summaryrefslogtreecommitdiffstats
path: root/recipes-connectivity
diff options
context:
space:
mode:
Diffstat (limited to 'recipes-connectivity')
-rw-r--r--recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch4
-rw-r--r--recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch4
-rw-r--r--recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch4
-rw-r--r--recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch4
-rw-r--r--recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch4
-rw-r--r--recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch4
-rw-r--r--recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch4
-rw-r--r--recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch4
-rw-r--r--recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch4
-rw-r--r--recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch4
-rw-r--r--recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch4
-rw-r--r--recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch4
-rw-r--r--recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch4
-rw-r--r--recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch4
-rw-r--r--recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch4
-rw-r--r--recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch4
-rw-r--r--recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch4
-rw-r--r--recipes-connectivity/openssl/openssl-fsl/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch193
-rw-r--r--recipes-connectivity/openssl/openssl-fsl/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch355
-rw-r--r--recipes-connectivity/openssl/openssl-fsl/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch359
-rw-r--r--recipes-connectivity/openssl/openssl-fsl/0021-cryptodev-drop-redundant-function.patch75
-rw-r--r--recipes-connectivity/openssl/openssl-fsl/0022-cryptodev-do-not-zero-the-buffer-before-use.patch48
-rw-r--r--recipes-connectivity/openssl/openssl-fsl/0023-cryptodev-clean-up-code-layout.patch72
-rw-r--r--recipes-connectivity/openssl/openssl-fsl/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch100
-rw-r--r--recipes-connectivity/openssl/openssl-fsl/0025-cryptodev-put_dev_crypto-should-be-an-int.patch35
-rw-r--r--recipes-connectivity/openssl/openssl-fsl/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch250
-rw-r--r--recipes-connectivity/openssl/openssl_1.0.1i.bbappend10
27 files changed, 1531 insertions, 34 deletions
diff --git a/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch
index 233cf6e..e7b874f 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch
@@ -1,7 +1,7 @@
1From 9297e3834518ff0558d6e7004a62adfd107e659a Mon Sep 17 00:00:00 2001 1From 9297e3834518ff0558d6e7004a62adfd107e659a Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com> 2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Tue, 10 Sep 2013 12:46:46 +0300 3Date: Tue, 10 Sep 2013 12:46:46 +0300
4Subject: [PATCH 01/17] remove double initialization of cryptodev engine 4Subject: [PATCH 01/26] remove double initialization of cryptodev engine
5 5
6cryptodev engine is initialized together with the other engines in 6cryptodev engine is initialized together with the other engines in
7ENGINE_load_builtin_engines. The initialization done through 7ENGINE_load_builtin_engines. The initialization done through
@@ -79,5 +79,5 @@ index aa86b2b..ae50040 100755
79 EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES 79 EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES
80 FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION: 80 FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION:
81-- 81--
821.8.3.1 822.3.5
83 83
diff --git a/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch b/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
index 0b77bfa..ab2b7ea 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
@@ -1,7 +1,7 @@
1From dfd6ba263dc25ea2a4bbc32448b24ca2b1fc40e8 Mon Sep 17 00:00:00 2001 1From dfd6ba263dc25ea2a4bbc32448b24ca2b1fc40e8 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com> 2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Thu, 29 Aug 2013 16:51:18 +0300 3Date: Thu, 29 Aug 2013 16:51:18 +0300
4Subject: [PATCH 02/17] eng_cryptodev: add support for TLS algorithms offload 4Subject: [PATCH 02/26] eng_cryptodev: add support for TLS algorithms offload
5 5
6- aes-128-cbc-hmac-sha1 6- aes-128-cbc-hmac-sha1
7- aes-256-cbc-hmac-sha1 7- aes-256-cbc-hmac-sha1
@@ -313,5 +313,5 @@ index 5a715ac..7588a28 100644
313 !ENGINE_set_name(engine, "BSD cryptodev engine") || 313 !ENGINE_set_name(engine, "BSD cryptodev engine") ||
314 !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || 314 !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
315-- 315--
3161.8.3.1 3162.3.5
317 317
diff --git a/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch b/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch
index b31668e..f0d97e9 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch
@@ -1,7 +1,7 @@
1From 084fa469a8fef530d71a0870364df1c7997f6465 Mon Sep 17 00:00:00 2001 1From 084fa469a8fef530d71a0870364df1c7997f6465 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com> 2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Thu, 31 Jul 2014 14:06:19 +0300 3Date: Thu, 31 Jul 2014 14:06:19 +0300
4Subject: [PATCH 03/17] cryptodev: fix algorithm registration 4Subject: [PATCH 03/26] cryptodev: fix algorithm registration
5 5
6Cryptodev specific algorithms must register only if available in kernel. 6Cryptodev specific algorithms must register only if available in kernel.
7 7
@@ -60,5 +60,5 @@ index 7588a28..e3eb98b 100644
60 !ENGINE_set_name(engine, "BSD cryptodev engine") || 60 !ENGINE_set_name(engine, "BSD cryptodev engine") ||
61 !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || 61 !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
62-- 62--
631.8.3.1 632.3.5
64 64
diff --git a/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch b/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch
index af30ad3..2d722d8 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch
@@ -1,7 +1,7 @@
1From 7d770f0324498d1fa78300cc5cecc8c1dcd3b788 Mon Sep 17 00:00:00 2001 1From 7d770f0324498d1fa78300cc5cecc8c1dcd3b788 Mon Sep 17 00:00:00 2001
2From: Andy Polyakov <appro@openssl.org> 2From: Andy Polyakov <appro@openssl.org>
3Date: Sun, 21 Oct 2012 18:19:41 +0000 3Date: Sun, 21 Oct 2012 18:19:41 +0000
4Subject: [PATCH 04/17] linux-pcc: make it more robust and recognize 4Subject: [PATCH 04/26] linux-pcc: make it more robust and recognize
5 KERNEL_BITS variable. 5 KERNEL_BITS variable.
6 6
7(cherry picked from commit 78c3e20579d3baa159c8b51b59d415b6e521614b) 7(cherry picked from commit 78c3e20579d3baa159c8b51b59d415b6e521614b)
@@ -70,5 +70,5 @@ index f71ba66..531f1b3 100644
70 { 70 {
71 OPENSSL_ppc64_probe(); 71 OPENSSL_ppc64_probe();
72-- 72--
731.8.3.1 732.3.5
74 74
diff --git a/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch b/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch
index cfcf4a6..c9ff5aa 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch
@@ -1,7 +1,7 @@
1From 15abbcd740eafbf2a46b5da24be76acf4982743d Mon Sep 17 00:00:00 2001 1From 15abbcd740eafbf2a46b5da24be76acf4982743d Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com> 2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Tue, 11 Mar 2014 05:56:54 +0545 3Date: Tue, 11 Mar 2014 05:56:54 +0545
4Subject: [PATCH 05/17] ECC Support header for Cryptodev Engine 4Subject: [PATCH 05/26] ECC Support header for Cryptodev Engine
5 5
6Upstream-status: Pending 6Upstream-status: Pending
7 7
@@ -314,5 +314,5 @@ index 0000000..77aee71
314+}; 314+};
315+#endif 315+#endif
316-- 316--
3171.8.3.1 3172.3.5
318 318
diff --git a/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch b/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch
index 41f48a2..01c268b 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch
@@ -1,7 +1,7 @@
1From 39a9e609290a8a1163a721915bcde0c7cf8f92f7 Mon Sep 17 00:00:00 2001 1From 39a9e609290a8a1163a721915bcde0c7cf8f92f7 Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com> 2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Tue, 11 Mar 2014 05:57:47 +0545 3Date: Tue, 11 Mar 2014 05:57:47 +0545
4Subject: [PATCH 06/17] Fixed private key support for DH 4Subject: [PATCH 06/26] Fixed private key support for DH
5 5
6Upstream-status: Pending 6Upstream-status: Pending
7 7
@@ -29,5 +29,5 @@ index 02ec2d4..ed32004 100644
29 return 1; 29 return 1;
30 } 30 }
31-- 31--
321.8.3.1 322.3.5
33 33
diff --git a/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch b/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch
index f507fff..12fcd7d 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch
@@ -1,7 +1,7 @@
1From 8322e4157bf49d992b5b9e460f2c0785865dd1c1 Mon Sep 17 00:00:00 2001 1From 8322e4157bf49d992b5b9e460f2c0785865dd1c1 Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com> 2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Thu, 20 Mar 2014 19:55:51 -0500 3Date: Thu, 20 Mar 2014 19:55:51 -0500
4Subject: [PATCH 07/17] Fixed private key support for DH 4Subject: [PATCH 07/26] Fixed private key support for DH
5 5
6Upstream-status: Pending 6Upstream-status: Pending
7 7
@@ -31,5 +31,5 @@ index ed32004..02ec2d4 100644
31 return 1; 31 return 1;
32 } 32 }
33-- 33--
341.8.3.1 342.3.5
35 35
diff --git a/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch
index 6903c88..8c8b1f2 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch
@@ -1,7 +1,7 @@
1From 107a10d45db0f2e58482f698add04ed9183f7268 Mon Sep 17 00:00:00 2001 1From 107a10d45db0f2e58482f698add04ed9183f7268 Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com> 2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Tue, 11 Mar 2014 06:29:52 +0545 3Date: Tue, 11 Mar 2014 06:29:52 +0545
4Subject: [PATCH 08/17] Initial support for PKC in cryptodev engine 4Subject: [PATCH 08/26] Initial support for PKC in cryptodev engine
5 5
6Upstream-status: Pending 6Upstream-status: Pending
7 7
@@ -1560,5 +1560,5 @@ index e3eb98b..7ee314b 100644
1560 } 1560 }
1561 1561
1562-- 1562--
15631.8.3.1 15632.3.5
1564 1564
diff --git a/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch b/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch
index 6a69c32..0fb0182 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch
@@ -1,7 +1,7 @@
1From 81c4c62a4f5f5542843381bfb34e39a6171d5cdd Mon Sep 17 00:00:00 2001 1From 81c4c62a4f5f5542843381bfb34e39a6171d5cdd Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com> 2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Tue, 11 Mar 2014 06:42:59 +0545 3Date: Tue, 11 Mar 2014 06:42:59 +0545
4Subject: [PATCH 09/17] Added hwrng dev file as source of RNG 4Subject: [PATCH 09/26] Added hwrng dev file as source of RNG
5 5
6Upstream-status: Pending 6Upstream-status: Pending
7 7
@@ -24,5 +24,5 @@ index 6a0aad1..57c0563 100644
24 #ifndef DEVRANDOM_EGD 24 #ifndef DEVRANDOM_EGD
25 /* set this to a comma-seperated list of 'egd' sockets to try out. These 25 /* set this to a comma-seperated list of 'egd' sockets to try out. These
26-- 26--
271.8.3.1 272.3.5
28 28
diff --git a/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch b/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
index b7702d1..0f889c0 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
