95 files changed, 13912 insertions, 6933 deletions
diff --git a/recipes-connectivity/openssl/openssl-qoriq.inc b/recipes-connectivity/openssl/openssl-qoriq.inc
index faccb080d..8c8c03652 100644
--- a/recipes-connectivity/openssl/openssl-qoriq.inc
+++ b/recipes-connectivity/openssl/openssl-qoriq.inc
@@ -8,6 +8,9 @@ SECTION = "libs/network"
 LICENSE = "openssl"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
+DEPENDS = "hostperl-runtime-native"
+DEPENDS_append_class-target = " openssl-native"
 PROVIDES = "openssl"
 python() {
@@ -19,8 +22,6 @@ python() {
            d.appendVar("RREPLACES_%s" % p, p.replace('openssl-qoriq', 'openssl'))
 }
-DEPENDS = "perl-native-runtime"
 SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
          "
 S = "${WORKDIR}/openssl-${PV}"
@@ -28,37 +29,39 @@ S = "${WORKDIR}/openssl-${PV}"
 PACKAGECONFIG[perl] = ",,,"
 AR_append = " r"
+TERMIO_libc-musl = "-DTERMIOS"
+TERMIO ?= "-DTERMIO"
 # Avoid binaries being marked as requiring an executable stack since it 
 # doesn't(which causes and this causes issues with SELinux
 CFLAG = "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
-        -DTERMIO ${CFLAGS} -Wall -Wa,--noexecstack"
+         ${TERMIO} ${CFLAGS} -Wall -Wa,--noexecstack"
-# -02 does not work on mipsel: ssh hangs when it tries to read /dev/urandom
-CFLAG_mtx-1 := "${@'${CFLAG}'.replace('-O2', '')}"
-CFLAG_mtx-2 := "${@'${CFLAG}'.replace('-O2', '')}"
 export DIRS = "crypto ssl apps"
 export EX_LIBS = "-lgcc -ldl"
 export AS = "${CC} -c"
 EXTRA_OEMAKE = "-e MAKEFLAGS="
-inherit pkgconfig siteinfo multilib_header
+inherit pkgconfig siteinfo multilib_header ptest
-PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf"
+PACKAGES =+ "libcrypto libssl ${PN}-misc ${PN}-conf"
-FILES_libcrypto = "${base_libdir}/libcrypto${SOLIBS}"
+FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
-FILES_libssl = "${libdir}/libssl.so.*"
+FILES_libssl = "${libdir}/libssl${SOLIBS}"
 FILES_${PN} =+ " ${libdir}/ssl/*"
-FILES_${PN}-misc = "${libdir}/ssl/misc ${bindir}/c_rehash"
+FILES_${PN}-misc = "${libdir}/ssl/misc"
 RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}"
-FILES_${PN}-dev += "${base_libdir}/libcrypto${SOLIBSDEV}"
 # Add the openssl.cnf file to the openssl-conf package.  Make the libcrypto
 # package RRECOMMENDS on this package.  This will enable the configuration
 # file to be installed for both the base openssl package and the libcrypto
 # package since the base openssl package depends on the libcrypto package.
-FILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
+FILES_${PN}-conf = "${sysconfdir}/ssl/openssl.cnf"
-CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
+CONFFILES_${PN}-conf = "${sysconfdir}/ssl/openssl.cnf"
-RRECOMMENDS_libcrypto += "openssl-conf"
+RRECOMMENDS_libcrypto += "${PN}-conf"
+RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
+# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
+# vulnerability
+EXTRA_OECONF = " -no-ssl3"
 do_configure_prepend_darwin () {
        sed -i -e '/version-script=openssl\.ld/d' Configure
@@ -71,17 +74,18 @@ do_configure () {
        ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
        os=${HOST_OS}
-        if [ "x$os" = "xlinux-uclibc" ]; then
+        case $os in
-                os=linux
+        linux-uclibc |\
-        elif [ "x$os" = "xlinux-uclibceabi" ]; then
+        linux-uclibceabi |\
-                os=linux
+        linux-gnueabi |\
-        elif [ "x$os" = "xlinux-uclibcspe" ]; then
+        linux-uclibcspe |\
-                os=linux
+        linux-gnuspe |\
-        elif [ "x$os" = "xlinux-gnuspe" ]; then
+        linux-musl*)
                os=linux
-        elif [ "x$os" = "xlinux-gnueabi" ]; then
+                ;;
-                os=linux
+                *)
-        fi
+                ;;
+        esac
        target="$os-${HOST_ARCH}"
        case $target in
        linux-arm)
@@ -91,7 +95,7 @@ do_configure () {
                target=linux-elf-armeb
                ;;
        linux-aarch64*)
-                target=linux-generic64
+                target=linux-aarch64
                ;;
        linux-sh3)
                target=debian-sh3
@@ -120,9 +124,12 @@ do_configure () {
        linux-mipsel)
                target=debian-mipsel
                ;;
-        linux-*-mips64)
+        linux-*-mips64 | linux-mips64)
               target=linux-mips
                ;;
+        linux-microblaze*|linux-nios2*)
+                target=linux-generic32
+                ;;
        linux-powerpc)
                target=linux-ppc
                ;;
@@ -145,40 +152,80 @@ do_configure () {
        if [ "x$useprefix" = "x" ]; then
                useprefix=/
        fi        
-        perl ./Configure shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target
+        perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target
+}
+do_compile_prepend_class-target () {
+    sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
 }
 do_compile () {
        oe_runmake
 }
+do_compile_ptest () {
+        oe_runmake buildtest
+}
 do_install () {
+        # Create ${D}/${prefix} to fix parallel issues
+        mkdir -p ${D}/${prefix}/
        oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install
        oe_libinstall -so libcrypto ${D}${libdir}
        oe_libinstall -so libssl ${D}${libdir}
-        # Moving libcrypto to /lib
-        if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then
-                mkdir -p ${D}/${base_libdir}/
-                mv ${D}${libdir}/libcrypto* ${D}${base_libdir}/
-                sed -i s#libdir=\$\{exec_prefix\}\/lib#libdir=${base_libdir}# ${D}/${libdir}/pkgconfig/libcrypto.pc
-        fi
        install -d ${D}${includedir}
        cp --dereference -R include/openssl ${D}${includedir}
+        install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
+        sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
        oe_multilib_header openssl/opensslconf.h
        if [ "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then
-                install -m 0755 ${S}/tools/c_rehash ${D}${bindir}
-                sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${bindir}/c_rehash
                sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
                sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
-                # The c_rehash utility isn't installed by the normal installation process.
        else
-                rm -f ${D}${bindir}/c_rehash
                rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
        fi
+        # Create SSL structure
+        install -d ${D}${sysconfdir}/ssl/
+        mv ${D}${libdir}/ssl/openssl.cnf \
+           ${D}${libdir}/ssl/certs \
+           ${D}${libdir}/ssl/private \
+           \
+           ${D}${sysconfdir}/ssl/
+        ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs
+        ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private
+        ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf
+}
+do_install_ptest () {
+        cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH}
+        cp Configure config e_os.h ${D}${PTEST_PATH}
+        cp -r -L include ${D}${PTEST_PATH}
+        ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH}
+        ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH}
+        mkdir -p ${D}${PTEST_PATH}/crypto
+        cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto
+        cp -r certs ${D}${PTEST_PATH}
+        mkdir -p ${D}${PTEST_PATH}/apps
+        ln -sf ${libdir}/ssl/misc/CA.sh  ${D}${PTEST_PATH}/apps
+        ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
+        ln -sf ${bindir}/openssl         ${D}${PTEST_PATH}/apps
+        cp apps/server2.pem             ${D}${PTEST_PATH}/apps
+        mkdir -p ${D}${PTEST_PATH}/util
+        install util/opensslwrap.sh    ${D}${PTEST_PATH}/util
+        install util/shlib_wrap.sh     ${D}${PTEST_PATH}/util
+}
+do_install_append_class-native() {
+        create_wrapper ${D}${bindir}/openssl \
+            OPENSSL_CONF=${libdir}/ssl/openssl.cnf \
+            SSL_CERT_DIR=${libdir}/ssl/certs \
+            SSL_CERT_FILE=${libdir}/ssl/cert.pem \
+            OPENSSL_ENGINES=${libdir}/ssl/engines
 }
-BBCLASSEXTEND = "native nativesdk"
diff --git a/recipes-connectivity/openssl/openssl-qoriq/Makefiles-ptest.patch b/recipes-connectivity/openssl/openssl-qoriq/Makefiles-ptest.patch
new file mode 100644
index 000000000..249446a5b
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/Makefiles-ptest.patch
@@ -0,0 +1,77 @@
+Add 'buildtest' and 'runtest' targets to Makefile, to build and run tests
+cross-compiled.
+Signed-off-by: Anders Roxell <anders.roxell@enea.com>
+Signed-off-by: Maxin B. John <maxin.john@enea.com>
+Upstream-Status: Pending
+---
+Index: openssl-1.0.2/Makefile.org
+===================================================================
+--- openssl-1.0.2.orig/Makefile.org
+++ openssl-1.0.2/Makefile.org
+@@ -451,8 +451,16 @@ rehash.time: certs apps
+ test:   tests
+ 
+ tests: rehash
+       $(MAKE) buildtest
+       $(MAKE) runtest
+
+buildtest:
+       @(cd test && \
+       $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf exe apps);
+
+runtest:
+        @(cd test && echo "testing..." && \
+-       $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
+       $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf alltests );
+        OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
+ 
+ report:
+Index: openssl-1.0.2/test/Makefile
+===================================================================
+--- openssl-1.0.2.orig/test/Makefile
+++ openssl-1.0.2/test/Makefile
+@@ -137,7 +137,7 @@ tests:      exe apps $(TESTS)
+ apps:
+        @(cd ..; $(MAKE) DIRS=apps all)
+ 
+-alltests: \
+all-tests= \
+        test_des test_idea test_sha test_md4 test_md5 test_hmac \
+        test_md2 test_mdc2 test_wp \
+        test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
+@@ -148,6 +148,11 @@ alltests: \
+        test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \
+        test_constant_time
+ 
+alltests:
+       @(for i in $(all-tests); do \
+       ( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \
+       done)
+
+ test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
+        ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
+ 
+@@ -213,7 +218,7 @@ test_x509: ../apps/openssl$(EXE_EXT) tx5
+        echo test second x509v3 certificate
+        sh ./tx509 v3-cert2.pem 2>/dev/null
+ 
+-test_rsa: $(RSATEST)$(EXE_EXT) ../apps/openssl$(EXE_EXT) trsa testrsa.pem
+test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem
+        @sh ./trsa 2>/dev/null
+        ../util/shlib_wrap.sh ./$(RSATEST)
+ 
+@@ -313,11 +318,11 @@ test_tsa: ../apps/openssl$(EXE_EXT) test
+          sh ./testtsa; \
+        fi
+ 
+-test_ige: $(IGETEST)$(EXE_EXT)
+test_ige:
+        @echo "Test IGE mode"
+        ../util/shlib_wrap.sh ./$(IGETEST)
+ 
+-test_jpake: $(JPAKETEST)$(EXE_EXT)
+test_jpake:
+        @echo "Test JPAKE"
+        ../util/shlib_wrap.sh ./$(JPAKETEST)
+ 
diff --git a/recipes-connectivity/openssl/openssl-qoriq/configure-musl-target.patch b/recipes-connectivity/openssl/openssl-qoriq/configure-musl-target.patch
new file mode 100644
index 000000000..613dc7b71
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/configure-musl-target.patch
@@ -0,0 +1,27 @@
+Add musl triplet support
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Index: openssl-1.0.2a/Configure
+===================================================================
+--- openssl-1.0.2a.orig/Configure
+++ openssl-1.0.2a/Configure
+@@ -431,7 +431,7 @@ my %table=(
+ #
+ #       ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8
+ #
+-"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ # Configure script adds minimally required -march for assembly support,
+ # if no -march was specified at command line. mips32 and mips64 below
+@@ -504,6 +504,8 @@ my %table=(
+ "linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-musleabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-musleabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ 
+ "linux-avr32","$ENV{'CC'}:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
+ 
diff --git a/recipes-connectivity/openssl/openssl-qoriq/configure-targets.patch b/recipes-connectivity/openssl/openssl-qoriq/configure-targets.patch
index c1f3d0878..691e74afb 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/configure-targets.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/configure-targets.patch
@@ -7,28 +7,31 @@ The number of colons are important :)
 Configure |   16 ++++++++++++++++
 1 file changed, 16 insertions(+)
--- a/Configure
+Index: openssl-1.0.2a/Configure
-+++ b/Configure
+===================================================================
-@@ -403,6 +403,22 @@ my %table=(
+--- openssl-1.0.2a.orig/Configure
- "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+++ openssl-1.0.2a/Configure
- "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+@@ -443,6 +443,23 @@ my %table=(
+ "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+ "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
 
-+ # Linux on ARM
+ 
-+"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# Linux on ARM
-+"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +
-+"linux-avr32","$ENV{'CC'}:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
+"linux-avr32","$ENV{'CC'}:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
 +
 +#### Linux on MIPS/MIPS64
-+"linux-mips","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-mips","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +
- # Android: linux-* but without -DTERMIO and pointers to headers and libs.
+ # Android: linux-* but without pointers to headers and libs.
 "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/recipes-connectivity/openssl/openssl-qoriq/crypto_use_bigint_in_x86-64_perl.patch b/recipes-connectivity/openssl/openssl-qoriq/crypto_use_bigint_in_x86-64_perl.patch
new file mode 100644
index 000000000..4f81d85de
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/crypto_use_bigint_in_x86-64_perl.patch
@@ -0,0 +1,35 @@
+Upstream-Status: Backport
+When building on x32 systems where the default type is 32bit, make sure
+we can transparently represent 64bit integers.  Otherwise we end up with
+build errors like:
+/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s
+Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890.
+...
+ghash-x86_64.s: Assembler messages:
+ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression
+We don't enable this globally as there are some cases where we'd get
+32bit values interpreted as unsigned when we need them as signed.
+Reported-by: Bertrand Jacquin <bertrand@jacquin.bzh>
+URL: https://bugs.gentoo.org/542618
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+Index: openssl-1.0.2a/crypto/perlasm/x86_64-xlate.pl
+===================================================================
+--- openssl-1.0.2a.orig/crypto/perlasm/x86_64-xlate.pl
+++ openssl-1.0.2a/crypto/perlasm/x86_64-xlate.pl
+@@ -194,7 +194,10 @@ my %globals;
+     }
+     sub out {
+        my $self = shift;
+-
+       # When building on x32 ABIs, the expanded hex value might be too
+       # big to fit into 32bits. Enable transparent 64bit support here
+       # so we can safely print it out.
+       use bigint;
+        if ($gas) {
+            # Solaris /usr/ccs/bin/as can't handle multiplications
+            # in $self->{value}
diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian/c_rehash-compat.patch b/recipes-connectivity/openssl/openssl-qoriq/debian/c_rehash-compat.patch
index ac1b19b94..68e54d561 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/debian/c_rehash-compat.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/debian/c_rehash-compat.patch
@@ -1,38 +1,54 @@
-Upstream-Status: Backport [debian]
 From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001
 From: Ludwig Nussel <ludwig.nussel@suse.de>
 Date: Wed, 21 Apr 2010 15:52:10 +0200
 Subject: [PATCH] also create old hash for compatibility
---
+Upstream-Status: Backport [debian]
- tools/c_rehash.in |    8 +++++++-
- 1 files changed, 7 insertions(+), 1 deletions(-)
-Index: openssl-1.0.0d/tools/c_rehash.in
+diff --git a/tools/c_rehash.in b/tools/c_rehash.in
-===================================================================
+index b086ff9..b777d79 100644
--- openssl-1.0.0d.orig/tools/c_rehash.in       2011-04-13 20:41:28.000000000 +0000
+--- a/tools/c_rehash.in
-+++ openssl-1.0.0d/tools/c_rehash.in    2011-04-13 20:41:28.000000000 +0000
+++ b/tools/c_rehash.in
-@@ -86,6 +86,7 @@
+@@ -8,8 +8,6 @@ my $prefix;
-                        }
+ 
+ my $openssl = $ENV{OPENSSL} || "openssl";
+ my $pwd;
+-my $x509hash = "-subject_hash";
+-my $crlhash = "-hash";
+ my $verbose = 0;
+ my $symlink_exists=eval {symlink("",""); 1};
+ my $removelinks = 1;
+@@ -18,10 +16,7 @@ my $removelinks = 1;
+ while ( $ARGV[0] =~ /^-/ ) {
+     my $flag = shift @ARGV;
+     last if ( $flag eq '--');
+-    if ( $flag eq '-old') {
+-           $x509hash = "-subject_hash_old";
+-           $crlhash = "-hash_old";
+-    } elsif ( $flag eq '-h') {
+    if ( $flag eq '-h') {
+            help();
+     } elsif ( $flag eq '-n' ) {
+            $removelinks = 0;
+@@ -113,7 +108,9 @@ sub hash_dir {
+                        next;
                }
                link_hash_cert($fname) if($cert);
 +               link_hash_cert_old($fname) if($cert);
                link_hash_crl($fname) if($crl);
+               link_hash_crl_old($fname) if($crl);
        }
 }
-@@ -119,8 +120,9 @@
+ 
+@@ -146,6 +143,7 @@ sub check_file {
 
 sub link_hash_cert {
                my $fname = $_[0];
-+               my $hashopt = $_[1] || '-subject_hash';
+               my $x509hash = $_[1] || '-subject_hash';
                $fname =~ s/'/'\\''/g;
-               my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`;
+                my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
-+               my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$fname"`;
                chomp $hash;
-                chomp $fprint;
+@@ -176,11 +174,21 @@ sub link_hash_cert {
-                $fprint =~ s/^.*=//;
-@@ -150,6 +152,10 @@
                $hashlist{$hash} = $fprint;
 }
 
@@ -40,6 +56,16 @@ Index: openssl-1.0.0d/tools/c_rehash.in
 +               link_hash_cert($_[0], '-subject_hash_old');
 +}
 +
+sub link_hash_crl_old {
+               link_hash_crl($_[0], '-hash_old');
+}
+
+
 # Same as above except for a CRL. CRL links are of the form <hash>.r<n>
 
 sub link_hash_crl {
+                my $fname = $_[0];
+               my $crlhash = $_[1] || "-hash";
+                $fname =~ s/'/'\\''/g;
+                my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
+                chomp $hash;
diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian/debian-targets.patch b/recipes-connectivity/openssl/openssl-qoriq/debian/debian-targets.patch
index 8101edf0b..39d432818 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/debian/debian-targets.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/debian/debian-targets.patch
@@ -1,12 +1,12 @@
 Upstream-Status: Backport [debian]
-Index: openssl-1.0.1/Configure
+Index: openssl-1.0.2/Configure
 ===================================================================
--- openssl-1.0.1.orig/Configure        2012-03-17 15:37:54.000000000 +0000
+--- openssl-1.0.2.orig/Configure
-+++ openssl-1.0.1/Configure     2012-03-17 16:13:49.000000000 +0000
+++ openssl-1.0.2/Configure
-@@ -105,6 +105,10 @@
+@@ -107,6 +107,10 @@ my $gcc_devteam_warn = "-Wall -pedantic
 
- my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
+ my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum";
 
 +# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS
 +my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall";
@@ -15,7 +15,7 @@ Index: openssl-1.0.1/Configure
 my $strict_warnings = 0;
 
 my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
-@@ -338,6 +342,48 @@
+@@ -343,6 +347,55 @@ my %table=(
 "osf1-alpha-cc",  "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
 "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
 
@@ -23,9 +23,9 @@ Index: openssl-1.0.1/Configure
 +"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-armeb","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-arm64","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
 +"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -40,15 +40,21 @@ Index: openssl-1.0.1/Configure
 +"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-mips",   "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-mipsel",   "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-mipsn32",   "mips64-linux-gnuabin32-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-mipsn32el",   "mips64el-linux-gnuabin32-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-mips64",   "mips64-linux-gnuabi64-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-mips64el",   "mips64el-linux-gnuabi64-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-netbsd-i386",  "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-netbsd-m68k",  "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-openbsd-i386",  "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-or1k", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-ppc64el","gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
 +"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-sh3",   "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -60,6 +66,7 @@ Index: openssl-1.0.1/Configure
 +"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-x32","gcc:-mx32 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
 +
 ####
 #### Variety of LINUX:-)
diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian/make-targets.patch b/recipes-connectivity/openssl/openssl-qoriq/debian/make-targets.patch
deleted file mode 100644
index ee0a62c3c..000000000
--- a/recipes-connectivity/openssl/openssl-qoriq/debian/make-targets.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Upstream-Status: Backport [debian]
-Index: openssl-1.0.1/Makefile.org
-===================================================================
--- openssl-1.0.1.orig/Makefile.org     2012-03-17 09:41:07.000000000 +0000
-+++ openssl-1.0.1/Makefile.org  2012-03-17 09:41:21.000000000 +0000
-@@ -135,7 +135,7 @@
- 
- BASEADDR=
- 
-DIRS=   crypto ssl engines apps test tools
-+DIRS=   crypto ssl engines apps tools
- ENGDIRS= ccgost
- SHLIBDIRS= crypto ssl
- 
diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian/version-script.patch b/recipes-connectivity/openssl/openssl-qoriq/debian/version-script.patch
index ece8b9b46..a24918000 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/debian/version-script.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/debian/version-script.patch
@@ -1,10 +1,8 @@
-Upstream-Status: Backport [debian]
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure
-Index: openssl-1.0.1d/Configure
 ===================================================================
--- openssl-1.0.1d.orig/Configure       2013-02-06 19:41:43.000000000 +0100
+--- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure      2014-02-24 21:02:30.000000000 +0100
-+++ openssl-1.0.1d/Configure    2013-02-06 19:41:43.000000000 +0100
+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure   2014-02-24 21:02:30.000000000 +0100
-@@ -1621,6 +1621,8 @@
+@@ -1651,6 +1651,8 @@
                }
        }
 
