* [PATCH 1/4] cryptodev: update recipes
@ 2017-11-15 5:26 Chunrong Guo
2017-11-15 5:26 ` [PATCH 2/4] openssl-qoriq: " Chunrong Guo
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Chunrong Guo @ 2017-11-15 5:26 UTC (permalink / raw)
To: meta-freescale; +Cc: chunrong.guo
From: Chunrong Guo <chunrong.guo@nxp.com>
*Update URL to fetch qoriq-open-source github
*Update to f365c69d785
This includes the following changes:
f365c69 - add support for composite TLS10(SHA1,AES) algorithm offload
ec25290 - check session flags early to avoid incorrect failure modes
6213ae5 - add support for RSA public and private key operations
3245b0f - move structure definition to cryptodev_int.h
00a6861 - remove unnecessary header inclusion
1d7c848 - fix type of returned value
a705360 - convert to new AEAD interface in kernels v4.2+
c2bf0e4 - refactoring: relocate code to simplify later patches
20dcf07 - refactoring: split big function to simplify maintainance
87d959d - Release version 1.9
6818263 - Fix ablkcipher algorithms usage in v4.8+ kernels
26e167f - zc: Use the power of #elif
2b29be8 - adjust to API changes in kernel >=4.10
2dbbb23 - do more strict code checking to avoid maintenance issues
88223e4 - avoid implicit conversion between signed and unsigned char
8db6905 - use buf_align macro to reduce code duplication
b6d0e0f - rename header file to clarify purpose
1fd6062 - fix warnings of "implicit declaration of function" in async_speed
ff3c8ab - remove not used local variables
25a1276 - fix incorrect return code in case of error from openssl_cioccrypt
e7ef4ea - Merge pull request #17 from michaelweiser/gup_flags
99c6d21 - fix ignored SIGALRM signals on some platforms
71975fa - setting KERNEL_DIR is not necessary to build tests
a96ff97 - fix issues with install target
*Cryptodev-linux git includes all sdk patches so remove sdk patches folder
Signed-off-by: Chunrong Guo <chunrong.guo@nxp.com>
---
recipes-kernel/cryptodev/cryptodev-qoriq_1.9.inc | 22 +-
...-split-big-function-to-simplify-maintaina.patch | 244 ------------
...g-relocate-code-to-simplify-later-patches.patch | 58 ---
...ert-to-new-AEAD-interface-in-kernels-v4.2.patch | 96 -----
.../0004-fix-type-of-returned-value.patch | 29 --
| 26 --
...e-structure-definition-to-cryptodev_int.h.patch | 51 ---
...-for-RSA-public-and-private-key-operation.patch | 440 ---------------------
...on-flags-early-to-avoid-incorrect-failure.patch | 54 ---
...-for-composite-TLS10-SHA1-AES-algorithm-o.patch | 50 ---
10 files changed, 3 insertions(+), 1067 deletions(-)
delete mode 100644 recipes-kernel/cryptodev/sdk_patches/0001-refactoring-split-big-function-to-simplify-maintaina.patch
delete mode 100644 recipes-kernel/cryptodev/sdk_patches/0002-refactoring-relocate-code-to-simplify-later-patches.patch
delete mode 100644 recipes-kernel/cryptodev/sdk_patches/0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch
delete mode 100644 recipes-kernel/cryptodev/sdk_patches/0004-fix-type-of-returned-value.patch
delete mode 100644 recipes-kernel/cryptodev/sdk_patches/0005-remove-unnecessary-header-inclusion.patch
delete mode 100644 recipes-kernel/cryptodev/sdk_patches/0006-move-structure-definition-to-cryptodev_int.h.patch
delete mode 100644 recipes-kernel/cryptodev/sdk_patches/0007-add-support-for-RSA-public-and-private-key-operation.patch
delete mode 100644 recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch
delete mode 100644 recipes-kernel/cryptodev/sdk_patches/0009-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch
diff --git a/recipes-kernel/cryptodev/cryptodev-qoriq_1.9.inc b/recipes-kernel/cryptodev/cryptodev-qoriq_1.9.inc
index 24cc87c..3e6fcf7 100644
--- a/recipes-kernel/cryptodev/cryptodev-qoriq_1.9.inc
+++ b/recipes-kernel/cryptodev/cryptodev-qoriq_1.9.inc
@@ -12,31 +12,15 @@ python() {
d.appendVar("RREPLACES_%s" % p, p.replace('cryptodev-qoriq', 'cryptodev'))
}
-FILESEXTRAPATHS_prepend := "${THISDIR}/sdk_patches:"
FILESEXTRAPATHS_prepend := "${THISDIR}/yocto_patches:"
-SRC_URI = "http://nwl.cc/pub/cryptodev-linux/cryptodev-linux-${PV}.tar.gz"
-
-SRC_URI[md5sum] = "cb4e0ed9e5937716c7c8a7be84895b6d"
-SRC_URI[sha256sum] = "9f4c0b49b30e267d776f79455d09c70cc9c12c86eee400a0d0a0cd1d8e467950"
-
-# SDK patches
-SRC_URI_append = " file://0001-refactoring-split-big-function-to-simplify-maintaina.patch \
- file://0002-refactoring-relocate-code-to-simplify-later-patches.patch \
- file://0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch \
- file://0004-fix-type-of-returned-value.patch \
- file://0005-remove-unnecessary-header-inclusion.patch \
- file://0006-move-structure-definition-to-cryptodev_int.h.patch \
- file://0007-add-support-for-RSA-public-and-private-key-operation.patch \
- file://0008-check-session-flags-early-to-avoid-incorrect-failure.patch \
- file://0009-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch \
-"
-#SRC_URI_append = " file://0003-update-the-install-path-for-cryptodev-tests.patch"
+SRC_URI = "git://github.com/qoriq-open-source/cryptodev-linux.git;nobranch=1"
+SRCREV = "f365c69d7852d6579952825c9f90a27129f92d22"
# NOTE: remove this patch and all traces of DISTRO_FEATURE c29x_pkc
# if pkc-host does not need customized cryptodev patches anymore
#SRC_URI_append = "${@bb.utils.contains('DISTRO_FEATURES', 'c29x_pkc', ' file://0001-don-t-advertise-RSA-keygen.patch', '', d)}"
-S = "${WORKDIR}/cryptodev-linux-${PV}"
+S = "${WORKDIR}/git"
CLEANBROKEN = "1"
diff --git a/recipes-kernel/cryptodev/sdk_patches/0001-refactoring-split-big-function-to-simplify-maintaina.patch b/recipes-kernel/cryptodev/sdk_patches/0001-refactoring-split-big-function-to-simplify-maintaina.patch
deleted file mode 100644
index 57ac8e1..0000000
--- a/recipes-kernel/cryptodev/sdk_patches/0001-refactoring-split-big-function-to-simplify-maintaina.patch
+++ /dev/null
@@ -1,244 +0,0 @@
-From 20dcf071bc3076ee7db9d603cfbe6a06e86c7d5f Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Thu, 4 May 2017 15:06:20 +0300
-Subject: [PATCH 1/9] refactoring: split big function to simplify maintainance
-
-The setup of auth_buf in tls and aead is now duplicated but this
-is temporary and allows necessary corrections for the aead case
-with v4.2+ kernels.
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- authenc.c | 197 ++++++++++++++++++++++++++++++++++++++++----------------------
- 1 file changed, 126 insertions(+), 71 deletions(-)
-
-diff --git a/authenc.c b/authenc.c
-index 1bd7377..28eb0f9 100644
---- a/authenc.c
-+++ b/authenc.c
-@@ -609,96 +609,151 @@ auth_n_crypt(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop,
- return 0;
- }
-
--/* This is the main crypto function - zero-copy edition */
--static int
--__crypto_auth_run_zc(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
-+static int crypto_auth_zc_srtp(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
- {
-- struct scatterlist *dst_sg, *auth_sg, *src_sg;
-+ struct scatterlist *dst_sg, *auth_sg;
- struct crypt_auth_op *caop = &kcaop->caop;
-- int ret = 0;
-+ int ret;
-
-- if (caop->flags & COP_FLAG_AEAD_SRTP_TYPE) {
-- if (unlikely(ses_ptr->cdata.init != 0 &&
-- (ses_ptr->cdata.stream == 0 ||
-- ses_ptr->cdata.aead != 0))) {
-- derr(0, "Only stream modes are allowed in SRTP mode (but not AEAD)");
-- return -EINVAL;
-- }
-+ if (unlikely(ses_ptr->cdata.init != 0 &&
-+ (ses_ptr->cdata.stream == 0 || ses_ptr->cdata.aead != 0))) {
-+ derr(0, "Only stream modes are allowed in SRTP mode (but not AEAD)");
-+ return -EINVAL;
-+ }
-
-- ret = get_userbuf_srtp(ses_ptr, kcaop, &auth_sg, &dst_sg);
-- if (unlikely(ret)) {
-- derr(1, "get_userbuf_srtp(): Error getting user pages.");
-- return ret;
-- }
-+ ret = get_userbuf_srtp(ses_ptr, kcaop, &auth_sg, &dst_sg);
-+ if (unlikely(ret)) {
-+ derr(1, "get_userbuf_srtp(): Error getting user pages.");
-+ return ret;
-+ }
-
-- ret = srtp_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
-- dst_sg, caop->len);
-+ ret = srtp_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
-+ dst_sg, caop->len);
-
-- release_user_pages(ses_ptr);
-- } else { /* TLS and normal cases. Here auth data are usually small
-- * so we just copy them to a free page, instead of trying
-- * to map them.
-- */
-- unsigned char *auth_buf = NULL;
-- struct scatterlist tmp;
-+ release_user_pages(ses_ptr);
-
-- if (unlikely(caop->auth_len > PAGE_SIZE)) {
-- derr(1, "auth data len is excessive.");
-- return -EINVAL;
-- }
-+ return ret;
-+}
-
-- auth_buf = (char *)__get_free_page(GFP_KERNEL);
-- if (unlikely(!auth_buf)) {
-- derr(1, "unable to get a free page.");
-- return -ENOMEM;
-- }
-+static int crypto_auth_zc_tls(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
-+{
-+ struct crypt_auth_op *caop = &kcaop->caop;
-+ struct scatterlist *dst_sg, *auth_sg;
-+ unsigned char *auth_buf = NULL;
-+ struct scatterlist tmp;
-+ int ret;
-
-- if (caop->auth_src && caop->auth_len > 0) {
-- if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
-- derr(1, "unable to copy auth data from userspace.");
-- ret = -EFAULT;
-- goto free_auth_buf;
-- }
-+ if (unlikely(ses_ptr->cdata.aead != 0)) {
-+ return -EINVAL;
-+ }
-+
-+ if (unlikely(caop->auth_len > PAGE_SIZE)) {
-+ derr(1, "auth data len is excessive.");
-+ return -EINVAL;
-+ }
-+
-+ auth_buf = (char *)__get_free_page(GFP_KERNEL);
-+ if (unlikely(!auth_buf)) {
-+ derr(1, "unable to get a free page.");
-+ return -ENOMEM;
-+ }
-
-- sg_init_one(&tmp, auth_buf, caop->auth_len);
-- auth_sg = &tmp;
-- } else {
-- auth_sg = NULL;
-+ if (caop->auth_src && caop->auth_len > 0) {
-+ if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
-+ derr(1, "unable to copy auth data from userspace.");
-+ ret = -EFAULT;
-+ goto free_auth_buf;
- }
-
-- if (caop->flags & COP_FLAG_AEAD_TLS_TYPE && ses_ptr->cdata.aead == 0) {
-- ret = get_userbuf_tls(ses_ptr, kcaop, &dst_sg);
-- if (unlikely(ret)) {
-- derr(1, "get_userbuf_tls(): Error getting user pages.");
-- goto free_auth_buf;
-- }
-+ sg_init_one(&tmp, auth_buf, caop->auth_len);
-+ auth_sg = &tmp;
-+ } else {
-+ auth_sg = NULL;
-+ }
-
-- ret = tls_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
-- dst_sg, caop->len);
-- } else {
-- if (unlikely(ses_ptr->cdata.init == 0 ||
-- (ses_ptr->cdata.stream == 0 &&
-- ses_ptr->cdata.aead == 0))) {
-- derr(0, "Only stream and AEAD ciphers are allowed for authenc");
-- ret = -EINVAL;
-- goto free_auth_buf;
-- }
-+ ret = get_userbuf_tls(ses_ptr, kcaop, &dst_sg);
-+ if (unlikely(ret)) {
-+ derr(1, "get_userbuf_tls(): Error getting user pages.");
-+ goto free_auth_buf;
-+ }
-
-- ret = get_userbuf(ses_ptr, caop->src, caop->len, caop->dst, kcaop->dst_len,
-- kcaop->task, kcaop->mm, &src_sg, &dst_sg);
-- if (unlikely(ret)) {
-- derr(1, "get_userbuf(): Error getting user pages.");
-- goto free_auth_buf;
-- }
-+ ret = tls_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
-+ dst_sg, caop->len);
-+ release_user_pages(ses_ptr);
-+
-+free_auth_buf:
-+ free_page((unsigned long)auth_buf);
-+ return ret;
-+}
-+
-+static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
-+{
-+ struct scatterlist *dst_sg, *auth_sg, *src_sg;
-+ struct crypt_auth_op *caop = &kcaop->caop;
-+ unsigned char *auth_buf = NULL;
-+ struct scatterlist tmp;
-+ int ret;
-
-- ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
-- src_sg, dst_sg, caop->len);
-+ if (unlikely(ses_ptr->cdata.init == 0 ||
-+ (ses_ptr->cdata.stream == 0 && ses_ptr->cdata.aead == 0))) {
-+ derr(0, "Only stream and AEAD ciphers are allowed for authenc");
-+ return -EINVAL;
-+ }
-+
-+ if (unlikely(caop->auth_len > PAGE_SIZE)) {
-+ derr(1, "auth data len is excessive.");
-+ return -EINVAL;
-+ }
-+
-+ auth_buf = (char *)__get_free_page(GFP_KERNEL);
-+ if (unlikely(!auth_buf)) {
-+ derr(1, "unable to get a free page.");
-+ return -ENOMEM;
-+ }
-+
-+ if (caop->auth_src && caop->auth_len > 0) {
-+ if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
-+ derr(1, "unable to copy auth data from userspace.");
-+ ret = -EFAULT;
-+ goto free_auth_buf;
- }
-
-- release_user_pages(ses_ptr);
-+ sg_init_one(&tmp, auth_buf, caop->auth_len);
-+ auth_sg = &tmp;
-+ } else {
-+ auth_sg = NULL;
-+ }
-+
-+ ret = get_userbuf(ses_ptr, caop->src, caop->len, caop->dst, kcaop->dst_len,
-+ kcaop->task, kcaop->mm, &src_sg, &dst_sg);
-+ if (unlikely(ret)) {
-+ derr(1, "get_userbuf(): Error getting user pages.");
-+ goto free_auth_buf;
-+ }
-+
-+ ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
-+ src_sg, dst_sg, caop->len);
-+
-+ release_user_pages(ses_ptr);
-
- free_auth_buf:
-- free_page((unsigned long)auth_buf);
-+ free_page((unsigned long)auth_buf);
-+
-+ return ret;
-+}
-+
-+static int
-+__crypto_auth_run_zc(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
-+{
-+ struct crypt_auth_op *caop = &kcaop->caop;
-+ int ret;
-+
-+ if (caop->flags & COP_FLAG_AEAD_SRTP_TYPE) {
-+ ret = crypto_auth_zc_srtp(ses_ptr, kcaop);
-+ } else if (caop->flags & COP_FLAG_AEAD_TLS_TYPE) {
-+ ret = crypto_auth_zc_tls(ses_ptr, kcaop);
-+ } else {
-+ ret = crypto_auth_zc_aead(ses_ptr, kcaop);
- }
-
- return ret;
---
-2.7.4
-
diff --git a/recipes-kernel/cryptodev/sdk_patches/0002-refactoring-relocate-code-to-simplify-later-patches.patch b/recipes-kernel/cryptodev/sdk_patches/0002-refactoring-relocate-code-to-simplify-later-patches.patch
deleted file mode 100644
index b948c91..0000000
--- a/recipes-kernel/cryptodev/sdk_patches/0002-refactoring-relocate-code-to-simplify-later-patches.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From c2bf0e42b1d9fda60cde4a3a682784d349ef1c0b Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Thu, 4 May 2017 15:06:21 +0300
-Subject: [PATCH 2/9] refactoring: relocate code to simplify later patches
-
-This code move will simplify the conversion to new AEAD interface in
-next patches
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- authenc.c | 17 +++++++++--------
- 1 file changed, 9 insertions(+), 8 deletions(-)
-
-diff --git a/authenc.c b/authenc.c
-index 28eb0f9..95727b4 100644
---- a/authenc.c
-+++ b/authenc.c
-@@ -711,11 +711,18 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut
- return -ENOMEM;
- }
-
-+ ret = get_userbuf(ses_ptr, caop->src, caop->len, caop->dst, kcaop->dst_len,
-+ kcaop->task, kcaop->mm, &src_sg, &dst_sg);
-+ if (unlikely(ret)) {
-+ derr(1, "get_userbuf(): Error getting user pages.");
-+ goto free_auth_buf;
-+ }
-+
- if (caop->auth_src && caop->auth_len > 0) {
- if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
- derr(1, "unable to copy auth data from userspace.");
- ret = -EFAULT;
-- goto free_auth_buf;
-+ goto free_pages;
- }
-
- sg_init_one(&tmp, auth_buf, caop->auth_len);
-@@ -724,16 +731,10 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut
- auth_sg = NULL;
- }
-
-- ret = get_userbuf(ses_ptr, caop->src, caop->len, caop->dst, kcaop->dst_len,
-- kcaop->task, kcaop->mm, &src_sg, &dst_sg);
-- if (unlikely(ret)) {
-- derr(1, "get_userbuf(): Error getting user pages.");
-- goto free_auth_buf;
-- }
--
- ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
- src_sg, dst_sg, caop->len);
-
-+free_pages:
- release_user_pages(ses_ptr);
-
- free_auth_buf:
---
-2.7.4
-
diff --git a/recipes-kernel/cryptodev/sdk_patches/0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch b/recipes-kernel/cryptodev/sdk_patches/0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch
deleted file mode 100644
index ab3c7a8..0000000
--- a/recipes-kernel/cryptodev/sdk_patches/0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From a705360197260d28535746ae98c461ba2cfb7a9e Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Thu, 4 May 2017 15:06:22 +0300
-Subject: [PATCH 3/9] convert to new AEAD interface in kernels v4.2+
-
-The crypto API for AEAD ciphers changed in recent kernels so that
-associated data is now part of both source and destination scatter
-gathers. The source, destination and associated data buffers need
-to be stiched accordingly for the operations to succeed:
-
-src_sg: auth_buf + src_buf
-dst_sg: auth_buf + (dst_buf + tag space)
-
-This patch fixes a kernel crash observed with cipher-gcm test.
-
-See also kernel patch: 81c4c35eb61a69c229871c490b011c1171511d5a
- crypto: ccm - Convert to new AEAD interface
-
-Reported-by: Phil Sutter <phil@nwl.cc>
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- authenc.c | 40 ++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 38 insertions(+), 2 deletions(-)
-
-diff --git a/authenc.c b/authenc.c
-index 95727b4..692951f 100644
---- a/authenc.c
-+++ b/authenc.c
-@@ -688,12 +688,20 @@ free_auth_buf:
-
- static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
- {
-- struct scatterlist *dst_sg, *auth_sg, *src_sg;
-+ struct scatterlist *dst_sg;
-+ struct scatterlist *src_sg;
- struct crypt_auth_op *caop = &kcaop->caop;
- unsigned char *auth_buf = NULL;
-- struct scatterlist tmp;
- int ret;
-
-+#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 2, 0))
-+ struct scatterlist tmp;
-+ struct scatterlist *auth_sg;
-+#else
-+ struct scatterlist auth1[2];
-+ struct scatterlist auth2[2];
-+#endif
-+
- if (unlikely(ses_ptr->cdata.init == 0 ||
- (ses_ptr->cdata.stream == 0 && ses_ptr->cdata.aead == 0))) {
- derr(0, "Only stream and AEAD ciphers are allowed for authenc");
-@@ -718,6 +726,7 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut
- goto free_auth_buf;
- }
-
-+#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 2, 0))
- if (caop->auth_src && caop->auth_len > 0) {
- if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
- derr(1, "unable to copy auth data from userspace.");
-@@ -733,6 +742,33 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut
-
- ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
- src_sg, dst_sg, caop->len);
-+#else
-+ if (caop->auth_src && caop->auth_len > 0) {
-+ if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
-+ derr(1, "unable to copy auth data from userspace.");
-+ ret = -EFAULT;
-+ goto free_pages;
-+ }
-+
-+ sg_init_table(auth1, 2);
-+ sg_set_buf(auth1, auth_buf, caop->auth_len);
-+ sg_chain(auth1, 2, src_sg);
-+
-+ if (src_sg == dst_sg) {
-+ src_sg = auth1;
-+ dst_sg = auth1;
-+ } else {
-+ sg_init_table(auth2, 2);
-+ sg_set_buf(auth2, auth_buf, caop->auth_len);
-+ sg_chain(auth2, 2, dst_sg);
-+ src_sg = auth1;
-+ dst_sg = auth2;
-+ }
-+ }
-+
-+ ret = auth_n_crypt(ses_ptr, kcaop, NULL, caop->auth_len,
-+ src_sg, dst_sg, caop->len);
-+#endif
-
- free_pages:
- release_user_pages(ses_ptr);
---
-2.7.4
-
diff --git a/recipes-kernel/cryptodev/sdk_patches/0004-fix-type-of-returned-value.patch b/recipes-kernel/cryptodev/sdk_patches/0004-fix-type-of-returned-value.patch
deleted file mode 100644
index faad6cc..0000000
--- a/recipes-kernel/cryptodev/sdk_patches/0004-fix-type-of-returned-value.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 1d7c84838445981a06812869f8906bdef52e69eb Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 15 Feb 2016 18:27:35 +0200
-Subject: [PATCH 4/9] fix type of returned value
-
-The function is declared as unsigned int so we return an
-unsigned int as well
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- ioctl.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ioctl.c b/ioctl.c
-index 0385203..db7207a 100644
---- a/ioctl.c
-+++ b/ioctl.c
-@@ -1065,7 +1065,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
- static unsigned int cryptodev_poll(struct file *file, poll_table *wait)
- {
- struct crypt_priv *pcr = file->private_data;
-- int ret = 0;
-+ unsigned int ret = 0;
-
- poll_wait(file, &pcr->user_waiter, wait);
-
---
-2.7.4
-
diff --git a/recipes-kernel/cryptodev/sdk_patches/0005-remove-unnecessary-header-inclusion.patch b/recipes-kernel/cryptodev/sdk_patches/0005-remove-unnecessary-header-inclusion.patch
deleted file mode 100644
index f9c8f3a..0000000
--- a/recipes-kernel/cryptodev/sdk_patches/0005-remove-unnecessary-header-inclusion.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 00a686189f7e05d70a7184cd6218f7424ab21b0d Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 23 May 2017 15:28:58 +0300
-Subject: [PATCH 5/9] remove unnecessary header inclusion
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- zc.h | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/zc.h b/zc.h
-index 6f975d6..666c4a5 100644
---- a/zc.h
-+++ b/zc.h
-@@ -1,8 +1,6 @@
- #ifndef ZC_H
- # define ZC_H
-
--#include "cryptodev_int.h"
--
- /* For zero copy */
- int __get_userbuf(uint8_t __user *addr, uint32_t len, int write,
- unsigned int pgcount, struct page **pg, struct scatterlist *sg,
---
-2.7.4
-
diff --git a/recipes-kernel/cryptodev/sdk_patches/0006-move-structure-definition-to-cryptodev_int.h.patch b/recipes-kernel/cryptodev/sdk_patches/0006-move-structure-definition-to-cryptodev_int.h.patch
deleted file mode 100644
index 9a7ef3d..0000000
--- a/recipes-kernel/cryptodev/sdk_patches/0006-move-structure-definition-to-cryptodev_int.h.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 3245b0f9ed2085f6167068409fb344166093808c Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 23 May 2017 15:50:40 +0300
-Subject: [PATCH 6/9] move structure definition to cryptodev_int.h
-
-This is necessary for the rsa patch and makes this data structure
-visible to kernel_crypt_pkop structure which will be defined in
-cryptodev_int.h as well.
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- cryptlib.h | 6 ------
- cryptodev_int.h | 5 +++++
- 2 files changed, 5 insertions(+), 6 deletions(-)
-
-diff --git a/cryptlib.h b/cryptlib.h
-index 8e8aa71..48fe9bd 100644
---- a/cryptlib.h
-+++ b/cryptlib.h
-@@ -2,12 +2,6 @@
- # define CRYPTLIB_H
-
- #include <linux/version.h>
--
--struct cryptodev_result {
-- struct completion completion;
-- int err;
--};
--
- #include "cipherapi.h"
-
- struct cipher_data {
-diff --git a/cryptodev_int.h b/cryptodev_int.h
-index d7660fa..c1879fd 100644
---- a/cryptodev_int.h
-+++ b/cryptodev_int.h
-@@ -35,6 +35,11 @@
- #define ddebug(level, format, a...) dprintk(level, KERN_DEBUG, format, ##a)
-
-
-+struct cryptodev_result {
-+ struct completion completion;
-+ int err;
-+};
-+
- extern int cryptodev_verbosity;
-
- struct fcrypt {
---
-2.7.4
-
diff --git a/recipes-kernel/cryptodev/sdk_patches/0007-add-support-for-RSA-public-and-private-key-operation.patch b/recipes-kernel/cryptodev/sdk_patches/0007-add-support-for-RSA-public-and-private-key-operation.patch
deleted file mode 100644
index 803b90a..0000000
--- a/recipes-kernel/cryptodev/sdk_patches/0007-add-support-for-RSA-public-and-private-key-operation.patch
+++ /dev/null
@@ -1,440 +0,0 @@
-From 6213ae5228a2ff0bb3521474ae37effda95a5d46 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Fri, 12 May 2017 17:04:40 +0300
-Subject: [PATCH 7/9] add support for RSA public and private key operations
-
-Only form 1 support is added with this patch. To maintain
-compatibility with OpenBSD we need to reverse bignum buffers before
-giving them to the kernel. This adds an artificial performance
-penalty that can be resolved only with a CIOCKEY extension in
-cryptodev API.
-
-As of Linux kernel 4.12 it is not possible to give to the kernel
-directly a pointer to a RSA key structure and must resort to a BER
-encoding scheme.
-
-Support for private keys in form 3 (CRT) must wait for updates and
-fixes in Linux kernel crypto API.
-
-Known issue:
-Kernels <= v4.7 strip leading zeros from the result and we get padding
-errors from Openssl: RSA_EAY_PUBLIC_DECRYPT: padding check failed
-(Fixed with kernel commit "crypto: rsa - Generate fixed-length output"
-9b45b7bba3d22de52e09df63c50f390a193a3f53)
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- cryptlib.c | 234 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- cryptlib.h | 4 +-
- cryptodev_int.h | 17 ++++
- ioctl.c | 17 +++-
- main.c | 42 ++++++++++
- 5 files changed, 312 insertions(+), 2 deletions(-)
-
-diff --git a/cryptlib.c b/cryptlib.c
-index 2c6028e..1c044a4 100644
---- a/cryptlib.c
-+++ b/cryptlib.c
-@@ -37,6 +37,10 @@
- #include <crypto/authenc.h>
- #include "cryptodev_int.h"
- #include "cipherapi.h"
-+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
-+#include <linux/asn1_ber_bytecode.h>
-+#include <crypto/akcipher.h>
-+#endif
-
- extern const struct crypto_type crypto_givcipher_type;
-
-@@ -435,3 +439,233 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output)
- return waitfor(&hdata->async.result, ret);
- }
-
-+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
-+/* This function is necessary because the bignums in Linux kernel are MSB first
-+ * (big endian) as opposed to LSB first as OpenBSD crypto layer uses */
-+void reverse_buf(uint8_t *buf, size_t sz)
-+{
-+ int i;
-+ uint8_t *end;
-+ uint8_t tmp;
-+
-+ end = buf + sz;
-+
-+ for (i = 0; i < sz/2; i++) {
-+ end--;
-+
-+ tmp = *buf;
-+ *buf = *end;
-+ *end = tmp;
-+
-+ buf++;
-+ }
-+}
-+
-+int ber_wr_tag(uint8_t **ber_ptr, uint8_t tag)
-+{
-+ **ber_ptr = tag;
-+ *ber_ptr += 1;
-+
-+ return 0;
-+}
-+
-+int ber_wr_len(uint8_t **ber_ptr, size_t len, size_t sz)
-+{
-+ if (len < 127) {
-+ **ber_ptr = len;
-+ *ber_ptr += 1;
-+ } else {
-+ size_t sz_save = sz;
-+
-+ sz--;
-+ **ber_ptr = 0x80 | sz;
-+
-+ while (sz > 0) {
-+ *(*ber_ptr + sz) = len & 0xff;
-+ len >>= 8;
-+ sz--;
-+ }
-+ *ber_ptr += sz_save;
-+ }
-+
-+ return 0;
-+}
-+
-+int ber_wr_int(uint8_t **ber_ptr, uint8_t *crp_p, size_t sz)
-+{
-+ int ret;
-+
-+ ret = copy_from_user(*ber_ptr, crp_p, sz);
-+ reverse_buf(*ber_ptr, sz);
-+
-+ *ber_ptr += sz;
-+
-+ return ret;
-+}
-+
-+/* calculate the size of the length field itself in BER encoding */
-+size_t ber_enc_len(size_t len)
-+{
-+ size_t sz;
-+
-+ sz = 1;
-+ if (len > 127) { /* long encoding */
-+ while (len != 0) {
-+ len >>= 8;
-+ sz++;
-+ }
-+ }
-+
-+ return sz;
-+}
-+
-+void *cryptodev_alloc_rsa_pub_key(struct kernel_crypt_pkop *pkop,
-+ uint32_t *key_len)
-+{
-+ struct crypt_kop *cop = &pkop->pkop;
-+ uint8_t *ber_key;
-+ uint8_t *ber_ptr;
-+ uint32_t ber_key_len;
-+ size_t s_sz;
-+ size_t e_sz;
-+ size_t n_sz;
-+ size_t s_enc_len;
-+ size_t e_enc_len;
-+ size_t n_enc_len;
-+ int err;
-+
-+ /* BER public key format:
-+ * SEQUENCE TAG 1 byte
-+ * SEQUENCE LENGTH s_enc_len bytes
-+ * INTEGER TAG 1 byte
-+ * INTEGER LENGTH n_enc_len bytes
-+ * INTEGER (n modulus) n_sz bytes
-+ * INTEGER TAG 1 byte
-+ * INTEGER LENGTH e_enc_len bytes
-+ * INTEGER (e exponent) e_sz bytes
-+ */
-+
-+ e_sz = (cop->crk_param[1].crp_nbits + 7)/8;
-+ n_sz = (cop->crk_param[2].crp_nbits + 7)/8;
-+
-+ e_enc_len = ber_enc_len(e_sz);
-+ n_enc_len = ber_enc_len(n_sz);
-+
-+ /*
-+ * Sequence length is the size of all the fields following the sequence
-+ * tag, added together. The two added bytes account for the two INT
-+ * tags in the Public Key sequence
-+ */
-+ s_sz = e_sz + e_enc_len + n_sz + n_enc_len + 2;
-+ s_enc_len = ber_enc_len(s_sz);
-+
-+ /* The added byte accounts for the SEQ tag at the start of the key */
-+ ber_key_len = s_sz + s_enc_len + 1;
-+
-+ /* Linux asn1_ber_decoder doesn't like keys that are too large */
-+ if (ber_key_len > 65535) {
-+ return NULL;
-+ }
-+
-+ ber_key = kmalloc(ber_key_len, GFP_DMA);
-+ if (!ber_key) {
-+ return NULL;
-+ }
-+
-+ ber_ptr = ber_key;
-+
-+ err = ber_wr_tag(&ber_ptr, _tag(UNIV, CONS, SEQ)) ||
-+ ber_wr_len(&ber_ptr, s_sz, s_enc_len) ||
-+ ber_wr_tag(&ber_ptr, _tag(UNIV, PRIM, INT)) ||
-+ ber_wr_len(&ber_ptr, n_sz, n_enc_len) ||
-+ ber_wr_int(&ber_ptr, cop->crk_param[2].crp_p, n_sz) ||
-+ ber_wr_tag(&ber_ptr, _tag(UNIV, PRIM, INT)) ||
-+ ber_wr_len(&ber_ptr, e_sz, e_enc_len) ||
-+ ber_wr_int(&ber_ptr, cop->crk_param[1].crp_p, e_sz);
-+ if (err != 0) {
-+ goto free_key;
-+ }
-+
-+ *key_len = ber_key_len;
-+ return ber_key;
-+
-+free_key:
-+ kfree(ber_key);
-+ return NULL;
-+}
-+
-+int crypto_bn_modexp(struct kernel_crypt_pkop *pkop)
-+{
-+ struct crypt_kop *cop = &pkop->pkop;
-+ uint8_t *ber_key;
-+ uint32_t ber_key_len;
-+ size_t m_sz;
-+ size_t c_sz;
-+ size_t c_sz_max;
-+ uint8_t *m_buf;
-+ uint8_t *c_buf;
-+ struct scatterlist src;
-+ struct scatterlist dst;
-+ int err;
-+
-+ ber_key = cryptodev_alloc_rsa_pub_key(pkop, &ber_key_len);
-+ if (!ber_key) {
-+ return -ENOMEM;
-+ }
-+
-+ err = crypto_akcipher_set_pub_key(pkop->s, ber_key, ber_key_len);
-+ if (err != 0) {
-+ goto free_key;
-+ }
-+
-+ m_sz = (cop->crk_param[0].crp_nbits + 7)/8;
-+ c_sz = (cop->crk_param[3].crp_nbits + 7)/8;
-+
-+ m_buf = kmalloc(m_sz, GFP_DMA);
-+ if (!m_buf) {
-+ err = -ENOMEM;
-+ goto free_key;
-+ }
-+
-+ err = copy_from_user(m_buf, cop->crk_param[0].crp_p, m_sz);
-+ if (err != 0) {
-+ goto free_m_buf;
-+ }
-+ reverse_buf(m_buf, m_sz);
-+
-+ c_sz_max = crypto_akcipher_maxsize(pkop->s);
-+ if (c_sz > c_sz_max) {
-+ err = -EINVAL;
-+ goto free_m_buf;
-+ }
-+
-+ c_buf = kzalloc(c_sz_max, GFP_KERNEL);
-+ if (!c_buf) {
-+ goto free_m_buf;
-+ }
-+
-+ sg_init_one(&src, m_buf, m_sz);
-+ sg_init_one(&dst, c_buf, c_sz);
-+
-+ init_completion(&pkop->result.completion);
-+ akcipher_request_set_callback(pkop->req, 0,
-+ cryptodev_complete, &pkop->result);
-+ akcipher_request_set_crypt(pkop->req, &src, &dst, m_sz, c_sz);
-+
-+ err = crypto_akcipher_encrypt(pkop->req);
-+ err = waitfor(&pkop->result, err);
-+
-+ if (err == 0) {
-+ reverse_buf(c_buf, c_sz);
-+ err = copy_to_user(cop->crk_param[3].crp_p, c_buf, c_sz);
-+ }
-+
-+ kfree(c_buf);
-+free_m_buf:
-+ kfree(m_buf);
-+free_key:
-+ kfree(ber_key);
-+
-+ return err;
-+}
-+#endif
-diff --git a/cryptlib.h b/cryptlib.h
-index 48fe9bd..f909c34 100644
---- a/cryptlib.h
-+++ b/cryptlib.h
-@@ -95,6 +95,8 @@ int cryptodev_hash_reset(struct hash_data *hdata);
- void cryptodev_hash_deinit(struct hash_data *hdata);
- int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name,
- int hmac_mode, void *mackey, size_t mackeylen);
--
-+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
-+int crypto_bn_modexp(struct kernel_crypt_pkop *pkop);
-+#endif
-
- #endif
-diff --git a/cryptodev_int.h b/cryptodev_int.h
-index c1879fd..7860c39 100644
---- a/cryptodev_int.h
-+++ b/cryptodev_int.h
-@@ -19,6 +19,10 @@
- #include <linux/scatterlist.h>
- #include <crypto/cryptodev.h>
- #include <crypto/aead.h>
-+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
-+#include <crypto/internal/rsa.h>
-+#endif
-+
-
- #define PFX "cryptodev: "
- #define dprintk(level, severity, format, a...) \
-@@ -111,6 +115,18 @@ struct kernel_crypt_auth_op {
- struct mm_struct *mm;
- };
-
-+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
-+struct kernel_crypt_pkop {
-+ struct crypt_kop pkop;
-+
-+ struct crypto_akcipher *s; /* Transform pointer from CryptoAPI */
-+ struct akcipher_request *req; /* PKC request allocated from CryptoAPI */
-+ struct cryptodev_result result; /* updated by completion handler */
-+};
-+
-+int crypto_run_asym(struct kernel_crypt_pkop *pkop);
-+#endif
-+
- /* auth */
-
- int kcaop_from_user(struct kernel_crypt_auth_op *kcop,
-@@ -122,6 +138,7 @@ int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop);
-
- #include <cryptlib.h>
-
-+
- /* other internal structs */
- struct csession {
- struct list_head entry;
-diff --git a/ioctl.c b/ioctl.c
-index db7207a..8b0df4e 100644
---- a/ioctl.c
-+++ b/ioctl.c
-@@ -810,6 +810,9 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
- struct session_op sop;
- struct kernel_crypt_op kcop;
- struct kernel_crypt_auth_op kcaop;
-+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
-+ struct kernel_crypt_pkop pkop;
-+#endif
- struct crypt_priv *pcr = filp->private_data;
- struct fcrypt *fcr;
- struct session_info_op siop;
-@@ -823,7 +826,11 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
-
- switch (cmd) {
- case CIOCASYMFEAT:
-- return put_user(0, p);
-+ ses = 0;
-+ if (crypto_has_alg("rsa", 0, 0)) {
-+ ses = CRF_MOD_EXP;
-+ }
-+ return put_user(ses, p);
- case CRIOGET:
- fd = clonefd(filp);
- ret = put_user(fd, p);
-@@ -859,6 +866,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
- if (unlikely(ret))
- return ret;
- return copy_to_user(arg, &siop, sizeof(siop));
-+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
-+ case CIOCKEY:
-+ ret = copy_from_user(&pkop.pkop, arg, sizeof(struct crypt_kop));
-+ if (ret == 0) {
-+ ret = crypto_run_asym(&pkop);
-+ }
-+ return ret;
-+#endif
- case CIOCCRYPT:
- if (unlikely(ret = kcop_from_user(&kcop, fcr, arg))) {
- dwarning(1, "Error copying from user");
-diff --git a/main.c b/main.c
-index 57e5c38..2bfe6f0 100644
---- a/main.c
-+++ b/main.c
-@@ -48,6 +48,9 @@
- #include "zc.h"
- #include "cryptlib.h"
- #include "version.h"
-+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
-+#include <crypto/akcipher.h>
-+#endif
-
- /* This file contains the traditional operations of encryption
- * and hashing of /dev/crypto.
