1 files changed, 155 insertions, 0 deletions
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch
new file mode 100644
index 0000000..936aafc
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch
@@ -0,0 +1,155 @@
+From 02dd4d275f7544a4027ca3452b60ac5bdd9376fb Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Mon, 14 Dec 2015 17:49:08 +0200
+Subject: [PATCH 26/48] cryptodev: remove code duplication in digest operations
+This patch simplifies code and removes duplication in digest_update and
+digest_final for cryptodev engine.
+Note: The current design of eng_cryptodev for digests operations assumes
+      the presence of all the data before processing (this is suboptimal
+      with cryptodev-linux because Linux kernel has support for digest-update
+      operations and there is no need to accumulate the input data).
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 76 ++++++++++++++++---------------------------
+ 1 file changed, 28 insertions(+), 48 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 16e6fd9..048e050 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -1590,24 +1590,25 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+                                    size_t count)
+ {
+-    struct crypt_op cryp;
+     struct dev_crypto_state *state = ctx->md_data;
+-    struct session_op *sess = &state->d_sess;
+ 
+-    if (!data || state->d_fd < 0) {
+    if (!data || !count) {
+         printf("cryptodev_digest_update: illegal inputs \n");
+-        return (0);
+-    }
+-
+-    if (!count) {
+-        return (0);
+        return 0;
+     }
+ 
+-    if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
+-        /* if application doesn't support one buffer */
+    /*
+     * Accumulate input data if it is scattered in several buffers. TODO:
+     * Depending on number of calls and data size, this code can be optimized
+     * to take advantage of Linux kernel crypto API, balancing between
+     * cryptodev calls and accumulating small amounts of data
+     */
+    if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) {
+        state->mac_data = data;
+        state->mac_len = count;
+    } else {
+         state->mac_data =
+             OPENSSL_realloc(state->mac_data, state->mac_len + count);
+-
+         if (!state->mac_data) {
+             printf("cryptodev_digest_update: realloc failed\n");
+             return (0);
+@@ -1615,23 +1616,9 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+ 
+         memcpy(state->mac_data + state->mac_len, data, count);
+         state->mac_len += count;
+-
+-        return (1);
+     }
+ 
+-    memset(&cryp, 0, sizeof(cryp));
+-
+-    cryp.ses = sess->ses;
+-    cryp.flags = 0;
+-    cryp.len = count;
+-    cryp.src = (caddr_t) data;
+-    cryp.dst = NULL;
+-    cryp.mac = (caddr_t) state->digest_res;
+-    if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+-        printf("cryptodev_digest_update: digest failed\n");
+-        return (0);
+-    }
+-    return (1);
+    return 1;
+ }
+ 
+ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+@@ -1640,33 +1627,25 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+     struct dev_crypto_state *state = ctx->md_data;
+     struct session_op *sess = &state->d_sess;
+ 
+-    int ret = 1;
+-
+     if (!md || state->d_fd < 0) {
+         printf("cryptodev_digest_final: illegal input\n");
+         return (0);
+     }
+ 
+-    if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
+-        /* if application doesn't support one buffer */
+-        memset(&cryp, 0, sizeof(cryp));
+-        cryp.ses = sess->ses;
+-        cryp.flags = 0;
+-        cryp.len = state->mac_len;
+-        cryp.src = state->mac_data;
+-        cryp.dst = NULL;
+-        cryp.mac = (caddr_t) md;
+-        if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+-            printf("cryptodev_digest_final: digest failed\n");
+-            return (0);
+-        }
+    memset(&cryp, 0, sizeof(cryp));
+ 
+-        return 1;
+-    }
+    cryp.ses = sess->ses;
+    cryp.flags = 0;
+    cryp.len = state->mac_len;
+    cryp.src = state->mac_data;
+    cryp.mac = md;
+ 
+-    memcpy(md, state->digest_res, ctx->digest->md_size);
+    if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+        printf("cryptodev_digest_final: digest failed\n");
+        return (0);
+    }
+ 
+-    return (ret);
+    return (1);
+ }
+ 
+ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
+@@ -1683,11 +1662,11 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
+         return (0);
+     }
+ 
+-    if (state->mac_data) {
+    if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
+         OPENSSL_free(state->mac_data);
+-        state->mac_data = NULL;
+-        state->mac_len = 0;
+     }
+    state->mac_data = NULL;
+    state->mac_len = 0;
+ 
+     if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
+         printf("cryptodev_digest_cleanup: failed to close session\n");
+@@ -1695,6 +1674,7 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
+     } else {
+         ret = 1;
+     }
+
+     put_dev_crypto(state->d_fd);
+     state->d_fd = -1;
+ 
+-- 
+2.7.0

diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch new file mode 100644 index 0000000..936aafc --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch
@@ -0,0 +1,155 @@
	1	From 02dd4d275f7544a4027ca3452b60ac5bdd9376fb Mon Sep 17 00:00:00 2001
	2	From: Cristian Stoica <cristian.stoica@nxp.com>
	3	Date: Mon, 14 Dec 2015 17:49:08 +0200
	4	Subject: [PATCH 26/48] cryptodev: remove code duplication in digest operations
	5
	6	This patch simplifies code and removes duplication in digest_update and
	7	digest_final for cryptodev engine.
