main/ipsec-tools: use openssl in oneshot mode

This enables hardware acceleration for digest and hmac operations in optimal way.
author: Timo Teräs <timo.teras@iki.fi> 2010-06-04 19:07:07 +0300
committer: Timo Teräs <timo.teras@iki.fi> 2010-06-04 19:12:46 +0300
commit: df11f629ed51bbf0eb9a41fa23886f6948019324 (patch)
tree: 5d387984a109d5fb099635c2b99c5ab065b2defc
parent: c6da72282a062d468fa30abd504c8a22d248ab91 (diff)
download: alpine_aports-df11f629ed51bbf0eb9a41fa23886f6948019324.tar.bz2
alpine_aports-df11f629ed51bbf0eb9a41fa23886f6948019324.tar.xz
alpine_aports-df11f629ed51bbf0eb9a41fa23886f6948019324.zip
2 files changed, 214 insertions, 2 deletions
diff --git a/main/ipsec-tools/90-openssl-oneshot.patch b/main/ipsec-tools/90-openssl-oneshot.patch
new file mode 100644
index 0000000000..ece12a52dd
--- /dev/null
+++ b/main/ipsec-tools/90-openssl-oneshot.patch
@@ -0,0 +1,210 @@
+Index: src/racoon/crypto_openssl.c
+===================================================================
+RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c,v
+retrieving revision 1.19
+diff -u -r1.19 crypto_openssl.c
+--- a/src/racoon/crypto_openssl.c       29 Apr 2009 10:50:01 -0000      1.19
+++ b/src/racoon/crypto_openssl.c       4 Jun 2010 09:13:18 -0000
+@@ -1800,6 +1800,42 @@
+        return (caddr_t)c;
+ }
+ 
+static vchar_t *eay_hmac_one(key, data, type)
+       vchar_t *key, *data;
+       const EVP_MD *type;
+{
+       vchar_t *res;
+
+       if ((res = vmalloc(EVP_MD_size(type))) == 0)
+               return NULL;
+
+       if (!HMAC(type, (void *) key->v, key->l,
+                 (void *) data->v, data->l, (void *) res->v, NULL)) {
+               vfree(res);
+               return NULL;
+       }
+
+       return res;
+}
+
+static vchar_t *eay_digest_one(data, type)
+       vchar_t *data;
+       const EVP_MD *type;
+{
+       vchar_t *res;
+
+       if ((res = vmalloc(EVP_MD_size(type))) == 0)
+               return NULL;
+
+       if (!EVP_Digest((void *) data->v, data->l,
+                       (void *) res->v, NULL, type, NULL)) {
+               vfree(res);
+               return NULL;
+       }
+
+       return res;
+}
+
+ #ifdef WITH_SHA2
+ /*
+  * HMAC SHA2-512
+@@ -1808,14 +1844,7 @@
+ eay_hmacsha2_512_one(key, data)
+        vchar_t *key, *data;
+ {
+-       vchar_t *res;
+-       caddr_t ctx;
+-
+-       ctx = eay_hmacsha2_512_init(key);
+-       eay_hmacsha2_512_update(ctx, data);
+-       res = eay_hmacsha2_512_final(ctx);
+-
+-       return(res);
+       return eay_hmac_one(key, data, EVP_sha2_512());
+ }
+ 
+ caddr_t
+@@ -1865,14 +1894,7 @@
+ eay_hmacsha2_384_one(key, data)
+        vchar_t *key, *data;
+ {
+-       vchar_t *res;
+-       caddr_t ctx;
+-
+-       ctx = eay_hmacsha2_384_init(key);
+-       eay_hmacsha2_384_update(ctx, data);
