[meta-freescale] [meta-freescale-layer][PATCH 63/67] openssl-qoriq: upgrade to 1.0.2h plus fsl patches
ting.liu at nxp.com
ting.liu at nxp.com
Mon Jul 4 03:42:21 PDT 2016
From: Cristian Stoica <cristian.stoica at nxp.com>
upstream recipe extended with patches from fsl and CIOCHASH feature.
Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
---
recipes-connectivity/openssl/openssl-qoriq.inc | 127 +-
.../openssl/openssl-qoriq/Makefiles-ptest.patch | 77 +
.../openssl-qoriq/configure-musl-target.patch | 27 +
.../openssl/openssl-qoriq/configure-targets.patch | 39 +-
.../crypto_use_bigint_in_x86-64_perl.patch | 35 +
.../openssl-qoriq/debian/c_rehash-compat.patch | 62 +-
.../openssl-qoriq/debian/debian-targets.patch | 25 +-
.../openssl-qoriq/debian/make-targets.patch | 15 -
.../openssl-qoriq/debian/version-script.patch | 311 +-
.../debian1.0.2/block_digicert_malaysia.patch | 29 +
.../debian1.0.2/block_diginotar.patch | 68 +
.../openssl-qoriq/debian1.0.2/version-script.patch | 4656 ++++++++++++++++++++
.../engines-install-in-libdir-ssl.patch | 42 +-
.../openssl-qoriq/fix-cipher-des-ede3-cfb1.patch | 21 +-
.../openssl-qoriq/initial-aarch64-bits.patch | 119 -
.../openssl-qoriq/openssl-1.0.2a-x32-asm.patch | 46 +
...-pointer-dereference-in-EVP_DigestInit_ex.patch | 22 +-
...NULL-pointer-dereference-in-dh_pub_encode.patch | 39 -
.../openssl/openssl-qoriq/openssl-c_rehash.sh | 210 +
.../openssl/openssl-qoriq/openssl-fix-link.patch | 35 -
.../openssl-qoriq/openssl_fix_for_x32.patch | 85 +-
.../openssl/openssl-qoriq/parallel.patch | 326 ++
.../openssl/openssl-qoriq/ptest-deps.patch | 34 +
.../openssl-qoriq/ptest_makefile_deps.patch | 248 ++
...double-initialization-of-cryptodev-engine.patch | 63 +-
...ev-add-support-for-TLS-algorithms-offload.patch | 508 ++-
...0003-cryptodev-fix-algorithm-registration.patch | 71 +-
...-ECC-Support-header-for-Cryptodev-Engine.patch} | 35 +-
...ake-it-more-robust-and-recognize-KERNEL_B.patch | 74 -
...itial-support-for-PKC-in-cryptodev-engine.patch | 1578 +++++++
...006-Added-hwrng-dev-file-as-source-of-RNG.patch | 28 +
.../0006-Fixed-private-key-support-for-DH.patch | 33 -
...s-interface-added-for-PKC-cryptodev-inter.patch | 2050 +++++++++
.../0007-Fixed-private-key-support-for-DH.patch | 35 -
...gen-operation-and-support-gendsa-command-.patch | 155 +
...itial-support-for-PKC-in-cryptodev-engine.patch | 1564 -------
...009-Added-hwrng-dev-file-as-source-of-RNG.patch | 28 -
.../openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch | 64 +
...s-interface-added-for-PKC-cryptodev-inter.patch | 2039 ---------
.../0010-Removed-local-copy-of-curve_t-type.patch | 163 +
...gen-operation-and-support-gendsa-command-.patch | 153 -
...us-parameter-is-not-populated-by-dhparams.patch | 43 +
.../openssl-qoriq/qoriq/0012-RSA-Keygen-Fix.patch | 64 -
.../0012-SW-Backoff-mechanism-for-dsa-keygen.patch | 53 +
.../0013-Fixed-DH-keygen-pair-generator.patch | 100 +
.../0013-Removed-local-copy-of-curve_t-type.patch | 164 -
...us-parameter-is-not-populated-by-dhparams.patch | 43 -
...dd-support-for-aes-gcm-algorithm-offloadi.patch | 321 ++
.../0015-SW-Backoff-mechanism-for-dsa-keygen.patch | 53 -
...ev-extend-TLS-offload-with-3des_cbc_hmac_.patch | 199 +
.../0016-Fixed-DH-keygen-pair-generator.patch | 100 -
...ev-add-support-for-TLSv1.1-record-offload.patch | 338 ++
...dd-support-for-aes-gcm-algorithm-offloadi.patch | 309 --
...ev-add-support-for-TLSv1.2-record-offload.patch | 377 ++
.../0018-cryptodev-drop-redundant-function.patch | 72 +
...ev-extend-TLS-offload-with-3des_cbc_hmac_.patch | 193 -
...yptodev-do-not-zero-the-buffer-before-use.patch | 48 +
...ev-add-support-for-TLSv1.1-record-offload.patch | 355 --
.../0020-cryptodev-clean-up-code-layout.patch | 73 +
...ev-add-support-for-TLSv1.2-record-offload.patch | 359 --
...odev-do-not-cache-file-descriptor-in-open.patch | 93 +
.../0021-cryptodev-drop-redundant-function.patch | 75 -
...yptodev-do-not-zero-the-buffer-before-use.patch | 48 -
...ryptodev-put_dev_crypto-should-be-an-int.patch} | 18 +-
.../0023-cryptodev-clean-up-code-layout.patch | 72 -
...odev-simplify-cryptodev-pkc-support-code.patch} | 168 +-
...larify-code-remove-assignments-from-condi.patch | 37 +
...odev-do-not-cache-file-descriptor-in-open.patch | 100 -
...lean-up-context-state-before-anything-els.patch | 34 +
...emove-code-duplication-in-digest-operatio.patch | 155 +
...ut-all-digest-ioctls-into-a-single-functi.patch | 108 +
.../0028-cryptodev-fix-debug-print-messages.patch | 90 +
...-use-CIOCHASH-ioctl-for-digest-operations.patch | 91 +
...educe-duplicated-efforts-for-searching-in.patch | 106 +
...cryptodev-remove-not-used-local-variables.patch | 46 +
...odev-hide-not-used-variable-behind-ifndef.patch | 27 +
...3-cryptodev-fix-function-declaration-typo.patch | 26 +
...ryptodev-fix-incorrect-function-signature.patch | 26 +
...ix-warnings-on-excess-elements-in-struct-.patch | 110 +
.../0036-cryptodev-fix-free-on-error-path.patch | 46 +
.../0037-cryptodev-fix-return-value-on-error.patch | 28 +
...38-cryptodev-match-types-with-cryptodev.h.patch | 29 +
...ptodev-explicitly-discard-const-qualifier.patch | 30 +
.../0040-cryptodev-replace-caddr_t-with-void.patch | 95 +
...heck-for-errors-inside-cryptodev_rsa_mod_.patch | 49 +
...heck-for-errors-inside-cryptodev_rsa_mod_.patch | 69 +
...heck-for-errors-inside-cryptodev_dh_compu.patch | 52 +
...heck-for-errors-inside-cryptodev_dh_compu.patch | 76 +
...change-signature-for-conversion-functions.patch | 38 +
...add-explicit-cast-for-known-BIGNUM-values.patch | 26 +
...ptodev-treat-all-build-warnings-as-errors.patch | 28 +
...is-used-uninitialized-warning-on-some-com.patch | 29 +
.../openssl/openssl-qoriq/run-ptest | 2 +
.../openssl/openssl-qoriq_1.0.1i.bb | 96 -
.../openssl/openssl-qoriq_1.0.2h.bb | 111 +
95 files changed, 13908 insertions(+), 6929 deletions(-)
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/Makefiles-ptest.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/configure-musl-target.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/crypto_use_bigint_in_x86-64_perl.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/debian/make-targets.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/block_digicert_malaysia.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/block_diginotar.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/version-script.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/initial-aarch64-bits.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/openssl-1.0.2a-x32-asm.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/openssl-c_rehash.sh
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/openssl-fix-link.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/parallel.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/ptest-deps.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/ptest_makefile_deps.patch
rename recipes-connectivity/openssl/openssl-qoriq/qoriq/{0005-ECC-Support-header-for-Cryptodev-Engine.patch => 0004-ECC-Support-header-for-Cryptodev-Engine.patch} (92%)
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Fixed-private-key-support-for-DH.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Fixed-private-key-support-for-DH.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Initial-support-for-PKC-in-cryptodev-engine.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-Added-hwrng-dev-file-as-source-of-RNG.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-RSA-Keygen-Fix.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Removed-local-copy-of-curve_t-type.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-Modulus-parameter-is-not-populated-by-dhparams.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-SW-Backoff-mechanism-for-dsa-keygen.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-Fixed-DH-keygen-pair-generator.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-drop-redundant-function.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-do-not-zero-the-buffer-before-use.patch
rename recipes-connectivity/openssl/openssl-qoriq/qoriq/{0025-cryptodev-put_dev_crypto-should-be-an-int.patch => 0022-cryptodev-put_dev_crypto-should-be-an-int.patch} (70%)
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-clean-up-code-layout.patch
rename recipes-connectivity/openssl/openssl-qoriq/qoriq/{0026-cryptodev-simplify-cryptodev-pkc-support-code.patch => 0023-cryptodev-simplify-cryptodev-pkc-support-code.patch} (66%)
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch
create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch
create mode 100755 recipes-connectivity/openssl/openssl-qoriq/run-ptest
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq_1.0.1i.bb
create mode 100644 recipes-connectivity/openssl/openssl-qoriq_1.0.2h.bb
diff --git a/recipes-connectivity/openssl/openssl-qoriq.inc b/recipes-connectivity/openssl/openssl-qoriq.inc
index faccb08..6cbfd4e 100644
--- a/recipes-connectivity/openssl/openssl-qoriq.inc
+++ b/recipes-connectivity/openssl/openssl-qoriq.inc
@@ -8,6 +8,9 @@ SECTION = "libs/network"
LICENSE = "openssl"
LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
+DEPENDS = "hostperl-runtime-native"
+DEPENDS_append_class-target = " openssl-native"
+
PROVIDES = "openssl"
python() {
@@ -19,8 +22,6 @@ python() {
d.appendVar("RREPLACES_%s" % p, p.replace('openssl-qoriq', 'openssl'))
}
-DEPENDS = "perl-native-runtime"
-
SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
"
S = "${WORKDIR}/openssl-${PV}"
@@ -28,37 +29,39 @@ S = "${WORKDIR}/openssl-${PV}"
PACKAGECONFIG[perl] = ",,,"
AR_append = " r"
+TERMIO_libc-musl = "-DTERMIOS"
+TERMIO ?= "-DTERMIO"
# Avoid binaries being marked as requiring an executable stack since it
# doesn't(which causes and this causes issues with SELinux
CFLAG = "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
- -DTERMIO ${CFLAGS} -Wall -Wa,--noexecstack"
-
-# -02 does not work on mipsel: ssh hangs when it tries to read /dev/urandom
-CFLAG_mtx-1 := "${@'${CFLAG}'.replace('-O2', '')}"
-CFLAG_mtx-2 := "${@'${CFLAG}'.replace('-O2', '')}"
+ ${TERMIO} ${CFLAGS} -Wall -Wa,--noexecstack"
export DIRS = "crypto ssl apps"
export EX_LIBS = "-lgcc -ldl"
export AS = "${CC} -c"
EXTRA_OEMAKE = "-e MAKEFLAGS="
-inherit pkgconfig siteinfo multilib_header
+inherit pkgconfig siteinfo multilib_header ptest
-PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf"
-FILES_libcrypto = "${base_libdir}/libcrypto${SOLIBS}"
-FILES_libssl = "${libdir}/libssl.so.*"
+PACKAGES =+ "libcrypto libssl ${PN}-misc ${PN}-conf"
+FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
+FILES_libssl = "${libdir}/libssl${SOLIBS}"
FILES_${PN} =+ " ${libdir}/ssl/*"
-FILES_${PN}-misc = "${libdir}/ssl/misc ${bindir}/c_rehash"
+FILES_${PN}-misc = "${libdir}/ssl/misc"
RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}"
-FILES_${PN}-dev += "${base_libdir}/libcrypto${SOLIBSDEV}"
# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
# package RRECOMMENDS on this package. This will enable the configuration
# file to be installed for both the base openssl package and the libcrypto
# package since the base openssl package depends on the libcrypto package.
-FILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
-CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
-RRECOMMENDS_libcrypto += "openssl-conf"
+FILES_${PN}-conf = "${sysconfdir}/ssl/openssl.cnf"
+CONFFILES_${PN}-conf = "${sysconfdir}/ssl/openssl.cnf"
+RRECOMMENDS_libcrypto += "${PN}-conf"
+RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
+
+# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
+# vulnerability
+EXTRA_OECONF = " -no-ssl3"
do_configure_prepend_darwin () {
sed -i -e '/version-script=openssl\.ld/d' Configure
@@ -71,17 +74,18 @@ do_configure () {
ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
os=${HOST_OS}
- if [ "x$os" = "xlinux-uclibc" ]; then
- os=linux
- elif [ "x$os" = "xlinux-uclibceabi" ]; then
- os=linux
- elif [ "x$os" = "xlinux-uclibcspe" ]; then
- os=linux
- elif [ "x$os" = "xlinux-gnuspe" ]; then
+ case $os in
+ linux-uclibc |\
+ linux-uclibceabi |\
+ linux-gnueabi |\
+ linux-uclibcspe |\
+ linux-gnuspe |\
+ linux-musl*)
os=linux
- elif [ "x$os" = "xlinux-gnueabi" ]; then
- os=linux
- fi
+ ;;
+ *)
+ ;;
+ esac
target="$os-${HOST_ARCH}"
case $target in
linux-arm)
@@ -91,7 +95,7 @@ do_configure () {
target=linux-elf-armeb
;;
linux-aarch64*)
- target=linux-generic64
+ target=linux-aarch64
;;
linux-sh3)
target=debian-sh3
@@ -120,9 +124,12 @@ do_configure () {
linux-mipsel)
target=debian-mipsel
;;
- linux-*-mips64)
+ linux-*-mips64 | linux-mips64)
target=linux-mips
;;
+ linux-microblaze*|linux-nios2*)
+ target=linux-generic32
+ ;;
linux-powerpc)
target=linux-ppc
;;
@@ -148,37 +155,77 @@ do_configure () {
perl ./Configure shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target
}
+do_compile_prepend_class-target () {
+ sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
+}
+
do_compile () {
oe_runmake
}
+do_compile_ptest () {
+ oe_runmake buildtest
+}
+
do_install () {
+ # Create ${D}/${prefix} to fix parallel issues
+ mkdir -p ${D}/${prefix}/
+
oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install
oe_libinstall -so libcrypto ${D}${libdir}
oe_libinstall -so libssl ${D}${libdir}
- # Moving libcrypto to /lib
- if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then
- mkdir -p ${D}/${base_libdir}/
- mv ${D}${libdir}/libcrypto* ${D}${base_libdir}/
- sed -i s#libdir=\$\{exec_prefix\}\/lib#libdir=${base_libdir}# ${D}/${libdir}/pkgconfig/libcrypto.pc
- fi
-
install -d ${D}${includedir}
cp --dereference -R include/openssl ${D}${includedir}
+ install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
+ sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
+
oe_multilib_header openssl/opensslconf.h
if [ "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then
- install -m 0755 ${S}/tools/c_rehash ${D}${bindir}
- sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${bindir}/c_rehash
sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
- # The c_rehash utility isn't installed by the normal installation process.
else
- rm -f ${D}${bindir}/c_rehash
rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
fi
+
+ # Create SSL structure
+ install -d ${D}${sysconfdir}/ssl/
+ mv ${D}${libdir}/ssl/openssl.cnf \
+ ${D}${libdir}/ssl/certs \
+ ${D}${libdir}/ssl/private \
+ \
+ ${D}${sysconfdir}/ssl/
+ ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs
+ ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private
+ ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf
+}
+
+do_install_ptest () {
+ cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH}
+ cp Configure config e_os.h ${D}${PTEST_PATH}
+ cp -r -L include ${D}${PTEST_PATH}
+ ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH}
+ ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH}
+ mkdir -p ${D}${PTEST_PATH}/crypto
+ cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto
+ cp -r certs ${D}${PTEST_PATH}
+ mkdir -p ${D}${PTEST_PATH}/apps
+ ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps
+ ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
+ ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps
+ cp apps/server2.pem ${D}${PTEST_PATH}/apps
+ mkdir -p ${D}${PTEST_PATH}/util
+ install util/opensslwrap.sh ${D}${PTEST_PATH}/util
+ install util/shlib_wrap.sh ${D}${PTEST_PATH}/util
+}
+
+do_install_append_class-native() {
+ create_wrapper ${D}${bindir}/openssl \
+ OPENSSL_CONF=${libdir}/ssl/openssl.cnf \
+ SSL_CERT_DIR=${libdir}/ssl/certs \
+ SSL_CERT_FILE=${libdir}/ssl/cert.pem \
+ OPENSSL_ENGINES=${libdir}/ssl/engines
}
-BBCLASSEXTEND = "native nativesdk"
diff --git a/recipes-connectivity/openssl/openssl-qoriq/Makefiles-ptest.patch b/recipes-connectivity/openssl/openssl-qoriq/Makefiles-ptest.patch
new file mode 100644
index 0000000..249446a
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/Makefiles-ptest.patch
@@ -0,0 +1,77 @@
+Add 'buildtest' and 'runtest' targets to Makefile, to build and run tests
+cross-compiled.
+
+Signed-off-by: Anders Roxell <anders.roxell at enea.com>
+Signed-off-by: Maxin B. John <maxin.john at enea.com>
+Upstream-Status: Pending
+---
+Index: openssl-1.0.2/Makefile.org
+===================================================================
+--- openssl-1.0.2.orig/Makefile.org
++++ openssl-1.0.2/Makefile.org
+@@ -451,8 +451,16 @@ rehash.time: certs apps
+ test: tests
+
+ tests: rehash
++ $(MAKE) buildtest
++ $(MAKE) runtest
++
++buildtest:
++ @(cd test && \
++ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf exe apps);
++
++runtest:
+ @(cd test && echo "testing..." && \
+- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
++ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf alltests );
+ OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
+
+ report:
+Index: openssl-1.0.2/test/Makefile
+===================================================================
+--- openssl-1.0.2.orig/test/Makefile
++++ openssl-1.0.2/test/Makefile
+@@ -137,7 +137,7 @@ tests: exe apps $(TESTS)
+ apps:
+ @(cd ..; $(MAKE) DIRS=apps all)
+
+-alltests: \
++all-tests= \
+ test_des test_idea test_sha test_md4 test_md5 test_hmac \
+ test_md2 test_mdc2 test_wp \
+ test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
+@@ -148,6 +148,11 @@ alltests: \
+ test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \
+ test_constant_time
+
++alltests:
++ @(for i in $(all-tests); do \
++ ( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \
++ done)
++
+ test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
+ ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
+
+@@ -213,7 +218,7 @@ test_x509: ../apps/openssl$(EXE_EXT) tx5
+ echo test second x509v3 certificate
+ sh ./tx509 v3-cert2.pem 2>/dev/null
+
+-test_rsa: $(RSATEST)$(EXE_EXT) ../apps/openssl$(EXE_EXT) trsa testrsa.pem
++test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem
+ @sh ./trsa 2>/dev/null
+ ../util/shlib_wrap.sh ./$(RSATEST)
+
+@@ -313,11 +318,11 @@ test_tsa: ../apps/openssl$(EXE_EXT) test
+ sh ./testtsa; \
+ fi
+
+-test_ige: $(IGETEST)$(EXE_EXT)
++test_ige:
+ @echo "Test IGE mode"
+ ../util/shlib_wrap.sh ./$(IGETEST)
+
+-test_jpake: $(JPAKETEST)$(EXE_EXT)
++test_jpake:
+ @echo "Test JPAKE"
+ ../util/shlib_wrap.sh ./$(JPAKETEST)
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/configure-musl-target.patch b/recipes-connectivity/openssl/openssl-qoriq/configure-musl-target.patch
new file mode 100644
index 0000000..613dc7b
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/configure-musl-target.patch
@@ -0,0 +1,27 @@
+Add musl triplet support
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem at gmail.com>
+
+Index: openssl-1.0.2a/Configure
+===================================================================
+--- openssl-1.0.2a.orig/Configure
++++ openssl-1.0.2a/Configure
+@@ -431,7 +431,7 @@ my %table=(
+ #
+ # ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8
+ #
+-"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ # Configure script adds minimally required -march for assembly support,
+ # if no -march was specified at command line. mips32 and mips64 below
+@@ -504,6 +504,8 @@ my %table=(
+ "linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-musleabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-musleabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+ "linux-avr32","$ENV{'CC'}:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/configure-targets.patch b/recipes-connectivity/openssl/openssl-qoriq/configure-targets.patch
index c1f3d08..691e74a 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/configure-targets.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/configure-targets.patch
@@ -7,28 +7,31 @@ The number of colons are important :)
Configure | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
---- a/Configure
-+++ b/Configure
-@@ -403,6 +403,22 @@ my %table=(
- "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
- "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+Index: openssl-1.0.2a/Configure
+===================================================================
+--- openssl-1.0.2a.orig/Configure
++++ openssl-1.0.2a/Configure
+@@ -443,6 +443,23 @@ my %table=(
+ "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+ "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
-+ # Linux on ARM
-+"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++
++# Linux on ARM
++"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
-+"linux-avr32","$ENV{'CC'}:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
++"linux-avr32","$ENV{'CC'}:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
+
+#### Linux on MIPS/MIPS64
-+"linux-mips","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-mips","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
- # Android: linux-* but without -DTERMIO and pointers to headers and libs.
+ # Android: linux-* but without pointers to headers and libs.
"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/recipes-connectivity/openssl/openssl-qoriq/crypto_use_bigint_in_x86-64_perl.patch b/recipes-connectivity/openssl/openssl-qoriq/crypto_use_bigint_in_x86-64_perl.patch
new file mode 100644
index 0000000..af3989f
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/crypto_use_bigint_in_x86-64_perl.patch
@@ -0,0 +1,35 @@
+Upstream-Status: Backport
+
+When building on x32 systems where the default type is 32bit, make sure
+we can transparently represent 64bit integers. Otherwise we end up with
+build errors like:
+/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s
+Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890.
+...
+ghash-x86_64.s: Assembler messages:
+ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression
+
+We don't enable this globally as there are some cases where we'd get
+32bit values interpreted as unsigned when we need them as signed.
+
+Reported-by: Bertrand Jacquin <bertrand at jacquin.bzh>
+URL: https://bugs.gentoo.org/542618
+
+Signed-off-By: Armin Kuster <akuster at mvista.com>
+
+Index: openssl-1.0.2a/crypto/perlasm/x86_64-xlate.pl
+===================================================================
+--- openssl-1.0.2a.orig/crypto/perlasm/x86_64-xlate.pl
++++ openssl-1.0.2a/crypto/perlasm/x86_64-xlate.pl
+@@ -194,7 +194,10 @@ my %globals;
+ }
+ sub out {
+ my $self = shift;
+-
++ # When building on x32 ABIs, the expanded hex value might be too
++ # big to fit into 32bits. Enable transparent 64bit support here
++ # so we can safely print it out.
++ use bigint;
+ if ($gas) {
+ # Solaris /usr/ccs/bin/as can't handle multiplications
+ # in $self->{value}
diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian/c_rehash-compat.patch b/recipes-connectivity/openssl/openssl-qoriq/debian/c_rehash-compat.patch
index ac1b19b..68e54d5 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/debian/c_rehash-compat.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/debian/c_rehash-compat.patch
@@ -1,38 +1,54 @@
-Upstream-Status: Backport [debian]
-
From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel at suse.de>
Date: Wed, 21 Apr 2010 15:52:10 +0200
Subject: [PATCH] also create old hash for compatibility
----
- tools/c_rehash.in | 8 +++++++-
- 1 files changed, 7 insertions(+), 1 deletions(-)
+Upstream-Status: Backport [debian]
-Index: openssl-1.0.0d/tools/c_rehash.in
-===================================================================
---- openssl-1.0.0d.orig/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000
-+++ openssl-1.0.0d/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000
-@@ -86,6 +86,7 @@
- }
+diff --git a/tools/c_rehash.in b/tools/c_rehash.in
+index b086ff9..b777d79 100644
+--- a/tools/c_rehash.in
++++ b/tools/c_rehash.in
+@@ -8,8 +8,6 @@ my $prefix;
+
+ my $openssl = $ENV{OPENSSL} || "openssl";
+ my $pwd;
+-my $x509hash = "-subject_hash";
+-my $crlhash = "-hash";
+ my $verbose = 0;
+ my $symlink_exists=eval {symlink("",""); 1};
+ my $removelinks = 1;
+@@ -18,10 +16,7 @@ my $removelinks = 1;
+ while ( $ARGV[0] =~ /^-/ ) {
+ my $flag = shift @ARGV;
+ last if ( $flag eq '--');
+- if ( $flag eq '-old') {
+- $x509hash = "-subject_hash_old";
+- $crlhash = "-hash_old";
+- } elsif ( $flag eq '-h') {
++ if ( $flag eq '-h') {
+ help();
+ } elsif ( $flag eq '-n' ) {
+ $removelinks = 0;
+@@ -113,7 +108,9 @@ sub hash_dir {
+ next;
}
link_hash_cert($fname) if($cert);
+ link_hash_cert_old($fname) if($cert);
link_hash_crl($fname) if($crl);
++ link_hash_crl_old($fname) if($crl);
}
}
-@@ -119,8 +120,9 @@
+
+@@ -146,6 +143,7 @@ sub check_file {
sub link_hash_cert {
my $fname = $_[0];
-+ my $hashopt = $_[1] || '-subject_hash';
++ my $x509hash = $_[1] || '-subject_hash';
$fname =~ s/'/'\\''/g;
-- my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`;
-+ my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$fname"`;
+ my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
chomp $hash;
- chomp $fprint;
- $fprint =~ s/^.*=//;
-@@ -150,6 +152,10 @@
+@@ -176,11 +174,21 @@ sub link_hash_cert {
$hashlist{$hash} = $fprint;
}
@@ -40,6 +56,16 @@ Index: openssl-1.0.0d/tools/c_rehash.in
+ link_hash_cert($_[0], '-subject_hash_old');
+}
+
++sub link_hash_crl_old {
++ link_hash_crl($_[0], '-hash_old');
++}
++
++
# Same as above except for a CRL. CRL links are of the form <hash>.r<n>
sub link_hash_crl {
+ my $fname = $_[0];
++ my $crlhash = $_[1] || "-hash";
+ $fname =~ s/'/'\\''/g;
+ my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
+ chomp $hash;
diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian/debian-targets.patch b/recipes-connectivity/openssl/openssl-qoriq/debian/debian-targets.patch
index 8101edf..39d4328 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/debian/debian-targets.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/debian/debian-targets.patch
@@ -1,12 +1,12 @@
Upstream-Status: Backport [debian]
-Index: openssl-1.0.1/Configure
+Index: openssl-1.0.2/Configure
===================================================================
---- openssl-1.0.1.orig/Configure 2012-03-17 15:37:54.000000000 +0000
-+++ openssl-1.0.1/Configure 2012-03-17 16:13:49.000000000 +0000
-@@ -105,6 +105,10 @@
+--- openssl-1.0.2.orig/Configure
++++ openssl-1.0.2/Configure
+@@ -107,6 +107,10 @@ my $gcc_devteam_warn = "-Wall -pedantic
- my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
+ my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum";
+# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS
+my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall";
@@ -15,7 +15,7 @@ Index: openssl-1.0.1/Configure
my $strict_warnings = 0;
my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
-@@ -338,6 +342,48 @@
+@@ -343,6 +347,55 @@ my %table=(
"osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
"tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
@@ -23,9 +23,9 @@ Index: openssl-1.0.1/Configure
+"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-armeb","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-arm64","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
+"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -40,15 +40,21 @@ Index: openssl-1.0.1/Configure
+"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-mips", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-mipsel", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mipsn32", "mips64-linux-gnuabin32-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mipsn32el", "mips64el-linux-gnuabin32-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mips64", "mips64-linux-gnuabi64-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mips64el", "mips64el-linux-gnuabi64-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-netbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-netbsd-m68k", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-openbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-or1k", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-ppc64el","gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-sh3", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -60,6 +66,7 @@ Index: openssl-1.0.1/Configure
+"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-x32","gcc:-mx32 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
+
####
#### Variety of LINUX:-)
diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian/make-targets.patch b/recipes-connectivity/openssl/openssl-qoriq/debian/make-targets.patch
deleted file mode 100644
index ee0a62c..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/debian/make-targets.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.1/Makefile.org
-===================================================================
---- openssl-1.0.1.orig/Makefile.org 2012-03-17 09:41:07.000000000 +0000
-+++ openssl-1.0.1/Makefile.org 2012-03-17 09:41:21.000000000 +0000
-@@ -135,7 +135,7 @@
-
- BASEADDR=
-
--DIRS= crypto ssl engines apps test tools
-+DIRS= crypto ssl engines apps tools
- ENGDIRS= ccgost
- SHLIBDIRS= crypto ssl
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian/version-script.patch b/recipes-connectivity/openssl/openssl-qoriq/debian/version-script.patch
index ece8b9b..a249180 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/debian/version-script.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/debian/version-script.patch
@@ -1,10 +1,8 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.1d/Configure
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure
===================================================================
---- openssl-1.0.1d.orig/Configure 2013-02-06 19:41:43.000000000 +0100
-+++ openssl-1.0.1d/Configure 2013-02-06 19:41:43.000000000 +0100
-@@ -1621,6 +1621,8 @@
+--- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure 2014-02-24 21:02:30.000000000 +0100
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure 2014-02-24 21:02:30.000000000 +0100
+@@ -1651,6 +1651,8 @@
}
}
@@ -13,11 +11,11 @@ Index: openssl-1.0.1d/Configure
open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
-Index: openssl-1.0.1d/openssl.ld
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.1d/openssl.ld 2013-02-06 19:44:25.000000000 +0100
-@@ -0,0 +1,4620 @@
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100
+@@ -0,0 +1,4615 @@
+OPENSSL_1.0.0 {
+ global:
+ BIO_f_ssl;
@@ -2229,20 +2227,16 @@ Index: openssl-1.0.1d/openssl.ld
+ ERR_load_COMP_strings;
+ PKCS12_item_decrypt_d2i;
+ ASN1_UTF8STRING_it;
-+ ASN1_UTF8STRING_it;
+ ENGINE_unregister_ciphers;
+ ENGINE_get_ciphers;
+ d2i_OCSP_BASICRESP;
+ KRB5_CHECKSUM_it;
-+ KRB5_CHECKSUM_it;
+ EC_POINT_add;
+ ASN1_item_ex_i2d;
+ OCSP_CERTID_it;
-+ OCSP_CERTID_it;
+ d2i_OCSP_RESPBYTES;
+ X509V3_add1_i2d;
+ PKCS7_ENVELOPE_it;
-+ PKCS7_ENVELOPE_it;
+ UI_add_input_boolean;
+ ENGINE_unregister_RSA;
+ X509V3_EXT_nconf;
@@ -2254,19 +2248,15 @@ Index: openssl-1.0.1d/openssl.ld
+ ENGINE_register_all_RAND;
+ ENGINE_load_dynamic;
+ PBKDF2PARAM_it;
-+ PBKDF2PARAM_it;
+ EXTENDED_KEY_USAGE_new;
+ EC_GROUP_clear_free;
+ OCSP_sendreq_bio;
+ ASN1_item_digest;
+ OCSP_BASICRESP_delete_ext;
+ OCSP_SIGNATURE_it;
-+ OCSP_SIGNATURE_it;
-+ X509_CRL_it;
+ X509_CRL_it;
+ OCSP_BASICRESP_add_ext;
+ KRB5_ENCKEY_it;
-+ KRB5_ENCKEY_it;
+ UI_method_set_closer;
+ X509_STORE_set_purpose;
+ i2d_ASN1_GENERALSTRING;
@@ -2277,7 +2267,6 @@ Index: openssl-1.0.1d/openssl.ld
+ OCSP_REQUEST_get_ext_by_OBJ;
+ _ossl_old_des_random_key;
+ ASN1_T61STRING_it;
-+ ASN1_T61STRING_it;
+ EC_GROUP_method_of;
+ i2d_KRB5_APREQ;
+ _ossl_old_des_encrypt;
@@ -2293,7 +2282,6 @@ Index: openssl-1.0.1d/openssl.ld
+ OCSP_SINGLERESP_get_ext_count;
+ UI_ctrl;
+ _shadow_DES_rw_mode;
-+ _shadow_DES_rw_mode;
+ asn1_do_adb;
+ ASN1_template_i2d;
+ ENGINE_register_DH;
@@ -2307,8 +2295,6 @@ Index: openssl-1.0.1d/openssl.ld
+ KRB5_ENCKEY_free;
+ OCSP_resp_get0;
+ GENERAL_NAME_it;
-+ GENERAL_NAME_it;
-+ ASN1_GENERALIZEDTIME_it;
+ ASN1_GENERALIZEDTIME_it;
+ X509_STORE_set_flags;
+ EC_POINT_set_compressed_coordinates_GFp;
@@ -2330,21 +2316,18 @@ Index: openssl-1.0.1d/openssl.ld
+ EC_POINT_set_affine_coords_GFp;
+ _ossl_old_des_options;
+ SXNET_it;
-+ SXNET_it;
+ UI_dup_input_boolean;
+ PKCS12_add_CSPName_asc;
+ EC_POINT_is_at_infinity;
+ ENGINE_load_cryptodev;
+ DSO_convert_filename;
+ POLICYQUALINFO_it;
-+ POLICYQUALINFO_it;
+ ENGINE_register_ciphers;
+ BN_mod_lshift_quick;
+ DSO_set_filename;
+ ASN1_item_free;
+ KRB5_TKTBODY_free;
+ AUTHORITY_KEYID_it;
-+ AUTHORITY_KEYID_it;
+ KRB5_APREQBODY_new;
+ X509V3_EXT_REQ_add_nconf;
+ ENGINE_ctrl_cmd_string;
@@ -2352,19 +2335,15 @@ Index: openssl-1.0.1d/openssl.ld
+ EVP_MD_CTX_init;
+ EXTENDED_KEY_USAGE_free;
+ PKCS7_ATTR_SIGN_it;
-+ PKCS7_ATTR_SIGN_it;
+ UI_add_error_string;
+ KRB5_CHECKSUM_free;
+ OCSP_REQUEST_get_ext;
+ ENGINE_load_ubsec;
+ ENGINE_register_all_digests;
+ PKEY_USAGE_PERIOD_it;
-+ PKEY_USAGE_PERIOD_it;
+ PKCS12_unpack_authsafes;
+ ASN1_item_unpack;
+ NETSCAPE_SPKAC_it;
-+ NETSCAPE_SPKAC_it;
-+ X509_REVOKED_it;
+ X509_REVOKED_it;
+ ASN1_STRING_encode;
+ EVP_aes_128_ecb;
@@ -2376,7 +2355,6 @@ Index: openssl-1.0.1d/openssl.ld
+ UI_dup_info_string;
+ _ossl_old_des_xwhite_in2out;
+ PKCS12_it;
-+ PKCS12_it;
+ OCSP_SINGLERESP_get_ext_by_critical;
+ OCSP_SINGLERESP_get_ext_by_crit;
+ OCSP_CERTSTATUS_free;
@@ -2395,10 +2373,8 @@ Index: openssl-1.0.1d/openssl.ld
+ ENGINE_unregister_DSA;
+ _ossl_old_des_key_sched;
+ X509_EXTENSION_it;
-+ X509_EXTENSION_it;
+ i2d_KRB5_AUTHENT;
+ SXNETID_it;
-+ SXNETID_it;
+ d2i_OCSP_SINGLERESP;
+ EDIPARTYNAME_new;
+ PKCS12_certbag2x509;
@@ -2409,10 +2385,8 @@ Index: openssl-1.0.1d/openssl.ld
+ d2i_KRB5_APREQBODY;
+ UI_method_get_flusher;
+ X509_PUBKEY_it;
-+ X509_PUBKEY_it;
+ _ossl_old_des_enc_read;
+ PKCS7_ENCRYPT_it;
-+ PKCS7_ENCRYPT_it;
+ i2d_OCSP_RESPONSE;
+ EC_GROUP_get_cofactor;
+ PKCS12_unpack_p7data;
@@ -2430,10 +2404,8 @@ Index: openssl-1.0.1d/openssl.ld
+ PKCS12_item_i2d_encrypt;
+ X509_add1_ext_i2d;
+ PKCS7_SIGNER_INFO_it;
-+ PKCS7_SIGNER_INFO_it;
+ KRB5_PRINCNAME_new;
+ PKCS12_SAFEBAG_it;
-+ PKCS12_SAFEBAG_it;
+ EC_GROUP_get_order;
+ d2i_OCSP_RESPID;
+ OCSP_request_verify;
@@ -2448,42 +2420,32 @@ Index: openssl-1.0.1d/openssl.ld
+ EVP_MD_CTX_create;
+ OCSP_resp_find_status;
+ X509_ALGOR_it;
-+ X509_ALGOR_it;
-+ ASN1_TIME_it;
+ ASN1_TIME_it;
+ OCSP_request_set1_name;
+ OCSP_ONEREQ_get_ext_count;
+ UI_get0_result;
+ PKCS12_AUTHSAFES_it;
-+ PKCS12_AUTHSAFES_it;
+ EVP_aes_256_ecb;
+ PKCS12_pack_authsafes;
+ ASN1_IA5STRING_it;
-+ ASN1_IA5STRING_it;
+ UI_get_input_flags;
+ EC_GROUP_set_generator;
+ _ossl_old_des_string_to_2keys;
+ OCSP_CERTID_free;
+ X509_CERT_AUX_it;
-+ X509_CERT_AUX_it;
-+ CERTIFICATEPOLICIES_it;
+ CERTIFICATEPOLICIES_it;
+ _ossl_old_des_ede3_cbc_encrypt;
+ RAND_set_rand_engine;
+ DSO_get_loaded_filename;
+ X509_ATTRIBUTE_it;
-+ X509_ATTRIBUTE_it;
+ OCSP_ONEREQ_get_ext_by_NID;
+ PKCS12_decrypt_skey;
+ KRB5_AUTHENT_it;
-+ KRB5_AUTHENT_it;
+ UI_dup_error_string;
+ RSAPublicKey_it;
-+ RSAPublicKey_it;
+ i2d_OCSP_REQUEST;
+ PKCS12_x509crl2certbag;
+ OCSP_SERVICELOC_it;
-+ OCSP_SERVICELOC_it;
+ ASN1_item_sign;
+ X509_CRL_set_issuer_name;
+ OBJ_NAME_do_all_sorted;
@@ -2494,30 +2456,23 @@ Index: openssl-1.0.1d/openssl.ld
+ ENGINE_get_digest;
+ OCSP_RESPONSE_print;
+ KRB5_TKTBODY_it;
-+ KRB5_TKTBODY_it;
+ ACCESS_DESCRIPTION_it;
-+ ACCESS_DESCRIPTION_it;
-+ PKCS7_ISSUER_AND_SERIAL_it;
+ PKCS7_ISSUER_AND_SERIAL_it;
+ PBE2PARAM_it;
-+ PBE2PARAM_it;
+ PKCS12_certbag2x509crl;
+ PKCS7_SIGNED_it;
-+ PKCS7_SIGNED_it;
+ ENGINE_get_cipher;
+ i2d_OCSP_CRLID;
+ OCSP_SINGLERESP_new;
+ ENGINE_cmd_is_executable;
+ RSA_up_ref;
+ ASN1_GENERALSTRING_it;
-+ ASN1_GENERALSTRING_it;
+ ENGINE_register_DSA;
+ X509V3_EXT_add_nconf_sk;
+ ENGINE_set_load_pubkey_function;
+ PKCS8_decrypt;
+ PEM_bytes_read_bio;
+ DIRECTORYSTRING_it;
-+ DIRECTORYSTRING_it;
+ d2i_OCSP_CRLID;
+ EC_POINT_is_on_curve;
+ CRYPTO_set_locked_mem_ex_functions;
@@ -2525,7 +2480,6 @@ Index: openssl-1.0.1d/openssl.ld
+ d2i_KRB5_CHECKSUM;
+ ASN1_item_dup;
+ X509_it;
-+ X509_it;
+ BN_mod_add;
+ KRB5_AUTHDATA_free;
+ _ossl_old_des_cbc_cksum;
@@ -2534,7 +2488,6 @@ Index: openssl-1.0.1d/openssl.ld
+ EC_POINT_get_Jprojective_coordinates_GFp;
+ EC_POINT_get_Jproj_coords_GFp;
+ ZLONG_it;
-+ ZLONG_it;
+ CRYPTO_get_locked_mem_ex_functions;
+ CRYPTO_get_locked_mem_ex_funcs;
+ ASN1_TIME_check;
@@ -2544,41 +2497,30 @@ Index: openssl-1.0.1d/openssl.ld
+ _ossl_old_des_ede3_cfb64_encrypt;
+ _ossl_odes_ede3_cfb64_encrypt;
+ ASN1_BMPSTRING_it;
-+ ASN1_BMPSTRING_it;
+ ASN1_tag2bit;
+ UI_method_set_flusher;
+ X509_ocspid_print;
+ KRB5_ENCDATA_it;
-+ KRB5_ENCDATA_it;
+ ENGINE_get_load_pubkey_function;
+ UI_add_user_data;
+ OCSP_REQUEST_delete_ext;
+ UI_get_method;
+ OCSP_ONEREQ_free;
+ ASN1_PRINTABLESTRING_it;
-+ ASN1_PRINTABLESTRING_it;
+ X509_CRL_set_nextUpdate;
+ OCSP_REQUEST_it;
-+ OCSP_REQUEST_it;
-+ OCSP_BASICRESP_it;
+ OCSP_BASICRESP_it;
+ AES_ecb_encrypt;
+ BN_mod_sqr;
+ NETSCAPE_CERT_SEQUENCE_it;
-+ NETSCAPE_CERT_SEQUENCE_it;
-+ GENERAL_NAMES_it;
+ GENERAL_NAMES_it;
+ AUTHORITY_INFO_ACCESS_it;
-+ AUTHORITY_INFO_ACCESS_it;
-+ ASN1_FBOOLEAN_it;
+ ASN1_FBOOLEAN_it;
+ UI_set_ex_data;
+ _ossl_old_des_string_to_key;
+ ENGINE_register_all_RSA;
+ d2i_KRB5_PRINCNAME;
+ OCSP_RESPBYTES_it;
-+ OCSP_RESPBYTES_it;
-+ X509_CINF_it;
+ X509_CINF_it;
+ ENGINE_unregister_digests;
+ d2i_EDIPARTYNAME;
@@ -2588,7 +2530,6 @@ Index: openssl-1.0.1d/openssl.ld
+ OCSP_RESPDATA_free;
+ d2i_KRB5_TICKET;
+ OTHERNAME_it;
-+ OTHERNAME_it;
+ EVP_MD_CTX_cleanup;
+ d2i_ASN1_GENERALSTRING;
+ X509_CRL_set_version;
@@ -2598,7 +2539,6 @@ Index: openssl-1.0.1d/openssl.ld
+ OCSP_REQUEST_free;
+ OCSP_REQUEST_add1_ext_i2d;
+ X509_VAL_it;
-+ X509_VAL_it;
+ EC_POINTs_make_affine;
+ EC_POINT_mul;
+ X509V3_EXT_add_nconf;
@@ -2606,7 +2546,6 @@ Index: openssl-1.0.1d/openssl.ld
+ X509_CRL_add1_ext_i2d;
+ _ossl_old_des_fcrypt;
+ DISPLAYTEXT_it;
-+ DISPLAYTEXT_it;
+ X509_CRL_set_lastUpdate;
+ OCSP_BASICRESP_free;
+ OCSP_BASICRESP_add1_ext_i2d;
@@ -2619,7 +2558,6 @@ Index: openssl-1.0.1d/openssl.ld
+ UI_get0_result_string;
+ ASN1_GENERALSTRING_new;
+ X509_SIG_it;
-+ X509_SIG_it;
+ ERR_set_implementation;
+ ERR_load_EC_strings;
+ UI_get0_action_string;
@@ -2634,35 +2572,27 @@ Index: openssl-1.0.1d/openssl.ld
+ OCSP_ONEREQ_get_ext_by_OBJ;
+ ASN1_primitive_new;
+ ASN1_PRINTABLE_it;
-+ ASN1_PRINTABLE_it;
+ EVP_aes_192_ecb;
+ OCSP_SIGNATURE_new;
+ LONG_it;
-+ LONG_it;
-+ ASN1_VISIBLESTRING_it;
+ ASN1_VISIBLESTRING_it;
+ OCSP_SINGLERESP_add1_ext_i2d;
+ d2i_OCSP_CERTID;
+ ASN1_item_d2i_fp;
+ CRL_DIST_POINTS_it;
-+ CRL_DIST_POINTS_it;
+ GENERAL_NAME_print;
+ OCSP_SINGLERESP_delete_ext;
+ PKCS12_SAFEBAGS_it;
-+ PKCS12_SAFEBAGS_it;
+ d2i_OCSP_SIGNATURE;
+ OCSP_request_add1_nonce;
+ ENGINE_set_cmd_defns;
+ OCSP_SERVICELOC_free;
+ EC_GROUP_free;
+ ASN1_BIT_STRING_it;
-+ ASN1_BIT_STRING_it;
-+ X509_REQ_it;
+ X509_REQ_it;
+ _ossl_old_des_cbc_encrypt;
+ ERR_unload_strings;
+ PKCS7_SIGN_ENVELOPE_it;
-+ PKCS7_SIGN_ENVELOPE_it;
+ EDIPARTYNAME_free;
+ OCSP_REQINFO_free;
+ EC_GROUP_new_curve_GFp;
@@ -2687,7 +2617,6 @@ Index: openssl-1.0.1d/openssl.ld
+ OCSP_CRLID_free;
+ OCSP_BASICRESP_get1_ext_d2i;
+ RSAPrivateKey_it;
-+ RSAPrivateKey_it;
+ ENGINE_register_all_DH;
+ i2d_EDIPARTYNAME;
+ EC_POINT_get_affine_coordinates_GFp;
@@ -2695,10 +2624,8 @@ Index: openssl-1.0.1d/openssl.ld
+ OCSP_CRLID_new;
+ ENGINE_get_flags;
+ OCSP_ONEREQ_it;
-+ OCSP_ONEREQ_it;
+ UI_process;
+ ASN1_INTEGER_it;
-+ ASN1_INTEGER_it;
+ EVP_CipherInit_ex;
+ UI_get_string_type;
+ ENGINE_unregister_DH;
@@ -2707,7 +2634,6 @@ Index: openssl-1.0.1d/openssl.ld
+ bn_dup_expand;
+ OCSP_cert_id_new;
+ BASIC_CONSTRAINTS_it;
-+ BASIC_CONSTRAINTS_it;
+ BN_mod_add_quick;
+ EC_POINT_new;
+ EVP_MD_CTX_destroy;
@@ -2717,7 +2643,6 @@ Index: openssl-1.0.1d/openssl.ld
+ EC_POINT_free;
+ DH_up_ref;
+ X509_NAME_ENTRY_it;
-+ X509_NAME_ENTRY_it;
+ UI_get_ex_new_index;
+ BN_mod_sub_quick;
+ OCSP_ONEREQ_add_ext;
@@ -2730,7 +2655,6 @@ Index: openssl-1.0.1d/openssl.ld
+ ENGINE_register_complete;
+ X509V3_EXT_nconf_nid;
+ ASN1_SEQUENCE_it;
-+ ASN1_SEQUENCE_it;
+ UI_set_default_method;
+ RAND_query_egd_bytes;
+ UI_method_get_writer;
@@ -2738,8 +2662,6 @@ Index: openssl-1.0.1d/openssl.ld
+ PEM_def_callback;
+ ENGINE_cleanup;
+ DIST_POINT_it;
-+ DIST_POINT_it;
-+ OCSP_SINGLERESP_it;
+ OCSP_SINGLERESP_it;
+ d2i_KRB5_TKTBODY;
+ EC_POINT_cmp;
@@ -2758,24 +2680,20 @@ Index: openssl-1.0.1d/openssl.ld
+ OCSP_cert_to_id;
+ OCSP_RESPID_new;
+ OCSP_RESPDATA_it;
-+ OCSP_RESPDATA_it;
+ d2i_OCSP_RESPDATA;
+ ENGINE_register_all_complete;
+ OCSP_check_validity;
+ PKCS12_BAGS_it;
-+ PKCS12_BAGS_it;
+ OCSP_url_svcloc_new;
+ ASN1_template_free;
+ OCSP_SINGLERESP_add_ext;
+ KRB5_AUTHENTBODY_it;
-+ KRB5_AUTHENTBODY_it;
+ X509_supported_extension;
+ i2d_KRB5_AUTHDATA;
+ UI_method_get_opener;
+ ENGINE_set_ex_data;
+ OCSP_REQUEST_print;
+ CBIGNUM_it;
-+ CBIGNUM_it;
+ KRB5_TICKET_new;
+ KRB5_APREQ_new;
+ EC_GROUP_get_curve_GFp;
@@ -2785,27 +2703,20 @@ Index: openssl-1.0.1d/openssl.ld
+ OCSP_single_get0_status;
+ BN_swap;
+ POLICYINFO_it;
-+ POLICYINFO_it;
+ ENGINE_set_destroy_function;
+ asn1_enc_free;
+ OCSP_RESPID_it;
-+ OCSP_RESPID_it;
+ EC_GROUP_new;
+ EVP_aes_256_cbc;
+ i2d_KRB5_PRINCNAME;
+ _ossl_old_des_encrypt2;
+ _ossl_old_des_encrypt3;
+ PKCS8_PRIV_KEY_INFO_it;
-+ PKCS8_PRIV_KEY_INFO_it;
-+ OCSP_REQINFO_it;
+ OCSP_REQINFO_it;
+ PBEPARAM_it;
-+ PBEPARAM_it;
+ KRB5_AUTHENTBODY_new;
+ X509_CRL_add0_revoked;
+ EDIPARTYNAME_it;
-+ EDIPARTYNAME_it;
-+ NETSCAPE_SPKI_it;
+ NETSCAPE_SPKI_it;
+ UI_get0_test_string;
+ ENGINE_get_cipher_engine;
@@ -2817,14 +2728,12 @@ Index: openssl-1.0.1d/openssl.ld
+ UI_method_get_reader;
+ OCSP_BASICRESP_get_ext_count;
+ ASN1_ENUMERATED_it;
-+ ASN1_ENUMERATED_it;
+ UI_set_result;
+ i2d_KRB5_TICKET;
+ X509_print_ex_fp;
+ EVP_CIPHER_CTX_set_padding;
+ d2i_OCSP_RESPONSE;
+ ASN1_UTCTIME_it;
-+ ASN1_UTCTIME_it;
+ _ossl_old_des_enc_write;
+ OCSP_RESPONSE_new;
+ AES_set_encrypt_key;
@@ -2834,14 +2743,11 @@ Index: openssl-1.0.1d/openssl.ld
+ OCSP_onereq_get0_id;
+ ENGINE_set_default_ciphers;
+ NOTICEREF_it;
-+ NOTICEREF_it;
+ X509V3_EXT_CRL_add_nconf;
+ OCSP_REVOKEDINFO_it;
-+ OCSP_REVOKEDINFO_it;
+ AES_encrypt;
+ OCSP_REQUEST_new;
+ ASN1_ANY_it;
-+ ASN1_ANY_it;
+ CRYPTO_ex_data_new_class;
+ _ossl_old_des_ncbc_encrypt;
+ i2d_KRB5_TKTBODY;
@@ -2864,19 +2770,15 @@ Index: openssl-1.0.1d/openssl.ld
+ ENGINE_load_nuron;
+ _ossl_old_des_pcbc_encrypt;
+ PKCS12_MAC_DATA_it;
-+ PKCS12_MAC_DATA_it;
+ OCSP_accept_responses_new;
+ asn1_do_lock;
+ PKCS7_ATTR_VERIFY_it;
-+ PKCS7_ATTR_VERIFY_it;
-+ KRB5_APREQBODY_it;
+ KRB5_APREQBODY_it;
+ i2d_OCSP_SINGLERESP;
+ ASN1_item_ex_new;
+ UI_add_verify_string;
+ _ossl_old_des_set_key;
+ KRB5_PRINCNAME_it;
-+ KRB5_PRINCNAME_it;
+ EVP_DecryptInit_ex;
+ i2d_OCSP_CERTID;
+ ASN1_item_d2i_bio;
@@ -2890,20 +2792,17 @@ Index: openssl-1.0.1d/openssl.ld
+ OCSP_BASICRESP_new;
+ OCSP_REQUEST_get_ext_by_NID;
+ KRB5_APREQ_it;
-+ KRB5_APREQ_it;
+ ENGINE_get_destroy_function;
+ CONF_set_nconf;
+ ASN1_PRINTABLE_free;
+ OCSP_BASICRESP_get_ext_by_NID;
+ DIST_POINT_NAME_it;
-+ DIST_POINT_NAME_it;
+ X509V3_extensions_print;
+ _ossl_old_des_cfb64_encrypt;
+ X509_REVOKED_add1_ext_i2d;
+ _ossl_old_des_ofb_encrypt;
+ KRB5_TKTBODY_new;
+ ASN1_OCTET_STRING_it;
-+ ASN1_OCTET_STRING_it;
+ ERR_load_UI_strings;
+ i2d_KRB5_ENCKEY;
+ ASN1_template_new;
@@ -2911,8 +2810,6 @@ Index: openssl-1.0.1d/openssl.ld
+ ASN1_item_i2d_fp;
+ KRB5_PRINCNAME_free;
+ PKCS7_RECIP_INFO_it;
-+ PKCS7_RECIP_INFO_it;
-+ EXTENDED_KEY_USAGE_it;
+ EXTENDED_KEY_USAGE_it;
+ EC_GFp_simple_method;
+ EC_GROUP_precompute_mult;
@@ -2920,42 +2817,33 @@ Index: openssl-1.0.1d/openssl.ld
+ UI_method_set_writer;
+ KRB5_AUTHENT_new;
+ X509_CRL_INFO_it;
-+ X509_CRL_INFO_it;
+ DSO_set_name_converter;
+ AES_set_decrypt_key;
+ PKCS7_DIGEST_it;
-+ PKCS7_DIGEST_it;
+ PKCS12_x5092certbag;
+ EVP_DigestInit_ex;
+ i2a_ACCESS_DESCRIPTION;
+ OCSP_RESPONSE_it;
-+ OCSP_RESPONSE_it;
-+ PKCS7_ENC_CONTENT_it;
+ PKCS7_ENC_CONTENT_it;
+ OCSP_request_add0_id;
+ EC_POINT_make_affine;
+ DSO_get_filename;
+ OCSP_CERTSTATUS_it;
-+ OCSP_CERTSTATUS_it;
+ OCSP_request_add1_cert;
+ UI_get0_output_string;
+ UI_dup_verify_string;
+ BN_mod_lshift;
+ KRB5_AUTHDATA_it;
-+ KRB5_AUTHDATA_it;
+ asn1_set_choice_selector;
+ OCSP_basic_add1_status;
+ OCSP_RESPID_free;
+ asn1_get_field_ptr;
+ UI_add_input_string;
+ OCSP_CRLID_it;
-+ OCSP_CRLID_it;
+ i2d_KRB5_AUTHENTBODY;
+ OCSP_REQUEST_get_ext_count;
+ ENGINE_load_atalla;
+ X509_NAME_it;
-+ X509_NAME_it;
-+ USERNOTICE_it;
+ USERNOTICE_it;
+ OCSP_REQINFO_new;
+ OCSP_BASICRESP_get_ext;
@@ -2965,33 +2853,27 @@ Index: openssl-1.0.1d/openssl.ld
+ i2d_KRB5_ENCDATA;
+ X509_PURPOSE_set;
+ X509_REQ_INFO_it;
-+ X509_REQ_INFO_it;
+ UI_method_set_opener;
+ ASN1_item_ex_free;
+ ASN1_BOOLEAN_it;
-+ ASN1_BOOLEAN_it;
+ ENGINE_get_table_flags;
+ UI_create_method;
+ OCSP_ONEREQ_add1_ext_i2d;
+ _shadow_DES_check_key;
-+ _shadow_DES_check_key;
+ d2i_OCSP_REQINFO;
+ UI_add_info_string;
+ UI_get_result_minsize;
+ ASN1_NULL_it;
-+ ASN1_NULL_it;
+ BN_mod_lshift1;
+ d2i_OCSP_ONEREQ;
+ OCSP_ONEREQ_new;
+ KRB5_TICKET_it;
-+ KRB5_TICKET_it;
+ EVP_aes_192_cbc;
+ KRB5_TICKET_free;
+ UI_new;
+ OCSP_response_create;
+ _ossl_old_des_xcbc_encrypt;
+ PKCS7_it;
-+ PKCS7_it;
+ OCSP_REQUEST_get_ext_by_critical;
+ OCSP_REQUEST_get_ext_by_crit;
+ ENGINE_set_flags;
@@ -3000,11 +2882,9 @@ Index: openssl-1.0.1d/openssl.ld
+ EVP_Digest;
+ OCSP_ONEREQ_delete_ext;
+ ASN1_TBOOLEAN_it;
-+ ASN1_TBOOLEAN_it;
+ ASN1_item_new;
+ ASN1_TIME_to_generalizedtime;
+ BIGNUM_it;
-+ BIGNUM_it;
+ AES_cbc_encrypt;
+ ENGINE_get_load_privkey_function;
+ ENGINE_get_load_privkey_fn;
@@ -3016,7 +2896,6 @@ Index: openssl-1.0.1d/openssl.ld
+ EC_POINT_point2oct;
+ KRB5_APREQ_free;
+ ASN1_OBJECT_it;
-+ ASN1_OBJECT_it;
+ OCSP_crlID_new;
+ OCSP_crlID2_new;
+ CONF_modules_load_file;
@@ -3074,7 +2953,6 @@ Index: openssl-1.0.1d/openssl.ld
+ i2d_ASN1_UNIVERSALSTRING;
+ ASN1_UNIVERSALSTRING_free;
+ ASN1_UNIVERSALSTRING_it;
-+ ASN1_UNIVERSALSTRING_it;
+ d2i_ASN1_UNIVERSALSTRING;
+ EVP_des_ede3_ecb;
+ X509_REQ_print_ex;
@@ -3130,14 +3008,12 @@ Index: openssl-1.0.1d/openssl.ld
+ HMAC_CTX_set_flags;
+ d2i_PROXY_CERT_INFO_EXTENSION;
+ PROXY_POLICY_it;
-+ PROXY_POLICY_it;
+ i2d_PROXY_POLICY;
+ i2d_PROXY_CERT_INFO_EXTENSION;
+ d2i_PROXY_POLICY;
+ PROXY_CERT_INFO_EXTENSION_new;
+ PROXY_CERT_INFO_EXTENSION_free;
+ PROXY_CERT_INFO_EXTENSION_it;
-+ PROXY_CERT_INFO_EXTENSION_it;
+ PROXY_POLICY_free;
+ PROXY_POLICY_new;
+ BN_MONT_CTX_set_locked;
@@ -3174,7 +3050,6 @@ Index: openssl-1.0.1d/openssl.ld
+ BN_BLINDING_get_thread_id;
+ X509_STORE_CTX_set0_param;
+ POLICY_MAPPING_it;
-+ POLICY_MAPPING_it;
+ STORE_parse_attrs_start;
+ POLICY_CONSTRAINTS_free;
+ EVP_PKEY_add1_attr_by_NID;
@@ -3183,7 +3058,6 @@ Index: openssl-1.0.1d/openssl.ld
+ STORE_set_method;
+ GENERAL_SUBTREE_free;
+ NAME_CONSTRAINTS_it;
-+ NAME_CONSTRAINTS_it;
+ ECDH_get_default_method;
+ PKCS12_add_safe;
+ EC_KEY_new_by_curve_name;
@@ -3226,7 +3100,6 @@ Index: openssl-1.0.1d/openssl.ld
+ ENGINE_get_default_ECDH;
+ EC_KEY_get_conv_form;
+ ASN1_OCTET_STRING_NDEF_it;
-+ ASN1_OCTET_STRING_NDEF_it;
+ STORE_delete_public_key;
+ STORE_get_public_key;
+ STORE_modify_arbitrary;
@@ -3383,7 +3256,6 @@ Index: openssl-1.0.1d/openssl.ld
+ ENGINE_load_padlock;
+ EC_GROUP_set_curve_name;
+ X509_CERT_PAIR_it;
-+ X509_CERT_PAIR_it;
+ STORE_meth_get_revoke_fn;
+ STORE_method_get_revoke_function;
+ STORE_method_set_get_function;
@@ -3510,7 +3382,6 @@ Index: openssl-1.0.1d/openssl.ld
+ pqueue_pop;
+ STORE_ATTR_INFO_get0_cstr;
+ POLICY_CONSTRAINTS_it;
-+ POLICY_CONSTRAINTS_it;
+ STORE_get_ex_new_index;
+ EVP_PKEY_get_attr_by_OBJ;
+ X509_VERIFY_PARAM_add0_policy;
@@ -3558,8 +3429,6 @@ Index: openssl-1.0.1d/openssl.ld
+ STORE_modify_crl;
+ STORE_list_private_key_start;
+ POLICY_MAPPINGS_it;
-+ POLICY_MAPPINGS_it;
-+ GENERAL_SUBTREE_it;
+ GENERAL_SUBTREE_it;
+ EC_GROUP_get_curve_name;
+ PEM_write_X509_CERT_PAIR;
@@ -3692,15 +3561,12 @@ Index: openssl-1.0.1d/openssl.ld
+ BIO_set_callback_arg;
+ v3_addr_add_prefix;
+ IPAddressOrRange_it;
-+ IPAddressOrRange_it;
+ BIO_set_flags;
+ ASIdentifiers_it;
-+ ASIdentifiers_it;
+ v3_addr_get_range;
+ BIO_method_type;
+ v3_addr_inherits;
+ IPAddressChoice_it;
-+ IPAddressChoice_it;
+ AES_ige_encrypt;
+ v3_addr_add_range;
+ EVP_CIPHER_CTX_nid;
@@ -3721,7 +3587,6 @@ Index: openssl-1.0.1d/openssl.ld
+ BIO_clear_flags;
+ i2d_ASRange;
+ IPAddressRange_it;
-+ IPAddressRange_it;
+ IPAddressChoice_new;
+ ASIdentifierChoice_new;
+ ASRange_free;
@@ -3742,7 +3607,6 @@ Index: openssl-1.0.1d/openssl.ld
+ BIO_test_flags;
+ i2d_ASIdentifierChoice;
+ ASRange_it;
-+ ASRange_it;
+ d2i_ASIdentifiers;
+ ASRange_new;
+ d2i_IPAddressChoice;
@@ -3751,7 +3615,6 @@ Index: openssl-1.0.1d/openssl.ld
+ EVP_Cipher;
+ i2d_IPAddressOrRange;
+ ASIdOrRange_it;
-+ ASIdOrRange_it;
+ EVP_CIPHER_nid;
+ i2d_IPAddressChoice;
+ EVP_CIPHER_CTX_block_size;
@@ -3762,7 +3625,6 @@ Index: openssl-1.0.1d/openssl.ld
+ v3_addr_is_canonical;
+ i2d_IPAddressRange;
+ IPAddressFamily_it;
-+ IPAddressFamily_it;
+ v3_asid_inherits;
+ EVP_CIPHER_CTX_cipher;
+ EVP_CIPHER_CTX_get_app_data;
@@ -3772,7 +3634,6 @@ Index: openssl-1.0.1d/openssl.ld
+ d2i_IPAddressOrRange;
+ v3_addr_canonize;
+ ASIdentifierChoice_it;
-+ ASIdentifierChoice_it;
+ EVP_MD_CTX_md;
+ d2i_ASIdentifierChoice;
+ BIO_method_name;
@@ -3795,7 +3656,6 @@ Index: openssl-1.0.1d/openssl.ld
+ SEED_set_key;
+ EVP_seed_cfb128;
+ X509_EXTENSIONS_it;
-+ X509_EXTENSIONS_it;
+ X509_get1_ocsp;
+ OCSP_REQ_CTX_free;
+ i2d_X509_EXTENSIONS;
@@ -3803,7 +3663,6 @@ Index: openssl-1.0.1d/openssl.ld
+ OCSP_sendreq_new;
+ d2i_X509_EXTENSIONS;
+ X509_ALGORS_it;
-+ X509_ALGORS_it;
+ X509_ALGOR_get0;
+ X509_ALGOR_set0;
+ AES_unwrap_key;
@@ -3848,7 +3707,6 @@ Index: openssl-1.0.1d/openssl.ld
+ CMS_SignerInfo_verify;
+ CMS_data;
+ CMS_ContentInfo_it;
-+ CMS_ContentInfo_it;
+ d2i_CMS_ReceiptRequest;
+ CMS_compress;
+ CMS_digest_create;
@@ -3893,7 +3751,6 @@ Index: openssl-1.0.1d/openssl.ld
+ CMS_RecipientInfo_kekri_get0_id;
+ CMS_verify_receipt;
+ CMS_ReceiptRequest_it;
-+ CMS_ReceiptRequest_it;
+ PEM_read_bio_CMS;
+ CMS_get1_crls;
+ CMS_add0_recipient_key;
@@ -4032,7 +3889,6 @@ Index: openssl-1.0.1d/openssl.ld
+ TS_REQ_dup;
+ GENERAL_NAME_dup;
+ ASN1_SEQUENCE_ANY_it;
-+ ASN1_SEQUENCE_ANY_it;
+ WHIRLPOOL;
+ X509_STORE_get1_crls;
+ ENGINE_get_pkey_asn1_meth;
@@ -4103,7 +3959,6 @@ Index: openssl-1.0.1d/openssl.ld
+ DIST_POINT_set_dpname;
+ i2d_ISSUING_DIST_POINT;
+ ASN1_SET_ANY_it;
-+ ASN1_SET_ANY_it;
+ EVP_PKEY_CTX_get_data;
+ TS_STATUS_INFO_print_bio;
+ EVP_PKEY_derive_init;
@@ -4263,7 +4118,6 @@ Index: openssl-1.0.1d/openssl.ld
+ EVP_DigestSignFinal;
+ TS_RESP_CTX_set_def_policy;
+ NETSCAPE_X509_it;
-+ NETSCAPE_X509_it;
+ TS_RESP_create_response;
+ PKCS7_SIGNER_INFO_get0_algs;
+ TS_TST_INFO_get_nonce;
@@ -4322,7 +4176,6 @@ Index: openssl-1.0.1d/openssl.ld
+ EVP_CIPHER_do_all_sorted;
+ EVP_PKEY_CTX_free;
+ ISSUING_DIST_POINT_it;
-+ ISSUING_DIST_POINT_it;
+ d2i_TS_MSG_IMPRINT_fp;
+ X509_STORE_get1_certs;
+ EVP_PKEY_CTX_get_operation;
@@ -4615,7 +4468,6 @@ Index: openssl-1.0.1d/openssl.ld
+ X509_signature_dump;
+ d2i_RSA_PSS_PARAMS;
+ RSA_PSS_PARAMS_it;
-+ RSA_PSS_PARAMS_it;
+ RSA_PSS_PARAMS_free;
+ X509_sign_ctx;
+ i2d_RSA_PSS_PARAMS;
@@ -4638,10 +4490,151 @@ Index: openssl-1.0.1d/openssl.ld
+ CRYPTO_memcmp;
+} OPENSSL_1.0.1;
+
-Index: openssl-1.0.1d/engines/openssl.ld
++OPENSSL_1.0.2 {
++ global:
++ SSL_CTX_set_alpn_protos;
++ SSL_set_alpn_protos;
++ SSL_CTX_set_alpn_select_cb;
++ SSL_get0_alpn_selected;
++ SSL_CTX_set_custom_cli_ext;
++ SSL_CTX_set_custom_srv_ext;
++ SSL_CTX_set_srv_supp_data;
++ SSL_CTX_set_cli_supp_data;
++ SSL_set_cert_cb;
++ SSL_CTX_use_serverinfo;
++ SSL_CTX_use_serverinfo_file;
++ SSL_CTX_set_cert_cb;
++ SSL_CTX_get0_param;
++ SSL_get0_param;
++ SSL_certs_clear;
++ DTLSv1_2_method;
++ DTLSv1_2_server_method;
++ DTLSv1_2_client_method;
++ DTLS_method;
++ DTLS_server_method;
++ DTLS_client_method;
++ SSL_CTX_get_ssl_method;
++ SSL_CTX_get0_certificate;
++ SSL_CTX_get0_privatekey;
++ SSL_COMP_set0_compression_methods;
++ SSL_COMP_free_compression_methods;
++ SSL_CIPHER_find;
++ SSL_is_server;
++ SSL_CONF_CTX_new;
++ SSL_CONF_CTX_finish;
++ SSL_CONF_CTX_free;
++ SSL_CONF_CTX_set_flags;
++ SSL_CONF_CTX_clear_flags;
++ SSL_CONF_CTX_set1_prefix;
++ SSL_CONF_CTX_set_ssl;
++ SSL_CONF_CTX_set_ssl_ctx;
++ SSL_CONF_cmd;
++ SSL_CONF_cmd_argv;
++ SSL_CONF_cmd_value_type;
++ SSL_trace;
++ SSL_CIPHER_standard_name;
++ SSL_get_tlsa_record_byname;
++ ASN1_TIME_diff;
++ BIO_hex_string;
++ CMS_RecipientInfo_get0_pkey_ctx;
++ CMS_RecipientInfo_encrypt;
++ CMS_SignerInfo_get0_pkey_ctx;
++ CMS_SignerInfo_get0_md_ctx;
++ CMS_SignerInfo_get0_signature;
++ CMS_RecipientInfo_kari_get0_alg;
++ CMS_RecipientInfo_kari_get0_reks;
++ CMS_RecipientInfo_kari_get0_orig_id;
++ CMS_RecipientInfo_kari_orig_id_cmp;
++ CMS_RecipientEncryptedKey_get0_id;
++ CMS_RecipientEncryptedKey_cert_cmp;
++ CMS_RecipientInfo_kari_set0_pkey;
++ CMS_RecipientInfo_kari_get0_ctx;
++ CMS_RecipientInfo_kari_decrypt;
++ CMS_SharedInfo_encode;
++ DH_compute_key_padded;
++ d2i_DHxparams;
++ i2d_DHxparams;
++ DH_get_1024_160;
++ DH_get_2048_224;
++ DH_get_2048_256;
++ DH_KDF_X9_42;
++ ECDH_KDF_X9_62;
++ ECDSA_METHOD_new;
++ ECDSA_METHOD_free;
++ ECDSA_METHOD_set_app_data;
++ ECDSA_METHOD_get_app_data;
++ ECDSA_METHOD_set_sign;
++ ECDSA_METHOD_set_sign_setup;
++ ECDSA_METHOD_set_verify;
++ ECDSA_METHOD_set_flags;
++ ECDSA_METHOD_set_name;
++ EVP_des_ede3_wrap;
++ EVP_aes_128_wrap;
++ EVP_aes_192_wrap;
++ EVP_aes_256_wrap;
++ EVP_aes_128_cbc_hmac_sha256;
++ EVP_aes_256_cbc_hmac_sha256;
++ CRYPTO_128_wrap;
++ CRYPTO_128_unwrap;
++ OCSP_REQ_CTX_nbio;
++ OCSP_REQ_CTX_new;
++ OCSP_set_max_response_length;
++ OCSP_REQ_CTX_i2d;
++ OCSP_REQ_CTX_nbio_d2i;
++ OCSP_REQ_CTX_get0_mem_bio;
++ OCSP_REQ_CTX_http;
++ RSA_padding_add_PKCS1_OAEP_mgf1;
++ RSA_padding_check_PKCS1_OAEP_mgf1;
++ RSA_OAEP_PARAMS_free;
++ RSA_OAEP_PARAMS_it;
++ RSA_OAEP_PARAMS_new;
++ SSL_get_sigalgs;
++ SSL_get_shared_sigalgs;
++ SSL_check_chain;
++ X509_chain_up_ref;
++ X509_http_nbio;
++ X509_CRL_http_nbio;
++ X509_REVOKED_dup;
++ i2d_re_X509_tbs;
++ X509_get0_signature;
++ X509_get_signature_nid;
++ X509_CRL_diff;
++ X509_chain_check_suiteb;
++ X509_CRL_check_suiteb;
++ X509_check_host;
++ X509_check_email;
++ X509_check_ip;
++ X509_check_ip_asc;
++ X509_STORE_set_lookup_crls_cb;
++ X509_STORE_CTX_get0_store;
++ X509_VERIFY_PARAM_set1_host;
++ X509_VERIFY_PARAM_add1_host;
++ X509_VERIFY_PARAM_set_hostflags;
++ X509_VERIFY_PARAM_get0_peername;
++ X509_VERIFY_PARAM_set1_email;
++ X509_VERIFY_PARAM_set1_ip;
++ X509_VERIFY_PARAM_set1_ip_asc;
++ X509_VERIFY_PARAM_get0_name;
++ X509_VERIFY_PARAM_get_count;
++ X509_VERIFY_PARAM_get0;
++ X509V3_EXT_free;
++ EC_GROUP_get_mont_data;
++ EC_curve_nid2nist;
++ EC_curve_nist2nid;
++ PEM_write_bio_DHxparams;
++ PEM_write_DHxparams;
++ SSL_CTX_add_client_custom_ext;
++ SSL_CTX_add_server_custom_ext;
++ SSL_extension_supported;
++ BUF_strnlen;
++ sk_deep_copy;
++ SSL_test_functions;
++} OPENSSL_1.0.1d;
++
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.1d/engines/openssl.ld 2013-02-06 19:41:43.000000000 +0100
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 2014-02-24 21:02:30.000000000 +0100
@@ -0,0 +1,10 @@
+OPENSSL_1.0.0 {
+ global:
@@ -4653,10 +4646,10 @@ Index: openssl-1.0.1d/engines/openssl.ld
+ *;
+};
+
-Index: openssl-1.0.1d/engines/ccgost/openssl.ld
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.1d/engines/ccgost/openssl.ld 2013-02-06 19:41:43.000000000 +0100
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld 2014-02-24 21:02:30.000000000 +0100
@@ -0,0 +1,10 @@
+OPENSSL_1.0.0 {
+ global:
diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/block_digicert_malaysia.patch b/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/block_digicert_malaysia.patch
new file mode 100644
index 0000000..c43bcd1
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/block_digicert_malaysia.patch
@@ -0,0 +1,29 @@
+From: Raphael Geissert <geissert at debian.org>
+Description: make X509_verify_cert indicate that any certificate whose
+ name contains "Digicert Sdn. Bhd." (from Malaysia) is revoked.
+Forwarded: not-needed
+Origin: vendor
+Last-Update: 2011-11-05
+
+Upstream-Status: Backport [debian]
+
+
+Index: openssl-1.0.2~beta1/crypto/x509/x509_vfy.c
+===================================================================
+--- openssl-1.0.2~beta1.orig/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.488028844 +0100
++++ openssl-1.0.2~beta1/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.484028929 +0100
+@@ -964,10 +964,11 @@
+ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
+ {
+ x = sk_X509_value(ctx->chain, i);
+- /* Mark DigiNotar certificates as revoked, no matter
+- * where in the chain they are.
++ /* Mark certificates containing the following names as
++ * revoked, no matter where in the chain they are.
+ */
+- if (x->name && strstr(x->name, "DigiNotar"))
++ if (x->name && (strstr(x->name, "DigiNotar") ||
++ strstr(x->name, "Digicert Sdn. Bhd.")))
+ {
+ ctx->error = X509_V_ERR_CERT_REVOKED;
+ ctx->error_depth = i;
diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/block_diginotar.patch b/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/block_diginotar.patch
new file mode 100644
index 0000000..d81e22c
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/block_diginotar.patch
@@ -0,0 +1,68 @@
+From: Raphael Geissert <geissert at debian.org>
+Description: make X509_verify_cert indicate that any certificate whose
+ name contains "DigiNotar" is revoked.
+Forwarded: not-needed
+Origin: vendor
+Last-Update: 2011-09-08
+Bug: http://bugs.debian.org/639744
+Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
+Reviewed-by: Dr Stephen N Henson <shenson at drh-consultancy.co.uk>
+
+This is not meant as final patch.
+
+Upstream-Status: Backport [debian]
+
+Signed-off-by: Armin Kuster <akuster at mvista.com>
+
+Index: openssl-1.0.2g/crypto/x509/x509_vfy.c
+===================================================================
+--- openssl-1.0.2g.orig/crypto/x509/x509_vfy.c
++++ openssl-1.0.2g/crypto/x509/x509_vfy.c
+@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c
+ static int check_revocation(X509_STORE_CTX *ctx);
+ static int check_cert(X509_STORE_CTX *ctx);
+ static int check_policy(X509_STORE_CTX *ctx);
++static int check_ca_blacklist(X509_STORE_CTX *ctx);
+
+ static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
+ unsigned int *preasons, X509_CRL *crl, X509 *x);
+@@ -489,6 +490,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
+ if (!ok)
+ goto err;
+
++ ok = check_ca_blacklist(ctx);
++ if(!ok) goto err;
++
+ #ifndef OPENSSL_NO_RFC3779
+ /* RFC 3779 path validation, now that CRL check has been done */
+ ok = v3_asid_validate_path(ctx);
+@@ -996,6 +1000,29 @@ static int check_crl_time(X509_STORE_CTX
+ return 1;
+ }
+
++static int check_ca_blacklist(X509_STORE_CTX *ctx)
++ {
++ X509 *x;
++ int i;
++ /* Check all certificates against the blacklist */
++ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
++ {
++ x = sk_X509_value(ctx->chain, i);
++ /* Mark DigiNotar certificates as revoked, no matter
++ * where in the chain they are.