@@ -13,11 +11,11 @@ Index: openssl-1.0.1d/Configure
 open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
 unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
 open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
-Index: openssl-1.0.1d/openssl.ld
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
 ===================================================================
 --- /dev/null   1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.1d/openssl.ld   2013-02-06 19:44:25.000000000 +0100
+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld  2014-02-24 22:19:08.601827266 +0100
-@@ -0,0 +1,4620 @@
+@@ -0,0 +1,4615 @@
 +OPENSSL_1.0.0 {
 +       global:
 +               BIO_f_ssl;
@@ -2229,20 +2227,16 @@ Index: openssl-1.0.1d/openssl.ld
 +               ERR_load_COMP_strings;
 +               PKCS12_item_decrypt_d2i;
 +               ASN1_UTF8STRING_it;
-+               ASN1_UTF8STRING_it;
 +               ENGINE_unregister_ciphers;
 +               ENGINE_get_ciphers;
 +               d2i_OCSP_BASICRESP;
 +               KRB5_CHECKSUM_it;
-+               KRB5_CHECKSUM_it;
 +               EC_POINT_add;
 +               ASN1_item_ex_i2d;
 +               OCSP_CERTID_it;
-+               OCSP_CERTID_it;
 +               d2i_OCSP_RESPBYTES;
 +               X509V3_add1_i2d;
 +               PKCS7_ENVELOPE_it;
-+               PKCS7_ENVELOPE_it;
 +               UI_add_input_boolean;
 +               ENGINE_unregister_RSA;
 +               X509V3_EXT_nconf;
@@ -2254,19 +2248,15 @@ Index: openssl-1.0.1d/openssl.ld
 +               ENGINE_register_all_RAND;
 +               ENGINE_load_dynamic;
 +               PBKDF2PARAM_it;
-+               PBKDF2PARAM_it;
 +               EXTENDED_KEY_USAGE_new;
 +               EC_GROUP_clear_free;
 +               OCSP_sendreq_bio;
 +               ASN1_item_digest;
 +               OCSP_BASICRESP_delete_ext;
 +               OCSP_SIGNATURE_it;
-+               OCSP_SIGNATURE_it;
-+               X509_CRL_it;
 +               X509_CRL_it;
 +               OCSP_BASICRESP_add_ext;
 +               KRB5_ENCKEY_it;
-+               KRB5_ENCKEY_it;
 +               UI_method_set_closer;
 +               X509_STORE_set_purpose;
 +               i2d_ASN1_GENERALSTRING;
@@ -2277,7 +2267,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               OCSP_REQUEST_get_ext_by_OBJ;
 +               _ossl_old_des_random_key;
 +               ASN1_T61STRING_it;
-+               ASN1_T61STRING_it;
 +               EC_GROUP_method_of;
 +               i2d_KRB5_APREQ;
 +               _ossl_old_des_encrypt;
@@ -2293,7 +2282,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               OCSP_SINGLERESP_get_ext_count;
 +               UI_ctrl;
 +               _shadow_DES_rw_mode;
-+               _shadow_DES_rw_mode;
 +               asn1_do_adb;
 +               ASN1_template_i2d;
 +               ENGINE_register_DH;
@@ -2307,8 +2295,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               KRB5_ENCKEY_free;
 +               OCSP_resp_get0;
 +               GENERAL_NAME_it;
-+               GENERAL_NAME_it;
-+               ASN1_GENERALIZEDTIME_it;
 +               ASN1_GENERALIZEDTIME_it;
 +               X509_STORE_set_flags;
 +               EC_POINT_set_compressed_coordinates_GFp;
@@ -2330,21 +2316,18 @@ Index: openssl-1.0.1d/openssl.ld
 +               EC_POINT_set_affine_coords_GFp;
 +               _ossl_old_des_options;
 +               SXNET_it;
-+               SXNET_it;
 +               UI_dup_input_boolean;
 +               PKCS12_add_CSPName_asc;
 +               EC_POINT_is_at_infinity;
 +               ENGINE_load_cryptodev;
 +               DSO_convert_filename;
 +               POLICYQUALINFO_it;
-+               POLICYQUALINFO_it;
 +               ENGINE_register_ciphers;
 +               BN_mod_lshift_quick;
 +               DSO_set_filename;
 +               ASN1_item_free;
 +               KRB5_TKTBODY_free;
 +               AUTHORITY_KEYID_it;
-+               AUTHORITY_KEYID_it;
 +               KRB5_APREQBODY_new;
 +               X509V3_EXT_REQ_add_nconf;
 +               ENGINE_ctrl_cmd_string;
@@ -2352,19 +2335,15 @@ Index: openssl-1.0.1d/openssl.ld
 +               EVP_MD_CTX_init;
 +               EXTENDED_KEY_USAGE_free;
 +               PKCS7_ATTR_SIGN_it;
-+               PKCS7_ATTR_SIGN_it;
 +               UI_add_error_string;
 +               KRB5_CHECKSUM_free;
 +               OCSP_REQUEST_get_ext;
 +               ENGINE_load_ubsec;
 +               ENGINE_register_all_digests;
 +               PKEY_USAGE_PERIOD_it;
-+               PKEY_USAGE_PERIOD_it;
 +               PKCS12_unpack_authsafes;
 +               ASN1_item_unpack;
 +               NETSCAPE_SPKAC_it;
-+               NETSCAPE_SPKAC_it;
-+               X509_REVOKED_it;
 +               X509_REVOKED_it;
 +               ASN1_STRING_encode;
 +               EVP_aes_128_ecb;
@@ -2376,7 +2355,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               UI_dup_info_string;
 +               _ossl_old_des_xwhite_in2out;
 +               PKCS12_it;
-+               PKCS12_it;
 +               OCSP_SINGLERESP_get_ext_by_critical;
 +               OCSP_SINGLERESP_get_ext_by_crit;
 +               OCSP_CERTSTATUS_free;
@@ -2395,10 +2373,8 @@ Index: openssl-1.0.1d/openssl.ld
 +               ENGINE_unregister_DSA;
 +               _ossl_old_des_key_sched;
 +               X509_EXTENSION_it;
-+               X509_EXTENSION_it;
 +               i2d_KRB5_AUTHENT;
 +               SXNETID_it;
-+               SXNETID_it;
 +               d2i_OCSP_SINGLERESP;
 +               EDIPARTYNAME_new;
 +               PKCS12_certbag2x509;
@@ -2409,10 +2385,8 @@ Index: openssl-1.0.1d/openssl.ld
 +               d2i_KRB5_APREQBODY;
 +               UI_method_get_flusher;
 +               X509_PUBKEY_it;
-+               X509_PUBKEY_it;
 +               _ossl_old_des_enc_read;
 +               PKCS7_ENCRYPT_it;
-+               PKCS7_ENCRYPT_it;
 +               i2d_OCSP_RESPONSE;
 +               EC_GROUP_get_cofactor;
 +               PKCS12_unpack_p7data;
@@ -2430,10 +2404,8 @@ Index: openssl-1.0.1d/openssl.ld
 +               PKCS12_item_i2d_encrypt;
 +               X509_add1_ext_i2d;
 +               PKCS7_SIGNER_INFO_it;
-+               PKCS7_SIGNER_INFO_it;
 +               KRB5_PRINCNAME_new;
 +               PKCS12_SAFEBAG_it;
-+               PKCS12_SAFEBAG_it;
 +               EC_GROUP_get_order;
 +               d2i_OCSP_RESPID;
 +               OCSP_request_verify;
@@ -2448,42 +2420,32 @@ Index: openssl-1.0.1d/openssl.ld
 +               EVP_MD_CTX_create;
 +               OCSP_resp_find_status;
 +               X509_ALGOR_it;
-+               X509_ALGOR_it;
-+               ASN1_TIME_it;
 +               ASN1_TIME_it;
 +               OCSP_request_set1_name;
 +               OCSP_ONEREQ_get_ext_count;
 +               UI_get0_result;
 +               PKCS12_AUTHSAFES_it;
-+               PKCS12_AUTHSAFES_it;
 +               EVP_aes_256_ecb;
 +               PKCS12_pack_authsafes;
 +               ASN1_IA5STRING_it;
-+               ASN1_IA5STRING_it;
 +               UI_get_input_flags;
 +               EC_GROUP_set_generator;
 +               _ossl_old_des_string_to_2keys;
 +               OCSP_CERTID_free;
 +               X509_CERT_AUX_it;
-+               X509_CERT_AUX_it;
-+               CERTIFICATEPOLICIES_it;
 +               CERTIFICATEPOLICIES_it;
 +               _ossl_old_des_ede3_cbc_encrypt;
 +               RAND_set_rand_engine;
 +               DSO_get_loaded_filename;
 +               X509_ATTRIBUTE_it;
-+               X509_ATTRIBUTE_it;
 +               OCSP_ONEREQ_get_ext_by_NID;
 +               PKCS12_decrypt_skey;
 +               KRB5_AUTHENT_it;
-+               KRB5_AUTHENT_it;
 +               UI_dup_error_string;
 +               RSAPublicKey_it;
-+               RSAPublicKey_it;
 +               i2d_OCSP_REQUEST;
 +               PKCS12_x509crl2certbag;
 +               OCSP_SERVICELOC_it;
-+               OCSP_SERVICELOC_it;
 +               ASN1_item_sign;
 +               X509_CRL_set_issuer_name;
 +               OBJ_NAME_do_all_sorted;
@@ -2494,30 +2456,23 @@ Index: openssl-1.0.1d/openssl.ld
 +               ENGINE_get_digest;
 +               OCSP_RESPONSE_print;
 +               KRB5_TKTBODY_it;
-+               KRB5_TKTBODY_it;
 +               ACCESS_DESCRIPTION_it;
-+               ACCESS_DESCRIPTION_it;
-+               PKCS7_ISSUER_AND_SERIAL_it;
 +               PKCS7_ISSUER_AND_SERIAL_it;
 +               PBE2PARAM_it;
-+               PBE2PARAM_it;
 +               PKCS12_certbag2x509crl;
 +               PKCS7_SIGNED_it;
-+               PKCS7_SIGNED_it;
 +               ENGINE_get_cipher;
 +               i2d_OCSP_CRLID;
 +               OCSP_SINGLERESP_new;
 +               ENGINE_cmd_is_executable;
 +               RSA_up_ref;
 +               ASN1_GENERALSTRING_it;
-+               ASN1_GENERALSTRING_it;
 +               ENGINE_register_DSA;
 +               X509V3_EXT_add_nconf_sk;
 +               ENGINE_set_load_pubkey_function;
 +               PKCS8_decrypt;
 +               PEM_bytes_read_bio;
 +               DIRECTORYSTRING_it;
-+               DIRECTORYSTRING_it;
 +               d2i_OCSP_CRLID;
 +               EC_POINT_is_on_curve;
 +               CRYPTO_set_locked_mem_ex_functions;
@@ -2525,7 +2480,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               d2i_KRB5_CHECKSUM;
 +               ASN1_item_dup;
 +               X509_it;
-+               X509_it;
 +               BN_mod_add;
 +               KRB5_AUTHDATA_free;
 +               _ossl_old_des_cbc_cksum;
@@ -2534,7 +2488,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               EC_POINT_get_Jprojective_coordinates_GFp;
 +               EC_POINT_get_Jproj_coords_GFp;
 +               ZLONG_it;
-+               ZLONG_it;
 +               CRYPTO_get_locked_mem_ex_functions;
 +               CRYPTO_get_locked_mem_ex_funcs;
 +               ASN1_TIME_check;
@@ -2544,41 +2497,30 @@ Index: openssl-1.0.1d/openssl.ld
 +               _ossl_old_des_ede3_cfb64_encrypt;
 +               _ossl_odes_ede3_cfb64_encrypt;
 +               ASN1_BMPSTRING_it;
-+               ASN1_BMPSTRING_it;
 +               ASN1_tag2bit;
 +               UI_method_set_flusher;
 +               X509_ocspid_print;
 +               KRB5_ENCDATA_it;
-+               KRB5_ENCDATA_it;
 +               ENGINE_get_load_pubkey_function;
 +               UI_add_user_data;
 +               OCSP_REQUEST_delete_ext;
 +               UI_get_method;
 +               OCSP_ONEREQ_free;
 +               ASN1_PRINTABLESTRING_it;
-+               ASN1_PRINTABLESTRING_it;
 +               X509_CRL_set_nextUpdate;
 +               OCSP_REQUEST_it;
-+               OCSP_REQUEST_it;
-+               OCSP_BASICRESP_it;
 +               OCSP_BASICRESP_it;
 +               AES_ecb_encrypt;
 +               BN_mod_sqr;
 +               NETSCAPE_CERT_SEQUENCE_it;
-+               NETSCAPE_CERT_SEQUENCE_it;
-+               GENERAL_NAMES_it;
 +               GENERAL_NAMES_it;
 +               AUTHORITY_INFO_ACCESS_it;
-+               AUTHORITY_INFO_ACCESS_it;
-+               ASN1_FBOOLEAN_it;
 +               ASN1_FBOOLEAN_it;
 +               UI_set_ex_data;
 +               _ossl_old_des_string_to_key;
 +               ENGINE_register_all_RSA;
 +               d2i_KRB5_PRINCNAME;
 +               OCSP_RESPBYTES_it;
-+               OCSP_RESPBYTES_it;
-+               X509_CINF_it;
 +               X509_CINF_it;
 +               ENGINE_unregister_digests;
 +               d2i_EDIPARTYNAME;
@@ -2588,7 +2530,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               OCSP_RESPDATA_free;
 +               d2i_KRB5_TICKET;
 +               OTHERNAME_it;
-+               OTHERNAME_it;
 +               EVP_MD_CTX_cleanup;
 +               d2i_ASN1_GENERALSTRING;
 +               X509_CRL_set_version;
@@ -2598,7 +2539,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               OCSP_REQUEST_free;
 +               OCSP_REQUEST_add1_ext_i2d;
 +               X509_VAL_it;
-+               X509_VAL_it;
 +               EC_POINTs_make_affine;
 +               EC_POINT_mul;
 +               X509V3_EXT_add_nconf;
@@ -2606,7 +2546,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               X509_CRL_add1_ext_i2d;
 +               _ossl_old_des_fcrypt;
 +               DISPLAYTEXT_it;
-+               DISPLAYTEXT_it;
 +               X509_CRL_set_lastUpdate;
 +               OCSP_BASICRESP_free;
 +               OCSP_BASICRESP_add1_ext_i2d;
@@ -2619,7 +2558,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               UI_get0_result_string;
 +               ASN1_GENERALSTRING_new;
 +               X509_SIG_it;
-+               X509_SIG_it;
 +               ERR_set_implementation;
 +               ERR_load_EC_strings;
 +               UI_get0_action_string;
@@ -2634,35 +2572,27 @@ Index: openssl-1.0.1d/openssl.ld
 +               OCSP_ONEREQ_get_ext_by_OBJ;
 +               ASN1_primitive_new;
 +               ASN1_PRINTABLE_it;
-+               ASN1_PRINTABLE_it;
 +               EVP_aes_192_ecb;
 +               OCSP_SIGNATURE_new;
 +               LONG_it;
-+               LONG_it;
-+               ASN1_VISIBLESTRING_it;
 +               ASN1_VISIBLESTRING_it;
 +               OCSP_SINGLERESP_add1_ext_i2d;
 +               d2i_OCSP_CERTID;
 +               ASN1_item_d2i_fp;
 +               CRL_DIST_POINTS_it;
-+               CRL_DIST_POINTS_it;
 +               GENERAL_NAME_print;
 +               OCSP_SINGLERESP_delete_ext;
 +               PKCS12_SAFEBAGS_it;
-+               PKCS12_SAFEBAGS_it;
 +               d2i_OCSP_SIGNATURE;
 +               OCSP_request_add1_nonce;
 +               ENGINE_set_cmd_defns;
 +               OCSP_SERVICELOC_free;
 +               EC_GROUP_free;
 +               ASN1_BIT_STRING_it;
-+               ASN1_BIT_STRING_it;
-+               X509_REQ_it;
 +               X509_REQ_it;
 +               _ossl_old_des_cbc_encrypt;
 +               ERR_unload_strings;
 +               PKCS7_SIGN_ENVELOPE_it;
-+               PKCS7_SIGN_ENVELOPE_it;
 +               EDIPARTYNAME_free;
 +               OCSP_REQINFO_free;
 +               EC_GROUP_new_curve_GFp;
@@ -2687,7 +2617,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               OCSP_CRLID_free;
 +               OCSP_BASICRESP_get1_ext_d2i;
 +               RSAPrivateKey_it;
-+               RSAPrivateKey_it;
 +               ENGINE_register_all_DH;
 +               i2d_EDIPARTYNAME;
 +               EC_POINT_get_affine_coordinates_GFp;
@@ -2695,10 +2624,8 @@ Index: openssl-1.0.1d/openssl.ld
 +               OCSP_CRLID_new;
 +               ENGINE_get_flags;
 +               OCSP_ONEREQ_it;
-+               OCSP_ONEREQ_it;
 +               UI_process;
 +               ASN1_INTEGER_it;
-+               ASN1_INTEGER_it;
 +               EVP_CipherInit_ex;
 +               UI_get_string_type;
 +               ENGINE_unregister_DH;
@@ -2707,7 +2634,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               bn_dup_expand;
 +               OCSP_cert_id_new;
 +               BASIC_CONSTRAINTS_it;
-+               BASIC_CONSTRAINTS_it;
 +               BN_mod_add_quick;
 +               EC_POINT_new;
 +               EVP_MD_CTX_destroy;
@@ -2717,7 +2643,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               EC_POINT_free;
 +               DH_up_ref;
 +               X509_NAME_ENTRY_it;
-+               X509_NAME_ENTRY_it;
 +               UI_get_ex_new_index;
 +               BN_mod_sub_quick;
 +               OCSP_ONEREQ_add_ext;
@@ -2730,7 +2655,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               ENGINE_register_complete;
 +               X509V3_EXT_nconf_nid;
 +               ASN1_SEQUENCE_it;
-+               ASN1_SEQUENCE_it;
 +               UI_set_default_method;
 +               RAND_query_egd_bytes;
 +               UI_method_get_writer;
@@ -2738,8 +2662,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               PEM_def_callback;
 +               ENGINE_cleanup;
 +               DIST_POINT_it;
-+               DIST_POINT_it;
-+               OCSP_SINGLERESP_it;
 +               OCSP_SINGLERESP_it;
 +               d2i_KRB5_TKTBODY;
 +               EC_POINT_cmp;
@@ -2758,24 +2680,20 @@ Index: openssl-1.0.1d/openssl.ld
 +               OCSP_cert_to_id;
 +               OCSP_RESPID_new;
 +               OCSP_RESPDATA_it;
-+               OCSP_RESPDATA_it;
 +               d2i_OCSP_RESPDATA;
 +               ENGINE_register_all_complete;
 +               OCSP_check_validity;
 +               PKCS12_BAGS_it;
-+               PKCS12_BAGS_it;
 +               OCSP_url_svcloc_new;
 +               ASN1_template_free;
 +               OCSP_SINGLERESP_add_ext;
 +               KRB5_AUTHENTBODY_it;
-+               KRB5_AUTHENTBODY_it;
 +               X509_supported_extension;
 +               i2d_KRB5_AUTHDATA;
 +               UI_method_get_opener;
 +               ENGINE_set_ex_data;
 +               OCSP_REQUEST_print;
 +               CBIGNUM_it;
-+               CBIGNUM_it;
 +               KRB5_TICKET_new;
 +               KRB5_APREQ_new;
 +               EC_GROUP_get_curve_GFp;
@@ -2785,27 +2703,20 @@ Index: openssl-1.0.1d/openssl.ld
 +               OCSP_single_get0_status;
 +               BN_swap;
 +               POLICYINFO_it;
-+               POLICYINFO_it;
 +               ENGINE_set_destroy_function;
 +               asn1_enc_free;
 +               OCSP_RESPID_it;
-+               OCSP_RESPID_it;
 +               EC_GROUP_new;
 +               EVP_aes_256_cbc;
 +               i2d_KRB5_PRINCNAME;
 +               _ossl_old_des_encrypt2;
 +               _ossl_old_des_encrypt3;
 +               PKCS8_PRIV_KEY_INFO_it;
-+               PKCS8_PRIV_KEY_INFO_it;
-+               OCSP_REQINFO_it;
 +               OCSP_REQINFO_it;
 +               PBEPARAM_it;
-+               PBEPARAM_it;
 +               KRB5_AUTHENTBODY_new;
 +               X509_CRL_add0_revoked;
 +               EDIPARTYNAME_it;
-+               EDIPARTYNAME_it;
-+               NETSCAPE_SPKI_it;
 +               NETSCAPE_SPKI_it;
 +               UI_get0_test_string;
 +               ENGINE_get_cipher_engine;
@@ -2817,14 +2728,12 @@ Index: openssl-1.0.1d/openssl.ld
 +               UI_method_get_reader;
 +               OCSP_BASICRESP_get_ext_count;
 +               ASN1_ENUMERATED_it;
-+               ASN1_ENUMERATED_it;
 +               UI_set_result;
 +               i2d_KRB5_TICKET;
 +               X509_print_ex_fp;
 +               EVP_CIPHER_CTX_set_padding;
 +               d2i_OCSP_RESPONSE;
 +               ASN1_UTCTIME_it;
-+               ASN1_UTCTIME_it;
 +               _ossl_old_des_enc_write;
 +               OCSP_RESPONSE_new;
 +               AES_set_encrypt_key;
@@ -2834,14 +2743,11 @@ Index: openssl-1.0.1d/openssl.ld
 +               OCSP_onereq_get0_id;
 +               ENGINE_set_default_ciphers;
 +               NOTICEREF_it;
-+               NOTICEREF_it;
 +               X509V3_EXT_CRL_add_nconf;
 +               OCSP_REVOKEDINFO_it;
-+               OCSP_REVOKEDINFO_it;
 +               AES_encrypt;
 +               OCSP_REQUEST_new;
 +               ASN1_ANY_it;
-+               ASN1_ANY_it;
 +               CRYPTO_ex_data_new_class;
 +               _ossl_old_des_ncbc_encrypt;
 +               i2d_KRB5_TKTBODY;
@@ -2864,19 +2770,15 @@ Index: openssl-1.0.1d/openssl.ld
 +               ENGINE_load_nuron;
 +               _ossl_old_des_pcbc_encrypt;
 +               PKCS12_MAC_DATA_it;
-+               PKCS12_MAC_DATA_it;
 +               OCSP_accept_responses_new;
 +               asn1_do_lock;
 +               PKCS7_ATTR_VERIFY_it;
-+               PKCS7_ATTR_VERIFY_it;
-+               KRB5_APREQBODY_it;
 +               KRB5_APREQBODY_it;
 +               i2d_OCSP_SINGLERESP;
 +               ASN1_item_ex_new;
 +               UI_add_verify_string;
 +               _ossl_old_des_set_key;
 +               KRB5_PRINCNAME_it;
-+               KRB5_PRINCNAME_it;
 +               EVP_DecryptInit_ex;
 +               i2d_OCSP_CERTID;
 +               ASN1_item_d2i_bio;
@@ -2890,20 +2792,17 @@ Index: openssl-1.0.1d/openssl.ld
 +               OCSP_BASICRESP_new;
 +               OCSP_REQUEST_get_ext_by_NID;
 +               KRB5_APREQ_it;
-+               KRB5_APREQ_it;
 +               ENGINE_get_destroy_function;
 +               CONF_set_nconf;
 +               ASN1_PRINTABLE_free;
 +               OCSP_BASICRESP_get_ext_by_NID;
 +               DIST_POINT_NAME_it;
-+               DIST_POINT_NAME_it;
 +               X509V3_extensions_print;
 +               _ossl_old_des_cfb64_encrypt;
 +               X509_REVOKED_add1_ext_i2d;
 +               _ossl_old_des_ofb_encrypt;
 +               KRB5_TKTBODY_new;
 +               ASN1_OCTET_STRING_it;
-+               ASN1_OCTET_STRING_it;
 +               ERR_load_UI_strings;
 +               i2d_KRB5_ENCKEY;
 +               ASN1_template_new;
@@ -2911,8 +2810,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               ASN1_item_i2d_fp;
 +               KRB5_PRINCNAME_free;
 +               PKCS7_RECIP_INFO_it;
-+               PKCS7_RECIP_INFO_it;
-+               EXTENDED_KEY_USAGE_it;
 +               EXTENDED_KEY_USAGE_it;
 +               EC_GFp_simple_method;
 +               EC_GROUP_precompute_mult;
@@ -2920,42 +2817,33 @@ Index: openssl-1.0.1d/openssl.ld
 +               UI_method_set_writer;
 +               KRB5_AUTHENT_new;
 +               X509_CRL_INFO_it;
-+               X509_CRL_INFO_it;
 +               DSO_set_name_converter;
 +               AES_set_decrypt_key;
 +               PKCS7_DIGEST_it;
-+               PKCS7_DIGEST_it;
 +               PKCS12_x5092certbag;
 +               EVP_DigestInit_ex;
 +               i2a_ACCESS_DESCRIPTION;
 +               OCSP_RESPONSE_it;
-+               OCSP_RESPONSE_it;
-+               PKCS7_ENC_CONTENT_it;
 +               PKCS7_ENC_CONTENT_it;
 +               OCSP_request_add0_id;
 +               EC_POINT_make_affine;
 +               DSO_get_filename;
 +               OCSP_CERTSTATUS_it;
-+               OCSP_CERTSTATUS_it;
 +               OCSP_request_add1_cert;
 +               UI_get0_output_string;
 +               UI_dup_verify_string;
 +               BN_mod_lshift;
 +               KRB5_AUTHDATA_it;
-+               KRB5_AUTHDATA_it;
 +               asn1_set_choice_selector;
 +               OCSP_basic_add1_status;
 +               OCSP_RESPID_free;
 +               asn1_get_field_ptr;
 +               UI_add_input_string;
 +               OCSP_CRLID_it;
-+               OCSP_CRLID_it;
 +               i2d_KRB5_AUTHENTBODY;
 +               OCSP_REQUEST_get_ext_count;
 +               ENGINE_load_atalla;
 +               X509_NAME_it;
-+               X509_NAME_it;
-+               USERNOTICE_it;
 +               USERNOTICE_it;
 +               OCSP_REQINFO_new;
 +               OCSP_BASICRESP_get_ext;
@@ -2965,33 +2853,27 @@ Index: openssl-1.0.1d/openssl.ld
 +               i2d_KRB5_ENCDATA;
 +               X509_PURPOSE_set;
 +               X509_REQ_INFO_it;
-+               X509_REQ_INFO_it;
 +               UI_method_set_opener;
 +               ASN1_item_ex_free;
 +               ASN1_BOOLEAN_it;
-+               ASN1_BOOLEAN_it;
 +               ENGINE_get_table_flags;
 +               UI_create_method;
 +               OCSP_ONEREQ_add1_ext_i2d;
 +               _shadow_DES_check_key;
-+               _shadow_DES_check_key;
 +               d2i_OCSP_REQINFO;
 +               UI_add_info_string;
 +               UI_get_result_minsize;
 +               ASN1_NULL_it;
-+               ASN1_NULL_it;
 +               BN_mod_lshift1;
 +               d2i_OCSP_ONEREQ;
 +               OCSP_ONEREQ_new;
 +               KRB5_TICKET_it;
-+               KRB5_TICKET_it;
 +               EVP_aes_192_cbc;
 +               KRB5_TICKET_free;
 +               UI_new;
 +               OCSP_response_create;
 +               _ossl_old_des_xcbc_encrypt;
 +               PKCS7_it;
-+               PKCS7_it;
 +               OCSP_REQUEST_get_ext_by_critical;
 +               OCSP_REQUEST_get_ext_by_crit;
 +               ENGINE_set_flags;
@@ -3000,11 +2882,9 @@ Index: openssl-1.0.1d/openssl.ld
 +               EVP_Digest;
 +               OCSP_ONEREQ_delete_ext;
 +               ASN1_TBOOLEAN_it;
-+               ASN1_TBOOLEAN_it;
 +               ASN1_item_new;
 +               ASN1_TIME_to_generalizedtime;
 +               BIGNUM_it;
-+               BIGNUM_it;
 +               AES_cbc_encrypt;
 +               ENGINE_get_load_privkey_function;
 +               ENGINE_get_load_privkey_fn;
@@ -3016,7 +2896,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               EC_POINT_point2oct;
 +               KRB5_APREQ_free;
 +               ASN1_OBJECT_it;
-+               ASN1_OBJECT_it;
 +               OCSP_crlID_new;
 +               OCSP_crlID2_new;
 +               CONF_modules_load_file;
@@ -3074,7 +2953,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               i2d_ASN1_UNIVERSALSTRING;
 +               ASN1_UNIVERSALSTRING_free;
 +               ASN1_UNIVERSALSTRING_it;
-+               ASN1_UNIVERSALSTRING_it;
 +               d2i_ASN1_UNIVERSALSTRING;
 +               EVP_des_ede3_ecb;
 +               X509_REQ_print_ex;
@@ -3130,14 +3008,12 @@ Index: openssl-1.0.1d/openssl.ld
 +               HMAC_CTX_set_flags;
 +               d2i_PROXY_CERT_INFO_EXTENSION;
 +               PROXY_POLICY_it;
-+               PROXY_POLICY_it;
 +               i2d_PROXY_POLICY;
 +               i2d_PROXY_CERT_INFO_EXTENSION;
 +               d2i_PROXY_POLICY;
 +               PROXY_CERT_INFO_EXTENSION_new;
 +               PROXY_CERT_INFO_EXTENSION_free;
 +               PROXY_CERT_INFO_EXTENSION_it;
-+               PROXY_CERT_INFO_EXTENSION_it;
 +               PROXY_POLICY_free;
 +               PROXY_POLICY_new;
 +               BN_MONT_CTX_set_locked;
@@ -3174,7 +3050,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               BN_BLINDING_get_thread_id;
 +               X509_STORE_CTX_set0_param;
 +               POLICY_MAPPING_it;
-+               POLICY_MAPPING_it;
 +               STORE_parse_attrs_start;
 +               POLICY_CONSTRAINTS_free;
 +               EVP_PKEY_add1_attr_by_NID;
@@ -3183,7 +3058,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               STORE_set_method;
 +               GENERAL_SUBTREE_free;
 +               NAME_CONSTRAINTS_it;
-+               NAME_CONSTRAINTS_it;
 +               ECDH_get_default_method;
 +               PKCS12_add_safe;
 +               EC_KEY_new_by_curve_name;
@@ -3226,7 +3100,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               ENGINE_get_default_ECDH;
 +               EC_KEY_get_conv_form;
 +               ASN1_OCTET_STRING_NDEF_it;
-+               ASN1_OCTET_STRING_NDEF_it;
 +               STORE_delete_public_key;
 +               STORE_get_public_key;
 +               STORE_modify_arbitrary;
@@ -3383,7 +3256,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               ENGINE_load_padlock;
 +               EC_GROUP_set_curve_name;
 +               X509_CERT_PAIR_it;
-+               X509_CERT_PAIR_it;
 +               STORE_meth_get_revoke_fn;
 +               STORE_method_get_revoke_function;
 +               STORE_method_set_get_function;
@@ -3510,7 +3382,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               pqueue_pop;
 +               STORE_ATTR_INFO_get0_cstr;
 +               POLICY_CONSTRAINTS_it;
-+               POLICY_CONSTRAINTS_it;
 +               STORE_get_ex_new_index;
 +               EVP_PKEY_get_attr_by_OBJ;
 +               X509_VERIFY_PARAM_add0_policy;
@@ -3558,8 +3429,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               STORE_modify_crl;
 +               STORE_list_private_key_start;
 +               POLICY_MAPPINGS_it;
-+               POLICY_MAPPINGS_it;
-+               GENERAL_SUBTREE_it;
 +               GENERAL_SUBTREE_it;
 +               EC_GROUP_get_curve_name;
 +               PEM_write_X509_CERT_PAIR;
@@ -3692,15 +3561,12 @@ Index: openssl-1.0.1d/openssl.ld
 +               BIO_set_callback_arg;
 +               v3_addr_add_prefix;
 +               IPAddressOrRange_it;
-+               IPAddressOrRange_it;
 +               BIO_set_flags;
 +               ASIdentifiers_it;
-+               ASIdentifiers_it;
 +               v3_addr_get_range;
 +               BIO_method_type;
 +               v3_addr_inherits;
 +               IPAddressChoice_it;
-+               IPAddressChoice_it;
 +               AES_ige_encrypt;
 +               v3_addr_add_range;
 +               EVP_CIPHER_CTX_nid;
@@ -3721,7 +3587,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               BIO_clear_flags;
 +               i2d_ASRange;
 +               IPAddressRange_it;
-+               IPAddressRange_it;
 +               IPAddressChoice_new;
 +               ASIdentifierChoice_new;
 +               ASRange_free;
@@ -3742,7 +3607,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               BIO_test_flags;
 +               i2d_ASIdentifierChoice;
 +               ASRange_it;
-+               ASRange_it;
 +               d2i_ASIdentifiers;
 +               ASRange_new;
 +               d2i_IPAddressChoice;
@@ -3751,7 +3615,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               EVP_Cipher;
 +               i2d_IPAddressOrRange;
 +               ASIdOrRange_it;
-+               ASIdOrRange_it;
 +               EVP_CIPHER_nid;
 +               i2d_IPAddressChoice;
 +               EVP_CIPHER_CTX_block_size;
@@ -3762,7 +3625,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               v3_addr_is_canonical;
 +               i2d_IPAddressRange;
 +               IPAddressFamily_it;
-+               IPAddressFamily_it;
 +               v3_asid_inherits;
 +               EVP_CIPHER_CTX_cipher;
 +               EVP_CIPHER_CTX_get_app_data;
@@ -3772,7 +3634,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               d2i_IPAddressOrRange;
 +               v3_addr_canonize;
 +               ASIdentifierChoice_it;
-+               ASIdentifierChoice_it;
 +               EVP_MD_CTX_md;
 +               d2i_ASIdentifierChoice;
 +               BIO_method_name;
@@ -3795,7 +3656,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               SEED_set_key;
 +               EVP_seed_cfb128;
 +               X509_EXTENSIONS_it;
-+               X509_EXTENSIONS_it;
 +               X509_get1_ocsp;
 +               OCSP_REQ_CTX_free;
 +               i2d_X509_EXTENSIONS;
@@ -3803,7 +3663,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               OCSP_sendreq_new;
 +               d2i_X509_EXTENSIONS;
 +               X509_ALGORS_it;
-+               X509_ALGORS_it;
 +               X509_ALGOR_get0;
 +               X509_ALGOR_set0;
 +               AES_unwrap_key;
@@ -3848,7 +3707,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               CMS_SignerInfo_verify;
 +               CMS_data;
 +               CMS_ContentInfo_it;
-+               CMS_ContentInfo_it;
 +               d2i_CMS_ReceiptRequest;
 +               CMS_compress;
 +               CMS_digest_create;
@@ -3893,7 +3751,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               CMS_RecipientInfo_kekri_get0_id;
 +               CMS_verify_receipt;
 +               CMS_ReceiptRequest_it;
-+               CMS_ReceiptRequest_it;
 +               PEM_read_bio_CMS;
 +               CMS_get1_crls;
 +               CMS_add0_recipient_key;
@@ -4032,7 +3889,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               TS_REQ_dup;
 +               GENERAL_NAME_dup;
 +               ASN1_SEQUENCE_ANY_it;
-+               ASN1_SEQUENCE_ANY_it;
 +               WHIRLPOOL;
 +               X509_STORE_get1_crls;
 +               ENGINE_get_pkey_asn1_meth;
@@ -4103,7 +3959,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               DIST_POINT_set_dpname;
 +               i2d_ISSUING_DIST_POINT;
 +               ASN1_SET_ANY_it;
-+               ASN1_SET_ANY_it;
 +               EVP_PKEY_CTX_get_data;
 +               TS_STATUS_INFO_print_bio;
 +               EVP_PKEY_derive_init;
@@ -4263,7 +4118,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               EVP_DigestSignFinal;
 +               TS_RESP_CTX_set_def_policy;
 +               NETSCAPE_X509_it;
-+               NETSCAPE_X509_it;
 +               TS_RESP_create_response;
 +               PKCS7_SIGNER_INFO_get0_algs;
 +               TS_TST_INFO_get_nonce;
@@ -4322,7 +4176,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               EVP_CIPHER_do_all_sorted;
 +               EVP_PKEY_CTX_free;
 +               ISSUING_DIST_POINT_it;
-+               ISSUING_DIST_POINT_it;
 +               d2i_TS_MSG_IMPRINT_fp;
 +               X509_STORE_get1_certs;
 +               EVP_PKEY_CTX_get_operation;
@@ -4615,7 +4468,6 @@ Index: openssl-1.0.1d/openssl.ld
 +               X509_signature_dump;
 +               d2i_RSA_PSS_PARAMS;
 +               RSA_PSS_PARAMS_it;
-+               RSA_PSS_PARAMS_it;
 +               RSA_PSS_PARAMS_free;
 +               X509_sign_ctx;
 +               i2d_RSA_PSS_PARAMS;
@@ -4638,10 +4490,151 @@ Index: openssl-1.0.1d/openssl.ld
 +               CRYPTO_memcmp;
 +} OPENSSL_1.0.1;
 +
-Index: openssl-1.0.1d/engines/openssl.ld
+OPENSSL_1.0.2 {
+       global:
+               SSL_CTX_set_alpn_protos;
+               SSL_set_alpn_protos;
+               SSL_CTX_set_alpn_select_cb;
+               SSL_get0_alpn_selected;
+               SSL_CTX_set_custom_cli_ext;
+               SSL_CTX_set_custom_srv_ext;
+               SSL_CTX_set_srv_supp_data;
+               SSL_CTX_set_cli_supp_data;
+               SSL_set_cert_cb;
+               SSL_CTX_use_serverinfo;
+               SSL_CTX_use_serverinfo_file;
+               SSL_CTX_set_cert_cb;
+               SSL_CTX_get0_param;
+               SSL_get0_param;
+               SSL_certs_clear;
+               DTLSv1_2_method;
+               DTLSv1_2_server_method;
+               DTLSv1_2_client_method;
+               DTLS_method;
+               DTLS_server_method;
+               DTLS_client_method;
+               SSL_CTX_get_ssl_method;
+               SSL_CTX_get0_certificate;
+               SSL_CTX_get0_privatekey;
+               SSL_COMP_set0_compression_methods;
+               SSL_COMP_free_compression_methods;
+               SSL_CIPHER_find;
+               SSL_is_server;
+               SSL_CONF_CTX_new;
+               SSL_CONF_CTX_finish;
+               SSL_CONF_CTX_free;
+               SSL_CONF_CTX_set_flags;
+               SSL_CONF_CTX_clear_flags;
+               SSL_CONF_CTX_set1_prefix;
+               SSL_CONF_CTX_set_ssl;
+               SSL_CONF_CTX_set_ssl_ctx;
+               SSL_CONF_cmd;
+               SSL_CONF_cmd_argv;
+               SSL_CONF_cmd_value_type;
+               SSL_trace;
+               SSL_CIPHER_standard_name;
+               SSL_get_tlsa_record_byname;
+               ASN1_TIME_diff;
+               BIO_hex_string;
+               CMS_RecipientInfo_get0_pkey_ctx;
+               CMS_RecipientInfo_encrypt;
+               CMS_SignerInfo_get0_pkey_ctx;
+               CMS_SignerInfo_get0_md_ctx;
+               CMS_SignerInfo_get0_signature;
+               CMS_RecipientInfo_kari_get0_alg;
+               CMS_RecipientInfo_kari_get0_reks;
+               CMS_RecipientInfo_kari_get0_orig_id;
+               CMS_RecipientInfo_kari_orig_id_cmp;
+               CMS_RecipientEncryptedKey_get0_id;
+               CMS_RecipientEncryptedKey_cert_cmp;
+               CMS_RecipientInfo_kari_set0_pkey;
+               CMS_RecipientInfo_kari_get0_ctx;
+               CMS_RecipientInfo_kari_decrypt;
+               CMS_SharedInfo_encode;
+               DH_compute_key_padded;
+               d2i_DHxparams;
+               i2d_DHxparams;
+               DH_get_1024_160;
+               DH_get_2048_224;
+               DH_get_2048_256;
+               DH_KDF_X9_42;
+               ECDH_KDF_X9_62;
+               ECDSA_METHOD_new;
+               ECDSA_METHOD_free;
+               ECDSA_METHOD_set_app_data;
+               ECDSA_METHOD_get_app_data;
+               ECDSA_METHOD_set_sign;
+               ECDSA_METHOD_set_sign_setup;
+               ECDSA_METHOD_set_verify;
+               ECDSA_METHOD_set_flags;
+               ECDSA_METHOD_set_name;
+               EVP_des_ede3_wrap;
+               EVP_aes_128_wrap;
+               EVP_aes_192_wrap;
+               EVP_aes_256_wrap;
+               EVP_aes_128_cbc_hmac_sha256;
+               EVP_aes_256_cbc_hmac_sha256;
+               CRYPTO_128_wrap;
+               CRYPTO_128_unwrap;
+               OCSP_REQ_CTX_nbio;
+               OCSP_REQ_CTX_new;
+               OCSP_set_max_response_length;
+               OCSP_REQ_CTX_i2d;
+               OCSP_REQ_CTX_nbio_d2i;
+               OCSP_REQ_CTX_get0_mem_bio;
+               OCSP_REQ_CTX_http;
+               RSA_padding_add_PKCS1_OAEP_mgf1;
+               RSA_padding_check_PKCS1_OAEP_mgf1;
+               RSA_OAEP_PARAMS_free;
+               RSA_OAEP_PARAMS_it;
+               RSA_OAEP_PARAMS_new;
+               SSL_get_sigalgs;
+               SSL_get_shared_sigalgs;
+               SSL_check_chain;
+               X509_chain_up_ref;
+               X509_http_nbio;
+               X509_CRL_http_nbio;
+               X509_REVOKED_dup;
+               i2d_re_X509_tbs;
+               X509_get0_signature;
+               X509_get_signature_nid;
+               X509_CRL_diff;
+               X509_chain_check_suiteb;
+               X509_CRL_check_suiteb;
+               X509_check_host;
+               X509_check_email;
+               X509_check_ip;
+               X509_check_ip_asc;
+               X509_STORE_set_lookup_crls_cb;
+               X509_STORE_CTX_get0_store;
+               X509_VERIFY_PARAM_set1_host;
+               X509_VERIFY_PARAM_add1_host;
+               X509_VERIFY_PARAM_set_hostflags;
+               X509_VERIFY_PARAM_get0_peername;
+               X509_VERIFY_PARAM_set1_email;
+               X509_VERIFY_PARAM_set1_ip;
+               X509_VERIFY_PARAM_set1_ip_asc;
+               X509_VERIFY_PARAM_get0_name;
+               X509_VERIFY_PARAM_get_count;
+               X509_VERIFY_PARAM_get0;
+               X509V3_EXT_free;
+               EC_GROUP_get_mont_data;
+               EC_curve_nid2nist;
+               EC_curve_nist2nid;
+               PEM_write_bio_DHxparams;
+               PEM_write_DHxparams;
+               SSL_CTX_add_client_custom_ext;
+               SSL_CTX_add_server_custom_ext;
+               SSL_extension_supported;
+               BUF_strnlen;
+               sk_deep_copy;
+               SSL_test_functions;
+} OPENSSL_1.0.1d;
+
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
 ===================================================================
 --- /dev/null   1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.1d/engines/openssl.ld   2013-02-06 19:41:43.000000000 +0100
+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld  2014-02-24 21:02:30.000000000 +0100
 @@ -0,0 +1,10 @@
 +OPENSSL_1.0.0 {
 +       global:
@@ -4653,10 +4646,10 @@ Index: openssl-1.0.1d/engines/openssl.ld
 +               *;
 +};
 +
-Index: openssl-1.0.1d/engines/ccgost/openssl.ld
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld
 ===================================================================
 --- /dev/null   1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.1d/engines/ccgost/openssl.ld    2013-02-06 19:41:43.000000000 +0100
+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld   2014-02-24 21:02:30.000000000 +0100
 @@ -0,0 +1,10 @@
 +OPENSSL_1.0.0 {
 +       global:
diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/block_digicert_malaysia.patch b/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/block_digicert_malaysia.patch
new file mode 100644
index 000000000..c43bcd1c7
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/block_digicert_malaysia.patch
@@ -0,0 +1,29 @@
+From: Raphael Geissert <geissert@debian.org>
+Description: make X509_verify_cert indicate that any certificate whose
+ name contains "Digicert Sdn. Bhd." (from Malaysia) is revoked.
+Forwarded: not-needed
+Origin: vendor
+Last-Update: 2011-11-05
+Upstream-Status: Backport [debian]
+Index: openssl-1.0.2~beta1/crypto/x509/x509_vfy.c
+===================================================================
+--- openssl-1.0.2~beta1.orig/crypto/x509/x509_vfy.c     2014-02-25 00:16:12.488028844 +0100
+++ openssl-1.0.2~beta1/crypto/x509/x509_vfy.c  2014-02-25 00:16:12.484028929 +0100
+@@ -964,10 +964,11 @@
+        for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
+                {
+                x = sk_X509_value(ctx->chain, i);
+-               /* Mark DigiNotar certificates as revoked, no matter
+-                * where in the chain they are.
+               /* Mark certificates containing the following names as
+                * revoked, no matter where in the chain they are.
+                 */
+-               if (x->name && strstr(x->name, "DigiNotar"))
+               if (x->name && (strstr(x->name, "DigiNotar") ||
+                       strstr(x->name, "Digicert Sdn. Bhd.")))
+                        {
+                        ctx->error = X509_V_ERR_CERT_REVOKED;
+                        ctx->error_depth = i;
diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/block_diginotar.patch b/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/block_diginotar.patch
new file mode 100644
index 000000000..d81e22cd8
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/block_diginotar.patch
@@ -0,0 +1,68 @@
+From: Raphael Geissert <geissert@debian.org>
+Description: make X509_verify_cert indicate that any certificate whose
+ name contains "DigiNotar" is revoked.
+Forwarded: not-needed
+Origin: vendor
+Last-Update: 2011-09-08
+Bug: http://bugs.debian.org/639744
+Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
+Reviewed-by: Dr Stephen N Henson <shenson@drh-consultancy.co.uk>
+This is not meant as final patch.  
+Upstream-Status: Backport [debian]
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+Index: openssl-1.0.2g/crypto/x509/x509_vfy.c
+===================================================================
+--- openssl-1.0.2g.orig/crypto/x509/x509_vfy.c
+++ openssl-1.0.2g/crypto/x509/x509_vfy.c
+@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c
+ static int check_revocation(X509_STORE_CTX *ctx);
+ static int check_cert(X509_STORE_CTX *ctx);
+ static int check_policy(X509_STORE_CTX *ctx);
+static int check_ca_blacklist(X509_STORE_CTX *ctx);
+ 
+ static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
+                          unsigned int *preasons, X509_CRL *crl, X509 *x);
+@@ -489,6 +490,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
+     if (!ok)
+         goto err;
+ 
+       ok = check_ca_blacklist(ctx);
+       if(!ok) goto err;
+
+ #ifndef OPENSSL_NO_RFC3779
+     /* RFC 3779 path validation, now that CRL check has been done */
+     ok = v3_asid_validate_path(ctx);
+@@ -996,6 +1000,29 @@ static int check_crl_time(X509_STORE_CTX
+     return 1;
+ }
+ 
+static int check_ca_blacklist(X509_STORE_CTX *ctx)
+       {
+       X509 *x;
+       int i;
+       /* Check all certificates against the blacklist */
+       for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
+               {
+               x = sk_X509_value(ctx->chain, i);
+               /* Mark DigiNotar certificates as revoked, no matter
+                * where in the chain they are.
+                */
+               if (x->name && strstr(x->name, "DigiNotar"))
+                       {
+                       ctx->error = X509_V_ERR_CERT_REVOKED;
+                       ctx->error_depth = i;
+                       ctx->current_cert = x;
+                       if (!ctx->verify_cb(0,ctx))
+                               return 0;
+                       }
+               }
+       return 1;
+       }
+
+ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
+                       X509 **pissuer, int *pscore, unsigned int *preasons,
+                       STACK_OF(X509_CRL) *crls)
diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/version-script.patch b/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/version-script.patch
new file mode 100644
index 000000000..29f11a288
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/version-script.patch
@@ -0,0 +1,4656 @@
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure
+===================================================================
+--- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure      2014-02-24 21:02:30.000000000 +0100
+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure   2014-02-24 21:02:30.000000000 +0100
+@@ -1651,6 +1651,8 @@
+                }
+        }
+ 
+$shared_ldflag .= " -Wl,--version-script=openssl.ld";
+
+ open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
+ unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
+ open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
+===================================================================
+--- /dev/null   1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld  2014-02-24 22:19:08.601827266 +0100
+@@ -0,0 +1,4608 @@
+OPENSSL_1.0.2d {
+       global:
+               BIO_f_ssl;
+               BIO_new_buffer_ssl_connect;
+               BIO_new_ssl;
+               BIO_new_ssl_connect;
+               BIO_proxy_ssl_copy_session_id;
+               BIO_ssl_copy_session_id;
+               BIO_ssl_shutdown;
+               d2i_SSL_SESSION;
+               DTLSv1_client_method;
+               DTLSv1_method;
+               DTLSv1_server_method;
+               ERR_load_SSL_strings;
+               i2d_SSL_SESSION;
+               kssl_build_principal_2;
+               kssl_cget_tkt;
+               kssl_check_authent;
+               kssl_ctx_free;
+               kssl_ctx_new;
+               kssl_ctx_setkey;
+               kssl_ctx_setprinc;
+               kssl_ctx_setstring;
+               kssl_ctx_show;
+               kssl_err_set;
+               kssl_krb5_free_data_contents;
+               kssl_sget_tkt;
+               kssl_skip_confound;
+               kssl_validate_times;
+               PEM_read_bio_SSL_SESSION;
+               PEM_read_SSL_SESSION;
+               PEM_write_bio_SSL_SESSION;
+               PEM_write_SSL_SESSION;
+               SSL_accept;
+               SSL_add_client_CA;
+               SSL_add_dir_cert_subjects_to_stack;
+               SSL_add_dir_cert_subjs_to_stk;
+               SSL_add_file_cert_subjects_to_stack;
+               SSL_add_file_cert_subjs_to_stk;
+               SSL_alert_desc_string;
+               SSL_alert_desc_string_long;
+               SSL_alert_type_string;
+               SSL_alert_type_string_long;
+               SSL_callback_ctrl;
+               SSL_check_private_key;
+               SSL_CIPHER_description;
+               SSL_CIPHER_get_bits;
+               SSL_CIPHER_get_name;
+               SSL_CIPHER_get_version;
+               SSL_clear;
+               SSL_COMP_add_compression_method;
+               SSL_COMP_get_compression_methods;
+               SSL_COMP_get_compress_methods;
+               SSL_COMP_get_name;
+               SSL_connect;
+               SSL_copy_session_id;
+               SSL_ctrl;
+               SSL_CTX_add_client_CA;
+               SSL_CTX_add_session;
+               SSL_CTX_callback_ctrl;
+               SSL_CTX_check_private_key;
+               SSL_CTX_ctrl;
+               SSL_CTX_flush_sessions;
+               SSL_CTX_free;
+               SSL_CTX_get_cert_store;
+               SSL_CTX_get_client_CA_list;
+               SSL_CTX_get_client_cert_cb;
+               SSL_CTX_get_ex_data;
+               SSL_CTX_get_ex_new_index;
+               SSL_CTX_get_info_callback;
+               SSL_CTX_get_quiet_shutdown;
+               SSL_CTX_get_timeout;
+               SSL_CTX_get_verify_callback;
+               SSL_CTX_get_verify_depth;
+               SSL_CTX_get_verify_mode;
+               SSL_CTX_load_verify_locations;
+               SSL_CTX_new;
+               SSL_CTX_remove_session;
+               SSL_CTX_sess_get_get_cb;
+               SSL_CTX_sess_get_new_cb;
+               SSL_CTX_sess_get_remove_cb;
+               SSL_CTX_sessions;
+               SSL_CTX_sess_set_get_cb;
+               SSL_CTX_sess_set_new_cb;
+               SSL_CTX_sess_set_remove_cb;
+               SSL_CTX_set1_param;
+               SSL_CTX_set_cert_store;
+               SSL_CTX_set_cert_verify_callback;
+               SSL_CTX_set_cert_verify_cb;
+               SSL_CTX_set_cipher_list;
+               SSL_CTX_set_client_CA_list;
+               SSL_CTX_set_client_cert_cb;
+               SSL_CTX_set_client_cert_engine;
+               SSL_CTX_set_cookie_generate_cb;
+               SSL_CTX_set_cookie_verify_cb;
+               SSL_CTX_set_default_passwd_cb;
+               SSL_CTX_set_default_passwd_cb_userdata;
+               SSL_CTX_set_default_verify_paths;
+               SSL_CTX_set_def_passwd_cb_ud;
+               SSL_CTX_set_def_verify_paths;
+               SSL_CTX_set_ex_data;
+               SSL_CTX_set_generate_session_id;
+               SSL_CTX_set_info_callback;
+               SSL_CTX_set_msg_callback;
+               SSL_CTX_set_psk_client_callback;
+               SSL_CTX_set_psk_server_callback;
+               SSL_CTX_set_purpose;
+               SSL_CTX_set_quiet_shutdown;
+               SSL_CTX_set_session_id_context;
+               SSL_CTX_set_ssl_version;
+               SSL_CTX_set_timeout;
+               SSL_CTX_set_tmp_dh_callback;
+               SSL_CTX_set_tmp_ecdh_callback;
+               SSL_CTX_set_tmp_rsa_callback;
+               SSL_CTX_set_trust;
+               SSL_CTX_set_verify;
+               SSL_CTX_set_verify_depth;
+               SSL_CTX_use_cert_chain_file;
+               SSL_CTX_use_certificate;
+               SSL_CTX_use_certificate_ASN1;
+               SSL_CTX_use_certificate_chain_file;
+               SSL_CTX_use_certificate_file;
+               SSL_CTX_use_PrivateKey;
+               SSL_CTX_use_PrivateKey_ASN1;
+               SSL_CTX_use_PrivateKey_file;
+               SSL_CTX_use_psk_identity_hint;
+               SSL_CTX_use_RSAPrivateKey;
+               SSL_CTX_use_RSAPrivateKey_ASN1;
+               SSL_CTX_use_RSAPrivateKey_file;
+               SSL_do_handshake;
+               SSL_dup;
+               SSL_dup_CA_list;
+               SSLeay_add_ssl_algorithms;
+               SSL_free;
+               SSL_get1_session;
+               SSL_get_certificate;
+               SSL_get_cipher_list;
+               SSL_get_ciphers;
+               SSL_get_client_CA_list;
+               SSL_get_current_cipher;
+               SSL_get_current_compression;
+               SSL_get_current_expansion;
+               SSL_get_default_timeout;
+               SSL_get_error;
+               SSL_get_ex_data;
+               SSL_get_ex_data_X509_STORE_CTX_idx;
+               SSL_get_ex_d_X509_STORE_CTX_idx;
+               SSL_get_ex_new_index;
+               SSL_get_fd;
+               SSL_get_finished;
+               SSL_get_info_callback;
+               SSL_get_peer_cert_chain;
+               SSL_get_peer_certificate;
+               SSL_get_peer_finished;
+               SSL_get_privatekey;
+               SSL_get_psk_identity;
+               SSL_get_psk_identity_hint;
+               SSL_get_quiet_shutdown;
+               SSL_get_rbio;
+               SSL_get_read_ahead;
+               SSL_get_rfd;
+               SSL_get_servername;
+               SSL_get_servername_type;
+               SSL_get_session;
+               SSL_get_shared_ciphers;
+               SSL_get_shutdown;
+               SSL_get_SSL_CTX;
+               SSL_get_ssl_method;
+               SSL_get_verify_callback;
+               SSL_get_verify_depth;
+               SSL_get_verify_mode;
+               SSL_get_verify_result;
+               SSL_get_version;
+               SSL_get_wbio;
+               SSL_get_wfd;
+               SSL_has_matching_session_id;
+               SSL_library_init;
+               SSL_load_client_CA_file;
+               SSL_load_error_strings;
+               SSL_new;
+               SSL_peek;
+               SSL_pending;
+               SSL_read;
+               SSL_renegotiate;
+               SSL_renegotiate_pending;
+               SSL_rstate_string;
+               SSL_rstate_string_long;
+               SSL_SESSION_cmp;
+               SSL_SESSION_free;
+               SSL_SESSION_get_ex_data;
+               SSL_SESSION_get_ex_new_index;
+               SSL_SESSION_get_id;
+               SSL_SESSION_get_time;
+               SSL_SESSION_get_timeout;
+               SSL_SESSION_hash;
+               SSL_SESSION_new;
+               SSL_SESSION_print;
+               SSL_SESSION_print_fp;
+               SSL_SESSION_set_ex_data;
+               SSL_SESSION_set_time;
+               SSL_SESSION_set_timeout;
+               SSL_set1_param;
+               SSL_set_accept_state;
+               SSL_set_bio;
+               SSL_set_cipher_list;
+               SSL_set_client_CA_list;
+               SSL_set_connect_state;
+               SSL_set_ex_data;
+               SSL_set_fd;
+               SSL_set_generate_session_id;
+               SSL_set_info_callback;
+               SSL_set_msg_callback;
+               SSL_set_psk_client_callback;
+               SSL_set_psk_server_callback;
+               SSL_set_purpose;
+               SSL_set_quiet_shutdown;
+               SSL_set_read_ahead;
+               SSL_set_rfd;
+               SSL_set_session;
+               SSL_set_session_id_context;
+               SSL_set_session_secret_cb;
+               SSL_set_session_ticket_ext;
+               SSL_set_session_ticket_ext_cb;
+               SSL_set_shutdown;
+               SSL_set_SSL_CTX;
+               SSL_set_ssl_method;
+               SSL_set_tmp_dh_callback;
+               SSL_set_tmp_ecdh_callback;
+               SSL_set_tmp_rsa_callback;
+               SSL_set_trust;
+               SSL_set_verify;
+               SSL_set_verify_depth;
+               SSL_set_verify_result;
+               SSL_set_wfd;
+               SSL_shutdown;
+               SSL_state;
+               SSL_state_string;
+               SSL_state_string_long;
+               SSL_use_certificate;
+               SSL_use_certificate_ASN1;
+               SSL_use_certificate_file;
+               SSL_use_PrivateKey;
+               SSL_use_PrivateKey_ASN1;
+               SSL_use_PrivateKey_file;
+               SSL_use_psk_identity_hint;
+               SSL_use_RSAPrivateKey;
+               SSL_use_RSAPrivateKey_ASN1;
+               SSL_use_RSAPrivateKey_file;
+               SSLv23_client_method;
+               SSLv23_method;
+               SSLv23_server_method;
+               SSLv2_client_method;
+               SSLv2_method;
+               SSLv2_server_method;
+               SSLv3_client_method;
+               SSLv3_method;
+               SSLv3_server_method;
+               SSL_version;
+               SSL_want;
+               SSL_write;
+               TLSv1_client_method;
+               TLSv1_method;
+               TLSv1_server_method;
+
+
+               SSLeay;
+               SSLeay_version;
+               ASN1_BIT_STRING_asn1_meth;
+               ASN1_HEADER_free;
+               ASN1_HEADER_new;
+               ASN1_IA5STRING_asn1_meth;
+               ASN1_INTEGER_get;
+               ASN1_INTEGER_set;
+               ASN1_INTEGER_to_BN;
+               ASN1_OBJECT_create;
+               ASN1_OBJECT_free;
+               ASN1_OBJECT_new;
+               ASN1_PRINTABLE_type;
+               ASN1_STRING_cmp;
+               ASN1_STRING_dup;
+               ASN1_STRING_free;
+               ASN1_STRING_new;
+               ASN1_STRING_print;
+               ASN1_STRING_set;
+               ASN1_STRING_type_new;
+               ASN1_TYPE_free;
+               ASN1_TYPE_new;
+               ASN1_UNIVERSALSTRING_to_string;
+               ASN1_UTCTIME_check;
+               ASN1_UTCTIME_print;
+               ASN1_UTCTIME_set;
+               ASN1_check_infinite_end;
+               ASN1_d2i_bio;
+               ASN1_d2i_fp;
+               ASN1_digest;
+               ASN1_dup;
+               ASN1_get_object;
+               ASN1_i2d_bio;
+               ASN1_i2d_fp;
+               ASN1_object_size;
+               ASN1_parse;
+               ASN1_put_object;
+               ASN1_sign;
+               ASN1_verify;
+               BF_cbc_encrypt;
+               BF_cfb64_encrypt;
+               BF_ecb_encrypt;
+               BF_encrypt;
+               BF_ofb64_encrypt;
+               BF_options;
+               BF_set_key;
+               BIO_CONNECT_free;
+               BIO_CONNECT_new;
+               BIO_accept;
+               BIO_ctrl;
+               BIO_int_ctrl;
+               BIO_debug_callback;
+               BIO_dump;
+               BIO_dup_chain;
+               BIO_f_base64;
+               BIO_f_buffer;
+               BIO_f_cipher;
+               BIO_f_md;
+               BIO_f_null;
+               BIO_f_proxy_server;
+               BIO_fd_non_fatal_error;
+               BIO_fd_should_retry;
+               BIO_find_type;
+               BIO_free;
+               BIO_free_all;
+               BIO_get_accept_socket;
+               BIO_get_filter_bio;
+               BIO_get_host_ip;
+               BIO_get_port;
+               BIO_get_retry_BIO;
+               BIO_get_retry_reason;
+               BIO_gethostbyname;
+               BIO_gets;
+               BIO_new;
+               BIO_new_accept;
+               BIO_new_connect;
+               BIO_new_fd;
+               BIO_new_file;
+               BIO_new_fp;
+               BIO_new_socket;
+               BIO_pop;
+               BIO_printf;
+               BIO_push;
+               BIO_puts;
+               BIO_read;
+               BIO_s_accept;
+               BIO_s_connect;
+               BIO_s_fd;
+               BIO_s_file;
+               BIO_s_mem;
+               BIO_s_null;
+               BIO_s_proxy_client;
+               BIO_s_socket;
+               BIO_set;
+               BIO_set_cipher;
+               BIO_set_tcp_ndelay;
+               BIO_sock_cleanup;
+               BIO_sock_error;
+               BIO_sock_init;
+               BIO_sock_non_fatal_error;
+               BIO_sock_should_retry;
+               BIO_socket_ioctl;
+               BIO_write;
+               BN_CTX_free;
+               BN_CTX_new;
+               BN_MONT_CTX_free;
+               BN_MONT_CTX_new;
+               BN_MONT_CTX_set;
+               BN_add;
+               BN_add_word;
+               BN_hex2bn;
+               BN_bin2bn;
+               BN_bn2hex;
+               BN_bn2bin;
+               BN_clear;
+               BN_clear_bit;
+               BN_clear_free;
+               BN_cmp;
+               BN_copy;
+               BN_div;
+               BN_div_word;
+               BN_dup;
+               BN_free;
+               BN_from_montgomery;
+               BN_gcd;
+               BN_generate_prime;
+               BN_get_word;
+               BN_is_bit_set;
+               BN_is_prime;
+               BN_lshift;
+               BN_lshift1;
+               BN_mask_bits;
+               BN_mod;
+               BN_mod_exp;
+               BN_mod_exp_mont;
+               BN_mod_exp_simple;
+               BN_mod_inverse;
+               BN_mod_mul;
+               BN_mod_mul_montgomery;
+               BN_mod_word;
+               BN_mul;
+               BN_new;
+               BN_num_bits;
+               BN_num_bits_word;
+               BN_options;
+               BN_print;
+               BN_print_fp;
+               BN_rand;
+               BN_reciprocal;
+               BN_rshift;
+               BN_rshift1;
+               BN_set_bit;
+               BN_set_word;
+               BN_sqr;
+               BN_sub;
+               BN_to_ASN1_INTEGER;
+               BN_ucmp;
+               BN_value_one;
+               BUF_MEM_free;
+               BUF_MEM_grow;
+               BUF_MEM_new;
+               BUF_strdup;
+               CONF_free;
+               CONF_get_number;
+               CONF_get_section;
+               CONF_get_string;
+               CONF_load;
+               CRYPTO_add_lock;
+               CRYPTO_dbg_free;
+               CRYPTO_dbg_malloc;
+               CRYPTO_dbg_realloc;
+               CRYPTO_dbg_remalloc;
+               CRYPTO_free;
+               CRYPTO_get_add_lock_callback;
+               CRYPTO_get_id_callback;
+               CRYPTO_get_lock_name;
+               CRYPTO_get_locking_callback;
+               CRYPTO_get_mem_functions;
+               CRYPTO_lock;
+               CRYPTO_malloc;
+               CRYPTO_mem_ctrl;
+               CRYPTO_mem_leaks;
+               CRYPTO_mem_leaks_cb;
+               CRYPTO_mem_leaks_fp;
+               CRYPTO_realloc;
+               CRYPTO_remalloc;
+               CRYPTO_set_add_lock_callback;
+               CRYPTO_set_id_callback;
+               CRYPTO_set_locking_callback;
+               CRYPTO_set_mem_functions;
+               CRYPTO_thread_id;
+               DH_check;
+               DH_compute_key;
+               DH_free;
+               DH_generate_key;
+               DH_generate_parameters;
+               DH_new;
+               DH_size;
+               DHparams_print;
+               DHparams_print_fp;
+               DSA_free;
+               DSA_generate_key;
+               DSA_generate_parameters;
+               DSA_is_prime;
+               DSA_new;
+               DSA_print;
+               DSA_print_fp;
+               DSA_sign;
+               DSA_sign_setup;
+               DSA_size;
+               DSA_verify;
+               DSAparams_print;
+               DSAparams_print_fp;
+               ERR_clear_error;
+               ERR_error_string;
+               ERR_free_strings;
+               ERR_func_error_string;
+               ERR_get_err_state_table;
+               ERR_get_error;
+               ERR_get_error_line;
+               ERR_get_state;
+               ERR_get_string_table;
+               ERR_lib_error_string;
+               ERR_load_ASN1_strings;
+               ERR_load_BIO_strings;
+               ERR_load_BN_strings;
+               ERR_load_BUF_strings;
+               ERR_load_CONF_strings;
+               ERR_load_DH_strings;
+               ERR_load_DSA_strings;
+               ERR_load_ERR_strings;
+               ERR_load_EVP_strings;
+               ERR_load_OBJ_strings;
+               ERR_load_PEM_strings;
+               ERR_load_PROXY_strings;
+               ERR_load_RSA_strings;
+               ERR_load_X509_strings;
+               ERR_load_crypto_strings;
+               ERR_load_strings;
+               ERR_peek_error;
+               ERR_peek_error_line;
+               ERR_print_errors;
+               ERR_print_errors_fp;
+               ERR_put_error;
+               ERR_reason_error_string;
+               ERR_remove_state;
+               EVP_BytesToKey;
+               EVP_CIPHER_CTX_cleanup;
+               EVP_CipherFinal;
+               EVP_CipherInit;
+               EVP_CipherUpdate;
+               EVP_DecodeBlock;
+               EVP_DecodeFinal;
+               EVP_DecodeInit;
+               EVP_DecodeUpdate;
+               EVP_DecryptFinal;
+               EVP_DecryptInit;
+               EVP_DecryptUpdate;
+               EVP_DigestFinal;
+               EVP_DigestInit;
+               EVP_DigestUpdate;
+               EVP_EncodeBlock;
+               EVP_EncodeFinal;
+               EVP_EncodeInit;
+               EVP_EncodeUpdate;
+               EVP_EncryptFinal;
+               EVP_EncryptInit;
+               EVP_EncryptUpdate;
+               EVP_OpenFinal;
+               EVP_OpenInit;
+               EVP_PKEY_assign;
+               EVP_PKEY_copy_parameters;
+               EVP_PKEY_free;
+               EVP_PKEY_missing_parameters;
+               EVP_PKEY_new;
+               EVP_PKEY_save_parameters;
+               EVP_PKEY_size;
+               EVP_PKEY_type;
+               EVP_SealFinal;
+               EVP_SealInit;
+               EVP_SignFinal;
+               EVP_VerifyFinal;
+               EVP_add_alias;
+               EVP_add_cipher;
+               EVP_add_digest;
+               EVP_bf_cbc;
+               EVP_bf_cfb64;
+               EVP_bf_ecb;
+               EVP_bf_ofb;
+               EVP_cleanup;
+               EVP_des_cbc;
+               EVP_des_cfb64;
+               EVP_des_ecb;
+               EVP_des_ede;
+               EVP_des_ede3;
+               EVP_des_ede3_cbc;
+               EVP_des_ede3_cfb64;
+               EVP_des_ede3_ofb;
+               EVP_des_ede_cbc;
+               EVP_des_ede_cfb64;
+               EVP_des_ede_ofb;
+               EVP_des_ofb;
+               EVP_desx_cbc;
+               EVP_dss;
+               EVP_dss1;
+               EVP_enc_null;
+               EVP_get_cipherbyname;
+               EVP_get_digestbyname;
+               EVP_get_pw_prompt;
+               EVP_idea_cbc;
+               EVP_idea_cfb64;
+               EVP_idea_ecb;
+               EVP_idea_ofb;
+               EVP_md2;
+               EVP_md5;
+               EVP_md_null;
+               EVP_rc2_cbc;
+               EVP_rc2_cfb64;
+               EVP_rc2_ecb;
+               EVP_rc2_ofb;
+               EVP_rc4;
+               EVP_read_pw_string;
+               EVP_set_pw_prompt;
+               EVP_sha;
+               EVP_sha1;
+               MD2;
+               MD2_Final;
+               MD2_Init;
+               MD2_Update;
+               MD2_options;
+               MD5;
+               MD5_Final;
+               MD5_Init;
+               MD5_Update;
+               MDC2;
+               MDC2_Final;
+               MDC2_Init;
+               MDC2_Update;
+               NETSCAPE_SPKAC_free;
+               NETSCAPE_SPKAC_new;
+               NETSCAPE_SPKI_free;
+               NETSCAPE_SPKI_new;
+               NETSCAPE_SPKI_sign;
+               NETSCAPE_SPKI_verify;
+               OBJ_add_object;
+               OBJ_bsearch;
+               OBJ_cleanup;
+               OBJ_cmp;
+               OBJ_create;
+               OBJ_dup;
+               OBJ_ln2nid;
+               OBJ_new_nid;
+               OBJ_nid2ln;
+               OBJ_nid2obj;
+               OBJ_nid2sn;
+               OBJ_obj2nid;
+               OBJ_sn2nid;
+               OBJ_txt2nid;
+               PEM_ASN1_read;
+               PEM_ASN1_read_bio;
+               PEM_ASN1_write;
+               PEM_ASN1_write_bio;
+               PEM_SealFinal;
+               PEM_SealInit;
+               PEM_SealUpdate;
+               PEM_SignFinal;
+               PEM_SignInit;
+               PEM_SignUpdate;
+               PEM_X509_INFO_read;
+               PEM_X509_INFO_read_bio;
+               PEM_X509_INFO_write_bio;
+               PEM_dek_info;
+               PEM_do_header;
+               PEM_get_EVP_CIPHER_INFO;
+               PEM_proc_type;
+               PEM_read;
+               PEM_read_DHparams;
+               PEM_read_DSAPrivateKey;
+               PEM_read_DSAparams;
+               PEM_read_PKCS7;
+               PEM_read_PrivateKey;
+               PEM_read_RSAPrivateKey;
+               PEM_read_X509;
+               PEM_read_X509_CRL;
+               PEM_read_X509_REQ;
+               PEM_read_bio;
+               PEM_read_bio_DHparams;
+               PEM_read_bio_DSAPrivateKey;
+               PEM_read_bio_DSAparams;
+               PEM_read_bio_PKCS7;
+               PEM_read_bio_PrivateKey;
+               PEM_read_bio_RSAPrivateKey;
+               PEM_read_bio_X509;
+               PEM_read_bio_X509_CRL;
+               PEM_read_bio_X509_REQ;
+               PEM_write;
+               PEM_write_DHparams;
+               PEM_write_DSAPrivateKey;
+               PEM_write_DSAparams;
+               PEM_write_PKCS7;
+               PEM_write_PrivateKey;
+               PEM_write_RSAPrivateKey;
+               PEM_write_X509;
+               PEM_write_X509_CRL;
+               PEM_write_X509_REQ;
+               PEM_write_bio;
+               PEM_write_bio_DHparams;
+               PEM_write_bio_DSAPrivateKey;
+               PEM_write_bio_DSAparams;
+               PEM_write_bio_PKCS7;
+               PEM_write_bio_PrivateKey;
+               PEM_write_bio_RSAPrivateKey;
+               PEM_write_bio_X509;
+               PEM_write_bio_X509_CRL;
+               PEM_write_bio_X509_REQ;
+               PKCS7_DIGEST_free;
+               PKCS7_DIGEST_new;
+               PKCS7_ENCRYPT_free;
+               PKCS7_ENCRYPT_new;
+               PKCS7_ENC_CONTENT_free;
+               PKCS7_ENC_CONTENT_new;
+               PKCS7_ENVELOPE_free;
+               PKCS7_ENVELOPE_new;
+               PKCS7_ISSUER_AND_SERIAL_digest;
+               PKCS7_ISSUER_AND_SERIAL_free;
+               PKCS7_ISSUER_AND_SERIAL_new;
+               PKCS7_RECIP_INFO_free;
+               PKCS7_RECIP_INFO_new;
+               PKCS7_SIGNED_free;
+               PKCS7_SIGNED_new;
+               PKCS7_SIGNER_INFO_free;
+               PKCS7_SIGNER_INFO_new;
+               PKCS7_SIGN_ENVELOPE_free;
+               PKCS7_SIGN_ENVELOPE_new;
+               PKCS7_dup;
+               PKCS7_free;
+               PKCS7_new;
+               PROXY_ENTRY_add_noproxy;
+               PROXY_ENTRY_clear_noproxy;
+               PROXY_ENTRY_free;
+               PROXY_ENTRY_get_noproxy;
+               PROXY_ENTRY_new;
+               PROXY_ENTRY_set_server;
+               PROXY_add_noproxy;
+               PROXY_add_server;
+               PROXY_check_by_host;
+               PROXY_check_url;
+               PROXY_clear_noproxy;
+               PROXY_free;
+               PROXY_get_noproxy;
+               PROXY_get_proxies;
+               PROXY_get_proxy_entry;
+               PROXY_load_conf;
+               PROXY_new;
+               PROXY_print;
+               RAND_bytes;
+               RAND_cleanup;
+               RAND_file_name;
+               RAND_load_file;
+               RAND_screen;
+               RAND_seed;
+               RAND_write_file;
+               RC2_cbc_encrypt;
+               RC2_cfb64_encrypt;
+               RC2_ecb_encrypt;
+               RC2_encrypt;
+               RC2_ofb64_encrypt;
+               RC2_set_key;
+               RC4;
+               RC4_options;
+               RC4_set_key;
+               RSAPrivateKey_asn1_meth;
+               RSAPrivateKey_dup;
+               RSAPublicKey_dup;
+               RSA_PKCS1_SSLeay;
+               RSA_free;
+               RSA_generate_key;
+               RSA_new;
+               RSA_new_method;
+               RSA_print;
+               RSA_print_fp;
+               RSA_private_decrypt;
+               RSA_private_encrypt;
+               RSA_public_decrypt;
+               RSA_public_encrypt;
+               RSA_set_default_method;
+               RSA_sign;
+               RSA_sign_ASN1_OCTET_STRING;
+               RSA_size;
+               RSA_verify;
+               RSA_verify_ASN1_OCTET_STRING;
+               SHA;
+               SHA1;
+               SHA1_Final;
+               SHA1_Init;
+               SHA1_Update;
+               SHA_Final;
+               SHA_Init;
+               SHA_Update;
+               OpenSSL_add_all_algorithms;
+               OpenSSL_add_all_ciphers;
+               OpenSSL_add_all_digests;
+               TXT_DB_create_index;
+               TXT_DB_free;
+               TXT_DB_get_by_index;
+               TXT_DB_insert;
+               TXT_DB_read;
+               TXT_DB_write;
+               X509_ALGOR_free;
+               X509_ALGOR_new;
+               X509_ATTRIBUTE_free;
+               X509_ATTRIBUTE_new;
+               X509_CINF_free;
+               X509_CINF_new;
+               X509_CRL_INFO_free;
+               X509_CRL_INFO_new;
+               X509_CRL_add_ext;
+               X509_CRL_cmp;
+               X509_CRL_delete_ext;
+               X509_CRL_dup;
+               X509_CRL_free;
+               X509_CRL_get_ext;
+               X509_CRL_get_ext_by_NID;
+               X509_CRL_get_ext_by_OBJ;
+               X509_CRL_get_ext_by_critical;
+               X509_CRL_get_ext_count;
+               X509_CRL_new;
+               X509_CRL_sign;
+               X509_CRL_verify;
+               X509_EXTENSION_create_by_NID;
+               X509_EXTENSION_create_by_OBJ;
+               X509_EXTENSION_dup;
+               X509_EXTENSION_free;
+               X509_EXTENSION_get_critical;
+               X509_EXTENSION_get_data;
+               X509_EXTENSION_get_object;
+               X509_EXTENSION_new;
+               X509_EXTENSION_set_critical;
+               X509_EXTENSION_set_data;
+               X509_EXTENSION_set_object;
+               X509_INFO_free;
+               X509_INFO_new;
+               X509_LOOKUP_by_alias;
+               X509_LOOKUP_by_fingerprint;
+               X509_LOOKUP_by_issuer_serial;
+               X509_LOOKUP_by_subject;
+               X509_LOOKUP_ctrl;
+               X509_LOOKUP_file;
+               X509_LOOKUP_free;
+               X509_LOOKUP_hash_dir;
+               X509_LOOKUP_init;
+               X509_LOOKUP_new;
+               X509_LOOKUP_shutdown;
+               X509_NAME_ENTRY_create_by_NID;
+               X509_NAME_ENTRY_create_by_OBJ;
+               X509_NAME_ENTRY_dup;
+               X509_NAME_ENTRY_free;
+               X509_NAME_ENTRY_get_data;
+               X509_NAME_ENTRY_get_object;
+               X509_NAME_ENTRY_new;
+               X509_NAME_ENTRY_set_data;
+               X509_NAME_ENTRY_set_object;
+               X509_NAME_add_entry;
+               X509_NAME_cmp;
+               X509_NAME_delete_entry;
+               X509_NAME_digest;
+               X509_NAME_dup;
+               X509_NAME_entry_count;
+               X509_NAME_free;
+               X509_NAME_get_entry;
+               X509_NAME_get_index_by_NID;
+               X509_NAME_get_index_by_OBJ;
+               X509_NAME_get_text_by_NID;
+               X509_NAME_get_text_by_OBJ;
+               X509_NAME_hash;
+               X509_NAME_new;
+               X509_NAME_oneline;
+               X509_NAME_print;
+               X509_NAME_set;
+               X509_OBJECT_free_contents;
+               X509_OBJECT_retrieve_by_subject;
+               X509_OBJECT_up_ref_count;
+               X509_PKEY_free;
+               X509_PKEY_new;
+               X509_PUBKEY_free;
+               X509_PUBKEY_get;
+               X509_PUBKEY_new;
+               X509_PUBKEY_set;
+               X509_REQ_INFO_free;
+               X509_REQ_INFO_new;
+               X509_REQ_dup;
+               X509_REQ_free;
+               X509_REQ_get_pubkey;
+               X509_REQ_new;
+               X509_REQ_print;
+               X509_REQ_print_fp;
+               X509_REQ_set_pubkey;
+               X509_REQ_set_subject_name;
+               X509_REQ_set_version;
+               X509_REQ_sign;
+               X509_REQ_to_X509;
+               X509_REQ_verify;
+               X509_REVOKED_add_ext;
+               X509_REVOKED_delete_ext;
+               X509_REVOKED_free;
+               X509_REVOKED_get_ext;
+               X509_REVOKED_get_ext_by_NID;
+               X509_REVOKED_get_ext_by_OBJ;
+               X509_REVOKED_get_ext_by_critical;
+               X509_REVOKED_get_ext_by_critic;
+               X509_REVOKED_get_ext_count;
+               X509_REVOKED_new;
+               X509_SIG_free;
+               X509_SIG_new;
+               X509_STORE_CTX_cleanup;
+               X509_STORE_CTX_init;
+               X509_STORE_add_cert;
+               X509_STORE_add_lookup;
+               X509_STORE_free;
+               X509_STORE_get_by_subject;
+               X509_STORE_load_locations;
+               X509_STORE_new;
+               X509_STORE_set_default_paths;
+               X509_VAL_free;
+               X509_VAL_new;
+               X509_add_ext;
+               X509_asn1_meth;
+               X509_certificate_type;
+               X509_check_private_key;
+               X509_cmp_current_time;
+               X509_delete_ext;
+               X509_digest;
+               X509_dup;
+               X509_free;
+               X509_get_default_cert_area;
+               X509_get_default_cert_dir;
+               X509_get_default_cert_dir_env;
+               X509_get_default_cert_file;
+               X509_get_default_cert_file_env;
+               X509_get_default_private_dir;
+               X509_get_ext;
+               X509_get_ext_by_NID;
+               X509_get_ext_by_OBJ;
+               X509_get_ext_by_critical;
+               X509_get_ext_count;
+               X509_get_issuer_name;
+               X509_get_pubkey;
+               X509_get_pubkey_parameters;
+               X509_get_serialNumber;
+               X509_get_subject_name;
+               X509_gmtime_adj;
+               X509_issuer_and_serial_cmp;
+               X509_issuer_and_serial_hash;
+               X509_issuer_name_cmp;
+               X509_issuer_name_hash;
+               X509_load_cert_file;
+               X509_new;
+               X509_print;
+               X509_print_fp;
+               X509_set_issuer_name;
+               X509_set_notAfter;
+               X509_set_notBefore;
+               X509_set_pubkey;
+               X509_set_serialNumber;
+               X509_set_subject_name;
+               X509_set_version;
+               X509_sign;
+               X509_subject_name_cmp;
+               X509_subject_name_hash;
+               X509_to_X509_REQ;
+               X509_verify;
+               X509_verify_cert;
+               X509_verify_cert_error_string;
+               X509v3_add_ext;
+               X509v3_add_extension;
+               X509v3_add_netscape_extensions;
+               X509v3_add_standard_extensions;
+               X509v3_cleanup_extensions;
+               X509v3_data_type_by_NID;
+               X509v3_data_type_by_OBJ;
+               X509v3_delete_ext;
+               X509v3_get_ext;
+               X509v3_get_ext_by_NID;
+               X509v3_get_ext_by_OBJ;
+               X509v3_get_ext_by_critical;
+               X509v3_get_ext_count;
+               X509v3_pack_string;
+               X509v3_pack_type_by_NID;
+               X509v3_pack_type_by_OBJ;
+               X509v3_unpack_string;
+               _des_crypt;
+               a2d_ASN1_OBJECT;
+               a2i_ASN1_INTEGER;
+               a2i_ASN1_STRING;
+               asn1_Finish;
+               asn1_GetSequence;
+               bn_div_words;
+               bn_expand2;
+               bn_mul_add_words;
+               bn_mul_words;
+               BN_uadd;
+               BN_usub;
+               bn_sqr_words;
+               _ossl_old_crypt;
+               d2i_ASN1_BIT_STRING;
+               d2i_ASN1_BOOLEAN;
+               d2i_ASN1_HEADER;
+               d2i_ASN1_IA5STRING;
+               d2i_ASN1_INTEGER;
+               d2i_ASN1_OBJECT;
+               d2i_ASN1_OCTET_STRING;
+               d2i_ASN1_PRINTABLE;
+               d2i_ASN1_PRINTABLESTRING;
+               d2i_ASN1_SET;
+               d2i_ASN1_T61STRING;
+               d2i_ASN1_TYPE;
+               d2i_ASN1_UTCTIME;
+               d2i_ASN1_bytes;
+               d2i_ASN1_type_bytes;
+               d2i_DHparams;
+               d2i_DSAPrivateKey;
+               d2i_DSAPrivateKey_bio;
+               d2i_DSAPrivateKey_fp;
+               d2i_DSAPublicKey;
+               d2i_DSAparams;
+               d2i_NETSCAPE_SPKAC;
+               d2i_NETSCAPE_SPKI;
+               d2i_Netscape_RSA;
+               d2i_PKCS7;
+               d2i_PKCS7_DIGEST;
+               d2i_PKCS7_ENCRYPT;
+               d2i_PKCS7_ENC_CONTENT;
+               d2i_PKCS7_ENVELOPE;
+               d2i_PKCS7_ISSUER_AND_SERIAL;
+               d2i_PKCS7_RECIP_INFO;
+               d2i_PKCS7_SIGNED;
+               d2i_PKCS7_SIGNER_INFO;
+               d2i_PKCS7_SIGN_ENVELOPE;
+               d2i_PKCS7_bio;
+               d2i_PKCS7_fp;
+               d2i_PrivateKey;
+               d2i_PublicKey;
+               d2i_RSAPrivateKey;
+               d2i_RSAPrivateKey_bio;
+               d2i_RSAPrivateKey_fp;
+               d2i_RSAPublicKey;
+               d2i_X509;
+               d2i_X509_ALGOR;
+               d2i_X509_ATTRIBUTE;
+               d2i_X509_CINF;
+               d2i_X509_CRL;
+               d2i_X509_CRL_INFO;
+               d2i_X509_CRL_bio;
+               d2i_X509_CRL_fp;
+               d2i_X509_EXTENSION;
+               d2i_X509_NAME;
+               d2i_X509_NAME_ENTRY;
+               d2i_X509_PKEY;
+               d2i_X509_PUBKEY;
+               d2i_X509_REQ;
+               d2i_X509_REQ_INFO;
+               d2i_X509_REQ_bio;
+               d2i_X509_REQ_fp;
+               d2i_X509_REVOKED;
+               d2i_X509_SIG;
+               d2i_X509_VAL;
+               d2i_X509_bio;
+               d2i_X509_fp;
+               DES_cbc_cksum;
+               DES_cbc_encrypt;
+               DES_cblock_print_file;
+               DES_cfb64_encrypt;
+               DES_cfb_encrypt;
+               DES_decrypt3;
+               DES_ecb3_encrypt;
+               DES_ecb_encrypt;
+               DES_ede3_cbc_encrypt;
+               DES_ede3_cfb64_encrypt;
+               DES_ede3_ofb64_encrypt;
+               DES_enc_read;
+               DES_enc_write;
+               DES_encrypt1;
+               DES_encrypt2;
+               DES_encrypt3;
+               DES_fcrypt;
+               DES_is_weak_key;
+               DES_key_sched;
+               DES_ncbc_encrypt;
+               DES_ofb64_encrypt;
+               DES_ofb_encrypt;
+               DES_options;
+               DES_pcbc_encrypt;
+               DES_quad_cksum;
+               DES_random_key;
+               _ossl_old_des_random_seed;
+               _ossl_old_des_read_2passwords;
+               _ossl_old_des_read_password;
+               _ossl_old_des_read_pw;
+               _ossl_old_des_read_pw_string;
+               DES_set_key;
+               DES_set_odd_parity;
+               DES_string_to_2keys;
+               DES_string_to_key;
+               DES_xcbc_encrypt;
+               DES_xwhite_in2out;
+               fcrypt_body;
+               i2a_ASN1_INTEGER;
+               i2a_ASN1_OBJECT;
+               i2a_ASN1_STRING;
+               i2d_ASN1_BIT_STRING;
+               i2d_ASN1_BOOLEAN;
+               i2d_ASN1_HEADER;
+               i2d_ASN1_IA5STRING;
+               i2d_ASN1_INTEGER;
+               i2d_ASN1_OBJECT;
+               i2d_ASN1_OCTET_STRING;
+               i2d_ASN1_PRINTABLE;
+               i2d_ASN1_SET;
+               i2d_ASN1_TYPE;
+               i2d_ASN1_UTCTIME;
+               i2d_ASN1_bytes;
+               i2d_DHparams;
+               i2d_DSAPrivateKey;
+               i2d_DSAPrivateKey_bio;
+               i2d_DSAPrivateKey_fp;
+               i2d_DSAPublicKey;
+               i2d_DSAparams;
+               i2d_NETSCAPE_SPKAC;
+               i2d_NETSCAPE_SPKI;
+               i2d_Netscape_RSA;
+               i2d_PKCS7;
+               i2d_PKCS7_DIGEST;
+               i2d_PKCS7_ENCRYPT;
+               i2d_PKCS7_ENC_CONTENT;
+               i2d_PKCS7_ENVELOPE;
+               i2d_PKCS7_ISSUER_AND_SERIAL;
+               i2d_PKCS7_RECIP_INFO;
+               i2d_PKCS7_SIGNED;
+               i2d_PKCS7_SIGNER_INFO;
+               i2d_PKCS7_SIGN_ENVELOPE;
+               i2d_PKCS7_bio;
+               i2d_PKCS7_fp;
+               i2d_PrivateKey;
+               i2d_PublicKey;
+               i2d_RSAPrivateKey;
+               i2d_RSAPrivateKey_bio;
+               i2d_RSAPrivateKey_fp;
+               i2d_RSAPublicKey;
+               i2d_X509;
+               i2d_X509_ALGOR;
+               i2d_X509_ATTRIBUTE;
+               i2d_X509_CINF;
+               i2d_X509_CRL;
+               i2d_X509_CRL_INFO;
+               i2d_X509_CRL_bio;
+               i2d_X509_CRL_fp;
+               i2d_X509_EXTENSION;
+               i2d_X509_NAME;
+               i2d_X509_NAME_ENTRY;
+               i2d_X509_PKEY;
+               i2d_X509_PUBKEY;
+               i2d_X509_REQ;
+               i2d_X509_REQ_INFO;
+               i2d_X509_REQ_bio;
+               i2d_X509_REQ_fp;
+               i2d_X509_REVOKED;
+               i2d_X509_SIG;
+               i2d_X509_VAL;
+               i2d_X509_bio;
+               i2d_X509_fp;
+               idea_cbc_encrypt;
+               idea_cfb64_encrypt;
+               idea_ecb_encrypt;
+               idea_encrypt;
+               idea_ofb64_encrypt;
+               idea_options;
+               idea_set_decrypt_key;
+               idea_set_encrypt_key;
+               lh_delete;
+               lh_doall;
+               lh_doall_arg;
+               lh_free;
+               lh_insert;
+               lh_new;
+               lh_node_stats;
+               lh_node_stats_bio;
+               lh_node_usage_stats;
+               lh_node_usage_stats_bio;
+               lh_retrieve;
+               lh_stats;
+               lh_stats_bio;
+               lh_strhash;
+               sk_delete;
+               sk_delete_ptr;
+               sk_dup;
+               sk_find;
+               sk_free;
+               sk_insert;
+               sk_new;
+               sk_pop;
+               sk_pop_free;
+               sk_push;
+               sk_set_cmp_func;
+               sk_shift;
+               sk_unshift;
+               sk_zero;
+               BIO_f_nbio_test;
+               ASN1_TYPE_get;
+               ASN1_TYPE_set;
+               PKCS7_content_free;
+               ERR_load_PKCS7_strings;
+               X509_find_by_issuer_and_serial;
+               X509_find_by_subject;
+               PKCS7_ctrl;
+               PKCS7_set_type;
+               PKCS7_set_content;
+               PKCS7_SIGNER_INFO_set;
+               PKCS7_add_signer;
+               PKCS7_add_certificate;
+               PKCS7_add_crl;
+               PKCS7_content_new;
+               PKCS7_dataSign;
+               PKCS7_dataVerify;
+               PKCS7_dataInit;
+               PKCS7_add_signature;
+               PKCS7_cert_from_signer_info;
+               PKCS7_get_signer_info;
+               EVP_delete_alias;
+               EVP_mdc2;
+               PEM_read_bio_RSAPublicKey;
+               PEM_write_bio_RSAPublicKey;
+               d2i_RSAPublicKey_bio;
+               i2d_RSAPublicKey_bio;
+               PEM_read_RSAPublicKey;
+               PEM_write_RSAPublicKey;
+               d2i_RSAPublicKey_fp;
+               i2d_RSAPublicKey_fp;
+               BIO_copy_next_retry;
+               RSA_flags;
+               X509_STORE_add_crl;
+               X509_load_crl_file;
+               EVP_rc2_40_cbc;
+               EVP_rc4_40;
+               EVP_CIPHER_CTX_init;
+               HMAC;
+               HMAC_Init;
+               HMAC_Update;
+               HMAC_Final;
+               ERR_get_next_error_library;
+               EVP_PKEY_cmp_parameters;
+               HMAC_cleanup;
+               BIO_ptr_ctrl;
+               BIO_new_file_internal;
+               BIO_new_fp_internal;
+               BIO_s_file_internal;
+               BN_BLINDING_convert;
+               BN_BLINDING_invert;
+               BN_BLINDING_update;
+               RSA_blinding_on;
+               RSA_blinding_off;
+               i2t_ASN1_OBJECT;
+               BN_BLINDING_new;
+               BN_BLINDING_free;
+               EVP_cast5_cbc;
+               EVP_cast5_cfb64;
+               EVP_cast5_ecb;
+               EVP_cast5_ofb;
+               BF_decrypt;
+               CAST_set_key;
+               CAST_encrypt;
+               CAST_decrypt;
+               CAST_ecb_encrypt;
+               CAST_cbc_encrypt;
+               CAST_cfb64_encrypt;
+               CAST_ofb64_encrypt;
+               RC2_decrypt;
+               OBJ_create_objects;
+               BN_exp;
+               BN_mul_word;
+               BN_sub_word;
+               BN_dec2bn;
+               BN_bn2dec;
+               BIO_ghbn_ctrl;
+               CRYPTO_free_ex_data;
+               CRYPTO_get_ex_data;
+               CRYPTO_set_ex_data;
+               ERR_load_CRYPTO_strings;
+               ERR_load_CRYPTOlib_strings;
+               EVP_PKEY_bits;
+               MD5_Transform;
+               SHA1_Transform;
+               SHA_Transform;
+               X509_STORE_CTX_get_chain;
+               X509_STORE_CTX_get_current_cert;
+               X509_STORE_CTX_get_error;
+               X509_STORE_CTX_get_error_depth;
+               X509_STORE_CTX_get_ex_data;
+               X509_STORE_CTX_set_cert;
+               X509_STORE_CTX_set_chain;
+               X509_STORE_CTX_set_error;
+               X509_STORE_CTX_set_ex_data;
+               CRYPTO_dup_ex_data;
+               CRYPTO_get_new_lockid;
+               CRYPTO_new_ex_data;
+               RSA_set_ex_data;
+               RSA_get_ex_data;
+               RSA_get_ex_new_index;
+               RSA_padding_add_PKCS1_type_1;
+               RSA_padding_add_PKCS1_type_2;
+               RSA_padding_add_SSLv23;
+               RSA_padding_add_none;
+               RSA_padding_check_PKCS1_type_1;
+               RSA_padding_check_PKCS1_type_2;
+               RSA_padding_check_SSLv23;
+               RSA_padding_check_none;
+               bn_add_words;
+               d2i_Netscape_RSA_2;
+               CRYPTO_get_ex_new_index;
+               RIPEMD160_Init;
+               RIPEMD160_Update;
+               RIPEMD160_Final;
+               RIPEMD160;
+               RIPEMD160_Transform;
+               RC5_32_set_key;
+               RC5_32_ecb_encrypt;
+               RC5_32_encrypt;
+               RC5_32_decrypt;
+               RC5_32_cbc_encrypt;
+               RC5_32_cfb64_encrypt;
+               RC5_32_ofb64_encrypt;
+               BN_bn2mpi;
+               BN_mpi2bn;
+               ASN1_BIT_STRING_get_bit;
+               ASN1_BIT_STRING_set_bit;
+               BIO_get_ex_data;
+               BIO_get_ex_new_index;
+               BIO_set_ex_data;
+               X509v3_get_key_usage;
+               X509v3_set_key_usage;
+               a2i_X509v3_key_usage;
+               i2a_X509v3_key_usage;
+               EVP_PKEY_decrypt;
+               EVP_PKEY_encrypt;
+               PKCS7_RECIP_INFO_set;
+               PKCS7_add_recipient;
+               PKCS7_add_recipient_info;
+               PKCS7_set_cipher;
+               ASN1_TYPE_get_int_octetstring;
+               ASN1_TYPE_get_octetstring;
+               ASN1_TYPE_set_int_octetstring;
+               ASN1_TYPE_set_octetstring;
+               ASN1_UTCTIME_set_string;
+               ERR_add_error_data;
+               ERR_set_error_data;
+               EVP_CIPHER_asn1_to_param;
+               EVP_CIPHER_param_to_asn1;
+               EVP_CIPHER_get_asn1_iv;
+               EVP_CIPHER_set_asn1_iv;
+               EVP_rc5_32_12_16_cbc;
+               EVP_rc5_32_12_16_cfb64;
+               EVP_rc5_32_12_16_ecb;
+               EVP_rc5_32_12_16_ofb;
+               asn1_add_error;
+               d2i_ASN1_BMPSTRING;
+               i2d_ASN1_BMPSTRING;
+               BIO_f_ber;
+               BN_init;
+               COMP_CTX_new;
+               COMP_CTX_free;
+               COMP_CTX_compress_block;
+               COMP_CTX_expand_block;
+               X509_STORE_CTX_get_ex_new_index;
+               OBJ_NAME_add;
+               BIO_socket_nbio;
+               EVP_rc2_64_cbc;
+               OBJ_NAME_cleanup;
+               OBJ_NAME_get;
+               OBJ_NAME_init;
+               OBJ_NAME_new_index;
+               OBJ_NAME_remove;
+               BN_MONT_CTX_copy;
+               BIO_new_socks4a_connect;
+               BIO_s_socks4a_connect;
+               PROXY_set_connect_mode;
+               RAND_SSLeay;
+               RAND_set_rand_method;
+               RSA_memory_lock;
+               bn_sub_words;
+               bn_mul_normal;
+               bn_mul_comba8;
+               bn_mul_comba4;
+               bn_sqr_normal;
+               bn_sqr_comba8;
+               bn_sqr_comba4;
+               bn_cmp_words;
+               bn_mul_recursive;
+               bn_mul_part_recursive;
+               bn_sqr_recursive;
+               bn_mul_low_normal;
+               BN_RECP_CTX_init;
+               BN_RECP_CTX_new;
+               BN_RECP_CTX_free;
+               BN_RECP_CTX_set;
+               BN_mod_mul_reciprocal;
+               BN_mod_exp_recp;
+               BN_div_recp;
+               BN_CTX_init;
+               BN_MONT_CTX_init;
+               RAND_get_rand_method;
+               PKCS7_add_attribute;
+               PKCS7_add_signed_attribute;
+               PKCS7_digest_from_attributes;
+               PKCS7_get_attribute;
+               PKCS7_get_issuer_and_serial;
+               PKCS7_get_signed_attribute;
+               COMP_compress_block;
+               COMP_expand_block;
+               COMP_rle;
+               COMP_zlib;
+               ms_time_diff;
+               ms_time_new;
+               ms_time_free;
+               ms_time_cmp;
+               ms_time_get;
+               PKCS7_set_attributes;
+               PKCS7_set_signed_attributes;
+               X509_ATTRIBUTE_create;
+               X509_ATTRIBUTE_dup;
+               ASN1_GENERALIZEDTIME_check;
+               ASN1_GENERALIZEDTIME_print;
+               ASN1_GENERALIZEDTIME_set;
+               ASN1_GENERALIZEDTIME_set_string;
+               ASN1_TIME_print;
+               BASIC_CONSTRAINTS_free;
+               BASIC_CONSTRAINTS_new;
+               ERR_load_X509V3_strings;
+               NETSCAPE_CERT_SEQUENCE_free;
+               NETSCAPE_CERT_SEQUENCE_new;
+               OBJ_txt2obj;
+               PEM_read_NETSCAPE_CERT_SEQUENCE;
+               PEM_read_NS_CERT_SEQ;
+               PEM_read_bio_NETSCAPE_CERT_SEQUENCE;
+               PEM_read_bio_NS_CERT_SEQ;
+               PEM_write_NETSCAPE_CERT_SEQUENCE;
+               PEM_write_NS_CERT_SEQ;
+               PEM_write_bio_NETSCAPE_CERT_SEQUENCE;
+               PEM_write_bio_NS_CERT_SEQ;
+               X509V3_EXT_add;
+               X509V3_EXT_add_alias;
+               X509V3_EXT_add_conf;
+               X509V3_EXT_cleanup;
+               X509V3_EXT_conf;
+               X509V3_EXT_conf_nid;
+               X509V3_EXT_get;
+               X509V3_EXT_get_nid;
+               X509V3_EXT_print;
+               X509V3_EXT_print_fp;
+               X509V3_add_standard_extensions;
+               X509V3_add_value;
+               X509V3_add_value_bool;
+               X509V3_add_value_int;
+               X509V3_conf_free;
+               X509V3_get_value_bool;
+               X509V3_get_value_int;
+               X509V3_parse_list;
+               d2i_ASN1_GENERALIZEDTIME;
+               d2i_ASN1_TIME;
+               d2i_BASIC_CONSTRAINTS;
+               d2i_NETSCAPE_CERT_SEQUENCE;
+               d2i_ext_ku;
+               ext_ku_free;
+               ext_ku_new;
+               i2d_ASN1_GENERALIZEDTIME;
+               i2d_ASN1_TIME;
+               i2d_BASIC_CONSTRAINTS;
+               i2d_NETSCAPE_CERT_SEQUENCE;
+               i2d_ext_ku;
+               EVP_MD_CTX_copy;
+               i2d_ASN1_ENUMERATED;
+               d2i_ASN1_ENUMERATED;
+               ASN1_ENUMERATED_set;
+               ASN1_ENUMERATED_get;
+               BN_to_ASN1_ENUMERATED;
+               ASN1_ENUMERATED_to_BN;
+               i2a_ASN1_ENUMERATED;
+               a2i_ASN1_ENUMERATED;
+               i2d_GENERAL_NAME;
+               d2i_GENERAL_NAME;
+               GENERAL_NAME_new;
+               GENERAL_NAME_free;
+               GENERAL_NAMES_new;
+               GENERAL_NAMES_free;
+               d2i_GENERAL_NAMES;
+               i2d_GENERAL_NAMES;
+               i2v_GENERAL_NAMES;
+               i2s_ASN1_OCTET_STRING;
+               s2i_ASN1_OCTET_STRING;
+               X509V3_EXT_check_conf;
+               hex_to_string;
+               string_to_hex;
+               DES_ede3_cbcm_encrypt;
+               RSA_padding_add_PKCS1_OAEP;
+               RSA_padding_check_PKCS1_OAEP;
+               X509_CRL_print_fp;
+               X509_CRL_print;
+               i2v_GENERAL_NAME;
+               v2i_GENERAL_NAME;
+               i2d_PKEY_USAGE_PERIOD;
+               d2i_PKEY_USAGE_PERIOD;
+               PKEY_USAGE_PERIOD_new;
+               PKEY_USAGE_PERIOD_free;
+               v2i_GENERAL_NAMES;
+               i2s_ASN1_INTEGER;
+               X509V3_EXT_d2i;
+               name_cmp;
+               str_dup;
+               i2s_ASN1_ENUMERATED;
+               i2s_ASN1_ENUMERATED_TABLE;
+               BIO_s_log;
+               BIO_f_reliable;
+               PKCS7_dataFinal;
+               PKCS7_dataDecode;
+               X509V3_EXT_CRL_add_conf;
+               BN_set_params;
+               BN_get_params;
+               BIO_get_ex_num;
+               BIO_set_ex_free_func;
+               EVP_ripemd160;
+               ASN1_TIME_set;
+               i2d_AUTHORITY_KEYID;
+               d2i_AUTHORITY_KEYID;
+               AUTHORITY_KEYID_new;
+               AUTHORITY_KEYID_free;
+               ASN1_seq_unpack;
+               ASN1_seq_pack;
+               ASN1_unpack_string;
+               ASN1_pack_string;
+               PKCS12_pack_safebag;
+               PKCS12_MAKE_KEYBAG;
+               PKCS8_encrypt;
+               PKCS12_MAKE_SHKEYBAG;
+               PKCS12_pack_p7data;
+               PKCS12_pack_p7encdata;
+               PKCS12_add_localkeyid;
+               PKCS12_add_friendlyname_asc;
+               PKCS12_add_friendlyname_uni;
+               PKCS12_get_friendlyname;
+               PKCS12_pbe_crypt;
+               PKCS12_decrypt_d2i;
+               PKCS12_i2d_encrypt;
+               PKCS12_init;
+               PKCS12_key_gen_asc;
+               PKCS12_key_gen_uni;
+               PKCS12_gen_mac;
+               PKCS12_verify_mac;
+               PKCS12_set_mac;
+               PKCS12_setup_mac;
+               OPENSSL_asc2uni;
+               OPENSSL_uni2asc;
+               i2d_PKCS12_BAGS;
+               PKCS12_BAGS_new;
+               d2i_PKCS12_BAGS;
+               PKCS12_BAGS_free;
+               i2d_PKCS12;
+               d2i_PKCS12;
+               PKCS12_new;
+               PKCS12_free;
+               i2d_PKCS12_MAC_DATA;
+               PKCS12_MAC_DATA_new;
+               d2i_PKCS12_MAC_DATA;
+               PKCS12_MAC_DATA_free;
+               i2d_PKCS12_SAFEBAG;
+               PKCS12_SAFEBAG_new;
+               d2i_PKCS12_SAFEBAG;
+               PKCS12_SAFEBAG_free;
+               ERR_load_PKCS12_strings;
+               PKCS12_PBE_add;
+               PKCS8_add_keyusage;
+               PKCS12_get_attr_gen;
+               PKCS12_parse;
+               PKCS12_create;
+               i2d_PKCS12_bio;
+               i2d_PKCS12_fp;
+               d2i_PKCS12_bio;
+               d2i_PKCS12_fp;
+               i2d_PBEPARAM;
+               PBEPARAM_new;
+               d2i_PBEPARAM;
+               PBEPARAM_free;
+               i2d_PKCS8_PRIV_KEY_INFO;
+               PKCS8_PRIV_KEY_INFO_new;
+               d2i_PKCS8_PRIV_KEY_INFO;
+               PKCS8_PRIV_KEY_INFO_free;
+               EVP_PKCS82PKEY;
+               EVP_PKEY2PKCS8;
+               PKCS8_set_broken;
+               EVP_PBE_ALGOR_CipherInit;
+               EVP_PBE_alg_add;
+               PKCS5_pbe_set;
+               EVP_PBE_cleanup;
+               i2d_SXNET;
+               d2i_SXNET;
+               SXNET_new;
+               SXNET_free;
+               i2d_SXNETID;
+               d2i_SXNETID;
+               SXNETID_new;
+               SXNETID_free;
+               DSA_SIG_new;
+               DSA_SIG_free;
+               DSA_do_sign;
+               DSA_do_verify;
+               d2i_DSA_SIG;
+               i2d_DSA_SIG;
+               i2d_ASN1_VISIBLESTRING;
+               d2i_ASN1_VISIBLESTRING;
+               i2d_ASN1_UTF8STRING;
+               d2i_ASN1_UTF8STRING;
+               i2d_DIRECTORYSTRING;
+               d2i_DIRECTORYSTRING;
+               i2d_DISPLAYTEXT;
+               d2i_DISPLAYTEXT;
+               d2i_ASN1_SET_OF_X509;
+               i2d_ASN1_SET_OF_X509;
+               i2d_PBKDF2PARAM;
+               PBKDF2PARAM_new;
+               d2i_PBKDF2PARAM;
+               PBKDF2PARAM_free;
+               i2d_PBE2PARAM;
+               PBE2PARAM_new;
+               d2i_PBE2PARAM;
+               PBE2PARAM_free;
+               d2i_ASN1_SET_OF_GENERAL_NAME;
+               i2d_ASN1_SET_OF_GENERAL_NAME;
+               d2i_ASN1_SET_OF_SXNETID;
+               i2d_ASN1_SET_OF_SXNETID;
+               d2i_ASN1_SET_OF_POLICYQUALINFO;
+               i2d_ASN1_SET_OF_POLICYQUALINFO;
+               d2i_ASN1_SET_OF_POLICYINFO;
+               i2d_ASN1_SET_OF_POLICYINFO;
+               SXNET_add_id_asc;
+               SXNET_add_id_ulong;
+               SXNET_add_id_INTEGER;
+               SXNET_get_id_asc;
+               SXNET_get_id_ulong;
+               SXNET_get_id_INTEGER;
+               X509V3_set_conf_lhash;
+               i2d_CERTIFICATEPOLICIES;
+               CERTIFICATEPOLICIES_new;
+               CERTIFICATEPOLICIES_free;
+               d2i_CERTIFICATEPOLICIES;
+               i2d_POLICYINFO;
+               POLICYINFO_new;
+               d2i_POLICYINFO;
+               POLICYINFO_free;
+               i2d_POLICYQUALINFO;
+               POLICYQUALINFO_new;
+               d2i_POLICYQUALINFO;
+               POLICYQUALINFO_free;
+               i2d_USERNOTICE;
+               USERNOTICE_new;
+               d2i_USERNOTICE;
+               USERNOTICE_free;
+               i2d_NOTICEREF;
+               NOTICEREF_new;
+               d2i_NOTICEREF;
+               NOTICEREF_free;
+               X509V3_get_string;
+               X509V3_get_section;
+               X509V3_string_free;
+               X509V3_section_free;
+               X509V3_set_ctx;
+               s2i_ASN1_INTEGER;
+               CRYPTO_set_locked_mem_functions;
+               CRYPTO_get_locked_mem_functions;
+               CRYPTO_malloc_locked;
+               CRYPTO_free_locked;
+               BN_mod_exp2_mont;
+               ERR_get_error_line_data;
+               ERR_peek_error_line_data;
+               PKCS12_PBE_keyivgen;
+               X509_ALGOR_dup;
+               d2i_ASN1_SET_OF_DIST_POINT;
+               i2d_ASN1_SET_OF_DIST_POINT;
+               i2d_CRL_DIST_POINTS;
+               CRL_DIST_POINTS_new;
+               CRL_DIST_POINTS_free;
+               d2i_CRL_DIST_POINTS;
+               i2d_DIST_POINT;
+               DIST_POINT_new;
+               d2i_DIST_POINT;
+               DIST_POINT_free;
+               i2d_DIST_POINT_NAME;
+               DIST_POINT_NAME_new;
+               DIST_POINT_NAME_free;
+               d2i_DIST_POINT_NAME;
+               X509V3_add_value_uchar;
+               d2i_ASN1_SET_OF_X509_ATTRIBUTE;
+               i2d_ASN1_SET_OF_ASN1_TYPE;
+               d2i_ASN1_SET_OF_X509_EXTENSION;
+               d2i_ASN1_SET_OF_X509_NAME_ENTRY;
+               d2i_ASN1_SET_OF_ASN1_TYPE;
+               i2d_ASN1_SET_OF_X509_ATTRIBUTE;
+               i2d_ASN1_SET_OF_X509_EXTENSION;
+               i2d_ASN1_SET_OF_X509_NAME_ENTRY;
+               X509V3_EXT_i2d;
+               X509V3_EXT_val_prn;
+               X509V3_EXT_add_list;
+               EVP_CIPHER_type;
+               EVP_PBE_CipherInit;
+               X509V3_add_value_bool_nf;
+               d2i_ASN1_UINTEGER;
+               sk_value;
+               sk_num;
+               sk_set;
+               i2d_ASN1_SET_OF_X509_REVOKED;
+               sk_sort;
+               d2i_ASN1_SET_OF_X509_REVOKED;
+               i2d_ASN1_SET_OF_X509_ALGOR;
+               i2d_ASN1_SET_OF_X509_CRL;
+               d2i_ASN1_SET_OF_X509_ALGOR;
+               d2i_ASN1_SET_OF_X509_CRL;
+               i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO;
+               i2d_ASN1_SET_OF_PKCS7_RECIP_INFO;
+               d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO;
+               d2i_ASN1_SET_OF_PKCS7_RECIP_INFO;
+               PKCS5_PBE_add;
+               PEM_write_bio_PKCS8;
+               i2d_PKCS8_fp;
+               PEM_read_bio_PKCS8_PRIV_KEY_INFO;
+               PEM_read_bio_P8_PRIV_KEY_INFO;
+               d2i_PKCS8_bio;
+               d2i_PKCS8_PRIV_KEY_INFO_fp;
+               PEM_write_bio_PKCS8_PRIV_KEY_INFO;
+               PEM_write_bio_P8_PRIV_KEY_INFO;
+               PEM_read_PKCS8;
+               d2i_PKCS8_PRIV_KEY_INFO_bio;
+               d2i_PKCS8_fp;
+               PEM_write_PKCS8;
+               PEM_read_PKCS8_PRIV_KEY_INFO;
+               PEM_read_P8_PRIV_KEY_INFO;
+               PEM_read_bio_PKCS8;
+               PEM_write_PKCS8_PRIV_KEY_INFO;
+               PEM_write_P8_PRIV_KEY_INFO;
+               PKCS5_PBE_keyivgen;
+               i2d_PKCS8_bio;
+               i2d_PKCS8_PRIV_KEY_INFO_fp;
+               i2d_PKCS8_PRIV_KEY_INFO_bio;
+               BIO_s_bio;
+               PKCS5_pbe2_set;
+               PKCS5_PBKDF2_HMAC_SHA1;
+               PKCS5_v2_PBE_keyivgen;
+               PEM_write_bio_PKCS8PrivateKey;
+               PEM_write_PKCS8PrivateKey;
+               BIO_ctrl_get_read_request;
+               BIO_ctrl_pending;
+               BIO_ctrl_wpending;
+               BIO_new_bio_pair;
+               BIO_ctrl_get_write_guarantee;
+               CRYPTO_num_locks;
+               CONF_load_bio;
+               CONF_load_fp;
+               i2d_ASN1_SET_OF_ASN1_OBJECT;
+               d2i_ASN1_SET_OF_ASN1_OBJECT;
+               PKCS7_signatureVerify;
+               RSA_set_method;
+               RSA_get_method;
+               RSA_get_default_method;
+               RSA_check_key;
+               OBJ_obj2txt;
+               DSA_dup_DH;
+               X509_REQ_get_extensions;
+               X509_REQ_set_extension_nids;
+               BIO_nwrite;
+               X509_REQ_extension_nid;
+               BIO_nread;
+               X509_REQ_get_extension_nids;
+               BIO_nwrite0;
+               X509_REQ_add_extensions_nid;
+               BIO_nread0;
+               X509_REQ_add_extensions;
+               BIO_new_mem_buf;
+               DH_set_ex_data;
+               DH_set_method;
+               DSA_OpenSSL;
+               DH_get_ex_data;
+               DH_get_ex_new_index;
+               DSA_new_method;
+               DH_new_method;
+               DH_OpenSSL;
+               DSA_get_ex_new_index;
+               DH_get_default_method;
+               DSA_set_ex_data;
+               DH_set_default_method;
+               DSA_get_ex_data;
+               X509V3_EXT_REQ_add_conf;
+               NETSCAPE_SPKI_print;
+               NETSCAPE_SPKI_set_pubkey;
+               NETSCAPE_SPKI_b64_encode;
+               NETSCAPE_SPKI_get_pubkey;
+               NETSCAPE_SPKI_b64_decode;
+               UTF8_putc;
+               UTF8_getc;
+               RSA_null_method;
+               ASN1_tag2str;
+               BIO_ctrl_reset_read_request;
+               DISPLAYTEXT_new;
+               ASN1_GENERALIZEDTIME_free;
+               X509_REVOKED_get_ext_d2i;
+               X509_set_ex_data;
+               X509_reject_set_bit_asc;
+               X509_NAME_add_entry_by_txt;
+               X509_NAME_add_entry_by_NID;
+               X509_PURPOSE_get0;
+               PEM_read_X509_AUX;
+               d2i_AUTHORITY_INFO_ACCESS;
+               PEM_write_PUBKEY;
+               ACCESS_DESCRIPTION_new;
+               X509_CERT_AUX_free;
+               d2i_ACCESS_DESCRIPTION;
+               X509_trust_clear;
+               X509_TRUST_add;
+               ASN1_VISIBLESTRING_new;
+               X509_alias_set1;
+               ASN1_PRINTABLESTRING_free;
+               EVP_PKEY_get1_DSA;
+               ASN1_BMPSTRING_new;
+               ASN1_mbstring_copy;
+               ASN1_UTF8STRING_new;
+               DSA_get_default_method;
+               i2d_ASN1_SET_OF_ACCESS_DESCRIPTION;
+               ASN1_T61STRING_free;
+               DSA_set_method;
+               X509_get_ex_data;
+               ASN1_STRING_type;
+               X509_PURPOSE_get_by_sname;
+               ASN1_TIME_free;
+               ASN1_OCTET_STRING_cmp;
+               ASN1_BIT_STRING_new;
+               X509_get_ext_d2i;
+               PEM_read_bio_X509_AUX;
+               ASN1_STRING_set_default_mask_asc;
+               ASN1_STRING_set_def_mask_asc;
+               PEM_write_bio_RSA_PUBKEY;
+               ASN1_INTEGER_cmp;
+               d2i_RSA_PUBKEY_fp;
+               X509_trust_set_bit_asc;
+               PEM_write_bio_DSA_PUBKEY;
+               X509_STORE_CTX_free;
+               EVP_PKEY_set1_DSA;
+               i2d_DSA_PUBKEY_fp;
+               X509_load_cert_crl_file;
+               ASN1_TIME_new;
+               i2d_RSA_PUBKEY;
+               X509_STORE_CTX_purpose_inherit;
+               PEM_read_RSA_PUBKEY;
+               d2i_X509_AUX;
+               i2d_DSA_PUBKEY;
+               X509_CERT_AUX_print;
+               PEM_read_DSA_PUBKEY;
+               i2d_RSA_PUBKEY_bio;
+               ASN1_BIT_STRING_num_asc;
+               i2d_PUBKEY;
+               ASN1_UTCTIME_free;
+               DSA_set_default_method;
+               X509_PURPOSE_get_by_id;
+               ACCESS_DESCRIPTION_free;
+               PEM_read_bio_PUBKEY;
+               ASN1_STRING_set_by_NID;
+               X509_PURPOSE_get_id;
+               DISPLAYTEXT_free;
+               OTHERNAME_new;
+               X509_CERT_AUX_new;
+               X509_TRUST_cleanup;
+               X509_NAME_add_entry_by_OBJ;
+               X509_CRL_get_ext_d2i;
+               X509_PURPOSE_get0_name;
+               PEM_read_PUBKEY;
