1 files changed, 0 insertions, 377 deletions
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
deleted file mode 100644
index 30348941..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
+++ /dev/null
@@ -1,377 +0,0 @@
-From 0103fb8e6fc412462968224ec9315609c54eccc1 Mon Sep 17 00:00:00 2001
-From: Tudor Ambarus <tudor.ambarus@freescale.com>
-Date: Tue, 31 Mar 2015 16:32:35 +0300
-Subject: [PATCH 17/48] eng_cryptodev: add support for TLSv1.2 record offload
-Supported cipher suites:
- 3des-ede-cbc-sha
- aes-128-cbc-hmac-sha
- aes-256-cbc-hmac-sha
- aes-128-cbc-hmac-sha256
- aes-256-cbc-hmac-sha256
-Requires TLS patches on cryptodev and TLS algorithm support in Linux
-kernel driver.
-Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
---
- crypto/engine/eng_cryptodev.c | 138 ++++++++++++++++++++++++++++++++++++++++++
- crypto/objects/obj_dat.h      |  26 +++++++-
- crypto/objects/obj_mac.h      |  20 ++++++
- crypto/objects/obj_mac.num    |   5 ++
- crypto/objects/objects.txt    |   5 ++
- ssl/ssl_ciph.c                |  25 ++++++++
- 6 files changed, 216 insertions(+), 3 deletions(-)
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 80b20e5..455868e 100644
--- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -140,6 +140,11 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256;
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256;
- 
- inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
- {
-@@ -311,6 +316,26 @@ static struct {
-         20
-     },
-     {
-+        CRYPTO_TLS12_3DES_CBC_HMAC_SHA1, NID_tls12_des_ede3_cbc_hmac_sha1, 8,
-+        24, 20
-+    },
-+    {
-+        CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_128_cbc_hmac_sha1, 16, 16,
-+        20
-+    },
-+    {
-+        CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_256_cbc_hmac_sha1, 16, 32,
-+        20
-+    },
-+    {
-+        CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_128_cbc_hmac_sha256, 16,
-+        16, 32
-+    },
-+    {
-+        CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_256_cbc_hmac_sha256, 16,
-+        32, 32
-+    },
-+    {
-         CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0
-     },
-     {
-@@ -552,6 +577,21 @@ static int cryptodev_usable_ciphers(const int **nids)
-         case NID_tls11_aes_256_cbc_hmac_sha1:
-             EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
-             break;
-+        case NID_tls12_des_ede3_cbc_hmac_sha1:
-+            EVP_add_cipher(&cryptodev_tls12_3des_cbc_hmac_sha1);
-+            break;
-+        case NID_tls12_aes_128_cbc_hmac_sha1:
-+            EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha1);
-+            break;
-+        case NID_tls12_aes_256_cbc_hmac_sha1:
-+            EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha1);
-+            break;
-+        case NID_tls12_aes_128_cbc_hmac_sha256:
-+            EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha256);
-+            break;
-+        case NID_tls12_aes_256_cbc_hmac_sha256:
-+            EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha256);
-+            break;
-         }
-     }
-     return count;
-@@ -660,6 +700,11 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-     case NID_tls11_des_ede3_cbc_hmac_sha1:
-     case NID_tls11_aes_128_cbc_hmac_sha1:
-     case NID_tls11_aes_256_cbc_hmac_sha1:
-+    case NID_tls12_des_ede3_cbc_hmac_sha1:
-+    case NID_tls12_aes_128_cbc_hmac_sha1:
-+    case NID_tls12_aes_256_cbc_hmac_sha1:
-+    case NID_tls12_aes_128_cbc_hmac_sha256:
-+    case NID_tls12_aes_256_cbc_hmac_sha256:
-         cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
-     }
-     cryp.ses = sess->ses;
-@@ -857,9 +902,17 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
-             case NID_tls11_des_ede3_cbc_hmac_sha1:
-             case NID_tls11_aes_128_cbc_hmac_sha1:
