[meta-freescale] [PATCH 2/4] openssl-qoriq: update recipes
Chunrong Guo
B40290 at freescale.com
Tue Nov 14 21:26:10 PST 2017
From: Chunrong Guo <chunrong.guo at nxp.com>
*Update URL to fetch qoriq-open-source github
*Update to b9e6572
This includes the following changes:
b9e6572 - eng_cryptodev: add support for TLS algorithms offload
b3a3bab - Prepare for 1.0.2l release
539c4d3 - make update
cde19ec - Update CHANGES and NEWS for new release
8ded5f1 - Ignore -rle and -comp when compiled with OPENSSL_NO_COMP. Fixes make test when configured with no-comp.
d130456 - Fix regression in openssl req -x509 behaviour.
7c300b9 - Remove notification settings from appveyor.yml
b020bf6 - Remove dead code.
ea3fc60 - Copy custom extension flags in a call to SSL_set_SSL_CTX()
4ae5993 - perlasm/x86_64-xlate.pl: work around problem with hex constants in masm.
16d78fb - Fix some error path logic in i2v_AUTHORITY_INFO_ACCESS and i2v_GENERAL_NAME
6b8fa5b - RT2867: des_ede3_cfb1 ignored "size in bits" flag
5453820 - Fix URL links in comment
d2335f3 - Fix time offset calculation.
13f70ae - Check fflush on BIO_ctrl call
de46e82 - Remove unnecessary loop in pkey_rsa_decrypt.
b99f102 - check length sanity before correcting in EVP_CTRL_AEAD_TLS1_AAD
fb2345a - Annotate ASN.1 attributes of the jurisdictionCountryName NID
60a70a5 - Fixed typo in X509_STORE_CTX_new description
74bcd77 - Numbers greater than 1 are usually non-negative.
e8f2e2f - pkeyutl exit with 0 if the verification succeeded
71d66c4 - Additional check to handle BAD SSL_write retry
a91bfe2 - crypto/ppccap.c: SIGILL-free processor capabilities detection on MacOS X.
3f524f7 - Ensure dhparams can handle X9.42 params in DER
1f3b0fe - Add missing macros for DHxparams
248cf95 - Fix for #2730. Add CRLDP extension to list of supported extensions
d75c56f - Free the compression methods in s_server and s_client
4bc46d - doc: Add stitched ciphers to EVP_EncryptInit.pod
8625e92 - doc: Add missing options in s_{server,client}
62f488d - Fix the error handling in CRYPTO_dup_ex_data.
144ab9b - Add documentation for SNI APIs
*Openssl git includes all qoriq patches so remove qoriq patches folder
Signed-off-by: Chunrong Guo <chunrong.guo at nxp.com>
---
recipes-connectivity/openssl/openssl-qoriq.inc | 6 +-
...double-initialization-of-cryptodev-engine.patch | 69 -
...ev-add-support-for-TLS-algorithms-offload.patch | 343 ----
...0003-cryptodev-fix-algorithm-registration.patch | 61 -
...4-ECC-Support-header-for-Cryptodev-Engine.patch | 319 ---
...itial-support-for-PKC-in-cryptodev-engine.patch | 1578 ---------------
...006-Added-hwrng-dev-file-as-source-of-RNG.patch | 28 -
...s-interface-added-for-PKC-cryptodev-inter.patch | 2050 --------------------
...gen-operation-and-support-gendsa-command-.patch | 155 --
.../openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch | 64 -
.../0010-Removed-local-copy-of-curve_t-type.patch | 163 --
...us-parameter-is-not-populated-by-dhparams.patch | 43 -
.../0012-SW-Backoff-mechanism-for-dsa-keygen.patch | 53 -
.../0013-Fixed-DH-keygen-pair-generator.patch | 100 -
...dd-support-for-aes-gcm-algorithm-offloadi.patch | 321 ---
...ev-extend-TLS-offload-with-3des_cbc_hmac_.patch | 199 --
...ev-add-support-for-TLSv1.1-record-offload.patch | 338 ----
...ev-add-support-for-TLSv1.2-record-offload.patch | 377 ----
.../0018-cryptodev-drop-redundant-function.patch | 72 -
...yptodev-do-not-zero-the-buffer-before-use.patch | 48 -
.../0020-cryptodev-clean-up-code-layout.patch | 73 -
...odev-do-not-cache-file-descriptor-in-open.patch | 93 -
...cryptodev-put_dev_crypto-should-be-an-int.patch | 35 -
...todev-simplify-cryptodev-pkc-support-code.patch | 260 ---
...larify-code-remove-assignments-from-condi.patch | 37 -
...lean-up-context-state-before-anything-els.patch | 34 -
...emove-code-duplication-in-digest-operatio.patch | 155 --
...ut-all-digest-ioctls-into-a-single-functi.patch | 108 --
.../0028-cryptodev-fix-debug-print-messages.patch | 90 -
...-use-CIOCHASH-ioctl-for-digest-operations.patch | 91 -
...educe-duplicated-efforts-for-searching-in.patch | 106 -
...cryptodev-remove-not-used-local-variables.patch | 46 -
...odev-hide-not-used-variable-behind-ifndef.patch | 27 -
...3-cryptodev-fix-function-declaration-typo.patch | 26 -
...ryptodev-fix-incorrect-function-signature.patch | 26 -
...ix-warnings-on-excess-elements-in-struct-.patch | 110 --
.../0036-cryptodev-fix-free-on-error-path.patch | 46 -
.../0037-cryptodev-fix-return-value-on-error.patch | 28 -
...38-cryptodev-match-types-with-cryptodev.h.patch | 29 -
...ptodev-explicitly-discard-const-qualifier.patch | 30 -
.../0040-cryptodev-replace-caddr_t-with-void.patch | 95 -
...heck-for-errors-inside-cryptodev_rsa_mod_.patch | 49 -
...heck-for-errors-inside-cryptodev_rsa_mod_.patch | 69 -
...heck-for-errors-inside-cryptodev_dh_compu.patch | 52 -
...heck-for-errors-inside-cryptodev_dh_compu.patch | 76 -
...change-signature-for-conversion-functions.patch | 38 -
...add-explicit-cast-for-known-BIGNUM-values.patch | 26 -
...ptodev-treat-all-build-warnings-as-errors.patch | 28 -
...is-used-uninitialized-warning-on-some-com.patch | 29 -
.../openssl/openssl-qoriq_1.0.2l.bb | 11 +-
50 files changed, 5 insertions(+), 8305 deletions(-)
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch
delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch
diff --git a/recipes-connectivity/openssl/openssl-qoriq.inc b/recipes-connectivity/openssl/openssl-qoriq.inc
index 306da3a..d7e4e33 100644
--- a/recipes-connectivity/openssl/openssl-qoriq.inc
+++ b/recipes-connectivity/openssl/openssl-qoriq.inc
@@ -22,9 +22,9 @@ python() {
d.appendVar("RREPLACES_%s" % p, p.replace('openssl-qoriq', 'openssl'))
}
-SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
- "
-S = "${WORKDIR}/openssl-${PV}"
+SRC_URI = "git://github.com/qoriq-open-source/openssl.git;nobranch=1"
+
+S = "${WORKDIR}/git"
PACKAGECONFIG[perl] = ",,,"
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch
deleted file mode 100644
index 67314cd..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From 90d5822f09f0b6a0f1d8d2e7189e702a18686ab7 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at freescale.com>
-Date: Tue, 10 Sep 2013 12:46:46 +0300
-Subject: [PATCH 01/48] remove double initialization of cryptodev engine
-
-cryptodev engine is initialized together with the other engines in
-ENGINE_load_builtin_engines. The initialization done through
-OpenSSL_add_all_algorithms is redundant.
-
-Change-Id: Ic9488500967595543ff846f147b36f383db7cb27
-Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/17222
----
- crypto/engine/eng_all.c | 12 ------------
- crypto/engine/engine.h | 4 ----
- util/libeay.num | 2 +-
- 3 files changed, 1 insertion(+), 17 deletions(-)
-
-diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
-index 48ad0d2..a198c5f 100644
---- a/crypto/engine/eng_all.c
-+++ b/crypto/engine/eng_all.c
-@@ -122,15 +122,3 @@ void ENGINE_load_builtin_engines(void)
- #endif
- ENGINE_register_all_complete();
- }
--
--#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
--void ENGINE_setup_bsd_cryptodev(void)
--{
-- static int bsd_cryptodev_default_loaded = 0;
-- if (!bsd_cryptodev_default_loaded) {
-- ENGINE_load_cryptodev();
-- ENGINE_register_all_complete();
-- }
-- bsd_cryptodev_default_loaded = 1;
--}
--#endif
-diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
-index bd7b591..020d912 100644
---- a/crypto/engine/engine.h
-+++ b/crypto/engine/engine.h
-@@ -857,10 +857,6 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id,
- */
- void *ENGINE_get_static_state(void);
-
--# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
--void ENGINE_setup_bsd_cryptodev(void);
--# endif
--
- /* BEGIN ERROR CODES */
- /*
- * The following lines are auto generated by the script mkerr.pl. Any changes
-diff --git a/util/libeay.num b/util/libeay.num
-index 2094ab3..2742cf5 100755
---- a/util/libeay.num
-+++ b/util/libeay.num
-@@ -2805,7 +2805,7 @@ BIO_indent 3242 EXIST::FUNCTION:
- BUF_strlcpy 3243 EXIST::FUNCTION:
- OpenSSLDie 3244 EXIST::FUNCTION:
- OPENSSL_cleanse 3245 EXIST::FUNCTION:
--ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE
-+ENGINE_setup_bsd_cryptodev 3246 NOEXIST::FUNCTION:
- ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH
- EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES
- FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION:
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
deleted file mode 100644
index a5c0f6d..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
+++ /dev/null
@@ -1,343 +0,0 @@
-From 305ab3fd8a8620fd11f7aef7e42170ba205040a9 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at freescale.com>
-Date: Thu, 29 Aug 2013 16:51:18 +0300
-Subject: [PATCH 02/48] eng_cryptodev: add support for TLS algorithms offload
-
-- aes-128-cbc-hmac-sha1
-- aes-256-cbc-hmac-sha1
-
-Requires TLS patches on cryptodev and TLS algorithm support in Linux
-kernel driver.
-
-Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 226 ++++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 215 insertions(+), 11 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 2a2b95c..d4da7fb 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -72,6 +72,9 @@ void ENGINE_load_cryptodev(void)
- struct dev_crypto_state {
- struct session_op d_sess;
- int d_fd;
-+ unsigned char *aad;
-+ unsigned int aad_len;
-+ unsigned int len;
- # ifdef USE_CRYPTODEV_DIGESTS
- char dummy_mac_key[HASH_MAX_LEN];
- unsigned char digest_res[HASH_MAX_LEN];
-@@ -142,24 +145,25 @@ static struct {
- int nid;
- int ivmax;
- int keylen;
-+ int mackeylen;
- } ciphers[] = {
- {
-- CRYPTO_ARC4, NID_rc4, 0, 16,
-+ CRYPTO_ARC4, NID_rc4, 0, 16, 0
- },
- {
-- CRYPTO_DES_CBC, NID_des_cbc, 8, 8,
-+ CRYPTO_DES_CBC, NID_des_cbc, 8, 8, 0
- },
- {
-- CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24,
-+ CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, 0
- },
- {
-- CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16,
-+ CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, 0
- },
- {
-- CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24,
-+ CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, 0
- },
- {
-- CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32,
-+ CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, 0
- },
- # ifdef CRYPTO_AES_CTR
- {
-@@ -173,16 +177,22 @@ static struct {
- },
- # endif
- {
-- CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16,
-+ CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, 0
- },
- {
-- CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16,
-+ CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0
- },
- {
-- CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0,
-+ CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0
- },
- {
-- 0, NID_undef, 0, 0,
-+ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20
-+ },
-+ {
-+ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20
-+ },
-+ {
-+ 0, NID_undef, 0, 0, 0
- },
- };
-
-@@ -296,13 +306,15 @@ static int get_cryptodev_ciphers(const int **cnids)
- }
- memset(&sess, 0, sizeof(sess));
- sess.key = (caddr_t) "123456789abcdefghijklmno";
-+ sess.mackey = (caddr_t) "123456789ABCDEFGHIJKLMNO";
-
- for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
- if (ciphers[i].nid == NID_undef)
- continue;
- sess.cipher = ciphers[i].id;
- sess.keylen = ciphers[i].keylen;
-- sess.mac = 0;
-+ sess.mackeylen = ciphers[i].mackeylen;
-+
- if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
- ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
- nids[count++] = ciphers[i].nid;
-@@ -458,6 +470,66 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- return (1);
- }
-
-+static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t len)
-+{
-+ struct crypt_auth_op cryp;
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ struct session_op *sess = &state->d_sess;
-+ const void *iiv;
-+ unsigned char save_iv[EVP_MAX_IV_LENGTH];
-+
-+ if (state->d_fd < 0)
-+ return (0);
-+ if (!len)
-+ return (1);
-+ if ((len % ctx->cipher->block_size) != 0)
-+ return (0);
-+
-+ memset(&cryp, 0, sizeof(cryp));
-+
-+ /* TODO: make a seamless integration with cryptodev flags */
-+ switch (ctx->cipher->nid) {
-+ case NID_aes_128_cbc_hmac_sha1:
-+ case NID_aes_256_cbc_hmac_sha1:
-+ cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
-+ }
-+ cryp.ses = sess->ses;
-+ cryp.len = state->len;
-+ cryp.src = (caddr_t) in;
-+ cryp.dst = (caddr_t) out;
-+ cryp.auth_src = state->aad;
-+ cryp.auth_len = state->aad_len;
-+
-+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-+
-+ if (ctx->cipher->iv_len) {
-+ cryp.iv = (caddr_t) ctx->iv;
-+ if (!ctx->encrypt) {
-+ iiv = in + len - ctx->cipher->iv_len;
-+ memcpy(save_iv, iiv, ctx->cipher->iv_len);
-+ }
-+ } else
-+ cryp.iv = NULL;
-+
-+ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
-+ /*
-+ * XXX need better errror handling this can fail for a number of
-+ * different reasons.
-+ */
-+ return (0);
-+ }
-+
-+ if (ctx->cipher->iv_len) {
-+ if (ctx->encrypt)
-+ iiv = out + len - ctx->cipher->iv_len;
-+ else
-+ iiv = save_iv;
-+ memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
-+ }
-+ return (1);
-+}
-+
- static int
- cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
-@@ -497,6 +569,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- }
-
- /*
-+ * Save the encryption key provided by upper layers. This function is called
-+ * by EVP_CipherInit_ex to initialize the algorithm's extra data. We can't do
-+ * much here because the mac key is not available. The next call should/will
-+ * be to cryptodev_cbc_hmac_sha1_ctrl with parameter
-+ * EVP_CTRL_AEAD_SET_MAC_KEY, to set the hmac key. There we call CIOCGSESSION
-+ * with both the crypto and hmac keys.
-+ */
-+static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx,
-+ const unsigned char *key,
-+ const unsigned char *iv, int enc)
-+{
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ struct session_op *sess = &state->d_sess;
-+ int cipher = -1, i;
-+
-+ for (i = 0; ciphers[i].id; i++)
-+ if (ctx->cipher->nid == ciphers[i].nid &&
-+ ctx->cipher->iv_len <= ciphers[i].ivmax &&
-+ ctx->key_len == ciphers[i].keylen) {
-+ cipher = ciphers[i].id;
-+ break;
-+ }
-+
-+ if (!ciphers[i].id) {
-+ state->d_fd = -1;
-+ return (0);
-+ }
-+
-+ memset(sess, 0, sizeof(struct session_op));
-+
-+ sess->key = (caddr_t) key;
-+ sess->keylen = ctx->key_len;
-+ sess->cipher = cipher;
-+
-+ /* for whatever reason, (1) means success */
-+ return (1);
-+}
-+
-+/*
- * free anything we allocated earlier when initting a
- * session, and close the session.
- */
-@@ -530,6 +641,63 @@ static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
- return (ret);
- }
-
-+static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
-+ int arg, void *ptr)
-+{
-+ switch (type) {
-+ case EVP_CTRL_AEAD_SET_MAC_KEY:
-+ {
-+ /* TODO: what happens with hmac keys larger than 64 bytes? */
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ struct session_op *sess = &state->d_sess;
-+
-+ if ((state->d_fd = get_dev_crypto()) < 0)
-+ return (0);
-+
-+ /* the rest should have been set in cryptodev_init_aead_key */
-+ sess->mackey = ptr;
-+ sess->mackeylen = arg;
-+
-+ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
-+ put_dev_crypto(state->d_fd);
-+ state->d_fd = -1;
-+ return (0);
-+ }
-+ return (1);
-+ }
-+ case EVP_CTRL_AEAD_TLS1_AAD:
-+ {
-+ /* ptr points to the associated data buffer of 13 bytes */
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ unsigned char *p = ptr;
-+ unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
-+ unsigned int maclen, padlen;
-+ unsigned int bs = ctx->cipher->block_size;
-+
-+ state->aad = ptr;
-+ state->aad_len = arg;
-+ state->len = cryptlen;
-+
-+ /* TODO: this should be an extension of EVP_CIPHER struct */
-+ switch (ctx->cipher->nid) {
-+ case NID_aes_128_cbc_hmac_sha1:
-+ case NID_aes_256_cbc_hmac_sha1:
-+ maclen = SHA_DIGEST_LENGTH;
-+ }
-+
-+ /* space required for encryption (not only TLS padding) */
-+ padlen = maclen;
-+ if (ctx->encrypt) {
-+ cryptlen += maclen;
-+ padlen += bs - (cryptlen % bs);
-+ }
-+ return padlen;
-+ }
-+ default:
-+ return -1;
-+ }
-+}
-+
- /*
- * libcrypto EVP stuff - this is how we get wired to EVP so the engine
- * gets called when libcrypto requests a cipher NID.
-@@ -642,6 +810,34 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
- NULL
- };
-
-+const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
-+ NID_aes_128_cbc_hmac_sha1,
-+ 16, 16, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
-+ NID_aes_256_cbc_hmac_sha1,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
- # ifdef CRYPTO_AES_CTR
- const EVP_CIPHER cryptodev_aes_ctr = {
- NID_aes_128_ctr,
-@@ -730,6 +926,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- *cipher = &cryptodev_aes_ctr_256;
- break;
- # endif
-+ case NID_aes_128_cbc_hmac_sha1:
-+ *cipher = &cryptodev_aes_128_cbc_hmac_sha1;
-+ break;
-+ case NID_aes_256_cbc_hmac_sha1:
-+ *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
-+ break;
- default:
- *cipher = NULL;
- break;
-@@ -1485,6 +1687,8 @@ void ENGINE_load_cryptodev(void)
- }
- put_dev_crypto(fd);
-
-+ EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
-+ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
- if (!ENGINE_set_id(engine, "cryptodev") ||
- !ENGINE_set_name(engine, "BSD cryptodev engine") ||
- !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch
deleted file mode 100644
index c53ffc9..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From ce6fa215fa58e7ca7a81c70ce8c91f871a20a9dd Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at freescale.com>
-Date: Thu, 31 Jul 2014 14:06:19 +0300
-Subject: [PATCH 03/48] cryptodev: fix algorithm registration
-
-Cryptodev specific algorithms must register only if available in kernel.
-
-Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
-Reviewed-by: Horia Ioan Geanta Neag <horia.geanta at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 20 +++++++++++++++++---
- 1 file changed, 17 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index d4da7fb..49ed638 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -135,6 +135,8 @@ static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
- static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
- void (*f) (void));
- void ENGINE_load_cryptodev(void);
-+const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
-
- static const ENGINE_CMD_DEFN cryptodev_defns[] = {
- {0, NULL, NULL, 0}
-@@ -390,7 +392,21 @@ static int get_cryptodev_digests(const int **cnids)
- */
- static int cryptodev_usable_ciphers(const int **nids)
- {
-- return (get_cryptodev_ciphers(nids));
-+ int i, count;
-+
-+ count = get_cryptodev_ciphers(nids);
-+ /* add ciphers specific to cryptodev if found in kernel */
-+ for (i = 0; i < count; i++) {
-+ switch (*(*nids + i)) {
-+ case NID_aes_128_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
-+ break;
-+ case NID_aes_256_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
-+ break;
-+ }
-+ }
-+ return count;
- }
-
- static int cryptodev_usable_digests(const int **nids)
-@@ -1687,8 +1703,6 @@ void ENGINE_load_cryptodev(void)
- }
- put_dev_crypto(fd);
-
-- EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
-- EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
- if (!ENGINE_set_id(engine, "cryptodev") ||
- !ENGINE_set_name(engine, "BSD cryptodev engine") ||
- !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch
deleted file mode 100644
index 5b6fda1..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch
+++ /dev/null
@@ -1,319 +0,0 @@
-From 63ed25dadde23d01eaac6f4c4dae463ba4d7c368 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Tue, 11 Mar 2014 05:56:54 +0545
-Subject: [PATCH 04/48] ECC Support header for Cryptodev Engine
-
-Upstream-status: Pending
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
----
- crypto/engine/eng_cryptodev_ec.h | 297 +++++++++++++++++++++++++++++++++++++++
- 1 file changed, 297 insertions(+)
- create mode 100644 crypto/engine/eng_cryptodev_ec.h
-
-diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h
-new file mode 100644
-index 0000000..af54c51
---- /dev/null
-+++ b/crypto/engine/eng_cryptodev_ec.h
-@@ -0,0 +1,297 @@
-+/*
-+ * Copyright (C) 2012 Freescale Semiconductor, Inc.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in the
-+ * documentation and/or other materials provided with the distribution.
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
-+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
-+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+#ifndef __ENG_EC_H
-+#define __ENG_EC_H
-+
-+#define SPCF_CPARAM_INIT(X,...) \
-+static unsigned char X##_c[] = {__VA_ARGS__} \
-+
-+#define SPCF_FREE_BN(X) do { if(X) { BN_clear_free(X); X = NULL; } } while (0)
-+
-+#define SPCF_COPY_CPARAMS(NIDBUF) \
-+ do { \
-+ memcpy (buf, NIDBUF, buf_len); \
-+ } while (0)
-+
-+#define SPCF_CPARAM_CASE(X) \
-+ case NID_##X: \
-+ SPCF_COPY_CPARAMS(X##_c); \
-+ break
-+
-+SPCF_CPARAM_INIT(sect113r1, 0x01, 0x73, 0xE8, 0x34, 0xAF, 0x28, 0xEC, 0x76,
-+ 0xCB, 0x83, 0xBD, 0x8D, 0xFE, 0xB2, 0xD5);
-+SPCF_CPARAM_INIT(sect113r2, 0x00, 0x54, 0xD9, 0xF0, 0x39, 0x57, 0x17, 0x4A,
-+ 0x32, 0x32, 0x91, 0x67, 0xD7, 0xFE, 0x71);
-+SPCF_CPARAM_INIT(sect131r1, 0x03, 0xDB, 0x89, 0xB4, 0x05, 0xE4, 0x91, 0x16,
-+ 0x0E, 0x3B, 0x2F, 0x07, 0xB0, 0xCE, 0x20, 0xB3, 0x7E);
-+SPCF_CPARAM_INIT(sect131r2, 0x07, 0xCB, 0xB9, 0x92, 0x0D, 0x71, 0xA4, 0x8E,
-+ 0x09, 0x9C, 0x38, 0xD7, 0x1D, 0xA6, 0x49, 0x0E, 0xB1);
-+SPCF_CPARAM_INIT(sect163k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x01);
-+SPCF_CPARAM_INIT(sect163r1, 0x05, 0xED, 0x40, 0x3E, 0xD5, 0x8E, 0xB4, 0x5B,
-+ 0x1C, 0xCE, 0xCA, 0x0F, 0x4F, 0x61, 0x65, 0x55, 0x49, 0x86,
-+ 0x1B, 0xE0, 0x52);
-+SPCF_CPARAM_INIT(sect163r2, 0x07, 0x2C, 0x4E, 0x1E, 0xF7, 0xCB, 0x2F, 0x3A,
-+ 0x03, 0x5D, 0x33, 0x10, 0x42, 0x94, 0x15, 0x96, 0x09, 0x13,
-+ 0x8B, 0xB4, 0x04);
-+SPCF_CPARAM_INIT(sect193r1, 0x01, 0x67, 0xB3, 0x5E, 0xB4, 0x31, 0x3F, 0x26,
-+ 0x3D, 0x0F, 0x7A, 0x3D, 0x50, 0x36, 0xF0, 0xA0, 0xA3, 0xC9,
-+ 0x80, 0xD4, 0x0E, 0x5A, 0x05, 0x3E, 0xD2);
-+SPCF_CPARAM_INIT(sect193r2, 0x00, 0x69, 0x89, 0xFE, 0x6B, 0xFE, 0x30, 0xED,
-+ 0xDC, 0x32, 0x44, 0x26, 0x9F, 0x3A, 0xAD, 0x18, 0xD6, 0x6C,
-+ 0xF3, 0xDB, 0x3E, 0x33, 0x02, 0xFA, 0xA8);
-+SPCF_CPARAM_INIT(sect233k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x01);
-+SPCF_CPARAM_INIT(sect233r1, 0x00, 0x07, 0xD5, 0xEF, 0x43, 0x89, 0xDF, 0xF1,
-+ 0x1E, 0xCD, 0xBA, 0x39, 0xC3, 0x09, 0x70, 0xD3, 0xCE, 0x35,
-+ 0xCE, 0xBB, 0xA5, 0x84, 0x73, 0xF6, 0x4B, 0x4D, 0xC0, 0xF2,
-+ 0x68, 0x6C);
-+SPCF_CPARAM_INIT(sect239k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x01);
-+SPCF_CPARAM_INIT(sect283k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01);
-+SPCF_CPARAM_INIT(sect283r1, 0x03, 0xD8, 0xC9, 0x3D, 0x3B, 0x0E, 0xA8, 0x1D,
-+ 0x92, 0x94, 0x03, 0x4D, 0x7E, 0xE3, 0x13, 0x5D, 0x0A, 0xC5,
-+ 0xFC, 0x8D, 0x9C, 0xB0, 0x27, 0x6F, 0x72, 0x11, 0xF8, 0x80,
-+ 0xF0, 0xD8, 0x1C, 0xA4, 0xC6, 0xE8, 0x7B, 0x38);
-+SPCF_CPARAM_INIT(sect409k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x01);
-+SPCF_CPARAM_INIT(sect409r1, 0x01, 0x49, 0xB8, 0xB7, 0xBE, 0xBD, 0x9B, 0x63,
-+ 0x65, 0x3E, 0xF1, 0xCD, 0x8C, 0x6A, 0x5D, 0xD1, 0x05, 0xA2,
-+ 0xAA, 0xAC, 0x36, 0xFE, 0x2E, 0xAE, 0x43, 0xCF, 0x28, 0xCE,
-+ 0x1C, 0xB7, 0xC8, 0x30, 0xC1, 0xEC, 0xDB, 0xFA, 0x41, 0x3A,
-+ 0xB0, 0x7F, 0xE3, 0x5A, 0x57, 0x81, 0x1A, 0xE4, 0xF8, 0x8D,
-+ 0x30, 0xAC, 0x63, 0xFB);
-+SPCF_CPARAM_INIT(sect571k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x01);
-+SPCF_CPARAM_INIT(sect571r1, 0x06, 0x39, 0x5D, 0xB2, 0x2A, 0xB5, 0x94, 0xB1,
-+ 0x86, 0x8C, 0xED, 0x95, 0x25, 0x78, 0xB6, 0x53, 0x9F, 0xAB,
-+ 0xA6, 0x94, 0x06, 0xD9, 0xB2, 0x98, 0x61, 0x23, 0xA1, 0x85,
-+ 0xC8, 0x58, 0x32, 0xE2, 0x5F, 0xD5, 0xB6, 0x38, 0x33, 0xD5,
-+ 0x14, 0x42, 0xAB, 0xF1, 0xA9, 0xC0, 0x5F, 0xF0, 0xEC, 0xBD,
-+ 0x88, 0xD7, 0xF7, 0x79, 0x97, 0xF4, 0xDC, 0x91, 0x56, 0xAA,
-+ 0xF1, 0xCE, 0x08, 0x16, 0x46, 0x86, 0xDD, 0xFF, 0x75, 0x11,
-+ 0x6F, 0xBC, 0x9A, 0x7A);
-+SPCF_CPARAM_INIT(X9_62_c2pnb163v1, 0x04, 0x53, 0xE1, 0xE4, 0xB7, 0x29, 0x1F,
-+ 0x5C, 0x2D, 0x53, 0xCE, 0x18, 0x48, 0x3F, 0x00, 0x70, 0x81,
-+ 0xE7, 0xEA, 0x26, 0xEC);
-+SPCF_CPARAM_INIT(X9_62_c2pnb163v2, 0x04, 0x35, 0xC0, 0x19, 0x66, 0x0E, 0x01,
-+ 0x01, 0xBA, 0x87, 0x0C, 0xA3, 0x9F, 0xD9, 0xA7, 0x76, 0x86,
-+ 0x50, 0x9D, 0x28, 0x13);
-+SPCF_CPARAM_INIT(X9_62_c2pnb163v3, 0x06, 0x55, 0xC4, 0x54, 0xE4, 0x1E, 0x38,
-+ 0x0C, 0x7A, 0x60, 0xB6, 0x67, 0x9A, 0x5B, 0x7A, 0x3F, 0x3A,
-+ 0xF6, 0x8E, 0x22, 0xC5);
-+SPCF_CPARAM_INIT(X9_62_c2pnb176v1, 0x00, 0x69, 0xF7, 0xDA, 0x36, 0x19, 0xA7,
-+ 0x42, 0xA3, 0x82, 0xFF, 0x05, 0x08, 0x8F, 0xD3, 0x99, 0x42,
-+ 0xCA, 0x0F, 0x1D, 0x90, 0xB6, 0x5B);
-+SPCF_CPARAM_INIT(X9_62_c2tnb191v1, 0x4C, 0x45, 0x25, 0xAB, 0x0B, 0x68, 0x4A,
-+ 0x64, 0x44, 0x62, 0x0A, 0x86, 0x45, 0xEF, 0x54, 0x6D, 0x54,
-+ 0x69, 0x39, 0x68, 0xC2, 0xAE, 0x84, 0xAC);
-+SPCF_CPARAM_INIT(X9_62_c2tnb191v2, 0x03, 0x7C, 0x8F, 0x57, 0xA2, 0x25, 0xC7,
-+ 0xB3, 0xD4, 0xED, 0xD5, 0x88, 0x0F, 0x38, 0x0A, 0xCC, 0x55,
-+ 0x74, 0xEC, 0xB3, 0x6C, 0x9F, 0x51, 0x21);
-+SPCF_CPARAM_INIT(X9_62_c2tnb191v3, 0x37, 0x39, 0xFF, 0x98, 0xB4, 0xD1, 0x69,
-+ 0x3E, 0xCF, 0x52, 0x7A, 0x98, 0x51, 0xED, 0xCF, 0x99, 0x9D,
-+ 0x9E, 0x75, 0x05, 0x43, 0x33, 0x43, 0x24);
-+SPCF_CPARAM_INIT(X9_62_c2pnb208w1, 0x00, 0xDB, 0x05, 0x3C, 0x41, 0x76, 0xCC,
-+ 0x1D, 0xA1, 0x27, 0x85, 0x2C, 0xA6, 0xD9, 0x88, 0xBE, 0x1A,
-+ 0xCC, 0xD1, 0x5B, 0x2A, 0xC1, 0xC1, 0x07, 0x42, 0x57, 0x34);
-+SPCF_CPARAM_INIT(X9_62_c2tnb239v1, 0x24, 0x59, 0xFC, 0xF4, 0x51, 0x7B, 0xC5,
-+ 0xA6, 0xB9, 0x9B, 0xE5, 0xC6, 0xC5, 0x62, 0x85, 0xC0, 0x21,
-+ 0xFE, 0x32, 0xEE, 0x2B, 0x6F, 0x1C, 0x22, 0xEA, 0x5B, 0xE1,
-+ 0xB8, 0x4B, 0x93);
-+SPCF_CPARAM_INIT(X9_62_c2tnb239v2, 0x64, 0x98, 0x84, 0x19, 0x3B, 0x56, 0x2D,
-+ 0x4A, 0x50, 0xB4, 0xFA, 0x56, 0x34, 0xE0, 0x34, 0x41, 0x3F,
-+ 0x94, 0xC4, 0x59, 0xDA, 0x7C, 0xDB, 0x16, 0x64, 0x9D, 0xDD,
-+ 0xF7, 0xE6, 0x0A);
-+SPCF_CPARAM_INIT(X9_62_c2tnb239v3, 0x32, 0x63, 0x2E, 0x65, 0x2B, 0xEE, 0x91,
