-ACK chunk before processing it. */ +- if (!sctp_verify_asconf(asoc, +- (sctp_paramhdr_t *)addip_hdr->params, +- (void *)asconf_ack->chunk_end, +- &err_param)) ++ if (!sctp_verify_asconf(asoc, asconf_ack, false, &err_param)) + return sctp_sf_violation_paramlen(net, ep, asoc, type, arg, + (void *)err_param, commands); + +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0001-shmem-CVE-2014-4171.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0001-shmem-CVE-2014-4171.patch new file mode 100644 index 00000000..00ead602 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/0001-shmem-CVE-2014-4171.patch @@ -0,0 +1,141 @@ +From 8685789bd8ec12a02b07ea76df4527b055efbf20 Mon Sep 17 00:00:00 2001 +From: Hugh Dickins <hughd@google.com> +Date: Mon, 23 Jun 2014 13:22:06 -0700 +Subject: [PATCH 1/3] shmem: fix faulting into a hole while it's punched + +commit f00cdc6df7d7cfcabb5b740911e6788cb0802bdb upstream. + +Trinity finds that mmap access to a hole while it's punched from shmem +can prevent the madvise(MADV_REMOVE) or fallocate(FALLOC_FL_PUNCH_HOLE) +from completing, until the reader chooses to stop; with the puncher's +hold on i_mutex locking out all other writers until it can complete. + +It appears that the tmpfs fault path is too light in comparison with its +hole-punching path, lacking an i_data_sem to obstruct it; but we don't +want to slow down the common case. + +Extend shmem_fallocate()'s existing range notification mechanism, so +shmem_fault() can refrain from faulting pages into the hole while it's +punched, waiting instead on i_mutex (when safe to sleep; or repeatedly +faulting when not). + +Upstream-Status: Backport + +[akpm@linux-foundation.org: coding-style fixes] +Signed-off-by: Hugh Dickins <hughd@google.com> +Reported-by: Sasha Levin <sasha.levin@oracle.com> +Tested-by: Sasha Levin <sasha.levin@oracle.com> +Cc: Dave Jones <davej@redhat.com> +Signed-off-by: Andrew Morton <akpm@linux-foundation.org> +Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> + +Signed-off-by: Jiri Slaby <jslaby@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + mm/shmem.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++---- + 1 file changed, 52 insertions(+), 4 deletions(-) + +diff --git a/mm/shmem.c b/mm/shmem.c +index 8297623..00d412f 100644 +--- a/mm/shmem.c ++++ b/mm/shmem.c +@@ -80,11 +80,12 @@ static struct vfsmount *shm_mnt; + #define SHORT_SYMLINK_LEN 128 + + /* +- * shmem_fallocate and shmem_writepage communicate via inode->i_private +- * (with i_mutex making sure that it has only one user at a time): +- * we would prefer not to enlarge the shmem inode just for that. ++ * shmem_fallocate communicates with shmem_fault or shmem_writepage via ++ * inode->i_private (with i_mutex making sure that it has only one user at ++ * a time): we would prefer not to enlarge the shmem inode just for that. + */ + struct shmem_falloc { ++ int mode; /* FALLOC_FL mode currently operating */ + pgoff_t start; /* start of range currently being fallocated */ + pgoff_t next; /* the next page offset to be fallocated */ + pgoff_t nr_falloced; /* how many new pages have been fallocated */ +@@ -826,6 +827,7 @@ static int shmem_writepage(struct page *page, struct writeback_control *wbc) + spin_lock(&inode->i_lock); + shmem_falloc = inode->i_private; + if (shmem_falloc && ++ !shmem_falloc->mode && + index >= shmem_falloc->start && + index < shmem_falloc->next) + shmem_falloc->nr_unswapped++; +@@ -1300,6 +1302,44 @@ static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf) + int error; + int ret = VM_FAULT_LOCKED; + ++ /* ++ * Trinity finds that probing a hole which tmpfs is punching can ++ * prevent the hole-punch from ever completing: which in turn ++ * locks writers out with its hold on i_mutex. So refrain from ++ * faulting pages into the hole while it's being punched, and ++ * wait on i_mutex to be released if vmf->flags permits. ++ */ ++ if (unlikely(inode->i_private)) { ++ struct shmem_falloc *shmem_falloc; ++ ++ spin_lock(&inode->i_lock); ++ shmem_falloc = inode->i_private; ++ if (!shmem_falloc || ++ shmem_falloc->mode != FALLOC_FL_PUNCH_HOLE || ++ vmf->pgoff < shmem_falloc->start || ++ vmf->pgoff >= shmem_falloc->next) ++ shmem_falloc = NULL; ++ spin_unlock(&inode->i_lock); ++ /* ++ * i_lock has protected us from taking shmem_falloc seriously ++ * once return from shmem_fallocate() went back up that stack. ++ * i_lock does not serialize with i_mutex at all, but it does ++ * not matter if sometimes we wait unnecessarily, or sometimes ++ * miss out on waiting: we just need to make those cases rare. ++ */ ++ if (shmem_falloc) { ++ if ((vmf->flags & FAULT_FLAG_ALLOW_RETRY) && ++ !(vmf->flags & FAULT_FLAG_RETRY_NOWAIT)) { ++ up_read(&vma->vm_mm->mmap_sem); ++ mutex_lock(&inode->i_mutex); ++ mutex_unlock(&inode->i_mutex); ++ return VM_FAULT_RETRY; ++ } ++ /* cond_resched? Leave that to GUP or return to user */ ++ return VM_FAULT_NOPAGE; ++ } ++ } ++ + error = shmem_getpage(inode, vmf->pgoff, &vmf->page, SGP_CACHE, &ret); + if (error) + return ((error == -ENOMEM) ? VM_FAULT_OOM : VM_FAULT_SIGBUS); +@@ -1815,18 +1855,26 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset, + + mutex_lock(&inode->i_mutex); + ++ shmem_falloc.mode = mode & ~FALLOC_FL_KEEP_SIZE; ++ + if (mode & FALLOC_FL_PUNCH_HOLE) { + struct address_space *mapping = file->f_mapping; + loff_t unmap_start = round_up(offset, PAGE_SIZE); + loff_t unmap_end = round_down(offset + len, PAGE_SIZE) - 1; + ++ shmem_falloc.start = unmap_start >> PAGE_SHIFT; ++ shmem_falloc.next = (unmap_end + 1) >> PAGE_SHIFT; ++ spin_lock(&inode->i_lock); ++ inode->i_private = &shmem_falloc; ++ spin_unlock(&inode->i_lock); ++ + if ((u64)unmap_end > (u64)unmap_start) + unmap_mapping_range(mapping, unmap_start, + 1 + unmap_end - unmap_start, 0); + shmem_truncate_range(inode, offset, offset + len - 1); + /* No need to unmap again: hole-punching leaves COWed pages */ + error = 0; +- goto out; ++ goto undone; + } + + /* We need to check rlimit even when FALLOC_FL_KEEP_SIZE */ +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0002-ALSA-CVE-2014-4653.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0002-ALSA-CVE-2014-4653.patch new file mode 100644 index 00000000..8612d74a --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/0002-ALSA-CVE-2014-4653.patch @@ -0,0 +1,92 @@ +From 0bf595fd311aa4d6e82c43879f2c0d0650e83271 Mon Sep 17 00:00:00 2001 +From: Lars-Peter Clausen <lars@metafoo.de> +Date: Wed, 18 Jun 2014 13:32:33 +0200 +Subject: [PATCH] ALSA: control: Don't access controls outside of protected + regions + +commit fd9f26e4eca5d08a27d12c0933fceef76ed9663d upstream. + +A control that is visible on the card->controls list can be freed at any time. +This means we must not access any of its memory while not holding the +controls_rw_lock. Otherwise we risk a use after free access. + +This fixes CVE-2014-4653 +Upstream-Status: Backport + +Signed-off-by: Lars-Peter Clausen <lars@metafoo.de> +Acked-by: Jaroslav Kysela <perex@perex.cz> +Signed-off-by: Takashi Iwai <tiwai@suse.de> +Signed-off-by: Jiri Slaby <jslaby@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + sound/core/control.c | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +diff --git a/sound/core/control.c b/sound/core/control.c +index 15bc844..d4a597f 100644 +--- a/sound/core/control.c ++++ b/sound/core/control.c +@@ -331,6 +331,7 @@ int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol) + { + struct snd_ctl_elem_id id; + unsigned int idx; ++ unsigned int count; + int err = -EINVAL; + + if (! kcontrol) +@@ -359,8 +360,9 @@ int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol) + card->controls_count += kcontrol->count; + kcontrol->id.numid = card->last_numid + 1; + card->last_numid += kcontrol->count; ++ count = kcontrol->count; + up_write(&card->controls_rwsem); +- for (idx = 0; idx < kcontrol->count; idx++, id.index++, id.numid++) ++ for (idx = 0; idx < count; idx++, id.index++, id.numid++) + snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_ADD, &id); + return 0; + +@@ -389,6 +391,7 @@ int snd_ctl_replace(struct snd_card *card, struct snd_kcontrol *kcontrol, + bool add_on_replace) + { + struct snd_ctl_elem_id id; ++ unsigned int count; + unsigned int idx; + struct snd_kcontrol *old; + int ret; +@@ -424,8 +427,9 @@ add: + card->controls_count += kcontrol->count; + kcontrol->id.numid = card->last_numid + 1; + card->last_numid += kcontrol->count; ++ count = kcontrol->count; + up_write(&card->controls_rwsem); +- for (idx = 0; idx < kcontrol->count; idx++, id.index++, id.numid++) ++ for (idx = 0; idx < count; idx++, id.index++, id.numid++) + snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_ADD, &id); + return 0; + +@@ -898,9 +902,9 @@ static int snd_ctl_elem_write(struct snd_card *card, struct snd_ctl_file *file, + result = kctl->put(kctl, control); + } + if (result > 0) { ++ struct snd_ctl_elem_id id = control->id; + up_read(&card->controls_rwsem); +- snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_VALUE, +- &control->id); ++ snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_VALUE, &id); + return 0; + } + } +@@ -1334,8 +1338,9 @@ static int snd_ctl_tlv_ioctl(struct snd_ctl_file *file, + } + err = kctl->tlv.c(kctl, op_flag, tlv.length, _tlv->tlv); + if (err > 0) { ++ struct snd_ctl_elem_id id = kctl->id; + up_read(&card->controls_rwsem); +- snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_TLV, &kctl->id); ++ snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_TLV, &id); + return 0; + } + } else { +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0002-ALSA-CVE-2014-4656.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0002-ALSA-CVE-2014-4656.patch new file mode 100644 index 00000000..2065780f --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/0002-ALSA-CVE-2014-4656.patch @@ -0,0 +1,46 @@ +From 669982364299f6f22bea4324f0f7ee8f8a361b87 Mon Sep 17 00:00:00 2001 +From: Lars-Peter Clausen <lars@metafoo.de> +Date: Wed, 18 Jun 2014 13:32:34 +0200 +Subject: [PATCH] ALSA: control: Handle numid overflow + +commit ac902c112d90a89e59916f751c2745f4dbdbb4bd upstream. + +Each control gets automatically assigned its numids when the control is created. +The allocation is done by incrementing the numid by the amount of allocated +numids per allocation. This means that excessive creation and destruction of +controls (e.g. via SNDRV_CTL_IOCTL_ELEM_ADD/REMOVE) can cause the id to +eventually overflow. Currently when this happens for the control that caused the +overflow kctl->id.numid + kctl->count will also over flow causing it to be +smaller than kctl->id.numid. Most of the code assumes that this is something +that can not happen, so we need to make sure that it won't happen + +Fixes CVE-2014-4656 +Upstream-Status: Backport + +Signed-off-by: Lars-Peter Clausen <lars@metafoo.de> +Acked-by: Jaroslav Kysela <perex@perex.cz> +Signed-off-by: Takashi Iwai <tiwai@suse.de> +Signed-off-by: Jiri Slaby <jslaby@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + sound/core/control.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/sound/core/control.c b/sound/core/control.c +index d4a597f..93215b4 100644 +--- a/sound/core/control.c ++++ b/sound/core/control.c +@@ -289,6 +289,10 @@ static bool snd_ctl_remove_numid_conflict(struct snd_card *card, + { + struct snd_kcontrol *kctl; + ++ /* Make sure that the ids assigned to the control do not wrap around */ ++ if (card->last_numid >= UINT_MAX - count) ++ card->last_numid = 0; ++ + list_for_each_entry(kctl, &card->controls, list) { + if (kctl->id.numid < card->last_numid + 1 + count && + kctl->id.numid + kctl->count > card->last_numid + 1) { +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0002-HID-CVE-2014-3182.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0002-HID-CVE-2014-3182.patch new file mode 100644 index 00000000..a90d0799 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/0002-HID-CVE-2014-3182.patch @@ -0,0 +1,65 @@ +From ad3e14d7c5268c2e24477c6ef54bbdf88add5d36 Mon Sep 17 00:00:00 2001 +From: Jiri Kosina <jkosina@suse.cz> +Date: Thu, 21 Aug 2014 09:57:17 -0500 +Subject: [PATCH] HID: logitech: perform bounds checking on device_id early + enough + +device_index is a char type and the size of paired_dj_deivces is 7 +elements, therefore proper bounds checking has to be applied to +device_index before it is used. + +We are currently performing the bounds checking in +logi_dj_recv_add_djhid_device(), which is too late, as malicious device +could send REPORT_TYPE_NOTIF_DEVICE_UNPAIRED early enough and trigger the +problem in one of the report forwarding functions called from +logi_dj_raw_event(). + +Fix this by performing the check at the earliest possible ocasion in +logi_dj_raw_event(). + +This fixes CVE-2014-3182 +Upstream-Status: Backport + +Cc: stable@vger.kernel.org +Reported-by: Ben Hawkes <hawkes@google.com> +Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> +Signed-off-by: Jiri Kosina <jkosina@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + drivers/hid/hid-logitech-dj.c | 13 ++++++------- + 1 file changed, 6 insertions(+), 7 deletions(-) + +diff --git a/drivers/hid/hid-logitech-dj.c b/drivers/hid/hid-logitech-dj.c +index ca0ab51..b7ba829 100644 +--- a/drivers/hid/hid-logitech-dj.c ++++ b/drivers/hid/hid-logitech-dj.c +@@ -238,13 +238,6 @@ static void logi_dj_recv_add_djhid_device(struct dj_receiver_dev *djrcv_dev, + return; + } + +- if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) || +- (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) { +- dev_err(&djrcv_hdev->dev, "%s: invalid device index:%d\n", +- __func__, dj_report->device_index); +- return; +- } +- + if (djrcv_dev->paired_dj_devices[dj_report->device_index]) { + /* The device is already known. No need to reallocate it. */ + dbg_hid("%s: device is already known\n", __func__); +@@ -690,6 +683,12 @@ static int logi_dj_raw_event(struct hid_device *hdev, + * device (via hid_input_report() ) and return 1 so hid-core does not do + * anything else with it. + */ ++ if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) || ++ (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) { ++ dev_err(&hdev->dev, "%s: invalid device index:%d\n", ++ __func__, dj_report->device_index); ++ return false; ++ } + + spin_lock_irqsave(&djrcv_dev->lock, flags); + if (dj_report->report_id == REPORT_ID_DJ_SHORT) { +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0002-kvm-iommu-CVE-2014-8369.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0002-kvm-iommu-CVE-2014-8369.patch new file mode 100644 index 00000000..e43771cc --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/0002-kvm-iommu-CVE-2014-8369.patch @@ -0,0 +1,86 @@ +From 248541357433e3035d954435dafcdb9e70afee4e Mon Sep 17 00:00:00 2001 +From: Quentin Casasnovas <quentin.casasnovas@oracle.com> +Date: Fri, 17 Oct 2014 22:55:59 +0200 +Subject: [PATCH] kvm: fix excessive pages un-pinning in kvm_iommu_map error + path. + +commit 3d32e4dbe71374a6780eaf51d719d76f9a9bf22f upstream. + +The third parameter of kvm_unpin_pages() when called from +kvm_iommu_map_pages() is wrong, it should be the number of pages to un-pin +and not the page size. + +This error was facilitated with an inconsistent API: kvm_pin_pages() takes +a size, but kvn_unpin_pages() takes a number of pages, so fix the problem +by matching the two. + +This was introduced by commit 350b8bd ("kvm: iommu: fix the third parameter +of kvm_iommu_put_pages (CVE-2014-3601)"), which fixes the lack of +un-pinning for pages intended to be un-pinned (i.e. memory leak) but +unfortunately potentially aggravated the number of pages we un-pin that +should have stayed pinned. As far as I understand though, the same +practical mitigations apply. + +This issue was found during review of Red Hat 6.6 patches to prepare +Ksplice rebootless updates. + +Thanks to Vegard for his time on a late Friday evening to help me in +understanding this code. + +Fix for CVE-2014-8369 + +Upstream-Status: Backport + +Fixes: 350b8bd ("kvm: iommu: fix the third parameter of... (CVE-2014-3601)") +Signed-off-by: Quentin Casasnovas <quentin.casasnovas@oracle.com> +Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com> +Signed-off-by: Jamie Iles <jamie.iles@oracle.com> +Reviewed-by: Sasha Levin <sasha.levin@oracle.com> +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> +Signed-off-by: Jiri Slaby <jslaby@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + virt/kvm/iommu.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c +index dec9971..a650aa4 100644 +--- a/virt/kvm/iommu.c ++++ b/virt/kvm/iommu.c +@@ -43,13 +43,13 @@ static void kvm_iommu_put_pages(struct kvm *kvm, + gfn_t base_gfn, unsigned long npages); + + static pfn_t kvm_pin_pages(struct kvm_memory_slot *slot, gfn_t gfn, +- unsigned long size) ++ unsigned long npages) + { + gfn_t end_gfn; + pfn_t pfn; + + pfn = gfn_to_pfn_memslot(slot, gfn); +- end_gfn = gfn + (size >> PAGE_SHIFT); ++ end_gfn = gfn + npages; + gfn += 1; + + if (is_error_noslot_pfn(pfn)) +@@ -119,7 +119,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot) + * Pin all pages we are about to map in memory. This is + * important because we unmap and unpin in 4kb steps later. + */ +- pfn = kvm_pin_pages(slot, gfn, page_size); ++ pfn = kvm_pin_pages(slot, gfn, page_size >> PAGE_SHIFT); + if (is_error_noslot_pfn(pfn)) { + gfn += 1; + continue; +@@ -131,7 +131,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot) + if (r) { + printk(KERN_ERR "kvm_iommu_map_address:" + "iommu failed to map pfn=%llx\n", pfn); +- kvm_unpin_pages(kvm, pfn, page_size); ++ kvm_unpin_pages(kvm, pfn, page_size >> PAGE_SHIFT); + goto unmap_pages; + } + +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0002-mnt-CVE-2014-5206_CVE-2014-5207.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0002-mnt-CVE-2014-5206_CVE-2014-5207.patch new file mode 100644 index 00000000..b08f2179 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/0002-mnt-CVE-2014-5206_CVE-2014-5207.patch @@ -0,0 +1,62 @@ +From cab259f821fad20afa688d3fbeb47356447ac20b Mon Sep 17 00:00:00 2001 +From: "Eric W. Biederman" <ebiederm@xmission.com> +Date: Mon, 28 Jul 2014 17:10:56 -0700 +Subject: [PATCH] mnt: Move the test for MNT_LOCK_READONLY from + change_mount_flags into do_remount + +commit 07b645589dcda8b7a5249e096fece2a67556f0f4 upstream. + +There are no races as locked mount flags are guaranteed to never change. + +Moving the test into do_remount makes it more visible, and ensures all +filesystem remounts pass the MNT_LOCK_READONLY permission check. This +second case is not an issue today as filesystem remounts are guarded +by capable(CAP_DAC_ADMIN) and thus will always fail in less privileged +mount namespaces, but it could become an issue in the future. + +Fix for CVE-2014-5206 and CVE-2014-5207 +Upstream-Status: backport + +Cc: stable@vger.kernel.org +Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> +Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> +Signed-off-by: Jiri Slaby <jslaby@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + fs/namespace.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/fs/namespace.c b/fs/namespace.c +index 34fa7a5..8e90b03 100644 +--- a/fs/namespace.c ++++ b/fs/namespace.c +@@ -1806,9 +1806,6 @@ static int change_mount_flags(struct vfsmount *mnt, int ms_flags) + if (readonly_request == __mnt_is_readonly(mnt)) + return 0; + +- if (mnt->mnt_flags & MNT_LOCK_READONLY) +- return -EPERM; +- + if (readonly_request) + error = mnt_make_readonly(real_mount(mnt)); + else +@@ -1834,6 +1831,16 @@ static int do_remount(struct path *path, int flags, int mnt_flags, + if (path->dentry != path->mnt->mnt_root) + return -EINVAL; + ++ /* Don't allow changing of locked mnt flags. ++ * ++ * No locks need to be held here while testing the various ++ * MNT_LOCK flags because those flags can never be cleared ++ * once they are set. ++ */ ++ if ((mnt->mnt.mnt_flags & MNT_LOCK_READONLY) && ++ !