-             case NID_tls11_aes_256_cbc_hmac_sha1:
-+            case NID_tls12_des_ede3_cbc_hmac_sha1:
-+            case NID_tls12_aes_128_cbc_hmac_sha1:
-+            case NID_tls12_aes_256_cbc_hmac_sha1:
-                 maclen = SHA_DIGEST_LENGTH;
-                 aad_needs_fix = true;
-                 break;
-+            case NID_tls12_aes_128_cbc_hmac_sha256:
-+            case NID_tls12_aes_256_cbc_hmac_sha256:
-+                maclen = SHA256_DIGEST_LENGTH;
-+                aad_needs_fix = true;
-+                break;
-             }
- 
-             /* Correct length for AAD Length field */
-@@ -1271,6 +1324,76 @@ const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
-     NULL
- };
- 
-+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1 = {
-+    NID_tls12_des_ede3_cbc_hmac_sha1,
-+    8, 24, 8,
-+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+    cryptodev_init_aead_key,
-+    cryptodev_aead_cipher,
-+    cryptodev_cleanup,
-+    sizeof(struct dev_crypto_state),
-+    EVP_CIPHER_set_asn1_iv,
-+    EVP_CIPHER_get_asn1_iv,
-+    cryptodev_cbc_hmac_sha1_ctrl,
-+    NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1 = {
-+    NID_tls12_aes_128_cbc_hmac_sha1,
-+    16, 16, 16,
-+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+    cryptodev_init_aead_key,
-+    cryptodev_aead_cipher,
-+    cryptodev_cleanup,
-+    sizeof(struct dev_crypto_state),
-+    EVP_CIPHER_set_asn1_iv,
-+    EVP_CIPHER_get_asn1_iv,
-+    cryptodev_cbc_hmac_sha1_ctrl,
-+    NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1 = {
-+    NID_tls12_aes_256_cbc_hmac_sha1,
-+    16, 32, 16,
-+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+    cryptodev_init_aead_key,
-+    cryptodev_aead_cipher,
-+    cryptodev_cleanup,
-+    sizeof(struct dev_crypto_state),
-+    EVP_CIPHER_set_asn1_iv,
-+    EVP_CIPHER_get_asn1_iv,
-+    cryptodev_cbc_hmac_sha1_ctrl,
-+    NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256 = {
-+    NID_tls12_aes_128_cbc_hmac_sha256,
-+    16, 16, 16,
-+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+    cryptodev_init_aead_key,
-+    cryptodev_aead_cipher,
-+    cryptodev_cleanup,
-+    sizeof(struct dev_crypto_state),
-+    EVP_CIPHER_set_asn1_iv,
-+    EVP_CIPHER_get_asn1_iv,
-+    cryptodev_cbc_hmac_sha1_ctrl,
-+    NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256 = {
-+    NID_tls12_aes_256_cbc_hmac_sha256,
-+    16, 32, 16,
-+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+    cryptodev_init_aead_key,
-+    cryptodev_aead_cipher,
-+    cryptodev_cleanup,
-+    sizeof(struct dev_crypto_state),
-+    EVP_CIPHER_set_asn1_iv,
-+    EVP_CIPHER_get_asn1_iv,
-+    cryptodev_cbc_hmac_sha1_ctrl,
-+    NULL
-+};
-+
- const EVP_CIPHER cryptodev_aes_128_gcm = {
-     NID_aes_128_gcm,
-     1, 16, 12,
-@@ -1396,6 +1519,21 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-     case NID_aes_128_gcm:
-         *cipher = &cryptodev_aes_128_gcm;
-         break;
-+    case NID_tls12_des_ede3_cbc_hmac_sha1:
-+        *cipher = &cryptodev_tls12_3des_cbc_hmac_sha1;
-+        break;
-+    case NID_tls12_aes_128_cbc_hmac_sha1:
-+        *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha1;
-+        break;
-+    case NID_tls12_aes_256_cbc_hmac_sha1:
-+        *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha1;
-+        break;
-+    case NID_tls12_aes_128_cbc_hmac_sha256:
-+        *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha256;
-+        break;
-+    case NID_tls12_aes_256_cbc_hmac_sha256:
-+        *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha256;
-+        break;
-     default:
-         *cipher = NULL;
-         break;
-diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
-index 4dd32a1..e3a2505 100644
--- a/crypto/objects/obj_dat.h
-+++ b/crypto/objects/obj_dat.h
-@@ -62,9 +62,9 @@
-  * [including the GNU Public Licence.]
