From: Chunrong Guo <B40290@freescale.com>
To: <meta-freescale@yoctoproject.org>
Cc: chunrong.guo@nxp.com
Subject: [PATCH 2/4] openssl-qoriq: update recipes
Date: Wed, 15 Nov 2017 13:26:10 +0800 [thread overview]
Message-ID: <1510723572-27606-2-git-send-email-B40290@freescale.com> (raw)
In-Reply-To: <1510723572-27606-1-git-send-email-B40290@freescale.com>
From: Chunrong Guo <chunrong.guo@nxp.com>
*Update URL to fetch qoriq-open-source github
*Update to b9e6572
This includes the following changes:
b9e6572 - eng_cryptodev: add support for TLS algorithms offload
b3a3bab - Prepare for 1.0.2l release
539c4d3 - make update
cde19ec - Update CHANGES and NEWS for new release
8ded5f1 - Ignore -rle and -comp when compiled with OPENSSL_NO_COMP. Fixes make test when configured with no-comp.
d130456 - Fix regression in openssl req -x509 behaviour.
7c300b9 - Remove notification settings from appveyor.yml
b020bf6 - Remove dead code.
ea3fc60 - Copy custom extension flags in a call to SSL_set_SSL_CTX()
4ae5993 - perlasm/x86_64-xlate.pl: work around problem with hex constants in masm.
16d78fb - Fix some error path logic in i2v_AUTHORITY_INFO_ACCESS and i2v_GENERAL_NAME
6b8fa5b - RT2867: des_ede3_cfb1 ignored "size in bits" flag
5453820 - Fix URL links in comment
d2335f3 - Fix time offset calculation.
13f70ae - Check fflush on BIO_ctrl call
de46e82 - Remove unnecessary loop in pkey_rsa_decrypt.
b99f102 - check length sanity before correcting in EVP_CTRL_AEAD_TLS1_AAD
fb2345a - Annotate ASN.1 attributes of the jurisdictionCountryName NID
60a70a5 - Fixed typo in X509_STORE_CTX_new description
74bcd77 - Numbers greater than 1 are usually non-negative.
e8f2e2f - pkeyutl exit with 0 if the verification succeeded
71d66c4 - Additional check to handle BAD SSL_write retry
a91bfe2 - crypto/ppccap.c: SIGILL-free processor capabilities detection on MacOS X.
3f524f7 - Ensure dhparams can handle X9.42 params in DER
1f3b0fe - Add missing macros for DHxparams
248cf95 - Fix for #2730. Add CRLDP extension to list of supported extensions
d75c56f - Free the compression methods in s_server and s_client
4bc46d - doc: Add stitched ciphers to EVP_EncryptInit.pod
8625e92 - doc: Add missing options in s_{server,client}
62f488d - Fix the error handling in CRYPTO_dup_ex_data.
144ab9b - Add documentation for SNI APIs
*Openssl git includes all qoriq patches so remove qoriq patches folder
Signed-off-by: Chunrong Guo <chunrong.guo@nxp.com>
---
recipes-connectivity/openssl/openssl-qoriq.inc | 6 +-
...double-initialization-of-cryptodev-engine.patch | 69 -
...ev-add-support-for-TLS-algorithms-offload.patch | 343 ----
...0003-cryptodev-fix-algorithm-registration.patch | 61 -
| 319 ---
...itial-support-for-PKC-in-cryptodev-engine.patch | 1578 ---------------
...006-Added-hwrng-dev-file-as-source-of-RNG.patch | 28 -
...s-interface-added-for-PKC-cryptodev-inter.patch | 2050 --------------------
...gen-operation-and-support-gendsa-command-.patch | 155 --
.../openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch | 64 -
.../0010-Removed-local-copy-of-curve_t-type.patch | 163 --
...us-parameter-is-not-populated-by-dhparams.patch | 43 -
.../0012-SW-Backoff-mechanism-for-dsa-keygen.patch | 53 -
.../0013-Fixed-DH-keygen-pair-generator.patch | 100 -
...dd-support-for-aes-gcm-algorithm-offloadi.patch | 321 ---
...ev-extend-TLS-offload-with-3des_cbc_hmac_.patch | 199 --
...ev-add-support-for-TLSv1.1-record-offload.patch | 338 ----
...ev-add-support-for-TLSv1.2-record-offload.patch | 377 ----
.../0018-cryptodev-drop-redundant-function.patch | 72 -
...yptodev-do-not-zero-the-buffer-before-use.patch | 48 -
.../0020-cryptodev-clean-up-code-layout.patch | 73 -
...odev-do-not-cache-file-descriptor-in-open.patch | 93 -
...cryptodev-put_dev_crypto-should-be-an-int.patch | 35 -
...todev-simplify-cryptodev-pkc-support-code.patch | 260 ---
...larify-code-remove-assignments-from-condi.patch | 37 -
...lean-up-context-state-before-anything-els.patch | 34 -
...emove-code-duplication-in-digest-operatio.patch | 155 --
...ut-all-digest-ioctls-into-a-single-functi.patch | 108 --
.../0028-cryptodev-fix-debug-print-messages.patch | 90 -
...-use-CIOCHASH-ioctl-for-digest-operations.patch | 91 -
...educe-duplicated-efforts-for-searching-in.patch | 106 -
...cryptodev-remove-not-used-local-variables.patch | 46 -
...odev-hide-not-used-variable-behind-ifndef.patch | 27 -
...3-cryptodev-fix-function-declaration-typo.patch | 26 -
...ryptodev-fix-incorrect-function-signature.patch | 26 -
...ix-warnings-on-excess-elements-in-struct-.patch | 110 --
.../0036-cryptodev-fix-free-on-error-path.patch | 46 -
.../0037-cryptodev-fix-return-value-on-error.patch | 28 -
...38-cryptodev-match-types-with-cryptodev.h.patch | 29 -
...ptodev-explicitly-discard-const-qualifier.patch | 30 -
.../0040-cryptodev-replace-caddr_t-with-void.patch | 95 -
...heck-for-errors-inside-cryptodev_rsa_mod_.patch | 49 -
...heck-for-errors-inside-cryptodev_rsa_mod_.patch | 69 -
...heck-for-errors-inside-cryptodev_dh_compu.patch | 52 -
...heck-for-errors-inside-cryptodev_dh_compu.patch | 76 -
...change-signature-for-conversion-functions.patch | 38 -
...add-explicit-cast-for-known-BIGNUM-values.patch | 26 -
...ptodev-treat-all-build-warnings-as-errors.patch | 28 -
...is-used-uninitialized-warning-on-some-com.patch | 29 -
.../openssl/openssl-qoriq_1.0.2l.bb | 11 +-
50 files changed, 5 insertions(+), 8305 deletions(-)
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch
diff --git a/recipes-connectivity/openssl/openssl-qoriq.inc b/recipes-connectivity/openssl/openssl-qoriq.inc
index 306da3a..d7e4e33 100644
--- a/recipes-connectivity/openssl/openssl-qoriq.inc
+++ b/recipes-connectivity/openssl/openssl-qoriq.inc
@@ -22,9 +22,9 @@ python() {
d.appendVar("RREPLACES_%s" % p, p.replace('openssl-qoriq', 'openssl'))
}
-SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
- "
-S = "${WORKDIR}/openssl-${PV}"
+SRC_URI = "git://github.com/qoriq-open-source/openssl.git;nobranch=1"
+
+S = "${WORKDIR}/git"
PACKAGECONFIG[perl] = ",,,"
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch
deleted file mode 100644
index 67314cd..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From 90d5822f09f0b6a0f1d8d2e7189e702a18686ab7 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@freescale.com>
-Date: Tue, 10 Sep 2013 12:46:46 +0300
-Subject: [PATCH 01/48] remove double initialization of cryptodev engine
-
-cryptodev engine is initialized together with the other engines in
-ENGINE_load_builtin_engines. The initialization done through
-OpenSSL_add_all_algorithms is redundant.
-
-Change-Id: Ic9488500967595543ff846f147b36f383db7cb27
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/17222
----
- crypto/engine/eng_all.c | 12 ------------
- crypto/engine/engine.h | 4 ----
- util/libeay.num | 2 +-
- 3 files changed, 1 insertion(+), 17 deletions(-)
-
-diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
-index 48ad0d2..a198c5f 100644
---- a/crypto/engine/eng_all.c
-+++ b/crypto/engine/eng_all.c
-@@ -122,15 +122,3 @@ void ENGINE_load_builtin_engines(void)
- #endif
- ENGINE_register_all_complete();
- }
--
--#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
--void ENGINE_setup_bsd_cryptodev(void)
--{
-- static int bsd_cryptodev_default_loaded = 0;
-- if (!bsd_cryptodev_default_loaded) {
-- ENGINE_load_cryptodev();
-- ENGINE_register_all_complete();
-- }
-- bsd_cryptodev_default_loaded = 1;
--}
--#endif
-diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
-index bd7b591..020d912 100644
---- a/crypto/engine/engine.h
-+++ b/crypto/engine/engine.h
-@@ -857,10 +857,6 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id,
- */
- void *ENGINE_get_static_state(void);
-
--# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
--void ENGINE_setup_bsd_cryptodev(void);
--# endif
--
- /* BEGIN ERROR CODES */
- /*
- * The following lines are auto generated by the script mkerr.pl. Any changes
-diff --git a/util/libeay.num b/util/libeay.num
-index 2094ab3..2742cf5 100755
---- a/util/libeay.num
-+++ b/util/libeay.num
-@@ -2805,7 +2805,7 @@ BIO_indent 3242 EXIST::FUNCTION:
- BUF_strlcpy 3243 EXIST::FUNCTION:
- OpenSSLDie 3244 EXIST::FUNCTION:
- OPENSSL_cleanse 3245 EXIST::FUNCTION:
--ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE
-+ENGINE_setup_bsd_cryptodev 3246 NOEXIST::FUNCTION:
- ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH
- EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES
- FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION:
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
deleted file mode 100644
index a5c0f6d..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
+++ /dev/null
@@ -1,343 +0,0 @@
-From 305ab3fd8a8620fd11f7aef7e42170ba205040a9 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@freescale.com>
-Date: Thu, 29 Aug 2013 16:51:18 +0300
-Subject: [PATCH 02/48] eng_cryptodev: add support for TLS algorithms offload
-
-- aes-128-cbc-hmac-sha1
-- aes-256-cbc-hmac-sha1
-
-Requires TLS patches on cryptodev and TLS algorithm support in Linux
-kernel driver.
-
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 226 ++++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 215 insertions(+), 11 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 2a2b95c..d4da7fb 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -72,6 +72,9 @@ void ENGINE_load_cryptodev(void)
- struct dev_crypto_state {
- struct session_op d_sess;
- int d_fd;
-+ unsigned char *aad;
-+ unsigned int aad_len;
-+ unsigned int len;
- # ifdef USE_CRYPTODEV_DIGESTS
- char dummy_mac_key[HASH_MAX_LEN];
- unsigned char digest_res[HASH_MAX_LEN];
-@@ -142,24 +145,25 @@ static struct {
- int nid;
- int ivmax;
- int keylen;
-+ int mackeylen;
- } ciphers[] = {
- {
-- CRYPTO_ARC4, NID_rc4, 0, 16,
-+ CRYPTO_ARC4, NID_rc4, 0, 16, 0
- },
- {
-- CRYPTO_DES_CBC, NID_des_cbc, 8, 8,
-+ CRYPTO_DES_CBC, NID_des_cbc, 8, 8, 0
- },
- {
-- CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24,
-+ CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, 0
- },
- {
-- CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16,
-+ CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, 0
- },
- {
-- CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24,
-+ CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, 0
- },
- {
-- CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32,
-+ CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, 0
- },
- # ifdef CRYPTO_AES_CTR
- {
-@@ -173,16 +177,22 @@ static struct {
- },
- # endif
- {
-- CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16,
-+ CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, 0
- },
- {
-- CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16,
-+ CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0
- },
- {
-- CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0,
-+ CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0
- },
- {
-- 0, NID_undef, 0, 0,
-+ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20
-+ },
-+ {
-+ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20
-+ },
-+ {
-+ 0, NID_undef, 0, 0, 0
- },
- };
-
-@@ -296,13 +306,15 @@ static int get_cryptodev_ciphers(const int **cnids)
- }
- memset(&sess, 0, sizeof(sess));
- sess.key = (caddr_t) "123456789abcdefghijklmno";
-+ sess.mackey = (caddr_t) "123456789ABCDEFGHIJKLMNO";
-
- for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
- if (ciphers[i].nid == NID_undef)
- continue;
- sess.cipher = ciphers[i].id;
- sess.keylen = ciphers[i].keylen;
-- sess.mac = 0;
-+ sess.mackeylen = ciphers[i].mackeylen;
-+
- if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
- ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
- nids[count++] = ciphers[i].nid;
-@@ -458,6 +470,66 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- return (1);
- }
-
-+static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t len)
-+{
-+ struct crypt_auth_op cryp;
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ struct session_op *sess = &state->d_sess;
-+ const void *iiv;
-+ unsigned char save_iv[EVP_MAX_IV_LENGTH];
-+
-+ if (state->d_fd < 0)
-+ return (0);
-+ if (!len)
-+ return (1);
-+ if ((len % ctx->cipher->block_size) != 0)
-+ return (0);
-+
-+ memset(&cryp, 0, sizeof(cryp));
-+
-+ /* TODO: make a seamless integration with cryptodev flags */
-+ switch (ctx->cipher->nid) {
-+ case NID_aes_128_cbc_hmac_sha1:
-+ case NID_aes_256_cbc_hmac_sha1:
-+ cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
-+ }
-+ cryp.ses = sess->ses;
-+ cryp.len = state->len;
-+ cryp.src = (caddr_t) in;
-+ cryp.dst = (caddr_t) out;
-+ cryp.auth_src = state->aad;
-+ cryp.auth_len = state->aad_len;
-+
-+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-+
-+ if (ctx->cipher->iv_len) {
-+ cryp.iv = (caddr_t) ctx->iv;
-+ if (!ctx->encrypt) {
-+ iiv = in + len - ctx->cipher->iv_len;
-+ memcpy(save_iv, iiv, ctx->cipher->iv_len);
-+ }
-+ } else
-+ cryp.iv = NULL;
-+
-+ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
-+ /*
-+ * XXX need better errror handling this can fail for a number of
-+ * different reasons.
-+ */
-+ return (0);
-+ }
-+
-+ if (ctx->cipher->iv_len) {
-+ if (ctx->encrypt)
-+ iiv = out + len - ctx->cipher->iv_len;
-+ else
-+ iiv = save_iv;
-+ memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
-+ }
-+ return (1);
-+}
-+
- static int
- cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
-@@ -497,6 +569,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- }
-
- /*
-+ * Save the encryption key provided by upper layers. This function is called
-+ * by EVP_CipherInit_ex to initialize the algorithm's extra data. We can't do
-+ * much here because the mac key is not available. The next call should/will
-+ * be to cryptodev_cbc_hmac_sha1_ctrl with parameter
-+ * EVP_CTRL_AEAD_SET_MAC_KEY, to set the hmac key. There we call CIOCGSESSION
-+ * with both the crypto and hmac keys.
-+ */
-+static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx,
-+ const unsigned char *key,
-+ const unsigned char *iv, int enc)
-+{
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ struct session_op *sess = &state->d_sess;
-+ int cipher = -1, i;
-+
-+ for (i = 0; ciphers[i].id; i++)
-+ if (ctx->cipher->nid == ciphers[i].nid &&
-+ ctx->cipher->iv_len <= ciphers[i].ivmax &&
-+ ctx->key_len == ciphers[i].keylen) {
-+ cipher = ciphers[i].id;
-+ break;
-+ }
-+
-+ if (!ciphers[i].id) {
-+ state->d_fd = -1;
-+ return (0);
-+ }
-+
-+ memset(sess, 0, sizeof(struct session_op));
-+
-+ sess->key = (caddr_t) key;
-+ sess->keylen = ctx->key_len;
-+ sess->cipher = cipher;
-+
-+ /* for whatever reason, (1) means success */
-+ return (1);
-+}
-+
-+/*
- * free anything we allocated earlier when initting a
- * session, and close the session.
- */
-@@ -530,6 +641,63 @@ static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
- return (ret);
- }
-
-+static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
-+ int arg, void *ptr)
-+{
-+ switch (type) {
-+ case EVP_CTRL_AEAD_SET_MAC_KEY:
-+ {
-+ /* TODO: what happens with hmac keys larger than 64 bytes? */
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ struct session_op *sess = &state->d_sess;
-+
-+ if ((state->d_fd = get_dev_crypto()) < 0)
-+ return (0);
-+
-+ /* the rest should have been set in cryptodev_init_aead_key */
-+ sess->mackey = ptr;
-+ sess->mackeylen = arg;
-+
-+ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
-+ put_dev_crypto(state->d_fd);
-+ state->d_fd = -1;
-+ return (0);
-+ }
-+ return (1);
-+ }
-+ case EVP_CTRL_AEAD_TLS1_AAD:
-+ {
-+ /* ptr points to the associated data buffer of 13 bytes */
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ unsigned char *p = ptr;
-+ unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
-+ unsigned int maclen, padlen;
-+ unsigned int bs = ctx->cipher->block_size;
-+
-+ state->aad = ptr;
-+ state->aad_len = arg;
-+ state->len = cryptlen;
-+
-+ /* TODO: this should be an extension of EVP_CIPHER struct */
-+ switch (ctx->cipher->nid) {
-+ case NID_aes_128_cbc_hmac_sha1:
-+ case NID_aes_256_cbc_hmac_sha1:
-+ maclen = SHA_DIGEST_LENGTH;
-+ }
-+
-+ /* space required for encryption (not only TLS padding) */
-+ padlen = maclen;
-+ if (ctx->encrypt) {
-+ cryptlen += maclen;
-+ padlen += bs - (cryptlen % bs);
-+ }
-+ return padlen;
-+ }
-+ default:
-+ return -1;
-+ }
-+}
-+
- /*
- * libcrypto EVP stuff - this is how we get wired to EVP so the engine
- * gets called when libcrypto requests a cipher NID.
-@@ -642,6 +810,34 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
- NULL
- };
-
-+const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
-+ NID_aes_128_cbc_hmac_sha1,
-+ 16, 16, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
-+ NID_aes_256_cbc_hmac_sha1,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
- # ifdef CRYPTO_AES_CTR
- const EVP_CIPHER cryptodev_aes_ctr = {
- NID_aes_128_ctr,
-@@ -730,6 +926,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- *cipher = &cryptodev_aes_ctr_256;
- break;
- # endif
-+ case NID_aes_128_cbc_hmac_sha1:
-+ *cipher = &cryptodev_aes_128_cbc_hmac_sha1;
-+ break;
-+ case NID_aes_256_cbc_hmac_sha1:
-+ *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
-+ break;
- default:
- *cipher = NULL;
- break;
-@@ -1485,6 +1687,8 @@ void ENGINE_load_cryptodev(void)
- }
- put_dev_crypto(fd);
-
-+ EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
-+ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
- if (!ENGINE_set_id(engine, "cryptodev") ||
- !ENGINE_set_name(engine, "BSD cryptodev engine") ||
- !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch
deleted file mode 100644
index c53ffc9..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From ce6fa215fa58e7ca7a81c70ce8c91f871a20a9dd Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@freescale.com>
-Date: Thu, 31 Jul 2014 14:06:19 +0300
-Subject: [PATCH 03/48] cryptodev: fix algorithm registration
-
-Cryptodev specific algorithms must register only if available in kernel.
-
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
-Reviewed-by: Horia Ioan Geanta Neag <horia.geanta@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 20 +++++++++++++++++---
- 1 file changed, 17 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index d4da7fb..49ed638 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -135,6 +135,8 @@ static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
- static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
- void (*f) (void));
- void ENGINE_load_cryptodev(void);
-+const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
-
- static const ENGINE_CMD_DEFN cryptodev_defns[] = {
- {0, NULL, NULL, 0}
-@@ -390,7 +392,21 @@ static int get_cryptodev_digests(const int **cnids)
- */
- static int cryptodev_usable_ciphers(const int **nids)
- {
-- return (get_cryptodev_ciphers(nids));
-+ int i, count;
-+
-+ count = get_cryptodev_ciphers(nids);
-+ /* add ciphers specific to cryptodev if found in kernel */
-+ for (i = 0; i < count; i++) {
-+ switch (*(*nids + i)) {
-+ case NID_aes_128_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
-+ break;
-+ case NID_aes_256_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
-+ break;
-+ }
-+ }
-+ return count;
- }
-
- static int cryptodev_usable_digests(const int **nids)
-@@ -1687,8 +1703,6 @@ void ENGINE_load_cryptodev(void)
- }
- put_dev_crypto(fd);
-
-- EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
-- EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
- if (!ENGINE_set_id(engine, "cryptodev") ||
- !ENGINE_set_name(engine, "BSD cryptodev engine") ||
- !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch
deleted file mode 100644
index 5b6fda1..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch
+++ /dev/null
@@ -1,319 +0,0 @@
-From 63ed25dadde23d01eaac6f4c4dae463ba4d7c368 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta@freescale.com>
-Date: Tue, 11 Mar 2014 05:56:54 +0545
-Subject: [PATCH 04/48] ECC Support header for Cryptodev Engine
-
-Upstream-status: Pending
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
----
- crypto/engine/eng_cryptodev_ec.h | 297 +++++++++++++++++++++++++++++++++++++++
- 1 file changed, 297 insertions(+)
- create mode 100644 crypto/engine/eng_cryptodev_ec.h
-
-diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h
-new file mode 100644
-index 0000000..af54c51
---- /dev/null
-+++ b/crypto/engine/eng_cryptodev_ec.h
-@@ -0,0 +1,297 @@
-+/*
-+ * Copyright (C) 2012 Freescale Semiconductor, Inc.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in the
-+ * documentation and/or other materials provided with the distribution.
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
-+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
-+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+#ifndef __ENG_EC_H
-+#define __ENG_EC_H
-+
-+#define SPCF_CPARAM_INIT(X,...) \
-+static unsigned char X##_c[] = {__VA_ARGS__} \
-+
-+#define SPCF_FREE_BN(X) do { if(X) { BN_clear_free(X); X = NULL; } } while (0)
-+
-+#define SPCF_COPY_CPARAMS(NIDBUF) \
-+ do { \
-+ memcpy (buf, NIDBUF, buf_len); \
-+ } while (0)
-+
-+#define SPCF_CPARAM_CASE(X) \
-+ case NID_##X: \
-+ SPCF_COPY_CPARAMS(X##_c); \
-+ break
-+
-+SPCF_CPARAM_INIT(sect113r1, 0x01, 0x73, 0xE8, 0x34, 0xAF, 0x28, 0xEC, 0x76,
-+ 0xCB, 0x83, 0xBD, 0x8D, 0xFE, 0xB2, 0xD5);
-+SPCF_CPARAM_INIT(sect113r2, 0x00, 0x54, 0xD9, 0xF0, 0x39, 0x57, 0x17, 0x4A,
-+ 0x32, 0x32, 0x91, 0x67, 0xD7, 0xFE, 0x71);
-+SPCF_CPARAM_INIT(sect131r1, 0x03, 0xDB, 0x89, 0xB4, 0x05, 0xE4, 0x91, 0x16,
-+ 0x0E, 0x3B, 0x2F, 0x07, 0xB0, 0xCE, 0x20, 0xB3, 0x7E);
-+SPCF_CPARAM_INIT(sect131r2, 0x07, 0xCB, 0xB9, 0x92, 0x0D, 0x71, 0xA4, 0x8E,
-+ 0x09, 0x9C, 0x38, 0xD7, 0x1D, 0xA6, 0x49, 0x0E, 0xB1);
-+SPCF_CPARAM_INIT(sect163k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x01);
-+SPCF_CPARAM_INIT(sect163r1, 0x05, 0xED, 0x40, 0x3E, 0xD5, 0x8E, 0xB4, 0x5B,
-+ 0x1C, 0xCE, 0xCA, 0x0F, 0x4F, 0x61, 0x65, 0x55, 0x49, 0x86,
-+ 0x1B, 0xE0, 0x52);
-+SPCF_CPARAM_INIT(sect163r2, 0x07, 0x2C, 0x4E, 0x1E, 0xF7, 0xCB, 0x2F, 0x3A,
-+ 0x03, 0x5D, 0x33, 0x10, 0x42, 0x94, 0x15, 0x96, 0x09, 0x13,
-+ 0x8B, 0xB4, 0x04);
-+SPCF_CPARAM_INIT(sect193r1, 0x01, 0x67, 0xB3, 0x5E, 0xB4, 0x31, 0x3F, 0x26,
-+ 0x3D, 0x0F, 0x7A, 0x3D, 0x50, 0x36, 0xF0, 0xA0, 0xA3, 0xC9,
-+ 0x80, 0xD4, 0x0E, 0x5A, 0x05, 0x3E, 0xD2);
-+SPCF_CPARAM_INIT(sect193r2, 0x00, 0x69, 0x89, 0xFE, 0x6B, 0xFE, 0x30, 0xED,
-+ 0xDC, 0x32, 0x44, 0x26, 0x9F, 0x3A, 0xAD, 0x18, 0xD6, 0x6C,
-+ 0xF3, 0xDB, 0x3E, 0x33, 0x02, 0xFA, 0xA8);
-+SPCF_CPARAM_INIT(sect233k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x01);
-+SPCF_CPARAM_INIT(sect233r1, 0x00, 0x07, 0xD5, 0xEF, 0x43, 0x89, 0xDF, 0xF1,
-+ 0x1E, 0xCD, 0xBA, 0x39, 0xC3, 0x09, 0x70, 0xD3, 0xCE, 0x35,
-+ 0xCE, 0xBB, 0xA5, 0x84, 0x73, 0xF6, 0x4B, 0x4D, 0xC0, 0xF2,
-+ 0x68, 0x6C);
-+SPCF_CPARAM_INIT(sect239k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x01);
-+SPCF_CPARAM_INIT(sect283k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01);
-+SPCF_CPARAM_INIT(sect283r1, 0x03, 0xD8, 0xC9, 0x3D, 0x3B, 0x0E, 0xA8, 0x1D,
-+ 0x92, 0x94, 0x03, 0x4D, 0x7E, 0xE3, 0x13, 0x5D, 0x0A, 0xC5,
-+ 0xFC, 0x8D, 0x9C, 0xB0, 0x27, 0x6F, 0x72, 0x11, 0xF8, 0x80,
-+ 0xF0, 0xD8, 0x1C, 0xA4, 0xC6, 0xE8, 0x7B, 0x38);
-+SPCF_CPARAM_INIT(sect409k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x01);
-+SPCF_CPARAM_INIT(sect409r1, 0x01, 0x49, 0xB8, 0xB7, 0xBE, 0xBD, 0x9B, 0x63,
-+ 0x65, 0x3E, 0xF1, 0xCD, 0x8C, 0x6A, 0x5D, 0xD1, 0x05, 0xA2,
-+ 0xAA, 0xAC, 0x36, 0xFE, 0x2E, 0xAE, 0x43, 0xCF, 0x28, 0xCE,
-+ 0x1C, 0xB7, 0xC8, 0x30, 0xC1, 0xEC, 0xDB, 0xFA, 0x41, 0x3A,
-+ 0xB0, 0x7F, 0xE3, 0x5A, 0x57, 0x81, 0x1A, 0xE4, 0xF8, 0x8D,
-+ 0x30, 0xAC, 0x63, 0xFB);
-+SPCF_CPARAM_INIT(sect571k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x01);
-+SPCF_CPARAM_INIT(sect571r1, 0x06, 0x39, 0x5D, 0xB2, 0x2A, 0xB5, 0x94, 0xB1,
-+ 0x86, 0x8C, 0xED, 0x95, 0x25, 0x78, 0xB6, 0x53, 0x9F, 0xAB,
-+ 0xA6, 0x94, 0x06, 0xD9, 0xB2, 0x98, 0x61, 0x23, 0xA1, 0x85,
-+ 0xC8, 0x58, 0x32, 0xE2, 0x5F, 0xD5, 0xB6, 0x38, 0x33, 0xD5,
-+ 0x14, 0x42, 0xAB, 0xF1, 0xA9, 0xC0, 0x5F, 0xF0, 0xEC, 0xBD,
-+ 0x88, 0xD7, 0xF7, 0x79, 0x97, 0xF4, 0xDC, 0x91, 0x56, 0xAA,
-+ 0xF1, 0xCE, 0x08, 0x16, 0x46, 0x86, 0xDD, 0xFF, 0x75, 0x11,
-+ 0x6F, 0xBC, 0x9A, 0x7A);
-+SPCF_CPARAM_INIT(X9_62_c2pnb163v1, 0x04, 0x53, 0xE1, 0xE4, 0xB7, 0x29, 0x1F,
-+ 0x5C, 0x2D, 0x53, 0xCE, 0x18, 0x48, 0x3F, 0x00, 0x70, 0x81,
-+ 0xE7, 0xEA, 0x26, 0xEC);
-+SPCF_CPARAM_INIT(X9_62_c2pnb163v2, 0x04, 0x35, 0xC0, 0x19, 0x66, 0x0E, 0x01,
-+ 0x01, 0xBA, 0x87, 0x0C, 0xA3, 0x9F, 0xD9, 0xA7, 0x76, 0x86,
-+ 0x50, 0x9D, 0x28, 0x13);
-+SPCF_CPARAM_INIT(X9_62_c2pnb163v3, 0x06, 0x55, 0xC4, 0x54, 0xE4, 0x1E, 0x38,
-+ 0x0C, 0x7A, 0x60, 0xB6, 0x67, 0x9A, 0x5B, 0x7A, 0x3F, 0x3A,
-+ 0xF6, 0x8E, 0x22, 0xC5);
-+SPCF_CPARAM_INIT(X9_62_c2pnb176v1, 0x00, 0x69, 0xF7, 0xDA, 0x36, 0x19, 0xA7,
-+ 0x42, 0xA3, 0x82, 0xFF, 0x05, 0x08, 0x8F, 0xD3, 0x99, 0x42,
-+ 0xCA, 0x0F, 0x1D, 0x90, 0xB6, 0x5B);
-+SPCF_CPARAM_INIT(X9_62_c2tnb191v1, 0x4C, 0x45, 0x25, 0xAB, 0x0B, 0x68, 0x4A,
-+ 0x64, 0x44, 0x62, 0x0A, 0x86, 0x45, 0xEF, 0x54, 0x6D, 0x54,
-+ 0x69, 0x39, 0x68, 0xC2, 0xAE, 0x84, 0xAC);
-+SPCF_CPARAM_INIT(X9_62_c2tnb191v2, 0x03, 0x7C, 0x8F, 0x57, 0xA2, 0x25, 0xC7,
-+ 0xB3, 0xD4, 0xED, 0xD5, 0x88, 0x0F, 0x38, 0x0A, 0xCC, 0x55,
-+ 0x74, 0xEC, 0xB3, 0x6C, 0x9F, 0x51, 0x21);
-+SPCF_CPARAM_INIT(X9_62_c2tnb191v3, 0x37, 0x39, 0xFF, 0x98, 0xB4, 0xD1, 0x69,
-+ 0x3E, 0xCF, 0x52, 0x7A, 0x98, 0x51, 0xED, 0xCF, 0x99, 0x9D,
-+ 0x9E, 0x75, 0x05, 0x43, 0x33, 0x43, 0x24);
-+SPCF_CPARAM_INIT(X9_62_c2pnb208w1, 0x00, 0xDB, 0x05, 0x3C, 0x41, 0x76, 0xCC,
-+ 0x1D, 0xA1, 0x27, 0x85, 0x2C, 0xA6, 0xD9, 0x88, 0xBE, 0x1A,
-+ 0xCC, 0xD1, 0x5B, 0x2A, 0xC1, 0xC1, 0x07, 0x42, 0x57, 0x34);
-+SPCF_CPARAM_INIT(X9_62_c2tnb239v1, 0x24, 0x59, 0xFC, 0xF4, 0x51, 0x7B, 0xC5,
-+ 0xA6, 0xB9, 0x9B, 0xE5, 0xC6, 0xC5, 0x62, 0x85, 0xC0, 0x21,
-+ 0xFE, 0x32, 0xEE, 0x2B, 0x6F, 0x1C, 0x22, 0xEA, 0x5B, 0xE1,
-+ 0xB8, 0x4B, 0x93);
-+SPCF_CPARAM_INIT(X9_62_c2tnb239v2, 0x64, 0x98, 0x84, 0x19, 0x3B, 0x56, 0x2D,
-+ 0x4A, 0x50, 0xB4, 0xFA, 0x56, 0x34, 0xE0, 0x34, 0x41, 0x3F,
-+ 0x94, 0xC4, 0x59, 0xDA, 0x7C, 0xDB, 0x16, 0x64, 0x9D, 0xDD,
-+ 0xF7, 0xE6, 0x0A);
-+SPCF_CPARAM_INIT(X9_62_c2tnb239v3, 0x32, 0x63, 0x2E, 0x65, 0x2B, 0xEE, 0x91,
