diff options
Diffstat (limited to 'recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch')
-rw-r--r-- | recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch | 199 |
1 files changed, 199 insertions, 0 deletions
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch new file mode 100644 index 00000000..623c58b9 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch | |||
@@ -0,0 +1,199 @@ | |||
1 | From 7dd6b35c35b027be8ef0ef2e29a949bc4ce96bbd Mon Sep 17 00:00:00 2001 | ||
2 | From: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
3 | Date: Fri, 9 May 2014 17:54:06 +0300 | ||
4 | Subject: [PATCH 15/48] eng_cryptodev: extend TLS offload with | ||
5 | 3des_cbc_hmac_sha1 | ||
6 | |||
7 | Both obj_mac.h and obj_dat.h were generated using the scripts | ||
8 | from crypto/objects: | ||
9 | |||
10 | $ cd crypto/objects | ||
11 | $ perl objects.pl objects.txt obj_mac.num obj_mac.h | ||
12 | $ perl obj_dat.pl obj_mac.h obj_dat.h | ||
13 | |||
14 | Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
15 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
16 | --- | ||
17 | crypto/engine/eng_cryptodev.c | 26 ++++++++++++++++++++++++++ | ||
18 | crypto/objects/obj_dat.h | 10 +++++++--- | ||
19 | crypto/objects/obj_mac.h | 4 ++++ | ||
20 | crypto/objects/obj_mac.num | 1 + | ||
21 | crypto/objects/objects.txt | 1 + | ||
22 | ssl/ssl_ciph.c | 4 ++++ | ||
23 | 6 files changed, 43 insertions(+), 3 deletions(-) | ||
24 | |||
25 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
26 | index d2cdca0..8f73a18 100644 | ||
27 | --- a/crypto/engine/eng_cryptodev.c | ||
28 | +++ b/crypto/engine/eng_cryptodev.c | ||
29 | @@ -132,6 +132,7 @@ static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, | ||
30 | static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, | ||
31 | void (*f) (void)); | ||
32 | void ENGINE_load_cryptodev(void); | ||
33 | +const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1; | ||
34 | const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; | ||
35 | const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; | ||
36 | |||
37 | @@ -284,6 +285,9 @@ static struct { | ||
38 | CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0 | ||
39 | }, | ||
40 | { | ||
41 | + CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20 | ||
42 | + }, | ||
43 | + { | ||
44 | CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20 | ||
45 | }, | ||
46 | { | ||
47 | @@ -519,6 +523,9 @@ static int cryptodev_usable_ciphers(const int **nids) | ||
48 | case NID_aes_256_cbc_hmac_sha1: | ||
49 | EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); | ||
50 | break; | ||
51 | + case NID_des_ede3_cbc_hmac_sha1: | ||
52 | + EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1); | ||
53 | + break; | ||
54 | } | ||
55 | } | ||
56 | return count; | ||
57 | @@ -623,6 +630,7 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
58 | switch (ctx->cipher->nid) { | ||
59 | case NID_aes_128_cbc_hmac_sha1: | ||
60 | case NID_aes_256_cbc_hmac_sha1: | ||
61 | + case NID_des_ede3_cbc_hmac_sha1: | ||
62 | cryp.flags = COP_FLAG_AEAD_TLS_TYPE; | ||
63 | } | ||
64 | cryp.ses = sess->ses; | ||
65 | @@ -813,6 +821,7 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, | ||
66 | switch (ctx->cipher->nid) { | ||
67 | case NID_aes_128_cbc_hmac_sha1: | ||
68 | case NID_aes_256_cbc_hmac_sha1: | ||
69 | + case NID_des_ede3_cbc_hmac_sha1: | ||
70 | maclen = SHA_DIGEST_LENGTH; | ||
71 | } | ||
72 | |||
73 | @@ -1134,6 +1143,20 @@ const EVP_CIPHER cryptodev_aes_256_cbc = { | ||
74 | NULL | ||
75 | }; | ||
76 | |||
77 | +const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1 = { | ||
78 | + NID_des_ede3_cbc_hmac_sha1, | ||
79 | + 8, 24, 8, | ||
80 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
81 | + cryptodev_init_aead_key, | ||
82 | + cryptodev_aead_cipher, | ||
83 | + cryptodev_cleanup, | ||
84 | + sizeof(struct dev_crypto_state), | ||
85 | + EVP_CIPHER_set_asn1_iv, | ||
86 | + EVP_CIPHER_get_asn1_iv, | ||
87 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
88 | + NULL | ||
89 | +}; | ||
90 | + | ||
91 | const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = { | ||
92 | NID_aes_128_cbc_hmac_sha1, | ||
93 | 16, 16, 16, | ||
94 | @@ -1255,6 +1278,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | ||
95 | case NID_aes_256_cbc: | ||
96 | *cipher = &cryptodev_aes_256_cbc; | ||
97 | break; | ||