-  */
- 
-#define NUM_NID 962
-#define NUM_SN 955
-#define NUM_LN 955
-+#define NUM_NID 967
-+#define NUM_SN 960
-+#define NUM_LN 960
- #define NUM_OBJ 890
- 
- static const unsigned char lvalues[6255]={
-@@ -2522,6 +2522,16 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
-        NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
- {"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
-        NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-DES-EDE3-CBC-HMAC-SHA1","tls12-des-ede3-cbc-hmac-sha1",
-+       NID_tls12_des_ede3_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-AES-128-CBC-HMAC-SHA1","tls12-aes-128-cbc-hmac-sha1",
-+       NID_tls12_aes_128_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-AES-256-CBC-HMAC-SHA1","tls12-aes-256-cbc-hmac-sha1",
-+       NID_tls12_aes_256_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-AES-128-CBC-HMAC-SHA256","tls12-aes-128-cbc-hmac-sha256",
-+       NID_tls12_aes_128_cbc_hmac_sha256,0,NULL,0},
-+{"TLS12-AES-256-CBC-HMAC-SHA256","tls12-aes-256-cbc-hmac-sha256",
-+       NID_tls12_aes_256_cbc_hmac_sha256,0,NULL,0},
- };
- 
- static const unsigned int sn_objs[NUM_SN]={
-@@ -2714,6 +2724,11 @@ static const unsigned int sn_objs[NUM_SN]={
- 960,   /* "TLS11-AES-128-CBC-HMAC-SHA1" */
- 961,   /* "TLS11-AES-256-CBC-HMAC-SHA1" */
- 959,   /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
-+963,   /* "TLS12-AES-128-CBC-HMAC-SHA1" */
-+965,   /* "TLS12-AES-128-CBC-HMAC-SHA256" */
-+964,   /* "TLS12-AES-256-CBC-HMAC-SHA1" */
-+966,   /* "TLS12-AES-256-CBC-HMAC-SHA256" */
-+962,   /* "TLS12-DES-EDE3-CBC-HMAC-SHA1" */
- 458,   /* "UID" */
-  0,    /* "UNDEF" */
- 11,    /* "X500" */
-@@ -4408,6 +4423,11 @@ static const unsigned int ln_objs[NUM_LN]={
- 960,   /* "tls11-aes-128-cbc-hmac-sha1" */
- 961,   /* "tls11-aes-256-cbc-hmac-sha1" */
- 959,   /* "tls11-des-ede3-cbc-hmac-sha1" */
-+963,   /* "tls12-aes-128-cbc-hmac-sha1" */
-+965,   /* "tls12-aes-128-cbc-hmac-sha256" */
-+964,   /* "tls12-aes-256-cbc-hmac-sha1" */
-+966,   /* "tls12-aes-256-cbc-hmac-sha256" */
-+962,   /* "tls12-des-ede3-cbc-hmac-sha1" */
- 682,   /* "tpBasis" */
- 436,   /* "ucl" */
-  0,    /* "undefined" */
-diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
-index 5930563..f4a81cb 100644
--- a/crypto/objects/obj_mac.h
-+++ b/crypto/objects/obj_mac.h
-@@ -4063,6 +4063,26 @@
- #define LN_tls11_aes_256_cbc_hmac_sha1          "tls11-aes-256-cbc-hmac-sha1"
- #define NID_tls11_aes_256_cbc_hmac_sha1         961
- 
-+#define SN_tls12_des_ede3_cbc_hmac_sha1         "TLS12-DES-EDE3-CBC-HMAC-SHA1"
-+#define LN_tls12_des_ede3_cbc_hmac_sha1         "tls12-des-ede3-cbc-hmac-sha1"
-+#define NID_tls12_des_ede3_cbc_hmac_sha1                962
-+
-+#define SN_tls12_aes_128_cbc_hmac_sha1          "TLS12-AES-128-CBC-HMAC-SHA1"
-+#define LN_tls12_aes_128_cbc_hmac_sha1          "tls12-aes-128-cbc-hmac-sha1"
-+#define NID_tls12_aes_128_cbc_hmac_sha1         963
-+
-+#define SN_tls12_aes_256_cbc_hmac_sha1          "TLS12-AES-256-CBC-HMAC-SHA1"
-+#define LN_tls12_aes_256_cbc_hmac_sha1          "tls12-aes-256-cbc-hmac-sha1"
-+#define NID_tls12_aes_256_cbc_hmac_sha1         964
-+
-+#define SN_tls12_aes_128_cbc_hmac_sha256                "TLS12-AES-128-CBC-HMAC-SHA256"
-+#define LN_tls12_aes_128_cbc_hmac_sha256                "tls12-aes-128-cbc-hmac-sha256"
-+#define NID_tls12_aes_128_cbc_hmac_sha256               965
-+
-+#define SN_tls12_aes_256_cbc_hmac_sha256                "TLS12-AES-256-CBC-HMAC-SHA256"
-+#define LN_tls12_aes_256_cbc_hmac_sha256                "tls12-aes-256-cbc-hmac-sha256"
-+#define NID_tls12_aes_256_cbc_hmac_sha256               966
-+
- #define SN_dhpublicnumber               "dhpublicnumber"
- #define LN_dhpublicnumber               "X9.42 DH"
- #define NID_dhpublicnumber              920
-diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
-index 02f1728..401be03 100644
--- a/crypto/objects/obj_mac.num
-+++ b/crypto/objects/obj_mac.num
