[PATCH 1/4] cryptodev: update recipes

[Chunrong Guo <B40290@freescale.com>]

From: Chunrong Guo <chunrong.guo@nxp.com>

*Update URL to fetch qoriq-open-source github

*Update to f365c69d785
This includes the following changes:
f365c69 - add support for composite TLS10(SHA1,AES) algorithm offload
ec25290 - check session flags early to avoid incorrect failure modes
6213ae5 - add support for RSA public and private key operations
3245b0f - move structure definition to cryptodev_int.h
00a6861 - remove unnecessary header inclusion
1d7c848 - fix type of returned value
a705360 - convert to new AEAD interface in kernels v4.2+
c2bf0e4 - refactoring: relocate code to simplify later patches
20dcf07 - refactoring: split big function to simplify maintainance
87d959d - Release version 1.9
6818263 - Fix ablkcipher algorithms usage in v4.8+ kernels
26e167f - zc: Use the power of #elif
2b29be8 - adjust to API changes in kernel >=4.10
2dbbb23 - do more strict code checking to avoid maintenance issues
88223e4 - avoid implicit conversion between signed and unsigned char
8db6905 - use buf_align macro to reduce code duplication
b6d0e0f - rename header file to clarify purpose
1fd6062 - fix warnings of "implicit declaration of function" in async_speed
ff3c8ab - remove not used local variables
25a1276 - fix incorrect return code in case of error from openssl_cioccrypt
e7ef4ea - Merge pull request #17 from michaelweiser/gup_flags
99c6d21 - fix ignored SIGALRM signals on some platforms
71975fa - setting KERNEL_DIR is not necessary to build tests
a96ff97 - fix issues with install target

*Cryptodev-linux git includes all sdk patches so remove sdk patches folder

Signed-off-by: Chunrong Guo <chunrong.guo@nxp.com>
---
 recipes-kernel/cryptodev/cryptodev-qoriq_1.9.inc   |  22 +-
 ...-split-big-function-to-simplify-maintaina.patch | 244 ------------
 ...g-relocate-code-to-simplify-later-patches.patch |  58 ---
 ...ert-to-new-AEAD-interface-in-kernels-v4.2.patch |  96 -----
 .../0004-fix-type-of-returned-value.patch          |  29 --
 .../0005-remove-unnecessary-header-inclusion.patch |  26 --
 ...e-structure-definition-to-cryptodev_int.h.patch |  51 ---
 ...-for-RSA-public-and-private-key-operation.patch | 440 ---------------------
 ...on-flags-early-to-avoid-incorrect-failure.patch |  54 ---
 ...-for-composite-TLS10-SHA1-AES-algorithm-o.patch |  50 ---
 10 files changed, 3 insertions(+), 1067 deletions(-)
 delete mode 100644 recipes-kernel/cryptodev/sdk_patches/0001-refactoring-split-big-function-to-simplify-maintaina.patch
 delete mode 100644 recipes-kernel/cryptodev/sdk_patches/0002-refactoring-relocate-code-to-simplify-later-patches.patch
 delete mode 100644 recipes-kernel/cryptodev/sdk_patches/0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch
 delete mode 100644 recipes-kernel/cryptodev/sdk_patches/0004-fix-type-of-returned-value.patch
 delete mode 100644 recipes-kernel/cryptodev/sdk_patches/0005-remove-unnecessary-header-inclusion.patch
 delete mode 100644 recipes-kernel/cryptodev/sdk_patches/0006-move-structure-definition-to-cryptodev_int.h.patch
 delete mode 100644 recipes-kernel/cryptodev/sdk_patches/0007-add-support-for-RSA-public-and-private-key-operation.patch
 delete mode 100644 recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch
 delete mode 100644 recipes-kernel/cryptodev/sdk_patches/0009-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch

diff --git a/recipes-kernel/cryptodev/cryptodev-qoriq_1.9.inc b/recipes-kernel/cryptodev/cryptodev-qoriq_1.9.inc
index 24cc87c..3e6fcf7 100644
--- a/recipes-kernel/cryptodev/cryptodev-qoriq_1.9.inc
+++ b/recipes-kernel/cryptodev/cryptodev-qoriq_1.9.inc
@@ -12,31 +12,15 @@ python() {
             d.appendVar("RREPLACES_%s" % p, p.replace('cryptodev-qoriq', 'cryptodev'))
 }
 
-FILESEXTRAPATHS_prepend := "${THISDIR}/sdk_patches:"
 FILESEXTRAPATHS_prepend := "${THISDIR}/yocto_patches:"
 
-SRC_URI = "http://nwl.cc/pub/cryptodev-linux/cryptodev-linux-${PV}.tar.gz"
-
-SRC_URI[md5sum] = "cb4e0ed9e5937716c7c8a7be84895b6d"
-SRC_URI[sha256sum] = "9f4c0b49b30e267d776f79455d09c70cc9c12c86eee400a0d0a0cd1d8e467950"
-
-# SDK patches
-SRC_URI_append = " file://0001-refactoring-split-big-function-to-simplify-maintaina.patch \
- file://0002-refactoring-relocate-code-to-simplify-later-patches.patch  \
- file://0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch \
- file://0004-fix-type-of-returned-value.patch \
- file://0005-remove-unnecessary-header-inclusion.patch \
- file://0006-move-structure-definition-to-cryptodev_int.h.patch \
- file://0007-add-support-for-RSA-public-and-private-key-operation.patch \
- file://0008-check-session-flags-early-to-avoid-incorrect-failure.patch \
- file://0009-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch \
-"
-#SRC_URI_append = " file://0003-update-the-install-path-for-cryptodev-tests.patch"
+SRC_URI = "git://github.com/qoriq-open-source/cryptodev-linux.git;nobranch=1"
+SRCREV = "f365c69d7852d6579952825c9f90a27129f92d22"
 
 # NOTE: remove this patch and all traces of DISTRO_FEATURE c29x_pkc
 # if pkc-host does not need customized cryptodev patches anymore
 #SRC_URI_append = "${@bb.utils.contains('DISTRO_FEATURES', 'c29x_pkc', ' file://0001-don-t-advertise-RSA-keygen.patch', '', d)}"
 
-S = "${WORKDIR}/cryptodev-linux-${PV}"
+S = "${WORKDIR}/git"
 
 CLEANBROKEN = "1"
diff --git a/recipes-kernel/cryptodev/sdk_patches/0001-refactoring-split-big-function-to-simplify-maintaina.patch b/recipes-kernel/cryptodev/sdk_patches/0001-refactoring-split-big-function-to-simplify-maintaina.patch
deleted file mode 100644
index 57ac8e1..0000000
--- a/recipes-kernel/cryptodev/sdk_patches/0001-refactoring-split-big-function-to-simplify-maintaina.patch
+++ /dev/null
@@ -1,244 +0,0 @@
-From 20dcf071bc3076ee7db9d603cfbe6a06e86c7d5f Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Thu, 4 May 2017 15:06:20 +0300
-Subject: [PATCH 1/9] refactoring: split big function to simplify maintainance
-
-The setup of auth_buf in tls and aead is now duplicated but this
-is temporary and allows necessary corrections for the aead case
-with v4.2+ kernels.