+-       res = eay_hmacsha2_384_final(ctx);
+-
+-       return(res);
+       return eay_hmac_one(key, data, EVP_sha2_384());
+ }
+ 
+ caddr_t
+@@ -1922,14 +1944,7 @@
+ eay_hmacsha2_256_one(key, data)
+        vchar_t *key, *data;
+ {
+-       vchar_t *res;
+-       caddr_t ctx;
+-
+-       ctx = eay_hmacsha2_256_init(key);
+-       eay_hmacsha2_256_update(ctx, data);
+-       res = eay_hmacsha2_256_final(ctx);
+-
+-       return(res);
+       return eay_hmac_one(key, data, EVP_sha2_256());
+ }
+ 
+ caddr_t
+@@ -1980,14 +1995,7 @@
+ eay_hmacsha1_one(key, data)
+        vchar_t *key, *data;
+ {
+-       vchar_t *res;
+-       caddr_t ctx;
+-
+-       ctx = eay_hmacsha1_init(key);
+-       eay_hmacsha1_update(ctx, data);
+-       res = eay_hmacsha1_final(ctx);
+-
+-       return(res);
+       return eay_hmac_one(key, data, EVP_sha1());
+ }
+ 
+ caddr_t
+@@ -2037,14 +2045,7 @@
+ eay_hmacmd5_one(key, data)
+        vchar_t *key, *data;
+ {
+-       vchar_t *res;
+-       caddr_t ctx;
+-
+-       ctx = eay_hmacmd5_init(key);
+-       eay_hmacmd5_update(ctx, data);
+-       res = eay_hmacmd5_final(ctx);
+-
+-       return(res);
+       return eay_hmac_one(key, data, EVP_md5());
+ }
+ 
+ caddr_t
+@@ -2130,14 +2131,7 @@
+ eay_sha2_512_one(data)
+        vchar_t *data;
+ {
+-       caddr_t ctx;
+-       vchar_t *res;
+-
+-       ctx = eay_sha2_512_init();
+-       eay_sha2_512_update(ctx, data);
+-       res = eay_sha2_512_final(ctx);
+-
+-       return(res);
+       return eay_digest_one(data, EVP_sha512());
+ }
+ 
+ int
+@@ -2190,14 +2184,7 @@
+ eay_sha2_384_one(data)
+        vchar_t *data;
+ {
+-       caddr_t ctx;
+-       vchar_t *res;
+-
+-       ctx = eay_sha2_384_init();
+-       eay_sha2_384_update(ctx, data);
+-       res = eay_sha2_384_final(ctx);
+-
+-       return(res);
+       return eay_digest_one(data, EVP_sha2_384());
+ }
+ 
+ int
+@@ -2250,14 +2237,7 @@
+ eay_sha2_256_one(data)
+        vchar_t *data;
+ {
+-       caddr_t ctx;
+-       vchar_t *res;
+-
+-       ctx = eay_sha2_256_init();
+-       eay_sha2_256_update(ctx, data);
+-       res = eay_sha2_256_final(ctx);
+-
+-       return(res);
+       return eay_digest_one(data, EVP_sha2_256());
+ }
+ 
+ int
+@@ -2309,14 +2289,7 @@
+ eay_sha1_one(data)
+        vchar_t *data;
+ {
+-       caddr_t ctx;
+-       vchar_t *res;
+-
+-       ctx = eay_sha1_init();
+-       eay_sha1_update(ctx, data);
+-       res = eay_sha1_final(ctx);
+-
+-       return(res);
+       return eay_digest_one(data, EVP_sha1());
+ }
+ 
+ int
+@@ -2367,14 +2340,7 @@
+ eay_md5_one(data)
+        vchar_t *data;
+ {
+-       caddr_t ctx;
+-       vchar_t *res;
+-
+-       ctx = eay_md5_init();
+-       eay_md5_update(ctx, data);
+-       res = eay_md5_final(ctx);
+-
+-       return(res);
