[meta-freescale] [meta-fsl-ppc][PATCH 4/5] openssl-qoriq: upgrade to 1.0.2h plus fsl patches

ting.liu at nxp.com ting.liu at nxp.com
Tue Jun 21 02:47:18 PDT 2016


From: Cristian Stoica <cristian.stoica at nxp.com>

upstream recipe extended with patches from fsl and CIOCHASH feature.

Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
---
 recipes-connectivity/openssl/openssl-qoriq.inc     |  127 +-
 .../openssl/openssl-qoriq/Makefiles-ptest.patch    |   77 +
 .../openssl-qoriq/configure-musl-target.patch      |   27 +
 .../openssl/openssl-qoriq/configure-targets.patch  |   39 +-
 .../crypto_use_bigint_in_x86-64_perl.patch         |   35 +
 .../openssl-qoriq/debian/c_rehash-compat.patch     |   62 +-
 .../openssl-qoriq/debian/debian-targets.patch      |   25 +-
 .../openssl-qoriq/debian/make-targets.patch        |   15 -
 .../openssl-qoriq/debian/version-script.patch      |  311 +-
 .../debian1.0.2/block_digicert_malaysia.patch      |   29 +
 .../debian1.0.2/block_diginotar.patch              |   68 +
 .../openssl-qoriq/debian1.0.2/version-script.patch | 4656 ++++++++++++++++++++
 .../engines-install-in-libdir-ssl.patch            |   42 +-
 .../openssl-qoriq/fix-cipher-des-ede3-cfb1.patch   |   21 +-
 .../openssl-qoriq/initial-aarch64-bits.patch       |  119 -
 .../openssl-qoriq/openssl-1.0.2a-x32-asm.patch     |   46 +
 ...-pointer-dereference-in-EVP_DigestInit_ex.patch |   22 +-
 ...NULL-pointer-dereference-in-dh_pub_encode.patch |   39 -
 .../openssl/openssl-qoriq/openssl-c_rehash.sh      |  210 +
 .../openssl/openssl-qoriq/openssl-fix-link.patch   |   35 -
 .../openssl-qoriq/openssl_fix_for_x32.patch        |   85 +-
 .../openssl/openssl-qoriq/parallel.patch           |  326 ++
 .../openssl/openssl-qoriq/ptest-deps.patch         |   34 +
 .../openssl-qoriq/ptest_makefile_deps.patch        |  248 ++
 ...double-initialization-of-cryptodev-engine.patch |   63 +-
 ...ev-add-support-for-TLS-algorithms-offload.patch |  508 ++-
 ...0003-cryptodev-fix-algorithm-registration.patch |   71 +-
 ...-ECC-Support-header-for-Cryptodev-Engine.patch} |   35 +-
 ...ake-it-more-robust-and-recognize-KERNEL_B.patch |   74 -
 ...itial-support-for-PKC-in-cryptodev-engine.patch | 1578 +++++++
 ...006-Added-hwrng-dev-file-as-source-of-RNG.patch |   28 +
 .../0006-Fixed-private-key-support-for-DH.patch    |   33 -
 ...s-interface-added-for-PKC-cryptodev-inter.patch | 2050 +++++++++
 .../0007-Fixed-private-key-support-for-DH.patch    |   35 -
 ...gen-operation-and-support-gendsa-command-.patch |  155 +
 ...itial-support-for-PKC-in-cryptodev-engine.patch | 1564 -------
 ...009-Added-hwrng-dev-file-as-source-of-RNG.patch |   28 -
 .../openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch  |   64 +
 ...s-interface-added-for-PKC-cryptodev-inter.patch | 2039 ---------
 .../0010-Removed-local-copy-of-curve_t-type.patch  |  163 +
 ...gen-operation-and-support-gendsa-command-.patch |  153 -
 ...us-parameter-is-not-populated-by-dhparams.patch |   43 +
 .../openssl-qoriq/qoriq/0012-RSA-Keygen-Fix.patch  |   64 -
 .../0012-SW-Backoff-mechanism-for-dsa-keygen.patch |   53 +
 .../0013-Fixed-DH-keygen-pair-generator.patch      |  100 +
 .../0013-Removed-local-copy-of-curve_t-type.patch  |  164 -
 ...us-parameter-is-not-populated-by-dhparams.patch |   43 -
 ...dd-support-for-aes-gcm-algorithm-offloadi.patch |  321 ++
 .../0015-SW-Backoff-mechanism-for-dsa-keygen.patch |   53 -
 ...ev-extend-TLS-offload-with-3des_cbc_hmac_.patch |  199 +
 .../0016-Fixed-DH-keygen-pair-generator.patch      |  100 -
 ...ev-add-support-for-TLSv1.1-record-offload.patch |  338 ++
 ...dd-support-for-aes-gcm-algorithm-offloadi.patch |  309 --
 ...ev-add-support-for-TLSv1.2-record-offload.patch |  377 ++
 .../0018-cryptodev-drop-redundant-function.patch   |   72 +
 ...ev-extend-TLS-offload-with-3des_cbc_hmac_.patch |  193 -
 ...yptodev-do-not-zero-the-buffer-before-use.patch |   48 +
 ...ev-add-support-for-TLSv1.1-record-offload.patch |  355 --
 .../0020-cryptodev-clean-up-code-layout.patch      |   73 +
 ...ev-add-support-for-TLSv1.2-record-offload.patch |  359 --
 ...odev-do-not-cache-file-descriptor-in-open.patch |   93 +
 .../0021-cryptodev-drop-redundant-function.patch   |   75 -
 ...yptodev-do-not-zero-the-buffer-before-use.patch |   48 -
 ...ryptodev-put_dev_crypto-should-be-an-int.patch} |   18 +-
 .../0023-cryptodev-clean-up-code-layout.patch      |   72 -
 ...odev-simplify-cryptodev-pkc-support-code.patch} |  168 +-
 ...larify-code-remove-assignments-from-condi.patch |   37 +
 ...odev-do-not-cache-file-descriptor-in-open.patch |  100 -
 ...lean-up-context-state-before-anything-els.patch |   34 +
 ...emove-code-duplication-in-digest-operatio.patch |  155 +
 ...ut-all-digest-ioctls-into-a-single-functi.patch |  108 +
 .../0028-cryptodev-fix-debug-print-messages.patch  |   90 +
 ...-use-CIOCHASH-ioctl-for-digest-operations.patch |   91 +
 ...educe-duplicated-efforts-for-searching-in.patch |  106 +
 ...cryptodev-remove-not-used-local-variables.patch |   46 +
 ...odev-hide-not-used-variable-behind-ifndef.patch |   27 +
 ...3-cryptodev-fix-function-declaration-typo.patch |   26 +
 ...ryptodev-fix-incorrect-function-signature.patch |   26 +
 ...ix-warnings-on-excess-elements-in-struct-.patch |  110 +
 .../0036-cryptodev-fix-free-on-error-path.patch    |   46 +
 .../0037-cryptodev-fix-return-value-on-error.patch |   28 +
 ...38-cryptodev-match-types-with-cryptodev.h.patch |   29 +
 ...ptodev-explicitly-discard-const-qualifier.patch |   30 +
 .../0040-cryptodev-replace-caddr_t-with-void.patch |   95 +
 ...heck-for-errors-inside-cryptodev_rsa_mod_.patch |   49 +
 ...heck-for-errors-inside-cryptodev_rsa_mod_.patch |   69 +
 ...heck-for-errors-inside-cryptodev_dh_compu.patch |   52 +
 ...heck-for-errors-inside-cryptodev_dh_compu.patch |   76 +
 ...change-signature-for-conversion-functions.patch |   38 +
 ...add-explicit-cast-for-known-BIGNUM-values.patch |   26 +
 ...ptodev-treat-all-build-warnings-as-errors.patch |   28 +
 ...is-used-uninitialized-warning-on-some-com.patch |   29 +
 .../openssl/openssl-qoriq/run-ptest                |    2 +
 .../openssl/openssl-qoriq_1.0.1i.bb                |   96 -
 .../openssl/openssl-qoriq_1.0.2h.bb                |  111 +
 95 files changed, 13908 insertions(+), 6929 deletions(-)
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/Makefiles-ptest.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/configure-musl-target.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/crypto_use_bigint_in_x86-64_perl.patch
 delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/debian/make-targets.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/block_digicert_malaysia.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/block_diginotar.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/version-script.patch
 delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/initial-aarch64-bits.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/openssl-1.0.2a-x32-asm.patch
 delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/openssl-c_rehash.sh
 delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/openssl-fix-link.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/parallel.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/ptest-deps.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/ptest_makefile_deps.patch
 rename recipes-connectivity/openssl/openssl-qoriq/qoriq/{0005-ECC-Support-header-for-Cryptodev-Engine.patch => 0004-ECC-Support-header-for-Cryptodev-Engine.patch} (92%)
 delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch
 delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Fixed-private-key-support-for-DH.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
 delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Fixed-private-key-support-for-DH.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
 delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Initial-support-for-PKC-in-cryptodev-engine.patch
 delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-Added-hwrng-dev-file-as-source-of-RNG.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch
 delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch
 delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch
 delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-RSA-Keygen-Fix.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch
 delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Removed-local-copy-of-curve_t-type.patch
 delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-Modulus-parameter-is-not-populated-by-dhparams.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
 delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-SW-Backoff-mechanism-for-dsa-keygen.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
 delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-Fixed-DH-keygen-pair-generator.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
 delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch
 delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch
 delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch
 delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch
 delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-drop-redundant-function.patch
 delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-do-not-zero-the-buffer-before-use.patch
 rename recipes-connectivity/openssl/openssl-qoriq/qoriq/{0025-cryptodev-put_dev_crypto-should-be-an-int.patch => 0022-cryptodev-put_dev_crypto-should-be-an-int.patch} (70%)
 delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-clean-up-code-layout.patch
 rename recipes-connectivity/openssl/openssl-qoriq/qoriq/{0026-cryptodev-simplify-cryptodev-pkc-support-code.patch => 0023-cryptodev-simplify-cryptodev-pkc-support-code.patch} (66%)
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch
 delete mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch
 create mode 100755 recipes-connectivity/openssl/openssl-qoriq/run-ptest
 delete mode 100644 recipes-connectivity/openssl/openssl-qoriq_1.0.1i.bb
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq_1.0.2h.bb

diff --git a/recipes-connectivity/openssl/openssl-qoriq.inc b/recipes-connectivity/openssl/openssl-qoriq.inc
index 87ba1c3..8c8c036 100644
--- a/recipes-connectivity/openssl/openssl-qoriq.inc
+++ b/recipes-connectivity/openssl/openssl-qoriq.inc
@@ -8,6 +8,9 @@ SECTION = "libs/network"
 LICENSE = "openssl"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
 
+DEPENDS = "hostperl-runtime-native"
+DEPENDS_append_class-target = " openssl-native"
+
 PROVIDES = "openssl"
 
 python() {
@@ -19,8 +22,6 @@ python() {
             d.appendVar("RREPLACES_%s" % p, p.replace('openssl-qoriq', 'openssl'))
 }
 
-DEPENDS = "perl-native-runtime"
-
 SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
           "
 S = "${WORKDIR}/openssl-${PV}"
@@ -28,37 +29,39 @@ S = "${WORKDIR}/openssl-${PV}"
 PACKAGECONFIG[perl] = ",,,"
 
 AR_append = " r"
+TERMIO_libc-musl = "-DTERMIOS"
+TERMIO ?= "-DTERMIO"
 # Avoid binaries being marked as requiring an executable stack since it 
 # doesn't(which causes and this causes issues with SELinux
 CFLAG = "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
-	-DTERMIO ${CFLAGS} -Wall -Wa,--noexecstack"
-
-# -02 does not work on mipsel: ssh hangs when it tries to read /dev/urandom
-CFLAG_mtx-1 := "${@'${CFLAG}'.replace('-O2', '')}"
-CFLAG_mtx-2 := "${@'${CFLAG}'.replace('-O2', '')}"
+	 ${TERMIO} ${CFLAGS} -Wall -Wa,--noexecstack"
 
 export DIRS = "crypto ssl apps"
 export EX_LIBS = "-lgcc -ldl"
 export AS = "${CC} -c"
 EXTRA_OEMAKE = "-e MAKEFLAGS="
 
-inherit pkgconfig siteinfo multilib_header
+inherit pkgconfig siteinfo multilib_header ptest
 
-PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf"
-FILES_libcrypto = "${base_libdir}/libcrypto${SOLIBS}"
-FILES_libssl = "${libdir}/libssl.so.*"
+PACKAGES =+ "libcrypto libssl ${PN}-misc ${PN}-conf"
+FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
+FILES_libssl = "${libdir}/libssl${SOLIBS}"
 FILES_${PN} =+ " ${libdir}/ssl/*"
-FILES_${PN}-misc = "${libdir}/ssl/misc ${bindir}/c_rehash"
+FILES_${PN}-misc = "${libdir}/ssl/misc"
 RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}"
-FILES_${PN}-dev += "${base_libdir}/libcrypto${SOLIBSDEV}"
 
 # Add the openssl.cnf file to the openssl-conf package.  Make the libcrypto
 # package RRECOMMENDS on this package.  This will enable the configuration
 # file to be installed for both the base openssl package and the libcrypto
 # package since the base openssl package depends on the libcrypto package.
-FILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
-CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
-RRECOMMENDS_libcrypto += "openssl-conf"
+FILES_${PN}-conf = "${sysconfdir}/ssl/openssl.cnf"
+CONFFILES_${PN}-conf = "${sysconfdir}/ssl/openssl.cnf"
+RRECOMMENDS_libcrypto += "${PN}-conf"
+RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
+
+# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
+# vulnerability
+EXTRA_OECONF = " -no-ssl3"
 
 do_configure_prepend_darwin () {
 	sed -i -e '/version-script=openssl\.ld/d' Configure
@@ -71,17 +74,18 @@ do_configure () {
 	ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
 
 	os=${HOST_OS}
-	if [ "x$os" = "xlinux-uclibc" ]; then
-		os=linux
-	elif [ "x$os" = "xlinux-uclibceabi" ]; then
-		os=linux
-	elif [ "x$os" = "xlinux-uclibcspe" ]; then
-		os=linux
-	elif [ "x$os" = "xlinux-gnuspe" ]; then
+	case $os in
+	linux-uclibc |\
+	linux-uclibceabi |\
+	linux-gnueabi |\
+	linux-uclibcspe |\
+	linux-gnuspe |\
+	linux-musl*)
 		os=linux
-	elif [ "x$os" = "xlinux-gnueabi" ]; then
-		os=linux
-	fi
+		;;
+		*)
+		;;
+	esac
 	target="$os-${HOST_ARCH}"
 	case $target in
 	linux-arm)
@@ -91,7 +95,7 @@ do_configure () {
 		target=linux-elf-armeb
 		;;
 	linux-aarch64*)
-		target=linux-generic64
+		target=linux-aarch64
 		;;
 	linux-sh3)
 		target=debian-sh3
@@ -120,9 +124,12 @@ do_configure () {
 	linux-mipsel)
 		target=debian-mipsel
 		;;
-        linux-*-mips64)
+        linux-*-mips64 | linux-mips64)
                target=linux-mips
                 ;;
+	linux-microblaze*|linux-nios2*)
+		target=linux-generic32
+		;;
 	linux-powerpc)
 		target=linux-ppc
 		;;
@@ -148,37 +155,77 @@ do_configure () {
 	perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target
 }
 
+do_compile_prepend_class-target () {
+    sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
+}
+
 do_compile () {
 	oe_runmake
 }
 
+do_compile_ptest () {
+	oe_runmake buildtest
+}
+
 do_install () {
+	# Create ${D}/${prefix} to fix parallel issues
+	mkdir -p ${D}/${prefix}/
+
 	oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install
 
 	oe_libinstall -so libcrypto ${D}${libdir}
 	oe_libinstall -so libssl ${D}${libdir}
 
-	# Moving libcrypto to /lib
-	if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then
-		mkdir -p ${D}/${base_libdir}/
-		mv ${D}${libdir}/libcrypto* ${D}${base_libdir}/
-		sed -i s#libdir=\$\{exec_prefix\}\/lib#libdir=${base_libdir}# ${D}/${libdir}/pkgconfig/libcrypto.pc
-	fi
-
 	install -d ${D}${includedir}
 	cp --dereference -R include/openssl ${D}${includedir}
 
+	install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
+	sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
+
 	oe_multilib_header openssl/opensslconf.h
 	if [ "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then
-		install -m 0755 ${S}/tools/c_rehash ${D}${bindir}
-		sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${bindir}/c_rehash
 		sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
 		sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
-		# The c_rehash utility isn't installed by the normal installation process.
 	else
-		rm -f ${D}${bindir}/c_rehash
 		rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
 	fi
+
+	# Create SSL structure
+	install -d ${D}${sysconfdir}/ssl/
+	mv ${D}${libdir}/ssl/openssl.cnf \
+	   ${D}${libdir}/ssl/certs \
+	   ${D}${libdir}/ssl/private \
+	   \
+	   ${D}${sysconfdir}/ssl/
+	ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs
+	ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private
+	ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf
+}
+
+do_install_ptest () {
+	cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH}
+	cp Configure config e_os.h ${D}${PTEST_PATH}
+	cp -r -L include ${D}${PTEST_PATH}
+	ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH}
+	ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH}
+	mkdir -p ${D}${PTEST_PATH}/crypto
+	cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto
+	cp -r certs ${D}${PTEST_PATH}
+	mkdir -p ${D}${PTEST_PATH}/apps
+	ln -sf ${libdir}/ssl/misc/CA.sh  ${D}${PTEST_PATH}/apps
+	ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
+	ln -sf ${bindir}/openssl         ${D}${PTEST_PATH}/apps
+	cp apps/server2.pem             ${D}${PTEST_PATH}/apps
+	mkdir -p ${D}${PTEST_PATH}/util
+	install util/opensslwrap.sh    ${D}${PTEST_PATH}/util
+	install util/shlib_wrap.sh     ${D}${PTEST_PATH}/util
+}
+
+do_install_append_class-native() {
+	create_wrapper ${D}${bindir}/openssl \
+	    OPENSSL_CONF=${libdir}/ssl/openssl.cnf \
+	    SSL_CERT_DIR=${libdir}/ssl/certs \
+	    SSL_CERT_FILE=${libdir}/ssl/cert.pem \
+	    OPENSSL_ENGINES=${libdir}/ssl/engines
 }
 
-BBCLASSEXTEND = "native nativesdk"
diff --git a/recipes-connectivity/openssl/openssl-qoriq/Makefiles-ptest.patch b/recipes-connectivity/openssl/openssl-qoriq/Makefiles-ptest.patch
new file mode 100644
index 0000000..249446a
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/Makefiles-ptest.patch
@@ -0,0 +1,77 @@
+Add 'buildtest' and 'runtest' targets to Makefile, to build and run tests
+cross-compiled.
+
+Signed-off-by: Anders Roxell <anders.roxell at enea.com>
+Signed-off-by: Maxin B. John <maxin.john at enea.com>
+Upstream-Status: Pending
+---
+Index: openssl-1.0.2/Makefile.org
+===================================================================
+--- openssl-1.0.2.orig/Makefile.org
++++ openssl-1.0.2/Makefile.org
+@@ -451,8 +451,16 @@ rehash.time: certs apps
+ test:   tests
+ 
+ tests: rehash
++	$(MAKE) buildtest
++	$(MAKE) runtest
++
++buildtest:
++	@(cd test && \
++	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf exe apps);
++
++runtest:
+ 	@(cd test && echo "testing..." && \
+-	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
++	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf alltests );
+ 	OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
+ 
+ report:
+Index: openssl-1.0.2/test/Makefile
+===================================================================
+--- openssl-1.0.2.orig/test/Makefile
++++ openssl-1.0.2/test/Makefile
+@@ -137,7 +137,7 @@ tests:	exe apps $(TESTS)
+ apps:
+ 	@(cd ..; $(MAKE) DIRS=apps all)
+ 
+-alltests: \
++all-tests= \
+ 	test_des test_idea test_sha test_md4 test_md5 test_hmac \
+ 	test_md2 test_mdc2 test_wp \
+ 	test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
+@@ -148,6 +148,11 @@ alltests: \
+ 	test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \
+ 	test_constant_time
+ 
++alltests:
++	@(for i in $(all-tests); do \
++	( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \
++	done)
++
+ test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
+ 	../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
+ 
+@@ -213,7 +218,7 @@ test_x509: ../apps/openssl$(EXE_EXT) tx5
+ 	echo test second x509v3 certificate
+ 	sh ./tx509 v3-cert2.pem 2>/dev/null
+ 
+-test_rsa: $(RSATEST)$(EXE_EXT) ../apps/openssl$(EXE_EXT) trsa testrsa.pem
++test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem
+ 	@sh ./trsa 2>/dev/null
+ 	../util/shlib_wrap.sh ./$(RSATEST)
+ 
+@@ -313,11 +318,11 @@ test_tsa: ../apps/openssl$(EXE_EXT) test
+ 	  sh ./testtsa; \
+ 	fi
+ 
+-test_ige: $(IGETEST)$(EXE_EXT)
++test_ige:
+ 	@echo "Test IGE mode"
+ 	../util/shlib_wrap.sh ./$(IGETEST)
+ 
+-test_jpake: $(JPAKETEST)$(EXE_EXT)
++test_jpake:
+ 	@echo "Test JPAKE"
+ 	../util/shlib_wrap.sh ./$(JPAKETEST)
+ 
diff --git a/recipes-connectivity/openssl/openssl-qoriq/configure-musl-target.patch b/recipes-connectivity/openssl/openssl-qoriq/configure-musl-target.patch
new file mode 100644
index 0000000..613dc7b
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/configure-musl-target.patch
@@ -0,0 +1,27 @@
+Add musl triplet support
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem at gmail.com>
+
+Index: openssl-1.0.2a/Configure
+===================================================================
+--- openssl-1.0.2a.orig/Configure
++++ openssl-1.0.2a/Configure
+@@ -431,7 +431,7 @@ my %table=(
+ #
+ #       ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8
+ #
+-"linux-armv4",	"gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ # Configure script adds minimally required -march for assembly support,
+ # if no -march was specified at command line. mips32 and mips64 below
+@@ -504,6 +504,8 @@ my %table=(
+ "linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-musleabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-musleabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ 
+ "linux-avr32","$ENV{'CC'}:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
+ 
diff --git a/recipes-connectivity/openssl/openssl-qoriq/configure-targets.patch b/recipes-connectivity/openssl/openssl-qoriq/configure-targets.patch
index c1f3d08..691e74a 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/configure-targets.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/configure-targets.patch
@@ -7,28 +7,31 @@ The number of colons are important :)
  Configure |   16 ++++++++++++++++
  1 file changed, 16 insertions(+)
 
---- a/Configure
-+++ b/Configure
-@@ -403,6 +403,22 @@ my %table=(
- "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
- "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+Index: openssl-1.0.2a/Configure
+===================================================================
+--- openssl-1.0.2a.orig/Configure
++++ openssl-1.0.2a/Configure
+@@ -443,6 +443,23 @@ my %table=(
+ "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+ "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
  
-+ # Linux on ARM
-+"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++ 
++# Linux on ARM
++"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +
-+"linux-avr32","$ENV{'CC'}:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
++"linux-avr32","$ENV{'CC'}:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
 +
 +#### Linux on MIPS/MIPS64
-+"linux-mips","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-mips","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +
- # Android: linux-* but without -DTERMIO and pointers to headers and libs.
+ # Android: linux-* but without pointers to headers and libs.
  "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
  "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/recipes-connectivity/openssl/openssl-qoriq/crypto_use_bigint_in_x86-64_perl.patch b/recipes-connectivity/openssl/openssl-qoriq/crypto_use_bigint_in_x86-64_perl.patch
new file mode 100644
index 0000000..af3989f
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/crypto_use_bigint_in_x86-64_perl.patch
@@ -0,0 +1,35 @@
+Upstream-Status: Backport
+
+When building on x32 systems where the default type is 32bit, make sure
+we can transparently represent 64bit integers.  Otherwise we end up with
+build errors like:
+/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s
+Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890.
+...
+ghash-x86_64.s: Assembler messages:
+ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression
+
+We don't enable this globally as there are some cases where we'd get
+32bit values interpreted as unsigned when we need them as signed.
+
+Reported-by: Bertrand Jacquin <bertrand at jacquin.bzh>
+URL: https://bugs.gentoo.org/542618
+
+Signed-off-By: Armin Kuster <akuster at mvista.com>
+
+Index: openssl-1.0.2a/crypto/perlasm/x86_64-xlate.pl
+===================================================================
+--- openssl-1.0.2a.orig/crypto/perlasm/x86_64-xlate.pl
++++ openssl-1.0.2a/crypto/perlasm/x86_64-xlate.pl
+@@ -194,7 +194,10 @@ my %globals;
+     }
+     sub out {
+     	my $self = shift;
+-
++	# When building on x32 ABIs, the expanded hex value might be too
++	# big to fit into 32bits. Enable transparent 64bit support here
++	# so we can safely print it out.
++	use bigint;
+ 	if ($gas) {
+ 	    # Solaris /usr/ccs/bin/as can't handle multiplications
+ 	    # in $self->{value}
diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian/c_rehash-compat.patch b/recipes-connectivity/openssl/openssl-qoriq/debian/c_rehash-compat.patch
index ac1b19b..68e54d5 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/debian/c_rehash-compat.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/debian/c_rehash-compat.patch
@@ -1,38 +1,54 @@
-Upstream-Status: Backport [debian]
-
 From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001
 From: Ludwig Nussel <ludwig.nussel at suse.de>
 Date: Wed, 21 Apr 2010 15:52:10 +0200
 Subject: [PATCH] also create old hash for compatibility
 
----
- tools/c_rehash.in |    8 +++++++-
- 1 files changed, 7 insertions(+), 1 deletions(-)
+Upstream-Status: Backport [debian]
 
-Index: openssl-1.0.0d/tools/c_rehash.in
-===================================================================
---- openssl-1.0.0d.orig/tools/c_rehash.in	2011-04-13 20:41:28.000000000 +0000
-+++ openssl-1.0.0d/tools/c_rehash.in	2011-04-13 20:41:28.000000000 +0000
-@@ -86,6 +86,7 @@
- 			}
+diff --git a/tools/c_rehash.in b/tools/c_rehash.in
+index b086ff9..b777d79 100644
+--- a/tools/c_rehash.in
++++ b/tools/c_rehash.in
+@@ -8,8 +8,6 @@ my $prefix;
+ 
+ my $openssl = $ENV{OPENSSL} || "openssl";
+ my $pwd;
+-my $x509hash = "-subject_hash";
+-my $crlhash = "-hash";
+ my $verbose = 0;
+ my $symlink_exists=eval {symlink("",""); 1};
+ my $removelinks = 1;
+@@ -18,10 +16,7 @@ my $removelinks = 1;
+ while ( $ARGV[0] =~ /^-/ ) {
+     my $flag = shift @ARGV;
+     last if ( $flag eq '--');
+-    if ( $flag eq '-old') {
+-	    $x509hash = "-subject_hash_old";
+-	    $crlhash = "-hash_old";
+-    } elsif ( $flag eq '-h') {
++    if ( $flag eq '-h') {
+ 	    help();
+     } elsif ( $flag eq '-n' ) {
+ 	    $removelinks = 0;
+@@ -113,7 +108,9 @@ sub hash_dir {
+ 			next;
  		}
  		link_hash_cert($fname) if($cert);
 +		link_hash_cert_old($fname) if($cert);
  		link_hash_crl($fname) if($crl);
++		link_hash_crl_old($fname) if($crl);
  	}
  }
-@@ -119,8 +120,9 @@
+ 
+@@ -146,6 +143,7 @@ sub check_file {
  
  sub link_hash_cert {
  		my $fname = $_[0];
-+		my $hashopt = $_[1] || '-subject_hash';
++		my $x509hash = $_[1] || '-subject_hash';
  		$fname =~ s/'/'\\''/g;
--		my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`;
-+		my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$fname"`;
+ 		my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
  		chomp $hash;
- 		chomp $fprint;
- 		$fprint =~ s/^.*=//;
-@@ -150,6 +152,10 @@
+@@ -176,11 +174,21 @@ sub link_hash_cert {
  		$hashlist{$hash} = $fprint;
  }
  
@@ -40,6 +56,16 @@ Index: openssl-1.0.0d/tools/c_rehash.in
 +		link_hash_cert($_[0], '-subject_hash_old');
 +}
 +
++sub link_hash_crl_old {
++		link_hash_crl($_[0], '-hash_old');
++}
++
++
  # Same as above except for a CRL. CRL links are of the form <hash>.r<n>
  
  sub link_hash_crl {
+ 		my $fname = $_[0];
++		my $crlhash = $_[1] || "-hash";
+ 		$fname =~ s/'/'\\''/g;
+ 		my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
+ 		chomp $hash;
diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian/debian-targets.patch b/recipes-connectivity/openssl/openssl-qoriq/debian/debian-targets.patch
index 8101edf..39d4328 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/debian/debian-targets.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/debian/debian-targets.patch
@@ -1,12 +1,12 @@
 Upstream-Status: Backport [debian]
 
-Index: openssl-1.0.1/Configure
+Index: openssl-1.0.2/Configure
 ===================================================================
---- openssl-1.0.1.orig/Configure	2012-03-17 15:37:54.000000000 +0000
-+++ openssl-1.0.1/Configure	2012-03-17 16:13:49.000000000 +0000
-@@ -105,6 +105,10 @@
+--- openssl-1.0.2.orig/Configure
++++ openssl-1.0.2/Configure
+@@ -107,6 +107,10 @@ my $gcc_devteam_warn = "-Wall -pedantic
  
- my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
+ my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum";
  
 +# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS
 +my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall";
@@ -15,7 +15,7 @@ Index: openssl-1.0.1/Configure
  my $strict_warnings = 0;
  
  my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
-@@ -338,6 +342,48 @@
+@@ -343,6 +347,55 @@ my %table=(
  "osf1-alpha-cc",  "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
  "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
  
@@ -23,9 +23,9 @@ Index: openssl-1.0.1/Configure
 +"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-armeb","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-arm64","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
 +"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -40,15 +40,21 @@ Index: openssl-1.0.1/Configure
 +"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-mips",   "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-mipsel",   "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mipsn32",   "mips64-linux-gnuabin32-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mipsn32el",   "mips64el-linux-gnuabin32-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mips64",   "mips64-linux-gnuabi64-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mips64el",   "mips64el-linux-gnuabi64-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-netbsd-i386",	"gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-netbsd-m68k",	"gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-netbsd-sparc",	"gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-openbsd-i386",  "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-or1k", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-ppc64el","gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
 +"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-sh3",   "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -60,6 +66,7 @@ Index: openssl-1.0.1/Configure
 +"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-x32","gcc:-mx32 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
 +
  ####
  #### Variety of LINUX:-)
diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian/make-targets.patch b/recipes-connectivity/openssl/openssl-qoriq/debian/make-targets.patch
deleted file mode 100644
index ee0a62c..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/debian/make-targets.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.1/Makefile.org
-===================================================================
---- openssl-1.0.1.orig/Makefile.org	2012-03-17 09:41:07.000000000 +0000
-+++ openssl-1.0.1/Makefile.org	2012-03-17 09:41:21.000000000 +0000
-@@ -135,7 +135,7 @@
- 
- BASEADDR=
- 
--DIRS=   crypto ssl engines apps test tools
-+DIRS=   crypto ssl engines apps tools
- ENGDIRS= ccgost
- SHLIBDIRS= crypto ssl
- 
diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian/version-script.patch b/recipes-connectivity/openssl/openssl-qoriq/debian/version-script.patch
index ece8b9b..a249180 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/debian/version-script.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/debian/version-script.patch
@@ -1,10 +1,8 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.1d/Configure
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure
 ===================================================================
---- openssl-1.0.1d.orig/Configure	2013-02-06 19:41:43.000000000 +0100
-+++ openssl-1.0.1d/Configure	2013-02-06 19:41:43.000000000 +0100
-@@ -1621,6 +1621,8 @@
+--- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure	2014-02-24 21:02:30.000000000 +0100
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure	2014-02-24 21:02:30.000000000 +0100
+@@ -1651,6 +1651,8 @@
  		}
  	}
  