-+ 0xC2, 0xE4, 0xA2, 0xF5, 0x42, 0xA3, 0x2D, 0x67, 0xA8, 0xB5,
-+ 0xB4, 0x5F, 0x21, 0xA0, 0x81, 0x02, 0xFB, 0x1F, 0x2A, 0xFB,
-+ 0xB6, 0xAC, 0xDA);
-+SPCF_CPARAM_INIT(X9_62_c2pnb272w1, 0x00, 0xDA, 0x7B, 0x60, 0x28, 0xF4, 0xC8,
-+ 0x09, 0xA0, 0xB9, 0x78, 0x81, 0xC3, 0xA5, 0x7E, 0x4D, 0x71,
-+ 0x81, 0x34, 0xD1, 0x3F, 0xEC, 0xE0, 0x90, 0x85, 0x8A, 0xC3,
-+ 0x1A, 0xE2, 0xDC, 0x2E, 0xDF, 0x8E, 0x3C, 0x8B);
-+SPCF_CPARAM_INIT(X9_62_c2pnb304w1, 0x00, 0x3C, 0x67, 0xB4, 0x07, 0xC6, 0xF3,
-+ 0x3F, 0x81, 0x0B, 0x17, 0xDC, 0x16, 0xE2, 0x14, 0x8A, 0x2C,
-+ 0x9C, 0xE2, 0x9D, 0x56, 0x05, 0x23, 0x69, 0x6A, 0x55, 0x93,
-+ 0x8A, 0x15, 0x40, 0x81, 0xE3, 0xE3, 0xAE, 0xFB, 0xCE, 0x45,
-+ 0x70, 0xC9);
-+SPCF_CPARAM_INIT(X9_62_c2tnb359v1, 0x22, 0x39, 0xAA, 0x58, 0x4A, 0xC5, 0x9A,
-+ 0xF9, 0x61, 0xD0, 0xFA, 0x2D, 0x52, 0x85, 0xB6, 0xFD, 0xF7,
-+ 0x34, 0x9B, 0xC6, 0x0E, 0x91, 0xE3, 0x20, 0xF4, 0x71, 0x64,
-+ 0xCE, 0x11, 0xF5, 0x18, 0xEF, 0xB4, 0xC0, 0x8B, 0x9B, 0xDA,
-+ 0x99, 0x9A, 0x8A, 0x37, 0xF8, 0x2A, 0x22, 0x61);
-+SPCF_CPARAM_INIT(X9_62_c2pnb368w1, 0x00, 0xC0, 0x6C, 0xCF, 0x42, 0x89, 0x3A,
-+ 0x8A, 0xAA, 0x00, 0x1E, 0x0B, 0xC0, 0xD2, 0xA2, 0x27, 0x66,
-+ 0xEF, 0x3E, 0x41, 0x88, 0x7C, 0xC6, 0x77, 0x6F, 0x4A, 0x04,
-+ 0x1E, 0xE4, 0x45, 0x14, 0xB2, 0x0A, 0xFC, 0x4E, 0x5C, 0x30,
-+ 0x40, 0x60, 0x06, 0x5B, 0xC8, 0xD6, 0xCF, 0x04, 0xD3, 0x25);
-+SPCF_CPARAM_INIT(X9_62_c2tnb431r1, 0x64, 0xF5, 0xBB, 0xE9, 0xBB, 0x31, 0x66,
-+ 0xA3, 0xA0, 0x2F, 0x2F, 0x22, 0xBF, 0x05, 0xD9, 0xF7, 0xDA,
-+ 0x43, 0xEE, 0x70, 0xC1, 0x79, 0x03, 0x15, 0x2B, 0x70, 0xA0,
-+ 0xB4, 0x25, 0x9B, 0xD2, 0xFC, 0xB2, 0x20, 0x3B, 0x7F, 0xB8,
-+ 0xD3, 0x39, 0x4E, 0x20, 0xEB, 0x0E, 0xA9, 0x84, 0xDD, 0xB1,
-+ 0xE1, 0xF1, 0x4C, 0x67, 0xB1, 0x36, 0x2B);
-+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01);
-+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x01);
-+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls4, 0x01, 0x73, 0xE8, 0x34, 0xAF, 0x28,
-+ 0xEC, 0x76, 0xCB, 0x83, 0xBD, 0x8D, 0xFE, 0xB2, 0xD5);
-+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls5, 0x04, 0x53, 0xE1, 0xE4, 0xB7, 0x29,
-+ 0x1F, 0x5C, 0x2D, 0x53, 0xCE, 0x18, 0x48, 0x3F, 0x00, 0x70,
-+ 0x81, 0xE7, 0xEA, 0x26, 0xEC);
-+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x01);
-+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls11, 0x00, 0x07, 0xD5, 0xEF, 0x43, 0x89,
-+ 0xDF, 0xF1, 0x1E, 0xCD, 0xBA, 0x39, 0xC3, 0x09, 0x70, 0xD3,
-+ 0xCE, 0x35, 0xCE, 0xBB, 0xA5, 0x84, 0x73, 0xF6, 0x4B, 0x4D,
-+ 0xC0, 0xF2, 0x68, 0x6C);
-+/* Oakley curve #3 over 155 bit binary filed */
-+SPCF_CPARAM_INIT(ipsec3, 0x00, 0x31, 0x10, 0x00, 0x00, 0x02, 0x23, 0xA0, 0x00,
-+ 0xC4, 0x47, 0x40, 0x00, 0x08, 0x8E, 0x80, 0x00, 0x11, 0x1D,
-+ 0x1D);
-+/* Oakley curve #4 over 185 bit binary filed */
-+SPCF_CPARAM_INIT(ipsec4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00,
-+ 0x01, 0x80, 0x00, 0xC0, 0x0C, 0x00, 0x00, 0x00, 0x63, 0x80,
-+ 0x30, 0x00, 0x1C, 0x00, 0x09);
-+
-+static inline int
-+eng_ec_get_cparam(int nid, unsigned char *buf, unsigned int buf_len)
-+{
-+ int ret = 0;
-+ switch (nid) {
-+ SPCF_CPARAM_CASE(sect113r1);
-+ SPCF_CPARAM_CASE(sect113r2);
-+ SPCF_CPARAM_CASE(sect131r1);
-+ SPCF_CPARAM_CASE(sect131r2);
-+ SPCF_CPARAM_CASE(sect163k1);
-+ SPCF_CPARAM_CASE(sect163r1);
-+ SPCF_CPARAM_CASE(sect163r2);
-+ SPCF_CPARAM_CASE(sect193r1);
-+ SPCF_CPARAM_CASE(sect193r2);
-+ SPCF_CPARAM_CASE(sect233k1);
-+ SPCF_CPARAM_CASE(sect233r1);
-+ SPCF_CPARAM_CASE(sect239k1);
-+ SPCF_CPARAM_CASE(sect283k1);
-+ SPCF_CPARAM_CASE(sect283r1);
-+ SPCF_CPARAM_CASE(sect409k1);
-+ SPCF_CPARAM_CASE(sect409r1);
-+ SPCF_CPARAM_CASE(sect571k1);
-+ SPCF_CPARAM_CASE(sect571r1);
-+ SPCF_CPARAM_CASE(X9_62_c2pnb163v1);
-+ SPCF_CPARAM_CASE(X9_62_c2pnb163v2);
-+ SPCF_CPARAM_CASE(X9_62_c2pnb163v3);
-+ SPCF_CPARAM_CASE(X9_62_c2pnb176v1);
-+ SPCF_CPARAM_CASE(X9_62_c2tnb191v1);
-+ SPCF_CPARAM_CASE(X9_62_c2tnb191v2);
-+ SPCF_CPARAM_CASE(X9_62_c2tnb191v3);
-+ SPCF_CPARAM_CASE(X9_62_c2pnb208w1);
-+ SPCF_CPARAM_CASE(X9_62_c2tnb239v1);
-+ SPCF_CPARAM_CASE(X9_62_c2tnb239v2);
-+ SPCF_CPARAM_CASE(X9_62_c2tnb239v3);
-+ SPCF_CPARAM_CASE(X9_62_c2pnb272w1);
-+ SPCF_CPARAM_CASE(X9_62_c2pnb304w1);
-+ SPCF_CPARAM_CASE(X9_62_c2tnb359v1);
-+ SPCF_CPARAM_CASE(X9_62_c2pnb368w1);
-+ SPCF_CPARAM_CASE(X9_62_c2tnb431r1);
-+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls1);
-+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls3);
-+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls4);
-+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls5);
-+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls10);
-+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls11);
-+ /* Oakley curve #3 over 155 bit binary filed */
-+ SPCF_CPARAM_CASE(ipsec3);
-+ /* Oakley curve #4 over 185 bit binary filed */
-+ SPCF_CPARAM_CASE(ipsec4);
-+ default:
-+ ret = -EINVAL;
-+ break;
-+ }
-+ return ret;
-+}
-+
-+/* Copies the curve points to a flat buffer with appropriate padding */
-+static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y,
-+ int xy_len, int crv_len)
-+{
-+ unsigned char *xy = NULL;
-+ int len1 = 0, len2 = 0;
-+
-+ len1 = BN_num_bytes(x);
-+ len2 = BN_num_bytes(y);
-+
-+ if (!(xy = malloc(xy_len))) {
-+ return NULL;
-+ }
-+
-+ memset(xy, 0, xy_len);
-+
-+ if (len1 < crv_len) {
-+ if (!BN_is_zero(x))
-+ BN_bn2bin(x, xy + (crv_len - len1));
-+ } else {
-+ BN_bn2bin(x, xy);
-+ }
-+
-+ if (len2 < crv_len) {
-+ if (!BN_is_zero(y))
-+ BN_bn2bin(y, xy+crv_len+(crv_len-len2));
-+ } else {
-+ BN_bn2bin(y, xy+crv_len);
-+ }
-+
-+ return xy;
-+}
-+
-+enum curve_t {
-+ DISCRETE_LOG,
-+ ECC_PRIME,
-+ ECC_BINARY,
-+ MAX_ECC_TYPE
-+};
-+#endif
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch
deleted file mode 100644
index 156b743..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch
+++ /dev/null
@@ -1,1578 +0,0 @@
-From aff25bbf6b5b833931a5281d30a6f26fda9f0a52 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta@freescale.com>
-Date: Tue, 11 Mar 2014 06:29:52 +0545
-Subject: [PATCH 05/48] Initial support for PKC in cryptodev engine
-
-Upstream-status: Pending
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 1365 ++++++++++++++++++++++++++++++++++++-----
- 1 file changed, 1202 insertions(+), 163 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 49ed638..cc9b63b 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -59,6 +59,10 @@ void ENGINE_load_cryptodev(void)
- # include <openssl/dsa.h>
- # include <openssl/err.h>
- # include <openssl/rsa.h>
-+# include <crypto/ecdsa/ecs_locl.h>
-+# include <crypto/ecdh/ech_locl.h>
-+# include <crypto/ec/ec_lcl.h>
-+# include <crypto/ec/ec.h>
- # include <sys/ioctl.h>
- # include <errno.h>
- # include <stdio.h>
-@@ -68,6 +72,7 @@ void ENGINE_load_cryptodev(void)
- # include <syslog.h>
- # include <errno.h>
- # include <string.h>
-+# include "eng_cryptodev_ec.h"
-
- struct dev_crypto_state {
- struct session_op d_sess;
-@@ -116,20 +121,10 @@ static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
- BN_CTX *ctx);
- static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
- BN_CTX *ctx);
--static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
-- const BIGNUM *p, const BIGNUM *m,
-- BN_CTX *ctx, BN_MONT_CTX *m_ctx);
--static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
-- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2,
-- BIGNUM *p, BN_CTX *ctx,
-- BN_MONT_CTX *mont);
- static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
- DSA *dsa);
- static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa);
--static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
-- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-- BN_MONT_CTX *m_ctx);
- static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
- DH *dh);
- static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
-@@ -138,6 +133,105 @@ void ENGINE_load_cryptodev(void);
- const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
-
-+inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
-+{
-+ int len;
-+ unsigned char *p;
-+
-+ len = BN_num_bytes(bn);
-+
-+ if (!len)
-+ return -1;
-+
-+ p = malloc(len);
-+ if (!p)
-+ return -1;
-+
-+ BN_bn2bin(bn, p);
-+
-+ *bin = p;
-+ *bin_len = len;
-+
-+ return 0;
-+}
-+
-+inline int spcf_bn2bin_ex(BIGNUM *bn, unsigned char **bin, int *bin_len)
-+{
-+ int len;
-+ unsigned char *p;
-+
-+ len = BN_num_bytes(bn);
-+
-+ if (!len)
-+ return -1;
-+
-+ if (len < *bin_len)
-+ p = malloc(*bin_len);
-+ else
-+ p = malloc(len);
-+
-+ if (!p)
-+ return -ENOMEM;
-+
-+ if (len < *bin_len) {
-+ /* place padding */
-+ memset(p, 0, (*bin_len - len));
-+ BN_bn2bin(bn, p + (*bin_len - len));
-+ } else {
-+ BN_bn2bin(bn, p);
-+ }
-+
-+ *bin = p;
-+ if (len >= *bin_len)
-+ *bin_len = len;
-+
-+ return 0;
-+}
-+
-+/**
-+ * Convert an ECC F2m 'b' parameter into the 'c' parameter.
-+ *Inputs:
-+ * q, the curve's modulus
-+ * b, the curve's b parameter
-+ * (a bignum for b, a buffer for c)
-+ * Output:
-+ * c, written into bin, right-adjusted to fill q_len bytes.
-+ */
-+static int
-+eng_ec_compute_cparam(const BIGNUM *b, const BIGNUM *q,
-+ unsigned char **bin, int *bin_len)
-+{
-+ BIGNUM *c = BN_new();
-+ BIGNUM *exp = BN_new();
-+ BN_CTX *ctx = BN_CTX_new();
-+ int m = BN_num_bits(q) - 1;
-+ int ok = 0;
-+
-+ if (!c || !exp || !ctx || *bin)
-+ goto err;
-+
-+ /*
-+ * We have to compute c, where b = c^4, i.e., the fourth root of b.
-+ * The equation for c is c = b^(2^(m-2))
-+ * Compute exp = 2^(m-2)
-+ * (1 << x) == 2^x
-+ * and then compute c = b^exp
-+ */
-+ BN_lshift(exp, BN_value_one(), m - 2);
-+ BN_GF2m_mod_exp(c, b, exp, q, ctx);
-+ /* Store c */
-+ spcf_bn2bin_ex(c, bin, bin_len);
-+ ok = 1;
-+ err:
-+ if (ctx)
-+ BN_CTX_free(ctx);
-+ if (c)
-+ BN_free(c);
-+ if (exp)
-+ BN_free(exp);
-+ return ok;
-+}
-+
- static const ENGINE_CMD_DEFN cryptodev_defns[] = {
- {0, NULL, NULL, 0}
- };
-@@ -1230,7 +1324,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
- */
- static int bn2crparam(const BIGNUM *a, struct crparam *crp)
- {
-- int i, j, k;
- ssize_t bytes, bits;
- u_char *b;
-
-@@ -1248,36 +1341,21 @@ static int bn2crparam(const BIGNUM *a, struct crparam *crp)
- crp->crp_p = (caddr_t) b;
- crp->crp_nbits = bits;
-
-- for (i = 0, j = 0; i < a->top; i++) {
-- for (k = 0; k < BN_BITS2 / 8; k++) {
-- if ((j + k) >= bytes)
-- return (0);
-- b[j + k] = a->d[i] >> (k * 8);
-- }
-- j += BN_BITS2 / 8;
-- }
-+ BN_bn2bin(a, crp->crp_p);
- return (0);
- }
-
- /* Convert a /dev/crypto parameter to a BIGNUM */
- static int crparam2bn(struct crparam *crp, BIGNUM *a)
- {
-- u_int8_t *pd;
-- int i, bytes;
-+ int bytes;
-
- bytes = (crp->crp_nbits + 7) / 8;
-
- if (bytes == 0)
- return (-1);
-
-- if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
-- return (-1);
--
-- for (i = 0; i < bytes; i++)
-- pd[i] = crp->crp_p[bytes - i - 1];
--
-- BN_bin2bn(pd, bytes, a);
-- free(pd);
-+ BN_bin2bn(crp->crp_p, bytes, a);
-
- return (0);
- }
-@@ -1334,6 +1412,32 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
- return ret;
- }
-
-+/* Close an opened instance of cryptodev engine */
-+void cryptodev_close_instance(void *handle)
-+{
-+ int fd;
-+
-+ if (handle) {
-+ fd = *(int *)handle;
-+ close(fd);
-+ free(handle);
-+ }
-+}
-+
-+/* Create an instance of cryptodev for asynchronous interface */
-+void *cryptodev_init_instance(void)
-+{
-+ int *fd = malloc(sizeof(int));
-+
-+ if (fd) {
-+ if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) {
-+ free(fd);
-+ return NULL;
-+ }
-+ }
-+ return fd;
-+}
-+
- static int
- cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-@@ -1350,8 +1454,9 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- return (ret);
- }
-
-- memset(&kop, 0, sizeof kop);
- kop.crk_op = CRK_MOD_EXP;
-+ kop.crk_oparams = 0;
-+ kop.crk_status = 0;
-
- /* inputs: a^p % m */
- if (bn2crparam(a, &kop.crk_param[0]))
-@@ -1394,28 +1499,39 @@ static int
- cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- struct crypt_kop kop;
-- int ret = 1;
-+ int ret = 1, f_len, p_len, q_len;
-+ unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq =
-+ NULL, *c = NULL;
-
- if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
- /* XXX 0 means failure?? */
- return (0);
- }
-
-- memset(&kop, 0, sizeof kop);
-+ kop.crk_oparams = 0;
-+ kop.crk_status = 0;
- kop.crk_op = CRK_MOD_EXP_CRT;
-+ f_len = BN_num_bytes(rsa->n);
-+ spcf_bn2bin_ex(I, &f, &f_len);
-+ spcf_bn2bin(rsa->p, &p, &p_len);
-+ spcf_bn2bin(rsa->q, &q, &q_len);
-+ spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
-+ spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
-+ spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
- /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
-- if (bn2crparam(rsa->p, &kop.crk_param[0]))
-- goto err;
-- if (bn2crparam(rsa->q, &kop.crk_param[1]))
-- goto err;
-- if (bn2crparam(I, &kop.crk_param[2]))
-- goto err;
-- if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
-- goto err;
-- if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
-- goto err;
-- if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
-- goto err;
-+ kop.crk_param[0].crp_p = p;
-+ kop.crk_param[0].crp_nbits = p_len * 8;
-+ kop.crk_param[1].crp_p = q;
-+ kop.crk_param[1].crp_nbits = q_len * 8;
-+ kop.crk_param[2].crp_p = f;
-+ kop.crk_param[2].crp_nbits = f_len * 8;
-+ kop.crk_param[3].crp_p = dp;
-+ kop.crk_param[3].crp_nbits = p_len * 8;
-+ /* dq must of length q, rest all of length p */
-+ kop.crk_param[4].crp_p = dq;
-+ kop.crk_param[4].crp_nbits = q_len * 8;
-+ kop.crk_param[5].crp_p = c;
-+ kop.crk_param[5].crp_nbits = p_len * 8;
- kop.crk_iparams = 6;
-
- if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
-@@ -1451,93 +1567,120 @@ static RSA_METHOD cryptodev_rsa = {
- NULL /* rsa_verify */
- };
-
--static int
--cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
--{
-- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
--}
--
--static int
--cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
-- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
-- BN_CTX *ctx, BN_MONT_CTX *mont)
-+static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
-+ DSA *dsa)
- {
-- BIGNUM t2;
-- int ret = 0;
--
-- BN_init(&t2);
--
-- /* v = ( g^u1 * y^u2 mod p ) mod q */
-- /* let t1 = g ^ u1 mod p */
-- ret = 0;
-+ struct crypt_kop kop;
-+ BIGNUM *c = NULL, *d = NULL;
-+ DSA_SIG *dsaret = NULL;
-+ int q_len = 0, r_len = 0, g_len = 0;
-+ int priv_key_len = 0, ret;
-+ unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f =
-+ NULL;
-
-- if (!dsa->meth->bn_mod_exp(dsa, t1, dsa->g, u1, dsa->p, ctx, mont))
-+ memset(&kop, 0, sizeof kop);
-+ if ((c = BN_new()) == NULL) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
-+ }
-
-- /* let t2 = y ^ u2 mod p */
-- if (!dsa->meth->bn_mod_exp(dsa, &t2, dsa->pub_key, u2, dsa->p, ctx, mont))
-+ if ((d = BN_new()) == NULL) {
-+ BN_free(c);
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
-- /* let u1 = t1 * t2 mod p */
-- if (!BN_mod_mul(u1, t1, &t2, dsa->p, ctx))
-+ }
-+
-+ if (spcf_bn2bin(dsa->p, &q, &q_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
- goto err;
-+ }
-
-- BN_copy(t1, u1);
-+ /* Get order of the field of private keys into plain buffer */
-+ if (spcf_bn2bin(dsa->q, &r, &r_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-
-- ret = 1;
-- err:
-- BN_free(&t2);
-- return (ret);
--}
-+ /* sanity test */
-+ if (dlen > r_len) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-+ goto err;
-+ }
-
--static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
-- DSA *dsa)
--{
-- struct crypt_kop kop;
-- BIGNUM *r = NULL, *s = NULL;
-- DSA_SIG *dsaret = NULL;
-+ g_len = q_len;
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-
-- if ((r = BN_new()) == NULL)
-+ priv_key_len = r_len;
-+ /**
-+ * Get private key into a plain buffer. If length is less than
-+ * r_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
-- if ((s = BN_new()) == NULL) {
-- BN_free(r);
-+ }
-+
-+ /* Allocate memory to store hash. */
-+ f = OPENSSL_malloc(r_len);
-+ if (!f) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
-- memset(&kop, 0, sizeof kop);
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ if (dlen < r_len)
-+ memset(f, 0, r_len - dlen);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dlen, dgst, dlen);
-+
- kop.crk_op = CRK_DSA_SIGN;
-
- /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-- kop.crk_param[0].crp_p = (caddr_t) dgst;
-- kop.crk_param[0].crp_nbits = dlen * 8;
-- if (bn2crparam(dsa->p, &kop.crk_param[1]))
-- goto err;
-- if (bn2crparam(dsa->q, &kop.crk_param[2]))
-- goto err;
-- if (bn2crparam(dsa->g, &kop.crk_param[3]))
-+ kop.crk_param[0].crp_p = (void *)f;
-+ kop.crk_param[0].crp_nbits = r_len * 8;
-+ kop.crk_param[1].crp_p = (void *)q;
-+ kop.crk_param[1].crp_nbits = q_len * 8;
-+ kop.crk_param[2].crp_p = (void *)r;
-+ kop.crk_param[2].crp_nbits = r_len * 8;
-+ kop.crk_param[3].crp_p = (void *)g;
-+ kop.crk_param[3].crp_nbits = g_len * 8;
-+ kop.crk_param[4].crp_p = (void *)priv_key;
-+ kop.crk_param[4].crp_nbits = priv_key_len * 8;
-+ kop.crk_iparams = 5;
-+
-+ ret = cryptodev_asym(&kop, r_len, c, r_len, d);
-+
-+ if (ret) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DECODE_ERROR);
- goto err;
-- if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
-+ }
-+
-+ dsaret = DSA_SIG_new();
-+ if (dsaret == NULL)
- goto err;
-- kop.crk_iparams = 5;
-+ dsaret->r = c;
-+ dsaret->s = d;
-
-- if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
-- BN_num_bytes(dsa->q), s) == 0) {
-- dsaret = DSA_SIG_new();
-- if (dsaret == NULL)
-- goto err;
-- dsaret->r = r;
-- dsaret->s = s;
-- r = s = NULL;
-- } else {
-+ zapparams(&kop);
-+ return (dsaret);
-+ err:
-+ {
- const DSA_METHOD *meth = DSA_OpenSSL();
-+ if (c)
-+ BN_free(c);
-+ if (d)
-+ BN_free(d);
- dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);
-+ return (dsaret);
- }
-- err:
-- BN_free(r);
-- BN_free(s);
-- kop.crk_param[0].crp_p = NULL;
-- zapparams(&kop);
-- return (dsaret);
- }
-
- static int
-@@ -1545,43 +1688,175 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
- DSA_SIG *sig, DSA *dsa)
- {
- struct crypt_kop kop;
-- int dsaret = 1;
-+ int dsaret = 1, q_len = 0, r_len = 0, g_len = 0;
-+ int w_len = 0, c_len = 0, d_len = 0, ret = -1;
-+ unsigned char *q = NULL, *r = NULL, *w = NULL, *g = NULL;
-+ unsigned char *c = NULL, *d = NULL, *f = NULL;
-
- memset(&kop, 0, sizeof kop);
- kop.crk_op = CRK_DSA_VERIFY;
-
-- /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
-- kop.crk_param[0].crp_p = (caddr_t) dgst;
-- kop.crk_param[0].crp_nbits = dlen * 8;
-- if (bn2crparam(dsa->p, &kop.crk_param[1]))
-+ if (spcf_bn2bin(dsa->p, &q, &q_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ return ret;
-+ }
-+
-+ /* Get Order of field of private keys */
-+ if (spcf_bn2bin(dsa->q, &r, &r_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
-- if (bn2crparam(dsa->q, &kop.crk_param[2]))
-+ }
-+
-+ g_len = q_len;
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ w_len = q_len;
-+ /**
-+ * Get public key into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
-- if (bn2crparam(dsa->g, &kop.crk_param[3]))
-+ }
-+ /**
-+ * Get the 1st part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ c_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
-- if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
-+ }
-+
-+ /**
-+ * Get the 2nd part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ d_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
-- if (bn2crparam(sig->r, &kop.crk_param[5]))
-+ }
-+
-+ /* Sanity test */
-+ if (dlen > r_len) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
-- if (bn2crparam(sig->s, &kop.crk_param[6]))
-+ }
-+
-+ /* Allocate memory to store hash. */
-+ f = OPENSSL_malloc(r_len);
-+ if (!f) {
-+ DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ if (dlen < r_len)
-+ memset(f, 0, r_len - dlen);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dlen, dgst, dlen);
-+
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
-+ kop.crk_param[0].crp_p = (void *)f;
-+ kop.crk_param[0].crp_nbits = r_len * 8;
-+ kop.crk_param[1].crp_p = q;
-+ kop.crk_param[1].crp_nbits = q_len * 8;
-+ kop.crk_param[2].crp_p = r;
-+ kop.crk_param[2].crp_nbits = r_len * 8;
-+ kop.crk_param[3].crp_p = g;
-+ kop.crk_param[3].crp_nbits = g_len * 8;
-+ kop.crk_param[4].crp_p = w;
-+ kop.crk_param[4].crp_nbits = w_len * 8;
-+ kop.crk_param[5].crp_p = c;
-+ kop.crk_param[5].crp_nbits = c_len * 8;
-+ kop.crk_param[6].crp_p = d;
-+ kop.crk_param[6].crp_nbits = d_len * 8;
- kop.crk_iparams = 7;
-
-- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-- /*
-- * OCF success value is 0, if not zero, change dsaret to fail
-- */
-- if (0 != kop.crk_status)
-- dsaret = 0;
-- } else {
-- const DSA_METHOD *meth = DSA_OpenSSL();
-+ if ((cryptodev_asym(&kop, 0, NULL, 0, NULL))) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR);
-+ goto err;
-+ }
-
-- dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
-+ /*
-+ * OCF success value is 0, if not zero, change dsaret to fail
-+ */
-+ if (0 != kop.crk_status) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR);
-+ goto err;
- }
-- err:
-- kop.crk_param[0].crp_p = NULL;
-+
- zapparams(&kop);
- return (dsaret);
-+ err:
-+ {
-+ const DSA_METHOD *meth = DSA_OpenSSL();
-+ dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
-+ return dsaret;
-+ }
-+}
-+
-+/* Cryptodev DSA Key Gen routine */
-+static int cryptodev_dsa_keygen(DSA *dsa)
-+{
-+ struct crypt_kop kop;
-+ int ret = 1, g_len;
-+ unsigned char *g = NULL;
-+
-+ if (dsa->priv_key == NULL) {
-+ if ((dsa->priv_key = BN_new()) == NULL)
-+ goto sw_try;
-+ }
-+
-+ if (dsa->pub_key == NULL) {
-+ if ((dsa->pub_key = BN_new()) == NULL)
-+ goto sw_try;
-+ }
-+
-+ g_len = BN_num_bytes(dsa->p);
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * p_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+ DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto sw_try;
-+ }
-+
-+ memset(&kop, 0, sizeof kop);
-+
-+ kop.crk_op = CRK_DSA_GENERATE_KEY;
-+ if (bn2crparam(dsa->p, &kop.crk_param[0]))
-+ goto sw_try;
-+ if (bn2crparam(dsa->q, &kop.crk_param[1]))
-+ goto sw_try;
-+ kop.crk_param[2].crp_p = g;
-+ kop.crk_param[2].crp_nbits = g_len * 8;
-+ kop.crk_iparams = 3;
-+
-+ /* pub_key is or prime length while priv key is of length of order */
-+ if (cryptodev_asym(&kop, BN_num_bytes(dsa->p), dsa->pub_key,
-+ BN_num_bytes(dsa->q), dsa->priv_key))
-+ goto sw_try;
-+
-+ return ret;
-+ sw_try:
-+ {
-+ const DSA_METHOD *meth = DSA_OpenSSL();
-+ ret = (meth->dsa_keygen) (dsa);
-+ }
-+ return ret;
- }
-
- static DSA_METHOD cryptodev_dsa = {
-@@ -1597,12 +1872,558 @@ static DSA_METHOD cryptodev_dsa = {
- NULL /* app_data */
- };
-
--static int
--cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
-- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-- BN_MONT_CTX *m_ctx)
-+static ECDSA_METHOD cryptodev_ecdsa = {
-+ "cryptodev ECDSA method",
-+ NULL,
-+ NULL, /* ecdsa_sign_setup */
-+ NULL,
-+ NULL,
-+ 0, /* flags */
-+ NULL /* app_data */
-+};
-+
-+typedef enum ec_curve_s {
-+ EC_PRIME,
-+ EC_BINARY
-+} ec_curve_t;
-+
-+/* ENGINE handler for ECDSA Sign */
-+static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
-+ int dgst_len, const BIGNUM *in_kinv,
-+ const BIGNUM *in_r, EC_KEY *eckey)
- {
-- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
-+ BIGNUM *m = NULL, *p = NULL, *a = NULL;
-+ BIGNUM *b = NULL, *x = NULL, *y = NULL;
-+ BN_CTX *ctx = NULL;
-+ ECDSA_SIG *ret = NULL;
-+ ECDSA_DATA *ecdsa = NULL;
-+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
-+ unsigned char *s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst =
-+ NULL;
-+ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
-+ int g_len = 0, d_len = 0, ab_len = 0;
-+ const BIGNUM *order = NULL, *priv_key = NULL;
-+ const EC_GROUP *group = NULL;
-+ struct crypt_kop kop;
-+ ec_curve_t ec_crv = EC_PRIME;
-+
-+ memset(&kop, 0, sizeof(kop));
-+ ecdsa = ecdsa_check(eckey);
-+ if (!ecdsa) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+ return NULL;
-+ }
-+
-+ group = EC_KEY_get0_group(eckey);
-+ priv_key = EC_KEY_get0_private_key(eckey);
-+
-+ if (!group || !priv_key) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+ return NULL;
-+ }
-+
-+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+ (y = BN_new()) == NULL) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ order = &group->order;
-+ if (!order || BN_is_zero(order)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
-+ goto err;
-+ }
-+
-+ i = BN_num_bits(order);
-+ /*
-+ * Need to truncate digest if it is too long: first truncate whole bytes
-+ */
-+ if (8 * dgst_len > i)
-+ dgst_len = (i + 7) / 8;
-+
-+ if (!BN_bin2bn(dgst, dgst_len, m)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* If still too long truncate remaining bits with a shift */
-+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* copy the truncated bits into plain buffer */
-+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
-+ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__,
-+ __LINE__);
-+ goto err;
-+ }
-+
-+ ret = ECDSA_SIG_new();
-+ if (!ret) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* check if this is prime or binary EC request */
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_prime_field) {
-+ ec_crv = EC_PRIME;
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GFp
-+ (group, EC_GROUP_get0_generator(group), x, y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_characteristic_two_field) {
-+ ec_crv = EC_BINARY;
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ if (spcf_bn2bin(order, &r, &r_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ if (spcf_bn2bin(p, &q, &q_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ priv_key_len = r_len;
-+
-+ /**
-+ * If BN_num_bytes of priv_key returns less then r_len then
-+ * add padding bytes before the key
-+ */
-+ if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Generation of ECC curve parameters */
-+ ab_len = 2 * q_len;
-+ ab = eng_copy_curve_points(a, b, ab_len, q_len);
-+ if (!ab) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ if (ec_crv == EC_BINARY) {
-+ if (eng_ec_get_cparam