-@@ -265,3 +268,42 @@ out_unlock:
- crypto_put_session(ses_ptr);
- return ret;
- }
-+
-+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
-+int crypto_run_asym(struct kernel_crypt_pkop *pkop)
-+{
-+ int err;
-+
-+ pkop->s = crypto_alloc_akcipher("rsa", 0, 0);
-+ if (IS_ERR(pkop->s)) {
-+ return PTR_ERR(pkop->s);
-+ }
-+
-+ pkop->req = akcipher_request_alloc(pkop->s, GFP_KERNEL);
-+ if (pkop->req == NULL) {
-+ err = -ENOMEM;
-+ goto out_free_tfm;
-+ }
-+
-+ switch (pkop->pkop.crk_op) {
-+ case CRK_MOD_EXP: /* RSA_PUB or PRIV form 1 */
-+ if (pkop->pkop.crk_iparams != 3 && pkop->pkop.crk_oparams != 1) {
-+ err = -EINVAL;
-+ goto out_free_req;
-+ }
-+ err = crypto_bn_modexp(pkop);
-+ break;
-+ default:
-+ err = -EINVAL;
-+ break;
-+ }
-+
-+out_free_req:
-+ kfree(pkop->req);
-+
-+out_free_tfm:
-+ crypto_free_akcipher(pkop->s);
-+
-+ return err;
-+}
-+#endif
---
-2.7.4
-
diff --git a/recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch b/recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch
deleted file mode 100644
index 1fce558..0000000
--- a/recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From ec2529027a6565fdede79e7bda4a0232757acf70 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Wed, 14 Jun 2017 11:23:18 +0300
-Subject: [PATCH 8/9] check session flags early to avoid incorrect failure
- modes
-
-This verification of aead flag was incorrectly removed in
-"refactoring: split big function to simplify maintainance"
-20dcf071bc3076ee7db9d603cfbe6a06e86c7d5f
-resulting in an incorrect dispatching of functions.
-
-Add back this check and at the same time remove the second check from
-the called function which now becomes redundant.
-Add another guard check for aead modes and reject not supported combinations.
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- authenc.c | 11 +++++------
- 1 file changed, 5 insertions(+), 6 deletions(-)
-
-diff --git a/authenc.c b/authenc.c
-index 692951f..fc32f43 100644
---- a/authenc.c
-+++ b/authenc.c
-@@ -643,10 +643,6 @@ static int crypto_auth_zc_tls(struct csession *ses_ptr, struct kernel_crypt_auth
- struct scatterlist tmp;
- int ret;
-
-- if (unlikely(ses_ptr->cdata.aead != 0)) {
-- return -EINVAL;
-- }
--
- if (unlikely(caop->auth_len > PAGE_SIZE)) {
- derr(1, "auth data len is excessive.");
- return -EINVAL;
-@@ -787,10 +783,13 @@ __crypto_auth_run_zc(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcao
-
- if (caop->flags & COP_FLAG_AEAD_SRTP_TYPE) {
- ret = crypto_auth_zc_srtp(ses_ptr, kcaop);
-- } else if (caop->flags & COP_FLAG_AEAD_TLS_TYPE) {
-+ } else if (caop->flags & COP_FLAG_AEAD_TLS_TYPE &&
-+ ses_ptr->cdata.aead == 0) {
- ret = crypto_auth_zc_tls(ses_ptr, kcaop);
-- } else {
-+ } else if (ses_ptr->cdata.aead) {
- ret = crypto_auth_zc_aead(ses_ptr, kcaop);
-+ } else {
-+ ret = -EINVAL;
- }
-
- return ret;
---
-2.7.4
-
diff --git a/recipes-kernel/cryptodev/sdk_patches/0009-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch b/recipes-kernel/cryptodev/sdk_patches/0009-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch
deleted file mode 100644
index 795abdf..0000000
--- a/recipes-kernel/cryptodev/sdk_patches/0009-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From f365c69d7852d6579952825c9f90a27129f92d22 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 13 Jun 2017 11:13:33 +0300
-Subject: [PATCH 9/9] add support for composite TLS10(SHA1,AES) algorithm
- offload
-
-This adds support for composite algorithm offload as a primitive
-crypto (cipher + hmac) operation.
-
-It requires kernel support for tls10(hmac(sha1),cbc(aes)) algorithm
-provided either in software or accelerated by hardware such as
-Freescale B*, P* and T* platforms.
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/cryptodev.h | 1 +
- ioctl.c | 5 +++++
- 2 files changed, 6 insertions(+)
-
-diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
-index 7fb9c7d..c0e8cd4 100644
---- a/crypto/cryptodev.h
-+++ b/crypto/cryptodev.h
-@@ -50,6 +50,7 @@ enum cryptodev_crypto_op_t {
- CRYPTO_SHA2_384,
- CRYPTO_SHA2_512,
- CRYPTO_SHA2_224_HMAC,
-+ CRYPTO_TLS10_AES_CBC_HMAC_SHA1,
- CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
- };
-
-diff --git a/ioctl.c b/ioctl.c
-index 8b0df4e..998f51a 100644
---- a/ioctl.c
-+++ b/ioctl.c
-@@ -159,6 +159,11 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
- stream = 1;
- aead = 1;
- break;
-+ case CRYPTO_TLS10_AES_CBC_HMAC_SHA1:
-+ alg_name = "tls10(hmac(sha1),cbc(aes))";
-+ stream = 0;
-+ aead = 1;
-+ break;
- case CRYPTO_NULL:
- alg_name = "ecb(cipher_null)";
- stream = 1;
---
-2.7.4
-
--
1.9.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/4] openssl-qoriq: update recipes
2017-11-15 5:26 [PATCH 1/4] cryptodev: update recipes Chunrong Guo
@ 2017-11-15 5:26 ` Chunrong Guo
2017-11-15 5:26 ` [PATCH 3/4] ls1012ardb-32b: update DTB_LOAD Chunrong Guo
2017-11-15 5:26 ` [PATCH 4/4] ls1012afrdm-32b: " Chunrong Guo
2 siblings, 0 replies; 4+ messages in thread
From: Chunrong Guo @ 2017-11-15 5:26 UTC (permalink / raw)
To: meta-freescale; +Cc: chunrong.guo
From: Chunrong Guo <chunrong.guo@nxp.com>
*Update URL to fetch qoriq-open-source github
*Update to b9e6572
This includes the following changes:
b9e6572 - eng_cryptodev: add support for TLS algorithms offload
b3a3bab - Prepare for 1.0.2l release
539c4d3 - make update
cde19ec - Update CHANGES and NEWS for new release
8ded5f1 - Ignore -rle and -comp when compiled with OPENSSL_NO_COMP. Fixes make test when configured with no-comp.
d130456 - Fix regression in openssl req -x509 behaviour.
7c300b9 - Remove notification settings from appveyor.yml
b020bf6 - Remove dead code.
ea3fc60 - Copy custom extension flags in a call to SSL_set_SSL_CTX()
4ae5993 - perlasm/x86_64-xlate.pl: work around problem with hex constants in masm.
16d78fb - Fix some error path logic in i2v_AUTHORITY_INFO_ACCESS and i2v_GENERAL_NAME
6b8fa5b - RT2867: des_ede3_cfb1 ignored "size in bits" flag
5453820 - Fix URL links in comment
d2335f3 - Fix time offset calculation.
13f70ae - Check fflush on BIO_ctrl call
de46e82 - Remove unnecessary loop in pkey_rsa_decrypt.
b99f102 - check length sanity before correcting in EVP_CTRL_AEAD_TLS1_AAD
fb2345a - Annotate ASN.1 attributes of the jurisdictionCountryName NID
60a70a5 - Fixed typo in X509_STORE_CTX_new description
74bcd77 - Numbers greater than 1 are usually non-negative.
e8f2e2f - pkeyutl exit with 0 if the verification succeeded
71d66c4 - Additional check to handle BAD SSL_write retry
a91bfe2 - crypto/ppccap.c: SIGILL-free processor capabilities detection on MacOS X.
3f524f7 - Ensure dhparams can handle X9.42 params in DER
1f3b0fe - Add missing macros for DHxparams
248cf95 - Fix for #2730. Add CRLDP extension to list of supported extensions
d75c56f - Free the compression methods in s_server and s_client
4bc46d - doc: Add stitched ciphers to EVP_EncryptInit.pod
8625e92 - doc: Add missing options in s_{server,client}
62f488d - Fix the error handling in CRYPTO_dup_ex_data.
144ab9b - Add documentation for SNI APIs
*Openssl git includes all qoriq patches so remove qoriq patches folder
Signed-off-by: Chunrong Guo <chunrong.guo@nxp.com>
---
recipes-connectivity/openssl/openssl-qoriq.inc | 6 +-
...double-initialization-of-cryptodev-engine.patch | 69 -
...ev-add-support-for-TLS-algorithms-offload.patch | 343 ----
...0003-cryptodev-fix-algorithm-registration.patch | 61 -
| 319 ---
...itial-support-for-PKC-in-cryptodev-engine.patch | 1578 ---------------
...006-Added-hwrng-dev-file-as-source-of-RNG.patch | 28 -
...s-interface-added-for-PKC-cryptodev-inter.patch | 2050 --------------------
...gen-operation-and-support-gendsa-command-.patch | 155 --
.../openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch | 64 -
.../0010-Removed-local-copy-of-curve_t-type.patch | 163 --
...us-parameter-is-not-populated-by-dhparams.patch | 43 -
.../0012-SW-Backoff-mechanism-for-dsa-keygen.patch | 53 -
.../0013-Fixed-DH-keygen-pair-generator.patch | 100 -
...dd-support-for-aes-gcm-algorithm-offloadi.patch | 321 ---
...ev-extend-TLS-offload-with-3des_cbc_hmac_.patch | 199 --
...ev-add-support-for-TLSv1.1-record-offload.patch | 338 ----
...ev-add-support-for-TLSv1.2-record-offload.patch | 377 ----
.../0018-cryptodev-drop-redundant-function.patch | 72 -
...yptodev-do-not-zero-the-buffer-before-use.patch | 48 -
.../0020-cryptodev-clean-up-code-layout.patch | 73 -
...odev-do-not-cache-file-descriptor-in-open.patch | 93 -
...cryptodev-put_dev_crypto-should-be-an-int.patch | 35 -
...todev-simplify-cryptodev-pkc-support-code.patch | 260 ---
...larify-code-remove-assignments-from-condi.patch | 37 -
...lean-up-context-state-before-anything-els.patch | 34 -
...emove-code-duplication-in-digest-operatio.patch | 155 --
...ut-all-digest-ioctls-into-a-single-functi.patch | 108 --
.../0028-cryptodev-fix-debug-print-messages.patch | 90 -
...-use-CIOCHASH-ioctl-for-digest-operations.patch | 91 -
...educe-duplicated-efforts-for-searching-in.patch | 106 -
...cryptodev-remove-not-used-local-variables.patch | 46 -
...odev-hide-not-used-variable-behind-ifndef.patch | 27 -
...3-cryptodev-fix-function-declaration-typo.patch | 26 -
...ryptodev-fix-incorrect-function-signature.patch | 26 -
...ix-warnings-on-excess-elements-in-struct-.patch | 110 --
.../0036-cryptodev-fix-free-on-error-path.patch | 46 -
.../0037-cryptodev-fix-return-value-on-error.patch | 28 -
...38-cryptodev-match-types-with-cryptodev.h.patch | 29 -
...ptodev-explicitly-discard-const-qualifier.patch | 30 -
.../0040-cryptodev-replace-caddr_t-with-void.patch | 95 -
...heck-for-errors-inside-cryptodev_rsa_mod_.patch | 49 -
...heck-for-errors-inside-cryptodev_rsa_mod_.patch | 69 -
...heck-for-errors-inside-cryptodev_dh_compu.patch | 52 -
...heck-for-errors-inside-cryptodev_dh_compu.patch | 76 -
...change-signature-for-conversion-functions.patch | 38 -
...add-explicit-cast-for-known-BIGNUM-values.patch | 26 -
...ptodev-treat-all-build-warnings-as-errors.patch | 28 -
...is-used-uninitialized-warning-on-some-com.patch | 29 -
.../openssl/openssl-qoriq_1.0.2l.bb | 11 +-
50 files changed, 5 insertions(+), 8305 deletions(-)
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch
diff --git a/recipes-connectivity/openssl/openssl-qoriq.inc b/recipes-connectivity/openssl/openssl-qoriq.inc
index 306da3a..d7e4e33 100644
--- a/recipes-connectivity/openssl/openssl-qoriq.inc
+++ b/recipes-connectivity/openssl/openssl-qoriq.inc
@@ -22,9 +22,9 @@ python() {
d.appendVar("RREPLACES_%s" % p, p.replace('openssl-qoriq', 'openssl'))
}
-SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
- "
-S = "${WORKDIR}/openssl-${PV}"
+SRC_URI = "git://github.com/qoriq-open-source/openssl.git;nobranch=1"
+
+S = "${WORKDIR}/git"
PACKAGECONFIG[perl] = ",,,"
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch
deleted file mode 100644
index 67314cd..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From 90d5822f09f0b6a0f1d8d2e7189e702a18686ab7 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@freescale.com>
-Date: Tue, 10 Sep 2013 12:46:46 +0300
-Subject: [PATCH 01/48] remove double initialization of cryptodev engine
-
-cryptodev engine is initialized together with the other engines in
-ENGINE_load_builtin_engines. The initialization done through
-OpenSSL_add_all_algorithms is redundant.
-
-Change-Id: Ic9488500967595543ff846f147b36f383db7cb27
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/17222
----
- crypto/engine/eng_all.c | 12 ------------
- crypto/engine/engine.h | 4 ----
- util/libeay.num | 2 +-
- 3 files changed, 1 insertion(+), 17 deletions(-)
-
-diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
-index 48ad0d2..a198c5f 100644
---- a/crypto/engine/eng_all.c
-+++ b/crypto/engine/eng_all.c
-@@ -122,15 +122,3 @@ void ENGINE_load_builtin_engines(void)
- #endif
- ENGINE_register_all_complete();
- }
--
--#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
--void ENGINE_setup_bsd_cryptodev(void)
--{
-- static int bsd_cryptodev_default_loaded = 0;
-- if (!bsd_cryptodev_default_loaded) {
-- ENGINE_load_cryptodev();
-- ENGINE_register_all_complete();
-- }
-- bsd_cryptodev_default_loaded = 1;
--}
--#endif
-diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
-index bd7b591..020d912 100644
---- a/crypto/engine/engine.h
-+++ b/crypto/engine/engine.h
-@@ -857,10 +857,6 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id,
- */
- void *ENGINE_get_static_state(void);
-
--# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
--void ENGINE_setup_bsd_cryptodev(void);
--# endif
--
- /* BEGIN ERROR CODES */
- /*
- * The following lines are auto generated by the script mkerr.pl. Any changes
-diff --git a/util/libeay.num b/util/libeay.num
-index 2094ab3..2742cf5 100755
---- a/util/libeay.num
-+++ b/util/libeay.num
-@@ -2805,7 +2805,7 @@ BIO_indent 3242 EXIST::FUNCTION:
- BUF_strlcpy 3243 EXIST::FUNCTION:
- OpenSSLDie 3244 EXIST::FUNCTION:
- OPENSSL_cleanse 3245 EXIST::FUNCTION:
--ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE
-+ENGINE_setup_bsd_cryptodev 3246 NOEXIST::FUNCTION:
- ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH
- EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES
- FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION:
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
deleted file mode 100644
index a5c0f6d..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
+++ /dev/null
@@ -1,343 +0,0 @@
-From 305ab3fd8a8620fd11f7aef7e42170ba205040a9 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@freescale.com>
-Date: Thu, 29 Aug 2013 16:51:18 +0300
-Subject: [PATCH 02/48] eng_cryptodev: add support for TLS algorithms offload
-
-- aes-128-cbc-hmac-sha1
-- aes-256-cbc-hmac-sha1
-
-Requires TLS patches on cryptodev and TLS algorithm support in Linux
-kernel driver.
-
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 226 ++++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 215 insertions(+), 11 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 2a2b95c..d4da7fb 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -72,6 +72,9 @@ void ENGINE_load_cryptodev(void)
- struct dev_crypto_state {
- struct session_op d_sess;
- int d_fd;
-+ unsigned char *aad;
-+ unsigned int aad_len;
-+ unsigned int len;
- # ifdef USE_CRYPTODEV_DIGESTS
- char dummy_mac_key[HASH_MAX_LEN];
- unsigned char digest_res[HASH_MAX_LEN];
-@@ -142,24 +145,25 @@ static struct {
- int nid;
- int ivmax;
- int keylen;
-+ int mackeylen;
- } ciphers[] = {
- {
-- CRYPTO_ARC4, NID_rc4, 0, 16,
-+ CRYPTO_ARC4, NID_rc4, 0, 16, 0
- },
- {
-- CRYPTO_DES_CBC, NID_des_cbc, 8, 8,
-+ CRYPTO_DES_CBC, NID_des_cbc, 8, 8, 0
- },
- {
-- CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24,
-+ CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, 0
- },
- {
-- CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16,
-+ CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, 0
- },
- {
-- CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24,
-+ CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, 0
- },
- {
-- CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32,
-+ CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, 0
- },
- # ifdef CRYPTO_AES_CTR
- {
-@@ -173,16 +177,22 @@ static struct {
- },
- # endif
- {
-- CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16,
-+ CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, 0
- },
- {
-- CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16,
-+ CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0
- },
- {
-- CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0,
-+ CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0
- },
- {
-- 0, NID_undef, 0, 0,
-+ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20
-+ },
-+ {
-+ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20
-+ },
-+ {
-+ 0, NID_undef, 0, 0, 0
- },
- };
-
-@@ -296,13 +306,15 @@ static int get_cryptodev_ciphers(const int **cnids)
- }
- memset(&sess, 0, sizeof(sess));
- sess.key = (caddr_t) "123456789abcdefghijklmno";
-+ sess.mackey = (caddr_t) "123456789ABCDEFGHIJKLMNO";
-
- for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
- if (ciphers[i].nid == NID_undef)
- continue;
- sess.cipher = ciphers[i].id;
- sess.keylen = ciphers[i].keylen;
-- sess.mac = 0;
-+ sess.mackeylen = ciphers[i].mackeylen;
-+
- if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
- ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
- nids[count++] = ciphers[i].nid;
-@@ -458,6 +470,66 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- return (1);
- }
-
-+static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t len)
-+{
-+ struct crypt_auth_op cryp;
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ struct session_op *sess = &state->d_sess;
-+ const void *iiv;
-+ unsigned char save_iv[EVP_MAX_IV_LENGTH];
-+
-+ if (state->d_fd < 0)
-+ return (0);
-+ if (!len)
-+ return (1);
-+ if ((len % ctx->cipher->block_size) != 0)
-+ return (0);
-+
-+ memset(&cryp, 0, sizeof(cryp));
-+
-+ /* TODO: make a seamless integration with cryptodev flags */
-+ switch (ctx->cipher->nid) {
-+ case NID_aes_128_cbc_hmac_sha1:
-+ case NID_aes_256_cbc_hmac_sha1:
-+ cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
-+ }
-+ cryp.ses = sess->ses;
-+ cryp.len = state->len;
-+ cryp.src = (caddr_t) in;
-+ cryp.dst = (caddr_t) out;
-+ cryp.auth_src = state->aad;
-+ cryp.auth_len = state->aad_len;
-+
-+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-+
-+ if (ctx->cipher->iv_len) {
-+ cryp.iv = (caddr_t) ctx->iv;
-+ if (!ctx->encrypt) {
-+ iiv = in + len - ctx->cipher->iv_len;
-+ memcpy(save_iv, iiv, ctx->cipher->iv_len);
-+ }
-+ } else
-+ cryp.iv = NULL;
-+
-+ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
-+ /*
-+ * XXX need better errror handling this can fail for a number of
-+ * different reasons.
-+ */
-+ return (0);
-+ }
-+
-+ if (ctx->cipher->iv_len) {
-+ if (ctx->encrypt)
-+ iiv = out + len - ctx->cipher->iv_len;
-+ else
-+ iiv = save_iv;
-+ memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
-+ }
-+ return (1);
-+}
-+
- static int
- cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
-@@ -497,6 +569,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- }
-
- /*
-+ * Save the encryption key provided by upper layers. This function is called
-+ * by EVP_CipherInit_ex to initialize the algorithm's extra data. We can't do
-+ * much here because the mac key is not available. The next call should/will
-+ * be to cryptodev_cbc_hmac_sha1_ctrl with parameter
-+ * EVP_CTRL_AEAD_SET_MAC_KEY, to set the hmac key. There we call CIOCGSESSION
-+ * with both the crypto and hmac keys.
-+ */
-+static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx,
-+ const unsigned char *key,
-+ const unsigned char *iv, int enc)
-+{
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ struct session_op *sess = &state->d_sess;
-+ int cipher = -1, i;
-+
-+ for (i = 0; ciphers[i].id; i++)
-+ if (ctx->cipher->nid == ciphers[i].nid &&
-+ ctx->cipher->iv_len <= ciphers[i].ivmax &&
-+ ctx->key_len == ciphers[i].keylen) {
-+ cipher = ciphers[i].id;
-+ break;
-+ }
-+
-+ if (!ciphers[i].id) {
-+ state->d_fd = -1;
-+ return (0);
-+ }
-+
-+ memset(sess, 0, sizeof(struct session_op));
-+
-+ sess->key = (caddr_t) key;
-+ sess->keylen = ctx->key_len;
-+ sess->cipher = cipher;
-+
-+ /* for whatever reason, (1) means success */
-+ return (1);
-+}
-+
-+/*
- * free anything we allocated earlier when initting a
- * session, and close the session.
- */
-@@ -530,6 +641,63 @@ static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
- return (ret);
- }
-
-+static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
-+ int arg, void *ptr)
-+{
-+ switch (type) {
-+ case EVP_CTRL_AEAD_SET_MAC_KEY:
-+ {
-+ /* TODO: what happens with hmac keys larger than 64 bytes? */
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ struct session_op *sess = &state->d_sess;
-+
-+ if ((state->d_fd = get_dev_crypto()) < 0)
-+ return (0);
-+
-+ /* the rest should have been set in cryptodev_init_aead_key */
-+ sess->mackey = ptr;
-+ sess->mackeylen = arg;
-+
-+ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
-+ put_dev_crypto(state->d_fd);
-+ state->d_fd = -1;
-+ return (0);
-+ }
-+ return (1);
-+ }
-+ case EVP_CTRL_AEAD_TLS1_AAD:
-+ {
-+ /* ptr points to the associated data buffer of 13 bytes */
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ unsigned char *p = ptr;
-+ unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
-+ unsigned int maclen, padlen;
-+ unsigned int bs = ctx->cipher->block_size;
-+
-+ state->aad = ptr;
-+ state->aad_len = arg;
-+ state->len = cryptlen;
-+
-+ /* TODO: this should be an extension of EVP_CIPHER struct */
-+ switch (ctx->cipher->nid) {
-+ case NID_aes_128_cbc_hmac_sha1:
-+ case NID_aes_256_cbc_hmac_sha1:
-+ maclen = SHA_DIGEST_LENGTH;
-+ }
-+
-+ /* space required for encryption (not only TLS padding) */
-+ padlen = maclen;
-+ if (ctx->encrypt) {
-+ cryptlen += maclen;
-+ padlen += bs - (cryptlen % bs);
-+ }
-+ return padlen;
-+ }
-+ default:
-+ return -1;
-+ }
-+}
-+
- /*
- * libcrypto EVP stuff - this is how we get wired to EVP so the engine
- * gets called when libcrypto requests a cipher NID.
-@@ -642,6 +810,34 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
- NULL
- };
-
-+const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
-+ NID_aes_128_cbc_hmac_sha1,
-+ 16, 16, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
-+ NID_aes_256_cbc_hmac_sha1,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
- # ifdef CRYPTO_AES_CTR
- const EVP_CIPHER cryptodev_aes_ctr = {
- NID_aes_128_ctr,
-@@ -730,6 +926,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- *cipher = &cryptodev_aes_ctr_256;
- break;
- # endif
-+ case NID_aes_128_cbc_hmac_sha1:
-+ *cipher = &cryptodev_aes_128_cbc_hmac_sha1;
-+ break;
-+ case NID_aes_256_cbc_hmac_sha1:
-+ *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
-+ break;
- default:
- *cipher = NULL;
- break;
-@@ -1485,6 +1687,8 @@ void ENGINE_load_cryptodev(void)
- }
- put_dev_crypto(fd);
-
-+ EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
-+ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
- if (!ENGINE_set_id(engine, "cryptodev") ||
- !ENGINE_set_name(engine, "BSD cryptodev engine") ||
- !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch
deleted file mode 100644
index c53ffc9..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From ce6fa215fa58e7ca7a81c70ce8c91f871a20a9dd Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@freescale.com>
-Date: Thu, 31 Jul 2014 14:06:19 +0300
-Subject: [PATCH 03/48] cryptodev: fix algorithm registration
-
-Cryptodev specific algorithms must register only if available in kernel.
-
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
-Reviewed-by: Horia Ioan Geanta Neag <horia.geanta@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 20 +++++++++++++++++---
- 1 file changed, 17 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index d4da7fb..49ed638 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -135,6 +135,8 @@ static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
- static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
- void (*f) (void));
- void ENGINE_load_cryptodev(void);
-+const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
-
- static const ENGINE_CMD_DEFN cryptodev_defns[] = {
- {0, NULL, NULL, 0}
-@@ -390,7 +392,21 @@ static int get_cryptodev_digests(const int **cnids)
- */
- static int cryptodev_usable_ciphers(const int **nids)
- {
-- return (get_cryptodev_ciphers(nids));
-+ int i, count;
-+
-+ count = get_cryptodev_ciphers(nids);
-+ /* add ciphers specific to cryptodev if found in kernel */
-+ for (i = 0; i < count; i++) {
-+ switch (*(*nids + i)) {
-+ case NID_aes_128_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
-+ break;
-+ case NID_aes_256_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
-+ break;
-+ }
-+ }
-+ return count;
- }
-
- static int cryptodev_usable_digests(const int **nids)
-@@ -1687,8 +1703,6 @@ void ENGINE_load_cryptodev(void)
- }
- put_dev_crypto(fd);
-
-- EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
-- EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
- if (!ENGINE_set_id(engine, "cryptodev") ||
- !ENGINE_set_name(engine, "BSD cryptodev engine") ||
- !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch
deleted file mode 100644
index 5b6fda1..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch
+++ /dev/null
@@ -1,319 +0,0 @@
-From 63ed25dadde23d01eaac6f4c4dae463ba4d7c368 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta@freescale.com>
-Date: Tue, 11 Mar 2014 05:56:54 +0545
-Subject: [PATCH 04/48] ECC Support header for Cryptodev Engine
-
-Upstream-status: Pending
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
----
- crypto/engine/eng_cryptodev_ec.h | 297 +++++++++++++++++++++++++++++++++++++++
- 1 file changed, 297 insertions(+)
- create mode 100644 crypto/engine/eng_cryptodev_ec.h
-
-diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h
-new file mode 100644
-index 0000000..af54c51
---- /dev/null
-+++ b/crypto/engine/eng_cryptodev_ec.h
-@@ -0,0 +1,297 @@
-+/*
-+ * Copyright (C) 2012 Freescale Semiconductor, Inc.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in the
-+ * documentation and/or other materials provided with the distribution.