@@ -13,11 +11,11 @@ Index: openssl-1.0.1d/Configure
  open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
  unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
  open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
-Index: openssl-1.0.1d/openssl.ld
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
 ===================================================================
 --- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.1d/openssl.ld	2013-02-06 19:44:25.000000000 +0100
-@@ -0,0 +1,4620 @@
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld	2014-02-24 22:19:08.601827266 +0100
+@@ -0,0 +1,4615 @@
 +OPENSSL_1.0.0 {
 +	global:
 +		BIO_f_ssl;
@@ -2229,20 +2227,16 @@ Index: openssl-1.0.1d/openssl.ld
 +		ERR_load_COMP_strings;
 +		PKCS12_item_decrypt_d2i;
 +		ASN1_UTF8STRING_it;
-+		ASN1_UTF8STRING_it;
 +		ENGINE_unregister_ciphers;
 +		ENGINE_get_ciphers;
 +		d2i_OCSP_BASICRESP;
 +		KRB5_CHECKSUM_it;
-+		KRB5_CHECKSUM_it;
 +		EC_POINT_add;
 +		ASN1_item_ex_i2d;
 +		OCSP_CERTID_it;
-+		OCSP_CERTID_it;
 +		d2i_OCSP_RESPBYTES;
 +		X509V3_add1_i2d;
 +		PKCS7_ENVELOPE_it;
-+		PKCS7_ENVELOPE_it;
 +		UI_add_input_boolean;
 +		ENGINE_unregister_RSA;
 +		X509V3_EXT_nconf;
@@ -2254,19 +2248,15 @@ Index: openssl-1.0.1d/openssl.ld
 +		ENGINE_register_all_RAND;
 +		ENGINE_load_dynamic;
 +		PBKDF2PARAM_it;
-+		PBKDF2PARAM_it;
 +		EXTENDED_KEY_USAGE_new;
 +		EC_GROUP_clear_free;
 +		OCSP_sendreq_bio;
 +		ASN1_item_digest;
 +		OCSP_BASICRESP_delete_ext;
 +		OCSP_SIGNATURE_it;
-+		OCSP_SIGNATURE_it;
-+		X509_CRL_it;
 +		X509_CRL_it;
 +		OCSP_BASICRESP_add_ext;
 +		KRB5_ENCKEY_it;
-+		KRB5_ENCKEY_it;
 +		UI_method_set_closer;
 +		X509_STORE_set_purpose;
 +		i2d_ASN1_GENERALSTRING;
@@ -2277,7 +2267,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		OCSP_REQUEST_get_ext_by_OBJ;
 +		_ossl_old_des_random_key;
 +		ASN1_T61STRING_it;
-+		ASN1_T61STRING_it;
 +		EC_GROUP_method_of;
 +		i2d_KRB5_APREQ;
 +		_ossl_old_des_encrypt;
@@ -2293,7 +2282,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		OCSP_SINGLERESP_get_ext_count;
 +		UI_ctrl;
 +		_shadow_DES_rw_mode;
-+		_shadow_DES_rw_mode;
 +		asn1_do_adb;
 +		ASN1_template_i2d;
 +		ENGINE_register_DH;
@@ -2307,8 +2295,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		KRB5_ENCKEY_free;
 +		OCSP_resp_get0;
 +		GENERAL_NAME_it;
-+		GENERAL_NAME_it;
-+		ASN1_GENERALIZEDTIME_it;
 +		ASN1_GENERALIZEDTIME_it;
 +		X509_STORE_set_flags;
 +		EC_POINT_set_compressed_coordinates_GFp;
@@ -2330,21 +2316,18 @@ Index: openssl-1.0.1d/openssl.ld
 +		EC_POINT_set_affine_coords_GFp;
 +		_ossl_old_des_options;
 +		SXNET_it;
-+		SXNET_it;
 +		UI_dup_input_boolean;
 +		PKCS12_add_CSPName_asc;
 +		EC_POINT_is_at_infinity;
 +		ENGINE_load_cryptodev;
 +		DSO_convert_filename;
 +		POLICYQUALINFO_it;
-+		POLICYQUALINFO_it;
 +		ENGINE_register_ciphers;
 +		BN_mod_lshift_quick;
 +		DSO_set_filename;
 +		ASN1_item_free;
 +		KRB5_TKTBODY_free;
 +		AUTHORITY_KEYID_it;
-+		AUTHORITY_KEYID_it;
 +		KRB5_APREQBODY_new;
 +		X509V3_EXT_REQ_add_nconf;
 +		ENGINE_ctrl_cmd_string;
@@ -2352,19 +2335,15 @@ Index: openssl-1.0.1d/openssl.ld
 +		EVP_MD_CTX_init;
 +		EXTENDED_KEY_USAGE_free;
 +		PKCS7_ATTR_SIGN_it;
-+		PKCS7_ATTR_SIGN_it;
 +		UI_add_error_string;
 +		KRB5_CHECKSUM_free;
 +		OCSP_REQUEST_get_ext;
 +		ENGINE_load_ubsec;
 +		ENGINE_register_all_digests;
 +		PKEY_USAGE_PERIOD_it;
-+		PKEY_USAGE_PERIOD_it;
 +		PKCS12_unpack_authsafes;
 +		ASN1_item_unpack;
 +		NETSCAPE_SPKAC_it;
-+		NETSCAPE_SPKAC_it;
-+		X509_REVOKED_it;
 +		X509_REVOKED_it;
 +		ASN1_STRING_encode;
 +		EVP_aes_128_ecb;
@@ -2376,7 +2355,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		UI_dup_info_string;
 +		_ossl_old_des_xwhite_in2out;
 +		PKCS12_it;
-+		PKCS12_it;
 +		OCSP_SINGLERESP_get_ext_by_critical;
 +		OCSP_SINGLERESP_get_ext_by_crit;
 +		OCSP_CERTSTATUS_free;
@@ -2395,10 +2373,8 @@ Index: openssl-1.0.1d/openssl.ld
 +		ENGINE_unregister_DSA;
 +		_ossl_old_des_key_sched;
 +		X509_EXTENSION_it;
-+		X509_EXTENSION_it;
 +		i2d_KRB5_AUTHENT;
 +		SXNETID_it;
-+		SXNETID_it;
 +		d2i_OCSP_SINGLERESP;
 +		EDIPARTYNAME_new;
 +		PKCS12_certbag2x509;
@@ -2409,10 +2385,8 @@ Index: openssl-1.0.1d/openssl.ld
 +		d2i_KRB5_APREQBODY;
 +		UI_method_get_flusher;
 +		X509_PUBKEY_it;
-+		X509_PUBKEY_it;
 +		_ossl_old_des_enc_read;
 +		PKCS7_ENCRYPT_it;
-+		PKCS7_ENCRYPT_it;
 +		i2d_OCSP_RESPONSE;
 +		EC_GROUP_get_cofactor;
 +		PKCS12_unpack_p7data;
@@ -2430,10 +2404,8 @@ Index: openssl-1.0.1d/openssl.ld
 +		PKCS12_item_i2d_encrypt;
 +		X509_add1_ext_i2d;
 +		PKCS7_SIGNER_INFO_it;
-+		PKCS7_SIGNER_INFO_it;
 +		KRB5_PRINCNAME_new;
 +		PKCS12_SAFEBAG_it;
-+		PKCS12_SAFEBAG_it;
 +		EC_GROUP_get_order;
 +		d2i_OCSP_RESPID;
 +		OCSP_request_verify;
@@ -2448,42 +2420,32 @@ Index: openssl-1.0.1d/openssl.ld
 +		EVP_MD_CTX_create;
 +		OCSP_resp_find_status;
 +		X509_ALGOR_it;
-+		X509_ALGOR_it;
-+		ASN1_TIME_it;
 +		ASN1_TIME_it;
 +		OCSP_request_set1_name;
 +		OCSP_ONEREQ_get_ext_count;
 +		UI_get0_result;
 +		PKCS12_AUTHSAFES_it;
-+		PKCS12_AUTHSAFES_it;
 +		EVP_aes_256_ecb;
 +		PKCS12_pack_authsafes;
 +		ASN1_IA5STRING_it;
-+		ASN1_IA5STRING_it;
 +		UI_get_input_flags;
 +		EC_GROUP_set_generator;
 +		_ossl_old_des_string_to_2keys;
 +		OCSP_CERTID_free;
 +		X509_CERT_AUX_it;
-+		X509_CERT_AUX_it;
-+		CERTIFICATEPOLICIES_it;
 +		CERTIFICATEPOLICIES_it;
 +		_ossl_old_des_ede3_cbc_encrypt;
 +		RAND_set_rand_engine;
 +		DSO_get_loaded_filename;
 +		X509_ATTRIBUTE_it;
-+		X509_ATTRIBUTE_it;
 +		OCSP_ONEREQ_get_ext_by_NID;
 +		PKCS12_decrypt_skey;
 +		KRB5_AUTHENT_it;
-+		KRB5_AUTHENT_it;
 +		UI_dup_error_string;
 +		RSAPublicKey_it;
-+		RSAPublicKey_it;
 +		i2d_OCSP_REQUEST;
 +		PKCS12_x509crl2certbag;
 +		OCSP_SERVICELOC_it;
-+		OCSP_SERVICELOC_it;
 +		ASN1_item_sign;
 +		X509_CRL_set_issuer_name;
 +		OBJ_NAME_do_all_sorted;
@@ -2494,30 +2456,23 @@ Index: openssl-1.0.1d/openssl.ld
 +		ENGINE_get_digest;
 +		OCSP_RESPONSE_print;
 +		KRB5_TKTBODY_it;
-+		KRB5_TKTBODY_it;
 +		ACCESS_DESCRIPTION_it;
-+		ACCESS_DESCRIPTION_it;
-+		PKCS7_ISSUER_AND_SERIAL_it;
 +		PKCS7_ISSUER_AND_SERIAL_it;
 +		PBE2PARAM_it;
-+		PBE2PARAM_it;
 +		PKCS12_certbag2x509crl;
 +		PKCS7_SIGNED_it;
-+		PKCS7_SIGNED_it;
 +		ENGINE_get_cipher;
 +		i2d_OCSP_CRLID;
 +		OCSP_SINGLERESP_new;
 +		ENGINE_cmd_is_executable;
 +		RSA_up_ref;
 +		ASN1_GENERALSTRING_it;
-+		ASN1_GENERALSTRING_it;
 +		ENGINE_register_DSA;
 +		X509V3_EXT_add_nconf_sk;
 +		ENGINE_set_load_pubkey_function;
 +		PKCS8_decrypt;
 +		PEM_bytes_read_bio;
 +		DIRECTORYSTRING_it;
-+		DIRECTORYSTRING_it;
 +		d2i_OCSP_CRLID;
 +		EC_POINT_is_on_curve;
 +		CRYPTO_set_locked_mem_ex_functions;
@@ -2525,7 +2480,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		d2i_KRB5_CHECKSUM;
 +		ASN1_item_dup;
 +		X509_it;
-+		X509_it;
 +		BN_mod_add;
 +		KRB5_AUTHDATA_free;
 +		_ossl_old_des_cbc_cksum;
@@ -2534,7 +2488,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		EC_POINT_get_Jprojective_coordinates_GFp;
 +		EC_POINT_get_Jproj_coords_GFp;
 +		ZLONG_it;
-+		ZLONG_it;
 +		CRYPTO_get_locked_mem_ex_functions;
 +		CRYPTO_get_locked_mem_ex_funcs;
 +		ASN1_TIME_check;
@@ -2544,41 +2497,30 @@ Index: openssl-1.0.1d/openssl.ld
 +		_ossl_old_des_ede3_cfb64_encrypt;
 +		_ossl_odes_ede3_cfb64_encrypt;
 +		ASN1_BMPSTRING_it;
-+		ASN1_BMPSTRING_it;
 +		ASN1_tag2bit;
 +		UI_method_set_flusher;
 +		X509_ocspid_print;
 +		KRB5_ENCDATA_it;
-+		KRB5_ENCDATA_it;
 +		ENGINE_get_load_pubkey_function;
 +		UI_add_user_data;
 +		OCSP_REQUEST_delete_ext;
 +		UI_get_method;
 +		OCSP_ONEREQ_free;
 +		ASN1_PRINTABLESTRING_it;
-+		ASN1_PRINTABLESTRING_it;
 +		X509_CRL_set_nextUpdate;
 +		OCSP_REQUEST_it;
-+		OCSP_REQUEST_it;
-+		OCSP_BASICRESP_it;
 +		OCSP_BASICRESP_it;
 +		AES_ecb_encrypt;
 +		BN_mod_sqr;
 +		NETSCAPE_CERT_SEQUENCE_it;
-+		NETSCAPE_CERT_SEQUENCE_it;
-+		GENERAL_NAMES_it;
 +		GENERAL_NAMES_it;
 +		AUTHORITY_INFO_ACCESS_it;
-+		AUTHORITY_INFO_ACCESS_it;
-+		ASN1_FBOOLEAN_it;
 +		ASN1_FBOOLEAN_it;
 +		UI_set_ex_data;
 +		_ossl_old_des_string_to_key;
 +		ENGINE_register_all_RSA;
 +		d2i_KRB5_PRINCNAME;
 +		OCSP_RESPBYTES_it;
-+		OCSP_RESPBYTES_it;
-+		X509_CINF_it;
 +		X509_CINF_it;
 +		ENGINE_unregister_digests;
 +		d2i_EDIPARTYNAME;
@@ -2588,7 +2530,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		OCSP_RESPDATA_free;
 +		d2i_KRB5_TICKET;
 +		OTHERNAME_it;
-+		OTHERNAME_it;
 +		EVP_MD_CTX_cleanup;
 +		d2i_ASN1_GENERALSTRING;
 +		X509_CRL_set_version;
@@ -2598,7 +2539,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		OCSP_REQUEST_free;
 +		OCSP_REQUEST_add1_ext_i2d;
 +		X509_VAL_it;
-+		X509_VAL_it;
 +		EC_POINTs_make_affine;
 +		EC_POINT_mul;
 +		X509V3_EXT_add_nconf;
@@ -2606,7 +2546,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		X509_CRL_add1_ext_i2d;
 +		_ossl_old_des_fcrypt;
 +		DISPLAYTEXT_it;
-+		DISPLAYTEXT_it;
 +		X509_CRL_set_lastUpdate;
 +		OCSP_BASICRESP_free;
 +		OCSP_BASICRESP_add1_ext_i2d;
@@ -2619,7 +2558,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		UI_get0_result_string;
 +		ASN1_GENERALSTRING_new;
 +		X509_SIG_it;
-+		X509_SIG_it;
 +		ERR_set_implementation;
 +		ERR_load_EC_strings;
 +		UI_get0_action_string;
@@ -2634,35 +2572,27 @@ Index: openssl-1.0.1d/openssl.ld
 +		OCSP_ONEREQ_get_ext_by_OBJ;
 +		ASN1_primitive_new;
 +		ASN1_PRINTABLE_it;
-+		ASN1_PRINTABLE_it;
 +		EVP_aes_192_ecb;
 +		OCSP_SIGNATURE_new;
 +		LONG_it;
-+		LONG_it;
-+		ASN1_VISIBLESTRING_it;
 +		ASN1_VISIBLESTRING_it;
 +		OCSP_SINGLERESP_add1_ext_i2d;
 +		d2i_OCSP_CERTID;
 +		ASN1_item_d2i_fp;
 +		CRL_DIST_POINTS_it;
-+		CRL_DIST_POINTS_it;
 +		GENERAL_NAME_print;
 +		OCSP_SINGLERESP_delete_ext;
 +		PKCS12_SAFEBAGS_it;
-+		PKCS12_SAFEBAGS_it;
 +		d2i_OCSP_SIGNATURE;
 +		OCSP_request_add1_nonce;
 +		ENGINE_set_cmd_defns;
 +		OCSP_SERVICELOC_free;
 +		EC_GROUP_free;
 +		ASN1_BIT_STRING_it;
-+		ASN1_BIT_STRING_it;
-+		X509_REQ_it;
 +		X509_REQ_it;
 +		_ossl_old_des_cbc_encrypt;
 +		ERR_unload_strings;
 +		PKCS7_SIGN_ENVELOPE_it;
-+		PKCS7_SIGN_ENVELOPE_it;
 +		EDIPARTYNAME_free;
 +		OCSP_REQINFO_free;
 +		EC_GROUP_new_curve_GFp;
@@ -2687,7 +2617,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		OCSP_CRLID_free;
 +		OCSP_BASICRESP_get1_ext_d2i;
 +		RSAPrivateKey_it;
-+		RSAPrivateKey_it;
 +		ENGINE_register_all_DH;
 +		i2d_EDIPARTYNAME;
 +		EC_POINT_get_affine_coordinates_GFp;
@@ -2695,10 +2624,8 @@ Index: openssl-1.0.1d/openssl.ld
 +		OCSP_CRLID_new;
 +		ENGINE_get_flags;
 +		OCSP_ONEREQ_it;
-+		OCSP_ONEREQ_it;
 +		UI_process;
 +		ASN1_INTEGER_it;
-+		ASN1_INTEGER_it;
 +		EVP_CipherInit_ex;
 +		UI_get_string_type;
 +		ENGINE_unregister_DH;
@@ -2707,7 +2634,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		bn_dup_expand;
 +		OCSP_cert_id_new;
 +		BASIC_CONSTRAINTS_it;
-+		BASIC_CONSTRAINTS_it;
 +		BN_mod_add_quick;
 +		EC_POINT_new;
 +		EVP_MD_CTX_destroy;
@@ -2717,7 +2643,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		EC_POINT_free;
 +		DH_up_ref;
 +		X509_NAME_ENTRY_it;
-+		X509_NAME_ENTRY_it;
 +		UI_get_ex_new_index;
 +		BN_mod_sub_quick;
 +		OCSP_ONEREQ_add_ext;
@@ -2730,7 +2655,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		ENGINE_register_complete;
 +		X509V3_EXT_nconf_nid;
 +		ASN1_SEQUENCE_it;
-+		ASN1_SEQUENCE_it;
 +		UI_set_default_method;
 +		RAND_query_egd_bytes;
 +		UI_method_get_writer;
@@ -2738,8 +2662,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		PEM_def_callback;
 +		ENGINE_cleanup;
 +		DIST_POINT_it;
-+		DIST_POINT_it;
-+		OCSP_SINGLERESP_it;
 +		OCSP_SINGLERESP_it;
 +		d2i_KRB5_TKTBODY;
 +		EC_POINT_cmp;
@@ -2758,24 +2680,20 @@ Index: openssl-1.0.1d/openssl.ld
 +		OCSP_cert_to_id;
 +		OCSP_RESPID_new;
 +		OCSP_RESPDATA_it;
-+		OCSP_RESPDATA_it;
 +		d2i_OCSP_RESPDATA;
 +		ENGINE_register_all_complete;
 +		OCSP_check_validity;
 +		PKCS12_BAGS_it;
-+		PKCS12_BAGS_it;
 +		OCSP_url_svcloc_new;
 +		ASN1_template_free;
 +		OCSP_SINGLERESP_add_ext;
 +		KRB5_AUTHENTBODY_it;
-+		KRB5_AUTHENTBODY_it;
 +		X509_supported_extension;
 +		i2d_KRB5_AUTHDATA;
 +		UI_method_get_opener;
 +		ENGINE_set_ex_data;
 +		OCSP_REQUEST_print;
 +		CBIGNUM_it;
-+		CBIGNUM_it;
 +		KRB5_TICKET_new;
 +		KRB5_APREQ_new;
 +		EC_GROUP_get_curve_GFp;
@@ -2785,27 +2703,20 @@ Index: openssl-1.0.1d/openssl.ld
 +		OCSP_single_get0_status;
 +		BN_swap;
 +		POLICYINFO_it;
-+		POLICYINFO_it;
 +		ENGINE_set_destroy_function;
 +		asn1_enc_free;
 +		OCSP_RESPID_it;
-+		OCSP_RESPID_it;
 +		EC_GROUP_new;
 +		EVP_aes_256_cbc;
 +		i2d_KRB5_PRINCNAME;
 +		_ossl_old_des_encrypt2;
 +		_ossl_old_des_encrypt3;
 +		PKCS8_PRIV_KEY_INFO_it;
-+		PKCS8_PRIV_KEY_INFO_it;
-+		OCSP_REQINFO_it;
 +		OCSP_REQINFO_it;
 +		PBEPARAM_it;
-+		PBEPARAM_it;
 +		KRB5_AUTHENTBODY_new;
 +		X509_CRL_add0_revoked;
 +		EDIPARTYNAME_it;
-+		EDIPARTYNAME_it;
-+		NETSCAPE_SPKI_it;
 +		NETSCAPE_SPKI_it;
 +		UI_get0_test_string;
 +		ENGINE_get_cipher_engine;
@@ -2817,14 +2728,12 @@ Index: openssl-1.0.1d/openssl.ld
 +		UI_method_get_reader;
 +		OCSP_BASICRESP_get_ext_count;
 +		ASN1_ENUMERATED_it;
-+		ASN1_ENUMERATED_it;
 +		UI_set_result;
 +		i2d_KRB5_TICKET;
 +		X509_print_ex_fp;
 +		EVP_CIPHER_CTX_set_padding;
 +		d2i_OCSP_RESPONSE;
 +		ASN1_UTCTIME_it;
-+		ASN1_UTCTIME_it;
 +		_ossl_old_des_enc_write;
 +		OCSP_RESPONSE_new;
 +		AES_set_encrypt_key;
@@ -2834,14 +2743,11 @@ Index: openssl-1.0.1d/openssl.ld
 +		OCSP_onereq_get0_id;
 +		ENGINE_set_default_ciphers;
 +		NOTICEREF_it;
-+		NOTICEREF_it;
 +		X509V3_EXT_CRL_add_nconf;
 +		OCSP_REVOKEDINFO_it;
-+		OCSP_REVOKEDINFO_it;
 +		AES_encrypt;
 +		OCSP_REQUEST_new;
 +		ASN1_ANY_it;
-+		ASN1_ANY_it;
 +		CRYPTO_ex_data_new_class;
 +		_ossl_old_des_ncbc_encrypt;
 +		i2d_KRB5_TKTBODY;
@@ -2864,19 +2770,15 @@ Index: openssl-1.0.1d/openssl.ld
 +		ENGINE_load_nuron;
 +		_ossl_old_des_pcbc_encrypt;
 +		PKCS12_MAC_DATA_it;
-+		PKCS12_MAC_DATA_it;
 +		OCSP_accept_responses_new;
 +		asn1_do_lock;
 +		PKCS7_ATTR_VERIFY_it;
-+		PKCS7_ATTR_VERIFY_it;
-+		KRB5_APREQBODY_it;
 +		KRB5_APREQBODY_it;
 +		i2d_OCSP_SINGLERESP;
 +		ASN1_item_ex_new;
 +		UI_add_verify_string;
 +		_ossl_old_des_set_key;
 +		KRB5_PRINCNAME_it;
-+		KRB5_PRINCNAME_it;
 +		EVP_DecryptInit_ex;
 +		i2d_OCSP_CERTID;
 +		ASN1_item_d2i_bio;
@@ -2890,20 +2792,17 @@ Index: openssl-1.0.1d/openssl.ld
 +		OCSP_BASICRESP_new;
 +		OCSP_REQUEST_get_ext_by_NID;
 +		KRB5_APREQ_it;
-+		KRB5_APREQ_it;
 +		ENGINE_get_destroy_function;
 +		CONF_set_nconf;
 +		ASN1_PRINTABLE_free;
 +		OCSP_BASICRESP_get_ext_by_NID;
 +		DIST_POINT_NAME_it;
-+		DIST_POINT_NAME_it;
 +		X509V3_extensions_print;
 +		_ossl_old_des_cfb64_encrypt;
 +		X509_REVOKED_add1_ext_i2d;
 +		_ossl_old_des_ofb_encrypt;
 +		KRB5_TKTBODY_new;
 +		ASN1_OCTET_STRING_it;
-+		ASN1_OCTET_STRING_it;
 +		ERR_load_UI_strings;
 +		i2d_KRB5_ENCKEY;
 +		ASN1_template_new;
@@ -2911,8 +2810,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		ASN1_item_i2d_fp;
 +		KRB5_PRINCNAME_free;
 +		PKCS7_RECIP_INFO_it;
-+		PKCS7_RECIP_INFO_it;
-+		EXTENDED_KEY_USAGE_it;
 +		EXTENDED_KEY_USAGE_it;
 +		EC_GFp_simple_method;
 +		EC_GROUP_precompute_mult;
@@ -2920,42 +2817,33 @@ Index: openssl-1.0.1d/openssl.ld
 +		UI_method_set_writer;
 +		KRB5_AUTHENT_new;
 +		X509_CRL_INFO_it;
-+		X509_CRL_INFO_it;
 +		DSO_set_name_converter;
 +		AES_set_decrypt_key;
 +		PKCS7_DIGEST_it;
-+		PKCS7_DIGEST_it;
 +		PKCS12_x5092certbag;
 +		EVP_DigestInit_ex;
 +		i2a_ACCESS_DESCRIPTION;
 +		OCSP_RESPONSE_it;
-+		OCSP_RESPONSE_it;
-+		PKCS7_ENC_CONTENT_it;
 +		PKCS7_ENC_CONTENT_it;
 +		OCSP_request_add0_id;
 +		EC_POINT_make_affine;
 +		DSO_get_filename;
 +		OCSP_CERTSTATUS_it;
-+		OCSP_CERTSTATUS_it;
 +		OCSP_request_add1_cert;
 +		UI_get0_output_string;
 +		UI_dup_verify_string;
 +		BN_mod_lshift;
 +		KRB5_AUTHDATA_it;
-+		KRB5_AUTHDATA_it;
 +		asn1_set_choice_selector;
 +		OCSP_basic_add1_status;
 +		OCSP_RESPID_free;
 +		asn1_get_field_ptr;
 +		UI_add_input_string;
 +		OCSP_CRLID_it;
-+		OCSP_CRLID_it;
 +		i2d_KRB5_AUTHENTBODY;
 +		OCSP_REQUEST_get_ext_count;
 +		ENGINE_load_atalla;
 +		X509_NAME_it;
-+		X509_NAME_it;
-+		USERNOTICE_it;
 +		USERNOTICE_it;
 +		OCSP_REQINFO_new;
 +		OCSP_BASICRESP_get_ext;
@@ -2965,33 +2853,27 @@ Index: openssl-1.0.1d/openssl.ld
 +		i2d_KRB5_ENCDATA;
 +		X509_PURPOSE_set;
 +		X509_REQ_INFO_it;
-+		X509_REQ_INFO_it;
 +		UI_method_set_opener;
 +		ASN1_item_ex_free;
 +		ASN1_BOOLEAN_it;
-+		ASN1_BOOLEAN_it;
 +		ENGINE_get_table_flags;
 +		UI_create_method;
 +		OCSP_ONEREQ_add1_ext_i2d;
 +		_shadow_DES_check_key;
-+		_shadow_DES_check_key;
 +		d2i_OCSP_REQINFO;
 +		UI_add_info_string;
 +		UI_get_result_minsize;
 +		ASN1_NULL_it;
-+		ASN1_NULL_it;
 +		BN_mod_lshift1;
 +		d2i_OCSP_ONEREQ;
 +		OCSP_ONEREQ_new;
 +		KRB5_TICKET_it;
-+		KRB5_TICKET_it;
 +		EVP_aes_192_cbc;
 +		KRB5_TICKET_free;
 +		UI_new;
 +		OCSP_response_create;
 +		_ossl_old_des_xcbc_encrypt;
 +		PKCS7_it;
-+		PKCS7_it;
 +		OCSP_REQUEST_get_ext_by_critical;
 +		OCSP_REQUEST_get_ext_by_crit;
 +		ENGINE_set_flags;
@@ -3000,11 +2882,9 @@ Index: openssl-1.0.1d/openssl.ld
 +		EVP_Digest;
 +		OCSP_ONEREQ_delete_ext;
 +		ASN1_TBOOLEAN_it;
-+		ASN1_TBOOLEAN_it;
 +		ASN1_item_new;
 +		ASN1_TIME_to_generalizedtime;
 +		BIGNUM_it;
-+		BIGNUM_it;
 +		AES_cbc_encrypt;
 +		ENGINE_get_load_privkey_function;
 +		ENGINE_get_load_privkey_fn;
@@ -3016,7 +2896,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		EC_POINT_point2oct;
 +		KRB5_APREQ_free;
 +		ASN1_OBJECT_it;
-+		ASN1_OBJECT_it;
 +		OCSP_crlID_new;
 +		OCSP_crlID2_new;
 +		CONF_modules_load_file;
@@ -3074,7 +2953,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		i2d_ASN1_UNIVERSALSTRING;
 +		ASN1_UNIVERSALSTRING_free;
 +		ASN1_UNIVERSALSTRING_it;
-+		ASN1_UNIVERSALSTRING_it;
 +		d2i_ASN1_UNIVERSALSTRING;
 +		EVP_des_ede3_ecb;
 +		X509_REQ_print_ex;
@@ -3130,14 +3008,12 @@ Index: openssl-1.0.1d/openssl.ld
 +		HMAC_CTX_set_flags;
 +		d2i_PROXY_CERT_INFO_EXTENSION;
 +		PROXY_POLICY_it;
-+		PROXY_POLICY_it;
 +		i2d_PROXY_POLICY;
 +		i2d_PROXY_CERT_INFO_EXTENSION;
 +		d2i_PROXY_POLICY;
 +		PROXY_CERT_INFO_EXTENSION_new;
 +		PROXY_CERT_INFO_EXTENSION_free;
 +		PROXY_CERT_INFO_EXTENSION_it;
-+		PROXY_CERT_INFO_EXTENSION_it;
 +		PROXY_POLICY_free;
 +		PROXY_POLICY_new;
 +		BN_MONT_CTX_set_locked;
@@ -3174,7 +3050,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		BN_BLINDING_get_thread_id;
 +		X509_STORE_CTX_set0_param;
 +		POLICY_MAPPING_it;
-+		POLICY_MAPPING_it;
 +		STORE_parse_attrs_start;
 +		POLICY_CONSTRAINTS_free;
 +		EVP_PKEY_add1_attr_by_NID;
@@ -3183,7 +3058,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		STORE_set_method;
 +		GENERAL_SUBTREE_free;
 +		NAME_CONSTRAINTS_it;
-+		NAME_CONSTRAINTS_it;
 +		ECDH_get_default_method;
 +		PKCS12_add_safe;
 +		EC_KEY_new_by_curve_name;
@@ -3226,7 +3100,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		ENGINE_get_default_ECDH;
 +		EC_KEY_get_conv_form;
 +		ASN1_OCTET_STRING_NDEF_it;
-+		ASN1_OCTET_STRING_NDEF_it;
 +		STORE_delete_public_key;
 +		STORE_get_public_key;
 +		STORE_modify_arbitrary;
@@ -3383,7 +3256,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		ENGINE_load_padlock;
 +		EC_GROUP_set_curve_name;
 +		X509_CERT_PAIR_it;
-+		X509_CERT_PAIR_it;
 +		STORE_meth_get_revoke_fn;
 +		STORE_method_get_revoke_function;
 +		STORE_method_set_get_function;
@@ -3510,7 +3382,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		pqueue_pop;
 +		STORE_ATTR_INFO_get0_cstr;
 +		POLICY_CONSTRAINTS_it;
-+		POLICY_CONSTRAINTS_it;
 +		STORE_get_ex_new_index;
 +		EVP_PKEY_get_attr_by_OBJ;
 +		X509_VERIFY_PARAM_add0_policy;
@@ -3558,8 +3429,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		STORE_modify_crl;
 +		STORE_list_private_key_start;
 +		POLICY_MAPPINGS_it;
-+		POLICY_MAPPINGS_it;
-+		GENERAL_SUBTREE_it;
 +		GENERAL_SUBTREE_it;
 +		EC_GROUP_get_curve_name;
 +		PEM_write_X509_CERT_PAIR;
@@ -3692,15 +3561,12 @@ Index: openssl-1.0.1d/openssl.ld
 +		BIO_set_callback_arg;
 +		v3_addr_add_prefix;
 +		IPAddressOrRange_it;
-+		IPAddressOrRange_it;
 +		BIO_set_flags;
 +		ASIdentifiers_it;
-+		ASIdentifiers_it;
 +		v3_addr_get_range;
 +		BIO_method_type;
 +		v3_addr_inherits;
 +		IPAddressChoice_it;
-+		IPAddressChoice_it;
 +		AES_ige_encrypt;
 +		v3_addr_add_range;
 +		EVP_CIPHER_CTX_nid;
@@ -3721,7 +3587,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		BIO_clear_flags;
 +		i2d_ASRange;
 +		IPAddressRange_it;
-+		IPAddressRange_it;
 +		IPAddressChoice_new;
 +		ASIdentifierChoice_new;
 +		ASRange_free;
@@ -3742,7 +3607,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		BIO_test_flags;
 +		i2d_ASIdentifierChoice;
 +		ASRange_it;
-+		ASRange_it;
 +		d2i_ASIdentifiers;
 +		ASRange_new;
 +		d2i_IPAddressChoice;
@@ -3751,7 +3615,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		EVP_Cipher;
 +		i2d_IPAddressOrRange;
 +		ASIdOrRange_it;
-+		ASIdOrRange_it;
 +		EVP_CIPHER_nid;
 +		i2d_IPAddressChoice;
 +		EVP_CIPHER_CTX_block_size;
@@ -3762,7 +3625,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		v3_addr_is_canonical;
 +		i2d_IPAddressRange;
 +		IPAddressFamily_it;
-+		IPAddressFamily_it;
 +		v3_asid_inherits;
 +		EVP_CIPHER_CTX_cipher;
 +		EVP_CIPHER_CTX_get_app_data;
@@ -3772,7 +3634,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		d2i_IPAddressOrRange;
 +		v3_addr_canonize;
 +		ASIdentifierChoice_it;
-+		ASIdentifierChoice_it;
 +		EVP_MD_CTX_md;
 +		d2i_ASIdentifierChoice;
 +		BIO_method_name;
@@ -3795,7 +3656,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		SEED_set_key;
 +		EVP_seed_cfb128;
 +		X509_EXTENSIONS_it;
-+		X509_EXTENSIONS_it;
 +		X509_get1_ocsp;
 +		OCSP_REQ_CTX_free;
 +		i2d_X509_EXTENSIONS;
@@ -3803,7 +3663,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		OCSP_sendreq_new;
 +		d2i_X509_EXTENSIONS;
 +		X509_ALGORS_it;
-+		X509_ALGORS_it;
 +		X509_ALGOR_get0;
 +		X509_ALGOR_set0;
 +		AES_unwrap_key;
@@ -3848,7 +3707,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		CMS_SignerInfo_verify;
 +		CMS_data;
 +		CMS_ContentInfo_it;
-+		CMS_ContentInfo_it;
 +		d2i_CMS_ReceiptRequest;
 +		CMS_compress;
 +		CMS_digest_create;
@@ -3893,7 +3751,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		CMS_RecipientInfo_kekri_get0_id;
 +		CMS_verify_receipt;
 +		CMS_ReceiptRequest_it;
-+		CMS_ReceiptRequest_it;
 +		PEM_read_bio_CMS;
 +		CMS_get1_crls;
 +		CMS_add0_recipient_key;
@@ -4032,7 +3889,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		TS_REQ_dup;
 +		GENERAL_NAME_dup;
 +		ASN1_SEQUENCE_ANY_it;
-+		ASN1_SEQUENCE_ANY_it;
 +		WHIRLPOOL;
 +		X509_STORE_get1_crls;
 +		ENGINE_get_pkey_asn1_meth;
@@ -4103,7 +3959,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		DIST_POINT_set_dpname;
 +		i2d_ISSUING_DIST_POINT;
 +		ASN1_SET_ANY_it;
-+		ASN1_SET_ANY_it;
 +		EVP_PKEY_CTX_get_data;
 +		TS_STATUS_INFO_print_bio;
 +		EVP_PKEY_derive_init;
@@ -4263,7 +4118,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		EVP_DigestSignFinal;
 +		TS_RESP_CTX_set_def_policy;
 +		NETSCAPE_X509_it;
-+		NETSCAPE_X509_it;
 +		TS_RESP_create_response;
 +		PKCS7_SIGNER_INFO_get0_algs;
 +		TS_TST_INFO_get_nonce;
@@ -4322,7 +4176,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		EVP_CIPHER_do_all_sorted;
 +		EVP_PKEY_CTX_free;
 +		ISSUING_DIST_POINT_it;
-+		ISSUING_DIST_POINT_it;
 +		d2i_TS_MSG_IMPRINT_fp;
 +		X509_STORE_get1_certs;
 +		EVP_PKEY_CTX_get_operation;
@@ -4615,7 +4468,6 @@ Index: openssl-1.0.1d/openssl.ld
 +		X509_signature_dump;
 +		d2i_RSA_PSS_PARAMS;
 +		RSA_PSS_PARAMS_it;
-+		RSA_PSS_PARAMS_it;
 +		RSA_PSS_PARAMS_free;
 +		X509_sign_ctx;
 +		i2d_RSA_PSS_PARAMS;
@@ -4638,10 +4490,151 @@ Index: openssl-1.0.1d/openssl.ld
 +		CRYPTO_memcmp;
 +} OPENSSL_1.0.1;
 +
-Index: openssl-1.0.1d/engines/openssl.ld
++OPENSSL_1.0.2 {
++	global:
++		SSL_CTX_set_alpn_protos;
++		SSL_set_alpn_protos;
++		SSL_CTX_set_alpn_select_cb;
++		SSL_get0_alpn_selected;
++		SSL_CTX_set_custom_cli_ext;
++		SSL_CTX_set_custom_srv_ext;
++		SSL_CTX_set_srv_supp_data;
++		SSL_CTX_set_cli_supp_data;
++		SSL_set_cert_cb;
++		SSL_CTX_use_serverinfo;
++		SSL_CTX_use_serverinfo_file;
++		SSL_CTX_set_cert_cb;
++		SSL_CTX_get0_param;
++		SSL_get0_param;
++		SSL_certs_clear;
++		DTLSv1_2_method;
++		DTLSv1_2_server_method;
++		DTLSv1_2_client_method;
++		DTLS_method;
++		DTLS_server_method;
++		DTLS_client_method;
++		SSL_CTX_get_ssl_method;
++		SSL_CTX_get0_certificate;
++		SSL_CTX_get0_privatekey;
++		SSL_COMP_set0_compression_methods;
++		SSL_COMP_free_compression_methods;
++		SSL_CIPHER_find;
++		SSL_is_server;
++		SSL_CONF_CTX_new;
++		SSL_CONF_CTX_finish;
++		SSL_CONF_CTX_free;
++		SSL_CONF_CTX_set_flags;
++		SSL_CONF_CTX_clear_flags;
++		SSL_CONF_CTX_set1_prefix;
++		SSL_CONF_CTX_set_ssl;
++		SSL_CONF_CTX_set_ssl_ctx;
++		SSL_CONF_cmd;
++		SSL_CONF_cmd_argv;
++		SSL_CONF_cmd_value_type;
++		SSL_trace;
++		SSL_CIPHER_standard_name;
++		SSL_get_tlsa_record_byname;
++		ASN1_TIME_diff;
++		BIO_hex_string;
++		CMS_RecipientInfo_get0_pkey_ctx;
++		CMS_RecipientInfo_encrypt;
++		CMS_SignerInfo_get0_pkey_ctx;
++		CMS_SignerInfo_get0_md_ctx;
++		CMS_SignerInfo_get0_signature;
++		CMS_RecipientInfo_kari_get0_alg;
++		CMS_RecipientInfo_kari_get0_reks;
++		CMS_RecipientInfo_kari_get0_orig_id;
++		CMS_RecipientInfo_kari_orig_id_cmp;
++		CMS_RecipientEncryptedKey_get0_id;
++		CMS_RecipientEncryptedKey_cert_cmp;
++		CMS_RecipientInfo_kari_set0_pkey;
++		CMS_RecipientInfo_kari_get0_ctx;
++		CMS_RecipientInfo_kari_decrypt;
++		CMS_SharedInfo_encode;
++		DH_compute_key_padded;
++		d2i_DHxparams;
++		i2d_DHxparams;
++		DH_get_1024_160;
++		DH_get_2048_224;
++		DH_get_2048_256;
++		DH_KDF_X9_42;
++		ECDH_KDF_X9_62;
++		ECDSA_METHOD_new;
++		ECDSA_METHOD_free;
++		ECDSA_METHOD_set_app_data;
++		ECDSA_METHOD_get_app_data;
++		ECDSA_METHOD_set_sign;
++		ECDSA_METHOD_set_sign_setup;
++		ECDSA_METHOD_set_verify;
++		ECDSA_METHOD_set_flags;
++		ECDSA_METHOD_set_name;
++		EVP_des_ede3_wrap;
++		EVP_aes_128_wrap;
++		EVP_aes_192_wrap;
++		EVP_aes_256_wrap;
++		EVP_aes_128_cbc_hmac_sha256;
++		EVP_aes_256_cbc_hmac_sha256;
++		CRYPTO_128_wrap;
++		CRYPTO_128_unwrap;
++		OCSP_REQ_CTX_nbio;
++		OCSP_REQ_CTX_new;
++		OCSP_set_max_response_length;
++		OCSP_REQ_CTX_i2d;
++		OCSP_REQ_CTX_nbio_d2i;
++		OCSP_REQ_CTX_get0_mem_bio;
++		OCSP_REQ_CTX_http;
++		RSA_padding_add_PKCS1_OAEP_mgf1;
++		RSA_padding_check_PKCS1_OAEP_mgf1;
++		RSA_OAEP_PARAMS_free;
++		RSA_OAEP_PARAMS_it;
++		RSA_OAEP_PARAMS_new;
++		SSL_get_sigalgs;
++		SSL_get_shared_sigalgs;
++		SSL_check_chain;
++		X509_chain_up_ref;
++		X509_http_nbio;
++		X509_CRL_http_nbio;
++		X509_REVOKED_dup;
++		i2d_re_X509_tbs;
++		X509_get0_signature;
++		X509_get_signature_nid;
++		X509_CRL_diff;
++		X509_chain_check_suiteb;
++		X509_CRL_check_suiteb;
++		X509_check_host;
++		X509_check_email;
++		X509_check_ip;
++		X509_check_ip_asc;
++		X509_STORE_set_lookup_crls_cb;
++		X509_STORE_CTX_get0_store;
++		X509_VERIFY_PARAM_set1_host;
++		X509_VERIFY_PARAM_add1_host;
++		X509_VERIFY_PARAM_set_hostflags;
++		X509_VERIFY_PARAM_get0_peername;
++		X509_VERIFY_PARAM_set1_email;
++		X509_VERIFY_PARAM_set1_ip;
++		X509_VERIFY_PARAM_set1_ip_asc;
++		X509_VERIFY_PARAM_get0_name;
++		X509_VERIFY_PARAM_get_count;
++		X509_VERIFY_PARAM_get0;
++		X509V3_EXT_free;
++		EC_GROUP_get_mont_data;
++		EC_curve_nid2nist;
++		EC_curve_nist2nid;
++		PEM_write_bio_DHxparams;
++		PEM_write_DHxparams;
++		SSL_CTX_add_client_custom_ext;
++		SSL_CTX_add_server_custom_ext;
++		SSL_extension_supported;
++		BUF_strnlen;
++		sk_deep_copy;
++		SSL_test_functions;
++} OPENSSL_1.0.1d;
++
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
 ===================================================================
 --- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.1d/engines/openssl.ld	2013-02-06 19:41:43.000000000 +0100
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld	2014-02-24 21:02:30.000000000 +0100
 @@ -0,0 +1,10 @@
 +OPENSSL_1.0.0 {
 +	global:
@@ -4653,10 +4646,10 @@ Index: openssl-1.0.1d/engines/openssl.ld
 +		*;
 +};
 +
-Index: openssl-1.0.1d/engines/ccgost/openssl.ld
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld
 ===================================================================
 --- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.1d/engines/ccgost/openssl.ld	2013-02-06 19:41:43.000000000 +0100
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld	2014-02-24 21:02:30.000000000 +0100
 @@ -0,0 +1,10 @@
 +OPENSSL_1.0.0 {
 +	global:
diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/block_digicert_malaysia.patch b/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/block_digicert_malaysia.patch
new file mode 100644
index 0000000..c43bcd1
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/block_digicert_malaysia.patch
@@ -0,0 +1,29 @@
+From: Raphael Geissert <geissert at debian.org>
+Description: make X509_verify_cert indicate that any certificate whose
+ name contains "Digicert Sdn. Bhd." (from Malaysia) is revoked.
+Forwarded: not-needed
+Origin: vendor
+Last-Update: 2011-11-05
+
+Upstream-Status: Backport [debian]
+
+
+Index: openssl-1.0.2~beta1/crypto/x509/x509_vfy.c
+===================================================================
+--- openssl-1.0.2~beta1.orig/crypto/x509/x509_vfy.c	2014-02-25 00:16:12.488028844 +0100
++++ openssl-1.0.2~beta1/crypto/x509/x509_vfy.c	2014-02-25 00:16:12.484028929 +0100
+@@ -964,10 +964,11 @@
+ 	for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
+ 		{
+ 		x = sk_X509_value(ctx->chain, i);
+-		/* Mark DigiNotar certificates as revoked, no matter
+-		 * where in the chain they are.
++		/* Mark certificates containing the following names as
++		 * revoked, no matter where in the chain they are.
+ 		 */
+-		if (x->name && strstr(x->name, "DigiNotar"))
++		if (x->name && (strstr(x->name, "DigiNotar") ||
++			strstr(x->name, "Digicert Sdn. Bhd.")))
+ 			{
+ 			ctx->error = X509_V_ERR_CERT_REVOKED;
+ 			ctx->error_depth = i;
diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/block_diginotar.patch b/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/block_diginotar.patch
new file mode 100644
index 0000000..d81e22c
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/block_diginotar.patch
@@ -0,0 +1,68 @@
+From: Raphael Geissert <geissert at debian.org>
+Description: make X509_verify_cert indicate that any certificate whose
+ name contains "DigiNotar" is revoked.
+Forwarded: not-needed
+Origin: vendor
+Last-Update: 2011-09-08
+Bug: http://bugs.debian.org/639744
+Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
+Reviewed-by: Dr Stephen N Henson <shenson at drh-consultancy.co.uk>
+
+This is not meant as final patch.  
+
+Upstream-Status: Backport [debian]
+
+Signed-off-by: Armin Kuster <akuster at mvista.com>
+
+Index: openssl-1.0.2g/crypto/x509/x509_vfy.c
+===================================================================
+--- openssl-1.0.2g.orig/crypto/x509/x509_vfy.c
++++ openssl-1.0.2g/crypto/x509/x509_vfy.c
+@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c
+ static int check_revocation(X509_STORE_CTX *ctx);
+ static int check_cert(X509_STORE_CTX *ctx);
+ static int check_policy(X509_STORE_CTX *ctx);
++static int check_ca_blacklist(X509_STORE_CTX *ctx);
+ 
+ static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
+                          unsigned int *preasons, X509_CRL *crl, X509 *x);
+@@ -489,6 +490,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
+     if (!ok)
+         goto err;
+ 
++	ok = check_ca_blacklist(ctx);
++	if(!ok) goto err;
++
+ #ifndef OPENSSL_NO_RFC3779
+     /* RFC 3779 path validation, now that CRL check has been done */
+     ok = v3_asid_validate_path(ctx);
+@@ -996,6 +1000,29 @@ static int check_crl_time(X509_STORE_CTX
+     return 1;
+ }
+ 
++static int check_ca_blacklist(X509_STORE_CTX *ctx)
++	{
++	X509 *x;
++	int i;
++	/* Check all certificates against the blacklist */
++	for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
++		{
++		x = sk_X509_value(ctx->chain, i);
++		/* Mark DigiNotar certificates as revoked, no matter
++		 * where in the chain they are.
++		 */
++		if (x->name && strstr(x->name, "DigiNotar"))
++			{
++			ctx->error = X509_V_ERR_CERT_REVOKED;
++			ctx->error_depth = i;
++			ctx->current_cert = x;
++			if (!ctx->verify_cb(0,ctx))
++				return 0;
++			}
++		}
++	return 1;
++	}
++
+ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
+                       X509 **pissuer, int *pscore, unsigned int *preasons,
+                       STACK_OF(X509_CRL) *crls)
diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/version-script.patch b/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/version-script.patch
new file mode 100644
index 0000000..29f11a2
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/version-script.patch
@@ -0,0 +1,4656 @@
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure
+===================================================================
+--- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure	2014-02-24 21:02:30.000000000 +0100
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure	2014-02-24 21:02:30.000000000 +0100
+@@ -1651,6 +1651,8 @@
+ 		}
+ 	}
+ 
++$shared_ldflag .= " -Wl,--version-script=openssl.ld";
++
+ open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
+ unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
+ open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld	2014-02-24 22:19:08.601827266 +0100
+@@ -0,0 +1,4608 @@
++OPENSSL_1.0.2d {
++	global:
++		BIO_f_ssl;
++		BIO_new_buffer_ssl_connect;
++		BIO_new_ssl;
++		BIO_new_ssl_connect;
++		BIO_proxy_ssl_copy_session_id;
++		BIO_ssl_copy_session_id;
++		BIO_ssl_shutdown;
++		d2i_SSL_SESSION;
++		DTLSv1_client_method;
++		DTLSv1_method;
++		DTLSv1_server_method;
++		ERR_load_SSL_strings;
++		i2d_SSL_SESSION;
++		kssl_build_principal_2;
++		kssl_cget_tkt;
++		kssl_check_authent;
++		kssl_ctx_free;
++		kssl_ctx_new;
++		kssl_ctx_setkey;
++		kssl_ctx_setprinc;
++		kssl_ctx_setstring;
++		kssl_ctx_show;
++		kssl_err_set;
++		kssl_krb5_free_data_contents;
++		kssl_sget_tkt;
++		kssl_skip_confound;
++		kssl_validate_times;
++		PEM_read_bio_SSL_SESSION;
++		PEM_read_SSL_SESSION;
++		PEM_write_bio_SSL_SESSION;
++		PEM_write_SSL_SESSION;
++		SSL_accept;
++		SSL_add_client_CA;
++		SSL_add_dir_cert_subjects_to_stack;
++		SSL_add_dir_cert_subjs_to_stk;
++		SSL_add_file_cert_subjects_to_stack;
++		SSL_add_file_cert_subjs_to_stk;
++		SSL_alert_desc_string;
++		SSL_alert_desc_string_long;
++		SSL_alert_type_string;
++		SSL_alert_type_string_long;
++		SSL_callback_ctrl;
++		SSL_check_private_key;
++		SSL_CIPHER_description;
++		SSL_CIPHER_get_bits;
++		SSL_CIPHER_get_name;
++		SSL_CIPHER_get_version;
++		SSL_clear;
++		SSL_COMP_add_compression_method;
++		SSL_COMP_get_compression_methods;
++		SSL_COMP_get_compress_methods;
++		SSL_COMP_get_name;
++		SSL_connect;
++		SSL_copy_session_id;
++		SSL_ctrl;
++		SSL_CTX_add_client_CA;
++		SSL_CTX_add_session;
++		SSL_CTX_callback_ctrl;
++		SSL_CTX_check_private_key;
++		SSL_CTX_ctrl;
++		SSL_CTX_flush_sessions;
++		SSL_CTX_free;
++		SSL_CTX_get_cert_store;
++		SSL_CTX_get_client_CA_list;
++		SSL_CTX_get_client_cert_cb;
++		SSL_CTX_get_ex_data;
++		SSL_CTX_get_ex_new_index;
++		SSL_CTX_get_info_callback;
++		SSL_CTX_get_quiet_shutdown;
++		SSL_CTX_get_timeout;
++		SSL_CTX_get_verify_callback;
++		SSL_CTX_get_verify_depth;
++		SSL_CTX_get_verify_mode;
++		SSL_CTX_load_verify_locations;
++		SSL_CTX_new;
++		SSL_CTX_remove_session;
++		SSL_CTX_sess_get_get_cb;
++		SSL_CTX_sess_get_new_cb;
++		SSL_CTX_sess_get_remove_cb;
++		SSL_CTX_sessions;
++		SSL_CTX_sess_set_get_cb;
++		SSL_CTX_sess_set_new_cb;
++		SSL_CTX_sess_set_remove_cb;
++		SSL_CTX_set1_param;
++		SSL_CTX_set_cert_store;
++		SSL_CTX_set_cert_verify_callback;
++		SSL_CTX_set_cert_verify_cb;
++		SSL_CTX_set_cipher_list;
++		SSL_CTX_set_client_CA_list;
++		SSL_CTX_set_client_cert_cb;
++		SSL_CTX_set_client_cert_engine;
++		SSL_CTX_set_cookie_generate_cb;
++		SSL_CTX_set_cookie_verify_cb;
++		SSL_CTX_set_default_passwd_cb;
++		SSL_CTX_set_default_passwd_cb_userdata;
++		SSL_CTX_set_default_verify_paths;
++		SSL_CTX_set_def_passwd_cb_ud;
++		SSL_CTX_set_def_verify_paths;
++		SSL_CTX_set_ex_data;
++		SSL_CTX_set_generate_session_id;
++		SSL_CTX_set_info_callback;
++		SSL_CTX_set_msg_callback;
++		SSL_CTX_set_psk_client_callback;
++		SSL_CTX_set_psk_server_callback;
++		SSL_CTX_set_purpose;
++		SSL_CTX_set_quiet_shutdown;
++		SSL_CTX_set_session_id_context;
++		SSL_CTX_set_ssl_version;
++		SSL_CTX_set_timeout;
++		SSL_CTX_set_tmp_dh_callback;
++		SSL_CTX_set_tmp_ecdh_callback;
++		SSL_CTX_set_tmp_rsa_callback;
++		SSL_CTX_set_trust;
++		SSL_CTX_set_verify;
++		SSL_CTX_set_verify_depth;
++		SSL_CTX_use_cert_chain_file;
++		SSL_CTX_use_certificate;
++		SSL_CTX_use_certificate_ASN1;
++		SSL_CTX_use_certificate_chain_file;
++		SSL_CTX_use_certificate_file;
++		SSL_CTX_use_PrivateKey;
++		SSL_CTX_use_PrivateKey_ASN1;
++		SSL_CTX_use_PrivateKey_file;
++		SSL_CTX_use_psk_identity_hint;
++		SSL_CTX_use_RSAPrivateKey;
++		SSL_CTX_use_RSAPrivateKey_ASN1;
++		SSL_CTX_use_RSAPrivateKey_file;
++		SSL_do_handshake;
++		SSL_dup;
++		SSL_dup_CA_list;
++		SSLeay_add_ssl_algorithms;
++		SSL_free;
++		SSL_get1_session;
++		SSL_get_certificate;
++		SSL_get_cipher_list;
++		SSL_get_ciphers;
++		SSL_get_client_CA_list;
++		SSL_get_current_cipher;
++		SSL_get_current_compression;
++		SSL_get_current_expansion;
++		SSL_get_default_timeout;
++		SSL_get_error;
++		SSL_get_ex_data;
++		SSL_get_ex_data_X509_STORE_CTX_idx;
++		SSL_get_ex_d_X509_STORE_CTX_idx;
++		SSL_get_ex_new_index;
++		SSL_get_fd;
++		SSL_get_finished;
++		SSL_get_info_callback;
++		SSL_get_peer_cert_chain;
++		SSL_get_peer_certificate;
++		SSL_get_peer_finished;
++		SSL_get_privatekey;
++		SSL_get_psk_identity;
++		SSL_get_psk_identity_hint;
++		SSL_get_quiet_shutdown;
++		SSL_get_rbio;
++		SSL_get_read_ahead;
++		SSL_get_rfd;
++		SSL_get_servername;
++		SSL_get_servername_type;
++		SSL_get_session;
++		SSL_get_shared_ciphers;
++		SSL_get_shutdown;
++		SSL_get_SSL_CTX;
++		SSL_get_ssl_method;
++		SSL_get_verify_callback;
++		SSL_get_verify_depth;
++		SSL_get_verify_mode;
++		SSL_get_verify_result;
++		SSL_get_version;
++		SSL_get_wbio;
++		SSL_get_wfd;
++		SSL_has_matching_session_id;
++		SSL_library_init;
++		SSL_load_client_CA_file;
++		SSL_load_error_strings;
++		SSL_new;
++		SSL_peek;
++		SSL_pending;
++		SSL_read;
++		SSL_renegotiate;
++		SSL_renegotiate_pending;
++		SSL_rstate_string;
++		SSL_rstate_string_long;
++		SSL_SESSION_cmp;
++		SSL_SESSION_free;
++		SSL_SESSION_get_ex_data;
++		SSL_SESSION_get_ex_new_index;
++		SSL_SESSION_get_id;
++		SSL_SESSION_get_time;
++		SSL_SESSION_get_timeout;
++		SSL_SESSION_hash;
++		SSL_SESSION_new;
++		SSL_SESSION_print;
++		SSL_SESSION_print_fp;
++		SSL_SESSION_set_ex_data;
++		SSL_SESSION_set_time;
++		SSL_SESSION_set_timeout;
++		SSL_set1_param;
++		SSL_set_accept_state;
++		SSL_set_bio;
++		SSL_set_cipher_list;
++		SSL_set_client_CA_list;
++		SSL_set_connect_state;
++		SSL_set_ex_data;
++		SSL_set_fd;
++		SSL_set_generate_session_id;
++		SSL_set_info_callback;
++		SSL_set_msg_callback;
++		SSL_set_psk_client_callback;
++		SSL_set_psk_server_callback;
++		SSL_set_purpose;
++		SSL_set_quiet_shutdown;
++		SSL_set_read_ahead;
++		SSL_set_rfd;
++		SSL_set_session;
++		SSL_set_session_id_context;
++		SSL_set_session_secret_cb;
++		SSL_set_session_ticket_ext;
++		SSL_set_session_ticket_ext_cb;
++		SSL_set_shutdown;
++		SSL_set_SSL_CTX;
++		SSL_set_ssl_method;
++		SSL_set_tmp_dh_callback;
++		SSL_set_tmp_ecdh_callback;
++		SSL_set_tmp_rsa_callback;
++		SSL_set_trust;
++		SSL_set_verify;
++		SSL_set_verify_depth;
++		SSL_set_verify_result;
++		SSL_set_wfd;
++		SSL_shutdown;
++		SSL_state;
++		SSL_state_string;
++		SSL_state_string_long;
++		SSL_use_certificate;
++		SSL_use_certificate_ASN1;
++		SSL_use_certificate_file;
++		SSL_use_PrivateKey;
++		SSL_use_PrivateKey_ASN1;
++		SSL_use_PrivateKey_file;
++		SSL_use_psk_identity_hint;
++		SSL_use_RSAPrivateKey;
++		SSL_use_RSAPrivateKey_ASN1;
++		SSL_use_RSAPrivateKey_file;
++		SSLv23_client_method;
++		SSLv23_method;
++		SSLv23_server_method;
++		SSLv2_client_method;
++		SSLv2_method;
++		SSLv2_server_method;
++		SSLv3_client_method;
++		SSLv3_method;
++		SSLv3_server_method;
++		SSL_version;
++		SSL_want;
++		SSL_write;
++		TLSv1_client_method;
++		TLSv1_method;
++		TLSv1_server_method;
++
++
++		SSLeay;
++		SSLeay_version;
++		ASN1_BIT_STRING_asn1_meth;
++		ASN1_HEADER_free;
++		ASN1_HEADER_new;
++		ASN1_IA5STRING_asn1_meth;
++		ASN1_INTEGER_get;
++		ASN1_INTEGER_set;
++		ASN1_INTEGER_to_BN;
++		ASN1_OBJECT_create;
++		ASN1_OBJECT_free;
++		ASN1_OBJECT_new;
++		ASN1_PRINTABLE_type;
++		ASN1_STRING_cmp;
++		ASN1_STRING_dup;
++		ASN1_STRING_free;
++		ASN1_STRING_new;
++		ASN1_STRING_print;
++		ASN1_STRING_set;
++		ASN1_STRING_type_new;
++		ASN1_TYPE_free;
++		ASN1_TYPE_new;
++		ASN1_UNIVERSALSTRING_to_string;
++		ASN1_UTCTIME_check;
++		ASN1_UTCTIME_print;
++		ASN1_UTCTIME_set;
++		ASN1_check_infinite_end;
++		ASN1_d2i_bio;
++		ASN1_d2i_fp;
++		ASN1_digest;
++		ASN1_dup;
++		ASN1_get_object;
++		ASN1_i2d_bio;
++		ASN1_i2d_fp;
++		ASN1_object_size;
++		ASN1_parse;
++		ASN1_put_object;
++		ASN1_sign;
++		ASN1_verify;
++		BF_cbc_encrypt;
++		BF_cfb64_encrypt;
++		BF_ecb_encrypt;
++		BF_encrypt;
++		BF_ofb64_encrypt;
++		BF_options;
++		BF_set_key;
++		BIO_CONNECT_free;
++		BIO_CONNECT_new;
++		BIO_accept;
++		BIO_ctrl;
++		BIO_int_ctrl;
++		BIO_debug_callback;
++		BIO_dump;
++		BIO_dup_chain;
++		BIO_f_base64;
++		BIO_f_buffer;
++		BIO_f_cipher;
++		BIO_f_md;
++		BIO_f_null;
++		BIO_f_proxy_server;
++		BIO_fd_non_fatal_error;
++		BIO_fd_should_retry;
++		BIO_find_type;
++		BIO_free;
++		BIO_free_all;
++		BIO_get_accept_socket;
++		BIO_get_filter_bio;
++		BIO_get_host_ip;
++		BIO_get_port;
++		BIO_get_retry_BIO;
++		BIO_get_retry_reason;
++		BIO_gethostbyname;
++		BIO_gets;
++		BIO_new;
++		BIO_new_accept;
++		BIO_new_connect;
++		BIO_new_fd;
++		BIO_new_file;
++		BIO_new_fp;
++		BIO_new_socket;
++		BIO_pop;
++		BIO_printf;
++		BIO_push;
++		BIO_puts;
++		BIO_read;
++		BIO_s_accept;
++		BIO_s_connect;
++		BIO_s_fd;
++		BIO_s_file;
++		BIO_s_mem;
++		BIO_s_null;
++		BIO_s_proxy_client;
++		BIO_s_socket;
++		BIO_set;
++		BIO_set_cipher;
++		BIO_set_tcp_ndelay;
++		BIO_sock_cleanup;
++		BIO_sock_error;
++		BIO_sock_init;
++		BIO_sock_non_fatal_error;
++		BIO_sock_should_retry;
++		BIO_socket_ioctl;
++		BIO_write;
++		BN_CTX_free;
++		BN_CTX_new;
++		BN_MONT_CTX_free;
++		BN_MONT_CTX_new;
++		BN_MONT_CTX_set;
++		BN_add;
++		BN_add_word;
++		BN_hex2bn;
++		BN_bin2bn;
++		BN_bn2hex;
++		BN_bn2bin;
++		BN_clear;
++		BN_clear_bit;
++		BN_clear_free;
++		BN_cmp;
++		BN_copy;
++		BN_div;
++		BN_div_word;
++		BN_dup;
++		BN_free;
++		BN_from_montgomery;
++		BN_gcd;
++		BN_generate_prime;
++		BN_get_word;
++		BN_is_bit_set;
++		BN_is_prime;
++		BN_lshift;
++		BN_lshift1;
++		BN_mask_bits;
++		BN_mod;
++		BN_mod_exp;
++		BN_mod_exp_mont;
++		BN_mod_exp_simple;
++		BN_mod_inverse;
++		BN_mod_mul;
++		BN_mod_mul_montgomery;
++		BN_mod_word;
++		BN_mul;
++		BN_new;
++		BN_num_bits;
++		BN_num_bits_word;
++		BN_options;
++		BN_print;
++		BN_print_fp;
++		BN_rand;
++		BN_reciprocal;
++		BN_rshift;
++		BN_rshift1;
++		BN_set_bit;
++		BN_set_word;
++		BN_sqr;
++		BN_sub;
++		BN_to_ASN1_INTEGER;
++		BN_ucmp;
++		BN_value_one;
++		BUF_MEM_free;
++		BUF_MEM_grow;
++		BUF_MEM_new;
++		BUF_strdup;
++		CONF_free;
++		CONF_get_number;
++		CONF_get_section;
++		CONF_get_string;
++		CONF_load;
++		CRYPTO_add_lock;
++		CRYPTO_dbg_free;
++		CRYPTO_dbg_malloc;
++		CRYPTO_dbg_realloc;
++		CRYPTO_dbg_remalloc;
++		CRYPTO_free;
++		CRYPTO_get_add_lock_callback;
++		CRYPTO_get_id_callback;
++		CRYPTO_get_lock_name;
++		CRYPTO_get_locking_callback;
++		CRYPTO_get_mem_functions;
++		CRYPTO_lock;
++		CRYPTO_malloc;
++		CRYPTO_mem_ctrl;
++		CRYPTO_mem_leaks;
++		CRYPTO_mem_leaks_cb;
++		CRYPTO_mem_leaks_fp;
++		CRYPTO_realloc;
++		CRYPTO_remalloc;
++		CRYPTO_set_add_lock_callback;
++		CRYPTO_set_id_callback;
++		CRYPTO_set_locking_callback;
++		CRYPTO_set_mem_functions;
++		CRYPTO_thread_id;
++		DH_check;
++		DH_compute_key;
++		DH_free;
++		DH_generate_key;
++		DH_generate_parameters;
++		DH_new;
++		DH_size;
++		DHparams_print;
++		DHparams_print_fp;
++		DSA_free;
++		DSA_generate_key;
++		DSA_generate_parameters;
++		DSA_is_prime;
++		DSA_new;
++		DSA_print;
++		DSA_print_fp;
++		DSA_sign;
++		DSA_sign_setup;
++		DSA_size;
++		DSA_verify;
++		DSAparams_print;
++		DSAparams_print_fp;
++		ERR_clear_error;
++		ERR_error_string;
++		ERR_free_strings;
++		ERR_func_error_string;
++		ERR_get_err_state_table;
++		ERR_get_error;
++		ERR_get_error_line;
++		ERR_get_state;
++		ERR_get_string_table;
++		ERR_lib_error_string;
++		ERR_load_ASN1_strings;
++		ERR_load_BIO_strings;
++		ERR_load_BN_strings;
++		ERR_load_BUF_strings;
++		ERR_load_CONF_strings;
++		ERR_load_DH_strings;
++		ERR_load_DSA_strings;
++		ERR_load_ERR_strings;
++		ERR_load_EVP_strings;
++		ERR_load_OBJ_strings;
++		ERR_load_PEM_strings;
++		ERR_load_PROXY_strings;
++		ERR_load_RSA_strings;
++		ERR_load_X509_strings;
++		ERR_load_crypto_strings;
++		ERR_load_strings;
++		ERR_peek_error;
++		ERR_peek_error_line;
++		ERR_print_errors;
++		ERR_print_errors_fp;
++		ERR_put_error;
++		ERR_reason_error_string;
++		ERR_remove_state;
++		EVP_BytesToKey;
++		EVP_CIPHER_CTX_cleanup;
++		EVP_CipherFinal;
++		EVP_CipherInit;
++		EVP_CipherUpdate;
++		EVP_DecodeBlock;
++		EVP_DecodeFinal;
++		EVP_DecodeInit;
++		EVP_DecodeUpdate;
++		EVP_DecryptFinal;
++		EVP_DecryptInit;
++		EVP_DecryptUpdate;
++		EVP_DigestFinal;
++		EVP_DigestInit;
++		EVP_DigestUpdate;
++		EVP_EncodeBlock;
++		EVP_EncodeFinal;
++		EVP_EncodeInit;
++		EVP_EncodeUpdate;
++		EVP_EncryptFinal;
++		EVP_EncryptInit;
++		EVP_EncryptUpdate;
++		EVP_OpenFinal;
++		EVP_OpenInit;
++		EVP_PKEY_assign;
++		EVP_PKEY_copy_parameters;
++		EVP_PKEY_free;
++		EVP_PKEY_missing_parameters;
++		EVP_PKEY_new;
++		EVP_PKEY_save_parameters;
++		EVP_PKEY_size;
++		EVP_PKEY_type;
++		EVP_SealFinal;
++		EVP_SealInit;
++		EVP_SignFinal;
++		EVP_VerifyFinal;
++		EVP_add_alias;
++		EVP_add_cipher;
++		EVP_add_digest;
++		EVP_bf_cbc;
++		EVP_bf_cfb64;
++		EVP_bf_ecb;
++		EVP_bf_ofb;
++		EVP_cleanup;
++		EVP_des_cbc;
++		EVP_des_cfb64;
++		EVP_des_ecb;
++		EVP_des_ede;
++		EVP_des_ede3;
++		EVP_des_ede3_cbc;
++		EVP_des_ede3_cfb64;
++		EVP_des_ede3_ofb;
++		EVP_des_ede_cbc;
++		EVP_des_ede_cfb64;
++		EVP_des_ede_ofb;
++		EVP_des_ofb;
++		EVP_desx_cbc;
++		EVP_dss;
++		EVP_dss1;
++		EVP_enc_null;
++		EVP_get_cipherbyname;
++		EVP_get_digestbyname;
++		EVP_get_pw_prompt;
++		EVP_idea_cbc;
++		EVP_idea_cfb64;
++		EVP_idea_ecb;
++		EVP_idea_ofb;
++		EVP_md2;
++		EVP_md5;
++		EVP_md_null;
++		EVP_rc2_cbc;
++		EVP_rc2_cfb64;
++		EVP_rc2_ecb;
++		EVP_rc2_ofb;
++		EVP_rc4;
++		EVP_read_pw_string;
++		EVP_set_pw_prompt;
++		EVP_sha;
++		EVP_sha1;
++		MD2;
++		MD2_Final;
++		MD2_Init;
++		MD2_Update;
++		MD2_options;
++		MD5;
++		MD5_Final;
++		MD5_Init;
++		MD5_Update;
++		MDC2;
++		MDC2_Final;
++		MDC2_Init;
++		MDC2_Update;
++		NETSCAPE_SPKAC_free;
++		NETSCAPE_SPKAC_new;
++		NETSCAPE_SPKI_free;
++		NETSCAPE_SPKI_new;
++		NETSCAPE_SPKI_sign;
++		NETSCAPE_SPKI_verify;
++		OBJ_add_object;
++		OBJ_bsearch;
++		OBJ_cleanup;
++		OBJ_cmp;
++		OBJ_create;
++		OBJ_dup;
++		OBJ_ln2nid;
++		OBJ_new_nid;
++		OBJ_nid2ln;
++		OBJ_nid2obj;
++		OBJ_nid2sn;
++		OBJ_obj2nid;
++		OBJ_sn2nid;
++		OBJ_txt2nid;
++		PEM_ASN1_read;
++		PEM_ASN1_read_bio;
++		PEM_ASN1_write;
++		PEM_ASN1_write_bio;
++		PEM_SealFinal;
++		PEM_SealInit;
++		PEM_SealUpdate;
++		PEM_SignFinal;
++		PEM_SignInit;
++		PEM_SignUpdate;
++		PEM_X509_INFO_read;
++		PEM_X509_INFO_read_bio;
++		PEM_X509_INFO_write_bio;
++		PEM_dek_info;
++		PEM_do_header;
++		PEM_get_EVP_CIPHER_INFO;
++		PEM_proc_type;
++		PEM_read;
++		PEM_read_DHparams;
++		PEM_read_DSAPrivateKey;
++		PEM_read_DSAparams;
++		PEM_read_PKCS7;
++		PEM_read_PrivateKey;
++		PEM_read_RSAPrivateKey;
++		PEM_read_X509;
++		PEM_read_X509_CRL;
++		PEM_read_X509_REQ;
++		PEM_read_bio;
++		PEM_read_bio_DHparams;
++		PEM_read_bio_DSAPrivateKey;
++		PEM_read_bio_DSAparams;
++		PEM_read_bio_PKCS7;
++		PEM_read_bio_PrivateKey;
++		PEM_read_bio_RSAPrivateKey;
++		PEM_read_bio_X509;
++		PEM_read_bio_X509_CRL;
++		PEM_read_bio_X509_REQ;
++		PEM_write;
++		PEM_write_DHparams;
++		PEM_write_DSAPrivateKey;
++		PEM_write_DSAparams;
++		PEM_write_PKCS7;
++		PEM_write_PrivateKey;
++		PEM_write_RSAPrivateKey;
++		PEM_write_X509;
++		PEM_write_X509_CRL;
++		PEM_write_X509_REQ;
++		PEM_write_bio;
++		PEM_write_bio_DHparams;
++		PEM_write_bio_DSAPrivateKey;
++		PEM_write_bio_DSAparams;
++		PEM_write_bio_PKCS7;
++		PEM_write_bio_PrivateKey;
++		PEM_write_bio_RSAPrivateKey;
++		PEM_write_bio_X509;
++		PEM_write_bio_X509_CRL;
++		PEM_write_bio_X509_REQ;
++		PKCS7_DIGEST_free;
++		PKCS7_DIGEST_new;
++		PKCS7_ENCRYPT_free;
++		PKCS7_ENCRYPT_new;
++		PKCS7_ENC_CONTENT_free;
++		PKCS7_ENC_CONTENT_new;
++		PKCS7_ENVELOPE_free;
++		PKCS7_ENVELOPE_new;
++		PKCS7_ISSUER_AND_SERIAL_digest;
++		PKCS7_ISSUER_AND_SERIAL_free;
++		PKCS7_ISSUER_AND_SERIAL_new;
++		PKCS7_RECIP_INFO_free;
++		PKCS7_RECIP_INFO_new;
++		PKCS7_SIGNED_free;
++		PKCS7_SIGNED_new;
++		PKCS7_SIGNER_INFO_free;
++		PKCS7_SIGNER_INFO_new;
++		PKCS7_SIGN_ENVELOPE_free;
++		PKCS7_SIGN_ENVELOPE_new;
++		PKCS7_dup;
++		PKCS7_free;
++		PKCS7_new;
++		PROXY_ENTRY_add_noproxy;
++		PROXY_ENTRY_clear_noproxy;
++		PROXY_ENTRY_free;
++		PROXY_ENTRY_get_noproxy;
++		PROXY_ENTRY_new;
++		PROXY_ENTRY_set_server;
++		PROXY_add_noproxy;
++		PROXY_add_server;
++		PROXY_check_by_host;
++		PROXY_check_url;
++		PROXY_clear_noproxy;
++		PROXY_free;
++		PROXY_get_noproxy;
++		PROXY_get_proxies;
++		PROXY_get_proxy_entry;
++		PROXY_load_conf;
++		PROXY_new;
++		PROXY_print;
++		RAND_bytes;
++		RAND_cleanup;
++		RAND_file_name;
++		RAND_load_file;
++		RAND_screen;
++		RAND_seed;
++		RAND_write_file;
++		RC2_cbc_encrypt;
++		RC2_cfb64_encrypt;
++		RC2_ecb_encrypt;
++		RC2_encrypt;
++		RC2_ofb64_encrypt;
++		RC2_set_key;
++		RC4;
++		RC4_options;
++		RC4_set_key;
++		RSAPrivateKey_asn1_meth;
++		RSAPrivateKey_dup;
++		RSAPublicKey_dup;
++		RSA_PKCS1_SSLeay;
++		RSA_free;
++		RSA_generate_key;
++		RSA_new;
++		RSA_new_method;
++		RSA_print;
++		RSA_print_fp;
++		RSA_private_decrypt;
++		RSA_private_encrypt;
++		RSA_public_decrypt;
++		RSA_public_encrypt;
++		RSA_set_default_method;
++		RSA_sign;
++		RSA_sign_ASN1_OCTET_STRING;
++		RSA_size;
++		RSA_verify;
++		RSA_verify_ASN1_OCTET_STRING;
++		SHA;
++		SHA1;
++		SHA1_Final;
++		SHA1_Init;
++		SHA1_Update;
++		SHA_Final;
++		SHA_Init;
++		SHA_Update;
++		OpenSSL_add_all_algorithms;
++		OpenSSL_add_all_ciphers;
++		OpenSSL_add_all_digests;
++		TXT_DB_create_index;
++		TXT_DB_free;
++		TXT_DB_get_by_index;
++		TXT_DB_insert;
++		TXT_DB_read;
++		TXT_DB_write;
++		X509_ALGOR_free;
++		X509_ALGOR_new;
++		X509_ATTRIBUTE_free;
++		X509_ATTRIBUTE_new;
++		X509_CINF_free;
++		X509_CINF_new;
++		X509_CRL_INFO_free;
++		X509_CRL_INFO_new;
++		X509_CRL_add_ext;
++		X509_CRL_cmp;
++		X509_CRL_delete_ext;
++		X509_CRL_dup;
++		X509_CRL_free;
++		X509_CRL_get_ext;
++		X509_CRL_get_ext_by_NID;
++		X509_CRL_get_ext_by_OBJ;
++		X509_CRL_get_ext_by_critical;
++		X509_CRL_get_ext_count;
++		X509_CRL_new;
++		X509_CRL_sign;
++		X509_CRL_verify;
++		X509_EXTENSION_create_by_NID;
++		X509_EXTENSION_create_by_OBJ;
++		X509_EXTENSION_dup;
++		X509_EXTENSION_free;
++		X509_EXTENSION_get_critical;
++		X509_EXTENSION_get_data;
++		X509_EXTENSION_get_object;
++		X509_EXTENSION_new;
++		X509_EXTENSION_set_critical;
++		X509_EXTENSION_set_data;
++		X509_EXTENSION_set_object;
++		X509_INFO_free;
++		X509_INFO_new;
++		X509_LOOKUP_by_alias;
++		X509_LOOKUP_by_fingerprint;
++		X509_LOOKUP_by_issuer_serial;
++		X509_LOOKUP_by_subject;
++		X509_LOOKUP_ctrl;
++		X509_LOOKUP_file;
++		X509_LOOKUP_free;
++		X509_LOOKUP_hash_dir;
++		X509_LOOKUP_init;
++		X509_LOOKUP_new;
++		X509_LOOKUP_shutdown;
++		X509_NAME_ENTRY_create_by_NID;
++		X509_NAME_ENTRY_create_by_OBJ;
++		X509_NAME_ENTRY_dup;
++		X509_NAME_ENTRY_free;
++		X509_NAME_ENTRY_get_data;
++		X509_NAME_ENTRY_get_object;
++		X509_NAME_ENTRY_new;
++		X509_NAME_ENTRY_set_data;
++		X509_NAME_ENTRY_set_object;
++		X509_NAME_add_entry;
++		X509_NAME_cmp;
++		X509_NAME_delete_entry;
++		X509_NAME_digest;
++		X509_NAME_dup;
++		X509_NAME_entry_count;
++		X509_NAME_free;
++		X509_NAME_get_entry;
++		X509_NAME_get_index_by_NID;
++		X509_NAME_get_index_by_OBJ;
++		X509_NAME_get_text_by_NID;
++		X509_NAME_get_text_by_OBJ;
++		X509_NAME_hash;
++		X509_NAME_new;
++		X509_NAME_oneline;
++		X509_NAME_print;
++		X509_NAME_set;
++		X509_OBJECT_free_contents;
++		X509_OBJECT_retrieve_by_subject;
++		X509_OBJECT_up_ref_count;
++		X509_PKEY_free;
++		X509_PKEY_new;
++		X509_PUBKEY_free;
++		X509_PUBKEY_get;
++		X509_PUBKEY_new;
++		X509_PUBKEY_set;
++		X509_REQ_INFO_free;
++		X509_REQ_INFO_new;
++		X509_REQ_dup;
++		X509_REQ_free;
++		X509_REQ_get_pubkey;
++		X509_REQ_new;
++		X509_REQ_print;
++		X509_REQ_print_fp;
++		X509_REQ_set_pubkey;
++		X509_REQ_set_subject_name;
++		X509_REQ_set_version;
++		X509_REQ_sign;
++		X509_REQ_to_X509;
++		X509_REQ_verify;
++		X509_REVOKED_add_ext;
++		X509_REVOKED_delete_ext;
++		X509_REVOKED_free;
++		X509_REVOKED_get_ext;
++		X509_REVOKED_get_ext_by_NID;
++		X509_REVOKED_get_ext_by_OBJ;
++		X509_REVOKED_get_ext_by_critical;
++		X509_REVOKED_get_ext_by_critic;
++		X509_REVOKED_get_ext_count;
++		X509_REVOKED_new;
++		X509_SIG_free;
++		X509_SIG_new;
++		X509_STORE_CTX_cleanup;
++		X509_STORE_CTX_init;
++		X509_STORE_add_cert;
++		X509_STORE_add_lookup;
++		X509_STORE_free;
++		X509_STORE_get_by_subject;
++		X509_STORE_load_locations;
++		X509_STORE_new;
++		X509_STORE_set_default_paths;
++		X509_VAL_free;
++		X509_VAL_new;
++		X509_add_ext;
++		X509_asn1_meth;
++		X509_certificate_type;
++		X509_check_private_key;
++		X509_cmp_current_time;
++		X509_delete_ext;
++		X509_digest;
++		X509_dup;
++		X509_free;
++		X509_get_default_cert_area;
++		X509_get_default_cert_dir;
++		X509_get_default_cert_dir_env;
++		X509_get_default_cert_file;
++		X509_get_default_cert_file_env;
++		X509_get_default_private_dir;
++		X509_get_ext;
++		X509_get_ext_by_NID;
++		X509_get_ext_by_OBJ;
++		X509_get_ext_by_critical;
++		X509_get_ext_count;
++		X509_get_issuer_name;
++		X509_get_pubkey;
++		X509_get_pubkey_parameters;
++		X509_get_serialNumber;
++		X509_get_subject_name;
++		X509_gmtime_adj;
++		X509_issuer_and_serial_cmp;
++		X509_issuer_and_serial_hash;
++		X509_issuer_name_cmp;
++		X509_issuer_name_hash;
++		X509_load_cert_file;
++		X509_new;
++		X509_print;
++		X509_print_fp;
++		X509_set_issuer_name;
++		X509_set_notAfter;
++		X509_set_notBefore;
++		X509_set_pubkey;
++		X509_set_serialNumber;
++		X509_set_subject_name;
++		X509_set_version;
++		X509_sign;
++		X509_subject_name_cmp;
++		X509_subject_name_hash;
++		X509_to_X509_REQ;
++		X509_verify;
++		X509_verify_cert;
++		X509_verify_cert_error_string;
++		X509v3_add_ext;
++		X509v3_add_extension;
++		X509v3_add_netscape_extensions;
++		X509v3_add_standard_extensions;
++		X509v3_cleanup_extensions;
++		X509v3_data_type_by_NID;
++		X509v3_data_type_by_OBJ;
++		X509v3_delete_ext;
++		X509v3_get_ext;
++		X509v3_get_ext_by_NID;
++		X509v3_get_ext_by_OBJ;
++		X509v3_get_ext_by_critical;
++		X509v3_get_ext_count;
++		X509v3_pack_string;
++		X509v3_pack_type_by_NID;
++		X509v3_pack_type_by_OBJ;
++		X509v3_unpack_string;
++		_des_crypt;
++		a2d_ASN1_OBJECT;
++		a2i_ASN1_INTEGER;
++		a2i_ASN1_STRING;
++		asn1_Finish;
++		asn1_GetSequence;
++		bn_div_words;
++		bn_expand2;
++		bn_mul_add_words;
++		bn_mul_words;
++		BN_uadd;
++		BN_usub;
++		bn_sqr_words;
++		_ossl_old_crypt;
++		d2i_ASN1_BIT_STRING;
++		d2i_ASN1_BOOLEAN;
++		d2i_ASN1_HEADER;
++		d2i_ASN1_IA5STRING;
++		d2i_ASN1_INTEGER;
++		d2i_ASN1_OBJECT;
++		d2i_ASN1_OCTET_STRING;
++		d2i_ASN1_PRINTABLE;
++		d2i_ASN1_PRINTABLESTRING;
++		d2i_ASN1_SET;
++		d2i_ASN1_T61STRING;
++		d2i_ASN1_TYPE;
++		d2i_ASN1_UTCTIME;
++		d2i_ASN1_bytes;
++		d2i_ASN1_type_bytes;
++		d2i_DHparams;
++		d2i_DSAPrivateKey;
++		d2i_DSAPrivateKey_bio;
++		d2i_DSAPrivateKey_fp;
++		d2i_DSAPublicKey;
++		d2i_DSAparams;
++		d2i_NETSCAPE_SPKAC;
++		d2i_NETSCAPE_SPKI;
++		d2i_Netscape_RSA;
++		d2i_PKCS7;
++		d2i_PKCS7_DIGEST;
++		d2i_PKCS7_ENCRYPT;
++		d2i_PKCS7_ENC_CONTENT;
++		d2i_PKCS7_ENVELOPE;
++		d2i_PKCS7_ISSUER_AND_SERIAL;
++		d2i_PKCS7_RECIP_INFO;
++		d2i_PKCS7_SIGNED;
++		d2i_PKCS7_SIGNER_INFO;
++		d2i_PKCS7_SIGN_ENVELOPE;
++		d2i_PKCS7_bio;
++		d2i_PKCS7_fp;
++		d2i_PrivateKey;
++		d2i_PublicKey;
++		d2i_RSAPrivateKey;
++		d2i_RSAPrivateKey_bio;
++		d2i_RSAPrivateKey_fp;
++		d2i_RSAPublicKey;
++		d2i_X509;
++		d2i_X509_ALGOR;
++		d2i_X509_ATTRIBUTE;
++		d2i_X509_CINF;
++		d2i_X509_CRL;
++		d2i_X509_CRL_INFO;
++		d2i_X509_CRL_bio;
++		d2i_X509_CRL_fp;
++		d2i_X509_EXTENSION;
++		d2i_X509_NAME;
++		d2i_X509_NAME_ENTRY;
++		d2i_X509_PKEY;
++		d2i_X509_PUBKEY;
++		d2i_X509_REQ;
++		d2i_X509_REQ_INFO;
++		d2i_X509_REQ_bio;
++		d2i_X509_REQ_fp;
++		d2i_X509_REVOKED;
++		d2i_X509_SIG;
++		d2i_X509_VAL;
++		d2i_X509_bio;
++		d2i_X509_fp;
++		DES_cbc_cksum;
++		DES_cbc_encrypt;
++		DES_cblock_print_file;
++		DES_cfb64_encrypt;
++		DES_cfb_encrypt;
++		DES_decrypt3;
++		DES_ecb3_encrypt;
++		DES_ecb_encrypt;
++		DES_ede3_cbc_encrypt;
++		DES_ede3_cfb64_encrypt;
++		DES_ede3_ofb64_encrypt;
++		DES_enc_read;
++		DES_enc_write;
++		DES_encrypt1;
++		DES_encrypt2;
++		DES_encrypt3;
++		DES_fcrypt;
++		DES_is_weak_key;
++		DES_key_sched;
++		DES_ncbc_encrypt;
++		DES_ofb64_encrypt;
++		DES_ofb_encrypt;
++		DES_options;
++		DES_pcbc_encrypt;
++		DES_quad_cksum;
++		DES_random_key;
++		_ossl_old_des_random_seed;
++		_ossl_old_des_read_2passwords;
++		_ossl_old_des_read_password;
++		_ossl_old_des_read_pw;
++		_ossl_old_des_read_pw_string;
++		DES_set_key;
++		DES_set_odd_parity;
++		DES_string_to_2keys;
++		DES_string_to_key;
++		DES_xcbc_encrypt;
++		DES_xwhite_in2out;
++		fcrypt_body;
++		i2a_ASN1_INTEGER;
++		i2a_ASN1_OBJECT;
++		i2a_ASN1_STRING;
++		i2d_ASN1_BIT_STRING;
++		i2d_ASN1_BOOLEAN;
++		i2d_ASN1_HEADER;
++		i2d_ASN1_IA5STRING;
++		i2d_ASN1_INTEGER;
++		i2d_ASN1_OBJECT;
++		i2d_ASN1_OCTET_STRING;
++		i2d_ASN1_PRINTABLE;
++		i2d_ASN1_SET;
++		i2d_ASN1_TYPE;
++		i2d_ASN1_UTCTIME;
++		i2d_ASN1_bytes;
++		i2d_DHparams;
++		i2d_DSAPrivateKey;
++		i2d_DSAPrivateKey_bio;
++		i2d_DSAPrivateKey_fp;
++		i2d_DSAPublicKey;
++		i2d_DSAparams;
++		i2d_NETSCAPE_SPKAC;
++		i2d_NETSCAPE_SPKI;
++		i2d_Netscape_RSA;
++		i2d_PKCS7;
++		i2d_PKCS7_DIGEST;
++		i2d_PKCS7_ENCRYPT;
++		i2d_PKCS7_ENC_CONTENT;
++		i2d_PKCS7_ENVELOPE;
++		i2d_PKCS7_ISSUER_AND_SERIAL;
++		i2d_PKCS7_RECIP_INFO;
++		i2d_PKCS7_SIGNED;
++		i2d_PKCS7_SIGNER_INFO;
++		i2d_PKCS7_SIGN_ENVELOPE;
++		i2d_PKCS7_bio;
++		i2d_PKCS7_fp;
++		i2d_PrivateKey;
++		i2d_PublicKey;
++		i2d_RSAPrivateKey;
++		i2d_RSAPrivateKey_bio;
++		i2d_RSAPrivateKey_fp;
++		i2d_RSAPublicKey;
++		i2d_X509;
++		i2d_X509_ALGOR;
++		i2d_X509_ATTRIBUTE;
++		i2d_X509_CINF;
++		i2d_X509_CRL;
++		i2d_X509_CRL_INFO;
++		i2d_X509_CRL_bio;
++		i2d_X509_CRL_fp;
++		i2d_X509_EXTENSION;
++		i2d_X509_NAME;
++		i2d_X509_NAME_ENTRY;
++		i2d_X509_PKEY;
++		i2d_X509_PUBKEY;
++		i2d_X509_REQ;
++		i2d_X509_REQ_INFO;
++		i2d_X509_REQ_bio;
++		i2d_X509_REQ_fp;
++		i2d_X509_REVOKED;
++		i2d_X509_SIG;
++		i2d_X509_VAL;
++		i2d_X509_bio;
++		i2d_X509_fp;
++		idea_cbc_encrypt;
++		idea_cfb64_encrypt;
++		idea_ecb_encrypt;
++		idea_encrypt;
++		idea_ofb64_encrypt;
++		idea_options;
++		idea_set_decrypt_key;
++		idea_set_encrypt_key;
++		lh_delete;
++		lh_doall;
++		lh_doall_arg;
++		lh_free;
++		lh_insert;
++		lh_new;
++		lh_node_stats;
++		lh_node_stats_bio;
++		lh_node_usage_stats;
++		lh_node_usage_stats_bio;
++		lh_retrieve;
++		lh_stats;
++		lh_stats_bio;
++		lh_strhash;
++		sk_delete;
++		sk_delete_ptr;
++		sk_dup;
++		sk_find;
++		sk_free;
++		sk_insert;
++		sk_new;
++		sk_pop;
++		sk_pop_free;
++		sk_push;
++		sk_set_cmp_func;
++		sk_shift;
++		sk_unshift;
++		sk_zero;
++		BIO_f_nbio_test;
++		ASN1_TYPE_get;
++		ASN1_TYPE_set;
++		PKCS7_content_free;
++		ERR_load_PKCS7_strings;
++		X509_find_by_issuer_and_serial;
++		X509_find_by_subject;
++		PKCS7_ctrl;
++		PKCS7_set_type;
++		PKCS7_set_content;
++		PKCS7_SIGNER_INFO_set;
++		PKCS7_add_signer;
++		PKCS7_add_certificate;
++		PKCS7_add_crl;
++		PKCS7_content_new;
++		PKCS7_dataSign;
++		PKCS7_dataVerify;
++		PKCS7_dataInit;
++		PKCS7_add_signature;
++		PKCS7_cert_from_signer_info;
++		PKCS7_get_signer_info;
++		EVP_delete_alias;
++		EVP_mdc2;
++		PEM_read_bio_RSAPublicKey;
++		PEM_write_bio_RSAPublicKey;
++		d2i_RSAPublicKey_bio;
++		i2d_RSAPublicKey_bio;
++		PEM_read_RSAPublicKey;
++		PEM_write_RSAPublicKey;
++		d2i_RSAPublicKey_fp;
++		i2d_RSAPublicKey_fp;
++		BIO_copy_next_retry;
++		RSA_flags;
++		X509_STORE_add_crl;
++		X509_load_crl_file;
++		EVP_rc2_40_cbc;
++		EVP_rc4_40;
++		EVP_CIPHER_CTX_init;
++		HMAC;
++		HMAC_Init;
++		HMAC_Update;
++		HMAC_Final;
++		ERR_get_next_error_library;
++		EVP_PKEY_cmp_parameters;
++		HMAC_cleanup;
++		BIO_ptr_ctrl;
++		BIO_new_file_internal;
++		BIO_new_fp_internal;
++		BIO_s_file_internal;
++		BN_BLINDING_convert;
++		BN_BLINDING_invert;
++		BN_BLINDING_update;
++		RSA_blinding_on;
++		RSA_blinding_off;
++		i2t_ASN1_OBJECT;
++		BN_BLINDING_new;
++		BN_BLINDING_free;
++		EVP_cast5_cbc;
++		EVP_cast5_cfb64;
++		EVP_cast5_ecb;
++		EVP_cast5_ofb;
++		BF_decrypt;
++		CAST_set_key;
++		CAST_encrypt;
++		CAST_decrypt;
++		CAST_ecb_encrypt;
++		CAST_cbc_encrypt;
++		CAST_cfb64_encrypt;
++		CAST_ofb64_encrypt;
++		RC2_decrypt;
++		OBJ_create_objects;
++		BN_exp;
++		BN_mul_word;
++		BN_sub_word;
++		BN_dec2bn;
++		BN_bn2dec;
++		BIO_ghbn_ctrl;
++		CRYPTO_free_ex_data;
++		CRYPTO_get_ex_data;
++		CRYPTO_set_ex_data;
++		ERR_load_CRYPTO_strings;
++		ERR_load_CRYPTOlib_strings;
++		EVP_PKEY_bits;
++		MD5_Transform;
++		SHA1_Transform;
++		SHA_Transform;
++		X509_STORE_CTX_get_chain;
++		X509_STORE_CTX_get_current_cert;
++		X509_STORE_CTX_get_error;
++		X509_STORE_CTX_get_error_depth;
++		X509_STORE_CTX_get_ex_data;
++		X509_STORE_CTX_set_cert;
++		X509_STORE_CTX_set_chain;
++		X509_STORE_CTX_set_error;
++		X509_STORE_CTX_set_ex_data;
++		CRYPTO_dup_ex_data;
++		CRYPTO_get_new_lockid;
++		CRYPTO_new_ex_data;
++		RSA_set_ex_data;
++		RSA_get_ex_data;
++		RSA_get_ex_new_index;
++		RSA_padding_add_PKCS1_type_1;
++		RSA_padding_add_PKCS1_type_2;
++		RSA_padding_add_SSLv23;
++		RSA_padding_add_none;
++		RSA_padding_check_PKCS1_type_1;
++		RSA_padding_check_PKCS1_type_2;
++		RSA_padding_check_SSLv23;
++		RSA_padding_check_none;
++		bn_add_words;
++		d2i_Netscape_RSA_2;
++		CRYPTO_get_ex_new_index;
++		RIPEMD160_Init;
++		RIPEMD160_Update;
++		RIPEMD160_Final;
++		RIPEMD160;
++		RIPEMD160_Transform;
++		RC5_32_set_key;
++		RC5_32_ecb_encrypt;
++		RC5_32_encrypt;
++		RC5_32_decrypt;
++		RC5_32_cbc_encrypt;
++		RC5_32_cfb64_encrypt;
++		RC5_32_ofb64_encrypt;
++		BN_bn2mpi;
++		BN_mpi2bn;
++		ASN1_BIT_STRING_get_bit;
++		ASN1_BIT_STRING_set_bit;
++		BIO_get_ex_data;
++		BIO_get_ex_new_index;
++		BIO_set_ex_data;
++		X509v3_get_key_usage;
++		X509v3_set_key_usage;
++		a2i_X509v3_key_usage;
++		i2a_X509v3_key_usage;
++		EVP_PKEY_decrypt;
++		EVP_PKEY_encrypt;
++		PKCS7_RECIP_INFO_set;
++		PKCS7_add_recipient;
++		PKCS7_add_recipient_info;
++		PKCS7_set_cipher;
++		ASN1_TYPE_get_int_octetstring;
++		ASN1_TYPE_get_octetstring;
++		ASN1_TYPE_set_int_octetstring;
++		ASN1_TYPE_set_octetstring;
++		ASN1_UTCTIME_set_string;
++		ERR_add_error_data;
++		ERR_set_error_data;
++		EVP_CIPHER_asn1_to_param;
++		EVP_CIPHER_param_to_asn1;
++		EVP_CIPHER_get_asn1_iv;
++		EVP_CIPHER_set_asn1_iv;
++		EVP_rc5_32_12_16_cbc;
++		EVP_rc5_32_12_16_cfb64;
++		EVP_rc5_32_12_16_ecb;
++		EVP_rc5_32_12_16_ofb;
++		asn1_add_error;
++		d2i_ASN1_BMPSTRING;
++		i2d_ASN1_BMPSTRING;
++		BIO_f_ber;
++		BN_init;
++		COMP_CTX_new;
++		COMP_CTX_free;
++		COMP_CTX_compress_block;
++		COMP_CTX_expand_block;
++		X509_STORE_CTX_get_ex_new_index;
++		OBJ_NAME_add;
++		BIO_socket_nbio;
++		EVP_rc2_64_cbc;
++		OBJ_NAME_cleanup;
++		OBJ_NAME_get;
++		OBJ_NAME_init;
++		OBJ_NAME_new_index;
++		OBJ_NAME_remove;
++		BN_MONT_CTX_copy;
++		BIO_new_socks4a_connect;
++		BIO_s_socks4a_connect;
++		PROXY_set_connect_mode;
++		RAND_SSLeay;
++		RAND_set_rand_method;
++		RSA_memory_lock;
++		bn_sub_words;
++		bn_mul_normal;
++		bn_mul_comba8;
++		bn_mul_comba4;
++		bn_sqr_normal;
++		bn_sqr_comba8;
++		bn_sqr_comba4;
++		bn_cmp_words;
++		bn_mul_recursive;
++		bn_mul_part_recursive;
++		bn_sqr_recursive;
++		bn_mul_low_normal;
++		BN_RECP_CTX_init;
++		BN_RECP_CTX_new;
++		BN_RECP_CTX_free;
++		BN_RECP_CTX_set;
++		BN_mod_mul_reciprocal;
++		BN_mod_exp_recp;
++		BN_div_recp;
++		BN_CTX_init;
++		BN_MONT_CTX_init;
++		RAND_get_rand_method;
++		PKCS7_add_attribute;
++		PKCS7_add_signed_attribute;
++		PKCS7_digest_from_attributes;
++		PKCS7_get_attribute;
++		PKCS7_get_issuer_and_serial;
++		PKCS7_get_signed_attribute;
++		COMP_compress_block;
++		COMP_expand_block;
++		COMP_rle;
++		COMP_zlib;
++		ms_time_diff;
++		ms_time_new;
++		ms_time_free;
++		ms_time_cmp;
++		ms_time_get;
++		PKCS7_set_attributes;
++		PKCS7_set_signed_attributes;
++		X509_ATTRIBUTE_create;
++		X509_ATTRIBUTE_dup;
++		ASN1_GENERALIZEDTIME_check;
++		ASN1_GENERALIZEDTIME_print;
++		ASN1_GENERALIZEDTIME_set;
++		ASN1_GENERALIZEDTIME_set_string;
++		ASN1_TIME_print;
++		BASIC_CONSTRAINTS_free;
++		BASIC_CONSTRAINTS_new;
++		ERR_load_X509V3_strings;
++		NETSCAPE_CERT_SEQUENCE_free;
++		NETSCAPE_CERT_SEQUENCE_new;
++		OBJ_txt2obj;
++		PEM_read_NETSCAPE_CERT_SEQUENCE;
++		PEM_read_NS_CERT_SEQ;
++		PEM_read_bio_NETSCAPE_CERT_SEQUENCE;
++		PEM_read_bio_NS_CERT_SEQ;
++		PEM_write_NETSCAPE_CERT_SEQUENCE;
++		PEM_write_NS_CERT_SEQ;
++		PEM_write_bio_NETSCAPE_CERT_SEQUENCE;
++		PEM_write_bio_NS_CERT_SEQ;
++		X509V3_EXT_add;
++		X509V3_EXT_add_alias;
++		X509V3_EXT_add_conf;
++		X509V3_EXT_cleanup;
++		X509V3_EXT_conf;
++		X509V3_EXT_conf_nid;
++		X509V3_EXT_get;
++		X509V3_EXT_get_nid;
++		X509V3_EXT_print;
++		X509V3_EXT_print_fp;
++		X509V3_add_standard_extensions;
++		X509V3_add_value;
++		X509V3_add_value_bool;
++		X509V3_add_value_int;
++		X509V3_conf_free;
++		X509V3_get_value_bool;
++		X509V3_get_value_int;
++		X509V3_parse_list;
++		d2i_ASN1_GENERALIZEDTIME;
++		d2i_ASN1_TIME;
++		d2i_BASIC_CONSTRAINTS;
++		d2i_NETSCAPE_CERT_SEQUENCE;
++		d2i_ext_ku;
++		ext_ku_free;
++		ext_ku_new;
++		i2d_ASN1_GENERALIZEDTIME;
++		i2d_ASN1_TIME;
++		i2d_BASIC_CONSTRAINTS;
++		i2d_NETSCAPE_CERT_SEQUENCE;
++		i2d_ext_ku;
++		EVP_MD_CTX_copy;
++		i2d_ASN1_ENUMERATED;
++		d2i_ASN1_ENUMERATED;
++		ASN1_ENUMERATED_set;
++		ASN1_ENUMERATED_get;
++		BN_to_ASN1_ENUMERATED;
++		ASN1_ENUMERATED_to_BN;
++		i2a_ASN1_ENUMERATED;
++		a2i_ASN1_ENUMERATED;
++		i2d_GENERAL_NAME;
++		d2i_GENERAL_NAME;
++		GENERAL_NAME_new;
++		GENERAL_NAME_free;
++		GENERAL_NAMES_new;
++		GENERAL_NAMES_free;
++		d2i_GENERAL_NAMES;
++		i2d_GENERAL_NAMES;
++		i2v_GENERAL_NAMES;
++		i2s_ASN1_OCTET_STRING;
++		s2i_ASN1_OCTET_STRING;
++		X509V3_EXT_check_conf;
++		hex_to_string;
++		string_to_hex;
++		DES_ede3_cbcm_encrypt;
++		RSA_padding_add_PKCS1_OAEP;
++		RSA_padding_check_PKCS1_OAEP;
++		X509_CRL_print_fp;
++		X509_CRL_print;
++		i2v_GENERAL_NAME;
++		v2i_GENERAL_NAME;
++		i2d_PKEY_USAGE_PERIOD;
++		d2i_PKEY_USAGE_PERIOD;
++		PKEY_USAGE_PERIOD_new;
++		PKEY_USAGE_PERIOD_free;
++		v2i_GENERAL_NAMES;
++		i2s_ASN1_INTEGER;
++		X509V3_EXT_d2i;
++		name_cmp;
++		str_dup;
++		i2s_ASN1_ENUMERATED;
++		i2s_ASN1_ENUMERATED_TABLE;
++		BIO_s_log;
++		BIO_f_reliable;
++		PKCS7_dataFinal;
++		PKCS7_dataDecode;
++		X509V3_EXT_CRL_add_conf;
++		BN_set_params;
++		BN_get_params;
++		BIO_get_ex_num;
++		BIO_set_ex_free_func;
++		EVP_ripemd160;
++		ASN1_TIME_set;
++		i2d_AUTHORITY_KEYID;
++		d2i_AUTHORITY_KEYID;
++		AUTHORITY_KEYID_new;
++		AUTHORITY_KEYID_free;
++		ASN1_seq_unpack;
++		ASN1_seq_pack;
++		ASN1_unpack_string;
++		ASN1_pack_string;
++		PKCS12_pack_safebag;
++		PKCS12_MAKE_KEYBAG;
++		PKCS8_encrypt;
++		PKCS12_MAKE_SHKEYBAG;
++		PKCS12_pack_p7data;
++		PKCS12_pack_p7encdata;
++		PKCS12_add_localkeyid;
++		PKCS12_add_friendlyname_asc;
++		PKCS12_add_friendlyname_uni;
++		PKCS12_get_friendlyname;
++		PKCS12_pbe_crypt;
++		PKCS12_decrypt_d2i;
++		PKCS12_i2d_encrypt;
++		PKCS12_init;
++		PKCS12_key_gen_asc;
++		PKCS12_key_gen_uni;
++		PKCS12_gen_mac;
++		PKCS12_verify_mac;
++		PKCS12_set_mac;
++		PKCS12_setup_mac;
++		OPENSSL_asc2uni;
++		OPENSSL_uni2asc;
++		i2d_PKCS12_BAGS;
++		PKCS12_BAGS_new;
++		d2i_PKCS12_BAGS;
++		PKCS12_BAGS_free;
++		i2d_PKCS12;
++		d2i_PKCS12;
++		PKCS12_new;
++		PKCS12_free;
++		i2d_PKCS12_MAC_DATA;
++		PKCS12_MAC_DATA_new;
++		d2i_PKCS12_MAC_DATA;
++		PKCS12_MAC_DATA_free;
++		i2d_PKCS12_SAFEBAG;
++		PKCS12_SAFEBAG_new;
++		d2i_PKCS12_SAFEBAG;
++		PKCS12_SAFEBAG_free;
++		ERR_load_PKCS12_strings;
++		PKCS12_PBE_add;
++		PKCS8_add_keyusage;
++		PKCS12_get_attr_gen;
++		PKCS12_parse;
++		PKCS12_create;
++		i2d_PKCS12_bio;
++		i2d_PKCS12_fp;
++		d2i_PKCS12_bio;
++		d2i_PKCS12_fp;
++		i2d_PBEPARAM;
++		PBEPARAM_new;
++		d2i_PBEPARAM;
++		PBEPARAM_free;
++		i2d_PKCS8_PRIV_KEY_INFO;
++		PKCS8_PRIV_KEY_INFO_new;
++		d2i_PKCS8_PRIV_KEY_INFO;
++		PKCS8_PRIV_KEY_INFO_free;
++		EVP_PKCS82PKEY;
++		EVP_PKEY2PKCS8;
++		PKCS8_set_broken;
++		EVP_PBE_ALGOR_CipherInit;
++		EVP_PBE_alg_add;
++		PKCS5_pbe_set;
++		EVP_PBE_cleanup;
++		i2d_SXNET;
++		d2i_SXNET;
++		SXNET_new;
++		SXNET_free;
++		i2d_SXNETID;
++		d2i_SXNETID;
++		SXNETID_new;
++		SXNETID_free;
++		DSA_SIG_new;
++		DSA_SIG_free;
++		DSA_do_sign;
++		DSA_do_verify;
++		d2i_DSA_SIG;
++		i2d_DSA_SIG;
++		i2d_ASN1_VISIBLESTRING;
++		d2i_ASN1_VISIBLESTRING;
++		i2d_ASN1_UTF8STRING;
++		d2i_ASN1_UTF8STRING;
++		i2d_DIRECTORYSTRING;
++		d2i_DIRECTORYSTRING;
++		i2d_DISPLAYTEXT;
++		d2i_DISPLAYTEXT;
++		d2i_ASN1_SET_OF_X509;
++		i2d_ASN1_SET_OF_X509;
++		i2d_PBKDF2PARAM;
++		PBKDF2PARAM_new;
++		d2i_PBKDF2PARAM;
++		PBKDF2PARAM_free;
++		i2d_PBE2PARAM;
++		PBE2PARAM_new;
++		d2i_PBE2PARAM;
++		PBE2PARAM_free;
++		d2i_ASN1_SET_OF_GENERAL_NAME;
++		i2d_ASN1_SET_OF_GENERAL_NAME;
++		d2i_ASN1_SET_OF_SXNETID;
++		i2d_ASN1_SET_OF_SXNETID;
++		d2i_ASN1_SET_OF_POLICYQUALINFO;
++		i2d_ASN1_SET_OF_POLICYQUALINFO;
++		d2i_ASN1_SET_OF_POLICYINFO;
++		i2d_ASN1_SET_OF_POLICYINFO;
++		SXNET_add_id_asc;
++		SXNET_add_id_ulong;
++		SXNET_add_id_INTEGER;
++		SXNET_get_id_asc;
++		SXNET_get_id_ulong;
++		SXNET_get_id_INTEGER;
++		X509V3_set_conf_lhash;
++		i2d_CERTIFICATEPOLICIES;
++		CERTIFICATEPOLICIES_new;
++		CERTIFICATEPOLICIES_free;
++		d2i_CERTIFICATEPOLICIES;
++		i2d_POLICYINFO;
++		POLICYINFO_new;
++		d2i_POLICYINFO;
++		POLICYINFO_free;
++		i2d_POLICYQUALINFO;
++		POLICYQUALINFO_new;
++		d2i_POLICYQUALINFO;
++		POLICYQUALINFO_free;
++		i2d_USERNOTICE;
++		USERNOTICE_new;
++		d2i_USERNOTICE;
++		USERNOTICE_free;
++		i2d_NOTICEREF;
++		NOTICEREF_new;
++		d2i_NOTICEREF;
++		NOTICEREF_free;
++		X509V3_get_string;
++		X509V3_get_section;
++		X509V3_string_free;
++		X509V3_section_free;
++		X509V3_set_ctx;
++		s2i_ASN1_INTEGER;
++		CRYPTO_set_locked_mem_functions;
++		CRYPTO_get_locked_mem_functions;
++		CRYPTO_malloc_locked;
++		CRYPTO_free_locked;
++		BN_mod_exp2_mont;
++		ERR_get_error_line_data;
++		ERR_peek_error_line_data;
++		PKCS12_PBE_keyivgen;
++		X509_ALGOR_dup;
++		d2i_ASN1_SET_OF_DIST_POINT;
++		i2d_ASN1_SET_OF_DIST_POINT;
++		i2d_CRL_DIST_POINTS;
++		CRL_DIST_POINTS_new;
++		CRL_DIST_POINTS_free;
++		d2i_CRL_DIST_POINTS;
++		i2d_DIST_POINT;
++		DIST_POINT_new;
++		d2i_DIST_POINT;
++		DIST_POINT_free;
++		i2d_DIST_POINT_NAME;
++		DIST_POINT_NAME_new;
++		DIST_POINT_NAME_free;
++		d2i_DIST_POINT_NAME;
++		X509V3_add_value_uchar;
++		d2i_ASN1_SET_OF_X509_ATTRIBUTE;
++		i2d_ASN1_SET_OF_ASN1_TYPE;
++		d2i_ASN1_SET_OF_X509_EXTENSION;
++		d2i_ASN1_SET_OF_X509_NAME_ENTRY;
++		d2i_ASN1_SET_OF_ASN1_TYPE;
++		i2d_ASN1_SET_OF_X509_ATTRIBUTE;
++		i2d_ASN1_SET_OF_X509_EXTENSION;
++		i2d_ASN1_SET_OF_X509_NAME_ENTRY;
++		X509V3_EXT_i2d;
++		X509V3_EXT_val_prn;
++		X509V3_EXT_add_list;
++		EVP_CIPHER_type;
++		EVP_PBE_CipherInit;
++		X509V3_add_value_bool_nf;
++		d2i_ASN1_UINTEGER;
++		sk_value;
++		sk_num;
++		sk_set;
++		i2d_ASN1_SET_OF_X509_REVOKED;
++		sk_sort;
++		d2i_ASN1_SET_OF_X509_REVOKED;
++		i2d_ASN1_SET_OF_X509_ALGOR;
++		i2d_ASN1_SET_OF_X509_CRL;
++		d2i_ASN1_SET_OF_X509_ALGOR;
++		d2i_ASN1_SET_OF_X509_CRL;
++		i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO;
++		i2d_ASN1_SET_OF_PKCS7_RECIP_INFO;
++		d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO;
++		d2i_ASN1_SET_OF_PKCS7_RECIP_INFO;
++		PKCS5_PBE_add;
++		PEM_write_bio_PKCS8;
++		i2d_PKCS8_fp;
++		PEM_read_bio_PKCS8_PRIV_KEY_INFO;
++		PEM_read_bio_P8_PRIV_KEY_INFO;
++		d2i_PKCS8_bio;
++		d2i_PKCS8_PRIV_KEY_INFO_fp;
++		PEM_write_bio_PKCS8_PRIV_KEY_INFO;
++		PEM_write_bio_P8_PRIV_KEY_INFO;
++		PEM_read_PKCS8;
++		d2i_PKCS8_PRIV_KEY_INFO_bio;
++		d2i_PKCS8_fp;
++		PEM_write_PKCS8;
++		PEM_read_PKCS8_PRIV_KEY_INFO;
++		PEM_read_P8_PRIV_KEY_INFO;
++		PEM_read_bio_PKCS8;
++		PEM_write_PKCS8_PRIV_KEY_INFO;
++		PEM_write_P8_PRIV_KEY_INFO;
++		PKCS5_PBE_keyivgen;
++		i2d_PKCS8_bio;
++		i2d_PKCS8_PRIV_KEY_INFO_fp;
++		i2d_PKCS8_PRIV_KEY_INFO_bio;
++		BIO_s_bio;
++		PKCS5_pbe2_set;
++		PKCS5_PBKDF2_HMAC_SHA1;
++		PKCS5_v2_PBE_keyivgen;
++		PEM_write_bio_PKCS8PrivateKey;
++		PEM_write_PKCS8PrivateKey;
++		BIO_ctrl_get_read_request;
++		BIO_ctrl_pending;
++		BIO_ctrl_wpending;
++		BIO_new_bio_pair;
++		BIO_ctrl_get_write_guarantee;
++		CRYPTO_num_locks;
++		CONF_load_bio;
++		CONF_load_fp;
++		i2d_ASN1_SET_OF_ASN1_OBJECT;
++		d2i_ASN1_SET_OF_ASN1_OBJECT;
++		PKCS7_signatureVerify;
++		RSA_set_method;
++		RSA_get_method;
++		RSA_get_default_method;
++		RSA_check_key;
++		OBJ_obj2txt;
++		DSA_dup_DH;
++		X509_REQ_get_extensions;
++		X509_REQ_set_extension_nids;
++		BIO_nwrite;
++		X509_REQ_extension_nid;
++		BIO_nread;
++		X509_REQ_get_extension_nids;
++		BIO_nwrite0;
++		X509_REQ_add_extensions_nid;
++		BIO_nread0;
++		X509_REQ_add_extensions;
++		BIO_new_mem_buf;
++		DH_set_ex_data;
++		DH_set_method;
++		DSA_OpenSSL;
++		DH_get_ex_data;
++		DH_get_ex_new_index;
++		DSA_new_method;
++		DH_new_method;
++		DH_OpenSSL;
++		DSA_get_ex_new_index;
++		DH_get_default_method;
++		DSA_set_ex_data;
++		DH_set_default_method;
++		DSA_get_ex_data;
++		X509V3_EXT_REQ_add_conf;
++		NETSCAPE_SPKI_print;
++		NETSCAPE_SPKI_set_pubkey;
++		NETSCAPE_SPKI_b64_encode;
++		NETSCAPE_SPKI_get_pubkey;
++		NETSCAPE_SPKI_b64_decode;
++		UTF8_putc;
++		UTF8_getc;
++		RSA_null_method;
++		ASN1_tag2str;
++		BIO_ctrl_reset_read_request;
++		DISPLAYTEXT_new;
++		ASN1_GENERALIZEDTIME_free;
++		X509_REVOKED_get_ext_d2i;
++		X509_set_ex_data;
++		X509_reject_set_bit_asc;
++		X509_NAME_add_entry_by_txt;
++		X509_NAME_add_entry_by_NID;
++		X509_PURPOSE_get0;
++		PEM_read_X509_AUX;
++		d2i_AUTHORITY_INFO_ACCESS;
++		PEM_write_PUBKEY;
++		ACCESS_DESCRIPTION_new;
++		X509_CERT_AUX_free;
++		d2i_ACCESS_DESCRIPTION;
++		X509_trust_clear;
++		X509_TRUST_add;
++		ASN1_VISIBLESTRING_new;
++		X509_alias_set1;
++		ASN1_PRINTABLESTRING_free;
++		EVP_PKEY_get1_DSA;
++		ASN1_BMPSTRING_new;
++		ASN1_mbstring_copy;
++		ASN1_UTF8STRING_new;
++		DSA_get_default_method;
++		i2d_ASN1_SET_OF_ACCESS_DESCRIPTION;
++		ASN1_T61STRING_free;
++		DSA_set_method;
++		X509_get_ex_data;
++		ASN1_STRING_type;
++		X509_PURPOSE_get_by_sname;
++		ASN1_TIME_free;
++		ASN1_OCTET_STRING_cmp;
++		ASN1_BIT_STRING_new;
++		X509_get_ext_d2i;
++		PEM_read_bio_X509_AUX;
++		ASN1_STRING_set_default_mask_asc;
++		ASN1_STRING_set_def_mask_asc;
++		PEM_write_bio_RSA_PUBKEY;
++		ASN1_INTEGER_cmp;
++		d2i_RSA_PUBKEY_fp;
++		X509_trust_set_bit_asc;
++		PEM_write_bio_DSA_PUBKEY;
++		X509_STORE_CTX_free;
++		EVP_PKEY_set1_DSA;
++		i2d_DSA_PUBKEY_fp;
++		X509_load_cert_crl_file;
++		ASN1_TIME_new;
++		i2d_RSA_PUBKEY;
++		X509_STORE_CTX_purpose_inherit;
++		PEM_read_RSA_PUBKEY;
++		d2i_X509_AUX;
++		i2d_DSA_PUBKEY;
++		X509_CERT_AUX_print;
++		PEM_read_DSA_PUBKEY;
++		i2d_RSA_PUBKEY_bio;
++		ASN1_BIT_STRING_num_asc;
++		i2d_PUBKEY;
++		ASN1_UTCTIME_free;
++		DSA_set_default_method;
++		X509_PURPOSE_get_by_id;
++		ACCESS_DESCRIPTION_free;
++		PEM_read_bio_PUBKEY;
++		ASN1_STRING_set_by_NID;
++		X509_PURPOSE_get_id;
++		DISPLAYTEXT_free;
++		OTHERNAME_new;
++		X509_CERT_AUX_new;
++		X509_TRUST_cleanup;
++		X509_NAME_add_entry_by_OBJ;
++		X509_CRL_get_ext_d2i;
++		X509_PURPOSE_get0_name;
++		PEM_read_PUBKEY;
++		i2d_DSA_PUBKEY_bio;
++		i2d_OTHERNAME;
++		ASN1_OCTET_STRING_free;
++		ASN1_BIT_STRING_set_asc;
++		X509_get_ex_new_index;
++		ASN1_STRING_TABLE_cleanup;
++		X509_TRUST_get_by_id;
++		X509_PURPOSE_get_trust;
++		ASN1_STRING_length;
++		d2i_ASN1_SET_OF_ACCESS_DESCRIPTION;
++		ASN1_PRINTABLESTRING_new;
++		X509V3_get_d2i;
++		ASN1_ENUMERATED_free;
++		i2d_X509_CERT_AUX;
++		X509_STORE_CTX_set_trust;
++		ASN1_STRING_set_default_mask;
++		X509_STORE_CTX_new;
++		EVP_PKEY_get1_RSA;
++		DIRECTORYSTRING_free;
++		PEM_write_X509_AUX;
++		ASN1_OCTET_STRING_set;
++		d2i_DSA_PUBKEY_fp;
++		d2i_RSA_PUBKEY;
++		X509_TRUST_get0_name;
++		X509_TRUST_get0;
++		AUTHORITY_INFO_ACCESS_free;
++		ASN1_IA5STRING_new;
++		d2i_DSA_PUBKEY;
++		X509_check_purpose;
++		ASN1_ENUMERATED_new;
++		d2i_RSA_PUBKEY_bio;
++		d2i_PUBKEY;
++		X509_TRUST_get_trust;
++		X509_TRUST_get_flags;
++		ASN1_BMPSTRING_free;
++		ASN1_T61STRING_new;
++		ASN1_UTCTIME_new;
++		i2d_AUTHORITY_INFO_ACCESS;
++		EVP_PKEY_set1_RSA;
++		X509_STORE_CTX_set_purpose;
++		ASN1_IA5STRING_free;
++		PEM_write_bio_X509_AUX;
++		X509_PURPOSE_get_count;
++		CRYPTO_add_info;
++		X509_NAME_ENTRY_create_by_txt;
++		ASN1_STRING_get_default_mask;
++		X509_alias_get0;
++		ASN1_STRING_data;
++		i2d_ACCESS_DESCRIPTION;
++		X509_trust_set_bit;
++		ASN1_BIT_STRING_free;
++		PEM_read_bio_RSA_PUBKEY;
++		X509_add1_reject_object;
++		X509_check_trust;
++		PEM_read_bio_DSA_PUBKEY;
++		X509_PURPOSE_add;
++		ASN1_STRING_TABLE_get;
++		ASN1_UTF8STRING_free;
++		d2i_DSA_PUBKEY_bio;
++		PEM_write_RSA_PUBKEY;
++		d2i_OTHERNAME;
++		X509_reject_set_bit;
++		PEM_write_DSA_PUBKEY;
++		X509_PURPOSE_get0_sname;
++		EVP_PKEY_set1_DH;
++		ASN1_OCTET_STRING_dup;
++		ASN1_BIT_STRING_set;
++		X509_TRUST_get_count;
++		ASN1_INTEGER_free;
++		OTHERNAME_free;
++		i2d_RSA_PUBKEY_fp;
++		ASN1_INTEGER_dup;
++		d2i_X509_CERT_AUX;
++		PEM_write_bio_PUBKEY;
++		ASN1_VISIBLESTRING_free;
++		X509_PURPOSE_cleanup;
++		ASN1_mbstring_ncopy;
++		ASN1_GENERALIZEDTIME_new;
++		EVP_PKEY_get1_DH;
++		ASN1_OCTET_STRING_new;
++		ASN1_INTEGER_new;
++		i2d_X509_AUX;
++		ASN1_BIT_STRING_name_print;
++		X509_cmp;
++		ASN1_STRING_length_set;
++		DIRECTORYSTRING_new;
++		X509_add1_trust_object;
++		PKCS12_newpass;
++		SMIME_write_PKCS7;
++		SMIME_read_PKCS7;
++		DES_set_key_checked;
++		PKCS7_verify;
++		PKCS7_encrypt;
++		DES_set_key_unchecked;
++		SMIME_crlf_copy;
++		i2d_ASN1_PRINTABLESTRING;
++		PKCS7_get0_signers;
++		PKCS7_decrypt;
++		SMIME_text;
++		PKCS7_simple_smimecap;
++		PKCS7_get_smimecap;
++		PKCS7_sign;
++		PKCS7_add_attrib_smimecap;
++		CRYPTO_dbg_set_options;
++		CRYPTO_remove_all_info;
++		CRYPTO_get_mem_debug_functions;
++		CRYPTO_is_mem_check_on;
++		CRYPTO_set_mem_debug_functions;
++		CRYPTO_pop_info;
++		CRYPTO_push_info_;
++		CRYPTO_set_mem_debug_options;
++		PEM_write_PKCS8PrivateKey_nid;
++		PEM_write_bio_PKCS8PrivateKey_nid;
++		PEM_write_bio_PKCS8PrivKey_nid;
++		d2i_PKCS8PrivateKey_bio;
++		ASN1_NULL_free;
++		d2i_ASN1_NULL;
++		ASN1_NULL_new;
++		i2d_PKCS8PrivateKey_bio;
++		i2d_PKCS8PrivateKey_fp;
++		i2d_ASN1_NULL;
++		i2d_PKCS8PrivateKey_nid_fp;
++		d2i_PKCS8PrivateKey_fp;
++		i2d_PKCS8PrivateKey_nid_bio;
++		i2d_PKCS8PrivateKeyInfo_fp;
++		i2d_PKCS8PrivateKeyInfo_bio;
++		PEM_cb;
++		i2d_PrivateKey_fp;
++		d2i_PrivateKey_bio;
++		d2i_PrivateKey_fp;
++		i2d_PrivateKey_bio;
++		X509_reject_clear;
++		X509_TRUST_set_default;
++		d2i_AutoPrivateKey;
++		X509_ATTRIBUTE_get0_type;
++		X509_ATTRIBUTE_set1_data;
++		X509at_get_attr;
++		X509at_get_attr_count;
++		X509_ATTRIBUTE_create_by_NID;
++		X509_ATTRIBUTE_set1_object;
++		X509_ATTRIBUTE_count;
++		X509_ATTRIBUTE_create_by_OBJ;
++		X509_ATTRIBUTE_get0_object;
++		X509at_get_attr_by_NID;
++		X509at_add1_attr;
++		X509_ATTRIBUTE_get0_data;
++		X509at_delete_attr;
++		X509at_get_attr_by_OBJ;
++		RAND_add;
++		BIO_number_written;
++		BIO_number_read;
++		X509_STORE_CTX_get1_chain;
++		ERR_load_RAND_strings;
++		RAND_pseudo_bytes;
++		X509_REQ_get_attr_by_NID;
++		X509_REQ_get_attr;
++		X509_REQ_add1_attr_by_NID;
++		X509_REQ_get_attr_by_OBJ;
++		X509at_add1_attr_by_NID;
++		X509_REQ_add1_attr_by_OBJ;
++		X509_REQ_get_attr_count;
++		X509_REQ_add1_attr;
++		X509_REQ_delete_attr;
++		X509at_add1_attr_by_OBJ;
++		X509_REQ_add1_attr_by_txt;
++		X509_ATTRIBUTE_create_by_txt;
++		X509at_add1_attr_by_txt;
++		BN_pseudo_rand;
++		BN_is_prime_fasttest;
++		BN_CTX_end;
++		BN_CTX_start;
++		BN_CTX_get;
++		EVP_PKEY2PKCS8_broken;
++		ASN1_STRING_TABLE_add;
++		CRYPTO_dbg_get_options;
++		AUTHORITY_INFO_ACCESS_new;
++		CRYPTO_get_mem_debug_options;
++		DES_crypt;
++		PEM_write_bio_X509_REQ_NEW;
++		PEM_write_X509_REQ_NEW;
++		BIO_callback_ctrl;
++		RAND_egd;
++		RAND_status;
++		bn_dump1;
++		DES_check_key_parity;
++		lh_num_items;
++		RAND_event;
++		DSO_new;
++		DSO_new_method;
++		DSO_free;
++		DSO_flags;
++		DSO_up;
++		DSO_set_default_method;
++		DSO_get_default_method;
++		DSO_get_method;
++		DSO_set_method;
++		DSO_load;
++		DSO_bind_var;
++		DSO_METHOD_null;
++		DSO_METHOD_openssl;
++		DSO_METHOD_dlfcn;
++		DSO_METHOD_win32;
++		ERR_load_DSO_strings;
++		DSO_METHOD_dl;
++		NCONF_load;
++		NCONF_load_fp;
++		NCONF_new;
++		NCONF_get_string;
++		NCONF_free;
++		NCONF_get_number;
++		CONF_dump_fp;
++		NCONF_load_bio;
++		NCONF_dump_fp;
++		NCONF_get_section;
++		NCONF_dump_bio;
++		CONF_dump_bio;
++		NCONF_free_data;
++		CONF_set_default_method;
++		ERR_error_string_n;
++		BIO_snprintf;
++		DSO_ctrl;
++		i2d_ASN1_SET_OF_ASN1_INTEGER;
++		i2d_ASN1_SET_OF_PKCS12_SAFEBAG;
++		i2d_ASN1_SET_OF_PKCS7;
++		BIO_vfree;
++		d2i_ASN1_SET_OF_ASN1_INTEGER;
++		d2i_ASN1_SET_OF_PKCS12_SAFEBAG;
++		ASN1_UTCTIME_get;
++		X509_REQ_digest;
++		X509_CRL_digest;
++		d2i_ASN1_SET_OF_PKCS7;
++		EVP_CIPHER_CTX_set_key_length;
++		EVP_CIPHER_CTX_ctrl;
++		BN_mod_exp_mont_word;
++		RAND_egd_bytes;
++		X509_REQ_get1_email;
++		X509_get1_email;
++		X509_email_free;
++		i2d_RSA_NET;
++		d2i_RSA_NET_2;
++		d2i_RSA_NET;
++		DSO_bind_func;
++		CRYPTO_get_new_dynlockid;
++		sk_new_null;
++		CRYPTO_set_dynlock_destroy_callback;
++		CRYPTO_set_dynlock_destroy_cb;
++		CRYPTO_destroy_dynlockid;
++		CRYPTO_set_dynlock_size;
++		CRYPTO_set_dynlock_create_callback;
++		CRYPTO_set_dynlock_create_cb;
++		CRYPTO_set_dynlock_lock_callback;
++		CRYPTO_set_dynlock_lock_cb;
++		CRYPTO_get_dynlock_lock_callback;
++		CRYPTO_get_dynlock_lock_cb;
++		CRYPTO_get_dynlock_destroy_callback;
++		CRYPTO_get_dynlock_destroy_cb;
++		CRYPTO_get_dynlock_value;
++		CRYPTO_get_dynlock_create_callback;
++		CRYPTO_get_dynlock_create_cb;
++		c2i_ASN1_BIT_STRING;
++		i2c_ASN1_BIT_STRING;
++		RAND_poll;
++		c2i_ASN1_INTEGER;
++		i2c_ASN1_INTEGER;
++		BIO_dump_indent;
++		ASN1_parse_dump;
++		c2i_ASN1_OBJECT;
++		X509_NAME_print_ex_fp;
++		ASN1_STRING_print_ex_fp;
++		X509_NAME_print_ex;
++		ASN1_STRING_print_ex;
++		MD4;
++		MD4_Transform;
++		MD4_Final;
++		MD4_Update;
++		MD4_Init;
++		EVP_md4;
++		i2d_PUBKEY_bio;
++		i2d_PUBKEY_fp;
++		d2i_PUBKEY_bio;
++		ASN1_STRING_to_UTF8;
++		BIO_vprintf;
++		BIO_vsnprintf;
++		d2i_PUBKEY_fp;
++		X509_cmp_time;
++		X509_STORE_CTX_set_time;
++		X509_STORE_CTX_get1_issuer;
++		X509_OBJECT_retrieve_match;
++		X509_OBJECT_idx_by_subject;
++		X509_STORE_CTX_set_flags;
++		X509_STORE_CTX_trusted_stack;
++		X509_time_adj;
++		X509_check_issued;
++		ASN1_UTCTIME_cmp_time_t;
++		DES_set_weak_key_flag;
++		DES_check_key;
++		DES_rw_mode;
++		RSA_PKCS1_RSAref;
++		X509_keyid_set1;
++		BIO_next;
++		DSO_METHOD_vms;
++		BIO_f_linebuffer;
++		BN_bntest_rand;
++		OPENSSL_issetugid;
++		BN_rand_range;
++		ERR_load_ENGINE_strings;
++		ENGINE_set_DSA;
++		ENGINE_get_finish_function;
++		ENGINE_get_default_RSA;
++		ENGINE_get_BN_mod_exp;
++		DSA_get_default_openssl_method;
++		ENGINE_set_DH;
++		ENGINE_set_def_BN_mod_exp_crt;
++		ENGINE_set_default_BN_mod_exp_crt;
++		ENGINE_init;
++		DH_get_default_openssl_method;
++		RSA_set_default_openssl_method;
++		ENGINE_finish;
++		ENGINE_load_public_key;
++		ENGINE_get_DH;
++		ENGINE_ctrl;
++		ENGINE_get_init_function;
++		ENGINE_set_init_function;
++		ENGINE_set_default_DSA;
++		ENGINE_get_name;
++		ENGINE_get_last;
++		ENGINE_get_prev;
++		ENGINE_get_default_DH;
++		ENGINE_get_RSA;
++		ENGINE_set_default;
++		ENGINE_get_RAND;
++		ENGINE_get_first;
++		ENGINE_by_id;
++		ENGINE_set_finish_function;
++		ENGINE_get_def_BN_mod_exp_crt;
++		ENGINE_get_default_BN_mod_exp_crt;
++		RSA_get_default_openssl_method;
++		ENGINE_set_RSA;
++		ENGINE_load_private_key;
++		ENGINE_set_default_RAND;
++		ENGINE_set_BN_mod_exp;
++		ENGINE_remove;
++		ENGINE_free;
++		ENGINE_get_BN_mod_exp_crt;
++		ENGINE_get_next;
++		ENGINE_set_name;
++		ENGINE_get_default_DSA;
++		ENGINE_set_default_BN_mod_exp;
++		ENGINE_set_default_RSA;
++		ENGINE_get_default_RAND;
++		ENGINE_get_default_BN_mod_exp;
++		ENGINE_set_RAND;
++		ENGINE_set_id;
++		ENGINE_set_BN_mod_exp_crt;
++		ENGINE_set_default_DH;
++		ENGINE_new;
++		ENGINE_get_id;
++		DSA_set_default_openssl_method;
++		ENGINE_add;
++		DH_set_default_openssl_method;
++		ENGINE_get_DSA;
++		ENGINE_get_ctrl_function;
++		ENGINE_set_ctrl_function;
++		BN_pseudo_rand_range;
++		X509_STORE_CTX_set_verify_cb;
++		ERR_load_COMP_strings;
++		PKCS12_item_decrypt_d2i;
++		ASN1_UTF8STRING_it;
++		ENGINE_unregister_ciphers;
++		ENGINE_get_ciphers;
++		d2i_OCSP_BASICRESP;
++		KRB5_CHECKSUM_it;
++		EC_POINT_add;
++		ASN1_item_ex_i2d;
++		OCSP_CERTID_it;
++		d2i_OCSP_RESPBYTES;
++		X509V3_add1_i2d;
++		PKCS7_ENVELOPE_it;
++		UI_add_input_boolean;
++		ENGINE_unregister_RSA;
++		X509V3_EXT_nconf;
++		ASN1_GENERALSTRING_free;
++		d2i_OCSP_CERTSTATUS;
++		X509_REVOKED_set_serialNumber;
++		X509_print_ex;
++		OCSP_ONEREQ_get1_ext_d2i;
++		ENGINE_register_all_RAND;
++		ENGINE_load_dynamic;
++		PBKDF2PARAM_it;
++		EXTENDED_KEY_USAGE_new;
++		EC_GROUP_clear_free;
++		OCSP_sendreq_bio;
++		ASN1_item_digest;
++		OCSP_BASICRESP_delete_ext;
++		OCSP_SIGNATURE_it;
++		X509_CRL_it;
++		OCSP_BASICRESP_add_ext;
++		KRB5_ENCKEY_it;
++		UI_method_set_closer;
++		X509_STORE_set_purpose;
++		i2d_ASN1_GENERALSTRING;
++		OCSP_response_status;
++		i2d_OCSP_SERVICELOC;
++		ENGINE_get_digest_engine;
++		EC_GROUP_set_curve_GFp;
++		OCSP_REQUEST_get_ext_by_OBJ;
++		_ossl_old_des_random_key;
++		ASN1_T61STRING_it;
++		EC_GROUP_method_of;
++		i2d_KRB5_APREQ;
++		_ossl_old_des_encrypt;
++		ASN1_PRINTABLE_new;
++		HMAC_Init_ex;
++		d2i_KRB5_AUTHENT;
++		OCSP_archive_cutoff_new;
++		EC_POINT_set_Jprojective_coordinates_GFp;
++		EC_POINT_set_Jproj_coords_GFp;
++		_ossl_old_des_is_weak_key;
++		OCSP_BASICRESP_get_ext_by_OBJ;
++		EC_POINT_oct2point;
++		OCSP_SINGLERESP_get_ext_count;
++		UI_ctrl;
++		_shadow_DES_rw_mode;
++		asn1_do_adb;
++		ASN1_template_i2d;
++		ENGINE_register_DH;
++		UI_construct_prompt;
++		X509_STORE_set_trust;
++		UI_dup_input_string;
++		d2i_KRB5_APREQ;
++		EVP_MD_CTX_copy_ex;
++		OCSP_request_is_signed;
++		i2d_OCSP_REQINFO;
++		KRB5_ENCKEY_free;
++		OCSP_resp_get0;
++		GENERAL_NAME_it;
++		ASN1_GENERALIZEDTIME_it;
++		X509_STORE_set_flags;
++		EC_POINT_set_compressed_coordinates_GFp;
++		EC_POINT_set_compr_coords_GFp;
++		OCSP_response_status_str;
++		d2i_OCSP_REVOKEDINFO;
++		OCSP_basic_add1_cert;
++		ERR_get_implementation;
++		EVP_CipherFinal_ex;
++		OCSP_CERTSTATUS_new;
++		CRYPTO_cleanup_all_ex_data;
++		OCSP_resp_find;
++		BN_nnmod;
++		X509_CRL_sort;
++		X509_REVOKED_set_revocationDate;
++		ENGINE_register_RAND;
++		OCSP_SERVICELOC_new;
++		EC_POINT_set_affine_coordinates_GFp;
++		EC_POINT_set_affine_coords_GFp;
++		_ossl_old_des_options;
++		SXNET_it;
++		UI_dup_input_boolean;
++		PKCS12_add_CSPName_asc;
++		EC_POINT_is_at_infinity;
++		ENGINE_load_cryptodev;
++		DSO_convert_filename;
++		POLICYQUALINFO_it;
++		ENGINE_register_ciphers;
++		BN_mod_lshift_quick;
++		DSO_set_filename;
++		ASN1_item_free;
++		KRB5_TKTBODY_free;
++		AUTHORITY_KEYID_it;
++		KRB5_APREQBODY_new;
++		X509V3_EXT_REQ_add_nconf;
++		ENGINE_ctrl_cmd_string;
++		i2d_OCSP_RESPDATA;
++		EVP_MD_CTX_init;
++		EXTENDED_KEY_USAGE_free;
++		PKCS7_ATTR_SIGN_it;
++		UI_add_error_string;
++		KRB5_CHECKSUM_free;
++		OCSP_REQUEST_get_ext;
++		ENGINE_load_ubsec;
++		ENGINE_register_all_digests;
++		PKEY_USAGE_PERIOD_it;
++		PKCS12_unpack_authsafes;
++		ASN1_item_unpack;
++		NETSCAPE_SPKAC_it;
++		X509_REVOKED_it;
++		ASN1_STRING_encode;
++		EVP_aes_128_ecb;
++		KRB5_AUTHENT_free;
++		OCSP_BASICRESP_get_ext_by_critical;
++		OCSP_BASICRESP_get_ext_by_crit;
++		OCSP_cert_status_str;
++		d2i_OCSP_REQUEST;
++		UI_dup_info_string;
++		_ossl_old_des_xwhite_in2out;
++		PKCS12_it;
++		OCSP_SINGLERESP_get_ext_by_critical;
++		OCSP_SINGLERESP_get_ext_by_crit;
++		OCSP_CERTSTATUS_free;
++		_ossl_old_des_crypt;
++		ASN1_item_i2d;
++		EVP_DecryptFinal_ex;
++		ENGINE_load_openssl;
++		ENGINE_get_cmd_defns;
++		ENGINE_set_load_privkey_function;
++		ENGINE_set_load_privkey_fn;
++		EVP_EncryptFinal_ex;
++		ENGINE_set_default_digests;
++		X509_get0_pubkey_bitstr;
++		asn1_ex_i2c;
++		ENGINE_register_RSA;
++		ENGINE_unregister_DSA;
++		_ossl_old_des_key_sched;
++		X509_EXTENSION_it;
++		i2d_KRB5_AUTHENT;
++		SXNETID_it;
++		d2i_OCSP_SINGLERESP;
++		EDIPARTYNAME_new;
++		PKCS12_certbag2x509;
++		_ossl_old_des_ofb64_encrypt;
++		d2i_EXTENDED_KEY_USAGE;
++		ERR_print_errors_cb;
++		ENGINE_set_ciphers;
++		d2i_KRB5_APREQBODY;
++		UI_method_get_flusher;
++		X509_PUBKEY_it;
++		_ossl_old_des_enc_read;
++		PKCS7_ENCRYPT_it;
++		i2d_OCSP_RESPONSE;
++		EC_GROUP_get_cofactor;
++		PKCS12_unpack_p7data;
++		d2i_KRB5_AUTHDATA;
++		OCSP_copy_nonce;
++		KRB5_AUTHDATA_new;
++		OCSP_RESPDATA_new;
++		EC_GFp_mont_method;
++		OCSP_REVOKEDINFO_free;
++		UI_get_ex_data;
++		KRB5_APREQBODY_free;
++		EC_GROUP_get0_generator;
++		UI_get_default_method;
++		X509V3_set_nconf;
++		PKCS12_item_i2d_encrypt;
++		X509_add1_ext_i2d;
++		PKCS7_SIGNER_INFO_it;
++		KRB5_PRINCNAME_new;
++		PKCS12_SAFEBAG_it;
++		EC_GROUP_get_order;
++		d2i_OCSP_RESPID;
++		OCSP_request_verify;
++		NCONF_get_number_e;
++		_ossl_old_des_decrypt3;
++		X509_signature_print;
++		OCSP_SINGLERESP_free;
++		ENGINE_load_builtin_engines;
++		i2d_OCSP_ONEREQ;
++		OCSP_REQUEST_add_ext;
++		OCSP_RESPBYTES_new;
++		EVP_MD_CTX_create;
++		OCSP_resp_find_status;
++		X509_ALGOR_it;
++		ASN1_TIME_it;
++		OCSP_request_set1_name;
++		OCSP_ONEREQ_get_ext_count;
++		UI_get0_result;
++		PKCS12_AUTHSAFES_it;
++		EVP_aes_256_ecb;
++		PKCS12_pack_authsafes;
++		ASN1_IA5STRING_it;
++		UI_get_input_flags;
++		EC_GROUP_set_generator;
++		_ossl_old_des_string_to_2keys;
++		OCSP_CERTID_free;
++		X509_CERT_AUX_it;
++		CERTIFICATEPOLICIES_it;
++		_ossl_old_des_ede3_cbc_encrypt;
++		RAND_set_rand_engine;
++		DSO_get_loaded_filename;
++		X509_ATTRIBUTE_it;
++		OCSP_ONEREQ_get_ext_by_NID;
++		PKCS12_decrypt_skey;
++		KRB5_AUTHENT_it;
++		UI_dup_error_string;
++		RSAPublicKey_it;
++		i2d_OCSP_REQUEST;
++		PKCS12_x509crl2certbag;
++		OCSP_SERVICELOC_it;
++		ASN1_item_sign;
++		X509_CRL_set_issuer_name;
++		OBJ_NAME_do_all_sorted;
++		i2d_OCSP_BASICRESP;
++		i2d_OCSP_RESPBYTES;
++		PKCS12_unpack_p7encdata;
++		HMAC_CTX_init;
++		ENGINE_get_digest;
++		OCSP_RESPONSE_print;
++		KRB5_TKTBODY_it;
++		ACCESS_DESCRIPTION_it;
++		PKCS7_ISSUER_AND_SERIAL_it;
++		PBE2PARAM_it;
++		PKCS12_certbag2x509crl;
++		PKCS7_SIGNED_it;
++		ENGINE_get_cipher;
++		i2d_OCSP_CRLID;
++		OCSP_SINGLERESP_new;
++		ENGINE_cmd_is_executable;
++		RSA_up_ref;
++		ASN1_GENERALSTRING_it;
++		ENGINE_register_DSA;
++		X509V3_EXT_add_nconf_sk;
++		ENGINE_set_load_pubkey_function;
++		PKCS8_decrypt;
++		PEM_bytes_read_bio;
++		DIRECTORYSTRING_it;
++		d2i_OCSP_CRLID;
++		EC_POINT_is_on_curve;
++		CRYPTO_set_locked_mem_ex_functions;
++		CRYPTO_set_locked_mem_ex_funcs;
++		d2i_KRB5_CHECKSUM;
++		ASN1_item_dup;
++		X509_it;
++		BN_mod_add;
++		KRB5_AUTHDATA_free;
++		_ossl_old_des_cbc_cksum;
++		ASN1_item_verify;
++		CRYPTO_set_mem_ex_functions;
++		EC_POINT_get_Jprojective_coordinates_GFp;
++		EC_POINT_get_Jproj_coords_GFp;
++		ZLONG_it;
++		CRYPTO_get_locked_mem_ex_functions;
++		CRYPTO_get_locked_mem_ex_funcs;
++		ASN1_TIME_check;
++		UI_get0_user_data;
++		HMAC_CTX_cleanup;
++		DSA_up_ref;
++		_ossl_old_des_ede3_cfb64_encrypt;
++		_ossl_odes_ede3_cfb64_encrypt;
++		ASN1_BMPSTRING_it;
++		ASN1_tag2bit;
++		UI_method_set_flusher;
++		X509_ocspid_print;
++		KRB5_ENCDATA_it;
++		ENGINE_get_load_pubkey_function;
++		UI_add_user_data;
++		OCSP_REQUEST_delete_ext;
++		UI_get_method;
++		OCSP_ONEREQ_free;
++		ASN1_PRINTABLESTRING_it;
++		X509_CRL_set_nextUpdate;
++		OCSP_REQUEST_it;
++		OCSP_BASICRESP_it;
++		AES_ecb_encrypt;
++		BN_mod_sqr;
++		NETSCAPE_CERT_SEQUENCE_it;
++		GENERAL_NAMES_it;
++		AUTHORITY_INFO_ACCESS_it;
++		ASN1_FBOOLEAN_it;
++		UI_set_ex_data;
++		_ossl_old_des_string_to_key;
++		ENGINE_register_all_RSA;
++		d2i_KRB5_PRINCNAME;
++		OCSP_RESPBYTES_it;
++		X509_CINF_it;
++		ENGINE_unregister_digests;
++		d2i_EDIPARTYNAME;
++		d2i_OCSP_SERVICELOC;
++		ENGINE_get_digests;
++		_ossl_old_des_set_odd_parity;
++		OCSP_RESPDATA_free;
++		d2i_KRB5_TICKET;
++		OTHERNAME_it;
++		EVP_MD_CTX_cleanup;
++		d2i_ASN1_GENERALSTRING;
++		X509_CRL_set_version;
++		BN_mod_sub;
++		OCSP_SINGLERESP_get_ext_by_NID;
++		ENGINE_get_ex_new_index;
++		OCSP_REQUEST_free;
++		OCSP_REQUEST_add1_ext_i2d;
++		X509_VAL_it;
++		EC_POINTs_make_affine;
++		EC_POINT_mul;
++		X509V3_EXT_add_nconf;
++		X509_TRUST_set;
++		X509_CRL_add1_ext_i2d;
++		_ossl_old_des_fcrypt;
++		DISPLAYTEXT_it;
++		X509_CRL_set_lastUpdate;
++		OCSP_BASICRESP_free;
++		OCSP_BASICRESP_add1_ext_i2d;
++		d2i_KRB5_AUTHENTBODY;
++		CRYPTO_set_ex_data_implementation;
++		CRYPTO_set_ex_data_impl;
++		KRB5_ENCDATA_new;
++		DSO_up_ref;
++		OCSP_crl_reason_str;
++		UI_get0_result_string;
++		ASN1_GENERALSTRING_new;
++		X509_SIG_it;
++		ERR_set_implementation;
++		ERR_load_EC_strings;
++		UI_get0_action_string;
++		OCSP_ONEREQ_get_ext;
++		EC_POINT_method_of;
++		i2d_KRB5_APREQBODY;
++		_ossl_old_des_ecb3_encrypt;
++		CRYPTO_get_mem_ex_functions;
++		ENGINE_get_ex_data;
++		UI_destroy_method;
++		ASN1_item_i2d_bio;
++		OCSP_ONEREQ_get_ext_by_OBJ;
++		ASN1_primitive_new;
++		ASN1_PRINTABLE_it;
++		EVP_aes_192_ecb;
++		OCSP_SIGNATURE_new;
++		LONG_it;
++		ASN1_VISIBLESTRING_it;
++		OCSP_SINGLERESP_add1_ext_i2d;
++		d2i_OCSP_CERTID;
++		ASN1_item_d2i_fp;
++		CRL_DIST_POINTS_it;
++		GENERAL_NAME_print;
++		OCSP_SINGLERESP_delete_ext;
++		PKCS12_SAFEBAGS_it;
++		d2i_OCSP_SIGNATURE;
++		OCSP_request_add1_nonce;
++		ENGINE_set_cmd_defns;
++		OCSP_SERVICELOC_free;
++		EC_GROUP_free;
++		ASN1_BIT_STRING_it;
++		X509_REQ_it;
++		_ossl_old_des_cbc_encrypt;
++		ERR_unload_strings;
++		PKCS7_SIGN_ENVELOPE_it;
++		EDIPARTYNAME_free;
++		OCSP_REQINFO_free;
++		EC_GROUP_new_curve_GFp;
++		OCSP_REQUEST_get1_ext_d2i;
++		PKCS12_item_pack_safebag;
++		asn1_ex_c2i;
++		ENGINE_register_digests;
++		i2d_OCSP_REVOKEDINFO;
++		asn1_enc_restore;
++		UI_free;
++		UI_new_method;
++		EVP_EncryptInit_ex;
++		X509_pubkey_digest;
++		EC_POINT_invert;
++		OCSP_basic_sign;
++		i2d_OCSP_RESPID;
++		OCSP_check_nonce;
++		ENGINE_ctrl_cmd;
++		d2i_KRB5_ENCKEY;
++		OCSP_parse_url;
++		OCSP_SINGLERESP_get_ext;
++		OCSP_CRLID_free;
++		OCSP_BASICRESP_get1_ext_d2i;
++		RSAPrivateKey_it;
++		ENGINE_register_all_DH;
++		i2d_EDIPARTYNAME;
++		EC_POINT_get_affine_coordinates_GFp;
++		EC_POINT_get_affine_coords_GFp;
++		OCSP_CRLID_new;
++		ENGINE_get_flags;
++		OCSP_ONEREQ_it;
++		UI_process;
++		ASN1_INTEGER_it;
++		EVP_CipherInit_ex;
++		UI_get_string_type;
++		ENGINE_unregister_DH;
++		ENGINE_register_all_DSA;
++		OCSP_ONEREQ_get_ext_by_critical;
++		bn_dup_expand;
++		OCSP_cert_id_new;
++		BASIC_CONSTRAINTS_it;
++		BN_mod_add_quick;
++		EC_POINT_new;
++		EVP_MD_CTX_destroy;
++		OCSP_RESPBYTES_free;
++		EVP_aes_128_cbc;
++		OCSP_SINGLERESP_get1_ext_d2i;
++		EC_POINT_free;
++		DH_up_ref;
++		X509_NAME_ENTRY_it;
++		UI_get_ex_new_index;
++		BN_mod_sub_quick;
++		OCSP_ONEREQ_add_ext;
++		OCSP_request_sign;
++		EVP_DigestFinal_ex;
++		ENGINE_set_digests;
++		OCSP_id_issuer_cmp;
++		OBJ_NAME_do_all;
++		EC_POINTs_mul;
++		ENGINE_register_complete;
++		X509V3_EXT_nconf_nid;
++		ASN1_SEQUENCE_it;
++		UI_set_default_method;
++		RAND_query_egd_bytes;
++		UI_method_get_writer;
++		UI_OpenSSL;
++		PEM_def_callback;
++		ENGINE_cleanup;
++		DIST_POINT_it;
++		OCSP_SINGLERESP_it;
++		d2i_KRB5_TKTBODY;
++		EC_POINT_cmp;
++		OCSP_REVOKEDINFO_new;
++		i2d_OCSP_CERTSTATUS;
++		OCSP_basic_add1_nonce;
++		ASN1_item_ex_d2i;
++		BN_mod_lshift1_quick;
++		UI_set_method;
++		OCSP_id_get0_info;
++		BN_mod_sqrt;
++		EC_GROUP_copy;
++		KRB5_ENCDATA_free;
++		_ossl_old_des_cfb_encrypt;
++		OCSP_SINGLERESP_get_ext_by_OBJ;
++		OCSP_cert_to_id;
++		OCSP_RESPID_new;
++		OCSP_RESPDATA_it;
++		d2i_OCSP_RESPDATA;
++		ENGINE_register_all_complete;
++		OCSP_check_validity;
++		PKCS12_BAGS_it;
++		OCSP_url_svcloc_new;
++		ASN1_template_free;
++		OCSP_SINGLERESP_add_ext;
++		KRB5_AUTHENTBODY_it;
++		X509_supported_extension;
++		i2d_KRB5_AUTHDATA;
++		UI_method_get_opener;
++		ENGINE_set_ex_data;
++		OCSP_REQUEST_print;
++		CBIGNUM_it;
++		KRB5_TICKET_new;
++		KRB5_APREQ_new;
++		EC_GROUP_get_curve_GFp;
++		KRB5_ENCKEY_new;
++		ASN1_template_d2i;
++		_ossl_old_des_quad_cksum;
++		OCSP_single_get0_status;
++		BN_swap;
++		POLICYINFO_it;
++		ENGINE_set_destroy_function;
++		asn1_enc_free;
++		OCSP_RESPID_it;
++		EC_GROUP_new;
++		EVP_aes_256_cbc;
++		i2d_KRB5_PRINCNAME;
++		_ossl_old_des_encrypt2;
++		_ossl_old_des_encrypt3;
++		PKCS8_PRIV_KEY_INFO_it;
++		OCSP_REQINFO_it;
++		PBEPARAM_it;
++		KRB5_AUTHENTBODY_new;
++		X509_CRL_add0_revoked;
++		EDIPARTYNAME_it;
++		NETSCAPE_SPKI_it;
++		UI_get0_test_string;
++		ENGINE_get_cipher_engine;
++		ENGINE_register_all_ciphers;
++		EC_POINT_copy;
++		BN_kronecker;
++		_ossl_old_des_ede3_ofb64_encrypt;
++		_ossl_odes_ede3_ofb64_encrypt;
++		UI_method_get_reader;
++		OCSP_BASICRESP_get_ext_count;
++		ASN1_ENUMERATED_it;
++		UI_set_result;
++		i2d_KRB5_TICKET;
++		X509_print_ex_fp;
++		EVP_CIPHER_CTX_set_padding;
++		d2i_OCSP_RESPONSE;
++		ASN1_UTCTIME_it;
++		_ossl_old_des_enc_write;
++		OCSP_RESPONSE_new;
++		AES_set_encrypt_key;
++		OCSP_resp_count;
++		KRB5_CHECKSUM_new;
++		ENGINE_load_cswift;
++		OCSP_onereq_get0_id;
++		ENGINE_set_default_ciphers;
++		NOTICEREF_it;
++		X509V3_EXT_CRL_add_nconf;
++		OCSP_REVOKEDINFO_it;
++		AES_encrypt;
++		OCSP_REQUEST_new;
++		ASN1_ANY_it;
++		CRYPTO_ex_data_new_class;
++		_ossl_old_des_ncbc_encrypt;
++		i2d_KRB5_TKTBODY;
++		EC_POINT_clear_free;
++		AES_decrypt;
++		asn1_enc_init;
++		UI_get_result_maxsize;
++		OCSP_CERTID_new;
++		ENGINE_unregister_RAND;
++		UI_method_get_closer;
++		d2i_KRB5_ENCDATA;
++		OCSP_request_onereq_count;
++		OCSP_basic_verify;
++		KRB5_AUTHENTBODY_free;
++		ASN1_item_d2i;
++		ASN1_primitive_free;
++		i2d_EXTENDED_KEY_USAGE;
++		i2d_OCSP_SIGNATURE;
++		asn1_enc_save;
++		ENGINE_load_nuron;
++		_ossl_old_des_pcbc_encrypt;
++		PKCS12_MAC_DATA_it;
++		OCSP_accept_responses_new;
++		asn1_do_lock;
++		PKCS7_ATTR_VERIFY_it;
++		KRB5_APREQBODY_it;
++		i2d_OCSP_SINGLERESP;
++		ASN1_item_ex_new;
++		UI_add_verify_string;
++		_ossl_old_des_set_key;
++		KRB5_PRINCNAME_it;
++		EVP_DecryptInit_ex;
++		i2d_OCSP_CERTID;
++		ASN1_item_d2i_bio;
++		EC_POINT_dbl;
++		asn1_get_choice_selector;
++		i2d_KRB5_CHECKSUM;
++		ENGINE_set_table_flags;
++		AES_options;
++		ENGINE_load_chil;
++		OCSP_id_cmp;
++		OCSP_BASICRESP_new;
++		OCSP_REQUEST_get_ext_by_NID;
++		KRB5_APREQ_it;
++		ENGINE_get_destroy_function;
++		CONF_set_nconf;
++		ASN1_PRINTABLE_free;
++		OCSP_BASICRESP_get_ext_by_NID;
++		DIST_POINT_NAME_it;
++		X509V3_extensions_print;
++		_ossl_old_des_cfb64_encrypt;
++		X509_REVOKED_add1_ext_i2d;
++		_ossl_old_des_ofb_encrypt;
++		KRB5_TKTBODY_new;
++		ASN1_OCTET_STRING_it;
++		ERR_load_UI_strings;
++		i2d_KRB5_ENCKEY;
++		ASN1_template_new;
++		OCSP_SIGNATURE_free;
++		ASN1_item_i2d_fp;
++		KRB5_PRINCNAME_free;
++		PKCS7_RECIP_INFO_it;
++		EXTENDED_KEY_USAGE_it;
++		EC_GFp_simple_method;
++		EC_GROUP_precompute_mult;
++		OCSP_request_onereq_get0;
++		UI_method_set_writer;
++		KRB5_AUTHENT_new;
++		X509_CRL_INFO_it;
++		DSO_set_name_converter;
++		AES_set_decrypt_key;
++		PKCS7_DIGEST_it;
++		PKCS12_x5092certbag;
++		EVP_DigestInit_ex;
++		i2a_ACCESS_DESCRIPTION;
++		OCSP_RESPONSE_it;
++		PKCS7_ENC_CONTENT_it;
++		OCSP_request_add0_id;
++		EC_POINT_make_affine;
++		DSO_get_filename;
++		OCSP_CERTSTATUS_it;
++		OCSP_request_add1_cert;
++		UI_get0_output_string;
++		UI_dup_verify_string;
++		BN_mod_lshift;
++		KRB5_AUTHDATA_it;
++		asn1_set_choice_selector;
++		OCSP_basic_add1_status;
++		OCSP_RESPID_free;
++		asn1_get_field_ptr;
++		UI_add_input_string;
++		OCSP_CRLID_it;
++		i2d_KRB5_AUTHENTBODY;
++		OCSP_REQUEST_get_ext_count;
++		ENGINE_load_atalla;
++		X509_NAME_it;
++		USERNOTICE_it;
++		OCSP_REQINFO_new;
++		OCSP_BASICRESP_get_ext;
++		CRYPTO_get_ex_data_implementation;
++		CRYPTO_get_ex_data_impl;
++		ASN1_item_pack;
++		i2d_KRB5_ENCDATA;
++		X509_PURPOSE_set;
++		X509_REQ_INFO_it;
++		UI_method_set_opener;
++		ASN1_item_ex_free;
++		ASN1_BOOLEAN_it;
++		ENGINE_get_table_flags;
++		UI_create_method;
++		OCSP_ONEREQ_add1_ext_i2d;
++		_shadow_DES_check_key;
++		d2i_OCSP_REQINFO;
++		UI_add_info_string;
++		UI_get_result_minsize;
++		ASN1_NULL_it;
++		BN_mod_lshift1;
++		d2i_OCSP_ONEREQ;
++		OCSP_ONEREQ_new;
++		KRB5_TICKET_it;
++		EVP_aes_192_cbc;
++		KRB5_TICKET_free;
++		UI_new;
++		OCSP_response_create;
++		_ossl_old_des_xcbc_encrypt;
++		PKCS7_it;
++		OCSP_REQUEST_get_ext_by_critical;
++		OCSP_REQUEST_get_ext_by_crit;
++		ENGINE_set_flags;
++		_ossl_old_des_ecb_encrypt;
++		OCSP_response_get1_basic;
++		EVP_Digest;
++		OCSP_ONEREQ_delete_ext;
++		ASN1_TBOOLEAN_it;
++		ASN1_item_new;
++		ASN1_TIME_to_generalizedtime;
++		BIGNUM_it;
++		AES_cbc_encrypt;
++		ENGINE_get_load_privkey_function;
++		ENGINE_get_load_privkey_fn;
++		OCSP_RESPONSE_free;
++		UI_method_set_reader;
++		i2d_ASN1_T61STRING;
++		EC_POINT_set_to_infinity;
++		ERR_load_OCSP_strings;
++		EC_POINT_point2oct;
++		KRB5_APREQ_free;
++		ASN1_OBJECT_it;
++		OCSP_crlID_new;
++		OCSP_crlID2_new;
++		CONF_modules_load_file;
++		CONF_imodule_set_usr_data;
++		ENGINE_set_default_string;
++		CONF_module_get_usr_data;
++		ASN1_add_oid_module;
++		CONF_modules_finish;
++		OPENSSL_config;
++		CONF_modules_unload;
++		CONF_imodule_get_value;
++		CONF_module_set_usr_data;
++		CONF_parse_list;
++		CONF_module_add;
++		CONF_get1_default_config_file;
++		CONF_imodule_get_flags;
++		CONF_imodule_get_module;
++		CONF_modules_load;
++		CONF_imodule_get_name;
++		ERR_peek_top_error;
++		CONF_imodule_get_usr_data;
++		CONF_imodule_set_flags;
++		ENGINE_add_conf_module;
++		ERR_peek_last_error_line;
++		ERR_peek_last_error_line_data;
++		ERR_peek_last_error;
++		DES_read_2passwords;
++		DES_read_password;
++		UI_UTIL_read_pw;
++		UI_UTIL_read_pw_string;
++		ENGINE_load_aep;
++		ENGINE_load_sureware;
++		OPENSSL_add_all_algorithms_noconf;
++		OPENSSL_add_all_algo_noconf;
++		OPENSSL_add_all_algorithms_conf;
++		OPENSSL_add_all_algo_conf;
++		OPENSSL_load_builtin_modules;
++		AES_ofb128_encrypt;
++		AES_ctr128_encrypt;
++		AES_cfb128_encrypt;
++		ENGINE_load_4758cca;
++		_ossl_096_des_random_seed;
++		EVP_aes_256_ofb;
++		EVP_aes_192_ofb;
++		EVP_aes_128_cfb128;
++		EVP_aes_256_cfb128;
++		EVP_aes_128_ofb;
++		EVP_aes_192_cfb128;
++		CONF_modules_free;
++		NCONF_default;
++		OPENSSL_no_config;
++		NCONF_WIN32;
++		ASN1_UNIVERSALSTRING_new;
++		EVP_des_ede_ecb;
++		i2d_ASN1_UNIVERSALSTRING;
++		ASN1_UNIVERSALSTRING_free;
++		ASN1_UNIVERSALSTRING_it;
++		d2i_ASN1_UNIVERSALSTRING;
++		EVP_des_ede3_ecb;
++		X509_REQ_print_ex;
++		ENGINE_up_ref;
++		BUF_MEM_grow_clean;
++		CRYPTO_realloc_clean;
++		BUF_strlcat;
++		BIO_indent;
++		BUF_strlcpy;
++		OpenSSLDie;
++		OPENSSL_cleanse;
++		ENGINE_setup_bsd_cryptodev;
++		ERR_release_err_state_table;
++		EVP_aes_128_cfb8;
++		FIPS_corrupt_rsa;
++		FIPS_selftest_des;
++		EVP_aes_128_cfb1;
++		EVP_aes_192_cfb8;
++		FIPS_mode_set;
++		FIPS_selftest_dsa;
++		EVP_aes_256_cfb8;
++		FIPS_allow_md5;
++		DES_ede3_cfb_encrypt;
++		EVP_des_ede3_cfb8;
++		FIPS_rand_seeded;
++		AES_cfbr_encrypt_block;
++		AES_cfb8_encrypt;
++		FIPS_rand_seed;
++		FIPS_corrupt_des;
++		EVP_aes_192_cfb1;
++		FIPS_selftest_aes;
++		FIPS_set_prng_key;
++		EVP_des_cfb8;
++		FIPS_corrupt_dsa;
++		FIPS_test_mode;
++		FIPS_rand_method;
++		EVP_aes_256_cfb1;
++		ERR_load_FIPS_strings;
++		FIPS_corrupt_aes;
++		FIPS_selftest_sha1;
++		FIPS_selftest_rsa;
++		FIPS_corrupt_sha1;
++		EVP_des_cfb1;
++		FIPS_dsa_check;
++		AES_cfb1_encrypt;
++		EVP_des_ede3_cfb1;
++		FIPS_rand_check;
++		FIPS_md5_allowed;
++		FIPS_mode;
++		FIPS_selftest_failed;
++		sk_is_sorted;
++		X509_check_ca;
++		HMAC_CTX_set_flags;
++		d2i_PROXY_CERT_INFO_EXTENSION;
++		PROXY_POLICY_it;
++		i2d_PROXY_POLICY;
++		i2d_PROXY_CERT_INFO_EXTENSION;
++		d2i_PROXY_POLICY;
++		PROXY_CERT_INFO_EXTENSION_new;
++		PROXY_CERT_INFO_EXTENSION_free;
++		PROXY_CERT_INFO_EXTENSION_it;
++		PROXY_POLICY_free;
++		PROXY_POLICY_new;
++		BN_MONT_CTX_set_locked;
++		FIPS_selftest_rng;
++		EVP_sha384;
++		EVP_sha512;
++		EVP_sha224;
++		EVP_sha256;
++		FIPS_selftest_hmac;
++		FIPS_corrupt_rng;
++		BN_mod_exp_mont_consttime;
++		RSA_X931_hash_id;
++		RSA_padding_check_X931;
++		RSA_verify_PKCS1_PSS;
++		RSA_padding_add_X931;
++		RSA_padding_add_PKCS1_PSS;
++		PKCS1_MGF1;
++		BN_X931_generate_Xpq;
++		RSA_X931_generate_key;
++		BN_X931_derive_prime;
++		BN_X931_generate_prime;
++		RSA_X931_derive;
++		BIO_new_dgram;
++		BN_get0_nist_prime_384;
++		ERR_set_mark;
++		X509_STORE_CTX_set0_crls;
++		ENGINE_set_STORE;
++		ENGINE_register_ECDSA;
++		STORE_meth_set_list_start_fn;
++		STORE_method_set_list_start_function;
++		BN_BLINDING_invert_ex;
++		NAME_CONSTRAINTS_free;
++		STORE_ATTR_INFO_set_number;
++		BN_BLINDING_get_thread_id;
++		X509_STORE_CTX_set0_param;
++		POLICY_MAPPING_it;
++		STORE_parse_attrs_start;
++		POLICY_CONSTRAINTS_free;
++		EVP_PKEY_add1_attr_by_NID;
++		BN_nist_mod_192;
++		EC_GROUP_get_trinomial_basis;
++		STORE_set_method;
++		GENERAL_SUBTREE_free;
++		NAME_CONSTRAINTS_it;
++		ECDH_get_default_method;
++		PKCS12_add_safe;
++		EC_KEY_new_by_curve_name;
++		STORE_meth_get_update_store_fn;
++		STORE_method_get_update_store_function;
++		ENGINE_register_ECDH;
++		SHA512_Update;
++		i2d_ECPrivateKey;
++		BN_get0_nist_prime_192;
++		STORE_modify_certificate;
++		EC_POINT_set_affine_coordinates_GF2m;
++		EC_POINT_set_affine_coords_GF2m;
++		BN_GF2m_mod_exp_arr;
++		STORE_ATTR_INFO_modify_number;
++		X509_keyid_get0;
++		ENGINE_load_gmp;
++		pitem_new;
++		BN_GF2m_mod_mul_arr;
++		STORE_list_public_key_endp;
++		o2i_ECPublicKey;
++		EC_KEY_copy;
++		BIO_dump_fp;
++		X509_policy_node_get0_parent;
++		EC_GROUP_check_discriminant;
++		i2o_ECPublicKey;
++		EC_KEY_precompute_mult;
++		a2i_IPADDRESS;
++		STORE_meth_set_initialise_fn;
++		STORE_method_set_initialise_function;
++		X509_STORE_CTX_set_depth;
++		X509_VERIFY_PARAM_inherit;
++		EC_POINT_point2bn;
++		STORE_ATTR_INFO_set_dn;
++		X509_policy_tree_get0_policies;
++		EC_GROUP_new_curve_GF2m;
++		STORE_destroy_method;
++		ENGINE_unregister_STORE;
++		EVP_PKEY_get1_EC_KEY;
++		STORE_ATTR_INFO_get0_number;
++		ENGINE_get_default_ECDH;
++		EC_KEY_get_conv_form;
++		ASN1_OCTET_STRING_NDEF_it;
++		STORE_delete_public_key;
++		STORE_get_public_key;
++		STORE_modify_arbitrary;
++		ENGINE_get_static_state;
++		pqueue_iterator;
++		ECDSA_SIG_new;
++		OPENSSL_DIR_end;
++		BN_GF2m_mod_sqr;
++		EC_POINT_bn2point;
++		X509_VERIFY_PARAM_set_depth;
++		EC_KEY_set_asn1_flag;
++		STORE_get_method;
++		EC_KEY_get_key_method_data;
++		ECDSA_sign_ex;
++		STORE_parse_attrs_end;
++		EC_GROUP_get_point_conversion_form;
++		EC_GROUP_get_point_conv_form;
++		STORE_method_set_store_function;
++		STORE_ATTR_INFO_in;
++		PEM_read_bio_ECPKParameters;
++		EC_GROUP_get_pentanomial_basis;
++		EVP_PKEY_add1_attr_by_txt;
++		BN_BLINDING_set_flags;
++		X509_VERIFY_PARAM_set1_policies;
++		X509_VERIFY_PARAM_set1_name;
++		X509_VERIFY_PARAM_set_purpose;
++		STORE_get_number;
++		ECDSA_sign_setup;
++		BN_GF2m_mod_solve_quad_arr;
++		EC_KEY_up_ref;
++		POLICY_MAPPING_free;
++		BN_GF2m_mod_div;
++		X509_VERIFY_PARAM_set_flags;
++		EC_KEY_free;
++		STORE_meth_set_list_next_fn;
++		STORE_method_set_list_next_function;
++		PEM_write_bio_ECPrivateKey;
++		d2i_EC_PUBKEY;
++		STORE_meth_get_generate_fn;
++		STORE_method_get_generate_function;
++		STORE_meth_set_list_end_fn;
++		STORE_method_set_list_end_function;
++		pqueue_print;
++		EC_GROUP_have_precompute_mult;
++		EC_KEY_print_fp;
++		BN_GF2m_mod_arr;
++		PEM_write_bio_X509_CERT_PAIR;
++		EVP_PKEY_cmp;
++		X509_policy_level_node_count;
++		STORE_new_engine;
++		STORE_list_public_key_start;
++		X509_VERIFY_PARAM_new;
++		ECDH_get_ex_data;
++		EVP_PKEY_get_attr;
++		ECDSA_do_sign;
++		ENGINE_unregister_ECDH;
++		ECDH_OpenSSL;
++		EC_KEY_set_conv_form;
++		EC_POINT_dup;
++		GENERAL_SUBTREE_new;
++		STORE_list_crl_endp;
++		EC_get_builtin_curves;
++		X509_policy_node_get0_qualifiers;
++		X509_pcy_node_get0_qualifiers;
++		STORE_list_crl_end;
++		EVP_PKEY_set1_EC_KEY;
++		BN_GF2m_mod_sqrt_arr;
++		i2d_ECPrivateKey_bio;
++		ECPKParameters_print_fp;
++		pqueue_find;
++		ECDSA_SIG_free;
++		PEM_write_bio_ECPKParameters;
++		STORE_method_set_ctrl_function;
++		STORE_list_public_key_end;
++		EC_KEY_set_private_key;
++		pqueue_peek;
++		STORE_get_arbitrary;
++		STORE_store_crl;
++		X509_policy_node_get0_policy;
++		PKCS12_add_safes;
++		BN_BLINDING_convert_ex;
++		X509_policy_tree_free;
++		OPENSSL_ia32cap_loc;
++		BN_GF2m_poly2arr;
++		STORE_ctrl;
++		STORE_ATTR_INFO_compare;
++		BN_get0_nist_prime_224;
++		i2d_ECParameters;
++		i2d_ECPKParameters;
++		BN_GENCB_call;
++		d2i_ECPKParameters;
++		STORE_meth_set_generate_fn;
++		STORE_method_set_generate_function;
++		ENGINE_set_ECDH;
++		NAME_CONSTRAINTS_new;
++		SHA256_Init;
++		EC_KEY_get0_public_key;
++		PEM_write_bio_EC_PUBKEY;
++		STORE_ATTR_INFO_set_cstr;
++		STORE_list_crl_next;
++		STORE_ATTR_INFO_in_range;
++		ECParameters_print;
++		STORE_meth_set_delete_fn;
++		STORE_method_set_delete_function;
++		STORE_list_certificate_next;
++		ASN1_generate_nconf;
++		BUF_memdup;
++		BN_GF2m_mod_mul;
++		STORE_meth_get_list_next_fn;
++		STORE_method_get_list_next_function;
++		STORE_ATTR_INFO_get0_dn;
++		STORE_list_private_key_next;
++		EC_GROUP_set_seed;
++		X509_VERIFY_PARAM_set_trust;
++		STORE_ATTR_INFO_free;
++		STORE_get_private_key;
++		EVP_PKEY_get_attr_count;
++		STORE_ATTR_INFO_new;
++		EC_GROUP_get_curve_GF2m;
++		STORE_meth_set_revoke_fn;
++		STORE_method_set_revoke_function;
++		STORE_store_number;
++		BN_is_prime_ex;
++		STORE_revoke_public_key;
++		X509_STORE_CTX_get0_param;
++		STORE_delete_arbitrary;
++		PEM_read_X509_CERT_PAIR;
++		X509_STORE_set_depth;
++		ECDSA_get_ex_data;
++		SHA224;
++		BIO_dump_indent_fp;
++		EC_KEY_set_group;
++		BUF_strndup;
++		STORE_list_certificate_start;
++		BN_GF2m_mod;
++		X509_REQ_check_private_key;
++		EC_GROUP_get_seed_len;
++		ERR_load_STORE_strings;
++		PEM_read_bio_EC_PUBKEY;
++		STORE_list_private_key_end;
++		i2d_EC_PUBKEY;
++		ECDSA_get_default_method;
++		ASN1_put_eoc;
++		X509_STORE_CTX_get_explicit_policy;
++		X509_STORE_CTX_get_expl_policy;
++		X509_VERIFY_PARAM_table_cleanup;
++		STORE_modify_private_key;
++		X509_VERIFY_PARAM_free;
++		EC_METHOD_get_field_type;
++		EC_GFp_nist_method;
++		STORE_meth_set_modify_fn;
++		STORE_method_set_modify_function;
++		STORE_parse_attrs_next;
++		ENGINE_load_padlock;
++		EC_GROUP_set_curve_name;
++		X509_CERT_PAIR_it;
++		STORE_meth_get_revoke_fn;
++		STORE_method_get_revoke_function;
++		STORE_method_set_get_function;
++		STORE_modify_number;
++		STORE_method_get_store_function;
++		STORE_store_private_key;
++		BN_GF2m_mod_sqr_arr;
++		RSA_setup_blinding;
++		BIO_s_datagram;
++		STORE_Memory;
++		sk_find_ex;
++		EC_GROUP_set_curve_GF2m;
++		ENGINE_set_default_ECDSA;
++		POLICY_CONSTRAINTS_new;
++		BN_GF2m_mod_sqrt;
++		ECDH_set_default_method;
++		EC_KEY_generate_key;
++		SHA384_Update;
++		BN_GF2m_arr2poly;
++		STORE_method_get_get_function;
++		STORE_meth_set_cleanup_fn;
++		STORE_method_set_cleanup_function;
++		EC_GROUP_check;
++		d2i_ECPrivateKey_bio;
++		EC_KEY_insert_key_method_data;
++		STORE_meth_get_lock_store_fn;
++		STORE_method_get_lock_store_function;
++		X509_VERIFY_PARAM_get_depth;
++		SHA224_Final;
++		STORE_meth_set_update_store_fn;
++		STORE_method_set_update_store_function;
++		SHA224_Update;
++		d2i_ECPrivateKey;
++		ASN1_item_ndef_i2d;
++		STORE_delete_private_key;
++		ERR_pop_to_mark;
++		ENGINE_register_all_STORE;
++		X509_policy_level_get0_node;
++		i2d_PKCS7_NDEF;
++		EC_GROUP_get_degree;
++		ASN1_generate_v3;
++		STORE_ATTR_INFO_modify_cstr;
++		X509_policy_tree_level_count;
++		BN_GF2m_add;
++		EC_KEY_get0_group;
++		STORE_generate_crl;
++		STORE_store_public_key;
++		X509_CERT_PAIR_free;
++		STORE_revoke_private_key;
++		BN_nist_mod_224;
++		SHA512_Final;
++		STORE_ATTR_INFO_modify_dn;
++		STORE_meth_get_initialise_fn;
++		STORE_method_get_initialise_function;
++		STORE_delete_number;
++		i2d_EC_PUBKEY_bio;
++		BIO_dgram_non_fatal_error;
++		EC_GROUP_get_asn1_flag;
++		STORE_ATTR_INFO_in_ex;
++		STORE_list_crl_start;
++		ECDH_get_ex_new_index;
++		STORE_meth_get_modify_fn;
++		STORE_method_get_modify_function;
++		v2i_ASN1_BIT_STRING;
++		STORE_store_certificate;
++		OBJ_bsearch_ex;
++		X509_STORE_CTX_set_default;
++		STORE_ATTR_INFO_set_sha1str;
++		BN_GF2m_mod_inv;
++		BN_GF2m_mod_exp;
++		STORE_modify_public_key;
++		STORE_meth_get_list_start_fn;
++		STORE_method_get_list_start_function;
++		EC_GROUP_get0_seed;
++		STORE_store_arbitrary;
++		STORE_meth_set_unlock_store_fn;
++		STORE_method_set_unlock_store_function;
++		BN_GF2m_mod_div_arr;
++		ENGINE_set_ECDSA;
++		STORE_create_method;
++		ECPKParameters_print;
++		EC_KEY_get0_private_key;
++		PEM_write_EC_PUBKEY;
++		X509_VERIFY_PARAM_set1;
++		ECDH_set_method;
++		v2i_GENERAL_NAME_ex;
++		ECDH_set_ex_data;
++		STORE_generate_key;
++		BN_nist_mod_521;
++		X509_policy_tree_get0_level;
++		EC_GROUP_set_point_conversion_form;
++		EC_GROUP_set_point_conv_form;
++		PEM_read_EC_PUBKEY;
++		i2d_ECDSA_SIG;
++		ECDSA_OpenSSL;
++		STORE_delete_crl;
++		EC_KEY_get_enc_flags;
++		ASN1_const_check_infinite_end;
++		EVP_PKEY_delete_attr;
++		ECDSA_set_default_method;
++		EC_POINT_set_compressed_coordinates_GF2m;
++		EC_POINT_set_compr_coords_GF2m;
++		EC_GROUP_cmp;
++		STORE_revoke_certificate;
++		BN_get0_nist_prime_256;
++		STORE_meth_get_delete_fn;
++		STORE_method_get_delete_function;
++		SHA224_Init;
++		PEM_read_ECPrivateKey;
++		SHA512_Init;
++		STORE_parse_attrs_endp;
++		BN_set_negative;
++		ERR_load_ECDSA_strings;
++		EC_GROUP_get_basis_type;
++		STORE_list_public_key_next;
++		i2v_ASN1_BIT_STRING;
++		STORE_OBJECT_free;
++		BN_nist_mod_384;
++		i2d_X509_CERT_PAIR;
++		PEM_write_ECPKParameters;
++		ECDH_compute_key;
++		STORE_ATTR_INFO_get0_sha1str;
++		ENGINE_register_all_ECDH;
++		pqueue_pop;
++		STORE_ATTR_INFO_get0_cstr;
++		POLICY_CONSTRAINTS_it;
++		STORE_get_ex_new_index;
++		EVP_PKEY_get_attr_by_OBJ;
++		X509_VERIFY_PARAM_add0_policy;
++		BN_GF2m_mod_solve_quad;
++		SHA256;
++		i2d_ECPrivateKey_fp;
++		X509_policy_tree_get0_user_policies;
++		X509_pcy_tree_get0_usr_policies;
++		OPENSSL_DIR_read;
++		ENGINE_register_all_ECDSA;
++		X509_VERIFY_PARAM_lookup;
++		EC_POINT_get_affine_coordinates_GF2m;
++		EC_POINT_get_affine_coords_GF2m;
++		EC_GROUP_dup;
++		ENGINE_get_default_ECDSA;
++		EC_KEY_new;
++		SHA256_Transform;
++		EC_KEY_set_enc_flags;
++		ECDSA_verify;
++		EC_POINT_point2hex;
++		ENGINE_get_STORE;
++		SHA512;
++		STORE_get_certificate;
++		ECDSA_do_sign_ex;
++		ECDSA_do_verify;
++		d2i_ECPrivateKey_fp;
++		STORE_delete_certificate;
++		SHA512_Transform;
++		X509_STORE_set1_param;
++		STORE_method_get_ctrl_function;
++		STORE_free;
++		PEM_write_ECPrivateKey;
++		STORE_meth_get_unlock_store_fn;
++		STORE_method_get_unlock_store_function;
++		STORE_get_ex_data;
++		EC_KEY_set_public_key;
++		PEM_read_ECPKParameters;
++		X509_CERT_PAIR_new;
++		ENGINE_register_STORE;
++		RSA_generate_key_ex;
++		DSA_generate_parameters_ex;
++		ECParameters_print_fp;
++		X509V3_NAME_from_section;
++		EVP_PKEY_add1_attr;
++		STORE_modify_crl;
++		STORE_list_private_key_start;
++		POLICY_MAPPINGS_it;
++		GENERAL_SUBTREE_it;
++		EC_GROUP_get_curve_name;
++		PEM_write_X509_CERT_PAIR;
++		BIO_dump_indent_cb;
++		d2i_X509_CERT_PAIR;
++		STORE_list_private_key_endp;
++		asn1_const_Finish;
++		i2d_EC_PUBKEY_fp;
++		BN_nist_mod_256;
++		X509_VERIFY_PARAM_add0_table;
++		pqueue_free;
++		BN_BLINDING_create_param;
++		ECDSA_size;
++		d2i_EC_PUBKEY_bio;
++		BN_get0_nist_prime_521;
++		STORE_ATTR_INFO_modify_sha1str;
++		BN_generate_prime_ex;
++		EC_GROUP_new_by_curve_name;
++		SHA256_Final;
++		DH_generate_parameters_ex;
++		PEM_read_bio_ECPrivateKey;
++		STORE_meth_get_cleanup_fn;
++		STORE_method_get_cleanup_function;
++		ENGINE_get_ECDH;
++		d2i_ECDSA_SIG;
++		BN_is_prime_fasttest_ex;
++		ECDSA_sign;
++		X509_policy_check;
++		EVP_PKEY_get_attr_by_NID;
++		STORE_set_ex_data;
++		ENGINE_get_ECDSA;
++		EVP_ecdsa;
++		BN_BLINDING_get_flags;
++		PKCS12_add_cert;
++		STORE_OBJECT_new;
++		ERR_load_ECDH_strings;
++		EC_KEY_dup;
++		EVP_CIPHER_CTX_rand_key;
++		ECDSA_set_method;
++		a2i_IPADDRESS_NC;
++		d2i_ECParameters;
++		STORE_list_certificate_end;
++		STORE_get_crl;
++		X509_POLICY_NODE_print;
++		SHA384_Init;
++		EC_GF2m_simple_method;
++		ECDSA_set_ex_data;
++		SHA384_Final;
++		PKCS7_set_digest;
++		EC_KEY_print;
++		STORE_meth_set_lock_store_fn;
++		STORE_method_set_lock_store_function;
++		ECDSA_get_ex_new_index;
++		SHA384;
++		POLICY_MAPPING_new;
++		STORE_list_certificate_endp;
++		X509_STORE_CTX_get0_policy_tree;
++		EC_GROUP_set_asn1_flag;
++		EC_KEY_check_key;
++		d2i_EC_PUBKEY_fp;
++		PKCS7_set0_type_other;
++		PEM_read_bio_X509_CERT_PAIR;
++		pqueue_next;
++		STORE_meth_get_list_end_fn;
++		STORE_method_get_list_end_function;
++		EVP_PKEY_add1_attr_by_OBJ;
++		X509_VERIFY_PARAM_set_time;
++		pqueue_new;
++		ENGINE_set_default_ECDH;
++		STORE_new_method;
++		PKCS12_add_key;
++		DSO_merge;
++		EC_POINT_hex2point;
++		BIO_dump_cb;
++		SHA256_Update;
++		pqueue_insert;
++		pitem_free;
++		BN_GF2m_mod_inv_arr;
++		ENGINE_unregister_ECDSA;
++		BN_BLINDING_set_thread_id;
++		get_rfc3526_prime_8192;
++		X509_VERIFY_PARAM_clear_flags;
++		get_rfc2409_prime_1024;
++		DH_check_pub_key;
++		get_rfc3526_prime_2048;
++		get_rfc3526_prime_6144;
++		get_rfc3526_prime_1536;
++		get_rfc3526_prime_3072;
++		get_rfc3526_prime_4096;
++		get_rfc2409_prime_768;
++		X509_VERIFY_PARAM_get_flags;
++		EVP_CIPHER_CTX_new;
++		EVP_CIPHER_CTX_free;
++		Camellia_cbc_encrypt;
++		Camellia_cfb128_encrypt;
++		Camellia_cfb1_encrypt;
++		Camellia_cfb8_encrypt;
++		Camellia_ctr128_encrypt;
++		Camellia_cfbr_encrypt_block;
++		Camellia_decrypt;
++		Camellia_ecb_encrypt;
++		Camellia_encrypt;
++		Camellia_ofb128_encrypt;
++		Camellia_set_key;
++		EVP_camellia_128_cbc;
++		EVP_camellia_128_cfb128;
++		EVP_camellia_128_cfb1;
++		EVP_camellia_128_cfb8;
++		EVP_camellia_128_ecb;
++		EVP_camellia_128_ofb;
++		EVP_camellia_192_cbc;
++		EVP_camellia_192_cfb128;
++		EVP_camellia_192_cfb1;
++		EVP_camellia_192_cfb8;
++		EVP_camellia_192_ecb;
++		EVP_camellia_192_ofb;
++		EVP_camellia_256_cbc;
++		EVP_camellia_256_cfb128;
++		EVP_camellia_256_cfb1;
++		EVP_camellia_256_cfb8;
++		EVP_camellia_256_ecb;
++		EVP_camellia_256_ofb;
++		a2i_ipadd;
++		ASIdentifiers_free;
++		i2d_ASIdOrRange;
++		EVP_CIPHER_block_size;
++		v3_asid_is_canonical;
++		IPAddressChoice_free;
++		EVP_CIPHER_CTX_set_app_data;
++		BIO_set_callback_arg;
++		v3_addr_add_prefix;
++		IPAddressOrRange_it;
++		BIO_set_flags;
++		ASIdentifiers_it;
++		v3_addr_get_range;
++		BIO_method_type;
++		v3_addr_inherits;
++		IPAddressChoice_it;
++		AES_ige_encrypt;
++		v3_addr_add_range;
++		EVP_CIPHER_CTX_nid;
++		d2i_ASRange;
++		v3_addr_add_inherit;
++		v3_asid_add_id_or_range;
++		v3_addr_validate_resource_set;
++		EVP_CIPHER_iv_length;
++		EVP_MD_type;
++		v3_asid_canonize;
++		IPAddressRange_free;
++		v3_asid_add_inherit;
++		EVP_CIPHER_CTX_key_length;
++		IPAddressRange_new;
++		ASIdOrRange_new;
++		EVP_MD_size;
++		EVP_MD_CTX_test_flags;
++		BIO_clear_flags;
++		i2d_ASRange;
++		IPAddressRange_it;
++		IPAddressChoice_new;
++		ASIdentifierChoice_new;
++		ASRange_free;
++		EVP_MD_pkey_type;
++		EVP_MD_CTX_clear_flags;
++		IPAddressFamily_free;
++		i2d_IPAddressFamily;
++		IPAddressOrRange_new;
++		EVP_CIPHER_flags;
++		v3_asid_validate_resource_set;
++		d2i_IPAddressRange;
++		AES_bi_ige_encrypt;
++		BIO_get_callback;
++		IPAddressOrRange_free;
++		v3_addr_subset;
++		d2i_IPAddressFamily;
++		v3_asid_subset;
++		BIO_test_flags;
++		i2d_ASIdentifierChoice;
++		ASRange_it;
++		d2i_ASIdentifiers;
++		ASRange_new;
++		d2i_IPAddressChoice;
++		v3_addr_get_afi;
++		EVP_CIPHER_key_length;
++		EVP_Cipher;
++		i2d_IPAddressOrRange;
++		ASIdOrRange_it;
++		EVP_CIPHER_nid;
++		i2d_IPAddressChoice;
++		EVP_CIPHER_CTX_block_size;
++		ASIdentifiers_new;
++		v3_addr_validate_path;
++		IPAddressFamily_new;
++		EVP_MD_CTX_set_flags;
++		v3_addr_is_canonical;
++		i2d_IPAddressRange;
++		IPAddressFamily_it;
++		v3_asid_inherits;
++		EVP_CIPHER_CTX_cipher;
++		EVP_CIPHER_CTX_get_app_data;
++		EVP_MD_block_size;
++		EVP_CIPHER_CTX_flags;
++		v3_asid_validate_path;
++		d2i_IPAddressOrRange;
++		v3_addr_canonize;
++		ASIdentifierChoice_it;
++		EVP_MD_CTX_md;
++		d2i_ASIdentifierChoice;
++		BIO_method_name;
++		EVP_CIPHER_CTX_iv_length;
++		ASIdOrRange_free;
++		ASIdentifierChoice_free;
++		BIO_get_callback_arg;
++		BIO_set_callback;
++		d2i_ASIdOrRange;
++		i2d_ASIdentifiers;
++		SEED_decrypt;
++		SEED_encrypt;
++		SEED_cbc_encrypt;
++		EVP_seed_ofb;
++		SEED_cfb128_encrypt;
++		SEED_ofb128_encrypt;
++		EVP_seed_cbc;
++		SEED_ecb_encrypt;
++		EVP_seed_ecb;
++		SEED_set_key;
++		EVP_seed_cfb128;
++		X509_EXTENSIONS_it;
++		X509_get1_ocsp;
++		OCSP_REQ_CTX_free;
++		i2d_X509_EXTENSIONS;
++		OCSP_sendreq_nbio;
++		OCSP_sendreq_new;
++		d2i_X509_EXTENSIONS;
++		X509_ALGORS_it;
++		X509_ALGOR_get0;
++		X509_ALGOR_set0;
++		AES_unwrap_key;
++		AES_wrap_key;
++		X509at_get0_data_by_OBJ;
++		ASN1_TYPE_set1;
++		ASN1_STRING_set0;
++		i2d_X509_ALGORS;
++		BIO_f_zlib;
++		COMP_zlib_cleanup;
++		d2i_X509_ALGORS;
++		CMS_ReceiptRequest_free;
++		PEM_write_CMS;
++		CMS_add0_CertificateChoices;
++		CMS_unsigned_add1_attr_by_OBJ;
++		ERR_load_CMS_strings;
++		CMS_sign_receipt;
++		i2d_CMS_ContentInfo;
++		CMS_signed_delete_attr;
++		d2i_CMS_bio;
++		CMS_unsigned_get_attr_by_NID;
++		CMS_verify;
++		SMIME_read_CMS;
++		CMS_decrypt_set1_key;
++		CMS_SignerInfo_get0_algs;
++		CMS_add1_cert;
++		CMS_set_detached;
++		CMS_encrypt;
++		CMS_EnvelopedData_create;
++		CMS_uncompress;
++		CMS_add0_crl;
++		CMS_SignerInfo_verify_content;
++		CMS_unsigned_get0_data_by_OBJ;
++		PEM_write_bio_CMS;
++		CMS_unsigned_get_attr;
++		CMS_RecipientInfo_ktri_cert_cmp;
++		CMS_RecipientInfo_ktri_get0_algs;
++		CMS_RecipInfo_ktri_get0_algs;
++		CMS_ContentInfo_free;
++		CMS_final;
++		CMS_add_simple_smimecap;
++		CMS_SignerInfo_verify;
++		CMS_data;
++		CMS_ContentInfo_it;
++		d2i_CMS_ReceiptRequest;
++		CMS_compress;
++		CMS_digest_create;
++		CMS_SignerInfo_cert_cmp;
++		CMS_SignerInfo_sign;
++		CMS_data_create;
++		i2d_CMS_bio;
++		CMS_EncryptedData_set1_key;
++		CMS_decrypt;
++		int_smime_write_ASN1;
++		CMS_unsigned_delete_attr;
++		CMS_unsigned_get_attr_count;
++		CMS_add_smimecap;
++		PEM_read_CMS;
++		CMS_signed_get_attr_by_OBJ;
++		d2i_CMS_ContentInfo;
++		CMS_add_standard_smimecap;
++		CMS_ContentInfo_new;
++		CMS_RecipientInfo_type;
++		CMS_get0_type;
++		CMS_is_detached;
++		CMS_sign;
++		CMS_signed_add1_attr;
++		CMS_unsigned_get_attr_by_OBJ;
++		SMIME_write_CMS;
++		CMS_EncryptedData_decrypt;
++		CMS_get0_RecipientInfos;
++		CMS_add0_RevocationInfoChoice;
++		CMS_decrypt_set1_pkey;
++		CMS_SignerInfo_set1_signer_cert;
++		CMS_get0_signers;
++		CMS_ReceiptRequest_get0_values;
++		CMS_signed_get0_data_by_OBJ;
++		CMS_get0_SignerInfos;
++		CMS_add0_cert;
++		CMS_EncryptedData_encrypt;
++		CMS_digest_verify;
++		CMS_set1_signers_certs;
++		CMS_signed_get_attr;
++		CMS_RecipientInfo_set0_key;
++		CMS_SignedData_init;
++		CMS_RecipientInfo_kekri_get0_id;
++		CMS_verify_receipt;
++		CMS_ReceiptRequest_it;
++		PEM_read_bio_CMS;
++		CMS_get1_crls;
++		CMS_add0_recipient_key;
++		SMIME_read_ASN1;
++		CMS_ReceiptRequest_new;
++		CMS_get0_content;
++		CMS_get1_ReceiptRequest;
++		CMS_signed_add1_attr_by_OBJ;
++		CMS_RecipientInfo_kekri_id_cmp;
++		CMS_add1_ReceiptRequest;
++		CMS_SignerInfo_get0_signer_id;
++		CMS_unsigned_add1_attr_by_NID;
++		CMS_unsigned_add1_attr;
++		CMS_signed_get_attr_by_NID;
++		CMS_get1_certs;
++		CMS_signed_add1_attr_by_NID;
++		CMS_unsigned_add1_attr_by_txt;
++		CMS_dataFinal;
++		CMS_RecipientInfo_ktri_get0_signer_id;
++		CMS_RecipInfo_ktri_get0_sigr_id;
++		i2d_CMS_ReceiptRequest;
++		CMS_add1_recipient_cert;
++		CMS_dataInit;
++		CMS_signed_add1_attr_by_txt;
++		CMS_RecipientInfo_decrypt;
++		CMS_signed_get_attr_count;
++		CMS_get0_eContentType;
++		CMS_set1_eContentType;
++		CMS_ReceiptRequest_create0;
++		CMS_add1_signer;
++		CMS_RecipientInfo_set0_pkey;
++		ENGINE_set_load_ssl_client_cert_function;
++		ENGINE_set_ld_ssl_clnt_cert_fn;
++		ENGINE_get_ssl_client_cert_function;
++		ENGINE_get_ssl_client_cert_fn;
++		ENGINE_load_ssl_client_cert;
++		ENGINE_load_capi;
++		OPENSSL_isservice;
++		FIPS_dsa_sig_decode;
++		EVP_CIPHER_CTX_clear_flags;
++		FIPS_rand_status;
++		FIPS_rand_set_key;
++		CRYPTO_set_mem_info_functions;
++		RSA_X931_generate_key_ex;
++		int_ERR_set_state_func;
++		int_EVP_MD_set_engine_callbacks;
++		int_CRYPTO_set_do_dynlock_callback;
++		FIPS_rng_stick;
++		EVP_CIPHER_CTX_set_flags;
++		BN_X931_generate_prime_ex;
++		FIPS_selftest_check;
++		FIPS_rand_set_dt;
++		CRYPTO_dbg_pop_info;
++		FIPS_dsa_free;
++		RSA_X931_derive_ex;
++		FIPS_rsa_new;
++		FIPS_rand_bytes;
++		fips_cipher_test;
++		EVP_CIPHER_CTX_test_flags;
++		CRYPTO_malloc_debug_init;
++		CRYPTO_dbg_push_info;
++		FIPS_corrupt_rsa_keygen;
++		FIPS_dh_new;
++		FIPS_corrupt_dsa_keygen;
++		FIPS_dh_free;
++		fips_pkey_signature_test;
++		EVP_add_alg_module;
++		int_RAND_init_engine_callbacks;
++		int_EVP_CIPHER_set_engine_callbacks;
++		int_EVP_MD_init_engine_callbacks;
++		FIPS_rand_test_mode;
++		FIPS_rand_reset;
++		FIPS_dsa_new;
++		int_RAND_set_callbacks;
++		BN_X931_derive_prime_ex;
++		int_ERR_lib_init;
++		int_EVP_CIPHER_init_engine_callbacks;
++		FIPS_rsa_free;
++		FIPS_dsa_sig_encode;
++		CRYPTO_dbg_remove_all_info;
++		OPENSSL_init;
++		CRYPTO_strdup;
++		JPAKE_STEP3A_process;
++		JPAKE_STEP1_release;
++		JPAKE_get_shared_key;
++		JPAKE_STEP3B_init;
++		JPAKE_STEP1_generate;
++		JPAKE_STEP1_init;
++		JPAKE_STEP3B_process;
++		JPAKE_STEP2_generate;
++		JPAKE_CTX_new;
++		JPAKE_CTX_free;
++		JPAKE_STEP3B_release;
++		JPAKE_STEP3A_release;
++		JPAKE_STEP2_process;
++		JPAKE_STEP3B_generate;
++		JPAKE_STEP1_process;
++		JPAKE_STEP3A_generate;
++		JPAKE_STEP2_release;
++		JPAKE_STEP3A_init;
++		ERR_load_JPAKE_strings;
++		JPAKE_STEP2_init;
++		pqueue_size;
++		i2d_TS_ACCURACY;
++		i2d_TS_MSG_IMPRINT_fp;
++		i2d_TS_MSG_IMPRINT;
++		EVP_PKEY_print_public;
++		EVP_PKEY_CTX_new;
++		i2d_TS_TST_INFO;
++		EVP_PKEY_asn1_find;
++		DSO_METHOD_beos;
++		TS_CONF_load_cert;
++		TS_REQ_get_ext;
++		EVP_PKEY_sign_init;
++		ASN1_item_print;
++		TS_TST_INFO_set_nonce;
++		TS_RESP_dup;
++		ENGINE_register_pkey_meths;
++		EVP_PKEY_asn1_add0;
++		PKCS7_add0_attrib_signing_time;
++		i2d_TS_TST_INFO_fp;
++		BIO_asn1_get_prefix;
++		TS_TST_INFO_set_time;
++		EVP_PKEY_meth_set_decrypt;
++		EVP_PKEY_set_type_str;
++		EVP_PKEY_CTX_get_keygen_info;
++		TS_REQ_set_policy_id;
++		d2i_TS_RESP_fp;
++		ENGINE_get_pkey_asn1_meth_engine;
++		ENGINE_get_pkey_asn1_meth_eng;
++		WHIRLPOOL_Init;
++		TS_RESP_set_status_info;
++		EVP_PKEY_keygen;
++		EVP_DigestSignInit;
++		TS_ACCURACY_set_millis;
++		TS_REQ_dup;
++		GENERAL_NAME_dup;
++		ASN1_SEQUENCE_ANY_it;
++		WHIRLPOOL;
++		X509_STORE_get1_crls;
++		ENGINE_get_pkey_asn1_meth;
++		EVP_PKEY_asn1_new;
++		BIO_new_NDEF;
++		ENGINE_get_pkey_meth;
++		TS_MSG_IMPRINT_set_algo;
++		i2d_TS_TST_INFO_bio;
++		TS_TST_INFO_set_ordering;
++		TS_TST_INFO_get_ext_by_OBJ;
++		CRYPTO_THREADID_set_pointer;
++		TS_CONF_get_tsa_section;
++		SMIME_write_ASN1;
++		TS_RESP_CTX_set_signer_key;
++		EVP_PKEY_encrypt_old;
++		EVP_PKEY_encrypt_init;
++		CRYPTO_THREADID_cpy;
++		ASN1_PCTX_get_cert_flags;
++		i2d_ESS_SIGNING_CERT;
++		TS_CONF_load_key;
++		i2d_ASN1_SEQUENCE_ANY;
++		d2i_TS_MSG_IMPRINT_bio;
++		EVP_PKEY_asn1_set_public;
++		b2i_PublicKey_bio;
++		BIO_asn1_set_prefix;
++		EVP_PKEY_new_mac_key;
++		BIO_new_CMS;
++		CRYPTO_THREADID_cmp;
++		TS_REQ_ext_free;
++		EVP_PKEY_asn1_set_free;
++		EVP_PKEY_get0_asn1;
++		d2i_NETSCAPE_X509;
++		EVP_PKEY_verify_recover_init;
++		EVP_PKEY_CTX_set_data;
++		EVP_PKEY_keygen_init;
++		TS_RESP_CTX_set_status_info;
++		TS_MSG_IMPRINT_get_algo;
++		TS_REQ_print_bio;
++		EVP_PKEY_CTX_ctrl_str;
++		EVP_PKEY_get_default_digest_nid;
++		PEM_write_bio_PKCS7_stream;
++		TS_MSG_IMPRINT_print_bio;
++		BN_asc2bn;
++		TS_REQ_get_policy_id;
++		ENGINE_set_default_pkey_asn1_meths;
++		ENGINE_set_def_pkey_asn1_meths;
++		d2i_TS_ACCURACY;
++		DSO_global_lookup;
++		TS_CONF_set_tsa_name;
++		i2d_ASN1_SET_ANY;
++		ENGINE_load_gost;
++		WHIRLPOOL_BitUpdate;
++		ASN1_PCTX_get_flags;
++		TS_TST_INFO_get_ext_by_NID;
++		TS_RESP_new;
++		ESS_CERT_ID_dup;
++		TS_STATUS_INFO_dup;
++		TS_REQ_delete_ext;
++		EVP_DigestVerifyFinal;
++		EVP_PKEY_print_params;
++		i2d_CMS_bio_stream;
++		TS_REQ_get_msg_imprint;
++		OBJ_find_sigid_by_algs;
++		TS_TST_INFO_get_serial;
++		TS_REQ_get_nonce;
++		X509_PUBKEY_set0_param;
++		EVP_PKEY_CTX_set0_keygen_info;
++		DIST_POINT_set_dpname;
++		i2d_ISSUING_DIST_POINT;
++		ASN1_SET_ANY_it;
++		EVP_PKEY_CTX_get_data;
++		TS_STATUS_INFO_print_bio;
++		EVP_PKEY_derive_init;
++		d2i_TS_TST_INFO;
++		EVP_PKEY_asn1_add_alias;
++		d2i_TS_RESP_bio;
++		OTHERNAME_cmp;
++		GENERAL_NAME_set0_value;
++		PKCS7_RECIP_INFO_get0_alg;
++		TS_RESP_CTX_new;
++		TS_RESP_set_tst_info;
++		PKCS7_final;
++		EVP_PKEY_base_id;
++		TS_RESP_CTX_set_signer_cert;
++		TS_REQ_set_msg_imprint;
++		EVP_PKEY_CTX_ctrl;
++		TS_CONF_set_digests;
++		d2i_TS_MSG_IMPRINT;
++		EVP_PKEY_meth_set_ctrl;
++		TS_REQ_get_ext_by_NID;
++		PKCS5_pbe_set0_algor;
++		BN_BLINDING_thread_id;
++		TS_ACCURACY_new;
++		X509_CRL_METHOD_free;
++		ASN1_PCTX_get_nm_flags;
++		EVP_PKEY_meth_set_sign;
++		CRYPTO_THREADID_current;
++		EVP_PKEY_decrypt_init;
++		NETSCAPE_X509_free;
++		i2b_PVK_bio;
++		EVP_PKEY_print_private;
++		GENERAL_NAME_get0_value;
++		b2i_PVK_bio;
++		ASN1_UTCTIME_adj;
++		TS_TST_INFO_new;
++		EVP_MD_do_all_sorted;
++		TS_CONF_set_default_engine;
++		TS_ACCURACY_set_seconds;
++		TS_TST_INFO_get_time;
++		PKCS8_pkey_get0;
++		EVP_PKEY_asn1_get0;
++		OBJ_add_sigid;
++		PKCS7_SIGNER_INFO_sign;
++		EVP_PKEY_paramgen_init;
++		EVP_PKEY_sign;
++		OBJ_sigid_free;
++		EVP_PKEY_meth_set_init;
++		d2i_ESS_ISSUER_SERIAL;
++		ISSUING_DIST_POINT_new;
++		ASN1_TIME_adj;
++		TS_OBJ_print_bio;
++		EVP_PKEY_meth_set_verify_recover;
++		EVP_PKEY_meth_set_vrfy_recover;
++		TS_RESP_get_status_info;
++		CMS_stream;
++		EVP_PKEY_CTX_set_cb;
++		PKCS7_to_TS_TST_INFO;
++		ASN1_PCTX_get_oid_flags;
++		TS_TST_INFO_add_ext;
++		EVP_PKEY_meth_set_derive;
++		i2d_TS_RESP_fp;
++		i2d_TS_MSG_IMPRINT_bio;
++		TS_RESP_CTX_set_accuracy;
++		TS_REQ_set_nonce;
++		ESS_CERT_ID_new;
++		ENGINE_pkey_asn1_find_str;
++		TS_REQ_get_ext_count;
++		BUF_reverse;
++		TS_TST_INFO_print_bio;
++		d2i_ISSUING_DIST_POINT;
++		ENGINE_get_pkey_meths;
++		i2b_PrivateKey_bio;
++		i2d_TS_RESP;
++		b2i_PublicKey;
++		TS_VERIFY_CTX_cleanup;
++		TS_STATUS_INFO_free;
++		TS_RESP_verify_token;
++		OBJ_bsearch_ex_;
++		ASN1_bn_print;
++		EVP_PKEY_asn1_get_count;
++		ENGINE_register_pkey_asn1_meths;
++		ASN1_PCTX_set_nm_flags;
++		EVP_DigestVerifyInit;
++		ENGINE_set_default_pkey_meths;
++		TS_TST_INFO_get_policy_id;
++		TS_REQ_get_cert_req;
++		X509_CRL_set_meth_data;
++		PKCS8_pkey_set0;
++		ASN1_STRING_copy;
++		d2i_TS_TST_INFO_fp;
++		X509_CRL_match;
++		EVP_PKEY_asn1_set_private;
++		TS_TST_INFO_get_ext_d2i;
++		TS_RESP_CTX_add_policy;
++		d2i_TS_RESP;
++		TS_CONF_load_certs;
++		TS_TST_INFO_get_msg_imprint;
++		ERR_load_TS_strings;
++		TS_TST_INFO_get_version;
++		EVP_PKEY_CTX_dup;
++		EVP_PKEY_meth_set_verify;
++		i2b_PublicKey_bio;
++		TS_CONF_set_certs;
++		EVP_PKEY_asn1_get0_info;
++		TS_VERIFY_CTX_free;
++		TS_REQ_get_ext_by_critical;
++		TS_RESP_CTX_set_serial_cb;
++		X509_CRL_get_meth_data;
++		TS_RESP_CTX_set_time_cb;
++		TS_MSG_IMPRINT_get_msg;
++		TS_TST_INFO_ext_free;
++		TS_REQ_get_version;
++		TS_REQ_add_ext;
++		EVP_PKEY_CTX_set_app_data;
++		OBJ_bsearch_;
++		EVP_PKEY_meth_set_verifyctx;
++		i2d_PKCS7_bio_stream;
++		CRYPTO_THREADID_set_numeric;
++		PKCS7_sign_add_signer;
++		d2i_TS_TST_INFO_bio;
++		TS_TST_INFO_get_ordering;
++		TS_RESP_print_bio;
++		TS_TST_INFO_get_exts;
++		HMAC_CTX_copy;
++		PKCS5_pbe2_set_iv;
++		ENGINE_get_pkey_asn1_meths;
++		b2i_PrivateKey;
++		EVP_PKEY_CTX_get_app_data;
++		TS_REQ_set_cert_req;
++		CRYPTO_THREADID_set_callback;
++		TS_CONF_set_serial;
++		TS_TST_INFO_free;
++		d2i_TS_REQ_fp;
++		TS_RESP_verify_response;
++		i2d_ESS_ISSUER_SERIAL;
++		TS_ACCURACY_get_seconds;
++		EVP_CIPHER_do_all;
++		b2i_PrivateKey_bio;
++		OCSP_CERTID_dup;
++		X509_PUBKEY_get0_param;
++		TS_MSG_IMPRINT_dup;
++		PKCS7_print_ctx;
++		i2d_TS_REQ_bio;
++		EVP_whirlpool;
++		EVP_PKEY_asn1_set_param;
++		EVP_PKEY_meth_set_encrypt;
++		ASN1_PCTX_set_flags;
++		i2d_ESS_CERT_ID;
++		TS_VERIFY_CTX_new;
++		TS_RESP_CTX_set_extension_cb;
++		ENGINE_register_all_pkey_meths;
++		TS_RESP_CTX_set_status_info_cond;
++		TS_RESP_CTX_set_stat_info_cond;
++		EVP_PKEY_verify;
++		WHIRLPOOL_Final;
++		X509_CRL_METHOD_new;
++		EVP_DigestSignFinal;
++		TS_RESP_CTX_set_def_policy;
++		NETSCAPE_X509_it;
++		TS_RESP_create_response;
++		PKCS7_SIGNER_INFO_get0_algs;
++		TS_TST_INFO_get_nonce;
++		EVP_PKEY_decrypt_old;
++		TS_TST_INFO_set_policy_id;
++		TS_CONF_set_ess_cert_id_chain;
++		EVP_PKEY_CTX_get0_pkey;
++		d2i_TS_REQ;
++		EVP_PKEY_asn1_find_str;
++		BIO_f_asn1;
++		ESS_SIGNING_CERT_new;
++		EVP_PBE_find;
++		X509_CRL_get0_by_cert;
++		EVP_PKEY_derive;
++		i2d_TS_REQ;
++		TS_TST_INFO_delete_ext;
++		ESS_ISSUER_SERIAL_free;
++		ASN1_PCTX_set_str_flags;
++		ENGINE_get_pkey_asn1_meth_str;
++		TS_CONF_set_signer_key;
++		TS_ACCURACY_get_millis;
++		TS_RESP_get_token;
++		TS_ACCURACY_dup;
++		ENGINE_register_all_pkey_asn1_meths;
++		ENGINE_reg_all_pkey_asn1_meths;
++		X509_CRL_set_default_method;
++		CRYPTO_THREADID_hash;
++		CMS_ContentInfo_print_ctx;
++		TS_RESP_free;
++		ISSUING_DIST_POINT_free;
++		ESS_ISSUER_SERIAL_new;
++		CMS_add1_crl;
++		PKCS7_add1_attrib_digest;
++		TS_RESP_CTX_add_md;
++		TS_TST_INFO_dup;
++		ENGINE_set_pkey_asn1_meths;
++		PEM_write_bio_Parameters;
++		TS_TST_INFO_get_accuracy;
++		X509_CRL_get0_by_serial;
++		TS_TST_INFO_set_version;
++		TS_RESP_CTX_get_tst_info;
++		TS_RESP_verify_signature;
++		CRYPTO_THREADID_get_callback;
++		TS_TST_INFO_get_tsa;
++		TS_STATUS_INFO_new;
++		EVP_PKEY_CTX_get_cb;
++		TS_REQ_get_ext_d2i;
++		GENERAL_NAME_set0_othername;
++		TS_TST_INFO_get_ext_count;
++		TS_RESP_CTX_get_request;
++		i2d_NETSCAPE_X509;
++		ENGINE_get_pkey_meth_engine;
++		EVP_PKEY_meth_set_signctx;
++		EVP_PKEY_asn1_copy;
++		ASN1_TYPE_cmp;
++		EVP_CIPHER_do_all_sorted;
++		EVP_PKEY_CTX_free;
++		ISSUING_DIST_POINT_it;
++		d2i_TS_MSG_IMPRINT_fp;
++		X509_STORE_get1_certs;
++		EVP_PKEY_CTX_get_operation;
++		d2i_ESS_SIGNING_CERT;
++		TS_CONF_set_ordering;
++		EVP_PBE_alg_add_type;
++		TS_REQ_set_version;
++		EVP_PKEY_get0;
++		BIO_asn1_set_suffix;
++		i2d_TS_STATUS_INFO;
++		EVP_MD_do_all;
++		TS_TST_INFO_set_accuracy;
++		PKCS7_add_attrib_content_type;
++		ERR_remove_thread_state;
++		EVP_PKEY_meth_add0;
++		TS_TST_INFO_set_tsa;
++		EVP_PKEY_meth_new;
++		WHIRLPOOL_Update;
++		TS_CONF_set_accuracy;
++		ASN1_PCTX_set_oid_flags;
++		ESS_SIGNING_CERT_dup;
++		d2i_TS_REQ_bio;
++		X509_time_adj_ex;
++		TS_RESP_CTX_add_flags;
++		d2i_TS_STATUS_INFO;
++		TS_MSG_IMPRINT_set_msg;
++		BIO_asn1_get_suffix;
++		TS_REQ_free;
++		EVP_PKEY_meth_free;
++		TS_REQ_get_exts;
++		TS_RESP_CTX_set_clock_precision_digits;
++		TS_RESP_CTX_set_clk_prec_digits;
++		TS_RESP_CTX_add_failure_info;
++		i2d_TS_RESP_bio;
++		EVP_PKEY_CTX_get0_peerkey;
++		PEM_write_bio_CMS_stream;
++		TS_REQ_new;
++		TS_MSG_IMPRINT_new;
++		EVP_PKEY_meth_find;
++		EVP_PKEY_id;
++		TS_TST_INFO_set_serial;
++		a2i_GENERAL_NAME;
++		TS_CONF_set_crypto_device;
++		EVP_PKEY_verify_init;
++		TS_CONF_set_policies;
++		ASN1_PCTX_new;
++		ESS_CERT_ID_free;
++		ENGINE_unregister_pkey_meths;
++		TS_MSG_IMPRINT_free;
++		TS_VERIFY_CTX_init;
++		PKCS7_stream;
++		TS_RESP_CTX_set_certs;
++		TS_CONF_set_def_policy;
++		ASN1_GENERALIZEDTIME_adj;
++		NETSCAPE_X509_new;
++		TS_ACCURACY_free;
++		TS_RESP_get_tst_info;
++		EVP_PKEY_derive_set_peer;
++		PEM_read_bio_Parameters;
++		TS_CONF_set_clock_precision_digits;
++		TS_CONF_set_clk_prec_digits;
++		ESS_ISSUER_SERIAL_dup;
++		TS_ACCURACY_get_micros;
++		ASN1_PCTX_get_str_flags;
++		NAME_CONSTRAINTS_check;
++		ASN1_BIT_STRING_check;
++		X509_check_akid;
++		ENGINE_unregister_pkey_asn1_meths;
++		ENGINE_unreg_pkey_asn1_meths;
++		ASN1_PCTX_free;
++		PEM_write_bio_ASN1_stream;
++		i2d_ASN1_bio_stream;
++		TS_X509_ALGOR_print_bio;
++		EVP_PKEY_meth_set_cleanup;
++		EVP_PKEY_asn1_free;
++		ESS_SIGNING_CERT_free;
++		TS_TST_INFO_set_msg_imprint;
++		GENERAL_NAME_cmp;
++		d2i_ASN1_SET_ANY;
++		ENGINE_set_pkey_meths;
++		i2d_TS_REQ_fp;
++		d2i_ASN1_SEQUENCE_ANY;
++		GENERAL_NAME_get0_otherName;
++		d2i_ESS_CERT_ID;
++		OBJ_find_sigid_algs;
++		EVP_PKEY_meth_set_keygen;
++		PKCS5_PBKDF2_HMAC;
++		EVP_PKEY_paramgen;
++		EVP_PKEY_meth_set_paramgen;
++		BIO_new_PKCS7;
++		EVP_PKEY_verify_recover;
++		TS_ext_print_bio;
++		TS_ASN1_INTEGER_print_bio;
++		check_defer;
++		DSO_pathbyaddr;
++		EVP_PKEY_set_type;
++		TS_ACCURACY_set_micros;
++		TS_REQ_to_TS_VERIFY_CTX;
++		EVP_PKEY_meth_set_copy;
++		ASN1_PCTX_set_cert_flags;
++		TS_TST_INFO_get_ext;
++		EVP_PKEY_asn1_set_ctrl;
++		TS_TST_INFO_get_ext_by_critical;
++		EVP_PKEY_CTX_new_id;
++		TS_REQ_get_ext_by_OBJ;
++		TS_CONF_set_signer_cert;
++		X509_NAME_hash_old;
++		ASN1_TIME_set_string;
++		EVP_MD_flags;
++		TS_RESP_CTX_free;
++		DSAparams_dup;
++		DHparams_dup;
++		OCSP_REQ_CTX_add1_header;
++		OCSP_REQ_CTX_set1_req;
++		X509_STORE_set_verify_cb;
++		X509_STORE_CTX_get0_current_crl;
++		X509_STORE_CTX_get0_parent_ctx;
++		X509_STORE_CTX_get0_current_issuer;
++		X509_STORE_CTX_get0_cur_issuer;
++		X509_issuer_name_hash_old;
++		X509_subject_name_hash_old;
++		EVP_CIPHER_CTX_copy;
++		UI_method_get_prompt_constructor;
++		UI_method_get_prompt_constructr;
++		UI_method_set_prompt_constructor;
++		UI_method_set_prompt_constructr;
++		EVP_read_pw_string_min;
++		CRYPTO_cts128_encrypt;
++		CRYPTO_cts128_decrypt_block;
++		CRYPTO_cfb128_1_encrypt;
++		CRYPTO_cbc128_encrypt;
++		CRYPTO_ctr128_encrypt;
++		CRYPTO_ofb128_encrypt;
++		CRYPTO_cts128_decrypt;
++		CRYPTO_cts128_encrypt_block;
++		CRYPTO_cbc128_decrypt;
++		CRYPTO_cfb128_encrypt;
++		CRYPTO_cfb128_8_encrypt;
++		SSL_renegotiate_abbreviated;
++		TLSv1_1_method;
++		TLSv1_1_client_method;
++		TLSv1_1_server_method;
++		SSL_CTX_set_srp_client_pwd_callback;
++		SSL_CTX_set_srp_client_pwd_cb;
++		SSL_get_srp_g;
++		SSL_CTX_set_srp_username_callback;
++		SSL_CTX_set_srp_un_cb;
++		SSL_get_srp_userinfo;
++		SSL_set_srp_server_param;
++		SSL_set_srp_server_param_pw;
++		SSL_get_srp_N;
++		SSL_get_srp_username;
++		SSL_CTX_set_srp_password;
++		SSL_CTX_set_srp_strength;
++		SSL_CTX_set_srp_verify_param_callback;
++		SSL_CTX_set_srp_vfy_param_cb;
++		SSL_CTX_set_srp_cb_arg;
++		SSL_CTX_set_srp_username;
++		SSL_CTX_SRP_CTX_init;
++		SSL_SRP_CTX_init;
++		SRP_Calc_A_param;
++		SRP_generate_server_master_secret;
++		SRP_gen_server_master_secret;
++		SSL_CTX_SRP_CTX_free;
++		SRP_generate_client_master_secret;
++		SRP_gen_client_master_secret;
++		SSL_srp_server_param_with_username;
++		SSL_srp_server_param_with_un;
++		SSL_SRP_CTX_free;
++		SSL_set_debug;
++		SSL_SESSION_get0_peer;
++		TLSv1_2_client_method;
++		SSL_SESSION_set1_id_context;
++		TLSv1_2_server_method;
++		SSL_cache_hit;
++		SSL_get0_kssl_ctx;
++		SSL_set0_kssl_ctx;
++		SSL_set_state;
++		SSL_CIPHER_get_id;
++		TLSv1_2_method;
++		kssl_ctx_get0_client_princ;
++		SSL_export_keying_material;
++		SSL_set_tlsext_use_srtp;
++		SSL_CTX_set_next_protos_advertised_cb;
++		SSL_CTX_set_next_protos_adv_cb;
++		SSL_get0_next_proto_negotiated;
++		SSL_get_selected_srtp_profile;
++		SSL_CTX_set_tlsext_use_srtp;
++		SSL_select_next_proto;
++		SSL_get_srtp_profiles;
++		SSL_CTX_set_next_proto_select_cb;
++		SSL_CTX_set_next_proto_sel_cb;
++		SSL_SESSION_get_compress_id;
++
++		SRP_VBASE_get_by_user;
++		SRP_Calc_server_key;
++		SRP_create_verifier;
++		SRP_create_verifier_BN;
++		SRP_Calc_u;
++		SRP_VBASE_free;
++		SRP_Calc_client_key;
++		SRP_get_default_gN;
++		SRP_Calc_x;
++		SRP_Calc_B;
++		SRP_VBASE_new;
++		SRP_check_known_gN_param;
++		SRP_Calc_A;
++		SRP_Verify_A_mod_N;
++		SRP_VBASE_init;
++		SRP_Verify_B_mod_N;
++		EC_KEY_set_public_key_affine_coordinates;
++		EC_KEY_set_pub_key_aff_coords;
++		EVP_aes_192_ctr;
++		EVP_PKEY_meth_get0_info;
++		EVP_PKEY_meth_copy;
++		ERR_add_error_vdata;
++		EVP_aes_128_ctr;
++		EVP_aes_256_ctr;
++		EC_GFp_nistp224_method;
++		EC_KEY_get_flags;
++		RSA_padding_add_PKCS1_PSS_mgf1;
++		EVP_aes_128_xts;
++		EVP_aes_256_xts;
++		EVP_aes_128_gcm;
++		EC_KEY_clear_flags;
++		EC_KEY_set_flags;
++		EVP_aes_256_ccm;
++		RSA_verify_PKCS1_PSS_mgf1;
++		EVP_aes_128_ccm;
++		EVP_aes_192_gcm;
++		X509_ALGOR_set_md;
++		RAND_init_fips;
++		EVP_aes_256_gcm;
++		EVP_aes_192_ccm;
++		CMAC_CTX_copy;
++		CMAC_CTX_free;
++		CMAC_CTX_get0_cipher_ctx;
++		CMAC_CTX_cleanup;
++		CMAC_Init;
++		CMAC_Update;
++		CMAC_resume;
++		CMAC_CTX_new;
++		CMAC_Final;
++		CRYPTO_ctr128_encrypt_ctr32;
++		CRYPTO_gcm128_release;
++		CRYPTO_ccm128_decrypt_ccm64;
++		CRYPTO_ccm128_encrypt;
++		CRYPTO_gcm128_encrypt;
++		CRYPTO_xts128_encrypt;
++		EVP_rc4_hmac_md5;
++		CRYPTO_nistcts128_decrypt_block;
++		CRYPTO_gcm128_setiv;
++		CRYPTO_nistcts128_encrypt;
++		EVP_aes_128_cbc_hmac_sha1;
++		CRYPTO_gcm128_tag;
++		CRYPTO_ccm128_encrypt_ccm64;
++		ENGINE_load_rdrand;
++		CRYPTO_ccm128_setiv;
++		CRYPTO_nistcts128_encrypt_block;
++		CRYPTO_gcm128_aad;
++		CRYPTO_ccm128_init;
++		CRYPTO_nistcts128_decrypt;
++		CRYPTO_gcm128_new;
++		CRYPTO_ccm128_tag;
++		CRYPTO_ccm128_decrypt;
++		CRYPTO_ccm128_aad;
++		CRYPTO_gcm128_init;
++		CRYPTO_gcm128_decrypt;
++		ENGINE_load_rsax;
++		CRYPTO_gcm128_decrypt_ctr32;
++		CRYPTO_gcm128_encrypt_ctr32;
++		CRYPTO_gcm128_finish;
++		EVP_aes_256_cbc_hmac_sha1;
++		PKCS5_pbkdf2_set;
++		CMS_add0_recipient_password;
++		CMS_decrypt_set1_password;
++		CMS_RecipientInfo_set0_password;
++		RAND_set_fips_drbg_type;
++		X509_REQ_sign_ctx;
++		RSA_PSS_PARAMS_new;
++		X509_CRL_sign_ctx;
++		X509_signature_dump;
++		d2i_RSA_PSS_PARAMS;
++		RSA_PSS_PARAMS_it;
++		RSA_PSS_PARAMS_free;
++		X509_sign_ctx;
++		i2d_RSA_PSS_PARAMS;
++		ASN1_item_sign_ctx;
++		EC_GFp_nistp521_method;
++		EC_GFp_nistp256_method;
++		OPENSSL_stderr;
++		OPENSSL_cpuid_setup;
++		OPENSSL_showfatal;
++		BIO_new_dgram_sctp;
++		BIO_dgram_sctp_msg_waiting;
++		BIO_dgram_sctp_wait_for_dry;
++		BIO_s_datagram_sctp;
++		BIO_dgram_is_sctp;
++		BIO_dgram_sctp_notification_cb;
++		CRYPTO_memcmp;
++		SSL_CTX_set_alpn_protos;
++		SSL_set_alpn_protos;
++		SSL_CTX_set_alpn_select_cb;
++		SSL_get0_alpn_selected;
++		SSL_CTX_set_custom_cli_ext;
++		SSL_CTX_set_custom_srv_ext;
++		SSL_CTX_set_srv_supp_data;
++		SSL_CTX_set_cli_supp_data;
++		SSL_set_cert_cb;
++		SSL_CTX_use_serverinfo;
++		SSL_CTX_use_serverinfo_file;
++		SSL_CTX_set_cert_cb;
++		SSL_CTX_get0_param;
++		SSL_get0_param;
++		SSL_certs_clear;
++		DTLSv1_2_method;
++		DTLSv1_2_server_method;
++		DTLSv1_2_client_method;
++		DTLS_method;
++		DTLS_server_method;
++		DTLS_client_method;
++		SSL_CTX_get_ssl_method;
++		SSL_CTX_get0_certificate;
++		SSL_CTX_get0_privatekey;
++		SSL_COMP_set0_compression_methods;
++		SSL_COMP_free_compression_methods;
++		SSL_CIPHER_find;
++		SSL_is_server;
++		SSL_CONF_CTX_new;
++		SSL_CONF_CTX_finish;
++		SSL_CONF_CTX_free;
++		SSL_CONF_CTX_set_flags;
++		SSL_CONF_CTX_clear_flags;
++		SSL_CONF_CTX_set1_prefix;
++		SSL_CONF_CTX_set_ssl;
++		SSL_CONF_CTX_set_ssl_ctx;
++		SSL_CONF_cmd;
++		SSL_CONF_cmd_argv;
++		SSL_CONF_cmd_value_type;
++		SSL_trace;
++		SSL_CIPHER_standard_name;
++		SSL_get_tlsa_record_byname;
++		ASN1_TIME_diff;
++		BIO_hex_string;
++		CMS_RecipientInfo_get0_pkey_ctx;
++		CMS_RecipientInfo_encrypt;
++		CMS_SignerInfo_get0_pkey_ctx;
++		CMS_SignerInfo_get0_md_ctx;
++		CMS_SignerInfo_get0_signature;
++		CMS_RecipientInfo_kari_get0_alg;
++		CMS_RecipientInfo_kari_get0_reks;
++		CMS_RecipientInfo_kari_get0_orig_id;
++		CMS_RecipientInfo_kari_orig_id_cmp;
++		CMS_RecipientEncryptedKey_get0_id;
++		CMS_RecipientEncryptedKey_cert_cmp;
++		CMS_RecipientInfo_kari_set0_pkey;
++		CMS_RecipientInfo_kari_get0_ctx;
++		CMS_RecipientInfo_kari_decrypt;
++		CMS_SharedInfo_encode;
++		DH_compute_key_padded;
++		d2i_DHxparams;
++		i2d_DHxparams;
++		DH_get_1024_160;
++		DH_get_2048_224;
++		DH_get_2048_256;
++		DH_KDF_X9_42;
++		ECDH_KDF_X9_62;
++		ECDSA_METHOD_new;
++		ECDSA_METHOD_free;
++		ECDSA_METHOD_set_app_data;
++		ECDSA_METHOD_get_app_data;
++		ECDSA_METHOD_set_sign;
++		ECDSA_METHOD_set_sign_setup;
++		ECDSA_METHOD_set_verify;
++		ECDSA_METHOD_set_flags;
++		ECDSA_METHOD_set_name;
++		EVP_des_ede3_wrap;
++		EVP_aes_128_wrap;
++		EVP_aes_192_wrap;
++		EVP_aes_256_wrap;
++		EVP_aes_128_cbc_hmac_sha256;
++		EVP_aes_256_cbc_hmac_sha256;
++		CRYPTO_128_wrap;
++		CRYPTO_128_unwrap;
++		OCSP_REQ_CTX_nbio;
++		OCSP_REQ_CTX_new;
++		OCSP_set_max_response_length;
++		OCSP_REQ_CTX_i2d;
++		OCSP_REQ_CTX_nbio_d2i;
++		OCSP_REQ_CTX_get0_mem_bio;
++		OCSP_REQ_CTX_http;
++		RSA_padding_add_PKCS1_OAEP_mgf1;
++		RSA_padding_check_PKCS1_OAEP_mgf1;
++		RSA_OAEP_PARAMS_free;
++		RSA_OAEP_PARAMS_it;
++		RSA_OAEP_PARAMS_new;
++		SSL_get_sigalgs;
++		SSL_get_shared_sigalgs;
++		SSL_check_chain;
++		X509_chain_up_ref;
++		X509_http_nbio;
++		X509_CRL_http_nbio;
++		X509_REVOKED_dup;
++		i2d_re_X509_tbs;
++		X509_get0_signature;
++		X509_get_signature_nid;
++		X509_CRL_diff;
++		X509_chain_check_suiteb;
++		X509_CRL_check_suiteb;
++		X509_check_host;
++		X509_check_email;
++		X509_check_ip;
++		X509_check_ip_asc;
++		X509_STORE_set_lookup_crls_cb;
++		X509_STORE_CTX_get0_store;
++		X509_VERIFY_PARAM_set1_host;
++		X509_VERIFY_PARAM_add1_host;
++		X509_VERIFY_PARAM_set_hostflags;
++		X509_VERIFY_PARAM_get0_peername;
++		X509_VERIFY_PARAM_set1_email;
++		X509_VERIFY_PARAM_set1_ip;
++		X509_VERIFY_PARAM_set1_ip_asc;
++		X509_VERIFY_PARAM_get0_name;
++		X509_VERIFY_PARAM_get_count;
++		X509_VERIFY_PARAM_get0;
++		X509V3_EXT_free;
++		EC_GROUP_get_mont_data;
++		EC_curve_nid2nist;
++		EC_curve_nist2nid;
++		PEM_write_bio_DHxparams;
++		PEM_write_DHxparams;
++		SSL_CTX_add_client_custom_ext;
++		SSL_CTX_add_server_custom_ext;
++		SSL_extension_supported;
++		BUF_strnlen;
++		sk_deep_copy;
++		SSL_test_functions;
++
++	local:
++		*;
++};
++
++OPENSSL_1.0.2g {
++       global:
++               SRP_VBASE_get1_by_user;
++               SRP_user_pwd_free;
++} OPENSSL_1.0.2d;
++
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld	2014-02-24 21:02:30.000000000 +0100
+@@ -0,0 +1,10 @@
++OPENSSL_1.0.2 {
++	global:
++		bind_engine;
++		v_check;
++		OPENSSL_init;
++		OPENSSL_finish;
++	local:
++		*;
++};
++
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld	2014-02-24 21:02:30.000000000 +0100
+@@ -0,0 +1,10 @@
++OPENSSL_1.0.2 {
++	global:
++		bind_engine;
++		v_check;
++		OPENSSL_init;
++		OPENSSL_finish;
++	local:
++		*;
++};
++
diff --git a/recipes-connectivity/openssl/openssl-qoriq/engines-install-in-libdir-ssl.patch b/recipes-connectivity/openssl/openssl-qoriq/engines-install-in-libdir-ssl.patch
index d8a6f1a..a574648 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/engines-install-in-libdir-ssl.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/engines-install-in-libdir-ssl.patch
@@ -1,11 +1,11 @@
 Upstream-Status: Inappropriate [configuration]
 