++ */
++ if (x->name && strstr(x->name, "DigiNotar"))
++ {
++ ctx->error = X509_V_ERR_CERT_REVOKED;
++ ctx->error_depth = i;
++ ctx->current_cert = x;
++ if (!ctx->verify_cb(0,ctx))
++ return 0;
++ }
++ }
++ return 1;
++ }
++
+ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
+ X509 **pissuer, int *pscore, unsigned int *preasons,
+ STACK_OF(X509_CRL) *crls)
diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/version-script.patch b/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/version-script.patch
new file mode 100644
index 0000000..29f11a2
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/version-script.patch
@@ -0,0 +1,4656 @@
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure
+===================================================================
+--- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure 2014-02-24 21:02:30.000000000 +0100
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure 2014-02-24 21:02:30.000000000 +0100
+@@ -1651,6 +1651,8 @@
+ }
+ }
+
++$shared_ldflag .= " -Wl,--version-script=openssl.ld";
++
+ open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
+ unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
+ open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100
+@@ -0,0 +1,4608 @@
++OPENSSL_1.0.2d {
++ global:
++ BIO_f_ssl;
++ BIO_new_buffer_ssl_connect;
++ BIO_new_ssl;
++ BIO_new_ssl_connect;
++ BIO_proxy_ssl_copy_session_id;
++ BIO_ssl_copy_session_id;
++ BIO_ssl_shutdown;
++ d2i_SSL_SESSION;
++ DTLSv1_client_method;
++ DTLSv1_method;
++ DTLSv1_server_method;
++ ERR_load_SSL_strings;
++ i2d_SSL_SESSION;
++ kssl_build_principal_2;
++ kssl_cget_tkt;
++ kssl_check_authent;
++ kssl_ctx_free;
++ kssl_ctx_new;
++ kssl_ctx_setkey;
++ kssl_ctx_setprinc;
++ kssl_ctx_setstring;
++ kssl_ctx_show;
++ kssl_err_set;
++ kssl_krb5_free_data_contents;
++ kssl_sget_tkt;
++ kssl_skip_confound;
++ kssl_validate_times;
++ PEM_read_bio_SSL_SESSION;
++ PEM_read_SSL_SESSION;
++ PEM_write_bio_SSL_SESSION;
++ PEM_write_SSL_SESSION;
++ SSL_accept;
++ SSL_add_client_CA;
++ SSL_add_dir_cert_subjects_to_stack;
++ SSL_add_dir_cert_subjs_to_stk;
++ SSL_add_file_cert_subjects_to_stack;
++ SSL_add_file_cert_subjs_to_stk;
++ SSL_alert_desc_string;
++ SSL_alert_desc_string_long;
++ SSL_alert_type_string;
++ SSL_alert_type_string_long;
++ SSL_callback_ctrl;
++ SSL_check_private_key;
++ SSL_CIPHER_description;
++ SSL_CIPHER_get_bits;
++ SSL_CIPHER_get_name;
++ SSL_CIPHER_get_version;
++ SSL_clear;
++ SSL_COMP_add_compression_method;
++ SSL_COMP_get_compression_methods;
++ SSL_COMP_get_compress_methods;
++ SSL_COMP_get_name;
++ SSL_connect;
++ SSL_copy_session_id;
++ SSL_ctrl;
++ SSL_CTX_add_client_CA;
++ SSL_CTX_add_session;
++ SSL_CTX_callback_ctrl;
++ SSL_CTX_check_private_key;
++ SSL_CTX_ctrl;
++ SSL_CTX_flush_sessions;
++ SSL_CTX_free;
++ SSL_CTX_get_cert_store;
++ SSL_CTX_get_client_CA_list;
++ SSL_CTX_get_client_cert_cb;
++ SSL_CTX_get_ex_data;
++ SSL_CTX_get_ex_new_index;
++ SSL_CTX_get_info_callback;
++ SSL_CTX_get_quiet_shutdown;
++ SSL_CTX_get_timeout;
++ SSL_CTX_get_verify_callback;
++ SSL_CTX_get_verify_depth;
++ SSL_CTX_get_verify_mode;
++ SSL_CTX_load_verify_locations;
++ SSL_CTX_new;
++ SSL_CTX_remove_session;
++ SSL_CTX_sess_get_get_cb;
++ SSL_CTX_sess_get_new_cb;
++ SSL_CTX_sess_get_remove_cb;
++ SSL_CTX_sessions;
++ SSL_CTX_sess_set_get_cb;
++ SSL_CTX_sess_set_new_cb;
++ SSL_CTX_sess_set_remove_cb;
++ SSL_CTX_set1_param;
++ SSL_CTX_set_cert_store;
++ SSL_CTX_set_cert_verify_callback;
++ SSL_CTX_set_cert_verify_cb;
++ SSL_CTX_set_cipher_list;
++ SSL_CTX_set_client_CA_list;
++ SSL_CTX_set_client_cert_cb;
++ SSL_CTX_set_client_cert_engine;
++ SSL_CTX_set_cookie_generate_cb;
++ SSL_CTX_set_cookie_verify_cb;
++ SSL_CTX_set_default_passwd_cb;
++ SSL_CTX_set_default_passwd_cb_userdata;
++ SSL_CTX_set_default_verify_paths;
++ SSL_CTX_set_def_passwd_cb_ud;
++ SSL_CTX_set_def_verify_paths;
++ SSL_CTX_set_ex_data;
++ SSL_CTX_set_generate_session_id;
++ SSL_CTX_set_info_callback;
++ SSL_CTX_set_msg_callback;
++ SSL_CTX_set_psk_client_callback;
++ SSL_CTX_set_psk_server_callback;
++ SSL_CTX_set_purpose;
++ SSL_CTX_set_quiet_shutdown;
++ SSL_CTX_set_session_id_context;
++ SSL_CTX_set_ssl_version;
++ SSL_CTX_set_timeout;
++ SSL_CTX_set_tmp_dh_callback;
++ SSL_CTX_set_tmp_ecdh_callback;
++ SSL_CTX_set_tmp_rsa_callback;
++ SSL_CTX_set_trust;
++ SSL_CTX_set_verify;
++ SSL_CTX_set_verify_depth;
++ SSL_CTX_use_cert_chain_file;
++ SSL_CTX_use_certificate;
++ SSL_CTX_use_certificate_ASN1;
++ SSL_CTX_use_certificate_chain_file;
++ SSL_CTX_use_certificate_file;
++ SSL_CTX_use_PrivateKey;
++ SSL_CTX_use_PrivateKey_ASN1;
++ SSL_CTX_use_PrivateKey_file;
++ SSL_CTX_use_psk_identity_hint;
++ SSL_CTX_use_RSAPrivateKey;
++ SSL_CTX_use_RSAPrivateKey_ASN1;
++ SSL_CTX_use_RSAPrivateKey_file;
++ SSL_do_handshake;
++ SSL_dup;
++ SSL_dup_CA_list;
++ SSLeay_add_ssl_algorithms;
++ SSL_free;
++ SSL_get1_session;
++ SSL_get_certificate;
++ SSL_get_cipher_list;
++ SSL_get_ciphers;
++ SSL_get_client_CA_list;
++ SSL_get_current_cipher;
++ SSL_get_current_compression;
++ SSL_get_current_expansion;
++ SSL_get_default_timeout;
++ SSL_get_error;
++ SSL_get_ex_data;
++ SSL_get_ex_data_X509_STORE_CTX_idx;
++ SSL_get_ex_d_X509_STORE_CTX_idx;
++ SSL_get_ex_new_index;
++ SSL_get_fd;
++ SSL_get_finished;
++ SSL_get_info_callback;
++ SSL_get_peer_cert_chain;
++ SSL_get_peer_certificate;
++ SSL_get_peer_finished;
++ SSL_get_privatekey;
++ SSL_get_psk_identity;
++ SSL_get_psk_identity_hint;
++ SSL_get_quiet_shutdown;
++ SSL_get_rbio;
++ SSL_get_read_ahead;
++ SSL_get_rfd;
++ SSL_get_servername;
++ SSL_get_servername_type;
++ SSL_get_session;
++ SSL_get_shared_ciphers;
++ SSL_get_shutdown;
++ SSL_get_SSL_CTX;
++ SSL_get_ssl_method;
++ SSL_get_verify_callback;
++ SSL_get_verify_depth;
++ SSL_get_verify_mode;
++ SSL_get_verify_result;
++ SSL_get_version;
++ SSL_get_wbio;
++ SSL_get_wfd;
++ SSL_has_matching_session_id;
++ SSL_library_init;
++ SSL_load_client_CA_file;
++ SSL_load_error_strings;
++ SSL_new;
++ SSL_peek;
++ SSL_pending;
++ SSL_read;
++ SSL_renegotiate;
++ SSL_renegotiate_pending;
++ SSL_rstate_string;
++ SSL_rstate_string_long;
++ SSL_SESSION_cmp;
++ SSL_SESSION_free;
++ SSL_SESSION_get_ex_data;
++ SSL_SESSION_get_ex_new_index;
++ SSL_SESSION_get_id;
++ SSL_SESSION_get_time;
++ SSL_SESSION_get_timeout;
++ SSL_SESSION_hash;
++ SSL_SESSION_new;
++ SSL_SESSION_print;
++ SSL_SESSION_print_fp;
++ SSL_SESSION_set_ex_data;
++ SSL_SESSION_set_time;
++ SSL_SESSION_set_timeout;
++ SSL_set1_param;
++ SSL_set_accept_state;
++ SSL_set_bio;
++ SSL_set_cipher_list;
++ SSL_set_client_CA_list;
++ SSL_set_connect_state;
++ SSL_set_ex_data;
++ SSL_set_fd;
++ SSL_set_generate_session_id;
++ SSL_set_info_callback;
++ SSL_set_msg_callback;
++ SSL_set_psk_client_callback;
++ SSL_set_psk_server_callback;
++ SSL_set_purpose;
++ SSL_set_quiet_shutdown;
++ SSL_set_read_ahead;
++ SSL_set_rfd;
++ SSL_set_session;
++ SSL_set_session_id_context;
++ SSL_set_session_secret_cb;
++ SSL_set_session_ticket_ext;
++ SSL_set_session_ticket_ext_cb;
++ SSL_set_shutdown;
++ SSL_set_SSL_CTX;
++ SSL_set_ssl_method;
++ SSL_set_tmp_dh_callback;
++ SSL_set_tmp_ecdh_callback;
++ SSL_set_tmp_rsa_callback;
++ SSL_set_trust;
++ SSL_set_verify;
++ SSL_set_verify_depth;
++ SSL_set_verify_result;
++ SSL_set_wfd;
++ SSL_shutdown;
++ SSL_state;
++ SSL_state_string;
++ SSL_state_string_long;
++ SSL_use_certificate;
++ SSL_use_certificate_ASN1;
++ SSL_use_certificate_file;
++ SSL_use_PrivateKey;
++ SSL_use_PrivateKey_ASN1;
++ SSL_use_PrivateKey_file;
++ SSL_use_psk_identity_hint;
++ SSL_use_RSAPrivateKey;
++ SSL_use_RSAPrivateKey_ASN1;
++ SSL_use_RSAPrivateKey_file;
++ SSLv23_client_method;
++ SSLv23_method;
++ SSLv23_server_method;
++ SSLv2_client_method;
++ SSLv2_method;
++ SSLv2_server_method;
++ SSLv3_client_method;
++ SSLv3_method;
++ SSLv3_server_method;
++ SSL_version;
++ SSL_want;
++ SSL_write;
++ TLSv1_client_method;
++ TLSv1_method;
++ TLSv1_server_method;
++
++
++ SSLeay;
++ SSLeay_version;
++ ASN1_BIT_STRING_asn1_meth;
++ ASN1_HEADER_free;
++ ASN1_HEADER_new;
++ ASN1_IA5STRING_asn1_meth;
++ ASN1_INTEGER_get;
++ ASN1_INTEGER_set;
++ ASN1_INTEGER_to_BN;
++ ASN1_OBJECT_create;
++ ASN1_OBJECT_free;
++ ASN1_OBJECT_new;
++ ASN1_PRINTABLE_type;
++ ASN1_STRING_cmp;
++ ASN1_STRING_dup;
++ ASN1_STRING_free;
++ ASN1_STRING_new;
++ ASN1_STRING_print;
++ ASN1_STRING_set;
++ ASN1_STRING_type_new;
++ ASN1_TYPE_free;
++ ASN1_TYPE_new;
++ ASN1_UNIVERSALSTRING_to_string;
++ ASN1_UTCTIME_check;
++ ASN1_UTCTIME_print;
++ ASN1_UTCTIME_set;
++ ASN1_check_infinite_end;
++ ASN1_d2i_bio;
++ ASN1_d2i_fp;
++ ASN1_digest;
++ ASN1_dup;
++ ASN1_get_object;
++ ASN1_i2d_bio;
++ ASN1_i2d_fp;
++ ASN1_object_size;
++ ASN1_parse;
++ ASN1_put_object;
++ ASN1_sign;
++ ASN1_verify;
++ BF_cbc_encrypt;
++ BF_cfb64_encrypt;
++ BF_ecb_encrypt;
++ BF_encrypt;
++ BF_ofb64_encrypt;
++ BF_options;
++ BF_set_key;
++ BIO_CONNECT_free;
++ BIO_CONNECT_new;
++ BIO_accept;
++ BIO_ctrl;
++ BIO_int_ctrl;
++ BIO_debug_callback;
++ BIO_dump;
++ BIO_dup_chain;
++ BIO_f_base64;
++ BIO_f_buffer;
++ BIO_f_cipher;
++ BIO_f_md;
++ BIO_f_null;
++ BIO_f_proxy_server;
++ BIO_fd_non_fatal_error;
++ BIO_fd_should_retry;
++ BIO_find_type;
++ BIO_free;
++ BIO_free_all;
++ BIO_get_accept_socket;
++ BIO_get_filter_bio;
++ BIO_get_host_ip;
++ BIO_get_port;
++ BIO_get_retry_BIO;
++ BIO_get_retry_reason;
++ BIO_gethostbyname;
++ BIO_gets;
++ BIO_new;
++ BIO_new_accept;
++ BIO_new_connect;
++ BIO_new_fd;
++ BIO_new_file;
++ BIO_new_fp;
++ BIO_new_socket;
++ BIO_pop;
++ BIO_printf;
++ BIO_push;
++ BIO_puts;
++ BIO_read;
++ BIO_s_accept;
++ BIO_s_connect;
++ BIO_s_fd;
++ BIO_s_file;
++ BIO_s_mem;
++ BIO_s_null;
++ BIO_s_proxy_client;
++ BIO_s_socket;
++ BIO_set;
++ BIO_set_cipher;
++ BIO_set_tcp_ndelay;
++ BIO_sock_cleanup;
++ BIO_sock_error;
++ BIO_sock_init;
++ BIO_sock_non_fatal_error;
++ BIO_sock_should_retry;
++ BIO_socket_ioctl;
++ BIO_write;
++ BN_CTX_free;
++ BN_CTX_new;
++ BN_MONT_CTX_free;
++ BN_MONT_CTX_new;
++ BN_MONT_CTX_set;
++ BN_add;
++ BN_add_word;
++ BN_hex2bn;
++ BN_bin2bn;
++ BN_bn2hex;
++ BN_bn2bin;
++ BN_clear;
++ BN_clear_bit;
++ BN_clear_free;
++ BN_cmp;
++ BN_copy;
++ BN_div;
++ BN_div_word;
++ BN_dup;
++ BN_free;
++ BN_from_montgomery;
++ BN_gcd;
++ BN_generate_prime;
++ BN_get_word;
++ BN_is_bit_set;
++ BN_is_prime;
++ BN_lshift;
++ BN_lshift1;
++ BN_mask_bits;
++ BN_mod;
++ BN_mod_exp;
++ BN_mod_exp_mont;
++ BN_mod_exp_simple;
++ BN_mod_inverse;
++ BN_mod_mul;
++ BN_mod_mul_montgomery;
++ BN_mod_word;
++ BN_mul;
++ BN_new;
++ BN_num_bits;
++ BN_num_bits_word;
++ BN_options;
++ BN_print;
++ BN_print_fp;
++ BN_rand;
++ BN_reciprocal;
++ BN_rshift;
++ BN_rshift1;
++ BN_set_bit;
++ BN_set_word;
++ BN_sqr;
++ BN_sub;
++ BN_to_ASN1_INTEGER;
++ BN_ucmp;
++ BN_value_one;
++ BUF_MEM_free;
++ BUF_MEM_grow;
++ BUF_MEM_new;
++ BUF_strdup;
++ CONF_free;
++ CONF_get_number;
++ CONF_get_section;
++ CONF_get_string;
++ CONF_load;
++ CRYPTO_add_lock;
++ CRYPTO_dbg_free;
++ CRYPTO_dbg_malloc;
++ CRYPTO_dbg_realloc;
++ CRYPTO_dbg_remalloc;
++ CRYPTO_free;
++ CRYPTO_get_add_lock_callback;
++ CRYPTO_get_id_callback;
++ CRYPTO_get_lock_name;
++ CRYPTO_get_locking_callback;
++ CRYPTO_get_mem_functions;
++ CRYPTO_lock;
++ CRYPTO_malloc;
++ CRYPTO_mem_ctrl;
++ CRYPTO_mem_leaks;
++ CRYPTO_mem_leaks_cb;
++ CRYPTO_mem_leaks_fp;
++ CRYPTO_realloc;
++ CRYPTO_remalloc;
++ CRYPTO_set_add_lock_callback;
++ CRYPTO_set_id_callback;
++ CRYPTO_set_locking_callback;
++ CRYPTO_set_mem_functions;
++ CRYPTO_thread_id;
++ DH_check;
++ DH_compute_key;
++ DH_free;
++ DH_generate_key;
++ DH_generate_parameters;
++ DH_new;
++ DH_size;
++ DHparams_print;
++ DHparams_print_fp;
++ DSA_free;
++ DSA_generate_key;
++ DSA_generate_parameters;
++ DSA_is_prime;
++ DSA_new;
++ DSA_print;
++ DSA_print_fp;
++ DSA_sign;
++ DSA_sign_setup;
++ DSA_size;
++ DSA_verify;
++ DSAparams_print;
++ DSAparams_print_fp;
++ ERR_clear_error;
++ ERR_error_string;
++ ERR_free_strings;
++ ERR_func_error_string;
++ ERR_get_err_state_table;
++ ERR_get_error;
++ ERR_get_error_line;
++ ERR_get_state;
++ ERR_get_string_table;
++ ERR_lib_error_string;
++ ERR_load_ASN1_strings;
++ ERR_load_BIO_strings;
++ ERR_load_BN_strings;
++ ERR_load_BUF_strings;
++ ERR_load_CONF_strings;
++ ERR_load_DH_strings;
++ ERR_load_DSA_strings;
++ ERR_load_ERR_strings;
++ ERR_load_EVP_strings;
++ ERR_load_OBJ_strings;
++ ERR_load_PEM_strings;
++ ERR_load_PROXY_strings;
++ ERR_load_RSA_strings;
++ ERR_load_X509_strings;
++ ERR_load_crypto_strings;
++ ERR_load_strings;
++ ERR_peek_error;
++ ERR_peek_error_line;
++ ERR_print_errors;
++ ERR_print_errors_fp;
++ ERR_put_error;
++ ERR_reason_error_string;
++ ERR_remove_state;
++ EVP_BytesToKey;
++ EVP_CIPHER_CTX_cleanup;
++ EVP_CipherFinal;
++ EVP_CipherInit;
++ EVP_CipherUpdate;
++ EVP_DecodeBlock;
++ EVP_DecodeFinal;
++ EVP_DecodeInit;
++ EVP_DecodeUpdate;
++ EVP_DecryptFinal;
++ EVP_DecryptInit;
++ EVP_DecryptUpdate;
++ EVP_DigestFinal;
++ EVP_DigestInit;
++ EVP_DigestUpdate;
++ EVP_EncodeBlock;
++ EVP_EncodeFinal;
++ EVP_EncodeInit;
++ EVP_EncodeUpdate;
++ EVP_EncryptFinal;
++ EVP_EncryptInit;
++ EVP_EncryptUpdate;
++ EVP_OpenFinal;
++ EVP_OpenInit;
++ EVP_PKEY_assign;
++ EVP_PKEY_copy_parameters;
++ EVP_PKEY_free;
++ EVP_PKEY_missing_parameters;
++ EVP_PKEY_new;
++ EVP_PKEY_save_parameters;
++ EVP_PKEY_size;
++ EVP_PKEY_type;
++ EVP_SealFinal;
++ EVP_SealInit;
++ EVP_SignFinal;
++ EVP_VerifyFinal;
++ EVP_add_alias;
++ EVP_add_cipher;
++ EVP_add_digest;
++ EVP_bf_cbc;
++ EVP_bf_cfb64;
++ EVP_bf_ecb;
++ EVP_bf_ofb;
++ EVP_cleanup;
++ EVP_des_cbc;
++ EVP_des_cfb64;
++ EVP_des_ecb;
++ EVP_des_ede;
++ EVP_des_ede3;
++ EVP_des_ede3_cbc;
++ EVP_des_ede3_cfb64;
++ EVP_des_ede3_ofb;
++ EVP_des_ede_cbc;
++ EVP_des_ede_cfb64;
++ EVP_des_ede_ofb;
++ EVP_des_ofb;
++ EVP_desx_cbc;
++ EVP_dss;
++ EVP_dss1;
++ EVP_enc_null;
++ EVP_get_cipherbyname;
++ EVP_get_digestbyname;
++ EVP_get_pw_prompt;
++ EVP_idea_cbc;
++ EVP_idea_cfb64;
++ EVP_idea_ecb;
++ EVP_idea_ofb;
++ EVP_md2;
++ EVP_md5;
++ EVP_md_null;
++ EVP_rc2_cbc;
++ EVP_rc2_cfb64;
++ EVP_rc2_ecb;
++ EVP_rc2_ofb;
++ EVP_rc4;
++ EVP_read_pw_string;
++ EVP_set_pw_prompt;
++ EVP_sha;
++ EVP_sha1;
++ MD2;
++ MD2_Final;
++ MD2_Init;
++ MD2_Update;
++ MD2_options;
++ MD5;
++ MD5_Final;
++ MD5_Init;
++ MD5_Update;
++ MDC2;
++ MDC2_Final;
++ MDC2_Init;
++ MDC2_Update;
++ NETSCAPE_SPKAC_free;
++ NETSCAPE_SPKAC_new;
++ NETSCAPE_SPKI_free;
++ NETSCAPE_SPKI_new;
++ NETSCAPE_SPKI_sign;
++ NETSCAPE_SPKI_verify;
++ OBJ_add_object;
++ OBJ_bsearch;
++ OBJ_cleanup;
++ OBJ_cmp;
++ OBJ_create;
++ OBJ_dup;
++ OBJ_ln2nid;
++ OBJ_new_nid;
++ OBJ_nid2ln;
++ OBJ_nid2obj;
++ OBJ_nid2sn;
++ OBJ_obj2nid;
++ OBJ_sn2nid;
++ OBJ_txt2nid;
++ PEM_ASN1_read;
++ PEM_ASN1_read_bio;
++ PEM_ASN1_write;
++ PEM_ASN1_write_bio;
++ PEM_SealFinal;
++ PEM_SealInit;
++ PEM_SealUpdate;
++ PEM_SignFinal;
++ PEM_SignInit;
++ PEM_SignUpdate;
++ PEM_X509_INFO_read;
++ PEM_X509_INFO_read_bio;
++ PEM_X509_INFO_write_bio;
++ PEM_dek_info;
++ PEM_do_header;
++ PEM_get_EVP_CIPHER_INFO;
++ PEM_proc_type;
++ PEM_read;
++ PEM_read_DHparams;
++ PEM_read_DSAPrivateKey;
++ PEM_read_DSAparams;
++ PEM_read_PKCS7;
++ PEM_read_PrivateKey;
++ PEM_read_RSAPrivateKey;
++ PEM_read_X509;
++ PEM_read_X509_CRL;
++ PEM_read_X509_REQ;
++ PEM_read_bio;
++ PEM_read_bio_DHparams;
++ PEM_read_bio_DSAPrivateKey;
++ PEM_read_bio_DSAparams;
++ PEM_read_bio_PKCS7;
++ PEM_read_bio_PrivateKey;
++ PEM_read_bio_RSAPrivateKey;
++ PEM_read_bio_X509;
++ PEM_read_bio_X509_CRL;
++ PEM_read_bio_X509_REQ;
++ PEM_write;
++ PEM_write_DHparams;
++ PEM_write_DSAPrivateKey;
++ PEM_write_DSAparams;
++ PEM_write_PKCS7;
++ PEM_write_PrivateKey;
++ PEM_write_RSAPrivateKey;
++ PEM_write_X509;
++ PEM_write_X509_CRL;
++ PEM_write_X509_REQ;
++ PEM_write_bio;
++ PEM_write_bio_DHparams;
++ PEM_write_bio_DSAPrivateKey;
++ PEM_write_bio_DSAparams;
++ PEM_write_bio_PKCS7;
++ PEM_write_bio_PrivateKey;
++ PEM_write_bio_RSAPrivateKey;
++ PEM_write_bio_X509;
++ PEM_write_bio_X509_CRL;
++ PEM_write_bio_X509_REQ;
++ PKCS7_DIGEST_free;
++ PKCS7_DIGEST_new;
++ PKCS7_ENCRYPT_free;
++ PKCS7_ENCRYPT_new;
++ PKCS7_ENC_CONTENT_free;
++ PKCS7_ENC_CONTENT_new;
++ PKCS7_ENVELOPE_free;
++ PKCS7_ENVELOPE_new;
++ PKCS7_ISSUER_AND_SERIAL_digest;
++ PKCS7_ISSUER_AND_SERIAL_free;
++ PKCS7_ISSUER_AND_SERIAL_new;
++ PKCS7_RECIP_INFO_free;
++ PKCS7_RECIP_INFO_new;
++ PKCS7_SIGNED_free;
++ PKCS7_SIGNED_new;
++ PKCS7_SIGNER_INFO_free;
++ PKCS7_SIGNER_INFO_new;
++ PKCS7_SIGN_ENVELOPE_free;
++ PKCS7_SIGN_ENVELOPE_new;
++ PKCS7_dup;
++ PKCS7_free;
++ PKCS7_new;
++ PROXY_ENTRY_add_noproxy;
++ PROXY_ENTRY_clear_noproxy;
++ PROXY_ENTRY_free;
++ PROXY_ENTRY_get_noproxy;
++ PROXY_ENTRY_new;
++ PROXY_ENTRY_set_server;
++ PROXY_add_noproxy;
++ PROXY_add_server;
++ PROXY_check_by_host;
++ PROXY_check_url;
++ PROXY_clear_noproxy;
++ PROXY_free;
++ PROXY_get_noproxy;
++ PROXY_get_proxies;
++ PROXY_get_proxy_entry;
++ PROXY_load_conf;
++ PROXY_new;
++ PROXY_print;
++ RAND_bytes;
++ RAND_cleanup;
++ RAND_file_name;
++ RAND_load_file;
++ RAND_screen;
++ RAND_seed;
++ RAND_write_file;
++ RC2_cbc_encrypt;
++ RC2_cfb64_encrypt;
++ RC2_ecb_encrypt;
++ RC2_encrypt;
++ RC2_ofb64_encrypt;
++ RC2_set_key;
++ RC4;
++ RC4_options;
++ RC4_set_key;
++ RSAPrivateKey_asn1_meth;
++ RSAPrivateKey_dup;
++ RSAPublicKey_dup;
++ RSA_PKCS1_SSLeay;
++ RSA_free;
++ RSA_generate_key;
++ RSA_new;
++ RSA_new_method;
++ RSA_print;
++ RSA_print_fp;
++ RSA_private_decrypt;
++ RSA_private_encrypt;
++ RSA_public_decrypt;
++ RSA_public_encrypt;
++ RSA_set_default_method;
++ RSA_sign;
++ RSA_sign_ASN1_OCTET_STRING;
++ RSA_size;
++ RSA_verify;
++ RSA_verify_ASN1_OCTET_STRING;
++ SHA;
++ SHA1;
++ SHA1_Final;
++ SHA1_Init;
++ SHA1_Update;
++ SHA_Final;
++ SHA_Init;
++ SHA_Update;
++ OpenSSL_add_all_algorithms;
++ OpenSSL_add_all_ciphers;
++ OpenSSL_add_all_digests;
++ TXT_DB_create_index;
++ TXT_DB_free;
++ TXT_DB_get_by_index;
++ TXT_DB_insert;
++ TXT_DB_read;
++ TXT_DB_write;
++ X509_ALGOR_free;
++ X509_ALGOR_new;
++ X509_ATTRIBUTE_free;
++ X509_ATTRIBUTE_new;
++ X509_CINF_free;
++ X509_CINF_new;
++ X509_CRL_INFO_free;
++ X509_CRL_INFO_new;
++ X509_CRL_add_ext;
++ X509_CRL_cmp;
++ X509_CRL_delete_ext;
++ X509_CRL_dup;
++ X509_CRL_free;
++ X509_CRL_get_ext;
++ X509_CRL_get_ext_by_NID;
++ X509_CRL_get_ext_by_OBJ;
++ X509_CRL_get_ext_by_critical;
++ X509_CRL_get_ext_count;
++ X509_CRL_new;
++ X509_CRL_sign;
++ X509_CRL_verify;
++ X509_EXTENSION_create_by_NID;
++ X509_EXTENSION_create_by_OBJ;
++ X509_EXTENSION_dup;
++ X509_EXTENSION_free;
++ X509_EXTENSION_get_critical;
++ X509_EXTENSION_get_data;
++ X509_EXTENSION_get_object;
++ X509_EXTENSION_new;
++ X509_EXTENSION_set_critical;
++ X509_EXTENSION_set_data;
++ X509_EXTENSION_set_object;
++ X509_INFO_free;
++ X509_INFO_new;
++ X509_LOOKUP_by_alias;
++ X509_LOOKUP_by_fingerprint;
++ X509_LOOKUP_by_issuer_serial;
++ X509_LOOKUP_by_subject;
++ X509_LOOKUP_ctrl;
++ X509_LOOKUP_file;
++ X509_LOOKUP_free;
++ X509_LOOKUP_hash_dir;
++ X509_LOOKUP_init;
++ X509_LOOKUP_new;
++ X509_LOOKUP_shutdown;
++ X509_NAME_ENTRY_create_by_NID;
++ X509_NAME_ENTRY_create_by_OBJ;
++ X509_NAME_ENTRY_dup;
++ X509_NAME_ENTRY_free;
++ X509_NAME_ENTRY_get_data;
++ X509_NAME_ENTRY_get_object;
++ X509_NAME_ENTRY_new;
++ X509_NAME_ENTRY_set_data;
++ X509_NAME_ENTRY_set_object;
++ X509_NAME_add_entry;
++ X509_NAME_cmp;
++ X509_NAME_delete_entry;
++ X509_NAME_digest;
++ X509_NAME_dup;
++ X509_NAME_entry_count;
++ X509_NAME_free;
++ X509_NAME_get_entry;
++ X509_NAME_get_index_by_NID;
++ X509_NAME_get_index_by_OBJ;
++ X509_NAME_get_text_by_NID;
++ X509_NAME_get_text_by_OBJ;
++ X509_NAME_hash;
++ X509_NAME_new;
++ X509_NAME_oneline;
++ X509_NAME_print;
++ X509_NAME_set;
++ X509_OBJECT_free_contents;
++ X509_OBJECT_retrieve_by_subject;
++ X509_OBJECT_up_ref_count;
++ X509_PKEY_free;
++ X509_PKEY_new;
++ X509_PUBKEY_free;
++ X509_PUBKEY_get;
++ X509_PUBKEY_new;
++ X509_PUBKEY_set;
++ X509_REQ_INFO_free;
++ X509_REQ_INFO_new;
++ X509_REQ_dup;
++ X509_REQ_free;
++ X509_REQ_get_pubkey;
++ X509_REQ_new;
++ X509_REQ_print;
++ X509_REQ_print_fp;
++ X509_REQ_set_pubkey;
++ X509_REQ_set_subject_name;
++ X509_REQ_set_version;
++ X509_REQ_sign;
++ X509_REQ_to_X509;
++ X509_REQ_verify;
++ X509_REVOKED_add_ext;
++ X509_REVOKED_delete_ext;
++ X509_REVOKED_free;
++ X509_REVOKED_get_ext;
++ X509_REVOKED_get_ext_by_NID;
++ X509_REVOKED_get_ext_by_OBJ;
++ X509_REVOKED_get_ext_by_critical;
++ X509_REVOKED_get_ext_by_critic;
++ X509_REVOKED_get_ext_count;
++ X509_REVOKED_new;
++ X509_SIG_free;
++ X509_SIG_new;
++ X509_STORE_CTX_cleanup;
++ X509_STORE_CTX_init;
++ X509_STORE_add_cert;
++ X509_STORE_add_lookup;
++ X509_STORE_free;
++ X509_STORE_get_by_subject;
++ X509_STORE_load_locations;
++ X509_STORE_new;
++ X509_STORE_set_default_paths;
++ X509_VAL_free;
++ X509_VAL_new;
++ X509_add_ext;
++ X509_asn1_meth;
++ X509_certificate_type;
++ X509_check_private_key;
++ X509_cmp_current_time;
++ X509_delete_ext;
++ X509_digest;
++ X509_dup;
++ X509_free;
++ X509_get_default_cert_area;
++ X509_get_default_cert_dir;
++ X509_get_default_cert_dir_env;
++ X509_get_default_cert_file;
++ X509_get_default_cert_file_env;
++ X509_get_default_private_dir;
++ X509_get_ext;
++ X509_get_ext_by_NID;
++ X509_get_ext_by_OBJ;
++ X509_get_ext_by_critical;
++ X509_get_ext_count;
++ X509_get_issuer_name;
++ X509_get_pubkey;
++ X509_get_pubkey_parameters;
++ X509_get_serialNumber;
++ X509_get_subject_name;
++ X509_gmtime_adj;
++ X509_issuer_and_serial_cmp;
++ X509_issuer_and_serial_hash;
++ X509_issuer_name_cmp;
++ X509_issuer_name_hash;
++ X509_load_cert_file;
++ X509_new;
++ X509_print;
++ X509_print_fp;
++ X509_set_issuer_name;
++ X509_set_notAfter;
++ X509_set_notBefore;
++ X509_set_pubkey;
++ X509_set_serialNumber;
++ X509_set_subject_name;
++ X509_set_version;
++ X509_sign;
++ X509_subject_name_cmp;
++ X509_subject_name_hash;
++ X509_to_X509_REQ;
++ X509_verify;
++ X509_verify_cert;
++ X509_verify_cert_error_string;
++ X509v3_add_ext;
++ X509v3_add_extension;
++ X509v3_add_netscape_extensions;
++ X509v3_add_standard_extensions;
++ X509v3_cleanup_extensions;
++ X509v3_data_type_by_NID;
++ X509v3_data_type_by_OBJ;
++ X509v3_delete_ext;
++ X509v3_get_ext;
++ X509v3_get_ext_by_NID;
++ X509v3_get_ext_by_OBJ;
++ X509v3_get_ext_by_critical;
++ X509v3_get_ext_count;
++ X509v3_pack_string;
++ X509v3_pack_type_by_NID;
++ X509v3_pack_type_by_OBJ;
++ X509v3_unpack_string;
++ _des_crypt;
++ a2d_ASN1_OBJECT;
++ a2i_ASN1_INTEGER;
++ a2i_ASN1_STRING;
++ asn1_Finish;
++ asn1_GetSequence;
++ bn_div_words;
++ bn_expand2;
++ bn_mul_add_words;
++ bn_mul_words;
++ BN_uadd;
++ BN_usub;
++ bn_sqr_words;
++ _ossl_old_crypt;
++ d2i_ASN1_BIT_STRING;
++ d2i_ASN1_BOOLEAN;
++ d2i_ASN1_HEADER;
++ d2i_ASN1_IA5STRING;
++ d2i_ASN1_INTEGER;
++ d2i_ASN1_OBJECT;
++ d2i_ASN1_OCTET_STRING;
++ d2i_ASN1_PRINTABLE;
++ d2i_ASN1_PRINTABLESTRING;
++ d2i_ASN1_SET;
++ d2i_ASN1_T61STRING;
++ d2i_ASN1_TYPE;
++ d2i_ASN1_UTCTIME;
++ d2i_ASN1_bytes;
++ d2i_ASN1_type_bytes;
++ d2i_DHparams;
++ d2i_DSAPrivateKey;
++ d2i_DSAPrivateKey_bio;
++ d2i_DSAPrivateKey_fp;
++ d2i_DSAPublicKey;
++ d2i_DSAparams;
++ d2i_NETSCAPE_SPKAC;
++ d2i_NETSCAPE_SPKI;
++ d2i_Netscape_RSA;
++ d2i_PKCS7;
++ d2i_PKCS7_DIGEST;
++ d2i_PKCS7_ENCRYPT;
++ d2i_PKCS7_ENC_CONTENT;
++ d2i_PKCS7_ENVELOPE;
++ d2i_PKCS7_ISSUER_AND_SERIAL;
++ d2i_PKCS7_RECIP_INFO;
++ d2i_PKCS7_SIGNED;
++ d2i_PKCS7_SIGNER_INFO;
++ d2i_PKCS7_SIGN_ENVELOPE;
++ d2i_PKCS7_bio;
++ d2i_PKCS7_fp;
++ d2i_PrivateKey;
++ d2i_PublicKey;
++ d2i_RSAPrivateKey;
++ d2i_RSAPrivateKey_bio;
++ d2i_RSAPrivateKey_fp;
++ d2i_RSAPublicKey;
++ d2i_X509;
++ d2i_X509_ALGOR;
++ d2i_X509_ATTRIBUTE;
++ d2i_X509_CINF;
++ d2i_X509_CRL;
++ d2i_X509_CRL_INFO;
++ d2i_X509_CRL_bio;
++ d2i_X509_CRL_fp;
++ d2i_X509_EXTENSION;
++ d2i_X509_NAME;
++ d2i_X509_NAME_ENTRY;
++ d2i_X509_PKEY;
++ d2i_X509_PUBKEY;
++ d2i_X509_REQ;
++ d2i_X509_REQ_INFO;
++ d2i_X509_REQ_bio;
++ d2i_X509_REQ_fp;
++ d2i_X509_REVOKED;
++ d2i_X509_SIG;
++ d2i_X509_VAL;
++ d2i_X509_bio;
++ d2i_X509_fp;
++ DES_cbc_cksum;
++ DES_cbc_encrypt;
++ DES_cblock_print_file;
++ DES_cfb64_encrypt;
++ DES_cfb_encrypt;
++ DES_decrypt3;
++ DES_ecb3_encrypt;
++ DES_ecb_encrypt;
++ DES_ede3_cbc_encrypt;
++ DES_ede3_cfb64_encrypt;
++ DES_ede3_ofb64_encrypt;
++ DES_enc_read;
++ DES_enc_write;
++ DES_encrypt1;
++ DES_encrypt2;
++ DES_encrypt3;
++ DES_fcrypt;
++ DES_is_weak_key;
++ DES_key_sched;
++ DES_ncbc_encrypt;
++ DES_ofb64_encrypt;
++ DES_ofb_encrypt;
++ DES_options;
++ DES_pcbc_encrypt;
++ DES_quad_cksum;
++ DES_random_key;
++ _ossl_old_des_random_seed;
++ _ossl_old_des_read_2passwords;
++ _ossl_old_des_read_password;
++ _ossl_old_des_read_pw;
++ _ossl_old_des_read_pw_string;
++ DES_set_key;
++ DES_set_odd_parity;
++ DES_string_to_2keys;
++ DES_string_to_key;
++ DES_xcbc_encrypt;
++ DES_xwhite_in2out;
++ fcrypt_body;
++ i2a_ASN1_INTEGER;
++ i2a_ASN1_OBJECT;
++ i2a_ASN1_STRING;
++ i2d_ASN1_BIT_STRING;
++ i2d_ASN1_BOOLEAN;
++ i2d_ASN1_HEADER;
++ i2d_ASN1_IA5STRING;
++ i2d_ASN1_INTEGER;
++ i2d_ASN1_OBJECT;
++ i2d_ASN1_OCTET_STRING;
++ i2d_ASN1_PRINTABLE;
++ i2d_ASN1_SET;
++ i2d_ASN1_TYPE;
++ i2d_ASN1_UTCTIME;
++ i2d_ASN1_bytes;
++ i2d_DHparams;
++ i2d_DSAPrivateKey;
++ i2d_DSAPrivateKey_bio;
++ i2d_DSAPrivateKey_fp;
++ i2d_DSAPublicKey;
++ i2d_DSAparams;
++ i2d_NETSCAPE_SPKAC;
++ i2d_NETSCAPE_SPKI;
++ i2d_Netscape_RSA;
++ i2d_PKCS7;
++ i2d_PKCS7_DIGEST;
++ i2d_PKCS7_ENCRYPT;
++ i2d_PKCS7_ENC_CONTENT;
++ i2d_PKCS7_ENVELOPE;
++ i2d_PKCS7_ISSUER_AND_SERIAL;
++ i2d_PKCS7_RECIP_INFO;
++ i2d_PKCS7_SIGNED;
++ i2d_PKCS7_SIGNER_INFO;
++ i2d_PKCS7_SIGN_ENVELOPE;
++ i2d_PKCS7_bio;
++ i2d_PKCS7_fp;
++ i2d_PrivateKey;
++ i2d_PublicKey;
++ i2d_RSAPrivateKey;
++ i2d_RSAPrivateKey_bio;
++ i2d_RSAPrivateKey_fp;
++ i2d_RSAPublicKey;
++ i2d_X509;
++ i2d_X509_ALGOR;
++ i2d_X509_ATTRIBUTE;
++ i2d_X509_CINF;
++ i2d_X509_CRL;
++ i2d_X509_CRL_INFO;
++ i2d_X509_CRL_bio;
++ i2d_X509_CRL_fp;
++ i2d_X509_EXTENSION;
++ i2d_X509_NAME;
++ i2d_X509_NAME_ENTRY;
++ i2d_X509_PKEY;
++ i2d_X509_PUBKEY;
++ i2d_X509_REQ;
++ i2d_X509_REQ_INFO;
++ i2d_X509_REQ_bio;
++ i2d_X509_REQ_fp;
++ i2d_X509_REVOKED;
++ i2d_X509_SIG;
++ i2d_X509_VAL;
++ i2d_X509_bio;
++ i2d_X509_fp;
++ idea_cbc_encrypt;
++ idea_cfb64_encrypt;
++ idea_ecb_encrypt;
++ idea_encrypt;
++ idea_ofb64_encrypt;
++ idea_options;
++ idea_set_decrypt_key;
++ idea_set_encrypt_key;
++ lh_delete;
++ lh_doall;
++ lh_doall_arg;
++ lh_free;
++ lh_insert;
++ lh_new;
++ lh_node_stats;
++ lh_node_stats_bio;
++ lh_node_usage_stats;
++ lh_node_usage_stats_bio;
++ lh_retrieve;
++ lh_stats;
++ lh_stats_bio;
++ lh_strhash;
++ sk_delete;
++ sk_delete_ptr;
++ sk_dup;
++ sk_find;
++ sk_free;
++ sk_insert;
++ sk_new;
++ sk_pop;
++ sk_pop_free;
++ sk_push;
++ sk_set_cmp_func;
++ sk_shift;
++ sk_unshift;
++ sk_zero;
++ BIO_f_nbio_test;
++ ASN1_TYPE_get;
++ ASN1_TYPE_set;
++ PKCS7_content_free;
++ ERR_load_PKCS7_strings;
++ X509_find_by_issuer_and_serial;
++ X509_find_by_subject;
++ PKCS7_ctrl;
++ PKCS7_set_type;
++ PKCS7_set_content;
++ PKCS7_SIGNER_INFO_set;
++ PKCS7_add_signer;
++ PKCS7_add_certificate;
++ PKCS7_add_crl;
++ PKCS7_content_new;
++ PKCS7_dataSign;
++ PKCS7_dataVerify;
++ PKCS7_dataInit;
++ PKCS7_add_signature;
++ PKCS7_cert_from_signer_info;
++ PKCS7_get_signer_info;
++ EVP_delete_alias;
++ EVP_mdc2;
++ PEM_read_bio_RSAPublicKey;
++ PEM_write_bio_RSAPublicKey;
++ d2i_RSAPublicKey_bio;
++ i2d_RSAPublicKey_bio;
++ PEM_read_RSAPublicKey;
++ PEM_write_RSAPublicKey;
++ d2i_RSAPublicKey_fp;
++ i2d_RSAPublicKey_fp;
++ BIO_copy_next_retry;
++ RSA_flags;
++ X509_STORE_add_crl;
++ X509_load_crl_file;
++ EVP_rc2_40_cbc;
++ EVP_rc4_40;
++ EVP_CIPHER_CTX_init;
++ HMAC;
++ HMAC_Init;
++ HMAC_Update;
++ HMAC_Final;
++ ERR_get_next_error_library;
++ EVP_PKEY_cmp_parameters;
++ HMAC_cleanup;
++ BIO_ptr_ctrl;
++ BIO_new_file_internal;
++ BIO_new_fp_internal;
++ BIO_s_file_internal;
++ BN_BLINDING_convert;
++ BN_BLINDING_invert;
++ BN_BLINDING_update;
++ RSA_blinding_on;
++ RSA_blinding_off;
++ i2t_ASN1_OBJECT;
++ BN_BLINDING_new;
++ BN_BLINDING_free;
++ EVP_cast5_cbc;
++ EVP_cast5_cfb64;
++ EVP_cast5_ecb;
++ EVP_cast5_ofb;
++ BF_decrypt;
++ CAST_set_key;
++ CAST_encrypt;
++ CAST_decrypt;
++ CAST_ecb_encrypt;
++ CAST_cbc_encrypt;
++ CAST_cfb64_encrypt;
++ CAST_ofb64_encrypt;
++ RC2_decrypt;
++ OBJ_create_objects;
++ BN_exp;
++ BN_mul_word;
++ BN_sub_word;
++ BN_dec2bn;
++ BN_bn2dec;
++ BIO_ghbn_ctrl;
++ CRYPTO_free_ex_data;
++ CRYPTO_get_ex_data;
++ CRYPTO_set_ex_data;
++ ERR_load_CRYPTO_strings;
++ ERR_load_CRYPTOlib_strings;
++ EVP_PKEY_bits;
++ MD5_Transform;
++ SHA1_Transform;
++ SHA_Transform;
++ X509_STORE_CTX_get_chain;
++ X509_STORE_CTX_get_current_cert;
++ X509_STORE_CTX_get_error;
++ X509_STORE_CTX_get_error_depth;
++ X509_STORE_CTX_get_ex_data;
++ X509_STORE_CTX_set_cert;
++ X509_STORE_CTX_set_chain;
++ X509_STORE_CTX_set_error;
++ X509_STORE_CTX_set_ex_data;
++ CRYPTO_dup_ex_data;
++ CRYPTO_get_new_lockid;
++ CRYPTO_new_ex_data;
++ RSA_set_ex_data;
++ RSA_get_ex_data;
++ RSA_get_ex_new_index;
++ RSA_padding_add_PKCS1_type_1;
++ RSA_padding_add_PKCS1_type_2;
++ RSA_padding_add_SSLv23;
++ RSA_padding_add_none;
++ RSA_padding_check_PKCS1_type_1;
++ RSA_padding_check_PKCS1_type_2;
++ RSA_padding_check_SSLv23;
++ RSA_padding_check_none;
++ bn_add_words;
++ d2i_Netscape_RSA_2;
++ CRYPTO_get_ex_new_index;
++ RIPEMD160_Init;
++ RIPEMD160_Update;
++ RIPEMD160_Final;
++ RIPEMD160;
++ RIPEMD160_Transform;
++ RC5_32_set_key;
++ RC5_32_ecb_encrypt;
++ RC5_32_encrypt;
++ RC5_32_decrypt;
++ RC5_32_cbc_encrypt;
++ RC5_32_cfb64_encrypt;
++ RC5_32_ofb64_encrypt;
++ BN_bn2mpi;
++ BN_mpi2bn;
++ ASN1_BIT_STRING_get_bit;
++ ASN1_BIT_STRING_set_bit;
++ BIO_get_ex_data;
++ BIO_get_ex_new_index;
++ BIO_set_ex_data;
++ X509v3_get_key_usage;
++ X509v3_set_key_usage;
++ a2i_X509v3_key_usage;
++ i2a_X509v3_key_usage;
++ EVP_PKEY_decrypt;
++ EVP_PKEY_encrypt;
++ PKCS7_RECIP_INFO_set;
++ PKCS7_add_recipient;
++ PKCS7_add_recipient_info;
++ PKCS7_set_cipher;
++ ASN1_TYPE_get_int_octetstring;
++ ASN1_TYPE_get_octetstring;
++ ASN1_TYPE_set_int_octetstring;
++ ASN1_TYPE_set_octetstring;
++ ASN1_UTCTIME_set_string;
++ ERR_add_error_data;
++ ERR_set_error_data;
++ EVP_CIPHER_asn1_to_param;
++ EVP_CIPHER_param_to_asn1;
++ EVP_CIPHER_get_asn1_iv;
++ EVP_CIPHER_set_asn1_iv;
++ EVP_rc5_32_12_16_cbc;
++ EVP_rc5_32_12_16_cfb64;
++ EVP_rc5_32_12_16_ecb;
++ EVP_rc5_32_12_16_ofb;
++ asn1_add_error;
++ d2i_ASN1_BMPSTRING;
++ i2d_ASN1_BMPSTRING;
++ BIO_f_ber;
++ BN_init;
++ COMP_CTX_new;
++ COMP_CTX_free;
++ COMP_CTX_compress_block;
++ COMP_CTX_expand_block;
++ X509_STORE_CTX_get_ex_new_index;
++ OBJ_NAME_add;
++ BIO_socket_nbio;
++ EVP_rc2_64_cbc;
++ OBJ_NAME_cleanup;
++ OBJ_NAME_get;
++ OBJ_NAME_init;
++ OBJ_NAME_new_index;
++ OBJ_NAME_remove;
++ BN_MONT_CTX_copy;
++ BIO_new_socks4a_connect;
++ BIO_s_socks4a_connect;
++ PROXY_set_connect_mode;
++ RAND_SSLeay;
++ RAND_set_rand_method;
++ RSA_memory_lock;
++ bn_sub_words;
++ bn_mul_normal;
++ bn_mul_comba8;
++ bn_mul_comba4;
++ bn_sqr_normal;
++ bn_sqr_comba8;
++ bn_sqr_comba4;
++ bn_cmp_words;
++ bn_mul_recursive;
++ bn_mul_part_recursive;
++ bn_sqr_recursive;
++ bn_mul_low_normal;
++ BN_RECP_CTX_init;
++ BN_RECP_CTX_new;
++ BN_RECP_CTX_free;
++ BN_RECP_CTX_set;
++ BN_mod_mul_reciprocal;
++ BN_mod_exp_recp;
++ BN_div_recp;
++ BN_CTX_init;
++ BN_MONT_CTX_init;
++ RAND_get_rand_method;
++ PKCS7_add_attribute;
++ PKCS7_add_signed_attribute;
++ PKCS7_digest_from_attributes;
++ PKCS7_get_attribute;
++ PKCS7_get_issuer_and_serial;
++ PKCS7_get_signed_attribute;
++ COMP_compress_block;
++ COMP_expand_block;
++ COMP_rle;
++ COMP_zlib;
++ ms_time_diff;
++ ms_time_new;
++ ms_time_free;
++ ms_time_cmp;
++ ms_time_get;
++ PKCS7_set_attributes;
++ PKCS7_set_signed_attributes;
++ X509_ATTRIBUTE_create;
++ X509_ATTRIBUTE_dup;
++ ASN1_GENERALIZEDTIME_check;
++ ASN1_GENERALIZEDTIME_print;
++ ASN1_GENERALIZEDTIME_set;
++ ASN1_GENERALIZEDTIME_set_string;
++ ASN1_TIME_print;
++ BASIC_CONSTRAINTS_free;
++ BASIC_CONSTRAINTS_new;
++ ERR_load_X509V3_strings;
++ NETSCAPE_CERT_SEQUENCE_free;
++ NETSCAPE_CERT_SEQUENCE_new;
++ OBJ_txt2obj;
++ PEM_read_NETSCAPE_CERT_SEQUENCE;
++ PEM_read_NS_CERT_SEQ;
++ PEM_read_bio_NETSCAPE_CERT_SEQUENCE;
++ PEM_read_bio_NS_CERT_SEQ;
++ PEM_write_NETSCAPE_CERT_SEQUENCE;
++ PEM_write_NS_CERT_SEQ;
++ PEM_write_bio_NETSCAPE_CERT_SEQUENCE;
++ PEM_write_bio_NS_CERT_SEQ;
++ X509V3_EXT_add;
++ X509V3_EXT_add_alias;
++ X509V3_EXT_add_conf;
++ X509V3_EXT_cleanup;
++ X509V3_EXT_conf;
++ X509V3_EXT_conf_nid;
++ X509V3_EXT_get;
++ X509V3_EXT_get_nid;
++ X509V3_EXT_print;
++ X509V3_EXT_print_fp;
++ X509V3_add_standard_extensions;
++ X509V3_add_value;
++ X509V3_add_value_bool;
++ X509V3_add_value_int;
++ X509V3_conf_free;
++ X509V3_get_value_bool;
++ X509V3_get_value_int;
++ X509V3_parse_list;
++ d2i_ASN1_GENERALIZEDTIME;
++ d2i_ASN1_TIME;
++ d2i_BASIC_CONSTRAINTS;
++ d2i_NETSCAPE_CERT_SEQUENCE;
++ d2i_ext_ku;
++ ext_ku_free;
++ ext_ku_new;
++ i2d_ASN1_GENERALIZEDTIME;
++ i2d_ASN1_TIME;
++ i2d_BASIC_CONSTRAINTS;
++ i2d_NETSCAPE_CERT_SEQUENCE;
++ i2d_ext_ku;
++ EVP_MD_CTX_copy;
++ i2d_ASN1_ENUMERATED;
++ d2i_ASN1_ENUMERATED;
++ ASN1_ENUMERATED_set;
++ ASN1_ENUMERATED_get;
++ BN_to_ASN1_ENUMERATED;
++ ASN1_ENUMERATED_to_BN;
++ i2a_ASN1_ENUMERATED;
++ a2i_ASN1_ENUMERATED;
++ i2d_GENERAL_NAME;
++ d2i_GENERAL_NAME;
++ GENERAL_NAME_new;
++ GENERAL_NAME_free;
++ GENERAL_NAMES_new;
++ GENERAL_NAMES_free;
++ d2i_GENERAL_NAMES;
++ i2d_GENERAL_NAMES;
++ i2v_GENERAL_NAMES;
++ i2s_ASN1_OCTET_STRING;
++ s2i_ASN1_OCTET_STRING;
++ X509V3_EXT_check_conf;
++ hex_to_string;
++ string_to_hex;
++ DES_ede3_cbcm_encrypt;
++ RSA_padding_add_PKCS1_OAEP;
++ RSA_padding_check_PKCS1_OAEP;
++ X509_CRL_print_fp;
++ X509_CRL_print;
++ i2v_GENERAL_NAME;
++ v2i_GENERAL_NAME;
++ i2d_PKEY_USAGE_PERIOD;
++ d2i_PKEY_USAGE_PERIOD;
++ PKEY_USAGE_PERIOD_new;
++ PKEY_USAGE_PERIOD_free;
++ v2i_GENERAL_NAMES;
++ i2s_ASN1_INTEGER;
++ X509V3_EXT_d2i;
++ name_cmp;
++ str_dup;
++ i2s_ASN1_ENUMERATED;
++ i2s_ASN1_ENUMERATED_TABLE;
++ BIO_s_log;
++ BIO_f_reliable;
++ PKCS7_dataFinal;
++ PKCS7_dataDecode;
++ X509V3_EXT_CRL_add_conf;
++ BN_set_params;
++ BN_get_params;
++ BIO_get_ex_num;
++ BIO_set_ex_free_func;
++ EVP_ripemd160;
++ ASN1_TIME_set;
++ i2d_AUTHORITY_KEYID;
++ d2i_AUTHORITY_KEYID;
++ AUTHORITY_KEYID_new;
++ AUTHORITY_KEYID_free;
++ ASN1_seq_unpack;
++ ASN1_seq_pack;
++ ASN1_unpack_string;
++ ASN1_pack_string;
++ PKCS12_pack_safebag;
++ PKCS12_MAKE_KEYBAG;
++ PKCS8_encrypt;
++ PKCS12_MAKE_SHKEYBAG;
++ PKCS12_pack_p7data;
++ PKCS12_pack_p7encdata;
++ PKCS12_add_localkeyid;
++ PKCS12_add_friendlyname_asc;
++ PKCS12_add_friendlyname_uni;
++ PKCS12_get_friendlyname;
++ PKCS12_pbe_crypt;
++ PKCS12_decrypt_d2i;
++ PKCS12_i2d_encrypt;
++ PKCS12_init;
++ PKCS12_key_gen_asc;
++ PKCS12_key_gen_uni;
++ PKCS12_gen_mac;
++ PKCS12_verify_mac;
++ PKCS12_set_mac;
++ PKCS12_setup_mac;
++ OPENSSL_asc2uni;
++ OPENSSL_uni2asc;
++ i2d_PKCS12_BAGS;
++ PKCS12_BAGS_new;
++ d2i_PKCS12_BAGS;
++ PKCS12_BAGS_free;
++ i2d_PKCS12;
++ d2i_PKCS12;
++ PKCS12_new;
++ PKCS12_free;
++ i2d_PKCS12_MAC_DATA;
++ PKCS12_MAC_DATA_new;
++ d2i_PKCS12_MAC_DATA;
++ PKCS12_MAC_DATA_free;
++ i2d_PKCS12_SAFEBAG;
++ PKCS12_SAFEBAG_new;
++ d2i_PKCS12_SAFEBAG;
++ PKCS12_SAFEBAG_free;
++ ERR_load_PKCS12_strings;
++ PKCS12_PBE_add;
++ PKCS8_add_keyusage;
++ PKCS12_get_attr_gen;
++ PKCS12_parse;
++ PKCS12_create;
++ i2d_PKCS12_bio;
++ i2d_PKCS12_fp;
++ d2i_PKCS12_bio;
++ d2i_PKCS12_fp;
++ i2d_PBEPARAM;
++ PBEPARAM_new;
++ d2i_PBEPARAM;
++ PBEPARAM_free;
++ i2d_PKCS8_PRIV_KEY_INFO;
++ PKCS8_PRIV_KEY_INFO_new;
++ d2i_PKCS8_PRIV_KEY_INFO;
++ PKCS8_PRIV_KEY_INFO_free;
++ EVP_PKCS82PKEY;
++ EVP_PKEY2PKCS8;
++ PKCS8_set_broken;
++ EVP_PBE_ALGOR_CipherInit;
++ EVP_PBE_alg_add;
++ PKCS5_pbe_set;
++ EVP_PBE_cleanup;
++ i2d_SXNET;
++ d2i_SXNET;
++ SXNET_new;
++ SXNET_free;
++ i2d_SXNETID;
++ d2i_SXNETID;
++ SXNETID_new;
++ SXNETID_free;
++ DSA_SIG_new;
++ DSA_SIG_free;
++ DSA_do_sign;
++ DSA_do_verify;
++ d2i_DSA_SIG;
++ i2d_DSA_SIG;
++ i2d_ASN1_VISIBLESTRING;
++ d2i_ASN1_VISIBLESTRING;
++ i2d_ASN1_UTF8STRING;
++ d2i_ASN1_UTF8STRING;
++ i2d_DIRECTORYSTRING;
++ d2i_DIRECTORYSTRING;
++ i2d_DISPLAYTEXT;
++ d2i_DISPLAYTEXT;
++ d2i_ASN1_SET_OF_X509;
++ i2d_ASN1_SET_OF_X509;
++ i2d_PBKDF2PARAM;
++ PBKDF2PARAM_new;
++ d2i_PBKDF2PARAM;
++ PBKDF2PARAM_free;
++ i2d_PBE2PARAM;
++ PBE2PARAM_new;
++ d2i_PBE2PARAM;
++ PBE2PARAM_free;
++ d2i_ASN1_SET_OF_GENERAL_NAME;
++ i2d_ASN1_SET_OF_GENERAL_NAME;
++ d2i_ASN1_SET_OF_SXNETID;
++ i2d_ASN1_SET_OF_SXNETID;
++ d2i_ASN1_SET_OF_POLICYQUALINFO;
++ i2d_ASN1_SET_OF_POLICYQUALINFO;
++ d2i_ASN1_SET_OF_POLICYINFO;
++ i2d_ASN1_SET_OF_POLICYINFO;
++ SXNET_add_id_asc;
++ SXNET_add_id_ulong;
++ SXNET_add_id_INTEGER;
++ SXNET_get_id_asc;
++ SXNET_get_id_ulong;
++ SXNET_get_id_INTEGER;
++ X509V3_set_conf_lhash;
++ i2d_CERTIFICATEPOLICIES;
++ CERTIFICATEPOLICIES_new;
++ CERTIFICATEPOLICIES_free;
++ d2i_CERTIFICATEPOLICIES;
++ i2d_POLICYINFO;
++ POLICYINFO_new;
++ d2i_POLICYINFO;
++ POLICYINFO_free;
++ i2d_POLICYQUALINFO;
++ POLICYQUALINFO_new;
++ d2i_POLICYQUALINFO;
++ POLICYQUALINFO_free;
++ i2d_USERNOTICE;
++ USERNOTICE_new;
++ d2i_USERNOTICE;
++ USERNOTICE_free;
++ i2d_NOTICEREF;
++ NOTICEREF_new;
++ d2i_NOTICEREF;
++ NOTICEREF_free;
++ X509V3_get_string;
++ X509V3_get_section;
++ X509V3_string_free;
++ X509V3_section_free;
++ X509V3_set_ctx;
++ s2i_ASN1_INTEGER;
++ CRYPTO_set_locked_mem_functions;
++ CRYPTO_get_locked_mem_functions;
++ CRYPTO_malloc_locked;
++ CRYPTO_free_locked;
++ BN_mod_exp2_mont;
++ ERR_get_error_line_data;
++ ERR_peek_error_line_data;
++ PKCS12_PBE_keyivgen;
++ X509_ALGOR_dup;
++ d2i_ASN1_SET_OF_DIST_POINT;
++ i2d_ASN1_SET_OF_DIST_POINT;
++ i2d_CRL_DIST_POINTS;
++ CRL_DIST_POINTS_new;
++ CRL_DIST_POINTS_free;
++ d2i_CRL_DIST_POINTS;
++ i2d_DIST_POINT;
++ DIST_POINT_new;
++ d2i_DIST_POINT;
++ DIST_POINT_free;
++ i2d_DIST_POINT_NAME;
++ DIST_POINT_NAME_new;
++ DIST_POINT_NAME_free;
++ d2i_DIST_POINT_NAME;
++ X509V3_add_value_uchar;
++ d2i_ASN1_SET_OF_X509_ATTRIBUTE;
++ i2d_ASN1_SET_OF_ASN1_TYPE;
++ d2i_ASN1_SET_OF_X509_EXTENSION;
++ d2i_ASN1_SET_OF_X509_NAME_ENTRY;
++ d2i_ASN1_SET_OF_ASN1_TYPE;
++ i2d_ASN1_SET_OF_X509_ATTRIBUTE;
++ i2d_ASN1_SET_OF_X509_EXTENSION;
++ i2d_ASN1_SET_OF_X509_NAME_ENTRY;
++ X509V3_EXT_i2d;
++ X509V3_EXT_val_prn;
++ X509V3_EXT_add_list;
++ EVP_CIPHER_type;
++ EVP_PBE_CipherInit;
++ X509V3_add_value_bool_nf;
++ d2i_ASN1_UINTEGER;
++ sk_value;
++ sk_num;
++ sk_set;
++ i2d_ASN1_SET_OF_X509_REVOKED;
++ sk_sort;
++ d2i_ASN1_SET_OF_X509_REVOKED;
++ i2d_ASN1_SET_OF_X509_ALGOR;
++ i2d_ASN1_SET_OF_X509_CRL;
++ d2i_ASN1_SET_OF_X509_ALGOR;
++ d2i_ASN1_SET_OF_X509_CRL;
++ i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO;
++ i2d_ASN1_SET_OF_PKCS7_RECIP_INFO;
++ d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO;
++ d2i_ASN1_SET_OF_PKCS7_RECIP_INFO;
++ PKCS5_PBE_add;
++ PEM_write_bio_PKCS8;
++ i2d_PKCS8_fp;
++ PEM_read_bio_PKCS8_PRIV_KEY_INFO;
++ PEM_read_bio_P8_PRIV_KEY_INFO;
++ d2i_PKCS8_bio;
++ d2i_PKCS8_PRIV_KEY_INFO_fp;
++ PEM_write_bio_PKCS8_PRIV_KEY_INFO;
++ PEM_write_bio_P8_PRIV_KEY_INFO;
++ PEM_read_PKCS8;
++ d2i_PKCS8_PRIV_KEY_INFO_bio;
++ d2i_PKCS8_fp;
++ PEM_write_PKCS8;
++ PEM_read_PKCS8_PRIV_KEY_INFO;
++ PEM_read_P8_PRIV_KEY_INFO;
++ PEM_read_bio_PKCS8;
++ PEM_write_PKCS8_PRIV_KEY_INFO;
++ PEM_write_P8_PRIV_KEY_INFO;
++ PKCS5_PBE_keyivgen;
++ i2d_PKCS8_bio;
++ i2d_PKCS8_PRIV_KEY_INFO_fp;
++ i2d_PKCS8_PRIV_KEY_INFO_bio;
++ BIO_s_bio;
++ PKCS5_pbe2_set;
++ PKCS5_PBKDF2_HMAC_SHA1;
++ PKCS5_v2_PBE_keyivgen;
++ PEM_write_bio_PKCS8PrivateKey;
++ PEM_write_PKCS8PrivateKey;
++ BIO_ctrl_get_read_request;
++ BIO_ctrl_pending;
++ BIO_ctrl_wpending;
++ BIO_new_bio_pair;
++ BIO_ctrl_get_write_guarantee;
++ CRYPTO_num_locks;
++ CONF_load_bio;
++ CONF_load_fp;
++ i2d_ASN1_SET_OF_ASN1_OBJECT;
++ d2i_ASN1_SET_OF_ASN1_OBJECT;
++ PKCS7_signatureVerify;
++ RSA_set_method;
++ RSA_get_method;
++ RSA_get_default_method;
++ RSA_check_key;
++ OBJ_obj2txt;
++ DSA_dup_DH;
++ X509_REQ_get_extensions;
++ X509_REQ_set_extension_nids;
++ BIO_nwrite;
++ X509_REQ_extension_nid;
++ BIO_nread;
++ X509_REQ_get_extension_nids;
++ BIO_nwrite0;
++ X509_REQ_add_extensions_nid;
++ BIO_nread0;
++ X509_REQ_add_extensions;
++ BIO_new_mem_buf;
++ DH_set_ex_data;
++ DH_set_method;
++ DSA_OpenSSL;
++ DH_get_ex_data;
++ DH_get_ex_new_index;
++ DSA_new_method;
++ DH_new_method;
++ DH_OpenSSL;
++ DSA_get_ex_new_index;
++ DH_get_default_method;
++ DSA_set_ex_data;
++ DH_set_default_method;
++ DSA_get_ex_data;
++ X509V3_EXT_REQ_add_conf;
++ NETSCAPE_SPKI_print;
++ NETSCAPE_SPKI_set_pubkey;
++ NETSCAPE_SPKI_b64_encode;
++ NETSCAPE_SPKI_get_pubkey;
++ NETSCAPE_SPKI_b64_decode;
++ UTF8_putc;
++ UTF8_getc;
++ RSA_null_method;
++ ASN1_tag2str;
++ BIO_ctrl_reset_read_request;
++ DISPLAYTEXT_new;
++ ASN1_GENERALIZEDTIME_free;
++ X509_REVOKED_get_ext_d2i;
++ X509_set_ex_data;
++ X509_reject_set_bit_asc;
++ X509_NAME_add_entry_by_txt;
++ X509_NAME_add_entry_by_NID;
++ X509_PURPOSE_get0;
++ PEM_read_X509_AUX;
++ d2i_AUTHORITY_INFO_ACCESS;
++ PEM_write_PUBKEY;
++ ACCESS_DESCRIPTION_new;
++ X509_CERT_AUX_free;
++ d2i_ACCESS_DESCRIPTION;
++ X509_trust_clear;
++ X509_TRUST_add;
++ ASN1_VISIBLESTRING_new;
++ X509_alias_set1;
++ ASN1_PRINTABLESTRING_free;
++ EVP_PKEY_get1_DSA;
++ ASN1_BMPSTRING_new;
++ ASN1_mbstring_copy;
++ ASN1_UTF8STRING_new;
++ DSA_get_default_method;
++ i2d_ASN1_SET_OF_ACCESS_DESCRIPTION;
++ ASN1_T61STRING_free;
++ DSA_set_method;
++ X509_get_ex_data;
++ ASN1_STRING_type;
++ X509_PURPOSE_get_by_sname;
++ ASN1_TIME_free;
++ ASN1_OCTET_STRING_cmp;
++ ASN1_BIT_STRING_new;
++ X509_get_ext_d2i;
++ PEM_read_bio_X509_AUX;
++ ASN1_STRING_set_default_mask_asc;
++ ASN1_STRING_set_def_mask_asc;
++ PEM_write_bio_RSA_PUBKEY;
++ ASN1_INTEGER_cmp;
++ d2i_RSA_PUBKEY_fp;
++ X509_trust_set_bit_asc;
++ PEM_write_bio_DSA_PUBKEY;
++ X509_STORE_CTX_free;
++ EVP_PKEY_set1_DSA;
++ i2d_DSA_PUBKEY_fp;
++ X509_load_cert_crl_file;
++ ASN1_TIME_new;
++ i2d_RSA_PUBKEY;
++ X509_STORE_CTX_purpose_inherit;
++ PEM_read_RSA_PUBKEY;
++ d2i_X509_AUX;
++ i2d_DSA_PUBKEY;
++ X509_CERT_AUX_print;
++ PEM_read_DSA_PUBKEY;
++ i2d_RSA_PUBKEY_bio;
++ ASN1_BIT_STRING_num_asc;
++ i2d_PUBKEY;
++ ASN1_UTCTIME_free;
++ DSA_set_default_method;
++ X509_PURPOSE_get_by_id;
++ ACCESS_DESCRIPTION_free;
++ PEM_read_bio_PUBKEY;
++ ASN1_STRING_set_by_NID;
++ X509_PURPOSE_get_id;
++ DISPLAYTEXT_free;
++ OTHERNAME_new;
++ X509_CERT_AUX_new;
++ X509_TRUST_cleanup;
++ X509_NAME_add_entry_by_OBJ;
++ X509_CRL_get_ext_d2i;
++ X509_PURPOSE_get0_name;
++ PEM_read_PUBKEY;
++ i2d_DSA_PUBKEY_bio;
++ i2d_OTHERNAME;
++ ASN1_OCTET_STRING_free;
++ ASN1_BIT_STRING_set_asc;
++ X509_get_ex_new_index;
++ ASN1_STRING_TABLE_cleanup;
++ X509_TRUST_get_by_id;
++ X509_PURPOSE_get_trust;
++ ASN1_STRING_length;
++ d2i_ASN1_SET_OF_ACCESS_DESCRIPTION;
++ ASN1_PRINTABLESTRING_new;
++ X509V3_get_d2i;
++ ASN1_ENUMERATED_free;
++ i2d_X509_CERT_AUX;
++ X509_STORE_CTX_set_trust;
++ ASN1_STRING_set_default_mask;
++ X509_STORE_CTX_new;
++ EVP_PKEY_get1_RSA;
++ DIRECTORYSTRING_free;
++ PEM_write_X509_AUX;
++ ASN1_OCTET_STRING_set;
++ d2i_DSA_PUBKEY_fp;
++ d2i_RSA_PUBKEY;
++ X509_TRUST_get0_name;
++ X509_TRUST_get0;
++ AUTHORITY_INFO_ACCESS_free;
++ ASN1_IA5STRING_new;
++ d2i_DSA_PUBKEY;
++ X509_check_purpose;
++ ASN1_ENUMERATED_new;
++ d2i_RSA_PUBKEY_bio;
++ d2i_PUBKEY;
++ X509_TRUST_get_trust;
++ X509_TRUST_get_flags;
++ ASN1_BMPSTRING_free;
++ ASN1_T61STRING_new;
++ ASN1_UTCTIME_new;
++ i2d_AUTHORITY_INFO_ACCESS;
++ EVP_PKEY_set1_RSA;
++ X509_STORE_CTX_set_purpose;
++ ASN1_IA5STRING_free;
++ PEM_write_bio_X509_AUX;
++ X509_PURPOSE_get_count;
++ CRYPTO_add_info;
++ X509_NAME_ENTRY_create_by_txt;
++ ASN1_STRING_get_default_mask;
++ X509_alias_get0;
++ ASN1_STRING_data;
++ i2d_ACCESS_DESCRIPTION;
++ X509_trust_set_bit;
++ ASN1_BIT_STRING_free;
++ PEM_read_bio_RSA_PUBKEY;
++ X509_add1_reject_object;
++ X509_check_trust;
++ PEM_read_bio_DSA_PUBKEY;
++ X509_PURPOSE_add;
++ ASN1_STRING_TABLE_get;
++ ASN1_UTF8STRING_free;
++ d2i_DSA_PUBKEY_bio;
++ PEM_write_RSA_PUBKEY;
++ d2i_OTHERNAME;
++ X509_reject_set_bit;
++ PEM_write_DSA_PUBKEY;
++ X509_PURPOSE_get0_sname;
++ EVP_PKEY_set1_DH;
++ ASN1_OCTET_STRING_dup;
++ ASN1_BIT_STRING_set;
++ X509_TRUST_get_count;
++ ASN1_INTEGER_free;
++ OTHERNAME_free;
++ i2d_RSA_PUBKEY_fp;
++ ASN1_INTEGER_dup;
++ d2i_X509_CERT_AUX;
++ PEM_write_bio_PUBKEY;
++ ASN1_VISIBLESTRING_free;
++ X509_PURPOSE_cleanup;
++ ASN1_mbstring_ncopy;
++ ASN1_GENERALIZEDTIME_new;
++ EVP_PKEY_get1_DH;
++ ASN1_OCTET_STRING_new;
++ ASN1_INTEGER_new;
++ i2d_X509_AUX;
++ ASN1_BIT_STRING_name_print;
++ X509_cmp;
++ ASN1_STRING_length_set;
++ DIRECTORYSTRING_new;
++ X509_add1_trust_object;
++ PKCS12_newpass;
++ SMIME_write_PKCS7;
++ SMIME_read_PKCS7;
++ DES_set_key_checked;
++ PKCS7_verify;
++ PKCS7_encrypt;
++ DES_set_key_unchecked;
++ SMIME_crlf_copy;
++ i2d_ASN1_PRINTABLESTRING;
++ PKCS7_get0_signers;
++ PKCS7_decrypt;
++ SMIME_text;
++ PKCS7_simple_smimecap;
++ PKCS7_get_smimecap;
++ PKCS7_sign;
++ PKCS7_add_attrib_smimecap;
++ CRYPTO_dbg_set_options;
++ CRYPTO_remove_all_info;
++ CRYPTO_get_mem_debug_functions;
++ CRYPTO_is_mem_check_on;
++ CRYPTO_set_mem_debug_functions;
++ CRYPTO_pop_info;
++ CRYPTO_push_info_;
++ CRYPTO_set_mem_debug_options;
++ PEM_write_PKCS8PrivateKey_nid;
++ PEM_write_bio_PKCS8PrivateKey_nid;
++ PEM_write_bio_PKCS8PrivKey_nid;
++ d2i_PKCS8PrivateKey_bio;
++ ASN1_NULL_free;
++ d2i_ASN1_NULL;
++ ASN1_NULL_new;
++ i2d_PKCS8PrivateKey_bio;
++ i2d_PKCS8PrivateKey_fp;
++ i2d_ASN1_NULL;
++ i2d_PKCS8PrivateKey_nid_fp;
++ d2i_PKCS8PrivateKey_fp;
++ i2d_PKCS8PrivateKey_nid_bio;
++ i2d_PKCS8PrivateKeyInfo_fp;
++ i2d_PKCS8PrivateKeyInfo_bio;
++ PEM_cb;
++ i2d_PrivateKey_fp;
++ d2i_PrivateKey_bio;
++ d2i_PrivateKey_fp;
++ i2d_PrivateKey_bio;
++ X509_reject_clear;
++ X509_TRUST_set_default;
++ d2i_AutoPrivateKey;
++ X509_ATTRIBUTE_get0_type;
++ X509_ATTRIBUTE_set1_data;
++ X509at_get_attr;
++ X509at_get_attr_count;
++ X509_ATTRIBUTE_create_by_NID;
++ X509_ATTRIBUTE_set1_object;
++ X509_ATTRIBUTE_count;
++ X509_ATTRIBUTE_create_by_OBJ;
++ X509_ATTRIBUTE_get0_object;
++ X509at_get_attr_by_NID;
++ X509at_add1_attr;
++ X509_ATTRIBUTE_get0_data;
++ X509at_delete_attr;
++ X509at_get_attr_by_OBJ;
++ RAND_add;
++ BIO_number_written;
++ BIO_number_read;
++ X509_STORE_CTX_get1_chain;
++ ERR_load_RAND_strings;
++ RAND_pseudo_bytes;
++ X509_REQ_get_attr_by_NID;
++ X509_REQ_get_attr;
++ X509_REQ_add1_attr_by_NID;
++ X509_REQ_get_attr_by_OBJ;
++ X509at_add1_attr_by_NID;
++ X509_REQ_add1_attr_by_OBJ;
++ X509_REQ_get_attr_count;
++ X509_REQ_add1_attr;
++ X509_REQ_delete_attr;
++ X509at_add1_attr_by_OBJ;
++ X509_REQ_add1_attr_by_txt;
++ X509_ATTRIBUTE_create_by_txt;
++ X509at_add1_attr_by_txt;
++ BN_pseudo_rand;
++ BN_is_prime_fasttest;
++ BN_CTX_end;
++ BN_CTX_start;
++ BN_CTX_get;
++ EVP_PKEY2PKCS8_broken;
++ ASN1_STRING_TABLE_add;
++ CRYPTO_dbg_get_options;
++ AUTHORITY_INFO_ACCESS_new;
++ CRYPTO_get_mem_debug_options;
++ DES_crypt;
++ PEM_write_bio_X509_REQ_NEW;
++ PEM_write_X509_REQ_NEW;
++ BIO_callback_ctrl;
++ RAND_egd;
++ RAND_status;
++ bn_dump1;
++ DES_check_key_parity;
++ lh_num_items;
++ RAND_event;
++ DSO_new;
++ DSO_new_method;
++ DSO_free;
++ DSO_flags;
++ DSO_up;
++ DSO_set_default_method;
++ DSO_get_default_method;
++ DSO_get_method;
++ DSO_set_method;
++ DSO_load;
++ DSO_bind_var;
++ DSO_METHOD_null;
++ DSO_METHOD_openssl;
++ DSO_METHOD_dlfcn;
++ DSO_METHOD_win32;
++ ERR_load_DSO_strings;
++ DSO_METHOD_dl;
++ NCONF_load;
++ NCONF_load_fp;
++ NCONF_new;
++ NCONF_get_string;
++ NCONF_free;
++ NCONF_get_number;
++ CONF_dump_fp;
++ NCONF_load_bio;
++ NCONF_dump_fp;
++ NCONF_get_section;
++ NCONF_dump_bio;
++ CONF_dump_bio;
++ NCONF_free_data;
++ CONF_set_default_method;
++ ERR_error_string_n;
++ BIO_snprintf;
++ DSO_ctrl;
++ i2d_ASN1_SET_OF_ASN1_INTEGER;
++ i2d_ASN1_SET_OF_PKCS12_SAFEBAG;
++ i2d_ASN1_SET_OF_PKCS7;
++ BIO_vfree;
++ d2i_ASN1_SET_OF_ASN1_INTEGER;
++ d2i_ASN1_SET_OF_PKCS12_SAFEBAG;
++ ASN1_UTCTIME_get;
++ X509_REQ_digest;
++ X509_CRL_digest;
++ d2i_ASN1_SET_OF_PKCS7;
++ EVP_CIPHER_CTX_set_key_length;
++ EVP_CIPHER_CTX_ctrl;
++ BN_mod_exp_mont_word;
++ RAND_egd_bytes;
++ X509_REQ_get1_email;
++ X509_get1_email;
++ X509_email_free;
++ i2d_RSA_NET;
++ d2i_RSA_NET_2;
++ d2i_RSA_NET;
++ DSO_bind_func;
++ CRYPTO_get_new_dynlockid;
++ sk_new_null;
++ CRYPTO_set_dynlock_destroy_callback;
++ CRYPTO_set_dynlock_destroy_cb;
++ CRYPTO_destroy_dynlockid;
++ CRYPTO_set_dynlock_size;
++ CRYPTO_set_dynlock_create_callback;
++ CRYPTO_set_dynlock_create_cb;
++ CRYPTO_set_dynlock_lock_callback;
++ CRYPTO_set_dynlock_lock_cb;
++ CRYPTO_get_dynlock_lock_callback;
++ CRYPTO_get_dynlock_lock_cb;
++ CRYPTO_get_dynlock_destroy_callback;
++ CRYPTO_get_dynlock_destroy_cb;
++ CRYPTO_get_dynlock_value;
++ CRYPTO_get_dynlock_create_callback;
++ CRYPTO_get_dynlock_create_cb;
++ c2i_ASN1_BIT_STRING;
++ i2c_ASN1_BIT_STRING;
++ RAND_poll;
++ c2i_ASN1_INTEGER;
++ i2c_ASN1_INTEGER;
++ BIO_dump_indent;
++ ASN1_parse_dump;
++ c2i_ASN1_OBJECT;
++ X509_NAME_print_ex_fp;
++ ASN1_STRING_print_ex_fp;
++ X509_NAME_print_ex;
++ ASN1_STRING_print_ex;
++ MD4;
++ MD4_Transform;
++ MD4_Final;
++ MD4_Update;
++ MD4_Init;
++ EVP_md4;
++ i2d_PUBKEY_bio;
++ i2d_PUBKEY_fp;
++ d2i_PUBKEY_bio;
++ ASN1_STRING_to_UTF8;
++ BIO_vprintf;
++ BIO_vsnprintf;
++ d2i_PUBKEY_fp;
++ X509_cmp_time;
++ X509_STORE_CTX_set_time;
++ X509_STORE_CTX_get1_issuer;
++ X509_OBJECT_retrieve_match;
++ X509_OBJECT_idx_by_subject;
++ X509_STORE_CTX_set_flags;
++ X509_STORE_CTX_trusted_stack;
++ X509_time_adj;
++ X509_check_issued;
++ ASN1_UTCTIME_cmp_time_t;
++ DES_set_weak_key_flag;
++ DES_check_key;
++ DES_rw_mode;
++ RSA_PKCS1_RSAref;
++ X509_keyid_set1;
++ BIO_next;
++ DSO_METHOD_vms;
++ BIO_f_linebuffer;
++ BN_bntest_rand;
++ OPENSSL_issetugid;
++ BN_rand_range;
++ ERR_load_ENGINE_strings;
++ ENGINE_set_DSA;
++ ENGINE_get_finish_function;
++ ENGINE_get_default_RSA;
++ ENGINE_get_BN_mod_exp;
++ DSA_get_default_openssl_method;
++ ENGINE_set_DH;
++ ENGINE_set_def_BN_mod_exp_crt;
++ ENGINE_set_default_BN_mod_exp_crt;
++ ENGINE_init;
++ DH_get_default_openssl_method;
++ RSA_set_default_openssl_method;
++ ENGINE_finish;
++ ENGINE_load_public_key;
++ ENGINE_get_DH;
++ ENGINE_ctrl;
++ ENGINE_get_init_function;
++ ENGINE_set_init_function;
++ ENGINE_set_default_DSA;
++ ENGINE_get_name;
++ ENGINE_get_last;
++ ENGINE_get_prev;
++ ENGINE_get_default_DH;
++ ENGINE_get_RSA;
++ ENGINE_set_default;
++ ENGINE_get_RAND;
++ ENGINE_get_first;
++ ENGINE_by_id;
++ ENGINE_set_finish_function;
++ ENGINE_get_def_BN_mod_exp_crt;
++ ENGINE_get_default_BN_mod_exp_crt;
++ RSA_get_default_openssl_method;
++ ENGINE_set_RSA;
++ ENGINE_load_private_key;
++ ENGINE_set_default_RAND;
++ ENGINE_set_BN_mod_exp;
++ ENGINE_remove;
++ ENGINE_free;
++ ENGINE_get_BN_mod_exp_crt;
++ ENGINE_get_next;
++ ENGINE_set_name;
++ ENGINE_get_default_DSA;
++ ENGINE_set_default_BN_mod_exp;
++ ENGINE_set_default_RSA;
++ ENGINE_get_default_RAND;
++ ENGINE_get_default_BN_mod_exp;
++ ENGINE_set_RAND;
++ ENGINE_set_id;
++ ENGINE_set_BN_mod_exp_crt;
++ ENGINE_set_default_DH;
++ ENGINE_new;
++ ENGINE_get_id;
++ DSA_set_default_openssl_method;
++ ENGINE_add;
++ DH_set_default_openssl_method;
++ ENGINE_get_DSA;
++ ENGINE_get_ctrl_function;
++ ENGINE_set_ctrl_function;
++ BN_pseudo_rand_range;
++ X509_STORE_CTX_set_verify_cb;
++ ERR_load_COMP_strings;
++ PKCS12_item_decrypt_d2i;
++ ASN1_UTF8STRING_it;
++ ENGINE_unregister_ciphers;
++ ENGINE_get_ciphers;
++ d2i_OCSP_BASICRESP;
++ KRB5_CHECKSUM_it;
++ EC_POINT_add;
++ ASN1_item_ex_i2d;
++ OCSP_CERTID_it;
++ d2i_OCSP_RESPBYTES;
++ X509V3_add1_i2d;
++ PKCS7_ENVELOPE_it;
++ UI_add_input_boolean;
++ ENGINE_unregister_RSA;
++ X509V3_EXT_nconf;
++ ASN1_GENERALSTRING_free;
++ d2i_OCSP_CERTSTATUS;
++ X509_REVOKED_set_serialNumber;
++ X509_print_ex;
++ OCSP_ONEREQ_get1_ext_d2i;
++ ENGINE_register_all_RAND;
++ ENGINE_load_dynamic;
++ PBKDF2PARAM_it;
++ EXTENDED_KEY_USAGE_new;
++ EC_GROUP_clear_free;
++ OCSP_sendreq_bio;
++ ASN1_item_digest;
++ OCSP_BASICRESP_delete_ext;
++ OCSP_SIGNATURE_it;
++ X509_CRL_it;
++ OCSP_BASICRESP_add_ext;
++ KRB5_ENCKEY_it;
++ UI_method_set_closer;
++ X509_STORE_set_purpose;
++ i2d_ASN1_GENERALSTRING;
++ OCSP_response_status;
++ i2d_OCSP_SERVICELOC;
++ ENGINE_get_digest_engine;
++ EC_GROUP_set_curve_GFp;
++ OCSP_REQUEST_get_ext_by_OBJ;
++ _ossl_old_des_random_key;
++ ASN1_T61STRING_it;
++ EC_GROUP_method_of;
++ i2d_KRB5_APREQ;
++ _ossl_old_des_encrypt;
++ ASN1_PRINTABLE_new;
++ HMAC_Init_ex;
++ d2i_KRB5_AUTHENT;
++ OCSP_archive_cutoff_new;
++ EC_POINT_set_Jprojective_coordinates_GFp;
++ EC_POINT_set_Jproj_coords_GFp;
++ _ossl_old_des_is_weak_key;
++ OCSP_BASICRESP_get_ext_by_OBJ;
++ EC_POINT_oct2point;
++ OCSP_SINGLERESP_get_ext_count;
++ UI_ctrl;
++ _shadow_DES_rw_mode;
++ asn1_do_adb;
++ ASN1_template_i2d;
++ ENGINE_register_DH;
++ UI_construct_prompt;
++ X509_STORE_set_trust;
++ UI_dup_input_string;
++ d2i_KRB5_APREQ;
++ EVP_MD_CTX_copy_ex;
++ OCSP_request_is_signed;
++ i2d_OCSP_REQINFO;
++ KRB5_ENCKEY_free;
++ OCSP_resp_get0;
++ GENERAL_NAME_it;
++ ASN1_GENERALIZEDTIME_it;
++ X509_STORE_set_flags;
++ EC_POINT_set_compressed_coordinates_GFp;
++ EC_POINT_set_compr_coords_GFp;
++ OCSP_response_status_str;
++ d2i_OCSP_REVOKEDINFO;
++ OCSP_basic_add1_cert;
++ ERR_get_implementation;
++ EVP_CipherFinal_ex;
++ OCSP_CERTSTATUS_new;
++ CRYPTO_cleanup_all_ex_data;
++ OCSP_resp_find;
++ BN_nnmod;
++ X509_CRL_sort;
++ X509_REVOKED_set_revocationDate;
++ ENGINE_register_RAND;
++ OCSP_SERVICELOC_new;
++ EC_POINT_set_affine_coordinates_GFp;
++ EC_POINT_set_affine_coords_GFp;
++ _ossl_old_des_options;
++ SXNET_it;
++ UI_dup_input_boolean;
++ PKCS12_add_CSPName_asc;
++ EC_POINT_is_at_infinity;
++ ENGINE_load_cryptodev;
++ DSO_convert_filename;
++ POLICYQUALINFO_it;
++ ENGINE_register_ciphers;
++ BN_mod_lshift_quick;
++ DSO_set_filename;
++ ASN1_item_free;
++ KRB5_TKTBODY_free;
++ AUTHORITY_KEYID_it;
++ KRB5_APREQBODY_new;
++ X509V3_EXT_REQ_add_nconf;
++ ENGINE_ctrl_cmd_string;
++ i2d_OCSP_RESPDATA;
++ EVP_MD_CTX_init;
++ EXTENDED_KEY_USAGE_free;
++ PKCS7_ATTR_SIGN_it;
++ UI_add_error_string;
++ KRB5_CHECKSUM_free;
++ OCSP_REQUEST_get_ext;
++ ENGINE_load_ubsec;
++ ENGINE_register_all_digests;
++ PKEY_USAGE_PERIOD_it;
++ PKCS12_unpack_authsafes;
++ ASN1_item_unpack;
++ NETSCAPE_SPKAC_it;
++ X509_REVOKED_it;
++ ASN1_STRING_encode;
++ EVP_aes_128_ecb;
++ KRB5_AUTHENT_free;
++ OCSP_BASICRESP_get_ext_by_critical;
++ OCSP_BASICRESP_get_ext_by_crit;
++ OCSP_cert_status_str;
++ d2i_OCSP_REQUEST;
++ UI_dup_info_string;
++ _ossl_old_des_xwhite_in2out;
++ PKCS12_it;
++ OCSP_SINGLERESP_get_ext_by_critical;
++ OCSP_SINGLERESP_get_ext_by_crit;
++ OCSP_CERTSTATUS_free;
++ _ossl_old_des_crypt;
++ ASN1_item_i2d;
++ EVP_DecryptFinal_ex;
++ ENGINE_load_openssl;
++ ENGINE_get_cmd_defns;
++ ENGINE_set_load_privkey_function;
++ ENGINE_set_load_privkey_fn;
++ EVP_EncryptFinal_ex;
++ ENGINE_set_default_digests;
++ X509_get0_pubkey_bitstr;
++ asn1_ex_i2c;
++ ENGINE_register_RSA;
++ ENGINE_unregister_DSA;
++ _ossl_old_des_key_sched;
++ X509_EXTENSION_it;
++ i2d_KRB5_AUTHENT;
++ SXNETID_it;
++ d2i_OCSP_SINGLERESP;
++ EDIPARTYNAME_new;
++ PKCS12_certbag2x509;
++ _ossl_old_des_ofb64_encrypt;
++ d2i_EXTENDED_KEY_USAGE;
++ ERR_print_errors_cb;
++ ENGINE_set_ciphers;
++ d2i_KRB5_APREQBODY;
++ UI_method_get_flusher;
++ X509_PUBKEY_it;
++ _ossl_old_des_enc_read;
++ PKCS7_ENCRYPT_it;
++ i2d_OCSP_RESPONSE;
++ EC_GROUP_get_cofactor;
++ PKCS12_unpack_p7data;
++ d2i_KRB5_AUTHDATA;
++ OCSP_copy_nonce;
++ KRB5_AUTHDATA_new;
++ OCSP_RESPDATA_new;
++ EC_GFp_mont_method;
++ OCSP_REVOKEDINFO_free;
++ UI_get_ex_data;
++ KRB5_APREQBODY_free;
++ EC_GROUP_get0_generator;
++ UI_get_default_method;
++ X509V3_set_nconf;
++ PKCS12_item_i2d_encrypt;
++ X509_add1_ext_i2d;
++ PKCS7_SIGNER_INFO_it;
++ KRB5_PRINCNAME_new;
++ PKCS12_SAFEBAG_it;
++ EC_GROUP_get_order;
++ d2i_OCSP_RESPID;
++ OCSP_request_verify;
++ NCONF_get_number_e;
++ _ossl_old_des_decrypt3;
++ X509_signature_print;
++ OCSP_SINGLERESP_free;
++ ENGINE_load_builtin_engines;
++ i2d_OCSP_ONEREQ;
++ OCSP_REQUEST_add_ext;
++ OCSP_RESPBYTES_new;
++ EVP_MD_CTX_create;
++ OCSP_resp_find_status;
++ X509_ALGOR_it;
++ ASN1_TIME_it;
++ OCSP_request_set1_name;
++ OCSP_ONEREQ_get_ext_count;
++ UI_get0_result;
++ PKCS12_AUTHSAFES_it;
++ EVP_aes_256_ecb;
++ PKCS12_pack_authsafes;
++ ASN1_IA5STRING_it;
++ UI_get_input_flags;
++ EC_GROUP_set_generator;
++ _ossl_old_des_string_to_2keys;
++ OCSP_CERTID_free;
++ X509_CERT_AUX_it;
++ CERTIFICATEPOLICIES_it;
++ _ossl_old_des_ede3_cbc_encrypt;
++ RAND_set_rand_engine;
++ DSO_get_loaded_filename;
++ X509_ATTRIBUTE_it;
++ OCSP_ONEREQ_get_ext_by_NID;
++ PKCS12_decrypt_skey;
++ KRB5_AUTHENT_it;
++ UI_dup_error_string;
++ RSAPublicKey_it;
++ i2d_OCSP_REQUEST;
++ PKCS12_x509crl2certbag;
++ OCSP_SERVICELOC_it;
++ ASN1_item_sign;
++ X509_CRL_set_issuer_name;
++ OBJ_NAME_do_all_sorted;
++ i2d_OCSP_BASICRESP;
++ i2d_OCSP_RESPBYTES;
++ PKCS12_unpack_p7encdata;
++ HMAC_CTX_init;
++ ENGINE_get_digest;
++ OCSP_RESPONSE_print;
++ KRB5_TKTBODY_it;
++ ACCESS_DESCRIPTION_it;
++ PKCS7_ISSUER_AND_SERIAL_it;
++ PBE2PARAM_it;
++ PKCS12_certbag2x509crl;
++ PKCS7_SIGNED_it;
++ ENGINE_get_cipher;
++ i2d_OCSP_CRLID;
++ OCSP_SINGLERESP_new;
++ ENGINE_cmd_is_executable;
++ RSA_up_ref;
++ ASN1_GENERALSTRING_it;
++ ENGINE_register_DSA;
++ X509V3_EXT_add_nconf_sk;
++ ENGINE_set_load_pubkey_function;
++ PKCS8_decrypt;
++ PEM_bytes_read_bio;
++ DIRECTORYSTRING_it;
++ d2i_OCSP_CRLID;
++ EC_POINT_is_on_curve;
++ CRYPTO_set_locked_mem_ex_functions;
++ CRYPTO_set_locked_mem_ex_funcs;
++ d2i_KRB5_CHECKSUM;
++ ASN1_item_dup;
++ X509_it;
++ BN_mod_add;
++ KRB5_AUTHDATA_free;
++ _ossl_old_des_cbc_cksum;
++ ASN1_item_verify;
++ CRYPTO_set_mem_ex_functions;
++ EC_POINT_get_Jprojective_coordinates_GFp;
++ EC_POINT_get_Jproj_coords_GFp;
++ ZLONG_it;
++ CRYPTO_get_locked_mem_ex_functions;
++ CRYPTO_get_locked_mem_ex_funcs;
++ ASN1_TIME_check;
++ UI_get0_user_data;
++ HMAC_CTX_cleanup;
++ DSA_up_ref;
++ _ossl_old_des_ede3_cfb64_encrypt;
++ _ossl_odes_ede3_cfb64_encrypt;
++ ASN1_BMPSTRING_it;
++ ASN1_tag2bit;
++ UI_method_set_flusher;
++ X509_ocspid_print;
++ KRB5_ENCDATA_it;
++ ENGINE_get_load_pubkey_function;
++ UI_add_user_data;
++ OCSP_REQUEST_delete_ext;
++ UI_get_method;
++ OCSP_ONEREQ_free;
++ ASN1_PRINTABLESTRING_it;
++ X509_CRL_set_nextUpdate;
++ OCSP_REQUEST_it;
++ OCSP_BASICRESP_it;
++ AES_ecb_encrypt;
++ BN_mod_sqr;
++ NETSCAPE_CERT_SEQUENCE_it;
++ GENERAL_NAMES_it;
++ AUTHORITY_INFO_ACCESS_it;
++ ASN1_FBOOLEAN_it;
++ UI_set_ex_data;
++ _ossl_old_des_string_to_key;
++ ENGINE_register_all_RSA;
++ d2i_KRB5_PRINCNAME;
++ OCSP_RESPBYTES_it;
++ X509_CINF_it;
++ ENGINE_unregister_digests;
++ d2i_EDIPARTYNAME;
++ d2i_OCSP_SERVICELOC;
++ ENGINE_get_digests;
++ _ossl_old_des_set_odd_parity;
++ OCSP_RESPDATA_free;
++ d2i_KRB5_TICKET;
++ OTHERNAME_it;
++ EVP_MD_CTX_cleanup;
++ d2i_ASN1_GENERALSTRING;
++ X509_CRL_set_version;
++ BN_mod_sub;
++ OCSP_SINGLERESP_get_ext_by_NID;
++ ENGINE_get_ex_new_index;
++ OCSP_REQUEST_free;
++ OCSP_REQUEST_add1_ext_i2d;
++ X509_VAL_it;
++ EC_POINTs_make_affine;
++ EC_POINT_mul;
++ X509V3_EXT_add_nconf;
++ X509_TRUST_set;
++ X509_CRL_add1_ext_i2d;
++ _ossl_old_des_fcrypt;
++ DISPLAYTEXT_it;
++ X509_CRL_set_lastUpdate;
++ OCSP_BASICRESP_free;
++ OCSP_BASICRESP_add1_ext_i2d;
++ d2i_KRB5_AUTHENTBODY;
++ CRYPTO_set_ex_data_implementation;
++ CRYPTO_set_ex_data_impl;
++ KRB5_ENCDATA_new;
++ DSO_up_ref;
++ OCSP_crl_reason_str;
++ UI_get0_result_string;
++ ASN1_GENERALSTRING_new;
++ X509_SIG_it;
++ ERR_set_implementation;
++ ERR_load_EC_strings;
++ UI_get0_action_string;
++ OCSP_ONEREQ_get_ext;
++ EC_POINT_method_of;
++ i2d_KRB5_APREQBODY;
++ _ossl_old_des_ecb3_encrypt;
++ CRYPTO_get_mem_ex_functions;
++ ENGINE_get_ex_data;
++ UI_destroy_method;
++ ASN1_item_i2d_bio;
++ OCSP_ONEREQ_get_ext_by_OBJ;
++ ASN1_primitive_new;
++ ASN1_PRINTABLE_it;
++ EVP_aes_192_ecb;
++ OCSP_SIGNATURE_new;
++ LONG_it;
++ ASN1_VISIBLESTRING_it;
++ OCSP_SINGLERESP_add1_ext_i2d;
++ d2i_OCSP_CERTID;
++ ASN1_item_d2i_fp;
++ CRL_DIST_POINTS_it;
++ GENERAL_NAME_print;
++ OCSP_SINGLERESP_delete_ext;
++ PKCS12_SAFEBAGS_it;
++ d2i_OCSP_SIGNATURE;
++ OCSP_request_add1_nonce;
++ ENGINE_set_cmd_defns;
++ OCSP_SERVICELOC_free;
++ EC_GROUP_free;
++ ASN1_BIT_STRING_it;
++ X509_REQ_it;
++ _ossl_old_des_cbc_encrypt;
++ ERR_unload_strings;
++ PKCS7_SIGN_ENVELOPE_it;
++ EDIPARTYNAME_free;
++ OCSP_REQINFO_free;
++ EC_GROUP_new_curve_GFp;
++ OCSP_REQUEST_get1_ext_d2i;
++ PKCS12_item_pack_safebag;
++ asn1_ex_c2i;
++ ENGINE_register_digests;
++ i2d_OCSP_REVOKEDINFO;
++ asn1_enc_restore;
++ UI_free;
++ UI_new_method;
++ EVP_EncryptInit_ex;
++ X509_pubkey_digest;
++ EC_POINT_invert;
++ OCSP_basic_sign;
++ i2d_OCSP_RESPID;
++ OCSP_check_nonce;
++ ENGINE_ctrl_cmd;
++ d2i_KRB5_ENCKEY;
++ OCSP_parse_url;
++ OCSP_SINGLERESP_get_ext;
++ OCSP_CRLID_free;
++ OCSP_BASICRESP_get1_ext_d2i;
++ RSAPrivateKey_it;
++ ENGINE_register_all_DH;
++ i2d_EDIPARTYNAME;
++ EC_POINT_get_affine_coordinates_GFp;
++ EC_POINT_get_affine_coords_GFp;
++ OCSP_CRLID_new;
++ ENGINE_get_flags;
++ OCSP_ONEREQ_it;
++ UI_process;
++ ASN1_INTEGER_it;
++ EVP_CipherInit_ex;
++ UI_get_string_type;
++ ENGINE_unregister_DH;
++ ENGINE_register_all_DSA;
++ OCSP_ONEREQ_get_ext_by_critical;
++ bn_dup_expand;
++ OCSP_cert_id_new;
++ BASIC_CONSTRAINTS_it;
++ BN_mod_add_quick;
++ EC_POINT_new;
++ EVP_MD_CTX_destroy;
++ OCSP_RESPBYTES_free;
++ EVP_aes_128_cbc;
++ OCSP_SINGLERESP_get1_ext_d2i;
++ EC_POINT_free;
++ DH_up_ref;
++ X509_NAME_ENTRY_it;
++ UI_get_ex_new_index;
++ BN_mod_sub_quick;
++ OCSP_ONEREQ_add_ext;
++ OCSP_request_sign;
++ EVP_DigestFinal_ex;
++ ENGINE_set_digests;
++ OCSP_id_issuer_cmp;
++ OBJ_NAME_do_all;
++ EC_POINTs_mul;
++ ENGINE_register_complete;
++ X509V3_EXT_nconf_nid;
++ ASN1_SEQUENCE_it;
++ UI_set_default_method;
++ RAND_query_egd_bytes;
++ UI_method_get_writer;
++ UI_OpenSSL;
++ PEM_def_callback;
++ ENGINE_cleanup;
++ DIST_POINT_it;
++ OCSP_SINGLERESP_it;
++ d2i_KRB5_TKTBODY;
++ EC_POINT_cmp;
++ OCSP_REVOKEDINFO_new;
++ i2d_OCSP_CERTSTATUS;
++ OCSP_basic_add1_nonce;
++ ASN1_item_ex_d2i;
++ BN_mod_lshift1_quick;
++ UI_set_method;
++ OCSP_id_get0_info;
++ BN_mod_sqrt;
++ EC_GROUP_copy;
++ KRB5_ENCDATA_free;
++ _ossl_old_des_cfb_encrypt;
++ OCSP_SINGLERESP_get_ext_by_OBJ;
++ OCSP_cert_to_id;
++ OCSP_RESPID_new;
++ OCSP_RESPDATA_it;
++ d2i_OCSP_RESPDATA;
++ ENGINE_register_all_complete;
++ OCSP_check_validity;
++ PKCS12_BAGS_it;
++ OCSP_url_svcloc_new;
++ ASN1_template_free;
++ OCSP_SINGLERESP_add_ext;
++ KRB5_AUTHENTBODY_it;
++ X509_supported_extension;
++ i2d_KRB5_AUTHDATA;
++ UI_method_get_opener;
++ ENGINE_set_ex_data;
++ OCSP_REQUEST_print;
++ CBIGNUM_it;
++ KRB5_TICKET_new;
++ KRB5_APREQ_new;
++ EC_GROUP_get_curve_GFp;
++ KRB5_ENCKEY_new;
++ ASN1_template_d2i;
++ _ossl_old_des_quad_cksum;
++ OCSP_single_get0_status;
++ BN_swap;
++ POLICYINFO_it;
++ ENGINE_set_destroy_function;
++ asn1_enc_free;
++ OCSP_RESPID_it;
++ EC_GROUP_new;
++ EVP_aes_256_cbc;
++ i2d_KRB5_PRINCNAME;
++ _ossl_old_des_encrypt2;
++ _ossl_old_des_encrypt3;
++ PKCS8_PRIV_KEY_INFO_it;
++ OCSP_REQINFO_it;
++ PBEPARAM_it;
++ KRB5_AUTHENTBODY_new;
++ X509_CRL_add0_revoked;
++ EDIPARTYNAME_it;
++ NETSCAPE_SPKI_it;
++ UI_get0_test_string;
++ ENGINE_get_cipher_engine;
++ ENGINE_register_all_ciphers;
++ EC_POINT_copy;
++ BN_kronecker;
++ _ossl_old_des_ede3_ofb64_encrypt;
++ _ossl_odes_ede3_ofb64_encrypt;
++ UI_method_get_reader;
++ OCSP_BASICRESP_get_ext_count;
++ ASN1_ENUMERATED_it;
++ UI_set_result;
++ i2d_KRB5_TICKET;
++ X509_print_ex_fp;
++ EVP_CIPHER_CTX_set_padding;
++ d2i_OCSP_RESPONSE;
++ ASN1_UTCTIME_it;
++ _ossl_old_des_enc_write;
++ OCSP_RESPONSE_new;
++ AES_set_encrypt_key;
++ OCSP_resp_count;
++ KRB5_CHECKSUM_new;
++ ENGINE_load_cswift;
++ OCSP_onereq_get0_id;
++ ENGINE_set_default_ciphers;
++ NOTICEREF_it;
++ X509V3_EXT_CRL_add_nconf;
++ OCSP_REVOKEDINFO_it;
++ AES_encrypt;
++ OCSP_REQUEST_new;
++ ASN1_ANY_it;
++ CRYPTO_ex_data_new_class;
++ _ossl_old_des_ncbc_encrypt;
++ i2d_KRB5_TKTBODY;
++ EC_POINT_clear_free;
++ AES_decrypt;
++ asn1_enc_init;
++ UI_get_result_maxsize;
++ OCSP_CERTID_new;
++ ENGINE_unregister_RAND;
++ UI_method_get_closer;
++ d2i_KRB5_ENCDATA;
++ OCSP_request_onereq_count;
++ OCSP_basic_verify;
++ KRB5_AUTHENTBODY_free;
++ ASN1_item_d2i;
++ ASN1_primitive_free;
++ i2d_EXTENDED_KEY_USAGE;
++ i2d_OCSP_SIGNATURE;
++ asn1_enc_save;
++ ENGINE_load_nuron;
++ _ossl_old_des_pcbc_encrypt;
++ PKCS12_MAC_DATA_it;
++ OCSP_accept_responses_new;
++ asn1_do_lock;
++ PKCS7_ATTR_VERIFY_it;
++ KRB5_APREQBODY_it;
++ i2d_OCSP_SINGLERESP;
++ ASN1_item_ex_new;
++ UI_add_verify_string;
++ _ossl_old_des_set_key;
