[csw-devel] SF.net SVN: gar:[17918] csw/mgar/pkg/openssl1/trunk/files/pkcs11_engine-1.0 .1b.patch.2012-04-30
chninkel at users.sourceforge.net
chninkel at users.sourceforge.net
Tue May 1 21:40:59 CEST 2012
Revision: 17918
http://gar.svn.sourceforge.net/gar/?rev=17918&view=rev
Author: chninkel
Date: 2012-05-01 19:40:59 +0000 (Tue, 01 May 2012)
Log Message:
-----------
openssl1/trunk: removed dynamic NID assignment for AES counter algo as this is not necessary in openssl 1.0
Modified Paths:
--------------
csw/mgar/pkg/openssl1/trunk/files/pkcs11_engine-1.0.1b.patch.2012-04-30
Modified: csw/mgar/pkg/openssl1/trunk/files/pkcs11_engine-1.0.1b.patch.2012-04-30
===================================================================
--- csw/mgar/pkg/openssl1/trunk/files/pkcs11_engine-1.0.1b.patch.2012-04-30 2012-05-01 14:36:42 UTC (rev 17917)
+++ csw/mgar/pkg/openssl1/trunk/files/pkcs11_engine-1.0.1b.patch.2012-04-30 2012-05-01 19:40:59 UTC (rev 17918)
@@ -300,7 +300,7 @@
diff -uNr openssl-0.9.8o.orig//crypto/engine/hw_pk11.c openssl-0.9.8o//crypto/engine/hw_pk11.c
--- openssl-0.9.8o.orig//crypto/engine/hw_pk11.c 1970-01-01 01:00:00.000000000 +0100
+++ openssl-0.9.8o//crypto/engine/hw_pk11.c 2010-09-04 00:22:06.552558696 +0200
-@@ -0,0 +1,3813 @@
+@@ -0,0 +1,3708 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
+ * Use is subject to license terms.
@@ -416,32 +416,13 @@
+#define SOLARIS_HW_SLOT_SELECTION
+#endif
+
-+/*
-+ * AES counter mode is not supported in the OpenSSL EVP API yet and neither
-+ * there are official OIDs for mechanisms based on this mode. With our changes,
-+ * an application can define its own EVP calls for AES counter mode and then
-+ * it can make use of hardware acceleration through this engine. However, it's
-+ * better if we keep AES CTR support code under ifdef's.
-+ */
-+#define SOLARIS_AES_CTR
-+
+#include "cryptoki.h"
+#include "pkcs11.h"
+#include "hw_pk11.h"
+#include "hw_pk11_uri.h"
+#include "hw_pk11_err.c"
+
-+#ifdef SOLARIS_AES_CTR
+/*
-+ * NIDs for AES counter mode that will be defined during the engine
-+ * initialization.
-+ */
-+int NID_aes_128_ctr = NID_undef;
-+int NID_aes_192_ctr = NID_undef;
-+int NID_aes_256_ctr = NID_undef;
-+#endif /* SOLARIS_AES_CTR */
-+
-+/*
+ * We use this lock to prevent multiple C_Login()s, guard getpassphrase(),
+ * uri_struct manipulation, and static token info. All of that is used by the
+ * RSA keys by reference feature.