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
-+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
-+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+#ifndef __ENG_EC_H
-+#define __ENG_EC_H
-+
-+#define SPCF_CPARAM_INIT(X,...) \
-+static unsigned char X##_c[] = {__VA_ARGS__} \
-+
-+#define SPCF_FREE_BN(X) do { if(X) { BN_clear_free(X); X = NULL; } } while (0)
-+
-+#define SPCF_COPY_CPARAMS(NIDBUF) \
-+ do { \
-+ memcpy (buf, NIDBUF, buf_len); \
-+ } while (0)
-+
-+#define SPCF_CPARAM_CASE(X) \
-+ case NID_##X: \
-+ SPCF_COPY_CPARAMS(X##_c); \
-+ break
-+
-+SPCF_CPARAM_INIT(sect113r1, 0x01, 0x73, 0xE8, 0x34, 0xAF, 0x28, 0xEC, 0x76,
-+ 0xCB, 0x83, 0xBD, 0x8D, 0xFE, 0xB2, 0xD5);
-+SPCF_CPARAM_INIT(sect113r2, 0x00, 0x54, 0xD9, 0xF0, 0x39, 0x57, 0x17, 0x4A,
-+ 0x32, 0x32, 0x91, 0x67, 0xD7, 0xFE, 0x71);
-+SPCF_CPARAM_INIT(sect131r1, 0x03, 0xDB, 0x89, 0xB4, 0x05, 0xE4, 0x91, 0x16,
-+ 0x0E, 0x3B, 0x2F, 0x07, 0xB0, 0xCE, 0x20, 0xB3, 0x7E);
-+SPCF_CPARAM_INIT(sect131r2, 0x07, 0xCB, 0xB9, 0x92, 0x0D, 0x71, 0xA4, 0x8E,
-+ 0x09, 0x9C, 0x38, 0xD7, 0x1D, 0xA6, 0x49, 0x0E, 0xB1);
-+SPCF_CPARAM_INIT(sect163k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x01);
-+SPCF_CPARAM_INIT(sect163r1, 0x05, 0xED, 0x40, 0x3E, 0xD5, 0x8E, 0xB4, 0x5B,
-+ 0x1C, 0xCE, 0xCA, 0x0F, 0x4F, 0x61, 0x65, 0x55, 0x49, 0x86,
-+ 0x1B, 0xE0, 0x52);
-+SPCF_CPARAM_INIT(sect163r2, 0x07, 0x2C, 0x4E, 0x1E, 0xF7, 0xCB, 0x2F, 0x3A,
-+ 0x03, 0x5D, 0x33, 0x10, 0x42, 0x94, 0x15, 0x96, 0x09, 0x13,
-+ 0x8B, 0xB4, 0x04);
-+SPCF_CPARAM_INIT(sect193r1, 0x01, 0x67, 0xB3, 0x5E, 0xB4, 0x31, 0x3F, 0x26,
-+ 0x3D, 0x0F, 0x7A, 0x3D, 0x50, 0x36, 0xF0, 0xA0, 0xA3, 0xC9,
-+ 0x80, 0xD4, 0x0E, 0x5A, 0x05, 0x3E, 0xD2);
-+SPCF_CPARAM_INIT(sect193r2, 0x00, 0x69, 0x89, 0xFE, 0x6B, 0xFE, 0x30, 0xED,
-+ 0xDC, 0x32, 0x44, 0x26, 0x9F, 0x3A, 0xAD, 0x18, 0xD6, 0x6C,
-+ 0xF3, 0xDB, 0x3E, 0x33, 0x02, 0xFA, 0xA8);
-+SPCF_CPARAM_INIT(sect233k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x01);
-+SPCF_CPARAM_INIT(sect233r1, 0x00, 0x07, 0xD5, 0xEF, 0x43, 0x89, 0xDF, 0xF1,
-+ 0x1E, 0xCD, 0xBA, 0x39, 0xC3, 0x09, 0x70, 0xD3, 0xCE, 0x35,
-+ 0xCE, 0xBB, 0xA5, 0x84, 0x73, 0xF6, 0x4B, 0x4D, 0xC0, 0xF2,
-+ 0x68, 0x6C);
-+SPCF_CPARAM_INIT(sect239k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x01);
-+SPCF_CPARAM_INIT(sect283k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01);
-+SPCF_CPARAM_INIT(sect283r1, 0x03, 0xD8, 0xC9, 0x3D, 0x3B, 0x0E, 0xA8, 0x1D,
-+ 0x92, 0x94, 0x03, 0x4D, 0x7E, 0xE3, 0x13, 0x5D, 0x0A, 0xC5,
-+ 0xFC, 0x8D, 0x9C, 0xB0, 0x27, 0x6F, 0x72, 0x11, 0xF8, 0x80,
-+ 0xF0, 0xD8, 0x1C, 0xA4, 0xC6, 0xE8, 0x7B, 0x38);
-+SPCF_CPARAM_INIT(sect409k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x01);
-+SPCF_CPARAM_INIT(sect409r1, 0x01, 0x49, 0xB8, 0xB7, 0xBE, 0xBD, 0x9B, 0x63,
-+ 0x65, 0x3E, 0xF1, 0xCD, 0x8C, 0x6A, 0x5D, 0xD1, 0x05, 0xA2,
-+ 0xAA, 0xAC, 0x36, 0xFE, 0x2E, 0xAE, 0x43, 0xCF, 0x28, 0xCE,
-+ 0x1C, 0xB7, 0xC8, 0x30, 0xC1, 0xEC, 0xDB, 0xFA, 0x41, 0x3A,
-+ 0xB0, 0x7F, 0xE3, 0x5A, 0x57, 0x81, 0x1A, 0xE4, 0xF8, 0x8D,
-+ 0x30, 0xAC, 0x63, 0xFB);
-+SPCF_CPARAM_INIT(sect571k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x01);
-+SPCF_CPARAM_INIT(sect571r1, 0x06, 0x39, 0x5D, 0xB2, 0x2A, 0xB5, 0x94, 0xB1,
-+ 0x86, 0x8C, 0xED, 0x95, 0x25, 0x78, 0xB6, 0x53, 0x9F, 0xAB,
-+ 0xA6, 0x94, 0x06, 0xD9, 0xB2, 0x98, 0x61, 0x23, 0xA1, 0x85,
-+ 0xC8, 0x58, 0x32, 0xE2, 0x5F, 0xD5, 0xB6, 0x38, 0x33, 0xD5,
-+ 0x14, 0x42, 0xAB, 0xF1, 0xA9, 0xC0, 0x5F, 0xF0, 0xEC, 0xBD,
-+ 0x88, 0xD7, 0xF7, 0x79, 0x97, 0xF4, 0xDC, 0x91, 0x56, 0xAA,
-+ 0xF1, 0xCE, 0x08, 0x16, 0x46, 0x86, 0xDD, 0xFF, 0x75, 0x11,
-+ 0x6F, 0xBC, 0x9A, 0x7A);
-+SPCF_CPARAM_INIT(X9_62_c2pnb163v1, 0x04, 0x53, 0xE1, 0xE4, 0xB7, 0x29, 0x1F,
-+ 0x5C, 0x2D, 0x53, 0xCE, 0x18, 0x48, 0x3F, 0x00, 0x70, 0x81,
-+ 0xE7, 0xEA, 0x26, 0xEC);
-+SPCF_CPARAM_INIT(X9_62_c2pnb163v2, 0x04, 0x35, 0xC0, 0x19, 0x66, 0x0E, 0x01,
-+ 0x01, 0xBA, 0x87, 0x0C, 0xA3, 0x9F, 0xD9, 0xA7, 0x76, 0x86,
-+ 0x50, 0x9D, 0x28, 0x13);
-+SPCF_CPARAM_INIT(X9_62_c2pnb163v3, 0x06, 0x55, 0xC4, 0x54, 0xE4, 0x1E, 0x38,
-+ 0x0C, 0x7A, 0x60, 0xB6, 0x67, 0x9A, 0x5B, 0x7A, 0x3F, 0x3A,
-+ 0xF6, 0x8E, 0x22, 0xC5);
-+SPCF_CPARAM_INIT(X9_62_c2pnb176v1, 0x00, 0x69, 0xF7, 0xDA, 0x36, 0x19, 0xA7,
-+ 0x42, 0xA3, 0x82, 0xFF, 0x05, 0x08, 0x8F, 0xD3, 0x99, 0x42,
-+ 0xCA, 0x0F, 0x1D, 0x90, 0xB6, 0x5B);
-+SPCF_CPARAM_INIT(X9_62_c2tnb191v1, 0x4C, 0x45, 0x25, 0xAB, 0x0B, 0x68, 0x4A,
-+ 0x64, 0x44, 0x62, 0x0A, 0x86, 0x45, 0xEF, 0x54, 0x6D, 0x54,
-+ 0x69, 0x39, 0x68, 0xC2, 0xAE, 0x84, 0xAC);
-+SPCF_CPARAM_INIT(X9_62_c2tnb191v2, 0x03, 0x7C, 0x8F, 0x57, 0xA2, 0x25, 0xC7,
-+ 0xB3, 0xD4, 0xED, 0xD5, 0x88, 0x0F, 0x38, 0x0A, 0xCC, 0x55,
-+ 0x74, 0xEC, 0xB3, 0x6C, 0x9F, 0x51, 0x21);
-+SPCF_CPARAM_INIT(X9_62_c2tnb191v3, 0x37, 0x39, 0xFF, 0x98, 0xB4, 0xD1, 0x69,
-+ 0x3E, 0xCF, 0x52, 0x7A, 0x98, 0x51, 0xED, 0xCF, 0x99, 0x9D,
-+ 0x9E, 0x75, 0x05, 0x43, 0x33, 0x43, 0x24);
-+SPCF_CPARAM_INIT(X9_62_c2pnb208w1, 0x00, 0xDB, 0x05, 0x3C, 0x41, 0x76, 0xCC,
-+ 0x1D, 0xA1, 0x27, 0x85, 0x2C, 0xA6, 0xD9, 0x88, 0xBE, 0x1A,
-+ 0xCC, 0xD1, 0x5B, 0x2A, 0xC1, 0xC1, 0x07, 0x42, 0x57, 0x34);
-+SPCF_CPARAM_INIT(X9_62_c2tnb239v1, 0x24, 0x59, 0xFC, 0xF4, 0x51, 0x7B, 0xC5,
-+ 0xA6, 0xB9, 0x9B, 0xE5, 0xC6, 0xC5, 0x62, 0x85, 0xC0, 0x21,
-+ 0xFE, 0x32, 0xEE, 0x2B, 0x6F, 0x1C, 0x22, 0xEA, 0x5B, 0xE1,
-+ 0xB8, 0x4B, 0x93);
-+SPCF_CPARAM_INIT(X9_62_c2tnb239v2, 0x64, 0x98, 0x84, 0x19, 0x3B, 0x56, 0x2D,
-+ 0x4A, 0x50, 0xB4, 0xFA, 0x56, 0x34, 0xE0, 0x34, 0x41, 0x3F,
-+ 0x94, 0xC4, 0x59, 0xDA, 0x7C, 0xDB, 0x16, 0x64, 0x9D, 0xDD,
-+ 0xF7, 0xE6, 0x0A);
-+SPCF_CPARAM_INIT(X9_62_c2tnb239v3, 0x32, 0x63, 0x2E, 0x65, 0x2B, 0xEE, 0x91,
-+ 0xC2, 0xE4, 0xA2, 0xF5, 0x42, 0xA3, 0x2D, 0x67, 0xA8, 0xB5,
-+ 0xB4, 0x5F, 0x21, 0xA0, 0x81, 0x02, 0xFB, 0x1F, 0x2A, 0xFB,
-+ 0xB6, 0xAC, 0xDA);
-+SPCF_CPARAM_INIT(X9_62_c2pnb272w1, 0x00, 0xDA, 0x7B, 0x60, 0x28, 0xF4, 0xC8,
-+ 0x09, 0xA0, 0xB9, 0x78, 0x81, 0xC3, 0xA5, 0x7E, 0x4D, 0x71,
-+ 0x81, 0x34, 0xD1, 0x3F, 0xEC, 0xE0, 0x90, 0x85, 0x8A, 0xC3,
-+ 0x1A, 0xE2, 0xDC, 0x2E, 0xDF, 0x8E, 0x3C, 0x8B);
-+SPCF_CPARAM_INIT(X9_62_c2pnb304w1, 0x00, 0x3C, 0x67, 0xB4, 0x07, 0xC6, 0xF3,
-+ 0x3F, 0x81, 0x0B, 0x17, 0xDC, 0x16, 0xE2, 0x14, 0x8A, 0x2C,
-+ 0x9C, 0xE2, 0x9D, 0x56, 0x05, 0x23, 0x69, 0x6A, 0x55, 0x93,
-+ 0x8A, 0x15, 0x40, 0x81, 0xE3, 0xE3, 0xAE, 0xFB, 0xCE, 0x45,
-+ 0x70, 0xC9);
-+SPCF_CPARAM_INIT(X9_62_c2tnb359v1, 0x22, 0x39, 0xAA, 0x58, 0x4A, 0xC5, 0x9A,
-+ 0xF9, 0x61, 0xD0, 0xFA, 0x2D, 0x52, 0x85, 0xB6, 0xFD, 0xF7,
-+ 0x34, 0x9B, 0xC6, 0x0E, 0x91, 0xE3, 0x20, 0xF4, 0x71, 0x64,
-+ 0xCE, 0x11, 0xF5, 0x18, 0xEF, 0xB4, 0xC0, 0x8B, 0x9B, 0xDA,
-+ 0x99, 0x9A, 0x8A, 0x37, 0xF8, 0x2A, 0x22, 0x61);
-+SPCF_CPARAM_INIT(X9_62_c2pnb368w1, 0x00, 0xC0, 0x6C, 0xCF, 0x42, 0x89, 0x3A,
-+ 0x8A, 0xAA, 0x00, 0x1E, 0x0B, 0xC0, 0xD2, 0xA2, 0x27, 0x66,
-+ 0xEF, 0x3E, 0x41, 0x88, 0x7C, 0xC6, 0x77, 0x6F, 0x4A, 0x04,
-+ 0x1E, 0xE4, 0x45, 0x14, 0xB2, 0x0A, 0xFC, 0x4E, 0x5C, 0x30,
-+ 0x40, 0x60, 0x06, 0x5B, 0xC8, 0xD6, 0xCF, 0x04, 0xD3, 0x25);
-+SPCF_CPARAM_INIT(X9_62_c2tnb431r1, 0x64, 0xF5, 0xBB, 0xE9, 0xBB, 0x31, 0x66,
-+ 0xA3, 0xA0, 0x2F, 0x2F, 0x22, 0xBF, 0x05, 0xD9, 0xF7, 0xDA,
-+ 0x43, 0xEE, 0x70, 0xC1, 0x79, 0x03, 0x15, 0x2B, 0x70, 0xA0,
-+ 0xB4, 0x25, 0x9B, 0xD2, 0xFC, 0xB2, 0x20, 0x3B, 0x7F, 0xB8,
-+ 0xD3, 0x39, 0x4E, 0x20, 0xEB, 0x0E, 0xA9, 0x84, 0xDD, 0xB1,
-+ 0xE1, 0xF1, 0x4C, 0x67, 0xB1, 0x36, 0x2B);
-+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01);
-+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x01);
-+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls4, 0x01, 0x73, 0xE8, 0x34, 0xAF, 0x28,
-+ 0xEC, 0x76, 0xCB, 0x83, 0xBD, 0x8D, 0xFE, 0xB2, 0xD5);
-+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls5, 0x04, 0x53, 0xE1, 0xE4, 0xB7, 0x29,
-+ 0x1F, 0x5C, 0x2D, 0x53, 0xCE, 0x18, 0x48, 0x3F, 0x00, 0x70,
-+ 0x81, 0xE7, 0xEA, 0x26, 0xEC);
-+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x01);
-+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls11, 0x00, 0x07, 0xD5, 0xEF, 0x43, 0x89,
-+ 0xDF, 0xF1, 0x1E, 0xCD, 0xBA, 0x39, 0xC3, 0x09, 0x70, 0xD3,
-+ 0xCE, 0x35, 0xCE, 0xBB, 0xA5, 0x84, 0x73, 0xF6, 0x4B, 0x4D,
-+ 0xC0, 0xF2, 0x68, 0x6C);
-+/* Oakley curve #3 over 155 bit binary filed */
-+SPCF_CPARAM_INIT(ipsec3, 0x00, 0x31, 0x10, 0x00, 0x00, 0x02, 0x23, 0xA0, 0x00,
-+ 0xC4, 0x47, 0x40, 0x00, 0x08, 0x8E, 0x80, 0x00, 0x11, 0x1D,
-+ 0x1D);
-+/* Oakley curve #4 over 185 bit binary filed */
-+SPCF_CPARAM_INIT(ipsec4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00,
-+ 0x01, 0x80, 0x00, 0xC0, 0x0C, 0x00, 0x00, 0x00, 0x63, 0x80,
-+ 0x30, 0x00, 0x1C, 0x00, 0x09);
-+
-+static inline int
-+eng_ec_get_cparam(int nid, unsigned char *buf, unsigned int buf_len)
-+{
-+ int ret = 0;
-+ switch (nid) {
-+ SPCF_CPARAM_CASE(sect113r1);
-+ SPCF_CPARAM_CASE(sect113r2);
-+ SPCF_CPARAM_CASE(sect131r1);
-+ SPCF_CPARAM_CASE(sect131r2);
-+ SPCF_CPARAM_CASE(sect163k1);
-+ SPCF_CPARAM_CASE(sect163r1);
-+ SPCF_CPARAM_CASE(sect163r2);
-+ SPCF_CPARAM_CASE(sect193r1);
-+ SPCF_CPARAM_CASE(sect193r2);
-+ SPCF_CPARAM_CASE(sect233k1);
-+ SPCF_CPARAM_CASE(sect233r1);
-+ SPCF_CPARAM_CASE(sect239k1);
-+ SPCF_CPARAM_CASE(sect283k1);
-+ SPCF_CPARAM_CASE(sect283r1);
-+ SPCF_CPARAM_CASE(sect409k1);
-+ SPCF_CPARAM_CASE(sect409r1);
-+ SPCF_CPARAM_CASE(sect571k1);
-+ SPCF_CPARAM_CASE(sect571r1);
-+ SPCF_CPARAM_CASE(X9_62_c2pnb163v1);
-+ SPCF_CPARAM_CASE(X9_62_c2pnb163v2);
-+ SPCF_CPARAM_CASE(X9_62_c2pnb163v3);
-+ SPCF_CPARAM_CASE(X9_62_c2pnb176v1);
-+ SPCF_CPARAM_CASE(X9_62_c2tnb191v1);
-+ SPCF_CPARAM_CASE(X9_62_c2tnb191v2);
-+ SPCF_CPARAM_CASE(X9_62_c2tnb191v3);
-+ SPCF_CPARAM_CASE(X9_62_c2pnb208w1);
-+ SPCF_CPARAM_CASE(X9_62_c2tnb239v1);
-+ SPCF_CPARAM_CASE(X9_62_c2tnb239v2);
-+ SPCF_CPARAM_CASE(X9_62_c2tnb239v3);
-+ SPCF_CPARAM_CASE(X9_62_c2pnb272w1);
-+ SPCF_CPARAM_CASE(X9_62_c2pnb304w1);
-+ SPCF_CPARAM_CASE(X9_62_c2tnb359v1);
-+ SPCF_CPARAM_CASE(X9_62_c2pnb368w1);
-+ SPCF_CPARAM_CASE(X9_62_c2tnb431r1);
-+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls1);
-+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls3);
-+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls4);
-+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls5);
-+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls10);
-+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls11);
-+ /* Oakley curve #3 over 155 bit binary filed */
-+ SPCF_CPARAM_CASE(ipsec3);
-+ /* Oakley curve #4 over 185 bit binary filed */
-+ SPCF_CPARAM_CASE(ipsec4);
-+ default:
-+ ret = -EINVAL;
-+ break;
-+ }
-+ return ret;
-+}
-+
-+/* Copies the curve points to a flat buffer with appropriate padding */
-+static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y,
-+ int xy_len, int crv_len)
-+{
-+ unsigned char *xy = NULL;
-+ int len1 = 0, len2 = 0;
-+
-+ len1 = BN_num_bytes(x);
-+ len2 = BN_num_bytes(y);
-+
-+ if (!(xy = malloc(xy_len))) {
-+ return NULL;
-+ }
-+
-+ memset(xy, 0, xy_len);
-+
-+ if (len1 < crv_len) {
-+ if (!BN_is_zero(x))
-+ BN_bn2bin(x, xy + (crv_len - len1));
-+ } else {
-+ BN_bn2bin(x, xy);
-+ }
-+
-+ if (len2 < crv_len) {
-+ if (!BN_is_zero(y))
-+ BN_bn2bin(y, xy+crv_len+(crv_len-len2));
-+ } else {
-+ BN_bn2bin(y, xy+crv_len);
-+ }
-+
-+ return xy;
-+}
-+
-+enum curve_t {
-+ DISCRETE_LOG,
-+ ECC_PRIME,
-+ ECC_BINARY,
-+ MAX_ECC_TYPE
-+};
-+#endif
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch
deleted file mode 100644
index 156b743..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch
+++ /dev/null
@@ -1,1578 +0,0 @@
-From aff25bbf6b5b833931a5281d30a6f26fda9f0a52 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta@freescale.com>
-Date: Tue, 11 Mar 2014 06:29:52 +0545
-Subject: [PATCH 05/48] Initial support for PKC in cryptodev engine
-
-Upstream-status: Pending
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 1365 ++++++++++++++++++++++++++++++++++++-----
- 1 file changed, 1202 insertions(+), 163 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 49ed638..cc9b63b 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -59,6 +59,10 @@ void ENGINE_load_cryptodev(void)
- # include <openssl/dsa.h>
- # include <openssl/err.h>
- # include <openssl/rsa.h>
-+# include <crypto/ecdsa/ecs_locl.h>
-+# include <crypto/ecdh/ech_locl.h>
-+# include <crypto/ec/ec_lcl.h>
-+# include <crypto/ec/ec.h>
- # include <sys/ioctl.h>
- # include <errno.h>
- # include <stdio.h>
-@@ -68,6 +72,7 @@ void ENGINE_load_cryptodev(void)
- # include <syslog.h>
- # include <errno.h>
- # include <string.h>
-+# include "eng_cryptodev_ec.h"
-
- struct dev_crypto_state {
- struct session_op d_sess;
-@@ -116,20 +121,10 @@ static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
- BN_CTX *ctx);
- static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
- BN_CTX *ctx);
--static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
-- const BIGNUM *p, const BIGNUM *m,
-- BN_CTX *ctx, BN_MONT_CTX *m_ctx);
--static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
-- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2,
-- BIGNUM *p, BN_CTX *ctx,
-- BN_MONT_CTX *mont);
- static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
- DSA *dsa);
- static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa);
--static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
-- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-- BN_MONT_CTX *m_ctx);
- static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
- DH *dh);
- static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
-@@ -138,6 +133,105 @@ void ENGINE_load_cryptodev(void);
- const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
-
-+inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
-+{
-+ int len;
-+ unsigned char *p;
-+
-+ len = BN_num_bytes(bn);
-+
-+ if (!len)
-+ return -1;
-+
-+ p = malloc(len);
-+ if (!p)
-+ return -1;
-+
-+ BN_bn2bin(bn, p);
-+
-+ *bin = p;
-+ *bin_len = len;
-+
-+ return 0;
-+}
-+
-+inline int spcf_bn2bin_ex(BIGNUM *bn, unsigned char **bin, int *bin_len)
-+{
-+ int len;
-+ unsigned char *p;
-+
-+ len = BN_num_bytes(bn);
-+
-+ if (!len)
-+ return -1;
-+
-+ if (len < *bin_len)
-+ p = malloc(*bin_len);
-+ else
-+ p = malloc(len);
-+
-+ if (!p)
-+ return -ENOMEM;
-+
-+ if (len < *bin_len) {
-+ /* place padding */
-+ memset(p, 0, (*bin_len - len));
-+ BN_bn2bin(bn, p + (*bin_len - len));
-+ } else {
-+ BN_bn2bin(bn, p);
-+ }
-+
-+ *bin = p;
-+ if (len >= *bin_len)
-+ *bin_len = len;
-+
-+ return 0;
-+}
-+
-+/**
-+ * Convert an ECC F2m 'b' parameter into the 'c' parameter.
-+ *Inputs:
-+ * q, the curve's modulus
-+ * b, the curve's b parameter
-+ * (a bignum for b, a buffer for c)
-+ * Output:
-+ * c, written into bin, right-adjusted to fill q_len bytes.
-+ */
-+static int
-+eng_ec_compute_cparam(const BIGNUM *b, const BIGNUM *q,
-+ unsigned char **bin, int *bin_len)
-+{
-+ BIGNUM *c = BN_new();
-+ BIGNUM *exp = BN_new();
-+ BN_CTX *ctx = BN_CTX_new();
-+ int m = BN_num_bits(q) - 1;
-+ int ok = 0;
-+
-+ if (!c || !exp || !ctx || *bin)
-+ goto err;
-+
-+ /*
-+ * We have to compute c, where b = c^4, i.e., the fourth root of b.
-+ * The equation for c is c = b^(2^(m-2))
-+ * Compute exp = 2^(m-2)
-+ * (1 << x) == 2^x
-+ * and then compute c = b^exp
-+ */
-+ BN_lshift(exp, BN_value_one(), m - 2);
-+ BN_GF2m_mod_exp(c, b, exp, q, ctx);
-+ /* Store c */
-+ spcf_bn2bin_ex(c, bin, bin_len);
-+ ok = 1;
-+ err:
-+ if (ctx)
-+ BN_CTX_free(ctx);
-+ if (c)
-+ BN_free(c);
-+ if (exp)
-+ BN_free(exp);
-+ return ok;
-+}
-+
- static const ENGINE_CMD_DEFN cryptodev_defns[] = {
- {0, NULL, NULL, 0}
- };
-@@ -1230,7 +1324,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
- */
- static int bn2crparam(const BIGNUM *a, struct crparam *crp)
- {
-- int i, j, k;
- ssize_t bytes, bits;
- u_char *b;
-
-@@ -1248,36 +1341,21 @@ static int bn2crparam(const BIGNUM *a, struct crparam *crp)
- crp->crp_p = (caddr_t) b;
- crp->crp_nbits = bits;
-
-- for (i = 0, j = 0; i < a->top; i++) {
-- for (k = 0; k < BN_BITS2 / 8; k++) {
-- if ((j + k) >= bytes)
-- return (0);
-- b[j + k] = a->d[i] >> (k * 8);
-- }
-- j += BN_BITS2 / 8;
-- }
-+ BN_bn2bin(a, crp->crp_p);
- return (0);
- }
-
- /* Convert a /dev/crypto parameter to a BIGNUM */
- static int crparam2bn(struct crparam *crp, BIGNUM *a)
- {
-- u_int8_t *pd;
-- int i, bytes;
-+ int bytes;
-
- bytes = (crp->crp_nbits + 7) / 8;
-
- if (bytes == 0)
- return (-1);
-
-- if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
-- return (-1);
--
-- for (i = 0; i < bytes; i++)
-- pd[i] = crp->crp_p[bytes - i - 1];
--
-- BN_bin2bn(pd, bytes, a);
-- free(pd);
-+ BN_bin2bn(crp->crp_p, bytes, a);
-
- return (0);
- }
-@@ -1334,6 +1412,32 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
- return ret;
- }
-
-+/* Close an opened instance of cryptodev engine */
-+void cryptodev_close_instance(void *handle)
-+{
-+ int fd;
-+
-+ if (handle) {
-+ fd = *(int *)handle;
-+ close(fd);
-+ free(handle);
-+ }
-+}
-+
-+/* Create an instance of cryptodev for asynchronous interface */
-+void *cryptodev_init_instance(void)
-+{
-+ int *fd = malloc(sizeof(int));
-+
-+ if (fd) {
-+ if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) {
-+ free(fd);
-+ return NULL;
-+ }
-+ }
-+ return fd;
-+}
-+
- static int
- cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-@@ -1350,8 +1454,9 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- return (ret);
- }
-
-- memset(&kop, 0, sizeof kop);
- kop.crk_op = CRK_MOD_EXP;
-+ kop.crk_oparams = 0;
-+ kop.crk_status = 0;
-
- /* inputs: a^p % m */
- if (bn2crparam(a, &kop.crk_param[0]))
-@@ -1394,28 +1499,39 @@ static int
- cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- struct crypt_kop kop;
-- int ret = 1;
-+ int ret = 1, f_len, p_len, q_len;
-+ unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq =
-+ NULL, *c = NULL;
-
- if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
- /* XXX 0 means failure?? */
- return (0);
- }
-
-- memset(&kop, 0, sizeof kop);
-+ kop.crk_oparams = 0;
-+ kop.crk_status = 0;
- kop.crk_op = CRK_MOD_EXP_CRT;
-+ f_len = BN_num_bytes(rsa->n);
-+ spcf_bn2bin_ex(I, &f, &f_len);
-+ spcf_bn2bin(rsa->p, &p, &p_len);
-+ spcf_bn2bin(rsa->q, &q, &q_len);
-+ spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
-+ spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
-+ spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
- /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
-- if (bn2crparam(rsa->p, &kop.crk_param[0]))
-- goto err;
-- if (bn2crparam(rsa->q, &kop.crk_param[1]))
-- goto err;
-- if (bn2crparam(I, &kop.crk_param[2]))
-- goto err;
-- if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
-- goto err;
-- if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
-- goto err;
-- if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
-- goto err;
-+ kop.crk_param[0].crp_p = p;
-+ kop.crk_param[0].crp_nbits = p_len * 8;
-+ kop.crk_param[1].crp_p = q;
-+ kop.crk_param[1].crp_nbits = q_len * 8;
-+ kop.crk_param[2].crp_p = f;
-+ kop.crk_param[2].crp_nbits = f_len * 8;
-+ kop.crk_param[3].crp_p = dp;
-+ kop.crk_param[3].crp_nbits = p_len * 8;
-+ /* dq must of length q, rest all of length p */
-+ kop.crk_param[4].crp_p = dq;
-+ kop.crk_param[4].crp_nbits = q_len * 8;
-+ kop.crk_param[5].crp_p = c;
-+ kop.crk_param[5].crp_nbits = p_len * 8;
- kop.crk_iparams = 6;
-
- if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
-@@ -1451,93 +1567,120 @@ static RSA_METHOD cryptodev_rsa = {
- NULL /* rsa_verify */
- };
-
--static int
--cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
--{
-- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
--}
--
--static int
--cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
-- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
-- BN_CTX *ctx, BN_MONT_CTX *mont)
-+static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
-+ DSA *dsa)
- {
-- BIGNUM t2;
-- int ret = 0;
--
-- BN_init(&t2);
--
-- /* v = ( g^u1 * y^u2 mod p ) mod q */
-- /* let t1 = g ^ u1 mod p */
-- ret = 0;
-+ struct crypt_kop kop;
-+ BIGNUM *c = NULL, *d = NULL;
-+ DSA_SIG *dsaret = NULL;
-+ int q_len = 0, r_len = 0, g_len = 0;
-+ int priv_key_len = 0, ret;
-+ unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f =
-+ NULL;
-
-- if (!dsa->meth->bn_mod_exp(dsa, t1, dsa->g, u1, dsa->p, ctx, mont))
-+ memset(&kop, 0, sizeof kop);
-+ if ((c = BN_new()) == NULL) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
-+ }
-
-- /* let t2 = y ^ u2 mod p */
-- if (!dsa->meth->bn_mod_exp(dsa, &t2, dsa->pub_key, u2, dsa->p, ctx, mont))
-+ if ((d = BN_new()) == NULL) {
-+ BN_free(c);
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
-- /* let u1 = t1 * t2 mod p */
-- if (!BN_mod_mul(u1, t1, &t2, dsa->p, ctx))
-+ }
-+
-+ if (spcf_bn2bin(dsa->p, &q, &q_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
- goto err;
-+ }
-
-- BN_copy(t1, u1);
-+ /* Get order of the field of private keys into plain buffer */
-+ if (spcf_bn2bin(dsa->q, &r, &r_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-
-- ret = 1;
-- err:
-- BN_free(&t2);
-- return (ret);
--}
-+ /* sanity test */
-+ if (dlen > r_len) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-+ goto err;
-+ }
-
--static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
-- DSA *dsa)
--{
-- struct crypt_kop kop;
-- BIGNUM *r = NULL, *s = NULL;
-- DSA_SIG *dsaret = NULL;
-+ g_len = q_len;
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-
-- if ((r = BN_new()) == NULL)
-+ priv_key_len = r_len;
-+ /**
-+ * Get private key into a plain buffer. If length is less than
-+ * r_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
-- if ((s = BN_new()) == NULL) {
-- BN_free(r);
-+ }
-+
-+ /* Allocate memory to store hash. */
-+ f = OPENSSL_malloc(r_len);
-+ if (!f) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
-- memset(&kop, 0, sizeof kop);
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ if (dlen < r_len)
-+ memset(f, 0, r_len - dlen);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dlen, dgst, dlen);
-+
- kop.crk_op = CRK_DSA_SIGN;
-
- /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-- kop.crk_param[0].crp_p = (caddr_t) dgst;
-- kop.crk_param[0].crp_nbits = dlen * 8;
-- if (bn2crparam(dsa->p, &kop.crk_param[1]))
-- goto err;
-- if (bn2crparam(dsa->q, &kop.crk_param[2]))
-- goto err;
-- if (bn2crparam(dsa->g, &kop.crk_param[3]))
-+ kop.crk_param[0].crp_p = (void *)f;
-+ kop.crk_param[0].crp_nbits = r_len * 8;
-+ kop.crk_param[1].crp_p = (void *)q;
-+ kop.crk_param[1].crp_nbits = q_len * 8;
-+ kop.crk_param[2].crp_p = (void *)r;
-+ kop.crk_param[2].crp_nbits = r_len * 8;
-+ kop.crk_param[3].crp_p = (void *)g;
-+ kop.crk_param[3].crp_nbits = g_len * 8;
-+ kop.crk_param[4].crp_p = (void *)priv_key;
-+ kop.crk_param[4].crp_nbits = priv_key_len * 8;
-+ kop.crk_iparams = 5;
-+
-+ ret = cryptodev_asym(&kop, r_len, c, r_len, d);
-+
-+ if (ret) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DECODE_ERROR);
- goto err;
-- if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
-+ }
-+
-+ dsaret = DSA_SIG_new();
-+ if (dsaret == NULL)
- goto err;
-- kop.crk_iparams = 5;
-+ dsaret->r = c;
-+ dsaret->s = d;
-
-- if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
-- BN_num_bytes(dsa->q), s) == 0) {
-- dsaret = DSA_SIG_new();
-- if (dsaret == NULL)
-- goto err;
-- dsaret->r = r;
-- dsaret->s = s;
-- r = s = NULL;
-- } else {
-+ zapparams(&kop);
-+ return (dsaret);
-+ err:
-+ {
- const DSA_METHOD *meth = DSA_OpenSSL();
-+ if (c)
-+ BN_free(c);
-+ if (d)
-+ BN_free(d);
- dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);
-+ return (dsaret);
- }
-- err:
-- BN_free(r);
-- BN_free(s);
-- kop.crk_param[0].crp_p = NULL;
-- zapparams(&kop);
-- return (dsaret);
- }
-
- static int
-@@ -1545,43 +1688,175 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
- DSA_SIG *sig, DSA *dsa)
- {
- struct crypt_kop kop;
-- int dsaret = 1;
-+ int dsaret = 1, q_len = 0, r_len = 0, g_len = 0;
-+ int w_len = 0, c_len = 0, d_len = 0, ret = -1;
-+ unsigned char *q = NULL, *r = NULL, *w = NULL, *g = NULL;
-+ unsigned char *c = NULL, *d = NULL, *f = NULL;
-
- memset(&kop, 0, sizeof kop);
- kop.crk_op = CRK_DSA_VERIFY;
-
-- /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
-- kop.crk_param[0].crp_p = (caddr_t) dgst;
-- kop.crk_param[0].crp_nbits = dlen * 8;
-- if (bn2crparam(dsa->p, &kop.crk_param[1]))
-+ if (spcf_bn2bin(dsa->p, &q, &q_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ return ret;
-+ }
-+
-+ /* Get Order of field of private keys */
-+ if (spcf_bn2bin(dsa->q, &r, &r_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
-- if (bn2crparam(dsa->q, &kop.crk_param[2]))
-+ }
-+
-+ g_len = q_len;
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ w_len = q_len;
-+ /**
-+ * Get public key into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
-- if (bn2crparam(dsa->g, &kop.crk_param[3]))
-+ }
-+ /**
-+ * Get the 1st part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ c_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
-- if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
-+ }
-+
-+ /**
-+ * Get the 2nd part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ d_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
-- if (bn2crparam(sig->r, &kop.crk_param[5]))
-+ }
-+
-+ /* Sanity test */
-+ if (dlen > r_len) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
-- if (bn2crparam(sig->s, &kop.crk_param[6]))
-+ }
-+
-+ /* Allocate memory to store hash. */
-+ f = OPENSSL_malloc(r_len);
-+ if (!f) {
-+ DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ if (dlen < r_len)
-+ memset(f, 0, r_len - dlen);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dlen, dgst, dlen);
-+
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
-+ kop.crk_param[0].crp_p = (void *)f;
-+ kop.crk_param[0].crp_nbits = r_len * 8;
-+ kop.crk_param[1].crp_p = q;
-+ kop.crk_param[1].crp_nbits = q_len * 8;
-+ kop.crk_param[2].crp_p = r;
-+ kop.crk_param[2].crp_nbits = r_len * 8;
-+ kop.crk_param[3].crp_p = g;
-+ kop.crk_param[3].crp_nbits = g_len * 8;
-+ kop.crk_param[4].crp_p = w;
-+ kop.crk_param[4].crp_nbits = w_len * 8;
-+ kop.crk_param[5].crp_p = c;
-+ kop.crk_param[5].crp_nbits = c_len * 8;
-+ kop.crk_param[6].crp_p = d;
-+ kop.crk_param[6].crp_nbits = d_len * 8;
- kop.crk_iparams = 7;
-
-- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-- /*
-- * OCF success value is 0, if not zero, change dsaret to fail
-- */
-- if (0 != kop.crk_status)
-- dsaret = 0;
-- } else {
-- const DSA_METHOD *meth = DSA_OpenSSL();
-+ if ((cryptodev_asym(&kop, 0, NULL, 0, NULL))) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR);
-+ goto err;
-+ }
-
-- dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
-+ /*
-+ * OCF success value is 0, if not zero, change dsaret to fail
-+ */
-+ if (0 != kop.crk_status) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR);
-+ goto err;
- }
-- err:
-- kop.crk_param[0].crp_p = NULL;
-+
- zapparams(&kop);
- return (dsaret);
-+ err:
-+ {
-+ const DSA_METHOD *meth = DSA_OpenSSL();
-+ dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
-+ return dsaret;
-+ }
-+}
-+
-+/* Cryptodev DSA Key Gen routine */
-+static int cryptodev_dsa_keygen(DSA *dsa)
-+{
-+ struct crypt_kop kop;
-+ int ret = 1, g_len;
-+ unsigned char *g = NULL;
-+
-+ if (dsa->priv_key == NULL) {
-+ if ((dsa->priv_key = BN_new()) == NULL)
-+ goto sw_try;
-+ }
-+
-+ if (dsa->pub_key == NULL) {
-+ if ((dsa->pub_key = BN_new()) == NULL)
-+ goto sw_try;
-+ }
-+
-+ g_len = BN_num_bytes(dsa->p);
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * p_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+ DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto sw_try;
-+ }
-+
-+ memset(&kop, 0, sizeof kop);
-+
-+ kop.crk_op = CRK_DSA_GENERATE_KEY;
-+ if (bn2crparam(dsa->p, &kop.crk_param[0]))
-+ goto sw_try;
-+ if (bn2crparam(dsa->q, &kop.crk_param[1]))
-+ goto sw_try;
-+ kop.crk_param[2].crp_p = g;
-+ kop.crk_param[2].crp_nbits = g_len * 8;
-+ kop.crk_iparams = 3;
-+
-+ /* pub_key is or prime length while priv key is of length of order */
-+ if (cryptodev_asym(&kop, BN_num_bytes(dsa->p), dsa->pub_key,
-+ BN_num_bytes(dsa->q), dsa->priv_key))
-+ goto sw_try;
-+
-+ return ret;
-+ sw_try:
-+ {
-+ const DSA_METHOD *meth = DSA_OpenSSL();
-+ ret = (meth->dsa_keygen) (dsa);
-+ }
-+ return ret;
- }
-
- static DSA_METHOD cryptodev_dsa = {
-@@ -1597,12 +1872,558 @@ static DSA_METHOD cryptodev_dsa = {
- NULL /* app_data */
- };
-
--static int
--cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
-- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-- BN_MONT_CTX *m_ctx)
-+static ECDSA_METHOD cryptodev_ecdsa = {
-+ "cryptodev ECDSA method",
-+ NULL,
-+ NULL, /* ecdsa_sign_setup */
-+ NULL,
-+ NULL,
-+ 0, /* flags */
-+ NULL /* app_data */
-+};
-+
-+typedef enum ec_curve_s {
-+ EC_PRIME,
-+ EC_BINARY
-+} ec_curve_t;
-+
-+/* ENGINE handler for ECDSA Sign */
-+static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
-+ int dgst_len, const BIGNUM *in_kinv,
-+ const BIGNUM *in_r, EC_KEY *eckey)
- {
-- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
-+ BIGNUM *m = NULL, *p = NULL, *a = NULL;
-+ BIGNUM *b = NULL, *x = NULL, *y = NULL;
-+ BN_CTX *ctx = NULL;
-+ ECDSA_SIG *ret = NULL;
-+ ECDSA_DATA *ecdsa = NULL;
-+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
-+ unsigned char *s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst =
-+ NULL;
-+ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
-+ int g_len = 0, d_len = 0, ab_len = 0;
-+ const BIGNUM *order = NULL, *priv_key = NULL;
-+ const EC_GROUP *group = NULL;
-+ struct crypt_kop kop;
-+ ec_curve_t ec_crv = EC_PRIME;
-+
-+ memset(&kop, 0, sizeof(kop));
-+ ecdsa = ecdsa_check(eckey);
-+ if (!ecdsa) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+ return NULL;
-+ }
-+
-+ group = EC_KEY_get0_group(eckey);
-+ priv_key = EC_KEY_get0_private_key(eckey);
-+
-+ if (!group || !priv_key) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+ return NULL;
-+ }
-+
-+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+ (y = BN_new()) == NULL) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ order = &group->order;
-+ if (!order || BN_is_zero(order)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
-+ goto err;
-+ }
-+
-+ i = BN_num_bits(order);
-+ /*
-+ * Need to truncate digest if it is too long: first truncate whole bytes
-+ */
-+ if (8 * dgst_len > i)
-+ dgst_len = (i + 7) / 8;
-+
-+ if (!BN_bin2bn(dgst, dgst_len, m)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* If still too long truncate remaining bits with a shift */
-+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* copy the truncated bits into plain buffer */
-+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
-+ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__,
-+ __LINE__);
-+ goto err;
-+ }
-+
-+ ret = ECDSA_SIG_new();
-+ if (!ret) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* check if this is prime or binary EC request */
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_prime_field) {
-+ ec_crv = EC_PRIME;
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GFp
-+ (group, EC_GROUP_get0_generator(group), x, y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_characteristic_two_field) {
-+ ec_crv = EC_BINARY;
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ if (spcf_bn2bin(order, &r, &r_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ if (spcf_bn2bin(p, &q, &q_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ priv_key_len = r_len;
-+
-+ /**
-+ * If BN_num_bytes of priv_key returns less then r_len then
-+ * add padding bytes before the key
-+ */
-+ if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Generation of ECC curve parameters */
-+ ab_len = 2 * q_len;
-+ ab = eng_copy_curve_points(a, b, ab_len, q_len);
-+ if (!ab) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ if (ec_crv == EC_BINARY) {
-+ if (eng_ec_get_cparam
-+ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
-+ unsigned char *c_temp = NULL;
-+ int c_temp_len = q_len;
-+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+ memcpy(ab + q_len, c_temp, q_len);
-+ else
-+ goto err;
-+ }
-+ kop.curve_type = ECC_BINARY;
-+ }
-+
-+ /* Calculation of Generator point */
-+ g_len = 2 * q_len;
-+ g_xy = eng_copy_curve_points(x, y, g_len, q_len);
-+ if (!g_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Memory allocation for first part of digital signature */
-+ c = malloc(r_len);
-+ if (!c) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ d_len = r_len;
-+
-+ /* Memory allocation for second part of digital signature */
-+ d = malloc(d_len);
-+ if (!d) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* memory for message representative */
-+ f = malloc(r_len);
-+ if (!f) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ memset(f, 0, r_len - dgst_len);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
-+
-+ dgst_len += r_len - dgst_len;
-+ kop.crk_op = CRK_DSA_SIGN;
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+ kop.crk_param[0].crp_p = f;
-+ kop.crk_param[0].crp_nbits = dgst_len * 8;
-+ kop.crk_param[1].crp_p = q;
-+ kop.crk_param[1].crp_nbits = q_len * 8;
-+ kop.crk_param[2].crp_p = r;
-+ kop.crk_param[2].crp_nbits = r_len * 8;
-+ kop.crk_param[3].crp_p = g_xy;
-+ kop.crk_param[3].crp_nbits = g_len * 8;
-+ kop.crk_param[4].crp_p = s;
-+ kop.crk_param[4].crp_nbits = priv_key_len * 8;
-+ kop.crk_param[5].crp_p = ab;
-+ kop.crk_param[5].crp_nbits = ab_len * 8;
-+ kop.crk_iparams = 6;
-+ kop.crk_param[6].crp_p = c;
-+ kop.crk_param[6].crp_nbits = d_len * 8;
-+ kop.crk_param[7].crp_p = d;
-+ kop.crk_param[7].crp_nbits = d_len * 8;
-+ kop.crk_oparams = 2;
-+
-+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-+ /* Check if ret->r and s needs to allocated */
-+ crparam2bn(&kop.crk_param[6], ret->r);
-+ crparam2bn(&kop.crk_param[7], ret->s);
-+ } else {
-+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+ ret = (meth->ecdsa_do_sign) (dgst, dgst_len, in_kinv, in_r, eckey);
-+ }
-+ kop.crk_param[0].crp_p = NULL;
-+ zapparams(&kop);
-+ err:
-+ if (!ret) {
-+ ECDSA_SIG_free(ret);
-+ ret = NULL;
-+ }
-+ return ret;
-+}
-+
-+static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
-+ ECDSA_SIG *sig, EC_KEY *eckey)
-+{
-+ BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL;
-+ BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
-+ BN_CTX *ctx = NULL;
-+ ECDSA_DATA *ecdsa = NULL;
-+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy =
-+ NULL;
-+ unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
-+ int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0;
-+ int d_len = 0, ab_len = 0, ret = -1;
-+ const EC_POINT *pub_key = NULL;
-+ const BIGNUM *order = NULL;
-+ const EC_GROUP *group = NULL;
-+ ec_curve_t ec_crv = EC_PRIME;
-+ struct crypt_kop kop;
-+
-+ memset(&kop, 0, sizeof kop);
-+ ecdsa = ecdsa_check(eckey);
-+ if (!ecdsa) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
-+ return ret;
-+ }
-+
-+ group = EC_KEY_get0_group(eckey);
-+ pub_key = EC_KEY_get0_public_key(eckey);
-+
-+ if (!group || !pub_key) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
-+ return ret;
-+ }
-+
-+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+ (y = BN_new()) == NULL || (w_x = BN_new()) == NULL ||
-+ (w_y = BN_new()) == NULL) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ order = &group->order;
-+ if (!order || BN_is_zero(order)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
-+ goto err;
-+ }
-+
-+ i = BN_num_bits(order);
-+ /*
-+ * Need to truncate digest if it is too long: first truncate whole *
-+ * bytes
-+ */
-+ if (8 * dgst_len > i)
-+ dgst_len = (i + 7) / 8;
-+
-+ if (!BN_bin2bn(dgst, dgst_len, m)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* If still too long truncate remaining bits with a shift */
-+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+ /* copy the truncated bits into plain buffer */
-+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* check if this is prime or binary EC request */
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_prime_field) {
-+ ec_crv = EC_PRIME;
-+
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GFp(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for prime curve */
-+ if (!EC_POINT_get_affine_coordinates_GFp(group,
-+ pub_key, w_x, w_y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_characteristic_two_field) {
-+ ec_crv = EC_BINARY;
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for binary curve */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ pub_key, w_x, w_y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* Get the order of the subgroup of private keys */
-+ if (spcf_bn2bin((BIGNUM *)order, &r, &r_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the irreducible polynomial that creates the field */
-+ if (spcf_bn2bin(p, &q, &q_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the public key into a flat buffer with appropriate padding */
-+ pub_key_len = 2 * q_len;
-+
-+ w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len);
-+ if (!w_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Generation of ECC curve parameters */
-+ ab_len = 2 * q_len;
-+
-+ ab = eng_copy_curve_points(a, b, ab_len, q_len);
-+ if (!ab) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ if (ec_crv == EC_BINARY) {
-+ /* copy b' i.e c(b), instead of only b */
-+ if (eng_ec_get_cparam
-+ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
-+ unsigned char *c_temp = NULL;
-+ int c_temp_len = q_len;
-+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+ memcpy(ab + q_len, c_temp, q_len);
-+ else
-+ goto err;
-+ }
-+ kop.curve_type = ECC_BINARY;
-+ }
-+
-+ /* Calculation of Generator point */
-+ g_len = 2 * q_len;
-+
-+ g_xy = eng_copy_curve_points(x, y, g_len, q_len);
-+ if (!g_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /**
-+ * Get the 1st part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ if (BN_num_bytes(sig->r) < r_len)
-+ c_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /**
-+ * Get the 2nd part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ if (BN_num_bytes(sig->s) < r_len)
-+ d_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* memory for message representative */
-+ f = malloc(r_len);
-+ if (!f) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ memset(f, 0, r_len - dgst_len);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
-+ dgst_len += r_len - dgst_len;
-+ kop.crk_op = CRK_DSA_VERIFY;
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+ kop.crk_param[0].crp_p = f;
-+ kop.crk_param[0].crp_nbits = dgst_len * 8;
-+ kop.crk_param[1].crp_p = q;
-+ kop.crk_param[1].crp_nbits = q_len * 8;
-+ kop.crk_param[2].crp_p = r;
-+ kop.crk_param[2].crp_nbits = r_len * 8;
-+ kop.crk_param[3].crp_p = g_xy;
-+ kop.crk_param[3].crp_nbits = g_len * 8;
-+ kop.crk_param[4].crp_p = w_xy;
-+ kop.crk_param[4].crp_nbits = pub_key_len * 8;
-+ kop.crk_param[5].crp_p = ab;
-+ kop.crk_param[5].crp_nbits = ab_len * 8;
-+ kop.crk_param[6].crp_p = c;
-+ kop.crk_param[6].crp_nbits = d_len * 8;
-+ kop.crk_param[7].crp_p = d;
-+ kop.crk_param[7].crp_nbits = d_len * 8;
-+ kop.crk_iparams = 8;
-+
-+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-+ /*
-+ * OCF success value is 0, if not zero, change ret to fail
-+ */
-+ if (0 == kop.crk_status)
-+ ret = 1;
-+ } else {
-+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+
-+ ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey);
-+ }
-+ kop.crk_param[0].crp_p = NULL;
-+ zapparams(&kop);
-+
-+ err:
-+ return ret;
-+}
-+
-+static int cryptodev_dh_keygen(DH *dh)
-+{
-+ struct crypt_kop kop;
-+ int ret = 1, g_len;
-+ unsigned char *g = NULL;
-+
-+ if (dh->priv_key == NULL) {
-+ if ((dh->priv_key = BN_new()) == NULL)
-+ goto sw_try;
-+ }
-+
-+ if (dh->pub_key == NULL) {
-+ if ((dh->pub_key = BN_new()) == NULL)
-+ goto sw_try;
-+ }
-+
-+ g_len = BN_num_bytes(dh->p);
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
-+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto sw_try;
-+ }
-+
-+ memset(&kop, 0, sizeof kop);
-+ kop.crk_op = CRK_DH_GENERATE_KEY;
-+ if (bn2crparam(dh->p, &kop.crk_param[0]))
-+ goto sw_try;
-+ if (bn2crparam(dh->q, &kop.crk_param[1]))
-+ goto sw_try;
-+ kop.crk_param[2].crp_p = g;
-+ kop.crk_param[2].crp_nbits = g_len * 8;
-+ kop.crk_iparams = 3;
-+
-+ /* pub_key is or prime length while priv key is of length of order */
-+ if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
-+ BN_num_bytes(dh->q), dh->priv_key))
-+ goto sw_try;
-+
-+ return ret;
-+ sw_try:
-+ {
-+ const DH_METHOD *meth = DH_OpenSSL();
-+ ret = (meth->generate_key) (dh);
-+ }
-+ return ret;
- }
-
- static int
-@@ -1610,41 +2431,236 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- {
- struct crypt_kop kop;
- int dhret = 1;
-- int fd, keylen;
-+ int fd, p_len;
-+ BIGNUM *temp = NULL;
-+ unsigned char *padded_pub_key = NULL, *p = NULL;
-+
-+ if ((fd = get_asym_dev_crypto()) < 0)
-+ goto sw_try;
-+
-+ memset(&kop, 0, sizeof kop);
-+ kop.crk_op = CRK_DH_COMPUTE_KEY;
-+ /* inputs: dh->priv_key pub_key dh->p key */
-+ spcf_bn2bin(dh->p, &p, &p_len);
-+ spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
-+ if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
-+ goto sw_try;
-+
-+ kop.crk_param[1].crp_p = padded_pub_key;
-+ kop.crk_param[1].crp_nbits = p_len * 8;
-+ kop.crk_param[2].crp_p = p;
-+ kop.crk_param[2].crp_nbits = p_len * 8;
-+ kop.crk_iparams = 3;
-+ kop.crk_param[3].crp_p = (void *)key;
-+ kop.crk_param[3].crp_nbits = p_len * 8;
-+ kop.crk_oparams = 1;
-+ dhret = p_len;
-+
-+ if (ioctl(fd, CIOCKEY, &kop))
-+ goto sw_try;
-+
-+ if ((temp = BN_new())) {
-+ if (!BN_bin2bn(key, p_len, temp)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto sw_try;
-+ }
-+ if (dhret > BN_num_bytes(temp))
-+ dhret = BN_bn2bin(temp, key);
-+ BN_free(temp);
-+ }
-
-- if ((fd = get_asym_dev_crypto()) < 0) {
-+ kop.crk_param[3].crp_p = NULL;
-+ zapparams(&kop);
-+ return (dhret);
-+ sw_try:
-+ {
- const DH_METHOD *meth = DH_OpenSSL();
-
-- return ((meth->compute_key) (key, pub_key, dh));
-+ dhret = (meth->compute_key) (key, pub_key, dh);
- }
-+ return (dhret);
-+}
-
-- keylen = BN_num_bits(dh->p);
-+int cryptodev_ecdh_compute_key(void *out, size_t outlen,
-+ const EC_POINT *pub_key, EC_KEY *ecdh,
-+ void *(*KDF) (const void *in, size_t inlen,
-+ void *out, size_t *outlen))
-+{
-+ ec_curve_t ec_crv = EC_PRIME;
-+ unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
-+ BIGNUM *w_x = NULL, *w_y = NULL;
-+ int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
-+ BIGNUM *p = NULL, *a = NULL, *b = NULL;
-+ BN_CTX *ctx;
-+ EC_POINT *tmp = NULL;
-+ BIGNUM *x = NULL, *y = NULL;
-+ const BIGNUM *priv_key;
-+ const EC_GROUP *group = NULL;
-+ int ret = -1;
-+ size_t buflen, len;
-+ struct crypt_kop kop;
-
- memset(&kop, 0, sizeof kop);
-- kop.crk_op = CRK_DH_COMPUTE_KEY;
-
-- /* inputs: dh->priv_key pub_key dh->p key */
-- if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
-+ if ((ctx = BN_CTX_new()) == NULL)
- goto err;
-- if (bn2crparam(pub_key, &kop.crk_param[1]))
-+ BN_CTX_start(ctx);
-+ x = BN_CTX_get(ctx);
-+ y = BN_CTX_get(ctx);
-+ p = BN_CTX_get(ctx);
-+ a = BN_CTX_get(ctx);
-+ b = BN_CTX_get(ctx);
-+ w_x = BN_CTX_get(ctx);
-+ w_y = BN_CTX_get(ctx);
-+
-+ if (!x || !y || !p || !a || !b || !w_x || !w_y) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
- goto err;
-- if (bn2crparam(dh->p, &kop.crk_param[2]))
-+ }
-+
-+ priv_key = EC_KEY_get0_private_key(ecdh);
-+ if (priv_key == NULL) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE);
- goto err;
-- kop.crk_iparams = 3;
-+ }
-
-- kop.crk_param[3].crp_p = (caddr_t) key;
-- kop.crk_param[3].crp_nbits = keylen * 8;
-- kop.crk_oparams = 1;
-+ group = EC_KEY_get0_group(ecdh);
-+ if ((tmp = EC_POINT_new(group)) == NULL) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-
-- if (ioctl(fd, CIOCKEY, &kop) == -1) {
-- const DH_METHOD *meth = DH_OpenSSL();
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_prime_field) {
-+ ec_crv = EC_PRIME;
-
-- dhret = (meth->compute_key) (key, pub_key, dh);
-+ if (!EC_POINT_get_affine_coordinates_GFp(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for prime curve */
-+ if (!EC_POINT_get_affine_coordinates_GFp
-+ (group, pub_key, w_x, w_y, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+ } else {
-+ ec_crv = EC_BINARY;
-+
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for binary curve */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ pub_key, w_x, w_y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
- }
-+
-+ /* irreducible polynomial that creates the field */
-+ if (spcf_bn2bin((BIGNUM *)&group->order, &r, &r_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the irreducible polynomial that creates the field */
-+ if (spcf_bn2bin(p, &q, &q_len)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* Get the public key into a flat buffer with appropriate padding */
-+ pub_key_len = 2 * q_len;
-+ w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len);
-+ if (!w_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Generation of ECC curve parameters */
-+ ab_len = 2 * q_len;
-+ ab = eng_copy_curve_points(a, b, ab_len, q_len);
-+ if (!ab) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ if (ec_crv == EC_BINARY) {
-+ /* copy b' i.e c(b), instead of only b */
-+ if (eng_ec_get_cparam
-+ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
-+ unsigned char *c_temp = NULL;
-+ int c_temp_len = q_len;
-+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+ memcpy(ab + q_len, c_temp, q_len);
-+ else
-+ goto err;
-+ }
-+ kop.curve_type = ECC_BINARY;
-+ } else
-+ kop.curve_type = ECC_PRIME;
-+
-+ priv_key_len = r_len;
-+
-+ /*
-+ * If BN_num_bytes of priv_key returns less then r_len then
-+ * add padding bytes before the key
-+ */
-+ if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ buflen = (EC_GROUP_get_degree(group) + 7) / 8;
-+ len = BN_num_bytes(x);
-+ if (len > buflen || q_len < buflen) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
-+ goto err;
-+ }
-+
-+ kop.crk_op = CRK_DH_COMPUTE_KEY;
-+ kop.crk_param[0].crp_p = (void *)s;
-+ kop.crk_param[0].crp_nbits = priv_key_len * 8;
-+ kop.crk_param[1].crp_p = (void *)w_xy;
-+ kop.crk_param[1].crp_nbits = pub_key_len * 8;
-+ kop.crk_param[2].crp_p = (void *)q;
-+ kop.crk_param[2].crp_nbits = q_len * 8;
-+ kop.crk_param[3].crp_p = (void *)ab;
-+ kop.crk_param[3].crp_nbits = ab_len * 8;
-+ kop.crk_iparams = 4;
-+ kop.crk_param[4].crp_p = (void *)out;
-+ kop.crk_param[4].crp_nbits = q_len * 8;
-+ kop.crk_oparams = 1;
-+ ret = q_len;
-+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL)) {
-+ const ECDH_METHOD *meth = ECDH_OpenSSL();
-+ ret = (meth->compute_key) (out, outlen, pub_key, ecdh, KDF);
-+ } else
-+ ret = q_len;
- err:
-- kop.crk_param[3].crp_p = NULL;
-+ kop.crk_param[4].crp_p = NULL;
- zapparams(&kop);
-- return (dhret);
-+ return ret;
- }
-
- static DH_METHOD cryptodev_dh = {
-@@ -1658,6 +2674,14 @@ static DH_METHOD cryptodev_dh = {
- NULL /* app_data */
- };
-
-+static ECDH_METHOD cryptodev_ecdh = {
-+ "cryptodev ECDH method",
-+ NULL, /* cryptodev_ecdh_compute_key */
-+ NULL,
-+ 0, /* flags */
-+ NULL /* app_data */
-+};
-+
- /*
- * ctrl right now is just a wrapper that doesn't do much
- * but I expect we'll want some options soon.