++ KRB5_PRINCNAME_it;
++ EVP_DecryptInit_ex;
++ i2d_OCSP_CERTID;
++ ASN1_item_d2i_bio;
++ EC_POINT_dbl;
++ asn1_get_choice_selector;
++ i2d_KRB5_CHECKSUM;
++ ENGINE_set_table_flags;
++ AES_options;
++ ENGINE_load_chil;
++ OCSP_id_cmp;
++ OCSP_BASICRESP_new;
++ OCSP_REQUEST_get_ext_by_NID;
++ KRB5_APREQ_it;
++ ENGINE_get_destroy_function;
++ CONF_set_nconf;
++ ASN1_PRINTABLE_free;
++ OCSP_BASICRESP_get_ext_by_NID;
++ DIST_POINT_NAME_it;
++ X509V3_extensions_print;
++ _ossl_old_des_cfb64_encrypt;
++ X509_REVOKED_add1_ext_i2d;
++ _ossl_old_des_ofb_encrypt;
++ KRB5_TKTBODY_new;
++ ASN1_OCTET_STRING_it;
++ ERR_load_UI_strings;
++ i2d_KRB5_ENCKEY;
++ ASN1_template_new;
++ OCSP_SIGNATURE_free;
++ ASN1_item_i2d_fp;
++ KRB5_PRINCNAME_free;
++ PKCS7_RECIP_INFO_it;
++ EXTENDED_KEY_USAGE_it;
++ EC_GFp_simple_method;
++ EC_GROUP_precompute_mult;
++ OCSP_request_onereq_get0;
++ UI_method_set_writer;
++ KRB5_AUTHENT_new;
++ X509_CRL_INFO_it;
++ DSO_set_name_converter;
++ AES_set_decrypt_key;
++ PKCS7_DIGEST_it;
++ PKCS12_x5092certbag;
++ EVP_DigestInit_ex;
++ i2a_ACCESS_DESCRIPTION;
++ OCSP_RESPONSE_it;
++ PKCS7_ENC_CONTENT_it;
++ OCSP_request_add0_id;
++ EC_POINT_make_affine;
++ DSO_get_filename;
++ OCSP_CERTSTATUS_it;
++ OCSP_request_add1_cert;
++ UI_get0_output_string;
++ UI_dup_verify_string;
++ BN_mod_lshift;
++ KRB5_AUTHDATA_it;
++ asn1_set_choice_selector;
++ OCSP_basic_add1_status;
++ OCSP_RESPID_free;
++ asn1_get_field_ptr;
++ UI_add_input_string;
++ OCSP_CRLID_it;
++ i2d_KRB5_AUTHENTBODY;
++ OCSP_REQUEST_get_ext_count;
++ ENGINE_load_atalla;
++ X509_NAME_it;
++ USERNOTICE_it;
++ OCSP_REQINFO_new;
++ OCSP_BASICRESP_get_ext;
++ CRYPTO_get_ex_data_implementation;
++ CRYPTO_get_ex_data_impl;
++ ASN1_item_pack;
++ i2d_KRB5_ENCDATA;
++ X509_PURPOSE_set;
++ X509_REQ_INFO_it;
++ UI_method_set_opener;
++ ASN1_item_ex_free;
++ ASN1_BOOLEAN_it;
++ ENGINE_get_table_flags;
++ UI_create_method;
++ OCSP_ONEREQ_add1_ext_i2d;
++ _shadow_DES_check_key;
++ d2i_OCSP_REQINFO;
++ UI_add_info_string;
++ UI_get_result_minsize;
++ ASN1_NULL_it;
++ BN_mod_lshift1;
++ d2i_OCSP_ONEREQ;
++ OCSP_ONEREQ_new;
++ KRB5_TICKET_it;
++ EVP_aes_192_cbc;
++ KRB5_TICKET_free;
++ UI_new;
++ OCSP_response_create;
++ _ossl_old_des_xcbc_encrypt;
++ PKCS7_it;
++ OCSP_REQUEST_get_ext_by_critical;
++ OCSP_REQUEST_get_ext_by_crit;
++ ENGINE_set_flags;
++ _ossl_old_des_ecb_encrypt;
++ OCSP_response_get1_basic;
++ EVP_Digest;
++ OCSP_ONEREQ_delete_ext;
++ ASN1_TBOOLEAN_it;
++ ASN1_item_new;
++ ASN1_TIME_to_generalizedtime;
++ BIGNUM_it;
++ AES_cbc_encrypt;
++ ENGINE_get_load_privkey_function;
++ ENGINE_get_load_privkey_fn;
++ OCSP_RESPONSE_free;
++ UI_method_set_reader;
++ i2d_ASN1_T61STRING;
++ EC_POINT_set_to_infinity;
++ ERR_load_OCSP_strings;
++ EC_POINT_point2oct;
++ KRB5_APREQ_free;
++ ASN1_OBJECT_it;
++ OCSP_crlID_new;
++ OCSP_crlID2_new;
++ CONF_modules_load_file;
++ CONF_imodule_set_usr_data;
++ ENGINE_set_default_string;
++ CONF_module_get_usr_data;
++ ASN1_add_oid_module;
++ CONF_modules_finish;
++ OPENSSL_config;
++ CONF_modules_unload;
++ CONF_imodule_get_value;
++ CONF_module_set_usr_data;
++ CONF_parse_list;
++ CONF_module_add;
++ CONF_get1_default_config_file;
++ CONF_imodule_get_flags;
++ CONF_imodule_get_module;
++ CONF_modules_load;
++ CONF_imodule_get_name;
++ ERR_peek_top_error;
++ CONF_imodule_get_usr_data;
++ CONF_imodule_set_flags;
++ ENGINE_add_conf_module;
++ ERR_peek_last_error_line;
++ ERR_peek_last_error_line_data;
++ ERR_peek_last_error;
++ DES_read_2passwords;
++ DES_read_password;
++ UI_UTIL_read_pw;
++ UI_UTIL_read_pw_string;
++ ENGINE_load_aep;
++ ENGINE_load_sureware;
++ OPENSSL_add_all_algorithms_noconf;
++ OPENSSL_add_all_algo_noconf;
++ OPENSSL_add_all_algorithms_conf;
++ OPENSSL_add_all_algo_conf;
++ OPENSSL_load_builtin_modules;
++ AES_ofb128_encrypt;
++ AES_ctr128_encrypt;
++ AES_cfb128_encrypt;
++ ENGINE_load_4758cca;
++ _ossl_096_des_random_seed;
++ EVP_aes_256_ofb;
++ EVP_aes_192_ofb;
++ EVP_aes_128_cfb128;
++ EVP_aes_256_cfb128;
++ EVP_aes_128_ofb;
++ EVP_aes_192_cfb128;
++ CONF_modules_free;
++ NCONF_default;
++ OPENSSL_no_config;
++ NCONF_WIN32;
++ ASN1_UNIVERSALSTRING_new;
++ EVP_des_ede_ecb;
++ i2d_ASN1_UNIVERSALSTRING;
++ ASN1_UNIVERSALSTRING_free;
++ ASN1_UNIVERSALSTRING_it;
++ d2i_ASN1_UNIVERSALSTRING;
++ EVP_des_ede3_ecb;
++ X509_REQ_print_ex;
++ ENGINE_up_ref;
++ BUF_MEM_grow_clean;
++ CRYPTO_realloc_clean;
++ BUF_strlcat;
++ BIO_indent;
++ BUF_strlcpy;
++ OpenSSLDie;
++ OPENSSL_cleanse;
++ ENGINE_setup_bsd_cryptodev;
++ ERR_release_err_state_table;
++ EVP_aes_128_cfb8;
++ FIPS_corrupt_rsa;
++ FIPS_selftest_des;
++ EVP_aes_128_cfb1;
++ EVP_aes_192_cfb8;
++ FIPS_mode_set;
++ FIPS_selftest_dsa;
++ EVP_aes_256_cfb8;
++ FIPS_allow_md5;
++ DES_ede3_cfb_encrypt;
++ EVP_des_ede3_cfb8;
++ FIPS_rand_seeded;
++ AES_cfbr_encrypt_block;
++ AES_cfb8_encrypt;
++ FIPS_rand_seed;
++ FIPS_corrupt_des;
++ EVP_aes_192_cfb1;
++ FIPS_selftest_aes;
++ FIPS_set_prng_key;
++ EVP_des_cfb8;
++ FIPS_corrupt_dsa;
++ FIPS_test_mode;
++ FIPS_rand_method;
++ EVP_aes_256_cfb1;
++ ERR_load_FIPS_strings;
++ FIPS_corrupt_aes;
++ FIPS_selftest_sha1;
++ FIPS_selftest_rsa;
++ FIPS_corrupt_sha1;
++ EVP_des_cfb1;
++ FIPS_dsa_check;
++ AES_cfb1_encrypt;
++ EVP_des_ede3_cfb1;
++ FIPS_rand_check;
++ FIPS_md5_allowed;
++ FIPS_mode;
++ FIPS_selftest_failed;
++ sk_is_sorted;
++ X509_check_ca;
++ HMAC_CTX_set_flags;
++ d2i_PROXY_CERT_INFO_EXTENSION;
++ PROXY_POLICY_it;
++ i2d_PROXY_POLICY;
++ i2d_PROXY_CERT_INFO_EXTENSION;
++ d2i_PROXY_POLICY;
++ PROXY_CERT_INFO_EXTENSION_new;
++ PROXY_CERT_INFO_EXTENSION_free;
++ PROXY_CERT_INFO_EXTENSION_it;
++ PROXY_POLICY_free;
++ PROXY_POLICY_new;
++ BN_MONT_CTX_set_locked;
++ FIPS_selftest_rng;
++ EVP_sha384;
++ EVP_sha512;
++ EVP_sha224;
++ EVP_sha256;
++ FIPS_selftest_hmac;
++ FIPS_corrupt_rng;
++ BN_mod_exp_mont_consttime;
++ RSA_X931_hash_id;
++ RSA_padding_check_X931;
++ RSA_verify_PKCS1_PSS;
++ RSA_padding_add_X931;
++ RSA_padding_add_PKCS1_PSS;
++ PKCS1_MGF1;
++ BN_X931_generate_Xpq;
++ RSA_X931_generate_key;
++ BN_X931_derive_prime;
++ BN_X931_generate_prime;
++ RSA_X931_derive;
++ BIO_new_dgram;
++ BN_get0_nist_prime_384;
++ ERR_set_mark;
++ X509_STORE_CTX_set0_crls;
++ ENGINE_set_STORE;
++ ENGINE_register_ECDSA;
++ STORE_meth_set_list_start_fn;
++ STORE_method_set_list_start_function;
++ BN_BLINDING_invert_ex;
++ NAME_CONSTRAINTS_free;
++ STORE_ATTR_INFO_set_number;
++ BN_BLINDING_get_thread_id;
++ X509_STORE_CTX_set0_param;
++ POLICY_MAPPING_it;
++ STORE_parse_attrs_start;
++ POLICY_CONSTRAINTS_free;
++ EVP_PKEY_add1_attr_by_NID;
++ BN_nist_mod_192;
++ EC_GROUP_get_trinomial_basis;
++ STORE_set_method;
++ GENERAL_SUBTREE_free;
++ NAME_CONSTRAINTS_it;
++ ECDH_get_default_method;
++ PKCS12_add_safe;
++ EC_KEY_new_by_curve_name;
++ STORE_meth_get_update_store_fn;
++ STORE_method_get_update_store_function;
++ ENGINE_register_ECDH;
++ SHA512_Update;
++ i2d_ECPrivateKey;
++ BN_get0_nist_prime_192;
++ STORE_modify_certificate;
++ EC_POINT_set_affine_coordinates_GF2m;
++ EC_POINT_set_affine_coords_GF2m;
++ BN_GF2m_mod_exp_arr;
++ STORE_ATTR_INFO_modify_number;
++ X509_keyid_get0;
++ ENGINE_load_gmp;
++ pitem_new;
++ BN_GF2m_mod_mul_arr;
++ STORE_list_public_key_endp;
++ o2i_ECPublicKey;
++ EC_KEY_copy;
++ BIO_dump_fp;
++ X509_policy_node_get0_parent;
++ EC_GROUP_check_discriminant;
++ i2o_ECPublicKey;
++ EC_KEY_precompute_mult;
++ a2i_IPADDRESS;
++ STORE_meth_set_initialise_fn;
++ STORE_method_set_initialise_function;
++ X509_STORE_CTX_set_depth;
++ X509_VERIFY_PARAM_inherit;
++ EC_POINT_point2bn;
++ STORE_ATTR_INFO_set_dn;
++ X509_policy_tree_get0_policies;
++ EC_GROUP_new_curve_GF2m;
++ STORE_destroy_method;
++ ENGINE_unregister_STORE;
++ EVP_PKEY_get1_EC_KEY;
++ STORE_ATTR_INFO_get0_number;
++ ENGINE_get_default_ECDH;
++ EC_KEY_get_conv_form;
++ ASN1_OCTET_STRING_NDEF_it;
++ STORE_delete_public_key;
++ STORE_get_public_key;
++ STORE_modify_arbitrary;
++ ENGINE_get_static_state;
++ pqueue_iterator;
++ ECDSA_SIG_new;
++ OPENSSL_DIR_end;
++ BN_GF2m_mod_sqr;
++ EC_POINT_bn2point;
++ X509_VERIFY_PARAM_set_depth;
++ EC_KEY_set_asn1_flag;
++ STORE_get_method;
++ EC_KEY_get_key_method_data;
++ ECDSA_sign_ex;
++ STORE_parse_attrs_end;
++ EC_GROUP_get_point_conversion_form;
++ EC_GROUP_get_point_conv_form;
++ STORE_method_set_store_function;
++ STORE_ATTR_INFO_in;
++ PEM_read_bio_ECPKParameters;
++ EC_GROUP_get_pentanomial_basis;
++ EVP_PKEY_add1_attr_by_txt;
++ BN_BLINDING_set_flags;
++ X509_VERIFY_PARAM_set1_policies;
++ X509_VERIFY_PARAM_set1_name;
++ X509_VERIFY_PARAM_set_purpose;
++ STORE_get_number;
++ ECDSA_sign_setup;
++ BN_GF2m_mod_solve_quad_arr;
++ EC_KEY_up_ref;
++ POLICY_MAPPING_free;
++ BN_GF2m_mod_div;
++ X509_VERIFY_PARAM_set_flags;
++ EC_KEY_free;
++ STORE_meth_set_list_next_fn;
++ STORE_method_set_list_next_function;
++ PEM_write_bio_ECPrivateKey;
++ d2i_EC_PUBKEY;
++ STORE_meth_get_generate_fn;
++ STORE_method_get_generate_function;
++ STORE_meth_set_list_end_fn;
++ STORE_method_set_list_end_function;
++ pqueue_print;
++ EC_GROUP_have_precompute_mult;
++ EC_KEY_print_fp;
++ BN_GF2m_mod_arr;
++ PEM_write_bio_X509_CERT_PAIR;
++ EVP_PKEY_cmp;
++ X509_policy_level_node_count;
++ STORE_new_engine;
++ STORE_list_public_key_start;
++ X509_VERIFY_PARAM_new;
++ ECDH_get_ex_data;
++ EVP_PKEY_get_attr;
++ ECDSA_do_sign;
++ ENGINE_unregister_ECDH;
++ ECDH_OpenSSL;
++ EC_KEY_set_conv_form;
++ EC_POINT_dup;
++ GENERAL_SUBTREE_new;
++ STORE_list_crl_endp;
++ EC_get_builtin_curves;
++ X509_policy_node_get0_qualifiers;
++ X509_pcy_node_get0_qualifiers;
++ STORE_list_crl_end;
++ EVP_PKEY_set1_EC_KEY;
++ BN_GF2m_mod_sqrt_arr;
++ i2d_ECPrivateKey_bio;
++ ECPKParameters_print_fp;
++ pqueue_find;
++ ECDSA_SIG_free;
++ PEM_write_bio_ECPKParameters;
++ STORE_method_set_ctrl_function;
++ STORE_list_public_key_end;
++ EC_KEY_set_private_key;
++ pqueue_peek;
++ STORE_get_arbitrary;
++ STORE_store_crl;
++ X509_policy_node_get0_policy;
++ PKCS12_add_safes;
++ BN_BLINDING_convert_ex;
++ X509_policy_tree_free;
++ OPENSSL_ia32cap_loc;
++ BN_GF2m_poly2arr;
++ STORE_ctrl;
++ STORE_ATTR_INFO_compare;
++ BN_get0_nist_prime_224;
++ i2d_ECParameters;
++ i2d_ECPKParameters;
++ BN_GENCB_call;
++ d2i_ECPKParameters;
++ STORE_meth_set_generate_fn;
++ STORE_method_set_generate_function;
++ ENGINE_set_ECDH;
++ NAME_CONSTRAINTS_new;
++ SHA256_Init;
++ EC_KEY_get0_public_key;
++ PEM_write_bio_EC_PUBKEY;
++ STORE_ATTR_INFO_set_cstr;
++ STORE_list_crl_next;
++ STORE_ATTR_INFO_in_range;
++ ECParameters_print;
++ STORE_meth_set_delete_fn;
++ STORE_method_set_delete_function;
++ STORE_list_certificate_next;
++ ASN1_generate_nconf;
++ BUF_memdup;
++ BN_GF2m_mod_mul;
++ STORE_meth_get_list_next_fn;
++ STORE_method_get_list_next_function;
++ STORE_ATTR_INFO_get0_dn;
++ STORE_list_private_key_next;
++ EC_GROUP_set_seed;
++ X509_VERIFY_PARAM_set_trust;
++ STORE_ATTR_INFO_free;
++ STORE_get_private_key;
++ EVP_PKEY_get_attr_count;
++ STORE_ATTR_INFO_new;
++ EC_GROUP_get_curve_GF2m;
++ STORE_meth_set_revoke_fn;
++ STORE_method_set_revoke_function;
++ STORE_store_number;
++ BN_is_prime_ex;
++ STORE_revoke_public_key;
++ X509_STORE_CTX_get0_param;
++ STORE_delete_arbitrary;
++ PEM_read_X509_CERT_PAIR;
++ X509_STORE_set_depth;
++ ECDSA_get_ex_data;
++ SHA224;
++ BIO_dump_indent_fp;
++ EC_KEY_set_group;
++ BUF_strndup;
++ STORE_list_certificate_start;
++ BN_GF2m_mod;
++ X509_REQ_check_private_key;
++ EC_GROUP_get_seed_len;
++ ERR_load_STORE_strings;
++ PEM_read_bio_EC_PUBKEY;
++ STORE_list_private_key_end;
++ i2d_EC_PUBKEY;
++ ECDSA_get_default_method;
++ ASN1_put_eoc;
++ X509_STORE_CTX_get_explicit_policy;
++ X509_STORE_CTX_get_expl_policy;
++ X509_VERIFY_PARAM_table_cleanup;
++ STORE_modify_private_key;
++ X509_VERIFY_PARAM_free;
++ EC_METHOD_get_field_type;
++ EC_GFp_nist_method;
++ STORE_meth_set_modify_fn;
++ STORE_method_set_modify_function;
++ STORE_parse_attrs_next;
++ ENGINE_load_padlock;
++ EC_GROUP_set_curve_name;
++ X509_CERT_PAIR_it;
++ STORE_meth_get_revoke_fn;
++ STORE_method_get_revoke_function;
++ STORE_method_set_get_function;
++ STORE_modify_number;
++ STORE_method_get_store_function;
++ STORE_store_private_key;
++ BN_GF2m_mod_sqr_arr;
++ RSA_setup_blinding;
++ BIO_s_datagram;
++ STORE_Memory;
++ sk_find_ex;
++ EC_GROUP_set_curve_GF2m;
++ ENGINE_set_default_ECDSA;
++ POLICY_CONSTRAINTS_new;
++ BN_GF2m_mod_sqrt;
++ ECDH_set_default_method;
++ EC_KEY_generate_key;
++ SHA384_Update;
++ BN_GF2m_arr2poly;
++ STORE_method_get_get_function;
++ STORE_meth_set_cleanup_fn;
++ STORE_method_set_cleanup_function;
++ EC_GROUP_check;
++ d2i_ECPrivateKey_bio;
++ EC_KEY_insert_key_method_data;
++ STORE_meth_get_lock_store_fn;
++ STORE_method_get_lock_store_function;
++ X509_VERIFY_PARAM_get_depth;
++ SHA224_Final;
++ STORE_meth_set_update_store_fn;
++ STORE_method_set_update_store_function;
++ SHA224_Update;
++ d2i_ECPrivateKey;
++ ASN1_item_ndef_i2d;
++ STORE_delete_private_key;
++ ERR_pop_to_mark;
++ ENGINE_register_all_STORE;
++ X509_policy_level_get0_node;
++ i2d_PKCS7_NDEF;
++ EC_GROUP_get_degree;
++ ASN1_generate_v3;
++ STORE_ATTR_INFO_modify_cstr;
++ X509_policy_tree_level_count;
++ BN_GF2m_add;
++ EC_KEY_get0_group;
++ STORE_generate_crl;
++ STORE_store_public_key;
++ X509_CERT_PAIR_free;
++ STORE_revoke_private_key;
++ BN_nist_mod_224;
++ SHA512_Final;
++ STORE_ATTR_INFO_modify_dn;
++ STORE_meth_get_initialise_fn;
++ STORE_method_get_initialise_function;
++ STORE_delete_number;
++ i2d_EC_PUBKEY_bio;
++ BIO_dgram_non_fatal_error;
++ EC_GROUP_get_asn1_flag;
++ STORE_ATTR_INFO_in_ex;
++ STORE_list_crl_start;
++ ECDH_get_ex_new_index;
++ STORE_meth_get_modify_fn;
++ STORE_method_get_modify_function;
++ v2i_ASN1_BIT_STRING;
++ STORE_store_certificate;
++ OBJ_bsearch_ex;
++ X509_STORE_CTX_set_default;
++ STORE_ATTR_INFO_set_sha1str;
++ BN_GF2m_mod_inv;
++ BN_GF2m_mod_exp;
++ STORE_modify_public_key;
++ STORE_meth_get_list_start_fn;
++ STORE_method_get_list_start_function;
++ EC_GROUP_get0_seed;
++ STORE_store_arbitrary;
++ STORE_meth_set_unlock_store_fn;
++ STORE_method_set_unlock_store_function;
++ BN_GF2m_mod_div_arr;
++ ENGINE_set_ECDSA;
++ STORE_create_method;
++ ECPKParameters_print;
++ EC_KEY_get0_private_key;
++ PEM_write_EC_PUBKEY;
++ X509_VERIFY_PARAM_set1;
++ ECDH_set_method;
++ v2i_GENERAL_NAME_ex;
++ ECDH_set_ex_data;
++ STORE_generate_key;
++ BN_nist_mod_521;
++ X509_policy_tree_get0_level;
++ EC_GROUP_set_point_conversion_form;
++ EC_GROUP_set_point_conv_form;
++ PEM_read_EC_PUBKEY;
++ i2d_ECDSA_SIG;
++ ECDSA_OpenSSL;
++ STORE_delete_crl;
++ EC_KEY_get_enc_flags;
++ ASN1_const_check_infinite_end;
++ EVP_PKEY_delete_attr;
++ ECDSA_set_default_method;
++ EC_POINT_set_compressed_coordinates_GF2m;
++ EC_POINT_set_compr_coords_GF2m;
++ EC_GROUP_cmp;
++ STORE_revoke_certificate;
++ BN_get0_nist_prime_256;
++ STORE_meth_get_delete_fn;
++ STORE_method_get_delete_function;
++ SHA224_Init;
++ PEM_read_ECPrivateKey;
++ SHA512_Init;
++ STORE_parse_attrs_endp;
++ BN_set_negative;
++ ERR_load_ECDSA_strings;
++ EC_GROUP_get_basis_type;
++ STORE_list_public_key_next;
++ i2v_ASN1_BIT_STRING;
++ STORE_OBJECT_free;
++ BN_nist_mod_384;
++ i2d_X509_CERT_PAIR;
++ PEM_write_ECPKParameters;
++ ECDH_compute_key;
++ STORE_ATTR_INFO_get0_sha1str;
++ ENGINE_register_all_ECDH;
++ pqueue_pop;
++ STORE_ATTR_INFO_get0_cstr;
++ POLICY_CONSTRAINTS_it;
++ STORE_get_ex_new_index;
++ EVP_PKEY_get_attr_by_OBJ;
++ X509_VERIFY_PARAM_add0_policy;
++ BN_GF2m_mod_solve_quad;
++ SHA256;
++ i2d_ECPrivateKey_fp;
++ X509_policy_tree_get0_user_policies;
++ X509_pcy_tree_get0_usr_policies;
++ OPENSSL_DIR_read;
++ ENGINE_register_all_ECDSA;
++ X509_VERIFY_PARAM_lookup;
++ EC_POINT_get_affine_coordinates_GF2m;
++ EC_POINT_get_affine_coords_GF2m;
++ EC_GROUP_dup;
++ ENGINE_get_default_ECDSA;
++ EC_KEY_new;
++ SHA256_Transform;
++ EC_KEY_set_enc_flags;
++ ECDSA_verify;
++ EC_POINT_point2hex;
++ ENGINE_get_STORE;
++ SHA512;
++ STORE_get_certificate;
++ ECDSA_do_sign_ex;
++ ECDSA_do_verify;
++ d2i_ECPrivateKey_fp;
++ STORE_delete_certificate;
++ SHA512_Transform;
++ X509_STORE_set1_param;
++ STORE_method_get_ctrl_function;
++ STORE_free;
++ PEM_write_ECPrivateKey;
++ STORE_meth_get_unlock_store_fn;
++ STORE_method_get_unlock_store_function;
++ STORE_get_ex_data;
++ EC_KEY_set_public_key;
++ PEM_read_ECPKParameters;
++ X509_CERT_PAIR_new;
++ ENGINE_register_STORE;
++ RSA_generate_key_ex;
++ DSA_generate_parameters_ex;
++ ECParameters_print_fp;
++ X509V3_NAME_from_section;
++ EVP_PKEY_add1_attr;
++ STORE_modify_crl;
++ STORE_list_private_key_start;
++ POLICY_MAPPINGS_it;
++ GENERAL_SUBTREE_it;
++ EC_GROUP_get_curve_name;
++ PEM_write_X509_CERT_PAIR;
++ BIO_dump_indent_cb;
++ d2i_X509_CERT_PAIR;
++ STORE_list_private_key_endp;
++ asn1_const_Finish;
++ i2d_EC_PUBKEY_fp;
++ BN_nist_mod_256;
++ X509_VERIFY_PARAM_add0_table;
++ pqueue_free;
++ BN_BLINDING_create_param;
++ ECDSA_size;
++ d2i_EC_PUBKEY_bio;
++ BN_get0_nist_prime_521;
++ STORE_ATTR_INFO_modify_sha1str;
++ BN_generate_prime_ex;
++ EC_GROUP_new_by_curve_name;
++ SHA256_Final;
++ DH_generate_parameters_ex;
++ PEM_read_bio_ECPrivateKey;
++ STORE_meth_get_cleanup_fn;
++ STORE_method_get_cleanup_function;
++ ENGINE_get_ECDH;
++ d2i_ECDSA_SIG;
++ BN_is_prime_fasttest_ex;
++ ECDSA_sign;
++ X509_policy_check;
++ EVP_PKEY_get_attr_by_NID;
++ STORE_set_ex_data;
++ ENGINE_get_ECDSA;
++ EVP_ecdsa;
++ BN_BLINDING_get_flags;
++ PKCS12_add_cert;
++ STORE_OBJECT_new;
++ ERR_load_ECDH_strings;
++ EC_KEY_dup;
++ EVP_CIPHER_CTX_rand_key;
++ ECDSA_set_method;
++ a2i_IPADDRESS_NC;
++ d2i_ECParameters;
++ STORE_list_certificate_end;
++ STORE_get_crl;
++ X509_POLICY_NODE_print;
++ SHA384_Init;
++ EC_GF2m_simple_method;
++ ECDSA_set_ex_data;
++ SHA384_Final;
++ PKCS7_set_digest;
++ EC_KEY_print;
++ STORE_meth_set_lock_store_fn;
++ STORE_method_set_lock_store_function;
++ ECDSA_get_ex_new_index;
++ SHA384;
++ POLICY_MAPPING_new;
++ STORE_list_certificate_endp;
++ X509_STORE_CTX_get0_policy_tree;
++ EC_GROUP_set_asn1_flag;
++ EC_KEY_check_key;
++ d2i_EC_PUBKEY_fp;
++ PKCS7_set0_type_other;
++ PEM_read_bio_X509_CERT_PAIR;
++ pqueue_next;
++ STORE_meth_get_list_end_fn;
++ STORE_method_get_list_end_function;
++ EVP_PKEY_add1_attr_by_OBJ;
++ X509_VERIFY_PARAM_set_time;
++ pqueue_new;
++ ENGINE_set_default_ECDH;
++ STORE_new_method;
++ PKCS12_add_key;
++ DSO_merge;
++ EC_POINT_hex2point;
++ BIO_dump_cb;
++ SHA256_Update;
++ pqueue_insert;
++ pitem_free;
++ BN_GF2m_mod_inv_arr;
++ ENGINE_unregister_ECDSA;
++ BN_BLINDING_set_thread_id;
++ get_rfc3526_prime_8192;
++ X509_VERIFY_PARAM_clear_flags;
++ get_rfc2409_prime_1024;
++ DH_check_pub_key;
++ get_rfc3526_prime_2048;
++ get_rfc3526_prime_6144;
++ get_rfc3526_prime_1536;
++ get_rfc3526_prime_3072;
++ get_rfc3526_prime_4096;
++ get_rfc2409_prime_768;
++ X509_VERIFY_PARAM_get_flags;
++ EVP_CIPHER_CTX_new;
++ EVP_CIPHER_CTX_free;
++ Camellia_cbc_encrypt;
++ Camellia_cfb128_encrypt;
++ Camellia_cfb1_encrypt;
++ Camellia_cfb8_encrypt;
++ Camellia_ctr128_encrypt;
++ Camellia_cfbr_encrypt_block;
++ Camellia_decrypt;
++ Camellia_ecb_encrypt;
++ Camellia_encrypt;
++ Camellia_ofb128_encrypt;
++ Camellia_set_key;
++ EVP_camellia_128_cbc;
++ EVP_camellia_128_cfb128;
++ EVP_camellia_128_cfb1;
++ EVP_camellia_128_cfb8;
++ EVP_camellia_128_ecb;
++ EVP_camellia_128_ofb;
++ EVP_camellia_192_cbc;
++ EVP_camellia_192_cfb128;
++ EVP_camellia_192_cfb1;
++ EVP_camellia_192_cfb8;
++ EVP_camellia_192_ecb;
++ EVP_camellia_192_ofb;
++ EVP_camellia_256_cbc;
++ EVP_camellia_256_cfb128;
++ EVP_camellia_256_cfb1;
++ EVP_camellia_256_cfb8;
++ EVP_camellia_256_ecb;
++ EVP_camellia_256_ofb;
++ a2i_ipadd;
++ ASIdentifiers_free;
++ i2d_ASIdOrRange;
++ EVP_CIPHER_block_size;
++ v3_asid_is_canonical;
++ IPAddressChoice_free;
++ EVP_CIPHER_CTX_set_app_data;
++ BIO_set_callback_arg;
++ v3_addr_add_prefix;
++ IPAddressOrRange_it;
++ BIO_set_flags;
++ ASIdentifiers_it;
++ v3_addr_get_range;
++ BIO_method_type;
++ v3_addr_inherits;
++ IPAddressChoice_it;
++ AES_ige_encrypt;
++ v3_addr_add_range;
++ EVP_CIPHER_CTX_nid;
++ d2i_ASRange;
++ v3_addr_add_inherit;
++ v3_asid_add_id_or_range;
++ v3_addr_validate_resource_set;
++ EVP_CIPHER_iv_length;
++ EVP_MD_type;
++ v3_asid_canonize;
++ IPAddressRange_free;
++ v3_asid_add_inherit;
++ EVP_CIPHER_CTX_key_length;
++ IPAddressRange_new;
++ ASIdOrRange_new;
++ EVP_MD_size;
++ EVP_MD_CTX_test_flags;
++ BIO_clear_flags;
++ i2d_ASRange;
++ IPAddressRange_it;
++ IPAddressChoice_new;
++ ASIdentifierChoice_new;
++ ASRange_free;
++ EVP_MD_pkey_type;
++ EVP_MD_CTX_clear_flags;
++ IPAddressFamily_free;
++ i2d_IPAddressFamily;
++ IPAddressOrRange_new;
++ EVP_CIPHER_flags;
++ v3_asid_validate_resource_set;
++ d2i_IPAddressRange;
++ AES_bi_ige_encrypt;
++ BIO_get_callback;
++ IPAddressOrRange_free;
++ v3_addr_subset;
++ d2i_IPAddressFamily;
++ v3_asid_subset;
++ BIO_test_flags;
++ i2d_ASIdentifierChoice;
++ ASRange_it;
++ d2i_ASIdentifiers;
++ ASRange_new;
++ d2i_IPAddressChoice;
++ v3_addr_get_afi;
++ EVP_CIPHER_key_length;
++ EVP_Cipher;
++ i2d_IPAddressOrRange;
++ ASIdOrRange_it;
++ EVP_CIPHER_nid;
++ i2d_IPAddressChoice;
++ EVP_CIPHER_CTX_block_size;
++ ASIdentifiers_new;
++ v3_addr_validate_path;
++ IPAddressFamily_new;
++ EVP_MD_CTX_set_flags;
++ v3_addr_is_canonical;
++ i2d_IPAddressRange;
++ IPAddressFamily_it;
++ v3_asid_inherits;
++ EVP_CIPHER_CTX_cipher;
++ EVP_CIPHER_CTX_get_app_data;
++ EVP_MD_block_size;
++ EVP_CIPHER_CTX_flags;
++ v3_asid_validate_path;
++ d2i_IPAddressOrRange;
++ v3_addr_canonize;
++ ASIdentifierChoice_it;
++ EVP_MD_CTX_md;
++ d2i_ASIdentifierChoice;
++ BIO_method_name;
++ EVP_CIPHER_CTX_iv_length;
++ ASIdOrRange_free;
++ ASIdentifierChoice_free;
++ BIO_get_callback_arg;
++ BIO_set_callback;
++ d2i_ASIdOrRange;
++ i2d_ASIdentifiers;
++ SEED_decrypt;
++ SEED_encrypt;
++ SEED_cbc_encrypt;
++ EVP_seed_ofb;
++ SEED_cfb128_encrypt;
++ SEED_ofb128_encrypt;
++ EVP_seed_cbc;
++ SEED_ecb_encrypt;
++ EVP_seed_ecb;
++ SEED_set_key;
++ EVP_seed_cfb128;
++ X509_EXTENSIONS_it;
++ X509_get1_ocsp;
++ OCSP_REQ_CTX_free;
++ i2d_X509_EXTENSIONS;
++ OCSP_sendreq_nbio;
++ OCSP_sendreq_new;
++ d2i_X509_EXTENSIONS;
++ X509_ALGORS_it;
++ X509_ALGOR_get0;
++ X509_ALGOR_set0;
++ AES_unwrap_key;
++ AES_wrap_key;
++ X509at_get0_data_by_OBJ;
++ ASN1_TYPE_set1;
++ ASN1_STRING_set0;
++ i2d_X509_ALGORS;
++ BIO_f_zlib;
++ COMP_zlib_cleanup;
++ d2i_X509_ALGORS;
++ CMS_ReceiptRequest_free;
++ PEM_write_CMS;
++ CMS_add0_CertificateChoices;
++ CMS_unsigned_add1_attr_by_OBJ;
++ ERR_load_CMS_strings;
++ CMS_sign_receipt;
++ i2d_CMS_ContentInfo;
++ CMS_signed_delete_attr;
++ d2i_CMS_bio;
++ CMS_unsigned_get_attr_by_NID;
++ CMS_verify;
++ SMIME_read_CMS;
++ CMS_decrypt_set1_key;
++ CMS_SignerInfo_get0_algs;
++ CMS_add1_cert;
++ CMS_set_detached;
++ CMS_encrypt;
++ CMS_EnvelopedData_create;
++ CMS_uncompress;
++ CMS_add0_crl;
++ CMS_SignerInfo_verify_content;
++ CMS_unsigned_get0_data_by_OBJ;
++ PEM_write_bio_CMS;
++ CMS_unsigned_get_attr;
++ CMS_RecipientInfo_ktri_cert_cmp;
++ CMS_RecipientInfo_ktri_get0_algs;
++ CMS_RecipInfo_ktri_get0_algs;
++ CMS_ContentInfo_free;
++ CMS_final;
++ CMS_add_simple_smimecap;
++ CMS_SignerInfo_verify;
++ CMS_data;
++ CMS_ContentInfo_it;
++ d2i_CMS_ReceiptRequest;
++ CMS_compress;
++ CMS_digest_create;
++ CMS_SignerInfo_cert_cmp;
++ CMS_SignerInfo_sign;
++ CMS_data_create;
++ i2d_CMS_bio;
++ CMS_EncryptedData_set1_key;
++ CMS_decrypt;
++ int_smime_write_ASN1;
++ CMS_unsigned_delete_attr;
++ CMS_unsigned_get_attr_count;
++ CMS_add_smimecap;
++ PEM_read_CMS;
++ CMS_signed_get_attr_by_OBJ;
++ d2i_CMS_ContentInfo;
++ CMS_add_standard_smimecap;
++ CMS_ContentInfo_new;
++ CMS_RecipientInfo_type;
++ CMS_get0_type;
++ CMS_is_detached;
++ CMS_sign;
++ CMS_signed_add1_attr;
++ CMS_unsigned_get_attr_by_OBJ;
++ SMIME_write_CMS;
++ CMS_EncryptedData_decrypt;
++ CMS_get0_RecipientInfos;
++ CMS_add0_RevocationInfoChoice;
++ CMS_decrypt_set1_pkey;
++ CMS_SignerInfo_set1_signer_cert;
++ CMS_get0_signers;
++ CMS_ReceiptRequest_get0_values;
++ CMS_signed_get0_data_by_OBJ;
++ CMS_get0_SignerInfos;
++ CMS_add0_cert;
++ CMS_EncryptedData_encrypt;
++ CMS_digest_verify;
++ CMS_set1_signers_certs;
++ CMS_signed_get_attr;
++ CMS_RecipientInfo_set0_key;
++ CMS_SignedData_init;
++ CMS_RecipientInfo_kekri_get0_id;
++ CMS_verify_receipt;
++ CMS_ReceiptRequest_it;
++ PEM_read_bio_CMS;
++ CMS_get1_crls;
++ CMS_add0_recipient_key;
++ SMIME_read_ASN1;
++ CMS_ReceiptRequest_new;
++ CMS_get0_content;
++ CMS_get1_ReceiptRequest;
++ CMS_signed_add1_attr_by_OBJ;
++ CMS_RecipientInfo_kekri_id_cmp;
++ CMS_add1_ReceiptRequest;
++ CMS_SignerInfo_get0_signer_id;
++ CMS_unsigned_add1_attr_by_NID;
++ CMS_unsigned_add1_attr;
++ CMS_signed_get_attr_by_NID;
++ CMS_get1_certs;
++ CMS_signed_add1_attr_by_NID;
++ CMS_unsigned_add1_attr_by_txt;
++ CMS_dataFinal;
++ CMS_RecipientInfo_ktri_get0_signer_id;
++ CMS_RecipInfo_ktri_get0_sigr_id;
++ i2d_CMS_ReceiptRequest;
++ CMS_add1_recipient_cert;
++ CMS_dataInit;
++ CMS_signed_add1_attr_by_txt;
++ CMS_RecipientInfo_decrypt;
++ CMS_signed_get_attr_count;
++ CMS_get0_eContentType;
++ CMS_set1_eContentType;
++ CMS_ReceiptRequest_create0;
++ CMS_add1_signer;
++ CMS_RecipientInfo_set0_pkey;
++ ENGINE_set_load_ssl_client_cert_function;
++ ENGINE_set_ld_ssl_clnt_cert_fn;
++ ENGINE_get_ssl_client_cert_function;
++ ENGINE_get_ssl_client_cert_fn;
++ ENGINE_load_ssl_client_cert;
++ ENGINE_load_capi;
++ OPENSSL_isservice;
++ FIPS_dsa_sig_decode;
++ EVP_CIPHER_CTX_clear_flags;
++ FIPS_rand_status;
++ FIPS_rand_set_key;
++ CRYPTO_set_mem_info_functions;
++ RSA_X931_generate_key_ex;
++ int_ERR_set_state_func;
++ int_EVP_MD_set_engine_callbacks;
++ int_CRYPTO_set_do_dynlock_callback;
++ FIPS_rng_stick;
++ EVP_CIPHER_CTX_set_flags;
++ BN_X931_generate_prime_ex;
++ FIPS_selftest_check;
++ FIPS_rand_set_dt;
++ CRYPTO_dbg_pop_info;
++ FIPS_dsa_free;
++ RSA_X931_derive_ex;
++ FIPS_rsa_new;
++ FIPS_rand_bytes;
++ fips_cipher_test;
++ EVP_CIPHER_CTX_test_flags;
++ CRYPTO_malloc_debug_init;
++ CRYPTO_dbg_push_info;
++ FIPS_corrupt_rsa_keygen;
++ FIPS_dh_new;
++ FIPS_corrupt_dsa_keygen;
++ FIPS_dh_free;
++ fips_pkey_signature_test;
++ EVP_add_alg_module;
++ int_RAND_init_engine_callbacks;
++ int_EVP_CIPHER_set_engine_callbacks;
++ int_EVP_MD_init_engine_callbacks;
++ FIPS_rand_test_mode;
++ FIPS_rand_reset;
++ FIPS_dsa_new;
++ int_RAND_set_callbacks;
++ BN_X931_derive_prime_ex;
++ int_ERR_lib_init;
++ int_EVP_CIPHER_init_engine_callbacks;
++ FIPS_rsa_free;
++ FIPS_dsa_sig_encode;
++ CRYPTO_dbg_remove_all_info;
++ OPENSSL_init;
++ CRYPTO_strdup;
++ JPAKE_STEP3A_process;
++ JPAKE_STEP1_release;
++ JPAKE_get_shared_key;
++ JPAKE_STEP3B_init;
++ JPAKE_STEP1_generate;
++ JPAKE_STEP1_init;
++ JPAKE_STEP3B_process;
++ JPAKE_STEP2_generate;
++ JPAKE_CTX_new;
++ JPAKE_CTX_free;
++ JPAKE_STEP3B_release;
++ JPAKE_STEP3A_release;
++ JPAKE_STEP2_process;
++ JPAKE_STEP3B_generate;
++ JPAKE_STEP1_process;
++ JPAKE_STEP3A_generate;
++ JPAKE_STEP2_release;
++ JPAKE_STEP3A_init;
++ ERR_load_JPAKE_strings;
++ JPAKE_STEP2_init;
++ pqueue_size;
++ i2d_TS_ACCURACY;
++ i2d_TS_MSG_IMPRINT_fp;
++ i2d_TS_MSG_IMPRINT;
++ EVP_PKEY_print_public;
++ EVP_PKEY_CTX_new;
++ i2d_TS_TST_INFO;
++ EVP_PKEY_asn1_find;
++ DSO_METHOD_beos;
++ TS_CONF_load_cert;
++ TS_REQ_get_ext;
++ EVP_PKEY_sign_init;
++ ASN1_item_print;
++ TS_TST_INFO_set_nonce;
++ TS_RESP_dup;
++ ENGINE_register_pkey_meths;
++ EVP_PKEY_asn1_add0;
++ PKCS7_add0_attrib_signing_time;
++ i2d_TS_TST_INFO_fp;
++ BIO_asn1_get_prefix;
++ TS_TST_INFO_set_time;
++ EVP_PKEY_meth_set_decrypt;
++ EVP_PKEY_set_type_str;
++ EVP_PKEY_CTX_get_keygen_info;
++ TS_REQ_set_policy_id;
++ d2i_TS_RESP_fp;
++ ENGINE_get_pkey_asn1_meth_engine;
++ ENGINE_get_pkey_asn1_meth_eng;
++ WHIRLPOOL_Init;
++ TS_RESP_set_status_info;
++ EVP_PKEY_keygen;
++ EVP_DigestSignInit;
++ TS_ACCURACY_set_millis;
++ TS_REQ_dup;
++ GENERAL_NAME_dup;
++ ASN1_SEQUENCE_ANY_it;
++ WHIRLPOOL;
++ X509_STORE_get1_crls;
++ ENGINE_get_pkey_asn1_meth;
++ EVP_PKEY_asn1_new;
++ BIO_new_NDEF;
++ ENGINE_get_pkey_meth;
++ TS_MSG_IMPRINT_set_algo;
++ i2d_TS_TST_INFO_bio;
++ TS_TST_INFO_set_ordering;
++ TS_TST_INFO_get_ext_by_OBJ;
++ CRYPTO_THREADID_set_pointer;
++ TS_CONF_get_tsa_section;
++ SMIME_write_ASN1;
++ TS_RESP_CTX_set_signer_key;
++ EVP_PKEY_encrypt_old;
++ EVP_PKEY_encrypt_init;
++ CRYPTO_THREADID_cpy;
++ ASN1_PCTX_get_cert_flags;
++ i2d_ESS_SIGNING_CERT;
++ TS_CONF_load_key;
++ i2d_ASN1_SEQUENCE_ANY;
++ d2i_TS_MSG_IMPRINT_bio;
++ EVP_PKEY_asn1_set_public;
++ b2i_PublicKey_bio;
++ BIO_asn1_set_prefix;
++ EVP_PKEY_new_mac_key;
++ BIO_new_CMS;
++ CRYPTO_THREADID_cmp;
++ TS_REQ_ext_free;
++ EVP_PKEY_asn1_set_free;
++ EVP_PKEY_get0_asn1;
++ d2i_NETSCAPE_X509;
++ EVP_PKEY_verify_recover_init;
++ EVP_PKEY_CTX_set_data;
++ EVP_PKEY_keygen_init;
++ TS_RESP_CTX_set_status_info;
++ TS_MSG_IMPRINT_get_algo;
++ TS_REQ_print_bio;
++ EVP_PKEY_CTX_ctrl_str;
++ EVP_PKEY_get_default_digest_nid;
++ PEM_write_bio_PKCS7_stream;
++ TS_MSG_IMPRINT_print_bio;
++ BN_asc2bn;
++ TS_REQ_get_policy_id;
++ ENGINE_set_default_pkey_asn1_meths;
++ ENGINE_set_def_pkey_asn1_meths;
++ d2i_TS_ACCURACY;
++ DSO_global_lookup;
++ TS_CONF_set_tsa_name;
++ i2d_ASN1_SET_ANY;
++ ENGINE_load_gost;
++ WHIRLPOOL_BitUpdate;
++ ASN1_PCTX_get_flags;
++ TS_TST_INFO_get_ext_by_NID;
++ TS_RESP_new;
++ ESS_CERT_ID_dup;
++ TS_STATUS_INFO_dup;
++ TS_REQ_delete_ext;
++ EVP_DigestVerifyFinal;
++ EVP_PKEY_print_params;
++ i2d_CMS_bio_stream;
++ TS_REQ_get_msg_imprint;
++ OBJ_find_sigid_by_algs;
++ TS_TST_INFO_get_serial;
++ TS_REQ_get_nonce;
++ X509_PUBKEY_set0_param;
++ EVP_PKEY_CTX_set0_keygen_info;
++ DIST_POINT_set_dpname;
++ i2d_ISSUING_DIST_POINT;
++ ASN1_SET_ANY_it;
++ EVP_PKEY_CTX_get_data;
++ TS_STATUS_INFO_print_bio;
++ EVP_PKEY_derive_init;
++ d2i_TS_TST_INFO;
++ EVP_PKEY_asn1_add_alias;
++ d2i_TS_RESP_bio;
++ OTHERNAME_cmp;
++ GENERAL_NAME_set0_value;
++ PKCS7_RECIP_INFO_get0_alg;
++ TS_RESP_CTX_new;
++ TS_RESP_set_tst_info;
++ PKCS7_final;
++ EVP_PKEY_base_id;
++ TS_RESP_CTX_set_signer_cert;
++ TS_REQ_set_msg_imprint;
++ EVP_PKEY_CTX_ctrl;
++ TS_CONF_set_digests;
++ d2i_TS_MSG_IMPRINT;
++ EVP_PKEY_meth_set_ctrl;
++ TS_REQ_get_ext_by_NID;
++ PKCS5_pbe_set0_algor;
++ BN_BLINDING_thread_id;
++ TS_ACCURACY_new;
++ X509_CRL_METHOD_free;
++ ASN1_PCTX_get_nm_flags;
++ EVP_PKEY_meth_set_sign;
++ CRYPTO_THREADID_current;
++ EVP_PKEY_decrypt_init;
++ NETSCAPE_X509_free;
++ i2b_PVK_bio;
++ EVP_PKEY_print_private;
++ GENERAL_NAME_get0_value;
++ b2i_PVK_bio;
++ ASN1_UTCTIME_adj;
++ TS_TST_INFO_new;
++ EVP_MD_do_all_sorted;
++ TS_CONF_set_default_engine;
++ TS_ACCURACY_set_seconds;
++ TS_TST_INFO_get_time;
++ PKCS8_pkey_get0;
++ EVP_PKEY_asn1_get0;
++ OBJ_add_sigid;
++ PKCS7_SIGNER_INFO_sign;
++ EVP_PKEY_paramgen_init;
++ EVP_PKEY_sign;
++ OBJ_sigid_free;
++ EVP_PKEY_meth_set_init;
++ d2i_ESS_ISSUER_SERIAL;
++ ISSUING_DIST_POINT_new;
++ ASN1_TIME_adj;
++ TS_OBJ_print_bio;
++ EVP_PKEY_meth_set_verify_recover;
++ EVP_PKEY_meth_set_vrfy_recover;
++ TS_RESP_get_status_info;
++ CMS_stream;
++ EVP_PKEY_CTX_set_cb;
++ PKCS7_to_TS_TST_INFO;
++ ASN1_PCTX_get_oid_flags;
++ TS_TST_INFO_add_ext;
++ EVP_PKEY_meth_set_derive;
++ i2d_TS_RESP_fp;
++ i2d_TS_MSG_IMPRINT_bio;
++ TS_RESP_CTX_set_accuracy;
++ TS_REQ_set_nonce;
++ ESS_CERT_ID_new;
++ ENGINE_pkey_asn1_find_str;
++ TS_REQ_get_ext_count;
++ BUF_reverse;
++ TS_TST_INFO_print_bio;
++ d2i_ISSUING_DIST_POINT;
++ ENGINE_get_pkey_meths;
++ i2b_PrivateKey_bio;
++ i2d_TS_RESP;
++ b2i_PublicKey;
++ TS_VERIFY_CTX_cleanup;
++ TS_STATUS_INFO_free;
++ TS_RESP_verify_token;
++ OBJ_bsearch_ex_;
++ ASN1_bn_print;
++ EVP_PKEY_asn1_get_count;
++ ENGINE_register_pkey_asn1_meths;
++ ASN1_PCTX_set_nm_flags;
++ EVP_DigestVerifyInit;
++ ENGINE_set_default_pkey_meths;
++ TS_TST_INFO_get_policy_id;
++ TS_REQ_get_cert_req;
++ X509_CRL_set_meth_data;
++ PKCS8_pkey_set0;
++ ASN1_STRING_copy;
++ d2i_TS_TST_INFO_fp;
++ X509_CRL_match;
++ EVP_PKEY_asn1_set_private;
++ TS_TST_INFO_get_ext_d2i;
++ TS_RESP_CTX_add_policy;
++ d2i_TS_RESP;
++ TS_CONF_load_certs;
++ TS_TST_INFO_get_msg_imprint;
++ ERR_load_TS_strings;
++ TS_TST_INFO_get_version;
++ EVP_PKEY_CTX_dup;
++ EVP_PKEY_meth_set_verify;
++ i2b_PublicKey_bio;
++ TS_CONF_set_certs;
++ EVP_PKEY_asn1_get0_info;
++ TS_VERIFY_CTX_free;
++ TS_REQ_get_ext_by_critical;
++ TS_RESP_CTX_set_serial_cb;
++ X509_CRL_get_meth_data;
++ TS_RESP_CTX_set_time_cb;
++ TS_MSG_IMPRINT_get_msg;
++ TS_TST_INFO_ext_free;
++ TS_REQ_get_version;
++ TS_REQ_add_ext;
++ EVP_PKEY_CTX_set_app_data;
++ OBJ_bsearch_;
++ EVP_PKEY_meth_set_verifyctx;
++ i2d_PKCS7_bio_stream;
++ CRYPTO_THREADID_set_numeric;
++ PKCS7_sign_add_signer;
++ d2i_TS_TST_INFO_bio;
++ TS_TST_INFO_get_ordering;
++ TS_RESP_print_bio;
++ TS_TST_INFO_get_exts;
++ HMAC_CTX_copy;
++ PKCS5_pbe2_set_iv;
++ ENGINE_get_pkey_asn1_meths;
++ b2i_PrivateKey;
++ EVP_PKEY_CTX_get_app_data;
++ TS_REQ_set_cert_req;
++ CRYPTO_THREADID_set_callback;
++ TS_CONF_set_serial;
++ TS_TST_INFO_free;
++ d2i_TS_REQ_fp;
++ TS_RESP_verify_response;
++ i2d_ESS_ISSUER_SERIAL;
++ TS_ACCURACY_get_seconds;
++ EVP_CIPHER_do_all;
++ b2i_PrivateKey_bio;
++ OCSP_CERTID_dup;
++ X509_PUBKEY_get0_param;
++ TS_MSG_IMPRINT_dup;
++ PKCS7_print_ctx;
++ i2d_TS_REQ_bio;
++ EVP_whirlpool;
++ EVP_PKEY_asn1_set_param;
++ EVP_PKEY_meth_set_encrypt;
++ ASN1_PCTX_set_flags;
++ i2d_ESS_CERT_ID;
++ TS_VERIFY_CTX_new;
++ TS_RESP_CTX_set_extension_cb;
++ ENGINE_register_all_pkey_meths;
++ TS_RESP_CTX_set_status_info_cond;
++ TS_RESP_CTX_set_stat_info_cond;
++ EVP_PKEY_verify;
++ WHIRLPOOL_Final;
++ X509_CRL_METHOD_new;
++ EVP_DigestSignFinal;
++ TS_RESP_CTX_set_def_policy;
++ NETSCAPE_X509_it;
++ TS_RESP_create_response;
++ PKCS7_SIGNER_INFO_get0_algs;
++ TS_TST_INFO_get_nonce;
++ EVP_PKEY_decrypt_old;
++ TS_TST_INFO_set_policy_id;
++ TS_CONF_set_ess_cert_id_chain;
++ EVP_PKEY_CTX_get0_pkey;
++ d2i_TS_REQ;
++ EVP_PKEY_asn1_find_str;
++ BIO_f_asn1;
++ ESS_SIGNING_CERT_new;
++ EVP_PBE_find;
++ X509_CRL_get0_by_cert;
++ EVP_PKEY_derive;
++ i2d_TS_REQ;
++ TS_TST_INFO_delete_ext;
++ ESS_ISSUER_SERIAL_free;
++ ASN1_PCTX_set_str_flags;
++ ENGINE_get_pkey_asn1_meth_str;
++ TS_CONF_set_signer_key;
++ TS_ACCURACY_get_millis;
++ TS_RESP_get_token;
++ TS_ACCURACY_dup;
++ ENGINE_register_all_pkey_asn1_meths;
++ ENGINE_reg_all_pkey_asn1_meths;
++ X509_CRL_set_default_method;
++ CRYPTO_THREADID_hash;
++ CMS_ContentInfo_print_ctx;
++ TS_RESP_free;
++ ISSUING_DIST_POINT_free;
++ ESS_ISSUER_SERIAL_new;
++ CMS_add1_crl;
++ PKCS7_add1_attrib_digest;
++ TS_RESP_CTX_add_md;
++ TS_TST_INFO_dup;
++ ENGINE_set_pkey_asn1_meths;
++ PEM_write_bio_Parameters;
++ TS_TST_INFO_get_accuracy;
++ X509_CRL_get0_by_serial;
++ TS_TST_INFO_set_version;
++ TS_RESP_CTX_get_tst_info;
++ TS_RESP_verify_signature;
++ CRYPTO_THREADID_get_callback;
++ TS_TST_INFO_get_tsa;
++ TS_STATUS_INFO_new;
++ EVP_PKEY_CTX_get_cb;
++ TS_REQ_get_ext_d2i;
++ GENERAL_NAME_set0_othername;
++ TS_TST_INFO_get_ext_count;
++ TS_RESP_CTX_get_request;
++ i2d_NETSCAPE_X509;
++ ENGINE_get_pkey_meth_engine;
++ EVP_PKEY_meth_set_signctx;
++ EVP_PKEY_asn1_copy;
++ ASN1_TYPE_cmp;
++ EVP_CIPHER_do_all_sorted;
++ EVP_PKEY_CTX_free;
++ ISSUING_DIST_POINT_it;
++ d2i_TS_MSG_IMPRINT_fp;
++ X509_STORE_get1_certs;
++ EVP_PKEY_CTX_get_operation;
++ d2i_ESS_SIGNING_CERT;
++ TS_CONF_set_ordering;
++ EVP_PBE_alg_add_type;
++ TS_REQ_set_version;
++ EVP_PKEY_get0;
++ BIO_asn1_set_suffix;
++ i2d_TS_STATUS_INFO;
++ EVP_MD_do_all;
++ TS_TST_INFO_set_accuracy;
++ PKCS7_add_attrib_content_type;
++ ERR_remove_thread_state;
++ EVP_PKEY_meth_add0;
++ TS_TST_INFO_set_tsa;
++ EVP_PKEY_meth_new;
++ WHIRLPOOL_Update;
++ TS_CONF_set_accuracy;
++ ASN1_PCTX_set_oid_flags;
++ ESS_SIGNING_CERT_dup;
++ d2i_TS_REQ_bio;
++ X509_time_adj_ex;
++ TS_RESP_CTX_add_flags;
++ d2i_TS_STATUS_INFO;
++ TS_MSG_IMPRINT_set_msg;
++ BIO_asn1_get_suffix;
++ TS_REQ_free;
++ EVP_PKEY_meth_free;
++ TS_REQ_get_exts;
++ TS_RESP_CTX_set_clock_precision_digits;
++ TS_RESP_CTX_set_clk_prec_digits;
++ TS_RESP_CTX_add_failure_info;
++ i2d_TS_RESP_bio;
++ EVP_PKEY_CTX_get0_peerkey;
++ PEM_write_bio_CMS_stream;
++ TS_REQ_new;
++ TS_MSG_IMPRINT_new;
++ EVP_PKEY_meth_find;
++ EVP_PKEY_id;
++ TS_TST_INFO_set_serial;
++ a2i_GENERAL_NAME;
++ TS_CONF_set_crypto_device;
++ EVP_PKEY_verify_init;
++ TS_CONF_set_policies;
++ ASN1_PCTX_new;
++ ESS_CERT_ID_free;
++ ENGINE_unregister_pkey_meths;
++ TS_MSG_IMPRINT_free;
++ TS_VERIFY_CTX_init;
++ PKCS7_stream;
++ TS_RESP_CTX_set_certs;
++ TS_CONF_set_def_policy;
++ ASN1_GENERALIZEDTIME_adj;
++ NETSCAPE_X509_new;
++ TS_ACCURACY_free;
++ TS_RESP_get_tst_info;
++ EVP_PKEY_derive_set_peer;
++ PEM_read_bio_Parameters;
++ TS_CONF_set_clock_precision_digits;
++ TS_CONF_set_clk_prec_digits;
++ ESS_ISSUER_SERIAL_dup;
++ TS_ACCURACY_get_micros;
++ ASN1_PCTX_get_str_flags;
++ NAME_CONSTRAINTS_check;
++ ASN1_BIT_STRING_check;
++ X509_check_akid;
++ ENGINE_unregister_pkey_asn1_meths;
++ ENGINE_unreg_pkey_asn1_meths;
++ ASN1_PCTX_free;
++ PEM_write_bio_ASN1_stream;
++ i2d_ASN1_bio_stream;
++ TS_X509_ALGOR_print_bio;
++ EVP_PKEY_meth_set_cleanup;
++ EVP_PKEY_asn1_free;
++ ESS_SIGNING_CERT_free;
++ TS_TST_INFO_set_msg_imprint;
++ GENERAL_NAME_cmp;
++ d2i_ASN1_SET_ANY;
++ ENGINE_set_pkey_meths;
++ i2d_TS_REQ_fp;
++ d2i_ASN1_SEQUENCE_ANY;
++ GENERAL_NAME_get0_otherName;
++ d2i_ESS_CERT_ID;
++ OBJ_find_sigid_algs;
++ EVP_PKEY_meth_set_keygen;
++ PKCS5_PBKDF2_HMAC;
++ EVP_PKEY_paramgen;
++ EVP_PKEY_meth_set_paramgen;
++ BIO_new_PKCS7;
++ EVP_PKEY_verify_recover;
++ TS_ext_print_bio;
++ TS_ASN1_INTEGER_print_bio;
++ check_defer;
++ DSO_pathbyaddr;
++ EVP_PKEY_set_type;
++ TS_ACCURACY_set_micros;
++ TS_REQ_to_TS_VERIFY_CTX;
++ EVP_PKEY_meth_set_copy;
++ ASN1_PCTX_set_cert_flags;
++ TS_TST_INFO_get_ext;
++ EVP_PKEY_asn1_set_ctrl;
++ TS_TST_INFO_get_ext_by_critical;
++ EVP_PKEY_CTX_new_id;
++ TS_REQ_get_ext_by_OBJ;
++ TS_CONF_set_signer_cert;
++ X509_NAME_hash_old;
++ ASN1_TIME_set_string;
++ EVP_MD_flags;
++ TS_RESP_CTX_free;
++ DSAparams_dup;
++ DHparams_dup;
++ OCSP_REQ_CTX_add1_header;
++ OCSP_REQ_CTX_set1_req;
++ X509_STORE_set_verify_cb;
++ X509_STORE_CTX_get0_current_crl;
++ X509_STORE_CTX_get0_parent_ctx;
++ X509_STORE_CTX_get0_current_issuer;
++ X509_STORE_CTX_get0_cur_issuer;
++ X509_issuer_name_hash_old;
++ X509_subject_name_hash_old;
++ EVP_CIPHER_CTX_copy;
++ UI_method_get_prompt_constructor;
++ UI_method_get_prompt_constructr;
++ UI_method_set_prompt_constructor;
++ UI_method_set_prompt_constructr;
++ EVP_read_pw_string_min;
++ CRYPTO_cts128_encrypt;
++ CRYPTO_cts128_decrypt_block;
++ CRYPTO_cfb128_1_encrypt;
++ CRYPTO_cbc128_encrypt;
++ CRYPTO_ctr128_encrypt;
++ CRYPTO_ofb128_encrypt;
++ CRYPTO_cts128_decrypt;
++ CRYPTO_cts128_encrypt_block;
++ CRYPTO_cbc128_decrypt;
++ CRYPTO_cfb128_encrypt;
++ CRYPTO_cfb128_8_encrypt;
++ SSL_renegotiate_abbreviated;
++ TLSv1_1_method;
++ TLSv1_1_client_method;
++ TLSv1_1_server_method;
++ SSL_CTX_set_srp_client_pwd_callback;
++ SSL_CTX_set_srp_client_pwd_cb;
++ SSL_get_srp_g;
++ SSL_CTX_set_srp_username_callback;
++ SSL_CTX_set_srp_un_cb;
++ SSL_get_srp_userinfo;
++ SSL_set_srp_server_param;
++ SSL_set_srp_server_param_pw;
++ SSL_get_srp_N;
++ SSL_get_srp_username;
++ SSL_CTX_set_srp_password;
++ SSL_CTX_set_srp_strength;
++ SSL_CTX_set_srp_verify_param_callback;
++ SSL_CTX_set_srp_vfy_param_cb;
++ SSL_CTX_set_srp_cb_arg;
++ SSL_CTX_set_srp_username;
++ SSL_CTX_SRP_CTX_init;
++ SSL_SRP_CTX_init;
++ SRP_Calc_A_param;
++ SRP_generate_server_master_secret;
++ SRP_gen_server_master_secret;
++ SSL_CTX_SRP_CTX_free;
++ SRP_generate_client_master_secret;
++ SRP_gen_client_master_secret;
++ SSL_srp_server_param_with_username;
++ SSL_srp_server_param_with_un;
++ SSL_SRP_CTX_free;
++ SSL_set_debug;
++ SSL_SESSION_get0_peer;
++ TLSv1_2_client_method;
++ SSL_SESSION_set1_id_context;
++ TLSv1_2_server_method;
++ SSL_cache_hit;
++ SSL_get0_kssl_ctx;
++ SSL_set0_kssl_ctx;
++ SSL_set_state;
++ SSL_CIPHER_get_id;
++ TLSv1_2_method;
++ kssl_ctx_get0_client_princ;
++ SSL_export_keying_material;
++ SSL_set_tlsext_use_srtp;
++ SSL_CTX_set_next_protos_advertised_cb;
++ SSL_CTX_set_next_protos_adv_cb;
++ SSL_get0_next_proto_negotiated;
++ SSL_get_selected_srtp_profile;
++ SSL_CTX_set_tlsext_use_srtp;
++ SSL_select_next_proto;
++ SSL_get_srtp_profiles;
++ SSL_CTX_set_next_proto_select_cb;
++ SSL_CTX_set_next_proto_sel_cb;
++ SSL_SESSION_get_compress_id;
++
++ SRP_VBASE_get_by_user;
++ SRP_Calc_server_key;
++ SRP_create_verifier;
++ SRP_create_verifier_BN;
++ SRP_Calc_u;
++ SRP_VBASE_free;
++ SRP_Calc_client_key;
++ SRP_get_default_gN;
++ SRP_Calc_x;
++ SRP_Calc_B;
++ SRP_VBASE_new;
++ SRP_check_known_gN_param;
++ SRP_Calc_A;
++ SRP_Verify_A_mod_N;
++ SRP_VBASE_init;
++ SRP_Verify_B_mod_N;
++ EC_KEY_set_public_key_affine_coordinates;
++ EC_KEY_set_pub_key_aff_coords;
++ EVP_aes_192_ctr;
++ EVP_PKEY_meth_get0_info;
++ EVP_PKEY_meth_copy;
++ ERR_add_error_vdata;
++ EVP_aes_128_ctr;
++ EVP_aes_256_ctr;
++ EC_GFp_nistp224_method;
++ EC_KEY_get_flags;
++ RSA_padding_add_PKCS1_PSS_mgf1;
++ EVP_aes_128_xts;
++ EVP_aes_256_xts;
++ EVP_aes_128_gcm;
++ EC_KEY_clear_flags;
++ EC_KEY_set_flags;
++ EVP_aes_256_ccm;
++ RSA_verify_PKCS1_PSS_mgf1;
++ EVP_aes_128_ccm;
++ EVP_aes_192_gcm;
++ X509_ALGOR_set_md;
++ RAND_init_fips;
++ EVP_aes_256_gcm;
++ EVP_aes_192_ccm;
++ CMAC_CTX_copy;
++ CMAC_CTX_free;
++ CMAC_CTX_get0_cipher_ctx;
++ CMAC_CTX_cleanup;
++ CMAC_Init;
++ CMAC_Update;
++ CMAC_resume;
++ CMAC_CTX_new;
++ CMAC_Final;
++ CRYPTO_ctr128_encrypt_ctr32;
++ CRYPTO_gcm128_release;
++ CRYPTO_ccm128_decrypt_ccm64;
++ CRYPTO_ccm128_encrypt;
++ CRYPTO_gcm128_encrypt;
++ CRYPTO_xts128_encrypt;
++ EVP_rc4_hmac_md5;
++ CRYPTO_nistcts128_decrypt_block;
++ CRYPTO_gcm128_setiv;
++ CRYPTO_nistcts128_encrypt;
++ EVP_aes_128_cbc_hmac_sha1;
++ CRYPTO_gcm128_tag;
++ CRYPTO_ccm128_encrypt_ccm64;
++ ENGINE_load_rdrand;
++ CRYPTO_ccm128_setiv;
++ CRYPTO_nistcts128_encrypt_block;
++ CRYPTO_gcm128_aad;
++ CRYPTO_ccm128_init;
++ CRYPTO_nistcts128_decrypt;
++ CRYPTO_gcm128_new;
++ CRYPTO_ccm128_tag;
++ CRYPTO_ccm128_decrypt;
++ CRYPTO_ccm128_aad;
++ CRYPTO_gcm128_init;
++ CRYPTO_gcm128_decrypt;
++ ENGINE_load_rsax;
++ CRYPTO_gcm128_decrypt_ctr32;
++ CRYPTO_gcm128_encrypt_ctr32;
++ CRYPTO_gcm128_finish;
++ EVP_aes_256_cbc_hmac_sha1;
++ PKCS5_pbkdf2_set;
++ CMS_add0_recipient_password;
++ CMS_decrypt_set1_password;
++ CMS_RecipientInfo_set0_password;
++ RAND_set_fips_drbg_type;
++ X509_REQ_sign_ctx;
++ RSA_PSS_PARAMS_new;
++ X509_CRL_sign_ctx;
++ X509_signature_dump;
++ d2i_RSA_PSS_PARAMS;
++ RSA_PSS_PARAMS_it;
++ RSA_PSS_PARAMS_free;
++ X509_sign_ctx;
++ i2d_RSA_PSS_PARAMS;
++ ASN1_item_sign_ctx;
++ EC_GFp_nistp521_method;
++ EC_GFp_nistp256_method;
++ OPENSSL_stderr;
++ OPENSSL_cpuid_setup;
++ OPENSSL_showfatal;
++ BIO_new_dgram_sctp;
++ BIO_dgram_sctp_msg_waiting;
++ BIO_dgram_sctp_wait_for_dry;
++ BIO_s_datagram_sctp;
++ BIO_dgram_is_sctp;
++ BIO_dgram_sctp_notification_cb;
++ CRYPTO_memcmp;
++ SSL_CTX_set_alpn_protos;
++ SSL_set_alpn_protos;
++ SSL_CTX_set_alpn_select_cb;
++ SSL_get0_alpn_selected;
++ SSL_CTX_set_custom_cli_ext;
++ SSL_CTX_set_custom_srv_ext;
++ SSL_CTX_set_srv_supp_data;
++ SSL_CTX_set_cli_supp_data;
++ SSL_set_cert_cb;
++ SSL_CTX_use_serverinfo;
++ SSL_CTX_use_serverinfo_file;
++ SSL_CTX_set_cert_cb;
++ SSL_CTX_get0_param;
++ SSL_get0_param;
++ SSL_certs_clear;
++ DTLSv1_2_method;
++ DTLSv1_2_server_method;
++ DTLSv1_2_client_method;
++ DTLS_method;
++ DTLS_server_method;
++ DTLS_client_method;
++ SSL_CTX_get_ssl_method;
++ SSL_CTX_get0_certificate;
++ SSL_CTX_get0_privatekey;
++ SSL_COMP_set0_compression_methods;
++ SSL_COMP_free_compression_methods;
++ SSL_CIPHER_find;
++ SSL_is_server;
++ SSL_CONF_CTX_new;
++ SSL_CONF_CTX_finish;
++ SSL_CONF_CTX_free;
++ SSL_CONF_CTX_set_flags;
++ SSL_CONF_CTX_clear_flags;
++ SSL_CONF_CTX_set1_prefix;
++ SSL_CONF_CTX_set_ssl;
++ SSL_CONF_CTX_set_ssl_ctx;
++ SSL_CONF_cmd;
++ SSL_CONF_cmd_argv;
++ SSL_CONF_cmd_value_type;
++ SSL_trace;
++ SSL_CIPHER_standard_name;
++ SSL_get_tlsa_record_byname;
++ ASN1_TIME_diff;
++ BIO_hex_string;
++ CMS_RecipientInfo_get0_pkey_ctx;
++ CMS_RecipientInfo_encrypt;
++ CMS_SignerInfo_get0_pkey_ctx;
++ CMS_SignerInfo_get0_md_ctx;
++ CMS_SignerInfo_get0_signature;
++ CMS_RecipientInfo_kari_get0_alg;
++ CMS_RecipientInfo_kari_get0_reks;
++ CMS_RecipientInfo_kari_get0_orig_id;
++ CMS_RecipientInfo_kari_orig_id_cmp;
++ CMS_RecipientEncryptedKey_get0_id;
++ CMS_RecipientEncryptedKey_cert_cmp;
++ CMS_RecipientInfo_kari_set0_pkey;
++ CMS_RecipientInfo_kari_get0_ctx;
++ CMS_RecipientInfo_kari_decrypt;
++ CMS_SharedInfo_encode;
++ DH_compute_key_padded;
++ d2i_DHxparams;
++ i2d_DHxparams;
++ DH_get_1024_160;
++ DH_get_2048_224;
++ DH_get_2048_256;
++ DH_KDF_X9_42;
++ ECDH_KDF_X9_62;
++ ECDSA_METHOD_new;
++ ECDSA_METHOD_free;
++ ECDSA_METHOD_set_app_data;
++ ECDSA_METHOD_get_app_data;
++ ECDSA_METHOD_set_sign;
++ ECDSA_METHOD_set_sign_setup;
++ ECDSA_METHOD_set_verify;
++ ECDSA_METHOD_set_flags;
++ ECDSA_METHOD_set_name;
++ EVP_des_ede3_wrap;
++ EVP_aes_128_wrap;
++ EVP_aes_192_wrap;
++ EVP_aes_256_wrap;
++ EVP_aes_128_cbc_hmac_sha256;
++ EVP_aes_256_cbc_hmac_sha256;
++ CRYPTO_128_wrap;
++ CRYPTO_128_unwrap;
++ OCSP_REQ_CTX_nbio;
++ OCSP_REQ_CTX_new;
++ OCSP_set_max_response_length;
++ OCSP_REQ_CTX_i2d;
++ OCSP_REQ_CTX_nbio_d2i;
++ OCSP_REQ_CTX_get0_mem_bio;
++ OCSP_REQ_CTX_http;
++ RSA_padding_add_PKCS1_OAEP_mgf1;
++ RSA_padding_check_PKCS1_OAEP_mgf1;
++ RSA_OAEP_PARAMS_free;
++ RSA_OAEP_PARAMS_it;
++ RSA_OAEP_PARAMS_new;
++ SSL_get_sigalgs;
++ SSL_get_shared_sigalgs;
++ SSL_check_chain;
++ X509_chain_up_ref;
++ X509_http_nbio;
++ X509_CRL_http_nbio;
++ X509_REVOKED_dup;
++ i2d_re_X509_tbs;
++ X509_get0_signature;
++ X509_get_signature_nid;
++ X509_CRL_diff;
++ X509_chain_check_suiteb;
++ X509_CRL_check_suiteb;
++ X509_check_host;
++ X509_check_email;
++ X509_check_ip;
++ X509_check_ip_asc;
++ X509_STORE_set_lookup_crls_cb;
++ X509_STORE_CTX_get0_store;
++ X509_VERIFY_PARAM_set1_host;
++ X509_VERIFY_PARAM_add1_host;
++ X509_VERIFY_PARAM_set_hostflags;
++ X509_VERIFY_PARAM_get0_peername;
++ X509_VERIFY_PARAM_set1_email;
++ X509_VERIFY_PARAM_set1_ip;
++ X509_VERIFY_PARAM_set1_ip_asc;
++ X509_VERIFY_PARAM_get0_name;
++ X509_VERIFY_PARAM_get_count;
++ X509_VERIFY_PARAM_get0;
++ X509V3_EXT_free;
++ EC_GROUP_get_mont_data;
++ EC_curve_nid2nist;
++ EC_curve_nist2nid;
++ PEM_write_bio_DHxparams;
++ PEM_write_DHxparams;
++ SSL_CTX_add_client_custom_ext;
++ SSL_CTX_add_server_custom_ext;
++ SSL_extension_supported;
++ BUF_strnlen;
++ sk_deep_copy;
++ SSL_test_functions;
++
++ local:
++ *;
++};
++
++OPENSSL_1.0.2g {
++ global:
++ SRP_VBASE_get1_by_user;
++ SRP_user_pwd_free;
++} OPENSSL_1.0.2d;
++
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 2014-02-24 21:02:30.000000000 +0100
+@@ -0,0 +1,10 @@
++OPENSSL_1.0.2 {
++ global:
++ bind_engine;
++ v_check;
++ OPENSSL_init;
++ OPENSSL_finish;
++ local:
++ *;
++};
++
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld 2014-02-24 21:02:30.000000000 +0100
+@@ -0,0 +1,10 @@
++OPENSSL_1.0.2 {
++ global:
++ bind_engine;
++ v_check;
++ OPENSSL_init;
++ OPENSSL_finish;
++ local:
++ *;
++};
++
diff --git a/recipes-connectivity/openssl/openssl-qoriq/engines-install-in-libdir-ssl.patch b/recipes-connectivity/openssl/openssl-qoriq/engines-install-in-libdir-ssl.patch
index d8a6f1a..a574648 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/engines-install-in-libdir-ssl.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/engines-install-in-libdir-ssl.patch
@@ -1,11 +1,11 @@
Upstream-Status: Inappropriate [configuration]
-Index: openssl-1.0.0/engines/Makefile
+Index: openssl-1.0.2/engines/Makefile
===================================================================
---- openssl-1.0.0.orig/engines/Makefile
-+++ openssl-1.0.0/engines/Makefile
-@@ -107,7 +107,7 @@
+--- openssl-1.0.2.orig/engines/Makefile
++++ openssl-1.0.2/engines/Makefile
+@@ -107,13 +107,13 @@ install:
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
@if [ -n "$(SHARED_LIBS)" ]; then \
set -e; \
@@ -14,16 +14,19 @@ Index: openssl-1.0.0/engines/Makefile
for l in $(LIBNAMES); do \
( echo installing $$l; \
pfx=lib; \
-@@ -119,13 +119,13 @@
+ if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
+ sfx=".so"; \
+- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
++ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
+ else \
+ case "$(CFLAGS)" in \
+ *DSO_BEOS*) sfx=".so";; \
+@@ -122,10 +122,10 @@ install:
*DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
*) sfx=".bad";; \
esac; \
- cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+ cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
- else \
- sfx=".so"; \
-- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
-+ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
fi; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
@@ -32,20 +35,25 @@ Index: openssl-1.0.0/engines/Makefile
done; \
fi
@target=install; $(RECURSIVE_MAKE)
-Index: openssl-1.0.0/engines/ccgost/Makefile
+Index: openssl-1.0.2/engines/ccgost/Makefile
===================================================================
---- openssl-1.0.0.orig/engines/ccgost/Makefile
-+++ openssl-1.0.0/engines/ccgost/Makefile
-@@ -53,13 +53,13 @@
+--- openssl-1.0.2.orig/engines/ccgost/Makefile
++++ openssl-1.0.2/engines/ccgost/Makefile
+@@ -47,7 +47,7 @@ install:
+ pfx=lib; \
+ if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
+ sfx=".so"; \
+- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+ else \
+ case "$(CFLAGS)" in \
+ *DSO_BEOS*) sfx=".so";; \
+@@ -56,10 +56,10 @@ install:
*DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
*) sfx=".bad";; \
esac; \
- cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+ cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
- else \
- sfx=".so"; \
-- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
-+ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
fi; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
diff --git a/recipes-connectivity/openssl/openssl-qoriq/fix-cipher-des-ede3-cfb1.patch b/recipes-connectivity/openssl/openssl-qoriq/fix-cipher-des-ede3-cfb1.patch
index f0e1778..06d1ea6 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/fix-cipher-des-ede3-cfb1.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/fix-cipher-des-ede3-cfb1.patch
@@ -6,17 +6,16 @@ http://rt.openssl.org/Ticket/Display.html?id=2867
Signed-Off-By: Muhammad Shakeel <muhammad_shakeel at mentor.com>
-diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
-index 3232cfe..df84922 100644
+Index: openssl-1.0.2/crypto/evp/e_des3.c
===================================================================
---- a/crypto/evp/e_des3.c
-+++ b/crypto/evp/e_des3.c
-@@ -173,7 +173,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+--- openssl-1.0.2.orig/crypto/evp/e_des3.c
++++ openssl-1.0.2/crypto/evp/e_des3.c
+@@ -211,7 +211,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPH
size_t n;
- unsigned char c[1],d[1];
+ unsigned char c[1], d[1];
-- for(n=0 ; n < inl ; ++n)
-+ for(n=0 ; n < inl*8 ; ++n)
- {
- c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
- DES_ede3_cfb_encrypt(c,d,1,1,
+- for (n = 0; n < inl; ++n) {
++ for (n = 0; n * 8 < inl; ++n) {
+ c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
+ DES_ede3_cfb_encrypt(c, d, 1, 1,
+ &data(ctx)->ks1, &data(ctx)->ks2,
diff --git a/recipes-connectivity/openssl/openssl-qoriq/initial-aarch64-bits.patch b/recipes-connectivity/openssl/openssl-qoriq/initial-aarch64-bits.patch
deleted file mode 100644
index 2185ff8..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/initial-aarch64-bits.patch
+++ /dev/null
@@ -1,119 +0,0 @@
-From: Andy Polyakov <appro at openssl.org>
-Date: Sun, 13 Oct 2013 17:15:15 +0000 (+0200)
-Subject: Initial aarch64 bits.
-X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=039081b80977e2a5de84e1f88f8b4d025b559956
-
-Initial aarch64 bits.
----
- crypto/bn/bn_lcl.h | 9 +++++++++
- crypto/md32_common.h | 18 ++++++++++++++++++
- crypto/modes/modes_lcl.h | 8 ++++++++
- crypto/sha/sha512.c | 13 +++++++++++++
- 4 files changed, 48 insertions(+)
-
-Index: openssl-1.0.1f/crypto/bn/bn_lcl.h
-===================================================================
---- openssl-1.0.1f.orig/crypto/bn/bn_lcl.h 2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/crypto/bn/bn_lcl.h 2014-02-28 10:37:55.495979037 +0200
-@@ -300,6 +300,15 @@
- : "r"(a), "r"(b));
- # endif
- # endif
-+# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG)
-+# if defined(__GNUC__) && __GNUC__>=2
-+# define BN_UMULT_HIGH(a,b) ({ \
-+ register BN_ULONG ret; \
-+ asm ("umulh %0,%1,%2" \
-+ : "=r"(ret) \
-+ : "r"(a), "r"(b)); \
-+ ret; })
-+# endif
- # endif /* cpu */
- #endif /* OPENSSL_NO_ASM */
-
-Index: openssl-1.0.1f/crypto/md32_common.h
-===================================================================
---- openssl-1.0.1f.orig/crypto/md32_common.h 2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/crypto/md32_common.h 2014-02-28 10:39:21.751979107 +0200
-@@ -213,6 +213,24 @@
- asm ("bswapl %0":"=r"(r):"0"(r)); \
- *((unsigned int *)(c))=r; (c)+=4; r; })
- # endif
-+# elif defined(__aarch64__)
-+# if defined(__BYTE_ORDER__)
-+# if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
-+# define HOST_c2l(c,l) ({ unsigned int r; \
-+ asm ("rev %w0,%w1" \
-+ :"=r"(r) \
-+ :"r"(*((const unsigned int *)(c))));\
-+ (c)+=4; (l)=r; })
-+# define HOST_l2c(l,c) ({ unsigned int r; \
-+ asm ("rev %w0,%w1" \
-+ :"=r"(r) \
-+ :"r"((unsigned int)(l)));\
-+ *((unsigned int *)(c))=r; (c)+=4; r; })
-+# elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
-+# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
-+# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
-+# endif
-+# endif
- # endif
- # endif
- #endif
-Index: openssl-1.0.1f/crypto/modes/modes_lcl.h
-===================================================================
---- openssl-1.0.1f.orig/crypto/modes/modes_lcl.h 2014-02-28 10:47:48.731979011 +0200
-+++ openssl-1.0.1f/crypto/modes/modes_lcl.h 2014-02-28 10:48:49.707978919 +0200
-@@ -29,6 +29,7 @@
- #if defined(__i386) || defined(__i386__) || \
- defined(__x86_64) || defined(__x86_64__) || \
- defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
-+ defined(__aarch64__) || \
- defined(__s390__) || defined(__s390x__)
- # undef STRICT_ALIGNMENT
- #endif
-@@ -50,6 +51,13 @@
- # define BSWAP4(x) ({ u32 ret=(x); \
- asm ("bswapl %0" \
- : "+r"(ret)); ret; })
-+# elif defined(__aarch64__)
-+# define BSWAP8(x) ({ u64 ret; \
-+ asm ("rev %0,%1" \
-+ : "=r"(ret) : "r"(x)); ret; })
-+# define BSWAP4(x) ({ u32 ret; \
-+ asm ("rev %w0,%w1" \
-+ : "=r"(ret) : "r"(x)); ret; })
- # elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
- # define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \
- asm ("rev %0,%0; rev %1,%1" \
-Index: openssl-1.0.1f/crypto/sha/sha512.c
-===================================================================
---- openssl-1.0.1f.orig/crypto/sha/sha512.c 2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/crypto/sha/sha512.c 2014-02-28 10:52:14.579978981 +0200
-@@ -55,6 +55,7 @@
- #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
- defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
- defined(__s390__) || defined(__s390x__) || \
-+ defined(__aarch64__) || \
- defined(SHA512_ASM)
- #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
- #endif
-@@ -347,6 +348,18 @@
- asm ("rotrdi %0,%1,%2" \
- : "=r"(ret) \
- : "r"(a),"K"(n)); ret; })
-+# elif defined(__aarch64__)
-+# define ROTR(a,n) ({ SHA_LONG64 ret; \
-+ asm ("ror %0,%1,%2" \
-+ : "=r"(ret) \
-+ : "r"(a),"I"(n)); ret; })
-+# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
-+ __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
-+# define PULL64(x) ({ SHA_LONG64 ret; \
-+ asm ("rev %0,%1" \
-+ : "=r"(ret) \
-+ : "r"(*((const SHA_LONG64 *)(&(x))))); ret; })
-+# endif
- # endif
- # elif defined(_MSC_VER)
- # if defined(_WIN64) /* applies to both IA-64 and AMD64 */
diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl-1.0.2a-x32-asm.patch b/recipes-connectivity/openssl/openssl-qoriq/openssl-1.0.2a-x32-asm.patch
new file mode 100644
index 0000000..1e5bfa1
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/openssl-1.0.2a-x32-asm.patch
@@ -0,0 +1,46 @@
+https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest
+
+From 6257d59b3a68d2feb9d64317a1c556dc3813ee61 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier at gentoo.org>
+Date: Sat, 21 Mar 2015 06:01:25 -0400
+Subject: [PATCH] crypto: use bigint in x86-64 perl
+
+Upstream-Status: Pending
+Signed-off-by: Cristian Iorga <cristian.iorga at intel.com>
+
+When building on x32 systems where the default type is 32bit, make sure
+we can transparently represent 64bit integers. Otherwise we end up with
+build errors like:
+/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s
+Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890.
+...
+ghash-x86_64.s: Assembler messages:
+ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression
+
+We don't enable this globally as there are some cases where we'd get
+32bit values interpreted as unsigned when we need them as signed.
+
+Reported-by: Bertrand Jacquin <bertrand at jacquin.bzh>
+URL: https://bugs.gentoo.org/542618
+---
+ crypto/perlasm/x86_64-xlate.pl | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
+index aae8288..0bf9774 100755
+--- a/crypto/perlasm/x86_64-xlate.pl
++++ b/crypto/perlasm/x86_64-xlate.pl
+@@ -195,6 +195,10 @@ my %globals;
+ sub out {
+ my $self = shift;
+
++ # When building on x32 ABIs, the expanded hex value might be too
++ # big to fit into 32bits. Enable transparent 64bit support here
++ # so we can safely print it out.
++ use bigint;
+ if ($gas) {
+ # Solaris /usr/ccs/bin/as can't handle multiplications
+ # in $self->{value}
+--
+2.3.3
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
index c161e62..f736e5c 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
@@ -8,14 +8,16 @@ http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
Signed-off-by: Xufeng Zhang <xufeng.zhang at windriver.com>
---
---- a/crypto/evp/digest.c
-+++ b/crypto/evp/digest.c
-@@ -199,7 +199,7 @@
- return 0;
- }
+Index: openssl-1.0.2h/crypto/evp/digest.c
+===================================================================
+--- openssl-1.0.2h.orig/crypto/evp/digest.c
++++ openssl-1.0.2h/crypto/evp/digest.c
+@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
+ type = ctx->digest;
+ }
#endif
-- if (ctx->digest != type)
-+ if (type && (ctx->digest != type))
- {
- if (ctx->digest && ctx->digest->ctx_size)
- OPENSSL_free(ctx->md_data);
+- if (ctx->digest != type) {
++ if (type && (ctx->digest != type)) {
+ if (ctx->digest && ctx->digest->ctx_size) {
+ OPENSSL_free(ctx->md_data);
+ ctx->md_data = NULL;
diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch b/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
deleted file mode 100644
index 3e93fe4..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-openssl: avoid NULL pointer dereference in dh_pub_encode()/dsa_pub_encode()
-
-We should avoid accessing the pointer if ASN1_STRING_new()
-allocates memory failed.
-
-Upstream-Status: Submitted
-http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html
-
-Signed-off-by: Xufeng Zhang <xufeng.zhang at windriver.com>
----
---- a/crypto/dh/dh_ameth.c
-+++ b/crypto/dh/dh_ameth.c
-@@ -139,6 +139,12 @@
- dh=pkey->pkey.dh;
-
- str = ASN1_STRING_new();
-+ if (!str)
-+ {
-+ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
- str->length = i2d_DHparams(dh, &str->data);
- if (str->length <= 0)
- {
---- a/crypto/dsa/dsa_ameth.c
-+++ b/crypto/dsa/dsa_ameth.c
-@@ -148,6 +148,11 @@
- {
- ASN1_STRING *str;
- str = ASN1_STRING_new();
-+ if (!str)
-+ {
-+ DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
- str->length = i2d_DSAparams(dsa, &str->data);
- if (str->length <= 0)
- {
diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl-c_rehash.sh b/recipes-connectivity/openssl/openssl-qoriq/openssl-c_rehash.sh
new file mode 100644
index 0000000..0ea2263
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/openssl-c_rehash.sh
@@ -0,0 +1,210 @@
+#!/bin/sh
+#
+# Ben Secrest <blsecres at gmail.com>
+#
+# sh c_rehash script, scan all files in a directory
+# and add symbolic links to their hash values.
+#
+# based on the c_rehash perl script distributed with openssl
+#
+# LICENSE: See OpenSSL license
+# ^^acceptable?^^
+#
+
+# default certificate location
+DIR=/etc/openssl
+
+# for filetype bitfield
+IS_CERT=$(( 1 << 0 ))
+IS_CRL=$(( 1 << 1 ))
+
+
+# check to see if a file is a certificate file or a CRL file
+# arguments:
+# 1. the filename to be scanned
+# returns:
+# bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
+#
+check_file()
+{
+ local IS_TYPE=0
+
+ # make IFS a newline so we can process grep output line by line
+ local OLDIFS=${IFS}
+ IFS=$( printf "\n" )
+
+ # XXX: could be more efficient to have two 'grep -m' but is -m portable?
+ for LINE in $( grep '^-----BEGIN .*-----' ${1} )
+ do
+ if echo ${LINE} \
+ | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----'
+ then
+ IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} ))
+
+ if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
+ then
+ break
+ fi
+ elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----'
+ then
+ IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} ))
+
+ if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
+ then
+ break
+ fi
+ fi
+ done
+
+ # restore IFS
+ IFS=${OLDIFS}
+
+ return ${IS_TYPE}
+}
+
+
+#
+# use openssl to fingerprint a file
+# arguments:
+# 1. the filename to fingerprint
+# 2. the method to use (x509, crl)
+# returns:
+# none
+# assumptions:
+# user will capture output from last stage of pipeline
+#
+fingerprint()
+{
+ ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':'
+}
+
+
+#
+# link_hash - create links to certificate files
+# arguments:
+# 1. the filename to create a link for
+# 2. the type of certificate being linked (x509, crl)
+# returns:
+# 0 on success, 1 otherwise
+#
+link_hash()
+{
+ local FINGERPRINT=$( fingerprint ${1} ${2} )
+ local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
+ local SUFFIX=0
+ local LINKFILE=''
+ local TAG=''
+
+ if [ ${2} = "crl" ]
+ then
+ TAG='r'
+ fi
+
+ LINKFILE=${HASH}.${TAG}${SUFFIX}
+
+ while [ -f ${LINKFILE} ]
+ do
+ if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
+ then
+ echo "WARNING: Skipping duplicate file ${1}" >&2
+ return 1
+ fi
+
+ SUFFIX=$(( ${SUFFIX} + 1 ))
+ LINKFILE=${HASH}.${TAG}${SUFFIX}
+ done
+
+ echo "${1} => ${LINKFILE}"
+
+ # assume any system with a POSIX shell will either support symlinks or
+ # do something to handle this gracefully
+ ln -s ${1} ${LINKFILE}
+
+ return 0
+}
+
+
+# hash_dir create hash links in a given directory
+hash_dir()
+{
+ echo "Doing ${1}"
+
+ cd ${1}
+
+ ls -1 * 2>/dev/null | while read FILE
+ do
+ if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
+ && [ -h "${FILE}" ]
+ then
+ rm ${FILE}
+ fi
+ done
+
+ ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE
+ do
+ check_file ${FILE}
+ local FILE_TYPE=${?}
+ local TYPE_STR=''
+
+ if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
+ then
+ TYPE_STR='x509'
+ elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
+ then
+ TYPE_STR='crl'
+ else
+ echo "WARNING: ${FILE} does not contain a certificate or CRL: skipping" >&2
+ continue
+ fi
+
+ link_hash ${FILE} ${TYPE_STR}
+ done
+}
+
+
+# choose the name of an ssl application
+if [ -n "${OPENSSL}" ]
+then
+ SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
+else
+ SSL_CMD=/usr/bin/openssl
+ OPENSSL=${SSL_CMD}
+ export OPENSSL
+fi
+
+# fix paths
+PATH=${PATH}:${DIR}/bin
+export PATH
+
+# confirm existance/executability of ssl command
+if ! [ -x ${SSL_CMD} ]
+then
+ echo "${0}: rehashing skipped ('openssl' program not available)" >&2
+ exit 0
+fi
+
+# determine which directories to process
+old_IFS=$IFS
+if [ ${#} -gt 0 ]
+then
+ IFS=':'
+ DIRLIST=${*}
+elif [ -n "${SSL_CERT_DIR}" ]
+then
+ DIRLIST=$SSL_CERT_DIR
+else
+ DIRLIST=${DIR}/certs
+fi
+
+IFS=':'
+
+# process directories
+for CERT_DIR in ${DIRLIST}
+do
+ if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
+ then
+ IFS=$old_IFS
+ hash_dir ${CERT_DIR}
+ IFS=':'
+ fi
+done
diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl-fix-link.patch b/recipes-connectivity/openssl/openssl-qoriq/openssl-fix-link.patch
deleted file mode 100644
index 154106c..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/openssl-fix-link.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From aabfb6f78af8e337d3239142117ba303fce55e7e Mon Sep 17 00:00:00 2001
-From: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>
-Date: Thu, 22 Sep 2011 08:55:26 +0200
-Subject: [PATCH] fix the parallel build regarding shared libraries.
