aboutsummaryrefslogtreecommitdiffstats
path: root/recipes-connectivity/openssl/openssl-fsl/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
diff options
context:
space:
mode:
Diffstat (limited to 'recipes-connectivity/openssl/openssl-fsl/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch')
-rw-r--r--recipes-connectivity/openssl/openssl-fsl/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch193
1 files changed, 193 insertions, 0 deletions
diff --git a/recipes-connectivity/openssl/openssl-fsl/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch b/recipes-connectivity/openssl/openssl-fsl/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
new file mode 100644
index 00000000..1118a6fc
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
@@ -0,0 +1,193 @@
+From 21e3ca4ec77f9258aa4001f07faac1c4942b48b4 Mon Sep 17 00:00:00 2001
+From: Tudor Ambarus <tudor.ambarus@freescale.com>
+Date: Fri, 9 May 2014 17:54:06 +0300
+Subject: [PATCH 18/26] eng_cryptodev: extend TLS offload with
+ 3des_cbc_hmac_sha1
+
+Both obj_mac.h and obj_dat.h were generated using the scripts
+from crypto/objects:
+
+$ cd crypto/objects
+$ perl objects.pl objects.txt obj_mac.num obj_mac.h
+$ perl obj_dat.pl obj_mac.h obj_dat.h
+
+Change-Id: I94f13cdd09df67e33e6acd3c00aab47cb358ac46
+Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/34001
+---
+ crypto/engine/eng_cryptodev.c | 24 ++++++++++++++++++++++++
+ crypto/objects/obj_dat.h | 10 +++++++---
+ crypto/objects/obj_mac.h | 4 ++++
+ crypto/objects/obj_mac.num | 1 +
+ crypto/objects/objects.txt | 1 +
+ ssl/ssl_ciph.c | 4 ++++
+ 6 files changed, 41 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 79b2678..299e84b 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -135,6 +135,7 @@ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
+ void ENGINE_load_cryptodev(void);
+ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
++const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
+
+ inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
+ {
+@@ -252,6 +253,7 @@ static struct {
+ { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, 0},
+ { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0},
+ { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0},
++ { CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20},
+ { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
+ { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
+ { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0},
+@@ -466,6 +468,9 @@ cryptodev_usable_ciphers(const int **nids)
+ case NID_aes_256_cbc_hmac_sha1:
+ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
+ break;
++ case NID_des_ede3_cbc_hmac_sha1:
++ EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
++ break;
+ }
+ }
+ return count;
+@@ -571,6 +576,7 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ switch (ctx->cipher->nid) {
+ case NID_aes_128_cbc_hmac_sha1:
+ case NID_aes_256_cbc_hmac_sha1:
++ case NID_des_ede3_cbc_hmac_sha1:
+ cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
+ }
+ cryp.ses = sess->ses;
+@@ -763,6 +769,7 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+ switch (ctx->cipher->nid) {
+ case NID_aes_128_cbc_hmac_sha1:
+ case NID_aes_256_cbc_hmac_sha1:
++ case NID_des_ede3_cbc_hmac_sha1:
+ maclen = SHA_DIGEST_LENGTH;
+ }
+
+@@ -1082,6 +1089,20 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
+ NULL
+ };
+
++const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1 = {
++ NID_des_ede3_cbc_hmac_sha1,
++ 8, 24, 8,
++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++ cryptodev_init_aead_key,
++ cryptodev_aead_cipher,
++ cryptodev_cleanup,
++ sizeof(struct dev_crypto_state),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ cryptodev_cbc_hmac_sha1_ctrl,
++ NULL
++};
++
+ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
+ NID_aes_128_cbc_hmac_sha1,
+ 16, 16, 16,
+@@ -1163,6 +1184,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+ case NID_aes_256_cbc:
+ *cipher = &cryptodev_aes_256_cbc;
+ break;
++ case NID_des_ede3_cbc_hmac_sha1:
++ *cipher = &cryptodev_3des_cbc_hmac_sha1;
++ break;
+ case NID_aes_128_cbc_hmac_sha1:
+ *cipher = &cryptodev_aes_128_cbc_hmac_sha1;
+ break;
+diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
+index bc69665..9f2267a 100644
+--- a/crypto/objects/obj_dat.h
++++ b/crypto/objects/obj_dat.h
+@@ -62,9 +62,9 @@
+ * [including the GNU Public Licence.]
