update openssl
This commit is contained in:
parent
cb57728d8f
commit
f49c068fb3
|
|
@ -1,7 +1,6 @@
|
|||
From d6c1bf7031cbd96c1d0dec589f318ad942107d23 Mon Sep 17 00:00:00 2001
|
||||
From: Pankaj Gupta <pankaj.gupta@nxp.com>
|
||||
Date: Tue, 18 Jan 2022 17:37:37 +0530
|
||||
Subject: [PATCH 1/2] e_devcrypto: add func ptr for init, do, ctrl
|
||||
Subject: [PATCH] e_devcrypto: add func ptr for init, do, ctrl
|
||||
|
||||
In engine "devcrypto", as part prepare_cipher_methods()
|
||||
- Added function pointer for init, do, ctrl and
|
||||
|
|
@ -12,18 +11,17 @@ In engine "devcrypto", as part prepare_cipher_methods()
|
|||
Upstream-Status: Pending [i.MX, Layerscape specific]
|
||||
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
|
||||
---
|
||||
engines/e_devcrypto.c | 34 ++++++++++++++++++++++++----------
|
||||
1 file changed, 24 insertions(+), 10 deletions(-)
|
||||
engines/e_devcrypto.c | 31 ++++++++++++++++++++++++-------
|
||||
1 file changed, 24 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c
|
||||
index fa01317db5..eb56baec19 100644
|
||||
index f66c7f1c1cf4..a46196b9f4aa 100644
|
||||
--- a/engines/e_devcrypto.c
|
||||
+++ b/engines/e_devcrypto.c
|
||||
@@ -408,7 +408,11 @@ static int known_cipher_nids_amount = -1; /* -1 indicates not yet initialised */
|
||||
static EVP_CIPHER *known_cipher_methods[OSSL_NELEM(cipher_data)] = { NULL, };
|
||||
@@ -403,6 +403,11 @@ static EVP_CIPHER *known_cipher_methods[OSSL_NELEM(cipher_data)] = {
|
||||
};
|
||||
static int selected_ciphers[OSSL_NELEM(cipher_data)];
|
||||
static struct driver_info_st cipher_driver_info[OSSL_NELEM(cipher_data)];
|
||||
-
|
||||
+int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
||||
+ const unsigned char *iv, int enc);
|
||||
+int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
|
|
@ -32,7 +30,7 @@ index fa01317db5..eb56baec19 100644
|
|||
|
||||
static int devcrypto_test_cipher(size_t cipher_data_index)
|
||||
{
|
||||
@@ -427,6 +431,7 @@ static void prepare_cipher_methods(void)
|
||||
@@ -421,6 +426,7 @@ static void prepare_cipher_methods(void)
|
||||
size_t i;
|
||||
session_op_t sess;
|
||||
unsigned long cipher_mode;
|
||||
|
|
@ -40,7 +38,7 @@ index fa01317db5..eb56baec19 100644
|
|||
#ifdef CIOCGSESSION2
|
||||
struct crypt_find_op fop;
|
||||
enum devcrypto_accelerated_t accelerated;
|
||||
@@ -438,16 +443,26 @@ static void prepare_cipher_methods(void)
|
||||
@@ -432,16 +438,26 @@ static void prepare_cipher_methods(void)
|
||||
|
||||
memset(&sess, 0, sizeof(sess));
|
||||
sess.key = (void *)"01234567890123456789012345678901234567890123456789";
|
||||
|
|
@ -67,7 +65,7 @@ index fa01317db5..eb56baec19 100644
|
|||
#ifdef CIOCGSESSION2
|
||||
/*
|
||||
* When using CIOCGSESSION2, first try to allocate a hardware
|
||||
@@ -474,6 +489,10 @@ static void prepare_cipher_methods(void)
|
||||
@@ -468,6 +484,10 @@ static void prepare_cipher_methods(void)
|
||||
|
||||
cipher_mode = cipher_data[i].flags & EVP_CIPH_MODE;
|
||||
|
||||
|
|
@ -75,10 +73,10 @@ index fa01317db5..eb56baec19 100644
|
|||
+ ctr_do_cipher :
|
||||
+ cipher_do_cipher);
|
||||
+
|
||||
if ((known_cipher_methods[i] =
|
||||
EVP_CIPHER_meth_new(cipher_data[i].nid,
|
||||
cipher_mode == EVP_CIPH_CTR_MODE ? 1 :
|
||||
@@ -482,16 +501,11 @@ static void prepare_cipher_methods(void)
|
||||