-
-Upstream-Status: Pending
----
- .../openssl-1.0.0e/Makefile.org | 8 ++++----
- 1 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/Makefile.org
-index 3c7aea1..6326cd6 100644
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -243,13 +243,13 @@ build_libs: build_crypto build_ssl build_engines
-
- build_crypto:
- @dir=crypto; target=all; $(BUILD_ONE_CMD)
--build_ssl:
-+build_ssl: build_crypto
- @dir=ssl; target=all; $(BUILD_ONE_CMD)
--build_engines:
-+build_engines: build_crypto
- @dir=engines; target=all; $(BUILD_ONE_CMD)
--build_apps:
-+build_apps: build_crypto build_ssl
- @dir=apps; target=all; $(BUILD_ONE_CMD)
--build_tests:
-+build_tests: build_crypto build_ssl
- @dir=test; target=all; $(BUILD_ONE_CMD)
- build_tools:
- @dir=tools; target=all; $(BUILD_ONE_CMD)
---
-1.6.6.1
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl_fix_for_x32.patch b/recipes-connectivity/openssl/openssl-qoriq/openssl_fix_for_x32.patch
index 93ce034..cbce32c 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/openssl_fix_for_x32.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/openssl_fix_for_x32.patch
@@ -6,64 +6,13 @@ Signed-Off-By: Nitin A Kamble <nitin.a.kamble at intel.com> 2011/07/13
ported the patch to the 1.0.0e version
Signed-Off-By: Nitin A Kamble <nitin.a.kamble at intel.com> 2011/12/01
-Index: openssl-1.0.1e/Configure
+Index: openssl-1.0.2/crypto/bn/bn.h
===================================================================
---- openssl-1.0.1e.orig/Configure
-+++ openssl-1.0.1e/Configure
-@@ -402,6 +402,7 @@ my %table=(
- "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux-x32", "gcc:-mx32 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
- "linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
- #### So called "highgprs" target for z/Architecture CPUs
- # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
-Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
-===================================================================
---- openssl-1.0.1e.orig/crypto/bn/asm/x86_64-gcc.c
-+++ openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
-@@ -55,7 +55,7 @@
- * machine.
- */
-
--#ifdef _WIN64
-+#if defined _WIN64 || !defined __LP64__
- #define BN_ULONG unsigned long long
- #else
- #define BN_ULONG unsigned long
-@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con
- asm (
- " subq %2,%2 \n"
- ".p2align 4 \n"
-- "1: movq (%4,%2,8),%0 \n"
-- " adcq (%5,%2,8),%0 \n"
-- " movq %0,(%3,%2,8) \n"
-+ "1: movq (%q4,%2,8),%0 \n"
-+ " adcq (%q5,%2,8),%0 \n"
-+ " movq %0,(%q3,%2,8) \n"
- " leaq 1(%2),%2 \n"
- " loop 1b \n"
- " sbbq %0,%0 \n"
-@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con
- asm (
- " subq %2,%2 \n"
- ".p2align 4 \n"
-- "1: movq (%4,%2,8),%0 \n"
-- " sbbq (%5,%2,8),%0 \n"
-- " movq %0,(%3,%2,8) \n"
-+ "1: movq (%q4,%2,8),%0 \n"
-+ " sbbq (%q5,%2,8),%0 \n"
-+ " movq %0,(%q3,%2,8) \n"
- " leaq 1(%2),%2 \n"
- " loop 1b \n"
- " sbbq %0,%0 \n"
-Index: openssl-1.0.1e/crypto/bn/bn.h
-===================================================================
---- openssl-1.0.1e.orig/crypto/bn/bn.h
-+++ openssl-1.0.1e/crypto/bn/bn.h
-@@ -172,6 +172,13 @@ extern "C" {
+--- openssl-1.0.2.orig/crypto/bn/bn.h
++++ openssl-1.0.2/crypto/bn/bn.h
+@@ -173,6 +173,13 @@ extern "C" {
+ # endif
# endif
- #endif
+/* Address type. */
+#ifdef _WIN64
@@ -72,19 +21,19 @@ Index: openssl-1.0.1e/crypto/bn/bn.h
+#define BN_ADDR unsigned long
+#endif
+
- /* assuming long is 64bit - this is the DEC Alpha
- * unsigned long long is only 64 bits :-(, don't define
- * BN_LLONG for the DEC Alpha */
-Index: openssl-1.0.1e/crypto/bn/bn_exp.c
+ /*
+ * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
+ * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
+Index: openssl-1.0.2/crypto/bn/bn_exp.c
===================================================================
---- openssl-1.0.1e.orig/crypto/bn/bn_exp.c
-+++ openssl-1.0.1e/crypto/bn/bn_exp.c
-@@ -567,7 +567,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
-
- /* Given a pointer value, compute the next address that is a cache line multiple. */
+--- openssl-1.0.2.orig/crypto/bn/bn_exp.c
++++ openssl-1.0.2/crypto/bn/bn_exp.c
+@@ -638,7 +638,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
+ * multiple.
+ */
#define MOD_EXP_CTIME_ALIGN(x_) \
-- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+ ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
- /* This variant of BN_mod_exp_mont() uses fixed windows and the special
- * precomputation memory layout to limit data-dependency to a minimum
+ /*
+ * This variant of BN_mod_exp_mont() uses fixed windows and the special
diff --git a/recipes-connectivity/openssl/openssl-qoriq/parallel.patch b/recipes-connectivity/openssl/openssl-qoriq/parallel.patch
new file mode 100644
index 0000000..b6c2c14
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/parallel.patch
@@ -0,0 +1,326 @@
+Fix the parallel races in the Makefiles.
+
+This patch was taken from the Gentoo packaging:
+https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch
+
+Upstream-Status: Pending
+Signed-off-by: Ross Burton <ross.burton at intel.com>
+
+--- openssl-1.0.2g/crypto/Makefile
++++ openssl-1.0.2g/crypto/Makefile
+@@ -85,11 +85,11 @@
+ @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+
+ subdirs:
+- @target=all; $(RECURSIVE_MAKE)
++ + at target=all; $(RECURSIVE_MAKE)
+
+ files:
+ $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
+- @target=files; $(RECURSIVE_MAKE)
++ + at target=files; $(RECURSIVE_MAKE)
+
+ links:
+ @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+@@ -100,7 +100,7 @@
+ # lib: $(LIB): are splitted to avoid end-less loop
+ lib: $(LIB)
+ @touch lib
+-$(LIB): $(LIBOBJ)
++$(LIB): $(LIBOBJ) | subdirs
+ $(AR) $(LIB) $(LIBOBJ)
+ test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
+ $(RANLIB) $(LIB) || echo Never mind.
+@@ -111,7 +111,7 @@
+ fi
+
+ libs:
+- @target=lib; $(RECURSIVE_MAKE)
++ + at target=lib; $(RECURSIVE_MAKE)
+
+ install:
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+@@ -120,7 +120,7 @@
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+- @target=install; $(RECURSIVE_MAKE)
++ + at target=install; $(RECURSIVE_MAKE)
+
+ lint:
+ @target=lint; $(RECURSIVE_MAKE)
+--- openssl-1.0.2g/engines/Makefile
++++ openssl-1.0.2g/engines/Makefile
+@@ -72,7 +72,7 @@
+
+ all: lib subdirs
+
+-lib: $(LIBOBJ)
++lib: $(LIBOBJ) | subdirs
+ @if [ -n "$(SHARED_LIBS)" ]; then \
+ set -e; \
+ for l in $(LIBNAMES); do \
+@@ -89,7 +89,7 @@
+
+ subdirs:
+ echo $(EDIRS)
+- @target=all; $(RECURSIVE_MAKE)
++ + at target=all; $(RECURSIVE_MAKE)
+
+ files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+@@ -128,7 +128,7 @@
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
+ done; \
+ fi
+- @target=install; $(RECURSIVE_MAKE)
++ + at target=install; $(RECURSIVE_MAKE)
+
+ tags:
+ ctags $(SRC)
+--- openssl-1.0.2g/Makefile.org
++++ openssl-1.0.2g/Makefile.org
+@@ -279,17 +279,17 @@
+ build_libssl: build_ssl libssl.pc
+
+ build_crypto:
+- @dir=crypto; target=all; $(BUILD_ONE_CMD)
++ + at dir=crypto; target=all; $(BUILD_ONE_CMD)
+ build_ssl: build_crypto
+- @dir=ssl; target=all; $(BUILD_ONE_CMD)
++ + at dir=ssl; target=all; $(BUILD_ONE_CMD)
+ build_engines: build_crypto
+- @dir=engines; target=all; $(BUILD_ONE_CMD)
++ + at dir=engines; target=all; $(BUILD_ONE_CMD)
+ build_apps: build_libs
+- @dir=apps; target=all; $(BUILD_ONE_CMD)
++ + at dir=apps; target=all; $(BUILD_ONE_CMD)
+ build_tests: build_libs
+- @dir=test; target=all; $(BUILD_ONE_CMD)
++ + at dir=test; target=all; $(BUILD_ONE_CMD)
+ build_tools: build_libs
+- @dir=tools; target=all; $(BUILD_ONE_CMD)
++ + at dir=tools; target=all; $(BUILD_ONE_CMD)
+
+ all_testapps: build_libs build_testapps
+ build_testapps:
+@@ -544,7 +544,7 @@
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
++ + at set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+ do \
+ if [ -f "$$i" ]; then \
+--- openssl-1.0.2g/Makefile.shared
++++ openssl-1.0.2g/Makefile.shared
+@@ -105,6 +105,7 @@
+ SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+ LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
++ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
+ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+ $${SHAREDCMD} $${SHAREDFLAGS} \
+ -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+@@ -122,6 +123,7 @@
+ done; \
+ fi; \
+ if [ -n "$$SHLIB_SOVER" ]; then \
++ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
+ ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
+ ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
+ fi; \
+--- openssl-1.0.2g/test/Makefile
++++ openssl-1.0.2g/test/Makefile
+@@ -139,7 +139,7 @@
+ tags:
+ ctags $(SRC)
+
+-tests: exe apps $(TESTS)
++tests: exe $(TESTS)
+
+ apps:
+ @(cd ..; $(MAKE) DIRS=apps all)
+@@ -421,130 +421,130 @@
+ link_app.$${shlib_target}
+
+ $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
+- @target=$(RSATEST); $(BUILD_CMD)
++ + at target=$(RSATEST); $(BUILD_CMD)
+
+ $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
+- @target=$(BNTEST); $(BUILD_CMD)
++ + at target=$(BNTEST); $(BUILD_CMD)
+
+ $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
+- @target=$(ECTEST); $(BUILD_CMD)
++ + at target=$(ECTEST); $(BUILD_CMD)
+
+ $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
+- @target=$(EXPTEST); $(BUILD_CMD)
++ + at target=$(EXPTEST); $(BUILD_CMD)
+
+ $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
+- @target=$(IDEATEST); $(BUILD_CMD)
++ + at target=$(IDEATEST); $(BUILD_CMD)
+
+ $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
+- @target=$(MD2TEST); $(BUILD_CMD)
++ + at target=$(MD2TEST); $(BUILD_CMD)
+
+ $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
+- @target=$(SHATEST); $(BUILD_CMD)
++ + at target=$(SHATEST); $(BUILD_CMD)
+
+ $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
+- @target=$(SHA1TEST); $(BUILD_CMD)
++ + at target=$(SHA1TEST); $(BUILD_CMD)
+
+ $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
+- @target=$(SHA256TEST); $(BUILD_CMD)
++ + at target=$(SHA256TEST); $(BUILD_CMD)
+
+ $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
+- @target=$(SHA512TEST); $(BUILD_CMD)
++ + at target=$(SHA512TEST); $(BUILD_CMD)
+
+ $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
+- @target=$(RMDTEST); $(BUILD_CMD)
++ + at target=$(RMDTEST); $(BUILD_CMD)
+
+ $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
+- @target=$(MDC2TEST); $(BUILD_CMD)
++ + at target=$(MDC2TEST); $(BUILD_CMD)
+
+ $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
+- @target=$(MD4TEST); $(BUILD_CMD)
++ + at target=$(MD4TEST); $(BUILD_CMD)
+
+ $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
+- @target=$(MD5TEST); $(BUILD_CMD)
++ + at target=$(MD5TEST); $(BUILD_CMD)
+
+ $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
+- @target=$(HMACTEST); $(BUILD_CMD)
++ + at target=$(HMACTEST); $(BUILD_CMD)
+
+ $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
+- @target=$(WPTEST); $(BUILD_CMD)
++ + at target=$(WPTEST); $(BUILD_CMD)
+
+ $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
+- @target=$(RC2TEST); $(BUILD_CMD)
++ + at target=$(RC2TEST); $(BUILD_CMD)
+
+ $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
+- @target=$(BFTEST); $(BUILD_CMD)
++ + at target=$(BFTEST); $(BUILD_CMD)
+
+ $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
+- @target=$(CASTTEST); $(BUILD_CMD)
++ + at target=$(CASTTEST); $(BUILD_CMD)
+
+ $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
+- @target=$(RC4TEST); $(BUILD_CMD)
++ + at target=$(RC4TEST); $(BUILD_CMD)
+
+ $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
+- @target=$(RC5TEST); $(BUILD_CMD)
++ + at target=$(RC5TEST); $(BUILD_CMD)
+
+ $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
+- @target=$(DESTEST); $(BUILD_CMD)
++ + at target=$(DESTEST); $(BUILD_CMD)
+
+ $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
+- @target=$(RANDTEST); $(BUILD_CMD)
++ + at target=$(RANDTEST); $(BUILD_CMD)
+
+ $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
+- @target=$(DHTEST); $(BUILD_CMD)
++ + at target=$(DHTEST); $(BUILD_CMD)
+
+ $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
+- @target=$(DSATEST); $(BUILD_CMD)
++ + at target=$(DSATEST); $(BUILD_CMD)
+
+ $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
+- @target=$(METHTEST); $(BUILD_CMD)
++ + at target=$(METHTEST); $(BUILD_CMD)
+
+ $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+- @target=$(SSLTEST); $(FIPS_BUILD_CMD)
++ + at target=$(SSLTEST); $(FIPS_BUILD_CMD)
+
+ $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
+- @target=$(ENGINETEST); $(BUILD_CMD)
++ + at target=$(ENGINETEST); $(BUILD_CMD)
+
+ $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
+- @target=$(EVPTEST); $(BUILD_CMD)
++ + at target=$(EVPTEST); $(BUILD_CMD)
+
+ $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
+- @target=$(EVPEXTRATEST); $(BUILD_CMD)
++ + at target=$(EVPEXTRATEST); $(BUILD_CMD)
+
+ $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
+- @target=$(ECDSATEST); $(BUILD_CMD)
++ + at target=$(ECDSATEST); $(BUILD_CMD)
+
+ $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
+- @target=$(ECDHTEST); $(BUILD_CMD)
++ + at target=$(ECDHTEST); $(BUILD_CMD)
+
+ $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
+- @target=$(IGETEST); $(BUILD_CMD)
++ + at target=$(IGETEST); $(BUILD_CMD)
+
+ $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
+- @target=$(JPAKETEST); $(BUILD_CMD)
++ + at target=$(JPAKETEST); $(BUILD_CMD)
+
+ $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
+- @target=$(ASN1TEST); $(BUILD_CMD)
++ + at target=$(ASN1TEST); $(BUILD_CMD)
+
+ $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
+- @target=$(SRPTEST); $(BUILD_CMD)
++ + at target=$(SRPTEST); $(BUILD_CMD)
+
+ $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
+- @target=$(V3NAMETEST); $(BUILD_CMD)
++ + at target=$(V3NAMETEST); $(BUILD_CMD)
+
+ $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
+- @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
++ + at target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
+
+ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
+- @target=$(CONSTTIMETEST) $(BUILD_CMD)
++ + at target=$(CONSTTIMETEST) $(BUILD_CMD)
+
+ $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o
+- @target=$(VERIFYEXTRATEST) $(BUILD_CMD)
++ + at target=$(VERIFYEXTRATEST) $(BUILD_CMD)
+
+ $(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o
+- @target=$(CLIENTHELLOTEST) $(BUILD_CMD)
++ + at target=$(CLIENTHELLOTEST) $(BUILD_CMD)
+
+ $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
+- @target=$(SSLV2CONFTEST) $(BUILD_CMD)
++ + at target=$(SSLV2CONFTEST) $(BUILD_CMD)
+
+ #$(AESTEST).o: $(AESTEST).c
+ # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
+@@ -557,7 +557,7 @@
+ # fi
+
+ dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
+- @target=dummytest; $(BUILD_CMD)
++ + at target=dummytest; $(BUILD_CMD)
+
+ # DO NOT DELETE THIS LINE -- make depend depends on it.
+
\ No newline at end of file
diff --git a/recipes-connectivity/openssl/openssl-qoriq/ptest-deps.patch b/recipes-connectivity/openssl/openssl-qoriq/ptest-deps.patch
new file mode 100644
index 0000000..ef6d179
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/ptest-deps.patch
@@ -0,0 +1,34 @@
+Remove Makefile dependencies for test targets
+
+These are probably here because the executables aren't always built for
+other platforms (e.g. Windows); however we can safely assume they'll
+always be there. None of the other test targets have such dependencies
+and if we don't remove them, make tries to rebuild the executables and
+fails during run-ptest.
+
+Upstream-Status: Inappropriate [config]
+
+Signed-off-by: Paul Eggleton <paul.eggleton at linux.intel.com>
+
+Index: openssl-1.0.2/test/Makefile
+===================================================================
+--- openssl-1.0.2.orig/test/Makefile
++++ openssl-1.0.2/test/Makefile
+@@ -330,7 +330,7 @@ test_cms: ../apps/openssl$(EXE_EXT) cms-
+ @echo "CMS consistency test"
+ $(PERL) cms-test.pl
+
+-test_srp: $(SRPTEST)$(EXE_EXT)
++test_srp:
+ @echo "Test SRP"
+ ../util/shlib_wrap.sh ./srptest
+
+@@ -342,7 +342,7 @@ test_v3name: $(V3NAMETEST)$(EXE_EXT)
+ @echo "Test X509v3_check_*"
+ ../util/shlib_wrap.sh ./$(V3NAMETEST)
+
+-test_heartbeat: $(HEARTBEATTEST)$(EXE_EXT)
++test_heartbeat:
+ ../util/shlib_wrap.sh ./$(HEARTBEATTEST)
+
+ test_constant_time: $(CONSTTIMETEST)$(EXE_EXT)
diff --git a/recipes-connectivity/openssl/openssl-qoriq/ptest_makefile_deps.patch b/recipes-connectivity/openssl/openssl-qoriq/ptest_makefile_deps.patch
new file mode 100644
index 0000000..4202e61
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/ptest_makefile_deps.patch
@@ -0,0 +1,248 @@
+Additional Makefile dependencies removal for test targets
+
+Removing the dependency check for test targets as these tests are
+causing a number of failures and "noise" during ptest execution.
+
+Upstream-Status: Inappropriate [config]
+
+Signed-off-by: Maxin B. John <maxin.john at intel.com>
+
+diff -Naur openssl-1.0.2d-orig/test/Makefile openssl-1.0.2d/test/Makefile
+--- openssl-1.0.2d-orig/test/Makefile 2015-09-28 12:50:41.530022979 +0300
++++ openssl-1.0.2d/test/Makefile 2015-09-28 12:57:45.930717240 +0300
+@@ -155,67 +155,67 @@
+ ( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \
+ done)
+
+-test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
++test_evp:
+ ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
+
+-test_evp_extra: $(EVPEXTRATEST)$(EXE_EXT)
++test_evp_extra:
+ ../util/shlib_wrap.sh ./$(EVPEXTRATEST)
+
+-test_des: $(DESTEST)$(EXE_EXT)
++test_des:
+ ../util/shlib_wrap.sh ./$(DESTEST)
+
+-test_idea: $(IDEATEST)$(EXE_EXT)
++test_idea:
+ ../util/shlib_wrap.sh ./$(IDEATEST)
+
+-test_sha: $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT)
++test_sha:
+ ../util/shlib_wrap.sh ./$(SHATEST)
+ ../util/shlib_wrap.sh ./$(SHA1TEST)
+ ../util/shlib_wrap.sh ./$(SHA256TEST)
+ ../util/shlib_wrap.sh ./$(SHA512TEST)
+
+-test_mdc2: $(MDC2TEST)$(EXE_EXT)
++test_mdc2:
+ ../util/shlib_wrap.sh ./$(MDC2TEST)
+
+-test_md5: $(MD5TEST)$(EXE_EXT)
++test_md5:
+ ../util/shlib_wrap.sh ./$(MD5TEST)
+
+-test_md4: $(MD4TEST)$(EXE_EXT)
++test_md4:
+ ../util/shlib_wrap.sh ./$(MD4TEST)
+
+-test_hmac: $(HMACTEST)$(EXE_EXT)
++test_hmac:
+ ../util/shlib_wrap.sh ./$(HMACTEST)
+
+-test_wp: $(WPTEST)$(EXE_EXT)
++test_wp:
+ ../util/shlib_wrap.sh ./$(WPTEST)
+
+-test_md2: $(MD2TEST)$(EXE_EXT)
++test_md2:
+ ../util/shlib_wrap.sh ./$(MD2TEST)
+
+-test_rmd: $(RMDTEST)$(EXE_EXT)
++test_rmd:
+ ../util/shlib_wrap.sh ./$(RMDTEST)
+
+-test_bf: $(BFTEST)$(EXE_EXT)
++test_bf:
+ ../util/shlib_wrap.sh ./$(BFTEST)
+
+-test_cast: $(CASTTEST)$(EXE_EXT)
++test_cast:
+ ../util/shlib_wrap.sh ./$(CASTTEST)
+
+-test_rc2: $(RC2TEST)$(EXE_EXT)
++test_rc2:
+ ../util/shlib_wrap.sh ./$(RC2TEST)
+
+-test_rc4: $(RC4TEST)$(EXE_EXT)
++test_rc4:
+ ../util/shlib_wrap.sh ./$(RC4TEST)
+
+-test_rc5: $(RC5TEST)$(EXE_EXT)
++test_rc5:
+ ../util/shlib_wrap.sh ./$(RC5TEST)
+
+-test_rand: $(RANDTEST)$(EXE_EXT)
++test_rand:
+ ../util/shlib_wrap.sh ./$(RANDTEST)
+
+-test_enc: ../apps/openssl$(EXE_EXT) testenc
++test_enc:
+ @sh ./testenc
+
+-test_x509: ../apps/openssl$(EXE_EXT) tx509 testx509.pem v3-cert1.pem v3-cert2.pem
++test_x509:
+ echo test normal x509v1 certificate
+ sh ./tx509 2>/dev/null
+ echo test first x509v3 certificate
+@@ -223,25 +223,25 @@
+ echo test second x509v3 certificate
+ sh ./tx509 v3-cert2.pem 2>/dev/null
+
+-test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem
++test_rsa:
+ @sh ./trsa 2>/dev/null
+ ../util/shlib_wrap.sh ./$(RSATEST)
+
+-test_crl: ../apps/openssl$(EXE_EXT) tcrl testcrl.pem
++test_crl:
+ @sh ./tcrl 2>/dev/null
+
+-test_sid: ../apps/openssl$(EXE_EXT) tsid testsid.pem
++test_sid:
+ @sh ./tsid 2>/dev/null
+
+-test_req: ../apps/openssl$(EXE_EXT) treq testreq.pem testreq2.pem
++test_req:
+ @sh ./treq 2>/dev/null
+ @sh ./treq testreq2.pem 2>/dev/null
+
+-test_pkcs7: ../apps/openssl$(EXE_EXT) tpkcs7 tpkcs7d testp7.pem pkcs7-1.pem
++test_pkcs7:
+ @sh ./tpkcs7 2>/dev/null
+ @sh ./tpkcs7d 2>/dev/null
+
+-test_bn: $(BNTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) bctest
++test_bn:
+ @echo starting big number library test, could take a while...
+ @../util/shlib_wrap.sh ./$(BNTEST) >tmp.bntest
+ @echo quit >>tmp.bntest
+@@ -250,33 +250,33 @@
+ @echo 'test a^b%c implementations'
+ ../util/shlib_wrap.sh ./$(EXPTEST)
+
+-test_ec: $(ECTEST)$(EXE_EXT)
++test_ec:
+ @echo 'test elliptic curves'
+ ../util/shlib_wrap.sh ./$(ECTEST)
+
+-test_ecdsa: $(ECDSATEST)$(EXE_EXT)
++test_ecdsa:
+ @echo 'test ecdsa'
+ ../util/shlib_wrap.sh ./$(ECDSATEST)
+
+-test_ecdh: $(ECDHTEST)$(EXE_EXT)
++test_ecdh:
+ @echo 'test ecdh'
+ ../util/shlib_wrap.sh ./$(ECDHTEST)
+
+-test_verify: ../apps/openssl$(EXE_EXT)
++test_verify:
+ @echo "The following command should have some OK's and some failures"
+ @echo "There are definitly a few expired certificates"
+ ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem
+
+-test_dh: $(DHTEST)$(EXE_EXT)
++test_dh:
+ @echo "Generate a set of DH parameters"
+ ../util/shlib_wrap.sh ./$(DHTEST)
+
+-test_dsa: $(DSATEST)$(EXE_EXT)
++test_dsa:
+ @echo "Generate a set of DSA parameters"
+ ../util/shlib_wrap.sh ./$(DSATEST)
+ ../util/shlib_wrap.sh ./$(DSATEST) -app2_1
+
+-test_gen testreq.pem: ../apps/openssl$(EXE_EXT) testgen test.cnf
++test_gen testreq.pem:
+ @echo "Generate and verify a certificate request"
+ @sh ./testgen
+
+@@ -288,13 +288,11 @@
+ @cat certCA.ss certU.ss > intP1.ss
+ @cat certCA.ss certU.ss certP1.ss > intP2.ss
+
+-test_engine: $(ENGINETEST)$(EXE_EXT)
++test_engine:
+ @echo "Manipulate the ENGINE structures"
+ ../util/shlib_wrap.sh ./$(ENGINETEST)
+
+-test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \
+- intP1.ss intP2.ss $(SSLTEST)$(EXE_EXT) testssl testsslproxy \
+- ../apps/server2.pem serverinfo.pem
++test_ssl:
+ @echo "test SSL protocol"
+ @if [ -n "$(FIPSCANLIB)" ]; then \
+ sh ./testfipsssl keyU.ss certU.ss certCA.ss; \
+@@ -304,7 +302,7 @@
+ @sh ./testsslproxy keyP1.ss certP1.ss intP1.ss
+ @sh ./testsslproxy keyP2.ss certP2.ss intP2.ss
+
+-test_ca: ../apps/openssl$(EXE_EXT) testca CAss.cnf Uss.cnf
++test_ca:
+ @if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \
+ echo "skipping CA.sh test -- requires RSA"; \
+ else \
+@@ -312,11 +310,11 @@
+ sh ./testca; \
+ fi
+
+-test_aes: #$(AESTEST)
++test_aes:
+ # @echo "test Rijndael"
+ # ../util/shlib_wrap.sh ./$(AESTEST)
+
+-test_tsa: ../apps/openssl$(EXE_EXT) testtsa CAtsa.cnf ../util/shlib_wrap.sh
++test_tsa:
+ @if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \
+ echo "skipping testtsa test -- requires RSA"; \
+ else \
+@@ -331,7 +329,7 @@
+ @echo "Test JPAKE"
+ ../util/shlib_wrap.sh ./$(JPAKETEST)
+
+-test_cms: ../apps/openssl$(EXE_EXT) cms-test.pl smcont.txt
++test_cms:
+ @echo "CMS consistency test"
+ $(PERL) cms-test.pl
+
+@@ -339,22 +337,22 @@
+ @echo "Test SRP"
+ ../util/shlib_wrap.sh ./srptest
+
+-test_ocsp: ../apps/openssl$(EXE_EXT) tocsp
++test_ocsp:
+ @echo "Test OCSP"
+ @sh ./tocsp
+
+-test_v3name: $(V3NAMETEST)$(EXE_EXT)
++test_v3name:
+ @echo "Test X509v3_check_*"
+ ../util/shlib_wrap.sh ./$(V3NAMETEST)
+
+ test_heartbeat:
+ ../util/shlib_wrap.sh ./$(HEARTBEATTEST)
+
+-test_constant_time: $(CONSTTIMETEST)$(EXE_EXT)
++test_constant_time:
+ @echo "Test constant time utilites"
+ ../util/shlib_wrap.sh ./$(CONSTTIMETEST)
+
+-test_verify_extra: $(VERIFYEXTRATEST)$(EXE_EXT)
++test_verify_extra:
+ @echo $(START) $@
+ ../util/shlib_wrap.sh ./$(VERIFYEXTRATEST)
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch
index e7b874f..5e99d91 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch
@@ -1,7 +1,7 @@
-From 9297e3834518ff0558d6e7004a62adfd107e659a Mon Sep 17 00:00:00 2001
+From 45e4b0835ad965cf9cc813a31df354f1e6d14513 Mon Sep 17 00:00:00 2001
From: Cristian Stoica <cristian.stoica at freescale.com>
Date: Tue, 10 Sep 2013 12:46:46 +0300
-Subject: [PATCH 01/26] remove double initialization of cryptodev engine
+Subject: [PATCH 01/48] remove double initialization of cryptodev engine
cryptodev engine is initialized together with the other engines in
ENGINE_load_builtin_engines. The initialization done through
@@ -11,65 +11,66 @@ Change-Id: Ic9488500967595543ff846f147b36f383db7cb27
Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
Reviewed-on: http://git.am.freescale.net:8181/17222
---
- crypto/engine/eng_all.c | 11 -----------
+ crypto/engine/eng_all.c | 12 ------------
crypto/engine/engine.h | 4 ----
crypto/evp/c_all.c | 5 -----
util/libeay.num | 2 +-
- 4 files changed, 1 insertion(+), 21 deletions(-)
+ 4 files changed, 1 insertion(+), 22 deletions(-)
diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
-index 6093376..f16c043 100644
+index 48ad0d2..a198c5f 100644
--- a/crypto/engine/eng_all.c
+++ b/crypto/engine/eng_all.c
-@@ -122,14 +122,3 @@ void ENGINE_load_builtin_engines(void)
+@@ -122,15 +122,3 @@ void ENGINE_load_builtin_engines(void)
#endif
- ENGINE_register_all_complete();
- }
+ ENGINE_register_all_complete();
+ }
-
-#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
--void ENGINE_setup_bsd_cryptodev(void) {
-- static int bsd_cryptodev_default_loaded = 0;
-- if (!bsd_cryptodev_default_loaded) {
-- ENGINE_load_cryptodev();
-- ENGINE_register_all_complete();
-- }
-- bsd_cryptodev_default_loaded=1;
+-void ENGINE_setup_bsd_cryptodev(void)
+-{
+- static int bsd_cryptodev_default_loaded = 0;
+- if (!bsd_cryptodev_default_loaded) {
+- ENGINE_load_cryptodev();
+- ENGINE_register_all_complete();
+- }
+- bsd_cryptodev_default_loaded = 1;
-}
-#endif
diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
-index f8be497..237a6c9 100644
+index bd7b591..020d912 100644
--- a/crypto/engine/engine.h
+++ b/crypto/engine/engine.h
-@@ -740,10 +740,6 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
- * values. */
+@@ -857,10 +857,6 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id,
+ */
void *ENGINE_get_static_state(void);
--#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
+-# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
-void ENGINE_setup_bsd_cryptodev(void);
--#endif
+-# endif
-
/* BEGIN ERROR CODES */
- /* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
+ /*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c
-index 766c4ce..5d6c21b 100644
+index a3ed00d..719e34d 100644
--- a/crypto/evp/c_all.c
+++ b/crypto/evp/c_all.c
@@ -82,9 +82,4 @@ void OPENSSL_add_all_algorithms_noconf(void)
- OPENSSL_cpuid_setup();
- OpenSSL_add_all_ciphers();
- OpenSSL_add_all_digests();
+ OPENSSL_cpuid_setup();
+ OpenSSL_add_all_ciphers();
+ OpenSSL_add_all_digests();
-#ifndef OPENSSL_NO_ENGINE
-# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
-- ENGINE_setup_bsd_cryptodev();
+- ENGINE_setup_bsd_cryptodev();
-# endif
-#endif
- }
+ }
diff --git a/util/libeay.num b/util/libeay.num
-index aa86b2b..ae50040 100755
+index 2094ab3..2742cf5 100755
--- a/util/libeay.num
+++ b/util/libeay.num
-@@ -2801,7 +2801,7 @@ BIO_indent 3242 EXIST::FUNCTION:
+@@ -2805,7 +2805,7 @@ BIO_indent 3242 EXIST::FUNCTION:
BUF_strlcpy 3243 EXIST::FUNCTION:
OpenSSLDie 3244 EXIST::FUNCTION:
OPENSSL_cleanse 3245 EXIST::FUNCTION:
@@ -79,5 +80,5 @@ index aa86b2b..ae50040 100755
EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES
FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION:
--
-2.3.5
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
index ab2b7ea..d590789 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
@@ -1,7 +1,7 @@
-From dfd6ba263dc25ea2a4bbc32448b24ca2b1fc40e8 Mon Sep 17 00:00:00 2001
+From e7c630f8417b6f4e1bf2466e545ffe04af2eff00 Mon Sep 17 00:00:00 2001
From: Cristian Stoica <cristian.stoica at freescale.com>
Date: Thu, 29 Aug 2013 16:51:18 +0300
-Subject: [PATCH 02/26] eng_cryptodev: add support for TLS algorithms offload
+Subject: [PATCH 02/48] eng_cryptodev: add support for TLS algorithms offload
- aes-128-cbc-hmac-sha1
- aes-256-cbc-hmac-sha1
@@ -9,309 +9,335 @@ Subject: [PATCH 02/26] eng_cryptodev: add support for TLS algorithms offload
Requires TLS patches on cryptodev and TLS algorithm support in Linux
kernel driver.
-Change-Id: I43048caa348414daddd6c1a5cdc55e769ac1945f
Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/17223
---
- crypto/engine/eng_cryptodev.c | 222 +++++++++++++++++++++++++++++++++++++++---
- 1 file changed, 211 insertions(+), 11 deletions(-)
+ crypto/engine/eng_cryptodev.c | 226 ++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 215 insertions(+), 11 deletions(-)
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 5a715ac..7588a28 100644
+index 8fb9c33..4d783d4 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
-@@ -72,6 +72,9 @@ ENGINE_load_cryptodev(void)
+@@ -71,6 +71,9 @@ void ENGINE_load_cryptodev(void)
struct dev_crypto_state {
- struct session_op d_sess;
- int d_fd;
-+ unsigned char *aad;
-+ unsigned int aad_len;
-+ unsigned int len;
-
- #ifdef USE_CRYPTODEV_DIGESTS
- char dummy_mac_key[HASH_MAX_LEN];
-@@ -140,17 +143,20 @@ static struct {
- int nid;
- int ivmax;
- int keylen;
-+ int mackeylen;
+ struct session_op d_sess;
+ int d_fd;
++ unsigned char *aad;
++ unsigned int aad_len;
++ unsigned int len;
+ # ifdef USE_CRYPTODEV_DIGESTS
+ char dummy_mac_key[HASH_MAX_LEN];
+ unsigned char digest_res[HASH_MAX_LEN];
+@@ -141,24 +144,25 @@ static struct {
+ int nid;
+ int ivmax;
+ int keylen;
++ int mackeylen;
} ciphers[] = {
-- { CRYPTO_ARC4, NID_rc4, 0, 16, },
-- { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, },
-- { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, },
-- { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, },
-- { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, },
-- { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, },
-- { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, },
-- { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, },
-- { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, },
-- { 0, NID_undef, 0, 0, },
-+ { CRYPTO_ARC4, NID_rc4, 0, 16, 0},
-+ { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, 0},
-+ { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, 0},
-+ { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, 0},
-+ { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, 0},
-+ { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, 0},
-+ { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, 0},
-+ { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0},
-+ { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0},
-+ { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
-+ { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
-+ { 0, NID_undef, 0, 0, 0},
+ {
+- CRYPTO_ARC4, NID_rc4, 0, 16,
++ CRYPTO_ARC4, NID_rc4, 0, 16, 0
+ },
+ {
+- CRYPTO_DES_CBC, NID_des_cbc, 8, 8,
++ CRYPTO_DES_CBC, NID_des_cbc, 8, 8, 0
+ },
+ {
+- CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24,
++ CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, 0
+ },
+ {
+- CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16,
++ CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, 0
+ },
+ {
+- CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24,
++ CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, 0
+ },
+ {
+- CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32,
++ CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, 0
+ },
+ # ifdef CRYPTO_AES_CTR
+ {
+@@ -172,16 +176,22 @@ static struct {
+ },
+ # endif
+ {
+- CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16,
++ CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, 0
+ },
+ {
+- CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16,
++ CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0
+ },
+ {
+- CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0,
++ CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0
+ },
+ {
+- 0, NID_undef, 0, 0,
++ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20
++ },
++ {
++ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20
++ },
++ {
++ 0, NID_undef, 0, 0, 0
+ },
};
- #ifdef USE_CRYPTODEV_DIGESTS
-@@ -250,13 +256,15 @@ get_cryptodev_ciphers(const int **cnids)
- }
- memset(&sess, 0, sizeof(sess));
- sess.key = (caddr_t)"123456789abcdefghijklmno";
-+ sess.mackey = (caddr_t)"123456789ABCDEFGHIJKLMNO";
+@@ -295,13 +305,15 @@ static int get_cryptodev_ciphers(const int **cnids)
+ }
+ memset(&sess, 0, sizeof(sess));
+ sess.key = (caddr_t) "123456789abcdefghijklmno";
++ sess.mackey = (caddr_t) "123456789ABCDEFGHIJKLMNO";
- for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
- if (ciphers[i].nid == NID_undef)
- continue;
- sess.cipher = ciphers[i].id;
- sess.keylen = ciphers[i].keylen;
-- sess.mac = 0;
-+ sess.mackeylen = ciphers[i].mackeylen;
+ for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+ if (ciphers[i].nid == NID_undef)
+ continue;
+ sess.cipher = ciphers[i].id;
+ sess.keylen = ciphers[i].keylen;
+- sess.mac = 0;
++ sess.mackeylen = ciphers[i].mackeylen;
+
- if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
- ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
- nids[count++] = ciphers[i].nid;
-@@ -414,6 +422,67 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- return (1);
+ if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+ ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+ nids[count++] = ciphers[i].nid;
+@@ -457,6 +469,66 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ return (1);
}
-+
+static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t len)
++ const unsigned char *in, size_t len)
+{
-+ struct crypt_auth_op cryp;
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ struct session_op *sess = &state->d_sess;
-+ const void *iiv;
-+ unsigned char save_iv[EVP_MAX_IV_LENGTH];
++ struct crypt_auth_op cryp;
++ struct dev_crypto_state *state = ctx->cipher_data;
++ struct session_op *sess = &state->d_sess;
++ const void *iiv;
++ unsigned char save_iv[EVP_MAX_IV_LENGTH];
+
-+ if (state->d_fd < 0)
-+ return (0);
-+ if (!len)
-+ return (1);
-+ if ((len % ctx->cipher->block_size) != 0)
-+ return (0);
++ if (state->d_fd < 0)
++ return (0);
++ if (!len)
++ return (1);
++ if ((len % ctx->cipher->block_size) != 0)
++ return (0);
+
-+ memset(&cryp, 0, sizeof(cryp));
++ memset(&cryp, 0, sizeof(cryp));
+
-+ /* TODO: make a seamless integration with cryptodev flags */
-+ switch (ctx->cipher->nid) {
-+ case NID_aes_128_cbc_hmac_sha1:
-+ case NID_aes_256_cbc_hmac_sha1:
-+ cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
-+ }
-+ cryp.ses = sess->ses;
-+ cryp.len = state->len;
-+ cryp.src = (caddr_t) in;
-+ cryp.dst = (caddr_t) out;
-+ cryp.auth_src = state->aad;
-+ cryp.auth_len = state->aad_len;
++ /* TODO: make a seamless integration with cryptodev flags */
++ switch (ctx->cipher->nid) {
++ case NID_aes_128_cbc_hmac_sha1:
++ case NID_aes_256_cbc_hmac_sha1:
++ cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
++ }
++ cryp.ses = sess->ses;
++ cryp.len = state->len;
++ cryp.src = (caddr_t) in;
++ cryp.dst = (caddr_t) out;
++ cryp.auth_src = state->aad;
++ cryp.auth_len = state->aad_len;
+
-+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
++ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+
-+ if (ctx->cipher->iv_len) {
-+ cryp.iv = (caddr_t) ctx->iv;
-+ if (!ctx->encrypt) {
-+ iiv = in + len - ctx->cipher->iv_len;
-+ memcpy(save_iv, iiv, ctx->cipher->iv_len);
-+ }
-+ } else
-+ cryp.iv = NULL;
++ if (ctx->cipher->iv_len) {
++ cryp.iv = (caddr_t) ctx->iv;
++ if (!ctx->encrypt) {
++ iiv = in + len - ctx->cipher->iv_len;
++ memcpy(save_iv, iiv, ctx->cipher->iv_len);
++ }
++ } else
++ cryp.iv = NULL;
+
-+ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
-+ /* XXX need better errror handling
-+ * this can fail for a number of different reasons.
-+ */
-+ return (0);
-+ }
++ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
++ /*
++ * XXX need better errror handling this can fail for a number of
++ * different reasons.
++ */
++ return (0);
++ }
+
-+ if (ctx->cipher->iv_len) {
-+ if (ctx->encrypt)
-+ iiv = out + len - ctx->cipher->iv_len;
-+ else
-+ iiv = save_iv;
-+ memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
-+ }
-+ return (1);
++ if (ctx->cipher->iv_len) {
++ if (ctx->encrypt)
++ iiv = out + len - ctx->cipher->iv_len;
++ else
++ iiv = save_iv;
++ memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
++ }
++ return (1);
+}
+
-+
static int
cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
-@@ -452,6 +521,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- return (1);
+ const unsigned char *iv, int enc)
+@@ -496,6 +568,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
}
-+/* Save the encryption key provided by upper layers.
-+ *
-+ * This function is called by EVP_CipherInit_ex to initialize the algorithm's
-+ * extra data. We can't do much here because the mac key is not available.
-+ * The next call should/will be to cryptodev_cbc_hmac_sha1_ctrl with parameter
+ /*
++ * Save the encryption key provided by upper layers. This function is called
++ * by EVP_CipherInit_ex to initialize the algorithm's extra data. We can't do
++ * much here because the mac key is not available. The next call should/will
++ * be to cryptodev_cbc_hmac_sha1_ctrl with parameter
+ * EVP_CTRL_AEAD_SET_MAC_KEY, to set the hmac key. There we call CIOCGSESSION
+ * with both the crypto and hmac keys.
+ */
+static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx,
-+ const unsigned char *key, const unsigned char *iv, int enc)
++ const unsigned char *key,
++ const unsigned char *iv, int enc)
+{
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ struct session_op *sess = &state->d_sess;
-+ int cipher = -1, i;
++ struct dev_crypto_state *state = ctx->cipher_data;
++ struct session_op *sess = &state->d_sess;
++ int cipher = -1, i;
+
-+ for (i = 0; ciphers[i].id; i++)
-+ if (ctx->cipher->nid == ciphers[i].nid &&
-+ ctx->cipher->iv_len <= ciphers[i].ivmax &&
-+ ctx->key_len == ciphers[i].keylen) {
-+ cipher = ciphers[i].id;
-+ break;
-+ }
++ for (i = 0; ciphers[i].id; i++)
++ if (ctx->cipher->nid == ciphers[i].nid &&
++ ctx->cipher->iv_len <= ciphers[i].ivmax &&
++ ctx->key_len == ciphers[i].keylen) {
++ cipher = ciphers[i].id;
++ break;
++ }
+
-+ if (!ciphers[i].id) {
-+ state->d_fd = -1;
-+ return (0);
-+ }
++ if (!ciphers[i].id) {
++ state->d_fd = -1;
++ return (0);
++ }
+
-+ memset(sess, 0, sizeof(struct session_op));
++ memset(sess, 0, sizeof(struct session_op));
+
-+ sess->key = (caddr_t)key;
-+ sess->keylen = ctx->key_len;
-+ sess->cipher = cipher;
++ sess->key = (caddr_t) key;
++ sess->keylen = ctx->key_len;
++ sess->cipher = cipher;
+
-+ /* for whatever reason, (1) means success */
-+ return (1);
++ /* for whatever reason, (1) means success */
++ return (1);
+}
+
-+
- /*
++/*
* free anything we allocated earlier when initting a
* session, and close the session.
-@@ -488,6 +596,63 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
- return (ret);
+ */
+@@ -529,6 +640,63 @@ static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
+ return (ret);
}
-+static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
-+ void *ptr)
++static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
++ int arg, void *ptr)
+{
-+ switch (type) {
-+ case EVP_CTRL_AEAD_SET_MAC_KEY:
-+ {
-+ /* TODO: what happens with hmac keys larger than 64 bytes? */
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ struct session_op *sess = &state->d_sess;
++ switch (type) {
++ case EVP_CTRL_AEAD_SET_MAC_KEY:
++ {
++ /* TODO: what happens with hmac keys larger than 64 bytes? */
++ struct dev_crypto_state *state = ctx->cipher_data;
++ struct session_op *sess = &state->d_sess;
+
-+ if ((state->d_fd = get_dev_crypto()) < 0)
-+ return (0);
++ if ((state->d_fd = get_dev_crypto()) < 0)
++ return (0);
+
-+ /* the rest should have been set in cryptodev_init_aead_key */
-+ sess->mackey = ptr;
-+ sess->mackeylen = arg;
++ /* the rest should have been set in cryptodev_init_aead_key */
++ sess->mackey = ptr;
++ sess->mackeylen = arg;
+
-+ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
-+ put_dev_crypto(state->d_fd);
-+ state->d_fd = -1;
-+ return (0);
-+ }
-+ return (1);
-+ }
-+ case EVP_CTRL_AEAD_TLS1_AAD:
-+ {
-+ /* ptr points to the associated data buffer of 13 bytes */
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ unsigned char *p = ptr;
-+ unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
-+ unsigned int maclen, padlen;
-+ unsigned int bs = ctx->cipher->block_size;
++ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
++ put_dev_crypto(state->d_fd);
++ state->d_fd = -1;
++ return (0);
++ }
++ return (1);
++ }
++ case EVP_CTRL_AEAD_TLS1_AAD:
++ {
++ /* ptr points to the associated data buffer of 13 bytes */
++ struct dev_crypto_state *state = ctx->cipher_data;
++ unsigned char *p = ptr;
++ unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
++ unsigned int maclen, padlen;
++ unsigned int bs = ctx->cipher->block_size;
+
-+ state->aad = ptr;
-+ state->aad_len = arg;
-+ state->len = cryptlen;
++ state->aad = ptr;
++ state->aad_len = arg;
++ state->len = cryptlen;
+
-+ /* TODO: this should be an extension of EVP_CIPHER struct */
-+ switch (ctx->cipher->nid) {
-+ case NID_aes_128_cbc_hmac_sha1:
-+ case NID_aes_256_cbc_hmac_sha1:
-+ maclen = SHA_DIGEST_LENGTH;
-+ }
++ /* TODO: this should be an extension of EVP_CIPHER struct */
++ switch (ctx->cipher->nid) {
++ case NID_aes_128_cbc_hmac_sha1:
++ case NID_aes_256_cbc_hmac_sha1:
++ maclen = SHA_DIGEST_LENGTH;
++ }
+
-+ /* space required for encryption (not only TLS padding) */
-+ padlen = maclen;
-+ if (ctx->encrypt) {
-+ cryptlen += maclen;
-+ padlen += bs - (cryptlen % bs);
-+ }
-+ return padlen;
-+ }
-+ default:
-+ return -1;
-+ }
++ /* space required for encryption (not only TLS padding) */
++ padlen = maclen;
++ if (ctx->encrypt) {
++ cryptlen += maclen;
++ padlen += bs - (cryptlen % bs);
++ }
++ return padlen;
++ }
++ default:
++ return -1;
++ }
+}
+
/*
* libcrypto EVP stuff - this is how we get wired to EVP so the engine
* gets called when libcrypto requests a cipher NID.
-@@ -600,6 +765,33 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
- NULL
+@@ -641,6 +809,34 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
+ NULL
};
+const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
-+ NID_aes_128_cbc_hmac_sha1,
-+ 16, 16, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
++ NID_aes_128_cbc_hmac_sha1,
++ 16, 16, 16,
++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++ cryptodev_init_aead_key,
++ cryptodev_aead_cipher,
++ cryptodev_cleanup,
++ sizeof(struct dev_crypto_state),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ cryptodev_cbc_hmac_sha1_ctrl,
++ NULL
+};
+
+const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
-+ NID_aes_256_cbc_hmac_sha1,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
++ NID_aes_256_cbc_hmac_sha1,
++ 16, 32, 16,
++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++ cryptodev_init_aead_key,
++ cryptodev_aead_cipher,
++ cryptodev_cleanup,
++ sizeof(struct dev_crypto_state),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ cryptodev_cbc_hmac_sha1_ctrl,
++ NULL
+};
- /*
- * Registered by the ENGINE when used to find out how to deal with
- * a particular NID in the ENGINE. this says what we'll do at the
-@@ -637,6 +829,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- case NID_aes_256_cbc:
- *cipher = &cryptodev_aes_256_cbc;
- break;
-+ case NID_aes_128_cbc_hmac_sha1:
-+ *cipher = &cryptodev_aes_128_cbc_hmac_sha1;
-+ break;
-+ case NID_aes_256_cbc_hmac_sha1:
-+ *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
-+ break;
- default:
- *cipher = NULL;
- break;
-@@ -1384,6 +1582,8 @@ ENGINE_load_cryptodev(void)
- }
- put_dev_crypto(fd);
++
+ # ifdef CRYPTO_AES_CTR
+ const EVP_CIPHER cryptodev_aes_ctr = {
+ NID_aes_128_ctr,
+@@ -729,6 +925,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+ *cipher = &cryptodev_aes_ctr_256;
+ break;
+ # endif
++ case NID_aes_128_cbc_hmac_sha1:
++ *cipher = &cryptodev_aes_128_cbc_hmac_sha1;
++ break;
++ case NID_aes_256_cbc_hmac_sha1:
++ *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
++ break;
+ default:
+ *cipher = NULL;
+ break;
+@@ -1472,6 +1674,8 @@ void ENGINE_load_cryptodev(void)
+ }
+ put_dev_crypto(fd);
-+ EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
-+ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
- if (!ENGINE_set_id(engine, "cryptodev") ||
- !ENGINE_set_name(engine, "BSD cryptodev engine") ||
- !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
++ EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
++ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
+ if (!ENGINE_set_id(engine, "cryptodev") ||
+ !ENGINE_set_name(engine, "BSD cryptodev engine") ||
+ !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
--
-2.3.5
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch
index f0d97e9..9d30cc3 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch
@@ -1,64 +1,61 @@
-From 084fa469a8fef530d71a0870364df1c7997f6465 Mon Sep 17 00:00:00 2001
+From 36bb0879b498f8e87798848dafa058476f723165 Mon Sep 17 00:00:00 2001
From: Cristian Stoica <cristian.stoica at freescale.com>
Date: Thu, 31 Jul 2014 14:06:19 +0300
-Subject: [PATCH 03/26] cryptodev: fix algorithm registration
+Subject: [PATCH 03/48] cryptodev: fix algorithm registration
Cryptodev specific algorithms must register only if available in kernel.
-Change-Id: Iec5af8f4f3138357e4b96f2ec1627278134e4808
Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/15326
Reviewed-by: Horia Ioan Geanta Neag <horia.geanta at freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/17224
---
crypto/engine/eng_cryptodev.c | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 7588a28..e3eb98b 100644
+index 4d783d4..3b6515e 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
-@@ -133,6 +133,8 @@ static int cryptodev_dh_compute_key(unsigned char *key,
+@@ -134,6 +134,8 @@ static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
- void (*f)(void));
+ void (*f) (void));
void ENGINE_load_cryptodev(void);
+const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
+const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
static const ENGINE_CMD_DEFN cryptodev_defns[] = {
- { 0, NULL, NULL, 0 }
-@@ -342,7 +344,21 @@ get_cryptodev_digests(const int **cnids)
- static int
- cryptodev_usable_ciphers(const int **nids)
+ {0, NULL, NULL, 0}
+@@ -389,7 +391,21 @@ static int get_cryptodev_digests(const int **cnids)
+ */
+ static int cryptodev_usable_ciphers(const int **nids)
{
-- return (get_cryptodev_ciphers(nids));
-+ int i, count;
+- return (get_cryptodev_ciphers(nids));
++ int i, count;
+
-+ count = get_cryptodev_ciphers(nids);
-+ /* add ciphers specific to cryptodev if found in kernel */
-+ for(i = 0; i < count; i++) {
-+ switch (*(*nids + i)) {
-+ case NID_aes_128_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
-+ break;
-+ case NID_aes_256_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
-+ break;
-+ }
-+ }
-+ return count;
++ count = get_cryptodev_ciphers(nids);
++ /* add ciphers specific to cryptodev if found in kernel */
++ for (i = 0; i < count; i++) {
++ switch (*(*nids + i)) {
++ case NID_aes_128_cbc_hmac_sha1:
++ EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
++ break;
++ case NID_aes_256_cbc_hmac_sha1:
++ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
++ break;
++ }
++ }
++ return count;
}
- static int
-@@ -1582,8 +1598,6 @@ ENGINE_load_cryptodev(void)
- }
- put_dev_crypto(fd);
+ static int cryptodev_usable_digests(const int **nids)
+@@ -1674,8 +1690,6 @@ void ENGINE_load_cryptodev(void)
+ }
+ put_dev_crypto(fd);
-- EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
-- EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
- if (!ENGINE_set_id(engine, "cryptodev") ||
- !ENGINE_set_name(engine, "BSD cryptodev engine") ||
- !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
+- EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
+- EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
+ if (!ENGINE_set_id(engine, "cryptodev") ||
+ !ENGINE_set_name(engine, "BSD cryptodev engine") ||
+ !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
--
-2.3.5
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-ECC-Support-header-for-Cryptodev-Engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch
similarity index 92%
rename from recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-ECC-Support-header-for-Cryptodev-Engine.patch
rename to recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch
index c9ff5aa..64a5c70 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-ECC-Support-header-for-Cryptodev-Engine.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch
@@ -1,22 +1,22 @@
-From 15abbcd740eafbf2a46b5da24be76acf4982743d Mon Sep 17 00:00:00 2001
+From 0a9f99574266225c6fa1a10d91eb3fdc755140b8 Mon Sep 17 00:00:00 2001
From: Yashpal Dutta <yashpal.dutta at freescale.com>
Date: Tue, 11 Mar 2014 05:56:54 +0545
-Subject: [PATCH 05/26] ECC Support header for Cryptodev Engine
+Subject: [PATCH 04/48] ECC Support header for Cryptodev Engine
Upstream-status: Pending
Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
---
- crypto/engine/eng_cryptodev_ec.h | 296 +++++++++++++++++++++++++++++++++++++++
- 1 file changed, 296 insertions(+)
+ crypto/engine/eng_cryptodev_ec.h | 297 +++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 297 insertions(+)
create mode 100644 crypto/engine/eng_cryptodev_ec.h
diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h
new file mode 100644
-index 0000000..77aee71
+index 0000000..af54c51
--- /dev/null
+++ b/crypto/engine/eng_cryptodev_ec.h
-@@ -0,0 +1,296 @@
+@@ -0,0 +1,297 @@
+/*
+ * Copyright (C) 2012 Freescale Semiconductor, Inc.
+ *
@@ -29,16 +29,17 @@ index 0000000..77aee71
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN
-+ * NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
-+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
-+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
++ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
++ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
++ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
++ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
++ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
+ */
+#ifndef __ENG_EC_H
+#define __ENG_EC_H
@@ -314,5 +315,5 @@ index 0000000..77aee71
+};
+#endif
--
-2.3.5
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch
deleted file mode 100644
index 2d722d8..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From 7d770f0324498d1fa78300cc5cecc8c1dcd3b788 Mon Sep 17 00:00:00 2001
-From: Andy Polyakov <appro at openssl.org>
-Date: Sun, 21 Oct 2012 18:19:41 +0000
-Subject: [PATCH 04/26] linux-pcc: make it more robust and recognize
- KERNEL_BITS variable.
-
-(cherry picked from commit 78c3e20579d3baa159c8b51b59d415b6e521614b)
-
-Change-Id: I769c466f052305681ab54a1b6545d94c7fbf5a9d
-Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- config | 19 +++++++++++++------
- crypto/ppccap.c | 7 +++++++
- 2 files changed, 20 insertions(+), 6 deletions(-)
-
-diff --git a/config b/config
-index 41fa2a6..f37b9e6 100755
---- a/config
-+++ b/config
-@@ -587,13 +587,20 @@ case "$GUESSOS" in
- fi
- ;;
- ppc64-*-linux2)
-- echo "WARNING! If you wish to build 64-bit library, then you have to"
-- echo " invoke './Configure linux-ppc64' *manually*."
-- if [ "$TEST" = "false" -a -t 1 ]; then
-- echo " You have about 5 seconds to press Ctrl-C to abort."
-- (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
-+ if [ -z "$KERNEL_BITS" ]; then
-+ echo "WARNING! If you wish to build 64-bit library, then you have to"
-+ echo " invoke './Configure linux-ppc64' *manually*."
-+ if [ "$TEST" = "false" -a -t 1 ]; then
-+ echo " You have about 5 seconds to press Ctrl-C to abort."
-+ (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
-+ fi
-+ fi
-+ if [ "$KERNEL_BITS" = "64" ]; then
-+ OUT="linux-ppc64"
-+ else
-+ OUT="linux-ppc"
-+ (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || options="$options -m32"
- fi
-- OUT="linux-ppc"
- ;;
- ppc-*-linux2) OUT="linux-ppc" ;;
- ppc60x-*-vxworks*) OUT="vxworks-ppc60x" ;;
-diff --git a/crypto/ppccap.c b/crypto/ppccap.c
-index f71ba66..531f1b3 100644
---- a/crypto/ppccap.c
-+++ b/crypto/ppccap.c
-@@ -4,6 +4,9 @@
- #include <setjmp.h>
- #include <signal.h>
- #include <unistd.h>
-+#ifdef __linux
-+#include <sys/utsname.h>
-+#endif
- #include <crypto.h>
- #include <openssl/bn.h>
-
-@@ -102,6 +105,10 @@ void OPENSSL_cpuid_setup(void)
-
- if (sizeof(size_t)==4)
- {
-+#ifdef __linux
-+ struct utsname uts;
-+ if (uname(&uts)==0 && strcmp(uts.machine,"ppc64")==0)
-+#endif
- if (sigsetjmp(ill_jmp,1) == 0)
- {
- OPENSSL_ppc64_probe();
---
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch
new file mode 100644
index 0000000..ad25306
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch
@@ -0,0 +1,1578 @@
+From e28df2a5c63dc6195a6065bfd7de9fc860129f56 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta at freescale.com>
+Date: Tue, 11 Mar 2014 06:29:52 +0545
+Subject: [PATCH 05/48] Initial support for PKC in cryptodev engine
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 1365 ++++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 1202 insertions(+), 163 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 3b6515e..0b41bb2 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -58,6 +58,10 @@ void ENGINE_load_cryptodev(void)
+ # include <openssl/dsa.h>
+ # include <openssl/err.h>
+ # include <openssl/rsa.h>
++# include <crypto/ecdsa/ecs_locl.h>
++# include <crypto/ecdh/ech_locl.h>
++# include <crypto/ec/ec_lcl.h>
++# include <crypto/ec/ec.h>
+ # include <sys/ioctl.h>
+ # include <errno.h>
+ # include <stdio.h>
+@@ -67,6 +71,7 @@ void ENGINE_load_cryptodev(void)
+ # include <syslog.h>
+ # include <errno.h>
+ # include <string.h>
++# include "eng_cryptodev_ec.h"
+
+ struct dev_crypto_state {
+ struct session_op d_sess;
+@@ -115,20 +120,10 @@ static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx);
+ static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx);
+-static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
+- const BIGNUM *p, const BIGNUM *m,
+- BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+-static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2,
+- BIGNUM *p, BN_CTX *ctx,
+- BN_MONT_CTX *mont);
+ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
+ DSA *dsa);
+ static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, DSA *dsa);
+-static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+- BN_MONT_CTX *m_ctx);
+ static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
+ DH *dh);
+ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
+@@ -137,6 +132,105 @@ void ENGINE_load_cryptodev(void);
+ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
+
++inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
++{
++ int len;
++ unsigned char *p;
++
++ len = BN_num_bytes(bn);
++
++ if (!len)
++ return -1;
++
++ p = malloc(len);
++ if (!p)
++ return -1;
++
++ BN_bn2bin(bn, p);
++
++ *bin = p;
++ *bin_len = len;
++
++ return 0;
++}
++
++inline int spcf_bn2bin_ex(BIGNUM *bn, unsigned char **bin, int *bin_len)
++{
++ int len;
++ unsigned char *p;
++
++ len = BN_num_bytes(bn);
++
++ if (!len)
++ return -1;
++
++ if (len < *bin_len)
++ p = malloc(*bin_len);
++ else
++ p = malloc(len);
++
++ if (!p)
++ return -ENOMEM;
++
++ if (len < *bin_len) {
++ /* place padding */
++ memset(p, 0, (*bin_len - len));
++ BN_bn2bin(bn, p + (*bin_len - len));
++ } else {
++ BN_bn2bin(bn, p);
++ }
++
++ *bin = p;
++ if (len >= *bin_len)
++ *bin_len = len;
++
++ return 0;
++}
++
++/**
++ * Convert an ECC F2m 'b' parameter into the 'c' parameter.
++ *Inputs:
++ * q, the curve's modulus
++ * b, the curve's b parameter
++ * (a bignum for b, a buffer for c)
++ * Output:
++ * c, written into bin, right-adjusted to fill q_len bytes.
++ */
++static int
++eng_ec_compute_cparam(const BIGNUM *b, const BIGNUM *q,
++ unsigned char **bin, int *bin_len)
++{
++ BIGNUM *c = BN_new();
++ BIGNUM *exp = BN_new();
++ BN_CTX *ctx = BN_CTX_new();
++ int m = BN_num_bits(q) - 1;
++ int ok = 0;
++
++ if (!c || !exp || !ctx || *bin)
++ goto err;
++
++ /*
++ * We have to compute c, where b = c^4, i.e., the fourth root of b.
++ * The equation for c is c = b^(2^(m-2))
++ * Compute exp = 2^(m-2)
++ * (1 << x) == 2^x
++ * and then compute c = b^exp
++ */
++ BN_lshift(exp, BN_value_one(), m - 2);
++ BN_GF2m_mod_exp(c, b, exp, q, ctx);
++ /* Store c */
++ spcf_bn2bin_ex(c, bin, bin_len);
++ ok = 1;
++ err:
++ if (ctx)
++ BN_CTX_free(ctx);
++ if (c)
++ BN_free(c);
++ if (exp)
++ BN_free(exp);
++ return ok;
++}
++
+ static const ENGINE_CMD_DEFN cryptodev_defns[] = {
+ {0, NULL, NULL, 0}
+ };
+@@ -1225,7 +1319,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+ */
+ static int bn2crparam(const BIGNUM *a, struct crparam *crp)
+ {
+- int i, j, k;
+ ssize_t bytes, bits;
+ u_char *b;
+
+@@ -1243,36 +1336,21 @@ static int bn2crparam(const BIGNUM *a, struct crparam *crp)
+ crp->crp_p = (caddr_t) b;
+ crp->crp_nbits = bits;
+
+- for (i = 0, j = 0; i < a->top; i++) {
+- for (k = 0; k < BN_BITS2 / 8; k++) {
+- if ((j + k) >= bytes)
+- return (0);
+- b[j + k] = a->d[i] >> (k * 8);
+- }
+- j += BN_BITS2 / 8;
+- }
++ BN_bn2bin(a, crp->crp_p);
+ return (0);
+ }
+
+ /* Convert a /dev/crypto parameter to a BIGNUM */
+ static int crparam2bn(struct crparam *crp, BIGNUM *a)
+ {
+- u_int8_t *pd;
+- int i, bytes;
++ int bytes;
+
+ bytes = (crp->crp_nbits + 7) / 8;
+
+ if (bytes == 0)
+ return (-1);
+
+- if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
+- return (-1);
+-
+- for (i = 0; i < bytes; i++)
+- pd[i] = crp->crp_p[bytes - i - 1];
+-
+- BN_bin2bn(pd, bytes, a);
+- free(pd);
++ BN_bin2bn(crp->crp_p, bytes, a);
+
+ return (0);
+ }
+@@ -1321,6 +1399,32 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+ return (ret);
+ }
+
++/* Close an opened instance of cryptodev engine */
++void cryptodev_close_instance(void *handle)
++{
++ int fd;
++
++ if (handle) {
++ fd = *(int *)handle;
++ close(fd);
++ free(handle);
++ }
++}
++
++/* Create an instance of cryptodev for asynchronous interface */
++void *cryptodev_init_instance(void)
++{
++ int *fd = malloc(sizeof(int));
++
++ if (fd) {
++ if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) {
++ free(fd);
++ return NULL;
++ }
++ }
++ return fd;
++}
++
+ static int
+ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+@@ -1337,8 +1441,9 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ return (ret);
+ }
+
+- memset(&kop, 0, sizeof kop);
+ kop.crk_op = CRK_MOD_EXP;
++ kop.crk_oparams = 0;
++ kop.crk_status = 0;
+
+ /* inputs: a^p % m */
+ if (bn2crparam(a, &kop.crk_param[0]))
+@@ -1381,28 +1486,39 @@ static int
+ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+ {
+ struct crypt_kop kop;
+- int ret = 1;
++ int ret = 1, f_len, p_len, q_len;
++ unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq =
++ NULL, *c = NULL;
+
+ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+ /* XXX 0 means failure?? */
+ return (0);
+ }
+
+- memset(&kop, 0, sizeof kop);
++ kop.crk_oparams = 0;
++ kop.crk_status = 0;
+ kop.crk_op = CRK_MOD_EXP_CRT;
++ f_len = BN_num_bytes(rsa->n);
++ spcf_bn2bin_ex(I, &f, &f_len);
++ spcf_bn2bin(rsa->p, &p, &p_len);
++ spcf_bn2bin(rsa->q, &q, &q_len);
++ spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
++ spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
++ spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
+ /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
+- if (bn2crparam(rsa->p, &kop.crk_param[0]))
+- goto err;
+- if (bn2crparam(rsa->q, &kop.crk_param[1]))
+- goto err;
+- if (bn2crparam(I, &kop.crk_param[2]))
+- goto err;
+- if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
+- goto err;
+- if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
+- goto err;
+- if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
+- goto err;
++ kop.crk_param[0].crp_p = p;
++ kop.crk_param[0].crp_nbits = p_len * 8;
++ kop.crk_param[1].crp_p = q;
++ kop.crk_param[1].crp_nbits = q_len * 8;
++ kop.crk_param[2].crp_p = f;
++ kop.crk_param[2].crp_nbits = f_len * 8;
++ kop.crk_param[3].crp_p = dp;
++ kop.crk_param[3].crp_nbits = p_len * 8;
++ /* dq must of length q, rest all of length p */
++ kop.crk_param[4].crp_p = dq;
++ kop.crk_param[4].crp_nbits = q_len * 8;
++ kop.crk_param[5].crp_p = c;
++ kop.crk_param[5].crp_nbits = p_len * 8;
+ kop.crk_iparams = 6;
+
+ if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
+@@ -1438,93 +1554,120 @@ static RSA_METHOD cryptodev_rsa = {
+ NULL /* rsa_verify */
+ };
+
+-static int
+-cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+-{
+- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+-}
+-
+-static int
+-cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+- BN_CTX *ctx, BN_MONT_CTX *mont)
++static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
++ DSA *dsa)
+ {
+- BIGNUM t2;
+- int ret = 0;
+-
+- BN_init(&t2);
+-
+- /* v = ( g^u1 * y^u2 mod p ) mod q */
+- /* let t1 = g ^ u1 mod p */
+- ret = 0;
++ struct crypt_kop kop;
++ BIGNUM *c = NULL, *d = NULL;
++ DSA_SIG *dsaret = NULL;
++ int q_len = 0, r_len = 0, g_len = 0;
++ int priv_key_len = 0, ret;
++ unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f =
++ NULL;
+
+- if (!dsa->meth->bn_mod_exp(dsa, t1, dsa->g, u1, dsa->p, ctx, mont))
++ memset(&kop, 0, sizeof kop);
++ if ((c = BN_new()) == NULL) {
++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+ goto err;
++ }
+
+- /* let t2 = y ^ u2 mod p */
+- if (!dsa->meth->bn_mod_exp(dsa, &t2, dsa->pub_key, u2, dsa->p, ctx, mont))
++ if ((d = BN_new()) == NULL) {
++ BN_free(c);
++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+ goto err;
+- /* let u1 = t1 * t2 mod p */
+- if (!BN_mod_mul(u1, t1, &t2, dsa->p, ctx))
++ }
++
++ if (spcf_bn2bin(dsa->p, &q, &q_len)) {
++ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+ goto err;
++ }
+
+- BN_copy(t1, u1);
++ /* Get order of the field of private keys into plain buffer */
++ if (spcf_bn2bin(dsa->q, &r, &r_len)) {
++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
+
+- ret = 1;
+- err:
+- BN_free(&t2);
+- return (ret);
+-}
++ /* sanity test */
++ if (dlen > r_len) {
++ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
++ goto err;
++ }
+
+-static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
+- DSA *dsa)
+-{
+- struct crypt_kop kop;
+- BIGNUM *r = NULL, *s = NULL;
+- DSA_SIG *dsaret = NULL;
++ g_len = q_len;
++ /**
++ * Get generator into a plain buffer. If length is less than
++ * q_len then add leading padding bytes.
++ */
++ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
+
+- if ((r = BN_new()) == NULL)
++ priv_key_len = r_len;
++ /**
++ * Get private key into a plain buffer. If length is less than
++ * r_len then add leading padding bytes.
++ */
++ if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) {
++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+ goto err;
+- if ((s = BN_new()) == NULL) {
+- BN_free(r);
++ }
++
++ /* Allocate memory to store hash. */
++ f = OPENSSL_malloc(r_len);
++ if (!f) {
++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+- memset(&kop, 0, sizeof kop);
++ /* Add padding, since SEC expects hash to of size r_len */
++ if (dlen < r_len)
++ memset(f, 0, r_len - dlen);
++
++ /* Skip leading bytes if dgst_len < r_len */
++ memcpy(f + r_len - dlen, dgst, dlen);
++
+ kop.crk_op = CRK_DSA_SIGN;
+
+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+- kop.crk_param[0].crp_p = (caddr_t) dgst;
+- kop.crk_param[0].crp_nbits = dlen * 8;
+- if (bn2crparam(dsa->p, &kop.crk_param[1]))
+- goto err;
+- if (bn2crparam(dsa->q, &kop.crk_param[2]))
+- goto err;
+- if (bn2crparam(dsa->g, &kop.crk_param[3]))
++ kop.crk_param[0].crp_p = (void *)f;
++ kop.crk_param[0].crp_nbits = r_len * 8;
++ kop.crk_param[1].crp_p = (void *)q;
++ kop.crk_param[1].crp_nbits = q_len * 8;
++ kop.crk_param[2].crp_p = (void *)r;
++ kop.crk_param[2].crp_nbits = r_len * 8;
++ kop.crk_param[3].crp_p = (void *)g;
++ kop.crk_param[3].crp_nbits = g_len * 8;
++ kop.crk_param[4].crp_p = (void *)priv_key;
++ kop.crk_param[4].crp_nbits = priv_key_len * 8;
++ kop.crk_iparams = 5;
++
++ ret = cryptodev_asym(&kop, r_len, c, r_len, d);
++
++ if (ret) {
++ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DECODE_ERROR);
+ goto err;
+- if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
++ }
++
++ dsaret = DSA_SIG_new();
++ if (dsaret == NULL)
+ goto err;
+- kop.crk_iparams = 5;
++ dsaret->r = c;
++ dsaret->s = d;
+
+- if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
+- BN_num_bytes(dsa->q), s) == 0) {
+- dsaret = DSA_SIG_new();
+- if (dsaret == NULL)
+- goto err;
+- dsaret->r = r;
+- dsaret->s = s;
+- r = s = NULL;
+- } else {
++ zapparams(&kop);
++ return (dsaret);
++ err:
++ {
+ const DSA_METHOD *meth = DSA_OpenSSL();
++ if (c)
++ BN_free(c);
++ if (d)
++ BN_free(d);
+ dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);
++ return (dsaret);
+ }
+- err:
+- BN_free(r);
+- BN_free(s);
+- kop.crk_param[0].crp_p = NULL;
+- zapparams(&kop);
+- return (dsaret);
+ }
+
+ static int
+@@ -1532,43 +1675,175 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
+ DSA_SIG *sig, DSA *dsa)
+ {
+ struct crypt_kop kop;
+- int dsaret = 1;
++ int dsaret = 1, q_len = 0, r_len = 0, g_len = 0;
++ int w_len = 0, c_len = 0, d_len = 0, ret = -1;
++ unsigned char *q = NULL, *r = NULL, *w = NULL, *g = NULL;
++ unsigned char *c = NULL, *d = NULL, *f = NULL;
+
+ memset(&kop, 0, sizeof kop);
+ kop.crk_op = CRK_DSA_VERIFY;
+
+- /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
+- kop.crk_param[0].crp_p = (caddr_t) dgst;
+- kop.crk_param[0].crp_nbits = dlen * 8;
+- if (bn2crparam(dsa->p, &kop.crk_param[1]))
++ if (spcf_bn2bin(dsa->p, &q, &q_len)) {
++ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ return ret;
++ }
++
++ /* Get Order of field of private keys */
++ if (spcf_bn2bin(dsa->q, &r, &r_len)) {
++ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ g_len = q_len;
++ /**
++ * Get generator into a plain buffer. If length is less than
++ * q_len then add leading padding bytes.
++ */
++ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
++ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+ goto err;
+- if (bn2crparam(dsa->q, &kop.crk_param[2]))
++ }
++ w_len = q_len;
++ /**
++ * Get public key into a plain buffer. If length is less than
++ * q_len then add leading padding bytes.
++ */
++ if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) {
++ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+ goto err;
+- if (bn2crparam(dsa->g, &kop.crk_param[3]))
++ }
++ /**
++ * Get the 1st part of signature into a flat buffer with
++ * appropriate padding
++ */
++ c_len = r_len;
++
++ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+ goto err;
+- if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
++ }
++
++ /**
++ * Get the 2nd part of signature into a flat buffer with
++ * appropriate padding
++ */
++ d_len = r_len;
++
++ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+ goto err;
+- if (bn2crparam(sig->r, &kop.crk_param[5]))
++ }
++
++ /* Sanity test */
++ if (dlen > r_len) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+ goto err;
+- if (bn2crparam(sig->s, &kop.crk_param[6]))
++ }
++
++ /* Allocate memory to store hash. */
++ f = OPENSSL_malloc(r_len);
++ if (!f) {
++ DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+ goto err;
++ }
++
++ /* Add padding, since SEC expects hash to of size r_len */
++ if (dlen < r_len)
++ memset(f, 0, r_len - dlen);
++
++ /* Skip leading bytes if dgst_len < r_len */
++ memcpy(f + r_len - dlen, dgst, dlen);
++
++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
++ kop.crk_param[0].crp_p = (void *)f;
++ kop.crk_param[0].crp_nbits = r_len * 8;
++ kop.crk_param[1].crp_p = q;
++ kop.crk_param[1].crp_nbits = q_len * 8;
++ kop.crk_param[2].crp_p = r;
++ kop.crk_param[2].crp_nbits = r_len * 8;
++ kop.crk_param[3].crp_p = g;
++ kop.crk_param[3].crp_nbits = g_len * 8;
++ kop.crk_param[4].crp_p = w;
++ kop.crk_param[4].crp_nbits = w_len * 8;
++ kop.crk_param[5].crp_p = c;
++ kop.crk_param[5].crp_nbits = c_len * 8;
++ kop.crk_param[6].crp_p = d;
++ kop.crk_param[6].crp_nbits = d_len * 8;
+ kop.crk_iparams = 7;
+
+- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
+- /*
+- * OCF success value is 0, if not zero, change dsaret to fail
+- */
+- if (0 != kop.crk_status)
+- dsaret = 0;
+- } else {
+- const DSA_METHOD *meth = DSA_OpenSSL();
++ if ((cryptodev_asym(&kop, 0, NULL, 0, NULL))) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR);
++ goto err;
++ }
+
+- dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
++ /*
++ * OCF success value is 0, if not zero, change dsaret to fail
++ */
++ if (0 != kop.crk_status) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR);
++ goto err;
+ }
+- err:
+- kop.crk_param[0].crp_p = NULL;
++
+ zapparams(&kop);
+ return (dsaret);
++ err:
++ {
++ const DSA_METHOD *meth = DSA_OpenSSL();
++ dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
++ return dsaret;
++ }
++}
++
++/* Cryptodev DSA Key Gen routine */
++static int cryptodev_dsa_keygen(DSA *dsa)
++{
++ struct crypt_kop kop;
++ int ret = 1, g_len;
++ unsigned char *g = NULL;
++
++ if (dsa->priv_key == NULL) {
++ if ((dsa->priv_key = BN_new()) == NULL)
++ goto sw_try;
++ }
++
++ if (dsa->pub_key == NULL) {
++ if ((dsa->pub_key = BN_new()) == NULL)
++ goto sw_try;
++ }
++
++ g_len = BN_num_bytes(dsa->p);
++ /**
++ * Get generator into a plain buffer. If length is less than
++ * p_len then add leading padding bytes.
++ */
++ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
++ DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
++ goto sw_try;
++ }
++
++ memset(&kop, 0, sizeof kop);
++
++ kop.crk_op = CRK_DSA_GENERATE_KEY;
++ if (bn2crparam(dsa->p, &kop.crk_param[0]))
++ goto sw_try;
++ if (bn2crparam(dsa->q, &kop.crk_param[1]))
++ goto sw_try;
++ kop.crk_param[2].crp_p = g;
++ kop.crk_param[2].crp_nbits = g_len * 8;
++ kop.crk_iparams = 3;
++
++ /* pub_key is or prime length while priv key is of length of order */
++ if (cryptodev_asym(&kop, BN_num_bytes(dsa->p), dsa->pub_key,
++ BN_num_bytes(dsa->q), dsa->priv_key))
++ goto sw_try;
++
++ return ret;
++ sw_try:
++ {
++ const DSA_METHOD *meth = DSA_OpenSSL();
++ ret = (meth->dsa_keygen) (dsa);
++ }
++ return ret;
+ }
+
+ static DSA_METHOD cryptodev_dsa = {
+@@ -1584,12 +1859,558 @@ static DSA_METHOD cryptodev_dsa = {
+ NULL /* app_data */
+ };
+
+-static int
+-cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+- BN_MONT_CTX *m_ctx)
++static ECDSA_METHOD cryptodev_ecdsa = {
++ "cryptodev ECDSA method",
++ NULL,
++ NULL, /* ecdsa_sign_setup */
++ NULL,
++ NULL,
++ 0, /* flags */
++ NULL /* app_data */
++};
++
++typedef enum ec_curve_s {
++ EC_PRIME,
++ EC_BINARY
++} ec_curve_t;
++
++/* ENGINE handler for ECDSA Sign */
++static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
++ int dgst_len, const BIGNUM *in_kinv,
++ const BIGNUM *in_r, EC_KEY *eckey)
+ {
+- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
++ BIGNUM *m = NULL, *p = NULL, *a = NULL;
++ BIGNUM *b = NULL, *x = NULL, *y = NULL;
++ BN_CTX *ctx = NULL;
++ ECDSA_SIG *ret = NULL;
++ ECDSA_DATA *ecdsa = NULL;
++ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
++ unsigned char *s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst =
++ NULL;
++ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
++ int g_len = 0, d_len = 0, ab_len = 0;
++ const BIGNUM *order = NULL, *priv_key = NULL;
++ const EC_GROUP *group = NULL;
++ struct crypt_kop kop;
++ ec_curve_t ec_crv = EC_PRIME;
++
++ memset(&kop, 0, sizeof(kop));
++ ecdsa = ecdsa_check(eckey);
++ if (!ecdsa) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
++ return NULL;
++ }
++
++ group = EC_KEY_get0_group(eckey);
++ priv_key = EC_KEY_get0_private_key(eckey);
++
++ if (!group || !priv_key) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
++ return NULL;
++ }
++
++ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
++ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
++ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
++ (y = BN_new()) == NULL) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ order = &group->order;
++ if (!order || BN_is_zero(order)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
++ goto err;
++ }
++
++ i = BN_num_bits(order);
++ /*
++ * Need to truncate digest if it is too long: first truncate whole bytes
++ */
++ if (8 * dgst_len > i)
++ dgst_len = (i + 7) / 8;
++
++ if (!BN_bin2bn(dgst, dgst_len, m)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++ goto err;
++ }
++
++ /* If still too long truncate remaining bits with a shift */
++ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++ goto err;
++ }
++
++ /* copy the truncated bits into plain buffer */
++ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
++ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__,
++ __LINE__);
++ goto err;
++ }
++
++ ret = ECDSA_SIG_new();
++ if (!ret) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++ goto err;
++ }
++
++ /* check if this is prime or binary EC request */
++ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
++ NID_X9_62_prime_field) {
++ ec_crv = EC_PRIME;
++ /* get the generator point pair */
++ if (!EC_POINT_get_affine_coordinates_GFp
++ (group, EC_GROUP_get0_generator(group), x, y, ctx)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++ goto err;
++ }
++
++ /* get the ECC curve parameters */
++ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++ goto err;
++ }
++ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
++ NID_X9_62_characteristic_two_field) {
++ ec_crv = EC_BINARY;
++ /* get the ECC curve parameters */
++ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++ goto err;
++ }
++
++ /* get the generator point pair */
++ if (!EC_POINT_get_affine_coordinates_GF2m(group,
++ EC_GROUP_get0_generator
++ (group), x, y, ctx)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++ goto err;
++ }
++ } else {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++ goto err;
++ }
++
++ if (spcf_bn2bin(order, &r, &r_len)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ if (spcf_bn2bin(p, &q, &q_len)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ priv_key_len = r_len;
++
++ /**
++ * If BN_num_bytes of priv_key returns less then r_len then
++ * add padding bytes before the key
++ */
++ if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* Generation of ECC curve parameters */
++ ab_len = 2 * q_len;
++ ab = eng_copy_curve_points(a, b, ab_len, q_len);
++ if (!ab) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ if (ec_crv == EC_BINARY) {
++ if (eng_ec_get_cparam
++ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
++ unsigned char *c_temp = NULL;
++ int c_temp_len = q_len;
++ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
++ memcpy(ab + q_len, c_temp, q_len);
++ else
++ goto err;
++ }
++ kop.curve_type = ECC_BINARY;
++ }
++
++ /* Calculation of Generator point */
++ g_len = 2 * q_len;
++ g_xy = eng_copy_curve_points(x, y, g_len, q_len);
++ if (!g_xy) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* Memory allocation for first part of digital signature */
++ c = malloc(r_len);
++ if (!c) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ d_len = r_len;
++
++ /* Memory allocation for second part of digital signature */
++ d = malloc(d_len);
++ if (!d) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* memory for message representative */
++ f = malloc(r_len);
++ if (!f) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* Add padding, since SEC expects hash to of size r_len */
++ memset(f, 0, r_len - dgst_len);
++
++ /* Skip leading bytes if dgst_len < r_len */
++ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
++
++ dgst_len += r_len - dgst_len;
++ kop.crk_op = CRK_DSA_SIGN;
++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
++ kop.crk_param[0].crp_p = f;
++ kop.crk_param[0].crp_nbits = dgst_len * 8;
++ kop.crk_param[1].crp_p = q;
++ kop.crk_param[1].crp_nbits = q_len * 8;
++ kop.crk_param[2].crp_p = r;
++ kop.crk_param[2].crp_nbits = r_len * 8;
++ kop.crk_param[3].crp_p = g_xy;
++ kop.crk_param[3].crp_nbits = g_len * 8;
++ kop.crk_param[4].crp_p = s;
++ kop.crk_param[4].crp_nbits = priv_key_len * 8;
++ kop.crk_param[5].crp_p = ab;
++ kop.crk_param[5].crp_nbits = ab_len * 8;
++ kop.crk_iparams = 6;
++ kop.crk_param[6].crp_p = c;
++ kop.crk_param[6].crp_nbits = d_len * 8;
++ kop.crk_param[7].crp_p = d;
++ kop.crk_param[7].crp_nbits = d_len * 8;
++ kop.crk_oparams = 2;
++
++ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
++ /* Check if ret->r and s needs to allocated */
++ crparam2bn(&kop.crk_param[6], ret->r);
++ crparam2bn(&kop.crk_param[7], ret->s);
++ } else {
++ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
++ ret = (meth->ecdsa_do_sign) (dgst, dgst_len, in_kinv, in_r, eckey);
++ }
++ kop.crk_param[0].crp_p = NULL;
++ zapparams(&kop);
++ err:
++ if (!ret) {
++ ECDSA_SIG_free(ret);
++ ret = NULL;
++ }
++ return ret;
++}
++
++static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
++ ECDSA_SIG *sig, EC_KEY *eckey)
++{
++ BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL;
++ BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
++ BN_CTX *ctx = NULL;
++ ECDSA_DATA *ecdsa = NULL;
++ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy =
++ NULL;
++ unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
++ int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0;
++ int d_len = 0, ab_len = 0, ret = -1;
++ const EC_POINT *pub_key = NULL;
++ const BIGNUM *order = NULL;
++ const EC_GROUP *group = NULL;
++ ec_curve_t ec_crv = EC_PRIME;
++ struct crypt_kop kop;
++
++ memset(&kop, 0, sizeof kop);
++ ecdsa = ecdsa_check(eckey);
++ if (!ecdsa) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
++ return ret;
++ }
++
++ group = EC_KEY_get0_group(eckey);
++ pub_key = EC_KEY_get0_public_key(eckey);
++
++ if (!group || !pub_key) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
++ return ret;
++ }
++
++ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
++ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
++ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
++ (y = BN_new()) == NULL || (w_x = BN_new()) == NULL ||
++ (w_y = BN_new()) == NULL) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ order = &group->order;
++ if (!order || BN_is_zero(order)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
++ goto err;
++ }
++
++ i = BN_num_bits(order);
++ /*
++ * Need to truncate digest if it is too long: first truncate whole *
++ * bytes
++ */
++ if (8 * dgst_len > i)
++ dgst_len = (i + 7) / 8;
++
++ if (!BN_bin2bn(dgst, dgst_len, m)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
++ goto err;
++ }
++
++ /* If still too long truncate remaining bits with a shift */
++ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
++ goto err;
++ }
++ /* copy the truncated bits into plain buffer */
++ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* check if this is prime or binary EC request */
++ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
++ NID_X9_62_prime_field) {
++ ec_crv = EC_PRIME;
++
++ /* get the generator point pair */
++ if (!EC_POINT_get_affine_coordinates_GFp(group,
++ EC_GROUP_get0_generator
++ (group), x, y, ctx)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++ goto err;
++ }
++
++ /* get the public key pair for prime curve */
++ if (!EC_POINT_get_affine_coordinates_GFp(group,
++ pub_key, w_x, w_y, ctx)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++ goto err;
++ }
++
++ /* get the ECC curve parameters */
++ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++ goto err;
++ }
++ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
++ NID_X9_62_characteristic_two_field) {
++ ec_crv = EC_BINARY;
++ /* get the ECC curve parameters */
++ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++ goto err;
++ }
++
++ /* get the generator point pair */
++ if (!EC_POINT_get_affine_coordinates_GF2m(group,
++ EC_GROUP_get0_generator
++ (group), x, y, ctx)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++ goto err;
++ }
++
++ /* get the public key pair for binary curve */
++ if (!EC_POINT_get_affine_coordinates_GF2m(group,
++ pub_key, w_x, w_y, ctx)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++ goto err;
++ }
++ } else {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++ goto err;
++ }
++
++ /* Get the order of the subgroup of private keys */
++ if (spcf_bn2bin((BIGNUM *)order, &r, &r_len)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* Get the irreducible polynomial that creates the field */
++ if (spcf_bn2bin(p, &q, &q_len)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* Get the public key into a flat buffer with appropriate padding */
++ pub_key_len = 2 * q_len;
++
++ w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len);
++ if (!w_xy) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* Generation of ECC curve parameters */
++ ab_len = 2 * q_len;
++
++ ab = eng_copy_curve_points(a, b, ab_len, q_len);
++ if (!ab) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ if (ec_crv == EC_BINARY) {
++ /* copy b' i.e c(b), instead of only b */
++ if (eng_ec_get_cparam
++ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
++ unsigned char *c_temp = NULL;
++ int c_temp_len = q_len;
++ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
++ memcpy(ab + q_len, c_temp, q_len);
++ else
++ goto err;
++ }
++ kop.curve_type = ECC_BINARY;
++ }
++
++ /* Calculation of Generator point */
++ g_len = 2 * q_len;
++
++ g_xy = eng_copy_curve_points(x, y, g_len, q_len);
++ if (!g_xy) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /**
++ * Get the 1st part of signature into a flat buffer with
++ * appropriate padding
++ */
++ if (BN_num_bytes(sig->r) < r_len)
++ c_len = r_len;
++
++ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /**
++ * Get the 2nd part of signature into a flat buffer with
++ * appropriate padding
++ */
++ if (BN_num_bytes(sig->s) < r_len)
++ d_len = r_len;
++
++ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* memory for message representative */
++ f = malloc(r_len);
++ if (!f) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* Add padding, since SEC expects hash to of size r_len */
++ memset(f, 0, r_len - dgst_len);
++
++ /* Skip leading bytes if dgst_len < r_len */
++ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
++ dgst_len += r_len - dgst_len;
++ kop.crk_op = CRK_DSA_VERIFY;
++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
++ kop.crk_param[0].crp_p = f;
++ kop.crk_param[0].crp_nbits = dgst_len * 8;
++ kop.crk_param[1].crp_p = q;
++ kop.crk_param[1].crp_nbits = q_len * 8;
++ kop.crk_param[2].crp_p = r;
++ kop.crk_param[2].crp_nbits = r_len * 8;
++ kop.crk_param[3].crp_p = g_xy;
++ kop.crk_param[3].crp_nbits = g_len * 8;
++ kop.crk_param[4].crp_p = w_xy;
++ kop.crk_param[4].crp_nbits = pub_key_len * 8;
++ kop.crk_param[5].crp_p = ab;
++ kop.crk_param[5].crp_nbits = ab_len * 8;
++ kop.crk_param[6].crp_p = c;
++ kop.crk_param[6].crp_nbits = d_len * 8;
++ kop.crk_param[7].crp_p = d;
++ kop.crk_param[7].crp_nbits = d_len * 8;
++ kop.crk_iparams = 8;
++
++ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
++ /*
++ * OCF success value is 0, if not zero, change ret to fail
++ */
++ if (0 == kop.crk_status)
++ ret = 1;
++ } else {
++ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
++
++ ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey);
++ }
++ kop.crk_param[0].crp_p = NULL;
++ zapparams(&kop);
++
++ err:
++ return ret;
++}
++
++static int cryptodev_dh_keygen(DH *dh)
++{
++ struct crypt_kop kop;
++ int ret = 1, g_len;
++ unsigned char *g = NULL;
++
++ if (dh->priv_key == NULL) {
++ if ((dh->priv_key = BN_new()) == NULL)
++ goto sw_try;
++ }
++
++ if (dh->pub_key == NULL) {
++ if ((dh->pub_key = BN_new()) == NULL)
++ goto sw_try;
++ }
++
++ g_len = BN_num_bytes(dh->p);
++ /**
++ * Get generator into a plain buffer. If length is less than
++ * q_len then add leading padding bytes.
