1 files changed, 199 insertions, 0 deletions
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
new file mode 100644
index 0000000..623c58b
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
@@ -0,0 +1,199 @@
+From 7dd6b35c35b027be8ef0ef2e29a949bc4ce96bbd Mon Sep 17 00:00:00 2001
+From: Tudor Ambarus <tudor.ambarus@freescale.com>
+Date: Fri, 9 May 2014 17:54:06 +0300
+Subject: [PATCH 15/48] eng_cryptodev: extend TLS offload with
+ 3des_cbc_hmac_sha1
+Both obj_mac.h and obj_dat.h were generated using the scripts
+from crypto/objects:
+$ cd crypto/objects
+$ perl objects.pl objects.txt obj_mac.num obj_mac.h
+$ perl obj_dat.pl obj_mac.h obj_dat.h
+Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 26 ++++++++++++++++++++++++++
+ crypto/objects/obj_dat.h      | 10 +++++++---
+ crypto/objects/obj_mac.h      |  4 ++++
+ crypto/objects/obj_mac.num    |  1 +
+ crypto/objects/objects.txt    |  1 +
+ ssl/ssl_ciph.c                |  4 ++++
+ 6 files changed, 43 insertions(+), 3 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index d2cdca0..8f73a18 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -132,6 +132,7 @@ static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
+ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
+                           void (*f) (void));
+ void ENGINE_load_cryptodev(void);
+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
+ 
+@@ -284,6 +285,9 @@ static struct {
+         CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0
+     },
+     {
+        CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20
+    },
+    {
+         CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20
+     },
+     {
+@@ -519,6 +523,9 @@ static int cryptodev_usable_ciphers(const int **nids)
+         case NID_aes_256_cbc_hmac_sha1:
+             EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
+             break;
+        case NID_des_ede3_cbc_hmac_sha1:
+            EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
+            break;
+         }
+     }
+     return count;
+@@ -623,6 +630,7 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+     switch (ctx->cipher->nid) {
+     case NID_aes_128_cbc_hmac_sha1:
+     case NID_aes_256_cbc_hmac_sha1:
+    case NID_des_ede3_cbc_hmac_sha1:
+         cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
+     }
+     cryp.ses = sess->ses;
+@@ -813,6 +821,7 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
+             switch (ctx->cipher->nid) {
+             case NID_aes_128_cbc_hmac_sha1:
+             case NID_aes_256_cbc_hmac_sha1:
+            case NID_des_ede3_cbc_hmac_sha1:
+                 maclen = SHA_DIGEST_LENGTH;
+             }
+ 
+@@ -1134,6 +1143,20 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
+     NULL
+ };
+ 
+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1 = {
+    NID_des_ede3_cbc_hmac_sha1,
+    8, 24, 8,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
+    cryptodev_init_aead_key,
+    cryptodev_aead_cipher,
+    cryptodev_cleanup,
+    sizeof(struct dev_crypto_state),
+    EVP_CIPHER_set_asn1_iv,
+    EVP_CIPHER_get_asn1_iv,
+    cryptodev_cbc_hmac_sha1_ctrl,
+    NULL
+};
+
+ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
+     NID_aes_128_cbc_hmac_sha1,
+     16, 16, 16,
+@@ -1255,6 +1278,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+     case NID_aes_256_cbc:
+         *cipher = &cryptodev_aes_256_cbc;
+         break;
+    case NID_des_ede3_cbc_hmac_sha1:
+        *cipher = &cryptodev_3des_cbc_hmac_sha1;
+        break;
+ # ifdef CRYPTO_AES_CTR
+     case NID_aes_128_ctr:
+         *cipher = &cryptodev_aes_ctr;
+diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
+index b7e3cf2..35d1abc 100644
+--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
+@@ -62,9 +62,9 @@
+  * [including the GNU Public Licence.]