-@@ -959,3 +959,8 @@ des_ede3_cbc_hmac_sha1              958
- tls11_des_ede3_cbc_hmac_sha1           959
- tls11_aes_128_cbc_hmac_sha1            960
- tls11_aes_256_cbc_hmac_sha1            961
-+tls12_des_ede3_cbc_hmac_sha1           962
-+tls12_aes_128_cbc_hmac_sha1            963
-+tls12_aes_256_cbc_hmac_sha1            964
-+tls12_aes_128_cbc_hmac_sha256          965
-+tls12_aes_256_cbc_hmac_sha256          966
-diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
-index cda81da..68a8da8 100644
--- a/crypto/objects/objects.txt
-+++ b/crypto/objects/objects.txt
-@@ -1298,6 +1298,11 @@ kisa 1 6                : SEED-OFB      : seed-ofb
-                        : TLS11-DES-EDE3-CBC-HMAC-SHA1  : tls11-des-ede3-cbc-hmac-sha1
-                        : TLS11-AES-128-CBC-HMAC-SHA1   : tls11-aes-128-cbc-hmac-sha1
-                        : TLS11-AES-256-CBC-HMAC-SHA1   : tls11-aes-256-cbc-hmac-sha1
-+                       : TLS12-DES-EDE3-CBC-HMAC-SHA1  : tls12-des-ede3-cbc-hmac-sha1
-+                       : TLS12-AES-128-CBC-HMAC-SHA1   : tls12-aes-128-cbc-hmac-sha1
-+                       : TLS12-AES-256-CBC-HMAC-SHA1   : tls12-aes-256-cbc-hmac-sha1
-+                       : TLS12-AES-128-CBC-HMAC-SHA256 : tls12-aes-128-cbc-hmac-sha256
-+                       : TLS12-AES-256-CBC-HMAC-SHA256 : tls12-aes-256-cbc-hmac-sha256
- 
- ISO-US 10046 2 1       : dhpublicnumber                : X9.42 DH
- 
-diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index b4af7dc..359cb5d 100644
--- a/ssl/ssl_ciph.c
-+++ b/ssl/ssl_ciph.c
-@@ -690,6 +690,31 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
-                  c->algorithm_mac == SSL_SHA1 &&
-                  (evp = EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
-             *enc = evp, *md = NULL;
-+        else if (s->ssl_version == TLS1_2_VERSION &&
-+                 c->algorithm_enc == SSL_3DES &&
-+                 c->algorithm_mac == SSL_SHA1 &&
-+                 (evp=EVP_get_cipherbyname("TLS12-DES-EDE3-CBC-HMAC-SHA1")))
-+            *enc = evp, *md = NULL;
-+        else if (s->ssl_version == TLS1_2_VERSION &&
-+                 c->algorithm_enc == SSL_AES128 &&
-+                 c->algorithm_mac == SSL_SHA1 &&
-+                 (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA1")))
-+            *enc = evp, *md = NULL;
-+        else if (s->ssl_version == TLS1_2_VERSION &&
-+                 c->algorithm_enc == SSL_AES256 &&
-+                 c->algorithm_mac == SSL_SHA1 &&
-+                 (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA1")))
-+            *enc = evp, *md = NULL;
-+        else if (s->ssl_version == TLS1_2_VERSION &&
-+                 c->algorithm_enc == SSL_AES128 &&
-+                 c->algorithm_mac == SSL_SHA256 &&
-+                 (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA256")))
-+            *enc = evp, *md = NULL;
-+        else if (s->ssl_version == TLS1_2_VERSION &&
-+                 c->algorithm_enc == SSL_AES256 &&
-+                 c->algorithm_mac == SSL_SHA256 &&
-+                 (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA256")))
-+            *enc = evp, *md = NULL;
-         return (1);
-     } else
-         return (0);
-- 
-2.7.3

diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch deleted file mode 100644 index 30348941..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch +++ /dev/null
@@ -1,377 +0,0 @@
1	From 0103fb8e6fc412462968224ec9315609c54eccc1 Mon Sep 17 00:00:00 2001
2	From: Tudor Ambarus <tudor.ambarus@freescale.com>
3	Date: Tue, 31 Mar 2015 16:32:35 +0300
4	Subject: [PATCH 17/48] eng_cryptodev: add support for TLSv1.2 record offload
5
6	Supported cipher suites:
7	- 3des-ede-cbc-sha
8	- aes-128-cbc-hmac-sha
9	- aes-256-cbc-hmac-sha
10	- aes-128-cbc-hmac-sha256
11	- aes-256-cbc-hmac-sha256
12
13	Requires TLS patches on cryptodev and TLS algorithm support in Linux
14	kernel driver.