++ */
++ if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
++ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
++ goto sw_try;
++ }
++
++ memset(&kop, 0, sizeof kop);
++ kop.crk_op = CRK_DH_GENERATE_KEY;
++ if (bn2crparam(dh->p, &kop.crk_param[0]))
++ goto sw_try;
++ if (bn2crparam(dh->q, &kop.crk_param[1]))
++ goto sw_try;
++ kop.crk_param[2].crp_p = g;
++ kop.crk_param[2].crp_nbits = g_len * 8;
++ kop.crk_iparams = 3;
++
++ /* pub_key is or prime length while priv key is of length of order */
++ if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
++ BN_num_bytes(dh->q), dh->priv_key))
++ goto sw_try;
++
++ return ret;
++ sw_try:
++ {
++ const DH_METHOD *meth = DH_OpenSSL();
++ ret = (meth->generate_key) (dh);
++ }
++ return ret;
+ }
+
+ static int
+@@ -1597,41 +2418,236 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+ {
+ struct crypt_kop kop;
+ int dhret = 1;
+- int fd, keylen;
++ int fd, p_len;
++ BIGNUM *temp = NULL;
++ unsigned char *padded_pub_key = NULL, *p = NULL;
++
++ if ((fd = get_asym_dev_crypto()) < 0)
++ goto sw_try;
++
++ memset(&kop, 0, sizeof kop);
++ kop.crk_op = CRK_DH_COMPUTE_KEY;
++ /* inputs: dh->priv_key pub_key dh->p key */
++ spcf_bn2bin(dh->p, &p, &p_len);
++ spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
++ if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
++ goto sw_try;
++
++ kop.crk_param[1].crp_p = padded_pub_key;
++ kop.crk_param[1].crp_nbits = p_len * 8;
++ kop.crk_param[2].crp_p = p;
++ kop.crk_param[2].crp_nbits = p_len * 8;
++ kop.crk_iparams = 3;
++ kop.crk_param[3].crp_p = (void *)key;
++ kop.crk_param[3].crp_nbits = p_len * 8;
++ kop.crk_oparams = 1;
++ dhret = p_len;
++
++ if (ioctl(fd, CIOCKEY, &kop))
++ goto sw_try;
++
++ if ((temp = BN_new())) {
++ if (!BN_bin2bn(key, p_len, temp)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++ goto sw_try;
++ }
++ if (dhret > BN_num_bytes(temp))
++ dhret = BN_bn2bin(temp, key);
++ BN_free(temp);
++ }
+
+- if ((fd = get_asym_dev_crypto()) < 0) {
++ kop.crk_param[3].crp_p = NULL;
++ zapparams(&kop);
++ return (dhret);
++ sw_try:
++ {
+ const DH_METHOD *meth = DH_OpenSSL();
+
+- return ((meth->compute_key) (key, pub_key, dh));
++ dhret = (meth->compute_key) (key, pub_key, dh);
+ }
++ return (dhret);
++}
+
+- keylen = BN_num_bits(dh->p);
++int cryptodev_ecdh_compute_key(void *out, size_t outlen,
++ const EC_POINT *pub_key, EC_KEY *ecdh,
++ void *(*KDF) (const void *in, size_t inlen,
++ void *out, size_t *outlen))
++{
++ ec_curve_t ec_crv = EC_PRIME;
++ unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
++ BIGNUM *w_x = NULL, *w_y = NULL;
++ int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
++ BIGNUM *p = NULL, *a = NULL, *b = NULL;
++ BN_CTX *ctx;
++ EC_POINT *tmp = NULL;
++ BIGNUM *x = NULL, *y = NULL;
++ const BIGNUM *priv_key;
++ const EC_GROUP *group = NULL;
++ int ret = -1;
++ size_t buflen, len;
++ struct crypt_kop kop;
+
+ memset(&kop, 0, sizeof kop);
+- kop.crk_op = CRK_DH_COMPUTE_KEY;
+
+- /* inputs: dh->priv_key pub_key dh->p key */
+- if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
++ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+- if (bn2crparam(pub_key, &kop.crk_param[1]))
++ BN_CTX_start(ctx);
++ x = BN_CTX_get(ctx);
++ y = BN_CTX_get(ctx);
++ p = BN_CTX_get(ctx);
++ a = BN_CTX_get(ctx);
++ b = BN_CTX_get(ctx);
++ w_x = BN_CTX_get(ctx);
++ w_y = BN_CTX_get(ctx);
++
++ if (!x || !y || !p || !a || !b || !w_x || !w_y) {
++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+- if (bn2crparam(dh->p, &kop.crk_param[2]))
++ }
++
++ priv_key = EC_KEY_get0_private_key(ecdh);
++ if (priv_key == NULL) {
++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE);
+ goto err;
+- kop.crk_iparams = 3;
++ }
+
+- kop.crk_param[3].crp_p = (caddr_t) key;
+- kop.crk_param[3].crp_nbits = keylen * 8;
+- kop.crk_oparams = 1;
++ group = EC_KEY_get0_group(ecdh);
++ if ((tmp = EC_POINT_new(group)) == NULL) {
++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
+
+- if (ioctl(fd, CIOCKEY, &kop) == -1) {
+- const DH_METHOD *meth = DH_OpenSSL();
++ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
++ NID_X9_62_prime_field) {
++ ec_crv = EC_PRIME;
+
+- dhret = (meth->compute_key) (key, pub_key, dh);
++ if (!EC_POINT_get_affine_coordinates_GFp(group,
++ EC_GROUP_get0_generator
++ (group), x, y, ctx)) {
++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
++ goto err;
++ }
++
++ /* get the ECC curve parameters */
++ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
++ goto err;
++ }
++
++ /* get the public key pair for prime curve */
++ if (!EC_POINT_get_affine_coordinates_GFp
++ (group, pub_key, w_x, w_y, ctx)) {
++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
++ goto err;
++ }
++ } else {
++ ec_crv = EC_BINARY;
++
++ if (!EC_POINT_get_affine_coordinates_GF2m(group,
++ EC_GROUP_get0_generator
++ (group), x, y, ctx)) {
++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
++ goto err;
++ }
++
++ /* get the ECC curve parameters */
++ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
++ goto err;
++ }
++
++ /* get the public key pair for binary curve */
++ if (!EC_POINT_get_affine_coordinates_GF2m(group,
++ pub_key, w_x, w_y, ctx)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++ goto err;
++ }
++ }
++
++ /* irreducible polynomial that creates the field */
++ if (spcf_bn2bin((BIGNUM *)&group->order, &r, &r_len)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* Get the irreducible polynomial that creates the field */
++ if (spcf_bn2bin(p, &q, &q_len)) {
++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
++ goto err;
++ }
++
++ /* Get the public key into a flat buffer with appropriate padding */
++ pub_key_len = 2 * q_len;
++ w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len);
++ if (!w_xy) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* Generation of ECC curve parameters */
++ ab_len = 2 * q_len;
++ ab = eng_copy_curve_points(a, b, ab_len, q_len);
++ if (!ab) {
++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
++ goto err;
++ }
++
++ if (ec_crv == EC_BINARY) {
++ /* copy b' i.e c(b), instead of only b */
++ if (eng_ec_get_cparam
++ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
++ unsigned char *c_temp = NULL;
++ int c_temp_len = q_len;
++ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
++ memcpy(ab + q_len, c_temp, q_len);
++ else
++ goto err;
++ }
++ kop.curve_type = ECC_BINARY;
++ } else
++ kop.curve_type = ECC_PRIME;
++
++ priv_key_len = r_len;
++
++ /*
++ * If BN_num_bytes of priv_key returns less then r_len then
++ * add padding bytes before the key
++ */
++ if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ buflen = (EC_GROUP_get_degree(group) + 7) / 8;
++ len = BN_num_bytes(x);
++ if (len > buflen || q_len < buflen) {
++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
++ goto err;
+ }
++
++ kop.crk_op = CRK_DH_COMPUTE_KEY;
++ kop.crk_param[0].crp_p = (void *)s;
++ kop.crk_param[0].crp_nbits = priv_key_len * 8;
++ kop.crk_param[1].crp_p = (void *)w_xy;
++ kop.crk_param[1].crp_nbits = pub_key_len * 8;
++ kop.crk_param[2].crp_p = (void *)q;
++ kop.crk_param[2].crp_nbits = q_len * 8;
++ kop.crk_param[3].crp_p = (void *)ab;
++ kop.crk_param[3].crp_nbits = ab_len * 8;
++ kop.crk_iparams = 4;
++ kop.crk_param[4].crp_p = (void *)out;
++ kop.crk_param[4].crp_nbits = q_len * 8;
++ kop.crk_oparams = 1;
++ ret = q_len;
++ if (cryptodev_asym(&kop, 0, NULL, 0, NULL)) {
++ const ECDH_METHOD *meth = ECDH_OpenSSL();
++ ret = (meth->compute_key) (out, outlen, pub_key, ecdh, KDF);
++ } else
++ ret = q_len;
+ err:
+- kop.crk_param[3].crp_p = NULL;
++ kop.crk_param[4].crp_p = NULL;
+ zapparams(&kop);
+- return (dhret);
++ return ret;
+ }
+
+ static DH_METHOD cryptodev_dh = {
+@@ -1645,6 +2661,14 @@ static DH_METHOD cryptodev_dh = {
+ NULL /* app_data */
+ };
+
++static ECDH_METHOD cryptodev_ecdh = {
++ "cryptodev ECDH method",
++ NULL, /* cryptodev_ecdh_compute_key */
++ NULL,
++ 0, /* flags */
++ NULL /* app_data */
++};
++
+ /*
+ * ctrl right now is just a wrapper that doesn't do much
+ * but I expect we'll want some options soon.
+@@ -1724,24 +2748,39 @@ void ENGINE_load_cryptodev(void)
+ memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
+ if (cryptodev_asymfeat & CRF_DSA_SIGN)
+ cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
+- if (cryptodev_asymfeat & CRF_MOD_EXP) {
+- cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
+- cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
+- }
+ if (cryptodev_asymfeat & CRF_DSA_VERIFY)
+ cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
++ if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY)
++ cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen;
+ }
+
+ if (ENGINE_set_DH(engine, &cryptodev_dh)) {
+ const DH_METHOD *dh_meth = DH_OpenSSL();
++ memcpy(&cryptodev_dh, dh_meth, sizeof(DH_METHOD));
++ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
++ cryptodev_dh.compute_key = cryptodev_dh_compute_key;
++ }
++ if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) {
++ cryptodev_dh.generate_key = cryptodev_dh_keygen;
++ }
++ }
+
+- cryptodev_dh.generate_key = dh_meth->generate_key;
+- cryptodev_dh.compute_key = dh_meth->compute_key;
+- cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
+- if (cryptodev_asymfeat & CRF_MOD_EXP) {
+- cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
+- if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
+- cryptodev_dh.compute_key = cryptodev_dh_compute_key;
++ if (ENGINE_set_ECDSA(engine, &cryptodev_ecdsa)) {
++ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
++ memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD));
++ if (cryptodev_asymfeat & CRF_DSA_SIGN) {
++ cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign;
++ }
++ if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
++ cryptodev_ecdsa.ecdsa_do_verify = cryptodev_ecdsa_verify;
++ }
++ }
++
++ if (ENGINE_set_ECDH(engine, &cryptodev_ecdh)) {
++ const ECDH_METHOD *ecdh_meth = ECDH_OpenSSL();
++ memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD));
++ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
++ cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key;
+ }
+ }
+
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch
new file mode 100644
index 0000000..61469dc
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch
@@ -0,0 +1,28 @@
+From c3b1f595607fe4e431dab12b7d8ceda6742547d5 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta at freescale.com>
+Date: Tue, 11 Mar 2014 06:42:59 +0545
+Subject: [PATCH 06/48] Added hwrng dev file as source of RNG
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
+---
+ e_os.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/e_os.h b/e_os.h
+index 1fa36c1..6c0917b 100644
+--- a/e_os.h
++++ b/e_os.h
+@@ -82,7 +82,7 @@ extern "C" {
+ * set this to a comma-separated list of 'random' device files to try out. My
+ * default, we will try to read at least one of these files
+ */
+-# define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
++# define DEVRANDOM "/dev/hwrng","/dev/urandom","/dev/random","/dev/srandom"
+ # endif
+ # ifndef DEVRANDOM_EGD
+ /*
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Fixed-private-key-support-for-DH.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Fixed-private-key-support-for-DH.patch
deleted file mode 100644
index 01c268b..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Fixed-private-key-support-for-DH.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 39a9e609290a8a1163a721915bcde0c7cf8f92f7 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Tue, 11 Mar 2014 05:57:47 +0545
-Subject: [PATCH 06/26] Fixed private key support for DH
-
-Upstream-status: Pending
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
----
- crypto/dh/dh_ameth.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
-index 02ec2d4..ed32004 100644
---- a/crypto/dh/dh_ameth.c
-+++ b/crypto/dh/dh_ameth.c
-@@ -422,6 +422,13 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
- if (to->pkey.dh->g != NULL)
- BN_free(to->pkey.dh->g);
- to->pkey.dh->g=a;
-+ if ((a=BN_dup(from->pkey.dh->q)) != NULL) {
-+ if (to->pkey.dh->q != NULL)
-+ BN_free(to->pkey.dh->q);
-+ to->pkey.dh->q=a;
-+ }
-+
-+ to->pkey.dh->length = from->pkey.dh->length;
-
- return 1;
- }
---
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
new file mode 100644
index 0000000..192cd18
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
@@ -0,0 +1,2050 @@
+From 45cfc01ade9eeb43fdb5950d3db152cae1b41059 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta at freescale.com>
+Date: Tue, 11 Mar 2014 07:14:30 +0545
+Subject: [PATCH 07/48] Asynchronous interface added for PKC cryptodev
+ interface
+
+Upstream-status: Pending
+
+Change-Id: Ia8974f793dc18a959ed6798dcdd7d3fad81cb7da
+Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
+---
+ crypto/crypto.h | 16 +
+ crypto/dh/dh.h | 3 +
+ crypto/dsa/dsa.h | 5 +
+ crypto/ecdh/ech_locl.h | 3 +
+ crypto/ecdsa/ecs_locl.h | 5 +
+ crypto/engine/eng_cryptodev.c | 1598 +++++++++++++++++++++++++++++++++++++----
+ crypto/engine/eng_int.h | 23 +
+ crypto/engine/eng_lib.c | 46 ++
+ crypto/engine/engine.h | 24 +
+ crypto/rsa/rsa.h | 23 +
+ 10 files changed, 1605 insertions(+), 141 deletions(-)
+
+diff --git a/crypto/crypto.h b/crypto/crypto.h
+index 6c644ce..2b4ec59 100644
+--- a/crypto/crypto.h
++++ b/crypto/crypto.h
+@@ -655,6 +655,22 @@ void ERR_load_CRYPTO_strings(void);
+ # define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101
+ # define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100
+
++/* Additions for Asynchronous PKC Infrastructure */
++struct pkc_cookie_s {
++ void *cookie; /* To be filled by openssl library primitive method function caller */
++ void *eng_cookie; /* To be filled by Engine */
++ /*
++ * Callback handler to be provided by caller. Ensure to pass a
++ * handler which takes the crypto operation to completion.
++ * cookie: Container cookie from library
++ * status: Status of the crypto Job completion.
++ * 0: Job handled without any issue
++ * -EINVAL: Parameters Invalid
++ */
++ void (*pkc_callback)(struct pkc_cookie_s *cookie, int status);
++ void *eng_handle;
++};
++
+ #ifdef __cplusplus
+ }
+ #endif
+diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
+index a5bd901..31dd762 100644
+--- a/crypto/dh/dh.h
++++ b/crypto/dh/dh.h
+@@ -123,6 +123,9 @@ struct dh_method {
+ int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
++ int (*compute_key_async)(unsigned char *key,const BIGNUM *pub_key,DH *dh,
++ struct pkc_cookie_s *cookie);
++ int (*generate_key_async)(DH *dh, struct pkc_cookie_s *cookie);
+ int (*init) (DH *dh);
+ int (*finish) (DH *dh);
+ int flags;
+diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
+index 545358f..8584731 100644
+--- a/crypto/dsa/dsa.h
++++ b/crypto/dsa/dsa.h
+@@ -139,6 +139,10 @@ struct dsa_method {
+ /* Can be null */
+ int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
++ int (*dsa_do_sign_async)(const unsigned char *dgst, int dlen, DSA *dsa,
++ DSA_SIG *sig, struct pkc_cookie_s *cookie);
++ int (*dsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
++ DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie);
+ int (*init) (DSA *dsa);
+ int (*finish) (DSA *dsa);
+ int flags;
+@@ -150,6 +154,7 @@ struct dsa_method {
+ BN_GENCB *cb);
+ /* If this is non-NULL, it is used to generate DSA keys */
+ int (*dsa_keygen) (DSA *dsa);
++ int (*dsa_keygen_async)(DSA *dsa, struct pkc_cookie_s *cookie);
+ };
+
+ struct dsa_st {
+diff --git a/crypto/ecdh/ech_locl.h b/crypto/ecdh/ech_locl.h
+index 4e66024..502507b 100644
+--- a/crypto/ecdh/ech_locl.h
++++ b/crypto/ecdh/ech_locl.h
+@@ -68,6 +68,9 @@ struct ecdh_method {
+ EC_KEY *ecdh, void *(*KDF) (const void *in,
+ size_t inlen, void *out,
+ size_t *outlen));
++ int (*compute_key_async)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
++ void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen),
++ struct pkc_cookie_s *cookie);
+ # if 0
+ int (*init) (EC_KEY *eckey);
+ int (*finish) (EC_KEY *eckey);
+diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h
+index d3a5efc..9b28c04 100644
+--- a/crypto/ecdsa/ecs_locl.h
++++ b/crypto/ecdsa/ecs_locl.h
+@@ -74,6 +74,11 @@ struct ecdsa_method {
+ BIGNUM **r);
+ int (*ecdsa_do_verify) (const unsigned char *dgst, int dgst_len,
+ const ECDSA_SIG *sig, EC_KEY *eckey);
++ int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len,
++ const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey,
++ ECDSA_SIG *sig, struct pkc_cookie_s *cookie);
++ int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
++ const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie);
+ # if 0
+ int (*init) (EC_KEY *eckey);
+ int (*finish) (EC_KEY *eckey);
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 0b41bb2..8303630 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1367,6 +1367,60 @@ static void zapparams(struct crypt_kop *kop)
+ }
+ }
+
++/*
++ * Any PKC request has at max 2 output parameters and they are stored here to
++ * be used while copying in the check availability
++ */
++struct cryptodev_cookie_s {
++ BIGNUM *r;
++ struct crparam r_param;
++ BIGNUM *s;
++ struct crparam s_param;
++ struct crypt_kop *kop;
++};
++
++static int
++cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
++ BIGNUM *s)
++{
++ int fd;
++ struct pkc_cookie_s *cookie = kop->cookie;
++ struct cryptodev_cookie_s *eng_cookie;
++
++ fd = *(int *)cookie->eng_handle;
++
++ eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
++
++ if (eng_cookie) {
++ memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
++ if (r) {
++ kop->crk_param[kop->crk_iparams].crp_p =
++ calloc(rlen, sizeof(char));
++ if (!kop->crk_param[kop->crk_iparams].crp_p)
++ return -ENOMEM;
++ kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
++ kop->crk_oparams++;
++ eng_cookie->r = r;
++ eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
++ }
++ if (s) {
++ kop->crk_param[kop->crk_iparams + 1].crp_p =
++ calloc(slen, sizeof(char));
++ if (!kop->crk_param[kop->crk_iparams + 1].crp_p)
++ return -ENOMEM;
++ kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
++ kop->crk_oparams++;
++ eng_cookie->s = s;
++ eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
++ }
++ } else
++ return -ENOMEM;
++
++ eng_cookie->kop = kop;
++ cookie->eng_cookie = eng_cookie;
++ return ioctl(fd, CIOCASYMASYNCRYPT, kop);
++}
++
+ static int
+ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+ BIGNUM *s)
+@@ -1425,6 +1479,44 @@ void *cryptodev_init_instance(void)
+ return fd;
+ }
+
++# include <poll.h>
++
++/* Return 0 on success and 1 on failure */
++int cryptodev_check_availability(void *eng_handle)
++{
++ int fd = *(int *)eng_handle;
++ struct pkc_cookie_list_s cookie_list;
++ struct pkc_cookie_s *cookie;
++ int i;
++
++ /* FETCH COOKIE returns number of cookies extracted */
++ if (ioctl(fd, CIOCASYMFETCHCOOKIE, &cookie_list) <= 0)
++ return 1;
++
++ for (i = 0; i < cookie_list.cookie_available; i++) {
++ cookie = cookie_list.cookie[i];
++ if (cookie) {
++ struct cryptodev_cookie_s *eng_cookie = cookie->eng_cookie;
++ if (eng_cookie) {
++ struct crypt_kop *kop = eng_cookie->kop;
++
++ if (eng_cookie->r)
++ crparam2bn(&eng_cookie->r_param, eng_cookie->r);
++ if (eng_cookie->s)
++ crparam2bn(&eng_cookie->s_param, eng_cookie->s);
++ if (kop->crk_op == CRK_DH_COMPUTE_KEY)
++ kop->crk_oparams = 0;
++
++ zapparams(eng_cookie->kop);
++ free(eng_cookie->kop);
++ free(eng_cookie);
++ }
++ cookie->pkc_callback(cookie, cookie_list.status[i]);
++ }
++ }
++ return 0;
++}
++
+ static int
+ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+@@ -1472,6 +1564,66 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ }
+
+ static int
++cryptodev_bn_mod_exp_async(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
++ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont,
++ struct pkc_cookie_s *cookie)
++{
++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++ int ret = 1;
++
++ /*
++ * Currently, we know we can do mod exp iff we can do any asymmetric
++ * operations at all.
++ */
++ if (cryptodev_asymfeat == 0 || !kop) {
++ ret = BN_mod_exp(r, a, p, m, ctx);
++ return (ret);
++ }
++
++ kop->crk_oparams = 0;
++ kop->crk_status = 0;
++ kop->crk_op = CRK_MOD_EXP;
++ kop->cookie = cookie;
++ /* inputs: a^p % m */
++ if (bn2crparam(a, &kop->crk_param[0]))
++ goto err;
++ if (bn2crparam(p, &kop->crk_param[1]))
++ goto err;
++ if (bn2crparam(m, &kop->crk_param[2]))
++ goto err;
++
++ kop->crk_iparams = 3;
++ if (cryptodev_asym_async(kop, BN_num_bytes(m), r, 0, NULL))
++ goto err;
++
++ return ret;
++ err:
++ {
++ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
++
++ if (kop)
++ free(kop);
++ ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
++ if (ret)
++ /* Call the completion handler immediately */
++ cookie->pkc_callback(cookie, 0);
++ }
++ return ret;
++}
++
++static int
++cryptodev_rsa_nocrt_mod_exp_async(BIGNUM *r0, const BIGNUM *I,
++ RSA *rsa, BN_CTX *ctx,
++ struct pkc_cookie_s *cookie)
++{
++ int r;
++ ctx = BN_CTX_new();
++ r = cryptodev_bn_mod_exp_async(r0, I, rsa->d, rsa->n, ctx, NULL, cookie);
++ BN_CTX_free(ctx);
++ return r;
++}
++
++static int
+ cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx)
+ {
+@@ -1538,6 +1690,63 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+ return (ret);
+ }
+
++static int
++cryptodev_rsa_mod_exp_async(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
++ BN_CTX *ctx, struct pkc_cookie_s *cookie)
++{
++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++ int ret = 1, f_len, p_len, q_len;
++ unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq =
++ NULL, *c = NULL;
++
++ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp || !kop) {
++ return (0);
++ }
++
++ kop->crk_oparams = 0;
++ kop->crk_status = 0;
++ kop->crk_op = CRK_MOD_EXP_CRT;
++ f_len = BN_num_bytes(rsa->n);
++ spcf_bn2bin_ex(I, &f, &f_len);
++ spcf_bn2bin(rsa->p, &p, &p_len);
++ spcf_bn2bin(rsa->q, &q, &q_len);
++ spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
++ spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
++ spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
++ /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
++ kop->crk_param[0].crp_p = p;
++ kop->crk_param[0].crp_nbits = p_len * 8;
++ kop->crk_param[1].crp_p = q;
++ kop->crk_param[1].crp_nbits = q_len * 8;
++ kop->crk_param[2].crp_p = f;
++ kop->crk_param[2].crp_nbits = f_len * 8;
++ kop->crk_param[3].crp_p = dp;
++ kop->crk_param[3].crp_nbits = p_len * 8;
++ /* dq must of length q, rest all of length p */
++ kop->crk_param[4].crp_p = dq;
++ kop->crk_param[4].crp_nbits = q_len * 8;
++ kop->crk_param[5].crp_p = c;
++ kop->crk_param[5].crp_nbits = p_len * 8;
++ kop->crk_iparams = 6;
++ kop->cookie = cookie;
++ if (cryptodev_asym_async(kop, BN_num_bytes(rsa->n), r0, 0, NULL))
++ goto err;
++
++ return ret;
++ err:
++ {
++ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
++
++ if (kop)
++ free(kop);
++ ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
++ if (ret)
++ /* Call user completion handler immediately */
++ cookie->pkc_callback(cookie, 0);
++ }
++ return (ret);
++}
++
+ static RSA_METHOD cryptodev_rsa = {
+ "cryptodev RSA method",
+ NULL, /* rsa_pub_enc */
+@@ -1546,6 +1755,12 @@ static RSA_METHOD cryptodev_rsa = {
+ NULL, /* rsa_priv_dec */
+ NULL,
+ NULL,
++ NULL, /* rsa_pub_enc */
++ NULL, /* rsa_pub_dec */
++ NULL, /* rsa_priv_enc */
++ NULL, /* rsa_priv_dec */
++ NULL,
++ NULL,
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* flags */
+@@ -1846,128 +2061,428 @@ static int cryptodev_dsa_keygen(DSA *dsa)
+ return ret;
+ }
+
+-static DSA_METHOD cryptodev_dsa = {
+- "cryptodev DSA method",
+- NULL,
+- NULL, /* dsa_sign_setup */
+- NULL,
+- NULL, /* dsa_mod_exp */
+- NULL,
+- NULL, /* init */
+- NULL, /* finish */
+- 0, /* flags */
+- NULL /* app_data */
+-};
++/* Cryptodev DSA Key Gen routine */
++static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie)
++{
++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++ int ret = 1, g_len;
++ unsigned char *g = NULL;
+
+-static ECDSA_METHOD cryptodev_ecdsa = {
+- "cryptodev ECDSA method",
+- NULL,
+- NULL, /* ecdsa_sign_setup */
+- NULL,
+- NULL,
+- 0, /* flags */
+- NULL /* app_data */
+-};
++ if (!kop)
++ goto sw_try;
+
+-typedef enum ec_curve_s {
+- EC_PRIME,
+- EC_BINARY
+-} ec_curve_t;
++ if (dsa->priv_key == NULL) {
++ if ((dsa->priv_key = BN_new()) == NULL)
++ goto sw_try;
++ }
+
+-/* ENGINE handler for ECDSA Sign */
+-static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
+- int dgst_len, const BIGNUM *in_kinv,
+- const BIGNUM *in_r, EC_KEY *eckey)
+-{
+- BIGNUM *m = NULL, *p = NULL, *a = NULL;
+- BIGNUM *b = NULL, *x = NULL, *y = NULL;
+- BN_CTX *ctx = NULL;
+- ECDSA_SIG *ret = NULL;
+- ECDSA_DATA *ecdsa = NULL;
+- unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
+- unsigned char *s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst =
+- NULL;
+- int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
+- int g_len = 0, d_len = 0, ab_len = 0;
+- const BIGNUM *order = NULL, *priv_key = NULL;
+- const EC_GROUP *group = NULL;
+- struct crypt_kop kop;
+- ec_curve_t ec_crv = EC_PRIME;
++ if (dsa->pub_key == NULL) {
++ if ((dsa->pub_key = BN_new()) == NULL)
++ goto sw_try;
++ }
+
+- memset(&kop, 0, sizeof(kop));
+- ecdsa = ecdsa_check(eckey);
+- if (!ecdsa) {
+- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
+- return NULL;
++ g_len = BN_num_bytes(dsa->p);
++ /**
++ * Get generator into a plain buffer. If length is less than
++ * q_len then add leading padding bytes.
++ */
++ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
++ DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
++ goto sw_try;
+ }
+
+- group = EC_KEY_get0_group(eckey);
+- priv_key = EC_KEY_get0_private_key(eckey);
++ memset(kop, 0, sizeof(struct crypt_kop));
++ kop->crk_op = CRK_DSA_GENERATE_KEY;
++ if (bn2crparam(dsa->p, &kop->crk_param[0]))
++ goto sw_try;
++ if (bn2crparam(dsa->q, &kop->crk_param[1]))
++ goto sw_try;
++ kop->crk_param[2].crp_p = g;
++ kop->crk_param[2].crp_nbits = g_len * 8;
++ kop->crk_iparams = 3;
++ kop->cookie = cookie;
+
+- if (!group || !priv_key) {
+- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
+- return NULL;
++ /* pub_key is or prime length while priv key is of length of order */
++ if (cryptodev_asym_async(kop, BN_num_bytes(dsa->p), dsa->pub_key,
++ BN_num_bytes(dsa->q), dsa->priv_key))
++ goto sw_try;
++
++ return ret;
++ sw_try:
++ {
++ const DSA_METHOD *meth = DSA_OpenSSL();
++
++ if (kop)
++ free(kop);
++ ret = (meth->dsa_keygen) (dsa);
++ cookie->pkc_callback(cookie, 0);
+ }
++ return ret;
++}
+
+- if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
+- (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
+- (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
+- (y = BN_new()) == NULL) {
+- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++static int
++cryptodev_dsa_do_sign_async(const unsigned char *dgst, int dlen, DSA *dsa,
++ DSA_SIG *sig, struct pkc_cookie_s *cookie)
++{
++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++ DSA_SIG *dsaret = NULL;
++ int q_len = 0, r_len = 0, g_len = 0;
++ int priv_key_len = 0, ret = 1;
++ unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f =
++ NULL;
++ if (((sig->r = BN_new()) == NULL) || !kop) {
++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+- order = &group->order;
+- if (!order || BN_is_zero(order)) {
+- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
++ if ((sig->s = BN_new()) == NULL) {
++ BN_free(sig->r);
++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+- i = BN_num_bits(order);
+- /*
+- * Need to truncate digest if it is too long: first truncate whole bytes
+- */
+- if (8 * dgst_len > i)
+- dgst_len = (i + 7) / 8;
+-
+- if (!BN_bin2bn(dgst, dgst_len, m)) {
+- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++ if (spcf_bn2bin(dsa->p, &q, &q_len)) {
++ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+ goto err;
+ }
+
+- /* If still too long truncate remaining bits with a shift */
+- if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
+- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++ /* Get order of the field of private keys into plain buffer */
++ if (spcf_bn2bin(dsa->q, &r, &r_len)) {
++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+- /* copy the truncated bits into plain buffer */
+- if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
+- fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__,
+- __LINE__);
++ /* sanity test */
++ if (dlen > r_len) {
++ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+ goto err;
+ }
+
+- ret = ECDSA_SIG_new();
+- if (!ret) {
+- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++ g_len = q_len;
++ /**
++ * Get generator into a plain buffer. If length is less than
++ * q_len then add leading padding bytes.
++ */
++ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+- /* check if this is prime or binary EC request */
+- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+- NID_X9_62_prime_field) {
+- ec_crv = EC_PRIME;
+- /* get the generator point pair */
+- if (!EC_POINT_get_affine_coordinates_GFp
+- (group, EC_GROUP_get0_generator(group), x, y, ctx)) {
+- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
+- goto err;
+- }
++ priv_key_len = r_len;
++ /**
++ * Get private key into a plain buffer. If length is less than
++ * r_len then add leading padding bytes.
++ */
++ if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) {
++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
+
+- /* get the ECC curve parameters */
+- if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
+- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++ /* Allocate memory to store hash. */
++ f = OPENSSL_malloc(r_len);
++ if (!f) {
++ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* Add padding, since SEC expects hash to of size r_len */
++ if (dlen < r_len)
++ memset(f, 0, r_len - dlen);
++
++ /* Skip leading bytes if dgst_len < r_len */
++ memcpy(f + r_len - dlen, dgst, dlen);
++
++ dlen = r_len;
++
++ memset(kop, 0, sizeof(struct crypt_kop));
++ kop->crk_op = CRK_DSA_SIGN;
++
++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
++ kop->crk_param[0].crp_p = (void *)f;
++ kop->crk_param[0].crp_nbits = dlen * 8;
++ kop->crk_param[1].crp_p = (void *)q;
++ kop->crk_param[1].crp_nbits = q_len * 8;
++ kop->crk_param[2].crp_p = (void *)r;
++ kop->crk_param[2].crp_nbits = r_len * 8;
++ kop->crk_param[3].crp_p = (void *)g;
++ kop->crk_param[3].crp_nbits = g_len * 8;
++ kop->crk_param[4].crp_p = (void *)priv_key;
++ kop->crk_param[4].crp_nbits = priv_key_len * 8;
++ kop->crk_iparams = 5;
++ kop->cookie = cookie;
++
++ if (cryptodev_asym_async(kop, r_len, sig->r, r_len, sig->s))
++ goto err;
++
++ return ret;
++ err:
++ {
++ const DSA_METHOD *meth = DSA_OpenSSL();
++
++ if (kop)
++ free(kop);
++ BN_free(sig->r);
++ BN_free(sig->s);
++ dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);
++ sig->r = dsaret->r;
++ sig->s = dsaret->s;
++ /* Call user callback immediately */
++ cookie->pkc_callback(cookie, 0);
++ ret = dsaret;
++ }
++ return ret;
++}
++
++static int
++cryptodev_dsa_verify_async(const unsigned char *dgst, int dlen,
++ DSA_SIG *sig, DSA *dsa,
++ struct pkc_cookie_s *cookie)
++{
++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++ int q_len = 0, r_len = 0, g_len = 0;
++ int w_len = 0, c_len = 0, d_len = 0, ret = 1;
++ unsigned char *q = NULL, *r = NULL, *w = NULL, *g = NULL;
++ unsigned char *c = NULL, *d = NULL, *f = NULL;
++
++ if (!kop)
++ goto err;
++
++ if (spcf_bn2bin(dsa->p, &q, &q_len)) {
++ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ return ret;
++ }
++
++ /* Get Order of field of private keys */
++ if (spcf_bn2bin(dsa->q, &r, &r_len)) {
++ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ g_len = q_len;
++ /**
++ * Get generator into a plain buffer. If length is less than
++ * q_len then add leading padding bytes.
++ */
++ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
++ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++ w_len = q_len;
++ /**
++ * Get public key into a plain buffer. If length is less than
++ * q_len then add leading padding bytes.
++ */
++ if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) {
++ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++ /**
++ * Get the 1st part of signature into a flat buffer with
++ * appropriate padding
++ */
++ c_len = r_len;
++
++ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /**
++ * Get the 2nd part of signature into a flat buffer with
++ * appropriate padding
++ */
++ d_len = r_len;
++
++ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* Sanity test */
++ if (dlen > r_len) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* Allocate memory to store hash. */
++ f = OPENSSL_malloc(r_len);
++ if (!f) {
++ DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* Add padding, since SEC expects hash to of size r_len */
++ if (dlen < r_len)
++ memset(f, 0, r_len - dlen);
++
++ /* Skip leading bytes if dgst_len < r_len */
++ memcpy(f + r_len - dlen, dgst, dlen);
++
++ dlen = r_len;
++ memset(kop, 0, sizeof(struct crypt_kop));
++
++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
++ kop->crk_param[0].crp_p = (void *)f;
++ kop->crk_param[0].crp_nbits = dlen * 8;
++ kop->crk_param[1].crp_p = q;
++ kop->crk_param[1].crp_nbits = q_len * 8;
++ kop->crk_param[2].crp_p = r;
++ kop->crk_param[2].crp_nbits = r_len * 8;
++ kop->crk_param[3].crp_p = g;
++ kop->crk_param[3].crp_nbits = g_len * 8;
++ kop->crk_param[4].crp_p = w;
++ kop->crk_param[4].crp_nbits = w_len * 8;
++ kop->crk_param[5].crp_p = c;
++ kop->crk_param[5].crp_nbits = c_len * 8;
++ kop->crk_param[6].crp_p = d;
++ kop->crk_param[6].crp_nbits = d_len * 8;
++ kop->crk_iparams = 7;
++ kop->crk_op = CRK_DSA_VERIFY;
++ kop->cookie = cookie;
++ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
++ goto err;
++
++ return ret;
++ err:
++ {
++ const DSA_METHOD *meth = DSA_OpenSSL();
++
++ if (kop)
++ free(kop);
++
++ ret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
++ cookie->pkc_callback(cookie, 0);
++ }
++ return ret;
++}
++
++static DSA_METHOD cryptodev_dsa = {
++ "cryptodev DSA method",
++ NULL,
++ NULL, /* dsa_sign_setup */
++ NULL,
++ NULL, /* dsa_mod_exp */
++ NULL,
++ NULL,
++ NULL,
++ NULL,
++ NULL, /* init */
++ NULL, /* finish */
++ 0, /* flags */
++ NULL /* app_data */
++};
++
++static ECDSA_METHOD cryptodev_ecdsa = {
++ "cryptodev ECDSA method",
++ NULL,
++ NULL, /* ecdsa_sign_setup */
++ NULL,
++ NULL,
++ NULL,
++ NULL,
++ 0, /* flags */
++ NULL /* app_data */
++};
++
++typedef enum ec_curve_s {
++ EC_PRIME,
++ EC_BINARY
++} ec_curve_t;
++
++/* ENGINE handler for ECDSA Sign */
++static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
++ int dgst_len, const BIGNUM *in_kinv,
++ const BIGNUM *in_r, EC_KEY *eckey)
++{
++ BIGNUM *m = NULL, *p = NULL, *a = NULL;
++ BIGNUM *b = NULL, *x = NULL, *y = NULL;
++ BN_CTX *ctx = NULL;
++ ECDSA_SIG *ret = NULL;
++ ECDSA_DATA *ecdsa = NULL;
++ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
++ unsigned char *s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst =
++ NULL;
++ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
++ int g_len = 0, d_len = 0, ab_len = 0;
++ const BIGNUM *order = NULL, *priv_key = NULL;
++ const EC_GROUP *group = NULL;
++ struct crypt_kop kop;
++ ec_curve_t ec_crv = EC_PRIME;
++
++ memset(&kop, 0, sizeof(kop));
++ ecdsa = ecdsa_check(eckey);
++ if (!ecdsa) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
++ return NULL;
++ }
++
++ group = EC_KEY_get0_group(eckey);
++ priv_key = EC_KEY_get0_private_key(eckey);
++
++ if (!group || !priv_key) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
++ return NULL;
++ }
++
++ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
++ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
++ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
++ (y = BN_new()) == NULL) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ order = &group->order;
++ if (!order || BN_is_zero(order)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
++ goto err;
++ }
++
++ i = BN_num_bits(order);
++ /*
++ * Need to truncate digest if it is too long: first truncate whole bytes
++ */
++ if (8 * dgst_len > i)
++ dgst_len = (i + 7) / 8;
++
++ if (!BN_bin2bn(dgst, dgst_len, m)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++ goto err;
++ }
++
++ /* If still too long truncate remaining bits with a shift */
++ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++ goto err;
++ }
++
++ /* copy the truncated bits into plain buffer */
++ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
++ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__,
++ __LINE__);
++ goto err;
++ }
++
++ ret = ECDSA_SIG_new();
++ if (!ret) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++ goto err;
++ }
++
++ /* check if this is prime or binary EC request */
++ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
++ NID_X9_62_prime_field) {
++ ec_crv = EC_PRIME;
++ /* get the generator point pair */
++ if (!EC_POINT_get_affine_coordinates_GFp
++ (group, EC_GROUP_get0_generator(group), x, y, ctx)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++ goto err;
++ }
++
++ /* get the ECC curve parameters */
++ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
+ goto err;
+ }
+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+@@ -2312,54 +2827,588 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
+ goto err;
+ }
+
+- /* memory for message representative */
+- f = malloc(r_len);
+- if (!f) {
+- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+- goto err;
++ /* memory for message representative */
++ f = malloc(r_len);
++ if (!f) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* Add padding, since SEC expects hash to of size r_len */
++ memset(f, 0, r_len - dgst_len);
++
++ /* Skip leading bytes if dgst_len < r_len */
++ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
++ dgst_len += r_len - dgst_len;
++ kop.crk_op = CRK_DSA_VERIFY;
++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
++ kop.crk_param[0].crp_p = f;
++ kop.crk_param[0].crp_nbits = dgst_len * 8;
++ kop.crk_param[1].crp_p = q;
++ kop.crk_param[1].crp_nbits = q_len * 8;
++ kop.crk_param[2].crp_p = r;
++ kop.crk_param[2].crp_nbits = r_len * 8;
++ kop.crk_param[3].crp_p = g_xy;
++ kop.crk_param[3].crp_nbits = g_len * 8;
++ kop.crk_param[4].crp_p = w_xy;
++ kop.crk_param[4].crp_nbits = pub_key_len * 8;
++ kop.crk_param[5].crp_p = ab;
++ kop.crk_param[5].crp_nbits = ab_len * 8;
++ kop.crk_param[6].crp_p = c;
++ kop.crk_param[6].crp_nbits = d_len * 8;
++ kop.crk_param[7].crp_p = d;
++ kop.crk_param[7].crp_nbits = d_len * 8;
++ kop.crk_iparams = 8;
++
++ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
++ /*
++ * OCF success value is 0, if not zero, change ret to fail
++ */
++ if (0 == kop.crk_status)
++ ret = 1;
++ } else {
++ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
++
++ ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey);
++ }
++ kop.crk_param[0].crp_p = NULL;
++ zapparams(&kop);
++
++ err:
++ return ret;
++}
++
++static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst,
++ int dgst_len, const BIGNUM *in_kinv,
++ const BIGNUM *in_r, EC_KEY *eckey,
++ ECDSA_SIG *sig,
++ struct pkc_cookie_s *cookie)
++{
++ BIGNUM *m = NULL, *p = NULL, *a = NULL;
++ BIGNUM *b = NULL, *x = NULL, *y = NULL;
++ BN_CTX *ctx = NULL;
++ ECDSA_SIG *sig_ret = NULL;
++ ECDSA_DATA *ecdsa = NULL;
++ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
++ unsigned char *s = NULL, *f = NULL, *tmp_dgst = NULL;
++ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
++ int g_len = 0, ab_len = 0, ret = 1;
++ const BIGNUM *order = NULL, *priv_key = NULL;
++ const EC_GROUP *group = NULL;
++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++ ec_curve_t ec_crv = EC_PRIME;
++
++ if (!(sig->r = BN_new()) || !kop)
++ goto err;
++ if ((sig->s = BN_new()) == NULL) {
++ BN_free(r);
++ goto err;
++ }
++
++ memset(kop, 0, sizeof(struct crypt_kop));
++ ecdsa = ecdsa_check(eckey);
++ if (!ecdsa) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
++ goto err;
++ }
++
++ group = EC_KEY_get0_group(eckey);
++ priv_key = EC_KEY_get0_private_key(eckey);
++
++ if (!group || !priv_key) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
++ goto err;
++ }
++
++ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
++ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
++ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
++ (y = BN_new()) == NULL) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ order = &group->order;
++ if (!order || BN_is_zero(order)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
++ goto err;
++ }
++
++ i = BN_num_bits(order);
++ /*
++ * Need to truncate digest if it is too long: first truncate whole bytes
++ */
++ if (8 * dgst_len > i)
++ dgst_len = (i + 7) / 8;
++
++ if (!BN_bin2bn(dgst, dgst_len, m)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++ goto err;
++ }
++
++ /* If still too long truncate remaining bits with a shift */
++ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++ goto err;
++ }
++
++ /* copy the truncated bits into plain buffer */
++ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
++ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__,
++ __LINE__);
++ goto err;
++ }
++
++ /* check if this is prime or binary EC request */
++ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group))
++ == NID_X9_62_prime_field) {
++ ec_crv = EC_PRIME;
++ /* get the generator point pair */
++ if (!EC_POINT_get_affine_coordinates_GFp(group,
++ EC_GROUP_get0_generator
++ (group), x, y, ctx)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++ goto err;
++ }
++
++ /* get the ECC curve parameters */
++ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++ goto err;
++ }
++ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
++ NID_X9_62_characteristic_two_field) {
++ ec_crv = EC_BINARY;
++ /* get the ECC curve parameters */
++ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++ goto err;
++ }
++
++ /* get the generator point pair */
++ if (!EC_POINT_get_affine_coordinates_GF2m(group,
++ EC_GROUP_get0_generator
++ (group), x, y, ctx)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++ goto err;
++ }
++ } else {
++ printf("Unsupported Curve\n");
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++ goto err;
++ }
++
++ if (spcf_bn2bin(order, &r, &r_len)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ if (spcf_bn2bin(p, &q, &q_len)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ priv_key_len = r_len;
++
++ /**
++ * If BN_num_bytes of priv_key returns less then r_len then
++ * add padding bytes before the key
++ */
++ if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* Generation of ECC curve parameters */
++ ab_len = 2 * q_len;
++ ab = eng_copy_curve_points(a, b, ab_len, q_len);
++ if (!ab) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ if (ec_crv == EC_BINARY) {
++ if (eng_ec_get_cparam
++ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
++ unsigned char *c_temp = NULL;
++ int c_temp_len = q_len;
++ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
++ memcpy(ab + q_len, c_temp, q_len);
++ else
++ goto err;
++ }
++ kop->curve_type = ECC_BINARY;
++ }
++
++ /* Calculation of Generator point */
++ g_len = 2 * q_len;
++ g_xy = eng_copy_curve_points(x, y, g_len, q_len);
++ if (!g_xy) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* memory for message representative */
++ f = malloc(r_len);
++ if (!f) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* Add padding, since SEC expects hash to of size r_len */
++ memset(f, 0, r_len - dgst_len);
++
++ /* Skip leading bytes if dgst_len < r_len */
++ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
++
++ dgst_len += r_len - dgst_len;
++
++ kop->crk_op = CRK_DSA_SIGN;
++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
++ kop->crk_param[0].crp_p = f;
++ kop->crk_param[0].crp_nbits = dgst_len * 8;
++ kop->crk_param[1].crp_p = q;
++ kop->crk_param[1].crp_nbits = q_len * 8;
++ kop->crk_param[2].crp_p = r;
++ kop->crk_param[2].crp_nbits = r_len * 8;
++ kop->crk_param[3].crp_p = g_xy;
++ kop->crk_param[3].crp_nbits = g_len * 8;
++ kop->crk_param[4].crp_p = s;
++ kop->crk_param[4].crp_nbits = priv_key_len * 8;
++ kop->crk_param[5].crp_p = ab;
++ kop->crk_param[5].crp_nbits = ab_len * 8;
++ kop->crk_iparams = 6;
++ kop->cookie = cookie;
++
++ if (cryptodev_asym_async(kop, r_len, sig->r, r_len, sig->s))
++ goto err;
++
++ return ret;
++ err:
++ {
++ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
++ BN_free(sig->r);
++ BN_free(sig->s);
++ if (kop)
++ free(kop);
++ sig_ret =
++ (meth->ecdsa_do_sign) (dgst, dgst_len, in_kinv, in_r, eckey);
++ sig->r = sig_ret->r;
++ sig->s = sig_ret->s;
++ cookie->pkc_callback(cookie, 0);
++ }
++ return ret;
++}
++
++static int cryptodev_ecdsa_verify_async(const unsigned char *dgst,
++ int dgst_len, const ECDSA_SIG *sig,
++ EC_KEY *eckey,
++ struct pkc_cookie_s *cookie)
++{
++ BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL;
++ BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
++ BN_CTX *ctx = NULL;
++ ECDSA_DATA *ecdsa = NULL;
++ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy =
++ NULL;
++ unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
++ int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0;
++ int d_len = 0, ab_len = 0, ret = 1;
++ const EC_POINT *pub_key = NULL;
++ const BIGNUM *order = NULL;
++ const EC_GROUP *group = NULL;
++ ec_curve_t ec_crv = EC_PRIME;
++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++
++ if (!kop)
++ goto err;
++
++ memset(kop, 0, sizeof(struct crypt_kop));
++ ecdsa = ecdsa_check(eckey);
++ if (!ecdsa) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
++ goto err;
++ }
++
++ group = EC_KEY_get0_group(eckey);
++ pub_key = EC_KEY_get0_public_key(eckey);
++
++ if (!group || !pub_key) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
++ goto err;
++ }
++
++ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
++ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
++ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
++ (y = BN_new()) == NULL || (w_x = BN_new()) == NULL ||
++ (w_y = BN_new()) == NULL) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ order = &group->order;
++ if (!order || BN_is_zero(order)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
++ goto err;
++ }
++
++ i = BN_num_bits(order);
++ /*
++ * Need to truncate digest if it is too long: first truncate whole *
++ * bytes
++ */
++ if (8 * dgst_len > i)
++ dgst_len = (i + 7) / 8;
++
++ if (!BN_bin2bn(dgst, dgst_len, m)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
++ goto err;
++ }
++
++ /* If still too long truncate remaining bits with a shift */
++ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
++ goto err;
++ }
++ /* copy the truncated bits into plain buffer */
++ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* check if this is prime or binary EC request */
++ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
++ NID_X9_62_prime_field) {
++ ec_crv = EC_PRIME;
++
++ /* get the generator point pair */
++ if (!EC_POINT_get_affine_coordinates_GFp(group,
++ EC_GROUP_get0_generator
++ (group), x, y, ctx)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++ goto err;
++ }
++
++ /* get the public key pair for prime curve */
++ if (!EC_POINT_get_affine_coordinates_GFp(group,
++ pub_key, w_x, w_y, ctx)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++ goto err;
++ }
++
++ /* get the ECC curve parameters */
++ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++ goto err;
++ }
++ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
++ NID_X9_62_characteristic_two_field) {
++ ec_crv = EC_BINARY;
++ /* get the ECC curve parameters */
++ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++ goto err;
++ }
++
++ /* get the generator point pair */
++ if (!EC_POINT_get_affine_coordinates_GF2m(group,
++ EC_GROUP_get0_generator
++ (group), x, y, ctx)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++ goto err;
++ }
++
++ /* get the public key pair for binary curve */
++ if (!EC_POINT_get_affine_coordinates_GF2m(group,
++ pub_key, w_x, w_y, ctx)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++ goto err;
++ }
++ } else {
++ printf("Unsupported Curve\n");
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++ goto err;
++ }
++
++ /* Get the order of the subgroup of private keys */
++ if (spcf_bn2bin((BIGNUM *)order, &r, &r_len)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* Get the irreducible polynomial that creates the field */
++ if (spcf_bn2bin(p, &q, &q_len)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* Get the public key into a flat buffer with appropriate padding */
++ pub_key_len = 2 * q_len;
++
++ w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len);
++ if (!w_xy) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* Generation of ECC curve parameters */
++ ab_len = 2 * q_len;
++
++ ab = eng_copy_curve_points(a, b, ab_len, q_len);
++ if (!ab) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ if (ec_crv == EC_BINARY) {
++ /* copy b' i.e c(b), instead of only b */
++ eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab + q_len, q_len);
++ kop->curve_type = ECC_BINARY;
++ }
++
++ /* Calculation of Generator point */
++ g_len = 2 * q_len;
++
++ g_xy = eng_copy_curve_points(x, y, g_len, q_len);
++ if (!g_xy) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /**
++ * Get the 1st part of signature into a flat buffer with
++ * appropriate padding
++ */
++ if (BN_num_bytes(sig->r) < r_len)
++ c_len = r_len;
++
++ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /**
++ * Get the 2nd part of signature into a flat buffer with
++ * appropriate padding
++ */
++ if (BN_num_bytes(sig->s) < r_len)
++ d_len = r_len;
++
++ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* memory for message representative */
++ f = malloc(r_len);
++ if (!f) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* Add padding, since SEC expects hash to of size r_len */
++ memset(f, 0, r_len - dgst_len);
++
++ /* Skip leading bytes if dgst_len < r_len */
++ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
++
++ dgst_len += r_len - dgst_len;
++
++ kop->crk_op = CRK_DSA_VERIFY;
++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
++ kop->crk_param[0].crp_p = f;
++ kop->crk_param[0].crp_nbits = dgst_len * 8;
++ kop->crk_param[1].crp_p = q;
++ kop->crk_param[1].crp_nbits = q_len * 8;
++ kop->crk_param[2].crp_p = r;
++ kop->crk_param[2].crp_nbits = r_len * 8;
++ kop->crk_param[3].crp_p = g_xy;
++ kop->crk_param[3].crp_nbits = g_len * 8;
++ kop->crk_param[4].crp_p = w_xy;
++ kop->crk_param[4].crp_nbits = pub_key_len * 8;
++ kop->crk_param[5].crp_p = ab;
++ kop->crk_param[5].crp_nbits = ab_len * 8;
++ kop->crk_param[6].crp_p = c;
++ kop->crk_param[6].crp_nbits = d_len * 8;
++ kop->crk_param[7].crp_p = d;
++ kop->crk_param[7].crp_nbits = d_len * 8;
++ kop->crk_iparams = 8;
++ kop->cookie = cookie;
++
++ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
++ goto err;
++
++ return ret;
++ err:
++ {
++ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
++
++ if (kop)
++ free(kop);
++ ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey);
++ cookie->pkc_callback(cookie, 0);
++ }
++
++ return ret;
++}
++
++/* Cryptodev DH Key Gen routine */
++static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie)
++{
++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++ int ret = 1, g_len;
++ unsigned char *g = NULL;
++
++ if (!kop)
++ goto sw_try;
++
++ if (dh->priv_key == NULL) {
++ if ((dh->priv_key = BN_new()) == NULL)
++ goto sw_try;
++ }
++
++ if (dh->pub_key == NULL) {
++ if ((dh->pub_key = BN_new()) == NULL)
++ goto sw_try;
++ }
++
++ g_len = BN_num_bytes(dh->p);
++ /**
++ * Get generator into a plain buffer. If length is less than
++ * q_len then add leading padding bytes.
++ */
++ if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
++ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
++ goto sw_try;
+ }
+
+- /* Add padding, since SEC expects hash to of size r_len */
+- memset(f, 0, r_len - dgst_len);
++ memset(kop, 0, sizeof(struct crypt_kop));
++ kop->crk_op = CRK_DH_GENERATE_KEY;
++ if (bn2crparam(dh->p, &kop->crk_param[0]))
++ goto sw_try;
++ if (bn2crparam(dh->q, &kop->crk_param[1]))
++ goto sw_try;
++ kop->crk_param[2].crp_p = g;
++ kop->crk_param[2].crp_nbits = g_len * 8;
++ kop->crk_iparams = 3;
++ kop->cookie = cookie;
+
+- /* Skip leading bytes if dgst_len < r_len */
+- memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
+- dgst_len += r_len - dgst_len;
+- kop.crk_op = CRK_DSA_VERIFY;
+- /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+- kop.crk_param[0].crp_p = f;
+- kop.crk_param[0].crp_nbits = dgst_len * 8;
+- kop.crk_param[1].crp_p = q;
+- kop.crk_param[1].crp_nbits = q_len * 8;
+- kop.crk_param[2].crp_p = r;
+- kop.crk_param[2].crp_nbits = r_len * 8;
+- kop.crk_param[3].crp_p = g_xy;
+- kop.crk_param[3].crp_nbits = g_len * 8;
+- kop.crk_param[4].crp_p = w_xy;
+- kop.crk_param[4].crp_nbits = pub_key_len * 8;
+- kop.crk_param[5].crp_p = ab;
+- kop.crk_param[5].crp_nbits = ab_len * 8;
+- kop.crk_param[6].crp_p = c;
+- kop.crk_param[6].crp_nbits = d_len * 8;
+- kop.crk_param[7].crp_p = d;
+- kop.crk_param[7].crp_nbits = d_len * 8;
+- kop.crk_iparams = 8;
++ /* pub_key is or prime length while priv key is of length of order */
++ if (cryptodev_asym_async(kop, BN_num_bytes(dh->p), dh->pub_key,
++ BN_num_bytes(dh->q), dh->priv_key))
++ goto sw_try;
+
+- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
+- /*
+- * OCF success value is 0, if not zero, change ret to fail
+- */
+- if (0 == kop.crk_status)
+- ret = 1;
+- } else {
+- const ECDSA_METHOD *meth = ECDSA_OpenSSL();
++ return ret;
++ sw_try:
++ {
++ const DH_METHOD *meth = DH_OpenSSL();
+
+- ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey);
++ if (kop)
++ free(kop);
++ ret = (meth->generate_key) (dh);
++ cookie->pkc_callback(cookie, 0);
+ }
+- kop.crk_param[0].crp_p = NULL;
+- zapparams(&kop);
+-
+- err:
+ return ret;
+ }
+
+@@ -2468,6 +3517,54 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+ return (dhret);
+ }
+
++/* Return Length if successful and 0 on failure */
++static int
++cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
++ DH *dh, struct pkc_cookie_s *cookie)
++{
++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++ int ret = 1;
++ int fd, p_len;
++ unsigned char *padded_pub_key = NULL, *p = NULL;
++
++ fd = *(int *)cookie->eng_handle;
++
++ memset(kop, 0, sizeof(struct crypt_kop));
++ kop->crk_op = CRK_DH_COMPUTE_KEY;
++ /* inputs: dh->priv_key pub_key dh->p key */
++ spcf_bn2bin(dh->p, &p, &p_len);
++ spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
++
++ if (bn2crparam(dh->priv_key, &kop->crk_param[0]))
++ goto err;
++ kop->crk_param[1].crp_p = padded_pub_key;
++ kop->crk_param[1].crp_nbits = p_len * 8;
++ kop->crk_param[2].crp_p = p;
++ kop->crk_param[2].crp_nbits = p_len * 8;
++ kop->crk_iparams = 3;
++
++ kop->cookie = cookie;
++ kop->crk_param[3].crp_p = (void *)key;
++ kop->crk_param[3].crp_nbits = p_len * 8;
++ kop->crk_oparams = 1;
++
++ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
++ goto err;
++
++ return p_len;
++ err:
++ {
++ const DH_METHOD *meth = DH_OpenSSL();
++
++ if (kop)
++ free(kop);
++ ret = (meth->compute_key) (key, pub_key, dh);
++ /* Call user cookie handler */
++ cookie->pkc_callback(cookie, 0);
++ }
++ return (ret);
++}
++
+ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
+ const EC_POINT *pub_key, EC_KEY *ecdh,
+ void *(*KDF) (const void *in, size_t inlen,
+@@ -2650,6 +3747,197 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
+ return ret;
+ }
+
++int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
++ const EC_POINT *pub_key, EC_KEY *ecdh,
++ void *(*KDF) (const void *in,
++ size_t inlen, void *out,
++ size_t *outlen),
++ struct pkc_cookie_s *cookie)
++{
++ ec_curve_t ec_crv = EC_PRIME;
++ unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
++ BIGNUM *w_x = NULL, *w_y = NULL;
++ int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
++ BIGNUM *p = NULL, *a = NULL, *b = NULL;
++ BN_CTX *ctx;
++ EC_POINT *tmp = NULL;
++ BIGNUM *x = NULL, *y = NULL;
++ const BIGNUM *priv_key;
++ const EC_GROUP *group = NULL;
++ int ret = 1;
++ size_t buflen, len;
++ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++
++ if (!(ctx = BN_CTX_new()) || !kop)
++ goto err;
++
++ memset(kop, 0, sizeof(struct crypt_kop));
++
++ BN_CTX_start(ctx);
++ x = BN_CTX_get(ctx);
++ y = BN_CTX_get(ctx);
++ p = BN_CTX_get(ctx);
++ a = BN_CTX_get(ctx);
++ b = BN_CTX_get(ctx);
++ w_x = BN_CTX_get(ctx);
++ w_y = BN_CTX_get(ctx);
++
++ if (!x || !y || !p || !a || !b || !w_x || !w_y) {
++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ priv_key = EC_KEY_get0_private_key(ecdh);
++ if (priv_key == NULL) {
++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE);
++ goto err;
++ }
++
++ group = EC_KEY_get0_group(ecdh);
++ if ((tmp = EC_POINT_new(group)) == NULL) {
++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
++ NID_X9_62_prime_field) {
++ ec_crv = EC_PRIME;
++
++ if (!EC_POINT_get_affine_coordinates_GFp(group,
++ EC_GROUP_get0_generator
++ (group), x, y, ctx)) {
++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
++ goto err;
++ }
++
++ /* get the ECC curve parameters */
++ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
++ goto err;
++ }
++
++ /* get the public key pair for prime curve */
++ if (!EC_POINT_get_affine_coordinates_GFp
++ (group, pub_key, w_x, w_y, ctx)) {
++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
++ goto err;
++ }
++ } else {
++ ec_crv = EC_BINARY;
++
++ if (!EC_POINT_get_affine_coordinates_GF2m(group,
++ EC_GROUP_get0_generator
++ (group), x, y, ctx)) {
++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
++ goto err;
++ }
++
++ /* get the ECC curve parameters */
++ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
++ goto err;
++ }
++
++ /* get the public key pair for binary curve */
++ if (!EC_POINT_get_affine_coordinates_GF2m(group,
++ pub_key, w_x, w_y, ctx)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++ goto err;
++ }
++ }
++
++ /* irreducible polynomial that creates the field */
++ if (spcf_bn2bin((BIGNUM *)&group->order, &r, &r_len)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* Get the irreducible polynomial that creates the field */
++ if (spcf_bn2bin(p, &q, &q_len)) {
++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
++ goto err;
++ }
++
++ /* Get the public key into a flat buffer with appropriate padding */
++ pub_key_len = 2 * q_len;
++ w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len);
++ if (!w_xy) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ /* Generation of ECC curve parameters */
++ ab_len = 2 * q_len;
++ ab = eng_copy_curve_points(a, b, ab_len, q_len);
++ if (!ab) {
++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
++ goto err;
++ }
++
++ if (ec_crv == EC_BINARY) {
++ /* copy b' i.e c(b), instead of only b */
++ if (eng_ec_get_cparam
++ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
++ unsigned char *c_temp = NULL;
++ int c_temp_len = q_len;
++ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
++ memcpy(ab + q_len, c_temp, q_len);
++ else
++ goto err;
++ }
++ kop->curve_type = ECC_BINARY;
++ } else
++ kop->curve_type = ECC_PRIME;
++
++ priv_key_len = r_len;
++
++ /*
++ * If BN_num_bytes of priv_key returns less then r_len then
++ * add padding bytes before the key
++ */
++ if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) {
++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ buflen = (EC_GROUP_get_degree(group) + 7) / 8;
++ len = BN_num_bytes(x);
++ if (len > buflen || q_len < buflen) {
++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
++ goto err;
++ }
++
++ kop->crk_op = CRK_DH_COMPUTE_KEY;
++ kop->crk_param[0].crp_p = (void *)s;
++ kop->crk_param[0].crp_nbits = priv_key_len * 8;
++ kop->crk_param[1].crp_p = (void *)w_xy;
++ kop->crk_param[1].crp_nbits = pub_key_len * 8;
++ kop->crk_param[2].crp_p = (void *)q;
++ kop->crk_param[2].crp_nbits = q_len * 8;
++ kop->crk_param[3].crp_p = (void *)ab;
++ kop->crk_param[3].crp_nbits = ab_len * 8;
++ kop->crk_iparams = 4;
++ kop->crk_param[4].crp_p = (void *)out;
++ kop->crk_param[4].crp_nbits = q_len * 8;
++ kop->crk_oparams = 1;
++ kop->cookie = cookie;
++ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
++ goto err;
++
++ return q_len;
++ err:
++ {
++ const ECDH_METHOD *meth = ECDH_OpenSSL();
++
++ if (kop)
++ free(kop);
++ ret = (meth->compute_key) (out, outlen, pub_key, ecdh, KDF);
++ /* Call user cookie handler */
++ cookie->pkc_callback(cookie, 0);
++ }
++ return ret;
++}
++
+ static DH_METHOD cryptodev_dh = {
+ "cryptodev DH method",
+ NULL, /* cryptodev_dh_generate_key */
+@@ -2657,6 +3945,8 @@ static DH_METHOD cryptodev_dh = {
+ NULL,
+ NULL,
+ NULL,
++ NULL,
++ NULL,
+ 0, /* flags */
+ NULL /* app_data */
+ };
+@@ -2665,6 +3955,7 @@ static ECDH_METHOD cryptodev_ecdh = {
+ "cryptodev ECDH method",
+ NULL, /* cryptodev_ecdh_compute_key */
+ NULL,
++ NULL,
+ 0, /* flags */
+ NULL /* app_data */
+ };
+@@ -2735,10 +4026,15 @@ void ENGINE_load_cryptodev(void)
+ cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
+ if (cryptodev_asymfeat & CRF_MOD_EXP) {
+ cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
+- if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
++ cryptodev_rsa.bn_mod_exp_async = cryptodev_bn_mod_exp_async;
++ if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) {
+ cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_mod_exp;
+- else
++ cryptodev_rsa.rsa_mod_exp_async = cryptodev_rsa_mod_exp_async;
++ } else {
+ cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_nocrt_mod_exp;
++ cryptodev_rsa.rsa_mod_exp_async =
++ cryptodev_rsa_nocrt_mod_exp_async;
++ }
+ }
+ }
+
+@@ -2746,12 +4042,18 @@ void ENGINE_load_cryptodev(void)
+ const DSA_METHOD *meth = DSA_OpenSSL();
+
+ memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
+- if (cryptodev_asymfeat & CRF_DSA_SIGN)
++ if (cryptodev_asymfeat & CRF_DSA_SIGN) {
+ cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
+- if (cryptodev_asymfeat & CRF_DSA_VERIFY)
++ cryptodev_dsa.dsa_do_sign_async = cryptodev_dsa_do_sign_async;
++ }
++ if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
+ cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
+- if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY)
++ cryptodev_dsa.dsa_do_verify_async = cryptodev_dsa_verify_async;
++ }
++ if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) {
+ cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen;
++ cryptodev_dsa.dsa_keygen_async = cryptodev_dsa_keygen_async;
++ }
+ }
+
+ if (ENGINE_set_DH(engine, &cryptodev_dh)) {
+@@ -2759,9 +4061,12 @@ void ENGINE_load_cryptodev(void)
+ memcpy(&cryptodev_dh, dh_meth, sizeof(DH_METHOD));
+ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
+ cryptodev_dh.compute_key = cryptodev_dh_compute_key;
++ cryptodev_dh.compute_key_async = cryptodev_dh_compute_key_async;
+ }
+ if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) {
+ cryptodev_dh.generate_key = cryptodev_dh_keygen;
++ cryptodev_dh.generate_key_async = cryptodev_dh_keygen_async;
++
+ }
+ }
+
+@@ -2770,9 +4075,13 @@ void ENGINE_load_cryptodev(void)
+ memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD));
+ if (cryptodev_asymfeat & CRF_DSA_SIGN) {
+ cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign;
++ cryptodev_ecdsa.ecdsa_do_sign_async =
++ cryptodev_ecdsa_do_sign_async;
+ }
+ if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
+ cryptodev_ecdsa.ecdsa_do_verify = cryptodev_ecdsa_verify;
++ cryptodev_ecdsa.ecdsa_do_verify_async =
++ cryptodev_ecdsa_verify_async;
+ }
+ }
+
+@@ -2781,9 +4090,16 @@ void ENGINE_load_cryptodev(void)
+ memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD));
+ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
+ cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key;
++ cryptodev_ecdh.compute_key_async =
++ cryptodev_ecdh_compute_key_async;
+ }
+ }
+
++ ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability);
++ ENGINE_set_close_instance(engine, cryptodev_close_instance);
++ ENGINE_set_init_instance(engine, cryptodev_init_instance);
++ ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC);
++
+ ENGINE_add(engine);
+ ENGINE_free(engine);
+ ERR_clear_error();
+diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
+index 46f163b..b698a0c 100644
+--- a/crypto/engine/eng_int.h
++++ b/crypto/engine/eng_int.h
+@@ -198,6 +198,29 @@ struct engine_st {
+ ENGINE_LOAD_KEY_PTR load_privkey;
+ ENGINE_LOAD_KEY_PTR load_pubkey;
+ ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
++ /*
++ * Instantiate Engine handle to be passed in check_pkc_availability
++ * Ensure that Engine is instantiated before any pkc asynchronous call.
++ */
++ void *(*engine_init_instance)(void);
++ /*
++ * Instantiated Engine handle will be closed with this call.
++ * Ensure that no pkc asynchronous call is made after this call
++ */
++ void (*engine_close_instance)(void *handle);
++ /*
++ * Check availability will extract the data from kernel.
++ * eng_handle: This is the Engine handle corresponds to which
++ * the cookies needs to be polled.
++ * return 0 if cookie available else 1
++ */
++ int (*check_pkc_availability)(void *eng_handle);
++ /*
++ * The following map is used to check if the engine supports asynchronous implementation
++ * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous
++ * implementation need to check this features using "int ENGINE_get_async_map(engine *)";
++ */
++ int async_map;
+ const ENGINE_CMD_DEFN *cmd_defns;
+ int flags;
+ /* reference count on the structure itself */
+diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
+index dc2abd2..0c57e12 100644
+--- a/crypto/engine/eng_lib.c
++++ b/crypto/engine/eng_lib.c
+@@ -100,7 +100,11 @@ void engine_set_all_null(ENGINE *e)
+ e->ctrl = NULL;
+ e->load_privkey = NULL;
+ e->load_pubkey = NULL;
++ e->check_pkc_availability = NULL;
++ e->engine_init_instance = NULL;
++ e->engine_close_instance = NULL;
+ e->cmd_defns = NULL;
++ e->async_map = 0;
+ e->flags = 0;
+ }
+
+@@ -246,6 +250,48 @@ int ENGINE_set_id(ENGINE *e, const char *id)
+ }
+ e->id = id;
+ return 1;
++ }
++
++void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void))
++ {
++ e->engine_init_instance = engine_init_instance;
++ }
++
++void ENGINE_set_close_instance(ENGINE *e,
++ void (*engine_close_instance)(void *))
++ {
++ e->engine_close_instance = engine_close_instance;
++ }
++
++void ENGINE_set_async_map(ENGINE *e, int async_map)
++ {
++ e->async_map = async_map;
++ }
++
++void *ENGINE_init_instance(ENGINE *e)
++ {
++ return e->engine_init_instance();
++ }
++
++void ENGINE_close_instance(ENGINE *e, void *eng_handle)
++ {
++ e->engine_close_instance(eng_handle);
++ }
++
++int ENGINE_get_async_map(ENGINE *e)
++ {
++ return e->async_map;
++ }
++
++void ENGINE_set_check_pkc_availability(ENGINE *e,
++ int (*check_pkc_availability)(void *eng_handle))
++ {
++ e->check_pkc_availability = check_pkc_availability;
++ }
++
++int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle)
++ {
++ return e->check_pkc_availability(eng_handle);
+ }
+
+ int ENGINE_set_name(ENGINE *e, const char *name)
+diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
+index 020d912..4527aa1 100644
+--- a/crypto/engine/engine.h
++++ b/crypto/engine/engine.h
+@@ -551,6 +551,30 @@ ENGINE *ENGINE_new(void);
+ int ENGINE_free(ENGINE *e);
+ int ENGINE_up_ref(ENGINE *e);
+ int ENGINE_set_id(ENGINE *e, const char *id);
++void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void));
++void ENGINE_set_close_instance(ENGINE *e,
++ void (*engine_free_instance)(void *));
++/*
++ * Following FLAGS are bitmap store in async_map to set asynchronous interface capability
++ *of the engine
++ */
++#define ENGINE_RSA_ASYNC 0x0001
++#define ENGINE_DSA_ASYNC 0x0002
++#define ENGINE_DH_ASYNC 0x0004
++#define ENGINE_ECDSA_ASYNC 0x0008
++#define ENGINE_ECDH_ASYNC 0x0010
++#define ENGINE_ALLPKC_ASYNC 0x001F
++/* Engine implementation will set the bitmap based on above flags using following API */
++void ENGINE_set_async_map(ENGINE *e, int async_map);
++ /* Application need to check the bitmap based on above flags using following API
++ * to confirm asynchronous methods supported
++ */
++int ENGINE_get_async_map(ENGINE *e);
++void *ENGINE_init_instance(ENGINE *e);
++void ENGINE_close_instance(ENGINE *e, void *eng_handle);
++void ENGINE_set_check_pkc_availability(ENGINE *e,
++ int (*check_pkc_availability)(void *eng_handle));
++int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle);
+ int ENGINE_set_name(ENGINE *e, const char *name);
+ int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
+ int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
+diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
+index d2ee374..7c539fc 100644
+--- a/crypto/rsa/rsa.h
++++ b/crypto/rsa/rsa.h
+@@ -97,6 +97,29 @@ struct rsa_meth_st {
+ /* Can be null */
+ int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
++ /*
++ * Cookie in the following _async variant must be allocated before
++ * submission and can be freed once its corresponding callback
++ * handler is called
++ */
++ int (*rsa_pub_enc_asyn)(int flen,const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding,
++ struct pkc_cookie_s *cookie);
++ int (*rsa_pub_dec_async)(int flen,const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding,
++ struct pkc_cookie_s *cookie);
++ int (*rsa_priv_enc_async)(int flen,const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding,
++ struct pkc_cookie_s *cookie);
++ int (*rsa_priv_dec_async)(int flen,const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding,
++ struct pkc_cookie_s *cookie);
++ int (*rsa_mod_exp_async)(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
++ BN_CTX *ctx, struct pkc_cookie_s *cookie);
++ int (*bn_mod_exp_async)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
++ const BIGNUM *m, BN_CTX *ctx,
++ BN_MONT_CTX *m_ctx, struct pkc_cookie_s *cookie);
++
+ /* called at new */
+ int (*init) (RSA *rsa);
+ /* called at free */
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Fixed-private-key-support-for-DH.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Fixed-private-key-support-for-DH.patch
deleted file mode 100644
index 12fcd7d..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Fixed-private-key-support-for-DH.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 8322e4157bf49d992b5b9e460f2c0785865dd1c1 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Thu, 20 Mar 2014 19:55:51 -0500
-Subject: [PATCH 07/26] Fixed private key support for DH
-
-Upstream-status: Pending
-
-Required Length of the DH result is not returned in dh method in openssl
-
-Tested-by: Yashpal Dutta <yashpal.dutta at freescale.com>
----
- crypto/dh/dh_ameth.c | 7 -------
- 1 file changed, 7 deletions(-)
-
-diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
-index ed32004..02ec2d4 100644
---- a/crypto/dh/dh_ameth.c
-+++ b/crypto/dh/dh_ameth.c
-@@ -422,13 +422,6 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
- if (to->pkey.dh->g != NULL)
- BN_free(to->pkey.dh->g);
- to->pkey.dh->g=a;
-- if ((a=BN_dup(from->pkey.dh->q)) != NULL) {
-- if (to->pkey.dh->q != NULL)
-- BN_free(to->pkey.dh->q);
-- to->pkey.dh->q=a;
-- }
--
-- to->pkey.dh->length = from->pkey.dh->length;
-
- return 1;
- }
---
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
new file mode 100644
index 0000000..ccd24e3
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
@@ -0,0 +1,155 @@
+From 94a3fc9f437c20726209cea19256c419837055a2 Mon Sep 17 00:00:00 2001
+From: Hou Zhiqiang <B48286 at freescale.com>
+Date: Wed, 2 Apr 2014 16:10:43 +0800
+Subject: [PATCH 08/48] Add RSA keygen operation and support gendsa command
+ with hardware engine
+
+Upstream-status: Pending
+
+Signed-off-by: Hou Zhiqiang <B48286 at freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 120 ++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 120 insertions(+)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 8303630..44017a3 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -2009,6 +2009,124 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
+ }
+ }
+
++/* Cryptodev RSA Key Gen routine */
++static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
++{
++ struct crypt_kop kop;
++ int ret, fd;
++ int p_len, q_len;
++ int i;
++
++ if ((fd = get_asym_dev_crypto()) < 0)
++ return fd;
++
++ if (!rsa->n && ((rsa->n = BN_new()) == NULL))
++ goto err;
++ if (!rsa->d && ((rsa->d = BN_new()) == NULL))
++ goto err;
++ if (!rsa->e && ((rsa->e = BN_new()) == NULL))
++ goto err;
++ if (!rsa->p && ((rsa->p = BN_new()) == NULL))
++ goto err;
++ if (!rsa->q && ((rsa->q = BN_new()) == NULL))
++ goto err;
++ if (!rsa->dmp1 && ((rsa->dmp1 = BN_new()) == NULL))
++ goto err;
++ if (!rsa->dmq1 && ((rsa->dmq1 = BN_new()) == NULL))
++ goto err;
++ if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL))
++ goto err;
++
++ BN_copy(rsa->e, e);
++
++ p_len = (bits + 1) / (2 * 8);
++ q_len = (bits - p_len * 8) / 8;
++ memset(&kop, 0, sizeof kop);
++ kop.crk_op = CRK_RSA_GENERATE_KEY;
++
++ /* p length */
++ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
++ if (!kop.crk_param[kop.crk_iparams].crp_p)
++ goto err;
++ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
++ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
++ kop.crk_iparams++;
++ kop.crk_oparams++;
++ /* q length */
++ kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
++ if (!kop.crk_param[kop.crk_iparams].crp_p)
++ goto err;
++ kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
++ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
++ kop.crk_iparams++;
++ kop.crk_oparams++;
++ /* n length */
++ kop.crk_param[kop.crk_iparams].crp_p =
++ calloc(p_len + q_len + 1, sizeof(char));
++ if (!kop.crk_param[kop.crk_iparams].crp_p)
++ goto err;
++ kop.crk_param[kop.crk_iparams].crp_nbits = bits;
++ memset(kop.crk_param[kop.crk_iparams].crp_p, 0x00, p_len + q_len + 1);
++ kop.crk_iparams++;
++ kop.crk_oparams++;
++ /* d length */
++ kop.crk_param[kop.crk_iparams].crp_p =
++ calloc(p_len + q_len + 1, sizeof(char));
++ if (!kop.crk_param[kop.crk_iparams].crp_p)
++ goto err;
++ kop.crk_param[kop.crk_iparams].crp_nbits = bits;
++ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + q_len + 1);
++ kop.crk_iparams++;
++ kop.crk_oparams++;
++ /* dp1 length */
++ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
++ if (!kop.crk_param[kop.crk_iparams].crp_p)
++ goto err;
++ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
++ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
++ kop.crk_iparams++;
++ kop.crk_oparams++;
++ /* dq1 length */
++ kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
++ if (!kop.crk_param[kop.crk_iparams].crp_p)
++ goto err;
++ kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
++ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
++ kop.crk_iparams++;
++ kop.crk_oparams++;
++ /* i length */
++ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
++ if (!kop.crk_param[kop.crk_iparams].crp_p)
++ goto err;
++ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
++ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
++ kop.crk_iparams++;
++ kop.crk_oparams++;
++
++ if (ioctl(fd, CIOCKEY, &kop) == 0) {
++ BN_bin2bn(kop.crk_param[0].crp_p, p_len, rsa->p);
++ BN_bin2bn(kop.crk_param[1].crp_p, q_len, rsa->q);
++ BN_bin2bn(kop.crk_param[2].crp_p, bits / 8, rsa->n);
++ BN_bin2bn(kop.crk_param[3].crp_p, bits / 8, rsa->d);
++ BN_bin2bn(kop.crk_param[4].crp_p, p_len, rsa->dmp1);
++ BN_bin2bn(kop.crk_param[5].crp_p, q_len, rsa->dmq1);
++ BN_bin2bn(kop.crk_param[6].crp_p, p_len, rsa->iqmp);
++ return 1;
++ }
++ sw_try:
++ {
++ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
++ ret = (meth->rsa_keygen) (rsa, bits, e, cb);
++ }
++ return ret;
++
++ err:
++ for (i = 0; i < CRK_MAXPARAM; i++)
++ free(kop.crk_param[i].crp_p);
++ return 0;
++
++}
++
+ /* Cryptodev DSA Key Gen routine */
+ static int cryptodev_dsa_keygen(DSA *dsa)
+ {
+@@ -4035,6 +4153,8 @@ void ENGINE_load_cryptodev(void)
+ cryptodev_rsa.rsa_mod_exp_async =
+ cryptodev_rsa_nocrt_mod_exp_async;
+ }
++ if (cryptodev_asymfeat & CRF_RSA_GENERATE_KEY)
++ cryptodev_rsa.rsa_keygen = cryptodev_rsa_keygen;
+ }
+ }
+
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Initial-support-for-PKC-in-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Initial-support-for-PKC-in-cryptodev-engine.patch
deleted file mode 100644
index 98272ab..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Initial-support-for-PKC-in-cryptodev-engine.patch
+++ /dev/null
@@ -1,1564 +0,0 @@
-From 107a10d45db0f2e58482f698add04ed9183f7268 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Tue, 11 Mar 2014 06:29:52 +0545
-Subject: [PATCH 08/26] Initial support for PKC in cryptodev engine
-
-Upstream-status: Pending
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 1343 ++++++++++++++++++++++++++++++++++++-----
- 1 file changed, 1183 insertions(+), 160 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index e3eb98b..7ee314b 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -54,11 +54,14 @@ ENGINE_load_cryptodev(void)
- #else
-
- #include <sys/types.h>
--#include <crypto/cryptodev.h>
- #include <crypto/dh/dh.h>
- #include <crypto/dsa/dsa.h>
- #include <crypto/err/err.h>
- #include <crypto/rsa/rsa.h>
-+#include <crypto/ecdsa/ecs_locl.h>
-+#include <crypto/ecdh/ech_locl.h>
-+#include <crypto/ec/ec_lcl.h>
-+#include <crypto/ec/ec.h>
- #include <sys/ioctl.h>
- #include <errno.h>
- #include <stdio.h>
-@@ -68,6 +71,8 @@ ENGINE_load_cryptodev(void)
- #include <syslog.h>
- #include <errno.h>
- #include <string.h>
-+#include "eng_cryptodev_ec.h"
-+#include <crypto/cryptodev.h>
-
- struct dev_crypto_state {
- struct session_op d_sess;
-@@ -116,18 +121,10 @@ static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
- static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
- RSA *rsa, BN_CTX *ctx);
- static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
--static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
-- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
--static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
-- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
-- BN_CTX *ctx, BN_MONT_CTX *mont);
- static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,
- int dlen, DSA *dsa);
- static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa);
--static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
-- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-- BN_MONT_CTX *m_ctx);
- static int cryptodev_dh_compute_key(unsigned char *key,
- const BIGNUM *pub_key, DH *dh);
- static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
-@@ -136,6 +133,102 @@ void ENGINE_load_cryptodev(void);
- const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
-
-+static int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
-+{
-+ int len;
-+ unsigned char *p;
-+
-+ len = BN_num_bytes(bn);
-+
-+ if (!len)
-+ return -1;
-+
-+ p = malloc(len);
-+ if (!p)
-+ return -1;
-+
-+ BN_bn2bin(bn,p);
-+
-+ *bin = p;
-+ *bin_len = len;
-+
-+ return 0;
-+}
-+
-+static int spcf_bn2bin_ex(BIGNUM *bn, unsigned char **bin, int *bin_len)
-+{
-+ int len;
-+ unsigned char *p;
-+
-+ len = BN_num_bytes(bn);
-+
-+ if (!len)
-+ return -1;
-+
-+ if (len < *bin_len)
-+ p = malloc(*bin_len);
-+ else
-+ p = malloc(len);
-+
-+ if (!p)
-+ return -ENOMEM;
-+
-+ if (len < *bin_len) {
-+ /* place padding */
-+ memset(p, 0, (*bin_len - len));
-+ BN_bn2bin(bn,p+(*bin_len-len));
-+ } else {
-+ BN_bn2bin(bn,p);
-+ }
-+
-+ *bin = p;
-+ if (len >= *bin_len)
-+ *bin_len = len;
-+
-+ return 0;
-+}
-+
-+/**
-+ * Convert an ECC F2m 'b' parameter into the 'c' parameter.
-+ *Inputs:
-+ * q, the curve's modulus
-+ * b, the curve's b parameter
-+ * (a bignum for b, a buffer for c)
-+ * Output:
-+ * c, written into bin, right-adjusted to fill q_len bytes.
-+ */
-+static int
-+eng_ec_compute_cparam(const BIGNUM* b, const BIGNUM* q,
-+ unsigned char **bin, int *bin_len)
-+{
-+ BIGNUM* c = BN_new();
-+ BIGNUM* exp = BN_new();
-+ BN_CTX *ctx = BN_CTX_new();
-+ int m = BN_num_bits(q) - 1;
-+ int ok = 0;
-+
-+ if (!c || !exp || !ctx || *bin)
-+ goto err;
-+
-+ /*
-+ * We have to compute c, where b = c^4, i.e., the fourth root of b.