+  */
+ 
+-#define NUM_NID 958
+-#define NUM_SN 951
+-#define NUM_LN 951
+#define NUM_NID 959
+#define NUM_SN 952
+#define NUM_LN 952
+ #define NUM_OBJ 890
+ 
+ static const unsigned char lvalues[6255]={
+@@ -2514,6 +2514,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
+        NID_jurisdictionStateOrProvinceName,11,&(lvalues[6232]),0},
+ {"jurisdictionC","jurisdictionCountryName",
+        NID_jurisdictionCountryName,11,&(lvalues[6243]),0},
+{"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
+       NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
+ };
+ 
+ static const unsigned int sn_objs[NUM_SN]={
+@@ -2592,6 +2594,7 @@ static const unsigned int sn_objs[NUM_SN]={
+ 62,    /* "DES-EDE-OFB" */
+ 33,    /* "DES-EDE3" */
+ 44,    /* "DES-EDE3-CBC" */
+958,   /* "DES-EDE3-CBC-HMAC-SHA1" */
+ 61,    /* "DES-EDE3-CFB" */
+ 658,   /* "DES-EDE3-CFB1" */
+ 659,   /* "DES-EDE3-CFB8" */
+@@ -3760,6 +3763,7 @@ static const unsigned int ln_objs[NUM_LN]={
+ 62,    /* "des-ede-ofb" */
+ 33,    /* "des-ede3" */
+ 44,    /* "des-ede3-cbc" */
+958,   /* "des-ede3-cbc-hmac-sha1" */
+ 61,    /* "des-ede3-cfb" */
+ 658,   /* "des-ede3-cfb1" */
+ 659,   /* "des-ede3-cfb8" */
+diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
+index 779c309..cb318bc 100644
+--- a/crypto/objects/obj_mac.h
+++ b/crypto/objects/obj_mac.h
+@@ -4047,6 +4047,10 @@
+ #define LN_aes_256_cbc_hmac_sha256              "aes-256-cbc-hmac-sha256"
+ #define NID_aes_256_cbc_hmac_sha256             950
+ 
+#define SN_des_ede3_cbc_hmac_sha1               "DES-EDE3-CBC-HMAC-SHA1"
+#define LN_des_ede3_cbc_hmac_sha1               "des-ede3-cbc-hmac-sha1"
+#define NID_des_ede3_cbc_hmac_sha1              958
+
+ #define SN_dhpublicnumber               "dhpublicnumber"
+ #define LN_dhpublicnumber               "X9.42 DH"
+ #define NID_dhpublicnumber              920
+diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
+index 8e5ea83..02d1bb8 100644
+--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
+@@ -955,3 +955,4 @@ ct_cert_scts                954
+ jurisdictionLocalityName               955
+ jurisdictionStateOrProvinceName                956
+ jurisdictionCountryName                957
+des_ede3_cbc_hmac_sha1         958
+diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
+index b57aabb..4e1ff18 100644
+--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
+@@ -1294,6 +1294,7 @@ kisa 1 6                : SEED-OFB      : seed-ofb
+                        : AES-128-CBC-HMAC-SHA256       : aes-128-cbc-hmac-sha256
+                        : AES-192-CBC-HMAC-SHA256       : aes-192-cbc-hmac-sha256
+                        : AES-256-CBC-HMAC-SHA256       : aes-256-cbc-hmac-sha256
+                       : DES-EDE3-CBC-HMAC-SHA1        : des-ede3-cbc-hmac-sha1
+ 
+ ISO-US 10046 2 1       : dhpublicnumber                : X9.42 DH
+ 
+diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
+index 302464e..a379273 100644
+--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
+@@ -668,6 +668,10 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+                  c->algorithm_mac == SSL_SHA256 &&
+                  (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
+             *enc = evp, *md = NULL;
+        else if (c->algorithm_enc == SSL_3DES &&
+                c->algorithm_mac == SSL_SHA1 &&
+                (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
+            *enc = evp, *md = NULL;
+         return (1);
+     } else
+         return (0);
+-- 
+2.7.0

diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch new file mode 100644 index 0000000..623c58b --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
@@ -0,0 +1,199 @@
	1	From 7dd6b35c35b027be8ef0ef2e29a949bc4ce96bbd Mon Sep 17 00:00:00 2001