+       return eay_digest_one(data, EVP_md5());
+ }
+ 
+ int
diff --git a/main/ipsec-tools/APKBUILD b/main/ipsec-tools/APKBUILD
index a3da4fc175..48760b57f0 100644
--- a/main/ipsec-tools/APKBUILD
+++ b/main/ipsec-tools/APKBUILD
@@ -2,7 +2,7 @@
 pkgname=ipsec-tools
 pkgver=0.8_alpha20090903
 _myver=0.8-alpha20090903
-pkgrel=6
+pkgrel=7
 pkgdesc="User-space IPsec tools for various IPsec implementations"
 url="http://ipsec-tools.sourceforge.net/"
 license="BSD"
@@ -16,6 +16,7 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$_myver.tar.gz
        60-debug-quick.patch
        initial-contact-fix.diff
        fd-priorities.patch
+        90-openssl-oneshot.patch
        "
 _builddir="$srcdir"/$pkgname-$_myver
@@ -62,4 +63,5 @@ md5sums="8ec28d4e89c0f5e49ae2caa7463fbcfd  ipsec-tools-0.8-alpha20090903.tar.gz
 13bda94a598aabf593280e04ea16065d  50-reverse-connect.patch
 baa13d7f0f48955c792f7fcd42a8587a  60-debug-quick.patch
 69e06c5cc3a0c1cc8b10ddc89d1e644b  initial-contact-fix.diff
-c1e8b8dc80ef4b5d79fece52a4865e68  fd-priorities.patch"
+c1e8b8dc80ef4b5d79fece52a4865e68  fd-priorities.patch
+11e2c21e443edab17725f74ffeaddb76  90-openssl-oneshot.patch"
author	Timo Teräs <timo.teras@iki.fi>	2010-06-04 19:07:07 +0300
committer	Timo Teräs <timo.teras@iki.fi>	2010-06-04 19:12:46 +0300
commit	df11f629ed51bbf0eb9a41fa23886f6948019324 (patch)
tree	5d387984a109d5fb099635c2b99c5ab065b2defc
parent	c6da72282a062d468fa30abd504c8a22d248ab91 (diff)
download	alpine_aports-df11f629ed51bbf0eb9a41fa23886f6948019324.tar.bz2 alpine_aports-df11f629ed51bbf0eb9a41fa23886f6948019324.tar.xz alpine_aports-df11f629ed51bbf0eb9a41fa23886f6948019324.zip

diff --git a/main/ipsec-tools/90-openssl-oneshot.patch b/main/ipsec-tools/90-openssl-oneshot.patch new file mode 100644 index 0000000000..ece12a52dd --- /dev/null +++ b/main/ipsec-tools/90-openssl-oneshot.patch
@@ -0,0 +1,210 @@
		1	Index: src/racoon/crypto_openssl.c
		2	===================================================================
		3	RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c,v
		4	retrieving revision 1.19
		5	diff -u -r1.19 crypto_openssl.c
		6	--- a/src/racoon/crypto_openssl.c 29 Apr 2009 10:50:01 -0000 1.19
		7	+++ b/src/racoon/crypto_openssl.c 4 Jun 2010 09:13:18 -0000
		8	@@ -1800,6 +1800,42 @@
		9	return (caddr_t)c;
		10	}
		11
		12	+static vchar_t *eay_hmac_one(key, data, type)
		13	+ vchar_t key, data;
		14	+ const EVP_MD *type;
		15	+{
		16	+ vchar_t *res;
		17	+
		18	+ if ((res = vmalloc(EVP_MD_size(type))) == 0)
		19	+ return NULL;
		20	+
		21	+ if (!HMAC(type, (void *) key->v, key->l,
		22	+ (void ) data->v, data->l, (void ) res->v, NULL)) {
		23	+ vfree(res);
		24	+ return NULL;
		25	+ }
		26	+
		27	+ return res;
		28	+}
		29	+
		30	+static vchar_t *eay_digest_one(data, type)
		31	+ vchar_t *data;
		32	+ const EVP_MD *type;