 
-Index: openssl-1.0.0/engines/Makefile
+Index: openssl-1.0.2/engines/Makefile
 ===================================================================
---- openssl-1.0.0.orig/engines/Makefile
-+++ openssl-1.0.0/engines/Makefile
-@@ -107,7 +107,7 @@
+--- openssl-1.0.2.orig/engines/Makefile
++++ openssl-1.0.2/engines/Makefile
+@@ -107,13 +107,13 @@ install:
  	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
  	@if [ -n "$(SHARED_LIBS)" ]; then \
  		set -e; \
@@ -14,16 +14,19 @@ Index: openssl-1.0.0/engines/Makefile
  		for l in $(LIBNAMES); do \
  			( echo installing $$l; \
  			  pfx=lib; \
-@@ -119,13 +119,13 @@
+ 			  if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
+ 				sfx=".so"; \
+-				cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
++				cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
+ 			  else \
+ 				case "$(CFLAGS)" in \
+ 				*DSO_BEOS*)	sfx=".so";;	\
+@@ -122,10 +122,10 @@ install:
  				*DSO_WIN32*)	sfx="eay32.dll"; pfx=;;	\
  				*)		sfx=".bad";;	\
  				esac; \
 -				cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
 +				cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
- 			  else \
- 				sfx=".so"; \
--				cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
-+				cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
  			  fi; \
 -			  chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
 -			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
@@ -32,20 +35,25 @@ Index: openssl-1.0.0/engines/Makefile
  		done; \
  	fi
  	@target=install; $(RECURSIVE_MAKE)
-Index: openssl-1.0.0/engines/ccgost/Makefile
+Index: openssl-1.0.2/engines/ccgost/Makefile
 ===================================================================
---- openssl-1.0.0.orig/engines/ccgost/Makefile
-+++ openssl-1.0.0/engines/ccgost/Makefile
-@@ -53,13 +53,13 @@
+--- openssl-1.0.2.orig/engines/ccgost/Makefile
++++ openssl-1.0.2/engines/ccgost/Makefile
+@@ -47,7 +47,7 @@ install:
+ 		pfx=lib; \
+ 		if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
+ 			sfx=".so"; \
+-			cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++			cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+ 		else \
+ 			case "$(CFLAGS)" in \
+ 			*DSO_BEOS*) sfx=".so";; \
+@@ -56,10 +56,10 @@ install:
  			*DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
  			*) sfx=".bad";; \
  			esac; \
 -			cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
 +			cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
- 		else \
- 			sfx=".so"; \
--			cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
-+			cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
  		fi; \
 -		chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
 -		mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
diff --git a/recipes-connectivity/openssl/openssl-qoriq/fix-cipher-des-ede3-cfb1.patch b/recipes-connectivity/openssl/openssl-qoriq/fix-cipher-des-ede3-cfb1.patch
index f0e1778..06d1ea6 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/fix-cipher-des-ede3-cfb1.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/fix-cipher-des-ede3-cfb1.patch
@@ -6,17 +6,16 @@ http://rt.openssl.org/Ticket/Display.html?id=2867
 
 Signed-Off-By: Muhammad Shakeel <muhammad_shakeel at mentor.com>
 
-diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
-index 3232cfe..df84922 100644
+Index: openssl-1.0.2/crypto/evp/e_des3.c
 ===================================================================
---- a/crypto/evp/e_des3.c
-+++ b/crypto/evp/e_des3.c
-@@ -173,7 +173,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+--- openssl-1.0.2.orig/crypto/evp/e_des3.c
++++ openssl-1.0.2/crypto/evp/e_des3.c
+@@ -211,7 +211,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPH
      size_t n;
-     unsigned char c[1],d[1];
+     unsigned char c[1], d[1];
  
--    for(n=0 ; n < inl ; ++n)
-+    for(n=0 ; n < inl*8 ; ++n)
- 	{
- 	c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
-	DES_ede3_cfb_encrypt(c,d,1,1,
+-    for (n = 0; n < inl; ++n) {
++    for (n = 0; n * 8 < inl; ++n) {
+         c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
+         DES_ede3_cfb_encrypt(c, d, 1, 1,
+                              &data(ctx)->ks1, &data(ctx)->ks2,
diff --git a/recipes-connectivity/openssl/openssl-qoriq/initial-aarch64-bits.patch b/recipes-connectivity/openssl/openssl-qoriq/initial-aarch64-bits.patch
deleted file mode 100644
index 2185ff8..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/initial-aarch64-bits.patch
+++ /dev/null
@@ -1,119 +0,0 @@
-From: Andy Polyakov <appro at openssl.org>
-Date: Sun, 13 Oct 2013 17:15:15 +0000 (+0200)
-Subject: Initial aarch64 bits.
-X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=039081b80977e2a5de84e1f88f8b4d025b559956
-
-Initial aarch64 bits.
----
- crypto/bn/bn_lcl.h       |    9 +++++++++
- crypto/md32_common.h     |   18 ++++++++++++++++++
- crypto/modes/modes_lcl.h |    8 ++++++++
- crypto/sha/sha512.c      |   13 +++++++++++++
- 4 files changed, 48 insertions(+)
-
-Index: openssl-1.0.1f/crypto/bn/bn_lcl.h
-===================================================================
---- openssl-1.0.1f.orig/crypto/bn/bn_lcl.h	2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/crypto/bn/bn_lcl.h	2014-02-28 10:37:55.495979037 +0200
-@@ -300,6 +300,15 @@
- 	     : "r"(a), "r"(b));
- #    endif
- #  endif
-+# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG)
-+#  if defined(__GNUC__) && __GNUC__>=2
-+#   define BN_UMULT_HIGH(a,b)  ({  \
-+   register BN_ULONG ret;      \
-+   asm ("umulh %0,%1,%2"   \
-+        : "=r"(ret)        \
-+        : "r"(a), "r"(b));     \
-+   ret;            })
-+#  endif
- # endif		/* cpu */
- #endif		/* OPENSSL_NO_ASM */
- 
-Index: openssl-1.0.1f/crypto/md32_common.h
-===================================================================
---- openssl-1.0.1f.orig/crypto/md32_common.h	2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/crypto/md32_common.h	2014-02-28 10:39:21.751979107 +0200
-@@ -213,6 +213,24 @@
- 				   asm ("bswapl %0":"=r"(r):"0"(r));	\
- 				   *((unsigned int *)(c))=r; (c)+=4; r;	})
- #   endif
-+#  elif defined(__aarch64__)
-+#   if defined(__BYTE_ORDER__)
-+#    if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
-+#     define HOST_c2l(c,l) ({ unsigned int r;      \
-+                  asm ("rev    %w0,%w1"    \
-+                   :"=r"(r)        \
-+                   :"r"(*((const unsigned int *)(c))));\
-+                  (c)+=4; (l)=r;       })
-+#     define HOST_l2c(l,c) ({ unsigned int r;      \
-+                  asm ("rev    %w0,%w1"    \
-+                   :"=r"(r)        \
-+                   :"r"((unsigned int)(l)));\
-+                  *((unsigned int *)(c))=r; (c)+=4; r; })
-+#    elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
-+#     define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
-+#     define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
-+#    endif
-+#   endif
- #  endif
- # endif
- #endif
-Index: openssl-1.0.1f/crypto/modes/modes_lcl.h
-===================================================================
---- openssl-1.0.1f.orig/crypto/modes/modes_lcl.h	2014-02-28 10:47:48.731979011 +0200
-+++ openssl-1.0.1f/crypto/modes/modes_lcl.h	2014-02-28 10:48:49.707978919 +0200
-@@ -29,6 +29,7 @@
- #if defined(__i386)	|| defined(__i386__)	|| \
-     defined(__x86_64)	|| defined(__x86_64__)	|| \
-     defined(_M_IX86)	|| defined(_M_AMD64)	|| defined(_M_X64) || \
-+    defined(__aarch64__)           || \
-     defined(__s390__)	|| defined(__s390x__)
- # undef STRICT_ALIGNMENT
- #endif
-@@ -50,6 +51,13 @@
- #  define BSWAP4(x) ({	u32 ret=(x);			\
- 			asm ("bswapl %0"		\
- 			: "+r"(ret));	ret;		})
-+# elif defined(__aarch64__)
-+#  define BSWAP8(x) ({ u64 ret;            \
-+           asm ("rev %0,%1"        \
-+           : "=r"(ret) : "r"(x)); ret; })
-+#  define BSWAP4(x) ({ u32 ret;            \
-+           asm ("rev %w0,%w1"      \
-+           : "=r"(ret) : "r"(x)); ret; })
- # elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
- #  define BSWAP8(x) ({	u32 lo=(u64)(x)>>32,hi=(x);	\
- 			asm ("rev %0,%0; rev %1,%1"	\
-Index: openssl-1.0.1f/crypto/sha/sha512.c
-===================================================================
---- openssl-1.0.1f.orig/crypto/sha/sha512.c	2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/crypto/sha/sha512.c	2014-02-28 10:52:14.579978981 +0200
-@@ -55,6 +55,7 @@
- #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
-     defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
-     defined(__s390__) || defined(__s390x__) || \
-+    defined(__aarch64__) || \
-     defined(SHA512_ASM)
- #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
- #endif
-@@ -347,6 +348,18 @@
- 				asm ("rotrdi %0,%1,%2"	\
- 				: "=r"(ret)		\
- 				: "r"(a),"K"(n)); ret;	})
-+#  elif defined(__aarch64__)
-+#   define ROTR(a,n)   ({ SHA_LONG64 ret;      \
-+               asm ("ror %0,%1,%2" \
-+               : "=r"(ret)     \
-+               : "r"(a),"I"(n)); ret;  })
-+#   if  defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
-+   __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
-+#    define PULL64(x)  ({ SHA_LONG64 ret;          \
-+               asm ("rev   %0,%1"      \
-+               : "=r"(ret)         \
-+               : "r"(*((const SHA_LONG64 *)(&(x))))); ret;     })
-+#   endif
- #  endif
- # elif defined(_MSC_VER)
- #  if defined(_WIN64)	/* applies to both IA-64 and AMD64 */
diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl-1.0.2a-x32-asm.patch b/recipes-connectivity/openssl/openssl-qoriq/openssl-1.0.2a-x32-asm.patch
new file mode 100644
index 0000000..1e5bfa1
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/openssl-1.0.2a-x32-asm.patch
@@ -0,0 +1,46 @@
+https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest
+
+From 6257d59b3a68d2feb9d64317a1c556dc3813ee61 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier at gentoo.org>
+Date: Sat, 21 Mar 2015 06:01:25 -0400
+Subject: [PATCH] crypto: use bigint in x86-64 perl
+
+Upstream-Status: Pending
+Signed-off-by: Cristian Iorga <cristian.iorga at intel.com>
+
+When building on x32 systems where the default type is 32bit, make sure
+we can transparently represent 64bit integers.  Otherwise we end up with
+build errors like:
+/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s
+Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890.
+...
+ghash-x86_64.s: Assembler messages:
+ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression
+
+We don't enable this globally as there are some cases where we'd get
+32bit values interpreted as unsigned when we need them as signed.
+
+Reported-by: Bertrand Jacquin <bertrand at jacquin.bzh>
+URL: https://bugs.gentoo.org/542618
+---
+ crypto/perlasm/x86_64-xlate.pl | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
+index aae8288..0bf9774 100755
+--- a/crypto/perlasm/x86_64-xlate.pl
++++ b/crypto/perlasm/x86_64-xlate.pl
+@@ -195,6 +195,10 @@ my %globals;
+     sub out {
+     	my $self = shift;
+ 
++	# When building on x32 ABIs, the expanded hex value might be too
++	# big to fit into 32bits.  Enable transparent 64bit support here
++	# so we can safely print it out.
++	use bigint;
+ 	if ($gas) {
+ 	    # Solaris /usr/ccs/bin/as can't handle multiplications
+ 	    # in $self->{value}
+-- 
+2.3.3
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
index c161e62..f736e5c 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
@@ -8,14 +8,16 @@ http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
 
 Signed-off-by: Xufeng Zhang <xufeng.zhang at windriver.com>
 ---
---- a/crypto/evp/digest.c
-+++ b/crypto/evp/digest.c
-@@ -199,7 +199,7 @@
- 		return 0;
- 		}
+Index: openssl-1.0.2h/crypto/evp/digest.c
+===================================================================
+--- openssl-1.0.2h.orig/crypto/evp/digest.c
++++ openssl-1.0.2h/crypto/evp/digest.c
+@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
+         type = ctx->digest;
+     }
  #endif
--	if (ctx->digest != type)
-+	if (type && (ctx->digest != type))
- 		{
- 		if (ctx->digest && ctx->digest->ctx_size)
- 			OPENSSL_free(ctx->md_data);
+-    if (ctx->digest != type) {
++    if (type && (ctx->digest != type)) {
+         if (ctx->digest && ctx->digest->ctx_size) {
+             OPENSSL_free(ctx->md_data);
+             ctx->md_data = NULL;
diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch b/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
deleted file mode 100644
index 3e93fe4..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-openssl: avoid NULL pointer dereference in dh_pub_encode()/dsa_pub_encode()
-
-We should avoid accessing the pointer if ASN1_STRING_new()
-allocates memory failed.
-
-Upstream-Status: Submitted
-http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html
-
-Signed-off-by: Xufeng Zhang <xufeng.zhang at windriver.com>
----
---- a/crypto/dh/dh_ameth.c
-+++ b/crypto/dh/dh_ameth.c
-@@ -139,6 +139,12 @@
- 	dh=pkey->pkey.dh;
- 
- 	str = ASN1_STRING_new();
-+	if (!str)
-+		{
-+		DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+		}
-+
- 	str->length = i2d_DHparams(dh, &str->data);
- 	if (str->length <= 0)
- 		{
---- a/crypto/dsa/dsa_ameth.c
-+++ b/crypto/dsa/dsa_ameth.c
-@@ -148,6 +148,11 @@
- 		{
- 		ASN1_STRING *str;
- 		str = ASN1_STRING_new();
-+		if (!str)
-+			{
-+			DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
-+			goto err;
-+			}
- 		str->length = i2d_DSAparams(dsa, &str->data);
- 		if (str->length <= 0)
- 			{
diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl-c_rehash.sh b/recipes-connectivity/openssl/openssl-qoriq/openssl-c_rehash.sh
new file mode 100644
index 0000000..0ea2263
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/openssl-c_rehash.sh
@@ -0,0 +1,210 @@
+#!/bin/sh
+#
+# Ben Secrest <blsecres at gmail.com>
+#
+# sh c_rehash script, scan all files in a directory
+# and add symbolic links to their hash values.
+#
+# based on the c_rehash perl script distributed with openssl
+#
+# LICENSE: See OpenSSL license
+# ^^acceptable?^^
+#
+
+# default certificate location
+DIR=/etc/openssl
+
+# for filetype bitfield
+IS_CERT=$(( 1 << 0 ))
+IS_CRL=$(( 1 << 1 ))
+
+
+# check to see if a file is a certificate file or a CRL file
+# arguments:
+#       1. the filename to be scanned
+# returns:
+#       bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
+#
+check_file()
+{
+    local IS_TYPE=0
+
+    # make IFS a newline so we can process grep output line by line
+    local OLDIFS=${IFS}
+    IFS=$( printf "\n" )
+
+    # XXX: could be more efficient to have two 'grep -m' but is -m portable?
+    for LINE in $( grep '^-----BEGIN .*-----' ${1} )
+    do
+	if echo ${LINE} \
+	    | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----'
+	then
+	    IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} ))
+
+	    if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
+	    then
+	    	break
+	    fi
+	elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----'
+	then
+	    IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} ))
+
+	    if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
+	    then
+	    	break
+	    fi
+	fi
+    done
+
+    # restore IFS
+    IFS=${OLDIFS}
+
+    return ${IS_TYPE}
+}
+
+
+#
+# use openssl to fingerprint a file
+#    arguments:
+#	1. the filename to fingerprint
+#	2. the method to use (x509, crl)
+#    returns:
+#	none
+#    assumptions:
+#	user will capture output from last stage of pipeline
+#
+fingerprint()
+{
+    ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':'
+}
+
+
+#
+# link_hash - create links to certificate files
+#    arguments:
+#       1. the filename to create a link for
+#	2. the type of certificate being linked (x509, crl)
+#    returns:
+#	0 on success, 1 otherwise
+#
+link_hash()
+{
+    local FINGERPRINT=$( fingerprint ${1} ${2} )
+    local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
+    local SUFFIX=0
+    local LINKFILE=''
+    local TAG=''
+
+    if [ ${2} = "crl" ]
+    then
+    	TAG='r'
+    fi
+
+    LINKFILE=${HASH}.${TAG}${SUFFIX}
+
+    while [ -f ${LINKFILE} ]
+    do
+	if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
+	then
+	    echo "WARNING: Skipping duplicate file ${1}" >&2
+	    return 1
+	fi	
+
+	SUFFIX=$(( ${SUFFIX} + 1 ))
+	LINKFILE=${HASH}.${TAG}${SUFFIX}
+    done
+
+    echo "${1} => ${LINKFILE}"
+
+    # assume any system with a POSIX shell will either support symlinks or
+    # do something to handle this gracefully
+    ln -s ${1} ${LINKFILE}
+
+    return 0
+}
+
+
+# hash_dir create hash links in a given directory
+hash_dir()
+{
+    echo "Doing ${1}"
+
+    cd ${1}
+
+    ls -1 * 2>/dev/null | while read FILE
+    do
+        if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
+	    	&& [ -h "${FILE}" ]
+        then
+            rm ${FILE}
+        fi
+    done
+
+    ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE
+    do
+	check_file ${FILE}
+        local FILE_TYPE=${?}
+	local TYPE_STR=''
+
+        if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
+        then
+            TYPE_STR='x509'
+        elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
+        then
+            TYPE_STR='crl'
+        else
+            echo "WARNING: ${FILE} does not contain a certificate or CRL: skipping" >&2
+	    continue
+        fi
+
+	link_hash ${FILE} ${TYPE_STR}
+    done
+}
+
+
+# choose the name of an ssl application
+if [ -n "${OPENSSL}" ]
+then
+    SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
+else
+    SSL_CMD=/usr/bin/openssl
+    OPENSSL=${SSL_CMD}
+    export OPENSSL
+fi
+
+# fix paths
+PATH=${PATH}:${DIR}/bin
+export PATH
+
+# confirm existance/executability of ssl command
+if ! [ -x ${SSL_CMD} ]
+then
+    echo "${0}: rehashing skipped ('openssl' program not available)" >&2
+    exit 0
+fi
+
+# determine which directories to process
+old_IFS=$IFS
+if [ ${#} -gt 0 ]
+then
+    IFS=':'
+    DIRLIST=${*}
+elif [ -n "${SSL_CERT_DIR}" ]
+then
+    DIRLIST=$SSL_CERT_DIR
+else
+    DIRLIST=${DIR}/certs
+fi
+
+IFS=':'
+
+# process directories
+for CERT_DIR in ${DIRLIST}
+do
+    if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
+    then
+        IFS=$old_IFS
+        hash_dir ${CERT_DIR}
+        IFS=':'
+    fi
+done
diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl-fix-link.patch b/recipes-connectivity/openssl/openssl-qoriq/openssl-fix-link.patch
deleted file mode 100644
index 154106c..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/openssl-fix-link.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From aabfb6f78af8e337d3239142117ba303fce55e7e Mon Sep 17 00:00:00 2001
-From: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>
-Date: Thu, 22 Sep 2011 08:55:26 +0200
-Subject: [PATCH] fix the parallel build regarding shared libraries.
-
-Upstream-Status: Pending
----
- .../openssl-1.0.0e/Makefile.org                    |    8 ++++----
- 1 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/Makefile.org
-index 3c7aea1..6326cd6 100644
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -243,13 +243,13 @@ build_libs: build_crypto build_ssl build_engines
- 
- build_crypto:
- 	@dir=crypto; target=all; $(BUILD_ONE_CMD)
--build_ssl:
-+build_ssl: build_crypto
- 	@dir=ssl; target=all; $(BUILD_ONE_CMD)
--build_engines:
-+build_engines: build_crypto
- 	@dir=engines; target=all; $(BUILD_ONE_CMD)
--build_apps:
-+build_apps: build_crypto build_ssl
- 	@dir=apps; target=all; $(BUILD_ONE_CMD)
--build_tests:
-+build_tests: build_crypto build_ssl
- 	@dir=test; target=all; $(BUILD_ONE_CMD)
- build_tools:
- 	@dir=tools; target=all; $(BUILD_ONE_CMD)
--- 
-1.6.6.1
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl_fix_for_x32.patch b/recipes-connectivity/openssl/openssl-qoriq/openssl_fix_for_x32.patch
index 93ce034..cbce32c 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/openssl_fix_for_x32.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/openssl_fix_for_x32.patch
@@ -6,64 +6,13 @@ Signed-Off-By: Nitin A Kamble <nitin.a.kamble at intel.com> 2011/07/13
 
 ported the patch to the 1.0.0e version
 Signed-Off-By: Nitin A Kamble <nitin.a.kamble at intel.com> 2011/12/01
-Index: openssl-1.0.1e/Configure
+Index: openssl-1.0.2/crypto/bn/bn.h
 ===================================================================
---- openssl-1.0.1e.orig/Configure
-+++ openssl-1.0.1e/Configure
-@@ -402,6 +402,7 @@ my %table=(
- "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-x86_64",	"gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux-x32", "gcc:-mx32 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
- "linux64-s390x",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
- #### So called "highgprs" target for z/Architecture CPUs
- # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
-Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
-===================================================================
---- openssl-1.0.1e.orig/crypto/bn/asm/x86_64-gcc.c
-+++ openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
-@@ -55,7 +55,7 @@
-  *    machine.
-  */
- 
--#ifdef _WIN64
-+#if defined _WIN64 || !defined __LP64__
- #define BN_ULONG unsigned long long
- #else
- #define BN_ULONG unsigned long
-@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con
- 	asm (
- 	"	subq	%2,%2		\n"
- 	".p2align 4			\n"
--	"1:	movq	(%4,%2,8),%0	\n"
--	"	adcq	(%5,%2,8),%0	\n"
--	"	movq	%0,(%3,%2,8)	\n"
-+	"1:	movq	(%q4,%2,8),%0	\n"
-+	"	adcq	(%q5,%2,8),%0	\n"
-+	"	movq	%0,(%q3,%2,8)	\n"
- 	"	leaq	1(%2),%2	\n"
- 	"	loop	1b		\n"
- 	"	sbbq	%0,%0		\n"
-@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con
- 	asm (
- 	"	subq	%2,%2		\n"
- 	".p2align 4			\n"
--	"1:	movq	(%4,%2,8),%0	\n"
--	"	sbbq	(%5,%2,8),%0	\n"
--	"	movq	%0,(%3,%2,8)	\n"
-+	"1:	movq	(%q4,%2,8),%0	\n"
-+	"	sbbq	(%q5,%2,8),%0	\n"
-+	"	movq	%0,(%q3,%2,8)	\n"
- 	"	leaq	1(%2),%2	\n"
- 	"	loop	1b		\n"
- 	"	sbbq	%0,%0		\n"
-Index: openssl-1.0.1e/crypto/bn/bn.h
-===================================================================
---- openssl-1.0.1e.orig/crypto/bn/bn.h
-+++ openssl-1.0.1e/crypto/bn/bn.h
-@@ -172,6 +172,13 @@ extern "C" {
+--- openssl-1.0.2.orig/crypto/bn/bn.h
++++ openssl-1.0.2/crypto/bn/bn.h
+@@ -173,6 +173,13 @@ extern "C" {
+ #  endif
  # endif
- #endif
  
 +/* Address type.  */
 +#ifdef _WIN64
@@ -72,19 +21,19 @@ Index: openssl-1.0.1e/crypto/bn/bn.h
 +#define BN_ADDR unsigned long
 +#endif
 +
- /* assuming long is 64bit - this is the DEC Alpha
-  * unsigned long long is only 64 bits :-(, don't define
-  * BN_LLONG for the DEC Alpha */
-Index: openssl-1.0.1e/crypto/bn/bn_exp.c
+ /*
+  * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
+  * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
+Index: openssl-1.0.2/crypto/bn/bn_exp.c
 ===================================================================
---- openssl-1.0.1e.orig/crypto/bn/bn_exp.c
-+++ openssl-1.0.1e/crypto/bn/bn_exp.c
-@@ -567,7 +567,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
- 
- /* Given a pointer value, compute the next address that is a cache line multiple. */
+--- openssl-1.0.2.orig/crypto/bn/bn_exp.c
++++ openssl-1.0.2/crypto/bn/bn_exp.c
+@@ -638,7 +638,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
+  * multiple.
+  */
  #define MOD_EXP_CTIME_ALIGN(x_) \
--	((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+-        ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
 +	((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
  