	8
	9	Note: The current design of eng_cryptodev for digests operations assumes
	10	the presence of all the data before processing (this is suboptimal
	11	with cryptodev-linux because Linux kernel has support for digest-update
	12	operations and there is no need to accumulate the input data).
	13
	14	Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
	15	---
	16	crypto/engine/eng_cryptodev.c \| 76 ++++++++++++++++---------------------------
	17	1 file changed, 28 insertions(+), 48 deletions(-)
	18
	19	diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
	20	index 16e6fd9..048e050 100644
	21	--- a/crypto/engine/eng_cryptodev.c
	22	+++ b/crypto/engine/eng_cryptodev.c
	23	@@ -1590,24 +1590,25 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
	24	static int cryptodev_digest_update(EVP_MD_CTX ctx, const void data,
	25	size_t count)
	26	{
	27	- struct crypt_op cryp;
	28	struct dev_crypto_state *state = ctx->md_data;
	29	- struct session_op *sess = &state->d_sess;
	30
	31	- if (!data \|\| state->d_fd < 0) {
	32	+ if (!data \|\| !count) {
	33	printf("cryptodev_digest_update: illegal inputs \n");
	34	- return (0);
	35	- }
	36	-
	37	- if (!count) {
	38	- return (0);
	39	+ return 0;
	40	}
	41
	42	- if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
	43	- /* if application doesn't support one buffer */
	44	+ /*
	45	+ * Accumulate input data if it is scattered in several buffers. TODO:
	46	+ * Depending on number of calls and data size, this code can be optimized
	47	+ * to take advantage of Linux kernel crypto API, balancing between
	48	+ * cryptodev calls and accumulating small amounts of data
	49	+ */
	50	+ if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) {
	51	+ state->mac_data = data;
	52	+ state->mac_len = count;
	53	+ } else {
	54	state->mac_data =
	55	OPENSSL_realloc(state->mac_data, state->mac_len + count);
	56	-
	57	if (!state->mac_data) {
	58	printf("cryptodev_digest_update: realloc failed\n");
	59	return (0);
	60	@@ -1615,23 +1616,9 @@ static int cryptodev_digest_update(EVP_MD_CTX ctx, const void data,
	61
	62	memcpy(state->mac_data + state->mac_len, data, count);
	63	state->mac_len += count;
	64	-
	65	- return (1);
	66	}
	67
	68	- memset(&cryp, 0, sizeof(cryp));
	69	-
	70	- cryp.ses = sess->ses;
	71	- cryp.flags = 0;
	72	- cryp.len = count;
	73	- cryp.src = (caddr_t) data;
	74	- cryp.dst = NULL;
	75	- cryp.mac = (caddr_t) state->digest_res;
	76	- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
	77	- printf("cryptodev_digest_update: digest failed\n");
	78	- return (0);
	79	- }
	80	- return (1);
	81	+ return 1;
	82	}
	83
	84	static int cryptodev_digest_final(EVP_MD_CTX ctx, unsigned char md)
	85	@@ -1640,33 +1627,25 @@ static int cryptodev_digest_final(EVP_MD_CTX ctx, unsigned char md)
	86	struct dev_crypto_state *state = ctx->md_data;
	87	struct session_op *sess = &state->d_sess;
	88
	89	- int ret = 1;
	90	-
	91	if (!md \|\| state->d_fd < 0) {
	92	printf("cryptodev_digest_final: illegal input\n");
	93	return (0);
	94	}
	95
	96	- if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
	97	- /* if application doesn't support one buffer */
	98	- memset(&cryp, 0, sizeof(cryp));
	99	- cryp.ses = sess->ses;
	100	- cryp.flags = 0;
	101	- cryp.len = state->mac_len;
	102	- cryp.src = state->mac_data;
	103	- cryp.dst = NULL;
	104	- cryp.mac = (caddr_t) md;
	105	- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
	106	- printf("cryptodev_digest_final: digest failed\n");
	107	- return (0);
	108	- }
	109	+ memset(&cryp, 0, sizeof(cryp));
	110
	111	- return 1;
	112	- }
	113	+ cryp.ses = sess->ses;
	114	+ cryp.flags = 0;
	115	+ cryp.len = state->mac_len;
	116	+ cryp.src = state->mac_data;
	117	+ cryp.mac = md;
	118
	119	- memcpy(md, state->digest_res, ctx->digest->md_size);
	120	+ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
	121	+ printf("cryptodev_digest_final: digest failed\n");
	122	+ return (0);
	123	+ }
	124
	125	- return (ret);
	126	+ return (1);
	127	}
	128
	129	static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
	130	@@ -1683,11 +1662,11 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
	131	return (0);
	132	}
	133
	134	- if (state->mac_data) {
	135	+ if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
	136	OPENSSL_free(state->mac_data);
	137	- state->mac_data = NULL;
	138	- state->mac_len = 0;
	139	}
	140	+ state->mac_data = NULL;
	141	+ state->mac_len = 0;
	142
	143	if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
	144	printf("cryptodev_digest_cleanup: failed to close session\n");
	145	@@ -1695,6 +1674,7 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
	146	} else {
	147	ret = 1;
	148	}
	149	+
	150	put_dev_crypto(state->d_fd);
	151	state->d_fd = -1;
	152
	153	--
	154	2.7.0
	155