@@ -1,7 +1,7 @@
1From a933e6341fd8989bdd82f8a5446b6f04aa00eef9 Mon Sep 17 00:00:00 2001 1From a933e6341fd8989bdd82f8a5446b6f04aa00eef9 Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com> 2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Tue, 11 Mar 2014 07:14:30 +0545 3Date: Tue, 11 Mar 2014 07:14:30 +0545
4Subject: [PATCH 10/17] Asynchronous interface added for PKC cryptodev 4Subject: [PATCH 10/26] Asynchronous interface added for PKC cryptodev
5 interface 5 interface
6 6
7Upstream-status: Pending 7Upstream-status: Pending
@@ -2035,5 +2035,5 @@ index 5f269e5..6ef1b15 100644
2035 int (*finish)(RSA *rsa); /* called at free */ 2035 int (*finish)(RSA *rsa); /* called at free */
2036 int flags; /* RSA_METHOD_FLAG_* things */ 2036 int flags; /* RSA_METHOD_FLAG_* things */
2037-- 2037--
20381.8.3.1 20382.3.5
2039 2039
diff --git a/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch b/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
index 5e74298..244d230 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
@@ -1,7 +1,7 @@
1From e4fc051f8ae1c093b25ca346c2ec351ff3b700d1 Mon Sep 17 00:00:00 2001 1From e4fc051f8ae1c093b25ca346c2ec351ff3b700d1 Mon Sep 17 00:00:00 2001
2From: Hou Zhiqiang <B48286@freescale.com> 2From: Hou Zhiqiang <B48286@freescale.com>
3Date: Wed, 2 Apr 2014 16:10:43 +0800 3Date: Wed, 2 Apr 2014 16:10:43 +0800
4Subject: [PATCH 11/17] Add RSA keygen operation and support gendsa command 4Subject: [PATCH 11/26] Add RSA keygen operation and support gendsa command
5 with hardware engine 5 with hardware engine
6 6
7Upstream-status: Pending 7Upstream-status: Pending
@@ -149,5 +149,5 @@ index 9f2416e..b2919a8 100644
149 } 149 }
150 150
151-- 151--
1521.8.3.1 1522.3.5
153 153
diff --git a/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch b/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch
index 4489973..7f907da 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch
@@ -1,7 +1,7 @@
1From ac777f046da7151386d667391362ecb553ceee90 Mon Sep 17 00:00:00 2001 1From ac777f046da7151386d667391362ecb553ceee90 Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com> 2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Wed, 16 Apr 2014 22:53:04 +0545 3Date: Wed, 16 Apr 2014 22:53:04 +0545
4Subject: [PATCH 12/17] RSA Keygen Fix 4Subject: [PATCH 12/26] RSA Keygen Fix
5 5
6Upstream-status: Pending 6Upstream-status: Pending
7 7
@@ -60,5 +60,5 @@ index b2919a8..ed5f20f 100644
60 return ret; 60 return ret;
61 61
62-- 62--
631.8.3.1 632.3.5
64 64
diff --git a/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch b/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch
index 183f3fb..c9d8ace 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch
@@ -1,7 +1,7 @@
1From 6aaa306cdf878250d7b6eaf30978de313653886b Mon Sep 17 00:00:00 2001 1From 6aaa306cdf878250d7b6eaf30978de313653886b Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com> 2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Thu, 17 Apr 2014 06:57:59 +0545 3Date: Thu, 17 Apr 2014 06:57:59 +0545
4Subject: [PATCH 13/17] Removed local copy of curve_t type 4Subject: [PATCH 13/26] Removed local copy of curve_t type
5 5
6Upstream-status: Pending 6Upstream-status: Pending
7 7
@@ -160,5 +160,5 @@ index 77aee71..a4b8da5 100644
160-}; 160-};
161 #endif 161 #endif
162-- 162--
1631.8.3.1 1632.3.5
164 164
diff --git a/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch b/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch
index 46846f8..198bed7 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch
@@ -1,7 +1,7 @@
1From 14623ca9e417ccef1ad3f4138acfac0ebe682f1f Mon Sep 17 00:00:00 2001 1From 14623ca9e417ccef1ad3f4138acfac0ebe682f1f Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com> 2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Tue, 22 Apr 2014 22:58:33 +0545 3Date: Tue, 22 Apr 2014 22:58:33 +0545
4Subject: [PATCH 14/17] Modulus parameter is not populated by dhparams 4Subject: [PATCH 14/26] Modulus parameter is not populated by dhparams
5 5
6Upstream-status: Pending 6Upstream-status: Pending
7 7
@@ -39,5 +39,5 @@ index 5d883fa..6d69336 100644
39 kop.crk_param[2].crp_p = g; 39 kop.crk_param[2].crp_p = g;
40 kop.crk_param[2].crp_nbits = g_len * 8; 40 kop.crk_param[2].crp_nbits = g_len * 8;
41-- 41--
421.8.3.1 422.3.5
43 43
diff --git a/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch b/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch
index c20f9d7..59330a1 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch
@@ -1,7 +1,7 @@
1From 10be401a33e6ebcc325d6747914c70595cd53d0a Mon Sep 17 00:00:00 2001 1From 10be401a33e6ebcc325d6747914c70595cd53d0a Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com> 2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Thu, 24 Apr 2014 00:35:34 +0545 3Date: Thu, 24 Apr 2014 00:35:34 +0545
4Subject: [PATCH 15/17] SW Backoff mechanism for dsa keygen 4Subject: [PATCH 15/26] SW Backoff mechanism for dsa keygen
5 5
6Upstream-status: Pending 6Upstream-status: Pending
7 7
@@ -49,5 +49,5 @@ index 6d69336..dab8fea 100644
49 } 49 }
50 return ret; 50 return ret;
51-- 51--
521.8.3.1 522.3.5
53 53
diff --git a/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch b/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch
index abcc2ef..8923cb6 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch
@@ -1,7 +1,7 @@
1From d2c868c6370bcc0d0a254e641907da2cdf992d62 Mon Sep 17 00:00:00 2001 1From d2c868c6370bcc0d0a254e641907da2cdf992d62 Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com> 2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Thu, 1 May 2014 06:35:45 +0545 3Date: Thu, 1 May 2014 06:35:45 +0545
4Subject: [PATCH 16/17] Fixed DH keygen pair generator 4Subject: [PATCH 16/26] Fixed DH keygen pair generator
5 5
6Upstream-status: Pending 6Upstream-status: Pending
7 7
@@ -96,5 +96,5 @@ index dab8fea..13d924f 100644
96 sw_try: 96 sw_try:
97 { 97 {
98-- 98--
991.8.3.1 992.3.5
100 100
diff --git a/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch b/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
index a71bb45..bd9e61a 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
@@ -1,7 +1,7 @@
1From 11b55103463bac614e00d74e9f196ec4ec6bade1 Mon Sep 17 00:00:00 2001 1From 11b55103463bac614e00d74e9f196ec4ec6bade1 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com> 2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Mon, 16 Jun 2014 14:06:21 +0300 3Date: Mon, 16 Jun 2014 14:06:21 +0300
4Subject: [PATCH 17/17] cryptodev: add support for aes-gcm algorithm offloading 4Subject: [PATCH 17/26] cryptodev: add support for aes-gcm algorithm offloading
5 5
6Change-Id: I3b77dc5ef8b8f707309549244a02852d95b36168 6Change-Id: I3b77dc5ef8b8f707309549244a02852d95b36168
7Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> 7Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
@@ -305,5 +305,5 @@ index 13d924f..4493490 100644
305 *cipher = NULL; 305 *cipher = NULL;
306 break; 306 break;
307-- 307--
3081.8.3.1 3082.3.5
309 309
diff --git a/recipes-connectivity/openssl/openssl-fsl/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch b/recipes-connectivity/openssl/openssl-fsl/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
new file mode 100644
index 0000000..1118a6f
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
@@ -0,0 +1,193 @@
1From 21e3ca4ec77f9258aa4001f07faac1c4942b48b4 Mon Sep 17 00:00:00 2001
2From: Tudor Ambarus <tudor.ambarus@freescale.com>
3Date: Fri, 9 May 2014 17:54:06 +0300
4Subject: [PATCH 18/26] eng_cryptodev: extend TLS offload with
5 3des_cbc_hmac_sha1
6
7Both obj_mac.h and obj_dat.h were generated using the scripts
8from crypto/objects:
9
10$ cd crypto/objects
11$ perl objects.pl objects.txt obj_mac.num obj_mac.h
12$ perl obj_dat.pl obj_mac.h obj_dat.h
13
14Change-Id: I94f13cdd09df67e33e6acd3c00aab47cb358ac46
15Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
16Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
17Reviewed-on: http://git.am.freescale.net:8181/34001
18---
19 crypto/engine/eng_cryptodev.c | 24 ++++++++++++++++++++++++
20 crypto/objects/obj_dat.h | 10 +++++++---
21 crypto/objects/obj_mac.h | 4 ++++
22 crypto/objects/obj_mac.num | 1 +
23 crypto/objects/objects.txt | 1 +
24 ssl/ssl_ciph.c | 4 ++++
25 6 files changed, 41 insertions(+), 3 deletions(-)
26
27diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
28index 79b2678..299e84b 100644
29--- a/crypto/engine/eng_cryptodev.c
30+++ b/crypto/engine/eng_cryptodev.c
31@@ -135,6 +135,7 @@ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
32 void ENGINE_load_cryptodev(void);
33 const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
34 const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
35+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
36
37 inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
38 {
39@@ -252,6 +253,7 @@ static struct {
40 { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, 0},
41 { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0},
42 { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0},
43+ { CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20},
44 { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
45 { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
46 { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0},
47@@ -466,6 +468,9 @@ cryptodev_usable_ciphers(const int **nids)
48 case NID_aes_256_cbc_hmac_sha1:
49 EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
50 break;
51+ case NID_des_ede3_cbc_hmac_sha1:
52+ EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
53+ break;
54 }
55 }
56 return count;
57@@ -571,6 +576,7 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
58 switch (ctx->cipher->nid) {
59 case NID_aes_128_cbc_hmac_sha1:
60 case NID_aes_256_cbc_hmac_sha1:
61+ case NID_des_ede3_cbc_hmac_sha1:
62 cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
63 }
64 cryp.ses = sess->ses;
65@@ -763,6 +769,7 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
66 switch (ctx->cipher->nid) {
67 case NID_aes_128_cbc_hmac_sha1:
68 case NID_aes_256_cbc_hmac_sha1:
69+ case NID_des_ede3_cbc_hmac_sha1:
70 maclen = SHA_DIGEST_LENGTH;
71 }
72
73@@ -1082,6 +1089,20 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
74 NULL
75 };
76
77+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1 = {
78+ NID_des_ede3_cbc_hmac_sha1,
79+ 8, 24, 8,
80+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
81+ cryptodev_init_aead_key,
82+ cryptodev_aead_cipher,
83+ cryptodev_cleanup,
84+ sizeof(struct dev_crypto_state),
85+ EVP_CIPHER_set_asn1_iv,
86+ EVP_CIPHER_get_asn1_iv,
87+ cryptodev_cbc_hmac_sha1_ctrl,
88+ NULL
89+};
90+
91 const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
92 NID_aes_128_cbc_hmac_sha1,
93 16, 16, 16,
94@@ -1163,6 +1184,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
95 case NID_aes_256_cbc:
96 *cipher = &cryptodev_aes_256_cbc;
97 break;
98+ case NID_des_ede3_cbc_hmac_sha1:
99+ *cipher = &cryptodev_3des_cbc_hmac_sha1;
100+ break;
101 case NID_aes_128_cbc_hmac_sha1:
102 *cipher = &cryptodev_aes_128_cbc_hmac_sha1;
103 break;
104diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
105index bc69665..9f2267a 100644
106--- a/crypto/objects/obj_dat.h
107+++ b/crypto/objects/obj_dat.h
108@@ -62,9 +62,9 @@
109 * [including the GNU Public Licence.]