- /* This variant of BN_mod_exp_mont() uses fixed windows and the special
-  * precomputation memory layout to limit data-dependency to a minimum
+ /*
+  * This variant of BN_mod_exp_mont() uses fixed windows and the special
diff --git a/recipes-connectivity/openssl/openssl-qoriq/parallel.patch b/recipes-connectivity/openssl/openssl-qoriq/parallel.patch
new file mode 100644
index 0000000..b6c2c14
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/parallel.patch
@@ -0,0 +1,326 @@
+Fix the parallel races in the Makefiles.
+
+This patch was taken from the Gentoo packaging:
+https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch
+
+Upstream-Status: Pending
+Signed-off-by: Ross Burton <ross.burton at intel.com>
+
+--- openssl-1.0.2g/crypto/Makefile
++++ openssl-1.0.2g/crypto/Makefile
+@@ -85,11 +85,11 @@
+ 	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+ 
+ subdirs:
+-	@target=all; $(RECURSIVE_MAKE)
++	+ at target=all; $(RECURSIVE_MAKE)
+ 
+ files:
+ 	$(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
+-	@target=files; $(RECURSIVE_MAKE)
++	+ at target=files; $(RECURSIVE_MAKE)
+ 
+ links:
+ 	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+@@ -100,7 +100,7 @@
+ # lib: $(LIB): are splitted to avoid end-less loop
+ lib:	$(LIB)
+ 	@touch lib
+-$(LIB):	$(LIBOBJ)
++$(LIB):	$(LIBOBJ) | subdirs
+ 	$(AR) $(LIB) $(LIBOBJ)
+ 	test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
+ 	$(RANLIB) $(LIB) || echo Never mind.
+@@ -111,7 +111,7 @@
+ 	fi
+ 
+ libs:
+-	@target=lib; $(RECURSIVE_MAKE)
++	+ at target=lib; $(RECURSIVE_MAKE)
+ 
+ install:
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+@@ -120,7 +120,7 @@
+ 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+-	@target=install; $(RECURSIVE_MAKE)
++	+ at target=install; $(RECURSIVE_MAKE)
+ 
+ lint:
+ 	@target=lint; $(RECURSIVE_MAKE)
+--- openssl-1.0.2g/engines/Makefile
++++ openssl-1.0.2g/engines/Makefile
+@@ -72,7 +72,7 @@
+ 
+ all:	lib subdirs
+ 
+-lib:	$(LIBOBJ)
++lib:	$(LIBOBJ) | subdirs
+ 	@if [ -n "$(SHARED_LIBS)" ]; then \
+ 		set -e; \
+ 		for l in $(LIBNAMES); do \
+@@ -89,7 +89,7 @@
+ 
+ subdirs:
+ 	echo $(EDIRS)
+-	@target=all; $(RECURSIVE_MAKE)
++	+ at target=all; $(RECURSIVE_MAKE)
+ 
+ files:
+ 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+@@ -128,7 +128,7 @@
+ 			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
+ 		done; \
+ 	fi
+-	@target=install; $(RECURSIVE_MAKE)
++	+ at target=install; $(RECURSIVE_MAKE)
+ 
+ tags:
+ 	ctags $(SRC)
+--- openssl-1.0.2g/Makefile.org
++++ openssl-1.0.2g/Makefile.org
+@@ -279,17 +279,17 @@
+ build_libssl: build_ssl libssl.pc
+ 
+ build_crypto:
+-	@dir=crypto; target=all; $(BUILD_ONE_CMD)
++	+ at dir=crypto; target=all; $(BUILD_ONE_CMD)
+ build_ssl: build_crypto
+-	@dir=ssl; target=all; $(BUILD_ONE_CMD)
++	+ at dir=ssl; target=all; $(BUILD_ONE_CMD)
+ build_engines: build_crypto
+-	@dir=engines; target=all; $(BUILD_ONE_CMD)
++	+ at dir=engines; target=all; $(BUILD_ONE_CMD)
+ build_apps: build_libs
+-	@dir=apps; target=all; $(BUILD_ONE_CMD)
++	+ at dir=apps; target=all; $(BUILD_ONE_CMD)
+ build_tests: build_libs
+-	@dir=test; target=all; $(BUILD_ONE_CMD)
++	+ at dir=test; target=all; $(BUILD_ONE_CMD)
+ build_tools: build_libs
+-	@dir=tools; target=all; $(BUILD_ONE_CMD)
++	+ at dir=tools; target=all; $(BUILD_ONE_CMD)
+ 
+ all_testapps: build_libs build_testapps
+ build_testapps:
+@@ -544,7 +544,7 @@
+ 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+-	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
++	+ at set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ 	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+ 	do \
+ 		if [ -f "$$i" ]; then \
+--- openssl-1.0.2g/Makefile.shared
++++ openssl-1.0.2g/Makefile.shared
+@@ -105,6 +105,7 @@
+     SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
++    [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
+     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+     $${SHAREDCMD} $${SHAREDFLAGS} \
+ 	-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+@@ -122,6 +123,7 @@
+ 			done; \
+ 		fi; \
+ 		if [ -n "$$SHLIB_SOVER" ]; then \
++			[ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
+ 			( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
+ 			  ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
+ 		fi; \
+--- openssl-1.0.2g/test/Makefile
++++ openssl-1.0.2g/test/Makefile
+@@ -139,7 +139,7 @@
+ tags:
+ 	ctags $(SRC)
+ 
+-tests:	exe apps $(TESTS)
++tests:	exe $(TESTS)
+ 
+ apps:
+ 	@(cd ..; $(MAKE) DIRS=apps all)
+@@ -421,130 +421,130 @@
+ 		link_app.$${shlib_target}
+ 
+ $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
+-	@target=$(RSATEST); $(BUILD_CMD)
++	+ at target=$(RSATEST); $(BUILD_CMD)
+ 
+ $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
+-	@target=$(BNTEST); $(BUILD_CMD)
++	+ at target=$(BNTEST); $(BUILD_CMD)
+ 
+ $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
+-	@target=$(ECTEST); $(BUILD_CMD)
++	+ at target=$(ECTEST); $(BUILD_CMD)
+ 
+ $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
+-	@target=$(EXPTEST); $(BUILD_CMD)
++	+ at target=$(EXPTEST); $(BUILD_CMD)
+ 
+ $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
+-	@target=$(IDEATEST); $(BUILD_CMD)
++	+ at target=$(IDEATEST); $(BUILD_CMD)
+ 
+ $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
+-	@target=$(MD2TEST); $(BUILD_CMD)
++	+ at target=$(MD2TEST); $(BUILD_CMD)
+ 
+ $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
+-	@target=$(SHATEST); $(BUILD_CMD)
++	+ at target=$(SHATEST); $(BUILD_CMD)
+ 
+ $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
+-	@target=$(SHA1TEST); $(BUILD_CMD)
++	+ at target=$(SHA1TEST); $(BUILD_CMD)
+ 
+ $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
+-	@target=$(SHA256TEST); $(BUILD_CMD)
++	+ at target=$(SHA256TEST); $(BUILD_CMD)
+ 
+ $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
+-	@target=$(SHA512TEST); $(BUILD_CMD)
++	+ at target=$(SHA512TEST); $(BUILD_CMD)
+ 
+ $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
+-	@target=$(RMDTEST); $(BUILD_CMD)
++	+ at target=$(RMDTEST); $(BUILD_CMD)
+ 
+ $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
+-	@target=$(MDC2TEST); $(BUILD_CMD)
++	+ at target=$(MDC2TEST); $(BUILD_CMD)
+ 
+ $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
+-	@target=$(MD4TEST); $(BUILD_CMD)
++	+ at target=$(MD4TEST); $(BUILD_CMD)
+ 
+ $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
+-	@target=$(MD5TEST); $(BUILD_CMD)
++	+ at target=$(MD5TEST); $(BUILD_CMD)
+ 
+ $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
+-	@target=$(HMACTEST); $(BUILD_CMD)
++	+ at target=$(HMACTEST); $(BUILD_CMD)
+ 
+ $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
+-	@target=$(WPTEST); $(BUILD_CMD)
++	+ at target=$(WPTEST); $(BUILD_CMD)
+ 
+ $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
+-	@target=$(RC2TEST); $(BUILD_CMD)
++	+ at target=$(RC2TEST); $(BUILD_CMD)
+ 
+ $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
+-	@target=$(BFTEST); $(BUILD_CMD)
++	+ at target=$(BFTEST); $(BUILD_CMD)
+ 
+ $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
+-	@target=$(CASTTEST); $(BUILD_CMD)
++	+ at target=$(CASTTEST); $(BUILD_CMD)
+ 
+ $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
+-	@target=$(RC4TEST); $(BUILD_CMD)
++	+ at target=$(RC4TEST); $(BUILD_CMD)
+ 
+ $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
+-	@target=$(RC5TEST); $(BUILD_CMD)
++	+ at target=$(RC5TEST); $(BUILD_CMD)
+ 
+ $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
+-	@target=$(DESTEST); $(BUILD_CMD)
++	+ at target=$(DESTEST); $(BUILD_CMD)
+ 
+ $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
+-	@target=$(RANDTEST); $(BUILD_CMD)
++	+ at target=$(RANDTEST); $(BUILD_CMD)
+ 
+ $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
+-	@target=$(DHTEST); $(BUILD_CMD)
++	+ at target=$(DHTEST); $(BUILD_CMD)
+ 
+ $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
+-	@target=$(DSATEST); $(BUILD_CMD)
++	+ at target=$(DSATEST); $(BUILD_CMD)
+ 
+ $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
+-	@target=$(METHTEST); $(BUILD_CMD)
++	+ at target=$(METHTEST); $(BUILD_CMD)
+ 
+ $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+-	@target=$(SSLTEST); $(FIPS_BUILD_CMD)
++	+ at target=$(SSLTEST); $(FIPS_BUILD_CMD)
+ 
+ $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
+-	@target=$(ENGINETEST); $(BUILD_CMD)
++	+ at target=$(ENGINETEST); $(BUILD_CMD)
+ 
+ $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
+-	@target=$(EVPTEST); $(BUILD_CMD)
++	+ at target=$(EVPTEST); $(BUILD_CMD)
+ 
+ $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
+-	@target=$(EVPEXTRATEST); $(BUILD_CMD)
++	+ at target=$(EVPEXTRATEST); $(BUILD_CMD)
+ 
+ $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
+-	@target=$(ECDSATEST); $(BUILD_CMD)
++	+ at target=$(ECDSATEST); $(BUILD_CMD)
+ 
+ $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
+-	@target=$(ECDHTEST); $(BUILD_CMD)
++	+ at target=$(ECDHTEST); $(BUILD_CMD)
+ 
+ $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
+-	@target=$(IGETEST); $(BUILD_CMD)
++	+ at target=$(IGETEST); $(BUILD_CMD)
+ 
+ $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
+-	@target=$(JPAKETEST); $(BUILD_CMD)
++	+ at target=$(JPAKETEST); $(BUILD_CMD)
+ 
+ $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
+-	@target=$(ASN1TEST); $(BUILD_CMD)
++	+ at target=$(ASN1TEST); $(BUILD_CMD)
+ 
+ $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
+-	@target=$(SRPTEST); $(BUILD_CMD)
++	+ at target=$(SRPTEST); $(BUILD_CMD)
+ 
+ $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
+-	@target=$(V3NAMETEST); $(BUILD_CMD)
++	+ at target=$(V3NAMETEST); $(BUILD_CMD)
+ 
+ $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
+-	@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
++	+ at target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
+ 
+ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
+-	@target=$(CONSTTIMETEST) $(BUILD_CMD)
++	+ at target=$(CONSTTIMETEST) $(BUILD_CMD)
+ 
+ $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o
+-	@target=$(VERIFYEXTRATEST) $(BUILD_CMD)
++	+ at target=$(VERIFYEXTRATEST) $(BUILD_CMD)
+ 
+ $(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o
+-	@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
++	+ at target=$(CLIENTHELLOTEST) $(BUILD_CMD)
+ 
+ $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
+-	@target=$(SSLV2CONFTEST) $(BUILD_CMD)
++	+ at target=$(SSLV2CONFTEST) $(BUILD_CMD)
+ 
+ #$(AESTEST).o: $(AESTEST).c
+ #	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
+@@ -557,7 +557,7 @@
+ #	fi
+ 
+ dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
+-	@target=dummytest; $(BUILD_CMD)
++	+ at target=dummytest; $(BUILD_CMD)
+ 
+ # DO NOT DELETE THIS LINE -- make depend depends on it.
+ 
\ No newline at end of file
diff --git a/recipes-connectivity/openssl/openssl-qoriq/ptest-deps.patch b/recipes-connectivity/openssl/openssl-qoriq/ptest-deps.patch
new file mode 100644
index 0000000..ef6d179
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/ptest-deps.patch
@@ -0,0 +1,34 @@
+Remove Makefile dependencies for test targets
+
+These are probably here because the executables aren't always built for
+other platforms (e.g. Windows); however we can safely assume they'll
+always be there. None of the other test targets have such dependencies
+and if we don't remove them, make tries to rebuild the executables and
+fails during run-ptest.
+
+Upstream-Status: Inappropriate [config]
+
+Signed-off-by: Paul Eggleton <paul.eggleton at linux.intel.com>
+
+Index: openssl-1.0.2/test/Makefile
+===================================================================
+--- openssl-1.0.2.orig/test/Makefile
++++ openssl-1.0.2/test/Makefile
+@@ -330,7 +330,7 @@ test_cms: ../apps/openssl$(EXE_EXT) cms-
+ 	@echo "CMS consistency test"
+ 	$(PERL) cms-test.pl
+ 
+-test_srp: $(SRPTEST)$(EXE_EXT)
++test_srp:
+ 	@echo "Test SRP"
+ 	../util/shlib_wrap.sh ./srptest
+ 
+@@ -342,7 +342,7 @@ test_v3name: $(V3NAMETEST)$(EXE_EXT)
+ 	@echo "Test X509v3_check_*"
+ 	../util/shlib_wrap.sh ./$(V3NAMETEST)
+ 
+-test_heartbeat: $(HEARTBEATTEST)$(EXE_EXT)
++test_heartbeat:
+ 	../util/shlib_wrap.sh ./$(HEARTBEATTEST)
+ 
+ test_constant_time: $(CONSTTIMETEST)$(EXE_EXT)
diff --git a/recipes-connectivity/openssl/openssl-qoriq/ptest_makefile_deps.patch b/recipes-connectivity/openssl/openssl-qoriq/ptest_makefile_deps.patch
new file mode 100644
index 0000000..4202e61
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/ptest_makefile_deps.patch
@@ -0,0 +1,248 @@
+Additional Makefile dependencies removal for test targets
+
+Removing the dependency check for test targets as these tests are
+causing a number of failures and "noise" during ptest execution.
+
+Upstream-Status: Inappropriate [config]
+
+Signed-off-by: Maxin B. John <maxin.john at intel.com>
+
+diff -Naur openssl-1.0.2d-orig/test/Makefile openssl-1.0.2d/test/Makefile
+--- openssl-1.0.2d-orig/test/Makefile	2015-09-28 12:50:41.530022979 +0300
++++ openssl-1.0.2d/test/Makefile	2015-09-28 12:57:45.930717240 +0300
+@@ -155,67 +155,67 @@
+ 	( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \
+ 	done)
+ 
+-test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
++test_evp:
+ 	../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
+ 
+-test_evp_extra: $(EVPEXTRATEST)$(EXE_EXT)
++test_evp_extra:
+ 	../util/shlib_wrap.sh ./$(EVPEXTRATEST)
+ 
+-test_des: $(DESTEST)$(EXE_EXT)
++test_des:
+ 	../util/shlib_wrap.sh ./$(DESTEST)
+ 
+-test_idea: $(IDEATEST)$(EXE_EXT)
++test_idea:
+ 	../util/shlib_wrap.sh ./$(IDEATEST)
+ 
+-test_sha: $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT)
++test_sha:
+ 	../util/shlib_wrap.sh ./$(SHATEST)
+ 	../util/shlib_wrap.sh ./$(SHA1TEST)
+ 	../util/shlib_wrap.sh ./$(SHA256TEST)
+ 	../util/shlib_wrap.sh ./$(SHA512TEST)
+ 
+-test_mdc2: $(MDC2TEST)$(EXE_EXT)
++test_mdc2:
+ 	../util/shlib_wrap.sh ./$(MDC2TEST)
+ 
+-test_md5: $(MD5TEST)$(EXE_EXT)
++test_md5:
+ 	../util/shlib_wrap.sh ./$(MD5TEST)
+ 
+-test_md4: $(MD4TEST)$(EXE_EXT)
++test_md4:
+ 	../util/shlib_wrap.sh ./$(MD4TEST)
+ 
+-test_hmac: $(HMACTEST)$(EXE_EXT)
++test_hmac:
+ 	../util/shlib_wrap.sh ./$(HMACTEST)
+ 
+-test_wp: $(WPTEST)$(EXE_EXT)
++test_wp:
+ 	../util/shlib_wrap.sh ./$(WPTEST)
+ 
+-test_md2: $(MD2TEST)$(EXE_EXT)
++test_md2:
+ 	../util/shlib_wrap.sh ./$(MD2TEST)
+ 
+-test_rmd: $(RMDTEST)$(EXE_EXT)
++test_rmd:
+ 	../util/shlib_wrap.sh ./$(RMDTEST)
+ 
+-test_bf: $(BFTEST)$(EXE_EXT)
++test_bf:
+ 	../util/shlib_wrap.sh ./$(BFTEST)
+ 
+-test_cast: $(CASTTEST)$(EXE_EXT)
++test_cast:
+ 	../util/shlib_wrap.sh ./$(CASTTEST)
+ 
+-test_rc2: $(RC2TEST)$(EXE_EXT)
++test_rc2:
+ 	../util/shlib_wrap.sh ./$(RC2TEST)
+ 
+-test_rc4: $(RC4TEST)$(EXE_EXT)
++test_rc4:
+ 	../util/shlib_wrap.sh ./$(RC4TEST)
+ 
+-test_rc5: $(RC5TEST)$(EXE_EXT)
++test_rc5:
+ 	../util/shlib_wrap.sh ./$(RC5TEST)
+ 
+-test_rand: $(RANDTEST)$(EXE_EXT)
++test_rand:
+ 	../util/shlib_wrap.sh ./$(RANDTEST)
+ 
+-test_enc: ../apps/openssl$(EXE_EXT) testenc
++test_enc:
+ 	@sh ./testenc
+ 
+-test_x509: ../apps/openssl$(EXE_EXT) tx509 testx509.pem v3-cert1.pem v3-cert2.pem
++test_x509:
+ 	echo test normal x509v1 certificate
+ 	sh ./tx509 2>/dev/null
+ 	echo test first x509v3 certificate
+@@ -223,25 +223,25 @@
+ 	echo test second x509v3 certificate
+ 	sh ./tx509 v3-cert2.pem 2>/dev/null
+ 
+-test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem
++test_rsa:
+ 	@sh ./trsa 2>/dev/null
+ 	../util/shlib_wrap.sh ./$(RSATEST)
+ 
+-test_crl: ../apps/openssl$(EXE_EXT) tcrl testcrl.pem
++test_crl:
+ 	@sh ./tcrl 2>/dev/null
+ 
+-test_sid: ../apps/openssl$(EXE_EXT) tsid testsid.pem
++test_sid:
+ 	@sh ./tsid 2>/dev/null
+ 
+-test_req: ../apps/openssl$(EXE_EXT) treq testreq.pem testreq2.pem
++test_req:
+ 	@sh ./treq 2>/dev/null
+ 	@sh ./treq testreq2.pem 2>/dev/null
+ 
+-test_pkcs7: ../apps/openssl$(EXE_EXT) tpkcs7 tpkcs7d testp7.pem pkcs7-1.pem
++test_pkcs7:
+ 	@sh ./tpkcs7 2>/dev/null
+ 	@sh ./tpkcs7d 2>/dev/null
+ 
+-test_bn: $(BNTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) bctest
++test_bn:
+ 	@echo starting big number library test, could take a while...
+ 	@../util/shlib_wrap.sh ./$(BNTEST) >tmp.bntest
+ 	@echo quit >>tmp.bntest
+@@ -250,33 +250,33 @@
+ 	@echo 'test a^b%c implementations'
+ 	../util/shlib_wrap.sh ./$(EXPTEST)
+ 
+-test_ec: $(ECTEST)$(EXE_EXT)
++test_ec:
+ 	@echo 'test elliptic curves'
+ 	../util/shlib_wrap.sh ./$(ECTEST)
+ 
+-test_ecdsa: $(ECDSATEST)$(EXE_EXT)
++test_ecdsa:
+ 	@echo 'test ecdsa'
+ 	../util/shlib_wrap.sh ./$(ECDSATEST)
+ 
+-test_ecdh: $(ECDHTEST)$(EXE_EXT)
++test_ecdh:
+ 	@echo 'test ecdh'
+ 	../util/shlib_wrap.sh ./$(ECDHTEST)
+ 
+-test_verify: ../apps/openssl$(EXE_EXT)
++test_verify:
+ 	@echo "The following command should have some OK's and some failures"
+ 	@echo "There are definitly a few expired certificates"
+ 	../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem
+ 
+-test_dh: $(DHTEST)$(EXE_EXT)
++test_dh:
+ 	@echo "Generate a set of DH parameters"
+ 	../util/shlib_wrap.sh ./$(DHTEST)
+ 
+-test_dsa: $(DSATEST)$(EXE_EXT)
++test_dsa:
+ 	@echo "Generate a set of DSA parameters"
+ 	../util/shlib_wrap.sh ./$(DSATEST)
+ 	../util/shlib_wrap.sh ./$(DSATEST) -app2_1
+ 
+-test_gen testreq.pem: ../apps/openssl$(EXE_EXT) testgen test.cnf
++test_gen testreq.pem:
+ 	@echo "Generate and verify a certificate request"
+ 	@sh ./testgen
+ 
+@@ -288,13 +288,11 @@
+ 	@cat certCA.ss certU.ss > intP1.ss
+ 	@cat certCA.ss certU.ss certP1.ss > intP2.ss
+ 
+-test_engine:  $(ENGINETEST)$(EXE_EXT)
++test_engine:
+ 	@echo "Manipulate the ENGINE structures"
+ 	../util/shlib_wrap.sh ./$(ENGINETEST)
+ 
+-test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \
+-		intP1.ss intP2.ss $(SSLTEST)$(EXE_EXT) testssl testsslproxy \
+-		../apps/server2.pem serverinfo.pem
++test_ssl:
+ 	@echo "test SSL protocol"
+ 	@if [ -n "$(FIPSCANLIB)" ]; then \
+ 	  sh ./testfipsssl keyU.ss certU.ss certCA.ss; \
+@@ -304,7 +302,7 @@
+ 	@sh ./testsslproxy keyP1.ss certP1.ss intP1.ss
+ 	@sh ./testsslproxy keyP2.ss certP2.ss intP2.ss
+ 
+-test_ca: ../apps/openssl$(EXE_EXT) testca CAss.cnf Uss.cnf
++test_ca:
+ 	@if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \
+ 	  echo "skipping CA.sh test -- requires RSA"; \
+ 	else \
+@@ -312,11 +310,11 @@
+ 	  sh ./testca; \
+ 	fi
+ 
+-test_aes: #$(AESTEST)
++test_aes:
+ #	@echo "test Rijndael"
+ #	../util/shlib_wrap.sh ./$(AESTEST)
+ 
+-test_tsa: ../apps/openssl$(EXE_EXT) testtsa CAtsa.cnf ../util/shlib_wrap.sh
++test_tsa:
+ 	@if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \
+ 	  echo "skipping testtsa test -- requires RSA"; \
+ 	else \
+@@ -331,7 +329,7 @@
+ 	@echo "Test JPAKE"
+ 	../util/shlib_wrap.sh ./$(JPAKETEST)
+ 
+-test_cms: ../apps/openssl$(EXE_EXT) cms-test.pl smcont.txt
++test_cms:
+ 	@echo "CMS consistency test"
+ 	$(PERL) cms-test.pl
+ 
+@@ -339,22 +337,22 @@
+ 	@echo "Test SRP"
+ 	../util/shlib_wrap.sh ./srptest
+ 
+-test_ocsp: ../apps/openssl$(EXE_EXT) tocsp
++test_ocsp:
+ 	@echo "Test OCSP"
+ 	@sh ./tocsp
+ 
+-test_v3name: $(V3NAMETEST)$(EXE_EXT)
++test_v3name:
+ 	@echo "Test X509v3_check_*"
+ 	../util/shlib_wrap.sh ./$(V3NAMETEST)
+ 
+ test_heartbeat:
+ 	../util/shlib_wrap.sh ./$(HEARTBEATTEST)
+ 
+-test_constant_time: $(CONSTTIMETEST)$(EXE_EXT)
++test_constant_time:
+ 	@echo "Test constant time utilites"
+ 	../util/shlib_wrap.sh ./$(CONSTTIMETEST)
+ 
+-test_verify_extra: $(VERIFYEXTRATEST)$(EXE_EXT)
++test_verify_extra:
+ 	@echo $(START) $@
+ 	../util/shlib_wrap.sh ./$(VERIFYEXTRATEST)
+ 
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch
index e7b874f..5e99d91 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch
@@ -1,7 +1,7 @@
-From 9297e3834518ff0558d6e7004a62adfd107e659a Mon Sep 17 00:00:00 2001
+From 45e4b0835ad965cf9cc813a31df354f1e6d14513 Mon Sep 17 00:00:00 2001
 From: Cristian Stoica <cristian.stoica at freescale.com>
 Date: Tue, 10 Sep 2013 12:46:46 +0300
-Subject: [PATCH 01/26] remove double initialization of cryptodev engine
+Subject: [PATCH 01/48] remove double initialization of cryptodev engine
 
 cryptodev engine is initialized together with the other engines in
 ENGINE_load_builtin_engines. The initialization done through
@@ -11,65 +11,66 @@ Change-Id: Ic9488500967595543ff846f147b36f383db7cb27
 Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
 Reviewed-on: http://git.am.freescale.net:8181/17222
 ---
- crypto/engine/eng_all.c | 11 -----------
+ crypto/engine/eng_all.c | 12 ------------
  crypto/engine/engine.h  |  4 ----
  crypto/evp/c_all.c      |  5 -----
  util/libeay.num         |  2 +-
- 4 files changed, 1 insertion(+), 21 deletions(-)
+ 4 files changed, 1 insertion(+), 22 deletions(-)
 
 diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
-index 6093376..f16c043 100644
+index 48ad0d2..a198c5f 100644
 --- a/crypto/engine/eng_all.c
 +++ b/crypto/engine/eng_all.c
-@@ -122,14 +122,3 @@ void ENGINE_load_builtin_engines(void)
+@@ -122,15 +122,3 @@ void ENGINE_load_builtin_engines(void)
  #endif
- 	ENGINE_register_all_complete();
- 	}
+     ENGINE_register_all_complete();
+ }
 -
 -#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
--void ENGINE_setup_bsd_cryptodev(void) {
--	static int bsd_cryptodev_default_loaded = 0;
--	if (!bsd_cryptodev_default_loaded) {
--		ENGINE_load_cryptodev();
--		ENGINE_register_all_complete();
--	}
--	bsd_cryptodev_default_loaded=1;
+-void ENGINE_setup_bsd_cryptodev(void)
+-{
+-    static int bsd_cryptodev_default_loaded = 0;
+-    if (!bsd_cryptodev_default_loaded) {
+-        ENGINE_load_cryptodev();
+-        ENGINE_register_all_complete();
+-    }
+-    bsd_cryptodev_default_loaded = 1;
 -}
 -#endif
 diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
-index f8be497..237a6c9 100644
+index bd7b591..020d912 100644
 --- a/crypto/engine/engine.h
 +++ b/crypto/engine/engine.h
-@@ -740,10 +740,6 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
-  * values. */
+@@ -857,10 +857,6 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id,
+  */
  void *ENGINE_get_static_state(void);
  
--#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
+-# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
 -void ENGINE_setup_bsd_cryptodev(void);
--#endif
+-# endif
 -
  /* BEGIN ERROR CODES */
- /* The following lines are auto generated by the script mkerr.pl. Any changes
-  * made after this point may be overwritten when the script is next run.
+ /*
+  * The following lines are auto generated by the script mkerr.pl. Any changes
 diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c
-index 766c4ce..5d6c21b 100644
+index a3ed00d..719e34d 100644
 --- a/crypto/evp/c_all.c
 +++ b/crypto/evp/c_all.c
 @@ -82,9 +82,4 @@ void OPENSSL_add_all_algorithms_noconf(void)
- 	OPENSSL_cpuid_setup();
- 	OpenSSL_add_all_ciphers();
- 	OpenSSL_add_all_digests();
+     OPENSSL_cpuid_setup();
+     OpenSSL_add_all_ciphers();
+     OpenSSL_add_all_digests();
 -#ifndef OPENSSL_NO_ENGINE
 -# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
--	ENGINE_setup_bsd_cryptodev();
+-    ENGINE_setup_bsd_cryptodev();
 -# endif
 -#endif
- 	}
+ }
 diff --git a/util/libeay.num b/util/libeay.num
-index aa86b2b..ae50040 100755
+index 2094ab3..2742cf5 100755
 --- a/util/libeay.num
 +++ b/util/libeay.num
-@@ -2801,7 +2801,7 @@ BIO_indent                              3242	EXIST::FUNCTION:
+@@ -2805,7 +2805,7 @@ BIO_indent                              3242	EXIST::FUNCTION:
  BUF_strlcpy                             3243	EXIST::FUNCTION:
  OpenSSLDie                              3244	EXIST::FUNCTION:
  OPENSSL_cleanse                         3245	EXIST::FUNCTION:
@@ -79,5 +80,5 @@ index aa86b2b..ae50040 100755
  EVP_aes_128_cfb8                        3248	EXIST::FUNCTION:AES
  FIPS_corrupt_rsa                        3249	NOEXIST::FUNCTION:
 -- 
-2.3.5
+2.7.0
 
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
index ab2b7ea..d590789 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
@@ -1,7 +1,7 @@
-From dfd6ba263dc25ea2a4bbc32448b24ca2b1fc40e8 Mon Sep 17 00:00:00 2001
+From e7c630f8417b6f4e1bf2466e545ffe04af2eff00 Mon Sep 17 00:00:00 2001
 From: Cristian Stoica <cristian.stoica at freescale.com>
 Date: Thu, 29 Aug 2013 16:51:18 +0300
-Subject: [PATCH 02/26] eng_cryptodev: add support for TLS algorithms offload
+Subject: [PATCH 02/48] eng_cryptodev: add support for TLS algorithms offload
 
 - aes-128-cbc-hmac-sha1
 - aes-256-cbc-hmac-sha1
@@ -9,309 +9,335 @@ Subject: [PATCH 02/26] eng_cryptodev: add support for TLS algorithms offload
 Requires TLS patches on cryptodev and TLS algorithm support in Linux
 kernel driver.
 
-Change-Id: I43048caa348414daddd6c1a5cdc55e769ac1945f
 Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/17223
 ---
- crypto/engine/eng_cryptodev.c | 222 +++++++++++++++++++++++++++++++++++++++---
- 1 file changed, 211 insertions(+), 11 deletions(-)
+ crypto/engine/eng_cryptodev.c | 226 ++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 215 insertions(+), 11 deletions(-)
 
 diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 5a715ac..7588a28 100644
+index 8fb9c33..4d783d4 100644
 --- a/crypto/engine/eng_cryptodev.c
 +++ b/crypto/engine/eng_cryptodev.c
-@@ -72,6 +72,9 @@ ENGINE_load_cryptodev(void)
+@@ -71,6 +71,9 @@ void ENGINE_load_cryptodev(void)
  struct dev_crypto_state {
- 	struct session_op d_sess;
- 	int d_fd;
-+	unsigned char *aad;
-+	unsigned int aad_len;
-+	unsigned int len;
- 
- #ifdef USE_CRYPTODEV_DIGESTS
- 	char dummy_mac_key[HASH_MAX_LEN];
-@@ -140,17 +143,20 @@ static struct {
- 	int	nid;
- 	int	ivmax;
- 	int	keylen;
-+	int	mackeylen;
+     struct session_op d_sess;
+     int d_fd;
++    unsigned char *aad;
++    unsigned int aad_len;
++    unsigned int len;
+ # ifdef USE_CRYPTODEV_DIGESTS
+     char dummy_mac_key[HASH_MAX_LEN];
+     unsigned char digest_res[HASH_MAX_LEN];
+@@ -141,24 +144,25 @@ static struct {
+     int nid;
+     int ivmax;
+     int keylen;
++    int mackeylen;
  } ciphers[] = {
--	{ CRYPTO_ARC4,			NID_rc4,		0,	16, },
--	{ CRYPTO_DES_CBC,		NID_des_cbc,		8,	 8, },
--	{ CRYPTO_3DES_CBC,		NID_des_ede3_cbc,	8,	24, },
--	{ CRYPTO_AES_CBC,		NID_aes_128_cbc,	16,	16, },
--	{ CRYPTO_AES_CBC,		NID_aes_192_cbc,	16,	24, },
--	{ CRYPTO_AES_CBC,		NID_aes_256_cbc,	16,	32, },
--	{ CRYPTO_BLF_CBC,		NID_bf_cbc,		8,	16, },
--	{ CRYPTO_CAST_CBC,		NID_cast5_cbc,		8,	16, },
--	{ CRYPTO_SKIPJACK_CBC,		NID_undef,		0,	 0, },
--	{ 0,				NID_undef,		0,	 0, },
-+	{ CRYPTO_ARC4,          NID_rc4,          0,  16, 0},
-+	{ CRYPTO_DES_CBC,       NID_des_cbc,	  8,  8,  0},
-+	{ CRYPTO_3DES_CBC,      NID_des_ede3_cbc, 8,  24, 0},
-+	{ CRYPTO_AES_CBC,       NID_aes_128_cbc,  16, 16, 0},
-+	{ CRYPTO_AES_CBC,       NID_aes_192_cbc,  16, 24, 0},
-+	{ CRYPTO_AES_CBC,       NID_aes_256_cbc,  16, 32, 0},
-+	{ CRYPTO_BLF_CBC,       NID_bf_cbc,       8,  16, 0},
-+	{ CRYPTO_CAST_CBC,      NID_cast5_cbc,    8,  16, 0},
-+	{ CRYPTO_SKIPJACK_CBC,  NID_undef,        0,  0,  0},
-+	{ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
-+	{ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
-+	{ 0, NID_undef,	0, 0, 0},
+     {
+-        CRYPTO_ARC4, NID_rc4, 0, 16,
++        CRYPTO_ARC4, NID_rc4, 0, 16, 0
+     },
+     {
+-        CRYPTO_DES_CBC, NID_des_cbc, 8, 8,
++        CRYPTO_DES_CBC, NID_des_cbc, 8, 8, 0
+     },
+     {
+-        CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24,
++        CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, 0
+     },
+     {
+-        CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16,
++        CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, 0
+     },
+     {
+-        CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24,
++        CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, 0
+     },
+     {
+-        CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32,
++        CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, 0
+     },
+ # ifdef CRYPTO_AES_CTR
+     {
+@@ -172,16 +176,22 @@ static struct {
+     },
+ # endif
+     {
+-        CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16,
++        CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, 0
+     },
+     {
+-        CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16,
++        CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0
+     },
+     {
+-        CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0,
++        CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0
+     },
+     {
+-        0, NID_undef, 0, 0,
++        CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20
++    },
++    {
++        CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20
++    },
++    {
++        0, NID_undef, 0, 0, 0
+     },
  };
  
- #ifdef USE_CRYPTODEV_DIGESTS
-@@ -250,13 +256,15 @@ get_cryptodev_ciphers(const int **cnids)
- 	}
- 	memset(&sess, 0, sizeof(sess));
- 	sess.key = (caddr_t)"123456789abcdefghijklmno";
-+	sess.mackey = (caddr_t)"123456789ABCDEFGHIJKLMNO";
+@@ -295,13 +305,15 @@ static int get_cryptodev_ciphers(const int **cnids)
+     }
+     memset(&sess, 0, sizeof(sess));
+     sess.key = (caddr_t) "123456789abcdefghijklmno";
++    sess.mackey = (caddr_t) "123456789ABCDEFGHIJKLMNO";
  
- 	for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
- 		if (ciphers[i].nid == NID_undef)
- 			continue;
- 		sess.cipher = ciphers[i].id;
- 		sess.keylen = ciphers[i].keylen;
--		sess.mac = 0;
-+		sess.mackeylen = ciphers[i].mackeylen;
+     for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+         if (ciphers[i].nid == NID_undef)
+             continue;
+         sess.cipher = ciphers[i].id;
+         sess.keylen = ciphers[i].keylen;
+-        sess.mac = 0;
++        sess.mackeylen = ciphers[i].mackeylen;
 +
- 		if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
- 		    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
- 			nids[count++] = ciphers[i].nid;
-@@ -414,6 +422,67 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- 	return (1);
+         if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+             ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+             nids[count++] = ciphers[i].nid;
+@@ -457,6 +469,66 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+     return (1);
  }
  
-+
 +static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+		const unsigned char *in, size_t len)
++                                 const unsigned char *in, size_t len)
 +{
-+	struct crypt_auth_op cryp;
-+	struct dev_crypto_state *state = ctx->cipher_data;
-+	struct session_op *sess = &state->d_sess;
-+	const void *iiv;
-+	unsigned char save_iv[EVP_MAX_IV_LENGTH];
++    struct crypt_auth_op cryp;
++    struct dev_crypto_state *state = ctx->cipher_data;
++    struct session_op *sess = &state->d_sess;
++    const void *iiv;
++    unsigned char save_iv[EVP_MAX_IV_LENGTH];
 +
-+	if (state->d_fd < 0)
-+		return (0);
-+	if (!len)
-+		return (1);
-+	if ((len % ctx->cipher->block_size) != 0)
-+		return (0);
++    if (state->d_fd < 0)
++        return (0);
++    if (!len)
++        return (1);
++    if ((len % ctx->cipher->block_size) != 0)
++        return (0);
 +
-+	memset(&cryp, 0, sizeof(cryp));
++    memset(&cryp, 0, sizeof(cryp));
 +
-+	/* TODO: make a seamless integration with cryptodev flags */
-+	switch (ctx->cipher->nid) {
-+	case NID_aes_128_cbc_hmac_sha1:
-+	case NID_aes_256_cbc_hmac_sha1:
-+		cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
-+	}
-+	cryp.ses = sess->ses;
-+	cryp.len = state->len;
-+	cryp.src = (caddr_t) in;
-+	cryp.dst = (caddr_t) out;
-+	cryp.auth_src = state->aad;
-+	cryp.auth_len = state->aad_len;
++    /* TODO: make a seamless integration with cryptodev flags */
++    switch (ctx->cipher->nid) {
++    case NID_aes_128_cbc_hmac_sha1:
++    case NID_aes_256_cbc_hmac_sha1:
++        cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
++    }
++    cryp.ses = sess->ses;
++    cryp.len = state->len;
++    cryp.src = (caddr_t) in;
++    cryp.dst = (caddr_t) out;
++    cryp.auth_src = state->aad;
++    cryp.auth_len = state->aad_len;
 +
-+	cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
++    cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
 +
-+	if (ctx->cipher->iv_len) {
-+		cryp.iv = (caddr_t) ctx->iv;
-+		if (!ctx->encrypt) {
-+			iiv = in + len - ctx->cipher->iv_len;
-+			memcpy(save_iv, iiv, ctx->cipher->iv_len);
-+		}
-+	} else
-+		cryp.iv = NULL;
++    if (ctx->cipher->iv_len) {
++        cryp.iv = (caddr_t) ctx->iv;
++        if (!ctx->encrypt) {
++            iiv = in + len - ctx->cipher->iv_len;
++            memcpy(save_iv, iiv, ctx->cipher->iv_len);
++        }
++    } else
++        cryp.iv = NULL;
 +
-+	if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
-+		/* XXX need better errror handling
-+		 * this can fail for a number of different reasons.
-+		 */
-+		return (0);
-+	}
++    if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
++        /*
++         * XXX need better errror handling this can fail for a number of
++         * different reasons.
++         */
++        return (0);
++    }
 +
-+	if (ctx->cipher->iv_len) {
-+		if (ctx->encrypt)
-+			iiv = out + len - ctx->cipher->iv_len;
-+		else
-+			iiv = save_iv;
-+		memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
-+	}
-+	return (1);
++    if (ctx->cipher->iv_len) {
++        if (ctx->encrypt)
++            iiv = out + len - ctx->cipher->iv_len;
++        else
++            iiv = save_iv;
++        memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
++    }
++    return (1);
 +}
 +
-+
  static int
  cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-     const unsigned char *iv, int enc)
-@@ -452,6 +521,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- 	return (1);
+                    const unsigned char *iv, int enc)
+@@ -496,6 +568,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
  }
  
-+/* Save the encryption key provided by upper layers.
-+ *
-+ * This function is called by EVP_CipherInit_ex to initialize the algorithm's
-+ * extra data. We can't do much here because the mac key is not available.
-+ * The next call should/will be to cryptodev_cbc_hmac_sha1_ctrl with parameter
+ /*
++ * Save the encryption key provided by upper layers. This function is called
++ * by EVP_CipherInit_ex to initialize the algorithm's extra data. We can't do
++ * much here because the mac key is not available. The next call should/will
++ * be to cryptodev_cbc_hmac_sha1_ctrl with parameter
 + * EVP_CTRL_AEAD_SET_MAC_KEY, to set the hmac key. There we call CIOCGSESSION
 + * with both the crypto and hmac keys.
 + */
 +static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx,
-+		const unsigned char *key, const unsigned char *iv, int enc)
++                                   const unsigned char *key,
++                                   const unsigned char *iv, int enc)
 +{
-+	struct dev_crypto_state *state = ctx->cipher_data;
-+	struct session_op *sess = &state->d_sess;
-+	int cipher = -1, i;
++    struct dev_crypto_state *state = ctx->cipher_data;
++    struct session_op *sess = &state->d_sess;
++    int cipher = -1, i;
 +
-+	for (i = 0; ciphers[i].id; i++)
-+		if (ctx->cipher->nid == ciphers[i].nid &&
-+		    ctx->cipher->iv_len <= ciphers[i].ivmax &&
-+		    ctx->key_len == ciphers[i].keylen) {
-+			cipher = ciphers[i].id;
-+			break;
-+		}
++    for (i = 0; ciphers[i].id; i++)
++        if (ctx->cipher->nid == ciphers[i].nid &&
++            ctx->cipher->iv_len <= ciphers[i].ivmax &&
++            ctx->key_len == ciphers[i].keylen) {
++            cipher = ciphers[i].id;
++            break;
++        }
 +
-+	if (!ciphers[i].id) {
-+		state->d_fd = -1;
-+		return (0);
-+	}
++    if (!ciphers[i].id) {
++        state->d_fd = -1;
++        return (0);
++    }
 +
-+	memset(sess, 0, sizeof(struct session_op));
++    memset(sess, 0, sizeof(struct session_op));
 +
-+	sess->key = (caddr_t)key;
-+	sess->keylen = ctx->key_len;
-+	sess->cipher = cipher;
++    sess->key = (caddr_t) key;
++    sess->keylen = ctx->key_len;
++    sess->cipher = cipher;
 +
-+	/* for whatever reason, (1) means success */
-+	return (1);
++    /* for whatever reason, (1) means success */
++    return (1);
 +}
 +
-+
- /*
++/*
   * free anything we allocated earlier when initting a
   * session, and close the session.
-@@ -488,6 +596,63 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
- 	return (ret);
+  */
+@@ -529,6 +640,63 @@ static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
+     return (ret);
  }
  
-+static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
-+		void *ptr)
++static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
++                                        int arg, void *ptr)
 +{
-+	switch (type) {
-+	case EVP_CTRL_AEAD_SET_MAC_KEY:
-+	{
-+		/* TODO: what happens with hmac keys larger than 64 bytes? */
-+		struct dev_crypto_state *state = ctx->cipher_data;
-+		struct session_op *sess = &state->d_sess;
++    switch (type) {
++    case EVP_CTRL_AEAD_SET_MAC_KEY:
++        {
++            /* TODO: what happens with hmac keys larger than 64 bytes? */
++            struct dev_crypto_state *state = ctx->cipher_data;
++            struct session_op *sess = &state->d_sess;
 +
-+		if ((state->d_fd = get_dev_crypto()) < 0)
-+			return (0);
++            if ((state->d_fd = get_dev_crypto()) < 0)
++                return (0);
 +
-+		/* the rest should have been set in cryptodev_init_aead_key */
-+		sess->mackey = ptr;
-+		sess->mackeylen = arg;
++            /* the rest should have been set in cryptodev_init_aead_key */
++            sess->mackey = ptr;
++            sess->mackeylen = arg;
 +
-+		if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
-+			put_dev_crypto(state->d_fd);
-+			state->d_fd = -1;
-+			return (0);
-+		}
-+		return (1);
-+	}
-+	case EVP_CTRL_AEAD_TLS1_AAD:
-+	{
-+		/* ptr points to the associated data buffer of 13 bytes */
-+		struct dev_crypto_state *state = ctx->cipher_data;
-+		unsigned char *p = ptr;
-+		unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
-+		unsigned int maclen, padlen;
-+		unsigned int bs = ctx->cipher->block_size;
++            if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
++                put_dev_crypto(state->d_fd);
++                state->d_fd = -1;
++                return (0);
++            }
++            return (1);
++        }
++    case EVP_CTRL_AEAD_TLS1_AAD:
++        {
++            /* ptr points to the associated data buffer of 13 bytes */
++            struct dev_crypto_state *state = ctx->cipher_data;
++            unsigned char *p = ptr;
++            unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
++            unsigned int maclen, padlen;
++            unsigned int bs = ctx->cipher->block_size;
 +
-+		state->aad = ptr;
-+		state->aad_len = arg;
-+		state->len = cryptlen;
++            state->aad = ptr;
++            state->aad_len = arg;
++            state->len = cryptlen;
 +
-+		/* TODO: this should be an extension of EVP_CIPHER struct */
-+		switch (ctx->cipher->nid) {
-+		case NID_aes_128_cbc_hmac_sha1:
-+		case NID_aes_256_cbc_hmac_sha1:
-+			maclen = SHA_DIGEST_LENGTH;
-+		}
++            /* TODO: this should be an extension of EVP_CIPHER struct */
++            switch (ctx->cipher->nid) {
++            case NID_aes_128_cbc_hmac_sha1:
++            case NID_aes_256_cbc_hmac_sha1:
++                maclen = SHA_DIGEST_LENGTH;
++            }
 +
-+		/* space required for encryption (not only TLS padding) */
-+		padlen = maclen;
-+		if (ctx->encrypt) {
-+			cryptlen += maclen;
-+			padlen += bs - (cryptlen % bs);
-+		}
-+		return padlen;
-+	}
-+	default:
-+		return -1;
-+	}
++            /* space required for encryption (not only TLS padding) */
++            padlen = maclen;
++            if (ctx->encrypt) {
++                cryptlen += maclen;
++                padlen += bs - (cryptlen % bs);
++            }
++            return padlen;
++        }
++    default:
++        return -1;
++    }
 +}
 +
  /*
   * libcrypto EVP stuff - this is how we get wired to EVP so the engine
   * gets called when libcrypto requests a cipher NID.
-@@ -600,6 +765,33 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
- 	NULL
+@@ -641,6 +809,34 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
+     NULL
  };
  
 +const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
-+	NID_aes_128_cbc_hmac_sha1,
-+	16, 16, 16,
-+	EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+	cryptodev_init_aead_key,
-+	cryptodev_aead_cipher,
-+	cryptodev_cleanup,
-+	sizeof(struct dev_crypto_state),
-+	EVP_CIPHER_set_asn1_iv,
-+	EVP_CIPHER_get_asn1_iv,
-+	cryptodev_cbc_hmac_sha1_ctrl,
-+	NULL
++    NID_aes_128_cbc_hmac_sha1,
++    16, 16, 16,
++    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++    cryptodev_init_aead_key,
++    cryptodev_aead_cipher,
++    cryptodev_cleanup,
++    sizeof(struct dev_crypto_state),
++    EVP_CIPHER_set_asn1_iv,
++    EVP_CIPHER_get_asn1_iv,
++    cryptodev_cbc_hmac_sha1_ctrl,
++    NULL
 +};
 +
 +const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
-+	NID_aes_256_cbc_hmac_sha1,
-+	16, 32, 16,
-+	EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+	cryptodev_init_aead_key,
-+	cryptodev_aead_cipher,
-+	cryptodev_cleanup,
-+	sizeof(struct dev_crypto_state),
-+	EVP_CIPHER_set_asn1_iv,
-+	EVP_CIPHER_get_asn1_iv,
-+	cryptodev_cbc_hmac_sha1_ctrl,
-+	NULL
++    NID_aes_256_cbc_hmac_sha1,
++    16, 32, 16,
++    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++    cryptodev_init_aead_key,
++    cryptodev_aead_cipher,
++    cryptodev_cleanup,
++    sizeof(struct dev_crypto_state),
++    EVP_CIPHER_set_asn1_iv,
++    EVP_CIPHER_get_asn1_iv,
++    cryptodev_cbc_hmac_sha1_ctrl,
++    NULL
 +};
- /*
-  * Registered by the ENGINE when used to find out how to deal with
-  * a particular NID in the ENGINE. this says what we'll do at the
-@@ -637,6 +829,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- 	case NID_aes_256_cbc:
- 		*cipher = &cryptodev_aes_256_cbc;
- 		break;
-+	case NID_aes_128_cbc_hmac_sha1:
-+		*cipher = &cryptodev_aes_128_cbc_hmac_sha1;
-+		break;
-+	case NID_aes_256_cbc_hmac_sha1:
-+		*cipher = &cryptodev_aes_256_cbc_hmac_sha1;
-+		break;
- 	default:
- 		*cipher = NULL;
- 		break;
-@@ -1384,6 +1582,8 @@ ENGINE_load_cryptodev(void)
- 	}
- 	put_dev_crypto(fd);
++
+ # ifdef CRYPTO_AES_CTR
+ const EVP_CIPHER cryptodev_aes_ctr = {
+     NID_aes_128_ctr,
+@@ -729,6 +925,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+         *cipher = &cryptodev_aes_ctr_256;
+         break;
+ # endif
++    case NID_aes_128_cbc_hmac_sha1:
++        *cipher = &cryptodev_aes_128_cbc_hmac_sha1;
++        break;
++    case NID_aes_256_cbc_hmac_sha1:
++        *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
++        break;
+     default:
+         *cipher = NULL;
+         break;
+@@ -1472,6 +1674,8 @@ void ENGINE_load_cryptodev(void)
+     }
+     put_dev_crypto(fd);
  
-+	EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
-+	EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
- 	if (!ENGINE_set_id(engine, "cryptodev") ||
- 	    !ENGINE_set_name(engine, "BSD cryptodev engine") ||
- 	    !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
++    EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
++    EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
+     if (!ENGINE_set_id(engine, "cryptodev") ||
+         !ENGINE_set_name(engine, "BSD cryptodev engine") ||
+         !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
 -- 
-2.3.5
+2.7.0
 
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch
index f0d97e9..9d30cc3 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch
@@ -1,64 +1,61 @@
-From 084fa469a8fef530d71a0870364df1c7997f6465 Mon Sep 17 00:00:00 2001
+From 36bb0879b498f8e87798848dafa058476f723165 Mon Sep 17 00:00:00 2001
 From: Cristian Stoica <cristian.stoica at freescale.com>
 Date: Thu, 31 Jul 2014 14:06:19 +0300
-Subject: [PATCH 03/26] cryptodev: fix algorithm registration
+Subject: [PATCH 03/48] cryptodev: fix algorithm registration
 
 Cryptodev specific algorithms must register only if available in kernel.
 
-Change-Id: Iec5af8f4f3138357e4b96f2ec1627278134e4808
 Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/15326
 Reviewed-by: Horia Ioan Geanta Neag <horia.geanta at freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/17224
 ---
  crypto/engine/eng_cryptodev.c | 20 +++++++++++++++++---
  1 file changed, 17 insertions(+), 3 deletions(-)
 
 diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 7588a28..e3eb98b 100644
+index 4d783d4..3b6515e 100644
 --- a/crypto/engine/eng_cryptodev.c
 +++ b/crypto/engine/eng_cryptodev.c
-@@ -133,6 +133,8 @@ static int cryptodev_dh_compute_key(unsigned char *key,
+@@ -134,6 +134,8 @@ static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
  static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
-     void (*f)(void));
+                           void (*f) (void));
  void ENGINE_load_cryptodev(void);
 +const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
 +const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
  
  static const ENGINE_CMD_DEFN cryptodev_defns[] = {
- 	{ 0, NULL, NULL, 0 }
-@@ -342,7 +344,21 @@ get_cryptodev_digests(const int **cnids)
- static int
- cryptodev_usable_ciphers(const int **nids)
+     {0, NULL, NULL, 0}
+@@ -389,7 +391,21 @@ static int get_cryptodev_digests(const int **cnids)
+  */
+ static int cryptodev_usable_ciphers(const int **nids)
  {
--	return (get_cryptodev_ciphers(nids));
-+	int i, count;
+-    return (get_cryptodev_ciphers(nids));
++    int i, count;
 +
-+	count = get_cryptodev_ciphers(nids);
-+	/* add ciphers specific to cryptodev if found in kernel */
-+	for(i = 0; i < count; i++) {
-+		switch (*(*nids + i)) {
-+		case NID_aes_128_cbc_hmac_sha1:
-+			EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
-+			break;
-+		case NID_aes_256_cbc_hmac_sha1:
-+			EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
-+			break;
-+		}
-+	}
-+	return count;
++    count = get_cryptodev_ciphers(nids);
++    /* add ciphers specific to cryptodev if found in kernel */
++    for (i = 0; i < count; i++) {
++        switch (*(*nids + i)) {
++        case NID_aes_128_cbc_hmac_sha1:
++            EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
++            break;
++        case NID_aes_256_cbc_hmac_sha1:
++            EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
++            break;
++        }
++    }
++    return count;
  }
  
- static int
-@@ -1582,8 +1598,6 @@ ENGINE_load_cryptodev(void)
- 	}
- 	put_dev_crypto(fd);
+ static int cryptodev_usable_digests(const int **nids)
+@@ -1674,8 +1690,6 @@ void ENGINE_load_cryptodev(void)
+     }
+     put_dev_crypto(fd);
  
--	EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
--	EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
- 	if (!ENGINE_set_id(engine, "cryptodev") ||
- 	    !ENGINE_set_name(engine, "BSD cryptodev engine") ||
- 	    !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
+-    EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
+-    EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
+     if (!ENGINE_set_id(engine, "cryptodev") ||
+         !ENGINE_set_name(engine, "BSD cryptodev engine") ||
+         !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
 -- 
-2.3.5
+2.7.0
 
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-ECC-Support-header-for-Cryptodev-Engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch
similarity index 92%
rename from recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-ECC-Support-header-for-Cryptodev-Engine.patch
rename to recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch
index c9ff5aa..64a5c70 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-ECC-Support-header-for-Cryptodev-Engine.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch
@@ -1,22 +1,22 @@
-From 15abbcd740eafbf2a46b5da24be76acf4982743d Mon Sep 17 00:00:00 2001
+From 0a9f99574266225c6fa1a10d91eb3fdc755140b8 Mon Sep 17 00:00:00 2001
 From: Yashpal Dutta <yashpal.dutta at freescale.com>
 Date: Tue, 11 Mar 2014 05:56:54 +0545
-Subject: [PATCH 05/26] ECC Support header for Cryptodev Engine
+Subject: [PATCH 04/48] ECC Support header for Cryptodev Engine
 
 Upstream-status: Pending
 
 Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
 ---
- crypto/engine/eng_cryptodev_ec.h | 296 +++++++++++++++++++++++++++++++++++++++
- 1 file changed, 296 insertions(+)
+ crypto/engine/eng_cryptodev_ec.h | 297 +++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 297 insertions(+)
  create mode 100644 crypto/engine/eng_cryptodev_ec.h
 
 diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h
 new file mode 100644
-index 0000000..77aee71
+index 0000000..af54c51
 --- /dev/null
 +++ b/crypto/engine/eng_cryptodev_ec.h
-@@ -0,0 +1,296 @@
+@@ -0,0 +1,297 @@
 +/*
 + * Copyright (C) 2012 Freescale Semiconductor, Inc.
 + *
@@ -29,16 +29,17 @@ index 0000000..77aee71
 + *    notice, this list of conditions and the following disclaimer in the
 + *    documentation and/or other materials provided with the distribution.
 + *
-+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN
-+ * NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
-+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
-+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
++ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
++ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
++ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
++ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
++ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
 + */
 +#ifndef __ENG_EC_H
 +#define __ENG_EC_H
@@ -314,5 +315,5 @@ index 0000000..77aee71
 +};
 +#endif
 -- 
-2.3.5
+2.7.0
 