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- authenc.c | 197 ++++++++++++++++++++++++++++++++++++++++----------------------
- 1 file changed, 126 insertions(+), 71 deletions(-)
-
-diff --git a/authenc.c b/authenc.c
-index 1bd7377..28eb0f9 100644
---- a/authenc.c
-+++ b/authenc.c
-@@ -609,96 +609,151 @@ auth_n_crypt(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop,
- 	return 0;
- }
- 
--/* This is the main crypto function - zero-copy edition */
--static int
--__crypto_auth_run_zc(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
-+static int crypto_auth_zc_srtp(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
- {
--	struct scatterlist *dst_sg, *auth_sg, *src_sg;
-+	struct scatterlist *dst_sg, *auth_sg;
- 	struct crypt_auth_op *caop = &kcaop->caop;
--	int ret = 0;
-+	int ret;
- 
--	if (caop->flags & COP_FLAG_AEAD_SRTP_TYPE) {
--		if (unlikely(ses_ptr->cdata.init != 0 &&
--		             (ses_ptr->cdata.stream == 0 ||
--			      ses_ptr->cdata.aead != 0))) {
--			derr(0, "Only stream modes are allowed in SRTP mode (but not AEAD)");
--			return -EINVAL;
--		}
-+	if (unlikely(ses_ptr->cdata.init != 0 &&
-+		(ses_ptr->cdata.stream == 0 || ses_ptr->cdata.aead != 0))) {
-+		derr(0, "Only stream modes are allowed in SRTP mode (but not AEAD)");
-+		return -EINVAL;
-+	}
- 
--		ret = get_userbuf_srtp(ses_ptr, kcaop, &auth_sg, &dst_sg);
--		if (unlikely(ret)) {
--			derr(1, "get_userbuf_srtp(): Error getting user pages.");
--			return ret;
--		}
-+	ret = get_userbuf_srtp(ses_ptr, kcaop, &auth_sg, &dst_sg);
-+	if (unlikely(ret)) {
-+		derr(1, "get_userbuf_srtp(): Error getting user pages.");
-+		return ret;
-+	}
- 
--		ret = srtp_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
--			   dst_sg, caop->len);
-+	ret = srtp_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
-+			dst_sg, caop->len);
- 
--		release_user_pages(ses_ptr);
--	} else { /* TLS and normal cases. Here auth data are usually small
--	          * so we just copy them to a free page, instead of trying
--	          * to map them.
--	          */
--		unsigned char *auth_buf = NULL;
--		struct scatterlist tmp;
-+	release_user_pages(ses_ptr);
- 
--		if (unlikely(caop->auth_len > PAGE_SIZE)) {
--			derr(1, "auth data len is excessive.");
--			return -EINVAL;
--		}
-+	return ret;
-+}
- 
--		auth_buf = (char *)__get_free_page(GFP_KERNEL);
--		if (unlikely(!auth_buf)) {
--			derr(1, "unable to get a free page.");
--			return -ENOMEM;
--		}
-+static int crypto_auth_zc_tls(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
-+{
-+	struct crypt_auth_op *caop = &kcaop->caop;
-+	struct scatterlist *dst_sg, *auth_sg;
-+	unsigned char *auth_buf = NULL;
-+	struct scatterlist tmp;
-+	int ret;
- 
--		if (caop->auth_src && caop->auth_len > 0) {
--			if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
--				derr(1, "unable to copy auth data from userspace.");
--				ret = -EFAULT;
--				goto free_auth_buf;
--			}
-+	if (unlikely(ses_ptr->cdata.aead != 0)) {
-+		return -EINVAL;
-+	}
-+
-+	if (unlikely(caop->auth_len > PAGE_SIZE)) {
-+		derr(1, "auth data len is excessive.");
-+		return -EINVAL;
-+	}
-+
-+	auth_buf = (char *)__get_free_page(GFP_KERNEL);
-+	if (unlikely(!auth_buf)) {
-+		derr(1, "unable to get a free page.");
-+		return -ENOMEM;
-+	}
- 
--			sg_init_one(&tmp, auth_buf, caop->auth_len);
--			auth_sg = &tmp;
--		} else {
--			auth_sg = NULL;
-+	if (caop->auth_src && caop->auth_len > 0) {
-+		if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
-+			derr(1, "unable to copy auth data from userspace.");
-+			ret = -EFAULT;
-+			goto free_auth_buf;
- 		}
- 
--		if (caop->flags & COP_FLAG_AEAD_TLS_TYPE && ses_ptr->cdata.aead == 0) {
--			ret = get_userbuf_tls(ses_ptr, kcaop, &dst_sg);
--			if (unlikely(ret)) {
--				derr(1, "get_userbuf_tls(): Error getting user pages.");
--				goto free_auth_buf;
--			}
-+		sg_init_one(&tmp, auth_buf, caop->auth_len);
-+		auth_sg = &tmp;
-+	} else {
-+		auth_sg = NULL;
-+	}
- 
--			ret = tls_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
--				   dst_sg, caop->len);
--		} else {
--			if (unlikely(ses_ptr->cdata.init == 0 ||
--			             (ses_ptr->cdata.stream == 0 &&
--				      ses_ptr->cdata.aead == 0))) {
--				derr(0, "Only stream and AEAD ciphers are allowed for authenc");
--				ret = -EINVAL;
--				goto free_auth_buf;
--			}