-+ 0xC2, 0xE4, 0xA2, 0xF5, 0x42, 0xA3, 0x2D, 0x67, 0xA8, 0xB5,
-+ 0xB4, 0x5F, 0x21, 0xA0, 0x81, 0x02, 0xFB, 0x1F, 0x2A, 0xFB,
-+ 0xB6, 0xAC, 0xDA);
-+SPCF_CPARAM_INIT(X9_62_c2pnb272w1, 0x00, 0xDA, 0x7B, 0x60, 0x28, 0xF4, 0xC8,
-+ 0x09, 0xA0, 0xB9, 0x78, 0x81, 0xC3, 0xA5, 0x7E, 0x4D, 0x71,
-+ 0x81, 0x34, 0xD1, 0x3F, 0xEC, 0xE0, 0x90, 0x85, 0x8A, 0xC3,
-+ 0x1A, 0xE2, 0xDC, 0x2E, 0xDF, 0x8E, 0x3C, 0x8B);
-+SPCF_CPARAM_INIT(X9_62_c2pnb304w1, 0x00, 0x3C, 0x67, 0xB4, 0x07, 0xC6, 0xF3,
-+ 0x3F, 0x81, 0x0B, 0x17, 0xDC, 0x16, 0xE2, 0x14, 0x8A, 0x2C,
-+ 0x9C, 0xE2, 0x9D, 0x56, 0x05, 0x23, 0x69, 0x6A, 0x55, 0x93,
-+ 0x8A, 0x15, 0x40, 0x81, 0xE3, 0xE3, 0xAE, 0xFB, 0xCE, 0x45,
-+ 0x70, 0xC9);
-+SPCF_CPARAM_INIT(X9_62_c2tnb359v1, 0x22, 0x39, 0xAA, 0x58, 0x4A, 0xC5, 0x9A,
-+ 0xF9, 0x61, 0xD0, 0xFA, 0x2D, 0x52, 0x85, 0xB6, 0xFD, 0xF7,
-+ 0x34, 0x9B, 0xC6, 0x0E, 0x91, 0xE3, 0x20, 0xF4, 0x71, 0x64,
-+ 0xCE, 0x11, 0xF5, 0x18, 0xEF, 0xB4, 0xC0, 0x8B, 0x9B, 0xDA,
-+ 0x99, 0x9A, 0x8A, 0x37, 0xF8, 0x2A, 0x22, 0x61);
-+SPCF_CPARAM_INIT(X9_62_c2pnb368w1, 0x00, 0xC0, 0x6C, 0xCF, 0x42, 0x89, 0x3A,
-+ 0x8A, 0xAA, 0x00, 0x1E, 0x0B, 0xC0, 0xD2, 0xA2, 0x27, 0x66,
-+ 0xEF, 0x3E, 0x41, 0x88, 0x7C, 0xC6, 0x77, 0x6F, 0x4A, 0x04,
-+ 0x1E, 0xE4, 0x45, 0x14, 0xB2, 0x0A, 0xFC, 0x4E, 0x5C, 0x30,
-+ 0x40, 0x60, 0x06, 0x5B, 0xC8, 0xD6, 0xCF, 0x04, 0xD3, 0x25);
-+SPCF_CPARAM_INIT(X9_62_c2tnb431r1, 0x64, 0xF5, 0xBB, 0xE9, 0xBB, 0x31, 0x66,
-+ 0xA3, 0xA0, 0x2F, 0x2F, 0x22, 0xBF, 0x05, 0xD9, 0xF7, 0xDA,
-+ 0x43, 0xEE, 0x70, 0xC1, 0x79, 0x03, 0x15, 0x2B, 0x70, 0xA0,
-+ 0xB4, 0x25, 0x9B, 0xD2, 0xFC, 0xB2, 0x20, 0x3B, 0x7F, 0xB8,
-+ 0xD3, 0x39, 0x4E, 0x20, 0xEB, 0x0E, 0xA9, 0x84, 0xDD, 0xB1,
-+ 0xE1, 0xF1, 0x4C, 0x67, 0xB1, 0x36, 0x2B);
-+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01);
-+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x01);
-+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls4, 0x01, 0x73, 0xE8, 0x34, 0xAF, 0x28,
-+ 0xEC, 0x76, 0xCB, 0x83, 0xBD, 0x8D, 0xFE, 0xB2, 0xD5);
-+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls5, 0x04, 0x53, 0xE1, 0xE4, 0xB7, 0x29,
-+ 0x1F, 0x5C, 0x2D, 0x53, 0xCE, 0x18, 0x48, 0x3F, 0x00, 0x70,
-+ 0x81, 0xE7, 0xEA, 0x26, 0xEC);
-+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x01);
-+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls11, 0x00, 0x07, 0xD5, 0xEF, 0x43, 0x89,
-+ 0xDF, 0xF1, 0x1E, 0xCD, 0xBA, 0x39, 0xC3, 0x09, 0x70, 0xD3,
-+ 0xCE, 0x35, 0xCE, 0xBB, 0xA5, 0x84, 0x73, 0xF6, 0x4B, 0x4D,
-+ 0xC0, 0xF2, 0x68, 0x6C);
-+/* Oakley curve #3 over 155 bit binary filed */
-+SPCF_CPARAM_INIT(ipsec3, 0x00, 0x31, 0x10, 0x00, 0x00, 0x02, 0x23, 0xA0, 0x00,
-+ 0xC4, 0x47, 0x40, 0x00, 0x08, 0x8E, 0x80, 0x00, 0x11, 0x1D,
-+ 0x1D);
-+/* Oakley curve #4 over 185 bit binary filed */
-+SPCF_CPARAM_INIT(ipsec4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00,
-+ 0x01, 0x80, 0x00, 0xC0, 0x0C, 0x00, 0x00, 0x00, 0x63, 0x80,
-+ 0x30, 0x00, 0x1C, 0x00, 0x09);
-+
-+static inline int
-+eng_ec_get_cparam(int nid, unsigned char *buf, unsigned int buf_len)
-+{
-+ int ret = 0;
-+ switch (nid) {
-+ SPCF_CPARAM_CASE(sect113r1);
-+ SPCF_CPARAM_CASE(sect113r2);
-+ SPCF_CPARAM_CASE(sect131r1);
-+ SPCF_CPARAM_CASE(sect131r2);
-+ SPCF_CPARAM_CASE(sect163k1);
-+ SPCF_CPARAM_CASE(sect163r1);
-+ SPCF_CPARAM_CASE(sect163r2);
-+ SPCF_CPARAM_CASE(sect193r1);
-+ SPCF_CPARAM_CASE(sect193r2);
-+ SPCF_CPARAM_CASE(sect233k1);
-+ SPCF_CPARAM_CASE(sect233r1);
-+ SPCF_CPARAM_CASE(sect239k1);
-+ SPCF_CPARAM_CASE(sect283k1);
-+ SPCF_CPARAM_CASE(sect283r1);
-+ SPCF_CPARAM_CASE(sect409k1);
-+ SPCF_CPARAM_CASE(sect409r1);
-+ SPCF_CPARAM_CASE(sect571k1);
-+ SPCF_CPARAM_CASE(sect571r1);
-+ SPCF_CPARAM_CASE(X9_62_c2pnb163v1);
-+ SPCF_CPARAM_CASE(X9_62_c2pnb163v2);
-+ SPCF_CPARAM_CASE(X9_62_c2pnb163v3);
-+ SPCF_CPARAM_CASE(X9_62_c2pnb176v1);
-+ SPCF_CPARAM_CASE(X9_62_c2tnb191v1);
-+ SPCF_CPARAM_CASE(X9_62_c2tnb191v2);
-+ SPCF_CPARAM_CASE(X9_62_c2tnb191v3);
-+ SPCF_CPARAM_CASE(X9_62_c2pnb208w1);
-+ SPCF_CPARAM_CASE(X9_62_c2tnb239v1);
-+ SPCF_CPARAM_CASE(X9_62_c2tnb239v2);
-+ SPCF_CPARAM_CASE(X9_62_c2tnb239v3);
-+ SPCF_CPARAM_CASE(X9_62_c2pnb272w1);
-+ SPCF_CPARAM_CASE(X9_62_c2pnb304w1);
-+ SPCF_CPARAM_CASE(X9_62_c2tnb359v1);
-+ SPCF_CPARAM_CASE(X9_62_c2pnb368w1);
-+ SPCF_CPARAM_CASE(X9_62_c2tnb431r1);
-+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls1);
-+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls3);
-+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls4);
-+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls5);
-+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls10);
-+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls11);
-+ /* Oakley curve #3 over 155 bit binary filed */
-+ SPCF_CPARAM_CASE(ipsec3);
-+ /* Oakley curve #4 over 185 bit binary filed */
-+ SPCF_CPARAM_CASE(ipsec4);
-+ default:
-+ ret = -EINVAL;
-+ break;
-+ }
-+ return ret;
-+}
-+
-+/* Copies the curve points to a flat buffer with appropriate padding */
-+static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y,
-+ int xy_len, int crv_len)
-+{
-+ unsigned char *xy = NULL;
-+ int len1 = 0, len2 = 0;
-+
-+ len1 = BN_num_bytes(x);
-+ len2 = BN_num_bytes(y);
-+
-+ if (!(xy = malloc(xy_len))) {
-+ return NULL;
-+ }
-+
-+ memset(xy, 0, xy_len);
-+
-+ if (len1 < crv_len) {
-+ if (!BN_is_zero(x))
-+ BN_bn2bin(x, xy + (crv_len - len1));
-+ } else {
-+ BN_bn2bin(x, xy);
-+ }
-+
-+ if (len2 < crv_len) {
-+ if (!BN_is_zero(y))
-+ BN_bn2bin(y, xy+crv_len+(crv_len-len2));
-+ } else {
-+ BN_bn2bin(y, xy+crv_len);
-+ }
-+
-+ return xy;
-+}
-+
-+enum curve_t {
-+ DISCRETE_LOG,
-+ ECC_PRIME,
-+ ECC_BINARY,
-+ MAX_ECC_TYPE
-+};
-+#endif
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch
deleted file mode 100644
index 156b743..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch
+++ /dev/null
@@ -1,1578 +0,0 @@
-From aff25bbf6b5b833931a5281d30a6f26fda9f0a52 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Tue, 11 Mar 2014 06:29:52 +0545
-Subject: [PATCH 05/48] Initial support for PKC in cryptodev engine
-
-Upstream-status: Pending
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 1365 ++++++++++++++++++++++++++++++++++++-----
- 1 file changed, 1202 insertions(+), 163 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 49ed638..cc9b63b 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -59,6 +59,10 @@ void ENGINE_load_cryptodev(void)
- # include <openssl/dsa.h>
- # include <openssl/err.h>
- # include <openssl/rsa.h>
-+# include <crypto/ecdsa/ecs_locl.h>
-+# include <crypto/ecdh/ech_locl.h>
-+# include <crypto/ec/ec_lcl.h>
-+# include <crypto/ec/ec.h>
- # include <sys/ioctl.h>
- # include <errno.h>
- # include <stdio.h>
-@@ -68,6 +72,7 @@ void ENGINE_load_cryptodev(void)
- # include <syslog.h>
- # include <errno.h>
- # include <string.h>
-+# include "eng_cryptodev_ec.h"
-
- struct dev_crypto_state {
- struct session_op d_sess;
-@@ -116,20 +121,10 @@ static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
- BN_CTX *ctx);
- static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
- BN_CTX *ctx);
--static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
-- const BIGNUM *p, const BIGNUM *m,
-- BN_CTX *ctx, BN_MONT_CTX *m_ctx);
--static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
-- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2,
-- BIGNUM *p, BN_CTX *ctx,
-- BN_MONT_CTX *mont);
- static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
- DSA *dsa);
- static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa);
--static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
-- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-- BN_MONT_CTX *m_ctx);
- static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
- DH *dh);
- static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
-@@ -138,6 +133,105 @@ void ENGINE_load_cryptodev(void);
- const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
-
-+inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
-+{
-+ int len;
-+ unsigned char *p;
-+
-+ len = BN_num_bytes(bn);
-+
-+ if (!len)
-+ return -1;
-+
-+ p = malloc(len);
-+ if (!p)
-+ return -1;
-+
-+ BN_bn2bin(bn, p);
-+
-+ *bin = p;
-+ *bin_len = len;
-+
-+ return 0;
-+}
-+
-+inline int spcf_bn2bin_ex(BIGNUM *bn, unsigned char **bin, int *bin_len)
-+{
-+ int len;
-+ unsigned char *p;
-+
-+ len = BN_num_bytes(bn);
-+
-+ if (!len)
-+ return -1;
-+
-+ if (len < *bin_len)
-+ p = malloc(*bin_len);
-+ else
-+ p = malloc(len);
-+
-+ if (!p)
-+ return -ENOMEM;
-+
-+ if (len < *bin_len) {
-+ /* place padding */
-+ memset(p, 0, (*bin_len - len));
-+ BN_bn2bin(bn, p + (*bin_len - len));
-+ } else {
-+ BN_bn2bin(bn, p);
-+ }
-+
-+ *bin = p;
-+ if (len >= *bin_len)
-+ *bin_len = len;
-+
-+ return 0;
-+}
-+
-+/**
-+ * Convert an ECC F2m 'b' parameter into the 'c' parameter.
-+ *Inputs:
-+ * q, the curve's modulus
-+ * b, the curve's b parameter
-+ * (a bignum for b, a buffer for c)
-+ * Output:
-+ * c, written into bin, right-adjusted to fill q_len bytes.
-+ */
-+static int
-+eng_ec_compute_cparam(const BIGNUM *b, const BIGNUM *q,
-+ unsigned char **bin, int *bin_len)
-+{
-+ BIGNUM *c = BN_new();
-+ BIGNUM *exp = BN_new();
-+ BN_CTX *ctx = BN_CTX_new();
-+ int m = BN_num_bits(q) - 1;
-+ int ok = 0;
-+
-+ if (!c || !exp || !ctx || *bin)
-+ goto err;
-+
-+ /*
-+ * We have to compute c, where b = c^4, i.e., the fourth root of b.
-+ * The equation for c is c = b^(2^(m-2))
-+ * Compute exp = 2^(m-2)
-+ * (1 << x) == 2^x
-+ * and then compute c = b^exp
-+ */
-+ BN_lshift(exp, BN_value_one(), m - 2);
-+ BN_GF2m_mod_exp(c, b, exp, q, ctx);
-+ /* Store c */
-+ spcf_bn2bin_ex(c, bin, bin_len);
-+ ok = 1;
-+ err:
-+ if (ctx)
-+ BN_CTX_free(ctx);
-+ if (c)
-+ BN_free(c);
-+ if (exp)
-+ BN_free(exp);
-+ return ok;
-+}
-+
- static const ENGINE_CMD_DEFN cryptodev_defns[] = {
- {0, NULL, NULL, 0}
- };
-@@ -1230,7 +1324,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
- */
- static int bn2crparam(const BIGNUM *a, struct crparam *crp)
- {
-- int i, j, k;
- ssize_t bytes, bits;
- u_char *b;
-
-@@ -1248,36 +1341,21 @@ static int bn2crparam(const BIGNUM *a, struct crparam *crp)
- crp->crp_p = (caddr_t) b;
- crp->crp_nbits = bits;
-
-- for (i = 0, j = 0; i < a->top; i++) {
-- for (k = 0; k < BN_BITS2 / 8; k++) {
-- if ((j + k) >= bytes)
-- return (0);
-- b[j + k] = a->d[i] >> (k * 8);
-- }
-- j += BN_BITS2 / 8;
-- }
-+ BN_bn2bin(a, crp->crp_p);
- return (0);
- }
-
- /* Convert a /dev/crypto parameter to a BIGNUM */
- static int crparam2bn(struct crparam *crp, BIGNUM *a)
- {
-- u_int8_t *pd;
-- int i, bytes;
-+ int bytes;
-
- bytes = (crp->crp_nbits + 7) / 8;
-
- if (bytes == 0)
- return (-1);
-
-- if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
-- return (-1);
--
-- for (i = 0; i < bytes; i++)
-- pd[i] = crp->crp_p[bytes - i - 1];
--
-- BN_bin2bn(pd, bytes, a);
-- free(pd);
-+ BN_bin2bn(crp->crp_p, bytes, a);
-
- return (0);
- }
-@@ -1334,6 +1412,32 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
- return ret;
- }
-
-+/* Close an opened instance of cryptodev engine */
-+void cryptodev_close_instance(void *handle)
-+{
-+ int fd;
-+
-+ if (handle) {
-+ fd = *(int *)handle;
-+ close(fd);
-+ free(handle);
-+ }
-+}
-+
-+/* Create an instance of cryptodev for asynchronous interface */
-+void *cryptodev_init_instance(void)
-+{
-+ int *fd = malloc(sizeof(int));
-+
-+ if (fd) {
-+ if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) {
-+ free(fd);
-+ return NULL;
-+ }
-+ }
-+ return fd;
-+}
-+
- static int
- cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-@@ -1350,8 +1454,9 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- return (ret);
- }
-
-- memset(&kop, 0, sizeof kop);
- kop.crk_op = CRK_MOD_EXP;
-+ kop.crk_oparams = 0;
-+ kop.crk_status = 0;
-
- /* inputs: a^p % m */
- if (bn2crparam(a, &kop.crk_param[0]))
-@@ -1394,28 +1499,39 @@ static int
- cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- struct crypt_kop kop;
-- int ret = 1;
-+ int ret = 1, f_len, p_len, q_len;
-+ unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq =
-+ NULL, *c = NULL;
-
- if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
- /* XXX 0 means failure?? */
- return (0);
- }
-
-- memset(&kop, 0, sizeof kop);
-+ kop.crk_oparams = 0;
-+ kop.crk_status = 0;
- kop.crk_op = CRK_MOD_EXP_CRT;
-+ f_len = BN_num_bytes(rsa->n);
-+ spcf_bn2bin_ex(I, &f, &f_len);
-+ spcf_bn2bin(rsa->p, &p, &p_len);
-+ spcf_bn2bin(rsa->q, &q, &q_len);
-+ spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
-+ spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
-+ spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
- /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
-- if (bn2crparam(rsa->p, &kop.crk_param[0]))
-- goto err;
-- if (bn2crparam(rsa->q, &kop.crk_param[1]))
-- goto err;
-- if (bn2crparam(I, &kop.crk_param[2]))
-- goto err;
-- if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
-- goto err;
-- if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
-- goto err;
-- if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
-- goto err;
-+ kop.crk_param[0].crp_p = p;
-+ kop.crk_param[0].crp_nbits = p_len * 8;
-+ kop.crk_param[1].crp_p = q;
-+ kop.crk_param[1].crp_nbits = q_len * 8;
-+ kop.crk_param[2].crp_p = f;
-+ kop.crk_param[2].crp_nbits = f_len * 8;
-+ kop.crk_param[3].crp_p = dp;
-+ kop.crk_param[3].crp_nbits = p_len * 8;
-+ /* dq must of length q, rest all of length p */
-+ kop.crk_param[4].crp_p = dq;
-+ kop.crk_param[4].crp_nbits = q_len * 8;
-+ kop.crk_param[5].crp_p = c;
-+ kop.crk_param[5].crp_nbits = p_len * 8;
- kop.crk_iparams = 6;
-
- if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
-@@ -1451,93 +1567,120 @@ static RSA_METHOD cryptodev_rsa = {
- NULL /* rsa_verify */
- };
-
--static int
--cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
--{
-- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
--}
--
--static int
--cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
-- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
-- BN_CTX *ctx, BN_MONT_CTX *mont)
-+static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
-+ DSA *dsa)
- {
-- BIGNUM t2;
-- int ret = 0;
--
-- BN_init(&t2);
--
-- /* v = ( g^u1 * y^u2 mod p ) mod q */
-- /* let t1 = g ^ u1 mod p */
-- ret = 0;
-+ struct crypt_kop kop;
-+ BIGNUM *c = NULL, *d = NULL;
-+ DSA_SIG *dsaret = NULL;
-+ int q_len = 0, r_len = 0, g_len = 0;
-+ int priv_key_len = 0, ret;
-+ unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f =
-+ NULL;
-
-- if (!dsa->meth->bn_mod_exp(dsa, t1, dsa->g, u1, dsa->p, ctx, mont))
-+ memset(&kop, 0, sizeof kop);
-+ if ((c = BN_new()) == NULL) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
-+ }
-
-- /* let t2 = y ^ u2 mod p */
-- if (!dsa->meth->bn_mod_exp(dsa, &t2, dsa->pub_key, u2, dsa->p, ctx, mont))
-+ if ((d = BN_new()) == NULL) {
-+ BN_free(c);
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
-- /* let u1 = t1 * t2 mod p */
-- if (!BN_mod_mul(u1, t1, &t2, dsa->p, ctx))
-+ }
-+
-+ if (spcf_bn2bin(dsa->p, &q, &q_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
- goto err;
-+ }
-
-- BN_copy(t1, u1);
-+ /* Get order of the field of private keys into plain buffer */
-+ if (spcf_bn2bin(dsa->q, &r, &r_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-
-- ret = 1;
-- err:
-- BN_free(&t2);
-- return (ret);
--}
-+ /* sanity test */
-+ if (dlen > r_len) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-+ goto err;
-+ }
-
--static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
-- DSA *dsa)
--{
-- struct crypt_kop kop;
-- BIGNUM *r = NULL, *s = NULL;
-- DSA_SIG *dsaret = NULL;
-+ g_len = q_len;
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-
-- if ((r = BN_new()) == NULL)
-+ priv_key_len = r_len;
-+ /**
-+ * Get private key into a plain buffer. If length is less than
-+ * r_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
-- if ((s = BN_new()) == NULL) {
-- BN_free(r);
-+ }
-+
-+ /* Allocate memory to store hash. */
-+ f = OPENSSL_malloc(r_len);
-+ if (!f) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
-- memset(&kop, 0, sizeof kop);
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ if (dlen < r_len)
-+ memset(f, 0, r_len - dlen);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dlen, dgst, dlen);
-+
- kop.crk_op = CRK_DSA_SIGN;
-
- /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-- kop.crk_param[0].crp_p = (caddr_t) dgst;
-- kop.crk_param[0].crp_nbits = dlen * 8;
-- if (bn2crparam(dsa->p, &kop.crk_param[1]))
-- goto err;
-- if (bn2crparam(dsa->q, &kop.crk_param[2]))
-- goto err;
-- if (bn2crparam(dsa->g, &kop.crk_param[3]))
-+ kop.crk_param[0].crp_p = (void *)f;
-+ kop.crk_param[0].crp_nbits = r_len * 8;
-+ kop.crk_param[1].crp_p = (void *)q;
-+ kop.crk_param[1].crp_nbits = q_len * 8;
-+ kop.crk_param[2].crp_p = (void *)r;
-+ kop.crk_param[2].crp_nbits = r_len * 8;
-+ kop.crk_param[3].crp_p = (void *)g;
-+ kop.crk_param[3].crp_nbits = g_len * 8;
-+ kop.crk_param[4].crp_p = (void *)priv_key;
-+ kop.crk_param[4].crp_nbits = priv_key_len * 8;
-+ kop.crk_iparams = 5;
-+
-+ ret = cryptodev_asym(&kop, r_len, c, r_len, d);
-+
-+ if (ret) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DECODE_ERROR);
- goto err;
-- if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
-+ }
-+
-+ dsaret = DSA_SIG_new();
-+ if (dsaret == NULL)
- goto err;
-- kop.crk_iparams = 5;
-+ dsaret->r = c;
-+ dsaret->s = d;
-
-- if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
-- BN_num_bytes(dsa->q), s) == 0) {
-- dsaret = DSA_SIG_new();
-- if (dsaret == NULL)
-- goto err;
-- dsaret->r = r;
-- dsaret->s = s;
-- r = s = NULL;
-- } else {
-+ zapparams(&kop);
-+ return (dsaret);
-+ err:
-+ {
- const DSA_METHOD *meth = DSA_OpenSSL();
-+ if (c)
-+ BN_free(c);
-+ if (d)
-+ BN_free(d);
- dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);
-+ return (dsaret);
- }
-- err:
-- BN_free(r);
-- BN_free(s);
-- kop.crk_param[0].crp_p = NULL;
-- zapparams(&kop);
-- return (dsaret);
- }
-
- static int
-@@ -1545,43 +1688,175 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
- DSA_SIG *sig, DSA *dsa)
- {
- struct crypt_kop kop;
-- int dsaret = 1;
-+ int dsaret = 1, q_len = 0, r_len = 0, g_len = 0;
-+ int w_len = 0, c_len = 0, d_len = 0, ret = -1;
-+ unsigned char *q = NULL, *r = NULL, *w = NULL, *g = NULL;
-+ unsigned char *c = NULL, *d = NULL, *f = NULL;
-
- memset(&kop, 0, sizeof kop);
- kop.crk_op = CRK_DSA_VERIFY;
-
-- /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
-- kop.crk_param[0].crp_p = (caddr_t) dgst;
-- kop.crk_param[0].crp_nbits = dlen * 8;
-- if (bn2crparam(dsa->p, &kop.crk_param[1]))
-+ if (spcf_bn2bin(dsa->p, &q, &q_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ return ret;
-+ }
-+
-+ /* Get Order of field of private keys */
-+ if (spcf_bn2bin(dsa->q, &r, &r_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
-- if (bn2crparam(dsa->q, &kop.crk_param[2]))
-+ }
-+
-+ g_len = q_len;
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ w_len = q_len;
-+ /**
-+ * Get public key into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
-- if (bn2crparam(dsa->g, &kop.crk_param[3]))
-+ }
-+ /**
-+ * Get the 1st part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ c_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
-- if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
-+ }
-+
-+ /**
-+ * Get the 2nd part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ d_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
-- if (bn2crparam(sig->r, &kop.crk_param[5]))
-+ }
-+
-+ /* Sanity test */
-+ if (dlen > r_len) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
-- if (bn2crparam(sig->s, &kop.crk_param[6]))
-+ }
-+
-+ /* Allocate memory to store hash. */
-+ f = OPENSSL_malloc(r_len);
-+ if (!f) {
-+ DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ if (dlen < r_len)
-+ memset(f, 0, r_len - dlen);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dlen, dgst, dlen);
-+
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
-+ kop.crk_param[0].crp_p = (void *)f;
-+ kop.crk_param[0].crp_nbits = r_len * 8;
-+ kop.crk_param[1].crp_p = q;
-+ kop.crk_param[1].crp_nbits = q_len * 8;
-+ kop.crk_param[2].crp_p = r;
-+ kop.crk_param[2].crp_nbits = r_len * 8;
-+ kop.crk_param[3].crp_p = g;
-+ kop.crk_param[3].crp_nbits = g_len * 8;
-+ kop.crk_param[4].crp_p = w;
-+ kop.crk_param[4].crp_nbits = w_len * 8;
-+ kop.crk_param[5].crp_p = c;
-+ kop.crk_param[5].crp_nbits = c_len * 8;
-+ kop.crk_param[6].crp_p = d;
-+ kop.crk_param[6].crp_nbits = d_len * 8;
- kop.crk_iparams = 7;
-
-- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-- /*
-- * OCF success value is 0, if not zero, change dsaret to fail
-- */
-- if (0 != kop.crk_status)
-- dsaret = 0;
-- } else {
-- const DSA_METHOD *meth = DSA_OpenSSL();
-+ if ((cryptodev_asym(&kop, 0, NULL, 0, NULL))) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR);
-+ goto err;
-+ }
-
-- dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
-+ /*
-+ * OCF success value is 0, if not zero, change dsaret to fail
-+ */
-+ if (0 != kop.crk_status) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR);
-+ goto err;
- }
-- err:
-- kop.crk_param[0].crp_p = NULL;
-+
- zapparams(&kop);
- return (dsaret);
-+ err:
-+ {
-+ const DSA_METHOD *meth = DSA_OpenSSL();
-+ dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
-+ return dsaret;
-+ }
-+}
-+
-+/* Cryptodev DSA Key Gen routine */
-+static int cryptodev_dsa_keygen(DSA *dsa)
-+{
-+ struct crypt_kop kop;
-+ int ret = 1, g_len;
-+ unsigned char *g = NULL;
-+
-+ if (dsa->priv_key == NULL) {
-+ if ((dsa->priv_key = BN_new()) == NULL)
-+ goto sw_try;
-+ }
-+
-+ if (dsa->pub_key == NULL) {
-+ if ((dsa->pub_key = BN_new()) == NULL)
-+ goto sw_try;
-+ }
-+
-+ g_len = BN_num_bytes(dsa->p);
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * p_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+ DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto sw_try;
-+ }
-+
-+ memset(&kop, 0, sizeof kop);
-+
-+ kop.crk_op = CRK_DSA_GENERATE_KEY;
-+ if (bn2crparam(dsa->p, &kop.crk_param[0]))
-+ goto sw_try;
-+ if (bn2crparam(dsa->q, &kop.crk_param[1]))
-+ goto sw_try;
-+ kop.crk_param[2].crp_p = g;
-+ kop.crk_param[2].crp_nbits = g_len * 8;
-+ kop.crk_iparams = 3;
-+
-+ /* pub_key is or prime length while priv key is of length of order */
-+ if (cryptodev_asym(&kop, BN_num_bytes(dsa->p), dsa->pub_key,
-+ BN_num_bytes(dsa->q), dsa->priv_key))
-+ goto sw_try;
-+
-+ return ret;
-+ sw_try:
-+ {
-+ const DSA_METHOD *meth = DSA_OpenSSL();
-+ ret = (meth->dsa_keygen) (dsa);
-+ }
-+ return ret;
- }
-
- static DSA_METHOD cryptodev_dsa = {
-@@ -1597,12 +1872,558 @@ static DSA_METHOD cryptodev_dsa = {
- NULL /* app_data */
- };
-
--static int
--cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
-- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-- BN_MONT_CTX *m_ctx)
-+static ECDSA_METHOD cryptodev_ecdsa = {
-+ "cryptodev ECDSA method",
-+ NULL,
-+ NULL, /* ecdsa_sign_setup */
-+ NULL,
-+ NULL,
-+ 0, /* flags */
-+ NULL /* app_data */
-+};
-+
-+typedef enum ec_curve_s {
-+ EC_PRIME,
-+ EC_BINARY
-+} ec_curve_t;
-+
-+/* ENGINE handler for ECDSA Sign */
-+static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
-+ int dgst_len, const BIGNUM *in_kinv,
-+ const BIGNUM *in_r, EC_KEY *eckey)
- {
-- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
-+ BIGNUM *m = NULL, *p = NULL, *a = NULL;
-+ BIGNUM *b = NULL, *x = NULL, *y = NULL;
-+ BN_CTX *ctx = NULL;
-+ ECDSA_SIG *ret = NULL;
-+ ECDSA_DATA *ecdsa = NULL;
-+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
-+ unsigned char *s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst =
-+ NULL;
-+ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
-+ int g_len = 0, d_len = 0, ab_len = 0;
-+ const BIGNUM *order = NULL, *priv_key = NULL;
-+ const EC_GROUP *group = NULL;
-+ struct crypt_kop kop;
-+ ec_curve_t ec_crv = EC_PRIME;
-+
-+ memset(&kop, 0, sizeof(kop));
-+ ecdsa = ecdsa_check(eckey);
-+ if (!ecdsa) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+ return NULL;
-+ }
-+
-+ group = EC_KEY_get0_group(eckey);
-+ priv_key = EC_KEY_get0_private_key(eckey);
-+
-+ if (!group || !priv_key) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+ return NULL;
-+ }
-+
-+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+ (y = BN_new()) == NULL) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ order = &group->order;
-+ if (!order || BN_is_zero(order)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
-+ goto err;
-+ }
-+
-+ i = BN_num_bits(order);
-+ /*
-+ * Need to truncate digest if it is too long: first truncate whole bytes
-+ */
-+ if (8 * dgst_len > i)
-+ dgst_len = (i + 7) / 8;
-+
-+ if (!BN_bin2bn(dgst, dgst_len, m)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* If still too long truncate remaining bits with a shift */
-+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* copy the truncated bits into plain buffer */
-+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
-+ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__,
-+ __LINE__);
-+ goto err;
-+ }
-+
-+ ret = ECDSA_SIG_new();
-+ if (!ret) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* check if this is prime or binary EC request */
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_prime_field) {
-+ ec_crv = EC_PRIME;
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GFp
-+ (group, EC_GROUP_get0_generator(group), x, y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_characteristic_two_field) {
-+ ec_crv = EC_BINARY;
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ if (spcf_bn2bin(order, &r, &r_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ if (spcf_bn2bin(p, &q, &q_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ priv_key_len = r_len;
-+
-+ /**
-+ * If BN_num_bytes of priv_key returns less then r_len then
-+ * add padding bytes before the key
-+ */
-+ if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Generation of ECC curve parameters */
-+ ab_len = 2 * q_len;
-+ ab = eng_copy_curve_points(a, b, ab_len, q_len);
-+ if (!ab) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ if (ec_crv == EC_BINARY) {
-+ if (eng_ec_get_cparam
-+ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
