summaryrefslogtreecommitdiffstats
path: root/main/ipsec-tools
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2010-06-04 12:15:22 +0300
committerTimo Teräs <timo.teras@iki.fi>2010-06-04 12:16:41 +0300
commit25825baec87d746386ed1554e9bc8ad26c69fa7c (patch)
tree1475e3d1d95fab9544ef64a187e783f82c253a0c /main/ipsec-tools
parentc090ad82a29886929eb275c88b1d3d178cb4904e (diff)
downloadaports-25825baec87d746386ed1554e9bc8ad26c69fa7c.tar.bz2
aports-25825baec87d746386ed1554e9bc8ad26c69fa7c.tar.xz
main/ipsec-tools: use openssl in oneshot mode
Use the highlevel EVP and HMAC functions to calculate oneshot digest and HMAC. This enable the use of crypto accelerators for these operations.
Diffstat (limited to 'main/ipsec-tools')
-rw-r--r--main/ipsec-tools/90-openssl-oneshot.patch210
-rw-r--r--main/ipsec-tools/APKBUILD6
2 files changed, 214 insertions, 2 deletions
diff --git a/main/ipsec-tools/90-openssl-oneshot.patch b/main/ipsec-tools/90-openssl-oneshot.patch
new file mode 100644
index 000000000..ece12a52d
--- /dev/null
+++ b/main/ipsec-tools/90-openssl-oneshot.patch
@@ -0,0 +1,210 @@
+Index: src/racoon/crypto_openssl.c
+===================================================================
+RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c,v
+retrieving revision 1.19
+diff -u -r1.19 crypto_openssl.c
+--- a/src/racoon/crypto_openssl.c 29 Apr 2009 10:50:01 -0000 1.19
++++ b/src/racoon/crypto_openssl.c 4 Jun 2010 09:13:18 -0000
+@@ -1800,6 +1800,42 @@
+ return (caddr_t)c;
+ }
+
++static vchar_t *eay_hmac_one(key, data, type)
++ vchar_t *key, *data;
++ const EVP_MD *type;
++{
++ vchar_t *res;
++
++ if ((res = vmalloc(EVP_MD_size(type))) == 0)
++ return NULL;
++
++ if (!HMAC(type, (void *) key->v, key->l,
++ (void *) data->v, data->l, (void *) res->v, NULL)) {
++ vfree(res);
++ return NULL;
++ }
++
++ return res;
++}
++
++static vchar_t *eay_digest_one(data, type)
++ vchar_t *data;
++ const EVP_MD *type;
++{
++ vchar_t *res;
++
++ if ((res = vmalloc(EVP_MD_size(type))) == 0)
++ return NULL;
++
++ if (!EVP_Digest((void *) data->v, data->l,
++ (void *) res->v, NULL, type, NULL)) {
++ vfree(res);
++ return NULL;
++ }
++
++ return res;
++}
++
+ #ifdef WITH_SHA2
+ /*
+ * HMAC SHA2-512
+@@ -1808,14 +1844,7 @@
+ eay_hmacsha2_512_one(key, data)
+ vchar_t *key, *data;
+ {
+- vchar_t *res;
+- caddr_t ctx;
+-
+- ctx = eay_hmacsha2_512_init(key);
+- eay_hmacsha2_512_update(ctx, data);
+- res = eay_hmacsha2_512_final(ctx);
+-
+- return(res);
++ return eay_hmac_one(key, data, EVP_sha2_512());
+ }
+
+ caddr_t
+@@ -1865,14 +1894,7 @@
+ eay_hmacsha2_384_one(key, data)
+ vchar_t *key, *data;
+ {
+- vchar_t *res;
+- caddr_t ctx;
+-
+- ctx = eay_hmacsha2_384_init(key);
+- eay_hmacsha2_384_update(ctx, data);
+- res = eay_hmacsha2_384_final(ctx);
+-
+- return(res);
++ return eay_hmac_one(key, data, EVP_sha2_384());
+ }
+
+ caddr_t
+@@ -1922,14 +1944,7 @@
+ eay_hmacsha2_256_one(key, data)
+ vchar_t *key, *data;
+ {
+- vchar_t *res;
+- caddr_t ctx;
+-
+- ctx = eay_hmacsha2_256_init(key);
+- eay_hmacsha2_256_update(ctx, data);
+- res = eay_hmacsha2_256_final(ctx);
+-