	2	From: Tudor Ambarus <tudor.ambarus@freescale.com>
	3	Date: Fri, 9 May 2014 17:54:06 +0300
	4	Subject: [PATCH 15/48] eng_cryptodev: extend TLS offload with
	5	3des_cbc_hmac_sha1
	6
	7	Both obj_mac.h and obj_dat.h were generated using the scripts
	8	from crypto/objects:
	9
	10	$ cd crypto/objects
	11	$ perl objects.pl objects.txt obj_mac.num obj_mac.h
	12	$ perl obj_dat.pl obj_mac.h obj_dat.h
	13
	14	Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
	15	Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
	16	---
	17	crypto/engine/eng_cryptodev.c \| 26 ++++++++++++++++++++++++++
	18	crypto/objects/obj_dat.h \| 10 +++++++---
	19	crypto/objects/obj_mac.h \| 4 ++++
	20	crypto/objects/obj_mac.num \| 1 +
	21	crypto/objects/objects.txt \| 1 +
	22	ssl/ssl_ciph.c \| 4 ++++
	23	6 files changed, 43 insertions(+), 3 deletions(-)
	24
	25	diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
	26	index d2cdca0..8f73a18 100644
	27	--- a/crypto/engine/eng_cryptodev.c
	28	+++ b/crypto/engine/eng_cryptodev.c
	29	@@ -132,6 +132,7 @@ static int cryptodev_dh_compute_key(unsigned char key, const BIGNUM pub_key,
	30	static int cryptodev_ctrl(ENGINE e, int cmd, long i, void p,
	31	void (*f) (void));
	32	void ENGINE_load_cryptodev(void);
	33	+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
	34	const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
	35	const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
	36
	37	@@ -284,6 +285,9 @@ static struct {
	38	CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0
	39	},
	40	{
	41	+ CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20
	42	+ },
	43	+ {
	44	CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20
	45	},
	46	{
	47	@@ -519,6 +523,9 @@ static int cryptodev_usable_ciphers(const int **nids)
	48	case NID_aes_256_cbc_hmac_sha1:
	49	EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
	50	break;
	51	+ case NID_des_ede3_cbc_hmac_sha1:
	52	+ EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
	53	+ break;
	54	}
	55	}
	56	return count;
	57	@@ -623,6 +630,7 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
	58	switch (ctx->cipher->nid) {
	59	case NID_aes_128_cbc_hmac_sha1:
	60	case NID_aes_256_cbc_hmac_sha1:
	61	+ case NID_des_ede3_cbc_hmac_sha1:
	62	cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
	63	}
	64	cryp.ses = sess->ses;
	65	@@ -813,6 +821,7 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
	66	switch (ctx->cipher->nid) {
	67	case NID_aes_128_cbc_hmac_sha1:
	68	case NID_aes_256_cbc_hmac_sha1:
	69	+ case NID_des_ede3_cbc_hmac_sha1:
	70	maclen = SHA_DIGEST_LENGTH;
	71	}
	72
	73	@@ -1134,6 +1143,20 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
	74	NULL
	75	};
	76
	77	+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1 = {
	78	+ NID_des_ede3_cbc_hmac_sha1,
	79	+ 8, 24, 8,
	80	+ EVP_CIPH_CBC_MODE \| EVP_CIPH_FLAG_AEAD_CIPHER,
	81	+ cryptodev_init_aead_key,
	82	+ cryptodev_aead_cipher,
	83	+ cryptodev_cleanup,
	84	+ sizeof(struct dev_crypto_state),
	85	+ EVP_CIPHER_set_asn1_iv,
	86	+ EVP_CIPHER_get_asn1_iv,
	87	+ cryptodev_cbc_hmac_sha1_ctrl,
	88	+ NULL
	89	+};
	90	+
	91	const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
	92	NID_aes_128_cbc_hmac_sha1,
	93	16, 16, 16,
	94	@@ -1255,6 +1278,9 @@ cryptodev_engine_ciphers(ENGINE e, const EVP_CIPHER *cipher,
	95	case NID_aes_256_cbc:
	96	*cipher = &cryptodev_aes_256_cbc;
	97	break;
	98	+ case NID_des_ede3_cbc_hmac_sha1:
	99	+ *cipher = &cryptodev_3des_cbc_hmac_sha1;
	100	+ break;
	101	# ifdef CRYPTO_AES_CTR
	102	case NID_aes_128_ctr:
	103	*cipher = &cryptodev_aes_ctr;
	104	diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
	105	index b7e3cf2..35d1abc 100644
	106	--- a/crypto/objects/obj_dat.h
	107	+++ b/crypto/objects/obj_dat.h
	108	@@ -62,9 +62,9 @@
	109	* [including the GNU Public Licence.]