-+ unsigned char *c_temp = NULL;
-+ int c_temp_len = q_len;
-+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+ memcpy(ab + q_len, c_temp, q_len);
-+ else
-+ goto err;
-+ }
-+ kop.curve_type = ECC_BINARY;
-+ }
-+
-+ /* Calculation of Generator point */
-+ g_len = 2 * q_len;
-+ g_xy = eng_copy_curve_points(x, y, g_len, q_len);
-+ if (!g_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Memory allocation for first part of digital signature */
-+ c = malloc(r_len);
-+ if (!c) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ d_len = r_len;
-+
-+ /* Memory allocation for second part of digital signature */
-+ d = malloc(d_len);
-+ if (!d) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* memory for message representative */
-+ f = malloc(r_len);
-+ if (!f) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ memset(f, 0, r_len - dgst_len);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
-+
-+ dgst_len += r_len - dgst_len;
-+ kop.crk_op = CRK_DSA_SIGN;
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+ kop.crk_param[0].crp_p = f;
-+ kop.crk_param[0].crp_nbits = dgst_len * 8;
-+ kop.crk_param[1].crp_p = q;
-+ kop.crk_param[1].crp_nbits = q_len * 8;
-+ kop.crk_param[2].crp_p = r;
-+ kop.crk_param[2].crp_nbits = r_len * 8;
-+ kop.crk_param[3].crp_p = g_xy;
-+ kop.crk_param[3].crp_nbits = g_len * 8;
-+ kop.crk_param[4].crp_p = s;
-+ kop.crk_param[4].crp_nbits = priv_key_len * 8;
-+ kop.crk_param[5].crp_p = ab;
-+ kop.crk_param[5].crp_nbits = ab_len * 8;
-+ kop.crk_iparams = 6;
-+ kop.crk_param[6].crp_p = c;
-+ kop.crk_param[6].crp_nbits = d_len * 8;
-+ kop.crk_param[7].crp_p = d;
-+ kop.crk_param[7].crp_nbits = d_len * 8;
-+ kop.crk_oparams = 2;
-+
-+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-+ /* Check if ret->r and s needs to allocated */
-+ crparam2bn(&kop.crk_param[6], ret->r);
-+ crparam2bn(&kop.crk_param[7], ret->s);
-+ } else {
-+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+ ret = (meth->ecdsa_do_sign) (dgst, dgst_len, in_kinv, in_r, eckey);
-+ }
-+ kop.crk_param[0].crp_p = NULL;
-+ zapparams(&kop);
-+ err:
-+ if (!ret) {
-+ ECDSA_SIG_free(ret);
-+ ret = NULL;
-+ }
-+ return ret;
-+}
-+
-+static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
-+ ECDSA_SIG *sig, EC_KEY *eckey)
-+{
-+ BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL;
-+ BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
-+ BN_CTX *ctx = NULL;
-+ ECDSA_DATA *ecdsa = NULL;
-+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy =
-+ NULL;
-+ unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
-+ int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0;
-+ int d_len = 0, ab_len = 0, ret = -1;
-+ const EC_POINT *pub_key = NULL;
-+ const BIGNUM *order = NULL;
-+ const EC_GROUP *group = NULL;
-+ ec_curve_t ec_crv = EC_PRIME;
-+ struct crypt_kop kop;
-+
-+ memset(&kop, 0, sizeof kop);
-+ ecdsa = ecdsa_check(eckey);
-+ if (!ecdsa) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
-+ return ret;
-+ }
-+
-+ group = EC_KEY_get0_group(eckey);
-+ pub_key = EC_KEY_get0_public_key(eckey);
-+
-+ if (!group || !pub_key) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
-+ return ret;
-+ }
-+
-+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+ (y = BN_new()) == NULL || (w_x = BN_new()) == NULL ||
-+ (w_y = BN_new()) == NULL) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ order = &group->order;
-+ if (!order || BN_is_zero(order)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
-+ goto err;
-+ }
-+
-+ i = BN_num_bits(order);
-+ /*
-+ * Need to truncate digest if it is too long: first truncate whole *
-+ * bytes
-+ */
-+ if (8 * dgst_len > i)
-+ dgst_len = (i + 7) / 8;
-+
-+ if (!BN_bin2bn(dgst, dgst_len, m)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* If still too long truncate remaining bits with a shift */
-+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+ /* copy the truncated bits into plain buffer */
-+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* check if this is prime or binary EC request */
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_prime_field) {
-+ ec_crv = EC_PRIME;
-+
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GFp(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for prime curve */
-+ if (!EC_POINT_get_affine_coordinates_GFp(group,
-+ pub_key, w_x, w_y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_characteristic_two_field) {
-+ ec_crv = EC_BINARY;
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for binary curve */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ pub_key, w_x, w_y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* Get the order of the subgroup of private keys */
-+ if (spcf_bn2bin((BIGNUM *)order, &r, &r_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the irreducible polynomial that creates the field */
-+ if (spcf_bn2bin(p, &q, &q_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the public key into a flat buffer with appropriate padding */
-+ pub_key_len = 2 * q_len;
-+
-+ w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len);
-+ if (!w_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Generation of ECC curve parameters */
-+ ab_len = 2 * q_len;
-+
-+ ab = eng_copy_curve_points(a, b, ab_len, q_len);
-+ if (!ab) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ if (ec_crv == EC_BINARY) {
-+ /* copy b' i.e c(b), instead of only b */
-+ if (eng_ec_get_cparam
-+ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
-+ unsigned char *c_temp = NULL;
-+ int c_temp_len = q_len;
-+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+ memcpy(ab + q_len, c_temp, q_len);
-+ else
-+ goto err;
-+ }
-+ kop.curve_type = ECC_BINARY;
-+ }
-+
-+ /* Calculation of Generator point */
-+ g_len = 2 * q_len;
-+
-+ g_xy = eng_copy_curve_points(x, y, g_len, q_len);
-+ if (!g_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /**
-+ * Get the 1st part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ if (BN_num_bytes(sig->r) < r_len)
-+ c_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /**
-+ * Get the 2nd part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ if (BN_num_bytes(sig->s) < r_len)
-+ d_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* memory for message representative */
-+ f = malloc(r_len);
-+ if (!f) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ memset(f, 0, r_len - dgst_len);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
-+ dgst_len += r_len - dgst_len;
-+ kop.crk_op = CRK_DSA_VERIFY;
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+ kop.crk_param[0].crp_p = f;
-+ kop.crk_param[0].crp_nbits = dgst_len * 8;
-+ kop.crk_param[1].crp_p = q;
-+ kop.crk_param[1].crp_nbits = q_len * 8;
-+ kop.crk_param[2].crp_p = r;
-+ kop.crk_param[2].crp_nbits = r_len * 8;
-+ kop.crk_param[3].crp_p = g_xy;
-+ kop.crk_param[3].crp_nbits = g_len * 8;
-+ kop.crk_param[4].crp_p = w_xy;
-+ kop.crk_param[4].crp_nbits = pub_key_len * 8;
-+ kop.crk_param[5].crp_p = ab;
-+ kop.crk_param[5].crp_nbits = ab_len * 8;
-+ kop.crk_param[6].crp_p = c;
-+ kop.crk_param[6].crp_nbits = d_len * 8;
-+ kop.crk_param[7].crp_p = d;
-+ kop.crk_param[7].crp_nbits = d_len * 8;
-+ kop.crk_iparams = 8;
-+
-+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-+ /*
-+ * OCF success value is 0, if not zero, change ret to fail
-+ */
-+ if (0 == kop.crk_status)
-+ ret = 1;
-+ } else {
-+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+
-+ ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey);
-+ }
-+ kop.crk_param[0].crp_p = NULL;
-+ zapparams(&kop);
-+
-+ err:
-+ return ret;
-+}
-+
-+static int cryptodev_dh_keygen(DH *dh)
-+{
-+ struct crypt_kop kop;
-+ int ret = 1, g_len;
-+ unsigned char *g = NULL;
-+
-+ if (dh->priv_key == NULL) {
-+ if ((dh->priv_key = BN_new()) == NULL)
-+ goto sw_try;
-+ }
-+
-+ if (dh->pub_key == NULL) {
-+ if ((dh->pub_key = BN_new()) == NULL)
-+ goto sw_try;
-+ }
-+
-+ g_len = BN_num_bytes(dh->p);
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
-+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto sw_try;
-+ }
-+
-+ memset(&kop, 0, sizeof kop);
-+ kop.crk_op = CRK_DH_GENERATE_KEY;
-+ if (bn2crparam(dh->p, &kop.crk_param[0]))
-+ goto sw_try;
-+ if (bn2crparam(dh->q, &kop.crk_param[1]))
-+ goto sw_try;
-+ kop.crk_param[2].crp_p = g;
-+ kop.crk_param[2].crp_nbits = g_len * 8;
-+ kop.crk_iparams = 3;
-+
-+ /* pub_key is or prime length while priv key is of length of order */
-+ if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
-+ BN_num_bytes(dh->q), dh->priv_key))
-+ goto sw_try;
-+
-+ return ret;
-+ sw_try:
-+ {
-+ const DH_METHOD *meth = DH_OpenSSL();
-+ ret = (meth->generate_key) (dh);
-+ }
-+ return ret;
- }
-
- static int
-@@ -1610,41 +2431,236 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- {
- struct crypt_kop kop;
- int dhret = 1;
-- int fd, keylen;
-+ int fd, p_len;
-+ BIGNUM *temp = NULL;
-+ unsigned char *padded_pub_key = NULL, *p = NULL;
-+
-+ if ((fd = get_asym_dev_crypto()) < 0)
-+ goto sw_try;
-+
-+ memset(&kop, 0, sizeof kop);
-+ kop.crk_op = CRK_DH_COMPUTE_KEY;
-+ /* inputs: dh->priv_key pub_key dh->p key */
-+ spcf_bn2bin(dh->p, &p, &p_len);
-+ spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
-+ if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
-+ goto sw_try;
-+
-+ kop.crk_param[1].crp_p = padded_pub_key;
-+ kop.crk_param[1].crp_nbits = p_len * 8;
-+ kop.crk_param[2].crp_p = p;
-+ kop.crk_param[2].crp_nbits = p_len * 8;
-+ kop.crk_iparams = 3;
-+ kop.crk_param[3].crp_p = (void *)key;
-+ kop.crk_param[3].crp_nbits = p_len * 8;
-+ kop.crk_oparams = 1;
-+ dhret = p_len;
-+
-+ if (ioctl(fd, CIOCKEY, &kop))
-+ goto sw_try;
-+
-+ if ((temp = BN_new())) {
-+ if (!BN_bin2bn(key, p_len, temp)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto sw_try;
-+ }
-+ if (dhret > BN_num_bytes(temp))
-+ dhret = BN_bn2bin(temp, key);
-+ BN_free(temp);
-+ }
-
-- if ((fd = get_asym_dev_crypto()) < 0) {
-+ kop.crk_param[3].crp_p = NULL;
-+ zapparams(&kop);
-+ return (dhret);
-+ sw_try:
-+ {
- const DH_METHOD *meth = DH_OpenSSL();
-
-- return ((meth->compute_key) (key, pub_key, dh));
-+ dhret = (meth->compute_key) (key, pub_key, dh);
- }
-+ return (dhret);
-+}
-
-- keylen = BN_num_bits(dh->p);
-+int cryptodev_ecdh_compute_key(void *out, size_t outlen,
-+ const EC_POINT *pub_key, EC_KEY *ecdh,
-+ void *(*KDF) (const void *in, size_t inlen,
-+ void *out, size_t *outlen))
-+{
-+ ec_curve_t ec_crv = EC_PRIME;
-+ unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
-+ BIGNUM *w_x = NULL, *w_y = NULL;
-+ int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
-+ BIGNUM *p = NULL, *a = NULL, *b = NULL;
-+ BN_CTX *ctx;
-+ EC_POINT *tmp = NULL;
-+ BIGNUM *x = NULL, *y = NULL;
-+ const BIGNUM *priv_key;
-+ const EC_GROUP *group = NULL;
-+ int ret = -1;
-+ size_t buflen, len;
-+ struct crypt_kop kop;
-
- memset(&kop, 0, sizeof kop);
-- kop.crk_op = CRK_DH_COMPUTE_KEY;
-
-- /* inputs: dh->priv_key pub_key dh->p key */
-- if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
-+ if ((ctx = BN_CTX_new()) == NULL)
- goto err;
-- if (bn2crparam(pub_key, &kop.crk_param[1]))
-+ BN_CTX_start(ctx);
-+ x = BN_CTX_get(ctx);
-+ y = BN_CTX_get(ctx);
-+ p = BN_CTX_get(ctx);
-+ a = BN_CTX_get(ctx);
-+ b = BN_CTX_get(ctx);
-+ w_x = BN_CTX_get(ctx);
-+ w_y = BN_CTX_get(ctx);
-+
-+ if (!x || !y || !p || !a || !b || !w_x || !w_y) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
- goto err;
-- if (bn2crparam(dh->p, &kop.crk_param[2]))
-+ }
-+
-+ priv_key = EC_KEY_get0_private_key(ecdh);
-+ if (priv_key == NULL) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE);
- goto err;
-- kop.crk_iparams = 3;
-+ }
-
-- kop.crk_param[3].crp_p = (caddr_t) key;
-- kop.crk_param[3].crp_nbits = keylen * 8;
-- kop.crk_oparams = 1;
-+ group = EC_KEY_get0_group(ecdh);
-+ if ((tmp = EC_POINT_new(group)) == NULL) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-
-- if (ioctl(fd, CIOCKEY, &kop) == -1) {
-- const DH_METHOD *meth = DH_OpenSSL();
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_prime_field) {
-+ ec_crv = EC_PRIME;
-
-- dhret = (meth->compute_key) (key, pub_key, dh);
-+ if (!EC_POINT_get_affine_coordinates_GFp(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for prime curve */
-+ if (!EC_POINT_get_affine_coordinates_GFp
-+ (group, pub_key, w_x, w_y, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+ } else {
-+ ec_crv = EC_BINARY;
-+
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for binary curve */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ pub_key, w_x, w_y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
- }
-+
-+ /* irreducible polynomial that creates the field */
-+ if (spcf_bn2bin((BIGNUM *)&group->order, &r, &r_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the irreducible polynomial that creates the field */
-+ if (spcf_bn2bin(p, &q, &q_len)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* Get the public key into a flat buffer with appropriate padding */
-+ pub_key_len = 2 * q_len;
-+ w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len);
-+ if (!w_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Generation of ECC curve parameters */
-+ ab_len = 2 * q_len;
-+ ab = eng_copy_curve_points(a, b, ab_len, q_len);
-+ if (!ab) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ if (ec_crv == EC_BINARY) {
-+ /* copy b' i.e c(b), instead of only b */
-+ if (eng_ec_get_cparam
-+ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
-+ unsigned char *c_temp = NULL;
-+ int c_temp_len = q_len;
-+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+ memcpy(ab + q_len, c_temp, q_len);
-+ else
-+ goto err;
-+ }
-+ kop.curve_type = ECC_BINARY;
-+ } else
-+ kop.curve_type = ECC_PRIME;
-+
-+ priv_key_len = r_len;
-+
-+ /*
-+ * If BN_num_bytes of priv_key returns less then r_len then
-+ * add padding bytes before the key
-+ */
-+ if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ buflen = (EC_GROUP_get_degree(group) + 7) / 8;
-+ len = BN_num_bytes(x);
-+ if (len > buflen || q_len < buflen) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
-+ goto err;
-+ }
-+
-+ kop.crk_op = CRK_DH_COMPUTE_KEY;
-+ kop.crk_param[0].crp_p = (void *)s;
-+ kop.crk_param[0].crp_nbits = priv_key_len * 8;
-+ kop.crk_param[1].crp_p = (void *)w_xy;
-+ kop.crk_param[1].crp_nbits = pub_key_len * 8;
-+ kop.crk_param[2].crp_p = (void *)q;
-+ kop.crk_param[2].crp_nbits = q_len * 8;
-+ kop.crk_param[3].crp_p = (void *)ab;
-+ kop.crk_param[3].crp_nbits = ab_len * 8;
-+ kop.crk_iparams = 4;
-+ kop.crk_param[4].crp_p = (void *)out;
-+ kop.crk_param[4].crp_nbits = q_len * 8;
-+ kop.crk_oparams = 1;
-+ ret = q_len;
-+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL)) {
-+ const ECDH_METHOD *meth = ECDH_OpenSSL();
-+ ret = (meth->compute_key) (out, outlen, pub_key, ecdh, KDF);
-+ } else
-+ ret = q_len;
- err:
-- kop.crk_param[3].crp_p = NULL;
-+ kop.crk_param[4].crp_p = NULL;
- zapparams(&kop);
-- return (dhret);
-+ return ret;
- }
-
- static DH_METHOD cryptodev_dh = {
-@@ -1658,6 +2674,14 @@ static DH_METHOD cryptodev_dh = {
- NULL /* app_data */
- };
-
-+static ECDH_METHOD cryptodev_ecdh = {
-+ "cryptodev ECDH method",
-+ NULL, /* cryptodev_ecdh_compute_key */
-+ NULL,
-+ 0, /* flags */
-+ NULL /* app_data */
-+};
-+
- /*
- * ctrl right now is just a wrapper that doesn't do much
- * but I expect we'll want some options soon.
-@@ -1737,24 +2761,39 @@ void ENGINE_load_cryptodev(void)
- memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
- if (cryptodev_asymfeat & CRF_DSA_SIGN)
- cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
-- if (cryptodev_asymfeat & CRF_MOD_EXP) {
-- cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
-- cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
-- }
- if (cryptodev_asymfeat & CRF_DSA_VERIFY)
- cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
-+ if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY)
-+ cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen;
- }
-
- if (ENGINE_set_DH(engine, &cryptodev_dh)) {
- const DH_METHOD *dh_meth = DH_OpenSSL();
-+ memcpy(&cryptodev_dh, dh_meth, sizeof(DH_METHOD));
-+ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
-+ cryptodev_dh.compute_key = cryptodev_dh_compute_key;
-+ }
-+ if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) {
-+ cryptodev_dh.generate_key = cryptodev_dh_keygen;
-+ }
-+ }
-
-- cryptodev_dh.generate_key = dh_meth->generate_key;
-- cryptodev_dh.compute_key = dh_meth->compute_key;
-- cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
-- if (cryptodev_asymfeat & CRF_MOD_EXP) {
-- cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
-- if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
-- cryptodev_dh.compute_key = cryptodev_dh_compute_key;
-+ if (ENGINE_set_ECDSA(engine, &cryptodev_ecdsa)) {
-+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+ memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD));
-+ if (cryptodev_asymfeat & CRF_DSA_SIGN) {
-+ cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign;
-+ }
-+ if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
-+ cryptodev_ecdsa.ecdsa_do_verify = cryptodev_ecdsa_verify;
-+ }
-+ }
-+
-+ if (ENGINE_set_ECDH(engine, &cryptodev_ecdh)) {
-+ const ECDH_METHOD *ecdh_meth = ECDH_OpenSSL();
-+ memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD));
-+ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
-+ cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key;
- }
- }
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch
deleted file mode 100644
index 049f963..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From e9981377fe8e2081fcd5b4e43a5ef4d8f1cc1e67 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Tue, 11 Mar 2014 06:42:59 +0545
-Subject: [PATCH 06/48] Added hwrng dev file as source of RNG
-
-Upstream-status: Pending
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
----
- e_os.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/e_os.h b/e_os.h
-index 1fa36c1..6c0917b 100644
---- a/e_os.h
-+++ b/e_os.h
-@@ -82,7 +82,7 @@ extern "C" {
- * set this to a comma-separated list of 'random' device files to try out. My
- * default, we will try to read at least one of these files
- */
--# define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
-+# define DEVRANDOM "/dev/hwrng","/dev/urandom","/dev/random","/dev/srandom"
- # endif
- # ifndef DEVRANDOM_EGD
- /*
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
deleted file mode 100644
index 154ae80..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
+++ /dev/null
@@ -1,2050 +0,0 @@
-From ea28474ed5e1e21a6efba7570bf0d27d02923bce Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Tue, 11 Mar 2014 07:14:30 +0545
-Subject: [PATCH 07/48] Asynchronous interface added for PKC cryptodev
- interface
-
-Upstream-status: Pending
-
-Change-Id: Ia8974f793dc18a959ed6798dcdd7d3fad81cb7da
-Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
----
- crypto/crypto.h | 16 +
- crypto/dh/dh.h | 3 +
- crypto/dsa/dsa.h | 5 +
- crypto/ecdh/ech_locl.h | 3 +
- crypto/ecdsa/ecs_locl.h | 5 +
- crypto/engine/eng_cryptodev.c | 1598 +++++++++++++++++++++++++++++++++++++----
- crypto/engine/eng_int.h | 23 +
- crypto/engine/eng_lib.c | 46 ++
- crypto/engine/engine.h | 24 +
- crypto/rsa/rsa.h | 23 +
- 10 files changed, 1605 insertions(+), 141 deletions(-)
-
-diff --git a/crypto/crypto.h b/crypto/crypto.h
-index 6c644ce..2b4ec59 100644
---- a/crypto/crypto.h
-+++ b/crypto/crypto.h
-@@ -655,6 +655,22 @@ void ERR_load_CRYPTO_strings(void);
- # define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101
- # define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100
-
-+/* Additions for Asynchronous PKC Infrastructure */
-+struct pkc_cookie_s {
-+ void *cookie; /* To be filled by openssl library primitive method function caller */
-+ void *eng_cookie; /* To be filled by Engine */
-+ /*
-+ * Callback handler to be provided by caller. Ensure to pass a
-+ * handler which takes the crypto operation to completion.
-+ * cookie: Container cookie from library
-+ * status: Status of the crypto Job completion.
-+ * 0: Job handled without any issue
-+ * -EINVAL: Parameters Invalid
-+ */
-+ void (*pkc_callback)(struct pkc_cookie_s *cookie, int status);
-+ void *eng_handle;
-+};
-+
- #ifdef __cplusplus
- }
- #endif
-diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
-index a5bd901..31dd762 100644
---- a/crypto/dh/dh.h
-+++ b/crypto/dh/dh.h
-@@ -123,6 +123,9 @@ struct dh_method {
- int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-+ int (*compute_key_async)(unsigned char *key,const BIGNUM *pub_key,DH *dh,
-+ struct pkc_cookie_s *cookie);
-+ int (*generate_key_async)(DH *dh, struct pkc_cookie_s *cookie);
- int (*init) (DH *dh);
- int (*finish) (DH *dh);
- int flags;
-diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
-index 545358f..8584731 100644
---- a/crypto/dsa/dsa.h
-+++ b/crypto/dsa/dsa.h
-@@ -139,6 +139,10 @@ struct dsa_method {
- /* Can be null */
- int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-+ int (*dsa_do_sign_async)(const unsigned char *dgst, int dlen, DSA *dsa,
-+ DSA_SIG *sig, struct pkc_cookie_s *cookie);
-+ int (*dsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
-+ DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie);
- int (*init) (DSA *dsa);
- int (*finish) (DSA *dsa);
- int flags;
-@@ -150,6 +154,7 @@ struct dsa_method {
- BN_GENCB *cb);
- /* If this is non-NULL, it is used to generate DSA keys */
- int (*dsa_keygen) (DSA *dsa);
-+ int (*dsa_keygen_async)(DSA *dsa, struct pkc_cookie_s *cookie);
- };
-
- struct dsa_st {
-diff --git a/crypto/ecdh/ech_locl.h b/crypto/ecdh/ech_locl.h
-index 4e66024..502507b 100644
---- a/crypto/ecdh/ech_locl.h
-+++ b/crypto/ecdh/ech_locl.h
-@@ -68,6 +68,9 @@ struct ecdh_method {
- EC_KEY *ecdh, void *(*KDF) (const void *in,
- size_t inlen, void *out,
- size_t *outlen));
-+ int (*compute_key_async)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
-+ void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen),
-+ struct pkc_cookie_s *cookie);
- # if 0
- int (*init) (EC_KEY *eckey);
- int (*finish) (EC_KEY *eckey);
-diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h
-index d3a5efc..9b28c04 100644
---- a/crypto/ecdsa/ecs_locl.h
-+++ b/crypto/ecdsa/ecs_locl.h
-@@ -74,6 +74,11 @@ struct ecdsa_method {
- BIGNUM **r);
- int (*ecdsa_do_verify) (const unsigned char *dgst, int dgst_len,
- const ECDSA_SIG *sig, EC_KEY *eckey);
-+ int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len,
-+ const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey,
-+ ECDSA_SIG *sig, struct pkc_cookie_s *cookie);
-+ int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
-+ const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie);
- # if 0
- int (*init) (EC_KEY *eckey);
- int (*finish) (EC_KEY *eckey);
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index cc9b63b..90fe9b8 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1371,6 +1371,60 @@ static void zapparams(struct crypt_kop *kop)
- }
- }
-
-+/*
-+ * Any PKC request has at max 2 output parameters and they are stored here to
-+ * be used while copying in the check availability
-+ */
-+struct cryptodev_cookie_s {
-+ BIGNUM *r;
-+ struct crparam r_param;
-+ BIGNUM *s;
-+ struct crparam s_param;
-+ struct crypt_kop *kop;
-+};
-+
-+static int
-+cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
-+ BIGNUM *s)
-+{
-+ int fd;
-+ struct pkc_cookie_s *cookie = kop->cookie;
-+ struct cryptodev_cookie_s *eng_cookie;
-+
-+ fd = *(int *)cookie->eng_handle;
-+
-+ eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
-+
-+ if (eng_cookie) {
-+ memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
-+ if (r) {
-+ kop->crk_param[kop->crk_iparams].crp_p =
-+ calloc(rlen, sizeof(char));
-+ if (!kop->crk_param[kop->crk_iparams].crp_p)
-+ return -ENOMEM;
-+ kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
-+ kop->crk_oparams++;
-+ eng_cookie->r = r;
-+ eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
-+ }
-+ if (s) {
-+ kop->crk_param[kop->crk_iparams + 1].crp_p =
-+ calloc(slen, sizeof(char));
-+ if (!kop->crk_param[kop->crk_iparams + 1].crp_p)
-+ return -ENOMEM;
-+ kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
-+ kop->crk_oparams++;
-+ eng_cookie->s = s;
-+ eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
-+ }
-+ } else
-+ return -ENOMEM;
-+
-+ eng_cookie->kop = kop;
-+ cookie->eng_cookie = eng_cookie;
-+ return ioctl(fd, CIOCASYMASYNCRYPT, kop);
-+}
-+
- static int
- cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
- BIGNUM *s)
-@@ -1438,6 +1492,44 @@ void *cryptodev_init_instance(void)
- return fd;
- }
-
-+# include <poll.h>
-+
-+/* Return 0 on success and 1 on failure */
-+int cryptodev_check_availability(void *eng_handle)
-+{
-+ int fd = *(int *)eng_handle;
-+ struct pkc_cookie_list_s cookie_list;
-+ struct pkc_cookie_s *cookie;
-+ int i;
-+
-+ /* FETCH COOKIE returns number of cookies extracted */
-+ if (ioctl(fd, CIOCASYMFETCHCOOKIE, &cookie_list) <= 0)
-+ return 1;
-+
-+ for (i = 0; i < cookie_list.cookie_available; i++) {
-+ cookie = cookie_list.cookie[i];
-+ if (cookie) {
-+ struct cryptodev_cookie_s *eng_cookie = cookie->eng_cookie;
-+ if (eng_cookie) {
-+ struct crypt_kop *kop = eng_cookie->kop;
-+
-+ if (eng_cookie->r)
-+ crparam2bn(&eng_cookie->r_param, eng_cookie->r);
-+ if (eng_cookie->s)
-+ crparam2bn(&eng_cookie->s_param, eng_cookie->s);
-+ if (kop->crk_op == CRK_DH_COMPUTE_KEY)
-+ kop->crk_oparams = 0;
-+
-+ zapparams(eng_cookie->kop);
-+ free(eng_cookie->kop);
-+ free(eng_cookie);
-+ }
-+ cookie->pkc_callback(cookie, cookie_list.status[i]);
-+ }
-+ }
-+ return 0;
-+}
-+
- static int
- cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-@@ -1485,6 +1577,66 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- }
-
- static int
-+cryptodev_bn_mod_exp_async(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont,
-+ struct pkc_cookie_s *cookie)
-+{
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ int ret = 1;
-+
-+ /*
-+ * Currently, we know we can do mod exp iff we can do any asymmetric
-+ * operations at all.