-+	ret = get_userbuf_tls(ses_ptr, kcaop, &dst_sg);
-+	if (unlikely(ret)) {
-+		derr(1, "get_userbuf_tls(): Error getting user pages.");
-+		goto free_auth_buf;
-+	}
- 
--			ret = get_userbuf(ses_ptr, caop->src, caop->len, caop->dst, kcaop->dst_len,
--					  kcaop->task, kcaop->mm, &src_sg, &dst_sg);
--			if (unlikely(ret)) {
--				derr(1, "get_userbuf(): Error getting user pages.");
--				goto free_auth_buf;
--			}
-+	ret = tls_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
-+			dst_sg, caop->len);
-+	release_user_pages(ses_ptr);
-+
-+free_auth_buf:
-+	free_page((unsigned long)auth_buf);
-+	return ret;
-+}
-+
-+static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
-+{
-+	struct scatterlist *dst_sg, *auth_sg, *src_sg;
-+	struct crypt_auth_op *caop = &kcaop->caop;
-+	unsigned char *auth_buf = NULL;
-+	struct scatterlist tmp;
-+	int ret;
- 
--			ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
--					   src_sg, dst_sg, caop->len);
-+	if (unlikely(ses_ptr->cdata.init == 0 ||
-+		(ses_ptr->cdata.stream == 0 && ses_ptr->cdata.aead == 0))) {
-+		derr(0, "Only stream and AEAD ciphers are allowed for authenc");
-+		return -EINVAL;
-+	}
-+
-+	if (unlikely(caop->auth_len > PAGE_SIZE)) {
-+		derr(1, "auth data len is excessive.");
-+		return -EINVAL;
-+	}
-+
-+	auth_buf = (char *)__get_free_page(GFP_KERNEL);
-+	if (unlikely(!auth_buf)) {
-+		derr(1, "unable to get a free page.");
-+		return -ENOMEM;
-+	}
-+
-+	if (caop->auth_src && caop->auth_len > 0) {
-+		if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
-+			derr(1, "unable to copy auth data from userspace.");
-+			ret = -EFAULT;
-+			goto free_auth_buf;
- 		}
- 
--		release_user_pages(ses_ptr);
-+		sg_init_one(&tmp, auth_buf, caop->auth_len);
-+		auth_sg = &tmp;
-+	} else {
-+		auth_sg = NULL;
-+	}
-+
-+	ret = get_userbuf(ses_ptr, caop->src, caop->len, caop->dst, kcaop->dst_len,
-+			kcaop->task, kcaop->mm, &src_sg, &dst_sg);
-+	if (unlikely(ret)) {
-+		derr(1, "get_userbuf(): Error getting user pages.");
-+		goto free_auth_buf;
-+	}
-+
-+	ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
-+			src_sg, dst_sg, caop->len);
-+
-+	release_user_pages(ses_ptr);
- 
- free_auth_buf:
--		free_page((unsigned long)auth_buf);
-+	free_page((unsigned long)auth_buf);
-+
-+	return ret;
-+}
-+
-+static int
-+__crypto_auth_run_zc(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
-+{
-+	struct crypt_auth_op *caop = &kcaop->caop;
-+	int ret;
-+
-+	if (caop->flags & COP_FLAG_AEAD_SRTP_TYPE) {
-+		ret = crypto_auth_zc_srtp(ses_ptr, kcaop);
-+	} else if (caop->flags & COP_FLAG_AEAD_TLS_TYPE) {
-+		ret = crypto_auth_zc_tls(ses_ptr, kcaop);
-+	} else {
-+		ret = crypto_auth_zc_aead(ses_ptr, kcaop);
- 	}
- 
- 	return ret;
--- 
-2.7.4
-
diff --git a/recipes-kernel/cryptodev/sdk_patches/0002-refactoring-relocate-code-to-simplify-later-patches.patch b/recipes-kernel/cryptodev/sdk_patches/0002-refactoring-relocate-code-to-simplify-later-patches.patch
deleted file mode 100644
index b948c91..0000000
--- a/recipes-kernel/cryptodev/sdk_patches/0002-refactoring-relocate-code-to-simplify-later-patches.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From c2bf0e42b1d9fda60cde4a3a682784d349ef1c0b Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Thu, 4 May 2017 15:06:21 +0300
-Subject: [PATCH 2/9] refactoring: relocate code to simplify later patches
-
-This code move will simplify the conversion to new AEAD interface in
-next patches
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- authenc.c | 17 +++++++++--------
- 1 file changed, 9 insertions(+), 8 deletions(-)
-
-diff --git a/authenc.c b/authenc.c
-index 28eb0f9..95727b4 100644
---- a/authenc.c
-+++ b/authenc.c
-@@ -711,11 +711,18 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut
- 		return -ENOMEM;
- 	}
- 
-+	ret = get_userbuf(ses_ptr, caop->src, caop->len, caop->dst, kcaop->dst_len,
-+			kcaop->task, kcaop->mm, &src_sg, &dst_sg);
-+	if (unlikely(ret)) {
-+		derr(1, "get_userbuf(): Error getting user pages.");
-+		goto free_auth_buf;
-+	}
-+
- 	if (caop->auth_src && caop->auth_len > 0) {
- 		if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
- 			derr(1, "unable to copy auth data from userspace.");
- 			ret = -EFAULT;
--			goto free_auth_buf;
-+			goto free_pages;
- 		}
- 
- 		sg_init_one(&tmp, auth_buf, caop->auth_len);
