diff options
Diffstat (limited to 'recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch')
| -rw-r--r-- | recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch | 508 |
1 files changed, 267 insertions, 241 deletions
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch index ab2b7ea..d590789 100644 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch @@ -1,7 +1,7 @@ -From dfd6ba263dc25ea2a4bbc32448b24ca2b1fc40e8 Mon Sep 17 00:00:00 2001 +From e7c630f8417b6f4e1bf2466e545ffe04af2eff00 Mon Sep 17 00:00:00 2001 From: Cristian Stoica <cristian.stoica@freescale.com> Date: Thu, 29 Aug 2013 16:51:18 +0300 -Subject: [PATCH 02/26] eng_cryptodev: add support for TLS algorithms offload +Subject: [PATCH 02/48] eng_cryptodev: add support for TLS algorithms offload - aes-128-cbc-hmac-sha1 - aes-256-cbc-hmac-sha1 @@ -9,309 +9,335 @@ Subject: [PATCH 02/26] eng_cryptodev: add support for TLS algorithms offload Requires TLS patches on cryptodev and TLS algorithm support in Linux kernel driver. -Change-Id: I43048caa348414daddd6c1a5cdc55e769ac1945f Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> -Reviewed-on: http://git.am.freescale.net:8181/17223 --- - crypto/engine/eng_cryptodev.c | 222 +++++++++++++++++++++++++++++++++++++++--- - 1 file changed, 211 insertions(+), 11 deletions(-) + crypto/engine/eng_cryptodev.c | 226 ++++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 215 insertions(+), 11 deletions(-) diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c -index 5a715ac..7588a28 100644 +index 8fb9c33..4d783d4 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c -@@ -72,6 +72,9 @@ ENGINE_load_cryptodev(void) +@@ -71,6 +71,9 @@ void ENGINE_load_cryptodev(void) struct dev_crypto_state { - struct session_op d_sess; - int d_fd; -+ unsigned char *aad; -+ unsigned int aad_len; -+ unsigned int len; - - #ifdef USE_CRYPTODEV_DIGESTS - char dummy_mac_key[HASH_MAX_LEN]; -@@ -140,17 +143,20 @@ static struct { - int nid; - int ivmax; - int keylen; -+ int mackeylen; + struct session_op d_sess; + int d_fd; ++ unsigned char *aad; ++ unsigned int aad_len; ++ unsigned int len; + # ifdef USE_CRYPTODEV_DIGESTS + char dummy_mac_key[HASH_MAX_LEN]; + unsigned char digest_res[HASH_MAX_LEN]; +@@ -141,24 +144,25 @@ static struct { + int nid; + int ivmax; + int keylen; ++ int mackeylen; } ciphers[] = { -- { CRYPTO_ARC4, NID_rc4, 0, 16, }, -- { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, -- { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, -- { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, -- { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, -- { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, -- { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, -- { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, -- { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, -- { 0, NID_undef, 0, 0, }, -+ { CRYPTO_ARC4, NID_rc4, 0, 16, 0}, -+ { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, 0}, -+ { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, 0}, -+ { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, 0}, -+ { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, 0}, -+ { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, 0}, -+ { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, 0}, -+ { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0}, -+ { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0}, -+ { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20}, -+ { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20}, -+ { 0, NID_undef, 