-+ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
-+ unsigned char *c_temp = NULL;
-+ int c_temp_len = q_len;
-+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+ memcpy(ab + q_len, c_temp, q_len);
-+ else
-+ goto err;
-+ }
-+ kop.curve_type = ECC_BINARY;
-+ }
-+
-+ /* Calculation of Generator point */
-+ g_len = 2 * q_len;
-+ g_xy = eng_copy_curve_points(x, y, g_len, q_len);
-+ if (!g_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Memory allocation for first part of digital signature */
-+ c = malloc(r_len);
-+ if (!c) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ d_len = r_len;
-+
-+ /* Memory allocation for second part of digital signature */
-+ d = malloc(d_len);
-+ if (!d) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* memory for message representative */
-+ f = malloc(r_len);
-+ if (!f) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ memset(f, 0, r_len - dgst_len);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
-+
-+ dgst_len += r_len - dgst_len;
-+ kop.crk_op = CRK_DSA_SIGN;
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+ kop.crk_param[0].crp_p = f;
-+ kop.crk_param[0].crp_nbits = dgst_len * 8;
-+ kop.crk_param[1].crp_p = q;
-+ kop.crk_param[1].crp_nbits = q_len * 8;
-+ kop.crk_param[2].crp_p = r;
-+ kop.crk_param[2].crp_nbits = r_len * 8;
-+ kop.crk_param[3].crp_p = g_xy;
-+ kop.crk_param[3].crp_nbits = g_len * 8;
-+ kop.crk_param[4].crp_p = s;
-+ kop.crk_param[4].crp_nbits = priv_key_len * 8;
-+ kop.crk_param[5].crp_p = ab;
-+ kop.crk_param[5].crp_nbits = ab_len * 8;
-+ kop.crk_iparams = 6;
-+ kop.crk_param[6].crp_p = c;
-+ kop.crk_param[6].crp_nbits = d_len * 8;
-+ kop.crk_param[7].crp_p = d;
-+ kop.crk_param[7].crp_nbits = d_len * 8;
-+ kop.crk_oparams = 2;
-+
-+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-+ /* Check if ret->r and s needs to allocated */
-+ crparam2bn(&kop.crk_param[6], ret->r);
-+ crparam2bn(&kop.crk_param[7], ret->s);
-+ } else {
-+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+ ret = (meth->ecdsa_do_sign) (dgst, dgst_len, in_kinv, in_r, eckey);
-+ }
-+ kop.crk_param[0].crp_p = NULL;
-+ zapparams(&kop);
-+ err:
-+ if (!ret) {
-+ ECDSA_SIG_free(ret);
-+ ret = NULL;
-+ }
-+ return ret;
-+}
-+
-+static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
-+ ECDSA_SIG *sig, EC_KEY *eckey)
-+{
-+ BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL;
-+ BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
-+ BN_CTX *ctx = NULL;
-+ ECDSA_DATA *ecdsa = NULL;
-+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy =
-+ NULL;
-+ unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
-+ int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0;
-+ int d_len = 0, ab_len = 0, ret = -1;
-+ const EC_POINT *pub_key = NULL;
-+ const BIGNUM *order = NULL;
-+ const EC_GROUP *group = NULL;
-+ ec_curve_t ec_crv = EC_PRIME;
-+ struct crypt_kop kop;
-+
-+ memset(&kop, 0, sizeof kop);
-+ ecdsa = ecdsa_check(eckey);
-+ if (!ecdsa) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
-+ return ret;
-+ }
-+
-+ group = EC_KEY_get0_group(eckey);
-+ pub_key = EC_KEY_get0_public_key(eckey);
-+
-+ if (!group || !pub_key) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
-+ return ret;
-+ }
-+
-+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+ (y = BN_new()) == NULL || (w_x = BN_new()) == NULL ||
-+ (w_y = BN_new()) == NULL) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ order = &group->order;
-+ if (!order || BN_is_zero(order)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
-+ goto err;
-+ }
-+
-+ i = BN_num_bits(order);
-+ /*
-+ * Need to truncate digest if it is too long: first truncate whole *
-+ * bytes
-+ */
-+ if (8 * dgst_len > i)
-+ dgst_len = (i + 7) / 8;
-+
-+ if (!BN_bin2bn(dgst, dgst_len, m)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* If still too long truncate remaining bits with a shift */
-+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+ /* copy the truncated bits into plain buffer */
-+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* check if this is prime or binary EC request */
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_prime_field) {
-+ ec_crv = EC_PRIME;
-+
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GFp(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for prime curve */
-+ if (!EC_POINT_get_affine_coordinates_GFp(group,
-+ pub_key, w_x, w_y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_characteristic_two_field) {
-+ ec_crv = EC_BINARY;
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for binary curve */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ pub_key, w_x, w_y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* Get the order of the subgroup of private keys */
-+ if (spcf_bn2bin((BIGNUM *)order, &r, &r_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the irreducible polynomial that creates the field */
-+ if (spcf_bn2bin(p, &q, &q_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the public key into a flat buffer with appropriate padding */
-+ pub_key_len = 2 * q_len;
-+
-+ w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len);
-+ if (!w_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Generation of ECC curve parameters */
-+ ab_len = 2 * q_len;
-+
-+ ab = eng_copy_curve_points(a, b, ab_len, q_len);
-+ if (!ab) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ if (ec_crv == EC_BINARY) {
-+ /* copy b' i.e c(b), instead of only b */
-+ if (eng_ec_get_cparam
-+ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
-+ unsigned char *c_temp = NULL;
-+ int c_temp_len = q_len;
-+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+ memcpy(ab + q_len, c_temp, q_len);
-+ else
-+ goto err;
-+ }
-+ kop.curve_type = ECC_BINARY;
-+ }
-+
-+ /* Calculation of Generator point */
-+ g_len = 2 * q_len;
-+
-+ g_xy = eng_copy_curve_points(x, y, g_len, q_len);
-+ if (!g_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /**
-+ * Get the 1st part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ if (BN_num_bytes(sig->r) < r_len)
-+ c_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /**
-+ * Get the 2nd part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ if (BN_num_bytes(sig->s) < r_len)
-+ d_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* memory for message representative */
-+ f = malloc(r_len);
-+ if (!f) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ memset(f, 0, r_len - dgst_len);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
-+ dgst_len += r_len - dgst_len;
-+ kop.crk_op = CRK_DSA_VERIFY;
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+ kop.crk_param[0].crp_p = f;
-+ kop.crk_param[0].crp_nbits = dgst_len * 8;
-+ kop.crk_param[1].crp_p = q;
-+ kop.crk_param[1].crp_nbits = q_len * 8;
-+ kop.crk_param[2].crp_p = r;
-+ kop.crk_param[2].crp_nbits = r_len * 8;
-+ kop.crk_param[3].crp_p = g_xy;
-+ kop.crk_param[3].crp_nbits = g_len * 8;
-+ kop.crk_param[4].crp_p = w_xy;
-+ kop.crk_param[4].crp_nbits = pub_key_len * 8;
-+ kop.crk_param[5].crp_p = ab;
-+ kop.crk_param[5].crp_nbits = ab_len * 8;
-+ kop.crk_param[6].crp_p = c;
-+ kop.crk_param[6].crp_nbits = d_len * 8;
-+ kop.crk_param[7].crp_p = d;
-+ kop.crk_param[7].crp_nbits = d_len * 8;
-+ kop.crk_iparams = 8;
-+
-+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-+ /*
-+ * OCF success value is 0, if not zero, change ret to fail
-+ */
-+ if (0 == kop.crk_status)
-+ ret = 1;
-+ } else {
-+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+
-+ ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey);
-+ }
-+ kop.crk_param[0].crp_p = NULL;
-+ zapparams(&kop);
-+
-+ err:
-+ return ret;
-+}
-+
-+static int cryptodev_dh_keygen(DH *dh)
-+{
-+ struct crypt_kop kop;
-+ int ret = 1, g_len;
-+ unsigned char *g = NULL;
-+
-+ if (dh->priv_key == NULL) {
-+ if ((dh->priv_key = BN_new()) == NULL)
-+ goto sw_try;
-+ }
-+
-+ if (dh->pub_key == NULL) {
-+ if ((dh->pub_key = BN_new()) == NULL)
-+ goto sw_try;
-+ }
-+
-+ g_len = BN_num_bytes(dh->p);
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
-+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto sw_try;
-+ }
-+
-+ memset(&kop, 0, sizeof kop);
-+ kop.crk_op = CRK_DH_GENERATE_KEY;
-+ if (bn2crparam(dh->p, &kop.crk_param[0]))
-+ goto sw_try;
-+ if (bn2crparam(dh->q, &kop.crk_param[1]))
-+ goto sw_try;
-+ kop.crk_param[2].crp_p = g;
-+ kop.crk_param[2].crp_nbits = g_len * 8;
-+ kop.crk_iparams = 3;
-+
-+ /* pub_key is or prime length while priv key is of length of order */
-+ if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
-+ BN_num_bytes(dh->q), dh->priv_key))
-+ goto sw_try;
-+
-+ return ret;
-+ sw_try:
-+ {
-+ const DH_METHOD *meth = DH_OpenSSL();
-+ ret = (meth->generate_key) (dh);
-+ }
-+ return ret;
- }
-
- static int
-@@ -1610,41 +2431,236 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- {
- struct crypt_kop kop;
- int dhret = 1;
-- int fd, keylen;
-+ int fd, p_len;
-+ BIGNUM *temp = NULL;
-+ unsigned char *padded_pub_key = NULL, *p = NULL;
-+
-+ if ((fd = get_asym_dev_crypto()) < 0)
-+ goto sw_try;
-+
-+ memset(&kop, 0, sizeof kop);
-+ kop.crk_op = CRK_DH_COMPUTE_KEY;
-+ /* inputs: dh->priv_key pub_key dh->p key */
-+ spcf_bn2bin(dh->p, &p, &p_len);
-+ spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
-+ if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
-+ goto sw_try;
-+
-+ kop.crk_param[1].crp_p = padded_pub_key;
-+ kop.crk_param[1].crp_nbits = p_len * 8;
-+ kop.crk_param[2].crp_p = p;
-+ kop.crk_param[2].crp_nbits = p_len * 8;
-+ kop.crk_iparams = 3;
-+ kop.crk_param[3].crp_p = (void *)key;
-+ kop.crk_param[3].crp_nbits = p_len * 8;
-+ kop.crk_oparams = 1;
-+ dhret = p_len;
-+
-+ if (ioctl(fd, CIOCKEY, &kop))
-+ goto sw_try;
-+
-+ if ((temp = BN_new())) {
-+ if (!BN_bin2bn(key, p_len, temp)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto sw_try;
-+ }
-+ if (dhret > BN_num_bytes(temp))
-+ dhret = BN_bn2bin(temp, key);
-+ BN_free(temp);
-+ }
-
-- if ((fd = get_asym_dev_crypto()) < 0) {
-+ kop.crk_param[3].crp_p = NULL;
-+ zapparams(&kop);
-+ return (dhret);
-+ sw_try:
-+ {
- const DH_METHOD *meth = DH_OpenSSL();
-
-- return ((meth->compute_key) (key, pub_key, dh));
-+ dhret = (meth->compute_key) (key, pub_key, dh);
- }
-+ return (dhret);
-+}
-
-- keylen = BN_num_bits(dh->p);
-+int cryptodev_ecdh_compute_key(void *out, size_t outlen,
-+ const EC_POINT *pub_key, EC_KEY *ecdh,
-+ void *(*KDF) (const void *in, size_t inlen,
-+ void *out, size_t *outlen))
-+{
-+ ec_curve_t ec_crv = EC_PRIME;
-+ unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
-+ BIGNUM *w_x = NULL, *w_y = NULL;
-+ int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
-+ BIGNUM *p = NULL, *a = NULL, *b = NULL;
-+ BN_CTX *ctx;
-+ EC_POINT *tmp = NULL;
-+ BIGNUM *x = NULL, *y = NULL;
-+ const BIGNUM *priv_key;
-+ const EC_GROUP *group = NULL;
-+ int ret = -1;
-+ size_t buflen, len;
-+ struct crypt_kop kop;
-
- memset(&kop, 0, sizeof kop);
-- kop.crk_op = CRK_DH_COMPUTE_KEY;
-
-- /* inputs: dh->priv_key pub_key dh->p key */
-- if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
-+ if ((ctx = BN_CTX_new()) == NULL)
- goto err;
-- if (bn2crparam(pub_key, &kop.crk_param[1]))
-+ BN_CTX_start(ctx);
-+ x = BN_CTX_get(ctx);
-+ y = BN_CTX_get(ctx);
-+ p = BN_CTX_get(ctx);
-+ a = BN_CTX_get(ctx);
-+ b = BN_CTX_get(ctx);
-+ w_x = BN_CTX_get(ctx);
-+ w_y = BN_CTX_get(ctx);
-+
-+ if (!x || !y || !p || !a || !b || !w_x || !w_y) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
- goto err;
-- if (bn2crparam(dh->p, &kop.crk_param[2]))
-+ }
-+
-+ priv_key = EC_KEY_get0_private_key(ecdh);
-+ if (priv_key == NULL) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE);
- goto err;
-- kop.crk_iparams = 3;
-+ }
-
-- kop.crk_param[3].crp_p = (caddr_t) key;
-- kop.crk_param[3].crp_nbits = keylen * 8;
-- kop.crk_oparams = 1;
-+ group = EC_KEY_get0_group(ecdh);
-+ if ((tmp = EC_POINT_new(group)) == NULL) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-
-- if (ioctl(fd, CIOCKEY, &kop) == -1) {
-- const DH_METHOD *meth = DH_OpenSSL();
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_prime_field) {
-+ ec_crv = EC_PRIME;
-
-- dhret = (meth->compute_key) (key, pub_key, dh);
-+ if (!EC_POINT_get_affine_coordinates_GFp(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for prime curve */
-+ if (!EC_POINT_get_affine_coordinates_GFp
-+ (group, pub_key, w_x, w_y, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+ } else {
-+ ec_crv = EC_BINARY;
-+
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for binary curve */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ pub_key, w_x, w_y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
- }
-+
-+ /* irreducible polynomial that creates the field */
-+ if (spcf_bn2bin((BIGNUM *)&group->order, &r, &r_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the irreducible polynomial that creates the field */
-+ if (spcf_bn2bin(p, &q, &q_len)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* Get the public key into a flat buffer with appropriate padding */
-+ pub_key_len = 2 * q_len;
-+ w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len);
-+ if (!w_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Generation of ECC curve parameters */
-+ ab_len = 2 * q_len;
-+ ab = eng_copy_curve_points(a, b, ab_len, q_len);
-+ if (!ab) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ if (ec_crv == EC_BINARY) {
-+ /* copy b' i.e c(b), instead of only b */
-+ if (eng_ec_get_cparam
-+ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
-+ unsigned char *c_temp = NULL;
-+ int c_temp_len = q_len;
-+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+ memcpy(ab + q_len, c_temp, q_len);
-+ else
-+ goto err;
-+ }
-+ kop.curve_type = ECC_BINARY;
-+ } else
-+ kop.curve_type = ECC_PRIME;
-+
-+ priv_key_len = r_len;
-+
-+ /*
-+ * If BN_num_bytes of priv_key returns less then r_len then
-+ * add padding bytes before the key
-+ */
-+ if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ buflen = (EC_GROUP_get_degree(group) + 7) / 8;
-+ len = BN_num_bytes(x);
-+ if (len > buflen || q_len < buflen) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
-+ goto err;
-+ }
-+
-+ kop.crk_op = CRK_DH_COMPUTE_KEY;
-+ kop.crk_param[0].crp_p = (void *)s;
-+ kop.crk_param[0].crp_nbits = priv_key_len * 8;
-+ kop.crk_param[1].crp_p = (void *)w_xy;
-+ kop.crk_param[1].crp_nbits = pub_key_len * 8;
-+ kop.crk_param[2].crp_p = (void *)q;
-+ kop.crk_param[2].crp_nbits = q_len * 8;
-+ kop.crk_param[3].crp_p = (void *)ab;
-+ kop.crk_param[3].crp_nbits = ab_len * 8;
-+ kop.crk_iparams = 4;
-+ kop.crk_param[4].crp_p = (void *)out;
-+ kop.crk_param[4].crp_nbits = q_len * 8;
-+ kop.crk_oparams = 1;
-+ ret = q_len;
-+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL)) {
-+ const ECDH_METHOD *meth = ECDH_OpenSSL();
-+ ret = (meth->compute_key) (out, outlen, pub_key, ecdh, KDF);
-+ } else
-+ ret = q_len;
- err:
-- kop.crk_param[3].crp_p = NULL;
-+ kop.crk_param[4].crp_p = NULL;
- zapparams(&kop);
-- return (dhret);
-+ return ret;
- }
-
- static DH_METHOD cryptodev_dh = {
-@@ -1658,6 +2674,14 @@ static DH_METHOD cryptodev_dh = {
- NULL /* app_data */
- };
-
-+static ECDH_METHOD cryptodev_ecdh = {
-+ "cryptodev ECDH method",
-+ NULL, /* cryptodev_ecdh_compute_key */
-+ NULL,
-+ 0, /* flags */
-+ NULL /* app_data */
-+};
-+
- /*
- * ctrl right now is just a wrapper that doesn't do much
- * but I expect we'll want some options soon.
-@@ -1737,24 +2761,39 @@ void ENGINE_load_cryptodev(void)
- memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
- if (cryptodev_asymfeat & CRF_DSA_SIGN)
- cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
-- if (cryptodev_asymfeat & CRF_MOD_EXP) {
-- cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
-- cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
-- }
- if (cryptodev_asymfeat & CRF_DSA_VERIFY)
- cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
-+ if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY)
-+ cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen;
- }
-
- if (ENGINE_set_DH(engine, &cryptodev_dh)) {
- const DH_METHOD *dh_meth = DH_OpenSSL();
-+ memcpy(&cryptodev_dh, dh_meth, sizeof(DH_METHOD));
-+ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
-+ cryptodev_dh.compute_key = cryptodev_dh_compute_key;
-+ }
-+ if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) {
-+ cryptodev_dh.generate_key = cryptodev_dh_keygen;
-+ }
-+ }
-
-- cryptodev_dh.generate_key = dh_meth->generate_key;
-- cryptodev_dh.compute_key = dh_meth->compute_key;
-- cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
-- if (cryptodev_asymfeat & CRF_MOD_EXP) {
-- cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
-- if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
-- cryptodev_dh.compute_key = cryptodev_dh_compute_key;
-+ if (ENGINE_set_ECDSA(engine, &cryptodev_ecdsa)) {
-+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+ memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD));
-+ if (cryptodev_asymfeat & CRF_DSA_SIGN) {
-+ cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign;
-+ }
-+ if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
-+ cryptodev_ecdsa.ecdsa_do_verify = cryptodev_ecdsa_verify;
-+ }
-+ }
-+
-+ if (ENGINE_set_ECDH(engine, &cryptodev_ecdh)) {
-+ const ECDH_METHOD *ecdh_meth = ECDH_OpenSSL();
-+ memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD));
-+ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
-+ cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key;
- }
- }
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch
deleted file mode 100644
index 049f963..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From e9981377fe8e2081fcd5b4e43a5ef4d8f1cc1e67 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta@freescale.com>
-Date: Tue, 11 Mar 2014 06:42:59 +0545
-Subject: [PATCH 06/48] Added hwrng dev file as source of RNG
-
-Upstream-status: Pending
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
----
- e_os.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/e_os.h b/e_os.h
-index 1fa36c1..6c0917b 100644
---- a/e_os.h
-+++ b/e_os.h
-@@ -82,7 +82,7 @@ extern "C" {
- * set this to a comma-separated list of 'random' device files to try out. My
- * default, we will try to read at least one of these files
- */
--# define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
-+# define DEVRANDOM "/dev/hwrng","/dev/urandom","/dev/random","/dev/srandom"
- # endif
- # ifndef DEVRANDOM_EGD
- /*
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
deleted file mode 100644
index 154ae80..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
+++ /dev/null
@@ -1,2050 +0,0 @@
-From ea28474ed5e1e21a6efba7570bf0d27d02923bce Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta@freescale.com>
-Date: Tue, 11 Mar 2014 07:14:30 +0545
-Subject: [PATCH 07/48] Asynchronous interface added for PKC cryptodev
- interface
-
-Upstream-status: Pending
-
-Change-Id: Ia8974f793dc18a959ed6798dcdd7d3fad81cb7da
-Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
----
- crypto/crypto.h | 16 +
- crypto/dh/dh.h | 3 +
- crypto/dsa/dsa.h | 5 +
- crypto/ecdh/ech_locl.h | 3 +
- crypto/ecdsa/ecs_locl.h | 5 +
- crypto/engine/eng_cryptodev.c | 1598 +++++++++++++++++++++++++++++++++++++----
- crypto/engine/eng_int.h | 23 +
- crypto/engine/eng_lib.c | 46 ++
- crypto/engine/engine.h | 24 +
- crypto/rsa/rsa.h | 23 +
- 10 files changed, 1605 insertions(+), 141 deletions(-)
-
-diff --git a/crypto/crypto.h b/crypto/crypto.h
-index 6c644ce..2b4ec59 100644
---- a/crypto/crypto.h
-+++ b/crypto/crypto.h
-@@ -655,6 +655,22 @@ void ERR_load_CRYPTO_strings(void);
- # define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101
- # define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100
-
-+/* Additions for Asynchronous PKC Infrastructure */
-+struct pkc_cookie_s {
-+ void *cookie; /* To be filled by openssl library primitive method function caller */
-+ void *eng_cookie; /* To be filled by Engine */
-+ /*
-+ * Callback handler to be provided by caller. Ensure to pass a
-+ * handler which takes the crypto operation to completion.
-+ * cookie: Container cookie from library
-+ * status: Status of the crypto Job completion.
-+ * 0: Job handled without any issue
-+ * -EINVAL: Parameters Invalid
-+ */
-+ void (*pkc_callback)(struct pkc_cookie_s *cookie, int status);
-+ void *eng_handle;
-+};
-+
- #ifdef __cplusplus
- }
- #endif
-diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
-index a5bd901..31dd762 100644
---- a/crypto/dh/dh.h
-+++ b/crypto/dh/dh.h
-@@ -123,6 +123,9 @@ struct dh_method {
- int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-+ int (*compute_key_async)(unsigned char *key,const BIGNUM *pub_key,DH *dh,
-+ struct pkc_cookie_s *cookie);
-+ int (*generate_key_async)(DH *dh, struct pkc_cookie_s *cookie);
- int (*init) (DH *dh);
- int (*finish) (DH *dh);
- int flags;
-diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
-index 545358f..8584731 100644
---- a/crypto/dsa/dsa.h
-+++ b/crypto/dsa/dsa.h
-@@ -139,6 +139,10 @@ struct dsa_method {
- /* Can be null */
- int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-+ int (*dsa_do_sign_async)(const unsigned char *dgst, int dlen, DSA *dsa,
-+ DSA_SIG *sig, struct pkc_cookie_s *cookie);
-+ int (*dsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
-+ DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie);
- int (*init) (DSA *dsa);
- int (*finish) (DSA *dsa);
- int flags;
-@@ -150,6 +154,7 @@ struct dsa_method {
- BN_GENCB *cb);
- /* If this is non-NULL, it is used to generate DSA keys */
- int (*dsa_keygen) (DSA *dsa);
-+ int (*dsa_keygen_async)(DSA *dsa, struct pkc_cookie_s *cookie);
- };
-
- struct dsa_st {
-diff --git a/crypto/ecdh/ech_locl.h b/crypto/ecdh/ech_locl.h
-index 4e66024..502507b 100644
---- a/crypto/ecdh/ech_locl.h
-+++ b/crypto/ecdh/ech_locl.h
-@@ -68,6 +68,9 @@ struct ecdh_method {
- EC_KEY *ecdh, void *(*KDF) (const void *in,
- size_t inlen, void *out,
- size_t *outlen));
-+ int (*compute_key_async)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
-+ void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen),
-+ struct pkc_cookie_s *cookie);
- # if 0
- int (*init) (EC_KEY *eckey);
- int (*finish) (EC_KEY *eckey);
-diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h
-index d3a5efc..9b28c04 100644
---- a/crypto/ecdsa/ecs_locl.h
-+++ b/crypto/ecdsa/ecs_locl.h
-@@ -74,6 +74,11 @@ struct ecdsa_method {
- BIGNUM **r);
- int (*ecdsa_do_verify) (const unsigned char *dgst, int dgst_len,
- const ECDSA_SIG *sig, EC_KEY *eckey);
-+ int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len,
-+ const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey,
-+ ECDSA_SIG *sig, struct pkc_cookie_s *cookie);
-+ int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
-+ const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie);
- # if 0
- int (*init) (EC_KEY *eckey);
- int (*finish) (EC_KEY *eckey);
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index cc9b63b..90fe9b8 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1371,6 +1371,60 @@ static void zapparams(struct crypt_kop *kop)
- }
- }
-
-+/*
-+ * Any PKC request has at max 2 output parameters and they are stored here to
-+ * be used while copying in the check availability
-+ */
-+struct cryptodev_cookie_s {
-+ BIGNUM *r;
-+ struct crparam r_param;
-+ BIGNUM *s;
-+ struct crparam s_param;
-+ struct crypt_kop *kop;
-+};
-+
-+static int
-+cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
-+ BIGNUM *s)
-+{
-+ int fd;
-+ struct pkc_cookie_s *cookie = kop->cookie;
-+ struct cryptodev_cookie_s *eng_cookie;
-+
-+ fd = *(int *)cookie->eng_handle;
-+
-+ eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
-+
-+ if (eng_cookie) {
-+ memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
-+ if (r) {
-+ kop->crk_param[kop->crk_iparams].crp_p =
-+ calloc(rlen, sizeof(char));
-+ if (!kop->crk_param[kop->crk_iparams].crp_p)
-+ return -ENOMEM;
-+ kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
-+ kop->crk_oparams++;
-+ eng_cookie->r = r;
-+ eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
-+ }
-+ if (s) {
-+ kop->crk_param[kop->crk_iparams + 1].crp_p =
-+ calloc(slen, sizeof(char));
-+ if (!kop->crk_param[kop->crk_iparams + 1].crp_p)
-+ return -ENOMEM;
-+ kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
-+ kop->crk_oparams++;
-+ eng_cookie->s = s;
-+ eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
-+ }
-+ } else
-+ return -ENOMEM;
-+
-+ eng_cookie->kop = kop;
-+ cookie->eng_cookie = eng_cookie;
-+ return ioctl(fd, CIOCASYMASYNCRYPT, kop);
-+}
-+
- static int
- cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
- BIGNUM *s)
-@@ -1438,6 +1492,44 @@ void *cryptodev_init_instance(void)
- return fd;
- }
-
-+# include <poll.h>
-+
-+/* Return 0 on success and 1 on failure */
-+int cryptodev_check_availability(void *eng_handle)
-+{
-+ int fd = *(int *)eng_handle;
-+ struct pkc_cookie_list_s cookie_list;
-+ struct pkc_cookie_s *cookie;
-+ int i;
-+
-+ /* FETCH COOKIE returns number of cookies extracted */
-+ if (ioctl(fd, CIOCASYMFETCHCOOKIE, &cookie_list) <= 0)
-+ return 1;
-+
-+ for (i = 0; i < cookie_list.cookie_available; i++) {
-+ cookie = cookie_list.cookie[i];
-+ if (cookie) {
-+ struct cryptodev_cookie_s *eng_cookie = cookie->eng_cookie;
-+ if (eng_cookie) {
-+ struct crypt_kop *kop = eng_cookie->kop;
-+
-+ if (eng_cookie->r)
-+ crparam2bn(&eng_cookie->r_param, eng_cookie->r);
-+ if (eng_cookie->s)
-+ crparam2bn(&eng_cookie->s_param, eng_cookie->s);
-+ if (kop->crk_op == CRK_DH_COMPUTE_KEY)
-+ kop->crk_oparams = 0;
-+
-+ zapparams(eng_cookie->kop);
-+ free(eng_cookie->kop);
-+ free(eng_cookie);
-+ }
-+ cookie->pkc_callback(cookie, cookie_list.status[i]);
-+ }
-+ }
-+ return 0;
-+}
-+
- static int
- cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-@@ -1485,6 +1577,66 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- }
-
- static int
-+cryptodev_bn_mod_exp_async(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont,
-+ struct pkc_cookie_s *cookie)
-+{
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ int ret = 1;
-+
-+ /*
-+ * Currently, we know we can do mod exp iff we can do any asymmetric
-+ * operations at all.