-@@ -724,16 +731,10 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut
- 		auth_sg = NULL;
- 	}
- 
--	ret = get_userbuf(ses_ptr, caop->src, caop->len, caop->dst, kcaop->dst_len,
--			kcaop->task, kcaop->mm, &src_sg, &dst_sg);
--	if (unlikely(ret)) {
--		derr(1, "get_userbuf(): Error getting user pages.");
--		goto free_auth_buf;
--	}
--
- 	ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
- 			src_sg, dst_sg, caop->len);
- 
-+free_pages:
- 	release_user_pages(ses_ptr);
- 
- free_auth_buf:
--- 
-2.7.4
-
diff --git a/recipes-kernel/cryptodev/sdk_patches/0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch b/recipes-kernel/cryptodev/sdk_patches/0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch
deleted file mode 100644
index ab3c7a8..0000000
--- a/recipes-kernel/cryptodev/sdk_patches/0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From a705360197260d28535746ae98c461ba2cfb7a9e Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Thu, 4 May 2017 15:06:22 +0300
-Subject: [PATCH 3/9] convert to new AEAD interface in kernels v4.2+
-
-The crypto API for AEAD ciphers changed in recent kernels so that
-associated data is now part of both source and destination scatter
-gathers. The source, destination and associated data buffers need
-to be stiched accordingly for the operations to succeed:
-
-src_sg: auth_buf + src_buf
-dst_sg: auth_buf + (dst_buf + tag space)
-
-This patch fixes a kernel crash observed with cipher-gcm test.
-
-See also kernel patch: 81c4c35eb61a69c229871c490b011c1171511d5a
-    crypto: ccm - Convert to new AEAD interface
-
-Reported-by: Phil Sutter <phil@nwl.cc>
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- authenc.c | 40 ++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 38 insertions(+), 2 deletions(-)
-
-diff --git a/authenc.c b/authenc.c
-index 95727b4..692951f 100644
---- a/authenc.c
-+++ b/authenc.c
-@@ -688,12 +688,20 @@ free_auth_buf:
- 
- static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
- {
--	struct scatterlist *dst_sg, *auth_sg, *src_sg;
-+	struct scatterlist *dst_sg;
-+	struct scatterlist *src_sg;
- 	struct crypt_auth_op *caop = &kcaop->caop;
- 	unsigned char *auth_buf = NULL;
--	struct scatterlist tmp;
- 	int ret;
- 
-+#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 2, 0))
-+	struct scatterlist tmp;
-+	struct scatterlist *auth_sg;
-+#else
-+	struct scatterlist auth1[2];
-+	struct scatterlist auth2[2];
-+#endif
-+
- 	if (unlikely(ses_ptr->cdata.init == 0 ||
- 		(ses_ptr->cdata.stream == 0 && ses_ptr->cdata.aead == 0))) {
- 		derr(0, "Only stream and AEAD ciphers are allowed for authenc");
-@@ -718,6 +726,7 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut
- 		goto free_auth_buf;
- 	}
- 
-+#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 2, 0))
- 	if (caop->auth_src && caop->auth_len > 0) {
- 		if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
- 			derr(1, "unable to copy auth data from userspace.");
-@@ -733,6 +742,33 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut
- 
- 	ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
- 			src_sg, dst_sg, caop->len);
-+#else
-+	if (caop->auth_src && caop->auth_len > 0) {
-+		if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
-+			derr(1, "unable to copy auth data from userspace.");
-+			ret = -EFAULT;
-+			goto free_pages;
-+		}
-+
-+		sg_init_table(auth1, 2);
-+		sg_set_buf(auth1, auth_buf, caop->auth_len);
-+		sg_chain(auth1, 2, src_sg);
-+
-+		if (src_sg == dst_sg) {
-+			src_sg = auth1;
-+			dst_sg = auth1;
-+		} else {
-+			sg_init_table(auth2, 2);
-+			sg_set_buf(auth2, auth_buf, caop->auth_len);
-+			sg_chain(auth2, 2, dst_sg);
-+			src_sg = auth1;
-+			dst_sg = auth2;
-+		}
-+	}
-+
-+	ret = auth_n_crypt(ses_ptr, kcaop, NULL, caop->auth_len,
-+			src_sg, dst_sg, caop->len);
-+#endif
- 
- free_pages:
- 	release_user_pages(ses_ptr);
--- 
-2.7.4
-
diff --git a/recipes-kernel/cryptodev/sdk_patches/0004-fix-type-of-returned-value.patch b/recipes-kernel/cryptodev/sdk_patches/0004-fix-type-of-returned-value.patch
deleted file mode 100644
index faad6cc..0000000
--- a/recipes-kernel/cryptodev/sdk_patches/0004-fix-type-of-returned-value.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 1d7c84838445981a06812869f8906bdef52e69eb Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 15 Feb 2016 18:27:35 +0200