-+ */
-+ if (cryptodev_asymfeat == 0 || !kop) {
-+ ret = BN_mod_exp(r, a, p, m, ctx);
-+ return (ret);
-+ }
-+
-+ kop->crk_oparams = 0;
-+ kop->crk_status = 0;
-+ kop->crk_op = CRK_MOD_EXP;
-+ kop->cookie = cookie;
-+ /* inputs: a^p % m */
-+ if (bn2crparam(a, &kop->crk_param[0]))
-+ goto err;
-+ if (bn2crparam(p, &kop->crk_param[1]))
-+ goto err;
-+ if (bn2crparam(m, &kop->crk_param[2]))
-+ goto err;
-+
-+ kop->crk_iparams = 3;
-+ if (cryptodev_asym_async(kop, BN_num_bytes(m), r, 0, NULL))
-+ goto err;
-+
-+ return ret;
-+ err:
-+ {
-+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-+
-+ if (kop)
-+ free(kop);
-+ ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
-+ if (ret)
-+ /* Call the completion handler immediately */
-+ cookie->pkc_callback(cookie, 0);
-+ }
-+ return ret;
-+}
-+
-+static int
-+cryptodev_rsa_nocrt_mod_exp_async(BIGNUM *r0, const BIGNUM *I,
-+ RSA *rsa, BN_CTX *ctx,
-+ struct pkc_cookie_s *cookie)
-+{
-+ int r;
-+ ctx = BN_CTX_new();
-+ r = cryptodev_bn_mod_exp_async(r0, I, rsa->d, rsa->n, ctx, NULL, cookie);
-+ BN_CTX_free(ctx);
-+ return r;
-+}
-+
-+static int
- cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
- BN_CTX *ctx)
- {
-@@ -1551,6 +1703,63 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- return (ret);
- }
-
-+static int
-+cryptodev_rsa_mod_exp_async(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
-+ BN_CTX *ctx, struct pkc_cookie_s *cookie)
-+{
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ int ret = 1, f_len, p_len, q_len;
-+ unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq =
-+ NULL, *c = NULL;
-+
-+ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp || !kop) {
-+ return (0);
-+ }
-+
-+ kop->crk_oparams = 0;
-+ kop->crk_status = 0;
-+ kop->crk_op = CRK_MOD_EXP_CRT;
-+ f_len = BN_num_bytes(rsa->n);
-+ spcf_bn2bin_ex(I, &f, &f_len);
-+ spcf_bn2bin(rsa->p, &p, &p_len);
-+ spcf_bn2bin(rsa->q, &q, &q_len);
-+ spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
-+ spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
-+ spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
-+ /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
-+ kop->crk_param[0].crp_p = p;
-+ kop->crk_param[0].crp_nbits = p_len * 8;
-+ kop->crk_param[1].crp_p = q;
-+ kop->crk_param[1].crp_nbits = q_len * 8;
-+ kop->crk_param[2].crp_p = f;
-+ kop->crk_param[2].crp_nbits = f_len * 8;
-+ kop->crk_param[3].crp_p = dp;
-+ kop->crk_param[3].crp_nbits = p_len * 8;
-+ /* dq must of length q, rest all of length p */
-+ kop->crk_param[4].crp_p = dq;
-+ kop->crk_param[4].crp_nbits = q_len * 8;
-+ kop->crk_param[5].crp_p = c;
-+ kop->crk_param[5].crp_nbits = p_len * 8;
-+ kop->crk_iparams = 6;
-+ kop->cookie = cookie;
-+ if (cryptodev_asym_async(kop, BN_num_bytes(rsa->n), r0, 0, NULL))
-+ goto err;
-+
-+ return ret;
-+ err:
-+ {
-+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-+
-+ if (kop)
-+ free(kop);
-+ ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
-+ if (ret)
-+ /* Call user completion handler immediately */
-+ cookie->pkc_callback(cookie, 0);
-+ }
-+ return (ret);
-+}
-+
- static RSA_METHOD cryptodev_rsa = {
- "cryptodev RSA method",
- NULL, /* rsa_pub_enc */
-@@ -1559,6 +1768,12 @@ static RSA_METHOD cryptodev_rsa = {
- NULL, /* rsa_priv_dec */
- NULL,
- NULL,
-+ NULL, /* rsa_pub_enc */
-+ NULL, /* rsa_pub_dec */
-+ NULL, /* rsa_priv_enc */
-+ NULL, /* rsa_priv_dec */
-+ NULL,
-+ NULL,
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
-@@ -1859,128 +2074,428 @@ static int cryptodev_dsa_keygen(DSA *dsa)
- return ret;
- }
-
--static DSA_METHOD cryptodev_dsa = {
-- "cryptodev DSA method",
-- NULL,
-- NULL, /* dsa_sign_setup */
-- NULL,
-- NULL, /* dsa_mod_exp */
-- NULL,
-- NULL, /* init */
-- NULL, /* finish */
-- 0, /* flags */
-- NULL /* app_data */
--};
-+/* Cryptodev DSA Key Gen routine */
-+static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie)
-+{
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ int ret = 1, g_len;
-+ unsigned char *g = NULL;
-
--static ECDSA_METHOD cryptodev_ecdsa = {
-- "cryptodev ECDSA method",
-- NULL,
-- NULL, /* ecdsa_sign_setup */
-- NULL,
-- NULL,
-- 0, /* flags */
-- NULL /* app_data */
--};
-+ if (!kop)
-+ goto sw_try;
-
--typedef enum ec_curve_s {
-- EC_PRIME,
-- EC_BINARY
--} ec_curve_t;
-+ if (dsa->priv_key == NULL) {
-+ if ((dsa->priv_key = BN_new()) == NULL)
-+ goto sw_try;
-+ }
-
--/* ENGINE handler for ECDSA Sign */
--static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
-- int dgst_len, const BIGNUM *in_kinv,
-- const BIGNUM *in_r, EC_KEY *eckey)
--{
-- BIGNUM *m = NULL, *p = NULL, *a = NULL;
-- BIGNUM *b = NULL, *x = NULL, *y = NULL;
-- BN_CTX *ctx = NULL;
-- ECDSA_SIG *ret = NULL;
-- ECDSA_DATA *ecdsa = NULL;
-- unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
-- unsigned char *s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst =
-- NULL;
-- int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
-- int g_len = 0, d_len = 0, ab_len = 0;
-- const BIGNUM *order = NULL, *priv_key = NULL;
-- const EC_GROUP *group = NULL;
-- struct crypt_kop kop;
-- ec_curve_t ec_crv = EC_PRIME;
-+ if (dsa->pub_key == NULL) {
-+ if ((dsa->pub_key = BN_new()) == NULL)
-+ goto sw_try;
-+ }
-
-- memset(&kop, 0, sizeof(kop));
-- ecdsa = ecdsa_check(eckey);
-- if (!ecdsa) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-- return NULL;
-+ g_len = BN_num_bytes(dsa->p);
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+ DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto sw_try;
- }
-
-- group = EC_KEY_get0_group(eckey);
-- priv_key = EC_KEY_get0_private_key(eckey);
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+ kop->crk_op = CRK_DSA_GENERATE_KEY;
-+ if (bn2crparam(dsa->p, &kop->crk_param[0]))
-+ goto sw_try;
-+ if (bn2crparam(dsa->q, &kop->crk_param[1]))
-+ goto sw_try;
-+ kop->crk_param[2].crp_p = g;
-+ kop->crk_param[2].crp_nbits = g_len * 8;
-+ kop->crk_iparams = 3;
-+ kop->cookie = cookie;
-
-- if (!group || !priv_key) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-- return NULL;
-+ /* pub_key is or prime length while priv key is of length of order */
-+ if (cryptodev_asym_async(kop, BN_num_bytes(dsa->p), dsa->pub_key,
-+ BN_num_bytes(dsa->q), dsa->priv_key))
-+ goto sw_try;
-+
-+ return ret;
-+ sw_try:
-+ {
-+ const DSA_METHOD *meth = DSA_OpenSSL();
-+
-+ if (kop)
-+ free(kop);
-+ ret = (meth->dsa_keygen) (dsa);
-+ cookie->pkc_callback(cookie, 0);
- }
-+ return ret;
-+}
-
-- if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-- (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-- (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-- (y = BN_new()) == NULL) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+static int
-+cryptodev_dsa_do_sign_async(const unsigned char *dgst, int dlen, DSA *dsa,
-+ DSA_SIG *sig, struct pkc_cookie_s *cookie)
-+{
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ DSA_SIG *dsaret = NULL;
-+ int q_len = 0, r_len = 0, g_len = 0;
-+ int priv_key_len = 0, ret = 1;
-+ unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f =
-+ NULL;
-+ if (((sig->r = BN_new()) == NULL) || !kop) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
-- order = &group->order;
-- if (!order || BN_is_zero(order)) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
-+ if ((sig->s = BN_new()) == NULL) {
-+ BN_free(sig->r);
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
-- i = BN_num_bits(order);
-- /*
-- * Need to truncate digest if it is too long: first truncate whole bytes
-- */
-- if (8 * dgst_len > i)
-- dgst_len = (i + 7) / 8;
--
-- if (!BN_bin2bn(dgst, dgst_len, m)) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ if (spcf_bn2bin(dsa->p, &q, &q_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
- goto err;
- }
-
-- /* If still too long truncate remaining bits with a shift */
-- if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ /* Get order of the field of private keys into plain buffer */
-+ if (spcf_bn2bin(dsa->q, &r, &r_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
-- /* copy the truncated bits into plain buffer */
-- if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
-- fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__,
-- __LINE__);
-+ /* sanity test */
-+ if (dlen > r_len) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
- goto err;
- }
-
-- ret = ECDSA_SIG_new();
-- if (!ret) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ g_len = q_len;
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
-- /* check if this is prime or binary EC request */
-- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-- NID_X9_62_prime_field) {
-- ec_crv = EC_PRIME;
-- /* get the generator point pair */
-- if (!EC_POINT_get_affine_coordinates_GFp
-- (group, EC_GROUP_get0_generator(group), x, y, ctx)) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-- goto err;
-- }
-+ priv_key_len = r_len;
-+ /**
-+ * Get private key into a plain buffer. If length is less than
-+ * r_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-
-- /* get the ECC curve parameters */
-- if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ /* Allocate memory to store hash. */
-+ f = OPENSSL_malloc(r_len);
-+ if (!f) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ if (dlen < r_len)
-+ memset(f, 0, r_len - dlen);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dlen, dgst, dlen);
-+
-+ dlen = r_len;
-+
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+ kop->crk_op = CRK_DSA_SIGN;
-+
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+ kop->crk_param[0].crp_p = (void *)f;
-+ kop->crk_param[0].crp_nbits = dlen * 8;
-+ kop->crk_param[1].crp_p = (void *)q;
-+ kop->crk_param[1].crp_nbits = q_len * 8;
-+ kop->crk_param[2].crp_p = (void *)r;
-+ kop->crk_param[2].crp_nbits = r_len * 8;
-+ kop->crk_param[3].crp_p = (void *)g;
-+ kop->crk_param[3].crp_nbits = g_len * 8;
-+ kop->crk_param[4].crp_p = (void *)priv_key;
-+ kop->crk_param[4].crp_nbits = priv_key_len * 8;
-+ kop->crk_iparams = 5;
-+ kop->cookie = cookie;
-+
-+ if (cryptodev_asym_async(kop, r_len, sig->r, r_len, sig->s))
-+ goto err;
-+
-+ return ret;
-+ err:
-+ {
-+ const DSA_METHOD *meth = DSA_OpenSSL();
-+
-+ if (kop)
-+ free(kop);
-+ BN_free(sig->r);
-+ BN_free(sig->s);
-+ dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);
-+ sig->r = dsaret->r;
-+ sig->s = dsaret->s;
-+ /* Call user callback immediately */
-+ cookie->pkc_callback(cookie, 0);
-+ ret = dsaret;
-+ }
-+ return ret;
-+}
-+
-+static int
-+cryptodev_dsa_verify_async(const unsigned char *dgst, int dlen,
-+ DSA_SIG *sig, DSA *dsa,
-+ struct pkc_cookie_s *cookie)
-+{
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ int q_len = 0, r_len = 0, g_len = 0;
-+ int w_len = 0, c_len = 0, d_len = 0, ret = 1;
-+ unsigned char *q = NULL, *r = NULL, *w = NULL, *g = NULL;
-+ unsigned char *c = NULL, *d = NULL, *f = NULL;
-+
-+ if (!kop)
-+ goto err;
-+
-+ if (spcf_bn2bin(dsa->p, &q, &q_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ return ret;
-+ }
-+
-+ /* Get Order of field of private keys */
-+ if (spcf_bn2bin(dsa->q, &r, &r_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ g_len = q_len;
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ w_len = q_len;
-+ /**
-+ * Get public key into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ /**
-+ * Get the 1st part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ c_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /**
-+ * Get the 2nd part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ d_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Sanity test */
-+ if (dlen > r_len) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Allocate memory to store hash. */
-+ f = OPENSSL_malloc(r_len);
-+ if (!f) {
-+ DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ if (dlen < r_len)
-+ memset(f, 0, r_len - dlen);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dlen, dgst, dlen);
-+
-+ dlen = r_len;
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
-+ kop->crk_param[0].crp_p = (void *)f;
-+ kop->crk_param[0].crp_nbits = dlen * 8;
-+ kop->crk_param[1].crp_p = q;
-+ kop->crk_param[1].crp_nbits = q_len * 8;
-+ kop->crk_param[2].crp_p = r;
-+ kop->crk_param[2].crp_nbits = r_len * 8;
-+ kop->crk_param[3].crp_p = g;
-+ kop->crk_param[3].crp_nbits = g_len * 8;
-+ kop->crk_param[4].crp_p = w;
-+ kop->crk_param[4].crp_nbits = w_len * 8;
-+ kop->crk_param[5].crp_p = c;
-+ kop->crk_param[5].crp_nbits = c_len * 8;
-+ kop->crk_param[6].crp_p = d;
-+ kop->crk_param[6].crp_nbits = d_len * 8;
-+ kop->crk_iparams = 7;
-+ kop->crk_op = CRK_DSA_VERIFY;
-+ kop->cookie = cookie;
-+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
-+ goto err;
-+
-+ return ret;
-+ err:
-+ {
-+ const DSA_METHOD *meth = DSA_OpenSSL();
-+
-+ if (kop)
-+ free(kop);
-+
-+ ret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
-+ cookie->pkc_callback(cookie, 0);
-+ }
-+ return ret;
-+}
-+
-+static DSA_METHOD cryptodev_dsa = {
-+ "cryptodev DSA method",
-+ NULL,
-+ NULL, /* dsa_sign_setup */
-+ NULL,
-+ NULL, /* dsa_mod_exp */
-+ NULL,
-+ NULL,
-+ NULL,
-+ NULL,
-+ NULL, /* init */
-+ NULL, /* finish */
-+ 0, /* flags */
-+ NULL /* app_data */
-+};
-+
-+static ECDSA_METHOD cryptodev_ecdsa = {
-+ "cryptodev ECDSA method",
-+ NULL,
-+ NULL, /* ecdsa_sign_setup */
-+ NULL,
-+ NULL,
-+ NULL,
-+ NULL,
-+ 0, /* flags */
-+ NULL /* app_data */
-+};
-+
-+typedef enum ec_curve_s {
-+ EC_PRIME,
-+ EC_BINARY
-+} ec_curve_t;
-+
-+/* ENGINE handler for ECDSA Sign */
-+static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
-+ int dgst_len, const BIGNUM *in_kinv,
-+ const BIGNUM *in_r, EC_KEY *eckey)
-+{
-+ BIGNUM *m = NULL, *p = NULL, *a = NULL;
-+ BIGNUM *b = NULL, *x = NULL, *y = NULL;
-+ BN_CTX *ctx = NULL;
-+ ECDSA_SIG *ret = NULL;
-+ ECDSA_DATA *ecdsa = NULL;
-+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
-+ unsigned char *s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst =
-+ NULL;
-+ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
-+ int g_len = 0, d_len = 0, ab_len = 0;
-+ const BIGNUM *order = NULL, *priv_key = NULL;
-+ const EC_GROUP *group = NULL;
-+ struct crypt_kop kop;
-+ ec_curve_t ec_crv = EC_PRIME;
-+
-+ memset(&kop, 0, sizeof(kop));
-+ ecdsa = ecdsa_check(eckey);
-+ if (!ecdsa) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+ return NULL;
-+ }
-+
-+ group = EC_KEY_get0_group(eckey);
-+ priv_key = EC_KEY_get0_private_key(eckey);
-+
-+ if (!group || !priv_key) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+ return NULL;
-+ }
-+
-+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+ (y = BN_new()) == NULL) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ order = &group->order;
-+ if (!order || BN_is_zero(order)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
-+ goto err;
-+ }
-+
-+ i = BN_num_bits(order);
-+ /*
-+ * Need to truncate digest if it is too long: first truncate whole bytes
-+ */
-+ if (8 * dgst_len > i)
-+ dgst_len = (i + 7) / 8;
-+
-+ if (!BN_bin2bn(dgst, dgst_len, m)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* If still too long truncate remaining bits with a shift */
-+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* copy the truncated bits into plain buffer */
-+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
-+ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__,
-+ __LINE__);
-+ goto err;
-+ }
-+
-+ ret = ECDSA_SIG_new();
-+ if (!ret) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* check if this is prime or binary EC request */
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_prime_field) {
-+ ec_crv = EC_PRIME;
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GFp
-+ (group, EC_GROUP_get0_generator(group), x, y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
- goto err;
- }
- } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-@@ -2325,54 +2840,588 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
- goto err;
- }
-
-- /* memory for message representative */
-- f = malloc(r_len);
-- if (!f) {
-- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-- goto err;
-+ /* memory for message representative */
-+ f = malloc(r_len);
-+ if (!f) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ memset(f, 0, r_len - dgst_len);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
-+ dgst_len += r_len - dgst_len;
-+ kop.crk_op = CRK_DSA_VERIFY;
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+ kop.crk_param[0].crp_p = f;
-+ kop.crk_param[0].crp_nbits = dgst_len * 8;
-+ kop.crk_param[1].crp_p = q;
-+ kop.crk_param[1].crp_nbits = q_len * 8;
-+ kop.crk_param[2].crp_p = r;
-+ kop.crk_param[2].crp_nbits = r_len * 8;
-+ kop.crk_param[3].crp_p = g_xy;
-+ kop.crk_param[3].crp_nbits = g_len * 8;
-+ kop.crk_param[4].crp_p = w_xy;
-+ kop.crk_param[4].crp_nbits = pub_key_len * 8;
-+ kop.crk_param[5].crp_p = ab;
-+ kop.crk_param[5].crp_nbits = ab_len * 8;
-+ kop.crk_param[6].crp_p = c;
-+ kop.crk_param[6].crp_nbits = d_len * 8;
-+ kop.crk_param[7].crp_p = d;
-+ kop.crk_param[7].crp_nbits = d_len * 8;
-+ kop.crk_iparams = 8;
-+
-+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-+ /*
-+ * OCF success value is 0, if not zero, change ret to fail
-+ */
-+ if (0 == kop.crk_status)
-+ ret = 1;
-+ } else {
-+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+
-+ ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey);
-+ }
-+ kop.crk_param[0].crp_p = NULL;
-+ zapparams(&kop);
-+
-+ err:
-+ return ret;
-+}
-+
-+static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst,
-+ int dgst_len, const BIGNUM *in_kinv,
-+ const BIGNUM *in_r, EC_KEY *eckey,
-+ ECDSA_SIG *sig,
-+ struct pkc_cookie_s *cookie)
-+{
-+ BIGNUM *m = NULL, *p = NULL, *a = NULL;
-+ BIGNUM *b = NULL, *x = NULL, *y = NULL;
-+ BN_CTX *ctx = NULL;
-+ ECDSA_SIG *sig_ret = NULL;
-+ ECDSA_DATA *ecdsa = NULL;
-+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
-+ unsigned char *s = NULL, *f = NULL, *tmp_dgst = NULL;
-+ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
-+ int g_len = 0, ab_len = 0, ret = 1;
-+ const BIGNUM *order = NULL, *priv_key = NULL;
-+ const EC_GROUP *group = NULL;
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ ec_curve_t ec_crv = EC_PRIME;
-+
-+ if (!(sig->r = BN_new()) || !kop)
-+ goto err;
-+ if ((sig->s = BN_new()) == NULL) {
-+ BN_free(r);
-+ goto err;
-+ }
-+
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+ ecdsa = ecdsa_check(eckey);
-+ if (!ecdsa) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+ goto err;
-+ }
-+
-+ group = EC_KEY_get0_group(eckey);
-+ priv_key = EC_KEY_get0_private_key(eckey);
-+
-+ if (!group || !priv_key) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+ goto err;
-+ }
-+
-+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+ (y = BN_new()) == NULL) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ order = &group->order;
-+ if (!order || BN_is_zero(order)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
-+ goto err;
-+ }
-+
-+ i = BN_num_bits(order);
-+ /*
-+ * Need to truncate digest if it is too long: first truncate whole bytes
-+ */
-+ if (8 * dgst_len > i)
-+ dgst_len = (i + 7) / 8;
-+
-+ if (!BN_bin2bn(dgst, dgst_len, m)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* If still too long truncate remaining bits with a shift */
-+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* copy the truncated bits into plain buffer */
-+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
-+ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__,
-+ __LINE__);
-+ goto err;
-+ }
-+
-+ /* check if this is prime or binary EC request */
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group))
-+ == NID_X9_62_prime_field) {
-+ ec_crv = EC_PRIME;
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GFp(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_characteristic_two_field) {
-+ ec_crv = EC_BINARY;
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else {
-+ printf("Unsupported Curve\n");
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ if (spcf_bn2bin(order, &r, &r_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ if (spcf_bn2bin(p, &q, &q_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ priv_key_len = r_len;
-+
-+ /**
-+ * If BN_num_bytes of priv_key returns less then r_len then
-+ * add padding bytes before the key
-+ */
-+ if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Generation of ECC curve parameters */
-+ ab_len = 2 * q_len;
-+ ab = eng_copy_curve_points(a, b, ab_len, q_len);
-+ if (!ab) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ if (ec_crv == EC_BINARY) {
-+ if (eng_ec_get_cparam
-+ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
-+ unsigned char *c_temp = NULL;
-+ int c_temp_len = q_len;
-+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+ memcpy(ab + q_len, c_temp, q_len);
-+ else
-+ goto err;
-+ }
-+ kop->curve_type = ECC_BINARY;
-+ }
-+
-+ /* Calculation of Generator point */
-+ g_len = 2 * q_len;
-+ g_xy = eng_copy_curve_points(x, y, g_len, q_len);
-+ if (!g_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* memory for message representative */
-+ f = malloc(r_len);
-+ if (!f) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ memset(f, 0, r_len - dgst_len);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
-+
-+ dgst_len += r_len - dgst_len;
-+
-+ kop->crk_op = CRK_DSA_SIGN;
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+ kop->crk_param[0].crp_p = f;
-+ kop->crk_param[0].crp_nbits = dgst_len * 8;
-+ kop->crk_param[1].crp_p = q;
-+ kop->crk_param[1].crp_nbits = q_len * 8;
-+ kop->crk_param[2].crp_p = r;
-+ kop->crk_param[2].crp_nbits = r_len * 8;
-+ kop->crk_param[3].crp_p = g_xy;
-+ kop->crk_param[3].crp_nbits = g_len * 8;
-+ kop->crk_param[4].crp_p = s;
-+ kop->crk_param[4].crp_nbits = priv_key_len * 8;
-+ kop->crk_param[5].crp_p = ab;
-+ kop->crk_param[5].crp_nbits = ab_len * 8;
-+ kop->crk_iparams = 6;
-+ kop->cookie = cookie;
-+
-+ if (cryptodev_asym_async(kop, r_len, sig->r, r_len, sig->s))
-+ goto err;
-+
-+ return ret;
-+ err:
-+ {
-+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+ BN_free(sig->r);
-+ BN_free(sig->s);
-+ if (kop)
-+ free(kop);
-+ sig_ret =
-+ (meth->ecdsa_do_sign) (dgst, dgst_len, in_kinv, in_r, eckey);
-+ sig->r = sig_ret->r;
-+ sig->s = sig_ret->s;
-+ cookie->pkc_callback(cookie, 0);
-+ }
-+ return ret;
-+}
-+
-+static int cryptodev_ecdsa_verify_async(const unsigned char *dgst,
-+ int dgst_len, const ECDSA_SIG *sig,
-+ EC_KEY *eckey,
-+ struct pkc_cookie_s *cookie)
-+{
-+ BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL;
-+ BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
-+ BN_CTX *ctx = NULL;
-+ ECDSA_DATA *ecdsa = NULL;
-+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy =
-+ NULL;
-+ unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
-+ int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0;
-+ int d_len = 0, ab_len = 0, ret = 1;
-+ const EC_POINT *pub_key = NULL;
-+ const BIGNUM *order = NULL;
-+ const EC_GROUP *group = NULL;
-+ ec_curve_t ec_crv = EC_PRIME;
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+
-+ if (!kop)
-+ goto err;
-+
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+ ecdsa = ecdsa_check(eckey);
-+ if (!ecdsa) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
-+ goto err;
-+ }
-+
-+ group = EC_KEY_get0_group(eckey);
-+ pub_key = EC_KEY_get0_public_key(eckey);
-+
-+ if (!group || !pub_key) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
-+ goto err;
-+ }
-+
-+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+ (y = BN_new()) == NULL || (w_x = BN_new()) == NULL ||
-+ (w_y = BN_new()) == NULL) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ order = &group->order;
-+ if (!order || BN_is_zero(order)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
-+ goto err;
-+ }
-+
-+ i = BN_num_bits(order);
-+ /*
-+ * Need to truncate digest if it is too long: first truncate whole *
-+ * bytes
-+ */
-+ if (8 * dgst_len > i)
-+ dgst_len = (i + 7) / 8;
-+
-+ if (!BN_bin2bn(dgst, dgst_len, m)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* If still too long truncate remaining bits with a shift */
-+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+ /* copy the truncated bits into plain buffer */
-+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* check if this is prime or binary EC request */
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_prime_field) {
-+ ec_crv = EC_PRIME;
-+
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GFp(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for prime curve */
-+ if (!EC_POINT_get_affine_coordinates_GFp(group,
-+ pub_key, w_x, w_y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_characteristic_two_field) {
-+ ec_crv = EC_BINARY;
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the generator point pair */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for binary curve */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ pub_key, w_x, w_y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ } else {
-+ printf("Unsupported Curve\n");
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+
-+ /* Get the order of the subgroup of private keys */
-+ if (spcf_bn2bin((BIGNUM *)order, &r, &r_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the irreducible polynomial that creates the field */
-+ if (spcf_bn2bin(p, &q, &q_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the public key into a flat buffer with appropriate padding */
-+ pub_key_len = 2 * q_len;
-+
-+ w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len);
-+ if (!w_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Generation of ECC curve parameters */
-+ ab_len = 2 * q_len;
-+
-+ ab = eng_copy_curve_points(a, b, ab_len, q_len);
-+ if (!ab) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ if (ec_crv == EC_BINARY) {
-+ /* copy b' i.e c(b), instead of only b */
-+ eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab + q_len, q_len);
-+ kop->curve_type = ECC_BINARY;
-+ }
-+
-+ /* Calculation of Generator point */
-+ g_len = 2 * q_len;
-+
-+ g_xy = eng_copy_curve_points(x, y, g_len, q_len);
-+ if (!g_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /**
-+ * Get the 1st part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ if (BN_num_bytes(sig->r) < r_len)
-+ c_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /**
-+ * Get the 2nd part of signature into a flat buffer with
-+ * appropriate padding
-+ */
-+ if (BN_num_bytes(sig->s) < r_len)
-+ d_len = r_len;
-+
-+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* memory for message representative */
-+ f = malloc(r_len);
-+ if (!f) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Add padding, since SEC expects hash to of size r_len */
-+ memset(f, 0, r_len - dgst_len);
-+
-+ /* Skip leading bytes if dgst_len < r_len */
-+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
-+
-+ dgst_len += r_len - dgst_len;
-+
-+ kop->crk_op = CRK_DSA_VERIFY;
-+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+ kop->crk_param[0].crp_p = f;
-+ kop->crk_param[0].crp_nbits = dgst_len * 8;
-+ kop->crk_param[1].crp_p = q;
-+ kop->crk_param[1].crp_nbits = q_len * 8;
-+ kop->crk_param[2].crp_p = r;
-+ kop->crk_param[2].crp_nbits = r_len * 8;
-+ kop->crk_param[3].crp_p = g_xy;
-+ kop->crk_param[3].crp_nbits = g_len * 8;
-+ kop->crk_param[4].crp_p = w_xy;
-+ kop->crk_param[4].crp_nbits = pub_key_len * 8;
-+ kop->crk_param[5].crp_p = ab;
-+ kop->crk_param[5].crp_nbits = ab_len * 8;
-+ kop->crk_param[6].crp_p = c;
-+ kop->crk_param[6].crp_nbits = d_len * 8;
-+ kop->crk_param[7].crp_p = d;
-+ kop->crk_param[7].crp_nbits = d_len * 8;
-+ kop->crk_iparams = 8;
-+ kop->cookie = cookie;
-+
-+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
-+ goto err;
-+
-+ return ret;
-+ err:
-+ {
-+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+
-+ if (kop)
-+ free(kop);
-+ ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey);
-+ cookie->pkc_callback(cookie, 0);
-+ }
-+
-+ return ret;
-+}
-+
-+/* Cryptodev DH Key Gen routine */
-+static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie)
-+{
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ int ret = 1, g_len;
-+ unsigned char *g = NULL;
-+
-+ if (!kop)
-+ goto sw_try;
-+
-+ if (dh->priv_key == NULL) {
-+ if ((dh->priv_key = BN_new()) == NULL)
-+ goto sw_try;
-+ }
-+
-+ if (dh->pub_key == NULL) {
-+ if ((dh->pub_key = BN_new()) == NULL)
-+ goto sw_try;
-+ }
-+
-+ g_len = BN_num_bytes(dh->p);
-+ /**
-+ * Get generator into a plain buffer. If length is less than
-+ * q_len then add leading padding bytes.
-+ */
-+ if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
-+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto sw_try;
- }
-
-- /* Add padding, since SEC expects hash to of size r_len */
-- memset(f, 0, r_len - dgst_len);
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+ kop->crk_op = CRK_DH_GENERATE_KEY;
-+ if (bn2crparam(dh->p, &kop->crk_param[0]))
-+ goto sw_try;
-+ if (bn2crparam(dh->q, &kop->crk_param[1]))
-+ goto sw_try;
-+ kop->crk_param[2].crp_p = g;
-+ kop->crk_param[2].crp_nbits = g_len * 8;
-+ kop->crk_iparams = 3;
-+ kop->cookie = cookie;
-
-- /* Skip leading bytes if dgst_len < r_len */
-- memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
-- dgst_len += r_len - dgst_len;
-- kop.crk_op = CRK_DSA_VERIFY;
-- /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-- kop.crk_param[0].crp_p = f;
-- kop.crk_param[0].crp_nbits = dgst_len * 8;
-- kop.crk_param[1].crp_p = q;
-- kop.crk_param[1].crp_nbits = q_len * 8;
-- kop.crk_param[2].crp_p = r;
-- kop.crk_param[2].crp_nbits = r_len * 8;
-- kop.crk_param[3].crp_p = g_xy;
-- kop.crk_param[3].crp_nbits = g_len * 8;
-- kop.crk_param[4].crp_p = w_xy;
-- kop.crk_param[4].crp_nbits = pub_key_len * 8;
-- kop.crk_param[5].crp_p = ab;
-- kop.crk_param[5].crp_nbits = ab_len * 8;
-- kop.crk_param[6].crp_p = c;
-- kop.crk_param[6].crp_nbits = d_len * 8;
-- kop.crk_param[7].crp_p = d;
-- kop.crk_param[7].crp_nbits = d_len * 8;
-- kop.crk_iparams = 8;
-+ /* pub_key is or prime length while priv key is of length of order */
-+ if (cryptodev_asym_async(kop, BN_num_bytes(dh->p), dh->pub_key,
-+ BN_num_bytes(dh->q), dh->priv_key))
-+ goto sw_try;
-
-- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-- /*
-- * OCF success value is 0, if not zero, change ret to fail
-- */
-- if (0 == kop.crk_status)
-- ret = 1;
-- } else {
-- const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+ return ret;
-+ sw_try:
-+ {
-+ const DH_METHOD *meth = DH_OpenSSL();
-
-- ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey);
-+ if (kop)
-+ free(kop);
-+ ret = (meth->generate_key) (dh);
-+ cookie->pkc_callback(cookie, 0);
- }
-- kop.crk_param[0].crp_p = NULL;
-- zapparams(&kop);
--
-- err:
- return ret;
- }
-
-@@ -2481,6 +3530,54 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- return (dhret);
- }
-
-+/* Return Length if successful and 0 on failure */
-+static int
-+cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
-+ DH *dh, struct pkc_cookie_s *cookie)
-+{
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ int ret = 1;
-+ int fd, p_len;
-+ unsigned char *padded_pub_key = NULL, *p = NULL;
-+
-+ fd = *(int *)cookie->eng_handle;
-+
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+ kop->crk_op = CRK_DH_COMPUTE_KEY;
-+ /* inputs: dh->priv_key pub_key dh->p key */
-+ spcf_bn2bin(dh->p, &p, &p_len);
-+ spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
-+
-+ if (bn2crparam(dh->priv_key, &kop->crk_param[0]))
-+ goto err;
-+ kop->crk_param[1].crp_p = padded_pub_key;
-+ kop->crk_param[1].crp_nbits = p_len * 8;
-+ kop->crk_param[2].crp_p = p;
-+ kop->crk_param[2].crp_nbits = p_len * 8;
-+ kop->crk_iparams = 3;
-+
-+ kop->cookie = cookie;
-+ kop->crk_param[3].crp_p = (void *)key;
-+ kop->crk_param[3].crp_nbits = p_len * 8;
-+ kop->crk_oparams = 1;
-+
-+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
-+ goto err;
-+
-+ return p_len;
-+ err:
-+ {
-+ const DH_METHOD *meth = DH_OpenSSL();
-+
-+ if (kop)
-+ free(kop);
-+ ret = (meth->compute_key) (key, pub_key, dh);
-+ /* Call user cookie handler */
-+ cookie->pkc_callback(cookie, 0);
-+ }
-+ return (ret);
-+}
-+
- int cryptodev_ecdh_compute_key(void *out, size_t outlen,
- const EC_POINT *pub_key, EC_KEY *ecdh,
- void *(*KDF) (const void *in, size_t inlen,
-@@ -2663,6 +3760,197 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
- return ret;
- }
-
-+int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
-+ const EC_POINT *pub_key, EC_KEY *ecdh,
-+ void *(*KDF) (const void *in,
-+ size_t inlen, void *out,
-+ size_t *outlen),
-+ struct pkc_cookie_s *cookie)
-+{
-+ ec_curve_t ec_crv = EC_PRIME;
-+ unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
-+ BIGNUM *w_x = NULL, *w_y = NULL;
-+ int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
-+ BIGNUM *p = NULL, *a = NULL, *b = NULL;
-+ BN_CTX *ctx;
-+ EC_POINT *tmp = NULL;
-+ BIGNUM *x = NULL, *y = NULL;
-+ const BIGNUM *priv_key;
-+ const EC_GROUP *group = NULL;
-+ int ret = 1;
-+ size_t buflen, len;
-+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+
-+ if (!(ctx = BN_CTX_new()) || !kop)
-+ goto err;
-+
-+ memset(kop, 0, sizeof(struct crypt_kop));
-+
-+ BN_CTX_start(ctx);
-+ x = BN_CTX_get(ctx);
-+ y = BN_CTX_get(ctx);
-+ p = BN_CTX_get(ctx);
-+ a = BN_CTX_get(ctx);
-+ b = BN_CTX_get(ctx);
-+ w_x = BN_CTX_get(ctx);
-+ w_y = BN_CTX_get(ctx);
-+
-+ if (!x || !y || !p || !a || !b || !w_x || !w_y) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ priv_key = EC_KEY_get0_private_key(ecdh);
-+ if (priv_key == NULL) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE);
-+ goto err;
-+ }
-+
-+ group = EC_KEY_get0_group(ecdh);
-+ if ((tmp = EC_POINT_new(group)) == NULL) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+ NID_X9_62_prime_field) {
-+ ec_crv = EC_PRIME;
-+
-+ if (!EC_POINT_get_affine_coordinates_GFp(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for prime curve */
-+ if (!EC_POINT_get_affine_coordinates_GFp
-+ (group, pub_key, w_x, w_y, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+ } else {
-+ ec_crv = EC_BINARY;
-+
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ EC_GROUP_get0_generator
-+ (group), x, y, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* get the ECC curve parameters */
-+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* get the public key pair for binary curve */
-+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+ pub_key, w_x, w_y, ctx)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+ goto err;
-+ }
-+ }
-+
-+ /* irreducible polynomial that creates the field */
-+ if (spcf_bn2bin((BIGNUM *)&group->order, &r, &r_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Get the irreducible polynomial that creates the field */
-+ if (spcf_bn2bin(p, &q, &q_len)) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* Get the public key into a flat buffer with appropriate padding */
-+ pub_key_len = 2 * q_len;
-+ w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len);
-+ if (!w_xy) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ /* Generation of ECC curve parameters */
-+ ab_len = 2 * q_len;
-+ ab = eng_copy_curve_points(a, b, ab_len, q_len);
-+ if (!ab) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ if (ec_crv == EC_BINARY) {
-+ /* copy b' i.e c(b), instead of only b */
-+ if (eng_ec_get_cparam
-+ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
-+ unsigned char *c_temp = NULL;
-+ int c_temp_len = q_len;
-+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+ memcpy(ab + q_len, c_temp, q_len);
-+ else
-+ goto err;
-+ }
-+ kop->curve_type = ECC_BINARY;
-+ } else
-+ kop->curve_type = ECC_PRIME;
-+
-+ priv_key_len = r_len;
-+
-+ /*
-+ * If BN_num_bytes of priv_key returns less then r_len then
-+ * add padding bytes before the key
-+ */
-+ if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) {
-+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ buflen = (EC_GROUP_get_degree(group) + 7) / 8;
-+ len = BN_num_bytes(x);
-+ if (len > buflen || q_len < buflen) {
-+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
-+ goto err;
-+ }
-+
-+ kop->crk_op = CRK_DH_COMPUTE_KEY;
-+ kop->crk_param[0].crp_p = (void *)s;
-+ kop->crk_param[0].crp_nbits = priv_key_len * 8;
-+ kop->crk_param[1].crp_p = (void *)w_xy;
-+ kop->crk_param[1].crp_nbits = pub_key_len * 8;
-+ kop->crk_param[2].crp_p = (void *)q;
-+ kop->crk_param[2].crp_nbits = q_len * 8;
-+ kop->crk_param[3].crp_p = (void *)ab;
-+ kop->crk_param[3].crp_nbits = ab_len * 8;
-+ kop->crk_iparams = 4;
-+ kop->crk_param[4].crp_p = (void *)out;
-+ kop->crk_param[4].crp_nbits = q_len * 8;
-+ kop->crk_oparams = 1;
-+ kop->cookie = cookie;
-+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
-+ goto err;
-+
-+ return q_len;
-+ err:
-+ {
-+ const ECDH_METHOD *meth = ECDH_OpenSSL();
-+
-+ if (kop)
-+ free(kop);
-+ ret = (meth->compute_key) (out, outlen, pub_key, ecdh, KDF);
-+ /* Call user cookie handler */
-+ cookie->pkc_callback(cookie, 0);
-+ }
-+ return ret;
-+}
-+
- static DH_METHOD cryptodev_dh = {
- "cryptodev DH method",
- NULL, /* cryptodev_dh_generate_key */
-@@ -2670,6 +3958,8 @@ static DH_METHOD cryptodev_dh = {
- NULL,
- NULL,
- NULL,
-+ NULL,
-+ NULL,
- 0, /* flags */
- NULL /* app_data */
- };
-@@ -2678,6 +3968,7 @@ static ECDH_METHOD cryptodev_ecdh = {
- "cryptodev ECDH method",
- NULL, /* cryptodev_ecdh_compute_key */
- NULL,
-+ NULL,
- 0, /* flags */
- NULL /* app_data */
- };
-@@ -2748,10 +4039,15 @@ void ENGINE_load_cryptodev(void)
- cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
- if (cryptodev_asymfeat & CRF_MOD_EXP) {
- cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
-- if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
-+ cryptodev_rsa.bn_mod_exp_async = cryptodev_bn_mod_exp_async;
-+ if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) {
- cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_mod_exp;
-- else
-+ cryptodev_rsa.rsa_mod_exp_async = cryptodev_rsa_mod_exp_async;
-+ } else {
- cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_nocrt_mod_exp;
-+ cryptodev_rsa.rsa_mod_exp_async =
-+ cryptodev_rsa_nocrt_mod_exp_async;
-+ }
- }
- }
-
-@@ -2759,12 +4055,18 @@ void ENGINE_load_cryptodev(void)
- const DSA_METHOD *meth = DSA_OpenSSL();
-
- memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
-- if (cryptodev_asymfeat & CRF_DSA_SIGN)
-+ if (cryptodev_asymfeat & CRF_DSA_SIGN) {
- cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
-- if (cryptodev_asymfeat & CRF_DSA_VERIFY)
-+ cryptodev_dsa.dsa_do_sign_async = cryptodev_dsa_do_sign_async;
-+ }
-+ if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
- cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
-- if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY)
-+ cryptodev_dsa.dsa_do_verify_async = cryptodev_dsa_verify_async;
-+ }
-+ if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) {
- cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen;
-+ cryptodev_dsa.dsa_keygen_async = cryptodev_dsa_keygen_async;
-+ }
- }
-
- if (ENGINE_set_DH(engine, &cryptodev_dh)) {
-@@ -2772,9 +4074,12 @@ void ENGINE_load_cryptodev(void)
- memcpy(&cryptodev_dh, dh_meth, sizeof(DH_METHOD));
- if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
- cryptodev_dh.compute_key = cryptodev_dh_compute_key;
-+ cryptodev_dh.compute_key_async = cryptodev_dh_compute_key_async;
- }
- if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) {
- cryptodev_dh.generate_key = cryptodev_dh_keygen;
-+ cryptodev_dh.generate_key_async = cryptodev_dh_keygen_async;
-+
- }
- }
-
-@@ -2783,9 +4088,13 @@ void ENGINE_load_cryptodev(void)
- memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD));
- if (cryptodev_asymfeat & CRF_DSA_SIGN) {
- cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign;
-+ cryptodev_ecdsa.ecdsa_do_sign_async =
-+ cryptodev_ecdsa_do_sign_async;
- }
- if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
- cryptodev_ecdsa.ecdsa_do_verify = cryptodev_ecdsa_verify;
-+ cryptodev_ecdsa.ecdsa_do_verify_async =
-+ cryptodev_ecdsa_verify_async;
- }
- }
-
-@@ -2794,9 +4103,16 @@ void ENGINE_load_cryptodev(void)
- memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD));
- if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
- cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key;
-+ cryptodev_ecdh.compute_key_async =
-+ cryptodev_ecdh_compute_key_async;
- }
- }
-
-+ ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability);
-+ ENGINE_set_close_instance(engine, cryptodev_close_instance);
-+ ENGINE_set_init_instance(engine, cryptodev_init_instance);
-+ ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC);
-+
- ENGINE_add(engine);
- ENGINE_free(engine);
- ERR_clear_error();
-diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
-index 46f163b..b698a0c 100644
---- a/crypto/engine/eng_int.h
-+++ b/crypto/engine/eng_int.h
-@@ -198,6 +198,29 @@ struct engine_st {
- ENGINE_LOAD_KEY_PTR load_privkey;
- ENGINE_LOAD_KEY_PTR load_pubkey;
- ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
-+ /*
-+ * Instantiate Engine handle to be passed in check_pkc_availability
-+ * Ensure that Engine is instantiated before any pkc asynchronous call.