0, 0, 0}, + { +- CRYPTO_ARC4, NID_rc4, 0, 16, ++ CRYPTO_ARC4, NID_rc4, 0, 16, 0 + }, + { +- CRYPTO_DES_CBC, NID_des_cbc, 8, 8, ++ CRYPTO_DES_CBC, NID_des_cbc, 8, 8, 0 + }, + { +- CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, ++ CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, 0 + }, + { +- CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, ++ CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, 0 + }, + { +- CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, ++ CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, 0 + }, + { +- CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, ++ CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, 0 + }, + # ifdef CRYPTO_AES_CTR + { +@@ -172,16 +176,22 @@ static struct { + }, + # endif + { +- CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, ++ CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, 0 + }, + { +- CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, ++ CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0 + }, + { +- CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, ++ CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0 + }, + { +- 0, NID_undef, 0, 0, ++ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20 ++ }, ++ { ++ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20 ++ }, ++ { ++ 0, NID_undef, 0, 0, 0 + }, }; - #ifdef USE_CRYPTODEV_DIGESTS -@@ -250,13 +256,15 @@ get_cryptodev_ciphers(const int **cnids) - } - memset(&sess, 0, sizeof(sess)); - sess.key = (caddr_t)"123456789abcdefghijklmno"; -+ sess.mackey = (caddr_t)"123456789ABCDEFGHIJKLMNO"; +@@ -295,13 +305,15 @@ static int get_cryptodev_ciphers(const int **cnids) + } + memset(&sess, 0, sizeof(sess)); + sess.key = (caddr_t) "123456789abcdefghijklmno"; ++ sess.mackey = (caddr_t) "123456789ABCDEFGHIJKLMNO"; - for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { - if (ciphers[i].nid == NID_undef) - continue; - sess.cipher = ciphers[i].id; - sess.keylen = ciphers[i].keylen; -- sess.mac = 0; -+ sess.mackeylen = ciphers[i].mackeylen; + for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { + if (ciphers[i].nid == NID_undef) + continue; + sess.cipher = ciphers[i].id; + sess.keylen = ciphers[i].keylen; +- sess.mac = 0; ++ sess.mackeylen = ciphers[i].mackeylen; + - if (ioctl(fd, CIOCGSESSION, &sess) != -1 && - ioctl(fd, CIOCFSESSION, &sess.ses) != -1) - nids[count++] = ciphers[i].nid; -@@ -414,6 +422,67 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - return (1); + if (ioctl(fd, CIOCGSESSION, &sess) != -1 && + ioctl(fd, CIOCFSESSION, &sess.ses) != -1) + nids[count++] = ciphers[i].nid; +@@ -457,6 +469,66 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + return (1); } -+ +static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -+ const unsigned char *in, size_t len) ++ const unsigned char *in, size_t len) +{ -+ struct crypt_auth_op cryp; -+ struct dev_crypto_state *state = ctx->cipher_data; -+ struct session_op *sess = &state->d_sess; -+ const void *iiv; -+ unsigned char save_iv[EVP_MAX_IV_LENGTH]; ++ struct crypt_auth_op cryp; ++ struct dev_crypto_state *state = ctx->cipher_data; ++ struct session_op *sess = &state->d_sess; ++ const void *iiv; ++ unsigned char save_iv[EVP_MAX_IV_LENGTH]; + -+ if (state->d_fd < 0) -+ return (0); -+ if (!len) -+ return (1); -+ if ((len % ctx->cipher->block_size) != 0) -+ return (0); ++ if (state->d_fd < 0) ++ return (0); ++ if (!len) ++ return (1); ++ if ((len % ctx->cipher->block_size) != 0) ++ return (0); + -+ memset(&cryp, 0, sizeof(cryp)); ++ memset(&cryp, 