110 */
111
112-#define NUM_NID 920
113-#define NUM_SN 913
114-#define NUM_LN 913
115+#define NUM_NID 921
116+#define NUM_SN 914
117+#define NUM_LN 914
118 #define NUM_OBJ 857
119
120 static const unsigned char lvalues[5974]={
121@@ -2399,6 +2399,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
122 {"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1",
123 NID_aes_256_cbc_hmac_sha1,0,NULL,0},
124 {"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0},
125+{"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
126+ NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
127 };
128
129 static const unsigned int sn_objs[NUM_SN]={
130@@ -2474,6 +2476,7 @@ static const unsigned int sn_objs[NUM_SN]={
131 62, /* "DES-EDE-OFB" */
132 33, /* "DES-EDE3" */
133 44, /* "DES-EDE3-CBC" */
134+920, /* "DES-EDE3-CBC-HMAC-SHA1" */
135 61, /* "DES-EDE3-CFB" */
136 658, /* "DES-EDE3-CFB1" */
137 659, /* "DES-EDE3-CFB8" */
138@@ -3585,6 +3588,7 @@ static const unsigned int ln_objs[NUM_LN]={
139 62, /* "des-ede-ofb" */
140 33, /* "des-ede3" */
141 44, /* "des-ede3-cbc" */
142+920, /* "des-ede3-cbc-hmac-sha1" */
143 61, /* "des-ede3-cfb" */
144 658, /* "des-ede3-cfb1" */
145 659, /* "des-ede3-cfb8" */
146diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
147index b5ea7cd..8751902 100644
148--- a/crypto/objects/obj_mac.h
149+++ b/crypto/objects/obj_mac.h
150@@ -4030,3 +4030,7 @@
151 #define LN_aes_256_cbc_hmac_sha1 "aes-256-cbc-hmac-sha1"
152 #define NID_aes_256_cbc_hmac_sha1 918
153
154+#define SN_des_ede3_cbc_hmac_sha1 "DES-EDE3-CBC-HMAC-SHA1"
155+#define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1"
156+#define NID_des_ede3_cbc_hmac_sha1 920
157+
158diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
159index 1d0a7c8..9d44bb5 100644
160--- a/crypto/objects/obj_mac.num
161+++ b/crypto/objects/obj_mac.num
162@@ -917,3 +917,4 @@ aes_128_cbc_hmac_sha1 916
163 aes_192_cbc_hmac_sha1 917
164 aes_256_cbc_hmac_sha1 918
165 rsaesOaep 919
166+des_ede3_cbc_hmac_sha1 920
167diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
168index d3bfad7..90d2fc5 100644
169--- a/crypto/objects/objects.txt
170+++ b/crypto/objects/objects.txt
171@@ -1290,3 +1290,4 @@ kisa 1 6 : SEED-OFB : seed-ofb
172 : AES-128-CBC-HMAC-SHA1 : aes-128-cbc-hmac-sha1
173 : AES-192-CBC-HMAC-SHA1 : aes-192-cbc-hmac-sha1
174 : AES-256-CBC-HMAC-SHA1 : aes-256-cbc-hmac-sha1
175+ : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1
176diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
177index 8188ff5..310fe76 100644
178--- a/ssl/ssl_ciph.c
179+++ b/ssl/ssl_ciph.c
180@@ -639,6 +639,10 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
181 c->algorithm_mac == SSL_SHA1 &&
182 (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
183 *enc = evp, *md = NULL;
184+ else if (c->algorithm_enc == SSL_3DES &&
185+ c->algorithm_mac == SSL_SHA1 &&
186+ (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
187+ *enc = evp, *md = NULL;
188 return(1);
189 }
190 else
191--
1922.3.5
193
diff --git a/recipes-connectivity/openssl/openssl-fsl/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch b/recipes-connectivity/openssl/openssl-fsl/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
new file mode 100644
index 0000000..988d79e
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
@@ -0,0 +1,355 @@
1From 1de2b740a3bdcd8e98abb5f4e176d46fd817b932 Mon Sep 17 00:00:00 2001
2From: Tudor Ambarus <tudor.ambarus@freescale.com>
3Date: Tue, 31 Mar 2015 16:30:17 +0300
4Subject: [PATCH 19/26] eng_cryptodev: add support for TLSv1.1 record offload
5
6Supported cipher suites:
7- 3des-ede-cbc-sha
8- aes-128-cbc-hmac-sha
9- aes-256-cbc-hmac-sha
10
11Requires TLS patches on cryptodev and TLS algorithm support in Linux
12kernel driver.
13
14Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
15Change-Id: Id414f36a528de3f476b72688cf85714787d7ccae
16Reviewed-on: http://git.am.freescale.net:8181/34002
17Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com>
18Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
19---
20 crypto/engine/eng_cryptodev.c | 101 ++++++++++++++++++++++++++++++++++++++----
21 crypto/objects/obj_dat.h | 18 ++++++--
22 crypto/objects/obj_mac.h | 12 +++++
23 crypto/objects/obj_mac.num | 3 ++
24 crypto/objects/objects.txt | 3 ++
25 ssl/ssl_ciph.c | 26 +++++++++--
26 6 files changed, 148 insertions(+), 15 deletions(-)
27
28diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
29index 299e84b..f71ab27 100644
30--- a/crypto/engine/eng_cryptodev.c
31+++ b/crypto/engine/eng_cryptodev.c
32@@ -66,6 +66,7 @@ ENGINE_load_cryptodev(void)
33 #include <sys/ioctl.h>
34 #include <errno.h>
35 #include <stdio.h>
36+#include <stdbool.h>
37 #include <unistd.h>
38 #include <fcntl.h>
39 #include <stdarg.h>
40@@ -133,9 +134,12 @@ static int cryptodev_dh_compute_key(unsigned char *key,
41 static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
42 void (*f)(void));
43 void ENGINE_load_cryptodev(void);
44+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
45 const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
46 const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
47-const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
48+const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
49+const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
50+const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
51
52 inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
53 {
54@@ -256,6 +260,9 @@ static struct {
55 { CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20},
56 { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
57 { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
58+ { CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8, 24, 20},
59+ { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16, 20},
60+ { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32, 20},
61 { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0},
62 { 0, NID_undef, 0, 0, 0},
63 };
64@@ -462,14 +469,23 @@ cryptodev_usable_ciphers(const int **nids)
65 /* add ciphers specific to cryptodev if found in kernel */
66 for(i = 0; i < count; i++) {
67 switch (*(*nids + i)) {
68+ case NID_des_ede3_cbc_hmac_sha1:
69+ EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
70+ break;
71 case NID_aes_128_cbc_hmac_sha1:
72 EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
73 break;
74 case NID_aes_256_cbc_hmac_sha1:
75 EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
76 break;
77- case NID_des_ede3_cbc_hmac_sha1:
78- EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
79+ case NID_tls11_des_ede3_cbc_hmac_sha1:
80+ EVP_add_cipher(&cryptodev_tls11_3des_cbc_hmac_sha1);
81+ break;
82+ case NID_tls11_aes_128_cbc_hmac_sha1:
83+ EVP_add_cipher(&cryptodev_tls11_aes_128_cbc_hmac_sha1);
84+ break;
85+ case NID_tls11_aes_256_cbc_hmac_sha1:
86+ EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
87 break;
88 }
89 }
90@@ -574,9 +590,12 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
91
92 /* TODO: make a seamless integration with cryptodev flags */
93 switch (ctx->cipher->nid) {
94+ case NID_des_ede3_cbc_hmac_sha1:
95 case NID_aes_128_cbc_hmac_sha1:
96 case NID_aes_256_cbc_hmac_sha1:
97- case NID_des_ede3_cbc_hmac_sha1:
98+ case NID_tls11_des_ede3_cbc_hmac_sha1:
99+ case NID_tls11_aes_128_cbc_hmac_sha1:
100+ case NID_tls11_aes_256_cbc_hmac_sha1:
101 cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
102 }
103 cryp.ses = sess->ses;
104@@ -758,8 +777,9 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
105 struct dev_crypto_state *state = ctx->cipher_data;
106 unsigned char *p = ptr;
107 unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
108- unsigned int maclen, padlen;
109+ unsigned int maclen, padlen, len;
110 unsigned int bs = ctx->cipher->block_size;
111+ bool aad_needs_fix = false;
112
113 state->aad = ptr;
114 state->aad_len = arg;
115@@ -767,10 +787,24 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
116
117 /* TODO: this should be an extension of EVP_CIPHER struct */
118 switch (ctx->cipher->nid) {
119+ case NID_des_ede3_cbc_hmac_sha1:
120 case NID_aes_128_cbc_hmac_sha1:
121 case NID_aes_256_cbc_hmac_sha1:
122- case NID_des_ede3_cbc_hmac_sha1:
123 maclen = SHA_DIGEST_LENGTH;
124+ break;
125+ case NID_tls11_des_ede3_cbc_hmac_sha1:
126+ case NID_tls11_aes_128_cbc_hmac_sha1:
127+ case NID_tls11_aes_256_cbc_hmac_sha1:
128+ maclen = SHA_DIGEST_LENGTH;
129+ aad_needs_fix = true;
130+ break;
131+ }
132+
133+ /* Correct length for AAD Length field */
134+ if (ctx->encrypt && aad_needs_fix) {
135+ len = cryptlen - bs;
136+ p[arg-2] = len >> 8;
137+ p[arg-1] = len & 0xff;
138 }
139
140 /* space required for encryption (not only TLS padding) */