+               i2d_DSA_PUBKEY_bio;
+               i2d_OTHERNAME;
+               ASN1_OCTET_STRING_free;
+               ASN1_BIT_STRING_set_asc;
+               X509_get_ex_new_index;
+               ASN1_STRING_TABLE_cleanup;
+               X509_TRUST_get_by_id;
+               X509_PURPOSE_get_trust;
+               ASN1_STRING_length;
+               d2i_ASN1_SET_OF_ACCESS_DESCRIPTION;
+               ASN1_PRINTABLESTRING_new;
+               X509V3_get_d2i;
+               ASN1_ENUMERATED_free;
+               i2d_X509_CERT_AUX;
+               X509_STORE_CTX_set_trust;
+               ASN1_STRING_set_default_mask;
+               X509_STORE_CTX_new;
+               EVP_PKEY_get1_RSA;
+               DIRECTORYSTRING_free;
+               PEM_write_X509_AUX;
+               ASN1_OCTET_STRING_set;
+               d2i_DSA_PUBKEY_fp;
+               d2i_RSA_PUBKEY;
+               X509_TRUST_get0_name;
+               X509_TRUST_get0;
+               AUTHORITY_INFO_ACCESS_free;
+               ASN1_IA5STRING_new;
+               d2i_DSA_PUBKEY;
+               X509_check_purpose;
+               ASN1_ENUMERATED_new;
+               d2i_RSA_PUBKEY_bio;
+               d2i_PUBKEY;
+               X509_TRUST_get_trust;
+               X509_TRUST_get_flags;
+               ASN1_BMPSTRING_free;
+               ASN1_T61STRING_new;
+               ASN1_UTCTIME_new;
+               i2d_AUTHORITY_INFO_ACCESS;
+               EVP_PKEY_set1_RSA;
+               X509_STORE_CTX_set_purpose;
+               ASN1_IA5STRING_free;
+               PEM_write_bio_X509_AUX;
+               X509_PURPOSE_get_count;
+               CRYPTO_add_info;
+               X509_NAME_ENTRY_create_by_txt;
+               ASN1_STRING_get_default_mask;
+               X509_alias_get0;
+               ASN1_STRING_data;
+               i2d_ACCESS_DESCRIPTION;
+               X509_trust_set_bit;
+               ASN1_BIT_STRING_free;
+               PEM_read_bio_RSA_PUBKEY;
+               X509_add1_reject_object;
+               X509_check_trust;
+               PEM_read_bio_DSA_PUBKEY;
+               X509_PURPOSE_add;
+               ASN1_STRING_TABLE_get;
+               ASN1_UTF8STRING_free;
+               d2i_DSA_PUBKEY_bio;
+               PEM_write_RSA_PUBKEY;
+               d2i_OTHERNAME;
+               X509_reject_set_bit;
+               PEM_write_DSA_PUBKEY;
+               X509_PURPOSE_get0_sname;
+               EVP_PKEY_set1_DH;
+               ASN1_OCTET_STRING_dup;
+               ASN1_BIT_STRING_set;
+               X509_TRUST_get_count;
+               ASN1_INTEGER_free;
+               OTHERNAME_free;
+               i2d_RSA_PUBKEY_fp;
+               ASN1_INTEGER_dup;
+               d2i_X509_CERT_AUX;
+               PEM_write_bio_PUBKEY;
+               ASN1_VISIBLESTRING_free;
+               X509_PURPOSE_cleanup;
+               ASN1_mbstring_ncopy;
+               ASN1_GENERALIZEDTIME_new;
+               EVP_PKEY_get1_DH;
+               ASN1_OCTET_STRING_new;
+               ASN1_INTEGER_new;
+               i2d_X509_AUX;
+               ASN1_BIT_STRING_name_print;
+               X509_cmp;
+               ASN1_STRING_length_set;
+               DIRECTORYSTRING_new;
+               X509_add1_trust_object;
+               PKCS12_newpass;
+               SMIME_write_PKCS7;
+               SMIME_read_PKCS7;
+               DES_set_key_checked;
+               PKCS7_verify;
+               PKCS7_encrypt;
+               DES_set_key_unchecked;
+               SMIME_crlf_copy;
+               i2d_ASN1_PRINTABLESTRING;
+               PKCS7_get0_signers;
+               PKCS7_decrypt;
+               SMIME_text;
+               PKCS7_simple_smimecap;
+               PKCS7_get_smimecap;
+               PKCS7_sign;
+               PKCS7_add_attrib_smimecap;
+               CRYPTO_dbg_set_options;
+               CRYPTO_remove_all_info;
+               CRYPTO_get_mem_debug_functions;
+               CRYPTO_is_mem_check_on;
+               CRYPTO_set_mem_debug_functions;
+               CRYPTO_pop_info;
+               CRYPTO_push_info_;
+               CRYPTO_set_mem_debug_options;
+               PEM_write_PKCS8PrivateKey_nid;
+               PEM_write_bio_PKCS8PrivateKey_nid;
+               PEM_write_bio_PKCS8PrivKey_nid;
+               d2i_PKCS8PrivateKey_bio;
+               ASN1_NULL_free;
+               d2i_ASN1_NULL;
+               ASN1_NULL_new;
+               i2d_PKCS8PrivateKey_bio;
+               i2d_PKCS8PrivateKey_fp;
+               i2d_ASN1_NULL;
+               i2d_PKCS8PrivateKey_nid_fp;
+               d2i_PKCS8PrivateKey_fp;
+               i2d_PKCS8PrivateKey_nid_bio;
+               i2d_PKCS8PrivateKeyInfo_fp;
+               i2d_PKCS8PrivateKeyInfo_bio;
+               PEM_cb;
+               i2d_PrivateKey_fp;
+               d2i_PrivateKey_bio;
+               d2i_PrivateKey_fp;
+               i2d_PrivateKey_bio;
+               X509_reject_clear;
+               X509_TRUST_set_default;
+               d2i_AutoPrivateKey;
+               X509_ATTRIBUTE_get0_type;
+               X509_ATTRIBUTE_set1_data;
+               X509at_get_attr;
+               X509at_get_attr_count;
+               X509_ATTRIBUTE_create_by_NID;
+               X509_ATTRIBUTE_set1_object;
+               X509_ATTRIBUTE_count;
+               X509_ATTRIBUTE_create_by_OBJ;
+               X509_ATTRIBUTE_get0_object;
+               X509at_get_attr_by_NID;
+               X509at_add1_attr;
+               X509_ATTRIBUTE_get0_data;
+               X509at_delete_attr;
+               X509at_get_attr_by_OBJ;
+               RAND_add;
+               BIO_number_written;
+               BIO_number_read;
+               X509_STORE_CTX_get1_chain;
+               ERR_load_RAND_strings;
+               RAND_pseudo_bytes;
+               X509_REQ_get_attr_by_NID;
+               X509_REQ_get_attr;
+               X509_REQ_add1_attr_by_NID;
+               X509_REQ_get_attr_by_OBJ;
+               X509at_add1_attr_by_NID;
+               X509_REQ_add1_attr_by_OBJ;
+               X509_REQ_get_attr_count;
+               X509_REQ_add1_attr;
+               X509_REQ_delete_attr;
+               X509at_add1_attr_by_OBJ;
+               X509_REQ_add1_attr_by_txt;
+               X509_ATTRIBUTE_create_by_txt;
+               X509at_add1_attr_by_txt;
+               BN_pseudo_rand;
+               BN_is_prime_fasttest;
+               BN_CTX_end;
+               BN_CTX_start;
+               BN_CTX_get;
+               EVP_PKEY2PKCS8_broken;
+               ASN1_STRING_TABLE_add;
+               CRYPTO_dbg_get_options;
+               AUTHORITY_INFO_ACCESS_new;
+               CRYPTO_get_mem_debug_options;
+               DES_crypt;
+               PEM_write_bio_X509_REQ_NEW;
+               PEM_write_X509_REQ_NEW;
+               BIO_callback_ctrl;
+               RAND_egd;
+               RAND_status;
+               bn_dump1;
+               DES_check_key_parity;
+               lh_num_items;
+               RAND_event;
+               DSO_new;
+               DSO_new_method;
+               DSO_free;
+               DSO_flags;
+               DSO_up;
+               DSO_set_default_method;
+               DSO_get_default_method;
+               DSO_get_method;
+               DSO_set_method;
+               DSO_load;
+               DSO_bind_var;
+               DSO_METHOD_null;
+               DSO_METHOD_openssl;
+               DSO_METHOD_dlfcn;
+               DSO_METHOD_win32;
+               ERR_load_DSO_strings;
+               DSO_METHOD_dl;
+               NCONF_load;
+               NCONF_load_fp;
+               NCONF_new;
+               NCONF_get_string;
+               NCONF_free;
+               NCONF_get_number;
+               CONF_dump_fp;
+               NCONF_load_bio;
+               NCONF_dump_fp;
+               NCONF_get_section;
+               NCONF_dump_bio;
+               CONF_dump_bio;
+               NCONF_free_data;
+               CONF_set_default_method;
+               ERR_error_string_n;
+               BIO_snprintf;
+               DSO_ctrl;
+               i2d_ASN1_SET_OF_ASN1_INTEGER;
+               i2d_ASN1_SET_OF_PKCS12_SAFEBAG;
+               i2d_ASN1_SET_OF_PKCS7;
+               BIO_vfree;
+               d2i_ASN1_SET_OF_ASN1_INTEGER;
+               d2i_ASN1_SET_OF_PKCS12_SAFEBAG;
+               ASN1_UTCTIME_get;
+               X509_REQ_digest;
+               X509_CRL_digest;
+               d2i_ASN1_SET_OF_PKCS7;
+               EVP_CIPHER_CTX_set_key_length;
+               EVP_CIPHER_CTX_ctrl;
+               BN_mod_exp_mont_word;
+               RAND_egd_bytes;
+               X509_REQ_get1_email;
+               X509_get1_email;
+               X509_email_free;
+               i2d_RSA_NET;
+               d2i_RSA_NET_2;
+               d2i_RSA_NET;
+               DSO_bind_func;
+               CRYPTO_get_new_dynlockid;
+               sk_new_null;
+               CRYPTO_set_dynlock_destroy_callback;
+               CRYPTO_set_dynlock_destroy_cb;
+               CRYPTO_destroy_dynlockid;
+               CRYPTO_set_dynlock_size;
+               CRYPTO_set_dynlock_create_callback;
+               CRYPTO_set_dynlock_create_cb;
+               CRYPTO_set_dynlock_lock_callback;
+               CRYPTO_set_dynlock_lock_cb;
+               CRYPTO_get_dynlock_lock_callback;
+               CRYPTO_get_dynlock_lock_cb;
+               CRYPTO_get_dynlock_destroy_callback;
+               CRYPTO_get_dynlock_destroy_cb;
+               CRYPTO_get_dynlock_value;
+               CRYPTO_get_dynlock_create_callback;
+               CRYPTO_get_dynlock_create_cb;
+               c2i_ASN1_BIT_STRING;
+               i2c_ASN1_BIT_STRING;
+               RAND_poll;
+               c2i_ASN1_INTEGER;
+               i2c_ASN1_INTEGER;
+               BIO_dump_indent;
+               ASN1_parse_dump;
+               c2i_ASN1_OBJECT;
+               X509_NAME_print_ex_fp;
+               ASN1_STRING_print_ex_fp;
+               X509_NAME_print_ex;
+               ASN1_STRING_print_ex;
+               MD4;
+               MD4_Transform;
+               MD4_Final;
+               MD4_Update;
+               MD4_Init;
+               EVP_md4;
+               i2d_PUBKEY_bio;
+               i2d_PUBKEY_fp;
+               d2i_PUBKEY_bio;
+               ASN1_STRING_to_UTF8;
+               BIO_vprintf;
+               BIO_vsnprintf;
+               d2i_PUBKEY_fp;
+               X509_cmp_time;
+               X509_STORE_CTX_set_time;
+               X509_STORE_CTX_get1_issuer;
+               X509_OBJECT_retrieve_match;
+               X509_OBJECT_idx_by_subject;
+               X509_STORE_CTX_set_flags;
+               X509_STORE_CTX_trusted_stack;
+               X509_time_adj;
+               X509_check_issued;
+               ASN1_UTCTIME_cmp_time_t;
+               DES_set_weak_key_flag;
+               DES_check_key;
+               DES_rw_mode;
+               RSA_PKCS1_RSAref;
+               X509_keyid_set1;
+               BIO_next;
+               DSO_METHOD_vms;
+               BIO_f_linebuffer;
+               BN_bntest_rand;
+               OPENSSL_issetugid;
+               BN_rand_range;
+               ERR_load_ENGINE_strings;
+               ENGINE_set_DSA;
+               ENGINE_get_finish_function;
+               ENGINE_get_default_RSA;
+               ENGINE_get_BN_mod_exp;
+               DSA_get_default_openssl_method;
+               ENGINE_set_DH;
+               ENGINE_set_def_BN_mod_exp_crt;
+               ENGINE_set_default_BN_mod_exp_crt;
+               ENGINE_init;
+               DH_get_default_openssl_method;
+               RSA_set_default_openssl_method;
+               ENGINE_finish;
+               ENGINE_load_public_key;
+               ENGINE_get_DH;
+               ENGINE_ctrl;
+               ENGINE_get_init_function;
+               ENGINE_set_init_function;
+               ENGINE_set_default_DSA;
+               ENGINE_get_name;
+               ENGINE_get_last;
+               ENGINE_get_prev;
+               ENGINE_get_default_DH;
+               ENGINE_get_RSA;
+               ENGINE_set_default;
+               ENGINE_get_RAND;
+               ENGINE_get_first;
+               ENGINE_by_id;
+               ENGINE_set_finish_function;
+               ENGINE_get_def_BN_mod_exp_crt;
+               ENGINE_get_default_BN_mod_exp_crt;
+               RSA_get_default_openssl_method;
+               ENGINE_set_RSA;
+               ENGINE_load_private_key;
+               ENGINE_set_default_RAND;
+               ENGINE_set_BN_mod_exp;
+               ENGINE_remove;
+               ENGINE_free;
+               ENGINE_get_BN_mod_exp_crt;
+               ENGINE_get_next;
+               ENGINE_set_name;
+               ENGINE_get_default_DSA;
+               ENGINE_set_default_BN_mod_exp;
+               ENGINE_set_default_RSA;
+               ENGINE_get_default_RAND;
+               ENGINE_get_default_BN_mod_exp;
+               ENGINE_set_RAND;
+               ENGINE_set_id;
+               ENGINE_set_BN_mod_exp_crt;
+               ENGINE_set_default_DH;
+               ENGINE_new;
+               ENGINE_get_id;
+               DSA_set_default_openssl_method;
+               ENGINE_add;
+               DH_set_default_openssl_method;
+               ENGINE_get_DSA;
+               ENGINE_get_ctrl_function;
+               ENGINE_set_ctrl_function;
+               BN_pseudo_rand_range;
+               X509_STORE_CTX_set_verify_cb;
+               ERR_load_COMP_strings;
+               PKCS12_item_decrypt_d2i;
+               ASN1_UTF8STRING_it;
+               ENGINE_unregister_ciphers;
+               ENGINE_get_ciphers;
+               d2i_OCSP_BASICRESP;
+               KRB5_CHECKSUM_it;
+               EC_POINT_add;
+               ASN1_item_ex_i2d;
+               OCSP_CERTID_it;
+               d2i_OCSP_RESPBYTES;
+               X509V3_add1_i2d;
+               PKCS7_ENVELOPE_it;
+               UI_add_input_boolean;
+               ENGINE_unregister_RSA;
+               X509V3_EXT_nconf;
+               ASN1_GENERALSTRING_free;
+               d2i_OCSP_CERTSTATUS;
+               X509_REVOKED_set_serialNumber;
+               X509_print_ex;
+               OCSP_ONEREQ_get1_ext_d2i;
+               ENGINE_register_all_RAND;
+               ENGINE_load_dynamic;
+               PBKDF2PARAM_it;
+               EXTENDED_KEY_USAGE_new;
+               EC_GROUP_clear_free;
+               OCSP_sendreq_bio;
+               ASN1_item_digest;
+               OCSP_BASICRESP_delete_ext;
+               OCSP_SIGNATURE_it;
+               X509_CRL_it;
+               OCSP_BASICRESP_add_ext;
+               KRB5_ENCKEY_it;
+               UI_method_set_closer;
+               X509_STORE_set_purpose;
+               i2d_ASN1_GENERALSTRING;
+               OCSP_response_status;
+               i2d_OCSP_SERVICELOC;
+               ENGINE_get_digest_engine;
+               EC_GROUP_set_curve_GFp;
+               OCSP_REQUEST_get_ext_by_OBJ;
+               _ossl_old_des_random_key;
+               ASN1_T61STRING_it;
+               EC_GROUP_method_of;
+               i2d_KRB5_APREQ;
+               _ossl_old_des_encrypt;
+               ASN1_PRINTABLE_new;
+               HMAC_Init_ex;
+               d2i_KRB5_AUTHENT;
+               OCSP_archive_cutoff_new;
+               EC_POINT_set_Jprojective_coordinates_GFp;
+               EC_POINT_set_Jproj_coords_GFp;
+               _ossl_old_des_is_weak_key;
+               OCSP_BASICRESP_get_ext_by_OBJ;
+               EC_POINT_oct2point;
+               OCSP_SINGLERESP_get_ext_count;
+               UI_ctrl;
+               _shadow_DES_rw_mode;
+               asn1_do_adb;
+               ASN1_template_i2d;
+               ENGINE_register_DH;
+               UI_construct_prompt;
+               X509_STORE_set_trust;
+               UI_dup_input_string;
+               d2i_KRB5_APREQ;
+               EVP_MD_CTX_copy_ex;
+               OCSP_request_is_signed;
+               i2d_OCSP_REQINFO;
+               KRB5_ENCKEY_free;
+               OCSP_resp_get0;
+               GENERAL_NAME_it;
+               ASN1_GENERALIZEDTIME_it;
+               X509_STORE_set_flags;
+               EC_POINT_set_compressed_coordinates_GFp;
+               EC_POINT_set_compr_coords_GFp;
+               OCSP_response_status_str;
+               d2i_OCSP_REVOKEDINFO;
+               OCSP_basic_add1_cert;
+               ERR_get_implementation;
+               EVP_CipherFinal_ex;
+               OCSP_CERTSTATUS_new;
+               CRYPTO_cleanup_all_ex_data;
+               OCSP_resp_find;
+               BN_nnmod;
+               X509_CRL_sort;
+               X509_REVOKED_set_revocationDate;
+               ENGINE_register_RAND;
+               OCSP_SERVICELOC_new;
+               EC_POINT_set_affine_coordinates_GFp;
+               EC_POINT_set_affine_coords_GFp;
+               _ossl_old_des_options;
+               SXNET_it;
+               UI_dup_input_boolean;
+               PKCS12_add_CSPName_asc;
+               EC_POINT_is_at_infinity;
+               ENGINE_load_cryptodev;
+               DSO_convert_filename;
+               POLICYQUALINFO_it;
+               ENGINE_register_ciphers;
+               BN_mod_lshift_quick;
+               DSO_set_filename;
+               ASN1_item_free;
+               KRB5_TKTBODY_free;
+               AUTHORITY_KEYID_it;
+               KRB5_APREQBODY_new;
+               X509V3_EXT_REQ_add_nconf;
+               ENGINE_ctrl_cmd_string;
+               i2d_OCSP_RESPDATA;
+               EVP_MD_CTX_init;
+               EXTENDED_KEY_USAGE_free;
+               PKCS7_ATTR_SIGN_it;
+               UI_add_error_string;
+               KRB5_CHECKSUM_free;
+               OCSP_REQUEST_get_ext;
+               ENGINE_load_ubsec;
+               ENGINE_register_all_digests;
+               PKEY_USAGE_PERIOD_it;
+               PKCS12_unpack_authsafes;
+               ASN1_item_unpack;
+               NETSCAPE_SPKAC_it;
+               X509_REVOKED_it;
+               ASN1_STRING_encode;
+               EVP_aes_128_ecb;
+               KRB5_AUTHENT_free;
+               OCSP_BASICRESP_get_ext_by_critical;
+               OCSP_BASICRESP_get_ext_by_crit;
+               OCSP_cert_status_str;
+               d2i_OCSP_REQUEST;
+               UI_dup_info_string;
+               _ossl_old_des_xwhite_in2out;
+               PKCS12_it;
+               OCSP_SINGLERESP_get_ext_by_critical;
+               OCSP_SINGLERESP_get_ext_by_crit;
+               OCSP_CERTSTATUS_free;
+               _ossl_old_des_crypt;
+               ASN1_item_i2d;
+               EVP_DecryptFinal_ex;
+               ENGINE_load_openssl;
+               ENGINE_get_cmd_defns;
+               ENGINE_set_load_privkey_function;
+               ENGINE_set_load_privkey_fn;
+               EVP_EncryptFinal_ex;
+               ENGINE_set_default_digests;
+               X509_get0_pubkey_bitstr;
+               asn1_ex_i2c;
+               ENGINE_register_RSA;
+               ENGINE_unregister_DSA;
+               _ossl_old_des_key_sched;
+               X509_EXTENSION_it;
+               i2d_KRB5_AUTHENT;
+               SXNETID_it;
+               d2i_OCSP_SINGLERESP;
+               EDIPARTYNAME_new;
+               PKCS12_certbag2x509;
+               _ossl_old_des_ofb64_encrypt;
+               d2i_EXTENDED_KEY_USAGE;
+               ERR_print_errors_cb;
+               ENGINE_set_ciphers;
+               d2i_KRB5_APREQBODY;
+               UI_method_get_flusher;
+               X509_PUBKEY_it;
+               _ossl_old_des_enc_read;
+               PKCS7_ENCRYPT_it;
+               i2d_OCSP_RESPONSE;
+               EC_GROUP_get_cofactor;
+               PKCS12_unpack_p7data;
+               d2i_KRB5_AUTHDATA;
+               OCSP_copy_nonce;
+               KRB5_AUTHDATA_new;
+               OCSP_RESPDATA_new;
+               EC_GFp_mont_method;
+               OCSP_REVOKEDINFO_free;
+               UI_get_ex_data;
+               KRB5_APREQBODY_free;
+               EC_GROUP_get0_generator;
+               UI_get_default_method;
+               X509V3_set_nconf;
+               PKCS12_item_i2d_encrypt;
+               X509_add1_ext_i2d;
+               PKCS7_SIGNER_INFO_it;
+               KRB5_PRINCNAME_new;
+               PKCS12_SAFEBAG_it;
+               EC_GROUP_get_order;
+               d2i_OCSP_RESPID;
+               OCSP_request_verify;
+               NCONF_get_number_e;
+               _ossl_old_des_decrypt3;
+               X509_signature_print;
+               OCSP_SINGLERESP_free;
+               ENGINE_load_builtin_engines;
+               i2d_OCSP_ONEREQ;
+               OCSP_REQUEST_add_ext;
+               OCSP_RESPBYTES_new;
+               EVP_MD_CTX_create;
+               OCSP_resp_find_status;
+               X509_ALGOR_it;
+               ASN1_TIME_it;
+               OCSP_request_set1_name;
+               OCSP_ONEREQ_get_ext_count;
+               UI_get0_result;
+               PKCS12_AUTHSAFES_it;
+               EVP_aes_256_ecb;
+               PKCS12_pack_authsafes;
+               ASN1_IA5STRING_it;
+               UI_get_input_flags;
+               EC_GROUP_set_generator;
+               _ossl_old_des_string_to_2keys;
+               OCSP_CERTID_free;
+               X509_CERT_AUX_it;
+               CERTIFICATEPOLICIES_it;
+               _ossl_old_des_ede3_cbc_encrypt;
+               RAND_set_rand_engine;
+               DSO_get_loaded_filename;
+               X509_ATTRIBUTE_it;
+               OCSP_ONEREQ_get_ext_by_NID;
+               PKCS12_decrypt_skey;
+               KRB5_AUTHENT_it;
+               UI_dup_error_string;
+               RSAPublicKey_it;
+               i2d_OCSP_REQUEST;
+               PKCS12_x509crl2certbag;
+               OCSP_SERVICELOC_it;
+               ASN1_item_sign;
+               X509_CRL_set_issuer_name;
+               OBJ_NAME_do_all_sorted;
+               i2d_OCSP_BASICRESP;
+               i2d_OCSP_RESPBYTES;
+               PKCS12_unpack_p7encdata;
+               HMAC_CTX_init;
+               ENGINE_get_digest;
+               OCSP_RESPONSE_print;
+               KRB5_TKTBODY_it;
+               ACCESS_DESCRIPTION_it;
+               PKCS7_ISSUER_AND_SERIAL_it;
+               PBE2PARAM_it;
+               PKCS12_certbag2x509crl;
+               PKCS7_SIGNED_it;
+               ENGINE_get_cipher;
+               i2d_OCSP_CRLID;
+               OCSP_SINGLERESP_new;
+               ENGINE_cmd_is_executable;
+               RSA_up_ref;
+               ASN1_GENERALSTRING_it;
+               ENGINE_register_DSA;
+               X509V3_EXT_add_nconf_sk;
+               ENGINE_set_load_pubkey_function;
+               PKCS8_decrypt;
+               PEM_bytes_read_bio;
+               DIRECTORYSTRING_it;
+               d2i_OCSP_CRLID;
+               EC_POINT_is_on_curve;
+               CRYPTO_set_locked_mem_ex_functions;
+               CRYPTO_set_locked_mem_ex_funcs;
+               d2i_KRB5_CHECKSUM;
+               ASN1_item_dup;
+               X509_it;
+               BN_mod_add;
+               KRB5_AUTHDATA_free;
+               _ossl_old_des_cbc_cksum;
+               ASN1_item_verify;
+               CRYPTO_set_mem_ex_functions;
+               EC_POINT_get_Jprojective_coordinates_GFp;
+               EC_POINT_get_Jproj_coords_GFp;
+               ZLONG_it;
+               CRYPTO_get_locked_mem_ex_functions;
+               CRYPTO_get_locked_mem_ex_funcs;
+               ASN1_TIME_check;
+               UI_get0_user_data;
+               HMAC_CTX_cleanup;
+               DSA_up_ref;
+               _ossl_old_des_ede3_cfb64_encrypt;
+               _ossl_odes_ede3_cfb64_encrypt;
+               ASN1_BMPSTRING_it;
+               ASN1_tag2bit;
+               UI_method_set_flusher;
+               X509_ocspid_print;
+               KRB5_ENCDATA_it;
+               ENGINE_get_load_pubkey_function;
+               UI_add_user_data;
+               OCSP_REQUEST_delete_ext;
+               UI_get_method;
+               OCSP_ONEREQ_free;
+               ASN1_PRINTABLESTRING_it;
+               X509_CRL_set_nextUpdate;
+               OCSP_REQUEST_it;
+               OCSP_BASICRESP_it;
+               AES_ecb_encrypt;
+               BN_mod_sqr;
+               NETSCAPE_CERT_SEQUENCE_it;
+               GENERAL_NAMES_it;
+               AUTHORITY_INFO_ACCESS_it;
+               ASN1_FBOOLEAN_it;
+               UI_set_ex_data;
+               _ossl_old_des_string_to_key;
+               ENGINE_register_all_RSA;
+               d2i_KRB5_PRINCNAME;
+               OCSP_RESPBYTES_it;
+               X509_CINF_it;
+               ENGINE_unregister_digests;
+               d2i_EDIPARTYNAME;
+               d2i_OCSP_SERVICELOC;
+               ENGINE_get_digests;
+               _ossl_old_des_set_odd_parity;
+               OCSP_RESPDATA_free;
+               d2i_KRB5_TICKET;
+               OTHERNAME_it;
+               EVP_MD_CTX_cleanup;
+               d2i_ASN1_GENERALSTRING;
+               X509_CRL_set_version;
+               BN_mod_sub;
+               OCSP_SINGLERESP_get_ext_by_NID;
+               ENGINE_get_ex_new_index;
+               OCSP_REQUEST_free;
+               OCSP_REQUEST_add1_ext_i2d;
+               X509_VAL_it;
+               EC_POINTs_make_affine;
+               EC_POINT_mul;
+               X509V3_EXT_add_nconf;
+               X509_TRUST_set;
+               X509_CRL_add1_ext_i2d;
+               _ossl_old_des_fcrypt;
+               DISPLAYTEXT_it;
+               X509_CRL_set_lastUpdate;
+               OCSP_BASICRESP_free;
+               OCSP_BASICRESP_add1_ext_i2d;
+               d2i_KRB5_AUTHENTBODY;
+               CRYPTO_set_ex_data_implementation;
+               CRYPTO_set_ex_data_impl;
+               KRB5_ENCDATA_new;
+               DSO_up_ref;
+               OCSP_crl_reason_str;
+               UI_get0_result_string;
+               ASN1_GENERALSTRING_new;
+               X509_SIG_it;
+               ERR_set_implementation;
+               ERR_load_EC_strings;
+               UI_get0_action_string;
+               OCSP_ONEREQ_get_ext;
+               EC_POINT_method_of;
+               i2d_KRB5_APREQBODY;
+               _ossl_old_des_ecb3_encrypt;
+               CRYPTO_get_mem_ex_functions;
+               ENGINE_get_ex_data;
+               UI_destroy_method;
+               ASN1_item_i2d_bio;
+               OCSP_ONEREQ_get_ext_by_OBJ;
+               ASN1_primitive_new;
+               ASN1_PRINTABLE_it;
+               EVP_aes_192_ecb;
+               OCSP_SIGNATURE_new;
+               LONG_it;
+               ASN1_VISIBLESTRING_it;
+               OCSP_SINGLERESP_add1_ext_i2d;
+               d2i_OCSP_CERTID;
+               ASN1_item_d2i_fp;
+               CRL_DIST_POINTS_it;
+               GENERAL_NAME_print;
+               OCSP_SINGLERESP_delete_ext;
+               PKCS12_SAFEBAGS_it;
+               d2i_OCSP_SIGNATURE;
+               OCSP_request_add1_nonce;
+               ENGINE_set_cmd_defns;
+               OCSP_SERVICELOC_free;
+               EC_GROUP_free;
+               ASN1_BIT_STRING_it;
+               X509_REQ_it;
+               _ossl_old_des_cbc_encrypt;
+               ERR_unload_strings;
+               PKCS7_SIGN_ENVELOPE_it;
+               EDIPARTYNAME_free;
+               OCSP_REQINFO_free;
+               EC_GROUP_new_curve_GFp;
+               OCSP_REQUEST_get1_ext_d2i;
+               PKCS12_item_pack_safebag;
+               asn1_ex_c2i;
+               ENGINE_register_digests;
+               i2d_OCSP_REVOKEDINFO;
+               asn1_enc_restore;
+               UI_free;
+               UI_new_method;
+               EVP_EncryptInit_ex;
+               X509_pubkey_digest;
+               EC_POINT_invert;
+               OCSP_basic_sign;
+               i2d_OCSP_RESPID;
+               OCSP_check_nonce;
+               ENGINE_ctrl_cmd;
+               d2i_KRB5_ENCKEY;
+               OCSP_parse_url;
+               OCSP_SINGLERESP_get_ext;
+               OCSP_CRLID_free;
+               OCSP_BASICRESP_get1_ext_d2i;
+               RSAPrivateKey_it;
+               ENGINE_register_all_DH;
+               i2d_EDIPARTYNAME;
+               EC_POINT_get_affine_coordinates_GFp;
+               EC_POINT_get_affine_coords_GFp;
+               OCSP_CRLID_new;
+               ENGINE_get_flags;
+               OCSP_ONEREQ_it;
+               UI_process;
+               ASN1_INTEGER_it;
+               EVP_CipherInit_ex;
+               UI_get_string_type;
+               ENGINE_unregister_DH;
+               ENGINE_register_all_DSA;
+               OCSP_ONEREQ_get_ext_by_critical;
+               bn_dup_expand;
+               OCSP_cert_id_new;
+               BASIC_CONSTRAINTS_it;
+               BN_mod_add_quick;
+               EC_POINT_new;
+               EVP_MD_CTX_destroy;
+               OCSP_RESPBYTES_free;
+               EVP_aes_128_cbc;
+               OCSP_SINGLERESP_get1_ext_d2i;
+               EC_POINT_free;
+               DH_up_ref;
+               X509_NAME_ENTRY_it;
+               UI_get_ex_new_index;
+               BN_mod_sub_quick;
+               OCSP_ONEREQ_add_ext;
+               OCSP_request_sign;
+               EVP_DigestFinal_ex;
+               ENGINE_set_digests;
+               OCSP_id_issuer_cmp;
+               OBJ_NAME_do_all;
+               EC_POINTs_mul;
+               ENGINE_register_complete;
+               X509V3_EXT_nconf_nid;
+               ASN1_SEQUENCE_it;
+               UI_set_default_method;
+               RAND_query_egd_bytes;
+               UI_method_get_writer;
+               UI_OpenSSL;
+               PEM_def_callback;
+               ENGINE_cleanup;
+               DIST_POINT_it;
+               OCSP_SINGLERESP_it;
+               d2i_KRB5_TKTBODY;
+               EC_POINT_cmp;
+               OCSP_REVOKEDINFO_new;
+               i2d_OCSP_CERTSTATUS;
+               OCSP_basic_add1_nonce;
+               ASN1_item_ex_d2i;
+               BN_mod_lshift1_quick;
+               UI_set_method;
+               OCSP_id_get0_info;
+               BN_mod_sqrt;
+               EC_GROUP_copy;
+               KRB5_ENCDATA_free;
+               _ossl_old_des_cfb_encrypt;
+               OCSP_SINGLERESP_get_ext_by_OBJ;
+               OCSP_cert_to_id;
+               OCSP_RESPID_new;
+               OCSP_RESPDATA_it;
+               d2i_OCSP_RESPDATA;
+               ENGINE_register_all_complete;
+               OCSP_check_validity;
+               PKCS12_BAGS_it;
+               OCSP_url_svcloc_new;
+               ASN1_template_free;
+               OCSP_SINGLERESP_add_ext;
+               KRB5_AUTHENTBODY_it;
+               X509_supported_extension;
+               i2d_KRB5_AUTHDATA;
+               UI_method_get_opener;
+               ENGINE_set_ex_data;
+               OCSP_REQUEST_print;
+               CBIGNUM_it;
+               KRB5_TICKET_new;
+               KRB5_APREQ_new;
+               EC_GROUP_get_curve_GFp;
+               KRB5_ENCKEY_new;
+               ASN1_template_d2i;
+               _ossl_old_des_quad_cksum;
+               OCSP_single_get0_status;
+               BN_swap;
+               POLICYINFO_it;
+               ENGINE_set_destroy_function;
+               asn1_enc_free;
+               OCSP_RESPID_it;
+               EC_GROUP_new;
+               EVP_aes_256_cbc;
+               i2d_KRB5_PRINCNAME;
+               _ossl_old_des_encrypt2;
+               _ossl_old_des_encrypt3;
+               PKCS8_PRIV_KEY_INFO_it;
+               OCSP_REQINFO_it;
+               PBEPARAM_it;
+               KRB5_AUTHENTBODY_new;
+               X509_CRL_add0_revoked;
+               EDIPARTYNAME_it;
+               NETSCAPE_SPKI_it;
+               UI_get0_test_string;
+               ENGINE_get_cipher_engine;
+               ENGINE_register_all_ciphers;
+               EC_POINT_copy;
+               BN_kronecker;
+               _ossl_old_des_ede3_ofb64_encrypt;
+               _ossl_odes_ede3_ofb64_encrypt;
+               UI_method_get_reader;
+               OCSP_BASICRESP_get_ext_count;
+               ASN1_ENUMERATED_it;
+               UI_set_result;
+               i2d_KRB5_TICKET;
+               X509_print_ex_fp;
+               EVP_CIPHER_CTX_set_padding;
+               d2i_OCSP_RESPONSE;
+               ASN1_UTCTIME_it;
+               _ossl_old_des_enc_write;
+               OCSP_RESPONSE_new;
+               AES_set_encrypt_key;
+               OCSP_resp_count;
+               KRB5_CHECKSUM_new;
+               ENGINE_load_cswift;
+               OCSP_onereq_get0_id;
+               ENGINE_set_default_ciphers;
+               NOTICEREF_it;
+               X509V3_EXT_CRL_add_nconf;
+               OCSP_REVOKEDINFO_it;
+               AES_encrypt;
+               OCSP_REQUEST_new;
+               ASN1_ANY_it;
+               CRYPTO_ex_data_new_class;
+               _ossl_old_des_ncbc_encrypt;
+               i2d_KRB5_TKTBODY;
+               EC_POINT_clear_free;
+               AES_decrypt;
+               asn1_enc_init;
+               UI_get_result_maxsize;
+               OCSP_CERTID_new;
+               ENGINE_unregister_RAND;
+               UI_method_get_closer;
+               d2i_KRB5_ENCDATA;
+               OCSP_request_onereq_count;
+               OCSP_basic_verify;
+               KRB5_AUTHENTBODY_free;
+               ASN1_item_d2i;
+               ASN1_primitive_free;
+               i2d_EXTENDED_KEY_USAGE;
+               i2d_OCSP_SIGNATURE;
+               asn1_enc_save;
+               ENGINE_load_nuron;
+               _ossl_old_des_pcbc_encrypt;
+               PKCS12_MAC_DATA_it;
+               OCSP_accept_responses_new;
+               asn1_do_lock;
+               PKCS7_ATTR_VERIFY_it;
+               KRB5_APREQBODY_it;
+               i2d_OCSP_SINGLERESP;
+               ASN1_item_ex_new;
+               UI_add_verify_string;
+               _ossl_old_des_set_key;
+               KRB5_PRINCNAME_it;
+               EVP_DecryptInit_ex;
+               i2d_OCSP_CERTID;
+               ASN1_item_d2i_bio;
+               EC_POINT_dbl;
+               asn1_get_choice_selector;
+               i2d_KRB5_CHECKSUM;
+               ENGINE_set_table_flags;
+               AES_options;
+               ENGINE_load_chil;
+               OCSP_id_cmp;
+               OCSP_BASICRESP_new;
+               OCSP_REQUEST_get_ext_by_NID;
+               KRB5_APREQ_it;
+               ENGINE_get_destroy_function;
+               CONF_set_nconf;
+               ASN1_PRINTABLE_free;
+               OCSP_BASICRESP_get_ext_by_NID;
+               DIST_POINT_NAME_it;
+               X509V3_extensions_print;
+               _ossl_old_des_cfb64_encrypt;
+               X509_REVOKED_add1_ext_i2d;
+               _ossl_old_des_ofb_encrypt;
+               KRB5_TKTBODY_new;
+               ASN1_OCTET_STRING_it;
+               ERR_load_UI_strings;
+               i2d_KRB5_ENCKEY;
+               ASN1_template_new;
+               OCSP_SIGNATURE_free;
+               ASN1_item_i2d_fp;
+               KRB5_PRINCNAME_free;
+               PKCS7_RECIP_INFO_it;
+               EXTENDED_KEY_USAGE_it;
+               EC_GFp_simple_method;
+               EC_GROUP_precompute_mult;
+               OCSP_request_onereq_get0;
+               UI_method_set_writer;
+               KRB5_AUTHENT_new;
+               X509_CRL_INFO_it;
+               DSO_set_name_converter;
+               AES_set_decrypt_key;
+               PKCS7_DIGEST_it;
+               PKCS12_x5092certbag;
+               EVP_DigestInit_ex;
+               i2a_ACCESS_DESCRIPTION;
+               OCSP_RESPONSE_it;
+               PKCS7_ENC_CONTENT_it;
+               OCSP_request_add0_id;
+               EC_POINT_make_affine;
+               DSO_get_filename;
+               OCSP_CERTSTATUS_it;
+               OCSP_request_add1_cert;
+               UI_get0_output_string;
+               UI_dup_verify_string;
+               BN_mod_lshift;
+               KRB5_AUTHDATA_it;
+               asn1_set_choice_selector;
+               OCSP_basic_add1_status;
+               OCSP_RESPID_free;
+               asn1_get_field_ptr;
+               UI_add_input_string;
+               OCSP_CRLID_it;
+               i2d_KRB5_AUTHENTBODY;
+               OCSP_REQUEST_get_ext_count;
+               ENGINE_load_atalla;
+               X509_NAME_it;
+               USERNOTICE_it;
+               OCSP_REQINFO_new;
+               OCSP_BASICRESP_get_ext;
+               CRYPTO_get_ex_data_implementation;
+               CRYPTO_get_ex_data_impl;
+               ASN1_item_pack;
+               i2d_KRB5_ENCDATA;
+               X509_PURPOSE_set;
+               X509_REQ_INFO_it;
+               UI_method_set_opener;
+               ASN1_item_ex_free;
+               ASN1_BOOLEAN_it;
+               ENGINE_get_table_flags;
+               UI_create_method;
+               OCSP_ONEREQ_add1_ext_i2d;
+               _shadow_DES_check_key;
+               d2i_OCSP_REQINFO;
+               UI_add_info_string;
+               UI_get_result_minsize;
+               ASN1_NULL_it;
+               BN_mod_lshift1;
+               d2i_OCSP_ONEREQ;
+               OCSP_ONEREQ_new;
+               KRB5_TICKET_it;
+               EVP_aes_192_cbc;
+               KRB5_TICKET_free;
+               UI_new;
+               OCSP_response_create;
+               _ossl_old_des_xcbc_encrypt;
+               PKCS7_it;
+               OCSP_REQUEST_get_ext_by_critical;
+               OCSP_REQUEST_get_ext_by_crit;
+               ENGINE_set_flags;
+               _ossl_old_des_ecb_encrypt;
+               OCSP_response_get1_basic;
+               EVP_Digest;
+               OCSP_ONEREQ_delete_ext;
+               ASN1_TBOOLEAN_it;
+               ASN1_item_new;
+               ASN1_TIME_to_generalizedtime;
+               BIGNUM_it;
+               AES_cbc_encrypt;
+               ENGINE_get_load_privkey_function;
+               ENGINE_get_load_privkey_fn;
+               OCSP_RESPONSE_free;
+               UI_method_set_reader;
+               i2d_ASN1_T61STRING;
+               EC_POINT_set_to_infinity;
+               ERR_load_OCSP_strings;
+               EC_POINT_point2oct;
+               KRB5_APREQ_free;
+               ASN1_OBJECT_it;
+               OCSP_crlID_new;
+               OCSP_crlID2_new;
+               CONF_modules_load_file;
+               CONF_imodule_set_usr_data;
+               ENGINE_set_default_string;
+               CONF_module_get_usr_data;
+               ASN1_add_oid_module;
+               CONF_modules_finish;
+               OPENSSL_config;
+               CONF_modules_unload;
+               CONF_imodule_get_value;
+               CONF_module_set_usr_data;
+               CONF_parse_list;
+               CONF_module_add;
+               CONF_get1_default_config_file;
+               CONF_imodule_get_flags;
+               CONF_imodule_get_module;
+               CONF_modules_load;
+               CONF_imodule_get_name;
+               ERR_peek_top_error;
+               CONF_imodule_get_usr_data;
+               CONF_imodule_set_flags;
+               ENGINE_add_conf_module;
+               ERR_peek_last_error_line;
+               ERR_peek_last_error_line_data;
+               ERR_peek_last_error;
+               DES_read_2passwords;
+               DES_read_password;
+               UI_UTIL_read_pw;
+               UI_UTIL_read_pw_string;
+               ENGINE_load_aep;
+               ENGINE_load_sureware;
+               OPENSSL_add_all_algorithms_noconf;
+               OPENSSL_add_all_algo_noconf;
+               OPENSSL_add_all_algorithms_conf;
+               OPENSSL_add_all_algo_conf;
+               OPENSSL_load_builtin_modules;
+               AES_ofb128_encrypt;
+               AES_ctr128_encrypt;
+               AES_cfb128_encrypt;
+               ENGINE_load_4758cca;
+               _ossl_096_des_random_seed;
+               EVP_aes_256_ofb;
+               EVP_aes_192_ofb;
+               EVP_aes_128_cfb128;
+               EVP_aes_256_cfb128;
+               EVP_aes_128_ofb;
+               EVP_aes_192_cfb128;
+               CONF_modules_free;
+               NCONF_default;
+               OPENSSL_no_config;
+               NCONF_WIN32;
+               ASN1_UNIVERSALSTRING_new;
+               EVP_des_ede_ecb;
+               i2d_ASN1_UNIVERSALSTRING;
+               ASN1_UNIVERSALSTRING_free;
+               ASN1_UNIVERSALSTRING_it;
+               d2i_ASN1_UNIVERSALSTRING;
+               EVP_des_ede3_ecb;
+               X509_REQ_print_ex;
+               ENGINE_up_ref;
+               BUF_MEM_grow_clean;
+               CRYPTO_realloc_clean;
+               BUF_strlcat;
+               BIO_indent;
+               BUF_strlcpy;
+               OpenSSLDie;
+               OPENSSL_cleanse;
+               ENGINE_setup_bsd_cryptodev;
+               ERR_release_err_state_table;
+               EVP_aes_128_cfb8;
+               FIPS_corrupt_rsa;
+               FIPS_selftest_des;
+               EVP_aes_128_cfb1;
+               EVP_aes_192_cfb8;
+               FIPS_mode_set;
+               FIPS_selftest_dsa;
+               EVP_aes_256_cfb8;
+               FIPS_allow_md5;
+               DES_ede3_cfb_encrypt;
+               EVP_des_ede3_cfb8;
+               FIPS_rand_seeded;
+               AES_cfbr_encrypt_block;
+               AES_cfb8_encrypt;
+               FIPS_rand_seed;
+               FIPS_corrupt_des;
+               EVP_aes_192_cfb1;
+               FIPS_selftest_aes;
+               FIPS_set_prng_key;
+               EVP_des_cfb8;
+               FIPS_corrupt_dsa;
+               FIPS_test_mode;
+               FIPS_rand_method;
+               EVP_aes_256_cfb1;
+               ERR_load_FIPS_strings;
+               FIPS_corrupt_aes;
+               FIPS_selftest_sha1;
+               FIPS_selftest_rsa;
+               FIPS_corrupt_sha1;
+               EVP_des_cfb1;
+               FIPS_dsa_check;
+               AES_cfb1_encrypt;
+               EVP_des_ede3_cfb1;
+               FIPS_rand_check;
+               FIPS_md5_allowed;
+               FIPS_mode;
+               FIPS_selftest_failed;
+               sk_is_sorted;
+               X509_check_ca;
+               HMAC_CTX_set_flags;
+               d2i_PROXY_CERT_INFO_EXTENSION;
+               PROXY_POLICY_it;
+               i2d_PROXY_POLICY;
+               i2d_PROXY_CERT_INFO_EXTENSION;
+               d2i_PROXY_POLICY;
+               PROXY_CERT_INFO_EXTENSION_new;
+               PROXY_CERT_INFO_EXTENSION_free;
+               PROXY_CERT_INFO_EXTENSION_it;
+               PROXY_POLICY_free;
+               PROXY_POLICY_new;
+               BN_MONT_CTX_set_locked;
+               FIPS_selftest_rng;
+               EVP_sha384;
+               EVP_sha512;
+               EVP_sha224;
+               EVP_sha256;
+               FIPS_selftest_hmac;
+               FIPS_corrupt_rng;
+               BN_mod_exp_mont_consttime;
+               RSA_X931_hash_id;
+               RSA_padding_check_X931;
+               RSA_verify_PKCS1_PSS;
+               RSA_padding_add_X931;
+               RSA_padding_add_PKCS1_PSS;
+               PKCS1_MGF1;
+               BN_X931_generate_Xpq;
+               RSA_X931_generate_key;
+               BN_X931_derive_prime;
+               BN_X931_generate_prime;
+               RSA_X931_derive;
+               BIO_new_dgram;
+               BN_get0_nist_prime_384;
+               ERR_set_mark;
+               X509_STORE_CTX_set0_crls;
+               ENGINE_set_STORE;
+               ENGINE_register_ECDSA;
+               STORE_meth_set_list_start_fn;
+               STORE_method_set_list_start_function;
+               BN_BLINDING_invert_ex;
+               NAME_CONSTRAINTS_free;
+               STORE_ATTR_INFO_set_number;
+               BN_BLINDING_get_thread_id;
+               X509_STORE_CTX_set0_param;
+               POLICY_MAPPING_it;
+               STORE_parse_attrs_start;
+               POLICY_CONSTRAINTS_free;
+               EVP_PKEY_add1_attr_by_NID;
+               BN_nist_mod_192;
+               EC_GROUP_get_trinomial_basis;
+               STORE_set_method;
+               GENERAL_SUBTREE_free;
+               NAME_CONSTRAINTS_it;
+               ECDH_get_default_method;
+               PKCS12_add_safe;
+               EC_KEY_new_by_curve_name;
+               STORE_meth_get_update_store_fn;
+               STORE_method_get_update_store_function;
+               ENGINE_register_ECDH;
+               SHA512_Update;
+               i2d_ECPrivateKey;
+               BN_get0_nist_prime_192;
+               STORE_modify_certificate;
+               EC_POINT_set_affine_coordinates_GF2m;
+               EC_POINT_set_affine_coords_GF2m;
+               BN_GF2m_mod_exp_arr;
+               STORE_ATTR_INFO_modify_number;
+               X509_keyid_get0;
+               ENGINE_load_gmp;
+               pitem_new;
+               BN_GF2m_mod_mul_arr;
+               STORE_list_public_key_endp;
+               o2i_ECPublicKey;
+               EC_KEY_copy;
+               BIO_dump_fp;
+               X509_policy_node_get0_parent;
+               EC_GROUP_check_discriminant;
+               i2o_ECPublicKey;
+               EC_KEY_precompute_mult;
+               a2i_IPADDRESS;
+               STORE_meth_set_initialise_fn;
+               STORE_method_set_initialise_function;
+               X509_STORE_CTX_set_depth;
+               X509_VERIFY_PARAM_inherit;
+               EC_POINT_point2bn;
+               STORE_ATTR_INFO_set_dn;
+               X509_policy_tree_get0_policies;
+               EC_GROUP_new_curve_GF2m;
+               STORE_destroy_method;
+               ENGINE_unregister_STORE;
+               EVP_PKEY_get1_EC_KEY;
+               STORE_ATTR_INFO_get0_number;
+               ENGINE_get_default_ECDH;
+               EC_KEY_get_conv_form;
+               ASN1_OCTET_STRING_NDEF_it;
+               STORE_delete_public_key;
+               STORE_get_public_key;
+               STORE_modify_arbitrary;
+               ENGINE_get_static_state;
+               pqueue_iterator;
+               ECDSA_SIG_new;
+               OPENSSL_DIR_end;
+               BN_GF2m_mod_sqr;
+               EC_POINT_bn2point;
+               X509_VERIFY_PARAM_set_depth;
+               EC_KEY_set_asn1_flag;
+               STORE_get_method;
+               EC_KEY_get_key_method_data;
+               ECDSA_sign_ex;
+               STORE_parse_attrs_end;
+               EC_GROUP_get_point_conversion_form;
+               EC_GROUP_get_point_conv_form;
+               STORE_method_set_store_function;
+               STORE_ATTR_INFO_in;
+               PEM_read_bio_ECPKParameters;
+               EC_GROUP_get_pentanomial_basis;
+               EVP_PKEY_add1_attr_by_txt;
+               BN_BLINDING_set_flags;
+               X509_VERIFY_PARAM_set1_policies;
+               X509_VERIFY_PARAM_set1_name;
+               X509_VERIFY_PARAM_set_purpose;
+               STORE_get_number;
+               ECDSA_sign_setup;
+               BN_GF2m_mod_solve_quad_arr;
+               EC_KEY_up_ref;
+               POLICY_MAPPING_free;
+               BN_GF2m_mod_div;
+               X509_VERIFY_PARAM_set_flags;
+               EC_KEY_free;
+               STORE_meth_set_list_next_fn;
+               STORE_method_set_list_next_function;
+               PEM_write_bio_ECPrivateKey;
+               d2i_EC_PUBKEY;
+               STORE_meth_get_generate_fn;
+               STORE_method_get_generate_function;
+               STORE_meth_set_list_end_fn;
+               STORE_method_set_list_end_function;
+               pqueue_print;
+               EC_GROUP_have_precompute_mult;
+               EC_KEY_print_fp;
+               BN_GF2m_mod_arr;
+               PEM_write_bio_X509_CERT_PAIR;
+               EVP_PKEY_cmp;
+               X509_policy_level_node_count;
+               STORE_new_engine;
+               STORE_list_public_key_start;
+               X509_VERIFY_PARAM_new;
+               ECDH_get_ex_data;
+               EVP_PKEY_get_attr;
+               ECDSA_do_sign;
+               ENGINE_unregister_ECDH;
+               ECDH_OpenSSL;
+               EC_KEY_set_conv_form;
+               EC_POINT_dup;
+               GENERAL_SUBTREE_new;
+               STORE_list_crl_endp;
+               EC_get_builtin_curves;
+               X509_policy_node_get0_qualifiers;
+               X509_pcy_node_get0_qualifiers;
+               STORE_list_crl_end;
+               EVP_PKEY_set1_EC_KEY;
+               BN_GF2m_mod_sqrt_arr;
+               i2d_ECPrivateKey_bio;
+               ECPKParameters_print_fp;
+               pqueue_find;
+               ECDSA_SIG_free;
+               PEM_write_bio_ECPKParameters;
+               STORE_method_set_ctrl_function;
+               STORE_list_public_key_end;
+               EC_KEY_set_private_key;
+               pqueue_peek;
+               STORE_get_arbitrary;
+               STORE_store_crl;
+               X509_policy_node_get0_policy;
+               PKCS12_add_safes;
+               BN_BLINDING_convert_ex;
+               X509_policy_tree_free;
+               OPENSSL_ia32cap_loc;
+               BN_GF2m_poly2arr;
+               STORE_ctrl;
+               STORE_ATTR_INFO_compare;
+               BN_get0_nist_prime_224;
+               i2d_ECParameters;
+               i2d_ECPKParameters;
+               BN_GENCB_call;
+               d2i_ECPKParameters;
+               STORE_meth_set_generate_fn;
+               STORE_method_set_generate_function;
+               ENGINE_set_ECDH;
+               NAME_CONSTRAINTS_new;
+               SHA256_Init;
+               EC_KEY_get0_public_key;
+               PEM_write_bio_EC_PUBKEY;
+               STORE_ATTR_INFO_set_cstr;
+               STORE_list_crl_next;
+               STORE_ATTR_INFO_in_range;
+               ECParameters_print;
+               STORE_meth_set_delete_fn;
+               STORE_method_set_delete_function;
+               STORE_list_certificate_next;
+               ASN1_generate_nconf;
+               BUF_memdup;
+               BN_GF2m_mod_mul;
+               STORE_meth_get_list_next_fn;
+               STORE_method_get_list_next_function;
+               STORE_ATTR_INFO_get0_dn;
+               STORE_list_private_key_next;
+               EC_GROUP_set_seed;
+               X509_VERIFY_PARAM_set_trust;
+               STORE_ATTR_INFO_free;
+               STORE_get_private_key;
+               EVP_PKEY_get_attr_count;
+               STORE_ATTR_INFO_new;
+               EC_GROUP_get_curve_GF2m;
+               STORE_meth_set_revoke_fn;
+               STORE_method_set_revoke_function;
+               STORE_store_number;
+               BN_is_prime_ex;
+               STORE_revoke_public_key;
+               X509_STORE_CTX_get0_param;
+               STORE_delete_arbitrary;
+               PEM_read_X509_CERT_PAIR;
+               X509_STORE_set_depth;
+               ECDSA_get_ex_data;
+               SHA224;
+               BIO_dump_indent_fp;
+               EC_KEY_set_group;
+               BUF_strndup;
+               STORE_list_certificate_start;
+               BN_GF2m_mod;
+               X509_REQ_check_private_key;
+               EC_GROUP_get_seed_len;
+               ERR_load_STORE_strings;
+               PEM_read_bio_EC_PUBKEY;
+               STORE_list_private_key_end;
+               i2d_EC_PUBKEY;
+               ECDSA_get_default_method;
+               ASN1_put_eoc;
+               X509_STORE_CTX_get_explicit_policy;
+               X509_STORE_CTX_get_expl_policy;
+               X509_VERIFY_PARAM_table_cleanup;
+               STORE_modify_private_key;
+               X509_VERIFY_PARAM_free;
+               EC_METHOD_get_field_type;
+               EC_GFp_nist_method;
+               STORE_meth_set_modify_fn;
+               STORE_method_set_modify_function;
+               STORE_parse_attrs_next;
+               ENGINE_load_padlock;
+               EC_GROUP_set_curve_name;
+               X509_CERT_PAIR_it;
+               STORE_meth_get_revoke_fn;
+               STORE_method_get_revoke_function;
+               STORE_method_set_get_function;
+               STORE_modify_number;
+               STORE_method_get_store_function;
+               STORE_store_private_key;
+               BN_GF2m_mod_sqr_arr;
+               RSA_setup_blinding;
+               BIO_s_datagram;
+               STORE_Memory;
+               sk_find_ex;
+               EC_GROUP_set_curve_GF2m;
+               ENGINE_set_default_ECDSA;
+               POLICY_CONSTRAINTS_new;
+               BN_GF2m_mod_sqrt;
+               ECDH_set_default_method;
+               EC_KEY_generate_key;
+               SHA384_Update;
+               BN_GF2m_arr2poly;
+               STORE_method_get_get_function;
+               STORE_meth_set_cleanup_fn;
+               STORE_method_set_cleanup_function;
+               EC_GROUP_check;
+               d2i_ECPrivateKey_bio;
+               EC_KEY_insert_key_method_data;
+               STORE_meth_get_lock_store_fn;
+               STORE_method_get_lock_store_function;
+               X509_VERIFY_PARAM_get_depth;
+               SHA224_Final;
+               STORE_meth_set_update_store_fn;
+               STORE_method_set_update_store_function;
+               SHA224_Update;
+               d2i_ECPrivateKey;
+               ASN1_item_ndef_i2d;
+               STORE_delete_private_key;
+               ERR_pop_to_mark;
+               ENGINE_register_all_STORE;
+               X509_policy_level_get0_node;
+               i2d_PKCS7_NDEF;
+               EC_GROUP_get_degree;
+               ASN1_generate_v3;
+               STORE_ATTR_INFO_modify_cstr;
+               X509_policy_tree_level_count;
+               BN_GF2m_add;
+               EC_KEY_get0_group;
+               STORE_generate_crl;
+               STORE_store_public_key;
+               X509_CERT_PAIR_free;
+               STORE_revoke_private_key;
+               BN_nist_mod_224;
+               SHA512_Final;
+               STORE_ATTR_INFO_modify_dn;
+               STORE_meth_get_initialise_fn;
+               STORE_method_get_initialise_function;
+               STORE_delete_number;
+               i2d_EC_PUBKEY_bio;
+               BIO_dgram_non_fatal_error;
+               EC_GROUP_get_asn1_flag;
+               STORE_ATTR_INFO_in_ex;
+               STORE_list_crl_start;
+               ECDH_get_ex_new_index;
+               STORE_meth_get_modify_fn;
+               STORE_method_get_modify_function;
+               v2i_ASN1_BIT_STRING;
+               STORE_store_certificate;
+               OBJ_bsearch_ex;
+               X509_STORE_CTX_set_default;
+               STORE_ATTR_INFO_set_sha1str;
+               BN_GF2m_mod_inv;
+               BN_GF2m_mod_exp;
+               STORE_modify_public_key;
+               STORE_meth_get_list_start_fn;
+               STORE_method_get_list_start_function;
+               EC_GROUP_get0_seed;
+               STORE_store_arbitrary;
+               STORE_meth_set_unlock_store_fn;
+               STORE_method_set_unlock_store_function;
+               BN_GF2m_mod_div_arr;
+               ENGINE_set_ECDSA;
+               STORE_create_method;
+               ECPKParameters_print;
+               EC_KEY_get0_private_key;
+               PEM_write_EC_PUBKEY;
+               X509_VERIFY_PARAM_set1;
+               ECDH_set_method;
+               v2i_GENERAL_NAME_ex;
+               ECDH_set_ex_data;
+               STORE_generate_key;
+               BN_nist_mod_521;
+               X509_policy_tree_get0_level;
+               EC_GROUP_set_point_conversion_form;
+               EC_GROUP_set_point_conv_form;
+               PEM_read_EC_PUBKEY;
+               i2d_ECDSA_SIG;
+               ECDSA_OpenSSL;
+               STORE_delete_crl;
+               EC_KEY_get_enc_flags;
+               ASN1_const_check_infinite_end;
+               EVP_PKEY_delete_attr;
+               ECDSA_set_default_method;
+               EC_POINT_set_compressed_coordinates_GF2m;
+               EC_POINT_set_compr_coords_GF2m;
+               EC_GROUP_cmp;
+               STORE_revoke_certificate;
+               BN_get0_nist_prime_256;
+               STORE_meth_get_delete_fn;
+               STORE_method_get_delete_function;
+               SHA224_Init;
+               PEM_read_ECPrivateKey;
+               SHA512_Init;
+               STORE_parse_attrs_endp;
+               BN_set_negative;
+               ERR_load_ECDSA_strings;
+               EC_GROUP_get_basis_type;
+               STORE_list_public_key_next;
+               i2v_ASN1_BIT_STRING;
+               STORE_OBJECT_free;
+               BN_nist_mod_384;
+               i2d_X509_CERT_PAIR;
+               PEM_write_ECPKParameters;
+               ECDH_compute_key;
+               STORE_ATTR_INFO_get0_sha1str;
+               ENGINE_register_all_ECDH;
+               pqueue_pop;
+               STORE_ATTR_INFO_get0_cstr;
+               POLICY_CONSTRAINTS_it;
+               STORE_get_ex_new_index;
+               EVP_PKEY_get_attr_by_OBJ;
+               X509_VERIFY_PARAM_add0_policy;
+               BN_GF2m_mod_solve_quad;
+               SHA256;
+               i2d_ECPrivateKey_fp;
+               X509_policy_tree_get0_user_policies;
+               X509_pcy_tree_get0_usr_policies;
+               OPENSSL_DIR_read;
+               ENGINE_register_all_ECDSA;
+               X509_VERIFY_PARAM_lookup;
+               EC_POINT_get_affine_coordinates_GF2m;
+               EC_POINT_get_affine_coords_GF2m;
+               EC_GROUP_dup;
+               ENGINE_get_default_ECDSA;
+               EC_KEY_new;
+               SHA256_Transform;
+               EC_KEY_set_enc_flags;
+               ECDSA_verify;
+               EC_POINT_point2hex;
+               ENGINE_get_STORE;
+               SHA512;
+               STORE_get_certificate;
+               ECDSA_do_sign_ex;
+               ECDSA_do_verify;
+               d2i_ECPrivateKey_fp;
+               STORE_delete_certificate;
+               SHA512_Transform;
+               X509_STORE_set1_param;
+               STORE_method_get_ctrl_function;
+               STORE_free;
+               PEM_write_ECPrivateKey;
+               STORE_meth_get_unlock_store_fn;
+               STORE_method_get_unlock_store_function;
+               STORE_get_ex_data;
+               EC_KEY_set_public_key;
+               PEM_read_ECPKParameters;
+               X509_CERT_PAIR_new;
+               ENGINE_register_STORE;
+               RSA_generate_key_ex;
+               DSA_generate_parameters_ex;
+               ECParameters_print_fp;
+               X509V3_NAME_from_section;
+               EVP_PKEY_add1_attr;
+               STORE_modify_crl;
+               STORE_list_private_key_start;
+               POLICY_MAPPINGS_it;
+               GENERAL_SUBTREE_it;
+               EC_GROUP_get_curve_name;
+               PEM_write_X509_CERT_PAIR;
+               BIO_dump_indent_cb;
+               d2i_X509_CERT_PAIR;
+               STORE_list_private_key_endp;
+               asn1_const_Finish;
+               i2d_EC_PUBKEY_fp;
+               BN_nist_mod_256;
+               X509_VERIFY_PARAM_add0_table;
+               pqueue_free;
+               BN_BLINDING_create_param;
+               ECDSA_size;
+               d2i_EC_PUBKEY_bio;
+               BN_get0_nist_prime_521;
+               STORE_ATTR_INFO_modify_sha1str;
+               BN_generate_prime_ex;
+               EC_GROUP_new_by_curve_name;
+               SHA256_Final;
+               DH_generate_parameters_ex;
+               PEM_read_bio_ECPrivateKey;
+               STORE_meth_get_cleanup_fn;
+               STORE_method_get_cleanup_function;
+               ENGINE_get_ECDH;
+               d2i_ECDSA_SIG;
+               BN_is_prime_fasttest_ex;
+               ECDSA_sign;
+               X509_policy_check;
+               EVP_PKEY_get_attr_by_NID;
+               STORE_set_ex_data;
+               ENGINE_get_ECDSA;
+               EVP_ecdsa;
+               BN_BLINDING_get_flags;
+               PKCS12_add_cert;
+               STORE_OBJECT_new;
+               ERR_load_ECDH_strings;
+               EC_KEY_dup;
+               EVP_CIPHER_CTX_rand_key;
+               ECDSA_set_method;
+               a2i_IPADDRESS_NC;
+               d2i_ECParameters;
+               STORE_list_certificate_end;
+               STORE_get_crl;
+               X509_POLICY_NODE_print;
+               SHA384_Init;
+               EC_GF2m_simple_method;
+               ECDSA_set_ex_data;
+               SHA384_Final;
+               PKCS7_set_digest;
+               EC_KEY_print;
+               STORE_meth_set_lock_store_fn;
+               STORE_method_set_lock_store_function;
+               ECDSA_get_ex_new_index;
+               SHA384;
+               POLICY_MAPPING_new;
+               STORE_list_certificate_endp;
+               X509_STORE_CTX_get0_policy_tree;
+               EC_GROUP_set_asn1_flag;
+               EC_KEY_check_key;
+               d2i_EC_PUBKEY_fp;
+               PKCS7_set0_type_other;
+               PEM_read_bio_X509_CERT_PAIR;
+               pqueue_next;
+               STORE_meth_get_list_end_fn;
+               STORE_method_get_list_end_function;
+               EVP_PKEY_add1_attr_by_OBJ;
+               X509_VERIFY_PARAM_set_time;
+               pqueue_new;
+               ENGINE_set_default_ECDH;
+               STORE_new_method;
+               PKCS12_add_key;
+               DSO_merge;
+               EC_POINT_hex2point;
+               BIO_dump_cb;
+               SHA256_Update;
+               pqueue_insert;
+               pitem_free;
+               BN_GF2m_mod_inv_arr;
+               ENGINE_unregister_ECDSA;
+               BN_BLINDING_set_thread_id;
+               get_rfc3526_prime_8192;
+               X509_VERIFY_PARAM_clear_flags;
+               get_rfc2409_prime_1024;
+               DH_check_pub_key;
+               get_rfc3526_prime_2048;
+               get_rfc3526_prime_6144;
+               get_rfc3526_prime_1536;
+               get_rfc3526_prime_3072;
+               get_rfc3526_prime_4096;
+               get_rfc2409_prime_768;
+               X509_VERIFY_PARAM_get_flags;
+               EVP_CIPHER_CTX_new;
+               EVP_CIPHER_CTX_free;
+               Camellia_cbc_encrypt;
+               Camellia_cfb128_encrypt;
+               Camellia_cfb1_encrypt;
+               Camellia_cfb8_encrypt;
+               Camellia_ctr128_encrypt;
+               Camellia_cfbr_encrypt_block;
+               Camellia_decrypt;
+               Camellia_ecb_encrypt;
+               Camellia_encrypt;
+               Camellia_ofb128_encrypt;
+               Camellia_set_key;
+               EVP_camellia_128_cbc;
+               EVP_camellia_128_cfb128;
+               EVP_camellia_128_cfb1;
+               EVP_camellia_128_cfb8;
+               EVP_camellia_128_ecb;
+               EVP_camellia_128_ofb;
+               EVP_camellia_192_cbc;
+               EVP_camellia_192_cfb128;
+               EVP_camellia_192_cfb1;
+               EVP_camellia_192_cfb8;
+               EVP_camellia_192_ecb;
+               EVP_camellia_192_ofb;
+               EVP_camellia_256_cbc;
+               EVP_camellia_256_cfb128;
+               EVP_camellia_256_cfb1;
+               EVP_camellia_256_cfb8;
+               EVP_camellia_256_ecb;
+               EVP_camellia_256_ofb;
+               a2i_ipadd;
+               ASIdentifiers_free;
+               i2d_ASIdOrRange;
+               EVP_CIPHER_block_size;
+               v3_asid_is_canonical;
+               IPAddressChoice_free;
+               EVP_CIPHER_CTX_set_app_data;
+               BIO_set_callback_arg;
+               v3_addr_add_prefix;
+               IPAddressOrRange_it;
+               BIO_set_flags;
+               ASIdentifiers_it;
+               v3_addr_get_range;
+               BIO_method_type;
+               v3_addr_inherits;
+               IPAddressChoice_it;
+               AES_ige_encrypt;
+               v3_addr_add_range;
+               EVP_CIPHER_CTX_nid;
+               d2i_ASRange;
+               v3_addr_add_inherit;
+               v3_asid_add_id_or_range;
+               v3_addr_validate_resource_set;
+               EVP_CIPHER_iv_length;
+               EVP_MD_type;
+               v3_asid_canonize;
+               IPAddressRange_free;
+               v3_asid_add_inherit;
+               EVP_CIPHER_CTX_key_length;
+               IPAddressRange_new;
+               ASIdOrRange_new;
+               EVP_MD_size;
+               EVP_MD_CTX_test_flags;
+               BIO_clear_flags;
+               i2d_ASRange;
+               IPAddressRange_it;
+               IPAddressChoice_new;
+               ASIdentifierChoice_new;
+               ASRange_free;
+               EVP_MD_pkey_type;
+               EVP_MD_CTX_clear_flags;
+               IPAddressFamily_free;
+               i2d_IPAddressFamily;
+               IPAddressOrRange_new;
+               EVP_CIPHER_flags;
+               v3_asid_validate_resource_set;
+               d2i_IPAddressRange;
+               AES_bi_ige_encrypt;
+               BIO_get_callback;
+               IPAddressOrRange_free;
+               v3_addr_subset;
+               d2i_IPAddressFamily;
+               v3_asid_subset;
+               BIO_test_flags;
+               i2d_ASIdentifierChoice;
+               ASRange_it;
+               d2i_ASIdentifiers;
+               ASRange_new;
+               d2i_IPAddressChoice;
+               v3_addr_get_afi;
+               EVP_CIPHER_key_length;
+               EVP_Cipher;
+               i2d_IPAddressOrRange;
+               ASIdOrRange_it;
+               EVP_CIPHER_nid;
+               i2d_IPAddressChoice;
+               EVP_CIPHER_CTX_block_size;
+               ASIdentifiers_new;
+               v3_addr_validate_path;
+               IPAddressFamily_new;
+               EVP_MD_CTX_set_flags;
+               v3_addr_is_canonical;
+               i2d_IPAddressRange;
+               IPAddressFamily_it;
+               v3_asid_inherits;
+               EVP_CIPHER_CTX_cipher;
+               EVP_CIPHER_CTX_get_app_data;
+               EVP_MD_block_size;
+               EVP_CIPHER_CTX_flags;
+               v3_asid_validate_path;
+               d2i_IPAddressOrRange;
+               v3_addr_canonize;
+               ASIdentifierChoice_it;
+               EVP_MD_CTX_md;
+               d2i_ASIdentifierChoice;
+               BIO_method_name;
+               EVP_CIPHER_CTX_iv_length;
+               ASIdOrRange_free;
+               ASIdentifierChoice_free;
+               BIO_get_callback_arg;
+               BIO_set_callback;
+               d2i_ASIdOrRange;
+               i2d_ASIdentifiers;
+               SEED_decrypt;
+               SEED_encrypt;
+               SEED_cbc_encrypt;
+               EVP_seed_ofb;
+               SEED_cfb128_encrypt;
+               SEED_ofb128_encrypt;
+               EVP_seed_cbc;
+               SEED_ecb_encrypt;
+               EVP_seed_ecb;
+               SEED_set_key;
+               EVP_seed_cfb128;
+               X509_EXTENSIONS_it;
+               X509_get1_ocsp;
+               OCSP_REQ_CTX_free;
+               i2d_X509_EXTENSIONS;
+               OCSP_sendreq_nbio;
+               OCSP_sendreq_new;
+               d2i_X509_EXTENSIONS;
+               X509_ALGORS_it;
+               X509_ALGOR_get0;
+               X509_ALGOR_set0;
+               AES_unwrap_key;
+               AES_wrap_key;
+               X509at_get0_data_by_OBJ;
+               ASN1_TYPE_set1;
+               ASN1_STRING_set0;
+               i2d_X509_ALGORS;
+               BIO_f_zlib;
+               COMP_zlib_cleanup;
+               d2i_X509_ALGORS;
+               CMS_ReceiptRequest_free;
+               PEM_write_CMS;
+               CMS_add0_CertificateChoices;
+               CMS_unsigned_add1_attr_by_OBJ;
+               ERR_load_CMS_strings;
+               CMS_sign_receipt;
+               i2d_CMS_ContentInfo;
+               CMS_signed_delete_attr;
+               d2i_CMS_bio;
+               CMS_unsigned_get_attr_by_NID;
+               CMS_verify;
+               SMIME_read_CMS;
+               CMS_decrypt_set1_key;
+               CMS_SignerInfo_get0_algs;
+               CMS_add1_cert;
+               CMS_set_detached;
+               CMS_encrypt;
+               CMS_EnvelopedData_create;
+               CMS_uncompress;
+               CMS_add0_crl;
+               CMS_SignerInfo_verify_content;
+               CMS_unsigned_get0_data_by_OBJ;
+               PEM_write_bio_CMS;
+               CMS_unsigned_get_attr;
+               CMS_RecipientInfo_ktri_cert_cmp;
+               CMS_RecipientInfo_ktri_get0_algs;
+               CMS_RecipInfo_ktri_get0_algs;
+               CMS_ContentInfo_free;
+               CMS_final;
+               CMS_add_simple_smimecap;
+               CMS_SignerInfo_verify;
+               CMS_data;
+               CMS_ContentInfo_it;
+               d2i_CMS_ReceiptRequest;
+               CMS_compress;
+               CMS_digest_create;
+               CMS_SignerInfo_cert_cmp;
+               CMS_SignerInfo_sign;
+               CMS_data_create;
+               i2d_CMS_bio;
+               CMS_EncryptedData_set1_key;
+               CMS_decrypt;
+               int_smime_write_ASN1;
+               CMS_unsigned_delete_attr;
+               CMS_unsigned_get_attr_count;
+               CMS_add_smimecap;
+               PEM_read_CMS;
+               CMS_signed_get_attr_by_OBJ;
+               d2i_CMS_ContentInfo;
+               CMS_add_standard_smimecap;
+               CMS_ContentInfo_new;
+               CMS_RecipientInfo_type;
+               CMS_get0_type;
+               CMS_is_detached;
+               CMS_sign;
+               CMS_signed_add1_attr;
+               CMS_unsigned_get_attr_by_OBJ;
+               SMIME_write_CMS;
+               CMS_EncryptedData_decrypt;
+               CMS_get0_RecipientInfos;
+               CMS_add0_RevocationInfoChoice;
+               CMS_decrypt_set1_pkey;
+               CMS_SignerInfo_set1_signer_cert;
+               CMS_get0_signers;
+               CMS_ReceiptRequest_get0_values;
+               CMS_signed_get0_data_by_OBJ;
+               CMS_get0_SignerInfos;
+               CMS_add0_cert;
+               CMS_EncryptedData_encrypt;
+               CMS_digest_verify;
+               CMS_set1_signers_certs;
+               CMS_signed_get_attr;
+               CMS_RecipientInfo_set0_key;
+               CMS_SignedData_init;
+               CMS_RecipientInfo_kekri_get0_id;
+               CMS_verify_receipt;
+               CMS_ReceiptRequest_it;
+               PEM_read_bio_CMS;
+               CMS_get1_crls;
+               CMS_add0_recipient_key;
+               SMIME_read_ASN1;
+               CMS_ReceiptRequest_new;
+               CMS_get0_content;
+               CMS_get1_ReceiptRequest;
+               CMS_signed_add1_attr_by_OBJ;
+               CMS_RecipientInfo_kekri_id_cmp;
+               CMS_add1_ReceiptRequest;
+               CMS_SignerInfo_get0_signer_id;
+               CMS_unsigned_add1_attr_by_NID;
+               CMS_unsigned_add1_attr;
+               CMS_signed_get_attr_by_NID;
+               CMS_get1_certs;
+               CMS_signed_add1_attr_by_NID;
+               CMS_unsigned_add1_attr_by_txt;
+               CMS_dataFinal;
+               CMS_RecipientInfo_ktri_get0_signer_id;
+               CMS_RecipInfo_ktri_get0_sigr_id;
+               i2d_CMS_ReceiptRequest;
+               CMS_add1_recipient_cert;
+               CMS_dataInit;
+               CMS_signed_add1_attr_by_txt;
+               CMS_RecipientInfo_decrypt;
+               CMS_signed_get_attr_count;
+               CMS_get0_eContentType;
+               CMS_set1_eContentType;
+               CMS_ReceiptRequest_create0;
+               CMS_add1_signer;
+               CMS_RecipientInfo_set0_pkey;
+               ENGINE_set_load_ssl_client_cert_function;
+               ENGINE_set_ld_ssl_clnt_cert_fn;
+               ENGINE_get_ssl_client_cert_function;
+               ENGINE_get_ssl_client_cert_fn;
+               ENGINE_load_ssl_client_cert;
+               ENGINE_load_capi;
+               OPENSSL_isservice;
+               FIPS_dsa_sig_decode;
+               EVP_CIPHER_CTX_clear_flags;
+               FIPS_rand_status;
+               FIPS_rand_set_key;
+               CRYPTO_set_mem_info_functions;
+               RSA_X931_generate_key_ex;
+               int_ERR_set_state_func;
+               int_EVP_MD_set_engine_callbacks;
+               int_CRYPTO_set_do_dynlock_callback;
+               FIPS_rng_stick;
+               EVP_CIPHER_CTX_set_flags;
+               BN_X931_generate_prime_ex;
+               FIPS_selftest_check;
+               FIPS_rand_set_dt;
+               CRYPTO_dbg_pop_info;
+               FIPS_dsa_free;
+               RSA_X931_derive_ex;
+               FIPS_rsa_new;
+               FIPS_rand_bytes;
+               fips_cipher_test;
+               EVP_CIPHER_CTX_test_flags;
+               CRYPTO_malloc_debug_init;
+               CRYPTO_dbg_push_info;
+               FIPS_corrupt_rsa_keygen;
+               FIPS_dh_new;
+               FIPS_corrupt_dsa_keygen;
+               FIPS_dh_free;
+               fips_pkey_signature_test;
+               EVP_add_alg_module;
+               int_RAND_init_engine_callbacks;
+               int_EVP_CIPHER_set_engine_callbacks;
+               int_EVP_MD_init_engine_callbacks;
+               FIPS_rand_test_mode;
+               FIPS_rand_reset;
+               FIPS_dsa_new;
+               int_RAND_set_callbacks;
+               BN_X931_derive_prime_ex;
+               int_ERR_lib_init;
+               int_EVP_CIPHER_init_engine_callbacks;
+               FIPS_rsa_free;
+               FIPS_dsa_sig_encode;
+               CRYPTO_dbg_remove_all_info;
+               OPENSSL_init;
+               CRYPTO_strdup;
+               JPAKE_STEP3A_process;
+               JPAKE_STEP1_release;
+               JPAKE_get_shared_key;
+               JPAKE_STEP3B_init;
+               JPAKE_STEP1_generate;
+               JPAKE_STEP1_init;
+               JPAKE_STEP3B_process;
+               JPAKE_STEP2_generate;
+               JPAKE_CTX_new;
+               JPAKE_CTX_free;
+               JPAKE_STEP3B_release;
+               JPAKE_STEP3A_release;
+               JPAKE_STEP2_process;
+               JPAKE_STEP3B_generate;
+               JPAKE_STEP1_process;
+               JPAKE_STEP3A_generate;
+               JPAKE_STEP2_release;
+               JPAKE_STEP3A_init;
+               ERR_load_JPAKE_strings;
+               JPAKE_STEP2_init;
+               pqueue_size;
+               i2d_TS_ACCURACY;
+               i2d_TS_MSG_IMPRINT_fp;
+               i2d_TS_MSG_IMPRINT;
+               EVP_PKEY_print_public;
+               EVP_PKEY_CTX_new;
+               i2d_TS_TST_INFO;
+               EVP_PKEY_asn1_find;
+               DSO_METHOD_beos;
+               TS_CONF_load_cert;
+               TS_REQ_get_ext;
+               EVP_PKEY_sign_init;
+               ASN1_item_print;
+               TS_TST_INFO_set_nonce;
+               TS_RESP_dup;
+               ENGINE_register_pkey_meths;
+               EVP_PKEY_asn1_add0;
+               PKCS7_add0_attrib_signing_time;
+               i2d_TS_TST_INFO_fp;
+               BIO_asn1_get_prefix;
+               TS_TST_INFO_set_time;
+               EVP_PKEY_meth_set_decrypt;
+               EVP_PKEY_set_type_str;
+               EVP_PKEY_CTX_get_keygen_info;
+               TS_REQ_set_policy_id;
+               d2i_TS_RESP_fp;
+               ENGINE_get_pkey_asn1_meth_engine;
+               ENGINE_get_pkey_asn1_meth_eng;
+               WHIRLPOOL_Init;
+               TS_RESP_set_status_info;
+               EVP_PKEY_keygen;
+               EVP_DigestSignInit;
+               TS_ACCURACY_set_millis;
+               TS_REQ_dup;
+               GENERAL_NAME_dup;
+               ASN1_SEQUENCE_ANY_it;
+               WHIRLPOOL;
+               X509_STORE_get1_crls;
+               ENGINE_get_pkey_asn1_meth;
+               EVP_PKEY_asn1_new;
+               BIO_new_NDEF;
+               ENGINE_get_pkey_meth;
+               TS_MSG_IMPRINT_set_algo;
+               i2d_TS_TST_INFO_bio;
+               TS_TST_INFO_set_ordering;
+               TS_TST_INFO_get_ext_by_OBJ;
+               CRYPTO_THREADID_set_pointer;
+               TS_CONF_get_tsa_section;
+               SMIME_write_ASN1;
+               TS_RESP_CTX_set_signer_key;
+               EVP_PKEY_encrypt_old;
+               EVP_PKEY_encrypt_init;
+               CRYPTO_THREADID_cpy;
+               ASN1_PCTX_get_cert_flags;
+               i2d_ESS_SIGNING_CERT;
+               TS_CONF_load_key;
+               i2d_ASN1_SEQUENCE_ANY;
+               d2i_TS_MSG_IMPRINT_bio;
+               EVP_PKEY_asn1_set_public;
+               b2i_PublicKey_bio;
+               BIO_asn1_set_prefix;
+               EVP_PKEY_new_mac_key;
+               BIO_new_CMS;
+               CRYPTO_THREADID_cmp;
+               TS_REQ_ext_free;
+               EVP_PKEY_asn1_set_free;
+               EVP_PKEY_get0_asn1;
+               d2i_NETSCAPE_X509;
+               EVP_PKEY_verify_recover_init;
+               EVP_PKEY_CTX_set_data;
+               EVP_PKEY_keygen_init;
+               TS_RESP_CTX_set_status_info;
+               TS_MSG_IMPRINT_get_algo;
+               TS_REQ_print_bio;
+               EVP_PKEY_CTX_ctrl_str;
+               EVP_PKEY_get_default_digest_nid;
+               PEM_write_bio_PKCS7_stream;
+               TS_MSG_IMPRINT_print_bio;
+               BN_asc2bn;
+               TS_REQ_get_policy_id;
+               ENGINE_set_default_pkey_asn1_meths;
+               ENGINE_set_def_pkey_asn1_meths;
+               d2i_TS_ACCURACY;
+               DSO_global_lookup;
+               TS_CONF_set_tsa_name;
+               i2d_ASN1_SET_ANY;
+               ENGINE_load_gost;
+               WHIRLPOOL_BitUpdate;
+               ASN1_PCTX_get_flags;
+               TS_TST_INFO_get_ext_by_NID;
+               TS_RESP_new;
+               ESS_CERT_ID_dup;
+               TS_STATUS_INFO_dup;
+               TS_REQ_delete_ext;
+               EVP_DigestVerifyFinal;
+               EVP_PKEY_print_params;
+               i2d_CMS_bio_stream;
+               TS_REQ_get_msg_imprint;
+               OBJ_find_sigid_by_algs;
+               TS_TST_INFO_get_serial;
+               TS_REQ_get_nonce;
+               X509_PUBKEY_set0_param;
+               EVP_PKEY_CTX_set0_keygen_info;
+               DIST_POINT_set_dpname;
+               i2d_ISSUING_DIST_POINT;
+               ASN1_SET_ANY_it;
+               EVP_PKEY_CTX_get_data;
+               TS_STATUS_INFO_print_bio;
+               EVP_PKEY_derive_init;
+               d2i_TS_TST_INFO;
+               EVP_PKEY_asn1_add_alias;
+               d2i_TS_RESP_bio;
+               OTHERNAME_cmp;
+               GENERAL_NAME_set0_value;
+               PKCS7_RECIP_INFO_get0_alg;
+               TS_RESP_CTX_new;
+               TS_RESP_set_tst_info;
+               PKCS7_final;
+               EVP_PKEY_base_id;
+               TS_RESP_CTX_set_signer_cert;
+               TS_REQ_set_msg_imprint;
+               EVP_PKEY_CTX_ctrl;
+               TS_CONF_set_digests;
+               d2i_TS_MSG_IMPRINT;
+               EVP_PKEY_meth_set_ctrl;
+               TS_REQ_get_ext_by_NID;
+               PKCS5_pbe_set0_algor;
+               BN_BLINDING_thread_id;
+               TS_ACCURACY_new;
+               X509_CRL_METHOD_free;
+               ASN1_PCTX_get_nm_flags;
+               EVP_PKEY_meth_set_sign;
+               CRYPTO_THREADID_current;
+               EVP_PKEY_decrypt_init;
+               NETSCAPE_X509_free;
+               i2b_PVK_bio;
+               EVP_PKEY_print_private;
+               GENERAL_NAME_get0_value;
+               b2i_PVK_bio;
+               ASN1_UTCTIME_adj;
+               TS_TST_INFO_new;
+               EVP_MD_do_all_sorted;
+               TS_CONF_set_default_engine;
+               TS_ACCURACY_set_seconds;
+               TS_TST_INFO_get_time;
+               PKCS8_pkey_get0;
+               EVP_PKEY_asn1_get0;
+               OBJ_add_sigid;
+               PKCS7_SIGNER_INFO_sign;
+               EVP_PKEY_paramgen_init;
+               EVP_PKEY_sign;
+               OBJ_sigid_free;
+               EVP_PKEY_meth_set_init;
+               d2i_ESS_ISSUER_SERIAL;
+               ISSUING_DIST_POINT_new;
+               ASN1_TIME_adj;
+               TS_OBJ_print_bio;
+               EVP_PKEY_meth_set_verify_recover;
+               EVP_PKEY_meth_set_vrfy_recover;
+               TS_RESP_get_status_info;
+               CMS_stream;
+               EVP_PKEY_CTX_set_cb;
+               PKCS7_to_TS_TST_INFO;
+               ASN1_PCTX_get_oid_flags;
+               TS_TST_INFO_add_ext;
+               EVP_PKEY_meth_set_derive;
+               i2d_TS_RESP_fp;
+               i2d_TS_MSG_IMPRINT_bio;
+               TS_RESP_CTX_set_accuracy;
+               TS_REQ_set_nonce;
+               ESS_CERT_ID_new;
+               ENGINE_pkey_asn1_find_str;
+               TS_REQ_get_ext_count;
+               BUF_reverse;
+               TS_TST_INFO_print_bio;
+               d2i_ISSUING_DIST_POINT;
+               ENGINE_get_pkey_meths;
+               i2b_PrivateKey_bio;
+               i2d_TS_RESP;
+               b2i_PublicKey;
+               TS_VERIFY_CTX_cleanup;
+               TS_STATUS_INFO_free;
+               TS_RESP_verify_token;
+               OBJ_bsearch_ex_;
+               ASN1_bn_print;
+               EVP_PKEY_asn1_get_count;
+               ENGINE_register_pkey_asn1_meths;
+               ASN1_PCTX_set_nm_flags;
+               EVP_DigestVerifyInit;
+               ENGINE_set_default_pkey_meths;
+               TS_TST_INFO_get_policy_id;
+               TS_REQ_get_cert_req;
+               X509_CRL_set_meth_data;
+               PKCS8_pkey_set0;
+               ASN1_STRING_copy;
+               d2i_TS_TST_INFO_fp;
+               X509_CRL_match;
+               EVP_PKEY_asn1_set_private;
+               TS_TST_INFO_get_ext_d2i;
+               TS_RESP_CTX_add_policy;
+               d2i_TS_RESP;
+               TS_CONF_load_certs;
+               TS_TST_INFO_get_msg_imprint;
+               ERR_load_TS_strings;
+               TS_TST_INFO_get_version;
+               EVP_PKEY_CTX_dup;
+               EVP_PKEY_meth_set_verify;
+               i2b_PublicKey_bio;
+               TS_CONF_set_certs;
+               EVP_PKEY_asn1_get0_info;
+               TS_VERIFY_CTX_free;
+               TS_REQ_get_ext_by_critical;
+               TS_RESP_CTX_set_serial_cb;
+               X509_CRL_get_meth_data;
+               TS_RESP_CTX_set_time_cb;
+               TS_MSG_IMPRINT_get_msg;
+               TS_TST_INFO_ext_free;
+               TS_REQ_get_version;
+               TS_REQ_add_ext;
+               EVP_PKEY_CTX_set_app_data;
+               OBJ_bsearch_;
+               EVP_PKEY_meth_set_verifyctx;
+               i2d_PKCS7_bio_stream;
+               CRYPTO_THREADID_set_numeric;
+               PKCS7_sign_add_signer;
+               d2i_TS_TST_INFO_bio;
+               TS_TST_INFO_get_ordering;
+               TS_RESP_print_bio;
+               TS_TST_INFO_get_exts;
+               HMAC_CTX_copy;
+               PKCS5_pbe2_set_iv;
+               ENGINE_get_pkey_asn1_meths;
+               b2i_PrivateKey;
+               EVP_PKEY_CTX_get_app_data;
+               TS_REQ_set_cert_req;
+               CRYPTO_THREADID_set_callback;
+               TS_CONF_set_serial;
+               TS_TST_INFO_free;
+               d2i_TS_REQ_fp;
+               TS_RESP_verify_response;
+               i2d_ESS_ISSUER_SERIAL;
+               TS_ACCURACY_get_seconds;
+               EVP_CIPHER_do_all;
+               b2i_PrivateKey_bio;
+               OCSP_CERTID_dup;
+               X509_PUBKEY_get0_param;
+               TS_MSG_IMPRINT_dup;
+               PKCS7_print_ctx;
+               i2d_TS_REQ_bio;
+               EVP_whirlpool;
+               EVP_PKEY_asn1_set_param;
+               EVP_PKEY_meth_set_encrypt;
+               ASN1_PCTX_set_flags;
+               i2d_ESS_CERT_ID;
+               TS_VERIFY_CTX_new;
+               TS_RESP_CTX_set_extension_cb;
+               ENGINE_register_all_pkey_meths;
+               TS_RESP_CTX_set_status_info_cond;
+               TS_RESP_CTX_set_stat_info_cond;
+               EVP_PKEY_verify;
+               WHIRLPOOL_Final;
+               X509_CRL_METHOD_new;
+               EVP_DigestSignFinal;
+               TS_RESP_CTX_set_def_policy;
+               NETSCAPE_X509_it;
+               TS_RESP_create_response;
+               PKCS7_SIGNER_INFO_get0_algs;
+               TS_TST_INFO_get_nonce;
+               EVP_PKEY_decrypt_old;
+               TS_TST_INFO_set_policy_id;
+               TS_CONF_set_ess_cert_id_chain;
+               EVP_PKEY_CTX_get0_pkey;
+               d2i_TS_REQ;
+               EVP_PKEY_asn1_find_str;
+               BIO_f_asn1;
+               ESS_SIGNING_CERT_new;
+               EVP_PBE_find;
+               X509_CRL_get0_by_cert;
+               EVP_PKEY_derive;
+               i2d_TS_REQ;
+               TS_TST_INFO_delete_ext;
+               ESS_ISSUER_SERIAL_free;
+               ASN1_PCTX_set_str_flags;
+               ENGINE_get_pkey_asn1_meth_str;
+               TS_CONF_set_signer_key;
+               TS_ACCURACY_get_millis;
+               TS_RESP_get_token;
+               TS_ACCURACY_dup;
+               ENGINE_register_all_pkey_asn1_meths;
+               ENGINE_reg_all_pkey_asn1_meths;
+               X509_CRL_set_default_method;
+               CRYPTO_THREADID_hash;
+               CMS_ContentInfo_print_ctx;
+               TS_RESP_free;
+               ISSUING_DIST_POINT_free;
+               ESS_ISSUER_SERIAL_new;
+               CMS_add1_crl;
+               PKCS7_add1_attrib_digest;
+               TS_RESP_CTX_add_md;
+               TS_TST_INFO_dup;
+               ENGINE_set_pkey_asn1_meths;
+               PEM_write_bio_Parameters;
+               TS_TST_INFO_get_accuracy;
+               X509_CRL_get0_by_serial;
+               TS_TST_INFO_set_version;
+               TS_RESP_CTX_get_tst_info;
+               TS_RESP_verify_signature;
+               CRYPTO_THREADID_get_callback;
+               TS_TST_INFO_get_tsa;
+               TS_STATUS_INFO_new;
+               EVP_PKEY_CTX_get_cb;
+               TS_REQ_get_ext_d2i;
+               GENERAL_NAME_set0_othername;
+               TS_TST_INFO_get_ext_count;
+               TS_RESP_CTX_get_request;
+               i2d_NETSCAPE_X509;
+               ENGINE_get_pkey_meth_engine;
+               EVP_PKEY_meth_set_signctx;
+               EVP_PKEY_asn1_copy;
+               ASN1_TYPE_cmp;
+               EVP_CIPHER_do_all_sorted;
+               EVP_PKEY_CTX_free;
+               ISSUING_DIST_POINT_it;
+               d2i_TS_MSG_IMPRINT_fp;
+               X509_STORE_get1_certs;
+               EVP_PKEY_CTX_get_operation;
+               d2i_ESS_SIGNING_CERT;
+               TS_CONF_set_ordering;
+               EVP_PBE_alg_add_type;
+               TS_REQ_set_version;
+               EVP_PKEY_get0;
+               BIO_asn1_set_suffix;
+               i2d_TS_STATUS_INFO;
+               EVP_MD_do_all;
+               TS_TST_INFO_set_accuracy;
+               PKCS7_add_attrib_content_type;
+               ERR_remove_thread_state;
+               EVP_PKEY_meth_add0;
+               TS_TST_INFO_set_tsa;
+               EVP_PKEY_meth_new;
+               WHIRLPOOL_Update;
+               TS_CONF_set_accuracy;
+               ASN1_PCTX_set_oid_flags;
+               ESS_SIGNING_CERT_dup;
+               d2i_TS_REQ_bio;
+               X509_time_adj_ex;
+               TS_RESP_CTX_add_flags;
+               d2i_TS_STATUS_INFO;
+               TS_MSG_IMPRINT_set_msg;
+               BIO_asn1_get_suffix;
+               TS_REQ_free;
+               EVP_PKEY_meth_free;
+               TS_REQ_get_exts;
+               TS_RESP_CTX_set_clock_precision_digits;
+               TS_RESP_CTX_set_clk_prec_digits;
+               TS_RESP_CTX_add_failure_info;
+               i2d_TS_RESP_bio;
+               EVP_PKEY_CTX_get0_peerkey;
+               PEM_write_bio_CMS_stream;
+               TS_REQ_new;
+               TS_MSG_IMPRINT_new;
+               EVP_PKEY_meth_find;
+               EVP_PKEY_id;
+               TS_TST_INFO_set_serial;
+               a2i_GENERAL_NAME;
+               TS_CONF_set_crypto_device;
+               EVP_PKEY_verify_init;
+               TS_CONF_set_policies;
+               ASN1_PCTX_new;
+               ESS_CERT_ID_free;
+               ENGINE_unregister_pkey_meths;
+               TS_MSG_IMPRINT_free;
+               TS_VERIFY_CTX_init;
+               PKCS7_stream;
+               TS_RESP_CTX_set_certs;
+               TS_CONF_set_def_policy;
+               ASN1_GENERALIZEDTIME_adj;
+               NETSCAPE_X509_new;
+               TS_ACCURACY_free;
+               TS_RESP_get_tst_info;
+               EVP_PKEY_derive_set_peer;
+               PEM_read_bio_Parameters;
+               TS_CONF_set_clock_precision_digits;
+               TS_CONF_set_clk_prec_digits;
+               ESS_ISSUER_SERIAL_dup;
+               TS_ACCURACY_get_micros;
+               ASN1_PCTX_get_str_flags;
+               NAME_CONSTRAINTS_check;
+               ASN1_BIT_STRING_check;
+               X509_check_akid;
+               ENGINE_unregister_pkey_asn1_meths;
+               ENGINE_unreg_pkey_asn1_meths;
+               ASN1_PCTX_free;
+               PEM_write_bio_ASN1_stream;
+               i2d_ASN1_bio_stream;
+               TS_X509_ALGOR_print_bio;
+               EVP_PKEY_meth_set_cleanup;
+               EVP_PKEY_asn1_free;
+               ESS_SIGNING_CERT_free;
+               TS_TST_INFO_set_msg_imprint;
+               GENERAL_NAME_cmp;
+               d2i_ASN1_SET_ANY;
+               ENGINE_set_pkey_meths;
+               i2d_TS_REQ_fp;
+               d2i_ASN1_SEQUENCE_ANY;
+               GENERAL_NAME_get0_otherName;
+               d2i_ESS_CERT_ID;
+               OBJ_find_sigid_algs;
+               EVP_PKEY_meth_set_keygen;
+               PKCS5_PBKDF2_HMAC;
+               EVP_PKEY_paramgen;
+               EVP_PKEY_meth_set_paramgen;
+               BIO_new_PKCS7;
+               EVP_PKEY_verify_recover;
+               TS_ext_print_bio;
+               TS_ASN1_INTEGER_print_bio;
+               check_defer;
+               DSO_pathbyaddr;
+               EVP_PKEY_set_type;
+               TS_ACCURACY_set_micros;
+               TS_REQ_to_TS_VERIFY_CTX;
+               EVP_PKEY_meth_set_copy;
+               ASN1_PCTX_set_cert_flags;
+               TS_TST_INFO_get_ext;
+               EVP_PKEY_asn1_set_ctrl;
+               TS_TST_INFO_get_ext_by_critical;
+               EVP_PKEY_CTX_new_id;
+               TS_REQ_get_ext_by_OBJ;
+               TS_CONF_set_signer_cert;
+               X509_NAME_hash_old;
+               ASN1_TIME_set_string;
+               EVP_MD_flags;
+               TS_RESP_CTX_free;
+               DSAparams_dup;
+               DHparams_dup;
+               OCSP_REQ_CTX_add1_header;
+               OCSP_REQ_CTX_set1_req;
+               X509_STORE_set_verify_cb;
+               X509_STORE_CTX_get0_current_crl;
+               X509_STORE_CTX_get0_parent_ctx;
+               X509_STORE_CTX_get0_current_issuer;
+               X509_STORE_CTX_get0_cur_issuer;
+               X509_issuer_name_hash_old;
+               X509_subject_name_hash_old;
+               EVP_CIPHER_CTX_copy;
+               UI_method_get_prompt_constructor;
+               UI_method_get_prompt_constructr;
+               UI_method_set_prompt_constructor;
+               UI_method_set_prompt_constructr;
+               EVP_read_pw_string_min;
+               CRYPTO_cts128_encrypt;
+               CRYPTO_cts128_decrypt_block;
+               CRYPTO_cfb128_1_encrypt;
+               CRYPTO_cbc128_encrypt;
+               CRYPTO_ctr128_encrypt;
+               CRYPTO_ofb128_encrypt;
+               CRYPTO_cts128_decrypt;
+               CRYPTO_cts128_encrypt_block;
+               CRYPTO_cbc128_decrypt;
+               CRYPTO_cfb128_encrypt;
+               CRYPTO_cfb128_8_encrypt;
+               SSL_renegotiate_abbreviated;
+               TLSv1_1_method;
+               TLSv1_1_client_method;
+               TLSv1_1_server_method;
+               SSL_CTX_set_srp_client_pwd_callback;
+               SSL_CTX_set_srp_client_pwd_cb;
+               SSL_get_srp_g;
+               SSL_CTX_set_srp_username_callback;
+               SSL_CTX_set_srp_un_cb;
+               SSL_get_srp_userinfo;
+               SSL_set_srp_server_param;
+               SSL_set_srp_server_param_pw;
+               SSL_get_srp_N;
+               SSL_get_srp_username;
+               SSL_CTX_set_srp_password;
+               SSL_CTX_set_srp_strength;
+               SSL_CTX_set_srp_verify_param_callback;
+               SSL_CTX_set_srp_vfy_param_cb;
+               SSL_CTX_set_srp_cb_arg;
+               SSL_CTX_set_srp_username;
+               SSL_CTX_SRP_CTX_init;
+               SSL_SRP_CTX_init;
+               SRP_Calc_A_param;
+               SRP_generate_server_master_secret;
+               SRP_gen_server_master_secret;
+               SSL_CTX_SRP_CTX_free;
+               SRP_generate_client_master_secret;
+               SRP_gen_client_master_secret;
+               SSL_srp_server_param_with_username;
+               SSL_srp_server_param_with_un;
+               SSL_SRP_CTX_free;
+               SSL_set_debug;
+               SSL_SESSION_get0_peer;
+               TLSv1_2_client_method;
+               SSL_SESSION_set1_id_context;
+               TLSv1_2_server_method;
+               SSL_cache_hit;
+               SSL_get0_kssl_ctx;
+               SSL_set0_kssl_ctx;
+               SSL_set_state;
+               SSL_CIPHER_get_id;
+               TLSv1_2_method;
+               kssl_ctx_get0_client_princ;
+               SSL_export_keying_material;
+               SSL_set_tlsext_use_srtp;
+               SSL_CTX_set_next_protos_advertised_cb;
+               SSL_CTX_set_next_protos_adv_cb;
+               SSL_get0_next_proto_negotiated;
+               SSL_get_selected_srtp_profile;
+               SSL_CTX_set_tlsext_use_srtp;
+               SSL_select_next_proto;
+               SSL_get_srtp_profiles;
+               SSL_CTX_set_next_proto_select_cb;
+               SSL_CTX_set_next_proto_sel_cb;
+               SSL_SESSION_get_compress_id;
+
+               SRP_VBASE_get_by_user;
+               SRP_Calc_server_key;
+               SRP_create_verifier;
+               SRP_create_verifier_BN;
+               SRP_Calc_u;
+               SRP_VBASE_free;
+               SRP_Calc_client_key;
+               SRP_get_default_gN;
+               SRP_Calc_x;
+               SRP_Calc_B;
+               SRP_VBASE_new;
+               SRP_check_known_gN_param;
+               SRP_Calc_A;
+               SRP_Verify_A_mod_N;
+               SRP_VBASE_init;
+               SRP_Verify_B_mod_N;
+               EC_KEY_set_public_key_affine_coordinates;
+               EC_KEY_set_pub_key_aff_coords;
+               EVP_aes_192_ctr;
+               EVP_PKEY_meth_get0_info;
+               EVP_PKEY_meth_copy;
+               ERR_add_error_vdata;
+               EVP_aes_128_ctr;
+               EVP_aes_256_ctr;
+               EC_GFp_nistp224_method;
+               EC_KEY_get_flags;
+               RSA_padding_add_PKCS1_PSS_mgf1;
+               EVP_aes_128_xts;
+               EVP_aes_256_xts;
+               EVP_aes_128_gcm;
+               EC_KEY_clear_flags;
+               EC_KEY_set_flags;
+               EVP_aes_256_ccm;
+               RSA_verify_PKCS1_PSS_mgf1;
+               EVP_aes_128_ccm;
+               EVP_aes_192_gcm;
+               X509_ALGOR_set_md;
+               RAND_init_fips;
+               EVP_aes_256_gcm;
+               EVP_aes_192_ccm;
+               CMAC_CTX_copy;
+               CMAC_CTX_free;
+               CMAC_CTX_get0_cipher_ctx;
+               CMAC_CTX_cleanup;
+               CMAC_Init;
+               CMAC_Update;
+               CMAC_resume;
+               CMAC_CTX_new;
+               CMAC_Final;
+               CRYPTO_ctr128_encrypt_ctr32;
+               CRYPTO_gcm128_release;
+               CRYPTO_ccm128_decrypt_ccm64;
+               CRYPTO_ccm128_encrypt;
+               CRYPTO_gcm128_encrypt;
+               CRYPTO_xts128_encrypt;
+               EVP_rc4_hmac_md5;
+               CRYPTO_nistcts128_decrypt_block;
+               CRYPTO_gcm128_setiv;
+               CRYPTO_nistcts128_encrypt;
+               EVP_aes_128_cbc_hmac_sha1;
+               CRYPTO_gcm128_tag;
+               CRYPTO_ccm128_encrypt_ccm64;
+               ENGINE_load_rdrand;
+               CRYPTO_ccm128_setiv;
+               CRYPTO_nistcts128_encrypt_block;
+               CRYPTO_gcm128_aad;
+               CRYPTO_ccm128_init;
+               CRYPTO_nistcts128_decrypt;
+               CRYPTO_gcm128_new;
+               CRYPTO_ccm128_tag;
+               CRYPTO_ccm128_decrypt;
+               CRYPTO_ccm128_aad;
+               CRYPTO_gcm128_init;
+               CRYPTO_gcm128_decrypt;
+               ENGINE_load_rsax;
+               CRYPTO_gcm128_decrypt_ctr32;
+               CRYPTO_gcm128_encrypt_ctr32;
+               CRYPTO_gcm128_finish;
+               EVP_aes_256_cbc_hmac_sha1;
+               PKCS5_pbkdf2_set;
+               CMS_add0_recipient_password;
+               CMS_decrypt_set1_password;
+               CMS_RecipientInfo_set0_password;
+               RAND_set_fips_drbg_type;
+               X509_REQ_sign_ctx;
+               RSA_PSS_PARAMS_new;
+               X509_CRL_sign_ctx;
+               X509_signature_dump;
+               d2i_RSA_PSS_PARAMS;
+               RSA_PSS_PARAMS_it;
+               RSA_PSS_PARAMS_free;
+               X509_sign_ctx;
+               i2d_RSA_PSS_PARAMS;
+               ASN1_item_sign_ctx;
+               EC_GFp_nistp521_method;
+               EC_GFp_nistp256_method;
+               OPENSSL_stderr;
+               OPENSSL_cpuid_setup;
+               OPENSSL_showfatal;
+               BIO_new_dgram_sctp;
+               BIO_dgram_sctp_msg_waiting;
+               BIO_dgram_sctp_wait_for_dry;
+               BIO_s_datagram_sctp;
+               BIO_dgram_is_sctp;
+               BIO_dgram_sctp_notification_cb;
+               CRYPTO_memcmp;
+               SSL_CTX_set_alpn_protos;
+               SSL_set_alpn_protos;
+               SSL_CTX_set_alpn_select_cb;
+               SSL_get0_alpn_selected;
+               SSL_CTX_set_custom_cli_ext;
+               SSL_CTX_set_custom_srv_ext;
+               SSL_CTX_set_srv_supp_data;
+               SSL_CTX_set_cli_supp_data;
+               SSL_set_cert_cb;
+               SSL_CTX_use_serverinfo;
+               SSL_CTX_use_serverinfo_file;
+               SSL_CTX_set_cert_cb;
+               SSL_CTX_get0_param;
+               SSL_get0_param;
+               SSL_certs_clear;
+               DTLSv1_2_method;
+               DTLSv1_2_server_method;
+               DTLSv1_2_client_method;
+               DTLS_method;
+               DTLS_server_method;
+               DTLS_client_method;
+               SSL_CTX_get_ssl_method;
+               SSL_CTX_get0_certificate;
+               SSL_CTX_get0_privatekey;
+               SSL_COMP_set0_compression_methods;
+               SSL_COMP_free_compression_methods;
+               SSL_CIPHER_find;
+               SSL_is_server;
+               SSL_CONF_CTX_new;
+               SSL_CONF_CTX_finish;
+               SSL_CONF_CTX_free;
+               SSL_CONF_CTX_set_flags;
+               SSL_CONF_CTX_clear_flags;
+               SSL_CONF_CTX_set1_prefix;
+               SSL_CONF_CTX_set_ssl;
+               SSL_CONF_CTX_set_ssl_ctx;
+               SSL_CONF_cmd;
+               SSL_CONF_cmd_argv;
+               SSL_CONF_cmd_value_type;
+               SSL_trace;
+               SSL_CIPHER_standard_name;
+               SSL_get_tlsa_record_byname;
+               ASN1_TIME_diff;
+               BIO_hex_string;
+               CMS_RecipientInfo_get0_pkey_ctx;
+               CMS_RecipientInfo_encrypt;
+               CMS_SignerInfo_get0_pkey_ctx;
+               CMS_SignerInfo_get0_md_ctx;
+               CMS_SignerInfo_get0_signature;
+               CMS_RecipientInfo_kari_get0_alg;
+               CMS_RecipientInfo_kari_get0_reks;
+               CMS_RecipientInfo_kari_get0_orig_id;
+               CMS_RecipientInfo_kari_orig_id_cmp;
+               CMS_RecipientEncryptedKey_get0_id;
+               CMS_RecipientEncryptedKey_cert_cmp;
+               CMS_RecipientInfo_kari_set0_pkey;
+               CMS_RecipientInfo_kari_get0_ctx;
+               CMS_RecipientInfo_kari_decrypt;
+               CMS_SharedInfo_encode;
+               DH_compute_key_padded;
+               d2i_DHxparams;
+               i2d_DHxparams;
+               DH_get_1024_160;
+               DH_get_2048_224;
+               DH_get_2048_256;
+               DH_KDF_X9_42;
+               ECDH_KDF_X9_62;
+               ECDSA_METHOD_new;
+               ECDSA_METHOD_free;
+               ECDSA_METHOD_set_app_data;
+               ECDSA_METHOD_get_app_data;
+               ECDSA_METHOD_set_sign;
+               ECDSA_METHOD_set_sign_setup;
+               ECDSA_METHOD_set_verify;
+               ECDSA_METHOD_set_flags;
+               ECDSA_METHOD_set_name;
+               EVP_des_ede3_wrap;
+               EVP_aes_128_wrap;
+               EVP_aes_192_wrap;
+               EVP_aes_256_wrap;
+               EVP_aes_128_cbc_hmac_sha256;
+               EVP_aes_256_cbc_hmac_sha256;
+               CRYPTO_128_wrap;
+               CRYPTO_128_unwrap;
+               OCSP_REQ_CTX_nbio;
+               OCSP_REQ_CTX_new;
+               OCSP_set_max_response_length;
+               OCSP_REQ_CTX_i2d;
+               OCSP_REQ_CTX_nbio_d2i;
+               OCSP_REQ_CTX_get0_mem_bio;
+               OCSP_REQ_CTX_http;
+               RSA_padding_add_PKCS1_OAEP_mgf1;
+               RSA_padding_check_PKCS1_OAEP_mgf1;
+               RSA_OAEP_PARAMS_free;
+               RSA_OAEP_PARAMS_it;
+               RSA_OAEP_PARAMS_new;
+               SSL_get_sigalgs;
+               SSL_get_shared_sigalgs;
+               SSL_check_chain;
+               X509_chain_up_ref;
+               X509_http_nbio;
+               X509_CRL_http_nbio;
+               X509_REVOKED_dup;
+               i2d_re_X509_tbs;
+               X509_get0_signature;
+               X509_get_signature_nid;
+               X509_CRL_diff;
+               X509_chain_check_suiteb;
+               X509_CRL_check_suiteb;
+               X509_check_host;
+               X509_check_email;
+               X509_check_ip;
+               X509_check_ip_asc;
+               X509_STORE_set_lookup_crls_cb;
+               X509_STORE_CTX_get0_store;
+               X509_VERIFY_PARAM_set1_host;
+               X509_VERIFY_PARAM_add1_host;
+               X509_VERIFY_PARAM_set_hostflags;
+               X509_VERIFY_PARAM_get0_peername;
+               X509_VERIFY_PARAM_set1_email;
+               X509_VERIFY_PARAM_set1_ip;
+               X509_VERIFY_PARAM_set1_ip_asc;
+               X509_VERIFY_PARAM_get0_name;
+               X509_VERIFY_PARAM_get_count;
+               X509_VERIFY_PARAM_get0;
+               X509V3_EXT_free;
+               EC_GROUP_get_mont_data;
+               EC_curve_nid2nist;
+               EC_curve_nist2nid;
+               PEM_write_bio_DHxparams;
+               PEM_write_DHxparams;
+               SSL_CTX_add_client_custom_ext;
+               SSL_CTX_add_server_custom_ext;
+               SSL_extension_supported;
+               BUF_strnlen;
+               sk_deep_copy;
+               SSL_test_functions;
+
+       local:
+               *;
+};
+
+OPENSSL_1.0.2g {
+       global:
+               SRP_VBASE_get1_by_user;
+               SRP_user_pwd_free;
+} OPENSSL_1.0.2d;
+
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
+===================================================================
+--- /dev/null   1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld  2014-02-24 21:02:30.000000000 +0100
+@@ -0,0 +1,10 @@
+OPENSSL_1.0.2 {
+       global:
+               bind_engine;
+               v_check;
+               OPENSSL_init;
+               OPENSSL_finish;
+       local:
+               *;
+};
+
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld
+===================================================================
+--- /dev/null   1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld   2014-02-24 21:02:30.000000000 +0100
+@@ -0,0 +1,10 @@
+OPENSSL_1.0.2 {
+       global:
+               bind_engine;
+               v_check;
+               OPENSSL_init;
+               OPENSSL_finish;
+       local:
+               *;
+};
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/engines-install-in-libdir-ssl.patch b/recipes-connectivity/openssl/openssl-qoriq/engines-install-in-libdir-ssl.patch
index d8a6f1a23..a5746483e 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/engines-install-in-libdir-ssl.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/engines-install-in-libdir-ssl.patch
@@ -1,11 +1,11 @@
 Upstream-Status: Inappropriate [configuration]
-Index: openssl-1.0.0/engines/Makefile
+Index: openssl-1.0.2/engines/Makefile
 ===================================================================
--- openssl-1.0.0.orig/engines/Makefile
+--- openssl-1.0.2.orig/engines/Makefile
-+++ openssl-1.0.0/engines/Makefile
+++ openssl-1.0.2/engines/Makefile
-@@ -107,7 +107,7 @@
+@@ -107,13 +107,13 @@ install:
        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
        @if [ -n "$(SHARED_LIBS)" ]; then \
                set -e; \
@@ -14,16 +14,19 @@ Index: openssl-1.0.0/engines/Makefile
                for l in $(LIBNAMES); do \
                        ( echo installing $$l; \
                          pfx=lib; \
-@@ -119,13 +119,13 @@
+                          if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
+                                sfx=".so"; \
+-                               cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+                               cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
+                          else \
+                                case "$(CFLAGS)" in \
+                                *DSO_BEOS*)     sfx=".so";;     \
+@@ -122,10 +122,10 @@ install:
                                *DSO_WIN32*)    sfx="eay32.dll"; pfx=;; \
                                *)              sfx=".bad";;    \
                                esac; \
 -                               cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
 +                               cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
-                          else \
-                                sfx=".so"; \
-                               cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
-+                               cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
                          fi; \
 -                         chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
 -                         mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
@@ -32,20 +35,25 @@ Index: openssl-1.0.0/engines/Makefile
                done; \
        fi
        @target=install; $(RECURSIVE_MAKE)
-Index: openssl-1.0.0/engines/ccgost/Makefile
+Index: openssl-1.0.2/engines/ccgost/Makefile
 ===================================================================
--- openssl-1.0.0.orig/engines/ccgost/Makefile
+--- openssl-1.0.2.orig/engines/ccgost/Makefile
-+++ openssl-1.0.0/engines/ccgost/Makefile
+++ openssl-1.0.2/engines/ccgost/Makefile
-@@ -53,13 +53,13 @@
+@@ -47,7 +47,7 @@ install:
+                pfx=lib; \
+                if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
+                        sfx=".so"; \
+-                       cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+                       cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+                else \
+                        case "$(CFLAGS)" in \
+                        *DSO_BEOS*) sfx=".so";; \
+@@ -56,10 +56,10 @@ install:
                        *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
                        *) sfx=".bad";; \
                        esac; \
 -                       cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
 +                       cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
-                else \
-                        sfx=".so"; \
-                       cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
-+                       cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
                fi; \
 -               chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
 -               mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
diff --git a/recipes-connectivity/openssl/openssl-qoriq/fix-cipher-des-ede3-cfb1.patch b/recipes-connectivity/openssl/openssl-qoriq/fix-cipher-des-ede3-cfb1.patch
index f0e177840..2a318a458 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/fix-cipher-des-ede3-cfb1.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/fix-cipher-des-ede3-cfb1.patch
@@ -4,19 +4,18 @@ This patch adds the fix for one of the ciphers used in openssl, namely
 the cipher des-ede3-cfb1. Complete bug log and patch is present here:
 http://rt.openssl.org/Ticket/Display.html?id=2867
-Signed-Off-By: Muhammad Shakeel <muhammad_shakeel@mentor.com>
+Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
-diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
+Index: openssl-1.0.2/crypto/evp/e_des3.c
-index 3232cfe..df84922 100644
 ===================================================================
--- a/crypto/evp/e_des3.c
+--- openssl-1.0.2.orig/crypto/evp/e_des3.c
-+++ b/crypto/evp/e_des3.c
+++ openssl-1.0.2/crypto/evp/e_des3.c
-@@ -173,7 +173,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+@@ -211,7 +211,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPH
     size_t n;
-     unsigned char c[1],d[1];
+     unsigned char c[1], d[1];
 
