From 14d6af30d13d05772490498ae4cb1da677e9cc81 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sat, 25 Feb 2012 00:48:25 +0100
Subject: [PATCH] added patch to make openssl digests operational.

---
 extras/openssl-digests.patch | 191 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 191 insertions(+)
 create mode 100644 extras/openssl-digests.patch

diff --git a/extras/openssl-digests.patch b/extras/openssl-digests.patch
new file mode 100644
index 0000000..c81bf7f
--- /dev/null
+++ b/extras/openssl-digests.patch
@@ -0,0 +1,191 @@
+Index: ./crypto/engine/eng_cryptodev.c
+===================================================================
+RCS file: /v/openssl/cvs/openssl/crypto/engine/eng_cryptodev.c,v
+retrieving revision 1.23
+diff -u -r1.23 eng_cryptodev.c
+--- ./crypto/engine/eng_cryptodev.c	3 Mar 2010 15:30:42 -0000	1.23
++++ ./crypto/engine/eng_cryptodev.c	24 Feb 2012 23:41:51 -0000
+@@ -79,8 +79,6 @@
+ 	unsigned char digest_res[HASH_MAX_LEN];
+ 	char *mac_data;
+ 	int mac_len;
+-
+-	int copy;
+ #endif
+ };
+ 
+@@ -200,6 +198,7 @@
+ 
+ 	if ((fd = open_dev_crypto()) == -1)
+ 		return (-1);
++#ifndef CRIOGET_NOT_NEEDED
+ 	if (ioctl(fd, CRIOGET, &retfd) == -1)
+ 		return (-1);
+ 
+@@ -208,9 +207,19 @@
+ 		close(retfd);
+ 		return (-1);
+ 	}
++#else
++        retfd = fd;
++#endif
+ 	return (retfd);
+ }
+ 
++static void put_dev_crypto(int fd)
++{
++#ifndef CRIOGET_NOT_NEEDED
++	close(fd);
++#endif
++}
++
+ /* Caching version for asym operations */
+ static int
+ get_asym_dev_crypto(void)
+@@ -252,7 +261,7 @@
+ 		    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+ 			nids[count++] = ciphers[i].nid;
+ 	}
+-	close(fd);
++	put_dev_crypto(fd);
+ 
+ 	if (count > 0)
+ 		*cnids = nids;
+@@ -291,7 +300,7 @@
+ 		    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+ 			nids[count++] = digests[i].nid;
+ 	}
+-	close(fd);
++	put_dev_crypto(fd);
+ 
+ 	if (count > 0)
+ 		*cnids = nids;
+@@ -436,7 +445,7 @@
+ 	sess->cipher = cipher;
+ 
+ 	if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
+-		close(state->d_fd);
++		put_dev_crypto(state->d_fd);
+ 		state->d_fd = -1;
+ 		return (0);
+ 	}
+@@ -473,7 +482,7 @@
+ 	} else {
+ 		ret = 1;
+ 	}
+-	close(state->d_fd);
++	put_dev_crypto(state->d_fd);
+ 	state->d_fd = -1;
+ 
+ 	return (ret);
+@@ -686,7 +695,7 @@
+ 	sess->mac = digest;
+ 
+ 	if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
+-		close(state->d_fd);
++		put_dev_crypto(state->d_fd);
+ 		state->d_fd = -1;
+ 		printf("cryptodev_digest_init: Open session failed\n");
+ 		return (0);
+@@ -758,14 +767,12 @@
+ 	if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
+ 		/* if application doesn't support one buffer */
+ 		memset(&cryp, 0, sizeof(cryp));
+-
+ 		cryp.ses = sess->ses;
+ 		cryp.flags = 0;
+ 		cryp.len = state->mac_len;
+ 		cryp.src = state->mac_data;
+ 		cryp.dst = NULL;
+ 		cryp.mac = (caddr_t)md;
+-
+ 		if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+ 			printf("cryptodev_digest_final: digest failed\n");
+ 			return (0);
+@@ -786,6 +793,9 @@
+ 	struct dev_crypto_state *state = ctx->md_data;
+ 	struct session_op *sess = &state->d_sess;
+ 
++	if (state == NULL)
++	  return 0;
++
+ 	if (state->d_fd < 0) {
+ 		printf("cryptodev_digest_cleanup: illegal input\n");
+ 		return (0);
+@@ -797,16 +807,13 @@
+ 		state->mac_len = 0;
+ 	}
+ 
+-	if (state->copy)
+-		return 1;
+-
+ 	if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
+ 		printf("cryptodev_digest_cleanup: failed to close session\n");
+ 		ret = 0;
+ 	} else {
+ 		ret = 1;
+ 	}
+-	close(state->d_fd);	
++	put_dev_crypto(state->d_fd);	
+ 	state->d_fd = -1;
+ 
+ 	return (ret);
+@@ -816,15 +823,39 @@
+ {
+ 	struct dev_crypto_state *fstate = from->md_data;
+ 	struct dev_crypto_state *dstate = to->md_data;
++	struct session_op *sess;
++	int digest;
+ 
+-	memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
++	if (dstate == NULL || fstate == NULL)
++	  return 1;
+ 
+-	if (fstate->mac_len != 0) {
+-		dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
+-		memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
++       	memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
++
++	sess = &dstate->d_sess;
++
++	digest = digest_nid_to_cryptodev(to->digest->type);
++
++	sess->mackey = dstate->dummy_mac_key;
++	sess->mackeylen = digest_key_length(to->digest->type);
++	sess->mac = digest;
++
++	dstate->d_fd = get_dev_crypto();
++
++	if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
++		put_dev_crypto(dstate->d_fd);
++		dstate->d_fd = -1;
++		printf("cryptodev_digest_init: Open session failed\n");
++		return (0);
+ 	}
+ 
+-	dstate->copy = 1;
++	if (fstate->mac_len != 0) {
++	        if (fstate->mac_data != NULL)
++	                {
++        		dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
++	        	memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
++           		dstate->mac_len = fstate->mac_len;
++	        	}
++	}
+ 
+ 	return 1;
+ }
+@@ -1347,11 +1378,11 @@
+ 	 * find out what asymmetric crypto algorithms we support
+ 	 */
+ 	if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
+-		close(fd);
++		put_dev_crypto(fd);
+ 		ENGINE_free(engine);
+ 		return;
+ 	}
+-	close(fd);
++	put_dev_crypto(fd);
+ 
+ 	if (!ENGINE_set_id(engine, "cryptodev") ||
+ 	    !ENGINE_set_name(engine, "BSD cryptodev engine") ||
-- 
2.11.4.GIT