main/openssl: add padlock sha support, autoload dynamic padlock

Add new version of padlock patches which enable:
 - limited support of VIA C7 SHA acceleration
 - full support for VIA Nano SHA acceleration

Openssl HMAC core is also patched to take full performance out of
padlock. Speed application is updated for measuring hmac(sha1).

Padlock was moved to be dynamic engine in openssl-1.0.0. So add some
code that losfd automatically that engine.

1 files changed, 392 insertions, 0 deletions

diff --git a/main/openssl/0002-apps-speed-fix-digest-speed-measurement-and-add-hmac.patch b/main/openssl/0002-apps-speed-fix-digest-speed-measurement-and-add-hmac.patch
new file mode 100644
index 0000000000..8859f40601
--- /dev/null
+++ b/main/openssl/0002-apps-speed-fix-digest-speed-measurement-and-add-hmac.patch
@@ -0,0 +1,392 @@
+From de61d5881a12b359dfb1b4fbbb53412460196553 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Thu, 3 Jun 2010 09:02:13 +0300
+Subject: [PATCH 2/3] apps/speed: fix digest speed measurement and add hmac-sha1 test
+
+Merge the common code of testing digest speed, and make it reuse
+existing context. Context creation can be heavy operation, and it's
+speed depends on if engine is used or not. As we are measuring the
+digest speed, the context creation overhead should not be included
+like hmac tests do.
+
+This also adds test for hmac-sha1 speed.
+---
+ apps/speed.c |  243 +++++++++++++++++++++-------------------------------------
+ 1 files changed, 86 insertions(+), 157 deletions(-)
+
+diff --git a/apps/speed.c b/apps/speed.c
+index 539bfff..f64289e 100644
+--- a/apps/speed.c
++++ b/apps/speed.c
+@@ -214,7 +214,7 @@ static void print_result(int alg,int run_no,int count,double time_used);
+ static int do_multi(int multi);
+ #endif
+ 
+-#define ALGOR_NUM	29
++#define ALGOR_NUM	30
+ #define SIZE_NUM	5
+ #define RSA_NUM		4
+ #define DSA_NUM		3
+@@ -229,9 +229,11 @@ static const char *names[ALGOR_NUM]={
+   "aes-128 cbc","aes-192 cbc","aes-256 cbc",
+   "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc",
+   "evp","sha256","sha512","whirlpool",
+-  "aes-128 ige","aes-192 ige","aes-256 ige"};
++  "aes-128 ige","aes-192 ige","aes-256 ige","hmac(sha1)"};
+ static double results[ALGOR_NUM][SIZE_NUM];
+ static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
++static unsigned char *buf=NULL,*buf2=NULL;
++static long c[ALGOR_NUM][SIZE_NUM];
+ #ifndef OPENSSL_NO_RSA
+ static double rsa_results[RSA_NUM][2];
+ #endif
+@@ -329,6 +331,66 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
+ 	}
+ #endif	/* OPENSSL_NO_ECDH */
+ 
++#ifndef SIGALRM
++#define COND(d)	(count < (d))
++#else
++#define COND(c)	(run)
++#endif /* SIGALRM */
++
++static void Test_Digest(int digest, const EVP_MD *type)
++{
++	unsigned char md[EVP_MAX_MD_SIZE];
++	int j, count;
++	double d=0.0;
++	EVP_MD_CTX ctx;
++
++	EVP_MD_CTX_init(&ctx);
++	EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT);
++
++	for (j=0; j<SIZE_NUM; j++)
++		{
++		print_message(names[digest],c[digest][j],lengths[j]);
++		Time_F(START);
++		for (count=0,run=1; COND(c[digest][j]); count++)
++			{
++			EVP_DigestInit_ex(&ctx, type, NULL);
++			EVP_DigestUpdate(&ctx, buf, (unsigned long)lengths[j]);
++			EVP_DigestFinal_ex(&ctx, md, NULL);
++			}
++		d=Time_F(STOP);
++		print_result(digest,j,count,d);
++		}
++
++	EVP_MD_CTX_cleanup(&ctx);
++}
++
++static void Test_HMAC(int digest, const EVP_MD *type)
++{
++	unsigned char md[EVP_MAX_MD_SIZE];