-Subject: [PATCH 4/9] fix type of returned value
-
-The function is declared as unsigned int so we return an
-unsigned int as well
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- ioctl.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ioctl.c b/ioctl.c
-index 0385203..db7207a 100644
---- a/ioctl.c
-+++ b/ioctl.c
-@@ -1065,7 +1065,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
- static unsigned int cryptodev_poll(struct file *file, poll_table *wait)
- {
- 	struct crypt_priv *pcr = file->private_data;
--	int ret = 0;
-+	unsigned int ret = 0;
- 
- 	poll_wait(file, &pcr->user_waiter, wait);
- 
--- 
-2.7.4
-
diff --git a/recipes-kernel/cryptodev/sdk_patches/0005-remove-unnecessary-header-inclusion.patch b/recipes-kernel/cryptodev/sdk_patches/0005-remove-unnecessary-header-inclusion.patch
deleted file mode 100644
index f9c8f3a..0000000
--- a/recipes-kernel/cryptodev/sdk_patches/0005-remove-unnecessary-header-inclusion.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 00a686189f7e05d70a7184cd6218f7424ab21b0d Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 23 May 2017 15:28:58 +0300
-Subject: [PATCH 5/9] remove unnecessary header inclusion
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- zc.h | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/zc.h b/zc.h
-index 6f975d6..666c4a5 100644
---- a/zc.h
-+++ b/zc.h
-@@ -1,8 +1,6 @@
- #ifndef ZC_H
- # define ZC_H
- 
--#include "cryptodev_int.h"
--
- /* For zero copy */
- int __get_userbuf(uint8_t __user *addr, uint32_t len, int write,
- 		unsigned int pgcount, struct page **pg, struct scatterlist *sg,
--- 
-2.7.4
-
diff --git a/recipes-kernel/cryptodev/sdk_patches/0006-move-structure-definition-to-cryptodev_int.h.patch b/recipes-kernel/cryptodev/sdk_patches/0006-move-structure-definition-to-cryptodev_int.h.patch
deleted file mode 100644
index 9a7ef3d..0000000
--- a/recipes-kernel/cryptodev/sdk_patches/0006-move-structure-definition-to-cryptodev_int.h.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 3245b0f9ed2085f6167068409fb344166093808c Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 23 May 2017 15:50:40 +0300
-Subject: [PATCH 6/9] move structure definition to cryptodev_int.h
-
-This is necessary for the rsa patch and makes this data structure
-visible to kernel_crypt_pkop structure which will be defined in
-cryptodev_int.h as well.
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- cryptlib.h      | 6 ------
- cryptodev_int.h | 5 +++++
- 2 files changed, 5 insertions(+), 6 deletions(-)
-
-diff --git a/cryptlib.h b/cryptlib.h
-index 8e8aa71..48fe9bd 100644
---- a/cryptlib.h
-+++ b/cryptlib.h
-@@ -2,12 +2,6 @@
- # define CRYPTLIB_H
- 
- #include <linux/version.h>
--
--struct cryptodev_result {
--	struct completion completion;
--	int err;
--};
--
- #include "cipherapi.h"
- 
- struct cipher_data {
-diff --git a/cryptodev_int.h b/cryptodev_int.h
-index d7660fa..c1879fd 100644
---- a/cryptodev_int.h
-+++ b/cryptodev_int.h
-@@ -35,6 +35,11 @@
- #define ddebug(level, format, a...) dprintk(level, KERN_DEBUG, format, ##a)
- 
- 
-+struct cryptodev_result {
-+	struct completion completion;
-+	int err;
-+};
-+
- extern int cryptodev_verbosity;
- 
- struct fcrypt {
--- 
-2.7.4
-
diff --git a/recipes-kernel/cryptodev/sdk_patches/0007-add-support-for-RSA-public-and-private-key-operation.patch b/recipes-kernel/cryptodev/sdk_patches/0007-add-support-for-RSA-public-and-private-key-operation.patch
deleted file mode 100644
index 803b90a..0000000
--- a/recipes-kernel/cryptodev/sdk_patches/0007-add-support-for-RSA-public-and-private-key-operation.patch
+++ /dev/null
@@ -1,440 +0,0 @@
-From 6213ae5228a2ff0bb3521474ae37effda95a5d46 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Fri, 12 May 2017 17:04:40 +0300
-Subject: [PATCH 7/9] add support for RSA public and private key operations
-
-Only form 1 support is added with this patch. To maintain
-compatibility with OpenBSD we need to reverse bignum buffers before
-giving them to the kernel. This adds an artificial performance
-penalty that can be resolved only with a CIOCKEY extension in
-cryptodev API.
-
-As of Linux kernel 4.12 it is not possible to give to the kernel
-directly a pointer to a RSA key structure and must resort to a BER
-encoding scheme.
-
-Support for private keys in form 3 (CRT) must wait for updates and
-fixes in Linux kernel crypto API.