-@@ -1737,24 +2761,39 @@ void ENGINE_load_cryptodev(void)
- memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
- if (cryptodev_asymfeat & CRF_DSA_SIGN)
- cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
-- if (cryptodev_asymfeat & CRF_MOD_EXP) {
-- cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
-- cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
-- }
- if (cryptodev_asymfeat & CRF_DSA_VERIFY)
- cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
-+ if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY)
-+ cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen;
- }
-
- if (ENGINE_set_DH(engine, &cryptodev_dh)) {
- const DH_METHOD *dh_meth = DH_OpenSSL();
-+ memcpy(&cryptodev_dh, dh_meth, sizeof(DH_METHOD));
-+ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
-+ cryptodev_dh.compute_key = cryptodev_dh_compute_key;
-+ }
-+ if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) {
-+ cryptodev_dh.generate_key = cryptodev_dh_keygen;
-+ }
-+ }
-
-- cryptodev_dh.generate_key = dh_meth->generate_key;
-- cryptodev_dh.compute_key = dh_meth->compute_key;
-- cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
-- if (cryptodev_asymfeat & CRF_MOD_EXP) {
-- cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
-- if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
-- cryptodev_dh.compute_key = cryptodev_dh_compute_key;
-+ if (ENGINE_set_ECDSA(engine, &cryptodev_ecdsa)) {
-+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+ memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD));
-+ if (cryptodev_asymfeat & CRF_DSA_SIGN) {
-+ cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign;
-+ }
-+ if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
-+ cryptodev_ecdsa.ecdsa_do_verify = cryptodev_ecdsa_verify;
-+ }
-+ }
-+
-+ if (ENGINE_set_ECDH(engine, &cryptodev_ecdh)) {
-+ const ECDH_METHOD *ecdh_meth = ECDH_OpenSSL();
-+ memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD));
-+ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
-+ cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key;
- }
- }
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch
deleted file mode 100644
index 049f963..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From e9981377fe8e2081fcd5b4e43a5ef4d8f1cc1e67 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta@freescale.com>
-Date: Tue, 11 Mar 2014 06:42:59 +0545
-Subject: [PATCH 06/48] Added hwrng dev file as source of RNG
-
-Upstream-status: Pending
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
----
- e_os.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/e_os.h b/e_os.h
-index 1fa36c1..6c0917b 100644
---- a/e_os.h
-+++ b/e_os.h
-@@ -82,7 +82,7 @@ extern "C" {
- * set this to a comma-separated list of 'random' device files to try out. My
- * default, we will try to read at least one of these files
- */
--# define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
-+# define DEVRANDOM "/dev/hwrng","/dev/urandom","/dev/random","/dev/srandom"
- # endif
- # ifndef DEVRANDOM_EGD
- /*
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
deleted file mode 100644
index 154ae80..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
+++ /dev/null
@@ -1,2050 +0,0 @@
-From ea28474ed5e1e21a6efba7570bf0d27d02923bce Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta@freescale.com>
-Date: Tue, 11 Mar 2014 07:14:30 +0545
-Subject: [PATCH 07/48] Asynchronous interface added for PKC cryptodev
- interface
-
-Upstream-status: Pending
-
-Change-Id: Ia8974f793dc18a959ed6798dcdd7d3fad81cb7da
-Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
----
- crypto/crypto.h | 16 +
- crypto/dh/dh.h | 3 +
- crypto/dsa/dsa.h | 5 +
- crypto/ecdh/ech_locl.h | 3 +
- crypto/ecdsa/ecs_locl.h | 5 +
- crypto/engine/eng_cryptodev.c | 1598 +++++++++++++++++++++++++++++++++++++----
- crypto/engine/eng_int.h | 23 +
- crypto/engine/eng_lib.c | 46 ++
- crypto/engine/engine.h | 24 +
- crypto/rsa/rsa.h | 23 +
- 10 files changed, 1605 insertions(+), 141 deletions(-)
-
-diff --git a/crypto/crypto.h b/crypto/crypto.h
-index 6c644ce..2b4ec59 100644
---- a/crypto/crypto.h
-+++ b/crypto/crypto.h
-@@ -655,6 +655,22 @@ void ERR_load_CRYPTO_strings(void);
- # define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101
- # define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100
-
-+/* Additions for Asynchronous PKC Infrastructure */
-+struct pkc_cookie_s {
-+ void *cookie; /* To be filled by openssl library primitive method function caller */
-+ void *eng_cookie; /* To be filled by Engine */
-+ /*
-+ * Callback handler to be provided by caller. Ensure to pass a
-+ * handler which takes the crypto operation to completion.
-+ * cookie: Container cookie from library
-+ * status: Status of the crypto Job completion.
-+ * 0: Job handled without any issue
-+ * -EINVAL: Parameters Invalid
-+ */
-+ void (*pkc_callback)(struct pkc_cookie_s *cookie, int status);
-+ void *eng_handle;
-+};
-+
- #ifdef __cplusplus
- }
- #endif
-diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
-index a5bd901..31dd762 100644
---- a/crypto/dh/dh.h
-+++ b/crypto/dh/dh.h
-@@ -123,6 +123,9 @@ struct dh_method {
- int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-+ int (*compute_key_async)(unsigned char *key,const BIGNUM *pub_key,DH *dh,
-+ struct pkc_cookie_s *cookie);
-+ int (*generate_key_async)(DH *dh, struct pkc_cookie_s *cookie);
- int (*init) (DH *dh);
- int (*finish) (DH *dh);
- int flags;
-diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
-index 545358f..8584731 100644
---- a/crypto/dsa/dsa.h
-+++ b/crypto/dsa/dsa.h
-@@ -139,6 +139,10 @@ struct dsa_method {
- /* Can be null */
- int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-+ int (*dsa_do_sign_async)(const unsigned char *dgst, int dlen, DSA *dsa,
-+ DSA_SIG *sig, struct pkc_cookie_s *cookie);
-+ int (*dsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
-+ DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie);
- int (*init) (DSA *dsa);
- int (*finish) (DSA *dsa);
- int flags;
-@@ -150,6 +154,7 @@ struct dsa_method {
- BN_GENCB *cb);
- /* If this is non-NULL, it is used to generate DSA keys */
- int (*dsa_keygen) (DSA *dsa);
-+ int (*dsa_keygen_async)(DSA *dsa, struct pkc_cookie_s *cookie);
- };
-
- struct dsa_st {
-diff --git a/crypto/ecdh/ech_locl.h b/crypto/ecdh/ech_locl.h
-index 4e66024..502507b 100644
---- a/crypto/ecdh/ech_locl.h
-+++ b/crypto/ecdh/ech_locl.h
-@@ -68,6 +68,9 @@ struct ecdh_method {
- EC_KEY *ecdh, void *(*KDF) (const void *in,
- size_t inlen, void *out,
- size_t *outlen));
-+ int (*compute_key_async)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
-+ void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen),
-+ struct pkc_cookie_s *cookie);
- # if 0
- int (*init) (EC_KEY *eckey);
- int (*finish) (EC_KEY *eckey);
-diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h
-index d3a5efc..9b28c04 100644
---- a/crypto/ecdsa/ecs_locl.h
-+++ b/crypto/ecdsa/ecs_locl.h
-@@ -74,6 +74,11 @@ struct ecdsa_method {
- BIGNUM **r);
- int (*ecdsa_do_verify) (const unsigned char *dgst, int dgst_len,
- const ECDSA_SIG *sig, EC_KEY *eckey);
-+ int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len,
-+ const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey,
-+ ECDSA_SIG *sig, struct pkc_cookie_s *cookie);
-+ int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
-+ const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie);
- # if 0
- int (*init) (EC_KEY *eckey);
- int (*finish) (EC_KEY *eckey);
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index cc9b63b..90fe9b8 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1371,6 +1371,60 @@ static void zapparams(struct crypt_kop *kop)
- }
- }
-
-+/*
-+ * Any PKC request has at max 2 output parameters and they are stored here to
-+ * be used while copying in the check availability
-+ */
-+struct cryptodev_cookie_s {
-+ BIGNUM *r;
-+ struct crparam r_param;
-+ BIGNUM *s;
-+ struct crparam s_param;
-+ struct crypt_kop *kop;
-+};
-+
-+static int
-+cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
-+ BIGNUM *s)
-+{
-+ int fd;
-+ struct pkc_cookie_s *cookie = kop->cookie;
-+ struct cryptodev_cookie_s *eng_cookie;
-+
-+ fd = *(int *)cookie->eng_handle;
-+
-+ eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
-+
-+ if (eng_cookie) {
-+ memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
-+ if (r) {
-+ kop->crk_param[kop->crk_iparams].crp_p =
-+ calloc(rlen, sizeof(char));
-+ if (!kop->crk_param[kop->crk_iparams].crp_p)
-+ return -ENOMEM;
-+ kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
-+ kop->crk_oparams++;
-+ eng_cookie->r = r;
-+ eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
-+ }
-+ if (s) {
-+ kop->crk_param[kop->crk_iparams + 1].crp_p =
-+ calloc(slen, sizeof(char));
-+ if (!kop->crk_param[kop->crk_iparams + 1].crp_p)
-+ return -ENOMEM;
-+ kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
-+ kop->crk_oparams++;
-+ eng_cookie->s = s;
-+ eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
-+ }
-+ } else
-+ return -ENOMEM;
-+
-+ eng_cookie->kop = kop;
-+ cookie->eng_cookie = eng_cookie;
-+ return ioctl(fd, CIOCASYMASYNCRYPT, kop);
-+}
-+
- static int
- cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
- BIGNUM *s)
-@@ -1438,6 +1492,44 @@ void *cryptodev_init_instance(void)
- return fd;
- }
-
-+# include <poll.h>
-+
-+/* Return 0 on success and 1 on failure */
-+int cryptodev_check_availability(void *eng_handle)
-+{
-+ int fd = *(int *)eng_handle;
-+ struct pkc_cookie_list_s cookie_list;
-+ struct pkc_cookie_s *cookie;
-+ int i;
-+
-+ /* FETCH COOKIE returns number of cookies extracted */
-+ if (ioctl(fd, CIOCASYMFETCHCOOKIE, &cookie_list) <= 0)
-+ return 1;
-+
-+ for (i = 0; i < cookie_list.cookie_available; i++) {
-+ cookie = cookie_list.cookie[i];
-+ if (cookie) {
-+ struct cryptodev_cookie_s *eng_cookie = cookie->eng_cookie;
-+ if (eng_cookie) {
-+ struct crypt_kop *kop = eng_cookie->kop;
-+
-+ if (eng_cookie->r)
-+ crparam2bn(&eng_cookie->r_param, eng_cookie->r);
-+ if (eng_cookie->s)
-+ crparam2bn(&eng_cookie->s_param, eng_cookie->s);
-+ if (kop->crk_op == CRK_DH_COMPUTE_KEY)
-+ kop->crk_oparams = 0;
-+
-+ zapparams(eng_cookie->kop);
-+ free(eng_cookie->kop);
-+ free(eng_cookie);
-+ }
-+ cookie->pkc_callback(cookie, cookie_list.status[i]);
-+ }
-+ }
-+ return 0;
-+}
-+
- static int
- cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-@@ -1485,6 +1577,66 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- }
-
- static int
-+cryptodev_bn_mod_exp_async(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont,
-+ struct pkc_cookie_s *cookie)
-+{
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ int ret = 1;
-+
-+ /*
-+ * Currently, we know we can do mod exp iff we can do any asymmetric
-+ * operations at all.
-+ */
-+ if (cryptodev_asymfeat == 0 || !kop) {
-+ ret = BN_mod_exp(r, a, p, m, ctx);
-+ return (ret);
-+ }
-+
-+ kop->crk_oparams = 0;
-+ kop->crk_status = 0;
-+ kop->crk_op = CRK_MOD_EXP;
-+ kop->cookie = cookie;
-+ /* inputs: a^p % m */
-+ if (bn2crparam(a, &kop->crk_param[0]))
-+ goto err;
-+ if (bn2crparam(p, &kop->crk_param[1]))
-+ goto err;
-+ if (bn2crparam(m, &kop->crk_param[2]))
-+ goto err;
-+
-+ kop->crk_iparams = 3;
-+ if (cryptodev_asym_async(kop, BN_num_bytes(m), r, 0, NULL))
-+ goto err;
-+
-+ return ret;
-+ err:
-+ {
-+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-+
-+ if (kop)
-+ free(kop);
-+ ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
-+ if (ret)
-+ /* Call the completion handler immediately */
-+ cookie->pkc_callback(cookie, 0);
-+ }
-+ return ret;
-+}
-+
-+static int
-+cryptodev_rsa_nocrt_mod_exp_async(BIGNUM *r0, const BIGNUM *I,
-+ RSA *rsa, BN_CTX *ctx,
-+ struct pkc_cookie_s *cookie)
-+{
-+ int r;
-+ ctx = BN_CTX_new();
-+ r = cryptodev_bn_mod_exp_async(r0, I, rsa->d, rsa->n, ctx, NULL, cookie);
-+ BN_CTX_free(ctx);
-+ return r;
-+}
-+
-+static int
- cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
- BN_CTX *ctx)
- {
-@@ -1551,6 +1703,63 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- return (ret);
- }
-
-+static int
-+cryptodev_rsa_mod_exp_async(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
-+ BN_CTX *ctx, struct pkc_cookie_s *cookie)
-+{
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ int ret = 1, f_len, p_len, q_len;
-+ unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq =
-+ NULL, *c = NULL;
-+
-+ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp || !kop) {
-+ return (0);
-+ }
-+
-+ kop->crk_oparams = 0;
-+ kop->crk_status = 0;
-+ kop->crk_op = CRK_MOD_EXP_CRT;
-+ f_len = BN_num_bytes(rsa->n);
-+ spcf_bn2bin_ex(I, &f, &f_len);
-+ spcf_bn2bin(rsa->p, &p, &p_len);
-+ spcf_bn2bin(rsa->q, &q, &q_len);
-+ spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
-+ spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
-+ spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
-+ /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
-+ kop->crk_param[0].crp_p = p;
-+ kop->crk_param[0].crp_nbits = p_len * 8;
-+ kop->crk_param[1].crp_p = q;
-+ kop->crk_param[1].crp_nbits = q_len * 8;
-+ kop->crk_param[2].crp_p = f;
-+ kop->crk_param[2].crp_nbits = f_len * 8;
-+ kop->crk_param[3].crp_p = dp;
-+ kop->crk_param[3].crp_nbits = p_len * 8;
-+ /* dq must of length q, rest all of length p */
-+ kop->crk_param[4].crp_p = dq;
-+ kop->crk_param[4].crp_nbits = q_len * 8;
-+ kop->crk_param[5].crp_p = c;
-+ kop->crk_param[5].crp_nbits = p_len * 8;
-+ kop->crk_iparams = 6;
-+ kop->cookie = cookie;
-+ if (cryptodev_asym_async(kop, BN_num_bytes(rsa->n), r0, 0, NULL))
-+ goto err;
-+
-+ return ret;
-+ err:
-+ {
-+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-+
-+ if (kop)
-+ free(kop);
-+ ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
-+ if (ret)
-+ /* Call user completion handler immediately */
-+ cookie->pkc_callback(cookie, 0);
-+ }
-+ return (ret);
-+}
-+
- static RSA_METHOD cryptodev_rsa = {
- "cryptodev RSA method",
- NULL, /* rsa_pub_enc */
-@@ -1559,6 +1768,12 @@ static RSA_METHOD cryptodev_rsa = {
- NULL, /* rsa_priv_dec */
- NULL,
- NULL,
-+ NULL, /* rsa_pub_enc */
-+ NULL, /* rsa_pub_dec */
-+ NULL, /* rsa_priv_enc */
-+ NULL, /* rsa_priv_dec */
-+ NULL,
-+ NULL,
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
-@@ -1859,128 +2074,428 @@ static int cryptodev_dsa_keygen(DSA *dsa)
- return ret;
- }
-
--static DSA_METHOD cryptodev_dsa = {
-- "cryptodev DSA method",
-- NULL,
-- NULL, /* dsa_sign_setup */
-- NULL,
-- NULL, /* dsa_mod_exp */
-- NULL,
-- NULL, /* init */
-- NULL, /* finish */
-- 0, /* flags */
-- NULL /* app_data */
--};
-+/* Cryptodev DSA Key Gen routine */
-+static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie)
-+{
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ int ret = 1, g_len;
-+ unsigned char *g = NULL;
-
--static ECDSA_METHOD cryptodev_ecdsa = {
-- "cryptodev ECDSA method",
-- NULL,
-- NULL, /* ecdsa_sign_setup */
-- NULL,
-- NULL,
-- 0, /* flags */
-- NULL /* app_data */
--};
-+ if (!kop)
-+ goto sw_try;
-
--typedef enum ec_curve_s {
-- EC_PRIME,
-- EC_BINARY
--} ec_curve_t;
-+ if (dsa->priv_key == NULL) {
-+ if ((dsa->priv_key = BN_new()) == NULL)
-+ goto sw_try;
-+ }
-
--/* ENGINE handler for ECDSA Sign */
--static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
-- int dgst_len, const BIGNUM *in_kinv,
-- const BIGNUM *in_r, EC_KEY *eckey)
--{
-- BIGNUM *m = NULL, *p = NULL, *a = NULL;
-- BIGNUM *b = NULL, *x = NULL, *y = NULL;
-- BN_CTX *ctx = NULL;
-- ECDSA_SIG *ret = NULL;
-- ECDSA_DATA *ecdsa = NULL;
-- unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
-- unsigned char *s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst =
-- NULL;
-- int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
-- int g_len = 0, d_len = 0, ab_len = 0;
-- const BIGNUM *order = NULL, *priv_key = NULL;
-- const EC_GROUP *group = NULL;
-- struct crypt_kop kop;
-- ec_curve_t ec_crv = EC_PRIME;
-+ if (dsa->pub_key == NULL) {
-+ if ((dsa->pub_key = BN_new()) == NULL)
-+ goto sw_try;
-+ }
-
-- memset(&kop, 0, sizeof(kop));
-- ecdsa = ecdsa_check(eckey);
-- if (!ecdsa) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-- return NULL;
-+ g_len = BN_num_bytes(dsa->p);
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+ DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto sw_try;
- }
-
-- group = EC_KEY_get0_group(eckey);
-- priv_key = EC_KEY_get0_private_key(eckey);
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+ kop->crk_op = CRK_DSA_GENERATE_KEY;
-+ if (bn2crparam(dsa->p, &kop->crk_param[0]))
-+ goto sw_try;
-+ if (bn2crparam(dsa->q, &kop->crk_param[1]))
-+ goto sw_try;
-+ kop->crk_param[2].crp_p = g;
-+ kop->crk_param[2].crp_nbits = g_len * 8;
-+ kop->crk_iparams = 3;
-+ kop->cookie = cookie;
-
-- if (!group || !priv_key) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-- return NULL;
-+ /* pub_key is or prime length while priv key is of length of order */
-+ if (cryptodev_asym_async(kop, BN_num_bytes(dsa->p), dsa->pub_key,
-+ BN_num_bytes(dsa->q), dsa->priv_key))
-+ goto sw_try;
-+
-+ return ret;
-+ sw_try:
-+ {
-+ const DSA_METHOD *meth = DSA_OpenSSL();
-+
-+ if (kop)
-+ free(kop);
-+ ret = (meth->dsa_keygen) (dsa);
-+ cookie->pkc_callback(cookie, 0);
- }
-+ return ret;
-+}
-
-- if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-- (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-- (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-- (y = BN_new()) == NULL) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+static int
-+cryptodev_dsa_do_sign_async(const unsigned char *dgst, int dlen, DSA *dsa,
-+ DSA_SIG *sig, struct pkc_cookie_s *cookie)
-+{
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ DSA_SIG *dsaret = NULL;
-+ int q_len = 0, r_len = 0, g_len = 0;
-+ int priv_key_len = 0, ret = 1;
-+ unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f =
-+ NULL;
-+ if (((sig->r = BN_new()) == NULL) || !kop) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
-- order = &group->order;
-- if (!order || BN_is_zero(order)) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
-+ if ((sig->s = BN_new()) == NULL) {
-+ BN_free(sig->r);
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
-- i = BN_num_bits(order);
-- /*
-- * Need to truncate digest if it is too long: first truncate whole bytes
-- */
-- if (8 * dgst_len > i)
-- dgst_len = (i + 7) / 8;
--
-- if (!BN_bin2bn(dgst, dgst_len, m)) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ if (spcf_bn2bin(dsa->p, &q, &q_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
- goto err;
- }
-
-- /* If still too long truncate remaining bits with a shift */
-- if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ /* Get order of the field of private keys into plain buffer */
-+ if (spcf_bn2bin(dsa->q, &r, &r_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
-- /* copy the truncated bits into plain buffer */
-- if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
-- fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__,
-- __LINE__);
-+ /* sanity test */
-+ if (dlen > r_len) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
- goto err;
- }
-
-- ret = ECDSA_SIG_new();
-- if (!ret) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ g_len = q_len;
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
-- /* check if this is prime or binary EC request */
-- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-- NID_X9_62_prime_field) {
-- ec_crv = EC_PRIME;
-- /* get the generator point pair */
-- if (!EC_POINT_get_affine_coordinates_GFp
-- (group, EC_GROUP_get0_generator(group), x, y, ctx)) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-- goto err;
-- }
-+ priv_key_len = r_len;
-+ /**
-+ * Get private key into a plain buffer. If length is less than
-+ * r_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-
-- /* get the ECC curve parameters */
-- if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ /* Allocate memory to store hash. */
-+ f = OPENSSL_malloc(r_len);
-+ if (!f) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ if (dlen < r_len)
-+ memset(f, 0, r_len - dlen);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dlen, dgst, dlen);
-+
-+ dlen = r_len;
-+
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+ kop->crk_op = CRK_DSA_SIGN;
-+
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+ kop->crk_param[0].crp_p = (void *)f;
-+ kop->crk_param[0].crp_nbits = dlen * 8;
-+ kop->crk_param[1].crp_p = (void *)q;
-+ kop->crk_param[1].crp_nbits = q_len * 8;
-+ kop->crk_param[2].crp_p = (void *)r;
-+ kop->crk_param[2].crp_nbits = r_len * 8;
-+ kop->crk_param[3].crp_p = (void *)g;
-+ kop->crk_param[3].crp_nbits = g_len * 8;
-+ kop->crk_param[4].crp_p = (void *)priv_key;
-+ kop->crk_param[4].crp_nbits = priv_key_len * 8;
-+ kop->crk_iparams = 5;
-+ kop->cookie = cookie;
-+
-+ if (cryptodev_asym_async(kop, r_len, sig->r, r_len, sig->s))
-+ goto err;
-+
-+ return ret;
-+ err:
-+ {
-+ const DSA_METHOD *meth = DSA_OpenSSL();
-+
-+ if (kop)
-+ free(kop);
-+ BN_free(sig->r);
-+ BN_free(sig->s);
-+ dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);
-+ sig->r = dsaret->r;
-+ sig->s = dsaret->s;
-+ /* Call user callback immediately */
-+ cookie->pkc_callback(cookie, 0);
-+ ret = dsaret;
-+ }
-+ return ret;
-+}
-+
-+static int
-+cryptodev_dsa_verify_async(const unsigned char *dgst, int dlen,
-+ DSA_SIG *sig, DSA *dsa,
-+ struct pkc_cookie_s *cookie)
-+{
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ int q_len = 0, r_len = 0, g_len = 0;
-+ int w_len = 0, c_len = 0, d_len = 0, ret = 1;
-+ unsigned char *q = NULL, *r = NULL, *w = NULL, *g = NULL;
-+ unsigned char *c = NULL, *d = NULL, *f = NULL;
-+
-+ if (!kop)
-+ goto err;
-+
-+ if (spcf_bn2bin(dsa->p, &q, &q_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ return ret;
-+ }
-+
-+ /* Get Order of field of private keys */
-+ if (spcf_bn2bin(dsa->q, &r, &r_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ g_len = q_len;
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ w_len = q_len;
-+ /**
-+ * Get public key into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ /**
-+ * Get the 1st part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ c_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /**
-+ * Get the 2nd part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ d_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Sanity test */
-+ if (dlen > r_len) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Allocate memory to store hash. */
-+ f = OPENSSL_malloc(r_len);
-+ if (!f) {
-+ DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ if (dlen < r_len)
-+ memset(f, 0, r_len - dlen);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dlen, dgst, dlen);
-+
-+ dlen = r_len;
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
-+ kop->crk_param[0].crp_p = (void *)f;
-+ kop->crk_param[0].crp_nbits = dlen * 8;
-+ kop->crk_param[1].crp_p = q;
-+ kop->crk_param[1].crp_nbits = q_len * 8;
-+ kop->crk_param[2].crp_p = r;
-+ kop->crk_param[2].crp_nbits = r_len * 8;
-+ kop->crk_param[3].crp_p = g;
-+ kop->crk_param[3].crp_nbits = g_len * 8;
-+ kop->crk_param[4].crp_p = w;
-+ kop->crk_param[4].crp_nbits = w_len * 8;
-+ kop->crk_param[5].crp_p = c;
-+ kop->crk_param[5].crp_nbits = c_len * 8;
-+ kop->crk_param[6].crp_p = d;
-+ kop->crk_param[6].crp_nbits = d_len * 8;
-+ kop->crk_iparams = 7;
-+ kop->crk_op = CRK_DSA_VERIFY;
-+ kop->cookie = cookie;
-+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
-+ goto err;
-+
-+ return ret;
-+ err:
-+ {
-+ const DSA_METHOD *meth = DSA_OpenSSL();
-+
-+ if (kop)
-+ free(kop);
-+
-+ ret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
-+ cookie->pkc_callback(cookie, 0);
-+ }
-+ return ret;
-+}
-+
-+static DSA_METHOD cryptodev_dsa = {
-+ "cryptodev DSA method",
-+ NULL,
-+ NULL, /* dsa_sign_setup */
-+ NULL,
-+ NULL, /* dsa_mod_exp */
-+ NULL,
-+ NULL,
-+ NULL,
-+ NULL,
-+ NULL, /* init */
-+ NULL, /* finish */
-+ 0, /* flags */
-+ NULL /* app_data */
-+};
-+
-+static ECDSA_METHOD cryptodev_ecdsa = {
-+ "cryptodev ECDSA method",
-+ NULL,
-+ NULL, /* ecdsa_sign_setup */
-+ NULL,
-+ NULL,
-+ NULL,
-+ NULL,
-+ 0, /* flags */
-+ NULL /* app_data */
-+};
-+
-+typedef enum ec_curve_s {
-+ EC_PRIME,
-+ EC_BINARY
-+} ec_curve_t;
-+
-+/* ENGINE handler for ECDSA Sign */
-+static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
-+ int dgst_len, const BIGNUM *in_kinv,
-+ const BIGNUM *in_r, EC_KEY *eckey)
-+{
-+ BIGNUM *m = NULL, *p = NULL, *a = NULL;
-+ BIGNUM *b = NULL, *x = NULL, *y = NULL;
-+ BN_CTX *ctx = NULL;
-+ ECDSA_SIG *ret = NULL;
-+ ECDSA_DATA *ecdsa = NULL;
-+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
-+ unsigned char *s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst =
-+ NULL;
-+ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
-+ int g_len = 0, d_len = 0, ab_len = 0;
-+ const BIGNUM *order = NULL, *priv_key = NULL;
-+ const EC_GROUP *group = NULL;
-+ struct crypt_kop kop;
-+ ec_curve_t ec_crv = EC_PRIME;
-+
-+ memset(&kop, 0, sizeof(kop));
-+ ecdsa = ecdsa_check(eckey);
-+ if (!ecdsa) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+ return NULL;
-+ }
-+
-+ group = EC_KEY_get0_group(eckey);
-+ priv_key = EC_KEY_get0_private_key(eckey);
-+
-+ if (!group || !priv_key) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+ return NULL;
-+ }
-+
-+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+ (y = BN_new()) == NULL) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ order = &group->order;
-+ if (!order || BN_is_zero(order)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
-+ goto err;
-+ }
-+
-+ i = BN_num_bits(order);
-+ /*
-+ * Need to truncate digest if it is too long: first truncate whole bytes
-+ */
-+ if (8 * dgst_len > i)
-+ dgst_len = (i + 7) / 8;
-+
-+ if (!BN_bin2bn(dgst, dgst_len, m)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* If still too long truncate remaining bits with a shift */
-+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* copy the truncated bits into plain buffer */
-+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
-+ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__,
-+ __LINE__);
-+ goto err;
-+ }
-+
-+ ret = ECDSA_SIG_new();
-+ if (!ret) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* check if this is prime or binary EC request */
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_prime_field) {
-+ ec_crv = EC_PRIME;
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GFp
-+ (group, EC_GROUP_get0_generator(group), x, y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
- goto err;
- }
- } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-@@ -2325,54 +2840,588 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
- goto err;
- }
-
-- /* memory for message representative */
-- f = malloc(r_len);
-- if (!f) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-- goto err;
-+ /* memory for message representative */
-+ f = malloc(r_len);
-+ if (!f) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ memset(f, 0, r_len - dgst_len);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
-+ dgst_len += r_len - dgst_len;
-+ kop.crk_op = CRK_DSA_VERIFY;
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+ kop.crk_param[0].crp_p = f;
-+ kop.crk_param[0].crp_nbits = dgst_len * 8;
-+ kop.crk_param[1].crp_p = q;
-+ kop.crk_param[1].crp_nbits = q_len * 8;
-+ kop.crk_param[2].crp_p = r;
-+ kop.crk_param[2].crp_nbits = r_len * 8;
-+ kop.crk_param[3].crp_p = g_xy;
-+ kop.crk_param[3].crp_nbits = g_len * 8;
-+ kop.crk_param[4].crp_p = w_xy;
-+ kop.crk_param[4].crp_nbits = pub_key_len * 8;
-+ kop.crk_param[5].crp_p = ab;
-+ kop.crk_param[5].crp_nbits = ab_len * 8;
-+ kop.crk_param[6].crp_p = c;
-+ kop.crk_param[6].crp_nbits = d_len * 8;
-+ kop.crk_param[7].crp_p = d;
-+ kop.crk_param[7].crp_nbits = d_len * 8;
-+ kop.crk_iparams = 8;
-+
-+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-+ /*
-+ * OCF success value is 0, if not zero, change ret to fail
-+ */
-+ if (0 == kop.crk_status)
-+ ret = 1;
-+ } else {
-+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+
-+ ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey);
-+ }
-+ kop.crk_param[0].crp_p = NULL;
-+ zapparams(&kop);
-+
-+ err:
-+ return ret;
-+}
-+
-+static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst,
-+ int dgst_len, const BIGNUM *in_kinv,
-+ const BIGNUM *in_r, EC_KEY *eckey,
-+ ECDSA_SIG *sig,
-+ struct pkc_cookie_s *cookie)
-+{
-+ BIGNUM *m = NULL, *p = NULL, *a = NULL;
-+ BIGNUM *b = NULL, *x = NULL, *y = NULL;
-+ BN_CTX *ctx = NULL;
-+ ECDSA_SIG *sig_ret = NULL;
-+ ECDSA_DATA *ecdsa = NULL;
-+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
-+ unsigned char *s = NULL, *f = NULL, *tmp_dgst = NULL;
-+ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
-+ int g_len = 0, ab_len = 0, ret = 1;
-+ const BIGNUM *order = NULL, *priv_key = NULL;
-+ const EC_GROUP *group = NULL;
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ ec_curve_t ec_crv = EC_PRIME;
-+
-+ if (!(sig->r = BN_new()) || !kop)
-+ goto err;
-+ if ((sig->s = BN_new()) == NULL) {
-+ BN_free(r);
-+ goto err;
-+ }
-+
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+ ecdsa = ecdsa_check(eckey);
-+ if (!ecdsa) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+ goto err;
-+ }
-+
-+ group = EC_KEY_get0_group(eckey);
-+ priv_key = EC_KEY_get0_private_key(eckey);
-+
-+ if (!group || !priv_key) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+ goto err;
-+ }
-+
-+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+ (y = BN_new()) == NULL) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ order = &group->order;
-+ if (!order || BN_is_zero(order)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
-+ goto err;
-+ }
-+
-+ i = BN_num_bits(order);
-+ /*
-+ * Need to truncate digest if it is too long: first truncate whole bytes
-+ */
-+ if (8 * dgst_len > i)
-+ dgst_len = (i + 7) / 8;
-+
-+ if (!BN_bin2bn(dgst, dgst_len, m)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* If still too long truncate remaining bits with a shift */
-+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* copy the truncated bits into plain buffer */
-+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
-+ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__,
-+ __LINE__);
-+ goto err;
-+ }
-+
-+ /* check if this is prime or binary EC request */
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group))
-+ == NID_X9_62_prime_field) {
-+ ec_crv = EC_PRIME;
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GFp(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_characteristic_two_field) {
-+ ec_crv = EC_BINARY;
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else {
-+ printf("Unsupported Curve\n");
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ if (spcf_bn2bin(order, &r, &r_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ if (spcf_bn2bin(p, &q, &q_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ priv_key_len = r_len;
-+
-+ /**
-+ * If BN_num_bytes of priv_key returns less then r_len then
-+ * add padding bytes before the key
-+ */
-+ if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Generation of ECC curve parameters */
-+ ab_len = 2 * q_len;
-+ ab = eng_copy_curve_points(a, b, ab_len, q_len);
-+ if (!ab) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ if (ec_crv == EC_BINARY) {
-+ if (eng_ec_get_cparam
-+ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
-+ unsigned char *c_temp = NULL;
-+ int c_temp_len = q_len;
-+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+ memcpy(ab + q_len, c_temp, q_len);
-+ else
-+ goto err;
-+ }
-+ kop->curve_type = ECC_BINARY;
-+ }
-+
-+ /* Calculation of Generator point */
-+ g_len = 2 * q_len;
-+ g_xy = eng_copy_curve_points(x, y, g_len, q_len);
-+ if (!g_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* memory for message representative */
-+ f = malloc(r_len);
-+ if (!f) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ memset(f, 0, r_len - dgst_len);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
-+
-+ dgst_len += r_len - dgst_len;
-+
-+ kop->crk_op = CRK_DSA_SIGN;
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+ kop->crk_param[0].crp_p = f;
-+ kop->crk_param[0].crp_nbits = dgst_len * 8;
-+ kop->crk_param[1].crp_p = q;
-+ kop->crk_param[1].crp_nbits = q_len * 8;
-+ kop->crk_param[2].crp_p = r;
-+ kop->crk_param[2].crp_nbits = r_len * 8;
-+ kop->crk_param[3].crp_p = g_xy;
-+ kop->crk_param[3].crp_nbits = g_len * 8;
-+ kop->crk_param[4].crp_p = s;
-+ kop->crk_param[4].crp_nbits = priv_key_len * 8;
-+ kop->crk_param[5].crp_p = ab;
-+ kop->crk_param[5].crp_nbits = ab_len * 8;
-+ kop->crk_iparams = 6;
-+ kop->cookie = cookie;
-+
-+ if (cryptodev_asym_async(kop, r_len, sig->r, r_len, sig->s))
-+ goto err;
-+
-+ return ret;
-+ err:
-+ {
-+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+ BN_free(sig->r);
-+ BN_free(sig->s);
-+ if (kop)
-+ free(kop);
-+ sig_ret =
-+ (meth->ecdsa_do_sign) (dgst, dgst_len, in_kinv, in_r, eckey);
-+ sig->r = sig_ret->r;
-+ sig->s = sig_ret->s;
-+ cookie->pkc_callback(cookie, 0);
-+ }
-+ return ret;
-+}
-+
-+static int cryptodev_ecdsa_verify_async(const unsigned char *dgst,
-+ int dgst_len, const ECDSA_SIG *sig,
-+ EC_KEY *eckey,
-+ struct pkc_cookie_s *cookie)
-+{
-+ BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL;
-+ BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
-+ BN_CTX *ctx = NULL;
-+ ECDSA_DATA *ecdsa = NULL;
-+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy =
-+ NULL;
-+ unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
-+ int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0;
-+ int d_len = 0, ab_len = 0, ret = 1;
-+ const EC_POINT *pub_key = NULL;
-+ const BIGNUM *order = NULL;
-+ const EC_GROUP *group = NULL;
-+ ec_curve_t ec_crv = EC_PRIME;
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+
-+ if (!kop)
-+ goto err;
-+
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+ ecdsa = ecdsa_check(eckey);
-+ if (!ecdsa) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
-+ goto err;
-+ }
-+
-+ group = EC_KEY_get0_group(eckey);
-+ pub_key = EC_KEY_get0_public_key(eckey);
-+
-+ if (!group || !pub_key) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
-+ goto err;
-+ }
-+
-+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+ (y = BN_new()) == NULL || (w_x = BN_new()) == NULL ||
-+ (w_y = BN_new()) == NULL) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ order = &group->order;
-+ if (!order || BN_is_zero(order)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
-+ goto err;
-+ }
-+
-+ i = BN_num_bits(order);
-+ /*
-+ * Need to truncate digest if it is too long: first truncate whole *
-+ * bytes
-+ */
-+ if (8 * dgst_len > i)
-+ dgst_len = (i + 7) / 8;
-+
-+ if (!BN_bin2bn(dgst, dgst_len, m)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* If still too long truncate remaining bits with a shift */
-+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+ /* copy the truncated bits into plain buffer */
-+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* check if this is prime or binary EC request */
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_prime_field) {
-+ ec_crv = EC_PRIME;
-+
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GFp(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for prime curve */