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch
deleted file mode 100644
index 2d722d8..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From 7d770f0324498d1fa78300cc5cecc8c1dcd3b788 Mon Sep 17 00:00:00 2001
-From: Andy Polyakov <appro at openssl.org>
-Date: Sun, 21 Oct 2012 18:19:41 +0000
-Subject: [PATCH 04/26] linux-pcc: make it more robust and recognize
- KERNEL_BITS variable.
-
-(cherry picked from commit 78c3e20579d3baa159c8b51b59d415b6e521614b)
-
-Change-Id: I769c466f052305681ab54a1b6545d94c7fbf5a9d
-Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- config          | 19 +++++++++++++------
- crypto/ppccap.c |  7 +++++++
- 2 files changed, 20 insertions(+), 6 deletions(-)
-
-diff --git a/config b/config
-index 41fa2a6..f37b9e6 100755
---- a/config
-+++ b/config
-@@ -587,13 +587,20 @@ case "$GUESSOS" in
- 	fi
- 	;;
-   ppc64-*-linux2)
--	echo "WARNING! If you wish to build 64-bit library, then you have to"
--	echo "         invoke './Configure linux-ppc64' *manually*."
--	if [ "$TEST" = "false" -a -t 1 ]; then
--	    echo "         You have about 5 seconds to press Ctrl-C to abort."
--	    (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
-+	if [ -z "$KERNEL_BITS" ]; then
-+	    echo "WARNING! If you wish to build 64-bit library, then you have to"
-+	    echo "         invoke './Configure linux-ppc64' *manually*."
-+	    if [ "$TEST" = "false" -a -t 1 ]; then
-+		echo "         You have about 5 seconds to press Ctrl-C to abort."
-+		(trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
-+	    fi
-+	fi
-+	if [ "$KERNEL_BITS" = "64" ]; then
-+	    OUT="linux-ppc64"
-+	else
-+	    OUT="linux-ppc"
-+	    (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || options="$options -m32"
- 	fi
--	OUT="linux-ppc"
- 	;;
-   ppc-*-linux2) OUT="linux-ppc" ;;
-   ppc60x-*-vxworks*) OUT="vxworks-ppc60x" ;;
-diff --git a/crypto/ppccap.c b/crypto/ppccap.c
-index f71ba66..531f1b3 100644
---- a/crypto/ppccap.c
-+++ b/crypto/ppccap.c
-@@ -4,6 +4,9 @@
- #include <setjmp.h>
- #include <signal.h>
- #include <unistd.h>
-+#ifdef __linux
-+#include <sys/utsname.h>
-+#endif
- #include <crypto.h>
- #include <openssl/bn.h>
- 
-@@ -102,6 +105,10 @@ void OPENSSL_cpuid_setup(void)
- 
- 	if (sizeof(size_t)==4)
- 		{
-+#ifdef __linux
-+		struct utsname uts;
-+		if (uname(&uts)==0 && strcmp(uts.machine,"ppc64")==0)
-+#endif
- 		if (sigsetjmp(ill_jmp,1) == 0)
- 			{
- 			OPENSSL_ppc64_probe();
--- 
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch
new file mode 100644
index 0000000..ad25306
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch
@@ -0,0 +1,1578 @@
+From e28df2a5c63dc6195a6065bfd7de9fc860129f56 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta at freescale.com>
+Date: Tue, 11 Mar 2014 06:29:52 +0545
+Subject: [PATCH 05/48] Initial support for PKC in cryptodev engine
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 1365 ++++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 1202 insertions(+), 163 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 3b6515e..0b41bb2 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -58,6 +58,10 @@ void ENGINE_load_cryptodev(void)
+ # include <openssl/dsa.h>
+ # include <openssl/err.h>
+ # include <openssl/rsa.h>
++# include <crypto/ecdsa/ecs_locl.h>
++# include <crypto/ecdh/ech_locl.h>
++# include <crypto/ec/ec_lcl.h>
++# include <crypto/ec/ec.h>
+ # include <sys/ioctl.h>
+ # include <errno.h>
+ # include <stdio.h>
+@@ -67,6 +71,7 @@ void ENGINE_load_cryptodev(void)
+ # include <syslog.h>
+ # include <errno.h>
+ # include <string.h>
++# include "eng_cryptodev_ec.h"
+ 
+ struct dev_crypto_state {
+     struct session_op d_sess;
+@@ -115,20 +120,10 @@ static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+                                        BN_CTX *ctx);
+ static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+                                  BN_CTX *ctx);
+-static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
+-                                    const BIGNUM *p, const BIGNUM *m,
+-                                    BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+-static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+-                                     BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2,
+-                                     BIGNUM *p, BN_CTX *ctx,
+-                                     BN_MONT_CTX *mont);
+ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
+                                       DSA *dsa);
+ static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
+                                 DSA_SIG *sig, DSA *dsa);
+-static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+-                                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+-                                BN_MONT_CTX *m_ctx);
+ static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
+                                     DH *dh);
+ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
+@@ -137,6 +132,105 @@ void ENGINE_load_cryptodev(void);
+ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
+ 
++inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
++{
++    int len;
++    unsigned char *p;
++
++    len = BN_num_bytes(bn);
++
++    if (!len)
++        return -1;
++
++    p = malloc(len);
++    if (!p)
++        return -1;
++
++    BN_bn2bin(bn, p);
++
++    *bin = p;
++    *bin_len = len;
++
++    return 0;
++}
++
++inline int spcf_bn2bin_ex(BIGNUM *bn, unsigned char **bin, int *bin_len)
++{
++    int len;
++    unsigned char *p;
++
++    len = BN_num_bytes(bn);
++
++    if (!len)
++        return -1;
++
++    if (len < *bin_len)
++        p = malloc(*bin_len);
++    else
++        p = malloc(len);
++
++    if (!p)
++        return -ENOMEM;
++
++    if (len < *bin_len) {
++        /* place padding */
++        memset(p, 0, (*bin_len - len));
++        BN_bn2bin(bn, p + (*bin_len - len));
++    } else {
++        BN_bn2bin(bn, p);
++    }
++
++    *bin = p;
++    if (len >= *bin_len)
++        *bin_len = len;
++
++    return 0;
++}
++
++/**
++ * Convert an ECC F2m 'b' parameter into the 'c' parameter.
++ *Inputs:
++ * q, the curve's modulus
++ * b, the curve's b parameter
++ * (a bignum for b, a buffer for c)
++ * Output:
++ * c, written into bin, right-adjusted to fill q_len bytes.
++ */
++static int
++eng_ec_compute_cparam(const BIGNUM *b, const BIGNUM *q,
++                      unsigned char **bin, int *bin_len)
++{
++    BIGNUM *c = BN_new();
++    BIGNUM *exp = BN_new();
++    BN_CTX *ctx = BN_CTX_new();
++    int m = BN_num_bits(q) - 1;
++    int ok = 0;
++
++    if (!c || !exp || !ctx || *bin)
++        goto err;
++
++    /*
++     * We have to compute c, where b = c^4, i.e., the fourth root of b.
++     * The equation for c is c = b^(2^(m-2))
++     * Compute exp = 2^(m-2)
++     * (1 << x) == 2^x
++     * and then compute c = b^exp
++     */
++    BN_lshift(exp, BN_value_one(), m - 2);
++    BN_GF2m_mod_exp(c, b, exp, q, ctx);
++    /* Store c */
++    spcf_bn2bin_ex(c, bin, bin_len);
++    ok = 1;
++ err:
++    if (ctx)
++        BN_CTX_free(ctx);
++    if (c)
++        BN_free(c);
++    if (exp)
++        BN_free(exp);
++    return ok;
++}
++
+ static const ENGINE_CMD_DEFN cryptodev_defns[] = {
+     {0, NULL, NULL, 0}
+ };
+@@ -1225,7 +1319,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+  */
+ static int bn2crparam(const BIGNUM *a, struct crparam *crp)
+ {
+-    int i, j, k;
+     ssize_t bytes, bits;
+     u_char *b;
+ 
+@@ -1243,36 +1336,21 @@ static int bn2crparam(const BIGNUM *a, struct crparam *crp)
+     crp->crp_p = (caddr_t) b;
+     crp->crp_nbits = bits;
+ 
+-    for (i = 0, j = 0; i < a->top; i++) {
+-        for (k = 0; k < BN_BITS2 / 8; k++) {
+-            if ((j + k) >= bytes)
+-                return (0);
+-            b[j + k] = a->d[i] >> (k * 8);
+-        }
+-        j += BN_BITS2 / 8;
+-    }
++    BN_bn2bin(a, crp->crp_p);
+     return (0);
+ }
+ 
+ /* Convert a /dev/crypto parameter to a BIGNUM */
+ static int crparam2bn(struct crparam *crp, BIGNUM *a)
+ {
+-    u_int8_t *pd;
+-    int i, bytes;
++    int bytes;
+ 
+     bytes = (crp->crp_nbits + 7) / 8;
+ 
+     if (bytes == 0)
+         return (-1);
+ 
+-    if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
+-        return (-1);
+-
+-    for (i = 0; i < bytes; i++)
+-        pd[i] = crp->crp_p[bytes - i - 1];
+-
+-    BN_bin2bn(pd, bytes, a);
+-    free(pd);
++    BN_bin2bn(crp->crp_p, bytes, a);
+ 
+     return (0);
+ }
+@@ -1321,6 +1399,32 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+     return (ret);
+ }
+ 
++/* Close an opened instance of cryptodev engine */
++void cryptodev_close_instance(void *handle)
++{
++    int fd;
++
++    if (handle) {
++        fd = *(int *)handle;
++        close(fd);
++        free(handle);
++    }
++}
++
++/* Create an instance of cryptodev for asynchronous interface */
++void *cryptodev_init_instance(void)
++{
++    int *fd = malloc(sizeof(int));
++
++    if (fd) {
++        if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) {
++            free(fd);
++            return NULL;
++        }
++    }
++    return fd;
++}
++
+ static int
+ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                      const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+@@ -1337,8 +1441,9 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+         return (ret);
+     }
+ 
+-    memset(&kop, 0, sizeof kop);
+     kop.crk_op = CRK_MOD_EXP;
++    kop.crk_oparams = 0;
++    kop.crk_status = 0;
+ 
+     /* inputs: a^p % m */
+     if (bn2crparam(a, &kop.crk_param[0]))
+@@ -1381,28 +1486,39 @@ static int
+ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+ {
+     struct crypt_kop kop;
+-    int ret = 1;
++    int ret = 1, f_len, p_len, q_len;
++    unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq =
++        NULL, *c = NULL;
+ 
+     if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+         /* XXX 0 means failure?? */
+         return (0);
+     }
+ 
+-    memset(&kop, 0, sizeof kop);
++    kop.crk_oparams = 0;
++    kop.crk_status = 0;
+     kop.crk_op = CRK_MOD_EXP_CRT;
++    f_len = BN_num_bytes(rsa->n);
++    spcf_bn2bin_ex(I, &f, &f_len);
++    spcf_bn2bin(rsa->p, &p, &p_len);
++    spcf_bn2bin(rsa->q, &q, &q_len);
++    spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
++    spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
++    spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
+     /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
+-    if (bn2crparam(rsa->p, &kop.crk_param[0]))
+-        goto err;
+-    if (bn2crparam(rsa->q, &kop.crk_param[1]))
+-        goto err;
+-    if (bn2crparam(I, &kop.crk_param[2]))
+-        goto err;
+-    if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
+-        goto err;
+-    if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
+-        goto err;
+-    if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
+-        goto err;
++    kop.crk_param[0].crp_p = p;
++    kop.crk_param[0].crp_nbits = p_len * 8;
++    kop.crk_param[1].crp_p = q;
++    kop.crk_param[1].crp_nbits = q_len * 8;
++    kop.crk_param[2].crp_p = f;
++    kop.crk_param[2].crp_nbits = f_len * 8;
++    kop.crk_param[3].crp_p = dp;
++    kop.crk_param[3].crp_nbits = p_len * 8;
++    /* dq must of length q, rest all of length p */
++    kop.crk_param[4].crp_p = dq;
++    kop.crk_param[4].crp_nbits = q_len * 8;
++    kop.crk_param[5].crp_p = c;
++    kop.crk_param[5].crp_nbits = p_len * 8;
+     kop.crk_iparams = 6;
+ 
+     if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
+@@ -1438,93 +1554,120 @@ static RSA_METHOD cryptodev_rsa = {
+     NULL                        /* rsa_verify */
+ };
+ 
+-static int
+-cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+-                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+-{
+-    return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+-}
+-
+-static int
+-cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+-                          BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+-                          BN_CTX *ctx, BN_MONT_CTX *mont)
++static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
++                                      DSA *dsa)
+ {
+-    BIGNUM t2;
+-    int ret = 0;
+-
+-    BN_init(&t2);
+-
+-    /* v = ( g^u1 * y^u2 mod p ) mod q */
+-    /* let t1 = g ^ u1 mod p */
+-    ret = 0;
++    struct crypt_kop kop;
++    BIGNUM *c = NULL, *d = NULL;
++    DSA_SIG *dsaret = NULL;
++    int q_len = 0, r_len = 0, g_len = 0;
++    int priv_key_len = 0, ret;
++    unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f =
++        NULL;
+ 
+-    if (!dsa->meth->bn_mod_exp(dsa, t1, dsa->g, u1, dsa->p, ctx, mont))
++    memset(&kop, 0, sizeof kop);
++    if ((c = BN_new()) == NULL) {
++        DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+         goto err;
++    }
+ 
+-    /* let t2 = y ^ u2 mod p */
+-    if (!dsa->meth->bn_mod_exp(dsa, &t2, dsa->pub_key, u2, dsa->p, ctx, mont))
++    if ((d = BN_new()) == NULL) {
++        BN_free(c);
++        DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+         goto err;
+-    /* let u1 = t1 * t2 mod p */
+-    if (!BN_mod_mul(u1, t1, &t2, dsa->p, ctx))
++    }
++
++    if (spcf_bn2bin(dsa->p, &q, &q_len)) {
++        DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+         goto err;
++    }
+ 
+-    BN_copy(t1, u1);
++    /* Get order of the field of private keys into plain buffer */
++    if (spcf_bn2bin(dsa->q, &r, &r_len)) {
++        DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
+ 
+-    ret = 1;
+- err:
+-    BN_free(&t2);
+-    return (ret);
+-}
++    /* sanity test */
++    if (dlen > r_len) {
++        DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
++        goto err;
++    }
+ 
+-static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
+-                                      DSA *dsa)
+-{
+-    struct crypt_kop kop;
+-    BIGNUM *r = NULL, *s = NULL;
+-    DSA_SIG *dsaret = NULL;
++    g_len = q_len;
++    /**
++     * Get generator into a plain buffer. If length is less than
++     * q_len then add leading padding bytes.
++     */
++    if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
++        DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
+ 
+-    if ((r = BN_new()) == NULL)
++    priv_key_len = r_len;
++    /**
++     * Get private key into a plain buffer. If length is less than
++     * r_len then add leading padding bytes.
++     */
++    if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) {
++        DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+         goto err;
+-    if ((s = BN_new()) == NULL) {
+-        BN_free(r);
++    }
++
++    /* Allocate memory to store hash. */
++    f = OPENSSL_malloc(r_len);
++    if (!f) {
++        DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+         goto err;
+     }
+ 
+-    memset(&kop, 0, sizeof kop);
++    /* Add padding, since SEC expects hash to of size r_len */
++    if (dlen < r_len)
++        memset(f, 0, r_len - dlen);
++
++    /* Skip leading bytes if dgst_len < r_len */
++    memcpy(f + r_len - dlen, dgst, dlen);
++
+     kop.crk_op = CRK_DSA_SIGN;
+ 
+     /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+-    kop.crk_param[0].crp_p = (caddr_t) dgst;
+-    kop.crk_param[0].crp_nbits = dlen * 8;
+-    if (bn2crparam(dsa->p, &kop.crk_param[1]))
+-        goto err;
+-    if (bn2crparam(dsa->q, &kop.crk_param[2]))
+-        goto err;
+-    if (bn2crparam(dsa->g, &kop.crk_param[3]))
++    kop.crk_param[0].crp_p = (void *)f;
++    kop.crk_param[0].crp_nbits = r_len * 8;
++    kop.crk_param[1].crp_p = (void *)q;
++    kop.crk_param[1].crp_nbits = q_len * 8;
++    kop.crk_param[2].crp_p = (void *)r;
++    kop.crk_param[2].crp_nbits = r_len * 8;
++    kop.crk_param[3].crp_p = (void *)g;
++    kop.crk_param[3].crp_nbits = g_len * 8;
++    kop.crk_param[4].crp_p = (void *)priv_key;
++    kop.crk_param[4].crp_nbits = priv_key_len * 8;
++    kop.crk_iparams = 5;
++
++    ret = cryptodev_asym(&kop, r_len, c, r_len, d);
++
++    if (ret) {
++        DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DECODE_ERROR);
+         goto err;
+-    if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
++    }
++
++    dsaret = DSA_SIG_new();
++    if (dsaret == NULL)
+         goto err;
+-    kop.crk_iparams = 5;
++    dsaret->r = c;
++    dsaret->s = d;
+ 
+-    if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
+-                       BN_num_bytes(dsa->q), s) == 0) {
+-        dsaret = DSA_SIG_new();
+-        if (dsaret == NULL)
+-            goto err;
+-        dsaret->r = r;
+-        dsaret->s = s;
+-        r = s = NULL;
+-    } else {
++    zapparams(&kop);
++    return (dsaret);
++ err:
++    {
+         const DSA_METHOD *meth = DSA_OpenSSL();
++        if (c)
++            BN_free(c);
++        if (d)
++            BN_free(d);
+         dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);
++        return (dsaret);
+     }
+- err:
+-    BN_free(r);
+-    BN_free(s);
+-    kop.crk_param[0].crp_p = NULL;
+-    zapparams(&kop);
+-    return (dsaret);
+ }
+ 
+ static int
+@@ -1532,43 +1675,175 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
+                      DSA_SIG *sig, DSA *dsa)
+ {
+     struct crypt_kop kop;
+-    int dsaret = 1;
++    int dsaret = 1, q_len = 0, r_len = 0, g_len = 0;
++    int w_len = 0, c_len = 0, d_len = 0, ret = -1;
++    unsigned char *q = NULL, *r = NULL, *w = NULL, *g = NULL;
++    unsigned char *c = NULL, *d = NULL, *f = NULL;
+ 
+     memset(&kop, 0, sizeof kop);
+     kop.crk_op = CRK_DSA_VERIFY;
+ 
+-    /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
+-    kop.crk_param[0].crp_p = (caddr_t) dgst;
+-    kop.crk_param[0].crp_nbits = dlen * 8;
+-    if (bn2crparam(dsa->p, &kop.crk_param[1]))
++    if (spcf_bn2bin(dsa->p, &q, &q_len)) {
++        DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        return ret;
++    }
++
++    /* Get Order of field of private keys */
++    if (spcf_bn2bin(dsa->q, &r, &r_len)) {
++        DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    g_len = q_len;
++        /**
++         * Get generator into a plain buffer. If length is less than
++         * q_len then add leading padding bytes.
++         */
++    if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
++        DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+         goto err;
+-    if (bn2crparam(dsa->q, &kop.crk_param[2]))
++    }
++    w_len = q_len;
++        /**
++         * Get public key into a plain buffer. If length is less than
++         * q_len then add leading padding bytes.
++         */
++    if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) {
++        DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+         goto err;
+-    if (bn2crparam(dsa->g, &kop.crk_param[3]))
++    }
++        /**
++         * Get the 1st part of signature into a flat buffer with
++         * appropriate padding
++         */
++    c_len = r_len;
++
++    if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+         goto err;
+-    if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
++    }
++
++        /**
++         * Get the 2nd part of signature into a flat buffer with
++         * appropriate padding
++         */
++    d_len = r_len;
++
++    if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+         goto err;
+-    if (bn2crparam(sig->r, &kop.crk_param[5]))
++    }
++
++    /* Sanity test */
++    if (dlen > r_len) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+         goto err;
+-    if (bn2crparam(sig->s, &kop.crk_param[6]))
++    }
++
++    /* Allocate memory to store hash. */
++    f = OPENSSL_malloc(r_len);
++    if (!f) {
++        DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+         goto err;
++    }
++
++    /* Add padding, since SEC expects hash to of size r_len */
++    if (dlen < r_len)
++        memset(f, 0, r_len - dlen);
++
++    /* Skip leading bytes if dgst_len < r_len */
++    memcpy(f + r_len - dlen, dgst, dlen);
++
++    /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
++    kop.crk_param[0].crp_p = (void *)f;
++    kop.crk_param[0].crp_nbits = r_len * 8;
++    kop.crk_param[1].crp_p = q;
++    kop.crk_param[1].crp_nbits = q_len * 8;
++    kop.crk_param[2].crp_p = r;
++    kop.crk_param[2].crp_nbits = r_len * 8;
++    kop.crk_param[3].crp_p = g;
++    kop.crk_param[3].crp_nbits = g_len * 8;
++    kop.crk_param[4].crp_p = w;
++    kop.crk_param[4].crp_nbits = w_len * 8;
++    kop.crk_param[5].crp_p = c;
++    kop.crk_param[5].crp_nbits = c_len * 8;
++    kop.crk_param[6].crp_p = d;
++    kop.crk_param[6].crp_nbits = d_len * 8;
+     kop.crk_iparams = 7;
+ 
+-    if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
+-        /*
+-         * OCF success value is 0, if not zero, change dsaret to fail
+-         */
+-        if (0 != kop.crk_status)
+-            dsaret = 0;
+-    } else {
+-        const DSA_METHOD *meth = DSA_OpenSSL();
++    if ((cryptodev_asym(&kop, 0, NULL, 0, NULL))) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR);
++        goto err;
++    }
+ 
+-        dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
++    /*
++     * OCF success value is 0, if not zero, change dsaret to fail
++     */
++    if (0 != kop.crk_status) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR);
++        goto err;
+     }
+- err:
+-    kop.crk_param[0].crp_p = NULL;
++
+     zapparams(&kop);
+     return (dsaret);
++ err:
++    {
++        const DSA_METHOD *meth = DSA_OpenSSL();
++        dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
++        return dsaret;
++    }
++}
++
++/* Cryptodev DSA Key Gen routine */
++static int cryptodev_dsa_keygen(DSA *dsa)
++{
++    struct crypt_kop kop;
++    int ret = 1, g_len;
++    unsigned char *g = NULL;
++
++    if (dsa->priv_key == NULL) {
++        if ((dsa->priv_key = BN_new()) == NULL)
++            goto sw_try;
++    }
++
++    if (dsa->pub_key == NULL) {
++        if ((dsa->pub_key = BN_new()) == NULL)
++            goto sw_try;
++    }
++
++    g_len = BN_num_bytes(dsa->p);
++        /**
++         * Get generator into a plain buffer. If length is less than
++         * p_len then add leading padding bytes.
++         */
++    if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
++        DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
++        goto sw_try;
++    }
++
++    memset(&kop, 0, sizeof kop);
++
++    kop.crk_op = CRK_DSA_GENERATE_KEY;
++    if (bn2crparam(dsa->p, &kop.crk_param[0]))
++        goto sw_try;
++    if (bn2crparam(dsa->q, &kop.crk_param[1]))
++        goto sw_try;
++    kop.crk_param[2].crp_p = g;
++    kop.crk_param[2].crp_nbits = g_len * 8;
++    kop.crk_iparams = 3;
++
++    /* pub_key is or prime length while priv key is of length of order */
++    if (cryptodev_asym(&kop, BN_num_bytes(dsa->p), dsa->pub_key,
++                       BN_num_bytes(dsa->q), dsa->priv_key))
++        goto sw_try;
++
++    return ret;
++ sw_try:
++    {
++        const DSA_METHOD *meth = DSA_OpenSSL();
++        ret = (meth->dsa_keygen) (dsa);
++    }
++    return ret;
+ }
+ 
+ static DSA_METHOD cryptodev_dsa = {
+@@ -1584,12 +1859,558 @@ static DSA_METHOD cryptodev_dsa = {
+     NULL                        /* app_data */
+ };
+ 
+-static int
+-cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+-                     const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+-                     BN_MONT_CTX *m_ctx)
++static ECDSA_METHOD cryptodev_ecdsa = {
++    "cryptodev ECDSA method",
++    NULL,
++    NULL,                       /* ecdsa_sign_setup */
++    NULL,
++    NULL,
++    0,                          /* flags */
++    NULL                        /* app_data */
++};
++
++typedef enum ec_curve_s {
++    EC_PRIME,
++    EC_BINARY
++} ec_curve_t;
++
++/* ENGINE handler for ECDSA Sign */
++static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
++                                          int dgst_len, const BIGNUM *in_kinv,
++                                          const BIGNUM *in_r, EC_KEY *eckey)
+ {
+-    return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
++    BIGNUM *m = NULL, *p = NULL, *a = NULL;
++    BIGNUM *b = NULL, *x = NULL, *y = NULL;
++    BN_CTX *ctx = NULL;
++    ECDSA_SIG *ret = NULL;
++    ECDSA_DATA *ecdsa = NULL;
++    unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
++    unsigned char *s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst =
++        NULL;
++    int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
++    int g_len = 0, d_len = 0, ab_len = 0;
++    const BIGNUM *order = NULL, *priv_key = NULL;
++    const EC_GROUP *group = NULL;
++    struct crypt_kop kop;
++    ec_curve_t ec_crv = EC_PRIME;
++
++    memset(&kop, 0, sizeof(kop));
++    ecdsa = ecdsa_check(eckey);
++    if (!ecdsa) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
++        return NULL;
++    }
++
++    group = EC_KEY_get0_group(eckey);
++    priv_key = EC_KEY_get0_private_key(eckey);
++
++    if (!group || !priv_key) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
++        return NULL;
++    }
++
++    if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
++        (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
++        (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
++        (y = BN_new()) == NULL) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    order = &group->order;
++    if (!order || BN_is_zero(order)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
++        goto err;
++    }
++
++    i = BN_num_bits(order);
++    /*
++     * Need to truncate digest if it is too long: first truncate whole bytes
++     */
++    if (8 * dgst_len > i)
++        dgst_len = (i + 7) / 8;
++
++    if (!BN_bin2bn(dgst, dgst_len, m)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++        goto err;
++    }
++
++    /* If still too long truncate remaining bits with a shift */
++    if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++        goto err;
++    }
++
++    /* copy the truncated bits into plain buffer */
++    if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
++        fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__,
++                __LINE__);
++        goto err;
++    }
++
++    ret = ECDSA_SIG_new();
++    if (!ret) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++        goto err;
++    }
++
++    /* check if this is prime or binary EC request */
++    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
++        NID_X9_62_prime_field) {
++        ec_crv = EC_PRIME;
++        /* get the generator point pair */
++        if (!EC_POINT_get_affine_coordinates_GFp
++            (group, EC_GROUP_get0_generator(group), x, y, ctx)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++            goto err;
++        }
++
++        /* get the ECC curve parameters */
++        if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++            goto err;
++        }
++    } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
++               NID_X9_62_characteristic_two_field) {
++        ec_crv = EC_BINARY;
++        /* get the ECC curve parameters */
++        if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++            goto err;
++        }
++
++        /* get the generator point pair */
++        if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                                                  EC_GROUP_get0_generator
++                                                  (group), x, y, ctx)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++            goto err;
++        }
++    } else {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++        goto err;
++    }
++
++    if (spcf_bn2bin(order, &r, &r_len)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    if (spcf_bn2bin(p, &q, &q_len)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    priv_key_len = r_len;
++
++        /**
++         * If BN_num_bytes of priv_key returns less then r_len then
++         * add padding bytes before the key
++         */
++    if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    /* Generation of ECC curve parameters */
++    ab_len = 2 * q_len;
++    ab = eng_copy_curve_points(a, b, ab_len, q_len);
++    if (!ab) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    if (ec_crv == EC_BINARY) {
++        if (eng_ec_get_cparam
++            (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
++            unsigned char *c_temp = NULL;
++            int c_temp_len = q_len;
++            if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
++                memcpy(ab + q_len, c_temp, q_len);
++            else
++                goto err;
++        }
++        kop.curve_type = ECC_BINARY;
++    }
++
++    /* Calculation of Generator point */
++    g_len = 2 * q_len;
++    g_xy = eng_copy_curve_points(x, y, g_len, q_len);
++    if (!g_xy) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    /* Memory allocation for first part of digital signature */
++    c = malloc(r_len);
++    if (!c) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    d_len = r_len;
++
++    /* Memory allocation for second part of digital signature */
++    d = malloc(d_len);
++    if (!d) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    /* memory for message representative */
++    f = malloc(r_len);
++    if (!f) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    /* Add padding, since SEC expects hash to of size r_len */
++    memset(f, 0, r_len - dgst_len);
++
++    /* Skip leading bytes if dgst_len < r_len */
++    memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
++
++    dgst_len += r_len - dgst_len;
++    kop.crk_op = CRK_DSA_SIGN;
++    /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
++    kop.crk_param[0].crp_p = f;
++    kop.crk_param[0].crp_nbits = dgst_len * 8;
++    kop.crk_param[1].crp_p = q;
++    kop.crk_param[1].crp_nbits = q_len * 8;
++    kop.crk_param[2].crp_p = r;
++    kop.crk_param[2].crp_nbits = r_len * 8;
++    kop.crk_param[3].crp_p = g_xy;
++    kop.crk_param[3].crp_nbits = g_len * 8;
++    kop.crk_param[4].crp_p = s;
++    kop.crk_param[4].crp_nbits = priv_key_len * 8;
++    kop.crk_param[5].crp_p = ab;
++    kop.crk_param[5].crp_nbits = ab_len * 8;
++    kop.crk_iparams = 6;
++    kop.crk_param[6].crp_p = c;
++    kop.crk_param[6].crp_nbits = d_len * 8;
++    kop.crk_param[7].crp_p = d;
++    kop.crk_param[7].crp_nbits = d_len * 8;
++    kop.crk_oparams = 2;
++
++    if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
++        /* Check if ret->r and s needs to allocated */
++        crparam2bn(&kop.crk_param[6], ret->r);
++        crparam2bn(&kop.crk_param[7], ret->s);
++    } else {
++        const ECDSA_METHOD *meth = ECDSA_OpenSSL();
++        ret = (meth->ecdsa_do_sign) (dgst, dgst_len, in_kinv, in_r, eckey);
++    }
++    kop.crk_param[0].crp_p = NULL;
++    zapparams(&kop);
++ err:
++    if (!ret) {
++        ECDSA_SIG_free(ret);
++        ret = NULL;
++    }
++    return ret;
++}
++
++static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
++                                  ECDSA_SIG *sig, EC_KEY *eckey)
++{
++    BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL;
++    BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
++    BN_CTX *ctx = NULL;
++    ECDSA_DATA *ecdsa = NULL;
++    unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy =
++        NULL;
++    unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
++    int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0;
++    int d_len = 0, ab_len = 0, ret = -1;
++    const EC_POINT *pub_key = NULL;
++    const BIGNUM *order = NULL;
++    const EC_GROUP *group = NULL;
++    ec_curve_t ec_crv = EC_PRIME;
++    struct crypt_kop kop;
++
++    memset(&kop, 0, sizeof kop);
++    ecdsa = ecdsa_check(eckey);
++    if (!ecdsa) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
++        return ret;
++    }
++
++    group = EC_KEY_get0_group(eckey);
++    pub_key = EC_KEY_get0_public_key(eckey);
++
++    if (!group || !pub_key) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
++        return ret;
++    }
++
++    if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
++        (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
++        (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
++        (y = BN_new()) == NULL || (w_x = BN_new()) == NULL ||
++        (w_y = BN_new()) == NULL) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    order = &group->order;
++    if (!order || BN_is_zero(order)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
++        goto err;
++    }
++
++    i = BN_num_bits(order);
++    /*
++     * Need to truncate digest if it is too long: first truncate whole *
++     * bytes
++     */
++    if (8 * dgst_len > i)
++        dgst_len = (i + 7) / 8;
++
++    if (!BN_bin2bn(dgst, dgst_len, m)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
++        goto err;
++    }
++
++    /* If still too long truncate remaining bits with a shift */
++    if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
++        goto err;
++    }
++    /* copy the truncated bits into plain buffer */
++    if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    /* check if this is prime or binary EC request */
++    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
++        NID_X9_62_prime_field) {
++        ec_crv = EC_PRIME;
++
++        /* get the generator point pair */
++        if (!EC_POINT_get_affine_coordinates_GFp(group,
++                                                 EC_GROUP_get0_generator
++                                                 (group), x, y, ctx)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++            goto err;
++        }
++
++        /* get the public key pair for prime curve */
++        if (!EC_POINT_get_affine_coordinates_GFp(group,
++                                                 pub_key, w_x, w_y, ctx)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++            goto err;
++        }
++
++        /* get the ECC curve parameters */
++        if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++            goto err;
++        }
++    } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
++               NID_X9_62_characteristic_two_field) {
++        ec_crv = EC_BINARY;
++        /* get the ECC curve parameters */
++        if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++            goto err;
++        }
++
++        /* get the generator point pair */
++        if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                                                  EC_GROUP_get0_generator
++                                                  (group), x, y, ctx)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++            goto err;
++        }
++
++        /* get the public key pair for binary curve */
++        if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                                                  pub_key, w_x, w_y, ctx)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++            goto err;
++        }
++    } else {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++        goto err;
++    }
++
++    /* Get the order of the subgroup of private keys */
++    if (spcf_bn2bin((BIGNUM *)order, &r, &r_len)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    /* Get the irreducible polynomial that creates the field */
++    if (spcf_bn2bin(p, &q, &q_len)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    /* Get the public key into a flat buffer with appropriate padding */
++    pub_key_len = 2 * q_len;
++
++    w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len);
++    if (!w_xy) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    /* Generation of ECC curve parameters */
++    ab_len = 2 * q_len;
++
++    ab = eng_copy_curve_points(a, b, ab_len, q_len);
++    if (!ab) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    if (ec_crv == EC_BINARY) {
++        /* copy b' i.e c(b), instead of only b */
++        if (eng_ec_get_cparam
++            (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
++            unsigned char *c_temp = NULL;
++            int c_temp_len = q_len;
++            if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
++                memcpy(ab + q_len, c_temp, q_len);
++            else
++                goto err;
++        }
++        kop.curve_type = ECC_BINARY;
++    }
++
++    /* Calculation of Generator point */
++    g_len = 2 * q_len;
++
++    g_xy = eng_copy_curve_points(x, y, g_len, q_len);
++    if (!g_xy) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++        /**
++         * Get the 1st part of signature into a flat buffer with
++         * appropriate padding
++         */
++    if (BN_num_bytes(sig->r) < r_len)
++        c_len = r_len;
++
++    if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++        /**
++         * Get the 2nd part of signature into a flat buffer with
++         * appropriate padding
++         */
++    if (BN_num_bytes(sig->s) < r_len)
++        d_len = r_len;
++
++    if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    /* memory for message representative */
++    f = malloc(r_len);
++    if (!f) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    /* Add padding, since SEC expects hash to of size r_len */
++    memset(f, 0, r_len - dgst_len);
++
++    /* Skip leading bytes if dgst_len < r_len */
++    memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
++    dgst_len += r_len - dgst_len;
++    kop.crk_op = CRK_DSA_VERIFY;
++    /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
++    kop.crk_param[0].crp_p = f;
++    kop.crk_param[0].crp_nbits = dgst_len * 8;
++    kop.crk_param[1].crp_p = q;
++    kop.crk_param[1].crp_nbits = q_len * 8;
++    kop.crk_param[2].crp_p = r;
++    kop.crk_param[2].crp_nbits = r_len * 8;
++    kop.crk_param[3].crp_p = g_xy;
++    kop.crk_param[3].crp_nbits = g_len * 8;
++    kop.crk_param[4].crp_p = w_xy;
++    kop.crk_param[4].crp_nbits = pub_key_len * 8;
++    kop.crk_param[5].crp_p = ab;
++    kop.crk_param[5].crp_nbits = ab_len * 8;
++    kop.crk_param[6].crp_p = c;
++    kop.crk_param[6].crp_nbits = d_len * 8;
++    kop.crk_param[7].crp_p = d;
++    kop.crk_param[7].crp_nbits = d_len * 8;
++    kop.crk_iparams = 8;
++
++    if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
++        /*
++         * OCF success value is 0, if not zero, change ret to fail
++         */
++        if (0 == kop.crk_status)
++            ret = 1;
++    } else {
++        const ECDSA_METHOD *meth = ECDSA_OpenSSL();
++
++        ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey);
++    }
++    kop.crk_param[0].crp_p = NULL;
++    zapparams(&kop);
++
++ err:
++    return ret;
++}
++
++static int cryptodev_dh_keygen(DH *dh)
++{
++    struct crypt_kop kop;
++    int ret = 1, g_len;
++    unsigned char *g = NULL;
++
++    if (dh->priv_key == NULL) {
++        if ((dh->priv_key = BN_new()) == NULL)
++            goto sw_try;
++    }
++
++    if (dh->pub_key == NULL) {
++        if ((dh->pub_key = BN_new()) == NULL)
++            goto sw_try;
++    }
++
++    g_len = BN_num_bytes(dh->p);
++        /**
++         * Get generator into a plain buffer. If length is less than
++         * q_len then add leading padding bytes.
++         */
++    if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
++        DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
++        goto sw_try;
++    }
++
++    memset(&kop, 0, sizeof kop);
++    kop.crk_op = CRK_DH_GENERATE_KEY;
++    if (bn2crparam(dh->p, &kop.crk_param[0]))
++        goto sw_try;
++    if (bn2crparam(dh->q, &kop.crk_param[1]))
++        goto sw_try;
++    kop.crk_param[2].crp_p = g;
++    kop.crk_param[2].crp_nbits = g_len * 8;
++    kop.crk_iparams = 3;
++
++    /* pub_key is or prime length while priv key is of length of order */
++    if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
++                       BN_num_bytes(dh->q), dh->priv_key))
++        goto sw_try;
++
++    return ret;
++ sw_try:
++    {
++        const DH_METHOD *meth = DH_OpenSSL();
++        ret = (meth->generate_key) (dh);
++    }
++    return ret;
+ }
+ 
+ static int
+@@ -1597,41 +2418,236 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+ {
+     struct crypt_kop kop;
+     int dhret = 1;
+-    int fd, keylen;
++    int fd, p_len;
++    BIGNUM *temp = NULL;
++    unsigned char *padded_pub_key = NULL, *p = NULL;
++
++    if ((fd = get_asym_dev_crypto()) < 0)
++        goto sw_try;
++
++    memset(&kop, 0, sizeof kop);
++    kop.crk_op = CRK_DH_COMPUTE_KEY;
++    /* inputs: dh->priv_key pub_key dh->p key */
++    spcf_bn2bin(dh->p, &p, &p_len);
++    spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
++    if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
++        goto sw_try;
++
++    kop.crk_param[1].crp_p = padded_pub_key;
++    kop.crk_param[1].crp_nbits = p_len * 8;
++    kop.crk_param[2].crp_p = p;
++    kop.crk_param[2].crp_nbits = p_len * 8;
++    kop.crk_iparams = 3;
++    kop.crk_param[3].crp_p = (void *)key;
++    kop.crk_param[3].crp_nbits = p_len * 8;
++    kop.crk_oparams = 1;
++    dhret = p_len;
++
++    if (ioctl(fd, CIOCKEY, &kop))
++        goto sw_try;
++
++    if ((temp = BN_new())) {
++        if (!BN_bin2bn(key, p_len, temp)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++            goto sw_try;
++        }
++        if (dhret > BN_num_bytes(temp))
++            dhret = BN_bn2bin(temp, key);
++        BN_free(temp);
++    }
+ 
+-    if ((fd = get_asym_dev_crypto()) < 0) {
++    kop.crk_param[3].crp_p = NULL;
++    zapparams(&kop);
++    return (dhret);
++ sw_try:
++    {
+         const DH_METHOD *meth = DH_OpenSSL();
+ 
+-        return ((meth->compute_key) (key, pub_key, dh));
++        dhret = (meth->compute_key) (key, pub_key, dh);
+     }
++    return (dhret);
++}
+ 
+-    keylen = BN_num_bits(dh->p);
++int cryptodev_ecdh_compute_key(void *out, size_t outlen,
++                               const EC_POINT *pub_key, EC_KEY *ecdh,
++                               void *(*KDF) (const void *in, size_t inlen,
++                                             void *out, size_t *outlen))
++{
++    ec_curve_t ec_crv = EC_PRIME;
++    unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
++    BIGNUM *w_x = NULL, *w_y = NULL;
++    int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
++    BIGNUM *p = NULL, *a = NULL, *b = NULL;
++    BN_CTX *ctx;
++    EC_POINT *tmp = NULL;
++    BIGNUM *x = NULL, *y = NULL;
++    const BIGNUM *priv_key;
++    const EC_GROUP *group = NULL;
++    int ret = -1;
++    size_t buflen, len;
++    struct crypt_kop kop;
+ 
+     memset(&kop, 0, sizeof kop);
+-    kop.crk_op = CRK_DH_COMPUTE_KEY;
+ 
+-    /* inputs: dh->priv_key pub_key dh->p key */
+-    if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
++    if ((ctx = BN_CTX_new()) == NULL)
+         goto err;
+-    if (bn2crparam(pub_key, &kop.crk_param[1]))
++    BN_CTX_start(ctx);
++    x = BN_CTX_get(ctx);
++    y = BN_CTX_get(ctx);
++    p = BN_CTX_get(ctx);
++    a = BN_CTX_get(ctx);
++    b = BN_CTX_get(ctx);
++    w_x = BN_CTX_get(ctx);
++    w_y = BN_CTX_get(ctx);
++
++    if (!x || !y || !p || !a || !b || !w_x || !w_y) {
++        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+         goto err;
+-    if (bn2crparam(dh->p, &kop.crk_param[2]))
++    }
++
++    priv_key = EC_KEY_get0_private_key(ecdh);
++    if (priv_key == NULL) {
++        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE);
+         goto err;
+-    kop.crk_iparams = 3;
++    }
+ 
+-    kop.crk_param[3].crp_p = (caddr_t) key;
+-    kop.crk_param[3].crp_nbits = keylen * 8;
+-    kop.crk_oparams = 1;
++    group = EC_KEY_get0_group(ecdh);
++    if ((tmp = EC_POINT_new(group)) == NULL) {
++        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
+ 
+-    if (ioctl(fd, CIOCKEY, &kop) == -1) {
+-        const DH_METHOD *meth = DH_OpenSSL();
++    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
++        NID_X9_62_prime_field) {
++        ec_crv = EC_PRIME;
+ 
+-        dhret = (meth->compute_key) (key, pub_key, dh);
++        if (!EC_POINT_get_affine_coordinates_GFp(group,
++                                                 EC_GROUP_get0_generator
++                                                 (group), x, y, ctx)) {
++            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
++            goto err;
++        }
++
++        /* get the ECC curve parameters */
++        if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
++            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
++            goto err;
++        }
++
++        /* get the public key pair for prime curve */
++        if (!EC_POINT_get_affine_coordinates_GFp
++            (group, pub_key, w_x, w_y, ctx)) {
++            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
++            goto err;
++        }
++    } else {
++        ec_crv = EC_BINARY;
++
++        if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                                                  EC_GROUP_get0_generator
++                                                  (group), x, y, ctx)) {
++            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
++            goto err;
++        }
++
++        /* get the ECC curve parameters */
++        if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
++            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
++            goto err;
++        }
++
++        /* get the public key pair for binary curve */
++        if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                                                  pub_key, w_x, w_y, ctx)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++            goto err;
++        }
++    }
++
++    /* irreducible polynomial that creates the field */
++    if (spcf_bn2bin((BIGNUM *)&group->order, &r, &r_len)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    /* Get the irreducible polynomial that creates the field */
++    if (spcf_bn2bin(p, &q, &q_len)) {
++        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
++        goto err;
++    }
++
++    /* Get the public key into a flat buffer with appropriate padding */
++    pub_key_len = 2 * q_len;
++    w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len);
++    if (!w_xy) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    /* Generation of ECC curve parameters */
++    ab_len = 2 * q_len;
++    ab = eng_copy_curve_points(a, b, ab_len, q_len);
++    if (!ab) {
++        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
++        goto err;
++    }
++
++    if (ec_crv == EC_BINARY) {
++        /* copy b' i.e c(b), instead of only b */
++        if (eng_ec_get_cparam
++            (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
++            unsigned char *c_temp = NULL;
++            int c_temp_len = q_len;
++            if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
++                memcpy(ab + q_len, c_temp, q_len);
++            else
++                goto err;
++        }
++        kop.curve_type = ECC_BINARY;
++    } else
++        kop.curve_type = ECC_PRIME;
++
++    priv_key_len = r_len;
++
++    /*
++     * If BN_num_bytes of priv_key returns less then r_len then
++     * add padding bytes before the key
++     */
++    if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    buflen = (EC_GROUP_get_degree(group) + 7) / 8;
++    len = BN_num_bytes(x);
++    if (len > buflen || q_len < buflen) {
++        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
++        goto err;
+     }
++
++    kop.crk_op = CRK_DH_COMPUTE_KEY;
++    kop.crk_param[0].crp_p = (void *)s;
++    kop.crk_param[0].crp_nbits = priv_key_len * 8;
++    kop.crk_param[1].crp_p = (void *)w_xy;
++    kop.crk_param[1].crp_nbits = pub_key_len * 8;
++    kop.crk_param[2].crp_p = (void *)q;
++    kop.crk_param[2].crp_nbits = q_len * 8;
++    kop.crk_param[3].crp_p = (void *)ab;
++    kop.crk_param[3].crp_nbits = ab_len * 8;
++    kop.crk_iparams = 4;
++    kop.crk_param[4].crp_p = (void *)out;
++    kop.crk_param[4].crp_nbits = q_len * 8;
++    kop.crk_oparams = 1;
++    ret = q_len;
++    if (cryptodev_asym(&kop, 0, NULL, 0, NULL)) {
++        const ECDH_METHOD *meth = ECDH_OpenSSL();
++        ret = (meth->compute_key) (out, outlen, pub_key, ecdh, KDF);
++    } else
++        ret = q_len;
+  err:
+-    kop.crk_param[3].crp_p = NULL;
++    kop.crk_param[4].crp_p = NULL;
+     zapparams(&kop);
+-    return (dhret);
++    return ret;
+ }
+ 
+ static DH_METHOD cryptodev_dh = {
+@@ -1645,6 +2661,14 @@ static DH_METHOD cryptodev_dh = {
+     NULL                        /* app_data */
+ };
+ 
++static ECDH_METHOD cryptodev_ecdh = {
++    "cryptodev ECDH method",
++    NULL,                       /* cryptodev_ecdh_compute_key */
++    NULL,
++    0,                          /* flags */
++    NULL                        /* app_data */
++};
++
+ /*
+  * ctrl right now is just a wrapper that doesn't do much
+  * but I expect we'll want some options soon.
+@@ -1724,24 +2748,39 @@ void ENGINE_load_cryptodev(void)
+         memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
+         if (cryptodev_asymfeat & CRF_DSA_SIGN)
+             cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
+-        if (cryptodev_asymfeat & CRF_MOD_EXP) {
+-            cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
+-            cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
+-        }
+         if (cryptodev_asymfeat & CRF_DSA_VERIFY)
+             cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
++        if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY)
++            cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen;
+     }
+ 
+     if (ENGINE_set_DH(engine, &cryptodev_dh)) {
+         const DH_METHOD *dh_meth = DH_OpenSSL();
++        memcpy(&cryptodev_dh, dh_meth, sizeof(DH_METHOD));
++        if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
++            cryptodev_dh.compute_key = cryptodev_dh_compute_key;
++        }
++        if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) {
++            cryptodev_dh.generate_key = cryptodev_dh_keygen;
++        }
++    }
+ 
+-        cryptodev_dh.generate_key = dh_meth->generate_key;
+-        cryptodev_dh.compute_key = dh_meth->compute_key;
+-        cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
+-        if (cryptodev_asymfeat & CRF_MOD_EXP) {
+-            cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
+-            if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
+-                cryptodev_dh.compute_key = cryptodev_dh_compute_key;
++    if (ENGINE_set_ECDSA(engine, &cryptodev_ecdsa)) {
++        const ECDSA_METHOD *meth = ECDSA_OpenSSL();
++        memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD));
++        if (cryptodev_asymfeat & CRF_DSA_SIGN) {
++            cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign;
++        }
++        if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
++            cryptodev_ecdsa.ecdsa_do_verify = cryptodev_ecdsa_verify;
++        }
++    }
++
++    if (ENGINE_set_ECDH(engine, &cryptodev_ecdh)) {
++        const ECDH_METHOD *ecdh_meth = ECDH_OpenSSL();
++        memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD));
++        if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
++            cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key;
+         }
+     }
+ 
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch
new file mode 100644
index 0000000..61469dc
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch
@@ -0,0 +1,28 @@
+From c3b1f595607fe4e431dab12b7d8ceda6742547d5 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta at freescale.com>
+Date: Tue, 11 Mar 2014 06:42:59 +0545
+Subject: [PATCH 06/48] Added hwrng dev file as source of RNG
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
+---
+ e_os.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/e_os.h b/e_os.h
+index 1fa36c1..6c0917b 100644
+--- a/e_os.h
++++ b/e_os.h
+@@ -82,7 +82,7 @@ extern "C" {
+  * set this to a comma-separated list of 'random' device files to try out. My
+  * default, we will try to read at least one of these files
+  */
+-#  define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
++#  define DEVRANDOM "/dev/hwrng","/dev/urandom","/dev/random","/dev/srandom"
+ # endif
+ # ifndef DEVRANDOM_EGD
+ /*
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Fixed-private-key-support-for-DH.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Fixed-private-key-support-for-DH.patch
deleted file mode 100644
index 01c268b..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Fixed-private-key-support-for-DH.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 39a9e609290a8a1163a721915bcde0c7cf8f92f7 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Tue, 11 Mar 2014 05:57:47 +0545
-Subject: [PATCH 06/26] Fixed private key support for DH
-
-Upstream-status: Pending
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
----
- crypto/dh/dh_ameth.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
-index 02ec2d4..ed32004 100644
---- a/crypto/dh/dh_ameth.c
-+++ b/crypto/dh/dh_ameth.c
-@@ -422,6 +422,13 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
- 	if (to->pkey.dh->g != NULL)
- 		BN_free(to->pkey.dh->g);
- 	to->pkey.dh->g=a;
-+	if ((a=BN_dup(from->pkey.dh->q)) != NULL) {
-+		if (to->pkey.dh->q != NULL)
-+			BN_free(to->pkey.dh->q);
-+		to->pkey.dh->q=a;
-+	}
-+
-+	to->pkey.dh->length = from->pkey.dh->length;
- 
- 	return 1;
- 	}
--- 
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
new file mode 100644
index 0000000..192cd18
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
@@ -0,0 +1,2050 @@
+From 45cfc01ade9eeb43fdb5950d3db152cae1b41059 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta at freescale.com>
+Date: Tue, 11 Mar 2014 07:14:30 +0545
+Subject: [PATCH 07/48] Asynchronous interface added for PKC cryptodev
+ interface
+
+Upstream-status: Pending
+
+Change-Id: Ia8974f793dc18a959ed6798dcdd7d3fad81cb7da
+Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
+---
+ crypto/crypto.h               |   16 +
+ crypto/dh/dh.h                |    3 +
+ crypto/dsa/dsa.h              |    5 +
+ crypto/ecdh/ech_locl.h        |    3 +
+ crypto/ecdsa/ecs_locl.h       |    5 +
+ crypto/engine/eng_cryptodev.c | 1598 +++++++++++++++++++++++++++++++++++++----
+ crypto/engine/eng_int.h       |   23 +
+ crypto/engine/eng_lib.c       |   46 ++
+ crypto/engine/engine.h        |   24 +
+ crypto/rsa/rsa.h              |   23 +
+ 10 files changed, 1605 insertions(+), 141 deletions(-)
+
+diff --git a/crypto/crypto.h b/crypto/crypto.h
+index 6c644ce..2b4ec59 100644
+--- a/crypto/crypto.h
++++ b/crypto/crypto.h
+@@ -655,6 +655,22 @@ void ERR_load_CRYPTO_strings(void);
+ # define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED                 101
+ # define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK              100
+ 
++/* Additions for Asynchronous PKC Infrastructure */
++struct pkc_cookie_s {
++	void *cookie; /* To be filled by openssl library primitive method function caller */
++	void *eng_cookie; /* To be filled by Engine */
++	 /*
++	   * Callback handler to be provided by caller. Ensure to pass a
++	   * handler which takes the crypto operation to completion.
++	   * cookie: Container cookie from library
++	   * status: Status of the crypto Job completion.
++	   *		0: Job handled without any issue
++	   *		-EINVAL: Parameters Invalid
++	   */
++	void (*pkc_callback)(struct pkc_cookie_s *cookie, int status);
++	void *eng_handle;
++};
++
+ #ifdef  __cplusplus
+ }
+ #endif
+diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
+index a5bd901..31dd762 100644
+--- a/crypto/dh/dh.h
++++ b/crypto/dh/dh.h
+@@ -123,6 +123,9 @@ struct dh_method {
+     int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a,
+                        const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                        BN_MONT_CTX *m_ctx);
++	int (*compute_key_async)(unsigned char *key,const BIGNUM *pub_key,DH *dh,
++				struct pkc_cookie_s *cookie);
++	int (*generate_key_async)(DH *dh, struct pkc_cookie_s *cookie);
+     int (*init) (DH *dh);
+     int (*finish) (DH *dh);
+     int flags;
+diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
+index 545358f..8584731 100644
+--- a/crypto/dsa/dsa.h
++++ b/crypto/dsa/dsa.h
+@@ -139,6 +139,10 @@ struct dsa_method {
+     /* Can be null */
+     int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
++	int (*dsa_do_sign_async)(const unsigned char *dgst, int dlen, DSA *dsa,
++				DSA_SIG *sig, struct pkc_cookie_s *cookie);
++	int (*dsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
++			     DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie);
+     int (*init) (DSA *dsa);
+     int (*finish) (DSA *dsa);
+     int flags;
+@@ -150,6 +154,7 @@ struct dsa_method {
+                          BN_GENCB *cb);
+     /* If this is non-NULL, it is used to generate DSA keys */
+     int (*dsa_keygen) (DSA *dsa);
++	int (*dsa_keygen_async)(DSA *dsa, struct pkc_cookie_s *cookie);
+ };
+ 
+ struct dsa_st {
+diff --git a/crypto/ecdh/ech_locl.h b/crypto/ecdh/ech_locl.h
+index 4e66024..502507b 100644
+--- a/crypto/ecdh/ech_locl.h
++++ b/crypto/ecdh/ech_locl.h
+@@ -68,6 +68,9 @@ struct ecdh_method {
+                         EC_KEY *ecdh, void *(*KDF) (const void *in,
+                                                     size_t inlen, void *out,
+                                                     size_t *outlen));
++    int (*compute_key_async)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
++	                   void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen),
++	                   struct pkc_cookie_s *cookie);
+ # if 0
+     int (*init) (EC_KEY *eckey);
+     int (*finish) (EC_KEY *eckey);
+diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h
+index d3a5efc..9b28c04 100644
+--- a/crypto/ecdsa/ecs_locl.h
++++ b/crypto/ecdsa/ecs_locl.h
+@@ -74,6 +74,11 @@ struct ecdsa_method {
+                              BIGNUM **r);
+     int (*ecdsa_do_verify) (const unsigned char *dgst, int dgst_len,
+                             const ECDSA_SIG *sig, EC_KEY *eckey);
++	 int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len,
++			const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey,
++			ECDSA_SIG *sig, struct pkc_cookie_s *cookie);
++	int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
++			const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie);
+ # if 0
+     int (*init) (EC_KEY *eckey);
+     int (*finish) (EC_KEY *eckey);
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 0b41bb2..8303630 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1367,6 +1367,60 @@ static void zapparams(struct crypt_kop *kop)
+     }
+ }
+ 
++/*
++ * Any PKC request has at max 2 output parameters and they are stored here to
++ * be used while copying in the check availability
++ */
++struct cryptodev_cookie_s {
++    BIGNUM *r;
++    struct crparam r_param;
++    BIGNUM *s;
++    struct crparam s_param;
++    struct crypt_kop *kop;
++};
++
++static int
++cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
++                     BIGNUM *s)
++{
++    int fd;
++    struct pkc_cookie_s *cookie = kop->cookie;
++    struct cryptodev_cookie_s *eng_cookie;
++
++    fd = *(int *)cookie->eng_handle;
++
++    eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
++
++    if (eng_cookie) {
++        memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
++        if (r) {
++            kop->crk_param[kop->crk_iparams].crp_p =
++                calloc(rlen, sizeof(char));
++            if (!kop->crk_param[kop->crk_iparams].crp_p)
++                return -ENOMEM;
++            kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
++            kop->crk_oparams++;
++            eng_cookie->r = r;
++            eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
++        }
++        if (s) {
++            kop->crk_param[kop->crk_iparams + 1].crp_p =
++                calloc(slen, sizeof(char));
++            if (!kop->crk_param[kop->crk_iparams + 1].crp_p)
++                return -ENOMEM;
++            kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
++            kop->crk_oparams++;
++            eng_cookie->s = s;
++            eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
++        }
++    } else
++        return -ENOMEM;
++
++    eng_cookie->kop = kop;
++    cookie->eng_cookie = eng_cookie;
++    return ioctl(fd, CIOCASYMASYNCRYPT, kop);
++}
++
+ static int
+ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+                BIGNUM *s)
+@@ -1425,6 +1479,44 @@ void *cryptodev_init_instance(void)
+     return fd;
+ }
+ 
++# include <poll.h>
++
++/* Return 0 on success and 1 on failure */
++int cryptodev_check_availability(void *eng_handle)
++{
++    int fd = *(int *)eng_handle;
++    struct pkc_cookie_list_s cookie_list;
++    struct pkc_cookie_s *cookie;
++    int i;
++
++    /* FETCH COOKIE returns number of cookies extracted */
++    if (ioctl(fd, CIOCASYMFETCHCOOKIE, &cookie_list) <= 0)
++        return 1;
++
++    for (i = 0; i < cookie_list.cookie_available; i++) {
++        cookie = cookie_list.cookie[i];
++        if (cookie) {
++            struct cryptodev_cookie_s *eng_cookie = cookie->eng_cookie;
++            if (eng_cookie) {
++                struct crypt_kop *kop = eng_cookie->kop;
++
++                if (eng_cookie->r)
++                    crparam2bn(&eng_cookie->r_param, eng_cookie->r);
++                if (eng_cookie->s)
++                    crparam2bn(&eng_cookie->s_param, eng_cookie->s);
++                if (kop->crk_op == CRK_DH_COMPUTE_KEY)
++                    kop->crk_oparams = 0;
++
++                zapparams(eng_cookie->kop);
++                free(eng_cookie->kop);
++                free(eng_cookie);
++            }
++            cookie->pkc_callback(cookie, cookie_list.status[i]);
++        }
++    }
++    return 0;
++}
++
+ static int
+ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                      const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+@@ -1472,6 +1564,66 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ }
+ 
+ static int
++cryptodev_bn_mod_exp_async(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
++                           const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont,
++                           struct pkc_cookie_s *cookie)
++{
++    struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++    int ret = 1;
++
++    /*
++     * Currently, we know we can do mod exp iff we can do any asymmetric
++     * operations at all.
++     */
++    if (cryptodev_asymfeat == 0 || !kop) {
++        ret = BN_mod_exp(r, a, p, m, ctx);
++        return (ret);
++    }
++
++    kop->crk_oparams = 0;
++    kop->crk_status = 0;
++    kop->crk_op = CRK_MOD_EXP;
++    kop->cookie = cookie;
++    /* inputs: a^p % m */
++    if (bn2crparam(a, &kop->crk_param[0]))
++        goto err;
++    if (bn2crparam(p, &kop->crk_param[1]))
++        goto err;
++    if (bn2crparam(m, &kop->crk_param[2]))
++        goto err;
++
++    kop->crk_iparams = 3;
++    if (cryptodev_asym_async(kop, BN_num_bytes(m), r, 0, NULL))
++        goto err;
++
++    return ret;
++ err:
++    {
++        const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
++
++        if (kop)
++            free(kop);
++        ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
++        if (ret)
++            /* Call the completion handler immediately */
++            cookie->pkc_callback(cookie, 0);
++    }
++    return ret;
++}
++
++static int
++cryptodev_rsa_nocrt_mod_exp_async(BIGNUM *r0, const BIGNUM *I,
++                                  RSA *rsa, BN_CTX *ctx,
++                                  struct pkc_cookie_s *cookie)
++{
++    int r;
++    ctx = BN_CTX_new();
++    r = cryptodev_bn_mod_exp_async(r0, I, rsa->d, rsa->n, ctx, NULL, cookie);
++    BN_CTX_free(ctx);
++    return r;
++}
++
++static int
+ cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+                             BN_CTX *ctx)
+ {
+@@ -1538,6 +1690,63 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+     return (ret);
+ }
+ 
++static int
++cryptodev_rsa_mod_exp_async(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
++                            BN_CTX *ctx, struct pkc_cookie_s *cookie)
++{
++    struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++    int ret = 1, f_len, p_len, q_len;
++    unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq =
++        NULL, *c = NULL;
++
++    if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp || !kop) {
++        return (0);
++    }
++
++    kop->crk_oparams = 0;
++    kop->crk_status = 0;
++    kop->crk_op = CRK_MOD_EXP_CRT;
++    f_len = BN_num_bytes(rsa->n);
++    spcf_bn2bin_ex(I, &f, &f_len);
++    spcf_bn2bin(rsa->p, &p, &p_len);
++    spcf_bn2bin(rsa->q, &q, &q_len);
++    spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
++    spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
++    spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
++    /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
++    kop->crk_param[0].crp_p = p;
++    kop->crk_param[0].crp_nbits = p_len * 8;
++    kop->crk_param[1].crp_p = q;
++    kop->crk_param[1].crp_nbits = q_len * 8;
++    kop->crk_param[2].crp_p = f;
++    kop->crk_param[2].crp_nbits = f_len * 8;
++    kop->crk_param[3].crp_p = dp;
++    kop->crk_param[3].crp_nbits = p_len * 8;
++    /* dq must of length q, rest all of length p */
++    kop->crk_param[4].crp_p = dq;
++    kop->crk_param[4].crp_nbits = q_len * 8;
++    kop->crk_param[5].crp_p = c;
++    kop->crk_param[5].crp_nbits = p_len * 8;
++    kop->crk_iparams = 6;
++    kop->cookie = cookie;
++    if (cryptodev_asym_async(kop, BN_num_bytes(rsa->n), r0, 0, NULL))
++        goto err;
++
++    return ret;
++ err:
++    {
++        const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
++
++        if (kop)
++            free(kop);
++        ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
++        if (ret)
++            /* Call user completion handler immediately */
++            cookie->pkc_callback(cookie, 0);
++    }
++    return (ret);
++}
++
+ static RSA_METHOD cryptodev_rsa = {
+     "cryptodev RSA method",
+     NULL,                       /* rsa_pub_enc */
+@@ -1546,6 +1755,12 @@ static RSA_METHOD cryptodev_rsa = {
+     NULL,                       /* rsa_priv_dec */
+     NULL,
+     NULL,
++    NULL,                       /* rsa_pub_enc */
++    NULL,                       /* rsa_pub_dec */
++    NULL,                       /* rsa_priv_enc */
++    NULL,                       /* rsa_priv_dec */
++    NULL,
++    NULL,
+     NULL,                       /* init */
+     NULL,                       /* finish */
+     0,                          /* flags */
+@@ -1846,128 +2061,428 @@ static int cryptodev_dsa_keygen(DSA *dsa)
+     return ret;
+ }
+ 
+-static DSA_METHOD cryptodev_dsa = {
+-    "cryptodev DSA method",
+-    NULL,
+-    NULL,                       /* dsa_sign_setup */
+-    NULL,
+-    NULL,                       /* dsa_mod_exp */
+-    NULL,
+-    NULL,                       /* init */
+-    NULL,                       /* finish */
+-    0,                          /* flags */
+-    NULL                        /* app_data */
+-};
++/* Cryptodev DSA Key Gen routine */
++static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie)
++{
++    struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++    int ret = 1, g_len;
++    unsigned char *g = NULL;
+ 
+-static ECDSA_METHOD cryptodev_ecdsa = {
+-    "cryptodev ECDSA method",
+-    NULL,
+-    NULL,                       /* ecdsa_sign_setup */
+-    NULL,
+-    NULL,
+-    0,                          /* flags */
+-    NULL                        /* app_data */
+-};
++    if (!kop)
++        goto sw_try;
+ 
+-typedef enum ec_curve_s {
+-    EC_PRIME,
+-    EC_BINARY
+-} ec_curve_t;
++    if (dsa->priv_key == NULL) {
++        if ((dsa->priv_key = BN_new()) == NULL)
++            goto sw_try;
++    }
+ 
+-/* ENGINE handler for ECDSA Sign */
+-static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
+-                                          int dgst_len, const BIGNUM *in_kinv,
+-                                          const BIGNUM *in_r, EC_KEY *eckey)
+-{
+-    BIGNUM *m = NULL, *p = NULL, *a = NULL;
+-    BIGNUM *b = NULL, *x = NULL, *y = NULL;
+-    BN_CTX *ctx = NULL;
+-    ECDSA_SIG *ret = NULL;
+-    ECDSA_DATA *ecdsa = NULL;
+-    unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
+-    unsigned char *s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst =
+-        NULL;
+-    int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
+-    int g_len = 0, d_len = 0, ab_len = 0;
+-    const BIGNUM *order = NULL, *priv_key = NULL;
+-    const EC_GROUP *group = NULL;
+-    struct crypt_kop kop;
+-    ec_curve_t ec_crv = EC_PRIME;
++    if (dsa->pub_key == NULL) {
++        if ((dsa->pub_key = BN_new()) == NULL)
++            goto sw_try;
++    }
+ 
+-    memset(&kop, 0, sizeof(kop));
+-    ecdsa = ecdsa_check(eckey);
+-    if (!ecdsa) {
+-        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
+-        return NULL;
++    g_len = BN_num_bytes(dsa->p);
++        /**
++         * Get generator into a plain buffer. If length is less than
++         * q_len then add leading padding bytes.
++         */
++    if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
++        DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
++        goto sw_try;
+     }
+ 
+-    group = EC_KEY_get0_group(eckey);
+-    priv_key = EC_KEY_get0_private_key(eckey);
++    memset(kop, 0, sizeof(struct crypt_kop));
++    kop->crk_op = CRK_DSA_GENERATE_KEY;
++    if (bn2crparam(dsa->p, &kop->crk_param[0]))
++        goto sw_try;
++    if (bn2crparam(dsa->q, &kop->crk_param[1]))
++        goto sw_try;
++    kop->crk_param[2].crp_p = g;
++    kop->crk_param[2].crp_nbits = g_len * 8;
++    kop->crk_iparams = 3;
++    kop->cookie = cookie;
+ 
+-    if (!group || !priv_key) {
+-        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
+-        return NULL;
++    /* pub_key is or prime length while priv key is of length of order */
++    if (cryptodev_asym_async(kop, BN_num_bytes(dsa->p), dsa->pub_key,
++                             BN_num_bytes(dsa->q), dsa->priv_key))
++        goto sw_try;
++
++    return ret;
++ sw_try:
++    {
++        const DSA_METHOD *meth = DSA_OpenSSL();
++
++        if (kop)
++            free(kop);
++        ret = (meth->dsa_keygen) (dsa);
++        cookie->pkc_callback(cookie, 0);
+     }
++    return ret;
++}
+ 
+-    if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
+-        (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
+-        (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
+-        (y = BN_new()) == NULL) {
+-        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++static int
++cryptodev_dsa_do_sign_async(const unsigned char *dgst, int dlen, DSA *dsa,
++                            DSA_SIG *sig, struct pkc_cookie_s *cookie)
++{
++    struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++    DSA_SIG *dsaret = NULL;
++    int q_len = 0, r_len = 0, g_len = 0;
++    int priv_key_len = 0, ret = 1;
++    unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f =
++        NULL;
++    if (((sig->r = BN_new()) == NULL) || !kop) {
++        DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+         goto err;
+     }
+ 
+-    order = &group->order;
+-    if (!order || BN_is_zero(order)) {
+-        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
++    if ((sig->s = BN_new()) == NULL) {
++        BN_free(sig->r);
++        DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+         goto err;
+     }
+ 
+-    i = BN_num_bits(order);
+-    /*
+-     * Need to truncate digest if it is too long: first truncate whole bytes
+-     */
+-    if (8 * dgst_len > i)
+-        dgst_len = (i + 7) / 8;
+-
+-    if (!BN_bin2bn(dgst, dgst_len, m)) {
+-        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++    if (spcf_bn2bin(dsa->p, &q, &q_len)) {
++        DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+         goto err;
+     }
+ 
+-    /* If still too long truncate remaining bits with a shift */
+-    if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
+-        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++    /* Get order of the field of private keys into plain buffer */
++    if (spcf_bn2bin(dsa->q, &r, &r_len)) {
++        DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+         goto err;
+     }
+ 
+-    /* copy the truncated bits into plain buffer */
+-    if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
+-        fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__,
+-                __LINE__);
++    /* sanity test */
++    if (dlen > r_len) {
++        DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+         goto err;
+     }
+ 
+-    ret = ECDSA_SIG_new();
+-    if (!ret) {
+-        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++    g_len = q_len;
++        /**
++         * Get generator into a plain buffer. If length is less than
++         * q_len then add leading padding bytes.
++         */
++    if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
++        DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+         goto err;
+     }
+ 
+-    /* check if this is prime or binary EC request */
+-    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+-        NID_X9_62_prime_field) {
+-        ec_crv = EC_PRIME;
+-        /* get the generator point pair */
+-        if (!EC_POINT_get_affine_coordinates_GFp
+-            (group, EC_GROUP_get0_generator(group), x, y, ctx)) {
+-            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
+-            goto err;
+-        }
++    priv_key_len = r_len;
++        /**
++         * Get private key into a plain buffer. If length is less than
++         * r_len then add leading padding bytes.
++         */
++    if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) {
++        DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
+ 
+-        /* get the ECC curve parameters */
+-        if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
+-            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++    /* Allocate memory to store hash. */
++    f = OPENSSL_malloc(r_len);
++    if (!f) {
++        DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    /* Add padding, since SEC expects hash to of size r_len */
++    if (dlen < r_len)
++        memset(f, 0, r_len - dlen);
++
++    /* Skip leading bytes if dgst_len < r_len */
++    memcpy(f + r_len - dlen, dgst, dlen);
++
++    dlen = r_len;
++
++    memset(kop, 0, sizeof(struct crypt_kop));
++    kop->crk_op = CRK_DSA_SIGN;
++
++    /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
++    kop->crk_param[0].crp_p = (void *)f;
++    kop->crk_param[0].crp_nbits = dlen * 8;
++    kop->crk_param[1].crp_p = (void *)q;
++    kop->crk_param[1].crp_nbits = q_len * 8;
++    kop->crk_param[2].crp_p = (void *)r;
++    kop->crk_param[2].crp_nbits = r_len * 8;
++    kop->crk_param[3].crp_p = (void *)g;
++    kop->crk_param[3].crp_nbits = g_len * 8;
++    kop->crk_param[4].crp_p = (void *)priv_key;
++    kop->crk_param[4].crp_nbits = priv_key_len * 8;
++    kop->crk_iparams = 5;
++    kop->cookie = cookie;
++
++    if (cryptodev_asym_async(kop, r_len, sig->r, r_len, sig->s))
++        goto err;
++
++    return ret;
++ err:
++    {
++        const DSA_METHOD *meth = DSA_OpenSSL();
++
++        if (kop)
++            free(kop);
++        BN_free(sig->r);
++        BN_free(sig->s);
++        dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);
++        sig->r = dsaret->r;
++        sig->s = dsaret->s;
++        /* Call user callback immediately */
++        cookie->pkc_callback(cookie, 0);
++        ret = dsaret;
++    }
++    return ret;
++}
++
++static int
++cryptodev_dsa_verify_async(const unsigned char *dgst, int dlen,
++                           DSA_SIG *sig, DSA *dsa,
++                           struct pkc_cookie_s *cookie)
++{
++    struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++    int q_len = 0, r_len = 0, g_len = 0;
++    int w_len = 0, c_len = 0, d_len = 0, ret = 1;
++    unsigned char *q = NULL, *r = NULL, *w = NULL, *g = NULL;
++    unsigned char *c = NULL, *d = NULL, *f = NULL;
++
++    if (!kop)
++        goto err;
++
++    if (spcf_bn2bin(dsa->p, &q, &q_len)) {
++        DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        return ret;
++    }
++
++    /* Get Order of field of private keys */
++    if (spcf_bn2bin(dsa->q, &r, &r_len)) {
++        DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    g_len = q_len;
++        /**
++         * Get generator into a plain buffer. If length is less than
++         * q_len then add leading padding bytes.
++         */
++    if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
++        DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++    w_len = q_len;
++        /**
++         * Get public key into a plain buffer. If length is less than
++         * q_len then add leading padding bytes.
++         */
++    if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) {
++        DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++        /**
++         * Get the 1st part of signature into a flat buffer with
++         * appropriate padding
++         */
++    c_len = r_len;
++
++    if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++        /**
++         * Get the 2nd part of signature into a flat buffer with
++         * appropriate padding
++         */
++    d_len = r_len;
++
++    if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    /* Sanity test */
++    if (dlen > r_len) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    /* Allocate memory to store hash. */
++    f = OPENSSL_malloc(r_len);
++    if (!f) {
++        DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    /* Add padding, since SEC expects hash to of size r_len */
++    if (dlen < r_len)
++        memset(f, 0, r_len - dlen);
++
++    /* Skip leading bytes if dgst_len < r_len */
++    memcpy(f + r_len - dlen, dgst, dlen);
++
++    dlen = r_len;
++    memset(kop, 0, sizeof(struct crypt_kop));
++
++    /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
++    kop->crk_param[0].crp_p = (void *)f;
++    kop->crk_param[0].crp_nbits = dlen * 8;
++    kop->crk_param[1].crp_p = q;
++    kop->crk_param[1].crp_nbits = q_len * 8;
++    kop->crk_param[2].crp_p = r;
++    kop->crk_param[2].crp_nbits = r_len * 8;
++    kop->crk_param[3].crp_p = g;
++    kop->crk_param[3].crp_nbits = g_len * 8;
++    kop->crk_param[4].crp_p = w;
++    kop->crk_param[4].crp_nbits = w_len * 8;
++    kop->crk_param[5].crp_p = c;
++    kop->crk_param[5].crp_nbits = c_len * 8;
++    kop->crk_param[6].crp_p = d;
++    kop->crk_param[6].crp_nbits = d_len * 8;
++    kop->crk_iparams = 7;
++    kop->crk_op = CRK_DSA_VERIFY;
++    kop->cookie = cookie;
++    if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
++        goto err;
++
++    return ret;
++ err:
++    {
++        const DSA_METHOD *meth = DSA_OpenSSL();
++
++        if (kop)
++            free(kop);
++
++        ret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
++        cookie->pkc_callback(cookie, 0);
++    }
++    return ret;
++}
++
++static DSA_METHOD cryptodev_dsa = {
++    "cryptodev DSA method",
++    NULL,
++    NULL,                       /* dsa_sign_setup */
++    NULL,
++    NULL,                       /* dsa_mod_exp */
++    NULL,
++    NULL,
++    NULL,
++    NULL,
++    NULL,                       /* init */
++    NULL,                       /* finish */
++    0,                          /* flags */
++    NULL                        /* app_data */
++};
++
++static ECDSA_METHOD cryptodev_ecdsa = {
++    "cryptodev ECDSA method",
++    NULL,
++    NULL,                       /* ecdsa_sign_setup */
++    NULL,
++    NULL,
++    NULL,
++    NULL,
++    0,                          /* flags */
++    NULL                        /* app_data */
++};
++
++typedef enum ec_curve_s {
++    EC_PRIME,
++    EC_BINARY
++} ec_curve_t;
++
++/* ENGINE handler for ECDSA Sign */
++static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
++                                          int dgst_len, const BIGNUM *in_kinv,
++                                          const BIGNUM *in_r, EC_KEY *eckey)
++{
++    BIGNUM *m = NULL, *p = NULL, *a = NULL;
++    BIGNUM *b = NULL, *x = NULL, *y = NULL;
++    BN_CTX *ctx = NULL;
++    ECDSA_SIG *ret = NULL;
++    ECDSA_DATA *ecdsa = NULL;
++    unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
++    unsigned char *s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst =
++        NULL;
++    int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
++    int g_len = 0, d_len = 0, ab_len = 0;
++    const BIGNUM *order = NULL, *priv_key = NULL;
++    const EC_GROUP *group = NULL;
++    struct crypt_kop kop;
++    ec_curve_t ec_crv = EC_PRIME;
++
++    memset(&kop, 0, sizeof(kop));
++    ecdsa = ecdsa_check(eckey);
++    if (!ecdsa) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
++        return NULL;
++    }
++
++    group = EC_KEY_get0_group(eckey);
++    priv_key = EC_KEY_get0_private_key(eckey);
++
++    if (!group || !priv_key) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
++        return NULL;
++    }
++
++    if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
++        (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
++        (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
++        (y = BN_new()) == NULL) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    order = &group->order;
++    if (!order || BN_is_zero(order)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
++        goto err;
++    }
++
++    i = BN_num_bits(order);
++    /*
++     * Need to truncate digest if it is too long: first truncate whole bytes
++     */
++    if (8 * dgst_len > i)
++        dgst_len = (i + 7) / 8;
++
++    if (!BN_bin2bn(dgst, dgst_len, m)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++        goto err;
++    }
++
++    /* If still too long truncate remaining bits with a shift */
++    if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++        goto err;
++    }
++
++    /* copy the truncated bits into plain buffer */
++    if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
++        fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__,
++                __LINE__);
++        goto err;
++    }
++
++    ret = ECDSA_SIG_new();
++    if (!ret) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++        goto err;
++    }
++
++    /* check if this is prime or binary EC request */
++    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
++        NID_X9_62_prime_field) {
++        ec_crv = EC_PRIME;
++        /* get the generator point pair */
++        if (!EC_POINT_get_affine_coordinates_GFp
++            (group, EC_GROUP_get0_generator(group), x, y, ctx)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++            goto err;
++        }
++
++        /* get the ECC curve parameters */
++        if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
+             goto err;
+         }
+     } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+@@ -2312,54 +2827,588 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
+         goto err;
+     }
+ 
+-    /* memory for message representative */
+-    f = malloc(r_len);
+-    if (!f) {
+-        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+-        goto err;
++    /* memory for message representative */
++    f = malloc(r_len);
++    if (!f) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    /* Add padding, since SEC expects hash to of size r_len */
++    memset(f, 0, r_len - dgst_len);
++
++    /* Skip leading bytes if dgst_len < r_len */
++    memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
++    dgst_len += r_len - dgst_len;
++    kop.crk_op = CRK_DSA_VERIFY;
++    /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
++    kop.crk_param[0].crp_p = f;
++    kop.crk_param[0].crp_nbits = dgst_len * 8;
++    kop.crk_param[1].crp_p = q;
++    kop.crk_param[1].crp_nbits = q_len * 8;
++    kop.crk_param[2].crp_p = r;
++    kop.crk_param[2].crp_nbits = r_len * 8;
++    kop.crk_param[3].crp_p = g_xy;
++    kop.crk_param[3].crp_nbits = g_len * 8;
++    kop.crk_param[4].crp_p = w_xy;
++    kop.crk_param[4].crp_nbits = pub_key_len * 8;
++    kop.crk_param[5].crp_p = ab;
++    kop.crk_param[5].crp_nbits = ab_len * 8;
++    kop.crk_param[6].crp_p = c;
++    kop.crk_param[6].crp_nbits = d_len * 8;
++    kop.crk_param[7].crp_p = d;
++    kop.crk_param[7].crp_nbits = d_len * 8;
++    kop.crk_iparams = 8;
++
++    if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
++        /*
++         * OCF success value is 0, if not zero, change ret to fail
++         */
++        if (0 == kop.crk_status)
++            ret = 1;
++    } else {
++        const ECDSA_METHOD *meth = ECDSA_OpenSSL();
++
++        ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey);
++    }
++    kop.crk_param[0].crp_p = NULL;
++    zapparams(&kop);
++
++ err:
++    return ret;
++}
++
++static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst,
++                                         int dgst_len, const BIGNUM *in_kinv,
++                                         const BIGNUM *in_r, EC_KEY *eckey,
++                                         ECDSA_SIG *sig,
++                                         struct pkc_cookie_s *cookie)
++{
++    BIGNUM *m = NULL, *p = NULL, *a = NULL;
++    BIGNUM *b = NULL, *x = NULL, *y = NULL;
++    BN_CTX *ctx = NULL;
++    ECDSA_SIG *sig_ret = NULL;
++    ECDSA_DATA *ecdsa = NULL;
++    unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
++    unsigned char *s = NULL, *f = NULL, *tmp_dgst = NULL;
++    int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
++    int g_len = 0, ab_len = 0, ret = 1;
++    const BIGNUM *order = NULL, *priv_key = NULL;
++    const EC_GROUP *group = NULL;
++    struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++    ec_curve_t ec_crv = EC_PRIME;
++
++    if (!(sig->r = BN_new()) || !kop)
++        goto err;
++    if ((sig->s = BN_new()) == NULL) {
++        BN_free(r);
++        goto err;
++    }
++
++    memset(kop, 0, sizeof(struct crypt_kop));
++    ecdsa = ecdsa_check(eckey);
++    if (!ecdsa) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
++        goto err;
++    }
++
++    group = EC_KEY_get0_group(eckey);
++    priv_key = EC_KEY_get0_private_key(eckey);
++
++    if (!group || !priv_key) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
++        goto err;
++    }
++
++    if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
++        (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
++        (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
++        (y = BN_new()) == NULL) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    order = &group->order;
++    if (!order || BN_is_zero(order)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
++        goto err;
++    }
++
++    i = BN_num_bits(order);
++    /*
++     * Need to truncate digest if it is too long: first truncate whole bytes
++     */
++    if (8 * dgst_len > i)
++        dgst_len = (i + 7) / 8;
++
++    if (!BN_bin2bn(dgst, dgst_len, m)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++        goto err;
++    }
++
++    /* If still too long truncate remaining bits with a shift */
++    if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++        goto err;
++    }
++
++    /* copy the truncated bits into plain buffer */
++    if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
++        fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__,
++                __LINE__);
++        goto err;
++    }
++
++    /* check if this is prime or binary EC request */
++    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group))
++        == NID_X9_62_prime_field) {
++        ec_crv = EC_PRIME;
++        /* get the generator point pair */
++        if (!EC_POINT_get_affine_coordinates_GFp(group,
++                                                 EC_GROUP_get0_generator
++                                                 (group), x, y, ctx)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++            goto err;
++        }
++
++        /* get the ECC curve parameters */
++        if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++            goto err;
++        }
++    } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
++               NID_X9_62_characteristic_two_field) {
++        ec_crv = EC_BINARY;
++        /* get the ECC curve parameters */
++        if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++            goto err;
++        }
++
++        /* get the generator point pair */
++        if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                                                  EC_GROUP_get0_generator
++                                                  (group), x, y, ctx)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++            goto err;
++        }
++    } else {
++        printf("Unsupported Curve\n");
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++        goto err;
++    }
++
++    if (spcf_bn2bin(order, &r, &r_len)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    if (spcf_bn2bin(p, &q, &q_len)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    priv_key_len = r_len;
++
++        /**
++         * If BN_num_bytes of priv_key returns less then r_len then
++         * add padding bytes before the key
++         */
++    if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    /* Generation of ECC curve parameters */
++    ab_len = 2 * q_len;
++    ab = eng_copy_curve_points(a, b, ab_len, q_len);
++    if (!ab) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    if (ec_crv == EC_BINARY) {
++        if (eng_ec_get_cparam
++            (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
++            unsigned char *c_temp = NULL;
++            int c_temp_len = q_len;
++            if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
++                memcpy(ab + q_len, c_temp, q_len);
++            else
++                goto err;
++        }
++        kop->curve_type = ECC_BINARY;
++    }
++
++    /* Calculation of Generator point */
++    g_len = 2 * q_len;
++    g_xy = eng_copy_curve_points(x, y, g_len, q_len);
++    if (!g_xy) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    /* memory for message representative */
++    f = malloc(r_len);
++    if (!f) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    /* Add padding, since SEC expects hash to of size r_len */
++    memset(f, 0, r_len - dgst_len);
++
++    /* Skip leading bytes if dgst_len < r_len */
++    memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
++
++    dgst_len += r_len - dgst_len;
++
++    kop->crk_op = CRK_DSA_SIGN;
++    /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
++    kop->crk_param[0].crp_p = f;
++    kop->crk_param[0].crp_nbits = dgst_len * 8;
++    kop->crk_param[1].crp_p = q;
++    kop->crk_param[1].crp_nbits = q_len * 8;
++    kop->crk_param[2].crp_p = r;
++    kop->crk_param[2].crp_nbits = r_len * 8;
++    kop->crk_param[3].crp_p = g_xy;
++    kop->crk_param[3].crp_nbits = g_len * 8;
++    kop->crk_param[4].crp_p = s;
++    kop->crk_param[4].crp_nbits = priv_key_len * 8;
++    kop->crk_param[5].crp_p = ab;
++    kop->crk_param[5].crp_nbits = ab_len * 8;
++    kop->crk_iparams = 6;
++    kop->cookie = cookie;
++
++    if (cryptodev_asym_async(kop, r_len, sig->r, r_len, sig->s))
++        goto err;
++
++    return ret;
++ err:
++    {
++        const ECDSA_METHOD *meth = ECDSA_OpenSSL();
++        BN_free(sig->r);
++        BN_free(sig->s);
++        if (kop)
++            free(kop);
++        sig_ret =
++            (meth->ecdsa_do_sign) (dgst, dgst_len, in_kinv, in_r, eckey);
++        sig->r = sig_ret->r;
++        sig->s = sig_ret->s;
++        cookie->pkc_callback(cookie, 0);
++    }
++    return ret;
++}
++
++static int cryptodev_ecdsa_verify_async(const unsigned char *dgst,
++                                        int dgst_len, const ECDSA_SIG *sig,
++                                        EC_KEY *eckey,
++                                        struct pkc_cookie_s *cookie)
++{
++    BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL;
++    BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
++    BN_CTX *ctx = NULL;
++    ECDSA_DATA *ecdsa = NULL;
++    unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy =
++        NULL;
++    unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
++    int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0;
++    int d_len = 0, ab_len = 0, ret = 1;
++    const EC_POINT *pub_key = NULL;
++    const BIGNUM *order = NULL;
++    const EC_GROUP *group = NULL;
++    ec_curve_t ec_crv = EC_PRIME;
++    struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++
++    if (!kop)
++        goto err;
++
++    memset(kop, 0, sizeof(struct crypt_kop));
++    ecdsa = ecdsa_check(eckey);
++    if (!ecdsa) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
++        goto err;
++    }
++
++    group = EC_KEY_get0_group(eckey);
++    pub_key = EC_KEY_get0_public_key(eckey);
++
++    if (!group || !pub_key) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
++        goto err;
++    }
++
++    if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
++        (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
++        (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
++        (y = BN_new()) == NULL || (w_x = BN_new()) == NULL ||
++        (w_y = BN_new()) == NULL) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    order = &group->order;
++    if (!order || BN_is_zero(order)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
++        goto err;
++    }
++
++    i = BN_num_bits(order);
++    /*
++     * Need to truncate digest if it is too long: first truncate whole *
++     * bytes
++     */
++    if (8 * dgst_len > i)
++        dgst_len = (i + 7) / 8;
++
++    if (!BN_bin2bn(dgst, dgst_len, m)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
++        goto err;
++    }
++
++    /* If still too long truncate remaining bits with a shift */
++    if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
++        goto err;
++    }
++    /* copy the truncated bits into plain buffer */
++    if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    /* check if this is prime or binary EC request */
++    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
++        NID_X9_62_prime_field) {
++        ec_crv = EC_PRIME;
++
++        /* get the generator point pair */
++        if (!EC_POINT_get_affine_coordinates_GFp(group,
++                                                 EC_GROUP_get0_generator
++                                                 (group), x, y, ctx)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++            goto err;
++        }
++
++        /* get the public key pair for prime curve */
++        if (!EC_POINT_get_affine_coordinates_GFp(group,
++                                                 pub_key, w_x, w_y, ctx)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++            goto err;
++        }
++
++        /* get the ECC curve parameters */
++        if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++            goto err;
++        }
++    } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
++               NID_X9_62_characteristic_two_field) {
++        ec_crv = EC_BINARY;
++        /* get the ECC curve parameters */
++        if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++            goto err;
++        }
++
++        /* get the generator point pair */
++        if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                                                  EC_GROUP_get0_generator
++                                                  (group), x, y, ctx)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++            goto err;
++        }
++
++        /* get the public key pair for binary curve */
++        if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                                                  pub_key, w_x, w_y, ctx)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++            goto err;
++        }
++    } else {
++        printf("Unsupported Curve\n");
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++        goto err;
++    }
++
++    /* Get the order of the subgroup of private keys */
++    if (spcf_bn2bin((BIGNUM *)order, &r, &r_len)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    /* Get the irreducible polynomial that creates the field */
++    if (spcf_bn2bin(p, &q, &q_len)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    /* Get the public key into a flat buffer with appropriate padding */
++    pub_key_len = 2 * q_len;
++
++    w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len);
++    if (!w_xy) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    /* Generation of ECC curve parameters */
++    ab_len = 2 * q_len;
++
++    ab = eng_copy_curve_points(a, b, ab_len, q_len);
++    if (!ab) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    if (ec_crv == EC_BINARY) {
++        /* copy b' i.e c(b), instead of only b */
++        eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab + q_len, q_len);
++        kop->curve_type = ECC_BINARY;
++    }
++
++    /* Calculation of Generator point */
++    g_len = 2 * q_len;
++
++    g_xy = eng_copy_curve_points(x, y, g_len, q_len);
++    if (!g_xy) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++        /**
++         * Get the 1st part of signature into a flat buffer with
++         * appropriate padding
++         */
++    if (BN_num_bytes(sig->r) < r_len)
++        c_len = r_len;
++
++    if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++        /**
++         * Get the 2nd part of signature into a flat buffer with
++         * appropriate padding
++         */
++    if (BN_num_bytes(sig->s) < r_len)
++        d_len = r_len;
++
++    if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    /* memory for message representative */
++    f = malloc(r_len);
++    if (!f) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    /* Add padding, since SEC expects hash to of size r_len */
++    memset(f, 0, r_len - dgst_len);
++
++    /* Skip leading bytes if dgst_len < r_len */
++    memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
++
++    dgst_len += r_len - dgst_len;
++
++    kop->crk_op = CRK_DSA_VERIFY;
++    /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
++    kop->crk_param[0].crp_p = f;
++    kop->crk_param[0].crp_nbits = dgst_len * 8;
++    kop->crk_param[1].crp_p = q;
++    kop->crk_param[1].crp_nbits = q_len * 8;
++    kop->crk_param[2].crp_p = r;
++    kop->crk_param[2].crp_nbits = r_len * 8;
++    kop->crk_param[3].crp_p = g_xy;
++    kop->crk_param[3].crp_nbits = g_len * 8;
++    kop->crk_param[4].crp_p = w_xy;
++    kop->crk_param[4].crp_nbits = pub_key_len * 8;
++    kop->crk_param[5].crp_p = ab;
++    kop->crk_param[5].crp_nbits = ab_len * 8;
++    kop->crk_param[6].crp_p = c;
++    kop->crk_param[6].crp_nbits = d_len * 8;
++    kop->crk_param[7].crp_p = d;
++    kop->crk_param[7].crp_nbits = d_len * 8;
++    kop->crk_iparams = 8;
++    kop->cookie = cookie;
++
++    if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
++        goto err;
++
++    return ret;
++ err:
++    {
++        const ECDSA_METHOD *meth = ECDSA_OpenSSL();
++
++        if (kop)
++            free(kop);
++        ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey);
++        cookie->pkc_callback(cookie, 0);
++    }
++
++    return ret;
++}
++
++/* Cryptodev DH Key Gen routine */
++static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie)
++{
++    struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++    int ret = 1, g_len;
++    unsigned char *g = NULL;
++
++    if (!kop)
++        goto sw_try;
++
++    if (dh->priv_key == NULL) {
++        if ((dh->priv_key = BN_new()) == NULL)
++            goto sw_try;
++    }
++
++    if (dh->pub_key == NULL) {
++        if ((dh->pub_key = BN_new()) == NULL)
++            goto sw_try;
++    }
++
++    g_len = BN_num_bytes(dh->p);
++        /**
++         * Get generator into a plain buffer. If length is less than
++         * q_len then add leading padding bytes.
++         */
++    if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
++        DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
++        goto sw_try;
+     }
+ 
+-    /* Add padding, since SEC expects hash to of size r_len */
+-    memset(f, 0, r_len - dgst_len);
++    memset(kop, 0, sizeof(struct crypt_kop));
++    kop->crk_op = CRK_DH_GENERATE_KEY;
++    if (bn2crparam(dh->p, &kop->crk_param[0]))
++        goto sw_try;
++    if (bn2crparam(dh->q, &kop->crk_param[1]))
++        goto sw_try;
++    kop->crk_param[2].crp_p = g;
++    kop->crk_param[2].crp_nbits = g_len * 8;
++    kop->crk_iparams = 3;
++    kop->cookie = cookie;
+ 
+-    /* Skip leading bytes if dgst_len < r_len */
+-    memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
+-    dgst_len += r_len - dgst_len;
+-    kop.crk_op = CRK_DSA_VERIFY;
+-    /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+-    kop.crk_param[0].crp_p = f;
+-    kop.crk_param[0].crp_nbits = dgst_len * 8;
+-    kop.crk_param[1].crp_p = q;
+-    kop.crk_param[1].crp_nbits = q_len * 8;
+-    kop.crk_param[2].crp_p = r;
+-    kop.crk_param[2].crp_nbits = r_len * 8;
+-    kop.crk_param[3].crp_p = g_xy;
+-    kop.crk_param[3].crp_nbits = g_len * 8;
+-    kop.crk_param[4].crp_p = w_xy;
+-    kop.crk_param[4].crp_nbits = pub_key_len * 8;
+-    kop.crk_param[5].crp_p = ab;
+-    kop.crk_param[5].crp_nbits = ab_len * 8;
+-    kop.crk_param[6].crp_p = c;
+-    kop.crk_param[6].crp_nbits = d_len * 8;
+-    kop.crk_param[7].crp_p = d;
+-    kop.crk_param[7].crp_nbits = d_len * 8;
+-    kop.crk_iparams = 8;
++    /* pub_key is or prime length while priv key is of length of order */
++    if (cryptodev_asym_async(kop, BN_num_bytes(dh->p), dh->pub_key,
++                             BN_num_bytes(dh->q), dh->priv_key))
++        goto sw_try;
+ 
+-    if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
+-        /*
+-         * OCF success value is 0, if not zero, change ret to fail
+-         */
+-        if (0 == kop.crk_status)
+-            ret = 1;
+-    } else {
+-        const ECDSA_METHOD *meth = ECDSA_OpenSSL();
++    return ret;
++ sw_try:
++    {
++        const DH_METHOD *meth = DH_OpenSSL();
+ 
+-        ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey);
++        if (kop)
++            free(kop);
++        ret = (meth->generate_key) (dh);
++        cookie->pkc_callback(cookie, 0);
+     }
+-    kop.crk_param[0].crp_p = NULL;
+-    zapparams(&kop);
+-
+- err:
+     return ret;
+ }
+ 
+@@ -2468,6 +3517,54 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+     return (dhret);
+ }
+ 
++/* Return Length if successful and 0 on failure */
++static int
++cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
++                               DH *dh, struct pkc_cookie_s *cookie)
++{
++    struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++    int ret = 1;
++    int fd, p_len;
++    unsigned char *padded_pub_key = NULL, *p = NULL;
++
++    fd = *(int *)cookie->eng_handle;
++
++    memset(kop, 0, sizeof(struct crypt_kop));
++    kop->crk_op = CRK_DH_COMPUTE_KEY;
++    /* inputs: dh->priv_key pub_key dh->p key */
++    spcf_bn2bin(dh->p, &p, &p_len);
++    spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
++
++    if (bn2crparam(dh->priv_key, &kop->crk_param[0]))
++        goto err;
++    kop->crk_param[1].crp_p = padded_pub_key;
++    kop->crk_param[1].crp_nbits = p_len * 8;
++    kop->crk_param[2].crp_p = p;
++    kop->crk_param[2].crp_nbits = p_len * 8;
++    kop->crk_iparams = 3;
++
++    kop->cookie = cookie;
++    kop->crk_param[3].crp_p = (void *)key;
++    kop->crk_param[3].crp_nbits = p_len * 8;
++    kop->crk_oparams = 1;
++
++    if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
++        goto err;
++
++    return p_len;
++ err:
++    {
++        const DH_METHOD *meth = DH_OpenSSL();
++
++        if (kop)
++            free(kop);
++        ret = (meth->compute_key) (key, pub_key, dh);
++        /* Call user cookie handler */
++        cookie->pkc_callback(cookie, 0);
++    }
++    return (ret);
++}
++
+ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
+                                const EC_POINT *pub_key, EC_KEY *ecdh,
+                                void *(*KDF) (const void *in, size_t inlen,
+@@ -2650,6 +3747,197 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
+     return ret;
+ }
+ 
++int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
++                                     const EC_POINT *pub_key, EC_KEY *ecdh,
++                                     void *(*KDF) (const void *in,
++                                                   size_t inlen, void *out,
++                                                   size_t *outlen),
++                                     struct pkc_cookie_s *cookie)
++{
++    ec_curve_t ec_crv = EC_PRIME;
++    unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
++    BIGNUM *w_x = NULL, *w_y = NULL;
++    int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
++    BIGNUM *p = NULL, *a = NULL, *b = NULL;
++    BN_CTX *ctx;
++    EC_POINT *tmp = NULL;
++    BIGNUM *x = NULL, *y = NULL;
++    const BIGNUM *priv_key;
++    const EC_GROUP *group = NULL;
++    int ret = 1;
++    size_t buflen, len;
++    struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++
++    if (!(ctx = BN_CTX_new()) || !kop)
++        goto err;
++
++    memset(kop, 0, sizeof(struct crypt_kop));
++
++    BN_CTX_start(ctx);
++    x = BN_CTX_get(ctx);
++    y = BN_CTX_get(ctx);
++    p = BN_CTX_get(ctx);
++    a = BN_CTX_get(ctx);
++    b = BN_CTX_get(ctx);
++    w_x = BN_CTX_get(ctx);
++    w_y = BN_CTX_get(ctx);
++
++    if (!x || !y || !p || !a || !b || !w_x || !w_y) {
++        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    priv_key = EC_KEY_get0_private_key(ecdh);
++    if (priv_key == NULL) {
++        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE);
++        goto err;
++    }
++
++    group = EC_KEY_get0_group(ecdh);
++    if ((tmp = EC_POINT_new(group)) == NULL) {
++        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
++        NID_X9_62_prime_field) {
++        ec_crv = EC_PRIME;
++
++        if (!EC_POINT_get_affine_coordinates_GFp(group,
++                                                 EC_GROUP_get0_generator
++                                                 (group), x, y, ctx)) {
++            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
++            goto err;
++        }
++
++        /* get the ECC curve parameters */
++        if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
++            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
++            goto err;
++        }
++
++        /* get the public key pair for prime curve */
++        if (!EC_POINT_get_affine_coordinates_GFp
++            (group, pub_key, w_x, w_y, ctx)) {
++            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
++            goto err;
++        }
++    } else {
++        ec_crv = EC_BINARY;
++
++        if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                                                  EC_GROUP_get0_generator
++                                                  (group), x, y, ctx)) {
++            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
++            goto err;
++        }
++
++        /* get the ECC curve parameters */
++        if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
++            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
++            goto err;
++        }
++
++        /* get the public key pair for binary curve */
++        if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                                                  pub_key, w_x, w_y, ctx)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++            goto err;
++        }
++    }
++
++    /* irreducible polynomial that creates the field */
++    if (spcf_bn2bin((BIGNUM *)&group->order, &r, &r_len)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    /* Get the irreducible polynomial that creates the field */
++    if (spcf_bn2bin(p, &q, &q_len)) {
++        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
++        goto err;
++    }
++
++    /* Get the public key into a flat buffer with appropriate padding */
++    pub_key_len = 2 * q_len;
++    w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len);
++    if (!w_xy) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    /* Generation of ECC curve parameters */
++    ab_len = 2 * q_len;
++    ab = eng_copy_curve_points(a, b, ab_len, q_len);
++    if (!ab) {
++        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
++        goto err;
++    }
++
++    if (ec_crv == EC_BINARY) {
++        /* copy b' i.e c(b), instead of only b */
++        if (eng_ec_get_cparam
++            (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
++            unsigned char *c_temp = NULL;
++            int c_temp_len = q_len;
++            if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
++                memcpy(ab + q_len, c_temp, q_len);
++            else
++                goto err;
++        }
++        kop->curve_type = ECC_BINARY;
++    } else
++        kop->curve_type = ECC_PRIME;
++
++    priv_key_len = r_len;
++
++    /*
++     * If BN_num_bytes of priv_key returns less then r_len then
++     * add padding bytes before the key
++     */
++    if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    buflen = (EC_GROUP_get_degree(group) + 7) / 8;
++    len = BN_num_bytes(x);
++    if (len > buflen || q_len < buflen) {
++        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
++        goto err;
++    }
++
++    kop->crk_op = CRK_DH_COMPUTE_KEY;
++    kop->crk_param[0].crp_p = (void *)s;
++    kop->crk_param[0].crp_nbits = priv_key_len * 8;
++    kop->crk_param[1].crp_p = (void *)w_xy;
++    kop->crk_param[1].crp_nbits = pub_key_len * 8;
++    kop->crk_param[2].crp_p = (void *)q;
++    kop->crk_param[2].crp_nbits = q_len * 8;
++    kop->crk_param[3].crp_p = (void *)ab;
++    kop->crk_param[3].crp_nbits = ab_len * 8;
++    kop->crk_iparams = 4;
++    kop->crk_param[4].crp_p = (void *)out;
++    kop->crk_param[4].crp_nbits = q_len * 8;
++    kop->crk_oparams = 1;
++    kop->cookie = cookie;
++    if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
++        goto err;
++
++    return q_len;
++ err:
++    {
++        const ECDH_METHOD *meth = ECDH_OpenSSL();
++
++        if (kop)
++            free(kop);
++        ret = (meth->compute_key) (out, outlen, pub_key, ecdh, KDF);
++        /* Call user cookie handler */
++        cookie->pkc_callback(cookie, 0);
++    }
++    return ret;
++}
++
+ static DH_METHOD cryptodev_dh = {
+     "cryptodev DH method",
+     NULL,                       /* cryptodev_dh_generate_key */
+@@ -2657,6 +3945,8 @@ static DH_METHOD cryptodev_dh = {
+     NULL,
+     NULL,
+     NULL,
++    NULL,
++    NULL,
+     0,                          /* flags */
+     NULL                        /* app_data */
+ };
+@@ -2665,6 +3955,7 @@ static ECDH_METHOD cryptodev_ecdh = {
+     "cryptodev ECDH method",
+     NULL,                       /* cryptodev_ecdh_compute_key */
+     NULL,
++    NULL,
+     0,                          /* flags */
+     NULL                        /* app_data */
+ };
+@@ -2735,10 +4026,15 @@ void ENGINE_load_cryptodev(void)
+         cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
+         if (cryptodev_asymfeat & CRF_MOD_EXP) {
+             cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
+-            if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
++            cryptodev_rsa.bn_mod_exp_async = cryptodev_bn_mod_exp_async;
++            if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) {
+                 cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_mod_exp;
+-            else
++                cryptodev_rsa.rsa_mod_exp_async = cryptodev_rsa_mod_exp_async;
++            } else {
+                 cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_nocrt_mod_exp;
++                cryptodev_rsa.rsa_mod_exp_async =
++                    cryptodev_rsa_nocrt_mod_exp_async;
++            }
+         }
+     }
+ 
+@@ -2746,12 +4042,18 @@ void ENGINE_load_cryptodev(void)
+         const DSA_METHOD *meth = DSA_OpenSSL();
+ 
+         memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
+-        if (cryptodev_asymfeat & CRF_DSA_SIGN)
++        if (cryptodev_asymfeat & CRF_DSA_SIGN) {
+             cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
+-        if (cryptodev_asymfeat & CRF_DSA_VERIFY)
++            cryptodev_dsa.dsa_do_sign_async = cryptodev_dsa_do_sign_async;
++        }
++        if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
+             cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
+-        if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY)
++            cryptodev_dsa.dsa_do_verify_async = cryptodev_dsa_verify_async;
++        }
++        if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) {
+             cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen;
++            cryptodev_dsa.dsa_keygen_async = cryptodev_dsa_keygen_async;
++        }
+     }
+ 
+     if (ENGINE_set_DH(engine, &cryptodev_dh)) {
+@@ -2759,9 +4061,12 @@ void ENGINE_load_cryptodev(void)
+         memcpy(&cryptodev_dh, dh_meth, sizeof(DH_METHOD));
+         if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
+             cryptodev_dh.compute_key = cryptodev_dh_compute_key;
++            cryptodev_dh.compute_key_async = cryptodev_dh_compute_key_async;
+         }
+         if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) {
+             cryptodev_dh.generate_key = cryptodev_dh_keygen;
++            cryptodev_dh.generate_key_async = cryptodev_dh_keygen_async;
++
+         }
+     }
+ 
+@@ -2770,9 +4075,13 @@ void ENGINE_load_cryptodev(void)
+         memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD));
+         if (cryptodev_asymfeat & CRF_DSA_SIGN) {
+             cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign;
++            cryptodev_ecdsa.ecdsa_do_sign_async =
++                cryptodev_ecdsa_do_sign_async;
+         }
+         if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
+             cryptodev_ecdsa.ecdsa_do_verify = cryptodev_ecdsa_verify;
++            cryptodev_ecdsa.ecdsa_do_verify_async =
++                cryptodev_ecdsa_verify_async;
+         }
+     }
+ 
+@@ -2781,9 +4090,16 @@ void ENGINE_load_cryptodev(void)
+         memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD));
+         if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
+             cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key;
++            cryptodev_ecdh.compute_key_async =
++                cryptodev_ecdh_compute_key_async;
+         }
+     }
+ 
++    ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability);
++    ENGINE_set_close_instance(engine, cryptodev_close_instance);
++    ENGINE_set_init_instance(engine, cryptodev_init_instance);
++    ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC);
++
+     ENGINE_add(engine);
+     ENGINE_free(engine);
+     ERR_clear_error();
+diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
+index 46f163b..b698a0c 100644
+--- a/crypto/engine/eng_int.h
++++ b/crypto/engine/eng_int.h
+@@ -198,6 +198,29 @@ struct engine_st {
+     ENGINE_LOAD_KEY_PTR load_privkey;
+     ENGINE_LOAD_KEY_PTR load_pubkey;
+     ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
++	/*
++	 * Instantiate Engine handle to be passed in check_pkc_availability
++	 * Ensure that Engine is instantiated before any pkc asynchronous call.
++	 */
++	void *(*engine_init_instance)(void);
++	/*
++	 * Instantiated Engine handle will be closed with this call.
++	 * Ensure that no pkc asynchronous call is made after this call
++	 */
++	void (*engine_close_instance)(void *handle);
++	/*
++	 * Check availability will extract the data from kernel.
++	 * eng_handle: This is the Engine handle corresponds to which
++	 * the cookies needs to be polled.
++	 * return 0 if cookie available else 1
++	 */
++	int (*check_pkc_availability)(void *eng_handle);
++	/*
++	 * The following map is used to check if the engine supports asynchronous implementation
++	 * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous
++	 * implementation need to check this features using "int ENGINE_get_async_map(engine *)";
++	 */
++	int async_map;
+     const ENGINE_CMD_DEFN *cmd_defns;
+     int flags;
+     /* reference count on the structure itself */
+diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
+index dc2abd2..0c57e12 100644
+--- a/crypto/engine/eng_lib.c
++++ b/crypto/engine/eng_lib.c
+@@ -100,7 +100,11 @@ void engine_set_all_null(ENGINE *e)
+     e->ctrl = NULL;
+     e->load_privkey = NULL;
+     e->load_pubkey = NULL;
++	e->check_pkc_availability = NULL;
++	e->engine_init_instance = NULL;
++	e->engine_close_instance = NULL;
+     e->cmd_defns = NULL;
++	e->async_map = 0;
+     e->flags = 0;
+ }
+ 
+@@ -246,6 +250,48 @@ int ENGINE_set_id(ENGINE *e, const char *id)
+     }
+     e->id = id;
+     return 1;
++	}
++
++void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void))
++	{
++		e->engine_init_instance = engine_init_instance;
++	}
++
++void ENGINE_set_close_instance(ENGINE *e,
++	void (*engine_close_instance)(void *))
++	{
++		e->engine_close_instance = engine_close_instance;
++	}
++
++void ENGINE_set_async_map(ENGINE *e, int async_map)
++	{
++		e->async_map = async_map;
++	}
++
++void *ENGINE_init_instance(ENGINE *e)
++	{
++		return e->engine_init_instance();
++	}
++
++void ENGINE_close_instance(ENGINE *e, void *eng_handle)
++	{
++		e->engine_close_instance(eng_handle);
++	}
++
++int ENGINE_get_async_map(ENGINE *e)
++	{
++		return e->async_map;
++	}
++
++void ENGINE_set_check_pkc_availability(ENGINE *e,
++	int (*check_pkc_availability)(void *eng_handle))
++	{
++		e->check_pkc_availability = check_pkc_availability;
++	}
++
++int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle)
++	{
++		return e->check_pkc_availability(eng_handle);
+ }
+ 
+ int ENGINE_set_name(ENGINE *e, const char *name)
+diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
+index 020d912..4527aa1 100644
+--- a/crypto/engine/engine.h
++++ b/crypto/engine/engine.h
+@@ -551,6 +551,30 @@ ENGINE *ENGINE_new(void);
+ int ENGINE_free(ENGINE *e);
+ int ENGINE_up_ref(ENGINE *e);
+ int ENGINE_set_id(ENGINE *e, const char *id);
++void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void));
++void ENGINE_set_close_instance(ENGINE *e,
++	void (*engine_free_instance)(void *));
++/*
++ * Following FLAGS are bitmap store in async_map to set asynchronous interface capability
++ *of the engine
++ */
++#define ENGINE_RSA_ASYNC 0x0001
++#define ENGINE_DSA_ASYNC 0x0002
++#define ENGINE_DH_ASYNC 0x0004
++#define ENGINE_ECDSA_ASYNC 0x0008
++#define ENGINE_ECDH_ASYNC 0x0010
++#define ENGINE_ALLPKC_ASYNC 0x001F
++/* Engine implementation will set the bitmap based on above flags using following API */
++void ENGINE_set_async_map(ENGINE *e, int async_map);
++ /* Application need to check the bitmap based on above flags using following API
++  * to confirm asynchronous methods supported
++  */
++int ENGINE_get_async_map(ENGINE *e);
++void *ENGINE_init_instance(ENGINE *e);
++void ENGINE_close_instance(ENGINE *e, void *eng_handle);
++void ENGINE_set_check_pkc_availability(ENGINE *e,
++	int (*check_pkc_availability)(void *eng_handle));
++int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle);
+ int ENGINE_set_name(ENGINE *e, const char *name);
+ int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
+ int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
+diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
+index d2ee374..7c539fc 100644
+--- a/crypto/rsa/rsa.h
++++ b/crypto/rsa/rsa.h
+@@ -97,6 +97,29 @@ struct rsa_meth_st {
+     /* Can be null */
+     int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
++    /*
++     * Cookie in the following _async variant must be allocated before
++     * submission and can be freed once its corresponding callback
++     * handler is called
++     */
++     int (*rsa_pub_enc_asyn)(int flen,const unsigned char *from,
++			   unsigned char *to, RSA *rsa, int padding,
++			   struct pkc_cookie_s *cookie);
++     int (*rsa_pub_dec_async)(int flen,const unsigned char *from,
++			   unsigned char *to, RSA *rsa, int padding,
++			   struct pkc_cookie_s *cookie);
++     int (*rsa_priv_enc_async)(int flen,const unsigned char *from,
++			    unsigned char *to, RSA *rsa, int padding,
++			    struct pkc_cookie_s *cookie);
++     int (*rsa_priv_dec_async)(int flen,const unsigned char *from,
++			    unsigned char *to, RSA *rsa, int padding,
++			    struct pkc_cookie_s *cookie);
++     int (*rsa_mod_exp_async)(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
++			    BN_CTX *ctx, struct pkc_cookie_s *cookie);
++     int (*bn_mod_exp_async)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
++			  const BIGNUM *m, BN_CTX *ctx,
++			  BN_MONT_CTX *m_ctx, struct pkc_cookie_s *cookie);
++
+     /* called at new */
+     int (*init) (RSA *rsa);
+     /* called at free */