-+ * The equation for c is c = b^(2^(m-2))
-+ * Compute exp = 2^(m-2)
-+ * (1 << x) == 2^x
-+ * and then compute c = b^exp
-+ */
-+ BN_lshift(exp, BN_value_one(), m-2);
-+ BN_GF2m_mod_exp(c, b, exp, q, ctx);
-+ /* Store c */
-+ spcf_bn2bin_ex(c, bin, bin_len);
-+ ok = 1;
-+err:
-+ if (ctx) BN_CTX_free(ctx);
-+ if (c) BN_free(c);
-+ if (exp) BN_free(exp);
-+ return ok;
-+}
-+
- static const ENGINE_CMD_DEFN cryptodev_defns[] = {
- { 0, NULL, NULL, 0 }
- };
-@@ -1139,7 +1232,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
- static int
- bn2crparam(const BIGNUM *a, struct crparam *crp)
- {
-- int i, j, k;
- ssize_t bytes, bits;
- u_char *b;
-
-@@ -1156,15 +1248,7 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
-
- crp->crp_p = (caddr_t) b;
- crp->crp_nbits = bits;
--
-- for (i = 0, j = 0; i < a->top; i++) {
-- for (k = 0; k < BN_BITS2 / 8; k++) {
-- if ((j + k) >= bytes)
-- return (0);
-- b[j + k] = a->d[i] >> (k * 8);
-- }
-- j += BN_BITS2 / 8;
-- }
-+ BN_bn2bin(a, crp->crp_p);
- return (0);
- }
-
-@@ -1172,22 +1256,14 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
- static int
- crparam2bn(struct crparam *crp, BIGNUM *a)
- {
-- u_int8_t *pd;
-- int i, bytes;
-+ int bytes;
-
- bytes = (crp->crp_nbits + 7) / 8;
-
- if (bytes == 0)
- return (-1);
-
-- if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
-- return (-1);
--
-- for (i = 0; i < bytes; i++)
-- pd[i] = crp->crp_p[bytes - i - 1];
--
-- BN_bin2bn(pd, bytes, a);
-- free(pd);
-+ BN_bin2bn(crp->crp_p, bytes, a);
-
- return (0);
- }
-@@ -1235,6 +1311,32 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
- return (ret);
- }
-
-+/* Close an opened instance of cryptodev engine */
-+void cryptodev_close_instance(void *handle)
-+{
-+ int fd;
-+
-+ if (handle) {
-+ fd = *(int *)handle;
-+ close(fd);
-+ free(handle);
-+ }
-+}
-+
-+/* Create an instance of cryptodev for asynchronous interface */
-+void *cryptodev_init_instance(void)
-+{
-+ int *fd = malloc(sizeof(int));
-+
-+ if (fd) {
-+ if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) {
-+ free(fd);
-+ return NULL;
-+ }
-+ }
-+ return fd;
-+}
-+
- static int
- cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-@@ -1250,9 +1352,9 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- return (ret);
- }
-
-- memset(&kop, 0, sizeof kop);
- kop.crk_op = CRK_MOD_EXP;
--
-+ kop.crk_oparams = 0;
-+ kop.crk_status = 0;
- /* inputs: a^p % m */
- if (bn2crparam(a, &kop.crk_param[0]))
- goto err;
-@@ -1293,28 +1395,38 @@ static int
- cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- struct crypt_kop kop;
-- int ret = 1;
-+ int ret = 1, f_len, p_len, q_len;
-+ unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq = NULL, *c = NULL;
-
- if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
- /* XXX 0 means failure?? */
- return (0);
- }
-
-- memset(&kop, 0, sizeof kop);
-+ kop.crk_oparams = 0;
-+ kop.crk_status = 0;
- kop.crk_op = CRK_MOD_EXP_CRT;
-+ f_len = BN_num_bytes(rsa->n);
-+ spcf_bn2bin_ex(I, &f, &f_len);
-+ spcf_bn2bin(rsa->p, &p, &p_len);
-+ spcf_bn2bin(rsa->q, &q, &q_len);
-+ spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
-+ spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
-+ spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
- /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
-- if (bn2crparam(rsa->p, &kop.crk_param[0]))
-- goto err;
-- if (bn2crparam(rsa->q, &kop.crk_param[1]))
-- goto err;
-- if (bn2crparam(I, &kop.crk_param[2]))
-- goto err;
-- if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
-- goto err;
-- if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
-- goto err;
-- if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
-- goto err;
-+ kop.crk_param[0].crp_p = p;
-+ kop.crk_param[0].crp_nbits = p_len * 8;
-+ kop.crk_param[1].crp_p = q;
-+ kop.crk_param[1].crp_nbits = q_len * 8;
-+ kop.crk_param[2].crp_p = f;
-+ kop.crk_param[2].crp_nbits = f_len * 8;
-+ kop.crk_param[3].crp_p = dp;
-+ kop.crk_param[3].crp_nbits = p_len * 8;
-+ /* dq must of length q, rest all of length p*/
-+ kop.crk_param[4].crp_p = dq;
-+ kop.crk_param[4].crp_nbits = q_len * 8;
-+ kop.crk_param[5].crp_p = c;
-+ kop.crk_param[5].crp_nbits = p_len * 8;
- kop.crk_iparams = 6;
-
- if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
-@@ -1350,90 +1462,117 @@ static RSA_METHOD cryptodev_rsa = {
- NULL /* rsa_verify */
- };
-
--static int
--cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
--{
-- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
--}
--
--static int
--cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
-- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
-- BN_CTX *ctx, BN_MONT_CTX *mont)
-+static DSA_SIG *
-+cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
- {
-- BIGNUM t2;
-- int ret = 0;
--
-- BN_init(&t2);
--
-- /* v = ( g^u1 * y^u2 mod p ) mod q */
-- /* let t1 = g ^ u1 mod p */
-- ret = 0;
-+ struct crypt_kop kop;
-+ BIGNUM *c = NULL, *d = NULL;
-+ DSA_SIG *dsaret = NULL;
-+ int q_len = 0, r_len = 0, g_len = 0;
-+ int priv_key_len = 0, ret;
-+ unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f = NULL;
-
-- if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
-+ memset(&kop, 0, sizeof kop);
-+ if ((c = BN_new()) == NULL) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
-+ }
-
-- /* let t2 = y ^ u2 mod p */
-- if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
-+ if ((d = BN_new()) == NULL) {
-+ BN_free(c);
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
-- /* let u1 = t1 * t2 mod p */
-- if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
-+ }
-+
-+ if (spcf_bn2bin(dsa->p, &q, &q_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
- goto err;
-+ }
-
-- BN_copy(t1,u1);
-+ /* Get order of the field of private keys into plain buffer */
-+ if (spcf_bn2bin (dsa->q, &r, &r_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-
-- ret = 1;
--err:
-- BN_free(&t2);
-- return(ret);
--}
-+ /* sanity test */
-+ if (dlen > r_len) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-+ goto err;
-+ }
-
--static DSA_SIG *
--cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
--{
-- struct crypt_kop kop;
-- BIGNUM *r = NULL, *s = NULL;
-- DSA_SIG *dsaret = NULL;
-+ g_len = q_len;
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-
-- if ((r = BN_new()) == NULL)
-+ priv_key_len = r_len;
-+ /**
-+ * Get private key into a plain buffer. If length is less than
-+ * r_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
-- if ((s = BN_new()) == NULL) {
-- BN_free(r);
-+ }
-+
-+ /* Allocate memory to store hash. */
-+ f = OPENSSL_malloc (r_len);
-+ if (!f) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
-- memset(&kop, 0, sizeof kop);
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ if (dlen < r_len)
-+ memset(f, 0, r_len - dlen);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dlen, dgst, dlen);
-+
- kop.crk_op = CRK_DSA_SIGN;
-
- /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-- kop.crk_param[0].crp_p = (caddr_t)dgst;
-- kop.crk_param[0].crp_nbits = dlen * 8;
-- if (bn2crparam(dsa->p, &kop.crk_param[1]))
-- goto err;
-- if (bn2crparam(dsa->q, &kop.crk_param[2]))
-- goto err;
-- if (bn2crparam(dsa->g, &kop.crk_param[3]))
-- goto err;
-- if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
-- goto err;
-+ kop.crk_param[0].crp_p = (void*)f;
-+ kop.crk_param[0].crp_nbits = r_len * 8;
-+ kop.crk_param[1].crp_p = (void*)q;
-+ kop.crk_param[1].crp_nbits = q_len * 8;
-+ kop.crk_param[2].crp_p = (void*)r;
-+ kop.crk_param[2].crp_nbits = r_len * 8;
-+ kop.crk_param[3].crp_p = (void*)g;
-+ kop.crk_param[3].crp_nbits = g_len * 8;
-+ kop.crk_param[4].crp_p = (void*)priv_key;
-+ kop.crk_param[4].crp_nbits = priv_key_len * 8;
- kop.crk_iparams = 5;
-
-- if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
-- BN_num_bytes(dsa->q), s) == 0) {
-- dsaret = DSA_SIG_new();
-- dsaret->r = r;
-- dsaret->s = s;
-- } else {
-- const DSA_METHOD *meth = DSA_OpenSSL();
-- BN_free(r);
-- BN_free(s);
-- dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
-+ ret = cryptodev_asym(&kop, r_len, c, r_len, d);
-+
-+ if (ret) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DECODE_ERROR);
-+ goto err;
- }
--err:
-- kop.crk_param[0].crp_p = NULL;
-+
-+ dsaret = DSA_SIG_new();
-+ dsaret->r = c;
-+ dsaret->s = d;
-+
- zapparams(&kop);
- return (dsaret);
-+err:
-+ {
-+ const DSA_METHOD *meth = DSA_OpenSSL();
-+ if (c)
-+ BN_free(c);
-+ if (d)
-+ BN_free(d);
-+ dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
-+ return (dsaret);
-+ }
- }
-
- static int
-@@ -1441,42 +1580,179 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
- DSA_SIG *sig, DSA *dsa)
- {
- struct crypt_kop kop;
-- int dsaret = 1;
-+ int dsaret = 1, q_len = 0, r_len = 0, g_len = 0;
-+ int w_len = 0 ,c_len = 0, d_len = 0, ret = -1;
-+ unsigned char * q = NULL, * r = NULL, * w = NULL, * g = NULL;
-+ unsigned char * c = NULL, * d = NULL, *f = NULL;
-
- memset(&kop, 0, sizeof kop);
- kop.crk_op = CRK_DSA_VERIFY;
-
-- /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
-- kop.crk_param[0].crp_p = (caddr_t)dgst;
-- kop.crk_param[0].crp_nbits = dlen * 8;
-- if (bn2crparam(dsa->p, &kop.crk_param[1]))
-+ if (spcf_bn2bin(dsa->p, &q, &q_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ return ret;
-+ }
-+
-+ /* Get Order of field of private keys */
-+ if (spcf_bn2bin(dsa->q, &r, &r_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
-- if (bn2crparam(dsa->q, &kop.crk_param[2]))
-+ }
-+
-+ g_len = q_len;
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
-- if (bn2crparam(dsa->g, &kop.crk_param[3]))
-+ }
-+ w_len = q_len;
-+ /**
-+ * Get public key into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ /**
-+ * Get the 1st part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ c_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
-- if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
-+ }
-+
-+ /**
-+ * Get the 2nd part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ d_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
-- if (bn2crparam(sig->r, &kop.crk_param[5]))
-+ }
-+
-+
-+ /* Sanity test */
-+ if (dlen > r_len) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
-- if (bn2crparam(sig->s, &kop.crk_param[6]))
-+ }
-+
-+ /* Allocate memory to store hash. */
-+ f = OPENSSL_malloc (r_len);
-+ if (!f) {
-+ DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ if (dlen < r_len)
-+ memset(f, 0, r_len - dlen);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dlen, dgst, dlen);
-+
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
-+ kop.crk_param[0].crp_p = (void*)f;
-+ kop.crk_param[0].crp_nbits = r_len * 8;
-+ kop.crk_param[1].crp_p = q;
-+ kop.crk_param[1].crp_nbits = q_len * 8;
-+ kop.crk_param[2].crp_p = r;
-+ kop.crk_param[2].crp_nbits = r_len * 8;
-+ kop.crk_param[3].crp_p = g;
-+ kop.crk_param[3].crp_nbits = g_len * 8;
-+ kop.crk_param[4].crp_p = w;
-+ kop.crk_param[4].crp_nbits = w_len * 8;
-+ kop.crk_param[5].crp_p = c;
-+ kop.crk_param[5].crp_nbits = c_len * 8;
-+ kop.crk_param[6].crp_p = d;
-+ kop.crk_param[6].crp_nbits = d_len * 8;
- kop.crk_iparams = 7;
-
-- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
--/*OCF success value is 0, if not zero, change dsaret to fail*/
-- if(0 != kop.crk_status) dsaret = 0;
-- } else {
-- const DSA_METHOD *meth = DSA_OpenSSL();
-+ if ((cryptodev_asym(&kop, 0, NULL, 0, NULL))) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR);
-+ goto err;
-+ }
-
-- dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
-+ /*OCF success value is 0, if not zero, change dsaret to fail*/
-+ if(0 != kop.crk_status) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR);
-+ goto err;
- }
--err:
-- kop.crk_param[0].crp_p = NULL;
-+
- zapparams(&kop);
- return (dsaret);
-+err:
-+ {
-+ const DSA_METHOD *meth = DSA_OpenSSL();
-+
-+ dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
-+ }
-+ return dsaret;
- }
-
-+/* Cryptodev DSA Key Gen routine */
-+static int cryptodev_dsa_keygen(DSA *dsa)
-+{
-+ struct crypt_kop kop;
-+ int ret = 1, g_len;
-+ unsigned char *g = NULL;
-+
-+ if (dsa->priv_key == NULL) {
-+ if ((dsa->priv_key=BN_new()) == NULL)
-+ goto sw_try;
-+ }
-+
-+ if (dsa->pub_key == NULL) {
-+ if ((dsa->pub_key=BN_new()) == NULL)
-+ goto sw_try;
-+ }
-+
-+ g_len = BN_num_bytes(dsa->p);
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * p_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+ DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto sw_try;
-+ }
-+
-+ memset(&kop, 0, sizeof kop);
-+
-+ kop.crk_op = CRK_DSA_GENERATE_KEY;
-+ if (bn2crparam(dsa->p, &kop.crk_param[0]))
-+ goto sw_try;
-+ if (bn2crparam(dsa->q, &kop.crk_param[1]))
-+ goto sw_try;
-+ kop.crk_param[2].crp_p = g;
-+ kop.crk_param[2].crp_nbits = g_len * 8;
-+ kop.crk_iparams = 3;
-+
-+ /* pub_key is or prime length while priv key is of length of order */
-+ if (cryptodev_asym(&kop, BN_num_bytes(dsa->p), dsa->pub_key,
-+ BN_num_bytes(dsa->q), dsa->priv_key))
-+ goto sw_try;
-+
-+ return ret;
-+sw_try:
-+ {
-+ const DSA_METHOD *meth = DSA_OpenSSL();
-+ ret = (meth->dsa_keygen)(dsa);
-+ }
-+ return ret;
-+}
-+
-+
-+
- static DSA_METHOD cryptodev_dsa = {
- "cryptodev DSA method",
- NULL,
-@@ -1490,12 +1766,543 @@ static DSA_METHOD cryptodev_dsa = {
- NULL /* app_data */
- };
-
--static int
--cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
-- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-- BN_MONT_CTX *m_ctx)
-+static ECDSA_METHOD cryptodev_ecdsa = {
-+ "cryptodev ECDSA method",
-+ NULL,
-+ NULL, /* ecdsa_sign_setup */
-+ NULL,
-+ NULL,
-+ 0, /* flags */
-+ NULL /* app_data */
-+};
-+
-+typedef enum ec_curve_s
-+{
-+ EC_PRIME,
-+ EC_BINARY
-+} ec_curve_t;
-+
-+/* ENGINE handler for ECDSA Sign */
-+static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst,
-+ int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
- {
-- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
-+ BIGNUM *m = NULL, *p = NULL, *a = NULL;
-+ BIGNUM *b = NULL, *x = NULL, *y = NULL;
-+ BN_CTX *ctx = NULL;
-+ ECDSA_SIG *ret = NULL;
-+ ECDSA_DATA *ecdsa = NULL;
-+ unsigned char * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
-+ unsigned char * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
-+ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
-+ int g_len = 0, d_len = 0, ab_len = 0;
-+ const BIGNUM *order = NULL, *priv_key=NULL;
-+ const EC_GROUP *group = NULL;
-+ struct crypt_kop kop;
-+ ec_curve_t ec_crv = EC_PRIME;
-+
-+ memset(&kop, 0, sizeof(kop));
-+ ecdsa = ecdsa_check(eckey);
-+ if (!ecdsa) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+ return NULL;
-+ }
-+
-+ group = EC_KEY_get0_group(eckey);
-+ priv_key = EC_KEY_get0_private_key(eckey);
-+
-+ if (!group || !priv_key) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+ return NULL;
-+ }
-+
-+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+ (y = BN_new()) == NULL) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ order = &group->order;
-+ if (!order || BN_is_zero(order)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
-+ goto err;
-+ }
-+
-+ i = BN_num_bits(order);
-+ /* Need to truncate digest if it is too long: first truncate whole
-+ bytes */
-+ if (8 * dgst_len > i)
-+ dgst_len = (i + 7)/8;
-+
-+ if (!BN_bin2bn(dgst, dgst_len, m)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* If still too long truncate remaining bits with a shift */
-+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* copy the truncated bits into plain buffer */
-+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
-+ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__);
-+ goto err;
-+ }
-+
-+ ret = ECDSA_SIG_new();
-+ if (!ret) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* check if this is prime or binary EC request */
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
-+ ec_crv = EC_PRIME;
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group),
-+ x, y,ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) {
-+ ec_crv = EC_BINARY;
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ EC_GROUP_get0_generator(group), x, y,ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ if (spcf_bn2bin(order, &r, &r_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ if (spcf_bn2bin(p, &q, &q_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ priv_key_len = r_len;
-+
-+ /**
-+ * If BN_num_bytes of priv_key returns less then r_len then
-+ * add padding bytes before the key
-+ */
-+ if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Generation of ECC curve parameters */
-+ ab_len = 2*q_len;
-+ ab = eng_copy_curve_points(a, b, ab_len, q_len);
-+ if (!ab) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ if (ec_crv == EC_BINARY) {
-+ if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
-+ {
-+ unsigned char *c_temp = NULL;
-+ int c_temp_len = q_len;
-+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+ memcpy(ab+q_len, c_temp, q_len);
-+ else
-+ goto err;
-+ }
-+ kop.curve_type = ECC_BINARY;
-+ }
-+
-+ /* Calculation of Generator point */
-+ g_len = 2*q_len;
-+ g_xy = eng_copy_curve_points(x, y, g_len, q_len);
-+ if (!g_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Memory allocation for first part of digital signature */
-+ c = malloc(r_len);
-+ if (!c) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ d_len = r_len;
-+
-+ /* Memory allocation for second part of digital signature */
-+ d = malloc(d_len);
-+ if (!d) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* memory for message representative */
-+ f = malloc(r_len);
-+ if (!f) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ memset(f, 0, r_len - dgst_len);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
-+
-+ dgst_len += r_len - dgst_len;
-+ kop.crk_op = CRK_DSA_SIGN;
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+ kop.crk_param[0].crp_p = f;
-+ kop.crk_param[0].crp_nbits = dgst_len * 8;
-+ kop.crk_param[1].crp_p = q;
-+ kop.crk_param[1].crp_nbits = q_len * 8;
-+ kop.crk_param[2].crp_p = r;
-+ kop.crk_param[2].crp_nbits = r_len * 8;
-+ kop.crk_param[3].crp_p = g_xy;
-+ kop.crk_param[3].crp_nbits = g_len * 8;
-+ kop.crk_param[4].crp_p = s;
-+ kop.crk_param[4].crp_nbits = priv_key_len * 8;
-+ kop.crk_param[5].crp_p = ab;
-+ kop.crk_param[5].crp_nbits = ab_len * 8;
-+ kop.crk_iparams = 6;
-+ kop.crk_param[6].crp_p = c;
-+ kop.crk_param[6].crp_nbits = d_len * 8;
-+ kop.crk_param[7].crp_p = d;
-+ kop.crk_param[7].crp_nbits = d_len * 8;
-+ kop.crk_oparams = 2;
-+
-+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-+ /* Check if ret->r and s needs to allocated */
-+ crparam2bn(&kop.crk_param[6], ret->r);
-+ crparam2bn(&kop.crk_param[7], ret->s);
-+ } else {
-+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+ ret = (meth->ecdsa_do_sign)(dgst, dgst_len, in_kinv, in_r, eckey);
-+ }
-+ kop.crk_param[0].crp_p = NULL;
-+ zapparams(&kop);
-+err:
-+ if (!ret) {
-+ ECDSA_SIG_free(ret);
-+ ret = NULL;
-+ }
-+ return ret;
-+}
-+
-+static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
-+ ECDSA_SIG *sig, EC_KEY *eckey)
-+{
-+ BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL;
-+ BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
-+ BN_CTX *ctx = NULL;
-+ ECDSA_DATA *ecdsa = NULL;
-+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy = NULL;
-+ unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
-+ int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0;
-+ int d_len = 0, ab_len = 0, ret = -1;
-+ const EC_POINT *pub_key = NULL;
-+ const BIGNUM *order = NULL;
-+ const EC_GROUP *group=NULL;
-+ ec_curve_t ec_crv = EC_PRIME;
-+ struct crypt_kop kop;
-+
-+ memset(&kop, 0, sizeof kop);
-+ ecdsa = ecdsa_check(eckey);
-+ if (!ecdsa) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
-+ return ret;
-+ }
-+
-+ group = EC_KEY_get0_group(eckey);
-+ pub_key = EC_KEY_get0_public_key(eckey);
-+
-+ if (!group || !pub_key) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
-+ return ret;
-+ }
-+
-+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+ (y = BN_new()) == NULL || (w_x = BN_new()) == NULL ||
-+ (w_y = BN_new()) == NULL) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ order = &group->order;
-+ if (!order || BN_is_zero(order)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
-+ goto err;
-+ }
-+
-+ i = BN_num_bits(order);
-+ /* Need to truncate digest if it is too long: first truncate whole
-+ * bytes */
-+ if (8 * dgst_len > i)
-+ dgst_len = (i + 7)/8;
-+
-+ if (!BN_bin2bn(dgst, dgst_len, m)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* If still too long truncate remaining bits with a shift */
-+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+ /* copy the truncated bits into plain buffer */
-+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* check if this is prime or binary EC request */
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
-+ ec_crv = EC_PRIME;
-+
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GFp (group,
-+ EC_GROUP_get0_generator(group), x, y,ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for prime curve */
-+ if (!EC_POINT_get_affine_coordinates_GFp (group,
-+ pub_key, w_x, w_y,ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field){
-+ ec_crv = EC_BINARY;
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ EC_GROUP_get0_generator(group),x, y,ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for binary curve */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ pub_key, w_x, w_y,ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ }else {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* Get the order of the subgroup of private keys */
-+ if (spcf_bn2bin((BIGNUM*)order, &r, &r_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the irreducible polynomial that creates the field */
-+ if (spcf_bn2bin(p, &q, &q_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the public key into a flat buffer with appropriate padding */
-+ pub_key_len = 2 * q_len;
-+
-+ w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len);
-+ if (!w_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Generation of ECC curve parameters */
-+ ab_len = 2*q_len;
-+
-+ ab = eng_copy_curve_points (a, b, ab_len, q_len);
-+ if (!ab) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ if (ec_crv == EC_BINARY) {
-+ /* copy b' i.e c(b), instead of only b */
-+ if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
-+ {
-+ unsigned char *c_temp = NULL;
-+ int c_temp_len = q_len;
-+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+ memcpy(ab+q_len, c_temp, q_len);
-+ else
-+ goto err;
-+ }
-+ kop.curve_type = ECC_BINARY;
-+ }
-+
-+ /* Calculation of Generator point */
-+ g_len = 2 * q_len;
-+
-+ g_xy = eng_copy_curve_points (x, y, g_len, q_len);
-+ if (!g_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /**
-+ * Get the 1st part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ if (BN_num_bytes(sig->r) < r_len)
-+ c_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /**
-+ * Get the 2nd part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ if (BN_num_bytes(sig->s) < r_len)
-+ d_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* memory for message representative */
-+ f = malloc(r_len);
-+ if (!f) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ memset(f, 0, r_len-dgst_len);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len);
-+ dgst_len += r_len-dgst_len;
-+ kop.crk_op = CRK_DSA_VERIFY;
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+ kop.crk_param[0].crp_p = f;
-+ kop.crk_param[0].crp_nbits = dgst_len * 8;
-+ kop.crk_param[1].crp_p = q;
-+ kop.crk_param[1].crp_nbits = q_len * 8;
-+ kop.crk_param[2].crp_p = r;
-+ kop.crk_param[2].crp_nbits = r_len * 8;
-+ kop.crk_param[3].crp_p = g_xy;
-+ kop.crk_param[3].crp_nbits = g_len * 8;
-+ kop.crk_param[4].crp_p = w_xy;
-+ kop.crk_param[4].crp_nbits = pub_key_len * 8;
-+ kop.crk_param[5].crp_p = ab;
-+ kop.crk_param[5].crp_nbits = ab_len * 8;
-+ kop.crk_param[6].crp_p = c;
-+ kop.crk_param[6].crp_nbits = d_len * 8;
-+ kop.crk_param[7].crp_p = d;
-+ kop.crk_param[7].crp_nbits = d_len * 8;
-+ kop.crk_iparams = 8;
-+
-+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-+ /*OCF success value is 0, if not zero, change ret to fail*/
-+ if(0 == kop.crk_status)
-+ ret = 1;
-+ } else {
-+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+
-+ ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey);
-+ }
-+ kop.crk_param[0].crp_p = NULL;
-+ zapparams(&kop);
-+
-+err:
-+ return ret;
-+}
-+
-+static int cryptodev_dh_keygen(DH *dh)
-+{
-+ struct crypt_kop kop;
-+ int ret = 1, g_len;
-+ unsigned char *g = NULL;
-+
-+ if (dh->priv_key == NULL) {
-+ if ((dh->priv_key=BN_new()) == NULL)
-+ goto sw_try;
-+ }
-+
-+ if (dh->pub_key == NULL) {
-+ if ((dh->pub_key=BN_new()) == NULL)
-+ goto sw_try;
-+ }
-+
-+ g_len = BN_num_bytes(dh->p);
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
-+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto sw_try;
-+ }
-+
-+ memset(&kop, 0, sizeof kop);
-+ kop.crk_op = CRK_DH_GENERATE_KEY;
-+ if (bn2crparam(dh->p, &kop.crk_param[0]))
-+ goto sw_try;
-+ if (bn2crparam(dh->q, &kop.crk_param[1]))
-+ goto sw_try;
-+ kop.crk_param[2].crp_p = g;
-+ kop.crk_param[2].crp_nbits = g_len * 8;
-+ kop.crk_iparams = 3;
-+
-+ /* pub_key is or prime length while priv key is of length of order */
-+ if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
-+ BN_num_bytes(dh->q), dh->priv_key))
-+ goto sw_try;
-+
-+ return ret;
-+sw_try:
-+ {
-+ const DH_METHOD *meth = DH_OpenSSL();
-+ ret = (meth->generate_key)(dh);
-+ }
-+ return ret;
- }
-
- static int
-@@ -1503,43 +2310,234 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- {
- struct crypt_kop kop;
- int dhret = 1;
-- int fd, keylen;
-+ int fd, p_len;
-+ BIGNUM *temp = NULL;
-+ unsigned char *padded_pub_key = NULL, *p = NULL;
-+
-+ if ((fd = get_asym_dev_crypto()) < 0)
-+ goto sw_try;
-+
-+ memset(&kop, 0, sizeof kop);
-+ kop.crk_op = CRK_DH_COMPUTE_KEY;
-+ /* inputs: dh->priv_key pub_key dh->p key */
-+ spcf_bn2bin(dh->p, &p, &p_len);
-+ spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
-+ if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
-+ goto sw_try;
-+
-+ kop.crk_param[1].crp_p = padded_pub_key;
-+ kop.crk_param[1].crp_nbits = p_len * 8;
-+ kop.crk_param[2].crp_p = p;
-+ kop.crk_param[2].crp_nbits = p_len * 8;
-+ kop.crk_iparams = 3;
-+ kop.crk_param[3].crp_p = (void*) key;
-+ kop.crk_param[3].crp_nbits = p_len * 8;
-+ kop.crk_oparams = 1;
-+ dhret = p_len;
-+
-+ if (ioctl(fd, CIOCKEY, &kop))
-+ goto sw_try;
-
-- if ((fd = get_asym_dev_crypto()) < 0) {
-+ if ((temp = BN_new())) {
-+ if (!BN_bin2bn(key, p_len, temp)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto sw_try;
-+ }
-+ if (dhret > BN_num_bytes(temp))
-+ dhret=BN_bn2bin(temp,key);
-+ BN_free(temp);
-+ }
-+
-+ kop.crk_param[3].crp_p = NULL;
-+ zapparams(&kop);
-+ return (dhret);
-+sw_try:
-+ {
- const DH_METHOD *meth = DH_OpenSSL();
-
-- return ((meth->compute_key)(key, pub_key, dh));
-+ dhret = (meth->compute_key)(key, pub_key, dh);
- }
-+ return (dhret);
-+}
-
-- keylen = BN_num_bits(dh->p);
-+int cryptodev_ecdh_compute_key(void *out, size_t outlen,
-+ const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
-+ void *out, size_t *outlen))
-+{
-+ ec_curve_t ec_crv = EC_PRIME;
-+ unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
-+ BIGNUM * w_x = NULL, *w_y = NULL;
-+ int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
-+ BIGNUM * p = NULL, *a = NULL, *b = NULL;
-+ BN_CTX *ctx;
-+ EC_POINT *tmp=NULL;
-+ BIGNUM *x=NULL, *y=NULL;
-+ const BIGNUM *priv_key;
-+ const EC_GROUP* group = NULL;
-+ int ret = -1;
-+ size_t buflen, len;
-+ struct crypt_kop kop;
-
- memset(&kop, 0, sizeof kop);
-- kop.crk_op = CRK_DH_COMPUTE_KEY;
-
-- /* inputs: dh->priv_key pub_key dh->p key */
-- if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
-+ if ((ctx = BN_CTX_new()) == NULL) goto err;
-+ BN_CTX_start(ctx);
-+ x = BN_CTX_get(ctx);
-+ y = BN_CTX_get(ctx);
-+ p = BN_CTX_get(ctx);
-+ a = BN_CTX_get(ctx);
-+ b = BN_CTX_get(ctx);
-+ w_x = BN_CTX_get(ctx);
-+ w_y = BN_CTX_get(ctx);
-+
-+ if (!x || !y || !p || !a || !b || !w_x || !w_y) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
- goto err;
-- if (bn2crparam(pub_key, &kop.crk_param[1]))
-+ }
-+
-+ priv_key = EC_KEY_get0_private_key(ecdh);
-+ if (priv_key == NULL) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE);
- goto err;
-- if (bn2crparam(dh->p, &kop.crk_param[2]))
-+ }
-+
-+ group = EC_KEY_get0_group(ecdh);
-+ if ((tmp=EC_POINT_new(group)) == NULL) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
- goto err;
-- kop.crk_iparams = 3;
-+ }
-
-- kop.crk_param[3].crp_p = (caddr_t) key;
-- kop.crk_param[3].crp_nbits = keylen * 8;
-- kop.crk_oparams = 1;
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_prime_field) {
-+ ec_crv = EC_PRIME;
-
-- if (ioctl(fd, CIOCKEY, &kop) == -1) {
-- const DH_METHOD *meth = DH_OpenSSL();
-+ if (!EC_POINT_get_affine_coordinates_GFp(group,
-+ EC_GROUP_get0_generator(group), x, y, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
-+ goto err;
-+ }
-
-- dhret = (meth->compute_key)(key, pub_key, dh);
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for prime curve */
-+ if (!EC_POINT_get_affine_coordinates_GFp (group, pub_key, w_x, w_y,ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+ goto err;
-+ }
-+ } else {
-+ ec_crv = EC_BINARY;
-+
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ EC_GROUP_get0_generator(group), x, y, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for binary curve */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ pub_key, w_x, w_y,ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ }
-+
-+ /* irreducible polynomial that creates the field */
-+ if (spcf_bn2bin((BIGNUM*)&group->order, &r, &r_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the irreducible polynomial that creates the field */
-+ if (spcf_bn2bin(p, &q, &q_len)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+ goto err;
- }
-+
-+ /* Get the public key into a flat buffer with appropriate padding */
-+ pub_key_len = 2 * q_len;
-+ w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len);
-+ if (!w_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Generation of ECC curve parameters */
-+ ab_len = 2*q_len;
-+ ab = eng_copy_curve_points (a, b, ab_len, q_len);
-+ if (!ab) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ if (ec_crv == EC_BINARY) {
-+ /* copy b' i.e c(b), instead of only b */
-+ if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
-+ {
-+ unsigned char *c_temp = NULL;
-+ int c_temp_len = q_len;
-+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+ memcpy(ab+q_len, c_temp, q_len);
-+ else
-+ goto err;
-+ }
-+ kop.curve_type = ECC_BINARY;
-+ } else
-+ kop.curve_type = ECC_PRIME;
-+
-+ priv_key_len = r_len;
-+
-+ /*
-+ * If BN_num_bytes of priv_key returns less then r_len then
-+ * add padding bytes before the key
-+ */
-+ if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ buflen = (EC_GROUP_get_degree(group) + 7)/8;
-+ len = BN_num_bytes(x);
-+ if (len > buflen || q_len < buflen) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_INTERNAL_ERROR);
-+ goto err;
-+ }
-+
-+ kop.crk_op = CRK_DH_COMPUTE_KEY;
-+ kop.crk_param[0].crp_p = (void*) s;
-+ kop.crk_param[0].crp_nbits = priv_key_len*8;
-+ kop.crk_param[1].crp_p = (void*) w_xy;
-+ kop.crk_param[1].crp_nbits = pub_key_len*8;
-+ kop.crk_param[2].crp_p = (void*) q;
-+ kop.crk_param[2].crp_nbits = q_len*8;
-+ kop.crk_param[3].crp_p = (void*) ab;
-+ kop.crk_param[3].crp_nbits = ab_len*8;
-+ kop.crk_iparams = 4;
-+ kop.crk_param[4].crp_p = (void*) out;
-+ kop.crk_param[4].crp_nbits = q_len*8;
-+ kop.crk_oparams = 1;
-+ ret = q_len;
-+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL)) {
-+ const ECDH_METHOD *meth = ECDH_OpenSSL();
-+ ret = (meth->compute_key)(out, outlen, pub_key, ecdh, KDF);
-+ } else
-+ ret = q_len;
- err:
-- kop.crk_param[3].crp_p = NULL;
-+ kop.crk_param[4].crp_p = NULL;
- zapparams(&kop);
-- return (dhret);
-+ return ret;
- }
-
-+
- static DH_METHOD cryptodev_dh = {
- "cryptodev DH method",
- NULL, /* cryptodev_dh_generate_key */
-@@ -1551,6 +2549,14 @@ static DH_METHOD cryptodev_dh = {
- NULL /* app_data */
- };
-
-+static ECDH_METHOD cryptodev_ecdh = {
-+ "cryptodev ECDH method",
-+ NULL, /* cryptodev_ecdh_compute_key */
-+ NULL,
-+ 0, /* flags */
-+ NULL /* app_data */
-+};
-+
- /*
- * ctrl right now is just a wrapper that doesn't do much
- * but I expect we'll want some options soon.
-@@ -1634,25 +2640,42 @@ ENGINE_load_cryptodev(void)
- memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
- if (cryptodev_asymfeat & CRF_DSA_SIGN)
- cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
-- if (cryptodev_asymfeat & CRF_MOD_EXP) {
-- cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
-- cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
-- }
- if (cryptodev_asymfeat & CRF_DSA_VERIFY)
- cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
-+ if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY)
-+ cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen;
- }
-
- if (ENGINE_set_DH(engine, &cryptodev_dh)){
- const DH_METHOD *dh_meth = DH_OpenSSL();
-+ memcpy(&cryptodev_dh, dh_meth, sizeof(DH_METHOD));
-+ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
-+ cryptodev_dh.compute_key =
-+ cryptodev_dh_compute_key;
-+ }
-+ if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) {
-+ cryptodev_dh.generate_key =
-+ cryptodev_dh_keygen;
-+ }
-+ }
-
-- cryptodev_dh.generate_key = dh_meth->generate_key;
-- cryptodev_dh.compute_key = dh_meth->compute_key;
-- cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
-- if (cryptodev_asymfeat & CRF_MOD_EXP) {
-- cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
-- if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
-- cryptodev_dh.compute_key =
-- cryptodev_dh_compute_key;
-+ if (ENGINE_set_ECDSA(engine, &cryptodev_ecdsa)) {
-+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+ memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD));
-+ if (cryptodev_asymfeat & CRF_DSA_SIGN) {
-+ cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign;
-+ }
-+ if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
-+ cryptodev_ecdsa.ecdsa_do_verify =
-+ cryptodev_ecdsa_verify;
-+ }
-+ }
-+
-+ if (ENGINE_set_ECDH(engine, &cryptodev_ecdh)) {
-+ const ECDH_METHOD *ecdh_meth = ECDH_OpenSSL();
-+ memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD));
-+ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
-+ cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key;
- }
- }
-
---
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-Added-hwrng-dev-file-as-source-of-RNG.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-Added-hwrng-dev-file-as-source-of-RNG.patch
deleted file mode 100644
index 0fb0182..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-Added-hwrng-dev-file-as-source-of-RNG.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 81c4c62a4f5f5542843381bfb34e39a6171d5cdd Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Tue, 11 Mar 2014 06:42:59 +0545
-Subject: [PATCH 09/26] Added hwrng dev file as source of RNG
-
-Upstream-status: Pending
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
----
- e_os.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/e_os.h b/e_os.h
-index 6a0aad1..57c0563 100644
---- a/e_os.h
-+++ b/e_os.h
-@@ -79,7 +79,7 @@ extern "C" {
- #ifndef DEVRANDOM
- /* set this to a comma-separated list of 'random' device files to try out.
- * My default, we will try to read at least one of these files */
--#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
-+#define DEVRANDOM "/dev/hwrng","/dev/urandom","/dev/random","/dev/srandom"
- #endif
- #ifndef DEVRANDOM_EGD
- /* set this to a comma-seperated list of 'egd' sockets to try out. These
---
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch
new file mode 100644
index 0000000..d4cd02f
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch
@@ -0,0 +1,64 @@
+From ca7adb9cf57497d27136a599531ea5b9671876c7 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta at freescale.com>
+Date: Wed, 16 Apr 2014 22:53:04 +0545
+Subject: [PATCH 09/48] RSA Keygen Fix
+
+Upstream-status: Pending
+
+If Kernel driver doesn't support RSA Keygen or same returns
+error handling the keygen operation, the keygen is gracefully
+handled by software supported rsa_keygen handler
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 44017a3..eac5fb6 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -2018,7 +2018,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+ int i;
+
+ if ((fd = get_asym_dev_crypto()) < 0)
+- return fd;
++ goto sw_try;
+
+ if (!rsa->n && ((rsa->n = BN_new()) == NULL))
+ goto err;
+@@ -2047,7 +2047,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+ /* p length */
+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
+ if (!kop.crk_param[kop.crk_iparams].crp_p)
+- goto err;
++ goto sw_try;
+ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
+ kop.crk_iparams++;
+@@ -2055,7 +2055,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+ /* q length */
+ kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
+ if (!kop.crk_param[kop.crk_iparams].crp_p)
+- goto err;
++ goto sw_try;
+ kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
+ kop.crk_iparams++;
+@@ -2115,8 +2115,10 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+ }
+ sw_try:
+ {
+- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+- ret = (meth->rsa_keygen) (rsa, bits, e, cb);
++ const RSA_METHOD *meth = rsa->meth;
++ rsa->meth = RSA_PKCS1_SSLeay();
++ ret = RSA_generate_key_ex(rsa, bits, e, cb);
++ rsa->meth = meth;
+ }
+ return ret;
+
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
deleted file mode 100644
index 0f889c0..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
+++ /dev/null
@@ -1,2039 +0,0 @@
-From a933e6341fd8989bdd82f8a5446b6f04aa00eef9 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Tue, 11 Mar 2014 07:14:30 +0545
-Subject: [PATCH 10/26] Asynchronous interface added for PKC cryptodev
- interface
-
-Upstream-status: Pending
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
----
- crypto/crypto.h | 16 +
- crypto/dh/dh.h | 4 +-
- crypto/dsa/dsa.h | 5 +
- crypto/ecdh/ech_locl.h | 3 +
- crypto/ecdsa/ecs_locl.h | 5 +
- crypto/engine/eng_cryptodev.c | 1578 +++++++++++++++++++++++++++++++++++++----
- crypto/engine/eng_int.h | 24 +-
- crypto/engine/eng_lib.c | 46 ++
- crypto/engine/engine.h | 24 +
- crypto/rsa/rsa.h | 23 +
- 10 files changed, 1582 insertions(+), 146 deletions(-)
-
-diff --git a/crypto/crypto.h b/crypto/crypto.h
-index f92fc51..ce12731 100644
---- a/crypto/crypto.h
-+++ b/crypto/crypto.h
-@@ -605,6 +605,22 @@ void ERR_load_CRYPTO_strings(void);
- #define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101
- #define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100
-
-+/* Additions for Asynchronous PKC Infrastructure */
-+struct pkc_cookie_s {
-+ void *cookie; /* To be filled by openssl library primitive method function caller */
-+ void *eng_cookie; /* To be filled by Engine */
-+ /*
-+ * Callback handler to be provided by caller. Ensure to pass a
-+ * handler which takes the crypto operation to completion.
-+ * cookie: Container cookie from library
-+ * status: Status of the crypto Job completion.
-+ * 0: Job handled without any issue
-+ * -EINVAL: Parameters Invalid
-+ */
-+ void (*pkc_callback)(struct pkc_cookie_s *cookie, int status);
-+ void *eng_handle;
-+};
-+
- #ifdef __cplusplus
- }
- #endif
-diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
-index ea59e61..20ffad2 100644
---- a/crypto/dh/dh.h
-+++ b/crypto/dh/dh.h
-@@ -118,7 +118,9 @@ struct dh_method
- int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx); /* Can be null */
--
-+ int (*compute_key_async)(unsigned char *key,const BIGNUM *pub_key,DH *dh,
-+ struct pkc_cookie_s *cookie);
-+ int (*generate_key_async)(DH *dh, struct pkc_cookie_s *cookie);
- int (*init)(DH *dh);
- int (*finish)(DH *dh);
- int flags;
-diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
-index a6f6d0b..b04a029 100644
---- a/crypto/dsa/dsa.h
-+++ b/crypto/dsa/dsa.h
-@@ -140,6 +140,10 @@ struct dsa_method
- int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx); /* Can be null */
-+ int (*dsa_do_sign_async)(const unsigned char *dgst, int dlen, DSA *dsa,
-+ DSA_SIG *sig, struct pkc_cookie_s *cookie);
-+ int (*dsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
-+ DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie);
- int (*init)(DSA *dsa);
- int (*finish)(DSA *dsa);
- int flags;
-@@ -151,6 +155,7 @@ struct dsa_method
- BN_GENCB *cb);
- /* If this is non-NULL, it is used to generate DSA keys */
- int (*dsa_keygen)(DSA *dsa);
-+ int (*dsa_keygen_async)(DSA *dsa, struct pkc_cookie_s *cookie);
- };
-
- struct dsa_st
-diff --git a/crypto/ecdh/ech_locl.h b/crypto/ecdh/ech_locl.h
-index f6cad6a..adce6b3 100644
---- a/crypto/ecdh/ech_locl.h
-+++ b/crypto/ecdh/ech_locl.h
-@@ -67,6 +67,9 @@ struct ecdh_method
- const char *name;
- int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
- void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
-+ int (*compute_key_async)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
-+ void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen),
-+ struct pkc_cookie_s *cookie);
- #if 0
- int (*init)(EC_KEY *eckey);
- int (*finish)(EC_KEY *eckey);
-diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h
-index cb3be13..eb0ebe0 100644
---- a/crypto/ecdsa/ecs_locl.h
-+++ b/crypto/ecdsa/ecs_locl.h
-@@ -74,6 +74,11 @@ struct ecdsa_method
- BIGNUM **r);
- int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len,
- const ECDSA_SIG *sig, EC_KEY *eckey);
-+ int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len,
-+ const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey,
-+ ECDSA_SIG *sig, struct pkc_cookie_s *cookie);
-+ int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
-+ const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie);
- #if 0
- int (*init)(EC_KEY *eckey);
- int (*finish)(EC_KEY *eckey);
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 7ee314b..9f2416e 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1281,6 +1281,56 @@ zapparams(struct crypt_kop *kop)
- }
- }
-
-+/* Any PKC request has at max 2 output parameters and they are stored here to
-+be used while copying in the check availability */
-+struct cryptodev_cookie_s {
-+ BIGNUM *r;
-+ struct crparam r_param;
-+ BIGNUM *s;
-+ struct crparam s_param;
-+ struct crypt_kop *kop;
-+};
-+
-+static int
-+cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
-+ BIGNUM *s)
-+{
-+ int fd;
-+ struct pkc_cookie_s *cookie = kop->cookie;
-+ struct cryptodev_cookie_s *eng_cookie;
-+
-+ fd = *(int *)cookie->eng_handle;
-+
-+ eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
-+
-+ if (eng_cookie) {
-+ memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
-+ if (r) {
-+ kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
-+ if (!kop->crk_param[kop->crk_iparams].crp_p)
-+ return -ENOMEM;
-+ kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
-+ kop->crk_oparams++;
-+ eng_cookie->r = r;
-+ eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
-+ }
-+ if (s) {
-+ kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
-+ if (!kop->crk_param[kop->crk_iparams+1].crp_p)
-+ return -ENOMEM;
-+ kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
-+ kop->crk_oparams++;
-+ eng_cookie->s = s;
-+ eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
-+ }
-+ } else
-+ return -ENOMEM;
-+
-+ eng_cookie->kop = kop;
-+ cookie->eng_cookie = eng_cookie;
-+ return ioctl(fd, CIOCASYMASYNCRYPT, kop);
-+}
-+
- static int
- cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
- {
-@@ -1337,6 +1387,44 @@ void *cryptodev_init_instance(void)
- return fd;
- }
-
-+#include <poll.h>
-+
-+/* Return 0 on success and 1 on failure */
-+int cryptodev_check_availability(void *eng_handle)
-+{
-+ int fd = *(int *)eng_handle;
-+ struct pkc_cookie_list_s cookie_list;
-+ struct pkc_cookie_s *cookie;
-+ int i;
-+
-+ /* FETCH COOKIE returns number of cookies extracted */
-+ if (ioctl(fd, CIOCASYMFETCHCOOKIE, &cookie_list) <= 0)
-+ return 1;
-+
-+ for (i = 0; i < cookie_list.cookie_available; i++) {
-+ cookie = cookie_list.cookie[i];
-+ if (cookie) {
-+ struct cryptodev_cookie_s *eng_cookie = cookie->eng_cookie;
-+ if (eng_cookie) {
-+ struct crypt_kop *kop = eng_cookie->kop;
-+
-+ if (eng_cookie->r)
-+ crparam2bn(&eng_cookie->r_param, eng_cookie->r);
-+ if (eng_cookie->s)
-+ crparam2bn(&eng_cookie->s_param, eng_cookie->s);
-+ if (kop->crk_op == CRK_DH_COMPUTE_KEY)
-+ kop->crk_oparams = 0;
-+
-+ zapparams(eng_cookie->kop);
-+ free(eng_cookie->kop);
-+ free (eng_cookie);
-+ }
-+ cookie->pkc_callback(cookie, cookie_list.status[i]);
-+ }
-+ }
-+ return 0;
-+}
-+
- static int
- cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-@@ -1382,6 +1470,63 @@ err:
- }
-
- static int
-+cryptodev_bn_mod_exp_async(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont, struct pkc_cookie_s *cookie)
-+{
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ int ret = 1;
-+
-+ /* Currently, we know we can do mod exp iff we can do any
-+ * asymmetric operations at all.
-+ */
-+ if (cryptodev_asymfeat == 0 || !kop) {
-+ ret = BN_mod_exp(r, a, p, m, ctx);
-+ return (ret);
-+ }
-+
-+ kop->crk_oparams = 0;
-+ kop->crk_status = 0;
-+ kop->crk_op = CRK_MOD_EXP;
-+ kop->cookie = cookie;
-+ /* inputs: a^p % m */
-+ if (bn2crparam(a, &kop->crk_param[0]))
-+ goto err;
-+ if (bn2crparam(p, &kop->crk_param[1]))
-+ goto err;
-+ if (bn2crparam(m, &kop->crk_param[2]))
-+ goto err;
-+
-+ kop->crk_iparams = 3;
-+ if (cryptodev_asym_async(kop, BN_num_bytes(m), r, 0, NULL))
-+ goto err;
-+
-+ return ret;
-+err:
-+ {
-+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-+
-+ if (kop)
-+ free(kop);
-+ ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
-+ if (ret)
-+ /* Call the completion handler immediately */
-+ cookie->pkc_callback(cookie, 0);
-+ }
-+ return ret;
-+}
-+
-+static int
-+cryptodev_rsa_nocrt_mod_exp_async(BIGNUM *r0, const BIGNUM *I,
-+ RSA *rsa, BN_CTX *ctx, struct pkc_cookie_s *cookie)
-+{
-+ int r;
-+ ctx = BN_CTX_new();
-+ r = cryptodev_bn_mod_exp_async(r0, I, rsa->d, rsa->n, ctx, NULL, cookie);
-+ BN_CTX_free(ctx);
-+ return r;
-+}
-+
-+static int
- cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- int r;
-@@ -1446,6 +1591,62 @@ err:
- return (ret);
- }
-
-+static int
-+cryptodev_rsa_mod_exp_async(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx,
-+ struct pkc_cookie_s *cookie)
-+{
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ int ret = 1, f_len, p_len, q_len;
-+ unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq = NULL, *c = NULL;
-+
-+ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp || !kop) {
-+ return (0);
-+ }
-+
-+ kop->crk_oparams = 0;
-+ kop->crk_status = 0;
-+ kop->crk_op = CRK_MOD_EXP_CRT;
-+ f_len = BN_num_bytes(rsa->n);
-+ spcf_bn2bin_ex(I, &f, &f_len);
-+ spcf_bn2bin(rsa->p, &p, &p_len);
-+ spcf_bn2bin(rsa->q, &q, &q_len);
-+ spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
-+ spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
-+ spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
-+ /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
-+ kop->crk_param[0].crp_p = p;
-+ kop->crk_param[0].crp_nbits = p_len * 8;
-+ kop->crk_param[1].crp_p = q;
-+ kop->crk_param[1].crp_nbits = q_len * 8;
-+ kop->crk_param[2].crp_p = f;
-+ kop->crk_param[2].crp_nbits = f_len * 8;
-+ kop->crk_param[3].crp_p = dp;
-+ kop->crk_param[3].crp_nbits = p_len * 8;
-+ /* dq must of length q, rest all of length p*/
-+ kop->crk_param[4].crp_p = dq;
-+ kop->crk_param[4].crp_nbits = q_len * 8;
-+ kop->crk_param[5].crp_p = c;
-+ kop->crk_param[5].crp_nbits = p_len * 8;
-+ kop->crk_iparams = 6;
-+ kop->cookie = cookie;
-+ if (cryptodev_asym_async(kop, BN_num_bytes(rsa->n), r0, 0, NULL))
-+ goto err;
-+
-+ return ret;
-+err:
-+ {
-+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-+
-+ if (kop)
-+ free(kop);
-+ ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
-+ if (ret)
-+ /* Call user completion handler immediately */
-+ cookie->pkc_callback(cookie, 0);
-+ }
-+ return (ret);
-+}
-+
- static RSA_METHOD cryptodev_rsa = {
- "cryptodev RSA method",
- NULL, /* rsa_pub_enc */
-@@ -1454,6 +1655,12 @@ static RSA_METHOD cryptodev_rsa = {
- NULL, /* rsa_priv_dec */
- NULL,
- NULL,
-+ NULL, /* rsa_pub_enc */
-+ NULL, /* rsa_pub_dec */
-+ NULL, /* rsa_priv_enc */
-+ NULL, /* rsa_priv_dec */
-+ NULL,
-+ NULL,
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
-@@ -1751,126 +1958,424 @@ sw_try:
- return ret;
- }
-
-+/* Cryptodev DSA Key Gen routine */
-+static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie)
-+{
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ int ret = 1, g_len;
-+ unsigned char *g = NULL;
-
-+ if (!kop)
-+ goto sw_try;
-
--static DSA_METHOD cryptodev_dsa = {
-- "cryptodev DSA method",
-- NULL,
-- NULL, /* dsa_sign_setup */
-- NULL,
-- NULL, /* dsa_mod_exp */
-- NULL,
-- NULL, /* init */
-- NULL, /* finish */
-- 0, /* flags */
-- NULL /* app_data */
--};
-+ if (dsa->priv_key == NULL) {
-+ if ((dsa->priv_key=BN_new()) == NULL)
-+ goto sw_try;
-+ }
-
--static ECDSA_METHOD cryptodev_ecdsa = {
-- "cryptodev ECDSA method",
-- NULL,
-- NULL, /* ecdsa_sign_setup */
-- NULL,
-- NULL,
-- 0, /* flags */
-- NULL /* app_data */
--};
-+ if (dsa->pub_key == NULL) {
-+ if ((dsa->pub_key=BN_new()) == NULL)
-+ goto sw_try;
-+ }
-
--typedef enum ec_curve_s
--{
-- EC_PRIME,
-- EC_BINARY
--} ec_curve_t;
-+ g_len = BN_num_bytes(dsa->p);
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+ DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto sw_try;
-+ }
-
--/* ENGINE handler for ECDSA Sign */
--static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst,
-- int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
--{
-- BIGNUM *m = NULL, *p = NULL, *a = NULL;
-- BIGNUM *b = NULL, *x = NULL, *y = NULL;
-- BN_CTX *ctx = NULL;
-- ECDSA_SIG *ret = NULL;
-- ECDSA_DATA *ecdsa = NULL;
-- unsigned char * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
-- unsigned char * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
-- int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
-- int g_len = 0, d_len = 0, ab_len = 0;
-- const BIGNUM *order = NULL, *priv_key=NULL;
-- const EC_GROUP *group = NULL;
-- struct crypt_kop kop;
-- ec_curve_t ec_crv = EC_PRIME;
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+ kop->crk_op = CRK_DSA_GENERATE_KEY;
-+ if (bn2crparam(dsa->p, &kop->crk_param[0]))
-+ goto sw_try;
-+ if (bn2crparam(dsa->q, &kop->crk_param[1]))
-+ goto sw_try;
-+ kop->crk_param[2].crp_p = g;
-+ kop->crk_param[2].crp_nbits = g_len * 8;
-+ kop->crk_iparams = 3;
-+ kop->cookie = cookie;
-
-- memset(&kop, 0, sizeof(kop));
-- ecdsa = ecdsa_check(eckey);
-- if (!ecdsa) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-- return NULL;
-+ /* pub_key is or prime length while priv key is of length of order */
-+ if (cryptodev_asym_async(kop, BN_num_bytes(dsa->p), dsa->pub_key,
-+ BN_num_bytes(dsa->q), dsa->priv_key))
-+ goto sw_try;
-+
-+ return ret;
-+sw_try:
-+ {
-+ const DSA_METHOD *meth = DSA_OpenSSL();
-+
-+ if (kop)
-+ free(kop);
-+ ret = (meth->dsa_keygen)(dsa);
-+ cookie->pkc_callback(cookie, 0);
- }
-+ return ret;
-+}
-
-- group = EC_KEY_get0_group(eckey);
-- priv_key = EC_KEY_get0_private_key(eckey);
-+static int
-+cryptodev_dsa_do_sign_async(const unsigned char *dgst, int dlen, DSA *dsa,
-+ DSA_SIG *sig, struct pkc_cookie_s *cookie)
-+{
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ DSA_SIG *dsaret = NULL;
-+ int q_len = 0, r_len = 0, g_len = 0;
-+ int priv_key_len = 0, ret = 1;
-+ unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f = NULL;
-
-- if (!group || !priv_key) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-- return NULL;
-+ if (((sig->r = BN_new()) == NULL) || !kop) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
- }
-
-- if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-- (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-- (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-- (y = BN_new()) == NULL) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ if ((sig->s = BN_new()) == NULL) {
-+ BN_free(sig->r);
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
-- order = &group->order;
-- if (!order || BN_is_zero(order)) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
-+ if (spcf_bn2bin(dsa->p, &q, &q_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
- goto err;
- }
-
-- i = BN_num_bits(order);
-- /* Need to truncate digest if it is too long: first truncate whole
-- bytes */
-- if (8 * dgst_len > i)
-- dgst_len = (i + 7)/8;
-+ /* Get order of the field of private keys into plain buffer */
-+ if (spcf_bn2bin (dsa->q, &r, &r_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-
-- if (!BN_bin2bn(dgst, dgst_len, m)) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ /* sanity test */
-+ if (dlen > r_len) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
- goto err;
- }
-
-- /* If still too long truncate remaining bits with a shift */
-- if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ g_len = q_len;
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
-- /* copy the truncated bits into plain buffer */
-- if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
-- fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__);
-+ priv_key_len = r_len;
-+ /**
-+ * Get private key into a plain buffer. If length is less than
-+ * r_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
-- ret = ECDSA_SIG_new();
-- if (!ret) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ /* Allocate memory to store hash. */
-+ f = OPENSSL_malloc (r_len);
-+ if (!f) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
-- /* check if this is prime or binary EC request */
-- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
-- ec_crv = EC_PRIME;
-- /* get the generator point pair */
-- if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group),
-- x, y,ctx)) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-- goto err;
-- }
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ if (dlen < r_len)
-+ memset(f, 0, r_len - dlen);
-
-- /* get the ECC curve parameters */
-- if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dlen, dgst, dlen);
-+
-+ dlen = r_len;
-+
-+ memset(kop, 0, sizeof( struct crypt_kop));
-+ kop->crk_op = CRK_DSA_SIGN;
-+
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+ kop->crk_param[0].crp_p = (void*)f;
-+ kop->crk_param[0].crp_nbits = dlen * 8;
-+ kop->crk_param[1].crp_p = (void*)q;
-+ kop->crk_param[1].crp_nbits = q_len * 8;
-+ kop->crk_param[2].crp_p = (void*)r;
-+ kop->crk_param[2].crp_nbits = r_len * 8;
-+ kop->crk_param[3].crp_p = (void*)g;
-+ kop->crk_param[3].crp_nbits = g_len * 8;
-+ kop->crk_param[4].crp_p = (void*)priv_key;
-+ kop->crk_param[4].crp_nbits = priv_key_len * 8;
-+ kop->crk_iparams = 5;
-+ kop->cookie = cookie;
-+
-+ if (cryptodev_asym_async(kop, r_len, sig->r, r_len, sig->s))
-+ goto err;
-+
-+ return ret;
-+err:
-+ {
-+ const DSA_METHOD *meth = DSA_OpenSSL();
-+
-+ if (kop)
-+ free(kop);
-+ BN_free(sig->r);
-+ BN_free(sig->s);
-+ dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
-+ sig->r = dsaret->r;
-+ sig->s = dsaret->s;
-+ /* Call user callback immediately */
-+ cookie->pkc_callback(cookie, 0);
-+ ret = dsaret;
-+ }
-+ return ret;
-+}
-+
-+static int
-+cryptodev_dsa_verify_async(const unsigned char *dgst, int dlen,
-+ DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie)
-+{
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ int q_len = 0, r_len = 0, g_len = 0;
-+ int w_len = 0 ,c_len = 0, d_len = 0, ret = 1;
-+ unsigned char * q = NULL, * r = NULL, * w = NULL, * g = NULL;
-+ unsigned char *c = NULL, * d = NULL, *f = NULL;
-+
-+ if (!kop)
-+ goto err;
-+
-+ if (spcf_bn2bin(dsa->p, &q, &q_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ return ret;
-+ }
-+
-+ /* Get Order of field of private keys */
-+ if (spcf_bn2bin(dsa->q, &r, &r_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ g_len = q_len;
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ w_len = q_len;
-+ /**
-+ * Get public key into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ /**
-+ * Get the 1st part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ c_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /**
-+ * Get the 2nd part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ d_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+
-+ /* Sanity test */
-+ if (dlen > r_len) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Allocate memory to store hash. */
-+ f = OPENSSL_malloc (r_len);
-+ if (!f) {
-+ DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ if (dlen < r_len)
-+ memset(f, 0, r_len - dlen);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dlen, dgst, dlen);
-+
-+ dlen = r_len;
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
-+ kop->crk_param[0].crp_p = (void*)f;
-+ kop->crk_param[0].crp_nbits = dlen * 8;
-+ kop->crk_param[1].crp_p = q;
-+ kop->crk_param[1].crp_nbits = q_len * 8;
-+ kop->crk_param[2].crp_p = r;
-+ kop->crk_param[2].crp_nbits = r_len * 8;
-+ kop->crk_param[3].crp_p = g;
-+ kop->crk_param[3].crp_nbits = g_len * 8;
-+ kop->crk_param[4].crp_p = w;
-+ kop->crk_param[4].crp_nbits = w_len * 8;
-+ kop->crk_param[5].crp_p = c;
-+ kop->crk_param[5].crp_nbits = c_len * 8;
-+ kop->crk_param[6].crp_p = d;
-+ kop->crk_param[6].crp_nbits = d_len * 8;
-+ kop->crk_iparams = 7;
-+ kop->crk_op = CRK_DSA_VERIFY;
-+ kop->cookie = cookie;
-+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
-+ goto err;
-+
-+ return ret;
-+err:
-+ {
-+ const DSA_METHOD *meth = DSA_OpenSSL();
-+
-+ if (kop)
-+ free(kop);
-+
-+ ret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
-+ cookie->pkc_callback(cookie, 0);
-+ }
-+ return ret;
-+}
-+
-+static DSA_METHOD cryptodev_dsa = {
-+ "cryptodev DSA method",
-+ NULL,
-+ NULL, /* dsa_sign_setup */
-+ NULL,
-+ NULL, /* dsa_mod_exp */
-+ NULL,
-+ NULL,
-+ NULL,
-+ NULL,
-+ NULL, /* init */
-+ NULL, /* finish */
-+ 0, /* flags */
-+ NULL /* app_data */
-+};
-+
-+static ECDSA_METHOD cryptodev_ecdsa = {
-+ "cryptodev ECDSA method",
-+ NULL,
-+ NULL, /* ecdsa_sign_setup */
-+ NULL,
-+ NULL,
-+ NULL,
-+ NULL,
-+ 0, /* flags */
-+ NULL /* app_data */
-+};
-+
-+typedef enum ec_curve_s
-+{
-+ EC_PRIME,
-+ EC_BINARY
-+} ec_curve_t;
-+
-+/* ENGINE handler for ECDSA Sign */
-+static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst,
-+ int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
-+{
-+ BIGNUM *m = NULL, *p = NULL, *a = NULL;
-+ BIGNUM *b = NULL, *x = NULL, *y = NULL;
-+ BN_CTX *ctx = NULL;
-+ ECDSA_SIG *ret = NULL;
-+ ECDSA_DATA *ecdsa = NULL;
-+ unsigned char * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
-+ unsigned char * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
-+ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
-+ int g_len = 0, d_len = 0, ab_len = 0;
-+ const BIGNUM *order = NULL, *priv_key=NULL;
-+ const EC_GROUP *group = NULL;
-+ struct crypt_kop kop;
-+ ec_curve_t ec_crv = EC_PRIME;
-+
-+ memset(&kop, 0, sizeof(kop));
-+ ecdsa = ecdsa_check(eckey);
-+ if (!ecdsa) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+ return NULL;
-+ }
-+
-+ group = EC_KEY_get0_group(eckey);
-+ priv_key = EC_KEY_get0_private_key(eckey);
-+
-+ if (!group || !priv_key) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+ return NULL;
-+ }
-+
-+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+ (y = BN_new()) == NULL) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ order = &group->order;
-+ if (!order || BN_is_zero(order)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
-+ goto err;
-+ }
-+
-+ i = BN_num_bits(order);
-+ /* Need to truncate digest if it is too long: first truncate whole
-+ bytes */
-+ if (8 * dgst_len > i)
-+ dgst_len = (i + 7)/8;
-+
-+ if (!BN_bin2bn(dgst, dgst_len, m)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* If still too long truncate remaining bits with a shift */
-+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* copy the truncated bits into plain buffer */
-+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
-+ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__);
-+ goto err;
-+ }
-+
-+ ret = ECDSA_SIG_new();
-+ if (!ret) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* check if this is prime or binary EC request */
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
-+ ec_crv = EC_PRIME;
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group),
-+ x, y,ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
- goto err;
- }
- } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) {
-@@ -2195,63 +2700,581 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
- }
-
- /**
-- * Get the 2nd part of signature into a flat buffer with
-- * appropriate padding
-+ * Get the 2nd part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ if (BN_num_bytes(sig->s) < r_len)
-+ d_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* memory for message representative */
-+ f = malloc(r_len);
-+ if (!f) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ memset(f, 0, r_len-dgst_len);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len);
-+ dgst_len += r_len-dgst_len;
-+ kop.crk_op = CRK_DSA_VERIFY;
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+ kop.crk_param[0].crp_p = f;
-+ kop.crk_param[0].crp_nbits = dgst_len * 8;
-+ kop.crk_param[1].crp_p = q;
-+ kop.crk_param[1].crp_nbits = q_len * 8;
-+ kop.crk_param[2].crp_p = r;
-+ kop.crk_param[2].crp_nbits = r_len * 8;
-+ kop.crk_param[3].crp_p = g_xy;
-+ kop.crk_param[3].crp_nbits = g_len * 8;
-+ kop.crk_param[4].crp_p = w_xy;
-+ kop.crk_param[4].crp_nbits = pub_key_len * 8;
-+ kop.crk_param[5].crp_p = ab;
-+ kop.crk_param[5].crp_nbits = ab_len * 8;
-+ kop.crk_param[6].crp_p = c;
-+ kop.crk_param[6].crp_nbits = d_len * 8;
-+ kop.crk_param[7].crp_p = d;
-+ kop.crk_param[7].crp_nbits = d_len * 8;
-+ kop.crk_iparams = 8;
-+
-+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-+ /*OCF success value is 0, if not zero, change ret to fail*/
-+ if(0 == kop.crk_status)
-+ ret = 1;
-+ } else {
-+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+
-+ ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey);
-+ }
-+ kop.crk_param[0].crp_p = NULL;
-+ zapparams(&kop);
-+
-+err:
-+ return ret;
-+}
-+
-+static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst,
-+ int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey,
-+ ECDSA_SIG *sig, struct pkc_cookie_s *cookie)
-+{
-+ BIGNUM *m = NULL, *p = NULL, *a = NULL;
-+ BIGNUM *b = NULL, *x = NULL, *y = NULL;
-+ BN_CTX *ctx = NULL;
-+ ECDSA_SIG *sig_ret = NULL;
-+ ECDSA_DATA *ecdsa = NULL;
-+ unsigned char * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
-+ unsigned char * s = NULL, *f = NULL, *tmp_dgst = NULL;
-+ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
-+ int g_len = 0, ab_len = 0, ret = 1;
-+ const BIGNUM *order = NULL, *priv_key=NULL;
-+ const EC_GROUP *group = NULL;
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ ec_curve_t ec_crv = EC_PRIME;
-+
-+ if (!(sig->r = BN_new()) || !kop)
-+ goto err;
-+ if ((sig->s = BN_new()) == NULL) {
-+ BN_free(r);
-+ goto err;
-+ }
-+
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+ ecdsa = ecdsa_check(eckey);
-+ if (!ecdsa) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+ goto err;
-+ }
-+
-+ group = EC_KEY_get0_group(eckey);
-+ priv_key = EC_KEY_get0_private_key(eckey);
-+
-+ if (!group || !priv_key) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+ goto err;
-+ }
-+
-+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+ (y = BN_new()) == NULL) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ order = &group->order;
-+ if (!order || BN_is_zero(order)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
-+ goto err;
-+ }
-+
-+ i = BN_num_bits(order);
-+ /* Need to truncate digest if it is too long: first truncate whole
-+ bytes */
-+ if (8 * dgst_len > i)
-+ dgst_len = (i + 7)/8;
-+
-+ if (!BN_bin2bn(dgst, dgst_len, m)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* If still too long truncate remaining bits with a shift */
-+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* copy the truncated bits into plain buffer */
-+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
-+ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__);
-+ goto err;
-+ }
-+
-+ /* check if this is prime or binary EC request */
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group))
-+ == NID_X9_62_prime_field) {
-+ ec_crv = EC_PRIME;
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GFp (group,
-+ EC_GROUP_get0_generator(group), x, y,ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) {
-+ ec_crv = EC_BINARY;
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ EC_GROUP_get0_generator(group), x, y,ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else {
-+ printf("Unsupported Curve\n");
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ if (spcf_bn2bin(order, &r, &r_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ if (spcf_bn2bin(p, &q, &q_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ priv_key_len = r_len;
-+
-+ /**
-+ * If BN_num_bytes of priv_key returns less then r_len then
-+ * add padding bytes before the key
-+ */
-+ if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Generation of ECC curve parameters */
-+ ab_len = 2*q_len;
-+ ab = eng_copy_curve_points(a, b, ab_len, q_len);
-+ if (!ab) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ if (ec_crv == EC_BINARY) {
-+ if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
-+ {
-+ unsigned char *c_temp = NULL;
-+ int c_temp_len = q_len;
-+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+ memcpy(ab+q_len, c_temp, q_len);
-+ else
-+ goto err;
-+ }
-+ kop->curve_type = ECC_BINARY;
-+ }
-+
-+ /* Calculation of Generator point */
-+ g_len = 2*q_len;
-+ g_xy = eng_copy_curve_points(x, y, g_len, q_len);
-+ if (!g_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* memory for message representative */
-+ f = malloc(r_len);
-+ if (!f) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ memset(f, 0, r_len - dgst_len);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
-+
-+ dgst_len += r_len - dgst_len;
-+
-+ kop->crk_op = CRK_DSA_SIGN;
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+ kop->crk_param[0].crp_p = f;
-+ kop->crk_param[0].crp_nbits = dgst_len * 8;
-+ kop->crk_param[1].crp_p = q;
-+ kop->crk_param[1].crp_nbits = q_len * 8;
-+ kop->crk_param[2].crp_p = r;
-+ kop->crk_param[2].crp_nbits = r_len * 8;
-+ kop->crk_param[3].crp_p = g_xy;
-+ kop->crk_param[3].crp_nbits = g_len * 8;
-+ kop->crk_param[4].crp_p = s;
-+ kop->crk_param[4].crp_nbits = priv_key_len * 8;
-+ kop->crk_param[5].crp_p = ab;
-+ kop->crk_param[5].crp_nbits = ab_len * 8;
-+ kop->crk_iparams = 6;
-+ kop->cookie = cookie;
-+
-+ if (cryptodev_asym_async(kop, r_len, sig->r , r_len, sig->s))
-+ goto err;
-+
-+ return ret;
-+err:
-+ {
-+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+ BN_free(sig->r);
-+ BN_free(sig->s);
-+ if (kop)
-+ free(kop);
-+ sig_ret = (meth->ecdsa_do_sign)(dgst, dgst_len, in_kinv, in_r, eckey);
-+ sig->r = sig_ret->r;
-+ sig->s = sig_ret->s;
-+ cookie->pkc_callback(cookie, 0);
-+ }
-+ return ret;
-+}
-+
-+static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len,
-+ const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie)
-+{
-+ BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL;
-+ BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
-+ BN_CTX *ctx = NULL;
-+ ECDSA_DATA *ecdsa = NULL;
-+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy = NULL;
-+ unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
-+ int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0;
-+ int d_len = 0, ab_len = 0, ret = 1;
-+ const EC_POINT *pub_key = NULL;
-+ const BIGNUM *order = NULL;
-+ const EC_GROUP *group=NULL;
-+ ec_curve_t ec_crv = EC_PRIME;
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+
-+ if (!kop)
-+ goto err;
-+
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+ ecdsa = ecdsa_check(eckey);
-+ if (!ecdsa) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
-+ goto err;
-+ }
-+
-+ group = EC_KEY_get0_group(eckey);
-+ pub_key = EC_KEY_get0_public_key(eckey);
-+
-+ if (!group || !pub_key) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
-+ goto err;
-+ }
-+
-+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+ (y = BN_new()) == NULL || (w_x = BN_new()) == NULL ||
-+ (w_y = BN_new()) == NULL) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ order = &group->order;
-+ if (!order || BN_is_zero(order)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
-+ goto err;
-+ }
-+
-+ i = BN_num_bits(order);
-+ /* Need to truncate digest if it is too long: first truncate whole
-+ * bytes */
-+ if (8 * dgst_len > i)
-+ dgst_len = (i + 7)/8;
-+
-+ if (!BN_bin2bn(dgst, dgst_len, m)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* If still too long truncate remaining bits with a shift */
-+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+ /* copy the truncated bits into plain buffer */
-+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* check if this is prime or binary EC request */
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
-+ ec_crv = EC_PRIME;
-+
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GFp (group,
-+ EC_GROUP_get0_generator(group), x, y,ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for prime curve */
-+ if (!EC_POINT_get_affine_coordinates_GFp (group,
-+ pub_key, w_x, w_y,ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field){
-+ ec_crv = EC_BINARY;
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ EC_GROUP_get0_generator(group),x, y,ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for binary curve */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ pub_key, w_x, w_y,ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ }else {
-+ printf("Unsupported Curve\n");
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* Get the order of the subgroup of private keys */
-+ if (spcf_bn2bin((BIGNUM*)order, &r, &r_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the irreducible polynomial that creates the field */
-+ if (spcf_bn2bin(p, &q, &q_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the public key into a flat buffer with appropriate padding */
-+ pub_key_len = 2 * q_len;
-+
-+ w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len);
-+ if (!w_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Generation of ECC curve parameters */
-+ ab_len = 2*q_len;
-+
-+ ab = eng_copy_curve_points (a, b, ab_len, q_len);
-+ if (!ab) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ if (ec_crv == EC_BINARY) {
-+ /* copy b' i.e c(b), instead of only b */
-+ eng_ec_get_cparam (EC_GROUP_get_curve_name(group),
-+ ab+q_len, q_len);
-+ kop->curve_type = ECC_BINARY;
-+ }
-+
-+ /* Calculation of Generator point */
-+ g_len = 2 * q_len;
-+
-+ g_xy = eng_copy_curve_points (x, y, g_len, q_len);
-+ if (!g_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /**
-+ * Get the 1st part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ if (BN_num_bytes(sig->r) < r_len)
-+ c_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /**
-+ * Get the 2nd part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ if (BN_num_bytes(sig->s) < r_len)
-+ d_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* memory for message representative */
-+ f = malloc(r_len);
-+ if (!f) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ memset(f, 0, r_len-dgst_len);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len);
-+
-+ dgst_len += r_len-dgst_len;
-+
-+ kop->crk_op = CRK_DSA_VERIFY;
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+ kop->crk_param[0].crp_p = f;
-+ kop->crk_param[0].crp_nbits = dgst_len * 8;
-+ kop->crk_param[1].crp_p = q;
-+ kop->crk_param[1].crp_nbits = q_len * 8;
-+ kop->crk_param[2].crp_p = r;
-+ kop->crk_param[2].crp_nbits = r_len * 8;
-+ kop->crk_param[3].crp_p = g_xy;
-+ kop->crk_param[3].crp_nbits = g_len * 8;
-+ kop->crk_param[4].crp_p = w_xy;
-+ kop->crk_param[4].crp_nbits = pub_key_len * 8;
-+ kop->crk_param[5].crp_p = ab;
-+ kop->crk_param[5].crp_nbits = ab_len * 8;
-+ kop->crk_param[6].crp_p = c;
-+ kop->crk_param[6].crp_nbits = d_len * 8;
-+ kop->crk_param[7].crp_p = d;
-+ kop->crk_param[7].crp_nbits = d_len * 8;
-+ kop->crk_iparams = 8;
-+ kop->cookie = cookie;
-+
-+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
-+ goto err;
-+
-+ return ret;
-+err:
-+ {
-+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+
-+ if (kop)
-+ free(kop);
-+ ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey);
-+ cookie->pkc_callback(cookie, 0);
-+ }
-+
-+ return ret;
-+}
-+
-+/* Cryptodev DH Key Gen routine */
-+static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie)
-+{
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ int ret = 1, g_len;
-+ unsigned char *g = NULL;
-+
-+ if (!kop)
-+ goto sw_try;
-+
-+ if (dh->priv_key == NULL) {
-+ if ((dh->priv_key=BN_new()) == NULL)
-+ goto sw_try;
-+ }
-+
-+ if (dh->pub_key == NULL) {
-+ if ((dh->pub_key=BN_new()) == NULL)
-+ goto sw_try;
-+ }
-+
-+ g_len = BN_num_bytes(dh->p);
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
- */
-- if (BN_num_bytes(sig->s) < r_len)
-- d_len = r_len;
--
-- if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-- goto err;
-- }
--
-- /* memory for message representative */
-- f = malloc(r_len);
-- if (!f) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-- goto err;
-+ if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
-+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto sw_try;
- }
-
-- /* Add padding, since SEC expects hash to of size r_len */
-- memset(f, 0, r_len-dgst_len);
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+ kop->crk_op = CRK_DH_GENERATE_KEY;
-+ if (bn2crparam(dh->p, &kop->crk_param[0]))
-+ goto sw_try;
-+ if (bn2crparam(dh->q, &kop->crk_param[1]))
-+ goto sw_try;
-+ kop->crk_param[2].crp_p = g;
-+ kop->crk_param[2].crp_nbits = g_len * 8;
-+ kop->crk_iparams = 3;
-+ kop->cookie = cookie;
-
-- /* Skip leading bytes if dgst_len < r_len */
-- memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len);
-- dgst_len += r_len-dgst_len;
-- kop.crk_op = CRK_DSA_VERIFY;
-- /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-- kop.crk_param[0].crp_p = f;
-- kop.crk_param[0].crp_nbits = dgst_len * 8;
-- kop.crk_param[1].crp_p = q;
-- kop.crk_param[1].crp_nbits = q_len * 8;
-- kop.crk_param[2].crp_p = r;
-- kop.crk_param[2].crp_nbits = r_len * 8;
-- kop.crk_param[3].crp_p = g_xy;
-- kop.crk_param[3].crp_nbits = g_len * 8;
-- kop.crk_param[4].crp_p = w_xy;
-- kop.crk_param[4].crp_nbits = pub_key_len * 8;
-- kop.crk_param[5].crp_p = ab;
-- kop.crk_param[5].crp_nbits = ab_len * 8;
-- kop.crk_param[6].crp_p = c;
-- kop.crk_param[6].crp_nbits = d_len * 8;
-- kop.crk_param[7].crp_p = d;
-- kop.crk_param[7].crp_nbits = d_len * 8;
-- kop.crk_iparams = 8;
-+ /* pub_key is or prime length while priv key is of length of order */
-+ if (cryptodev_asym_async(kop, BN_num_bytes(dh->p), dh->pub_key,
-+ BN_num_bytes(dh->q), dh->priv_key))
-+ goto sw_try;
-
-- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-- /*OCF success value is 0, if not zero, change ret to fail*/
-- if(0 == kop.crk_status)
-- ret = 1;
-- } else {
-- const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+ return ret;
-+sw_try:
-+ {
-+ const DH_METHOD *meth = DH_OpenSSL();
-
-- ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey);
-+ if (kop)
-+ free(kop);
-+ ret = (meth->generate_key)(dh);
-+ cookie->pkc_callback(cookie, 0);
- }
-- kop.crk_param[0].crp_p = NULL;
-- zapparams(&kop);
--
--err:
- return ret;
- }
-
-@@ -2360,6 +3383,54 @@ sw_try:
- return (dhret);
- }
-
-+/* Return Length if successful and 0 on failure */
-+static int
-+cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
-+ DH *dh, struct pkc_cookie_s *cookie)
-+{
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ int ret = 1;
-+ int fd, p_len;
-+ unsigned char *padded_pub_key = NULL, *p = NULL;
-+
-+ fd = *(int *)cookie->eng_handle;
-+
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+ kop->crk_op = CRK_DH_COMPUTE_KEY;
-+ /* inputs: dh->priv_key pub_key dh->p key */
-+ spcf_bn2bin(dh->p, &p, &p_len);
-+ spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
-+
-+ if (bn2crparam(dh->priv_key, &kop->crk_param[0]))
-+ goto err;
-+ kop->crk_param[1].crp_p = padded_pub_key;
-+ kop->crk_param[1].crp_nbits = p_len * 8;
-+ kop->crk_param[2].crp_p = p;
-+ kop->crk_param[2].crp_nbits = p_len * 8;
-+ kop->crk_iparams = 3;
-+
-+ kop->cookie = cookie;
-+ kop->crk_param[3].crp_p = (void*) key;
-+ kop->crk_param[3].crp_nbits = p_len * 8;
-+ kop->crk_oparams = 1;
-+
-+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
-+ goto err;
-+
-+ return p_len;
-+err:
-+ {
-+ const DH_METHOD *meth = DH_OpenSSL();
-+
-+ if (kop)
-+ free(kop);
-+ ret = (meth->compute_key)(key, pub_key, dh);
-+ /* Call user cookie handler */
-+ cookie->pkc_callback(cookie, 0);
-+ }
-+ return (ret);
-+}
-+
- int cryptodev_ecdh_compute_key(void *out, size_t outlen,
- const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
- void *out, size_t *outlen))
-@@ -2537,6 +3608,190 @@ err:
- return ret;
- }
-
-+int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
-+ const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
-+ void *out, size_t *outlen), struct pkc_cookie_s *cookie)
-+{
-+ ec_curve_t ec_crv = EC_PRIME;
-+ unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
-+ BIGNUM * w_x = NULL, *w_y = NULL;
-+ int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
-+ BIGNUM * p = NULL, *a = NULL, *b = NULL;
-+ BN_CTX *ctx;
-+ EC_POINT *tmp=NULL;
-+ BIGNUM *x=NULL, *y=NULL;
-+ const BIGNUM *priv_key;
-+ const EC_GROUP* group = NULL;
-+ int ret = 1;
-+ size_t buflen, len;
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+
-+ if (!(ctx = BN_CTX_new()) || !kop)
-+ goto err;
-+
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+
-+ BN_CTX_start(ctx);
-+ x = BN_CTX_get(ctx);
-+ y = BN_CTX_get(ctx);
-+ p = BN_CTX_get(ctx);
-+ a = BN_CTX_get(ctx);
-+ b = BN_CTX_get(ctx);
-+ w_x = BN_CTX_get(ctx);
-+ w_y = BN_CTX_get(ctx);
-+
-+ if (!x || !y || !p || !a || !b || !w_x || !w_y) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ priv_key = EC_KEY_get0_private_key(ecdh);
-+ if (priv_key == NULL) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE);
-+ goto err;
-+ }
-+
-+ group = EC_KEY_get0_group(ecdh);
-+ if ((tmp=EC_POINT_new(group)) == NULL) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_prime_field) {
-+ ec_crv = EC_PRIME;
-+
-+ if (!EC_POINT_get_affine_coordinates_GFp(group,
-+ EC_GROUP_get0_generator(group), x, y, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for prime curve */
-+ if (!EC_POINT_get_affine_coordinates_GFp (group, pub_key, w_x, w_y,ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+ goto err;
-+ }
-+ } else {
-+ ec_crv = EC_BINARY;
-+
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ EC_GROUP_get0_generator(group), x, y, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for binary curve */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ pub_key, w_x, w_y,ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ }
-+
-+ /* irreducible polynomial that creates the field */
-+ if (spcf_bn2bin((BIGNUM*)&group->order, &r, &r_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the irreducible polynomial that creates the field */
-+ if (spcf_bn2bin(p, &q, &q_len)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* Get the public key into a flat buffer with appropriate padding */
-+ pub_key_len = 2 * q_len;
-+ w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len);
-+ if (!w_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Generation of ECC curve parameters */
-+ ab_len = 2*q_len;
-+ ab = eng_copy_curve_points (a, b, ab_len, q_len);
-+ if (!ab) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ if (ec_crv == EC_BINARY) {
-+ /* copy b' i.e c(b), instead of only b */
-+ if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
-+ {
-+ unsigned char *c_temp = NULL;
-+ int c_temp_len = q_len;
-+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+ memcpy(ab+q_len, c_temp, q_len);
-+ else
-+ goto err;
-+ }
-+ kop->curve_type = ECC_BINARY;
-+ } else
-+ kop->curve_type = ECC_PRIME;
-+
-+ priv_key_len = r_len;
-+
-+ /*
-+ * If BN_num_bytes of priv_key returns less then r_len then
-+ * add padding bytes before the key
-+ */
-+ if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ buflen = (EC_GROUP_get_degree(group) + 7)/8;
-+ len = BN_num_bytes(x);
-+ if (len > buflen || q_len < buflen) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
-+ goto err;
-+ }
-+
-+ kop->crk_op = CRK_DH_COMPUTE_KEY;
-+ kop->crk_param[0].crp_p = (void *) s;
-+ kop->crk_param[0].crp_nbits = priv_key_len*8;
-+ kop->crk_param[1].crp_p = (void *) w_xy;
-+ kop->crk_param[1].crp_nbits = pub_key_len*8;
-+ kop->crk_param[2].crp_p = (void *) q;
-+ kop->crk_param[2].crp_nbits = q_len*8;
-+ kop->crk_param[3].crp_p = (void *) ab;
-+ kop->crk_param[3].crp_nbits = ab_len*8;
-+ kop->crk_iparams = 4;
-+ kop->crk_param[4].crp_p = (void *) out;
-+ kop->crk_param[4].crp_nbits = q_len*8;
-+ kop->crk_oparams = 1;
-+ kop->cookie = cookie;
-+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
-+ goto err;
-+
-+ return q_len;
-+err:
-+ {
-+ const ECDH_METHOD *meth = ECDH_OpenSSL();
-+
-+ if (kop)
-+ free(kop);
-+ ret = (meth->compute_key)(out, outlen, pub_key, ecdh, KDF);
-+ /* Call user cookie handler */
-+ cookie->pkc_callback(cookie, 0);
-+ }
-+ return ret;
-+}
-
- static DH_METHOD cryptodev_dh = {
- "cryptodev DH method",
-@@ -2545,6 +3800,8 @@ static DH_METHOD cryptodev_dh = {
- NULL,
- NULL,
- NULL,
-+ NULL,
-+ NULL,
- 0, /* flags */
- NULL /* app_data */
- };
-@@ -2553,6 +3810,7 @@ static ECDH_METHOD cryptodev_ecdh = {
- "cryptodev ECDH method",
- NULL, /* cryptodev_ecdh_compute_key */
- NULL,
-+ NULL,
- 0, /* flags */
- NULL /* app_data */
- };
-@@ -2625,12 +3883,19 @@ ENGINE_load_cryptodev(void)
- cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
- if (cryptodev_asymfeat & CRF_MOD_EXP) {
- cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
-- if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
-+ cryptodev_rsa.bn_mod_exp_async =
-+ cryptodev_bn_mod_exp_async;
-+ if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) {
- cryptodev_rsa.rsa_mod_exp =
- cryptodev_rsa_mod_exp;
-- else
-+ cryptodev_rsa.rsa_mod_exp_async =
-+ cryptodev_rsa_mod_exp_async;
-+ } else {
- cryptodev_rsa.rsa_mod_exp =
- cryptodev_rsa_nocrt_mod_exp;
-+ cryptodev_rsa.rsa_mod_exp_async =
-+ cryptodev_rsa_nocrt_mod_exp_async;
-+ }
- }
- }
-
-@@ -2638,12 +3903,21 @@ ENGINE_load_cryptodev(void)
- const DSA_METHOD *meth = DSA_OpenSSL();
-
- memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
-- if (cryptodev_asymfeat & CRF_DSA_SIGN)
-+ if (cryptodev_asymfeat & CRF_DSA_SIGN) {
- cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
-- if (cryptodev_asymfeat & CRF_DSA_VERIFY)
-+ cryptodev_dsa.dsa_do_sign_async =
-+ cryptodev_dsa_do_sign_async;
-+ }
-+ if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
- cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
-- if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY)
-+ cryptodev_dsa.dsa_do_verify_async =
-+ cryptodev_dsa_verify_async;
-+ }
-+ if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) {
- cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen;
-+ cryptodev_dsa.dsa_keygen_async =
-+ cryptodev_dsa_keygen_async;
-+ }
- }
-
- if (ENGINE_set_DH(engine, &cryptodev_dh)){
-@@ -2652,10 +3926,15 @@ ENGINE_load_cryptodev(void)
- if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
- cryptodev_dh.compute_key =
- cryptodev_dh_compute_key;
-+ cryptodev_dh.compute_key_async =
-+ cryptodev_dh_compute_key_async;
- }
- if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) {
- cryptodev_dh.generate_key =
- cryptodev_dh_keygen;
-+ cryptodev_dh.generate_key_async =
-+ cryptodev_dh_keygen_async;
-+
- }
- }
-
-@@ -2664,10 +3943,14 @@ ENGINE_load_cryptodev(void)
- memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD));
- if (cryptodev_asymfeat & CRF_DSA_SIGN) {
- cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign;
-+ cryptodev_ecdsa.ecdsa_do_sign_async =
-+ cryptodev_ecdsa_do_sign_async;
- }
- if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
- cryptodev_ecdsa.ecdsa_do_verify =
- cryptodev_ecdsa_verify;
-+ cryptodev_ecdsa.ecdsa_do_verify_async =
-+ cryptodev_ecdsa_verify_async;
- }
- }
-
-@@ -2676,9 +3959,16 @@ ENGINE_load_cryptodev(void)
- memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD));
- if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
- cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key;
-+ cryptodev_ecdh.compute_key_async =
-+ cryptodev_ecdh_compute_key_async;
- }
- }
-
-+ ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability);
-+ ENGINE_set_close_instance(engine, cryptodev_close_instance);
-+ ENGINE_set_init_instance(engine, cryptodev_init_instance);
-+ ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC);
-+
- ENGINE_add(engine);
- ENGINE_free(engine);
- ERR_clear_error();
-diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
-index 451ef8f..8fc3077 100644
---- a/crypto/engine/eng_int.h
-+++ b/crypto/engine/eng_int.h
-@@ -181,7 +181,29 @@ struct engine_st
- ENGINE_LOAD_KEY_PTR load_pubkey;
-
- ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
--
-+ /*
-+ * Instantiate Engine handle to be passed in check_pkc_availability
-+ * Ensure that Engine is instantiated before any pkc asynchronous call.
-+ */
-+ void *(*engine_init_instance)(void);
-+ /*
-+ * Instantiated Engine handle will be closed with this call.
-+ * Ensure that no pkc asynchronous call is made after this call
-+ */
-+ void (*engine_close_instance)(void *handle);
-+ /*
-+ * Check availability will extract the data from kernel.
-+ * eng_handle: This is the Engine handle corresponds to which
-+ * the cookies needs to be polled.
-+ * return 0 if cookie available else 1
-+ */
-+ int (*check_pkc_availability)(void *eng_handle);
-+ /*
-+ * The following map is used to check if the engine supports asynchronous implementation
-+ * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous
-+ * implementation need to check this features using "int ENGINE_get_async_map(engine *)";
-+ */
-+ int async_map;
- const ENGINE_CMD_DEFN *cmd_defns;
- int flags;
- /* reference count on the structure itself */
-diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
-index 18a6664..6fa621c 100644
---- a/crypto/engine/eng_lib.c
-+++ b/crypto/engine/eng_lib.c
-@@ -98,7 +98,11 @@ void engine_set_all_null(ENGINE *e)
- e->ctrl = NULL;
- e->load_privkey = NULL;
- e->load_pubkey = NULL;
-+ e->check_pkc_availability = NULL;
-+ e->engine_init_instance = NULL;
-+ e->engine_close_instance = NULL;
- e->cmd_defns = NULL;
-+ e->async_map = 0;
- e->flags = 0;
- }
-
-@@ -233,6 +237,48 @@ int ENGINE_set_id(ENGINE *e, const char *id)
- return 1;
- }
-
-+void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void))
-+ {
-+ e->engine_init_instance = engine_init_instance;
-+ }
-+
-+void ENGINE_set_close_instance(ENGINE *e,
-+ void (*engine_close_instance)(void *))
-+ {
-+ e->engine_close_instance = engine_close_instance;
-+ }
-+
-+void ENGINE_set_async_map(ENGINE *e, int async_map)
-+ {
-+ e->async_map = async_map;
-+ }
-+
-+void *ENGINE_init_instance(ENGINE *e)
-+ {
-+ return e->engine_init_instance();
-+ }
-+
-+void ENGINE_close_instance(ENGINE *e, void *eng_handle)
-+ {
-+ e->engine_close_instance(eng_handle);
-+ }
-+
-+int ENGINE_get_async_map(ENGINE *e)
-+ {
-+ return e->async_map;
-+ }
-+
-+void ENGINE_set_check_pkc_availability(ENGINE *e,
-+ int (*check_pkc_availability)(void *eng_handle))
-+ {
-+ e->check_pkc_availability = check_pkc_availability;
-+ }
-+
-+int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle)
-+ {
-+ return e->check_pkc_availability(eng_handle);
-+ }
-+
- int ENGINE_set_name(ENGINE *e, const char *name)
- {
- if(name == NULL)
-diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
-index 237a6c9..ccff86a 100644
---- a/crypto/engine/engine.h
-+++ b/crypto/engine/engine.h
-@@ -473,6 +473,30 @@ ENGINE *ENGINE_new(void);
- int ENGINE_free(ENGINE *e);
- int ENGINE_up_ref(ENGINE *e);
- int ENGINE_set_id(ENGINE *e, const char *id);
-+void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void));
-+void ENGINE_set_close_instance(ENGINE *e,
-+ void (*engine_free_instance)(void *));
-+/*
-+ * Following FLAGS are bitmap store in async_map to set asynchronous interface capability
-+ *of the engine
-+ */
-+#define ENGINE_RSA_ASYNC 0x0001
-+#define ENGINE_DSA_ASYNC 0x0002
-+#define ENGINE_DH_ASYNC 0x0004
-+#define ENGINE_ECDSA_ASYNC 0x0008
-+#define ENGINE_ECDH_ASYNC 0x0010
-+#define ENGINE_ALLPKC_ASYNC 0x001F
-+/* Engine implementation will set the bitmap based on above flags using following API */
-+void ENGINE_set_async_map(ENGINE *e, int async_map);
-+ /* Application need to check the bitmap based on above flags using following API
-+ * to confirm asynchronous methods supported
-+ */
-+int ENGINE_get_async_map(ENGINE *e);
-+void *ENGINE_init_instance(ENGINE *e);
-+void ENGINE_close_instance(ENGINE *e, void *eng_handle);
-+void ENGINE_set_check_pkc_availability(ENGINE *e,
-+ int (*check_pkc_availability)(void *eng_handle));
-+int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle);
- int ENGINE_set_name(ENGINE *e, const char *name);
- int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
- int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
-diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
-index 5f269e5..6ef1b15 100644
---- a/crypto/rsa/rsa.h
-+++ b/crypto/rsa/rsa.h
-@@ -101,6 +101,29 @@ struct rsa_meth_st
- int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx); /* Can be null */
-+ /*
-+ * Cookie in the following _async variant must be allocated before
-+ * submission and can be freed once its corresponding callback
-+ * handler is called
-+ */
-+ int (*rsa_pub_enc_asyn)(int flen,const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding,
-+ struct pkc_cookie_s *cookie);
-+ int (*rsa_pub_dec_async)(int flen,const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding,
-+ struct pkc_cookie_s *cookie);
-+ int (*rsa_priv_enc_async)(int flen,const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding,
-+ struct pkc_cookie_s *cookie);
-+ int (*rsa_priv_dec_async)(int flen,const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding,
-+ struct pkc_cookie_s *cookie);
-+ int (*rsa_mod_exp_async)(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
-+ BN_CTX *ctx, struct pkc_cookie_s *cookie);
-+ int (*bn_mod_exp_async)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-+ const BIGNUM *m, BN_CTX *ctx,
-+ BN_MONT_CTX *m_ctx, struct pkc_cookie_s *cookie);
-+
- int (*init)(RSA *rsa); /* called at new */
- int (*finish)(RSA *rsa); /* called at free */
- int flags; /* RSA_METHOD_FLAG_* things */
---
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch
new file mode 100644
index 0000000..8908d54
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch
@@ -0,0 +1,163 @@
+From cd80be25a3da28d23dfcb2762252b413879eaa74 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta at freescale.com>
+Date: Thu, 17 Apr 2014 06:57:59 +0545
+Subject: [PATCH 10/48] Removed local copy of curve_t type
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 33 ++++++++++++++-------------------
+ crypto/engine/eng_cryptodev_ec.h | 7 -------
+ 2 files changed, 14 insertions(+), 26 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index eac5fb6..151774c 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -2504,11 +2504,6 @@ static ECDSA_METHOD cryptodev_ecdsa = {
+ NULL /* app_data */
+ };
+
+-typedef enum ec_curve_s {
+- EC_PRIME,
+- EC_BINARY
+-} ec_curve_t;
+-
+ /* ENGINE handler for ECDSA Sign */
+ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
+ int dgst_len, const BIGNUM *in_kinv,
+@@ -2527,7 +2522,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
+ const BIGNUM *order = NULL, *priv_key = NULL;
+ const EC_GROUP *group = NULL;
+ struct crypt_kop kop;
+- ec_curve_t ec_crv = EC_PRIME;
++ enum ec_curve_t ec_crv = EC_PRIME;
+
+ memset(&kop, 0, sizeof(kop));
+ ecdsa = ecdsa_check(eckey);
+@@ -2665,7 +2660,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
+ else
+ goto err;
+ }
+- kop.curve_type = ECC_BINARY;
++ kop.curve_type = EC_BINARY;
+ }
+
+ /* Calculation of Generator point */
+@@ -2760,7 +2755,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
+ const EC_POINT *pub_key = NULL;
+ const BIGNUM *order = NULL;
+ const EC_GROUP *group = NULL;
+- ec_curve_t ec_crv = EC_PRIME;
++ enum ec_curve_t ec_crv = EC_PRIME;
+ struct crypt_kop kop;
+
+ memset(&kop, 0, sizeof kop);
+@@ -2911,7 +2906,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
+ else
+ goto err;
+ }
+- kop.curve_type = ECC_BINARY;
++ kop.curve_type = EC_BINARY;
+ }
+
+ /* Calculation of Generator point */
+@@ -3016,7 +3011,7 @@ static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst,
+ const BIGNUM *order = NULL, *priv_key = NULL;
+ const EC_GROUP *group = NULL;
+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
+- ec_curve_t ec_crv = EC_PRIME;
++ enum ec_curve_t ec_crv = EC_PRIME;
+
+ if (!(sig->r = BN_new()) || !kop)
+ goto err;
+@@ -3157,7 +3152,7 @@ static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst,
+ else
+ goto err;
+ }
+- kop->curve_type = ECC_BINARY;
++ kop->curve_type = EC_BINARY;
+ }
+
+ /* Calculation of Generator point */
+@@ -3237,7 +3232,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst,
+ const EC_POINT *pub_key = NULL;
+ const BIGNUM *order = NULL;
+ const EC_GROUP *group = NULL;
+- ec_curve_t ec_crv = EC_PRIME;
++ enum ec_curve_t ec_crv = EC_PRIME;
+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
+
+ if (!kop)
+@@ -3384,7 +3379,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst,
+ if (ec_crv == EC_BINARY) {
+ /* copy b' i.e c(b), instead of only b */
+ eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab + q_len, q_len);
+- kop->curve_type = ECC_BINARY;
++ kop->curve_type = EC_BINARY;
+ }
+
+ /* Calculation of Generator point */
+@@ -3690,7 +3685,7 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
+ void *(*KDF) (const void *in, size_t inlen,
+ void *out, size_t *outlen))
+ {
+- ec_curve_t ec_crv = EC_PRIME;
++ enum ec_curve_t ec_crv = EC_PRIME;
+ unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
+ BIGNUM *w_x = NULL, *w_y = NULL;
+ int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
+@@ -3820,9 +3815,9 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
+ else
+ goto err;
+ }
+- kop.curve_type = ECC_BINARY;
++ kop.curve_type = EC_BINARY;
+ } else
+- kop.curve_type = ECC_PRIME;
++ kop.curve_type = EC_PRIME;
+
+ priv_key_len = r_len;
+
+@@ -3874,7 +3869,7 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
+ size_t *outlen),
+ struct pkc_cookie_s *cookie)
+ {
+- ec_curve_t ec_crv = EC_PRIME;
++ enum ec_curve_t ec_crv = EC_PRIME;
+ unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
+ BIGNUM *w_x = NULL, *w_y = NULL;
+ int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
+@@ -4005,9 +4000,9 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
+ else
+ goto err;
+ }
+- kop->curve_type = ECC_BINARY;
++ kop->curve_type = EC_BINARY;
+ } else
+- kop->curve_type = ECC_PRIME;
++ kop->curve_type = EC_PRIME;
+
+ priv_key_len = r_len;
+
+diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h
+index af54c51..41a8702 100644
+--- a/crypto/engine/eng_cryptodev_ec.h
++++ b/crypto/engine/eng_cryptodev_ec.h
+@@ -287,11 +287,4 @@ static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y,
+
+ return xy;
+ }
+-
+-enum curve_t {
+- DISCRETE_LOG,
+- ECC_PRIME,
+- ECC_BINARY,
+- MAX_ECC_TYPE
+-};
+ #endif
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
deleted file mode 100644
index 244d230..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
+++ /dev/null
@@ -1,153 +0,0 @@
-From e4fc051f8ae1c093b25ca346c2ec351ff3b700d1 Mon Sep 17 00:00:00 2001
-From: Hou Zhiqiang <B48286 at freescale.com>
-Date: Wed, 2 Apr 2014 16:10:43 +0800
-Subject: [PATCH 11/26] Add RSA keygen operation and support gendsa command
- with hardware engine
-
-Upstream-status: Pending
-
-Signed-off-by: Hou Zhiqiang <B48286 at freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 118 ++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 118 insertions(+)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 9f2416e..b2919a8 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1906,6 +1906,121 @@ err:
- return dsaret;
- }
-
-+/* Cryptodev RSA Key Gen routine */
-+static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
-+{
-+ struct crypt_kop kop;
-+ int ret, fd;
-+ int p_len, q_len;
-+ int i;
-+
-+ if ((fd = get_asym_dev_crypto()) < 0)
-+ return fd;
-+
-+ if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
-+ if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err;
-+ if(!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err;
-+ if(!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err;
-+ if(!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err;
-+ if(!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err;
-+ if(!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err;
-+ if(!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err;
-+
-+ BN_copy(rsa->e, e);
-+
-+ p_len = (bits+1) / (2 * 8);
-+ q_len = (bits - p_len * 8) / 8;
-+ memset(&kop, 0, sizeof kop);
-+ kop.crk_op = CRK_RSA_GENERATE_KEY;
-+
-+ /* p length */
-+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
-+ if (!kop.crk_param[kop.crk_iparams].crp_p)
-+ goto err;
-+ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
-+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
-+ kop.crk_iparams++;
-+ kop.crk_oparams++;
-+ /* q length */
-+ kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
-+ if (!kop.crk_param[kop.crk_iparams].crp_p)
-+ goto err;
-+ kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
-+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
-+ kop.crk_iparams++;
-+ kop.crk_oparams++;
-+ /* n length */
-+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + q_len + 1, sizeof(char));
-+ if (!kop.crk_param[kop.crk_iparams].crp_p)
-+ goto err;
-+ kop.crk_param[kop.crk_iparams].crp_nbits = bits;
-+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0x00, p_len + q_len + 1);
-+ kop.crk_iparams++;
-+ kop.crk_oparams++;
-+ /* d length */
-+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + q_len + 1, sizeof(char));
-+ if (!kop.crk_param[kop.crk_iparams].crp_p)
-+ goto err;
-+ kop.crk_param[kop.crk_iparams].crp_nbits = bits;
-+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + q_len + 1);
-+ kop.crk_iparams++;
-+ kop.crk_oparams++;
-+ /* dp1 length */
-+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
-+ if (!kop.crk_param[kop.crk_iparams].crp_p)
-+ goto err;
-+ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
-+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
-+ kop.crk_iparams++;
-+ kop.crk_oparams++;
-+ /* dq1 length */
-+ kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
-+ if (!kop.crk_param[kop.crk_iparams].crp_p)
-+ goto err;
-+ kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
-+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
-+ kop.crk_iparams++;
-+ kop.crk_oparams++;
-+ /* i length */
-+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
-+ if (!kop.crk_param[kop.crk_iparams].crp_p)
-+ goto err;
-+ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
-+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
-+ kop.crk_iparams++;
-+ kop.crk_oparams++;
-+
-+ if (ioctl(fd, CIOCKEY, &kop) == 0) {
-+ BN_bin2bn(kop.crk_param[0].crp_p,
-+ p_len, rsa->p);
-+ BN_bin2bn(kop.crk_param[1].crp_p,
-+ q_len, rsa->q);
-+ BN_bin2bn(kop.crk_param[2].crp_p,
-+ bits / 8, rsa->n);
-+ BN_bin2bn(kop.crk_param[3].crp_p,
-+ bits / 8, rsa->d);
-+ BN_bin2bn(kop.crk_param[4].crp_p,
-+ p_len, rsa->dmp1);
-+ BN_bin2bn(kop.crk_param[5].crp_p,
-+ q_len, rsa->dmq1);
-+ BN_bin2bn(kop.crk_param[6].crp_p,
-+ p_len, rsa->iqmp);
-+ return 1;
-+ }
-+sw_try:
-+ {
-+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-+ ret = (meth->rsa_keygen)(rsa, bits, e, cb);
-+ }
-+ return ret;
-+
-+err:
-+ for (i = 0; i < CRK_MAXPARAM; i++)
-+ free(kop.crk_param[i].crp_p);
-+ return 0;
-+
-+}
-+
- /* Cryptodev DSA Key Gen routine */
- static int cryptodev_dsa_keygen(DSA *dsa)
- {
-@@ -3896,6 +4011,9 @@ ENGINE_load_cryptodev(void)
- cryptodev_rsa.rsa_mod_exp_async =
- cryptodev_rsa_nocrt_mod_exp_async;
- }
-+ if (cryptodev_asymfeat & CRF_RSA_GENERATE_KEY)
-+ cryptodev_rsa.rsa_keygen =
-+ cryptodev_rsa_keygen;
- }
- }
-
---
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch
new file mode 100644
index 0000000..13aea01
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch
@@ -0,0 +1,43 @@
+From f9d9da58818740334ef356d0384d4e88da865dca Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta at freescale.com>
+Date: Tue, 22 Apr 2014 22:58:33 +0545
+Subject: [PATCH 11/48] Modulus parameter is not populated by dhparams
+
+Upstream-status: Pending
+
+When dhparams are created, modulus parameter required for
+private key generation is not populated. So, falling back
+to software for proper population of modulus parameters followed
+by private key generation
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 151774c..1f1f307 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -3502,7 +3502,7 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie)
+ kop->crk_op = CRK_DH_GENERATE_KEY;
+ if (bn2crparam(dh->p, &kop->crk_param[0]))
+ goto sw_try;
+- if (bn2crparam(dh->q, &kop->crk_param[1]))
++ if (!dh->q || bn2crparam(dh->q, &kop->crk_param[1]))
+ goto sw_try;
+ kop->crk_param[2].crp_p = g;
+ kop->crk_param[2].crp_nbits = g_len * 8;
+@@ -3557,7 +3557,7 @@ static int cryptodev_dh_keygen(DH *dh)
+ kop.crk_op = CRK_DH_GENERATE_KEY;
+ if (bn2crparam(dh->p, &kop.crk_param[0]))
+ goto sw_try;
+- if (bn2crparam(dh->q, &kop.crk_param[1]))
++ if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1]))
+ goto sw_try;
+ kop.crk_param[2].crp_p = g;
+ kop.crk_param[2].crp_nbits = g_len * 8;
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-RSA-Keygen-Fix.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-RSA-Keygen-Fix.patch
deleted file mode 100644
index 7f907da..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-RSA-Keygen-Fix.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From ac777f046da7151386d667391362ecb553ceee90 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Wed, 16 Apr 2014 22:53:04 +0545
-Subject: [PATCH 12/26] RSA Keygen Fix
-
-Upstream-status: Pending
-
-If Kernel driver doesn't support RSA Keygen or same returns
-error handling the keygen operation, the keygen is gracefully
-handled by software supported rsa_keygen handler
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 12 +++++++-----
- 1 file changed, 7 insertions(+), 5 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index b2919a8..ed5f20f 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1915,7 +1915,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
- int i;
-
- if ((fd = get_asym_dev_crypto()) < 0)
-- return fd;
-+ goto sw_try;
-
- if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
- if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err;
-@@ -1936,7 +1936,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
- /* p length */
- kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
- if (!kop.crk_param[kop.crk_iparams].crp_p)
-- goto err;
-+ goto sw_try;
- kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
- memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
- kop.crk_iparams++;
-@@ -1944,7 +1944,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
- /* q length */
- kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
- if (!kop.crk_param[kop.crk_iparams].crp_p)
-- goto err;
-+ goto sw_try;
- kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
- memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
- kop.crk_iparams++;
-@@ -2009,8 +2009,10 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
- }
- sw_try:
- {
-- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-- ret = (meth->rsa_keygen)(rsa, bits, e, cb);
-+ const RSA_METHOD *meth = rsa->meth;
-+ rsa->meth = RSA_PKCS1_SSLeay();
-+ ret = RSA_generate_key_ex(rsa, bits, e, cb);
-+ rsa->meth = meth;
- }
- return ret;
-
---
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch
new file mode 100644
index 0000000..bf36a32
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch
@@ -0,0 +1,53 @@
+From 18f4dbbba2c0142792b394bec35531cefe277712 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta at freescale.com>
+Date: Thu, 24 Apr 2014 00:35:34 +0545
+Subject: [PATCH 12/48] SW Backoff mechanism for dsa keygen
+
+Upstream-status: Pending
+
+DSA Keygen is not handled in default openssl dsa method. Due to
+same null function pointer in SW DSA method, the backoff for dsa
+keygen gives segmentation fault.