-    for(n=0 ; n < inl ; ++n)
+-    for (n = 0; n < inl; ++n) {
-+    for(n=0 ; n < inl*8 ; ++n)
+    for (n = 0; n * 8 < inl; ++n) {
-        {
+         c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
-        c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
+         DES_ede3_cfb_encrypt(c, d, 1, 1,
-        DES_ede3_cfb_encrypt(c,d,1,1,
+                              &data(ctx)->ks1, &data(ctx)->ks2,
diff --git a/recipes-connectivity/openssl/openssl-qoriq/initial-aarch64-bits.patch b/recipes-connectivity/openssl/openssl-qoriq/initial-aarch64-bits.patch
deleted file mode 100644
index 2185ff8a4..000000000
--- a/recipes-connectivity/openssl/openssl-qoriq/initial-aarch64-bits.patch
+++ /dev/null
@@ -1,119 +0,0 @@
-From: Andy Polyakov <appro@openssl.org>
-Date: Sun, 13 Oct 2013 17:15:15 +0000 (+0200)
-Subject: Initial aarch64 bits.
-X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=039081b80977e2a5de84e1f88f8b4d025b559956
-Initial aarch64 bits.
---
- crypto/bn/bn_lcl.h       |    9 +++++++++
- crypto/md32_common.h     |   18 ++++++++++++++++++
- crypto/modes/modes_lcl.h |    8 ++++++++
- crypto/sha/sha512.c      |   13 +++++++++++++
- 4 files changed, 48 insertions(+)
-Index: openssl-1.0.1f/crypto/bn/bn_lcl.h
-===================================================================
--- openssl-1.0.1f.orig/crypto/bn/bn_lcl.h      2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/crypto/bn/bn_lcl.h   2014-02-28 10:37:55.495979037 +0200
-@@ -300,6 +300,15 @@
-             : "r"(a), "r"(b));
- #    endif
- #  endif
-+# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG)
-+#  if defined(__GNUC__) && __GNUC__>=2
-+#   define BN_UMULT_HIGH(a,b)  ({  \
-+   register BN_ULONG ret;      \
-+   asm ("umulh %0,%1,%2"   \
-+        : "=r"(ret)        \
-+        : "r"(a), "r"(b));     \
-+   ret;            })
-+#  endif
- # endif                /* cpu */
- #endif         /* OPENSSL_NO_ASM */
- 
-Index: openssl-1.0.1f/crypto/md32_common.h
-===================================================================
--- openssl-1.0.1f.orig/crypto/md32_common.h    2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/crypto/md32_common.h 2014-02-28 10:39:21.751979107 +0200
-@@ -213,6 +213,24 @@
-                                   asm ("bswapl %0":"=r"(r):"0"(r));    \
-                                   *((unsigned int *)(c))=r; (c)+=4; r; })
- #   endif
-+#  elif defined(__aarch64__)
-+#   if defined(__BYTE_ORDER__)
-+#    if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
-+#     define HOST_c2l(c,l) ({ unsigned int r;      \
-+                  asm ("rev    %w0,%w1"    \
-+                   :"=r"(r)        \
-+                   :"r"(*((const unsigned int *)(c))));\
-+                  (c)+=4; (l)=r;       })
-+#     define HOST_l2c(l,c) ({ unsigned int r;      \
-+                  asm ("rev    %w0,%w1"    \
-+                   :"=r"(r)        \
-+                   :"r"((unsigned int)(l)));\
-+                  *((unsigned int *)(c))=r; (c)+=4; r; })
-+#    elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
-+#     define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
-+#     define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
-+#    endif
-+#   endif
- #  endif
- # endif
- #endif
-Index: openssl-1.0.1f/crypto/modes/modes_lcl.h
-===================================================================
--- openssl-1.0.1f.orig/crypto/modes/modes_lcl.h        2014-02-28 10:47:48.731979011 +0200
-+++ openssl-1.0.1f/crypto/modes/modes_lcl.h     2014-02-28 10:48:49.707978919 +0200
-@@ -29,6 +29,7 @@
- #if defined(__i386)    || defined(__i386__)    || \
-     defined(__x86_64)  || defined(__x86_64__)  || \
-     defined(_M_IX86)   || defined(_M_AMD64)    || defined(_M_X64) || \
-+    defined(__aarch64__)           || \
-     defined(__s390__)  || defined(__s390x__)
- # undef STRICT_ALIGNMENT
- #endif
-@@ -50,6 +51,13 @@
- #  define BSWAP4(x) ({ u32 ret=(x);                    \
-                        asm ("bswapl %0"                \
-                        : "+r"(ret));   ret;            })
-+# elif defined(__aarch64__)
-+#  define BSWAP8(x) ({ u64 ret;            \
-+           asm ("rev %0,%1"        \
-+           : "=r"(ret) : "r"(x)); ret; })
-+#  define BSWAP4(x) ({ u32 ret;            \
-+           asm ("rev %w0,%w1"      \
-+           : "=r"(ret) : "r"(x)); ret; })
- # elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
- #  define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x);     \
-                        asm ("rev %0,%0; rev %1,%1"     \
-Index: openssl-1.0.1f/crypto/sha/sha512.c
-===================================================================
--- openssl-1.0.1f.orig/crypto/sha/sha512.c     2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/crypto/sha/sha512.c  2014-02-28 10:52:14.579978981 +0200
-@@ -55,6 +55,7 @@
- #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
-     defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
-     defined(__s390__) || defined(__s390x__) || \
-+    defined(__aarch64__) || \
-     defined(SHA512_ASM)
- #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
- #endif
-@@ -347,6 +348,18 @@
-                                asm ("rotrdi %0,%1,%2"  \
-                                : "=r"(ret)             \
-                                : "r"(a),"K"(n)); ret;  })
-+#  elif defined(__aarch64__)
-+#   define ROTR(a,n)   ({ SHA_LONG64 ret;      \
-+               asm ("ror %0,%1,%2" \
-+               : "=r"(ret)     \
-+               : "r"(a),"I"(n)); ret;  })
-+#   if  defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
-+   __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
-+#    define PULL64(x)  ({ SHA_LONG64 ret;          \
-+               asm ("rev   %0,%1"      \
-+               : "=r"(ret)         \
-+               : "r"(*((const SHA_LONG64 *)(&(x))))); ret;     })
-+#   endif
- #  endif
- # elif defined(_MSC_VER)
- #  if defined(_WIN64)  /* applies to both IA-64 and AMD64 */
diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl-1.0.2a-x32-asm.patch b/recipes-connectivity/openssl/openssl-qoriq/openssl-1.0.2a-x32-asm.patch
new file mode 100644
index 000000000..1e5bfa17d
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/openssl-1.0.2a-x32-asm.patch
@@ -0,0 +1,46 @@
+https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest
+From 6257d59b3a68d2feb9d64317a1c556dc3813ee61 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Sat, 21 Mar 2015 06:01:25 -0400
+Subject: [PATCH] crypto: use bigint in x86-64 perl
+Upstream-Status: Pending
+Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
+When building on x32 systems where the default type is 32bit, make sure
+we can transparently represent 64bit integers.  Otherwise we end up with
+build errors like:
+/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s
+Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890.
+...
+ghash-x86_64.s: Assembler messages:
+ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression
+We don't enable this globally as there are some cases where we'd get
+32bit values interpreted as unsigned when we need them as signed.
+Reported-by: Bertrand Jacquin <bertrand@jacquin.bzh>
+URL: https://bugs.gentoo.org/542618
+---
+ crypto/perlasm/x86_64-xlate.pl | 4 ++++
+ 1 file changed, 4 insertions(+)
+diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
+index aae8288..0bf9774 100755
+--- a/crypto/perlasm/x86_64-xlate.pl
+++ b/crypto/perlasm/x86_64-xlate.pl
+@@ -195,6 +195,10 @@ my %globals;
+     sub out {
+        my $self = shift;
+ 
+       # When building on x32 ABIs, the expanded hex value might be too
+       # big to fit into 32bits.  Enable transparent 64bit support here
+       # so we can safely print it out.
+       use bigint;
+        if ($gas) {
+            # Solaris /usr/ccs/bin/as can't handle multiplications
+            # in $self->{value}
+-- 
+2.3.3
diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
index c161e62f6..f736e5c09 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
@@ -8,14 +8,16 @@ http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
 Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
 ---
--- a/crypto/evp/digest.c
+Index: openssl-1.0.2h/crypto/evp/digest.c
-+++ b/crypto/evp/digest.c
+===================================================================
-@@ -199,7 +199,7 @@
+--- openssl-1.0.2h.orig/crypto/evp/digest.c
-                return 0;
+++ openssl-1.0.2h/crypto/evp/digest.c
-                }
+@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
+         type = ctx->digest;
+     }
 #endif
-       if (ctx->digest != type)
+-    if (ctx->digest != type) {
-+       if (type && (ctx->digest != type))
+    if (type && (ctx->digest != type)) {
-                {
+         if (ctx->digest && ctx->digest->ctx_size) {
-                if (ctx->digest && ctx->digest->ctx_size)
+             OPENSSL_free(ctx->md_data);
-                        OPENSSL_free(ctx->md_data);
+             ctx->md_data = NULL;
diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch b/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
deleted file mode 100644
index 3e93fe4e2..000000000
--- a/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-openssl: avoid NULL pointer dereference in dh_pub_encode()/dsa_pub_encode()
-We should avoid accessing the pointer if ASN1_STRING_new()
-allocates memory failed.
-Upstream-Status: Submitted
-http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html
-Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
---
--- a/crypto/dh/dh_ameth.c
-+++ b/crypto/dh/dh_ameth.c
-@@ -139,6 +139,12 @@
-        dh=pkey->pkey.dh;
- 
-        str = ASN1_STRING_new();
-+       if (!str)
-+               {
-+               DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+               }
-+
-        str->length = i2d_DHparams(dh, &str->data);
-        if (str->length <= 0)
-                {
--- a/crypto/dsa/dsa_ameth.c
-+++ b/crypto/dsa/dsa_ameth.c
-@@ -148,6 +148,11 @@
-                {
-                ASN1_STRING *str;
-                str = ASN1_STRING_new();
-+               if (!str)
-+                       {
-+                       DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
-+                       goto err;
-+                       }
-                str->length = i2d_DSAparams(dsa, &str->data);
-                if (str->length <= 0)
-                        {
diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl-c_rehash.sh b/recipes-connectivity/openssl/openssl-qoriq/openssl-c_rehash.sh
new file mode 100644
index 000000000..f67f41554
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/openssl-c_rehash.sh
@@ -0,0 +1,210 @@
+#!/bin/sh
+#
+# Ben Secrest <blsecres@gmail.com>
+#
+# sh c_rehash script, scan all files in a directory
+# and add symbolic links to their hash values.
+#
+# based on the c_rehash perl script distributed with openssl
+#
+# LICENSE: See OpenSSL license
+# ^^acceptable?^^
+#
+# default certificate location
+DIR=/etc/openssl
+# for filetype bitfield
+IS_CERT=$(( 1 << 0 ))
+IS_CRL=$(( 1 << 1 ))
+# check to see if a file is a certificate file or a CRL file
+# arguments:
+#       1. the filename to be scanned
+# returns:
+#       bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
+#
+check_file()
+{
+    local IS_TYPE=0
+    # make IFS a newline so we can process grep output line by line
+    local OLDIFS=${IFS}
+    IFS=$( printf "\n" )
+    # XXX: could be more efficient to have two 'grep -m' but is -m portable?
+    for LINE in $( grep '^-----BEGIN .*-----' ${1} )
+    do
+        if echo ${LINE} \
+            | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----'
+        then
+            IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} ))
+            if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
+            then
+                break
+            fi
+        elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----'
+        then
+            IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} ))
+            if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
+            then
+                break
+            fi
+        fi
+    done
+    # restore IFS
+    IFS=${OLDIFS}
+    return ${IS_TYPE}
+}
+#
+# use openssl to fingerprint a file
+#    arguments:
+#       1. the filename to fingerprint
+#       2. the method to use (x509, crl)
+#    returns:
+#       none
+#    assumptions:
+#       user will capture output from last stage of pipeline
+#
+fingerprint()
+{
+    ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':'
+}
+#
+# link_hash - create links to certificate files
+#    arguments:
+#       1. the filename to create a link for
+#       2. the type of certificate being linked (x509, crl)
+#    returns:
+#       0 on success, 1 otherwise
+#
+link_hash()
+{
+    local FINGERPRINT=$( fingerprint ${1} ${2} )
+    local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
+    local SUFFIX=0
+    local LINKFILE=''
+    local TAG=''
+    if [ ${2} = "crl" ]
+    then
+        TAG='r'
+    fi
+    LINKFILE=${HASH}.${TAG}${SUFFIX}
+    while [ -f ${LINKFILE} ]
+    do
+        if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
+        then
+            echo "NOTE: Skipping duplicate file ${1}" >&2
+            return 1
+        fi      
+        SUFFIX=$(( ${SUFFIX} + 1 ))
+        LINKFILE=${HASH}.${TAG}${SUFFIX}
+    done
+    echo "${1} => ${LINKFILE}"
+    # assume any system with a POSIX shell will either support symlinks or
+    # do something to handle this gracefully
+    ln -s ${1} ${LINKFILE}
+    return 0
+}
+# hash_dir create hash links in a given directory
+hash_dir()
+{
+    echo "Doing ${1}"
+    cd ${1}
+    ls -1 * 2>/dev/null | while read FILE
+    do
+        if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
+                && [ -h "${FILE}" ]
+        then
+            rm ${FILE}
+        fi
+    done
+    ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE
+    do
+        check_file ${FILE}
+        local FILE_TYPE=${?}
+        local TYPE_STR=''
+        if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
+        then
+            TYPE_STR='x509'
+        elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
+        then
+            TYPE_STR='crl'
+        else
+            echo "NOTE: ${FILE} does not contain a certificate or CRL: skipping" >&2
+            continue
+        fi
+        link_hash ${FILE} ${TYPE_STR}
+    done
+}
+# choose the name of an ssl application
+if [ -n "${OPENSSL}" ]
+then
+    SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
+else
+    SSL_CMD=/usr/bin/openssl
+    OPENSSL=${SSL_CMD}
+    export OPENSSL
+fi
+# fix paths
+PATH=${PATH}:${DIR}/bin
+export PATH
+# confirm existance/executability of ssl command
+if ! [ -x ${SSL_CMD} ]
+then
+    echo "${0}: rehashing skipped ('openssl' program not available)" >&2
+    exit 0
+fi
+# determine which directories to process
+old_IFS=$IFS
+if [ ${#} -gt 0 ]
+then
+    IFS=':'
+    DIRLIST=${*}
+elif [ -n "${SSL_CERT_DIR}" ]
+then
+    DIRLIST=$SSL_CERT_DIR
+else
+    DIRLIST=${DIR}/certs
+fi
+IFS=':'
+# process directories
+for CERT_DIR in ${DIRLIST}
+do
+    if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
+    then
+        IFS=$old_IFS
+        hash_dir ${CERT_DIR}
+        IFS=':'
+    fi
+done
diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl-fix-link.patch b/recipes-connectivity/openssl/openssl-qoriq/openssl-fix-link.patch
deleted file mode 100644
index 154106cbc..000000000
--- a/recipes-connectivity/openssl/openssl-qoriq/openssl-fix-link.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From aabfb6f78af8e337d3239142117ba303fce55e7e Mon Sep 17 00:00:00 2001
-From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
-Date: Thu, 22 Sep 2011 08:55:26 +0200
-Subject: [PATCH] fix the parallel build regarding shared libraries.
-Upstream-Status: Pending
---
- .../openssl-1.0.0e/Makefile.org                    |    8 ++++----
- 1 files changed, 4 insertions(+), 4 deletions(-)
-diff --git a/Makefile.org
-index 3c7aea1..6326cd6 100644
--- a/Makefile.org
-+++ b/Makefile.org
-@@ -243,13 +243,13 @@ build_libs: build_crypto build_ssl build_engines
- 
- build_crypto:
-        @dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_ssl:
-+build_ssl: build_crypto
-        @dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines:
-+build_engines: build_crypto
-        @dir=engines; target=all; $(BUILD_ONE_CMD)
-build_apps:
-+build_apps: build_crypto build_ssl
-        @dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests:
-+build_tests: build_crypto build_ssl
-        @dir=test; target=all; $(BUILD_ONE_CMD)
- build_tools:
-        @dir=tools; target=all; $(BUILD_ONE_CMD)
-- 
-1.6.6.1
diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl_fix_for_x32.patch b/recipes-connectivity/openssl/openssl-qoriq/openssl_fix_for_x32.patch
index 93ce0343c..0f08a642f 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/openssl_fix_for_x32.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/openssl_fix_for_x32.patch
@@ -2,68 +2,17 @@ Upstream-Status: Pending
 Received from H J Liu @ Intel
 Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors.
-Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
+Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
 ported the patch to the 1.0.0e version
-Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
+Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
-Index: openssl-1.0.1e/Configure
+Index: openssl-1.0.2/crypto/bn/bn.h
 ===================================================================
--- openssl-1.0.1e.orig/Configure
+--- openssl-1.0.2.orig/crypto/bn/bn.h
-+++ openssl-1.0.1e/Configure
+++ openssl-1.0.2/crypto/bn/bn.h
-@@ -402,6 +402,7 @@ my %table=(
+@@ -173,6 +173,13 @@ extern "C" {
- "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ #  endif
- "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-x86_64",        "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux-x32", "gcc:-mx32 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
- "linux64-s390x",       "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
- #### So called "highgprs" target for z/Architecture CPUs
- # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
-Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
-===================================================================
--- openssl-1.0.1e.orig/crypto/bn/asm/x86_64-gcc.c
-+++ openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
-@@ -55,7 +55,7 @@
-  *    machine.
-  */
- 
-#ifdef _WIN64
-+#if defined _WIN64 || !defined __LP64__
- #define BN_ULONG unsigned long long
- #else
- #define BN_ULONG unsigned long
-@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con
-        asm (
-        "       subq    %2,%2           \n"
-        ".p2align 4                     \n"
-       "1:     movq    (%4,%2,8),%0    \n"
-       "       adcq    (%5,%2,8),%0    \n"
-       "       movq    %0,(%3,%2,8)    \n"
-+       "1:     movq    (%q4,%2,8),%0   \n"
-+       "       adcq    (%q5,%2,8),%0   \n"
-+       "       movq    %0,(%q3,%2,8)   \n"
-        "       leaq    1(%2),%2        \n"
-        "       loop    1b              \n"
-        "       sbbq    %0,%0           \n"
-@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con
-        asm (
-        "       subq    %2,%2           \n"
-        ".p2align 4                     \n"
-       "1:     movq    (%4,%2,8),%0    \n"
-       "       sbbq    (%5,%2,8),%0    \n"
-       "       movq    %0,(%3,%2,8)    \n"
-+       "1:     movq    (%q4,%2,8),%0   \n"
-+       "       sbbq    (%q5,%2,8),%0   \n"
-+       "       movq    %0,(%q3,%2,8)   \n"
-        "       leaq    1(%2),%2        \n"
-        "       loop    1b              \n"
-        "       sbbq    %0,%0           \n"
-Index: openssl-1.0.1e/crypto/bn/bn.h
-===================================================================
--- openssl-1.0.1e.orig/crypto/bn/bn.h
-+++ openssl-1.0.1e/crypto/bn/bn.h
-@@ -172,6 +172,13 @@ extern "C" {
 # endif
- #endif
 