-
-Known issue:
-Kernels <= v4.7 strip leading zeros from the result and we get padding
-errors from Openssl: RSA_EAY_PUBLIC_DECRYPT: padding check failed
-(Fixed with kernel commit "crypto: rsa - Generate fixed-length output"
-9b45b7bba3d22de52e09df63c50f390a193a3f53)
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- cryptlib.c      | 234 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- cryptlib.h      |   4 +-
- cryptodev_int.h |  17 ++++
- ioctl.c         |  17 +++-
- main.c          |  42 ++++++++++
- 5 files changed, 312 insertions(+), 2 deletions(-)
-
-diff --git a/cryptlib.c b/cryptlib.c
-index 2c6028e..1c044a4 100644
---- a/cryptlib.c
-+++ b/cryptlib.c
-@@ -37,6 +37,10 @@
- #include <crypto/authenc.h>
- #include "cryptodev_int.h"
- #include "cipherapi.h"
-+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
-+#include <linux/asn1_ber_bytecode.h>
-+#include <crypto/akcipher.h>
-+#endif
- 
- extern const struct crypto_type crypto_givcipher_type;
- 
-@@ -435,3 +439,233 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output)
- 	return waitfor(&hdata->async.result, ret);
- }
- 
-+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
-+/* This function is necessary because the bignums in Linux kernel are MSB first
-+ * (big endian) as opposed to LSB first as OpenBSD crypto layer uses */
-+void reverse_buf(uint8_t *buf, size_t sz)
-+{
-+	int i;
-+	uint8_t *end;
-+	uint8_t tmp;
-+
-+	end = buf + sz;
-+
-+	for (i = 0; i < sz/2; i++) {
-+		end--;
-+
-+		tmp = *buf;
-+		*buf = *end;
-+		*end = tmp;
-+
-+		buf++;
-+	}
-+}
-+
-+int ber_wr_tag(uint8_t **ber_ptr, uint8_t tag)
-+{
-+	**ber_ptr = tag;
-+	*ber_ptr += 1;
-+
-+	return 0;
-+}
-+
-+int ber_wr_len(uint8_t **ber_ptr, size_t len, size_t sz)
-+{
-+	if (len < 127) {
-+		**ber_ptr = len;
-+		*ber_ptr += 1;
-+	} else {
-+		size_t sz_save = sz;
-+
-+		sz--;
-+		**ber_ptr = 0x80 | sz;
-+
-+		while (sz > 0) {
-+			*(*ber_ptr + sz) = len & 0xff;
-+			len >>= 8;
-+			sz--;
-+		}
-+		*ber_ptr += sz_save;
-+	}
-+
-+	return 0;
-+}
-+
-+int ber_wr_int(uint8_t **ber_ptr, uint8_t *crp_p, size_t sz)
-+{
-+	int ret;
-+
-+	ret = copy_from_user(*ber_ptr, crp_p, sz);
-+	reverse_buf(*ber_ptr, sz);
-+
-+	*ber_ptr += sz;
-+
-+	return ret;
-+}
-+
-+/* calculate the size of the length field itself in BER encoding */
-+size_t ber_enc_len(size_t len)
-+{
-+	size_t sz;
-+
-+	sz = 1;
-+	if (len > 127) {		/* long encoding */
-+		while (len != 0) {
-+			len >>= 8;
-+			sz++;
-+		}
-+	}
-+
-+	return sz;
-+}
-+
-+void *cryptodev_alloc_rsa_pub_key(struct kernel_crypt_pkop *pkop,
-+		uint32_t *key_len)
-+{
-+	struct crypt_kop *cop = &pkop->pkop;
-+	uint8_t *ber_key;
-+	uint8_t *ber_ptr;
-+	uint32_t ber_key_len;
-+	size_t s_sz;
-+	size_t e_sz;
-+	size_t n_sz;
-+	size_t s_enc_len;
-+	size_t e_enc_len;
-+	size_t n_enc_len;
-+	int err;
-+
-+	/* BER public key format:
-+	 * SEQUENCE TAG         1 byte
-+	 * SEQUENCE LENGTH	s_enc_len bytes
-+	 * INTEGER TAG		1 byte
-+	 * INTEGER LENGTH	n_enc_len bytes
-+	 * INTEGER (n modulus)	n_sz bytes
-+	 * INTEGER TAG		1 byte
-+	 * INTEGER LENGTH	e_enc_len bytes
-+	 * INTEGER (e exponent)	e_sz bytes
-+	 */
-+
-+	e_sz = (cop->crk_param[1].crp_nbits + 7)/8;
-+	n_sz = (cop->crk_param[2].crp_nbits + 7)/8;
-+
-+	e_enc_len = ber_enc_len(e_sz);
-+	n_enc_len = ber_enc_len(n_sz);
-+
-+	/*
-+	 * Sequence length is the size of all the fields following the sequence
-+	 * tag, added together. The two added bytes account for the two INT
-+	 * tags in the Public Key sequence
-+	 */
-+	s_sz = e_sz + e_enc_len + n_sz + n_enc_len + 2;
-+	s_enc_len = ber_enc_len(s_sz);
-+
-+	/* The added byte accounts for the SEQ tag at the start of the key */
-+	ber_key_len = s_sz + s_enc_len + 1;
-+
-+	/* Linux asn1_ber_decoder doesn't like keys that are too large */
-+	if (ber_key_len > 65535) {
-+		return NULL;
-+	}
-+
-+	ber_key = kmalloc(ber_key_len, GFP_DMA);
-+	if (!ber_key) {
-+		return NULL;
-+	}
-+
-+	ber_ptr = ber_key;
-+
-+	err = ber_wr_tag(&ber_ptr, _tag(UNIV, CONS, SEQ))         ||
-+	      ber_wr_len(&ber_ptr, s_sz, s_enc_len)               ||
-+	      ber_wr_tag(&ber_ptr, _tag(UNIV, PRIM, INT))         ||
-+	      ber_wr_len(&ber_ptr, n_sz, n_enc_len)               ||
-+	      ber_wr_int(&ber_ptr, cop->crk_param[2].crp_p, n_sz) ||
-+	      ber_wr_tag(&ber_ptr, _tag(UNIV, PRIM, INT))         ||
-+	      ber_wr_len(&ber_ptr, e_sz, e_enc_len)               ||
-+	      ber_wr_int(&ber_ptr, cop->crk_param[1].crp_p, e_sz);
-+	if (err != 0) {
-+		goto free_key;
-+	}
-+
-+	*key_len = ber_key_len;
-+	return ber_key;
-+
-+free_key:
-+	kfree(ber_key);
-+	return NULL;
-+}
-+
-+int crypto_bn_modexp(struct kernel_crypt_pkop *pkop)
-+{
-+	struct crypt_kop *cop = &pkop->pkop;
-+	uint8_t *ber_key;
-+	uint32_t ber_key_len;
-+	size_t m_sz;
-+	size_t c_sz;
-+	size_t c_sz_max;