(mnt_flags & MNT_READONLY)) { ++ return -EPERM; ++ } + err = security_sb_remount(sb, data); + if (err) + return err; +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0002-net-sctp-CVE-2014-3687.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0002-net-sctp-CVE-2014-3687.patch new file mode 100644 index 00000000..b05aaf2b --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/0002-net-sctp-CVE-2014-3687.patch @@ -0,0 +1,102 @@ +From a723db0be941b8aebaa1a98b33d17a91b16603e4 Mon Sep 17 00:00:00 2001 +From: Daniel Borkmann <dborkman@redhat.com> +Date: Thu, 9 Oct 2014 22:55:32 +0200 +Subject: [PATCH] net: sctp: fix panic on duplicate ASCONF chunks + +commit b69040d8e39f20d5215a03502a8e8b4c6ab78395 upstream. + +When receiving a e.g. semi-good formed connection scan in the +form of ... + + -------------- INIT[ASCONF; ASCONF_ACK] -------------> + <----------- INIT-ACK[ASCONF; ASCONF_ACK] ------------ + -------------------- COOKIE-ECHO --------------------> + <-------------------- COOKIE-ACK --------------------- + ---------------- ASCONF_a; ASCONF_b -----------------> + +... where ASCONF_a equals ASCONF_b chunk (at least both serials +need to be equal), we panic an SCTP server! + +The problem is that good-formed ASCONF chunks that we reply with +ASCONF_ACK chunks are cached per serial. Thus, when we receive a +same ASCONF chunk twice (e.g. through a lost ASCONF_ACK), we do +not need to process them again on the server side (that was the +idea, also proposed in the RFC). Instead, we know it was cached +and we just resend the cached chunk instead. So far, so good. + +Where things get nasty is in SCTP's side effect interpreter, that +is, sctp_cmd_interpreter(): + +While incoming ASCONF_a (chunk = event_arg) is being marked +!end_of_packet and !singleton, and we have an association context, +we do not flush the outqueue the first time after processing the +ASCONF_ACK singleton chunk via SCTP_CMD_REPLY. Instead, we keep it +queued up, although we set local_cork to 1. Commit 2e3216cd54b1 +changed the precedence, so that as long as we get bundled, incoming +chunks we try possible bundling on outgoing queue as well. Before +this commit, we would just flush the output queue. + +Now, while ASCONF_a's ASCONF_ACK sits in the corked outq, we +continue to process the same ASCONF_b chunk from the packet. As +we have cached the previous ASCONF_ACK, we find it, grab it and +do another SCTP_CMD_REPLY command on it. So, effectively, we rip +the chunk->list pointers and requeue the same ASCONF_ACK chunk +another time. Since we process ASCONF_b, it's correctly marked +with end_of_packet and we enforce an uncork, and thus flush, thus +crashing the kernel. + +Fix it by testing if the ASCONF_ACK is currently pending and if +that is the case, do not requeue it. When flushing the output +queue we may relink the chunk for preparing an outgoing packet, +but eventually unlink it when it's copied into the skb right +before transmission. + +Joint work with Vlad Yasevich. + +Fixes CVE-2014-3687 +Upstream-Status: Backport + +Fixes: 2e3216cd54b1 ("sctp: Follow security requirement of responding with 1 packet") +Signed-off-by: Daniel Borkmann <dborkman@redhat.com> +Signed-off-by: Vlad Yasevich <vyasevich@gmail.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +Cc: Josh Boyer <jwboyer@fedoraproject.org> +Signed-off-by: Jiri Slaby <jslaby@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + include/net/sctp/sctp.h | 5 +++++ + net/sctp/associola.c | 2 ++ + 2 files changed, 7 insertions(+) + +diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h +index 3794c5a..3848934 100644 +--- a/include/net/sctp/sctp.h ++++ b/include/net/sctp/sctp.h +@@ -454,6 +454,11 @@ static inline void sctp_assoc_pending_pmtu(struct sock *sk, struct sctp_associat + asoc->pmtu_pending = 0; + } + ++static inline bool sctp_chunk_pending(const struct sctp_chunk *chunk) ++{ ++ return !list_empty(&chunk->list); ++} ++ + /* Walk through a list of TLV parameters. Don't trust the + * individual parameter lengths and instead depend on + * the chunk length to indicate when to stop. Make sure +diff --git a/net/sctp/associola.c b/net/sctp/associola.c +index ad5cd6f..737050f 100644 +--- a/net/sctp/associola.c ++++ b/net/sctp/associola.c +@@ -1645,6 +1645,8 @@ struct sctp_chunk *sctp_assoc_lookup_asconf_ack( + * ack chunk whose serial number matches that of the request. + */ + list_for_each_entry(ack, &asoc->asconf_ack_list, transmitted_list) { ++ if (sctp_chunk_pending(ack)) ++ continue; + if (ack->subh.addip_hdr->serial == serial) { + sctp_chunk_hold(ack); + return ack; +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0002-shmem-CVE-2014-4171.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0002-shmem-CVE-2014-4171.patch new file mode 100644 index 00000000..a43b8956 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/0002-shmem-CVE-2014-4171.patch @@ -0,0 +1,200 @@ +From 38d05809df1ea5272a658e7f4d5f2a3027ad2fd2 Mon Sep 17 00:00:00 2001 +From: Hugh Dickins <hughd@google.com> +Date: Wed, 23 Jul 2014 14:00:10 -0700 +Subject: [PATCH 2/3] shmem: fix faulting into a hole, not taking i_mutex + +commit 8e205f779d1443a94b5ae81aa359cb535dd3021e upstream. + +Commit f00cdc6df7d7 ("shmem: fix faulting into a hole while it's +punched") was buggy: Sasha sent a lockdep report to remind us that +grabbing i_mutex in the fault path is a no-no (write syscall may already +hold i_mutex while faulting user buffer). + +We tried a completely different approach (see following patch) but that +proved inadequate: good enough for a rational workload, but not good +enough against trinity - which forks off so many mappings of the object +that contention on i_mmap_mutex while hole-puncher holds i_mutex builds +into serious starvation when concurrent faults force the puncher to fall +back to single-page unmap_mapping_range() searches of the i_mmap tree. + +So return to the original umbrella approach, but keep away from i_mutex +this time. We really don't want to bloat every shmem inode with a new +mutex or completion, just to protect this unlikely case from trinity. +So extend the original with wait_queue_head on stack at the hole-punch +end, and wait_queue item on the stack at the fault end. + +This involves further use of i_lock to guard against the races: lockdep +has been happy so far, and I see fs/inode.c:unlock_new_inode() holds +i_lock around wake_up_bit(), which is comparable to what we do here. +i_lock is more convenient, but we could switch to shmem's info->lock. + +This issue has been tagged with CVE-2014-4171, which will require commit +f00cdc6df7d7 and this and the following patch to be backported: we +suggest to 3.1+, though in fact the trinity forkbomb effect might go +back as far as 2.6.16, when madvise(,,MADV_REMOVE) came in - or might +not, since much has changed, with i_mmap_mutex a spinlock before 3.0. +Anyone running trinity on 3.0 and earlier? I don't think we need care. + +Upstream-Status: Backport + +Signed-off-by: Hugh Dickins <hughd@google.com> +Reported-by: Sasha Levin <sasha.levin@oracle.com> +Tested-by: Sasha Levin <sasha.levin@oracle.com> +Cc: Vlastimil Babka <vbabka@suse.cz> +Cc: Konstantin Khlebnikov <koct9i@gmail.com> +Cc: Johannes Weiner <hannes@cmpxchg.org> +Cc: Lukas Czerner <lczerner@redhat.com> +Cc: Dave Jones <davej@redhat.com> +Cc: <stable@vger.kernel.org> [3.1+] +Signed-off-by: Andrew Morton <akpm@linux-foundation.org> +Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> +Signed-off-by: Jiri Slaby <jslaby@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + mm/shmem.c | 78 +++++++++++++++++++++++++++++++++++++++++--------------------- + 1 file changed, 52 insertions(+), 26 deletions(-) + +diff --git a/mm/shmem.c b/mm/shmem.c +index 00d412f..6f5626f 100644 +--- a/mm/shmem.c ++++ b/mm/shmem.c +@@ -85,7 +85,7 @@ static struct vfsmount *shm_mnt; + * a time): we would prefer not to enlarge the shmem inode just for that. + */ + struct shmem_falloc { +- int mode; /* FALLOC_FL mode currently operating */ ++ wait_queue_head_t *waitq; /* faults into hole wait for punch to end */ + pgoff_t start; /* start of range currently being fallocated */ + pgoff_t next; /* the next page offset to be fallocated */ + pgoff_t nr_falloced; /* how many new pages have been fallocated */ +@@ -827,7 +827,7 @@ static int shmem_writepage(struct page *page, struct writeback_control *wbc) + spin_lock(&inode->i_lock); + shmem_falloc = inode->i_private; + if (shmem_falloc && +- !shmem_falloc->mode && ++ !shmem_falloc->waitq && + index >= shmem_falloc->start && + index < shmem_falloc->next) + shmem_falloc->nr_unswapped++; +@@ -1306,38 +1306,58 @@ static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf) + * Trinity finds that probing a hole which tmpfs is punching can + * prevent the hole-punch from ever completing: which in turn + * locks writers out with its hold on i_mutex. So refrain from +- * faulting pages into the hole while it's being punched, and +- * wait on i_mutex to be released if vmf->flags permits. ++ * faulting pages into the hole while it's being punched. Although ++ * shmem_undo_range() does remove the additions, it may be unable to ++ * keep up, as each new page needs its own unmap_mapping_range() call, ++ * and the i_mmap tree grows ever slower to scan if new vmas are added. ++ * ++ * It does not matter if we sometimes reach this check just before the ++ * hole-punch begins, so that one fault then races with the punch: ++ * we just need to make racing faults a rare case. ++ * ++ * The implementation below would be much simpler if we just used a ++ * standard mutex or completion: but we cannot take i_mutex in fault, ++ * and bloating every shmem inode for this unlikely case would be sad. + */ + if (unlikely(inode->i_private)) { + struct shmem_falloc *shmem_falloc; + + spin_lock(&inode->i_lock); + shmem_falloc = inode->i_private; +- if (!shmem_falloc || +- shmem_falloc->mode != FALLOC_FL_PUNCH_HOLE || +- vmf->pgoff < shmem_falloc->start || +- vmf->pgoff >= shmem_falloc->next) +- shmem_falloc = NULL; +- spin_unlock(&inode->i_lock); +- /* +- * i_lock has protected us from taking shmem_falloc seriously +- * once return from shmem_fallocate() went back up that stack. +- * i_lock does not serialize with i_mutex at all, but it does +- * not matter if sometimes we wait unnecessarily, or sometimes +- * miss out on waiting: we just need to make those cases rare. +- */ +- if (shmem_falloc) { ++ if (shmem_falloc && ++ shmem_falloc->waitq && ++ vmf->pgoff >= shmem_falloc->start && ++ vmf->pgoff < shmem_falloc->next) { ++ wait_queue_head_t *shmem_falloc_waitq; ++ DEFINE_WAIT(shmem_fault_wait); ++ ++ ret = VM_FAULT_NOPAGE; + if ((vmf->flags & FAULT_FLAG_ALLOW_RETRY) && + !(vmf->flags & FAULT_FLAG_RETRY_NOWAIT)) { ++ /* It's polite to up mmap_sem if we can */ + up_read(&vma->vm_mm->mmap_sem); +- mutex_lock(&inode->i_mutex); +- mutex_unlock(&inode->i_mutex); +- return VM_FAULT_RETRY; ++ ret = VM_FAULT_RETRY; + } +- /* cond_resched? Leave that to GUP or return to user */ +- return VM_FAULT_NOPAGE; ++ ++ shmem_falloc_waitq = shmem_falloc->waitq; ++ prepare_to_wait(shmem_falloc_waitq, &shmem_fault_wait, ++ TASK_UNINTERRUPTIBLE); ++ spin_unlock(&inode->i_lock); ++ schedule(); ++ ++ /* ++ * shmem_falloc_waitq points into the shmem_fallocate() ++ * stack of the hole-punching task: shmem_falloc_waitq ++ * is usually invalid by the time we reach here, but ++ * finish_wait() does not dereference it in that case; ++ * though i_lock needed lest racing with wake_up_all(). ++ */ ++ spin_lock(&inode->i_lock); ++ finish_wait(shmem_falloc_waitq, &shmem_fault_wait); ++ spin_unlock(&inode->i_lock); ++ return ret; + } ++ spin_unlock(&inode->i_lock); + } + + error = shmem_getpage(inode, vmf->pgoff, &vmf->page, SGP_CACHE, &ret); +@@ -1855,13 +1875,13 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset, + + mutex_lock(&inode->i_mutex); + +- shmem_falloc.mode = mode & ~FALLOC_FL_KEEP_SIZE; +- + if (mode & FALLOC_FL_PUNCH_HOLE) { + struct address_space *mapping = file->f_mapping; + loff_t unmap_start = round_up(offset, PAGE_SIZE); + loff_t unmap_end = round_down(offset + len, PAGE_SIZE) - 1; ++ DECLARE_WAIT_QUEUE_HEAD_ONSTACK(shmem_falloc_waitq); + ++ shmem_falloc.waitq = &shmem_falloc_waitq; + shmem_falloc.start = unmap_start >> PAGE_SHIFT; + shmem_falloc.next = (unmap_end + 1) >> PAGE_SHIFT; + spin_lock(&inode->i_lock); +@@ -1873,8 +1893,13 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset, + 1 + unmap_end - unmap_start, 0); + shmem_truncate_range(inode, offset, offset + len - 1); + /* No need to unmap again: hole-punching leaves COWed pages */ ++ ++ spin_lock(&inode->i_lock); ++ inode->i_private = NULL; ++ wake_up_all(&shmem_falloc_waitq); ++ spin_unlock(&inode->i_lock); + error = 0; +- goto undone; ++ goto out; + } + + /* We need to check rlimit even when FALLOC_FL_KEEP_SIZE */ +@@ -1890,6 +1915,7 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset, + goto out; + } + ++ shmem_falloc.waitq = NULL; + shmem_falloc.start = start; + shmem_falloc.next = start; + shmem_falloc.nr_falloced = 0; +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0003-HID-CVE-2014-3184.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0003-HID-CVE-2014-3184.patch new file mode 100644 index 00000000..f58b2f0e --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/0003-HID-CVE-2014-3184.patch @@ -0,0 +1,114 @@ +From 4ab25786c87eb20857bbb715c3ae34ec8fd6a214 Mon Sep 17 00:00:00 2001 +From: Jiri Kosina <jkosina@suse.cz> +Date: Thu, 21 Aug 2014 09:57:48 -0500 +Subject: [PATCH] HID: fix a couple of off-by-ones + +There are a few very theoretical off-by-one bugs in report descriptor size +checking when performing a pre-parsing fixup. Fix those. + +This fixes CVE-2014-3184 +Upstream-Status: Backport + +Cc: stable@vger.kernel.org +Reported-by: Ben Hawkes <hawkes@google.com> +Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> +Signed-off-by: Jiri Kosina <jkosina@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + drivers/hid/hid-cherry.c | 2 +- + drivers/hid/hid-kye.c | 2 +- + drivers/hid/hid-lg.c | 4 ++-- + drivers/hid/hid-monterey.c | 2 +- + drivers/hid/hid-petalynx.c | 2 +- + drivers/hid/hid-sunplus.c | 2 +- + 6 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/drivers/hid/hid-cherry.c b/drivers/hid/hid-cherry.c +index 1bdcccc..f745d2c 100644 +--- a/drivers/hid/hid-cherry.c ++++ b/drivers/hid/hid-cherry.c +@@ -28,7 +28,7 @@ + static __u8 *ch_report_fixup(struct hid_device *hdev, __u8 *rdesc, + unsigned int *rsize) + { +- if (*rsize >= 17 && rdesc[11] == 0x3c && rdesc[12] == 0x02) { ++ if (*rsize >= 18 && rdesc[11] == 0x3c && rdesc[12] == 0x02) { + hid_info(hdev, "fixing up Cherry Cymotion report descriptor\n"); + rdesc[11] = rdesc[16] = 0xff; + rdesc[12] = rdesc[17] = 0x03; +diff --git a/drivers/hid/hid-kye.c b/drivers/hid/hid-kye.c +index e776963..b92bf01 100644 +--- a/drivers/hid/hid-kye.c ++++ b/drivers/hid/hid-kye.c +@@ -300,7 +300,7 @@ static __u8 *kye_report_fixup(struct hid_device *hdev, __u8 *rdesc, + * - change the button usage range to 4-7 for the extra + * buttons + */ +- if (*rsize >= 74 && ++ if (*rsize >= 75 && + rdesc[61] == 0x05 && rdesc[62] == 0x08 && + rdesc[63] == 0x19 && rdesc[64] == 0x08 && + rdesc[65] == 0x29 && rdesc[66] == 0x0f && +diff --git a/drivers/hid/hid-lg.c b/drivers/hid/hid-lg.c +index a976f48..f91ff14 100644 +--- a/drivers/hid/hid-lg.c ++++ b/drivers/hid/hid-lg.c +@@ -345,14 +345,14 @@ static __u8 *lg_report_fixup(struct hid_device *hdev, __u8 *rdesc, + struct usb_device_descriptor *udesc; + __u16 bcdDevice, rev_maj, rev_min; + +- if ((drv_data->quirks & LG_RDESC) && *rsize >= 90 && rdesc[83] == 0x26 && ++ if ((drv_data->quirks & LG_RDESC) && *rsize >= 91 && rdesc[83] == 0x26 && + rdesc[84] == 0x8c && rdesc[85] == 0x02) { + hid_info(hdev, + "fixing up Logitech keyboard report descriptor\n"); + rdesc[84] = rdesc[89] = 0x4d; + rdesc[85] = rdesc[90] = 0x10; + } +- if ((drv_data->quirks & LG_RDESC_REL_ABS) && *rsize >= 50 && ++ if ((drv_data->quirks & LG_RDESC_REL_ABS) && *rsize >= 51 && + rdesc[32] == 0x81 && rdesc[33] == 0x06 && + rdesc[49] == 0x81 && rdesc[50] == 0x06) { + hid_info(hdev, +diff --git a/drivers/hid/hid-monterey.c b/drivers/hid/hid-monterey.c +index 9e14c00..25daf28 100644 +--- a/drivers/hid/hid-monterey.c ++++ b/drivers/hid/hid-monterey.c +@@ -24,7 +24,7 @@ + static __u8 *mr_report_fixup(struct hid_device *hdev, __u8 *rdesc, + unsigned int *rsize) + { +- if (*rsize >= 30 && rdesc[29] == 0x05 && rdesc[30] == 0x09) { ++ if (*rsize >= 31 && rdesc[29] == 0x05 && rdesc[30] == 0x09) { + hid_info(hdev, "fixing up button/consumer in HID report descriptor\n"); + rdesc[30] = 0x0c; + } +diff --git a/drivers/hid/hid-petalynx.c b/drivers/hid/hid-petalynx.c +index 736b250..6aca4f2 100644 +--- a/drivers/hid/hid-petalynx.c ++++ b/drivers/hid/hid-petalynx.c +@@ -25,7 +25,7 @@ + static __u8 *pl_report_fixup(struct hid_device *hdev, __u8 *rdesc, + unsigned int *rsize) + { +- if (*rsize >= 60 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 && ++ if (*rsize >= 62 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 && + rdesc[41] == 0x00 && rdesc[59] == 0x26 && + rdesc[60] == 0xf9 && rdesc[61] == 0x00) { + hid_info(hdev, "fixing up Petalynx Maxter Remote report descriptor\n"); +diff --git a/drivers/hid/hid-sunplus.c b/drivers/hid/hid-sunplus.c +index 87fc91e..91072fa 100644 +--- a/drivers/hid/hid-sunplus.c ++++ b/drivers/hid/hid-sunplus.c +@@ -24,7 +24,7 @@ + static __u8 *sp_report_fixup(struct hid_device *hdev, __u8 *rdesc, + unsigned int *rsize) + { +- if (*rsize >= 107 && rdesc[104] == 0x26 && rdesc[105] == 0x80 && ++ if (*rsize >= 112 && rdesc[104] == 0x26 && rdesc[105] == 0x80 && + rdesc[106] == 0x03) { + hid_info(hdev, "fixing up Sunplus Wireless Desktop report descriptor\n"); + rdesc[105] = rdesc[110] = 0x03; +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0003-mnt-CVE-2014-5206_CVE-2014-5207.