+ */
+
+-#define NUM_NID 920
+-#define NUM_SN 913
+-#define NUM_LN 913
++#define NUM_NID 921
++#define NUM_SN 914
++#define NUM_LN 914
+ #define NUM_OBJ 857
+
+ static const unsigned char lvalues[5974]={
+@@ -2399,6 +2399,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
+ {"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1",
+ NID_aes_256_cbc_hmac_sha1,0,NULL,0},
+ {"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0},
++{"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
++ NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
+ };
+
+ static const unsigned int sn_objs[NUM_SN]={
+@@ -2474,6 +2476,7 @@ static const unsigned int sn_objs[NUM_SN]={
+ 62, /* "DES-EDE-OFB" */
+ 33, /* "DES-EDE3" */
+ 44, /* "DES-EDE3-CBC" */
++920, /* "DES-EDE3-CBC-HMAC-SHA1" */
+ 61, /* "DES-EDE3-CFB" */
+ 658, /* "DES-EDE3-CFB1" */
+ 659, /* "DES-EDE3-CFB8" */
+@@ -3585,6 +3588,7 @@ static const unsigned int ln_objs[NUM_LN]={
+ 62, /* "des-ede-ofb" */
+ 33, /* "des-ede3" */
+ 44, /* "des-ede3-cbc" */
++920, /* "des-ede3-cbc-hmac-sha1" */
+ 61, /* "des-ede3-cfb" */
+ 658, /* "des-ede3-cfb1" */
+ 659, /* "des-ede3-cfb8" */
+diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
+index b5ea7cd..8751902 100644
+--- a/crypto/objects/obj_mac.h
++++ b/crypto/objects/obj_mac.h
+@@ -4030,3 +4030,7 @@
+ #define LN_aes_256_cbc_hmac_sha1 "aes-256-cbc-hmac-sha1"
+ #define NID_aes_256_cbc_hmac_sha1 918
+
++#define SN_des_ede3_cbc_hmac_sha1 "DES-EDE3-CBC-HMAC-SHA1"
++#define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1"
++#define NID_des_ede3_cbc_hmac_sha1 920
++
+diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
+index 1d0a7c8..9d44bb5 100644
+--- a/crypto/objects/obj_mac.num
++++ b/crypto/objects/obj_mac.num
+@@ -917,3 +917,4 @@ aes_128_cbc_hmac_sha1 916
+ aes_192_cbc_hmac_sha1 917
+ aes_256_cbc_hmac_sha1 918
+ rsaesOaep 919
++des_ede3_cbc_hmac_sha1 920
+diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
+index d3bfad7..90d2fc5 100644
+--- a/crypto/objects/objects.txt
++++ b/crypto/objects/objects.txt
+@@ -1290,3 +1290,4 @@ kisa 1 6 : SEED-OFB : seed-ofb
+ : AES-128-CBC-HMAC-SHA1 : aes-128-cbc-hmac-sha1
+ : AES-192-CBC-HMAC-SHA1 : aes-192-cbc-hmac-sha1
+ : AES-256-CBC-HMAC-SHA1 : aes-256-cbc-hmac-sha1
++ : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1
+diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
+index 8188ff5..310fe76 100644
+--- a/ssl/ssl_ciph.c
++++ b/ssl/ssl_ciph.c
+@@ -639,6 +639,10 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+ c->algorithm_mac == SSL_SHA1 &&
+ (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
+ *enc = evp, *md = NULL;
++ else if (c->algorithm_enc == SSL_3DES &&
++ c->algorithm_mac == SSL_SHA1 &&
++ (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
++ *enc = evp, *md = NULL;
+ return(1);
+ }
+ else
+--
+2.3.5
+