-+	uint8_t *m_buf;
-+	uint8_t *c_buf;
-+	struct scatterlist src;
-+	struct scatterlist dst;
-+	int err;
-+
-+	ber_key = cryptodev_alloc_rsa_pub_key(pkop, &ber_key_len);
-+	if (!ber_key) {
-+		return -ENOMEM;
-+	}
-+
-+	err = crypto_akcipher_set_pub_key(pkop->s, ber_key, ber_key_len);
-+	if (err != 0) {
-+		goto free_key;
-+	}
-+
-+	m_sz = (cop->crk_param[0].crp_nbits + 7)/8;
-+	c_sz = (cop->crk_param[3].crp_nbits + 7)/8;
-+
-+	m_buf = kmalloc(m_sz, GFP_DMA);
-+	if (!m_buf) {
-+		err = -ENOMEM;
-+		goto free_key;
-+	}
-+
-+	err = copy_from_user(m_buf, cop->crk_param[0].crp_p, m_sz);
-+	if (err != 0) {
-+		goto free_m_buf;
-+	}
-+	reverse_buf(m_buf, m_sz);
-+
-+	c_sz_max = crypto_akcipher_maxsize(pkop->s);
-+	if (c_sz > c_sz_max) {
-+		err = -EINVAL;
-+		goto free_m_buf;
-+	}
-+
-+	c_buf = kzalloc(c_sz_max, GFP_KERNEL);
-+	if (!c_buf) {
-+		goto free_m_buf;
-+	}
-+
-+	sg_init_one(&src, m_buf, m_sz);
-+	sg_init_one(&dst, c_buf, c_sz);
-+
-+	init_completion(&pkop->result.completion);
-+	akcipher_request_set_callback(pkop->req, 0,
-+			cryptodev_complete, &pkop->result);
-+	akcipher_request_set_crypt(pkop->req, &src, &dst, m_sz, c_sz);
-+
-+	err = crypto_akcipher_encrypt(pkop->req);
-+	err = waitfor(&pkop->result, err);
-+
-+	if (err == 0) {
-+		reverse_buf(c_buf, c_sz);
-+		err = copy_to_user(cop->crk_param[3].crp_p, c_buf, c_sz);
-+	}
-+
-+	kfree(c_buf);
-+free_m_buf:
-+	kfree(m_buf);
-+free_key:
-+	kfree(ber_key);
-+
-+	return err;
-+}
-+#endif
-diff --git a/cryptlib.h b/cryptlib.h
-index 48fe9bd..f909c34 100644
---- a/cryptlib.h
-+++ b/cryptlib.h
-@@ -95,6 +95,8 @@ int cryptodev_hash_reset(struct hash_data *hdata);
- void cryptodev_hash_deinit(struct hash_data *hdata);
- int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name,
- 			int hmac_mode, void *mackey, size_t mackeylen);
--
-+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
-+int crypto_bn_modexp(struct kernel_crypt_pkop *pkop);
-+#endif
- 
- #endif
-diff --git a/cryptodev_int.h b/cryptodev_int.h
-index c1879fd..7860c39 100644
---- a/cryptodev_int.h
-+++ b/cryptodev_int.h
-@@ -19,6 +19,10 @@
- #include <linux/scatterlist.h>
- #include <crypto/cryptodev.h>
- #include <crypto/aead.h>
-+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
-+#include <crypto/internal/rsa.h>
-+#endif
-+
- 
- #define PFX "cryptodev: "
- #define dprintk(level, severity, format, a...)			\
-@@ -111,6 +115,18 @@ struct kernel_crypt_auth_op {
- 	struct mm_struct *mm;
- };
- 
-+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
-+struct kernel_crypt_pkop {
-+	struct crypt_kop pkop;
-+
-+	struct crypto_akcipher *s;    /* Transform pointer from CryptoAPI */
-+	struct akcipher_request *req; /* PKC request allocated from CryptoAPI */
-+	struct cryptodev_result result;	/* updated by completion handler */
-+};
-+
-+int crypto_run_asym(struct kernel_crypt_pkop *pkop);
-+#endif
-+
- /* auth */
- 
- int kcaop_from_user(struct kernel_crypt_auth_op *kcop,
-@@ -122,6 +138,7 @@ int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop);
- 
- #include <cryptlib.h>
- 
-+
- /* other internal structs */
- struct csession {
- 	struct list_head entry;
-diff --git a/ioctl.c b/ioctl.c
-index db7207a..8b0df4e 100644
---- a/ioctl.c
-+++ b/ioctl.c
-@@ -810,6 +810,9 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
- 	struct session_op sop;
- 	struct kernel_crypt_op kcop;
- 	struct kernel_crypt_auth_op kcaop;
-+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
-+	struct kernel_crypt_pkop pkop;
-+#endif
- 	struct crypt_priv *pcr = filp->private_data;
- 	struct fcrypt *fcr;
- 	struct session_info_op siop;
-@@ -823,7 +826,11 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
- 
- 	switch (cmd) {
- 	case CIOCASYMFEAT:
--		return put_user(0, p);
-+		ses = 0;
-+		if (crypto_has_alg("rsa", 0, 0)) {
-+			ses = CRF_MOD_EXP;
-+		}
-+		return put_user(ses, p);
- 	case CRIOGET:
- 		fd = clonefd(filp);
- 		ret = put_user(fd, p);
-@@ -859,6 +866,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
- 		if (unlikely(ret))
- 			return ret;
- 		return copy_to_user(arg, &siop, sizeof(siop));
-+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
-+	case CIOCKEY:
-+		ret = copy_from_user(&pkop.pkop, arg, sizeof(struct crypt_kop));
-+		if (ret == 0) {
-+			ret = crypto_run_asym(&pkop);
-+		}
-+		return ret;
-+#endif
- 	case CIOCCRYPT:
- 		if (unlikely(ret = kcop_from_user(&kcop, fcr, arg))) {
- 			dwarning(1, "Error copying from user");
-diff --git a/main.c b/main.c
-index 57e5c38..2bfe6f0 100644
---- a/main.c
-+++ b/main.c
-@@ -48,6 +48,9 @@
- #include "zc.h"
- #include "cryptlib.h"
- #include "version.h"
-+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
-+#include <crypto/akcipher.h>
-+#endif
- 
- /* This file contains the traditional operations of encryption
-  * and hashing of /dev/crypto.