0, sizeof(cryp)); + -+ /* TODO: make a seamless integration with cryptodev flags */ -+ switch (ctx->cipher->nid) { -+ case NID_aes_128_cbc_hmac_sha1: -+ case NID_aes_256_cbc_hmac_sha1: -+ cryp.flags = COP_FLAG_AEAD_TLS_TYPE; -+ } -+ cryp.ses = sess->ses; -+ cryp.len = state->len; -+ cryp.src = (caddr_t) in; -+ cryp.dst = (caddr_t) out; -+ cryp.auth_src = state->aad; -+ cryp.auth_len = state->aad_len; ++ /* TODO: make a seamless integration with cryptodev flags */ ++ switch (ctx->cipher->nid) { ++ case NID_aes_128_cbc_hmac_sha1: ++ case NID_aes_256_cbc_hmac_sha1: ++ cryp.flags = COP_FLAG_AEAD_TLS_TYPE; ++ } ++ cryp.ses = sess->ses; ++ cryp.len = state->len; ++ cryp.src = (caddr_t) in; ++ cryp.dst = (caddr_t) out; ++ cryp.auth_src = state->aad; ++ cryp.auth_len = state->aad_len; + -+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; ++ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; + -+ if (ctx->cipher->iv_len) { -+ cryp.iv = (caddr_t) ctx->iv; -+ if (!ctx->encrypt) { -+ iiv = in + len - ctx->cipher->iv_len; -+ memcpy(save_iv, iiv, ctx->cipher->iv_len); -+ } -+ } else -+ cryp.iv = NULL; ++ if (ctx->cipher->iv_len) { ++ cryp.iv = (caddr_t) ctx->iv; ++ if (!ctx->encrypt) { ++ iiv = in + len - ctx->cipher->iv_len; ++ memcpy(save_iv, iiv, ctx->cipher->iv_len); ++ } ++ } else ++ cryp.iv = NULL; + -+ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) { -+ /* XXX need better errror handling -+ * this can fail for a number of different reasons. -+ */ -+ return (0); -+ } ++ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) { ++ /* ++ * XXX need better errror handling this can fail for a number of ++ * different reasons. ++ */ ++ return (0); ++ } + -+ if (ctx->cipher->iv_len) { -+ if (ctx->encrypt) -+ iiv = out + len - ctx->cipher->iv_len; -+ else -+ iiv = save_iv; -+ memcpy(ctx->iv, iiv, ctx->cipher->iv_len); -+ } -+ return (1); ++ if (ctx->cipher->iv_len) { ++ if (ctx->encrypt) ++ iiv = out + len - ctx->cipher->iv_len; ++ else ++ iiv = save_iv; ++ memcpy(ctx->iv, iiv, ctx->cipher->iv_len); ++ } ++ return (1); +} + -+ static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -@@ -452,6 +521,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - return (1); + const unsigned char *iv, int enc) +@@ -496,6 +568,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, } -+/* Save the encryption key provided by upper layers. -+ * -+ * This function is called by EVP_CipherInit_ex to initialize the algorithm's -+ * extra data. We can't do much here because the mac key is not available. -+ * The next call should/will be to cryptodev_cbc_hmac_sha1_ctrl with parameter + /* ++ * Save the encryption key provided by upper layers. This function is called ++ * by EVP_CipherInit_ex to initialize the algorithm's extra data. We can't do ++ * much here because the mac key is not available. The next call should/will ++ * be to cryptodev_cbc_hmac_sha1_ctrl with parameter + * EVP_CTRL_AEAD_SET_MAC_KEY, to set the hmac key. There we call CIOCGSESSION + * with both the crypto and hmac keys. + */ +static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx, -+ const unsigned char *key, const unsigned char *iv, int enc) ++ const unsigned char *key, ++ const unsigned char *iv, int enc) +{ -+ struct dev_crypto_state *state = ctx->cipher_data; -+ struct session_op *sess = &state->d_sess; -+ int cipher = -1, i; ++ struct dev_crypto_state *state = ctx->cipher_data; ++ struct session_op *sess = &state->d_sess; ++ int cipher = -1, i; + -+ for (i = 0; ciphers[i].id; i++) -+ if (ctx->cipher->nid == ciphers[i].nid && -+ ctx->cipher->iv_len <= ciphers[i].ivmax && -+ ctx->key_len == ciphers[i].keylen) { -+ cipher = ciphers[i].id; -+ break; -+ } ++ for (i = 0; ciphers[i].id; i++) ++ if (ctx->cipher->nid == ciphers[i].nid && ++ ctx->cipher->iv_len <= ciphers[i].ivmax && ++ ctx->key_len == ciphers[i].keylen) { ++ cipher = ciphers[i].id; ++ break; ++ } + -+ if (!ciphers[i].id) { -+ state->d_fd = -1; -+ return (0); -+ } ++ if (!ciphers[i].id) { ++ state->d_fd = -1; ++ return (0); ++ } + -+ memset(sess, 0, sizeof(struct session_op)); ++ memset(sess, 0, sizeof(struct session_op)); + -+ sess->key = (caddr_t)key; -+ sess->keylen = ctx->key_len; -+ sess->cipher = cipher; ++ sess->key = (caddr_t) key; ++ sess->keylen = ctx->key_len; ++ sess->cipher = cipher; + -+ /* for whatever reason, (1) means success */ -+ return (1); ++ /* for whatever reason, (1) means success */ ++ return (1); +} + -+ - /* ++/* * free anything we allocated earlier when initting a * session, and close the session. -@@ -488,6 +596,63 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx) - return (ret); + */ +@@ -529,6 +640,63 @@ static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx) + return (ret); } -+static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, -+ void *ptr) ++static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, ++ int arg, void *ptr) +{ -+ switch (type) { -+ case EVP_CTRL_AEAD_SET_MAC_KEY: -+ { -+ /* TODO: what happens with hmac keys larger than 64 bytes? */ -+ struct dev_crypto_state *state = ctx->cipher_data; -+ struct session_op *sess = &state->d_sess; ++ switch (type) { ++ case EVP_CTRL_AEAD_SET_MAC_KEY: ++ { ++ /* TODO: what happens with hmac keys larger than 64 bytes? */ ++ struct dev_crypto_state *state = ctx->cipher_data; ++ struct session_op *sess = &state->d_sess; + -+ if ((state->d_fd = get_dev_crypto()) < 0) -+ return (0); ++ if ((state->d_fd = get_dev_crypto()) < 0) ++ return (0); + -+ /* the rest should have been set in cryptodev_init_aead_key */ -+ sess->mackey = ptr; -+ sess->mackeylen = arg; ++ /* the rest should have been set in cryptodev_init_aead_key */ ++ sess->mackey = ptr; ++ sess->mackeylen = arg; + -+ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { -+ put_dev_crypto(state->d_fd); -+ state->d_fd = -1; -+ return (0); -+ } -+ return (1); -+ } -+ case EVP_CTRL_AEAD_TLS1_AAD: -+ { -+ /* ptr points to the associated data buffer of 13 bytes */ -+ struct dev_crypto_state *state = ctx->cipher_data; -+ unsigned char *p = ptr; -+ unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1]; -+ unsigned int maclen, padlen; -+ unsigned int bs = ctx->cipher->block_size; ++ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { ++ put_dev_crypto(state->d_fd); ++ state->d_fd = -1; ++ return (0); ++ } ++ return (1); ++ } ++ case EVP_CTRL_AEAD_TLS1_AAD: ++ { ++ /* ptr points to the associated data buffer of 13 bytes */ ++ struct dev_crypto_state *state = ctx->cipher_data; ++ unsigned char *p = ptr; ++ unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1]; ++ unsigned int maclen, padlen; ++ unsigned int bs = ctx->cipher->block_size; + -+ state->aad = ptr; -+ state->aad_len = arg; -+ state->len = cryptlen; ++ state->aad = ptr; ++ state->aad_len = arg; ++ state->len = cryptlen; + -+ /* TODO: this should be an extension of EVP_CIPHER struct */ -+ switch (ctx->cipher->nid) { -+ case NID_aes_128_cbc_hmac_sha1: -+ case NID_aes_256_cbc_hmac_sha1: -+ maclen = SHA_DIGEST_LENGTH; -+ } ++ /* TODO: this should be an extension of EVP_CIPHER struct */ ++ switch (ctx->cipher->nid) { ++ case NID_aes_128_cbc_hmac_sha1: ++ case NID_aes_256_cbc_hmac_sha1: ++ maclen = SHA_DIGEST_LENGTH; ++ } + -+ /* space required for encryption (not only TLS padding) */ -+ padlen = maclen; -+ if (ctx->encrypt) { -+ cryptlen += maclen; -+ padlen += bs - (cryptlen % bs); -+ } -+ return padlen; -+ } -+ default: -+ return -1; -+ } ++ /* space required for encryption (not only TLS padding) */ ++ padlen = maclen; ++ if (ctx->encrypt) { ++ cryptlen += maclen; ++ padlen += bs - (cryptlen % bs); ++ } ++ return padlen; ++ } ++ default: ++ return -1; ++ } +} + /* * libcrypto EVP stuff - this is how we get wired to EVP so the engine * gets called when libcrypto requests a cipher NID. -@@ -600,6 +765,33 @@ const EVP_CIPHER cryptodev_aes_256_cbc = { - NULL +@@ -641,6 +809,34 @@ const EVP_CIPHER cryptodev_aes_256_cbc = { + NULL }; +const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = { -+ NID_aes_128_cbc_hmac_sha1, -+ 16, 16, 16, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, -+ cryptodev_init_aead_key, -+ cryptodev_aead_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_cbc_hmac_sha1_ctrl, -+ NULL ++ NID_aes_128_cbc_hmac_sha1, ++ 16, 16, 16, ++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, ++ cryptodev_init_aead_key, ++ cryptodev_aead_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ cryptodev_cbc_hmac_sha1_ctrl, ++ NULL +}; + +const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = { -+ NID_aes_256_cbc_hmac_sha1, -+ 16, 32, 16, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, -+ cryptodev_init_aead_key, -+ cryptodev_aead_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ cryptodev_cbc_hmac_sha1_ctrl, -+ NULL ++ NID_aes_256_cbc_hmac_sha1, ++ 16, 32, 16, ++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, ++ cryptodev_init_aead_key, ++ cryptodev_aead_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ cryptodev_cbc_hmac_sha1_ctrl, ++ NULL +}; - /* - * Registered by the ENGINE when used to find out how to deal with - * a particular NID in the ENGINE. this says what we'll do at the -@@ -637,6 +829,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - case NID_aes_256_cbc: - *cipher = &cryptodev_aes_256_cbc; - break; -+ case NID_aes_128_cbc_hmac_sha1: -+ *cipher = &cryptodev_aes_128_cbc_hmac_sha1; -+ break; -+ case NID_aes_256_cbc_hmac_sha1: -+ *cipher = &cryptodev_aes_256_cbc_hmac_sha1; -+ break; - default: - *cipher = NULL; - break; -@@ -1384,6 +1582,8 @@ ENGINE_load_cryptodev(void) - } - put_dev_crypto(fd); ++ + # ifdef CRYPTO_AES_CTR + const EVP_CIPHER cryptodev_aes_ctr = { + NID_aes_128_ctr, +@@ -729,6 +925,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, + *cipher = &cryptodev_aes_ctr_256; + break; + # endif ++ case NID_aes_128_cbc_hmac_sha1: ++ *cipher = &cryptodev_aes_128_cbc_hmac_sha1; ++ break; ++ case NID_aes_256_cbc_hmac_sha1: ++ *cipher = &cryptodev_aes_256_cbc_hmac_sha1; ++ break; + default: + *cipher = NULL; + break; +@@ -1472,6 +1674,8 @@ void ENGINE_load_cryptodev(void) + } + put_dev_crypto(fd); -+ EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); -+ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); - if (!ENGINE_set_id(engine, "cryptodev") || - !ENGINE_set_name(engine, "BSD cryptodev engine") || - !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || ++ EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); ++ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); + if (!ENGINE_set_id(engine, "cryptodev") || + !ENGINE_set_name(engine, "BSD cryptodev engine") || + !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || -- -2.3.5 +2.7.0 |