main/ipsec-tools: use openssl in oneshot mode

Use the highlevel EVP and HMAC functions to calculate oneshot
digest and HMAC. This enable the use of crypto accelerators for
these operations.

2 files changed, 214 insertions, 2 deletions

diff --git a/main/ipsec-tools/90-openssl-oneshot.patch b/main/ipsec-tools/90-openssl-oneshot.patch
new file mode 100644
index 000000000..ece12a52d
--- /dev/null
+++ b/main/ipsec-tools/90-openssl-oneshot.patch
@@ -0,0 +1,210 @@
+Index: src/racoon/crypto_openssl.c
+===================================================================
+RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c,v
+retrieving revision 1.19
+diff -u -r1.19 crypto_openssl.c
+--- a/src/racoon/crypto_openssl.c	29 Apr 2009 10:50:01 -0000	1.19
++++ b/src/racoon/crypto_openssl.c	4 Jun 2010 09:13:18 -0000
+@@ -1800,6 +1800,42 @@
+ 	return (caddr_t)c;
+ }
+ 
++static vchar_t *eay_hmac_one(key, data, type)
++	vchar_t *key, *data;
++	const EVP_MD *type;
++{
++	vchar_t *res;
++
++	if ((res = vmalloc(EVP_MD_size(type))) == 0)
++		return NULL;
++
++	if (!HMAC(type, (void *) key->v, key->l,
++		  (void *) data->v, data->l, (void *) res->v, NULL)) {
++		vfree(res);
++		return NULL;
++	}
++
++	return res;
++}
++
++static vchar_t *eay_digest_one(data, type)
++	vchar_t *data;
++	const EVP_MD *type;
++{
++	vchar_t *res;
++
++	if ((res = vmalloc(EVP_MD_size(type))) == 0)
++		return NULL;
++
++	if (!EVP_Digest((void *) data->v, data->l,
++			(void *) res->v, NULL, type, NULL)) {
++		vfree(res);
++		return NULL;
++	}
++
++	return res;
++}
++
+ #ifdef WITH_SHA2
+ /*
+  * HMAC SHA2-512
+@@ -1808,14 +1844,7 @@
+ eay_hmacsha2_512_one(key, data)
+ 	vchar_t *key, *data;
+ {
+-	vchar_t *res;
+-	caddr_t ctx;
+-
+-	ctx = eay_hmacsha2_512_init(key);
+-	eay_hmacsha2_512_update(ctx, data);
+-	res = eay_hmacsha2_512_final(ctx);
+-
+-	return(res);
++	return eay_hmac_one(key, data, EVP_sha2_512());
+ }
+ 
+ caddr_t
+@@ -1865,14 +1894,7 @@
+ eay_hmacsha2_384_one(key, data)
+ 	vchar_t *key, *data;
+ {
+-	vchar_t *res;
+-	caddr_t ctx;
+-
+-	ctx = eay_hmacsha2_384_init(key);
+-	eay_hmacsha2_384_update(ctx, data);
+-	res = eay_hmacsha2_384_final(ctx);
+-
+-	return(res);
++	return eay_hmac_one(key, data, EVP_sha2_384());
+ }
+ 
+ caddr_t
+@@ -1922,14 +1944,7 @@
+ eay_hmacsha2_256_one(key, data)
+ 	vchar_t *key, *data;
+ {
+-	vchar_t *res;
+-	caddr_t ctx;
+-
+-	ctx = eay_hmacsha2_256_init(key);
+-	eay_hmacsha2_256_update(ctx, data);
+-	res = eay_hmacsha2_256_final(ctx);
+-
+-	return(res);
++	return eay_hmac_one(key, data, EVP_sha2_256());
+ }
+ 
+ caddr_t
+@@ -1980,14 +1995,7 @@
+ eay_hmacsha1_one(key, data)
+ 	vchar_t *key, *data;
+ {
+-	vchar_t *res;
+-	caddr_t ctx;
+-
+-	ctx = eay_hmacsha1_init(key);
+-	eay_hmacsha1_update(ctx, data);
+-	res = eay_hmacsha1_final(ctx);
+-
+-	return(res);
