This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, kernel-update has been updated via 10e5b8609463e4957cb58b7ad5de7550ade24c84 (commit) via 4b80e9c54258a573e954a67cfd7635732f7af78d (commit) via 6d1f929a060201df18cac385477610f472a732a8 (commit) via 16e54df92eb2bd7ce7dbcd2989a69ff5fde068ac (commit) via 903d87f49166de7dd0b085fb98282b813203f302 (commit) via cd7507011b3cd82b03768e3a12550029068fc736 (commit) via e715467b498e7d85b2dcb6d4eb40e98597bd053e (commit) from 13c69eff1c58b28076962bb7ecad280eb57a8d18 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 10e5b8609463e4957cb58b7ad5de7550ade24c84 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Mar 31 11:22:20 2012 +0200
pciutils: fix database location on arm.
commit 4b80e9c54258a573e954a67cfd7635732f7af78d Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Mar 31 11:21:15 2012 +0200
cryptodev: update to 1.4.
commit 6d1f929a060201df18cac385477610f472a732a8 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Mar 31 11:20:27 2012 +0200
openssl: fix aes accleration via cryptodev.
commit 16e54df92eb2bd7ce7dbcd2989a69ff5fde068ac Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Mar 31 11:17:17 2012 +0200
kernel: kirkwood cfg - compile rtc into kernel
commit 903d87f49166de7dd0b085fb98282b813203f302 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Mar 31 11:14:08 2012 +0200
kernel: update to 2.6.32.59.
also add mv_cesa cryptochip patches for kirkwood soc.
commit cd7507011b3cd82b03768e3a12550029068fc736 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Mar 21 00:12:47 2012 +0100
kernel: omap - add reboot and rtc-irq patch.
commit e715467b498e7d85b2dcb6d4eb40e98597bd053e Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Mar 20 14:55:19 2012 +0100
kernel: omap add ipp2p patch for kernel3.0.
-----------------------------------------------------------------------
Summary of changes: .../kernel/kernel.config.armv5tel-ipfire-kirkwood | 77 +- config/kernel/kernel.config.armv5tel-ipfire-omap | 1 + lfs/cryptodev | 12 +- lfs/linux | 9 +- lfs/linux3 | 6 +- lfs/openssl | 7 +- lfs/pciutils | 12 +- src/patches/linux-2.6.32-crypto-mv_cesa.patch | 647 ++++++++++++++ src/patches/linux-2.6.40-pandaboard-reboot.patch | 29 + .../linux-2.6.40-pandaboard-rtc-twl-irq.patch | 27 + ...ng.patch => linux-3.0-ipp2p-0.8.2-ipfire.patch} | 68 +- src/patches/openssl-0.9.8u-cryptodev.patch | 882 ++++++++++++++++++++ 12 files changed, 1682 insertions(+), 95 deletions(-) create mode 100644 src/patches/linux-2.6.32-crypto-mv_cesa.patch create mode 100644 src/patches/linux-2.6.40-pandaboard-reboot.patch create mode 100644 src/patches/linux-2.6.40-pandaboard-rtc-twl-irq.patch copy src/patches/{linux-2.6.32.8-ipp2p-0.8.2-pomng.patch => linux-3.0-ipp2p-0.8.2-ipfire.patch} (93%) create mode 100644 src/patches/openssl-0.9.8u-cryptodev.patch
Difference in files: diff --git a/config/kernel/kernel.config.armv5tel-ipfire-kirkwood b/config/kernel/kernel.config.armv5tel-ipfire-kirkwood index dace245..f309e7c 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-kirkwood +++ b/config/kernel/kernel.config.armv5tel-ipfire-kirkwood @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit -# Linux kernel version: 2.6.32.57 -# Fri Mar 2 20:47:53 2012 +# Linux kernel version: 2.6.32.59-ipfire-kirkwood +# Sat Mar 31 11:04:12 2012 # CONFIG_ARM=y CONFIG_SYS_SUPPORTS_APM_EMULATION=y @@ -1799,7 +1799,6 @@ CONFIG_IPMI_WATCHDOG=m CONFIG_IPMI_POWEROFF=m CONFIG_HW_RANDOM=m CONFIG_HW_RANDOM_TIMERIOMEM=m -CONFIG_NVRAM=m # CONFIG_R3964 is not set # CONFIG_APPLICOM is not set
@@ -2884,7 +2883,10 @@ CONFIG_LEDS_TRIGGER_NETDEV=m # CONFIG_ACCESSIBILITY is not set # CONFIG_INFINIBAND is not set CONFIG_RTC_LIB=y -CONFIG_RTC_CLASS=m +CONFIG_RTC_CLASS=y +CONFIG_RTC_HCTOSYS=y +CONFIG_RTC_HCTOSYS_DEVICE="rtc0" +# CONFIG_RTC_DEBUG is not set
# # RTC interfaces @@ -2893,26 +2895,25 @@ CONFIG_RTC_INTF_SYSFS=y CONFIG_RTC_INTF_PROC=y CONFIG_RTC_INTF_DEV=y # CONFIG_RTC_INTF_DEV_UIE_EMUL is not set -CONFIG_RTC_DRV_TEST=m +# CONFIG_RTC_DRV_TEST is not set
# # I2C RTC drivers # -CONFIG_RTC_DRV_DS1307=m -CONFIG_RTC_DRV_DS1374=m -CONFIG_RTC_DRV_DS1672=m -CONFIG_RTC_DRV_MAX6900=m -CONFIG_RTC_DRV_RS5C372=m -CONFIG_RTC_DRV_ISL1208=m -CONFIG_RTC_DRV_X1205=m -CONFIG_RTC_DRV_PCF8563=m -CONFIG_RTC_DRV_PCF8583=m -CONFIG_RTC_DRV_M41T80=m -# CONFIG_RTC_DRV_M41T80_WDT is not set -CONFIG_RTC_DRV_S35390A=m -CONFIG_RTC_DRV_FM3130=m -CONFIG_RTC_DRV_RX8581=m -CONFIG_RTC_DRV_RX8025=m +# CONFIG_RTC_DRV_DS1307 is not set +# CONFIG_RTC_DRV_DS1374 is not set +# CONFIG_RTC_DRV_DS1672 is not set +# CONFIG_RTC_DRV_MAX6900 is not set +# CONFIG_RTC_DRV_RS5C372 is not set +# CONFIG_RTC_DRV_ISL1208 is not set +# CONFIG_RTC_DRV_X1205 is not set +# CONFIG_RTC_DRV_PCF8563 is not set +# CONFIG_RTC_DRV_PCF8583 is not set +# CONFIG_RTC_DRV_M41T80 is not set +# CONFIG_RTC_DRV_S35390A is not set +# CONFIG_RTC_DRV_FM3130 is not set +# CONFIG_RTC_DRV_RX8581 is not set +# CONFIG_RTC_DRV_RX8025 is not set
# # SPI RTC drivers @@ -2921,26 +2922,26 @@ CONFIG_RTC_DRV_RX8025=m # # Platform RTC drivers # -CONFIG_RTC_DRV_CMOS=m -CONFIG_RTC_DRV_DS1286=m -CONFIG_RTC_DRV_DS1511=m -CONFIG_RTC_DRV_DS1553=m -CONFIG_RTC_DRV_DS1742=m -CONFIG_RTC_DRV_STK17TA8=m -CONFIG_RTC_DRV_M48T86=m -CONFIG_RTC_DRV_M48T35=m -CONFIG_RTC_DRV_M48T59=m -CONFIG_RTC_DRV_BQ4802=m -CONFIG_RTC_DRV_V3020=m -CONFIG_RTC_DRV_WM831X=m -CONFIG_RTC_DRV_WM8350=m -CONFIG_RTC_DRV_PCF50633=m -CONFIG_RTC_DRV_AB3100=m +# CONFIG_RTC_DRV_CMOS is not set +# CONFIG_RTC_DRV_DS1286 is not set +# CONFIG_RTC_DRV_DS1511 is not set +# CONFIG_RTC_DRV_DS1553 is not set +# CONFIG_RTC_DRV_DS1742 is not set +# CONFIG_RTC_DRV_STK17TA8 is not set +# CONFIG_RTC_DRV_M48T86 is not set +# CONFIG_RTC_DRV_M48T35 is not set +# CONFIG_RTC_DRV_M48T59 is not set +# CONFIG_RTC_DRV_BQ4802 is not set +# CONFIG_RTC_DRV_V3020 is not set +# CONFIG_RTC_DRV_WM831X is not set +# CONFIG_RTC_DRV_WM8350 is not set +# CONFIG_RTC_DRV_PCF50633 is not set +# CONFIG_RTC_DRV_AB3100 is not set
# # on-CPU RTC drivers # -CONFIG_RTC_DRV_MV=m +CONFIG_RTC_DRV_MV=y CONFIG_DMADEVICES=y
# @@ -2953,7 +2954,7 @@ CONFIG_DMA_ENGINE=y # DMA Clients # # CONFIG_NET_DMA is not set -# CONFIG_ASYNC_TX_DMA is not set +CONFIG_ASYNC_TX_DMA=y CONFIG_DMATEST=m # CONFIG_AUXDISPLAY is not set CONFIG_UIO=m @@ -3447,7 +3448,7 @@ CONFIG_CRYPTO_LZO=m # CONFIG_CRYPTO_ANSI_CPRNG=m CONFIG_CRYPTO_HW=y -# CONFIG_CRYPTO_DEV_MV_CESA is not set +CONFIG_CRYPTO_DEV_MV_CESA=m CONFIG_CRYPTO_DEV_HIFN_795X=m CONFIG_CRYPTO_DEV_HIFN_795X_RNG=y # CONFIG_BINARY_PRINTF is not set diff --git a/config/kernel/kernel.config.armv5tel-ipfire-omap b/config/kernel/kernel.config.armv5tel-ipfire-omap index 542aac8..628d0db 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-omap +++ b/config/kernel/kernel.config.armv5tel-ipfire-omap @@ -800,6 +800,7 @@ CONFIG_IP_NF_RAW=m CONFIG_IP_NF_ARPTABLES=m CONFIG_IP_NF_ARPFILTER=m CONFIG_IP_NF_ARP_MANGLE=m +CONFIG_IP_NF_MATCH_IPP2P=m
# # IPv6: Netfilter Configuration diff --git a/lfs/cryptodev b/lfs/cryptodev index 17a10c7..0c2f486 100644 --- a/lfs/cryptodev +++ b/lfs/cryptodev @@ -26,10 +26,10 @@ include Config
VERSUFIX=ipfire$(KCFG)
-VER = 20091126 +VER = 1.4
-THISAPP = cryptodev-$(VER) -DL_FILE = $(THISAPP).tar.bz2 +THISAPP = cryptodev-linux-$(VER) +DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP)-kmod-$(KVER)-$(VERSUFIX) @@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 26ffa32ef75bea7e980ab66166616e95 +$(DL_FILE)_MD5 = 7b0ac1c0a88d8fbe7316db02f21666e6
install : $(TARGET)
@@ -74,13 +74,13 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && make build \ KERNEL_DIR=/lib/modules/$(KVER)-$(VERSUFIX)/build
-mkdir -pv /usr/include/crypto cd $(DIR_APP) && make install \ KERNEL_DIR=/lib/modules/$(KVER)-$(VERSUFIX)/build - ln -svf ../crypto/cryptodev.h /usr/include/linux/cryptodev.h +# ln -svf ../crypto/cryptodev.h /usr/include/linux/cryptodev.h @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/linux b/lfs/linux index 042d096..fc60de2 100644 --- a/lfs/linux +++ b/lfs/linux @@ -24,8 +24,8 @@
include Config
-PATCHLEVEL = .58 -VER = 2.6.32.58 +PATCHLEVEL = .59 +VER = 2.6.32.59
THISAPP = linux-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -82,7 +82,7 @@ patch-2.6.16-nath323-1.3.bz2 = $(URL_IPFIRE)/patch-2.6.16-nath323-1.3.bz2 reiser4-for-2.6.32.patch.bz2 = $(URL_IPFIRE)/reiser4-for-2.6.32.patch.bz2 xen-patches-2.6.32-2f.tar.bz2 = $(URL_IPFIRE)/xen-patches-2.6.32-2f.tar.bz2
-$(DL_FILE)_MD5 = 13fd1dec69337dd47eef3a1870c20314 +$(DL_FILE)_MD5 = 69c68c4a8eb0f04b051a7dbcff16f6d0 netfilter-layer7-v2.22.tar.gz_MD5 = 98dff8a3d5a31885b73341633f69501f patch-2.6.16-nath323-1.3.bz2_MD5 = f926409ff703a307baf54b57ab75d138 reiser4-for-2.6.32.patch.bz2_MD5 = 3246397973d9271eb8e6d7c97c5d2d91 @@ -163,6 +163,9 @@ endif cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32.27_ipg-fix-driver-name.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32.27_mcs7830-fix-driver-name.patch
+ # Fix mv_cesa + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32-crypto-mv_cesa.patch + ifeq "$(KCFG)" "-kirkwood" # Add dreamplug,guruplug and icy 62x0 support on ARM-kirkwood cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32.57-arm_kirkwood_setups.patch diff --git a/lfs/linux3 b/lfs/linux3 index 7680546..e4a4cc7 100644 --- a/lfs/linux3 +++ b/lfs/linux3 @@ -155,8 +155,8 @@ endif # Reiser4 (don't check if fail (some patches are already in xen patchset) # -cd $(DIR_APP) && bzcat $(DIR_DL)/reiser4-for-2.6.32.patch.bz2 | patch -Np1
- # ipp2p 0.8.2-pomng -# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32.8-ipp2p-0.8.2-pomng.patch + # ipp2p 0.8.2-ipfire + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.0-ipp2p-0.8.2-ipfire.patch