		33	+{
		34	+ vchar_t *res;
		35	+
		36	+ if ((res = vmalloc(EVP_MD_size(type))) == 0)
		37	+ return NULL;
		38	+
		39	+ if (!EVP_Digest((void *) data->v, data->l,
		40	+ (void *) res->v, NULL, type, NULL)) {
		41	+ vfree(res);
		42	+ return NULL;
		43	+ }
		44	+
		45	+ return res;
		46	+}
		47	+
		48	#ifdef WITH_SHA2
		49	/*
		50	* HMAC SHA2-512
		51	@@ -1808,14 +1844,7 @@
		52	eay_hmacsha2_512_one(key, data)
		53	vchar_t key, data;
		54	{
		55	- vchar_t *res;
		56	- caddr_t ctx;
		57	-
		58	- ctx = eay_hmacsha2_512_init(key);
		59	- eay_hmacsha2_512_update(ctx, data);
		60	- res = eay_hmacsha2_512_final(ctx);
		61	-
		62	- return(res);
		63	+ return eay_hmac_one(key, data, EVP_sha2_512());
		64	}
		65
		66	caddr_t
		67	@@ -1865,14 +1894,7 @@
		68	eay_hmacsha2_384_one(key, data)
		69	vchar_t key, data;
		70	{
		71	- vchar_t *res;
		72	- caddr_t ctx;
		73	-
		74	- ctx = eay_hmacsha2_384_init(key);
		75	- eay_hmacsha2_384_update(ctx, data);
		76	- res = eay_hmacsha2_384_final(ctx);
		77	-
		78	- return(res);
		79	+ return eay_hmac_one(key, data, EVP_sha2_384());
		80	}
		81
		82	caddr_t
		83	@@ -1922,14 +1944,7 @@
		84	eay_hmacsha2_256_one(key, data)
		85	vchar_t key, data;
		86	{
		87	- vchar_t *res;
		88	- caddr_t ctx;
		89	-
		90	- ctx = eay_hmacsha2_256_init(key);
		91	- eay_hmacsha2_256_update(ctx, data);
		92	- res = eay_hmacsha2_256_final(ctx);
		93	-
		94	- return(res);
		95	+ return eay_hmac_one(key, data, EVP_sha2_256());
		96	}
		97
		98	caddr_t
		99	@@ -1980,14 +1995,7 @@
		100	eay_hmacsha1_one(key, data)
		101	vchar_t key, data;
		102	{
		103	- vchar_t *res;
		104	- caddr_t ctx;
		105	-
		106	- ctx = eay_hmacsha1_init(key);
		107	- eay_hmacsha1_update(ctx, data);
		108	- res = eay_hmacsha1_final(ctx);
		109	-
		110	- return(res);
		111	+ return eay_hmac_one(key, data, EVP_sha1());
		112	}
		113
		114	caddr_t
		115	@@ -2037,14 +2045,7 @@
		116	eay_hmacmd5_one(key, data)
		117	vchar_t key, data;
		118	{
		119	- vchar_t *res;
		120	- caddr_t ctx;
		121	-
		122	- ctx = eay_hmacmd5_init(key);
		123	- eay_hmacmd5_update(ctx, data);
		124	- res = eay_hmacmd5_final(ctx);
		125	-
		126	- return(res);
		127	+ return eay_hmac_one(key, data, EVP_md5());
		128	}
		129
		130	caddr_t
		131	@@ -2130,14 +2131,7 @@
		132	eay_sha2_512_one(data)
		133	vchar_t *data;
		134	{
		135	- caddr_t ctx;
		136	- vchar_t *res;
		137	-
		138	- ctx = eay_sha2_512_init();
		139	- eay_sha2_512_update(ctx, data);
		140	- res = eay_sha2_512_final(ctx);
		141	-
		142	- return(res);
		143	+ return eay_digest_one(data, EVP_sha512());
		144	}
		145
		146	int
		147	@@ -2190,14 +2184,7 @@
		148	eay_sha2_384_one(data)
		149	vchar_t *data;
		150	{
		151	- caddr_t ctx;
		152	- vchar_t *res;
		153	-
		154	- ctx = eay_sha2_384_init();
		155	- eay_sha2_384_update(ctx, data);