15
16	Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
17	Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
18	---
19	crypto/engine/eng_cryptodev.c \| 138 ++++++++++++++++++++++++++++++++++++++++++
20	crypto/objects/obj_dat.h \| 26 +++++++-
21	crypto/objects/obj_mac.h \| 20 ++++++
22	crypto/objects/obj_mac.num \| 5 ++
23	crypto/objects/objects.txt \| 5 ++
24	ssl/ssl_ciph.c \| 25 ++++++++
25	6 files changed, 216 insertions(+), 3 deletions(-)
26
27	diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
28	index 80b20e5..455868e 100644
29	--- a/crypto/engine/eng_cryptodev.c
30	+++ b/crypto/engine/eng_cryptodev.c
31	@@ -140,6 +140,11 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
32	const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
33	const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
34	const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
35	+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1;
36	+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1;
37	+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1;
38	+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256;
39	+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256;
40
41	inline int spcf_bn2bin(BIGNUM bn, unsigned char bin, int bin_len)
42	{
43	@@ -311,6 +316,26 @@ static struct {
44	20
45	},
46	{
47	+ CRYPTO_TLS12_3DES_CBC_HMAC_SHA1, NID_tls12_des_ede3_cbc_hmac_sha1, 8,
48	+ 24, 20
49	+ },
50	+ {
51	+ CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_128_cbc_hmac_sha1, 16, 16,
52	+ 20
53	+ },
54	+ {
55	+ CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_256_cbc_hmac_sha1, 16, 32,
56	+ 20
57	+ },
58	+ {
59	+ CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_128_cbc_hmac_sha256, 16,
60	+ 16, 32
61	+ },
62	+ {
63	+ CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_256_cbc_hmac_sha256, 16,
64	+ 32, 32
65	+ },
66	+ {
67	CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0
68	},
69	{
70	@@ -552,6 +577,21 @@ static int cryptodev_usable_ciphers(const int **nids)
71	case NID_tls11_aes_256_cbc_hmac_sha1:
72	EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
73	break;
74	+ case NID_tls12_des_ede3_cbc_hmac_sha1:
75	+ EVP_add_cipher(&cryptodev_tls12_3des_cbc_hmac_sha1);
76	+ break;
77	+ case NID_tls12_aes_128_cbc_hmac_sha1:
78	+ EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha1);
79	+ break;
80	+ case NID_tls12_aes_256_cbc_hmac_sha1:
81	+ EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha1);
82	+ break;
83	+ case NID_tls12_aes_128_cbc_hmac_sha256:
84	+ EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha256);
85	+ break;
86	+ case NID_tls12_aes_256_cbc_hmac_sha256:
87	+ EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha256);
88	+ break;
89	}
90	}
91	return count;
92	@@ -660,6 +700,11 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
93	case NID_tls11_des_ede3_cbc_hmac_sha1:
94	case NID_tls11_aes_128_cbc_hmac_sha1:
95	case NID_tls11_aes_256_cbc_hmac_sha1:
96	+ case NID_tls12_des_ede3_cbc_hmac_sha1:
97	+ case NID_tls12_aes_128_cbc_hmac_sha1:
98	+ case NID_tls12_aes_256_cbc_hmac_sha1:
99	+ case NID_tls12_aes_128_cbc_hmac_sha256:
100	+ case NID_tls12_aes_256_cbc_hmac_sha256:
101	cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
102	}
103	cryp.ses = sess->ses;
104	@@ -857,9 +902,17 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
105	case NID_tls11_des_ede3_cbc_hmac_sha1:
106	case NID_tls11_aes_128_cbc_hmac_sha1:
107	case NID_tls11_aes_256_cbc_hmac_sha1:
108	+ case NID_tls12_des_ede3_cbc_hmac_sha1:
109	+ case NID_tls12_aes_128_cbc_hmac_sha1:
110	+ case NID_tls12_aes_256_cbc_hmac_sha1:
111	maclen = SHA_DIGEST_LENGTH;
112	aad_needs_fix = true;
113	break;
114	+ case NID_tls12_aes_128_cbc_hmac_sha256:
115	+ case NID_tls12_aes_256_cbc_hmac_sha256:
116	+ maclen = SHA256_DIGEST_LENGTH;
117	+ aad_needs_fix = true;
118	+ break;
119	}
120
121	/* Correct length for AAD Length field */
122	@@ -1271,6 +1324,76 @@ const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
123	NULL
124	};
125
126	+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1 = {
127	+ NID_tls12_des_ede3_cbc_hmac_sha1,
128	+ 8, 24, 8,
129	+ EVP_CIPH_CBC_MODE \| EVP_CIPH_FLAG_AEAD_CIPHER,
130	+ cryptodev_init_aead_key,
131	+ cryptodev_aead_cipher,
132	+ cryptodev_cleanup,
133	+ sizeof(struct dev_crypto_state),
134	+ EVP_CIPHER_set_asn1_iv,
135	+ EVP_CIPHER_get_asn1_iv,
136	+ cryptodev_cbc_hmac_sha1_ctrl,
137	+ NULL
138	+};
139	+
140	+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1 = {
141	+ NID_tls12_aes_128_cbc_hmac_sha1,
142	+ 16, 16, 16,
143	+ EVP_CIPH_CBC_MODE \| EVP_CIPH_FLAG_AEAD_CIPHER,
144	+ cryptodev_init_aead_key,
145	+ cryptodev_aead_cipher,
146	+ cryptodev_cleanup,
147	+ sizeof(struct dev_crypto_state),
148	+ EVP_CIPHER_set_asn1_iv,
149	+ EVP_CIPHER_get_asn1_iv,
150	+ cryptodev_cbc_hmac_sha1_ctrl,
151	+ NULL
152	+};
153	+
154	+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1 = {
155	+ NID_tls12_aes_256_cbc_hmac_sha1,
156	+ 16, 32, 16,
157	+ EVP_CIPH_CBC_MODE \| EVP_CIPH_FLAG_AEAD_CIPHER,
158	+ cryptodev_init_aead_key,
159	+ cryptodev_aead_cipher,
160	+ cryptodev_cleanup,
161	+ sizeof(struct dev_crypto_state),
162	+ EVP_CIPHER_set_asn1_iv,
163	+ EVP_CIPHER_get_asn1_iv,
164	+ cryptodev_cbc_hmac_sha1_ctrl,
165	+ NULL
166	+};
167	+
168	+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256 = {
169	+ NID_tls12_aes_128_cbc_hmac_sha256,
170	+ 16, 16, 16,
171	+ EVP_CIPH_CBC_MODE \| EVP_CIPH_FLAG_AEAD_CIPHER,
172	+ cryptodev_init_aead_key,
173	+ cryptodev_aead_cipher,
174	+ cryptodev_cleanup,
175	+ sizeof(struct dev_crypto_state),
176	+ EVP_CIPHER_set_asn1_iv,
177	+ EVP_CIPHER_get_asn1_iv,
178	+ cryptodev_cbc_hmac_sha1_ctrl,
179	+ NULL
180	+};
181	+
182	+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256 = {
183	+ NID_tls12_aes_256_cbc_hmac_sha256,
184	+ 16, 32, 16,
185	+ EVP_CIPH_CBC_MODE \| EVP_CIPH_FLAG_AEAD_CIPHER,
186	+ cryptodev_init_aead_key,
187	+ cryptodev_aead_cipher,
188	+ cryptodev_cleanup,
189	+ sizeof(struct dev_crypto_state),
190	+ EVP_CIPHER_set_asn1_iv,
191	+ EVP_CIPHER_get_asn1_iv,
192	+ cryptodev_cbc_hmac_sha1_ctrl,
193	+ NULL
194	+};
195	+
196	const EVP_CIPHER cryptodev_aes_128_gcm = {
197	NID_aes_128_gcm,
198	1, 16, 12,
199	@@ -1396,6 +1519,21 @@ cryptodev_engine_ciphers(ENGINE e, const EVP_CIPHER *cipher,
200	case NID_aes_128_gcm:
201	*cipher = &cryptodev_aes_128_gcm;
202	break;
203	+ case NID_tls12_des_ede3_cbc_hmac_sha1:
204	+ *cipher = &cryptodev_tls12_3des_cbc_hmac_sha1;
205	+ break;
206	+ case NID_tls12_aes_128_cbc_hmac_sha1:
207	+ *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha1;
208	+ break;
209	+ case NID_tls12_aes_256_cbc_hmac_sha1:
210	+ *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha1;
211	+ break;
212	+ case NID_tls12_aes_128_cbc_hmac_sha256:
213	+ *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha256;
214	+ break;
215	+ case NID_tls12_aes_256_cbc_hmac_sha256:
216	+ *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha256;
217	+ break;
218	default:
219	*cipher = NULL;
220	break;
221	diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
222	index 4dd32a1..e3a2505 100644
223	--- a/crypto/objects/obj_dat.h
224	+++ b/crypto/objects/obj_dat.h
225	@@ -62,9 +62,9 @@
226	* [including the GNU Public Licence.]