-+ */
-+ void *(*engine_init_instance)(void);
-+ /*
-+ * Instantiated Engine handle will be closed with this call.
-+ * Ensure that no pkc asynchronous call is made after this call
-+ */
-+ void (*engine_close_instance)(void *handle);
-+ /*
-+ * Check availability will extract the data from kernel.
-+ * eng_handle: This is the Engine handle corresponds to which
-+ * the cookies needs to be polled.
-+ * return 0 if cookie available else 1
-+ */
-+ int (*check_pkc_availability)(void *eng_handle);
-+ /*
-+ * The following map is used to check if the engine supports asynchronous implementation
-+ * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous
-+ * implementation need to check this features using "int ENGINE_get_async_map(engine *)";
-+ */
-+ int async_map;
- const ENGINE_CMD_DEFN *cmd_defns;
- int flags;
- /* reference count on the structure itself */
-diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
-index dc2abd2..0c57e12 100644
---- a/crypto/engine/eng_lib.c
-+++ b/crypto/engine/eng_lib.c
-@@ -100,7 +100,11 @@ void engine_set_all_null(ENGINE *e)
- e->ctrl = NULL;
- e->load_privkey = NULL;
- e->load_pubkey = NULL;
-+ e->check_pkc_availability = NULL;
-+ e->engine_init_instance = NULL;
-+ e->engine_close_instance = NULL;
- e->cmd_defns = NULL;
-+ e->async_map = 0;
- e->flags = 0;
- }
-
-@@ -246,6 +250,48 @@ int ENGINE_set_id(ENGINE *e, const char *id)
- }
- e->id = id;
- return 1;
-+ }
-+
-+void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void))
-+ {
-+ e->engine_init_instance = engine_init_instance;
-+ }
-+
-+void ENGINE_set_close_instance(ENGINE *e,
-+ void (*engine_close_instance)(void *))
-+ {
-+ e->engine_close_instance = engine_close_instance;
-+ }
-+
-+void ENGINE_set_async_map(ENGINE *e, int async_map)
-+ {
-+ e->async_map = async_map;
-+ }
-+
-+void *ENGINE_init_instance(ENGINE *e)
-+ {
-+ return e->engine_init_instance();
-+ }
-+
-+void ENGINE_close_instance(ENGINE *e, void *eng_handle)
-+ {
-+ e->engine_close_instance(eng_handle);
-+ }
-+
-+int ENGINE_get_async_map(ENGINE *e)
-+ {
-+ return e->async_map;
-+ }
-+
-+void ENGINE_set_check_pkc_availability(ENGINE *e,
-+ int (*check_pkc_availability)(void *eng_handle))
-+ {
-+ e->check_pkc_availability = check_pkc_availability;
-+ }
-+
-+int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle)
-+ {
-+ return e->check_pkc_availability(eng_handle);
- }
-
- int ENGINE_set_name(ENGINE *e, const char *name)
-diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
-index 020d912..4527aa1 100644
---- a/crypto/engine/engine.h
-+++ b/crypto/engine/engine.h
-@@ -551,6 +551,30 @@ ENGINE *ENGINE_new(void);
- int ENGINE_free(ENGINE *e);
- int ENGINE_up_ref(ENGINE *e);
- int ENGINE_set_id(ENGINE *e, const char *id);
-+void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void));
-+void ENGINE_set_close_instance(ENGINE *e,
-+ void (*engine_free_instance)(void *));
-+/*
-+ * Following FLAGS are bitmap store in async_map to set asynchronous interface capability
-+ *of the engine
-+ */
-+#define ENGINE_RSA_ASYNC 0x0001
-+#define ENGINE_DSA_ASYNC 0x0002
-+#define ENGINE_DH_ASYNC 0x0004
-+#define ENGINE_ECDSA_ASYNC 0x0008
-+#define ENGINE_ECDH_ASYNC 0x0010
-+#define ENGINE_ALLPKC_ASYNC 0x001F
-+/* Engine implementation will set the bitmap based on above flags using following API */
-+void ENGINE_set_async_map(ENGINE *e, int async_map);
-+ /* Application need to check the bitmap based on above flags using following API
-+ * to confirm asynchronous methods supported
-+ */
-+int ENGINE_get_async_map(ENGINE *e);
-+void *ENGINE_init_instance(ENGINE *e);
-+void ENGINE_close_instance(ENGINE *e, void *eng_handle);
-+void ENGINE_set_check_pkc_availability(ENGINE *e,
-+ int (*check_pkc_availability)(void *eng_handle));
-+int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle);
- int ENGINE_set_name(ENGINE *e, const char *name);
- int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
- int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
-diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
-index d2ee374..7c539fc 100644
---- a/crypto/rsa/rsa.h
-+++ b/crypto/rsa/rsa.h
-@@ -97,6 +97,29 @@ struct rsa_meth_st {
- /* Can be null */
- int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-+ /*
-+ * Cookie in the following _async variant must be allocated before
-+ * submission and can be freed once its corresponding callback
-+ * handler is called
-+ */
-+ int (*rsa_pub_enc_asyn)(int flen,const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding,
-+ struct pkc_cookie_s *cookie);
-+ int (*rsa_pub_dec_async)(int flen,const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding,
-+ struct pkc_cookie_s *cookie);
-+ int (*rsa_priv_enc_async)(int flen,const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding,
-+ struct pkc_cookie_s *cookie);
-+ int (*rsa_priv_dec_async)(int flen,const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding,
-+ struct pkc_cookie_s *cookie);
-+ int (*rsa_mod_exp_async)(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
-+ BN_CTX *ctx, struct pkc_cookie_s *cookie);
-+ int (*bn_mod_exp_async)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-+ const BIGNUM *m, BN_CTX *ctx,
-+ BN_MONT_CTX *m_ctx, struct pkc_cookie_s *cookie);
-+
- /* called at new */
- int (*init) (RSA *rsa);
- /* called at free */
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
deleted file mode 100644
index 070b93a..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
+++ /dev/null
@@ -1,155 +0,0 @@
-From 73629969c6fe54529441530674b061ce31a41d93 Mon Sep 17 00:00:00 2001
-From: Hou Zhiqiang <B48286 at freescale.com>
-Date: Wed, 2 Apr 2014 16:10:43 +0800
-Subject: [PATCH 08/48] Add RSA keygen operation and support gendsa command
- with hardware engine
-
-Upstream-status: Pending
-
-Signed-off-by: Hou Zhiqiang <B48286 at freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 120 ++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 120 insertions(+)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 90fe9b8..8c9ad5c 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2022,6 +2022,124 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
- }
- }
-
-+/* Cryptodev RSA Key Gen routine */
-+static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
-+{
-+ struct crypt_kop kop;
-+ int ret, fd;
-+ int p_len, q_len;
-+ int i;
-+
-+ if ((fd = get_asym_dev_crypto()) < 0)
-+ return fd;
-+
-+ if (!rsa->n && ((rsa->n = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->d && ((rsa->d = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->e && ((rsa->e = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->p && ((rsa->p = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->q && ((rsa->q = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->dmp1 && ((rsa->dmp1 = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->dmq1 && ((rsa->dmq1 = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL))
-+ goto err;
-+
-+ BN_copy(rsa->e, e);
-+
-+ p_len = (bits + 1) / (2 * 8);
-+ q_len = (bits - p_len * 8) / 8;
-+ memset(&kop, 0, sizeof kop);
-+ kop.crk_op = CRK_RSA_GENERATE_KEY;
-+
-+ /* p length */
-+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
-+ if (!kop.crk_param[kop.crk_iparams].crp_p)
-+ goto err;
-+ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
-+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
-+ kop.crk_iparams++;
-+ kop.crk_oparams++;
-+ /* q length */
-+ kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
-+ if (!kop.crk_param[kop.crk_iparams].crp_p)
-+ goto err;
-+ kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
-+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
-+ kop.crk_iparams++;
-+ kop.crk_oparams++;
-+ /* n length */
-+ kop.crk_param[kop.crk_iparams].crp_p =
-+ calloc(p_len + q_len + 1, sizeof(char));
-+ if (!kop.crk_param[kop.crk_iparams].crp_p)
-+ goto err;
-+ kop.crk_param[kop.crk_iparams].crp_nbits = bits;
-+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0x00, p_len + q_len + 1);
-+ kop.crk_iparams++;
-+ kop.crk_oparams++;
-+ /* d length */
-+ kop.crk_param[kop.crk_iparams].crp_p =
-+ calloc(p_len + q_len + 1, sizeof(char));
-+ if (!kop.crk_param[kop.crk_iparams].crp_p)
-+ goto err;
-+ kop.crk_param[kop.crk_iparams].crp_nbits = bits;
-+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + q_len + 1);
-+ kop.crk_iparams++;
-+ kop.crk_oparams++;
-+ /* dp1 length */
-+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
-+ if (!kop.crk_param[kop.crk_iparams].crp_p)
-+ goto err;
-+ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
-+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
-+ kop.crk_iparams++;
-+ kop.crk_oparams++;
-+ /* dq1 length */
-+ kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
-+ if (!kop.crk_param[kop.crk_iparams].crp_p)
-+ goto err;
-+ kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
-+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
-+ kop.crk_iparams++;
-+ kop.crk_oparams++;
-+ /* i length */
-+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
-+ if (!kop.crk_param[kop.crk_iparams].crp_p)
-+ goto err;
-+ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
-+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
-+ kop.crk_iparams++;
-+ kop.crk_oparams++;
-+
-+ if (ioctl(fd, CIOCKEY, &kop) == 0) {
-+ BN_bin2bn(kop.crk_param[0].crp_p, p_len, rsa->p);
-+ BN_bin2bn(kop.crk_param[1].crp_p, q_len, rsa->q);
-+ BN_bin2bn(kop.crk_param[2].crp_p, bits / 8, rsa->n);
-+ BN_bin2bn(kop.crk_param[3].crp_p, bits / 8, rsa->d);
-+ BN_bin2bn(kop.crk_param[4].crp_p, p_len, rsa->dmp1);
-+ BN_bin2bn(kop.crk_param[5].crp_p, q_len, rsa->dmq1);
-+ BN_bin2bn(kop.crk_param[6].crp_p, p_len, rsa->iqmp);
-+ return 1;
-+ }
-+ sw_try:
-+ {
-+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-+ ret = (meth->rsa_keygen) (rsa, bits, e, cb);
-+ }
-+ return ret;
-+
-+ err:
-+ for (i = 0; i < CRK_MAXPARAM; i++)
-+ free(kop.crk_param[i].crp_p);
-+ return 0;
-+
-+}
-+
- /* Cryptodev DSA Key Gen routine */
- static int cryptodev_dsa_keygen(DSA *dsa)
- {
-@@ -4048,6 +4166,8 @@ void ENGINE_load_cryptodev(void)
- cryptodev_rsa.rsa_mod_exp_async =
- cryptodev_rsa_nocrt_mod_exp_async;
- }
-+ if (cryptodev_asymfeat & CRF_RSA_GENERATE_KEY)
-+ cryptodev_rsa.rsa_keygen = cryptodev_rsa_keygen;
- }
- }
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch
deleted file mode 100644
index faa1690..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From b3726ca2b823fe2a4c675b750e6f96d4a03ce93c Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Wed, 16 Apr 2014 22:53:04 +0545
-Subject: [PATCH 09/48] RSA Keygen Fix
-
-Upstream-status: Pending
-
-If Kernel driver doesn't support RSA Keygen or same returns
-error handling the keygen operation, the keygen is gracefully
-handled by software supported rsa_keygen handler
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 12 +++++++-----
- 1 file changed, 7 insertions(+), 5 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 8c9ad5c..3686c23 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2031,7 +2031,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
- int i;
-
- if ((fd = get_asym_dev_crypto()) < 0)
-- return fd;
-+ goto sw_try;
-
- if (!rsa->n && ((rsa->n = BN_new()) == NULL))
- goto err;
-@@ -2060,7 +2060,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
- /* p length */
- kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
- if (!kop.crk_param[kop.crk_iparams].crp_p)
-- goto err;
-+ goto sw_try;
- kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
- memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
- kop.crk_iparams++;
-@@ -2068,7 +2068,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
- /* q length */
- kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
- if (!kop.crk_param[kop.crk_iparams].crp_p)
-- goto err;
-+ goto sw_try;
- kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
- memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
- kop.crk_iparams++;
-@@ -2128,8 +2128,10 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
- }
- sw_try:
- {
-- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-- ret = (meth->rsa_keygen) (rsa, bits, e, cb);
-+ const RSA_METHOD *meth = rsa->meth;
-+ rsa->meth = RSA_PKCS1_SSLeay();
-+ ret = RSA_generate_key_ex(rsa, bits, e, cb);
-+ rsa->meth = meth;
- }
- return ret;
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch
deleted file mode 100644
index 22258b4..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch
+++ /dev/null
@@ -1,163 +0,0 @@
-From 1a7d37d609b5ce61d0c1454292dd4500859ed65c Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Thu, 17 Apr 2014 06:57:59 +0545
-Subject: [PATCH 10/48] Removed local copy of curve_t type
-
-Upstream-status: Pending
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 33 ++++++++++++++-------------------
- crypto/engine/eng_cryptodev_ec.h | 7 -------
- 2 files changed, 14 insertions(+), 26 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 3686c23..afcf72b 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2517,11 +2517,6 @@ static ECDSA_METHOD cryptodev_ecdsa = {
- NULL /* app_data */
- };
-
--typedef enum ec_curve_s {
-- EC_PRIME,
-- EC_BINARY
--} ec_curve_t;
--
- /* ENGINE handler for ECDSA Sign */
- static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
- int dgst_len, const BIGNUM *in_kinv,
-@@ -2540,7 +2535,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
- const BIGNUM *order = NULL, *priv_key = NULL;
- const EC_GROUP *group = NULL;
- struct crypt_kop kop;
-- ec_curve_t ec_crv = EC_PRIME;
-+ enum ec_curve_t ec_crv = EC_PRIME;
-
- memset(&kop, 0, sizeof(kop));
- ecdsa = ecdsa_check(eckey);
-@@ -2678,7 +2673,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
- else
- goto err;
- }
-- kop.curve_type = ECC_BINARY;
-+ kop.curve_type = EC_BINARY;
- }
-
- /* Calculation of Generator point */
-@@ -2773,7 +2768,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
- const EC_POINT *pub_key = NULL;
- const BIGNUM *order = NULL;
- const EC_GROUP *group = NULL;
-- ec_curve_t ec_crv = EC_PRIME;
-+ enum ec_curve_t ec_crv = EC_PRIME;
- struct crypt_kop kop;
-
- memset(&kop, 0, sizeof kop);
-@@ -2924,7 +2919,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
- else
- goto err;
- }
-- kop.curve_type = ECC_BINARY;
-+ kop.curve_type = EC_BINARY;
- }
-
- /* Calculation of Generator point */
-@@ -3029,7 +3024,7 @@ static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst,
- const BIGNUM *order = NULL, *priv_key = NULL;
- const EC_GROUP *group = NULL;
- struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-- ec_curve_t ec_crv = EC_PRIME;
-+ enum ec_curve_t ec_crv = EC_PRIME;
-
- if (!(sig->r = BN_new()) || !kop)
- goto err;
-@@ -3170,7 +3165,7 @@ static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst,
- else
- goto err;
- }
-- kop->curve_type = ECC_BINARY;
-+ kop->curve_type = EC_BINARY;
- }
-
- /* Calculation of Generator point */
-@@ -3250,7 +3245,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst,
- const EC_POINT *pub_key = NULL;
- const BIGNUM *order = NULL;
- const EC_GROUP *group = NULL;
-- ec_curve_t ec_crv = EC_PRIME;
-+ enum ec_curve_t ec_crv = EC_PRIME;
- struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-
- if (!kop)
-@@ -3397,7 +3392,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst,
- if (ec_crv == EC_BINARY) {
- /* copy b' i.e c(b), instead of only b */
- eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab + q_len, q_len);
-- kop->curve_type = ECC_BINARY;
-+ kop->curve_type = EC_BINARY;
- }
-
- /* Calculation of Generator point */
-@@ -3703,7 +3698,7 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
- void *(*KDF) (const void *in, size_t inlen,
- void *out, size_t *outlen))
- {
-- ec_curve_t ec_crv = EC_PRIME;
-+ enum ec_curve_t ec_crv = EC_PRIME;
- unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
- BIGNUM *w_x = NULL, *w_y = NULL;
- int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
-@@ -3833,9 +3828,9 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
- else
- goto err;
- }
-- kop.curve_type = ECC_BINARY;
-+ kop.curve_type = EC_BINARY;
- } else
-- kop.curve_type = ECC_PRIME;
-+ kop.curve_type = EC_PRIME;
-
- priv_key_len = r_len;
-
-@@ -3887,7 +3882,7 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
- size_t *outlen),
- struct pkc_cookie_s *cookie)
- {
-- ec_curve_t ec_crv = EC_PRIME;
-+ enum ec_curve_t ec_crv = EC_PRIME;
- unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
- BIGNUM *w_x = NULL, *w_y = NULL;
- int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
-@@ -4018,9 +4013,9 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
- else
- goto err;
- }
-- kop->curve_type = ECC_BINARY;
-+ kop->curve_type = EC_BINARY;
- } else
-- kop->curve_type = ECC_PRIME;
-+ kop->curve_type = EC_PRIME;
-
- priv_key_len = r_len;
-
-diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h
-index af54c51..41a8702 100644
---- a/crypto/engine/eng_cryptodev_ec.h
-+++ b/crypto/engine/eng_cryptodev_ec.h
-@@ -287,11 +287,4 @@ static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y,
-
- return xy;
- }
--
--enum curve_t {
-- DISCRETE_LOG,
-- ECC_PRIME,
-- ECC_BINARY,
-- MAX_ECC_TYPE
--};
- #endif
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch
deleted file mode 100644
index d7fb223..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 82afed6364dfcced7458dbd2bda7932054078f04 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Tue, 22 Apr 2014 22:58:33 +0545
-Subject: [PATCH 11/48] Modulus parameter is not populated by dhparams
-
-Upstream-status: Pending
-
-When dhparams are created, modulus parameter required for
-private key generation is not populated. So, falling back
-to software for proper population of modulus parameters followed
-by private key generation
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index afcf72b..2013746 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -3515,7 +3515,7 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie)
- kop->crk_op = CRK_DH_GENERATE_KEY;
- if (bn2crparam(dh->p, &kop->crk_param[0]))
- goto sw_try;
-- if (bn2crparam(dh->q, &kop->crk_param[1]))
-+ if (!dh->q || bn2crparam(dh->q, &kop->crk_param[1]))
- goto sw_try;
- kop->crk_param[2].crp_p = g;
- kop->crk_param[2].crp_nbits = g_len * 8;
-@@ -3570,7 +3570,7 @@ static int cryptodev_dh_keygen(DH *dh)
- kop.crk_op = CRK_DH_GENERATE_KEY;
- if (bn2crparam(dh->p, &kop.crk_param[0]))
- goto sw_try;
-- if (bn2crparam(dh->q, &kop.crk_param[1]))
-+ if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1]))
- goto sw_try;
- kop.crk_param[2].crp_p = g;
- kop.crk_param[2].crp_nbits = g_len * 8;
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch
deleted file mode 100644
index b665f7a..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From f7817245b35156ec2b15514c952db806140c6ebc Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Thu, 24 Apr 2014 00:35:34 +0545
-Subject: [PATCH 12/48] SW Backoff mechanism for dsa keygen
-
-Upstream-status: Pending
-
-DSA Keygen is not handled in default openssl dsa method. Due to
-same null function pointer in SW DSA method, the backoff for dsa
-keygen gives segmentation fault.
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 12 ++++++++----
- 1 file changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 2013746..a3a97d2 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2188,8 +2188,10 @@ static int cryptodev_dsa_keygen(DSA *dsa)
- return ret;
- sw_try:
- {
-- const DSA_METHOD *meth = DSA_OpenSSL();
-- ret = (meth->dsa_keygen) (dsa);
-+ const DSA_METHOD *meth = dsa->meth;
-+ dsa->meth = DSA_OpenSSL();
-+ ret = DSA_generate_key(dsa);
-+ dsa->meth = meth;
- }
- return ret;
- }
-@@ -2243,11 +2245,13 @@ static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie)
- return ret;
- sw_try:
- {
-- const DSA_METHOD *meth = DSA_OpenSSL();
-+ const DSA_METHOD *meth = dsa->meth;
-
-+ dsa->meth = DSA_OpenSSL();
- if (kop)
- free(kop);
-- ret = (meth->dsa_keygen) (dsa);
-+ ret = DSA_generate_key(dsa);
-+ dsa->meth = meth;
- cookie->pkc_callback(cookie, 0);
- }
- return ret;
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch
deleted file mode 100644
index 4f8fd4d..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From 0075a1d36133523a40efc66d6491a4f11aca87fd Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Thu, 1 May 2014 06:35:45 +0545
-Subject: [PATCH 13/48] Fixed DH keygen pair generator
-
-Upstream-status: Pending
-
-Wrong Padding results into keygen length error
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 50 ++++++++++++++++++++++++++++---------------
- 1 file changed, 33 insertions(+), 17 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index a3a97d2..5a9f4b7 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -3547,44 +3547,60 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie)
- static int cryptodev_dh_keygen(DH *dh)
- {
- struct crypt_kop kop;
-- int ret = 1, g_len;
-- unsigned char *g = NULL;
-+ int ret = 1, q_len = 0;
-+ unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL;
-+ BIGNUM *pub_key = NULL, *priv_key = NULL;
-+ int generate_new_key = 1;
-
-- if (dh->priv_key == NULL) {
-- if ((dh->priv_key = BN_new()) == NULL)
-- goto sw_try;
-- }
-+ if (dh->priv_key)
-+ priv_key = dh->priv_key;
-
-- if (dh->pub_key == NULL) {
-- if ((dh->pub_key = BN_new()) == NULL)
-- goto sw_try;
-- }
-+ if (dh->pub_key)
-+ pub_key = dh->pub_key;
-
-- g_len = BN_num_bytes(dh->p);
-+ q_len = BN_num_bytes(dh->p);
- /**
- * Get generator into a plain buffer. If length is less than
- * q_len then add leading padding bytes.
- */
-- if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
-+ if (spcf_bn2bin_ex(dh->g, &g, &q_len)) {
-+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto sw_try;
-+ }
-+
-+ if (spcf_bn2bin_ex(dh->p, &q, &q_len)) {
- DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
- goto sw_try;
- }
-
- memset(&kop, 0, sizeof kop);
- kop.crk_op = CRK_DH_GENERATE_KEY;
-- if (bn2crparam(dh->p, &kop.crk_param[0]))
-- goto sw_try;
-+ kop.crk_param[0].crp_p = q;
-+ kop.crk_param[0].crp_nbits = q_len * 8;
- if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1]))
- goto sw_try;
- kop.crk_param[2].crp_p = g;
-- kop.crk_param[2].crp_nbits = g_len * 8;
-+ kop.crk_param[2].crp_nbits = q_len * 8;
- kop.crk_iparams = 3;
-
-+ s = OPENSSL_malloc(q_len);
-+ if (!s) {
-+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto sw_try;
-+ }
-+
-+ w = OPENSSL_malloc(q_len);
-+ if (!w) {
-+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+ goto sw_try;
-+ }
-+
- /* pub_key is or prime length while priv key is of length of order */
-- if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
-- BN_num_bytes(dh->q), dh->priv_key))
-+ if (cryptodev_asym(&kop, q_len, w, q_len, s))
- goto sw_try;
-
-+ dh->pub_key = BN_bin2bn(w, q_len, pub_key);
-+ dh->pub_key = BN_bin2bn(s, q_len, priv_key);
- return ret;
- sw_try:
- {
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
deleted file mode 100644
index 898499b..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
+++ /dev/null
@@ -1,321 +0,0 @@
-From fcbd6199deb715b117153b7df00cdd4cdec44d79 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at freescale.com>
-Date: Mon, 16 Jun 2014 14:06:21 +0300
-Subject: [PATCH 14/48] cryptodev: add support for aes-gcm algorithm offloading
-
-Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- apps/speed.c | 6 +-
- crypto/engine/eng_cryptodev.c | 236 +++++++++++++++++++++++++++++++++++++++++-
- 2 files changed, 240 insertions(+), 2 deletions(-)
-
-diff --git a/apps/speed.c b/apps/speed.c
-index b862868..fd2a2a5 100644
---- a/apps/speed.c
-+++ b/apps/speed.c
-@@ -226,7 +226,11 @@
- # endif
-
- # undef BUFSIZE
--# define BUFSIZE ((long)1024*8+1)
-+/* The buffer overhead allows GCM tag at the end of the encrypted data. This
-+ avoids buffer overflows from cryptodev since Linux kernel GCM
-+ implementation allways adds the tag - unlike e_aes.c:aes_gcm_cipher()
-+ which doesn't */
-+#define BUFSIZE ((long)1024*8 + EVP_GCM_TLS_TAG_LEN)
- static volatile int run = 0;
-
- static int mr = 0;
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 5a9f4b7..1754917 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2,6 +2,7 @@
- * Copyright (c) 2002 Bob Beck <beck at openbsd.org>
- * Copyright (c) 2002 Theo de Raadt
- * Copyright (c) 2002 Markus Friedl
-+ * Copyright (c) 2013-2014 Freescale Semiconductor, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
-@@ -78,8 +79,10 @@ struct dev_crypto_state {
- struct session_op d_sess;
- int d_fd;
- unsigned char *aad;
-- unsigned int aad_len;
-+ int aad_len;
- unsigned int len;
-+ unsigned char *iv;
-+ int ivlen;
- # ifdef USE_CRYPTODEV_DIGESTS
- char dummy_mac_key[HASH_MAX_LEN];
- unsigned char digest_res[HASH_MAX_LEN];
-@@ -288,6 +291,9 @@ static struct {
- CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20
- },
- {
-+ CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0
-+ },
-+ {
- 0, NID_undef, 0, 0, 0
- },
- };
-@@ -326,6 +332,22 @@ static struct {
- };
- # endif
-
-+/* increment counter (64-bit int) by 1 */
-+static void ctr64_inc(unsigned char *counter)
-+{
-+ int n = 8;
-+ unsigned char c;
-+
-+ do {
-+ --n;
-+ c = counter[n];
-+ ++c;
-+ counter[n] = c;
-+ if (c)
-+ return;
-+ } while (n);
-+}
-+
- /*
- * Return a fd if /dev/crypto seems usable, 0 otherwise.
- */
-@@ -808,6 +830,199 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
- }
- }
-
-+static int cryptodev_init_gcm_key(EVP_CIPHER_CTX *ctx,
-+ const unsigned char *key,
-+ const unsigned char *iv, int enc)
-+{
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ struct session_op *sess = &state->d_sess;
-+ int cipher = -1, i;
-+ if (!iv && !key)
-+ return 1;
-+
-+ if (iv)
-+ memcpy(ctx->iv, iv, ctx->cipher->iv_len);
-+
-+ for (i = 0; ciphers[i].id; i++)
-+ if (ctx->cipher->nid == ciphers[i].nid &&
-+ ctx->cipher->iv_len <= ciphers[i].ivmax &&
-+ ctx->key_len == ciphers[i].keylen) {
-+ cipher = ciphers[i].id;
-+ break;
-+ }
-+
-+ if (!ciphers[i].id) {
-+ state->d_fd = -1;
-+ return 0;
-+ }
-+
-+ memset(sess, 0, sizeof(struct session_op));
-+
-+ if ((state->d_fd = get_dev_crypto()) < 0)
-+ return 0;
-+
-+ sess->key = (unsigned char *)key;
-+ sess->keylen = ctx->key_len;
-+ sess->cipher = cipher;
-+
-+ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
-+ put_dev_crypto(state->d_fd);
-+ state->d_fd = -1;
-+ return 0;
-+ }
-+ return 1;
-+}
-+
-+static int cryptodev_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t len)
-+{
-+ struct crypt_auth_op cryp = { 0 };
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ struct session_op *sess = &state->d_sess;
-+ int rv = len;
-+
-+ if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ?