		156	- res = eay_sha2_384_final(ctx);
		157	-
		158	- return(res);
		159	+ return eay_digest_one(data, EVP_sha2_384());
		160	}
		161
		162	int
		163	@@ -2250,14 +2237,7 @@
		164	eay_sha2_256_one(data)
		165	vchar_t *data;
		166	{
		167	- caddr_t ctx;
		168	- vchar_t *res;
		169	-
		170	- ctx = eay_sha2_256_init();
		171	- eay_sha2_256_update(ctx, data);
		172	- res = eay_sha2_256_final(ctx);
		173	-
		174	- return(res);
		175	+ return eay_digest_one(data, EVP_sha2_256());
		176	}
		177
		178	int
		179	@@ -2309,14 +2289,7 @@
		180	eay_sha1_one(data)
		181	vchar_t *data;
		182	{
		183	- caddr_t ctx;
		184	- vchar_t *res;
		185	-
		186	- ctx = eay_sha1_init();
		187	- eay_sha1_update(ctx, data);
		188	- res = eay_sha1_final(ctx);
		189	-
		190	- return(res);
		191	+ return eay_digest_one(data, EVP_sha1());
		192	}
		193
		194	int
		195	@@ -2367,14 +2340,7 @@
		196	eay_md5_one(data)
		197	vchar_t *data;
		198	{
		199	- caddr_t ctx;
		200	- vchar_t *res;
		201	-
		202	- ctx = eay_md5_init();
		203	- eay_md5_update(ctx, data);
		204	- res = eay_md5_final(ctx);
		205	-
		206	- return(res);
		207	+ return eay_digest_one(data, EVP_md5());
		208	}
		209
		210	int


diff --git a/main/ipsec-tools/APKBUILD b/main/ipsec-tools/APKBUILD index a3da4fc175..48760b57f0 100644 --- a/main/ipsec-tools/APKBUILD +++ b/main/ipsec-tools/APKBUILD
@@ -2,7 +2,7 @@
2	pkgname=ipsec-tools	2	pkgname=ipsec-tools
3	pkgver=0.8_alpha20090903	3	pkgver=0.8_alpha20090903
4	_myver=0.8-alpha20090903	4	_myver=0.8-alpha20090903
5	pkgrel=6	5	pkgrel=7
6	pkgdesc="User-space IPsec tools for various IPsec implementations"	6	pkgdesc="User-space IPsec tools for various IPsec implementations"
7	url="http://ipsec-tools.sourceforge.net/"	7	url="http://ipsec-tools.sourceforge.net/"
8	license="BSD"	8	license="BSD"
@@ -16,6 +16,7 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$_myver.tar.gz
16	60-debug-quick.patch	16	60-debug-quick.patch
17	initial-contact-fix.diff	17	initial-contact-fix.diff
18	fd-priorities.patch	18	fd-priorities.patch
		19	90-openssl-oneshot.patch
19	"	20	"
20		21
21	_builddir="$srcdir"/$pkgname-$_myver	22	_builddir="$srcdir"/$pkgname-$_myver
@@ -62,4 +63,5 @@ md5sums="8ec28d4e89c0f5e49ae2caa7463fbcfd ipsec-tools-0.8-alpha20090903.tar.gz
62	13bda94a598aabf593280e04ea16065d 50-reverse-connect.patch	63	13bda94a598aabf593280e04ea16065d 50-reverse-connect.patch
63	baa13d7f0f48955c792f7fcd42a8587a 60-debug-quick.patch	64	baa13d7f0f48955c792f7fcd42a8587a 60-debug-quick.patch
64	69e06c5cc3a0c1cc8b10ddc89d1e644b initial-contact-fix.diff	65	69e06c5cc3a0c1cc8b10ddc89d1e644b initial-contact-fix.diff
65	c1e8b8dc80ef4b5d79fece52a4865e68 fd-priorities.patch"	66	c1e8b8dc80ef4b5d79fece52a4865e68 fd-priorities.patch
		67	11e2c21e443edab17725f74ffeaddb76 90-openssl-oneshot.patch"