 +/* Address type.  */
 +#ifdef _WIN64
@@ -72,19 +21,19 @@ Index: openssl-1.0.1e/crypto/bn/bn.h
 +#define BN_ADDR unsigned long
 +#endif
 +
- /* assuming long is 64bit - this is the DEC Alpha
+ /*
-  * unsigned long long is only 64 bits :-(, don't define
+  * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
-  * BN_LLONG for the DEC Alpha */
+  * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
-Index: openssl-1.0.1e/crypto/bn/bn_exp.c
+Index: openssl-1.0.2/crypto/bn/bn_exp.c
 ===================================================================
--- openssl-1.0.1e.orig/crypto/bn/bn_exp.c
+--- openssl-1.0.2.orig/crypto/bn/bn_exp.c
-+++ openssl-1.0.1e/crypto/bn/bn_exp.c
+++ openssl-1.0.2/crypto/bn/bn_exp.c
-@@ -567,7 +567,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
+@@ -638,7 +638,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
- 
+  * multiple.
- /* Given a pointer value, compute the next address that is a cache line multiple. */
+  */
 #define MOD_EXP_CTIME_ALIGN(x_) \
-       ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+-        ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
 +       ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
 
- /* This variant of BN_mod_exp_mont() uses fixed windows and the special
+ /*
-  * precomputation memory layout to limit data-dependency to a minimum
+  * This variant of BN_mod_exp_mont() uses fixed windows and the special
diff --git a/recipes-connectivity/openssl/openssl-qoriq/parallel.patch b/recipes-connectivity/openssl/openssl-qoriq/parallel.patch
new file mode 100644
index 000000000..b6c2c148b
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/parallel.patch
@@ -0,0 +1,326 @@
+Fix the parallel races in the Makefiles.
+This patch was taken from the Gentoo packaging:
+https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch
+Upstream-Status: Pending
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+--- openssl-1.0.2g/crypto/Makefile
+++ openssl-1.0.2g/crypto/Makefile
+@@ -85,11 +85,11 @@
+        @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+ 
+ subdirs:
+-       @target=all; $(RECURSIVE_MAKE)
+       +@target=all; $(RECURSIVE_MAKE)
+ 
+ files:
+        $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
+-       @target=files; $(RECURSIVE_MAKE)
+       +@target=files; $(RECURSIVE_MAKE)
+ 
+ links:
+        @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+@@ -100,7 +100,7 @@
+ # lib: $(LIB): are splitted to avoid end-less loop
+ lib:   $(LIB)
+        @touch lib
+-$(LIB):        $(LIBOBJ)
+$(LIB):        $(LIBOBJ) | subdirs
+        $(AR) $(LIB) $(LIBOBJ)
+        test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
+        $(RANLIB) $(LIB) || echo Never mind.
+@@ -111,7 +111,7 @@
+        fi
+ 
+ libs:
+-       @target=lib; $(RECURSIVE_MAKE)
+       +@target=lib; $(RECURSIVE_MAKE)
+ 
+ install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+@@ -120,7 +120,7 @@
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+-       @target=install; $(RECURSIVE_MAKE)
+       +@target=install; $(RECURSIVE_MAKE)
+ 
+ lint:
+        @target=lint; $(RECURSIVE_MAKE)
+--- openssl-1.0.2g/engines/Makefile
+++ openssl-1.0.2g/engines/Makefile
+@@ -72,7 +72,7 @@
+ 
+ all:   lib subdirs
+ 
+-lib:   $(LIBOBJ)
+lib:   $(LIBOBJ) | subdirs
+        @if [ -n "$(SHARED_LIBS)" ]; then \
+                set -e; \
+                for l in $(LIBNAMES); do \
+@@ -89,7 +89,7 @@
+ 
+ subdirs:
+        echo $(EDIRS)
+-       @target=all; $(RECURSIVE_MAKE)
+       +@target=all; $(RECURSIVE_MAKE)
+ 
+ files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+@@ -128,7 +128,7 @@
+                          mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
+                done; \
+        fi
+-       @target=install; $(RECURSIVE_MAKE)
+       +@target=install; $(RECURSIVE_MAKE)
+ 
+ tags:
+        ctags $(SRC)
+--- openssl-1.0.2g/Makefile.org
+++ openssl-1.0.2g/Makefile.org
+@@ -279,17 +279,17 @@
+ build_libssl: build_ssl libssl.pc
+ 
+ build_crypto:
+-       @dir=crypto; target=all; $(BUILD_ONE_CMD)
+       +@dir=crypto; target=all; $(BUILD_ONE_CMD)
+ build_ssl: build_crypto
+-       @dir=ssl; target=all; $(BUILD_ONE_CMD)
+       +@dir=ssl; target=all; $(BUILD_ONE_CMD)
+ build_engines: build_crypto
+-       @dir=engines; target=all; $(BUILD_ONE_CMD)
+       +@dir=engines; target=all; $(BUILD_ONE_CMD)
+ build_apps: build_libs
+-       @dir=apps; target=all; $(BUILD_ONE_CMD)
+       +@dir=apps; target=all; $(BUILD_ONE_CMD)
+ build_tests: build_libs
+-       @dir=test; target=all; $(BUILD_ONE_CMD)
+       +@dir=test; target=all; $(BUILD_ONE_CMD)
+ build_tools: build_libs
+-       @dir=tools; target=all; $(BUILD_ONE_CMD)
+       +@dir=tools; target=all; $(BUILD_ONE_CMD)
+ 
+ all_testapps: build_libs build_testapps
+ build_testapps:
+@@ -544,7 +544,7 @@
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+-       @set -e; target=install; $(RECURSIVE_BUILD_CMD)
+       +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
+        @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+        do \
+                if [ -f "$$i" ]; then \
+--- openssl-1.0.2g/Makefile.shared
+++ openssl-1.0.2g/Makefile.shared
+@@ -105,6 +105,7 @@
+     SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+    [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
+     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+     $${SHAREDCMD} $${SHAREDFLAGS} \
+        -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+@@ -122,6 +123,7 @@
+                        done; \
+                fi; \
+                if [ -n "$$SHLIB_SOVER" ]; then \
+                       [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
+                        ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
+                          ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
+                fi; \
+--- openssl-1.0.2g/test/Makefile
+++ openssl-1.0.2g/test/Makefile
+@@ -139,7 +139,7 @@
+ tags:
+        ctags $(SRC)
+ 
+-tests: exe apps $(TESTS)
+tests: exe $(TESTS)
+ 
+ apps:
+        @(cd ..; $(MAKE) DIRS=apps all)
+@@ -421,130 +421,130 @@
+                link_app.$${shlib_target}
+ 
+ $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
+-       @target=$(RSATEST); $(BUILD_CMD)
+       +@target=$(RSATEST); $(BUILD_CMD)
+ 
+ $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
+-       @target=$(BNTEST); $(BUILD_CMD)
+       +@target=$(BNTEST); $(BUILD_CMD)
+ 
+ $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
+-       @target=$(ECTEST); $(BUILD_CMD)
+       +@target=$(ECTEST); $(BUILD_CMD)
+ 
+ $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
+-       @target=$(EXPTEST); $(BUILD_CMD)
+       +@target=$(EXPTEST); $(BUILD_CMD)
+ 
+ $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
+-       @target=$(IDEATEST); $(BUILD_CMD)
+       +@target=$(IDEATEST); $(BUILD_CMD)
+ 
+ $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
+-       @target=$(MD2TEST); $(BUILD_CMD)
+       +@target=$(MD2TEST); $(BUILD_CMD)
+ 
+ $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
+-       @target=$(SHATEST); $(BUILD_CMD)
+       +@target=$(SHATEST); $(BUILD_CMD)
+ 
+ $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
+-       @target=$(SHA1TEST); $(BUILD_CMD)
+       +@target=$(SHA1TEST); $(BUILD_CMD)
+ 
+ $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
+-       @target=$(SHA256TEST); $(BUILD_CMD)
+       +@target=$(SHA256TEST); $(BUILD_CMD)
+ 
+ $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
+-       @target=$(SHA512TEST); $(BUILD_CMD)
+       +@target=$(SHA512TEST); $(BUILD_CMD)
+ 
+ $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
+-       @target=$(RMDTEST); $(BUILD_CMD)
+       +@target=$(RMDTEST); $(BUILD_CMD)
+ 
+ $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
+-       @target=$(MDC2TEST); $(BUILD_CMD)
+       +@target=$(MDC2TEST); $(BUILD_CMD)
+ 
+ $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
+-       @target=$(MD4TEST); $(BUILD_CMD)
+       +@target=$(MD4TEST); $(BUILD_CMD)
+ 
+ $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
+-       @target=$(MD5TEST); $(BUILD_CMD)
+       +@target=$(MD5TEST); $(BUILD_CMD)
+ 
+ $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
+-       @target=$(HMACTEST); $(BUILD_CMD)
+       +@target=$(HMACTEST); $(BUILD_CMD)
+ 
+ $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
+-       @target=$(WPTEST); $(BUILD_CMD)
+       +@target=$(WPTEST); $(BUILD_CMD)
+ 
+ $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
+-       @target=$(RC2TEST); $(BUILD_CMD)
+       +@target=$(RC2TEST); $(BUILD_CMD)
+ 
+ $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
+-       @target=$(BFTEST); $(BUILD_CMD)
+       +@target=$(BFTEST); $(BUILD_CMD)
+ 
+ $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
+-       @target=$(CASTTEST); $(BUILD_CMD)
+       +@target=$(CASTTEST); $(BUILD_CMD)
+ 
+ $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
+-       @target=$(RC4TEST); $(BUILD_CMD)
+       +@target=$(RC4TEST); $(BUILD_CMD)
+ 
+ $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
+-       @target=$(RC5TEST); $(BUILD_CMD)
+       +@target=$(RC5TEST); $(BUILD_CMD)
+ 
+ $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
+-       @target=$(DESTEST); $(BUILD_CMD)
+       +@target=$(DESTEST); $(BUILD_CMD)
+ 
+ $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
+-       @target=$(RANDTEST); $(BUILD_CMD)
+       +@target=$(RANDTEST); $(BUILD_CMD)
+ 
+ $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
+-       @target=$(DHTEST); $(BUILD_CMD)
+       +@target=$(DHTEST); $(BUILD_CMD)
+ 
+ $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
+-       @target=$(DSATEST); $(BUILD_CMD)
+       +@target=$(DSATEST); $(BUILD_CMD)
+ 
+ $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
+-       @target=$(METHTEST); $(BUILD_CMD)
+       +@target=$(METHTEST); $(BUILD_CMD)
+ 
+ $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+-       @target=$(SSLTEST); $(FIPS_BUILD_CMD)
+       +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
+ 
+ $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
+-       @target=$(ENGINETEST); $(BUILD_CMD)
+       +@target=$(ENGINETEST); $(BUILD_CMD)
+ 
+ $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
+-       @target=$(EVPTEST); $(BUILD_CMD)
+       +@target=$(EVPTEST); $(BUILD_CMD)
+ 
+ $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
+-       @target=$(EVPEXTRATEST); $(BUILD_CMD)
+       +@target=$(EVPEXTRATEST); $(BUILD_CMD)
+ 
+ $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
+-       @target=$(ECDSATEST); $(BUILD_CMD)
+       +@target=$(ECDSATEST); $(BUILD_CMD)
+ 
+ $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
+-       @target=$(ECDHTEST); $(BUILD_CMD)
+       +@target=$(ECDHTEST); $(BUILD_CMD)
+ 
+ $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
+-       @target=$(IGETEST); $(BUILD_CMD)
+       +@target=$(IGETEST); $(BUILD_CMD)
+ 
+ $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
+-       @target=$(JPAKETEST); $(BUILD_CMD)
+       +@target=$(JPAKETEST); $(BUILD_CMD)
+ 
+ $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
+-       @target=$(ASN1TEST); $(BUILD_CMD)
+       +@target=$(ASN1TEST); $(BUILD_CMD)
+ 
+ $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
+-       @target=$(SRPTEST); $(BUILD_CMD)
+       +@target=$(SRPTEST); $(BUILD_CMD)
+ 
+ $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
+-       @target=$(V3NAMETEST); $(BUILD_CMD)
+       +@target=$(V3NAMETEST); $(BUILD_CMD)
+ 
+ $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
+-       @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
+       +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
+ 
+ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
+-       @target=$(CONSTTIMETEST) $(BUILD_CMD)
+       +@target=$(CONSTTIMETEST) $(BUILD_CMD)
+ 
+ $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o
+-       @target=$(VERIFYEXTRATEST) $(BUILD_CMD)
+       +@target=$(VERIFYEXTRATEST) $(BUILD_CMD)
+ 
+ $(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o
+-       @target=$(CLIENTHELLOTEST) $(BUILD_CMD)
+       +@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
+ 
+ $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
+-       @target=$(SSLV2CONFTEST) $(BUILD_CMD)
+       +@target=$(SSLV2CONFTEST) $(BUILD_CMD)
+ 
+ #$(AESTEST).o: $(AESTEST).c
+ #      $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
+@@ -557,7 +557,7 @@
+ #      fi
+ 
+ dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
+-       @target=dummytest; $(BUILD_CMD)
+       +@target=dummytest; $(BUILD_CMD)
+ 
+ # DO NOT DELETE THIS LINE -- make depend depends on it.
+ 
+\ No newline at end of file
diff --git a/recipes-connectivity/openssl/openssl-qoriq/ptest-deps.patch b/recipes-connectivity/openssl/openssl-qoriq/ptest-deps.patch
new file mode 100644
index 000000000..ef6d17934
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/ptest-deps.patch
@@ -0,0 +1,34 @@
+Remove Makefile dependencies for test targets
+These are probably here because the executables aren't always built for
+other platforms (e.g. Windows); however we can safely assume they'll
+always be there. None of the other test targets have such dependencies
+and if we don't remove them, make tries to rebuild the executables and
+fails during run-ptest.
+Upstream-Status: Inappropriate [config]
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+Index: openssl-1.0.2/test/Makefile
+===================================================================
+--- openssl-1.0.2.orig/test/Makefile
+++ openssl-1.0.2/test/Makefile
+@@ -330,7 +330,7 @@ test_cms: ../apps/openssl$(EXE_EXT) cms-
+        @echo "CMS consistency test"
+        $(PERL) cms-test.pl
+ 
+-test_srp: $(SRPTEST)$(EXE_EXT)
+test_srp:
+        @echo "Test SRP"
+        ../util/shlib_wrap.sh ./srptest
+ 
+@@ -342,7 +342,7 @@ test_v3name: $(V3NAMETEST)$(EXE_EXT)
+        @echo "Test X509v3_check_*"
+        ../util/shlib_wrap.sh ./$(V3NAMETEST)
+ 
+-test_heartbeat: $(HEARTBEATTEST)$(EXE_EXT)
+test_heartbeat:
+        ../util/shlib_wrap.sh ./$(HEARTBEATTEST)
+ 
+ test_constant_time: $(CONSTTIMETEST)$(EXE_EXT)
diff --git a/recipes-connectivity/openssl/openssl-qoriq/ptest_makefile_deps.patch b/recipes-connectivity/openssl/openssl-qoriq/ptest_makefile_deps.patch
new file mode 100644
index 000000000..4202e61d1
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/ptest_makefile_deps.patch
@@ -0,0 +1,248 @@
+Additional Makefile dependencies removal for test targets
+Removing the dependency check for test targets as these tests are
+causing a number of failures and "noise" during ptest execution.
+Upstream-Status: Inappropriate [config]
+Signed-off-by: Maxin B. John <maxin.john@intel.com>
+diff -Naur openssl-1.0.2d-orig/test/Makefile openssl-1.0.2d/test/Makefile
+--- openssl-1.0.2d-orig/test/Makefile   2015-09-28 12:50:41.530022979 +0300
+++ openssl-1.0.2d/test/Makefile        2015-09-28 12:57:45.930717240 +0300
+@@ -155,67 +155,67 @@
+        ( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \
+        done)
+ 
+-test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
+test_evp:
+        ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
+ 
+-test_evp_extra: $(EVPEXTRATEST)$(EXE_EXT)
+test_evp_extra:
+        ../util/shlib_wrap.sh ./$(EVPEXTRATEST)
+ 
+-test_des: $(DESTEST)$(EXE_EXT)
+test_des:
+        ../util/shlib_wrap.sh ./$(DESTEST)
+ 
+-test_idea: $(IDEATEST)$(EXE_EXT)
+test_idea:
+        ../util/shlib_wrap.sh ./$(IDEATEST)
+ 
+-test_sha: $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT)
+test_sha:
+        ../util/shlib_wrap.sh ./$(SHATEST)
+        ../util/shlib_wrap.sh ./$(SHA1TEST)
+        ../util/shlib_wrap.sh ./$(SHA256TEST)
+        ../util/shlib_wrap.sh ./$(SHA512TEST)
+ 
+-test_mdc2: $(MDC2TEST)$(EXE_EXT)
+test_mdc2:
+        ../util/shlib_wrap.sh ./$(MDC2TEST)
+ 
+-test_md5: $(MD5TEST)$(EXE_EXT)
+test_md5:
+        ../util/shlib_wrap.sh ./$(MD5TEST)
+ 
+-test_md4: $(MD4TEST)$(EXE_EXT)
+test_md4:
+        ../util/shlib_wrap.sh ./$(MD4TEST)
+ 
+-test_hmac: $(HMACTEST)$(EXE_EXT)
+test_hmac:
+        ../util/shlib_wrap.sh ./$(HMACTEST)
+ 
+-test_wp: $(WPTEST)$(EXE_EXT)
+test_wp:
+        ../util/shlib_wrap.sh ./$(WPTEST)
+ 
+-test_md2: $(MD2TEST)$(EXE_EXT)
+test_md2:
+        ../util/shlib_wrap.sh ./$(MD2TEST)
+ 
+-test_rmd: $(RMDTEST)$(EXE_EXT)
+test_rmd:
+        ../util/shlib_wrap.sh ./$(RMDTEST)
+ 
+-test_bf: $(BFTEST)$(EXE_EXT)
+test_bf:
+        ../util/shlib_wrap.sh ./$(BFTEST)
+ 
+-test_cast: $(CASTTEST)$(EXE_EXT)
+test_cast:
+        ../util/shlib_wrap.sh ./$(CASTTEST)
+ 
+-test_rc2: $(RC2TEST)$(EXE_EXT)
+test_rc2:
+        ../util/shlib_wrap.sh ./$(RC2TEST)
+ 
+-test_rc4: $(RC4TEST)$(EXE_EXT)
+test_rc4:
+        ../util/shlib_wrap.sh ./$(RC4TEST)
+ 
+-test_rc5: $(RC5TEST)$(EXE_EXT)
+test_rc5:
+        ../util/shlib_wrap.sh ./$(RC5TEST)
+ 
+-test_rand: $(RANDTEST)$(EXE_EXT)
+test_rand:
+        ../util/shlib_wrap.sh ./$(RANDTEST)
+ 
+-test_enc: ../apps/openssl$(EXE_EXT) testenc
+test_enc:
+        @sh ./testenc
+ 
+-test_x509: ../apps/openssl$(EXE_EXT) tx509 testx509.pem v3-cert1.pem v3-cert2.pem
+test_x509:
+        echo test normal x509v1 certificate
+        sh ./tx509 2>/dev/null
+        echo test first x509v3 certificate
+@@ -223,25 +223,25 @@
+        echo test second x509v3 certificate
+        sh ./tx509 v3-cert2.pem 2>/dev/null
+ 
+-test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem
+test_rsa:
+        @sh ./trsa 2>/dev/null
+        ../util/shlib_wrap.sh ./$(RSATEST)
+ 
+-test_crl: ../apps/openssl$(EXE_EXT) tcrl testcrl.pem
+test_crl:
+        @sh ./tcrl 2>/dev/null
+ 
+-test_sid: ../apps/openssl$(EXE_EXT) tsid testsid.pem
+test_sid:
+        @sh ./tsid 2>/dev/null
+ 
+-test_req: ../apps/openssl$(EXE_EXT) treq testreq.pem testreq2.pem
+test_req:
+        @sh ./treq 2>/dev/null
+        @sh ./treq testreq2.pem 2>/dev/null
+ 
+-test_pkcs7: ../apps/openssl$(EXE_EXT) tpkcs7 tpkcs7d testp7.pem pkcs7-1.pem
+test_pkcs7:
+        @sh ./tpkcs7 2>/dev/null
+        @sh ./tpkcs7d 2>/dev/null
+ 
+-test_bn: $(BNTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) bctest
+test_bn:
+        @echo starting big number library test, could take a while...
+        @../util/shlib_wrap.sh ./$(BNTEST) >tmp.bntest
+        @echo quit >>tmp.bntest
+@@ -250,33 +250,33 @@
+        @echo 'test a^b%c implementations'
+        ../util/shlib_wrap.sh ./$(EXPTEST)
+ 
+-test_ec: $(ECTEST)$(EXE_EXT)
+test_ec:
+        @echo 'test elliptic curves'
+        ../util/shlib_wrap.sh ./$(ECTEST)
+ 
+-test_ecdsa: $(ECDSATEST)$(EXE_EXT)
+test_ecdsa:
+        @echo 'test ecdsa'
+        ../util/shlib_wrap.sh ./$(ECDSATEST)
+ 
+-test_ecdh: $(ECDHTEST)$(EXE_EXT)
+test_ecdh:
+        @echo 'test ecdh'
+        ../util/shlib_wrap.sh ./$(ECDHTEST)
+ 
+-test_verify: ../apps/openssl$(EXE_EXT)
+test_verify:
+        @echo "The following command should have some OK's and some failures"
+        @echo "There are definitly a few expired certificates"
+        ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem
+ 
+-test_dh: $(DHTEST)$(EXE_EXT)
+test_dh:
+        @echo "Generate a set of DH parameters"
+        ../util/shlib_wrap.sh ./$(DHTEST)
+ 
+-test_dsa: $(DSATEST)$(EXE_EXT)
+test_dsa:
+        @echo "Generate a set of DSA parameters"
+        ../util/shlib_wrap.sh ./$(DSATEST)
+        ../util/shlib_wrap.sh ./$(DSATEST) -app2_1
+ 
+-test_gen testreq.pem: ../apps/openssl$(EXE_EXT) testgen test.cnf
+test_gen testreq.pem:
+        @echo "Generate and verify a certificate request"
+        @sh ./testgen
+ 
+@@ -288,13 +288,11 @@
+        @cat certCA.ss certU.ss > intP1.ss
+        @cat certCA.ss certU.ss certP1.ss > intP2.ss
+ 
+-test_engine:  $(ENGINETEST)$(EXE_EXT)
+test_engine:
+        @echo "Manipulate the ENGINE structures"
+        ../util/shlib_wrap.sh ./$(ENGINETEST)
+ 
+-test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \
+-               intP1.ss intP2.ss $(SSLTEST)$(EXE_EXT) testssl testsslproxy \
+-               ../apps/server2.pem serverinfo.pem
+test_ssl:
+        @echo "test SSL protocol"
+        @if [ -n "$(FIPSCANLIB)" ]; then \
+          sh ./testfipsssl keyU.ss certU.ss certCA.ss; \
+@@ -304,7 +302,7 @@
+        @sh ./testsslproxy keyP1.ss certP1.ss intP1.ss
+        @sh ./testsslproxy keyP2.ss certP2.ss intP2.ss
+ 
+-test_ca: ../apps/openssl$(EXE_EXT) testca CAss.cnf Uss.cnf
+test_ca:
+        @if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \
+          echo "skipping CA.sh test -- requires RSA"; \
+        else \
+@@ -312,11 +310,11 @@
+          sh ./testca; \
+        fi
+ 
+-test_aes: #$(AESTEST)
+test_aes:
+ #      @echo "test Rijndael"
+ #      ../util/shlib_wrap.sh ./$(AESTEST)
+ 
+-test_tsa: ../apps/openssl$(EXE_EXT) testtsa CAtsa.cnf ../util/shlib_wrap.sh
+test_tsa:
+        @if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \
+          echo "skipping testtsa test -- requires RSA"; \
+        else \
+@@ -331,7 +329,7 @@
+        @echo "Test JPAKE"
+        ../util/shlib_wrap.sh ./$(JPAKETEST)
+ 
+-test_cms: ../apps/openssl$(EXE_EXT) cms-test.pl smcont.txt
+test_cms:
+        @echo "CMS consistency test"
+        $(PERL) cms-test.pl
+ 
+@@ -339,22 +337,22 @@
+        @echo "Test SRP"
+        ../util/shlib_wrap.sh ./srptest
+ 
+-test_ocsp: ../apps/openssl$(EXE_EXT) tocsp
+test_ocsp:
+        @echo "Test OCSP"
+        @sh ./tocsp
+ 
+-test_v3name: $(V3NAMETEST)$(EXE_EXT)
+test_v3name:
+        @echo "Test X509v3_check_*"
+        ../util/shlib_wrap.sh ./$(V3NAMETEST)
+ 
+ test_heartbeat:
+        ../util/shlib_wrap.sh ./$(HEARTBEATTEST)
+ 
+-test_constant_time: $(CONSTTIMETEST)$(EXE_EXT)
+test_constant_time:
+        @echo "Test constant time utilites"
+        ../util/shlib_wrap.sh ./$(CONSTTIMETEST)
+ 
+-test_verify_extra: $(VERIFYEXTRATEST)$(EXE_EXT)
+test_verify_extra:
+        @echo $(START) $@
+        ../util/shlib_wrap.sh ./$(VERIFYEXTRATEST)
+ 
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch
index e7b874f5f..5e99d912b 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch
@@ -1,7 +1,7 @@
-From 9297e3834518ff0558d6e7004a62adfd107e659a Mon Sep 17 00:00:00 2001
+From 45e4b0835ad965cf9cc813a31df354f1e6d14513 Mon Sep 17 00:00:00 2001
 From: Cristian Stoica <cristian.stoica@freescale.com>
 Date: Tue, 10 Sep 2013 12:46:46 +0300
-Subject: [PATCH 01/26] remove double initialization of cryptodev engine
+Subject: [PATCH 01/48] remove double initialization of cryptodev engine
 cryptodev engine is initialized together with the other engines in
 ENGINE_load_builtin_engines. The initialization done through
@@ -11,65 +11,66 @@ Change-Id: Ic9488500967595543ff846f147b36f383db7cb27
 Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
 Reviewed-on: http://git.am.freescale.net:8181/17222
 ---
- crypto/engine/eng_all.c | 11 -----------
+ crypto/engine/eng_all.c | 12 ------------
 crypto/engine/engine.h  |  4 ----
 crypto/evp/c_all.c      |  5 -----
 util/libeay.num         |  2 +-
- 4 files changed, 1 insertion(+), 21 deletions(-)
+ 4 files changed, 1 insertion(+), 22 deletions(-)
 diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
-index 6093376..f16c043 100644
+index 48ad0d2..a198c5f 100644
 --- a/crypto/engine/eng_all.c
 +++ b/crypto/engine/eng_all.c
-@@ -122,14 +122,3 @@ void ENGINE_load_builtin_engines(void)
+@@ -122,15 +122,3 @@ void ENGINE_load_builtin_engines(void)
 #endif
-        ENGINE_register_all_complete();
+     ENGINE_register_all_complete();
-        }
+ }
 -
 -#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
-void ENGINE_setup_bsd_cryptodev(void) {
+-void ENGINE_setup_bsd_cryptodev(void)
-       static int bsd_cryptodev_default_loaded = 0;
+-{
-       if (!bsd_cryptodev_default_loaded) {
+-    static int bsd_cryptodev_default_loaded = 0;
-               ENGINE_load_cryptodev();
+-    if (!bsd_cryptodev_default_loaded) {
-               ENGINE_register_all_complete();
+-        ENGINE_load_cryptodev();
-       }
+-        ENGINE_register_all_complete();
-       bsd_cryptodev_default_loaded=1;
+-    }
+-    bsd_cryptodev_default_loaded = 1;
 -}
 -#endif
 diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
-index f8be497..237a6c9 100644
+index bd7b591..020d912 100644
 --- a/crypto/engine/engine.h
 +++ b/crypto/engine/engine.h
-@@ -740,10 +740,6 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
+@@ -857,10 +857,6 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id,
-  * values. */
+  */
 void *ENGINE_get_static_state(void);
 