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Fixed-private-key-support-for-DH.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Fixed-private-key-support-for-DH.patch
deleted file mode 100644
index 12fcd7d..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Fixed-private-key-support-for-DH.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 8322e4157bf49d992b5b9e460f2c0785865dd1c1 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Thu, 20 Mar 2014 19:55:51 -0500
-Subject: [PATCH 07/26] Fixed private key support for DH
-
-Upstream-status: Pending
-
-Required Length of the DH result is not returned in dh method in openssl
-
-Tested-by: Yashpal Dutta <yashpal.dutta at freescale.com>
----
- crypto/dh/dh_ameth.c | 7 -------
- 1 file changed, 7 deletions(-)
-
-diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
-index ed32004..02ec2d4 100644
---- a/crypto/dh/dh_ameth.c
-+++ b/crypto/dh/dh_ameth.c
-@@ -422,13 +422,6 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
- 	if (to->pkey.dh->g != NULL)
- 		BN_free(to->pkey.dh->g);
- 	to->pkey.dh->g=a;
--	if ((a=BN_dup(from->pkey.dh->q)) != NULL) {
--		if (to->pkey.dh->q != NULL)
--			BN_free(to->pkey.dh->q);
--		to->pkey.dh->q=a;
--	}
--
--	to->pkey.dh->length = from->pkey.dh->length;
- 
- 	return 1;
- 	}
--- 
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
new file mode 100644
index 0000000..ccd24e3
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
@@ -0,0 +1,155 @@
+From 94a3fc9f437c20726209cea19256c419837055a2 Mon Sep 17 00:00:00 2001
+From: Hou Zhiqiang <B48286 at freescale.com>
+Date: Wed, 2 Apr 2014 16:10:43 +0800
+Subject: [PATCH 08/48] Add RSA keygen operation and support gendsa command
+ with hardware engine
+
+Upstream-status: Pending
+
+Signed-off-by: Hou Zhiqiang <B48286 at freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 120 ++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 120 insertions(+)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 8303630..44017a3 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -2009,6 +2009,124 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
+     }
+ }
+ 
++/* Cryptodev RSA Key Gen routine */
++static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
++{
++    struct crypt_kop kop;
++    int ret, fd;
++    int p_len, q_len;
++    int i;
++
++    if ((fd = get_asym_dev_crypto()) < 0)
++        return fd;
++
++    if (!rsa->n && ((rsa->n = BN_new()) == NULL))
++        goto err;
++    if (!rsa->d && ((rsa->d = BN_new()) == NULL))
++        goto err;
++    if (!rsa->e && ((rsa->e = BN_new()) == NULL))
++        goto err;
++    if (!rsa->p && ((rsa->p = BN_new()) == NULL))
++        goto err;
++    if (!rsa->q && ((rsa->q = BN_new()) == NULL))
++        goto err;
++    if (!rsa->dmp1 && ((rsa->dmp1 = BN_new()) == NULL))
++        goto err;
++    if (!rsa->dmq1 && ((rsa->dmq1 = BN_new()) == NULL))
++        goto err;
++    if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL))
++        goto err;
++
++    BN_copy(rsa->e, e);
++
++    p_len = (bits + 1) / (2 * 8);
++    q_len = (bits - p_len * 8) / 8;
++    memset(&kop, 0, sizeof kop);
++    kop.crk_op = CRK_RSA_GENERATE_KEY;
++
++    /* p length */
++    kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
++    if (!kop.crk_param[kop.crk_iparams].crp_p)
++        goto err;
++    kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
++    memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
++    kop.crk_iparams++;
++    kop.crk_oparams++;
++    /* q length */
++    kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
++    if (!kop.crk_param[kop.crk_iparams].crp_p)
++        goto err;
++    kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
++    memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
++    kop.crk_iparams++;
++    kop.crk_oparams++;
++    /* n length */
++    kop.crk_param[kop.crk_iparams].crp_p =
++        calloc(p_len + q_len + 1, sizeof(char));
++    if (!kop.crk_param[kop.crk_iparams].crp_p)
++        goto err;
++    kop.crk_param[kop.crk_iparams].crp_nbits = bits;
++    memset(kop.crk_param[kop.crk_iparams].crp_p, 0x00, p_len + q_len + 1);
++    kop.crk_iparams++;
++    kop.crk_oparams++;
++    /* d length */
++    kop.crk_param[kop.crk_iparams].crp_p =
++        calloc(p_len + q_len + 1, sizeof(char));
++    if (!kop.crk_param[kop.crk_iparams].crp_p)
++        goto err;
++    kop.crk_param[kop.crk_iparams].crp_nbits = bits;
++    memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + q_len + 1);
++    kop.crk_iparams++;
++    kop.crk_oparams++;
++    /* dp1 length */
++    kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
++    if (!kop.crk_param[kop.crk_iparams].crp_p)
++        goto err;
++    kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
++    memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
++    kop.crk_iparams++;
++    kop.crk_oparams++;
++    /* dq1 length */
++    kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
++    if (!kop.crk_param[kop.crk_iparams].crp_p)
++        goto err;
++    kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
++    memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
++    kop.crk_iparams++;
++    kop.crk_oparams++;
++    /* i length */
++    kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
++    if (!kop.crk_param[kop.crk_iparams].crp_p)
++        goto err;
++    kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
++    memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
++    kop.crk_iparams++;
++    kop.crk_oparams++;
++
++    if (ioctl(fd, CIOCKEY, &kop) == 0) {
++        BN_bin2bn(kop.crk_param[0].crp_p, p_len, rsa->p);
++        BN_bin2bn(kop.crk_param[1].crp_p, q_len, rsa->q);
++        BN_bin2bn(kop.crk_param[2].crp_p, bits / 8, rsa->n);
++        BN_bin2bn(kop.crk_param[3].crp_p, bits / 8, rsa->d);
++        BN_bin2bn(kop.crk_param[4].crp_p, p_len, rsa->dmp1);
++        BN_bin2bn(kop.crk_param[5].crp_p, q_len, rsa->dmq1);
++        BN_bin2bn(kop.crk_param[6].crp_p, p_len, rsa->iqmp);
++        return 1;
++    }
++ sw_try:
++    {
++        const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
++        ret = (meth->rsa_keygen) (rsa, bits, e, cb);
++    }
++    return ret;
++
++ err:
++    for (i = 0; i < CRK_MAXPARAM; i++)
++        free(kop.crk_param[i].crp_p);
++    return 0;
++
++}
++
+ /* Cryptodev DSA Key Gen routine */
+ static int cryptodev_dsa_keygen(DSA *dsa)
+ {
+@@ -4035,6 +4153,8 @@ void ENGINE_load_cryptodev(void)
+                 cryptodev_rsa.rsa_mod_exp_async =
+                     cryptodev_rsa_nocrt_mod_exp_async;
+             }
++            if (cryptodev_asymfeat & CRF_RSA_GENERATE_KEY)
++                cryptodev_rsa.rsa_keygen = cryptodev_rsa_keygen;
+         }
+     }
+ 
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Initial-support-for-PKC-in-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Initial-support-for-PKC-in-cryptodev-engine.patch
deleted file mode 100644
index 98272ab..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Initial-support-for-PKC-in-cryptodev-engine.patch
+++ /dev/null
@@ -1,1564 +0,0 @@
-From 107a10d45db0f2e58482f698add04ed9183f7268 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Tue, 11 Mar 2014 06:29:52 +0545
-Subject: [PATCH 08/26] Initial support for PKC in cryptodev engine
-
-Upstream-status: Pending
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 1343 ++++++++++++++++++++++++++++++++++++-----
- 1 file changed, 1183 insertions(+), 160 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index e3eb98b..7ee314b 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -54,11 +54,14 @@ ENGINE_load_cryptodev(void)
- #else 
-  
- #include <sys/types.h>
--#include <crypto/cryptodev.h>
- #include <crypto/dh/dh.h>
- #include <crypto/dsa/dsa.h>
- #include <crypto/err/err.h>
- #include <crypto/rsa/rsa.h>
-+#include <crypto/ecdsa/ecs_locl.h>
-+#include <crypto/ecdh/ech_locl.h>
-+#include <crypto/ec/ec_lcl.h>
-+#include <crypto/ec/ec.h>
- #include <sys/ioctl.h>
- #include <errno.h>
- #include <stdio.h>
-@@ -68,6 +71,8 @@ ENGINE_load_cryptodev(void)
- #include <syslog.h>
- #include <errno.h>
- #include <string.h>
-+#include "eng_cryptodev_ec.h"
-+#include <crypto/cryptodev.h>
- 
- struct dev_crypto_state {
- 	struct session_op d_sess;
-@@ -116,18 +121,10 @@ static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
- static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
-     RSA *rsa, BN_CTX *ctx);
- static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
--static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
--    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
--static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
--    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
--    BN_CTX *ctx, BN_MONT_CTX *mont);
- static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,
-     int dlen, DSA *dsa);
- static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
-     DSA_SIG *sig, DSA *dsa);
--static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
--    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
--    BN_MONT_CTX *m_ctx);
- static int cryptodev_dh_compute_key(unsigned char *key,
-     const BIGNUM *pub_key, DH *dh);
- static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
-@@ -136,6 +133,102 @@ void ENGINE_load_cryptodev(void);
- const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
- 
-+static int spcf_bn2bin(BIGNUM *bn, unsigned char **bin,  int *bin_len)
-+{
-+	int len;
-+	unsigned char *p;
-+
-+	len = BN_num_bytes(bn);
-+
-+	if (!len)
-+		return -1;
-+
-+	p = malloc(len);
-+	if (!p)
-+		return -1;
-+
-+	BN_bn2bin(bn,p);
-+
-+	*bin = p;
-+	*bin_len = len;
-+
-+	return 0;
-+}
-+
-+static int spcf_bn2bin_ex(BIGNUM *bn, unsigned char **bin,  int *bin_len)
-+{
-+	int len;
-+	unsigned char *p;
-+
-+	len = BN_num_bytes(bn);
-+
-+	if (!len)
-+		return -1;
-+
-+	if (len < *bin_len)
-+		p = malloc(*bin_len);
-+	else
-+		p = malloc(len);
-+
-+	if (!p)
-+		return -ENOMEM;
-+
-+	if (len < *bin_len) {
-+		/* place padding */
-+		memset(p, 0, (*bin_len - len));
-+		BN_bn2bin(bn,p+(*bin_len-len));
-+	} else {
-+		BN_bn2bin(bn,p);
-+	}
-+
-+	*bin = p;
-+	if (len >= *bin_len)
-+		*bin_len = len;
-+
-+	return 0;
-+}
-+
-+/**
-+ * Convert an ECC F2m 'b' parameter into the 'c' parameter.
-+ *Inputs:
-+ * q, the curve's modulus
-+ * b, the curve's b parameter
-+ * (a bignum for b, a buffer for c)
-+ * Output:
-+ * c, written into bin, right-adjusted to fill q_len bytes.
-+ */
-+static int
-+eng_ec_compute_cparam(const BIGNUM* b, const BIGNUM* q,
-+			unsigned char **bin, int *bin_len)
-+{
-+	BIGNUM* c = BN_new();
-+	BIGNUM* exp = BN_new();
-+	BN_CTX *ctx = BN_CTX_new();
-+	int m = BN_num_bits(q) - 1;
-+	int ok = 0;
-+
-+	if (!c || !exp || !ctx || *bin)
-+		goto err;
-+
-+	/*
-+	 * We have to compute c, where b = c^4, i.e., the fourth root of b.
-+	 * The equation for c is c = b^(2^(m-2))
-+	 * Compute exp = 2^(m-2)
-+	 * (1 << x) == 2^x
-+	 * and then compute c = b^exp
-+	 */
-+	BN_lshift(exp, BN_value_one(), m-2);
-+	BN_GF2m_mod_exp(c, b, exp, q, ctx);
-+	/* Store c */
-+	spcf_bn2bin_ex(c, bin, bin_len);
-+	ok = 1;
-+err:
-+	if (ctx) BN_CTX_free(ctx);
-+	if (c) BN_free(c);
-+	if (exp) BN_free(exp);
-+	return ok;
-+}
-+
- static const ENGINE_CMD_DEFN cryptodev_defns[] = {
- 	{ 0, NULL, NULL, 0 }
- };
-@@ -1139,7 +1232,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
- static int
- bn2crparam(const BIGNUM *a, struct crparam *crp)
- {
--	int i, j, k;
- 	ssize_t bytes, bits;
- 	u_char *b;
- 
-@@ -1156,15 +1248,7 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
- 
- 	crp->crp_p = (caddr_t) b;
- 	crp->crp_nbits = bits;
--
--	for (i = 0, j = 0; i < a->top; i++) {
--		for (k = 0; k < BN_BITS2 / 8; k++) {
--			if ((j + k) >= bytes)
--				return (0);
--			b[j + k] = a->d[i] >> (k * 8);
--		}
--		j += BN_BITS2 / 8;
--	}
-+	BN_bn2bin(a, crp->crp_p);
- 	return (0);
- }
- 
-@@ -1172,22 +1256,14 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
- static int
- crparam2bn(struct crparam *crp, BIGNUM *a)
- {
--	u_int8_t *pd;
--	int i, bytes;
-+	int bytes;
- 
- 	bytes = (crp->crp_nbits + 7) / 8;
- 
- 	if (bytes == 0)
- 		return (-1);
- 
--	if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
--		return (-1);
--
--	for (i = 0; i < bytes; i++)
--		pd[i] = crp->crp_p[bytes - i - 1];
--
--	BN_bin2bn(pd, bytes, a);
--	free(pd);
-+	BN_bin2bn(crp->crp_p, bytes, a);
- 
- 	return (0);
- }
-@@ -1235,6 +1311,32 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
- 	return (ret);
- }
- 
-+/* Close an opened instance of cryptodev engine */
-+void cryptodev_close_instance(void *handle)
-+{
-+	int fd;
-+
-+	if (handle) {
-+		fd = *(int *)handle;
-+		close(fd);
-+		free(handle);
-+	}
-+}
-+
-+/* Create an instance of cryptodev for asynchronous interface */
-+void *cryptodev_init_instance(void)
-+{
-+	int *fd = malloc(sizeof(int));
-+
-+	if (fd) {
-+		if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) {
-+			free(fd);
-+			return NULL;
-+		}
-+	}
-+	return fd;
-+}
-+
- static int
- cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-@@ -1250,9 +1352,9 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- 		return (ret);
- 	}
- 
--	memset(&kop, 0, sizeof kop);
- 	kop.crk_op = CRK_MOD_EXP;
--
-+	kop.crk_oparams = 0;
-+	kop.crk_status = 0;
- 	/* inputs: a^p % m */
- 	if (bn2crparam(a, &kop.crk_param[0]))
- 		goto err;
-@@ -1293,28 +1395,38 @@ static int
- cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- 	struct crypt_kop kop;
--	int ret = 1;
-+	int ret = 1, f_len, p_len, q_len;
-+	unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq = NULL, *c = NULL;
- 
- 	if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
- 		/* XXX 0 means failure?? */
- 		return (0);
- 	}
- 
--	memset(&kop, 0, sizeof kop);
-+	kop.crk_oparams = 0;
-+	kop.crk_status = 0;
- 	kop.crk_op = CRK_MOD_EXP_CRT;
-+	f_len = BN_num_bytes(rsa->n);
-+	spcf_bn2bin_ex(I, &f, &f_len);
-+	spcf_bn2bin(rsa->p, &p, &p_len);
-+	spcf_bn2bin(rsa->q, &q, &q_len);
-+	spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
-+	spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
-+	spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
- 	/* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
--	if (bn2crparam(rsa->p, &kop.crk_param[0]))
--		goto err;
--	if (bn2crparam(rsa->q, &kop.crk_param[1]))
--		goto err;
--	if (bn2crparam(I, &kop.crk_param[2]))
--		goto err;
--	if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
--		goto err;
--	if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
--		goto err;
--	if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
--		goto err;
-+	kop.crk_param[0].crp_p = p;
-+	kop.crk_param[0].crp_nbits = p_len * 8;
-+	kop.crk_param[1].crp_p = q;
-+	kop.crk_param[1].crp_nbits = q_len * 8;
-+	kop.crk_param[2].crp_p = f;
-+	kop.crk_param[2].crp_nbits = f_len * 8;
-+	kop.crk_param[3].crp_p = dp;
-+	kop.crk_param[3].crp_nbits = p_len * 8;
-+	/* dq must of length q, rest all of length p*/
-+	kop.crk_param[4].crp_p = dq;
-+	kop.crk_param[4].crp_nbits = q_len * 8;
-+	kop.crk_param[5].crp_p = c;
-+	kop.crk_param[5].crp_nbits = p_len * 8;
- 	kop.crk_iparams = 6;
- 
- 	if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
-@@ -1350,90 +1462,117 @@ static RSA_METHOD cryptodev_rsa = {
- 	NULL				/* rsa_verify */
- };
- 
--static int
--cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
--    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
--{
--	return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
--}
--
--static int
--cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
--    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
--    BN_CTX *ctx, BN_MONT_CTX *mont)
-+static DSA_SIG *
-+cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
- {
--	BIGNUM t2;
--	int ret = 0;
--
--	BN_init(&t2);
--
--	/* v = ( g^u1 * y^u2 mod p ) mod q */
--	/* let t1 = g ^ u1 mod p */
--	ret = 0;
-+	struct crypt_kop kop;
-+	BIGNUM *c = NULL, *d = NULL;
-+	DSA_SIG *dsaret = NULL;
-+	int q_len = 0, r_len = 0, g_len = 0;
-+	int priv_key_len = 0, ret;
-+	unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f = NULL;
- 
--	if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
-+	memset(&kop, 0, sizeof kop);
-+	if ((c = BN_new()) == NULL) {
-+		DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- 		goto err;
-+	}
- 
--	/* let t2 = y ^ u2 mod p */
--	if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
-+	if ((d = BN_new()) == NULL) {
-+		BN_free(c);
-+		DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- 		goto err;
--	/* let u1 = t1 * t2 mod p */
--	if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
-+	}
-+
-+	if (spcf_bn2bin(dsa->p, &q, &q_len)) {
-+		DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
- 		goto err;
-+	}
- 
--	BN_copy(t1,u1);
-+	/* Get order of the field of private keys into plain buffer */
-+	if (spcf_bn2bin (dsa->q, &r, &r_len)) {
-+		DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
- 
--	ret = 1;
--err:
--	BN_free(&t2);
--	return(ret);
--}
-+	/* sanity test */
-+	if (dlen > r_len) {
-+		DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-+		goto err;
-+	}
- 
--static DSA_SIG *
--cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
--{
--	struct crypt_kop kop;
--	BIGNUM *r = NULL, *s = NULL;
--	DSA_SIG *dsaret = NULL;
-+	g_len = q_len;
-+	/**
-+	 * Get generator into a plain buffer. If length is less than
-+	 * q_len then add leading padding bytes.
-+	 */
-+	if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+		DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
- 
--	if ((r = BN_new()) == NULL)
-+	priv_key_len = r_len;
-+	/**
-+	 * Get private key into a plain buffer. If length is less than
-+	 * r_len then add leading padding bytes.
-+	 */
-+	 if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) {
-+		DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- 		goto err;
--	if ((s = BN_new()) == NULL) {
--		BN_free(r);
-+	}
-+
-+	/* Allocate memory to store hash. */
-+	f = OPENSSL_malloc (r_len);
-+	if (!f) {
-+		DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- 		goto err;
- 	}
- 
--	memset(&kop, 0, sizeof kop);
-+	/* Add padding, since SEC expects hash to of size r_len */
-+	if (dlen < r_len)
-+		memset(f, 0, r_len - dlen);
-+
-+	/* Skip leading bytes if dgst_len < r_len */
-+	memcpy(f + r_len - dlen, dgst, dlen);
-+
- 	kop.crk_op = CRK_DSA_SIGN;
- 
- 	/* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
--	kop.crk_param[0].crp_p = (caddr_t)dgst;
--	kop.crk_param[0].crp_nbits = dlen * 8;
--	if (bn2crparam(dsa->p, &kop.crk_param[1]))
--		goto err;
--	if (bn2crparam(dsa->q, &kop.crk_param[2]))
--		goto err;
--	if (bn2crparam(dsa->g, &kop.crk_param[3]))
--		goto err;
--	if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
--		goto err;
-+	kop.crk_param[0].crp_p = (void*)f;
-+	kop.crk_param[0].crp_nbits = r_len * 8;
-+	kop.crk_param[1].crp_p = (void*)q;
-+	kop.crk_param[1].crp_nbits = q_len * 8;
-+	kop.crk_param[2].crp_p = (void*)r;
-+	kop.crk_param[2].crp_nbits = r_len * 8;
-+	kop.crk_param[3].crp_p = (void*)g;
-+	kop.crk_param[3].crp_nbits = g_len * 8;
-+	kop.crk_param[4].crp_p = (void*)priv_key;
-+	kop.crk_param[4].crp_nbits = priv_key_len * 8;
- 	kop.crk_iparams = 5;
- 
--	if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
--	    BN_num_bytes(dsa->q), s) == 0) {
--		dsaret = DSA_SIG_new();
--		dsaret->r = r;
--		dsaret->s = s;
--	} else {
--		const DSA_METHOD *meth = DSA_OpenSSL();
--		BN_free(r);
--		BN_free(s);
--		dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
-+	ret = cryptodev_asym(&kop, r_len, c, r_len, d);
-+
-+	if (ret) {
-+		DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DECODE_ERROR);
-+		goto err;
- 	}
--err:
--	kop.crk_param[0].crp_p = NULL;
-+
-+	dsaret = DSA_SIG_new();
-+	dsaret->r = c;
-+	dsaret->s = d;
-+
- 	zapparams(&kop);
- 	return (dsaret);
-+err:
-+	{
-+		const DSA_METHOD *meth = DSA_OpenSSL();
-+		if (c)
-+			BN_free(c);
-+		if (d)
-+			BN_free(d);
-+		dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
-+		return (dsaret);
-+	}
- }
- 
- static int
-@@ -1441,42 +1580,179 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
-     DSA_SIG *sig, DSA *dsa)
- {
- 	struct crypt_kop kop;
--	int dsaret = 1;
-+	int dsaret = 1, q_len = 0, r_len = 0, g_len = 0;
-+	int w_len = 0 ,c_len = 0, d_len = 0, ret = -1;
-+	unsigned char   * q = NULL, * r = NULL, * w = NULL, * g = NULL;
-+	unsigned char   * c = NULL, * d = NULL, *f = NULL;
- 
- 	memset(&kop, 0, sizeof kop);
- 	kop.crk_op = CRK_DSA_VERIFY;
- 
--	/* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
--	kop.crk_param[0].crp_p = (caddr_t)dgst;
--	kop.crk_param[0].crp_nbits = dlen * 8;
--	if (bn2crparam(dsa->p, &kop.crk_param[1]))
-+	if (spcf_bn2bin(dsa->p, &q, &q_len)) {
-+		DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		return ret;
-+	}
-+
-+	/* Get Order of field of private keys */
-+	if (spcf_bn2bin(dsa->q, &r, &r_len)) {
-+		DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- 		goto err;
--	if (bn2crparam(dsa->q, &kop.crk_param[2]))
-+	}
-+
-+	g_len = q_len;
-+	/**
-+	 * Get generator into a plain buffer. If length is less than
-+	 * q_len then add leading padding bytes.
-+	 */
-+	if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+		DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- 		goto err;
--	if (bn2crparam(dsa->g, &kop.crk_param[3]))
-+	}
-+	w_len = q_len;
-+	/**
-+	 * Get public key into a plain buffer. If length is less than
-+	 * q_len then add leading padding bytes.
-+	 */
-+	if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) {
-+		DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+	/**
-+	 * Get the 1st part of signature into a flat buffer with
-+	 * appropriate padding
-+	 */
-+	c_len = r_len;
-+
-+	if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- 		goto err;
--	if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
-+	}
-+
-+	/**
-+	 * Get the 2nd part of signature into a flat buffer with
-+	 * appropriate padding
-+	 */
-+	d_len = r_len;
-+
-+	if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- 		goto err;
--	if (bn2crparam(sig->r, &kop.crk_param[5]))
-+	}
-+
-+
-+	/* Sanity test */
-+	if (dlen > r_len) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- 		goto err;
--	if (bn2crparam(sig->s, &kop.crk_param[6]))
-+	}
-+
-+	/* Allocate memory to store hash. */
-+	f = OPENSSL_malloc (r_len);
-+	if (!f) {
-+		DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- 		goto err;
-+	}
-+
-+	/* Add padding, since SEC expects hash to of size r_len */
-+	if (dlen < r_len)
-+		memset(f, 0, r_len - dlen);
-+
-+	/* Skip leading bytes if dgst_len < r_len */
-+	memcpy(f + r_len - dlen, dgst, dlen);
-+
-+	/* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
-+	kop.crk_param[0].crp_p = (void*)f;
-+	kop.crk_param[0].crp_nbits = r_len * 8;
-+	kop.crk_param[1].crp_p = q;
-+	kop.crk_param[1].crp_nbits = q_len * 8;
-+	kop.crk_param[2].crp_p = r;
-+	kop.crk_param[2].crp_nbits = r_len * 8;
-+	kop.crk_param[3].crp_p = g;
-+	kop.crk_param[3].crp_nbits = g_len * 8;
-+	kop.crk_param[4].crp_p = w;
-+	kop.crk_param[4].crp_nbits = w_len * 8;
-+	kop.crk_param[5].crp_p = c;
-+	kop.crk_param[5].crp_nbits = c_len * 8;
-+	kop.crk_param[6].crp_p = d;
-+	kop.crk_param[6].crp_nbits = d_len * 8;
- 	kop.crk_iparams = 7;
- 
--	if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
--/*OCF success value is 0, if not zero, change dsaret to fail*/
--		if(0 != kop.crk_status) dsaret  = 0;
--	} else {
--		const DSA_METHOD *meth = DSA_OpenSSL();
-+	if ((cryptodev_asym(&kop, 0, NULL, 0, NULL))) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR);
-+		goto err;
-+	}
- 
--		dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
-+	/*OCF success value is 0, if not zero, change dsaret to fail*/
-+	if(0 != kop.crk_status) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR);
-+		goto err;
- 	}
--err:
--	kop.crk_param[0].crp_p = NULL;
-+
- 	zapparams(&kop);
- 	return (dsaret);
-+err:
-+	{
-+		const DSA_METHOD *meth = DSA_OpenSSL();
-+
-+		dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
-+	}
-+	return dsaret;
- }
- 
-+/* Cryptodev DSA Key Gen routine */
-+static int cryptodev_dsa_keygen(DSA *dsa)
-+{
-+	struct crypt_kop kop;
-+	int ret = 1, g_len;
-+	unsigned char *g = NULL;
-+
-+	if (dsa->priv_key == NULL)	{
-+		if ((dsa->priv_key=BN_new()) == NULL)
-+			goto sw_try;
-+	}
-+
-+	if (dsa->pub_key == NULL) {
-+		if ((dsa->pub_key=BN_new()) == NULL)
-+			goto sw_try;
-+	}
-+
-+	g_len = BN_num_bytes(dsa->p);
-+	/**
-+	 * Get generator into a plain buffer. If length is less than
-+	 * p_len then add leading padding bytes.
-+	 */
-+	if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+		DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+		goto sw_try;
-+	}
-+
-+	memset(&kop, 0, sizeof kop);
-+
-+	kop.crk_op = CRK_DSA_GENERATE_KEY;
-+	if (bn2crparam(dsa->p, &kop.crk_param[0]))
-+		goto sw_try;
-+	if (bn2crparam(dsa->q, &kop.crk_param[1]))
-+		goto sw_try;
-+	kop.crk_param[2].crp_p = g;
-+	kop.crk_param[2].crp_nbits = g_len * 8;
-+	kop.crk_iparams = 3;
-+
-+	/* pub_key is or prime length while priv key is of length of order */
-+	if (cryptodev_asym(&kop, BN_num_bytes(dsa->p), dsa->pub_key,
-+	    BN_num_bytes(dsa->q), dsa->priv_key))
-+	    goto sw_try;
-+
-+	return ret;
-+sw_try:
-+	{
-+		const DSA_METHOD *meth = DSA_OpenSSL();
-+		ret = (meth->dsa_keygen)(dsa);
-+	}
-+	return ret;
-+}
-+
-+
-+
- static DSA_METHOD cryptodev_dsa = {
- 	"cryptodev DSA method",
- 	NULL,
-@@ -1490,12 +1766,543 @@ static DSA_METHOD cryptodev_dsa = {
- 	NULL	/* app_data */
- };
- 
--static int
--cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
--    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
--    BN_MONT_CTX *m_ctx)
-+static ECDSA_METHOD cryptodev_ecdsa = {
-+	"cryptodev ECDSA method",
-+	NULL,
-+	NULL,				/* ecdsa_sign_setup */
-+	NULL,
-+	NULL,
-+	0,	/* flags */
-+	NULL	/* app_data */
-+};
-+
-+typedef enum ec_curve_s
-+{
-+	EC_PRIME,
-+	EC_BINARY
-+} ec_curve_t;
-+
-+/* ENGINE handler for ECDSA Sign */
-+static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
-+	int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
- {
--	return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
-+	BIGNUM	*m = NULL, *p = NULL, *a = NULL;
-+	BIGNUM  *b = NULL, *x = NULL, *y = NULL;
-+	BN_CTX  *ctx = NULL;
-+	ECDSA_SIG *ret = NULL;
-+	ECDSA_DATA *ecdsa = NULL;
-+	unsigned char  * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
-+	unsigned char  * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
-+	int	i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
-+	int	g_len = 0, d_len = 0, ab_len = 0;
-+	const BIGNUM   *order = NULL, *priv_key=NULL;
-+	const EC_GROUP *group = NULL;
-+	struct crypt_kop kop;
-+	ec_curve_t ec_crv = EC_PRIME;
-+
-+	memset(&kop, 0, sizeof(kop));
-+	ecdsa = ecdsa_check(eckey);
-+	if (!ecdsa) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+		return NULL;
-+	}
-+
-+	group = EC_KEY_get0_group(eckey);
-+	priv_key = EC_KEY_get0_private_key(eckey);
-+
-+	if (!group || !priv_key) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+		return NULL;
-+	}
-+
-+	if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+		(a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+		(p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+		(y = BN_new()) == NULL) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	order = &group->order;
-+	if (!order || BN_is_zero(order)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
-+		goto err;
-+	}
-+
-+	i = BN_num_bits(order);
-+	/* Need to truncate digest if it is too long: first truncate whole
-+	 bytes */
-+	if (8 * dgst_len > i)
-+		dgst_len = (i + 7)/8;
-+
-+	if (!BN_bin2bn(dgst, dgst_len, m)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+		goto err;
-+	}
-+
-+	/* If still too long truncate remaining bits with a shift */
-+	if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+		goto err;
-+	}
-+
-+	/* copy the truncated bits into plain buffer */
-+	if (spcf_bn2bin(m, &tmp_dgst, &dgst_len))  {
-+		fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__);
-+		goto err;
-+	}
-+
-+	ret = ECDSA_SIG_new();
-+	if  (!ret) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+		goto err;
-+	}
-+
-+	/* check if this is prime or binary EC request */
-+	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
-+		ec_crv = EC_PRIME;
-+		/* get the generator point pair */
-+		if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group),
-+			x, y,ctx)) {
-+			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+			goto err;
-+		}
-+
-+		/* get the ECC curve parameters */
-+		if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) {
-+			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+			goto err;
-+		}
-+	} else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) {
-+		ec_crv = EC_BINARY;
-+		/* get the ECC curve parameters */
-+		if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
-+			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+			goto err;
-+		}
-+
-+		/* get the generator point pair */
-+		if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+			EC_GROUP_get0_generator(group), x, y,ctx)) {
-+			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+			goto err;
-+		}
-+	} else {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+		goto err;
-+	}
-+
-+	if (spcf_bn2bin(order, &r, &r_len)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	if (spcf_bn2bin(p, &q, &q_len)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	priv_key_len = r_len;
-+
-+	/**
-+	 * If BN_num_bytes of priv_key returns less then r_len then
-+	 * add padding bytes before the key
-+	 */
-+	if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len))  {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/* Generation of ECC curve parameters */
-+	ab_len = 2*q_len;
-+	ab = eng_copy_curve_points(a, b, ab_len, q_len);
-+	if (!ab) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	if (ec_crv == EC_BINARY) {
-+		if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
-+		{
-+			unsigned char *c_temp = NULL;
-+			int c_temp_len = q_len;
-+			if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+				memcpy(ab+q_len, c_temp, q_len);
-+			else
-+				goto err;
-+		}
-+		kop.curve_type = ECC_BINARY;
-+	}
-+
-+	/* Calculation of Generator point */
-+	g_len = 2*q_len;
-+	g_xy = eng_copy_curve_points(x, y, g_len, q_len);
-+	if (!g_xy) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/* Memory allocation for first part of digital signature */
-+	c = malloc(r_len);
-+	if (!c) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	d_len = r_len;
-+
-+	/* Memory allocation for second part of digital signature */
-+	d = malloc(d_len);
-+	if (!d) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/* memory for message representative */
-+	f = malloc(r_len);
-+	if (!f) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/* Add padding, since SEC expects hash to of size r_len */
-+	memset(f, 0, r_len - dgst_len);
-+
-+	/* Skip leading bytes if dgst_len < r_len */
-+	memcpy(f +  r_len - dgst_len, tmp_dgst, dgst_len);
-+
-+	dgst_len +=  r_len - dgst_len;
-+	kop.crk_op = CRK_DSA_SIGN;
-+	/* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+	kop.crk_param[0].crp_p = f;
-+	kop.crk_param[0].crp_nbits = dgst_len * 8;
-+	kop.crk_param[1].crp_p = q;
-+	kop.crk_param[1].crp_nbits = q_len * 8;
-+	kop.crk_param[2].crp_p = r;
-+	kop.crk_param[2].crp_nbits = r_len * 8;
-+	kop.crk_param[3].crp_p = g_xy;
-+	kop.crk_param[3].crp_nbits = g_len * 8;
-+	kop.crk_param[4].crp_p = s;
-+	kop.crk_param[4].crp_nbits = priv_key_len * 8;
-+	kop.crk_param[5].crp_p = ab;
-+	kop.crk_param[5].crp_nbits = ab_len * 8;
-+	kop.crk_iparams = 6;
-+	kop.crk_param[6].crp_p = c;
-+	kop.crk_param[6].crp_nbits = d_len * 8;
-+	kop.crk_param[7].crp_p = d;
-+	kop.crk_param[7].crp_nbits = d_len * 8;
-+	kop.crk_oparams = 2;
-+
-+	if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-+		/* Check if ret->r and s needs to allocated */
-+		crparam2bn(&kop.crk_param[6], ret->r);
-+		crparam2bn(&kop.crk_param[7], ret->s);
-+	} else {
-+		const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+		ret = (meth->ecdsa_do_sign)(dgst, dgst_len, in_kinv, in_r, eckey);
-+	}
-+	kop.crk_param[0].crp_p = NULL;
-+	zapparams(&kop);
-+err:
-+	if (!ret) {
-+		ECDSA_SIG_free(ret);
-+		ret = NULL;
-+	}
-+	return ret;
-+}
-+
-+static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
-+		ECDSA_SIG *sig, EC_KEY *eckey)
-+{
-+	BIGNUM	*m = NULL, *p = NULL, *a = NULL, *b = NULL;
-+	BIGNUM	*x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
-+	BN_CTX	*ctx = NULL;
-+	ECDSA_DATA	*ecdsa = NULL;
-+	unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy = NULL;
-+	unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
-+	int	i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0;
-+	int	d_len = 0, ab_len = 0, ret = -1;
-+	const EC_POINT *pub_key = NULL;
-+	const BIGNUM   *order = NULL;
-+	const EC_GROUP *group=NULL;
-+	ec_curve_t       ec_crv = EC_PRIME;
-+	struct crypt_kop kop;
-+
-+	memset(&kop, 0, sizeof kop);
-+	ecdsa = ecdsa_check(eckey);
-+	if (!ecdsa) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
-+		return ret;
-+	}
-+
-+	group    = EC_KEY_get0_group(eckey);
-+	pub_key  = EC_KEY_get0_public_key(eckey);
-+
-+	if (!group || !pub_key) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
-+		return ret;
-+	}
-+
-+	if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+		(a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+		(p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+		(y = BN_new()) == NULL || (w_x = BN_new()) == NULL ||
-+		(w_y = BN_new()) == NULL) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	order = &group->order;
-+	if (!order || BN_is_zero(order)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
-+		goto err;
-+	}
-+
-+	i = BN_num_bits(order);
-+	/* Need to truncate digest if it is too long: first truncate whole
-+	* bytes */
-+	if (8 * dgst_len > i)
-+		dgst_len = (i + 7)/8;
-+
-+	if (!BN_bin2bn(dgst, dgst_len, m)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-+		goto err;
-+	}
-+
-+	/* If still too long truncate remaining bits with a shift */
-+	if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-+		goto err;
-+	}
-+	/* copy the truncated bits into plain buffer */
-+	if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/* check if this is prime or binary EC request */
-+	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
-+		ec_crv = EC_PRIME;
-+
-+		/* get the generator point pair */
-+		if (!EC_POINT_get_affine_coordinates_GFp (group,
-+			EC_GROUP_get0_generator(group), x, y,ctx)) {
-+			ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+			goto err;
-+		}
-+
-+		/* get the public key pair for prime curve */
-+		if (!EC_POINT_get_affine_coordinates_GFp (group,
-+			pub_key, w_x, w_y,ctx)) {
-+			ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+			goto err;
-+		}
-+
-+		/* get the ECC curve parameters */
-+		if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+			ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+			goto err;
-+		}
-+	} else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field){
-+		ec_crv = EC_BINARY;
-+		/* get the ECC curve parameters */
-+		if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
-+			ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+			goto err;
-+		}
-+
-+		/* get the generator point pair */
-+		if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+			EC_GROUP_get0_generator(group),x, y,ctx)) {
-+			ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+			goto err;
-+		}
-+
-+		/* get the public key pair for binary curve */
-+		if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+			pub_key, w_x, w_y,ctx)) {
-+			ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+			goto err;
-+		}
-+	}else {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+		goto err;
-+	}
-+
-+	/* Get the order of the subgroup of private keys */
-+	if (spcf_bn2bin((BIGNUM*)order, &r, &r_len)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/* Get the irreducible polynomial that creates the field */
-+	if (spcf_bn2bin(p, &q, &q_len)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/* Get the public key into a flat buffer with appropriate padding */
-+	pub_key_len = 2 * q_len;
-+
-+	w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len);
-+	if (!w_xy) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/* Generation of ECC curve parameters */
-+	ab_len = 2*q_len;
-+
-+	ab = eng_copy_curve_points (a, b, ab_len, q_len);
-+	if (!ab) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	if (ec_crv == EC_BINARY) {
-+		/* copy b' i.e c(b), instead of only b */
-+		if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
-+		{
-+			unsigned char *c_temp = NULL;
-+			int c_temp_len = q_len;
-+			if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+				memcpy(ab+q_len, c_temp, q_len);
-+			else
-+				goto err;
-+		}
-+		kop.curve_type = ECC_BINARY;
-+	}
-+
-+	/* Calculation of Generator point */
-+	g_len = 2 * q_len;
-+
-+	g_xy = eng_copy_curve_points (x, y, g_len, q_len);
-+	if (!g_xy) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/**
-+	 * Get the 1st part of signature into a flat buffer with
-+	 * appropriate padding
-+	 */
-+	if (BN_num_bytes(sig->r) < r_len)
-+		c_len = r_len;
-+
-+	if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/**
-+	 * Get the 2nd part of signature into a flat buffer with
-+	 * appropriate padding
-+	 */
-+	if (BN_num_bytes(sig->s) < r_len)
-+		d_len = r_len;
-+
-+	if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/* memory for message representative */
-+	f = malloc(r_len);
-+	if (!f) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/* Add padding, since SEC expects hash to of size r_len */
-+	memset(f, 0, r_len-dgst_len);
-+
-+	/* Skip leading bytes if dgst_len < r_len */
-+	memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len);
-+	dgst_len += r_len-dgst_len;
-+	kop.crk_op = CRK_DSA_VERIFY;
-+	/* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+	kop.crk_param[0].crp_p = f;
-+	kop.crk_param[0].crp_nbits = dgst_len * 8;
-+	kop.crk_param[1].crp_p = q;
-+	kop.crk_param[1].crp_nbits = q_len * 8;
-+	kop.crk_param[2].crp_p = r;
-+	kop.crk_param[2].crp_nbits = r_len * 8;
-+	kop.crk_param[3].crp_p = g_xy;
-+	kop.crk_param[3].crp_nbits = g_len * 8;
-+	kop.crk_param[4].crp_p = w_xy;
-+	kop.crk_param[4].crp_nbits = pub_key_len * 8;
-+	kop.crk_param[5].crp_p = ab;
-+	kop.crk_param[5].crp_nbits = ab_len * 8;
-+	kop.crk_param[6].crp_p = c;
-+	kop.crk_param[6].crp_nbits = d_len * 8;
-+	kop.crk_param[7].crp_p = d;
-+	kop.crk_param[7].crp_nbits = d_len * 8;
-+	kop.crk_iparams = 8;
-+
-+	if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-+		/*OCF success value is 0, if not zero, change ret to fail*/
-+		if(0 == kop.crk_status)
-+			ret  = 1;
-+	} else {
-+		const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+
-+		ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey);
-+	}
-+	kop.crk_param[0].crp_p = NULL;
-+	zapparams(&kop);
-+
-+err:
-+	return ret;
-+}
-+
-+static int cryptodev_dh_keygen(DH *dh)
-+{
-+	struct crypt_kop kop;
-+	int ret = 1, g_len;
-+	unsigned char *g = NULL;
-+
-+	if (dh->priv_key == NULL)	{
-+		if ((dh->priv_key=BN_new()) == NULL)
-+			goto sw_try;
-+	}
-+
-+	if (dh->pub_key == NULL) {
-+		if ((dh->pub_key=BN_new()) == NULL)
-+			goto sw_try;
-+	}
-+
-+	g_len = BN_num_bytes(dh->p);
-+	/**
-+	 * Get generator into a plain buffer. If length is less than
-+	 * q_len then add leading padding bytes.
-+	 */
-+	if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
-+		DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+		goto sw_try;
-+	}
-+
-+	memset(&kop, 0, sizeof kop);
-+	kop.crk_op = CRK_DH_GENERATE_KEY;
-+	if (bn2crparam(dh->p, &kop.crk_param[0]))
-+		goto sw_try;
-+	if (bn2crparam(dh->q, &kop.crk_param[1]))
-+		goto sw_try;
-+	kop.crk_param[2].crp_p = g;
-+	kop.crk_param[2].crp_nbits = g_len * 8;
-+	kop.crk_iparams = 3;
-+
-+	/* pub_key is or prime length while priv key is of length of order */
-+	if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
-+	    BN_num_bytes(dh->q), dh->priv_key))
-+	    goto sw_try;
-+
-+	return ret;
-+sw_try:
-+	{
-+		const DH_METHOD *meth = DH_OpenSSL();
-+		ret = (meth->generate_key)(dh);
-+	}
-+	return ret;
- }
- 
- static int
-@@ -1503,43 +2310,234 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- {
- 	struct crypt_kop kop;
- 	int dhret = 1;
--	int fd, keylen;
-+	int fd, p_len;
-+	BIGNUM *temp = NULL;
-+	unsigned char *padded_pub_key = NULL, *p = NULL;
-+
-+	if ((fd = get_asym_dev_crypto()) < 0)
-+		goto sw_try;
-+
-+	memset(&kop, 0, sizeof kop);
-+	kop.crk_op = CRK_DH_COMPUTE_KEY;
-+	/* inputs: dh->priv_key pub_key dh->p key */
-+	spcf_bn2bin(dh->p, &p, &p_len);
-+	spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
-+	if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
-+		goto sw_try;
-+
-+	kop.crk_param[1].crp_p = padded_pub_key;
-+	kop.crk_param[1].crp_nbits = p_len * 8;
-+	kop.crk_param[2].crp_p = p;
-+	kop.crk_param[2].crp_nbits = p_len * 8;
-+	kop.crk_iparams = 3;
-+	kop.crk_param[3].crp_p = (void*) key;
-+	kop.crk_param[3].crp_nbits = p_len * 8;
-+	kop.crk_oparams = 1;
-+	dhret = p_len;
-+
-+	if (ioctl(fd, CIOCKEY, &kop))
-+		goto sw_try;
- 
--	if ((fd = get_asym_dev_crypto()) < 0) {
-+	if ((temp = BN_new())) {
-+		if (!BN_bin2bn(key, p_len, temp)) {
-+			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+			goto sw_try;
-+		}
-+		if (dhret > BN_num_bytes(temp))
-+			dhret=BN_bn2bin(temp,key);
-+		BN_free(temp);
-+	}
-+
-+	kop.crk_param[3].crp_p = NULL;
-+	zapparams(&kop);
-+	return (dhret);
-+sw_try:
-+	{
- 		const DH_METHOD *meth = DH_OpenSSL();
- 
--		return ((meth->compute_key)(key, pub_key, dh));
-+		dhret = (meth->compute_key)(key, pub_key, dh);
- 	}
-+	return (dhret);
-+}
- 
--	keylen = BN_num_bits(dh->p);
-+int cryptodev_ecdh_compute_key(void *out, size_t outlen,
-+	const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
-+	void *out, size_t *outlen))
-+{
-+	ec_curve_t       ec_crv = EC_PRIME;
-+	unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
-+	BIGNUM         * w_x = NULL, *w_y = NULL;
-+	int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
-+	BIGNUM * p = NULL, *a = NULL, *b = NULL;
-+	BN_CTX *ctx;
-+	EC_POINT *tmp=NULL;
-+	BIGNUM *x=NULL, *y=NULL;
-+	const BIGNUM *priv_key;
-+	const EC_GROUP* group = NULL;
-+	int ret = -1;
-+	size_t buflen, len;
-+	struct crypt_kop kop;
- 
- 	memset(&kop, 0, sizeof kop);
--	kop.crk_op = CRK_DH_COMPUTE_KEY;
- 
--	/* inputs: dh->priv_key pub_key dh->p key */
--	if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
-+	if ((ctx = BN_CTX_new()) == NULL) goto err;
-+	BN_CTX_start(ctx);
-+	x = BN_CTX_get(ctx);
-+	y = BN_CTX_get(ctx);
-+	p = BN_CTX_get(ctx);
-+	a = BN_CTX_get(ctx);
-+	b = BN_CTX_get(ctx);
-+	w_x = BN_CTX_get(ctx);
-+	w_y = BN_CTX_get(ctx);
-+
-+	if (!x || !y || !p || !a || !b || !w_x || !w_y) {
-+		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
- 		goto err;
--	if (bn2crparam(pub_key, &kop.crk_param[1]))
-+	}
-+
-+	priv_key = EC_KEY_get0_private_key(ecdh);
-+	if (priv_key == NULL) {
-+		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE);
- 		goto err;
--	if (bn2crparam(dh->p, &kop.crk_param[2]))
-+	}
-+
-+	group = EC_KEY_get0_group(ecdh);
-+	if ((tmp=EC_POINT_new(group)) == NULL) {
-+		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
- 		goto err;
--	kop.crk_iparams = 3;
-+	}
- 
--	kop.crk_param[3].crp_p = (caddr_t) key;
--	kop.crk_param[3].crp_nbits = keylen * 8;
--	kop.crk_oparams = 1;
-+	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+		NID_X9_62_prime_field) {
-+		ec_crv = EC_PRIME;
- 
--	if (ioctl(fd, CIOCKEY, &kop) == -1) {
--		const DH_METHOD *meth = DH_OpenSSL();
-+		if (!EC_POINT_get_affine_coordinates_GFp(group,
-+			EC_GROUP_get0_generator(group), x, y, ctx)) {
-+			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
-+			goto err;
-+		}
- 
--		dhret = (meth->compute_key)(key, pub_key, dh);
-+		/* get the ECC curve parameters */
-+		if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+			goto err;
-+		}
-+
-+		/* get the public key pair for prime curve */
-+		if (!EC_POINT_get_affine_coordinates_GFp (group, pub_key, w_x, w_y,ctx)) {
-+			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+			goto err;
-+		}
-+	} else {
-+		ec_crv = EC_BINARY;
-+
-+		if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+			EC_GROUP_get0_generator(group), x, y, ctx)) {
-+			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
-+			goto err;
-+		}
-+
-+		/* get the ECC curve parameters */
-+		if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
-+			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+			goto err;
-+		}
-+
-+		/* get the public key pair for binary curve */
-+		if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+			pub_key, w_x, w_y,ctx)) {
-+			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+			goto err;
-+		}
-+	}
-+
-+	/* irreducible polynomial that creates the field */
-+	if (spcf_bn2bin((BIGNUM*)&group->order, &r, &r_len)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/* Get the irreducible polynomial that creates the field */
-+	if (spcf_bn2bin(p, &q, &q_len)) {
-+		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+		goto err;
- 	}
-+
-+	/* Get the public key into a flat buffer with appropriate padding */
-+	pub_key_len = 2 * q_len;
-+	w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len);
-+	if (!w_xy) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/* Generation of ECC curve parameters */
-+	ab_len = 2*q_len;
-+	ab = eng_copy_curve_points (a, b, ab_len, q_len);
-+	if (!ab) {
-+		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+		goto err;
-+	}
-+
-+	if (ec_crv == EC_BINARY) {
-+		/* copy b' i.e c(b), instead of only b */
-+		if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
-+		{
-+			unsigned char *c_temp = NULL;
-+			int c_temp_len = q_len;
-+			if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+				memcpy(ab+q_len, c_temp, q_len);
-+			else
-+				goto err;
-+		}
-+		kop.curve_type = ECC_BINARY;
-+	} else
-+		kop.curve_type = ECC_PRIME;
-+
-+	priv_key_len = r_len;
-+
-+	/*
-+	 * If BN_num_bytes of priv_key returns less then r_len then
-+	 * add padding bytes before the key
-+	 */
-+	if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	buflen = (EC_GROUP_get_degree(group) + 7)/8;
-+	len = BN_num_bytes(x);
-+	if (len > buflen || q_len < buflen) {
-+		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_INTERNAL_ERROR);
-+		goto err;
-+	}
-+
-+	kop.crk_op = CRK_DH_COMPUTE_KEY;
-+	kop.crk_param[0].crp_p = (void*) s;
-+	kop.crk_param[0].crp_nbits = priv_key_len*8;
-+	kop.crk_param[1].crp_p = (void*) w_xy;
-+	kop.crk_param[1].crp_nbits = pub_key_len*8;
-+	kop.crk_param[2].crp_p = (void*) q;
-+	kop.crk_param[2].crp_nbits = q_len*8;
-+	kop.crk_param[3].crp_p = (void*) ab;
-+	kop.crk_param[3].crp_nbits = ab_len*8;
-+	kop.crk_iparams = 4;
-+	kop.crk_param[4].crp_p = (void*) out;
-+	kop.crk_param[4].crp_nbits = q_len*8;
-+	kop.crk_oparams = 1;
-+	ret = q_len;
-+	if (cryptodev_asym(&kop, 0, NULL, 0, NULL)) {
-+		const ECDH_METHOD *meth = ECDH_OpenSSL();
-+		ret = (meth->compute_key)(out, outlen, pub_key, ecdh, KDF);
-+	} else
-+		ret = q_len;
- err:
--	kop.crk_param[3].crp_p = NULL;
-+	kop.crk_param[4].crp_p = NULL;
- 	zapparams(&kop);
--	return (dhret);
-+	return ret;
- }
- 
-+
- static DH_METHOD cryptodev_dh = {
- 	"cryptodev DH method",
- 	NULL,				/* cryptodev_dh_generate_key */
-@@ -1551,6 +2549,14 @@ static DH_METHOD cryptodev_dh = {
- 	NULL	/* app_data */
- };
- 
-+static ECDH_METHOD cryptodev_ecdh = {
-+	"cryptodev ECDH method",
-+	NULL,	/* cryptodev_ecdh_compute_key */
-+	NULL,
-+	0,		/* flags */
-+	NULL	/* app_data */
-+};
-+
- /*
-  * ctrl right now is just a wrapper that doesn't do much
-  * but I expect we'll want some options soon.
-@@ -1634,25 +2640,42 @@ ENGINE_load_cryptodev(void)
- 		memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
- 		if (cryptodev_asymfeat & CRF_DSA_SIGN)
- 			cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
--		if (cryptodev_asymfeat & CRF_MOD_EXP) {
--			cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
--			cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
--		}
- 		if (cryptodev_asymfeat & CRF_DSA_VERIFY)
- 			cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
-+		if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY)
-+			cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen;
- 	}
- 
- 	if (ENGINE_set_DH(engine, &cryptodev_dh)){
- 		const DH_METHOD *dh_meth = DH_OpenSSL();
-+		memcpy(&cryptodev_dh, dh_meth, sizeof(DH_METHOD));
-+		if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
-+			cryptodev_dh.compute_key =
-+				cryptodev_dh_compute_key;
-+		}
-+		if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) {
-+			cryptodev_dh.generate_key =
-+				cryptodev_dh_keygen;
-+		}
-+	}
- 
--		cryptodev_dh.generate_key = dh_meth->generate_key;
--		cryptodev_dh.compute_key = dh_meth->compute_key;
--		cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
--		if (cryptodev_asymfeat & CRF_MOD_EXP) {
--			cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
--			if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
--				cryptodev_dh.compute_key =
--				    cryptodev_dh_compute_key;
-+	if (ENGINE_set_ECDSA(engine, &cryptodev_ecdsa)) {
-+		const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+		memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD));
-+		if (cryptodev_asymfeat & CRF_DSA_SIGN) {
-+			cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign;
-+		}
-+		if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
-+			cryptodev_ecdsa.ecdsa_do_verify =
-+				cryptodev_ecdsa_verify;
-+		}
-+	}
-+
-+	if (ENGINE_set_ECDH(engine, &cryptodev_ecdh)) {
-+		const ECDH_METHOD *ecdh_meth = ECDH_OpenSSL();
-+		memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD));
-+		if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
-+			cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key;
- 		}
- 	}
- 
--- 
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-Added-hwrng-dev-file-as-source-of-RNG.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-Added-hwrng-dev-file-as-source-of-RNG.patch
deleted file mode 100644
index 0fb0182..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-Added-hwrng-dev-file-as-source-of-RNG.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 81c4c62a4f5f5542843381bfb34e39a6171d5cdd Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Tue, 11 Mar 2014 06:42:59 +0545
-Subject: [PATCH 09/26] Added hwrng dev file as source of RNG
-
-Upstream-status: Pending
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
----
- e_os.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/e_os.h b/e_os.h
-index 6a0aad1..57c0563 100644
---- a/e_os.h
-+++ b/e_os.h
-@@ -79,7 +79,7 @@ extern "C" {
- #ifndef DEVRANDOM
- /* set this to a comma-separated list of 'random' device files to try out.
-  * My default, we will try to read at least one of these files */
--#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
-+#define DEVRANDOM "/dev/hwrng","/dev/urandom","/dev/random","/dev/srandom"
- #endif
- #ifndef DEVRANDOM_EGD
- /* set this to a comma-seperated list of 'egd' sockets to try out. These
--- 
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch
new file mode 100644
index 0000000..d4cd02f
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch
@@ -0,0 +1,64 @@
+From ca7adb9cf57497d27136a599531ea5b9671876c7 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta at freescale.com>
+Date: Wed, 16 Apr 2014 22:53:04 +0545
+Subject: [PATCH 09/48] RSA Keygen Fix
+
+Upstream-status: Pending
+
+If Kernel driver doesn't support RSA Keygen or same returns
+error handling the keygen operation, the keygen is gracefully
+handled by software supported rsa_keygen handler
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 44017a3..eac5fb6 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -2018,7 +2018,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+     int i;
+ 
+     if ((fd = get_asym_dev_crypto()) < 0)
+-        return fd;
++        goto sw_try;
+ 
+     if (!rsa->n && ((rsa->n = BN_new()) == NULL))
+         goto err;
+@@ -2047,7 +2047,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+     /* p length */
+     kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
+     if (!kop.crk_param[kop.crk_iparams].crp_p)
+-        goto err;
++        goto sw_try;
+     kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
+     memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
+     kop.crk_iparams++;
+@@ -2055,7 +2055,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+     /* q length */
+     kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
+     if (!kop.crk_param[kop.crk_iparams].crp_p)
+-        goto err;
++        goto sw_try;
+     kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
+     memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
+     kop.crk_iparams++;
+@@ -2115,8 +2115,10 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+     }
+  sw_try:
+     {
+-        const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+-        ret = (meth->rsa_keygen) (rsa, bits, e, cb);
++        const RSA_METHOD *meth = rsa->meth;
++        rsa->meth = RSA_PKCS1_SSLeay();
++        ret = RSA_generate_key_ex(rsa, bits, e, cb);
++        rsa->meth = meth;
+     }
+     return ret;
+ 
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
deleted file mode 100644
index 0f889c0..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
+++ /dev/null
@@ -1,2039 +0,0 @@
-From a933e6341fd8989bdd82f8a5446b6f04aa00eef9 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Tue, 11 Mar 2014 07:14:30 +0545
-Subject: [PATCH 10/26] Asynchronous interface added for PKC cryptodev
- interface
-
-Upstream-status: Pending
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
----
- crypto/crypto.h               |   16 +
- crypto/dh/dh.h                |    4 +-
- crypto/dsa/dsa.h              |    5 +
- crypto/ecdh/ech_locl.h        |    3 +
- crypto/ecdsa/ecs_locl.h       |    5 +
- crypto/engine/eng_cryptodev.c | 1578 +++++++++++++++++++++++++++++++++++++----
- crypto/engine/eng_int.h       |   24 +-
- crypto/engine/eng_lib.c       |   46 ++
- crypto/engine/engine.h        |   24 +
- crypto/rsa/rsa.h              |   23 +
- 10 files changed, 1582 insertions(+), 146 deletions(-)
-
-diff --git a/crypto/crypto.h b/crypto/crypto.h
-index f92fc51..ce12731 100644
---- a/crypto/crypto.h
-+++ b/crypto/crypto.h
-@@ -605,6 +605,22 @@ void ERR_load_CRYPTO_strings(void);
- #define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED		 101
- #define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK		 100
- 
-+/* Additions for Asynchronous PKC Infrastructure */
-+struct pkc_cookie_s {
-+	void *cookie; /* To be filled by openssl library primitive method function caller */
-+	void *eng_cookie; /* To be filled by Engine */
-+	 /*
-+	   * Callback handler to be provided by caller. Ensure to pass a
-+	   * handler which takes the crypto operation to completion.
-+	   * cookie: Container cookie from library
-+	   * status: Status of the crypto Job completion.
-+	   *		0: Job handled without any issue
-+	   *		-EINVAL: Parameters Invalid
-+	   */
-+	void (*pkc_callback)(struct pkc_cookie_s *cookie, int status);
-+	void *eng_handle;
-+};
-+
- #ifdef  __cplusplus
- }
- #endif
-diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
-index ea59e61..20ffad2 100644
---- a/crypto/dh/dh.h
-+++ b/crypto/dh/dh.h
-@@ -118,7 +118,9 @@ struct dh_method
- 	int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a,
- 				const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- 				BN_MONT_CTX *m_ctx); /* Can be null */
--
-+	int (*compute_key_async)(unsigned char *key,const BIGNUM *pub_key,DH *dh,
-+				struct pkc_cookie_s *cookie);
-+	int (*generate_key_async)(DH *dh, struct pkc_cookie_s *cookie);
- 	int (*init)(DH *dh);
- 	int (*finish)(DH *dh);
- 	int flags;
-diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
-index a6f6d0b..b04a029 100644
---- a/crypto/dsa/dsa.h
-+++ b/crypto/dsa/dsa.h
-@@ -140,6 +140,10 @@ struct dsa_method
- 	int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
- 				const BIGNUM *m, BN_CTX *ctx,
- 				BN_MONT_CTX *m_ctx); /* Can be null */
-+	int (*dsa_do_sign_async)(const unsigned char *dgst, int dlen, DSA *dsa,
-+				DSA_SIG *sig, struct pkc_cookie_s *cookie);
-+	int (*dsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
-+			     DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie);
- 	int (*init)(DSA *dsa);
- 	int (*finish)(DSA *dsa);
- 	int flags;
-@@ -151,6 +155,7 @@ struct dsa_method
- 			BN_GENCB *cb);
- 	/* If this is non-NULL, it is used to generate DSA keys */
- 	int (*dsa_keygen)(DSA *dsa);
-+	int (*dsa_keygen_async)(DSA *dsa, struct pkc_cookie_s *cookie);
- 	};
- 
- struct dsa_st
-diff --git a/crypto/ecdh/ech_locl.h b/crypto/ecdh/ech_locl.h
-index f6cad6a..adce6b3 100644
---- a/crypto/ecdh/ech_locl.h
-+++ b/crypto/ecdh/ech_locl.h
-@@ -67,6 +67,9 @@ struct ecdh_method
- 	const char *name;
- 	int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
- 	                   void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
-+	int (*compute_key_async)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
-+	                   void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen),
-+	                   struct pkc_cookie_s *cookie);
- #if 0
- 	int (*init)(EC_KEY *eckey);
- 	int (*finish)(EC_KEY *eckey);
-diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h
-index cb3be13..eb0ebe0 100644
---- a/crypto/ecdsa/ecs_locl.h
-+++ b/crypto/ecdsa/ecs_locl.h
-@@ -74,6 +74,11 @@ struct ecdsa_method
- 			BIGNUM **r);
- 	int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, 
- 			const ECDSA_SIG *sig, EC_KEY *eckey);
-+	 int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len,
-+			const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey,
-+			ECDSA_SIG *sig, struct pkc_cookie_s *cookie);
-+	int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
-+			const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie);
- #if 0
- 	int (*init)(EC_KEY *eckey);
- 	int (*finish)(EC_KEY *eckey);
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 7ee314b..9f2416e 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1281,6 +1281,56 @@ zapparams(struct crypt_kop *kop)
- 	}
- }
- 
-+/* Any PKC request has at max 2 output parameters and they are stored here to
-+be used while copying in the check availability */
-+struct cryptodev_cookie_s {
-+	BIGNUM *r;
-+	struct crparam r_param;
-+	BIGNUM *s;
-+	struct crparam s_param;
-+	struct crypt_kop *kop;
-+};
-+
-+static int
-+cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
-+					BIGNUM *s)
-+{
-+	int fd;
-+	struct pkc_cookie_s *cookie = kop->cookie;
-+	struct cryptodev_cookie_s *eng_cookie;
-+
-+	fd = *(int *)cookie->eng_handle;
-+
-+	eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
-+
-+	if (eng_cookie) {
-+		memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
-+		if (r) {
-+			kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
-+			if (!kop->crk_param[kop->crk_iparams].crp_p)
-+				return -ENOMEM;
-+			kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
-+			kop->crk_oparams++;
-+			eng_cookie->r = r;
-+			eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
-+		}
-+		if (s) {
-+			kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
-+			if (!kop->crk_param[kop->crk_iparams+1].crp_p)
-+				return -ENOMEM;
-+			kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
-+			kop->crk_oparams++;
-+			eng_cookie->s = s;
-+			eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
-+		}
-+	} else
-+		return -ENOMEM;
-+
-+	eng_cookie->kop = kop;
-+	cookie->eng_cookie = eng_cookie;
-+	return ioctl(fd, CIOCASYMASYNCRYPT, kop);
-+}
-+
- static int
- cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
- {
-@@ -1337,6 +1387,44 @@ void *cryptodev_init_instance(void)
- 	return fd;
- }
- 
-+#include <poll.h>
-+
-+/* Return 0 on success and 1 on failure */
-+int cryptodev_check_availability(void *eng_handle)
-+{
-+	int fd = *(int *)eng_handle;
-+	struct pkc_cookie_list_s cookie_list;
-+	struct pkc_cookie_s *cookie;
-+	int i;
-+
-+	/* FETCH COOKIE returns number of cookies extracted */
-+	if (ioctl(fd, CIOCASYMFETCHCOOKIE, &cookie_list) <= 0)
-+		return 1;
-+
-+	for (i = 0; i < cookie_list.cookie_available; i++) {
-+		cookie = cookie_list.cookie[i];
-+		if (cookie) {
-+			struct cryptodev_cookie_s *eng_cookie = cookie->eng_cookie;
-+			if (eng_cookie) {
-+				struct crypt_kop *kop = eng_cookie->kop;
-+
-+				if (eng_cookie->r)
-+					crparam2bn(&eng_cookie->r_param, eng_cookie->r);
-+				if (eng_cookie->s)
-+					crparam2bn(&eng_cookie->s_param, eng_cookie->s);
-+				if (kop->crk_op == CRK_DH_COMPUTE_KEY)
-+					kop->crk_oparams = 0;
-+
-+				zapparams(eng_cookie->kop);
-+				free(eng_cookie->kop);
-+				free (eng_cookie);
-+			}
-+			cookie->pkc_callback(cookie, cookie_list.status[i]);
-+		}
-+	}
-+	return 0;
-+}
-+
- static int
- cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-@@ -1382,6 +1470,63 @@ err:
- }
- 
- static int
-+cryptodev_bn_mod_exp_async(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-+    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont, struct pkc_cookie_s *cookie)
-+{
-+	struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+	int ret = 1;
-+
-+	/* Currently, we know we can do mod exp iff we can do any
-+	 * asymmetric operations at all.
-+	 */
-+	if (cryptodev_asymfeat == 0 || !kop) {
-+		ret = BN_mod_exp(r, a, p, m, ctx);
-+		return (ret);
-+	}
-+
-+	kop->crk_oparams = 0;
-+	kop->crk_status = 0;
-+	kop->crk_op = CRK_MOD_EXP;
-+	kop->cookie = cookie;
-+	/* inputs: a^p % m */
-+	if (bn2crparam(a, &kop->crk_param[0]))
-+		goto err;
-+	if (bn2crparam(p, &kop->crk_param[1]))
-+		goto err;
-+	if (bn2crparam(m, &kop->crk_param[2]))
-+		goto err;
-+
-+	kop->crk_iparams = 3;
-+	if (cryptodev_asym_async(kop, BN_num_bytes(m), r, 0, NULL))
-+		goto err;
-+
-+	return ret;
-+err:
-+	{
-+		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-+
-+		if (kop)
-+			free(kop);
-+		ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
-+		if (ret)
-+			/* Call the completion handler immediately */
-+			cookie->pkc_callback(cookie, 0);
-+	}
-+	return ret;
-+}
-+
-+static int
-+cryptodev_rsa_nocrt_mod_exp_async(BIGNUM *r0, const BIGNUM *I,
-+		RSA *rsa, BN_CTX *ctx, struct pkc_cookie_s *cookie)
-+{
-+	int r;
-+	ctx = BN_CTX_new();
-+	r = cryptodev_bn_mod_exp_async(r0, I, rsa->d, rsa->n, ctx, NULL, cookie);
-+	BN_CTX_free(ctx);
-+	return r;
-+}
-+
-+static int
- cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- 	int r;
-@@ -1446,6 +1591,62 @@ err:
- 	return (ret);
- }
- 
-+static int
-+cryptodev_rsa_mod_exp_async(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx,
-+				struct pkc_cookie_s *cookie)
-+{
-+	struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+	int ret = 1, f_len, p_len, q_len;
-+	unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq = NULL, *c = NULL;
-+
-+	if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp || !kop) {
-+		return (0);
-+	}
-+
-+	kop->crk_oparams = 0;
-+	kop->crk_status = 0;
-+	kop->crk_op = CRK_MOD_EXP_CRT;
-+	f_len = BN_num_bytes(rsa->n);
-+	spcf_bn2bin_ex(I, &f, &f_len);
-+	spcf_bn2bin(rsa->p, &p, &p_len);
-+	spcf_bn2bin(rsa->q, &q, &q_len);
-+	spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
-+	spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
-+	spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
-+	/* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
-+	kop->crk_param[0].crp_p = p;
-+	kop->crk_param[0].crp_nbits = p_len * 8;
-+	kop->crk_param[1].crp_p = q;
-+	kop->crk_param[1].crp_nbits = q_len * 8;
-+	kop->crk_param[2].crp_p = f;
-+	kop->crk_param[2].crp_nbits = f_len * 8;
-+	kop->crk_param[3].crp_p = dp;
-+	kop->crk_param[3].crp_nbits = p_len * 8;
-+	/* dq must of length q, rest all of length p*/
-+	kop->crk_param[4].crp_p = dq;
-+	kop->crk_param[4].crp_nbits = q_len * 8;
-+	kop->crk_param[5].crp_p = c;
-+	kop->crk_param[5].crp_nbits = p_len * 8;
-+	kop->crk_iparams = 6;
-+	kop->cookie = cookie;
-+	if (cryptodev_asym_async(kop, BN_num_bytes(rsa->n), r0, 0, NULL))
-+		goto err;
-+
-+	return ret;
-+err:
-+	{
-+		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-+
-+		if (kop)
-+			free(kop);
-+		ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
-+		if (ret)
-+			/* Call user completion handler immediately */
-+			cookie->pkc_callback(cookie, 0);
-+	}
-+	return (ret);
-+}
-+
- static RSA_METHOD cryptodev_rsa = {
- 	"cryptodev RSA method",
- 	NULL,				/* rsa_pub_enc */
-@@ -1454,6 +1655,12 @@ static RSA_METHOD cryptodev_rsa = {
- 	NULL,				/* rsa_priv_dec */
- 	NULL,
- 	NULL,
-+	NULL,				/* rsa_pub_enc */
-+	NULL,				/* rsa_pub_dec */
-+	NULL,				/* rsa_priv_enc */
-+	NULL,				/* rsa_priv_dec */
-+	NULL,
-+	NULL,
- 	NULL,				/* init */
- 	NULL,				/* finish */
- 	0,				/* flags */
-@@ -1751,126 +1958,424 @@ sw_try:
- 	return ret;
- }
- 
-+/* Cryptodev DSA Key Gen routine */
-+static int cryptodev_dsa_keygen_async(DSA *dsa,  struct pkc_cookie_s *cookie)
-+{
-+	struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+	int ret = 1, g_len;
-+	unsigned char *g = NULL;
- 
-+	if (!kop)
-+		goto sw_try;
- 
--static DSA_METHOD cryptodev_dsa = {
--	"cryptodev DSA method",
--	NULL,
--	NULL,				/* dsa_sign_setup */
--	NULL,
--	NULL,				/* dsa_mod_exp */
--	NULL,
--	NULL,				/* init */
--	NULL,				/* finish */
--	0,	/* flags */
--	NULL	/* app_data */
--};
-+	if (dsa->priv_key == NULL)	{
-+		if ((dsa->priv_key=BN_new()) == NULL)
-+			goto sw_try;
-+	}
- 
--static ECDSA_METHOD cryptodev_ecdsa = {
--	"cryptodev ECDSA method",
--	NULL,
--	NULL,				/* ecdsa_sign_setup */
--	NULL,
--	NULL,
--	0,	/* flags */
--	NULL	/* app_data */
--};
-+	if (dsa->pub_key == NULL) {
-+		if ((dsa->pub_key=BN_new()) == NULL)
-+			goto sw_try;
-+	}
- 
--typedef enum ec_curve_s
--{
--	EC_PRIME,
--	EC_BINARY
--} ec_curve_t;
-+	g_len = BN_num_bytes(dsa->p);
-+	/**
-+	 * Get generator into a plain buffer. If length is less than
-+	 * q_len then add leading padding bytes.
-+	 */
-+	if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+		DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+		goto sw_try;
-+	}
- 
--/* ENGINE handler for ECDSA Sign */
--static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
--	int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
--{
--	BIGNUM	*m = NULL, *p = NULL, *a = NULL;
--	BIGNUM  *b = NULL, *x = NULL, *y = NULL;
--	BN_CTX  *ctx = NULL;
--	ECDSA_SIG *ret = NULL;
--	ECDSA_DATA *ecdsa = NULL;
--	unsigned char  * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
--	unsigned char  * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
--	int	i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
--	int	g_len = 0, d_len = 0, ab_len = 0;
--	const BIGNUM   *order = NULL, *priv_key=NULL;
--	const EC_GROUP *group = NULL;
--	struct crypt_kop kop;
--	ec_curve_t ec_crv = EC_PRIME;
-+	memset(kop, 0, sizeof(struct crypt_kop));
-+	kop->crk_op = CRK_DSA_GENERATE_KEY;
-+	if (bn2crparam(dsa->p, &kop->crk_param[0]))
-+		goto sw_try;
-+	if (bn2crparam(dsa->q, &kop->crk_param[1]))
-+		goto sw_try;
-+	kop->crk_param[2].crp_p = g;
-+	kop->crk_param[2].crp_nbits = g_len * 8;
-+	kop->crk_iparams = 3;
-+	kop->cookie = cookie;
- 
--	memset(&kop, 0, sizeof(kop));
--	ecdsa = ecdsa_check(eckey);
--	if (!ecdsa) {
--		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
--		return NULL;
-+	/* pub_key is or prime length while priv key is of length of order */
-+	if (cryptodev_asym_async(kop, BN_num_bytes(dsa->p), dsa->pub_key,
-+	    BN_num_bytes(dsa->q), dsa->priv_key))
-+	    goto sw_try;
-+
-+	return ret;
-+sw_try:
-+	{
-+		const DSA_METHOD *meth = DSA_OpenSSL();
-+
-+		if (kop)
-+			free(kop);
-+		ret = (meth->dsa_keygen)(dsa);
-+		cookie->pkc_callback(cookie, 0);
- 	}
-+	return ret;
-+}
- 
--	group = EC_KEY_get0_group(eckey);
--	priv_key = EC_KEY_get0_private_key(eckey);
-+static int
-+cryptodev_dsa_do_sign_async(const unsigned char *dgst, int dlen, DSA *dsa,
-+			DSA_SIG *sig, struct pkc_cookie_s *cookie)
-+{
-+	struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+	DSA_SIG *dsaret = NULL;
-+	int q_len = 0, r_len = 0, g_len = 0;
-+	int priv_key_len = 0, ret = 1;
-+	unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f = NULL;
- 
--	if (!group || !priv_key) {
--		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
--		return NULL;
-+	if (((sig->r = BN_new()) == NULL) || !kop) {
-+		DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+		goto err;
- 	}
- 
--	if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
--		(a = BN_new()) == NULL || (b = BN_new()) == NULL ||
--		(p = BN_new()) == NULL || (x = BN_new()) == NULL ||
--		(y = BN_new()) == NULL) {
--		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+	if ((sig->s = BN_new()) == NULL) {
-+		BN_free(sig->r);
-+		DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- 		goto err;
- 	}
- 
--	order = &group->order;
--	if (!order || BN_is_zero(order)) {
--		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
-+	if (spcf_bn2bin(dsa->p, &q, &q_len)) {
-+		DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
- 		goto err;
- 	}
- 
--	i = BN_num_bits(order);
--	/* Need to truncate digest if it is too long: first truncate whole
--	 bytes */
--	if (8 * dgst_len > i)
--		dgst_len = (i + 7)/8;
-+	/* Get order of the field of private keys into plain buffer */
-+	if (spcf_bn2bin (dsa->q, &r, &r_len)) {
-+		DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+ 	}
- 
--	if (!BN_bin2bn(dgst, dgst_len, m)) {
--		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+	/* sanity test */
-+	if (dlen > r_len) {
-+		DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
- 		goto err;
- 	}
- 
--	/* If still too long truncate remaining bits with a shift */
--	if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
--		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+	g_len = q_len;
-+	/**
-+	 * Get generator into a plain buffer. If length is less than
-+	 * q_len then add leading padding bytes.
-+	 */
-+	if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+		DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- 		goto err;
- 	}
- 
--	/* copy the truncated bits into plain buffer */
--	if (spcf_bn2bin(m, &tmp_dgst, &dgst_len))  {
--		fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__);
-+	priv_key_len = r_len;
-+	/**
-+	 * Get private key into a plain buffer. If length is less than
-+	 * r_len then add leading padding bytes.
-+	 */
-+	 if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) {
-+		DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- 		goto err;
- 	}
- 
--	ret = ECDSA_SIG_new();
--	if  (!ret) {
--		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+	/* Allocate memory to store hash. */
-+	f = OPENSSL_malloc (r_len);
-+	if (!f) {
-+		DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- 		goto err;
- 	}
- 
--	/* check if this is prime or binary EC request */
--	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
--		ec_crv = EC_PRIME;
--		/* get the generator point pair */
--		if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group),
--			x, y,ctx)) {
--			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
--			goto err;
--		}
-+	/* Add padding, since SEC expects hash to of size r_len */
-+	if (dlen < r_len)
-+		memset(f, 0, r_len - dlen);
- 
--		/* get the ECC curve parameters */
--		if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) {
--			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+	/* Skip leading bytes if dgst_len < r_len */
-+	memcpy(f + r_len - dlen, dgst, dlen);
-+
-+	dlen = r_len;
-+
-+	memset(kop, 0, sizeof( struct crypt_kop));
-+	kop->crk_op = CRK_DSA_SIGN;
-+
-+	/* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+	kop->crk_param[0].crp_p = (void*)f;
-+	kop->crk_param[0].crp_nbits = dlen * 8;
-+	kop->crk_param[1].crp_p = (void*)q;
-+	kop->crk_param[1].crp_nbits = q_len * 8;
-+	kop->crk_param[2].crp_p = (void*)r;
-+	kop->crk_param[2].crp_nbits = r_len * 8;
-+	kop->crk_param[3].crp_p = (void*)g;
-+	kop->crk_param[3].crp_nbits = g_len * 8;
-+	kop->crk_param[4].crp_p = (void*)priv_key;
-+	kop->crk_param[4].crp_nbits = priv_key_len * 8;
-+	kop->crk_iparams = 5;
-+	kop->cookie = cookie;
-+
-+	if (cryptodev_asym_async(kop, r_len, sig->r, r_len, sig->s))
-+	    goto err;
-+
-+	return ret;
-+err:
-+	{
-+		const DSA_METHOD *meth = DSA_OpenSSL();
-+
-+		if (kop)
-+			free(kop);
-+		BN_free(sig->r);
-+		BN_free(sig->s);
-+		dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
-+		sig->r = dsaret->r;
-+		sig->s = dsaret->s;
-+		/* Call user callback immediately */
-+		cookie->pkc_callback(cookie, 0);
-+		ret = dsaret;
-+	}
-+	return ret;
-+}
-+
-+static int
-+cryptodev_dsa_verify_async(const unsigned char *dgst, int dlen,
-+    DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie)
-+{
-+	struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+	int q_len = 0, r_len = 0, g_len = 0;
-+	int w_len = 0 ,c_len = 0, d_len = 0, ret = 1;
-+	unsigned char   * q = NULL, * r = NULL, * w = NULL, * g = NULL;
-+	unsigned char   *c = NULL, * d = NULL, *f = NULL;
-+
-+	if (!kop)
-+		goto err;
-+
-+	if (spcf_bn2bin(dsa->p, &q, &q_len)) {
-+		DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		return ret;
-+	}
-+
-+	/* Get Order of field of private keys */
-+	if (spcf_bn2bin(dsa->q, &r, &r_len)) {
-+		DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	g_len = q_len;
-+	/**
-+	 * Get generator into a plain buffer. If length is less than
-+	 * q_len then add leading padding bytes.
-+	 */
-+	if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+		DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+	w_len = q_len;
-+	/**
-+	 * Get public key into a plain buffer. If length is less than
-+	 * q_len then add leading padding bytes.
-+	 */
-+	if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) {
-+		DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+	/**
-+	 * Get the 1st part of signature into a flat buffer with
-+	 * appropriate padding
-+	 */
-+	c_len = r_len;
-+
-+	if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/**
-+	 * Get the 2nd part of signature into a flat buffer with
-+	 * appropriate padding
-+	 */
-+	d_len = r_len;
-+
-+	if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+
-+	/* Sanity test */
-+	if (dlen > r_len) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/* Allocate memory to store hash. */
-+	f = OPENSSL_malloc (r_len);
-+	if (!f) {
-+		DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/* Add padding, since SEC expects hash to of size r_len */
-+	if (dlen < r_len)
-+		memset(f, 0, r_len - dlen);
-+
-+	/* Skip leading bytes if dgst_len < r_len */
-+	memcpy(f + r_len - dlen, dgst, dlen);
-+
-+	dlen = r_len;
-+	memset(kop, 0, sizeof(struct crypt_kop));
-+
-+	/* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
-+	kop->crk_param[0].crp_p = (void*)f;
-+	kop->crk_param[0].crp_nbits = dlen * 8;
-+	kop->crk_param[1].crp_p = q;
-+	kop->crk_param[1].crp_nbits = q_len * 8;
-+	kop->crk_param[2].crp_p = r;
-+	kop->crk_param[2].crp_nbits = r_len * 8;
-+	kop->crk_param[3].crp_p = g;
-+	kop->crk_param[3].crp_nbits = g_len * 8;
-+	kop->crk_param[4].crp_p = w;
-+	kop->crk_param[4].crp_nbits = w_len * 8;
-+	kop->crk_param[5].crp_p = c;
-+	kop->crk_param[5].crp_nbits = c_len * 8;
-+	kop->crk_param[6].crp_p = d;
-+	kop->crk_param[6].crp_nbits = d_len * 8;
-+	kop->crk_iparams = 7;
-+	kop->crk_op = CRK_DSA_VERIFY;
-+	kop->cookie = cookie;
-+	if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
-+		goto err;
-+
-+	return ret;
-+err:
-+	{
-+		const DSA_METHOD *meth = DSA_OpenSSL();
-+
-+		if (kop)
-+			free(kop);
-+
-+		ret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
-+		cookie->pkc_callback(cookie, 0);
-+	}
-+	return ret;
-+}
-+
-+static DSA_METHOD cryptodev_dsa = {
-+	"cryptodev DSA method",
-+	NULL,
-+	NULL,				/* dsa_sign_setup */
-+	NULL,
-+	NULL,				/* dsa_mod_exp */
-+	NULL,
-+	NULL,
-+	NULL,
-+	NULL,
-+	NULL,				/* init */
-+	NULL,				/* finish */
-+	0,	/* flags */
-+	NULL	/* app_data */
-+};
-+
-+static ECDSA_METHOD cryptodev_ecdsa = {
-+	"cryptodev ECDSA method",
-+	NULL,
-+	NULL,				/* ecdsa_sign_setup */
-+	NULL,
-+	NULL,
-+	NULL,
-+	NULL,
-+	0,	/* flags */
-+	NULL	/* app_data */
-+};
-+
-+typedef enum ec_curve_s
-+{
-+	EC_PRIME,
-+	EC_BINARY
-+} ec_curve_t;
-+
-+/* ENGINE handler for ECDSA Sign */
-+static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
-+	int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
-+{
-+	BIGNUM	*m = NULL, *p = NULL, *a = NULL;
-+	BIGNUM  *b = NULL, *x = NULL, *y = NULL;
-+	BN_CTX  *ctx = NULL;
-+	ECDSA_SIG *ret = NULL;
-+	ECDSA_DATA *ecdsa = NULL;
-+	unsigned char  * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
-+	unsigned char  * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
-+	int	i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
-+	int	g_len = 0, d_len = 0, ab_len = 0;
-+	const BIGNUM   *order = NULL, *priv_key=NULL;
-+	const EC_GROUP *group = NULL;
-+	struct crypt_kop kop;
-+	ec_curve_t ec_crv = EC_PRIME;
-+
-+	memset(&kop, 0, sizeof(kop));
-+	ecdsa = ecdsa_check(eckey);
-+	if (!ecdsa) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+		return NULL;
-+	}
-+
-+	group = EC_KEY_get0_group(eckey);
-+	priv_key = EC_KEY_get0_private_key(eckey);
-+
-+	if (!group || !priv_key) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+		return NULL;
-+	}
-+
-+	if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+		(a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+		(p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+		(y = BN_new()) == NULL) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	order = &group->order;
-+	if (!order || BN_is_zero(order)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
-+		goto err;
-+	}
-+
-+	i = BN_num_bits(order);
-+	/* Need to truncate digest if it is too long: first truncate whole
-+	 bytes */
-+	if (8 * dgst_len > i)
-+		dgst_len = (i + 7)/8;
-+
-+	if (!BN_bin2bn(dgst, dgst_len, m)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+		goto err;
-+	}
-+
-+	/* If still too long truncate remaining bits with a shift */
-+	if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+		goto err;
-+	}
-+
-+	/* copy the truncated bits into plain buffer */
-+	if (spcf_bn2bin(m, &tmp_dgst, &dgst_len))  {
-+		fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__);
-+		goto err;
-+	}
-+
-+	ret = ECDSA_SIG_new();
-+	if  (!ret) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+		goto err;
-+	}
-+
-+	/* check if this is prime or binary EC request */
-+	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
-+		ec_crv = EC_PRIME;
-+		/* get the generator point pair */
-+		if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group),
-+			x, y,ctx)) {
-+			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+			goto err;
-+		}
-+
-+		/* get the ECC curve parameters */
-+		if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) {
-+			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
- 			goto err;
- 		}
- 	} else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) {
-@@ -2195,63 +2700,581 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
- 	}
- 
- 	/**
--	 * Get the 2nd part of signature into a flat buffer with
--	 * appropriate padding
-+	 * Get the 2nd part of signature into a flat buffer with
-+	 * appropriate padding
-+	 */
-+	if (BN_num_bytes(sig->s) < r_len)
-+		d_len = r_len;
-+
-+	if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/* memory for message representative */
-+	f = malloc(r_len);
-+	if (!f) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/* Add padding, since SEC expects hash to of size r_len */
-+	memset(f, 0, r_len-dgst_len);
-+
-+	/* Skip leading bytes if dgst_len < r_len */
-+	memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len);
-+	dgst_len += r_len-dgst_len;
-+	kop.crk_op = CRK_DSA_VERIFY;
-+	/* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+	kop.crk_param[0].crp_p = f;
-+	kop.crk_param[0].crp_nbits = dgst_len * 8;
-+	kop.crk_param[1].crp_p = q;
-+	kop.crk_param[1].crp_nbits = q_len * 8;
-+	kop.crk_param[2].crp_p = r;
-+	kop.crk_param[2].crp_nbits = r_len * 8;
-+	kop.crk_param[3].crp_p = g_xy;
-+	kop.crk_param[3].crp_nbits = g_len * 8;
-+	kop.crk_param[4].crp_p = w_xy;
-+	kop.crk_param[4].crp_nbits = pub_key_len * 8;
-+	kop.crk_param[5].crp_p = ab;
-+	kop.crk_param[5].crp_nbits = ab_len * 8;
-+	kop.crk_param[6].crp_p = c;
-+	kop.crk_param[6].crp_nbits = d_len * 8;
-+	kop.crk_param[7].crp_p = d;
-+	kop.crk_param[7].crp_nbits = d_len * 8;
-+	kop.crk_iparams = 8;
-+
-+	if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-+		/*OCF success value is 0, if not zero, change ret to fail*/
-+		if(0 == kop.crk_status)
-+			ret  = 1;
-+	} else {
-+		const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+
-+		ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey);
-+	}
-+	kop.crk_param[0].crp_p = NULL;
-+	zapparams(&kop);
-+
-+err:
-+	return ret;
-+}
-+
-+static int cryptodev_ecdsa_do_sign_async( const unsigned char  *dgst,
-+	int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey,
-+	ECDSA_SIG *sig, struct pkc_cookie_s *cookie)
-+{
-+	BIGNUM	*m = NULL, *p = NULL, *a = NULL;
-+	BIGNUM  *b = NULL, *x = NULL, *y = NULL;
-+	BN_CTX  *ctx = NULL;
-+	ECDSA_SIG *sig_ret = NULL;
-+	ECDSA_DATA *ecdsa = NULL;
-+	unsigned char  * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
-+	unsigned char  * s = NULL, *f = NULL, *tmp_dgst = NULL;
-+	int	i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
-+	int	g_len = 0, ab_len = 0, ret = 1;
-+	const BIGNUM   *order = NULL, *priv_key=NULL;
-+	const EC_GROUP *group = NULL;
-+	struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+	ec_curve_t ec_crv = EC_PRIME;
-+
-+	if (!(sig->r = BN_new()) || !kop)
-+		goto err;
-+	if ((sig->s = BN_new()) == NULL) {
-+		BN_free(r);
-+		goto err;
-+	}
-+
-+	memset(kop, 0, sizeof(struct crypt_kop));
-+	ecdsa = ecdsa_check(eckey);
-+	if (!ecdsa) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+		goto err;
-+	}
-+
-+	group = EC_KEY_get0_group(eckey);
-+	priv_key = EC_KEY_get0_private_key(eckey);
-+
-+	if (!group || !priv_key) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+		goto err;
-+	}
-+
-+	if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+		(a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+		(p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+		(y = BN_new()) == NULL) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	order = &group->order;
-+	if (!order || BN_is_zero(order)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
-+		goto err;
-+	}
-+
-+	i = BN_num_bits(order);
-+	/* Need to truncate digest if it is too long: first truncate whole
-+	 bytes */
-+	if (8 * dgst_len > i)
-+		dgst_len = (i + 7)/8;
-+
-+	if (!BN_bin2bn(dgst, dgst_len, m)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+		goto err;
-+	}
-+
-+	/* If still too long truncate remaining bits with a shift */
-+	if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+		goto err;
-+	}
-+
-+	/* copy the truncated bits into plain buffer */
-+	if (spcf_bn2bin(m, &tmp_dgst, &dgst_len))  {
-+		fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__);
-+		goto err;
-+	}
-+
-+	/* check if this is prime or binary EC request */
-+	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group))
-+				== NID_X9_62_prime_field) {
-+		ec_crv = EC_PRIME;
-+		/* get the generator point pair */
-+		if (!EC_POINT_get_affine_coordinates_GFp (group,
-+			EC_GROUP_get0_generator(group), x, y,ctx)) {
-+			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+			goto err;
-+		}
-+
-+		/* get the ECC curve parameters */
-+		if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) {
-+			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+			goto err;
-+		}
-+	} else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) {
-+		ec_crv = EC_BINARY;
-+		/* get the ECC curve parameters */
-+		if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
-+			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+			goto err;
-+		}
-+
-+		/* get the generator point pair */
-+		if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+			EC_GROUP_get0_generator(group), x, y,ctx)) {
-+			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+			goto err;
-+		}
-+	} else {
-+		printf("Unsupported Curve\n");
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+		goto err;
-+	}
-+
-+	if (spcf_bn2bin(order, &r, &r_len)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	if (spcf_bn2bin(p, &q, &q_len)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	priv_key_len = r_len;
-+
-+	/**
-+	 * If BN_num_bytes of priv_key returns less then r_len then
-+	 * add padding bytes before the key
-+	 */
-+	if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len))  {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/* Generation of ECC curve parameters */
-+	ab_len = 2*q_len;
-+	ab = eng_copy_curve_points(a, b, ab_len, q_len);
-+	if (!ab) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	if (ec_crv == EC_BINARY) {
-+		if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
-+		{
-+			unsigned char *c_temp = NULL;
-+			int c_temp_len = q_len;
-+			if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+				memcpy(ab+q_len, c_temp, q_len);
-+			else
-+				goto err;
-+		}
-+		kop->curve_type = ECC_BINARY;
-+	}
-+
-+	/* Calculation of Generator point */
-+	g_len = 2*q_len;
-+	g_xy = eng_copy_curve_points(x, y, g_len, q_len);
-+	if (!g_xy) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/* memory for message representative */
-+	f = malloc(r_len);
-+	if (!f) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/* Add padding, since SEC expects hash to of size r_len */
-+	memset(f, 0, r_len - dgst_len);
-+
-+	/* Skip leading bytes if dgst_len < r_len */
-+	memcpy(f +  r_len - dgst_len, tmp_dgst, dgst_len);
-+
-+	dgst_len +=  r_len - dgst_len;
-+
-+	kop->crk_op = CRK_DSA_SIGN;
-+	/* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+	kop->crk_param[0].crp_p = f;
-+	kop->crk_param[0].crp_nbits = dgst_len * 8;
-+	kop->crk_param[1].crp_p = q;
-+	kop->crk_param[1].crp_nbits = q_len * 8;
-+	kop->crk_param[2].crp_p = r;
-+	kop->crk_param[2].crp_nbits = r_len * 8;
-+	kop->crk_param[3].crp_p = g_xy;
-+	kop->crk_param[3].crp_nbits = g_len * 8;
-+	kop->crk_param[4].crp_p = s;
-+	kop->crk_param[4].crp_nbits = priv_key_len * 8;
-+	kop->crk_param[5].crp_p = ab;
-+	kop->crk_param[5].crp_nbits = ab_len * 8;
-+	kop->crk_iparams = 6;
-+	kop->cookie = cookie;
-+
-+	if (cryptodev_asym_async(kop, r_len, sig->r , r_len, sig->s))
-+		goto err;
-+
-+	return ret;
-+err:
-+	{
-+		const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+		BN_free(sig->r);
-+		BN_free(sig->s);
-+		if (kop)
-+			free(kop);
-+		sig_ret = (meth->ecdsa_do_sign)(dgst, dgst_len, in_kinv, in_r, eckey);
-+		sig->r = sig_ret->r;
-+		sig->s = sig_ret->s;
-+		cookie->pkc_callback(cookie, 0);
-+	}
-+	return ret;
-+}
-+
-+static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len,
-+		const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie)
-+{
-+	BIGNUM	*m = NULL, *p = NULL, *a = NULL, *b = NULL;
-+	BIGNUM	*x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
-+  	BN_CTX	*ctx = NULL;
-+	ECDSA_DATA	*ecdsa = NULL;
-+	unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy = NULL;
-+	unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
-+	int	i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0;
-+	int	d_len = 0, ab_len = 0, ret = 1;
-+	const EC_POINT *pub_key = NULL;
-+	const BIGNUM   *order = NULL;
-+	const EC_GROUP *group=NULL;
-+	ec_curve_t       ec_crv = EC_PRIME;
-+	struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+
-+	if (!kop)
-+		goto err;
-+
-+	memset(kop, 0, sizeof(struct crypt_kop));
-+	ecdsa = ecdsa_check(eckey);
-+	if (!ecdsa) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
-+		goto err;
-+	}
-+
-+	group    = EC_KEY_get0_group(eckey);
-+	pub_key  = EC_KEY_get0_public_key(eckey);
-+
-+	if (!group || !pub_key) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
-+		goto err;
-+	}
-+
-+	if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+		(a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+		(p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+		(y = BN_new()) == NULL || (w_x = BN_new()) == NULL ||
-+		(w_y = BN_new()) == NULL) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	order = &group->order;
-+	if (!order || BN_is_zero(order)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
-+		goto err;
-+	}
-+
-+	i = BN_num_bits(order);
-+	/* Need to truncate digest if it is too long: first truncate whole
-+	* bytes */
-+	if (8 * dgst_len > i)
-+		dgst_len = (i + 7)/8;
-+
-+	if (!BN_bin2bn(dgst, dgst_len, m)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-+		goto err;
-+	}
-+
-+	/* If still too long truncate remaining bits with a shift */
-+	if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-+		goto err;
-+	}
-+	/* copy the truncated bits into plain buffer */
-+	if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/* check if this is prime or binary EC request */
-+	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
-+		ec_crv = EC_PRIME;
-+
-+		/* get the generator point pair */
-+		if (!EC_POINT_get_affine_coordinates_GFp (group,
-+			EC_GROUP_get0_generator(group), x, y,ctx)) {
-+			ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+			goto err;
-+		}
-+
-+		/* get the public key pair for prime curve */
-+		if (!EC_POINT_get_affine_coordinates_GFp (group,
-+			pub_key, w_x, w_y,ctx)) {
-+			ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+			goto err;
-+		}
-+
-+		/* get the ECC curve parameters */
-+		if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+			ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+			goto err;
-+		}
-+	} else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field){
-+		ec_crv = EC_BINARY;
-+		/* get the ECC curve parameters */
-+		if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
-+			ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+			goto err;
-+		}
-+
-+		/* get the generator point pair */
-+		if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+			EC_GROUP_get0_generator(group),x, y,ctx)) {
-+			ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+			goto err;
-+		}
-+
-+		/* get the public key pair for binary curve */
-+		if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+			pub_key, w_x, w_y,ctx)) {
-+			ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+			goto err;
-+		}
-+	}else {
-+		printf("Unsupported Curve\n");
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+		goto err;
-+	}
-+
-+	/* Get the order of the subgroup of private keys */
-+	if (spcf_bn2bin((BIGNUM*)order, &r, &r_len)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/* Get the irreducible polynomial that creates the field */
-+	if (spcf_bn2bin(p, &q, &q_len)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/* Get the public key into a flat buffer with appropriate padding */
-+	pub_key_len = 2 * q_len;
-+
-+	w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len);
-+	if (!w_xy) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/* Generation of ECC curve parameters */
-+	ab_len = 2*q_len;
-+
-+	ab = eng_copy_curve_points (a, b, ab_len, q_len);
-+	if (!ab) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	if (ec_crv == EC_BINARY) {
-+		/* copy b' i.e c(b), instead of only b */
-+		eng_ec_get_cparam (EC_GROUP_get_curve_name(group),
-+			ab+q_len, q_len);
-+		kop->curve_type = ECC_BINARY;
-+	}
-+
-+	/* Calculation of Generator point */
-+	g_len = 2 * q_len;
-+
-+	g_xy = eng_copy_curve_points (x, y, g_len, q_len);
-+	if (!g_xy) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/**
-+	 * Get the 1st part of signature into a flat buffer with
-+	 * appropriate padding
-+	 */
-+	if (BN_num_bytes(sig->r) < r_len)
-+		c_len = r_len;
-+
-+	if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/**
-+	 * Get the 2nd part of signature into a flat buffer with
-+	 * appropriate padding
-+	 */
-+	if (BN_num_bytes(sig->s) < r_len)
-+		d_len = r_len;
-+
-+	if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/* memory for message representative */
-+	f = malloc(r_len);
-+	if (!f) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/* Add padding, since SEC expects hash to of size r_len */
-+	memset(f, 0, r_len-dgst_len);
-+
-+	/* Skip leading bytes if dgst_len < r_len */
-+	memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len);
-+
-+	dgst_len += r_len-dgst_len;
-+
-+	kop->crk_op = CRK_DSA_VERIFY;
-+	/* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+	kop->crk_param[0].crp_p = f;
-+	kop->crk_param[0].crp_nbits = dgst_len * 8;
-+	kop->crk_param[1].crp_p = q;
-+	kop->crk_param[1].crp_nbits = q_len * 8;
-+	kop->crk_param[2].crp_p = r;
-+	kop->crk_param[2].crp_nbits = r_len * 8;
-+	kop->crk_param[3].crp_p = g_xy;
-+	kop->crk_param[3].crp_nbits = g_len * 8;
-+	kop->crk_param[4].crp_p = w_xy;
-+	kop->crk_param[4].crp_nbits = pub_key_len * 8;
-+	kop->crk_param[5].crp_p = ab;
-+	kop->crk_param[5].crp_nbits = ab_len * 8;
-+	kop->crk_param[6].crp_p = c;
-+	kop->crk_param[6].crp_nbits = d_len * 8;
-+	kop->crk_param[7].crp_p = d;
-+	kop->crk_param[7].crp_nbits = d_len * 8;
-+	kop->crk_iparams = 8;
-+	kop->cookie = cookie;
-+
-+	if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
-+		goto err;
-+
-+	return ret;
-+err:
-+	{
-+		const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+
-+		if (kop)
-+			free(kop);
-+		ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey);
-+		cookie->pkc_callback(cookie, 0);
-+	}
-+
-+	return ret;
-+}
-+
-+/* Cryptodev DH Key Gen routine */
-+static int cryptodev_dh_keygen_async(DH *dh,  struct pkc_cookie_s *cookie)
-+{
-+	struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+	int ret = 1, g_len;
-+	unsigned char *g = NULL;
-+
-+	if (!kop)
-+		goto sw_try;
-+
-+	if (dh->priv_key == NULL)	{
-+		if ((dh->priv_key=BN_new()) == NULL)
-+			goto sw_try;
-+	}
-+
-+	if (dh->pub_key == NULL) {
-+		if ((dh->pub_key=BN_new()) == NULL)
-+			goto sw_try;
-+	}
-+
-+	g_len = BN_num_bytes(dh->p);
-+	/**
-+	 * Get generator into a plain buffer. If length is less than
-+	 * q_len then add leading padding bytes.
- 	 */
--	if (BN_num_bytes(sig->s) < r_len)
--		d_len = r_len;
--
--	if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
--		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
--		goto err;
--	}
--
--	/* memory for message representative */
--	f = malloc(r_len);
--	if (!f) {
--		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
--		goto err;
-+	if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
-+		DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+		goto sw_try;
- 	}
- 
--	/* Add padding, since SEC expects hash to of size r_len */
--	memset(f, 0, r_len-dgst_len);
-+	memset(kop, 0, sizeof(struct crypt_kop));
-+	kop->crk_op = CRK_DH_GENERATE_KEY;
-+	if (bn2crparam(dh->p, &kop->crk_param[0]))
-+		goto sw_try;
-+	if (bn2crparam(dh->q, &kop->crk_param[1]))
-+		goto sw_try;
-+	kop->crk_param[2].crp_p = g;
-+	kop->crk_param[2].crp_nbits = g_len * 8;
-+	kop->crk_iparams = 3;
-+	kop->cookie = cookie;
- 
--	/* Skip leading bytes if dgst_len < r_len */
--	memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len);
--	dgst_len += r_len-dgst_len;
--	kop.crk_op = CRK_DSA_VERIFY;
--	/* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
--	kop.crk_param[0].crp_p = f;
--	kop.crk_param[0].crp_nbits = dgst_len * 8;
--	kop.crk_param[1].crp_p = q;
--	kop.crk_param[1].crp_nbits = q_len * 8;
--	kop.crk_param[2].crp_p = r;
--	kop.crk_param[2].crp_nbits = r_len * 8;
--	kop.crk_param[3].crp_p = g_xy;
--	kop.crk_param[3].crp_nbits = g_len * 8;
--	kop.crk_param[4].crp_p = w_xy;
--	kop.crk_param[4].crp_nbits = pub_key_len * 8;
--	kop.crk_param[5].crp_p = ab;
--	kop.crk_param[5].crp_nbits = ab_len * 8;
--	kop.crk_param[6].crp_p = c;
--	kop.crk_param[6].crp_nbits = d_len * 8;
--	kop.crk_param[7].crp_p = d;
--	kop.crk_param[7].crp_nbits = d_len * 8;
--	kop.crk_iparams = 8;
-+	/* pub_key is or prime length while priv key is of length of order */
-+	if (cryptodev_asym_async(kop, BN_num_bytes(dh->p), dh->pub_key,
-+	    BN_num_bytes(dh->q), dh->priv_key))
-+	    goto sw_try;
- 
--	if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
--		/*OCF success value is 0, if not zero, change ret to fail*/
--		if(0 == kop.crk_status)
--			ret  = 1;
--	} else {
--		const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+	return ret;
-+sw_try:
-+	{
-+		const DH_METHOD *meth = DH_OpenSSL();
- 
--		ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey);
-+		if (kop)
-+			free(kop);
-+		ret = (meth->generate_key)(dh);
-+		cookie->pkc_callback(cookie, 0);
- 	}
--	kop.crk_param[0].crp_p = NULL;
--	zapparams(&kop);
--
--err:
- 	return ret;
- }
- 
-@@ -2360,6 +3383,54 @@ sw_try:
- 	return (dhret);
- }
- 
-+/* Return Length if successful and 0 on failure */
-+static int
-+cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
-+		DH *dh, struct pkc_cookie_s *cookie)
-+{
-+	struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+	int ret = 1;
-+	int fd, p_len;
-+	unsigned char *padded_pub_key = NULL, *p = NULL;
-+
-+	fd = *(int *)cookie->eng_handle;
-+
-+	memset(kop, 0, sizeof(struct crypt_kop));
-+	kop->crk_op = CRK_DH_COMPUTE_KEY;
-+	/* inputs: dh->priv_key pub_key dh->p key */
-+	spcf_bn2bin(dh->p, &p, &p_len);
-+	spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
-+
-+	if (bn2crparam(dh->priv_key, &kop->crk_param[0]))
-+		goto err;
-+	kop->crk_param[1].crp_p = padded_pub_key;
-+	kop->crk_param[1].crp_nbits = p_len * 8;
-+	kop->crk_param[2].crp_p = p;
-+	kop->crk_param[2].crp_nbits = p_len * 8;
-+	kop->crk_iparams = 3;
-+
-+	kop->cookie = cookie;
-+	kop->crk_param[3].crp_p = (void*) key;
-+	kop->crk_param[3].crp_nbits = p_len * 8;
-+	kop->crk_oparams = 1;
-+
-+	if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
-+		goto err;
-+
-+	return p_len;
-+err:
-+	{
-+		const DH_METHOD *meth = DH_OpenSSL();
-+
-+		if (kop)
-+			free(kop);
-+		ret = (meth->compute_key)(key, pub_key, dh);
-+		/* Call user cookie handler */
-+		cookie->pkc_callback(cookie, 0);
-+	}
-+	return (ret);
-+}
-+
- int cryptodev_ecdh_compute_key(void *out, size_t outlen,
- 	const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
- 	void *out, size_t *outlen))
-@@ -2537,6 +3608,190 @@ err:
- 	return ret;
- }
- 
-+int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
-+	const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
-+	void *out, size_t *outlen), struct pkc_cookie_s *cookie)
-+{
-+	ec_curve_t       ec_crv = EC_PRIME;
-+	unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
-+	BIGNUM         * w_x = NULL, *w_y = NULL;
-+	int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
-+	BIGNUM * p = NULL, *a = NULL, *b = NULL;
-+	BN_CTX *ctx;
-+	EC_POINT *tmp=NULL;
-+	BIGNUM *x=NULL, *y=NULL;
-+	const BIGNUM *priv_key;
-+	const EC_GROUP* group = NULL;
-+	int ret = 1;
-+	size_t buflen, len;
-+	struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+
-+	if (!(ctx = BN_CTX_new()) || !kop)
-+		 goto err;
-+
-+	memset(kop, 0, sizeof(struct crypt_kop));
-+
-+	BN_CTX_start(ctx);
-+	x = BN_CTX_get(ctx);
-+	y = BN_CTX_get(ctx);
-+	p = BN_CTX_get(ctx);
-+	a = BN_CTX_get(ctx);
-+	b = BN_CTX_get(ctx);
-+	w_x = BN_CTX_get(ctx);
-+	w_y = BN_CTX_get(ctx);
-+
-+	if (!x || !y || !p || !a || !b || !w_x || !w_y) {
-+		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	priv_key = EC_KEY_get0_private_key(ecdh);
-+	if (priv_key == NULL) {
-+		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE);
-+		goto err;
-+	}
-+
-+	group = EC_KEY_get0_group(ecdh);
-+	if ((tmp=EC_POINT_new(group)) == NULL) {
-+		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+		NID_X9_62_prime_field) {
-+		ec_crv = EC_PRIME;
-+
-+		if (!EC_POINT_get_affine_coordinates_GFp(group,
-+			EC_GROUP_get0_generator(group), x, y, ctx)) {
-+			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
-+			goto err;
-+		}
-+
-+		/* get the ECC curve parameters */
-+		if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+			goto err;
-+		}
-+
-+		/* get the public key pair for prime curve */
-+		if (!EC_POINT_get_affine_coordinates_GFp (group, pub_key, w_x, w_y,ctx)) {
-+			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+			goto err;
-+		}
-+	} else {
-+		ec_crv = EC_BINARY;
-+
-+		if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+			EC_GROUP_get0_generator(group), x, y, ctx)) {
-+			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
-+			goto err;
-+		}
-+
-+		/* get the ECC curve parameters */
-+		if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
-+			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+			goto err;
-+		}
-+
-+		/* get the public key pair for binary curve */
-+		if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+			pub_key, w_x, w_y,ctx)) {
-+			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+			goto err;
-+		}
-+	}
-+
-+	/* irreducible polynomial that creates the field */
-+	if (spcf_bn2bin((BIGNUM*)&group->order, &r, &r_len)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/* Get the irreducible polynomial that creates the field */
-+	if (spcf_bn2bin(p, &q, &q_len)) {
-+		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+		goto err;
-+	}
-+
-+	/* Get the public key into a flat buffer with appropriate padding */
-+	pub_key_len = 2 * q_len;
-+	w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len);
-+	if (!w_xy) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	/* Generation of ECC curve parameters */
-+	ab_len = 2*q_len;
-+	ab = eng_copy_curve_points (a, b, ab_len, q_len);
-+	if (!ab) {
-+		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+		goto err;
-+	}
-+
-+	if (ec_crv == EC_BINARY) {
-+		/* copy b' i.e c(b), instead of only b */
-+		if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
-+		{
-+			unsigned char *c_temp = NULL;
-+			int c_temp_len = q_len;
-+			if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+				memcpy(ab+q_len, c_temp, q_len);
-+			else
-+				goto err;
-+		}
-+		kop->curve_type = ECC_BINARY;
-+	} else
-+		kop->curve_type = ECC_PRIME;
-+
-+	priv_key_len = r_len;
-+
-+	/*
-+	 * If BN_num_bytes of priv_key returns less then r_len then
-+	 * add padding bytes before the key
-+	 */
-+	if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) {
-+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+	}
-+
-+	buflen = (EC_GROUP_get_degree(group) + 7)/8;
-+	len = BN_num_bytes(x);
-+	if (len > buflen || q_len < buflen) {
-+		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
-+		goto err;
-+	}
-+
-+	kop->crk_op = CRK_DH_COMPUTE_KEY;
-+	kop->crk_param[0].crp_p = (void *) s;
-+	kop->crk_param[0].crp_nbits = priv_key_len*8;
-+	kop->crk_param[1].crp_p = (void *) w_xy;
-+	kop->crk_param[1].crp_nbits = pub_key_len*8;
-+	kop->crk_param[2].crp_p = (void *) q;
-+	kop->crk_param[2].crp_nbits = q_len*8;
-+	kop->crk_param[3].crp_p = (void *) ab;
-+	kop->crk_param[3].crp_nbits = ab_len*8;
-+	kop->crk_iparams = 4;
-+	kop->crk_param[4].crp_p = (void *) out;
-+	kop->crk_param[4].crp_nbits = q_len*8;
-+	kop->crk_oparams = 1;
-+	kop->cookie = cookie;
-+	if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
-+		goto err;
-+
-+	return q_len;
-+err:
-+	{
-+		const ECDH_METHOD *meth = ECDH_OpenSSL();
-+
-+		if (kop)
-+			free(kop);
-+		ret = (meth->compute_key)(out, outlen, pub_key, ecdh, KDF);
-+		/* Call user cookie handler */
-+		cookie->pkc_callback(cookie, 0);
-+	}
-+	return ret;
-+}
- 
- static DH_METHOD cryptodev_dh = {
- 	"cryptodev DH method",
-@@ -2545,6 +3800,8 @@ static DH_METHOD cryptodev_dh = {
- 	NULL,
- 	NULL,
- 	NULL,
-+	NULL,
-+	NULL,
- 	0,	/* flags */
- 	NULL	/* app_data */
- };
-@@ -2553,6 +3810,7 @@ static ECDH_METHOD cryptodev_ecdh = {
- 	"cryptodev ECDH method",
- 	NULL,	/* cryptodev_ecdh_compute_key */
- 	NULL,
-+	NULL,
- 	0,		/* flags */
- 	NULL	/* app_data */
- };
-@@ -2625,12 +3883,19 @@ ENGINE_load_cryptodev(void)
- 		cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
- 		if (cryptodev_asymfeat & CRF_MOD_EXP) {
- 			cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
--			if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
-+			cryptodev_rsa.bn_mod_exp_async =
-+				 cryptodev_bn_mod_exp_async;
-+			if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) {
- 				cryptodev_rsa.rsa_mod_exp =
- 				    cryptodev_rsa_mod_exp;
--			else
-+				cryptodev_rsa.rsa_mod_exp_async =
-+				    cryptodev_rsa_mod_exp_async;
-+			} else {
- 				cryptodev_rsa.rsa_mod_exp =
- 				    cryptodev_rsa_nocrt_mod_exp;
-+				cryptodev_rsa.rsa_mod_exp_async =
-+				    cryptodev_rsa_nocrt_mod_exp_async;
-+			}
- 		}
- 	}
- 
-@@ -2638,12 +3903,21 @@ ENGINE_load_cryptodev(void)
- 		const DSA_METHOD *meth = DSA_OpenSSL();
- 
- 		memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
--		if (cryptodev_asymfeat & CRF_DSA_SIGN)
-+		if (cryptodev_asymfeat & CRF_DSA_SIGN) {
- 			cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
--		if (cryptodev_asymfeat & CRF_DSA_VERIFY)
-+			cryptodev_dsa.dsa_do_sign_async =
-+				 cryptodev_dsa_do_sign_async;
-+		}
-+		if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
- 			cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
--		if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY)
-+			cryptodev_dsa.dsa_do_verify_async =
-+				 cryptodev_dsa_verify_async;
-+		}
-+		if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) {
- 			cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen;
-+			cryptodev_dsa.dsa_keygen_async =
-+				 cryptodev_dsa_keygen_async;
-+		}
- 	}
- 
- 	if (ENGINE_set_DH(engine, &cryptodev_dh)){
-@@ -2652,10 +3926,15 @@ ENGINE_load_cryptodev(void)
- 		if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
- 			cryptodev_dh.compute_key =
- 				cryptodev_dh_compute_key;
-+			cryptodev_dh.compute_key_async =
-+				cryptodev_dh_compute_key_async;
- 		}
- 		if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) {
- 			cryptodev_dh.generate_key =
- 				cryptodev_dh_keygen;
-+			cryptodev_dh.generate_key_async =
-+				cryptodev_dh_keygen_async;
-+
- 		}
- 	}
- 
-@@ -2664,10 +3943,14 @@ ENGINE_load_cryptodev(void)
- 		memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD));
- 		if (cryptodev_asymfeat & CRF_DSA_SIGN) {
- 			cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign;
-+			cryptodev_ecdsa.ecdsa_do_sign_async =
-+				cryptodev_ecdsa_do_sign_async;
- 		}
- 		if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
- 			cryptodev_ecdsa.ecdsa_do_verify =
- 				cryptodev_ecdsa_verify;
-+			cryptodev_ecdsa.ecdsa_do_verify_async =
-+				cryptodev_ecdsa_verify_async;
- 		}
- 	}
- 
-@@ -2676,9 +3959,16 @@ ENGINE_load_cryptodev(void)
- 		memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD));
- 		if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
- 			cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key;
-+			cryptodev_ecdh.compute_key_async =
-+				 cryptodev_ecdh_compute_key_async;
- 		}
- 	}
- 
-+	ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability);
-+	ENGINE_set_close_instance(engine, cryptodev_close_instance);
-+	ENGINE_set_init_instance(engine, cryptodev_init_instance);
-+	ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC);
-+
- 	ENGINE_add(engine);
- 	ENGINE_free(engine);
- 	ERR_clear_error();
-diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
-index 451ef8f..8fc3077 100644
---- a/crypto/engine/eng_int.h
-+++ b/crypto/engine/eng_int.h
-@@ -181,7 +181,29 @@ struct engine_st
- 	ENGINE_LOAD_KEY_PTR load_pubkey;
- 
- 	ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
--
-+	/*
-+	 * Instantiate Engine handle to be passed in check_pkc_availability
-+	 * Ensure that Engine is instantiated before any pkc asynchronous call.
-+	 */
-+	void *(*engine_init_instance)(void);
-+	/*
-+	 * Instantiated Engine handle will be closed with this call.
-+	 * Ensure that no pkc asynchronous call is made after this call
-+	 */
-+	void (*engine_close_instance)(void *handle);
-+	/*
-+	 * Check availability will extract the data from kernel.
-+	 * eng_handle: This is the Engine handle corresponds to which
-+	 * the cookies needs to be polled.
-+	 * return 0 if cookie available else 1
-+	 */
-+	int (*check_pkc_availability)(void *eng_handle);
-+	/*
-+	 * The following map is used to check if the engine supports asynchronous implementation
-+	 * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous
-+	 * implementation need to check this features using "int ENGINE_get_async_map(engine *)";
-+	 */
-+	int async_map;
- 	const ENGINE_CMD_DEFN *cmd_defns;
- 	int flags;
- 	/* reference count on the structure itself */
-diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
-index 18a6664..6fa621c 100644
---- a/crypto/engine/eng_lib.c
-+++ b/crypto/engine/eng_lib.c
-@@ -98,7 +98,11 @@ void engine_set_all_null(ENGINE *e)
- 	e->ctrl = NULL;
- 	e->load_privkey = NULL;
- 	e->load_pubkey = NULL;
-+	e->check_pkc_availability = NULL;
-+	e->engine_init_instance = NULL;
-+	e->engine_close_instance = NULL;
- 	e->cmd_defns = NULL;
-+	e->async_map = 0;
- 	e->flags = 0;
- 	}
- 
-@@ -233,6 +237,48 @@ int ENGINE_set_id(ENGINE *e, const char *id)
- 	return 1;
- 	}
- 
-+void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void))
-+	{
-+		e->engine_init_instance = engine_init_instance;
-+	}
-+
-+void ENGINE_set_close_instance(ENGINE *e,
-+	void (*engine_close_instance)(void *))
-+	{
-+		e->engine_close_instance = engine_close_instance;
-+	}
-+
-+void ENGINE_set_async_map(ENGINE *e, int async_map)
-+	{
-+		e->async_map = async_map;
-+	}
-+
-+void *ENGINE_init_instance(ENGINE *e)
-+	{
-+		return e->engine_init_instance();
-+	}
-+
-+void ENGINE_close_instance(ENGINE *e, void *eng_handle)
-+	{
-+		e->engine_close_instance(eng_handle);
-+	}
-+
-+int ENGINE_get_async_map(ENGINE *e)
-+	{
-+		return e->async_map;
-+	}
-+
-+void ENGINE_set_check_pkc_availability(ENGINE *e,
-+	int (*check_pkc_availability)(void *eng_handle))
-+	{
-+		e->check_pkc_availability = check_pkc_availability;
-+	}
-+
-+int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle)
-+	{
-+		return e->check_pkc_availability(eng_handle);
-+	}
-+
- int ENGINE_set_name(ENGINE *e, const char *name)
- 	{
- 	if(name == NULL)
-diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
-index 237a6c9..ccff86a 100644
---- a/crypto/engine/engine.h
-+++ b/crypto/engine/engine.h
-@@ -473,6 +473,30 @@ ENGINE *ENGINE_new(void);
- int ENGINE_free(ENGINE *e);
- int ENGINE_up_ref(ENGINE *e);
- int ENGINE_set_id(ENGINE *e, const char *id);
-+void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void));
-+void ENGINE_set_close_instance(ENGINE *e,
-+	void (*engine_free_instance)(void *));
-+/*
-+ * Following FLAGS are bitmap store in async_map to set asynchronous interface capability
-+ *of the engine
-+ */
-+#define ENGINE_RSA_ASYNC 0x0001
-+#define ENGINE_DSA_ASYNC 0x0002
-+#define ENGINE_DH_ASYNC 0x0004
-+#define ENGINE_ECDSA_ASYNC 0x0008
-+#define ENGINE_ECDH_ASYNC 0x0010
-+#define ENGINE_ALLPKC_ASYNC 0x001F
-+/* Engine implementation will set the bitmap based on above flags using following API */
-+void ENGINE_set_async_map(ENGINE *e, int async_map);
-+ /* Application need to check the bitmap based on above flags using following API
-+  * to confirm asynchronous methods supported
-+  */
-+int ENGINE_get_async_map(ENGINE *e);
-+void *ENGINE_init_instance(ENGINE *e);
-+void ENGINE_close_instance(ENGINE *e, void *eng_handle);
-+void ENGINE_set_check_pkc_availability(ENGINE *e,
-+	int (*check_pkc_availability)(void *eng_handle));
-+int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle);
- int ENGINE_set_name(ENGINE *e, const char *name);
- int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
- int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
-diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
-index 5f269e5..6ef1b15 100644
---- a/crypto/rsa/rsa.h
-+++ b/crypto/rsa/rsa.h
-@@ -101,6 +101,29 @@ struct rsa_meth_st
- 	int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- 			  const BIGNUM *m, BN_CTX *ctx,
- 			  BN_MONT_CTX *m_ctx); /* Can be null */
-+	/*
-+	 * Cookie in the following _async variant must be allocated before
-+	 * submission and can be freed once its corresponding callback
-+	 * handler is called
-+	 */
-+	int (*rsa_pub_enc_asyn)(int flen,const unsigned char *from,
-+			   unsigned char *to, RSA *rsa, int padding,
-+			   struct pkc_cookie_s *cookie);
-+	int (*rsa_pub_dec_async)(int flen,const unsigned char *from,
-+			   unsigned char *to, RSA *rsa, int padding,
-+			   struct pkc_cookie_s *cookie);
-+	int (*rsa_priv_enc_async)(int flen,const unsigned char *from,
-+			    unsigned char *to, RSA *rsa, int padding,
-+			    struct pkc_cookie_s *cookie);
-+	int (*rsa_priv_dec_async)(int flen,const unsigned char *from,
-+			    unsigned char *to, RSA *rsa, int padding,
-+			    struct pkc_cookie_s *cookie);
-+	int (*rsa_mod_exp_async)(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
-+			    BN_CTX *ctx, struct pkc_cookie_s *cookie);
-+	int (*bn_mod_exp_async)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-+			  const BIGNUM *m, BN_CTX *ctx,
-+			  BN_MONT_CTX *m_ctx, struct pkc_cookie_s *cookie);
-+
- 	int (*init)(RSA *rsa);		/* called at new */
- 	int (*finish)(RSA *rsa);	/* called at free */
- 	int flags;			/* RSA_METHOD_FLAG_* things */
--- 
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch
new file mode 100644
index 0000000..8908d54
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch
@@ -0,0 +1,163 @@
+From cd80be25a3da28d23dfcb2762252b413879eaa74 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta at freescale.com>
+Date: Thu, 17 Apr 2014 06:57:59 +0545
+Subject: [PATCH 10/48] Removed local copy of curve_t type
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
+---
+ crypto/engine/eng_cryptodev.c    | 33 ++++++++++++++-------------------
+ crypto/engine/eng_cryptodev_ec.h |  7 -------
+ 2 files changed, 14 insertions(+), 26 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index eac5fb6..151774c 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -2504,11 +2504,6 @@ static ECDSA_METHOD cryptodev_ecdsa = {
+     NULL                        /* app_data */
+ };
+ 
+-typedef enum ec_curve_s {
+-    EC_PRIME,
+-    EC_BINARY
+-} ec_curve_t;
+-
+ /* ENGINE handler for ECDSA Sign */
+ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
+                                           int dgst_len, const BIGNUM *in_kinv,
+@@ -2527,7 +2522,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
+     const BIGNUM *order = NULL, *priv_key = NULL;
+     const EC_GROUP *group = NULL;
+     struct crypt_kop kop;
+-    ec_curve_t ec_crv = EC_PRIME;
++    enum ec_curve_t ec_crv = EC_PRIME;
+ 
+     memset(&kop, 0, sizeof(kop));
+     ecdsa = ecdsa_check(eckey);
+@@ -2665,7 +2660,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
+             else
+                 goto err;
+         }
+-        kop.curve_type = ECC_BINARY;
++        kop.curve_type = EC_BINARY;
+     }
+ 
+     /* Calculation of Generator point */
+@@ -2760,7 +2755,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
+     const EC_POINT *pub_key = NULL;
+     const BIGNUM *order = NULL;
+     const EC_GROUP *group = NULL;
+-    ec_curve_t ec_crv = EC_PRIME;
++    enum ec_curve_t ec_crv = EC_PRIME;
+     struct crypt_kop kop;
+ 
+     memset(&kop, 0, sizeof kop);
+@@ -2911,7 +2906,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
+             else
+                 goto err;
+         }
+-        kop.curve_type = ECC_BINARY;
++        kop.curve_type = EC_BINARY;
+     }
+ 
+     /* Calculation of Generator point */
+@@ -3016,7 +3011,7 @@ static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst,
+     const BIGNUM *order = NULL, *priv_key = NULL;
+     const EC_GROUP *group = NULL;
+     struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
+-    ec_curve_t ec_crv = EC_PRIME;
++    enum ec_curve_t ec_crv = EC_PRIME;
+ 
+     if (!(sig->r = BN_new()) || !kop)
+         goto err;
+@@ -3157,7 +3152,7 @@ static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst,
+             else
+                 goto err;
+         }
+-        kop->curve_type = ECC_BINARY;
++        kop->curve_type = EC_BINARY;
+     }
+ 
+     /* Calculation of Generator point */
+@@ -3237,7 +3232,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst,
+     const EC_POINT *pub_key = NULL;
+     const BIGNUM *order = NULL;
+     const EC_GROUP *group = NULL;
+-    ec_curve_t ec_crv = EC_PRIME;
++    enum ec_curve_t ec_crv = EC_PRIME;
+     struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
+ 
+     if (!kop)
+@@ -3384,7 +3379,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst,
+     if (ec_crv == EC_BINARY) {
+         /* copy b' i.e c(b), instead of only b */
+         eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab + q_len, q_len);
+-        kop->curve_type = ECC_BINARY;
++        kop->curve_type = EC_BINARY;
+     }
+ 
+     /* Calculation of Generator point */
+@@ -3690,7 +3685,7 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
+                                void *(*KDF) (const void *in, size_t inlen,
+                                              void *out, size_t *outlen))
+ {
+-    ec_curve_t ec_crv = EC_PRIME;
++    enum ec_curve_t ec_crv = EC_PRIME;
+     unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
+     BIGNUM *w_x = NULL, *w_y = NULL;
+     int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
+@@ -3820,9 +3815,9 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
+             else
+                 goto err;
+         }
+-        kop.curve_type = ECC_BINARY;
++        kop.curve_type = EC_BINARY;
+     } else
+-        kop.curve_type = ECC_PRIME;
++        kop.curve_type = EC_PRIME;
+ 
+     priv_key_len = r_len;
+ 
+@@ -3874,7 +3869,7 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
+                                                    size_t *outlen),
+                                      struct pkc_cookie_s *cookie)
+ {
+-    ec_curve_t ec_crv = EC_PRIME;
++    enum ec_curve_t ec_crv = EC_PRIME;
+     unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
+     BIGNUM *w_x = NULL, *w_y = NULL;
+     int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
+@@ -4005,9 +4000,9 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
+             else
+                 goto err;
+         }
+-        kop->curve_type = ECC_BINARY;
++        kop->curve_type = EC_BINARY;
+     } else
+-        kop->curve_type = ECC_PRIME;
++        kop->curve_type = EC_PRIME;
+ 
+     priv_key_len = r_len;
+ 
+diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h
+index af54c51..41a8702 100644
+--- a/crypto/engine/eng_cryptodev_ec.h
++++ b/crypto/engine/eng_cryptodev_ec.h
+@@ -287,11 +287,4 @@ static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y,
+ 
+ 	return xy;
+ }
+-
+-enum curve_t {
+-	DISCRETE_LOG,
+-	ECC_PRIME,
+-	ECC_BINARY,
+-	MAX_ECC_TYPE
+-};
+ #endif
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
deleted file mode 100644
index 244d230..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
+++ /dev/null
@@ -1,153 +0,0 @@
-From e4fc051f8ae1c093b25ca346c2ec351ff3b700d1 Mon Sep 17 00:00:00 2001
-From: Hou Zhiqiang <B48286 at freescale.com>
-Date: Wed, 2 Apr 2014 16:10:43 +0800
-Subject: [PATCH 11/26] Add RSA keygen operation and support gendsa command
- with hardware engine
-
-Upstream-status: Pending
-
-Signed-off-by: Hou Zhiqiang <B48286 at freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 118 ++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 118 insertions(+)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 9f2416e..b2919a8 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1906,6 +1906,121 @@ err:
- 	return dsaret;
- }
- 
-+/* Cryptodev RSA Key Gen routine */
-+static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
-+{
-+	struct crypt_kop kop;
-+	int ret, fd;
-+	int p_len, q_len;
-+	int i;
-+
-+	if ((fd = get_asym_dev_crypto()) < 0)
-+		return fd;
-+
-+	if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
-+	if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err;
-+	if(!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err;
-+	if(!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err;
-+	if(!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err;
-+	if(!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err;
-+	if(!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err;
-+	if(!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err;
-+
-+	BN_copy(rsa->e, e);
-+
-+	p_len = (bits+1) / (2 * 8);
-+	q_len = (bits - p_len * 8) / 8;
-+	memset(&kop, 0, sizeof kop);
-+	kop.crk_op = CRK_RSA_GENERATE_KEY;
-+
-+	/* p length */
-+	kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
-+	if (!kop.crk_param[kop.crk_iparams].crp_p)
-+		goto err;
-+	kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
-+	memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
-+	kop.crk_iparams++;
-+	kop.crk_oparams++;
-+	/* q length */
-+	kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
-+	if (!kop.crk_param[kop.crk_iparams].crp_p)
-+		goto err;
-+	kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
-+	memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
-+	kop.crk_iparams++;
-+	kop.crk_oparams++;
-+	/* n length */
-+	kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + q_len + 1, sizeof(char));
-+	if (!kop.crk_param[kop.crk_iparams].crp_p)
-+		goto err;
-+	kop.crk_param[kop.crk_iparams].crp_nbits = bits;
-+	memset(kop.crk_param[kop.crk_iparams].crp_p, 0x00, p_len + q_len + 1);
-+	kop.crk_iparams++;
-+	kop.crk_oparams++;
-+	/* d length */
-+	kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + q_len + 1, sizeof(char));
-+	if (!kop.crk_param[kop.crk_iparams].crp_p)
-+		goto err;
-+	kop.crk_param[kop.crk_iparams].crp_nbits = bits;
-+	memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + q_len + 1);
-+	kop.crk_iparams++;
-+	kop.crk_oparams++;
-+	/* dp1 length */
-+	kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
-+	if (!kop.crk_param[kop.crk_iparams].crp_p)
-+		goto err;
-+	kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
-+	memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
-+	kop.crk_iparams++;
-+	kop.crk_oparams++;
-+	/* dq1 length */
-+	kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