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 1f1f307..db8e02d 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -2175,8 +2175,10 @@ static int cryptodev_dsa_keygen(DSA *dsa)
+ return ret;
+ sw_try:
+ {
+- const DSA_METHOD *meth = DSA_OpenSSL();
+- ret = (meth->dsa_keygen) (dsa);
++ const DSA_METHOD *meth = dsa->meth;
++ dsa->meth = DSA_OpenSSL();
++ ret = DSA_generate_key(dsa);
++ dsa->meth = meth;
+ }
+ return ret;
+ }
+@@ -2230,11 +2232,13 @@ static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie)
+ return ret;
+ sw_try:
+ {
+- const DSA_METHOD *meth = DSA_OpenSSL();
++ const DSA_METHOD *meth = dsa->meth;
+
++ dsa->meth = DSA_OpenSSL();
+ if (kop)
+ free(kop);
+- ret = (meth->dsa_keygen) (dsa);
++ ret = DSA_generate_key(dsa);
++ dsa->meth = meth;
+ cookie->pkc_callback(cookie, 0);
+ }
+ return ret;
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch
new file mode 100644
index 0000000..12465d7
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch
@@ -0,0 +1,100 @@
+From 4d5ffd41f423309fc9aaf3621598ca51c5838e31 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta at freescale.com>
+Date: Thu, 1 May 2014 06:35:45 +0545
+Subject: [PATCH 13/48] Fixed DH keygen pair generator
+
+Upstream-status: Pending
+
+Wrong Padding results into keygen length error
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 50 ++++++++++++++++++++++++++++---------------
+ 1 file changed, 33 insertions(+), 17 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index db8e02d..4929ae6 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -3534,44 +3534,60 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie)
+ static int cryptodev_dh_keygen(DH *dh)
+ {
+ struct crypt_kop kop;
+- int ret = 1, g_len;
+- unsigned char *g = NULL;
++ int ret = 1, q_len = 0;
++ unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL;
++ BIGNUM *pub_key = NULL, *priv_key = NULL;
++ int generate_new_key = 1;
+
+- if (dh->priv_key == NULL) {
+- if ((dh->priv_key = BN_new()) == NULL)
+- goto sw_try;
+- }
++ if (dh->priv_key)
++ priv_key = dh->priv_key;
+
+- if (dh->pub_key == NULL) {
+- if ((dh->pub_key = BN_new()) == NULL)
+- goto sw_try;
+- }
++ if (dh->pub_key)
++ pub_key = dh->pub_key;
+
+- g_len = BN_num_bytes(dh->p);
++ q_len = BN_num_bytes(dh->p);
+ /**
+ * Get generator into a plain buffer. If length is less than
+ * q_len then add leading padding bytes.
+ */
+- if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
++ if (spcf_bn2bin_ex(dh->g, &g, &q_len)) {
++ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
++ goto sw_try;
++ }
++
++ if (spcf_bn2bin_ex(dh->p, &q, &q_len)) {
+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
+ goto sw_try;
+ }
+
+ memset(&kop, 0, sizeof kop);
+ kop.crk_op = CRK_DH_GENERATE_KEY;
+- if (bn2crparam(dh->p, &kop.crk_param[0]))
+- goto sw_try;
++ kop.crk_param[0].crp_p = q;
++ kop.crk_param[0].crp_nbits = q_len * 8;
+ if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1]))
+ goto sw_try;
+ kop.crk_param[2].crp_p = g;
+- kop.crk_param[2].crp_nbits = g_len * 8;
++ kop.crk_param[2].crp_nbits = q_len * 8;
+ kop.crk_iparams = 3;
+
++ s = OPENSSL_malloc(q_len);
++ if (!s) {
++ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
++ goto sw_try;
++ }
++
++ w = OPENSSL_malloc(q_len);
++ if (!w) {
++ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
++ goto sw_try;
++ }
++
+ /* pub_key is or prime length while priv key is of length of order */
+- if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
+- BN_num_bytes(dh->q), dh->priv_key))
++ if (cryptodev_asym(&kop, q_len, w, q_len, s))
+ goto sw_try;
+
++ dh->pub_key = BN_bin2bn(w, q_len, pub_key);
++ dh->pub_key = BN_bin2bn(s, q_len, priv_key);
+ return ret;
+ sw_try:
+ {
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Removed-local-copy-of-curve_t-type.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Removed-local-copy-of-curve_t-type.patch
deleted file mode 100644
index c9d8ace..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Removed-local-copy-of-curve_t-type.patch
+++ /dev/null
@@ -1,164 +0,0 @@
-From 6aaa306cdf878250d7b6eaf30978de313653886b Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Thu, 17 Apr 2014 06:57:59 +0545
-Subject: [PATCH 13/26] Removed local copy of curve_t type
-
-Upstream-status: Pending
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 34 ++++++++++++++--------------------
- crypto/engine/eng_cryptodev_ec.h | 7 -------
- 2 files changed, 14 insertions(+), 27 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index ed5f20f..5d883fa 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2398,12 +2398,6 @@ static ECDSA_METHOD cryptodev_ecdsa = {
- NULL /* app_data */
- };
-
--typedef enum ec_curve_s
--{
-- EC_PRIME,
-- EC_BINARY
--} ec_curve_t;
--
- /* ENGINE handler for ECDSA Sign */
- static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst,
- int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
-@@ -2420,7 +2414,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst,
- const BIGNUM *order = NULL, *priv_key=NULL;
- const EC_GROUP *group = NULL;
- struct crypt_kop kop;
-- ec_curve_t ec_crv = EC_PRIME;
-+ enum ec_curve_t ec_crv = EC_PRIME;
-
- memset(&kop, 0, sizeof(kop));
- ecdsa = ecdsa_check(eckey);
-@@ -2553,7 +2547,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst,
- else
- goto err;
- }
-- kop.curve_type = ECC_BINARY;
-+ kop.curve_type = EC_BINARY;
- }
-
- /* Calculation of Generator point */
-@@ -2647,7 +2641,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
- const EC_POINT *pub_key = NULL;
- const BIGNUM *order = NULL;
- const EC_GROUP *group=NULL;
-- ec_curve_t ec_crv = EC_PRIME;
-+ enum ec_curve_t ec_crv = EC_PRIME;
- struct crypt_kop kop;
-
- memset(&kop, 0, sizeof kop);
-@@ -2792,7 +2786,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
- else
- goto err;
- }
-- kop.curve_type = ECC_BINARY;
-+ kop.curve_type = EC_BINARY;
- }
-
- /* Calculation of Generator point */
-@@ -2893,7 +2887,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst,
- const BIGNUM *order = NULL, *priv_key=NULL;
- const EC_GROUP *group = NULL;
- struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-- ec_curve_t ec_crv = EC_PRIME;
-+ enum ec_curve_t ec_crv = EC_PRIME;
-
- if (!(sig->r = BN_new()) || !kop)
- goto err;
-@@ -3029,7 +3023,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst,
- else
- goto err;
- }
-- kop->curve_type = ECC_BINARY;
-+ kop->curve_type = EC_BINARY;
- }
-
- /* Calculation of Generator point */
-@@ -3105,7 +3099,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len,
- const EC_POINT *pub_key = NULL;
- const BIGNUM *order = NULL;
- const EC_GROUP *group=NULL;
-- ec_curve_t ec_crv = EC_PRIME;
-+ enum ec_curve_t ec_crv = EC_PRIME;
- struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-
- if (!kop)
-@@ -3247,7 +3241,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len,
- /* copy b' i.e c(b), instead of only b */
- eng_ec_get_cparam (EC_GROUP_get_curve_name(group),
- ab+q_len, q_len);
-- kop->curve_type = ECC_BINARY;
-+ kop->curve_type = EC_BINARY;
- }
-
- /* Calculation of Generator point */
-@@ -3552,7 +3546,7 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
- const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
- void *out, size_t *outlen))
- {
-- ec_curve_t ec_crv = EC_PRIME;
-+ enum ec_curve_t ec_crv = EC_PRIME;
- unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
- BIGNUM * w_x = NULL, *w_y = NULL;
- int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
-@@ -3678,9 +3672,9 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
- else
- goto err;
- }
-- kop.curve_type = ECC_BINARY;
-+ kop.curve_type = EC_BINARY;
- } else
-- kop.curve_type = ECC_PRIME;
-+ kop.curve_type = EC_PRIME;
-
- priv_key_len = r_len;
-
-@@ -3729,7 +3723,7 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
- const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
- void *out, size_t *outlen), struct pkc_cookie_s *cookie)
- {
-- ec_curve_t ec_crv = EC_PRIME;
-+ enum ec_curve_t ec_crv = EC_PRIME;
- unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
- BIGNUM * w_x = NULL, *w_y = NULL;
- int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
-@@ -3857,9 +3851,9 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
- else
- goto err;
- }
-- kop->curve_type = ECC_BINARY;
-+ kop->curve_type = EC_BINARY;
- } else
-- kop->curve_type = ECC_PRIME;
-+ kop->curve_type = EC_PRIME;
-
- priv_key_len = r_len;
-
-diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h
-index 77aee71..a4b8da5 100644
---- a/crypto/engine/eng_cryptodev_ec.h
-+++ b/crypto/engine/eng_cryptodev_ec.h
-@@ -286,11 +286,4 @@ static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y,
-
- return xy;
- }
--
--enum curve_t {
-- DISCRETE_LOG,
-- ECC_PRIME,
-- ECC_BINARY,
-- MAX_ECC_TYPE
--};
- #endif
---
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-Modulus-parameter-is-not-populated-by-dhparams.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-Modulus-parameter-is-not-populated-by-dhparams.patch
deleted file mode 100644
index 198bed7..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-Modulus-parameter-is-not-populated-by-dhparams.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 14623ca9e417ccef1ad3f4138acfac0ebe682f1f Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Tue, 22 Apr 2014 22:58:33 +0545
-Subject: [PATCH 14/26] Modulus parameter is not populated by dhparams
-
-Upstream-status: Pending
-
-When dhparams are created, modulus parameter required for
-private key generation is not populated. So, falling back
-to software for proper population of modulus parameters followed
-by private key generation
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 5d883fa..6d69336 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -3364,7 +3364,7 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie)
- kop->crk_op = CRK_DH_GENERATE_KEY;
- if (bn2crparam(dh->p, &kop->crk_param[0]))
- goto sw_try;
-- if (bn2crparam(dh->q, &kop->crk_param[1]))
-+ if (!dh->q || bn2crparam(dh->q, &kop->crk_param[1]))
- goto sw_try;
- kop->crk_param[2].crp_p = g;
- kop->crk_param[2].crp_nbits = g_len * 8;
-@@ -3419,7 +3419,7 @@ static int cryptodev_dh_keygen(DH *dh)
- kop.crk_op = CRK_DH_GENERATE_KEY;
- if (bn2crparam(dh->p, &kop.crk_param[0]))
- goto sw_try;
-- if (bn2crparam(dh->q, &kop.crk_param[1]))
-+ if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1]))
- goto sw_try;
- kop.crk_param[2].crp_p = g;
- kop.crk_param[2].crp_nbits = g_len * 8;
---
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
new file mode 100644
index 0000000..5a8c2d2
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
@@ -0,0 +1,321 @@
+From 317e3d9870097e6b115dd8c9a13ccb5e5ca76f2e Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at freescale.com>
+Date: Mon, 16 Jun 2014 14:06:21 +0300
+Subject: [PATCH 14/48] cryptodev: add support for aes-gcm algorithm offloading
+
+Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
+---
+ apps/speed.c | 6 +-
+ crypto/engine/eng_cryptodev.c | 236 +++++++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 240 insertions(+), 2 deletions(-)
+
+diff --git a/apps/speed.c b/apps/speed.c
+index 95adcc1..e5e609b 100644
+--- a/apps/speed.c
++++ b/apps/speed.c
+@@ -226,7 +226,11 @@
+ # endif
+
+ # undef BUFSIZE
+-# define BUFSIZE ((long)1024*8+1)
++/* The buffer overhead allows GCM tag at the end of the encrypted data. This
++ avoids buffer overflows from cryptodev since Linux kernel GCM
++ implementation allways adds the tag - unlike e_aes.c:aes_gcm_cipher()
++ which doesn't */
++#define BUFSIZE ((long)1024*8 + EVP_GCM_TLS_TAG_LEN)
+ static volatile int run = 0;
+
+ static int mr = 0;
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 4929ae6..d2cdca0 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -2,6 +2,7 @@
+ * Copyright (c) 2002 Bob Beck <beck at openbsd.org>
+ * Copyright (c) 2002 Theo de Raadt
+ * Copyright (c) 2002 Markus Friedl
++ * Copyright (c) 2013-2014 Freescale Semiconductor, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+@@ -77,8 +78,10 @@ struct dev_crypto_state {
+ struct session_op d_sess;
+ int d_fd;
+ unsigned char *aad;
+- unsigned int aad_len;
++ int aad_len;
+ unsigned int len;
++ unsigned char *iv;
++ int ivlen;
+ # ifdef USE_CRYPTODEV_DIGESTS
+ char dummy_mac_key[HASH_MAX_LEN];
+ unsigned char digest_res[HASH_MAX_LEN];
+@@ -287,6 +290,9 @@ static struct {
+ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20
+ },
+ {
++ CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0
++ },
++ {
+ 0, NID_undef, 0, 0, 0
+ },
+ };
+@@ -325,6 +331,22 @@ static struct {
+ };
+ # endif
+
++/* increment counter (64-bit int) by 1 */
++static void ctr64_inc(unsigned char *counter)
++{
++ int n = 8;
++ unsigned char c;
++
++ do {
++ --n;
++ c = counter[n];
++ ++c;
++ counter[n] = c;
++ if (c)
++ return;
++ } while (n);
++}
++
+ /*
+ * Return a fd if /dev/crypto seems usable, 0 otherwise.
+ */
+@@ -807,6 +829,199 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
+ }
+ }
+
++static int cryptodev_init_gcm_key(EVP_CIPHER_CTX *ctx,
++ const unsigned char *key,
++ const unsigned char *iv, int enc)
++{
++ struct dev_crypto_state *state = ctx->cipher_data;
++ struct session_op *sess = &state->d_sess;
++ int cipher = -1, i;
++ if (!iv && !key)
++ return 1;
++
++ if (iv)
++ memcpy(ctx->iv, iv, ctx->cipher->iv_len);
++
++ for (i = 0; ciphers[i].id; i++)
++ if (ctx->cipher->nid == ciphers[i].nid &&
++ ctx->cipher->iv_len <= ciphers[i].ivmax &&
++ ctx->key_len == ciphers[i].keylen) {
++ cipher = ciphers[i].id;
++ break;
++ }
++
++ if (!ciphers[i].id) {
++ state->d_fd = -1;
++ return 0;
++ }
++
++ memset(sess, 0, sizeof(struct session_op));
++
++ if ((state->d_fd = get_dev_crypto()) < 0)
++ return 0;
++
++ sess->key = (unsigned char *)key;
++ sess->keylen = ctx->key_len;
++ sess->cipher = cipher;
++
++ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
++ put_dev_crypto(state->d_fd);
++ state->d_fd = -1;
++ return 0;
++ }
++ return 1;
++}
++
++static int cryptodev_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++ const unsigned char *in, size_t len)
++{
++ struct crypt_auth_op cryp = { 0 };
++ struct dev_crypto_state *state = ctx->cipher_data;
++ struct session_op *sess = &state->d_sess;
++ int rv = len;
++
++ if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ?
++ EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
++ EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
++ return 0;
++
++ in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
++ out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
++ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
++
++ if (ctx->encrypt) {
++ len -= EVP_GCM_TLS_TAG_LEN;
++ }
++ cryp.ses = sess->ses;
++ cryp.len = len;
++ cryp.src = (unsigned char *)in;
++ cryp.dst = out;
++ cryp.auth_src = state->aad;
++ cryp.auth_len = state->aad_len;
++ cryp.iv = ctx->iv;
++ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
++
++ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
++ return 0;
++ }
++
++ if (ctx->encrypt)
++ ctr64_inc(state->iv + state->ivlen - 8);
++ else
++ rv = len - EVP_GCM_TLS_TAG_LEN;
++
++ return rv;
++}
++
++static int cryptodev_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++ const unsigned char *in, size_t len)
++{
++ struct crypt_auth_op cryp;
++ struct dev_crypto_state *state = ctx->cipher_data;
++ struct session_op *sess = &state->d_sess;
++
++ if (state->d_fd < 0)
++ return 0;
++
++ if ((len % ctx->cipher->block_size) != 0)
++ return 0;
++
++ if (state->aad_len >= 0)
++ return cryptodev_gcm_tls_cipher(ctx, out, in, len);
++
++ memset(&cryp, 0, sizeof(cryp));
++
++ cryp.ses = sess->ses;
++ cryp.len = len;
++ cryp.src = (unsigned char *)in;
++ cryp.dst = out;
++ cryp.auth_src = NULL;
++ cryp.auth_len = 0;
++ cryp.iv = ctx->iv;
++ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
++
++ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
++ return 0;
++ }
++
++ return len;
++}
++
++static int cryptodev_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
++ void *ptr)
++{
++ struct dev_crypto_state *state = ctx->cipher_data;
++ switch (type) {
++ case EVP_CTRL_INIT:
++ {
++ state->ivlen = ctx->cipher->iv_len;
++ state->iv = ctx->iv;
++ state->aad_len = -1;
++ return 1;
++ }
++ case EVP_CTRL_GCM_SET_IV_FIXED:
++ {
++ /* Special case: -1 length restores whole IV */
++ if (arg == -1) {
++ memcpy(state->iv, ptr, state->ivlen);
++ return 1;
++ }
++ /*
++ * Fixed field must be at least 4 bytes and invocation field at
++ * least 8.
++ */
++ if ((arg < 4) || (state->ivlen - arg) < 8)
++ return 0;
++ if (arg)
++ memcpy(state->iv, ptr, arg);
++ if (ctx->encrypt &&
++ RAND_bytes(state->iv + arg, state->ivlen - arg) <= 0)
++ return 0;
++ return 1;
++ }
++ case EVP_CTRL_AEAD_TLS1_AAD:
++ {
++ unsigned int len;
++ if (arg != 13)
++ return 0;
++
++ memcpy(ctx->buf, ptr, arg);
++ len = ctx->buf[arg - 2] << 8 | ctx->buf[arg - 1];
++
++ /* Correct length for explicit IV */
++ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
++
++ /* If decrypting correct for tag too */
++ if (!ctx->encrypt)
++ len -= EVP_GCM_TLS_TAG_LEN;
++
++ ctx->buf[arg - 2] = len >> 8;
++ ctx->buf[arg - 1] = len & 0xff;
++
++ state->aad = ctx->buf;
++ state->aad_len = arg;
++ state->len = len;
++
++ /* Extra padding: tag appended to record */
++ return EVP_GCM_TLS_TAG_LEN;
++ }
++ case EVP_CTRL_GCM_SET_IV_INV:
++ {
++ if (ctx->encrypt)
++ return 0;
++ memcpy(state->iv + state->ivlen - arg, ptr, arg);
++ return 1;
++ }
++ case EVP_CTRL_GCM_IV_GEN:
++ if (arg <= 0 || arg > state->ivlen)
++ arg = state->ivlen;
++ memcpy(ptr, state->iv + state->ivlen - arg, arg);
++ return 1;
++ default:
++ return -1;
++ }
++}
++
+ /*
+ * libcrypto EVP stuff - this is how we get wired to EVP so the engine
+ * gets called when libcrypto requests a cipher NID.
+@@ -947,6 +1162,22 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
+ NULL
+ };
+
++const EVP_CIPHER cryptodev_aes_128_gcm = {
++ NID_aes_128_gcm,
++ 1, 16, 12,
++ EVP_CIPH_GCM_MODE | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1
++ | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER
++ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT,
++ cryptodev_init_gcm_key,
++ cryptodev_gcm_cipher,
++ cryptodev_cleanup,
++ sizeof(struct dev_crypto_state),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ cryptodev_gcm_ctrl,
++ NULL
++};
++
+ # ifdef CRYPTO_AES_CTR
+ const EVP_CIPHER cryptodev_aes_ctr = {
+ NID_aes_128_ctr,
+@@ -1041,6 +1272,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+ case NID_aes_256_cbc_hmac_sha1:
+ *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
+ break;
++ case NID_aes_128_gcm:
++ *cipher = &cryptodev_aes_128_gcm;
++ break;
+ default:
+ *cipher = NULL;
+ break;
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-SW-Backoff-mechanism-for-dsa-keygen.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-SW-Backoff-mechanism-for-dsa-keygen.patch
deleted file mode 100644
index 59330a1..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-SW-Backoff-mechanism-for-dsa-keygen.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 10be401a33e6ebcc325d6747914c70595cd53d0a Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Thu, 24 Apr 2014 00:35:34 +0545
-Subject: [PATCH 15/26] SW Backoff mechanism for dsa keygen
-
-Upstream-status: Pending
-
-DSA Keygen is not handled in default openssl dsa method. Due to
-same null function pointer in SW DSA method, the backoff for dsa
-keygen gives segmentation fault.
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 12 ++++++++----
- 1 file changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 6d69336..dab8fea 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2069,8 +2069,10 @@ static int cryptodev_dsa_keygen(DSA *dsa)
- return ret;
- sw_try:
- {
-- const DSA_METHOD *meth = DSA_OpenSSL();
-- ret = (meth->dsa_keygen)(dsa);
-+ const DSA_METHOD *meth = dsa->meth;
-+ dsa->meth = DSA_OpenSSL();
-+ ret = DSA_generate_key(dsa);
-+ dsa->meth = meth;
- }
- return ret;
- }
-@@ -2124,11 +2126,13 @@ static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie)
- return ret;
- sw_try:
- {
-- const DSA_METHOD *meth = DSA_OpenSSL();
-+ const DSA_METHOD *meth = dsa->meth;
-
-+ dsa->meth = DSA_OpenSSL();
- if (kop)
- free(kop);
-- ret = (meth->dsa_keygen)(dsa);
-+ ret = DSA_generate_key(dsa);
-+ dsa->meth = meth;
- cookie->pkc_callback(cookie, 0);
- }
- return ret;
---
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
new file mode 100644
index 0000000..623c58b
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
@@ -0,0 +1,199 @@
+From 7dd6b35c35b027be8ef0ef2e29a949bc4ce96bbd Mon Sep 17 00:00:00 2001
+From: Tudor Ambarus <tudor.ambarus at freescale.com>
+Date: Fri, 9 May 2014 17:54:06 +0300
+Subject: [PATCH 15/48] eng_cryptodev: extend TLS offload with
+ 3des_cbc_hmac_sha1
+
+Both obj_mac.h and obj_dat.h were generated using the scripts
+from crypto/objects:
+
+$ cd crypto/objects
+$ perl objects.pl objects.txt obj_mac.num obj_mac.h
+$ perl obj_dat.pl obj_mac.h obj_dat.h
+
+Signed-off-by: Tudor Ambarus <tudor.ambarus at freescale.com>
+Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 26 ++++++++++++++++++++++++++
+ crypto/objects/obj_dat.h | 10 +++++++---
+ crypto/objects/obj_mac.h | 4 ++++
+ crypto/objects/obj_mac.num | 1 +
+ crypto/objects/objects.txt | 1 +
+ ssl/ssl_ciph.c | 4 ++++
+ 6 files changed, 43 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index d2cdca0..8f73a18 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -132,6 +132,7 @@ static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
+ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
+ void (*f) (void));
+ void ENGINE_load_cryptodev(void);
++const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
+
+@@ -284,6 +285,9 @@ static struct {
+ CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0
+ },
+ {
++ CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20
++ },
++ {
+ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20
+ },
+ {
+@@ -519,6 +523,9 @@ static int cryptodev_usable_ciphers(const int **nids)
+ case NID_aes_256_cbc_hmac_sha1:
+ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
+ break;
++ case NID_des_ede3_cbc_hmac_sha1:
++ EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
++ break;
+ }
+ }
+ return count;
+@@ -623,6 +630,7 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ switch (ctx->cipher->nid) {
+ case NID_aes_128_cbc_hmac_sha1:
+ case NID_aes_256_cbc_hmac_sha1:
++ case NID_des_ede3_cbc_hmac_sha1:
+ cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
+ }
+ cryp.ses = sess->ses;
+@@ -813,6 +821,7 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
+ switch (ctx->cipher->nid) {
+ case NID_aes_128_cbc_hmac_sha1:
+ case NID_aes_256_cbc_hmac_sha1:
++ case NID_des_ede3_cbc_hmac_sha1:
+ maclen = SHA_DIGEST_LENGTH;
+ }
+
+@@ -1134,6 +1143,20 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
+ NULL
+ };
+
++const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1 = {
++ NID_des_ede3_cbc_hmac_sha1,
++ 8, 24, 8,
++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++ cryptodev_init_aead_key,
++ cryptodev_aead_cipher,
++ cryptodev_cleanup,
++ sizeof(struct dev_crypto_state),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ cryptodev_cbc_hmac_sha1_ctrl,
++ NULL
++};
++
+ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
+ NID_aes_128_cbc_hmac_sha1,
+ 16, 16, 16,
+@@ -1255,6 +1278,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+ case NID_aes_256_cbc:
+ *cipher = &cryptodev_aes_256_cbc;
+ break;
++ case NID_des_ede3_cbc_hmac_sha1:
++ *cipher = &cryptodev_3des_cbc_hmac_sha1;
++ break;
+ # ifdef CRYPTO_AES_CTR
+ case NID_aes_128_ctr:
+ *cipher = &cryptodev_aes_ctr;
+diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
+index b7e3cf2..35d1abc 100644
+--- a/crypto/objects/obj_dat.h
++++ b/crypto/objects/obj_dat.h
+@@ -62,9 +62,9 @@
+ * [including the GNU Public Licence.]
+ */
+
+-#define NUM_NID 958
+-#define NUM_SN 951
+-#define NUM_LN 951
++#define NUM_NID 959
++#define NUM_SN 952
++#define NUM_LN 952
+ #define NUM_OBJ 890
+
+ static const unsigned char lvalues[6255]={
+@@ -2514,6 +2514,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
+ NID_jurisdictionStateOrProvinceName,11,&(lvalues[6232]),0},
+ {"jurisdictionC","jurisdictionCountryName",
+ NID_jurisdictionCountryName,11,&(lvalues[6243]),0},
++{"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
++ NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
+ };
+
+ static const unsigned int sn_objs[NUM_SN]={
+@@ -2592,6 +2594,7 @@ static const unsigned int sn_objs[NUM_SN]={
+ 62, /* "DES-EDE-OFB" */
+ 33, /* "DES-EDE3" */
+ 44, /* "DES-EDE3-CBC" */
++958, /* "DES-EDE3-CBC-HMAC-SHA1" */
+ 61, /* "DES-EDE3-CFB" */
+ 658, /* "DES-EDE3-CFB1" */
+ 659, /* "DES-EDE3-CFB8" */
+@@ -3760,6 +3763,7 @@ static const unsigned int ln_objs[NUM_LN]={
+ 62, /* "des-ede-ofb" */
+ 33, /* "des-ede3" */
+ 44, /* "des-ede3-cbc" */
++958, /* "des-ede3-cbc-hmac-sha1" */
+ 61, /* "des-ede3-cfb" */
+ 658, /* "des-ede3-cfb1" */
+ 659, /* "des-ede3-cfb8" */
+diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
+index 779c309..cb318bc 100644
+--- a/crypto/objects/obj_mac.h
++++ b/crypto/objects/obj_mac.h
+@@ -4047,6 +4047,10 @@
+ #define LN_aes_256_cbc_hmac_sha256 "aes-256-cbc-hmac-sha256"
+ #define NID_aes_256_cbc_hmac_sha256 950
+
++#define SN_des_ede3_cbc_hmac_sha1 "DES-EDE3-CBC-HMAC-SHA1"
++#define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1"
++#define NID_des_ede3_cbc_hmac_sha1 958
++
+ #define SN_dhpublicnumber "dhpublicnumber"
+ #define LN_dhpublicnumber "X9.42 DH"
+ #define NID_dhpublicnumber 920
+diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
+index 8e5ea83..02d1bb8 100644
+--- a/crypto/objects/obj_mac.num
++++ b/crypto/objects/obj_mac.num
+@@ -955,3 +955,4 @@ ct_cert_scts 954
+ jurisdictionLocalityName 955
+ jurisdictionStateOrProvinceName 956
+ jurisdictionCountryName 957
++des_ede3_cbc_hmac_sha1 958
+diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
+index b57aabb..4e1ff18 100644
+--- a/crypto/objects/objects.txt
++++ b/crypto/objects/objects.txt
+@@ -1294,6 +1294,7 @@ kisa 1 6 : SEED-OFB : seed-ofb
+ : AES-128-CBC-HMAC-SHA256 : aes-128-cbc-hmac-sha256
+ : AES-192-CBC-HMAC-SHA256 : aes-192-cbc-hmac-sha256
+ : AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256
++ : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1
+
+ ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
+
+diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
+index 302464e..a379273 100644
+--- a/ssl/ssl_ciph.c
++++ b/ssl/ssl_ciph.c
+@@ -668,6 +668,10 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+ c->algorithm_mac == SSL_SHA256 &&
+ (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
+ *enc = evp, *md = NULL;
++ else if (c->algorithm_enc == SSL_3DES &&
++ c->algorithm_mac == SSL_SHA1 &&
++ (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
++ *enc = evp, *md = NULL;
+ return (1);
+ } else
+ return (0);
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-Fixed-DH-keygen-pair-generator.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-Fixed-DH-keygen-pair-generator.patch
deleted file mode 100644
index 8923cb6..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-Fixed-DH-keygen-pair-generator.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From d2c868c6370bcc0d0a254e641907da2cdf992d62 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Thu, 1 May 2014 06:35:45 +0545
-Subject: [PATCH 16/26] Fixed DH keygen pair generator
-
-Upstream-status: Pending
-
-Wrong Padding results into keygen length error
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 50 ++++++++++++++++++++++++++++---------------
- 1 file changed, 33 insertions(+), 17 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index dab8fea..13d924f 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -3396,44 +3396,60 @@ sw_try:
- static int cryptodev_dh_keygen(DH *dh)
- {
- struct crypt_kop kop;
-- int ret = 1, g_len;
-- unsigned char *g = NULL;
-+ int ret = 1, q_len = 0;
-+ unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL;
-+ BIGNUM *pub_key = NULL, *priv_key = NULL;
-+ int generate_new_key = 1;
-
-- if (dh->priv_key == NULL) {
-- if ((dh->priv_key=BN_new()) == NULL)
-- goto sw_try;
-- }
-+ if (dh->priv_key)
-+ priv_key = dh->priv_key;
-
-- if (dh->pub_key == NULL) {
-- if ((dh->pub_key=BN_new()) == NULL)
-- goto sw_try;
-- }
-+ if (dh->pub_key)
-+ pub_key = dh->pub_key;
-
-- g_len = BN_num_bytes(dh->p);
-+ q_len = BN_num_bytes(dh->p);
- /**
- * Get generator into a plain buffer. If length is less than
- * q_len then add leading padding bytes.
- */
-- if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
-+ if (spcf_bn2bin_ex(dh->g, &g, &q_len)) {
-+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto sw_try;
-+ }
-+
-+ if (spcf_bn2bin_ex(dh->p, &q, &q_len)) {
- DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
- goto sw_try;
- }
-
- memset(&kop, 0, sizeof kop);
- kop.crk_op = CRK_DH_GENERATE_KEY;
-- if (bn2crparam(dh->p, &kop.crk_param[0]))
-- goto sw_try;
-+ kop.crk_param[0].crp_p = q;
-+ kop.crk_param[0].crp_nbits = q_len * 8;
- if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1]))
- goto sw_try;
- kop.crk_param[2].crp_p = g;
-- kop.crk_param[2].crp_nbits = g_len * 8;
-+ kop.crk_param[2].crp_nbits = q_len * 8;
- kop.crk_iparams = 3;
-
-+ s = OPENSSL_malloc (q_len);
-+ if (!s) {
-+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto sw_try;
-+ }
-+
-+ w = OPENSSL_malloc (q_len);
-+ if (!w) {
-+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto sw_try;
-+ }
-+
- /* pub_key is or prime length while priv key is of length of order */
-- if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
-- BN_num_bytes(dh->q), dh->priv_key))
-+ if (cryptodev_asym(&kop, q_len, w, q_len, s))
- goto sw_try;
-
-+ dh->pub_key = BN_bin2bn(w, q_len, pub_key);
-+ dh->pub_key = BN_bin2bn(s, q_len, priv_key);
- return ret;
- sw_try:
- {
---
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
new file mode 100644
index 0000000..c586621
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
@@ -0,0 +1,338 @@
+From 3f34089ab0a3b31ec6b31a6cbf308ca20c6ef597 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Fri, 22 Jan 2016 11:58:34 +0200
+Subject: [PATCH 16/48] eng_cryptodev: add support for TLSv1.1 record offload
+
+Supported cipher suites:
+- 3des-ede-cbc-sha
+- aes-128-cbc-hmac-sha
+- aes-256-cbc-hmac-sha
+
+Requires TLS patches on cryptodev and TLS algorithm support in Linux
+kernel driver.
+
+Signed-off-by: Tudor Ambarus <tudor.ambarus at freescale.com>
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 96 ++++++++++++++++++++++++++++++++++++++++++-
+ crypto/objects/obj_dat.h | 18 ++++++--
+ crypto/objects/obj_mac.h | 12 ++++++
+ crypto/objects/obj_mac.num | 3 ++
+ crypto/objects/objects.txt | 3 ++
+ ssl/ssl_ciph.c | 28 ++++++++++---
+ 6 files changed, 151 insertions(+), 9 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 8f73a18..e37a661 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -66,6 +66,7 @@ void ENGINE_load_cryptodev(void)
+ # include <sys/ioctl.h>
+ # include <errno.h>
+ # include <stdio.h>
++# include <stdbool.h>
+ # include <unistd.h>
+ # include <fcntl.h>
+ # include <stdarg.h>
+@@ -135,6 +136,9 @@ void ENGINE_load_cryptodev(void);
+ const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
++const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
++const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
++const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
+
+ inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
+ {
+@@ -294,6 +298,18 @@ static struct {
+ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20
+ },
+ {
++ CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8,
++ 24, 20
++ },
++ {
++ CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16,
++ 20
++ },
++ {
++ CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32,
++ 20
++ },
++ {
+ CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0
+ },
+ {
+@@ -526,6 +542,15 @@ static int cryptodev_usable_ciphers(const int **nids)
+ case NID_des_ede3_cbc_hmac_sha1:
+ EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
+ break;
++ case NID_tls11_des_ede3_cbc_hmac_sha1:
++ EVP_add_cipher(&cryptodev_tls11_3des_cbc_hmac_sha1);
++ break;
++ case NID_tls11_aes_128_cbc_hmac_sha1:
++ EVP_add_cipher(&cryptodev_tls11_aes_128_cbc_hmac_sha1);
++ break;
++ case NID_tls11_aes_256_cbc_hmac_sha1:
++ EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
++ break;
+ }
+ }
+ return count;
+@@ -631,6 +656,9 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ case NID_aes_128_cbc_hmac_sha1:
+ case NID_aes_256_cbc_hmac_sha1:
+ case NID_des_ede3_cbc_hmac_sha1:
++ case NID_tls11_des_ede3_cbc_hmac_sha1:
++ case NID_tls11_aes_128_cbc_hmac_sha1:
++ case NID_tls11_aes_256_cbc_hmac_sha1:
+ cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
+ }
+ cryp.ses = sess->ses;
+@@ -810,8 +838,9 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
+ struct dev_crypto_state *state = ctx->cipher_data;
+ unsigned char *p = ptr;
+ unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
+- unsigned int maclen, padlen;
++ unsigned int maclen, padlen, len;
+ unsigned int bs = ctx->cipher->block_size;
++ bool aad_needs_fix = false;
+
+ state->aad = ptr;
+ state->aad_len = arg;
+@@ -823,6 +852,20 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
+ case NID_aes_256_cbc_hmac_sha1:
+ case NID_des_ede3_cbc_hmac_sha1:
+ maclen = SHA_DIGEST_LENGTH;
++ break;
++ case NID_tls11_des_ede3_cbc_hmac_sha1:
++ case NID_tls11_aes_128_cbc_hmac_sha1:
++ case NID_tls11_aes_256_cbc_hmac_sha1:
++ maclen = SHA_DIGEST_LENGTH;
++ aad_needs_fix = true;
++ break;
++ }
++
++ /* Correct length for AAD Length field */
++ if (ctx->encrypt && aad_needs_fix) {
++ len = cryptlen - bs;
++ p[arg - 2] = len >> 8;
++ p[arg - 1] = len & 0xff;
+ }
+
+ /* space required for encryption (not only TLS padding) */
+@@ -1185,6 +1228,48 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
+ NULL
+ };
+
++const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1 = {
++ NID_tls11_des_ede3_cbc_hmac_sha1,
++ 8, 24, 8,
++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++ cryptodev_init_aead_key,
++ cryptodev_aead_cipher,
++ cryptodev_cleanup,
++ sizeof(struct dev_crypto_state),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ cryptodev_cbc_hmac_sha1_ctrl,
++ NULL
++};
++
++const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1 = {
++ NID_tls11_aes_128_cbc_hmac_sha1,
++ 16, 16, 16,
++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++ cryptodev_init_aead_key,
++ cryptodev_aead_cipher,
++ cryptodev_cleanup,
++ sizeof(struct dev_crypto_state),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ cryptodev_cbc_hmac_sha1_ctrl,
++ NULL
++};
++
++const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
++ NID_tls11_aes_256_cbc_hmac_sha1,
++ 16, 32, 16,
++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++ cryptodev_init_aead_key,
++ cryptodev_aead_cipher,
++ cryptodev_cleanup,
++ sizeof(struct dev_crypto_state),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ cryptodev_cbc_hmac_sha1_ctrl,
++ NULL
++};
++
+ const EVP_CIPHER cryptodev_aes_128_gcm = {
+ NID_aes_128_gcm,
+ 1, 16, 12,
+@@ -1298,6 +1383,15 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+ case NID_aes_256_cbc_hmac_sha1:
+ *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
+ break;
++ case NID_tls11_des_ede3_cbc_hmac_sha1:
++ *cipher = &cryptodev_tls11_3des_cbc_hmac_sha1;
++ break;
++ case NID_tls11_aes_128_cbc_hmac_sha1:
++ *cipher = &cryptodev_tls11_aes_128_cbc_hmac_sha1;
++ break;
++ case NID_tls11_aes_256_cbc_hmac_sha1:
++ *cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1;
++ break;
+ case NID_aes_128_gcm:
+ *cipher = &cryptodev_aes_128_gcm;
+ break;
+diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
+index 35d1abc..4dd32a1 100644
+--- a/crypto/objects/obj_dat.h
++++ b/crypto/objects/obj_dat.h
+@@ -62,9 +62,9 @@
+ * [including the GNU Public Licence.]
+ */
+
+-#define NUM_NID 959
+-#define NUM_SN 952
+-#define NUM_LN 952
++#define NUM_NID 962
++#define NUM_SN 955
++#define NUM_LN 955
+ #define NUM_OBJ 890
+
+ static const unsigned char lvalues[6255]={
+@@ -2516,6 +2516,12 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
+ NID_jurisdictionCountryName,11,&(lvalues[6243]),0},
+ {"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
+ NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
++{"TLS11-DES-EDE3-CBC-HMAC-SHA1","tls11-des-ede3-cbc-hmac-sha1",
++ NID_tls11_des_ede3_cbc_hmac_sha1,0,NULL,0},
++{"TLS11-AES-128-CBC-HMAC-SHA1","tls11-aes-128-cbc-hmac-sha1",
++ NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
++{"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
++ NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
+ };
+
+ static const unsigned int sn_objs[NUM_SN]={
+@@ -2705,6 +2711,9 @@ static const unsigned int sn_objs[NUM_SN]={
+ 100, /* "SN" */
+ 16, /* "ST" */
+ 143, /* "SXNetID" */
++960, /* "TLS11-AES-128-CBC-HMAC-SHA1" */
++961, /* "TLS11-AES-256-CBC-HMAC-SHA1" */
++959, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
+ 458, /* "UID" */
+ 0, /* "UNDEF" */
+ 11, /* "X500" */
+@@ -4396,6 +4405,9 @@ static const unsigned int ln_objs[NUM_LN]={
+ 459, /* "textEncodedORAddress" */
+ 293, /* "textNotice" */
+ 106, /* "title" */
++960, /* "tls11-aes-128-cbc-hmac-sha1" */
++961, /* "tls11-aes-256-cbc-hmac-sha1" */
++959, /* "tls11-des-ede3-cbc-hmac-sha1" */
+ 682, /* "tpBasis" */
+ 436, /* "ucl" */
+ 0, /* "undefined" */
+diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
+index cb318bc..5930563 100644
+--- a/crypto/objects/obj_mac.h
++++ b/crypto/objects/obj_mac.h
+@@ -4051,6 +4051,18 @@
+ #define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1"
+ #define NID_des_ede3_cbc_hmac_sha1 958
+
++#define SN_tls11_des_ede3_cbc_hmac_sha1 "TLS11-DES-EDE3-CBC-HMAC-SHA1"
++#define LN_tls11_des_ede3_cbc_hmac_sha1 "tls11-des-ede3-cbc-hmac-sha1"
++#define NID_tls11_des_ede3_cbc_hmac_sha1 959
++
++#define SN_tls11_aes_128_cbc_hmac_sha1 "TLS11-AES-128-CBC-HMAC-SHA1"
++#define LN_tls11_aes_128_cbc_hmac_sha1 "tls11-aes-128-cbc-hmac-sha1"
++#define NID_tls11_aes_128_cbc_hmac_sha1 960
++
++#define SN_tls11_aes_256_cbc_hmac_sha1 "TLS11-AES-256-CBC-HMAC-SHA1"
++#define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1"
++#define NID_tls11_aes_256_cbc_hmac_sha1 961
++
+ #define SN_dhpublicnumber "dhpublicnumber"
+ #define LN_dhpublicnumber "X9.42 DH"
+ #define NID_dhpublicnumber 920
+diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
+index 02d1bb8..02f1728 100644
+--- a/crypto/objects/obj_mac.num
++++ b/crypto/objects/obj_mac.num
+@@ -956,3 +956,6 @@ jurisdictionLocalityName 955
+ jurisdictionStateOrProvinceName 956
+ jurisdictionCountryName 957
+ des_ede3_cbc_hmac_sha1 958
++tls11_des_ede3_cbc_hmac_sha1 959
++tls11_aes_128_cbc_hmac_sha1 960
++tls11_aes_256_cbc_hmac_sha1 961
+diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
+index 4e1ff18..cda81da 100644
+--- a/crypto/objects/objects.txt
++++ b/crypto/objects/objects.txt
+@@ -1295,6 +1295,9 @@ kisa 1 6 : SEED-OFB : seed-ofb
+ : AES-192-CBC-HMAC-SHA256 : aes-192-cbc-hmac-sha256
+ : AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256
+ : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1
++ : TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1
++ : TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1
++ : TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1
+
+ ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
+
+diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
+index a379273..e3d73ac 100644
+--- a/ssl/ssl_ciph.c
++++ b/ssl/ssl_ciph.c
+@@ -652,11 +652,13 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+ c->algorithm_mac == SSL_MD5 &&
+ (evp = EVP_get_cipherbyname("RC4-HMAC-MD5")))
+ *enc = evp, *md = NULL;
+- else if (c->algorithm_enc == SSL_AES128 &&
++ else if (s->ssl_version == TLS1_VERSION &&
++ c->algorithm_enc == SSL_AES128 &&
+ c->algorithm_mac == SSL_SHA1 &&
+ (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
+ *enc = evp, *md = NULL;
+- else if (c->algorithm_enc == SSL_AES256 &&
++ else if (s->ssl_version == TLS1_VERSION &&
++ c->algorithm_enc == SSL_AES256 &&
+ c->algorithm_mac == SSL_SHA1 &&
+ (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
+ *enc = evp, *md = NULL;
+@@ -668,9 +670,25 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+ c->algorithm_mac == SSL_SHA256 &&
+ (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
+ *enc = evp, *md = NULL;
+- else if (c->algorithm_enc == SSL_3DES &&
+- c->algorithm_mac == SSL_SHA1 &&
+- (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
++ else if (s->ssl_version == TLS1_VERSION &&
++ c->algorithm_enc == SSL_3DES &&
++ c->algorithm_mac == SSL_SHA1 &&
++ (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
++ *enc = evp, *md = NULL;
++ else if (s->ssl_version == TLS1_1_VERSION &&
++ c->algorithm_enc == SSL_3DES &&
++ c->algorithm_mac == SSL_SHA1 &&
++ (evp = EVP_get_cipherbyname("TLS11-DES-EDE3-CBC-HMAC-SHA1")))
++ *enc = evp, *md = NULL;
++ else if (s->ssl_version == TLS1_1_VERSION &&
++ c->algorithm_enc == SSL_AES128 &&
++ c->algorithm_mac == SSL_SHA1 &&
++ (evp = EVP_get_cipherbyname("TLS11-AES-128-CBC-HMAC-SHA1")))
++ *enc = evp, *md = NULL;
++ else if (s->ssl_version == TLS1_1_VERSION &&
++ c->algorithm_enc == SSL_AES256 &&
++ c->algorithm_mac == SSL_SHA1 &&
++ (evp = EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
+ *enc = evp, *md = NULL;
+ return (1);
+ } else
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
deleted file mode 100644
index bd9e61a..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
+++ /dev/null
@@ -1,309 +0,0 @@
-From 11b55103463bac614e00d74e9f196ec4ec6bade1 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at freescale.com>
-Date: Mon, 16 Jun 2014 14:06:21 +0300
-Subject: [PATCH 17/26] cryptodev: add support for aes-gcm algorithm offloading
-
-Change-Id: I3b77dc5ef8b8f707309549244a02852d95b36168
-Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/17226
----
- apps/speed.c | 6 +-
- crypto/engine/eng_cryptodev.c | 229 +++++++++++++++++++++++++++++++++++++++++-
- 2 files changed, 233 insertions(+), 2 deletions(-)
-
-diff --git a/apps/speed.c b/apps/speed.c
-index 9886ca3..099dede 100644
---- a/apps/speed.c
-+++ b/apps/speed.c
-@@ -224,7 +224,11 @@
- #endif
-
- #undef BUFSIZE
--#define BUFSIZE ((long)1024*8+1)
-+/* The buffer overhead allows GCM tag at the end of the encrypted data. This
-+ avoids buffer overflows from cryptodev since Linux kernel GCM
-+ implementation allways adds the tag - unlike e_aes.c:aes_gcm_cipher()
-+ which doesn't */
-+#define BUFSIZE ((long)1024*8 + EVP_GCM_TLS_TAG_LEN)
- int run=0;
-
- static int mr=0;
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 13d924f..4493490 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -78,8 +78,10 @@ struct dev_crypto_state {
- struct session_op d_sess;
- int d_fd;
- unsigned char *aad;
-- unsigned int aad_len;
-+ int aad_len;
- unsigned int len;
-+ unsigned char *iv;
-+ int ivlen;
-
- #ifdef USE_CRYPTODEV_DIGESTS
- char dummy_mac_key[HASH_MAX_LEN];
-@@ -251,6 +253,7 @@ static struct {
- { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0},
- { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
- { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
-+ { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0},
- { 0, NID_undef, 0, 0, 0},
- };
-
-@@ -271,6 +274,19 @@ static struct {
- };
- #endif
-
-+/* increment counter (64-bit int) by 1 */
-+static void ctr64_inc(unsigned char *counter) {
-+ int n=8;
-+ unsigned char c;
-+
-+ do {
-+ --n;
-+ c = counter[n];
-+ ++c;
-+ counter[n] = c;
-+ if (c) return;
-+ } while (n);
-+}
- /*
- * Return a fd if /dev/crypto seems usable, 0 otherwise.
- */
-@@ -762,6 +778,197 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
- }
- }
-
-+static int cryptodev_init_gcm_key(EVP_CIPHER_CTX *ctx,
-+ const unsigned char *key, const unsigned char *iv, int enc)
-+{
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ struct session_op *sess = &state->d_sess;
-+ int cipher = -1, i;
-+ if (!iv && !key)
-+ return 1;
-+
-+ if (iv)
-+ memcpy(ctx->iv, iv, ctx->cipher->iv_len);
-+
-+ for (i = 0; ciphers[i].id; i++)
-+ if (ctx->cipher->nid == ciphers[i].nid &&
-+ ctx->cipher->iv_len <= ciphers[i].ivmax &&
-+ ctx->key_len == ciphers[i].keylen) {
-+ cipher = ciphers[i].id;
-+ break;
-+ }
-+
-+ if (!ciphers[i].id) {
-+ state->d_fd = -1;
-+ return 0;
-+ }
-+
-+ memset(sess, 0, sizeof(struct session_op));
-+
-+ if ((state->d_fd = get_dev_crypto()) < 0)
-+ return 0;
-+
-+ sess->key = (unsigned char *) key;
-+ sess->keylen = ctx->key_len;
-+ sess->cipher = cipher;
-+
-+ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
-+ put_dev_crypto(state->d_fd);
-+ state->d_fd = -1;
-+ return 0;
-+ }
-+ return 1;
-+}
-+
-+static int cryptodev_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t len)
-+{
-+ struct crypt_auth_op cryp = {0};
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ struct session_op *sess = &state->d_sess;
-+ int rv = len;
-+
-+ if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ?
-+ EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
-+ EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
-+ return 0;
-+
-+ in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-+ out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-+ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
-+
-+ if (ctx->encrypt) {
-+ len -= EVP_GCM_TLS_TAG_LEN;
-+ }
-+ cryp.ses = sess->ses;
-+ cryp.len = len;
-+ cryp.src = (unsigned char*) in;
-+ cryp.dst = out;
-+ cryp.auth_src = state->aad;
-+ cryp.auth_len = state->aad_len;
-+ cryp.iv = ctx->iv;
-+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-+
-+ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
-+ return 0;
-+ }
-+
-+ if (ctx->encrypt)
-+ ctr64_inc(state->iv + state->ivlen - 8);
-+ else
-+ rv = len - EVP_GCM_TLS_TAG_LEN;
-+
-+ return rv;
-+}
-+
-+static int cryptodev_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t len)
-+{
-+ struct crypt_auth_op cryp;
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ struct session_op *sess = &state->d_sess;
-+
-+ if (state->d_fd < 0)
-+ return 0;
-+
-+ if ((len % ctx->cipher->block_size) != 0)
-+ return 0;
-+
-+ if (state->aad_len >= 0)
-+ return cryptodev_gcm_tls_cipher(ctx, out, in, len);
-+
-+ memset(&cryp, 0, sizeof(cryp));
-+
-+ cryp.ses = sess->ses;
-+ cryp.len = len;
-+ cryp.src = (unsigned char*) in;
-+ cryp.dst = out;
-+ cryp.auth_src = NULL;
-+ cryp.auth_len = 0;
-+ cryp.iv = ctx->iv;
-+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-+
-+ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
-+ return 0;
-+ }
-+
-+ return len;
-+}
-+
-+static int cryptodev_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
-+ void *ptr)
-+{
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ switch (type) {
-+ case EVP_CTRL_INIT:
-+ {
-+ state->ivlen = ctx->cipher->iv_len;
-+ state->iv = ctx->iv;
-+ state->aad_len = -1;
-+ return 1;
-+ }
-+ case EVP_CTRL_GCM_SET_IV_FIXED:
-+ {
-+ /* Special case: -1 length restores whole IV */
-+ if (arg == -1)
-+ {
-+ memcpy(state->iv, ptr, state->ivlen);
-+ return 1;
-+ }
-+ /* Fixed field must be at least 4 bytes and invocation field
-+ * at least 8.
-+ */
-+ if ((arg < 4) || (state->ivlen - arg) < 8)
-+ return 0;
-+ if (arg)
-+ memcpy(state->iv, ptr, arg);
-+ if (ctx->encrypt &&
-+ RAND_bytes(state->iv + arg, state->ivlen - arg) <= 0)
-+ return 0;
-+ return 1;
-+ }
-+ case EVP_CTRL_AEAD_TLS1_AAD:
-+ {
-+ unsigned int len;
-+ if (arg != 13)
-+ return 0;
-+
-+ memcpy(ctx->buf, ptr, arg);
-+ len=ctx->buf[arg-2] << 8 | ctx->buf[arg-1];
-+
-+ /* Correct length for explicit IV */
-+ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
-+
-+ /* If decrypting correct for tag too */
-+ if (!ctx->encrypt)
-+ len -= EVP_GCM_TLS_TAG_LEN;
-+
-+ ctx->buf[arg-2] = len >> 8;
-+ ctx->buf[arg-1] = len & 0xff;
-+
-+ state->aad = ctx->buf;
-+ state->aad_len = arg;
-+ state->len = len;
-+
-+ /* Extra padding: tag appended to record */
-+ return EVP_GCM_TLS_TAG_LEN;
-+ }
-+ case EVP_CTRL_GCM_SET_IV_INV:
-+ {
-+ if (ctx->encrypt)
-+ return 0;
-+ memcpy(state->iv + state->ivlen - arg, ptr, arg);
-+ return 1;
-+ }
-+ case EVP_CTRL_GCM_IV_GEN:
-+ if (arg <= 0 || arg > state->ivlen)
-+ arg = state->ivlen;
-+ memcpy(ptr, state->iv + state->ivlen - arg, arg);
-+ return 1;
-+ default:
-+ return -1;
-+ }
-+}
- /*
- * libcrypto EVP stuff - this is how we get wired to EVP so the engine
- * gets called when libcrypto requests a cipher NID.
-@@ -901,6 +1108,23 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
- cryptodev_cbc_hmac_sha1_ctrl,
- NULL
- };
-+
-+const EVP_CIPHER cryptodev_aes_128_gcm = {
-+ NID_aes_128_gcm,
-+ 1, 16, 12,
-+ EVP_CIPH_GCM_MODE | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1 \
-+ | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
-+ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT,
-+ cryptodev_init_gcm_key,
-+ cryptodev_gcm_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_gcm_ctrl,
-+ NULL
-+};
-+
- /*
- * Registered by the ENGINE when used to find out how to deal with
- * a particular NID in the ENGINE. this says what we'll do at the
-@@ -944,6 +1168,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- case NID_aes_256_cbc_hmac_sha1:
- *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
- break;
-+ case NID_aes_128_gcm:
-+ *cipher = &cryptodev_aes_128_gcm;
-+ break;
- default:
- *cipher = NULL;
- break;
---
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
new file mode 100644
index 0000000..5e65ec6
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
@@ -0,0 +1,377 @@
+From 4c1531a088076118ce3c06cb0af15998f0796cb3 Mon Sep 17 00:00:00 2001
+From: Tudor Ambarus <tudor.ambarus at freescale.com>
+Date: Tue, 31 Mar 2015 16:32:35 +0300
+Subject: [PATCH 17/48] eng_cryptodev: add support for TLSv1.2 record offload
+
+Supported cipher suites:
+- 3des-ede-cbc-sha
+- aes-128-cbc-hmac-sha
+- aes-256-cbc-hmac-sha
+- aes-128-cbc-hmac-sha256
+- aes-256-cbc-hmac-sha256
+
+Requires TLS patches on cryptodev and TLS algorithm support in Linux
+kernel driver.
+
+Signed-off-by: Tudor Ambarus <tudor.ambarus at freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 138 ++++++++++++++++++++++++++++++++++++++++++
+ crypto/objects/obj_dat.h | 26 +++++++-
+ crypto/objects/obj_mac.h | 20 ++++++
+ crypto/objects/obj_mac.num | 5 ++
+ crypto/objects/objects.txt | 5 ++
+ ssl/ssl_ciph.c | 25 ++++++++
+ 6 files changed, 216 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index e37a661..e6f9f16 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -139,6 +139,11 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
++const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1;
++const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1;
++const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1;
++const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256;
++const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256;
+
+ inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
+ {
+@@ -310,6 +315,26 @@ static struct {
+ 20
+ },
+ {
++ CRYPTO_TLS12_3DES_CBC_HMAC_SHA1, NID_tls12_des_ede3_cbc_hmac_sha1, 8,
++ 24, 20
++ },
++ {
++ CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_128_cbc_hmac_sha1, 16, 16,
++ 20
++ },
++ {
++ CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_256_cbc_hmac_sha1, 16, 32,
++ 20
++ },
++ {
++ CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_128_cbc_hmac_sha256, 16,
++ 16, 32
++ },
++ {
++ CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_256_cbc_hmac_sha256, 16,
++ 32, 32
++ },
++ {
+ CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0
+ },
+ {
+@@ -551,6 +576,21 @@ static int cryptodev_usable_ciphers(const int **nids)
+ case NID_tls11_aes_256_cbc_hmac_sha1:
+ EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
+ break;
++ case NID_tls12_des_ede3_cbc_hmac_sha1:
++ EVP_add_cipher(&cryptodev_tls12_3des_cbc_hmac_sha1);
++ break;
++ case NID_tls12_aes_128_cbc_hmac_sha1:
++ EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha1);
++ break;
++ case NID_tls12_aes_256_cbc_hmac_sha1:
++ EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha1);
++ break;
++ case NID_tls12_aes_128_cbc_hmac_sha256:
++ EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha256);
++ break;
++ case NID_tls12_aes_256_cbc_hmac_sha256:
++ EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha256);
++ break;
+ }
+ }
+ return count;
+@@ -659,6 +699,11 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ case NID_tls11_des_ede3_cbc_hmac_sha1:
+ case NID_tls11_aes_128_cbc_hmac_sha1:
+ case NID_tls11_aes_256_cbc_hmac_sha1:
++ case NID_tls12_des_ede3_cbc_hmac_sha1:
++ case NID_tls12_aes_128_cbc_hmac_sha1:
++ case NID_tls12_aes_256_cbc_hmac_sha1:
++ case NID_tls12_aes_128_cbc_hmac_sha256:
++ case NID_tls12_aes_256_cbc_hmac_sha256:
+ cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
+ }
+ cryp.ses = sess->ses;
+@@ -856,9 +901,17 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
+ case NID_tls11_des_ede3_cbc_hmac_sha1:
+ case NID_tls11_aes_128_cbc_hmac_sha1:
+ case NID_tls11_aes_256_cbc_hmac_sha1:
++ case NID_tls12_des_ede3_cbc_hmac_sha1:
++ case NID_tls12_aes_128_cbc_hmac_sha1:
++ case NID_tls12_aes_256_cbc_hmac_sha1:
+ maclen = SHA_DIGEST_LENGTH;
+ aad_needs_fix = true;
+ break;
++ case NID_tls12_aes_128_cbc_hmac_sha256:
++ case NID_tls12_aes_256_cbc_hmac_sha256:
++ maclen = SHA256_DIGEST_LENGTH;
++ aad_needs_fix = true;
++ break;
+ }
+
+ /* Correct length for AAD Length field */
+@@ -1270,6 +1323,76 @@ const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
+ NULL
+ };
+
++const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1 = {
++ NID_tls12_des_ede3_cbc_hmac_sha1,
++ 8, 24, 8,
++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++ cryptodev_init_aead_key,
++ cryptodev_aead_cipher,
++ cryptodev_cleanup,
++ sizeof(struct dev_crypto_state),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ cryptodev_cbc_hmac_sha1_ctrl,
++ NULL
++};
++
++const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1 = {
++ NID_tls12_aes_128_cbc_hmac_sha1,
++ 16, 16, 16,
++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++ cryptodev_init_aead_key,
++ cryptodev_aead_cipher,
++ cryptodev_cleanup,
++ sizeof(struct dev_crypto_state),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ cryptodev_cbc_hmac_sha1_ctrl,
++ NULL
++};
++
++const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1 = {
++ NID_tls12_aes_256_cbc_hmac_sha1,
++ 16, 32, 16,
++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++ cryptodev_init_aead_key,
++ cryptodev_aead_cipher,
++ cryptodev_cleanup,
++ sizeof(struct dev_crypto_state),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ cryptodev_cbc_hmac_sha1_ctrl,
++ NULL
++};
++
++const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256 = {
++ NID_tls12_aes_128_cbc_hmac_sha256,
++ 16, 16, 16,
++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++ cryptodev_init_aead_key,
++ cryptodev_aead_cipher,
++ cryptodev_cleanup,
++ sizeof(struct dev_crypto_state),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ cryptodev_cbc_hmac_sha1_ctrl,
++ NULL
++};
++
++const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256 = {
++ NID_tls12_aes_256_cbc_hmac_sha256,
++ 16, 32, 16,
++ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++ cryptodev_init_aead_key,
++ cryptodev_aead_cipher,
++ cryptodev_cleanup,
++ sizeof(struct dev_crypto_state),
++ EVP_CIPHER_set_asn1_iv,
++ EVP_CIPHER_get_asn1_iv,
++ cryptodev_cbc_hmac_sha1_ctrl,
++ NULL
++};
++
+ const EVP_CIPHER cryptodev_aes_128_gcm = {
+ NID_aes_128_gcm,
+ 1, 16, 12,
+@@ -1395,6 +1518,21 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+ case NID_aes_128_gcm:
+ *cipher = &cryptodev_aes_128_gcm;
+ break;
++ case NID_tls12_des_ede3_cbc_hmac_sha1:
++ *cipher = &cryptodev_tls12_3des_cbc_hmac_sha1;
++ break;
++ case NID_tls12_aes_128_cbc_hmac_sha1:
++ *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha1;
++ break;
++ case NID_tls12_aes_256_cbc_hmac_sha1:
++ *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha1;
++ break;
++ case NID_tls12_aes_128_cbc_hmac_sha256:
++ *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha256;
++ break;
++ case NID_tls12_aes_256_cbc_hmac_sha256:
++ *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha256;
++ break;
+ default:
+ *cipher = NULL;
+ break;
+diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
+index 4dd32a1..e3a2505 100644
+--- a/crypto/objects/obj_dat.h
++++ b/crypto/objects/obj_dat.h
+@@ -62,9 +62,9 @@
+ * [including the GNU Public Licence.]
+ */
+
+-#define NUM_NID 962
+-#define NUM_SN 955
+-#define NUM_LN 955
++#define NUM_NID 967
++#define NUM_SN 960
++#define NUM_LN 960
+ #define NUM_OBJ 890
+
+ static const unsigned char lvalues[6255]={
+@@ -2522,6 +2522,16 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
+ NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
+ {"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
+ NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
++{"TLS12-DES-EDE3-CBC-HMAC-SHA1","tls12-des-ede3-cbc-hmac-sha1",
++ NID_tls12_des_ede3_cbc_hmac_sha1,0,NULL,0},
++{"TLS12-AES-128-CBC-HMAC-SHA1","tls12-aes-128-cbc-hmac-sha1",
++ NID_tls12_aes_128_cbc_hmac_sha1,0,NULL,0},
++{"TLS12-AES-256-CBC-HMAC-SHA1","tls12-aes-256-cbc-hmac-sha1",
++ NID_tls12_aes_256_cbc_hmac_sha1,0,NULL,0},
++{"TLS12-AES-128-CBC-HMAC-SHA256","tls12-aes-128-cbc-hmac-sha256",
++ NID_tls12_aes_128_cbc_hmac_sha256,0,NULL,0},
++{"TLS12-AES-256-CBC-HMAC-SHA256","tls12-aes-256-cbc-hmac-sha256",
++ NID_tls12_aes_256_cbc_hmac_sha256,0,NULL,0},
+ };
+
+ static const unsigned int sn_objs[NUM_SN]={
+@@ -2714,6 +2724,11 @@ static const unsigned int sn_objs[NUM_SN]={
+ 960, /* "TLS11-AES-128-CBC-HMAC-SHA1" */
+ 961, /* "TLS11-AES-256-CBC-HMAC-SHA1" */
+ 959, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
++963, /* "TLS12-AES-128-CBC-HMAC-SHA1" */
++965, /* "TLS12-AES-128-CBC-HMAC-SHA256" */
++964, /* "TLS12-AES-256-CBC-HMAC-SHA1" */
++966, /* "TLS12-AES-256-CBC-HMAC-SHA256" */
++962, /* "TLS12-DES-EDE3-CBC-HMAC-SHA1" */
+ 458, /* "UID" */
+ 0, /* "UNDEF" */
+ 11, /* "X500" */
+@@ -4408,6 +4423,11 @@ static const unsigned int ln_objs[NUM_LN]={
+ 960, /* "tls11-aes-128-cbc-hmac-sha1" */
+ 961, /* "tls11-aes-256-cbc-hmac-sha1" */
+ 959, /* "tls11-des-ede3-cbc-hmac-sha1" */
++963, /* "tls12-aes-128-cbc-hmac-sha1" */
++965, /* "tls12-aes-128-cbc-hmac-sha256" */
++964, /* "tls12-aes-256-cbc-hmac-sha1" */
++966, /* "tls12-aes-256-cbc-hmac-sha256" */
++962, /* "tls12-des-ede3-cbc-hmac-sha1" */
+ 682, /* "tpBasis" */
+ 436, /* "ucl" */
+ 0, /* "undefined" */
+diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
+index 5930563..f4a81cb 100644
+--- a/crypto/objects/obj_mac.h
++++ b/crypto/objects/obj_mac.h
+@@ -4063,6 +4063,26 @@
+ #define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1"
+ #define NID_tls11_aes_256_cbc_hmac_sha1 961
+
++#define SN_tls12_des_ede3_cbc_hmac_sha1 "TLS12-DES-EDE3-CBC-HMAC-SHA1"
++#define LN_tls12_des_ede3_cbc_hmac_sha1 "tls12-des-ede3-cbc-hmac-sha1"
++#define NID_tls12_des_ede3_cbc_hmac_sha1 962
++
++#define SN_tls12_aes_128_cbc_hmac_sha1 "TLS12-AES-128-CBC-HMAC-SHA1"
++#define LN_tls12_aes_128_cbc_hmac_sha1 "tls12-aes-128-cbc-hmac-sha1"
++#define NID_tls12_aes_128_cbc_hmac_sha1 963
++
++#define SN_tls12_aes_256_cbc_hmac_sha1 "TLS12-AES-256-CBC-HMAC-SHA1"
++#define LN_tls12_aes_256_cbc_hmac_sha1 "tls12-aes-256-cbc-hmac-sha1"
++#define NID_tls12_aes_256_cbc_hmac_sha1 964
++
++#define SN_tls12_aes_128_cbc_hmac_sha256 "TLS12-AES-128-CBC-HMAC-SHA256"
++#define LN_tls12_aes_128_cbc_hmac_sha256 "tls12-aes-128-cbc-hmac-sha256"
++#define NID_tls12_aes_128_cbc_hmac_sha256 965
++
++#define SN_tls12_aes_256_cbc_hmac_sha256 "TLS12-AES-256-CBC-HMAC-SHA256"
++#define LN_tls12_aes_256_cbc_hmac_sha256 "tls12-aes-256-cbc-hmac-sha256"
++#define NID_tls12_aes_256_cbc_hmac_sha256 966
++
+ #define SN_dhpublicnumber "dhpublicnumber"
+ #define LN_dhpublicnumber "X9.42 DH"
+ #define NID_dhpublicnumber 920
+diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
+index 02f1728..401be03 100644
+--- a/crypto/objects/obj_mac.num
++++ b/crypto/objects/obj_mac.num
+@@ -959,3 +959,8 @@ des_ede3_cbc_hmac_sha1 958
+ tls11_des_ede3_cbc_hmac_sha1 959
+ tls11_aes_128_cbc_hmac_sha1 960
+ tls11_aes_256_cbc_hmac_sha1 961
++tls12_des_ede3_cbc_hmac_sha1 962
++tls12_aes_128_cbc_hmac_sha1 963
++tls12_aes_256_cbc_hmac_sha1 964
++tls12_aes_128_cbc_hmac_sha256 965
++tls12_aes_256_cbc_hmac_sha256 966
+diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
+index cda81da..68a8da8 100644
+--- a/crypto/objects/objects.txt
++++ b/crypto/objects/objects.txt
+@@ -1298,6 +1298,11 @@ kisa 1 6 : SEED-OFB : seed-ofb
+ : TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1
+ : TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1
+ : TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1
++ : TLS12-DES-EDE3-CBC-HMAC-SHA1 : tls12-des-ede3-cbc-hmac-sha1
++ : TLS12-AES-128-CBC-HMAC-SHA1 : tls12-aes-128-cbc-hmac-sha1
++ : TLS12-AES-256-CBC-HMAC-SHA1 : tls12-aes-256-cbc-hmac-sha1
++ : TLS12-AES-128-CBC-HMAC-SHA256 : tls12-aes-128-cbc-hmac-sha256
++ : TLS12-AES-256-CBC-HMAC-SHA256 : tls12-aes-256-cbc-hmac-sha256
+
+ ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
+
+diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
+index e3d73ac..4698528 100644
+--- a/ssl/ssl_ciph.c
++++ b/ssl/ssl_ciph.c
+@@ -690,6 +690,31 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+ c->algorithm_mac == SSL_SHA1 &&
+ (evp = EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
+ *enc = evp, *md = NULL;
++ else if (s->ssl_version == TLS1_2_VERSION &&
++ c->algorithm_enc == SSL_3DES &&
++ c->algorithm_mac == SSL_SHA1 &&
++ (evp=EVP_get_cipherbyname("TLS12-DES-EDE3-CBC-HMAC-SHA1")))
++ *enc = evp, *md = NULL;
++ else if (s->ssl_version == TLS1_2_VERSION &&
++ c->algorithm_enc == SSL_AES128 &&
++ c->algorithm_mac == SSL_SHA1 &&
++ (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA1")))
++ *enc = evp, *md = NULL;
++ else if (s->ssl_version == TLS1_2_VERSION &&
++ c->algorithm_enc == SSL_AES256 &&
++ c->algorithm_mac == SSL_SHA1 &&
++ (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA1")))
++ *enc = evp, *md = NULL;
++ else if (s->ssl_version == TLS1_2_VERSION &&
++ c->algorithm_enc == SSL_AES128 &&
++ c->algorithm_mac == SSL_SHA256 &&
++ (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA256")))
++ *enc = evp, *md = NULL;
++ else if (s->ssl_version == TLS1_2_VERSION &&
++ c->algorithm_enc == SSL_AES256 &&
++ c->algorithm_mac == SSL_SHA256 &&
++ (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA256")))
++ *enc = evp, *md = NULL;
+ return (1);
+ } else
+ return (0);
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch
new file mode 100644
index 0000000..c1f0c9d
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch
@@ -0,0 +1,72 @@
+From 07d8dad75fb1e4c3487ae560ac51e2141aa0e0c1 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at freescale.com>
+Date: Thu, 19 Feb 2015 16:11:53 +0200
+Subject: [PATCH 18/48] cryptodev: drop redundant function
+
+get_dev_crypto already caches the result. Another cache in-between is
+useless.
+
+Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 17 +++--------------
+ 1 file changed, 3 insertions(+), 14 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index e6f9f16..4cffaf1 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -93,7 +93,6 @@ struct dev_crypto_state {
+
+ static u_int32_t cryptodev_asymfeat = 0;
+
+-static int get_asym_dev_crypto(void);
+ static int open_dev_crypto(void);
+ static int get_dev_crypto(void);
+ static int get_cryptodev_ciphers(const int **cnids);
+@@ -440,16 +439,6 @@ static void put_dev_crypto(int fd)
+ # endif
+ }
+
+-/* Caching version for asym operations */
+-static int get_asym_dev_crypto(void)
+-{
+- static int fd = -1;
+-
+- if (fd == -1)
+- fd = get_dev_crypto();
+- return fd;
+-}
+-
+ /*
+ * Find out what ciphers /dev/crypto will let us have a session for.
+ * XXX note, that some of these openssl doesn't deal with yet!
+@@ -1919,7 +1908,7 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+ {
+ int fd, ret = -1;
+
+- if ((fd = get_asym_dev_crypto()) < 0)
++ if ((fd = get_dev_crypto()) < 0)
+ return (ret);
+
+ if (r) {
+@@ -2509,7 +2498,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+ int p_len, q_len;
+ int i;
+
+- if ((fd = get_asym_dev_crypto()) < 0)
++ if ((fd = get_dev_crypto()) < 0)
+ goto sw_try;
+
+ if (!rsa->n && ((rsa->n = BN_new()) == NULL))
+@@ -4098,7 +4087,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+ BIGNUM *temp = NULL;
+ unsigned char *padded_pub_key = NULL, *p = NULL;
+
+- if ((fd = get_asym_dev_crypto()) < 0)
++ if ((fd = get_dev_crypto()) < 0)
+ goto sw_try;
+
+ memset(&kop, 0, sizeof kop);
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
deleted file mode 100644
index 1118a6f..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
+++ /dev/null
@@ -1,193 +0,0 @@
-From 21e3ca4ec77f9258aa4001f07faac1c4942b48b4 Mon Sep 17 00:00:00 2001
-From: Tudor Ambarus <tudor.ambarus at freescale.com>
-Date: Fri, 9 May 2014 17:54:06 +0300
-Subject: [PATCH 18/26] eng_cryptodev: extend TLS offload with
- 3des_cbc_hmac_sha1
-
-Both obj_mac.h and obj_dat.h were generated using the scripts
-from crypto/objects:
-
-$ cd crypto/objects
-$ perl objects.pl objects.txt obj_mac.num obj_mac.h
-$ perl obj_dat.pl obj_mac.h obj_dat.h
-
-Change-Id: I94f13cdd09df67e33e6acd3c00aab47cb358ac46
-Signed-off-by: Tudor Ambarus <tudor.ambarus at freescale.com>
-Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/34001
----
- crypto/engine/eng_cryptodev.c | 24 ++++++++++++++++++++++++
- crypto/objects/obj_dat.h | 10 +++++++---
- crypto/objects/obj_mac.h | 4 ++++
- crypto/objects/obj_mac.num | 1 +
- crypto/objects/objects.txt | 1 +
- ssl/ssl_ciph.c | 4 ++++
- 6 files changed, 41 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 79b2678..299e84b 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -135,6 +135,7 @@ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
- void ENGINE_load_cryptodev(void);
- const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
-
- inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
- {
-@@ -252,6 +253,7 @@ static struct {
- { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, 0},
- { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0},
- { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0},
-+ { CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20},
- { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
- { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
- { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0},
-@@ -466,6 +468,9 @@ cryptodev_usable_ciphers(const int **nids)
- case NID_aes_256_cbc_hmac_sha1:
- EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
- break;
-+ case NID_des_ede3_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
-+ break;
- }
- }
- return count;
-@@ -571,6 +576,7 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- switch (ctx->cipher->nid) {
- case NID_aes_128_cbc_hmac_sha1:
- case NID_aes_256_cbc_hmac_sha1:
-+ case NID_des_ede3_cbc_hmac_sha1:
- cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
- }
- cryp.ses = sess->ses;
-@@ -763,6 +769,7 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
- switch (ctx->cipher->nid) {
- case NID_aes_128_cbc_hmac_sha1:
- case NID_aes_256_cbc_hmac_sha1:
-+ case NID_des_ede3_cbc_hmac_sha1:
- maclen = SHA_DIGEST_LENGTH;
- }
-
-@@ -1082,6 +1089,20 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
- NULL
- };
-
-+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1 = {
-+ NID_des_ede3_cbc_hmac_sha1,
-+ 8, 24, 8,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
- const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
- NID_aes_128_cbc_hmac_sha1,
- 16, 16, 16,
-@@ -1163,6 +1184,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- case NID_aes_256_cbc:
- *cipher = &cryptodev_aes_256_cbc;
- break;
-+ case NID_des_ede3_cbc_hmac_sha1:
-+ *cipher = &cryptodev_3des_cbc_hmac_sha1;
-+ break;
- case NID_aes_128_cbc_hmac_sha1:
- *cipher = &cryptodev_aes_128_cbc_hmac_sha1;
- break;
-diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
-index bc69665..9f2267a 100644
---- a/crypto/objects/obj_dat.h
-+++ b/crypto/objects/obj_dat.h
-@@ -62,9 +62,9 @@
- * [including the GNU Public Licence.]
- */
-
--#define NUM_NID 920
--#define NUM_SN 913
--#define NUM_LN 913
-+#define NUM_NID 921
-+#define NUM_SN 914
-+#define NUM_LN 914
- #define NUM_OBJ 857
-
- static const unsigned char lvalues[5974]={
-@@ -2399,6 +2399,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
- {"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1",
- NID_aes_256_cbc_hmac_sha1,0,NULL,0},
- {"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0},
-+{"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
-+ NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
- };
-
- static const unsigned int sn_objs[NUM_SN]={
-@@ -2474,6 +2476,7 @@ static const unsigned int sn_objs[NUM_SN]={
- 62, /* "DES-EDE-OFB" */
- 33, /* "DES-EDE3" */
- 44, /* "DES-EDE3-CBC" */
-+920, /* "DES-EDE3-CBC-HMAC-SHA1" */
- 61, /* "DES-EDE3-CFB" */
- 658, /* "DES-EDE3-CFB1" */
- 659, /* "DES-EDE3-CFB8" */
-@@ -3585,6 +3588,7 @@ static const unsigned int ln_objs[NUM_LN]={
- 62, /* "des-ede-ofb" */
- 33, /* "des-ede3" */
- 44, /* "des-ede3-cbc" */
-+920, /* "des-ede3-cbc-hmac-sha1" */
- 61, /* "des-ede3-cfb" */
- 658, /* "des-ede3-cfb1" */
- 659, /* "des-ede3-cfb8" */
-diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
-index b5ea7cd..8751902 100644
---- a/crypto/objects/obj_mac.h
-+++ b/crypto/objects/obj_mac.h
-@@ -4030,3 +4030,7 @@
- #define LN_aes_256_cbc_hmac_sha1 "aes-256-cbc-hmac-sha1"
- #define NID_aes_256_cbc_hmac_sha1 918
-
-+#define SN_des_ede3_cbc_hmac_sha1 "DES-EDE3-CBC-HMAC-SHA1"
-+#define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1"
-+#define NID_des_ede3_cbc_hmac_sha1 920
-+
-diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
-index 1d0a7c8..9d44bb5 100644
---- a/crypto/objects/obj_mac.num
-+++ b/crypto/objects/obj_mac.num
-@@ -917,3 +917,4 @@ aes_128_cbc_hmac_sha1 916
- aes_192_cbc_hmac_sha1 917
- aes_256_cbc_hmac_sha1 918
- rsaesOaep 919
-+des_ede3_cbc_hmac_sha1 920
-diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
-index d3bfad7..90d2fc5 100644
---- a/crypto/objects/objects.txt
-+++ b/crypto/objects/objects.txt
-@@ -1290,3 +1290,4 @@ kisa 1 6 : SEED-OFB : seed-ofb
- : AES-128-CBC-HMAC-SHA1 : aes-128-cbc-hmac-sha1
- : AES-192-CBC-HMAC-SHA1 : aes-192-cbc-hmac-sha1
- : AES-256-CBC-HMAC-SHA1 : aes-256-cbc-hmac-sha1
-+ : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1
-diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index 8188ff5..310fe76 100644
---- a/ssl/ssl_ciph.c
-+++ b/ssl/ssl_ciph.c
-@@ -639,6 +639,10 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
- c->algorithm_mac == SSL_SHA1 &&
- (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
- *enc = evp, *md = NULL;
-+ else if (c->algorithm_enc == SSL_3DES &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
- return(1);
- }
- else
---
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch
new file mode 100644
index 0000000..248d88e
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch
@@ -0,0 +1,48 @@
+From 1f7ef531a010a3a86c9c16f801044b5f01652eb2 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at freescale.com>
+Date: Tue, 17 Feb 2015 13:12:53 +0200
+Subject: [PATCH 19/48] cryptodev: do not zero the buffer before use
+
+- The buffer is just about to be overwritten. Zeroing it before that has
+ no purpose
+
+Change-Id: I478c31bd2e254561474a7edf5e37980ca04217ce
+Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/34217
+---
+ crypto/engine/eng_cryptodev.c | 14 ++++----------
+ 1 file changed, 4 insertions(+), 10 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 4cffaf1..bbc903b 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1801,21 +1801,15 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+ static int bn2crparam(const BIGNUM *a, struct crparam *crp)
+ {
+ ssize_t bytes, bits;
+- u_char *b;
+-
+- crp->crp_p = NULL;
+- crp->crp_nbits = 0;
+
+ bits = BN_num_bits(a);
+ bytes = (bits + 7) / 8;
+
+- b = malloc(bytes);
+- if (b == NULL)
+- return (1);
+- memset(b, 0, bytes);
+-
+- crp->crp_p = (caddr_t) b;
+ crp->crp_nbits = bits;
++ crp->crp_p = malloc(bytes);
++
++ if (crp->crp_p == NULL)
++ return (1);
+
+ BN_bn2bin(a, crp->crp_p);
+ return (0);
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
deleted file mode 100644
index 988d79e..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
+++ /dev/null
@@ -1,355 +0,0 @@
-From 1de2b740a3bdcd8e98abb5f4e176d46fd817b932 Mon Sep 17 00:00:00 2001
-From: Tudor Ambarus <tudor.ambarus at freescale.com>
-Date: Tue, 31 Mar 2015 16:30:17 +0300
-Subject: [PATCH 19/26] eng_cryptodev: add support for TLSv1.1 record offload
-
-Supported cipher suites:
-- 3des-ede-cbc-sha
-- aes-128-cbc-hmac-sha
-- aes-256-cbc-hmac-sha
-
-Requires TLS patches on cryptodev and TLS algorithm support in Linux
-kernel driver.
-
-Signed-off-by: Tudor Ambarus <tudor.ambarus at freescale.com>
-Change-Id: Id414f36a528de3f476b72688cf85714787d7ccae
-Reviewed-on: http://git.am.freescale.net:8181/34002
-Reviewed-by: Cristian Stoica <cristian.stoica at freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 101 ++++++++++++++++++++++++++++++++++++++----
- crypto/objects/obj_dat.h | 18 ++++++--
- crypto/objects/obj_mac.h | 12 +++++
- crypto/objects/obj_mac.num | 3 ++
- crypto/objects/objects.txt | 3 ++
- ssl/ssl_ciph.c | 26 +++++++++--
- 6 files changed, 148 insertions(+), 15 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 299e84b..f71ab27 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -66,6 +66,7 @@ ENGINE_load_cryptodev(void)
- #include <sys/ioctl.h>
- #include <errno.h>
- #include <stdio.h>
-+#include <stdbool.h>
- #include <unistd.h>
- #include <fcntl.h>
- #include <stdarg.h>
-@@ -133,9 +134,12 @@ static int cryptodev_dh_compute_key(unsigned char *key,
- static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
- void (*f)(void));
- void ENGINE_load_cryptodev(void);
-+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
--const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
-
- inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
- {
-@@ -256,6 +260,9 @@ static struct {
- { CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20},
- { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
- { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
-+ { CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8, 24, 20},
-+ { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16, 20},
-+ { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32, 20},
- { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0},
- { 0, NID_undef, 0, 0, 0},
- };
-@@ -462,14 +469,23 @@ cryptodev_usable_ciphers(const int **nids)
- /* add ciphers specific to cryptodev if found in kernel */
- for(i = 0; i < count; i++) {
- switch (*(*nids + i)) {
-+ case NID_des_ede3_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
-+ break;
- case NID_aes_128_cbc_hmac_sha1:
- EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
- break;
- case NID_aes_256_cbc_hmac_sha1:
- EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
- break;
-- case NID_des_ede3_cbc_hmac_sha1:
-- EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
-+ case NID_tls11_des_ede3_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_tls11_3des_cbc_hmac_sha1);
-+ break;
-+ case NID_tls11_aes_128_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_tls11_aes_128_cbc_hmac_sha1);
-+ break;
-+ case NID_tls11_aes_256_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
- break;
- }
- }
-@@ -574,9 +590,12 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-
- /* TODO: make a seamless integration with cryptodev flags */
- switch (ctx->cipher->nid) {
-+ case NID_des_ede3_cbc_hmac_sha1:
- case NID_aes_128_cbc_hmac_sha1:
- case NID_aes_256_cbc_hmac_sha1:
-- case NID_des_ede3_cbc_hmac_sha1:
-+ case NID_tls11_des_ede3_cbc_hmac_sha1:
-+ case NID_tls11_aes_128_cbc_hmac_sha1:
-+ case NID_tls11_aes_256_cbc_hmac_sha1:
- cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
- }
- cryp.ses = sess->ses;
-@@ -758,8 +777,9 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
- struct dev_crypto_state *state = ctx->cipher_data;
- unsigned char *p = ptr;
- unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
-- unsigned int maclen, padlen;
-+ unsigned int maclen, padlen, len;
- unsigned int bs = ctx->cipher->block_size;
-+ bool aad_needs_fix = false;
-
- state->aad = ptr;
- state->aad_len = arg;
-@@ -767,10 +787,24 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
-
- /* TODO: this should be an extension of EVP_CIPHER struct */
- switch (ctx->cipher->nid) {
-+ case NID_des_ede3_cbc_hmac_sha1:
- case NID_aes_128_cbc_hmac_sha1:
- case NID_aes_256_cbc_hmac_sha1:
-- case NID_des_ede3_cbc_hmac_sha1:
- maclen = SHA_DIGEST_LENGTH;
-+ break;
-+ case NID_tls11_des_ede3_cbc_hmac_sha1:
-+ case NID_tls11_aes_128_cbc_hmac_sha1:
-+ case NID_tls11_aes_256_cbc_hmac_sha1:
-+ maclen = SHA_DIGEST_LENGTH;
-+ aad_needs_fix = true;
-+ break;
-+ }
-+
-+ /* Correct length for AAD Length field */
-+ if (ctx->encrypt && aad_needs_fix) {
-+ len = cryptlen - bs;
-+ p[arg-2] = len >> 8;
-+ p[arg-1] = len & 0xff;
- }
-
- /* space required for encryption (not only TLS padding) */
-@@ -1131,6 +1165,48 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
- NULL
- };
-
-+const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1 = {
-+ NID_tls11_des_ede3_cbc_hmac_sha1,
-+ 8, 24, 8,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1 = {
-+ NID_tls11_aes_128_cbc_hmac_sha1,
-+ 16, 16, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
-+ NID_tls11_aes_256_cbc_hmac_sha1,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
- const EVP_CIPHER cryptodev_aes_128_gcm = {
- NID_aes_128_gcm,
- 1, 16, 12,
-@@ -1184,6 +1260,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- case NID_aes_256_cbc:
- *cipher = &cryptodev_aes_256_cbc;
- break;
-+ case NID_aes_128_gcm:
-+ *cipher = &cryptodev_aes_128_gcm;
-+ break;
- case NID_des_ede3_cbc_hmac_sha1:
- *cipher = &cryptodev_3des_cbc_hmac_sha1;
- break;
-@@ -1193,8 +1272,14 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- case NID_aes_256_cbc_hmac_sha1:
- *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
- break;
-- case NID_aes_128_gcm:
-- *cipher = &cryptodev_aes_128_gcm;
-+ case NID_tls11_des_ede3_cbc_hmac_sha1:
-+ *cipher = &cryptodev_tls11_3des_cbc_hmac_sha1;
-+ break;
-+ case NID_tls11_aes_128_cbc_hmac_sha1:
-+ *cipher = &cryptodev_tls11_aes_128_cbc_hmac_sha1;
-+ break;
-+ case NID_tls11_aes_256_cbc_hmac_sha1:
-+ *cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1;
- break;
- default:
- *cipher = NULL;
-diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
-index 9f2267a..dc89b0a 100644
---- a/crypto/objects/obj_dat.h
-+++ b/crypto/objects/obj_dat.h
-@@ -62,9 +62,9 @@
- * [including the GNU Public Licence.]