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0003-mnt-CVE-2014-5206_CVE-2014-5207.patch new file mode 100644 index 00000000..aa5ca1bc --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/0003-mnt-CVE-2014-5206_CVE-2014-5207.patch @@ -0,0 +1,137 @@ +From 8b18c0adbc5d0cb1530692e72bcfb88fd7bb77bb Mon Sep 17 00:00:00 2001 +From: "Eric W. Biederman" <ebiederm@xmission.com> +Date: Mon, 28 Jul 2014 17:26:07 -0700 +Subject: [PATCH] mnt: Correct permission checks in do_remount + +commit 9566d6742852c527bf5af38af5cbb878dad75705 upstream. + +While invesgiating the issue where in "mount --bind -oremount,ro ..." +would result in later "mount --bind -oremount,rw" succeeding even if +the mount started off locked I realized that there are several +additional mount flags that should be locked and are not. + +In particular MNT_NOSUID, MNT_NODEV, MNT_NOEXEC, and the atime +flags in addition to MNT_READONLY should all be locked. These +flags are all per superblock, can all be changed with MS_BIND, +and should not be changable if set by a more privileged user. + +The following additions to the current logic are added in this patch. +- nosuid may not be clearable by a less privileged user. +- nodev may not be clearable by a less privielged user. +- noexec may not be clearable by a less privileged user. +- atime flags may not be changeable by a less privileged user. + +The logic with atime is that always setting atime on access is a +global policy and backup software and auditing software could break if +atime bits are not updated (when they are configured to be updated), +and serious performance degradation could result (DOS attack) if atime +updates happen when they have been explicitly disabled. Therefore an +unprivileged user should not be able to mess with the atime bits set +by a more privileged user. + +The additional restrictions are implemented with the addition of +MNT_LOCK_NOSUID, MNT_LOCK_NODEV, MNT_LOCK_NOEXEC, and MNT_LOCK_ATIME +mnt flags. + +Taken together these changes and the fixes for MNT_LOCK_READONLY +should make it safe for an unprivileged user to create a user +namespace and to call "mount --bind -o remount,... ..." without +the danger of mount flags being changed maliciously. + +Fix for CVE-2014-5206 and CVE-2014-5207 +Upstream-Status: backport + +Cc: stable@vger.kernel.org +Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> +Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> +Signed-off-by: Jiri Slaby <jslaby@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + fs/namespace.c | 36 +++++++++++++++++++++++++++++++++--- + include/linux/mount.h | 5 +++++ + 2 files changed, 38 insertions(+), 3 deletions(-) + +diff --git a/fs/namespace.c b/fs/namespace.c +index 8e90b03..7c67de8 100644 +--- a/fs/namespace.c ++++ b/fs/namespace.c +@@ -827,8 +827,21 @@ static struct mount *clone_mnt(struct mount *old, struct dentry *root, + + mnt->mnt.mnt_flags = old->mnt.mnt_flags & ~MNT_WRITE_HOLD; + /* Don't allow unprivileged users to change mount flags */ +- if ((flag & CL_UNPRIVILEGED) && (mnt->mnt.mnt_flags & MNT_READONLY)) +- mnt->mnt.mnt_flags |= MNT_LOCK_READONLY; ++ if (flag & CL_UNPRIVILEGED) { ++ mnt->mnt.mnt_flags |= MNT_LOCK_ATIME; ++ ++ if (mnt->mnt.mnt_flags & MNT_READONLY) ++ mnt->mnt.mnt_flags |= MNT_LOCK_READONLY; ++ ++ if (mnt->mnt.mnt_flags & MNT_NODEV) ++ mnt->mnt.mnt_flags |= MNT_LOCK_NODEV; ++ ++ if (mnt->mnt.mnt_flags & MNT_NOSUID) ++ mnt->mnt.mnt_flags |= MNT_LOCK_NOSUID; ++ ++ if (mnt->mnt.mnt_flags & MNT_NOEXEC) ++ mnt->mnt.mnt_flags |= MNT_LOCK_NOEXEC; ++ } + + /* Don't allow unprivileged users to reveal what is under a mount */ + if ((flag & CL_UNPRIVILEGED) && list_empty(&old->mnt_expire)) +@@ -1841,6 +1854,23 @@ static int do_remount(struct path *path, int flags, int mnt_flags, + !(mnt_flags & MNT_READONLY)) { + return -EPERM; + } ++ if ((mnt->mnt.mnt_flags & MNT_LOCK_NODEV) && ++ !(mnt_flags & MNT_NODEV)) { ++ return -EPERM; ++ } ++ if ((mnt->mnt.mnt_flags & MNT_LOCK_NOSUID) && ++ !(mnt_flags & MNT_NOSUID)) { ++ return -EPERM; ++ } ++ if ((mnt->mnt.mnt_flags & MNT_LOCK_NOEXEC) && ++ !(mnt_flags & MNT_NOEXEC)) { ++ return -EPERM; ++ } ++ if ((mnt->mnt.mnt_flags & MNT_LOCK_ATIME) && ++ ((mnt->mnt.mnt_flags & MNT_ATIME_MASK) != (mnt_flags & MNT_ATIME_MASK))) { ++ return -EPERM; ++ } ++ + err = security_sb_remount(sb, data); + if (err) + return err; +@@ -2043,7 +2073,7 @@ static int do_new_mount(struct path *path, const char *fstype, int flags, + */ + if (!(type->fs_flags & FS_USERNS_DEV_MOUNT)) { + flags |= MS_NODEV; +- mnt_flags |= MNT_NODEV; ++ mnt_flags |= MNT_NODEV | MNT_LOCK_NODEV; + } + } + +diff --git a/include/linux/mount.h b/include/linux/mount.h +index 8707c9e..22e5b96 100644 +--- a/include/linux/mount.h ++++ b/include/linux/mount.h +@@ -45,10 +45,15 @@ struct mnt_namespace; + #define MNT_USER_SETTABLE_MASK (MNT_NOSUID | MNT_NODEV | MNT_NOEXEC \ + | MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME \ + | MNT_READONLY) ++#define MNT_ATIME_MASK (MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME ) + + + #define MNT_INTERNAL 0x4000 + ++#define MNT_LOCK_ATIME 0x040000 ++#define MNT_LOCK_NOEXEC 0x080000 ++#define MNT_LOCK_NOSUID 0x100000 ++#define MNT_LOCK_NODEV 0x200000 + #define MNT_LOCK_READONLY 0x400000 + #define MNT_LOCKED 0x800000 + +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0003-net-sctp-CVE-2014-3688.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0003-net-sctp-CVE-2014-3688.patch new file mode 100644 index 00000000..1b4716d0 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/0003-net-sctp-CVE-2014-3688.patch @@ -0,0 +1,160 @@ +From e476841415c1b7b54e4118d8a219f5db71878675 Mon Sep 17 00:00:00 2001 +From: Daniel Borkmann <dborkman@redhat.com> +Date: Thu, 9 Oct 2014 22:55:33 +0200 +Subject: [PATCH] net: sctp: fix remote memory pressure from excessive queueing + +commit 26b87c7881006311828bb0ab271a551a62dcceb4 upstream. + +This scenario is not limited to ASCONF, just taken as one +example triggering the issue. When receiving ASCONF probes +in the form of ... + + -------------- INIT[ASCONF; ASCONF_ACK] -------------> + <----------- INIT-ACK[ASCONF; ASCONF_ACK] ------------ + -------------------- COOKIE-ECHO --------------------> + <-------------------- COOKIE-ACK --------------------- + ---- ASCONF_a; [ASCONF_b; ...; ASCONF_n;] JUNK ------> + [...] + ---- ASCONF_m; [ASCONF_o; ...; ASCONF_z;] JUNK ------> + +... where ASCONF_a, ASCONF_b, ..., ASCONF_z are good-formed +ASCONFs and have increasing serial numbers, we process such +ASCONF chunk(s) marked with !end_of_packet and !singleton, +since we have not yet reached the SCTP packet end. SCTP does +only do verification on a chunk by chunk basis, as an SCTP +packet is nothing more than just a container of a stream of +chunks which it eats up one by one. + +We could run into the case that we receive a packet with a +malformed tail, above marked as trailing JUNK. All previous +chunks are here goodformed, so the stack will eat up all +previous chunks up to this point. In case JUNK does not fit +into a chunk header and there are no more other chunks in +the input queue, or in case JUNK contains a garbage chunk +header, but the encoded chunk length would exceed the skb +tail, or we came here from an entirely different scenario +and the chunk has pdiscard=1 mark (without having had a flush +point), it will happen, that we will excessively queue up +the association's output queue (a correct final chunk may +then turn it into a response flood when flushing the +queue ;)): I ran a simple script with incremental ASCONF +serial numbers and could see the server side consuming +excessive amount of RAM [before/after: up to 2GB and more]. + +The issue at heart is that the chunk train basically ends +with !end_of_packet and !singleton markers and since commit +2e3216cd54b1 ("sctp: Follow security requirement of responding +with 1 packet") therefore preventing an output queue flush +point in sctp_do_sm() -> sctp_cmd_interpreter() on the input +chunk (chunk = event_arg) even though local_cork is set, +but its precedence has changed since then. In the normal +case, the last chunk with end_of_packet=1 would trigger the +queue flush to accommodate possible outgoing bundling. + +In the input queue, sctp_inq_pop() seems to do the right thing +in terms of discarding invalid chunks. So, above JUNK will +not enter the state machine and instead be released and exit +the sctp_assoc_bh_rcv() chunk processing loop. It's simply +the flush point being missing at loop exit. Adding a try-flush +approach on the output queue might not work as the underlying +infrastructure might be long gone at this point due to the +side-effect interpreter run. + +One possibility, albeit a bit of a kludge, would be to defer +invalid chunk freeing into the state machine in order to +possibly trigger packet discards and thus indirectly a queue +flush on error. It would surely be better to discard chunks +as in the current, perhaps better controlled environment, but +going back and forth, it's simply architecturally not possible. +I tried various trailing JUNK attack cases and it seems to +look good now. + +Joint work with Vlad Yasevich. + +Fixes CVE-2014-3688 +Upstream-Status: Backport + +Fixes: 2e3216cd54b1 ("sctp: Follow security requirement of responding with 1 packet") +Signed-off-by: Daniel Borkmann <dborkman@redhat.com> +Signed-off-by: Vlad Yasevich <vyasevich@gmail.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +Cc: Josh Boyer <jwboyer@fedoraproject.org> +Signed-off-by: Jiri Slaby <jslaby@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + net/sctp/inqueue.c | 33 +++++++-------------------------- + net/sctp/sm_statefuns.c | 3 +++ + 2 files changed, 10 insertions(+), 26 deletions(-) + +diff --git a/net/sctp/inqueue.c b/net/sctp/inqueue.c +index 5856932..560cd41 100644 +--- a/net/sctp/inqueue.c ++++ b/net/sctp/inqueue.c +@@ -141,18 +141,9 @@ struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue) + } else { + /* Nothing to do. Next chunk in the packet, please. */ + ch = (sctp_chunkhdr_t *) chunk->chunk_end; +- + /* Force chunk->skb->data to chunk->chunk_end. */ +- skb_pull(chunk->skb, +- chunk->chunk_end - chunk->skb->data); +- +- /* Verify that we have at least chunk headers +- * worth of buffer left. +- */ +- if (skb_headlen(chunk->skb) < sizeof(sctp_chunkhdr_t)) { +- sctp_chunk_free(chunk); +- chunk = queue->in_progress = NULL; +- } ++ skb_pull(chunk->skb, chunk->chunk_end - chunk->skb->data); ++ /* We are guaranteed to pull a SCTP header. */ + } + } + +@@ -188,24 +179,14 @@ struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue) + skb_pull(chunk->skb, sizeof(sctp_chunkhdr_t)); + chunk->subh.v = NULL; /* Subheader is no longer valid. */ + +- if (chunk->chunk_end < skb_tail_pointer(chunk->skb)) { ++ if (chunk->chunk_end + sizeof(sctp_chunkhdr_t) < ++ skb_tail_pointer(chunk->skb)) { + /* This is not a singleton */ + chunk->singleton = 0; + } else if (chunk->chunk_end > skb_tail_pointer(chunk->skb)) { +- /* RFC 2960, Section 6.10 Bundling +- * +- * Partial chunks MUST NOT be placed in an SCTP packet. +- * If the receiver detects a partial chunk, it MUST drop +- * the chunk. +- * +- * Since the end of the chunk is past the end of our buffer +- * (which contains the whole packet, we can freely discard +- * the whole packet. +- */ +- sctp_chunk_free(chunk); +- chunk = queue->in_progress = NULL; +- +- return NULL; ++ /* Discard inside state machine. */ ++ chunk->pdiscard = 1; ++ chunk->chunk_end = skb_tail_pointer(chunk->skb); + } else { + /* We are at the end of the packet, so mark the chunk + * in case we need to send a SACK. +diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c +index 1dbcc6a..62623cc 100644 +--- a/net/sctp/sm_statefuns.c ++++ b/net/sctp/sm_statefuns.c +@@ -171,6 +171,9 @@ sctp_chunk_length_valid(struct sctp_chunk *chunk, + { + __u16 chunk_length = ntohs(chunk->chunk_hdr->length); + ++ /* Previously already marked? */ ++ if (unlikely(chunk->pdiscard)) ++ return 0; + if (unlikely(chunk_length < required_length)) + return 0; + +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0003-shmem-CVE-2014-4171.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0003-shmem-CVE-2014-4171.patch new file mode 100644 index 00000000..2b70ec1d --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/0003-shmem-CVE-2014-4171.patch @@ -0,0 +1,134 @@ +From a428dc008e435c5a36b1288fb5b8c4b58472e28c Mon Sep 17 00:00:00 2001 +From: Hugh Dickins <hughd@google.com> +Date: Wed, 23 Jul 2014 14:00:13 -0700 +Subject: [PATCH 3/3] shmem: fix splicing from a hole while it's punched + +commit b1a366500bd537b50c3aad26dc7df083ec03a448 upstream. + +shmem_fault() is the actual culprit in trinity's hole-punch starvation, +and the most significant cause of such problems: since a page faulted is +one that then appears page_mapped(), needing unmap_mapping_range() and +i_mmap_mutex to be unmapped again. + +But it is not the only way in which a page can be brought into a hole in +the radix_tree while that hole is being punched; and Vlastimil's testing +implies that if enough other processors are busy filling in the hole, +then shmem_undo_range() can be kept from completing indefinitely. + +shmem_file_splice_read() is the main other user of SGP_CACHE, which can +instantiate shmem pagecache pages in the read-only case (without holding +i_mutex, so perhaps concurrently with a hole-punch). Probably it's +silly not to use SGP_READ already (using the ZERO_PAGE for holes): which +ought to be safe, but might bring surprises - not a change to be rushed. + +shmem_read_mapping_page_gfp() is an internal interface used by +drivers/gpu/drm GEM (and next by uprobes): it should be okay. And +shmem_file_read_iter() uses the SGP_DIRTY variant of SGP_CACHE, when +called internally by the kernel (perhaps for a stacking filesystem, +which might rely on holes to be reserved): it's unclear whether it could +be provoked to keep hole-punch busy or not. + +We could apply the same umbrella as now used in shmem_fault() to +shmem_file_splice_read() and the others; but it looks ugly, and use over +a range raises questions - should it actually be per page? can these get +starved themselves? + +The origin of this part of the problem is my v3.1 commit d0823576bf4b +("mm: pincer in truncate_inode_pages_range"), once it was duplicated +into shmem.c. It seemed like a nice idea at the time, to ensure +(barring RCU lookup fuzziness) that there's an instant when the entire +hole is empty; but the indefinitely repeated scans to ensure that make +it vulnerable. + +Revert that "enhancement" to hole-punch from shmem_undo_range(), but +retain the unproblematic rescanning when it's truncating; add a couple +of comments there. + +Remove the "indices[0] >= end" test: that is now handled satisfactorily +by the inner loop, and mem_cgroup_uncharge_start()/end() are too light +to be worth avoiding here. + +But if we do not always loop indefinitely, we do need to handle the case +of swap swizzled back to page before shmem_free_swap() gets it: add a +retry for that case, as suggested by Konstantin Khlebnikov; and for the +case of page swizzled back to swap, as suggested by Johannes Weiner. + +Upstream-Status: Backport + +Signed-off-by: Hugh Dickins <hughd@google.com> +Reported-by: Sasha Levin <sasha.levin@oracle.com> +Suggested-by: Vlastimil Babka <vbabka@suse.cz> +Cc: Konstantin Khlebnikov <koct9i@gmail.com> +Cc: Johannes Weiner <hannes@cmpxchg.org> +Cc: Lukas Czerner <lczerner@redhat.com> +Cc: Dave Jones <davej@redhat.com> +Cc: <stable@vger.kernel.org> [3.1+] +Signed-off-by: Andrew Morton <akpm@linux-foundation.org> +Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> +Signed-off-by: Jiri Slaby <jslaby@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + mm/shmem.c | 24 +++++++++++++++--------- + 1 file changed, 15 insertions(+), 9 deletions(-) + +diff --git a/mm/shmem.c b/mm/shmem.c +index 6f5626f..0da81aa 100644 +--- a/mm/shmem.c ++++ b/mm/shmem.c +@@ -534,22 +534,19 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend, + return; + + index = start; +- for ( ; ; ) { ++ while (index < end) { + cond_resched(); + pvec.nr = shmem_find_get_pages_and_swap(mapping, index, + min(end - index, (pgoff_t)PAGEVEC_SIZE), + pvec.pages, indices); + if (!pvec.nr) { +- if (index == start || unfalloc) ++ /* If all gone or hole-punch or unfalloc, we're done */ ++ if (index == start || end != -1) + break; ++ /* But if truncating, restart to make sure all gone */ + index = start; + continue; + } +- if ((index == start || unfalloc) && indices[0] >= end) { +- shmem_deswap_pagevec(&pvec); +- pagevec_release(&pvec); +- break; +- } + mem_cgroup_uncharge_start(); + for (i = 0; i < pagevec_count(&pvec); i++) { + struct page *page = pvec.pages[i]; +@@ -561,8 +558,12 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend, + if (radix_tree_exceptional_entry(page)) { + if (unfalloc) + continue; +- nr_swaps_freed += !shmem_free_swap(mapping, +- index, page); ++ if (shmem_free_swap(mapping, index, page)) { ++ /* Swap was replaced by page: retry */ ++ index--; ++ break; ++ } ++ nr_swaps_freed++; + continue; + } + +@@ -571,6 +572,11 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend, + if (page->mapping == mapping) { + VM_BUG_ON(PageWriteback(page)); + truncate_inode_page(mapping, page); ++ } else { ++ /* Page was replaced by swap: retry */ ++ unlock_page(page); ++ index--; ++ break; + } + } + unlock_page(page); +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0004-USB-CVE-2014-3185.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0004-USB-CVE-2014-3185.patch new file mode 100644 index 00000000..08208076 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/0004-USB-CVE-2014-3185.patch @@ -0,0 +1,51 @@ +From 6817ae225cd650fb1c3295d769298c38b1eba818 Mon Sep 17 00:00:00 2001 +From: James Forshaw <forshaw@google.com> +Date: Sat, 23 Aug 2014 14:39:48 -0700 +Subject: [PATCH] USB: whiteheat: Added bounds checking for bulk command + response + +This patch fixes a potential security issue in the whiteheat USB driver +which might allow a local attacker to cause kernel memory corrpution. This +is due to an unchecked memcpy into a fixed size buffer (of 64 bytes). On +EHCI and XHCI busses it's possible to craft responses greater than 64 +bytes leading a buffer overflow. + +This fixes CVE-2014-3185 +Upstream-Status: Backport + +Signed-off-by: James Forshaw <forshaw@google.com> +Cc: stable <stable@vger.kernel.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + drivers/usb/serial/whiteheat.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/drivers/usb/serial/whiteheat.c b/drivers/usb/serial/whiteheat.c +index e62f2df..6c3734d 100644 +--- a/drivers/usb/serial/whiteheat.c ++++ b/drivers/usb/serial/whiteheat.c +@@ -514,6 +514,10 @@ static void command_port_read_callback(struct urb *urb) + dev_dbg(&urb->dev->dev, "%s - command_info is NULL, exiting.\n", __func__); + return; + } ++ if (!urb->actual_length) { ++ dev_dbg(&urb->dev->dev, "%s - empty response, exiting.\n", __func__); ++ return; ++ } + if (status) { + dev_dbg(&urb->dev->dev, "%s - nonzero urb status: %d\n", __func__, status); + if (status != -ENOENT) +@@ -534,7 +538,8 @@ static void command_port_read_callback(struct urb *urb) + /* These are unsolicited reports from the firmware, hence no + waiting command to wakeup */ + dev_dbg(&urb->dev->dev, "%s - event received\n", __func__); +- } else if (data[0] == WHITEHEAT_GET_DTR_RTS) { ++ } else if ((data[0] == WHITEHEAT_GET_DTR_RTS) && ++ (urb->actual_length - 1 <= sizeof(command_info->result_buffer))) { + memcpy(command_info->result_buffer, &data[1], + urb->actual_length - 1); + command_info->command_finished = WHITEHEAT_CMD_COMPLETE; +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0004-mnt-CVE-2014-5206_CVE-2014-5207.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0004-mnt-CVE-2014-5206_CVE-2014-5207.patch new file mode 100644 index 00000000..8cd4b130 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/0004-mnt-CVE-2014-5206_CVE-2014-5207.patch @@ -0,0 +1,64 @@ +From fafbc9412b8f2dae04bc3ca233ae7b49482c8df8 Mon Sep 17 00:00:00 2001 +From: "Eric W. Biederman" <ebiederm@xmission.com> +Date: Mon, 28 Jul 2014 17:36:04 -0700 +Subject: [PATCH] mnt: Change the default remount atime from relatime to the + existing value + +commit ffbc6f0ead47fa5a1dc9642b0331cb75c20a640e upstream. + +Since March 2009 the kernel has treated the state that if no +MS_..ATIME flags are passed then the kernel defaults to relatime. + +Defaulting to relatime instead of the existing atime state during a +remount is silly, and causes problems in practice for people who don't +specify any MS_...ATIME flags and to get the default filesystem atime +setting. Those users may encounter a permission error because the +default atime setting does not work. + +A default that does not work and causes permission problems is +ridiculous, so preserve the existing value to have a default +atime setting that is always guaranteed to work. + +Using the default atime setting in this way is particularly +interesting for applications built to run in restricted userspace +environments without /proc mounted, as the existing atime mount +options of a filesystem can not be read from /proc/mounts. + +In practice this fixes user space that uses the default atime +setting on remount that are broken by the permission checks +keeping less privileged users from changing more privileged users +atime settings. + +Fix for CVE-2014-5206 and CVE-2014-5207 +Upstream-Status: backport + +Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> +Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> +Signed-off-by: Jiri Slaby <jslaby@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + fs/namespace.