-+ if (!EC_POINT_get_affine_coordinates_GFp(group,
-+ pub_key, w_x, w_y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_characteristic_two_field) {
-+ ec_crv = EC_BINARY;
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for binary curve */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ pub_key, w_x, w_y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else {
-+ printf("Unsupported Curve\n");
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* Get the order of the subgroup of private keys */
-+ if (spcf_bn2bin((BIGNUM *)order, &r, &r_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the irreducible polynomial that creates the field */
-+ if (spcf_bn2bin(p, &q, &q_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the public key into a flat buffer with appropriate padding */
-+ pub_key_len = 2 * q_len;
-+
-+ w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len);
-+ if (!w_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Generation of ECC curve parameters */
-+ ab_len = 2 * q_len;
-+
-+ ab = eng_copy_curve_points(a, b, ab_len, q_len);
-+ if (!ab) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ if (ec_crv == EC_BINARY) {
-+ /* copy b' i.e c(b), instead of only b */
-+ eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab + q_len, q_len);
-+ kop->curve_type = ECC_BINARY;
-+ }
-+
-+ /* Calculation of Generator point */
-+ g_len = 2 * q_len;
-+
-+ g_xy = eng_copy_curve_points(x, y, g_len, q_len);
-+ if (!g_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /**
-+ * Get the 1st part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ if (BN_num_bytes(sig->r) < r_len)
-+ c_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /**
-+ * Get the 2nd part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ if (BN_num_bytes(sig->s) < r_len)
-+ d_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* memory for message representative */
-+ f = malloc(r_len);
-+ if (!f) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ memset(f, 0, r_len - dgst_len);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
-+
-+ dgst_len += r_len - dgst_len;
-+
-+ kop->crk_op = CRK_DSA_VERIFY;
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+ kop->crk_param[0].crp_p = f;
-+ kop->crk_param[0].crp_nbits = dgst_len * 8;
-+ kop->crk_param[1].crp_p = q;
-+ kop->crk_param[1].crp_nbits = q_len * 8;
-+ kop->crk_param[2].crp_p = r;
-+ kop->crk_param[2].crp_nbits = r_len * 8;
-+ kop->crk_param[3].crp_p = g_xy;
-+ kop->crk_param[3].crp_nbits = g_len * 8;
-+ kop->crk_param[4].crp_p = w_xy;
-+ kop->crk_param[4].crp_nbits = pub_key_len * 8;
-+ kop->crk_param[5].crp_p = ab;
-+ kop->crk_param[5].crp_nbits = ab_len * 8;
-+ kop->crk_param[6].crp_p = c;
-+ kop->crk_param[6].crp_nbits = d_len * 8;
-+ kop->crk_param[7].crp_p = d;
-+ kop->crk_param[7].crp_nbits = d_len * 8;
-+ kop->crk_iparams = 8;
-+ kop->cookie = cookie;
-+
-+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
-+ goto err;
-+
-+ return ret;
-+ err:
-+ {
-+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+
-+ if (kop)
-+ free(kop);
-+ ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey);
-+ cookie->pkc_callback(cookie, 0);
-+ }
-+
-+ return ret;
-+}
-+
-+/* Cryptodev DH Key Gen routine */
-+static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie)
-+{
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ int ret = 1, g_len;
-+ unsigned char *g = NULL;
-+
-+ if (!kop)
-+ goto sw_try;
-+
-+ if (dh->priv_key == NULL) {
-+ if ((dh->priv_key = BN_new()) == NULL)
-+ goto sw_try;
-+ }
-+
-+ if (dh->pub_key == NULL) {
-+ if ((dh->pub_key = BN_new()) == NULL)
-+ goto sw_try;
-+ }
-+
-+ g_len = BN_num_bytes(dh->p);
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
-+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto sw_try;
- }
-
-- /* Add padding, since SEC expects hash to of size r_len */
-- memset(f, 0, r_len - dgst_len);
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+ kop->crk_op = CRK_DH_GENERATE_KEY;
-+ if (bn2crparam(dh->p, &kop->crk_param[0]))
-+ goto sw_try;
-+ if (bn2crparam(dh->q, &kop->crk_param[1]))
-+ goto sw_try;
-+ kop->crk_param[2].crp_p = g;
-+ kop->crk_param[2].crp_nbits = g_len * 8;
-+ kop->crk_iparams = 3;
-+ kop->cookie = cookie;
-
-- /* Skip leading bytes if dgst_len < r_len */
-- memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
-- dgst_len += r_len - dgst_len;
-- kop.crk_op = CRK_DSA_VERIFY;
-- /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-- kop.crk_param[0].crp_p = f;
-- kop.crk_param[0].crp_nbits = dgst_len * 8;
-- kop.crk_param[1].crp_p = q;
-- kop.crk_param[1].crp_nbits = q_len * 8;
-- kop.crk_param[2].crp_p = r;
-- kop.crk_param[2].crp_nbits = r_len * 8;
-- kop.crk_param[3].crp_p = g_xy;
-- kop.crk_param[3].crp_nbits = g_len * 8;
-- kop.crk_param[4].crp_p = w_xy;
-- kop.crk_param[4].crp_nbits = pub_key_len * 8;
-- kop.crk_param[5].crp_p = ab;
-- kop.crk_param[5].crp_nbits = ab_len * 8;
-- kop.crk_param[6].crp_p = c;
-- kop.crk_param[6].crp_nbits = d_len * 8;
-- kop.crk_param[7].crp_p = d;
-- kop.crk_param[7].crp_nbits = d_len * 8;
-- kop.crk_iparams = 8;
-+ /* pub_key is or prime length while priv key is of length of order */
-+ if (cryptodev_asym_async(kop, BN_num_bytes(dh->p), dh->pub_key,
-+ BN_num_bytes(dh->q), dh->priv_key))
-+ goto sw_try;
-
-- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-- /*
-- * OCF success value is 0, if not zero, change ret to fail
-- */
-- if (0 == kop.crk_status)
-- ret = 1;
-- } else {
-- const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+ return ret;
-+ sw_try:
-+ {
-+ const DH_METHOD *meth = DH_OpenSSL();
-
-- ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey);
-+ if (kop)
-+ free(kop);
-+ ret = (meth->generate_key) (dh);
-+ cookie->pkc_callback(cookie, 0);
- }
-- kop.crk_param[0].crp_p = NULL;
-- zapparams(&kop);
--
-- err:
- return ret;
- }
-
-@@ -2481,6 +3530,54 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- return (dhret);
- }
-
-+/* Return Length if successful and 0 on failure */
-+static int
-+cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
-+ DH *dh, struct pkc_cookie_s *cookie)
-+{
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ int ret = 1;
-+ int fd, p_len;
-+ unsigned char *padded_pub_key = NULL, *p = NULL;
-+
-+ fd = *(int *)cookie->eng_handle;
-+
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+ kop->crk_op = CRK_DH_COMPUTE_KEY;
-+ /* inputs: dh->priv_key pub_key dh->p key */
-+ spcf_bn2bin(dh->p, &p, &p_len);
-+ spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
-+
-+ if (bn2crparam(dh->priv_key, &kop->crk_param[0]))
-+ goto err;
-+ kop->crk_param[1].crp_p = padded_pub_key;
-+ kop->crk_param[1].crp_nbits = p_len * 8;
-+ kop->crk_param[2].crp_p = p;
-+ kop->crk_param[2].crp_nbits = p_len * 8;
-+ kop->crk_iparams = 3;
-+
-+ kop->cookie = cookie;
-+ kop->crk_param[3].crp_p = (void *)key;
-+ kop->crk_param[3].crp_nbits = p_len * 8;
-+ kop->crk_oparams = 1;
-+
-+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
-+ goto err;
-+
-+ return p_len;
-+ err:
-+ {
-+ const DH_METHOD *meth = DH_OpenSSL();
-+
-+ if (kop)
-+ free(kop);
-+ ret = (meth->compute_key) (key, pub_key, dh);
-+ /* Call user cookie handler */
-+ cookie->pkc_callback(cookie, 0);
-+ }
-+ return (ret);
-+}
-+
- int cryptodev_ecdh_compute_key(void *out, size_t outlen,
- const EC_POINT *pub_key, EC_KEY *ecdh,
- void *(*KDF) (const void *in, size_t inlen,
-@@ -2663,6 +3760,197 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
- return ret;
- }
-
-+int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
-+ const EC_POINT *pub_key, EC_KEY *ecdh,
-+ void *(*KDF) (const void *in,
-+ size_t inlen, void *out,
-+ size_t *outlen),
-+ struct pkc_cookie_s *cookie)
-+{
-+ ec_curve_t ec_crv = EC_PRIME;
-+ unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
-+ BIGNUM *w_x = NULL, *w_y = NULL;
-+ int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
-+ BIGNUM *p = NULL, *a = NULL, *b = NULL;
-+ BN_CTX *ctx;
-+ EC_POINT *tmp = NULL;
-+ BIGNUM *x = NULL, *y = NULL;
-+ const BIGNUM *priv_key;
-+ const EC_GROUP *group = NULL;
-+ int ret = 1;
-+ size_t buflen, len;
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+
-+ if (!(ctx = BN_CTX_new()) || !kop)
-+ goto err;
-+
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+
-+ BN_CTX_start(ctx);
-+ x = BN_CTX_get(ctx);
-+ y = BN_CTX_get(ctx);
-+ p = BN_CTX_get(ctx);
-+ a = BN_CTX_get(ctx);
-+ b = BN_CTX_get(ctx);
-+ w_x = BN_CTX_get(ctx);
-+ w_y = BN_CTX_get(ctx);
-+
-+ if (!x || !y || !p || !a || !b || !w_x || !w_y) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ priv_key = EC_KEY_get0_private_key(ecdh);
-+ if (priv_key == NULL) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE);
-+ goto err;
-+ }
-+
-+ group = EC_KEY_get0_group(ecdh);
-+ if ((tmp = EC_POINT_new(group)) == NULL) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_prime_field) {
-+ ec_crv = EC_PRIME;
-+
-+ if (!EC_POINT_get_affine_coordinates_GFp(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for prime curve */
-+ if (!EC_POINT_get_affine_coordinates_GFp
-+ (group, pub_key, w_x, w_y, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+ } else {
-+ ec_crv = EC_BINARY;
-+
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for binary curve */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ pub_key, w_x, w_y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ }
-+
-+ /* irreducible polynomial that creates the field */
-+ if (spcf_bn2bin((BIGNUM *)&group->order, &r, &r_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the irreducible polynomial that creates the field */
-+ if (spcf_bn2bin(p, &q, &q_len)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* Get the public key into a flat buffer with appropriate padding */
-+ pub_key_len = 2 * q_len;
-+ w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len);
-+ if (!w_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Generation of ECC curve parameters */
-+ ab_len = 2 * q_len;
-+ ab = eng_copy_curve_points(a, b, ab_len, q_len);
-+ if (!ab) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ if (ec_crv == EC_BINARY) {
-+ /* copy b' i.e c(b), instead of only b */
-+ if (eng_ec_get_cparam
-+ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
-+ unsigned char *c_temp = NULL;
-+ int c_temp_len = q_len;
-+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+ memcpy(ab + q_len, c_temp, q_len);
-+ else
-+ goto err;
-+ }
-+ kop->curve_type = ECC_BINARY;
-+ } else
-+ kop->curve_type = ECC_PRIME;
-+
-+ priv_key_len = r_len;
-+
-+ /*
-+ * If BN_num_bytes of priv_key returns less then r_len then
-+ * add padding bytes before the key
-+ */
-+ if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ buflen = (EC_GROUP_get_degree(group) + 7) / 8;
-+ len = BN_num_bytes(x);
-+ if (len > buflen || q_len < buflen) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
-+ goto err;
-+ }
-+
-+ kop->crk_op = CRK_DH_COMPUTE_KEY;
-+ kop->crk_param[0].crp_p = (void *)s;
-+ kop->crk_param[0].crp_nbits = priv_key_len * 8;
-+ kop->crk_param[1].crp_p = (void *)w_xy;
-+ kop->crk_param[1].crp_nbits = pub_key_len * 8;
-+ kop->crk_param[2].crp_p = (void *)q;
-+ kop->crk_param[2].crp_nbits = q_len * 8;
-+ kop->crk_param[3].crp_p = (void *)ab;
-+ kop->crk_param[3].crp_nbits = ab_len * 8;
-+ kop->crk_iparams = 4;
-+ kop->crk_param[4].crp_p = (void *)out;
-+ kop->crk_param[4].crp_nbits = q_len * 8;
-+ kop->crk_oparams = 1;
-+ kop->cookie = cookie;
-+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
-+ goto err;
-+
-+ return q_len;
-+ err:
-+ {
-+ const ECDH_METHOD *meth = ECDH_OpenSSL();
-+
-+ if (kop)
-+ free(kop);
-+ ret = (meth->compute_key) (out, outlen, pub_key, ecdh, KDF);
-+ /* Call user cookie handler */
-+ cookie->pkc_callback(cookie, 0);
-+ }
-+ return ret;
-+}
-+
- static DH_METHOD cryptodev_dh = {
- "cryptodev DH method",
- NULL, /* cryptodev_dh_generate_key */
-@@ -2670,6 +3958,8 @@ static DH_METHOD cryptodev_dh = {
- NULL,
- NULL,
- NULL,
-+ NULL,
-+ NULL,
- 0, /* flags */
- NULL /* app_data */
- };
-@@ -2678,6 +3968,7 @@ static ECDH_METHOD cryptodev_ecdh = {
- "cryptodev ECDH method",
- NULL, /* cryptodev_ecdh_compute_key */
- NULL,
-+ NULL,
- 0, /* flags */
- NULL /* app_data */
- };
-@@ -2748,10 +4039,15 @@ void ENGINE_load_cryptodev(void)
- cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
- if (cryptodev_asymfeat & CRF_MOD_EXP) {
- cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
-- if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
-+ cryptodev_rsa.bn_mod_exp_async = cryptodev_bn_mod_exp_async;
-+ if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) {
- cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_mod_exp;
-- else
-+ cryptodev_rsa.rsa_mod_exp_async = cryptodev_rsa_mod_exp_async;
-+ } else {
- cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_nocrt_mod_exp;
-+ cryptodev_rsa.rsa_mod_exp_async =
-+ cryptodev_rsa_nocrt_mod_exp_async;
-+ }
- }
- }
-
-@@ -2759,12 +4055,18 @@ void ENGINE_load_cryptodev(void)
- const DSA_METHOD *meth = DSA_OpenSSL();
-
- memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
-- if (cryptodev_asymfeat & CRF_DSA_SIGN)
-+ if (cryptodev_asymfeat & CRF_DSA_SIGN) {
- cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
-- if (cryptodev_asymfeat & CRF_DSA_VERIFY)
-+ cryptodev_dsa.dsa_do_sign_async = cryptodev_dsa_do_sign_async;
-+ }
-+ if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
- cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
-- if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY)
-+ cryptodev_dsa.dsa_do_verify_async = cryptodev_dsa_verify_async;
-+ }
-+ if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) {
- cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen;
-+ cryptodev_dsa.dsa_keygen_async = cryptodev_dsa_keygen_async;
-+ }
- }
-
- if (ENGINE_set_DH(engine, &cryptodev_dh)) {
-@@ -2772,9 +4074,12 @@ void ENGINE_load_cryptodev(void)
- memcpy(&cryptodev_dh, dh_meth, sizeof(DH_METHOD));
- if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
- cryptodev_dh.compute_key = cryptodev_dh_compute_key;
-+ cryptodev_dh.compute_key_async = cryptodev_dh_compute_key_async;
- }
- if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) {
- cryptodev_dh.generate_key = cryptodev_dh_keygen;
-+ cryptodev_dh.generate_key_async = cryptodev_dh_keygen_async;
-+
- }
- }
-
-@@ -2783,9 +4088,13 @@ void ENGINE_load_cryptodev(void)
- memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD));
- if (cryptodev_asymfeat & CRF_DSA_SIGN) {
- cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign;
-+ cryptodev_ecdsa.ecdsa_do_sign_async =
-+ cryptodev_ecdsa_do_sign_async;
- }
- if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
- cryptodev_ecdsa.ecdsa_do_verify = cryptodev_ecdsa_verify;
-+ cryptodev_ecdsa.ecdsa_do_verify_async =
-+ cryptodev_ecdsa_verify_async;
- }
- }
-
-@@ -2794,9 +4103,16 @@ void ENGINE_load_cryptodev(void)
- memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD));
- if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
- cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key;
-+ cryptodev_ecdh.compute_key_async =
-+ cryptodev_ecdh_compute_key_async;
- }
- }
-
-+ ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability);
-+ ENGINE_set_close_instance(engine, cryptodev_close_instance);
-+ ENGINE_set_init_instance(engine, cryptodev_init_instance);
-+ ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC);
-+
- ENGINE_add(engine);
- ENGINE_free(engine);
- ERR_clear_error();
-diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
-index 46f163b..b698a0c 100644
---- a/crypto/engine/eng_int.h
-+++ b/crypto/engine/eng_int.h
-@@ -198,6 +198,29 @@ struct engine_st {
- ENGINE_LOAD_KEY_PTR load_privkey;
- ENGINE_LOAD_KEY_PTR load_pubkey;
- ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
-+ /*
-+ * Instantiate Engine handle to be passed in check_pkc_availability
-+ * Ensure that Engine is instantiated before any pkc asynchronous call.
-+ */
-+ void *(*engine_init_instance)(void);
-+ /*
-+ * Instantiated Engine handle will be closed with this call.
-+ * Ensure that no pkc asynchronous call is made after this call
-+ */
-+ void (*engine_close_instance)(void *handle);
-+ /*
-+ * Check availability will extract the data from kernel.
-+ * eng_handle: This is the Engine handle corresponds to which
-+ * the cookies needs to be polled.
-+ * return 0 if cookie available else 1
-+ */
-+ int (*check_pkc_availability)(void *eng_handle);
-+ /*
-+ * The following map is used to check if the engine supports asynchronous implementation
-+ * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous
-+ * implementation need to check this features using "int ENGINE_get_async_map(engine *)";
-+ */
-+ int async_map;
- const ENGINE_CMD_DEFN *cmd_defns;
- int flags;
- /* reference count on the structure itself */
-diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
-index dc2abd2..0c57e12 100644
---- a/crypto/engine/eng_lib.c
-+++ b/crypto/engine/eng_lib.c
-@@ -100,7 +100,11 @@ void engine_set_all_null(ENGINE *e)
- e->ctrl = NULL;
- e->load_privkey = NULL;
- e->load_pubkey = NULL;
-+ e->check_pkc_availability = NULL;
-+ e->engine_init_instance = NULL;
-+ e->engine_close_instance = NULL;
- e->cmd_defns = NULL;
-+ e->async_map = 0;
- e->flags = 0;
- }
-
-@@ -246,6 +250,48 @@ int ENGINE_set_id(ENGINE *e, const char *id)
- }
- e->id = id;
- return 1;
-+ }
-+
-+void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void))
-+ {
-+ e->engine_init_instance = engine_init_instance;
-+ }
-+
-+void ENGINE_set_close_instance(ENGINE *e,
-+ void (*engine_close_instance)(void *))
-+ {
-+ e->engine_close_instance = engine_close_instance;
-+ }
-+
-+void ENGINE_set_async_map(ENGINE *e, int async_map)
-+ {
-+ e->async_map = async_map;
-+ }
-+
-+void *ENGINE_init_instance(ENGINE *e)
-+ {
-+ return e->engine_init_instance();
-+ }
-+
-+void ENGINE_close_instance(ENGINE *e, void *eng_handle)
-+ {
-+ e->engine_close_instance(eng_handle);
-+ }
-+
-+int ENGINE_get_async_map(ENGINE *e)
-+ {
-+ return e->async_map;
-+ }
-+
-+void ENGINE_set_check_pkc_availability(ENGINE *e,
-+ int (*check_pkc_availability)(void *eng_handle))
-+ {
-+ e->check_pkc_availability = check_pkc_availability;
-+ }
-+
-+int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle)
-+ {
-+ return e->check_pkc_availability(eng_handle);
- }
-
- int ENGINE_set_name(ENGINE *e, const char *name)
-diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
-index 020d912..4527aa1 100644
---- a/crypto/engine/engine.h
-+++ b/crypto/engine/engine.h
-@@ -551,6 +551,30 @@ ENGINE *ENGINE_new(void);
- int ENGINE_free(ENGINE *e);
- int ENGINE_up_ref(ENGINE *e);
- int ENGINE_set_id(ENGINE *e, const char *id);
-+void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void));
-+void ENGINE_set_close_instance(ENGINE *e,
-+ void (*engine_free_instance)(void *));
-+/*
-+ * Following FLAGS are bitmap store in async_map to set asynchronous interface capability
-+ *of the engine
-+ */
-+#define ENGINE_RSA_ASYNC 0x0001
-+#define ENGINE_DSA_ASYNC 0x0002
-+#define ENGINE_DH_ASYNC 0x0004
-+#define ENGINE_ECDSA_ASYNC 0x0008
-+#define ENGINE_ECDH_ASYNC 0x0010
-+#define ENGINE_ALLPKC_ASYNC 0x001F
-+/* Engine implementation will set the bitmap based on above flags using following API */
-+void ENGINE_set_async_map(ENGINE *e, int async_map);
-+ /* Application need to check the bitmap based on above flags using following API
-+ * to confirm asynchronous methods supported
-+ */
-+int ENGINE_get_async_map(ENGINE *e);
-+void *ENGINE_init_instance(ENGINE *e);
-+void ENGINE_close_instance(ENGINE *e, void *eng_handle);
-+void ENGINE_set_check_pkc_availability(ENGINE *e,
-+ int (*check_pkc_availability)(void *eng_handle));
-+int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle);
- int ENGINE_set_name(ENGINE *e, const char *name);
- int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
- int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
-diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
-index d2ee374..7c539fc 100644
---- a/crypto/rsa/rsa.h
-+++ b/crypto/rsa/rsa.h
-@@ -97,6 +97,29 @@ struct rsa_meth_st {
- /* Can be null */
- int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-+ /*
-+ * Cookie in the following _async variant must be allocated before
-+ * submission and can be freed once its corresponding callback
-+ * handler is called
-+ */
-+ int (*rsa_pub_enc_asyn)(int flen,const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding,
-+ struct pkc_cookie_s *cookie);
-+ int (*rsa_pub_dec_async)(int flen,const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding,
-+ struct pkc_cookie_s *cookie);
-+ int (*rsa_priv_enc_async)(int flen,const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding,
-+ struct pkc_cookie_s *cookie);
-+ int (*rsa_priv_dec_async)(int flen,const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding,
-+ struct pkc_cookie_s *cookie);
-+ int (*rsa_mod_exp_async)(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
-+ BN_CTX *ctx, struct pkc_cookie_s *cookie);
-+ int (*bn_mod_exp_async)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-+ const BIGNUM *m, BN_CTX *ctx,
-+ BN_MONT_CTX *m_ctx, struct pkc_cookie_s *cookie);
-+
- /* called at new */
- int (*init) (RSA *rsa);
- /* called at free */
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
deleted file mode 100644
index 070b93a..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
+++ /dev/null
@@ -1,155 +0,0 @@
-From 73629969c6fe54529441530674b061ce31a41d93 Mon Sep 17 00:00:00 2001
-From: Hou Zhiqiang <B48286@freescale.com>
-Date: Wed, 2 Apr 2014 16:10:43 +0800
-Subject: [PATCH 08/48] Add RSA keygen operation and support gendsa command
- with hardware engine
-
-Upstream-status: Pending
-
-Signed-off-by: Hou Zhiqiang <B48286@freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 120 ++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 120 insertions(+)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 90fe9b8..8c9ad5c 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2022,6 +2022,124 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
- }
- }
-
-+/* Cryptodev RSA Key Gen routine */
-+static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
-+{
-+ struct crypt_kop kop;
-+ int ret, fd;
-+ int p_len, q_len;
-+ int i;
-+
-+ if ((fd = get_asym_dev_crypto()) < 0)
-+ return fd;
-+
-+ if (!rsa->n && ((rsa->n = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->d && ((rsa->d = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->e && ((rsa->e = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->p && ((rsa->p = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->q && ((rsa->q = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->dmp1 && ((rsa->dmp1 = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->dmq1 && ((rsa->dmq1 = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL))
-+ goto err;
-+
-+ BN_copy(rsa->e, e);
-+
-+ p_len = (bits + 1) / (2 * 8);
-+ q_len = (bits - p_len * 8) / 8;
-+ memset(&kop, 0, sizeof kop);
-+ kop.crk_op = CRK_RSA_GENERATE_KEY;
-+
-+ /* p length */
-+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
-+ if (!kop.crk_param[kop.crk_iparams].crp_p)
-+ goto err;
-+ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
-+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
-+ kop.crk_iparams++;
-+ kop.crk_oparams++;
-+ /* q length */
-+ kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
-+ if (!kop.crk_param[kop.crk_iparams].crp_p)
-+ goto err;
-+ kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
-+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
-+ kop.crk_iparams++;
-+ kop.crk_oparams++;
-+ /* n length */
-+ kop.crk_param[kop.crk_iparams].crp_p =
-+ calloc(p_len + q_len + 1, sizeof(char));
-+ if (!kop.crk_param[kop.crk_iparams].crp_p)
-+ goto err;
-+ kop.crk_param[kop.crk_iparams].crp_nbits = bits;
-+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0x00, p_len + q_len + 1);
-+ kop.crk_iparams++;
-+ kop.crk_oparams++;
-+ /* d length */
-+ kop.crk_param[kop.crk_iparams].crp_p =
-+ calloc(p_len + q_len + 1, sizeof(char));
-+ if (!kop.crk_param[kop.crk_iparams].crp_p)
-+ goto err;
-+ kop.crk_param[kop.crk_iparams].crp_nbits = bits;
-+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + q_len + 1);
-+ kop.crk_iparams++;
-+ kop.crk_oparams++;
-+ /* dp1 length */
-+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
-+ if (!kop.crk_param[kop.crk_iparams].crp_p)
-+ goto err;
-+ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
-+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
-+ kop.crk_iparams++;
-+ kop.crk_oparams++;
-+ /* dq1 length */
-+ kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
-+ if (!kop.crk_param[kop.crk_iparams].crp_p)
-+ goto err;
-+ kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
-+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
-+ kop.crk_iparams++;
-+ kop.crk_oparams++;
-+ /* i length */
-+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
-+ if (!kop.crk_param[kop.crk_iparams].crp_p)
-+ goto err;
-+ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
-+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
-+ kop.crk_iparams++;
-+ kop.crk_oparams++;
-+
-+ if (ioctl(fd, CIOCKEY, &kop) == 0) {
-+ BN_bin2bn(kop.crk_param[0].crp_p, p_len, rsa->p);
-+ BN_bin2bn(kop.crk_param[1].crp_p, q_len, rsa->q);
-+ BN_bin2bn(kop.crk_param[2].crp_p, bits / 8, rsa->n);
-+ BN_bin2bn(kop.crk_param[3].crp_p, bits / 8, rsa->d);
-+ BN_bin2bn(kop.crk_param[4].crp_p, p_len, rsa->dmp1);
-+ BN_bin2bn(kop.crk_param[5].crp_p, q_len, rsa->dmq1);
-+ BN_bin2bn(kop.crk_param[6].crp_p, p_len, rsa->iqmp);
-+ return 1;
-+ }
-+ sw_try:
-+ {
-+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-+ ret = (meth->rsa_keygen) (rsa, bits, e, cb);
-+ }
-+ return ret;
-+
-+ err:
-+ for (i = 0; i < CRK_MAXPARAM; i++)
-+ free(kop.crk_param[i].crp_p);
-+ return 0;
-+
-+}
-+
- /* Cryptodev DSA Key Gen routine */
- static int cryptodev_dsa_keygen(DSA *dsa)
- {
-@@ -4048,6 +4166,8 @@ void ENGINE_load_cryptodev(void)
- cryptodev_rsa.rsa_mod_exp_async =
- cryptodev_rsa_nocrt_mod_exp_async;
- }
-+ if (cryptodev_asymfeat & CRF_RSA_GENERATE_KEY)
-+ cryptodev_rsa.rsa_keygen = cryptodev_rsa_keygen;
- }
- }
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch
deleted file mode 100644
index faa1690..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From b3726ca2b823fe2a4c675b750e6f96d4a03ce93c Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta@freescale.com>
-Date: Wed, 16 Apr 2014 22:53:04 +0545
-Subject: [PATCH 09/48] RSA Keygen Fix
-
-Upstream-status: Pending
-
-If Kernel driver doesn't support RSA Keygen or same returns
-error handling the keygen operation, the keygen is gracefully
-handled by software supported rsa_keygen handler
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 12 +++++++-----
- 1 file changed, 7 insertions(+), 5 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 8c9ad5c..3686c23 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2031,7 +2031,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
- int i;
-
- if ((fd = get_asym_dev_crypto()) < 0)
-- return fd;
-+ goto sw_try;
-
- if (!rsa->n && ((rsa->n = BN_new()) == NULL))
- goto err;
-@@ -2060,7 +2060,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
- /* p length */
- kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
- if (!kop.crk_param[kop.crk_iparams].crp_p)
-- goto err;
-+ goto sw_try;
- kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
- memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
- kop.crk_iparams++;
-@@ -2068,7 +2068,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
- /* q length */
- kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
- if (!kop.crk_param[kop.crk_iparams].crp_p)
-- goto err;
-+ goto sw_try;
- kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
- memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
- kop.crk_iparams++;
-@@ -2128,8 +2128,10 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
- }
- sw_try:
- {
-- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-- ret = (meth->rsa_keygen) (rsa, bits, e, cb);
-+ const RSA_METHOD *meth = rsa->meth;
-+ rsa->meth = RSA_PKCS1_SSLeay();
-+ ret = RSA_generate_key_ex(rsa, bits, e, cb);
-+ rsa->meth = meth;
- }
- return ret;
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch
deleted file mode 100644
index 22258b4..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch
+++ /dev/null
@@ -1,163 +0,0 @@
-From 1a7d37d609b5ce61d0c1454292dd4500859ed65c Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta@freescale.com>
-Date: Thu, 17 Apr 2014 06:57:59 +0545
-Subject: [PATCH 10/48] Removed local copy of curve_t type
-
-Upstream-status: Pending
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 33 ++++++++++++++-------------------
- crypto/engine/eng_cryptodev_ec.h | 7 -------
- 2 files changed, 14 insertions(+), 26 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 3686c23..afcf72b 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2517,11 +2517,6 @@ static ECDSA_METHOD cryptodev_ecdsa = {
- NULL /* app_data */
- };
-
--typedef enum ec_curve_s {
-- EC_PRIME,
-- EC_BINARY
--} ec_curve_t;
--
- /* ENGINE handler for ECDSA Sign */
- static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
- int dgst_len, const BIGNUM *in_kinv,
-@@ -2540,7 +2535,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
- const BIGNUM *order = NULL, *priv_key = NULL;
- const EC_GROUP *group = NULL;
- struct crypt_kop kop;
-- ec_curve_t ec_crv = EC_PRIME;
-+ enum ec_curve_t ec_crv = EC_PRIME;
-
- memset(&kop, 0, sizeof(kop));
- ecdsa = ecdsa_check(eckey);
-@@ -2678,7 +2673,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
- else
- goto err;
- }
-- kop.curve_type = ECC_BINARY;
-+ kop.curve_type = EC_BINARY;
- }
-
- /* Calculation of Generator point */
-@@ -2773,7 +2768,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
- const EC_POINT *pub_key = NULL;
- const BIGNUM *order = NULL;
- const EC_GROUP *group = NULL;
-- ec_curve_t ec_crv = EC_PRIME;
-+ enum ec_curve_t ec_crv = EC_PRIME;
- struct crypt_kop kop;
-
- memset(&kop, 0, sizeof kop);
-@@ -2924,7 +2919,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
- else
- goto err;
- }
-- kop.curve_type = ECC_BINARY;
-+ kop.curve_type = EC_BINARY;
- }
-
- /* Calculation of Generator point */
-@@ -3029,7 +3024,7 @@ static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst,
- const BIGNUM *order = NULL, *priv_key = NULL;
- const EC_GROUP *group = NULL;
- struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-- ec_curve_t ec_crv = EC_PRIME;
-+ enum ec_curve_t ec_crv = EC_PRIME;
-
- if (!(sig->r = BN_new()) || !kop)
- goto err;
-@@ -3170,7 +3165,7 @@ static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst,
- else
- goto err;
- }
-- kop->curve_type = ECC_BINARY;
-+ kop->curve_type = EC_BINARY;
- }
-
- /* Calculation of Generator point */
-@@ -3250,7 +3245,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst,
- const EC_POINT *pub_key = NULL;
- const BIGNUM *order = NULL;
- const EC_GROUP *group = NULL;
-- ec_curve_t ec_crv = EC_PRIME;
-+ enum ec_curve_t ec_crv = EC_PRIME;
- struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-
- if (!kop)
-@@ -3397,7 +3392,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst,
- if (ec_crv == EC_BINARY) {
- /* copy b' i.e c(b), instead of only b */
- eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab + q_len, q_len);
-- kop->curve_type = ECC_BINARY;
-+ kop->curve_type = EC_BINARY;
- }
-
- /* Calculation of Generator point */
-@@ -3703,7 +3698,7 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
- void *(*KDF) (const void *in, size_t inlen,
- void *out, size_t *outlen))
- {
-- ec_curve_t ec_crv = EC_PRIME;
-+ enum ec_curve_t ec_crv = EC_PRIME;
- unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
- BIGNUM *w_x = NULL, *w_y = NULL;
- int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
-@@ -3833,9 +3828,9 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
- else
- goto err;
- }
-- kop.curve_type = ECC_BINARY;
-+ kop.curve_type = EC_BINARY;
- } else
-- kop.curve_type = ECC_PRIME;
-+ kop.curve_type = EC_PRIME;
-
- priv_key_len = r_len;
-
-@@ -3887,7 +3882,7 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
- size_t *outlen),
- struct pkc_cookie_s *cookie)
- {
-- ec_curve_t ec_crv = EC_PRIME;
-+ enum ec_curve_t ec_crv = EC_PRIME;
- unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
- BIGNUM *w_x = NULL, *w_y = NULL;
- int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
-@@ -4018,9 +4013,9 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
- else
- goto err;
- }
-- kop->curve_type = ECC_BINARY;
-+ kop->curve_type = EC_BINARY;
- } else
-- kop->curve_type = ECC_PRIME;
-+ kop->curve_type = EC_PRIME;
-
- priv_key_len = r_len;
-
-diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h
-index af54c51..41a8702 100644
---- a/crypto/engine/eng_cryptodev_ec.h
-+++ b/crypto/engine/eng_cryptodev_ec.h
-@@ -287,11 +287,4 @@ static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y,
-
- return xy;
- }
--
--enum curve_t {
-- DISCRETE_LOG,
-- ECC_PRIME,
-- ECC_BINARY,
-- MAX_ECC_TYPE
--};
- #endif
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch
deleted file mode 100644
index d7fb223..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 82afed6364dfcced7458dbd2bda7932054078f04 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta@freescale.com>
-Date: Tue, 22 Apr 2014 22:58:33 +0545
-Subject: [PATCH 11/48] Modulus parameter is not populated by dhparams
-
-Upstream-status: Pending
-
-When dhparams are created, modulus parameter required for
-private key generation is not populated. So, falling back
-to software for proper population of modulus parameters followed
-by private key generation
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index afcf72b..2013746 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -3515,7 +3515,7 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie)
- kop->crk_op = CRK_DH_GENERATE_KEY;
- if (bn2crparam(dh->p, &kop->crk_param[0]))
- goto sw_try;
-- if (bn2crparam(dh->q, &kop->crk_param[1]))
-+ if (!dh->q || bn2crparam(dh->q, &kop->crk_param[1]))
- goto sw_try;
- kop->crk_param[2].crp_p = g;
- kop->crk_param[2].crp_nbits = g_len * 8;
-@@ -3570,7 +3570,7 @@ static int cryptodev_dh_keygen(DH *dh)
- kop.crk_op = CRK_DH_GENERATE_KEY;
- if (bn2crparam(dh->p, &kop.crk_param[0]))
- goto sw_try;
-- if (bn2crparam(dh->q, &kop.crk_param[1]))
-+ if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1]))
- goto sw_try;
- kop.crk_param[2].crp_p = g;
- kop.crk_param[2].crp_nbits = g_len * 8;
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch
deleted file mode 100644
index b665f7a..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From f7817245b35156ec2b15514c952db806140c6ebc Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta@freescale.com>
-Date: Thu, 24 Apr 2014 00:35:34 +0545
-Subject: [PATCH 12/48] SW Backoff mechanism for dsa keygen
-
-Upstream-status: Pending
-
-DSA Keygen is not handled in default openssl dsa method. Due to
-same null function pointer in SW DSA method, the backoff for dsa
-keygen gives segmentation fault.