141@@ -1131,6 +1165,48 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
142 NULL
143 };
144
145+const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1 = {
146+ NID_tls11_des_ede3_cbc_hmac_sha1,
147+ 8, 24, 8,
148+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
149+ cryptodev_init_aead_key,
150+ cryptodev_aead_cipher,
151+ cryptodev_cleanup,
152+ sizeof(struct dev_crypto_state),
153+ EVP_CIPHER_set_asn1_iv,
154+ EVP_CIPHER_get_asn1_iv,
155+ cryptodev_cbc_hmac_sha1_ctrl,
156+ NULL
157+};
158+
159+const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1 = {
160+ NID_tls11_aes_128_cbc_hmac_sha1,
161+ 16, 16, 16,
162+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
163+ cryptodev_init_aead_key,
164+ cryptodev_aead_cipher,
165+ cryptodev_cleanup,
166+ sizeof(struct dev_crypto_state),
167+ EVP_CIPHER_set_asn1_iv,
168+ EVP_CIPHER_get_asn1_iv,
169+ cryptodev_cbc_hmac_sha1_ctrl,
170+ NULL
171+};
172+
173+const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
174+ NID_tls11_aes_256_cbc_hmac_sha1,
175+ 16, 32, 16,
176+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
177+ cryptodev_init_aead_key,
178+ cryptodev_aead_cipher,
179+ cryptodev_cleanup,
180+ sizeof(struct dev_crypto_state),
181+ EVP_CIPHER_set_asn1_iv,
182+ EVP_CIPHER_get_asn1_iv,
183+ cryptodev_cbc_hmac_sha1_ctrl,
184+ NULL
185+};
186+
187 const EVP_CIPHER cryptodev_aes_128_gcm = {
188 NID_aes_128_gcm,
189 1, 16, 12,
190@@ -1184,6 +1260,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
191 case NID_aes_256_cbc:
192 *cipher = &cryptodev_aes_256_cbc;
193 break;
194+ case NID_aes_128_gcm:
195+ *cipher = &cryptodev_aes_128_gcm;
196+ break;
197 case NID_des_ede3_cbc_hmac_sha1:
198 *cipher = &cryptodev_3des_cbc_hmac_sha1;
199 break;
200@@ -1193,8 +1272,14 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
201 case NID_aes_256_cbc_hmac_sha1:
202 *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
203 break;
204- case NID_aes_128_gcm:
205- *cipher = &cryptodev_aes_128_gcm;
206+ case NID_tls11_des_ede3_cbc_hmac_sha1:
207+ *cipher = &cryptodev_tls11_3des_cbc_hmac_sha1;
208+ break;
209+ case NID_tls11_aes_128_cbc_hmac_sha1:
210+ *cipher = &cryptodev_tls11_aes_128_cbc_hmac_sha1;
211+ break;
212+ case NID_tls11_aes_256_cbc_hmac_sha1:
213+ *cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1;
214 break;
215 default:
216 *cipher = NULL;
217diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
218index 9f2267a..dc89b0a 100644
219--- a/crypto/objects/obj_dat.h
220+++ b/crypto/objects/obj_dat.h
221@@ -62,9 +62,9 @@
222 * [including the GNU Public Licence.]
223 */
224
225-#define NUM_NID 921
226-#define NUM_SN 914
227-#define NUM_LN 914
228+#define NUM_NID 924
229+#define NUM_SN 917
230+#define NUM_LN 917
231 #define NUM_OBJ 857
232
233 static const unsigned char lvalues[5974]={
234@@ -2401,6 +2401,12 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
235 {"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0},
236 {"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
237 NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
238+{"TLS11-DES-EDE3-CBC-HMAC-SHA1","tls11-des-ede3-cbc-hmac-sha1",
239+ NID_tls11_des_ede3_cbc_hmac_sha1,0,NULL,0},
240+{"TLS11-AES-128-CBC-HMAC-SHA1","tls11-aes-128-cbc-hmac-sha1",
241+ NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
242+{"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
243+ NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
244 };
245
246 static const unsigned int sn_objs[NUM_SN]={
247@@ -2586,6 +2592,9 @@ static const unsigned int sn_objs[NUM_SN]={
248 100, /* "SN" */
249 16, /* "ST" */
250 143, /* "SXNetID" */
251+922, /* "TLS11-AES-128-CBC-HMAC-SHA1" */
252+923, /* "TLS11-AES-256-CBC-HMAC-SHA1" */
253+921, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
254 458, /* "UID" */
255 0, /* "UNDEF" */
256 11, /* "X500" */
257@@ -4205,6 +4214,9 @@ static const unsigned int ln_objs[NUM_LN]={
258 459, /* "textEncodedORAddress" */
259 293, /* "textNotice" */
260 106, /* "title" */
261+922, /* "tls11-aes-128-cbc-hmac-sha1" */
262+923, /* "tls11-aes-256-cbc-hmac-sha1" */
263+921, /* "tls11-des-ede3-cbc-hmac-sha1" */
264 682, /* "tpBasis" */
265 436, /* "ucl" */
266 0, /* "undefined" */
267diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
268index 8751902..f181890 100644
269--- a/crypto/objects/obj_mac.h
270+++ b/crypto/objects/obj_mac.h
271@@ -4034,3 +4034,15 @@
272 #define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1"
273 #define NID_des_ede3_cbc_hmac_sha1 920
274
275+#define SN_tls11_des_ede3_cbc_hmac_sha1 "TLS11-DES-EDE3-CBC-HMAC-SHA1"
276+#define LN_tls11_des_ede3_cbc_hmac_sha1 "tls11-des-ede3-cbc-hmac-sha1"
277+#define NID_tls11_des_ede3_cbc_hmac_sha1 921
278+
279+#define SN_tls11_aes_128_cbc_hmac_sha1 "TLS11-AES-128-CBC-HMAC-SHA1"
280+#define LN_tls11_aes_128_cbc_hmac_sha1 "tls11-aes-128-cbc-hmac-sha1"
281+#define NID_tls11_aes_128_cbc_hmac_sha1 922
282+
283+#define SN_tls11_aes_256_cbc_hmac_sha1 "TLS11-AES-256-CBC-HMAC-SHA1"
284+#define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1"
285+#define NID_tls11_aes_256_cbc_hmac_sha1 923
286+
287diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
288index 9d44bb5..a02b58c 100644
289--- a/crypto/objects/obj_mac.num
290+++ b/crypto/objects/obj_mac.num
291@@ -918,3 +918,6 @@ aes_192_cbc_hmac_sha1 917
292 aes_256_cbc_hmac_sha1 918
293 rsaesOaep 919
294 des_ede3_cbc_hmac_sha1 920
295+tls11_des_ede3_cbc_hmac_sha1 921
296+tls11_aes_128_cbc_hmac_sha1 922
297+tls11_aes_256_cbc_hmac_sha1 923
298diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
299index 90d2fc5..1973658 100644
300--- a/crypto/objects/objects.txt
301+++ b/crypto/objects/objects.txt
302@@ -1291,3 +1291,6 @@ kisa 1 6 : SEED-OFB : seed-ofb
303 : AES-192-CBC-HMAC-SHA1 : aes-192-cbc-hmac-sha1
304 : AES-256-CBC-HMAC-SHA1 : aes-256-cbc-hmac-sha1
305 : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1
306+ : TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1
307+ : TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1
308+ : TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1
309diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
310index 310fe76..0408986 100644
311--- a/ssl/ssl_ciph.c
312+++ b/ssl/ssl_ciph.c
313@@ -631,17 +631,35 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
314 c->algorithm_mac == SSL_MD5 &&
315 (evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
316 *enc = evp, *md = NULL;
317- else if (c->algorithm_enc == SSL_AES128 &&
318+ else if (s->ssl_version == TLS1_VERSION &&
319+ c->algorithm_enc == SSL_3DES &&
320+ c->algorithm_mac == SSL_SHA1 &&
321+ (evp=EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
322+ *enc = evp, *md = NULL;
323+ else if (s->ssl_version == TLS1_VERSION &&
324+ c->algorithm_enc == SSL_AES128 &&
325 c->algorithm_mac == SSL_SHA1 &&
326 (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
327 *enc = evp, *md = NULL;
328- else if (c->algorithm_enc == SSL_AES256 &&
329+ else if (s->ssl_version == TLS1_VERSION &&
330+ c->algorithm_enc == SSL_AES256 &&
331 c->algorithm_mac == SSL_SHA1 &&
332 (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
333 *enc = evp, *md = NULL;
334- else if (c->algorithm_enc == SSL_3DES &&
335+ else if (s->ssl_version == TLS1_1_VERSION &&
336+ c->algorithm_enc == SSL_3DES &&
337+ c->algorithm_mac == SSL_SHA1 &&
338+ (evp=EVP_get_cipherbyname("TLS11-DES-EDE3-CBC-HMAC-SHA1")))
339+ *enc = evp, *md = NULL;
340+ else if (s->ssl_version == TLS1_1_VERSION &&
341+ c->algorithm_enc == SSL_AES128 &&
342+ c->algorithm_mac == SSL_SHA1 &&
343+ (evp=EVP_get_cipherbyname("TLS11-AES-128-CBC-HMAC-SHA1")))
344+ *enc = evp, *md = NULL;
345+ else if (s->ssl_version == TLS1_1_VERSION &&
346+ c->algorithm_enc == SSL_AES256 &&
347 c->algorithm_mac == SSL_SHA1 &&
348- (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
349+ (evp=EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
350 *enc = evp, *md = NULL;
351 return(1);
352 }
353--
3542.3.5
355
diff --git a/recipes-connectivity/openssl/openssl-fsl/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch b/recipes-connectivity/openssl/openssl-fsl/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
new file mode 100644
index 0000000..7370c49
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
@@ -0,0 +1,359 @@
1From a58703e6601fcfcfe69fdb3e7152ed76b40d67e9 Mon Sep 17 00:00:00 2001
2From: Tudor Ambarus <tudor.ambarus@freescale.com>
3Date: Tue, 31 Mar 2015 16:32:35 +0300
4Subject: [PATCH 20/26] eng_cryptodev: add support for TLSv1.2 record offload
5
6Supported cipher suites:
7- 3des-ede-cbc-sha
8- aes-128-cbc-hmac-sha
9- aes-256-cbc-hmac-sha
10- aes-128-cbc-hmac-sha256
11- aes-256-cbc-hmac-sha256
12
13Requires TLS patches on cryptodev and TLS algorithm support in Linux
14kernel driver.