	110	*/
	111
	112	-#define NUM_NID 958
	113	-#define NUM_SN 951
	114	-#define NUM_LN 951
	115	+#define NUM_NID 959
	116	+#define NUM_SN 952
	117	+#define NUM_LN 952
	118	#define NUM_OBJ 890
	119
	120	static const unsigned char lvalues[6255]={
	121	@@ -2514,6 +2514,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
	122	NID_jurisdictionStateOrProvinceName,11,&(lvalues[6232]),0},
	123	{"jurisdictionC","jurisdictionCountryName",
	124	NID_jurisdictionCountryName,11,&(lvalues[6243]),0},
	125	+{"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
	126	+ NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
	127	};
	128
	129	static const unsigned int sn_objs[NUM_SN]={
	130	@@ -2592,6 +2594,7 @@ static const unsigned int sn_objs[NUM_SN]={
	131	62, /* "DES-EDE-OFB" */
	132	33, /* "DES-EDE3" */
	133	44, /* "DES-EDE3-CBC" */
	134	+958, /* "DES-EDE3-CBC-HMAC-SHA1" */
	135	61, /* "DES-EDE3-CFB" */
	136	658, /* "DES-EDE3-CFB1" */
	137	659, /* "DES-EDE3-CFB8" */
	138	@@ -3760,6 +3763,7 @@ static const unsigned int ln_objs[NUM_LN]={
	139	62, /* "des-ede-ofb" */
	140	33, /* "des-ede3" */
	141	44, /* "des-ede3-cbc" */
	142	+958, /* "des-ede3-cbc-hmac-sha1" */
	143	61, /* "des-ede3-cfb" */
	144	658, /* "des-ede3-cfb1" */
	145	659, /* "des-ede3-cfb8" */
	146	diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
	147	index 779c309..cb318bc 100644
	148	--- a/crypto/objects/obj_mac.h
	149	+++ b/crypto/objects/obj_mac.h
	150	@@ -4047,6 +4047,10 @@
	151	#define LN_aes_256_cbc_hmac_sha256 "aes-256-cbc-hmac-sha256"
	152	#define NID_aes_256_cbc_hmac_sha256 950
	153
	154	+#define SN_des_ede3_cbc_hmac_sha1 "DES-EDE3-CBC-HMAC-SHA1"
	155	+#define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1"
	156	+#define NID_des_ede3_cbc_hmac_sha1 958
	157	+
	158	#define SN_dhpublicnumber "dhpublicnumber"
	159	#define LN_dhpublicnumber "X9.42 DH"
	160	#define NID_dhpublicnumber 920
	161	diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
	162	index 8e5ea83..02d1bb8 100644
	163	--- a/crypto/objects/obj_mac.num
	164	+++ b/crypto/objects/obj_mac.num
	165	@@ -955,3 +955,4 @@ ct_cert_scts 954
	166	jurisdictionLocalityName 955
	167	jurisdictionStateOrProvinceName 956
	168	jurisdictionCountryName 957
	169	+des_ede3_cbc_hmac_sha1 958
	170	diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
	171	index b57aabb..4e1ff18 100644
	172	--- a/crypto/objects/objects.txt
	173	+++ b/crypto/objects/objects.txt
	174	@@ -1294,6 +1294,7 @@ kisa 1 6 : SEED-OFB : seed-ofb
	175	: AES-128-CBC-HMAC-SHA256 : aes-128-cbc-hmac-sha256
	176	: AES-192-CBC-HMAC-SHA256 : aes-192-cbc-hmac-sha256
	177	: AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256
	178	+ : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1
	179
	180	ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
	181
	182	diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
	183	index 302464e..a379273 100644
	184	--- a/ssl/ssl_ciph.c
	185	+++ b/ssl/ssl_ciph.c
	186	@@ -668,6 +668,10 @@ int ssl_cipher_get_evp(const SSL_SESSION s, const EVP_CIPHER *enc,
	187	c->algorithm_mac == SSL_SHA256 &&
	188	(evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
	189	enc = evp, md = NULL;
	190	+ else if (c->algorithm_enc == SSL_3DES &&
	191	+ c->algorithm_mac == SSL_SHA1 &&
	192	+ (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
	193	+ enc = evp, md = NULL;
	194	return (1);
	195	} else
	196	return (0);
	197	--
	198	2.7.0
	199