-+ EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
-+ EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
-+ return 0;
-+
-+ in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-+ out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-+ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
-+
-+ if (ctx->encrypt) {
-+ len -= EVP_GCM_TLS_TAG_LEN;
-+ }
-+ cryp.ses = sess->ses;
-+ cryp.len = len;
-+ cryp.src = (unsigned char *)in;
-+ cryp.dst = out;
-+ cryp.auth_src = state->aad;
-+ cryp.auth_len = state->aad_len;
-+ cryp.iv = ctx->iv;
-+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-+
-+ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
-+ return 0;
-+ }
-+
-+ if (ctx->encrypt)
-+ ctr64_inc(state->iv + state->ivlen - 8);
-+ else
-+ rv = len - EVP_GCM_TLS_TAG_LEN;
-+
-+ return rv;
-+}
-+
-+static int cryptodev_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t len)
-+{
-+ struct crypt_auth_op cryp;
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ struct session_op *sess = &state->d_sess;
-+
-+ if (state->d_fd < 0)
-+ return 0;
-+
-+ if ((len % ctx->cipher->block_size) != 0)
-+ return 0;
-+
-+ if (state->aad_len >= 0)
-+ return cryptodev_gcm_tls_cipher(ctx, out, in, len);
-+
-+ memset(&cryp, 0, sizeof(cryp));
-+
-+ cryp.ses = sess->ses;
-+ cryp.len = len;
-+ cryp.src = (unsigned char *)in;
-+ cryp.dst = out;
-+ cryp.auth_src = NULL;
-+ cryp.auth_len = 0;
-+ cryp.iv = ctx->iv;
-+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-+
-+ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
-+ return 0;
-+ }
-+
-+ return len;
-+}
-+
-+static int cryptodev_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
-+ void *ptr)
-+{
-+ struct dev_crypto_state *state = ctx->cipher_data;
-+ switch (type) {
-+ case EVP_CTRL_INIT:
-+ {
-+ state->ivlen = ctx->cipher->iv_len;
-+ state->iv = ctx->iv;
-+ state->aad_len = -1;
-+ return 1;
-+ }
-+ case EVP_CTRL_GCM_SET_IV_FIXED:
-+ {
-+ /* Special case: -1 length restores whole IV */
-+ if (arg == -1) {
-+ memcpy(state->iv, ptr, state->ivlen);
-+ return 1;
-+ }
-+ /*
-+ * Fixed field must be at least 4 bytes and invocation field at
-+ * least 8.
-+ */
-+ if ((arg < 4) || (state->ivlen - arg) < 8)
-+ return 0;
-+ if (arg)
-+ memcpy(state->iv, ptr, arg);
-+ if (ctx->encrypt &&
-+ RAND_bytes(state->iv + arg, state->ivlen - arg) <= 0)
-+ return 0;
-+ return 1;
-+ }
-+ case EVP_CTRL_AEAD_TLS1_AAD:
-+ {
-+ unsigned int len;
-+ if (arg != 13)
-+ return 0;
-+
-+ memcpy(ctx->buf, ptr, arg);
-+ len = ctx->buf[arg - 2] << 8 | ctx->buf[arg - 1];
-+
-+ /* Correct length for explicit IV */
-+ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
-+
-+ /* If decrypting correct for tag too */
-+ if (!ctx->encrypt)
-+ len -= EVP_GCM_TLS_TAG_LEN;
-+
-+ ctx->buf[arg - 2] = len >> 8;
-+ ctx->buf[arg - 1] = len & 0xff;
-+
-+ state->aad = ctx->buf;
-+ state->aad_len = arg;
-+ state->len = len;
-+
-+ /* Extra padding: tag appended to record */
-+ return EVP_GCM_TLS_TAG_LEN;
-+ }
-+ case EVP_CTRL_GCM_SET_IV_INV:
-+ {
-+ if (ctx->encrypt)
-+ return 0;
-+ memcpy(state->iv + state->ivlen - arg, ptr, arg);
-+ return 1;
-+ }
-+ case EVP_CTRL_GCM_IV_GEN:
-+ if (arg <= 0 || arg > state->ivlen)
-+ arg = state->ivlen;
-+ memcpy(ptr, state->iv + state->ivlen - arg, arg);
-+ return 1;
-+ default:
-+ return -1;
-+ }
-+}
-+
- /*
- * libcrypto EVP stuff - this is how we get wired to EVP so the engine
- * gets called when libcrypto requests a cipher NID.
-@@ -948,6 +1163,22 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
- NULL
- };
-
-+const EVP_CIPHER cryptodev_aes_128_gcm = {
-+ NID_aes_128_gcm,
-+ 1, 16, 12,
-+ EVP_CIPH_GCM_MODE | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1
-+ | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER
-+ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT,
-+ cryptodev_init_gcm_key,
-+ cryptodev_gcm_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_gcm_ctrl,
-+ NULL
-+};
-+
- # ifdef CRYPTO_AES_CTR
- const EVP_CIPHER cryptodev_aes_ctr = {
- NID_aes_128_ctr,
-@@ -1042,6 +1273,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- case NID_aes_256_cbc_hmac_sha1:
- *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
- break;
-+ case NID_aes_128_gcm:
-+ *cipher = &cryptodev_aes_128_gcm;
-+ break;
- default:
- *cipher = NULL;
- break;
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
deleted file mode 100644
index c1201f2..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
+++ /dev/null
@@ -1,199 +0,0 @@
-From 6094ec91a5b8dde4bc3a7928b7cb6c81cac8a169 Mon Sep 17 00:00:00 2001
-From: Tudor Ambarus <tudor.ambarus at freescale.com>
-Date: Fri, 9 May 2014 17:54:06 +0300
-Subject: [PATCH 15/48] eng_cryptodev: extend TLS offload with
- 3des_cbc_hmac_sha1
-
-Both obj_mac.h and obj_dat.h were generated using the scripts
-from crypto/objects:
-
-$ cd crypto/objects
-$ perl objects.pl objects.txt obj_mac.num obj_mac.h
-$ perl obj_dat.pl obj_mac.h obj_dat.h
-
-Signed-off-by: Tudor Ambarus <tudor.ambarus at freescale.com>
-Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 26 ++++++++++++++++++++++++++
- crypto/objects/obj_dat.h | 10 +++++++---
- crypto/objects/obj_mac.h | 4 ++++
- crypto/objects/obj_mac.num | 1 +
- crypto/objects/objects.txt | 1 +
- ssl/ssl_ciph.c | 4 ++++
- 6 files changed, 43 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 1754917..ae644b9 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -133,6 +133,7 @@ static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
- static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
- void (*f) (void));
- void ENGINE_load_cryptodev(void);
-+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
-
-@@ -285,6 +286,9 @@ static struct {
- CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0
- },
- {
-+ CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20
-+ },
-+ {
- CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20
- },
- {
-@@ -520,6 +524,9 @@ static int cryptodev_usable_ciphers(const int **nids)
- case NID_aes_256_cbc_hmac_sha1:
- EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
- break;
-+ case NID_des_ede3_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
-+ break;
- }
- }
- return count;
-@@ -624,6 +631,7 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- switch (ctx->cipher->nid) {
- case NID_aes_128_cbc_hmac_sha1:
- case NID_aes_256_cbc_hmac_sha1:
-+ case NID_des_ede3_cbc_hmac_sha1:
- cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
- }
- cryp.ses = sess->ses;
-@@ -814,6 +822,7 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
- switch (ctx->cipher->nid) {
- case NID_aes_128_cbc_hmac_sha1:
- case NID_aes_256_cbc_hmac_sha1:
-+ case NID_des_ede3_cbc_hmac_sha1:
- maclen = SHA_DIGEST_LENGTH;
- }
-
-@@ -1135,6 +1144,20 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
- NULL
- };
-
-+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1 = {
-+ NID_des_ede3_cbc_hmac_sha1,
-+ 8, 24, 8,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
- const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
- NID_aes_128_cbc_hmac_sha1,
- 16, 16, 16,
-@@ -1256,6 +1279,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- case NID_aes_256_cbc:
- *cipher = &cryptodev_aes_256_cbc;
- break;
-+ case NID_des_ede3_cbc_hmac_sha1:
-+ *cipher = &cryptodev_3des_cbc_hmac_sha1;
-+ break;
- # ifdef CRYPTO_AES_CTR
- case NID_aes_128_ctr:
- *cipher = &cryptodev_aes_ctr;
-diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
-index b7e3cf2..35d1abc 100644
---- a/crypto/objects/obj_dat.h
-+++ b/crypto/objects/obj_dat.h
-@@ -62,9 +62,9 @@
- * [including the GNU Public Licence.]
- */
-
--#define NUM_NID 958
--#define NUM_SN 951
--#define NUM_LN 951
-+#define NUM_NID 959
-+#define NUM_SN 952
-+#define NUM_LN 952
- #define NUM_OBJ 890
-
- static const unsigned char lvalues[6255]={
-@@ -2514,6 +2514,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
- NID_jurisdictionStateOrProvinceName,11,&(lvalues[6232]),0},
- {"jurisdictionC","jurisdictionCountryName",
- NID_jurisdictionCountryName,11,&(lvalues[6243]),0},
-+{"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
-+ NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
- };
-
- static const unsigned int sn_objs[NUM_SN]={
-@@ -2592,6 +2594,7 @@ static const unsigned int sn_objs[NUM_SN]={
- 62, /* "DES-EDE-OFB" */
- 33, /* "DES-EDE3" */
- 44, /* "DES-EDE3-CBC" */
-+958, /* "DES-EDE3-CBC-HMAC-SHA1" */
- 61, /* "DES-EDE3-CFB" */
- 658, /* "DES-EDE3-CFB1" */
- 659, /* "DES-EDE3-CFB8" */
-@@ -3760,6 +3763,7 @@ static const unsigned int ln_objs[NUM_LN]={
- 62, /* "des-ede-ofb" */
- 33, /* "des-ede3" */
- 44, /* "des-ede3-cbc" */
-+958, /* "des-ede3-cbc-hmac-sha1" */
- 61, /* "des-ede3-cfb" */
- 658, /* "des-ede3-cfb1" */
- 659, /* "des-ede3-cfb8" */
-diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
-index 779c309..cb318bc 100644
---- a/crypto/objects/obj_mac.h
-+++ b/crypto/objects/obj_mac.h
-@@ -4047,6 +4047,10 @@
- #define LN_aes_256_cbc_hmac_sha256 "aes-256-cbc-hmac-sha256"
- #define NID_aes_256_cbc_hmac_sha256 950
-
-+#define SN_des_ede3_cbc_hmac_sha1 "DES-EDE3-CBC-HMAC-SHA1"
-+#define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1"
-+#define NID_des_ede3_cbc_hmac_sha1 958
-+
- #define SN_dhpublicnumber "dhpublicnumber"
- #define LN_dhpublicnumber "X9.42 DH"
- #define NID_dhpublicnumber 920
-diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
-index 8e5ea83..02d1bb8 100644
---- a/crypto/objects/obj_mac.num
-+++ b/crypto/objects/obj_mac.num
-@@ -955,3 +955,4 @@ ct_cert_scts 954
- jurisdictionLocalityName 955
- jurisdictionStateOrProvinceName 956
- jurisdictionCountryName 957
-+des_ede3_cbc_hmac_sha1 958
-diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
-index b57aabb..4e1ff18 100644
---- a/crypto/objects/objects.txt
-+++ b/crypto/objects/objects.txt
-@@ -1294,6 +1294,7 @@ kisa 1 6 : SEED-OFB : seed-ofb
- : AES-128-CBC-HMAC-SHA256 : aes-128-cbc-hmac-sha256
- : AES-192-CBC-HMAC-SHA256 : aes-192-cbc-hmac-sha256
- : AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256
-+ : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1
-
- ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
-
-diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index 2ad8f43..fdf6be9 100644
---- a/ssl/ssl_ciph.c
-+++ b/ssl/ssl_ciph.c
-@@ -668,6 +668,10 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
- c->algorithm_mac == SSL_SHA256 &&
- (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
- *enc = evp, *md = NULL;
-+ else if (c->algorithm_enc == SSL_3DES &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
- return (1);
- } else
- return (0);
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
deleted file mode 100644
index d6b72b5..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
+++ /dev/null
@@ -1,338 +0,0 @@
-From 4a229203e276283cb894b08b2607204a647d7594 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at nxp.com>
-Date: Fri, 22 Jan 2016 11:58:34 +0200
-Subject: [PATCH 16/48] eng_cryptodev: add support for TLSv1.1 record offload
-
-Supported cipher suites:
-- 3des-ede-cbc-sha
-- aes-128-cbc-hmac-sha
-- aes-256-cbc-hmac-sha
-
-Requires TLS patches on cryptodev and TLS algorithm support in Linux
-kernel driver.
-
-Signed-off-by: Tudor Ambarus <tudor.ambarus at freescale.com>
-Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
----
- crypto/engine/eng_cryptodev.c | 96 ++++++++++++++++++++++++++++++++++++++++++-
- crypto/objects/obj_dat.h | 18 ++++++--
- crypto/objects/obj_mac.h | 12 ++++++
- crypto/objects/obj_mac.num | 3 ++
- crypto/objects/objects.txt | 3 ++
- ssl/ssl_ciph.c | 28 ++++++++++---
- 6 files changed, 151 insertions(+), 9 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index ae644b9..80b20e5 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -67,6 +67,7 @@ void ENGINE_load_cryptodev(void)
- # include <sys/ioctl.h>
- # include <errno.h>
- # include <stdio.h>
-+# include <stdbool.h>
- # include <unistd.h>
- # include <fcntl.h>
- # include <stdarg.h>
-@@ -136,6 +137,9 @@ void ENGINE_load_cryptodev(void);
- const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
-
- inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
- {
-@@ -295,6 +299,18 @@ static struct {
- CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20
- },
- {
-+ CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8,
-+ 24, 20
-+ },
-+ {
-+ CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16,
-+ 20
-+ },
-+ {
-+ CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32,
-+ 20
-+ },
-+ {
- CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0
- },
- {
-@@ -527,6 +543,15 @@ static int cryptodev_usable_ciphers(const int **nids)
- case NID_des_ede3_cbc_hmac_sha1:
- EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
- break;
-+ case NID_tls11_des_ede3_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_tls11_3des_cbc_hmac_sha1);
-+ break;
-+ case NID_tls11_aes_128_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_tls11_aes_128_cbc_hmac_sha1);
-+ break;
-+ case NID_tls11_aes_256_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
-+ break;
- }
- }
- return count;
-@@ -632,6 +657,9 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- case NID_aes_128_cbc_hmac_sha1:
- case NID_aes_256_cbc_hmac_sha1:
- case NID_des_ede3_cbc_hmac_sha1:
-+ case NID_tls11_des_ede3_cbc_hmac_sha1:
-+ case NID_tls11_aes_128_cbc_hmac_sha1:
-+ case NID_tls11_aes_256_cbc_hmac_sha1:
- cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
- }
- cryp.ses = sess->ses;
-@@ -811,8 +839,9 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
- struct dev_crypto_state *state = ctx->cipher_data;
- unsigned char *p = ptr;
- unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
-- unsigned int maclen, padlen;
-+ unsigned int maclen, padlen, len;
- unsigned int bs = ctx->cipher->block_size;
-+ bool aad_needs_fix = false;
-
- state->aad = ptr;
- state->aad_len = arg;
-@@ -824,6 +853,20 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
- case NID_aes_256_cbc_hmac_sha1:
- case NID_des_ede3_cbc_hmac_sha1:
- maclen = SHA_DIGEST_LENGTH;
-+ break;
-+ case NID_tls11_des_ede3_cbc_hmac_sha1:
-+ case NID_tls11_aes_128_cbc_hmac_sha1:
-+ case NID_tls11_aes_256_cbc_hmac_sha1:
-+ maclen = SHA_DIGEST_LENGTH;
-+ aad_needs_fix = true;
-+ break;
-+ }
-+
-+ /* Correct length for AAD Length field */
-+ if (ctx->encrypt && aad_needs_fix) {
-+ len = cryptlen - bs;
-+ p[arg - 2] = len >> 8;
-+ p[arg - 1] = len & 0xff;
- }
-
- /* space required for encryption (not only TLS padding) */
-@@ -1186,6 +1229,48 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
- NULL
- };
-
-+const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1 = {
-+ NID_tls11_des_ede3_cbc_hmac_sha1,
-+ 8, 24, 8,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1 = {
-+ NID_tls11_aes_128_cbc_hmac_sha1,
-+ 16, 16, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
-+ NID_tls11_aes_256_cbc_hmac_sha1,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
- const EVP_CIPHER cryptodev_aes_128_gcm = {
- NID_aes_128_gcm,
- 1, 16, 12,
-@@ -1299,6 +1384,15 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- case NID_aes_256_cbc_hmac_sha1:
- *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
- break;
-+ case NID_tls11_des_ede3_cbc_hmac_sha1:
-+ *cipher = &cryptodev_tls11_3des_cbc_hmac_sha1;
-+ break;
-+ case NID_tls11_aes_128_cbc_hmac_sha1:
-+ *cipher = &cryptodev_tls11_aes_128_cbc_hmac_sha1;
-+ break;
-+ case NID_tls11_aes_256_cbc_hmac_sha1:
-+ *cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1;
-+ break;
- case NID_aes_128_gcm:
- *cipher = &cryptodev_aes_128_gcm;
- break;
-diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
-index 35d1abc..4dd32a1 100644
---- a/crypto/objects/obj_dat.h
-+++ b/crypto/objects/obj_dat.h
-@@ -62,9 +62,9 @@
- * [including the GNU Public Licence.]
- */
-
--#define NUM_NID 959
--#define NUM_SN 952
--#define NUM_LN 952
-+#define NUM_NID 962
-+#define NUM_SN 955
-+#define NUM_LN 955
- #define NUM_OBJ 890
-
- static const unsigned char lvalues[6255]={
-@@ -2516,6 +2516,12 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
- NID_jurisdictionCountryName,11,&(lvalues[6243]),0},
- {"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
- NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
-+{"TLS11-DES-EDE3-CBC-HMAC-SHA1","tls11-des-ede3-cbc-hmac-sha1",
-+ NID_tls11_des_ede3_cbc_hmac_sha1,0,NULL,0},
-+{"TLS11-AES-128-CBC-HMAC-SHA1","tls11-aes-128-cbc-hmac-sha1",
-+ NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
-+{"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
-+ NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
- };
-
- static const unsigned int sn_objs[NUM_SN]={
-@@ -2705,6 +2711,9 @@ static const unsigned int sn_objs[NUM_SN]={
- 100, /* "SN" */
- 16, /* "ST" */
- 143, /* "SXNetID" */
-+960, /* "TLS11-AES-128-CBC-HMAC-SHA1" */
-+961, /* "TLS11-AES-256-CBC-HMAC-SHA1" */
-+959, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
- 458, /* "UID" */
- 0, /* "UNDEF" */
- 11, /* "X500" */
-@@ -4396,6 +4405,9 @@ static const unsigned int ln_objs[NUM_LN]={
- 459, /* "textEncodedORAddress" */
- 293, /* "textNotice" */
- 106, /* "title" */
-+960, /* "tls11-aes-128-cbc-hmac-sha1" */
-+961, /* "tls11-aes-256-cbc-hmac-sha1" */
-+959, /* "tls11-des-ede3-cbc-hmac-sha1" */
- 682, /* "tpBasis" */
- 436, /* "ucl" */
- 0, /* "undefined" */
-diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
-index cb318bc..5930563 100644
---- a/crypto/objects/obj_mac.h
-+++ b/crypto/objects/obj_mac.h
-@@ -4051,6 +4051,18 @@
- #define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1"
- #define NID_des_ede3_cbc_hmac_sha1 958
-
-+#define SN_tls11_des_ede3_cbc_hmac_sha1 "TLS11-DES-EDE3-CBC-HMAC-SHA1"
-+#define LN_tls11_des_ede3_cbc_hmac_sha1 "tls11-des-ede3-cbc-hmac-sha1"
-+#define NID_tls11_des_ede3_cbc_hmac_sha1 959
-+
-+#define SN_tls11_aes_128_cbc_hmac_sha1 "TLS11-AES-128-CBC-HMAC-SHA1"
-+#define LN_tls11_aes_128_cbc_hmac_sha1 "tls11-aes-128-cbc-hmac-sha1"
-+#define NID_tls11_aes_128_cbc_hmac_sha1 960
-+
-+#define SN_tls11_aes_256_cbc_hmac_sha1 "TLS11-AES-256-CBC-HMAC-SHA1"
-+#define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1"
-+#define NID_tls11_aes_256_cbc_hmac_sha1 961
-+
- #define SN_dhpublicnumber "dhpublicnumber"
- #define LN_dhpublicnumber "X9.42 DH"
- #define NID_dhpublicnumber 920
-diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
-index 02d1bb8..02f1728 100644
---- a/crypto/objects/obj_mac.num
-+++ b/crypto/objects/obj_mac.num
-@@ -956,3 +956,6 @@ jurisdictionLocalityName 955
- jurisdictionStateOrProvinceName 956
- jurisdictionCountryName 957
- des_ede3_cbc_hmac_sha1 958
-+tls11_des_ede3_cbc_hmac_sha1 959
-+tls11_aes_128_cbc_hmac_sha1 960
-+tls11_aes_256_cbc_hmac_sha1 961
-diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
-index 4e1ff18..cda81da 100644
---- a/crypto/objects/objects.txt
-+++ b/crypto/objects/objects.txt
-@@ -1295,6 +1295,9 @@ kisa 1 6 : SEED-OFB : seed-ofb
- : AES-192-CBC-HMAC-SHA256 : aes-192-cbc-hmac-sha256
- : AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256
- : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1
-+ : TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1
-+ : TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1
-+ : TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1
-
- ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
-
-diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index fdf6be9..b4af7dc 100644
---- a/ssl/ssl_ciph.c
-+++ b/ssl/ssl_ciph.c
-@@ -652,11 +652,13 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
- c->algorithm_mac == SSL_MD5 &&
- (evp = EVP_get_cipherbyname("RC4-HMAC-MD5")))
- *enc = evp, *md = NULL;
-- else if (c->algorithm_enc == SSL_AES128 &&
-+ else if (s->ssl_version == TLS1_VERSION &&
-+ c->algorithm_enc == SSL_AES128 &&
- c->algorithm_mac == SSL_SHA1 &&
- (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
- *enc = evp, *md = NULL;
-- else if (c->algorithm_enc == SSL_AES256 &&
-+ else if (s->ssl_version == TLS1_VERSION &&
-+ c->algorithm_enc == SSL_AES256 &&
- c->algorithm_mac == SSL_SHA1 &&
- (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
- *enc = evp, *md = NULL;
-@@ -668,9 +670,25 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
- c->algorithm_mac == SSL_SHA256 &&
- (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
- *enc = evp, *md = NULL;
-- else if (c->algorithm_enc == SSL_3DES &&
-- c->algorithm_mac == SSL_SHA1 &&
-- (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
-+ else if (s->ssl_version == TLS1_VERSION &&
-+ c->algorithm_enc == SSL_3DES &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_1_VERSION &&
-+ c->algorithm_enc == SSL_3DES &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp = EVP_get_cipherbyname("TLS11-DES-EDE3-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_1_VERSION &&
-+ c->algorithm_enc == SSL_AES128 &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp = EVP_get_cipherbyname("TLS11-AES-128-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_1_VERSION &&
-+ c->algorithm_enc == SSL_AES256 &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp = EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
- *enc = evp, *md = NULL;
- return (1);
- } else
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
deleted file mode 100644
index 3034894..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
+++ /dev/null
@@ -1,377 +0,0 @@
-From 0103fb8e6fc412462968224ec9315609c54eccc1 Mon Sep 17 00:00:00 2001
-From: Tudor Ambarus <tudor.ambarus at freescale.com>
-Date: Tue, 31 Mar 2015 16:32:35 +0300
-Subject: [PATCH 17/48] eng_cryptodev: add support for TLSv1.2 record offload
-
-Supported cipher suites:
-- 3des-ede-cbc-sha
-- aes-128-cbc-hmac-sha
-- aes-256-cbc-hmac-sha
-- aes-128-cbc-hmac-sha256
-- aes-256-cbc-hmac-sha256
-
-Requires TLS patches on cryptodev and TLS algorithm support in Linux
-kernel driver.
-
-Signed-off-by: Tudor Ambarus <tudor.ambarus at freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 138 ++++++++++++++++++++++++++++++++++++++++++
- crypto/objects/obj_dat.h | 26 +++++++-
- crypto/objects/obj_mac.h | 20 ++++++
- crypto/objects/obj_mac.num | 5 ++
- crypto/objects/objects.txt | 5 ++
- ssl/ssl_ciph.c | 25 ++++++++
- 6 files changed, 216 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 80b20e5..455868e 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -140,6 +140,11 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256;
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256;
-
- inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
- {
-@@ -311,6 +316,26 @@ static struct {
- 20
- },
- {
-+ CRYPTO_TLS12_3DES_CBC_HMAC_SHA1, NID_tls12_des_ede3_cbc_hmac_sha1, 8,
-+ 24, 20
-+ },
-+ {
-+ CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_128_cbc_hmac_sha1, 16, 16,
-+ 20
-+ },
-+ {
-+ CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_256_cbc_hmac_sha1, 16, 32,
-+ 20
-+ },
-+ {
-+ CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_128_cbc_hmac_sha256, 16,
-+ 16, 32
-+ },
-+ {
-+ CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_256_cbc_hmac_sha256, 16,
-+ 32, 32
-+ },
-+ {
- CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0
- },
- {
-@@ -552,6 +577,21 @@ static int cryptodev_usable_ciphers(const int **nids)
- case NID_tls11_aes_256_cbc_hmac_sha1:
- EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
- break;
-+ case NID_tls12_des_ede3_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_tls12_3des_cbc_hmac_sha1);
-+ break;
-+ case NID_tls12_aes_128_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha1);
-+ break;
-+ case NID_tls12_aes_256_cbc_hmac_sha1:
-+ EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha1);
-+ break;
-+ case NID_tls12_aes_128_cbc_hmac_sha256:
-+ EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha256);
-+ break;
-+ case NID_tls12_aes_256_cbc_hmac_sha256:
-+ EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha256);
-+ break;
- }
- }
- return count;
-@@ -660,6 +700,11 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- case NID_tls11_des_ede3_cbc_hmac_sha1:
- case NID_tls11_aes_128_cbc_hmac_sha1:
- case NID_tls11_aes_256_cbc_hmac_sha1:
-+ case NID_tls12_des_ede3_cbc_hmac_sha1:
-+ case NID_tls12_aes_128_cbc_hmac_sha1:
-+ case NID_tls12_aes_256_cbc_hmac_sha1:
-+ case NID_tls12_aes_128_cbc_hmac_sha256:
-+ case NID_tls12_aes_256_cbc_hmac_sha256:
- cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
- }
- cryp.ses = sess->ses;
-@@ -857,9 +902,17 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
- case NID_tls11_des_ede3_cbc_hmac_sha1:
- case NID_tls11_aes_128_cbc_hmac_sha1:
- case NID_tls11_aes_256_cbc_hmac_sha1:
-+ case NID_tls12_des_ede3_cbc_hmac_sha1:
-+ case NID_tls12_aes_128_cbc_hmac_sha1:
-+ case NID_tls12_aes_256_cbc_hmac_sha1:
- maclen = SHA_DIGEST_LENGTH;
- aad_needs_fix = true;
- break;
-+ case NID_tls12_aes_128_cbc_hmac_sha256:
-+ case NID_tls12_aes_256_cbc_hmac_sha256:
-+ maclen = SHA256_DIGEST_LENGTH;
-+ aad_needs_fix = true;
-+ break;
- }
-
- /* Correct length for AAD Length field */
-@@ -1271,6 +1324,76 @@ const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
- NULL
- };
-
-+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1 = {
-+ NID_tls12_des_ede3_cbc_hmac_sha1,
-+ 8, 24, 8,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1 = {
-+ NID_tls12_aes_128_cbc_hmac_sha1,
-+ 16, 16, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1 = {
-+ NID_tls12_aes_256_cbc_hmac_sha1,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256 = {
-+ NID_tls12_aes_128_cbc_hmac_sha256,
-+ 16, 16, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256 = {
-+ NID_tls12_aes_256_cbc_hmac_sha256,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ cryptodev_init_aead_key,
-+ cryptodev_aead_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ cryptodev_cbc_hmac_sha1_ctrl,
-+ NULL
-+};
-+
- const EVP_CIPHER cryptodev_aes_128_gcm = {
- NID_aes_128_gcm,
- 1, 16, 12,
-@@ -1396,6 +1519,21 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- case NID_aes_128_gcm:
- *cipher = &cryptodev_aes_128_gcm;
- break;
-+ case NID_tls12_des_ede3_cbc_hmac_sha1:
-+ *cipher = &cryptodev_tls12_3des_cbc_hmac_sha1;
-+ break;
-+ case NID_tls12_aes_128_cbc_hmac_sha1:
-+ *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha1;
-+ break;
-+ case NID_tls12_aes_256_cbc_hmac_sha1:
-+ *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha1;
-+ break;
-+ case NID_tls12_aes_128_cbc_hmac_sha256:
-+ *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha256;
-+ break;
-+ case NID_tls12_aes_256_cbc_hmac_sha256:
-+ *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha256;
-+ break;
- default:
- *cipher = NULL;
- break;
-diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
-index 4dd32a1..e3a2505 100644
---- a/crypto/objects/obj_dat.h
-+++ b/crypto/objects/obj_dat.h
-@@ -62,9 +62,9 @@
- * [including the GNU Public Licence.]