# Layer7-patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/netfilter_layer7_2.22_kernel3.0.patch @@ -187,6 +187,8 @@ ifeq "$(KCFG)" "-omap" cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.40-pandaboard-wlan-fix.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.40-pandaboard-dvi720p.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.40-pandaboard-i2c-fix.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.40-pandaboard-reboot.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.40-pandaboard-rtc-twl-irq.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.x-smsc95xx-add_mac_addr_param.patch endif
diff --git a/lfs/openssl b/lfs/openssl index 3336cfb..9d559e1 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -70,15 +70,12 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-0.9.8n-cryptodev.diff -ifeq "$(PADLOCK)" "1" - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-0.9.8g-engine-padlock.patch -endif + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-0.9.8u-cryptodev.patch @rm -rf /etc/ssl cd $(DIR_APP) && sed -i -e 's/mcpu/march/' config cd $(DIR_APP) && sed -i -e 's/-O3/-O2/' -e 's/-march=i486/-march=i586/' Configure cd $(DIR_APP) && ./Configure --openssldir=/etc/ssl --prefix=/usr shared linux-elf \ - zlib-dynamic no-asm 386 + zlib-dynamic no-asm 386 -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGEST cd $(DIR_APP) && make MANDIR=/usr/share/man cd $(DIR_APP) && make MANDIR=/usr/share/man install rm -rf /etc/ssl/lib diff --git a/lfs/pciutils b/lfs/pciutils index ce604c1..a17b692 100644 --- a/lfs/pciutils +++ b/lfs/pciutils @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# Copyright (C) 2012 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -83,15 +83,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/pciutils-2.1.99-gcc4.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/pciutils-2.2.3-multilib.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/pciutils-2.2.3-sata.patch -ifeq "$(LFS_PASS)" "install" - cd $(DIR_APP)/lib && CFLAGS="-Os -fomit-frame-pointer" ./configure - cd $(DIR_APP)/lib && CFLAGS="-Os -fomit-frame-pointer" make $(MAKETUNING) - -mkdir -p /opt/$(MACHINE)-uClibc/include/pci - cd $(DIR_APP) && install -m 0644 lib/libpci.a /opt/$(MACHINE)-uClibc/lib - cd $(DIR_APP) && install -m 0644 lib/*.h /opt/$(MACHINE)-uClibc/include/pci -else ifeq "$(MACHINE_TYPE)" "arm" - cd $(DIR_APP)/lib && ./configure + cd $(DIR_APP)/lib && ./configure /usr/share/hwdata $(VER) cd $(DIR_APP)/lib && sed -e "s/^#error.*$$/#define CPU_ARCH_ARM/" -i config.h endif cd $(DIR_APP) && make PREFIX=/usr $(MAKETUNING) @@ -99,6 +92,5 @@ endif cd $(DIR_APP) && install -v -m 755 -d /usr/include/pci cd $(DIR_APP) && install -v -m 644 lib/libpci.a /usr/lib cd $(DIR_APP) && install -v -m 644 lib/*.h /usr/include/pci -endif @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/src/patches/linux-2.6.32-crypto-mv_cesa.patch b/src/patches/linux-2.6.32-crypto-mv_cesa.patch new file mode 100644 index 0000000..cc85d52 --- /dev/null +++ b/src/patches/linux-2.6.32-crypto-mv_cesa.patch @@ -0,0 +1,647 @@ +From 0328ac267564089d9cedfb568f936d30a6debd21 Mon Sep 17 00:00:00 2001 +From: Uri Simchoni uri@jdland.co.il +Date: Thu, 8 Apr 2010 19:25:37 +0300 +Subject: [PATCH] crypto: mv_cesa - Invoke the user callback from a softirq + context + +Invoke the user callback from a softirq context + +Signed-off-by: Uri Simchoni uri@jdland.co.il +Signed-off-by: Herbert Xu herbert@gondor.apana.org.au +--- + drivers/crypto/mv_cesa.c | 2 ++ + 1 files changed, 2 insertions(+), 0 deletions(-) + +diff --git a/drivers/crypto/mv_cesa.c b/drivers/crypto/mv_cesa.c +index b21ef63..3e60ba9 100644 +--- a/drivers/crypto/mv_cesa.c ++++ b/drivers/crypto/mv_cesa.c +@@ -275,7 +275,9 @@ static void dequeue_complete_req(void) + sg_miter_stop(&cpg->p.dst_sg_it); + mv_crypto_algo_completion(); + cpg->eng_st = ENGINE_IDLE; ++ local_bh_disable(); + req->base.complete(&req->base, 0); ++ local_bh_enable(); + } + } + +-- +1.7.6.5 +From 6bc6fcd609080461682c5cc0a1e3bf4345d6419d Mon Sep 17 00:00:00 2001 +From: Uri Simchoni uri@jdland.co.il +Date: Thu, 8 Apr 2010 19:25:56 +0300 +Subject: [PATCH] crypto: mv_cesa - Remove compiler warning in mv_cesa driver + +Remove compiler warning + +Signed-off-by: Uri Simchoni uri@jdland.co.il +Signed-off-by: Herbert Xu herbert@gondor.apana.org.au +--- + drivers/crypto/mv_cesa.c | 1 + + 1 files changed, 1 insertions(+), 0 deletions(-) + +diff --git a/drivers/crypto/mv_cesa.c b/drivers/crypto/mv_cesa.c +index 3e60ba9..37d9f06 100644 +--- a/drivers/crypto/mv_cesa.c ++++ b/drivers/crypto/mv_cesa.c +@@ -178,6 +178,7 @@ static void mv_process_current_q(int first_block) + op.config = CFG_OP_CRYPT_ONLY | CFG_ENCM_AES | CFG_ENC_MODE_ECB; + break; + case COP_AES_CBC: ++ default: + op.config = CFG_OP_CRYPT_ONLY | CFG_ENCM_AES | CFG_ENC_MODE_CBC; + op.enc_iv = ENC_IV_POINT(SRAM_DATA_IV) | + ENC_IV_BUF_POINT(SRAM_DATA_IV_BUF); +-- +1.7.6.5 +X-Git-Url: http://git.kernelconcepts.de/?p=mv-sheeva.git;a=blobdiff_plain;f=drivers%2Fc... + +diff --git a/drivers/crypto/mv_cesa.c b/drivers/crypto/mv_cesa.c +index 37d9f06..018a95c 100644 +--- a/drivers/crypto/mv_cesa.c ++++ b/drivers/crypto/mv_cesa.c +@@ -242,6 +242,8 @@ static void dequeue_complete_req(void) + struct ablkcipher_request *req = cpg->cur_req; + void *buf; + int ret; ++ int need_copy_len = cpg->p.crypt_len; ++ int sram_offset = 0; + + cpg->p.total_req_bytes += cpg->p.crypt_len; + do { +@@ -257,14 +259,16 @@ static void dequeue_complete_req(void) + buf = cpg->p.dst_sg_it.addr; + buf += cpg->p.dst_start; + +- dst_copy = min(cpg->p.crypt_len, cpg->p.sg_dst_left); +- +- memcpy(buf, cpg->sram + SRAM_DATA_OUT_START, dst_copy); ++ dst_copy = min(need_copy_len, cpg->p.sg_dst_left); + ++ memcpy(buf, ++ cpg->sram + SRAM_DATA_OUT_START + sram_offset, ++ dst_copy); ++ sram_offset += dst_copy; + cpg->p.sg_dst_left -= dst_copy; +- cpg->p.crypt_len -= dst_copy; ++ need_copy_len -= dst_copy; + cpg->p.dst_start += dst_copy; +- } while (cpg->p.crypt_len > 0); ++ } while (need_copy_len > 0); + + BUG_ON(cpg->eng_st != ENGINE_W_DEQUEUE); + if (cpg->p.total_req_bytes < req->nbytes) { +From 15d4dd3594221f11a7730fcf2d5f9942b96cdd7e Mon Sep 17 00:00:00 2001 +From: Uri Simchoni uri@jdland.co.il +Date: Thu, 8 Apr 2010 19:27:02 +0300 +Subject: [PATCH] crypto: mv_cesa - Fix situations where the src sglist spans + more data than the request asks for + +Fix for situations where the source scatterlist spans more data than the +request nbytes + +Signed-off-by: Uri Simchoni uri@jdland.co.il +Signed-off-by: Herbert Xu herbert@gondor.apana.org.au +--- + drivers/crypto/mv_cesa.c | 66 ++++++++++++++++++++++++++++++--------------- + 1 files changed, 44 insertions(+), 22 deletions(-) + +diff --git a/drivers/crypto/mv_cesa.c b/drivers/crypto/mv_cesa.c +index 018a95c..096f9ff 100644 +--- a/drivers/crypto/mv_cesa.c ++++ b/drivers/crypto/mv_cesa.c +@@ -143,27 +143,45 @@ static int mv_setkey_aes(struct crypto_ablkcipher *cipher, const u8 *key, + return 0; + } + +-static void setup_data_in(struct ablkcipher_request *req) ++static void copy_src_to_buf(struct req_progress *p, char *dbuf, int len) + { + int ret; +- void *buf; +- +- if (!cpg->p.sg_src_left) { +- ret = sg_miter_next(&cpg->p.src_sg_it); +- BUG_ON(!ret); +- cpg->p.sg_src_left = cpg->p.src_sg_it.length; +- cpg->p.src_start = 0; +- } ++ void *sbuf; ++ int copied = 0; + +- cpg->p.crypt_len = min(cpg->p.sg_src_left, cpg->max_req_size); +- +- buf = cpg->p.src_sg_it.addr; +- buf += cpg->p.src_start; ++ while (1) { ++ if (!p->sg_src_left) { ++ ret = sg_miter_next(&p->src_sg_it); ++ BUG_ON(!ret); ++ p->sg_src_left = p->src_sg_it.length; ++ p->src_start = 0; ++ } + +- memcpy(cpg->sram + SRAM_DATA_IN_START, buf, cpg->p.crypt_len); ++ sbuf = p->src_sg_it.addr + p->src_start; ++ ++ if (p->sg_src_left <= len - copied) { ++ memcpy(dbuf + copied, sbuf, p->sg_src_left); ++ copied += p->sg_src_left; ++ p->sg_src_left = 0; ++ if (copied >= len) ++ break; ++ } else { ++ int copy_len = len - copied; ++ memcpy(dbuf + copied, sbuf, copy_len); ++ p->src_start += copy_len; ++ p->sg_src_left -= copy_len; ++ break; ++ } ++ } ++} + +- cpg->p.sg_src_left -= cpg->p.crypt_len; +- cpg->p.src_start += cpg->p.crypt_len; ++static void setup_data_in(struct ablkcipher_request *req) ++{ ++ struct req_progress *p = &cpg->p; ++ p->crypt_len = ++ min((int)req->nbytes - p->total_req_bytes, cpg->max_req_size); ++ copy_src_to_buf(p, cpg->sram + SRAM_DATA_IN_START, ++ p->crypt_len); + } + + static void mv_process_current_q(int first_block) +@@ -289,12 +307,16 @@ static void dequeue_complete_req(void) + static int count_sgs(struct scatterlist *sl, unsigned int total_bytes) + { + int i = 0; +- +- do { +- total_bytes -= sl[i].length; +- i++; +- +- } while (total_bytes > 0); ++ size_t cur_len; ++ ++ while (1) { ++ cur_len = sl[i].length; ++ ++i; ++ if (total_bytes > cur_len) ++ total_bytes -= cur_len; ++ else ++ break; ++ } + + return i; + } +-- +1.7.6.5 +From 3b61a90502481045f56c1c41a2af35ee48ca8b80 Mon Sep 17 00:00:00 2001 +From: Uri Simchoni uri@jdland.co.il +Date: Thu, 8 Apr 2010 19:27:33 +0300 +Subject: [PATCH] crypto: mv_cesa - Enqueue generic async requests + +Enqueue generic async requests rather than ablkcipher requests +in the driver's queue + +Signed-off-by: Uri Simchoni uri@jdland.co.il +Signed-off-by: Herbert Xu herbert@gondor.apana.org.au +--- + drivers/crypto/mv_cesa.c | 43 ++++++++++++++++++++++++------------------- + 1 files changed, 24 insertions(+), 19 deletions(-) + +diff --git a/drivers/crypto/mv_cesa.c b/drivers/crypto/mv_cesa.c +index 096f9ff..8891e2e 100644 +--- a/drivers/crypto/mv_cesa.c ++++ b/drivers/crypto/mv_cesa.c +@@ -39,6 +39,7 @@ enum engine_status { + * @sg_src_left: bytes left in src to process (scatter list) + * @src_start: offset to add to src start position (scatter list) + * @crypt_len: length of current crypt process ++ * @hw_nbytes: total bytes to process in hw for this request + * @sg_dst_left: bytes left dst to process in this scatter list + * @dst_start: offset to add to dst start position (scatter list) + * @total_req_bytes: total number of bytes processed (request). +@@ -55,6 +56,7 @@ struct req_progress { + int sg_src_left; + int src_start; + int crypt_len; ++ int hw_nbytes; + /* dst mostly */ + int sg_dst_left; + int dst_start; +@@ -71,7 +73,7 @@ struct crypto_priv { + spinlock_t lock; + struct crypto_queue queue; + enum engine_status eng_st; +- struct ablkcipher_request *cur_req; ++ struct crypto_async_request *cur_req; + struct req_progress p; + int max_req_size; + int sram_size; +@@ -175,18 +177,18 @@ static void copy_src_to_buf(struct req_progress *p, char *dbuf, int len) + } + } + +-static void setup_data_in(struct ablkcipher_request *req) ++static void setup_data_in(void) + { + struct req_progress *p = &cpg->p; + p->crypt_len = +- min((int)req->nbytes - p->total_req_bytes, cpg->max_req_size); ++ min(p->hw_nbytes - p->total_req_bytes, cpg->max_req_size); + copy_src_to_buf(p, cpg->sram + SRAM_DATA_IN_START, + p->crypt_len); + } + + static void mv_process_current_q(int first_block) + { +- struct ablkcipher_request *req = cpg->cur_req; ++ struct ablkcipher_request *req = ablkcipher_request_cast(cpg->cur_req); + struct mv_ctx *ctx = crypto_tfm_ctx(req->base.tfm); + struct mv_req_ctx *req_ctx = ablkcipher_request_ctx(req); + struct sec_accel_config op; +@@ -229,7 +231,7 @@ static void mv_process_current_q(int first_block) + ENC_P_DST(SRAM_DATA_OUT_START); + op.enc_key_p = SRAM_DATA_KEY_P; + +- setup_data_in(req); ++ setup_data_in(); + op.enc_len = cpg->p.crypt_len; + memcpy(cpg->sram + SRAM_CONFIG, &op, + sizeof(struct sec_accel_config)); +@@ -246,7 +248,7 @@ static void mv_process_current_q(int first_block) + + static void mv_crypto_algo_completion(void) + { +- struct ablkcipher_request *req = cpg->cur_req; ++ struct ablkcipher_request *req = ablkcipher_request_cast(cpg->cur_req); + struct mv_req_ctx *req_ctx = ablkcipher_request_ctx(req); + + if (req_ctx->op != COP_AES_CBC) +@@ -257,7 +259,7 @@ static void mv_crypto_algo_completion(void) + + static void dequeue_complete_req(void) + { +- struct ablkcipher_request *req = cpg->cur_req; ++ struct crypto_async_request *req = cpg->cur_req; + void *buf; + int ret; + int need_copy_len = cpg->p.crypt_len; +@@ -289,7 +291,7 @@ static void dequeue_complete_req(void) + } while (need_copy_len > 0); + + BUG_ON(cpg->eng_st != ENGINE_W_DEQUEUE); +- if (cpg->p.total_req_bytes < req->nbytes) { ++ if (cpg->p.total_req_bytes < cpg->p.hw_nbytes) { + /* process next scatter list entry */ + cpg->eng_st = ENGINE_BUSY; + mv_process_current_q(0); +@@ -299,7 +301,7 @@ static void dequeue_complete_req(void) + mv_crypto_algo_completion(); + cpg->eng_st = ENGINE_IDLE; + local_bh_disable(); +- req->base.complete(&req->base, 0); ++ req->complete(req, 0); + local_bh_enable(); + } + } +@@ -323,16 +325,19 @@ static int count_sgs(struct scatterlist *sl, unsigned int total_bytes) + + static void mv_enqueue_new_req(struct ablkcipher_request *req) + { ++ struct req_progress *p = &cpg->p; + int num_sgs; + +- cpg->cur_req = req; +- memset(&cpg->p, 0, sizeof(struct req_progress)); ++ cpg->cur_req = &req->base; ++ memset(p, 0, sizeof(struct req_progress)); ++ p->hw_nbytes = req->nbytes; + + num_sgs = count_sgs(req->src, req->nbytes); +- sg_miter_start(&cpg->p.src_sg_it, req->src, num_sgs, SG_MITER_FROM_SG); ++ sg_miter_start(&p->src_sg_it, req->src, num_sgs, SG_MITER_FROM_SG); + + num_sgs = count_sgs(req->dst, req->nbytes); +- sg_miter_start(&cpg->p.dst_sg_it, req->dst, num_sgs, SG_MITER_TO_SG); ++ sg_miter_start(&p->dst_sg_it, req->dst, num_sgs, SG_MITER_TO_SG); ++ + mv_process_current_q(1); + } + +@@ -378,13 +383,13 @@ static int queue_manag(void *data) + return 0; + } + +-static int mv_handle_req(struct ablkcipher_request *req) ++static int mv_handle_req(struct crypto_async_request *req) + { + unsigned long flags; + int ret; + + spin_lock_irqsave(&cpg->lock, flags); +- ret = ablkcipher_enqueue_request(&cpg->queue, req); ++ ret = crypto_enqueue_request(&cpg->queue, req); + spin_unlock_irqrestore(&cpg->lock, flags); + wake_up_process(cpg->queue_th); + return ret; +@@ -397,7 +402,7 @@ static int mv_enc_aes_ecb(struct ablkcipher_request *req) + req_ctx->op = COP_AES_ECB; + req_ctx->decrypt = 0; + +- return mv_handle_req(req); ++ return mv_handle_req(&req->base); + } + + static int mv_dec_aes_ecb(struct ablkcipher_request *req) +@@ -409,7 +414,7 @@ static int mv_dec_aes_ecb(struct ablkcipher_request *req) + req_ctx->decrypt = 1; + + compute_aes_dec_key(ctx); +- return mv_handle_req(req); ++ return mv_handle_req(&req->base); + } + + static int mv_enc_aes_cbc(struct ablkcipher_request *req) +@@ -419,7 +424,7 @@ static int mv_enc_aes_cbc(struct ablkcipher_request *req) + req_ctx->op = COP_AES_CBC; + req_ctx->decrypt = 0; + +- return mv_handle_req(req); ++ return mv_handle_req(&req->base); + } + + static int mv_dec_aes_cbc(struct ablkcipher_request *req) +@@ -431,7 +436,7 @@ static int mv_dec_aes_cbc(struct ablkcipher_request *req) + req_ctx->decrypt = 1; + + compute_aes_dec_key(ctx); +- return mv_handle_req(req); ++ return mv_handle_req(&req->base); + } + + static int mv_cra_init(struct crypto_tfm *tfm) +-- +1.7.6.5 +From 7a5f691ef03f4c01d2703b5ec4ddd4c17e645dec Mon Sep 17 00:00:00 2001 +From: Uri Simchoni uri@jdland.co.il +Date: Thu, 8 Apr 2010 19:29:16 +0300 +Subject: [PATCH] crypto: mv_cesa - Rename a variable to a more suitable name + +Rename a variable to a more suitable name + +Signed-off-by: Uri Simchoni uri@jdland.co.il +Signed-off-by: Herbert Xu herbert@gondor.apana.org.au +--- + drivers/crypto/mv_cesa.c | 10 +++++----- + 1 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/drivers/crypto/mv_cesa.c b/drivers/crypto/mv_cesa.c +index 8891e2e..4262932 100644 +--- a/drivers/crypto/mv_cesa.c ++++ b/drivers/crypto/mv_cesa.c +@@ -42,7 +42,7 @@ enum engine_status { + * @hw_nbytes: total bytes to process in hw for this request + * @sg_dst_left: bytes left dst to process in this scatter list + * @dst_start: offset to add to dst start position (scatter list) +- * @total_req_bytes: total number of bytes processed (request). ++ * @hw_processed_bytes: number of bytes processed by hw (request). + * + * sg helper are used to iterate over the scatterlist. Since the size of the + * SRAM may be less than the scatter size, this struct struct is used to keep +@@ -60,7 +60,7 @@ struct req_progress { + /* dst mostly */ + int sg_dst_left; + int dst_start; +- int total_req_bytes; ++ int hw_processed_bytes; + }; + + struct crypto_priv { +@@ -181,7 +181,7 @@ static void setup_data_in(void) + { + struct req_progress *p = &cpg->p; + p->crypt_len = +- min(p->hw_nbytes - p->total_req_bytes, cpg->max_req_size); ++ min(p->hw_nbytes - p->hw_processed_bytes, cpg->max_req_size); + copy_src_to_buf(p, cpg->sram + SRAM_DATA_IN_START, + p->crypt_len); + } +@@ -265,7 +265,7 @@ static void dequeue_complete_req(void) + int need_copy_len = cpg->p.crypt_len; + int sram_offset = 0; + +- cpg->p.total_req_bytes += cpg->p.crypt_len; ++ cpg->p.hw_processed_bytes += cpg->p.crypt_len; + do { + int dst_copy; + +@@ -291,7 +291,7 @@ static void dequeue_complete_req(void) + } while (need_copy_len > 0); + + BUG_ON(cpg->eng_st != ENGINE_W_DEQUEUE); +- if (cpg->p.total_req_bytes < cpg->p.hw_nbytes) { ++ if (cpg->p.hw_processed_bytes < cpg->p.hw_nbytes) { + /* process next scatter list entry */ + cpg->eng_st = ENGINE_BUSY; + mv_process_current_q(0); +-- +1.6.5.GIT +From a58094ac5f95d6969e5c52ff096d2fd2864542af Mon Sep 17 00:00:00 2001 +From: Uri Simchoni uri@jdland.co.il +Date: Thu, 8 Apr 2010 19:30:19 +0300 +Subject: [PATCH] crypto: mv_cesa - Execute some code via function pointers + rathr than direct calls + +Execute some code via function pointers rathr than direct calls +(to allow customization in the hashing request) + +Signed-off-by: Uri Simchoni uri@jdland.co.il +Signed-off-by: Herbert Xu herbert@gondor.apana.org.au +--- + drivers/crypto/mv_cesa.c | 13 +++++++++---- + 1 files changed, 9 insertions(+), 4 deletions(-) + +diff --git a/drivers/crypto/mv_cesa.c b/drivers/crypto/mv_cesa.c +index 4262932..2b4f07a 100644 +--- a/drivers/crypto/mv_cesa.c ++++ b/drivers/crypto/mv_cesa.c +@@ -51,6 +51,8 @@ enum engine_status { + struct req_progress { + struct sg_mapping_iter src_sg_it; + struct sg_mapping_iter dst_sg_it; ++ void (*complete) (void); ++ void (*process) (int is_first); + + /* src mostly */ + int sg_src_left; +@@ -251,6 +253,9 @@ static void mv_crypto_algo_completion(void) + struct ablkcipher_request *req = ablkcipher_request_cast(cpg->cur_req); + struct mv_req_ctx *req_ctx = ablkcipher_request_ctx(req); + ++ sg_miter_stop(&cpg->p.src_sg_it); ++ sg_miter_stop(&cpg->p.dst_sg_it); ++ + if (req_ctx->op != COP_AES_CBC) + return ; + +@@ -294,11 +299,9 @@ static void dequeue_complete_req(void) + if (cpg->p.hw_processed_bytes < cpg->p.hw_nbytes) { + /* process next scatter list entry */ + cpg->eng_st = ENGINE_BUSY; +- mv_process_current_q(0); ++ cpg->p.process(0); + } else { +- sg_miter_stop(&cpg->p.src_sg_it); +- sg_miter_stop(&cpg->p.dst_sg_it); +- mv_crypto_algo_completion(); ++ cpg->p.complete(); + cpg->eng_st = ENGINE_IDLE; + local_bh_disable(); + req->complete(req, 0); +@@ -331,6 +334,8 @@ static void mv_enqueue_new_req(struct ablkcipher_request *req) + cpg->cur_req = &req->base; + memset(p, 0, sizeof(struct req_progress)); + p->hw_nbytes = req->nbytes; ++ p->complete = mv_crypto_algo_completion; ++ p->process = mv_process_current_q; + + num_sgs = count_sgs(req->src, req->nbytes); + sg_miter_start(&p->src_sg_it, req->src, num_sgs, SG_MITER_FROM_SG); +-- +1.7.6.5 +X-Git-Url: http://git.kernelconcepts.de/?p=mv-sheeva.git;a=blobdiff_plain;f=drivers%2Fc... + +diff --git a/drivers/crypto/mv_cesa.c b/drivers/crypto/mv_cesa.c +index 2b4f07a..49a2206 100644 +--- a/drivers/crypto/mv_cesa.c ++++ b/drivers/crypto/mv_cesa.c +@@ -40,6 +40,7 @@ enum engine_status { + * @src_start: offset to add to src start position (scatter list) + * @crypt_len: length of current crypt process + * @hw_nbytes: total bytes to process in hw for this request ++ * @copy_back: whether to copy data back (crypt) or not (hash) + * @sg_dst_left: bytes left dst to process in this scatter list + * @dst_start: offset to add to dst start position (scatter list) + * @hw_processed_bytes: number of bytes processed by hw (request). +@@ -60,6 +61,7 @@ struct req_progress { + int crypt_len; + int hw_nbytes; + /* dst mostly */ ++ int copy_back; + int sg_dst_left; + int dst_start; + int hw_processed_bytes; +@@ -267,33 +269,35 @@ static void dequeue_complete_req(void) + struct crypto_async_request *req = cpg->cur_req; + void *buf; + int ret; +- int need_copy_len = cpg->p.crypt_len; +- int sram_offset = 0; +- + cpg->p.hw_processed_bytes += cpg->p.crypt_len; +- do { +- int dst_copy; ++ if (cpg->p.copy_back) { ++ int need_copy_len = cpg->p.crypt_len; ++ int sram_offset = 0; ++ do { ++ int dst_copy; ++ ++ if (!cpg->p.sg_dst_left) { ++ ret = sg_miter_next(&cpg->p.dst_sg_it); ++ BUG_ON(!ret); ++ cpg->p.sg_dst_left = cpg->p.dst_sg_it.length; ++ cpg->p.dst_start = 0; ++ } + +- if (!cpg->p.sg_dst_left) { +- ret = sg_miter_next(&cpg->p.dst_sg_it); +- BUG_ON(!ret); +- cpg->p.sg_dst_left = cpg->p.dst_sg_it.length; +- cpg->p.dst_start = 0; +- } ++ buf = cpg->p.dst_sg_it.addr; ++ buf += cpg->p.dst_start; + +- buf = cpg->p.dst_sg_it.addr; +- buf += cpg->p.dst_start; ++ dst_copy = min(need_copy_len, cpg->p.sg_dst_left); + +- dst_copy = min(need_copy_len, cpg->p.sg_dst_left); ++ memcpy(buf, ++ cpg->sram + SRAM_DATA_OUT_START + sram_offset, ++ dst_copy); ++ sram_offset += dst_copy; ++ cpg->p.sg_dst_left -= dst_copy; ++ need_copy_len -= dst_copy; ++ cpg->p.dst_start += dst_copy; ++ } while (need_copy_len > 0); ++ } + +- memcpy(buf, +- cpg->sram + SRAM_DATA_OUT_START + sram_offset, +- dst_copy); +- sram_offset += dst_copy; +- cpg->p.sg_dst_left -= dst_copy; +- need_copy_len -= dst_copy; +- cpg->p.dst_start += dst_copy; +- } while (need_copy_len > 0); + + BUG_ON(cpg->eng_st != ENGINE_W_DEQUEUE); + if (cpg->p.hw_processed_bytes < cpg->p.hw_nbytes) { +@@ -336,6 +340,7 @@ static void mv_enqueue_new_req(struct ablkcipher_request *req) + p->hw_nbytes = req->nbytes; + p->complete = mv_crypto_algo_completion; + p->process = mv_process_current_q; ++ p->copy_back = 1; + + num_sgs = count_sgs(req->src, req->nbytes); + sg_miter_start(&p->src_sg_it, req->src, num_sgs, SG_MITER_FROM_SG); +From 0c5c6c4bae8fe9ae3d86b44c332eb1267df1ec99 Mon Sep 17 00:00:00 2001 +From: Uri Simchoni uri@jdland.co.il +Date: Thu, 8 Apr 2010 19:33:26 +0300 +Subject: [PATCH] crypto: mv_cesa - Support processing of data from previous + requests + +Support processing of data from previous requests (as in hashing +update/final requests). + +Signed-off-by: Uri Simchoni uri@jdland.co.il +Signed-off-by: Herbert Xu herbert@gondor.apana.org.au +--- + drivers/crypto/mv_cesa.c | 8 +++++--- + 1 files changed, 5 insertions(+), 3 deletions(-) + +diff --git a/drivers/crypto/mv_cesa.c b/drivers/crypto/mv_cesa.c +index 49a2206..d0fb10e 100644 +--- a/drivers/crypto/mv_cesa.c ++++ b/drivers/crypto/mv_cesa.c +@@ -184,10 +184,11 @@ static void copy_src_to_buf(struct req_progress *p, char *dbuf, int len) + static void setup_data_in(void) + { + struct req_progress *p = &cpg->p; +- p->crypt_len = ++ int data_in_sram = + min(p->hw_nbytes - p->hw_processed_bytes, cpg->max_req_size); +- copy_src_to_buf(p, cpg->sram + SRAM_DATA_IN_START, +- p->crypt_len); ++ copy_src_to_buf(p, cpg->sram + SRAM_DATA_IN_START + p->crypt_len, ++ data_in_sram - p->crypt_len); ++ p->crypt_len = data_in_sram; + } + + static void mv_process_current_q(int first_block) +@@ -298,6 +299,7 @@ static void dequeue_complete_req(void) + } while (need_copy_len > 0); + } + ++ cpg->p.crypt_len = 0; + + BUG_ON(cpg->eng_st != ENGINE_W_DEQUEUE); + if (cpg->p.hw_processed_bytes < cpg->p.hw_nbytes) { +-- +1.7.6.5 diff --git