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 12 ++++++++----
- 1 file changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 2013746..a3a97d2 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2188,8 +2188,10 @@ static int cryptodev_dsa_keygen(DSA *dsa)
- return ret;
- sw_try:
- {
-- const DSA_METHOD *meth = DSA_OpenSSL();
-- ret = (meth->dsa_keygen) (dsa);
-+ const DSA_METHOD *meth = dsa->meth;
-+ dsa->meth = DSA_OpenSSL();
-+ ret = DSA_generate_key(dsa);
-+ dsa->meth = meth;
- }
- return ret;
- }
-@@ -2243,11 +2245,13 @@ static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie)
- return ret;
- sw_try:
- {
-- const DSA_METHOD *meth = DSA_OpenSSL();
-+ const DSA_METHOD *meth = dsa->meth;
-
-+ dsa->meth = DSA_OpenSSL();
- if (kop)
- free(kop);
-- ret = (meth->dsa_keygen) (dsa);
-+ ret = DSA_generate_key(dsa);
-+ dsa->meth = meth;
- cookie->pkc_callback(cookie, 0);
- }
- return ret;
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch
deleted file mode 100644
index 4f8fd4d..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From 0075a1d36133523a40efc66d6491a4f11aca87fd Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta@freescale.com>
-Date: Thu, 1 May 2014 06:35:45 +0545
-Subject: [PATCH 13/48] Fixed DH keygen pair generator
-
-Upstream-status: Pending
-
-Wrong Padding results into keygen length error
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 50 ++++++++++++++++++++++++++++---------------
- 1 file changed, 33 insertions(+), 17 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index a3a97d2..5a9f4b7 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -3547,44 +3547,60 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie)
- static int cryptodev_dh_keygen(DH *dh)
- {
- struct crypt_kop kop;
-- int ret = 1, g_len;
-- unsigned char *g = NULL;
-+ int ret = 1, q_len = 0;
-+ unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL;
-+ BIGNUM *pub_key = NULL, *priv_key = NULL;
-+ int generate_new_key = 1;
-
-- if (dh->priv_key == NULL) {
-- if ((dh->priv_key = BN_new()) == NULL)
-- goto sw_try;
-- }
-+ if (dh->priv_key)
-+ priv_key = dh->priv_key;
-
-- if (dh->pub_key == NULL) {
-- if ((dh->pub_key = BN_new()) == NULL)
-- goto sw_try;
-- }
-+ if (dh->pub_key)
-+ pub_key = dh->pub_key;
-
-- g_len = BN_num_bytes(dh->p);
-+ q_len = BN_num_bytes(dh->p);
- /**
- * Get generator into a plain buffer. If length is less than
- * q_len then add leading padding bytes.
- */
-- if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
-+ if (spcf_bn2bin_ex(dh->g, &g, &q_len)) {
-+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto sw_try;
-+ }
-+
-+ if (spcf_bn2bin_ex(dh->p, &q, &q_len)) {
- DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
- goto sw_try;
- }
-
- memset(&kop, 0, sizeof kop);
- kop.crk_op = CRK_DH_GENERATE_KEY;
-- if (bn2crparam(dh->p, &kop.crk_param[0]))
-- goto sw_try;
-+ kop.crk_param[0].crp_p = q;
-+ kop.crk_param[0].crp_nbits = q_len * 8;
- if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1]))
- goto sw_try;
- kop.crk_param[2].crp_p = g;
-- kop.crk_param[2].crp_nbits = g_len * 8;
-+ kop.crk_param[2].crp_nbits = q_len * 8;
- kop.crk_iparams = 3;
-
-+ s = OPENSSL_malloc(q_len);
-+ if (!s) {
-+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto sw_try;
-+ }
-+
-+ w = OPENSSL_malloc(q_len);
-+ if (!w) {
-+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto sw_try;
-+ }
-+
- /* pub_key is or prime length while priv key is of length of order */
-- if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
-- BN_num_bytes(dh->q), dh->priv_key))
-+ if (cryptodev_asym(&kop, q_len, w, q_len, s))
- goto sw_try;
-
-+ dh->pub_key = BN_bin2bn(w, q_len, pub_key);
-+ dh->pub_key = BN_bin2bn(s, q_len, priv_key);
- return ret;
- sw_try:
- {
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
deleted file mode 100644
index 898499b..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
+++ /dev/null
@@ -1,321 +0,0 @@
-From fcbd6199deb715b117153b7df00cdd4cdec44d79 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@freescale.com>
-Date: Mon, 16 Jun 2014 14:06:21 +0300
-Subject: [PATCH 14/48] cryptodev: add support for aes-gcm algorithm offloading
-
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- apps/speed.c | 6 +-
- crypto/engine/eng_cryptodev.c | 236 +++++++++++++++++++++++++++++++++++++++++-
- 2 files changed, 240 insertions(+), 2 deletions(-)
-
-diff --git a/apps/speed.c b/apps/speed.c
-index b862868..fd2a2a5 100644
---- a/apps/speed.c
-+++ b/apps/speed.c
-@@ -226,7 +226,11 @@
- # endif
-
- # undef BUFSIZE
--# define BUFSIZE ((long)1024*8+1)
-+/* The buffer overhead allows GCM tag at the end of the encrypted data. This
-+ avoids buffer overflows from cryptodev since Linux kernel GCM
-+ implementation allways adds the tag - unlike e_aes.c:aes_gcm_cipher()
-+ which doesn't */
-+#define BUFSIZE ((long)1024*8 + EVP_GCM_TLS_TAG_LEN)
- static volatile int run = 0;
-
- static int mr = 0;
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 5a9f4b7..1754917 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2,6 +2,7 @@
- * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
- * Copyright (c) 2002 Theo de Raadt
- * Copyright (c) 2002 Markus Friedl
-+ * Copyright (c) 2013-2014 Freescale Semiconductor, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
-@@ -78,8 +79,10 @@ struct dev_crypto_state {
- struct session_op d_sess;
- int d_fd;
- unsigned char *aad;
-- unsigned int aad_len;
-+ int aad_len;
- unsigned int len;
-+ unsigned char *iv;
-+ int ivlen;
- # ifdef USE_CRYPTODEV_DIGESTS
- char dummy_mac_key[HASH_MAX_LEN];
- unsigned char digest_res[HASH_MAX_LEN];
-@@ -288,6 +291,9 @@ static struct {
- CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20
- },
- {
-+ CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0
-+ },
-+ {
- 0, NID_undef, 0, 0, 0
- },
- };
-@@ -326,6 +332,22 @@ static struct {
- };
- # endif
-
-+/* increment counter (64-bit int) by 1 */
-+static void ctr64_inc(unsigned char *counter)
-+{
-+ int n = 8;
-+ unsigned char c;
-+
-+ do {
-+ --n;
-+ c = counter[n];
-+ ++c;
-+ counter[n] = c;
-+ if (c)
-+ return;
-+ } while (n);
-+}
-+
- /*
- * Return a fd if /dev/crypto seems usable, 0 otherwise.
- */
-@@ -808,6 +830,199 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
- }
- }
-
-+static int cryptodev_init_gcm_key(EVP_CIPHER_CTX *ctx,
-+ const unsigned char *key,
-+ const unsigned char *iv, int enc)
-+{
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ struct session_op *sess = &state->d_sess;
-+ int cipher = -1, i;
-+ if (!iv && !key)
-+ return 1;
-+
-+ if (iv)
-+ memcpy(ctx->iv, iv, ctx->cipher->iv_len);
-+
-+ for (i = 0; ciphers[i].id; i++)
-+ if (ctx->cipher->nid == ciphers[i].nid &&
-+ ctx->cipher->iv_len <= ciphers[i].ivmax &&
-+ ctx->key_len == ciphers[i].keylen) {
-+ cipher = ciphers[i].id;
-+ break;
-+ }
-+
-+ if (!ciphers[i].id) {
-+ state->d_fd = -1;
-+ return 0;
-+ }
-+
-+ memset(sess, 0, sizeof(struct session_op));
-+
-+ if ((state->d_fd = get_dev_crypto()) < 0)
-+ return 0;
-+
-+ sess->key = (unsigned char *)key;
-+ sess->keylen = ctx->key_len;
-+ sess->cipher = cipher;
-+
-+ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
-+ put_dev_crypto(state->d_fd);
-+ state->d_fd = -1;
-+ return 0;
-+ }
-+ return 1;
-+}
-+
-+static int cryptodev_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t len)
-+{
-+ struct crypt_auth_op cryp = { 0 };
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ struct session_op *sess = &state->d_sess;
-+ int rv = len;
-+
-+ if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ?
-+ EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
-+ EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
-+ return 0;
-+
-+ in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-+ out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-+ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
-+
-+ if (ctx->encrypt) {
-+ len -= EVP_GCM_TLS_TAG_LEN;
-+ }
-+ cryp.ses = sess->ses;
-+ cryp.len = len;
-+ cryp.src = (unsigned char *)in;
-+ cryp.dst = out;
-+ cryp.auth_src = state->aad;
-+ cryp.auth_len = state->aad_len;
-+ cryp.iv = ctx->iv;
-+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-+
-+ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
-+ return 0;
-+ }
-+
-+ if (ctx->encrypt)
-+ ctr64_inc(state->iv + state->ivlen - 8);
-+ else
-+ rv = len - EVP_GCM_TLS_TAG_LEN;
-+
-+ return rv;
-+}
-+
-+static int cryptodev_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t len)
-+{
-+ struct crypt_auth_op cryp;
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ struct session_op *sess = &state->d_sess;
-+
-+ if (state->d_fd < 0)
-+ return 0;
-+
-+ if ((len % ctx->cipher->block_size) != 0)
-+ return 0;
-+
-+ if (state->aad_len >= 0)
-+ return cryptodev_gcm_tls_cipher(ctx, out, in, len);
-+
-+ memset(&cryp, 0, sizeof(cryp));
-+
-+ cryp.ses = sess->ses;
-+ cryp.len = len;
-+ cryp.src = (unsigned char *)in;
-+ cryp.dst = out;
-+ cryp.auth_src = NULL;
-+ cryp.auth_len = 0;
-+ cryp.iv = ctx->iv;
-+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-+
-+ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
-+ return 0;
-+ }
-+
-+ return len;
-+}
-+
-+static int cryptodev_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
-+ void *ptr)
-+{
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ switch (type) {
-+ case EVP_CTRL_INIT:
-+ {
-+ state->ivlen = ctx->cipher->iv_len;
-+ state->iv = ctx->iv;
-+ state->aad_len = -1;
-+ return 1;
-+ }
-+ case EVP_CTRL_GCM_SET_IV_FIXED:
-+ {
-+ /* Special case: -1 length restores whole IV */
-+ if (arg == -1) {
-+ memcpy(state->iv, ptr, state->ivlen);
-+ return 1;
-+ }
-+ /*
-+ * Fixed field must be at least 4 bytes and invocation field at
-+ * least 8.
-+ */
-+ if ((arg < 4) || (state->ivlen - arg) < 8)
-+ return 0;
-+ if (arg)
-+ memcpy(state->iv, ptr, arg);
-+ if (ctx->encrypt &&
-+ RAND_bytes(state->iv + arg, state->ivlen - arg) <= 0)
-+ return 0;
-+ return 1;
-+ }
-+ case EVP_CTRL_AEAD_TLS1_AAD:
-+ {
-+ unsigned int len;
-+ if (arg != 13)
-+ return 0;
-+
-+ memcpy(ctx->buf, ptr, arg);
-+ len = ctx->buf[arg - 2] << 8 | ctx->buf[arg - 1];
-+
-+ /* Correct length for explicit IV */
-+ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
-+
-+ /* If decrypting correct for tag too */
-+ if (!ctx->encrypt)
-+ len -= EVP_GCM_TLS_TAG_LEN;
-+
-+ ctx->buf[arg - 2] = len >> 8;
-+ ctx->buf[arg - 1] = len & 0xff;
-+
-+ state->aad = ctx->buf;
-+ state->aad_len = arg;
-+ state->len = len;
-+
-+ /* Extra padding: tag appended to record */
-+ return EVP_GCM_TLS_TAG_LEN;
-+ }
-+ case EVP_CTRL_GCM_SET_IV_INV:
-+ {
-+ if (ctx->encrypt)
-+ return 0;
-+ memcpy(state->iv + state->ivlen - arg, ptr, arg);
-+ return 1;
-+ }
-+ case EVP_CTRL_GCM_IV_GEN:
-+ if (arg <= 0 || arg > state->ivlen)
-+ arg = state->ivlen;
-+ memcpy(ptr, state->iv + state->ivlen - arg, arg);
-+ return 1;
-+ default:
-+ return -1;
-+ }
-+}
-+
- /*
- * libcrypto EVP stuff - this is how we get wired to EVP so the engine
- * gets called when libcrypto requests a cipher NID.
-@@ -948,6 +1163,22 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
- NULL
- };
-
-+const EVP_CIPHER cryptodev_aes_128_gcm = {
-+ NID_aes_128_gcm,
-+ 1, 16, 12,
-+ EVP_CIPH_GCM_MODE | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1
-+ | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER
-+ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT,
-+ cryptodev_init_gcm_key,
-+ cryptodev_gcm_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_gcm_ctrl,
-+ NULL
-+};
-+
- # ifdef CRYPTO_AES_CTR
- const EVP_CIPHER cryptodev_aes_ctr = {
- NID_aes_128_ctr,
-@@ -1042,6 +1273,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- case NID_aes_256_cbc_hmac_sha1:
- *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
- break;
-+ case NID_aes_128_gcm:
-+ *cipher = &cryptodev_aes_128_gcm;
-+ break;
- default:
- *cipher = NULL;
- break;
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
deleted file mode 100644
index c1201f2..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
+++ /dev/null
@@ -1,199 +0,0 @@
-From 6094ec91a5b8dde4bc3a7928b7cb6c81cac8a169 Mon Sep 17 00:00:00 2001
-From: Tudor Ambarus <tudor.ambarus@freescale.com>
-Date: Fri, 9 May 2014 17:54:06 +0300
-Subject: [PATCH 15/48] eng_cryptodev: extend TLS offload with
- 3des_cbc_hmac_sha1
-
-Both obj_mac.h and obj_dat.h were generated using the scripts
-from crypto/objects:
-
-$ cd crypto/objects
-$ perl objects.pl objects.txt obj_mac.num obj_mac.h
-$ perl obj_dat.pl obj_mac.h obj_dat.h
-
-Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 26 ++++++++++++++++++++++++++
- crypto/objects/obj_dat.h | 10 +++++++---
- crypto/objects/obj_mac.h | 4 ++++
- crypto/objects/obj_mac.num | 1 +
- crypto/objects/objects.txt | 1 +
- ssl/ssl_ciph.c | 4 ++++
- 6 files changed, 43 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 1754917..ae644b9 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -133,6 +133,7 @@ static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
- static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
- void (*f) (void));
- void ENGINE_load_cryptodev(void);
-+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
-
-@@ -285,6 +286,9 @@ static struct {
- CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0
- },
- {
-+ CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20
-+ },
-+ {
- CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20
- },
- {
-@@ -520,6 +524,9 @@ static int cryptodev_usable_ciphers(const int **nids)
- case NID_aes_256_cbc_hmac_sha1:
- EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
- break;
-+ case NID_des_ede3_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
-+ break;
- }
- }
- return count;
-@@ -624,6 +631,7 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- switch (ctx->cipher->nid) {
- case NID_aes_128_cbc_hmac_sha1:
- case NID_aes_256_cbc_hmac_sha1:
-+ case NID_des_ede3_cbc_hmac_sha1:
- cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
- }
- cryp.ses = sess->ses;
-@@ -814,6 +822,7 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
- switch (ctx->cipher->nid) {
- case NID_aes_128_cbc_hmac_sha1:
- case NID_aes_256_cbc_hmac_sha1:
-+ case NID_des_ede3_cbc_hmac_sha1:
- maclen = SHA_DIGEST_LENGTH;
- }
-
-@@ -1135,6 +1144,20 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
- NULL
- };
-
-+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1 = {
-+ NID_des_ede3_cbc_hmac_sha1,
-+ 8, 24, 8,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
- const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
- NID_aes_128_cbc_hmac_sha1,
- 16, 16, 16,
-@@ -1256,6 +1279,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- case NID_aes_256_cbc:
- *cipher = &cryptodev_aes_256_cbc;
- break;
-+ case NID_des_ede3_cbc_hmac_sha1:
-+ *cipher = &cryptodev_3des_cbc_hmac_sha1;
-+ break;
- # ifdef CRYPTO_AES_CTR
- case NID_aes_128_ctr:
- *cipher = &cryptodev_aes_ctr;
-diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
-index b7e3cf2..35d1abc 100644
---- a/crypto/objects/obj_dat.h
-+++ b/crypto/objects/obj_dat.h
-@@ -62,9 +62,9 @@
- * [including the GNU Public Licence.]
- */
-
--#define NUM_NID 958
--#define NUM_SN 951
--#define NUM_LN 951
-+#define NUM_NID 959
-+#define NUM_SN 952
-+#define NUM_LN 952
- #define NUM_OBJ 890
-
- static const unsigned char lvalues[6255]={
-@@ -2514,6 +2514,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
- NID_jurisdictionStateOrProvinceName,11,&(lvalues[6232]),0},
- {"jurisdictionC","jurisdictionCountryName",
- NID_jurisdictionCountryName,11,&(lvalues[6243]),0},
-+{"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
-+ NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
- };
-
- static const unsigned int sn_objs[NUM_SN]={
-@@ -2592,6 +2594,7 @@ static const unsigned int sn_objs[NUM_SN]={
- 62, /* "DES-EDE-OFB" */
- 33, /* "DES-EDE3" */
- 44, /* "DES-EDE3-CBC" */
-+958, /* "DES-EDE3-CBC-HMAC-SHA1" */
- 61, /* "DES-EDE3-CFB" */
- 658, /* "DES-EDE3-CFB1" */
- 659, /* "DES-EDE3-CFB8" */
-@@ -3760,6 +3763,7 @@ static const unsigned int ln_objs[NUM_LN]={
- 62, /* "des-ede-ofb" */
- 33, /* "des-ede3" */
- 44, /* "des-ede3-cbc" */
-+958, /* "des-ede3-cbc-hmac-sha1" */
- 61, /* "des-ede3-cfb" */
- 658, /* "des-ede3-cfb1" */
- 659, /* "des-ede3-cfb8" */
-diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
-index 779c309..cb318bc 100644
---- a/crypto/objects/obj_mac.h
-+++ b/crypto/objects/obj_mac.h
-@@ -4047,6 +4047,10 @@
- #define LN_aes_256_cbc_hmac_sha256 "aes-256-cbc-hmac-sha256"
- #define NID_aes_256_cbc_hmac_sha256 950
-
-+#define SN_des_ede3_cbc_hmac_sha1 "DES-EDE3-CBC-HMAC-SHA1"
-+#define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1"
-+#define NID_des_ede3_cbc_hmac_sha1 958
-+
- #define SN_dhpublicnumber "dhpublicnumber"
- #define LN_dhpublicnumber "X9.42 DH"
- #define NID_dhpublicnumber 920
-diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
-index 8e5ea83..02d1bb8 100644
---- a/crypto/objects/obj_mac.num
-+++ b/crypto/objects/obj_mac.num
-@@ -955,3 +955,4 @@ ct_cert_scts 954
- jurisdictionLocalityName 955
- jurisdictionStateOrProvinceName 956
- jurisdictionCountryName 957
-+des_ede3_cbc_hmac_sha1 958
-diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
-index b57aabb..4e1ff18 100644
---- a/crypto/objects/objects.txt
-+++ b/crypto/objects/objects.txt
-@@ -1294,6 +1294,7 @@ kisa 1 6 : SEED-OFB : seed-ofb
- : AES-128-CBC-HMAC-SHA256 : aes-128-cbc-hmac-sha256
- : AES-192-CBC-HMAC-SHA256 : aes-192-cbc-hmac-sha256
- : AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256
-+ : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1
-
- ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
-
-diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index 2ad8f43..fdf6be9 100644
---- a/ssl/ssl_ciph.c
-+++ b/ssl/ssl_ciph.c
-@@ -668,6 +668,10 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
- c->algorithm_mac == SSL_SHA256 &&
- (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
- *enc = evp, *md = NULL;
-+ else if (c->algorithm_enc == SSL_3DES &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
- return (1);
- } else
- return (0);
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
deleted file mode 100644
index d6b72b5..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
+++ /dev/null
@@ -1,338 +0,0 @@
-From 4a229203e276283cb894b08b2607204a647d7594 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Fri, 22 Jan 2016 11:58:34 +0200
-Subject: [PATCH 16/48] eng_cryptodev: add support for TLSv1.1 record offload
-
-Supported cipher suites:
-- 3des-ede-cbc-sha
-- aes-128-cbc-hmac-sha
-- aes-256-cbc-hmac-sha
-
-Requires TLS patches on cryptodev and TLS algorithm support in Linux
-kernel driver.
-
-Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 96 ++++++++++++++++++++++++++++++++++++++++++-
- crypto/objects/obj_dat.h | 18 ++++++--
- crypto/objects/obj_mac.h | 12 ++++++
- crypto/objects/obj_mac.num | 3 ++
- crypto/objects/objects.txt | 3 ++
- ssl/ssl_ciph.c | 28 ++++++++++---
- 6 files changed, 151 insertions(+), 9 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index ae644b9..80b20e5 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -67,6 +67,7 @@ void ENGINE_load_cryptodev(void)
- # include <sys/ioctl.h>
- # include <errno.h>
- # include <stdio.h>
-+# include <stdbool.h>
- # include <unistd.h>
- # include <fcntl.h>
- # include <stdarg.h>
-@@ -136,6 +137,9 @@ void ENGINE_load_cryptodev(void);
- const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
-
- inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
- {
-@@ -295,6 +299,18 @@ static struct {
- CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20
- },
- {
-+ CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8,
-+ 24, 20
-+ },
-+ {
-+ CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16,
-+ 20
-+ },
-+ {
-+ CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32,
-+ 20
-+ },
-+ {
- CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0
- },
- {
-@@ -527,6 +543,15 @@ static int cryptodev_usable_ciphers(const int **nids)
- case NID_des_ede3_cbc_hmac_sha1:
- EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
- break;
-+ case NID_tls11_des_ede3_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_tls11_3des_cbc_hmac_sha1);
-+ break;
-+ case NID_tls11_aes_128_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_tls11_aes_128_cbc_hmac_sha1);
-+ break;
-+ case NID_tls11_aes_256_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
-+ break;
- }
- }
- return count;
-@@ -632,6 +657,9 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- case NID_aes_128_cbc_hmac_sha1:
- case NID_aes_256_cbc_hmac_sha1:
- case NID_des_ede3_cbc_hmac_sha1:
-+ case NID_tls11_des_ede3_cbc_hmac_sha1:
-+ case NID_tls11_aes_128_cbc_hmac_sha1:
-+ case NID_tls11_aes_256_cbc_hmac_sha1:
- cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
- }
- cryp.ses = sess->ses;
-@@ -811,8 +839,9 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
- struct dev_crypto_state *state = ctx->cipher_data;
- unsigned char *p = ptr;
- unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
-- unsigned int maclen, padlen;
-+ unsigned int maclen, padlen, len;
- unsigned int bs = ctx->cipher->block_size;
-+ bool aad_needs_fix = false;
-
- state->aad = ptr;
- state->aad_len = arg;
-@@ -824,6 +853,20 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
- case NID_aes_256_cbc_hmac_sha1:
- case NID_des_ede3_cbc_hmac_sha1:
- maclen = SHA_DIGEST_LENGTH;
-+ break;
-+ case NID_tls11_des_ede3_cbc_hmac_sha1:
-+ case NID_tls11_aes_128_cbc_hmac_sha1:
-+ case NID_tls11_aes_256_cbc_hmac_sha1:
-+ maclen = SHA_DIGEST_LENGTH;
-+ aad_needs_fix = true;
-+ break;
-+ }
-+
-+ /* Correct length for AAD Length field */
-+ if (ctx->encrypt && aad_needs_fix) {
-+ len = cryptlen - bs;
-+ p[arg - 2] = len >> 8;
-+ p[arg - 1] = len & 0xff;
- }
-
- /* space required for encryption (not only TLS padding) */
-@@ -1186,6 +1229,48 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
- NULL
- };
-
-+const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1 = {
-+ NID_tls11_des_ede3_cbc_hmac_sha1,
-+ 8, 24, 8,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1 = {
-+ NID_tls11_aes_128_cbc_hmac_sha1,
-+ 16, 16, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
-+ NID_tls11_aes_256_cbc_hmac_sha1,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
- const EVP_CIPHER cryptodev_aes_128_gcm = {
- NID_aes_128_gcm,
- 1, 16, 12,
-@@ -1299,6 +1384,15 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- case NID_aes_256_cbc_hmac_sha1:
- *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
- break;
-+ case NID_tls11_des_ede3_cbc_hmac_sha1:
-+ *cipher = &cryptodev_tls11_3des_cbc_hmac_sha1;
-+ break;
-+ case NID_tls11_aes_128_cbc_hmac_sha1:
-+ *cipher = &cryptodev_tls11_aes_128_cbc_hmac_sha1;
-+ break;
-+ case NID_tls11_aes_256_cbc_hmac_sha1:
-+ *cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1;
-+ break;
- case NID_aes_128_gcm:
- *cipher = &cryptodev_aes_128_gcm;
- break;
-diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
-index 35d1abc..4dd32a1 100644
---- a/crypto/objects/obj_dat.h
-+++ b/crypto/objects/obj_dat.h
-@@ -62,9 +62,9 @@
- * [including the GNU Public Licence.]
- */
-
--#define NUM_NID 959
--#define NUM_SN 952
--#define NUM_LN 952
-+#define NUM_NID 962
-+#define NUM_SN 955
-+#define NUM_LN 955
- #define NUM_OBJ 890
-
- static const unsigned char lvalues[6255]={
-@@ -2516,6 +2516,12 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
- NID_jurisdictionCountryName,11,&(lvalues[6243]),0},
- {"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
- NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
-+{"TLS11-DES-EDE3-CBC-HMAC-SHA1","tls11-des-ede3-cbc-hmac-sha1",
-+ NID_tls11_des_ede3_cbc_hmac_sha1,0,NULL,0},
-+{"TLS11-AES-128-CBC-HMAC-SHA1","tls11-aes-128-cbc-hmac-sha1",
-+ NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
-+{"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
-+ NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
- };
-
- static const unsigned int sn_objs[NUM_SN]={
-@@ -2705,6 +2711,9 @@ static const unsigned int sn_objs[NUM_SN]={
- 100, /* "SN" */
- 16, /* "ST" */
- 143, /* "SXNetID" */
-+960, /* "TLS11-AES-128-CBC-HMAC-SHA1" */
-+961, /* "TLS11-AES-256-CBC-HMAC-SHA1" */
-+959, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
- 458, /* "UID" */
- 0, /* "UNDEF" */
- 11, /* "X500" */
-@@ -4396,6 +4405,9 @@ static const unsigned int ln_objs[NUM_LN]={
- 459, /* "textEncodedORAddress" */
- 293, /* "textNotice" */
- 106, /* "title" */
-+960, /* "tls11-aes-128-cbc-hmac-sha1" */
-+961, /* "tls11-aes-256-cbc-hmac-sha1" */
-+959, /* "tls11-des-ede3-cbc-hmac-sha1" */
- 682, /* "tpBasis" */
- 436, /* "ucl" */
- 0, /* "undefined" */
-diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
-index cb318bc..5930563 100644
---- a/crypto/objects/obj_mac.h
-+++ b/crypto/objects/obj_mac.h
-@@ -4051,6 +4051,18 @@
- #define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1"
- #define NID_des_ede3_cbc_hmac_sha1 958
-
-+#define SN_tls11_des_ede3_cbc_hmac_sha1 "TLS11-DES-EDE3-CBC-HMAC-SHA1"
-+#define LN_tls11_des_ede3_cbc_hmac_sha1 "tls11-des-ede3-cbc-hmac-sha1"
-+#define NID_tls11_des_ede3_cbc_hmac_sha1 959
-+
-+#define SN_tls11_aes_128_cbc_hmac_sha1 "TLS11-AES-128-CBC-HMAC-SHA1"
-+#define LN_tls11_aes_128_cbc_hmac_sha1 "tls11-aes-128-cbc-hmac-sha1"
-+#define NID_tls11_aes_128_cbc_hmac_sha1 960
-+
-+#define SN_tls11_aes_256_cbc_hmac_sha1 "TLS11-AES-256-CBC-HMAC-SHA1"
-+#define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1"
-+#define NID_tls11_aes_256_cbc_hmac_sha1 961
-+
- #define SN_dhpublicnumber "dhpublicnumber"
- #define LN_dhpublicnumber "X9.42 DH"
- #define NID_dhpublicnumber 920
-diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
-index 02d1bb8..02f1728 100644
---- a/crypto/objects/obj_mac.num
-+++ b/crypto/objects/obj_mac.num
-@@ -956,3 +956,6 @@ jurisdictionLocalityName 955
- jurisdictionStateOrProvinceName 956
- jurisdictionCountryName 957
- des_ede3_cbc_hmac_sha1 958
-+tls11_des_ede3_cbc_hmac_sha1 959
-+tls11_aes_128_cbc_hmac_sha1 960
-+tls11_aes_256_cbc_hmac_sha1 961
-diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
-index 4e1ff18..cda81da 100644
---- a/crypto/objects/objects.txt
-+++ b/crypto/objects/objects.txt
-@@ -1295,6 +1295,9 @@ kisa 1 6 : SEED-OFB : seed-ofb
- : AES-192-CBC-HMAC-SHA256 : aes-192-cbc-hmac-sha256
- : AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256
- : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1
-+ : TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1
-+ : TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1
-+ : TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1
-
- ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
-
-diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index fdf6be9..b4af7dc 100644
---- a/ssl/ssl_ciph.c
-+++ b/ssl/ssl_ciph.c
-@@ -652,11 +652,13 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
- c->algorithm_mac == SSL_MD5 &&
- (evp = EVP_get_cipherbyname("RC4-HMAC-MD5")))
- *enc = evp, *md = NULL;
-- else if (c->algorithm_enc == SSL_AES128 &&
-+ else if (s->ssl_version == TLS1_VERSION &&
-+ c->algorithm_enc == SSL_AES128 &&
- c->algorithm_mac == SSL_SHA1 &&
- (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
- *enc = evp, *md = NULL;
-- else if (c->algorithm_enc == SSL_AES256 &&
-+ else if (s->ssl_version == TLS1_VERSION &&
-+ c->algorithm_enc == SSL_AES256 &&
- c->algorithm_mac == SSL_SHA1 &&
- (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
- *enc = evp, *md = NULL;
-@@ -668,9 +670,25 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
- c->algorithm_mac == SSL_SHA256 &&
- (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
- *enc = evp, *md = NULL;
-- else if (c->algorithm_enc == SSL_3DES &&
-- c->algorithm_mac == SSL_SHA1 &&
-- (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
-+ else if (s->ssl_version == TLS1_VERSION &&
-+ c->algorithm_enc == SSL_3DES &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_1_VERSION &&
-+ c->algorithm_enc == SSL_3DES &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp = EVP_get_cipherbyname("TLS11-DES-EDE3-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_1_VERSION &&
-+ c->algorithm_enc == SSL_AES128 &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp = EVP_get_cipherbyname("TLS11-AES-128-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_1_VERSION &&
-+ c->algorithm_enc == SSL_AES256 &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp = EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
- *enc = evp, *md = NULL;
- return (1);
- } else
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
deleted file mode 100644
index 3034894..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
+++ /dev/null
@@ -1,377 +0,0 @@
-From 0103fb8e6fc412462968224ec9315609c54eccc1 Mon Sep 17 00:00:00 2001
-From: Tudor Ambarus <tudor.ambarus@freescale.com>
-Date: Tue, 31 Mar 2015 16:32:35 +0300
-Subject: [PATCH 17/48] eng_cryptodev: add support for TLSv1.2 record offload
-
-Supported cipher suites:
-- 3des-ede-cbc-sha
-- aes-128-cbc-hmac-sha
-- aes-256-cbc-hmac-sha
-- aes-128-cbc-hmac-sha256
-- aes-256-cbc-hmac-sha256
-
-Requires TLS patches on cryptodev and TLS algorithm support in Linux
-kernel driver.