15
16Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
17Change-Id: I0ac6953dd62e2655a59d8f3eaefd012b7ecebf55
18Reviewed-on: http://git.am.freescale.net:8181/34003
19Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com>
20Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
21---
22 crypto/engine/eng_cryptodev.c | 123 ++++++++++++++++++++++++++++++++++++++++++
23 crypto/objects/obj_dat.h | 26 +++++++--
24 crypto/objects/obj_mac.h | 20 +++++++
25 crypto/objects/obj_mac.num | 5 ++
26 crypto/objects/objects.txt | 5 ++
27 ssl/ssl_ciph.c | 25 +++++++++
28 6 files changed, 201 insertions(+), 3 deletions(-)
29
30diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
31index f71ab27..fa5fe1b 100644
32--- a/crypto/engine/eng_cryptodev.c
33+++ b/crypto/engine/eng_cryptodev.c
34@@ -140,6 +140,11 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
35 const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
36 const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
37 const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
38+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1;
39+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1;
40+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1;
41+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256;
42+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256;
43
44 inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
45 {
46@@ -263,6 +268,11 @@ static struct {
47 { CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8, 24, 20},
48 { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16, 20},
49 { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32, 20},
50+ { CRYPTO_TLS12_3DES_CBC_HMAC_SHA1, NID_tls12_des_ede3_cbc_hmac_sha1, 8, 24, 20},
51+ { CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_128_cbc_hmac_sha1, 16, 16, 20},
52+ { CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_256_cbc_hmac_sha1, 16, 32, 20},
53+ { CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_128_cbc_hmac_sha256, 16, 16, 32},
54+ { CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_256_cbc_hmac_sha256, 16, 32, 32},
55 { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0},
56 { 0, NID_undef, 0, 0, 0},
57 };
58@@ -487,6 +497,21 @@ cryptodev_usable_ciphers(const int **nids)
59 case NID_tls11_aes_256_cbc_hmac_sha1:
60 EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
61 break;
62+ case NID_tls12_des_ede3_cbc_hmac_sha1:
63+ EVP_add_cipher(&cryptodev_tls12_3des_cbc_hmac_sha1);
64+ break;
65+ case NID_tls12_aes_128_cbc_hmac_sha1:
66+ EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha1);
67+ break;
68+ case NID_tls12_aes_256_cbc_hmac_sha1:
69+ EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha1);
70+ break;
71+ case NID_tls12_aes_128_cbc_hmac_sha256:
72+ EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha256);
73+ break;
74+ case NID_tls12_aes_256_cbc_hmac_sha256:
75+ EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha256);
76+ break;
77 }
78 }
79 return count;
80@@ -596,6 +621,11 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
81 case NID_tls11_des_ede3_cbc_hmac_sha1:
82 case NID_tls11_aes_128_cbc_hmac_sha1:
83 case NID_tls11_aes_256_cbc_hmac_sha1:
84+ case NID_tls12_des_ede3_cbc_hmac_sha1:
85+ case NID_tls12_aes_128_cbc_hmac_sha1:
86+ case NID_tls12_aes_256_cbc_hmac_sha1:
87+ case NID_tls12_aes_128_cbc_hmac_sha256:
88+ case NID_tls12_aes_256_cbc_hmac_sha256:
89 cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
90 }
91 cryp.ses = sess->ses;
92@@ -795,9 +825,17 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
93 case NID_tls11_des_ede3_cbc_hmac_sha1:
94 case NID_tls11_aes_128_cbc_hmac_sha1:
95 case NID_tls11_aes_256_cbc_hmac_sha1:
96+ case NID_tls12_des_ede3_cbc_hmac_sha1:
97+ case NID_tls12_aes_128_cbc_hmac_sha1:
98+ case NID_tls12_aes_256_cbc_hmac_sha1:
99 maclen = SHA_DIGEST_LENGTH;
100 aad_needs_fix = true;
101 break;
102+ case NID_tls12_aes_128_cbc_hmac_sha256:
103+ case NID_tls12_aes_256_cbc_hmac_sha256:
104+ maclen = SHA256_DIGEST_LENGTH;
105+ aad_needs_fix = true;
106+ break;
107 }
108
109 /* Correct length for AAD Length field */
110@@ -1207,6 +1245,76 @@ const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
111 NULL
112 };
113
114+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1 = {
115+ NID_tls12_des_ede3_cbc_hmac_sha1,
116+ 8, 24, 8,
117+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
118+ cryptodev_init_aead_key,
119+ cryptodev_aead_cipher,
120+ cryptodev_cleanup,
121+ sizeof(struct dev_crypto_state),
122+ EVP_CIPHER_set_asn1_iv,
123+ EVP_CIPHER_get_asn1_iv,
124+ cryptodev_cbc_hmac_sha1_ctrl,
125+ NULL
126+};
127+
128+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1 = {
129+ NID_tls12_aes_128_cbc_hmac_sha1,
130+ 16, 16, 16,
131+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
132+ cryptodev_init_aead_key,
133+ cryptodev_aead_cipher,
134+ cryptodev_cleanup,
135+ sizeof(struct dev_crypto_state),
136+ EVP_CIPHER_set_asn1_iv,
137+ EVP_CIPHER_get_asn1_iv,
138+ cryptodev_cbc_hmac_sha1_ctrl,
139+ NULL
140+};
141+
142+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1 = {
143+ NID_tls12_aes_256_cbc_hmac_sha1,
144+ 16, 32, 16,
145+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
146+ cryptodev_init_aead_key,
147+ cryptodev_aead_cipher,
148+ cryptodev_cleanup,
149+ sizeof(struct dev_crypto_state),
150+ EVP_CIPHER_set_asn1_iv,
151+ EVP_CIPHER_get_asn1_iv,
152+ cryptodev_cbc_hmac_sha1_ctrl,
153+ NULL
154+};
155+
156+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256 = {
157+ NID_tls12_aes_128_cbc_hmac_sha256,
158+ 16, 16, 16,
159+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
160+ cryptodev_init_aead_key,
161+ cryptodev_aead_cipher,
162+ cryptodev_cleanup,
163+ sizeof(struct dev_crypto_state),
164+ EVP_CIPHER_set_asn1_iv,
165+ EVP_CIPHER_get_asn1_iv,
166+ cryptodev_cbc_hmac_sha1_ctrl,
167+ NULL
168+};
169+
170+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256 = {
171+ NID_tls12_aes_256_cbc_hmac_sha256,
172+ 16, 32, 16,
173+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
174+ cryptodev_init_aead_key,
175+ cryptodev_aead_cipher,
176+ cryptodev_cleanup,
177+ sizeof(struct dev_crypto_state),
178+ EVP_CIPHER_set_asn1_iv,
179+ EVP_CIPHER_get_asn1_iv,
180+ cryptodev_cbc_hmac_sha1_ctrl,
181+ NULL
182+};
183+
184 const EVP_CIPHER cryptodev_aes_128_gcm = {
185 NID_aes_128_gcm,
186 1, 16, 12,
187@@ -1281,6 +1389,21 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
188 case NID_tls11_aes_256_cbc_hmac_sha1:
189 *cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1;
190 break;
191+ case NID_tls12_des_ede3_cbc_hmac_sha1:
192+ *cipher = &cryptodev_tls12_3des_cbc_hmac_sha1;
193+ break;
194+ case NID_tls12_aes_128_cbc_hmac_sha1:
195+ *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha1;
196+ break;
197+ case NID_tls12_aes_256_cbc_hmac_sha1:
198+ *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha1;
199+ break;
200+ case NID_tls12_aes_128_cbc_hmac_sha256:
201+ *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha256;
202+ break;
203+ case NID_tls12_aes_256_cbc_hmac_sha256:
204+ *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha256;
205+ break;
206 default:
207 *cipher = NULL;
208 break;
209diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
210index dc89b0a..dfe19da 100644
211--- a/crypto/objects/obj_dat.h
212+++ b/crypto/objects/obj_dat.h
213@@ -62,9 +62,9 @@
214 * [including the GNU Public Licence.]