-#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
+-# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
 -void ENGINE_setup_bsd_cryptodev(void);
-#endif
+-# endif
 -
 /* BEGIN ERROR CODES */
- /* The following lines are auto generated by the script mkerr.pl. Any changes
+ /*
-  * made after this point may be overwritten when the script is next run.
+  * The following lines are auto generated by the script mkerr.pl. Any changes
 diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c
-index 766c4ce..5d6c21b 100644
+index a3ed00d..719e34d 100644
 --- a/crypto/evp/c_all.c
 +++ b/crypto/evp/c_all.c
 @@ -82,9 +82,4 @@ void OPENSSL_add_all_algorithms_noconf(void)
-        OPENSSL_cpuid_setup();
+     OPENSSL_cpuid_setup();
-        OpenSSL_add_all_ciphers();
+     OpenSSL_add_all_ciphers();
-        OpenSSL_add_all_digests();
+     OpenSSL_add_all_digests();
 -#ifndef OPENSSL_NO_ENGINE
 -# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
-       ENGINE_setup_bsd_cryptodev();
+-    ENGINE_setup_bsd_cryptodev();
 -# endif
 -#endif
-        }
+ }
 diff --git a/util/libeay.num b/util/libeay.num
-index aa86b2b..ae50040 100755
+index 2094ab3..2742cf5 100755
 --- a/util/libeay.num
 +++ b/util/libeay.num
-@@ -2801,7 +2801,7 @@ BIO_indent                              3242      EXIST::FUNCTION:
+@@ -2805,7 +2805,7 @@ BIO_indent                              3242      EXIST::FUNCTION:
 BUF_strlcpy                             3243   EXIST::FUNCTION:
 OpenSSLDie                              3244   EXIST::FUNCTION:
 OPENSSL_cleanse                         3245   EXIST::FUNCTION:
@@ -79,5 +80,5 @@ index aa86b2b..ae50040 100755
 EVP_aes_128_cfb8                        3248   EXIST::FUNCTION:AES
 FIPS_corrupt_rsa                        3249   NOEXIST::FUNCTION:
 -- 
-2.3.5
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
index ab2b7ea91..d59078928 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
@@ -1,7 +1,7 @@
-From dfd6ba263dc25ea2a4bbc32448b24ca2b1fc40e8 Mon Sep 17 00:00:00 2001
+From e7c630f8417b6f4e1bf2466e545ffe04af2eff00 Mon Sep 17 00:00:00 2001
 From: Cristian Stoica <cristian.stoica@freescale.com>
 Date: Thu, 29 Aug 2013 16:51:18 +0300
-Subject: [PATCH 02/26] eng_cryptodev: add support for TLS algorithms offload
+Subject: [PATCH 02/48] eng_cryptodev: add support for TLS algorithms offload
 - aes-128-cbc-hmac-sha1
 - aes-256-cbc-hmac-sha1
@@ -9,309 +9,335 @@ Subject: [PATCH 02/26] eng_cryptodev: add support for TLS algorithms offload
 Requires TLS patches on cryptodev and TLS algorithm support in Linux
 kernel driver.
-Change-Id: I43048caa348414daddd6c1a5cdc55e769ac1945f
 Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/17223
 ---
- crypto/engine/eng_cryptodev.c | 222 +++++++++++++++++++++++++++++++++++++++---
+ crypto/engine/eng_cryptodev.c | 226 ++++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 211 insertions(+), 11 deletions(-)
+ 1 file changed, 215 insertions(+), 11 deletions(-)
 diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 5a715ac..7588a28 100644
+index 8fb9c33..4d783d4 100644
 --- a/crypto/engine/eng_cryptodev.c
 +++ b/crypto/engine/eng_cryptodev.c
-@@ -72,6 +72,9 @@ ENGINE_load_cryptodev(void)
+@@ -71,6 +71,9 @@ void ENGINE_load_cryptodev(void)
 struct dev_crypto_state {
-        struct session_op d_sess;
+     struct session_op d_sess;
-        int d_fd;
+     int d_fd;
-+       unsigned char *aad;
+    unsigned char *aad;
-+       unsigned int aad_len;
+    unsigned int aad_len;
-+       unsigned int len;
+    unsigned int len;
- 
+ # ifdef USE_CRYPTODEV_DIGESTS
- #ifdef USE_CRYPTODEV_DIGESTS
+     char dummy_mac_key[HASH_MAX_LEN];
-        char dummy_mac_key[HASH_MAX_LEN];
+     unsigned char digest_res[HASH_MAX_LEN];
-@@ -140,17 +143,20 @@ static struct {
+@@ -141,24 +144,25 @@ static struct {
-        int     nid;
+     int nid;
-        int     ivmax;
+     int ivmax;
-        int     keylen;
+     int keylen;
-+       int     mackeylen;
+    int mackeylen;
 } ciphers[] = {
-       { CRYPTO_ARC4,                  NID_rc4,                0,      16, },
+     {
-       { CRYPTO_DES_CBC,               NID_des_cbc,            8,       8, },
+-        CRYPTO_ARC4, NID_rc4, 0, 16,
-       { CRYPTO_3DES_CBC,              NID_des_ede3_cbc,       8,      24, },
+        CRYPTO_ARC4, NID_rc4, 0, 16, 0
-       { CRYPTO_AES_CBC,               NID_aes_128_cbc,        16,     16, },
+     },
-       { CRYPTO_AES_CBC,               NID_aes_192_cbc,        16,     24, },
+     {
-       { CRYPTO_AES_CBC,               NID_aes_256_cbc,        16,     32, },
+-        CRYPTO_DES_CBC, NID_des_cbc, 8, 8,
-       { CRYPTO_BLF_CBC,               NID_bf_cbc,             8,      16, },
+        CRYPTO_DES_CBC, NID_des_cbc, 8, 8, 0
-       { CRYPTO_CAST_CBC,              NID_cast5_cbc,          8,      16, },
+     },
-       { CRYPTO_SKIPJACK_CBC,          NID_undef,              0,       0, },
+     {
-       { 0,                            NID_undef,              0,       0, },
+-        CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24,
-+       { CRYPTO_ARC4,          NID_rc4,          0,  16, 0},
+        CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, 0
-+       { CRYPTO_DES_CBC,       NID_des_cbc,      8,  8,  0},
+     },
-+       { CRYPTO_3DES_CBC,      NID_des_ede3_cbc, 8,  24, 0},
+     {
-+       { CRYPTO_AES_CBC,       NID_aes_128_cbc,  16, 16, 0},
+-        CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16,
-+       { CRYPTO_AES_CBC,       NID_aes_192_cbc,  16, 24, 0},
+        CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, 0
-+       { CRYPTO_AES_CBC,       NID_aes_256_cbc,  16, 32, 0},
+     },
-+       { CRYPTO_BLF_CBC,       NID_bf_cbc,       8,  16, 0},
+     {
-+       { CRYPTO_CAST_CBC,      NID_cast5_cbc,    8,  16, 0},
+-        CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24,
-+       { CRYPTO_SKIPJACK_CBC,  NID_undef,        0,  0,  0},
+        CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, 0
-+       { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
+     },
-+       { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
+     {
-+       { 0, NID_undef, 0, 0, 0},
+-        CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32,
+        CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, 0
+     },
+ # ifdef CRYPTO_AES_CTR
+     {
+@@ -172,16 +176,22 @@ static struct {
+     },
+ # endif
+     {
+-        CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16,
+        CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, 0
+     },
+     {
+-        CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16,
+        CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0
+     },
+     {
+-        CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0,
+        CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0
+     },
+     {
+-        0, NID_undef, 0, 0,
+        CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20
+    },
+    {
+        CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20
+    },
+    {
+        0, NID_undef, 0, 0, 0
+     },
 };
 