- */
-
--#define NUM_NID 921
--#define NUM_SN 914
--#define NUM_LN 914
-+#define NUM_NID 924
-+#define NUM_SN 917
-+#define NUM_LN 917
- #define NUM_OBJ 857
-
- static const unsigned char lvalues[5974]={
-@@ -2401,6 +2401,12 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
- {"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0},
- {"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
- NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
-+{"TLS11-DES-EDE3-CBC-HMAC-SHA1","tls11-des-ede3-cbc-hmac-sha1",
-+ NID_tls11_des_ede3_cbc_hmac_sha1,0,NULL,0},
-+{"TLS11-AES-128-CBC-HMAC-SHA1","tls11-aes-128-cbc-hmac-sha1",
-+ NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
-+{"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
-+ NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
- };
-
- static const unsigned int sn_objs[NUM_SN]={
-@@ -2586,6 +2592,9 @@ static const unsigned int sn_objs[NUM_SN]={
- 100, /* "SN" */
- 16, /* "ST" */
- 143, /* "SXNetID" */
-+922, /* "TLS11-AES-128-CBC-HMAC-SHA1" */
-+923, /* "TLS11-AES-256-CBC-HMAC-SHA1" */
-+921, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
- 458, /* "UID" */
- 0, /* "UNDEF" */
- 11, /* "X500" */
-@@ -4205,6 +4214,9 @@ static const unsigned int ln_objs[NUM_LN]={
- 459, /* "textEncodedORAddress" */
- 293, /* "textNotice" */
- 106, /* "title" */
-+922, /* "tls11-aes-128-cbc-hmac-sha1" */
-+923, /* "tls11-aes-256-cbc-hmac-sha1" */
-+921, /* "tls11-des-ede3-cbc-hmac-sha1" */
- 682, /* "tpBasis" */
- 436, /* "ucl" */
- 0, /* "undefined" */
-diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
-index 8751902..f181890 100644
---- a/crypto/objects/obj_mac.h
-+++ b/crypto/objects/obj_mac.h
-@@ -4034,3 +4034,15 @@
- #define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1"
- #define NID_des_ede3_cbc_hmac_sha1 920
-
-+#define SN_tls11_des_ede3_cbc_hmac_sha1 "TLS11-DES-EDE3-CBC-HMAC-SHA1"
-+#define LN_tls11_des_ede3_cbc_hmac_sha1 "tls11-des-ede3-cbc-hmac-sha1"
-+#define NID_tls11_des_ede3_cbc_hmac_sha1 921
-+
-+#define SN_tls11_aes_128_cbc_hmac_sha1 "TLS11-AES-128-CBC-HMAC-SHA1"
-+#define LN_tls11_aes_128_cbc_hmac_sha1 "tls11-aes-128-cbc-hmac-sha1"
-+#define NID_tls11_aes_128_cbc_hmac_sha1 922
-+
-+#define SN_tls11_aes_256_cbc_hmac_sha1 "TLS11-AES-256-CBC-HMAC-SHA1"
-+#define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1"
-+#define NID_tls11_aes_256_cbc_hmac_sha1 923
-+
-diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
-index 9d44bb5..a02b58c 100644
---- a/crypto/objects/obj_mac.num
-+++ b/crypto/objects/obj_mac.num
-@@ -918,3 +918,6 @@ aes_192_cbc_hmac_sha1 917
- aes_256_cbc_hmac_sha1 918
- rsaesOaep 919
- des_ede3_cbc_hmac_sha1 920
-+tls11_des_ede3_cbc_hmac_sha1 921
-+tls11_aes_128_cbc_hmac_sha1 922
-+tls11_aes_256_cbc_hmac_sha1 923
-diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
-index 90d2fc5..1973658 100644
---- a/crypto/objects/objects.txt
-+++ b/crypto/objects/objects.txt
-@@ -1291,3 +1291,6 @@ kisa 1 6 : SEED-OFB : seed-ofb
- : AES-192-CBC-HMAC-SHA1 : aes-192-cbc-hmac-sha1
- : AES-256-CBC-HMAC-SHA1 : aes-256-cbc-hmac-sha1
- : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1
-+ : TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1
-+ : TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1
-+ : TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1
-diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index 310fe76..0408986 100644
---- a/ssl/ssl_ciph.c
-+++ b/ssl/ssl_ciph.c
-@@ -631,17 +631,35 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
- c->algorithm_mac == SSL_MD5 &&
- (evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
- *enc = evp, *md = NULL;
-- else if (c->algorithm_enc == SSL_AES128 &&
-+ else if (s->ssl_version == TLS1_VERSION &&
-+ c->algorithm_enc == SSL_3DES &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp=EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_VERSION &&
-+ c->algorithm_enc == SSL_AES128 &&
- c->algorithm_mac == SSL_SHA1 &&
- (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
- *enc = evp, *md = NULL;
-- else if (c->algorithm_enc == SSL_AES256 &&
-+ else if (s->ssl_version == TLS1_VERSION &&
-+ c->algorithm_enc == SSL_AES256 &&
- c->algorithm_mac == SSL_SHA1 &&
- (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
- *enc = evp, *md = NULL;
-- else if (c->algorithm_enc == SSL_3DES &&
-+ else if (s->ssl_version == TLS1_1_VERSION &&
-+ c->algorithm_enc == SSL_3DES &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp=EVP_get_cipherbyname("TLS11-DES-EDE3-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_1_VERSION &&
-+ c->algorithm_enc == SSL_AES128 &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp=EVP_get_cipherbyname("TLS11-AES-128-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_1_VERSION &&
-+ c->algorithm_enc == SSL_AES256 &&
- c->algorithm_mac == SSL_SHA1 &&
-- (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
-+ (evp=EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
- *enc = evp, *md = NULL;
- return(1);
- }
---
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch
new file mode 100644
index 0000000..c600bda
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch
@@ -0,0 +1,73 @@
+From 453c617b10fb2c4e748b5799ab4b00c184470c60 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at freescale.com>
+Date: Wed, 18 Feb 2015 10:39:46 +0200
+Subject: [PATCH 20/48] cryptodev: clean-up code layout
+
+This is just a refactoring that uses else branch to check for malloc failures
+
+Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 45 ++++++++++++++++++++-----------------------
+ 1 file changed, 21 insertions(+), 24 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index bbc903b..14dcddf 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1865,32 +1865,29 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+ fd = *(int *)cookie->eng_handle;
+
+ eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
+-
+- if (eng_cookie) {
+- memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
+- if (r) {
+- kop->crk_param[kop->crk_iparams].crp_p =
+- calloc(rlen, sizeof(char));
+- if (!kop->crk_param[kop->crk_iparams].crp_p)
+- return -ENOMEM;
+- kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
+- kop->crk_oparams++;
+- eng_cookie->r = r;
+- eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
+- }
+- if (s) {
+- kop->crk_param[kop->crk_iparams + 1].crp_p =
+- calloc(slen, sizeof(char));
+- if (!kop->crk_param[kop->crk_iparams + 1].crp_p)
+- return -ENOMEM;
+- kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
+- kop->crk_oparams++;
+- eng_cookie->s = s;
+- eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
+- }
+- } else
++ if (!eng_cookie)
+ return -ENOMEM;
+
++ memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
++ if (r) {
++ kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
++ if (!kop->crk_param[kop->crk_iparams].crp_p)
++ return -ENOMEM;
++ kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
++ kop->crk_oparams++;
++ eng_cookie->r = r;
++ eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
++ }
++ if (s) {
++ kop->crk_param[kop->crk_iparams + 1].crp_p =
++ calloc(slen, sizeof(char));
++ if (!kop->crk_param[kop->crk_iparams + 1].crp_p)
++ return -ENOMEM;
++ kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
++ kop->crk_oparams++;
++ eng_cookie->s = s;
++ eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
++ }
+ eng_cookie->kop = kop;
+ cookie->eng_cookie = eng_cookie;
+ return ioctl(fd, CIOCASYMASYNCRYPT, kop);
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
deleted file mode 100644
index 7370c49..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
+++ /dev/null
@@ -1,359 +0,0 @@
-From a58703e6601fcfcfe69fdb3e7152ed76b40d67e9 Mon Sep 17 00:00:00 2001
-From: Tudor Ambarus <tudor.ambarus at freescale.com>
-Date: Tue, 31 Mar 2015 16:32:35 +0300
-Subject: [PATCH 20/26] eng_cryptodev: add support for TLSv1.2 record offload
-
-Supported cipher suites:
-- 3des-ede-cbc-sha
-- aes-128-cbc-hmac-sha
-- aes-256-cbc-hmac-sha
-- aes-128-cbc-hmac-sha256
-- aes-256-cbc-hmac-sha256
-
-Requires TLS patches on cryptodev and TLS algorithm support in Linux
-kernel driver.
-
-Signed-off-by: Tudor Ambarus <tudor.ambarus at freescale.com>
-Change-Id: I0ac6953dd62e2655a59d8f3eaefd012b7ecebf55
-Reviewed-on: http://git.am.freescale.net:8181/34003
-Reviewed-by: Cristian Stoica <cristian.stoica at freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 123 ++++++++++++++++++++++++++++++++++++++++++
- crypto/objects/obj_dat.h | 26 +++++++--
- crypto/objects/obj_mac.h | 20 +++++++
- crypto/objects/obj_mac.num | 5 ++
- crypto/objects/objects.txt | 5 ++
- ssl/ssl_ciph.c | 25 +++++++++
- 6 files changed, 201 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index f71ab27..fa5fe1b 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -140,6 +140,11 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256;
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256;
-
- inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
- {
-@@ -263,6 +268,11 @@ static struct {
- { CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8, 24, 20},
- { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16, 20},
- { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32, 20},
-+ { CRYPTO_TLS12_3DES_CBC_HMAC_SHA1, NID_tls12_des_ede3_cbc_hmac_sha1, 8, 24, 20},
-+ { CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_128_cbc_hmac_sha1, 16, 16, 20},
-+ { CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_256_cbc_hmac_sha1, 16, 32, 20},
-+ { CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_128_cbc_hmac_sha256, 16, 16, 32},
-+ { CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_256_cbc_hmac_sha256, 16, 32, 32},
- { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0},
- { 0, NID_undef, 0, 0, 0},
- };
-@@ -487,6 +497,21 @@ cryptodev_usable_ciphers(const int **nids)
- case NID_tls11_aes_256_cbc_hmac_sha1:
- EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
- break;
-+ case NID_tls12_des_ede3_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_tls12_3des_cbc_hmac_sha1);
-+ break;
-+ case NID_tls12_aes_128_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha1);
-+ break;
-+ case NID_tls12_aes_256_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha1);
-+ break;
-+ case NID_tls12_aes_128_cbc_hmac_sha256:
-+ EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha256);
-+ break;
-+ case NID_tls12_aes_256_cbc_hmac_sha256:
-+ EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha256);
-+ break;
- }
- }
- return count;
-@@ -596,6 +621,11 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- case NID_tls11_des_ede3_cbc_hmac_sha1:
- case NID_tls11_aes_128_cbc_hmac_sha1:
- case NID_tls11_aes_256_cbc_hmac_sha1:
-+ case NID_tls12_des_ede3_cbc_hmac_sha1:
-+ case NID_tls12_aes_128_cbc_hmac_sha1:
-+ case NID_tls12_aes_256_cbc_hmac_sha1:
-+ case NID_tls12_aes_128_cbc_hmac_sha256:
-+ case NID_tls12_aes_256_cbc_hmac_sha256:
- cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
- }
- cryp.ses = sess->ses;
-@@ -795,9 +825,17 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
- case NID_tls11_des_ede3_cbc_hmac_sha1:
- case NID_tls11_aes_128_cbc_hmac_sha1:
- case NID_tls11_aes_256_cbc_hmac_sha1:
-+ case NID_tls12_des_ede3_cbc_hmac_sha1:
-+ case NID_tls12_aes_128_cbc_hmac_sha1:
-+ case NID_tls12_aes_256_cbc_hmac_sha1:
- maclen = SHA_DIGEST_LENGTH;
- aad_needs_fix = true;
- break;
-+ case NID_tls12_aes_128_cbc_hmac_sha256:
-+ case NID_tls12_aes_256_cbc_hmac_sha256:
-+ maclen = SHA256_DIGEST_LENGTH;
-+ aad_needs_fix = true;
-+ break;
- }
-
- /* Correct length for AAD Length field */
-@@ -1207,6 +1245,76 @@ const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
- NULL
- };
-
-+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1 = {
-+ NID_tls12_des_ede3_cbc_hmac_sha1,
-+ 8, 24, 8,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1 = {
-+ NID_tls12_aes_128_cbc_hmac_sha1,
-+ 16, 16, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1 = {
-+ NID_tls12_aes_256_cbc_hmac_sha1,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256 = {
-+ NID_tls12_aes_128_cbc_hmac_sha256,
-+ 16, 16, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256 = {
-+ NID_tls12_aes_256_cbc_hmac_sha256,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
- const EVP_CIPHER cryptodev_aes_128_gcm = {
- NID_aes_128_gcm,
- 1, 16, 12,
-@@ -1281,6 +1389,21 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- case NID_tls11_aes_256_cbc_hmac_sha1:
- *cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1;
- break;
-+ case NID_tls12_des_ede3_cbc_hmac_sha1:
-+ *cipher = &cryptodev_tls12_3des_cbc_hmac_sha1;
-+ break;
-+ case NID_tls12_aes_128_cbc_hmac_sha1:
-+ *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha1;
-+ break;
-+ case NID_tls12_aes_256_cbc_hmac_sha1:
-+ *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha1;
-+ break;
-+ case NID_tls12_aes_128_cbc_hmac_sha256:
-+ *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha256;
-+ break;
-+ case NID_tls12_aes_256_cbc_hmac_sha256:
-+ *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha256;
-+ break;
- default:
- *cipher = NULL;
- break;
-diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
-index dc89b0a..dfe19da 100644
---- a/crypto/objects/obj_dat.h
-+++ b/crypto/objects/obj_dat.h
-@@ -62,9 +62,9 @@
- * [including the GNU Public Licence.]
- */
-
--#define NUM_NID 924
--#define NUM_SN 917
--#define NUM_LN 917
-+#define NUM_NID 929
-+#define NUM_SN 922
-+#define NUM_LN 922
- #define NUM_OBJ 857
-
- static const unsigned char lvalues[5974]={
-@@ -2407,6 +2407,16 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
- NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
- {"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
- NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-DES-EDE3-CBC-HMAC-SHA1","tls12-des-ede3-cbc-hmac-sha1",
-+ NID_tls12_des_ede3_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-AES-128-CBC-HMAC-SHA1","tls12-aes-128-cbc-hmac-sha1",
-+ NID_tls12_aes_128_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-AES-256-CBC-HMAC-SHA1","tls12-aes-256-cbc-hmac-sha1",
-+ NID_tls12_aes_256_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-AES-128-CBC-HMAC-SHA256","tls12-aes-128-cbc-hmac-sha256",
-+ NID_tls12_aes_128_cbc_hmac_sha256,0,NULL,0},
-+{"TLS12-AES-256-CBC-HMAC-SHA256","tls12-aes-256-cbc-hmac-sha256",
-+ NID_tls12_aes_256_cbc_hmac_sha256,0,NULL,0},
- };
-
- static const unsigned int sn_objs[NUM_SN]={
-@@ -2595,6 +2605,11 @@ static const unsigned int sn_objs[NUM_SN]={
- 922, /* "TLS11-AES-128-CBC-HMAC-SHA1" */
- 923, /* "TLS11-AES-256-CBC-HMAC-SHA1" */
- 921, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
-+925, /* "TLS12-AES-128-CBC-HMAC-SHA1" */
-+927, /* "TLS12-AES-128-CBC-HMAC-SHA256" */
-+926, /* "TLS12-AES-256-CBC-HMAC-SHA1" */
-+928, /* "TLS12-AES-256-CBC-HMAC-SHA256" */
-+924, /* "TLS12-DES-EDE3-CBC-HMAC-SHA1" */
- 458, /* "UID" */
- 0, /* "UNDEF" */
- 11, /* "X500" */
-@@ -4217,6 +4232,11 @@ static const unsigned int ln_objs[NUM_LN]={
- 922, /* "tls11-aes-128-cbc-hmac-sha1" */
- 923, /* "tls11-aes-256-cbc-hmac-sha1" */
- 921, /* "tls11-des-ede3-cbc-hmac-sha1" */
-+925, /* "tls12-aes-128-cbc-hmac-sha1" */
-+927, /* "tls12-aes-128-cbc-hmac-sha256" */
-+926, /* "tls12-aes-256-cbc-hmac-sha1" */
-+928, /* "tls12-aes-256-cbc-hmac-sha256" */
-+924, /* "tls12-des-ede3-cbc-hmac-sha1" */
- 682, /* "tpBasis" */
- 436, /* "ucl" */
- 0, /* "undefined" */
-diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
-index f181890..5af125e 100644
---- a/crypto/objects/obj_mac.h
-+++ b/crypto/objects/obj_mac.h
-@@ -4046,3 +4046,23 @@
- #define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1"
- #define NID_tls11_aes_256_cbc_hmac_sha1 923
-
-+#define SN_tls12_des_ede3_cbc_hmac_sha1 "TLS12-DES-EDE3-CBC-HMAC-SHA1"
-+#define LN_tls12_des_ede3_cbc_hmac_sha1 "tls12-des-ede3-cbc-hmac-sha1"
-+#define NID_tls12_des_ede3_cbc_hmac_sha1 924
-+
-+#define SN_tls12_aes_128_cbc_hmac_sha1 "TLS12-AES-128-CBC-HMAC-SHA1"
-+#define LN_tls12_aes_128_cbc_hmac_sha1 "tls12-aes-128-cbc-hmac-sha1"
-+#define NID_tls12_aes_128_cbc_hmac_sha1 925
-+
-+#define SN_tls12_aes_256_cbc_hmac_sha1 "TLS12-AES-256-CBC-HMAC-SHA1"
-+#define LN_tls12_aes_256_cbc_hmac_sha1 "tls12-aes-256-cbc-hmac-sha1"
-+#define NID_tls12_aes_256_cbc_hmac_sha1 926
-+
-+#define SN_tls12_aes_128_cbc_hmac_sha256 "TLS12-AES-128-CBC-HMAC-SHA256"
-+#define LN_tls12_aes_128_cbc_hmac_sha256 "tls12-aes-128-cbc-hmac-sha256"
-+#define NID_tls12_aes_128_cbc_hmac_sha256 927
-+
-+#define SN_tls12_aes_256_cbc_hmac_sha256 "TLS12-AES-256-CBC-HMAC-SHA256"
-+#define LN_tls12_aes_256_cbc_hmac_sha256 "tls12-aes-256-cbc-hmac-sha256"
-+#define NID_tls12_aes_256_cbc_hmac_sha256 928
-+
-diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
-index a02b58c..deeba3a 100644
---- a/crypto/objects/obj_mac.num
-+++ b/crypto/objects/obj_mac.num
-@@ -921,3 +921,8 @@ des_ede3_cbc_hmac_sha1 920
- tls11_des_ede3_cbc_hmac_sha1 921
- tls11_aes_128_cbc_hmac_sha1 922
- tls11_aes_256_cbc_hmac_sha1 923
-+tls12_des_ede3_cbc_hmac_sha1 924
-+tls12_aes_128_cbc_hmac_sha1 925
-+tls12_aes_256_cbc_hmac_sha1 926
-+tls12_aes_128_cbc_hmac_sha256 927
-+tls12_aes_256_cbc_hmac_sha256 928
-diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
-index 1973658..6e4ac93 100644
---- a/crypto/objects/objects.txt
-+++ b/crypto/objects/objects.txt
-@@ -1294,3 +1294,8 @@ kisa 1 6 : SEED-OFB : seed-ofb
- : TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1
- : TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1
- : TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1
-+ : TLS12-DES-EDE3-CBC-HMAC-SHA1 : tls12-des-ede3-cbc-hmac-sha1
-+ : TLS12-AES-128-CBC-HMAC-SHA1 : tls12-aes-128-cbc-hmac-sha1
-+ : TLS12-AES-256-CBC-HMAC-SHA1 : tls12-aes-256-cbc-hmac-sha1
-+ : TLS12-AES-128-CBC-HMAC-SHA256 : tls12-aes-128-cbc-hmac-sha256
-+ : TLS12-AES-256-CBC-HMAC-SHA256 : tls12-aes-256-cbc-hmac-sha256
-diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index 0408986..77a82f6 100644
---- a/ssl/ssl_ciph.c
-+++ b/ssl/ssl_ciph.c
-@@ -661,6 +661,31 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
- c->algorithm_mac == SSL_SHA1 &&
- (evp=EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
- *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_2_VERSION &&
-+ c->algorithm_enc == SSL_3DES &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp=EVP_get_cipherbyname("TLS12-DES-EDE3-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_2_VERSION &&
-+ c->algorithm_enc == SSL_AES128 &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_2_VERSION &&
-+ c->algorithm_enc == SSL_AES256 &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_2_VERSION &&
-+ c->algorithm_enc == SSL_AES128 &&
-+ c->algorithm_mac == SSL_SHA256 &&
-+ (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA256")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_2_VERSION &&
-+ c->algorithm_enc == SSL_AES256 &&
-+ c->algorithm_mac == SSL_SHA256 &&
-+ (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA256")))
-+ *enc = evp, *md = NULL;
- return(1);
- }
- else
---
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch
new file mode 100644
index 0000000..9c6e503
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch
@@ -0,0 +1,93 @@
+From d9395f7d876f7dfaaae25867c88d1e1f684589de Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at freescale.com>
+Date: Thu, 19 Feb 2015 16:43:29 +0200
+Subject: [PATCH 21/48] cryptodev: do not cache file descriptor in 'open'
+
+The file descriptor returned by get_dev_crypto is cached after a
+successful return. The issue is, it is cached inside 'open_dev_crypto'
+which is no longer useful as a general purpose open("/dev/crypto")
+function.
+
+This patch is a refactoring that moves the caching operation from
+open_dev_crypto to get_dev_crypto and leaves the former as a simpler
+function true to its name
+
+Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 43 +++++++++++++++++++++----------------------
+ 1 file changed, 21 insertions(+), 22 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 14dcddf..75fca7f 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -391,45 +391,44 @@ static void ctr64_inc(unsigned char *counter)
+ } while (n);
+ }
+
+-/*
+- * Return a fd if /dev/crypto seems usable, 0 otherwise.
+- */
+ static int open_dev_crypto(void)
+ {
+- static int fd = -1;
++ int fd;
+
+- if (fd == -1) {
+- if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
+- return (-1);
+- /* close on exec */
+- if (fcntl(fd, F_SETFD, 1) == -1) {
+- close(fd);
+- fd = -1;
+- return (-1);
+- }
++ fd = open("/dev/crypto", O_RDWR, 0);
++ if (fd < 0)
++ return -1;
++
++ /* close on exec */
++ if (fcntl(fd, F_SETFD, 1) == -1) {
++ close(fd);
++ return -1;
+ }
+- return (fd);
++
++ return fd;
+ }
+
+ static int get_dev_crypto(void)
+ {
+- int fd, retfd;
++ static int fd = -1;
++ int retfd;
+
+- if ((fd = open_dev_crypto()) == -1)
+- return (-1);
+-# ifndef CRIOGET_NOT_NEEDED
++ if (fd == -1)
++ fd = open_dev_crypto();
++# ifdef CRIOGET_NOT_NEEDED
++ return fd;
++# else
++ if (fd == -1)
++ return -1;
+ if (ioctl(fd, CRIOGET, &retfd) == -1)
+ return (-1);
+-
+ /* close on exec */
+ if (fcntl(retfd, F_SETFD, 1) == -1) {
+ close(retfd);
+ return (-1);
+ }
+-# else
+- retfd = fd;
++ return retfd;
+ # endif
+- return (retfd);
+ }
+
+ static void put_dev_crypto(int fd)
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-drop-redundant-function.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-drop-redundant-function.patch
deleted file mode 100644
index 16cc688..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-drop-redundant-function.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From ea4abc255c6c5feec01cb1e30c6082cfe47860e2 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at freescale.com>
-Date: Thu, 19 Feb 2015 16:11:53 +0200
-Subject: [PATCH 21/26] cryptodev: drop redundant function
-
-get_dev_crypto already caches the result. Another cache in-between is
-useless.
-
-Change-Id: Ibd162529d3fb7a561a17f1a707d5d287c1586a3a
-Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/34216
----
- crypto/engine/eng_cryptodev.c | 18 +++---------------
- 1 file changed, 3 insertions(+), 15 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index fa5fe1b..1ab5551 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -96,7 +96,6 @@ struct dev_crypto_state {
-
- static u_int32_t cryptodev_asymfeat = 0;
-
--static int get_asym_dev_crypto(void);
- static int open_dev_crypto(void);
- static int get_dev_crypto(void);
- static int get_cryptodev_ciphers(const int **cnids);
-@@ -357,17 +356,6 @@ static void put_dev_crypto(int fd)
- #endif
- }
-
--/* Caching version for asym operations */
--static int
--get_asym_dev_crypto(void)
--{
-- static int fd = -1;
--
-- if (fd == -1)
-- fd = get_dev_crypto();
-- return fd;
--}
--
- /*
- * Find out what ciphers /dev/crypto will let us have a session for.
- * XXX note, that some of these openssl doesn't deal with yet!
-@@ -1796,7 +1784,7 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
- {
- int fd, ret = -1;
-
-- if ((fd = get_asym_dev_crypto()) < 0)
-+ if ((fd = get_dev_crypto()) < 0)
- return (ret);
-
- if (r) {
-@@ -2374,7 +2362,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
- int p_len, q_len;
- int i;
-
-- if ((fd = get_asym_dev_crypto()) < 0)
-+ if ((fd = get_dev_crypto()) < 0)
- goto sw_try;
-
- if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
-@@ -3928,7 +3916,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- BIGNUM *temp = NULL;
- unsigned char *padded_pub_key = NULL, *p = NULL;
-
-- if ((fd = get_asym_dev_crypto()) < 0)
-+ if ((fd = get_dev_crypto()) < 0)
- goto sw_try;
-
- memset(&kop, 0, sizeof kop);
---
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-do-not-zero-the-buffer-before-use.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-do-not-zero-the-buffer-before-use.patch
deleted file mode 100644
index 0b2f0f1..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-do-not-zero-the-buffer-before-use.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 75e3e7d600eb72e7374b1ecf5ece7b831bc98ed8 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at freescale.com>
-Date: Tue, 17 Feb 2015 13:12:53 +0200
-Subject: [PATCH 22/26] cryptodev: do not zero the buffer before use
-
-- The buffer is just about to be overwritten. Zeroing it before that has
- no purpose
-
-Change-Id: I478c31bd2e254561474a7edf5e37980ca04217ce
-Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/34217
----
- crypto/engine/eng_cryptodev.c | 13 ++++---------
- 1 file changed, 4 insertions(+), 9 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 1ab5551..dbc5989 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1681,21 +1681,16 @@ static int
- bn2crparam(const BIGNUM *a, struct crparam *crp)
- {
- ssize_t bytes, bits;
-- u_char *b;
--
-- crp->crp_p = NULL;
-- crp->crp_nbits = 0;
-
- bits = BN_num_bits(a);
- bytes = (bits + 7) / 8;
-
-- b = malloc(bytes);
-- if (b == NULL)
-+ crp->crp_nbits = bits;
-+ crp->crp_p = malloc(bytes);
-+
-+ if (crp->crp_p == NULL)
- return (1);
-- memset(b, 0, bytes);
-
-- crp->crp_p = (caddr_t) b;
-- crp->crp_nbits = bits;
- BN_bn2bin(a, crp->crp_p);
- return (0);
- }
---
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-put_dev_crypto-should-be-an-int.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch
similarity index 70%
rename from recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-put_dev_crypto-should-be-an-int.patch
rename to recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch
index a48dc6a..121123d 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-put_dev_crypto-should-be-an-int.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch
@@ -1,7 +1,7 @@
-From 84a8007b6e92fe4c2696cc9e330207ee03303a20 Mon Sep 17 00:00:00 2001
+From 79d6976e2ad2e5ac31374bc24ee29ae53f55c0e1 Mon Sep 17 00:00:00 2001
From: Cristian Stoica <cristian.stoica at freescale.com>
Date: Thu, 19 Feb 2015 13:09:32 +0200
-Subject: [PATCH 25/26] cryptodev: put_dev_crypto should be an int
+Subject: [PATCH 22/48] cryptodev: put_dev_crypto should be an int
Change-Id: Ie0a83bc07a37132286c098b17ef35d98de74b043
Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
@@ -11,25 +11,25 @@ Reviewed-on: http://git.am.freescale.net:8181/34220
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index b74fc7c..c9db27d 100644
+index 75fca7f..b162646 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
-@@ -347,10 +347,12 @@ static int get_dev_crypto(void)
- #endif
+@@ -431,10 +431,12 @@ static int get_dev_crypto(void)
+ # endif
}
-static void put_dev_crypto(int fd)
+static int put_dev_crypto(int fd)
{
--#ifndef CRIOGET_NOT_NEEDED
-- close(fd);
+-# ifndef CRIOGET_NOT_NEEDED
+- close(fd);
+#ifdef CRIOGET_NOT_NEEDED
+ return 0;
+#else
+ return close(fd);
- #endif
+ # endif
}
--
-2.3.5
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-clean-up-code-layout.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-clean-up-code-layout.patch
deleted file mode 100644
index 5ff1c5c..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-clean-up-code-layout.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 4453b06b940fc03a0973cfd96f908e46cce61054 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at freescale.com>
-Date: Wed, 18 Feb 2015 10:39:46 +0200
-Subject: [PATCH 23/26] cryptodev: clean-up code layout
-
-This is just a refactoring that uses else branch to check for malloc failures
-
-Change-Id: I6dc157af36d6ec51a4edfc82cf97fae2e7e83628
-Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/34218
----
- crypto/engine/eng_cryptodev.c | 42 ++++++++++++++++++++----------------------
- 1 file changed, 20 insertions(+), 22 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index dbc5989..dceb4f5 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1745,30 +1745,28 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
- fd = *(int *)cookie->eng_handle;
-
- eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
--
-- if (eng_cookie) {
-- memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
-- if (r) {
-- kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
-- if (!kop->crk_param[kop->crk_iparams].crp_p)
-- return -ENOMEM;
-- kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
-- kop->crk_oparams++;
-- eng_cookie->r = r;
-- eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
-- }
-- if (s) {
-- kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
-- if (!kop->crk_param[kop->crk_iparams+1].crp_p)
-- return -ENOMEM;
-- kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
-- kop->crk_oparams++;
-- eng_cookie->s = s;
-- eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
-- }
-- } else
-+ if (!eng_cookie)
- return -ENOMEM;
-
-+ memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
-+ if (r) {
-+ kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
-+ if (!kop->crk_param[kop->crk_iparams].crp_p)
-+ return -ENOMEM;
-+ kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
-+ kop->crk_oparams++;
-+ eng_cookie->r = r;
-+ eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
-+ }
-+ if (s) {
-+ kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
-+ if (!kop->crk_param[kop->crk_iparams+1].crp_p)
-+ return -ENOMEM;
-+ kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
-+ kop->crk_oparams++;
-+ eng_cookie->s = s;
-+ eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
-+ }
- eng_cookie->kop = kop;
- cookie->eng_cookie = eng_cookie;
- return ioctl(fd, CIOCASYMASYNCRYPT, kop);
---
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch
similarity index 66%
rename from recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch
rename to recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch
index 6527ac8..1043fbd 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch
@@ -1,27 +1,25 @@
-From 787539e7720c99785f6c664a7484842bba08f6ed Mon Sep 17 00:00:00 2001
+From f99682e0ccaeadb7446d211dfad6dbf8fcd5675f Mon Sep 17 00:00:00 2001
From: Cristian Stoica <cristian.stoica at freescale.com>
Date: Thu, 19 Feb 2015 13:39:52 +0200
-Subject: [PATCH 26/26] cryptodev: simplify cryptodev pkc support code
+Subject: [PATCH 23/48] cryptodev: simplify cryptodev pkc support code
- Engine init returns directly a file descriptor instead of a pointer to one
- Similarly, the Engine close will now just close the file
-Change-Id: Ief736d0776c7009dee002204fb1d4ce9d31c8787
Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/34221
---
crypto/crypto.h | 2 +-
- crypto/engine/eng_cryptodev.c | 35 +++-----------------------
- crypto/engine/eng_int.h | 14 +++--------
- crypto/engine/eng_lib.c | 57 +++++++++++++++++++++----------------------
- crypto/engine/engine.h | 13 +++++-----
- 5 files changed, 42 insertions(+), 79 deletions(-)
+ crypto/engine/eng_cryptodev.c | 43 +++++++----------------------------
+ crypto/engine/eng_int.h | 14 +++---------
+ crypto/engine/eng_lib.c | 53 +++++++++++++++++++++----------------------
+ crypto/engine/engine.h | 13 +++++------
+ 5 files changed, 44 insertions(+), 81 deletions(-)
diff --git a/crypto/crypto.h b/crypto/crypto.h
-index ce12731..292427e 100644
+index 2b4ec59..ddb9b69 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
-@@ -618,7 +618,7 @@ struct pkc_cookie_s {
+@@ -668,7 +668,7 @@ struct pkc_cookie_s {
* -EINVAL: Parameters Invalid
*/
void (*pkc_callback)(struct pkc_cookie_s *cookie, int status);
@@ -31,77 +29,92 @@ index ce12731..292427e 100644
#ifdef __cplusplus
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index c9db27d..f173bde 100644
+index b162646..1910c89 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
-@@ -1742,7 +1742,7 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
- struct pkc_cookie_s *cookie = kop->cookie;
- struct cryptodev_cookie_s *eng_cookie;
+@@ -433,10 +433,10 @@ static int get_dev_crypto(void)
-- fd = *(int *)cookie->eng_handle;
-+ fd = cookie->eng_handle;
+ static int put_dev_crypto(int fd)
+ {
+-#ifdef CRIOGET_NOT_NEEDED
+- return 0;
+-#else
+- return close(fd);
++# ifdef CRIOGET_NOT_NEEDED
++ return 0;
++# else
++ return close(fd);
+ # endif
+ }
+
+@@ -1863,7 +1863,7 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+ struct pkc_cookie_s *cookie = kop->cookie;
+ struct cryptodev_cookie_s *eng_cookie;
+
+- fd = *(int *)cookie->eng_handle;
++ fd = cookie->eng_handle;
- eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
- if (!eng_cookie)
-@@ -1802,38 +1802,11 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
- return (ret);
+ eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
+ if (!eng_cookie)
+@@ -1926,38 +1926,11 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+ return (ret);
}
-/* Close an opened instance of cryptodev engine */
-void cryptodev_close_instance(void *handle)
-{
-- int fd;
+- int fd;
-
-- if (handle) {
-- fd = *(int *)handle;
-- close(fd);
-- free(handle);
-- }
+- if (handle) {
+- fd = *(int *)handle;
+- close(fd);
+- free(handle);
+- }
-}
-
-/* Create an instance of cryptodev for asynchronous interface */
-void *cryptodev_init_instance(void)
-{
-- int *fd = malloc(sizeof(int));
+- int *fd = malloc(sizeof(int));
-
-- if (fd) {
-- if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) {
-- free(fd);
-- return NULL;
-- }
-- }
-- return fd;
+- if (fd) {
+- if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) {
+- free(fd);
+- return NULL;
+- }
+- }
+- return fd;
-}
-
- #include <poll.h>
+ # include <poll.h>
/* Return 0 on success and 1 on failure */
-int cryptodev_check_availability(void *eng_handle)
+int cryptodev_check_availability(int fd)
{
-- int fd = *(int *)eng_handle;
- struct pkc_cookie_list_s cookie_list;
- struct pkc_cookie_s *cookie;
- int i;
-@@ -4540,8 +4513,8 @@ ENGINE_load_cryptodev(void)
- }
+- int fd = *(int *)eng_handle;
+ struct pkc_cookie_list_s cookie_list;
+ struct pkc_cookie_s *cookie;
+ int i;
+@@ -4706,8 +4679,8 @@ void ENGINE_load_cryptodev(void)
+ }
- ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability);
-- ENGINE_set_close_instance(engine, cryptodev_close_instance);
-- ENGINE_set_init_instance(engine, cryptodev_init_instance);
-+ ENGINE_set_close_instance(engine, put_dev_crypto);
-+ ENGINE_set_open_instance(engine, open_dev_crypto);
- ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC);
+ ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability);
+- ENGINE_set_close_instance(engine, cryptodev_close_instance);
+- ENGINE_set_init_instance(engine, cryptodev_init_instance);
++ ENGINE_set_close_instance(engine, put_dev_crypto);
++ ENGINE_set_open_instance(engine, open_dev_crypto);
+ ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC);
- ENGINE_add(engine);
+ ENGINE_add(engine);
diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
-index 8fc3077..8fb79c0 100644
+index b698a0c..7541beb 100644
--- a/crypto/engine/eng_int.h
+++ b/crypto/engine/eng_int.h
-@@ -181,23 +181,15 @@ struct engine_st
- ENGINE_LOAD_KEY_PTR load_pubkey;
-
- ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
+@@ -198,23 +198,15 @@ struct engine_st {
+ ENGINE_LOAD_KEY_PTR load_privkey;
+ ENGINE_LOAD_KEY_PTR load_pubkey;
+ ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
- /*
- * Instantiate Engine handle to be passed in check_pkc_availability
- * Ensure that Engine is instantiated before any pkc asynchronous call.
@@ -126,20 +139,20 @@ index 8fc3077..8fb79c0 100644
* The following map is used to check if the engine supports asynchronous implementation
* ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous
diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
-index 6fa621c..6c9471b 100644
+index 0c57e12..4fdcfd6 100644
--- a/crypto/engine/eng_lib.c
+++ b/crypto/engine/eng_lib.c
-@@ -99,7 +99,7 @@ void engine_set_all_null(ENGINE *e)
- e->load_privkey = NULL;
- e->load_pubkey = NULL;
+@@ -101,7 +101,7 @@ void engine_set_all_null(ENGINE *e)
+ e->load_privkey = NULL;
+ e->load_pubkey = NULL;
e->check_pkc_availability = NULL;
- e->engine_init_instance = NULL;
+ e->engine_open_instance = NULL;
e->engine_close_instance = NULL;
- e->cmd_defns = NULL;
+ e->cmd_defns = NULL;
e->async_map = 0;
-@@ -237,47 +237,46 @@ int ENGINE_set_id(ENGINE *e, const char *id)
- return 1;
+@@ -252,46 +252,45 @@ int ENGINE_set_id(ENGINE *e, const char *id)
+ return 1;
}
-void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void))
@@ -181,43 +194,40 @@ index 6fa621c..6c9471b 100644
return e->async_map;
}
--void ENGINE_set_check_pkc_availability(ENGINE *e,
-- int (*check_pkc_availability)(void *eng_handle))
-- {
-- e->check_pkc_availability = check_pkc_availability;
-- }
+int ENGINE_open_instance(ENGINE *e)
+{
+ return e->engine_open_instance();
+}
-
--int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle)
-- {
-- return e->check_pkc_availability(eng_handle);
-- }
++
+int ENGINE_close_instance(ENGINE *e, int fd)
+{
+ return e->engine_close_instance(fd);
+}
+
-+void ENGINE_set_check_pkc_availability(ENGINE *e,
+ void ENGINE_set_check_pkc_availability(ENGINE *e,
+- int (*check_pkc_availability)(void *eng_handle))
+- {
+- e->check_pkc_availability = check_pkc_availability;
+- }
+ int (*check_pkc_availability)(int fd))
+{
+ e->check_pkc_availability = check_pkc_availability;
+}
-+
+
+-int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle)
+- {
+- return e->check_pkc_availability(eng_handle);
+int ENGINE_check_pkc_availability(ENGINE *e, int fd)
+{
+ return e->check_pkc_availability(fd);
-+}
+ }
int ENGINE_set_name(ENGINE *e, const char *name)
- {
diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
-index ccff86a..3ba3e97 100644
+index 4527aa1..f83ee73 100644
--- a/crypto/engine/engine.h
+++ b/crypto/engine/engine.h
-@@ -473,9 +473,6 @@ ENGINE *ENGINE_new(void);
+@@ -551,9 +551,6 @@ ENGINE *ENGINE_new(void);
int ENGINE_free(ENGINE *e);
int ENGINE_up_ref(ENGINE *e);
int ENGINE_set_id(ENGINE *e, const char *id);
@@ -227,7 +237,7 @@ index ccff86a..3ba3e97 100644
/*
* Following FLAGS are bitmap store in async_map to set asynchronous interface capability
*of the engine
-@@ -492,11 +489,13 @@ void ENGINE_set_async_map(ENGINE *e, int async_map);
+@@ -570,11 +567,13 @@ void ENGINE_set_async_map(ENGINE *e, int async_map);
* to confirm asynchronous methods supported
*/
int ENGINE_get_async_map(ENGINE *e);
@@ -246,5 +256,5 @@ index ccff86a..3ba3e97 100644
int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
--
-2.3.5
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch
new file mode 100644
index 0000000..27ccd95
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch
@@ -0,0 +1,37 @@
+From cb6842dac159b40acdc755526b0ba0afb61d9d64 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Mon, 14 Dec 2015 14:02:00 +0200
+Subject: [PATCH 24/48] cryptodev: clarify code, remove assignments from
+ conditionals
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 1910c89..fcfd232 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1559,14 +1559,16 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+ struct session_op *sess = &state->d_sess;
+ int digest;
+
+- if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef) {
++ digest = digest_nid_to_cryptodev(ctx->digest->type);
++ if (digest == NID_undef) {
+ printf("cryptodev_digest_init: Can't get digest \n");
+ return (0);
+ }
+
+ memset(state, 0, sizeof(struct dev_crypto_state));
+
+- if ((state->d_fd = get_dev_crypto()) < 0) {
++ state->d_fd = get_dev_crypto();
++ if (state->d_fd < 0) {
+ printf("cryptodev_digest_init: Can't get Dev \n");
+ return (0);
+ }
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch
deleted file mode 100644
index e798d3e..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From a44701abd995b3db80001d0c5d88e9ead05972c1 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at freescale.com>
-Date: Thu, 19 Feb 2015 16:43:29 +0200
-Subject: [PATCH 24/26] cryptodev: do not cache file descriptor in 'open'
-
-The file descriptor returned by get_dev_crypto is cached after a
-successful return. The issue is, it is cached inside 'open_dev_crypto'
-which is no longer useful as a general purpose open("/dev/crypto")
-function.
-
-This patch is a refactoring that moves the caching operation from
-open_dev_crypto to get_dev_crypto and leaves the former as a simpler
-function true to its name
-
-Change-Id: I980170969410381973ce75f6679a4a1401738847
-Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/34219
----
- crypto/engine/eng_cryptodev.c | 50 +++++++++++++++++++++----------------------
- 1 file changed, 24 insertions(+), 26 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index dceb4f5..b74fc7c 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -306,47 +306,45 @@ static void ctr64_inc(unsigned char *counter) {
- if (c) return;
- } while (n);
- }
--/*
-- * Return a fd if /dev/crypto seems usable, 0 otherwise.
-- */
--static int
--open_dev_crypto(void)
-+
-+static int open_dev_crypto(void)
- {
-- static int fd = -1;
-+ int fd;
-
-- if (fd == -1) {
-- if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
-- return (-1);
-- /* close on exec */
-- if (fcntl(fd, F_SETFD, 1) == -1) {
-- close(fd);
-- fd = -1;
-- return (-1);
-- }
-+ fd = open("/dev/crypto", O_RDWR, 0);
-+ if ( fd < 0)
-+ return -1;
-+
-+ /* close on exec */
-+ if (fcntl(fd, F_SETFD, 1) == -1) {
-+ close(fd);
-+ return -1;
- }
-- return (fd);
-+
-+ return fd;
- }
-
--static int
--get_dev_crypto(void)
-+static int get_dev_crypto(void)
- {
-- int fd, retfd;
-+ static int fd = -1;
-+ int retfd;
-
-- if ((fd = open_dev_crypto()) == -1)
-- return (-1);
--#ifndef CRIOGET_NOT_NEEDED
-+ if (fd == -1)
-+ fd = open_dev_crypto();
-+#ifdef CRIOGET_NOT_NEEDED
-+ return fd;
-+#else
-+ if (fd == -1)
-+ return -1;
- if (ioctl(fd, CRIOGET, &retfd) == -1)
- return (-1);
--
- /* close on exec */
- if (fcntl(retfd, F_SETFD, 1) == -1) {
- close(retfd);
- return (-1);
- }
--#else
-- retfd = fd;
-+ return retfd;
- #endif
-- return (retfd);
- }
-
- static void put_dev_crypto(int fd)
---
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch
new file mode 100644
index 0000000..ad5c303
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch
@@ -0,0 +1,34 @@
+From 087ae4ecbaf9cd49a2fcae9cb09c491beabc4c88 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Tue, 15 Dec 2015 12:10:37 +0200
+Subject: [PATCH 25/48] cryptodev: clean-up context state before anything else
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index fcfd232..16e6fd9 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1559,14 +1559,14 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+ struct session_op *sess = &state->d_sess;
+ int digest;
+
++ memset(state, 0, sizeof(struct dev_crypto_state));
++
+ digest = digest_nid_to_cryptodev(ctx->digest->type);
+ if (digest == NID_undef) {
+ printf("cryptodev_digest_init: Can't get digest \n");
+ return (0);
+ }
+
+- memset(state, 0, sizeof(struct dev_crypto_state));
+-
+ state->d_fd = get_dev_crypto();
+ if (state->d_fd < 0) {
+ printf("cryptodev_digest_init: Can't get Dev \n");
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch
new file mode 100644
index 0000000..936aafc
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch
@@ -0,0 +1,155 @@
+From 02dd4d275f7544a4027ca3452b60ac5bdd9376fb Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Mon, 14 Dec 2015 17:49:08 +0200
+Subject: [PATCH 26/48] cryptodev: remove code duplication in digest operations
+
+This patch simplifies code and removes duplication in digest_update and
+digest_final for cryptodev engine.
+
+Note: The current design of eng_cryptodev for digests operations assumes
+ the presence of all the data before processing (this is suboptimal
+ with cryptodev-linux because Linux kernel has support for digest-update
+ operations and there is no need to accumulate the input data).
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 76 ++++++++++++++++---------------------------
+ 1 file changed, 28 insertions(+), 48 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 16e6fd9..048e050 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1590,24 +1590,25 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+ size_t count)
+ {
+- struct crypt_op cryp;
+ struct dev_crypto_state *state = ctx->md_data;
+- struct session_op *sess = &state->d_sess;
+
+- if (!data || state->d_fd < 0) {
++ if (!data || !count) {
+ printf("cryptodev_digest_update: illegal inputs \n");
+- return (0);
+- }
+-
+- if (!count) {
+- return (0);
++ return 0;
+ }
+
+- if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
+- /* if application doesn't support one buffer */
++ /*
++ * Accumulate input data if it is scattered in several buffers. TODO:
++ * Depending on number of calls and data size, this code can be optimized
++ * to take advantage of Linux kernel crypto API, balancing between
++ * cryptodev calls and accumulating small amounts of data
++ */
++ if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) {
++ state->mac_data = data;
++ state->mac_len = count;
++ } else {
+ state->mac_data =
+ OPENSSL_realloc(state->mac_data, state->mac_len + count);
+-
+ if (!state->mac_data) {
+ printf("cryptodev_digest_update: realloc failed\n");
+ return (0);
+@@ -1615,23 +1616,9 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+
+ memcpy(state->mac_data + state->mac_len, data, count);
+ state->mac_len += count;
+-
+- return (1);
+ }
+
+- memset(&cryp, 0, sizeof(cryp));
+-
+- cryp.ses = sess->ses;
+- cryp.flags = 0;
+- cryp.len = count;
+- cryp.src = (caddr_t) data;
+- cryp.dst = NULL;
+- cryp.mac = (caddr_t) state->digest_res;
+- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+- printf("cryptodev_digest_update: digest failed\n");
+- return (0);
+- }
+- return (1);
++ return 1;
+ }
+
+ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+@@ -1640,33 +1627,25 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+ struct dev_crypto_state *state = ctx->md_data;
+ struct session_op *sess = &state->d_sess;
+
+- int ret = 1;
+-
+ if (!md || state->d_fd < 0) {
+ printf("cryptodev_digest_final: illegal input\n");
+ return (0);
+ }
+
+- if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
+- /* if application doesn't support one buffer */
+- memset(&cryp, 0, sizeof(cryp));
+- cryp.ses = sess->ses;
+- cryp.flags = 0;
+- cryp.len = state->mac_len;
+- cryp.src = state->mac_data;
+- cryp.dst = NULL;
+- cryp.mac = (caddr_t) md;
+- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+- printf("cryptodev_digest_final: digest failed\n");
+- return (0);
+- }
++ memset(&cryp, 0, sizeof(cryp));
+
+- return 1;
+- }
++ cryp.ses = sess->ses;
++ cryp.flags = 0;
++ cryp.len = state->mac_len;
++ cryp.src = state->mac_data;
++ cryp.mac = md;
+
+- memcpy(md, state->digest_res, ctx->digest->md_size);
++ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
++ printf("cryptodev_digest_final: digest failed\n");
++ return (0);
++ }
+
+- return (ret);
++ return (1);
+ }
+
+ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
+@@ -1683,11 +1662,11 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
+ return (0);
+ }
+
+- if (state->mac_data) {
++ if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
+ OPENSSL_free(state->mac_data);
+- state->mac_data = NULL;
+- state->mac_len = 0;
+ }
++ state->mac_data = NULL;
++ state->mac_len = 0;
+
+ if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
+ printf("cryptodev_digest_cleanup: failed to close session\n");
+@@ -1695,6 +1674,7 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
+ } else {
+ ret = 1;
+ }
++
+ put_dev_crypto(state->d_fd);
+ state->d_fd = -1;
+
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch
new file mode 100644
index 0000000..46b3ced
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch
@@ -0,0 +1,108 @@
+From 2187b18ffe4851efcb6465ca02ac036d2fe031b8 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Tue, 15 Dec 2015 12:23:13 +0200
+Subject: [PATCH 27/48] cryptodev: put all digest ioctls into a single function
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 44 +++++++++++++++++++------------------------
+ 1 file changed, 19 insertions(+), 25 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 048e050..76faa35 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1577,13 +1577,6 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+ sess->mackeylen = digest_key_length(ctx->digest->type);
+ sess->mac = digest;
+
+- if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
+- put_dev_crypto(state->d_fd);
+- state->d_fd = -1;
+- printf("cryptodev_digest_init: Open session failed\n");
+- return (0);
+- }
+-
+ return (1);
+ }
+
+@@ -1623,6 +1616,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+
+ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+ {
++ int ret = 1;
+ struct crypt_op cryp;
+ struct dev_crypto_state *state = ctx->md_data;
+ struct session_op *sess = &state->d_sess;
+@@ -1632,6 +1626,11 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+ return (0);
+ }
+
++ if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
++ printf("cryptodev_digest_init: Open session failed\n");
++ return (0);
++ }
++
+ memset(&cryp, 0, sizeof(cryp));
+
+ cryp.ses = sess->ses;
+@@ -1642,43 +1641,38 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+
+ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+ printf("cryptodev_digest_final: digest failed\n");
+- return (0);
++ ret = 0;
+ }
+
+- return (1);
++ if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
++ printf("cryptodev_digest_cleanup: failed to close session\n");
++ }
++
++ return ret;
+ }
+
+ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
+ {
+- int ret = 1;
+ struct dev_crypto_state *state = ctx->md_data;
+ struct session_op *sess = &state->d_sess;
+
+- if (state == NULL)
++ if (state == NULL) {
+ return 0;
+-
+- if (state->d_fd < 0) {
+- printf("cryptodev_digest_cleanup: illegal input\n");
+- return (0);
+ }
+
+ if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
+ OPENSSL_free(state->mac_data);
+ }
+- state->mac_data = NULL;
+- state->mac_len = 0;
+
+- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
+- printf("cryptodev_digest_cleanup: failed to close session\n");
+- ret = 0;
+- } else {
+- ret = 1;
++ if (state->d_fd >= 0) {
++ put_dev_crypto(state->d_fd);
++ state->d_fd = -1;
+ }
+
+- put_dev_crypto(state->d_fd);
+- state->d_fd = -1;
++ state->mac_data = NULL;
++ state->mac_len = 0;
+
+- return (ret);
++ return 1;
+ }
+
+ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch
new file mode 100644
index 0000000..03d1b96
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch
@@ -0,0 +1,90 @@
+From 3dd41691dc8162ec26d188269934689ad834894c Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Tue, 15 Dec 2015 12:51:36 +0200
+Subject: [PATCH 28/48] cryptodev: fix debug print messages
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 76faa35..1585009 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1563,13 +1563,13 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+
+ digest = digest_nid_to_cryptodev(ctx->digest->type);
+ if (digest == NID_undef) {
+- printf("cryptodev_digest_init: Can't get digest \n");
++ printf("%s: Can't get digest\n", __func__);
+ return (0);
+ }
+
+ state->d_fd = get_dev_crypto();
+ if (state->d_fd < 0) {
+- printf("cryptodev_digest_init: Can't get Dev \n");
++ printf("%s: Can't get Dev\n", __func__);
+ return (0);
+ }
+
+@@ -1586,7 +1586,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+ struct dev_crypto_state *state = ctx->md_data;
+
+ if (!data || !count) {
+- printf("cryptodev_digest_update: illegal inputs \n");
++ printf("%s: illegal inputs\n", __func__);
+ return 0;
+ }
+
+@@ -1603,7 +1603,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+ state->mac_data =
+ OPENSSL_realloc(state->mac_data, state->mac_len + count);
+ if (!state->mac_data) {
+- printf("cryptodev_digest_update: realloc failed\n");
++ printf("%s: realloc failed\n", __func__);
+ return (0);
+ }
+
+@@ -1622,12 +1622,12 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+ struct session_op *sess = &state->d_sess;
+
+ if (!md || state->d_fd < 0) {
+- printf("cryptodev_digest_final: illegal input\n");
++ printf("%s: illegal input\n", __func__);
+ return (0);
+ }
+
+ if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
+- printf("cryptodev_digest_init: Open session failed\n");
++ printf("%s: Open session failed\n", __func__);
+ return (0);
+ }
+
+@@ -1640,12 +1640,12 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+ cryp.mac = md;
+
+ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+- printf("cryptodev_digest_final: digest failed\n");
++ printf("%s: digest failed\n", __func__);
+ ret = 0;
+ }
+
+ if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
+- printf("cryptodev_digest_cleanup: failed to close session\n");
++ printf("%s: failed to close session\n", __func__);
+ }
+
+ return ret;
+@@ -1700,7 +1700,7 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
+ if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
+ put_dev_crypto(dstate->d_fd);
+ dstate->d_fd = -1;
+- printf("cryptodev_digest_init: Open session failed\n");
++ printf("%s: Open session failed\n", __func__);
+ return (0);
+ }
+
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch
new file mode 100644
index 0000000..3dc2b92
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch
@@ -0,0 +1,91 @@
+From 3fe44ab50a87106af3349148e81ec8a1d524de82 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Tue, 15 Dec 2015 15:43:28 +0200
+Subject: [PATCH 29/48] cryptodev: use CIOCHASH ioctl for digest operations
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 34 +++++++++++-----------------------
+ 1 file changed, 11 insertions(+), 23 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 1585009..dc27b55 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -84,6 +84,7 @@ struct dev_crypto_state {
+ unsigned char *iv;
+ int ivlen;
+ # ifdef USE_CRYPTODEV_DIGESTS
++ struct hash_op_data hash_op;
+ char dummy_mac_key[HASH_MAX_LEN];
+ unsigned char digest_res[HASH_MAX_LEN];
+ char *mac_data;
+@@ -1556,7 +1557,7 @@ static int digest_key_length(int nid)
+ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+ {
+ struct dev_crypto_state *state = ctx->md_data;
+- struct session_op *sess = &state->d_sess;
++ struct hash_op_data *hash_op = &state->hash_op;
+ int digest;
+
+ memset(state, 0, sizeof(struct dev_crypto_state));
+@@ -1573,9 +1574,9 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+ return (0);
+ }
+
+- sess->mackey = state->dummy_mac_key;
+- sess->mackeylen = digest_key_length(ctx->digest->type);
+- sess->mac = digest;
++ hash_op->mac_op = digest;
++ hash_op->mackey = state->dummy_mac_key;
++ hash_op->mackeylen = digest_key_length(ctx->digest->type);
+
+ return (1);
+ }
+@@ -1617,37 +1618,24 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+ {
+ int ret = 1;
+- struct crypt_op cryp;
+ struct dev_crypto_state *state = ctx->md_data;
+- struct session_op *sess = &state->d_sess;
++ struct hash_op_data *hash_op = &state->hash_op;
+
+ if (!md || state->d_fd < 0) {
+ printf("%s: illegal input\n", __func__);
+ return (0);
+ }
+
+- if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
+- printf("%s: Open session failed\n", __func__);
+- return (0);
+- }
+-
+- memset(&cryp, 0, sizeof(cryp));
++ hash_op->flags = 0;
++ hash_op->len = state->mac_len;
++ hash_op->src = state->mac_data;
++ hash_op->mac_result = md;
+
+- cryp.ses = sess->ses;
+- cryp.flags = 0;
+- cryp.len = state->mac_len;
+- cryp.src = state->mac_data;
+- cryp.mac = md;
+-
+- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
++ if (ioctl(state->d_fd, CIOCHASH, hash_op) < 0) {
+ printf("%s: digest failed\n", __func__);
+ ret = 0;
+ }
+
+- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
+- printf("%s: failed to close session\n", __func__);
+- }
+-
+ return ret;
+ }
+
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch
new file mode 100644
index 0000000..995a593
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch
@@ -0,0 +1,106 @@
+From 12fad710349bb72b7f95ee30b40c2e6dfbb5d373 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Wed, 13 Jan 2016 15:18:20 +0200
+Subject: [PATCH 30/48] cryptodev: reduce duplicated efforts for searching
+ inside digests table
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 44 ++++++++++++++++++-------------------------
+ 1 file changed, 18 insertions(+), 26 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index dc27b55..30713e5 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1533,37 +1533,31 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+
+ # ifdef USE_CRYPTODEV_DIGESTS
+
+-/* convert digest type to cryptodev */
+-static int digest_nid_to_cryptodev(int nid)
++static int digest_nid_to_id(int nid)
+ {
+ int i;
+
+- for (i = 0; digests[i].id; i++)
+- if (digests[i].nid == nid)
+- return (digests[i].id);
+- return (0);
+-}
+-
+-static int digest_key_length(int nid)
+-{
+- int i;
+-
+- for (i = 0; digests[i].id; i++)
+- if (digests[i].nid == nid)
+- return digests[i].keylen;
+- return (0);
++ for (i = 0;; i++) {
++ if ((digests[i].nid == nid) || (digests[i].id == 0)) {
++ break;
++ }
++ }
++ return i;
+ }
+
+ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+ {
+ struct dev_crypto_state *state = ctx->md_data;
+ struct hash_op_data *hash_op = &state->hash_op;
+- int digest;
++ int id;
+
+ memset(state, 0, sizeof(struct dev_crypto_state));
+
+- digest = digest_nid_to_cryptodev(ctx->digest->type);
+- if (digest == NID_undef) {
++ id = digest_nid_to_id(ctx->digest->type);
++
++ hash_op->mac_op = digests[id].id;
++ hash_op->mackeylen = digests[id].keylen;
++ if (hash_op->mac_op == 0) {
+ printf("%s: Can't get digest\n", __func__);
+ return (0);
+ }
+@@ -1574,11 +1568,9 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+ return (0);
+ }
+
+- hash_op->mac_op = digest;
+ hash_op->mackey = state->dummy_mac_key;
+- hash_op->mackeylen = digest_key_length(ctx->digest->type);
+
+- return (1);
++ return 1;
+ }
+
+ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+@@ -1668,7 +1660,7 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
+ struct dev_crypto_state *fstate = from->md_data;
+ struct dev_crypto_state *dstate = to->md_data;
+ struct session_op *sess;
+- int digest;
++ int id;
+
+ if (dstate == NULL || fstate == NULL)
+ return 1;
+@@ -1677,11 +1669,11 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
+
+ sess = &dstate->d_sess;
+
+- digest = digest_nid_to_cryptodev(to->digest->type);
++ id = digest_nid_to_id(to->digest->type);
+
+ sess->mackey = dstate->dummy_mac_key;
+- sess->mackeylen = digest_key_length(to->digest->type);
+- sess->mac = digest;
++ sess->mackeylen = digests[id].keylen;
++ sess->mac = digests[id].id;
+
+ dstate->d_fd = get_dev_crypto();
+
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch
new file mode 100644
index 0000000..fc23e0c
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch
@@ -0,0 +1,46 @@
+From 8cd09ffdfd7d9c25605401f1c0947b1b4acc6e57 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Mon, 8 Feb 2016 16:00:22 +0200
+Subject: [PATCH 31/48] cryptodev: remove not used local variables
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 30713e5..2734500 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1634,7 +1634,6 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
+ {
+ struct dev_crypto_state *state = ctx->md_data;
+- struct session_op *sess = &state->d_sess;
+
+ if (state == NULL) {
+ return 0;
+@@ -3939,7 +3938,6 @@ static int cryptodev_dh_keygen(DH *dh)
+ int ret = 1, q_len = 0;
+ unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL;
+ BIGNUM *pub_key = NULL, *priv_key = NULL;
+- int generate_new_key = 1;
+
+ if (dh->priv_key)
+ priv_key = dh->priv_key;
+@@ -4061,11 +4059,9 @@ cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
+ {
+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
+ int ret = 1;
+- int fd, p_len;
++ int p_len;
+ unsigned char *padded_pub_key = NULL, *p = NULL;
+
+- fd = *(int *)cookie->eng_handle;
+-
+ memset(kop, 0, sizeof(struct crypt_kop));
+ kop->crk_op = CRK_DH_COMPUTE_KEY;
+ /* inputs: dh->priv_key pub_key dh->p key */
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch
new file mode 100644
index 0000000..9ff4d36
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch
@@ -0,0 +1,27 @@
+From 335c80f847eacc573e10ba925b6a645963b16197 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Mon, 8 Feb 2016 17:22:49 +0200
+Subject: [PATCH 32/48] cryptodev: hide not used variable behind #ifndef
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 2734500..5a68c76 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -412,7 +412,9 @@ static int open_dev_crypto(void)
+ static int get_dev_crypto(void)
+ {
+ static int fd = -1;
++# ifndef CRIOGET_NOT_NEEDED
+ int retfd;
++# endif
+
+ if (fd == -1)
+ fd = open_dev_crypto();
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch
new file mode 100644
index 0000000..82cceba
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch
@@ -0,0 +1,26 @@
+From 03bdddf1495707119e4fa0eda385ecdccf66cbd8 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Mon, 8 Feb 2016 16:08:25 +0200
+Subject: [PATCH 33/48] cryptodev: fix function declaration typo
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/engine.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
+index f83ee73..c8efbe1 100644
+--- a/crypto/engine/engine.h
++++ b/crypto/engine/engine.h
+@@ -569,7 +569,7 @@ void ENGINE_set_async_map(ENGINE *e, int async_map);
+ int ENGINE_get_async_map(ENGINE *e);
+ int ENGINE_open_instance(ENGINE *e);
+ int ENGINE_close_instance(ENGINE *e, int fd);
+-void ENGINE_set_init_instance(ENGINE *e, int(*engine_init_instance)(void));
++void ENGINE_set_open_instance(ENGINE *e, int(*engine_open_instance)(void));
+ void ENGINE_set_close_instance(ENGINE *e, int(*engine_close_instance)(int));
+ void ENGINE_set_check_pkc_availability(ENGINE *e,
+ int (*check_pkc_availability)(int fd));
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch
new file mode 100644
index 0000000..84268c5
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch
@@ -0,0 +1,26 @@
+From 7012cf33a00618749319b1903f48ee3a35f5887b Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Mon, 8 Feb 2016 16:12:54 +0200
+Subject: [PATCH 34/48] cryptodev: fix incorrect function signature
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 5a68c76..cec6938 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -3148,7 +3148,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
+ }
+
+ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
+- ECDSA_SIG *sig, EC_KEY *eckey)
++ const ECDSA_SIG *sig, EC_KEY *eckey)
+ {
+ BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL;
+ BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch
new file mode 100644
index 0000000..0e90d82
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch
@@ -0,0 +1,110 @@
+From 82612e3c4161ed6e10379841b953a0f56e557be4 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Mon, 8 Feb 2016 16:21:46 +0200
+Subject: [PATCH 35/48] cryptodev: fix warnings on excess elements in struct
+ initializer
+
+The initialization data for these structures had either missing or excess
+values and did not match the structure definitions.
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/dh/dh.h | 6 +++---
+ crypto/dsa/dsa.h | 11 ++++++-----
+ crypto/engine/eng_cryptodev.c | 11 ++++++-----
+ 3 files changed, 15 insertions(+), 13 deletions(-)
+
+diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
+index 31dd762..11c6c7d 100644
+--- a/crypto/dh/dh.h
++++ b/crypto/dh/dh.h
+@@ -123,9 +123,9 @@ struct dh_method {
+ int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+- int (*compute_key_async)(unsigned char *key,const BIGNUM *pub_key,DH *dh,
+- struct pkc_cookie_s *cookie);
+- int (*generate_key_async)(DH *dh, struct pkc_cookie_s *cookie);
++ int (*compute_key_async) (unsigned char *key, const BIGNUM *pub_key,
++ DH *dh, struct pkc_cookie_s * cookie);
++ int (*generate_key_async) (DH *dh, struct pkc_cookie_s * cookie);
+ int (*init) (DH *dh);
+ int (*finish) (DH *dh);
+ int flags;
+diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
+index 8584731..ab52add 100644
+--- a/crypto/dsa/dsa.h
++++ b/crypto/dsa/dsa.h
+@@ -139,10 +139,11 @@ struct dsa_method {
+ /* Can be null */
+ int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+- int (*dsa_do_sign_async)(const unsigned char *dgst, int dlen, DSA *dsa,
+- DSA_SIG *sig, struct pkc_cookie_s *cookie);
+- int (*dsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
+- DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie);
++ int (*dsa_do_sign_async) (const unsigned char *dgst, int dlen, DSA *dsa,
++ DSA_SIG *sig, struct pkc_cookie_s * cookie);
++ int (*dsa_do_verify_async) (const unsigned char *dgst, int dgst_len,
++ DSA_SIG *sig, DSA *dsa,
++ struct pkc_cookie_s * cookie);
+ int (*init) (DSA *dsa);
+ int (*finish) (DSA *dsa);
+ int flags;
+@@ -154,7 +155,7 @@ struct dsa_method {
+ BN_GENCB *cb);
+ /* If this is non-NULL, it is used to generate DSA keys */
+ int (*dsa_keygen) (DSA *dsa);
+- int (*dsa_keygen_async)(DSA *dsa, struct pkc_cookie_s *cookie);
++ int (*dsa_keygen_async) (DSA *dsa, struct pkc_cookie_s * cookie);
+ };
+
+ struct dsa_st {
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index cec6938..407ea62 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -2892,11 +2892,13 @@ static DSA_METHOD cryptodev_dsa = {
+ NULL,
+ NULL,
+ NULL,
+- NULL,
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* flags */
+- NULL /* app_data */
++ NULL, /* app_data */
++ NULL,
++ NULL,
++ NULL
+ };
+
+ static ECDSA_METHOD cryptodev_ecdsa = {
+@@ -2906,7 +2908,6 @@ static ECDSA_METHOD cryptodev_ecdsa = {
+ NULL,
+ NULL,
+ NULL,
+- NULL,
+ 0, /* flags */
+ NULL /* app_data */
+ };
+@@ -4483,14 +4484,14 @@ static DH_METHOD cryptodev_dh = {
+ NULL,
+ NULL,
+ 0, /* flags */
+- NULL /* app_data */
++ NULL, /* app_data */
++ NULL, /* generate_params */
+ };
+
+ static ECDH_METHOD cryptodev_ecdh = {
+ "cryptodev ECDH method",
+ NULL, /* cryptodev_ecdh_compute_key */
+ NULL,
+- NULL,
+ 0, /* flags */
+ NULL /* app_data */
+ };
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch
new file mode 100644
index 0000000..94b9f0f
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch
@@ -0,0 +1,46 @@
+From 8ccc9b12954b7eb299020a1b15d9d1e5735779df Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Mon, 8 Feb 2016 16:36:33 +0200
+Subject: [PATCH 36/48] cryptodev: fix free on error path
+
+This was most likely a typo that escaped code review
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/ecdsa/ecs_locl.h | 4 ++--
+ crypto/engine/eng_cryptodev.c | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h
+index 9b28c04..c3843c6 100644
+--- a/crypto/ecdsa/ecs_locl.h
++++ b/crypto/ecdsa/ecs_locl.h
+@@ -74,10 +74,10 @@ struct ecdsa_method {
+ BIGNUM **r);
+ int (*ecdsa_do_verify) (const unsigned char *dgst, int dgst_len,
+ const ECDSA_SIG *sig, EC_KEY *eckey);
+- int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len,
++ int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len,
+ const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey,
+ ECDSA_SIG *sig, struct pkc_cookie_s *cookie);
+- int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
++ int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
+ const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie);
+ # if 0
+ int (*init) (EC_KEY *eckey);
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 407ea62..1b1fdc7 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -3424,7 +3424,7 @@ static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst,
+ if (!(sig->r = BN_new()) || !kop)
+ goto err;
+ if ((sig->s = BN_new()) == NULL) {
+- BN_free(r);
++ BN_free(sig->r);
+ goto err;
+ }
+
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch
new file mode 100644
index 0000000..2e9567b
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch
@@ -0,0 +1,28 @@
+From b3d3b86063e65b84ce53f4653295e3f6a83d5794 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Mon, 8 Feb 2016 16:55:32 +0200
+Subject: [PATCH 37/48] cryptodev: fix return value on error
+
+Even though we're on error path, the operation is taken care of on
+software; return success (ret is 1)
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 1b1fdc7..8cd3aa3 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -2755,7 +2755,6 @@ cryptodev_dsa_do_sign_async(const unsigned char *dgst, int dlen, DSA *dsa,
+ sig->s = dsaret->s;
+ /* Call user callback immediately */
+ cookie->pkc_callback(cookie, 0);
+- ret = dsaret;
+ }
+ return ret;
+ }
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch
new file mode 100644
index 0000000..6e083ba
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch
@@ -0,0 +1,29 @@
+From dcc3254b6dbb8627dd710fa58585542b98c80394 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Mon, 8 Feb 2016 17:11:43 +0200
+Subject: [PATCH 38/48] cryptodev: match types with cryptodev.h
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 8cd3aa3..4613d2d 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -85,9 +85,9 @@ struct dev_crypto_state {
+ int ivlen;
+ # ifdef USE_CRYPTODEV_DIGESTS
+ struct hash_op_data hash_op;
+- char dummy_mac_key[HASH_MAX_LEN];
++ unsigned char dummy_mac_key[HASH_MAX_LEN];
+ unsigned char digest_res[HASH_MAX_LEN];
+- char *mac_data;
++ unsigned char *mac_data;
+ int mac_len;
+ # endif
+ };
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch
new file mode 100644
index 0000000..916c47e
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch
@@ -0,0 +1,30 @@
+From 605210c8ae9241cad6c4ec071f5193bf3e83b2d4 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Mon, 8 Feb 2016 17:15:25 +0200
+Subject: [PATCH 39/48] cryptodev: explicitly discard const qualifier
+
+The const qualifier is discarded by the assignment as a result of how
+the variables are defined. This patch drops the const qualifier
+explicitly to avoid build errors.
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 4613d2d..2791ca3 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1592,7 +1592,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+ * cryptodev calls and accumulating small amounts of data
+ */
+ if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) {
+- state->mac_data = data;
++ state->mac_data = (void *)data;
+ state->mac_len = count;
+ } else {
+ state->mac_data =
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch
new file mode 100644
index 0000000..2c61d9b
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch
@@ -0,0 +1,95 @@
+From 45429e5ea075867f9219a6fcb233677d062a4451 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Tue, 9 Feb 2016 11:28:23 +0200
+Subject: [PATCH 40/48] cryptodev: replace caddr_t with void *
+
+This avoids warnings such as "pointer targets in assignment differ in
+signedness" when compiling the code
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 2791ca3..f172173 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -460,8 +460,8 @@ static int get_cryptodev_ciphers(const int **cnids)
+ return (0);
+ }
+ memset(&sess, 0, sizeof(sess));
+- sess.key = (caddr_t) "123456789abcdefghijklmno";
+- sess.mackey = (caddr_t) "123456789ABCDEFGHIJKLMNO";
++ sess.key = (void *)"123456789abcdefghijklmno";
++ sess.mackey = (void *)"123456789ABCDEFGHIJKLMNO";
+
+ for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+ if (ciphers[i].nid == NID_undef)
+@@ -501,7 +501,7 @@ static int get_cryptodev_digests(const int **cnids)
+ return (0);
+ }
+ memset(&sess, 0, sizeof(sess));
+- sess.mackey = (caddr_t) "123456789abcdefghijklmno";
++ sess.mackey = (void *)"123456789abcdefghijklmno";
+ for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+ if (digests[i].nid == NID_undef)
+ continue;
+@@ -633,14 +633,14 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ cryp.ses = sess->ses;
+ cryp.flags = 0;
+ cryp.len = inl;
+- cryp.src = (caddr_t) in;
+- cryp.dst = (caddr_t) out;
++ cryp.src = (void *)in;
++ cryp.dst = (void *)out;
+ cryp.mac = 0;
+
+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+
+ if (ctx->cipher->iv_len) {
+- cryp.iv = (caddr_t) ctx->iv;
++ cryp.iv = (void *)ctx->iv;
+ if (!ctx->encrypt) {
+ iiv = in + inl - ctx->cipher->iv_len;
+ memcpy(save_iv, iiv, ctx->cipher->iv_len);
+@@ -701,15 +701,15 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ }
+ cryp.ses = sess->ses;
+ cryp.len = state->len;
+- cryp.src = (caddr_t) in;
+- cryp.dst = (caddr_t) out;
++ cryp.src = (void *)in;
++ cryp.dst = (void *)out;
+ cryp.auth_src = state->aad;
+ cryp.auth_len = state->aad_len;
+
+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+
+ if (ctx->cipher->iv_len) {
+- cryp.iv = (caddr_t) ctx->iv;
++ cryp.iv = (void *)ctx->iv;
+ if (!ctx->encrypt) {
+ iiv = in + len - ctx->cipher->iv_len;
+ memcpy(save_iv, iiv, ctx->cipher->iv_len);
+@@ -761,7 +761,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ if ((state->d_fd = get_dev_crypto()) < 0)
+ return (0);
+
+- sess->key = (caddr_t) key;
++ sess->key = (void *)key;
+ sess->keylen = ctx->key_len;
+ sess->cipher = cipher;
+
+@@ -804,7 +804,7 @@ static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx,
+
+ memset(sess, 0, sizeof(struct session_op));
+
+- sess->key = (caddr_t) key;
++ sess->key = (void *)key;
+ sess->keylen = ctx->key_len;
+ sess->cipher = cipher;
+
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
new file mode 100644
index 0000000..5525045
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
@@ -0,0 +1,49 @@
+From f10d471839dff079a23d79d1b4ecb3e3e6529283 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Mon, 8 Feb 2016 17:04:25 +0200
+Subject: [PATCH 41/48] cryptodev: check for errors inside
+ cryptodev_rsa_mod_exp
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 24 ++++++++++++++++++------
+ 1 file changed, 18 insertions(+), 6 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index f172173..695848d 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -2054,12 +2054,24 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+ kop.crk_status = 0;
+ kop.crk_op = CRK_MOD_EXP_CRT;
+ f_len = BN_num_bytes(rsa->n);
+- spcf_bn2bin_ex(I, &f, &f_len);
+- spcf_bn2bin(rsa->p, &p, &p_len);
+- spcf_bn2bin(rsa->q, &q, &q_len);
+- spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
+- spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
+- spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
++ if (spcf_bn2bin_ex(I, &f, &f_len) != 0) {
++ goto err;
++ }
++ if (spcf_bn2bin(rsa->p, &p, &p_len) != 0) {
++ goto err;
++ }
++ if (spcf_bn2bin(rsa->q, &q, &q_len) != 0) {
++ goto err;
++ }
++ if (spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len) != 0) {
++ goto err;
++ }
++ if (spcf_bn2bin_ex(rsa->iqmp, &c, &p_len) != 0) {
++ goto err;
++ }
++ if (spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len) != 0) {
++ goto err;
++ }
+ /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
+ kop.crk_param[0].crp_p = p;
+ kop.crk_param[0].crp_nbits = p_len * 8;
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
new file mode 100644
index 0000000..218accb
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
@@ -0,0 +1,69 @@
+From 402a2e4da471728fa537462d7a13aa35955cd6d8 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Tue, 9 Feb 2016 11:47:52 +0200
+Subject: [PATCH 42/48] cryptodev: check for errors inside
+ cryptodev_rsa_mod_exp_async
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 33 +++++++++++++++++++++++++--------
+ 1 file changed, 25 insertions(+), 8 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 695848d..8e84972 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -2109,25 +2109,42 @@ static int
+ cryptodev_rsa_mod_exp_async(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx, struct pkc_cookie_s *cookie)
+ {
+- struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++ struct crypt_kop *kop;
+ int ret = 1, f_len, p_len, q_len;
+ unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq =
+ NULL, *c = NULL;
+
+- if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp || !kop) {
++ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+ return (0);
+ }
+
++ kop = malloc(sizeof(struct crypt_kop));
++ if (kop == NULL) {
++ goto err;
++ }
++
+ kop->crk_oparams = 0;
+ kop->crk_status = 0;
+ kop->crk_op = CRK_MOD_EXP_CRT;
+ f_len = BN_num_bytes(rsa->n);
+- spcf_bn2bin_ex(I, &f, &f_len);
+- spcf_bn2bin(rsa->p, &p, &p_len);
+- spcf_bn2bin(rsa->q, &q, &q_len);
+- spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
+- spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
+- spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
++ if (spcf_bn2bin_ex(I, &f, &f_len) != 0) {
++ goto err;
++ }
++ if (spcf_bn2bin(rsa->p, &p, &p_len) != 0) {
++ goto err;
++ }
++ if (spcf_bn2bin(rsa->q, &q, &q_len) != 0) {
++ goto err;
++ }
++ if (spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len) != 0) {
++ goto err;
++ }
++ if (spcf_bn2bin_ex(rsa->iqmp, &c, &p_len) != 0) {
++ goto err;
++ }
++ if (spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len) != 0) {
++ goto err;
++ }
+ /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
+ kop->crk_param[0].crp_p = p;
+ kop->crk_param[0].crp_nbits = p_len * 8;
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
new file mode 100644
index 0000000..931141d
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
@@ -0,0 +1,52 @@
+From c8a5f714d35c3bd63d2511ad69e0661a7d1d5dcd Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Tue, 9 Feb 2016 11:53:22 +0200
+Subject: [PATCH 43/48] cryptodev: check for errors inside
+ cryptodev_dh_compute_key
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 15 +++++++++++----
+ 1 file changed, 11 insertions(+), 4 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 8e84972..55b2047 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -4043,11 +4043,15 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+ memset(&kop, 0, sizeof kop);
+ kop.crk_op = CRK_DH_COMPUTE_KEY;
+ /* inputs: dh->priv_key pub_key dh->p key */
+- spcf_bn2bin(dh->p, &p, &p_len);
+- spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
+- if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
++ if (spcf_bn2bin(dh->p, &p, &p_len) != 0) {
+ goto sw_try;
+-
++ }
++ if (spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len) != 0) {
++ goto sw_try;
++ }
++ if (bn2crparam(dh->priv_key, &kop.crk_param[0]) != 0) {
++ goto sw_try;
++ }
+ kop.crk_param[1].crp_p = padded_pub_key;
+ kop.crk_param[1].crp_nbits = p_len * 8;
+ kop.crk_param[2].crp_p = p;
+@@ -4074,10 +4078,13 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+ kop.crk_param[3].crp_p = NULL;
+ zapparams(&kop);
+ return (dhret);
++
+ sw_try:
+ {
+ const DH_METHOD *meth = DH_OpenSSL();
+
++ free(p);
++ free(padded_pub_key);
+ dhret = (meth->compute_key) (key, pub_key, dh);
+ }
+ return (dhret);
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
new file mode 100644
index 0000000..be99643
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
@@ -0,0 +1,76 @@
+From 42a1c45091ab7996c4411f3dd74539c908c63208 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Tue, 9 Feb 2016 11:53:33 +0200
+Subject: [PATCH 44/48] cryptodev: check for errors inside
+ cryptodev_dh_compute_key_async
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 29 +++++++++++++++++++++--------
+ 1 file changed, 21 insertions(+), 8 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 55b2047..e0f9d4b 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -4095,19 +4095,28 @@ static int
+ cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
+ DH *dh, struct pkc_cookie_s *cookie)
+ {
+- struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++ struct crypt_kop *kop;
+ int ret = 1;
+ int p_len;
+ unsigned char *padded_pub_key = NULL, *p = NULL;
+
++ kop = malloc(sizeof(struct crypt_kop));
++ if (kop == NULL) {
++ goto err;
++ }
++
+ memset(kop, 0, sizeof(struct crypt_kop));
+ kop->crk_op = CRK_DH_COMPUTE_KEY;
+ /* inputs: dh->priv_key pub_key dh->p key */
+- spcf_bn2bin(dh->p, &p, &p_len);
+- spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
+-
+- if (bn2crparam(dh->priv_key, &kop->crk_param[0]))
++ if (spcf_bn2bin(dh->p, &p, &p_len) != 0) {
++ goto err;
++ }
++ if (spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len) != 0) {
+ goto err;
++ }
++ if (bn2crparam(dh->priv_key, &kop->crk_param[0]) != 0) {
++ goto err;
++ }
+ kop->crk_param[1].crp_p = padded_pub_key;
+ kop->crk_param[1].crp_nbits = p_len * 8;
+ kop->crk_param[2].crp_p = p;
+@@ -4119,16 +4128,20 @@ cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
+ kop->crk_param[3].crp_nbits = p_len * 8;
+ kop->crk_oparams = 1;
+
+- if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
++ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) {
+ goto err;
++ }
+
+ return p_len;
+ err:
+ {
+ const DH_METHOD *meth = DH_OpenSSL();
+-
+- if (kop)
++ free(p);
++ free(padded_pub_key);
++ if (kop) {
+ free(kop);
++ }
++
+ ret = (meth->compute_key) (key, pub_key, dh);
+ /* Call user cookie handler */
+ cookie->pkc_callback(cookie, 0);
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch
new file mode 100644
index 0000000..11f1a54
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch
@@ -0,0 +1,38 @@
+From 528e4965e536d31cdccb11abe5e04db28a1008a8 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Tue, 9 Feb 2016 12:11:32 +0200
+Subject: [PATCH 45/48] cryptodev: change signature for conversion functions
+
+These functions are called with const BIGNUMs, so we change the
+signatures to avoid compilation warnings
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index e0f9d4b..3024a68 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -145,7 +145,7 @@ const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256;
+ const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256;
+
+-inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
++inline int spcf_bn2bin(const BIGNUM *bn, unsigned char **bin, int *bin_len)
+ {
+ int len;
+ unsigned char *p;
+@@ -167,7 +167,7 @@ inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
+ return 0;
+ }
+
+-inline int spcf_bn2bin_ex(BIGNUM *bn, unsigned char **bin, int *bin_len)
++inline int spcf_bn2bin_ex(const BIGNUM *bn, unsigned char **bin, int *bin_len)
+ {
+ int len;
+ unsigned char *p;
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch
new file mode 100644
index 0000000..e7a5aa3
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch
@@ -0,0 +1,26 @@
+From b27823ac9f460c96a72d9003e2e134c1288ac85f Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Tue, 9 Feb 2016 12:13:59 +0200
+Subject: [PATCH 46/48] cryptodev: add explicit cast for known BIGNUM values
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 3024a68..539be62 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -4014,7 +4014,7 @@ static int cryptodev_dh_keygen(DH *dh)
+ }
+
+ /* pub_key is or prime length while priv key is of length of order */
+- if (cryptodev_asym(&kop, q_len, w, q_len, s))
++ if (cryptodev_asym(&kop, q_len, (BIGNUM *)w, q_len, (BIGNUM *)s))
+ goto sw_try;
+
+ dh->pub_key = BN_bin2bn(w, q_len, pub_key);
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch
new file mode 100644
index 0000000..2163998
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch
@@ -0,0 +1,28 @@
+From 596735ad86a3dae987e19c21ef22259179966fc6 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Mon, 8 Feb 2016 15:15:02 +0200
+Subject: [PATCH 47/48] cryptodev: treat all build warnings as errors
+
+This patch has the purpose of maintaining a higher level of code quality.
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypto/engine/Makefile b/crypto/engine/Makefile
+index 426388e..010f21d 100644
+--- a/crypto/engine/Makefile
++++ b/crypto/engine/Makefile
+@@ -10,7 +10,7 @@ CFLAG=-g
+ MAKEFILE= Makefile
+ AR= ar r
+
+-CFLAGS= $(INCLUDES) $(CFLAG)
++CFLAGS= -Wall -Werror $(INCLUDES) $(CFLAG)
+
+ GENERAL=Makefile
+ TEST= enginetest.c
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch
new file mode 100644
index 0000000..d7b84e6
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch
@@ -0,0 +1,29 @@
+From 116bd4f6f1ee5acdb997d414902d9646b24df1be Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Wed, 6 Apr 2016 15:22:58 +0300
+Subject: [PATCH 48/48] fix 'maclen is used uninitialized' warning on some
+ compilers
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 539be62..35b71b0 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -905,6 +905,10 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
+ maclen = SHA256_DIGEST_LENGTH;
+ aad_needs_fix = true;
+ break;
++ default:
++ fprintf(stderr, "%s: unsupported NID: %d\n",
++ __func__, ctx->cipher->nid);
++ return -1;
+ }
+
+ /* Correct length for AAD Length field */
+--
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/run-ptest b/recipes-connectivity/openssl/openssl-qoriq/run-ptest
new file mode 100755
index 0000000..3b20fce
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/run-ptest
@@ -0,0 +1,2 @@
+#!/bin/sh
+make -k runtest
diff --git a/recipes-connectivity/openssl/openssl-qoriq_1.0.1i.bb b/recipes-connectivity/openssl/openssl-qoriq_1.0.1i.bb
deleted file mode 100644
index 3b9d56e..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq_1.0.1i.bb
+++ /dev/null
@@ -1,96 +0,0 @@
-require openssl-qoriq.inc
-
-# For target side versions of openssl enable support for cryptodev Linux driver
-# if they are available.
-DEPENDS_class-target += "cryptodev-linux"
-CFLAG_class-target += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
-
-export DIRS = "crypto ssl apps engines"
-export OE_LDFLAGS="${LDFLAGS}"
-
-SRC_URI += "file://configure-targets.patch \
- file://shared-libs.patch \
- file://oe-ldflags.patch \
- file://engines-install-in-libdir-ssl.patch \
- file://openssl-fix-link.patch \
- file://debian/version-script.patch \
- file://debian/pic.patch \
- file://debian/c_rehash-compat.patch \
- file://debian/ca.patch \
- file://debian/make-targets.patch \
- file://debian/no-rpath.patch \
- file://debian/man-dir.patch \
- file://debian/man-section.patch \
- file://debian/no-symbolic.patch \
- file://debian/debian-targets.patch \
- file://openssl_fix_for_x32.patch \
- file://fix-cipher-des-ede3-cfb1.patch \
- file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
- file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \
- file://initial-aarch64-bits.patch \
- file://find.pl \
- file://openssl-fix-des.pod-error.patch \
- "
-
-SRC_URI_append_class-target = "\
- file://qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch \
- file://qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch \
- file://qoriq/0003-cryptodev-fix-algorithm-registration.patch \
- file://qoriq/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch \
- file://qoriq/0005-ECC-Support-header-for-Cryptodev-Engine.patch \
- file://qoriq/0006-Fixed-private-key-support-for-DH.patch \
- file://qoriq/0007-Fixed-private-key-support-for-DH.patch \
- file://qoriq/0008-Initial-support-for-PKC-in-cryptodev-engine.patch \
- file://qoriq/0009-Added-hwrng-dev-file-as-source-of-RNG.patch \
- file://qoriq/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch \
- file://qoriq/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch \
- file://qoriq/0012-RSA-Keygen-Fix.patch \
- file://qoriq/0013-Removed-local-copy-of-curve_t-type.patch \
- file://qoriq/0014-Modulus-parameter-is-not-populated-by-dhparams.patch \
- file://qoriq/0015-SW-Backoff-mechanism-for-dsa-keygen.patch \
- file://qoriq/0016-Fixed-DH-keygen-pair-generator.patch \
- file://qoriq/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch \
- file://qoriq/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch \
- file://qoriq/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch \
- file://qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch \
- file://qoriq/0021-cryptodev-drop-redundant-function.patch \
- file://qoriq/0022-cryptodev-do-not-zero-the-buffer-before-use.patch \
- file://qoriq/0023-cryptodev-clean-up-code-layout.patch \
- file://qoriq/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch \
- file://qoriq/0025-cryptodev-put_dev_crypto-should-be-an-int.patch \
- file://qoriq/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch \
-"
-
-SRC_URI[md5sum] = "c8dc151a671b9b92ff3e4c118b174972"
-SRC_URI[sha256sum] = "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7"
-
-PACKAGES =+ " \
- ${PN}-engines-dbg \
- ${PN}-engines \
-"
-
-FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
-FILES_${PN}-engines-dbg = "${libdir}/engines/.debug ${libdir}/ssl/engines/.debug"
-
-PARALLEL_MAKE = ""
-PARALLEL_MAKEINST = ""
-
-# Digest offloading through cryptodev is not recommended because of the
-# performance penalty of the Openssl engine interface. Openssl generates a huge
-# number of calls to digest functions for even a small amount of work data.
-# For example there are 70 calls to cipher code and over 10000 to digest code
-# when downloading only 10 files of 700 bytes each.
-# Do not build OpenSSL with cryptodev digest support until engine digest
-# interface gets some rework:
-CFLAG_class-target := "${@'${CFLAG}'.replace('-DUSE_CRYPTODEV_DIGESTS', '')}"
-
-do_configure_prepend() {
- cp ${WORKDIR}/find.pl ${S}/util/find.pl
-}
-
-
-RDEPENDS_${PN}_class-target += "cryptodev-module"
-
-COMPATIBLE_MACHINE = "(qoriq)"
diff --git a/recipes-connectivity/openssl/openssl-qoriq_1.0.2h.bb b/recipes-connectivity/openssl/openssl-qoriq_1.0.2h.bb
new file mode 100644
index 0000000..deb4fd7
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq_1.0.2h.bb
@@ -0,0 +1,111 @@
+require openssl-qoriq.inc
+
+DISABLE_STATIC = ""
+RRECOMMENDS_libcrypto += "cryptodev-module"
+COMPATIBLE_MACHINE = "(qoriq)"
+
+# For target side versions of openssl enable support for OCF Linux driver
+# if they are available.
+DEPENDS += "cryptodev-linux"
+
+CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"
+
+export DIRS = "crypto ssl apps engines"
+export OE_LDFLAGS="${LDFLAGS}"
+
+SRC_URI += "file://find.pl;subdir=${BP}/util/ \
+ file://run-ptest \
+ file://openssl-c_rehash.sh \
+ file://configure-targets.patch \
+ file://shared-libs.patch \
+ file://oe-ldflags.patch \
+ file://engines-install-in-libdir-ssl.patch \
+ file://debian1.0.2/block_diginotar.patch \
+ file://debian1.0.2/block_digicert_malaysia.patch \
+ file://debian/ca.patch \
+ file://debian/c_rehash-compat.patch \
+ file://debian/debian-targets.patch \
+ file://debian/man-dir.patch \
+ file://debian/man-section.patch \
+ file://debian/no-rpath.patch \
+ file://debian/no-symbolic.patch \
+ file://debian/pic.patch \
+ file://debian1.0.2/version-script.patch \
+ file://openssl_fix_for_x32.patch \
+ file://fix-cipher-des-ede3-cfb1.patch \
+ file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
+ file://openssl-fix-des.pod-error.patch \
+ file://Makefiles-ptest.patch \
+ file://ptest-deps.patch \
+ file://openssl-1.0.2a-x32-asm.patch \
+ file://ptest_makefile_deps.patch \
+ file://configure-musl-target.patch \
+ file://parallel.patch \
+ "
+SRC_URI += "file://0001-remove-double-initialization-of-cryptodev-engine.patch \
+ file://0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch \
+ file://0003-cryptodev-fix-algorithm-registration.patch \
+ file://0004-ECC-Support-header-for-Cryptodev-Engine.patch \
+ file://0005-Initial-support-for-PKC-in-cryptodev-engine.patch \
+ file://0006-Added-hwrng-dev-file-as-source-of-RNG.patch \
+ file://0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch \
+ file://0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch \
+ file://0009-RSA-Keygen-Fix.patch \
+ file://0010-Removed-local-copy-of-curve_t-type.patch \
+ file://0011-Modulus-parameter-is-not-populated-by-dhparams.patch \
+ file://0012-SW-Backoff-mechanism-for-dsa-keygen.patch \
+ file://0013-Fixed-DH-keygen-pair-generator.patch \
+ file://0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch \
+ file://0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch \
+ file://0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch \
+ file://0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch \
+ file://0018-cryptodev-drop-redundant-function.patch \
+ file://0019-cryptodev-do-not-zero-the-buffer-before-use.patch \
+ file://0020-cryptodev-clean-up-code-layout.patch \
+ file://0021-cryptodev-do-not-cache-file-descriptor-in-open.patch \
+ file://0022-cryptodev-put_dev_crypto-should-be-an-int.patch \
+ file://0023-cryptodev-simplify-cryptodev-pkc-support-code.patch \
+ file://0024-cryptodev-clarify-code-remove-assignments-from-condi.patch \
+ file://0025-cryptodev-clean-up-context-state-before-anything-els.patch \
+ file://0026-cryptodev-remove-code-duplication-in-digest-operatio.patch \
+ file://0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch \
+ file://0028-cryptodev-fix-debug-print-messages.patch \
+ file://0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch \
+ file://0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch \
+ file://0031-cryptodev-remove-not-used-local-variables.patch \
+ file://0032-cryptodev-hide-not-used-variable-behind-ifndef.patch \
+ file://0033-cryptodev-fix-function-declaration-typo.patch \
+ file://0034-cryptodev-fix-incorrect-function-signature.patch \
+ file://0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch \
+ file://0036-cryptodev-fix-free-on-error-path.patch \
+ file://0037-cryptodev-fix-return-value-on-error.patch \
+ file://0038-cryptodev-match-types-with-cryptodev.h.patch \
+ file://0039-cryptodev-explicitly-discard-const-qualifier.patch \
+ file://0040-cryptodev-replace-caddr_t-with-void.patch \
+ file://0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch \
+ file://0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch \
+ file://0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch \
+ file://0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch \
+ file://0045-cryptodev-change-signature-for-conversion-functions.patch \
+ file://0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch \
+ file://0047-cryptodev-treat-all-build-warnings-as-errors.patch \
+ file://0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch \
+"
+
+SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0"
+SRC_URI[sha256sum] = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919"
+
+PACKAGES =+ "${PN}-engines"
+FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
+
+# The crypto_use_bigint patch means that perl's bignum module needs to be
+# installed, but some distributions (for example Fedora 23) don't ship it by
+# default. As the resulting error is very misleading check for bignum before
+# building.
+do_configure_prepend() {
+ if ! perl -Mbigint -e true; then
+ bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake."
+ fi
+}
--
1.9.2
More information about the meta-freescale
mailing list