if ((known_cipher_methods[i] = EVP_CIPHER_meth_new(cipher_data[i].nid,
|
||||
cipher_mode == EVP_CIPH_CTR_MODE ? 1 : cipher_data[i].blocksize,
|
||||
cipher_data[i].keylen))
|
||||
@@ -475,14 +495,11 @@ static void prepare_cipher_methods(void)
|
||||
|| !EVP_CIPHER_meth_set_iv_length(known_cipher_methods[i],
|
||||
cipher_data[i].ivlen)
|
||||
|| !EVP_CIPHER_meth_set_flags(known_cipher_methods[i],
|
||||
|
|
@ -90,15 +88,10 @@ index fa01317db5..eb56baec19 100644
|
|||
+ flags)
|
||||
+ || !EVP_CIPHER_meth_set_init(known_cipher_methods[i], init)
|
||||
|| !EVP_CIPHER_meth_set_do_cipher(known_cipher_methods[i],
|
||||
- cipher_mode == EVP_CIPH_CTR_MODE ?
|
||||
- ctr_do_cipher :
|
||||
- cipher_do_cipher)
|
||||
- cipher_mode == EVP_CIPH_CTR_MODE ? ctr_do_cipher : cipher_do_cipher)
|
||||
- || !EVP_CIPHER_meth_set_ctrl(known_cipher_methods[i], cipher_ctrl)
|
||||
+ do_cipher)
|
||||
+ || !EVP_CIPHER_meth_set_ctrl(known_cipher_methods[i], ctrl)
|
||||
|| !EVP_CIPHER_meth_set_cleanup(known_cipher_methods[i],
|
||||
cipher_cleanup)
|
||||
|| !EVP_CIPHER_meth_set_impl_ctx_size(known_cipher_methods[i],
|
||||
--
|
||||
2.17.1
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
From f674b2f81a18af2146291eda1bbf60d6f71b2935 Mon Sep 17 00:00:00 2001
|
||||
From: Pankaj Gupta <pankaj.gupta@nxp.com>
|
||||
Date: Tue, 18 Jan 2022 17:38:11 +0530
|
||||
Subject: [PATCH] e_devcrypto: add support for TLS1.2 algorithms offload
|
||||
|
|
@ -17,13 +16,12 @@ Fix: Remove the support for TLS1.0.
|
|||
|
||||
Upstream-Status: Pending [i.MX, Layerscape specific]
|
||||
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
|
||||
|
||||
---
|
||||
engines/e_devcrypto.c | 273 ++++++++++++++++++++++++++++++++++++++----
|
||||
1 file changed, 249 insertions(+), 24 deletions(-)
|
||||
|
||||
diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c
|
||||
index 02f3abc..8529bac 100644
|
||||
index a46196b9f4aa..1d21dffabfbf 100644
|
||||
--- a/engines/e_devcrypto.c
|
||||
+++ b/engines/e_devcrypto.c
|
||||
@@ -28,6 +28,7 @@
|
||||
|
|
@ -33,8 +31,8 @@ index 02f3abc..8529bac 100644
|
|||
+#define TLS1_1_VERSION 0x0302
|
||||
|
||||
#if CRYPTO_ALGORITHM_MIN < CRYPTO_ALGORITHM_MAX
|
||||
# define CHECK_BSD_STYLE_MACROS
|
||||
@@ -107,10 +108,14 @@ struct cipher_ctx {
|
||||
#define CHECK_BSD_STYLE_MACROS
|
||||
@@ -108,10 +109,14 @@ struct cipher_ctx {
|
||||
session_op_t sess;
|
||||
int op; /* COP_ENCRYPT or COP_DECRYPT */
|
||||
unsigned long mode; /* EVP_CIPH_*_MODE */
|
||||
|
|
@ -49,7 +47,7 @@ index 02f3abc..8529bac 100644
|
|||
};
|
||||
|
||||
static const struct cipher_data_st {
|
||||
@@ -120,49 +125,66 @@ static const struct cipher_data_st {
|
||||
@@ -121,49 +126,66 @@ static const struct cipher_data_st {
|
||||
int ivlen;
|
||||
int flags;
|
||||
int devcryptoid;
|
||||
|
|
@ -138,7 +136,7 @@ index 02f3abc..8529bac 100644
|
|||
#endif
|
||||
};
|
||||
|
||||
@@ -197,6 +219,193 @@ static const struct cipher_data_st *get_cipher_data(int nid)
|
||||
@@ -198,6 +220,193 @@ static const struct cipher_data_st *get_cipher_data(int nid)
|
||||
return &cipher_data[get_cipher_data_index(nid)];
|
||||
}
|
||||
|
||||
|
|
@ -332,7 +330,7 @@ index 02f3abc..8529bac 100644
|
|||
/*
|
||||
* Following are the three necessary functions to map OpenSSL functionality
|
||||
* with cryptodev.