++	return eay_hmac_one(key, data, EVP_sha1());
+ }
+ 
+ caddr_t
+@@ -2037,14 +2045,7 @@
+ eay_hmacmd5_one(key, data)
+ 	vchar_t *key, *data;
+ {
+-	vchar_t *res;
+-	caddr_t ctx;
+-
+-	ctx = eay_hmacmd5_init(key);
+-	eay_hmacmd5_update(ctx, data);
+-	res = eay_hmacmd5_final(ctx);
+-
+-	return(res);
++	return eay_hmac_one(key, data, EVP_md5());
+ }
+ 
+ caddr_t
+@@ -2130,14 +2131,7 @@
+ eay_sha2_512_one(data)
+ 	vchar_t *data;
+ {
+-	caddr_t ctx;
+-	vchar_t *res;
+-
+-	ctx = eay_sha2_512_init();
+-	eay_sha2_512_update(ctx, data);
+-	res = eay_sha2_512_final(ctx);
+-
+-	return(res);
++	return eay_digest_one(data, EVP_sha512());
+ }
+ 
+ int
+@@ -2190,14 +2184,7 @@
+ eay_sha2_384_one(data)
+ 	vchar_t *data;
+ {
+-	caddr_t ctx;
+-	vchar_t *res;
+-
+-	ctx = eay_sha2_384_init();
+-	eay_sha2_384_update(ctx, data);
+-	res = eay_sha2_384_final(ctx);
+-
+-	return(res);
++	return eay_digest_one(data, EVP_sha2_384());
+ }
+ 
+ int
+@@ -2250,14 +2237,7 @@
+ eay_sha2_256_one(data)
+ 	vchar_t *data;
+ {
+-	caddr_t ctx;
+-	vchar_t *res;
+-
+-	ctx = eay_sha2_256_init();
+-	eay_sha2_256_update(ctx, data);
+-	res = eay_sha2_256_final(ctx);
+-
+-	return(res);
++	return eay_digest_one(data, EVP_sha2_256());
+ }
+ 
+ int
+@@ -2309,14 +2289,7 @@
+ eay_sha1_one(data)
+ 	vchar_t *data;
+ {
+-	caddr_t ctx;
+-	vchar_t *res;
+-
+-	ctx = eay_sha1_init();
+-	eay_sha1_update(ctx, data);
+-	res = eay_sha1_final(ctx);
+-
+-	return(res);
++	return eay_digest_one(data, EVP_sha1());
+ }
+ 
+ int
+@@ -2367,14 +2340,7 @@
+ eay_md5_one(data)
+ 	vchar_t *data;
+ {
+-	caddr_t ctx;
+-	vchar_t *res;
+-
+-	ctx = eay_md5_init();
+-	eay_md5_update(ctx, data);
+-	res = eay_md5_final(ctx);
+-
+-	return(res);
++	return eay_digest_one(data, EVP_md5());
+ }
+ 
+ int
diff --git a/main/ipsec-tools/APKBUILD b/main/ipsec-tools/APKBUILD
index 4d8ef0d0c..5534d78b7 100644
--- a/main/ipsec-tools/APKBUILD
+++ b/main/ipsec-tools/APKBUILD
@@ -2,7 +2,7 @@
 pkgname=ipsec-tools
 pkgver=0.8_alpha20090903
 _myver=0.8-alpha20090903
-pkgrel=8
+pkgrel=9
 pkgdesc="User-space IPsec tools for various IPsec implementations"
 url="http://ipsec-tools.sourceforge.net/"
 license="BSD"
@@ -16,6 +16,7 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$_myver.tar.gz
 	60-debug-quick.patch
 	initial-contact-fix.diff
 	fd-priorities.patch
+	90-openssl-oneshot.patch
 	"
 
 _builddir="$srcdir"/$pkgname-$_myver
@@ -62,4 +63,5 @@ md5sums="8ec28d4e89c0f5e49ae2caa7463fbcfd  ipsec-tools-0.8-alpha20090903.tar.gz
 13bda94a598aabf593280e04ea16065d  50-reverse-connect.patch
 baa13d7f0f48955c792f7fcd42a8587a  60-debug-quick.patch
 69e06c5cc3a0c1cc8b10ddc89d1e644b  initial-contact-fix.diff
-c1e8b8dc80ef4b5d79fece52a4865e68  fd-priorities.patch"
+c1e8b8dc80ef4b5d79fece52a4865e68  fd-priorities.patch
+11e2c21e443edab17725f74ffeaddb76  90-openssl-oneshot.patch"