@@ -549,10 +530,6 @@
+
+/* Symmetric cipher and digest support functions */
+static int cipher_nid_to_pk11(int nid);
-+#ifdef SOLARIS_AES_CTR
-+static int pk11_add_NID(char *sn, char *ln);
-+static int pk11_add_aes_ctr_NIDs(void);
-+#endif /* SOLARIS_AES_CTR */
+static int pk11_usable_ciphers(const int **nids);
+static int pk11_usable_digests(const int **nids);
+static int pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -613,11 +590,9 @@
+ PK11_AES_192_ECB,
+ PK11_AES_256_ECB,
+ PK11_BLOWFISH_CBC,
-+#ifdef SOLARIS_AES_CTR
+ PK11_AES_128_CTR,
+ PK11_AES_192_CTR,
+ PK11_AES_256_CTR,
-+#endif /* SOLARIS_AES_CTR */
+ PK11_CIPHER_MAX
+};
+
@@ -691,15 +666,13 @@
+ CKK_AES, CKM_AES_ECB, },
+ { PK11_BLOWFISH_CBC, NID_bf_cbc, 8, 16, 16,
+ CKK_BLOWFISH, CKM_BLOWFISH_CBC, },
-+#ifdef SOLARIS_AES_CTR
+ /* we don't know the correct NIDs until the engine is initialized */
-+ { PK11_AES_128_CTR, NID_undef, 16, 16, 16,
++ { PK11_AES_128_CTR, NID_aes_128_ctr, 16, 16, 16,
+ CKK_AES, CKM_AES_CTR, },
-+ { PK11_AES_192_CTR, NID_undef, 16, 24, 24,
++ { PK11_AES_192_CTR, NID_aes_192_ctr, 16, 24, 24,
+ CKK_AES, CKM_AES_CTR, },
-+ { PK11_AES_256_CTR, NID_undef, 16, 32, 32,
++ { PK11_AES_256_CTR, NID_aes_256_ctr, 16, 32, 32,
+ CKK_AES, CKM_AES_CTR, },
-+#endif /* SOLARIS_AES_CTR */
+ };
+
+typedef struct PK11_DIGEST_st
@@ -889,15 +862,9 @@
+ NULL
+ };
+
-+#ifdef SOLARIS_AES_CTR
-+/*
-+ * NID_undef's will be changed to the AES counter mode NIDs as soon they are
-+ * created in pk11_library_init(). Note that the need to change these structures
-+ * is the reason why we don't define them with the const keyword.
-+ */
-+static EVP_CIPHER pk11_aes_128_ctr =
++static const EVP_CIPHER pk11_aes_128_ctr =
+ {
-+ NID_undef,
++ NID_aes_128_ctr,
+ 16, 16, 16,
+ EVP_CIPH_CBC_MODE,
+ pk11_cipher_init,
@@ -909,9 +876,9 @@
+ NULL
+ };
+
-+static EVP_CIPHER pk11_aes_192_ctr =
++static const EVP_CIPHER pk11_aes_192_ctr =
+ {
-+ NID_undef,
++ NID_aes_192_ctr,
+ 16, 24, 16,
+ EVP_CIPH_CBC_MODE,
+ pk11_cipher_init,
@@ -923,9 +890,9 @@
+ NULL
+ };
+
-+static EVP_CIPHER pk11_aes_256_ctr =
++static const EVP_CIPHER pk11_aes_256_ctr =
+ {
-+ NID_undef,
++ NID_aes_256_ctr,
+ 16, 32, 16,
+ EVP_CIPH_CBC_MODE,
+ pk11_cipher_init,
@@ -936,7 +903,6 @@
+ EVP_CIPHER_get_asn1_iv,
+ NULL
+ };
-+#endif /* SOLARIS_AES_CTR */
+
+static const EVP_CIPHER pk11_bf_cbc =
+ {
@@ -1513,15 +1479,6 @@
+ goto err;
+ }
+
-+#ifdef SOLARIS_AES_CTR
-+ /*
-+ * We must do this before we start working with slots since we need all
-+ * NIDs there.