-+ */
-+ if (cryptodev_asymfeat == 0 || !kop) {
-+ ret = BN_mod_exp(r, a, p, m, ctx);
-+ return (ret);
-+ }
-+
-+ kop->crk_oparams = 0;
-+ kop->crk_status = 0;
-+ kop->crk_op = CRK_MOD_EXP;
-+ kop->cookie = cookie;
-+ /* inputs: a^p % m */
-+ if (bn2crparam(a, &kop->crk_param[0]))
-+ goto err;
-+ if (bn2crparam(p, &kop->crk_param[1]))
-+ goto err;
-+ if (bn2crparam(m, &kop->crk_param[2]))
-+ goto err;
-+
-+ kop->crk_iparams = 3;
-+ if (cryptodev_asym_async(kop, BN_num_bytes(m), r, 0, NULL))
-+ goto err;
-+
-+ return ret;
-+ err:
-+ {
-+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-+
-+ if (kop)
-+ free(kop);
-+ ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
-+ if (ret)
-+ /* Call the completion handler immediately */
-+ cookie->pkc_callback(cookie, 0);
-+ }
-+ return ret;
-+}
-+
-+static int
-+cryptodev_rsa_nocrt_mod_exp_async(BIGNUM *r0, const BIGNUM *I,
-+ RSA *rsa, BN_CTX *ctx,
-+ struct pkc_cookie_s *cookie)
-+{
-+ int r;
-+ ctx = BN_CTX_new();
-+ r = cryptodev_bn_mod_exp_async(r0, I, rsa->d, rsa->n, ctx, NULL, cookie);
-+ BN_CTX_free(ctx);
-+ return r;
-+}
-+
-+static int
- cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
- BN_CTX *ctx)
- {
-@@ -1551,6 +1703,63 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- return (ret);
- }
-
-+static int
-+cryptodev_rsa_mod_exp_async(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
-+ BN_CTX *ctx, struct pkc_cookie_s *cookie)
-+{
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ int ret = 1, f_len, p_len, q_len;
-+ unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq =
-+ NULL, *c = NULL;
-+
-+ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp || !kop) {
-+ return (0);
-+ }
-+
-+ kop->crk_oparams = 0;
-+ kop->crk_status = 0;
-+ kop->crk_op = CRK_MOD_EXP_CRT;
-+ f_len = BN_num_bytes(rsa->n);
-+ spcf_bn2bin_ex(I, &f, &f_len);
-+ spcf_bn2bin(rsa->p, &p, &p_len);
-+ spcf_bn2bin(rsa->q, &q, &q_len);
-+ spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
-+ spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
-+ spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
-+ /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
-+ kop->crk_param[0].crp_p = p;
-+ kop->crk_param[0].crp_nbits = p_len * 8;
-+ kop->crk_param[1].crp_p = q;
-+ kop->crk_param[1].crp_nbits = q_len * 8;
-+ kop->crk_param[2].crp_p = f;
-+ kop->crk_param[2].crp_nbits = f_len * 8;
-+ kop->crk_param[3].crp_p = dp;
-+ kop->crk_param[3].crp_nbits = p_len * 8;
-+ /* dq must of length q, rest all of length p */
-+ kop->crk_param[4].crp_p = dq;
-+ kop->crk_param[4].crp_nbits = q_len * 8;
-+ kop->crk_param[5].crp_p = c;
-+ kop->crk_param[5].crp_nbits = p_len * 8;
-+ kop->crk_iparams = 6;
-+ kop->cookie = cookie;
-+ if (cryptodev_asym_async(kop, BN_num_bytes(rsa->n), r0, 0, NULL))
-+ goto err;
-+
-+ return ret;
-+ err:
-+ {
-+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-+
-+ if (kop)
-+ free(kop);
-+ ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
-+ if (ret)
-+ /* Call user completion handler immediately */
-+ cookie->pkc_callback(cookie, 0);
-+ }
-+ return (ret);
-+}
-+
- static RSA_METHOD cryptodev_rsa = {
- "cryptodev RSA method",
- NULL, /* rsa_pub_enc */
-@@ -1559,6 +1768,12 @@ static RSA_METHOD cryptodev_rsa = {
- NULL, /* rsa_priv_dec */
- NULL,
- NULL,
-+ NULL, /* rsa_pub_enc */
-+ NULL, /* rsa_pub_dec */
-+ NULL, /* rsa_priv_enc */
-+ NULL, /* rsa_priv_dec */
-+ NULL,
-+ NULL,
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
-@@ -1859,128 +2074,428 @@ static int cryptodev_dsa_keygen(DSA *dsa)
- return ret;
- }
-
--static DSA_METHOD cryptodev_dsa = {
-- "cryptodev DSA method",
-- NULL,
-- NULL, /* dsa_sign_setup */
-- NULL,
-- NULL, /* dsa_mod_exp */
-- NULL,
-- NULL, /* init */
-- NULL, /* finish */
-- 0, /* flags */
-- NULL /* app_data */
--};
-+/* Cryptodev DSA Key Gen routine */
-+static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie)
-+{
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ int ret = 1, g_len;
-+ unsigned char *g = NULL;
-
--static ECDSA_METHOD cryptodev_ecdsa = {
-- "cryptodev ECDSA method",
-- NULL,
-- NULL, /* ecdsa_sign_setup */
-- NULL,
-- NULL,
-- 0, /* flags */
-- NULL /* app_data */
--};
-+ if (!kop)
-+ goto sw_try;
-
--typedef enum ec_curve_s {
-- EC_PRIME,
-- EC_BINARY
--} ec_curve_t;
-+ if (dsa->priv_key == NULL) {
-+ if ((dsa->priv_key = BN_new()) == NULL)
-+ goto sw_try;
-+ }
-
--/* ENGINE handler for ECDSA Sign */
--static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
-- int dgst_len, const BIGNUM *in_kinv,
-- const BIGNUM *in_r, EC_KEY *eckey)
--{
-- BIGNUM *m = NULL, *p = NULL, *a = NULL;
-- BIGNUM *b = NULL, *x = NULL, *y = NULL;
-- BN_CTX *ctx = NULL;
-- ECDSA_SIG *ret = NULL;
-- ECDSA_DATA *ecdsa = NULL;
-- unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
-- unsigned char *s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst =
-- NULL;
-- int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
-- int g_len = 0, d_len = 0, ab_len = 0;
-- const BIGNUM *order = NULL, *priv_key = NULL;
-- const EC_GROUP *group = NULL;
-- struct crypt_kop kop;
-- ec_curve_t ec_crv = EC_PRIME;
-+ if (dsa->pub_key == NULL) {
-+ if ((dsa->pub_key = BN_new()) == NULL)
-+ goto sw_try;
-+ }
-
-- memset(&kop, 0, sizeof(kop));
-- ecdsa = ecdsa_check(eckey);
-- if (!ecdsa) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-- return NULL;
-+ g_len = BN_num_bytes(dsa->p);
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+ DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto sw_try;
- }
-
-- group = EC_KEY_get0_group(eckey);
-- priv_key = EC_KEY_get0_private_key(eckey);
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+ kop->crk_op = CRK_DSA_GENERATE_KEY;
-+ if (bn2crparam(dsa->p, &kop->crk_param[0]))
-+ goto sw_try;
-+ if (bn2crparam(dsa->q, &kop->crk_param[1]))
-+ goto sw_try;
-+ kop->crk_param[2].crp_p = g;
-+ kop->crk_param[2].crp_nbits = g_len * 8;
-+ kop->crk_iparams = 3;
-+ kop->cookie = cookie;
-
-- if (!group || !priv_key) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-- return NULL;
-+ /* pub_key is or prime length while priv key is of length of order */
-+ if (cryptodev_asym_async(kop, BN_num_bytes(dsa->p), dsa->pub_key,
-+ BN_num_bytes(dsa->q), dsa->priv_key))
-+ goto sw_try;
-+
-+ return ret;
-+ sw_try:
-+ {
-+ const DSA_METHOD *meth = DSA_OpenSSL();
-+
-+ if (kop)
-+ free(kop);
-+ ret = (meth->dsa_keygen) (dsa);
-+ cookie->pkc_callback(cookie, 0);
- }
-+ return ret;
-+}
-
-- if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-- (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-- (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-- (y = BN_new()) == NULL) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+static int
-+cryptodev_dsa_do_sign_async(const unsigned char *dgst, int dlen, DSA *dsa,
-+ DSA_SIG *sig, struct pkc_cookie_s *cookie)
-+{
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ DSA_SIG *dsaret = NULL;
-+ int q_len = 0, r_len = 0, g_len = 0;
-+ int priv_key_len = 0, ret = 1;
-+ unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f =
-+ NULL;
-+ if (((sig->r = BN_new()) == NULL) || !kop) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
-- order = &group->order;
-- if (!order || BN_is_zero(order)) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
-+ if ((sig->s = BN_new()) == NULL) {
-+ BN_free(sig->r);
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
-- i = BN_num_bits(order);
-- /*
-- * Need to truncate digest if it is too long: first truncate whole bytes
-- */
-- if (8 * dgst_len > i)
-- dgst_len = (i + 7) / 8;
--
-- if (!BN_bin2bn(dgst, dgst_len, m)) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ if (spcf_bn2bin(dsa->p, &q, &q_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
- goto err;
- }
-
-- /* If still too long truncate remaining bits with a shift */
-- if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ /* Get order of the field of private keys into plain buffer */
-+ if (spcf_bn2bin(dsa->q, &r, &r_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
-- /* copy the truncated bits into plain buffer */
-- if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
-- fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__,
-- __LINE__);
-+ /* sanity test */
-+ if (dlen > r_len) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
- goto err;
- }
-
-- ret = ECDSA_SIG_new();
-- if (!ret) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ g_len = q_len;
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
-- /* check if this is prime or binary EC request */
-- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-- NID_X9_62_prime_field) {
-- ec_crv = EC_PRIME;
-- /* get the generator point pair */
-- if (!EC_POINT_get_affine_coordinates_GFp
-- (group, EC_GROUP_get0_generator(group), x, y, ctx)) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-- goto err;
-- }
-+ priv_key_len = r_len;
-+ /**
-+ * Get private key into a plain buffer. If length is less than
-+ * r_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-
-- /* get the ECC curve parameters */
-- if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ /* Allocate memory to store hash. */
-+ f = OPENSSL_malloc(r_len);
-+ if (!f) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ if (dlen < r_len)
-+ memset(f, 0, r_len - dlen);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dlen, dgst, dlen);
-+
-+ dlen = r_len;
-+
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+ kop->crk_op = CRK_DSA_SIGN;
-+
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+ kop->crk_param[0].crp_p = (void *)f;
-+ kop->crk_param[0].crp_nbits = dlen * 8;
-+ kop->crk_param[1].crp_p = (void *)q;
-+ kop->crk_param[1].crp_nbits = q_len * 8;
-+ kop->crk_param[2].crp_p = (void *)r;
-+ kop->crk_param[2].crp_nbits = r_len * 8;
-+ kop->crk_param[3].crp_p = (void *)g;
-+ kop->crk_param[3].crp_nbits = g_len * 8;
-+ kop->crk_param[4].crp_p = (void *)priv_key;
-+ kop->crk_param[4].crp_nbits = priv_key_len * 8;
-+ kop->crk_iparams = 5;
-+ kop->cookie = cookie;
-+
-+ if (cryptodev_asym_async(kop, r_len, sig->r, r_len, sig->s))
-+ goto err;
-+
-+ return ret;
-+ err:
-+ {
-+ const DSA_METHOD *meth = DSA_OpenSSL();
-+
-+ if (kop)
-+ free(kop);
-+ BN_free(sig->r);
-+ BN_free(sig->s);
-+ dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);
-+ sig->r = dsaret->r;
-+ sig->s = dsaret->s;
-+ /* Call user callback immediately */
-+ cookie->pkc_callback(cookie, 0);
-+ ret = dsaret;
-+ }
-+ return ret;
-+}
-+
-+static int
-+cryptodev_dsa_verify_async(const unsigned char *dgst, int dlen,
-+ DSA_SIG *sig, DSA *dsa,
-+ struct pkc_cookie_s *cookie)
-+{
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ int q_len = 0, r_len = 0, g_len = 0;
-+ int w_len = 0, c_len = 0, d_len = 0, ret = 1;
-+ unsigned char *q = NULL, *r = NULL, *w = NULL, *g = NULL;
-+ unsigned char *c = NULL, *d = NULL, *f = NULL;
-+
-+ if (!kop)
-+ goto err;
-+
-+ if (spcf_bn2bin(dsa->p, &q, &q_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ return ret;
-+ }
-+
-+ /* Get Order of field of private keys */
-+ if (spcf_bn2bin(dsa->q, &r, &r_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ g_len = q_len;
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ w_len = q_len;
-+ /**
-+ * Get public key into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ /**
-+ * Get the 1st part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ c_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /**
-+ * Get the 2nd part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ d_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Sanity test */
-+ if (dlen > r_len) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Allocate memory to store hash. */
-+ f = OPENSSL_malloc(r_len);
-+ if (!f) {
-+ DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ if (dlen < r_len)
-+ memset(f, 0, r_len - dlen);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dlen, dgst, dlen);
-+
-+ dlen = r_len;
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
-+ kop->crk_param[0].crp_p = (void *)f;
-+ kop->crk_param[0].crp_nbits = dlen * 8;
-+ kop->crk_param[1].crp_p = q;
-+ kop->crk_param[1].crp_nbits = q_len * 8;
-+ kop->crk_param[2].crp_p = r;
-+ kop->crk_param[2].crp_nbits = r_len * 8;
-+ kop->crk_param[3].crp_p = g;
-+ kop->crk_param[3].crp_nbits = g_len * 8;
-+ kop->crk_param[4].crp_p = w;
-+ kop->crk_param[4].crp_nbits = w_len * 8;
-+ kop->crk_param[5].crp_p = c;
-+ kop->crk_param[5].crp_nbits = c_len * 8;
-+ kop->crk_param[6].crp_p = d;
-+ kop->crk_param[6].crp_nbits = d_len * 8;
-+ kop->crk_iparams = 7;
-+ kop->crk_op = CRK_DSA_VERIFY;
-+ kop->cookie = cookie;
-+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
-+ goto err;
-+
-+ return ret;
-+ err:
-+ {
-+ const DSA_METHOD *meth = DSA_OpenSSL();
-+
-+ if (kop)
-+ free(kop);
-+
-+ ret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
-+ cookie->pkc_callback(cookie, 0);
-+ }
-+ return ret;
-+}
-+
-+static DSA_METHOD cryptodev_dsa = {
-+ "cryptodev DSA method",
-+ NULL,
-+ NULL, /* dsa_sign_setup */
-+ NULL,
-+ NULL, /* dsa_mod_exp */
-+ NULL,
-+ NULL,
-+ NULL,
-+ NULL,
-+ NULL, /* init */
-+ NULL, /* finish */
-+ 0, /* flags */
-+ NULL /* app_data */
-+};
-+
-+static ECDSA_METHOD cryptodev_ecdsa = {
-+ "cryptodev ECDSA method",
-+ NULL,
-+ NULL, /* ecdsa_sign_setup */
-+ NULL,
-+ NULL,
-+ NULL,
-+ NULL,
-+ 0, /* flags */
-+ NULL /* app_data */
-+};
-+
-+typedef enum ec_curve_s {
-+ EC_PRIME,
-+ EC_BINARY
-+} ec_curve_t;
-+
-+/* ENGINE handler for ECDSA Sign */
-+static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
-+ int dgst_len, const BIGNUM *in_kinv,
-+ const BIGNUM *in_r, EC_KEY *eckey)
-+{
-+ BIGNUM *m = NULL, *p = NULL, *a = NULL;
-+ BIGNUM *b = NULL, *x = NULL, *y = NULL;
-+ BN_CTX *ctx = NULL;
-+ ECDSA_SIG *ret = NULL;
-+ ECDSA_DATA *ecdsa = NULL;
-+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
-+ unsigned char *s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst =
-+ NULL;
-+ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
-+ int g_len = 0, d_len = 0, ab_len = 0;
-+ const BIGNUM *order = NULL, *priv_key = NULL;
-+ const EC_GROUP *group = NULL;
-+ struct crypt_kop kop;
-+ ec_curve_t ec_crv = EC_PRIME;
-+
-+ memset(&kop, 0, sizeof(kop));
-+ ecdsa = ecdsa_check(eckey);
-+ if (!ecdsa) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+ return NULL;
-+ }
-+
-+ group = EC_KEY_get0_group(eckey);
-+ priv_key = EC_KEY_get0_private_key(eckey);
-+
-+ if (!group || !priv_key) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+ return NULL;
-+ }
-+
-+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+ (y = BN_new()) == NULL) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ order = &group->order;
-+ if (!order || BN_is_zero(order)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
-+ goto err;
-+ }
-+
-+ i = BN_num_bits(order);
-+ /*
-+ * Need to truncate digest if it is too long: first truncate whole bytes
-+ */
-+ if (8 * dgst_len > i)
-+ dgst_len = (i + 7) / 8;
-+
-+ if (!BN_bin2bn(dgst, dgst_len, m)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* If still too long truncate remaining bits with a shift */
-+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* copy the truncated bits into plain buffer */
-+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
-+ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__,
-+ __LINE__);
-+ goto err;
-+ }
-+
-+ ret = ECDSA_SIG_new();
-+ if (!ret) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* check if this is prime or binary EC request */
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_prime_field) {
-+ ec_crv = EC_PRIME;
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GFp
-+ (group, EC_GROUP_get0_generator(group), x, y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
- goto err;
- }
- } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-@@ -2325,54 +2840,588 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
- goto err;
- }
-
-- /* memory for message representative */
-- f = malloc(r_len);
-- if (!f) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-- goto err;
-+ /* memory for message representative */
-+ f = malloc(r_len);
-+ if (!f) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ memset(f, 0, r_len - dgst_len);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
-+ dgst_len += r_len - dgst_len;
-+ kop.crk_op = CRK_DSA_VERIFY;
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+ kop.crk_param[0].crp_p = f;
-+ kop.crk_param[0].crp_nbits = dgst_len * 8;
-+ kop.crk_param[1].crp_p = q;
-+ kop.crk_param[1].crp_nbits = q_len * 8;
-+ kop.crk_param[2].crp_p = r;
-+ kop.crk_param[2].crp_nbits = r_len * 8;
-+ kop.crk_param[3].crp_p = g_xy;
-+ kop.crk_param[3].crp_nbits = g_len * 8;
-+ kop.crk_param[4].crp_p = w_xy;
-+ kop.crk_param[4].crp_nbits = pub_key_len * 8;
-+ kop.crk_param[5].crp_p = ab;
-+ kop.crk_param[5].crp_nbits = ab_len * 8;
-+ kop.crk_param[6].crp_p = c;
-+ kop.crk_param[6].crp_nbits = d_len * 8;
-+ kop.crk_param[7].crp_p = d;
-+ kop.crk_param[7].crp_nbits = d_len * 8;
-+ kop.crk_iparams = 8;
-+
-+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-+ /*
-+ * OCF success value is 0, if not zero, change ret to fail
-+ */
-+ if (0 == kop.crk_status)
-+ ret = 1;
-+ } else {
-+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+
-+ ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey);
-+ }
-+ kop.crk_param[0].crp_p = NULL;
-+ zapparams(&kop);
-+
-+ err:
-+ return ret;
-+}
-+
-+static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst,
-+ int dgst_len, const BIGNUM *in_kinv,
-+ const BIGNUM *in_r, EC_KEY *eckey,
-+ ECDSA_SIG *sig,
-+ struct pkc_cookie_s *cookie)
-+{
-+ BIGNUM *m = NULL, *p = NULL, *a = NULL;
-+ BIGNUM *b = NULL, *x = NULL, *y = NULL;
-+ BN_CTX *ctx = NULL;
-+ ECDSA_SIG *sig_ret = NULL;
-+ ECDSA_DATA *ecdsa = NULL;
-+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
-+ unsigned char *s = NULL, *f = NULL, *tmp_dgst = NULL;
-+ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
-+ int g_len = 0, ab_len = 0, ret = 1;
-+ const BIGNUM *order = NULL, *priv_key = NULL;
-+ const EC_GROUP *group = NULL;
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ ec_curve_t ec_crv = EC_PRIME;
-+
-+ if (!(sig->r = BN_new()) || !kop)
-+ goto err;
-+ if ((sig->s = BN_new()) == NULL) {
-+ BN_free(r);
-+ goto err;
-+ }
-+
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+ ecdsa = ecdsa_check(eckey);
-+ if (!ecdsa) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+ goto err;
-+ }
-+
-+ group = EC_KEY_get0_group(eckey);
-+ priv_key = EC_KEY_get0_private_key(eckey);
-+
-+ if (!group || !priv_key) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+ goto err;
-+ }
-+
-+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+ (y = BN_new()) == NULL) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ order = &group->order;
-+ if (!order || BN_is_zero(order)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
-+ goto err;
-+ }
-+
-+ i = BN_num_bits(order);
-+ /*
-+ * Need to truncate digest if it is too long: first truncate whole bytes
-+ */
-+ if (8 * dgst_len > i)
-+ dgst_len = (i + 7) / 8;
-+
-+ if (!BN_bin2bn(dgst, dgst_len, m)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* If still too long truncate remaining bits with a shift */
-+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* copy the truncated bits into plain buffer */
-+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
-+ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__,
-+ __LINE__);
-+ goto err;
-+ }
-+
-+ /* check if this is prime or binary EC request */
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group))
-+ == NID_X9_62_prime_field) {
-+ ec_crv = EC_PRIME;
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GFp(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_characteristic_two_field) {
-+ ec_crv = EC_BINARY;
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else {
-+ printf("Unsupported Curve\n");
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ if (spcf_bn2bin(order, &r, &r_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ if (spcf_bn2bin(p, &q, &q_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ priv_key_len = r_len;
-+
-+ /**
-+ * If BN_num_bytes of priv_key returns less then r_len then
-+ * add padding bytes before the key
-+ */
-+ if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Generation of ECC curve parameters */
-+ ab_len = 2 * q_len;
-+ ab = eng_copy_curve_points(a, b, ab_len, q_len);
-+ if (!ab) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ if (ec_crv == EC_BINARY) {
-+ if (eng_ec_get_cparam
-+ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
-+ unsigned char *c_temp = NULL;
-+ int c_temp_len = q_len;
-+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+ memcpy(ab + q_len, c_temp, q_len);
-+ else
-+ goto err;
-+ }
-+ kop->curve_type = ECC_BINARY;
-+ }
-+
-+ /* Calculation of Generator point */
-+ g_len = 2 * q_len;
-+ g_xy = eng_copy_curve_points(x, y, g_len, q_len);
-+ if (!g_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* memory for message representative */
-+ f = malloc(r_len);
-+ if (!f) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ memset(f, 0, r_len - dgst_len);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
-+
-+ dgst_len += r_len - dgst_len;
-+
-+ kop->crk_op = CRK_DSA_SIGN;
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+ kop->crk_param[0].crp_p = f;
-+ kop->crk_param[0].crp_nbits = dgst_len * 8;
-+ kop->crk_param[1].crp_p = q;
-+ kop->crk_param[1].crp_nbits = q_len * 8;
-+ kop->crk_param[2].crp_p = r;
-+ kop->crk_param[2].crp_nbits = r_len * 8;
-+ kop->crk_param[3].crp_p = g_xy;
-+ kop->crk_param[3].crp_nbits = g_len * 8;
-+ kop->crk_param[4].crp_p = s;
-+ kop->crk_param[4].crp_nbits = priv_key_len * 8;
-+ kop->crk_param[5].crp_p = ab;
-+ kop->crk_param[5].crp_nbits = ab_len * 8;
-+ kop->crk_iparams = 6;
-+ kop->cookie = cookie;
-+
-+ if (cryptodev_asym_async(kop, r_len, sig->r, r_len, sig->s))
-+ goto err;
-+
-+ return ret;
-+ err:
-+ {
-+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+ BN_free(sig->r);
-+ BN_free(sig->s);
-+ if (kop)
-+ free(kop);
-+ sig_ret =
-+ (meth->ecdsa_do_sign) (dgst, dgst_len, in_kinv, in_r, eckey);
-+ sig->r = sig_ret->r;
-+ sig->s = sig_ret->s;
-+ cookie->pkc_callback(cookie, 0);
-+ }
-+ return ret;
-+}
-+
-+static int cryptodev_ecdsa_verify_async(const unsigned char *dgst,
-+ int dgst_len, const ECDSA_SIG *sig,
-+ EC_KEY *eckey,
-+ struct pkc_cookie_s *cookie)
-+{
-+ BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL;
-+ BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
-+ BN_CTX *ctx = NULL;
-+ ECDSA_DATA *ecdsa = NULL;
-+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy =
-+ NULL;
-+ unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
-+ int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0;
-+ int d_len = 0, ab_len = 0, ret = 1;
-+ const EC_POINT *pub_key = NULL;
-+ const BIGNUM *order = NULL;
-+ const EC_GROUP *group = NULL;
-+ ec_curve_t ec_crv = EC_PRIME;
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+
-+ if (!kop)
-+ goto err;
-+
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+ ecdsa = ecdsa_check(eckey);
-+ if (!ecdsa) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
-+ goto err;
-+ }
-+
-+ group = EC_KEY_get0_group(eckey);
-+ pub_key = EC_KEY_get0_public_key(eckey);
-+
-+ if (!group || !pub_key) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
-+ goto err;
-+ }
-+
-+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+ (y = BN_new()) == NULL || (w_x = BN_new()) == NULL ||
-+ (w_y = BN_new()) == NULL) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ order = &group->order;
-+ if (!order || BN_is_zero(order)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
-+ goto err;
-+ }
-+
-+ i = BN_num_bits(order);
-+ /*
-+ * Need to truncate digest if it is too long: first truncate whole *
-+ * bytes
-+ */
-+ if (8 * dgst_len > i)
-+ dgst_len = (i + 7) / 8;
-+
-+ if (!BN_bin2bn(dgst, dgst_len, m)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* If still too long truncate remaining bits with a shift */
-+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+ /* copy the truncated bits into plain buffer */
-+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* check if this is prime or binary EC request */
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_prime_field) {
-+ ec_crv = EC_PRIME;
-+
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GFp(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for prime curve */
-+ if (!EC_POINT_get_affine_coordinates_GFp(group,
-+ pub_key, w_x, w_y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_characteristic_two_field) {
-+ ec_crv = EC_BINARY;
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for binary curve */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ pub_key, w_x, w_y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else {
-+ printf("Unsupported Curve\n");
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* Get the order of the subgroup of private keys */
-+ if (spcf_bn2bin((BIGNUM *)order, &r, &r_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the irreducible polynomial that creates the field */
-+ if (spcf_bn2bin(p, &q, &q_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the public key into a flat buffer with appropriate padding */
-+ pub_key_len = 2 * q_len;
-+
-+ w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len);
-+ if (!w_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Generation of ECC curve parameters */
-+ ab_len = 2 * q_len;
-+
-+ ab = eng_copy_curve_points(a, b, ab_len, q_len);
-+ if (!ab) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ if (ec_crv == EC_BINARY) {
-+ /* copy b' i.e c(b), instead of only b */
-+ eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab + q_len, q_len);
-+ kop->curve_type = ECC_BINARY;
-+ }
-+
-+ /* Calculation of Generator point */
-+ g_len = 2 * q_len;
-+
-+ g_xy = eng_copy_curve_points(x, y, g_len, q_len);
-+ if (!g_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /**
-+ * Get the 1st part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ if (BN_num_bytes(sig->r) < r_len)
-+ c_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /**
-+ * Get the 2nd part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ if (BN_num_bytes(sig->s) < r_len)
-+ d_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* memory for message representative */
-+ f = malloc(r_len);
-+ if (!f) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ memset(f, 0, r_len - dgst_len);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
-+
-+ dgst_len += r_len - dgst_len;
-+
-+ kop->crk_op = CRK_DSA_VERIFY;
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+ kop->crk_param[0].crp_p = f;
-+ kop->crk_param[0].crp_nbits = dgst_len * 8;
-+ kop->crk_param[1].crp_p = q;
-+ kop->crk_param[1].crp_nbits = q_len * 8;
-+ kop->crk_param[2].crp_p = r;
-+ kop->crk_param[2].crp_nbits = r_len * 8;
-+ kop->crk_param[3].crp_p = g_xy;
-+ kop->crk_param[3].crp_nbits = g_len * 8;
-+ kop->crk_param[4].crp_p = w_xy;
-+ kop->crk_param[4].crp_nbits = pub_key_len * 8;
-+ kop->crk_param[5].crp_p = ab;
-+ kop->crk_param[5].crp_nbits = ab_len * 8;
-+ kop->crk_param[6].crp_p = c;
-+ kop->crk_param[6].crp_nbits = d_len * 8;
-+ kop->crk_param[7].crp_p = d;
-+ kop->crk_param[7].crp_nbits = d_len * 8;
-+ kop->crk_iparams = 8;
-+ kop->cookie = cookie;
-+
-+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
-+ goto err;
-+
-+ return ret;
-+ err:
-+ {
-+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+
-+ if (kop)
-+ free(kop);
-+ ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey);
-+ cookie->pkc_callback(cookie, 0);
-+ }
-+
-+ return ret;
-+}
-+
-+/* Cryptodev DH Key Gen routine */
-+static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie)
-+{
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ int ret = 1, g_len;
-+ unsigned char *g = NULL;
-+
-+ if (!kop)
-+ goto sw_try;
-+
-+ if (dh->priv_key == NULL) {
-+ if ((dh->priv_key = BN_new()) == NULL)
-+ goto sw_try;
-+ }
-+
-+ if (dh->pub_key == NULL) {
-+ if ((dh->pub_key = BN_new()) == NULL)
-+ goto sw_try;
-+ }
-+
-+ g_len = BN_num_bytes(dh->p);
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
-+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto sw_try;
- }
-
-- /* Add padding, since SEC expects hash to of size r_len */
-- memset(f, 0, r_len - dgst_len);
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+ kop->crk_op = CRK_DH_GENERATE_KEY;
-+ if (bn2crparam(dh->p, &kop->crk_param[0]))
-+ goto sw_try;
-+ if (bn2crparam(dh->q, &kop->crk_param[1]))
-+ goto sw_try;
-+ kop->crk_param[2].crp_p = g;
-+ kop->crk_param[2].crp_nbits = g_len * 8;
-+ kop->crk_iparams = 3;
-+ kop->cookie = cookie;
-
-- /* Skip leading bytes if dgst_len < r_len */
-- memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
-- dgst_len += r_len - dgst_len;
-- kop.crk_op = CRK_DSA_VERIFY;
-- /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-- kop.crk_param[0].crp_p = f;
-- kop.crk_param[0].crp_nbits = dgst_len * 8;
-- kop.crk_param[1].crp_p = q;
-- kop.crk_param[1].crp_nbits = q_len * 8;
-- kop.crk_param[2].crp_p = r;
-- kop.crk_param[2].crp_nbits = r_len * 8;
-- kop.crk_param[3].crp_p = g_xy;
-- kop.crk_param[3].crp_nbits = g_len * 8;
-- kop.crk_param[4].crp_p = w_xy;
-- kop.crk_param[4].crp_nbits = pub_key_len * 8;
-- kop.crk_param[5].crp_p = ab;
-- kop.crk_param[5].crp_nbits = ab_len * 8;
-- kop.crk_param[6].crp_p = c;
-- kop.crk_param[6].crp_nbits = d_len * 8;
-- kop.crk_param[7].crp_p = d;
-- kop.crk_param[7].crp_nbits = d_len * 8;
-- kop.crk_iparams = 8;
-+ /* pub_key is or prime length while priv key is of length of order */
-+ if (cryptodev_asym_async(kop, BN_num_bytes(dh->p), dh->pub_key,
-+ BN_num_bytes(dh->q), dh->priv_key))
-+ goto sw_try;
-
-- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-- /*
-- * OCF success value is 0, if not zero, change ret to fail
-- */
-- if (0 == kop.crk_status)
-- ret = 1;
-- } else {
-- const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+ return ret;
-+ sw_try:
-+ {
-+ const DH_METHOD *meth = DH_OpenSSL();
-
-- ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey);
-+ if (kop)
-+ free(kop);
-+ ret = (meth->generate_key) (dh);
-+ cookie->pkc_callback(cookie, 0);
- }
-- kop.crk_param[0].crp_p = NULL;
-- zapparams(&kop);
--
-- err:
- return ret;
- }
-
-@@ -2481,6 +3530,54 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- return (dhret);
- }
-
-+/* Return Length if successful and 0 on failure */
-+static int
-+cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
-+ DH *dh, struct pkc_cookie_s *cookie)
-+{
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ int ret = 1;
-+ int fd, p_len;
-+ unsigned char *padded_pub_key = NULL, *p = NULL;
-+
-+ fd = *(int *)cookie->eng_handle;
-+
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+ kop->crk_op = CRK_DH_COMPUTE_KEY;
-+ /* inputs: dh->priv_key pub_key dh->p key */
-+ spcf_bn2bin(dh->p, &p, &p_len);
-+ spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
-+
-+ if (bn2crparam(dh->priv_key, &kop->crk_param[0]))
-+ goto err;
-+ kop->crk_param[1].crp_p = padded_pub_key;
-+ kop->crk_param[1].crp_nbits = p_len * 8;
-+ kop->crk_param[2].crp_p = p;
-+ kop->crk_param[2].crp_nbits = p_len * 8;
-+ kop->crk_iparams = 3;
-+
-+ kop->cookie = cookie;
-+ kop->crk_param[3].crp_p = (void *)key;
-+ kop->crk_param[3].crp_nbits = p_len * 8;
-+ kop->crk_oparams = 1;
-+
-+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
-+ goto err;
-+
-+ return p_len;
-+ err:
-+ {
-+ const DH_METHOD *meth = DH_OpenSSL();
-+
-+ if (kop)
-+ free(kop);
-+ ret = (meth->compute_key) (key, pub_key, dh);
-+ /* Call user cookie handler */
-+ cookie->pkc_callback(cookie, 0);
-+ }
-+ return (ret);
-+}
-+
- int cryptodev_ecdh_compute_key(void *out, size_t outlen,
- const EC_POINT *pub_key, EC_KEY *ecdh,
- void *(*KDF) (const void *in, size_t inlen,
-@@ -2663,6 +3760,197 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
- return ret;
- }
-
-+int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
-+ const EC_POINT *pub_key, EC_KEY *ecdh,
-+ void *(*KDF) (const void *in,
-+ size_t inlen, void *out,
-+ size_t *outlen),
-+ struct pkc_cookie_s *cookie)
-+{
-+ ec_curve_t ec_crv = EC_PRIME;
-+ unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
-+ BIGNUM *w_x = NULL, *w_y = NULL;
-+ int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
-+ BIGNUM *p = NULL, *a = NULL, *b = NULL;
-+ BN_CTX *ctx;
-+ EC_POINT *tmp = NULL;
-+ BIGNUM *x = NULL, *y = NULL;
-+ const BIGNUM *priv_key;
-+ const EC_GROUP *group = NULL;
-+ int ret = 1;
-+ size_t buflen, len;
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+
-+ if (!(ctx = BN_CTX_new()) || !kop)
-+ goto err;
-+
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+
-+ BN_CTX_start(ctx);
-+ x = BN_CTX_get(ctx);
-+ y = BN_CTX_get(ctx);
-+ p = BN_CTX_get(ctx);
-+ a = BN_CTX_get(ctx);
-+ b = BN_CTX_get(ctx);
-+ w_x = BN_CTX_get(ctx);
-+ w_y = BN_CTX_get(ctx);
-+
-+ if (!x || !y || !p || !a || !b || !w_x || !w_y) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ priv_key = EC_KEY_get0_private_key(ecdh);
-+ if (priv_key == NULL) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE);
-+ goto err;
-+ }
-+
-+ group = EC_KEY_get0_group(ecdh);
-+ if ((tmp = EC_POINT_new(group)) == NULL) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_prime_field) {
-+ ec_crv = EC_PRIME;
-+
-+ if (!EC_POINT_get_affine_coordinates_GFp(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for prime curve */
-+ if (!EC_POINT_get_affine_coordinates_GFp
-+ (group, pub_key, w_x, w_y, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+ } else {
-+ ec_crv = EC_BINARY;
-+
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for binary curve */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ pub_key, w_x, w_y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ }
-+
-+ /* irreducible polynomial that creates the field */
-+ if (spcf_bn2bin((BIGNUM *)&group->order, &r, &r_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the irreducible polynomial that creates the field */
-+ if (spcf_bn2bin(p, &q, &q_len)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* Get the public key into a flat buffer with appropriate padding */
-+ pub_key_len = 2 * q_len;
-+ w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len);
-+ if (!w_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Generation of ECC curve parameters */
-+ ab_len = 2 * q_len;
-+ ab = eng_copy_curve_points(a, b, ab_len, q_len);
-+ if (!ab) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ if (ec_crv == EC_BINARY) {
-+ /* copy b' i.e c(b), instead of only b */
-+ if (eng_ec_get_cparam
-+ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
-+ unsigned char *c_temp = NULL;
-+ int c_temp_len = q_len;
-+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+ memcpy(ab + q_len, c_temp, q_len);
-+ else
-+ goto err;
-+ }
-+ kop->curve_type = ECC_BINARY;
-+ } else
-+ kop->curve_type = ECC_PRIME;
-+
-+ priv_key_len = r_len;
-+
-+ /*
-+ * If BN_num_bytes of priv_key returns less then r_len then
-+ * add padding bytes before the key
-+ */
-+ if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ buflen = (EC_GROUP_get_degree(group) + 7) / 8;
-+ len = BN_num_bytes(x);
-+ if (len > buflen || q_len < buflen) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
-+ goto err;
-+ }
-+
-+ kop->crk_op = CRK_DH_COMPUTE_KEY;
-+ kop->crk_param[0].crp_p = (void *)s;
-+ kop->crk_param[0].crp_nbits = priv_key_len * 8;
-+ kop->crk_param[1].crp_p = (void *)w_xy;
-+ kop->crk_param[1].crp_nbits = pub_key_len * 8;
-+ kop->crk_param[2].crp_p = (void *)q;
-+ kop->crk_param[2].crp_nbits = q_len * 8;
-+ kop->crk_param[3].crp_p = (void *)ab;
-+ kop->crk_param[3].crp_nbits = ab_len * 8;
-+ kop->crk_iparams = 4;
-+ kop->crk_param[4].crp_p = (void *)out;
-+ kop->crk_param[4].crp_nbits = q_len * 8;
-+ kop->crk_oparams = 1;
-+ kop->cookie = cookie;
-+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
-+ goto err;
-+
-+ return q_len;
-+ err:
-+ {
-+ const ECDH_METHOD *meth = ECDH_OpenSSL();
-+
-+ if (kop)
-+ free(kop);
-+ ret = (meth->compute_key) (out, outlen, pub_key, ecdh, KDF);
-+ /* Call user cookie handler */
-+ cookie->pkc_callback(cookie, 0);
-+ }
-+ return ret;
-+}
-+
- static DH_METHOD cryptodev_dh = {
- "cryptodev DH method",
- NULL, /* cryptodev_dh_generate_key */
-@@ -2670,6 +3958,8 @@ static DH_METHOD cryptodev_dh = {
- NULL,
- NULL,
- NULL,
-+ NULL,
-+ NULL,
- 0, /* flags */
- NULL /* app_data */
- };
-@@ -2678,6 +3968,7 @@ static ECDH_METHOD cryptodev_ecdh = {
- "cryptodev ECDH method",
- NULL, /* cryptodev_ecdh_compute_key */
- NULL,
-+ NULL,
- 0, /* flags */
- NULL /* app_data */
- };
-@@ -2748,10 +4039,15 @@ void ENGINE_load_cryptodev(void)
- cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
- if (cryptodev_asymfeat & CRF_MOD_EXP) {
- cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
-- if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
-+ cryptodev_rsa.bn_mod_exp_async = cryptodev_bn_mod_exp_async;
-+ if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) {
- cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_mod_exp;
-- else
-+ cryptodev_rsa.rsa_mod_exp_async = cryptodev_rsa_mod_exp_async;
-+ } else {
- cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_nocrt_mod_exp;
-+ cryptodev_rsa.rsa_mod_exp_async =
-+ cryptodev_rsa_nocrt_mod_exp_async;
-+ }
- }
- }
-
-@@ -2759,12 +4055,18 @@ void ENGINE_load_cryptodev(void)
- const DSA_METHOD *meth = DSA_OpenSSL();
-
- memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
-- if (cryptodev_asymfeat & CRF_DSA_SIGN)
-+ if (cryptodev_asymfeat & CRF_DSA_SIGN) {
- cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
-- if (cryptodev_asymfeat & CRF_DSA_VERIFY)
-+ cryptodev_dsa.dsa_do_sign_async = cryptodev_dsa_do_sign_async;
-+ }
-+ if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
- cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
-- if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY)
-+ cryptodev_dsa.dsa_do_verify_async = cryptodev_dsa_verify_async;
-+ }
-+ if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) {
- cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen;
-+ cryptodev_dsa.dsa_keygen_async = cryptodev_dsa_keygen_async;
-+ }
- }
-
- if (ENGINE_set_DH(engine, &cryptodev_dh)) {
-@@ -2772,9 +4074,12 @@ void ENGINE_load_cryptodev(void)
- memcpy(&cryptodev_dh, dh_meth, sizeof(DH_METHOD));
- if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
- cryptodev_dh.compute_key = cryptodev_dh_compute_key;
-+ cryptodev_dh.compute_key_async = cryptodev_dh_compute_key_async;
- }
- if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) {
- cryptodev_dh.generate_key = cryptodev_dh_keygen;
-+ cryptodev_dh.generate_key_async = cryptodev_dh_keygen_async;
-+
- }
- }
-
-@@ -2783,9 +4088,13 @@ void ENGINE_load_cryptodev(void)
- memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD));
- if (cryptodev_asymfeat & CRF_DSA_SIGN) {
- cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign;
-+ cryptodev_ecdsa.ecdsa_do_sign_async =
-+ cryptodev_ecdsa_do_sign_async;
- }
- if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
- cryptodev_ecdsa.ecdsa_do_verify = cryptodev_ecdsa_verify;
-+ cryptodev_ecdsa.ecdsa_do_verify_async =
-+ cryptodev_ecdsa_verify_async;
- }
- }
-
-@@ -2794,9 +4103,16 @@ void ENGINE_load_cryptodev(void)
- memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD));
- if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
- cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key;
-+ cryptodev_ecdh.compute_key_async =
-+ cryptodev_ecdh_compute_key_async;
- }
- }
-
-+ ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability);
-+ ENGINE_set_close_instance(engine, cryptodev_close_instance);
-+ ENGINE_set_init_instance(engine, cryptodev_init_instance);
-+ ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC);
-+
- ENGINE_add(engine);
- ENGINE_free(engine);
- ERR_clear_error();
-diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
-index 46f163b..b698a0c 100644
---- a/crypto/engine/eng_int.h
-+++ b/crypto/engine/eng_int.h
-@@ -198,6 +198,29 @@ struct engine_st {
- ENGINE_LOAD_KEY_PTR load_privkey;
- ENGINE_LOAD_KEY_PTR load_pubkey;
- ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
-+ /*
-+ * Instantiate Engine handle to be passed in check_pkc_availability
-+ * Ensure that Engine is instantiated before any pkc asynchronous call.
