1 files changed, 76 insertions, 0 deletions
diff --git a/recipes-kernel/cryptodev/sdk_patches/0011-add-support-for-TLSv1.1-record-offload.patch b/recipes-kernel/cryptodev/sdk_patches/0011-add-support-for-TLSv1.1-record-offload.patch
new file mode 100644
index 0000000..34d6ade
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0011-add-support-for-TLSv1.1-record-offload.patch
@@ -0,0 +1,76 @@
+From 73c20be9ae1ed57d8c428c86471f42d953e79fba Mon Sep 17 00:00:00 2001
+From: Tudor Ambarus <tudor.ambarus@freescale.com>
+Date: Tue, 31 Mar 2015 16:15:47 +0300
+Subject: [PATCH 11/38] add support for TLSv1.1 record offload
+This adds support for composite algorithm offload in a single crypto
+(cipher + hmac) operation.
+Supported cipher suites:
+- 3des-ede-cbc-sha
+- aes-128-cbc-hmac-sha
+- aes-256-cbc-hmac-sha
+It requires either software or hardware TLS support in the Linux kernel
+and can be used with Freescale B*, P* and T* platforms that have support
+for hardware TLS acceleration.
+Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
+Change-Id: Ia5f3fa7ec090d5643d71b0f608c68a274ec6b51f
+Reviewed-on: http://git.am.freescale.net:8181/33998
+Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/cryptodev.h |  4 +++-
+ ioctl.c            | 14 ++++++++++++--
+ 2 files changed, 15 insertions(+), 3 deletions(-)
+diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
+index 07f40b2..61e8599 100644
+--- a/crypto/cryptodev.h
+++ b/crypto/cryptodev.h
+@@ -54,8 +54,10 @@ enum cryptodev_crypto_op_t {
+        CRYPTO_SHA2_384,
+        CRYPTO_SHA2_512,
+        CRYPTO_SHA2_224_HMAC,
+-       CRYPTO_TLS10_AES_CBC_HMAC_SHA1,
+        CRYPTO_TLS10_3DES_CBC_HMAC_SHA1,
+       CRYPTO_TLS10_AES_CBC_HMAC_SHA1,
+       CRYPTO_TLS11_3DES_CBC_HMAC_SHA1,
+       CRYPTO_TLS11_AES_CBC_HMAC_SHA1,
+        CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
+ };
+ 
+diff --git a/ioctl.c b/ioctl.c
+index 574e913..ba82387 100644
+--- a/ioctl.c
+++ b/ioctl.c
+@@ -186,13 +186,23 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
+                stream = 1;
+                aead = 1;
+                break;
+       case CRYPTO_TLS10_3DES_CBC_HMAC_SHA1:
+               alg_name = "tls10(hmac(sha1),cbc(des3_ede))";
+               stream = 0;
+               aead = 1;
+               break;
+        case CRYPTO_TLS10_AES_CBC_HMAC_SHA1:
+                alg_name = "tls10(hmac(sha1),cbc(aes))";
+                stream = 0;
+                aead = 1;
+                break;
+-       case CRYPTO_TLS10_3DES_CBC_HMAC_SHA1:
+-               alg_name = "tls10(hmac(sha1),cbc(des3_ede))";
+       case CRYPTO_TLS11_3DES_CBC_HMAC_SHA1:
+               alg_name = "tls11(hmac(sha1),cbc(des3_ede))";
+               stream = 0;
+               aead = 1;
+               break;
+       case CRYPTO_TLS11_AES_CBC_HMAC_SHA1:
+               alg_name = "tls11(hmac(sha1),cbc(aes))";
+                stream = 0;
+                aead = 1;
+                break;
+-- 
+2.7.0

diff --git a/recipes-kernel/cryptodev/sdk_patches/0011-add-support-for-TLSv1.1-record-offload.patch b/recipes-kernel/cryptodev/sdk_patches/0011-add-support-for-TLSv1.1-record-offload.patch new file mode 100644 index 0000000..34d6ade --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0011-add-support-for-TLSv1.1-record-offload.patch
@@ -0,0 +1,76 @@
	1	From 73c20be9ae1ed57d8c428c86471f42d953e79fba Mon Sep 17 00:00:00 2001
	2	From: Tudor Ambarus <tudor.ambarus@freescale.com>
	3	Date: Tue, 31 Mar 2015 16:15:47 +0300
	4	Subject: [PATCH 11/38] add support for TLSv1.1 record offload
	5
	6	This adds support for composite algorithm offload in a single crypto
	7	(cipher + hmac) operation.