-+ */
-+ if (pk11_add_aes_ctr_NIDs() == 0)
-+ goto err;
-+#endif /* SOLARIS_AES_CTR */
-+
+#ifdef SOLARIS_HW_SLOT_SELECTION
+ if (check_hw_mechanisms() == 0)
+ goto err;
@@ -2583,9 +2540,7 @@
+ PK11_SESSION *sp, CK_MECHANISM_PTR pmech)
+ {
+ CK_RV rv;
-+#ifdef SOLARIS_AES_CTR
+ CK_AES_CTR_PARAMS ctr_params;
-+#endif /* SOLARIS_AES_CTR */
+
+ /*
+ * We expect pmech->mechanism to be already set and
@@ -2596,7 +2551,6 @@
+ OPENSSL_assert(pmech->pParameter == NULL);
+ OPENSSL_assert(pmech->ulParameterLen == 0);
+
-+#ifdef SOLARIS_AES_CTR
+ if (ctx->cipher->nid == NID_aes_128_ctr ||
+ ctx->cipher->nid == NID_aes_192_ctr ||
+ ctx->cipher->nid == NID_aes_256_ctr)
@@ -2616,7 +2570,6 @@
+ (void) memcpy(ctr_params.cb, ctx->iv, AES_BLOCK_SIZE);
+ }
+ else
-+#endif /* SOLARIS_AES_CTR */
+ {
+ if (pcipher->iv_len > 0)
+ {
@@ -2942,20 +2895,16 @@
+ case NID_rc4:
+ *cipher = &pk11_rc4;
+ break;
++ case NID_aes_128_ctr:
++ *cipher = &pk11_aes_128_ctr;
++ break;
++ case NID_aes_192\xC3_ctr:
++ *cipher = &pk11_aes_192_ctr;
++ break;
++ case NID_aes_256_ctr:
++ *cipher = &pk11_aes_256_ctr;
++ break;
+ default:
-+#ifdef SOLARIS_AES_CTR
-+ /*
-+ * These can't be in separated cases because the NIDs
-+ * here are not constants.
-+ */
-+ if (nid == NID_aes_128_ctr)
-+ *cipher = &pk11_aes_128_ctr;
-+ else if (nid == NID_aes_192_ctr)
-+ *cipher = &pk11_aes_192_ctr;
-+ else if (nid == NID_aes_256_ctr)
-+ *cipher = &pk11_aes_256_ctr;
-+ else
-+#endif /* SOLARIS_AES_CTR */
+ *cipher = NULL;
+ break;
+ }
@@ -3775,60 +3724,6 @@
+ return;
+ }
+
-+#ifdef SOLARIS_AES_CTR
-+/* create a new NID when we have no OID for that mechanism */
-+static int pk11_add_NID(char *sn, char *ln)
-+ {
-+ ASN1_OBJECT *o;
-+ int nid;
-+
-+ if ((o = ASN1_OBJECT_create(OBJ_new_nid(1), (unsigned char *)"",
-+ 1, sn, ln)) == NULL)
-+ {
-+ return (0);
-+ }
-+
-+ /* will return NID_undef on error */
-+ nid = OBJ_add_object(o);
-+ ASN1_OBJECT_free(o);
-+
-+ return (nid);
-+ }
-+
-+/*
-+ * Create new NIDs for AES counter mode. OpenSSL doesn't support them now so we
-+ * have to help ourselves here.
-+ */
-+static int pk11_add_aes_ctr_NIDs(void)
-+ {
-+ /* are we already set? */
-+ if (NID_aes_256_ctr != NID_undef)
-+ return (1);
-+
-+ /*
-+ * There are no official names for AES counter modes yet so we just
-+ * follow the format of those that exist.
-+ */
-+ if ((NID_aes_128_ctr = pk11_add_NID("AES-128-CTR", "aes-128-ctr")) ==
-+ NID_undef)
-+ goto err;
-+ ciphers[PK11_AES_128_CTR].nid = pk11_aes_128_ctr.nid = NID_aes_128_ctr;
-+ if ((NID_aes_192_ctr = pk11_add_NID("AES-192-CTR", "aes-192-ctr")) ==
-+ NID_undef)
-+ goto err;
-+ ciphers[PK11_AES_192_CTR].nid = pk11_aes_192_ctr.nid = NID_aes_192_ctr;
-+ if ((NID_aes_256_ctr = pk11_add_NID("AES-256-CTR", "aes-256-ctr")) ==
-+ NID_undef)
-+ goto err;
-+ ciphers[PK11_AES_256_CTR].nid = pk11_aes_256_ctr.nid = NID_aes_256_ctr;
-+ return (1);
-+
-+err:
-+ PK11err(PK11_F_ADD_AES_CTR_NIDS, PK11_R_ADD_NID_FAILED);
-+ return (0);
-+ }
-+#endif /* SOLARIS_AES_CTR */
-+
+/* Find what symmetric ciphers this slot supports. */
+static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist,
+ CK_SLOT_ID current_slot, int *current_slot_n_cipher, int *local_cipher_nids)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
More information about the devel
mailing list