98 | + case NID_des_ede3_cbc_hmac_sha1: | ||
99 | + *cipher = &cryptodev_3des_cbc_hmac_sha1; | ||
100 | + break; | ||
101 | # ifdef CRYPTO_AES_CTR | ||
102 | case NID_aes_128_ctr: | ||
103 | *cipher = &cryptodev_aes_ctr; | ||
104 | diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h | ||
105 | index b7e3cf2..35d1abc 100644 | ||
106 | --- a/crypto/objects/obj_dat.h | ||
107 | +++ b/crypto/objects/obj_dat.h | ||
108 | @@ -62,9 +62,9 @@ | ||
109 | * [including the GNU Public Licence.] | ||
110 | */ | ||
111 | |||
112 | -#define NUM_NID 958 | ||
113 | -#define NUM_SN 951 | ||
114 | -#define NUM_LN 951 | ||
115 | +#define NUM_NID 959 | ||
116 | +#define NUM_SN 952 | ||
117 | +#define NUM_LN 952 | ||
118 | #define NUM_OBJ 890 | ||
119 | |||
120 | static const unsigned char lvalues[6255]={ | ||
121 | @@ -2514,6 +2514,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ | ||
122 | NID_jurisdictionStateOrProvinceName,11,&(lvalues[6232]),0}, | ||
123 | {"jurisdictionC","jurisdictionCountryName", | ||
124 | NID_jurisdictionCountryName,11,&(lvalues[6243]),0}, | ||
125 | +{"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1", | ||
126 | + NID_des_ede3_cbc_hmac_sha1,0,NULL,0}, | ||
127 | }; | ||
128 | |||
129 | static const unsigned int sn_objs[NUM_SN]={ | ||
130 | @@ -2592,6 +2594,7 @@ static const unsigned int sn_objs[NUM_SN]={ | ||
131 | 62, /* "DES-EDE-OFB" */ | ||
132 | 33, /* "DES-EDE3" */ | ||
133 | 44, /* "DES-EDE3-CBC" */ | ||
134 | +958, /* "DES-EDE3-CBC-HMAC-SHA1" */ | ||
135 | 61, /* "DES-EDE3-CFB" */ | ||
136 | 658, /* "DES-EDE3-CFB1" */ | ||
137 | 659, /* "DES-EDE3-CFB8" */ | ||
138 | @@ -3760,6 +3763,7 @@ static const unsigned int ln_objs[NUM_LN]={ | ||
139 | 62, /* "des-ede-ofb" */ | ||
140 | 33, /* "des-ede3" */ | ||
141 | 44, /* "des-ede3-cbc" */ | ||
142 | +958, /* "des-ede3-cbc-hmac-sha1" */ | ||
143 | 61, /* "des-ede3-cfb" */ | ||
144 | 658, /* "des-ede3-cfb1" */ | ||
145 | 659, /* "des-ede3-cfb8" */ | ||
146 | diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h | ||
147 | index 779c309..cb318bc 100644 | ||
148 | --- a/crypto/objects/obj_mac.h | ||
149 | +++ b/crypto/objects/obj_mac.h | ||
150 | @@ -4047,6 +4047,10 @@ | ||
151 | #define LN_aes_256_cbc_hmac_sha256 "aes-256-cbc-hmac-sha256" | ||
152 | #define NID_aes_256_cbc_hmac_sha256 950 | ||
153 | |||
154 | +#define SN_des_ede3_cbc_hmac_sha1 "DES-EDE3-CBC-HMAC-SHA1" | ||
155 | +#define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1" | ||
156 | +#define NID_des_ede3_cbc_hmac_sha1 958 | ||
157 | + | ||
158 | #define SN_dhpublicnumber "dhpublicnumber" | ||
159 | #define LN_dhpublicnumber "X9.42 DH" | ||
160 | #define NID_dhpublicnumber 920 | ||
161 | diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num | ||
162 | index 8e5ea83..02d1bb8 100644 | ||
163 | --- a/crypto/objects/obj_mac.num | ||
164 | +++ b/crypto/objects/obj_mac.num | ||
165 | @@ -955,3 +955,4 @@ ct_cert_scts 954 | ||
166 | jurisdictionLocalityName 955 | ||
167 | jurisdictionStateOrProvinceName 956 | ||
168 | jurisdictionCountryName 957 | ||
169 | +des_ede3_cbc_hmac_sha1 958 | ||
170 | diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt | ||
171 | index b57aabb..4e1ff18 100644 | ||
172 | --- a/crypto/objects/objects.txt | ||
173 | +++ b/crypto/objects/objects.txt | ||
174 | @@ -1294,6 +1294,7 @@ kisa 1 6 : SEED-OFB : seed-ofb | ||
175 | : AES-128-CBC-HMAC-SHA256 : aes-128-cbc-hmac-sha256 | ||
176 | : AES-192-CBC-HMAC-SHA256 : aes-192-cbc-hmac-sha256 | ||
177 | : AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256 | ||
178 | + : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1 | ||
179 | |||
180 | ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH | ||
181 | |||
182 | diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c | ||
183 | index 302464e..a379273 100644 | ||
184 | --- a/ssl/ssl_ciph.c | ||
185 | +++ b/ssl/ssl_ciph.c | ||
186 | @@ -668,6 +668,10 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | ||
187 | c->algorithm_mac == SSL_SHA256 && | ||
188 | (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256"))) | ||
189 | *enc = evp, *md = NULL; | ||
190 | + else if (c->algorithm_enc == SSL_3DES && | ||
191 | + c->algorithm_mac == SSL_SHA1 && | ||
192 | + (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1"))) | ||
193 | + *enc = evp, *md = NULL; | ||
194 | return (1); | ||
195 | } else | ||
196 | return (0); | ||
197 | -- | ||
198 | 2.7.0 | ||
199 | |||