aboutsummaryrefslogtreecommitdiffstats
path: root/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
diff options
context:
space:
mode:
Diffstat (limited to 'recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch')
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch359
1 files changed, 0 insertions, 359 deletions
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
deleted file mode 100644
index 7370c49..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
+++ /dev/null
@@ -1,359 +0,0 @@
-From a58703e6601fcfcfe69fdb3e7152ed76b40d67e9 Mon Sep 17 00:00:00 2001
-From: Tudor Ambarus <tudor.ambarus@freescale.com>
-Date: Tue, 31 Mar 2015 16:32:35 +0300
-Subject: [PATCH 20/26] eng_cryptodev: add support for TLSv1.2 record offload
-
-Supported cipher suites:
-- 3des-ede-cbc-sha
-- aes-128-cbc-hmac-sha
-- aes-256-cbc-hmac-sha
-- aes-128-cbc-hmac-sha256
-- aes-256-cbc-hmac-sha256
-
-Requires TLS patches on cryptodev and TLS algorithm support in Linux
-kernel driver.
-
-Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
-Change-Id: I0ac6953dd62e2655a59d8f3eaefd012b7ecebf55
-Reviewed-on: http://git.am.freescale.net:8181/34003
-Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 123 ++++++++++++++++++++++++++++++++++++++++++
- crypto/objects/obj_dat.h | 26 +++++++--
- crypto/objects/obj_mac.h | 20 +++++++
- crypto/objects/obj_mac.num | 5 ++
- crypto/objects/objects.txt | 5 ++
- ssl/ssl_ciph.c | 25 +++++++++
- 6 files changed, 201 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index f71ab27..fa5fe1b 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -140,6 +140,11 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256;
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256;
-
- inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
- {
-@@ -263,6 +268,11 @@ static struct {
- { CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8, 24, 20},
- { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16, 20},
- { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32, 20},
-+ { CRYPTO_TLS12_3DES_CBC_HMAC_SHA1, NID_tls12_des_ede3_cbc_hmac_sha1, 8, 24, 20},
-+ { CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_128_cbc_hmac_sha1, 16, 16, 20},
-+ { CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_256_cbc_hmac_sha1, 16, 32, 20},
-+ { CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_128_cbc_hmac_sha256, 16, 16, 32},
-+ { CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_256_cbc_hmac_sha256, 16, 32, 32},
- { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0},
- { 0, NID_undef, 0, 0, 0},
- };
-@@ -487,6 +497,21 @@ cryptodev_usable_ciphers(const int **nids)
- case NID_tls11_aes_256_cbc_hmac_sha1:
- EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
- break;
-+ case NID_tls12_des_ede3_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_tls12_3des_cbc_hmac_sha1);
-+ break;
-+ case NID_tls12_aes_128_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha1);
-+ break;
-+ case NID_tls12_aes_256_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha1);
-+ break;
-+ case NID_tls12_aes_128_cbc_hmac_sha256:
-+ EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha256);
-+ break;
-+ case NID_tls12_aes_256_cbc_hmac_sha256:
-+ EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha256);
-+ break;
- }
- }
- return count;
-@@ -596,6 +621,11 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- case NID_tls11_des_ede3_cbc_hmac_sha1:
- case NID_tls11_aes_128_cbc_hmac_sha1:
- case NID_tls11_aes_256_cbc_hmac_sha1:
-+ case NID_tls12_des_ede3_cbc_hmac_sha1:
-+ case NID_tls12_aes_128_cbc_hmac_sha1:
-+ case NID_tls12_aes_256_cbc_hmac_sha1:
-+ case NID_tls12_aes_128_cbc_hmac_sha256:
-+ case NID_tls12_aes_256_cbc_hmac_sha256:
- cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
- }
- cryp.ses = sess->ses;
-@@ -795,9 +825,17 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
- case NID_tls11_des_ede3_cbc_hmac_sha1:
- case NID_tls11_aes_128_cbc_hmac_sha1:
- case NID_tls11_aes_256_cbc_hmac_sha1:
-+ case NID_tls12_des_ede3_cbc_hmac_sha1:
-+ case NID_tls12_aes_128_cbc_hmac_sha1:
-+ case NID_tls12_aes_256_cbc_hmac_sha1:
- maclen = SHA_DIGEST_LENGTH;
- aad_needs_fix = true;
- break;
-+ case NID_tls12_aes_128_cbc_hmac_sha256:
-+ case NID_tls12_aes_256_cbc_hmac_sha256:
-+ maclen = SHA256_DIGEST_LENGTH;
-+ aad_needs_fix = true;
-+ break;
- }
-
- /* Correct length for AAD Length field */
-@@ -1207,6 +1245,76 @@ const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
- NULL
- };
-
-+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1 = {
-+ NID_tls12_des_ede3_cbc_hmac_sha1,
-+ 8, 24, 8,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1 = {
-+ NID_tls12_aes_128_cbc_hmac_sha1,
-+ 16, 16, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1 = {
-+ NID_tls12_aes_256_cbc_hmac_sha1,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256 = {
-+ NID_tls12_aes_128_cbc_hmac_sha256,
-+ 16, 16, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256 = {
-+ NID_tls12_aes_256_cbc_hmac_sha256,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
- const EVP_CIPHER cryptodev_aes_128_gcm = {
- NID_aes_128_gcm,
- 1, 16, 12,
-@@ -1281,6 +1389,21 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- case NID_tls11_aes_256_cbc_hmac_sha1:
- *cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1;
- break;
-+ case NID_tls12_des_ede3_cbc_hmac_sha1:
-+ *cipher = &cryptodev_tls12_3des_cbc_hmac_sha1;
-+ break;
-+ case NID_tls12_aes_128_cbc_hmac_sha1:
-+ *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha1;
-+ break;
-+ case NID_tls12_aes_256_cbc_hmac_sha1:
-+ *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha1;
-+ break;
-+ case NID_tls12_aes_128_cbc_hmac_sha256:
-+ *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha256;
-+ break;
-+ case NID_tls12_aes_256_cbc_hmac_sha256:
-+ *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha256;
-+ break;
- default:
- *cipher = NULL;
- break;
-diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
-index dc89b0a..dfe19da 100644
---- a/crypto/objects/obj_dat.h
-+++ b/crypto/objects/obj_dat.h
-@@ -62,9 +62,9 @@
- * [including the GNU Public Licence.]
- */
-
--#define NUM_NID 924
--#define NUM_SN 917
--#define NUM_LN 917
-+#define NUM_NID 929
-+#define NUM_SN 922
-+#define NUM_LN 922
- #define NUM_OBJ 857
-
- static const unsigned char lvalues[5974]={
-@@ -2407,6 +2407,16 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
- NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
- {"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
- NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-DES-EDE3-CBC-HMAC-SHA1","tls12-des-ede3-cbc-hmac-sha1",
-+ NID_tls12_des_ede3_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-AES-128-CBC-HMAC-SHA1","tls12-aes-128-cbc-hmac-sha1",
-+ NID_tls12_aes_128_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-AES-256-CBC-HMAC-SHA1","tls12-aes-256-cbc-hmac-sha1",
-+ NID_tls12_aes_256_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-AES-128-CBC-HMAC-SHA256","tls12-aes-128-cbc-hmac-sha256",
-+ NID_tls12_aes_128_cbc_hmac_sha256,0,NULL,0},
-+{"TLS12-AES-256-CBC-HMAC-SHA256","tls12-aes-256-cbc-hmac-sha256",
-+ NID_tls12_aes_256_cbc_hmac_sha256,0,NULL,0},
- };
-
- static const unsigned int sn_objs[NUM_SN]={
-@@ -2595,6 +2605,11 @@ static const unsigned int sn_objs[NUM_SN]={
- 922, /* "TLS11-AES-128-CBC-HMAC-SHA1" */
- 923, /* "TLS11-AES-256-CBC-HMAC-SHA1" */
- 921, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
-+925, /* "TLS12-AES-128-CBC-HMAC-SHA1" */
-+927, /* "TLS12-AES-128-CBC-HMAC-SHA256" */
-+926, /* "TLS12-AES-256-CBC-HMAC-SHA1" */
-+928, /* "TLS12-AES-256-CBC-HMAC-SHA256" */
-+924, /* "TLS12-DES-EDE3-CBC-HMAC-SHA1" */
- 458, /* "UID" */
- 0, /* "UNDEF" */
- 11, /* "X500" */
-@@ -4217,6 +4232,11 @@ static const unsigned int ln_objs[NUM_LN]={
- 922, /* "tls11-aes-128-cbc-hmac-sha1" */
- 923, /* "tls11-aes-256-cbc-hmac-sha1" */
