diff options
author | Timo Teräs <timo.teras@iki.fi> | 2010-06-04 12:15:22 +0300 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2010-06-04 12:16:41 +0300 |
commit | 25825baec87d746386ed1554e9bc8ad26c69fa7c (patch) | |
tree | 1475e3d1d95fab9544ef64a187e783f82c253a0c /main/ipsec-tools | |
parent | c090ad82a29886929eb275c88b1d3d178cb4904e (diff) | |
download | aports-25825baec87d746386ed1554e9bc8ad26c69fa7c.tar.bz2 aports-25825baec87d746386ed1554e9bc8ad26c69fa7c.tar.xz |
main/ipsec-tools: use openssl in oneshot mode
Use the highlevel EVP and HMAC functions to calculate oneshot
digest and HMAC. This enable the use of crypto accelerators for
these operations.
Diffstat (limited to 'main/ipsec-tools')
-rw-r--r-- | main/ipsec-tools/90-openssl-oneshot.patch | 210 | ||||
-rw-r--r-- | main/ipsec-tools/APKBUILD | 6 |
2 files changed, 214 insertions, 2 deletions
diff --git a/main/ipsec-tools/90-openssl-oneshot.patch b/main/ipsec-tools/90-openssl-oneshot.patch new file mode 100644 index 0000000000..ece12a52dd --- /dev/null +++ b/main/ipsec-tools/90-openssl-oneshot.patch @@ -0,0 +1,210 @@ +Index: src/racoon/crypto_openssl.c +=================================================================== +RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c,v +retrieving revision 1.19 +diff -u -r1.19 crypto_openssl.c +--- a/src/racoon/crypto_openssl.c 29 Apr 2009 10:50:01 -0000 1.19 ++++ b/src/racoon/crypto_openssl.c 4 Jun 2010 09:13:18 -0000 +@@ -1800,6 +1800,42 @@ + return (caddr_t)c; + } + ++static vchar_t *eay_hmac_one(key, data, type) ++ vchar_t *key, *data; ++ const EVP_MD *type; ++{ ++ vchar_t *res; ++ ++ if ((res = vmalloc(EVP_MD_size(type))) == 0) ++ return NULL; ++ ++ if (!HMAC(type, (void *) key->v, key->l, ++ (void *) data->v, data->l, (void *) res->v, NULL)) { ++ vfree(res); ++ return NULL; ++ } ++ ++ return res; ++} ++ ++static vchar_t *eay_digest_one(data, type) ++ vchar_t *data; ++ const EVP_MD *type; ++{ ++ vchar_t *res; ++ ++ if ((res = vmalloc(EVP_MD_size(type))) == 0) ++ return NULL; ++ ++ if (!EVP_Digest((void *) data->v, data->l, ++ (void *) res->v, NULL, type, NULL)) { ++ vfree(res); ++ return NULL; ++ } ++ ++ return res; ++} ++ + #ifdef WITH_SHA2 + /* + * HMAC SHA2-512 +@@ -1808,14 +1844,7 @@ + eay_hmacsha2_512_one(key, data) + vchar_t *key, *data; + { +- vchar_t *res; +- caddr_t ctx; +- +- ctx = eay_hmacsha2_512_init(key); +- eay_hmacsha2_512_update(ctx, data); +- res = eay_hmacsha2_512_final(ctx); +- +- return(res); ++ return eay_hmac_one(key, data, EVP_sha2_512()); + } + + caddr_t +@@ -1865,14 +1894,7 @@ + eay_hmacsha2_384_one(key, data) + vchar_t *key, *data; + { +- vchar_t *res; +- caddr_t ctx; +- +- ctx = eay_hmacsha2_384_init(key); +- eay_hmacsha2_384_update(ctx, data); +- res = eay_hmacsha2_384_final(ctx); +- +- return(res); ++ return eay_hmac_one(key, data, EVP_sha2_384()); + } + + caddr_t +@@ -1922,14 +1944,7 @@ + eay_hmacsha2_256_one(key, data) + vchar_t *key, *data; + { +- vchar_t *res; +- caddr_t ctx; +- +- ctx = eay_hmacsha2_256_init(key); +- eay_hmacsha2_256_update(ctx, data); +- res = eay_hmacsha2_256_final(ctx); +- +- return(res); ++ return eay_hmac_one(key, data, EVP_sha2_256()); + } + + caddr_t +@@ -1980,14 +1995,7 @@ + eay_hmacsha1_one(key, data) + vchar_t *key, *data; + { +- vchar_t *res; +- caddr_t ctx; +- +- ctx = eay_hmacsha1_init(key); +- eay_hmacsha1_update(ctx, data); +- res = eay_hmacsha1_final(ctx); +- +- return(res); ++ return eay_hmac_one(key, data, EVP_sha1()); + } + + caddr_t +@@ -2037,14 +2045,7 @@ + eay_hmacmd5_one(key, data) + vchar_t *key, *data; + { +- vchar_t *res; +- caddr_t ctx; +- +- ctx = eay_hmacmd5_init(key); +- eay_hmacmd5_update(ctx, data); +- res = eay_hmacmd5_final(ctx); +- +- return(res); ++ return eay_hmac_one(key, data, EVP_md5()); + } + + caddr_t +@@ -2130,14 +2131,7 @@ + eay_sha2_512_one(data) + vchar_t *data; + { +- caddr_t ctx; +- vchar_t *res; +- +- ctx = eay_sha2_512_init(); +- eay_sha2_512_update(ctx, data); +- res = eay_sha2_512_final(ctx); +- +- return(res); ++ return eay_digest_one(data, EVP_sha512()); + } + + int +@@ -2190,14 +2184,7 @@ + eay_sha2_384_one(data) + vchar_t *data; + { +- caddr_t ctx; +- vchar_t *res; +- +- ctx = eay_sha2_384_init(); +- eay_sha2_384_update(ctx, data); +- res = eay_sha2_384_final(ctx); +- +- return(res); ++ return eay_digest_one(data, EVP_sha2_384()); + } + + int +@@ -2250,14 +2237,7 @@ + eay_sha2_256_one(data) + vchar_t *data; + { +- caddr_t ctx; +- vchar_t *res; +- +- ctx = eay_sha2_256_init(); +- eay_sha2_256_update(ctx, data); +- res = eay_sha2_256_final(ctx); +- +- return(res); ++ return eay_digest_one(data, EVP_sha2_256()); + } + + int +@@ -2309,14 +2289,7 @@ + eay_sha1_one(data) + vchar_t *data; + { +- caddr_t ctx; +- vchar_t *res; +- +- ctx = eay_sha1_init(); +- eay_sha1_update(ctx, data); +- res = eay_sha1_final(ctx); +- +- return(res); ++ return eay_digest_one(data, EVP_sha1()); + } + + int +@@ -2367,14 +2340,7 @@ + eay_md5_one(data) + vchar_t *data; + { +- caddr_t ctx; +- vchar_t *res; +- +- ctx = eay_md5_init(); +- eay_md5_update(ctx, data); +- res = eay_md5_final(ctx); +- +- return(res); ++ return eay_digest_one(data, EVP_md5()); + } + + int diff --git a/main/ipsec-tools/APKBUILD b/main/ipsec-tools/APKBUILD index 4d8ef0d0c4..5534d78b7a 100644 --- a/main/ipsec-tools/APKBUILD +++ b/main/ipsec-tools/APKBUILD @@ -2,7 +2,7 @@ pkgname=ipsec-tools pkgver=0.8_alpha20090903 _myver=0.8-alpha20090903 -pkgrel=8 +pkgrel=9 pkgdesc="User-space IPsec tools for various IPsec implementations" url="http://ipsec-tools.sourceforge.net/" license="BSD" @@ -16,6 +16,7 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$_myver.tar.gz 60-debug-quick.patch initial-contact-fix.diff fd-priorities.patch + 90-openssl-oneshot.patch " _builddir="$srcdir"/$pkgname-$_myver @@ -62,4 +63,5 @@ md5sums="8ec28d4e89c0f5e49ae2caa7463fbcfd ipsec-tools-0.8-alpha20090903.tar.gz 13bda94a598aabf593280e04ea16065d 50-reverse-connect.patch baa13d7f0f48955c792f7fcd42a8587a 60-debug-quick.patch 69e06c5cc3a0c1cc8b10ddc89d1e644b initial-contact-fix.diff -c1e8b8dc80ef4b5d79fece52a4865e68 fd-priorities.patch" +c1e8b8dc80ef4b5d79fece52a4865e68 fd-priorities.patch +11e2c21e443edab17725f74ffeaddb76 90-openssl-oneshot.patch" |