215 */
216
217-#define NUM_NID 924
218-#define NUM_SN 917
219-#define NUM_LN 917
220+#define NUM_NID 929
221+#define NUM_SN 922
222+#define NUM_LN 922
223 #define NUM_OBJ 857
224
225 static const unsigned char lvalues[5974]={
226@@ -2407,6 +2407,16 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
227 NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
228 {"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
229 NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
230+{"TLS12-DES-EDE3-CBC-HMAC-SHA1","tls12-des-ede3-cbc-hmac-sha1",
231+ NID_tls12_des_ede3_cbc_hmac_sha1,0,NULL,0},
232+{"TLS12-AES-128-CBC-HMAC-SHA1","tls12-aes-128-cbc-hmac-sha1",
233+ NID_tls12_aes_128_cbc_hmac_sha1,0,NULL,0},
234+{"TLS12-AES-256-CBC-HMAC-SHA1","tls12-aes-256-cbc-hmac-sha1",
235+ NID_tls12_aes_256_cbc_hmac_sha1,0,NULL,0},
236+{"TLS12-AES-128-CBC-HMAC-SHA256","tls12-aes-128-cbc-hmac-sha256",
237+ NID_tls12_aes_128_cbc_hmac_sha256,0,NULL,0},
238+{"TLS12-AES-256-CBC-HMAC-SHA256","tls12-aes-256-cbc-hmac-sha256",
239+ NID_tls12_aes_256_cbc_hmac_sha256,0,NULL,0},
240 };
241
242 static const unsigned int sn_objs[NUM_SN]={
243@@ -2595,6 +2605,11 @@ static const unsigned int sn_objs[NUM_SN]={
244 922, /* "TLS11-AES-128-CBC-HMAC-SHA1" */
245 923, /* "TLS11-AES-256-CBC-HMAC-SHA1" */
246 921, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
247+925, /* "TLS12-AES-128-CBC-HMAC-SHA1" */
248+927, /* "TLS12-AES-128-CBC-HMAC-SHA256" */
249+926, /* "TLS12-AES-256-CBC-HMAC-SHA1" */
250+928, /* "TLS12-AES-256-CBC-HMAC-SHA256" */
251+924, /* "TLS12-DES-EDE3-CBC-HMAC-SHA1" */
252 458, /* "UID" */
253 0, /* "UNDEF" */
254 11, /* "X500" */
255@@ -4217,6 +4232,11 @@ static const unsigned int ln_objs[NUM_LN]={
256 922, /* "tls11-aes-128-cbc-hmac-sha1" */
257 923, /* "tls11-aes-256-cbc-hmac-sha1" */
258 921, /* "tls11-des-ede3-cbc-hmac-sha1" */
259+925, /* "tls12-aes-128-cbc-hmac-sha1" */
260+927, /* "tls12-aes-128-cbc-hmac-sha256" */
261+926, /* "tls12-aes-256-cbc-hmac-sha1" */
262+928, /* "tls12-aes-256-cbc-hmac-sha256" */
263+924, /* "tls12-des-ede3-cbc-hmac-sha1" */
264 682, /* "tpBasis" */
265 436, /* "ucl" */
266 0, /* "undefined" */
267diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
268index f181890..5af125e 100644
269--- a/crypto/objects/obj_mac.h
270+++ b/crypto/objects/obj_mac.h
271@@ -4046,3 +4046,23 @@
272 #define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1"
273 #define NID_tls11_aes_256_cbc_hmac_sha1 923
274
275+#define SN_tls12_des_ede3_cbc_hmac_sha1 "TLS12-DES-EDE3-CBC-HMAC-SHA1"
276+#define LN_tls12_des_ede3_cbc_hmac_sha1 "tls12-des-ede3-cbc-hmac-sha1"
277+#define NID_tls12_des_ede3_cbc_hmac_sha1 924
278+
279+#define SN_tls12_aes_128_cbc_hmac_sha1 "TLS12-AES-128-CBC-HMAC-SHA1"
280+#define LN_tls12_aes_128_cbc_hmac_sha1 "tls12-aes-128-cbc-hmac-sha1"
281+#define NID_tls12_aes_128_cbc_hmac_sha1 925
282+
283+#define SN_tls12_aes_256_cbc_hmac_sha1 "TLS12-AES-256-CBC-HMAC-SHA1"
284+#define LN_tls12_aes_256_cbc_hmac_sha1 "tls12-aes-256-cbc-hmac-sha1"
285+#define NID_tls12_aes_256_cbc_hmac_sha1 926
286+
287+#define SN_tls12_aes_128_cbc_hmac_sha256 "TLS12-AES-128-CBC-HMAC-SHA256"
288+#define LN_tls12_aes_128_cbc_hmac_sha256 "tls12-aes-128-cbc-hmac-sha256"
289+#define NID_tls12_aes_128_cbc_hmac_sha256 927
290+
291+#define SN_tls12_aes_256_cbc_hmac_sha256 "TLS12-AES-256-CBC-HMAC-SHA256"
292+#define LN_tls12_aes_256_cbc_hmac_sha256 "tls12-aes-256-cbc-hmac-sha256"
293+#define NID_tls12_aes_256_cbc_hmac_sha256 928
294+
295diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
296index a02b58c..deeba3a 100644
297--- a/crypto/objects/obj_mac.num
298+++ b/crypto/objects/obj_mac.num
299@@ -921,3 +921,8 @@ des_ede3_cbc_hmac_sha1 920
300 tls11_des_ede3_cbc_hmac_sha1 921
301 tls11_aes_128_cbc_hmac_sha1 922
302 tls11_aes_256_cbc_hmac_sha1 923
303+tls12_des_ede3_cbc_hmac_sha1 924
304+tls12_aes_128_cbc_hmac_sha1 925
305+tls12_aes_256_cbc_hmac_sha1 926
306+tls12_aes_128_cbc_hmac_sha256 927
307+tls12_aes_256_cbc_hmac_sha256 928
308diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
309index 1973658..6e4ac93 100644
310--- a/crypto/objects/objects.txt
311+++ b/crypto/objects/objects.txt
312@@ -1294,3 +1294,8 @@ kisa 1 6 : SEED-OFB : seed-ofb
313 : TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1
314 : TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1
315 : TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1
316+ : TLS12-DES-EDE3-CBC-HMAC-SHA1 : tls12-des-ede3-cbc-hmac-sha1
317+ : TLS12-AES-128-CBC-HMAC-SHA1 : tls12-aes-128-cbc-hmac-sha1
318+ : TLS12-AES-256-CBC-HMAC-SHA1 : tls12-aes-256-cbc-hmac-sha1
319+ : TLS12-AES-128-CBC-HMAC-SHA256 : tls12-aes-128-cbc-hmac-sha256
320+ : TLS12-AES-256-CBC-HMAC-SHA256 : tls12-aes-256-cbc-hmac-sha256
321diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
322index 0408986..77a82f6 100644
323--- a/ssl/ssl_ciph.c
324+++ b/ssl/ssl_ciph.c
325@@ -661,6 +661,31 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
326 c->algorithm_mac == SSL_SHA1 &&
327 (evp=EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
328 *enc = evp, *md = NULL;
329+ else if (s->ssl_version == TLS1_2_VERSION &&
330+ c->algorithm_enc == SSL_3DES &&
331+ c->algorithm_mac == SSL_SHA1 &&
332+ (evp=EVP_get_cipherbyname("TLS12-DES-EDE3-CBC-HMAC-SHA1")))
333+ *enc = evp, *md = NULL;
334+ else if (s->ssl_version == TLS1_2_VERSION &&
335+ c->algorithm_enc == SSL_AES128 &&
336+ c->algorithm_mac == SSL_SHA1 &&
337+ (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA1")))
338+ *enc = evp, *md = NULL;
339+ else if (s->ssl_version == TLS1_2_VERSION &&
340+ c->algorithm_enc == SSL_AES256 &&
341+ c->algorithm_mac == SSL_SHA1 &&
342+ (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA1")))
343+ *enc = evp, *md = NULL;
344+ else if (s->ssl_version == TLS1_2_VERSION &&
345+ c->algorithm_enc == SSL_AES128 &&
346+ c->algorithm_mac == SSL_SHA256 &&
347+ (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA256")))
348+ *enc = evp, *md = NULL;
349+ else if (s->ssl_version == TLS1_2_VERSION &&
350+ c->algorithm_enc == SSL_AES256 &&
351+ c->algorithm_mac == SSL_SHA256 &&
352+ (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA256")))
353+ *enc = evp, *md = NULL;
354 return(1);
355 }
356 else
357--
3582.3.5
359
diff --git a/recipes-connectivity/openssl/openssl-fsl/0021-cryptodev-drop-redundant-function.patch b/recipes-connectivity/openssl/openssl-fsl/0021-cryptodev-drop-redundant-function.patch
new file mode 100644
index 0000000..16cc688
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0021-cryptodev-drop-redundant-function.patch
@@ -0,0 +1,75 @@
1From ea4abc255c6c5feec01cb1e30c6082cfe47860e2 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Thu, 19 Feb 2015 16:11:53 +0200
4Subject: [PATCH 21/26] cryptodev: drop redundant function
5
6get_dev_crypto already caches the result. Another cache in-between is
7useless.
8
9Change-Id: Ibd162529d3fb7a561a17f1a707d5d287c1586a3a
10Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
11Reviewed-on: http://git.am.freescale.net:8181/34216
12---
13 crypto/engine/eng_cryptodev.c | 18 +++---------------
14 1 file changed, 3 insertions(+), 15 deletions(-)
15
16diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
17index fa5fe1b..1ab5551 100644
18--- a/crypto/engine/eng_cryptodev.c
19+++ b/crypto/engine/eng_cryptodev.c
20@@ -96,7 +96,6 @@ struct dev_crypto_state {
21
22 static u_int32_t cryptodev_asymfeat = 0;
23
24-static int get_asym_dev_crypto(void);
25 static int open_dev_crypto(void);
26 static int get_dev_crypto(void);
27 static int get_cryptodev_ciphers(const int **cnids);
28@@ -357,17 +356,6 @@ static void put_dev_crypto(int fd)
29 #endif
30 }
31
32-/* Caching version for asym operations */
33-static int
34-get_asym_dev_crypto(void)
35-{
36- static int fd = -1;
37-
38- if (fd == -1)
39- fd = get_dev_crypto();
40- return fd;
41-}
42-
43 /*
44 * Find out what ciphers /dev/crypto will let us have a session for.
45 * XXX note, that some of these openssl doesn't deal with yet!