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/fs/namespace.c b/fs/namespace.c +index 7c67de8..4ea2b73 100644 +--- a/fs/namespace.c ++++ b/fs/namespace.c +@@ -2391,6 +2391,14 @@ long do_mount(const char *dev_name, const char *dir_name, + if (flags & MS_RDONLY) + mnt_flags |= MNT_READONLY; + ++ /* The default atime for remount is preservation */ ++ if ((flags & MS_REMOUNT) && ++ ((flags & (MS_NOATIME | MS_NODIRATIME | MS_RELATIME | ++ MS_STRICTATIME)) == 0)) { ++ mnt_flags &= ~MNT_ATIME_MASK; ++ mnt_flags |= path.mnt->mnt_flags & MNT_ATIME_MASK; ++ } ++ + flags &= ~(MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_ACTIVE | MS_BORN | + MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT | + MS_STRICTATIME); +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0005-mnt-CVE-2014-5206_CVE-2014-5207.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0005-mnt-CVE-2014-5206_CVE-2014-5207.patch new file mode 100644 index 00000000..caa89db4 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/0005-mnt-CVE-2014-5206_CVE-2014-5207.patch @@ -0,0 +1,324 @@ +From 4194b9700ce41ff2f7031aa0c6108c2539028ab5 Mon Sep 17 00:00:00 2001 +From: "Eric W. Biederman" <ebiederm@xmission.com> +Date: Tue, 29 Jul 2014 15:50:44 -0700 +Subject: [PATCH] mnt: Add tests for unprivileged remount cases that have found + to be faulty + +commit db181ce011e3c033328608299cd6fac06ea50130 upstream. + +Kenton Varda <kenton@sandstorm.io> discovered that by remounting a +read-only bind mount read-only in a user namespace the +MNT_LOCK_READONLY bit would be cleared, allowing an unprivileged user +to the remount a read-only mount read-write. + +Upon review of the code in remount it was discovered that the code allowed +nosuid, noexec, and nodev to be cleared. It was also discovered that +the code was allowing the per mount atime flags to be changed. + +The first naive patch to fix these issues contained the flaw that using +default atime settings when remounting a filesystem could be disallowed. + +To avoid this problems in the future add tests to ensure unprivileged +remounts are succeeding and failing at the appropriate times. + +Fix for CVE-2014-5206 and CVE-2014-5207 +Upstream-Status: backport + +Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> +Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> +Signed-off-by: Jiri Slaby <jslaby@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + tools/testing/selftests/Makefile | 1 + + tools/testing/selftests/mount/Makefile | 17 ++ + .../selftests/mount/unprivileged-remount-test.c | 242 +++++++++++++++++++++ + 3 files changed, 260 insertions(+) + create mode 100644 tools/testing/selftests/mount/Makefile + create mode 100644 tools/testing/selftests/mount/unprivileged-remount-test.c + +diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile +index 9f3eae2..2d9ab94 100644 +--- a/tools/testing/selftests/Makefile ++++ b/tools/testing/selftests/Makefile +@@ -4,6 +4,7 @@ TARGETS += efivarfs + TARGETS += kcmp + TARGETS += memory-hotplug + TARGETS += mqueue ++TARGETS += mount + TARGETS += net + TARGETS += ptrace + TARGETS += timers +diff --git a/tools/testing/selftests/mount/Makefile b/tools/testing/selftests/mount/Makefile +new file mode 100644 +index 0000000..337d853 +--- /dev/null ++++ b/tools/testing/selftests/mount/Makefile +@@ -0,0 +1,17 @@ ++# Makefile for mount selftests. ++ ++all: unprivileged-remount-test ++ ++unprivileged-remount-test: unprivileged-remount-test.c ++ gcc -Wall -O2 unprivileged-remount-test.c -o unprivileged-remount-test ++ ++# Allow specific tests to be selected. ++test_unprivileged_remount: unprivileged-remount-test ++ @if [ -f /proc/self/uid_map ] ; then ./unprivileged-remount-test ; fi ++ ++run_tests: all test_unprivileged_remount ++ ++clean: ++ rm -f unprivileged-remount-test ++ ++.PHONY: all test_unprivileged_remount +diff --git a/tools/testing/selftests/mount/unprivileged-remount-test.c b/tools/testing/selftests/mount/unprivileged-remount-test.c +new file mode 100644 +index 0000000..1b3ff2f +--- /dev/null ++++ b/tools/testing/selftests/mount/unprivileged-remount-test.c +@@ -0,0 +1,242 @@ ++#define _GNU_SOURCE ++#include <sched.h> ++#include <stdio.h> ++#include <errno.h> ++#include <string.h> ++#include <sys/types.h> ++#include <sys/mount.h> ++#include <sys/wait.h> ++#include <stdlib.h> ++#include <unistd.h> ++#include <fcntl.h> ++#include <grp.h> ++#include <stdbool.h> ++#include <stdarg.h> ++ ++#ifndef CLONE_NEWNS ++# define CLONE_NEWNS 0x00020000 ++#endif ++#ifndef CLONE_NEWUTS ++# define CLONE_NEWUTS 0x04000000 ++#endif ++#ifndef CLONE_NEWIPC ++# define CLONE_NEWIPC 0x08000000 ++#endif ++#ifndef CLONE_NEWNET ++# define CLONE_NEWNET 0x40000000 ++#endif ++#ifndef CLONE_NEWUSER ++# define CLONE_NEWUSER 0x10000000 ++#endif ++#ifndef CLONE_NEWPID ++# define CLONE_NEWPID 0x20000000 ++#endif ++ ++#ifndef MS_RELATIME ++#define MS_RELATIME (1 << 21) ++#endif ++#ifndef MS_STRICTATIME ++#define MS_STRICTATIME (1 << 24) ++#endif ++ ++static void die(char *fmt, ...) ++{ ++ va_list ap; ++ va_start(ap, fmt); ++ vfprintf(stderr, fmt, ap); ++ va_end(ap); ++ exit(EXIT_FAILURE); ++} ++ ++static void write_file(char *filename, char *fmt, ...) ++{ ++ char buf[4096]; ++ int fd; ++ ssize_t written; ++ int buf_len; ++ va_list ap; ++ ++ va_start(ap, fmt); ++ buf_len = vsnprintf(buf, sizeof(buf), fmt, ap); ++ va_end(ap); ++ if (buf_len < 0) { ++ die("vsnprintf failed: %s\n", ++ strerror(errno)); ++ } ++ if (buf_len >= sizeof(buf)) { ++ die("vsnprintf output truncated\n"); ++ } ++ ++ fd = open(filename, O_WRONLY); ++ if (fd < 0) { ++ die("open of %s failed: %s\n", ++ filename, strerror(errno)); ++ } ++ written = write(fd, buf, buf_len); ++ if (written != buf_len) { ++ if (written >= 0) { ++ die("short write to %s\n", filename); ++ } else { ++ die("write to %s failed: %s\n", ++ filename, strerror(errno)); ++ } ++ } ++ if (close(fd) != 0) { ++ die("close of %s failed: %s\n", ++ filename, strerror(errno)); ++ } ++} ++ ++static void create_and_enter_userns(void) ++{ ++ uid_t uid; ++ gid_t gid; ++ ++ uid = getuid(); ++ gid = getgid(); ++ ++ if (unshare(CLONE_NEWUSER) !=0) { ++ die("unshare(CLONE_NEWUSER) failed: %s\n", ++ strerror(errno)); ++ } ++ ++ write_file("/proc/self/uid_map", "0 %d 1", uid); ++ write_file("/proc/self/gid_map", "0 %d 1", gid); ++ ++ if (setgroups(0, NULL) != 0) { ++ die("setgroups failed: %s\n", ++ strerror(errno)); ++ } ++ if (setgid(0) != 0) { ++ die ("setgid(0) failed %s\n", ++ strerror(errno)); ++ } ++ if (setuid(0) != 0) { ++ die("setuid(0) failed %s\n", ++ strerror(errno)); ++ } ++} ++ ++static ++bool test_unpriv_remount(int mount_flags, int remount_flags, int invalid_flags) ++{ ++ pid_t child; ++ ++ child = fork(); ++ if (child == -1) { ++ die("fork failed: %s\n", ++ strerror(errno)); ++ } ++ if (child != 0) { /* parent */ ++ pid_t pid; ++ int status; ++ pid = waitpid(child, &status, 0); ++ if (pid == -1) { ++ die("waitpid failed: %s\n", ++ strerror(errno)); ++ } ++ if (pid != child) { ++ die("waited for %d got %d\n", ++ child, pid); ++ } ++ if (!WIFEXITED(status)) { ++ die("child did not terminate cleanly\n"); ++ } ++ return WEXITSTATUS(status) == EXIT_SUCCESS ? true : false; ++ } ++ ++ create_and_enter_userns(); ++ if (unshare(CLONE_NEWNS) != 0) { ++ die("unshare(CLONE_NEWNS) failed: %s\n", ++ strerror(errno)); ++ } ++ ++ if (mount("testing", "/tmp", "ramfs", mount_flags, NULL) != 0) { ++ die("mount of /tmp failed: %s\n", ++ strerror(errno)); ++ } ++ ++ create_and_enter_userns(); ++ ++ if (unshare(CLONE_NEWNS) != 0) { ++ die("unshare(CLONE_NEWNS) failed: %s\n", ++ strerror(errno)); ++ } ++ ++ if (mount("/tmp", "/tmp", "none", ++ MS_REMOUNT | MS_BIND | remount_flags, NULL) != 0) { ++ /* system("cat /proc/self/mounts"); */ ++ die("remount of /tmp failed: %s\n", ++ strerror(errno)); ++ } ++ ++ if (mount("/tmp", "/tmp", "none", ++ MS_REMOUNT | MS_BIND | invalid_flags, NULL) == 0) { ++ /* system("cat /proc/self/mounts"); */ ++ die("remount of /tmp with invalid flags " ++ "succeeded unexpectedly\n"); ++ } ++ exit(EXIT_SUCCESS); ++} ++ ++static bool test_unpriv_remount_simple(int mount_flags) ++{ ++ return test_unpriv_remount(mount_flags, mount_flags, 0); ++} ++ ++static bool test_unpriv_remount_atime(int mount_flags, int invalid_flags) ++{ ++ return test_unpriv_remount(mount_flags, mount_flags, invalid_flags); ++} ++ ++int main(int argc, char **argv) ++{ ++ if (!test_unpriv_remount_simple(MS_RDONLY|MS_NODEV)) { ++ die("MS_RDONLY malfunctions\n"); ++ } ++ if (!test_unpriv_remount_simple(MS_NODEV)) { ++ die("MS_NODEV malfunctions\n"); ++ } ++ if (!test_unpriv_remount_simple(MS_NOSUID|MS_NODEV)) { ++ die("MS_NOSUID malfunctions\n"); ++ } ++ if (!test_unpriv_remount_simple(MS_NOEXEC|MS_NODEV)) { ++ die("MS_NOEXEC malfunctions\n"); ++ } ++ if (!test_unpriv_remount_atime(MS_RELATIME|MS_NODEV, ++ MS_NOATIME|MS_NODEV)) ++ { ++ die("MS_RELATIME malfunctions\n"); ++ } ++ if (!test_unpriv_remount_atime(MS_STRICTATIME|MS_NODEV, ++ MS_NOATIME|MS_NODEV)) ++ { ++ die("MS_STRICTATIME malfunctions\n"); ++ } ++ if (!test_unpriv_remount_atime(MS_NOATIME|MS_NODEV, ++ MS_STRICTATIME|MS_NODEV)) ++ { ++ die("MS_RELATIME malfunctions\n"); ++ } ++ if (!test_unpriv_remount_atime(MS_RELATIME|MS_NODIRATIME|MS_NODEV, ++ MS_NOATIME|MS_NODEV)) ++ { ++ die("MS_RELATIME malfunctions\n"); ++ } ++ if (!test_unpriv_remount_atime(MS_STRICTATIME|MS_NODIRATIME|MS_NODEV, ++ MS_NOATIME|MS_NODEV)) ++ { ++ die("MS_RELATIME malfunctions\n"); ++ } ++ if (!test_unpriv_remount_atime(MS_NOATIME|MS_NODIRATIME|MS_NODEV, ++ MS_STRICTATIME|MS_NODEV)) ++ { ++ die("MS_RELATIME malfunctions\n"); ++ } ++ if (!test_unpriv_remount(MS_STRICTATIME|MS_NODEV, MS_NODEV, ++ MS_NOATIME|MS_NODEV)) ++ { ++ die("Default atime malfunctions\n"); ++ } ++ return EXIT_SUCCESS; ++} +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch b/meta-fsl-ppc/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch new file mode 100644 index 00000000..7d165356 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch @@ -0,0 +1,41 @@ +CVE-2014-5077 Kernel/SCTP: fix a NULL pointer dereference + +A NULL pointer dereference flaw was found in the way the +Linux kernel's Stream Control Transmission Protocol +(SCTP) implementation handled simultaneous connections +between the same hosts. A remote attacker could use this +flaw to crash the system. + +Upstream-Status: Backport (from v3.16, commit 1be9a950c646c) + +References: + - https://access.redhat.com/security/cve/CVE-2014-5077 + - http://patchwork.ozlabs.org/patch/372475/ + +Fixes: 730fc3d05cd4 ("[SCTP]: Implete SCTP-AUTH parameter processing") +Reported-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> +Signed-off-by: Daniel Borkmann <dborkman@redhat.com> +Tested-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> +Cc: Vlad Yasevich <vyasevich@gmail.com> +Acked-by: Vlad Yasevich <vyasevich@gmail.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +Signed-off-by: Liviu Gheorghisan <liviu.gheorghisan@enea.com> +--- + net/sctp/associola.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/net/sctp/associola.c b/net/sctp/associola.c +index 9de23a2..06a9ee6 100644 +--- a/net/sctp/associola.c ++++ b/net/sctp/associola.c +@@ -1097,6 +1097,7 @@ void sctp_assoc_update(struct sctp_association *asoc, + asoc->c = new->c; + asoc->peer.rwnd = new->peer.rwnd; + asoc->peer.sack_needed = new->peer.sack_needed; ++ asoc->peer.auth_capable = new->peer.auth_capable; + asoc->peer.i = new->peer.i; + sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL, + asoc->peer.i.initial_tsn, GFP_ATOMIC); +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/Fix-CVE-2014-5471_CVE-2014-5472.patch b/meta-fsl-ppc/recipes-kernel/linux/files/Fix-CVE-2014-5471_CVE-2014-5472.patch new file mode 100644 index 00000000..65107d63 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/Fix-CVE-2014-5471_CVE-2014-5472.patch @@ -0,0 +1,212 @@ +From 4488e1f5ef40441c9846b1d0a29152c208a05e66 Mon Sep 17 00:00:00 2001 +From: Jan Kara <jack@suse.cz> +Date: Sun, 17 Aug 2014 11:49:57 +0200 +Subject: [PATCH] isofs: Fix unbounded recursion when processing relocated + directories + +commit 410dd3cf4c9b36f27ed4542ee18b1af5e68645a4 upstream. + +We did not check relocated directory in any way when processing Rock +Ridge 'CL' tag. Thus a corrupted isofs image can possibly have a CL +entry pointing to another CL entry leading to possibly unbounded +recursion in kernel code and thus stack overflow or deadlocks (if there +is a loop created from CL entries). + +Fix the problem by not allowing CL entry to point to a directory entry +with CL entry (such use makes no good sense anyway) and by checking +whether CL entry doesn't point to itself. + +Upstream status: backported (from v3.12 e4ca8b780c82c04ec0) + +Reported-by: Chris Evans <cevans@google.com> +Signed-off-by: Jan Kara <jack@suse.cz> +Signed-off-by: Jiri Slaby <jslaby@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + fs/isofs/inode.c | 15 ++++++++------- + fs/isofs/isofs.h | 23 +++++++++++++++++++---- + fs/isofs/rock.c | 39 ++++++++++++++++++++++++++++----------- + 3 files changed, 55 insertions(+), 22 deletions(-) + +diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c +index e5d408a..2e2af97 100644 +--- a/fs/isofs/inode.c ++++ b/fs/isofs/inode.c +@@ -61,7 +61,7 @@ static void isofs_put_super(struct super_block *sb) + return; + } + +-static int isofs_read_inode(struct inode *); ++static int isofs_read_inode(struct inode *, int relocated); + static int isofs_statfs (struct dentry *, struct kstatfs *); + + static struct kmem_cache *isofs_inode_cachep; +@@ -1258,7 +1258,7 @@ out_toomany: + goto out; + } + +-static int isofs_read_inode(struct inode *inode) ++static int isofs_read_inode(struct inode *inode, int relocated) + { + struct super_block *sb = inode->i_sb; + struct isofs_sb_info *sbi = ISOFS_SB(sb); +@@ -1403,7 +1403,7 @@ static int isofs_read_inode(struct inode *inode) + */ + + if (!high_sierra) { +- parse_rock_ridge_inode(de, inode); ++ parse_rock_ridge_inode(de, inode, relocated); + /* if we want uid/gid set, override the rock ridge setting */ + if (sbi->s_uid_set) + inode->i_uid = sbi->s_uid; +@@ -1482,9 +1482,10 @@ static int isofs_iget5_set(struct inode *ino, void *data) + * offset that point to the underlying meta-data for the inode. The + * code below is otherwise similar to the iget() code in + * include/linux/fs.h */ +-struct inode *isofs_iget(struct super_block *sb, +- unsigned long block, +- unsigned long offset) ++struct inode *__isofs_iget(struct super_block *sb, ++ unsigned long block, ++ unsigned long offset, ++ int relocated) + { + unsigned long hashval; + struct inode *inode; +@@ -1506,7 +1507,7 @@ struct inode *isofs_iget(struct super_block *sb, + return ERR_PTR(-ENOMEM); + + if (inode->i_state & I_NEW) { +- ret = isofs_read_inode(inode); ++ ret = isofs_read_inode(inode, relocated); + if (ret < 0) { + iget_failed(inode); + inode = ERR_PTR(ret); +diff --git a/fs/isofs/isofs.h b/fs/isofs/isofs.h +index 9916723..0ac4c1f 100644 +--- a/fs/isofs/isofs.h ++++ b/fs/isofs/isofs.h +@@ -107,7 +107,7 @@ extern int iso_date(char *, int); + + struct inode; /* To make gcc happy */ + +-extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *); ++extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *, int relocated); + extern int get_rock_ridge_filename(struct iso_directory_record *, char *, struct inode *); + extern int isofs_name_translate(struct iso_directory_record *, char *, struct inode *); + +@@ -118,9 +118,24 @@ extern struct dentry *isofs_lookup(struct inode *, struct dentry *, unsigned int + extern struct buffer_head *isofs_bread(struct inode *, sector_t); + extern int isofs_get_blocks(struct inode *, sector_t, struct buffer_head **, unsigned long); + +-extern struct inode *isofs_iget(struct super_block *sb, +- unsigned long block, +- unsigned long offset); ++struct inode *__isofs_iget(struct super_block *sb, ++ unsigned long block, ++ unsigned long offset, ++ int relocated); ++ ++static inline struct inode *isofs_iget(struct super_block *sb, ++ unsigned long block, ++ unsigned long offset) ++{ ++ return __isofs_iget(sb, block, offset, 0); ++} ++ ++static inline struct inode *isofs_iget_reloc(struct super_block *sb, ++ unsigned long block, ++ unsigned long offset) ++{ ++ return __isofs_iget(sb, block, offset, 1); ++} + + /* Because the inode number is no longer relevant to finding the + * underlying meta-data for an inode, we are free to choose a more +diff --git a/fs/isofs/rock.c b/fs/isofs/rock.c +index c0bf424..f488bba 100644 +--- a/fs/isofs/rock.c ++++ b/fs/isofs/rock.c +@@ -288,12 +288,16 @@ eio: + goto out; + } + ++#define RR_REGARD_XA 1 ++#define RR_RELOC_DE 2 ++ + static int + parse_rock_ridge_inode_internal(struct iso_directory_record *de, +- struct inode *inode, int regard_xa) ++ struct inode *inode, int flags) + { + int symlink_len = 0; + int cnt, sig; ++ unsigned int reloc_block; + struct inode *reloc; + struct rock_ridge *rr; + int rootflag; +@@ -305,7 +309,7 @@ parse_rock_ridge_inode_internal(struct iso_directory_record *de, + + init_rock_state(&rs, inode); + setup_rock_ridge(de, inode, &rs); +- if (regard_xa) { ++ if (flags & RR_REGARD_XA) { + rs.chr += 14; + rs.len -= 14; + if (rs.len < 0) +@@ -485,12 +489,22 @@ repeat: + "relocated directory\n"); + goto out; + case SIG('C', 'L'): +- ISOFS_I(inode)->i_first_extent = +- isonum_733(rr->u.CL.location); +- reloc = +- isofs_iget(inode->i_sb, +- ISOFS_I(inode)->i_first_extent, +- 0); ++ if (flags & RR_RELOC_DE) { ++ printk(KERN_ERR ++ "ISOFS: Recursive directory relocation " ++ "is not supported\n"); ++ goto eio; ++ } ++ reloc_block = isonum_733(rr->u.CL.location); ++ if (reloc_block == ISOFS_I(inode)->i_iget5_block && ++ ISOFS_I(inode)->i_iget5_offset == 0) { ++ printk(KERN_ERR ++ "ISOFS: Directory relocation points to " ++ "itself\n"); ++ goto eio; ++ } ++ ISOFS_I(inode)->i_first_extent = reloc_block; ++ reloc = isofs_iget_reloc(inode->i_sb, reloc_block, 0); + if (IS_ERR(reloc)) { + ret = PTR_ERR(reloc); + goto out; +@@ -637,9 +651,11 @@ static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr, char *plimit) + return rpnt; + } + +-int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode) ++int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode, ++ int relocated) + { +- int result = parse_rock_ridge_inode_internal(de, inode, 0); ++ int flags = relocated ? RR_RELOC_DE : 0; ++ int result = parse_rock_ridge_inode_internal(de, inode, flags); + + /* + * if rockridge flag was reset and we didn't look for attributes +@@ -647,7 +663,8 @@ int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode) + */ + if ((ISOFS_SB(inode->i_sb)->s_rock_offset == -1) + && (ISOFS_SB(inode->i_sb)->s_rock == 2)) { +- result = parse_rock_ridge_inode_internal(de, inode, 14); ++ result = parse_rock_ridge_inode_internal(de, inode, ++ flags | RR_REGARD_XA); + } + return result; + } +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch b/meta-fsl-ppc/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch new file mode 100644 index 00000000..1ae600fb --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch @@ -0,0 +1,47 @@ +fs: umount on symlink leaks mnt count + +commit 295dc39d941dc2ae53d5c170365af4c9d5c16212 upstream. + +Currently umount on symlink blocks following umount: + +/vz is separate mount + +drwxr-xr-x. 2 root root 4096 Jul 19 01:14 testdir +lrwxrwxrwx. 