-+	if (!kop.crk_param[kop.crk_iparams].crp_p)
-+		goto err;
-+	kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
-+	memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
-+	kop.crk_iparams++;
-+	kop.crk_oparams++;
-+	/* i length */
-+	kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
-+	if (!kop.crk_param[kop.crk_iparams].crp_p)
-+		goto err;
-+	kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
-+	memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
-+	kop.crk_iparams++;
-+	kop.crk_oparams++;
-+
-+	if (ioctl(fd, CIOCKEY, &kop) == 0) {
-+		BN_bin2bn(kop.crk_param[0].crp_p,
-+				p_len, rsa->p);
-+		BN_bin2bn(kop.crk_param[1].crp_p,
-+				q_len, rsa->q);
-+		BN_bin2bn(kop.crk_param[2].crp_p,
-+				bits / 8, rsa->n);
-+		BN_bin2bn(kop.crk_param[3].crp_p,
-+				bits / 8, rsa->d);
-+		BN_bin2bn(kop.crk_param[4].crp_p,
-+				p_len, rsa->dmp1);
-+		BN_bin2bn(kop.crk_param[5].crp_p,
-+				q_len, rsa->dmq1);
-+		BN_bin2bn(kop.crk_param[6].crp_p,
-+				p_len, rsa->iqmp);
-+		return 1;
-+	}
-+sw_try:
-+	{
-+		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-+		ret = (meth->rsa_keygen)(rsa, bits, e, cb);
-+	}
-+	return ret;
-+
-+err:
-+	for (i = 0; i < CRK_MAXPARAM; i++)
-+		free(kop.crk_param[i].crp_p);
-+	return 0;
-+
-+}
-+
- /* Cryptodev DSA Key Gen routine */
- static int cryptodev_dsa_keygen(DSA *dsa)
- {
-@@ -3896,6 +4011,9 @@ ENGINE_load_cryptodev(void)
- 				cryptodev_rsa.rsa_mod_exp_async =
- 				    cryptodev_rsa_nocrt_mod_exp_async;
- 			}
-+			if (cryptodev_asymfeat & CRF_RSA_GENERATE_KEY)
-+				cryptodev_rsa.rsa_keygen =
-+					cryptodev_rsa_keygen;
- 		}
- 	}
- 
--- 
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch
new file mode 100644
index 0000000..13aea01
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch
@@ -0,0 +1,43 @@
+From f9d9da58818740334ef356d0384d4e88da865dca Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta at freescale.com>
+Date: Tue, 22 Apr 2014 22:58:33 +0545
+Subject: [PATCH 11/48] Modulus parameter is not populated by dhparams
+
+Upstream-status: Pending
+
+When dhparams are created, modulus parameter required for
+private key generation is not populated. So, falling back
+to software for proper population of modulus parameters followed
+by private key generation
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 151774c..1f1f307 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -3502,7 +3502,7 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie)
+     kop->crk_op = CRK_DH_GENERATE_KEY;
+     if (bn2crparam(dh->p, &kop->crk_param[0]))
+         goto sw_try;
+-    if (bn2crparam(dh->q, &kop->crk_param[1]))
++    if (!dh->q || bn2crparam(dh->q, &kop->crk_param[1]))
+         goto sw_try;
+     kop->crk_param[2].crp_p = g;
+     kop->crk_param[2].crp_nbits = g_len * 8;
+@@ -3557,7 +3557,7 @@ static int cryptodev_dh_keygen(DH *dh)
+     kop.crk_op = CRK_DH_GENERATE_KEY;
+     if (bn2crparam(dh->p, &kop.crk_param[0]))
+         goto sw_try;
+-    if (bn2crparam(dh->q, &kop.crk_param[1]))
++    if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1]))
+         goto sw_try;
+     kop.crk_param[2].crp_p = g;
+     kop.crk_param[2].crp_nbits = g_len * 8;
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-RSA-Keygen-Fix.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-RSA-Keygen-Fix.patch
deleted file mode 100644
index 7f907da..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-RSA-Keygen-Fix.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From ac777f046da7151386d667391362ecb553ceee90 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Wed, 16 Apr 2014 22:53:04 +0545
-Subject: [PATCH 12/26] RSA Keygen Fix
-
-Upstream-status: Pending
-
-If Kernel driver doesn't support RSA Keygen or same returns
-error handling the keygen operation, the keygen is gracefully
-handled by software supported rsa_keygen handler
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 12 +++++++-----
- 1 file changed, 7 insertions(+), 5 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index b2919a8..ed5f20f 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1915,7 +1915,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
- 	int i;
- 
- 	if ((fd = get_asym_dev_crypto()) < 0)
--		return fd;
-+		goto sw_try;
- 
- 	if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
- 	if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err;
-@@ -1936,7 +1936,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
- 	/* p length */
- 	kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
- 	if (!kop.crk_param[kop.crk_iparams].crp_p)
--		goto err;
-+		goto sw_try;
- 	kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
- 	memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
- 	kop.crk_iparams++;
-@@ -1944,7 +1944,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
- 	/* q length */
- 	kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
- 	if (!kop.crk_param[kop.crk_iparams].crp_p)
--		goto err;
-+		goto sw_try;
- 	kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
- 	memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
- 	kop.crk_iparams++;
-@@ -2009,8 +2009,10 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
- 	}
- sw_try:
- 	{
--		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
--		ret = (meth->rsa_keygen)(rsa, bits, e, cb);
-+		const RSA_METHOD *meth = rsa->meth;
-+		rsa->meth = RSA_PKCS1_SSLeay();
-+		ret = RSA_generate_key_ex(rsa, bits, e, cb);
-+		rsa->meth = meth;
- 	}
- 	return ret;
- 
--- 
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch
new file mode 100644
index 0000000..bf36a32
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch
@@ -0,0 +1,53 @@
+From 18f4dbbba2c0142792b394bec35531cefe277712 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta at freescale.com>
+Date: Thu, 24 Apr 2014 00:35:34 +0545
+Subject: [PATCH 12/48] SW Backoff mechanism for dsa keygen
+
+Upstream-status: Pending
+
+DSA Keygen is not handled in default openssl dsa method. Due to
+same null function pointer in SW DSA method, the backoff for dsa
+keygen gives segmentation fault.
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 1f1f307..db8e02d 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -2175,8 +2175,10 @@ static int cryptodev_dsa_keygen(DSA *dsa)
+     return ret;
+  sw_try:
+     {
+-        const DSA_METHOD *meth = DSA_OpenSSL();
+-        ret = (meth->dsa_keygen) (dsa);
++        const DSA_METHOD *meth = dsa->meth;
++        dsa->meth = DSA_OpenSSL();
++        ret = DSA_generate_key(dsa);
++        dsa->meth = meth;
+     }
+     return ret;
+ }
+@@ -2230,11 +2232,13 @@ static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie)
+     return ret;
+  sw_try:
+     {
+-        const DSA_METHOD *meth = DSA_OpenSSL();
++        const DSA_METHOD *meth = dsa->meth;
+ 
++        dsa->meth = DSA_OpenSSL();
+         if (kop)
+             free(kop);
+-        ret = (meth->dsa_keygen) (dsa);
++        ret = DSA_generate_key(dsa);
++        dsa->meth = meth;
+         cookie->pkc_callback(cookie, 0);
+     }
+     return ret;
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch
new file mode 100644
index 0000000..12465d7
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch
@@ -0,0 +1,100 @@
+From 4d5ffd41f423309fc9aaf3621598ca51c5838e31 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta at freescale.com>
+Date: Thu, 1 May 2014 06:35:45 +0545
+Subject: [PATCH 13/48] Fixed DH keygen pair generator
+
+Upstream-status: Pending
+
+Wrong Padding results into keygen length error
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 50 ++++++++++++++++++++++++++++---------------
+ 1 file changed, 33 insertions(+), 17 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index db8e02d..4929ae6 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -3534,44 +3534,60 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie)
+ static int cryptodev_dh_keygen(DH *dh)
+ {
+     struct crypt_kop kop;
+-    int ret = 1, g_len;
+-    unsigned char *g = NULL;
++    int ret = 1, q_len = 0;
++    unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL;
++    BIGNUM *pub_key = NULL, *priv_key = NULL;
++    int generate_new_key = 1;
+ 
+-    if (dh->priv_key == NULL) {
+-        if ((dh->priv_key = BN_new()) == NULL)
+-            goto sw_try;
+-    }
++    if (dh->priv_key)
++        priv_key = dh->priv_key;
+ 
+-    if (dh->pub_key == NULL) {
+-        if ((dh->pub_key = BN_new()) == NULL)
+-            goto sw_try;
+-    }
++    if (dh->pub_key)
++        pub_key = dh->pub_key;
+ 
+-    g_len = BN_num_bytes(dh->p);
++    q_len = BN_num_bytes(dh->p);
+         /**
+          * Get generator into a plain buffer. If length is less than
+          * q_len then add leading padding bytes.
+          */
+-    if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
++    if (spcf_bn2bin_ex(dh->g, &g, &q_len)) {
++        DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
++        goto sw_try;
++    }
++
++    if (spcf_bn2bin_ex(dh->p, &q, &q_len)) {
+         DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
+         goto sw_try;
+     }
+ 
+     memset(&kop, 0, sizeof kop);
+     kop.crk_op = CRK_DH_GENERATE_KEY;
+-    if (bn2crparam(dh->p, &kop.crk_param[0]))
+-        goto sw_try;
++    kop.crk_param[0].crp_p = q;
++    kop.crk_param[0].crp_nbits = q_len * 8;
+     if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1]))
+         goto sw_try;
+     kop.crk_param[2].crp_p = g;
+-    kop.crk_param[2].crp_nbits = g_len * 8;
++    kop.crk_param[2].crp_nbits = q_len * 8;
+     kop.crk_iparams = 3;
+ 
++    s = OPENSSL_malloc(q_len);
++    if (!s) {
++        DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
++        goto sw_try;
++    }
++
++    w = OPENSSL_malloc(q_len);
++    if (!w) {
++        DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
++        goto sw_try;
++    }
++
+     /* pub_key is or prime length while priv key is of length of order */
+-    if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
+-                       BN_num_bytes(dh->q), dh->priv_key))
++    if (cryptodev_asym(&kop, q_len, w, q_len, s))
+         goto sw_try;
+ 
++    dh->pub_key = BN_bin2bn(w, q_len, pub_key);
++    dh->pub_key = BN_bin2bn(s, q_len, priv_key);
+     return ret;
+  sw_try:
+     {
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Removed-local-copy-of-curve_t-type.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Removed-local-copy-of-curve_t-type.patch
deleted file mode 100644
index c9d8ace..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Removed-local-copy-of-curve_t-type.patch
+++ /dev/null
@@ -1,164 +0,0 @@
-From 6aaa306cdf878250d7b6eaf30978de313653886b Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Thu, 17 Apr 2014 06:57:59 +0545
-Subject: [PATCH 13/26] Removed local copy of curve_t type
-
-Upstream-status: Pending
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/engine/eng_cryptodev.c    | 34 ++++++++++++++--------------------
- crypto/engine/eng_cryptodev_ec.h |  7 -------
- 2 files changed, 14 insertions(+), 27 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index ed5f20f..5d883fa 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2398,12 +2398,6 @@ static ECDSA_METHOD cryptodev_ecdsa = {
- 	NULL	/* app_data */
- };
- 
--typedef enum ec_curve_s
--{
--	EC_PRIME,
--	EC_BINARY
--} ec_curve_t;
--
- /* ENGINE handler for ECDSA Sign */
- static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
- 	int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
-@@ -2420,7 +2414,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
- 	const BIGNUM   *order = NULL, *priv_key=NULL;
- 	const EC_GROUP *group = NULL;
- 	struct crypt_kop kop;
--	ec_curve_t ec_crv = EC_PRIME;
-+	enum ec_curve_t ec_crv = EC_PRIME;
- 
- 	memset(&kop, 0, sizeof(kop));
- 	ecdsa = ecdsa_check(eckey);
-@@ -2553,7 +2547,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
- 			else
- 				goto err;
- 		}
--		kop.curve_type = ECC_BINARY;
-+		kop.curve_type = EC_BINARY;
- 	}
- 
- 	/* Calculation of Generator point */
-@@ -2647,7 +2641,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
- 	const EC_POINT *pub_key = NULL;
- 	const BIGNUM   *order = NULL;
- 	const EC_GROUP *group=NULL;
--	ec_curve_t       ec_crv = EC_PRIME;
-+	enum ec_curve_t       ec_crv = EC_PRIME;
- 	struct crypt_kop kop;
- 
- 	memset(&kop, 0, sizeof kop);
-@@ -2792,7 +2786,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
- 			else
- 				goto err;
- 		}
--		kop.curve_type = ECC_BINARY;
-+		kop.curve_type = EC_BINARY;
- 	}
- 
- 	/* Calculation of Generator point */
-@@ -2893,7 +2887,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char  *dgst,
- 	const BIGNUM   *order = NULL, *priv_key=NULL;
- 	const EC_GROUP *group = NULL;
- 	struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
--	ec_curve_t ec_crv = EC_PRIME;
-+	enum ec_curve_t ec_crv = EC_PRIME;
- 
- 	if (!(sig->r = BN_new()) || !kop)
- 		goto err;
-@@ -3029,7 +3023,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char  *dgst,
- 			else
- 				goto err;
- 		}
--		kop->curve_type = ECC_BINARY;
-+		kop->curve_type = EC_BINARY;
- 	}
- 
- 	/* Calculation of Generator point */
-@@ -3105,7 +3099,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len,
- 	const EC_POINT *pub_key = NULL;
- 	const BIGNUM   *order = NULL;
- 	const EC_GROUP *group=NULL;
--	ec_curve_t       ec_crv = EC_PRIME;
-+	enum ec_curve_t       ec_crv = EC_PRIME;
- 	struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
- 
- 	if (!kop)
-@@ -3247,7 +3241,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len,
- 		/* copy b' i.e c(b), instead of only b */
- 		eng_ec_get_cparam (EC_GROUP_get_curve_name(group),
- 			ab+q_len, q_len);
--		kop->curve_type = ECC_BINARY;
-+		kop->curve_type = EC_BINARY;
- 	}
- 
- 	/* Calculation of Generator point */
-@@ -3552,7 +3546,7 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
- 	const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
- 	void *out, size_t *outlen))
- {
--	ec_curve_t       ec_crv = EC_PRIME;
-+	enum ec_curve_t       ec_crv = EC_PRIME;
- 	unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
- 	BIGNUM         * w_x = NULL, *w_y = NULL;
- 	int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
-@@ -3678,9 +3672,9 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
- 			else
- 				goto err;
- 		}
--		kop.curve_type = ECC_BINARY;
-+		kop.curve_type = EC_BINARY;
- 	} else
--		kop.curve_type = ECC_PRIME;
-+		kop.curve_type = EC_PRIME;
- 
- 	priv_key_len = r_len;
- 
-@@ -3729,7 +3723,7 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
- 	const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
- 	void *out, size_t *outlen), struct pkc_cookie_s *cookie)
- {
--	ec_curve_t       ec_crv = EC_PRIME;
-+	enum ec_curve_t       ec_crv = EC_PRIME;
- 	unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
- 	BIGNUM         * w_x = NULL, *w_y = NULL;
- 	int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
-@@ -3857,9 +3851,9 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
- 			else
- 				goto err;
- 		}
--		kop->curve_type = ECC_BINARY;
-+		kop->curve_type = EC_BINARY;
- 	} else
--		kop->curve_type = ECC_PRIME;
-+		kop->curve_type = EC_PRIME;
- 
- 	priv_key_len = r_len;
- 
-diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h
-index 77aee71..a4b8da5 100644
---- a/crypto/engine/eng_cryptodev_ec.h
-+++ b/crypto/engine/eng_cryptodev_ec.h
-@@ -286,11 +286,4 @@ static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y,
- 
- 	return xy;
- }
--
--enum curve_t {
--	DISCRETE_LOG,
--	ECC_PRIME,
--	ECC_BINARY,
--	MAX_ECC_TYPE
--};
- #endif
--- 
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-Modulus-parameter-is-not-populated-by-dhparams.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-Modulus-parameter-is-not-populated-by-dhparams.patch
deleted file mode 100644
index 198bed7..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-Modulus-parameter-is-not-populated-by-dhparams.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 14623ca9e417ccef1ad3f4138acfac0ebe682f1f Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Tue, 22 Apr 2014 22:58:33 +0545
-Subject: [PATCH 14/26] Modulus parameter is not populated by dhparams
-
-Upstream-status: Pending
-
-When dhparams are created, modulus parameter required for
-private key generation is not populated. So, falling back
-to software for proper population of modulus parameters followed
-by private key generation
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 5d883fa..6d69336 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -3364,7 +3364,7 @@ static int cryptodev_dh_keygen_async(DH *dh,  struct pkc_cookie_s *cookie)
- 	kop->crk_op = CRK_DH_GENERATE_KEY;
- 	if (bn2crparam(dh->p, &kop->crk_param[0]))
- 		goto sw_try;
--	if (bn2crparam(dh->q, &kop->crk_param[1]))
-+	if (!dh->q || bn2crparam(dh->q, &kop->crk_param[1]))
- 		goto sw_try;
- 	kop->crk_param[2].crp_p = g;
- 	kop->crk_param[2].crp_nbits = g_len * 8;
-@@ -3419,7 +3419,7 @@ static int cryptodev_dh_keygen(DH *dh)
- 	kop.crk_op = CRK_DH_GENERATE_KEY;
- 	if (bn2crparam(dh->p, &kop.crk_param[0]))
- 		goto sw_try;
--	if (bn2crparam(dh->q, &kop.crk_param[1]))
-+	if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1]))
- 		goto sw_try;
- 	kop.crk_param[2].crp_p = g;
- 	kop.crk_param[2].crp_nbits = g_len * 8;
--- 
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
new file mode 100644
index 0000000..5a8c2d2
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
@@ -0,0 +1,321 @@
+From 317e3d9870097e6b115dd8c9a13ccb5e5ca76f2e Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at freescale.com>
+Date: Mon, 16 Jun 2014 14:06:21 +0300
+Subject: [PATCH 14/48] cryptodev: add support for aes-gcm algorithm offloading
+
+Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
+---
+ apps/speed.c                  |   6 +-
+ crypto/engine/eng_cryptodev.c | 236 +++++++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 240 insertions(+), 2 deletions(-)
+
+diff --git a/apps/speed.c b/apps/speed.c
+index 95adcc1..e5e609b 100644
+--- a/apps/speed.c
++++ b/apps/speed.c
+@@ -226,7 +226,11 @@
+ # endif
+ 
+ # undef BUFSIZE
+-# define BUFSIZE ((long)1024*8+1)
++/* The buffer overhead allows GCM tag at the end of the encrypted data. This
++   avoids buffer overflows from cryptodev since Linux kernel GCM
++   implementation allways adds the tag - unlike e_aes.c:aes_gcm_cipher()
++   which doesn't */
++#define BUFSIZE	((long)1024*8 + EVP_GCM_TLS_TAG_LEN)
+ static volatile int run = 0;
+ 
+ static int mr = 0;
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 4929ae6..d2cdca0 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -2,6 +2,7 @@
+  * Copyright (c) 2002 Bob Beck <beck at openbsd.org>
+  * Copyright (c) 2002 Theo de Raadt
+  * Copyright (c) 2002 Markus Friedl
++ * Copyright (c) 2013-2014 Freescale Semiconductor, Inc.
+  * All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+@@ -77,8 +78,10 @@ struct dev_crypto_state {
+     struct session_op d_sess;
+     int d_fd;
+     unsigned char *aad;
+-    unsigned int aad_len;
++    int aad_len;
+     unsigned int len;
++    unsigned char *iv;
++    int ivlen;
+ # ifdef USE_CRYPTODEV_DIGESTS
+     char dummy_mac_key[HASH_MAX_LEN];
+     unsigned char digest_res[HASH_MAX_LEN];
+@@ -287,6 +290,9 @@ static struct {
+         CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20
+     },
+     {
++        CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0
++    },
++    {
+         0, NID_undef, 0, 0, 0
+     },
+ };
+@@ -325,6 +331,22 @@ static struct {
+ };
+ # endif
+ 
++/* increment counter (64-bit int) by 1 */
++static void ctr64_inc(unsigned char *counter)
++{
++    int n = 8;
++    unsigned char c;
++
++    do {
++        --n;
++        c = counter[n];
++        ++c;
++        counter[n] = c;
++        if (c)
++            return;
++    } while (n);
++}
++
+ /*
+  * Return a fd if /dev/crypto seems usable, 0 otherwise.
+  */
+@@ -807,6 +829,199 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
+     }
+ }
+ 
++static int cryptodev_init_gcm_key(EVP_CIPHER_CTX *ctx,
++                                  const unsigned char *key,
++                                  const unsigned char *iv, int enc)
++{
++    struct dev_crypto_state *state = ctx->cipher_data;
++    struct session_op *sess = &state->d_sess;
++    int cipher = -1, i;
++    if (!iv && !key)
++        return 1;
++
++    if (iv)
++        memcpy(ctx->iv, iv, ctx->cipher->iv_len);
++
++    for (i = 0; ciphers[i].id; i++)
++        if (ctx->cipher->nid == ciphers[i].nid &&
++            ctx->cipher->iv_len <= ciphers[i].ivmax &&
++            ctx->key_len == ciphers[i].keylen) {
++            cipher = ciphers[i].id;
++            break;
++        }
++
++    if (!ciphers[i].id) {
++        state->d_fd = -1;
++        return 0;
++    }
++
++    memset(sess, 0, sizeof(struct session_op));
++
++    if ((state->d_fd = get_dev_crypto()) < 0)
++        return 0;
++
++    sess->key = (unsigned char *)key;
++    sess->keylen = ctx->key_len;
++    sess->cipher = cipher;
++
++    if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
++        put_dev_crypto(state->d_fd);
++        state->d_fd = -1;
++        return 0;
++    }
++    return 1;
++}
++
++static int cryptodev_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++                                    const unsigned char *in, size_t len)
++{
++    struct crypt_auth_op cryp = { 0 };
++    struct dev_crypto_state *state = ctx->cipher_data;
++    struct session_op *sess = &state->d_sess;
++    int rv = len;
++
++    if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ?
++                            EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
++                            EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
++        return 0;
++
++    in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
++    out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
++    len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
++
++    if (ctx->encrypt) {
++        len -= EVP_GCM_TLS_TAG_LEN;
++    }
++    cryp.ses = sess->ses;
++    cryp.len = len;
++    cryp.src = (unsigned char *)in;
++    cryp.dst = out;
++    cryp.auth_src = state->aad;
++    cryp.auth_len = state->aad_len;
++    cryp.iv = ctx->iv;
++    cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
++
++    if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
++        return 0;
++    }
++
++    if (ctx->encrypt)
++        ctr64_inc(state->iv + state->ivlen - 8);
++    else
++        rv = len - EVP_GCM_TLS_TAG_LEN;
++
++    return rv;
++}
++
++static int cryptodev_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++                                const unsigned char *in, size_t len)
++{
++    struct crypt_auth_op cryp;
++    struct dev_crypto_state *state = ctx->cipher_data;
++    struct session_op *sess = &state->d_sess;
++
++    if (state->d_fd < 0)
++        return 0;
++
++    if ((len % ctx->cipher->block_size) != 0)
++        return 0;
++
++    if (state->aad_len >= 0)
++        return cryptodev_gcm_tls_cipher(ctx, out, in, len);
++
++    memset(&cryp, 0, sizeof(cryp));
++
++    cryp.ses = sess->ses;
++    cryp.len = len;
++    cryp.src = (unsigned char *)in;
++    cryp.dst = out;
++    cryp.auth_src = NULL;
++    cryp.auth_len = 0;
++    cryp.iv = ctx->iv;
++    cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
++
++    if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
++        return 0;
++    }
++
++    return len;
++}
++
++static int cryptodev_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
++                              void *ptr)
++{
++    struct dev_crypto_state *state = ctx->cipher_data;
++    switch (type) {
++    case EVP_CTRL_INIT:
++        {
++            state->ivlen = ctx->cipher->iv_len;
++            state->iv = ctx->iv;
++            state->aad_len = -1;
++            return 1;
++        }
++    case EVP_CTRL_GCM_SET_IV_FIXED:
++        {
++            /* Special case: -1 length restores whole IV */
++            if (arg == -1) {
++                memcpy(state->iv, ptr, state->ivlen);
++                return 1;
++            }
++            /*
++             * Fixed field must be at least 4 bytes and invocation field at
++             * least 8.
++             */
++            if ((arg < 4) || (state->ivlen - arg) < 8)
++                return 0;
++            if (arg)
++                memcpy(state->iv, ptr, arg);
++            if (ctx->encrypt &&
++                RAND_bytes(state->iv + arg, state->ivlen - arg) <= 0)
++                return 0;
++            return 1;
++        }
++    case EVP_CTRL_AEAD_TLS1_AAD:
++        {
++            unsigned int len;
++            if (arg != 13)
++                return 0;
++
++            memcpy(ctx->buf, ptr, arg);
++            len = ctx->buf[arg - 2] << 8 | ctx->buf[arg - 1];
++
++            /* Correct length for explicit IV */
++            len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
++
++            /* If decrypting correct for tag too */
++            if (!ctx->encrypt)
++                len -= EVP_GCM_TLS_TAG_LEN;
++
++            ctx->buf[arg - 2] = len >> 8;
++            ctx->buf[arg - 1] = len & 0xff;
++
++            state->aad = ctx->buf;
++            state->aad_len = arg;
++            state->len = len;
++
++            /* Extra padding: tag appended to record */
++            return EVP_GCM_TLS_TAG_LEN;
++        }
++    case EVP_CTRL_GCM_SET_IV_INV:
++        {
++            if (ctx->encrypt)
++                return 0;
++            memcpy(state->iv + state->ivlen - arg, ptr, arg);
++            return 1;
++        }
++    case EVP_CTRL_GCM_IV_GEN:
++        if (arg <= 0 || arg > state->ivlen)
++            arg = state->ivlen;
++        memcpy(ptr, state->iv + state->ivlen - arg, arg);
++        return 1;
++    default:
++        return -1;
++    }
++}
++
+ /*
+  * libcrypto EVP stuff - this is how we get wired to EVP so the engine
+  * gets called when libcrypto requests a cipher NID.
+@@ -947,6 +1162,22 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
+     NULL
+ };
+ 
++const EVP_CIPHER cryptodev_aes_128_gcm = {
++    NID_aes_128_gcm,
++    1, 16, 12,
++    EVP_CIPH_GCM_MODE | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1
++        | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER
++        | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT,
++    cryptodev_init_gcm_key,
++    cryptodev_gcm_cipher,
++    cryptodev_cleanup,
++    sizeof(struct dev_crypto_state),
++    EVP_CIPHER_set_asn1_iv,
++    EVP_CIPHER_get_asn1_iv,
++    cryptodev_gcm_ctrl,
++    NULL
++};
++
+ # ifdef CRYPTO_AES_CTR
+ const EVP_CIPHER cryptodev_aes_ctr = {
+     NID_aes_128_ctr,
+@@ -1041,6 +1272,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+     case NID_aes_256_cbc_hmac_sha1:
+         *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
+         break;
++    case NID_aes_128_gcm:
++        *cipher = &cryptodev_aes_128_gcm;
++        break;
+     default:
+         *cipher = NULL;
+         break;
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-SW-Backoff-mechanism-for-dsa-keygen.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-SW-Backoff-mechanism-for-dsa-keygen.patch
deleted file mode 100644
index 59330a1..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-SW-Backoff-mechanism-for-dsa-keygen.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 10be401a33e6ebcc325d6747914c70595cd53d0a Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Thu, 24 Apr 2014 00:35:34 +0545
-Subject: [PATCH 15/26] SW Backoff mechanism for dsa keygen
-
-Upstream-status: Pending
-
-DSA Keygen is not handled in default openssl dsa method. Due to
-same null function pointer in SW DSA method, the backoff for dsa
-keygen gives segmentation fault.
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 12 ++++++++----
- 1 file changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 6d69336..dab8fea 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2069,8 +2069,10 @@ static int cryptodev_dsa_keygen(DSA *dsa)
- 	return ret;
- sw_try:
- 	{
--		const DSA_METHOD *meth = DSA_OpenSSL();
--		ret = (meth->dsa_keygen)(dsa);
-+		const DSA_METHOD *meth = dsa->meth;
-+		dsa->meth = DSA_OpenSSL();
-+		ret = DSA_generate_key(dsa);
-+		dsa->meth = meth;
- 	}
- 	return ret;
- }
-@@ -2124,11 +2126,13 @@ static int cryptodev_dsa_keygen_async(DSA *dsa,  struct pkc_cookie_s *cookie)
- 	return ret;
- sw_try:
- 	{
--		const DSA_METHOD *meth = DSA_OpenSSL();
-+		const DSA_METHOD *meth = dsa->meth;
- 
-+		dsa->meth = DSA_OpenSSL();
- 		if (kop)
- 			free(kop);
--		ret = (meth->dsa_keygen)(dsa);
-+		ret = DSA_generate_key(dsa);
-+		dsa->meth = meth;
- 		cookie->pkc_callback(cookie, 0);
- 	}
- 	return ret;
--- 
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
new file mode 100644
index 0000000..623c58b
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
@@ -0,0 +1,199 @@
+From 7dd6b35c35b027be8ef0ef2e29a949bc4ce96bbd Mon Sep 17 00:00:00 2001
+From: Tudor Ambarus <tudor.ambarus at freescale.com>
+Date: Fri, 9 May 2014 17:54:06 +0300
+Subject: [PATCH 15/48] eng_cryptodev: extend TLS offload with
+ 3des_cbc_hmac_sha1
+
+Both obj_mac.h and obj_dat.h were generated using the scripts
+from crypto/objects:
+
+$ cd crypto/objects
+$ perl objects.pl objects.txt obj_mac.num obj_mac.h
+$ perl obj_dat.pl obj_mac.h obj_dat.h
+
+Signed-off-by: Tudor Ambarus <tudor.ambarus at freescale.com>
+Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 26 ++++++++++++++++++++++++++
+ crypto/objects/obj_dat.h      | 10 +++++++---
+ crypto/objects/obj_mac.h      |  4 ++++
+ crypto/objects/obj_mac.num    |  1 +
+ crypto/objects/objects.txt    |  1 +
+ ssl/ssl_ciph.c                |  4 ++++
+ 6 files changed, 43 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index d2cdca0..8f73a18 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -132,6 +132,7 @@ static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
+ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
+                           void (*f) (void));
+ void ENGINE_load_cryptodev(void);
++const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
+ 
+@@ -284,6 +285,9 @@ static struct {
+         CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0
+     },
+     {
++        CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20
++    },
++    {
+         CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20
+     },
+     {
+@@ -519,6 +523,9 @@ static int cryptodev_usable_ciphers(const int **nids)
+         case NID_aes_256_cbc_hmac_sha1:
+             EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
+             break;
++        case NID_des_ede3_cbc_hmac_sha1:
++            EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
++            break;
+         }
+     }
+     return count;
+@@ -623,6 +630,7 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+     switch (ctx->cipher->nid) {
+     case NID_aes_128_cbc_hmac_sha1:
+     case NID_aes_256_cbc_hmac_sha1:
++    case NID_des_ede3_cbc_hmac_sha1:
+         cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
+     }
+     cryp.ses = sess->ses;
+@@ -813,6 +821,7 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
+             switch (ctx->cipher->nid) {
+             case NID_aes_128_cbc_hmac_sha1:
+             case NID_aes_256_cbc_hmac_sha1:
++            case NID_des_ede3_cbc_hmac_sha1:
+                 maclen = SHA_DIGEST_LENGTH;
+             }
+ 
+@@ -1134,6 +1143,20 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
+     NULL
+ };
+ 
++const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1 = {
++    NID_des_ede3_cbc_hmac_sha1,
++    8, 24, 8,
++    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++    cryptodev_init_aead_key,
++    cryptodev_aead_cipher,
++    cryptodev_cleanup,
++    sizeof(struct dev_crypto_state),
++    EVP_CIPHER_set_asn1_iv,
++    EVP_CIPHER_get_asn1_iv,
++    cryptodev_cbc_hmac_sha1_ctrl,
++    NULL
++};
++
+ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
+     NID_aes_128_cbc_hmac_sha1,
+     16, 16, 16,
+@@ -1255,6 +1278,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+     case NID_aes_256_cbc:
+         *cipher = &cryptodev_aes_256_cbc;
+         break;
++    case NID_des_ede3_cbc_hmac_sha1:
++        *cipher = &cryptodev_3des_cbc_hmac_sha1;
++        break;
+ # ifdef CRYPTO_AES_CTR
+     case NID_aes_128_ctr:
+         *cipher = &cryptodev_aes_ctr;
+diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
+index b7e3cf2..35d1abc 100644
+--- a/crypto/objects/obj_dat.h
++++ b/crypto/objects/obj_dat.h
+@@ -62,9 +62,9 @@
+  * [including the GNU Public Licence.]
+  */
+ 
+-#define NUM_NID 958
+-#define NUM_SN 951
+-#define NUM_LN 951
++#define NUM_NID 959
++#define NUM_SN 952
++#define NUM_LN 952
+ #define NUM_OBJ 890
+ 
+ static const unsigned char lvalues[6255]={
+@@ -2514,6 +2514,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
+ 	NID_jurisdictionStateOrProvinceName,11,&(lvalues[6232]),0},
+ {"jurisdictionC","jurisdictionCountryName",
+ 	NID_jurisdictionCountryName,11,&(lvalues[6243]),0},
++{"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
++	NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
+ };
+ 
+ static const unsigned int sn_objs[NUM_SN]={
+@@ -2592,6 +2594,7 @@ static const unsigned int sn_objs[NUM_SN]={
+ 62,	/* "DES-EDE-OFB" */
+ 33,	/* "DES-EDE3" */
+ 44,	/* "DES-EDE3-CBC" */
++958,	/* "DES-EDE3-CBC-HMAC-SHA1" */
+ 61,	/* "DES-EDE3-CFB" */
+ 658,	/* "DES-EDE3-CFB1" */
+ 659,	/* "DES-EDE3-CFB8" */
+@@ -3760,6 +3763,7 @@ static const unsigned int ln_objs[NUM_LN]={
+ 62,	/* "des-ede-ofb" */
+ 33,	/* "des-ede3" */
+ 44,	/* "des-ede3-cbc" */
++958,	/* "des-ede3-cbc-hmac-sha1" */
+ 61,	/* "des-ede3-cfb" */
+ 658,	/* "des-ede3-cfb1" */
+ 659,	/* "des-ede3-cfb8" */
+diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
+index 779c309..cb318bc 100644
+--- a/crypto/objects/obj_mac.h
++++ b/crypto/objects/obj_mac.h
+@@ -4047,6 +4047,10 @@
+ #define LN_aes_256_cbc_hmac_sha256              "aes-256-cbc-hmac-sha256"
+ #define NID_aes_256_cbc_hmac_sha256             950
+ 
++#define SN_des_ede3_cbc_hmac_sha1               "DES-EDE3-CBC-HMAC-SHA1"
++#define LN_des_ede3_cbc_hmac_sha1               "des-ede3-cbc-hmac-sha1"
++#define NID_des_ede3_cbc_hmac_sha1              958
++
+ #define SN_dhpublicnumber               "dhpublicnumber"
+ #define LN_dhpublicnumber               "X9.42 DH"
+ #define NID_dhpublicnumber              920
+diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
+index 8e5ea83..02d1bb8 100644
+--- a/crypto/objects/obj_mac.num
++++ b/crypto/objects/obj_mac.num
+@@ -955,3 +955,4 @@ ct_cert_scts		954
+ jurisdictionLocalityName		955
+ jurisdictionStateOrProvinceName		956
+ jurisdictionCountryName		957
++des_ede3_cbc_hmac_sha1		958
+diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
+index b57aabb..4e1ff18 100644
+--- a/crypto/objects/objects.txt
++++ b/crypto/objects/objects.txt
+@@ -1294,6 +1294,7 @@ kisa 1 6                : SEED-OFB      : seed-ofb
+ 			: AES-128-CBC-HMAC-SHA256	: aes-128-cbc-hmac-sha256
+ 			: AES-192-CBC-HMAC-SHA256	: aes-192-cbc-hmac-sha256
+ 			: AES-256-CBC-HMAC-SHA256	: aes-256-cbc-hmac-sha256
++			: DES-EDE3-CBC-HMAC-SHA1	: des-ede3-cbc-hmac-sha1
+ 
+ ISO-US 10046 2 1	: dhpublicnumber		: X9.42 DH
+ 
+diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
+index 302464e..a379273 100644
+--- a/ssl/ssl_ciph.c
++++ b/ssl/ssl_ciph.c
+@@ -668,6 +668,10 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+                  c->algorithm_mac == SSL_SHA256 &&
+                  (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
+             *enc = evp, *md = NULL;
++        else if (c->algorithm_enc == SSL_3DES &&
++		 c->algorithm_mac == SSL_SHA1 &&
++		 (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
++            *enc = evp, *md = NULL;
+         return (1);
+     } else
+         return (0);
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-Fixed-DH-keygen-pair-generator.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-Fixed-DH-keygen-pair-generator.patch
deleted file mode 100644
index 8923cb6..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-Fixed-DH-keygen-pair-generator.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From d2c868c6370bcc0d0a254e641907da2cdf992d62 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta at freescale.com>
-Date: Thu, 1 May 2014 06:35:45 +0545
-Subject: [PATCH 16/26] Fixed DH keygen pair generator
-
-Upstream-status: Pending
-
-Wrong Padding results into keygen length error
-
-Signed-off-by: Yashpal Dutta <yashpal.dutta at freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 50 ++++++++++++++++++++++++++++---------------
- 1 file changed, 33 insertions(+), 17 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index dab8fea..13d924f 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -3396,44 +3396,60 @@ sw_try:
- static int cryptodev_dh_keygen(DH *dh)
- {
- 	struct crypt_kop kop;
--	int ret = 1, g_len;
--	unsigned char *g = NULL;
-+	int ret = 1, q_len = 0;
-+	unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL;
-+	BIGNUM *pub_key = NULL, *priv_key = NULL;
-+	int generate_new_key = 1;
- 
--	if (dh->priv_key == NULL)	{
--		if ((dh->priv_key=BN_new()) == NULL)
--			goto sw_try;
--	}
-+	if (dh->priv_key)
-+		priv_key = dh->priv_key;
- 
--	if (dh->pub_key == NULL) {
--		if ((dh->pub_key=BN_new()) == NULL)
--			goto sw_try;
--	}
-+	if (dh->pub_key)
-+		pub_key = dh->pub_key;
- 
--	g_len = BN_num_bytes(dh->p);
-+	q_len = BN_num_bytes(dh->p);
- 	/**
- 	 * Get generator into a plain buffer. If length is less than
- 	 * q_len then add leading padding bytes.
- 	 */
--	if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
-+	if (spcf_bn2bin_ex(dh->g, &g, &q_len)) {
-+		DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+		goto sw_try;
-+	}
-+
-+	if (spcf_bn2bin_ex(dh->p, &q, &q_len)) {
- 		DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
- 		goto sw_try;
- 	}
- 
- 	memset(&kop, 0, sizeof kop);
- 	kop.crk_op = CRK_DH_GENERATE_KEY;
--	if (bn2crparam(dh->p, &kop.crk_param[0]))
--		goto sw_try;
-+	kop.crk_param[0].crp_p = q;
-+	kop.crk_param[0].crp_nbits = q_len * 8;
- 	if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1]))
- 		goto sw_try;
- 	kop.crk_param[2].crp_p = g;
--	kop.crk_param[2].crp_nbits = g_len * 8;
-+	kop.crk_param[2].crp_nbits = q_len * 8;
- 	kop.crk_iparams = 3;
- 
-+	s = OPENSSL_malloc (q_len);
-+	if (!s) {
-+		DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+		goto sw_try;
-+	}
-+
-+	w = OPENSSL_malloc (q_len);
-+	if (!w) {
-+		DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+		goto sw_try;
-+	}
-+
- 	/* pub_key is or prime length while priv key is of length of order */
--	if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
--	    BN_num_bytes(dh->q), dh->priv_key))
-+	if (cryptodev_asym(&kop, q_len, w, q_len, s))
- 	    goto sw_try;
- 
-+	dh->pub_key = BN_bin2bn(w, q_len, pub_key);
-+	dh->pub_key = BN_bin2bn(s, q_len, priv_key);
- 	return ret;
- sw_try:
- 	{
--- 
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
new file mode 100644
index 0000000..c586621
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
@@ -0,0 +1,338 @@
+From 3f34089ab0a3b31ec6b31a6cbf308ca20c6ef597 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Fri, 22 Jan 2016 11:58:34 +0200
+Subject: [PATCH 16/48] eng_cryptodev: add support for TLSv1.1 record offload
+
+Supported cipher suites:
+- 3des-ede-cbc-sha
+- aes-128-cbc-hmac-sha
+- aes-256-cbc-hmac-sha
+
+Requires TLS patches on cryptodev and TLS algorithm support in Linux
+kernel driver.
+
+Signed-off-by: Tudor Ambarus <tudor.ambarus at freescale.com>
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 96 ++++++++++++++++++++++++++++++++++++++++++-
+ crypto/objects/obj_dat.h      | 18 ++++++--
+ crypto/objects/obj_mac.h      | 12 ++++++
+ crypto/objects/obj_mac.num    |  3 ++
+ crypto/objects/objects.txt    |  3 ++
+ ssl/ssl_ciph.c                | 28 ++++++++++---
+ 6 files changed, 151 insertions(+), 9 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 8f73a18..e37a661 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -66,6 +66,7 @@ void ENGINE_load_cryptodev(void)
+ # include <sys/ioctl.h>
+ # include <errno.h>
+ # include <stdio.h>
++# include <stdbool.h>
+ # include <unistd.h>
+ # include <fcntl.h>
+ # include <stdarg.h>
+@@ -135,6 +136,9 @@ void ENGINE_load_cryptodev(void);
+ const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
++const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
++const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
++const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
+ 
+ inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
+ {
+@@ -294,6 +298,18 @@ static struct {
+         CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20
+     },
+     {
++        CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8,
++        24, 20
++    },
++    {
++        CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16,
++        20
++    },
++    {
++        CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32,
++        20
++    },
++    {
+         CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0
+     },
+     {
+@@ -526,6 +542,15 @@ static int cryptodev_usable_ciphers(const int **nids)
+         case NID_des_ede3_cbc_hmac_sha1:
+             EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
+             break;
++        case NID_tls11_des_ede3_cbc_hmac_sha1:
++            EVP_add_cipher(&cryptodev_tls11_3des_cbc_hmac_sha1);
++            break;
++        case NID_tls11_aes_128_cbc_hmac_sha1:
++            EVP_add_cipher(&cryptodev_tls11_aes_128_cbc_hmac_sha1);
++            break;
++        case NID_tls11_aes_256_cbc_hmac_sha1:
++            EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
++            break;
+         }
+     }
+     return count;
+@@ -631,6 +656,9 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+     case NID_aes_128_cbc_hmac_sha1:
+     case NID_aes_256_cbc_hmac_sha1:
+     case NID_des_ede3_cbc_hmac_sha1:
++    case NID_tls11_des_ede3_cbc_hmac_sha1:
++    case NID_tls11_aes_128_cbc_hmac_sha1:
++    case NID_tls11_aes_256_cbc_hmac_sha1:
+         cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
+     }
+     cryp.ses = sess->ses;
+@@ -810,8 +838,9 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
+             struct dev_crypto_state *state = ctx->cipher_data;
+             unsigned char *p = ptr;
+             unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
+-            unsigned int maclen, padlen;
++            unsigned int maclen, padlen, len;
+             unsigned int bs = ctx->cipher->block_size;
++            bool aad_needs_fix = false;
+ 
+             state->aad = ptr;
+             state->aad_len = arg;
+@@ -823,6 +852,20 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
+             case NID_aes_256_cbc_hmac_sha1:
+             case NID_des_ede3_cbc_hmac_sha1:
+                 maclen = SHA_DIGEST_LENGTH;
++                break;
++            case NID_tls11_des_ede3_cbc_hmac_sha1:
++            case NID_tls11_aes_128_cbc_hmac_sha1:
++            case NID_tls11_aes_256_cbc_hmac_sha1:
++                maclen = SHA_DIGEST_LENGTH;
++                aad_needs_fix = true;
++                break;
++            }
++
++            /* Correct length for AAD Length field */
++            if (ctx->encrypt && aad_needs_fix) {
++                len = cryptlen - bs;
++                p[arg - 2] = len >> 8;
++                p[arg - 1] = len & 0xff;
+             }
+ 
+             /* space required for encryption (not only TLS padding) */
+@@ -1185,6 +1228,48 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
+     NULL
+ };
+ 
++const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1 = {
++    NID_tls11_des_ede3_cbc_hmac_sha1,
++    8, 24, 8,
++    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++    cryptodev_init_aead_key,
++    cryptodev_aead_cipher,
++    cryptodev_cleanup,
++    sizeof(struct dev_crypto_state),
++    EVP_CIPHER_set_asn1_iv,
++    EVP_CIPHER_get_asn1_iv,
++    cryptodev_cbc_hmac_sha1_ctrl,
++    NULL
++};
++
++const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1 = {
++    NID_tls11_aes_128_cbc_hmac_sha1,
++    16, 16, 16,
++    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++    cryptodev_init_aead_key,
++    cryptodev_aead_cipher,
++    cryptodev_cleanup,
++    sizeof(struct dev_crypto_state),
++    EVP_CIPHER_set_asn1_iv,
++    EVP_CIPHER_get_asn1_iv,
++    cryptodev_cbc_hmac_sha1_ctrl,
++    NULL
++};
++
++const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
++    NID_tls11_aes_256_cbc_hmac_sha1,
++    16, 32, 16,
++    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++    cryptodev_init_aead_key,
++    cryptodev_aead_cipher,
++    cryptodev_cleanup,
++    sizeof(struct dev_crypto_state),
++    EVP_CIPHER_set_asn1_iv,
++    EVP_CIPHER_get_asn1_iv,
++    cryptodev_cbc_hmac_sha1_ctrl,
++    NULL
++};
++
+ const EVP_CIPHER cryptodev_aes_128_gcm = {
+     NID_aes_128_gcm,
+     1, 16, 12,
+@@ -1298,6 +1383,15 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+     case NID_aes_256_cbc_hmac_sha1:
+         *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
+         break;
++    case NID_tls11_des_ede3_cbc_hmac_sha1:
++        *cipher = &cryptodev_tls11_3des_cbc_hmac_sha1;
++        break;
++    case NID_tls11_aes_128_cbc_hmac_sha1:
++        *cipher = &cryptodev_tls11_aes_128_cbc_hmac_sha1;
++        break;
++    case NID_tls11_aes_256_cbc_hmac_sha1:
++        *cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1;
++        break;
+     case NID_aes_128_gcm:
+         *cipher = &cryptodev_aes_128_gcm;
+         break;
+diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
+index 35d1abc..4dd32a1 100644
+--- a/crypto/objects/obj_dat.h
++++ b/crypto/objects/obj_dat.h
+@@ -62,9 +62,9 @@
+  * [including the GNU Public Licence.]
+  */
+ 
+-#define NUM_NID 959
+-#define NUM_SN 952
+-#define NUM_LN 952
++#define NUM_NID 962
++#define NUM_SN 955
++#define NUM_LN 955
+ #define NUM_OBJ 890
+ 
+ static const unsigned char lvalues[6255]={
+@@ -2516,6 +2516,12 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
+ 	NID_jurisdictionCountryName,11,&(lvalues[6243]),0},
+ {"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
+ 	NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
++{"TLS11-DES-EDE3-CBC-HMAC-SHA1","tls11-des-ede3-cbc-hmac-sha1",
++	NID_tls11_des_ede3_cbc_hmac_sha1,0,NULL,0},
++{"TLS11-AES-128-CBC-HMAC-SHA1","tls11-aes-128-cbc-hmac-sha1",
++	NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
++{"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
++	NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
+ };
+ 
+ static const unsigned int sn_objs[NUM_SN]={
+@@ -2705,6 +2711,9 @@ static const unsigned int sn_objs[NUM_SN]={
+ 100,	/* "SN" */
+ 16,	/* "ST" */
+ 143,	/* "SXNetID" */
++960,	/* "TLS11-AES-128-CBC-HMAC-SHA1" */
++961,	/* "TLS11-AES-256-CBC-HMAC-SHA1" */
++959,	/* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
+ 458,	/* "UID" */
+  0,	/* "UNDEF" */
+ 11,	/* "X500" */
+@@ -4396,6 +4405,9 @@ static const unsigned int ln_objs[NUM_LN]={
+ 459,	/* "textEncodedORAddress" */
+ 293,	/* "textNotice" */
+ 106,	/* "title" */
++960,	/* "tls11-aes-128-cbc-hmac-sha1" */
++961,	/* "tls11-aes-256-cbc-hmac-sha1" */
++959,	/* "tls11-des-ede3-cbc-hmac-sha1" */
+ 682,	/* "tpBasis" */
+ 436,	/* "ucl" */
+  0,	/* "undefined" */
+diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
+index cb318bc..5930563 100644
+--- a/crypto/objects/obj_mac.h
++++ b/crypto/objects/obj_mac.h
+@@ -4051,6 +4051,18 @@
+ #define LN_des_ede3_cbc_hmac_sha1               "des-ede3-cbc-hmac-sha1"
+ #define NID_des_ede3_cbc_hmac_sha1              958
+ 
++#define SN_tls11_des_ede3_cbc_hmac_sha1         "TLS11-DES-EDE3-CBC-HMAC-SHA1"
++#define LN_tls11_des_ede3_cbc_hmac_sha1         "tls11-des-ede3-cbc-hmac-sha1"
++#define NID_tls11_des_ede3_cbc_hmac_sha1                959
++
++#define SN_tls11_aes_128_cbc_hmac_sha1          "TLS11-AES-128-CBC-HMAC-SHA1"
++#define LN_tls11_aes_128_cbc_hmac_sha1          "tls11-aes-128-cbc-hmac-sha1"
++#define NID_tls11_aes_128_cbc_hmac_sha1         960
++
++#define SN_tls11_aes_256_cbc_hmac_sha1          "TLS11-AES-256-CBC-HMAC-SHA1"
++#define LN_tls11_aes_256_cbc_hmac_sha1          "tls11-aes-256-cbc-hmac-sha1"
++#define NID_tls11_aes_256_cbc_hmac_sha1         961
++
+ #define SN_dhpublicnumber               "dhpublicnumber"
+ #define LN_dhpublicnumber               "X9.42 DH"
+ #define NID_dhpublicnumber              920
+diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
+index 02d1bb8..02f1728 100644
+--- a/crypto/objects/obj_mac.num
++++ b/crypto/objects/obj_mac.num
+@@ -956,3 +956,6 @@ jurisdictionLocalityName		955
+ jurisdictionStateOrProvinceName		956
+ jurisdictionCountryName		957
+ des_ede3_cbc_hmac_sha1		958
++tls11_des_ede3_cbc_hmac_sha1		959
++tls11_aes_128_cbc_hmac_sha1		960
++tls11_aes_256_cbc_hmac_sha1		961
+diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
+index 4e1ff18..cda81da 100644
+--- a/crypto/objects/objects.txt
++++ b/crypto/objects/objects.txt
+@@ -1295,6 +1295,9 @@ kisa 1 6                : SEED-OFB      : seed-ofb
+ 			: AES-192-CBC-HMAC-SHA256	: aes-192-cbc-hmac-sha256
+ 			: AES-256-CBC-HMAC-SHA256	: aes-256-cbc-hmac-sha256
+ 			: DES-EDE3-CBC-HMAC-SHA1	: des-ede3-cbc-hmac-sha1
++			: TLS11-DES-EDE3-CBC-HMAC-SHA1	: tls11-des-ede3-cbc-hmac-sha1
++			: TLS11-AES-128-CBC-HMAC-SHA1	: tls11-aes-128-cbc-hmac-sha1
++			: TLS11-AES-256-CBC-HMAC-SHA1	: tls11-aes-256-cbc-hmac-sha1
+ 
+ ISO-US 10046 2 1	: dhpublicnumber		: X9.42 DH
+ 
+diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
+index a379273..e3d73ac 100644
+--- a/ssl/ssl_ciph.c
++++ b/ssl/ssl_ciph.c
+@@ -652,11 +652,13 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+             c->algorithm_mac == SSL_MD5 &&
+             (evp = EVP_get_cipherbyname("RC4-HMAC-MD5")))
+             *enc = evp, *md = NULL;
+-        else if (c->algorithm_enc == SSL_AES128 &&
++        else if (s->ssl_version == TLS1_VERSION &&
++                 c->algorithm_enc == SSL_AES128 &&
+                  c->algorithm_mac == SSL_SHA1 &&
+                  (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
+             *enc = evp, *md = NULL;
+-        else if (c->algorithm_enc == SSL_AES256 &&
++        else if (s->ssl_version == TLS1_VERSION &&
++                 c->algorithm_enc == SSL_AES256 &&
+                  c->algorithm_mac == SSL_SHA1 &&
+                  (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
+             *enc = evp, *md = NULL;
+@@ -668,9 +670,25 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+                  c->algorithm_mac == SSL_SHA256 &&
+                  (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
+             *enc = evp, *md = NULL;
+-        else if (c->algorithm_enc == SSL_3DES &&
+-		 c->algorithm_mac == SSL_SHA1 &&
+-		 (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
++        else if (s->ssl_version == TLS1_VERSION &&
++                 c->algorithm_enc == SSL_3DES &&
++                 c->algorithm_mac == SSL_SHA1 &&
++                 (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
++            *enc = evp, *md = NULL;
++        else if (s->ssl_version == TLS1_1_VERSION &&
++                 c->algorithm_enc == SSL_3DES &&
++                 c->algorithm_mac == SSL_SHA1 &&
++                 (evp = EVP_get_cipherbyname("TLS11-DES-EDE3-CBC-HMAC-SHA1")))
++            *enc = evp, *md = NULL;
++        else if (s->ssl_version == TLS1_1_VERSION &&
++                 c->algorithm_enc == SSL_AES128 &&
++                 c->algorithm_mac == SSL_SHA1 &&
++                 (evp = EVP_get_cipherbyname("TLS11-AES-128-CBC-HMAC-SHA1")))
++            *enc = evp, *md = NULL;
++        else if (s->ssl_version == TLS1_1_VERSION &&
++                 c->algorithm_enc == SSL_AES256 &&
++                 c->algorithm_mac == SSL_SHA1 &&
++                 (evp = EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
+             *enc = evp, *md = NULL;
+         return (1);
+     } else
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
deleted file mode 100644
index bd9e61a..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
+++ /dev/null
@@ -1,309 +0,0 @@
-From 11b55103463bac614e00d74e9f196ec4ec6bade1 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at freescale.com>
-Date: Mon, 16 Jun 2014 14:06:21 +0300
-Subject: [PATCH 17/26] cryptodev: add support for aes-gcm algorithm offloading
-
-Change-Id: I3b77dc5ef8b8f707309549244a02852d95b36168
-Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/17226
----
- apps/speed.c                  |   6 +-
- crypto/engine/eng_cryptodev.c | 229 +++++++++++++++++++++++++++++++++++++++++-
- 2 files changed, 233 insertions(+), 2 deletions(-)
-
-diff --git a/apps/speed.c b/apps/speed.c
-index 9886ca3..099dede 100644
---- a/apps/speed.c
-+++ b/apps/speed.c
-@@ -224,7 +224,11 @@
- #endif
- 
- #undef BUFSIZE
--#define BUFSIZE	((long)1024*8+1)
-+/* The buffer overhead allows GCM tag at the end of the encrypted data. This
-+   avoids buffer overflows from cryptodev since Linux kernel GCM
-+   implementation allways adds the tag - unlike e_aes.c:aes_gcm_cipher()
-+   which doesn't */
-+#define BUFSIZE	((long)1024*8 + EVP_GCM_TLS_TAG_LEN)
- int run=0;
- 
- static int mr=0;
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 13d924f..4493490 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -78,8 +78,10 @@ struct dev_crypto_state {
- 	struct session_op d_sess;
- 	int d_fd;
- 	unsigned char *aad;
--	unsigned int aad_len;
-+	int aad_len;
- 	unsigned int len;
-+	unsigned char *iv;
-+	int ivlen;
- 
- #ifdef USE_CRYPTODEV_DIGESTS
- 	char dummy_mac_key[HASH_MAX_LEN];
-@@ -251,6 +253,7 @@ static struct {
- 	{ CRYPTO_SKIPJACK_CBC,  NID_undef,        0,  0,  0},
- 	{ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
- 	{ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
-+	{ CRYPTO_AES_GCM,       NID_aes_128_gcm,  16, 16, 0},
- 	{ 0, NID_undef,	0, 0, 0},
- };
- 
-@@ -271,6 +274,19 @@ static struct {
- };
- #endif
- 
-+/* increment counter (64-bit int) by 1 */
-+static void ctr64_inc(unsigned char *counter) {
-+	int n=8;
-+	unsigned char  c;
-+
-+	do {
-+		--n;
-+		c = counter[n];
-+		++c;
-+		counter[n] = c;
-+		if (c) return;
-+	} while (n);
-+}
- /*
-  * Return a fd if /dev/crypto seems usable, 0 otherwise.
-  */
-@@ -762,6 +778,197 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
- 	}
- }
- 
-+static int cryptodev_init_gcm_key(EVP_CIPHER_CTX *ctx,
-+	const unsigned char *key, const unsigned char *iv, int enc)
-+{
-+	struct dev_crypto_state *state = ctx->cipher_data;
-+	struct session_op *sess = &state->d_sess;
-+	int cipher = -1, i;
-+	if (!iv && !key)
-+		return 1;
-+
-+	if (iv)
-+		memcpy(ctx->iv, iv, ctx->cipher->iv_len);
-+
-+	for (i = 0; ciphers[i].id; i++)
-+		if (ctx->cipher->nid == ciphers[i].nid &&
-+		    ctx->cipher->iv_len <= ciphers[i].ivmax &&
-+		    ctx->key_len == ciphers[i].keylen) {
-+			cipher = ciphers[i].id;
-+			break;
-+		}
-+
-+	if (!ciphers[i].id) {
-+		state->d_fd = -1;
-+		return 0;
-+	}
-+
-+	memset(sess, 0, sizeof(struct session_op));
-+
-+	if ((state->d_fd = get_dev_crypto()) < 0)
-+		return 0;
-+
-+	sess->key = (unsigned char *) key;
-+	sess->keylen = ctx->key_len;
-+	sess->cipher = cipher;
-+
-+	if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
-+		put_dev_crypto(state->d_fd);
-+		state->d_fd = -1;
-+		return 0;
-+	}
-+	return 1;
-+}
-+
-+static int cryptodev_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+		const unsigned char *in, size_t len)
-+{
-+	struct crypt_auth_op cryp = {0};
-+	struct dev_crypto_state *state = ctx->cipher_data;
-+	struct session_op *sess = &state->d_sess;
-+	int rv = len;
-+
-+	if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ?
-+			EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
-+			EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
-+		return 0;
-+
-+	in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-+	out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-+	len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
-+
-+	if (ctx->encrypt) {
-+		len -= EVP_GCM_TLS_TAG_LEN;
-+	}
-+	cryp.ses = sess->ses;
-+	cryp.len = len;
-+	cryp.src = (unsigned char*) in;
-+	cryp.dst = out;
-+	cryp.auth_src = state->aad;
-+	cryp.auth_len = state->aad_len;
-+	cryp.iv = ctx->iv;
-+	cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-+
-+	if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
-+		return 0;
-+	}
-+
-+	if (ctx->encrypt)
-+		ctr64_inc(state->iv + state->ivlen - 8);
-+	else
-+		rv = len - EVP_GCM_TLS_TAG_LEN;
-+
-+	return rv;
-+}
-+
-+static int cryptodev_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+		const unsigned char *in, size_t len)
-+{
-+	struct crypt_auth_op cryp;
-+	struct dev_crypto_state *state = ctx->cipher_data;
-+	struct session_op *sess = &state->d_sess;
-+
-+	if (state->d_fd < 0)
-+		return 0;
-+
-+	if ((len % ctx->cipher->block_size) != 0)
-+		return 0;
-+
-+	if (state->aad_len >= 0)
-+		return cryptodev_gcm_tls_cipher(ctx, out, in, len);
-+
-+	memset(&cryp, 0, sizeof(cryp));
-+
-+	cryp.ses = sess->ses;
-+	cryp.len = len;
-+	cryp.src = (unsigned char*) in;
-+	cryp.dst = out;
-+	cryp.auth_src = NULL;
-+	cryp.auth_len = 0;
-+	cryp.iv = ctx->iv;
-+	cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-+
-+	if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
-+		return 0;
-+	}
-+
-+	return len;
-+}
-+
-+static int cryptodev_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
-+		void *ptr)
-+{
-+	struct dev_crypto_state *state = ctx->cipher_data;
-+	switch (type) {
-+	case EVP_CTRL_INIT:
-+	{
-+		state->ivlen = ctx->cipher->iv_len;
-+		state->iv = ctx->iv;
-+		state->aad_len = -1;
-+		return 1;
-+	}
-+	case EVP_CTRL_GCM_SET_IV_FIXED:
-+	{
-+		/* Special case: -1 length restores whole IV */
-+		if (arg == -1)
-+			{
-+			memcpy(state->iv, ptr, state->ivlen);
-+			return 1;
-+			}
-+		/* Fixed field must be at least 4 bytes and invocation field
-+		 * at least 8.
-+		 */
-+		if ((arg < 4) || (state->ivlen - arg) < 8)
-+			return 0;
-+		if (arg)
-+			memcpy(state->iv, ptr, arg);
-+		if (ctx->encrypt &&
-+			RAND_bytes(state->iv + arg, state->ivlen - arg) <= 0)
-+			return 0;
-+		return 1;
-+	}
-+	case EVP_CTRL_AEAD_TLS1_AAD:
-+	{
-+		unsigned int len;
-+		if (arg != 13)
-+			return 0;
-+
-+		memcpy(ctx->buf, ptr, arg);
-+		len=ctx->buf[arg-2] << 8 | ctx->buf[arg-1];
-+
-+		/* Correct length for explicit IV */
-+		len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
-+
-+		/* If decrypting correct for tag too */
-+		if (!ctx->encrypt)
-+			len -= EVP_GCM_TLS_TAG_LEN;
-+
-+		ctx->buf[arg-2] = len >> 8;
-+		ctx->buf[arg-1] = len & 0xff;
-+
-+		state->aad = ctx->buf;
-+		state->aad_len = arg;
-+		state->len = len;
-+
-+		/* Extra padding: tag appended to record */
-+		return EVP_GCM_TLS_TAG_LEN;
-+	}
-+	case EVP_CTRL_GCM_SET_IV_INV:
-+	{
-+		if (ctx->encrypt)
-+			return 0;
-+		memcpy(state->iv + state->ivlen - arg, ptr, arg);
-+		return 1;
-+	}
-+	case EVP_CTRL_GCM_IV_GEN:
-+		if (arg <= 0 || arg > state->ivlen)
-+			arg = state->ivlen;
-+		memcpy(ptr, state->iv + state->ivlen - arg, arg);
-+		return 1;
-+	default:
-+		return -1;
-+	}
-+}
- /*
-  * libcrypto EVP stuff - this is how we get wired to EVP so the engine
-  * gets called when libcrypto requests a cipher NID.
-@@ -901,6 +1108,23 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
- 	cryptodev_cbc_hmac_sha1_ctrl,
- 	NULL
- };
-+
-+const EVP_CIPHER cryptodev_aes_128_gcm = {
-+	NID_aes_128_gcm,
-+	1, 16, 12,
-+	EVP_CIPH_GCM_MODE | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1 \
-+	| EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
-+	| EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT,
-+	cryptodev_init_gcm_key,
-+	cryptodev_gcm_cipher,
-+	cryptodev_cleanup,
-+	sizeof(struct dev_crypto_state),
-+	EVP_CIPHER_set_asn1_iv,
-+	EVP_CIPHER_get_asn1_iv,
-+	cryptodev_gcm_ctrl,
-+	NULL
-+};
-+
- /*
-  * Registered by the ENGINE when used to find out how to deal with
-  * a particular NID in the ENGINE. this says what we'll do at the
-@@ -944,6 +1168,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- 	case NID_aes_256_cbc_hmac_sha1:
- 		*cipher = &cryptodev_aes_256_cbc_hmac_sha1;
- 		break;
-+	case NID_aes_128_gcm:
-+		*cipher = &cryptodev_aes_128_gcm;
-+		break;
- 	default:
- 		*cipher = NULL;
- 		break;
--- 
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
new file mode 100644
index 0000000..5e65ec6
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
@@ -0,0 +1,377 @@
+From 4c1531a088076118ce3c06cb0af15998f0796cb3 Mon Sep 17 00:00:00 2001
+From: Tudor Ambarus <tudor.ambarus at freescale.com>
+Date: Tue, 31 Mar 2015 16:32:35 +0300
+Subject: [PATCH 17/48] eng_cryptodev: add support for TLSv1.2 record offload
+
+Supported cipher suites:
+- 3des-ede-cbc-sha
+- aes-128-cbc-hmac-sha
+- aes-256-cbc-hmac-sha
+- aes-128-cbc-hmac-sha256
+- aes-256-cbc-hmac-sha256
+
+Requires TLS patches on cryptodev and TLS algorithm support in Linux
+kernel driver.
+
+Signed-off-by: Tudor Ambarus <tudor.ambarus at freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 138 ++++++++++++++++++++++++++++++++++++++++++
+ crypto/objects/obj_dat.h      |  26 +++++++-
+ crypto/objects/obj_mac.h      |  20 ++++++
+ crypto/objects/obj_mac.num    |   5 ++
+ crypto/objects/objects.txt    |   5 ++
+ ssl/ssl_ciph.c                |  25 ++++++++
+ 6 files changed, 216 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index e37a661..e6f9f16 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -139,6 +139,11 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
++const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1;
++const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1;
++const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1;
++const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256;
++const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256;
+ 
+ inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
+ {
+@@ -310,6 +315,26 @@ static struct {
+         20
+     },
+     {
++        CRYPTO_TLS12_3DES_CBC_HMAC_SHA1, NID_tls12_des_ede3_cbc_hmac_sha1, 8,
++        24, 20
++    },
++    {
++        CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_128_cbc_hmac_sha1, 16, 16,
++        20
++    },
++    {
++        CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_256_cbc_hmac_sha1, 16, 32,
++        20
++    },
++    {
++        CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_128_cbc_hmac_sha256, 16,
++        16, 32
++    },
++    {
++        CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_256_cbc_hmac_sha256, 16,
++        32, 32
++    },
++    {
+         CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0
+     },
+     {
+@@ -551,6 +576,21 @@ static int cryptodev_usable_ciphers(const int **nids)
+         case NID_tls11_aes_256_cbc_hmac_sha1:
+             EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
+             break;
++        case NID_tls12_des_ede3_cbc_hmac_sha1:
++            EVP_add_cipher(&cryptodev_tls12_3des_cbc_hmac_sha1);
++            break;
++        case NID_tls12_aes_128_cbc_hmac_sha1:
++            EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha1);
++            break;
++        case NID_tls12_aes_256_cbc_hmac_sha1:
++            EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha1);
++            break;
++        case NID_tls12_aes_128_cbc_hmac_sha256:
++            EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha256);
++            break;
++        case NID_tls12_aes_256_cbc_hmac_sha256:
++            EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha256);
++            break;
+         }
+     }
+     return count;
+@@ -659,6 +699,11 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+     case NID_tls11_des_ede3_cbc_hmac_sha1:
+     case NID_tls11_aes_128_cbc_hmac_sha1:
+     case NID_tls11_aes_256_cbc_hmac_sha1:
++    case NID_tls12_des_ede3_cbc_hmac_sha1:
++    case NID_tls12_aes_128_cbc_hmac_sha1:
++    case NID_tls12_aes_256_cbc_hmac_sha1:
++    case NID_tls12_aes_128_cbc_hmac_sha256:
++    case NID_tls12_aes_256_cbc_hmac_sha256:
+         cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
+     }
+     cryp.ses = sess->ses;
+@@ -856,9 +901,17 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
+             case NID_tls11_des_ede3_cbc_hmac_sha1:
+             case NID_tls11_aes_128_cbc_hmac_sha1:
+             case NID_tls11_aes_256_cbc_hmac_sha1:
++            case NID_tls12_des_ede3_cbc_hmac_sha1:
++            case NID_tls12_aes_128_cbc_hmac_sha1:
++            case NID_tls12_aes_256_cbc_hmac_sha1:
+                 maclen = SHA_DIGEST_LENGTH;
+                 aad_needs_fix = true;
+                 break;
++            case NID_tls12_aes_128_cbc_hmac_sha256:
++            case NID_tls12_aes_256_cbc_hmac_sha256:
++                maclen = SHA256_DIGEST_LENGTH;
++                aad_needs_fix = true;
++                break;
+             }
+ 
+             /* Correct length for AAD Length field */
+@@ -1270,6 +1323,76 @@ const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
+     NULL
+ };
+ 
++const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1 = {
++    NID_tls12_des_ede3_cbc_hmac_sha1,
++    8, 24, 8,
++    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++    cryptodev_init_aead_key,
++    cryptodev_aead_cipher,
++    cryptodev_cleanup,
++    sizeof(struct dev_crypto_state),
++    EVP_CIPHER_set_asn1_iv,
++    EVP_CIPHER_get_asn1_iv,
++    cryptodev_cbc_hmac_sha1_ctrl,
++    NULL
++};
++
++const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1 = {
++    NID_tls12_aes_128_cbc_hmac_sha1,
++    16, 16, 16,
++    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++    cryptodev_init_aead_key,
++    cryptodev_aead_cipher,
++    cryptodev_cleanup,
++    sizeof(struct dev_crypto_state),
++    EVP_CIPHER_set_asn1_iv,
++    EVP_CIPHER_get_asn1_iv,
++    cryptodev_cbc_hmac_sha1_ctrl,
++    NULL
++};
++
++const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1 = {
++    NID_tls12_aes_256_cbc_hmac_sha1,
++    16, 32, 16,
++    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++    cryptodev_init_aead_key,
++    cryptodev_aead_cipher,
++    cryptodev_cleanup,
++    sizeof(struct dev_crypto_state),
++    EVP_CIPHER_set_asn1_iv,
++    EVP_CIPHER_get_asn1_iv,
++    cryptodev_cbc_hmac_sha1_ctrl,
++    NULL
++};
++
++const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256 = {
++    NID_tls12_aes_128_cbc_hmac_sha256,
++    16, 16, 16,
++    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++    cryptodev_init_aead_key,
++    cryptodev_aead_cipher,
++    cryptodev_cleanup,
++    sizeof(struct dev_crypto_state),
++    EVP_CIPHER_set_asn1_iv,
++    EVP_CIPHER_get_asn1_iv,
++    cryptodev_cbc_hmac_sha1_ctrl,
++    NULL
++};
++
++const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256 = {
++    NID_tls12_aes_256_cbc_hmac_sha256,
++    16, 32, 16,
++    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++    cryptodev_init_aead_key,
++    cryptodev_aead_cipher,
++    cryptodev_cleanup,
++    sizeof(struct dev_crypto_state),
++    EVP_CIPHER_set_asn1_iv,
++    EVP_CIPHER_get_asn1_iv,
++    cryptodev_cbc_hmac_sha1_ctrl,
++    NULL
++};
++
+ const EVP_CIPHER cryptodev_aes_128_gcm = {
+     NID_aes_128_gcm,
+     1, 16, 12,
+@@ -1395,6 +1518,21 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+     case NID_aes_128_gcm:
+         *cipher = &cryptodev_aes_128_gcm;
+         break;
++    case NID_tls12_des_ede3_cbc_hmac_sha1:
++        *cipher = &cryptodev_tls12_3des_cbc_hmac_sha1;
++        break;
++    case NID_tls12_aes_128_cbc_hmac_sha1:
++        *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha1;
++        break;
++    case NID_tls12_aes_256_cbc_hmac_sha1:
++        *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha1;
++        break;
++    case NID_tls12_aes_128_cbc_hmac_sha256:
++        *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha256;
++        break;
++    case NID_tls12_aes_256_cbc_hmac_sha256:
++        *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha256;
++        break;
+     default:
+         *cipher = NULL;
+         break;
+diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
+index 4dd32a1..e3a2505 100644
+--- a/crypto/objects/obj_dat.h
++++ b/crypto/objects/obj_dat.h
+@@ -62,9 +62,9 @@
+  * [including the GNU Public Licence.]
+  */
+ 
+-#define NUM_NID 962
+-#define NUM_SN 955
+-#define NUM_LN 955
++#define NUM_NID 967
++#define NUM_SN 960
++#define NUM_LN 960
+ #define NUM_OBJ 890
+ 
+ static const unsigned char lvalues[6255]={
+@@ -2522,6 +2522,16 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
+ 	NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
+ {"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
+ 	NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
++{"TLS12-DES-EDE3-CBC-HMAC-SHA1","tls12-des-ede3-cbc-hmac-sha1",
++	NID_tls12_des_ede3_cbc_hmac_sha1,0,NULL,0},
++{"TLS12-AES-128-CBC-HMAC-SHA1","tls12-aes-128-cbc-hmac-sha1",
++	NID_tls12_aes_128_cbc_hmac_sha1,0,NULL,0},
++{"TLS12-AES-256-CBC-HMAC-SHA1","tls12-aes-256-cbc-hmac-sha1",
++	NID_tls12_aes_256_cbc_hmac_sha1,0,NULL,0},
++{"TLS12-AES-128-CBC-HMAC-SHA256","tls12-aes-128-cbc-hmac-sha256",
++	NID_tls12_aes_128_cbc_hmac_sha256,0,NULL,0},
++{"TLS12-AES-256-CBC-HMAC-SHA256","tls12-aes-256-cbc-hmac-sha256",
++	NID_tls12_aes_256_cbc_hmac_sha256,0,NULL,0},
+ };
+ 
+ static const unsigned int sn_objs[NUM_SN]={
+@@ -2714,6 +2724,11 @@ static const unsigned int sn_objs[NUM_SN]={
+ 960,	/* "TLS11-AES-128-CBC-HMAC-SHA1" */
+ 961,	/* "TLS11-AES-256-CBC-HMAC-SHA1" */
+ 959,	/* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
++963,	/* "TLS12-AES-128-CBC-HMAC-SHA1" */
++965,	/* "TLS12-AES-128-CBC-HMAC-SHA256" */
++964,	/* "TLS12-AES-256-CBC-HMAC-SHA1" */
++966,	/* "TLS12-AES-256-CBC-HMAC-SHA256" */
++962,	/* "TLS12-DES-EDE3-CBC-HMAC-SHA1" */
+ 458,	/* "UID" */
+  0,	/* "UNDEF" */
+ 11,	/* "X500" */
+@@ -4408,6 +4423,11 @@ static const unsigned int ln_objs[NUM_LN]={
+ 960,	/* "tls11-aes-128-cbc-hmac-sha1" */
+ 961,	/* "tls11-aes-256-cbc-hmac-sha1" */
+ 959,	/* "tls11-des-ede3-cbc-hmac-sha1" */
++963,	/* "tls12-aes-128-cbc-hmac-sha1" */
++965,	/* "tls12-aes-128-cbc-hmac-sha256" */
++964,	/* "tls12-aes-256-cbc-hmac-sha1" */
++966,	/* "tls12-aes-256-cbc-hmac-sha256" */
++962,	/* "tls12-des-ede3-cbc-hmac-sha1" */
+ 682,	/* "tpBasis" */
+ 436,	/* "ucl" */
+  0,	/* "undefined" */
+diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
+index 5930563..f4a81cb 100644
+--- a/crypto/objects/obj_mac.h
++++ b/crypto/objects/obj_mac.h
+@@ -4063,6 +4063,26 @@
+ #define LN_tls11_aes_256_cbc_hmac_sha1          "tls11-aes-256-cbc-hmac-sha1"
+ #define NID_tls11_aes_256_cbc_hmac_sha1         961
+ 
++#define SN_tls12_des_ede3_cbc_hmac_sha1         "TLS12-DES-EDE3-CBC-HMAC-SHA1"
++#define LN_tls12_des_ede3_cbc_hmac_sha1         "tls12-des-ede3-cbc-hmac-sha1"
++#define NID_tls12_des_ede3_cbc_hmac_sha1                962
++
++#define SN_tls12_aes_128_cbc_hmac_sha1          "TLS12-AES-128-CBC-HMAC-SHA1"
++#define LN_tls12_aes_128_cbc_hmac_sha1          "tls12-aes-128-cbc-hmac-sha1"
++#define NID_tls12_aes_128_cbc_hmac_sha1         963
++
++#define SN_tls12_aes_256_cbc_hmac_sha1          "TLS12-AES-256-CBC-HMAC-SHA1"
++#define LN_tls12_aes_256_cbc_hmac_sha1          "tls12-aes-256-cbc-hmac-sha1"
++#define NID_tls12_aes_256_cbc_hmac_sha1         964
++
++#define SN_tls12_aes_128_cbc_hmac_sha256                "TLS12-AES-128-CBC-HMAC-SHA256"
++#define LN_tls12_aes_128_cbc_hmac_sha256                "tls12-aes-128-cbc-hmac-sha256"
++#define NID_tls12_aes_128_cbc_hmac_sha256               965
++
++#define SN_tls12_aes_256_cbc_hmac_sha256                "TLS12-AES-256-CBC-HMAC-SHA256"
++#define LN_tls12_aes_256_cbc_hmac_sha256                "tls12-aes-256-cbc-hmac-sha256"
++#define NID_tls12_aes_256_cbc_hmac_sha256               966
++
+ #define SN_dhpublicnumber               "dhpublicnumber"
+ #define LN_dhpublicnumber               "X9.42 DH"
+ #define NID_dhpublicnumber              920
+diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
+index 02f1728..401be03 100644
+--- a/crypto/objects/obj_mac.num
++++ b/crypto/objects/obj_mac.num
+@@ -959,3 +959,8 @@ des_ede3_cbc_hmac_sha1		958
+ tls11_des_ede3_cbc_hmac_sha1		959
+ tls11_aes_128_cbc_hmac_sha1		960
+ tls11_aes_256_cbc_hmac_sha1		961
++tls12_des_ede3_cbc_hmac_sha1		962
++tls12_aes_128_cbc_hmac_sha1		963
++tls12_aes_256_cbc_hmac_sha1		964
++tls12_aes_128_cbc_hmac_sha256		965
++tls12_aes_256_cbc_hmac_sha256		966
+diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
+index cda81da..68a8da8 100644
+--- a/crypto/objects/objects.txt
++++ b/crypto/objects/objects.txt
+@@ -1298,6 +1298,11 @@ kisa 1 6                : SEED-OFB      : seed-ofb
+ 			: TLS11-DES-EDE3-CBC-HMAC-SHA1	: tls11-des-ede3-cbc-hmac-sha1
+ 			: TLS11-AES-128-CBC-HMAC-SHA1	: tls11-aes-128-cbc-hmac-sha1
+ 			: TLS11-AES-256-CBC-HMAC-SHA1	: tls11-aes-256-cbc-hmac-sha1
++			: TLS12-DES-EDE3-CBC-HMAC-SHA1	: tls12-des-ede3-cbc-hmac-sha1
++			: TLS12-AES-128-CBC-HMAC-SHA1   : tls12-aes-128-cbc-hmac-sha1
++			: TLS12-AES-256-CBC-HMAC-SHA1	: tls12-aes-256-cbc-hmac-sha1
++			: TLS12-AES-128-CBC-HMAC-SHA256	: tls12-aes-128-cbc-hmac-sha256
++			: TLS12-AES-256-CBC-HMAC-SHA256	: tls12-aes-256-cbc-hmac-sha256
+ 
+ ISO-US 10046 2 1	: dhpublicnumber		: X9.42 DH
+ 
+diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
+index e3d73ac..4698528 100644
+--- a/ssl/ssl_ciph.c
++++ b/ssl/ssl_ciph.c
+@@ -690,6 +690,31 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+                  c->algorithm_mac == SSL_SHA1 &&
+                  (evp = EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
+             *enc = evp, *md = NULL;
++        else if (s->ssl_version == TLS1_2_VERSION &&
++                 c->algorithm_enc == SSL_3DES &&
++                 c->algorithm_mac == SSL_SHA1 &&
++                 (evp=EVP_get_cipherbyname("TLS12-DES-EDE3-CBC-HMAC-SHA1")))
++            *enc = evp, *md = NULL;
++        else if (s->ssl_version == TLS1_2_VERSION &&
++                 c->algorithm_enc == SSL_AES128 &&
++                 c->algorithm_mac == SSL_SHA1 &&
++                 (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA1")))
++            *enc = evp, *md = NULL;
++        else if (s->ssl_version == TLS1_2_VERSION &&
++                 c->algorithm_enc == SSL_AES256 &&
++                 c->algorithm_mac == SSL_SHA1 &&
++                 (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA1")))
++            *enc = evp, *md = NULL;
++        else if (s->ssl_version == TLS1_2_VERSION &&
++                 c->algorithm_enc == SSL_AES128 &&
++                 c->algorithm_mac == SSL_SHA256 &&
++                 (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA256")))
++            *enc = evp, *md = NULL;
++        else if (s->ssl_version == TLS1_2_VERSION &&
++                 c->algorithm_enc == SSL_AES256 &&
++                 c->algorithm_mac == SSL_SHA256 &&
++                 (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA256")))
++            *enc = evp, *md = NULL;
+         return (1);
+     } else
+         return (0);
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch
new file mode 100644
index 0000000..c1f0c9d
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch
@@ -0,0 +1,72 @@
+From 07d8dad75fb1e4c3487ae560ac51e2141aa0e0c1 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at freescale.com>
+Date: Thu, 19 Feb 2015 16:11:53 +0200
+Subject: [PATCH 18/48] cryptodev: drop redundant function
+
+get_dev_crypto already caches the result. Another cache in-between is
+useless.
+
+Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 17 +++--------------
+ 1 file changed, 3 insertions(+), 14 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index e6f9f16..4cffaf1 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -93,7 +93,6 @@ struct dev_crypto_state {
+ 
+ static u_int32_t cryptodev_asymfeat = 0;
+ 
+-static int get_asym_dev_crypto(void);
+ static int open_dev_crypto(void);
+ static int get_dev_crypto(void);
+ static int get_cryptodev_ciphers(const int **cnids);
+@@ -440,16 +439,6 @@ static void put_dev_crypto(int fd)
+ # endif
+ }
+ 
+-/* Caching version for asym operations */
+-static int get_asym_dev_crypto(void)
+-{
+-    static int fd = -1;
+-
+-    if (fd == -1)
+-        fd = get_dev_crypto();
+-    return fd;
+-}
+-
+ /*
+  * Find out what ciphers /dev/crypto will let us have a session for.
+  * XXX note, that some of these openssl doesn't deal with yet!
+@@ -1919,7 +1908,7 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+ {
+     int fd, ret = -1;
+ 
+-    if ((fd = get_asym_dev_crypto()) < 0)
++    if ((fd = get_dev_crypto()) < 0)
+         return (ret);
+ 
+     if (r) {
+@@ -2509,7 +2498,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+     int p_len, q_len;
+     int i;
+ 
+-    if ((fd = get_asym_dev_crypto()) < 0)
++    if ((fd = get_dev_crypto()) < 0)
+         goto sw_try;
+ 
+     if (!rsa->n && ((rsa->n = BN_new()) == NULL))
+@@ -4098,7 +4087,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+     BIGNUM *temp = NULL;
+     unsigned char *padded_pub_key = NULL, *p = NULL;
+ 
+-    if ((fd = get_asym_dev_crypto()) < 0)
++    if ((fd = get_dev_crypto()) < 0)
+         goto sw_try;
+ 
+     memset(&kop, 0, sizeof kop);
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
deleted file mode 100644
index 1118a6f..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
+++ /dev/null
@@ -1,193 +0,0 @@
-From 21e3ca4ec77f9258aa4001f07faac1c4942b48b4 Mon Sep 17 00:00:00 2001
-From: Tudor Ambarus <tudor.ambarus at freescale.com>
-Date: Fri, 9 May 2014 17:54:06 +0300
-Subject: [PATCH 18/26] eng_cryptodev: extend TLS offload with
- 3des_cbc_hmac_sha1
-
-Both obj_mac.h and obj_dat.h were generated using the scripts
-from crypto/objects:
-
-$ cd crypto/objects
-$ perl objects.pl objects.txt obj_mac.num obj_mac.h
-$ perl obj_dat.pl obj_mac.h obj_dat.h
-
-Change-Id: I94f13cdd09df67e33e6acd3c00aab47cb358ac46
-Signed-off-by: Tudor Ambarus <tudor.ambarus at freescale.com>
-Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/34001
----
- crypto/engine/eng_cryptodev.c | 24 ++++++++++++++++++++++++
- crypto/objects/obj_dat.h      | 10 +++++++---
- crypto/objects/obj_mac.h      |  4 ++++
- crypto/objects/obj_mac.num    |  1 +
- crypto/objects/objects.txt    |  1 +
- ssl/ssl_ciph.c                |  4 ++++
- 6 files changed, 41 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 79b2678..299e84b 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -135,6 +135,7 @@ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
- void ENGINE_load_cryptodev(void);
- const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
- 
- inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin,  int *bin_len)
- {
-@@ -252,6 +253,7 @@ static struct {
- 	{ CRYPTO_BLF_CBC,       NID_bf_cbc,       8,  16, 0},
- 	{ CRYPTO_CAST_CBC,      NID_cast5_cbc,    8,  16, 0},
- 	{ CRYPTO_SKIPJACK_CBC,  NID_undef,        0,  0,  0},
-+	{ CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20},
- 	{ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
- 	{ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
- 	{ CRYPTO_AES_GCM,       NID_aes_128_gcm,  16, 16, 0},
-@@ -466,6 +468,9 @@ cryptodev_usable_ciphers(const int **nids)
- 		case NID_aes_256_cbc_hmac_sha1:
- 			EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
- 			break;
-+		case NID_des_ede3_cbc_hmac_sha1:
-+			EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
-+			break;
- 		}
- 	}
- 	return count;
-@@ -571,6 +576,7 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- 	switch (ctx->cipher->nid) {
- 	case NID_aes_128_cbc_hmac_sha1:
- 	case NID_aes_256_cbc_hmac_sha1:
-+	case NID_des_ede3_cbc_hmac_sha1:
- 		cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
- 	}
- 	cryp.ses = sess->ses;
-@@ -763,6 +769,7 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
- 		switch (ctx->cipher->nid) {
- 		case NID_aes_128_cbc_hmac_sha1:
- 		case NID_aes_256_cbc_hmac_sha1:
-+		case NID_des_ede3_cbc_hmac_sha1:
- 			maclen = SHA_DIGEST_LENGTH;
- 		}
- 
-@@ -1082,6 +1089,20 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
- 	NULL
- };
- 
-+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1 = {
-+	NID_des_ede3_cbc_hmac_sha1,
-+	8, 24, 8,
-+	EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+	cryptodev_init_aead_key,
-+	cryptodev_aead_cipher,
-+	cryptodev_cleanup,
-+	sizeof(struct dev_crypto_state),
-+	EVP_CIPHER_set_asn1_iv,
-+	EVP_CIPHER_get_asn1_iv,
-+	cryptodev_cbc_hmac_sha1_ctrl,
-+	NULL
-+};
-+
- const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
- 	NID_aes_128_cbc_hmac_sha1,
- 	16, 16, 16,
-@@ -1163,6 +1184,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- 	case NID_aes_256_cbc:
- 		*cipher = &cryptodev_aes_256_cbc;
- 		break;
-+	case NID_des_ede3_cbc_hmac_sha1:
-+		*cipher = &cryptodev_3des_cbc_hmac_sha1;
-+		break;
- 	case NID_aes_128_cbc_hmac_sha1:
- 		*cipher = &cryptodev_aes_128_cbc_hmac_sha1;
- 		break;
-diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
-index bc69665..9f2267a 100644
---- a/crypto/objects/obj_dat.h
-+++ b/crypto/objects/obj_dat.h
-@@ -62,9 +62,9 @@
-  * [including the GNU Public Licence.]
-  */
- 
--#define NUM_NID 920
--#define NUM_SN 913
--#define NUM_LN 913
-+#define NUM_NID 921
-+#define NUM_SN 914
-+#define NUM_LN 914
- #define NUM_OBJ 857
- 
- static const unsigned char lvalues[5974]={
-@@ -2399,6 +2399,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
- {"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1",
- 	NID_aes_256_cbc_hmac_sha1,0,NULL,0},
- {"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0},
-+{"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
-+	NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
- };
- 
- static const unsigned int sn_objs[NUM_SN]={
-@@ -2474,6 +2476,7 @@ static const unsigned int sn_objs[NUM_SN]={
- 62,	/* "DES-EDE-OFB" */
- 33,	/* "DES-EDE3" */
- 44,	/* "DES-EDE3-CBC" */
-+920,	/* "DES-EDE3-CBC-HMAC-SHA1" */
- 61,	/* "DES-EDE3-CFB" */
- 658,	/* "DES-EDE3-CFB1" */
- 659,	/* "DES-EDE3-CFB8" */
-@@ -3585,6 +3588,7 @@ static const unsigned int ln_objs[NUM_LN]={
- 62,	/* "des-ede-ofb" */
- 33,	/* "des-ede3" */
- 44,	/* "des-ede3-cbc" */
-+920,	/* "des-ede3-cbc-hmac-sha1" */
- 61,	/* "des-ede3-cfb" */
- 658,	/* "des-ede3-cfb1" */
- 659,	/* "des-ede3-cfb8" */
-diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
-index b5ea7cd..8751902 100644
---- a/crypto/objects/obj_mac.h
-+++ b/crypto/objects/obj_mac.h
-@@ -4030,3 +4030,7 @@
- #define LN_aes_256_cbc_hmac_sha1		"aes-256-cbc-hmac-sha1"
- #define NID_aes_256_cbc_hmac_sha1		918
- 
-+#define SN_des_ede3_cbc_hmac_sha1		"DES-EDE3-CBC-HMAC-SHA1"
-+#define LN_des_ede3_cbc_hmac_sha1		"des-ede3-cbc-hmac-sha1"
-+#define NID_des_ede3_cbc_hmac_sha1		920
-+
-diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
-index 1d0a7c8..9d44bb5 100644
---- a/crypto/objects/obj_mac.num
-+++ b/crypto/objects/obj_mac.num
-@@ -917,3 +917,4 @@ aes_128_cbc_hmac_sha1		916
- aes_192_cbc_hmac_sha1		917
- aes_256_cbc_hmac_sha1		918
- rsaesOaep		919
-+des_ede3_cbc_hmac_sha1		920
-diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
-index d3bfad7..90d2fc5 100644
---- a/crypto/objects/objects.txt
-+++ b/crypto/objects/objects.txt
-@@ -1290,3 +1290,4 @@ kisa 1 6                : SEED-OFB      : seed-ofb
- 			: AES-128-CBC-HMAC-SHA1		: aes-128-cbc-hmac-sha1
- 			: AES-192-CBC-HMAC-SHA1		: aes-192-cbc-hmac-sha1
- 			: AES-256-CBC-HMAC-SHA1		: aes-256-cbc-hmac-sha1
-+			: DES-EDE3-CBC-HMAC-SHA1	: des-ede3-cbc-hmac-sha1
-diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index 8188ff5..310fe76 100644
---- a/ssl/ssl_ciph.c
-+++ b/ssl/ssl_ciph.c
-@@ -639,6 +639,10 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
- 			 c->algorithm_mac == SSL_SHA1 &&
- 			 (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
- 			*enc = evp, *md = NULL;
-+		else if (c->algorithm_enc == SSL_3DES &&
-+			 c->algorithm_mac == SSL_SHA1 &&
-+			 (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
-+			*enc = evp, *md = NULL;
- 		return(1);
- 		}
- 	else
--- 
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch
new file mode 100644
index 0000000..248d88e
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch
@@ -0,0 +1,48 @@
+From 1f7ef531a010a3a86c9c16f801044b5f01652eb2 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at freescale.com>
+Date: Tue, 17 Feb 2015 13:12:53 +0200
+Subject: [PATCH 19/48] cryptodev: do not zero the buffer before use
+
+- The buffer is just about to be overwritten. Zeroing it before that has
+  no purpose
+
+Change-Id: I478c31bd2e254561474a7edf5e37980ca04217ce
+Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/34217
+---
+ crypto/engine/eng_cryptodev.c | 14 ++++----------
+ 1 file changed, 4 insertions(+), 10 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 4cffaf1..bbc903b 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1801,21 +1801,15 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+ static int bn2crparam(const BIGNUM *a, struct crparam *crp)
+ {
+     ssize_t bytes, bits;
+-    u_char *b;
+-
+-    crp->crp_p = NULL;
+-    crp->crp_nbits = 0;
+ 
+     bits = BN_num_bits(a);
+     bytes = (bits + 7) / 8;
+ 
+-    b = malloc(bytes);
+-    if (b == NULL)
+-        return (1);
+-    memset(b, 0, bytes);
+-
+-    crp->crp_p = (caddr_t) b;
+     crp->crp_nbits = bits;
++    crp->crp_p = malloc(bytes);
++
++    if (crp->crp_p == NULL)
++        return (1);
+ 
+     BN_bn2bin(a, crp->crp_p);
+     return (0);
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
deleted file mode 100644
index 988d79e..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
+++ /dev/null
@@ -1,355 +0,0 @@
-From 1de2b740a3bdcd8e98abb5f4e176d46fd817b932 Mon Sep 17 00:00:00 2001
-From: Tudor Ambarus <tudor.ambarus at freescale.com>
-Date: Tue, 31 Mar 2015 16:30:17 +0300
-Subject: [PATCH 19/26] eng_cryptodev: add support for TLSv1.1 record offload
-
-Supported cipher suites:
-- 3des-ede-cbc-sha
-- aes-128-cbc-hmac-sha
-- aes-256-cbc-hmac-sha
-
-Requires TLS patches on cryptodev and TLS algorithm support in Linux
-kernel driver.
-
-Signed-off-by: Tudor Ambarus <tudor.ambarus at freescale.com>
-Change-Id: Id414f36a528de3f476b72688cf85714787d7ccae
-Reviewed-on: http://git.am.freescale.net:8181/34002
-Reviewed-by: Cristian Stoica <cristian.stoica at freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 101 ++++++++++++++++++++++++++++++++++++++----
- crypto/objects/obj_dat.h      |  18 ++++++--
- crypto/objects/obj_mac.h      |  12 +++++
- crypto/objects/obj_mac.num    |   3 ++
- crypto/objects/objects.txt    |   3 ++
- ssl/ssl_ciph.c                |  26 +++++++++--
- 6 files changed, 148 insertions(+), 15 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 299e84b..f71ab27 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -66,6 +66,7 @@ ENGINE_load_cryptodev(void)
- #include <sys/ioctl.h>
- #include <errno.h>
- #include <stdio.h>
-+#include <stdbool.h>
- #include <unistd.h>
- #include <fcntl.h>
- #include <stdarg.h>
-@@ -133,9 +134,12 @@ static int cryptodev_dh_compute_key(unsigned char *key,
- static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
-     void (*f)(void));
- void ENGINE_load_cryptodev(void);
-+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
--const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
- 
- inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin,  int *bin_len)
- {
-@@ -256,6 +260,9 @@ static struct {
- 	{ CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20},
- 	{ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
- 	{ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
-+	{ CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8, 24, 20},
-+	{ CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16, 20},
-+	{ CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32, 20},
- 	{ CRYPTO_AES_GCM,       NID_aes_128_gcm,  16, 16, 0},
- 	{ 0, NID_undef,	0, 0, 0},
- };
-@@ -462,14 +469,23 @@ cryptodev_usable_ciphers(const int **nids)
- 	/* add ciphers specific to cryptodev if found in kernel */
- 	for(i = 0; i < count; i++) {
- 		switch (*(*nids + i)) {
-+		case NID_des_ede3_cbc_hmac_sha1:
-+			EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
-+			break;
- 		case NID_aes_128_cbc_hmac_sha1:
- 			EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
- 			break;
- 		case NID_aes_256_cbc_hmac_sha1:
- 			EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
- 			break;
--		case NID_des_ede3_cbc_hmac_sha1:
--			EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
-+		case NID_tls11_des_ede3_cbc_hmac_sha1:
-+			EVP_add_cipher(&cryptodev_tls11_3des_cbc_hmac_sha1);
-+			break;
-+		case NID_tls11_aes_128_cbc_hmac_sha1:
-+			EVP_add_cipher(&cryptodev_tls11_aes_128_cbc_hmac_sha1);
-+			break;
-+		case NID_tls11_aes_256_cbc_hmac_sha1:
-+			EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
- 			break;
- 		}
- 	}
-@@ -574,9 +590,12 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- 
- 	/* TODO: make a seamless integration with cryptodev flags */
- 	switch (ctx->cipher->nid) {
-+	case NID_des_ede3_cbc_hmac_sha1:
- 	case NID_aes_128_cbc_hmac_sha1:
- 	case NID_aes_256_cbc_hmac_sha1:
--	case NID_des_ede3_cbc_hmac_sha1:
-+	case NID_tls11_des_ede3_cbc_hmac_sha1:
-+	case NID_tls11_aes_128_cbc_hmac_sha1:
-+	case NID_tls11_aes_256_cbc_hmac_sha1:
- 		cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
- 	}
- 	cryp.ses = sess->ses;
-@@ -758,8 +777,9 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
- 		struct dev_crypto_state *state = ctx->cipher_data;
- 		unsigned char *p = ptr;
- 		unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
--		unsigned int maclen, padlen;
-+		unsigned int maclen, padlen, len;
- 		unsigned int bs = ctx->cipher->block_size;
-+		bool aad_needs_fix = false;
- 
- 		state->aad = ptr;
- 		state->aad_len = arg;
-@@ -767,10 +787,24 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
- 
- 		/* TODO: this should be an extension of EVP_CIPHER struct */
- 		switch (ctx->cipher->nid) {
-+		case NID_des_ede3_cbc_hmac_sha1:
- 		case NID_aes_128_cbc_hmac_sha1:
- 		case NID_aes_256_cbc_hmac_sha1:
--		case NID_des_ede3_cbc_hmac_sha1:
- 			maclen = SHA_DIGEST_LENGTH;
-+			break;
-+		case NID_tls11_des_ede3_cbc_hmac_sha1:
-+		case NID_tls11_aes_128_cbc_hmac_sha1:
-+		case NID_tls11_aes_256_cbc_hmac_sha1:
-+			maclen = SHA_DIGEST_LENGTH;
-+			aad_needs_fix = true;
-+			break;
-+		}
-+
-+		/* Correct length for AAD Length field */
-+		if (ctx->encrypt && aad_needs_fix) {
-+			len = cryptlen - bs;
-+			p[arg-2] = len >> 8;
-+			p[arg-1] = len & 0xff;
- 		}
- 
- 		/* space required for encryption (not only TLS padding) */
-@@ -1131,6 +1165,48 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
- 	NULL
- };
- 
-+const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1 = {
-+	NID_tls11_des_ede3_cbc_hmac_sha1,
-+	8, 24, 8,
-+	EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+	cryptodev_init_aead_key,
-+	cryptodev_aead_cipher,
-+	cryptodev_cleanup,
-+	sizeof(struct dev_crypto_state),
-+	EVP_CIPHER_set_asn1_iv,
-+	EVP_CIPHER_get_asn1_iv,
-+	cryptodev_cbc_hmac_sha1_ctrl,
-+	NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1 = {
-+	NID_tls11_aes_128_cbc_hmac_sha1,
-+	16, 16, 16,
-+	EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+	cryptodev_init_aead_key,
-+	cryptodev_aead_cipher,
-+	cryptodev_cleanup,
-+	sizeof(struct dev_crypto_state),
-+	EVP_CIPHER_set_asn1_iv,
-+	EVP_CIPHER_get_asn1_iv,
-+	cryptodev_cbc_hmac_sha1_ctrl,
-+	NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
-+	NID_tls11_aes_256_cbc_hmac_sha1,
-+	16, 32, 16,
-+	EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+	cryptodev_init_aead_key,
-+	cryptodev_aead_cipher,
-+	cryptodev_cleanup,
-+	sizeof(struct dev_crypto_state),
-+	EVP_CIPHER_set_asn1_iv,
-+	EVP_CIPHER_get_asn1_iv,
-+	cryptodev_cbc_hmac_sha1_ctrl,
-+	NULL
-+};
-+
- const EVP_CIPHER cryptodev_aes_128_gcm = {
- 	NID_aes_128_gcm,
- 	1, 16, 12,
-@@ -1184,6 +1260,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- 	case NID_aes_256_cbc:
- 		*cipher = &cryptodev_aes_256_cbc;
- 		break;
-+	case NID_aes_128_gcm:
-+		*cipher = &cryptodev_aes_128_gcm;
-+		break;
- 	case NID_des_ede3_cbc_hmac_sha1:
- 		*cipher = &cryptodev_3des_cbc_hmac_sha1;
- 		break;
-@@ -1193,8 +1272,14 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- 	case NID_aes_256_cbc_hmac_sha1:
- 		*cipher = &cryptodev_aes_256_cbc_hmac_sha1;
- 		break;
--	case NID_aes_128_gcm:
--		*cipher = &cryptodev_aes_128_gcm;
-+	case NID_tls11_des_ede3_cbc_hmac_sha1:
-+		*cipher = &cryptodev_tls11_3des_cbc_hmac_sha1;
-+		break;
-+	case NID_tls11_aes_128_cbc_hmac_sha1:
-+		*cipher = &cryptodev_tls11_aes_128_cbc_hmac_sha1;
-+		break;
-+	case NID_tls11_aes_256_cbc_hmac_sha1:
-+		*cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1;
- 		break;
- 	default:
- 		*cipher = NULL;
-diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
-index 9f2267a..dc89b0a 100644
---- a/crypto/objects/obj_dat.h
-+++ b/crypto/objects/obj_dat.h
-@@ -62,9 +62,9 @@
-  * [including the GNU Public Licence.]
-  */
- 
--#define NUM_NID 921
--#define NUM_SN 914
--#define NUM_LN 914
-+#define NUM_NID 924
-+#define NUM_SN 917
-+#define NUM_LN 917
- #define NUM_OBJ 857
- 
- static const unsigned char lvalues[5974]={
-@@ -2401,6 +2401,12 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
- {"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0},
- {"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
- 	NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
-+{"TLS11-DES-EDE3-CBC-HMAC-SHA1","tls11-des-ede3-cbc-hmac-sha1",
-+	NID_tls11_des_ede3_cbc_hmac_sha1,0,NULL,0},
-+{"TLS11-AES-128-CBC-HMAC-SHA1","tls11-aes-128-cbc-hmac-sha1",
-+	NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
-+{"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
-+	NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
- };
- 
- static const unsigned int sn_objs[NUM_SN]={
-@@ -2586,6 +2592,9 @@ static const unsigned int sn_objs[NUM_SN]={
- 100,	/* "SN" */
- 16,	/* "ST" */
- 143,	/* "SXNetID" */
-+922,	/* "TLS11-AES-128-CBC-HMAC-SHA1" */
-+923,	/* "TLS11-AES-256-CBC-HMAC-SHA1" */
-+921,	/* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
- 458,	/* "UID" */
-  0,	/* "UNDEF" */
- 11,	/* "X500" */
-@@ -4205,6 +4214,9 @@ static const unsigned int ln_objs[NUM_LN]={
- 459,	/* "textEncodedORAddress" */
- 293,	/* "textNotice" */
- 106,	/* "title" */
-+922,	/* "tls11-aes-128-cbc-hmac-sha1" */
-+923,	/* "tls11-aes-256-cbc-hmac-sha1" */
-+921,	/* "tls11-des-ede3-cbc-hmac-sha1" */
- 682,	/* "tpBasis" */
- 436,	/* "ucl" */
-  0,	/* "undefined" */
-diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
-index 8751902..f181890 100644
---- a/crypto/objects/obj_mac.h
-+++ b/crypto/objects/obj_mac.h
-@@ -4034,3 +4034,15 @@
- #define LN_des_ede3_cbc_hmac_sha1		"des-ede3-cbc-hmac-sha1"
- #define NID_des_ede3_cbc_hmac_sha1		920
- 
-+#define SN_tls11_des_ede3_cbc_hmac_sha1		"TLS11-DES-EDE3-CBC-HMAC-SHA1"
-+#define LN_tls11_des_ede3_cbc_hmac_sha1		"tls11-des-ede3-cbc-hmac-sha1"
-+#define NID_tls11_des_ede3_cbc_hmac_sha1		921
-+
-+#define SN_tls11_aes_128_cbc_hmac_sha1		"TLS11-AES-128-CBC-HMAC-SHA1"
-+#define LN_tls11_aes_128_cbc_hmac_sha1		"tls11-aes-128-cbc-hmac-sha1"
-+#define NID_tls11_aes_128_cbc_hmac_sha1		922
-+
-+#define SN_tls11_aes_256_cbc_hmac_sha1		"TLS11-AES-256-CBC-HMAC-SHA1"
-+#define LN_tls11_aes_256_cbc_hmac_sha1		"tls11-aes-256-cbc-hmac-sha1"
-+#define NID_tls11_aes_256_cbc_hmac_sha1		923
-+
-diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
-index 9d44bb5..a02b58c 100644
---- a/crypto/objects/obj_mac.num
-+++ b/crypto/objects/obj_mac.num
-@@ -918,3 +918,6 @@ aes_192_cbc_hmac_sha1		917
- aes_256_cbc_hmac_sha1		918
- rsaesOaep		919
- des_ede3_cbc_hmac_sha1		920
-+tls11_des_ede3_cbc_hmac_sha1		921
-+tls11_aes_128_cbc_hmac_sha1		922
-+tls11_aes_256_cbc_hmac_sha1		923
-diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
-index 90d2fc5..1973658 100644
---- a/crypto/objects/objects.txt
-+++ b/crypto/objects/objects.txt
-@@ -1291,3 +1291,6 @@ kisa 1 6                : SEED-OFB      : seed-ofb
- 			: AES-192-CBC-HMAC-SHA1		: aes-192-cbc-hmac-sha1
- 			: AES-256-CBC-HMAC-SHA1		: aes-256-cbc-hmac-sha1
- 			: DES-EDE3-CBC-HMAC-SHA1	: des-ede3-cbc-hmac-sha1
-+			: TLS11-DES-EDE3-CBC-HMAC-SHA1	: tls11-des-ede3-cbc-hmac-sha1
-+			: TLS11-AES-128-CBC-HMAC-SHA1	: tls11-aes-128-cbc-hmac-sha1
-+			: TLS11-AES-256-CBC-HMAC-SHA1	: tls11-aes-256-cbc-hmac-sha1
-diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index 310fe76..0408986 100644
---- a/ssl/ssl_ciph.c
-+++ b/ssl/ssl_ciph.c
-@@ -631,17 +631,35 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
- 			 c->algorithm_mac == SSL_MD5 &&
- 			 (evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
- 			*enc = evp, *md = NULL;
--		else if (c->algorithm_enc == SSL_AES128 &&
-+		else if (s->ssl_version == TLS1_VERSION &&
-+			 c->algorithm_enc == SSL_3DES &&
-+			 c->algorithm_mac == SSL_SHA1 &&
-+			 (evp=EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
-+			*enc = evp, *md = NULL;
-+		else if (s->ssl_version == TLS1_VERSION &&
-+			 c->algorithm_enc == SSL_AES128 &&
- 			 c->algorithm_mac == SSL_SHA1 &&
- 			 (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
- 			*enc = evp, *md = NULL;
--		else if (c->algorithm_enc == SSL_AES256 &&
-+		else if (s->ssl_version == TLS1_VERSION &&
-+			 c->algorithm_enc == SSL_AES256 &&
- 			 c->algorithm_mac == SSL_SHA1 &&
- 			 (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
- 			*enc = evp, *md = NULL;
--		else if (c->algorithm_enc == SSL_3DES &&
-+		else if (s->ssl_version == TLS1_1_VERSION &&
-+			 c->algorithm_enc == SSL_3DES &&
-+			 c->algorithm_mac == SSL_SHA1 &&
-+			 (evp=EVP_get_cipherbyname("TLS11-DES-EDE3-CBC-HMAC-SHA1")))
-+			*enc = evp, *md = NULL;
-+		else if (s->ssl_version == TLS1_1_VERSION &&
-+			 c->algorithm_enc == SSL_AES128 &&
-+			 c->algorithm_mac == SSL_SHA1 &&
-+			 (evp=EVP_get_cipherbyname("TLS11-AES-128-CBC-HMAC-SHA1")))
-+			*enc = evp, *md = NULL;
-+		else if (s->ssl_version == TLS1_1_VERSION &&
-+			 c->algorithm_enc == SSL_AES256 &&
- 			 c->algorithm_mac == SSL_SHA1 &&
--			 (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
-+			 (evp=EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
- 			*enc = evp, *md = NULL;
- 		return(1);
- 		}
--- 
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch
new file mode 100644
index 0000000..c600bda
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch
@@ -0,0 +1,73 @@
+From 453c617b10fb2c4e748b5799ab4b00c184470c60 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at freescale.com>
+Date: Wed, 18 Feb 2015 10:39:46 +0200
+Subject: [PATCH 20/48] cryptodev: clean-up code layout
+
+This is just a refactoring that uses else branch to check for malloc failures
+
+Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 45 ++++++++++++++++++++-----------------------
+ 1 file changed, 21 insertions(+), 24 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index bbc903b..14dcddf 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1865,32 +1865,29 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+     fd = *(int *)cookie->eng_handle;
+ 
+     eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
+-
+-    if (eng_cookie) {
+-        memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
+-        if (r) {
+-            kop->crk_param[kop->crk_iparams].crp_p =
+-                calloc(rlen, sizeof(char));
+-            if (!kop->crk_param[kop->crk_iparams].crp_p)
+-                return -ENOMEM;
+-            kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
+-            kop->crk_oparams++;
+-            eng_cookie->r = r;
+-            eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
+-        }
+-        if (s) {
+-            kop->crk_param[kop->crk_iparams + 1].crp_p =
+-                calloc(slen, sizeof(char));
+-            if (!kop->crk_param[kop->crk_iparams + 1].crp_p)
+-                return -ENOMEM;
+-            kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
+-            kop->crk_oparams++;
+-            eng_cookie->s = s;
+-            eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
+-        }
+-    } else
++    if (!eng_cookie)
+         return -ENOMEM;
+ 
++    memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
++    if (r) {
++        kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
++        if (!kop->crk_param[kop->crk_iparams].crp_p)
++            return -ENOMEM;
++        kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
++        kop->crk_oparams++;
++        eng_cookie->r = r;
++        eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
++    }
++    if (s) {
++        kop->crk_param[kop->crk_iparams + 1].crp_p =
++            calloc(slen, sizeof(char));
++        if (!kop->crk_param[kop->crk_iparams + 1].crp_p)
++            return -ENOMEM;
++        kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
++        kop->crk_oparams++;
++        eng_cookie->s = s;
++        eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
++    }
+     eng_cookie->kop = kop;
+     cookie->eng_cookie = eng_cookie;
+     return ioctl(fd, CIOCASYMASYNCRYPT, kop);
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
deleted file mode 100644
index 7370c49..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
+++ /dev/null
@@ -1,359 +0,0 @@
-From a58703e6601fcfcfe69fdb3e7152ed76b40d67e9 Mon Sep 17 00:00:00 2001
-From: Tudor Ambarus <tudor.ambarus at freescale.com>
-Date: Tue, 31 Mar 2015 16:32:35 +0300
-Subject: [PATCH 20/26] eng_cryptodev: add support for TLSv1.2 record offload
-
-Supported cipher suites:
-- 3des-ede-cbc-sha
-- aes-128-cbc-hmac-sha
-- aes-256-cbc-hmac-sha
-- aes-128-cbc-hmac-sha256
-- aes-256-cbc-hmac-sha256
-
-Requires TLS patches on cryptodev and TLS algorithm support in Linux
-kernel driver.
-
-Signed-off-by: Tudor Ambarus <tudor.ambarus at freescale.com>
-Change-Id: I0ac6953dd62e2655a59d8f3eaefd012b7ecebf55
-Reviewed-on: http://git.am.freescale.net:8181/34003
-Reviewed-by: Cristian Stoica <cristian.stoica at freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica at freescale.com>
----
- crypto/engine/eng_cryptodev.c | 123 ++++++++++++++++++++++++++++++++++++++++++
- crypto/objects/obj_dat.h      |  26 +++++++--
- crypto/objects/obj_mac.h      |  20 +++++++
- crypto/objects/obj_mac.num    |   5 ++
- crypto/objects/objects.txt    |   5 ++
- ssl/ssl_ciph.c                |  25 +++++++++
- 6 files changed, 201 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index f71ab27..fa5fe1b 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -140,6 +140,11 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256;
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256;
- 
- inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin,  int *bin_len)
- {
-@@ -263,6 +268,11 @@ static struct {
- 	{ CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8, 24, 20},
- 	{ CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16, 20},
- 	{ CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32, 20},
-+	{ CRYPTO_TLS12_3DES_CBC_HMAC_SHA1, NID_tls12_des_ede3_cbc_hmac_sha1, 8, 24, 20},
-+	{ CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_128_cbc_hmac_sha1, 16, 16, 20},
-+	{ CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_256_cbc_hmac_sha1, 16, 32, 20},
-+	{ CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_128_cbc_hmac_sha256, 16, 16, 32},
-+	{ CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_256_cbc_hmac_sha256, 16, 32, 32},
- 	{ CRYPTO_AES_GCM,       NID_aes_128_gcm,  16, 16, 0},
- 	{ 0, NID_undef,	0, 0, 0},
- };
-@@ -487,6 +497,21 @@ cryptodev_usable_ciphers(const int **nids)
- 		case NID_tls11_aes_256_cbc_hmac_sha1:
- 			EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
- 			break;
-+		case NID_tls12_des_ede3_cbc_hmac_sha1:
-+			EVP_add_cipher(&cryptodev_tls12_3des_cbc_hmac_sha1);
-+			break;
-+		case NID_tls12_aes_128_cbc_hmac_sha1:
-+			EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha1);
-+			break;
-+		case NID_tls12_aes_256_cbc_hmac_sha1:
-+			EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha1);
-+			break;
-+		case NID_tls12_aes_128_cbc_hmac_sha256:
-+			EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha256);
-+			break;
-+		case NID_tls12_aes_256_cbc_hmac_sha256:
-+			EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha256);
-+			break;
- 		}
- 	}
- 	return count;
-@@ -596,6 +621,11 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- 	case NID_tls11_des_ede3_cbc_hmac_sha1:
- 	case NID_tls11_aes_128_cbc_hmac_sha1:
- 	case NID_tls11_aes_256_cbc_hmac_sha1:
-+	case NID_tls12_des_ede3_cbc_hmac_sha1:
-+	case NID_tls12_aes_128_cbc_hmac_sha1:
-+	case NID_tls12_aes_256_cbc_hmac_sha1:
-+	case NID_tls12_aes_128_cbc_hmac_sha256:
-+	case NID_tls12_aes_256_cbc_hmac_sha256:
- 		cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
- 	}
- 	cryp.ses = sess->ses;
-@@ -795,9 +825,17 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
- 		case NID_tls11_des_ede3_cbc_hmac_sha1:
- 		case NID_tls11_aes_128_cbc_hmac_sha1:
- 		case NID_tls11_aes_256_cbc_hmac_sha1:
-+		case NID_tls12_des_ede3_cbc_hmac_sha1:
-+		case NID_tls12_aes_128_cbc_hmac_sha1:
-+		case NID_tls12_aes_256_cbc_hmac_sha1:
- 			maclen = SHA_DIGEST_LENGTH;
- 			aad_needs_fix = true;
- 			break;
-+		case NID_tls12_aes_128_cbc_hmac_sha256:
-+		case NID_tls12_aes_256_cbc_hmac_sha256:
-+			maclen = SHA256_DIGEST_LENGTH;
-+			aad_needs_fix = true;
-+			break;
- 		}
- 
- 		/* Correct length for AAD Length field */
-@@ -1207,6 +1245,76 @@ const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
- 	NULL
- };
- 
-+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1 = {
-+	NID_tls12_des_ede3_cbc_hmac_sha1,
-+	8, 24, 8,
-+	EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+	cryptodev_init_aead_key,
-+	cryptodev_aead_cipher,
-+	cryptodev_cleanup,
-+	sizeof(struct dev_crypto_state),
-+	EVP_CIPHER_set_asn1_iv,
-+	EVP_CIPHER_get_asn1_iv,
-+	cryptodev_cbc_hmac_sha1_ctrl,
-+	NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1 = {
-+	NID_tls12_aes_128_cbc_hmac_sha1,
-+	16, 16, 16,
-+	EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+	cryptodev_init_aead_key,
-+	cryptodev_aead_cipher,
-+	cryptodev_cleanup,
-+	sizeof(struct dev_crypto_state),
-+	EVP_CIPHER_set_asn1_iv,
-+	EVP_CIPHER_get_asn1_iv,
-+	cryptodev_cbc_hmac_sha1_ctrl,
-+	NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1 = {
-+	NID_tls12_aes_256_cbc_hmac_sha1,
-+	16, 32, 16,
-+	EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+	cryptodev_init_aead_key,
-+	cryptodev_aead_cipher,
-+	cryptodev_cleanup,
-+	sizeof(struct dev_crypto_state),
-+	EVP_CIPHER_set_asn1_iv,
-+	EVP_CIPHER_get_asn1_iv,
-+	cryptodev_cbc_hmac_sha1_ctrl,
-+	NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256 = {
-+	NID_tls12_aes_128_cbc_hmac_sha256,
-+	16, 16, 16,
-+	EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+	cryptodev_init_aead_key,
-+	cryptodev_aead_cipher,
-+	cryptodev_cleanup,
-+	sizeof(struct dev_crypto_state),
-+	EVP_CIPHER_set_asn1_iv,
-+	EVP_CIPHER_get_asn1_iv,
-+	cryptodev_cbc_hmac_sha1_ctrl,
-+	NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256 = {
-+	NID_tls12_aes_256_cbc_hmac_sha256,
-+	16, 32, 16,
-+	EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+	cryptodev_init_aead_key,
-+	cryptodev_aead_cipher,
-+	cryptodev_cleanup,
-+	sizeof(struct dev_crypto_state),
-+	EVP_CIPHER_set_asn1_iv,
-+	EVP_CIPHER_get_asn1_iv,
-+	cryptodev_cbc_hmac_sha1_ctrl,
-+	NULL
-+};
-+
- const EVP_CIPHER cryptodev_aes_128_gcm = {
- 	NID_aes_128_gcm,
- 	1, 16, 12,
-@@ -1281,6 +1389,21 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- 	case NID_tls11_aes_256_cbc_hmac_sha1:
- 		*cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1;
- 		break;
-+	case NID_tls12_des_ede3_cbc_hmac_sha1:
-+		*cipher = &cryptodev_tls12_3des_cbc_hmac_sha1;
-+		break;
-+	case NID_tls12_aes_128_cbc_hmac_sha1:
-+		*cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha1;
-+		break;
-+	case NID_tls12_aes_256_cbc_hmac_sha1:
-+		*cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha1;
-+		break;
-+	case NID_tls12_aes_128_cbc_hmac_sha256:
-+		*cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha256;
-+		break;
-+	case NID_tls12_aes_256_cbc_hmac_sha256:
-+		*cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha256;
-+		break;
- 	default:
- 		*cipher = NULL;
- 		break;
-diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
-index dc89b0a..dfe19da 100644
---- a/crypto/objects/obj_dat.h
-+++ b/crypto/objects/obj_dat.h
-@@ -62,9 +62,9 @@
-  * [including the GNU Public Licence.]
-  */
- 
--#define NUM_NID 924
--#define NUM_SN 917
--#define NUM_LN 917
-+#define NUM_NID 929
-+#define NUM_SN 922
-+#define NUM_LN 922
- #define NUM_OBJ 857
- 
- static const unsigned char lvalues[5974]={
-@@ -2407,6 +2407,16 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
- 	NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
- {"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
- 	NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-DES-EDE3-CBC-HMAC-SHA1","tls12-des-ede3-cbc-hmac-sha1",
-+	NID_tls12_des_ede3_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-AES-128-CBC-HMAC-SHA1","tls12-aes-128-cbc-hmac-sha1",
-+	NID_tls12_aes_128_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-AES-256-CBC-HMAC-SHA1","tls12-aes-256-cbc-hmac-sha1",
-+	NID_tls12_aes_256_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-AES-128-CBC-HMAC-SHA256","tls12-aes-128-cbc-hmac-sha256",
-+	NID_tls12_aes_128_cbc_hmac_sha256,0,NULL,0},
-+{"TLS12-AES-256-CBC-HMAC-SHA256","tls12-aes-256-cbc-hmac-sha256",
-+	NID_tls12_aes_256_cbc_hmac_sha256,0,NULL,0},
- };
- 
- static const unsigned int sn_objs[NUM_SN]={
-@@ -2595,6 +2605,11 @@ static const unsigned int sn_objs[NUM_SN]={
- 922,	/* "TLS11-AES-128-CBC-HMAC-SHA1" */
- 923,	/* "TLS11-AES-256-CBC-HMAC-SHA1" */
- 921,	/* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
-+925,	/* "TLS12-AES-128-CBC-HMAC-SHA1" */
-+927,	/* "TLS12-AES-128-CBC-HMAC-SHA256" */
-+926,	/* "TLS12-AES-256-CBC-HMAC-SHA1" */
-+928,	/* "TLS12-AES-256-CBC-HMAC-SHA256" */
-+924,	/* "TLS12-DES-EDE3-CBC-HMAC-SHA1" */
- 458,	/* "UID" */
-  0,	/* "UNDEF" */
- 11,	/* "X500" */
-@@ -4217,6 +4232,11 @@ static const unsigned int ln_objs[NUM_LN]={
- 922,	/* "tls11-aes-128-cbc-hmac-sha1" */
- 923,	/* "tls11-aes-256-cbc-hmac-sha1" */
- 921,	/* "tls11-des-ede3-cbc-hmac-sha1" */
-+925,	/* "tls12-aes-128-cbc-hmac-sha1" */
-+927,	/* "tls12-aes-128-cbc-hmac-sha256" */
-+926,	/* "tls12-aes-256-cbc-hmac-sha1" */
-+928,	/* "tls12-aes-256-cbc-hmac-sha256" */
-+924,	/* "tls12-des-ede3-cbc-hmac-sha1" */
- 682,	/* "tpBasis" */
- 436,	/* "ucl" */
-  0,	/* "undefined" */
-diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
-index f181890..5af125e 100644
---- a/crypto/objects/obj_mac.h
-+++ b/crypto/objects/obj_mac.h
-@@ -4046,3 +4046,23 @@
- #define LN_tls11_aes_256_cbc_hmac_sha1		"tls11-aes-256-cbc-hmac-sha1"
- #define NID_tls11_aes_256_cbc_hmac_sha1		923
- 
-+#define SN_tls12_des_ede3_cbc_hmac_sha1		"TLS12-DES-EDE3-CBC-HMAC-SHA1"
-+#define LN_tls12_des_ede3_cbc_hmac_sha1		"tls12-des-ede3-cbc-hmac-sha1"
-+#define NID_tls12_des_ede3_cbc_hmac_sha1		924
-+
-+#define SN_tls12_aes_128_cbc_hmac_sha1		"TLS12-AES-128-CBC-HMAC-SHA1"
-+#define LN_tls12_aes_128_cbc_hmac_sha1		"tls12-aes-128-cbc-hmac-sha1"
-+#define NID_tls12_aes_128_cbc_hmac_sha1		925
-+
-+#define SN_tls12_aes_256_cbc_hmac_sha1		"TLS12-AES-256-CBC-HMAC-SHA1"
-+#define LN_tls12_aes_256_cbc_hmac_sha1		"tls12-aes-256-cbc-hmac-sha1"
-+#define NID_tls12_aes_256_cbc_hmac_sha1		926
-+
-+#define SN_tls12_aes_128_cbc_hmac_sha256		"TLS12-AES-128-CBC-HMAC-SHA256"
-+#define LN_tls12_aes_128_cbc_hmac_sha256		"tls12-aes-128-cbc-hmac-sha256"
-+#define NID_tls12_aes_128_cbc_hmac_sha256		927
-+
-+#define SN_tls12_aes_256_cbc_hmac_sha256		"TLS12-AES-256-CBC-HMAC-SHA256"
-+#define LN_tls12_aes_256_cbc_hmac_sha256		"tls12-aes-256-cbc-hmac-sha256"
-+#define NID_tls12_aes_256_cbc_hmac_sha256		928
-+
-diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
-index a02b58c..deeba3a 100644
---- a/crypto/objects/obj_mac.num
-+++ b/crypto/objects/obj_mac.num
-@@ -921,3 +921,8 @@ des_ede3_cbc_hmac_sha1		920
- tls11_des_ede3_cbc_hmac_sha1		921
- tls11_aes_128_cbc_hmac_sha1		922
- tls11_aes_256_cbc_hmac_sha1		923
-+tls12_des_ede3_cbc_hmac_sha1		924
-+tls12_aes_128_cbc_hmac_sha1		925
-+tls12_aes_256_cbc_hmac_sha1		926
-+tls12_aes_128_cbc_hmac_sha256		927
-+tls12_aes_256_cbc_hmac_sha256		928
-diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
-index 1973658..6e4ac93 100644
---- a/crypto/objects/objects.txt
-+++ b/crypto/objects/objects.txt
-@@ -1294,3 +1294,8 @@ kisa 1 6                : SEED-OFB      : seed-ofb
- 			: TLS11-DES-EDE3-CBC-HMAC-SHA1	: tls11-des-ede3-cbc-hmac-sha1
- 			: TLS11-AES-128-CBC-HMAC-SHA1	: tls11-aes-128-cbc-hmac-sha1
- 			: TLS11-AES-256-CBC-HMAC-SHA1	: tls11-aes-256-cbc-hmac-sha1
-+			: TLS12-DES-EDE3-CBC-HMAC-SHA1	: tls12-des-ede3-cbc-hmac-sha1
-+			: TLS12-AES-128-CBC-HMAC-SHA1   : tls12-aes-128-cbc-hmac-sha1
-+			: TLS12-AES-256-CBC-HMAC-SHA1	: tls12-aes-256-cbc-hmac-sha1
-+			: TLS12-AES-128-CBC-HMAC-SHA256	: tls12-aes-128-cbc-hmac-sha256
-+			: TLS12-AES-256-CBC-HMAC-SHA256	: tls12-aes-256-cbc-hmac-sha256
-diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index 0408986..77a82f6 100644
---- a/ssl/ssl_ciph.c
-+++ b/ssl/ssl_ciph.c
-@@ -661,6 +661,31 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
- 			 c->algorithm_mac == SSL_SHA1 &&
- 			 (evp=EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
- 			*enc = evp, *md = NULL;
-+		else if (s->ssl_version == TLS1_2_VERSION &&
-+			 c->algorithm_enc == SSL_3DES &&
-+			 c->algorithm_mac == SSL_SHA1 &&
-+			 (evp=EVP_get_cipherbyname("TLS12-DES-EDE3-CBC-HMAC-SHA1")))
-+			*enc = evp, *md = NULL;
-+		else if (s->ssl_version == TLS1_2_VERSION &&
-+			 c->algorithm_enc == SSL_AES128 &&
-+			 c->algorithm_mac == SSL_SHA1 &&
-+			 (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA1")))
-+			*enc = evp, *md = NULL;
-+		else if (s->ssl_version == TLS1_2_VERSION &&
-+			 c->algorithm_enc == SSL_AES256 &&
-+			 c->algorithm_mac == SSL_SHA1 &&
-+			 (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA1")))
-+			*enc = evp, *md = NULL;
-+		else if (s->ssl_version == TLS1_2_VERSION &&
-+			 c->algorithm_enc == SSL_AES128 &&
-+			 c->algorithm_mac == SSL_SHA256 &&
-+			 (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA256")))
-+			*enc = evp, *md = NULL;
-+		else if (s->ssl_version == TLS1_2_VERSION &&
-+			 c->algorithm_enc == SSL_AES256 &&
-+			 c->algorithm_mac == SSL_SHA256 &&
-+			 (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA256")))
-+			*enc = evp, *md = NULL;
- 		return(1);
- 		}
- 	else
--- 
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch
new file mode 100644
index 0000000..9c6e503
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch
@@ -0,0 +1,93 @@
+From d9395f7d876f7dfaaae25867c88d1e1f684589de Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at freescale.com>
+Date: Thu, 19 Feb 2015 16:43:29 +0200
+Subject: [PATCH 21/48] cryptodev: do not cache file descriptor in 'open'
+
+The file descriptor returned by get_dev_crypto is cached after a
+successful return. The issue is, it is cached inside 'open_dev_crypto'
+which is no longer useful as a general purpose open("/dev/crypto")
+function.
+
+This patch is a refactoring that moves the caching operation from
+open_dev_crypto to get_dev_crypto and leaves the former as a simpler
+function true to its name
+
+Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 43 +++++++++++++++++++++----------------------
+ 1 file changed, 21 insertions(+), 22 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 14dcddf..75fca7f 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -391,45 +391,44 @@ static void ctr64_inc(unsigned char *counter)
+     } while (n);
+ }
+ 
+-/*
+- * Return a fd if /dev/crypto seems usable, 0 otherwise.
+- */
+ static int open_dev_crypto(void)
+ {
+-    static int fd = -1;
++    int fd;
+ 
+-    if (fd == -1) {
+-        if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
+-            return (-1);
+-        /* close on exec */
+-        if (fcntl(fd, F_SETFD, 1) == -1) {
+-            close(fd);
+-            fd = -1;
+-            return (-1);
+-        }
++    fd = open("/dev/crypto", O_RDWR, 0);
++    if (fd < 0)
++        return -1;
++
++    /* close on exec */
++    if (fcntl(fd, F_SETFD, 1) == -1) {
++        close(fd);
++        return -1;
+     }
+-    return (fd);
++
++    return fd;
+ }
+ 
+ static int get_dev_crypto(void)
+ {
+-    int fd, retfd;
++    static int fd = -1;
++    int retfd;
+ 
+-    if ((fd = open_dev_crypto()) == -1)
+-        return (-1);
+-# ifndef CRIOGET_NOT_NEEDED
++    if (fd == -1)
++        fd = open_dev_crypto();
++# ifdef CRIOGET_NOT_NEEDED
++    return fd;
++# else
++    if (fd == -1)
++        return -1;
+     if (ioctl(fd, CRIOGET, &retfd) == -1)
+         return (-1);
+-
+     /* close on exec */
+     if (fcntl(retfd, F_SETFD, 1) == -1) {
+         close(retfd);
+         return (-1);
+     }
+-# else
+-    retfd = fd;
++    return retfd;
+ # endif
+-    return (retfd);
+ }
+ 
+ static void put_dev_crypto(int fd)
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-drop-redundant-function.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-drop-redundant-function.patch
deleted file mode 100644
index 16cc688..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-drop-redundant-function.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From ea4abc255c6c5feec01cb1e30c6082cfe47860e2 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at freescale.com>
-Date: Thu, 19 Feb 2015 16:11:53 +0200
-Subject: [PATCH 21/26] cryptodev: drop redundant function
-
-get_dev_crypto already caches the result. Another cache in-between is
-useless.
-
-Change-Id: Ibd162529d3fb7a561a17f1a707d5d287c1586a3a
-Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/34216
----
- crypto/engine/eng_cryptodev.c | 18 +++---------------
- 1 file changed, 3 insertions(+), 15 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index fa5fe1b..1ab5551 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -96,7 +96,6 @@ struct dev_crypto_state {
- 
- static u_int32_t cryptodev_asymfeat = 0;
- 
--static int get_asym_dev_crypto(void);
- static int open_dev_crypto(void);
- static int get_dev_crypto(void);
- static int get_cryptodev_ciphers(const int **cnids);
-@@ -357,17 +356,6 @@ static void put_dev_crypto(int fd)
- #endif
- }
- 
--/* Caching version for asym operations */
--static int
--get_asym_dev_crypto(void)
--{
--	static int fd = -1;
--
--	if (fd == -1)
--		fd = get_dev_crypto();
--	return fd;
--}
--
- /*
-  * Find out what ciphers /dev/crypto will let us have a session for.
-  * XXX note, that some of these openssl doesn't deal with yet!
-@@ -1796,7 +1784,7 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
- {
- 	int fd, ret = -1;
- 
--	if ((fd = get_asym_dev_crypto()) < 0)
-+	if ((fd = get_dev_crypto()) < 0)
- 		return (ret);
- 
- 	if (r) {
-@@ -2374,7 +2362,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
- 	int p_len, q_len;
- 	int i;
- 
--	if ((fd = get_asym_dev_crypto()) < 0)
-+	if ((fd = get_dev_crypto()) < 0)
- 		goto sw_try;
- 
- 	if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
-@@ -3928,7 +3916,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- 	BIGNUM *temp = NULL;
- 	unsigned char *padded_pub_key = NULL, *p = NULL;
- 
--	if ((fd = get_asym_dev_crypto()) < 0)
-+	if ((fd = get_dev_crypto()) < 0)
- 		goto sw_try;
- 
- 	memset(&kop, 0, sizeof kop);
--- 
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-do-not-zero-the-buffer-before-use.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-do-not-zero-the-buffer-before-use.patch
deleted file mode 100644
index 0b2f0f1..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-do-not-zero-the-buffer-before-use.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 75e3e7d600eb72e7374b1ecf5ece7b831bc98ed8 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at freescale.com>
-Date: Tue, 17 Feb 2015 13:12:53 +0200
-Subject: [PATCH 22/26] cryptodev: do not zero the buffer before use
-
-- The buffer is just about to be overwritten. Zeroing it before that has
-  no purpose
-
-Change-Id: I478c31bd2e254561474a7edf5e37980ca04217ce
-Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/34217
----
- crypto/engine/eng_cryptodev.c | 13 ++++---------
- 1 file changed, 4 insertions(+), 9 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 1ab5551..dbc5989 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1681,21 +1681,16 @@ static int
- bn2crparam(const BIGNUM *a, struct crparam *crp)
- {
- 	ssize_t bytes, bits;
--	u_char *b;
--
--	crp->crp_p = NULL;
--	crp->crp_nbits = 0;
- 
- 	bits = BN_num_bits(a);
- 	bytes = (bits + 7) / 8;
- 
--	b = malloc(bytes);
--	if (b == NULL)
-+	crp->crp_nbits = bits;
-+	crp->crp_p = malloc(bytes);
-+
-+	if (crp->crp_p == NULL)
- 		return (1);
--	memset(b, 0, bytes);
- 
--	crp->crp_p = (caddr_t) b;
--	crp->crp_nbits = bits;
- 	BN_bn2bin(a, crp->crp_p);
- 	return (0);
- }
--- 
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-put_dev_crypto-should-be-an-int.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch
similarity index 70%
rename from recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-put_dev_crypto-should-be-an-int.patch
rename to recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch
index a48dc6a..121123d 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-put_dev_crypto-should-be-an-int.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch
@@ -1,7 +1,7 @@
-From 84a8007b6e92fe4c2696cc9e330207ee03303a20 Mon Sep 17 00:00:00 2001
+From 79d6976e2ad2e5ac31374bc24ee29ae53f55c0e1 Mon Sep 17 00:00:00 2001
 From: Cristian Stoica <cristian.stoica at freescale.com>
 Date: Thu, 19 Feb 2015 13:09:32 +0200
-Subject: [PATCH 25/26] cryptodev: put_dev_crypto should be an int
+Subject: [PATCH 22/48] cryptodev: put_dev_crypto should be an int
 