46@@ -1796,7 +1784,7 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
47 {
48 int fd, ret = -1;
49
50- if ((fd = get_asym_dev_crypto()) < 0)
51+ if ((fd = get_dev_crypto()) < 0)
52 return (ret);
53
54 if (r) {
55@@ -2374,7 +2362,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
56 int p_len, q_len;
57 int i;
58
59- if ((fd = get_asym_dev_crypto()) < 0)
60+ if ((fd = get_dev_crypto()) < 0)
61 goto sw_try;
62
63 if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
64@@ -3928,7 +3916,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
65 BIGNUM *temp = NULL;
66 unsigned char *padded_pub_key = NULL, *p = NULL;
67
68- if ((fd = get_asym_dev_crypto()) < 0)
69+ if ((fd = get_dev_crypto()) < 0)
70 goto sw_try;
71
72 memset(&kop, 0, sizeof kop);
73--
742.3.5
75
diff --git a/recipes-connectivity/openssl/openssl-fsl/0022-cryptodev-do-not-zero-the-buffer-before-use.patch b/recipes-connectivity/openssl/openssl-fsl/0022-cryptodev-do-not-zero-the-buffer-before-use.patch
new file mode 100644
index 0000000..0b2f0f1
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0022-cryptodev-do-not-zero-the-buffer-before-use.patch
@@ -0,0 +1,48 @@
1From 75e3e7d600eb72e7374b1ecf5ece7b831bc98ed8 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Tue, 17 Feb 2015 13:12:53 +0200
4Subject: [PATCH 22/26] cryptodev: do not zero the buffer before use
5
6- The buffer is just about to be overwritten. Zeroing it before that has
7 no purpose
8
9Change-Id: I478c31bd2e254561474a7edf5e37980ca04217ce
10Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
11Reviewed-on: http://git.am.freescale.net:8181/34217
12---
13 crypto/engine/eng_cryptodev.c | 13 ++++---------
14 1 file changed, 4 insertions(+), 9 deletions(-)
15
16diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
17index 1ab5551..dbc5989 100644
18--- a/crypto/engine/eng_cryptodev.c
19+++ b/crypto/engine/eng_cryptodev.c
20@@ -1681,21 +1681,16 @@ static int
21 bn2crparam(const BIGNUM *a, struct crparam *crp)
22 {
23 ssize_t bytes, bits;
24- u_char *b;
25-
26- crp->crp_p = NULL;
27- crp->crp_nbits = 0;
28
29 bits = BN_num_bits(a);
30 bytes = (bits + 7) / 8;
31
32- b = malloc(bytes);
33- if (b == NULL)
34+ crp->crp_nbits = bits;
35+ crp->crp_p = malloc(bytes);
36+
37+ if (crp->crp_p == NULL)
38 return (1);
39- memset(b, 0, bytes);
40
41- crp->crp_p = (caddr_t) b;
42- crp->crp_nbits = bits;
43 BN_bn2bin(a, crp->crp_p);
44 return (0);
45 }
46--
472.3.5
48
diff --git a/recipes-connectivity/openssl/openssl-fsl/0023-cryptodev-clean-up-code-layout.patch b/recipes-connectivity/openssl/openssl-fsl/0023-cryptodev-clean-up-code-layout.patch
new file mode 100644
index 0000000..5ff1c5c
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0023-cryptodev-clean-up-code-layout.patch
@@ -0,0 +1,72 @@
1From 4453b06b940fc03a0973cfd96f908e46cce61054 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Wed, 18 Feb 2015 10:39:46 +0200
4Subject: [PATCH 23/26] cryptodev: clean-up code layout
5
6This is just a refactoring that uses else branch to check for malloc failures
7
8Change-Id: I6dc157af36d6ec51a4edfc82cf97fae2e7e83628
9Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
10Reviewed-on: http://git.am.freescale.net:8181/34218
11---
12 crypto/engine/eng_cryptodev.c | 42 ++++++++++++++++++++----------------------
13 1 file changed, 20 insertions(+), 22 deletions(-)
14
15diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
16index dbc5989..dceb4f5 100644
17--- a/crypto/engine/eng_cryptodev.c
18+++ b/crypto/engine/eng_cryptodev.c
19@@ -1745,30 +1745,28 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
20 fd = *(int *)cookie->eng_handle;
21
22 eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
23-
24- if (eng_cookie) {
25- memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
26- if (r) {
27- kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
28- if (!kop->crk_param[kop->crk_iparams].crp_p)
29- return -ENOMEM;
30- kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
31- kop->crk_oparams++;
32- eng_cookie->r = r;
33- eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
34- }
35- if (s) {
36- kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
37- if (!kop->crk_param[kop->crk_iparams+1].crp_p)
38- return -ENOMEM;
39- kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
40- kop->crk_oparams++;
41- eng_cookie->s = s;
42- eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
43- }
44- } else
45+ if (!eng_cookie)
46 return -ENOMEM;
47
48+ memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
49+ if (r) {
50+ kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
51+ if (!kop->crk_param[kop->crk_iparams].crp_p)
52+ return -ENOMEM;
53+ kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
54+ kop->crk_oparams++;
55+ eng_cookie->r = r;
56+ eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
57+ }
58+ if (s) {
59+ kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
60+ if (!kop->crk_param[kop->crk_iparams+1].crp_p)
61+ return -ENOMEM;
62+ kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
63+ kop->crk_oparams++;
64+ eng_cookie->s = s;
65+ eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
66+ }
67 eng_cookie->kop = kop;
68 cookie->eng_cookie = eng_cookie;
69 return ioctl(fd, CIOCASYMASYNCRYPT, kop);
70--
712.3.5
72
diff --git a/recipes-connectivity/openssl/openssl-fsl/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch b/recipes-connectivity/openssl/openssl-fsl/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch
new file mode 100644
index 0000000..e798d3e
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch
@@ -0,0 +1,100 @@
1From a44701abd995b3db80001d0c5d88e9ead05972c1 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Thu, 19 Feb 2015 16:43:29 +0200
4Subject: [PATCH 24/26] cryptodev: do not cache file descriptor in 'open'
5
6The file descriptor returned by get_dev_crypto is cached after a
7successful return. The issue is, it is cached inside 'open_dev_crypto'
8which is no longer useful as a general purpose open("/dev/crypto")
9function.
10
11This patch is a refactoring that moves the caching operation from
12open_dev_crypto to get_dev_crypto and leaves the former as a simpler
13function true to its name
14
15Change-Id: I980170969410381973ce75f6679a4a1401738847
16Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
17Reviewed-on: http://git.am.freescale.net:8181/34219
18---
19 crypto/engine/eng_cryptodev.c | 50 +++++++++++++++++++++----------------------
20 1 file changed, 24 insertions(+), 26 deletions(-)
21
22diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
23index dceb4f5..b74fc7c 100644
24--- a/crypto/engine/eng_cryptodev.c
25+++ b/crypto/engine/eng_cryptodev.c
26@@ -306,47 +306,45 @@ static void ctr64_inc(unsigned char *counter) {
27 if (c) return;
28 } while (n);
29 }
30-/*
31- * Return a fd if /dev/crypto seems usable, 0 otherwise.
32- */
33-static int
34-open_dev_crypto(void)
35+
36+static int open_dev_crypto(void)
37 {
38- static int fd = -1;
39+ int fd;
40
41- if (fd == -1) {
42- if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
43- return (-1);
44- /* close on exec */
45- if (fcntl(fd, F_SETFD, 1) == -1) {
46- close(fd);
47- fd = -1;
48- return (-1);
49- }
50+ fd = open("/dev/crypto", O_RDWR, 0);
51+ if ( fd < 0)
52+ return -1;
53+
54+ /* close on exec */
55+ if (fcntl(fd, F_SETFD, 1) == -1) {
56+ close(fd);
57+ return -1;
58 }
59- return (fd);
60+
61+ return fd;
62 }
63
64-static int
65-get_dev_crypto(void)
66+static int get_dev_crypto(void)
67 {
68- int fd, retfd;
69+ static int fd = -1;
70+ int retfd;
71
72- if ((fd = open_dev_crypto()) == -1)
73- return (-1);
74-#ifndef CRIOGET_NOT_NEEDED
75+ if (fd == -1)
76+ fd = open_dev_crypto();
77+#ifdef CRIOGET_NOT_NEEDED
78+ return fd;
79+#else
80+ if (fd == -1)
81+ return -1;
82 if (ioctl(fd, CRIOGET, &retfd) == -1)
83 return (-1);
84-
85 /* close on exec */
86 if (fcntl(retfd, F_SETFD, 1) == -1) {
87 close(retfd);
88 return (-1);
89 }
90-#else
91- retfd = fd;
92+ return retfd;
93 #endif
94- return (retfd);
95 }
96
97 static void put_dev_crypto(int fd)
98--
992.3.5
100
diff --git a/recipes-connectivity/openssl/openssl-fsl/0025-cryptodev-put_dev_crypto-should-be-an-int.patch b/recipes-connectivity/openssl/openssl-fsl/0025-cryptodev-put_dev_crypto-should-be-an-int.patch
new file mode 100644
index 0000000..a48dc6a
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0025-cryptodev-put_dev_crypto-should-be-an-int.patch
@@ -0,0 +1,35 @@
1From 84a8007b6e92fe4c2696cc9e330207ee03303a20 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Thu, 19 Feb 2015 13:09:32 +0200
4Subject: [PATCH 25/26] cryptodev: put_dev_crypto should be an int
5
6Change-Id: Ie0a83bc07a37132286c098b17ef35d98de74b043
7Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
8Reviewed-on: http://git.am.freescale.net:8181/34220
9---
10 crypto/engine/eng_cryptodev.c | 8 +++++---
11 1 file changed, 5 insertions(+), 3 deletions(-)
12
13diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
14index b74fc7c..c9db27d 100644
15--- a/crypto/engine/eng_cryptodev.c
16+++ b/crypto/engine/eng_cryptodev.c
17@@ -347,10 +347,12 @@ static int get_dev_crypto(void)
18 #endif
19 }
20
21-static void put_dev_crypto(int fd)
22+static int put_dev_crypto(int fd)
23 {
24-#ifndef CRIOGET_NOT_NEEDED
25- close(fd);
26+#ifdef CRIOGET_NOT_NEEDED
27+ return 0;
28+#else
29+ return close(fd);
30 #endif
31 }
32
33--
342.3.5
35
diff --git a/recipes-connectivity/openssl/openssl-fsl/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch b/recipes-connectivity/openssl/openssl-fsl/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch
new file mode 100644
index 0000000..6527ac8
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch
@@ -0,0 +1,250 @@
1From 787539e7720c99785f6c664a7484842bba08f6ed Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Thu, 19 Feb 2015 13:39:52 +0200
4Subject: [PATCH 26/26] cryptodev: simplify cryptodev pkc support code