1 root root 11 Jul 19 01:16 testlink -> /vz/testdir +umount: /vz/testlink: not mounted (expected) + +umount: /vz: device is busy. (unexpected) + +In this case mountpoint_last() gets an extra refcount on path->mnt + +Upstream-Status: Backport + +Signed-off-by: Vasily Averin <vvs@openvz.org> +Acked-by: Ian Kent <raven@themaw.net> +Acked-by: Jeff Layton <jlayton@primarydata.com> +Cc: stable@vger.kernel.org +Signed-off-by: Christoph Hellwig <hch@lst.de> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + fs/namei.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/fs/namei.c b/fs/namei.c +index 187cacf..c199dcc 100644 +--- a/fs/namei.c ++++ b/fs/namei.c +@@ -2280,9 +2280,10 @@ done: + goto out; + } + path->dentry = dentry; +- path->mnt = mntget(nd->path.mnt); ++ path->mnt = nd->path.mnt; + if (should_follow_link(dentry->d_inode, nd->flags & LOOKUP_FOLLOW)) + return 1; ++ mntget(path->mnt); + follow_mount(path); + error = 0; + out: +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/auditsc-CVE-2014-3917.patch b/meta-fsl-ppc/recipes-kernel/linux/files/auditsc-CVE-2014-3917.patch new file mode 100644 index 00000000..a0bdc271 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/auditsc-CVE-2014-3917.patch @@ -0,0 +1,91 @@ +From 6004b0e5ac2e8e9e1bb0f012dc9242e03cca95df Mon Sep 17 00:00:00 2001 +From: Andy Lutomirski <luto@amacapital.net> +Date: Wed, 28 May 2014 23:09:58 -0400 +Subject: [PATCH] auditsc: audit_krule mask accesses need bounds checking + +commit a3c54931199565930d6d84f4c3456f6440aefd41 upstream. + +Fixes an easy DoS and possible information disclosure. + +This does nothing about the broken state of x32 auditing. + +eparis: If the admin has enabled auditd and has specifically loaded +audit rules. This bug has been around since before git. Wow... + +This fixes CVE-2014-3917 +Upstream-Status: Backport + +Signed-off-by: Andy Lutomirski <luto@amacapital.net> +Signed-off-by: Eric Paris <eparis@redhat.com> +Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> +Signed-off-by: Jiri Slaby <jslaby@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + kernel/auditsc.c | 27 ++++++++++++++++++--------- + 1 file changed, 18 insertions(+), 9 deletions(-) + +diff --git a/kernel/auditsc.c b/kernel/auditsc.c +index 3b79a47..979c00b 100644 +--- a/kernel/auditsc.c ++++ b/kernel/auditsc.c +@@ -733,6 +733,22 @@ static enum audit_state audit_filter_task(struct task_struct *tsk, char **key) + return AUDIT_BUILD_CONTEXT; + } + ++static int audit_in_mask(const struct audit_krule *rule, unsigned long val) ++{ ++ int word, bit; ++ ++ if (val > 0xffffffff) ++ return false; ++ ++ word = AUDIT_WORD(val); ++ if (word >= AUDIT_BITMASK_SIZE) ++ return false; ++ ++ bit = AUDIT_BIT(val); ++ ++ return rule->mask[word] & bit; ++} ++ + /* At syscall entry and exit time, this filter is called if the + * audit_state is not low enough that auditing cannot take place, but is + * also not high enough that we already know we have to write an audit +@@ -750,11 +766,8 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk, + + rcu_read_lock(); + if (!list_empty(list)) { +- int word = AUDIT_WORD(ctx->major); +- int bit = AUDIT_BIT(ctx->major); +- + list_for_each_entry_rcu(e, list, list) { +- if ((e->rule.mask[word] & bit) == bit && ++ if (audit_in_mask(&e->rule, ctx->major) && + audit_filter_rules(tsk, &e->rule, ctx, NULL, + &state, false)) { + rcu_read_unlock(); +@@ -774,20 +787,16 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk, + static int audit_filter_inode_name(struct task_struct *tsk, + struct audit_names *n, + struct audit_context *ctx) { +- int word, bit; + int h = audit_hash_ino((u32)n->ino); + struct list_head *list = &audit_inode_hash[h]; + struct audit_entry *e; + enum audit_state state; + +- word = AUDIT_WORD(ctx->major); +- bit = AUDIT_BIT(ctx->major); +- + if (list_empty(list)) + return 0; + + list_for_each_entry_rcu(e, list, list) { +- if ((e->rule.mask[word] & bit) == bit && ++ if (audit_in_mask(&e->rule, ctx->major) && + audit_filter_rules(tsk, &e->rule, ctx, n, &state, false)) { + ctx->current_state = state; + return 1; +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/eCryptfs-CVE-2014-9683.patch b/meta-fsl-ppc/recipes-kernel/linux/files/eCryptfs-CVE-2014-9683.patch new file mode 100644 index 00000000..0cd9c958 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/eCryptfs-CVE-2014-9683.patch @@ -0,0 +1,41 @@ +From 8ffea99d6f2be99790611282f326da95a84a8cab Mon Sep 17 00:00:00 2001 +From: Michael Halcrow <mhalcrow@google.com> +Date: Wed, 26 Nov 2014 09:09:16 -0800 +Subject: [PATCH] eCryptfs: Remove buggy and unnecessary write in file name + decode routine + +commit 942080643bce061c3dd9d5718d3b745dcb39a8bc upstream. + +Dmitry Chernenkov used KASAN to discover that eCryptfs writes past the +end of the allocated buffer during encrypted filename decoding. This +fix corrects the issue by getting rid of the unnecessary 0 write when +the current bit offset is 2. + +Fixes CVE-2014-9683 +Upstream-Status: Backport + +Signed-off-by: Michael Halcrow <mhalcrow@google.com> +Reported-by: Dmitry Chernenkov <dmitryc@google.com> +Suggested-by: Kees Cook <keescook@chromium.org> +Signed-off-by: Tyler Hicks <tyhicks@canonical.com> +Signed-off-by: Jiri Slaby <jslaby@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + fs/ecryptfs/crypto.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c +index 000eae2..bf926f7 100644 +--- a/fs/ecryptfs/crypto.c ++++ b/fs/ecryptfs/crypto.c +@@ -1917,7 +1917,6 @@ ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size, + break; + case 2: + dst[dst_byte_offset++] |= (src_byte); +- dst[dst_byte_offset] = 0; + current_bit_offset = 0; + break; + } +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/fs-CVE-2014-4014.patch b/meta-fsl-ppc/recipes-kernel/linux/files/fs-CVE-2014-4014.patch new file mode 100644 index 00000000..a61ae4cb --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/fs-CVE-2014-4014.patch @@ -0,0 +1,210 @@ +From 2246a472bce19c0d373fb5488a0e612e3328ce0a Mon Sep 17 00:00:00 2001 +From: Andy Lutomirski <luto@amacapital.net> +Date: Tue, 10 Jun 2014 12:45:42 -0700 +Subject: [PATCH] fs,userns: Change inode_capable to capable_wrt_inode_uidgid + +commit 23adbe12ef7d3d4195e80800ab36b37bee28cd03 upstream. + +The kernel has no concept of capabilities with respect to inodes; inodes +exist independently of namespaces. For example, inode_capable(inode, +CAP_LINUX_IMMUTABLE) would be nonsense. + +This patch changes inode_capable to check for uid and gid mappings and +renames it to capable_wrt_inode_uidgid, which should make it more +obvious what it does. + +Fixes CVE-2014-4014. +Upstream-Status: Backport + +Cc: Theodore Ts'o <tytso@mit.edu> +Cc: Serge Hallyn <serge.hallyn@ubuntu.com> +Cc: "Eric W. Biederman" <ebiederm@xmission.com> +Cc: Dave Chinner <david@fromorbit.com> +Signed-off-by: Andy Lutomirski <luto@amacapital.net> +Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> +Signed-off-by: Jiri Slaby <jslaby@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + fs/attr.c | 8 ++++---- + fs/inode.c | 10 +++++++--- + fs/namei.c | 11 ++++++----- + fs/xfs/xfs_ioctl.c | 2 +- + include/linux/capability.h | 2 +- + kernel/capability.c | 20 ++++++++------------ + 6 files changed, 27 insertions(+), 26 deletions(-) + +diff --git a/fs/attr.c b/fs/attr.c +index 8dd5825..66fa625 100644 +--- a/fs/attr.c ++++ b/fs/attr.c +@@ -50,14 +50,14 @@ int inode_change_ok(const struct inode *inode, struct iattr *attr) + if ((ia_valid & ATTR_UID) && + (!uid_eq(current_fsuid(), inode->i_uid) || + !uid_eq(attr->ia_uid, inode->i_uid)) && +- !inode_capable(inode, CAP_CHOWN)) ++ !capable_wrt_inode_uidgid(inode, CAP_CHOWN)) + return -EPERM; + + /* Make sure caller can chgrp. */ + if ((ia_valid & ATTR_GID) && + (!uid_eq(current_fsuid(), inode->i_uid) || + (!in_group_p(attr->ia_gid) && !gid_eq(attr->ia_gid, inode->i_gid))) && +- !inode_capable(inode, CAP_CHOWN)) ++ !capable_wrt_inode_uidgid(inode, CAP_CHOWN)) + return -EPERM; + + /* Make sure a caller can chmod. */ +@@ -67,7 +67,7 @@ int inode_change_ok(const struct inode *inode, struct iattr *attr) + /* Also check the setgid bit! */ + if (!in_group_p((ia_valid & ATTR_GID) ? attr->ia_gid : + inode->i_gid) && +- !inode_capable(inode, CAP_FSETID)) ++ !capable_wrt_inode_uidgid(inode, CAP_FSETID)) + attr->ia_mode &= ~S_ISGID; + } + +@@ -160,7 +160,7 @@ void setattr_copy(struct inode *inode, const struct iattr *attr) + umode_t mode = attr->ia_mode; + + if (!in_group_p(inode->i_gid) && +- !inode_capable(inode, CAP_FSETID)) ++ !capable_wrt_inode_uidgid(inode, CAP_FSETID)) + mode &= ~S_ISGID; + inode->i_mode = mode; + } +diff --git a/fs/inode.c b/fs/inode.c +index b33ba8e..1e6e846 100644 +--- a/fs/inode.c ++++ b/fs/inode.c +@@ -1808,14 +1808,18 @@ EXPORT_SYMBOL(inode_init_owner); + * inode_owner_or_capable - check current task permissions to inode + * @inode: inode being checked + * +- * Return true if current either has CAP_FOWNER to the inode, or +- * owns the file. ++ * Return true if current either has CAP_FOWNER in a namespace with the ++ * inode owner uid mapped, or owns the file. + */ + bool inode_owner_or_capable(const struct inode *inode) + { ++ struct user_namespace *ns; ++ + if (uid_eq(current_fsuid(), inode->i_uid)) + return true; +- if (inode_capable(inode, CAP_FOWNER)) ++ ++ ns = current_user_ns(); ++ if (ns_capable(ns, CAP_FOWNER) && kuid_has_mapping(ns, inode->i_uid)) + return true; + return false; + } +diff --git a/fs/namei.c b/fs/namei.c +index 187cacf..338d08b 100644 +--- a/fs/namei.c ++++ b/fs/namei.c +@@ -321,10 +321,11 @@ int generic_permission(struct inode *inode, int mask) + + if (S_ISDIR(inode->i_mode)) { + /* DACs are overridable for directories */ +- if (inode_capable(inode, CAP_DAC_OVERRIDE)) ++ if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE)) + return 0; + if (!(mask & MAY_WRITE)) +- if (inode_capable(inode, CAP_DAC_READ_SEARCH)) ++ if (capable_wrt_inode_uidgid(inode, ++ CAP_DAC_READ_SEARCH)) + return 0; + return -EACCES; + } +@@ -334,7 +335,7 @@ int generic_permission(struct inode *inode, int mask) + * at least one exec bit set. + */ + if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO)) +- if (inode_capable(inode, CAP_DAC_OVERRIDE)) ++ if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE)) + return 0; + + /* +@@ -342,7 +343,7 @@ int generic_permission(struct inode *inode, int mask) + */ + mask &= MAY_READ | MAY_WRITE | MAY_EXEC; + if (mask == MAY_READ) +- if (inode_capable(inode, CAP_DAC_READ_SEARCH)) ++ if (capable_wrt_inode_uidgid(inode, CAP_DAC_READ_SEARCH)) + return 0; + + return -EACCES; +@@ -2404,7 +2405,7 @@ static inline int check_sticky(struct inode *dir, struct inode *inode) + return 0; + if (uid_eq(dir->i_uid, fsuid)) + return 0; +- return !inode_capable(inode, CAP_FOWNER); ++ return !capable_wrt_inode_uidgid(inode, CAP_FOWNER); + } + + /* +diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c +index 8c8ef24..52b5375 100644 +--- a/fs/xfs/xfs_ioctl.c ++++ b/fs/xfs/xfs_ioctl.c +@@ -1133,7 +1133,7 @@ xfs_ioctl_setattr( + * cleared upon successful return from chown() + */ + if ((ip->i_d.di_mode & (S_ISUID|S_ISGID)) && +- !inode_capable(VFS_I(ip), CAP_FSETID)) ++ !capable_wrt_inode_uidgid(VFS_I(ip), CAP_FSETID)) + ip->i_d.di_mode &= ~(S_ISUID|S_ISGID); + + /* +diff --git a/include/linux/capability.h b/include/linux/capability.h +index a6ee1f9..84b13ad 100644 +--- a/include/linux/capability.h ++++ b/include/linux/capability.h +@@ -210,7 +210,7 @@ extern bool has_ns_capability_noaudit(struct task_struct *t, + struct user_namespace *ns, int cap); + extern bool capable(int cap); + extern bool ns_capable(struct user_namespace *ns, int cap); +-extern bool inode_capable(const struct inode *inode, int cap); ++extern bool capable_wrt_inode_uidgid(const struct inode *inode, int cap); + extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap); + + /* audit system wants to get cap info from files as well */ +diff --git a/kernel/capability.c b/kernel/capability.c +index 4e66bf9..788653b 100644 +--- a/kernel/capability.c ++++ b/kernel/capability.c +@@ -433,23 +433,19 @@ bool capable(int cap) + EXPORT_SYMBOL(capable); + + /** +- * inode_capable - Check superior capability over inode ++ * capable_wrt_inode_uidgid - Check nsown_capable and uid and gid mapped + * @inode: The inode in question + * @cap: The capability in question + * +- * Return true if the current task has the given superior capability +- * targeted at it's own user namespace and that the given inode is owned +- * by the current user namespace or a child namespace. +- * +- * Currently we check to see if an inode is owned by the current +- * user namespace by seeing if the inode's owner maps into the +- * current user namespace. +- * ++ * Return true if the current task has the given capability targeted at ++ * its own user namespace and that the given inode's uid and gid are ++ * mapped into the current user namespace. + */ +-bool inode_capable(const struct inode *inode, int cap) ++bool capable_wrt_inode_uidgid(const struct inode *inode, int cap) + { + struct user_namespace *ns = current_user_ns(); + +- return ns_capable(ns, cap) && kuid_has_mapping(ns, inode->i_uid); ++ return ns_capable(ns, cap) && kuid_has_mapping(ns, inode->i_uid) && ++ kgid_has_mapping(ns, inode->i_gid); + } +-EXPORT_SYMBOL(inode_capable); ++EXPORT_SYMBOL(capable_wrt_inode_uidgid); +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/mm-2014-3122.patch b/meta-fsl-ppc/recipes-kernel/linux/files/mm-2014-3122.patch new file mode 100644 index 00000000..590af0a6 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/mm-2014-3122.patch @@ -0,0 +1,98 @@ +From 77552735ba84a410447af7e3375625eb4cfd577b Mon Sep 17 00:00:00 2001 +From: Vlastimil Babka <vbabka@suse.cz> +Date: Mon, 7 Apr 2014 15:37:50 -0700 +Subject: [PATCH] mm: try_to_unmap_cluster() should lock_page() before mlocking + +commit 57e68e9cd65b4b8eb4045a1e0d0746458502554c upstream. + +A BUG_ON(!PageLocked) was triggered in mlock_vma_page() by Sasha Levin +fuzzing with trinity. The call site try_to_unmap_cluster() does not lock +the pages other than its check_page parameter (which is already locked). + +The BUG_ON in mlock_vma_page() is not documented and its purpose is +somewhat unclear, but apparently it serializes against page migration, +which could otherwise fail to transfer the PG_mlocked flag. This would +not be fatal, as the page would be eventually encountered again, but +NR_MLOCK accounting would become distorted nevertheless. This patch adds +a comment to the BUG_ON in mlock_vma_page() and munlock_vma_page() to that +effect. + +The call site try_to_unmap_cluster() is fixed so that for page != +check_page, trylock_page() is attempted (to avoid possible deadlocks as we +already have check_page locked) and mlock_vma_page() is performed only +upon success. If the page lock cannot be obtained, the page is left +without PG_mlocked, which is again not a problem in the whole unevictable +memory design. + +Fixes CVE-2014-3122 +Upstream-Status: Backport + +Signed-off-by: Vlastimil Babka <vbabka@suse.cz> +Signed-off-by: Bob Liu <bob.liu@oracle.com> +Reported-by: Sasha Levin <sasha.levin@oracle.com> +Cc: Wanpeng Li <liwanp@linux.vnet.ibm.com> +Cc: Michel Lespinasse <walken@google.com> +Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> +Acked-by: Rik van Riel <riel@redhat.com> +Cc: David Rientjes <rientjes@google.com> +Cc: Mel Gorman <mgorman@suse.de> +Cc: Hugh Dickins <hughd@google.com> +Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com> +Signed-off-by: Andrew Morton <akpm@linux-foundation.org> +Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + mm/mlock.c | 2 ++ + mm/rmap.c | 14 ++++++++++++-- + 2 files changed, 14 insertions(+), 2 deletions(-) + +diff --git a/mm/mlock.c b/mm/mlock.c +index 79b7cf7..713e462 100644 +--- a/mm/mlock.c ++++ b/mm/mlock.c +@@ -76,6 +76,7 @@ void clear_page_mlock(struct page *page) + */ + void mlock_vma_page(struct page *page) + { ++ /* Serialize with page migration */ + BUG_ON(!PageLocked(page)); + + if (!TestSetPageMlocked(page)) { +@@ -106,6 +107,7 @@ unsigned int munlock_vma_page(struct page *page) + { + unsigned int page_mask = 0; + ++ /* For try_to_munlock() and to serialize with page migration */ + BUG_ON(!PageLocked(page)); + + if (TestClearPageMlocked(page)) { +diff --git a/mm/rmap.c b/mm/rmap.c +index 3f60774..fbf0040 100644 +--- a/mm/rmap.c ++++ b/mm/rmap.c +@@ -1390,9 +1390,19 @@ static int try_to_unmap_cluster(unsigned long cursor, unsigned int *mapcount, + BUG_ON(!page || PageAnon(page)); + + if (locked_vma) { +- mlock_vma_page(page); /* no-op if already mlocked */ +- if (page == check_page) ++ if (page == check_page) { ++ /* we know we have check_page locked */ ++ mlock_vma_page(page); + ret = SWAP_MLOCK; ++ } else if (trylock_page(page)) { ++ /* ++ * If we can lock the page, perform mlock. ++ * Otherwise leave the page alone, it will be ++ * eventually encountered again later. ++ */ ++ mlock_vma_page(page); ++ unlock_page(page); ++ } + continue; /* don't unmap */ + } + +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/modify-defconfig-t1040-nr-cpus.patch b/meta-fsl-ppc/recipes-kernel/linux/files/modify-defconfig-t1040-nr-cpus.patch new file mode 100644 index 00000000..635c2bb5 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/modify-defconfig-t1040-nr-cpus.patch @@ -0,0 +1,47 @@ +From 8545129540a5862b22aad03badb2a9f93bf29117 Mon Sep 17 00:00:00 2001 +From: Bob Cochran <yocto@mindchasers.com> +Date: Mon, 3 Nov 2014 22:45:35 -0500 +Subject: [meta-fsl-ppc][PATCH] linux-qoriq: Change defconfig for T1040 to + match number of CPUS + +Having a number higher than necessary for NR_CPUS wastes memory by +instantiating unnecessary structures in RAM. An example is in the DPAA where +DPAA_ETH_TX_QUEUES is defined based on NR_CPUS and used to create +dozens of extra qman_fq structures. Using the prior value of 24, which was +left over from the T4240 created an additonal 60 frame queue structures alone. + +This has been tested on t1040rdb-64b. . + +Signed-off-by: Bob Cochran <yocto@mindchasers.com> +--- + arch/powerpc/configs/corenet32_fmanv3_smp_defconfig | 2 +- + arch/powerpc/configs/corenet64_fmanv3_smp_defconfig | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/powerpc/configs/corenet32_fmanv3_smp_defconfig b/arch/powerpc/configs/corenet32_fmanv3_smp_defconfig +index a401e7c..5542248 100644 +--- a/arch/powerpc/configs/corenet32_fmanv3_smp_defconfig ++++ b/arch/powerpc/configs/corenet32_fmanv3_smp_defconfig +@@ -1,6 +1,6 @@ + CONFIG_PPC_85xx=y + CONFIG_SMP=y +-CONFIG_NR_CPUS=8 ++CONFIG_NR_CPUS=4 + CONFIG_EXPERIMENTAL=y + CONFIG_SYSVIPC=y + CONFIG_POSIX_MQUEUE=y +diff --git a/arch/powerpc/configs/corenet64_fmanv3_smp_defconfig b/arch/powerpc/configs/corenet64_fmanv3_smp_defconfig +index 1b987d9..bc0dacf 100644 +--- a/arch/powerpc/configs/corenet64_fmanv3_smp_defconfig ++++ b/arch/powerpc/configs/corenet64_fmanv3_smp_defconfig +@@ -2,7 +2,7 @@ CONFIG_PPC64=y + CONFIG_PPC_BOOK3E_64=y + CONFIG_ALTIVEC=y + CONFIG_SMP=y +-CONFIG_NR_CPUS=24 ++CONFIG_NR_CPUS=4 + CONFIG_SYSVIPC=y + CONFIG_POSIX_MQUEUE=y + CONFIG_IRQ_DOMAIN_DEBUG=y +-- +1.7.9.5 diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/net-sctp-CVE-2014-0101.patch b/meta-fsl-ppc/recipes-kernel/linux/files/net-sctp-CVE-2014-0101.patch new file mode 100644 index 00000000..6fc5610e --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/net-sctp-CVE-2014-0101.patch @@ -0,0 +1,145 @@ +From 00c53b02cb01976b35d37670a4b5c5d7a6ad3c62 