227	*/
228
229	-#define NUM_NID 962
230	-#define NUM_SN 955
231	-#define NUM_LN 955
232	+#define NUM_NID 967
233	+#define NUM_SN 960
234	+#define NUM_LN 960
235	#define NUM_OBJ 890
236
237	static const unsigned char lvalues[6255]={
238	@@ -2522,6 +2522,16 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
239	NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
240	{"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
241	NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
242	+{"TLS12-DES-EDE3-CBC-HMAC-SHA1","tls12-des-ede3-cbc-hmac-sha1",
243	+ NID_tls12_des_ede3_cbc_hmac_sha1,0,NULL,0},
244	+{"TLS12-AES-128-CBC-HMAC-SHA1","tls12-aes-128-cbc-hmac-sha1",
245	+ NID_tls12_aes_128_cbc_hmac_sha1,0,NULL,0},
246	+{"TLS12-AES-256-CBC-HMAC-SHA1","tls12-aes-256-cbc-hmac-sha1",
247	+ NID_tls12_aes_256_cbc_hmac_sha1,0,NULL,0},
248	+{"TLS12-AES-128-CBC-HMAC-SHA256","tls12-aes-128-cbc-hmac-sha256",
249	+ NID_tls12_aes_128_cbc_hmac_sha256,0,NULL,0},
250	+{"TLS12-AES-256-CBC-HMAC-SHA256","tls12-aes-256-cbc-hmac-sha256",
251	+ NID_tls12_aes_256_cbc_hmac_sha256,0,NULL,0},
252	};
253
254	static const unsigned int sn_objs[NUM_SN]={
255	@@ -2714,6 +2724,11 @@ static const unsigned int sn_objs[NUM_SN]={
256	960, /* "TLS11-AES-128-CBC-HMAC-SHA1" */
257	961, /* "TLS11-AES-256-CBC-HMAC-SHA1" */
258	959, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
259	+963, /* "TLS12-AES-128-CBC-HMAC-SHA1" */
260	+965, /* "TLS12-AES-128-CBC-HMAC-SHA256" */
261	+964, /* "TLS12-AES-256-CBC-HMAC-SHA1" */
262	+966, /* "TLS12-AES-256-CBC-HMAC-SHA256" */
263	+962, /* "TLS12-DES-EDE3-CBC-HMAC-SHA1" */
264	458, /* "UID" */
265	0, /* "UNDEF" */
266	11, /* "X500" */
267	@@ -4408,6 +4423,11 @@ static const unsigned int ln_objs[NUM_LN]={
268	960, /* "tls11-aes-128-cbc-hmac-sha1" */
269	961, /* "tls11-aes-256-cbc-hmac-sha1" */
270	959, /* "tls11-des-ede3-cbc-hmac-sha1" */
271	+963, /* "tls12-aes-128-cbc-hmac-sha1" */
272	+965, /* "tls12-aes-128-cbc-hmac-sha256" */
273	+964, /* "tls12-aes-256-cbc-hmac-sha1" */
274	+966, /* "tls12-aes-256-cbc-hmac-sha256" */
275	+962, /* "tls12-des-ede3-cbc-hmac-sha1" */
276	682, /* "tpBasis" */
277	436, /* "ucl" */
278	0, /* "undefined" */
279	diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
280	index 5930563..f4a81cb 100644
281	--- a/crypto/objects/obj_mac.h
282	+++ b/crypto/objects/obj_mac.h
283	@@ -4063,6 +4063,26 @@
284	#define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1"
285	#define NID_tls11_aes_256_cbc_hmac_sha1 961
286
287	+#define SN_tls12_des_ede3_cbc_hmac_sha1 "TLS12-DES-EDE3-CBC-HMAC-SHA1"
288	+#define LN_tls12_des_ede3_cbc_hmac_sha1 "tls12-des-ede3-cbc-hmac-sha1"
289	+#define NID_tls12_des_ede3_cbc_hmac_sha1 962
290	+
291	+#define SN_tls12_aes_128_cbc_hmac_sha1 "TLS12-AES-128-CBC-HMAC-SHA1"
292	+#define LN_tls12_aes_128_cbc_hmac_sha1 "tls12-aes-128-cbc-hmac-sha1"
293	+#define NID_tls12_aes_128_cbc_hmac_sha1 963
294	+
295	+#define SN_tls12_aes_256_cbc_hmac_sha1 "TLS12-AES-256-CBC-HMAC-SHA1"
296	+#define LN_tls12_aes_256_cbc_hmac_sha1 "tls12-aes-256-cbc-hmac-sha1"
297	+#define NID_tls12_aes_256_cbc_hmac_sha1 964
298	+
299	+#define SN_tls12_aes_128_cbc_hmac_sha256 "TLS12-AES-128-CBC-HMAC-SHA256"
300	+#define LN_tls12_aes_128_cbc_hmac_sha256 "tls12-aes-128-cbc-hmac-sha256"