-+ */
-+ void *(*engine_init_instance)(void);
-+ /*
-+ * Instantiated Engine handle will be closed with this call.
-+ * Ensure that no pkc asynchronous call is made after this call
-+ */
-+ void (*engine_close_instance)(void *handle);
-+ /*
-+ * Check availability will extract the data from kernel.
-+ * eng_handle: This is the Engine handle corresponds to which
-+ * the cookies needs to be polled.
-+ * return 0 if cookie available else 1
-+ */
-+ int (*check_pkc_availability)(void *eng_handle);
-+ /*
-+ * The following map is used to check if the engine supports asynchronous implementation
-+ * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous
-+ * implementation need to check this features using "int ENGINE_get_async_map(engine *)";
-+ */
-+ int async_map;
- const ENGINE_CMD_DEFN *cmd_defns;
- int flags;
- /* reference count on the structure itself */
-diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
-index dc2abd2..0c57e12 100644
---- a/crypto/engine/eng_lib.c
-+++ b/crypto/engine/eng_lib.c
-@@ -100,7 +100,11 @@ void engine_set_all_null(ENGINE *e)
- e->ctrl = NULL;
- e->load_privkey = NULL;
- e->load_pubkey = NULL;
-+ e->check_pkc_availability = NULL;
-+ e->engine_init_instance = NULL;
-+ e->engine_close_instance = NULL;
- e->cmd_defns = NULL;
-+ e->async_map = 0;
- e->flags = 0;
- }
-
-@@ -246,6 +250,48 @@ int ENGINE_set_id(ENGINE *e, const char *id)
- }
- e->id = id;
- return 1;
-+ }
-+
-+void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void))
-+ {
-+ e->engine_init_instance = engine_init_instance;
-+ }
-+
-+void ENGINE_set_close_instance(ENGINE *e,
-+ void (*engine_close_instance)(void *))
-+ {
-+ e->engine_close_instance = engine_close_instance;
-+ }
-+
-+void ENGINE_set_async_map(ENGINE *e, int async_map)
-+ {
-+ e->async_map = async_map;
-+ }
-+
-+void *ENGINE_init_instance(ENGINE *e)
-+ {
-+ return e->engine_init_instance();
-+ }
-+
-+void ENGINE_close_instance(ENGINE *e, void *eng_handle)
-+ {
-+ e->engine_close_instance(eng_handle);
-+ }
-+
-+int ENGINE_get_async_map(ENGINE *e)
-+ {
-+ return e->async_map;
-+ }
-+
-+void ENGINE_set_check_pkc_availability(ENGINE *e,
-+ int (*check_pkc_availability)(void *eng_handle))
-+ {
-+ e->check_pkc_availability = check_pkc_availability;
-+ }
-+
-+int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle)
-+ {
-+ return e->check_pkc_availability(eng_handle);
- }
-
- int ENGINE_set_name(ENGINE *e, const char *name)
-diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
-index 020d912..4527aa1 100644
---- a/crypto/engine/engine.h
-+++ b/crypto/engine/engine.h
-@@ -551,6 +551,30 @@ ENGINE *ENGINE_new(void);
- int ENGINE_free(ENGINE *e);
- int ENGINE_up_ref(ENGINE *e);
- int ENGINE_set_id(ENGINE *e, const char *id);
-+void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void));
-+void ENGINE_set_close_instance(ENGINE *e,
-+ void (*engine_free_instance)(void *));
-+/*
-+ * Following FLAGS are bitmap store in async_map to set asynchronous interface capability
-+ *of the engine
-+ */
-+#define ENGINE_RSA_ASYNC 0x0001
-+#define ENGINE_DSA_ASYNC 0x0002
-+#define ENGINE_DH_ASYNC 0x0004
-+#define ENGINE_ECDSA_ASYNC 0x0008
-+#define ENGINE_ECDH_ASYNC 0x0010
-+#define ENGINE_ALLPKC_ASYNC 0x001F
-+/* Engine implementation will set the bitmap based on above flags using following API */
-+void ENGINE_set_async_map(ENGINE *e, int async_map);
-+ /* Application need to check the bitmap based on above flags using following API
-+ * to confirm asynchronous methods supported
-+ */
-+int ENGINE_get_async_map(ENGINE *e);
-+void *ENGINE_init_instance(ENGINE *e);
-+void ENGINE_close_instance(ENGINE *e, void *eng_handle);
-+void ENGINE_set_check_pkc_availability(ENGINE *e,
-+ int (*check_pkc_availability)(void *eng_handle));
-+int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle);
- int ENGINE_set_name(ENGINE *e, const char *name);
- int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
- int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
-diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
-index d2ee374..7c539fc 100644
---- a/crypto/rsa/rsa.h
-+++ b/crypto/rsa/rsa.h
-@@ -97,6 +97,29 @@ struct rsa_meth_st {
- /* Can be null */
- int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-+ /*
-+ * Cookie in the following _async variant must be allocated before
-+ * submission and can be freed once its corresponding callback
-+ * handler is called
-+ */
-+ int (*rsa_pub_enc_asyn)(int flen,const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding,
-+ struct pkc_cookie_s *cookie);
-+ int (*rsa_pub_dec_async)(int flen,const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding,
-+ struct pkc_cookie_s *cookie);
-+ int (*rsa_priv_enc_async)(int flen,const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding,
-+ struct pkc_cookie_s *cookie);
-+ int (*rsa_priv_dec_async)(int flen,const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding,
-+ struct pkc_cookie_s *cookie);
-+ int (*rsa_mod_exp_async)(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
-+ BN_CTX *ctx, struct pkc_cookie_s *cookie);
-+ int (*bn_mod_exp_async)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-+ const BIGNUM *m, BN_CTX *ctx,
-+ BN_MONT_CTX *m_ctx, struct pkc_cookie_s *cookie);
-+
- /* called at new */
- int (*init) (RSA *rsa);
- /* called at free */
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
deleted file mode 100644
index 070b93a..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
+++ /dev/null
@@ -1,155 +0,0 @@
-From 73629969c6fe54529441530674b061ce31a41d93 Mon Sep 17 00:00:00 2001
-From: Hou Zhiqiang <B48286@freescale.com>
-Date: Wed, 2 Apr 2014 16:10:43 +0800
-Subject: [PATCH 08/48] Add RSA keygen operation and support gendsa command
- with hardware engine
-
-Upstream-status: Pending
-
-Signed-off-by: Hou Zhiqiang <B48286@freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 120 ++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 120 insertions(+)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 90fe9b8..8c9ad5c 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2022,6 +2022,124 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
- }
- }
-
-+/* Cryptodev RSA Key Gen routine */
-+static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
-+{
-+ struct crypt_kop kop;
-+ int ret, fd;
-+ int p_len, q_len;
-+ int i;
-+
-+ if ((fd = get_asym_dev_crypto()) < 0)
-+ return fd;
-+
-+ if (!rsa->n && ((rsa->n = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->d && ((rsa->d = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->e && ((rsa->e = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->p && ((rsa->p = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->q && ((rsa->q = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->dmp1 && ((rsa->dmp1 = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->dmq1 && ((rsa->dmq1 = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL))
-+ goto err;
-+
-+ BN_copy(rsa->e, e);
-+
-+ p_len = (bits + 1) / (2 * 8);
-+ q_len = (bits - p_len * 8) / 8;
-+ memset(&kop, 0, sizeof kop);
-+ kop.crk_op = CRK_RSA_GENERATE_KEY;
-+
-+ /* p length */
-+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
-+ if (!kop.crk_param[kop.crk_iparams].crp_p)
-+ goto err;
-+ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
-+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
-+ kop.crk_iparams++;
-+ kop.crk_oparams++;
-+ /* q length */
-+ kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
-+ if (!kop.crk_param[kop.crk_iparams].crp_p)
-+ goto err;
-+ kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
-+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
-+ kop.crk_iparams++;
-+ kop.crk_oparams++;
-+ /* n length */
-+ kop.crk_param[kop.crk_iparams].crp_p =
-+ calloc(p_len + q_len + 1, sizeof(char));
-+ if (!kop.crk_param[kop.crk_iparams].crp_p)
-+ goto err;
-+ kop.crk_param[kop.crk_iparams].crp_nbits = bits;
-+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0x00, p_len + q_len + 1);
-+ kop.crk_iparams++;
-+ kop.crk_oparams++;
-+ /* d length */
-+ kop.crk_param[kop.crk_iparams].crp_p =
-+ calloc(p_len + q_len + 1, sizeof(char));
-+ if (!kop.crk_param[kop.crk_iparams].crp_p)
-+ goto err;
-+ kop.crk_param[kop.crk_iparams].crp_nbits = bits;
-+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + q_len + 1);
-+ kop.crk_iparams++;
-+ kop.crk_oparams++;
-+ /* dp1 length */
-+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
-+ if (!kop.crk_param[kop.crk_iparams].crp_p)
-+ goto err;
-+ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
-+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
-+ kop.crk_iparams++;
-+ kop.crk_oparams++;
-+ /* dq1 length */
-+ kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
-+ if (!kop.crk_param[kop.crk_iparams].crp_p)
-+ goto err;
-+ kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
-+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
-+ kop.crk_iparams++;
-+ kop.crk_oparams++;
-+ /* i length */
-+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
-+ if (!kop.crk_param[kop.crk_iparams].crp_p)
-+ goto err;
-+ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
-+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
-+ kop.crk_iparams++;
-+ kop.crk_oparams++;
-+
-+ if (ioctl(fd, CIOCKEY, &kop) == 0) {
-+ BN_bin2bn(kop.crk_param[0].crp_p, p_len, rsa->p);
-+ BN_bin2bn(kop.crk_param[1].crp_p, q_len, rsa->q);
-+ BN_bin2bn(kop.crk_param[2].crp_p, bits / 8, rsa->n);
-+ BN_bin2bn(kop.crk_param[3].crp_p, bits / 8, rsa->d);
-+ BN_bin2bn(kop.crk_param[4].crp_p, p_len, rsa->dmp1);
-+ BN_bin2bn(kop.crk_param[5].crp_p, q_len, rsa->dmq1);
-+ BN_bin2bn(kop.crk_param[6].crp_p, p_len, rsa->iqmp);
-+ return 1;
-+ }
-+ sw_try:
-+ {
-+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-+ ret = (meth->rsa_keygen) (rsa, bits, e, cb);
-+ }
-+ return ret;
-+
-+ err:
-+ for (i = 0; i < CRK_MAXPARAM; i++)
-+ free(kop.crk_param[i].crp_p);
-+ return 0;
-+
-+}
-+
- /* Cryptodev DSA Key Gen routine */
- static int cryptodev_dsa_keygen(DSA *dsa)
- {
-@@ -4048,6 +4166,8 @@ void ENGINE_load_cryptodev(void)
- cryptodev_rsa.rsa_mod_exp_async =
- cryptodev_rsa_nocrt_mod_exp_async;
- }
-+ if (cryptodev_asymfeat & CRF_RSA_GENERATE_KEY)
-+ cryptodev_rsa.rsa_keygen = cryptodev_rsa_keygen;
- }
- }
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch
deleted file mode 100644
index faa1690..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From b3726ca2b823fe2a4c675b750e6f96d4a03ce93c Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta@freescale.com>
-Date: Wed, 16 Apr 2014 22:53:04 +0545
-Subject: [PATCH 09/48] RSA Keygen Fix
-
-Upstream-status: Pending
-
-If Kernel driver doesn't support RSA Keygen or same returns
-error handling the keygen operation, the keygen is gracefully
-handled by software supported rsa_keygen handler
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 12 +++++++-----
- 1 file changed, 7 insertions(+), 5 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 8c9ad5c..3686c23 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2031,7 +2031,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
- int i;
-
- if ((fd = get_asym_dev_crypto()) < 0)
-- return fd;
-+ goto sw_try;
-
- if (!rsa->n && ((rsa->n = BN_new()) == NULL))
- goto err;
-@@ -2060,7 +2060,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
- /* p length */
- kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
- if (!kop.crk_param[kop.crk_iparams].crp_p)
-- goto err;
-+ goto sw_try;
- kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
- memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
- kop.crk_iparams++;
-@@ -2068,7 +2068,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
- /* q length */
- kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
- if (!kop.crk_param[kop.crk_iparams].crp_p)
-- goto err;
-+ goto sw_try;
- kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
- memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
- kop.crk_iparams++;
-@@ -2128,8 +2128,10 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
- }
- sw_try:
- {
-- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-- ret = (meth->rsa_keygen) (rsa, bits, e, cb);
-+ const RSA_METHOD *meth = rsa->meth;
-+ rsa->meth = RSA_PKCS1_SSLeay();
-+ ret = RSA_generate_key_ex(rsa, bits, e, cb);
-+ rsa->meth = meth;
- }
- return ret;
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch
deleted file mode 100644
index 22258b4..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch
+++ /dev/null
@@ -1,163 +0,0 @@
-From 1a7d37d609b5ce61d0c1454292dd4500859ed65c Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta@freescale.com>
-Date: Thu, 17 Apr 2014 06:57:59 +0545
-Subject: [PATCH 10/48] Removed local copy of curve_t type
-
-Upstream-status: Pending
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 33 ++++++++++++++-------------------
- crypto/engine/eng_cryptodev_ec.h | 7 -------
- 2 files changed, 14 insertions(+), 26 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 3686c23..afcf72b 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2517,11 +2517,6 @@ static ECDSA_METHOD cryptodev_ecdsa = {
- NULL /* app_data */
- };
-
--typedef enum ec_curve_s {
-- EC_PRIME,
-- EC_BINARY
--} ec_curve_t;
--
- /* ENGINE handler for ECDSA Sign */
- static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
- int dgst_len, const BIGNUM *in_kinv,
-@@ -2540,7 +2535,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
- const BIGNUM *order = NULL, *priv_key = NULL;
- const EC_GROUP *group = NULL;
- struct crypt_kop kop;
-- ec_curve_t ec_crv = EC_PRIME;
-+ enum ec_curve_t ec_crv = EC_PRIME;
-
- memset(&kop, 0, sizeof(kop));
- ecdsa = ecdsa_check(eckey);
-@@ -2678,7 +2673,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
- else
- goto err;
- }
-- kop.curve_type = ECC_BINARY;
-+ kop.curve_type = EC_BINARY;
- }
-
- /* Calculation of Generator point */
-@@ -2773,7 +2768,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
- const EC_POINT *pub_key = NULL;
- const BIGNUM *order = NULL;
- const EC_GROUP *group = NULL;
-- ec_curve_t ec_crv = EC_PRIME;
-+ enum ec_curve_t ec_crv = EC_PRIME;
- struct crypt_kop kop;
-
- memset(&kop, 0, sizeof kop);
-@@ -2924,7 +2919,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
- else
- goto err;
- }
-- kop.curve_type = ECC_BINARY;
-+ kop.curve_type = EC_BINARY;
- }
-
- /* Calculation of Generator point */
-@@ -3029,7 +3024,7 @@ static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst,
- const BIGNUM *order = NULL, *priv_key = NULL;
- const EC_GROUP *group = NULL;
- struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-- ec_curve_t ec_crv = EC_PRIME;
-+ enum ec_curve_t ec_crv = EC_PRIME;
-
- if (!(sig->r = BN_new()) || !kop)
- goto err;
-@@ -3170,7 +3165,7 @@ static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst,
- else
- goto err;
- }
-- kop->curve_type = ECC_BINARY;
-+ kop->curve_type = EC_BINARY;
- }
-
- /* Calculation of Generator point */
-@@ -3250,7 +3245,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst,
- const EC_POINT *pub_key = NULL;
- const BIGNUM *order = NULL;
- const EC_GROUP *group = NULL;
-- ec_curve_t ec_crv = EC_PRIME;
-+ enum ec_curve_t ec_crv = EC_PRIME;
- struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-
- if (!kop)
-@@ -3397,7 +3392,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst,
- if (ec_crv == EC_BINARY) {
- /* copy b' i.e c(b), instead of only b */
- eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab + q_len, q_len);
-- kop->curve_type = ECC_BINARY;
-+ kop->curve_type = EC_BINARY;
- }
-
- /* Calculation of Generator point */
-@@ -3703,7 +3698,7 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
- void *(*KDF) (const void *in, size_t inlen,
- void *out, size_t *outlen))
- {
-- ec_curve_t ec_crv = EC_PRIME;
-+ enum ec_curve_t ec_crv = EC_PRIME;
- unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
- BIGNUM *w_x = NULL, *w_y = NULL;
- int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
-@@ -3833,9 +3828,9 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
- else
- goto err;
- }
-- kop.curve_type = ECC_BINARY;
-+ kop.curve_type = EC_BINARY;
- } else
-- kop.curve_type = ECC_PRIME;
-+ kop.curve_type = EC_PRIME;
-
- priv_key_len = r_len;
-
-@@ -3887,7 +3882,7 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
- size_t *outlen),
- struct pkc_cookie_s *cookie)
- {
-- ec_curve_t ec_crv = EC_PRIME;
-+ enum ec_curve_t ec_crv = EC_PRIME;
- unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
- BIGNUM *w_x = NULL, *w_y = NULL;
- int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
-@@ -4018,9 +4013,9 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
- else
- goto err;
- }
-- kop->curve_type = ECC_BINARY;
-+ kop->curve_type = EC_BINARY;
- } else
-- kop->curve_type = ECC_PRIME;
-+ kop->curve_type = EC_PRIME;
-
- priv_key_len = r_len;
-
-diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h
-index af54c51..41a8702 100644
---- a/crypto/engine/eng_cryptodev_ec.h
-+++ b/crypto/engine/eng_cryptodev_ec.h
-@@ -287,11 +287,4 @@ static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y,
-
- return xy;
- }
--
--enum curve_t {
-- DISCRETE_LOG,
-- ECC_PRIME,
-- ECC_BINARY,
-- MAX_ECC_TYPE
--};
- #endif
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch
deleted file mode 100644
index d7fb223..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 82afed6364dfcced7458dbd2bda7932054078f04 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta@freescale.com>
-Date: Tue, 22 Apr 2014 22:58:33 +0545
-Subject: [PATCH 11/48] Modulus parameter is not populated by dhparams
-
-Upstream-status: Pending
-
-When dhparams are created, modulus parameter required for
-private key generation is not populated. So, falling back
-to software for proper population of modulus parameters followed
-by private key generation
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index afcf72b..2013746 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -3515,7 +3515,7 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie)
- kop->crk_op = CRK_DH_GENERATE_KEY;
- if (bn2crparam(dh->p, &kop->crk_param[0]))
- goto sw_try;
-- if (bn2crparam(dh->q, &kop->crk_param[1]))
-+ if (!dh->q || bn2crparam(dh->q, &kop->crk_param[1]))
- goto sw_try;
- kop->crk_param[2].crp_p = g;
- kop->crk_param[2].crp_nbits = g_len * 8;
-@@ -3570,7 +3570,7 @@ static int cryptodev_dh_keygen(DH *dh)
- kop.crk_op = CRK_DH_GENERATE_KEY;
- if (bn2crparam(dh->p, &kop.crk_param[0]))
- goto sw_try;
-- if (bn2crparam(dh->q, &kop.crk_param[1]))
-+ if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1]))
- goto sw_try;
- kop.crk_param[2].crp_p = g;
- kop.crk_param[2].crp_nbits = g_len * 8;
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch
deleted file mode 100644
index b665f7a..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From f7817245b35156ec2b15514c952db806140c6ebc Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta@freescale.com>
-Date: Thu, 24 Apr 2014 00:35:34 +0545
-Subject: [PATCH 12/48] SW Backoff mechanism for dsa keygen
-
-Upstream-status: Pending
-
-DSA Keygen is not handled in default openssl dsa method. Due to
-same null function pointer in SW DSA method, the backoff for dsa
-keygen gives segmentation fault.
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 12 ++++++++----
- 1 file changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 2013746..a3a97d2 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2188,8 +2188,10 @@ static int cryptodev_dsa_keygen(DSA *dsa)
- return ret;
- sw_try:
- {
-- const DSA_METHOD *meth = DSA_OpenSSL();
-- ret = (meth->dsa_keygen) (dsa);
-+ const DSA_METHOD *meth = dsa->meth;
-+ dsa->meth = DSA_OpenSSL();
-+ ret = DSA_generate_key(dsa);
-+ dsa->meth = meth;
- }
- return ret;
- }
-@@ -2243,11 +2245,13 @@ static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie)
- return ret;
- sw_try:
- {
-- const DSA_METHOD *meth = DSA_OpenSSL();
-+ const DSA_METHOD *meth = dsa->meth;
-
-+ dsa->meth = DSA_OpenSSL();
- if (kop)
- free(kop);
-- ret = (meth->dsa_keygen) (dsa);
-+ ret = DSA_generate_key(dsa);
-+ dsa->meth = meth;
- cookie->pkc_callback(cookie, 0);
- }
- return ret;
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch
deleted file mode 100644
index 4f8fd4d..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From 0075a1d36133523a40efc66d6491a4f11aca87fd Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta@freescale.com>
-Date: Thu, 1 May 2014 06:35:45 +0545
-Subject: [PATCH 13/48] Fixed DH keygen pair generator
-
-Upstream-status: Pending
-
-Wrong Padding results into keygen length error
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 50 ++++++++++++++++++++++++++++---------------
- 1 file changed, 33 insertions(+), 17 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index a3a97d2..5a9f4b7 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -3547,44 +3547,60 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie)
- static int cryptodev_dh_keygen(DH *dh)
- {
- struct crypt_kop kop;
-- int ret = 1, g_len;
-- unsigned char *g = NULL;
-+ int ret = 1, q_len = 0;
-+ unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL;
-+ BIGNUM *pub_key = NULL, *priv_key = NULL;
-+ int generate_new_key = 1;
-
-- if (dh->priv_key == NULL) {
-- if ((dh->priv_key = BN_new()) == NULL)
-- goto sw_try;
-- }
-+ if (dh->priv_key)
-+ priv_key = dh->priv_key;
-
-- if (dh->pub_key == NULL) {
-- if ((dh->pub_key = BN_new()) == NULL)
-- goto sw_try;
-- }
-+ if (dh->pub_key)
-+ pub_key = dh->pub_key;
-
-- g_len = BN_num_bytes(dh->p);
-+ q_len = BN_num_bytes(dh->p);
- /**
- * Get generator into a plain buffer. If length is less than
- * q_len then add leading padding bytes.
- */
-- if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
-+ if (spcf_bn2bin_ex(dh->g, &g, &q_len)) {
-+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto sw_try;
-+ }
-+
-+ if (spcf_bn2bin_ex(dh->p, &q, &q_len)) {
- DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
- goto sw_try;
- }
-
- memset(&kop, 0, sizeof kop);
- kop.crk_op = CRK_DH_GENERATE_KEY;
-- if (bn2crparam(dh->p, &kop.crk_param[0]))
-- goto sw_try;
-+ kop.crk_param[0].crp_p = q;
-+ kop.crk_param[0].crp_nbits = q_len * 8;
- if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1]))
- goto sw_try;
- kop.crk_param[2].crp_p = g;
-- kop.crk_param[2].crp_nbits = g_len * 8;
-+ kop.crk_param[2].crp_nbits = q_len * 8;
- kop.crk_iparams = 3;
-
-+ s = OPENSSL_malloc(q_len);
-+ if (!s) {
-+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto sw_try;
-+ }
-+
-+ w = OPENSSL_malloc(q_len);
-+ if (!w) {
-+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto sw_try;
-+ }
-+
- /* pub_key is or prime length while priv key is of length of order */
-- if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
-- BN_num_bytes(dh->q), dh->priv_key))
-+ if (cryptodev_asym(&kop, q_len, w, q_len, s))
- goto sw_try;
-
-+ dh->pub_key = BN_bin2bn(w, q_len, pub_key);
-+ dh->pub_key = BN_bin2bn(s, q_len, priv_key);
- return ret;
- sw_try:
- {
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
deleted file mode 100644
index 898499b..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
+++ /dev/null
@@ -1,321 +0,0 @@
-From fcbd6199deb715b117153b7df00cdd4cdec44d79 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@freescale.com>
-Date: Mon, 16 Jun 2014 14:06:21 +0300
-Subject: [PATCH 14/48] cryptodev: add support for aes-gcm algorithm offloading
-
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- apps/speed.c | 6 +-
- crypto/engine/eng_cryptodev.c | 236 +++++++++++++++++++++++++++++++++++++++++-
- 2 files changed, 240 insertions(+), 2 deletions(-)
-
-diff --git a/apps/speed.c b/apps/speed.c
-index b862868..fd2a2a5 100644
---- a/apps/speed.c
-+++ b/apps/speed.c
-@@ -226,7 +226,11 @@
- # endif
-
- # undef BUFSIZE
--# define BUFSIZE ((long)1024*8+1)
-+/* The buffer overhead allows GCM tag at the end of the encrypted data. This
-+ avoids buffer overflows from cryptodev since Linux kernel GCM
-+ implementation allways adds the tag - unlike e_aes.c:aes_gcm_cipher()
-+ which doesn't */
-+#define BUFSIZE ((long)1024*8 + EVP_GCM_TLS_TAG_LEN)
- static volatile int run = 0;
-
- static int mr = 0;
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 5a9f4b7..1754917 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2,6 +2,7 @@
- * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
- * Copyright (c) 2002 Theo de Raadt
- * Copyright (c) 2002 Markus Friedl
-+ * Copyright (c) 2013-2014 Freescale Semiconductor, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
-@@ -78,8 +79,10 @@ struct dev_crypto_state {
- struct session_op d_sess;
- int d_fd;
- unsigned char *aad;
-- unsigned int aad_len;
-+ int aad_len;
- unsigned int len;
-+ unsigned char *iv;
-+ int ivlen;
- # ifdef USE_CRYPTODEV_DIGESTS
- char dummy_mac_key[HASH_MAX_LEN];
- unsigned char digest_res[HASH_MAX_LEN];
-@@ -288,6 +291,9 @@ static struct {
- CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20
- },
- {
-+ CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0
-+ },
-+ {
- 0, NID_undef, 0, 0, 0
- },
- };
-@@ -326,6 +332,22 @@ static struct {
- };
- # endif
-
-+/* increment counter (64-bit int) by 1 */
-+static void ctr64_inc(unsigned char *counter)
-+{
-+ int n = 8;
-+ unsigned char c;
-+
-+ do {
-+ --n;
-+ c = counter[n];
-+ ++c;
-+ counter[n] = c;
-+ if (c)
-+ return;
-+ } while (n);
-+}
-+
- /*
- * Return a fd if /dev/crypto seems usable, 0 otherwise.