- */
-
--#define NUM_NID 962
--#define NUM_SN 955
--#define NUM_LN 955
-+#define NUM_NID 967
-+#define NUM_SN 960
-+#define NUM_LN 960
- #define NUM_OBJ 890
-
- static const unsigned char lvalues[6255]={
-@@ -2522,6 +2522,16 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
- NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
- {"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
- NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-DES-EDE3-CBC-HMAC-SHA1","tls12-des-ede3-cbc-hmac-sha1",
-+ NID_tls12_des_ede3_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-AES-128-CBC-HMAC-SHA1","tls12-aes-128-cbc-hmac-sha1",
-+ NID_tls12_aes_128_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-AES-256-CBC-HMAC-SHA1","tls12-aes-256-cbc-hmac-sha1",
-+ NID_tls12_aes_256_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-AES-128-CBC-HMAC-SHA256","tls12-aes-128-cbc-hmac-sha256",
-+ NID_tls12_aes_128_cbc_hmac_sha256,0,NULL,0},
-+{"TLS12-AES-256-CBC-HMAC-SHA256","tls12-aes-256-cbc-hmac-sha256",
-+ NID_tls12_aes_256_cbc_hmac_sha256,0,NULL,0},
- };
-
- static const unsigned int sn_objs[NUM_SN]={
-@@ -2714,6 +2724,11 @@ static const unsigned int sn_objs[NUM_SN]={
- 960, /* "TLS11-AES-128-CBC-HMAC-SHA1" */
- 961, /* "TLS11-AES-256-CBC-HMAC-SHA1" */
- 959, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
-+963, /* "TLS12-AES-128-CBC-HMAC-SHA1" */
-+965, /* "TLS12-AES-128-CBC-HMAC-SHA256" */
-+964, /* "TLS12-AES-256-CBC-HMAC-SHA1" */
-+966, /* "TLS12-AES-256-CBC-HMAC-SHA256" */
-+962, /* "TLS12-DES-EDE3-CBC-HMAC-SHA1" */
- 458, /* "UID" */
- 0, /* "UNDEF" */
- 11, /* "X500" */
-@@ -4408,6 +4423,11 @@ static const unsigned int ln_objs[NUM_LN]={
- 960, /* "tls11-aes-128-cbc-hmac-sha1" */
- 961, /* "tls11-aes-256-cbc-hmac-sha1" */
- 959, /* "tls11-des-ede3-cbc-hmac-sha1" */
-+963, /* "tls12-aes-128-cbc-hmac-sha1" */
-+965, /* "tls12-aes-128-cbc-hmac-sha256" */
-+964, /* "tls12-aes-256-cbc-hmac-sha1" */
-+966, /* "tls12-aes-256-cbc-hmac-sha256" */
-+962, /* "tls12-des-ede3-cbc-hmac-sha1" */
- 682, /* "tpBasis" */
- 436, /* "ucl" */
- 0, /* "undefined" */
-diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
-index 5930563..f4a81cb 100644
---- a/crypto/objects/obj_mac.h
-+++ b/crypto/objects/obj_mac.h
-@@ -4063,6 +4063,26 @@
- #define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1"
- #define NID_tls11_aes_256_cbc_hmac_sha1 961
-
-+#define SN_tls12_des_ede3_cbc_hmac_sha1 "TLS12-DES-EDE3-CBC-HMAC-SHA1"
-+#define LN_tls12_des_ede3_cbc_hmac_sha1 "tls12-des-ede3-cbc-hmac-sha1"
-+#define NID_tls12_des_ede3_cbc_hmac_sha1 962
-+
-+#define SN_tls12_aes_128_cbc_hmac_sha1 "TLS12-AES-128-CBC-HMAC-SHA1"
-+#define LN_tls12_aes_128_cbc_hmac_sha1 "tls12-aes-128-cbc-hmac-sha1"
-+#define NID_tls12_aes_128_cbc_hmac_sha1 963
-+
-+#define SN_tls12_aes_256_cbc_hmac_sha1 "TLS12-AES-256-CBC-HMAC-SHA1"
-+#define LN_tls12_aes_256_cbc_hmac_sha1 "tls12-aes-256-cbc-hmac-sha1"
-+#define NID_tls12_aes_256_cbc_hmac_sha1 964
-+
-+#define SN_tls12_aes_128_cbc_hmac_sha256 "TLS12-AES-128-CBC-HMAC-SHA256"
-+#define LN_tls12_aes_128_cbc_hmac_sha256 "tls12-aes-128-cbc-hmac-sha256"
-+#define NID_tls12_aes_128_cbc_hmac_sha256 965
-+
-+#define SN_tls12_aes_256_cbc_hmac_sha256 "TLS12-AES-256-CBC-HMAC-SHA256"
-+#define LN_tls12_aes_256_cbc_hmac_sha256 "tls12-aes-256-cbc-hmac-sha256"
-+#define NID_tls12_aes_256_cbc_hmac_sha256 966
-+
- #define SN_dhpublicnumber "dhpublicnumber"
- #define LN_dhpublicnumber "X9.42 DH"
- #define NID_dhpublicnumber 920
-diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
-index 02f1728..401be03 100644
---- a/crypto/objects/obj_mac.num
-+++ b/crypto/objects/obj_mac.num
-@@ -959,3 +959,8 @@ des_ede3_cbc_hmac_sha1 958
- tls11_des_ede3_cbc_hmac_sha1 959
- tls11_aes_128_cbc_hmac_sha1 960
- tls11_aes_256_cbc_hmac_sha1 961
-+tls12_des_ede3_cbc_hmac_sha1 962
-+tls12_aes_128_cbc_hmac_sha1 963
-+tls12_aes_256_cbc_hmac_sha1 964
-+tls12_aes_128_cbc_hmac_sha256 965
-+tls12_aes_256_cbc_hmac_sha256 966
-diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
-index cda81da..68a8da8 100644
---- a/crypto/objects/objects.txt
-+++ b/crypto/objects/objects.txt
-@@ -1298,6 +1298,11 @@ kisa 1 6 : SEED-OFB : seed-ofb
- : TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1
- : TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1
- : TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1
-+ : TLS12-DES-EDE3-CBC-HMAC-SHA1 : tls12-des-ede3-cbc-hmac-sha1
-+ : TLS12-AES-128-CBC-HMAC-SHA1 : tls12-aes-128-cbc-hmac-sha1
-+ : TLS12-AES-256-CBC-HMAC-SHA1 : tls12-aes-256-cbc-hmac-sha1
-+ : TLS12-AES-128-CBC-HMAC-SHA256 : tls12-aes-128-cbc-hmac-sha256
-+ : TLS12-AES-256-CBC-HMAC-SHA256 : tls12-aes-256-cbc-hmac-sha256
-
- ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
-
-diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index b4af7dc..359cb5d 100644
---- a/ssl/ssl_ciph.c
-+++ b/ssl/ssl_ciph.c
-@@ -690,6 +690,31 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
- c->algorithm_mac == SSL_SHA1 &&
- (evp = EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
- *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_2_VERSION &&
-+ c->algorithm_enc == SSL_3DES &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp=EVP_get_cipherbyname("TLS12-DES-EDE3-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_2_VERSION &&
-+ c->algorithm_enc == SSL_AES128 &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_2_VERSION &&
-+ c->algorithm_enc == SSL_AES256 &&
-+ c->algorithm_mac == SSL_SHA1 &&
-+ (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA1")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_2_VERSION &&
-+ c->algorithm_enc == SSL_AES128 &&
-+ c->algorithm_mac == SSL_SHA256 &&
-+ (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA256")))
-+ *enc = evp, *md = NULL;
-+ else if (s->ssl_version == TLS1_2_VERSION &&
-+ c->algorithm_enc == SSL_AES256 &&
-+ c->algorithm_mac == SSL_SHA256 &&
-+ (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA256")))
-+ *enc = evp, *md = NULL;
- return (1);
- } else
- return (0);
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch
deleted file mode 100644
index cf6cce2..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From dddb8bc7eea34dfc73c1f5c8863d19894d9a18ac Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at freescale.com>
-Date: Thu, 19 Feb 2015 16:11:53 +0200
-Subject: [PATCH 18/48] cryptodev: drop redundant function
-
-get_dev_crypto already caches the result. Another cache in-between is
-useless.
-
-Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 17 +++--------------
- 1 file changed, 3 insertions(+), 14 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 455868e..d229f61 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -94,7 +94,6 @@ struct dev_crypto_state {
-
- static u_int32_t cryptodev_asymfeat = 0;
-
--static int get_asym_dev_crypto(void);
- static int open_dev_crypto(void);
- static int get_dev_crypto(void);
- static int get_cryptodev_ciphers(const int **cnids);
-@@ -441,16 +440,6 @@ static void put_dev_crypto(int fd)
- # endif
- }
-
--/* Caching version for asym operations */
--static int get_asym_dev_crypto(void)
--{
-- static int fd = -1;
--
-- if (fd == -1)
-- fd = get_dev_crypto();
-- return fd;
--}
--
- /*
- * Find out what ciphers /dev/crypto will let us have a session for.
- * XXX note, that some of these openssl doesn't deal with yet!
-@@ -1923,7 +1912,7 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
- {
- int fd, ret = -1;
-
-- if ((fd = get_asym_dev_crypto()) < 0)
-+ if ((fd = get_dev_crypto()) < 0)
- return ret;
-
- if (r) {
-@@ -2522,7 +2511,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
- int p_len, q_len;
- int i;
-
-- if ((fd = get_asym_dev_crypto()) < 0)
-+ if ((fd = get_dev_crypto()) < 0)
- goto sw_try;
-
- if (!rsa->n && ((rsa->n = BN_new()) == NULL))
-@@ -4111,7 +4100,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- BIGNUM *temp = NULL;
- unsigned char *padded_pub_key = NULL, *p = NULL;
-
-- if ((fd = get_asym_dev_crypto()) < 0)
-+ if ((fd = get_dev_crypto()) < 0)
- goto sw_try;
-
- memset(&kop, 0, sizeof kop);
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch
deleted file mode 100644
index d423dd1..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 413ef57790244fc521d40ade62358abaf0a55d10 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at freescale.com>
-Date: Tue, 17 Feb 2015 13:12:53 +0200
-Subject: [PATCH 19/48] cryptodev: do not zero the buffer before use
-
-- The buffer is just about to be overwritten. Zeroing it before that has
- no purpose
-
-Change-Id: I478c31bd2e254561474a7edf5e37980ca04217ce
-Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/34217
----
- crypto/engine/eng_cryptodev.c | 14 ++++----------
- 1 file changed, 4 insertions(+), 10 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index d229f61..4d370ad 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1806,21 +1806,15 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
- static int bn2crparam(const BIGNUM *a, struct crparam *crp)
- {
- ssize_t bytes, bits;
-- u_char *b;
--
-- crp->crp_p = NULL;
-- crp->crp_nbits = 0;
-
- bits = BN_num_bits(a);
- bytes = (bits + 7) / 8;
-
-- b = malloc(bytes);
-- if (b == NULL)
-- return (1);
-- memset(b, 0, bytes);
--
-- crp->crp_p = (caddr_t) b;
- crp->crp_nbits = bits;
-+ crp->crp_p = malloc(bytes);
-+
-+ if (crp->crp_p == NULL)
-+ return (1);
-
- BN_bn2bin(a, crp->crp_p);
- return (0);
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch
deleted file mode 100644
index d82dc5c..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From ac3dfaf10125f08454d51e8fc4b3a77d33fd96d0 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at freescale.com>
-Date: Wed, 18 Feb 2015 10:39:46 +0200
-Subject: [PATCH 20/48] cryptodev: clean-up code layout
-
-This is just a refactoring that uses else branch to check for malloc failures
-
-Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 45 ++++++++++++++++++++-----------------------
- 1 file changed, 21 insertions(+), 24 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 4d370ad..487a2c9 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1869,32 +1869,29 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
- fd = *(int *)cookie->eng_handle;
-
- eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
--
-- if (eng_cookie) {
-- memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
-- if (r) {
-- kop->crk_param[kop->crk_iparams].crp_p =
-- calloc(rlen, sizeof(char));
-- if (!kop->crk_param[kop->crk_iparams].crp_p)
-- return -ENOMEM;
-- kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
-- kop->crk_oparams++;
-- eng_cookie->r = r;
-- eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
-- }
-- if (s) {
-- kop->crk_param[kop->crk_iparams + 1].crp_p =
-- calloc(slen, sizeof(char));
-- if (!kop->crk_param[kop->crk_iparams + 1].crp_p)
-- return -ENOMEM;
-- kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
-- kop->crk_oparams++;
-- eng_cookie->s = s;
-- eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
-- }
-- } else
-+ if (!eng_cookie)
- return -ENOMEM;
-
-+ memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
-+ if (r) {
-+ kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
-+ if (!kop->crk_param[kop->crk_iparams].crp_p)
-+ return -ENOMEM;
-+ kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
-+ kop->crk_oparams++;
-+ eng_cookie->r = r;
-+ eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
-+ }
-+ if (s) {
-+ kop->crk_param[kop->crk_iparams + 1].crp_p =
-+ calloc(slen, sizeof(char));
-+ if (!kop->crk_param[kop->crk_iparams + 1].crp_p)
-+ return -ENOMEM;
-+ kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
-+ kop->crk_oparams++;
-+ eng_cookie->s = s;
-+ eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
-+ }
- eng_cookie->kop = kop;
- cookie->eng_cookie = eng_cookie;
- return ioctl(fd, CIOCASYMASYNCRYPT, kop);
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch
deleted file mode 100644
index fa825bb..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-From b96074f4e44b2147d4d771dd086463c9cb7d42a3 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at freescale.com>
-Date: Thu, 19 Feb 2015 16:43:29 +0200
-Subject: [PATCH 21/48] cryptodev: do not cache file descriptor in 'open'
-
-The file descriptor returned by get_dev_crypto is cached after a
-successful return. The issue is, it is cached inside 'open_dev_crypto'
-which is no longer useful as a general purpose open("/dev/crypto")
-function.
-
-This patch is a refactoring that moves the caching operation from
-open_dev_crypto to get_dev_crypto and leaves the former as a simpler
-function true to its name
-
-Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 43 +++++++++++++++++++++----------------------
- 1 file changed, 21 insertions(+), 22 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 487a2c9..d7188a6 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -392,45 +392,44 @@ static void ctr64_inc(unsigned char *counter)
- } while (n);
- }
-
--/*
-- * Return a fd if /dev/crypto seems usable, 0 otherwise.
-- */
- static int open_dev_crypto(void)
- {
-- static int fd = -1;
-+ int fd;
-
-- if (fd == -1) {
-- if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
-- return (-1);
-- /* close on exec */
-- if (fcntl(fd, F_SETFD, 1) == -1) {
-- close(fd);
-- fd = -1;
-- return (-1);
-- }
-+ fd = open("/dev/crypto", O_RDWR, 0);
-+ if (fd < 0)
-+ return -1;
-+
-+ /* close on exec */
-+ if (fcntl(fd, F_SETFD, 1) == -1) {
-+ close(fd);
-+ return -1;
- }
-- return (fd);
-+
-+ return fd;
- }
-
- static int get_dev_crypto(void)
- {
-- int fd, retfd;
-+ static int fd = -1;
-+ int retfd;
-
-- if ((fd = open_dev_crypto()) == -1)
-- return (-1);
--# ifndef CRIOGET_NOT_NEEDED
-+ if (fd == -1)
-+ fd = open_dev_crypto();
-+# ifdef CRIOGET_NOT_NEEDED
-+ return fd;
-+# else
-+ if (fd == -1)
-+ return -1;
- if (ioctl(fd, CRIOGET, &retfd) == -1)
- return (-1);
--
- /* close on exec */
- if (fcntl(retfd, F_SETFD, 1) == -1) {
- close(retfd);
- return (-1);
- }
--# else
-- retfd = fd;
-+ return retfd;
- # endif
-- return (retfd);
- }
-
- static void put_dev_crypto(int fd)
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch
deleted file mode 100644
index eddb1f2..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 43710e60fd8bae1ebc4d1eef6d86cb4e82653ac4 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at freescale.com>
-Date: Thu, 19 Feb 2015 13:09:32 +0200
-Subject: [PATCH 22/48] cryptodev: put_dev_crypto should be an int
-
-Change-Id: Ie0a83bc07a37132286c098b17ef35d98de74b043
-Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/34220
----
- crypto/engine/eng_cryptodev.c | 8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index d7188a6..7b3dbd1 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -432,10 +432,12 @@ static int get_dev_crypto(void)
- # endif
- }
-
--static void put_dev_crypto(int fd)
-+static int put_dev_crypto(int fd)
- {
--# ifndef CRIOGET_NOT_NEEDED
-- close(fd);
-+#ifdef CRIOGET_NOT_NEEDED
-+ return 0;
-+#else
-+ return close(fd);
- # endif
- }
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch
deleted file mode 100644
index 4f589af..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch
+++ /dev/null
@@ -1,260 +0,0 @@
-From b706132a33555162e6dbf26d9fde4bcb1136d553 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at freescale.com>
-Date: Thu, 19 Feb 2015 13:39:52 +0200
-Subject: [PATCH 23/48] cryptodev: simplify cryptodev pkc support code
-
-- Engine init returns directly a file descriptor instead of a pointer to one
-- Similarly, the Engine close will now just close the file
-
-Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/crypto.h | 2 +-
- crypto/engine/eng_cryptodev.c | 43 +++++++----------------------------
- crypto/engine/eng_int.h | 14 +++---------
- crypto/engine/eng_lib.c | 53 +++++++++++++++++++++----------------------
- crypto/engine/engine.h | 13 +++++------
- 5 files changed, 44 insertions(+), 81 deletions(-)
-
-diff --git a/crypto/crypto.h b/crypto/crypto.h
-index 2b4ec59..ddb9b69 100644
---- a/crypto/crypto.h
-+++ b/crypto/crypto.h
-@@ -668,7 +668,7 @@ struct pkc_cookie_s {
- * -EINVAL: Parameters Invalid
- */
- void (*pkc_callback)(struct pkc_cookie_s *cookie, int status);
-- void *eng_handle;
-+ int eng_handle;
- };
-
- #ifdef __cplusplus
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 7b3dbd1..34c8d18 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -434,10 +434,10 @@ static int get_dev_crypto(void)
-
- static int put_dev_crypto(int fd)
- {
--#ifdef CRIOGET_NOT_NEEDED
-- return 0;
--#else
-- return close(fd);
-+# ifdef CRIOGET_NOT_NEEDED
-+ return 0;
-+# else
-+ return close(fd);
- # endif
- }
-
-@@ -1867,7 +1867,7 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
- struct pkc_cookie_s *cookie = kop->cookie;
- struct cryptodev_cookie_s *eng_cookie;
-
-- fd = *(int *)cookie->eng_handle;
-+ fd = cookie->eng_handle;
-
- eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
- if (!eng_cookie)
-@@ -1939,38 +1939,11 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
- return ret;
- }
-
--/* Close an opened instance of cryptodev engine */
--void cryptodev_close_instance(void *handle)
--{
-- int fd;
--
-- if (handle) {
-- fd = *(int *)handle;
-- close(fd);
-- free(handle);
-- }
--}
--
--/* Create an instance of cryptodev for asynchronous interface */
--void *cryptodev_init_instance(void)
--{
-- int *fd = malloc(sizeof(int));
--
-- if (fd) {
-- if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) {
-- free(fd);
-- return NULL;
-- }
-- }
-- return fd;
--}
--
- # include <poll.h>
-
- /* Return 0 on success and 1 on failure */
--int cryptodev_check_availability(void *eng_handle)
-+int cryptodev_check_availability(int fd)
- {
-- int fd = *(int *)eng_handle;
- struct pkc_cookie_list_s cookie_list;
- struct pkc_cookie_s *cookie;
- int i;
-@@ -4719,8 +4692,8 @@ void ENGINE_load_cryptodev(void)
- }
-
- ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability);
-- ENGINE_set_close_instance(engine, cryptodev_close_instance);
-- ENGINE_set_init_instance(engine, cryptodev_init_instance);
-+ ENGINE_set_close_instance(engine, put_dev_crypto);
-+ ENGINE_set_open_instance(engine, open_dev_crypto);
- ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC);
-
- ENGINE_add(engine);
-diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
-index b698a0c..7541beb 100644
---- a/crypto/engine/eng_int.h
-+++ b/crypto/engine/eng_int.h
-@@ -198,23 +198,15 @@ struct engine_st {
- ENGINE_LOAD_KEY_PTR load_privkey;
- ENGINE_LOAD_KEY_PTR load_pubkey;
- ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
-- /*
-- * Instantiate Engine handle to be passed in check_pkc_availability
-- * Ensure that Engine is instantiated before any pkc asynchronous call.
-- */
-- void *(*engine_init_instance)(void);
-- /*
-- * Instantiated Engine handle will be closed with this call.
-- * Ensure that no pkc asynchronous call is made after this call
-- */
-- void (*engine_close_instance)(void *handle);
-+ int (*engine_open_instance)(void);
-+ int (*engine_close_instance)(int fd);
- /*
- * Check availability will extract the data from kernel.
- * eng_handle: This is the Engine handle corresponds to which
- * the cookies needs to be polled.
- * return 0 if cookie available else 1
- */
-- int (*check_pkc_availability)(void *eng_handle);
-+ int (*check_pkc_availability)(int fd);
- /*
- * The following map is used to check if the engine supports asynchronous implementation
- * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous
-diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
-index 0c57e12..4fdcfd6 100644
---- a/crypto/engine/eng_lib.c
-+++ b/crypto/engine/eng_lib.c
-@@ -101,7 +101,7 @@ void engine_set_all_null(ENGINE *e)
- e->load_privkey = NULL;
- e->load_pubkey = NULL;
- e->check_pkc_availability = NULL;
-- e->engine_init_instance = NULL;
-+ e->engine_open_instance = NULL;
- e->engine_close_instance = NULL;
- e->cmd_defns = NULL;
- e->async_map = 0;
-@@ -252,46 +252,45 @@ int ENGINE_set_id(ENGINE *e, const char *id)
- return 1;
- }
-
--void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void))
-- {
-- e->engine_init_instance = engine_init_instance;
-- }
-+void ENGINE_set_open_instance(ENGINE *e, int (*engine_open_instance)(void))
-+{
-+ e->engine_open_instance = engine_open_instance;
-+}
-
--void ENGINE_set_close_instance(ENGINE *e,
-- void (*engine_close_instance)(void *))
-- {
-- e->engine_close_instance = engine_close_instance;
-- }
-+void ENGINE_set_close_instance(ENGINE *e, int (*engine_close_instance)(int))
-+{
-+ e->engine_close_instance = engine_close_instance;
-+}
-
- void ENGINE_set_async_map(ENGINE *e, int async_map)
- {
- e->async_map = async_map;
- }
-
--void *ENGINE_init_instance(ENGINE *e)
-- {
-- return e->engine_init_instance();
-- }
--
--void ENGINE_close_instance(ENGINE *e, void *eng_handle)
-- {
-- e->engine_close_instance(eng_handle);
-- }
--
- int ENGINE_get_async_map(ENGINE *e)
- {
- return e->async_map;
- }
-
-+int ENGINE_open_instance(ENGINE *e)
-+{
-+ return e->engine_open_instance();
-+}
-+
-+int ENGINE_close_instance(ENGINE *e, int fd)
-+{
-+ return e->engine_close_instance(fd);
-+}
-+
- void ENGINE_set_check_pkc_availability(ENGINE *e,
-- int (*check_pkc_availability)(void *eng_handle))
-- {
-- e->check_pkc_availability = check_pkc_availability;
-- }
-+ int (*check_pkc_availability)(int fd))
-+{
-+ e->check_pkc_availability = check_pkc_availability;
-+}
-
--int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle)
-- {
-- return e->check_pkc_availability(eng_handle);
-+int ENGINE_check_pkc_availability(ENGINE *e, int fd)
-+{
-+ return e->check_pkc_availability(fd);
- }
-
- int ENGINE_set_name(ENGINE *e, const char *name)
-diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
-index 4527aa1..f83ee73 100644
---- a/crypto/engine/engine.h
-+++ b/crypto/engine/engine.h
-@@ -551,9 +551,6 @@ ENGINE *ENGINE_new(void);
- int ENGINE_free(ENGINE *e);
- int ENGINE_up_ref(ENGINE *e);
- int ENGINE_set_id(ENGINE *e, const char *id);
--void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void));
--void ENGINE_set_close_instance(ENGINE *e,
-- void (*engine_free_instance)(void *));
- /*
- * Following FLAGS are bitmap store in async_map to set asynchronous interface capability
- *of the engine
-@@ -570,11 +567,13 @@ void ENGINE_set_async_map(ENGINE *e, int async_map);
- * to confirm asynchronous methods supported
- */
- int ENGINE_get_async_map(ENGINE *e);
--void *ENGINE_init_instance(ENGINE *e);
--void ENGINE_close_instance(ENGINE *e, void *eng_handle);
-+int ENGINE_open_instance(ENGINE *e);
-+int ENGINE_close_instance(ENGINE *e, int fd);
-+void ENGINE_set_init_instance(ENGINE *e, int(*engine_init_instance)(void));
-+void ENGINE_set_close_instance(ENGINE *e, int(*engine_close_instance)(int));
- void ENGINE_set_check_pkc_availability(ENGINE *e,
-- int (*check_pkc_availability)(void *eng_handle));
--int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle);
-+ int (*check_pkc_availability)(int fd));
-+int ENGINE_check_pkc_availability(ENGINE *e, int fd);
- int ENGINE_set_name(ENGINE *e, const char *name);
- int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
- int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch
deleted file mode 100644
index 0daa2a4..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From e1de7751808d5196a9a719ad49a1281d2a3c453d Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at nxp.com>
-Date: Mon, 14 Dec 2015 14:02:00 +0200
-Subject: [PATCH 24/48] cryptodev: clarify code, remove assignments from
- conditionals
-
-Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
----
- crypto/engine/eng_cryptodev.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 34c8d18..31687d8 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1560,14 +1560,16 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- struct session_op *sess = &state->d_sess;
- int digest;
-
-- if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef) {
-+ digest = digest_nid_to_cryptodev(ctx->digest->type);
-+ if (digest == NID_undef) {
- printf("cryptodev_digest_init: Can't get digest \n");
- return (0);
- }
-
- memset(state, 0, sizeof(struct dev_crypto_state));
-
-- if ((state->d_fd = get_dev_crypto()) < 0) {
-+ state->d_fd = get_dev_crypto();
-+ if (state->d_fd < 0) {
- printf("cryptodev_digest_init: Can't get Dev \n");
- return (0);
- }
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch
deleted file mode 100644
index 3e02c72..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 9ffa46ff1348817f4c8d24e9d42fa0f739a652d7 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at nxp.com>
-Date: Tue, 15 Dec 2015 12:10:37 +0200
-Subject: [PATCH 25/48] cryptodev: clean-up context state before anything else
-
-Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
----
- crypto/engine/eng_cryptodev.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 31687d8..e6616e9 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1560,14 +1560,14 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- struct session_op *sess = &state->d_sess;
- int digest;
-
-+ memset(state, 0, sizeof(struct dev_crypto_state));
-+
- digest = digest_nid_to_cryptodev(ctx->digest->type);
- if (digest == NID_undef) {
- printf("cryptodev_digest_init: Can't get digest \n");
- return (0);
- }
-
-- memset(state, 0, sizeof(struct dev_crypto_state));
--
- state->d_fd = get_dev_crypto();
- if (state->d_fd < 0) {
- printf("cryptodev_digest_init: Can't get Dev \n");
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch
deleted file mode 100644
index 4e1ce65..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch
+++ /dev/null
@@ -1,155 +0,0 @@
-From 7f6a709ed46d79d765ee0bb2fc16b84d0bb4c8a6 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at nxp.com>
-Date: Mon, 14 Dec 2015 17:49:08 +0200
-Subject: [PATCH 26/48] cryptodev: remove code duplication in digest operations
-
-This patch simplifies code and removes duplication in digest_update and
-digest_final for cryptodev engine.
-
-Note: The current design of eng_cryptodev for digests operations assumes
- the presence of all the data before processing (this is suboptimal
- with cryptodev-linux because Linux kernel has support for digest-update
- operations and there is no need to accumulate the input data).