++	HMAC_CTX hctx;
++	int j, count;
++	double d=0.0;
++
++	HMAC_CTX_init(&hctx);
++	HMAC_CTX_set_flags(&hctx, EVP_MD_CTX_FLAG_ONESHOT);
++	HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...",
++		16,type, NULL);
++
++	for (j=0; j<SIZE_NUM; j++)
++		{
++		print_message(names[digest],c[digest][j],lengths[j]);
++		Time_F(START);
++		for (count=0,run=1; COND(c[digest][j]); count++)
++			{
++			HMAC_Init_ex(&hctx,NULL,0,NULL,NULL);
++			HMAC_Update(&hctx,buf,lengths[j]);
++			HMAC_Final(&hctx,md,NULL);
++			}
++		d=Time_F(STOP);
++		print_result(digest,j,count,d);
++		}
++	HMAC_CTX_cleanup(&hctx);
++}
+ 
+ int MAIN(int, char **);
+ 
+@@ -337,7 +399,6 @@ int MAIN(int argc, char **argv)
+ #ifndef OPENSSL_NO_ENGINE
+ 	ENGINE *e = NULL;
+ #endif
+-	unsigned char *buf=NULL,*buf2=NULL;
+ 	int mret=1;
+ 	long count=0,save_count=0;
+ 	int i,j,k;
+@@ -348,34 +409,6 @@ int MAIN(int argc, char **argv)
+ 	unsigned rsa_num;
+ #endif
+ 	unsigned char md[EVP_MAX_MD_SIZE];
+-#ifndef OPENSSL_NO_MD2
+-	unsigned char md2[MD2_DIGEST_LENGTH];
+-#endif
+-#ifndef OPENSSL_NO_MDC2
+-	unsigned char mdc2[MDC2_DIGEST_LENGTH];
+-#endif
+-#ifndef OPENSSL_NO_MD4
+-	unsigned char md4[MD4_DIGEST_LENGTH];
+-#endif
+-#ifndef OPENSSL_NO_MD5
+-	unsigned char md5[MD5_DIGEST_LENGTH];
+-	unsigned char hmac[MD5_DIGEST_LENGTH];
+-#endif
+-#ifndef OPENSSL_NO_SHA
+-	unsigned char sha[SHA_DIGEST_LENGTH];
+-#ifndef OPENSSL_NO_SHA256
+-	unsigned char sha256[SHA256_DIGEST_LENGTH];
+-#endif
+-#ifndef OPENSSL_NO_SHA512
+-	unsigned char sha512[SHA512_DIGEST_LENGTH];
+-#endif
+-#endif
+-#ifndef OPENSSL_NO_WHIRLPOOL
+-	unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH];
+-#endif
+-#ifndef OPENSSL_NO_RIPEMD
+-	unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
+-#endif
+ #ifndef OPENSSL_NO_RC4
+ 	RC4_KEY rc4_ks;
+ #endif
+@@ -473,8 +506,8 @@ int MAIN(int argc, char **argv)
+ #define D_IGE_128_AES   26
+ #define D_IGE_192_AES   27
+ #define D_IGE_256_AES   28
++#define D_HMAC_SHA1	29
+ 	double d=0.0;
+-	long c[ALGOR_NUM][SIZE_NUM];
+ #define	R_DSA_512	0
+ #define	R_DSA_1024	1
+ #define	R_DSA_2048	2
+@@ -783,6 +816,8 @@ int MAIN(int argc, char **argv)
+ 							doit[D_SHA256]=1,
+ 							doit[D_SHA512]=1;
+ 		else
++			if (strcmp(*argv,"hmac-sha1") == 0) doit[D_HMAC_SHA1]=1;
++		else
+ #ifndef OPENSSL_NO_SHA256
+ 			if (strcmp(*argv,"sha256") == 0) doit[D_SHA256]=1;
+ 		else
+@@ -1000,6 +1035,9 @@ int MAIN(int argc, char **argv)
+ #endif
+ #ifndef OPENSSL_NO_SHA1
+ 			BIO_printf(bio_err,"sha1     ");
++#ifndef OPENSSL_NO_HMAC
++			BIO_printf(bio_err,"hmac-sha1 ");
++#endif
+ #endif
+ #ifndef OPENSSL_NO_SHA256
+ 			BIO_printf(bio_err,"sha256   ");
+@@ -1270,6 +1308,7 @@ int MAIN(int argc, char **argv)
+ 	c[D_IGE_128_AES][0]=count;
+ 	c[D_IGE_192_AES][0]=count;
+ 	c[D_IGE_256_AES][0]=count;
++	c[D_HMAC_SHA1][0]=count;
+ 
+ 	for (i=1; i<SIZE_NUM; i++)
+ 		{
+@@ -1283,6 +1322,7 @@ int MAIN(int argc, char **argv)
+ 		c[D_SHA256][i]=c[D_SHA256][0]*4*lengths[0]/lengths[i];
+ 		c[D_SHA512][i]=c[D_SHA512][0]*4*lengths[0]/lengths[i];
+ 		c[D_WHIRLPOOL][i]=c[D_WHIRLPOOL][0]*4*lengths[0]/lengths[i];
++		c[D_HMAC_SHA1][i]=c[D_HMAC_SHA1][0]*4*lengths[0]/lengths[i];
+ 		}
+ 	for (i=1; i<SIZE_NUM; i++)
+ 		{
+@@ -1457,15 +1497,11 @@ int MAIN(int argc, char **argv)
+ 		}
+ #endif
+ 
+-#define COND(d)	(count < (d))
+-#define COUNT(d) (d)
+ #else
+ /* not worth fixing */
+ # error "You cannot disable DES on systems without SIGALRM."