-
-Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 138 ++++++++++++++++++++++++++++++++++++++++++
- crypto/objects/obj_dat.h | 26 +++++++-
- crypto/objects/obj_mac.h | 20 ++++++
- crypto/objects/obj_mac.num | 5 ++
- crypto/objects/objects.txt | 5 ++
- ssl/ssl_ciph.c | 25 ++++++++
- 6 files changed, 216 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 80b20e5..455868e 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -140,6 +140,11 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256;
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256;
-
- inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
- {
-@@ -311,6 +316,26 @@ static struct {
- 20
- },
- {
-+ CRYPTO_TLS12_3DES_CBC_HMAC_SHA1, NID_tls12_des_ede3_cbc_hmac_sha1, 8,
-+ 24, 20
-+ },
-+ {
-+ CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_128_cbc_hmac_sha1, 16, 16,
-+ 20
-+ },
-+ {
-+ CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_256_cbc_hmac_sha1, 16, 32,
-+ 20
-+ },
-+ {
-+ CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_128_cbc_hmac_sha256, 16,
-+ 16, 32
-+ },
-+ {
-+ CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_256_cbc_hmac_sha256, 16,
-+ 32, 32
-+ },
-+ {
- CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0
- },
- {
-@@ -552,6 +577,21 @@ static int cryptodev_usable_ciphers(const int **nids)
- case NID_tls11_aes_256_cbc_hmac_sha1:
- EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
- break;
-+ case NID_tls12_des_ede3_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_tls12_3des_cbc_hmac_sha1);
-+ break;
-+ case NID_tls12_aes_128_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha1);
-+ break;
-+ case NID_tls12_aes_256_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha1);
-+ break;
-+ case NID_tls12_aes_128_cbc_hmac_sha256:
-+ EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha256);
-+ break;
-+ case NID_tls12_aes_256_cbc_hmac_sha256:
-+ EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha256);
-+ break;
- }
- }
- return count;
-@@ -660,6 +700,11 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- case NID_tls11_des_ede3_cbc_hmac_sha1:
- case NID_tls11_aes_128_cbc_hmac_sha1:
- case NID_tls11_aes_256_cbc_hmac_sha1:
-+ case NID_tls12_des_ede3_cbc_hmac_sha1:
-+ case NID_tls12_aes_128_cbc_hmac_sha1:
-+ case NID_tls12_aes_256_cbc_hmac_sha1:
-+ case NID_tls12_aes_128_cbc_hmac_sha256:
-+ case NID_tls12_aes_256_cbc_hmac_sha256:
- cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
- }
- cryp.ses = sess->ses;
-@@ -857,9 +902,17 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
- case NID_tls11_des_ede3_cbc_hmac_sha1:
- case NID_tls11_aes_128_cbc_hmac_sha1:
- case NID_tls11_aes_256_cbc_hmac_sha1:
-+ case NID_tls12_des_ede3_cbc_hmac_sha1:
-+ case NID_tls12_aes_128_cbc_hmac_sha1:
-+ case NID_tls12_aes_256_cbc_hmac_sha1:
- maclen = SHA_DIGEST_LENGTH;
- aad_needs_fix = true;
- break;
-+ case NID_tls12_aes_128_cbc_hmac_sha256:
-+ case NID_tls12_aes_256_cbc_hmac_sha256:
-+ maclen = SHA256_DIGEST_LENGTH;
-+ aad_needs_fix = true;
-+ break;
- }
-
- /* Correct length for AAD Length field */
-@@ -1271,6 +1324,76 @@ const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
- NULL
- };
-
-+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1 = {
-+ NID_tls12_des_ede3_cbc_hmac_sha1,
-+ 8, 24, 8,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1 = {
-+ NID_tls12_aes_128_cbc_hmac_sha1,
-+ 16, 16, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1 = {
-+ NID_tls12_aes_256_cbc_hmac_sha1,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256 = {
-+ NID_tls12_aes_128_cbc_hmac_sha256,
-+ 16, 16, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256 = {
-+ NID_tls12_aes_256_cbc_hmac_sha256,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
- const EVP_CIPHER cryptodev_aes_128_gcm = {
- NID_aes_128_gcm,
- 1, 16, 12,
-@@ -1396,6 +1519,21 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- case NID_aes_128_gcm:
- *cipher = &cryptodev_aes_128_gcm;
- break;
-+ case NID_tls12_des_ede3_cbc_hmac_sha1:
-+ *cipher = &cryptodev_tls12_3des_cbc_hmac_sha1;
-+ break;
-+ case NID_tls12_aes_128_cbc_hmac_sha1:
-+ *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha1;
-+ break;
-+ case NID_tls12_aes_256_cbc_hmac_sha1:
-+ *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha1;
-+ break;
-+ case NID_tls12_aes_128_cbc_hmac_sha256:
-+ *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha256;
-+ break;
-+ case NID_tls12_aes_256_cbc_hmac_sha256:
-+ *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha256;
-+ break;
- default:
- *cipher = NULL;
- break;
-diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
-index 4dd32a1..e3a2505 100644
---- a/crypto/objects/obj_dat.h
-+++ b/crypto/objects/obj_dat.h
-@@ -62,9 +62,9 @@
- * [including the GNU Public Licence.]
- */
-
--#define NUM_NID 962
--#define NUM_SN 955
--#define NUM_LN 955
-+#define NUM_NID 967
-+#define NUM_SN 960
-+#define NUM_LN 960
- #define NUM_OBJ 890
-
- static const unsigned char lvalues[6255]={
-@@ -2522,6 +2522,16 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
- NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
- {"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
- NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-DES-EDE3-CBC-HMAC-SHA1","tls12-des-ede3-cbc-hmac-sha1",
-+ NID_tls12_des_ede3_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-AES-128-CBC-HMAC-SHA1","tls12-aes-128-cbc-hmac-sha1",
-+ NID_tls12_aes_128_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-AES-256-CBC-HMAC-SHA1","tls12-aes-256-cbc-hmac-sha1",
-+ NID_tls12_aes_256_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-AES-128-CBC-HMAC-SHA256","tls12-aes-128-cbc-hmac-sha256",
-+ NID_tls12_aes_128_cbc_hmac_sha256,0,NULL,0},
-+{"TLS12-AES-256-CBC-HMAC-SHA256","tls12-aes-256-cbc-hmac-sha256",
-+ NID_tls12_aes_256_cbc_hmac_sha256,0,NULL,0},
- };
-
- static const unsigned int sn_objs[NUM_SN]={
-@@ -2714,6 +2724,11 @@ static const unsigned int sn_objs[NUM_SN]={
- 960, /* "TLS11-AES-128-CBC-HMAC-SHA1" */
- 961, /* "TLS11-AES-256-CBC-HMAC-SHA1" */
- 959, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
-+963, /* "TLS12-AES-128-CBC-HMAC-SHA1" */
-+965, /* "TLS12-AES-128-CBC-HMAC-SHA256" */
-+964, /* "TLS12-AES-256-CBC-HMAC-SHA1" */
-+966, /* "TLS12-AES-256-CBC-HMAC-SHA256" */
-+962, /* "TLS12-DES-EDE3-CBC-HMAC-SHA1" */
- 458, /* "UID" */
- 0, /* "UNDEF" */
- 11, /* "X500" */
-@@ -4408,6 +4423,11 @@ static const unsigned int ln_objs[NUM_LN]={
- 960, /* "tls11-aes-128-cbc-hmac-sha1" */
- 961, /* "tls11-aes-256-cbc-hmac-sha1" */
- 959, /* "tls11-des-ede3-cbc-hmac-sha1" */
-+963, /* "tls12-aes-128-cbc-hmac-sha1" */
-+965, /* "tls12-aes-128-cbc-hmac-sha256" */
-+964, /* "tls12-aes-256-cbc-hmac-sha1" */
-+966, /* "tls12-aes-256-cbc-hmac-sha256" */
-+962, /* "tls12-des-ede3-cbc-hmac-sha1" */
- 682, /* "tpBasis" */
- 436, /* "ucl" */
- 0, /* "undefined" */
-diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
-index 5930563..f4a81cb 100644
---- a/crypto/objects/obj_mac.h
-+++ b/crypto/objects/obj_mac.h
-@@ -4063,6 +4063,26 @@
- #define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1"
- #define NID_tls11_aes_256_cbc_hmac_sha1 961
-
-+#define SN_tls12_des_ede3_cbc_hmac_sha1 "TLS12-DES-EDE3-CBC-HMAC-SHA1"
-+#define LN_tls12_des_ede3_cbc_hmac_sha1 "tls12-des-ede3-cbc-hmac-sha1"
-+#define NID_tls12_des_ede3_cbc_hmac_sha1 962
-+
-+#define SN_tls12_aes_128_cbc_hmac_sha1 "TLS12-AES-128-CBC-HMAC-SHA1"
-+#define LN_tls12_aes_128_cbc_hmac_sha1 "tls12-aes-128-cbc-hmac-sha1"
-+#define NID_tls12_aes_128_cbc_hmac_sha1 963
-+
-+#define SN_tls12_aes_256_cbc_hmac_sha1 "TLS12-AES-256-CBC-HMAC-SHA1"
-+#define LN_tls12_aes_256_cbc_hmac_sha1 "tls12-aes-256-cbc-hmac-sha1"
-+#define NID_tls12_aes_256_cbc_hmac_sha1 964
-+
-+#define SN_tls12_aes_128_cbc_hmac_sha256 "TLS12-AES-128-CBC-HMAC-SHA256"
-+#define LN_tls12_aes_128_cbc_hmac_sha256 "tls12-aes-128-cbc-hmac-sha256"
-+#define NID_tls12_aes_128_cbc_hmac_sha256 965
-+
-+#define SN_tls12_aes_256_cbc_hmac_sha256 "TLS12-AES-256-CBC-HMAC-SHA256"
-+#define LN_tls12_aes_256_cbc_hmac_sha256 "tls12-aes-256-cbc-hmac-sha256"
-+#define NID_tls12_aes_256_cbc_hmac_sha256 966
-+
- #define SN_dhpublicnumber "dhpublicnumber"
- #define LN_dhpublicnumber "X9.42 DH"
- #define NID_dhpublicnumber 920
-diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
-index 02f1728..401be03 100644
---- a/crypto/objects/obj_mac.num
-+++ b/crypto/objects/obj_mac.num
-@@ -959,3 +959,8 @@ des_ede3_cbc_hmac_sha1 958
- tls11_des_ede3_cbc_hmac_sha1 959
- tls11_aes_128_cbc_hmac_sha1 960
- tls11_aes_256_cbc_hmac_sha1 961
-+tls12_des_ede3_cbc_hmac_sha1 962
-+tls12_aes_128_cbc_hmac_sha1 963
-+tls12_aes_256_cbc_hmac_sha1 964
-+tls12_aes_128_cbc_hmac_sha256 965
-+tls12_aes_256_cbc_hmac_sha256 966
-diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
-index cda81da..68a8da8 100644
---- a/crypto/objects/objects.txt
-+++ b/crypto/objects/objects.txt
-@@ -1298,6 +1298,11 @@ kisa 1 6 : SEED-OFB : seed-ofb
- : TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1
- : TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1
- : TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1
-+ : TLS12-DES-EDE3-CBC-HMAC-SHA1 : tls12-des-ede3-cbc-hmac-sha1
-+ : TLS12-AES-128-CBC-HMAC-SHA1 : tls12-aes-128-cbc-hmac-sha1
-+ : TLS12-AES-256-CBC-HMAC-SHA1 : tls12-aes-256-cbc-hmac-sha1
-+ : TLS12-AES-128-CBC-HMAC-SHA256 : tls12-aes-128-cbc-hmac-sha256
-+ : TLS12-AES-256-CBC-HMAC-SHA256 : tls12-aes-256-cbc-hmac-sha256
-
- ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
-
-diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index b4af7dc..359cb5d 100644
---- a/ssl/ssl_ciph.c
-+++ b/ssl/ssl_ciph.c
-@@ -690,6 +690,31 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
- c->algorithm_mac == SSL_SHA1 &&
- (evp = EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
- *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_2_VERSION &&
-+ c->algorithm_enc == SSL_3DES &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp=EVP_get_cipherbyname("TLS12-DES-EDE3-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_2_VERSION &&
-+ c->algorithm_enc == SSL_AES128 &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_2_VERSION &&
-+ c->algorithm_enc == SSL_AES256 &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_2_VERSION &&
-+ c->algorithm_enc == SSL_AES128 &&
-+ c->algorithm_mac == SSL_SHA256 &&
-+ (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA256")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_2_VERSION &&
-+ c->algorithm_enc == SSL_AES256 &&
-+ c->algorithm_mac == SSL_SHA256 &&
-+ (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA256")))
-+ *enc = evp, *md = NULL;
- return (1);
- } else
- return (0);
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch
deleted file mode 100644
index cf6cce2..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From dddb8bc7eea34dfc73c1f5c8863d19894d9a18ac Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@freescale.com>
-Date: Thu, 19 Feb 2015 16:11:53 +0200
-Subject: [PATCH 18/48] cryptodev: drop redundant function
-
-get_dev_crypto already caches the result. Another cache in-between is
-useless.
-
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 17 +++--------------
- 1 file changed, 3 insertions(+), 14 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 455868e..d229f61 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -94,7 +94,6 @@ struct dev_crypto_state {
-
- static u_int32_t cryptodev_asymfeat = 0;
-
--static int get_asym_dev_crypto(void);
- static int open_dev_crypto(void);
- static int get_dev_crypto(void);
- static int get_cryptodev_ciphers(const int **cnids);
-@@ -441,16 +440,6 @@ static void put_dev_crypto(int fd)
- # endif
- }
-
--/* Caching version for asym operations */
--static int get_asym_dev_crypto(void)
--{
-- static int fd = -1;
--
-- if (fd == -1)
-- fd = get_dev_crypto();
-- return fd;
--}
--
- /*
- * Find out what ciphers /dev/crypto will let us have a session for.
- * XXX note, that some of these openssl doesn't deal with yet!
-@@ -1923,7 +1912,7 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
- {
- int fd, ret = -1;
-
-- if ((fd = get_asym_dev_crypto()) < 0)
-+ if ((fd = get_dev_crypto()) < 0)
- return ret;
-
- if (r) {
-@@ -2522,7 +2511,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
- int p_len, q_len;
- int i;
-
-- if ((fd = get_asym_dev_crypto()) < 0)
-+ if ((fd = get_dev_crypto()) < 0)
- goto sw_try;
-
- if (!rsa->n && ((rsa->n = BN_new()) == NULL))
-@@ -4111,7 +4100,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- BIGNUM *temp = NULL;
- unsigned char *padded_pub_key = NULL, *p = NULL;
-
-- if ((fd = get_asym_dev_crypto()) < 0)
-+ if ((fd = get_dev_crypto()) < 0)
- goto sw_try;
-
- memset(&kop, 0, sizeof kop);
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch
deleted file mode 100644
index d423dd1..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 413ef57790244fc521d40ade62358abaf0a55d10 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@freescale.com>
-Date: Tue, 17 Feb 2015 13:12:53 +0200
-Subject: [PATCH 19/48] cryptodev: do not zero the buffer before use
-
-- The buffer is just about to be overwritten. Zeroing it before that has
- no purpose
-
-Change-Id: I478c31bd2e254561474a7edf5e37980ca04217ce
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/34217
----
- crypto/engine/eng_cryptodev.c | 14 ++++----------
- 1 file changed, 4 insertions(+), 10 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index d229f61..4d370ad 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1806,21 +1806,15 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
- static int bn2crparam(const BIGNUM *a, struct crparam *crp)
- {
- ssize_t bytes, bits;
-- u_char *b;
--
-- crp->crp_p = NULL;
-- crp->crp_nbits = 0;
-
- bits = BN_num_bits(a);
- bytes = (bits + 7) / 8;
-
-- b = malloc(bytes);
-- if (b == NULL)
-- return (1);
-- memset(b, 0, bytes);
--
-- crp->crp_p = (caddr_t) b;
- crp->crp_nbits = bits;
-+ crp->crp_p = malloc(bytes);
-+
-+ if (crp->crp_p == NULL)
-+ return (1);
-
- BN_bn2bin(a, crp->crp_p);
- return (0);
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch
deleted file mode 100644
index d82dc5c..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From ac3dfaf10125f08454d51e8fc4b3a77d33fd96d0 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@freescale.com>
-Date: Wed, 18 Feb 2015 10:39:46 +0200
-Subject: [PATCH 20/48] cryptodev: clean-up code layout
-
-This is just a refactoring that uses else branch to check for malloc failures
-
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 45 ++++++++++++++++++++-----------------------
- 1 file changed, 21 insertions(+), 24 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 4d370ad..487a2c9 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1869,32 +1869,29 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
- fd = *(int *)cookie->eng_handle;
-
- eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
--
-- if (eng_cookie) {
-- memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
-- if (r) {
-- kop->crk_param[kop->crk_iparams].crp_p =
-- calloc(rlen, sizeof(char));
-- if (!kop->crk_param[kop->crk_iparams].crp_p)
-- return -ENOMEM;
-- kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
-- kop->crk_oparams++;
-- eng_cookie->r = r;
-- eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
-- }
-- if (s) {
-- kop->crk_param[kop->crk_iparams + 1].crp_p =
-- calloc(slen, sizeof(char));
-- if (!kop->crk_param[kop->crk_iparams + 1].crp_p)
-- return -ENOMEM;
-- kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
-- kop->crk_oparams++;
-- eng_cookie->s = s;
-- eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
-- }
-- } else
-+ if (!eng_cookie)
- return -ENOMEM;
-
-+ memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
-+ if (r) {
-+ kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
-+ if (!kop->crk_param[kop->crk_iparams].crp_p)
-+ return -ENOMEM;
-+ kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
-+ kop->crk_oparams++;
-+ eng_cookie->r = r;
-+ eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
-+ }
-+ if (s) {
-+ kop->crk_param[kop->crk_iparams + 1].crp_p =
-+ calloc(slen, sizeof(char));
-+ if (!kop->crk_param[kop->crk_iparams + 1].crp_p)
-+ return -ENOMEM;
-+ kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
-+ kop->crk_oparams++;
-+ eng_cookie->s = s;
-+ eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
-+ }
- eng_cookie->kop = kop;
- cookie->eng_cookie = eng_cookie;
- return ioctl(fd, CIOCASYMASYNCRYPT, kop);
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch
deleted file mode 100644
index fa825bb..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-From b96074f4e44b2147d4d771dd086463c9cb7d42a3 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@freescale.com>
-Date: Thu, 19 Feb 2015 16:43:29 +0200
-Subject: [PATCH 21/48] cryptodev: do not cache file descriptor in 'open'
-
-The file descriptor returned by get_dev_crypto is cached after a
-successful return. The issue is, it is cached inside 'open_dev_crypto'
-which is no longer useful as a general purpose open("/dev/crypto")
-function.
-
-This patch is a refactoring that moves the caching operation from
-open_dev_crypto to get_dev_crypto and leaves the former as a simpler
-function true to its name
-
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 43 +++++++++++++++++++++----------------------
- 1 file changed, 21 insertions(+), 22 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 487a2c9..d7188a6 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -392,45 +392,44 @@ static void ctr64_inc(unsigned char *counter)
- } while (n);
- }
-
--/*
-- * Return a fd if /dev/crypto seems usable, 0 otherwise.
-- */
- static int open_dev_crypto(void)
- {
-- static int fd = -1;
-+ int fd;
-
-- if (fd == -1) {
-- if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
-- return (-1);
-- /* close on exec */
-- if (fcntl(fd, F_SETFD, 1) == -1) {
-- close(fd);
-- fd = -1;
-- return (-1);
-- }
-+ fd = open("/dev/crypto", O_RDWR, 0);
-+ if (fd < 0)
-+ return -1;
-+
-+ /* close on exec */
-+ if (fcntl(fd, F_SETFD, 1) == -1) {
-+ close(fd);
-+ return -1;
- }
-- return (fd);
-+
-+ return fd;
- }
-
- static int get_dev_crypto(void)
- {
-- int fd, retfd;
-+ static int fd = -1;
-+ int retfd;
-
-- if ((fd = open_dev_crypto()) == -1)
-- return (-1);
--# ifndef CRIOGET_NOT_NEEDED
-+ if (fd == -1)
-+ fd = open_dev_crypto();
-+# ifdef CRIOGET_NOT_NEEDED
-+ return fd;
-+# else
-+ if (fd == -1)
-+ return -1;
- if (ioctl(fd, CRIOGET, &retfd) == -1)
- return (-1);
--
- /* close on exec */
- if (fcntl(retfd, F_SETFD, 1) == -1) {
- close(retfd);
- return (-1);
- }
--# else
-- retfd = fd;
-+ return retfd;
- # endif
-- return (retfd);
- }
-
- static void put_dev_crypto(int fd)
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch
deleted file mode 100644
index eddb1f2..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 43710e60fd8bae1ebc4d1eef6d86cb4e82653ac4 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@freescale.com>
-Date: Thu, 19 Feb 2015 13:09:32 +0200
-Subject: [PATCH 22/48] cryptodev: put_dev_crypto should be an int
-
-Change-Id: Ie0a83bc07a37132286c098b17ef35d98de74b043
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/34220
----
- crypto/engine/eng_cryptodev.c | 8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index d7188a6..7b3dbd1 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -432,10 +432,12 @@ static int get_dev_crypto(void)
- # endif
- }
-
--static void put_dev_crypto(int fd)
-+static int put_dev_crypto(int fd)
- {
--# ifndef CRIOGET_NOT_NEEDED
-- close(fd);
-+#ifdef CRIOGET_NOT_NEEDED
-+ return 0;
-+#else
-+ return close(fd);
- # endif
- }
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch
deleted file mode 100644
index 4f589af..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch
+++ /dev/null
@@ -1,260 +0,0 @@
-From b706132a33555162e6dbf26d9fde4bcb1136d553 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@freescale.com>
-Date: Thu, 19 Feb 2015 13:39:52 +0200
-Subject: [PATCH 23/48] cryptodev: simplify cryptodev pkc support code
-
-- Engine init returns directly a file descriptor instead of a pointer to one
-- Similarly, the Engine close will now just close the file
-
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/crypto.h | 2 +-
- crypto/engine/eng_cryptodev.c | 43 +++++++----------------------------
- crypto/engine/eng_int.h | 14 +++---------
- crypto/engine/eng_lib.c | 53 +++++++++++++++++++++----------------------
- crypto/engine/engine.h | 13 +++++------
- 5 files changed, 44 insertions(+), 81 deletions(-)
-
-diff --git a/crypto/crypto.h b/crypto/crypto.h
-index 2b4ec59..ddb9b69 100644
---- a/crypto/crypto.h
-+++ b/crypto/crypto.h
-@@ -668,7 +668,7 @@ struct pkc_cookie_s {
- * -EINVAL: Parameters Invalid
- */
- void (*pkc_callback)(struct pkc_cookie_s *cookie, int status);
-- void *eng_handle;
-+ int eng_handle;
- };
-
- #ifdef __cplusplus
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 7b3dbd1..34c8d18 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -434,10 +434,10 @@ static int get_dev_crypto(void)
-
- static int put_dev_crypto(int fd)
- {
--#ifdef CRIOGET_NOT_NEEDED
-- return 0;
--#else
-- return close(fd);
-+# ifdef CRIOGET_NOT_NEEDED
-+ return 0;
-+# else
-+ return close(fd);
- # endif
- }
-
-@@ -1867,7 +1867,7 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
- struct pkc_cookie_s *cookie = kop->cookie;
- struct cryptodev_cookie_s *eng_cookie;
-
-- fd = *(int *)cookie->eng_handle;
-+ fd = cookie->eng_handle;
-
- eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
- if (!eng_cookie)
-@@ -1939,38 +1939,11 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
- return ret;
- }
-
--/* Close an opened instance of cryptodev engine */
--void cryptodev_close_instance(void *handle)
--{
-- int fd;
--
-- if (handle) {
-- fd = *(int *)handle;
-- close(fd);
-- free(handle);
-- }
--}
--
--/* Create an instance of cryptodev for asynchronous interface */
--void *cryptodev_init_instance(void)
--{
-- int *fd = malloc(sizeof(int));
--
-- if (fd) {
-- if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) {
-- free(fd);
-- return NULL;
-- }
-- }
-- return fd;
--}
--
- # include <poll.h>
-
- /* Return 0 on success and 1 on failure */
--int cryptodev_check_availability(void *eng_handle)
-+int cryptodev_check_availability(int fd)
- {
-- int fd = *(int *)eng_handle;
- struct pkc_cookie_list_s cookie_list;
- struct pkc_cookie_s *cookie;
- int i;
-@@ -4719,8 +4692,8 @@ void ENGINE_load_cryptodev(void)
- }
-
- ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability);
-- ENGINE_set_close_instance(engine, cryptodev_close_instance);
-- ENGINE_set_init_instance(engine, cryptodev_init_instance);
-+ ENGINE_set_close_instance(engine, put_dev_crypto);
-+ ENGINE_set_open_instance(engine, open_dev_crypto);
- ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC);
-
- ENGINE_add(engine);
-diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
-index b698a0c..7541beb 100644
---- a/crypto/engine/eng_int.h
-+++ b/crypto/engine/eng_int.h
-@@ -198,23 +198,15 @@ struct engine_st {
- ENGINE_LOAD_KEY_PTR load_privkey;
- ENGINE_LOAD_KEY_PTR load_pubkey;
- ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
-- /*
-- * Instantiate Engine handle to be passed in check_pkc_availability
-- * Ensure that Engine is instantiated before any pkc asynchronous call.
-- */
-- void *(*engine_init_instance)(void);
-- /*
-- * Instantiated Engine handle will be closed with this call.
-- * Ensure that no pkc asynchronous call is made after this call
-- */
-- void (*engine_close_instance)(void *handle);
-+ int (*engine_open_instance)(void);
-+ int (*engine_close_instance)(int fd);
- /*
- * Check availability will extract the data from kernel.
- * eng_handle: This is the Engine handle corresponds to which
- * the cookies needs to be polled.
- * return 0 if cookie available else 1
- */
-- int (*check_pkc_availability)(void *eng_handle);
-+ int (*check_pkc_availability)(int fd);
- /*
- * The following map is used to check if the engine supports asynchronous implementation
- * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous
-diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
-index 0c57e12..4fdcfd6 100644
---- a/crypto/engine/eng_lib.c
-+++ b/crypto/engine/eng_lib.c
-@@ -101,7 +101,7 @@ void engine_set_all_null(ENGINE *e)
- e->load_privkey = NULL;
- e->load_pubkey = NULL;
- e->check_pkc_availability = NULL;
-- e->engine_init_instance = NULL;
-+ e->engine_open_instance = NULL;
- e->engine_close_instance = NULL;
- e->cmd_defns = NULL;
- e->async_map = 0;
-@@ -252,46 +252,45 @@ int ENGINE_set_id(ENGINE *e, const char *id)
- return 1;
- }
-
--void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void))
-- {
-- e->engine_init_instance = engine_init_instance;
-- }
-+void ENGINE_set_open_instance(ENGINE *e, int (*engine_open_instance)(void))
-+{
-+ e->engine_open_instance = engine_open_instance;
-+}
-
--void ENGINE_set_close_instance(ENGINE *e,
-- void (*engine_close_instance)(void *))
-- {
-- e->engine_close_instance = engine_close_instance;
-- }
-+void ENGINE_set_close_instance(ENGINE *e, int (*engine_close_instance)(int))
-+{
-+ e->engine_close_instance = engine_close_instance;
-+}
-
- void ENGINE_set_async_map(ENGINE *e, int async_map)
- {
- e->async_map = async_map;
- }
-
--void *ENGINE_init_instance(ENGINE *e)
-- {
-- return e->engine_init_instance();
-- }
--
--void ENGINE_close_instance(ENGINE *e, void *eng_handle)
-- {
-- e->engine_close_instance(eng_handle);
-- }
--
- int ENGINE_get_async_map(ENGINE *e)
- {
- return e->async_map;
- }
-
-+int ENGINE_open_instance(ENGINE *e)
-+{
-+ return e->engine_open_instance();
-+}
-+
-+int ENGINE_close_instance(ENGINE *e, int fd)
-+{
-+ return e->engine_close_instance(fd);
-+}
-+
- void ENGINE_set_check_pkc_availability(ENGINE *e,
-- int (*check_pkc_availability)(void *eng_handle))
-- {
-- e->check_pkc_availability = check_pkc_availability;
-- }
-+ int (*check_pkc_availability)(int fd))
-+{
-+ e->check_pkc_availability = check_pkc_availability;
-+}
-
--int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle)
-- {
-- return e->check_pkc_availability(eng_handle);
-+int ENGINE_check_pkc_availability(ENGINE *e, int fd)
-+{
-+ return e->check_pkc_availability(fd);
- }
-
- int ENGINE_set_name(ENGINE *e, const char *name)
-diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
-index 4527aa1..f83ee73 100644
---- a/crypto/engine/engine.h
-+++ b/crypto/engine/engine.h
-@@ -551,9 +551,6 @@ ENGINE *ENGINE_new(void);
- int ENGINE_free(ENGINE *e);
- int ENGINE_up_ref(ENGINE *e);
- int ENGINE_set_id(ENGINE *e, const char *id);
--void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void));
--void ENGINE_set_close_instance(ENGINE *e,
-- void (*engine_free_instance)(void *));
- /*
- * Following FLAGS are bitmap store in async_map to set asynchronous interface capability
- *of the engine
-@@ -570,11 +567,13 @@ void ENGINE_set_async_map(ENGINE *e, int async_map);
- * to confirm asynchronous methods supported
- */
- int ENGINE_get_async_map(ENGINE *e);
--void *ENGINE_init_instance(ENGINE *e);
--void ENGINE_close_instance(ENGINE *e, void *eng_handle);
-+int ENGINE_open_instance(ENGINE *e);
-+int ENGINE_close_instance(ENGINE *e, int fd);
-+void ENGINE_set_init_instance(ENGINE *e, int(*engine_init_instance)(void));
-+void ENGINE_set_close_instance(ENGINE *e, int(*engine_close_instance)(int));
- void ENGINE_set_check_pkc_availability(ENGINE *e,
-- int (*check_pkc_availability)(void *eng_handle));
--int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle);
-+ int (*check_pkc_availability)(int fd));
-+int ENGINE_check_pkc_availability(ENGINE *e, int fd);
- int ENGINE_set_name(ENGINE *e, const char *name);
- int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
- int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch
deleted file mode 100644
index 0daa2a4..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From e1de7751808d5196a9a719ad49a1281d2a3c453d Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 14 Dec 2015 14:02:00 +0200
-Subject: [PATCH 24/48] cryptodev: clarify code, remove assignments from
- conditionals
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 34c8d18..31687d8 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1560,14 +1560,16 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- struct session_op *sess = &state->d_sess;
- int digest;
-
-- if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef) {
-+ digest = digest_nid_to_cryptodev(ctx->digest->type);
-+ if (digest == NID_undef) {
- printf("cryptodev_digest_init: Can't get digest \n");
- return (0);
- }
-
- memset(state, 0, sizeof(struct dev_crypto_state));
-
-- if ((state->d_fd = get_dev_crypto()) < 0) {
-+ state->d_fd = get_dev_crypto();
-+ if (state->d_fd < 0) {
- printf("cryptodev_digest_init: Can't get Dev \n");
- return (0);
- }
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch
deleted file mode 100644
index 3e02c72..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 9ffa46ff1348817f4c8d24e9d42fa0f739a652d7 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 15 Dec 2015 12:10:37 +0200
-Subject: [PATCH 25/48] cryptodev: clean-up context state before anything else
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 31687d8..e6616e9 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1560,14 +1560,14 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- struct session_op *sess = &state->d_sess;
- int digest;
-
-+ memset(state, 0, sizeof(struct dev_crypto_state));
-+
- digest = digest_nid_to_cryptodev(ctx->digest->type);
- if (digest == NID_undef) {
- printf("cryptodev_digest_init: Can't get digest \n");
- return (0);
- }
-
-- memset(state, 0, sizeof(struct dev_crypto_state));
--
- state->d_fd = get_dev_crypto();
- if (state->d_fd < 0) {
- printf("cryptodev_digest_init: Can't get Dev \n");
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch
deleted file mode 100644
index 4e1ce65..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch
+++ /dev/null
@@ -1,155 +0,0 @@
-From 7f6a709ed46d79d765ee0bb2fc16b84d0bb4c8a6 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 14 Dec 2015 17:49:08 +0200
-Subject: [PATCH 26/48] cryptodev: remove code duplication in digest operations
-
-This patch simplifies code and removes duplication in digest_update and
-digest_final for cryptodev engine.
-
-Note: The current design of eng_cryptodev for digests operations assumes
- the presence of all the data before processing (this is suboptimal
- with cryptodev-linux because Linux kernel has support for digest-update
- operations and there is no need to accumulate the input data).