a/src/patches/linux-2.6.40-pandaboard-reboot.patch b/src/patches/linux-2.6.40-pandaboard-reboot.patch new file mode 100644 index 0000000..8e37837 --- /dev/null +++ b/src/patches/linux-2.6.40-pandaboard-reboot.patch @@ -0,0 +1,29 @@ +With commit 3d3f78d752bf, reboot seems to broken on ARM +machines. CPU dies while doing flush_pmd_entry() as part of +setup_mm_for_reboot() + +I know this is not the fix but intention is to report the +issue and also provide temporary fix till it get fixed correctly + +Signed-off-by: Santosh Shilimkar santosh.shilimkar@xxxxxx +Reported-by: Anand Gadiyar gadiyar@xxxxxx +--- +Tested with OMAP4 device. + + arch/arm/kernel/process.c | 1 - + 1 files changed, 0 insertions(+), 1 deletions(-) + +diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c +index e76fcaa..ac370b2 100644 +--- a/arch/arm/kernel/process.c ++++ b/arch/arm/kernel/process.c +@@ -247,7 +247,6 @@ void machine_power_off(void) + + void machine_restart(char *cmd) + { +- machine_shutdown(); + arm_pm_restart(reboot_mode, cmd); + } + +-- +1.6.0.4 diff --git a/src/patches/linux-2.6.40-pandaboard-rtc-twl-irq.patch b/src/patches/linux-2.6.40-pandaboard-rtc-twl-irq.patch new file mode 100644 index 0000000..dc1182d --- /dev/null +++ b/src/patches/linux-2.6.40-pandaboard-rtc-twl-irq.patch @@ -0,0 +1,27 @@ +diff -Naur linux-3.0.24.org/drivers/rtc/rtc-twl.c linux-3.0.24/drivers/rtc/rtc-twl.c +--- linux-3.0.24.org/drivers/rtc/rtc-twl.c 2012-03-12 18:58:19.000000000 +0100 ++++ linux-3.0.24/drivers/rtc/rtc-twl.c 2012-03-20 23:24:52.213578926 +0100 +@@ -362,14 +362,6 @@ + int res; + u8 rd_reg; + +-#ifdef CONFIG_LOCKDEP +- /* WORKAROUND for lockdep forcing IRQF_DISABLED on us, which +- * we don't want and can't tolerate. Although it might be +- * friendlier not to borrow this thread context... +- */ +- local_irq_enable(); +-#endif +- + res = twl_rtc_read_u8(&rd_reg, REG_RTC_STATUS_REG); + if (res) + goto out; +@@ -462,7 +454,7 @@ + if (ret < 0) + goto out1; + +- ret = request_irq(irq, twl_rtc_interrupt, ++ ret = request_threaded_irq(irq, NULL, twl_rtc_interrupt, + IRQF_TRIGGER_RISING, + dev_name(&rtc->dev), rtc); + if (ret < 0) { diff --git a/src/patches/linux-3.0-ipp2p-0.8.2-ipfire.patch b/src/patches/linux-3.0-ipp2p-0.8.2-ipfire.patch new file mode 100644 index 0000000..34cba84 --- /dev/null +++ b/src/patches/linux-3.0-ipp2p-0.8.2-ipfire.patch @@ -0,0 +1,1039 @@ +diff -Naur linux-3.0.24.org/include/linux/netfilter_ipv4/ipt_ipp2p.h linux-3.0.24/include/linux/netfilter_ipv4/ipt_ipp2p.h +--- linux-3.0.24.org/include/linux/netfilter_ipv4/ipt_ipp2p.h 1970-01-01 01:00:00.000000000 +0100 ++++ linux-3.0.24/include/linux/netfilter_ipv4/ipt_ipp2p.h 2012-03-20 09:29:20.616541362 +0100 +@@ -0,0 +1,31 @@ ++#ifndef __IPT_IPP2P_H ++#define __IPT_IPP2P_H ++#define IPP2P_VERSION "0.8.2-ipfire" ++ ++struct ipt_p2p_info { ++ int cmd; ++ int debug; ++}; ++ ++#endif //__IPT_IPP2P_H ++ ++#define SHORT_HAND_IPP2P 1 /* --ipp2p switch*/ ++//#define SHORT_HAND_DATA 4 /* --ipp2p-data switch*/ ++#define SHORT_HAND_NONE 5 /* no short hand*/ ++ ++#define IPP2P_EDK (1 << 1) ++#define IPP2P_DATA_KAZAA (1 << 2) ++#define IPP2P_DATA_EDK (1 << 3) ++#define IPP2P_DATA_DC (1 << 4) ++#define IPP2P_DC (1 << 5) ++#define IPP2P_DATA_GNU (1 << 6) ++#define IPP2P_GNU (1 << 7) ++#define IPP2P_KAZAA (1 << 8) ++#define IPP2P_BIT (1 << 9) ++#define IPP2P_APPLE (1 << 10) ++#define IPP2P_SOUL (1 << 11) ++#define IPP2P_WINMX (1 << 12) ++#define IPP2P_ARES (1 << 13) ++#define IPP2P_MUTE (1 << 14) ++#define IPP2P_WASTE (1 << 15) ++#define IPP2P_XDCC (1 << 16) +diff -Naur linux-3.0.24.org/net/ipv4/netfilter/ipt_ipp2p.c linux-3.0.24/net/ipv4/netfilter/ipt_ipp2p.c +--- linux-3.0.24.org/net/ipv4/netfilter/ipt_ipp2p.c 1970-01-01 01:00:00.000000000 +0100 ++++ linux-3.0.24/net/ipv4/netfilter/ipt_ipp2p.c 2012-03-20 11:26:38.593101443 +0100 +@@ -0,0 +1,970 @@ ++#if defined(MODVERSIONS) ++#include <linux/modversions.h> ++#endif ++#include <linux/module.h> ++#include <linux/version.h> ++#include <linux/netfilter_ipv4/ip_tables.h> ++#include <linux/netfilter_ipv4/ipt_ipp2p.h> ++#include <net/tcp.h> ++#include <net/udp.h> ++ ++#define get_u8(X,O) (*(__u8 *)(X + O)) ++#define get_u16(X,O) (*(__u16 *)(X + O)) ++#define get_u32(X,O) (*(__u32 *)(X + O)) ++ ++MODULE_AUTHOR("Eicke Friedrich/Klaus Degner ipp2p@ipp2p.org"); ++MODULE_DESCRIPTION("An extension to iptables to identify P2P traffic."); ++MODULE_LICENSE("GPL"); ++ ++ ++/*Search for UDP eDonkey/eMule/Kad commands*/ ++int ++udp_search_edk (unsigned char *haystack, int packet_len) ++{ ++ unsigned char *t = haystack; ++ t += 8; ++ ++ switch (t[0]) { ++ case 0xe3: ++ { /*edonkey*/ ++ switch (t[1]) ++ { ++ /* client -> server status request */ ++ case 0x96: ++ if (packet_len == 14) return ((IPP2P_EDK * 100) + 50); ++ break; ++ /* server -> client status request */ ++ case 0x97: if (packet_len == 42) return ((IPP2P_EDK * 100) + 51); ++ break; ++ /* server description request */ ++ /* e3 2a ff f0 .. | size == 6 */ ++ case 0xa2: if ( (packet_len == 14) && ( get_u16(t,2) == __constant_htons(0xfff0) ) ) return ((IPP2P_EDK * 100) + 52); ++ break; ++ /* server description response */ ++ /* e3 a3 ff f0 .. | size > 40 && size < 200 */ ++ //case 0xa3: return ((IPP2P_EDK * 100) + 53); ++ // break; ++ case 0x9a: if (packet_len==26) return ((IPP2P_EDK * 100) + 54); ++ break; ++ ++ case 0x92: if (packet_len==18) return ((IPP2P_EDK * 100) + 55); ++ break; ++ } ++ break; ++ } ++ case 0xe4: ++ { ++ switch (t[1]) ++ { ++ /* e4 20 .. | size == 43 */ ++ case 0x20: if ((packet_len == 43) && (t[2] != 0x00) && (t[34] != 0x00)) return ((IPP2P_EDK * 100) + 60); ++ break; ++ /* e4 00 .. 00 | size == 35 ? */ ++ case 0x00: if ((packet_len == 35) && (t[26] == 0x00)) return ((IPP2P_EDK * 100) + 61); ++ break; ++ /* e4 10 .. 00 | size == 35 ? */ ++ case 0x10: if ((packet_len == 35) && (t[26] == 0x00)) return ((IPP2P_EDK * 100) + 62); ++ break; ++ /* e4 18 .. 00 | size == 35 ? */ ++ case 0x18: if ((packet_len == 35) && (t[26] == 0x00)) return ((IPP2P_EDK * 100) + 63); ++ break; ++ /* e4 52 .. | size = 44 */ ++ case 0x52: if (packet_len == 44 ) return ((IPP2P_EDK * 100) + 64); ++ break; ++ /* e4 58 .. | size == 6 */ ++ case 0x58: if (packet_len == 14 ) return ((IPP2P_EDK * 100) + 65); ++ break; ++ /* e4 59 .. | size == 2 */ ++ case 0x59: if (packet_len == 10 )return ((IPP2P_EDK * 100) + 66); ++ break; ++ /* e4 28 .. | packet_len == 52,77,102,127... */ ++ case 0x28: if (((packet_len-52) % 25) == 0) return ((IPP2P_EDK * 100) + 67); ++ break; ++ /* e4 50 xx xx | size == 4 */ ++ case 0x50: if (packet_len == 12) return ((IPP2P_EDK * 100) + 68); ++ break; ++ /* e4 40 xx xx | size == 48 */ ++ case 0x40: if (packet_len == 56) return ((IPP2P_EDK * 100) + 69); ++ break; ++ } ++ break; ++ } ++ } /* end of switch (t[0]) */ ++ return 0; ++}/*udp_search_edk*/ ++ ++ ++/*Search for UDP Gnutella commands*/ ++int ++udp_search_gnu (unsigned char *haystack, int packet_len) ++{ ++ unsigned char *t = haystack; ++ t += 8; ++ ++ if (memcmp(t, "GND", 3) == 0) return ((IPP2P_GNU * 100) + 51); ++ if (memcmp(t, "GNUTELLA ", 9) == 0) return ((IPP2P_GNU * 100) + 52); ++ return 0; ++}/*udp_search_gnu*/ ++ ++ ++/*Search for UDP KaZaA commands*/ ++int ++udp_search_kazaa (unsigned char *haystack, int packet_len) ++{ ++ unsigned char *t = haystack; ++ ++ if (t[packet_len-1] == 0x00){ ++ t += (packet_len - 6); ++ if (memcmp(t, "KaZaA", 5) == 0) return (IPP2P_KAZAA * 100 +50); ++ } ++ ++ return 0; ++}/*udp_search_kazaa*/ ++ ++/*Search for UDP DirectConnect commands*/ ++int ++udp_search_directconnect (unsigned char *haystack, int packet_len) ++{ ++ unsigned char *t = haystack; ++ if ((*(t + 8) == 0x24) && (*(t + packet_len - 1) == 0x7c)) { ++ t+=8; ++ if (memcmp(t, "SR ", 3) == 0) return ((IPP2P_DC * 100) + 60); ++ if (memcmp(t, "Ping ", 5) == 0) return ((IPP2P_DC * 100) + 61); ++ } ++ return 0; ++}/*udp_search_directconnect*/ ++ ++ ++ ++/*Search for UDP BitTorrent commands*/ ++int ++udp_search_bit (unsigned char *haystack, int packet_len) ++{ ++ switch(packet_len) ++ { ++ case 24: ++ /* ^ 00 00 04 17 27 10 19 80 */ ++ if ((ntohl(get_u32(haystack, 8)) == 0x00000417) && (ntohl(get_u32(haystack, 12)) == 0x27101980)) ++ return (IPP2P_BIT * 100 + 50); ++ break; ++ case 44: ++ if (get_u32(haystack, 16) == __constant_htonl(0x00000400) && get_u32(haystack, 36) == __constant_htonl(0x00000104)) ++ return (IPP2P_BIT * 100 + 51); ++ if (get_u32(haystack, 16) == __constant_htonl(0x00000400)) ++ return (IPP2P_BIT * 100 + 61); ++ break; ++ case 65: ++ if (get_u32(haystack, 16) == __constant_htonl(0x00000404) && get_u32(haystack, 36) == __constant_htonl(0x00000104)) ++ return (IPP2P_BIT * 100 + 52); ++ if (get_u32(haystack, 16) == __constant_htonl(0x00000404)) ++ return (IPP2P_BIT * 100 + 62); ++ break; ++ case 67: ++ if (get_u32(haystack, 16) == __constant_htonl(0x00000406) && get_u32(haystack, 36) == __constant_htonl(0x00000104)) ++ return (IPP2P_BIT * 100 + 53); ++ if (get_u32(haystack, 16) == __constant_htonl(0x00000406)) ++ return (IPP2P_BIT * 100 + 63); ++ break; ++ case 211: ++ if (get_u32(haystack, 8) == __constant_htonl(0x00000405)) ++ return (IPP2P_BIT * 100 + 54); ++ break; ++ case 29: ++ if ((get_u32(haystack, 8) == __constant_htonl(0x00000401))) ++ return (IPP2P_BIT * 100 + 55); ++ break; ++ case 52: ++ if (get_u32(haystack,8) == __constant_htonl(0x00000827) && ++ get_u32(haystack,12) == __constant_htonl(0x37502950)) ++ return (IPP2P_BIT * 100 + 80); ++ break; ++ default: ++ /* this packet does not have a constant size */ ++ if (packet_len >= 40 && get_u32(haystack, 16) == __constant_htonl(0x00000402) && get_u32(haystack, 36) == __constant_htonl(0x00000104)) ++ return (IPP2P_BIT * 100 + 56); ++ break; ++ } ++ ++ /* some extra-bitcomet rules: ++ * "d1:" [a|r] "d2:id20:" ++ */ ++ if (packet_len > 30 && get_u8(haystack, 8) == 'd' && get_u8(haystack, 9) == '1' && get_u8(haystack, 10) == ':' ) ++ { ++ if (get_u8(haystack, 11) == 'a' || get_u8(haystack, 11) == 'r') ++ { ++ if (memcmp(haystack+12,"d2:id20:",8)==0) ++ return (IPP2P_BIT * 100 + 57); ++ } ++ } ++ ++#if 0 ++ /* bitlord rules */ ++ /* packetlen must be bigger than 40 */ ++ /* first 4 bytes are zero */ ++ if (packet_len > 40 && get_u32(haystack, 8) == 0x00000000) ++ { ++ /* first rule: 00 00 00 00 01 00 00 xx xx xx xx 00 00 00 00*/ ++ if (get_u32(haystack, 12) == 0x00000000 && ++ get_u32(haystack, 16) == 0x00010000 && ++ get_u32(haystack, 24) == 0x00000000 ) ++ return (IPP2P_BIT * 100 + 71); ++ ++ /* 00 01 00 00 0d 00 00 xx xx xx xx 00 00 00 00*/ ++ if (get_u32(haystack, 12) == 0x00000001 && ++ get_u32(haystack, 16) == 0x000d0000 && ++ get_u32(haystack, 24) == 0x00000000 ) ++ return (IPP2P_BIT * 100 + 71); ++ ++ ++ } ++#endif ++ ++ return 0; ++}/*udp_search_bit*/ ++ ++ ++ ++/*Search for Ares commands*/ ++//#define IPP2P_DEBUG_ARES ++int ++search_ares (const unsigned char *payload, const u16 plen) ++//int search_ares (unsigned char *haystack, int packet_len, int head_len) ++{ ++// const unsigned char *t = haystack + head_len; ++ ++ /* all ares packets start with */ ++ if (payload[1] == 0 && (plen - payload[0]) == 3) ++ { ++ switch (payload[2]) ++ { ++ case 0x5a: ++ /* ares connect */ ++ if ( plen == 6 && payload[5] == 