Mon Sep 17 00:00:00 2001 +From: Daniel Borkmann <dborkman@redhat.com> +Date: Mon, 3 Mar 2014 17:23:04 +0100 +Subject: [PATCH] net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is + AUTH capable + +[ Upstream commit ec0223ec48a90cb605244b45f7c62de856403729 ] + +RFC4895 introduced AUTH chunks for SCTP; during the SCTP +handshake RANDOM; CHUNKS; HMAC-ALGO are negotiated (CHUNKS +being optional though): + + ---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ----------> + <------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] --------- + -------------------- COOKIE-ECHO --------------------> + <-------------------- COOKIE-ACK --------------------- + +A special case is when an endpoint requires COOKIE-ECHO +chunks to be authenticated: + + ---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ----------> + <------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] --------- + ------------------ AUTH; COOKIE-ECHO ----------------> + <-------------------- COOKIE-ACK --------------------- + +RFC4895, section 6.3. Receiving Authenticated Chunks says: + + The receiver MUST use the HMAC algorithm indicated in + the HMAC Identifier field. If this algorithm was not + specified by the receiver in the HMAC-ALGO parameter in + the INIT or INIT-ACK chunk during association setup, the + AUTH chunk and all the chunks after it MUST be discarded + and an ERROR chunk SHOULD be sent with the error cause + defined in Section 4.1. [...] If no endpoint pair shared + key has been configured for that Shared Key Identifier, + all authenticated chunks MUST be silently discarded. [...] + + When an endpoint requires COOKIE-ECHO chunks to be + authenticated, some special procedures have to be followed + because the reception of a COOKIE-ECHO chunk might result + in the creation of an SCTP association. If a packet arrives + containing an AUTH chunk as a first chunk, a COOKIE-ECHO + chunk as the second chunk, and possibly more chunks after + them, and the receiver does not have an STCB for that + packet, then authentication is based on the contents of + the COOKIE-ECHO chunk. In this situation, the receiver MUST + authenticate the chunks in the packet by using the RANDOM + parameters, CHUNKS parameters and HMAC_ALGO parameters + obtained from the COOKIE-ECHO chunk, and possibly a local + shared secret as inputs to the authentication procedure + specified in Section 6.3. If authentication fails, then + the packet is discarded. If the authentication is successful, + the COOKIE-ECHO and all the chunks after the COOKIE-ECHO + MUST be processed. If the receiver has an STCB, it MUST + process the AUTH chunk as described above using the STCB + from the existing association to authenticate the + COOKIE-ECHO chunk and all the chunks after it. [...] + +Commit bbd0d59809f9 introduced the possibility to receive +and verification of AUTH chunk, including the edge case for +authenticated COOKIE-ECHO. On reception of COOKIE-ECHO, +the function sctp_sf_do_5_1D_ce() handles processing, +unpacks and creates a new association if it passed sanity +checks and also tests for authentication chunks being +present. After a new association has been processed, it +invokes sctp_process_init() on the new association and +walks through the parameter list it received from the INIT +chunk. It checks SCTP_PARAM_RANDOM, SCTP_PARAM_HMAC_ALGO +and SCTP_PARAM_CHUNKS, and copies them into asoc->peer +meta data (peer_random, peer_hmacs, peer_chunks) in case +sysctl -w net.sctp.auth_enable=1 is set. If in INIT's +SCTP_PARAM_SUPPORTED_EXT parameter SCTP_CID_AUTH is set, +peer_random != NULL and peer_hmacs != NULL the peer is to be +assumed asoc->peer.auth_capable=1, in any other case +asoc->peer.auth_capable=0. + +Now, if in sctp_sf_do_5_1D_ce() chunk->auth_chunk is +available, we set up a fake auth chunk and pass that on to +sctp_sf_authenticate(), which at latest in +sctp_auth_calculate_hmac() reliably dereferences a NULL pointer +at position 0..0008 when setting up the crypto key in +crypto_hash_setkey() by using asoc->asoc_shared_key that is +NULL as condition key_id == asoc->active_key_id is true if +the AUTH chunk was injected correctly from remote. This +happens no matter what net.sctp.auth_enable sysctl says. + +The fix is to check for net->sctp.auth_enable and for +asoc->peer.auth_capable before doing any operations like +sctp_sf_authenticate() as no key is activated in +sctp_auth_asoc_init_active_key() for each case. + +Now as RFC4895 section 6.3 states that if the used HMAC-ALGO +passed from the INIT chunk was not used in the AUTH chunk, we +SHOULD send an error; however in this case it would be better +to just silently discard such a maliciously prepared handshake +as we didn't even receive a parameter at all. Also, as our +endpoint has no shared key configured, section 6.3 says that +MUST silently discard, which we are doing from now onwards. + +Before calling sctp_sf_pdiscard(), we need not only to free +the association, but also the chunk->auth_chunk skb, as +commit bbd0d59809f9 created a skb clone in that case. + +I have tested this locally by using netfilter's nfqueue and +re-injecting packets into the local stack after maliciously +modifying the INIT chunk (removing RANDOM; HMAC-ALGO param) +and the SCTP packet containing the COOKIE_ECHO (injecting +AUTH chunk before COOKIE_ECHO). Fixed with this patch applied. + +This fixes CVE-2014-0101 +Upstream-Status: Backport + +Fixes: bbd0d59809f9 ("[SCTP]: Implement the receive and verification of AUTH chunk") +Signed-off-by: Daniel Borkmann <dborkman@redhat.com> +Cc: Vlad Yasevich <yasevich@gmail.com> +Cc: Neil Horman <nhorman@tuxdriver.com> +Acked-by: Vlad Yasevich <vyasevich@gmail.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +Signed-off-by: Jiri Slaby <jslaby@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + net/sctp/sm_statefuns.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c +index dfe3f36..56ebe71 100644 +--- a/net/sctp/sm_statefuns.c ++++ b/net/sctp/sm_statefuns.c +@@ -759,6 +759,13 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(struct net *net, + struct sctp_chunk auth; + sctp_ierror_t ret; + ++ /* Make sure that we and the peer are AUTH capable */ ++ if (!net->sctp.auth_enable || !new_asoc->peer.auth_capable) { ++ kfree_skb(chunk->auth_chunk); ++ sctp_association_free(new_asoc); ++ return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); ++ } ++ + /* set-up our fake chunk so that we can process it */ + auth.skb = chunk->auth_chunk; + auth.asoc = chunk->asoc; +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/powerpc-Fix-64-bit-builds-with-binutils-2.24.patch b/meta-fsl-ppc/recipes-kernel/linux/files/powerpc-Fix-64-bit-builds-with-binutils-2.24.patch new file mode 100644 index 00000000..2fdcc9fb --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/powerpc-Fix-64-bit-builds-with-binutils-2.24.patch @@ -0,0 +1,80 @@ +From 7998eb3dc700aaf499f93f50b3d77da834ef9e1d Mon Sep 17 00:00:00 2001 +From: Guenter Roeck <linux@roeck-us.net> +Date: Thu, 15 May 2014 09:33:42 -0700 +Subject: powerpc: Fix 64 bit builds with binutils 2.24 + +Upstream-Status: Backport + +With binutils 2.24, various 64 bit builds fail with relocation errors +such as + +arch/powerpc/kernel/built-in.o: In function `exc_debug_crit_book3e': + (.text+0x165ee): relocation truncated to fit: R_PPC64_ADDR16_HI + against symbol `interrupt_base_book3e' defined in .text section + in arch/powerpc/kernel/built-in.o +arch/powerpc/kernel/built-in.o: In function `exc_debug_crit_book3e': + (.text+0x16602): relocation truncated to fit: R_PPC64_ADDR16_HI + against symbol `interrupt_end_book3e' defined in .text section + in arch/powerpc/kernel/built-in.o + +The assembler maintainer says: + + I changed the ABI, something that had to be done but unfortunately + happens to break the booke kernel code. When building up a 64-bit + value with lis, ori, shl, oris, ori or similar sequences, you now + should use @high and @higha in place of @h and @ha. @h and @ha + (and their associated relocs R_PPC64_ADDR16_HI and R_PPC64_ADDR16_HA) + now report overflow if the value is out of 32-bit signed range. + ie. @h and @ha assume you're building a 32-bit value. This is needed + to report out-of-range -mcmodel=medium toc pointer offsets in @toc@h + and @toc@ha expressions, and for consistency I did the same for all + other @h and @ha relocs. + +Replacing @h with @high in one strategic location fixes the relocation +errors. This has to be done conditionally since the assembler either +supports @h or @high but not both. + +Cc: <stable@vger.kernel.org> +Signed-off-by: Guenter Roeck <linux@roeck-us.net> +Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> + +diff --git a/arch/powerpc/Makefile b/arch/powerpc/Makefile +index 4c0cedf..ce4c68a 100644 +--- a/arch/powerpc/Makefile ++++ b/arch/powerpc/Makefile +@@ -150,7 +150,9 @@ endif + + CFLAGS-$(CONFIG_TUNE_CELL) += $(call cc-option,-mtune=cell) + +-KBUILD_CPPFLAGS += -Iarch/$(ARCH) ++asinstr := $(call as-instr,lis 9$(comma)foo@high,-DHAVE_AS_ATHIGH=1) ++ ++KBUILD_CPPFLAGS += -Iarch/$(ARCH) $(asinstr) + KBUILD_AFLAGS += -Iarch/$(ARCH) + KBUILD_CFLAGS += -msoft-float -pipe -Iarch/$(ARCH) $(CFLAGS-y) + CPP = $(CC) -E $(KBUILD_CFLAGS) +diff --git a/arch/powerpc/include/asm/ppc_asm.h b/arch/powerpc/include/asm/ppc_asm.h +index 6586a40..cded7c1 100644 +--- a/arch/powerpc/include/asm/ppc_asm.h ++++ b/arch/powerpc/include/asm/ppc_asm.h +@@ -318,11 +318,16 @@ n: + addi reg,reg,(name - 0b)@l; + + #ifdef __powerpc64__ ++#ifdef HAVE_AS_ATHIGH ++#define __AS_ATHIGH high ++#else ++#define __AS_ATHIGH h ++#endif + #define LOAD_REG_IMMEDIATE(reg,expr) \ + lis reg,(expr)@highest; \ + ori reg,reg,(expr)@higher; \ + rldicr reg,reg,32,31; \ +- oris reg,reg,(expr)@h; \ ++ oris reg,reg,(expr)@__AS_ATHIGH; \ + ori reg,reg,(expr)@l; + + #define LOAD_REG_ADDR(reg,name) \ +-- +cgit v0.10.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/sctp-CVE-2014-4667.patch b/meta-fsl-ppc/recipes-kernel/linux/files/sctp-CVE-2014-4667.patch new file mode 100644 index 00000000..e7b12283 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/sctp-CVE-2014-4667.patch @@ -0,0 +1,51 @@ +From ddb638e68690ca61959775b262a5ef0719c5c066 Mon Sep 17 00:00:00 2001 +From: Xufeng Zhang <xufeng.zhang@windriver.com> +Date: Thu, 12 Jun 2014 10:53:36 +0800 +Subject: [PATCH] sctp: Fix sk_ack_backlog wrap-around problem + +[ Upstream commit d3217b15a19a4779c39b212358a5c71d725822ee ] + +Consider the scenario: +For a TCP-style socket, while processing the COOKIE_ECHO chunk in +sctp_sf_do_5_1D_ce(), after it has passed a series of sanity check, +a new association would be created in sctp_unpack_cookie(), but afterwards, +some processing maybe failed, and sctp_association_free() will be called to +free the previously allocated association, in sctp_association_free(), +sk_ack_backlog value is decremented for this socket, since the initial +value for sk_ack_backlog is 0, after the decrement, it will be 65535, +a wrap-around problem happens, and if we want to establish new associations +afterward in the same socket, ABORT would be triggered since sctp deem the +accept queue as full. +Fix this issue by only decrementing sk_ack_backlog for associations in +the endpoint's list. + +Fixes CVE-2014-4667 +Upstream-Status: Backport + +Fix-suggested-by: Neil Horman <nhorman@tuxdriver.com> +Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com> +Acked-by: Daniel Borkmann <dborkman@redhat.com> +Acked-by: Vlad Yasevich <vyasevich@gmail.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +Signed-off-by: Jiri Slaby <jslaby@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + net/sctp/associola.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/sctp/associola.c b/net/sctp/associola.c +index cef5099..f6d6dcd 100644 +--- a/net/sctp/associola.c ++++ b/net/sctp/associola.c +@@ -375,7 +375,7 @@ void sctp_association_free(struct sctp_association *asoc) + /* Only real associations count against the endpoint, so + * don't bother for if this is a temporary association. + */ +- if (!asoc->temp) { ++ if (!list_empty(&asoc->asocs)) { + list_del(&asoc->asocs); + + /* Decrement the backlog value for a TCP-style listening +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/sctp-CVE-2014-7841.patch b/meta-fsl-ppc/recipes-kernel/linux/files/sctp-CVE-2014-7841.patch new file mode 100644 index 00000000..0c4beb31 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/sctp-CVE-2014-7841.patch @@ -0,0 +1,85 @@ +From 4008f1dbe6fea8114e7f79ed2d238e369dc9138f Mon Sep 17 00:00:00 2001 +From: Daniel Borkmann <dborkman@redhat.com> +Date: Mon, 10 Nov 2014 17:54:26 +0100 +Subject: [PATCH] net: sctp: fix NULL pointer dereference in + af->from_addr_param on malformed packet + +[ Upstream commit e40607cbe270a9e8360907cb1e62ddf0736e4864 ] + +An SCTP server doing ASCONF will panic on malformed INIT ping-of-death +in the form of: + + ------------ INIT[PARAM: SET_PRIMARY_IP] ------------> + +While the INIT chunk parameter verification dissects through many things +in order to detect malformed input, it misses to actually check parameters +inside of parameters. E.g. RFC5061, section 4.2.4 proposes a 'set primary +IP address' parameter in ASCONF, which has as a subparameter an address +parameter. + +So an attacker may send a parameter type other than SCTP_PARAM_IPV4_ADDRESS +or SCTP_PARAM_IPV6_ADDRESS, param_type2af() will subsequently return 0 +and thus sctp_get_af_specific() returns NULL, too, which we then happily +dereference unconditionally through af->from_addr_param(). + +The trace for the log: + +BUG: unable to handle kernel NULL pointer dereference at 0000000000000078 +IP: [<ffffffffa01e9c62>] sctp_process_init+0x492/0x990 [sctp] +PGD 0 +Oops: 0000 [#1] SMP +[...] +Pid: 0, comm: swapper Not tainted 2.6.32-504.el6.x86_64 #1 Bochs Bochs +RIP: 0010:[<ffffffffa01e9c62>] [<ffffffffa01e9c62>] sctp_process_init+0x492/0x990 [sctp] +[...] +Call Trace: + <IRQ> + [<ffffffffa01f2add>] ? sctp_bind_addr_copy+0x5d/0xe0 [sctp] + [<ffffffffa01e1fcb>] sctp_sf_do_5_1B_init+0x21b/0x340 [sctp] + [<ffffffffa01e3751>] sctp_do_sm+0x71/0x1210 [sctp] + [<ffffffffa01e5c09>] ? sctp_endpoint_lookup_assoc+0xc9/0xf0 [sctp] + [<ffffffffa01e61f6>] sctp_endpoint_bh_rcv+0x116/0x230 [sctp] + [<ffffffffa01ee986>] sctp_inq_push+0x56/0x80 [sctp] + [<ffffffffa01fcc42>] sctp_rcv+0x982/0xa10 [sctp] + [<ffffffffa01d5123>] ? ipt_local_in_hook+0x23/0x28 [iptable_filter] + [<ffffffff8148bdc9>] ? nf_iterate+0x69/0xb0 + [<ffffffff81496d10>] ? ip_local_deliver_finish+0x0/0x2d0 + [<ffffffff8148bf86>] ? nf_hook_slow+0x76/0x120 + [<ffffffff81496d10>] ? ip_local_deliver_finish+0x0/0x2d0 +[...] + +A minimal way to address this is to check for NULL as we do on all +other such occasions where we know sctp_get_af_specific() could +possibly return with NULL. + +Fix for CVE-2014-7841 +Upstream-Status: Backport + +Fixes: d6de3097592b ("[SCTP]: Add the handling of "Set Primary IP Address" parameter to INIT") +Signed-off-by: Daniel Borkmann <dborkman@redhat.com> +Cc: Vlad Yasevich <vyasevich@gmail.com> +Acked-by: Neil Horman <nhorman@tuxdriver.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +Signed-off-by: Jiri Slaby <jslaby@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + net/sctp/sm_make_chunk.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c +index 1e06f3b..e342387 100644 +--- a/net/sctp/sm_make_chunk.c ++++ b/net/sctp/sm_make_chunk.c +@@ -2622,6 +2622,9 @@ do_addr_param: + addr_param = param.v + sizeof(sctp_addip_param_t); + + af = sctp_get_af_specific(param_type2af(param.p->type)); ++ if (af == NULL) ++ break; ++ + af->from_addr_param(&addr, addr_param, + htons(asoc->peer.port), 0); + +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/security-keys-CVE-2014-9529.patch b/meta-fsl-ppc/recipes-kernel/linux/files/security-keys-CVE-2014-9529.patch new file mode 100644 index 00000000..573b5300 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/security-keys-CVE-2014-9529.patch @@ -0,0 +1,53 @@ +From a7033e302dcd38bb4333f46b3fdcd930955e402d Mon Sep 17 00:00:00 2001 +From: Sasha Levin <sasha.levin@oracle.com> +Date: Mon, 29 Dec 2014 09:39:01 -0500 +Subject: [PATCH] KEYS: close race between key lookup and freeing + +commit a3a8784454692dd72e5d5d34dcdab17b4420e74c upstream. + +When a key is being garbage collected, it's key->user would get put before +the ->destroy() callback is called, where the key is removed from it's +respective tracking structures. + +This leaves a key hanging in a semi-invalid state which leaves a window open +for a different task to try an access key->user. An example is +find_keyring_by_name() which would dereference key->user for a key that is +in the process of being garbage collected (where key->user was freed but +->destroy() wasn't called yet - so it's still present in the linked list). + +This would cause either a panic, or corrupt memory. + +Fixes CVE-2014-9529. + +Upstream-Status: Backport + +Signed-off-by: Sasha Levin <sasha.levin@oracle.com> +Signed-off-by: David Howells <dhowells@redhat.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + security/keys/gc.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/security/keys/gc.c b/security/keys/gc.c +index d67c97b..7978186 100644 +--- a/security/keys/gc.c ++++ b/security/keys/gc.c +@@ -201,12 +201,12 @@ static noinline void key_gc_unused_keys(struct list_head *keys) + if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) + atomic_dec(&key->user->nikeys); + +- key_user_put(key->user); +- + /* now throw away the key memory */ + if (key->type->destroy) + key->type->destroy(key); + ++ key_user_put(key->user); ++ + kfree(key->description); + + #ifdef KEY_DEBUGGING +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/target-CVE-2014-4027.patch b/meta-fsl-ppc/recipes-kernel/linux/files/target-CVE-2014-4027.patch new file mode 100644 index 00000000..0f8b49c1 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/target-CVE-2014-4027.patch @@ -0,0 +1,46 @@ +From 186f32e2096c7d9cd9106b8dedd79c596f4c8398 Mon Sep 17 00:00:00 2001 +From: "Nicholas A. Bellinger" <nab@linux-iscsi.org> +Date: Mon, 16 Jun 2014 20:59:52 +0000 +Subject: [PATCH] target: Explicitly clear ramdisk_mcp backend pages + +[Note that a different patch to address the same issue went in during +v3.15-rc1 (commit 4442dc8a), but includes a bunch of other changes that +don't strictly apply to fixing the bug] + +This patch changes rd_allocate_sgl_table() to explicitly clear +ramdisk_mcp backend memory pages by passing __GFP_ZERO into +alloc_pages(). + +This addresses a potential security issue where reading from a +ramdisk_mcp could return sensitive information, and follows what +>= v3.15 does to explicitly clear ramdisk_mcp memory at backend +device initialization time. + +This fixes CVE-2014-4027 +Upstream-Status: Backport + +Reported-by: Jorge Daniel Sequeira Matias <jdsm@tecnico.ulisboa.pt> +Cc: Jorge Daniel Sequeira Matias <jdsm@tecnico.ulisboa.pt> +Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> +Signed-off-by: Jiri Slaby <jslaby@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + drivers/target/target_core_rd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/target/target_core_rd.c b/drivers/target/target_core_rd.c +index 131327a..9f6bede 100644 +--- a/drivers/target/target_core_rd.c ++++ b/drivers/target/target_core_rd.c +@@ -179,7 +179,7 @@ static int rd_build_device_space(struct rd_dev *rd_dev) + - 1; + + for (j = 0; j < sg_per_table; j++) { +- pg = alloc_pages(GFP_KERNEL, 0); ++ pg = alloc_pages(GFP_KERNEL | __GFP_ZERO, 0); + if (!pg) { + pr_err("Unable to allocate scatterlist" + " pages for struct rd_dev_sg_table\n"); +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/tracing-CVE-2014-7825_CVE-2014-7826.patch b/meta-fsl-ppc/recipes-kernel/linux/files/tracing-CVE-2014-7825_CVE-2014-7826.patch new file mode 100644 index 00000000..cc90f7de --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/tracing-CVE-2014-7825_CVE-2014-7826.patch @@ -0,0 +1,94 @@ +From abc07cd01c51fb54088c6bc8ee654d104a5ec7d9 Mon Sep 17 00:00:00 2001 +From: Rabin Vincent <rabin@rab.in> +Date: Wed, 29 Oct 2014 23:06:58 +0100 +Subject: [PATCH] tracing/syscalls: Ignore numbers outside NR_syscalls' range + +commit 086ba77a6db00ed858ff07451bedee197df868c9 upstream. + +ARM has some private syscalls (for example, set_tls(2)) which lie +outside the range of NR_syscalls. If any of these are called while +syscall tracing is being performed, out-of-bounds array access will +occur in the ftrace and perf sys_{enter,exit} handlers. + + # trace-cmd record -e raw_syscalls:* true && trace-cmd report + ... + true-653 [000] 384.675777: sys_enter: NR 192 (0, 1000, 3, 4000022, ffffffff, 0) + true-653 [000] 384.675812: sys_exit: NR 192 = 1995915264 + true-653 [000] 384.675971: sys_enter: NR 983045 (76f74480, 76f74000, 76f74b28, 76f74480, 76f76f74, 1) + true-653 [000] 384.675988: sys_exit: NR 983045 = 0 + ... + + # trace-cmd record -e syscalls:* true + [ 17.289329] Unable to handle kernel paging request at virtual address aaaaaace + [ 17.289590] pgd = 9e71c000 + [ 17.289696] [aaaaaace] *pgd=00000000 + [ 17.289985] Internal error: Oops: 5 [#1] PREEMPT SMP ARM + [ 17.290169] Modules linked in: + [ 17.290391] CPU: 0 PID: 704 Comm: true Not tainted 3.18.0-rc2+ #21 + [ 17.290585] task: 9f4dab00 ti: 9e710000 task.ti: 9e710000 + [ 17.290747] PC is at ftrace_syscall_enter+0x48/0x1f8 + [ 17.290866] LR is at syscall_trace_enter+0x124/0x184 + +Fix this by ignoring out-of-NR_syscalls-bounds syscall numbers. + +Commit cd0980fc8add "tracing: Check invalid syscall nr while tracing syscalls" +added the check for less than zero, but it should have also checked +for greater than NR_syscalls. + +Fixes CVE-2014-7825 and CVE-2014-7826 +Upstream-Status: Backport + +Link: http://lkml.kernel.org/p/1414620418-29472-1-git-send-email-rabin@rab.in + +Fixes: cd0980fc8add "tracing: Check invalid syscall nr while tracing syscalls" +Signed-off-by: Rabin Vincent <rabin@rab.in> +Signed-off-by: Steven Rostedt <rostedt@goodmis.org> +Signed-off-by: Jiri Slaby <jslaby@suse.cz> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + kernel/trace/trace_syscalls.