	8
	9	Supported cipher suites:
	10	- 3des-ede-cbc-sha
	11	- aes-128-cbc-hmac-sha
	12	- aes-256-cbc-hmac-sha
	13
	14	It requires either software or hardware TLS support in the Linux kernel
	15	and can be used with Freescale B, P and T* platforms that have support
	16	for hardware TLS acceleration.
	17
	18	Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
	19	Change-Id: Ia5f3fa7ec090d5643d71b0f608c68a274ec6b51f
	20	Reviewed-on: http://git.am.freescale.net:8181/33998
	21	Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com>
	22	Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
	23	---
	24	crypto/cryptodev.h \| 4 +++-
	25	ioctl.c \| 14 ++++++++++++--
	26	2 files changed, 15 insertions(+), 3 deletions(-)
	27
	28	diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
	29	index 07f40b2..61e8599 100644
	30	--- a/crypto/cryptodev.h
	31	+++ b/crypto/cryptodev.h
	32	@@ -54,8 +54,10 @@ enum cryptodev_crypto_op_t {
	33	CRYPTO_SHA2_384,
	34	CRYPTO_SHA2_512,
	35	CRYPTO_SHA2_224_HMAC,
	36	- CRYPTO_TLS10_AES_CBC_HMAC_SHA1,
	37	CRYPTO_TLS10_3DES_CBC_HMAC_SHA1,
	38	+ CRYPTO_TLS10_AES_CBC_HMAC_SHA1,
	39	+ CRYPTO_TLS11_3DES_CBC_HMAC_SHA1,
	40	+ CRYPTO_TLS11_AES_CBC_HMAC_SHA1,
	41	CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
	42	};
	43
	44	diff --git a/ioctl.c b/ioctl.c
	45	index 574e913..ba82387 100644
	46	--- a/ioctl.c
	47	+++ b/ioctl.c
	48	@@ -186,13 +186,23 @@ crypto_create_session(struct fcrypt fcr, struct session_op sop)
	49	stream = 1;
	50	aead = 1;
	51	break;
	52	+ case CRYPTO_TLS10_3DES_CBC_HMAC_SHA1:
	53	+ alg_name = "tls10(hmac(sha1),cbc(des3_ede))";
	54	+ stream = 0;
	55	+ aead = 1;
	56	+ break;
	57	case CRYPTO_TLS10_AES_CBC_HMAC_SHA1:
	58	alg_name = "tls10(hmac(sha1),cbc(aes))";
	59	stream = 0;
	60	aead = 1;
	61	break;
	62	- case CRYPTO_TLS10_3DES_CBC_HMAC_SHA1:
	63	- alg_name = "tls10(hmac(sha1),cbc(des3_ede))";
	64	+ case CRYPTO_TLS11_3DES_CBC_HMAC_SHA1:
	65	+ alg_name = "tls11(hmac(sha1),cbc(des3_ede))";
	66	+ stream = 0;
	67	+ aead = 1;
	68	+ break;
	69	+ case CRYPTO_TLS11_AES_CBC_HMAC_SHA1:
	70	+ alg_name = "tls11(hmac(sha1),cbc(aes))";
	71	stream = 0;
	72	aead = 1;
	73	break;
	74	--
	75	2.7.0
	76