0x05 ) return ((IPP2P_ARES * 100) + 1); ++ break; ++ case 0x09: ++ /* ares search, min 3 chars --> 14 bytes ++ * lets define a search can be up to 30 chars --> max 34 bytes ++ */ ++ if ( plen >= 14 && plen <= 34 ) return ((IPP2P_ARES * 100) + 1); ++ break; ++#ifdef IPP2P_DEBUG_ARES ++ default: ++ printk(KERN_DEBUG "Unknown Ares command %x recognized, len: %u \n", (unsigned int) payload[2],plen); ++#endif /* IPP2P_DEBUG_ARES */ ++ } ++ } ++ ++#if 0 ++ /* found connect packet: 03 00 5a 04 03 05 */ ++ /* new version ares 1.8: 03 00 5a xx xx 05 */ ++ if ((plen) == 6){ /* possible connect command*/ ++ if ((payload[0] == 0x03) && (payload[1] == 0x00) && (payload[2] == 0x5a) && (payload[5] == 0x05)) ++ return ((IPP2P_ARES * 100) + 1); ++ } ++ if ((plen) == 60){ /* possible download command*/ ++ if ((payload[59] == 0x0a) && (payload[58] == 0x0a)){ ++ if (memcmp(t, "PUSH SHA1:", 10) == 0) /* found download command */ ++ return ((IPP2P_ARES * 100) + 2); ++ } ++ } ++#endif ++ ++ return 0; ++} /*search_ares*/ ++ ++/*Search for SoulSeek commands*/ ++int ++search_soul (const unsigned char *payload, const u16 plen) ++{ ++//#define IPP2P_DEBUG_SOUL ++ /* match: xx xx xx xx | xx = sizeof(payload) - 4 */ ++ if (get_u32(payload, 0) == (plen - 4)){ ++ const __u32 m=get_u32(payload, 4); ++ /* match 00 yy yy 00, yy can be everything */ ++ if ( get_u8(payload, 4) == 0x00 && get_u8(payload, 7) == 0x00 ) ++ { ++#ifdef IPP2P_DEBUG_SOUL ++ printk(KERN_DEBUG "0: Soulseek command 0x%x recognized\n",get_u32(payload, 4)); ++#endif /* IPP2P_DEBUG_SOUL */ ++ return ((IPP2P_SOUL * 100) + 1); ++ } ++ ++ /* next match: 01 yy 00 00 | yy can be everything */ ++ if ( get_u8(payload, 4) == 0x01 && get_u16(payload, 6) == 0x0000 ) ++ { ++#ifdef IPP2P_DEBUG_SOUL ++ printk(KERN_DEBUG "1: Soulseek command 0x%x recognized\n",get_u16(payload, 4)); ++#endif /* IPP2P_DEBUG_SOUL */ ++ return ((IPP2P_SOUL * 100) + 2); ++ } ++ ++ /* other soulseek commandos are: 1-5,7,9,13-18,22,23,26,28,35-37,40-46,50,51,60,62-69,91,92,1001 */ ++ /* try to do this in an intelligent way */ ++ /* get all small commandos */ ++ switch(m) ++ { ++ case 7: ++ case 9: ++ case 22: ++ case 23: ++ case 26: ++ case 28: ++ case 50: ++ case 51: ++ case 60: ++ case 91: ++ case 92: ++ case 1001: ++#ifdef IPP2P_DEBUG_SOUL ++ printk(KERN_DEBUG "2: Soulseek command 0x%x recognized\n",get_u16(payload, 4)); ++#endif /* IPP2P_DEBUG_SOUL */ ++ return ((IPP2P_SOUL * 100) + 3); ++ } ++ ++ if (m > 0 && m < 6 ) ++ { ++#ifdef IPP2P_DEBUG_SOUL ++ printk(KERN_DEBUG "3: Soulseek command 0x%x recognized\n",get_u16(payload, 4)); ++#endif /* IPP2P_DEBUG_SOUL */ ++ return ((IPP2P_SOUL * 100) + 4); ++ } ++ if (m > 12 && m < 19 ) ++ { ++#ifdef IPP2P_DEBUG_SOUL ++ printk(KERN_DEBUG "4: Soulseek command 0x%x recognized\n",get_u16(payload, 4)); ++#endif /* IPP2P_DEBUG_SOUL */ ++ return ((IPP2P_SOUL * 100) + 5); ++ } ++ ++ if (m > 34 && m < 38 ) ++ { ++#ifdef IPP2P_DEBUG_SOUL ++ printk(KERN_DEBUG "5: Soulseek command 0x%x recognized\n",get_u16(payload, 4)); ++#endif /* IPP2P_DEBUG_SOUL */ ++ return ((IPP2P_SOUL * 100) + 6); ++ } ++ ++ if (m > 39 && m < 47 ) ++ { ++#ifdef IPP2P_DEBUG_SOUL ++ printk(KERN_DEBUG "6: Soulseek command 0x%x recognized\n",get_u16(payload, 4)); ++#endif /* IPP2P_DEBUG_SOUL */ ++ return ((IPP2P_SOUL * 100) + 7); ++ } ++ ++ if (m > 61 && m < 70 ) ++ { ++#ifdef IPP2P_DEBUG_SOUL ++ printk(KERN_DEBUG "7: Soulseek command 0x%x recognized\n",get_u16(payload, 4)); ++#endif /* IPP2P_DEBUG_SOUL */ ++ return ((IPP2P_SOUL * 100) + 8); ++ } ++ ++#ifdef IPP2P_DEBUG_SOUL ++ printk(KERN_DEBUG "unknown SOULSEEK command: 0x%x, first 16 bit: 0x%x, first 8 bit: 0x%x ,soulseek ???\n",get_u32(payload, 4),get_u16(payload, 4) >> 16,get_u8(payload, 4) >> 24); ++#endif /* IPP2P_DEBUG_SOUL */ ++ } ++ ++ /* match 14 00 00 00 01 yy 00 00 00 STRING(YY) 01 00 00 00 00 46|50 00 00 00 00 */ ++ /* without size at the beginning !!! */ ++ if ( get_u32(payload, 0) == 0x14 && get_u8(payload, 4) == 0x01 ) ++ { ++ __u32 y=get_u32(payload, 5); ++ /* we need 19 chars + string */ ++ if ( (y + 19) <= (plen) ) ++ { ++ const unsigned char *w=payload+9+y; ++ if (get_u32(w, 0) == 0x01 && ( get_u16(w, 4) == 0x4600 || get_u16(w, 4) == 0x5000) && get_u32(w, 6) == 0x00); ++#ifdef IPP2P_DEBUG_SOUL ++ printk(KERN_DEBUG "Soulssek special client command recognized\n"); ++#endif /* IPP2P_DEBUG_SOUL */ ++ return ((IPP2P_SOUL * 100) + 9); ++ } ++ } ++ return 0; ++} ++ ++ ++/*Search for WinMX commands*/ ++int ++search_winmx (const unsigned char *payload, const u16 plen) ++{ ++//#define IPP2P_DEBUG_WINMX ++ if (((plen) == 4) && (memcmp(payload, "SEND", 4) == 0)) return ((IPP2P_WINMX * 100) + 1); ++ if (((plen) == 3) && (memcmp(payload, "GET", 3) == 0)) return ((IPP2P_WINMX * 100) + 2); ++ //if (packet_len < (head_len + 10)) return 0; ++ if (plen < 10) return 0; ++ ++ if ((memcmp(payload, "SEND", 4) == 0) || (memcmp(payload, "GET", 3) == 0)){ ++ u16 c=4; ++ const u16 end=plen-2; ++ u8 count=0; ++ while (c < end) ++ { ++ if (payload[c]== 0x20 && payload[c+1] == 0x22) ++ { ++ c++; ++ count++; ++ if (count>=2) return ((IPP2P_WINMX * 100) + 3); ++ } ++ c++; ++ } ++ } ++ ++ if ( plen == 149 && payload[0] == '8' ) ++ { ++#ifdef IPP2P_DEBUG_WINMX ++ printk(KERN_INFO "maybe WinMX\n"); ++#endif ++ if (get_u32(payload,17) == 0 && get_u32(payload,21) == 0 && get_u32(payload,25) == 0 && ++// get_u32(payload,33) == __constant_htonl(0x71182b1a) && get_u32(payload,37) == __constant_htonl(0x05050000) && ++// get_u32(payload,133) == __constant_htonl(0x31097edf) && get_u32(payload,145) == __constant_htonl(0xdcb8f792)) ++ get_u16(payload,39) == 0 && get_u16(payload,135) == __constant_htons(0x7edf) && get_u16(payload,147) == __constant_htons(0xf792)) ++ ++ { ++#ifdef IPP2P_DEBUG_WINMX ++ printk(KERN_INFO "got WinMX\n"); ++#endif ++ return ((IPP2P_WINMX * 100) + 4); ++ } ++ } ++ return 0; ++} /*search_winmx*/ ++ ++ ++/*Search for appleJuice commands*/ ++int ++search_apple (const unsigned char *payload, const u16 plen) ++{ ++ if ( (plen > 7) && (payload[6] == 0x0d) && (payload[7] == 0x0a) && (memcmp(payload, "ajprot", 6) == 0)) return (IPP2P_APPLE * 100); ++ ++ return 0; ++} ++ ++ ++/*Search for BitTorrent commands*/ ++int ++search_bittorrent (const unsigned char *payload, const u16 plen) ++{ ++ if (plen > 20) ++ { ++ /* test for match 0x13+"BitTorrent protocol" */ ++ if (payload[0] == 0x13) ++ { ++ if (memcmp(payload+1, "BitTorrent protocol", 19) == 0) return (IPP2P_BIT * 100); ++ } ++ ++ /* get tracker commandos, all starts with GET / ++ * then it can follow: scrape| announce ++ * and then ?hash_info= ++ */ ++ if (memcmp(payload,"GET /",5) == 0) ++ { ++ /* message scrape */ ++ if ( memcmp(payload+5,"scrape?info_hash=",17)==0 ) return (IPP2P_BIT * 100 + 1); ++ /* message announce */ ++ if ( memcmp(payload+5,"announce?info_hash=",19)==0 ) return (IPP2P_BIT * 100 + 2); ++ } ++ } ++ else ++ { ++ /* bitcomet encryptes the first packet, so we have to detect another ++ * one later in the flow */ ++ /* first try failed, too many missdetections */ ++ //if ( size == 5 && get_u32(t,0) == __constant_htonl(1) && t[4] < 3) return (IPP2P_BIT * 100 + 3); ++ ++ /* second try: block request packets */ ++ if ( plen == 17 && get_u32(payload,0) == __constant_htonl(0x0d) && payload[4] == 0x06 && get_u32(payload,13) == __constant_htonl(0x4000) ) return (IPP2P_BIT * 100 + 3); ++ } ++ ++ return 0; ++} ++ ++ ++ ++/*check for Kazaa get command*/ ++int ++search_kazaa (const unsigned char *payload, const u16 plen) ++ ++{ ++ if ((payload[plen-2] == 0x0d) && (payload[plen-1] == 0x0a) && memcmp(payload, "GET /.hash=", 11) == 0) ++ return (IPP2P_DATA_KAZAA * 100); ++ ++ return 0; ++} ++ ++ ++/*check for gnutella get command*/ ++int ++search_gnu (const unsigned char *payload, const u16 plen) ++{ ++ if ((payload[plen-2] == 0x0d) && (payload[plen-1] == 0x0a)) ++ { ++ if (memcmp(payload, "GET /get/", 9) == 0) return ((IPP2P_DATA_GNU * 100) + 1); ++ if (memcmp(payload, "GET /uri-res/", 13) == 0) return ((IPP2P_DATA_GNU * 100) + 2); ++ } ++ return 0; ++} ++ ++ ++/*check for gnutella get commands and other typical data*/ ++int ++search_all_gnu (const unsigned char *payload, const u16 plen) ++{ ++ ++ if ((payload[plen-2] == 0x0d) && (payload[plen-1] == 0x0a)) ++ { ++ ++ if (memcmp(payload, "GNUTELLA CONNECT/", 17) == 0) return ((IPP2P_GNU * 100) + 1); ++ if (memcmp(payload, "GNUTELLA/", 9) == 0) return ((IPP2P_GNU * 100) + 2); ++ ++ ++ if ((memcmp(payload, "GET /get/", 9) == 0) || (memcmp(payload, "GET /uri-res/", 13) == 0)) ++ { ++ u16 c=8; ++ const u16 end=plen-22; ++ while (c < end) { ++ if ( payload[c] == 0x0a && payload[c+1] == 0x0d && ((memcmp(&payload[c+2], "X-Gnutella-", 11) == 0) || (memcmp(&payload[c+2], "X-Queue:", 8) == 0))) ++ return ((IPP2P_GNU * 100) + 3); ++ c++; ++ } ++ } ++ } ++ return 0; ++} ++ ++ ++/*check for KaZaA download commands and other typical data*/ ++int ++search_all_kazaa (const unsigned char *payload, const u16 plen) ++{ ++ if ((payload[plen-2] == 0x0d) && (payload[plen-1] == 0x0a)) ++ { ++ ++ if (memcmp(payload, "GIVE ", 5) == 0) return ((IPP2P_KAZAA * 100) + 1); ++ ++ if (memcmp(payload, "GET /", 5) == 0) { ++ u16 c = 8; ++ const u16 end=plen-22; ++ while (c < end) { ++ if ( payload[c] == 0x0a && payload[c+1] == 0x0d && ((memcmp(&payload[c+2], "X-Kazaa-Username: ", 18) == 0) || (memcmp(&payload[c+2], "User-Agent: PeerEnabler/", 24) == 0))) ++ return ((IPP2P_KAZAA * 100) + 2); ++ c++; ++ } ++ } ++ } ++ return 0; ++} ++ ++/*fast check for edonkey file segment transfer command*/ ++int ++search_edk (const unsigned char *payload, const u16 plen) ++{ ++ if (payload[0] != 0xe3) ++ return 0; ++ else { ++ if (payload[5] == 0x47) ++ return (IPP2P_DATA_EDK * 100); ++ else ++ return 0; ++ } ++} ++ ++ ++ ++/*intensive but slower search for some edonkey packets including size-check*/ ++int ++search_all_edk (const unsigned char *payload, const u16 plen) ++{ ++ if (payload[0] != 0xe3) ++ return 0; ++ else { ++ //t += head_len; ++ const u16 cmd = get_u16(payload, 1); ++ if (cmd == (plen - 5)) { ++ switch (payload[5]) { ++ case 0x01: return ((IPP2P_EDK * 100) + 1); /*Client: hello or Server:hello*/ ++ case 0x4c: return ((IPP2P_EDK * 100) + 9); /*Client: Hello-Answer*/ ++ } ++ } ++ return 0; ++ } ++} ++ ++ ++/*fast check for Direct Connect send command*/ ++int ++search_dc (const unsigned char *payload, const u16 plen) ++{ ++ ++ if (payload[0] != 0x24 ) ++ return 0; ++ else { ++ if (memcmp(&payload[1], "Send|", 5) == 0) ++ return (IPP2P_DATA_DC * 100); ++ else ++ return 0; ++ } ++ ++} ++ ++ ++/*intensive but slower check for all direct connect packets*/ ++int ++search_all_dc (const unsigned char *payload, const u16 plen) ++{ ++// unsigned char *t = haystack; ++ ++ if (payload[0] == 0x24 && payload[plen-1] == 0x7c) ++ { ++ const unsigned char *t=&payload[1]; ++ /* Client-Hub-Protocol */ ++ if (memcmp(t, "Lock ", 5) == 0) return ((IPP2P_DC * 100) + 1); ++ /* Client-Client-Protocol, some are already recognized by client-hub (like lock) */ ++ if (memcmp(t, "MyNick ", 7) == 0) return ((IPP2P_DC * 100) + 38); ++ } ++ return 0; ++} ++ ++/*check for mute*/ ++int ++search_mute (const unsigned char *payload, const u16 plen) ++{ ++ if ( plen == 209 || plen == 345 || plen == 473 || plen == 609 || plen == 1121 ) ++ { ++ //printk(KERN_DEBUG "size hit: %u",size); ++ if (memcmp(payload,"PublicKey: ",11) == 0 ) ++ { ++ return ((IPP2P_MUTE * 100) + 0); ++ ++/* if (memcmp(t+size-14,"\x0aEndPublicKey\x0a",14) == 0) ++ { ++ printk(KERN_DEBUG "end pubic key hit: %u",size); ++ ++ }*/ ++ } ++ } ++ return 0; ++} ++ ++ ++/* check for xdcc */ ++int ++search_xdcc (const unsigned char *payload, const u16 plen) ++{ ++ /* search in small packets only */ ++ if (plen > 20 && plen < 200 && payload[plen-1] == 0x0a && payload[plen-2] == 0x0d && memcmp(payload,"PRIVMSG ",8) == 0) ++ { ++ ++ u16 x=10; ++ const u16 end=plen - 13; ++ ++ /* is seems to be a irc private massage, chedck for xdcc command */ ++ while (x < end) ++ { ++ if (payload[x] == ':') ++ { ++ if ( memcmp(&payload[x+1],"xdcc send #",11) == 0 ) ++ return ((IPP2P_XDCC * 100) + 0); ++ } ++ x++; ++ } ++ } ++ return 0; ++} ++ ++/* search for waste */ ++int search_waste(const unsigned char *payload, const u16 plen) ++{ ++ if ( plen >= 8 && memcmp(payload,"GET.sha1:",9) == 0) ++ return ((IPP2P_WASTE * 100) + 0); ++ ++ return 0; ++} ++ ++ ++static struct { ++ int command; ++ __u8 short_hand; /*for fucntions included in short hands*/ ++ int packet_len; ++ int (*function_name) (const unsigned char *, const u16); ++} matchlist[] = { ++ {IPP2P_EDK,SHORT_HAND_IPP2P,20, &search_all_edk}, ++// {IPP2P_DATA_KAZAA,SHORT_HAND_DATA,200, &search_kazaa}, ++// {IPP2P_DATA_EDK,SHORT_HAND_DATA,60, &search_edk}, ++// {IPP2P_DATA_DC,SHORT_HAND_DATA,26, &search_dc}, ++ {IPP2P_DC,SHORT_HAND_IPP2P,5, search_all_dc}, ++// {IPP2P_DATA_GNU,SHORT_HAND_DATA,40, &search_gnu}, ++ {IPP2P_GNU,SHORT_HAND_IPP2P,5, &search_all_gnu}, ++ {IPP2P_KAZAA,SHORT_HAND_IPP2P,5, &search_all_kazaa}, ++ {IPP2P_BIT,SHORT_HAND_IPP2P,20, &search_bittorrent}, ++ {IPP2P_APPLE,SHORT_HAND_IPP2P,5, &search_apple}, ++ {IPP2P_SOUL,SHORT_HAND_IPP2P,5, &search_soul}, ++ {IPP2P_WINMX,SHORT_HAND_IPP2P,2, &search_winmx}, ++ {IPP2P_ARES,SHORT_HAND_IPP2P,5, &search_ares}, ++ {IPP2P_MUTE,SHORT_HAND_NONE,200, &search_mute}, ++ {IPP2P_WASTE,SHORT_HAND_NONE,5, &search_waste}, ++ {IPP2P_XDCC,SHORT_HAND_NONE,5, &search_xdcc}, ++ {0,0,0,NULL} ++}; ++ ++ ++static struct { ++ int command; ++ __u8 short_hand; /*for fucntions included in short hands*/ ++ int packet_len; ++ int (*function_name) (unsigned char *, int); ++} udp_list[] = { ++ { IPP2P_KAZAA, SHORT_HAND_IPP2P, 14, &udp_search_kazaa}, ++ { IPP2P_BIT, SHORT_HAND_IPP2P, 23, &udp_search_bit}, ++ { IPP2P_GNU, SHORT_HAND_IPP2P, 11, &udp_search_gnu}, ++ { IPP2P_EDK, SHORT_HAND_IPP2P, 9, &udp_search_edk}, ++ { IPP2P_DC, SHORT_HAND_IPP2P, 12, &udp_search_directconnect}, ++ { 0, 0, 0, NULL } ++}; ++ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) ++static int ++match(const struct sk_buff *skb, ++ const struct net_device *in, ++ const struct net_device *out, ++ const void *matchinfo, ++ int offset, ++ const void *hdr, ++ u_int16_t datalen, ++ int *hotdrop) ++#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16) ++static int ++match(const struct sk_buff *skb, ++ const struct net_device *in, ++ const struct net_device *out, ++ const void *matchinfo, ++ int offset, ++ int *hotdrop) ++#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) ++static int ++match(const struct sk_buff *skb, ++ const struct net_device *in, ++ const struct net_device *out, ++ const void *matchinfo, ++ int offset, ++ unsigned int protoff, ++ int *hotdrop) ++#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23) ++static int ++match(const struct sk_buff *skb, ++ const struct net_device *in, ++ const struct net_device *out, ++ const struct xt_match *match, ++ const void *matchinfo, ++ int offset, ++ unsigned int protoff, ++ int *hotdrop) ++#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,28) ++static bool ++match(const struct sk_buff *skb, ++ const struct net_device *in, ++ const struct net_device *out, ++ const struct xt_match *match, ++ const void *matchinfo, ++ int offset, ++ unsigned int protoff, ++ bool *hotdrop) ++#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,35) ++static bool ++match(const struct sk_buff *skb, ++ const struct xt_match_param *par) ++#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,35) */ ++static int ++match(const struct sk_buff *skb, ++ struct xt_action_param *par) ++#endif ++{ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,28) ++ const struct ipt_p2p_info *info = matchinfo; ++#else ++ const struct ipt_p2p_info *info = par->matchinfo; ++ const int offset = par->fragoff; ++#endif ++ unsigned char *haystack; ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ struct iphdr *ip = ip_hdr(skb); ++#else ++ struct iphdr *ip = skb->nh.iph; ++#endif ++ int p2p_result = 0, i = 0; ++// int head_len; ++ int hlen = ntohs(ip->tot_len)-(ip->ihl*4); /*hlen = packet-data length*/ ++ ++ /*must not be a fragment*/ ++ if (offset) { ++ if (info->debug) printk("IPP2P.match: offset found %i \n",offset); ++ return 0; ++ } ++ ++ /*make sure that skb is linear*/ ++ if(skb_is_nonlinear(skb)){ ++ if (info->debug) printk("IPP2P.match: nonlinear skb found\n"); ++ return 0; ++ } ++ ++ ++ haystack=(char *)ip+(ip->ihl*4); /*haystack = packet data*/ ++ ++ switch (ip->protocol){ ++ case IPPROTO_TCP: /*what to do with a TCP packet*/ ++ { ++ struct tcphdr *tcph = (void *) ip + ip->ihl * 4; ++ ++ if (tcph->fin) return 0; /*if FIN bit is set bail out*/ ++ if (tcph->syn) return 0; /*if SYN bit is set bail out*/ ++ if (tcph->rst) return 0; /*if RST bit is set bail out*/ ++ ++ haystack += tcph->doff * 4; /*get TCP-Header-Size*/ ++ hlen -= tcph->doff * 4; ++ while (matchlist[i].command) { ++ if ((((info->cmd & matchlist[i].command) == matchlist[i].command) || ++ ((info->cmd & matchlist[i].short_hand) == matchlist[i].short_hand)) && ++ (hlen > matchlist[i].packet_len)) { ++ p2p_result = matchlist[i].function_name(haystack, hlen); ++ if (p2p_result) ++ { ++ if (info->debug) printk("IPP2P.debug:TCP-match: %i from: %pl4:%i to: %pl4:%i Length: %i\n", ++ p2p_result, &ip->saddr,ntohs(tcph->source), &ip->daddr,ntohs(tcph->dest),hlen); ++ return p2p_result; ++ } ++ } ++ i++; ++ } ++ return p2p_result; ++ } ++ ++ case IPPROTO_UDP: /*what to do with an UDP packet*/ ++ { ++ struct udphdr *udph = (void *) ip + ip->ihl * 4; ++ ++ while (udp_list[i].command){ ++ if ((((info->cmd & udp_list[i].command) == udp_list[i].command) || ++ ((info->cmd & udp_list[i].short_hand) == udp_list[i].short_hand)) && ++ (hlen > udp_list[i].packet_len)) { ++ p2p_result = udp_list[i].function_name(haystack, hlen); ++ if (p2p_result){ ++ if (info->debug) printk("IPP2P.debug:UDP-match: %i from: %pl4:%i to: %pl4:%i Length: %i\n", ++ p2p_result, &ip->saddr,ntohs(udph->source), &ip->daddr,ntohs(udph->dest),hlen); ++ return p2p_result; ++ } ++ } ++ i++; ++ } ++ return p2p_result; ++ } ++ ++ default: return 0; ++ } ++} ++ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16) ++static int ++checkentry(const char *tablename, ++ const struct ipt_ip *ip, ++ void *matchinfo, ++ unsigned int matchsize, ++ unsigned int hook_mask) ++#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) ++static int ++checkentry(const char *tablename, ++ const void *inf, ++ void *matchinfo, ++ unsigned int matchsize, ++ unsigned int hook_mask) ++#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) ++static int ++checkentry(const char *tablename, ++ const void *inf, ++ const struct xt_match *match, ++ void *matchinfo, ++ unsigned int matchsize, ++ unsigned int hook_mask) ++#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23) ++static int ++checkentry(const char *tablename, ++ const void *inf, ++ const struct xt_match *match, ++ void *matchinfo, ++ unsigned int hook_mask) ++#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,28) ++static bool ++checkentry(const char *tablename, ++ const void *inf, ++ const struct xt_match *match, ++ void *matchinfo, ++ unsigned int hook_mask) ++#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,35) ++static bool ++checkentry(const struct xt_mtchk_param *par) ++#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,35) */ ++static int ++checkentry(const struct xt_mtchk_param *par) ++#endif ++{ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,35) ++ return 1; ++#else ++ return 0; ++#endif ++} ++ ++ ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) ++static struct xt_match ipp2p_match = { ++#else ++static struct ipt_match ipp2p_match = { ++#endif ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) ++ { NULL, NULL }, ++ "ipp2p", ++ &ipp2p_match, ++ &ipp2p_checkentry, ++ NULL, ++ THIS_MODULE ++#endif ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++ .name = "ipp2p", ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) ++ .family = AF_INET, ++#endif ++ .match = &match, ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) ++ .matchsize = sizeof(struct ipt_p2p_info), ++#endif ++ .checkentry = &checkentry, ++ .me = THIS_MODULE, ++#endif ++}; ++ ++ ++static int __init init(void) ++{ ++ printk(KERN_INFO "IPP2P v%s loading\n", IPP2P_VERSION); ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) ++ return xt_register_match(&ipp2p_match); ++#else ++ return ipt_register_match(&ipp2p_match); ++#endif ++} ++ ++static void __exit fini(void) ++{ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) ++ xt_unregister_match(&ipp2p_match); ++#else ++ ipt_unregister_match(&ipp2p_match); ++#endif ++ printk(KERN_INFO "IPP2P v%s unloaded\n", IPP2P_VERSION); ++} ++ ++module_init(init); ++module_exit(fini); ++ ++ +diff -Naur linux-3.0.24.org/net/ipv4/netfilter/Kconfig linux-3.0.24/net/ipv4/netfilter/Kconfig +--- linux-3.0.24.org/net/ipv4/netfilter/Kconfig 2012-03-12 18:58:19.000000000 +0100 ++++ linux-3.0.24/net/ipv4/netfilter/Kconfig 2012-03-20 09:05:15.827477622 +0100 +@@ -379,5 +379,15 @@ + + endif # IP_NF_ARPTABLES + ++config IP_NF_MATCH_IPP2P ++ tristate 'IPP2P match support' ++ depends on IP_NF_IPTABLES ++ help ++ This option makes possible to match some P2P packets ++ therefore helps controlling such traffic. ++ ++ If you want to compile it as a module, say M here and read ++ file:Documentation/modules.txt. If unsure, say `N'. ++ + endmenu + +diff -Naur linux-3.0.24.org/net/ipv4/netfilter/Makefile linux-3.0.24/net/ipv4/netfilter/Makefile +--- linux-3.0.24.org/net/ipv4/netfilter/Makefile 2012-03-12 18:58:19.000000000 +0100 ++++ linux-3.0.24/net/ipv4/netfilter/Makefile 2012-03-20 09:13:38.960288878 +0100 +@@ -50,6 +50,7 @@ + # matches + obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o + obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o ++obj-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p.o + + # targets + obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o diff --git a/src/patches/openssl-0.9.8u-cryptodev.patch b/src/patches/openssl-0.9.8u-cryptodev.patch new file mode 100644 index 0000000..920648d --- /dev/null +++ b/src/patches/openssl-0.9.8u-cryptodev.patch @@ -0,0 +1,882 @@ +diff -Naur openssl-0.9.8u.org/crypto/engine/eng_all.c openssl-0.9.8u/crypto/engine/eng_all.c +--- openssl-0.9.8u.org/crypto/engine/eng_all.c 2010-03-01 01:30:11.000000000 +0100 ++++ openssl-0.9.8u/crypto/engine/eng_all.c 