- #ifdef USE_CRYPTODEV_DIGESTS
+@@ -295,13 +305,15 @@ static int get_cryptodev_ciphers(const int **cnids)
-@@ -250,13 +256,15 @@ get_cryptodev_ciphers(const int **cnids)
+     }
-        }
+     memset(&sess, 0, sizeof(sess));
-        memset(&sess, 0, sizeof(sess));
+     sess.key = (caddr_t) "123456789abcdefghijklmno";
-        sess.key = (caddr_t)"123456789abcdefghijklmno";
+    sess.mackey = (caddr_t) "123456789ABCDEFGHIJKLMNO";
-+       sess.mackey = (caddr_t)"123456789ABCDEFGHIJKLMNO";
 
-        for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+     for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
-                if (ciphers[i].nid == NID_undef)
+         if (ciphers[i].nid == NID_undef)
-                        continue;
+             continue;
-                sess.cipher = ciphers[i].id;
+         sess.cipher = ciphers[i].id;
-                sess.keylen = ciphers[i].keylen;
+         sess.keylen = ciphers[i].keylen;
-               sess.mac = 0;
+-        sess.mac = 0;
-+               sess.mackeylen = ciphers[i].mackeylen;
+        sess.mackeylen = ciphers[i].mackeylen;
 +
-                if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+         if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
-                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+             ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
-                        nids[count++] = ciphers[i].nid;
+             nids[count++] = ciphers[i].nid;
-@@ -414,6 +422,67 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+@@ -457,6 +469,66 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        return (1);
+     return (1);
 }
 
-+
 +static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+               const unsigned char *in, size_t len)
+                                 const unsigned char *in, size_t len)
 +{
-+       struct crypt_auth_op cryp;
+    struct crypt_auth_op cryp;
-+       struct dev_crypto_state *state = ctx->cipher_data;
+    struct dev_crypto_state *state = ctx->cipher_data;
-+       struct session_op *sess = &state->d_sess;
+    struct session_op *sess = &state->d_sess;
-+       const void *iiv;
+    const void *iiv;
-+       unsigned char save_iv[EVP_MAX_IV_LENGTH];
+    unsigned char save_iv[EVP_MAX_IV_LENGTH];
 +
-+       if (state->d_fd < 0)
+    if (state->d_fd < 0)
-+               return (0);
+        return (0);
-+       if (!len)
+    if (!len)
-+               return (1);
+        return (1);
-+       if ((len % ctx->cipher->block_size) != 0)
+    if ((len % ctx->cipher->block_size) != 0)
-+               return (0);
+        return (0);
 +
-+       memset(&cryp, 0, sizeof(cryp));
+    memset(&cryp, 0, sizeof(cryp));
 +
-+       /* TODO: make a seamless integration with cryptodev flags */
+    /* TODO: make a seamless integration with cryptodev flags */
-+       switch (ctx->cipher->nid) {
+    switch (ctx->cipher->nid) {
-+       case NID_aes_128_cbc_hmac_sha1:
+    case NID_aes_128_cbc_hmac_sha1:
-+       case NID_aes_256_cbc_hmac_sha1:
+    case NID_aes_256_cbc_hmac_sha1:
-+               cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
+        cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
-+       }
+    }
-+       cryp.ses = sess->ses;
+    cryp.ses = sess->ses;
-+       cryp.len = state->len;
+    cryp.len = state->len;
-+       cryp.src = (caddr_t) in;
+    cryp.src = (caddr_t) in;
-+       cryp.dst = (caddr_t) out;
+    cryp.dst = (caddr_t) out;
-+       cryp.auth_src = state->aad;
+    cryp.auth_src = state->aad;
-+       cryp.auth_len = state->aad_len;
+    cryp.auth_len = state->aad_len;
 +
-+       cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+    cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
 +
-+       if (ctx->cipher->iv_len) {
+    if (ctx->cipher->iv_len) {
-+               cryp.iv = (caddr_t) ctx->iv;
+        cryp.iv = (caddr_t) ctx->iv;
-+               if (!ctx->encrypt) {
+        if (!ctx->encrypt) {
-+                       iiv = in + len - ctx->cipher->iv_len;
+            iiv = in + len - ctx->cipher->iv_len;
-+                       memcpy(save_iv, iiv, ctx->cipher->iv_len);
+            memcpy(save_iv, iiv, ctx->cipher->iv_len);
-+               }
+        }
-+       } else
+    } else
-+               cryp.iv = NULL;
+        cryp.iv = NULL;
 +
-+       if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
+    if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
-+               /* XXX need better errror handling
+        /*
-+                * this can fail for a number of different reasons.
+         * XXX need better errror handling this can fail for a number of
-+                */
+         * different reasons.
-+               return (0);
+         */
-+       }
+        return (0);
+    }
 +
-+       if (ctx->cipher->iv_len) {
+    if (ctx->cipher->iv_len) {
-+               if (ctx->encrypt)
+        if (ctx->encrypt)
-+                       iiv = out + len - ctx->cipher->iv_len;
+            iiv = out + len - ctx->cipher->iv_len;
-+               else
+        else
-+                       iiv = save_iv;
+            iiv = save_iv;
-+               memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
+        memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
-+       }
+    }
-+       return (1);
+    return (1);
 +}
 +
-+
 static int
 cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-     const unsigned char *iv, int enc)
+                    const unsigned char *iv, int enc)
-@@ -452,6 +521,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+@@ -496,6 +568,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-        return (1);
 }
 
-+/* Save the encryption key provided by upper layers.
+ /*
-+ *
+ * Save the encryption key provided by upper layers. This function is called
-+ * This function is called by EVP_CipherInit_ex to initialize the algorithm's
+ * by EVP_CipherInit_ex to initialize the algorithm's extra data. We can't do
-+ * extra data. We can't do much here because the mac key is not available.
+ * much here because the mac key is not available. The next call should/will
-+ * The next call should/will be to cryptodev_cbc_hmac_sha1_ctrl with parameter
+ * be to cryptodev_cbc_hmac_sha1_ctrl with parameter
 + * EVP_CTRL_AEAD_SET_MAC_KEY, to set the hmac key. There we call CIOCGSESSION
 + * with both the crypto and hmac keys.
 + */
 +static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx,
-+               const unsigned char *key, const unsigned char *iv, int enc)
+                                   const unsigned char *key,
+                                   const unsigned char *iv, int enc)
 +{
-+       struct dev_crypto_state *state = ctx->cipher_data;
+    struct dev_crypto_state *state = ctx->cipher_data;
-+       struct session_op *sess = &state->d_sess;
+    struct session_op *sess = &state->d_sess;
-+       int cipher = -1, i;
+    int cipher = -1, i;
 +
-+       for (i = 0; ciphers[i].id; i++)
+    for (i = 0; ciphers[i].id; i++)
-+               if (ctx->cipher->nid == ciphers[i].nid &&
+        if (ctx->cipher->nid == ciphers[i].nid &&
-+                   ctx->cipher->iv_len <= ciphers[i].ivmax &&
+            ctx->cipher->iv_len <= ciphers[i].ivmax &&
-+                   ctx->key_len == ciphers[i].keylen) {
+            ctx->key_len == ciphers[i].keylen) {
-+                       cipher = ciphers[i].id;
+            cipher = ciphers[i].id;
-+                       break;
+            break;
-+               }
+        }
 +
-+       if (!ciphers[i].id) {
+    if (!ciphers[i].id) {
-+               state->d_fd = -1;
+        state->d_fd = -1;
-+               return (0);
+        return (0);
-+       }
+    }
 +
-+       memset(sess, 0, sizeof(struct session_op));
+    memset(sess, 0, sizeof(struct session_op));
 +
-+       sess->key = (caddr_t)key;
+    sess->key = (caddr_t) key;
-+       sess->keylen = ctx->key_len;
+    sess->keylen = ctx->key_len;
-+       sess->cipher = cipher;
+    sess->cipher = cipher;
 +
-+       /* for whatever reason, (1) means success */
+    /* for whatever reason, (1) means success */
-+       return (1);
+    return (1);
 +}
 +
-+
+/*
- /*
  * free anything we allocated earlier when initting a
  * session, and close the session.
-@@ -488,6 +596,63 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
+  */
-        return (ret);
+@@ -529,6 +640,63 @@ static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
+     return (ret);
 }
 
-+static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
-+               void *ptr)
+                                        int arg, void *ptr)
 +{
-+       switch (type) {
+    switch (type) {
-+       case EVP_CTRL_AEAD_SET_MAC_KEY:
+    case EVP_CTRL_AEAD_SET_MAC_KEY:
-+       {
+        {
-+               /* TODO: what happens with hmac keys larger than 64 bytes? */
+            /* TODO: what happens with hmac keys larger than 64 bytes? */
-+               struct dev_crypto_state *state = ctx->cipher_data;
+            struct dev_crypto_state *state = ctx->cipher_data;
-+               struct session_op *sess = &state->d_sess;
+            struct session_op *sess = &state->d_sess;
 +
-+               if ((state->d_fd = get_dev_crypto()) < 0)
+            if ((state->d_fd = get_dev_crypto()) < 0)
-+                       return (0);
+                return (0);
 +
-+               /* the rest should have been set in cryptodev_init_aead_key */
+            /* the rest should have been set in cryptodev_init_aead_key */
-+               sess->mackey = ptr;
+            sess->mackey = ptr;
-+               sess->mackeylen = arg;
+            sess->mackeylen = arg;
 +
-+               if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
+            if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
-+                       put_dev_crypto(state->d_fd);
+                put_dev_crypto(state->d_fd);
-+                       state->d_fd = -1;
+                state->d_fd = -1;
-+                       return (0);
+                return (0);
-+               }
+            }
-+               return (1);
+            return (1);
-+       }
+        }
-+       case EVP_CTRL_AEAD_TLS1_AAD:
+    case EVP_CTRL_AEAD_TLS1_AAD:
-+       {
+        {
-+               /* ptr points to the associated data buffer of 13 bytes */
+            /* ptr points to the associated data buffer of 13 bytes */
-+               struct dev_crypto_state *state = ctx->cipher_data;
+            struct dev_crypto_state *state = ctx->cipher_data;
-+               unsigned char *p = ptr;
+            unsigned char *p = ptr;
-+               unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
+            unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
-+               unsigned int maclen, padlen;
+            unsigned int maclen, padlen;
-+               unsigned int bs = ctx->cipher->block_size;
+            unsigned int bs = ctx->cipher->block_size;
 +
-+               state->aad = ptr;
+            state->aad = ptr;
-+               state->aad_len = arg;
+            state->aad_len = arg;
-+               state->len = cryptlen;
+            state->len = cryptlen;
 +
-+               /* TODO: this should be an extension of EVP_CIPHER struct */
+            /* TODO: this should be an extension of EVP_CIPHER struct */
-+               switch (ctx->cipher->nid) {
+            switch (ctx->cipher->nid) {
-+               case NID_aes_128_cbc_hmac_sha1:
+            case NID_aes_128_cbc_hmac_sha1:
-+               case NID_aes_256_cbc_hmac_sha1:
+            case NID_aes_256_cbc_hmac_sha1:
-+                       maclen = SHA_DIGEST_LENGTH;
+                maclen = SHA_DIGEST_LENGTH;
-+               }
+            }
 +
-+               /* space required for encryption (not only TLS padding) */
+            /* space required for encryption (not only TLS padding) */
-+               padlen = maclen;
+            padlen = maclen;
-+               if (ctx->encrypt) {
+            if (ctx->encrypt) {
-+                       cryptlen += maclen;
+                cryptlen += maclen;
-+                       padlen += bs - (cryptlen % bs);
+                padlen += bs - (cryptlen % bs);
-+               }
+            }
-+               return padlen;
+            return padlen;
-+       }
+        }
-+       default:
+    default:
-+               return -1;
+        return -1;
-+       }
+    }
 +}
 +
 /*
  * libcrypto EVP stuff - this is how we get wired to EVP so the engine
  * gets called when libcrypto requests a cipher NID.
-@@ -600,6 +765,33 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
+@@ -641,6 +809,34 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
-        NULL
+     NULL
 };
 
 +const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
-+       NID_aes_128_cbc_hmac_sha1,
+    NID_aes_128_cbc_hmac_sha1,
-+       16, 16, 16,
+    16, 16, 16,
-+       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+       cryptodev_init_aead_key,
+    cryptodev_init_aead_key,
-+       cryptodev_aead_cipher,
+    cryptodev_aead_cipher,
-+       cryptodev_cleanup,
+    cryptodev_cleanup,
-+       sizeof(struct dev_crypto_state),
+    sizeof(struct dev_crypto_state),
-+       EVP_CIPHER_set_asn1_iv,
+    EVP_CIPHER_set_asn1_iv,
-+       EVP_CIPHER_get_asn1_iv,
+    EVP_CIPHER_get_asn1_iv,
-+       cryptodev_cbc_hmac_sha1_ctrl,
+    cryptodev_cbc_hmac_sha1_ctrl,
-+       NULL
+    NULL
 +};
 +
 +const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
-+       NID_aes_256_cbc_hmac_sha1,
+    NID_aes_256_cbc_hmac_sha1,
-+       16, 32, 16,
+    16, 32, 16,
-+       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+       cryptodev_init_aead_key,
+    cryptodev_init_aead_key,
-+       cryptodev_aead_cipher,
+    cryptodev_aead_cipher,
-+       cryptodev_cleanup,
+    cryptodev_cleanup,
-+       sizeof(struct dev_crypto_state),
+    sizeof(struct dev_crypto_state),
-+       EVP_CIPHER_set_asn1_iv,
+    EVP_CIPHER_set_asn1_iv,
-+       EVP_CIPHER_get_asn1_iv,
+    EVP_CIPHER_get_asn1_iv,
-+       cryptodev_cbc_hmac_sha1_ctrl,
+    cryptodev_cbc_hmac_sha1_ctrl,
-+       NULL
+    NULL
 +};
- /*
+
-  * Registered by the ENGINE when used to find out how to deal with
+ # ifdef CRYPTO_AES_CTR
-  * a particular NID in the ENGINE. this says what we'll do at the
+ const EVP_CIPHER cryptodev_aes_ctr = {
-@@ -637,6 +829,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+     NID_aes_128_ctr,
-        case NID_aes_256_cbc:
+@@ -729,6 +925,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-                *cipher = &cryptodev_aes_256_cbc;
+         *cipher = &cryptodev_aes_ctr_256;
-                break;
+         break;
-+       case NID_aes_128_cbc_hmac_sha1:
+ # endif
-+               *cipher = &cryptodev_aes_128_cbc_hmac_sha1;
+    case NID_aes_128_cbc_hmac_sha1:
-+               break;
+        *cipher = &cryptodev_aes_128_cbc_hmac_sha1;
-+       case NID_aes_256_cbc_hmac_sha1:
+        break;
-+               *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
+    case NID_aes_256_cbc_hmac_sha1:
-+               break;
+        *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
-        default:
+        break;
-                *cipher = NULL;
+     default:
-                break;
+         *cipher = NULL;
-@@ -1384,6 +1582,8 @@ ENGINE_load_cryptodev(void)
+         break;
-        }
+@@ -1472,6 +1674,8 @@ void ENGINE_load_cryptodev(void)
-        put_dev_crypto(fd);
+     }
+     put_dev_crypto(fd);
 
-+       EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
+    EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
-+       EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
+    EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
-        if (!ENGINE_set_id(engine, "cryptodev") ||
+     if (!ENGINE_set_id(engine, "cryptodev") ||
-            !ENGINE_set_name(engine, "BSD cryptodev engine") ||
+         !ENGINE_set_name(engine, "BSD cryptodev engine") ||
-            !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
+         !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
 -- 
-2.3.5
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch
index f0d97e9a1..9d30cc321 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch
@@ -1,64 +1,61 @@
-From 084fa469a8fef530d71a0870364df1c7997f6465 Mon Sep 17 00:00:00 2001
+From 36bb0879b498f8e87798848dafa058476f723165 Mon Sep 17 00:00:00 2001
 From: Cristian Stoica <cristian.stoica@freescale.com>
 Date: Thu, 31 Jul 2014 14:06:19 +0300
-Subject: [PATCH 03/26] cryptodev: fix algorithm registration
+Subject: [PATCH 03/48] cryptodev: fix algorithm registration
 Cryptodev specific algorithms must register only if available in kernel.
-Change-Id: Iec5af8f4f3138357e4b96f2ec1627278134e4808
 Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/15326
 Reviewed-by: Horia Ioan Geanta Neag <horia.geanta@freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/17224
 ---
 crypto/engine/eng_cryptodev.c | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)
 diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 7588a28..e3eb98b 100644
+index 4d783d4..3b6515e 100644
 --- a/crypto/engine/eng_cryptodev.c
 +++ b/crypto/engine/eng_cryptodev.c
-@@ -133,6 +133,8 @@ static int cryptodev_dh_compute_key(unsigned char *key,
+@@ -134,6 +134,8 @@ static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
 static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
-     void (*f)(void));
+                           void (*f) (void));
 void ENGINE_load_cryptodev(void);
 +const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
 +const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
 
 static const ENGINE_CMD_DEFN cryptodev_defns[] = {
-        { 0, NULL, NULL, 0 }
+     {0, NULL, NULL, 0}
-@@ -342,7 +344,21 @@ get_cryptodev_digests(const int **cnids)
+@@ -389,7 +391,21 @@ static int get_cryptodev_digests(const int **cnids)
- static int
+  */
- cryptodev_usable_ciphers(const int **nids)
+ static int cryptodev_usable_ciphers(const int **nids)
 {
-       return (get_cryptodev_ciphers(nids));
+-    return (get_cryptodev_ciphers(nids));
-+       int i, count;
+    int i, count;
 +
-+       count = get_cryptodev_ciphers(nids);
+    count = get_cryptodev_ciphers(nids);
-+       /* add ciphers specific to cryptodev if found in kernel */
+    /* add ciphers specific to cryptodev if found in kernel */
-+       for(i = 0; i < count; i++) {
+    for (i = 0; i < count; i++) {
-+               switch (*(*nids + i)) {
+        switch (*(*nids + i)) {
-+               case NID_aes_128_cbc_hmac_sha1:
+        case NID_aes_128_cbc_hmac_sha1:
-+                       EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
+            EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
-+                       break;
+            break;
-+               case NID_aes_256_cbc_hmac_sha1:
+        case NID_aes_256_cbc_hmac_sha1:
-+                       EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
+            EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
-+                       break;
+            break;
-+               }
+        }
-+       }
+    }
-+       return count;
+    return count;
 }
 
- static int
+ static int cryptodev_usable_digests(const int **nids)
-@@ -1582,8 +1598,6 @@ ENGINE_load_cryptodev(void)
+@@ -1674,8 +1690,6 @@ void ENGINE_load_cryptodev(void)
-        }
+     }
-        put_dev_crypto(fd);
+     put_dev_crypto(fd);
 