+ #endif /* OPENSSL_NO_DES */
+ #else
+-#define COND(c)	(run)
+-#define COUNT(d) (count)
+ #ifndef _WIN32
+ 	signal(SIGALRM,sig_done);
+ #endif
+@@ -1473,161 +1509,54 @@ int MAIN(int argc, char **argv)
+ 
+ #ifndef OPENSSL_NO_MD2
+ 	if (doit[D_MD2])
+-		{
+-		for (j=0; j<SIZE_NUM; j++)
+-			{
+-			print_message(names[D_MD2],c[D_MD2][j],lengths[j]);
+-			Time_F(START);
+-			for (count=0,run=1; COND(c[D_MD2][j]); count++)
+-				EVP_Digest(buf,(unsigned long)lengths[j],&(md2[0]),NULL,EVP_md2(),NULL);
+-			d=Time_F(STOP);
+-			print_result(D_MD2,j,count,d);
+-			}
+-		}
++		Test_Digest(D_MD2, EVP_md2());
+ #endif
+ #ifndef OPENSSL_NO_MDC2
+ 	if (doit[D_MDC2])
+-		{
+-		for (j=0; j<SIZE_NUM; j++)
+-			{
+-			print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]);
+-			Time_F(START);
+-			for (count=0,run=1; COND(c[D_MDC2][j]); count++)
+-				EVP_Digest(buf,(unsigned long)lengths[j],&(mdc2[0]),NULL,EVP_mdc2(),NULL);
+-			d=Time_F(STOP);
+-			print_result(D_MDC2,j,count,d);
+-			}
+-		}
++		Test_Digest(D_MDC2, EVP_mdc2());
+ #endif
+ 
+ #ifndef OPENSSL_NO_MD4
+ 	if (doit[D_MD4])
+-		{
+-		for (j=0; j<SIZE_NUM; j++)
+-			{
+-			print_message(names[D_MD4],c[D_MD4][j],lengths[j]);
+-			Time_F(START);
+-			for (count=0,run=1; COND(c[D_MD4][j]); count++)
+-				EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md4[0]),NULL,EVP_md4(),NULL);
+-			d=Time_F(STOP);
+-			print_result(D_MD4,j,count,d);
+-			}
+-		}
++		Test_Digest(D_MD4, EVP_md4());
+ #endif
+ 
+ #ifndef OPENSSL_NO_MD5
+ 	if (doit[D_MD5])
+-		{
+-		for (j=0; j<SIZE_NUM; j++)
+-			{
+-			print_message(names[D_MD5],c[D_MD5][j],lengths[j]);
+-			Time_F(START);
+-			for (count=0,run=1; COND(c[D_MD5][j]); count++)
+-				EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md5[0]),NULL,EVP_get_digestbyname("md5"),NULL);
+-			d=Time_F(STOP);
+-			print_result(D_MD5,j,count,d);
+-			}
+-		}
++		Test_Digest(D_MD5, EVP_md5());
+ #endif
+ 
+ #if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC)
+ 	if (doit[D_HMAC])
+-		{
+-		HMAC_CTX hctx;
+-
+-		HMAC_CTX_init(&hctx);
+-		HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...",
+-			16,EVP_md5(), NULL);
+-
+-		for (j=0; j<SIZE_NUM; j++)
+-			{
+-			print_message(names[D_HMAC],c[D_HMAC][j],lengths[j]);
+-			Time_F(START);
+-			for (count=0,run=1; COND(c[D_HMAC][j]); count++)
+-				{
+-				HMAC_Init_ex(&hctx,NULL,0,NULL,NULL);
+-				HMAC_Update(&hctx,buf,lengths[j]);
+-				HMAC_Final(&hctx,&(hmac[0]),NULL);