|
||||
@@ -463,6 +672,7 @@ static void prepare_cipher_methods(void)
|
||||
@@ -457,6 +666,7 @@ static void prepare_cipher_methods(void)
|
||||
*/
|
||||
sess.cipher = cipher_data[i].devcryptoid;
|
||||
sess.keylen = cipher_data[i].keylen;
|
||||
|
|
@ -340,7 +338,7 @@ index 02f3abc..8529bac 100644
|
|||
|
||||
#ifdef CIOCGSESSION2
|
||||
/*
|
||||
@@ -494,6 +704,15 @@ static void prepare_cipher_methods(void)
|
||||
@@ -488,6 +698,15 @@ static void prepare_cipher_methods(void)
|
||||
ctr_do_cipher :
|
||||
cipher_do_cipher);
|
||||
|
||||
|
|
@ -353,10 +351,10 @@ index 02f3abc..8529bac 100644
|
|||
+ ctrl = cryptodev_cbc_hmac_sha1_ctrl;
|
||||
+ flags = cipher_data[i].flags;
|
||||
+ }
|
||||
if ((known_cipher_methods[i] =
|
||||
EVP_CIPHER_meth_new(cipher_data[i].nid,
|
||||
cipher_mode == EVP_CIPH_CTR_MODE ? 1 :
|
||||
@@ -538,11 +757,17 @@ static void prepare_cipher_methods(void)
|
||||
if ((known_cipher_methods[i] = EVP_CIPHER_meth_new(cipher_data[i].nid,
|
||||
cipher_mode == EVP_CIPH_CTR_MODE ? 1 : cipher_data[i].blocksize,
|
||||
cipher_data[i].keylen))
|
||||
@@ -529,10 +748,16 @@ static void prepare_cipher_methods(void)
|
||||
}
|
||||
#endif /* CIOCGSESSINFO */
|
||||
}
|
||||
|
|
@ -370,8 +368,7 @@ index 02f3abc..8529bac 100644
|
|||
ioctl(cfd, CIOCFSESSION, &sess.ses);
|
||||
- if (devcrypto_test_cipher(i)) {
|
||||
+ if (devcrypto_test_cipher(i))
|
||||
known_cipher_nids[known_cipher_nids_amount++] =
|
||||
cipher_data[i].nid;
|
||||
known_cipher_nids[known_cipher_nids_amount++] = cipher_data[i].nid;
|
||||
- }
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,20 +1,18 @@
|
|||
From 27e4bd35a42287248bd5253836c265dd555b1ee2 Mon Sep 17 00:00:00 2001
|
||||
From: Ilie Halip <ilie.halip@nxp.com>
|
||||
Date: Wed, 10 Sep 2025 08:46:50 +0200
|
||||
Subject: [PATCH] [PATCH] Set "algorithm-id" before generating the EC key.
|
||||
Date: Wed, 12 Mar 2025 20:57:10 +0200
|
||||
Subject: [PATCH] Set "algorithm-id" before generating the EC key.