-@@ -265,3 +268,42 @@ out_unlock:
- 	crypto_put_session(ses_ptr);
- 	return ret;
- }
-+
-+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
-+int crypto_run_asym(struct kernel_crypt_pkop *pkop)
-+{
-+	int err;
-+
-+	pkop->s = crypto_alloc_akcipher("rsa", 0, 0);
-+	if (IS_ERR(pkop->s)) {
-+		return PTR_ERR(pkop->s);
-+	}
-+
-+	pkop->req = akcipher_request_alloc(pkop->s, GFP_KERNEL);
-+	if (pkop->req == NULL) {
-+		err = -ENOMEM;
-+		goto out_free_tfm;
-+	}
-+
-+	switch (pkop->pkop.crk_op) {
-+	case CRK_MOD_EXP: /* RSA_PUB or PRIV form 1 */
-+		if (pkop->pkop.crk_iparams != 3 && pkop->pkop.crk_oparams != 1) {
-+			err = -EINVAL;
-+			goto out_free_req;
-+		}
-+		err = crypto_bn_modexp(pkop);
-+		break;
-+	default:
-+		err = -EINVAL;
-+		break;
-+	}
-+
-+out_free_req:
-+	kfree(pkop->req);
-+
-+out_free_tfm:
-+	crypto_free_akcipher(pkop->s);
-+
-+	return err;
-+}
-+#endif
--- 
-2.7.4
-
diff --git a/recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch b/recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch
deleted file mode 100644
index 1fce558..0000000
--- a/recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From ec2529027a6565fdede79e7bda4a0232757acf70 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Wed, 14 Jun 2017 11:23:18 +0300
-Subject: [PATCH 8/9] check session flags early to avoid incorrect failure
- modes
-
-This verification of aead flag was incorrectly removed in
-"refactoring: split big function to simplify maintainance"
-20dcf071bc3076ee7db9d603cfbe6a06e86c7d5f
-resulting in an incorrect dispatching of functions.
-
-Add back this check and at the same time remove the second check from
-the called function which now becomes redundant.
-Add another guard check for aead modes and reject not supported combinations.
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- authenc.c | 11 +++++------
- 1 file changed, 5 insertions(+), 6 deletions(-)
-
-diff --git a/authenc.c b/authenc.c
-index 692951f..fc32f43 100644
---- a/authenc.c
-+++ b/authenc.c
-@@ -643,10 +643,6 @@ static int crypto_auth_zc_tls(struct csession *ses_ptr, struct kernel_crypt_auth
- 	struct scatterlist tmp;
- 	int ret;
- 
--	if (unlikely(ses_ptr->cdata.aead != 0)) {
--		return -EINVAL;
--	}
--
- 	if (unlikely(caop->auth_len > PAGE_SIZE)) {
- 		derr(1, "auth data len is excessive.");
- 		return -EINVAL;
-@@ -787,10 +783,13 @@ __crypto_auth_run_zc(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcao
- 
- 	if (caop->flags & COP_FLAG_AEAD_SRTP_TYPE) {
- 		ret = crypto_auth_zc_srtp(ses_ptr, kcaop);
--	} else if (caop->flags & COP_FLAG_AEAD_TLS_TYPE) {
-+	} else if (caop->flags & COP_FLAG_AEAD_TLS_TYPE &&
-+		   ses_ptr->cdata.aead == 0) {
- 		ret = crypto_auth_zc_tls(ses_ptr, kcaop);
--	} else {
-+	} else if (ses_ptr->cdata.aead) {
- 		ret = crypto_auth_zc_aead(ses_ptr, kcaop);
-+	} else {
-+		ret = -EINVAL;
- 	}
- 
- 	return ret;
--- 
-2.7.4
-
diff --git a/recipes-kernel/cryptodev/sdk_patches/0009-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch b/recipes-kernel/cryptodev/sdk_patches/0009-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch
deleted file mode 100644
index 795abdf..0000000
--- a/recipes-kernel/cryptodev/sdk_patches/0009-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From f365c69d7852d6579952825c9f90a27129f92d22 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 13 Jun 2017 11:13:33 +0300
-Subject: [PATCH 9/9] add support for composite TLS10(SHA1,AES) algorithm
- offload
-
-This adds support for composite algorithm offload as a primitive
-crypto (cipher + hmac) operation.
-
-It requires kernel support for tls10(hmac(sha1),cbc(aes)) algorithm
-provided either in software or accelerated by hardware such as
-Freescale B*, P* and T* platforms.
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/cryptodev.h | 1 +
- ioctl.c            | 5 +++++
- 2 files changed, 6 insertions(+)
-
-diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
-index 7fb9c7d..c0e8cd4 100644
---- a/crypto/cryptodev.h
-+++ b/crypto/cryptodev.h
-@@ -50,6 +50,7 @@ enum cryptodev_crypto_op_t {
- 	CRYPTO_SHA2_384,
- 	CRYPTO_SHA2_512,
- 	CRYPTO_SHA2_224_HMAC,
-+	CRYPTO_TLS10_AES_CBC_HMAC_SHA1,
- 	CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
- };
- 
-diff --git a/ioctl.c b/ioctl.c
-index 8b0df4e..998f51a 100644
---- a/ioctl.c
-+++ b/ioctl.c
-@@ -159,6 +159,11 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
- 		stream = 1;
- 		aead = 1;
- 		break;
-+	case CRYPTO_TLS10_AES_CBC_HMAC_SHA1:
-+		alg_name = "tls10(hmac(sha1),cbc(aes))";
-+		stream = 0;
-+		aead = 1;
-+		break;
- 	case CRYPTO_NULL:
- 		alg_name = "ecb(cipher_null)";
- 		stream = 1;
--- 
-2.7.4
-
-- 
1.9.0