5
6- Engine init returns directly a file descriptor instead of a pointer to one
7- Similarly, the Engine close will now just close the file
8
9Change-Id: Ief736d0776c7009dee002204fb1d4ce9d31c8787
10Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
11Reviewed-on: http://git.am.freescale.net:8181/34221
12---
13 crypto/crypto.h | 2 +-
14 crypto/engine/eng_cryptodev.c | 35 +++-----------------------
15 crypto/engine/eng_int.h | 14 +++--------
16 crypto/engine/eng_lib.c | 57 +++++++++++++++++++++----------------------
17 crypto/engine/engine.h | 13 +++++-----
18 5 files changed, 42 insertions(+), 79 deletions(-)
19
20diff --git a/crypto/crypto.h b/crypto/crypto.h
21index ce12731..292427e 100644
22--- a/crypto/crypto.h
23+++ b/crypto/crypto.h
24@@ -618,7 +618,7 @@ struct pkc_cookie_s {
25 * -EINVAL: Parameters Invalid
26 */
27 void (*pkc_callback)(struct pkc_cookie_s *cookie, int status);
28- void *eng_handle;
29+ int eng_handle;
30 };
31
32 #ifdef __cplusplus
33diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
34index c9db27d..f173bde 100644
35--- a/crypto/engine/eng_cryptodev.c
36+++ b/crypto/engine/eng_cryptodev.c
37@@ -1742,7 +1742,7 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
38 struct pkc_cookie_s *cookie = kop->cookie;
39 struct cryptodev_cookie_s *eng_cookie;
40
41- fd = *(int *)cookie->eng_handle;
42+ fd = cookie->eng_handle;
43
44 eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
45 if (!eng_cookie)
46@@ -1802,38 +1802,11 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
47 return (ret);
48 }
49
50-/* Close an opened instance of cryptodev engine */
51-void cryptodev_close_instance(void *handle)
52-{
53- int fd;
54-
55- if (handle) {
56- fd = *(int *)handle;
57- close(fd);
58- free(handle);
59- }
60-}
61-
62-/* Create an instance of cryptodev for asynchronous interface */
63-void *cryptodev_init_instance(void)
64-{
65- int *fd = malloc(sizeof(int));
66-
67- if (fd) {
68- if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) {
69- free(fd);
70- return NULL;
71- }
72- }
73- return fd;
74-}
75-
76 #include <poll.h>
77
78 /* Return 0 on success and 1 on failure */
79-int cryptodev_check_availability(void *eng_handle)
80+int cryptodev_check_availability(int fd)
81 {
82- int fd = *(int *)eng_handle;
83 struct pkc_cookie_list_s cookie_list;
84 struct pkc_cookie_s *cookie;
85 int i;
86@@ -4540,8 +4513,8 @@ ENGINE_load_cryptodev(void)
87 }
88
89 ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability);
90- ENGINE_set_close_instance(engine, cryptodev_close_instance);
91- ENGINE_set_init_instance(engine, cryptodev_init_instance);
92+ ENGINE_set_close_instance(engine, put_dev_crypto);
93+ ENGINE_set_open_instance(engine, open_dev_crypto);
94 ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC);
95
96 ENGINE_add(engine);
97diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
98index 8fc3077..8fb79c0 100644
99--- a/crypto/engine/eng_int.h
100+++ b/crypto/engine/eng_int.h
101@@ -181,23 +181,15 @@ struct engine_st
102 ENGINE_LOAD_KEY_PTR load_pubkey;
103
104 ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
105- /*
106- * Instantiate Engine handle to be passed in check_pkc_availability
107- * Ensure that Engine is instantiated before any pkc asynchronous call.
108- */
109- void *(*engine_init_instance)(void);
110- /*
111- * Instantiated Engine handle will be closed with this call.
112- * Ensure that no pkc asynchronous call is made after this call
113- */
114- void (*engine_close_instance)(void *handle);
115+ int (*engine_open_instance)(void);
116+ int (*engine_close_instance)(int fd);
117 /*
118 * Check availability will extract the data from kernel.
119 * eng_handle: This is the Engine handle corresponds to which
120 * the cookies needs to be polled.
121 * return 0 if cookie available else 1
122 */
123- int (*check_pkc_availability)(void *eng_handle);
124+ int (*check_pkc_availability)(int fd);
125 /*
126 * The following map is used to check if the engine supports asynchronous implementation
127 * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous
128diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
129index 6fa621c..6c9471b 100644
130--- a/crypto/engine/eng_lib.c
131+++ b/crypto/engine/eng_lib.c
132@@ -99,7 +99,7 @@ void engine_set_all_null(ENGINE *e)
133 e->load_privkey = NULL;
134 e->load_pubkey = NULL;
135 e->check_pkc_availability = NULL;
136- e->engine_init_instance = NULL;
137+ e->engine_open_instance = NULL;
138 e->engine_close_instance = NULL;
139 e->cmd_defns = NULL;
140 e->async_map = 0;
141@@ -237,47 +237,46 @@ int ENGINE_set_id(ENGINE *e, const char *id)
142 return 1;
143 }
144
145-void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void))
146- {
147- e->engine_init_instance = engine_init_instance;
148- }
149+void ENGINE_set_open_instance(ENGINE *e, int (*engine_open_instance)(void))
150+{
151+ e->engine_open_instance = engine_open_instance;
152+}
153
154-void ENGINE_set_close_instance(ENGINE *e,
155- void (*engine_close_instance)(void *))
156- {
157- e->engine_close_instance = engine_close_instance;
158- }
159+void ENGINE_set_close_instance(ENGINE *e, int (*engine_close_instance)(int))
160+{
161+ e->engine_close_instance = engine_close_instance;
162+}
163
164 void ENGINE_set_async_map(ENGINE *e, int async_map)
165 {
166 e->async_map = async_map;
167 }
168
169-void *ENGINE_init_instance(ENGINE *e)
170- {
171- return e->engine_init_instance();
172- }
173-
174-void ENGINE_close_instance(ENGINE *e, void *eng_handle)
175- {
176- e->engine_close_instance(eng_handle);
177- }
178-
179 int ENGINE_get_async_map(ENGINE *e)
180 {
181 return e->async_map;
182 }
183
184-void ENGINE_set_check_pkc_availability(ENGINE *e,
185- int (*check_pkc_availability)(void *eng_handle))
186- {
187- e->check_pkc_availability = check_pkc_availability;
188- }
189+int ENGINE_open_instance(ENGINE *e)
190+{
191+ return e->engine_open_instance();
192+}
193
194-int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle)
195- {
196- return e->check_pkc_availability(eng_handle);
197- }
198+int ENGINE_close_instance(ENGINE *e, int fd)
199+{
200+ return e->engine_close_instance(fd);
201+}
202+
203+void ENGINE_set_check_pkc_availability(ENGINE *e,
204+ int (*check_pkc_availability)(int fd))
205+{
206+ e->check_pkc_availability = check_pkc_availability;
207+}
208+
209+int ENGINE_check_pkc_availability(ENGINE *e, int fd)
210+{
211+ return e->check_pkc_availability(fd);
212+}
213
214 int ENGINE_set_name(ENGINE *e, const char *name)
215 {
216diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
217index ccff86a..3ba3e97 100644
218--- a/crypto/engine/engine.h
219+++ b/crypto/engine/engine.h
220@@ -473,9 +473,6 @@ ENGINE *ENGINE_new(void);
221 int ENGINE_free(ENGINE *e);
222 int ENGINE_up_ref(ENGINE *e);
223 int ENGINE_set_id(ENGINE *e, const char *id);
224-void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void));
225-void ENGINE_set_close_instance(ENGINE *e,
226- void (*engine_free_instance)(void *));
227 /*
228 * Following FLAGS are bitmap store in async_map to set asynchronous interface capability
229 *of the engine
230@@ -492,11 +489,13 @@ void ENGINE_set_async_map(ENGINE *e, int async_map);
231 * to confirm asynchronous methods supported
232 */
233 int ENGINE_get_async_map(ENGINE *e);
234-void *ENGINE_init_instance(ENGINE *e);
235-void ENGINE_close_instance(ENGINE *e, void *eng_handle);
236+int ENGINE_open_instance(ENGINE *e);
237+int ENGINE_close_instance(ENGINE *e, int fd);
238+void ENGINE_set_init_instance(ENGINE *e, int(*engine_init_instance)(void));
239+void ENGINE_set_close_instance(ENGINE *e, int(*engine_close_instance)(int));
240 void ENGINE_set_check_pkc_availability(ENGINE *e,
241- int (*check_pkc_availability)(void *eng_handle));
242-int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle);
243+ int (*check_pkc_availability)(int fd));
244+int ENGINE_check_pkc_availability(ENGINE *e, int fd);
245 int ENGINE_set_name(ENGINE *e, const char *name);
246 int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
247 int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
248--
2492.3.5
250
diff --git a/recipes-connectivity/openssl/openssl_1.0.1i.bbappend b/recipes-connectivity/openssl/openssl_1.0.1i.bbappend
index 2fa098f..7b381ff 100644
--- a/recipes-connectivity/openssl/openssl_1.0.1i.bbappend
+++ b/recipes-connectivity/openssl/openssl_1.0.1i.bbappend
@@ -19,7 +19,17 @@ SRC_URI_append_class-target = " file://0001-remove-double-initialization-of-cryp
19 file://0015-SW-Backoff-mechanism-for-dsa-keygen.patch \ 19 file://0015-SW-Backoff-mechanism-for-dsa-keygen.patch \
20 file://0016-Fixed-DH-keygen-pair-generator.patch \ 20 file://0016-Fixed-DH-keygen-pair-generator.patch \
21 file://0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch \ 21 file://0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch \
22 file://0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch \
23 file://0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch \
24 file://0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch \
25 file://0021-cryptodev-drop-redundant-function.patch \
26 file://0022-cryptodev-do-not-zero-the-buffer-before-use.patch \
27 file://0023-cryptodev-clean-up-code-layout.patch \
28 file://0024-cryptodev-do-not-cache-file-descriptor-in-open.patch \
29 file://0025-cryptodev-put_dev_crypto-should-be-an-int.patch \
30 file://0026-cryptodev-simplify-cryptodev-pkc-support-code.patch \
22" 31"
32
23# Digest offloading through cryptodev is not recommended because of the 33# Digest offloading through cryptodev is not recommended because of the
24# performance penalty of the Openssl engine interface. Openssl generates a huge 34# performance penalty of the Openssl engine interface. Openssl generates a huge
25# number of calls to digest functions for even a small amount of work data. 35# number of calls to digest functions for even a small amount of work data.