- */
-@@ -808,6 +830,199 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
- }
- }
-
-+static int cryptodev_init_gcm_key(EVP_CIPHER_CTX *ctx,
-+ const unsigned char *key,
-+ const unsigned char *iv, int enc)
-+{
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ struct session_op *sess = &state->d_sess;
-+ int cipher = -1, i;
-+ if (!iv && !key)
-+ return 1;
-+
-+ if (iv)
-+ memcpy(ctx->iv, iv, ctx->cipher->iv_len);
-+
-+ for (i = 0; ciphers[i].id; i++)
-+ if (ctx->cipher->nid == ciphers[i].nid &&
-+ ctx->cipher->iv_len <= ciphers[i].ivmax &&
-+ ctx->key_len == ciphers[i].keylen) {
-+ cipher = ciphers[i].id;
-+ break;
-+ }
-+
-+ if (!ciphers[i].id) {
-+ state->d_fd = -1;
-+ return 0;
-+ }
-+
-+ memset(sess, 0, sizeof(struct session_op));
-+
-+ if ((state->d_fd = get_dev_crypto()) < 0)
-+ return 0;
-+
-+ sess->key = (unsigned char *)key;
-+ sess->keylen = ctx->key_len;
-+ sess->cipher = cipher;
-+
-+ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
-+ put_dev_crypto(state->d_fd);
-+ state->d_fd = -1;
-+ return 0;
-+ }
-+ return 1;
-+}
-+
-+static int cryptodev_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t len)
-+{
-+ struct crypt_auth_op cryp = { 0 };
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ struct session_op *sess = &state->d_sess;
-+ int rv = len;
-+
-+ if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ?
-+ EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
-+ EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
-+ return 0;
-+
-+ in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-+ out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-+ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
-+
-+ if (ctx->encrypt) {
-+ len -= EVP_GCM_TLS_TAG_LEN;
-+ }
-+ cryp.ses = sess->ses;
-+ cryp.len = len;
-+ cryp.src = (unsigned char *)in;
-+ cryp.dst = out;
-+ cryp.auth_src = state->aad;
-+ cryp.auth_len = state->aad_len;
-+ cryp.iv = ctx->iv;
-+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-+
-+ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
-+ return 0;
-+ }
-+
-+ if (ctx->encrypt)
-+ ctr64_inc(state->iv + state->ivlen - 8);
-+ else
-+ rv = len - EVP_GCM_TLS_TAG_LEN;
-+
-+ return rv;
-+}
-+
-+static int cryptodev_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t len)
-+{
-+ struct crypt_auth_op cryp;
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ struct session_op *sess = &state->d_sess;
-+
-+ if (state->d_fd < 0)
-+ return 0;
-+
-+ if ((len % ctx->cipher->block_size) != 0)
-+ return 0;
-+
-+ if (state->aad_len >= 0)
-+ return cryptodev_gcm_tls_cipher(ctx, out, in, len);
-+
-+ memset(&cryp, 0, sizeof(cryp));
-+
-+ cryp.ses = sess->ses;
-+ cryp.len = len;
-+ cryp.src = (unsigned char *)in;
-+ cryp.dst = out;
-+ cryp.auth_src = NULL;
-+ cryp.auth_len = 0;
-+ cryp.iv = ctx->iv;
-+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-+
-+ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
-+ return 0;
-+ }
-+
-+ return len;
-+}
-+
-+static int cryptodev_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
-+ void *ptr)
-+{
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ switch (type) {
-+ case EVP_CTRL_INIT:
-+ {
-+ state->ivlen = ctx->cipher->iv_len;
-+ state->iv = ctx->iv;
-+ state->aad_len = -1;
-+ return 1;
-+ }
-+ case EVP_CTRL_GCM_SET_IV_FIXED:
-+ {
-+ /* Special case: -1 length restores whole IV */
-+ if (arg == -1) {
-+ memcpy(state->iv, ptr, state->ivlen);
-+ return 1;
-+ }
-+ /*
-+ * Fixed field must be at least 4 bytes and invocation field at
-+ * least 8.
-+ */
-+ if ((arg < 4) || (state->ivlen - arg) < 8)
-+ return 0;
-+ if (arg)
-+ memcpy(state->iv, ptr, arg);
-+ if (ctx->encrypt &&
-+ RAND_bytes(state->iv + arg, state->ivlen - arg) <= 0)
-+ return 0;
-+ return 1;
-+ }
-+ case EVP_CTRL_AEAD_TLS1_AAD:
-+ {
-+ unsigned int len;
-+ if (arg != 13)
-+ return 0;
-+
-+ memcpy(ctx->buf, ptr, arg);
-+ len = ctx->buf[arg - 2] << 8 | ctx->buf[arg - 1];
-+
-+ /* Correct length for explicit IV */
-+ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
-+
-+ /* If decrypting correct for tag too */
-+ if (!ctx->encrypt)
-+ len -= EVP_GCM_TLS_TAG_LEN;
-+
-+ ctx->buf[arg - 2] = len >> 8;
-+ ctx->buf[arg - 1] = len & 0xff;
-+
-+ state->aad = ctx->buf;
-+ state->aad_len = arg;
-+ state->len = len;
-+
-+ /* Extra padding: tag appended to record */
-+ return EVP_GCM_TLS_TAG_LEN;
-+ }
-+ case EVP_CTRL_GCM_SET_IV_INV:
-+ {
-+ if (ctx->encrypt)
-+ return 0;
-+ memcpy(state->iv + state->ivlen - arg, ptr, arg);
-+ return 1;
-+ }
-+ case EVP_CTRL_GCM_IV_GEN:
-+ if (arg <= 0 || arg > state->ivlen)
-+ arg = state->ivlen;
-+ memcpy(ptr, state->iv + state->ivlen - arg, arg);
-+ return 1;
-+ default:
-+ return -1;
-+ }
-+}
-+
- /*
- * libcrypto EVP stuff - this is how we get wired to EVP so the engine
- * gets called when libcrypto requests a cipher NID.
-@@ -948,6 +1163,22 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
- NULL
- };
-
-+const EVP_CIPHER cryptodev_aes_128_gcm = {
-+ NID_aes_128_gcm,
-+ 1, 16, 12,
-+ EVP_CIPH_GCM_MODE | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1
-+ | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER
-+ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT,
-+ cryptodev_init_gcm_key,
-+ cryptodev_gcm_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_gcm_ctrl,
-+ NULL
-+};
-+
- # ifdef CRYPTO_AES_CTR
- const EVP_CIPHER cryptodev_aes_ctr = {
- NID_aes_128_ctr,
-@@ -1042,6 +1273,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- case NID_aes_256_cbc_hmac_sha1:
- *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
- break;
-+ case NID_aes_128_gcm:
-+ *cipher = &cryptodev_aes_128_gcm;
-+ break;
- default:
- *cipher = NULL;
- break;
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
deleted file mode 100644
index c1201f2..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
+++ /dev/null
@@ -1,199 +0,0 @@
-From 6094ec91a5b8dde4bc3a7928b7cb6c81cac8a169 Mon Sep 17 00:00:00 2001
-From: Tudor Ambarus <tudor.ambarus@freescale.com>
-Date: Fri, 9 May 2014 17:54:06 +0300
-Subject: [PATCH 15/48] eng_cryptodev: extend TLS offload with
- 3des_cbc_hmac_sha1
-
-Both obj_mac.h and obj_dat.h were generated using the scripts
-from crypto/objects:
-
-$ cd crypto/objects
-$ perl objects.pl objects.txt obj_mac.num obj_mac.h
-$ perl obj_dat.pl obj_mac.h obj_dat.h
-
-Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 26 ++++++++++++++++++++++++++
- crypto/objects/obj_dat.h | 10 +++++++---
- crypto/objects/obj_mac.h | 4 ++++
- crypto/objects/obj_mac.num | 1 +
- crypto/objects/objects.txt | 1 +
- ssl/ssl_ciph.c | 4 ++++
- 6 files changed, 43 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 1754917..ae644b9 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -133,6 +133,7 @@ static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
- static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
- void (*f) (void));
- void ENGINE_load_cryptodev(void);
-+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
-
-@@ -285,6 +286,9 @@ static struct {
- CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0
- },
- {
-+ CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20
-+ },
-+ {
- CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20
- },
- {
-@@ -520,6 +524,9 @@ static int cryptodev_usable_ciphers(const int **nids)
- case NID_aes_256_cbc_hmac_sha1:
- EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
- break;
-+ case NID_des_ede3_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
-+ break;
- }
- }
- return count;
-@@ -624,6 +631,7 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- switch (ctx->cipher->nid) {
- case NID_aes_128_cbc_hmac_sha1:
- case NID_aes_256_cbc_hmac_sha1:
-+ case NID_des_ede3_cbc_hmac_sha1:
- cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
- }
- cryp.ses = sess->ses;
-@@ -814,6 +822,7 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
- switch (ctx->cipher->nid) {
- case NID_aes_128_cbc_hmac_sha1:
- case NID_aes_256_cbc_hmac_sha1:
-+ case NID_des_ede3_cbc_hmac_sha1:
- maclen = SHA_DIGEST_LENGTH;
- }
-
-@@ -1135,6 +1144,20 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
- NULL
- };
-
-+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1 = {
-+ NID_des_ede3_cbc_hmac_sha1,
-+ 8, 24, 8,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
- const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
- NID_aes_128_cbc_hmac_sha1,
- 16, 16, 16,
-@@ -1256,6 +1279,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- case NID_aes_256_cbc:
- *cipher = &cryptodev_aes_256_cbc;
- break;
-+ case NID_des_ede3_cbc_hmac_sha1:
-+ *cipher = &cryptodev_3des_cbc_hmac_sha1;
-+ break;
- # ifdef CRYPTO_AES_CTR
- case NID_aes_128_ctr:
- *cipher = &cryptodev_aes_ctr;
-diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
-index b7e3cf2..35d1abc 100644
---- a/crypto/objects/obj_dat.h
-+++ b/crypto/objects/obj_dat.h
-@@ -62,9 +62,9 @@
- * [including the GNU Public Licence.]
- */
-
--#define NUM_NID 958
--#define NUM_SN 951
--#define NUM_LN 951
-+#define NUM_NID 959
-+#define NUM_SN 952
-+#define NUM_LN 952
- #define NUM_OBJ 890
-
- static const unsigned char lvalues[6255]={
-@@ -2514,6 +2514,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
- NID_jurisdictionStateOrProvinceName,11,&(lvalues[6232]),0},
- {"jurisdictionC","jurisdictionCountryName",
- NID_jurisdictionCountryName,11,&(lvalues[6243]),0},
-+{"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
-+ NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
- };
-
- static const unsigned int sn_objs[NUM_SN]={
-@@ -2592,6 +2594,7 @@ static const unsigned int sn_objs[NUM_SN]={
- 62, /* "DES-EDE-OFB" */
- 33, /* "DES-EDE3" */
- 44, /* "DES-EDE3-CBC" */
-+958, /* "DES-EDE3-CBC-HMAC-SHA1" */
- 61, /* "DES-EDE3-CFB" */
- 658, /* "DES-EDE3-CFB1" */
- 659, /* "DES-EDE3-CFB8" */
-@@ -3760,6 +3763,7 @@ static const unsigned int ln_objs[NUM_LN]={
- 62, /* "des-ede-ofb" */
- 33, /* "des-ede3" */
- 44, /* "des-ede3-cbc" */
-+958, /* "des-ede3-cbc-hmac-sha1" */
- 61, /* "des-ede3-cfb" */
- 658, /* "des-ede3-cfb1" */
- 659, /* "des-ede3-cfb8" */
-diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
-index 779c309..cb318bc 100644
---- a/crypto/objects/obj_mac.h
-+++ b/crypto/objects/obj_mac.h
-@@ -4047,6 +4047,10 @@
- #define LN_aes_256_cbc_hmac_sha256 "aes-256-cbc-hmac-sha256"
- #define NID_aes_256_cbc_hmac_sha256 950
-
-+#define SN_des_ede3_cbc_hmac_sha1 "DES-EDE3-CBC-HMAC-SHA1"
-+#define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1"
-+#define NID_des_ede3_cbc_hmac_sha1 958
-+
- #define SN_dhpublicnumber "dhpublicnumber"
- #define LN_dhpublicnumber "X9.42 DH"
- #define NID_dhpublicnumber 920
-diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
-index 8e5ea83..02d1bb8 100644
---- a/crypto/objects/obj_mac.num
-+++ b/crypto/objects/obj_mac.num
-@@ -955,3 +955,4 @@ ct_cert_scts 954
- jurisdictionLocalityName 955
- jurisdictionStateOrProvinceName 956
- jurisdictionCountryName 957
-+des_ede3_cbc_hmac_sha1 958
-diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
-index b57aabb..4e1ff18 100644
---- a/crypto/objects/objects.txt
-+++ b/crypto/objects/objects.txt
-@@ -1294,6 +1294,7 @@ kisa 1 6 : SEED-OFB : seed-ofb
- : AES-128-CBC-HMAC-SHA256 : aes-128-cbc-hmac-sha256
- : AES-192-CBC-HMAC-SHA256 : aes-192-cbc-hmac-sha256
- : AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256
-+ : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1
-
- ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
-
-diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index 2ad8f43..fdf6be9 100644
---- a/ssl/ssl_ciph.c
-+++ b/ssl/ssl_ciph.c
-@@ -668,6 +668,10 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
- c->algorithm_mac == SSL_SHA256 &&
- (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
- *enc = evp, *md = NULL;
-+ else if (c->algorithm_enc == SSL_3DES &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
- return (1);
- } else
- return (0);
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
deleted file mode 100644
index d6b72b5..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
+++ /dev/null
@@ -1,338 +0,0 @@
-From 4a229203e276283cb894b08b2607204a647d7594 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Fri, 22 Jan 2016 11:58:34 +0200
-Subject: [PATCH 16/48] eng_cryptodev: add support for TLSv1.1 record offload
-
-Supported cipher suites:
-- 3des-ede-cbc-sha
-- aes-128-cbc-hmac-sha
-- aes-256-cbc-hmac-sha
-
-Requires TLS patches on cryptodev and TLS algorithm support in Linux
-kernel driver.
-
-Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 96 ++++++++++++++++++++++++++++++++++++++++++-
- crypto/objects/obj_dat.h | 18 ++++++--
- crypto/objects/obj_mac.h | 12 ++++++
- crypto/objects/obj_mac.num | 3 ++
- crypto/objects/objects.txt | 3 ++
- ssl/ssl_ciph.c | 28 ++++++++++---
- 6 files changed, 151 insertions(+), 9 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index ae644b9..80b20e5 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -67,6 +67,7 @@ void ENGINE_load_cryptodev(void)
- # include <sys/ioctl.h>
- # include <errno.h>
- # include <stdio.h>
-+# include <stdbool.h>
- # include <unistd.h>
- # include <fcntl.h>
- # include <stdarg.h>
-@@ -136,6 +137,9 @@ void ENGINE_load_cryptodev(void);
- const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
-
- inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
- {
-@@ -295,6 +299,18 @@ static struct {
- CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20
- },
- {
-+ CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8,
-+ 24, 20
-+ },
-+ {
-+ CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16,
-+ 20
-+ },
-+ {
-+ CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32,
-+ 20
-+ },
-+ {
- CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0
- },
- {
-@@ -527,6 +543,15 @@ static int cryptodev_usable_ciphers(const int **nids)
- case NID_des_ede3_cbc_hmac_sha1:
- EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
- break;
-+ case NID_tls11_des_ede3_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_tls11_3des_cbc_hmac_sha1);
-+ break;
-+ case NID_tls11_aes_128_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_tls11_aes_128_cbc_hmac_sha1);
-+ break;
-+ case NID_tls11_aes_256_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
-+ break;
- }
- }
- return count;
-@@ -632,6 +657,9 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- case NID_aes_128_cbc_hmac_sha1:
- case NID_aes_256_cbc_hmac_sha1:
- case NID_des_ede3_cbc_hmac_sha1:
-+ case NID_tls11_des_ede3_cbc_hmac_sha1:
-+ case NID_tls11_aes_128_cbc_hmac_sha1:
-+ case NID_tls11_aes_256_cbc_hmac_sha1:
- cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
- }
- cryp.ses = sess->ses;
-@@ -811,8 +839,9 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
- struct dev_crypto_state *state = ctx->cipher_data;
- unsigned char *p = ptr;
- unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
-- unsigned int maclen, padlen;
-+ unsigned int maclen, padlen, len;
- unsigned int bs = ctx->cipher->block_size;
-+ bool aad_needs_fix = false;
-
- state->aad = ptr;
- state->aad_len = arg;
-@@ -824,6 +853,20 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
- case NID_aes_256_cbc_hmac_sha1:
- case NID_des_ede3_cbc_hmac_sha1:
- maclen = SHA_DIGEST_LENGTH;
-+ break;
-+ case NID_tls11_des_ede3_cbc_hmac_sha1:
-+ case NID_tls11_aes_128_cbc_hmac_sha1:
-+ case NID_tls11_aes_256_cbc_hmac_sha1:
-+ maclen = SHA_DIGEST_LENGTH;
-+ aad_needs_fix = true;
-+ break;
-+ }
-+
-+ /* Correct length for AAD Length field */
-+ if (ctx->encrypt && aad_needs_fix) {
-+ len = cryptlen - bs;
-+ p[arg - 2] = len >> 8;
-+ p[arg - 1] = len & 0xff;
- }
-
- /* space required for encryption (not only TLS padding) */
-@@ -1186,6 +1229,48 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
- NULL
- };
-
-+const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1 = {
-+ NID_tls11_des_ede3_cbc_hmac_sha1,
-+ 8, 24, 8,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1 = {
-+ NID_tls11_aes_128_cbc_hmac_sha1,
-+ 16, 16, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
-+ NID_tls11_aes_256_cbc_hmac_sha1,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
- const EVP_CIPHER cryptodev_aes_128_gcm = {
- NID_aes_128_gcm,
- 1, 16, 12,
-@@ -1299,6 +1384,15 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- case NID_aes_256_cbc_hmac_sha1:
- *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
- break;
-+ case NID_tls11_des_ede3_cbc_hmac_sha1:
-+ *cipher = &cryptodev_tls11_3des_cbc_hmac_sha1;
-+ break;
-+ case NID_tls11_aes_128_cbc_hmac_sha1:
-+ *cipher = &cryptodev_tls11_aes_128_cbc_hmac_sha1;
-+ break;
-+ case NID_tls11_aes_256_cbc_hmac_sha1:
-+ *cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1;
-+ break;
- case NID_aes_128_gcm:
- *cipher = &cryptodev_aes_128_gcm;
- break;
-diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
-index 35d1abc..4dd32a1 100644
---- a/crypto/objects/obj_dat.h
-+++ b/crypto/objects/obj_dat.h
-@@ -62,9 +62,9 @@
- * [including the GNU Public Licence.]
- */
-
--#define NUM_NID 959
--#define NUM_SN 952
--#define NUM_LN 952
-+#define NUM_NID 962
-+#define NUM_SN 955
-+#define NUM_LN 955
- #define NUM_OBJ 890
-
- static const unsigned char lvalues[6255]={
-@@ -2516,6 +2516,12 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
- NID_jurisdictionCountryName,11,&(lvalues[6243]),0},
- {"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
- NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
-+{"TLS11-DES-EDE3-CBC-HMAC-SHA1","tls11-des-ede3-cbc-hmac-sha1",
-+ NID_tls11_des_ede3_cbc_hmac_sha1,0,NULL,0},
-+{"TLS11-AES-128-CBC-HMAC-SHA1","tls11-aes-128-cbc-hmac-sha1",
-+ NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
-+{"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
-+ NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
- };
-
- static const unsigned int sn_objs[NUM_SN]={
-@@ -2705,6 +2711,9 @@ static const unsigned int sn_objs[NUM_SN]={
- 100, /* "SN" */
- 16, /* "ST" */
- 143, /* "SXNetID" */
-+960, /* "TLS11-AES-128-CBC-HMAC-SHA1" */
-+961, /* "TLS11-AES-256-CBC-HMAC-SHA1" */
-+959, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
- 458, /* "UID" */
- 0, /* "UNDEF" */
- 11, /* "X500" */
-@@ -4396,6 +4405,9 @@ static const unsigned int ln_objs[NUM_LN]={
- 459, /* "textEncodedORAddress" */
- 293, /* "textNotice" */
- 106, /* "title" */
-+960, /* "tls11-aes-128-cbc-hmac-sha1" */
-+961, /* "tls11-aes-256-cbc-hmac-sha1" */
-+959, /* "tls11-des-ede3-cbc-hmac-sha1" */
- 682, /* "tpBasis" */
- 436, /* "ucl" */
- 0, /* "undefined" */
-diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
-index cb318bc..5930563 100644
---- a/crypto/objects/obj_mac.h
-+++ b/crypto/objects/obj_mac.h
-@@ -4051,6 +4051,18 @@
- #define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1"
- #define NID_des_ede3_cbc_hmac_sha1 958
-
-+#define SN_tls11_des_ede3_cbc_hmac_sha1 "TLS11-DES-EDE3-CBC-HMAC-SHA1"
-+#define LN_tls11_des_ede3_cbc_hmac_sha1 "tls11-des-ede3-cbc-hmac-sha1"
-+#define NID_tls11_des_ede3_cbc_hmac_sha1 959
-+
-+#define SN_tls11_aes_128_cbc_hmac_sha1 "TLS11-AES-128-CBC-HMAC-SHA1"
-+#define LN_tls11_aes_128_cbc_hmac_sha1 "tls11-aes-128-cbc-hmac-sha1"
-+#define NID_tls11_aes_128_cbc_hmac_sha1 960
-+
-+#define SN_tls11_aes_256_cbc_hmac_sha1 "TLS11-AES-256-CBC-HMAC-SHA1"
-+#define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1"
-+#define NID_tls11_aes_256_cbc_hmac_sha1 961
-+
- #define SN_dhpublicnumber "dhpublicnumber"
- #define LN_dhpublicnumber "X9.42 DH"
- #define NID_dhpublicnumber 920
-diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
-index 02d1bb8..02f1728 100644
---- a/crypto/objects/obj_mac.num
-+++ b/crypto/objects/obj_mac.num
-@@ -956,3 +956,6 @@ jurisdictionLocalityName 955
- jurisdictionStateOrProvinceName 956
- jurisdictionCountryName 957
- des_ede3_cbc_hmac_sha1 958
-+tls11_des_ede3_cbc_hmac_sha1 959
-+tls11_aes_128_cbc_hmac_sha1 960
-+tls11_aes_256_cbc_hmac_sha1 961
-diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
-index 4e1ff18..cda81da 100644
---- a/crypto/objects/objects.txt
-+++ b/crypto/objects/objects.txt
-@@ -1295,6 +1295,9 @@ kisa 1 6 : SEED-OFB : seed-ofb
- : AES-192-CBC-HMAC-SHA256 : aes-192-cbc-hmac-sha256
- : AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256
- : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1
-+ : TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1
-+ : TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1
-+ : TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1
-
- ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
-
-diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index fdf6be9..b4af7dc 100644
---- a/ssl/ssl_ciph.c
-+++ b/ssl/ssl_ciph.c
-@@ -652,11 +652,13 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
- c->algorithm_mac == SSL_MD5 &&
- (evp = EVP_get_cipherbyname("RC4-HMAC-MD5")))
- *enc = evp, *md = NULL;
-- else if (c->algorithm_enc == SSL_AES128 &&
-+ else if (s->ssl_version == TLS1_VERSION &&
-+ c->algorithm_enc == SSL_AES128 &&
- c->algorithm_mac == SSL_SHA1 &&
- (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
- *enc = evp, *md = NULL;
-- else if (c->algorithm_enc == SSL_AES256 &&
-+ else if (s->ssl_version == TLS1_VERSION &&
-+ c->algorithm_enc == SSL_AES256 &&
- c->algorithm_mac == SSL_SHA1 &&
- (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
- *enc = evp, *md = NULL;
-@@ -668,9 +670,25 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
- c->algorithm_mac == SSL_SHA256 &&
- (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
- *enc = evp, *md = NULL;
-- else if (c->algorithm_enc == SSL_3DES &&
-- c->algorithm_mac == SSL_SHA1 &&
-- (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
-+ else if (s->ssl_version == TLS1_VERSION &&
-+ c->algorithm_enc == SSL_3DES &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_1_VERSION &&
-+ c->algorithm_enc == SSL_3DES &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp = EVP_get_cipherbyname("TLS11-DES-EDE3-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_1_VERSION &&
-+ c->algorithm_enc == SSL_AES128 &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp = EVP_get_cipherbyname("TLS11-AES-128-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_1_VERSION &&
-+ c->algorithm_enc == SSL_AES256 &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp = EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
- *enc = evp, *md = NULL;
- return (1);
- } else
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
deleted file mode 100644
index 3034894..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
+++ /dev/null
@@ -1,377 +0,0 @@
-From 0103fb8e6fc412462968224ec9315609c54eccc1 Mon Sep 17 00:00:00 2001
-From: Tudor Ambarus <tudor.ambarus@freescale.com>
-Date: Tue, 31 Mar 2015 16:32:35 +0300
-Subject: [PATCH 17/48] eng_cryptodev: add support for TLSv1.2 record offload
-
-Supported cipher suites:
-- 3des-ede-cbc-sha
-- aes-128-cbc-hmac-sha
-- aes-256-cbc-hmac-sha
-- aes-128-cbc-hmac-sha256
-- aes-256-cbc-hmac-sha256
-
-Requires TLS patches on cryptodev and TLS algorithm support in Linux
-kernel driver.
-
-Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 138 ++++++++++++++++++++++++++++++++++++++++++
- crypto/objects/obj_dat.h | 26 +++++++-
- crypto/objects/obj_mac.h | 20 ++++++
- crypto/objects/obj_mac.num | 5 ++
- crypto/objects/objects.txt | 5 ++
- ssl/ssl_ciph.c | 25 ++++++++
- 6 files changed, 216 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 80b20e5..455868e 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -140,6 +140,11 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256;
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256;
-
- inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
- {
-@@ -311,6 +316,26 @@ static struct {
- 20
- },
- {
-+ CRYPTO_TLS12_3DES_CBC_HMAC_SHA1, NID_tls12_des_ede3_cbc_hmac_sha1, 8,
-+ 24, 20
-+ },
-+ {
-+ CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_128_cbc_hmac_sha1, 16, 16,
-+ 20
-+ },
-+ {
-+ CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_256_cbc_hmac_sha1, 16, 32,
-+ 20
-+ },
-+ {
-+ CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_128_cbc_hmac_sha256, 16,
-+ 16, 32
-+ },
-+ {
-+ CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_256_cbc_hmac_sha256, 16,
-+ 32, 32
-+ },
-+ {
- CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0
- },
- {
-@@ -552,6 +577,21 @@ static int cryptodev_usable_ciphers(const int **nids)
- case NID_tls11_aes_256_cbc_hmac_sha1:
- EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
- break;
-+ case NID_tls12_des_ede3_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_tls12_3des_cbc_hmac_sha1);
-+ break;
-+ case NID_tls12_aes_128_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha1);
-+ break;
-+ case NID_tls12_aes_256_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha1);
-+ break;
-+ case NID_tls12_aes_128_cbc_hmac_sha256:
-+ EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha256);
-+ break;
-+ case NID_tls12_aes_256_cbc_hmac_sha256:
-+ EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha256);
-+ break;
- }
- }
- return count;
-@@ -660,6 +700,11 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- case NID_tls11_des_ede3_cbc_hmac_sha1:
- case NID_tls11_aes_128_cbc_hmac_sha1:
- case NID_tls11_aes_256_cbc_hmac_sha1:
-+ case NID_tls12_des_ede3_cbc_hmac_sha1:
-+ case NID_tls12_aes_128_cbc_hmac_sha1:
-+ case NID_tls12_aes_256_cbc_hmac_sha1:
-+ case NID_tls12_aes_128_cbc_hmac_sha256:
-+ case NID_tls12_aes_256_cbc_hmac_sha256:
- cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
- }
- cryp.ses = sess->ses;
-@@ -857,9 +902,17 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
- case NID_tls11_des_ede3_cbc_hmac_sha1:
- case NID_tls11_aes_128_cbc_hmac_sha1:
- case NID_tls11_aes_256_cbc_hmac_sha1:
-+ case NID_tls12_des_ede3_cbc_hmac_sha1:
-+ case NID_tls12_aes_128_cbc_hmac_sha1:
-+ case NID_tls12_aes_256_cbc_hmac_sha1:
- maclen = SHA_DIGEST_LENGTH;
- aad_needs_fix = true;
- break;
-+ case NID_tls12_aes_128_cbc_hmac_sha256:
-+ case NID_tls12_aes_256_cbc_hmac_sha256:
-+ maclen = SHA256_DIGEST_LENGTH;
-+ aad_needs_fix = true;
-+ break;
- }
-
- /* Correct length for AAD Length field */
-@@ -1271,6 +1324,76 @@ const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
- NULL
- };
-
-+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1 = {
-+ NID_tls12_des_ede3_cbc_hmac_sha1,
-+ 8, 24, 8,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1 = {
-+ NID_tls12_aes_128_cbc_hmac_sha1,
-+ 16, 16, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1 = {
-+ NID_tls12_aes_256_cbc_hmac_sha1,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256 = {
-+ NID_tls12_aes_128_cbc_hmac_sha256,
-+ 16, 16, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256 = {
-+ NID_tls12_aes_256_cbc_hmac_sha256,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
- const EVP_CIPHER cryptodev_aes_128_gcm = {
- NID_aes_128_gcm,
- 1, 16, 12,
-@@ -1396,6 +1519,21 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- case NID_aes_128_gcm:
- *cipher = &cryptodev_aes_128_gcm;
- break;
-+ case NID_tls12_des_ede3_cbc_hmac_sha1:
-+ *cipher = &cryptodev_tls12_3des_cbc_hmac_sha1;
-+ break;
-+ case NID_tls12_aes_128_cbc_hmac_sha1:
-+ *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha1;
-+ break;
-+ case NID_tls12_aes_256_cbc_hmac_sha1:
-+ *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha1;
-+ break;
-+ case NID_tls12_aes_128_cbc_hmac_sha256:
-+ *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha256;
-+ break;
-+ case NID_tls12_aes_256_cbc_hmac_sha256:
-+ *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha256;
-+ break;
- default:
- *cipher = NULL;
- break;
-diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
-index 4dd32a1..e3a2505 100644
---- a/crypto/objects/obj_dat.h
-+++ b/crypto/objects/obj_dat.h
-@@ -62,9 +62,9 @@
- * [including the GNU Public Licence.]
