From 24e22d4b6eaf1af5bc21e24ede4fc68a188f5183 Mon Sep 17 00:00:00 2001
From: Todd Ouska <todd@yassl.com>
Date: Fri, 1 Feb 2013 16:26:42 -0800
Subject: [PATCH] add cavium notes and free ssl cavium ciphers

---
 README               | 17 ++++++++++++++++-
 ctaocrypt/src/aes.c  |  3 +++
 ctaocrypt/src/arc4.c |  3 +++
 ctaocrypt/src/des3.c |  3 +++
 src/internal.c       | 18 ++++++++++++++++++
 5 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/README b/README
index ca99603aa..c6065442e 100644
--- a/README
+++ b/README
@@ -42,18 +42,33 @@ Release 2.5.0 CyaSSL has bug fixes and new features including:
 - Microchip MPLAB X example projects for PIC32 Ethernet Starter Kit
 - Updated CTaoCrypt benchmark app for embedded systems
 - 1024-bit test certs/keys and cert/key buffers
-- Initial Cavium Nitrox support
 - AES-CCM-8 crypto and cipher suites
 - Camellia crypto and cipher suites
 - Bumped minimum autoconf version to 2.65, automake version to 1.12
 - Addition of OCSP callbacks
 - STM32F2 support with hardware crypto and RNG 
+- Cavium NITROX support
 
 CTaoCrypt now has support for the Microchip PIC32 and has been tested with
 the Microchip PIC32 Ethernet Starter Kit, the XC32 compiler and
 MPLAB X IDE in both MIPS16 and MIPS32 instruction set modes. See the README
 located under the <cyassl_root>/mplabx directory for more details.
 
+To add Cavium NITROX support do:
+
+./configure --with-cavium=/home/user/cavium/software
+
+pointing to your licensed cavium/software directory.  Since Cavium doesn't
+build a library we pull in the cavium_common.o file which gives a libtool 
+warning about the portability of this.  Also, if you're using the github source
+tree you'll need to remove the -Wredundant-decls warning from the generated
+Makefile because the cavium headers don't conform to this warning.  Currently
+CyaSSL supports Cavium RNG, AES, 3DES, RC4, HMAC, and RSA directly at the crypto
+layer.  Support at the SSL level is parital and currently just does AES, 3DES,
+and RC4.  RSA and HMAC are slower until the Cavium calls can be utilized in non
+blocking mode.  The example client turns on cavium support as does the crypto
+test and benchmark.  Please see the HAVE_CAVIUM define.
+
 CyaSSL is able to use the STM32F2 hardware-based cryptography and random number
 generator through the STM32F2 Standard Peripheral Library. For necessary
 defines, see the CYASSL_STM32F2 define in settings.h. Documentation for the
diff --git a/ctaocrypt/src/aes.c b/ctaocrypt/src/aes.c
index d7a7a3aa4..c9a142315 100644
--- a/ctaocrypt/src/aes.c
+++ b/ctaocrypt/src/aes.c
@@ -2789,6 +2789,9 @@ void AesFreeCavium(Aes* aes)
     if (aes == NULL)
         return;
 
+    if (aes->magic != CYASSL_AES_CAVIUM_MAGIC)
+        return;
+
     CspFreeContext(CONTEXT_SSL, aes->contextHandle, aes->devId);
     aes->magic = 0;
 }
diff --git a/ctaocrypt/src/arc4.c b/ctaocrypt/src/arc4.c
index f49d4e7aa..ba9651eda 100644
--- a/ctaocrypt/src/arc4.c
+++ b/ctaocrypt/src/arc4.c
@@ -124,6 +124,9 @@ void Arc4FreeCavium(Arc4* arc4)
     if (arc4 == NULL)
         return;
 
+    if (arc4->magic != CYASSL_ARC4_CAVIUM_MAGIC)
+        return;
+
     CspFreeContext(CONTEXT_SSL, arc4->contextHandle, arc4->devId);
     arc4->magic = 0;
 }
diff --git a/ctaocrypt/src/des3.c b/ctaocrypt/src/des3.c
index 0b46e2cdd..0b85e956f 100644
--- a/ctaocrypt/src/des3.c
+++ b/ctaocrypt/src/des3.c
@@ -795,6 +795,9 @@ void Des3_FreeCavium(Des3* des3)
     if (des3 == NULL)
         return;
 
+    if (des3->magic != CYASSL_3DES_CAVIUM_MAGIC)
+        return;
+
     CspFreeContext(CONTEXT_SSL, des3->contextHandle, des3->devId);
     des3->magic = 0;
 }
diff --git a/src/internal.c b/src/internal.c
index b47980285..6158c4d0c 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -496,14 +496,32 @@ void FreeCiphers(CYASSL* ssl)
 {
     (void)ssl;
 #ifdef BUILD_ARC4
+    #ifdef HAVE_CAVIUM
+    if (ssl->devId != NO_CAVIUM_DEVICE) {
+        Arc4FreeCavium(ssl->encrypt.arc4);
+        Arc4FreeCavium(ssl->decrypt.arc4);
+    }
+    #endif
     XFREE(ssl->encrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER);
     XFREE(ssl->decrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER);
 #endif
 #ifdef BUILD_DES3
+    #ifdef HAVE_CAVIUM
+    if (ssl->devId != NO_CAVIUM_DEVICE) {
+        Des3_FreeCavium(ssl->encrypt.des3);
+        Des3_FreeCavium(ssl->decrypt.des3);
+    }
+    #endif
     XFREE(ssl->encrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
     XFREE(ssl->decrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
 #endif
 #ifdef BUILD_AES
+    #ifdef HAVE_CAVIUM
+    if (ssl->devId != NO_CAVIUM_DEVICE) {
+        AesFreeCavium(ssl->encrypt.aes);
+        AesFreeCavium(ssl->decrypt.aes);
+    }
+    #endif
     XFREE(ssl->encrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
     XFREE(ssl->decrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
 #endif