|
||||
|
||||
Upstream-Status: Pending
|
||||
|
||||
Signed-off-by: Ilie Halip <ilie.halip@nxp.com>
|
||||
---
|
||||
ssl/s3_lib.c | 30 ++++++++++++++++++++++++++++++
|
||||
1 file changed, 30 insertions(+)
|
||||
|
||||
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
|
||||
index d6ed169f39..68938bb8fb 100644
|
||||
index 0e1445b38fb7..62f7409cb2aa 100644
|
||||
--- a/ssl/s3_lib.c
|
||||
+++ b/ssl/s3_lib.c
|
||||
@@ -4742,6 +4742,30 @@ int ssl_generate_master_secret(SSL_CONNECTION *s, unsigned char *pms,
|
||||
@@ -5274,6 +5274,30 @@ err:
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
|
@ -45,7 +43,7 @@ index d6ed169f39..68938bb8fb 100644
|
|||
/* Generate a private key from parameters */
|
||||
EVP_PKEY *ssl_generate_pkey(SSL_CONNECTION *s, EVP_PKEY *pm)
|
||||
{
|
||||
@@ -4756,6 +4780,9 @@ EVP_PKEY *ssl_generate_pkey(SSL_CONNECTION *s, EVP_PKEY *pm)
|
||||
@@ -5288,6 +5312,9 @@ EVP_PKEY *ssl_generate_pkey(SSL_CONNECTION *s, EVP_PKEY *pm)
|
||||
goto err;
|
||||
if (EVP_PKEY_keygen_init(pctx) <= 0)
|
||||
goto err;
|
||||
|
|
@ -55,7 +53,7 @@ index d6ed169f39..68938bb8fb 100644
|
|||
if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
|
||||
EVP_PKEY_free(pkey);
|
||||
pkey = NULL;
|
||||
@@ -4794,6 +4821,9 @@ EVP_PKEY *ssl_generate_pkey_group(SSL_CONNECTION *s, uint16_t id)
|
||||
@@ -5326,6 +5353,9 @@ EVP_PKEY *ssl_generate_pkey_group(SSL_CONNECTION *s, uint16_t id)
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
|
@ -65,6 +63,3 @@ index d6ed169f39..68938bb8fb 100644
|
|||
if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
|
||||
EVP_PKEY_free(pkey);
|
||||
--
|
||||
2.43.0
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
From 24254454e5f5fc503b5e4cc1fa8c6d9b1a3ae9ba Mon Sep 17 00:00:00 2001
|
||||
From: Gaurav Jain <gaurav.jain@nxp.com>
|
||||
Date: Wed, 19 Jan 2022 15:45:29 +0530
|
||||
Subject: [PATCH] openssl 3.0: add Kernel TLS configuration
|
||||
|
|
@ -10,7 +9,7 @@ Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
|
|||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
|
||||
index 03330e0120..ec18df388e 100644
|
||||
index abace0ea7f1c..f4d5ec19de27 100644
|
||||
--- a/apps/openssl.cnf
|
||||
+++ b/apps/openssl.cnf
|
||||
@@ -30,6 +30,15 @@ oid_section = new_oids
|
||||
|
|
@ -29,6 +28,3 @@ index 03330e0120..ec18df388e 100644
|
|||
[ new_oids ]
|
||||
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
|
||||
# Add a simple OID like this:
|
||||
--
|
||||
2.25.1
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright (C) 2022,2026 Digi International Inc.
|
||||
# Copyright (C) 2022-2026 Digi International Inc.
|
||||
|
||||
FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
|
||||
|
||||
|
|
@ -6,7 +6,7 @@ SRC_URI += "file://openssl-3.0-add-Kernel-TLS-configuration.patch \
|
|||
file://0001-e_devcrypto-add-func-ptr-for-init-do-ctrl.patch \
|
||||
file://0002-e_devcrypto-add-support-for-TLS1.2-algorithms-offloa.patch \
|
||||
file://0003-Set-algorithm-id-before-generating-the-EC-key.patch \
|
||||
file://0004-Amend-the-design-of-AlgorithmIdentifier-parameter-pa.patch"
|
||||
"
|
||||
|
||||
PACKAGECONFIG:append:imx-nxp-bsp = " cryptodev-linux"
|
||||
|
||||
Loading…
Reference in New Issue