-
-Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
----
- crypto/engine/eng_cryptodev.c | 76 ++++++++++++++++---------------------------
- 1 file changed, 28 insertions(+), 48 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index e6616e9..a8652bf 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1591,24 +1591,25 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
- size_t count)
- {
-- struct crypt_op cryp;
- struct dev_crypto_state *state = ctx->md_data;
-- struct session_op *sess = &state->d_sess;
-
-- if (!data || state->d_fd < 0) {
-+ if (!data || !count) {
- printf("cryptodev_digest_update: illegal inputs \n");
-- return (0);
-- }
--
-- if (!count) {
-- return (0);
-+ return 0;
- }
-
-- if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
-- /* if application doesn't support one buffer */
-+ /*
-+ * Accumulate input data if it is scattered in several buffers. TODO:
-+ * Depending on number of calls and data size, this code can be optimized
-+ * to take advantage of Linux kernel crypto API, balancing between
-+ * cryptodev calls and accumulating small amounts of data
-+ */
-+ if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) {
-+ state->mac_data = data;
-+ state->mac_len = count;
-+ } else {
- state->mac_data =
- OPENSSL_realloc(state->mac_data, state->mac_len + count);
--
- if (!state->mac_data) {
- printf("cryptodev_digest_update: realloc failed\n");
- return (0);
-@@ -1616,23 +1617,9 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
-
- memcpy(state->mac_data + state->mac_len, data, count);
- state->mac_len += count;
--
-- return (1);
- }
-
-- memset(&cryp, 0, sizeof(cryp));
--
-- cryp.ses = sess->ses;
-- cryp.flags = 0;
-- cryp.len = count;
-- cryp.src = (caddr_t) data;
-- cryp.dst = NULL;
-- cryp.mac = (caddr_t) state->digest_res;
-- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-- printf("cryptodev_digest_update: digest failed\n");
-- return (0);
-- }
-- return (1);
-+ return 1;
- }
-
- static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
-@@ -1641,33 +1628,25 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
- struct dev_crypto_state *state = ctx->md_data;
- struct session_op *sess = &state->d_sess;
-
-- int ret = 1;
--
- if (!md || state->d_fd < 0) {
- printf("cryptodev_digest_final: illegal input\n");
- return (0);
- }
-
-- if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
-- /* if application doesn't support one buffer */
-- memset(&cryp, 0, sizeof(cryp));
-- cryp.ses = sess->ses;
-- cryp.flags = 0;
-- cryp.len = state->mac_len;
-- cryp.src = state->mac_data;
-- cryp.dst = NULL;
-- cryp.mac = (caddr_t) md;
-- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-- printf("cryptodev_digest_final: digest failed\n");
-- return (0);
-- }
-+ memset(&cryp, 0, sizeof(cryp));
-
-- return 1;
-- }
-+ cryp.ses = sess->ses;
-+ cryp.flags = 0;
-+ cryp.len = state->mac_len;
-+ cryp.src = state->mac_data;
-+ cryp.mac = md;
-
-- memcpy(md, state->digest_res, ctx->digest->md_size);
-+ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-+ printf("cryptodev_digest_final: digest failed\n");
-+ return (0);
-+ }
-
-- return (ret);
-+ return (1);
- }
-
- static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
-@@ -1684,11 +1663,11 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
- return (0);
- }
-
-- if (state->mac_data) {
-+ if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
- OPENSSL_free(state->mac_data);
-- state->mac_data = NULL;
-- state->mac_len = 0;
- }
-+ state->mac_data = NULL;
-+ state->mac_len = 0;
-
- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
- printf("cryptodev_digest_cleanup: failed to close session\n");
-@@ -1696,6 +1675,7 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
- } else {
- ret = 1;
- }
-+
- put_dev_crypto(state->d_fd);
- state->d_fd = -1;
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch
deleted file mode 100644
index 0810889..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-From 0307a70fc4399a0ee758172e385d4daaae669ce6 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at nxp.com>
-Date: Tue, 15 Dec 2015 12:23:13 +0200
-Subject: [PATCH 27/48] cryptodev: put all digest ioctls into a single function
-
-Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
----
- crypto/engine/eng_cryptodev.c | 44 +++++++++++++++++++------------------------
- 1 file changed, 19 insertions(+), 25 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index a8652bf..8b8710a 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1578,13 +1578,6 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- sess->mackeylen = digest_key_length(ctx->digest->type);
- sess->mac = digest;
-
-- if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-- put_dev_crypto(state->d_fd);
-- state->d_fd = -1;
-- printf("cryptodev_digest_init: Open session failed\n");
-- return (0);
-- }
--
- return (1);
- }
-
-@@ -1624,6 +1617,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
-
- static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
- {
-+ int ret = 1;
- struct crypt_op cryp;
- struct dev_crypto_state *state = ctx->md_data;
- struct session_op *sess = &state->d_sess;
-@@ -1633,6 +1627,11 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
- return (0);
- }
-
-+ if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-+ printf("cryptodev_digest_init: Open session failed\n");
-+ return (0);
-+ }
-+
- memset(&cryp, 0, sizeof(cryp));
-
- cryp.ses = sess->ses;
-@@ -1643,43 +1642,38 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
-
- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
- printf("cryptodev_digest_final: digest failed\n");
-- return (0);
-+ ret = 0;
- }
-
-- return (1);
-+ if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
-+ printf("cryptodev_digest_cleanup: failed to close session\n");
-+ }
-+
-+ return ret;
- }
-
- static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
- {
-- int ret = 1;
- struct dev_crypto_state *state = ctx->md_data;
- struct session_op *sess = &state->d_sess;
-
-- if (state == NULL)
-+ if (state == NULL) {
- return 0;
--
-- if (state->d_fd < 0) {
-- printf("cryptodev_digest_cleanup: illegal input\n");
-- return (0);
- }
-
- if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
- OPENSSL_free(state->mac_data);
- }
-- state->mac_data = NULL;
-- state->mac_len = 0;
-
-- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
-- printf("cryptodev_digest_cleanup: failed to close session\n");
-- ret = 0;
-- } else {
-- ret = 1;
-+ if (state->d_fd >= 0) {
-+ put_dev_crypto(state->d_fd);
-+ state->d_fd = -1;
- }
-
-- put_dev_crypto(state->d_fd);
-- state->d_fd = -1;
-+ state->mac_data = NULL;
-+ state->mac_len = 0;
-
-- return (ret);
-+ return 1;
- }
-
- static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch
deleted file mode 100644
index 91bd4a4..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-From 07f16d70cf7993c43e2c24a1e121c197db9ce1bc Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at nxp.com>
-Date: Tue, 15 Dec 2015 12:51:36 +0200
-Subject: [PATCH 28/48] cryptodev: fix debug print messages
-
-Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
----
- crypto/engine/eng_cryptodev.c | 18 +++++++++---------
- 1 file changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 8b8710a..b74f21c 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1564,13 +1564,13 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
-
- digest = digest_nid_to_cryptodev(ctx->digest->type);
- if (digest == NID_undef) {
-- printf("cryptodev_digest_init: Can't get digest \n");
-+ printf("%s: Can't get digest\n", __func__);
- return (0);
- }
-
- state->d_fd = get_dev_crypto();
- if (state->d_fd < 0) {
-- printf("cryptodev_digest_init: Can't get Dev \n");
-+ printf("%s: Can't get Dev\n", __func__);
- return (0);
- }
-
-@@ -1587,7 +1587,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
- struct dev_crypto_state *state = ctx->md_data;
-
- if (!data || !count) {
-- printf("cryptodev_digest_update: illegal inputs \n");
-+ printf("%s: illegal inputs\n", __func__);
- return 0;
- }
-
-@@ -1604,7 +1604,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
- state->mac_data =
- OPENSSL_realloc(state->mac_data, state->mac_len + count);
- if (!state->mac_data) {
-- printf("cryptodev_digest_update: realloc failed\n");
-+ printf("%s: realloc failed\n", __func__);
- return (0);
- }
-
-@@ -1623,12 +1623,12 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
- struct session_op *sess = &state->d_sess;
-
- if (!md || state->d_fd < 0) {
-- printf("cryptodev_digest_final: illegal input\n");
-+ printf("%s: illegal input\n", __func__);
- return (0);
- }
-
- if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-- printf("cryptodev_digest_init: Open session failed\n");
-+ printf("%s: Open session failed\n", __func__);
- return (0);
- }
-
-@@ -1641,12 +1641,12 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
- cryp.mac = md;
-
- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-- printf("cryptodev_digest_final: digest failed\n");
-+ printf("%s: digest failed\n", __func__);
- ret = 0;
- }
-
- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
-- printf("cryptodev_digest_cleanup: failed to close session\n");
-+ printf("%s: failed to close session\n", __func__);
- }
-
- return ret;
-@@ -1701,7 +1701,7 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
- if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
- put_dev_crypto(dstate->d_fd);
- dstate->d_fd = -1;
-- printf("cryptodev_digest_init: Open session failed\n");
-+ printf("%s: Open session failed\n", __func__);
- return (0);
- }
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch
deleted file mode 100644
index abf8084..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-From 64d5378080c14a9cf9fd673457af0fa80f3a94ee Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at nxp.com>
-Date: Tue, 15 Dec 2015 15:43:28 +0200
-Subject: [PATCH 29/48] cryptodev: use CIOCHASH ioctl for digest operations
-
-Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
----
- crypto/engine/eng_cryptodev.c | 34 +++++++++++-----------------------
- 1 file changed, 11 insertions(+), 23 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index b74f21c..4f375e0 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -85,6 +85,7 @@ struct dev_crypto_state {
- unsigned char *iv;
- int ivlen;
- # ifdef USE_CRYPTODEV_DIGESTS
-+ struct hash_op_data hash_op;
- char dummy_mac_key[HASH_MAX_LEN];
- unsigned char digest_res[HASH_MAX_LEN];
- char *mac_data;
-@@ -1557,7 +1558,7 @@ static int digest_key_length(int nid)
- static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- {
- struct dev_crypto_state *state = ctx->md_data;
-- struct session_op *sess = &state->d_sess;
-+ struct hash_op_data *hash_op = &state->hash_op;
- int digest;
-
- memset(state, 0, sizeof(struct dev_crypto_state));
-@@ -1574,9 +1575,9 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- return (0);
- }
-
-- sess->mackey = state->dummy_mac_key;
-- sess->mackeylen = digest_key_length(ctx->digest->type);
-- sess->mac = digest;
-+ hash_op->mac_op = digest;
-+ hash_op->mackey = state->dummy_mac_key;
-+ hash_op->mackeylen = digest_key_length(ctx->digest->type);
-
- return (1);
- }
-@@ -1618,37 +1619,24 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
- static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
- {
- int ret = 1;
-- struct crypt_op cryp;
- struct dev_crypto_state *state = ctx->md_data;
-- struct session_op *sess = &state->d_sess;
-+ struct hash_op_data *hash_op = &state->hash_op;
-
- if (!md || state->d_fd < 0) {
- printf("%s: illegal input\n", __func__);
- return (0);
- }
-
-- if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-- printf("%s: Open session failed\n", __func__);
-- return (0);
-- }
--
-- memset(&cryp, 0, sizeof(cryp));
-+ hash_op->flags = 0;
-+ hash_op->len = state->mac_len;
-+ hash_op->src = state->mac_data;
-+ hash_op->mac_result = md;
-
-- cryp.ses = sess->ses;
-- cryp.flags = 0;
-- cryp.len = state->mac_len;
-- cryp.src = state->mac_data;
-- cryp.mac = md;
--
-- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-+ if (ioctl(state->d_fd, CIOCHASH, hash_op) < 0) {
- printf("%s: digest failed\n", __func__);
- ret = 0;
- }
-
-- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
-- printf("%s: failed to close session\n", __func__);
-- }
--
- return ret;
- }
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch
deleted file mode 100644
index 28de567..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From 328b2890d5a9baf9f936bd9facaf411c01931f08 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at nxp.com>
-Date: Wed, 13 Jan 2016 15:18:20 +0200
-Subject: [PATCH 30/48] cryptodev: reduce duplicated efforts for searching
- inside digests table
-
-Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
----
- crypto/engine/eng_cryptodev.c | 44 ++++++++++++++++++-------------------------
- 1 file changed, 18 insertions(+), 26 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 4f375e0..163a37d 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1534,37 +1534,31 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-
- # ifdef USE_CRYPTODEV_DIGESTS
-
--/* convert digest type to cryptodev */
--static int digest_nid_to_cryptodev(int nid)
-+static int digest_nid_to_id(int nid)
- {
- int i;
-
-- for (i = 0; digests[i].id; i++)
-- if (digests[i].nid == nid)
-- return (digests[i].id);
-- return (0);
--}
--
--static int digest_key_length(int nid)
--{
-- int i;
--
-- for (i = 0; digests[i].id; i++)
-- if (digests[i].nid == nid)
-- return digests[i].keylen;
-- return (0);
-+ for (i = 0;; i++) {
-+ if ((digests[i].nid == nid) || (digests[i].id == 0)) {
-+ break;
-+ }
-+ }
-+ return i;
- }
-
- static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- {
- struct dev_crypto_state *state = ctx->md_data;
- struct hash_op_data *hash_op = &state->hash_op;
-- int digest;
-+ int id;
-
- memset(state, 0, sizeof(struct dev_crypto_state));
-
-- digest = digest_nid_to_cryptodev(ctx->digest->type);
-- if (digest == NID_undef) {
-+ id = digest_nid_to_id(ctx->digest->type);
-+
-+ hash_op->mac_op = digests[id].id;
-+ hash_op->mackeylen = digests[id].keylen;
-+ if (hash_op->mac_op == 0) {
- printf("%s: Can't get digest\n", __func__);
- return (0);
- }
-@@ -1575,11 +1569,9 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- return (0);
- }
-
-- hash_op->mac_op = digest;
- hash_op->mackey = state->dummy_mac_key;
-- hash_op->mackeylen = digest_key_length(ctx->digest->type);
-
-- return (1);
-+ return 1;
- }
-
- static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
-@@ -1669,7 +1661,7 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
- struct dev_crypto_state *fstate = from->md_data;
- struct dev_crypto_state *dstate = to->md_data;
- struct session_op *sess;
-- int digest;
-+ int id;
-
- if (dstate == NULL || fstate == NULL)
- return 1;
-@@ -1678,11 +1670,11 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
-
- sess = &dstate->d_sess;
-
-- digest = digest_nid_to_cryptodev(to->digest->type);
-+ id = digest_nid_to_id(to->digest->type);
-
- sess->mackey = dstate->dummy_mac_key;
-- sess->mackeylen = digest_key_length(to->digest->type);
-- sess->mac = digest;
-+ sess->mackeylen = digests[id].keylen;
-+ sess->mac = digests[id].id;
-
- dstate->d_fd = get_dev_crypto();
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch
deleted file mode 100644
index d7af9cb..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 9faaca759390bba5aeeb049d31f74806e78137e1 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at nxp.com>
-Date: Mon, 8 Feb 2016 16:00:22 +0200
-Subject: [PATCH 31/48] cryptodev: remove not used local variables
-
-Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
----
- crypto/engine/eng_cryptodev.c | 6 +-----
- 1 file changed, 1 insertion(+), 5 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 163a37d..b13bf8c 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1635,7 +1635,6 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
- static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
- {
- struct dev_crypto_state *state = ctx->md_data;
-- struct session_op *sess = &state->d_sess;
-
- if (state == NULL) {
- return 0;
-@@ -3952,7 +3951,6 @@ static int cryptodev_dh_keygen(DH *dh)
- int ret = 1, q_len = 0;
- unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL;
- BIGNUM *pub_key = NULL, *priv_key = NULL;
-- int generate_new_key = 1;
-
- if (dh->priv_key)
- priv_key = dh->priv_key;
-@@ -4074,11 +4072,9 @@ cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
- {
- struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
- int ret = 1;
-- int fd, p_len;
-+ int p_len;
- unsigned char *padded_pub_key = NULL, *p = NULL;
-
-- fd = *(int *)cookie->eng_handle;
--
- memset(kop, 0, sizeof(struct crypt_kop));
- kop->crk_op = CRK_DH_COMPUTE_KEY;
- /* inputs: dh->priv_key pub_key dh->p key */
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch
deleted file mode 100644
index a53705f..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From a6dc52cbcda9b4dcb0fda3b780e7c89219388982 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at nxp.com>
-Date: Mon, 8 Feb 2016 17:22:49 +0200
-Subject: [PATCH 32/48] cryptodev: hide not used variable behind #ifndef
-
-Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
----
- crypto/engine/eng_cryptodev.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index b13bf8c..cdd99b8 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -413,7 +413,9 @@ static int open_dev_crypto(void)
- static int get_dev_crypto(void)
- {
- static int fd = -1;
-+# ifndef CRIOGET_NOT_NEEDED
- int retfd;
-+# endif
-
- if (fd == -1)
- fd = open_dev_crypto();
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch
deleted file mode 100644
index f0863bd..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 6d335627ec5bdf89c89ced9d2fa7610e6dc50e31 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at nxp.com>
-Date: Mon, 8 Feb 2016 16:08:25 +0200
-Subject: [PATCH 33/48] cryptodev: fix function declaration typo
-
-Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
----
- crypto/engine/engine.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
-index f83ee73..c8efbe1 100644
---- a/crypto/engine/engine.h
-+++ b/crypto/engine/engine.h
-@@ -569,7 +569,7 @@ void ENGINE_set_async_map(ENGINE *e, int async_map);
- int ENGINE_get_async_map(ENGINE *e);
- int ENGINE_open_instance(ENGINE *e);
- int ENGINE_close_instance(ENGINE *e, int fd);
--void ENGINE_set_init_instance(ENGINE *e, int(*engine_init_instance)(void));
-+void ENGINE_set_open_instance(ENGINE *e, int(*engine_open_instance)(void));
- void ENGINE_set_close_instance(ENGINE *e, int(*engine_close_instance)(int));
- void ENGINE_set_check_pkc_availability(ENGINE *e,
- int (*check_pkc_availability)(int fd));
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch
deleted file mode 100644
index 50aa45c..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From fcb63347ddb004825e05250fd082fe84ff3689df Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at nxp.com>
-Date: Mon, 8 Feb 2016 16:12:54 +0200
-Subject: [PATCH 34/48] cryptodev: fix incorrect function signature
-
-Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
----
- crypto/engine/eng_cryptodev.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index cdd99b8..1c71bc7 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -3161,7 +3161,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
- }
-
- static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
-- ECDSA_SIG *sig, EC_KEY *eckey)
-+ const ECDSA_SIG *sig, EC_KEY *eckey)
- {
- BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL;
- BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch
deleted file mode 100644
index e028f66..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-From 6ed8710043b5dc947afab8fffa80ea97f4c84ad6 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at nxp.com>
-Date: Mon, 8 Feb 2016 16:21:46 +0200
-Subject: [PATCH 35/48] cryptodev: fix warnings on excess elements in struct
- initializer
-
-The initialization data for these structures had either missing or excess
-values and did not match the structure definitions.
-
-Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
----
- crypto/dh/dh.h | 6 +++---
- crypto/dsa/dsa.h | 11 ++++++-----
- crypto/engine/eng_cryptodev.c | 11 ++++++-----
- 3 files changed, 15 insertions(+), 13 deletions(-)
-
-diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
-index 31dd762..11c6c7d 100644
---- a/crypto/dh/dh.h
-+++ b/crypto/dh/dh.h
-@@ -123,9 +123,9 @@ struct dh_method {
- int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-- int (*compute_key_async)(unsigned char *key,const BIGNUM *pub_key,DH *dh,
-- struct pkc_cookie_s *cookie);
-- int (*generate_key_async)(DH *dh, struct pkc_cookie_s *cookie);
-+ int (*compute_key_async) (unsigned char *key, const BIGNUM *pub_key,
-+ DH *dh, struct pkc_cookie_s * cookie);
-+ int (*generate_key_async) (DH *dh, struct pkc_cookie_s * cookie);
- int (*init) (DH *dh);
- int (*finish) (DH *dh);
- int flags;
-diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
-index 8584731..ab52add 100644
---- a/crypto/dsa/dsa.h
-+++ b/crypto/dsa/dsa.h
-@@ -139,10 +139,11 @@ struct dsa_method {
- /* Can be null */
- int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-- int (*dsa_do_sign_async)(const unsigned char *dgst, int dlen, DSA *dsa,
-- DSA_SIG *sig, struct pkc_cookie_s *cookie);
-- int (*dsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
-- DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie);
-+ int (*dsa_do_sign_async) (const unsigned char *dgst, int dlen, DSA *dsa,
-+ DSA_SIG *sig, struct pkc_cookie_s * cookie);
-+ int (*dsa_do_verify_async) (const unsigned char *dgst, int dgst_len,
-+ DSA_SIG *sig, DSA *dsa,
-+ struct pkc_cookie_s * cookie);
- int (*init) (DSA *dsa);
- int (*finish) (DSA *dsa);
- int flags;
-@@ -154,7 +155,7 @@ struct dsa_method {
- BN_GENCB *cb);
- /* If this is non-NULL, it is used to generate DSA keys */
- int (*dsa_keygen) (DSA *dsa);
-- int (*dsa_keygen_async)(DSA *dsa, struct pkc_cookie_s *cookie);
-+ int (*dsa_keygen_async) (DSA *dsa, struct pkc_cookie_s * cookie);
- };
-
- struct dsa_st {
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 1c71bc7..20e1ec3 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2905,11 +2905,13 @@ static DSA_METHOD cryptodev_dsa = {
- NULL,
- NULL,
- NULL,
-- NULL,
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
-- NULL /* app_data */
-+ NULL, /* app_data */
-+ NULL,
-+ NULL,
-+ NULL
- };
-
- static ECDSA_METHOD cryptodev_ecdsa = {
-@@ -2919,7 +2921,6 @@ static ECDSA_METHOD cryptodev_ecdsa = {
- NULL,
- NULL,
- NULL,
-- NULL,
- 0, /* flags */
- NULL /* app_data */
- };
-@@ -4496,14 +4497,14 @@ static DH_METHOD cryptodev_dh = {
- NULL,
- NULL,
- 0, /* flags */
-- NULL /* app_data */
-+ NULL, /* app_data */
-+ NULL, /* generate_params */
- };
-
- static ECDH_METHOD cryptodev_ecdh = {
- "cryptodev ECDH method",
- NULL, /* cryptodev_ecdh_compute_key */
- NULL,
-- NULL,
- 0, /* flags */
- NULL /* app_data */
- };
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch
deleted file mode 100644
index e59744e..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From bf4e61a53459358185a73dffa5f79af9bd739149 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at nxp.com>
-Date: Mon, 8 Feb 2016 16:36:33 +0200
-Subject: [PATCH 36/48] cryptodev: fix free on error path
-
-This was most likely a typo that escaped code review
-
-Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
----
- crypto/ecdsa/ecs_locl.h | 4 ++--
- crypto/engine/eng_cryptodev.c | 2 +-
- 2 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h
-index 9b28c04..c3843c6 100644
---- a/crypto/ecdsa/ecs_locl.h
-+++ b/crypto/ecdsa/ecs_locl.h
-@@ -74,10 +74,10 @@ struct ecdsa_method {
- BIGNUM **r);
- int (*ecdsa_do_verify) (const unsigned char *dgst, int dgst_len,
- const ECDSA_SIG *sig, EC_KEY *eckey);
-- int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len,
-+ int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len,
- const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey,
- ECDSA_SIG *sig, struct pkc_cookie_s *cookie);
-- int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
-+ int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
- const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie);
- # if 0
- int (*init) (EC_KEY *eckey);
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 20e1ec3..1f13079 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -3437,7 +3437,7 @@ static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst,
- if (!(sig->r = BN_new()) || !kop)
- goto err;
- if ((sig->s = BN_new()) == NULL) {
-- BN_free(r);
-+ BN_free(sig->r);
- goto err;
- }
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch
deleted file mode 100644
index ea1f4b2..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From ec6b6531e3e67b4e82a4bc6829777052f39807b1 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at nxp.com>
-Date: Mon, 8 Feb 2016 16:55:32 +0200
-Subject: [PATCH 37/48] cryptodev: fix return value on error
-
-Even though we're on error path, the operation is taken care of on
-software; return success (ret is 1)
-
-Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
----
- crypto/engine/eng_cryptodev.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 1f13079..b87fa7d 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2768,7 +2768,6 @@ cryptodev_dsa_do_sign_async(const unsigned char *dgst, int dlen, DSA *dsa,
- sig->s = dsaret->s;
- /* Call user callback immediately */
- cookie->pkc_callback(cookie, 0);
-- ret = dsaret;
- }
- return ret;
- }
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch
deleted file mode 100644
index acd6e32..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 77c84d99b5b0ab95efc9e1efc083e5cca8aa4eb5 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at nxp.com>
-Date: Mon, 8 Feb 2016 17:11:43 +0200
-Subject: [PATCH 38/48] cryptodev: match types with cryptodev.h
-
-Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
----
- crypto/engine/eng_cryptodev.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index b87fa7d..4296704 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -86,9 +86,9 @@ struct dev_crypto_state {
- int ivlen;
- # ifdef USE_CRYPTODEV_DIGESTS
- struct hash_op_data hash_op;
-- char dummy_mac_key[HASH_MAX_LEN];
-+ unsigned char dummy_mac_key[HASH_MAX_LEN];
- unsigned char digest_res[HASH_MAX_LEN];
-- char *mac_data;
-+ unsigned char *mac_data;
- int mac_len;
- # endif
- };
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch
deleted file mode 100644
index 70319e4..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 4366920bb2a97c10c49c5e6d035c0c82629b9f0a Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at nxp.com>
-Date: Mon, 8 Feb 2016 17:15:25 +0200
-Subject: [PATCH 39/48] cryptodev: explicitly discard const qualifier
-
-The const qualifier is discarded by the assignment as a result of how
-the variables are defined. This patch drops the const qualifier
-explicitly to avoid build errors.
-
-Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
----
- crypto/engine/eng_cryptodev.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 4296704..f8619b0 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1593,7 +1593,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
- * cryptodev calls and accumulating small amounts of data
- */
- if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) {
-- state->mac_data = data;
-+ state->mac_data = (void *)data;
- state->mac_len = count;
- } else {
- state->mac_data =
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch
deleted file mode 100644
index c835967..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-From f256bb9574f77206b289b265d1d46bb53e54c71c Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at nxp.com>
-Date: Tue, 9 Feb 2016 11:28:23 +0200
-Subject: [PATCH 40/48] cryptodev: replace caddr_t with void *
-
-This avoids warnings such as "pointer targets in assignment differ in
-signedness" when compiling the code
-
-Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
----
- crypto/engine/eng_cryptodev.c | 22 +++++++++++-----------
- 1 file changed, 11 insertions(+), 11 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index f8619b0..aac2740 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -461,8 +461,8 @@ static int get_cryptodev_ciphers(const int **cnids)
- return (0);
- }
- memset(&sess, 0, sizeof(sess));
-- sess.key = (caddr_t) "123456789abcdefghijklmno";
-- sess.mackey = (caddr_t) "123456789ABCDEFGHIJKLMNO";
-+ sess.key = (void *)"123456789abcdefghijklmno";
-+ sess.mackey = (void *)"123456789ABCDEFGHIJKLMNO";
-
- for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
- if (ciphers[i].nid == NID_undef)
-@@ -502,7 +502,7 @@ static int get_cryptodev_digests(const int **cnids)
- return (0);
- }
- memset(&sess, 0, sizeof(sess));
-- sess.mackey = (caddr_t) "123456789abcdefghijklmno";
-+ sess.mackey = (void *)"123456789abcdefghijklmno";
- for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
- if (digests[i].nid == NID_undef)
- continue;
-@@ -634,14 +634,14 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- cryp.ses = sess->ses;
- cryp.flags = 0;
- cryp.len = inl;
-- cryp.src = (caddr_t) in;
-- cryp.dst = (caddr_t) out;
-+ cryp.src = (void *)in;
-+ cryp.dst = (void *)out;
- cryp.mac = 0;
-
- cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-
- if (ctx->cipher->iv_len) {
-- cryp.iv = (caddr_t) ctx->iv;
-+ cryp.iv = (void *)ctx->iv;
- if (!ctx->encrypt) {
- iiv = in + inl - ctx->cipher->iv_len;
- memcpy(save_iv, iiv, ctx->cipher->iv_len);
-@@ -702,15 +702,15 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- }
- cryp.ses = sess->ses;
- cryp.len = state->len;
-- cryp.src = (caddr_t) in;
-- cryp.dst = (caddr_t) out;
-+ cryp.src = (void *)in;
-+ cryp.dst = (void *)out;
- cryp.auth_src = state->aad;
- cryp.auth_len = state->aad_len;
-
- cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-
- if (ctx->cipher->iv_len) {
-- cryp.iv = (caddr_t) ctx->iv;
-+ cryp.iv = (void *)ctx->iv;
- if (!ctx->encrypt) {
- iiv = in + len - ctx->cipher->iv_len;
- memcpy(save_iv, iiv, ctx->cipher->iv_len);
-@@ -762,7 +762,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- if ((state->d_fd = get_dev_crypto()) < 0)
- return (0);
-
-- sess->key = (caddr_t) key;
-+ sess->key = (void *)key;
- sess->keylen = ctx->key_len;
- sess->cipher = cipher;
-
-@@ -805,7 +805,7 @@ static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx,
-
- memset(sess, 0, sizeof(struct session_op));
-
-- sess->key = (caddr_t) key;
-+ sess->key = (void *)key;
- sess->keylen = ctx->key_len;
- sess->cipher = cipher;
-
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
deleted file mode 100644
index 6c46061..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From c714cb7a33e994ff2278149d4a7a20a21215a2f6 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at nxp.com>
-Date: Mon, 8 Feb 2016 17:04:25 +0200
-Subject: [PATCH 41/48] cryptodev: check for errors inside
- cryptodev_rsa_mod_exp
-
-Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
----
- crypto/engine/eng_cryptodev.c | 24 ++++++++++++++++++------
- 1 file changed, 18 insertions(+), 6 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index aac2740..e419bef 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2067,12 +2067,24 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- kop.crk_status = 0;
- kop.crk_op = CRK_MOD_EXP_CRT;
- f_len = BN_num_bytes(rsa->n);
-- spcf_bn2bin_ex(I, &f, &f_len);
-- spcf_bn2bin(rsa->p, &p, &p_len);
-- spcf_bn2bin(rsa->q, &q, &q_len);
-- spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
-- spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
-- spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
-+ if (spcf_bn2bin_ex(I, &f, &f_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin(rsa->p, &p, &p_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin(rsa->q, &q, &q_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin_ex(rsa->iqmp, &c, &p_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len) != 0) {
-+ goto err;
-+ }
- /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
- kop.crk_param[0].crp_p = p;
- kop.crk_param[0].crp_nbits = p_len * 8;
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
deleted file mode 100644
index 4b9b086..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From 7f444e52acada23977b89d42f8dd8ebd915ccd83 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at nxp.com>
-Date: Tue, 9 Feb 2016 11:47:52 +0200
-Subject: [PATCH 42/48] cryptodev: check for errors inside
- cryptodev_rsa_mod_exp_async
-
-Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
----
- crypto/engine/eng_cryptodev.c | 33 +++++++++++++++++++++++++--------
- 1 file changed, 25 insertions(+), 8 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index e419bef..7c391d6 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2122,25 +2122,42 @@ static int
- cryptodev_rsa_mod_exp_async(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
- BN_CTX *ctx, struct pkc_cookie_s *cookie)
- {
-- struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ struct crypt_kop *kop;
- int ret = 1, f_len, p_len, q_len;
- unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq =
- NULL, *c = NULL;
-
-- if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp || !kop) {
-+ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
- return (0);
- }
-
-+ kop = malloc(sizeof(struct crypt_kop));
-+ if (kop == NULL) {
-+ goto err;
-+ }
-+
- kop->crk_oparams = 0;
- kop->crk_status = 0;
- kop->crk_op = CRK_MOD_EXP_CRT;
- f_len = BN_num_bytes(rsa->n);
-- spcf_bn2bin_ex(I, &f, &f_len);
-- spcf_bn2bin(rsa->p, &p, &p_len);
-- spcf_bn2bin(rsa->q, &q, &q_len);
-- spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
-- spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
-- spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
-+ if (spcf_bn2bin_ex(I, &f, &f_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin(rsa->p, &p, &p_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin(rsa->q, &q, &q_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin_ex(rsa->iqmp, &c, &p_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len) != 0) {
-+ goto err;
-+ }
- /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
- kop->crk_param[0].crp_p = p;
- kop->crk_param[0].crp_nbits = p_len * 8;
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
deleted file mode 100644
index 879d5c2..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 73115f243f0a65326888537f125e31f28c9f570d Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at nxp.com>
-Date: Tue, 9 Feb 2016 11:53:22 +0200
-Subject: [PATCH 43/48] cryptodev: check for errors inside
- cryptodev_dh_compute_key
-
-Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
----
- crypto/engine/eng_cryptodev.c | 15 +++++++++++----
- 1 file changed, 11 insertions(+), 4 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 7c391d6..753e326 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -4056,11 +4056,15 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- memset(&kop, 0, sizeof kop);
- kop.crk_op = CRK_DH_COMPUTE_KEY;
- /* inputs: dh->priv_key pub_key dh->p key */
-- spcf_bn2bin(dh->p, &p, &p_len);
-- spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
-- if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
-+ if (spcf_bn2bin(dh->p, &p, &p_len) != 0) {
- goto sw_try;
--
-+ }
-+ if (spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len) != 0) {
-+ goto sw_try;
-+ }
-+ if (bn2crparam(dh->priv_key, &kop.crk_param[0]) != 0) {
-+ goto sw_try;
-+ }
- kop.crk_param[1].crp_p = padded_pub_key;
- kop.crk_param[1].crp_nbits = p_len * 8;
- kop.crk_param[2].crp_p = p;
-@@ -4087,10 +4091,13 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- kop.crk_param[3].crp_p = NULL;
- zapparams(&kop);
- return (dhret);
-+
- sw_try:
- {
- const DH_METHOD *meth = DH_OpenSSL();
-
-+ free(p);
-+ free(padded_pub_key);
- dhret = (meth->compute_key) (key, pub_key, dh);
- }
- return (dhret);
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
deleted file mode 100644
index 37bdff8..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From 0901ff383524e896424921f4e8a1ba7020e7613d Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at nxp.com>
-Date: Tue, 9 Feb 2016 11:53:33 +0200
-Subject: [PATCH 44/48] cryptodev: check for errors inside
- cryptodev_dh_compute_key_async
-
-Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
----
- crypto/engine/eng_cryptodev.c | 29 +++++++++++++++++++++--------
- 1 file changed, 21 insertions(+), 8 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 753e326..b9c7ff3 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -4108,19 +4108,28 @@ static int
- cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
- DH *dh, struct pkc_cookie_s *cookie)
- {
-- struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+ struct crypt_kop *kop;
- int ret = 1;
- int p_len;
- unsigned char *padded_pub_key = NULL, *p = NULL;
-
-+ kop = malloc(sizeof(struct crypt_kop));
-+ if (kop == NULL) {
-+ goto err;
-+ }
-+
- memset(kop, 0, sizeof(struct crypt_kop));
- kop->crk_op = CRK_DH_COMPUTE_KEY;
- /* inputs: dh->priv_key pub_key dh->p key */
-- spcf_bn2bin(dh->p, &p, &p_len);
-- spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
--
-- if (bn2crparam(dh->priv_key, &kop->crk_param[0]))
-+ if (spcf_bn2bin(dh->p, &p, &p_len) != 0) {
-+ goto err;
-+ }
-+ if (spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len) != 0) {
- goto err;
-+ }
-+ if (bn2crparam(dh->priv_key, &kop->crk_param[0]) != 0) {
-+ goto err;
-+ }
- kop->crk_param[1].crp_p = padded_pub_key;
- kop->crk_param[1].crp_nbits = p_len * 8;
- kop->crk_param[2].crp_p = p;
-@@ -4132,16 +4141,20 @@ cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
- kop->crk_param[3].crp_nbits = p_len * 8;
- kop->crk_oparams = 1;
-
-- if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
-+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) {
- goto err;
-+ }
-
- return p_len;
- err:
- {
- const DH_METHOD *meth = DH_OpenSSL();
--
-- if (kop)
-+ free(p);
-+ free(padded_pub_key);
-+ if (kop) {
- free(kop);
-+ }
-+
- ret = (meth->compute_key) (key, pub_key, dh);
- /* Call user cookie handler */
- cookie->pkc_callback(cookie, 0);
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch
deleted file mode 100644
index 12b5f6c..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 6ca53b6d6519d52021e642230bb51ae7834b3e67 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at nxp.com>
-Date: Tue, 9 Feb 2016 12:11:32 +0200
-Subject: [PATCH 45/48] cryptodev: change signature for conversion functions
-
-These functions are called with const BIGNUMs, so we change the
-signatures to avoid compilation warnings
-
-Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
----
- crypto/engine/eng_cryptodev.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index b9c7ff3..58e539c 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -146,7 +146,7 @@ const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256;
- const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256;
-
--inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
-+static int spcf_bn2bin(const BIGNUM *bn, unsigned char **bin, int *bin_len)
- {
- int len;
- unsigned char *p;
-@@ -168,7 +168,7 @@ inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
- return 0;
- }
-
--inline int spcf_bn2bin_ex(BIGNUM *bn, unsigned char **bin, int *bin_len)
-+static int spcf_bn2bin_ex(const BIGNUM *bn, unsigned char **bin, int *bin_len)
- {
- int len;
- unsigned char *p;
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch
deleted file mode 100644
index d8b56de..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 8f6e948f5f6bb2b517a5436dd6294e7e5536cf8f Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at nxp.com>
-Date: Tue, 9 Feb 2016 12:13:59 +0200
-Subject: [PATCH 46/48] cryptodev: add explicit cast for known BIGNUM values
-
-Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
----
- crypto/engine/eng_cryptodev.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 58e539c..ddd3462 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -4027,7 +4027,7 @@ static int cryptodev_dh_keygen(DH *dh)
- }
-
- /* pub_key is or prime length while priv key is of length of order */
-- if (cryptodev_asym(&kop, q_len, w, q_len, s))
-+ if (cryptodev_asym(&kop, q_len, (BIGNUM *)w, q_len, (BIGNUM *)s))
- goto sw_try;
-
- dh->pub_key = BN_bin2bn(w, q_len, pub_key);
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch
deleted file mode 100644
index 7cfad9c..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From e50560cb9a201c0b0130bb29d4c99121a8ec97ba Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at nxp.com>
-Date: Mon, 8 Feb 2016 15:15:02 +0200
-Subject: [PATCH 47/48] cryptodev: treat all build warnings as errors
-
-This patch has the purpose of maintaining a higher level of code quality.
-
-Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
----
- crypto/engine/Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/crypto/engine/Makefile b/crypto/engine/Makefile
-index 426388e..010f21d 100644
---- a/crypto/engine/Makefile
-+++ b/crypto/engine/Makefile
-@@ -10,7 +10,7 @@ CFLAG=-g
- MAKEFILE= Makefile
- AR= ar r
-
--CFLAGS= $(INCLUDES) $(CFLAG)
-+CFLAGS= -Wall -Werror $(INCLUDES) $(CFLAG)
-
- GENERAL=Makefile
- TEST= enginetest.c
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch
deleted file mode 100644
index 57ff7f1..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From c79e7a4a818ea86bf6045197173d5c4e243d1f4f Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at nxp.com>
-Date: Wed, 6 Apr 2016 15:22:58 +0300
-Subject: [PATCH 48/48] fix 'maclen is used uninitialized' warning on some
- compilers
-
-Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
----
- crypto/engine/eng_cryptodev.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index ddd3462..2266b26 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -906,6 +906,10 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
- maclen = SHA256_DIGEST_LENGTH;
- aad_needs_fix = true;
- break;
-+ default:
-+ fprintf(stderr, "%s: unsupported NID: %d\n",
-+ __func__, ctx->cipher->nid);
-+ return -1;
- }
-
- /* Correct length for AAD Length field */
---
-2.7.3
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq_1.0.2l.bb b/recipes-connectivity/openssl/openssl-qoriq_1.0.2l.bb
index a2346ba..04052ac 100644
--- a/recipes-connectivity/openssl/openssl-qoriq_1.0.2l.bb
+++ b/recipes-connectivity/openssl/openssl-qoriq_1.0.2l.bb
@@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=057d9218c6180e1d9ee407572b2dd225"
export DIRS = "crypto ssl apps engines"
export OE_LDFLAGS="${LDFLAGS}"
-SRC_URI += "file://find.pl;subdir=${BP}/util \
+SRC_URI += "file://find.pl;subdir=git/util \
file://run-ptest \
file://openssl-c_rehash.sh \
file://configure-targets.patch \
@@ -44,14 +44,7 @@ SRC_URI += "file://find.pl;subdir=${BP}/util \
file://Use-SHA256-not-MD5-as-default-digest.patch \
file://0001-Fix-build-with-clang-using-external-assembler.patch \
"
-SRC_URI[md5sum] = "f85123cd390e864dfbe517e7616e6566"
-SRC_URI[sha256sum] = "ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c"
-
-SRC_URI += " \
- file://find.pl;subdir=openssl-${PV}/util/ \
- file://0001-remove-double-initialization-of-cryptodev-engine.patch \
- file://0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch \
-"
+SRCREV = "b9e6572a0dcbaaf84a8925cabd1a86bd594ca69f"
PACKAGES =+ "${PN}-engines"
FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
--
1.9.0
More information about the meta-freescale
mailing list