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/kernel/trace/trace_syscalls.c b/kernel/trace/trace_syscalls.c +index 559329d..d8ce71b 100644 +--- a/kernel/trace/trace_syscalls.c ++++ b/kernel/trace/trace_syscalls.c +@@ -312,7 +312,7 @@ static void ftrace_syscall_enter(void *data, struct pt_regs *regs, long id) + int size; + + syscall_nr = trace_get_syscall_nr(current, regs); +- if (syscall_nr < 0) ++ if (syscall_nr < 0 || syscall_nr >= NR_syscalls) + return; + if (!test_bit(syscall_nr, tr->enabled_enter_syscalls)) + return; +@@ -354,7 +354,7 @@ static void ftrace_syscall_exit(void *data, struct pt_regs *regs, long ret) + int syscall_nr; + + syscall_nr = trace_get_syscall_nr(current, regs); +- if (syscall_nr < 0) ++ if (syscall_nr < 0 || syscall_nr >= NR_syscalls) + return; + if (!test_bit(syscall_nr, tr->enabled_exit_syscalls)) + return; +@@ -557,7 +557,7 @@ static void perf_syscall_enter(void *ignore, struct pt_regs *regs, long id) + int size; + + syscall_nr = trace_get_syscall_nr(current, regs); +- if (syscall_nr < 0) ++ if (syscall_nr < 0 || syscall_nr >= NR_syscalls) + return; + if (!test_bit(syscall_nr, enabled_perf_enter_syscalls)) + return; +@@ -631,7 +631,7 @@ static void perf_syscall_exit(void *ignore, struct pt_regs *regs, long ret) + int size; + + syscall_nr = trace_get_syscall_nr(current, regs); +- if (syscall_nr < 0) ++ if (syscall_nr < 0 || syscall_nr >= NR_syscalls) + return; + if (!test_bit(syscall_nr, enabled_perf_exit_syscalls)) + return; +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/udf-CVE-2014-6410.patch b/meta-fsl-ppc/recipes-kernel/linux/files/udf-CVE-2014-6410.patch new file mode 100644 index 00000000..9086e0a1 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/udf-CVE-2014-6410.patch @@ -0,0 +1,96 @@ +From 07d209bd092d023976fdb881ba6d4b30fe18aebe Mon Sep 17 00:00:00 2001 +From: Jan Kara <jack@suse.cz> +Date: Thu, 4 Sep 2014 14:06:55 +0200 +Subject: [PATCH] udf: Avoid infinite loop when processing indirect ICBs + +commit c03aa9f6e1f938618e6db2e23afef0574efeeb65 upstream. + +We did not implement any bound on number of indirect ICBs we follow when +loading inode. Thus corrupted medium could cause kernel to go into an +infinite loop, possibly causing a stack overflow. + +Fix the possible stack overflow by removing recursion from +__udf_read_inode() and limit number of indirect ICBs we follow to avoid +infinite loops. + +Upstream-Status: Backport + +Signed-off-by: Jan Kara <jack@suse.cz> +Cc: Chuck Ebbert <cebbert.lkml@gmail.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + fs/udf/inode.c | 35 +++++++++++++++++++++-------------- + 1 file changed, 21 insertions(+), 14 deletions(-) + +diff --git a/fs/udf/inode.c b/fs/udf/inode.c +index b6d15d3..aa02328 100644 +--- a/fs/udf/inode.c ++++ b/fs/udf/inode.c +@@ -1270,13 +1270,22 @@ update_time: + return 0; + } + ++/* ++ * Maximum length of linked list formed by ICB hierarchy. The chosen number is ++ * arbitrary - just that we hopefully don't limit any real use of rewritten ++ * inode on write-once media but avoid looping for too long on corrupted media. ++ */ ++#define UDF_MAX_ICB_NESTING 1024 ++ + static void __udf_read_inode(struct inode *inode) + { + struct buffer_head *bh = NULL; + struct fileEntry *fe; + uint16_t ident; + struct udf_inode_info *iinfo = UDF_I(inode); ++ unsigned int indirections = 0; + ++reread: + /* + * Set defaults, but the inode is still incomplete! + * Note: get_new_inode() sets the following on a new inode: +@@ -1313,28 +1322,26 @@ static void __udf_read_inode(struct inode *inode) + ibh = udf_read_ptagged(inode->i_sb, &iinfo->i_location, 1, + &ident); + if (ident == TAG_IDENT_IE && ibh) { +- struct buffer_head *nbh = NULL; + struct kernel_lb_addr loc; + struct indirectEntry *ie; + + ie = (struct indirectEntry *)ibh->b_data; + loc = lelb_to_cpu(ie->indirectICB.extLocation); + +- if (ie->indirectICB.extLength && +- (nbh = udf_read_ptagged(inode->i_sb, &loc, 0, +- &ident))) { +- if (ident == TAG_IDENT_FE || +- ident == TAG_IDENT_EFE) { +- memcpy(&iinfo->i_location, +- &loc, +- sizeof(struct kernel_lb_addr)); +- brelse(bh); +- brelse(ibh); +- brelse(nbh); +- __udf_read_inode(inode); ++ if (ie->indirectICB.extLength) { ++ brelse(bh); ++ brelse(ibh); ++ memcpy(&iinfo->i_location, &loc, ++ sizeof(struct kernel_lb_addr)); ++ if (++indirections > UDF_MAX_ICB_NESTING) { ++ udf_err(inode->i_sb, ++ "too many ICBs in ICB hierarchy" ++ " (max %d supported)\n", ++ UDF_MAX_ICB_NESTING); ++ make_bad_inode(inode); + return; + } +- brelse(nbh); ++ goto reread; + } + } + brelse(ibh); +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/linux-qoriq.inc b/meta-fsl-ppc/recipes-kernel/linux/linux-qoriq.inc new file mode 100644 index 00000000..a832b46a --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/linux-qoriq.inc @@ -0,0 +1,46 @@ +inherit kernel qoriq_build_64bit_kernel +require recipes-kernel/linux/linux-dtb.inc + +DESCRIPTION = "Linux kernel for Freescale platforms" +SECTION = "kernel" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=d7810fab7487fb0aad327b76f1be7cd7" + +KSRC ?= "" +S = '${@base_conditional("KSRC", "", "${WORKDIR}/git", "${KSRC}", d)}' + +DEPENDS_append = " libgcc" +KERNEL_CC_append = " ${TOOLCHAIN_OPTIONS}" +KERNEL_LD_append = " ${TOOLCHAIN_OPTIONS}" + +SCMVERSION ?= "y" +DELTA_KERNEL_DEFCONFIG ?= "" +do_configure_prepend() { + # copy desired defconfig so we pick it up for the real kernel_do_configure + cp ${KERNEL_DEFCONFIG} ${B}/.config + + # add config fragments + for deltacfg in ${DELTA_KERNEL_DEFCONFIG}; do + if [ -f "${deltacfg}" ]; then + ${S}/scripts/kconfig/merge_config.sh -m .config ${deltacfg} + elif [ -f "${S}/arch/powerpc/configs/${deltacfg}" ]; then + ${S}/scripts/kconfig/merge_config.sh -m .config \ + ${S}/arch/powerpc/configs/${deltacfg} + fi + done + + #add git revision to the local version + if [ "${SCMVERSION}" = "y" ]; then + # append sdk version if SDK_VERSION is defined + sdkversion='' + if [ -n "${SDK_VERSION}" ]; then + sdkversion="-${SDK_VERSION}" + fi + head=`git --git-dir=${S}/.git rev-parse --verify --short HEAD 2> /dev/null` + printf "%s%s%s" $sdkversion +g $head > ${B}/.scmversion + fi +} + +# make everything compatible for the time being +COMPATIBLE_MACHINE_$MACHINE = "$MACHINE" + diff --git a/meta-fsl-ppc/recipes-kernel/linux/linux-qoriq_3.12.bb b/meta-fsl-ppc/recipes-kernel/linux/linux-qoriq_3.12.bb new file mode 100644 index 00000000..1e9e4761 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/linux-qoriq_3.12.bb @@ -0,0 +1,43 @@ +require recipes-kernel/linux/linux-qoriq.inc + +SRC_URI = "git://git.freescale.com/ppc/sdk/linux.git;nobranch=1 \ + file://powerpc-Fix-64-bit-builds-with-binutils-2.24.patch \ + file://Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch \ + file://Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch \ + file://Fix-CVE-2014-5471_CVE-2014-5472.patch \ + file://modify-defconfig-t1040-nr-cpus.patch \ + file://0001-mnt-CVE-2014-5206_CVE-2014-5207.patch \ + file://0002-mnt-CVE-2014-5206_CVE-2014-5207.patch \ + file://0003-mnt-CVE-2014-5206_CVE-2014-5207.patch \ + file://0004-mnt-CVE-2014-5206_CVE-2014-5207.patch \ + file://0005-mnt-CVE-2014-5206_CVE-2014-5207.patch \ + file://udf-CVE-2014-6410.patch \ + file://net-sctp-CVE-2014-0101.patch \ + file://0001-HID-CVE-2014-3181.patch \ + file://0002-HID-CVE-2014-3182.patch \ + file://0003-HID-CVE-2014-3184.patch \ + file://0004-USB-CVE-2014-3185.patch \ + file://0001-kvm-iommu-CVE-2014-3601.patch \ + file://0002-kvm-iommu-CVE-2014-8369.patch \ + file://0001-net-sctp-CVE-2014-3673.patch \ + file://0002-net-sctp-CVE-2014-3687.patch \ + file://0003-net-sctp-CVE-2014-3688.patch \ + file://auditsc-CVE-2014-3917.patch \ + file://0001-ALSA-CVE-2014-4652.patch \ + file://0002-ALSA-CVE-2014-4653.patch \ + file://sctp-CVE-2014-4667.patch \ + file://sctp-CVE-2014-7841.patch \ + file://0001-ALSA-CVE-2014-4656.patch \ + file://0002-ALSA-CVE-2014-4656.patch \ + file://target-CVE-2014-4027.patch \ + file://mm-2014-3122.patch \ + file://0001-shmem-CVE-2014-4171.patch \ + file://0002-shmem-CVE-2014-4171.patch \ + file://0003-shmem-CVE-2014-4171.patch \ + file://fs-CVE-2014-4014.patch \ + file://tracing-CVE-2014-7825_CVE-2014-7826.patch \ + file://security-keys-CVE-2014-9529.patch \ + file://eCryptfs-CVE-2014-9683.patch \ +" +SRCREV = "6619b8b55796cdf0cec04b66a71288edd3057229" + diff --git a/meta-fsl-ppc/recipes-kernel/lttng/lttng-modules_%.bbappend b/meta-fsl-ppc/recipes-kernel/lttng/lttng-modules_%.bbappend new file mode 100644 index 00000000..5ff765d4 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/lttng/lttng-modules_%.bbappend @@ -0,0 +1,2 @@ +inherit qoriq_build_64bit_kernel + diff --git a/meta-fsl-ppc/recipes-kernel/pkc-host/pkc-host_git.bb b/meta-fsl-ppc/recipes-kernel/pkc-host/pkc-host_git.bb new file mode 100644 index 00000000..2d5e3165 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/pkc-host/pkc-host_git.bb @@ -0,0 +1,33 @@ +DESCRIPTION = "pkc host driver" +SECTION = "pkc-host" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://Makefile;endline=30;md5=6a26ed8e76a8ea2e019c525369ed0f03" + +inherit module qoriq_build_64bit_kernel +RDEPENDS_${PN} += "cryptodev-module" + +# Currently pkc-host does not support RSA_KEYGEN, remove this +# if it is fixed. +REQUIRED_DISTRO_FEATURES = "c29x_pkc" + +SRC_URI = "git://git.freescale.com/ppc/sdk/pkc-host.git;nobranch=1" +SRCREV = "cae512c94e2a26cc6b0d6393d307cdea2d7282c9" + +S = "${WORKDIR}/git" + +EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"' + +do_install() { + install -d ${D}/lib/modules/c2x0 + install -d ${D}/etc/crypto + install -d ${D}/${bindir} + cp ${S}/*.ko ${D}/lib/modules/c2x0 + cp ${S}/crypto.cfg ${D}/etc/crypto + cp ${S}/images/pkc-firmware.bin ${D}/etc/crypto + cp ${S}/perf/mini_calc/mini_calc ${D}/${bindir} + cp ${S}/apps/cli/cli ${D}/${bindir} + cp ${S}/perf/c29x_driver_perf_profile.sh ${D}/${bindir} +} + + +FILES_${PN} += "${bindir}/mini_calc ${bindir}/cli ${bindir}/c29x_driver_perf_profile.sh /etc/crypto/crypto.cfg /etc/crypto/pkc-firmware.bin" diff --git a/meta-fsl-ppc/recipes-kernel/qoriq-debug/qoriq-debug_git.bb b/meta-fsl-ppc/recipes-kernel/qoriq-debug/qoriq-debug_git.bb new file mode 100644 index 00000000..c08f057f --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/qoriq-debug/qoriq-debug_git.bb @@ -0,0 +1,15 @@ +DESCRIPTION = "QorIQ Debug File System Module" +SECTION = "qoriq-debug" +LICENSE = "GPLv2+" +LIC_FILES_CHKSUM = "file://COPYING;md5=e29234dd5d40dc352cc60cc0c93437ba" + +inherit module autotools-brokensep qoriq_build_64bit_kernel + +SRC_URI = "git://git.freescale.com/ppc/sdk/qoriq-debug.git;nobranch=1" +SRCREV = "20615c1ea332102635f8314cee5787c48c1a4254" + +S = "${WORKDIR}/git" + +EXTRA_OECONF += "--with-linux=${STAGING_KERNEL_DIR}" +EXTRA_OEMAKE += 'SYSROOT="${D}"' + diff --git a/meta-fsl-ppc/recipes-kernel/skmm-host/skmm-host_git.bb b/meta-fsl-ppc/recipes-kernel/skmm-host/skmm-host_git.bb new file mode 100644 index 00000000..5e6b0858 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/skmm-host/skmm-host_git.bb @@ -0,0 +1,15 @@ +DESCRIPTION = "skmm host driver offload data to PCIe EP and push the data en-decrypted back to application" +SECTION = "c293-skmm-host" +LICENSE = "Freescale-EULA" +LIC_FILES_CHKSUM = "file://Makefile;endline=7;md5=edffaac1da9e809ade0d2fcfcc18d8df" + +inherit module qoriq_build_64bit_kernel + +SRC_URI = "git://git.freescale.com/ppc/sdk/skmm-host.git;nobranch=1" +SRCREV = "97c9241a359edccdf8913cb9accbfe4ceb511523" + +S = "${WORKDIR}/git" + +EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"' + +FILES_${PN} += "/etc/skmm/ /usr/bin/" diff --git a/meta-fsl-ppc/recipes-kernel/uio-seville/uio-seville_0.1.bb b/meta-fsl-ppc/recipes-kernel/uio-seville/uio-seville_0.1.bb new file mode 100755 index 00000000..51e1475a --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/uio-seville/uio-seville_0.1.bb @@ -0,0 +1,15 @@ +DESCRIPTION = "UIO driver for T1040 L2 Switch" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e" + +SRC_URI = "git://git.freescale.com/ppc/sdk/l2switch-uio.git;branch=sdk-v1.7.x" +SRCREV = "35af73f3ba00745777f32787400d9eb0317d7ff5" + +inherit module + +S = "${WORKDIR}/git/uio-driver" + +COMPATIBLE_MACHINE ?= "(none)" +COMPATIBLE_MACHINE_t1040 = ".*" +COMPATIBLE_MACHINE_t1042 = ".*" + diff --git a/meta-fsl-ppc/recipes-virtualization/hv-cfg/hv-cfg_git.bb b/meta-fsl-ppc/recipes-virtualization/hv-cfg/hv-cfg_git.bb new file mode 100644 index 00000000..599bce28 --- /dev/null +++ b/meta-fsl-ppc/recipes-virtualization/hv-cfg/hv-cfg_git.bb @@ -0,0 +1,52 @@ +DESCRIPTION = "Hypervisor Config" +SECTION = "hv-cfg" +LICENSE = "BSD" +PR = "r6" + +LIC_FILES_CHKSUM = " \ + file://p2041rdb/LICENSE;md5=96dd72f26e9bb861de5c76c60e35e1bc \ + file://p3041ds/LICENSE;md5=96dd72f26e9bb861de5c76c60e35e1bc \ + file://p4080ds/LICENSE;md5=96dd72f26e9bb861de5c76c60e35e1bc \ + file://p5020ds/LICENSE;md5=96dd72f26e9bb861de5c76c60e35e1bc \ +" + +DEPENDS += "dtc-native" + +# this package is specific to the machine itself +INHIBIT_DEFAULT_DEPS = "1" +PACKAGE_ARCH = "${MACHINE_ARCH}" + +inherit deploy + +SRC_URI = "git://git.freescale.com/ppc/sdk/hv-cfg.git;nobranch=1" +SRCREV = "f79080739851b3a3dfcd435f2ef1572459a4313c" + +S = "${WORKDIR}/git" + +do_install () { + make install + + M=`echo ${MACHINE} | sed s/-64b//g` + if [ "t1042rdb" = "${M}" ];then + M=t1040rdb + fi + install -d ${D}/boot/hv-cfg + cp -r ${S}/${M}/${M}/* ${D}/boot/hv-cfg +} + +do_deploy () { + M=`echo ${MACHINE} | sed s/-64b//g` + if [ "t1042rdb" = "${M}" ];then + M=t1040rdb + fi + install -d ${DEPLOYDIR}/hv-cfg + cp -r ${S}/${M}/${M}/* ${DEPLOYDIR}/hv-cfg +} +addtask deploy after do_install + +PACKAGES += "${PN}-image" +FILES_${PN}-image += "/boot" + +COMPATIBLE_HOST_qoriq-ppc = ".*" +COMPATIBLE_HOST ?= "(none)" +ALLOW_EMPTY_${PN} = "1" diff --git a/meta-fsl-ppc/recipes-virtualization/hypervisor/files/81-fsl-embedded-hv.rules b/meta-fsl-ppc/recipes-virtualization/hypervisor/files/81-fsl-embedded-hv.rules new file mode 100644 index 00000000..5edfa113 --- /dev/null +++ b/meta-fsl-ppc/recipes-virtualization/hypervisor/files/81-fsl-embedded-hv.rules @@ -0,0 +1,2 @@ +# Add rule to handle setting up device node for FSL HV mgmt driver +SUBSYSTEM=="misc", KERNEL=="fsl-hv", NAME="fsl-hv" diff --git a/meta-fsl-ppc/recipes-virtualization/hypervisor/hypervisor_git.bb b/meta-fsl-ppc/recipes-virtualization/hypervisor/hypervisor_git.bb new file mode 100644 index 00000000..3a7f838f --- /dev/null +++ b/meta-fsl-ppc/recipes-virtualization/hypervisor/hypervisor_git.bb @@ -0,0 +1,94 @@ +DESCRIPTION = "Freescale embedded hypervisor" +SECTION = "embedded-hv" +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://README;endline=22;md5=0655bbc3b7d7166c30c87208b4e23cf0" + +PR = "r3" + +DEPENDS = "u-boot-mkimage-native" + +inherit deploy + +# TODO: fix dtc to use the already built package +SRC_URI = " \ + git://git.freescale.com/ppc/sdk/hypervisor/hypervisor.git;name=hypervisor;nobranch=1 \ + git://git.freescale.com/ppc/sdk/hypervisor/kconfig.git;name=kconfig;destsuffix=git/kconfig;nobranch=1 \ + git://git.freescale.com/ppc/sdk/hypervisor/libos.git;name=libos;destsuffix=git/libos;nobranch=1 \ + git://git.kernel.org/pub/scm/utils/dtc/dtc.git;name=dtc;destsuffix=dtc \ + git://git.freescale.com/ppc/sdk/hypertrk.git;name=hypertrk;destsuffix=git/hypertrk;nobranch=1 \ + file://81-fsl-embedded-hv.rules \ + " + +SRCREV_FORMAT="hypervisor" +SRCREV = "99b04d937b944d57b2685b55584e982d8e36dd41" +SRCREV_kconfig = "a56025d4da992b856796b0eccac2e410d751dbac" +SRCREV_libos = "819bda2a913bc1f6afb43f5f2b026da5872866ea" +SRCREV_dtc = "a6d55e039fd22048687fe061b4609e2807efe764" +SRCREV_hypertrk = "975c98b562186afbd3bbf103ae54b96cf9b3e533" + +S = "${WORKDIR}/git" + +OUTPUT ?= "output32" +OUTPUT_powerpc64 = "output64" + +EXTRA_OEMAKE = 'CROSS_COMPILE=${TARGET_PREFIX} CC="${TARGET_PREFIX}gcc ${TOOLCHAIN_OPTIONS}" O="${OUTPUT}"' + +DEFCONFIG = "defconfig" +DEFCONFIG_powerpc64 = "64bit_defconfig" + +COMPATIBLE_HOST_qoriq-ppc = ".*" +COMPATIBLE_HOST ?