 Change-Id: Ie0a83bc07a37132286c098b17ef35d98de74b043
 Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
@@ -11,25 +11,25 @@ Reviewed-on: http://git.am.freescale.net:8181/34220
  1 file changed, 5 insertions(+), 3 deletions(-)
 
 diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index b74fc7c..c9db27d 100644
+index 75fca7f..b162646 100644
 --- a/crypto/engine/eng_cryptodev.c
 +++ b/crypto/engine/eng_cryptodev.c
-@@ -347,10 +347,12 @@ static int get_dev_crypto(void)
- #endif
+@@ -431,10 +431,12 @@ static int get_dev_crypto(void)
+ # endif
  }
  
 -static void put_dev_crypto(int fd)
 +static int put_dev_crypto(int fd)
  {
--#ifndef CRIOGET_NOT_NEEDED
--	close(fd);
+-# ifndef CRIOGET_NOT_NEEDED
+-    close(fd);
 +#ifdef CRIOGET_NOT_NEEDED
 +	return 0;
 +#else
 +	return close(fd);
- #endif
+ # endif
  }
  
 -- 
-2.3.5
+2.7.0
 
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-clean-up-code-layout.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-clean-up-code-layout.patch
deleted file mode 100644
index 5ff1c5c..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-clean-up-code-layout.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 4453b06b940fc03a0973cfd96f908e46cce61054 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at freescale.com>
-Date: Wed, 18 Feb 2015 10:39:46 +0200
-Subject: [PATCH 23/26] cryptodev: clean-up code layout
-
-This is just a refactoring that uses else branch to check for malloc failures
-
-Change-Id: I6dc157af36d6ec51a4edfc82cf97fae2e7e83628
-Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/34218
----
- crypto/engine/eng_cryptodev.c | 42 ++++++++++++++++++++----------------------
- 1 file changed, 20 insertions(+), 22 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index dbc5989..dceb4f5 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1745,30 +1745,28 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
- 	fd = *(int *)cookie->eng_handle;
- 
- 	eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
--
--	if (eng_cookie) {
--		memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
--		if (r) {
--			kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
--			if (!kop->crk_param[kop->crk_iparams].crp_p)
--				return -ENOMEM;
--			kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
--			kop->crk_oparams++;
--			eng_cookie->r = r;
--			eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
--		}
--		if (s) {
--			kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
--			if (!kop->crk_param[kop->crk_iparams+1].crp_p)
--				return -ENOMEM;
--			kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
--			kop->crk_oparams++;
--			eng_cookie->s = s;
--			eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
--		}
--	} else
-+	if (!eng_cookie)
- 		return -ENOMEM;
- 
-+	memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
-+	if (r) {
-+		kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
-+		if (!kop->crk_param[kop->crk_iparams].crp_p)
-+			return -ENOMEM;
-+		kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
-+		kop->crk_oparams++;
-+		eng_cookie->r = r;
-+		eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
-+	}
-+	if (s) {
-+		kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
-+		if (!kop->crk_param[kop->crk_iparams+1].crp_p)
-+			return -ENOMEM;
-+		kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
-+		kop->crk_oparams++;
-+		eng_cookie->s = s;
-+		eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
-+	}
- 	eng_cookie->kop = kop;
- 	cookie->eng_cookie = eng_cookie;
- 	return ioctl(fd, CIOCASYMASYNCRYPT, kop);
--- 
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch
similarity index 66%
rename from recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch
rename to recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch
index 6527ac8..1043fbd 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch
@@ -1,27 +1,25 @@
-From 787539e7720c99785f6c664a7484842bba08f6ed Mon Sep 17 00:00:00 2001
+From f99682e0ccaeadb7446d211dfad6dbf8fcd5675f Mon Sep 17 00:00:00 2001
 From: Cristian Stoica <cristian.stoica at freescale.com>
 Date: Thu, 19 Feb 2015 13:39:52 +0200
-Subject: [PATCH 26/26] cryptodev: simplify cryptodev pkc support code
+Subject: [PATCH 23/48] cryptodev: simplify cryptodev pkc support code
 
 - Engine init returns directly a file descriptor instead of a pointer to one
 - Similarly, the Engine close will now just close the file
 
-Change-Id: Ief736d0776c7009dee002204fb1d4ce9d31c8787
 Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/34221
 ---
  crypto/crypto.h               |  2 +-
- crypto/engine/eng_cryptodev.c | 35 +++-----------------------
- crypto/engine/eng_int.h       | 14 +++--------
- crypto/engine/eng_lib.c       | 57 +++++++++++++++++++++----------------------
- crypto/engine/engine.h        | 13 +++++-----
- 5 files changed, 42 insertions(+), 79 deletions(-)
+ crypto/engine/eng_cryptodev.c | 43 +++++++----------------------------
+ crypto/engine/eng_int.h       | 14 +++---------
+ crypto/engine/eng_lib.c       | 53 +++++++++++++++++++++----------------------
+ crypto/engine/engine.h        | 13 +++++------
+ 5 files changed, 44 insertions(+), 81 deletions(-)
 
 diff --git a/crypto/crypto.h b/crypto/crypto.h
-index ce12731..292427e 100644
+index 2b4ec59..ddb9b69 100644
 --- a/crypto/crypto.h
 +++ b/crypto/crypto.h
-@@ -618,7 +618,7 @@ struct pkc_cookie_s {
+@@ -668,7 +668,7 @@ struct pkc_cookie_s {
  	   *		-EINVAL: Parameters Invalid
  	   */
  	void (*pkc_callback)(struct pkc_cookie_s *cookie, int status);
@@ -31,77 +29,92 @@ index ce12731..292427e 100644
  
  #ifdef  __cplusplus
 diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index c9db27d..f173bde 100644
+index b162646..1910c89 100644
 --- a/crypto/engine/eng_cryptodev.c
 +++ b/crypto/engine/eng_cryptodev.c
-@@ -1742,7 +1742,7 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
- 	struct pkc_cookie_s *cookie = kop->cookie;
- 	struct cryptodev_cookie_s *eng_cookie;
+@@ -433,10 +433,10 @@ static int get_dev_crypto(void)
  
--	fd = *(int *)cookie->eng_handle;
-+	fd = cookie->eng_handle;
+ static int put_dev_crypto(int fd)
+ {
+-#ifdef CRIOGET_NOT_NEEDED
+-	return 0;
+-#else
+-	return close(fd);
++# ifdef CRIOGET_NOT_NEEDED
++    return 0;
++# else
++    return close(fd);
+ # endif
+ }
+ 
+@@ -1863,7 +1863,7 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+     struct pkc_cookie_s *cookie = kop->cookie;
+     struct cryptodev_cookie_s *eng_cookie;
+ 
+-    fd = *(int *)cookie->eng_handle;
++    fd = cookie->eng_handle;
  
- 	eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
- 	if (!eng_cookie)
-@@ -1802,38 +1802,11 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
- 	return (ret);
+     eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
+     if (!eng_cookie)
+@@ -1926,38 +1926,11 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+     return (ret);
  }
  
 -/* Close an opened instance of cryptodev engine */
 -void cryptodev_close_instance(void *handle)
 -{
--	int fd;
+-    int fd;
 -
--	if (handle) {
--		fd = *(int *)handle;
--		close(fd);
--		free(handle);
--	}
+-    if (handle) {
+-        fd = *(int *)handle;
+-        close(fd);
+-        free(handle);
+-    }
 -}
 -
 -/* Create an instance of cryptodev for asynchronous interface */
 -void *cryptodev_init_instance(void)
 -{
--	int *fd = malloc(sizeof(int));
+-    int *fd = malloc(sizeof(int));
 -
--	if (fd) {
--		if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) {
--			free(fd);
--			return NULL;
--		}
--	}
--	return fd;
+-    if (fd) {
+-        if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) {
+-            free(fd);
+-            return NULL;
+-        }
+-    }
+-    return fd;
 -}
 -
- #include <poll.h>
+ # include <poll.h>
  
  /* Return 0 on success and 1 on failure */
 -int cryptodev_check_availability(void *eng_handle)
 +int cryptodev_check_availability(int fd)
  {
--	int fd = *(int *)eng_handle;
- 	struct pkc_cookie_list_s cookie_list;
- 	struct pkc_cookie_s *cookie;
- 	int i;
-@@ -4540,8 +4513,8 @@ ENGINE_load_cryptodev(void)
- 	}
+-    int fd = *(int *)eng_handle;
+     struct pkc_cookie_list_s cookie_list;
+     struct pkc_cookie_s *cookie;
+     int i;
+@@ -4706,8 +4679,8 @@ void ENGINE_load_cryptodev(void)
+     }
  
- 	ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability);
--	ENGINE_set_close_instance(engine, cryptodev_close_instance);
--	ENGINE_set_init_instance(engine, cryptodev_init_instance);
-+	ENGINE_set_close_instance(engine, put_dev_crypto);
-+	ENGINE_set_open_instance(engine, open_dev_crypto);
- 	ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC);
+     ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability);
+-    ENGINE_set_close_instance(engine, cryptodev_close_instance);
+-    ENGINE_set_init_instance(engine, cryptodev_init_instance);
++    ENGINE_set_close_instance(engine, put_dev_crypto);
++    ENGINE_set_open_instance(engine, open_dev_crypto);
+     ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC);
  
- 	ENGINE_add(engine);
+     ENGINE_add(engine);
 diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
-index 8fc3077..8fb79c0 100644
+index b698a0c..7541beb 100644
 --- a/crypto/engine/eng_int.h
 +++ b/crypto/engine/eng_int.h
-@@ -181,23 +181,15 @@ struct engine_st
- 	ENGINE_LOAD_KEY_PTR load_pubkey;
- 
- 	ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
+@@ -198,23 +198,15 @@ struct engine_st {
+     ENGINE_LOAD_KEY_PTR load_privkey;
+     ENGINE_LOAD_KEY_PTR load_pubkey;
+     ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
 -	/*
 -	 * Instantiate Engine handle to be passed in check_pkc_availability
 -	 * Ensure that Engine is instantiated before any pkc asynchronous call.
@@ -126,20 +139,20 @@ index 8fc3077..8fb79c0 100644
  	 * The following map is used to check if the engine supports asynchronous implementation
  	 * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous
 diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
-index 6fa621c..6c9471b 100644
+index 0c57e12..4fdcfd6 100644
 --- a/crypto/engine/eng_lib.c
 +++ b/crypto/engine/eng_lib.c
-@@ -99,7 +99,7 @@ void engine_set_all_null(ENGINE *e)
- 	e->load_privkey = NULL;
- 	e->load_pubkey = NULL;
+@@ -101,7 +101,7 @@ void engine_set_all_null(ENGINE *e)
+     e->load_privkey = NULL;
+     e->load_pubkey = NULL;
  	e->check_pkc_availability = NULL;
 -	e->engine_init_instance = NULL;
 +	e->engine_open_instance = NULL;
  	e->engine_close_instance = NULL;
- 	e->cmd_defns = NULL;
+     e->cmd_defns = NULL;
  	e->async_map = 0;
-@@ -237,47 +237,46 @@ int ENGINE_set_id(ENGINE *e, const char *id)
- 	return 1;
+@@ -252,46 +252,45 @@ int ENGINE_set_id(ENGINE *e, const char *id)
+     return 1;
  	}
  
 -void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void))
@@ -181,43 +194,40 @@ index 6fa621c..6c9471b 100644
  		return e->async_map;
  	}
  
--void ENGINE_set_check_pkc_availability(ENGINE *e,
--	int (*check_pkc_availability)(void *eng_handle))
--	{
--		e->check_pkc_availability = check_pkc_availability;
--	}
 +int ENGINE_open_instance(ENGINE *e)
 +{
 +	return e->engine_open_instance();
 +}
- 
--int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle)
--	{
--		return e->check_pkc_availability(eng_handle);
--	}
++
 +int ENGINE_close_instance(ENGINE *e, int fd)
 +{
 +	return e->engine_close_instance(fd);
 +}
 +
-+void ENGINE_set_check_pkc_availability(ENGINE *e,
+ void ENGINE_set_check_pkc_availability(ENGINE *e,
+-	int (*check_pkc_availability)(void *eng_handle))
+-	{
+-		e->check_pkc_availability = check_pkc_availability;
+-	}
 +	int (*check_pkc_availability)(int fd))
 +{
 +	e->check_pkc_availability = check_pkc_availability;
 +}
-+
+ 
+-int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle)
+-	{
+-		return e->check_pkc_availability(eng_handle);
 +int ENGINE_check_pkc_availability(ENGINE *e, int fd)
 +{
 +	return e->check_pkc_availability(fd);
-+}
+ }
  
  int ENGINE_set_name(ENGINE *e, const char *name)
- 	{
 diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
-index ccff86a..3ba3e97 100644
+index 4527aa1..f83ee73 100644
 --- a/crypto/engine/engine.h
 +++ b/crypto/engine/engine.h
-@@ -473,9 +473,6 @@ ENGINE *ENGINE_new(void);
+@@ -551,9 +551,6 @@ ENGINE *ENGINE_new(void);
  int ENGINE_free(ENGINE *e);
  int ENGINE_up_ref(ENGINE *e);
  int ENGINE_set_id(ENGINE *e, const char *id);
@@ -227,7 +237,7 @@ index ccff86a..3ba3e97 100644
  /*
   * Following FLAGS are bitmap store in async_map to set asynchronous interface capability
   *of the engine
-@@ -492,11 +489,13 @@ void ENGINE_set_async_map(ENGINE *e, int async_map);
+@@ -570,11 +567,13 @@ void ENGINE_set_async_map(ENGINE *e, int async_map);
    * to confirm asynchronous methods supported
    */
  int ENGINE_get_async_map(ENGINE *e);
@@ -246,5 +256,5 @@ index ccff86a..3ba3e97 100644
  int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
  int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
 -- 
-2.3.5
+2.7.0
 
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch
new file mode 100644
index 0000000..27ccd95
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch
@@ -0,0 +1,37 @@
+From cb6842dac159b40acdc755526b0ba0afb61d9d64 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Mon, 14 Dec 2015 14:02:00 +0200
+Subject: [PATCH 24/48] cryptodev: clarify code, remove assignments from
+ conditionals
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 1910c89..fcfd232 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1559,14 +1559,16 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+     struct session_op *sess = &state->d_sess;
+     int digest;
+ 
+-    if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef) {
++    digest = digest_nid_to_cryptodev(ctx->digest->type);
++    if (digest == NID_undef) {
+         printf("cryptodev_digest_init: Can't get digest \n");
+         return (0);
+     }
+ 
+     memset(state, 0, sizeof(struct dev_crypto_state));
+ 
+-    if ((state->d_fd = get_dev_crypto()) < 0) {
++    state->d_fd = get_dev_crypto();
++    if (state->d_fd < 0) {
+         printf("cryptodev_digest_init: Can't get Dev \n");
+         return (0);
+     }
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch
deleted file mode 100644
index e798d3e..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From a44701abd995b3db80001d0c5d88e9ead05972c1 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica at freescale.com>
-Date: Thu, 19 Feb 2015 16:43:29 +0200
-Subject: [PATCH 24/26] cryptodev: do not cache file descriptor in 'open'
-
-The file descriptor returned by get_dev_crypto is cached after a
-successful return. The issue is, it is cached inside 'open_dev_crypto'
-which is no longer useful as a general purpose open("/dev/crypto")
-function.
-
-This patch is a refactoring that moves the caching operation from
-open_dev_crypto to get_dev_crypto and leaves the former as a simpler
-function true to its name
-
-Change-Id: I980170969410381973ce75f6679a4a1401738847
-Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/34219
----
- crypto/engine/eng_cryptodev.c | 50 +++++++++++++++++++++----------------------
- 1 file changed, 24 insertions(+), 26 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index dceb4f5..b74fc7c 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -306,47 +306,45 @@ static void ctr64_inc(unsigned char *counter) {
- 		if (c) return;
- 	} while (n);
- }
--/*
-- * Return a fd if /dev/crypto seems usable, 0 otherwise.
-- */
--static int
--open_dev_crypto(void)
-+
-+static int open_dev_crypto(void)
- {
--	static int fd = -1;
-+	int fd;
- 
--	if (fd == -1) {
--		if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
--			return (-1);
--		/* close on exec */
--		if (fcntl(fd, F_SETFD, 1) == -1) {
--			close(fd);
--			fd = -1;
--			return (-1);
--		}
-+	fd = open("/dev/crypto", O_RDWR, 0);
-+	if ( fd < 0)
-+		return -1;
-+
-+	/* close on exec */
-+	if (fcntl(fd, F_SETFD, 1) == -1) {
-+		close(fd);
-+		return -1;
- 	}
--	return (fd);
-+
-+	return fd;
- }
- 
--static int
--get_dev_crypto(void)
-+static int get_dev_crypto(void)
- {
--	int fd, retfd;
-+	static int fd = -1;
-+	int retfd;
- 
--	if ((fd = open_dev_crypto()) == -1)
--		return (-1);
--#ifndef CRIOGET_NOT_NEEDED
-+	if (fd == -1)
-+		fd = open_dev_crypto();
-+#ifdef CRIOGET_NOT_NEEDED
-+	return fd;
-+#else
-+	if (fd == -1)
-+		return -1;
- 	if (ioctl(fd, CRIOGET, &retfd) == -1)
- 		return (-1);
--
- 	/* close on exec */
- 	if (fcntl(retfd, F_SETFD, 1) == -1) {
- 		close(retfd);
- 		return (-1);
- 	}
--#else
--        retfd = fd;
-+	return retfd;
- #endif
--	return (retfd);
- }
- 
- static void put_dev_crypto(int fd)
--- 
-2.3.5
-
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch
new file mode 100644
index 0000000..ad5c303
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch
@@ -0,0 +1,34 @@
+From 087ae4ecbaf9cd49a2fcae9cb09c491beabc4c88 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Tue, 15 Dec 2015 12:10:37 +0200
+Subject: [PATCH 25/48] cryptodev: clean-up context state before anything else
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index fcfd232..16e6fd9 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1559,14 +1559,14 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+     struct session_op *sess = &state->d_sess;
+     int digest;
+ 
++    memset(state, 0, sizeof(struct dev_crypto_state));
++
+     digest = digest_nid_to_cryptodev(ctx->digest->type);
+     if (digest == NID_undef) {
+         printf("cryptodev_digest_init: Can't get digest \n");
+         return (0);
+     }
+ 
+-    memset(state, 0, sizeof(struct dev_crypto_state));
+-
+     state->d_fd = get_dev_crypto();
+     if (state->d_fd < 0) {
+         printf("cryptodev_digest_init: Can't get Dev \n");
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch
new file mode 100644
index 0000000..936aafc
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch
@@ -0,0 +1,155 @@
+From 02dd4d275f7544a4027ca3452b60ac5bdd9376fb Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Mon, 14 Dec 2015 17:49:08 +0200
+Subject: [PATCH 26/48] cryptodev: remove code duplication in digest operations
+
+This patch simplifies code and removes duplication in digest_update and
+digest_final for cryptodev engine.
+
+Note: The current design of eng_cryptodev for digests operations assumes
+      the presence of all the data before processing (this is suboptimal
+      with cryptodev-linux because Linux kernel has support for digest-update
+      operations and there is no need to accumulate the input data).
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 76 ++++++++++++++++---------------------------
+ 1 file changed, 28 insertions(+), 48 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 16e6fd9..048e050 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1590,24 +1590,25 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+                                    size_t count)
+ {
+-    struct crypt_op cryp;
+     struct dev_crypto_state *state = ctx->md_data;
+-    struct session_op *sess = &state->d_sess;
+ 
+-    if (!data || state->d_fd < 0) {
++    if (!data || !count) {
+         printf("cryptodev_digest_update: illegal inputs \n");
+-        return (0);
+-    }
+-
+-    if (!count) {
+-        return (0);
++        return 0;
+     }
+ 
+-    if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
+-        /* if application doesn't support one buffer */
++    /*
++     * Accumulate input data if it is scattered in several buffers. TODO:
++     * Depending on number of calls and data size, this code can be optimized
++     * to take advantage of Linux kernel crypto API, balancing between
++     * cryptodev calls and accumulating small amounts of data
++     */
++    if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) {
++        state->mac_data = data;
++        state->mac_len = count;
++    } else {
+         state->mac_data =
+             OPENSSL_realloc(state->mac_data, state->mac_len + count);
+-
+         if (!state->mac_data) {
+             printf("cryptodev_digest_update: realloc failed\n");
+             return (0);
+@@ -1615,23 +1616,9 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+ 
+         memcpy(state->mac_data + state->mac_len, data, count);
+         state->mac_len += count;
+-
+-        return (1);
+     }
+ 
+-    memset(&cryp, 0, sizeof(cryp));
+-
+-    cryp.ses = sess->ses;
+-    cryp.flags = 0;
+-    cryp.len = count;
+-    cryp.src = (caddr_t) data;
+-    cryp.dst = NULL;
+-    cryp.mac = (caddr_t) state->digest_res;
+-    if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+-        printf("cryptodev_digest_update: digest failed\n");
+-        return (0);
+-    }
+-    return (1);
++    return 1;
+ }
+ 
+ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+@@ -1640,33 +1627,25 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+     struct dev_crypto_state *state = ctx->md_data;
+     struct session_op *sess = &state->d_sess;
+ 
+-    int ret = 1;
+-
+     if (!md || state->d_fd < 0) {
+         printf("cryptodev_digest_final: illegal input\n");
+         return (0);
+     }
+ 
+-    if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
+-        /* if application doesn't support one buffer */
+-        memset(&cryp, 0, sizeof(cryp));
+-        cryp.ses = sess->ses;
+-        cryp.flags = 0;
+-        cryp.len = state->mac_len;
+-        cryp.src = state->mac_data;
+-        cryp.dst = NULL;
+-        cryp.mac = (caddr_t) md;
+-        if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+-            printf("cryptodev_digest_final: digest failed\n");
+-            return (0);
+-        }
++    memset(&cryp, 0, sizeof(cryp));
+ 
+-        return 1;
+-    }
++    cryp.ses = sess->ses;
++    cryp.flags = 0;
++    cryp.len = state->mac_len;
++    cryp.src = state->mac_data;
++    cryp.mac = md;
+ 
+-    memcpy(md, state->digest_res, ctx->digest->md_size);
++    if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
++        printf("cryptodev_digest_final: digest failed\n");
++        return (0);
++    }
+ 
+-    return (ret);
++    return (1);
+ }
+ 
+ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
+@@ -1683,11 +1662,11 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
+         return (0);
+     }
+ 
+-    if (state->mac_data) {
++    if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
+         OPENSSL_free(state->mac_data);
+-        state->mac_data = NULL;
+-        state->mac_len = 0;
+     }
++    state->mac_data = NULL;
++    state->mac_len = 0;
+ 
+     if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
+         printf("cryptodev_digest_cleanup: failed to close session\n");
+@@ -1695,6 +1674,7 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
+     } else {
+         ret = 1;
+     }
++
+     put_dev_crypto(state->d_fd);
+     state->d_fd = -1;
+ 
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch
new file mode 100644
index 0000000..46b3ced
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch
@@ -0,0 +1,108 @@
+From 2187b18ffe4851efcb6465ca02ac036d2fe031b8 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Tue, 15 Dec 2015 12:23:13 +0200
+Subject: [PATCH 27/48] cryptodev: put all digest ioctls into a single function
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 44 +++++++++++++++++++------------------------
+ 1 file changed, 19 insertions(+), 25 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 048e050..76faa35 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1577,13 +1577,6 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+     sess->mackeylen = digest_key_length(ctx->digest->type);
+     sess->mac = digest;
+ 
+-    if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
+-        put_dev_crypto(state->d_fd);
+-        state->d_fd = -1;
+-        printf("cryptodev_digest_init: Open session failed\n");
+-        return (0);
+-    }
+-
+     return (1);
+ }
+ 
+@@ -1623,6 +1616,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+ 
+ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+ {
++    int ret = 1;
+     struct crypt_op cryp;
+     struct dev_crypto_state *state = ctx->md_data;
+     struct session_op *sess = &state->d_sess;
+@@ -1632,6 +1626,11 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+         return (0);
+     }
+ 
++    if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
++        printf("cryptodev_digest_init: Open session failed\n");
++        return (0);
++    }
++
+     memset(&cryp, 0, sizeof(cryp));
+ 
+     cryp.ses = sess->ses;
+@@ -1642,43 +1641,38 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+ 
+     if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+         printf("cryptodev_digest_final: digest failed\n");
+-        return (0);
++        ret = 0;
+     }
+ 
+-    return (1);
++    if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
++        printf("cryptodev_digest_cleanup: failed to close session\n");
++    }
++
++    return ret;
+ }
+ 
+ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
+ {
+-    int ret = 1;
+     struct dev_crypto_state *state = ctx->md_data;
+     struct session_op *sess = &state->d_sess;
+ 
+-    if (state == NULL)
++    if (state == NULL) {
+         return 0;
+-
+-    if (state->d_fd < 0) {
+-        printf("cryptodev_digest_cleanup: illegal input\n");
+-        return (0);
+     }
+ 
+     if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
+         OPENSSL_free(state->mac_data);
+     }
+-    state->mac_data = NULL;
+-    state->mac_len = 0;
+ 
+-    if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
+-        printf("cryptodev_digest_cleanup: failed to close session\n");
+-        ret = 0;
+-    } else {
+-        ret = 1;
++    if (state->d_fd >= 0) {
++        put_dev_crypto(state->d_fd);
++        state->d_fd = -1;
+     }
+ 
+-    put_dev_crypto(state->d_fd);
+-    state->d_fd = -1;
++    state->mac_data = NULL;
++    state->mac_len = 0;
+ 
+-    return (ret);
++    return 1;
+ }
+ 
+ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch
new file mode 100644
index 0000000..03d1b96
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch
@@ -0,0 +1,90 @@
+From 3dd41691dc8162ec26d188269934689ad834894c Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Tue, 15 Dec 2015 12:51:36 +0200
+Subject: [PATCH 28/48] cryptodev: fix debug print messages
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 76faa35..1585009 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1563,13 +1563,13 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+ 
+     digest = digest_nid_to_cryptodev(ctx->digest->type);
+     if (digest == NID_undef) {
+-        printf("cryptodev_digest_init: Can't get digest \n");
++        printf("%s: Can't get digest\n", __func__);
+         return (0);
+     }
+ 
+     state->d_fd = get_dev_crypto();
+     if (state->d_fd < 0) {
+-        printf("cryptodev_digest_init: Can't get Dev \n");
++        printf("%s: Can't get Dev\n", __func__);
+         return (0);
+     }
+ 
+@@ -1586,7 +1586,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+     struct dev_crypto_state *state = ctx->md_data;
+ 
+     if (!data || !count) {
+-        printf("cryptodev_digest_update: illegal inputs \n");
++        printf("%s: illegal inputs\n", __func__);
+         return 0;
+     }
+ 
+@@ -1603,7 +1603,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+         state->mac_data =
+             OPENSSL_realloc(state->mac_data, state->mac_len + count);
+         if (!state->mac_data) {
+-            printf("cryptodev_digest_update: realloc failed\n");
++            printf("%s: realloc failed\n", __func__);
+             return (0);
+         }
+ 
+@@ -1622,12 +1622,12 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+     struct session_op *sess = &state->d_sess;
+ 
+     if (!md || state->d_fd < 0) {
+-        printf("cryptodev_digest_final: illegal input\n");
++        printf("%s: illegal input\n", __func__);
+         return (0);
+     }
+ 
+     if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
+-        printf("cryptodev_digest_init: Open session failed\n");
++        printf("%s: Open session failed\n", __func__);
+         return (0);
+     }
+ 
+@@ -1640,12 +1640,12 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+     cryp.mac = md;
+ 
+     if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+-        printf("cryptodev_digest_final: digest failed\n");
++        printf("%s: digest failed\n", __func__);
+         ret = 0;
+     }
+ 
+     if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
+-        printf("cryptodev_digest_cleanup: failed to close session\n");
++        printf("%s: failed to close session\n", __func__);
+     }
+ 
+     return ret;
+@@ -1700,7 +1700,7 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
+     if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
+         put_dev_crypto(dstate->d_fd);
+         dstate->d_fd = -1;
+-        printf("cryptodev_digest_init: Open session failed\n");
++        printf("%s: Open session failed\n", __func__);
+         return (0);
+     }
+ 
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch
new file mode 100644
index 0000000..3dc2b92
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch
@@ -0,0 +1,91 @@
+From 3fe44ab50a87106af3349148e81ec8a1d524de82 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Tue, 15 Dec 2015 15:43:28 +0200
+Subject: [PATCH 29/48] cryptodev: use CIOCHASH ioctl for digest operations
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 34 +++++++++++-----------------------
+ 1 file changed, 11 insertions(+), 23 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 1585009..dc27b55 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -84,6 +84,7 @@ struct dev_crypto_state {
+     unsigned char *iv;
+     int ivlen;
+ # ifdef USE_CRYPTODEV_DIGESTS
++    struct hash_op_data hash_op;
+     char dummy_mac_key[HASH_MAX_LEN];
+     unsigned char digest_res[HASH_MAX_LEN];
+     char *mac_data;
+@@ -1556,7 +1557,7 @@ static int digest_key_length(int nid)
+ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+ {
+     struct dev_crypto_state *state = ctx->md_data;
+-    struct session_op *sess = &state->d_sess;
++    struct hash_op_data *hash_op = &state->hash_op;
+     int digest;
+ 
+     memset(state, 0, sizeof(struct dev_crypto_state));
+@@ -1573,9 +1574,9 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+         return (0);
+     }
+ 
+-    sess->mackey = state->dummy_mac_key;
+-    sess->mackeylen = digest_key_length(ctx->digest->type);
+-    sess->mac = digest;
++    hash_op->mac_op = digest;
++    hash_op->mackey = state->dummy_mac_key;
++    hash_op->mackeylen = digest_key_length(ctx->digest->type);
+ 
+     return (1);
+ }
+@@ -1617,37 +1618,24 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+ {
+     int ret = 1;
+-    struct crypt_op cryp;
+     struct dev_crypto_state *state = ctx->md_data;
+-    struct session_op *sess = &state->d_sess;
++    struct hash_op_data *hash_op = &state->hash_op;
+ 
+     if (!md || state->d_fd < 0) {
+         printf("%s: illegal input\n", __func__);
+         return (0);
+     }
+ 
+-    if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
+-        printf("%s: Open session failed\n", __func__);
+-        return (0);
+-    }
+-
+-    memset(&cryp, 0, sizeof(cryp));
++    hash_op->flags = 0;
++    hash_op->len = state->mac_len;
++    hash_op->src = state->mac_data;
++    hash_op->mac_result = md;
+ 
+-    cryp.ses = sess->ses;
+-    cryp.flags = 0;
+-    cryp.len = state->mac_len;
+-    cryp.src = state->mac_data;
+-    cryp.mac = md;
+-
+-    if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
++    if (ioctl(state->d_fd, CIOCHASH, hash_op) < 0) {
+         printf("%s: digest failed\n", __func__);
+         ret = 0;
+     }
+ 
+-    if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
+-        printf("%s: failed to close session\n", __func__);
+-    }
+-
+     return ret;
+ }
+ 
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch
new file mode 100644
index 0000000..995a593
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch
@@ -0,0 +1,106 @@
+From 12fad710349bb72b7f95ee30b40c2e6dfbb5d373 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Wed, 13 Jan 2016 15:18:20 +0200
+Subject: [PATCH 30/48] cryptodev: reduce duplicated efforts for searching
+ inside digests table
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 44 ++++++++++++++++++-------------------------
+ 1 file changed, 18 insertions(+), 26 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index dc27b55..30713e5 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1533,37 +1533,31 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+ 
+ # ifdef USE_CRYPTODEV_DIGESTS
+ 
+-/* convert digest type to cryptodev */
+-static int digest_nid_to_cryptodev(int nid)
++static int digest_nid_to_id(int nid)
+ {
+     int i;
+ 
+-    for (i = 0; digests[i].id; i++)
+-        if (digests[i].nid == nid)
+-            return (digests[i].id);
+-    return (0);
+-}
+-
+-static int digest_key_length(int nid)
+-{
+-    int i;
+-
+-    for (i = 0; digests[i].id; i++)
+-        if (digests[i].nid == nid)
+-            return digests[i].keylen;
+-    return (0);
++    for (i = 0;; i++) {
++        if ((digests[i].nid == nid) || (digests[i].id == 0)) {
++            break;
++        }
++    }
++    return i;
+ }
+ 
+ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+ {
+     struct dev_crypto_state *state = ctx->md_data;
+     struct hash_op_data *hash_op = &state->hash_op;
+-    int digest;
++    int id;
+ 
+     memset(state, 0, sizeof(struct dev_crypto_state));
+ 
+-    digest = digest_nid_to_cryptodev(ctx->digest->type);
+-    if (digest == NID_undef) {
++    id = digest_nid_to_id(ctx->digest->type);
++
++    hash_op->mac_op = digests[id].id;
++    hash_op->mackeylen = digests[id].keylen;
++    if (hash_op->mac_op == 0) {
+         printf("%s: Can't get digest\n", __func__);
+         return (0);
+     }
+@@ -1574,11 +1568,9 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+         return (0);
+     }
+ 
+-    hash_op->mac_op = digest;
+     hash_op->mackey = state->dummy_mac_key;
+-    hash_op->mackeylen = digest_key_length(ctx->digest->type);
+ 
+-    return (1);
++    return 1;
+ }
+ 
+ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+@@ -1668,7 +1660,7 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
+     struct dev_crypto_state *fstate = from->md_data;
+     struct dev_crypto_state *dstate = to->md_data;
+     struct session_op *sess;
+-    int digest;
++    int id;
+ 
+     if (dstate == NULL || fstate == NULL)
+         return 1;
+@@ -1677,11 +1669,11 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
+ 
+     sess = &dstate->d_sess;
+ 
+-    digest = digest_nid_to_cryptodev(to->digest->type);
++    id = digest_nid_to_id(to->digest->type);
+ 
+     sess->mackey = dstate->dummy_mac_key;
+-    sess->mackeylen = digest_key_length(to->digest->type);
+-    sess->mac = digest;
++    sess->mackeylen = digests[id].keylen;
++    sess->mac = digests[id].id;
+ 
+     dstate->d_fd = get_dev_crypto();
+ 
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch
new file mode 100644
index 0000000..fc23e0c
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch
@@ -0,0 +1,46 @@
+From 8cd09ffdfd7d9c25605401f1c0947b1b4acc6e57 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Mon, 8 Feb 2016 16:00:22 +0200
+Subject: [PATCH 31/48] cryptodev: remove not used local variables
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 30713e5..2734500 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1634,7 +1634,6 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
+ {
+     struct dev_crypto_state *state = ctx->md_data;
+-    struct session_op *sess = &state->d_sess;
+ 
+     if (state == NULL) {
+         return 0;
+@@ -3939,7 +3938,6 @@ static int cryptodev_dh_keygen(DH *dh)
+     int ret = 1, q_len = 0;
+     unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL;
+     BIGNUM *pub_key = NULL, *priv_key = NULL;
+-    int generate_new_key = 1;
+ 
+     if (dh->priv_key)
+         priv_key = dh->priv_key;
+@@ -4061,11 +4059,9 @@ cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
+ {
+     struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
+     int ret = 1;
+-    int fd, p_len;
++    int p_len;
+     unsigned char *padded_pub_key = NULL, *p = NULL;
+ 
+-    fd = *(int *)cookie->eng_handle;
+-
+     memset(kop, 0, sizeof(struct crypt_kop));
+     kop->crk_op = CRK_DH_COMPUTE_KEY;
+     /* inputs: dh->priv_key pub_key dh->p key */
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch
new file mode 100644
index 0000000..9ff4d36
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch
@@ -0,0 +1,27 @@
+From 335c80f847eacc573e10ba925b6a645963b16197 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Mon, 8 Feb 2016 17:22:49 +0200
+Subject: [PATCH 32/48] cryptodev: hide not used variable behind #ifndef
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 2734500..5a68c76 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -412,7 +412,9 @@ static int open_dev_crypto(void)
+ static int get_dev_crypto(void)
+ {
+     static int fd = -1;
++# ifndef CRIOGET_NOT_NEEDED
+     int retfd;
++# endif
+ 
+     if (fd == -1)
+         fd = open_dev_crypto();
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch
new file mode 100644
index 0000000..82cceba
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch
@@ -0,0 +1,26 @@
+From 03bdddf1495707119e4fa0eda385ecdccf66cbd8 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Mon, 8 Feb 2016 16:08:25 +0200
+Subject: [PATCH 33/48] cryptodev: fix function declaration typo
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/engine.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
+index f83ee73..c8efbe1 100644
+--- a/crypto/engine/engine.h
++++ b/crypto/engine/engine.h
+@@ -569,7 +569,7 @@ void ENGINE_set_async_map(ENGINE *e, int async_map);
+ int ENGINE_get_async_map(ENGINE *e);
+ int ENGINE_open_instance(ENGINE *e);
+ int ENGINE_close_instance(ENGINE *e, int fd);
+-void ENGINE_set_init_instance(ENGINE *e, int(*engine_init_instance)(void));
++void ENGINE_set_open_instance(ENGINE *e, int(*engine_open_instance)(void));
+ void ENGINE_set_close_instance(ENGINE *e, int(*engine_close_instance)(int));
+ void ENGINE_set_check_pkc_availability(ENGINE *e,
+ 	int (*check_pkc_availability)(int fd));
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch
new file mode 100644
index 0000000..84268c5
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch
@@ -0,0 +1,26 @@
+From 7012cf33a00618749319b1903f48ee3a35f5887b Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Mon, 8 Feb 2016 16:12:54 +0200
+Subject: [PATCH 34/48] cryptodev: fix incorrect function signature
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 5a68c76..cec6938 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -3148,7 +3148,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
+ }
+ 
+ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
+-                                  ECDSA_SIG *sig, EC_KEY *eckey)
++                                  const ECDSA_SIG *sig, EC_KEY *eckey)
+ {
+     BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL;
+     BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch
new file mode 100644
index 0000000..0e90d82
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch
@@ -0,0 +1,110 @@
+From 82612e3c4161ed6e10379841b953a0f56e557be4 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Mon, 8 Feb 2016 16:21:46 +0200
+Subject: [PATCH 35/48] cryptodev: fix warnings on excess elements in struct
+ initializer
+
+The initialization data for these structures had either missing or excess
+values and did not match the structure definitions.
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/dh/dh.h                |  6 +++---
+ crypto/dsa/dsa.h              | 11 ++++++-----
+ crypto/engine/eng_cryptodev.c | 11 ++++++-----
+ 3 files changed, 15 insertions(+), 13 deletions(-)
+
+diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
+index 31dd762..11c6c7d 100644
+--- a/crypto/dh/dh.h
++++ b/crypto/dh/dh.h
+@@ -123,9 +123,9 @@ struct dh_method {
+     int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a,
+                        const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                        BN_MONT_CTX *m_ctx);
+-	int (*compute_key_async)(unsigned char *key,const BIGNUM *pub_key,DH *dh,
+-				struct pkc_cookie_s *cookie);
+-	int (*generate_key_async)(DH *dh, struct pkc_cookie_s *cookie);
++    int (*compute_key_async) (unsigned char *key, const BIGNUM *pub_key,
++                              DH *dh, struct pkc_cookie_s * cookie);
++    int (*generate_key_async) (DH *dh, struct pkc_cookie_s * cookie);
+     int (*init) (DH *dh);
+     int (*finish) (DH *dh);
+     int flags;
+diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
+index 8584731..ab52add 100644
+--- a/crypto/dsa/dsa.h
++++ b/crypto/dsa/dsa.h
+@@ -139,10 +139,11 @@ struct dsa_method {
+     /* Can be null */
+     int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+-	int (*dsa_do_sign_async)(const unsigned char *dgst, int dlen, DSA *dsa,
+-				DSA_SIG *sig, struct pkc_cookie_s *cookie);
+-	int (*dsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
+-			     DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie);
++    int (*dsa_do_sign_async) (const unsigned char *dgst, int dlen, DSA *dsa,
++                              DSA_SIG *sig, struct pkc_cookie_s * cookie);
++    int (*dsa_do_verify_async) (const unsigned char *dgst, int dgst_len,
++                                DSA_SIG *sig, DSA *dsa,
++                                struct pkc_cookie_s * cookie);
+     int (*init) (DSA *dsa);
+     int (*finish) (DSA *dsa);
+     int flags;
+@@ -154,7 +155,7 @@ struct dsa_method {
+                          BN_GENCB *cb);
+     /* If this is non-NULL, it is used to generate DSA keys */
+     int (*dsa_keygen) (DSA *dsa);
+-	int (*dsa_keygen_async)(DSA *dsa, struct pkc_cookie_s *cookie);
++    int (*dsa_keygen_async) (DSA *dsa, struct pkc_cookie_s * cookie);
+ };
+ 
+ struct dsa_st {
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index cec6938..407ea62 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -2892,11 +2892,13 @@ static DSA_METHOD cryptodev_dsa = {
+     NULL,
+     NULL,
+     NULL,
+-    NULL,
+     NULL,                       /* init */
+     NULL,                       /* finish */
+     0,                          /* flags */
+-    NULL                        /* app_data */
++    NULL,                       /* app_data */
++    NULL,
++    NULL,
++    NULL
+ };
+ 
+ static ECDSA_METHOD cryptodev_ecdsa = {
+@@ -2906,7 +2908,6 @@ static ECDSA_METHOD cryptodev_ecdsa = {
+     NULL,
+     NULL,
+     NULL,
+-    NULL,
+     0,                          /* flags */
+     NULL                        /* app_data */
+ };
+@@ -4483,14 +4484,14 @@ static DH_METHOD cryptodev_dh = {
+     NULL,
+     NULL,
+     0,                          /* flags */
+-    NULL                        /* app_data */
++    NULL,                       /* app_data */
++    NULL,                       /* generate_params */
+ };
+ 
+ static ECDH_METHOD cryptodev_ecdh = {
+     "cryptodev ECDH method",
+     NULL,                       /* cryptodev_ecdh_compute_key */
+     NULL,
+-    NULL,
+     0,                          /* flags */
+     NULL                        /* app_data */
+ };
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch
new file mode 100644
index 0000000..94b9f0f
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch
@@ -0,0 +1,46 @@
+From 8ccc9b12954b7eb299020a1b15d9d1e5735779df Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Mon, 8 Feb 2016 16:36:33 +0200
+Subject: [PATCH 36/48] cryptodev: fix free on error path
+
+This was most likely a typo that escaped code review
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/ecdsa/ecs_locl.h       | 4 ++--
+ crypto/engine/eng_cryptodev.c | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h
+index 9b28c04..c3843c6 100644
+--- a/crypto/ecdsa/ecs_locl.h
++++ b/crypto/ecdsa/ecs_locl.h
+@@ -74,10 +74,10 @@ struct ecdsa_method {
+                              BIGNUM **r);
+     int (*ecdsa_do_verify) (const unsigned char *dgst, int dgst_len,
+                             const ECDSA_SIG *sig, EC_KEY *eckey);
+-	 int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len,
++    int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len,
+ 			const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey,
+ 			ECDSA_SIG *sig, struct pkc_cookie_s *cookie);
+-	int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
++    int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
+ 			const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie);
+ # if 0
+     int (*init) (EC_KEY *eckey);
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 407ea62..1b1fdc7 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -3424,7 +3424,7 @@ static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst,
+     if (!(sig->r = BN_new()) || !kop)
+         goto err;
+     if ((sig->s = BN_new()) == NULL) {
+-        BN_free(r);
++        BN_free(sig->r);
+         goto err;
+     }
+ 
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch
new file mode 100644
index 0000000..2e9567b
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch
@@ -0,0 +1,28 @@
+From b3d3b86063e65b84ce53f4653295e3f6a83d5794 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Mon, 8 Feb 2016 16:55:32 +0200
+Subject: [PATCH 37/48] cryptodev: fix return value on error
+
+Even though we're on error path, the operation is taken care of on
+software; return success (ret is 1)
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 1b1fdc7..8cd3aa3 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -2755,7 +2755,6 @@ cryptodev_dsa_do_sign_async(const unsigned char *dgst, int dlen, DSA *dsa,
+         sig->s = dsaret->s;
+         /* Call user callback immediately */
+         cookie->pkc_callback(cookie, 0);
+-        ret = dsaret;
+     }
+     return ret;
+ }
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch
new file mode 100644
index 0000000..6e083ba
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch
@@ -0,0 +1,29 @@
+From dcc3254b6dbb8627dd710fa58585542b98c80394 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Mon, 8 Feb 2016 17:11:43 +0200
+Subject: [PATCH 38/48] cryptodev: match types with cryptodev.h
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 8cd3aa3..4613d2d 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -85,9 +85,9 @@ struct dev_crypto_state {
+     int ivlen;
+ # ifdef USE_CRYPTODEV_DIGESTS
+     struct hash_op_data hash_op;
+-    char dummy_mac_key[HASH_MAX_LEN];
++    unsigned char dummy_mac_key[HASH_MAX_LEN];
+     unsigned char digest_res[HASH_MAX_LEN];
+-    char *mac_data;
++    unsigned char *mac_data;
+     int mac_len;
+ # endif
+ };
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch
new file mode 100644
index 0000000..916c47e
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch
@@ -0,0 +1,30 @@
+From 605210c8ae9241cad6c4ec071f5193bf3e83b2d4 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Mon, 8 Feb 2016 17:15:25 +0200
+Subject: [PATCH 39/48] cryptodev: explicitly discard const qualifier
+
+The const qualifier is discarded by the assignment as a result of how
+the variables are defined. This patch drops the const qualifier
+explicitly to avoid build errors.
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 4613d2d..2791ca3 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1592,7 +1592,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+      * cryptodev calls and accumulating small amounts of data
+      */
+     if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) {
+-        state->mac_data = data;
++        state->mac_data = (void *)data;
+         state->mac_len = count;
+     } else {
+         state->mac_data =
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch
new file mode 100644
index 0000000..2c61d9b
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch
@@ -0,0 +1,95 @@
+From 45429e5ea075867f9219a6fcb233677d062a4451 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Tue, 9 Feb 2016 11:28:23 +0200
+Subject: [PATCH 40/48] cryptodev: replace caddr_t with void *
+
+This avoids warnings such as "pointer targets in assignment differ in
+signedness" when compiling the code
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 2791ca3..f172173 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -460,8 +460,8 @@ static int get_cryptodev_ciphers(const int **cnids)
+         return (0);
+     }
+     memset(&sess, 0, sizeof(sess));
+-    sess.key = (caddr_t) "123456789abcdefghijklmno";
+-    sess.mackey = (caddr_t) "123456789ABCDEFGHIJKLMNO";
++    sess.key = (void *)"123456789abcdefghijklmno";
++    sess.mackey = (void *)"123456789ABCDEFGHIJKLMNO";
+ 
+     for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+         if (ciphers[i].nid == NID_undef)
+@@ -501,7 +501,7 @@ static int get_cryptodev_digests(const int **cnids)
+         return (0);
+     }
+     memset(&sess, 0, sizeof(sess));
+-    sess.mackey = (caddr_t) "123456789abcdefghijklmno";
++    sess.mackey = (void *)"123456789abcdefghijklmno";
+     for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+         if (digests[i].nid == NID_undef)
+             continue;
+@@ -633,14 +633,14 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+     cryp.ses = sess->ses;
+     cryp.flags = 0;
+     cryp.len = inl;
+-    cryp.src = (caddr_t) in;
+-    cryp.dst = (caddr_t) out;
++    cryp.src = (void *)in;
++    cryp.dst = (void *)out;
+     cryp.mac = 0;
+ 
+     cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+ 
+     if (ctx->cipher->iv_len) {
+-        cryp.iv = (caddr_t) ctx->iv;
++        cryp.iv = (void *)ctx->iv;
+         if (!ctx->encrypt) {
+             iiv = in + inl - ctx->cipher->iv_len;
+             memcpy(save_iv, iiv, ctx->cipher->iv_len);
+@@ -701,15 +701,15 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+     }
+     cryp.ses = sess->ses;
+     cryp.len = state->len;
+-    cryp.src = (caddr_t) in;
+-    cryp.dst = (caddr_t) out;
++    cryp.src = (void *)in;
++    cryp.dst = (void *)out;
+     cryp.auth_src = state->aad;
+     cryp.auth_len = state->aad_len;
+ 
+     cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+ 
+     if (ctx->cipher->iv_len) {
+-        cryp.iv = (caddr_t) ctx->iv;
++        cryp.iv = (void *)ctx->iv;
+         if (!ctx->encrypt) {
+             iiv = in + len - ctx->cipher->iv_len;
+             memcpy(save_iv, iiv, ctx->cipher->iv_len);
+@@ -761,7 +761,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+     if ((state->d_fd = get_dev_crypto()) < 0)
+         return (0);
+ 
+-    sess->key = (caddr_t) key;
++    sess->key = (void *)key;
+     sess->keylen = ctx->key_len;
+     sess->cipher = cipher;
+ 
+@@ -804,7 +804,7 @@ static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx,
+ 
+     memset(sess, 0, sizeof(struct session_op));
+ 
+-    sess->key = (caddr_t) key;
++    sess->key = (void *)key;
+     sess->keylen = ctx->key_len;
+     sess->cipher = cipher;
+ 
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
new file mode 100644
index 0000000..5525045
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
@@ -0,0 +1,49 @@
+From f10d471839dff079a23d79d1b4ecb3e3e6529283 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Mon, 8 Feb 2016 17:04:25 +0200
+Subject: [PATCH 41/48] cryptodev: check for errors inside
+ cryptodev_rsa_mod_exp
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 24 ++++++++++++++++++------
+ 1 file changed, 18 insertions(+), 6 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index f172173..695848d 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -2054,12 +2054,24 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+     kop.crk_status = 0;
+     kop.crk_op = CRK_MOD_EXP_CRT;
+     f_len = BN_num_bytes(rsa->n);
+-    spcf_bn2bin_ex(I, &f, &f_len);
+-    spcf_bn2bin(rsa->p, &p, &p_len);
+-    spcf_bn2bin(rsa->q, &q, &q_len);
+-    spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
+-    spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
+-    spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
++    if (spcf_bn2bin_ex(I, &f, &f_len) != 0) {
++        goto err;
++    }
++    if (spcf_bn2bin(rsa->p, &p, &p_len) != 0) {
++        goto err;
++    }
++    if (spcf_bn2bin(rsa->q, &q, &q_len) != 0) {
++        goto err;
++    }
++    if (spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len) != 0) {
++        goto err;
++    }
++    if (spcf_bn2bin_ex(rsa->iqmp, &c, &p_len) != 0) {
++        goto err;
++    }
++    if (spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len) != 0) {
++        goto err;
++    }
+     /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
+     kop.crk_param[0].crp_p = p;
+     kop.crk_param[0].crp_nbits = p_len * 8;
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
new file mode 100644
index 0000000..218accb
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
@@ -0,0 +1,69 @@
+From 402a2e4da471728fa537462d7a13aa35955cd6d8 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Tue, 9 Feb 2016 11:47:52 +0200
+Subject: [PATCH 42/48] cryptodev: check for errors inside
+ cryptodev_rsa_mod_exp_async
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 33 +++++++++++++++++++++++++--------
+ 1 file changed, 25 insertions(+), 8 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 695848d..8e84972 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -2109,25 +2109,42 @@ static int
+ cryptodev_rsa_mod_exp_async(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+                             BN_CTX *ctx, struct pkc_cookie_s *cookie)
+ {
+-    struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++    struct crypt_kop *kop;
+     int ret = 1, f_len, p_len, q_len;
+     unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq =
+         NULL, *c = NULL;
+ 
+-    if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp || !kop) {
++    if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+         return (0);
+     }
+ 
++    kop = malloc(sizeof(struct crypt_kop));
++    if (kop == NULL) {
++        goto err;
++    }
++
+     kop->crk_oparams = 0;
+     kop->crk_status = 0;
+     kop->crk_op = CRK_MOD_EXP_CRT;
+     f_len = BN_num_bytes(rsa->n);
+-    spcf_bn2bin_ex(I, &f, &f_len);
+-    spcf_bn2bin(rsa->p, &p, &p_len);
+-    spcf_bn2bin(rsa->q, &q, &q_len);
+-    spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
+-    spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
+-    spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
++    if (spcf_bn2bin_ex(I, &f, &f_len) != 0) {
++        goto err;
++    }
++    if (spcf_bn2bin(rsa->p, &p, &p_len) != 0) {
++        goto err;
++    }
++    if (spcf_bn2bin(rsa->q, &q, &q_len) != 0) {
++        goto err;
++    }
++    if (spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len) != 0) {
++        goto err;
++    }
++    if (spcf_bn2bin_ex(rsa->iqmp, &c, &p_len) != 0) {
++        goto err;
++    }
++    if (spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len) != 0) {
++        goto err;
++    }
+     /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
+     kop->crk_param[0].crp_p = p;
+     kop->crk_param[0].crp_nbits = p_len * 8;
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
new file mode 100644
index 0000000..931141d
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
@@ -0,0 +1,52 @@
+From c8a5f714d35c3bd63d2511ad69e0661a7d1d5dcd Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Tue, 9 Feb 2016 11:53:22 +0200
+Subject: [PATCH 43/48] cryptodev: check for errors inside
+ cryptodev_dh_compute_key
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 15 +++++++++++----
+ 1 file changed, 11 insertions(+), 4 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 8e84972..55b2047 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -4043,11 +4043,15 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+     memset(&kop, 0, sizeof kop);
+     kop.crk_op = CRK_DH_COMPUTE_KEY;
+     /* inputs: dh->priv_key pub_key dh->p key */
+-    spcf_bn2bin(dh->p, &p, &p_len);
+-    spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
+-    if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
++    if (spcf_bn2bin(dh->p, &p, &p_len) != 0) {
+         goto sw_try;
+-
++    }
++    if (spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len) != 0) {
++        goto sw_try;
++    }
++    if (bn2crparam(dh->priv_key, &kop.crk_param[0]) != 0) {
++        goto sw_try;
++    }
+     kop.crk_param[1].crp_p = padded_pub_key;
+     kop.crk_param[1].crp_nbits = p_len * 8;
+     kop.crk_param[2].crp_p = p;
+@@ -4074,10 +4078,13 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+     kop.crk_param[3].crp_p = NULL;
+     zapparams(&kop);
+     return (dhret);
++
+  sw_try:
+     {
+         const DH_METHOD *meth = DH_OpenSSL();
+ 
++        free(p);
++        free(padded_pub_key);
+         dhret = (meth->compute_key) (key, pub_key, dh);
+     }
+     return (dhret);
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
new file mode 100644
index 0000000..be99643
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
@@ -0,0 +1,76 @@
+From 42a1c45091ab7996c4411f3dd74539c908c63208 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Tue, 9 Feb 2016 11:53:33 +0200
+Subject: [PATCH 44/48] cryptodev: check for errors inside
+ cryptodev_dh_compute_key_async
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 29 +++++++++++++++++++++--------
+ 1 file changed, 21 insertions(+), 8 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 55b2047..e0f9d4b 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -4095,19 +4095,28 @@ static int
+ cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
+                                DH *dh, struct pkc_cookie_s *cookie)
+ {
+-    struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++    struct crypt_kop *kop;
+     int ret = 1;
+     int p_len;
+     unsigned char *padded_pub_key = NULL, *p = NULL;
+ 
++    kop = malloc(sizeof(struct crypt_kop));
++    if (kop == NULL) {
++        goto err;
++    }
++
+     memset(kop, 0, sizeof(struct crypt_kop));
+     kop->crk_op = CRK_DH_COMPUTE_KEY;
+     /* inputs: dh->priv_key pub_key dh->p key */
+-    spcf_bn2bin(dh->p, &p, &p_len);
+-    spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
+-
+-    if (bn2crparam(dh->priv_key, &kop->crk_param[0]))
++    if (spcf_bn2bin(dh->p, &p, &p_len) != 0) {
++        goto err;
++    }
++    if (spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len) != 0) {
+         goto err;
++    }
++    if (bn2crparam(dh->priv_key, &kop->crk_param[0]) != 0) {
++        goto err;
++    }
+     kop->crk_param[1].crp_p = padded_pub_key;
+     kop->crk_param[1].crp_nbits = p_len * 8;
+     kop->crk_param[2].crp_p = p;
+@@ -4119,16 +4128,20 @@ cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
+     kop->crk_param[3].crp_nbits = p_len * 8;
+     kop->crk_oparams = 1;
+ 
+-    if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
++    if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) {
+         goto err;
++    }
+ 
+     return p_len;
+  err:
+     {
+         const DH_METHOD *meth = DH_OpenSSL();
+-
+-        if (kop)
++        free(p);
++        free(padded_pub_key);
++        if (kop) {
+             free(kop);
++        }
++
+         ret = (meth->compute_key) (key, pub_key, dh);
+         /* Call user cookie handler */
+         cookie->pkc_callback(cookie, 0);
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch
new file mode 100644
index 0000000..11f1a54
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch
@@ -0,0 +1,38 @@
+From 528e4965e536d31cdccb11abe5e04db28a1008a8 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Tue, 9 Feb 2016 12:11:32 +0200
+Subject: [PATCH 45/48] cryptodev: change signature for conversion functions
+
+These functions are called with const BIGNUMs, so we change the
+signatures to avoid compilation warnings
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index e0f9d4b..3024a68 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -145,7 +145,7 @@ const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256;
+ const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256;
+ 
+-inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
++inline int spcf_bn2bin(const BIGNUM *bn, unsigned char **bin, int *bin_len)
+ {
+     int len;
+     unsigned char *p;
+@@ -167,7 +167,7 @@ inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
+     return 0;
+ }
+ 
+-inline int spcf_bn2bin_ex(BIGNUM *bn, unsigned char **bin, int *bin_len)
++inline int spcf_bn2bin_ex(const BIGNUM *bn, unsigned char **bin, int *bin_len)
+ {
+     int len;
+     unsigned char *p;
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch
new file mode 100644
index 0000000..e7a5aa3
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch
@@ -0,0 +1,26 @@
+From b27823ac9f460c96a72d9003e2e134c1288ac85f Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Tue, 9 Feb 2016 12:13:59 +0200
+Subject: [PATCH 46/48] cryptodev: add explicit cast for known BIGNUM values
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 3024a68..539be62 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -4014,7 +4014,7 @@ static int cryptodev_dh_keygen(DH *dh)
+     }
+ 
+     /* pub_key is or prime length while priv key is of length of order */
+-    if (cryptodev_asym(&kop, q_len, w, q_len, s))
++    if (cryptodev_asym(&kop, q_len, (BIGNUM *)w, q_len, (BIGNUM *)s))
+         goto sw_try;
+ 
+     dh->pub_key = BN_bin2bn(w, q_len, pub_key);
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch
new file mode 100644
index 0000000..2163998
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch
@@ -0,0 +1,28 @@
+From 596735ad86a3dae987e19c21ef22259179966fc6 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Mon, 8 Feb 2016 15:15:02 +0200
+Subject: [PATCH 47/48] cryptodev: treat all build warnings as errors
+
+This patch has the purpose of maintaining a higher level of code quality.
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypto/engine/Makefile b/crypto/engine/Makefile
+index 426388e..010f21d 100644
+--- a/crypto/engine/Makefile
++++ b/crypto/engine/Makefile
+@@ -10,7 +10,7 @@ CFLAG=-g
+ MAKEFILE=	Makefile
+ AR=		ar r
+ 
+-CFLAGS= $(INCLUDES) $(CFLAG)
++CFLAGS= -Wall -Werror $(INCLUDES) $(CFLAG)
+ 
+ GENERAL=Makefile
+ TEST= enginetest.c
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch
new file mode 100644
index 0000000..d7b84e6
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch
@@ -0,0 +1,29 @@
+From 116bd4f6f1ee5acdb997d414902d9646b24df1be Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at nxp.com>
+Date: Wed, 6 Apr 2016 15:22:58 +0300
+Subject: [PATCH 48/48] fix 'maclen is used uninitialized' warning on some
+ compilers
+
+Signed-off-by: Cristian Stoica <cristian.stoica at nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 539be62..35b71b0 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -905,6 +905,10 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
+                 maclen = SHA256_DIGEST_LENGTH;
+                 aad_needs_fix = true;
+                 break;
++            default:
++                fprintf(stderr, "%s: unsupported NID: %d\n",
++                        __func__, ctx->cipher->nid);
++                return -1;
+             }
+ 
+             /* Correct length for AAD Length field */
+-- 
+2.7.0
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/run-ptest b/recipes-connectivity/openssl/openssl-qoriq/run-ptest
new file mode 100755
index 0000000..3b20fce
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/run-ptest
@@ -0,0 +1,2 @@
+#!/bin/sh
+make -k runtest
diff --git a/recipes-connectivity/openssl/openssl-qoriq_1.0.1i.bb b/recipes-connectivity/openssl/openssl-qoriq_1.0.1i.bb
deleted file mode 100644
index 3b9d56e..0000000
--- a/recipes-connectivity/openssl/openssl-qoriq_1.0.1i.bb
+++ /dev/null
@@ -1,96 +0,0 @@
-require openssl-qoriq.inc
-
-# For target side versions of openssl enable support for cryptodev Linux driver
-# if they are available.
-DEPENDS_class-target += "cryptodev-linux"
-CFLAG_class-target += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
-
-export DIRS = "crypto ssl apps engines"
-export OE_LDFLAGS="${LDFLAGS}"
-
-SRC_URI += "file://configure-targets.patch \
-            file://shared-libs.patch \
-            file://oe-ldflags.patch \
-            file://engines-install-in-libdir-ssl.patch \
-            file://openssl-fix-link.patch \
-            file://debian/version-script.patch \
-            file://debian/pic.patch \
-            file://debian/c_rehash-compat.patch \
-            file://debian/ca.patch \
-            file://debian/make-targets.patch \
-            file://debian/no-rpath.patch \
-            file://debian/man-dir.patch \
-            file://debian/man-section.patch \
-            file://debian/no-symbolic.patch \
-            file://debian/debian-targets.patch \
-            file://openssl_fix_for_x32.patch \
-            file://fix-cipher-des-ede3-cfb1.patch \
-            file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
-            file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \
-            file://initial-aarch64-bits.patch \
-            file://find.pl \
-            file://openssl-fix-des.pod-error.patch \
-           "
-
-SRC_URI_append_class-target = "\
-	file://qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch \
-	file://qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch \
-	file://qoriq/0003-cryptodev-fix-algorithm-registration.patch \
-	file://qoriq/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch \
-	file://qoriq/0005-ECC-Support-header-for-Cryptodev-Engine.patch \
-	file://qoriq/0006-Fixed-private-key-support-for-DH.patch \
-	file://qoriq/0007-Fixed-private-key-support-for-DH.patch \
-	file://qoriq/0008-Initial-support-for-PKC-in-cryptodev-engine.patch \
-	file://qoriq/0009-Added-hwrng-dev-file-as-source-of-RNG.patch \
-	file://qoriq/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch \
-	file://qoriq/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch \
-	file://qoriq/0012-RSA-Keygen-Fix.patch \
-	file://qoriq/0013-Removed-local-copy-of-curve_t-type.patch \
-	file://qoriq/0014-Modulus-parameter-is-not-populated-by-dhparams.patch \
-	file://qoriq/0015-SW-Backoff-mechanism-for-dsa-keygen.patch \
-	file://qoriq/0016-Fixed-DH-keygen-pair-generator.patch \
-	file://qoriq/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch \
-	file://qoriq/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch \
-	file://qoriq/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch \
-	file://qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch \
-	file://qoriq/0021-cryptodev-drop-redundant-function.patch \
-	file://qoriq/0022-cryptodev-do-not-zero-the-buffer-before-use.patch \
-	file://qoriq/0023-cryptodev-clean-up-code-layout.patch \
-	file://qoriq/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch \
-	file://qoriq/0025-cryptodev-put_dev_crypto-should-be-an-int.patch \
-	file://qoriq/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch \
-"
-
-SRC_URI[md5sum] = "c8dc151a671b9b92ff3e4c118b174972"
-SRC_URI[sha256sum] = "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7"
-
-PACKAGES =+ " \
-        ${PN}-engines-dbg \
-        ${PN}-engines \
-"
-
-FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
-FILES_${PN}-engines-dbg = "${libdir}/engines/.debug ${libdir}/ssl/engines/.debug"
-
-PARALLEL_MAKE = ""
-PARALLEL_MAKEINST = ""
-
-# Digest offloading through cryptodev is not recommended because of the
-# performance penalty of the Openssl engine interface. Openssl generates a huge
-# number of calls to digest functions for even a small amount of work data.
-# For example there are 70 calls to cipher code and over 10000 to digest code
-# when downloading only 10 files of 700 bytes each.
-# Do not build OpenSSL with cryptodev digest support until engine digest
-# interface gets some rework:
-CFLAG_class-target := "${@'${CFLAG}'.replace('-DUSE_CRYPTODEV_DIGESTS', '')}"
-
-do_configure_prepend() {
-  cp ${WORKDIR}/find.pl ${S}/util/find.pl
-}
-
-
-RDEPENDS_${PN}_class-target += "cryptodev-module"
-
-COMPATIBLE_MACHINE = "(qoriq)"
diff --git a/recipes-connectivity/openssl/openssl-qoriq_1.0.2h.bb b/recipes-connectivity/openssl/openssl-qoriq_1.0.2h.bb
new file mode 100644
index 0000000..deb4fd7
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq_1.0.2h.bb
@@ -0,0 +1,111 @@
+require openssl-qoriq.inc
+
+DISABLE_STATIC = ""
+RRECOMMENDS_libcrypto += "cryptodev-module"
+COMPATIBLE_MACHINE = "(qoriq)"
+
+# For target side versions of openssl enable support for OCF Linux driver
+# if they are available.
+DEPENDS += "cryptodev-linux"
+
+CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"
+
+export DIRS = "crypto ssl apps engines"
+export OE_LDFLAGS="${LDFLAGS}"
+
+SRC_URI += "file://find.pl;subdir=${BP}/util/ \
+            file://run-ptest \
+            file://openssl-c_rehash.sh \
+            file://configure-targets.patch \
+            file://shared-libs.patch \
+            file://oe-ldflags.patch \
+            file://engines-install-in-libdir-ssl.patch \
+            file://debian1.0.2/block_diginotar.patch \
+            file://debian1.0.2/block_digicert_malaysia.patch \
+            file://debian/ca.patch \
+            file://debian/c_rehash-compat.patch \
+            file://debian/debian-targets.patch \
+            file://debian/man-dir.patch \
+            file://debian/man-section.patch \
+            file://debian/no-rpath.patch \
+            file://debian/no-symbolic.patch \
+            file://debian/pic.patch \
+            file://debian1.0.2/version-script.patch \
+            file://openssl_fix_for_x32.patch \
+            file://fix-cipher-des-ede3-cfb1.patch \
+            file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
+            file://openssl-fix-des.pod-error.patch \
+            file://Makefiles-ptest.patch \
+            file://ptest-deps.patch \
+            file://openssl-1.0.2a-x32-asm.patch \
+            file://ptest_makefile_deps.patch  \
+            file://configure-musl-target.patch \
+            file://parallel.patch \
+           "
+SRC_URI += "file://0001-remove-double-initialization-of-cryptodev-engine.patch \
+	file://0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch \
+	file://0003-cryptodev-fix-algorithm-registration.patch \
+	file://0004-ECC-Support-header-for-Cryptodev-Engine.patch \
+	file://0005-Initial-support-for-PKC-in-cryptodev-engine.patch \
+	file://0006-Added-hwrng-dev-file-as-source-of-RNG.patch \
+	file://0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch \
+	file://0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch \
+	file://0009-RSA-Keygen-Fix.patch \
+	file://0010-Removed-local-copy-of-curve_t-type.patch \
+	file://0011-Modulus-parameter-is-not-populated-by-dhparams.patch \
+	file://0012-SW-Backoff-mechanism-for-dsa-keygen.patch \
+	file://0013-Fixed-DH-keygen-pair-generator.patch \
+	file://0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch \
+	file://0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch \
+	file://0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch \
+	file://0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch \
+	file://0018-cryptodev-drop-redundant-function.patch \
+	file://0019-cryptodev-do-not-zero-the-buffer-before-use.patch \
+	file://0020-cryptodev-clean-up-code-layout.patch \
+	file://0021-cryptodev-do-not-cache-file-descriptor-in-open.patch \
+	file://0022-cryptodev-put_dev_crypto-should-be-an-int.patch \
+	file://0023-cryptodev-simplify-cryptodev-pkc-support-code.patch \
+	file://0024-cryptodev-clarify-code-remove-assignments-from-condi.patch \
+	file://0025-cryptodev-clean-up-context-state-before-anything-els.patch \
+	file://0026-cryptodev-remove-code-duplication-in-digest-operatio.patch \
+	file://0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch \
+	file://0028-cryptodev-fix-debug-print-messages.patch \
+	file://0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch \
+	file://0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch \
+	file://0031-cryptodev-remove-not-used-local-variables.patch \
+	file://0032-cryptodev-hide-not-used-variable-behind-ifndef.patch \
+	file://0033-cryptodev-fix-function-declaration-typo.patch \
+	file://0034-cryptodev-fix-incorrect-function-signature.patch \
+	file://0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch \
+	file://0036-cryptodev-fix-free-on-error-path.patch \
+	file://0037-cryptodev-fix-return-value-on-error.patch \
+	file://0038-cryptodev-match-types-with-cryptodev.h.patch \
+	file://0039-cryptodev-explicitly-discard-const-qualifier.patch \
+	file://0040-cryptodev-replace-caddr_t-with-void.patch \
+	file://0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch \
+	file://0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch \
+	file://0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch \
+	file://0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch \
+	file://0045-cryptodev-change-signature-for-conversion-functions.patch \
+	file://0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch \
+	file://0047-cryptodev-treat-all-build-warnings-as-errors.patch \
+	file://0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch \
+"
+
+SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0"
+SRC_URI[sha256sum] = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919"
+
+PACKAGES =+ "${PN}-engines"
+FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
+
+# The crypto_use_bigint patch means that perl's bignum module needs to be
+# installed, but some distributions (for example Fedora 23) don't ship it by
+# default.  As the resulting error is very misleading check for bignum before
+# building.
+do_configure_prepend() {
+	if ! perl -Mbigint -e true; then
+		bbfatal "The perl module 'bignum' was not found but this is required to build openssl.  Please install this module (often packaged as perl-bignum) and re-run bitbake."
+	fi
+}
-- 
1.9.2



More information about the meta-freescale mailing list