301	+#define NID_tls12_aes_128_cbc_hmac_sha256 965
302	+
303	+#define SN_tls12_aes_256_cbc_hmac_sha256 "TLS12-AES-256-CBC-HMAC-SHA256"
304	+#define LN_tls12_aes_256_cbc_hmac_sha256 "tls12-aes-256-cbc-hmac-sha256"
305	+#define NID_tls12_aes_256_cbc_hmac_sha256 966
306	+
307	#define SN_dhpublicnumber "dhpublicnumber"
308	#define LN_dhpublicnumber "X9.42 DH"
309	#define NID_dhpublicnumber 920
310	diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
311	index 02f1728..401be03 100644
312	--- a/crypto/objects/obj_mac.num
313	+++ b/crypto/objects/obj_mac.num
314	@@ -959,3 +959,8 @@ des_ede3_cbc_hmac_sha1 958
315	tls11_des_ede3_cbc_hmac_sha1 959
316	tls11_aes_128_cbc_hmac_sha1 960
317	tls11_aes_256_cbc_hmac_sha1 961
318	+tls12_des_ede3_cbc_hmac_sha1 962
319	+tls12_aes_128_cbc_hmac_sha1 963
320	+tls12_aes_256_cbc_hmac_sha1 964
321	+tls12_aes_128_cbc_hmac_sha256 965
322	+tls12_aes_256_cbc_hmac_sha256 966
323	diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
324	index cda81da..68a8da8 100644
325	--- a/crypto/objects/objects.txt
326	+++ b/crypto/objects/objects.txt
327	@@ -1298,6 +1298,11 @@ kisa 1 6 : SEED-OFB : seed-ofb
328	: TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1
329	: TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1
330	: TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1
331	+ : TLS12-DES-EDE3-CBC-HMAC-SHA1 : tls12-des-ede3-cbc-hmac-sha1
332	+ : TLS12-AES-128-CBC-HMAC-SHA1 : tls12-aes-128-cbc-hmac-sha1
333	+ : TLS12-AES-256-CBC-HMAC-SHA1 : tls12-aes-256-cbc-hmac-sha1
334	+ : TLS12-AES-128-CBC-HMAC-SHA256 : tls12-aes-128-cbc-hmac-sha256
335	+ : TLS12-AES-256-CBC-HMAC-SHA256 : tls12-aes-256-cbc-hmac-sha256
336
337	ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
338
339	diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
340	index b4af7dc..359cb5d 100644
341	--- a/ssl/ssl_ciph.c
342	+++ b/ssl/ssl_ciph.c
343	@@ -690,6 +690,31 @@ int ssl_cipher_get_evp(const SSL_SESSION s, const EVP_CIPHER *enc,
344	c->algorithm_mac == SSL_SHA1 &&
345	(evp = EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
346	enc = evp, md = NULL;
347	+ else if (s->ssl_version == TLS1_2_VERSION &&
348	+ c->algorithm_enc == SSL_3DES &&
349	+ c->algorithm_mac == SSL_SHA1 &&
350	+ (evp=EVP_get_cipherbyname("TLS12-DES-EDE3-CBC-HMAC-SHA1")))
351	+ enc = evp, md = NULL;
352	+ else if (s->ssl_version == TLS1_2_VERSION &&
353	+ c->algorithm_enc == SSL_AES128 &&
354	+ c->algorithm_mac == SSL_SHA1 &&
355	+ (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA1")))
356	+ enc = evp, md = NULL;
357	+ else if (s->ssl_version == TLS1_2_VERSION &&
358	+ c->algorithm_enc == SSL_AES256 &&
359	+ c->algorithm_mac == SSL_SHA1 &&
360	+ (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA1")))
361	+ enc = evp, md = NULL;
362	+ else if (s->ssl_version == TLS1_2_VERSION &&
363	+ c->algorithm_enc == SSL_AES128 &&
364	+ c->algorithm_mac == SSL_SHA256 &&
365	+ (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA256")))
366	+ enc = evp, md = NULL;
367	+ else if (s->ssl_version == TLS1_2_VERSION &&
368	+ c->algorithm_enc == SSL_AES256 &&
369	+ c->algorithm_mac == SSL_SHA256 &&
370	+ (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA256")))
371	+ enc = evp, md = NULL;
372	return (1);
373	} else
374	return (0);
375	--
376	2.7.3
377