2012-03-27 14:07:11.000000000 +0200 +@@ -113,7 +113,6 @@ + #endif + } + +-#if defined(__OpenBSD__) || defined(__FreeBSD__) + void ENGINE_setup_bsd_cryptodev(void) { + static int bsd_cryptodev_default_loaded = 0; + if (!bsd_cryptodev_default_loaded) { +@@ -122,4 +121,3 @@ + } + bsd_cryptodev_default_loaded=1; + } +-#endif +diff -Naur openssl-0.9.8u.org/crypto/engine/eng_cryptodev.c openssl-0.9.8u/crypto/engine/eng_cryptodev.c +--- openssl-0.9.8u.org/crypto/engine/eng_cryptodev.c 2012-03-06 14:22:32.000000000 +0100 ++++ openssl-0.9.8u/crypto/engine/eng_cryptodev.c 2012-03-27 14:02:59.000000000 +0200 +@@ -2,6 +2,7 @@ + * Copyright (c) 2002 Bob Beck beck@openbsd.org + * Copyright (c) 2002 Theo de Raadt + * Copyright (c) 2002 Markus Friedl ++ * Copyright (c) 2012 Nikos Mavrogiannopoulos + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without +@@ -30,10 +31,6 @@ + #include <openssl/engine.h> + #include <openssl/evp.h> + #include <openssl/bn.h> +-#include <openssl/dsa.h> +-#include <openssl/rsa.h> +-#include <openssl/dh.h> +-#include <openssl/err.h> + + #if (defined(__unix__) || defined(unix)) && !defined(USG) && \ + (defined(OpenBSD) || defined(__FreeBSD__)) +@@ -59,6 +56,10 @@ + + #include <sys/types.h> + #include <crypto/cryptodev.h> ++#include <crypto/dh/dh.h> ++#include <crypto/dsa/dsa.h> ++#include <crypto/err/err.h> ++#include <crypto/rsa/rsa.h> + #include <sys/ioctl.h> + #include <errno.h> + #include <stdio.h> +@@ -72,6 +73,12 @@ + struct dev_crypto_state { + struct session_op d_sess; + int d_fd; ++ ++#ifdef USE_CRYPTODEV_DIGESTS ++ unsigned char digest_res[HASH_MAX_LEN]; ++ char *mac_data; ++ int mac_len; ++#endif + }; + + static u_int32_t cryptodev_asymfeat = 0; +@@ -79,15 +86,14 @@ + static int get_asym_dev_crypto(void); + static int open_dev_crypto(void); + static int get_dev_crypto(void); +-static int cryptodev_max_iv(int cipher); +-static int cryptodev_key_length_valid(int cipher, int len); +-static int cipher_nid_to_cryptodev(int nid); + static int get_cryptodev_ciphers(const int **cnids); +-/*static int get_cryptodev_digests(const int **cnids);*/ ++#ifdef USE_CRYPTODEV_DIGESTS ++static int get_cryptodev_digests(const int **cnids); ++#endif + static int cryptodev_usable_ciphers(const int **nids); + static int cryptodev_usable_digests(const int **nids); + static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl); ++ const unsigned char *in, size_t inl); + static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); + static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); +@@ -121,7 +127,7 @@ + static int cryptodev_dh_compute_key(unsigned char *key, + const BIGNUM *pub_key, DH *dh); + static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, +- void (*f)()); ++ void (*f)(void)); + void ENGINE_load_cryptodev(void); + + static const ENGINE_CMD_DEFN cryptodev_defns[] = { +@@ -134,27 +140,38 @@ + int ivmax; + int keylen; + } ciphers[] = { ++ { CRYPTO_ARC4, NID_rc4, 0, 16, }, + { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, + { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, + { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, ++ { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, ++ { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, + { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, + { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, + { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, + { 0, NID_undef, 0, 0, }, + }; + +-#if 0 ++#ifdef USE_CRYPTODEV_DIGESTS + static struct { + int id; + int nid; ++ int digestlen; + } digests[] = { +- { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, }, +- { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, }, +- { CRYPTO_MD5_KPDK, NID_undef, }, +- { CRYPTO_SHA1_KPDK, NID_undef, }, +- { CRYPTO_MD5, NID_md5, }, +- { CRYPTO_SHA1, NID_undef, }, +- { 0, NID_undef, }, ++#if 0 ++ /* HMAC is not supported */ ++ { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16}, ++ { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20}, ++ { CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA256, 32}, ++ { CRYPTO_SHA2_384_HMAC, NID_hmacWithSHA384, 48}, ++ { CRYPTO_SHA2_512_HMAC, NID_hmacWithSHA512, 64}, ++#endif ++ { CRYPTO_MD5, NID_md5, 16}, ++ { CRYPTO_SHA1, NID_sha1, 20}, ++ { CRYPTO_SHA2_256, NID_sha256, 32}, ++ { CRYPTO_SHA2_384, NID_sha384, 48}, ++ { CRYPTO_SHA2_512, NID_sha512, 64}, ++ { 0, NID_undef, 0}, + }; + #endif + +@@ -186,6 +203,7 @@ + + if ((fd = open_dev_crypto()) == -1) + return (-1); ++#ifndef CRIOGET_NOT_NEEDED + if (ioctl(fd, CRIOGET, &retfd) == -1) + return (-1); + +@@ -194,9 +212,19 @@ + close(retfd); + return (-1); + } ++#else ++ retfd = fd; ++#endif + return (retfd); + } + ++static void put_dev_crypto(int fd) ++{ ++#ifndef CRIOGET_NOT_NEEDED ++ close(fd); ++#endif ++} ++ + /* Caching version for asym operations */ + static int + get_asym_dev_crypto(void) +@@ -209,50 +237,6 @@ + } + + /* +- * XXXX this needs to be set for each alg - and determined from +- * a running card. +- */ +-static int +-cryptodev_max_iv(int cipher) +-{ +- int i; +- +- for (i = 0; ciphers[i].id; i++) +- if (ciphers[i].id == cipher) +- return (ciphers[i].ivmax); +- return (0); +-} +- +-/* +- * XXXX this needs to be set for each alg - and determined from +- * a running card. For now, fake it out - but most of these +- * for real devices should return 1 for the supported key +- * sizes the device can handle. +- */ +-static int +-cryptodev_key_length_valid(int cipher, int len) +-{ +- int i; +- +- for (i = 0; ciphers[i].id; i++) +- if (ciphers[i].id == cipher) +- return (ciphers[i].keylen == len); +- return (0); +-} +- +-/* convert libcrypto nids to cryptodev */ +-static int +-cipher_nid_to_cryptodev(int nid) +-{ +- int i; +- +- for (i = 0; ciphers[i].id; i++) +- if (ciphers[i].nid == nid) +- return (ciphers[i].id); +- return (0); +-} +- +-/* + * Find out what ciphers /dev/crypto will let us have a session for. + * XXX note, that some of these openssl doesn't deal with yet! + * returning them here is harmless, as long as we return NULL +@@ -264,13 +248,14 @@ + static int nids[CRYPTO_ALGORITHM_MAX]; + struct session_op sess; + int fd, i, count = 0; ++ unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN]; + + if ((fd = get_dev_crypto()) < 0) { + *cnids = NULL; + return (0); + } + memset(&sess, 0, sizeof(sess)); +- sess.key = (caddr_t)"123456781234567812345678"; ++ sess.key = (void*)fake_key; + + for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { + if (ciphers[i].nid == NID_undef) +@@ -282,7 +267,7 @@ + ioctl(fd, CIOCFSESSION, &sess.ses) != -1) + nids[count++] = ciphers[i].nid; + } +- close(fd); ++ put_dev_crypto(fd); + + if (count > 0) + *cnids = nids; +@@ -291,7 +276,7 @@ + return (count); + } + +-#if 0 /* unused */ ++#ifdef USE_CRYPTODEV_DIGESTS + /* + * Find out what digests /dev/crypto will let us have a session for. + * XXX note, that some of these openssl doesn't deal with yet! +@@ -302,6 +287,7 @@ + get_cryptodev_digests(const int **cnids) + { + static int nids[CRYPTO_ALGORITHM_MAX]; ++ unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN]; + struct session_op sess; + int fd, i, count = 0; + +@@ -310,16 +296,18 @@ + return (0); + } + memset(&sess, 0, sizeof(sess)); ++ sess.mackey = fake_key; + for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { + if (digests[i].nid == NID_undef) + continue; + sess.mac = digests[i].id; ++ sess.mackeylen = 8; + sess.cipher = 0; + if (ioctl(fd, CIOCGSESSION, &sess) != -1 && + ioctl(fd, CIOCFSESSION, &sess.ses) != -1) + nids[count++] = digests[i].nid; + } +- close(fd); ++ put_dev_crypto(fd); + + if (count > 0) + *cnids = nids; +@@ -327,8 +315,7 @@ + *cnids = NULL; + return (count); + } +- +-#endif ++#endif /* 0 */ + + /* + * Find the useable ciphers|digests from dev/crypto - this is the first +@@ -360,6 +347,9 @@ + static int + cryptodev_usable_digests(const int **nids) + { ++#ifdef USE_CRYPTODEV_DIGESTS ++ return (get_cryptodev_digests(nids)); ++#else + /* + * XXXX just disable all digests for now, because it sucks. + * we need a better way to decide this - i.e. I may not +@@ -374,11 +364,12 @@ + */ + *nids = NULL; + return (0); ++#endif + } + + static int + cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) ++ const unsigned char *in, size_t inl) + { + struct crypt_op cryp; + struct dev_crypto_state *state = ctx->cipher_data; +@@ -398,14 +389,14 @@ + cryp.ses = sess->ses; + cryp.flags = 0; + cryp.len = inl; +- cryp.src = (caddr_t) in; +- cryp.dst = (caddr_t) out; ++ cryp.src = (void*) in; ++ cryp.dst = (void*) out; + cryp.mac = 0; + + cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; + + if (ctx->cipher->iv_len) { +- cryp.iv = (caddr_t) ctx->iv; ++ cryp.iv = (void*) ctx->iv; + if (!ctx->encrypt) { + iiv = in + inl - ctx->cipher->iv_len; + memcpy(save_iv, iiv, ctx->cipher->iv_len); +@@ -436,28 +427,32 @@ + { + struct dev_crypto_state *state = ctx->cipher_data; + struct session_op *sess = &state->d_sess; +- int cipher; ++ int cipher = -1, i; + +- if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef) +- return (0); +- +- if (ctx->cipher->iv_len > cryptodev_max_iv(cipher)) +- return (0); ++ for (i = 0; ciphers[i].id; i++) ++ if (ctx->cipher->nid == ciphers[i].nid && ++ ctx->cipher->iv_len <= ciphers[i].ivmax && ++ ctx->key_len == ciphers[i].keylen) { ++ cipher = ciphers[i].id; ++ break; ++ } + +- if (!cryptodev_key_length_valid(cipher, ctx->key_len)) ++ if (!ciphers[i].id) { ++ state->d_fd = -1; + return (0); ++ } + + memset(sess, 0, sizeof(struct session_op)); + + if ((state->d_fd = get_dev_crypto()) < 0) + return (0); + +- sess->key = (char *)key; ++ sess->key = (void*)key; + sess->keylen = ctx->key_len; + sess->cipher = cipher; + + if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { +- close(state->d_fd); ++ put_dev_crypto(state->d_fd); + state->d_fd = -1; + return (0); + } +@@ -494,7 +489,7 @@ + } else { + ret = 1; + } +- close(state->d_fd); ++ put_dev_crypto(state->d_fd); + state->d_fd = -1; + + return (ret); +@@ -505,6 +500,20 @@ + * gets called when libcrypto requests a cipher NID. + */ + ++/* RC4 */ ++const EVP_CIPHER cryptodev_rc4 = { ++ NID_rc4, ++ 1, 16, 0, ++ EVP_CIPH_VARIABLE_LENGTH, ++ cryptodev_init_key, ++ cryptodev_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ NULL, ++ NULL, ++ NULL ++}; ++ + /* DES CBC EVP */ + const EVP_CIPHER cryptodev_des_cbc = { + NID_des_cbc, +@@ -572,6 +581,32 @@ + NULL + }; + ++const EVP_CIPHER cryptodev_aes_192_cbc = { ++ NID_aes_192_cbc, ++ 16, 24, 16, ++ EVP_CIPH_CBC_MODE, ++ cryptodev_init_key, ++ cryptodev_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ NULL ++}; ++ ++const EVP_CIPHER cryptodev_aes_256_cbc = { ++ NID_aes_256_cbc, ++ 16, 32, 16, ++ EVP_CIPH_CBC_MODE, ++ cryptodev_init_key, ++ cryptodev_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ NULL ++}; ++ + /* + * Registered by the ENGINE when used to find out how to deal with + * a particular NID in the ENGINE. this says what we'll do at the +@@ -585,6 +620,9 @@ + return (cryptodev_usable_ciphers(nids)); + + switch (nid) { ++ case NID_rc4: ++ *cipher = &cryptodev_rc4; ++ break; + case NID_des_ede3_cbc: + *cipher = &cryptodev_3des_cbc; + break; +@@ -600,6 +638,12 @@ + case NID_aes_128_cbc: + *cipher = &cryptodev_aes_cbc; + break; ++ case NID_aes_192_cbc: ++ *cipher = &cryptodev_aes_192_cbc; ++ break; ++ case NID_aes_256_cbc: ++ *cipher = &cryptodev_aes_256_cbc; ++ break; + default: + *cipher = NULL; + break; +@@ -607,6 +651,286 @@ + return (*cipher != NULL); + } + ++ ++#ifdef USE_CRYPTODEV_DIGESTS ++ ++/* convert digest type to cryptodev */ ++static int ++digest_nid_to_cryptodev(int nid) ++{ ++ int i; ++ ++ for (i = 0; digests[i].id; i++) ++ if (digests[i].nid == nid) ++ return (digests[i].id); ++ return (0); ++} ++ ++ ++static int cryptodev_digest_init(EVP_MD_CTX *ctx) ++{ ++ struct dev_crypto_state *state = ctx->md_data; ++ struct session_op *sess = &state->d_sess; ++ int digest; ++ ++ if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){ ++ printf("cryptodev_digest_init: Can't get digest \n"); ++ return (0); ++ } ++ memset(state, 0, sizeof(struct dev_crypto_state)); ++ ++ if ((state->d_fd = get_dev_crypto()) < 0) { ++ printf("cryptodev_digest_init: Can't get Dev \n"); ++ return (0); ++ } ++ ++ sess->mackey = NULL; ++ sess->mackeylen = 0; ++ sess->mac = digest; ++ ++ if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { ++ put_dev_crypto(state->d_fd); ++ state->d_fd = -1; ++ printf("cryptodev_digest_init: Open session failed\n"); ++ return (0); ++ } ++ ++ return (1); ++} ++ ++static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, ++ size_t count) ++{ ++ struct dev_crypto_state *state = ctx->md_data; ++ struct crypt_op cryp; ++ struct session_op *sess = &state->d_sess; ++ ++ if (!data || state->d_fd < 0) { ++ printf("cryptodev_digest_update: illegal inputs \n"); ++ return (0); ++ } ++ ++ if (!count) { ++ return (1); ++ } ++ ++ if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { ++ /* if application doesn't support one buffer */ ++ state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count); ++ ++ if (!state->mac_data) { ++ printf("cryptodev_digest_update: realloc failed\n"); ++ return (0); ++ } ++ ++ memcpy(state->mac_data + state->mac_len, data, count); ++ state->mac_len += count; ++ ++ return (1); ++ } ++ ++ memset(&cryp, 0, sizeof(cryp)); ++ ++ cryp.ses = sess->ses; ++ cryp.flags = 0; ++ cryp.len = count; ++ cryp.src = (void*) data; ++ cryp.dst = NULL; ++ cryp.mac = (void*) state->digest_res; ++ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { ++ printf("cryptodev_digest_update: digest failed\n"); ++ return (0); ++ } ++ return (1); ++} ++ ++ ++static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ struct crypt_op cryp; ++ struct dev_crypto_state *state = ctx->md_data; ++ struct session_op *sess = &state->d_sess; ++ ++ if (!md || state->d_fd < 0) { ++ printf("cryptodev_digest_final: illegal input\n"); ++ return(0); ++ } ++ ++ if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) { ++ /* if application doesn't support one buffer */ ++ memset(&cryp, 0, sizeof(cryp)); ++ cryp.ses = sess->ses; ++ cryp.flags = 0; ++ cryp.len = state->mac_len; ++ cryp.src = state->mac_data; ++ cryp.dst = NULL; ++ cryp.mac = (void*)md; ++ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { ++ printf("cryptodev_digest_final: digest failed\n"); ++ return (0); ++ } ++ ++ return 1; ++ } ++ ++ memcpy(md, state->digest_res, ctx->digest->md_size); ++ ++ return 1; ++} ++ ++ ++static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx) ++{ ++ int ret = 1; ++ struct dev_crypto_state *state = ctx->md_data; ++ struct session_op *sess = &state->d_sess; ++ ++ if (state == NULL) ++ return 0; ++ ++ if (state->d_fd < 0) { ++ printf("cryptodev_digest_cleanup: illegal input\n"); ++ return (0); ++ } ++ ++ if (state->mac_data) { ++ OPENSSL_free(state->mac_data); ++ state->mac_data = NULL; ++ state->mac_len = 0; ++ } ++ ++ if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) { ++ printf("cryptodev_digest_cleanup: failed to close session\n"); ++ ret = 0; ++ } else { ++ ret = 1; ++ } ++ put_dev_crypto(state->d_fd); ++ state->d_fd = -1; ++ ++ return (ret); ++} ++ ++static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from) ++{ ++ struct dev_crypto_state *fstate = from->md_data; ++ struct dev_crypto_state *dstate = to->md_data; ++ struct session_op *sess; ++ int digest; ++ ++ if (dstate == NULL || fstate == NULL) ++ return 1; ++ ++ memcpy(dstate, fstate, sizeof(struct dev_crypto_state)); ++ ++ sess = &dstate->d_sess; ++ ++ digest = digest_nid_to_cryptodev(to->digest->type); ++ ++ sess->mackey = NULL; ++ sess->mackeylen = 0; ++ sess->mac = digest; ++ ++ dstate->d_fd = get_dev_crypto(); ++ ++ if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) { ++ put_dev_crypto(dstate->d_fd); ++ dstate->d_fd = -1; ++ printf("cryptodev_digest_init: Open session failed\n"); ++ return (0); ++ } ++ ++ if (fstate->mac_len != 0) { ++ if (fstate->mac_data != NULL) ++ { ++ dstate->mac_data = OPENSSL_malloc(fstate->mac_len); ++ memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len); ++ dstate->mac_len = fstate->mac_len; ++ } ++ } ++ ++ return 1; ++} ++ ++ ++static const EVP_MD cryptodev_sha1 = { ++ NID_sha1, ++ NID_sha1WithRSAEncryption, ++ SHA_DIGEST_LENGTH, ++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, ++ cryptodev_digest_init, ++ cryptodev_digest_update, ++ cryptodev_digest_final, ++ cryptodev_digest_copy, ++ cryptodev_digest_cleanup, ++ EVP_PKEY_RSA_method, ++ SHA_CBLOCK, ++ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), ++}; ++ ++static const EVP_MD cryptodev_sha256 = { ++ NID_sha256, ++ NID_sha256WithRSAEncryption, ++ SHA256_DIGEST_LENGTH, ++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, ++ cryptodev_digest_init, ++ cryptodev_digest_update, ++ cryptodev_digest_final, ++ cryptodev_digest_copy, ++ cryptodev_digest_cleanup, ++ EVP_PKEY_RSA_method, ++ SHA256_CBLOCK, ++ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), ++}; ++ ++static const EVP_MD cryptodev_sha384 = { ++ NID_sha384, ++ NID_sha384WithRSAEncryption, ++ SHA384_DIGEST_LENGTH, ++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, ++ cryptodev_digest_init, ++ cryptodev_digest_update, ++ cryptodev_digest_final, ++ cryptodev_digest_copy, ++ cryptodev_digest_cleanup, ++ EVP_PKEY_RSA_method, ++ SHA512_CBLOCK, ++ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), ++}; ++ ++static const EVP_MD cryptodev_sha512 = { ++ NID_sha512, ++ NID_sha512WithRSAEncryption, ++ SHA512_DIGEST_LENGTH, ++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, ++ cryptodev_digest_init, ++ cryptodev_digest_update, ++ cryptodev_digest_final, ++ cryptodev_digest_copy, ++ cryptodev_digest_cleanup, ++ EVP_PKEY_RSA_method, ++ SHA512_CBLOCK, ++ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), ++}; ++ ++static const EVP_MD cryptodev_md5 = { ++ NID_md5, ++ NID_md5WithRSAEncryption, ++ 16 /* MD5_DIGEST_LENGTH */, ++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, ++ cryptodev_digest_init, ++ cryptodev_digest_update, ++ cryptodev_digest_final, ++ cryptodev_digest_copy, ++ cryptodev_digest_cleanup, ++ EVP_PKEY_RSA_method, ++ 64 /* MD5_CBLOCK */, ++ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), ++}; ++ ++#endif /* USE_CRYPTODEV_DIGESTS */ ++ ++ + static int + cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, + const int **nids, int nid) +@@ -615,10 +939,24 @@ + return (cryptodev_usable_digests(nids)); + + switch (nid) { ++#ifdef USE_CRYPTODEV_DIGESTS + case NID_md5: +- *digest = NULL; /* need to make a clean md5 critter */ ++ *digest = &cryptodev_md5; + break; ++ case NID_sha1: ++ *digest = &cryptodev_sha1; ++ break; ++ case NID_sha256: ++ *digest = &cryptodev_sha256; ++ break; ++ case NID_sha384: ++ *digest = &cryptodev_sha384; ++ break; ++ case NID_sha512: ++ *digest = &cryptodev_sha512; ++ break; + default: ++#endif /* USE_CRYPTODEV_DIGESTS */ + *digest = NULL; + break; + } +@@ -646,8 +984,9 @@ + b = malloc(bytes); + if (b == NULL) + return (1); ++ memset(b, 0, bytes); + +- crp->crp_p = (char *)b; ++ crp->crp_p = (void*) b; + crp->crp_nbits = bits; + + for (i = 0, j = 0; i < a->top; i++) { +@@ -690,7 +1029,7 @@ + { + int i; + +- for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) { ++ for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) { + if (kop->crk_param[i].crp_p) + free(kop->crk_param[i].crp_p); + kop->crk_param[i].crp_p = NULL; +@@ -776,8 +1115,9 @@ + cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) + { + int r; +- ++ ctx = BN_CTX_new(); + r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); ++ BN_CTX_free(ctx); + return (r); + } + +@@ -899,7 +1239,7 @@ + kop.crk_op = CRK_DSA_SIGN; + + /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ +- kop.crk_param[0].crp_p = (caddr_t)dgst; ++ kop.crk_param[0].crp_p = (void*)dgst; + kop.crk_param[0].crp_nbits = dlen * 8; + if (bn2crparam(dsa->p, &kop.crk_param[1])) + goto err; +@@ -939,7 +1279,7 @@ + kop.crk_op = CRK_DSA_VERIFY; + + /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ +- kop.crk_param[0].crp_p = (caddr_t)dgst; ++ kop.crk_param[0].crp_p = (void*)dgst; + kop.crk_param[0].crp_nbits = dlen * 8; + if (bn2crparam(dsa->p, &kop.crk_param[1])) + goto err; +@@ -1017,7 +1357,7 @@ + goto err; + kop.crk_iparams = 3; + +- kop.crk_param[3].crp_p = (char *)key; ++ kop.crk_param[3].crp_p = (void*) key; + kop.crk_param[3].crp_nbits = keylen * 8; + kop.crk_oparams = 1; + +@@ -1048,7 +1388,7 @@ + * but I expect we'll want some options soon. + */ + static int +-cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) ++cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) + { + #ifdef HAVE_SYSLOG_R + struct syslog_data sd = SYSLOG_DATA_INIT; +@@ -1084,14 +1424,14 @@ + * find out what asymmetric crypto algorithms we support + */ + if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { +- close(fd); ++ put_dev_crypto(fd); + ENGINE_free(engine); + return; + } +- close(fd); ++ put_dev_crypto(fd); + + if (!ENGINE_set_id(engine, "cryptodev") || +- !ENGINE_set_name(engine, "BSD cryptodev engine") || ++ !ENGINE_set_name(engine, "cryptodev engine") || + !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || + !ENGINE_set_digests(engine, cryptodev_engine_digests) || + !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || +diff -Naur openssl-0.9.8u.org/crypto/engine/engine.h openssl-0.9.8u/crypto/engine/engine.h +--- openssl-0.9.8u.org/crypto/engine/engine.h 2010-02-09 15:18:15.000000000 +0100 ++++ openssl-0.9.8u/crypto/engine/engine.h 2012-03-27 14:05:15.000000000 +0200 +@@ -705,9 +705,7 @@ + * values. */ + void *ENGINE_get_static_state(void); + +-#if defined(__OpenBSD__) || defined(__FreeBSD__) + void ENGINE_setup_bsd_cryptodev(void); +-#endif + + /* BEGIN ERROR CODES */ + /* The following lines are auto generated by the script mkerr.pl. Any changes +diff -Naur openssl-0.9.8u.org/crypto/evp/c_all.c openssl-0.9.8u/crypto/evp/c_all.c +--- openssl-0.9.8u.org/crypto/evp/c_all.c 2004-08-29 18:36:04.000000000 +0200 ++++ openssl-0.9.8u/crypto/evp/c_all.c 2012-03-27 14:05:15.000000000 +0200 +@@ -83,8 +83,6 @@ + OpenSSL_add_all_ciphers(); + OpenSSL_add_all_digests(); + #ifndef OPENSSL_NO_ENGINE +-# if defined(__OpenBSD__) || defined(__FreeBSD__) + ENGINE_setup_bsd_cryptodev(); +-# endif + #endif + }
hooks/post-receive -- IPFire 2.x development tree