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 76 ++++++++++++++++---------------------------
- 1 file changed, 28 insertions(+), 48 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index e6616e9..a8652bf 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1591,24 +1591,25 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
- size_t count)
- {
-- struct crypt_op cryp;
- struct dev_crypto_state *state = ctx->md_data;
-- struct session_op *sess = &state->d_sess;
-
-- if (!data || state->d_fd < 0) {
-+ if (!data || !count) {
- printf("cryptodev_digest_update: illegal inputs \n");
-- return (0);
-- }
--
-- if (!count) {
-- return (0);
-+ return 0;
- }
-
-- if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
-- /* if application doesn't support one buffer */
-+ /*
-+ * Accumulate input data if it is scattered in several buffers. TODO:
-+ * Depending on number of calls and data size, this code can be optimized
-+ * to take advantage of Linux kernel crypto API, balancing between
-+ * cryptodev calls and accumulating small amounts of data
-+ */
-+ if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) {
-+ state->mac_data = data;
-+ state->mac_len = count;
-+ } else {
- state->mac_data =
- OPENSSL_realloc(state->mac_data, state->mac_len + count);
--
- if (!state->mac_data) {
- printf("cryptodev_digest_update: realloc failed\n");
- return (0);
-@@ -1616,23 +1617,9 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
-
- memcpy(state->mac_data + state->mac_len, data, count);
- state->mac_len += count;
--
-- return (1);
- }
-
-- memset(&cryp, 0, sizeof(cryp));
--
-- cryp.ses = sess->ses;
-- cryp.flags = 0;
-- cryp.len = count;
-- cryp.src = (caddr_t) data;
-- cryp.dst = NULL;
-- cryp.mac = (caddr_t) state->digest_res;
-- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-- printf("cryptodev_digest_update: digest failed\n");
-- return (0);
-- }
-- return (1);
-+ return 1;
- }
-
- static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
-@@ -1641,33 +1628,25 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
- struct dev_crypto_state *state = ctx->md_data;
- struct session_op *sess = &state->d_sess;
-
-- int ret = 1;
--
- if (!md || state->d_fd < 0) {
- printf("cryptodev_digest_final: illegal input\n");
- return (0);
- }
-
-- if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
-- /* if application doesn't support one buffer */
-- memset(&cryp, 0, sizeof(cryp));
-- cryp.ses = sess->ses;
-- cryp.flags = 0;
-- cryp.len = state->mac_len;
-- cryp.src = state->mac_data;
-- cryp.dst = NULL;
-- cryp.mac = (caddr_t) md;
-- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-- printf("cryptodev_digest_final: digest failed\n");
-- return (0);
-- }
-+ memset(&cryp, 0, sizeof(cryp));
-
-- return 1;
-- }
-+ cryp.ses = sess->ses;
-+ cryp.flags = 0;
-+ cryp.len = state->mac_len;
-+ cryp.src = state->mac_data;
-+ cryp.mac = md;
-
-- memcpy(md, state->digest_res, ctx->digest->md_size);
-+ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-+ printf("cryptodev_digest_final: digest failed\n");
-+ return (0);
-+ }
-
-- return (ret);
-+ return (1);
- }
-
- static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
-@@ -1684,11 +1663,11 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
- return (0);
- }
-
-- if (state->mac_data) {
-+ if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
- OPENSSL_free(state->mac_data);
-- state->mac_data = NULL;
-- state->mac_len = 0;
- }
-+ state->mac_data = NULL;
-+ state->mac_len = 0;
-
- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
- printf("cryptodev_digest_cleanup: failed to close session\n");
-@@ -1696,6 +1675,7 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
- } else {
- ret = 1;
- }
-+
- put_dev_crypto(state->d_fd);
- state->d_fd = -1;
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch
deleted file mode 100644
index 0810889..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-From 0307a70fc4399a0ee758172e385d4daaae669ce6 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 15 Dec 2015 12:23:13 +0200
-Subject: [PATCH 27/48] cryptodev: put all digest ioctls into a single function
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 44 +++++++++++++++++++------------------------
- 1 file changed, 19 insertions(+), 25 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index a8652bf..8b8710a 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1578,13 +1578,6 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- sess->mackeylen = digest_key_length(ctx->digest->type);
- sess->mac = digest;
-
-- if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-- put_dev_crypto(state->d_fd);
-- state->d_fd = -1;
-- printf("cryptodev_digest_init: Open session failed\n");
-- return (0);
-- }
--
- return (1);
- }
-
-@@ -1624,6 +1617,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
-
- static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
- {
-+ int ret = 1;
- struct crypt_op cryp;
- struct dev_crypto_state *state = ctx->md_data;
- struct session_op *sess = &state->d_sess;
-@@ -1633,6 +1627,11 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
- return (0);
- }
-
-+ if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-+ printf("cryptodev_digest_init: Open session failed\n");
-+ return (0);
-+ }
-+
- memset(&cryp, 0, sizeof(cryp));
-
- cryp.ses = sess->ses;
-@@ -1643,43 +1642,38 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
-
- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
- printf("cryptodev_digest_final: digest failed\n");
-- return (0);
-+ ret = 0;
- }
-
-- return (1);
-+ if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
-+ printf("cryptodev_digest_cleanup: failed to close session\n");
-+ }
-+
-+ return ret;
- }
-
- static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
- {
-- int ret = 1;
- struct dev_crypto_state *state = ctx->md_data;
- struct session_op *sess = &state->d_sess;
-
-- if (state == NULL)
-+ if (state == NULL) {
- return 0;
--
-- if (state->d_fd < 0) {
-- printf("cryptodev_digest_cleanup: illegal input\n");
-- return (0);
- }
-
- if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
- OPENSSL_free(state->mac_data);
- }
-- state->mac_data = NULL;
-- state->mac_len = 0;
-
-- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
-- printf("cryptodev_digest_cleanup: failed to close session\n");
-- ret = 0;
-- } else {
-- ret = 1;
-+ if (state->d_fd >= 0) {
-+ put_dev_crypto(state->d_fd);
-+ state->d_fd = -1;
- }
-
-- put_dev_crypto(state->d_fd);
-- state->d_fd = -1;
-+ state->mac_data = NULL;
-+ state->mac_len = 0;
-
-- return (ret);
-+ return 1;
- }
-
- static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch
deleted file mode 100644
index 91bd4a4..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-From 07f16d70cf7993c43e2c24a1e121c197db9ce1bc Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 15 Dec 2015 12:51:36 +0200
-Subject: [PATCH 28/48] cryptodev: fix debug print messages
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 18 +++++++++---------
- 1 file changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 8b8710a..b74f21c 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1564,13 +1564,13 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
-
- digest = digest_nid_to_cryptodev(ctx->digest->type);
- if (digest == NID_undef) {
-- printf("cryptodev_digest_init: Can't get digest \n");
-+ printf("%s: Can't get digest\n", __func__);
- return (0);
- }
-
- state->d_fd = get_dev_crypto();
- if (state->d_fd < 0) {
-- printf("cryptodev_digest_init: Can't get Dev \n");
-+ printf("%s: Can't get Dev\n", __func__);
- return (0);
- }
-
-@@ -1587,7 +1587,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
- struct dev_crypto_state *state = ctx->md_data;
-
- if (!data || !count) {
-- printf("cryptodev_digest_update: illegal inputs \n");
-+ printf("%s: illegal inputs\n", __func__);
- return 0;
- }
-
-@@ -1604,7 +1604,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
- state->mac_data =
- OPENSSL_realloc(state->mac_data, state->mac_len + count);
- if (!state->mac_data) {
-- printf("cryptodev_digest_update: realloc failed\n");
-+ printf("%s: realloc failed\n", __func__);
- return (0);
- }
-
-@@ -1623,12 +1623,12 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
- struct session_op *sess = &state->d_sess;
-
- if (!md || state->d_fd < 0) {
-- printf("cryptodev_digest_final: illegal input\n");
-+ printf("%s: illegal input\n", __func__);
- return (0);
- }
-
- if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-- printf("cryptodev_digest_init: Open session failed\n");
-+ printf("%s: Open session failed\n", __func__);
- return (0);
- }
-
-@@ -1641,12 +1641,12 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
- cryp.mac = md;
-
- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-- printf("cryptodev_digest_final: digest failed\n");
-+ printf("%s: digest failed\n", __func__);
- ret = 0;
- }
-
- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
-- printf("cryptodev_digest_cleanup: failed to close session\n");
-+ printf("%s: failed to close session\n", __func__);
- }
-
- return ret;
-@@ -1701,7 +1701,7 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
- if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
- put_dev_crypto(dstate->d_fd);
- dstate->d_fd = -1;
-- printf("cryptodev_digest_init: Open session failed\n");
-+ printf("%s: Open session failed\n", __func__);
- return (0);
- }
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch
deleted file mode 100644
index abf8084..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-From 64d5378080c14a9cf9fd673457af0fa80f3a94ee Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 15 Dec 2015 15:43:28 +0200
-Subject: [PATCH 29/48] cryptodev: use CIOCHASH ioctl for digest operations
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 34 +++++++++++-----------------------
- 1 file changed, 11 insertions(+), 23 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index b74f21c..4f375e0 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -85,6 +85,7 @@ struct dev_crypto_state {
- unsigned char *iv;
- int ivlen;
- # ifdef USE_CRYPTODEV_DIGESTS
-+ struct hash_op_data hash_op;
- char dummy_mac_key[HASH_MAX_LEN];
- unsigned char digest_res[HASH_MAX_LEN];
- char *mac_data;
-@@ -1557,7 +1558,7 @@ static int digest_key_length(int nid)
- static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- {
- struct dev_crypto_state *state = ctx->md_data;
-- struct session_op *sess = &state->d_sess;
-+ struct hash_op_data *hash_op = &state->hash_op;
- int digest;
-
- memset(state, 0, sizeof(struct dev_crypto_state));
-@@ -1574,9 +1575,9 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- return (0);
- }
-
-- sess->mackey = state->dummy_mac_key;
-- sess->mackeylen = digest_key_length(ctx->digest->type);
-- sess->mac = digest;
-+ hash_op->mac_op = digest;
-+ hash_op->mackey = state->dummy_mac_key;
-+ hash_op->mackeylen = digest_key_length(ctx->digest->type);
-
- return (1);
- }
-@@ -1618,37 +1619,24 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
- static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
- {
- int ret = 1;
-- struct crypt_op cryp;
- struct dev_crypto_state *state = ctx->md_data;
-- struct session_op *sess = &state->d_sess;
-+ struct hash_op_data *hash_op = &state->hash_op;
-
- if (!md || state->d_fd < 0) {
- printf("%s: illegal input\n", __func__);
- return (0);
- }
-
-- if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-- printf("%s: Open session failed\n", __func__);
-- return (0);
-- }
--
-- memset(&cryp, 0, sizeof(cryp));
-+ hash_op->flags = 0;
-+ hash_op->len = state->mac_len;
-+ hash_op->src = state->mac_data;
-+ hash_op->mac_result = md;
-
-- cryp.ses = sess->ses;
-- cryp.flags = 0;
-- cryp.len = state->mac_len;
-- cryp.src = state->mac_data;
-- cryp.mac = md;
--
-- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-+ if (ioctl(state->d_fd, CIOCHASH, hash_op) < 0) {
- printf("%s: digest failed\n", __func__);
- ret = 0;
- }
-
-- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
-- printf("%s: failed to close session\n", __func__);
-- }
--
- return ret;
- }
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch
deleted file mode 100644
index 28de567..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From 328b2890d5a9baf9f936bd9facaf411c01931f08 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Wed, 13 Jan 2016 15:18:20 +0200
-Subject: [PATCH 30/48] cryptodev: reduce duplicated efforts for searching
- inside digests table
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 44 ++++++++++++++++++-------------------------
- 1 file changed, 18 insertions(+), 26 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 4f375e0..163a37d 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1534,37 +1534,31 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-
- # ifdef USE_CRYPTODEV_DIGESTS
-
--/* convert digest type to cryptodev */
--static int digest_nid_to_cryptodev(int nid)
-+static int digest_nid_to_id(int nid)
- {
- int i;
-
-- for (i = 0; digests[i].id; i++)
-- if (digests[i].nid == nid)
-- return (digests[i].id);
-- return (0);
--}
--
--static int digest_key_length(int nid)
--{
-- int i;
--
-- for (i = 0; digests[i].id; i++)
-- if (digests[i].nid == nid)
-- return digests[i].keylen;
-- return (0);
-+ for (i = 0;; i++) {
-+ if ((digests[i].nid == nid) || (digests[i].id == 0)) {
-+ break;
-+ }
-+ }
-+ return i;
- }
-
- static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- {
- struct dev_crypto_state *state = ctx->md_data;
- struct hash_op_data *hash_op = &state->hash_op;
-- int digest;
-+ int id;
-
- memset(state, 0, sizeof(struct dev_crypto_state));
-
-- digest = digest_nid_to_cryptodev(ctx->digest->type);
-- if (digest == NID_undef) {
-+ id = digest_nid_to_id(ctx->digest->type);
-+
-+ hash_op->mac_op = digests[id].id;
-+ hash_op->mackeylen = digests[id].keylen;
-+ if (hash_op->mac_op == 0) {
- printf("%s: Can't get digest\n", __func__);
- return (0);
- }
-@@ -1575,11 +1569,9 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- return (0);
- }
-
-- hash_op->mac_op = digest;
- hash_op->mackey = state->dummy_mac_key;
-- hash_op->mackeylen = digest_key_length(ctx->digest->type);
-
-- return (1);
-+ return 1;
- }
-
- static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
-@@ -1669,7 +1661,7 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
- struct dev_crypto_state *fstate = from->md_data;
- struct dev_crypto_state *dstate = to->md_data;
- struct session_op *sess;
-- int digest;
-+ int id;
-
- if (dstate == NULL || fstate == NULL)
- return 1;
-@@ -1678,11 +1670,11 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
-
- sess = &dstate->d_sess;
-
-- digest = digest_nid_to_cryptodev(to->digest->type);
-+ id = digest_nid_to_id(to->digest->type);
-
- sess->mackey = dstate->dummy_mac_key;
-- sess->mackeylen = digest_key_length(to->digest->type);
-- sess->mac = digest;
-+ sess->mackeylen = digests[id].keylen;
-+ sess->mac = digests[id].id;
-
- dstate->d_fd = get_dev_crypto();
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch
deleted file mode 100644
index d7af9cb..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 9faaca759390bba5aeeb049d31f74806e78137e1 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 8 Feb 2016 16:00:22 +0200
-Subject: [PATCH 31/48] cryptodev: remove not used local variables
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 6 +-----
- 1 file changed, 1 insertion(+), 5 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 163a37d..b13bf8c 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1635,7 +1635,6 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
- static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
- {
- struct dev_crypto_state *state = ctx->md_data;
-- struct session_op *sess = &state->d_sess;
-
- if (state == NULL) {
- return 0;
-@@ -3952,7 +3951,6 @@ static int cryptodev_dh_keygen(DH *dh)
- int ret = 1, q_len = 0;
- unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL;
- BIGNUM *pub_key = NULL, *priv_key = NULL;
-- int generate_new_key = 1;
-
- if (dh->priv_key)
- priv_key = dh->priv_key;
-@@ -4074,11 +4072,9 @@ cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
- {
- struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
- int ret = 1;
-- int fd, p_len;
-+ int p_len;
- unsigned char *padded_pub_key = NULL, *p = NULL;
-
-- fd = *(int *)cookie->eng_handle;
--
- memset(kop, 0, sizeof(struct crypt_kop));
- kop->crk_op = CRK_DH_COMPUTE_KEY;
- /* inputs: dh->priv_key pub_key dh->p key */
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch
deleted file mode 100644
index a53705f..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From a6dc52cbcda9b4dcb0fda3b780e7c89219388982 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 8 Feb 2016 17:22:49 +0200
-Subject: [PATCH 32/48] cryptodev: hide not used variable behind #ifndef
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index b13bf8c..cdd99b8 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -413,7 +413,9 @@ static int open_dev_crypto(void)
- static int get_dev_crypto(void)
- {
- static int fd = -1;
-+# ifndef CRIOGET_NOT_NEEDED
- int retfd;
-+# endif
-
- if (fd == -1)
- fd = open_dev_crypto();
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch
deleted file mode 100644
index f0863bd..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 6d335627ec5bdf89c89ced9d2fa7610e6dc50e31 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 8 Feb 2016 16:08:25 +0200
-Subject: [PATCH 33/48] cryptodev: fix function declaration typo
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/engine.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
-index f83ee73..c8efbe1 100644
---- a/crypto/engine/engine.h
-+++ b/crypto/engine/engine.h
-@@ -569,7 +569,7 @@ void ENGINE_set_async_map(ENGINE *e, int async_map);
- int ENGINE_get_async_map(ENGINE *e);
- int ENGINE_open_instance(ENGINE *e);
- int ENGINE_close_instance(ENGINE *e, int fd);
--void ENGINE_set_init_instance(ENGINE *e, int(*engine_init_instance)(void));
-+void ENGINE_set_open_instance(ENGINE *e, int(*engine_open_instance)(void));
- void ENGINE_set_close_instance(ENGINE *e, int(*engine_close_instance)(int));
- void ENGINE_set_check_pkc_availability(ENGINE *e,
- int (*check_pkc_availability)(int fd));
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch
deleted file mode 100644
index 50aa45c..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From fcb63347ddb004825e05250fd082fe84ff3689df Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 8 Feb 2016 16:12:54 +0200
-Subject: [PATCH 34/48] cryptodev: fix incorrect function signature
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index cdd99b8..1c71bc7 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -3161,7 +3161,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
- }
-
- static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
-- ECDSA_SIG *sig, EC_KEY *eckey)
-+ const ECDSA_SIG *sig, EC_KEY *eckey)
- {
- BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL;
- BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch
deleted file mode 100644
index e028f66..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-From 6ed8710043b5dc947afab8fffa80ea97f4c84ad6 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 8 Feb 2016 16:21:46 +0200
-Subject: [PATCH 35/48] cryptodev: fix warnings on excess elements in struct
- initializer
-
-The initialization data for these structures had either missing or excess
-values and did not match the structure definitions.
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/dh/dh.h | 6 +++---
- crypto/dsa/dsa.h | 11 ++++++-----
- crypto/engine/eng_cryptodev.c | 11 ++++++-----
- 3 files changed, 15 insertions(+), 13 deletions(-)
-
-diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
-index 31dd762..11c6c7d 100644
---- a/crypto/dh/dh.h
-+++ b/crypto/dh/dh.h
-@@ -123,9 +123,9 @@ struct dh_method {
- int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-- int (*compute_key_async)(unsigned char *key,const BIGNUM *pub_key,DH *dh,
-- struct pkc_cookie_s *cookie);
-- int (*generate_key_async)(DH *dh, struct pkc_cookie_s *cookie);
-+ int (*compute_key_async) (unsigned char *key, const BIGNUM *pub_key,
-+ DH *dh, struct pkc_cookie_s * cookie);
-+ int (*generate_key_async) (DH *dh, struct pkc_cookie_s * cookie);
- int (*init) (DH *dh);
- int (*finish) (DH *dh);
- int flags;
-diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
-index 8584731..ab52add 100644
---- a/crypto/dsa/dsa.h
-+++ b/crypto/dsa/dsa.h
-@@ -139,10 +139,11 @@ struct dsa_method {
- /* Can be null */
- int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-- int (*dsa_do_sign_async)(const unsigned char *dgst, int dlen, DSA *dsa,
-- DSA_SIG *sig, struct pkc_cookie_s *cookie);
-- int (*dsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
-- DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie);
-+ int (*dsa_do_sign_async) (const unsigned char *dgst, int dlen, DSA *dsa,
-+ DSA_SIG *sig, struct pkc_cookie_s * cookie);
-+ int (*dsa_do_verify_async) (const unsigned char *dgst, int dgst_len,
-+ DSA_SIG *sig, DSA *dsa,
-+ struct pkc_cookie_s * cookie);
- int (*init) (DSA *dsa);
- int (*finish) (DSA *dsa);
- int flags;
-@@ -154,7 +155,7 @@ struct dsa_method {
- BN_GENCB *cb);
- /* If this is non-NULL, it is used to generate DSA keys */
- int (*dsa_keygen) (DSA *dsa);
-- int (*dsa_keygen_async)(DSA *dsa, struct pkc_cookie_s *cookie);
-+ int (*dsa_keygen_async) (DSA *dsa, struct pkc_cookie_s * cookie);
- };
-
- struct dsa_st {
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 1c71bc7..20e1ec3 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2905,11 +2905,13 @@ static DSA_METHOD cryptodev_dsa = {
- NULL,
- NULL,
- NULL,
-- NULL,
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
-- NULL /* app_data */
-+ NULL, /* app_data */
-+ NULL,
-+ NULL,
-+ NULL
- };
-
- static ECDSA_METHOD cryptodev_ecdsa = {
-@@ -2919,7 +2921,6 @@ static ECDSA_METHOD cryptodev_ecdsa = {
- NULL,
- NULL,
- NULL,
-- NULL,
- 0, /* flags */
- NULL /* app_data */
- };
-@@ -4496,14 +4497,14 @@ static DH_METHOD cryptodev_dh = {
- NULL,
- NULL,
- 0, /* flags */
-- NULL /* app_data */
-+ NULL, /* app_data */
-+ NULL, /* generate_params */
- };
-
- static ECDH_METHOD cryptodev_ecdh = {
- "cryptodev ECDH method",
- NULL, /* cryptodev_ecdh_compute_key */
- NULL,
-- NULL,
- 0, /* flags */
- NULL /* app_data */
- };
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch
deleted file mode 100644
index e59744e..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From bf4e61a53459358185a73dffa5f79af9bd739149 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 8 Feb 2016 16:36:33 +0200
-Subject: [PATCH 36/48] cryptodev: fix free on error path
-
-This was most likely a typo that escaped code review
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/ecdsa/ecs_locl.h | 4 ++--
- crypto/engine/eng_cryptodev.c | 2 +-
- 2 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h
-index 9b28c04..c3843c6 100644
---- a/crypto/ecdsa/ecs_locl.h
-+++ b/crypto/ecdsa/ecs_locl.h
-@@ -74,10 +74,10 @@ struct ecdsa_method {
- BIGNUM **r);
- int (*ecdsa_do_verify) (const unsigned char *dgst, int dgst_len,
- const ECDSA_SIG *sig, EC_KEY *eckey);
-- int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len,
-+ int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len,
- const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey,
- ECDSA_SIG *sig, struct pkc_cookie_s *cookie);
-- int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
-+ int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
- const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie);
- # if 0
- int (*init) (EC_KEY *eckey);
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 20e1ec3..1f13079 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -3437,7 +3437,7 @@ static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst,
- if (!(sig->r = BN_new()) || !kop)
- goto err;
- if ((sig->s = BN_new()) == NULL) {
-- BN_free(r);
-+ BN_free(sig->r);
- goto err;
- }
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch
deleted file mode 100644
index ea1f4b2..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From ec6b6531e3e67b4e82a4bc6829777052f39807b1 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 8 Feb 2016 16:55:32 +0200
-Subject: [PATCH 37/48] cryptodev: fix return value on error
-
-Even though we're on error path, the operation is taken care of on
-software; return success (ret is 1)
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 1f13079..b87fa7d 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2768,7 +2768,6 @@ cryptodev_dsa_do_sign_async(const unsigned char *dgst, int dlen, DSA *dsa,
- sig->s = dsaret->s;
- /* Call user callback immediately */
- cookie->pkc_callback(cookie, 0);
-- ret = dsaret;
- }
- return ret;
- }
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch
deleted file mode 100644
index acd6e32..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 77c84d99b5b0ab95efc9e1efc083e5cca8aa4eb5 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 8 Feb 2016 17:11:43 +0200
-Subject: [PATCH 38/48] cryptodev: match types with cryptodev.h
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index b87fa7d..4296704 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -86,9 +86,9 @@ struct dev_crypto_state {
- int ivlen;
- # ifdef USE_CRYPTODEV_DIGESTS
- struct hash_op_data hash_op;
-- char dummy_mac_key[HASH_MAX_LEN];
-+ unsigned char dummy_mac_key[HASH_MAX_LEN];
- unsigned char digest_res[HASH_MAX_LEN];
-- char *mac_data;
-+ unsigned char *mac_data;
- int mac_len;
- # endif
- };
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch
deleted file mode 100644
index 70319e4..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 4366920bb2a97c10c49c5e6d035c0c82629b9f0a Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 8 Feb 2016 17:15:25 +0200
-Subject: [PATCH 39/48] cryptodev: explicitly discard const qualifier
-
-The const qualifier is discarded by the assignment as a result of how
-the variables are defined. This patch drops the const qualifier
-explicitly to avoid build errors.
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 4296704..f8619b0 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1593,7 +1593,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
- * cryptodev calls and accumulating small amounts of data
- */
- if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) {
-- state->mac_data = data;
-+ state->mac_data = (void *)data;
- state->mac_len = count;
- } else {
- state->mac_data =
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch
deleted file mode 100644
index c835967..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-From f256bb9574f77206b289b265d1d46bb53e54c71c Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 9 Feb 2016 11:28:23 +0200
-Subject: [PATCH 40/48] cryptodev: replace caddr_t with void *
-
-This avoids warnings such as "pointer targets in assignment differ in
-signedness" when compiling the code
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 22 +++++++++++-----------
- 1 file changed, 11 insertions(+), 11 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index f8619b0..aac2740 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -461,8 +461,8 @@ static int get_cryptodev_ciphers(const int **cnids)
- return (0);
- }
- memset(&sess, 0, sizeof(sess));
-- sess.key = (caddr_t) "123456789abcdefghijklmno";
-- sess.mackey = (caddr_t) "123456789ABCDEFGHIJKLMNO";
-+ sess.key = (void *)"123456789abcdefghijklmno";
-+ sess.mackey = (void *)"123456789ABCDEFGHIJKLMNO";
-
- for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
- if (ciphers[i].nid == NID_undef)
-@@ -502,7 +502,7 @@ static int get_cryptodev_digests(const int **cnids)
- return (0);
- }
- memset(&sess, 0, sizeof(sess));
-- sess.mackey = (caddr_t) "123456789abcdefghijklmno";
-+ sess.mackey = (void *)"123456789abcdefghijklmno";
- for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
- if (digests[i].nid == NID_undef)
- continue;
-@@ -634,14 +634,14 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- cryp.ses = sess->ses;
- cryp.flags = 0;
- cryp.len = inl;
-- cryp.src = (caddr_t) in;
-- cryp.dst = (caddr_t) out;
-+ cryp.src = (void *)in;
-+ cryp.dst = (void *)out;
- cryp.mac = 0;
-
- cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-
- if (ctx->cipher->iv_len) {
-- cryp.iv = (caddr_t) ctx->iv;
-+ cryp.iv = (void *)ctx->iv;
- if (!ctx->encrypt) {
- iiv = in + inl - ctx->cipher->iv_len;
- memcpy(save_iv, iiv, ctx->cipher->iv_len);
-@@ -702,15 +702,15 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- }
- cryp.ses = sess->ses;
- cryp.len = state->len;
-- cryp.src = (caddr_t) in;
-- cryp.dst = (caddr_t) out;
-+ cryp.src = (void *)in;
-+ cryp.dst = (void *)out;
- cryp.auth_src = state->aad;
- cryp.auth_len = state->aad_len;
-
- cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-
- if (ctx->cipher->iv_len) {
-- cryp.iv = (caddr_t) ctx->iv;
-+ cryp.iv = (void *)ctx->iv;
- if (!ctx->encrypt) {
- iiv = in + len - ctx->cipher->iv_len;
- memcpy(save_iv, iiv, ctx->cipher->iv_len);
-@@ -762,7 +762,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- if ((state->d_fd = get_dev_crypto()) < 0)
- return (0);
-
-- sess->key = (caddr_t) key;
-+ sess->key = (void *)key;
- sess->keylen = ctx->key_len;
- sess->cipher = cipher;
-
-@@ -805,7 +805,7 @@ static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx,
-
- memset(sess, 0, sizeof(struct session_op));
-
-- sess->key = (caddr_t) key;
-+ sess->key = (void *)key;
- sess->keylen = ctx->key_len;
- sess->cipher = cipher;
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
deleted file mode 100644
index 6c46061..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From c714cb7a33e994ff2278149d4a7a20a21215a2f6 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 8 Feb 2016 17:04:25 +0200
-Subject: [PATCH 41/48] cryptodev: check for errors inside
- cryptodev_rsa_mod_exp
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 24 ++++++++++++++++++------
- 1 file changed, 18 insertions(+), 6 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index aac2740..e419bef 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2067,12 +2067,24 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- kop.crk_status = 0;
- kop.crk_op = CRK_MOD_EXP_CRT;
- f_len = BN_num_bytes(rsa->n);
-- spcf_bn2bin_ex(I, &f, &f_len);
-- spcf_bn2bin(rsa->p, &p, &p_len);
-- spcf_bn2bin(rsa->q, &q, &q_len);
-- spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
-- spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
-- spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
-+ if (spcf_bn2bin_ex(I, &f, &f_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin(rsa->p, &p, &p_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin(rsa->q, &q, &q_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin_ex(rsa->iqmp, &c, &p_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len) != 0) {
-+ goto err;
-+ }
- /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
- kop.crk_param[0].crp_p = p;
- kop.crk_param[0].crp_nbits = p_len * 8;
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
deleted file mode 100644
index 4b9b086..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From 7f444e52acada23977b89d42f8dd8ebd915ccd83 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 9 Feb 2016 11:47:52 +0200
-Subject: [PATCH 42/48] cryptodev: check for errors inside
- cryptodev_rsa_mod_exp_async
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 33 +++++++++++++++++++++++++--------
- 1 file changed, 25 insertions(+), 8 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index e419bef..7c391d6 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2122,25 +2122,42 @@ static int
- cryptodev_rsa_mod_exp_async(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
- BN_CTX *ctx, struct pkc_cookie_s *cookie)
- {
-- struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ struct crypt_kop *kop;
- int ret = 1, f_len, p_len, q_len;
- unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq =
- NULL, *c = NULL;
-
-- if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp || !kop) {
-+ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
- return (0);
- }
-
-+ kop = malloc(sizeof(struct crypt_kop));
-+ if (kop == NULL) {
-+ goto err;
-+ }
-+
- kop->crk_oparams = 0;
- kop->crk_status = 0;
- kop->crk_op = CRK_MOD_EXP_CRT;
- f_len = BN_num_bytes(rsa->n);
-- spcf_bn2bin_ex(I, &f, &f_len);
-- spcf_bn2bin(rsa->p, &p, &p_len);
-- spcf_bn2bin(rsa->q, &q, &q_len);
-- spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
-- spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
-- spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
-+ if (spcf_bn2bin_ex(I, &f, &f_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin(rsa->p, &p, &p_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin(rsa->q, &q, &q_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin_ex(rsa->iqmp, &c, &p_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len) != 0) {
-+ goto err;
-+ }
- /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
- kop->crk_param[0].crp_p = p;
- kop->crk_param[0].crp_nbits = p_len * 8;
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
deleted file mode 100644
index 879d5c2..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 73115f243f0a65326888537f125e31f28c9f570d Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 9 Feb 2016 11:53:22 +0200
-Subject: [PATCH 43/48] cryptodev: check for errors inside
- cryptodev_dh_compute_key
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 15 +++++++++++----
- 1 file changed, 11 insertions(+), 4 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 7c391d6..753e326 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -4056,11 +4056,15 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- memset(&kop, 0, sizeof kop);
- kop.crk_op = CRK_DH_COMPUTE_KEY;
- /* inputs: dh->priv_key pub_key dh->p key */
-- spcf_bn2bin(dh->p, &p, &p_len);
-- spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
-- if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
-+ if (spcf_bn2bin(dh->p, &p, &p_len) != 0) {
- goto sw_try;
--
-+ }
-+ if (spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len) != 0) {
-+ goto sw_try;
-+ }
-+ if (bn2crparam(dh->priv_key, &kop.crk_param[0]) != 0) {
-+ goto sw_try;
-+ }
- kop.crk_param[1].crp_p = padded_pub_key;
- kop.crk_param[1].crp_nbits = p_len * 8;
- kop.crk_param[2].crp_p = p;
-@@ -4087,10 +4091,13 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- kop.crk_param[3].crp_p = NULL;
- zapparams(&kop);
- return (dhret);
-+
- sw_try:
- {
- const DH_METHOD *meth = DH_OpenSSL();
-
-+ free(p);
-+ free(padded_pub_key);
- dhret = (meth->compute_key) (key, pub_key, dh);
- }
- return (dhret);
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
deleted file mode 100644
index 37bdff8..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From 0901ff383524e896424921f4e8a1ba7020e7613d Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 9 Feb 2016 11:53:33 +0200
-Subject: [PATCH 44/48] cryptodev: check for errors inside
- cryptodev_dh_compute_key_async
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 29 +++++++++++++++++++++--------
- 1 file changed, 21 insertions(+), 8 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 753e326..b9c7ff3 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -4108,19 +4108,28 @@ static int
- cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
- DH *dh, struct pkc_cookie_s *cookie)
- {
-- struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ struct crypt_kop *kop;
- int ret = 1;
- int p_len;
- unsigned char *padded_pub_key = NULL, *p = NULL;
-
-+ kop = malloc(sizeof(struct crypt_kop));
-+ if (kop == NULL) {
-+ goto err;
-+ }
-+
- memset(kop, 0, sizeof(struct crypt_kop));
- kop->crk_op = CRK_DH_COMPUTE_KEY;
- /* inputs: dh->priv_key pub_key dh->p key */
-- spcf_bn2bin(dh->p, &p, &p_len);
-- spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
--
-- if (bn2crparam(dh->priv_key, &kop->crk_param[0]))
-+ if (spcf_bn2bin(dh->p, &p, &p_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len) != 0) {
- goto err;
-+ }
-+ if (bn2crparam(dh->priv_key, &kop->crk_param[0]) != 0) {
-+ goto err;
-+ }
- kop->crk_param[1].crp_p = padded_pub_key;
- kop->crk_param[1].crp_nbits = p_len * 8;
- kop->crk_param[2].crp_p = p;
-@@ -4132,16 +4141,20 @@ cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
- kop->crk_param[3].crp_nbits = p_len * 8;
- kop->crk_oparams = 1;
-
-- if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
-+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) {
- goto err;
-+ }
-
- return p_len;
- err:
- {
- const DH_METHOD *meth = DH_OpenSSL();
--
-- if (kop)
-+ free(p);
-+ free(padded_pub_key);
-+ if (kop) {
- free(kop);
-+ }
-+
- ret = (meth->compute_key) (key, pub_key, dh);
- /* Call user cookie handler */
- cookie->pkc_callback(cookie, 0);
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch
deleted file mode 100644
index 12b5f6c..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 6ca53b6d6519d52021e642230bb51ae7834b3e67 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 9 Feb 2016 12:11:32 +0200
-Subject: [PATCH 45/48] cryptodev: change signature for conversion functions
-
-These functions are called with const BIGNUMs, so we change the
-signatures to avoid compilation warnings
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index b9c7ff3..58e539c 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -146,7 +146,7 @@ const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256;
- const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256;
-
--inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
-+static int spcf_bn2bin(const BIGNUM *bn, unsigned char **bin, int *bin_len)
- {
- int len;
- unsigned char *p;
-@@ -168,7 +168,7 @@ inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
- return 0;
- }
-
--inline int spcf_bn2bin_ex(BIGNUM *bn, unsigned char **bin, int *bin_len)
-+static int spcf_bn2bin_ex(const BIGNUM *bn, unsigned char **bin, int *bin_len)
- {
- int len;
- unsigned char *p;
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch
deleted file mode 100644
index d8b56de..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 8f6e948f5f6bb2b517a5436dd6294e7e5536cf8f Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 9 Feb 2016 12:13:59 +0200
-Subject: [PATCH 46/48] cryptodev: add explicit cast for known BIGNUM values
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 58e539c..ddd3462 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -4027,7 +4027,7 @@ static int cryptodev_dh_keygen(DH *dh)
- }
-
- /* pub_key is or prime length while priv key is of length of order */
-- if (cryptodev_asym(&kop, q_len, w, q_len, s))
-+ if (cryptodev_asym(&kop, q_len, (BIGNUM *)w, q_len, (BIGNUM *)s))
- goto sw_try;
-
- dh->pub_key = BN_bin2bn(w, q_len, pub_key);
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch
deleted file mode 100644
index 7cfad9c..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From e50560cb9a201c0b0130bb29d4c99121a8ec97ba Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 8 Feb 2016 15:15:02 +0200
-Subject: [PATCH 47/48] cryptodev: treat all build warnings as errors
-
-This patch has the purpose of maintaining a higher level of code quality.
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/crypto/engine/Makefile b/crypto/engine/Makefile
-index 426388e..010f21d 100644
---- a/crypto/engine/Makefile
-+++ b/crypto/engine/Makefile
-@@ -10,7 +10,7 @@ CFLAG=-g
- MAKEFILE= Makefile
- AR= ar r
-
--CFLAGS= $(INCLUDES) $(CFLAG)
-+CFLAGS= -Wall -Werror $(INCLUDES) $(CFLAG)
-
- GENERAL=Makefile
- TEST= enginetest.c
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch
deleted file mode 100644
index 57ff7f1..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From c79e7a4a818ea86bf6045197173d5c4e243d1f4f Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Wed, 6 Apr 2016 15:22:58 +0300
-Subject: [PATCH 48/48] fix 'maclen is used uninitialized' warning on some
- compilers
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index ddd3462..2266b26 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -906,6 +906,10 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
- maclen = SHA256_DIGEST_LENGTH;
- aad_needs_fix = true;
- break;
-+ default:
-+ fprintf(stderr, "%s: unsupported NID: %d\n",
-+ __func__, ctx->cipher->nid);
-+ return -1;
- }
-
- /* Correct length for AAD Length field */
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq_1.0.2l.bb b/recipes-connectivity/openssl/openssl-qoriq_1.0.2l.bb
index a2346ba..04052ac 100644
--- a/recipes-connectivity/openssl/openssl-qoriq_1.0.2l.bb
+++ b/recipes-connectivity/openssl/openssl-qoriq_1.0.2l.bb
@@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=057d9218c6180e1d9ee407572b2dd225"
export DIRS = "crypto ssl apps engines"
export OE_LDFLAGS="${LDFLAGS}"
-SRC_URI += "file://find.pl;subdir=${BP}/util \
+SRC_URI += "file://find.pl;subdir=git/util \
file://run-ptest \
file://openssl-c_rehash.sh \
file://configure-targets.patch \
@@ -44,14 +44,7 @@ SRC_URI += "file://find.pl;subdir=${BP}/util \
file://Use-SHA256-not-MD5-as-default-digest.patch \
file://0001-Fix-build-with-clang-using-external-assembler.patch \
"
-SRC_URI[md5sum] = "f85123cd390e864dfbe517e7616e6566"
-SRC_URI[sha256sum] = "ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c"
-
-SRC_URI += " \
- file://find.pl;subdir=openssl-${PV}/util/ \
- file://0001-remove-double-initialization-of-cryptodev-engine.patch \
- file://0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch \
-"
+SRCREV = "b9e6572a0dcbaaf84a8925cabd1a86bd594ca69f"
PACKAGES =+ "${PN}-engines"
FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
--
1.9.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 3/4] ls1012ardb-32b: update DTB_LOAD
2017-11-15 5:26 [PATCH 1/4] cryptodev: update recipes Chunrong Guo
2017-11-15 5:26 ` [PATCH 2/4] openssl-qoriq: " Chunrong Guo
@ 2017-11-15 5:26 ` Chunrong Guo
2017-11-15 5:26 ` [PATCH 4/4] ls1012afrdm-32b: " Chunrong Guo
2 siblings, 0 replies; 4+ messages in thread
From: Chunrong Guo @ 2017-11-15 5:26 UTC (permalink / raw)
To: meta-freescale; +Cc: chunrong.guo
From: Chunrong Guo <chunrong.guo@nxp.com>
*DTB_LOAD address is 0x90000000
Signed-off-by: Chunrong Guo <chunrong.guo@nxp.com>
---
conf/machine/ls1012ardb-32b.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/conf/machine/ls1012ardb-32b.conf b/conf/machine/ls1012ardb-32b.conf
index e4fe6f1..392b432 100644
--- a/conf/machine/ls1012ardb-32b.conf
+++ b/conf/machine/ls1012ardb-32b.conf
@@ -15,7 +15,7 @@ DEFAULTTUNE = "armv7ahf-neon"
KERNEL_CLASSES = " kernel-itbimage "
KERNEL_IMAGETYPES = "itbImage"
-DTB_LOAD = "0x9ffe0000"
+DTB_LOAD = "0x90000000"
UBOOT_ENTRYPOINT = "0x80008000"
UBOOT_CONFIG ??= "qspi-secure-boot qspi"
--
1.9.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 4/4] ls1012afrdm-32b: update DTB_LOAD
2017-11-15 5:26 [PATCH 1/4] cryptodev: update recipes Chunrong Guo
2017-11-15 5:26 ` [PATCH 2/4] openssl-qoriq: " Chunrong Guo
2017-11-15 5:26 ` [PATCH 3/4] ls1012ardb-32b: update DTB_LOAD Chunrong Guo
@ 2017-11-15 5:26 ` Chunrong Guo
2 siblings, 0 replies; 4+ messages in thread
From: Chunrong Guo @ 2017-11-15 5:26 UTC (permalink / raw)
To: meta-freescale; +Cc: chunrong.guo
From: Chunrong Guo <chunrong.guo@nxp.com>
*DTB_LOAD address is 0x90000000
Signed-off-by: Chunrong Guo <chunrong.guo@nxp.com>
---
conf/machine/ls1012afrdm-32b.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/conf/machine/ls1012afrdm-32b.conf b/conf/machine/ls1012afrdm-32b.conf
index 0b863f4..e74cdff 100644
--- a/conf/machine/ls1012afrdm-32b.conf
+++ b/conf/machine/ls1012afrdm-32b.conf
@@ -15,7 +15,7 @@ DEFAULTTUNE = "armv7ahf-neon"
KERNEL_CLASSES = " kernel-itbimage "
KERNEL_IMAGETYPES = "itbImage"
-DTB_LOAD = "0x9ffe0000"
+DTB_LOAD = "0x90000000"
UBOOT_ENTRYPOINT = "0x80008000"
UBOOT_CONFIG ??= "qspi"
--
1.9.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-11-15 5:26 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-11-15 5:26 [PATCH 1/4] cryptodev: update recipes Chunrong Guo
2017-11-15 5:26 ` [PATCH 2/4] openssl-qoriq: " Chunrong Guo
2017-11-15 5:26 ` [PATCH 3/4] ls1012ardb-32b: update DTB_LOAD Chunrong Guo
2017-11-15 5:26 ` [PATCH 4/4] ls1012afrdm-32b: " Chunrong Guo
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.