- 921, /* "tls11-des-ede3-cbc-hmac-sha1" */
-+925, /* "tls12-aes-128-cbc-hmac-sha1" */
-+927, /* "tls12-aes-128-cbc-hmac-sha256" */
-+926, /* "tls12-aes-256-cbc-hmac-sha1" */
-+928, /* "tls12-aes-256-cbc-hmac-sha256" */
-+924, /* "tls12-des-ede3-cbc-hmac-sha1" */
- 682, /* "tpBasis" */
- 436, /* "ucl" */
- 0, /* "undefined" */
-diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
-index f181890..5af125e 100644
---- a/crypto/objects/obj_mac.h
-+++ b/crypto/objects/obj_mac.h
-@@ -4046,3 +4046,23 @@
- #define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1"
- #define NID_tls11_aes_256_cbc_hmac_sha1 923
-
-+#define SN_tls12_des_ede3_cbc_hmac_sha1 "TLS12-DES-EDE3-CBC-HMAC-SHA1"
-+#define LN_tls12_des_ede3_cbc_hmac_sha1 "tls12-des-ede3-cbc-hmac-sha1"
-+#define NID_tls12_des_ede3_cbc_hmac_sha1 924
-+
-+#define SN_tls12_aes_128_cbc_hmac_sha1 "TLS12-AES-128-CBC-HMAC-SHA1"
-+#define LN_tls12_aes_128_cbc_hmac_sha1 "tls12-aes-128-cbc-hmac-sha1"
-+#define NID_tls12_aes_128_cbc_hmac_sha1 925
-+
-+#define SN_tls12_aes_256_cbc_hmac_sha1 "TLS12-AES-256-CBC-HMAC-SHA1"
-+#define LN_tls12_aes_256_cbc_hmac_sha1 "tls12-aes-256-cbc-hmac-sha1"
-+#define NID_tls12_aes_256_cbc_hmac_sha1 926
-+
-+#define SN_tls12_aes_128_cbc_hmac_sha256 "TLS12-AES-128-CBC-HMAC-SHA256"
-+#define LN_tls12_aes_128_cbc_hmac_sha256 "tls12-aes-128-cbc-hmac-sha256"
-+#define NID_tls12_aes_128_cbc_hmac_sha256 927
-+
-+#define SN_tls12_aes_256_cbc_hmac_sha256 "TLS12-AES-256-CBC-HMAC-SHA256"
-+#define LN_tls12_aes_256_cbc_hmac_sha256 "tls12-aes-256-cbc-hmac-sha256"
-+#define NID_tls12_aes_256_cbc_hmac_sha256 928
-+
-diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
-index a02b58c..deeba3a 100644
---- a/crypto/objects/obj_mac.num
-+++ b/crypto/objects/obj_mac.num
-@@ -921,3 +921,8 @@ des_ede3_cbc_hmac_sha1 920
- tls11_des_ede3_cbc_hmac_sha1 921
- tls11_aes_128_cbc_hmac_sha1 922
- tls11_aes_256_cbc_hmac_sha1 923
-+tls12_des_ede3_cbc_hmac_sha1 924
-+tls12_aes_128_cbc_hmac_sha1 925
-+tls12_aes_256_cbc_hmac_sha1 926
-+tls12_aes_128_cbc_hmac_sha256 927
-+tls12_aes_256_cbc_hmac_sha256 928
-diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
-index 1973658..6e4ac93 100644
---- a/crypto/objects/objects.txt
-+++ b/crypto/objects/objects.txt
-@@ -1294,3 +1294,8 @@ kisa 1 6 : SEED-OFB : seed-ofb
- : TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1
- : TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1
- : TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1
-+ : TLS12-DES-EDE3-CBC-HMAC-SHA1 : tls12-des-ede3-cbc-hmac-sha1
-+ : TLS12-AES-128-CBC-HMAC-SHA1 : tls12-aes-128-cbc-hmac-sha1
-+ : TLS12-AES-256-CBC-HMAC-SHA1 : tls12-aes-256-cbc-hmac-sha1
-+ : TLS12-AES-128-CBC-HMAC-SHA256 : tls12-aes-128-cbc-hmac-sha256
-+ : TLS12-AES-256-CBC-HMAC-SHA256 : tls12-aes-256-cbc-hmac-sha256
-diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index 0408986..77a82f6 100644
---- a/ssl/ssl_ciph.c
-+++ b/ssl/ssl_ciph.c
-@@ -661,6 +661,31 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
- c->algorithm_mac == SSL_SHA1 &&
- (evp=EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
- *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_2_VERSION &&
-+ c->algorithm_enc == SSL_3DES &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp=EVP_get_cipherbyname("TLS12-DES-EDE3-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_2_VERSION &&
-+ c->algorithm_enc == SSL_AES128 &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_2_VERSION &&
-+ c->algorithm_enc == SSL_AES256 &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_2_VERSION &&
-+ c->algorithm_enc == SSL_AES128 &&
-+ c->algorithm_mac == SSL_SHA256 &&
-+ (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA256")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_2_VERSION &&
-+ c->algorithm_enc == SSL_AES256 &&
-+ c->algorithm_mac == SSL_SHA256 &&
-+ (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA256")))
-+ *enc = evp, *md = NULL;
- return(1);
- }
- else
---
-2.3.5
-