- */
-
--#define NUM_NID 962
--#define NUM_SN 955
--#define NUM_LN 955
-+#define NUM_NID 967
-+#define NUM_SN 960
-+#define NUM_LN 960
- #define NUM_OBJ 890
-
- static const unsigned char lvalues[6255]={
-@@ -2522,6 +2522,16 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
- NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
- {"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
- NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-DES-EDE3-CBC-HMAC-SHA1","tls12-des-ede3-cbc-hmac-sha1",
-+ NID_tls12_des_ede3_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-AES-128-CBC-HMAC-SHA1","tls12-aes-128-cbc-hmac-sha1",
-+ NID_tls12_aes_128_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-AES-256-CBC-HMAC-SHA1","tls12-aes-256-cbc-hmac-sha1",
-+ NID_tls12_aes_256_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-AES-128-CBC-HMAC-SHA256","tls12-aes-128-cbc-hmac-sha256",
-+ NID_tls12_aes_128_cbc_hmac_sha256,0,NULL,0},
-+{"TLS12-AES-256-CBC-HMAC-SHA256","tls12-aes-256-cbc-hmac-sha256",
-+ NID_tls12_aes_256_cbc_hmac_sha256,0,NULL,0},
- };
-
- static const unsigned int sn_objs[NUM_SN]={
-@@ -2714,6 +2724,11 @@ static const unsigned int sn_objs[NUM_SN]={
- 960, /* "TLS11-AES-128-CBC-HMAC-SHA1" */
- 961, /* "TLS11-AES-256-CBC-HMAC-SHA1" */
- 959, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
-+963, /* "TLS12-AES-128-CBC-HMAC-SHA1" */
-+965, /* "TLS12-AES-128-CBC-HMAC-SHA256" */
-+964, /* "TLS12-AES-256-CBC-HMAC-SHA1" */
-+966, /* "TLS12-AES-256-CBC-HMAC-SHA256" */
-+962, /* "TLS12-DES-EDE3-CBC-HMAC-SHA1" */
- 458, /* "UID" */
- 0, /* "UNDEF" */
- 11, /* "X500" */
-@@ -4408,6 +4423,11 @@ static const unsigned int ln_objs[NUM_LN]={
- 960, /* "tls11-aes-128-cbc-hmac-sha1" */
- 961, /* "tls11-aes-256-cbc-hmac-sha1" */
- 959, /* "tls11-des-ede3-cbc-hmac-sha1" */
-+963, /* "tls12-aes-128-cbc-hmac-sha1" */
-+965, /* "tls12-aes-128-cbc-hmac-sha256" */
-+964, /* "tls12-aes-256-cbc-hmac-sha1" */
-+966, /* "tls12-aes-256-cbc-hmac-sha256" */
-+962, /* "tls12-des-ede3-cbc-hmac-sha1" */
- 682, /* "tpBasis" */
- 436, /* "ucl" */
- 0, /* "undefined" */
-diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
-index 5930563..f4a81cb 100644
---- a/crypto/objects/obj_mac.h
-+++ b/crypto/objects/obj_mac.h
-@@ -4063,6 +4063,26 @@
- #define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1"
- #define NID_tls11_aes_256_cbc_hmac_sha1 961
-
-+#define SN_tls12_des_ede3_cbc_hmac_sha1 "TLS12-DES-EDE3-CBC-HMAC-SHA1"
-+#define LN_tls12_des_ede3_cbc_hmac_sha1 "tls12-des-ede3-cbc-hmac-sha1"
-+#define NID_tls12_des_ede3_cbc_hmac_sha1 962
-+
-+#define SN_tls12_aes_128_cbc_hmac_sha1 "TLS12-AES-128-CBC-HMAC-SHA1"
-+#define LN_tls12_aes_128_cbc_hmac_sha1 "tls12-aes-128-cbc-hmac-sha1"
-+#define NID_tls12_aes_128_cbc_hmac_sha1 963
-+
-+#define SN_tls12_aes_256_cbc_hmac_sha1 "TLS12-AES-256-CBC-HMAC-SHA1"
-+#define LN_tls12_aes_256_cbc_hmac_sha1 "tls12-aes-256-cbc-hmac-sha1"
-+#define NID_tls12_aes_256_cbc_hmac_sha1 964
-+
-+#define SN_tls12_aes_128_cbc_hmac_sha256 "TLS12-AES-128-CBC-HMAC-SHA256"
-+#define LN_tls12_aes_128_cbc_hmac_sha256 "tls12-aes-128-cbc-hmac-sha256"
-+#define NID_tls12_aes_128_cbc_hmac_sha256 965
-+
-+#define SN_tls12_aes_256_cbc_hmac_sha256 "TLS12-AES-256-CBC-HMAC-SHA256"
-+#define LN_tls12_aes_256_cbc_hmac_sha256 "tls12-aes-256-cbc-hmac-sha256"
-+#define NID_tls12_aes_256_cbc_hmac_sha256 966
-+
- #define SN_dhpublicnumber "dhpublicnumber"
- #define LN_dhpublicnumber "X9.42 DH"
- #define NID_dhpublicnumber 920
-diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
-index 02f1728..401be03 100644
---- a/crypto/objects/obj_mac.num
-+++ b/crypto/objects/obj_mac.num
-@@ -959,3 +959,8 @@ des_ede3_cbc_hmac_sha1 958
- tls11_des_ede3_cbc_hmac_sha1 959
- tls11_aes_128_cbc_hmac_sha1 960
- tls11_aes_256_cbc_hmac_sha1 961
-+tls12_des_ede3_cbc_hmac_sha1 962
-+tls12_aes_128_cbc_hmac_sha1 963
-+tls12_aes_256_cbc_hmac_sha1 964
-+tls12_aes_128_cbc_hmac_sha256 965
-+tls12_aes_256_cbc_hmac_sha256 966
-diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
-index cda81da..68a8da8 100644
---- a/crypto/objects/objects.txt
-+++ b/crypto/objects/objects.txt
-@@ -1298,6 +1298,11 @@ kisa 1 6 : SEED-OFB : seed-ofb
- : TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1
- : TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1
- : TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1
-+ : TLS12-DES-EDE3-CBC-HMAC-SHA1 : tls12-des-ede3-cbc-hmac-sha1
-+ : TLS12-AES-128-CBC-HMAC-SHA1 : tls12-aes-128-cbc-hmac-sha1
-+ : TLS12-AES-256-CBC-HMAC-SHA1 : tls12-aes-256-cbc-hmac-sha1
-+ : TLS12-AES-128-CBC-HMAC-SHA256 : tls12-aes-128-cbc-hmac-sha256
-+ : TLS12-AES-256-CBC-HMAC-SHA256 : tls12-aes-256-cbc-hmac-sha256
-
- ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
-
-diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index b4af7dc..359cb5d 100644
---- a/ssl/ssl_ciph.c
-+++ b/ssl/ssl_ciph.c
-@@ -690,6 +690,31 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
- c->algorithm_mac == SSL_SHA1 &&
- (evp = EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
- *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_2_VERSION &&
-+ c->algorithm_enc == SSL_3DES &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp=EVP_get_cipherbyname("TLS12-DES-EDE3-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_2_VERSION &&
-+ c->algorithm_enc == SSL_AES128 &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_2_VERSION &&
-+ c->algorithm_enc == SSL_AES256 &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_2_VERSION &&
-+ c->algorithm_enc == SSL_AES128 &&
-+ c->algorithm_mac == SSL_SHA256 &&
-+ (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA256")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_2_VERSION &&
-+ c->algorithm_enc == SSL_AES256 &&
-+ c->algorithm_mac == SSL_SHA256 &&
-+ (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA256")))
-+ *enc = evp, *md = NULL;
- return (1);
- } else
- return (0);
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch
deleted file mode 100644
index cf6cce2..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From dddb8bc7eea34dfc73c1f5c8863d19894d9a18ac Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@freescale.com>
-Date: Thu, 19 Feb 2015 16:11:53 +0200
-Subject: [PATCH 18/48] cryptodev: drop redundant function
-
-get_dev_crypto already caches the result. Another cache in-between is
-useless.
-
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 17 +++--------------
- 1 file changed, 3 insertions(+), 14 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 455868e..d229f61 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -94,7 +94,6 @@ struct dev_crypto_state {
-
- static u_int32_t cryptodev_asymfeat = 0;
-
--static int get_asym_dev_crypto(void);
- static int open_dev_crypto(void);
- static int get_dev_crypto(void);
- static int get_cryptodev_ciphers(const int **cnids);
-@@ -441,16 +440,6 @@ static void put_dev_crypto(int fd)
- # endif
- }
-
--/* Caching version for asym operations */
--static int get_asym_dev_crypto(void)
--{
-- static int fd = -1;
--
-- if (fd == -1)
-- fd = get_dev_crypto();
-- return fd;
--}
--
- /*
- * Find out what ciphers /dev/crypto will let us have a session for.
- * XXX note, that some of these openssl doesn't deal with yet!
-@@ -1923,7 +1912,7 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
- {
- int fd, ret = -1;
-
-- if ((fd = get_asym_dev_crypto()) < 0)
-+ if ((fd = get_dev_crypto()) < 0)
- return ret;
-
- if (r) {
-@@ -2522,7 +2511,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
- int p_len, q_len;
- int i;
-
-- if ((fd = get_asym_dev_crypto()) < 0)
-+ if ((fd = get_dev_crypto()) < 0)
- goto sw_try;
-
- if (!rsa->n && ((rsa->n = BN_new()) == NULL))
-@@ -4111,7 +4100,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- BIGNUM *temp = NULL;
- unsigned char *padded_pub_key = NULL, *p = NULL;
-
-- if ((fd = get_asym_dev_crypto()) < 0)
-+ if ((fd = get_dev_crypto()) < 0)
- goto sw_try;
-
- memset(&kop, 0, sizeof kop);
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch
deleted file mode 100644
index d423dd1..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 413ef57790244fc521d40ade62358abaf0a55d10 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@freescale.com>
-Date: Tue, 17 Feb 2015 13:12:53 +0200
-Subject: [PATCH 19/48] cryptodev: do not zero the buffer before use
-
-- The buffer is just about to be overwritten. Zeroing it before that has
- no purpose
-
-Change-Id: I478c31bd2e254561474a7edf5e37980ca04217ce
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/34217
----
- crypto/engine/eng_cryptodev.c | 14 ++++----------
- 1 file changed, 4 insertions(+), 10 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index d229f61..4d370ad 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1806,21 +1806,15 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
- static int bn2crparam(const BIGNUM *a, struct crparam *crp)
- {
- ssize_t bytes, bits;
-- u_char *b;
--
-- crp->crp_p = NULL;
-- crp->crp_nbits = 0;
-
- bits = BN_num_bits(a);
- bytes = (bits + 7) / 8;
-
-- b = malloc(bytes);
-- if (b == NULL)
-- return (1);
-- memset(b, 0, bytes);
--
-- crp->crp_p = (caddr_t) b;
- crp->crp_nbits = bits;
-+ crp->crp_p = malloc(bytes);
-+
-+ if (crp->crp_p == NULL)
-+ return (1);
-
- BN_bn2bin(a, crp->crp_p);
- return (0);
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch
deleted file mode 100644
index d82dc5c..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From ac3dfaf10125f08454d51e8fc4b3a77d33fd96d0 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@freescale.com>
-Date: Wed, 18 Feb 2015 10:39:46 +0200
-Subject: [PATCH 20/48] cryptodev: clean-up code layout
-
-This is just a refactoring that uses else branch to check for malloc failures
-
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 45 ++++++++++++++++++++-----------------------
- 1 file changed, 21 insertions(+), 24 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 4d370ad..487a2c9 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1869,32 +1869,29 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
- fd = *(int *)cookie->eng_handle;
-
- eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
--
-- if (eng_cookie) {
-- memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
-- if (r) {
-- kop->crk_param[kop->crk_iparams].crp_p =
-- calloc(rlen, sizeof(char));
-- if (!kop->crk_param[kop->crk_iparams].crp_p)
-- return -ENOMEM;
-- kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
-- kop->crk_oparams++;
-- eng_cookie->r = r;
-- eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
-- }
-- if (s) {
-- kop->crk_param[kop->crk_iparams + 1].crp_p =
-- calloc(slen, sizeof(char));
-- if (!kop->crk_param[kop->crk_iparams + 1].crp_p)
-- return -ENOMEM;
-- kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
-- kop->crk_oparams++;
-- eng_cookie->s = s;
-- eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
-- }
-- } else
-+ if (!eng_cookie)
- return -ENOMEM;
-
-+ memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
-+ if (r) {
-+ kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
-+ if (!kop->crk_param[kop->crk_iparams].crp_p)
-+ return -ENOMEM;
-+ kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
-+ kop->crk_oparams++;
-+ eng_cookie->r = r;
-+ eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
-+ }
-+ if (s) {
-+ kop->crk_param[kop->crk_iparams + 1].crp_p =
-+ calloc(slen, sizeof(char));
-+ if (!kop->crk_param[kop->crk_iparams + 1].crp_p)
-+ return -ENOMEM;
-+ kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
-+ kop->crk_oparams++;
-+ eng_cookie->s = s;
-+ eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
-+ }
- eng_cookie->kop = kop;
- cookie->eng_cookie = eng_cookie;
- return ioctl(fd, CIOCASYMASYNCRYPT, kop);
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch
deleted file mode 100644
index fa825bb..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-From b96074f4e44b2147d4d771dd086463c9cb7d42a3 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@freescale.com>
-Date: Thu, 19 Feb 2015 16:43:29 +0200
-Subject: [PATCH 21/48] cryptodev: do not cache file descriptor in 'open'
-
-The file descriptor returned by get_dev_crypto is cached after a
-successful return. The issue is, it is cached inside 'open_dev_crypto'
-which is no longer useful as a general purpose open("/dev/crypto")
-function.
-
-This patch is a refactoring that moves the caching operation from
-open_dev_crypto to get_dev_crypto and leaves the former as a simpler
-function true to its name
-
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/engine/eng_cryptodev.c | 43 +++++++++++++++++++++----------------------
- 1 file changed, 21 insertions(+), 22 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 487a2c9..d7188a6 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -392,45 +392,44 @@ static void ctr64_inc(unsigned char *counter)
- } while (n);
- }
-
--/*
-- * Return a fd if /dev/crypto seems usable, 0 otherwise.
-- */
- static int open_dev_crypto(void)
- {
-- static int fd = -1;
-+ int fd;
-
-- if (fd == -1) {
-- if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
-- return (-1);
-- /* close on exec */
-- if (fcntl(fd, F_SETFD, 1) == -1) {
-- close(fd);
-- fd = -1;
-- return (-1);
-- }
-+ fd = open("/dev/crypto", O_RDWR, 0);
-+ if (fd < 0)
-+ return -1;
-+
-+ /* close on exec */
-+ if (fcntl(fd, F_SETFD, 1) == -1) {
-+ close(fd);
-+ return -1;
- }
-- return (fd);
-+
-+ return fd;
- }
-
- static int get_dev_crypto(void)
- {
-- int fd, retfd;
-+ static int fd = -1;
-+ int retfd;
-
-- if ((fd = open_dev_crypto()) == -1)
-- return (-1);
--# ifndef CRIOGET_NOT_NEEDED
-+ if (fd == -1)
-+ fd = open_dev_crypto();
-+# ifdef CRIOGET_NOT_NEEDED
-+ return fd;
-+# else
-+ if (fd == -1)
-+ return -1;
- if (ioctl(fd, CRIOGET, &retfd) == -1)
- return (-1);
--
- /* close on exec */
- if (fcntl(retfd, F_SETFD, 1) == -1) {
- close(retfd);
- return (-1);
- }
--# else
-- retfd = fd;
-+ return retfd;
- # endif
-- return (retfd);
- }
-
- static void put_dev_crypto(int fd)
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch
deleted file mode 100644
index eddb1f2..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 43710e60fd8bae1ebc4d1eef6d86cb4e82653ac4 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@freescale.com>
-Date: Thu, 19 Feb 2015 13:09:32 +0200
-Subject: [PATCH 22/48] cryptodev: put_dev_crypto should be an int
-
-Change-Id: Ie0a83bc07a37132286c098b17ef35d98de74b043
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/34220
----
- crypto/engine/eng_cryptodev.c | 8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index d7188a6..7b3dbd1 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -432,10 +432,12 @@ static int get_dev_crypto(void)
- # endif
- }
-
--static void put_dev_crypto(int fd)
-+static int put_dev_crypto(int fd)
- {
--# ifndef CRIOGET_NOT_NEEDED
-- close(fd);
-+#ifdef CRIOGET_NOT_NEEDED
-+ return 0;
-+#else
-+ return close(fd);
- # endif
- }
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch
deleted file mode 100644
index 4f589af..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch
+++ /dev/null
@@ -1,260 +0,0 @@
-From b706132a33555162e6dbf26d9fde4bcb1136d553 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@freescale.com>
-Date: Thu, 19 Feb 2015 13:39:52 +0200
-Subject: [PATCH 23/48] cryptodev: simplify cryptodev pkc support code
-
-- Engine init returns directly a file descriptor instead of a pointer to one
-- Similarly, the Engine close will now just close the file
-
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/crypto.h | 2 +-
- crypto/engine/eng_cryptodev.c | 43 +++++++----------------------------
- crypto/engine/eng_int.h | 14 +++---------
- crypto/engine/eng_lib.c | 53 +++++++++++++++++++++----------------------
- crypto/engine/engine.h | 13 +++++------
- 5 files changed, 44 insertions(+), 81 deletions(-)
-
-diff --git a/crypto/crypto.h b/crypto/crypto.h
-index 2b4ec59..ddb9b69 100644
---- a/crypto/crypto.h
-+++ b/crypto/crypto.h
-@@ -668,7 +668,7 @@ struct pkc_cookie_s {
- * -EINVAL: Parameters Invalid
- */
- void (*pkc_callback)(struct pkc_cookie_s *cookie, int status);
-- void *eng_handle;
-+ int eng_handle;
- };
-
- #ifdef __cplusplus
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 7b3dbd1..34c8d18 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -434,10 +434,10 @@ static int get_dev_crypto(void)
-
- static int put_dev_crypto(int fd)
- {
--#ifdef CRIOGET_NOT_NEEDED
-- return 0;
--#else
-- return close(fd);
-+# ifdef CRIOGET_NOT_NEEDED
-+ return 0;
-+# else
-+ return close(fd);
- # endif
- }
-
-@@ -1867,7 +1867,7 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
- struct pkc_cookie_s *cookie = kop->cookie;
- struct cryptodev_cookie_s *eng_cookie;
-
-- fd = *(int *)cookie->eng_handle;
-+ fd = cookie->eng_handle;
-
- eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
- if (!eng_cookie)
-@@ -1939,38 +1939,11 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
- return ret;
- }
-
--/* Close an opened instance of cryptodev engine */
--void cryptodev_close_instance(void *handle)
--{
-- int fd;
--
-- if (handle) {
-- fd = *(int *)handle;
-- close(fd);
-- free(handle);
-- }
--}
--
--/* Create an instance of cryptodev for asynchronous interface */
--void *cryptodev_init_instance(void)
--{
-- int *fd = malloc(sizeof(int));
--
-- if (fd) {
-- if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) {
-- free(fd);
-- return NULL;
-- }
-- }
-- return fd;
--}
--
- # include <poll.h>
-
- /* Return 0 on success and 1 on failure */
--int cryptodev_check_availability(void *eng_handle)
-+int cryptodev_check_availability(int fd)
- {
-- int fd = *(int *)eng_handle;
- struct pkc_cookie_list_s cookie_list;
- struct pkc_cookie_s *cookie;
- int i;
-@@ -4719,8 +4692,8 @@ void ENGINE_load_cryptodev(void)
- }
-
- ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability);
-- ENGINE_set_close_instance(engine, cryptodev_close_instance);
-- ENGINE_set_init_instance(engine, cryptodev_init_instance);
-+ ENGINE_set_close_instance(engine, put_dev_crypto);
-+ ENGINE_set_open_instance(engine, open_dev_crypto);
- ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC);
-
- ENGINE_add(engine);
-diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
-index b698a0c..7541beb 100644
---- a/crypto/engine/eng_int.h
-+++ b/crypto/engine/eng_int.h
-@@ -198,23 +198,15 @@ struct engine_st {
- ENGINE_LOAD_KEY_PTR load_privkey;
- ENGINE_LOAD_KEY_PTR load_pubkey;
- ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
-- /*
-- * Instantiate Engine handle to be passed in check_pkc_availability
-- * Ensure that Engine is instantiated before any pkc asynchronous call.
-- */
-- void *(*engine_init_instance)(void);
-- /*
-- * Instantiated Engine handle will be closed with this call.
-- * Ensure that no pkc asynchronous call is made after this call
-- */
-- void (*engine_close_instance)(void *handle);
-+ int (*engine_open_instance)(void);
-+ int (*engine_close_instance)(int fd);
- /*
- * Check availability will extract the data from kernel.
- * eng_handle: This is the Engine handle corresponds to which
- * the cookies needs to be polled.
- * return 0 if cookie available else 1
- */
-- int (*check_pkc_availability)(void *eng_handle);
-+ int (*check_pkc_availability)(int fd);
- /*
- * The following map is used to check if the engine supports asynchronous implementation
- * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous
-diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
-index 0c57e12..4fdcfd6 100644
---- a/crypto/engine/eng_lib.c
-+++ b/crypto/engine/eng_lib.c
-@@ -101,7 +101,7 @@ void engine_set_all_null(ENGINE *e)
- e->load_privkey = NULL;
- e->load_pubkey = NULL;
- e->check_pkc_availability = NULL;
-- e->engine_init_instance = NULL;
-+ e->engine_open_instance = NULL;
- e->engine_close_instance = NULL;
- e->cmd_defns = NULL;
- e->async_map = 0;
-@@ -252,46 +252,45 @@ int ENGINE_set_id(ENGINE *e, const char *id)
- return 1;
- }
-
--void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void))
-- {
-- e->engine_init_instance = engine_init_instance;
-- }
-+void ENGINE_set_open_instance(ENGINE *e, int (*engine_open_instance)(void))
-+{
-+ e->engine_open_instance = engine_open_instance;
-+}
-
--void ENGINE_set_close_instance(ENGINE *e,
-- void (*engine_close_instance)(void *))
-- {
-- e->engine_close_instance = engine_close_instance;
-- }
-+void ENGINE_set_close_instance(ENGINE *e, int (*engine_close_instance)(int))
-+{
-+ e->engine_close_instance = engine_close_instance;
-+}
-
- void ENGINE_set_async_map(ENGINE *e, int async_map)
- {
- e->async_map = async_map;
- }
-
--void *ENGINE_init_instance(ENGINE *e)
-- {
-- return e->engine_init_instance();
-- }
--
--void ENGINE_close_instance(ENGINE *e, void *eng_handle)
-- {
-- e->engine_close_instance(eng_handle);
-- }
--
- int ENGINE_get_async_map(ENGINE *e)
- {
- return e->async_map;
- }
-
-+int ENGINE_open_instance(ENGINE *e)
-+{
-+ return e->engine_open_instance();
-+}
-+
-+int ENGINE_close_instance(ENGINE *e, int fd)
-+{
-+ return e->engine_close_instance(fd);
-+}
-+
- void ENGINE_set_check_pkc_availability(ENGINE *e,
-- int (*check_pkc_availability)(void *eng_handle))
-- {
-- e->check_pkc_availability = check_pkc_availability;
-- }
-+ int (*check_pkc_availability)(int fd))
-+{
-+ e->check_pkc_availability = check_pkc_availability;
-+}
-
--int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle)
-- {
-- return e->check_pkc_availability(eng_handle);
-+int ENGINE_check_pkc_availability(ENGINE *e, int fd)
-+{
-+ return e->check_pkc_availability(fd);
- }
-
- int ENGINE_set_name(ENGINE *e, const char *name)
-diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
-index 4527aa1..f83ee73 100644
---- a/crypto/engine/engine.h
-+++ b/crypto/engine/engine.h
-@@ -551,9 +551,6 @@ ENGINE *ENGINE_new(void);
- int ENGINE_free(ENGINE *e);
- int ENGINE_up_ref(ENGINE *e);
- int ENGINE_set_id(ENGINE *e, const char *id);
--void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void));
--void ENGINE_set_close_instance(ENGINE *e,
-- void (*engine_free_instance)(void *));
- /*
- * Following FLAGS are bitmap store in async_map to set asynchronous interface capability
- *of the engine
-@@ -570,11 +567,13 @@ void ENGINE_set_async_map(ENGINE *e, int async_map);
- * to confirm asynchronous methods supported
- */
- int ENGINE_get_async_map(ENGINE *e);
--void *ENGINE_init_instance(ENGINE *e);
--void ENGINE_close_instance(ENGINE *e, void *eng_handle);
-+int ENGINE_open_instance(ENGINE *e);
-+int ENGINE_close_instance(ENGINE *e, int fd);
-+void ENGINE_set_init_instance(ENGINE *e, int(*engine_init_instance)(void));
-+void ENGINE_set_close_instance(ENGINE *e, int(*engine_close_instance)(int));
- void ENGINE_set_check_pkc_availability(ENGINE *e,
-- int (*check_pkc_availability)(void *eng_handle));
--int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle);
-+ int (*check_pkc_availability)(int fd));
-+int ENGINE_check_pkc_availability(ENGINE *e, int fd);
- int ENGINE_set_name(ENGINE *e, const char *name);
- int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
- int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch
deleted file mode 100644
index 0daa2a4..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From e1de7751808d5196a9a719ad49a1281d2a3c453d Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 14 Dec 2015 14:02:00 +0200
-Subject: [PATCH 24/48] cryptodev: clarify code, remove assignments from
- conditionals
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 34c8d18..31687d8 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1560,14 +1560,16 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- struct session_op *sess = &state->d_sess;
- int digest;
-
-- if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef) {
-+ digest = digest_nid_to_cryptodev(ctx->digest->type);
-+ if (digest == NID_undef) {
- printf("cryptodev_digest_init: Can't get digest \n");
- return (0);
- }
-
- memset(state, 0, sizeof(struct dev_crypto_state));
-
-- if ((state->d_fd = get_dev_crypto()) < 0) {
-+ state->d_fd = get_dev_crypto();
-+ if (state->d_fd < 0) {
- printf("cryptodev_digest_init: Can't get Dev \n");
- return (0);
- }
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch
deleted file mode 100644
index 3e02c72..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 9ffa46ff1348817f4c8d24e9d42fa0f739a652d7 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 15 Dec 2015 12:10:37 +0200
-Subject: [PATCH 25/48] cryptodev: clean-up context state before anything else
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 31687d8..e6616e9 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1560,14 +1560,14 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- struct session_op *sess = &state->d_sess;
- int digest;
-
-+ memset(state, 0, sizeof(struct dev_crypto_state));
-+
- digest = digest_nid_to_cryptodev(ctx->digest->type);
- if (digest == NID_undef) {
- printf("cryptodev_digest_init: Can't get digest \n");
- return (0);
- }
-
-- memset(state, 0, sizeof(struct dev_crypto_state));
--
- state->d_fd = get_dev_crypto();
- if (state->d_fd < 0) {
- printf("cryptodev_digest_init: Can't get Dev \n");
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch
deleted file mode 100644
index 4e1ce65..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch
+++ /dev/null
@@ -1,155 +0,0 @@
-From 7f6a709ed46d79d765ee0bb2fc16b84d0bb4c8a6 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 14 Dec 2015 17:49:08 +0200
-Subject: [PATCH 26/48] cryptodev: remove code duplication in digest operations
-
-This patch simplifies code and removes duplication in digest_update and
-digest_final for cryptodev engine.
-
-Note: The current design of eng_cryptodev for digests operations assumes
- the presence of all the data before processing (this is suboptimal
- with cryptodev-linux because Linux kernel has support for digest-update
- operations and there is no need to accumulate the input data).