+- return(res);
++ return eay_hmac_one(key, data, EVP_sha2_256());
+ }
+
+ caddr_t
+@@ -1980,14 +1995,7 @@
+ eay_hmacsha1_one(key, data)
+ vchar_t *key, *data;
+ {
+- vchar_t *res;
+- caddr_t ctx;
+-
+- ctx = eay_hmacsha1_init(key);
+- eay_hmacsha1_update(ctx, data);
+- res = eay_hmacsha1_final(ctx);
+-
+- return(res);
++ return eay_hmac_one(key, data, EVP_sha1());
+ }
+
+ caddr_t
+@@ -2037,14 +2045,7 @@
+ eay_hmacmd5_one(key, data)
+ vchar_t *key, *data;
+ {
+- vchar_t *res;
+- caddr_t ctx;
+-
+- ctx = eay_hmacmd5_init(key);
+- eay_hmacmd5_update(ctx, data);
+- res = eay_hmacmd5_final(ctx);
+-
+- return(res);
++ return eay_hmac_one(key, data, EVP_md5());
+ }
+
+ caddr_t
+@@ -2130,14 +2131,7 @@
+ eay_sha2_512_one(data)
+ vchar_t *data;
+ {
+- caddr_t ctx;
+- vchar_t *res;
+-
+- ctx = eay_sha2_512_init();
+- eay_sha2_512_update(ctx, data);
+- res = eay_sha2_512_final(ctx);
+-
+- return(res);
++ return eay_digest_one(data, EVP_sha512());
+ }
+
+ int
+@@ -2190,14 +2184,7 @@
+ eay_sha2_384_one(data)
+ vchar_t *data;
+ {
+- caddr_t ctx;
+- vchar_t *res;
+-
+- ctx = eay_sha2_384_init();
+- eay_sha2_384_update(ctx, data);
+- res = eay_sha2_384_final(ctx);
+-
+- return(res);
++ return eay_digest_one(data, EVP_sha2_384());
+ }
+
+ int
+@@ -2250,14 +2237,7 @@
+ eay_sha2_256_one(data)
+ vchar_t *data;
+ {
+- caddr_t ctx;
+- vchar_t *res;
+-
+- ctx = eay_sha2_256_init();
+- eay_sha2_256_update(ctx, data);
+- res = eay_sha2_256_final(ctx);
+-
+- return(res);
++ return eay_digest_one(data, EVP_sha2_256());
+ }
+
+ int
+@@ -2309,14 +2289,7 @@
+ eay_sha1_one(data)
+ vchar_t *data;
+ {
+- caddr_t ctx;
+- vchar_t *res;
+-
+- ctx = eay_sha1_init();
+- eay_sha1_update(ctx, data);
+- res = eay_sha1_final(ctx);
+-
+- return(res);
++ return eay_digest_one(data, EVP_sha1());
+ }
+
+ int
+@@ -2367,14 +2340,7 @@
+ eay_md5_one(data)
+ vchar_t *data;
+ {
+- caddr_t ctx;
+- vchar_t *res;
+-
+- ctx = eay_md5_init();
+- eay_md5_update(ctx, data);
+- res = eay_md5_final(ctx);
+-
+- return(res);
++ return eay_digest_one(data, EVP_md5());
+ }
+
+ int
diff --git a/main/ipsec-tools/APKBUILD b/main/ipsec-tools/APKBUILD
index 4d8ef0d0c..5534d78b7 100644
--- a/main/ipsec-tools/APKBUILD
+++ b/main/ipsec-tools/APKBUILD
@@ -2,7 +2,7 @@
pkgname=ipsec-tools
pkgver=0.8_alpha20090903
_myver=0.8-alpha20090903
-pkgrel=8
+pkgrel=9
pkgdesc="User-space IPsec tools for various IPsec implementations"
url="http://ipsec-tools.sourceforge.net/"
license="BSD"
@@ -16,6 +16,7 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$_myver.tar.gz
60-debug-quick.patch
initial-contact-fix.diff
fd-priorities.patch
+ 90-openssl-oneshot.patch
"
_builddir="$srcdir"/$pkgname-$_myver
@@ -62,4 +63,5 @@ md5sums="8ec28d4e89c0f5e49ae2caa7463fbcfd ipsec-tools-0.8-alpha20090903.tar.gz
13bda94a598aabf593280e04ea16065d 50-reverse-connect.patch
baa13d7f0f48955c792f7fcd42a8587a 60-debug-quick.patch
69e06c5cc3a0c1cc8b10ddc89d1e644b initial-contact-fix.diff
-c1e8b8dc80ef4b5d79fece52a4865e68 fd-priorities.patch"
+c1e8b8dc80ef4b5d79fece52a4865e68 fd-priorities.patch
+11e2c21e443edab17725f74ffeaddb76 90-openssl-oneshot.patch"