From 25825baec87d746386ed1554e9bc8ad26c69fa7c Mon Sep 17 00:00:00 2001 From: Timo Teräs Date: Fri, 4 Jun 2010 12:15:22 +0300 Subject: main/ipsec-tools: use openssl in oneshot mode Use the highlevel EVP and HMAC functions to calculate oneshot digest and HMAC. This enable the use of crypto accelerators for these operations. --- main/ipsec-tools/90-openssl-oneshot.patch | 210 ++++++++++++++++++++++++++++++ main/ipsec-tools/APKBUILD | 6 +- 2 files changed, 214 insertions(+), 2 deletions(-) create mode 100644 main/ipsec-tools/90-openssl-oneshot.patch (limited to 'main/ipsec-tools') diff --git a/main/ipsec-tools/90-openssl-oneshot.patch b/main/ipsec-tools/90-openssl-oneshot.patch new file mode 100644 index 00000000000..ece12a52dda --- /dev/null +++ b/main/ipsec-tools/90-openssl-oneshot.patch @@ -0,0 +1,210 @@ +Index: src/racoon/crypto_openssl.c +=================================================================== +RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c,v +retrieving revision 1.19 +diff -u -r1.19 crypto_openssl.c +--- a/src/racoon/crypto_openssl.c 29 Apr 2009 10:50:01 -0000 1.19 ++++ b/src/racoon/crypto_openssl.c 4 Jun 2010 09:13:18 -0000 +@@ -1800,6 +1800,42 @@ + return (caddr_t)c; + } + ++static vchar_t *eay_hmac_one(key, data, type) ++ vchar_t *key, *data; ++ const EVP_MD *type; ++{ ++ vchar_t *res; ++ ++ if ((res = vmalloc(EVP_MD_size(type))) == 0) ++ return NULL; ++ ++ if (!HMAC(type, (void *) key->v, key->l, ++ (void *) data->v, data->l, (void *) res->v, NULL)) { ++ vfree(res); ++ return NULL; ++ } ++ ++ return res; ++} ++ ++static vchar_t *eay_digest_one(data, type) ++ vchar_t *data; ++ const EVP_MD *type; ++{ ++ vchar_t *res; ++ ++ if ((res = vmalloc(EVP_MD_size(type))) == 0) ++ return NULL; ++ ++ if (!EVP_Digest((void *) data->v, data->l, ++ (void *) res->v, NULL, type, NULL)) { ++ vfree(res); ++ return NULL; ++ } ++ ++ return res; ++} ++ + #ifdef WITH_SHA2 + /* + * HMAC SHA2-512 +@@ -1808,14 +1844,7 @@ + eay_hmacsha2_512_one(key, data) + vchar_t *key, *data; + { +- vchar_t *res; +- caddr_t ctx; +- +- ctx = eay_hmacsha2_512_init(key); +- eay_hmacsha2_512_update(ctx, data); +- res = eay_hmacsha2_512_final(ctx); +- +- return(res); ++ return eay_hmac_one(key, data, EVP_sha2_512()); + } + + caddr_t +@@ -1865,14 +1894,7 @@ + eay_hmacsha2_384_one(key, data) + vchar_t *key, *data; + { +- vchar_t *res; +- caddr_t ctx; +- +- ctx = eay_hmacsha2_384_init(key); +- eay_hmacsha2_384_update(ctx, data); +- res = eay_hmacsha2_384_final(ctx); +- +- return(res); ++ return eay_hmac_one(key, data, EVP_sha2_384()); + } + + caddr_t +@@ -1922,14 +1944,7 @@ + eay_hmacsha2_256_one(key, data) + vchar_t *key, *data; + { +- vchar_t *res; +- caddr_t ctx; +- +- ctx = eay_hmacsha2_256_init(key); +- eay_hmacsha2_256_update(ctx, data); +- res = eay_hmacsha2_256_final(ctx); +- +- return(res); ++ return eay_hmac_one(key, data, EVP_sha2_256()); + } + + caddr_t +@@ -1980,14 +1995,7 @@ + eay_hmacsha1_one(key, data) + vchar_t *key, *data; + { +- vchar_t *res; +- caddr_t ctx; +- +- ctx = eay_hmacsha1_init(key); +- eay_hmacsha1_update(ctx, data); +- res = eay_hmacsha1_final(ctx); +- +- return(res); ++ return eay_hmac_one(key, data, EVP_sha1()); + } + + caddr_t +@@ -2037,14 +2045,7 @@ + eay_hmacmd5_one(key, data) + vchar_t *key, *data; + { +- vchar_t *res; +- caddr_t ctx; +- +- ctx = eay_hmacmd5_init(key); +- eay_hmacmd5_update(ctx, data); +- res = eay_hmacmd5_final(ctx); +- +- return(res); ++ return eay_hmac_one(key, data, EVP_md5()); + } + + caddr_t +@@ -2130,14 +2131,7 @@ + eay_sha2_512_one(data) + vchar_t *data; + { +- caddr_t ctx; +- vchar_t *res; +- +- ctx = eay_sha2_512_init(); +- eay_sha2_512_update(ctx, data); +- res = eay_sha2_512_final(ctx); +- +- return(res); ++ return eay_digest_one(data, EVP_sha512()); + } + + int +@@ -2190,14 +2184,7 @@ + eay_sha2_384_one(data) + vchar_t *data; + { +- caddr_t ctx; +- vchar_t *res; +- +- ctx = eay_sha2_384_init(); +- eay_sha2_384_update(ctx, data); +- res = eay_sha2_384_final(ctx); +- +- return(res); ++ return eay_digest_one(data, EVP_sha2_384()); + } + + int +@@ -2250,14 +2237,7 @@ + eay_sha2_256_one(data) + vchar_t *data; + { +- caddr_t ctx; +- vchar_t *res; +- +- ctx = eay_sha2_256_init(); +- eay_sha2_256_update(ctx, data); +- res = eay_sha2_256_final(ctx); +- +- return(res); ++ return eay_digest_one(data, EVP_sha2_256()); + } + + int +@@ -2309,14 +2289,7 @@ + eay_sha1_one(data) + vchar_t *data; + { +- caddr_t ctx; +- vchar_t *res; +- +- ctx = eay_sha1_init(); +- eay_sha1_update(ctx, data); +- res = eay_sha1_final(ctx); +- +- return(res); ++ return eay_digest_one(data, EVP_sha1()); + } + + int +@@ -2367,14 +2340,7 @@ + eay_md5_one(data) + vchar_t *data; + { +- caddr_t ctx; +- vchar_t *res; +- +- ctx = eay_md5_init(); +- eay_md5_update(ctx, data); +- res = eay_md5_final(ctx); +- +- return(res); ++ return eay_digest_one(data, EVP_md5()); + } + + int diff --git a/main/ipsec-tools/APKBUILD b/main/ipsec-tools/APKBUILD index 4d8ef0d0c4f..5534d78b7a6 100644 --- a/main/ipsec-tools/APKBUILD +++ b/main/ipsec-tools/APKBUILD @@ -2,7 +2,7 @@ pkgname=ipsec-tools pkgver=0.8_alpha20090903 _myver=0.8-alpha20090903 -pkgrel=8 +pkgrel=9 pkgdesc="User-space IPsec tools for various IPsec implementations" url="http://ipsec-tools.sourceforge.net/" license="BSD" @@ -16,6 +16,7 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$_myver.tar.gz 60-debug-quick.patch initial-contact-fix.diff fd-priorities.patch + 90-openssl-oneshot.patch " _builddir="$srcdir"/$pkgname-$_myver @@ -62,4 +63,5 @@ md5sums="8ec28d4e89c0f5e49ae2caa7463fbcfd ipsec-tools-0.8-alpha20090903.tar.gz 13bda94a598aabf593280e04ea16065d 50-reverse-connect.patch baa13d7f0f48955c792f7fcd42a8587a 60-debug-quick.patch 69e06c5cc3a0c1cc8b10ddc89d1e644b initial-contact-fix.diff -c1e8b8dc80ef4b5d79fece52a4865e68 fd-priorities.patch" +c1e8b8dc80ef4b5d79fece52a4865e68 fd-priorities.patch +11e2c21e443edab17725f74ffeaddb76 90-openssl-oneshot.patch" -- cgit v1.2.3