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 76 ++++++++++++++++---------------------------
- 1 file changed, 28 insertions(+), 48 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index e6616e9..a8652bf 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1591,24 +1591,25 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
- size_t count)
- {
-- struct crypt_op cryp;
- struct dev_crypto_state *state = ctx->md_data;
-- struct session_op *sess = &state->d_sess;
-
-- if (!data || state->d_fd < 0) {
-+ if (!data || !count) {
- printf("cryptodev_digest_update: illegal inputs \n");
-- return (0);
-- }
--
-- if (!count) {
-- return (0);
-+ return 0;
- }
-
-- if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
-- /* if application doesn't support one buffer */
-+ /*
-+ * Accumulate input data if it is scattered in several buffers. TODO:
-+ * Depending on number of calls and data size, this code can be optimized
-+ * to take advantage of Linux kernel crypto API, balancing between
-+ * cryptodev calls and accumulating small amounts of data
-+ */
-+ if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) {
-+ state->mac_data = data;
-+ state->mac_len = count;
-+ } else {
- state->mac_data =
- OPENSSL_realloc(state->mac_data, state->mac_len + count);
--
- if (!state->mac_data) {
- printf("cryptodev_digest_update: realloc failed\n");
- return (0);
-@@ -1616,23 +1617,9 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
-
- memcpy(state->mac_data + state->mac_len, data, count);
- state->mac_len += count;
--
-- return (1);
- }
-
-- memset(&cryp, 0, sizeof(cryp));
--
-- cryp.ses = sess->ses;
-- cryp.flags = 0;
-- cryp.len = count;
-- cryp.src = (caddr_t) data;
-- cryp.dst = NULL;
-- cryp.mac = (caddr_t) state->digest_res;
-- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-- printf("cryptodev_digest_update: digest failed\n");
-- return (0);
-- }
-- return (1);
-+ return 1;
- }
-
- static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
-@@ -1641,33 +1628,25 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
- struct dev_crypto_state *state = ctx->md_data;
- struct session_op *sess = &state->d_sess;
-
-- int ret = 1;
--
- if (!md || state->d_fd < 0) {
- printf("cryptodev_digest_final: illegal input\n");
- return (0);
- }
-
-- if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
-- /* if application doesn't support one buffer */
-- memset(&cryp, 0, sizeof(cryp));
-- cryp.ses = sess->ses;
-- cryp.flags = 0;
-- cryp.len = state->mac_len;
-- cryp.src = state->mac_data;
-- cryp.dst = NULL;
-- cryp.mac = (caddr_t) md;
-- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-- printf("cryptodev_digest_final: digest failed\n");
-- return (0);
-- }
-+ memset(&cryp, 0, sizeof(cryp));
-
-- return 1;
-- }
-+ cryp.ses = sess->ses;
-+ cryp.flags = 0;
-+ cryp.len = state->mac_len;
-+ cryp.src = state->mac_data;
-+ cryp.mac = md;
-
-- memcpy(md, state->digest_res, ctx->digest->md_size);
-+ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-+ printf("cryptodev_digest_final: digest failed\n");
-+ return (0);
-+ }
-
-- return (ret);
-+ return (1);
- }
-
- static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
-@@ -1684,11 +1663,11 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
- return (0);
- }
-
-- if (state->mac_data) {
-+ if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
- OPENSSL_free(state->mac_data);
-- state->mac_data = NULL;
-- state->mac_len = 0;
- }
-+ state->mac_data = NULL;
-+ state->mac_len = 0;
-
- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
- printf("cryptodev_digest_cleanup: failed to close session\n");
-@@ -1696,6 +1675,7 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
- } else {
- ret = 1;
- }
-+
- put_dev_crypto(state->d_fd);
- state->d_fd = -1;
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch
deleted file mode 100644
index 0810889..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-From 0307a70fc4399a0ee758172e385d4daaae669ce6 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 15 Dec 2015 12:23:13 +0200
-Subject: [PATCH 27/48] cryptodev: put all digest ioctls into a single function
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 44 +++++++++++++++++++------------------------
- 1 file changed, 19 insertions(+), 25 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index a8652bf..8b8710a 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1578,13 +1578,6 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- sess->mackeylen = digest_key_length(ctx->digest->type);
- sess->mac = digest;
-
-- if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-- put_dev_crypto(state->d_fd);
-- state->d_fd = -1;
-- printf("cryptodev_digest_init: Open session failed\n");
-- return (0);
-- }
--
- return (1);
- }
-
-@@ -1624,6 +1617,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
-
- static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
- {
-+ int ret = 1;
- struct crypt_op cryp;
- struct dev_crypto_state *state = ctx->md_data;
- struct session_op *sess = &state->d_sess;
-@@ -1633,6 +1627,11 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
- return (0);
- }
-
-+ if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-+ printf("cryptodev_digest_init: Open session failed\n");
-+ return (0);
-+ }
-+
- memset(&cryp, 0, sizeof(cryp));
-
- cryp.ses = sess->ses;
-@@ -1643,43 +1642,38 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
-
- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
- printf("cryptodev_digest_final: digest failed\n");
-- return (0);
-+ ret = 0;
- }
-
-- return (1);
-+ if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
-+ printf("cryptodev_digest_cleanup: failed to close session\n");
-+ }
-+
-+ return ret;
- }
-
- static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
- {
-- int ret = 1;
- struct dev_crypto_state *state = ctx->md_data;
- struct session_op *sess = &state->d_sess;
-
-- if (state == NULL)
-+ if (state == NULL) {
- return 0;
--
-- if (state->d_fd < 0) {
-- printf("cryptodev_digest_cleanup: illegal input\n");
-- return (0);
- }
-
- if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
- OPENSSL_free(state->mac_data);
- }
-- state->mac_data = NULL;
-- state->mac_len = 0;
-
-- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
-- printf("cryptodev_digest_cleanup: failed to close session\n");
-- ret = 0;
-- } else {
-- ret = 1;
-+ if (state->d_fd >= 0) {
-+ put_dev_crypto(state->d_fd);
-+ state->d_fd = -1;
- }
-
-- put_dev_crypto(state->d_fd);
-- state->d_fd = -1;
-+ state->mac_data = NULL;
-+ state->mac_len = 0;
-
-- return (ret);
-+ return 1;
- }
-
- static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch
deleted file mode 100644
index 91bd4a4..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-From 07f16d70cf7993c43e2c24a1e121c197db9ce1bc Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 15 Dec 2015 12:51:36 +0200
-Subject: [PATCH 28/48] cryptodev: fix debug print messages
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 18 +++++++++---------
- 1 file changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 8b8710a..b74f21c 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1564,13 +1564,13 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
-
- digest = digest_nid_to_cryptodev(ctx->digest->type);
- if (digest == NID_undef) {
-- printf("cryptodev_digest_init: Can't get digest \n");
-+ printf("%s: Can't get digest\n", __func__);
- return (0);
- }
-
- state->d_fd = get_dev_crypto();
- if (state->d_fd < 0) {
-- printf("cryptodev_digest_init: Can't get Dev \n");
-+ printf("%s: Can't get Dev\n", __func__);
- return (0);
- }
-
-@@ -1587,7 +1587,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
- struct dev_crypto_state *state = ctx->md_data;
-
- if (!data || !count) {
-- printf("cryptodev_digest_update: illegal inputs \n");
-+ printf("%s: illegal inputs\n", __func__);
- return 0;
- }
-
-@@ -1604,7 +1604,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
- state->mac_data =
- OPENSSL_realloc(state->mac_data, state->mac_len + count);
- if (!state->mac_data) {
-- printf("cryptodev_digest_update: realloc failed\n");
-+ printf("%s: realloc failed\n", __func__);
- return (0);
- }
-
-@@ -1623,12 +1623,12 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
- struct session_op *sess = &state->d_sess;
-
- if (!md || state->d_fd < 0) {
-- printf("cryptodev_digest_final: illegal input\n");
-+ printf("%s: illegal input\n", __func__);
- return (0);
- }
-
- if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-- printf("cryptodev_digest_init: Open session failed\n");
-+ printf("%s: Open session failed\n", __func__);
- return (0);
- }
-
-@@ -1641,12 +1641,12 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
- cryp.mac = md;
-
- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-- printf("cryptodev_digest_final: digest failed\n");
-+ printf("%s: digest failed\n", __func__);
- ret = 0;
- }
-
- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
-- printf("cryptodev_digest_cleanup: failed to close session\n");
-+ printf("%s: failed to close session\n", __func__);
- }
-
- return ret;
-@@ -1701,7 +1701,7 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
- if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
- put_dev_crypto(dstate->d_fd);
- dstate->d_fd = -1;
-- printf("cryptodev_digest_init: Open session failed\n");
-+ printf("%s: Open session failed\n", __func__);
- return (0);
- }
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch
deleted file mode 100644
index abf8084..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-From 64d5378080c14a9cf9fd673457af0fa80f3a94ee Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 15 Dec 2015 15:43:28 +0200
-Subject: [PATCH 29/48] cryptodev: use CIOCHASH ioctl for digest operations
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 34 +++++++++++-----------------------
- 1 file changed, 11 insertions(+), 23 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index b74f21c..4f375e0 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -85,6 +85,7 @@ struct dev_crypto_state {
- unsigned char *iv;
- int ivlen;
- # ifdef USE_CRYPTODEV_DIGESTS
-+ struct hash_op_data hash_op;
- char dummy_mac_key[HASH_MAX_LEN];
- unsigned char digest_res[HASH_MAX_LEN];
- char *mac_data;
-@@ -1557,7 +1558,7 @@ static int digest_key_length(int nid)
- static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- {
- struct dev_crypto_state *state = ctx->md_data;
-- struct session_op *sess = &state->d_sess;
-+ struct hash_op_data *hash_op = &state->hash_op;
- int digest;
-
- memset(state, 0, sizeof(struct dev_crypto_state));
-@@ -1574,9 +1575,9 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- return (0);
- }
-
-- sess->mackey = state->dummy_mac_key;
-- sess->mackeylen = digest_key_length(ctx->digest->type);
-- sess->mac = digest;
-+ hash_op->mac_op = digest;
-+ hash_op->mackey = state->dummy_mac_key;
-+ hash_op->mackeylen = digest_key_length(ctx->digest->type);
-
- return (1);
- }
-@@ -1618,37 +1619,24 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
- static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
- {
- int ret = 1;
-- struct crypt_op cryp;
- struct dev_crypto_state *state = ctx->md_data;
-- struct session_op *sess = &state->d_sess;
-+ struct hash_op_data *hash_op = &state->hash_op;
-
- if (!md || state->d_fd < 0) {
- printf("%s: illegal input\n", __func__);
- return (0);
- }
-
-- if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-- printf("%s: Open session failed\n", __func__);
-- return (0);
-- }
--
-- memset(&cryp, 0, sizeof(cryp));
-+ hash_op->flags = 0;
-+ hash_op->len = state->mac_len;
-+ hash_op->src = state->mac_data;
-+ hash_op->mac_result = md;
-
-- cryp.ses = sess->ses;
-- cryp.flags = 0;
-- cryp.len = state->mac_len;
-- cryp.src = state->mac_data;
-- cryp.mac = md;
--
-- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-+ if (ioctl(state->d_fd, CIOCHASH, hash_op) < 0) {
- printf("%s: digest failed\n", __func__);
- ret = 0;
- }
-
-- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
-- printf("%s: failed to close session\n", __func__);
-- }
--
- return ret;
- }
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch
deleted file mode 100644
index 28de567..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From 328b2890d5a9baf9f936bd9facaf411c01931f08 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Wed, 13 Jan 2016 15:18:20 +0200
-Subject: [PATCH 30/48] cryptodev: reduce duplicated efforts for searching
- inside digests table
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 44 ++++++++++++++++++-------------------------
- 1 file changed, 18 insertions(+), 26 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 4f375e0..163a37d 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1534,37 +1534,31 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-
- # ifdef USE_CRYPTODEV_DIGESTS
-
--/* convert digest type to cryptodev */
--static int digest_nid_to_cryptodev(int nid)
-+static int digest_nid_to_id(int nid)
- {
- int i;
-
-- for (i = 0; digests[i].id; i++)
-- if (digests[i].nid == nid)
-- return (digests[i].id);
-- return (0);
--}
--
--static int digest_key_length(int nid)
--{
-- int i;
--
-- for (i = 0; digests[i].id; i++)
-- if (digests[i].nid == nid)
-- return digests[i].keylen;
-- return (0);
-+ for (i = 0;; i++) {
-+ if ((digests[i].nid == nid) || (digests[i].id == 0)) {
-+ break;
-+ }
-+ }
-+ return i;
- }
-
- static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- {
- struct dev_crypto_state *state = ctx->md_data;
- struct hash_op_data *hash_op = &state->hash_op;
-- int digest;
-+ int id;
-
- memset(state, 0, sizeof(struct dev_crypto_state));
-
-- digest = digest_nid_to_cryptodev(ctx->digest->type);
-- if (digest == NID_undef) {
-+ id = digest_nid_to_id(ctx->digest->type);
-+
-+ hash_op->mac_op = digests[id].id;
-+ hash_op->mackeylen = digests[id].keylen;
-+ if (hash_op->mac_op == 0) {
- printf("%s: Can't get digest\n", __func__);
- return (0);
- }
-@@ -1575,11 +1569,9 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- return (0);
- }
-
-- hash_op->mac_op = digest;
- hash_op->mackey = state->dummy_mac_key;
-- hash_op->mackeylen = digest_key_length(ctx->digest->type);
-
-- return (1);
-+ return 1;
- }
-
- static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
-@@ -1669,7 +1661,7 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
- struct dev_crypto_state *fstate = from->md_data;
- struct dev_crypto_state *dstate = to->md_data;
- struct session_op *sess;
-- int digest;
-+ int id;
-
- if (dstate == NULL || fstate == NULL)
- return 1;
-@@ -1678,11 +1670,11 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
-
- sess = &dstate->d_sess;
-
-- digest = digest_nid_to_cryptodev(to->digest->type);
-+ id = digest_nid_to_id(to->digest->type);
-
- sess->mackey = dstate->dummy_mac_key;
-- sess->mackeylen = digest_key_length(to->digest->type);
-- sess->mac = digest;
-+ sess->mackeylen = digests[id].keylen;
-+ sess->mac = digests[id].id;
-
- dstate->d_fd = get_dev_crypto();
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch
deleted file mode 100644
index d7af9cb..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 9faaca759390bba5aeeb049d31f74806e78137e1 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 8 Feb 2016 16:00:22 +0200
-Subject: [PATCH 31/48] cryptodev: remove not used local variables
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 6 +-----
- 1 file changed, 1 insertion(+), 5 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 163a37d..b13bf8c 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1635,7 +1635,6 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
- static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
- {
- struct dev_crypto_state *state = ctx->md_data;
-- struct session_op *sess = &state->d_sess;
-
- if (state == NULL) {
- return 0;
-@@ -3952,7 +3951,6 @@ static int cryptodev_dh_keygen(DH *dh)
- int ret = 1, q_len = 0;
- unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL;
- BIGNUM *pub_key = NULL, *priv_key = NULL;
-- int generate_new_key = 1;
-
- if (dh->priv_key)
- priv_key = dh->priv_key;
-@@ -4074,11 +4072,9 @@ cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
- {
- struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
- int ret = 1;
-- int fd, p_len;
-+ int p_len;
- unsigned char *padded_pub_key = NULL, *p = NULL;
-
-- fd = *(int *)cookie->eng_handle;
--
- memset(kop, 0, sizeof(struct crypt_kop));
- kop->crk_op = CRK_DH_COMPUTE_KEY;
- /* inputs: dh->priv_key pub_key dh->p key */
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch
deleted file mode 100644
index a53705f..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From a6dc52cbcda9b4dcb0fda3b780e7c89219388982 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 8 Feb 2016 17:22:49 +0200
-Subject: [PATCH 32/48] cryptodev: hide not used variable behind #ifndef
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index b13bf8c..cdd99b8 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -413,7 +413,9 @@ static int open_dev_crypto(void)
- static int get_dev_crypto(void)
- {
- static int fd = -1;
-+# ifndef CRIOGET_NOT_NEEDED
- int retfd;
-+# endif
-
- if (fd == -1)
- fd = open_dev_crypto();
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch
deleted file mode 100644
index f0863bd..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 6d335627ec5bdf89c89ced9d2fa7610e6dc50e31 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 8 Feb 2016 16:08:25 +0200
-Subject: [PATCH 33/48] cryptodev: fix function declaration typo
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/engine.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
-index f83ee73..c8efbe1 100644
---- a/crypto/engine/engine.h
-+++ b/crypto/engine/engine.h
-@@ -569,7 +569,7 @@ void ENGINE_set_async_map(ENGINE *e, int async_map);
- int ENGINE_get_async_map(ENGINE *e);
- int ENGINE_open_instance(ENGINE *e);
- int ENGINE_close_instance(ENGINE *e, int fd);
--void ENGINE_set_init_instance(ENGINE *e, int(*engine_init_instance)(void));
-+void ENGINE_set_open_instance(ENGINE *e, int(*engine_open_instance)(void));
- void ENGINE_set_close_instance(ENGINE *e, int(*engine_close_instance)(int));
- void ENGINE_set_check_pkc_availability(ENGINE *e,
- int (*check_pkc_availability)(int fd));
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch
deleted file mode 100644
index 50aa45c..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From fcb63347ddb004825e05250fd082fe84ff3689df Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 8 Feb 2016 16:12:54 +0200
-Subject: [PATCH 34/48] cryptodev: fix incorrect function signature
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index cdd99b8..1c71bc7 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -3161,7 +3161,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
- }
-
- static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
-- ECDSA_SIG *sig, EC_KEY *eckey)
-+ const ECDSA_SIG *sig, EC_KEY *eckey)
- {
- BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL;
- BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch
deleted file mode 100644
index e028f66..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-From 6ed8710043b5dc947afab8fffa80ea97f4c84ad6 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 8 Feb 2016 16:21:46 +0200
-Subject: [PATCH 35/48] cryptodev: fix warnings on excess elements in struct
- initializer
-
-The initialization data for these structures had either missing or excess
-values and did not match the structure definitions.
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/dh/dh.h | 6 +++---
- crypto/dsa/dsa.h | 11 ++++++-----
- crypto/engine/eng_cryptodev.c | 11 ++++++-----
- 3 files changed, 15 insertions(+), 13 deletions(-)
-
-diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
-index 31dd762..11c6c7d 100644
---- a/crypto/dh/dh.h
-+++ b/crypto/dh/dh.h
-@@ -123,9 +123,9 @@ struct dh_method {
- int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-- int (*compute_key_async)(unsigned char *key,const BIGNUM *pub_key,DH *dh,
-- struct pkc_cookie_s *cookie);
-- int (*generate_key_async)(DH *dh, struct pkc_cookie_s *cookie);
-+ int (*compute_key_async) (unsigned char *key, const BIGNUM *pub_key,
-+ DH *dh, struct pkc_cookie_s * cookie);
-+ int (*generate_key_async) (DH *dh, struct pkc_cookie_s * cookie);
- int (*init) (DH *dh);
- int (*finish) (DH *dh);
- int flags;
-diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
-index 8584731..ab52add 100644
---- a/crypto/dsa/dsa.h
-+++ b/crypto/dsa/dsa.h
-@@ -139,10 +139,11 @@ struct dsa_method {
- /* Can be null */
- int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-- int (*dsa_do_sign_async)(const unsigned char *dgst, int dlen, DSA *dsa,
-- DSA_SIG *sig, struct pkc_cookie_s *cookie);
-- int (*dsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
-- DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie);
-+ int (*dsa_do_sign_async) (const unsigned char *dgst, int dlen, DSA *dsa,
-+ DSA_SIG *sig, struct pkc_cookie_s * cookie);
-+ int (*dsa_do_verify_async) (const unsigned char *dgst, int dgst_len,
-+ DSA_SIG *sig, DSA *dsa,
-+ struct pkc_cookie_s * cookie);
- int (*init) (DSA *dsa);
- int (*finish) (DSA *dsa);
- int flags;
-@@ -154,7 +155,7 @@ struct dsa_method {
- BN_GENCB *cb);
- /* If this is non-NULL, it is used to generate DSA keys */
- int (*dsa_keygen) (DSA *dsa);
-- int (*dsa_keygen_async)(DSA *dsa, struct pkc_cookie_s *cookie);
-+ int (*dsa_keygen_async) (DSA *dsa, struct pkc_cookie_s * cookie);
- };
-
- struct dsa_st {
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 1c71bc7..20e1ec3 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2905,11 +2905,13 @@ static DSA_METHOD cryptodev_dsa = {
- NULL,
- NULL,
- NULL,
-- NULL,
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
-- NULL /* app_data */
-+ NULL, /* app_data */
-+ NULL,
-+ NULL,
-+ NULL
- };
-
- static ECDSA_METHOD cryptodev_ecdsa = {
-@@ -2919,7 +2921,6 @@ static ECDSA_METHOD cryptodev_ecdsa = {
- NULL,
- NULL,
- NULL,
-- NULL,
- 0, /* flags */
- NULL /* app_data */
- };
-@@ -4496,14 +4497,14 @@ static DH_METHOD cryptodev_dh = {
- NULL,
- NULL,
- 0, /* flags */
-- NULL /* app_data */
-+ NULL, /* app_data */
-+ NULL, /* generate_params */
- };
-
- static ECDH_METHOD cryptodev_ecdh = {
- "cryptodev ECDH method",
- NULL, /* cryptodev_ecdh_compute_key */
- NULL,
-- NULL,
- 0, /* flags */
- NULL /* app_data */
- };
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch
deleted file mode 100644
index e59744e..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From bf4e61a53459358185a73dffa5f79af9bd739149 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 8 Feb 2016 16:36:33 +0200
-Subject: [PATCH 36/48] cryptodev: fix free on error path
-
-This was most likely a typo that escaped code review
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/ecdsa/ecs_locl.h | 4 ++--
- crypto/engine/eng_cryptodev.c | 2 +-
- 2 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h
-index 9b28c04..c3843c6 100644
---- a/crypto/ecdsa/ecs_locl.h
-+++ b/crypto/ecdsa/ecs_locl.h
-@@ -74,10 +74,10 @@ struct ecdsa_method {
- BIGNUM **r);
- int (*ecdsa_do_verify) (const unsigned char *dgst, int dgst_len,
- const ECDSA_SIG *sig, EC_KEY *eckey);
-- int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len,
-+ int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len,
- const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey,
- ECDSA_SIG *sig, struct pkc_cookie_s *cookie);
-- int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
-+ int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
- const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie);
- # if 0
- int (*init) (EC_KEY *eckey);
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 20e1ec3..1f13079 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -3437,7 +3437,7 @@ static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst,
- if (!(sig->r = BN_new()) || !kop)
- goto err;
- if ((sig->s = BN_new()) == NULL) {
-- BN_free(r);
-+ BN_free(sig->r);
- goto err;
- }
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch
deleted file mode 100644
index ea1f4b2..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From ec6b6531e3e67b4e82a4bc6829777052f39807b1 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 8 Feb 2016 16:55:32 +0200
-Subject: [PATCH 37/48] cryptodev: fix return value on error
-
-Even though we're on error path, the operation is taken care of on
-software; return success (ret is 1)
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 1f13079..b87fa7d 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2768,7 +2768,6 @@ cryptodev_dsa_do_sign_async(const unsigned char *dgst, int dlen, DSA *dsa,
- sig->s = dsaret->s;
- /* Call user callback immediately */
- cookie->pkc_callback(cookie, 0);
-- ret = dsaret;
- }
- return ret;
- }
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch
deleted file mode 100644
index acd6e32..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 77c84d99b5b0ab95efc9e1efc083e5cca8aa4eb5 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 8 Feb 2016 17:11:43 +0200
-Subject: [PATCH 38/48] cryptodev: match types with cryptodev.h
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index b87fa7d..4296704 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -86,9 +86,9 @@ struct dev_crypto_state {
- int ivlen;
- # ifdef USE_CRYPTODEV_DIGESTS
- struct hash_op_data hash_op;
-- char dummy_mac_key[HASH_MAX_LEN];
-+ unsigned char dummy_mac_key[HASH_MAX_LEN];
- unsigned char digest_res[HASH_MAX_LEN];
-- char *mac_data;
-+ unsigned char *mac_data;
- int mac_len;
- # endif
- };
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch
deleted file mode 100644
index 70319e4..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 4366920bb2a97c10c49c5e6d035c0c82629b9f0a Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 8 Feb 2016 17:15:25 +0200
-Subject: [PATCH 39/48] cryptodev: explicitly discard const qualifier
-
-The const qualifier is discarded by the assignment as a result of how
-the variables are defined. This patch drops the const qualifier
-explicitly to avoid build errors.
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 4296704..f8619b0 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1593,7 +1593,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
- * cryptodev calls and accumulating small amounts of data
- */
- if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) {
-- state->mac_data = data;
-+ state->mac_data = (void *)data;
- state->mac_len = count;
- } else {
- state->mac_data =
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch
deleted file mode 100644
index c835967..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-From f256bb9574f77206b289b265d1d46bb53e54c71c Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 9 Feb 2016 11:28:23 +0200
-Subject: [PATCH 40/48] cryptodev: replace caddr_t with void *
-
-This avoids warnings such as "pointer targets in assignment differ in
-signedness" when compiling the code
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 22 +++++++++++-----------
- 1 file changed, 11 insertions(+), 11 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index f8619b0..aac2740 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -461,8 +461,8 @@ static int get_cryptodev_ciphers(const int **cnids)
- return (0);
- }
- memset(&sess, 0, sizeof(sess));
-- sess.key = (caddr_t) "123456789abcdefghijklmno";
-- sess.mackey = (caddr_t) "123456789ABCDEFGHIJKLMNO";
-+ sess.key = (void *)"123456789abcdefghijklmno";
-+ sess.mackey = (void *)"123456789ABCDEFGHIJKLMNO";
-
- for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
- if (ciphers[i].nid == NID_undef)
-@@ -502,7 +502,7 @@ static int get_cryptodev_digests(const int **cnids)
- return (0);
- }
- memset(&sess, 0, sizeof(sess));
-- sess.mackey = (caddr_t) "123456789abcdefghijklmno";
-+ sess.mackey = (void *)"123456789abcdefghijklmno";
- for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
- if (digests[i].nid == NID_undef)
- continue;
-@@ -634,14 +634,14 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- cryp.ses = sess->ses;
- cryp.flags = 0;
- cryp.len = inl;
-- cryp.src = (caddr_t) in;
-- cryp.dst = (caddr_t) out;
-+ cryp.src = (void *)in;
-+ cryp.dst = (void *)out;
- cryp.mac = 0;
-
- cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-
- if (ctx->cipher->iv_len) {
-- cryp.iv = (caddr_t) ctx->iv;
-+ cryp.iv = (void *)ctx->iv;
- if (!ctx->encrypt) {
- iiv = in + inl - ctx->cipher->iv_len;
- memcpy(save_iv, iiv, ctx->cipher->iv_len);
-@@ -702,15 +702,15 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- }
- cryp.ses = sess->ses;
- cryp.len = state->len;
-- cryp.src = (caddr_t) in;
-- cryp.dst = (caddr_t) out;
-+ cryp.src = (void *)in;
-+ cryp.dst = (void *)out;
- cryp.auth_src = state->aad;
- cryp.auth_len = state->aad_len;
-
- cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-
- if (ctx->cipher->iv_len) {
-- cryp.iv = (caddr_t) ctx->iv;
-+ cryp.iv = (void *)ctx->iv;
- if (!ctx->encrypt) {
- iiv = in + len - ctx->cipher->iv_len;
- memcpy(save_iv, iiv, ctx->cipher->iv_len);
-@@ -762,7 +762,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- if ((state->d_fd = get_dev_crypto()) < 0)
- return (0);
-
-- sess->key = (caddr_t) key;
-+ sess->key = (void *)key;
- sess->keylen = ctx->key_len;
- sess->cipher = cipher;
-
-@@ -805,7 +805,7 @@ static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx,
-
- memset(sess, 0, sizeof(struct session_op));
-
-- sess->key = (caddr_t) key;
-+ sess->key = (void *)key;
- sess->keylen = ctx->key_len;
- sess->cipher = cipher;
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
deleted file mode 100644
index 6c46061..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From c714cb7a33e994ff2278149d4a7a20a21215a2f6 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 8 Feb 2016 17:04:25 +0200
-Subject: [PATCH 41/48] cryptodev: check for errors inside
- cryptodev_rsa_mod_exp
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 24 ++++++++++++++++++------
- 1 file changed, 18 insertions(+), 6 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index aac2740..e419bef 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2067,12 +2067,24 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- kop.crk_status = 0;
- kop.crk_op = CRK_MOD_EXP_CRT;
- f_len = BN_num_bytes(rsa->n);
-- spcf_bn2bin_ex(I, &f, &f_len);
-- spcf_bn2bin(rsa->p, &p, &p_len);
-- spcf_bn2bin(rsa->q, &q, &q_len);
-- spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
-- spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
-- spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
-+ if (spcf_bn2bin_ex(I, &f, &f_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin(rsa->p, &p, &p_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin(rsa->q, &q, &q_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin_ex(rsa->iqmp, &c, &p_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len) != 0) {
-+ goto err;
-+ }
- /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
- kop.crk_param[0].crp_p = p;
- kop.crk_param[0].crp_nbits = p_len * 8;
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
deleted file mode 100644
index 4b9b086..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From 7f444e52acada23977b89d42f8dd8ebd915ccd83 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 9 Feb 2016 11:47:52 +0200
-Subject: [PATCH 42/48] cryptodev: check for errors inside
- cryptodev_rsa_mod_exp_async
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 33 +++++++++++++++++++++++++--------
- 1 file changed, 25 insertions(+), 8 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index e419bef..7c391d6 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2122,25 +2122,42 @@ static int
- cryptodev_rsa_mod_exp_async(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
- BN_CTX *ctx, struct pkc_cookie_s *cookie)
- {
-- struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ struct crypt_kop *kop;
- int ret = 1, f_len, p_len, q_len;
- unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq =
- NULL, *c = NULL;
-
-- if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp || !kop) {
-+ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
- return (0);
- }
-
-+ kop = malloc(sizeof(struct crypt_kop));
-+ if (kop == NULL) {
-+ goto err;
-+ }
-+
- kop->crk_oparams = 0;
- kop->crk_status = 0;
- kop->crk_op = CRK_MOD_EXP_CRT;
- f_len = BN_num_bytes(rsa->n);
-- spcf_bn2bin_ex(I, &f, &f_len);
-- spcf_bn2bin(rsa->p, &p, &p_len);
-- spcf_bn2bin(rsa->q, &q, &q_len);
-- spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
-- spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
-- spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
-+ if (spcf_bn2bin_ex(I, &f, &f_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin(rsa->p, &p, &p_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin(rsa->q, &q, &q_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin_ex(rsa->iqmp, &c, &p_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len) != 0) {
-+ goto err;
-+ }
- /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
- kop->crk_param[0].crp_p = p;
- kop->crk_param[0].crp_nbits = p_len * 8;
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
deleted file mode 100644
index 879d5c2..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 73115f243f0a65326888537f125e31f28c9f570d Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 9 Feb 2016 11:53:22 +0200
-Subject: [PATCH 43/48] cryptodev: check for errors inside
- cryptodev_dh_compute_key
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 15 +++++++++++----
- 1 file changed, 11 insertions(+), 4 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 7c391d6..753e326 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -4056,11 +4056,15 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- memset(&kop, 0, sizeof kop);
- kop.crk_op = CRK_DH_COMPUTE_KEY;
- /* inputs: dh->priv_key pub_key dh->p key */
-- spcf_bn2bin(dh->p, &p, &p_len);
-- spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
-- if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
-+ if (spcf_bn2bin(dh->p, &p, &p_len) != 0) {
- goto sw_try;
--
-+ }
-+ if (spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len) != 0) {
-+ goto sw_try;
-+ }
-+ if (bn2crparam(dh->priv_key, &kop.crk_param[0]) != 0) {
-+ goto sw_try;
-+ }
- kop.crk_param[1].crp_p = padded_pub_key;
- kop.crk_param[1].crp_nbits = p_len * 8;
- kop.crk_param[2].crp_p = p;
-@@ -4087,10 +4091,13 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- kop.crk_param[3].crp_p = NULL;
- zapparams(&kop);
- return (dhret);
-+
- sw_try:
- {
- const DH_METHOD *meth = DH_OpenSSL();
-
-+ free(p);
-+ free(padded_pub_key);
- dhret = (meth->compute_key) (key, pub_key, dh);
- }
- return (dhret);
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
deleted file mode 100644
index 37bdff8..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From 0901ff383524e896424921f4e8a1ba7020e7613d Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 9 Feb 2016 11:53:33 +0200
-Subject: [PATCH 44/48] cryptodev: check for errors inside
- cryptodev_dh_compute_key_async
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 29 +++++++++++++++++++++--------
- 1 file changed, 21 insertions(+), 8 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 753e326..b9c7ff3 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -4108,19 +4108,28 @@ static int
- cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
- DH *dh, struct pkc_cookie_s *cookie)
- {
-- struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ struct crypt_kop *kop;
- int ret = 1;
- int p_len;
- unsigned char *padded_pub_key = NULL, *p = NULL;
-
-+ kop = malloc(sizeof(struct crypt_kop));
-+ if (kop == NULL) {
-+ goto err;
-+ }
-+
- memset(kop, 0, sizeof(struct crypt_kop));
- kop->crk_op = CRK_DH_COMPUTE_KEY;
- /* inputs: dh->priv_key pub_key dh->p key */
-- spcf_bn2bin(dh->p, &p, &p_len);
-- spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
--
-- if (bn2crparam(dh->priv_key, &kop->crk_param[0]))
-+ if (spcf_bn2bin(dh->p, &p, &p_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len) != 0) {
- goto err;
-+ }
-+ if (bn2crparam(dh->priv_key, &kop->crk_param[0]) != 0) {
-+ goto err;
-+ }
- kop->crk_param[1].crp_p = padded_pub_key;
- kop->crk_param[1].crp_nbits = p_len * 8;
- kop->crk_param[2].crp_p = p;
-@@ -4132,16 +4141,20 @@ cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
- kop->crk_param[3].crp_nbits = p_len * 8;
- kop->crk_oparams = 1;
-
-- if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
-+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) {
- goto err;
-+ }
-
- return p_len;
- err:
- {
- const DH_METHOD *meth = DH_OpenSSL();
--
-- if (kop)
-+ free(p);
-+ free(padded_pub_key);
-+ if (kop) {
- free(kop);
-+ }
-+
- ret = (meth->compute_key) (key, pub_key, dh);
- /* Call user cookie handler */
- cookie->pkc_callback(cookie, 0);
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch
deleted file mode 100644
index 12b5f6c..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 6ca53b6d6519d52021e642230bb51ae7834b3e67 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 9 Feb 2016 12:11:32 +0200
-Subject: [PATCH 45/48] cryptodev: change signature for conversion functions
-
-These functions are called with const BIGNUMs, so we change the
-signatures to avoid compilation warnings
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index b9c7ff3..58e539c 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -146,7 +146,7 @@ const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256;
- const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256;
-
--inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
-+static int spcf_bn2bin(const BIGNUM *bn, unsigned char **bin, int *bin_len)
- {
- int len;
- unsigned char *p;
-@@ -168,7 +168,7 @@ inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
- return 0;
- }
-
--inline int spcf_bn2bin_ex(BIGNUM *bn, unsigned char **bin, int *bin_len)
-+static int spcf_bn2bin_ex(const BIGNUM *bn, unsigned char **bin, int *bin_len)
- {
- int len;
- unsigned char *p;
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch
deleted file mode 100644
index d8b56de..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 8f6e948f5f6bb2b517a5436dd6294e7e5536cf8f Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 9 Feb 2016 12:13:59 +0200
-Subject: [PATCH 46/48] cryptodev: add explicit cast for known BIGNUM values
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 58e539c..ddd3462 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -4027,7 +4027,7 @@ static int cryptodev_dh_keygen(DH *dh)
- }
-
- /* pub_key is or prime length while priv key is of length of order */
-- if (cryptodev_asym(&kop, q_len, w, q_len, s))
-+ if (cryptodev_asym(&kop, q_len, (BIGNUM *)w, q_len, (BIGNUM *)s))
- goto sw_try;
-
- dh->pub_key = BN_bin2bn(w, q_len, pub_key);
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch
deleted file mode 100644
index 7cfad9c..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From e50560cb9a201c0b0130bb29d4c99121a8ec97ba Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 8 Feb 2016 15:15:02 +0200
-Subject: [PATCH 47/48] cryptodev: treat all build warnings as errors
-
-This patch has the purpose of maintaining a higher level of code quality.
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/crypto/engine/Makefile b/crypto/engine/Makefile
-index 426388e..010f21d 100644
---- a/crypto/engine/Makefile
-+++ b/crypto/engine/Makefile
-@@ -10,7 +10,7 @@ CFLAG=-g
- MAKEFILE= Makefile
- AR= ar r
-
--CFLAGS= $(INCLUDES) $(CFLAG)
-+CFLAGS= -Wall -Werror $(INCLUDES) $(CFLAG)
-
- GENERAL=Makefile
- TEST= enginetest.c
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch
deleted file mode 100644
index 57ff7f1..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From c79e7a4a818ea86bf6045197173d5c4e243d1f4f Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Wed, 6 Apr 2016 15:22:58 +0300
-Subject: [PATCH 48/48] fix 'maclen is used uninitialized' warning on some
- compilers
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/engine/eng_cryptodev.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index ddd3462..2266b26 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -906,6 +906,10 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
- maclen = SHA256_DIGEST_LENGTH;
- aad_needs_fix = true;
- break;
-+ default:
-+ fprintf(stderr, "%s: unsupported NID: %d\n",
-+ __func__, ctx->cipher->nid);
-+ return -1;
- }
-
- /* Correct length for AAD Length field */
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq_1.0.2l.bb b/recipes-connectivity/openssl/openssl-qoriq_1.0.2l.bb
index a2346ba..04052ac 100644
--- a/recipes-connectivity/openssl/openssl-qoriq_1.0.2l.bb
+++ b/recipes-connectivity/openssl/openssl-qoriq_1.0.2l.bb
@@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=057d9218c6180e1d9ee407572b2dd225"
export DIRS = "crypto ssl apps engines"
export OE_LDFLAGS="${LDFLAGS}"
-SRC_URI += "file://find.pl;subdir=${BP}/util \
+SRC_URI += "file://find.pl;subdir=git/util \
file://run-ptest \
file://openssl-c_rehash.sh \
file://configure-targets.patch \
@@ -44,14 +44,7 @@ SRC_URI += "file://find.pl;subdir=${BP}/util \
file://Use-SHA256-not-MD5-as-default-digest.patch \
file://0001-Fix-build-with-clang-using-external-assembler.patch \
"
-SRC_URI[md5sum] = "f85123cd390e864dfbe517e7616e6566"
-SRC_URI[sha256sum] = "ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c"
-
-SRC_URI += " \
- file://find.pl;subdir=openssl-${PV}/util/ \
- file://0001-remove-double-initialization-of-cryptodev-engine.patch \
- file://0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch \
-"
+SRCREV = "b9e6572a0dcbaaf84a8925cabd1a86bd594ca69f"
PACKAGES =+ "${PN}-engines"
FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
--
1.9.0
next prev parent reply other threads:[~2017-11-15 5:26 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-15 5:26 [PATCH 1/4] cryptodev: update recipes Chunrong Guo
2017-11-15 5:26 ` Chunrong Guo [this message]
2017-11-15 5:26 ` [PATCH 3/4] ls1012ardb-32b: update DTB_LOAD Chunrong Guo
2017-11-15 5:26 ` [PATCH 4/4] ls1012afrdm-32b: " Chunrong Guo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1510723572-27606-2-git-send-email-B40290@freescale.com \
--to=b40290@freescale.com \
--cc=chunrong.guo@nxp.com \
--cc=meta-freescale@yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.