+-				}
+-			d=Time_F(STOP);
+-			print_result(D_HMAC,j,count,d);
+-			}
+-		HMAC_CTX_cleanup(&hctx);
+-		}
++		Test_HMAC(D_HMAC, EVP_md5());
++#endif
++#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_HMAC)
++	if (doit[D_HMAC_SHA1])
++		Test_HMAC(D_HMAC_SHA1, EVP_sha1());
+ #endif
+ #ifndef OPENSSL_NO_SHA
+ 	if (doit[D_SHA1])
+-		{
+-		for (j=0; j<SIZE_NUM; j++)
+-			{
+-			print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]);
+-			Time_F(START);
+-			for (count=0,run=1; COND(c[D_SHA1][j]); count++)
+-				EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1(),NULL);
+-			d=Time_F(STOP);
+-			print_result(D_SHA1,j,count,d);
+-			}
+-		}
++		Test_Digest(D_SHA1, EVP_sha1());
+ 
+ #ifndef OPENSSL_NO_SHA256
+ 	if (doit[D_SHA256])
+-		{
+-		for (j=0; j<SIZE_NUM; j++)
+-			{
+-			print_message(names[D_SHA256],c[D_SHA256][j],lengths[j]);
+-			Time_F(START);
+-			for (count=0,run=1; COND(c[D_SHA256][j]); count++)
+-				SHA256(buf,lengths[j],sha256);
+-			d=Time_F(STOP);
+-			print_result(D_SHA256,j,count,d);
+-			}
+-		}
++		Test_Digest(D_SHA256, EVP_sha256());
+ #endif
+ 
+ #ifndef OPENSSL_NO_SHA512
+ 	if (doit[D_SHA512])
+-		{
+-		for (j=0; j<SIZE_NUM; j++)
+-			{
+-			print_message(names[D_SHA512],c[D_SHA512][j],lengths[j]);
+-			Time_F(START);
+-			for (count=0,run=1; COND(c[D_SHA512][j]); count++)
+-				SHA512(buf,lengths[j],sha512);
+-			d=Time_F(STOP);
+-			print_result(D_SHA512,j,count,d);
+-			}
+-		}
++		Test_Digest(D_SHA512, EVP_sha512());
+ #endif
+ #endif
+ 
+ #ifndef OPENSSL_NO_WHIRLPOOL
+ 	if (doit[D_WHIRLPOOL])
+-		{
+-		for (j=0; j<SIZE_NUM; j++)
+-			{
+-			print_message(names[D_WHIRLPOOL],c[D_WHIRLPOOL][j],lengths[j]);
+-			Time_F(START);
+-			for (count=0,run=1; COND(c[D_WHIRLPOOL][j]); count++)
+-				WHIRLPOOL(buf,lengths[j],whirlpool);
+-			d=Time_F(STOP);
+-			print_result(D_WHIRLPOOL,j,count,d);
+-			}
+-		}
++		Test_Digest(D_WHIRLPOOL, EVP_whirlpool());
+ #endif
+ 
+ #ifndef OPENSSL_NO_RIPEMD
+ 	if (doit[D_RMD160])
+-		{
+-		for (j=0; j<SIZE_NUM; j++)
+-			{
+-			print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]);
+-			Time_F(START);
+-			for (count=0,run=1; COND(c[D_RMD160][j]); count++)
+-				EVP_Digest(buf,(unsigned long)lengths[j],&(rmd160[0]),NULL,EVP_ripemd160(),NULL);
+-			d=Time_F(STOP);
+-			print_result(D_RMD160,j,count,d);
+-			}
+-		}
++		Test_Digest(D_RMD160, EVP_ripemd160());
+ #endif
+ #ifndef OPENSSL_NO_RC4
+ 	if (doit[D_RC4])
+-- 
+1.7.0.4
+