= "(none)" + +inherit cml1 +do_configure () { + oe_runmake ${DEFCONFIG} +} + +PKG_HV_HYPERTRK_SUPPORT = "n" +do_compile () { + if [ "${PKG_HV_HYPERTRK_SUPPORT}" = "y" ] + then + oe_runmake silentoldconfig + export HV_DIR=$PWD + cd hypertrk + oe_runmake deploy + cd .. + fi + + oe_runmake + oe_runmake partman +} + +do_install () { + install -d ${D}/${bindir} + install ${B}/${OUTPUT}/bin/linux/partman ${D}/${bindir}/partman + + install -d ${D}${sysconfdir}/udev/rules.d + install -m 0644 ${WORKDIR}/81-fsl-embedded-hv.rules ${D}${sysconfdir}/udev/rules.d + + install -d ${D}/boot/hv + install ${B}/${OUTPUT}/.config ${D}/boot/hv/hypervisor.config + install -m 644 ${B}/${OUTPUT}/bin/hv ${B}/${OUTPUT}/bin/hv.map \ + ${B}/${OUTPUT}/bin/hv.uImage ${B}/${OUTPUT}/bin/hv.bin \ + ${D}/boot/hv/ +} + +do_deploy () { + install -d ${DEPLOYDIR}/hv/ + install ${B}/${OUTPUT}/.config ${DEPLOYDIR}/hv/hypervisor.config + install -m 644 ${B}/${OUTPUT}/bin/hv ${B}/${OUTPUT}/bin/hv.map \ + ${B}/${OUTPUT}/bin/hv.uImage ${B}/${OUTPUT}/bin/hv.bin \ + ${DEPLOYDIR}/hv/ +} +addtask deploy before do_build after do_install + +do_deploy_append() { + rm -f ${B}/../hv +} + +INSANE_SKIP_${PN} = 'already-stripped' +INHIBIT_PACKAGE_DEBUG_SPLIT = "1" +ALLOW_EMPTY_${PN} = "1" +PACKAGES_prepend = "${PN}-image ${PN}-partman " +FILES_${PN}-image = "/boot/" +FILES_${PN}-partman = "${bindir}/partman" diff --git a/meta-fsl-ppc/recipes-virtualization/mux-server/files/mux-server-1.02.tar.gz b/meta-fsl-ppc/recipes-virtualization/mux-server/files/mux-server-1.02.tar.gz Binary files differnew file mode 100644 index 00000000..d8f20147 --- /dev/null +++ b/meta-fsl-ppc/recipes-virtualization/mux-server/files/mux-server-1.02.tar.gz diff --git a/meta-fsl-ppc/recipes-virtualization/mux-server/mux-server_1.02.bb b/meta-fsl-ppc/recipes-virtualization/mux-server/mux-server_1.02.bb new file mode 100644 index 00000000..ab9cce1c --- /dev/null +++ b/meta-fsl-ppc/recipes-virtualization/mux-server/mux-server_1.02.bb @@ -0,0 +1,16 @@ +DESCRIPTION = "A Linux-based utility supporting console multiplexing and demultiplexing" +SECTION = "mux-server" +LICENSE = "LGPL-2.1" +# TODO: add a dedicated COPYING file +LIC_FILES_CHKSUM = "file://mux_server.c;endline=9;md5=e59eeb0812bb88b7af2d932f2dc22aed" + +SRC_URI = "file://mux-server-${PV}.tar.gz;name=mux_server" + +EXTRA_OEMAKE='HOSTCC="${CC}"' + +do_install () { + install -d ${D}${bindir} + install -m 755 mux_server ${D}${bindir} +} + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-fsl-ppc/virtualization-layer/recipes-extended/libvirt/libvirt/qoriq-ppc/qemu.conf b/meta-fsl-ppc/virtualization-layer/recipes-extended/libvirt/libvirt/qoriq-ppc/qemu.conf new file mode 100644 index 00000000..cc22fa13 --- /dev/null +++ b/meta-fsl-ppc/virtualization-layer/recipes-extended/libvirt/libvirt/qoriq-ppc/qemu.conf @@ -0,0 +1,465 @@ +# Master configuration file for the QEMU driver. +# All settings described here are optional - if omitted, sensible +# defaults are used. + +# VNC is configured to listen on 127.0.0.1 by default. +# To make it listen on all public interfaces, uncomment +# this next option. +# +# NB, strong recommendation to enable TLS + x509 certificate +# verification when allowing public access +# +#vnc_listen = "0.0.0.0" + +# Enable this option to have VNC served over an automatically created +# unix socket. This prevents unprivileged access from users on the +# host machine, though most VNC clients do not support it. +# +# This will only be enabled for VNC configurations that do not have +# a hardcoded 'listen' or 'socket' value. This setting takes preference +# over vnc_listen. +# +#vnc_auto_unix_socket = 1 + +# Enable use of TLS encryption on the VNC server. This requires +# a VNC client which supports the VeNCrypt protocol extension. +# Examples include vinagre, virt-viewer, virt-manager and vencrypt +# itself. UltraVNC, RealVNC, TightVNC do not support this +# +# It is necessary to setup CA and issue a server certificate +# before enabling this. +# +#vnc_tls = 1 + + +# Use of TLS requires that x509 certificates be issued. The +# default it to keep them in /etc/pki/libvirt-vnc. This directory +# must contain +# +# ca-cert.pem - the CA master certificate +# server-cert.pem - the server certificate signed with ca-cert.pem +# server-key.pem - the server private key +# +# This option allows the certificate directory to be changed +# +#vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc" + + +# The default TLS configuration only uses certificates for the server +# allowing the client to verify the server's identity and establish +# an encrypted channel. +# +# It is possible to use x509 certificates for authentication too, by +# issuing a x509 certificate to every client who needs to connect. +# +# Enabling this option will reject any client who does not have a +# certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem +# +#vnc_tls_x509_verify = 1 + + +# The default VNC password. Only 8 letters are significant for +# VNC passwords. This parameter is only used if the per-domain +# XML config does not already provide a password. To allow +# access without passwords, leave this commented out. An empty +# string will still enable passwords, but be rejected by QEMU, +# effectively preventing any use of VNC. Obviously change this +# example here before you set this. +# +#vnc_password = "XYZ12345" + + +# Enable use of SASL encryption on the VNC server. This requires +# a VNC client which supports the SASL protocol extension. +# Examples include vinagre, virt-viewer and virt-manager +# itself. UltraVNC, RealVNC, TightVNC do not support this +# +# It is necessary to configure /etc/sasl2/qemu.conf to choose +# the desired SASL plugin (eg, GSSPI for Kerberos) +# +#vnc_sasl = 1 + + +# The default SASL configuration file is located in /etc/sasl2/ +# When running libvirtd unprivileged, it may be desirable to +# override the configs in this location. Set this parameter to +# point to the directory, and create a qemu.conf in that location +# +#vnc_sasl_dir = "/some/directory/sasl2" + + +# QEMU implements an extension for providing audio over a VNC connection, +# though if your VNC client does not support it, your only chance for getting +# sound output is through regular audio backends. By default, libvirt will +# disable all QEMU sound backends if using VNC, since they can cause +# permissions issues. Enabling this option will make libvirtd honor the +# QEMU_AUDIO_DRV environment variable when using VNC. +# +#vnc_allow_host_audio = 0 + + + +# SPICE is configured to listen on 127.0.0.1 by default. +# To make it listen on all public interfaces, uncomment +# this next option. +# +# NB, strong recommendation to enable TLS + x509 certificate +# verification when allowing public access +# +#spice_listen = "0.0.0.0" + + +# Enable use of TLS encryption on the SPICE server. +# +# It is necessary to setup CA and issue a server certificate +# before enabling this. +# +#spice_tls = 1 + + +# Use of TLS requires that x509 certificates be issued. The +# default it to keep them in /etc/pki/libvirt-spice. This directory +# must contain +# +# ca-cert.pem - the CA master certificate +# server-cert.pem - the server certificate signed with ca-cert.pem +# server-key.pem - the server private key +# +# This option allows the certificate directory to be changed. +# +#spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice" + + +# The default SPICE password. This parameter is only used if the +# per-domain XML config does not already provide a password. To +# allow access without passwords, leave this commented out. An +# empty string will still enable passwords, but be rejected by +# QEMU, effectively preventing any use of SPICE. Obviously change +# this example here before you set this. +# +#spice_password = "XYZ12345" + + +# Enable use of SASL encryption on the SPICE server. This requires +# a SPICE client which supports the SASL protocol extension. +# +# It is necessary to configure /etc/sasl2/qemu.conf to choose +# the desired SASL plugin (eg, GSSPI for Kerberos) +# +#spice_sasl = 1 + +# The default SASL configuration file is located in /etc/sasl2/ +# When running libvirtd unprivileged, it may be desirable to +# override the configs in this location. Set this parameter to +# point to the directory, and create a qemu.conf in that location +# +#spice_sasl_dir = "/some/directory/sasl2" + + +# By default, if no graphical front end is configured, libvirt will disable +# QEMU audio output since directly talking to alsa/pulseaudio may not work +# with various security settings. If you know what you're doing, enable +# the setting below and libvirt will passthrough the QEMU_AUDIO_DRV +# environment variable when using nographics. +# +#nographics_allow_host_audio = 1 + + +# Override the port for creating both VNC and SPICE sessions (min). +# This defaults to 5900 and increases for consecutive sessions +# or when ports are occupied, until it hits the maximum. +# +# Minimum must be greater than or equal to 5900 as lower number would +# result into negative vnc display number. +# +# Maximum must be less than 65536, because higher numbers do not make +# sense as a port number. +# +#remote_display_port_min = 5900 +#remote_display_port_max = 65535 + +# VNC WebSocket port policies, same rules apply as with remote display +# ports. VNC WebSockets use similar display <-> port mappings, with +# the exception being that ports starts from 5700 instead of 5900. +# +#remote_websocket_port_min = 5700 +#remote_websocket_port_max = 65535 + +# The default security driver is SELinux. If SELinux is disabled +# on the host, then the security driver will automatically disable +# itself. If you wish to disable QEMU SELinux security driver while +# leaving SELinux enabled for the host in general, then set this +# to 'none' instead. It's also possible to use more than one security +# driver at the same time, for this use a list of names separated by +# comma and delimited by square brackets. For example: +# +# security_driver = [ "selinux", "apparmor" ] +# +# Notes: The DAC security driver is always enabled; as a result, the +# value of security_driver cannot contain "dac". The value "none" is +# a special value; security_driver can be set to that value in +# isolation, but it cannot appear in a list of drivers. +# +#security_driver = "selinux" + +# If set to non-zero, then the default security labeling +# will make guests confined. If set to zero, then guests +# will be unconfined by default. Defaults to 1. +#security_default_confined = 1 + +# If set to non-zero, then attempts to create unconfined +# guests will be blocked. Defaults to 0. +#security_require_confined = 1 + +# The user for QEMU processes run by the system instance. It can be +# specified as a user name or as a user id. The qemu driver will try to +# parse this value first as a name and then, if the name doesn't exist, +# as a user id. +# +# Since a sequence of digits is a valid user name, a leading plus sign +# can be used to ensure that a user id will not be interpreted as a user +# name. +# +# Some examples of valid values are: +# +# user = "qemu" # A user named "qemu" +# user = "+0" # Super user (uid=0) +# user = "100" # A user named "100" or a user with uid=100 +# +#user = "root" + +# The group for QEMU processes run by the system instance. It can be +# specified in a similar way to user. +#group = "root" + +# Whether libvirt should dynamically change file ownership +# to match the configured user/group above. Defaults to 1. +# Set to 0 to disable file ownership changes. +#dynamic_ownership = 1 + + +# What cgroup controllers to make use of with QEMU guests +# +# - 'cpu' - use for schedular tunables +# - 'devices' - use for device whitelisting +# - 'memory' - use for memory tunables +# - 'blkio' - use for block devices I/O tunables +# - 'cpuset' - use for CPUs and memory nodes +# - 'cpuacct' - use for CPUs statistics. +# +# NB, even if configured here, they won't be used unless +# the administrator has mounted cgroups, e.g.: +# +# mkdir /dev/cgroup +# mount -t cgroup -o devices,cpu,memory,blkio,cpuset none /dev/cgroup +# +# They can be mounted anywhere, and different controllers +# can be mounted in different locations. libvirt will detect +# where they are located. +# +#cgroup_controllers = [ "cpu", "devices", "memory", "blkio", "cpuset", "cpuacct" ] + +# This is the basic set of devices allowed / required by +# all virtual machines. +# +# As well as this, any configured block backed disks, +# all sound device, and all PTY devices are allowed. +# +# This will only need setting if newer QEMU suddenly +# wants some device we don't already know about. +# +cgroup_device_acl = [ + "/dev/null", "/dev/full", "/dev/zero", + "/dev/random", "/dev/urandom", + "/dev/ptmx", "/dev/kvm", "/dev/kqemu", + "/dev/rtc", "/dev/hpet", "/dev/vfio/vfio", "/dev/net/tun" +] + + +# The default format for Qemu/KVM guest save images is raw; that is, the +# memory from the domain is dumped out directly to a file. If you have +# guests with a large amount of memory, however, this can take up quite +# a bit of space. If you would like to compress the images while they +# are being saved to disk, you can also set "lzop", "gzip", "bzip2", or "xz" +# for save_image_format. Note that this means you slow down the process of +# saving a domain in order to save disk space; the list above is in descending +# order by performance and ascending order by compression ratio. +# +# save_image_format is used when you use 'virsh save' or 'virsh managedsave' +# at scheduled saving, and it is an error if the specified save_image_format +# is not valid, or the requested compression program can't be found. +# +# dump_image_format is used when you use 'virsh dump' at emergency +# crashdump, and if the specified dump_image_format is not valid, or +# the requested compression program can't be found, this falls +# back to "raw" compression. +# +# snapshot_image_format specifies the compression algorithm of the memory save +# image when an external snapshot of a domain is taken. This does not apply +# on disk image format. It is an error if the specified format isn't valid, +# or the requested compression program can't be found. +# +#save_image_format = "raw" +#dump_image_format = "raw" +#snapshot_image_format = "raw" + +# When a domain is configured to be auto-dumped when libvirtd receives a +# watchdog event from qemu guest, libvirtd will save dump files in directory +# specified by auto_dump_path. Default value is /var/lib/libvirt/qemu/dump +# +#auto_dump_path = "/var/lib/libvirt/qemu/dump" + +# When a domain is configured to be auto-dumped, enabling this flag +# has the same effect as using the VIR_DUMP_BYPASS_CACHE flag with the +# virDomainCoreDump API. That is, the system will avoid using the +# file system cache while writing the dump file, but may cause +# slower operation. +# +#auto_dump_bypass_cache = 0 + +# When a domain is configured to be auto-started, enabling this flag +# has the same effect as using the VIR_DOMAIN_START_BYPASS_CACHE flag +# with the virDomainCreateWithFlags API. That is, the system will +# avoid using the file system cache when restoring any managed state +# file, but may cause slower operation. +# +#auto_start_bypass_cache = 0 + +# If provided by the host and a hugetlbfs mount point is configured, +# a guest may request huge page backing. When this mount point is +# unspecified here, determination of a host mount point in /proc/mounts +# will be attempted. Specifying an explicit mount overrides detection +# of the same in /proc/mounts. Setting the mount point to "" will +# disable guest hugepage backing. +# +# NB, within this mount point, guests will create memory backing files +# in a location of $MOUNTPOINT/libvirt/qemu +# +#hugetlbfs_mount = "/dev/hugepages" + + +# Path to the setuid helper for creating tap devices. This executable +# is used to create <source type='bridge'> interfaces when libvirtd is +# running unprivileged. libvirt invokes the helper directly, instead +# of using "-netdev bridge", for security reasons. +#bridge_helper = "/usr/libexec/qemu-bridge-helper" + + + +# If clear_emulator_capabilities is enabled, libvirt will drop all +# privileged capabilities of the QEmu/KVM emulator. This is enabled by +# default. +# +# Warning: Disabling this option means that a compromised guest can +# exploit the privileges and possibly do damage to the host. +# +#clear_emulator_capabilities = 1 + + +# If enabled, libvirt will have QEMU set its process name to +# "qemu:VM_NAME", where VM_NAME is the name of the VM. The QEMU +# process will appear as "qemu:VM_NAME" in process listings and +# other system monitoring tools. By default, QEMU does not set +# its process title, so the complete QEMU command (emulator and +# its arguments) appear in process listings. +# +#set_process_name = 1 + + +# If max_processes is set to a positive integer, libvirt will use +# it to set the maximum number of processes that can be run by qemu +# user. This can be used to override default value set by host OS. +# The same applies to max_files which sets the limit on the maximum +# number of opened files. +# +#max_processes = 0 +#max_files = 0 + + + +# mac_filter enables MAC addressed based filtering on bridge ports. +# This currently requires ebtables to be installed. +# +#mac_filter = 1 + + +# By default, PCI devices below non-ACS switch are not allowed to be assigned +# to guests. By setting relaxed_acs_check to 1 such devices will be allowed to +# be assigned to guests. +# +#relaxed_acs_check = 1 + + +# If allow_disk_format_probing is enabled, libvirt will probe disk +# images to attempt to identify their format, when not otherwise +# specified in the XML. This is disabled by default. +# +# WARNING: Enabling probing is a security hole in almost all +# deployments. It is strongly recommended that users update their +# guest XML <disk> elements to include <driver type='XXXX'/> +# elements instead of enabling this option. +# +#allow_disk_format_probing = 1 + + +# To enable 'Sanlock' project based locking of the file +# content (to prevent two VMs writing to the same +# disk), uncomment this +# +#lock_manager = "sanlock" + + + +# Set limit of maximum APIs queued on one domain. All other APIs +# over this threshold will fail on acquiring job lock. Specially, +# setting to zero turns this feature off. +# Note, that job lock is per domain. +# +#max_queued = 0 + +################################################################### +# Keepalive protocol: +# This allows qemu driver to detect broken connections to remote +# libvirtd during peer-to-peer migration. A keepalive message is +# sent to the deamon after keepalive_interval seconds of inactivity +# to check if the deamon is still responding; keepalive_count is a +# maximum number of keepalive messages that are allowed to be sent +# to the deamon without getting any response before the connection +# is considered broken. In other words, the connection is +# automatically closed approximately after +# keepalive_interval * (keepalive_count + 1) seconds since the last +# message received from the deamon. If keepalive_interval is set to +# -1, qemu driver will not send keepalive requests during +# peer-to-peer migration; however, the remote libvirtd can still +# send them and source libvirtd will send responses. When +# keepalive_count is set to 0, connections will be automatically +# closed after keepalive_interval seconds of inactivity without +# sending any keepalive messages. +# +#keepalive_interval = 5 +#keepalive_count = 5 + + + +# Use seccomp syscall whitelisting in QEMU. +# 1 = on, 0 = off, -1 = use QEMU default +# Defaults to -1. +# +#seccomp_sandbox = 1 + + + +# Override the listen address for all incoming migrations. Defaults to +# 0.0.0.0 or :: in case if both host and qemu are capable of IPv6. +#migration_address = "127.0.0.1" + + +# Override the port range used for incoming migrations. +# +# Minimum must be greater than 0, however when QEMU is not running as root, +# setting the minimum to be lower than 1024 will not work. +# +# Maximum must not be greater than 65535. +# +#migration_port_min = 49152 +#migration_port_max = 49215 diff --git a/meta-fsl-ppc/virtualization-layer/recipes-extended/libvirt/libvirt_%.bbappend b/meta-fsl-ppc/virtualization-layer/recipes-extended/libvirt/libvirt_%.bbappend new file mode 100644 index 00000000..c7e6d32e --- /dev/null +++ b/meta-fsl-ppc/virtualization-layer/recipes-extended/libvirt/libvirt_%.bbappend @@ -0,0 +1,9 @@ +PACKAGECONFIG_qoriq-ppc = "qemu yajl lxc test remote macvtap libvirtd netcf udev python" + +FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:" +SRC_URI_append_qoriq-ppc = " file://qemu.conf" + +do_install_append_qoriq-ppc() { + install -m 0644 ${WORKDIR}/qemu.conf ${D}${sysconfdir}/libvirt/qemu.conf +} + |