-       EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
+-    EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
-       EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
+-    EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
-        if (!ENGINE_set_id(engine, "cryptodev") ||
+     if (!ENGINE_set_id(engine, "cryptodev") ||
-            !ENGINE_set_name(engine, "BSD cryptodev engine") ||
+         !ENGINE_set_name(engine, "BSD cryptodev engine") ||
-            !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
+         !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
 -- 
-2.3.5
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-ECC-Support-header-for-Cryptodev-Engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch
index c9ff5aa8c..64a5c704c 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-ECC-Support-header-for-Cryptodev-Engine.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch
@@ -1,22 +1,22 @@
-From 15abbcd740eafbf2a46b5da24be76acf4982743d Mon Sep 17 00:00:00 2001
+From 0a9f99574266225c6fa1a10d91eb3fdc755140b8 Mon Sep 17 00:00:00 2001
 From: Yashpal Dutta <yashpal.dutta@freescale.com>
 Date: Tue, 11 Mar 2014 05:56:54 +0545
-Subject: [PATCH 05/26] ECC Support header for Cryptodev Engine
+Subject: [PATCH 04/48] ECC Support header for Cryptodev Engine
 Upstream-status: Pending
 Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
 ---
- crypto/engine/eng_cryptodev_ec.h | 296 +++++++++++++++++++++++++++++++++++++++
+ crypto/engine/eng_cryptodev_ec.h | 297 +++++++++++++++++++++++++++++++++++++++
- 1 file changed, 296 insertions(+)
+ 1 file changed, 297 insertions(+)
 create mode 100644 crypto/engine/eng_cryptodev_ec.h
 diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h
 new file mode 100644
-index 0000000..77aee71
+index 0000000..af54c51
 --- /dev/null
 +++ b/crypto/engine/eng_cryptodev_ec.h
-@@ -0,0 +1,296 @@
+@@ -0,0 +1,297 @@
 +/*
 + * Copyright (C) 2012 Freescale Semiconductor, Inc.
 + *
@@ -29,16 +29,17 @@ index 0000000..77aee71
 + *    notice, this list of conditions and the following disclaimer in the
 + *    documentation and/or other materials provided with the distribution.
 + *
-+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
-+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-+ * NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
 + */
 +#ifndef __ENG_EC_H
 +#define __ENG_EC_H
@@ -314,5 +315,5 @@ index 0000000..77aee71
 +};
 +#endif
 -- 
-2.3.5
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch
deleted file mode 100644
index 2d722d8a2..000000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From 7d770f0324498d1fa78300cc5cecc8c1dcd3b788 Mon Sep 17 00:00:00 2001
-From: Andy Polyakov <appro@openssl.org>
-Date: Sun, 21 Oct 2012 18:19:41 +0000
-Subject: [PATCH 04/26] linux-pcc: make it more robust and recognize
- KERNEL_BITS variable.
-(cherry picked from commit 78c3e20579d3baa159c8b51b59d415b6e521614b)
-Change-Id: I769c466f052305681ab54a1b6545d94c7fbf5a9d
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
---
- config          | 19 +++++++++++++------
- crypto/ppccap.c |  7 +++++++
- 2 files changed, 20 insertions(+), 6 deletions(-)
-diff --git a/config b/config
-index 41fa2a6..f37b9e6 100755
--- a/config
-+++ b/config
-@@ -587,13 +587,20 @@ case "$GUESSOS" in
-        fi
-        ;;
-   ppc64-*-linux2)
-       echo "WARNING! If you wish to build 64-bit library, then you have to"
-       echo "         invoke './Configure linux-ppc64' *manually*."
-       if [ "$TEST" = "false" -a -t 1 ]; then
-           echo "         You have about 5 seconds to press Ctrl-C to abort."
-           (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
-+       if [ -z "$KERNEL_BITS" ]; then
-+           echo "WARNING! If you wish to build 64-bit library, then you have to"
-+           echo "         invoke './Configure linux-ppc64' *manually*."
-+           if [ "$TEST" = "false" -a -t 1 ]; then
-+               echo "         You have about 5 seconds to press Ctrl-C to abort."
-+               (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
-+           fi
-+       fi
-+       if [ "$KERNEL_BITS" = "64" ]; then
-+           OUT="linux-ppc64"
-+       else
-+           OUT="linux-ppc"
-+           (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || options="$options -m32"
-        fi
-       OUT="linux-ppc"
-        ;;
-   ppc-*-linux2) OUT="linux-ppc" ;;
-   ppc60x-*-vxworks*) OUT="vxworks-ppc60x" ;;
-diff --git a/crypto/ppccap.c b/crypto/ppccap.c
-index f71ba66..531f1b3 100644
--- a/crypto/ppccap.c
-+++ b/crypto/ppccap.c
-@@ -4,6 +4,9 @@
- #include <setjmp.h>
- #include <signal.h>
- #include <unistd.h>
-+#ifdef __linux
-+#include <sys/utsname.h>
-+#endif
- #include <crypto.h>
- #include <openssl/bn.h>
- 
-@@ -102,6 +105,10 @@ void OPENSSL_cpuid_setup(void)
- 
-        if (sizeof(size_t)==4)
-                {
-+#ifdef __linux
-+               struct utsname uts;
-+               if (uname(&uts)==0 && strcmp(uts.machine,"ppc64")==0)
-+#endif
-                if (sigsetjmp(ill_jmp,1) == 0)
-                        {
-                        OPENSSL_ppc64_probe();
-- 
-2.3.5
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch
new file mode 100644
index 000000000..ad253064e
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch
@@ -0,0 +1,1578 @@
+From e28df2a5c63dc6195a6065bfd7de9fc860129f56 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Tue, 11 Mar 2014 06:29:52 +0545
+Subject: [PATCH 05/48] Initial support for PKC in cryptodev engine
+Upstream-status: Pending
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 1365 ++++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 1202 insertions(+), 163 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 3b6515e..0b41bb2 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -58,6 +58,10 @@ void ENGINE_load_cryptodev(void)
+ # include <openssl/dsa.h>
+ # include <openssl/err.h>
+ # include <openssl/rsa.h>
+# include <crypto/ecdsa/ecs_locl.h>
+# include <crypto/ecdh/ech_locl.h>
+# include <crypto/ec/ec_lcl.h>
+# include <crypto/ec/ec.h>
+ # include <sys/ioctl.h>
+ # include <errno.h>
+ # include <stdio.h>
+@@ -67,6 +71,7 @@ void ENGINE_load_cryptodev(void)
+ # include <syslog.h>
+ # include <errno.h>
+ # include <string.h>
+# include "eng_cryptodev_ec.h"
+ 
+ struct dev_crypto_state {
+     struct session_op d_sess;
+@@ -115,20 +120,10 @@ static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+                                        BN_CTX *ctx);
+ static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+                                  BN_CTX *ctx);
+-static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
+-                                    const BIGNUM *p, const BIGNUM *m,
+-                                    BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+-static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+-                                     BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2,
+-                                     BIGNUM *p, BN_CTX *ctx,
+-                                     BN_MONT_CTX *mont);
+ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
+                                       DSA *dsa);
+ static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
+                                 DSA_SIG *sig, DSA *dsa);
+-static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+-                                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+-                                BN_MONT_CTX *m_ctx);
+ static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
+                                     DH *dh);
+ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
+@@ -137,6 +132,105 @@ void ENGINE_load_cryptodev(void);
+ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
+ 
+inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
+{
+    int len;
+    unsigned char *p;
+
+    len = BN_num_bytes(bn);
+
+    if (!len)
+        return -1;
+
+    p = malloc(len);
+    if (!p)
+        return -1;
+
+    BN_bn2bin(bn, p);
+
+    *bin = p;
+    *bin_len = len;
+
+    return 0;
+}
+
+inline int spcf_bn2bin_ex(BIGNUM *bn, unsigned char **bin, int *bin_len)
+{
+    int len;
+    unsigned char *p;
+
+    len = BN_num_bytes(bn);
+
+    if (!len)
+        return -1;
+
+    if (len < *bin_len)
+        p = malloc(*bin_len);
+    else
+        p = malloc(len);
+
+    if (!p)
+        return -ENOMEM;
+
+    if (len < *bin_len) {
+        /* place padding */
+        memset(p, 0, (*bin_len - len));
+        BN_bn2bin(bn, p + (*bin_len - len));
+    } else {
+        BN_bn2bin(bn, p);
+    }
+
+    *bin = p;
+    if (len >= *bin_len)
+        *bin_len = len;
+
+    return 0;
+}
+
+/**
+ * Convert an ECC F2m 'b' parameter into the 'c' parameter.
+ *Inputs:
+ * q, the curve's modulus
+ * b, the curve's b parameter
+ * (a bignum for b, a buffer for c)
+ * Output:
+ * c, written into bin, right-adjusted to fill q_len bytes.
+ */
+static int
+eng_ec_compute_cparam(const BIGNUM *b, const BIGNUM *q,
+                      unsigned char **bin, int *bin_len)
+{
+    BIGNUM *c = BN_new();
+    BIGNUM *exp = BN_new();
+    BN_CTX *ctx = BN_CTX_new();
+    int m = BN_num_bits(q) - 1;
+    int ok = 0;
+
+    if (!c || !exp || !ctx || *bin)
+        goto err;
+
+    /*
+     * We have to compute c, where b = c^4, i.e., the fourth root of b.
+     * The equation for c is c = b^(2^(m-2))
+     * Compute exp = 2^(m-2)
+     * (1 << x) == 2^x
+     * and then compute c = b^exp
+     */
+    BN_lshift(exp, BN_value_one(), m - 2);
+    BN_GF2m_mod_exp(c, b, exp, q, ctx);
+    /* Store c */
+    spcf_bn2bin_ex(c, bin, bin_len);
+    ok = 1;
+ err:
+    if (ctx)
+        BN_CTX_free(ctx);
+    if (c)
+        BN_free(c);
+    if (exp)
+        BN_free(exp);
+    return ok;
+}
+
+ static const ENGINE_CMD_DEFN cryptodev_defns[] = {
+     {0, NULL, NULL, 0}
+ };
+@@ -1225,7 +1319,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+  */
+ static int bn2crparam(const BIGNUM *a, struct crparam *crp)
+ {
+-    int i, j, k;
+     ssize_t bytes, bits;
+     u_char *b;
+ 
+@@ -1243,36 +1336,21 @@ static int bn2crparam(const BIGNUM *a, struct crparam *crp)
+     crp->crp_p = (caddr_t) b;
+     crp->crp_nbits = bits;
+ 
+-    for (i = 0, j = 0; i < a->top; i++) {
+-        for (k = 0; k < BN_BITS2 / 8; k++) {
+-            if ((j + k) >= bytes)
+-                return (0);
+-            b[j + k] = a->d[i] >> (k * 8);
+-        }
+-        j += BN_BITS2 / 8;
+-    }
+    BN_bn2bin(a, crp->crp_p);
+     return (0);
+ }
+ 
+ /* Convert a /dev/crypto parameter to a BIGNUM */
+ static int crparam2bn(struct crparam *crp, BIGNUM *a)
+ {
+-    u_int8_t *pd;
+-    int i, bytes;
+    int bytes;
+ 
+     bytes = (crp->crp_nbits + 7) / 8;
+ 
+     if (bytes == 0)
+         return (-1);
+ 
+-    if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
+-        return (-1);
+-
+-    for (i = 0; i < bytes; i++)
+-        pd[i] = crp->crp_p[bytes - i - 1];
+-
+-    BN_bin2bn(pd, bytes, a);
+-    free(pd);
+    BN_bin2bn(crp->crp_p, bytes, a);
+ 
+     return (0);
+ }
+@@ -1321,6 +1399,32 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+     return (ret);
+ }
+ 
+/* Close an opened instance of cryptodev engine */
+void cryptodev_close_instance(void *handle)
+{
+    int fd;
+
+    if (handle) {
+        fd = *(int *)handle;
+        close(fd);
+        free(handle);
+    }
+}
+
+/* Create an instance of cryptodev for asynchronous interface */
+void *cryptodev_init_instance(void)
+{
+    int *fd = malloc(sizeof(int));
+
+    if (fd) {
+        if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) {
+            free(fd);
+            return NULL;
+        }
+    }
+    return fd;
+}
+
+ static int
+ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                      const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+@@ -1337,8 +1441,9 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+         return (ret);
+     }
+ 
+-    memset(&kop, 0, sizeof kop);
+     kop.crk_op = CRK_MOD_EXP;
+    kop.crk_oparams = 0;
+    kop.crk_status = 0;
+ 
+     /* inputs: a^p % m */
+     if (bn2crparam(a, &kop.crk_param[0]))
+@@ -1381,28 +1486,39 @@ static int
+ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+ {
+     struct crypt_kop kop;
+-    int ret = 1;
+    int ret = 1, f_len, p_len, q_len;
+    unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq =
+        NULL, *c = NULL;
+ 
+     if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+         /* XXX 0 means failure?? */
+         return (0);
+     }
+ 
+-    memset(&kop, 0, sizeof kop);
+    kop.crk_oparams = 0;
+    kop.crk_status = 0;
+     kop.crk_op = CRK_MOD_EXP_CRT;
+    f_len = BN_num_bytes(rsa->n);
+    spcf_bn2bin_ex(I, &f, &f_len);
+    spcf_bn2bin(rsa->p, &p, &p_len);
+    spcf_bn2bin(rsa->q, &q, &q_len);
+    spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
+    spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
+    spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
+     /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
+-    if (bn2crparam(rsa->p, &kop.crk_param[0]))
+-        goto err;
+-    if (bn2crparam(rsa->q, &kop.crk_param[1]))
+-        goto err;
+-    if (bn2crparam(I, &kop.crk_param[2]))
+-        goto err;
+-    if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
+-        goto err;
+-    if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
+-        goto err;
+-    if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
+-        goto err;
+    kop.crk_param[0].crp_p = p;
+    kop.crk_param[0].crp_nbits = p_len * 8;
+    kop.crk_param[1].crp_p = q;
+    kop.crk_param[1].crp_nbits = q_len * 8;
+    kop.crk_param[2].crp_p = f;
+    kop.crk_param[2].crp_nbits = f_len * 8;
+    kop.crk_param[3].crp_p = dp;
+    kop.crk_param[3].crp_nbits = p_len * 8;
+    /* dq must of length q, rest all of length p */
+    kop.crk_param[4].crp_p = dq;
+    kop.crk_param[4].crp_nbits = q_len * 8;
+    kop.crk_param[5].crp_p = c;
+    kop.crk_param[5].crp_nbits = p_len * 8;
+     kop.crk_iparams = 6;
+ 
+     if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
+@@ -1438,93 +1554,120 @@ static RSA_METHOD cryptodev_rsa = {
+     NULL                        /* rsa_verify */
+ };
+ 
+-static int
+-cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+-                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+-{
+-    return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+-}
+-
+-static int
+-cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+-                          BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+-                          BN_CTX *ctx, BN_MONT_CTX *mont)
+static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
+                                      DSA *dsa)
+ {
+-    BIGNUM t2;
+-    int ret = 0;
+-
+-    BN_init(&t2);
+-
+-    /* v = ( g^u1 * y^u2 mod p ) mod q */
+-    /* let t1 = g ^ u1 mod p */
+-    ret = 0;
+    struct crypt_kop kop;
+    BIGNUM *c = NULL, *d = NULL;
+    DSA_SIG *dsaret = NULL;
+    int q_len = 0, r_len = 0, g_len = 0;
+    int priv_key_len = 0, ret;
+    unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f =
+        NULL;
+ 
+-    if (!dsa->meth->bn_mod_exp(dsa, t1, dsa->g, u1, dsa->p, ctx, mont))
+    memset(&kop, 0, sizeof kop);
+    if ((c = BN_new()) == NULL) {
+        DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+         goto err;
+    }
+ 
+-    /* let t2 = y ^ u2 mod p */
+-    if (!dsa->meth->bn_mod_exp(dsa, &t2, dsa->pub_key, u2, dsa->p, ctx, mont))
+    if ((d = BN_new()) == NULL) {
+        BN_free(c);
+        DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+         goto err;
+-    /* let u1 = t1 * t2 mod p */
+-    if (!BN_mod_mul(u1, t1, &t2, dsa->p, ctx))
+    }
+
+    if (spcf_bn2bin(dsa->p, &q, &q_len)) {
+        DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+         goto err;
+    }
+ 
+-    BN_copy(t1, u1);
+    /* Get order of the field of private keys into plain buffer */
+    if (spcf_bn2bin(dsa->q, &r, &r_len)) {
+        DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+ 
+-    ret = 1;
+- err:
+-    BN_free(&t2);
+-    return (ret);
+-}
+    /* sanity test */
+    if (dlen > r_len) {
+        DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        goto err;
+    }
+ 
+-static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
+-                                      DSA *dsa)
+-{
+-    struct crypt_kop kop;
+-    BIGNUM *r = NULL, *s = NULL;
+-    DSA_SIG *dsaret = NULL;
+    g_len = q_len;
+    /**
+     * Get generator into a plain buffer. If length is less than
+     * q_len then add leading padding bytes.
+     */
+    if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
+        DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+ 
+-    if ((r = BN_new()) == NULL)
+    priv_key_len = r_len;
+    /**
+     * Get private key into a plain buffer. If length is less than
+     * r_len then add leading padding bytes.
+     */
+    if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) {
+        DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+         goto err;
+-    if ((s = BN_new()) == NULL) {
+-        BN_free(r);
+    }
+
+    /* Allocate memory to store hash. */
+    f = OPENSSL_malloc(r_len);
+    if (!f) {
+        DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+         goto err;
+     }
+ 
+-    memset(&kop, 0, sizeof kop);
+    /* Add padding, since SEC expects hash to of size r_len */
+    if (dlen < r_len)
+        memset(f, 0, r_len - dlen);
+
+    /* Skip leading bytes if dgst_len < r_len */
+    memcpy(f + r_len - dlen, dgst, dlen);
+
+     kop.crk_op = CRK_DSA_SIGN;
+ 
+     /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+-    kop.crk_param[0].crp_p = (caddr_t) dgst;
+-    kop.crk_param[0].crp_nbits = dlen * 8;
+-    if (bn2crparam(dsa->p, &kop.crk_param[1]))
+-        goto err;
+-    if (bn2crparam(dsa->q, &kop.crk_param[2]))
+-        goto err;
+-    if (bn2crparam(dsa->g, &kop.crk_param[3]))
+    kop.crk_param[0].crp_p = (void *)f;
+    kop.crk_param[0].crp_nbits = r_len * 8;
+    kop.crk_param[1].crp_p = (void *)q;
+    kop.crk_param[1].crp_nbits = q_len * 8;
+    kop.crk_param[2].crp_p = (void *)r;
+    kop.crk_param[2].crp_nbits = r_len * 8;
+    kop.crk_param[3].crp_p = (void *)g;
+    kop.crk_param[3].crp_nbits = g_len * 8;
+    kop.crk_param[4].crp_p = (void *)priv_key;
+    kop.crk_param[4].crp_nbits = priv_key_len * 8;
+    kop.crk_iparams = 5;
+
+    ret = cryptodev_asym(&kop, r_len, c, r_len, d);
+
+    if (ret) {
+        DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DECODE_ERROR);
+         goto err;
+-    if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
+    }
+
+    dsaret = DSA_SIG_new();
+    if (dsaret == NULL)
+         goto err;
+-    kop.crk_iparams = 5;
+    dsaret->r = c;
+    dsaret->s = d;
+ 
+-    if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
+-                       BN_num_bytes(dsa->q), s) == 0) {
+-        dsaret = DSA_SIG_new();
+-        if (dsaret == NULL)
+-            goto err;
+-        dsaret->r = r;
+-        dsaret->s = s;
+-        r = s = NULL;
+-    } else {
+    zapparams(&kop);
+    return (dsaret);
+ err:
+    {
+         const DSA_METHOD *meth = DSA_OpenSSL();
+        if (c)
+            BN_free(c);
+        if (d)
+            BN_free(d);
+         dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);
+        return (dsaret);
+     }
+- err:
+-    BN_free(r);
+-    BN_free(s);
+-    kop.crk_param[0].crp_p = NULL;
+-    zapparams(&kop);
+-    return (dsaret);
+ }
+ 
+ static int
+@@ -1532,43 +1675,175 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
+                      DSA_SIG *sig, DSA *dsa)
+ {
+     struct crypt_kop kop;
+-    int dsaret = 1;
+    int dsaret = 1, q_len = 0, r_len = 0, g_len = 0;
+    int w_len = 0, c_len = 0, d_len = 0, ret = -1;
+    unsigned char *q = NULL, *r = NULL, *w = NULL, *g = NULL;
+    unsigned char *c = NULL, *d = NULL, *f = NULL;
+ 
+     memset(&kop, 0, sizeof kop);
+     kop.crk_op = CRK_DSA_VERIFY;
+ 
+-    /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
+-    kop.crk_param[0].crp_p = (caddr_t) dgst;
+-    kop.crk_param[0].crp_nbits = dlen * 8;
+-    if (bn2crparam(dsa->p, &kop.crk_param[1]))
+    if (spcf_bn2bin(dsa->p, &q, &q_len)) {
+        DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        return ret;
+    }
+
+    /* Get Order of field of private keys */
+    if (spcf_bn2bin(dsa->q, &r, &r_len)) {
+        DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    g_len = q_len;
+        /**
+         * Get generator into a plain buffer. If length is less than
+         * q_len then add leading padding bytes.
+         */
+    if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
+        DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+         goto err;
+-    if (bn2crparam(dsa->q, &kop.crk_param[2]))
+    }
+    w_len = q_len;
+        /**
+         * Get public key into a plain buffer. If length is less than
+         * q_len then add leading padding bytes.
+         */
+    if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) {
+        DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+         goto err;
+-    if (bn2crparam(dsa->g, &kop.crk_param[3]))
+    }
+        /**
+         * Get the 1st part of signature into a flat buffer with
+         * appropriate padding
+         */
+    c_len = r_len;
+
+    if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+         goto err;
+-    if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
+    }
+
+        /**
+         * Get the 2nd part of signature into a flat buffer with
+         * appropriate padding
+         */
+    d_len = r_len;
+
+    if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+         goto err;
+-    if (bn2crparam(sig->r, &kop.crk_param[5]))
+    }
+
+    /* Sanity test */
+    if (dlen > r_len) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+         goto err;
+-    if (bn2crparam(sig->s, &kop.crk_param[6]))
+    }
+
+    /* Allocate memory to store hash. */
+    f = OPENSSL_malloc(r_len);
+    if (!f) {
+        DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+         goto err;
+    }
+
+    /* Add padding, since SEC expects hash to of size r_len */
+    if (dlen < r_len)
+        memset(f, 0, r_len - dlen);
+
+    /* Skip leading bytes if dgst_len < r_len */
+    memcpy(f + r_len - dlen, dgst, dlen);
+
+    /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
+    kop.crk_param[0].crp_p = (void *)f;
+    kop.crk_param[0].crp_nbits = r_len * 8;
+    kop.crk_param[1].crp_p = q;
+    kop.crk_param[1].crp_nbits = q_len * 8;
+    kop.crk_param[2].crp_p = r;
+    kop.crk_param[2].crp_nbits = r_len * 8;
+    kop.crk_param[3].crp_p = g;
+    kop.crk_param[3].crp_nbits = g_len * 8;
+    kop.crk_param[4].crp_p = w;
+    kop.crk_param[4].crp_nbits = w_len * 8;
+    kop.crk_param[5].crp_p = c;
+    kop.crk_param[5].crp_nbits = c_len * 8;
+    kop.crk_param[6].crp_p = d;
+    kop.crk_param[6].crp_nbits = d_len * 8;
+     kop.crk_iparams = 7;
+ 
+-    if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
+-        /*
+-         * OCF success value is 0, if not zero, change dsaret to fail
+-         */
+-        if (0 != kop.crk_status)
+-            dsaret = 0;
+-    } else {
+-        const DSA_METHOD *meth = DSA_OpenSSL();
+    if ((cryptodev_asym(&kop, 0, NULL, 0, NULL))) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR);
+        goto err;
+    }
+ 
+-        dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
+    /*
+     * OCF success value is 0, if not zero, change dsaret to fail
+     */
+    if (0 != kop.crk_status) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR);
+        goto err;
+     }
+- err:
+-    kop.crk_param[0].crp_p = NULL;
+
+     zapparams(&kop);
+     return (dsaret);
+ err:
+    {
+        const DSA_METHOD *meth = DSA_OpenSSL();
+        dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
+        return dsaret;
+    }
+}
+
+/* Cryptodev DSA Key Gen routine */
+static int cryptodev_dsa_keygen(DSA *dsa)
+{
+    struct crypt_kop kop;
+    int ret = 1, g_len;
+    unsigned char *g = NULL;
+
+    if (dsa->priv_key == NULL) {
+        if ((dsa->priv_key = BN_new()) == NULL)
+            goto sw_try;
+    }
+
+    if (dsa->pub_key == NULL) {
+        if ((dsa->pub_key = BN_new()) == NULL)
+            goto sw_try;
+    }
+
+    g_len = BN_num_bytes(dsa->p);
+        /**
+         * Get generator into a plain buffer. If length is less than
+         * p_len then add leading padding bytes.
+         */
+    if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
+        DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
+        goto sw_try;
+    }
+
+    memset(&kop, 0, sizeof kop);
+
+    kop.crk_op = CRK_DSA_GENERATE_KEY;
+    if (bn2crparam(dsa->p, &kop.crk_param[0]))
+        goto sw_try;
+    if (bn2crparam(dsa->q, &kop.crk_param[1]))
+        goto sw_try;
+    kop.crk_param[2].crp_p = g;
+    kop.crk_param[2].crp_nbits = g_len * 8;
+    kop.crk_iparams = 3;
+
+    /* pub_key is or prime length while priv key is of length of order */
+    if (cryptodev_asym(&kop, BN_num_bytes(dsa->p), dsa->pub_key,
+                       BN_num_bytes(dsa->q), dsa->priv_key))
+        goto sw_try;
+
+    return ret;
+ sw_try:
+    {
+        const DSA_METHOD *meth = DSA_OpenSSL();
+        ret = (meth->dsa_keygen) (dsa);
+    }
+    return ret;
+ }
+ 
+ static DSA_METHOD cryptodev_dsa = {
+@@ -1584,12 +1859,558 @@ static DSA_METHOD cryptodev_dsa = {
+     NULL                        /* app_data */
+ };
+ 
+-static int
+-cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+-                     const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+-                     BN_MONT_CTX *m_ctx)
+static ECDSA_METHOD cryptodev_ecdsa = {
+    "cryptodev ECDSA method",
+    NULL,
+    NULL,                       /* ecdsa_sign_setup */
+    NULL,
+    NULL,
+    0,                          /* flags */
+    NULL                        /* app_data */
+};
+
+typedef enum ec_curve_s {
+    EC_PRIME,
+    EC_BINARY
+} ec_curve_t;
+
+/* ENGINE handler for ECDSA Sign */
+static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
+                                          int dgst_len, const BIGNUM *in_kinv,
+                                          const BIGNUM *in_r, EC_KEY *eckey)
+ {
+-    return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+    BIGNUM *m = NULL, *p = NULL, *a = NULL;
+    BIGNUM *b = NULL, *x = NULL, *y = NULL;
+    BN_CTX *ctx = NULL;
+    ECDSA_SIG *ret = NULL;
+    ECDSA_DATA *ecdsa = NULL;
+    unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
+    unsigned char *s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst =
+        NULL;
+    int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
+    int g_len = 0, d_len = 0, ab_len = 0;
+    const BIGNUM *order = NULL, *priv_key = NULL;
+    const EC_GROUP *group = NULL;
+    struct crypt_kop kop;
+    ec_curve_t ec_crv = EC_PRIME;
+
+    memset(&kop, 0, sizeof(kop));
+    ecdsa = ecdsa_check(eckey);
+    if (!ecdsa) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+
+    group = EC_KEY_get0_group(eckey);
+    priv_key = EC_KEY_get0_private_key(eckey);
+
+    if (!group || !priv_key) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
+        (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
+        (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
+        (y = BN_new()) == NULL) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    order = &group->order;
+    if (!order || BN_is_zero(order)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
+        goto err;
+    }
+
+    i = BN_num_bits(order);
+    /*
+     * Need to truncate digest if it is too long: first truncate whole bytes
+     */
+    if (8 * dgst_len > i)
+        dgst_len = (i + 7) / 8;
+
+    if (!BN_bin2bn(dgst, dgst_len, m)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /* If still too long truncate remaining bits with a shift */
+    if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /* copy the truncated bits into plain buffer */
+    if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
+        fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__,
+                __LINE__);
+        goto err;
+    }
+
+    ret = ECDSA_SIG_new();
+    if (!ret) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /* check if this is prime or binary EC request */
+    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+        NID_X9_62_prime_field) {
+        ec_crv = EC_PRIME;
+        /* get the generator point pair */
+        if (!EC_POINT_get_affine_coordinates_GFp
+            (group, EC_GROUP_get0_generator(group), x, y, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
+            goto err;
+        }
+
+        /* get the ECC curve parameters */
+        if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
+            goto err;
+        }
+    } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+               NID_X9_62_characteristic_two_field) {
+        ec_crv = EC_BINARY;
+        /* get the ECC curve parameters */
+        if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
+            goto err;
+        }
+
+        /* get the generator point pair */
+        if (!EC_POINT_get_affine_coordinates_GF2m(group,
+                                                  EC_GROUP_get0_generator
+                                                  (group), x, y, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
+            goto err;
+        }
+    } else {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    if (spcf_bn2bin(order, &r, &r_len)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (spcf_bn2bin(p, &q, &q_len)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    priv_key_len = r_len;
+
+        /**
+         * If BN_num_bytes of priv_key returns less then r_len then
+         * add padding bytes before the key
+         */
+    if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Generation of ECC curve parameters */
+    ab_len = 2 * q_len;
+    ab = eng_copy_curve_points(a, b, ab_len, q_len);
+    if (!ab) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (ec_crv == EC_BINARY) {
+        if (eng_ec_get_cparam
+            (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
+            unsigned char *c_temp = NULL;
+            int c_temp_len = q_len;
+            if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
+                memcpy(ab + q_len, c_temp, q_len);
+            else
+                goto err;
+        }
+        kop.curve_type = ECC_BINARY;
+    }
+
+    /* Calculation of Generator point */
+    g_len = 2 * q_len;
+    g_xy = eng_copy_curve_points(x, y, g_len, q_len);
+    if (!g_xy) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Memory allocation for first part of digital signature */
+    c = malloc(r_len);
+    if (!c) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    d_len = r_len;
+
+    /* Memory allocation for second part of digital signature */
+    d = malloc(d_len);
+    if (!d) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* memory for message representative */
+    f = malloc(r_len);
+    if (!f) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Add padding, since SEC expects hash to of size r_len */
+    memset(f, 0, r_len - dgst_len);
+
+    /* Skip leading bytes if dgst_len < r_len */
+    memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
+
+    dgst_len += r_len - dgst_len;
+    kop.crk_op = CRK_DSA_SIGN;
+    /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+    kop.crk_param[0].crp_p = f;
+    kop.crk_param[0].crp_nbits = dgst_len * 8;
+    kop.crk_param[1].crp_p = q;
+    kop.crk_param[1].crp_nbits = q_len * 8;
+    kop.crk_param[2].crp_p = r;
+    kop.crk_param[2].crp_nbits = r_len * 8;
+    kop.crk_param[3].crp_p = g_xy;
+    kop.crk_param[3].crp_nbits = g_len * 8;
+    kop.crk_param[4].crp_p = s;
+    kop.crk_param[4].crp_nbits = priv_key_len * 8;
+    kop.crk_param[5].crp_p = ab;
+    kop.crk_param[5].crp_nbits = ab_len * 8;
+    kop.crk_iparams = 6;
+    kop.crk_param[6].crp_p = c;
+    kop.crk_param[6].crp_nbits = d_len * 8;
+    kop.crk_param[7].crp_p = d;
+    kop.crk_param[7].crp_nbits = d_len * 8;
+    kop.crk_oparams = 2;
+
+    if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
+        /* Check if ret->r and s needs to allocated */
+        crparam2bn(&kop.crk_param[6], ret->r);
+        crparam2bn(&kop.crk_param[7], ret->s);
+    } else {
+        const ECDSA_METHOD *meth = ECDSA_OpenSSL();
+        ret = (meth->ecdsa_do_sign) (dgst, dgst_len, in_kinv, in_r, eckey);
+    }
+    kop.crk_param[0].crp_p = NULL;
+    zapparams(&kop);
+ err:
+    if (!ret) {
+        ECDSA_SIG_free(ret);
+        ret = NULL;
+    }
+    return ret;
+}
+
+static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
+                                  ECDSA_SIG *sig, EC_KEY *eckey)
+{
+    BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL;
+    BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
+    BN_CTX *ctx = NULL;
+    ECDSA_DATA *ecdsa = NULL;
+    unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy =
+        NULL;
+    unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
+    int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0;
+    int d_len = 0, ab_len = 0, ret = -1;
+    const EC_POINT *pub_key = NULL;
+    const BIGNUM *order = NULL;
+    const EC_GROUP *group = NULL;
+    ec_curve_t ec_crv = EC_PRIME;
+    struct crypt_kop kop;
+
+    memset(&kop, 0, sizeof kop);
+    ecdsa = ecdsa_check(eckey);
+    if (!ecdsa) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
+        return ret;
+    }
+
+    group = EC_KEY_get0_group(eckey);
+    pub_key = EC_KEY_get0_public_key(eckey);
+
+    if (!group || !pub_key) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
+        return ret;
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
+        (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
+        (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
+        (y = BN_new()) == NULL || (w_x = BN_new()) == NULL ||
+        (w_y = BN_new()) == NULL) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    order = &group->order;
+    if (!order || BN_is_zero(order)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
+        goto err;
+    }
+
+    i = BN_num_bits(order);
+    /*
+     * Need to truncate digest if it is too long: first truncate whole *
+     * bytes
+     */
+    if (8 * dgst_len > i)
+        dgst_len = (i + 7) / 8;
+
+    if (!BN_bin2bn(dgst, dgst_len, m)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /* If still too long truncate remaining bits with a shift */
+    if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+        goto err;
+    }
+    /* copy the truncated bits into plain buffer */
+    if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* check if this is prime or binary EC request */
+    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+        NID_X9_62_prime_field) {
+        ec_crv = EC_PRIME;
+
+        /* get the generator point pair */
+        if (!EC_POINT_get_affine_coordinates_GFp(group,
+                                                 EC_GROUP_get0_generator
+                                                 (group), x, y, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+            goto err;
+        }
+
+        /* get the public key pair for prime curve */
+        if (!EC_POINT_get_affine_coordinates_GFp(group,
+                                                 pub_key, w_x, w_y, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+            goto err;
+        }
+
+        /* get the ECC curve parameters */
+        if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+            goto err;
+        }
+    } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+               NID_X9_62_characteristic_two_field) {
+        ec_crv = EC_BINARY;
+        /* get the ECC curve parameters */
+        if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+            goto err;
+        }
+
+        /* get the generator point pair */
+        if (!EC_POINT_get_affine_coordinates_GF2m(group,
+                                                  EC_GROUP_get0_generator
+                                                  (group), x, y, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+            goto err;
+        }
+
+        /* get the public key pair for binary curve */
+        if (!EC_POINT_get_affine_coordinates_GF2m(group,
+                                                  pub_key, w_x, w_y, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+            goto err;
+        }
+    } else {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    /* Get the order of the subgroup of private keys */
+    if (spcf_bn2bin((BIGNUM *)order, &r, &r_len)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Get the irreducible polynomial that creates the field */
+    if (spcf_bn2bin(p, &q, &q_len)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Get the public key into a flat buffer with appropriate padding */
+    pub_key_len = 2 * q_len;
+
+    w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len);
+    if (!w_xy) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Generation of ECC curve parameters */
+    ab_len = 2 * q_len;
+
+    ab = eng_copy_curve_points(a, b, ab_len, q_len);
+    if (!ab) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (ec_crv == EC_BINARY) {
+        /* copy b' i.e c(b), instead of only b */
+        if (eng_ec_get_cparam
+            (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
+            unsigned char *c_temp = NULL;
+            int c_temp_len = q_len;
+            if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
+                memcpy(ab + q_len, c_temp, q_len);
+            else
+                goto err;
+        }
+        kop.curve_type = ECC_BINARY;
+    }
+
+    /* Calculation of Generator point */
+    g_len = 2 * q_len;
+
+    g_xy = eng_copy_curve_points(x, y, g_len, q_len);
+    if (!g_xy) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+        /**
+         * Get the 1st part of signature into a flat buffer with
+         * appropriate padding
+         */
+    if (BN_num_bytes(sig->r) < r_len)
+        c_len = r_len;
+
+    if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+        /**
+         * Get the 2nd part of signature into a flat buffer with
+         * appropriate padding
+         */
+    if (BN_num_bytes(sig->s) < r_len)
+        d_len = r_len;
+
+    if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* memory for message representative */
+    f = malloc(r_len);
+    if (!f) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Add padding, since SEC expects hash to of size r_len */
+    memset(f, 0, r_len - dgst_len);
+
+    /* Skip leading bytes if dgst_len < r_len */
+    memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
+    dgst_len += r_len - dgst_len;
+    kop.crk_op = CRK_DSA_VERIFY;
+    /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+    kop.crk_param[0].crp_p = f;
+    kop.crk_param[0].crp_nbits = dgst_len * 8;
+    kop.crk_param[1].crp_p = q;
+    kop.crk_param[1].crp_nbits = q_len * 8;
+    kop.crk_param[2].crp_p = r;
+    kop.crk_param[2].crp_nbits = r_len * 8;
+    kop.crk_param[3].crp_p = g_xy;
+    kop.crk_param[3].crp_nbits = g_len * 8;
+    kop.crk_param[4].crp_p = w_xy;
+    kop.crk_param[4].crp_nbits = pub_key_len * 8;
+    kop.crk_param[5].crp_p = ab;
+    kop.crk_param[5].crp_nbits = ab_len * 8;
+    kop.crk_param[6].crp_p = c;
+    kop.crk_param[6].crp_nbits = d_len * 8;
+    kop.crk_param[7].crp_p = d;
+    kop.crk_param[7].crp_nbits = d_len * 8;
+    kop.crk_iparams = 8;
+
+    if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
+        /*
+         * OCF success value is 0, if not zero, change ret to fail
+         */
+        if (0 == kop.crk_status)
+            ret = 1;
+    } else {
+        const ECDSA_METHOD *meth = ECDSA_OpenSSL();
+
+        ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey);
+    }
+    kop.crk_param[0].crp_p = NULL;
+    zapparams(&kop);
+
+ err:
+    return ret;
+}
+
+static int cryptodev_dh_keygen(DH *dh)
+{
+    struct crypt_kop kop;
+    int ret = 1, g_len;
+    unsigned char *g = NULL;
+
+    if (dh->priv_key == NULL) {
+        if ((dh->priv_key = BN_new()) == NULL)
+            goto sw_try;
+    }
+
+    if (dh->pub_key == NULL) {
+        if ((dh->pub_key = BN_new()) == NULL)
+            goto sw_try;
+    }
+
+    g_len = BN_num_bytes(dh->p);
+        /**
+         * Get generator into a plain buffer. If length is less than
+         * q_len then add leading padding bytes.
+         */
+    if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
+        DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
+        goto sw_try;
+    }
+
+    memset(&kop, 0, sizeof kop);
+    kop.crk_op = CRK_DH_GENERATE_KEY;
+    if (bn2crparam(dh->p, &kop.crk_param[0]))
+        goto sw_try;
+    if (bn2crparam(dh->q, &kop.crk_param[1]))
+        goto sw_try;
+    kop.crk_param[2].crp_p = g;
+    kop.crk_param[2].crp_nbits = g_len * 8;
+    kop.crk_iparams = 3;
+
+    /* pub_key is or prime length while priv key is of length of order */
+    if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
+                       BN_num_bytes(dh->q), dh->priv_key))
+        goto sw_try;
+
+    return ret;
+ sw_try:
+    {
+        const DH_METHOD *meth = DH_OpenSSL();
+        ret = (meth->generate_key) (dh);
+    }
+    return ret;
+ }
+ 
+ static int
+@@ -1597,41 +2418,236 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+ {
+     struct crypt_kop kop;
+     int dhret = 1;
+-    int fd, keylen;
+    int fd, p_len;
+    BIGNUM *temp = NULL;
+    unsigned char *padded_pub_key = NULL, *p = NULL;
+
+    if ((fd = get_asym_dev_crypto()) < 0)
+        goto sw_try;
+
+    memset(&kop, 0, sizeof kop);
+    kop.crk_op = CRK_DH_COMPUTE_KEY;
+    /* inputs: dh->priv_key pub_key dh->p key */
+    spcf_bn2bin(dh->p, &p, &p_len);
+    spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
+    if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
+        goto sw_try;
+
+    kop.crk_param[1].crp_p = padded_pub_key;
+    kop.crk_param[1].crp_nbits = p_len * 8;
+    kop.crk_param[2].crp_p = p;
+    kop.crk_param[2].crp_nbits = p_len * 8;
+    kop.crk_iparams = 3;
+    kop.crk_param[3].crp_p = (void *)key;
+    kop.crk_param[3].crp_nbits = p_len * 8;
+    kop.crk_oparams = 1;
+    dhret = p_len;
+
+    if (ioctl(fd, CIOCKEY, &kop))
+        goto sw_try;
+
+    if ((temp = BN_new())) {
+        if (!BN_bin2bn(key, p_len, temp)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+            goto sw_try;
+        }
+        if (dhret > BN_num_bytes(temp))
+            dhret = BN_bn2bin(temp, key);
+        BN_free(temp);
+    }
+ 
+-    if ((fd = get_asym_dev_crypto()) < 0) {
+    kop.crk_param[3].crp_p = NULL;
+    zapparams(&kop);
+    return (dhret);
+ sw_try:
+    {
+         const DH_METHOD *meth = DH_OpenSSL();
+ 
+-        return ((meth->compute_key) (key, pub_key, dh));
+        dhret = (meth->compute_key) (key, pub_key, dh);
+     }
+    return (dhret);
+}
+ 
+-    keylen = BN_num_bits(dh->p);
+int cryptodev_ecdh_compute_key(void *out, size_t outlen,
+                               const EC_POINT *pub_key, EC_KEY *ecdh,
+                               void *(*KDF) (const void *in, size_t inlen,
+                                             void *out, size_t *outlen))
+{
+    ec_curve_t ec_crv = EC_PRIME;
+    unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
+    BIGNUM *w_x = NULL, *w_y = NULL;
+    int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
+    BIGNUM *p = NULL, *a = NULL, *b = NULL;
+    BN_CTX *ctx;
+    EC_POINT *tmp = NULL;
+    BIGNUM *x = NULL, *y = NULL;
+    const BIGNUM *priv_key;
+    const EC_GROUP *group = NULL;
+    int ret = -1;
+    size_t buflen, len;
+    struct crypt_kop kop;
+ 
+     memset(&kop, 0, sizeof kop);
+-    kop.crk_op = CRK_DH_COMPUTE_KEY;
+ 
+-    /* inputs: dh->priv_key pub_key dh->p key */
+-    if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
+    if ((ctx = BN_CTX_new()) == NULL)
+         goto err;
+-    if (bn2crparam(pub_key, &kop.crk_param[1]))
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    p = BN_CTX_get(ctx);
+    a = BN_CTX_get(ctx);
+    b = BN_CTX_get(ctx);
+    w_x = BN_CTX_get(ctx);
+    w_y = BN_CTX_get(ctx);
+
+    if (!x || !y || !p || !a || !b || !w_x || !w_y) {
+        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+         goto err;
+-    if (bn2crparam(dh->p, &kop.crk_param[2]))
+    }
+
+    priv_key = EC_KEY_get0_private_key(ecdh);
+    if (priv_key == NULL) {
+        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE);
+         goto err;
+-    kop.crk_iparams = 3;
+    }
+ 
+-    kop.crk_param[3].crp_p = (caddr_t) key;
+-    kop.crk_param[3].crp_nbits = keylen * 8;
+-    kop.crk_oparams = 1;
+    group = EC_KEY_get0_group(ecdh);
+    if ((tmp = EC_POINT_new(group)) == NULL) {
+        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+ 
+-    if (ioctl(fd, CIOCKEY, &kop) == -1) {
+-        const DH_METHOD *meth = DH_OpenSSL();
+    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+        NID_X9_62_prime_field) {
+        ec_crv = EC_PRIME;
+ 
+-        dhret = (meth->compute_key) (key, pub_key, dh);
+        if (!EC_POINT_get_affine_coordinates_GFp(group,
+                                                 EC_GROUP_get0_generator
+                                                 (group), x, y, ctx)) {
+            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
+            goto err;
+        }
+
+        /* get the ECC curve parameters */
+        if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
+            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
+            goto err;
+        }
+
+        /* get the public key pair for prime curve */
+        if (!EC_POINT_get_affine_coordinates_GFp
+            (group, pub_key, w_x, w_y, ctx)) {
+            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
+            goto err;
+        }
+    } else {
+        ec_crv = EC_BINARY;
+
+        if (!EC_POINT_get_affine_coordinates_GF2m(group,
+                                                  EC_GROUP_get0_generator
+                                                  (group), x, y, ctx)) {
+            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
+            goto err;
+        }
+
+        /* get the ECC curve parameters */
+        if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
+            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
+            goto err;
+        }
+
+        /* get the public key pair for binary curve */
+        if (!EC_POINT_get_affine_coordinates_GF2m(group,
+                                                  pub_key, w_x, w_y, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+
+    /* irreducible polynomial that creates the field */
+    if (spcf_bn2bin((BIGNUM *)&group->order, &r, &r_len)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Get the irreducible polynomial that creates the field */
+    if (spcf_bn2bin(p, &q, &q_len)) {
+        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /* Get the public key into a flat buffer with appropriate padding */
+    pub_key_len = 2 * q_len;
+    w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len);
+    if (!w_xy) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Generation of ECC curve parameters */
+    ab_len = 2 * q_len;
+    ab = eng_copy_curve_points(a, b, ab_len, q_len);
+    if (!ab) {
+        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    if (ec_crv == EC_BINARY) {
+        /* copy b' i.e c(b), instead of only b */
+        if (eng_ec_get_cparam
+            (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
+            unsigned char *c_temp = NULL;
+            int c_temp_len = q_len;
+            if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
+                memcpy(ab + q_len, c_temp, q_len);
+            else
+                goto err;
+        }
+        kop.curve_type = ECC_BINARY;
+    } else
+        kop.curve_type = ECC_PRIME;
+
+    priv_key_len = r_len;
+
+    /*
+     * If BN_num_bytes of priv_key returns less then r_len then
+     * add padding bytes before the key
+     */
+    if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    buflen = (EC_GROUP_get_degree(group) + 7) / 8;
+    len = BN_num_bytes(x);
+    if (len > buflen || q_len < buflen) {
+        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
+        goto err;
+     }
+
+    kop.crk_op = CRK_DH_COMPUTE_KEY;
+    kop.crk_param[0].crp_p = (void *)s;
+    kop.crk_param[0].crp_nbits = priv_key_len * 8;
+    kop.crk_param[1].crp_p = (void *)w_xy;
+    kop.crk_param[1].crp_nbits = pub_key_len * 8;
+    kop.crk_param[2].crp_p = (void *)q;
+    kop.crk_param[2].crp_nbits = q_len * 8;
+    kop.crk_param[3].crp_p = (void *)ab;
+    kop.crk_param[3].crp_nbits = ab_len * 8;
+    kop.crk_iparams = 4;
+    kop.crk_param[4].crp_p = (void *)out;
+    kop.crk_param[4].crp_nbits = q_len * 8;
+    kop.crk_oparams = 1;
+    ret = q_len;
+    if (cryptodev_asym(&kop, 0, NULL, 0, NULL)) {
+        const ECDH_METHOD *meth = ECDH_OpenSSL();
+        ret = (meth->compute_key) (out, outlen, pub_key, ecdh, KDF);
+    } else
+        ret = q_len;
+  err:
+-    kop.crk_param[3].crp_p = NULL;
+    kop.crk_param[4].crp_p = NULL;
+     zapparams(&kop);
+-    return (dhret);
+    return ret;
+ }
+ 
+ static DH_METHOD cryptodev_dh = {
+@@ -1645,6 +2661,14 @@ static DH_METHOD cryptodev_dh = {
+     NULL                        /* app_data */
+ };
+ 
+static ECDH_METHOD cryptodev_ecdh = {
+    "cryptodev ECDH method",
+    NULL,                       /* cryptodev_ecdh_compute_key */
+    NULL,
+    0,                          /* flags */
+    NULL                        /* app_data */
+};
+
+ /*
+  * ctrl right now is just a wrapper that doesn't do much
+  * but I expect we'll want some options soon.
+@@ -1724,24 +2748,39 @@ void ENGINE_load_cryptodev(void)
+         memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
+         if (cryptodev_asymfeat & CRF_DSA_SIGN)
+             cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
+-        if (cryptodev_asymfeat & CRF_MOD_EXP) {
+-            cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
+-            cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
+-        }
+         if (cryptodev_asymfeat & CRF_DSA_VERIFY)
+             cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
+        if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY)
+            cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen;
+     }
+ 
+     if (ENGINE_set_DH(engine, &cryptodev_dh)) {
+         const DH_METHOD *dh_meth = DH_OpenSSL();
+        memcpy(&cryptodev_dh, dh_meth, sizeof(DH_METHOD));
+        if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
+            cryptodev_dh.compute_key = cryptodev_dh_compute_key;
+        }
+        if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) {
+            cryptodev_dh.generate_key = cryptodev_dh_keygen;
+        }
+    }
+ 
+-        cryptodev_dh.generate_key = dh_meth->generate_key;
+-        cryptodev_dh.compute_key = dh_meth->compute_key;
+-        cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
+-        if (cryptodev_asymfeat & CRF_MOD_EXP) {
+-            cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
+-            if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
+-                cryptodev_dh.compute_key = cryptodev_dh_compute_key;
+    if (ENGINE_set_ECDSA(engine, &cryptodev_ecdsa)) {
+        const ECDSA_METHOD *meth = ECDSA_OpenSSL();
+        memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD));
+        if (cryptodev_asymfeat & CRF_DSA_SIGN) {
+            cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign;
+        }
+        if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
+            cryptodev_ecdsa.ecdsa_do_verify = cryptodev_ecdsa_verify;
+        }
+    }
+
+    if (ENGINE_set_ECDH(engine, &cryptodev_ecdh)) {
+        const ECDH_METHOD *ecdh_meth = ECDH_OpenSSL();
+        memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD));
+        if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
+            cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key;
+         }
+     }
+ 
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch
new file mode 100644
index 000000000..61469dcf3
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch
@@ -0,0 +1,28 @@
+From c3b1f595607fe4e431dab12b7d8ceda6742547d5 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Tue, 11 Mar 2014 06:42:59 +0545
+Subject: [PATCH 06/48] Added hwrng dev file as source of RNG
+Upstream-status: Pending
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ e_os.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/e_os.h b/e_os.h
+index 1fa36c1..6c0917b 100644
+--- a/e_os.h
+++ b/e_os.h
+@@ -82,7 +82,7 @@ extern "C" {
+  * set this to a comma-separated list of 'random' device files to try out. My
+  * default, we will try to read at least one of these files
+  */
+-#  define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
+#  define DEVRANDOM "/dev/hwrng","/dev/urandom","/dev/random","/dev/srandom"
+ # endif
+ # ifndef DEVRANDOM_EGD
+ /*
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Fixed-private-key-support-for-DH.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Fixed-private-key-support-for-DH.patch
deleted file mode 100644
index 01c268b6f..000000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Fixed-private-key-support-for-DH.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 39a9e609290a8a1163a721915bcde0c7cf8f92f7 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta@freescale.com>
-Date: Tue, 11 Mar 2014 05:57:47 +0545
-Subject: [PATCH 06/26] Fixed private key support for DH
-Upstream-status: Pending
-Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
---
- crypto/dh/dh_ameth.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
-index 02ec2d4..ed32004 100644
--- a/crypto/dh/dh_ameth.c
-+++ b/crypto/dh/dh_ameth.c
-@@ -422,6 +422,13 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
-        if (to->pkey.dh->g != NULL)
-                BN_free(to->pkey.dh->g);
-        to->pkey.dh->g=a;
-+       if ((a=BN_dup(from->pkey.dh->q)) != NULL) {
-+               if (to->pkey.dh->q != NULL)
-+                       BN_free(to->pkey.dh->q);
-+               to->pkey.dh->q=a;
-+       }
-+
-+       to->pkey.dh->length = from->pkey.dh->length;
- 
-        return 1;
-        }
-- 
-2.3.5
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
new file mode 100644
index 000000000..192cd1842
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
@@ -0,0 +1,2050 @@
+From 45cfc01ade9eeb43fdb5950d3db152cae1b41059 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Tue, 11 Mar 2014 07:14:30 +0545
+Subject: [PATCH 07/48] Asynchronous interface added for PKC cryptodev
+ interface
+Upstream-status: Pending
+Change-Id: Ia8974f793dc18a959ed6798dcdd7d3fad81cb7da
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ crypto/crypto.h               |   16 +
+ crypto/dh/dh.h                |    3 +
+ crypto/dsa/dsa.h              |    5 +
+ crypto/ecdh/ech_locl.h        |    3 +
+ crypto/ecdsa/ecs_locl.h       |    5 +
+ crypto/engine/eng_cryptodev.c | 1598 +++++++++++++++++++++++++++++++++++++----
+ crypto/engine/eng_int.h       |   23 +
+ crypto/engine/eng_lib.c       |   46 ++
+ crypto/engine/engine.h        |   24 +
+ crypto/rsa/rsa.h              |   23 +
+ 10 files changed, 1605 insertions(+), 141 deletions(-)
+diff --git a/crypto/crypto.h b/crypto/crypto.h
+index 6c644ce..2b4ec59 100644
+--- a/crypto/crypto.h
+++ b/crypto/crypto.h
+@@ -655,6 +655,22 @@ void ERR_load_CRYPTO_strings(void);
+ # define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED                 101
+ # define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK              100
+ 
+/* Additions for Asynchronous PKC Infrastructure */
+struct pkc_cookie_s {
+       void *cookie; /* To be filled by openssl library primitive method function caller */
+       void *eng_cookie; /* To be filled by Engine */
+        /*
+          * Callback handler to be provided by caller. Ensure to pass a
+          * handler which takes the crypto operation to completion.
+          * cookie: Container cookie from library
+          * status: Status of the crypto Job completion.
+          *            0: Job handled without any issue
+          *            -EINVAL: Parameters Invalid
+          */
+       void (*pkc_callback)(struct pkc_cookie_s *cookie, int status);
+       void *eng_handle;
+};
+
+ #ifdef  __cplusplus
+ }
+ #endif
+diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
+index a5bd901..31dd762 100644
+--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
+@@ -123,6 +123,9 @@ struct dh_method {
+     int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a,
+                        const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                        BN_MONT_CTX *m_ctx);
+       int (*compute_key_async)(unsigned char *key,const BIGNUM *pub_key,DH *dh,
+                               struct pkc_cookie_s *cookie);
+       int (*generate_key_async)(DH *dh, struct pkc_cookie_s *cookie);
+     int (*init) (DH *dh);
+     int (*finish) (DH *dh);
+     int flags;
+diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
+index 545358f..8584731 100644
+--- a/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
+@@ -139,6 +139,10 @@ struct dsa_method {
+     /* Can be null */
+     int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+       int (*dsa_do_sign_async)(const unsigned char *dgst, int dlen, DSA *dsa,
+                               DSA_SIG *sig, struct pkc_cookie_s *cookie);
+       int (*dsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
+                            DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie);
+     int (*init) (DSA *dsa);
+     int (*finish) (DSA *dsa);
+     int flags;
+@@ -150,6 +154,7 @@ struct dsa_method {
+                          BN_GENCB *cb);
+     /* If this is non-NULL, it is used to generate DSA keys */
+     int (*dsa_keygen) (DSA *dsa);
+       int (*dsa_keygen_async)(DSA *dsa, struct pkc_cookie_s *cookie);
+ };
+ 
+ struct dsa_st {
+diff --git a/crypto/ecdh/ech_locl.h b/crypto/ecdh/ech_locl.h
+index 4e66024..502507b 100644
+--- a/crypto/ecdh/ech_locl.h
+++ b/crypto/ecdh/ech_locl.h
+@@ -68,6 +68,9 @@ struct ecdh_method {
+                         EC_KEY *ecdh, void *(*KDF) (const void *in,
+                                                     size_t inlen, void *out,
+                                                     size_t *outlen));
+    int (*compute_key_async)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
+                          void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen),
+                          struct pkc_cookie_s *cookie);
+ # if 0
+     int (*init) (EC_KEY *eckey);
+     int (*finish) (EC_KEY *eckey);
+diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h
+index d3a5efc..9b28c04 100644
+--- a/crypto/ecdsa/ecs_locl.h
+++ b/crypto/ecdsa/ecs_locl.h
+@@ -74,6 +74,11 @@ struct ecdsa_method {
+                              BIGNUM **r);
+     int (*ecdsa_do_verify) (const unsigned char *dgst, int dgst_len,
+                             const ECDSA_SIG *sig, EC_KEY *eckey);
+        int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len,
+                       const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey,
+                       ECDSA_SIG *sig, struct pkc_cookie_s *cookie);
+       int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
+                       const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie);
+ # if 0
+     int (*init) (EC_KEY *eckey);
+     int (*finish) (EC_KEY *eckey);
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 0b41bb2..8303630 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -1367,6 +1367,60 @@ static void zapparams(struct crypt_kop *kop)
+     }
+ }
+ 
+/*
+ * Any PKC request has at max 2 output parameters and they are stored here to
+ * be used while copying in the check availability
+ */
+struct cryptodev_cookie_s {
+    BIGNUM *r;
+    struct crparam r_param;
+    BIGNUM *s;
+    struct crparam s_param;
+    struct crypt_kop *kop;
+};
+
+static int
+cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+                     BIGNUM *s)
+{
+    int fd;
+    struct pkc_cookie_s *cookie = kop->cookie;
+    struct cryptodev_cookie_s *eng_cookie;
+
+    fd = *(int *)cookie->eng_handle;
+
+    eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
+
+    if (eng_cookie) {
+        memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
+        if (r) {
+            kop->crk_param[kop->crk_iparams].crp_p =
+                calloc(rlen, sizeof(char));
+            if (!kop->crk_param[kop->crk_iparams].crp_p)
+                return -ENOMEM;
+            kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
+            kop->crk_oparams++;
+            eng_cookie->r = r;
+            eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
+        }
+        if (s) {
+            kop->crk_param[kop->crk_iparams + 1].crp_p =
+                calloc(slen, sizeof(char));
+            if (!kop->crk_param[kop->crk_iparams + 1].crp_p)
+                return -ENOMEM;
+            kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
+            kop->crk_oparams++;
+            eng_cookie->s = s;
+            eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
+        }
+    } else
+        return -ENOMEM;
+
+    eng_cookie->kop = kop;
+    cookie->eng_cookie = eng_cookie;
+    return ioctl(fd, CIOCASYMASYNCRYPT, kop);
+}
+
+ static int
+ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+                BIGNUM *s)
+@@ -1425,6 +1479,44 @@ void *cryptodev_init_instance(void)
+     return fd;
+ }
+ 
+# include <poll.h>
+
+/* Return 0 on success and 1 on failure */
+int cryptodev_check_availability(void *eng_handle)
+{
+    int fd = *(int *)eng_handle;
+    struct pkc_cookie_list_s cookie_list;
+    struct pkc_cookie_s *cookie;
+    int i;
+
+    /* FETCH COOKIE returns number of cookies extracted */
+    if (ioctl(fd, CIOCASYMFETCHCOOKIE, &cookie_list) <= 0)
+        return 1;
+
+    for (i = 0; i < cookie_list.cookie_available; i++) {
+        cookie = cookie_list.cookie[i];
+        if (cookie) {
+            struct cryptodev_cookie_s *eng_cookie = cookie->eng_cookie;
+            if (eng_cookie) {
+                struct crypt_kop *kop = eng_cookie->kop;
+
+                if (eng_cookie->r)
+                    crparam2bn(&eng_cookie->r_param, eng_cookie->r);
+                if (eng_cookie->s)
+                    crparam2bn(&eng_cookie->s_param, eng_cookie->s);
+                if (kop->crk_op == CRK_DH_COMPUTE_KEY)
+                    kop->crk_oparams = 0;
+
+                zapparams(eng_cookie->kop);
+                free(eng_cookie->kop);
+                free(eng_cookie);
+            }
+            cookie->pkc_callback(cookie, cookie_list.status[i]);
+        }
+    }
+    return 0;
+}
+
+ static int
+ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                      const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+@@ -1472,6 +1564,66 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ }
+ 
+ static int
+cryptodev_bn_mod_exp_async(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                           const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont,
+                           struct pkc_cookie_s *cookie)
+{
+    struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
+    int ret = 1;
+
+    /*
+     * Currently, we know we can do mod exp iff we can do any asymmetric
+     * operations at all.
+     */
+    if (cryptodev_asymfeat == 0 || !kop) {
+        ret = BN_mod_exp(r, a, p, m, ctx);
+        return (ret);
+    }
+
+    kop->crk_oparams = 0;
+    kop->crk_status = 0;
+    kop->crk_op = CRK_MOD_EXP;
+    kop->cookie = cookie;
+    /* inputs: a^p % m */
+    if (bn2crparam(a, &kop->crk_param[0]))
+        goto err;
+    if (bn2crparam(p, &kop->crk_param[1]))
+        goto err;
+    if (bn2crparam(m, &kop->crk_param[2]))
+        goto err;
+
+    kop->crk_iparams = 3;
+    if (cryptodev_asym_async(kop, BN_num_bytes(m), r, 0, NULL))
+        goto err;
+
+    return ret;
+ err:
+    {
+        const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+
+        if (kop)
+            free(kop);
+        ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
+        if (ret)
+            /* Call the completion handler immediately */
+            cookie->pkc_callback(cookie, 0);
+    }
+    return ret;
+}
+
+static int
+cryptodev_rsa_nocrt_mod_exp_async(BIGNUM *r0, const BIGNUM *I,
+                                  RSA *rsa, BN_CTX *ctx,
+                                  struct pkc_cookie_s *cookie)
+{
+    int r;
+    ctx = BN_CTX_new();
+    r = cryptodev_bn_mod_exp_async(r0, I, rsa->d, rsa->n, ctx, NULL, cookie);
+    BN_CTX_free(ctx);
+    return r;
+}
+
+static int
+ cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+                             BN_CTX *ctx)
+ {
+@@ -1538,6 +1690,63 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+     return (ret);
+ }
+ 
+static int
+cryptodev_rsa_mod_exp_async(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+                            BN_CTX *ctx, struct pkc_cookie_s *cookie)
+{
+    struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
+    int ret = 1, f_len, p_len, q_len;
+    unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq =
+        NULL, *c = NULL;
+
+    if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp || !kop) {
+        return (0);
+    }
+
+    kop->crk_oparams = 0;
+    kop->crk_status = 0;
+    kop->crk_op = CRK_MOD_EXP_CRT;
+    f_len = BN_num_bytes(rsa->n);
+    spcf_bn2bin_ex(I, &f, &f_len);
+    spcf_bn2bin(rsa->p, &p, &p_len);
+    spcf_bn2bin(rsa->q, &q, &q_len);
+    spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
+    spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
+    spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
+    /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
+    kop->crk_param[0].crp_p = p;
+    kop->crk_param[0].crp_nbits = p_len * 8;
+    kop->crk_param[1].crp_p = q;
+    kop->crk_param[1].crp_nbits = q_len * 8;
+    kop->crk_param[2].crp_p = f;
+    kop->crk_param[2].crp_nbits = f_len * 8;
+    kop->crk_param[3].crp_p = dp;
+    kop->crk_param[3].crp_nbits = p_len * 8;
+    /* dq must of length q, rest all of length p */
+    kop->crk_param[4].crp_p = dq;
+    kop->crk_param[4].crp_nbits = q_len * 8;
+    kop->crk_param[5].crp_p = c;
+    kop->crk_param[5].crp_nbits = p_len * 8;
+    kop->crk_iparams = 6;
+    kop->cookie = cookie;
+    if (cryptodev_asym_async(kop, BN_num_bytes(rsa->n), r0, 0, NULL))
+        goto err;
+
+    return ret;
+ err:
+    {
+        const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+
+        if (kop)
+            free(kop);
+        ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
+        if (ret)
+            /* Call user completion handler immediately */
+            cookie->pkc_callback(cookie, 0);
+    }
+    return (ret);
+}
+
+ static RSA_METHOD cryptodev_rsa = {
+     "cryptodev RSA method",
+     NULL,                       /* rsa_pub_enc */
+@@ -1546,6 +1755,12 @@ static RSA_METHOD cryptodev_rsa = {
+     NULL,                       /* rsa_priv_dec */
+     NULL,
+     NULL,
+    NULL,                       /* rsa_pub_enc */
+    NULL,                       /* rsa_pub_dec */
+    NULL,                       /* rsa_priv_enc */
+    NULL,                       /* rsa_priv_dec */
+    NULL,
+    NULL,
+     NULL,                       /* init */
+     NULL,                       /* finish */
+     0,                          /* flags */
+@@ -1846,128 +2061,428 @@ static int cryptodev_dsa_keygen(DSA *dsa)
+     return ret;
+ }
+ 
+-static DSA_METHOD cryptodev_dsa = {
+-    "cryptodev DSA method",
+-    NULL,
+-    NULL,                       /* dsa_sign_setup */
+-    NULL,
+-    NULL,                       /* dsa_mod_exp */
+-    NULL,
+-    NULL,                       /* init */
+-    NULL,                       /* finish */
+-    0,                          /* flags */
+-    NULL                        /* app_data */
+-};
+/* Cryptodev DSA Key Gen routine */
+static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie)
+{
+    struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
+    int ret = 1, g_len;
+    unsigned char *g = NULL;
+ 
+-static ECDSA_METHOD cryptodev_ecdsa = {
+-    "cryptodev ECDSA method",
+-    NULL,
+-    NULL,                       /* ecdsa_sign_setup */
+-    NULL,
+-    NULL,
+-    0,                          /* flags */
+-    NULL                        /* app_data */
+-};
+    if (!kop)
+        goto sw_try;
+ 
+-typedef enum ec_curve_s {
+-    EC_PRIME,
+-    EC_BINARY
+-} ec_curve_t;
+    if (dsa->priv_key == NULL) {
+        if ((dsa->priv_key = BN_new()) == NULL)
+            goto sw_try;
+    }
+ 
+-/* ENGINE handler for ECDSA Sign */
+-static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
+-                                          int dgst_len, const BIGNUM *in_kinv,
+-                                          const BIGNUM *in_r, EC_KEY *eckey)
+-{
+-    BIGNUM *m = NULL, *p = NULL, *a = NULL;
+-    BIGNUM *b = NULL, *x = NULL, *y = NULL;
+-    BN_CTX *ctx = NULL;
+-    ECDSA_SIG *ret = NULL;
+-    ECDSA_DATA *ecdsa = NULL;
+-    unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
+-    unsigned char *s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst =
+-        NULL;
+-    int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
+-    int g_len = 0, d_len = 0, ab_len = 0;
+-    const BIGNUM *order = NULL, *priv_key = NULL;
+-    const EC_GROUP *group = NULL;
+-    struct crypt_kop kop;
+-    ec_curve_t ec_crv = EC_PRIME;
+    if (dsa->pub_key == NULL) {
+        if ((dsa->pub_key = BN_new()) == NULL)
+            goto sw_try;
+    }
+ 
+-    memset(&kop, 0, sizeof(kop));
+-    ecdsa = ecdsa_check(eckey);
+-    if (!ecdsa) {
+-        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
+-        return NULL;
+    g_len = BN_num_bytes(dsa->p);
+        /**
+         * Get generator into a plain buffer. If length is less than
+         * q_len then add leading padding bytes.
+         */
+    if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
+        DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
+        goto sw_try;
+     }
+ 
+-    group = EC_KEY_get0_group(eckey);
+-    priv_key = EC_KEY_get0_private_key(eckey);
+    memset(kop, 0, sizeof(struct crypt_kop));
+    kop->crk_op = CRK_DSA_GENERATE_KEY;
+    if (bn2crparam(dsa->p, &kop->crk_param[0]))
+        goto sw_try;
+    if (bn2crparam(dsa->q, &kop->crk_param[1]))
+        goto sw_try;
+    kop->crk_param[2].crp_p = g;
+    kop->crk_param[2].crp_nbits = g_len * 8;
+    kop->crk_iparams = 3;
+    kop->cookie = cookie;
+ 
+-    if (!group || !priv_key) {
+-        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
+-        return NULL;
+    /* pub_key is or prime length while priv key is of length of order */
+    if (cryptodev_asym_async(kop, BN_num_bytes(dsa->p), dsa->pub_key,
+                             BN_num_bytes(dsa->q), dsa->priv_key))
+        goto sw_try;
+
+    return ret;
+ sw_try:
+    {
+        const DSA_METHOD *meth = DSA_OpenSSL();
+
+        if (kop)
+            free(kop);
+        ret = (meth->dsa_keygen) (dsa);
+        cookie->pkc_callback(cookie, 0);
+     }
+    return ret;
+}
+ 
+-    if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
+-        (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
+-        (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
+-        (y = BN_new()) == NULL) {
+-        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+static int
+cryptodev_dsa_do_sign_async(const unsigned char *dgst, int dlen, DSA *dsa,
+                            DSA_SIG *sig, struct pkc_cookie_s *cookie)
+{
+    struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
+    DSA_SIG *dsaret = NULL;
+    int q_len = 0, r_len = 0, g_len = 0;
+    int priv_key_len = 0, ret = 1;
+    unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f =
+        NULL;
+    if (((sig->r = BN_new()) == NULL) || !kop) {
+        DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+         goto err;
+     }
+ 
+-    order = &group->order;
+-    if (!order || BN_is_zero(order)) {
+-        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
+    if ((sig->s = BN_new()) == NULL) {
+        BN_free(sig->r);
+        DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+         goto err;
+     }
+ 
+-    i = BN_num_bits(order);
+-    /*
+-     * Need to truncate digest if it is too long: first truncate whole bytes
+-     */
+-    if (8 * dgst_len > i)
+-        dgst_len = (i + 7) / 8;
+-
+-    if (!BN_bin2bn(dgst, dgst_len, m)) {
+-        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+    if (spcf_bn2bin(dsa->p, &q, &q_len)) {
+        DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+         goto err;
+     }
+ 
+-    /* If still too long truncate remaining bits with a shift */
+-    if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
+-        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+    /* Get order of the field of private keys into plain buffer */
+    if (spcf_bn2bin(dsa->q, &r, &r_len)) {
+        DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+         goto err;
+     }
+ 
+-    /* copy the truncated bits into plain buffer */
+-    if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
+-        fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__,
+-                __LINE__);
+    /* sanity test */
+    if (dlen > r_len) {
+        DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+         goto err;
+     }
+ 
+-    ret = ECDSA_SIG_new();
+-    if (!ret) {
+-        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+    g_len = q_len;
+        /**
+         * Get generator into a plain buffer. If length is less than
+         * q_len then add leading padding bytes.
+         */
+    if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
+        DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+         goto err;
+     }
+ 
+-    /* check if this is prime or binary EC request */
+-    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+-        NID_X9_62_prime_field) {
+-        ec_crv = EC_PRIME;
+-        /* get the generator point pair */
+-        if (!EC_POINT_get_affine_coordinates_GFp
+-            (group, EC_GROUP_get0_generator(group), x, y, ctx)) {
+-            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
+-            goto err;
+-        }
+    priv_key_len = r_len;
+        /**
+         * Get private key into a plain buffer. If length is less than
+         * r_len then add leading padding bytes.
+         */
+    if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) {
+        DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+ 
+-        /* get the ECC curve parameters */
+-        if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
+-            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
+    /* Allocate memory to store hash. */
+    f = OPENSSL_malloc(r_len);
+    if (!f) {
+        DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Add padding, since SEC expects hash to of size r_len */
+    if (dlen < r_len)
+        memset(f, 0, r_len - dlen);
+
+    /* Skip leading bytes if dgst_len < r_len */
+    memcpy(f + r_len - dlen, dgst, dlen);
+
+    dlen = r_len;
+
+    memset(kop, 0, sizeof(struct crypt_kop));
+    kop->crk_op = CRK_DSA_SIGN;
+
+    /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+    kop->crk_param[0].crp_p = (void *)f;
+    kop->crk_param[0].crp_nbits = dlen * 8;
+    kop->crk_param[1].crp_p = (void *)q;
+    kop->crk_param[1].crp_nbits = q_len * 8;
+    kop->crk_param[2].crp_p = (void *)r;
+    kop->crk_param[2].crp_nbits = r_len * 8;
+    kop->crk_param[3].crp_p = (void *)g;
+    kop->crk_param[3].crp_nbits = g_len * 8;
+    kop->crk_param[4].crp_p = (void *)priv_key;
+    kop->crk_param[4].crp_nbits = priv_key_len * 8;
+    kop->crk_iparams = 5;
+    kop->cookie = cookie;
+
+    if (cryptodev_asym_async(kop, r_len, sig->r, r_len, sig->s))
+        goto err;
+
+    return ret;
+ err:
+    {
+        const DSA_METHOD *meth = DSA_OpenSSL();
+
+        if (kop)
+            free(kop);
+        BN_free(sig->r);
+        BN_free(sig->s);
+        dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);
+        sig->r = dsaret->r;
+        sig->s = dsaret->s;
+        /* Call user callback immediately */
+        cookie->pkc_callback(cookie, 0);
+        ret = dsaret;
+    }
+    return ret;
+}
+
+static int
+cryptodev_dsa_verify_async(const unsigned char *dgst, int dlen,
+                           DSA_SIG *sig, DSA *dsa,
+                           struct pkc_cookie_s *cookie)
+{
+    struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
+    int q_len = 0, r_len = 0, g_len = 0;
+    int w_len = 0, c_len = 0, d_len = 0, ret = 1;
+    unsigned char *q = NULL, *r = NULL, *w = NULL, *g = NULL;
+    unsigned char *c = NULL, *d = NULL, *f = NULL;
+
+    if (!kop)
+        goto err;
+
+    if (spcf_bn2bin(dsa->p, &q, &q_len)) {
+        DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        return ret;
+    }
+
+    /* Get Order of field of private keys */
+    if (spcf_bn2bin(dsa->q, &r, &r_len)) {
+        DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    g_len = q_len;
+        /**
+         * Get generator into a plain buffer. If length is less than
+         * q_len then add leading padding bytes.
+         */
+    if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
+        DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    w_len = q_len;
+        /**
+         * Get public key into a plain buffer. If length is less than
+         * q_len then add leading padding bytes.
+         */
+    if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) {
+        DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+        /**
+         * Get the 1st part of signature into a flat buffer with
+         * appropriate padding
+         */
+    c_len = r_len;
+
+    if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+        /**
+         * Get the 2nd part of signature into a flat buffer with
+         * appropriate padding
+         */
+    d_len = r_len;
+
+    if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Sanity test */
+    if (dlen > r_len) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Allocate memory to store hash. */
+    f = OPENSSL_malloc(r_len);
+    if (!f) {
+        DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Add padding, since SEC expects hash to of size r_len */
+    if (dlen < r_len)
+        memset(f, 0, r_len - dlen);
+
+    /* Skip leading bytes if dgst_len < r_len */
+    memcpy(f + r_len - dlen, dgst, dlen);
+
+    dlen = r_len;
+    memset(kop, 0, sizeof(struct crypt_kop));
+
+    /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
+    kop->crk_param[0].crp_p = (void *)f;
+    kop->crk_param[0].crp_nbits = dlen * 8;
+    kop->crk_param[1].crp_p = q;
+    kop->crk_param[1].crp_nbits = q_len * 8;
+    kop->crk_param[2].crp_p = r;
+    kop->crk_param[2].crp_nbits = r_len * 8;
+    kop->crk_param[3].crp_p = g;
+    kop->crk_param[3].crp_nbits = g_len * 8;
+    kop->crk_param[4].crp_p = w;
+    kop->crk_param[4].crp_nbits = w_len * 8;
+    kop->crk_param[5].crp_p = c;
+    kop->crk_param[5].crp_nbits = c_len * 8;
+    kop->crk_param[6].crp_p = d;
+    kop->crk_param[6].crp_nbits = d_len * 8;
+    kop->crk_iparams = 7;
+    kop->crk_op = CRK_DSA_VERIFY;
+    kop->cookie = cookie;
+    if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
+        goto err;
+
+    return ret;
+ err:
+    {
+        const DSA_METHOD *meth = DSA_OpenSSL();
+
+        if (kop)
+            free(kop);
+
+        ret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
+        cookie->pkc_callback(cookie, 0);
+    }
+    return ret;
+}
+
+static DSA_METHOD cryptodev_dsa = {
+    "cryptodev DSA method",
+    NULL,
+    NULL,                       /* dsa_sign_setup */
+    NULL,
+    NULL,                       /* dsa_mod_exp */
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,                       /* init */
+    NULL,                       /* finish */
+    0,                          /* flags */
+    NULL                        /* app_data */
+};
+
+static ECDSA_METHOD cryptodev_ecdsa = {
+    "cryptodev ECDSA method",
+    NULL,
+    NULL,                       /* ecdsa_sign_setup */
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    0,                          /* flags */
+    NULL                        /* app_data */
+};
+
+typedef enum ec_curve_s {
+    EC_PRIME,
+    EC_BINARY
+} ec_curve_t;
+
+/* ENGINE handler for ECDSA Sign */
+static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
+                                          int dgst_len, const BIGNUM *in_kinv,
+                                          const BIGNUM *in_r, EC_KEY *eckey)
+{
+    BIGNUM *m = NULL, *p = NULL, *a = NULL;
+    BIGNUM *b = NULL, *x = NULL, *y = NULL;
+    BN_CTX *ctx = NULL;
+    ECDSA_SIG *ret = NULL;
+    ECDSA_DATA *ecdsa = NULL;
+    unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
+    unsigned char *s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst =
+        NULL;
+    int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
+    int g_len = 0, d_len = 0, ab_len = 0;
+    const BIGNUM *order = NULL, *priv_key = NULL;
+    const EC_GROUP *group = NULL;
+    struct crypt_kop kop;
+    ec_curve_t ec_crv = EC_PRIME;
+
+    memset(&kop, 0, sizeof(kop));
+    ecdsa = ecdsa_check(eckey);
+    if (!ecdsa) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+
+    group = EC_KEY_get0_group(eckey);
+    priv_key = EC_KEY_get0_private_key(eckey);
+
+    if (!group || !priv_key) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
+        (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
+        (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
+        (y = BN_new()) == NULL) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    order = &group->order;
+    if (!order || BN_is_zero(order)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
+        goto err;
+    }
+
+    i = BN_num_bits(order);
+    /*
+     * Need to truncate digest if it is too long: first truncate whole bytes
+     */
+    if (8 * dgst_len > i)
+        dgst_len = (i + 7) / 8;
+
+    if (!BN_bin2bn(dgst, dgst_len, m)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /* If still too long truncate remaining bits with a shift */
+    if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /* copy the truncated bits into plain buffer */
+    if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
+        fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__,
+                __LINE__);
+        goto err;
+    }
+
+    ret = ECDSA_SIG_new();
+    if (!ret) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /* check if this is prime or binary EC request */
+    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+        NID_X9_62_prime_field) {
+        ec_crv = EC_PRIME;
+        /* get the generator point pair */
+        if (!EC_POINT_get_affine_coordinates_GFp
+            (group, EC_GROUP_get0_generator(group), x, y, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
+            goto err;
+        }
+
+        /* get the ECC curve parameters */
+        if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
+             goto err;
+         }
+     } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+@@ -2312,54 +2827,588 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
+         goto err;
+     }
+ 
+-    /* memory for message representative */
+-    f = malloc(r_len);
+-    if (!f) {
+-        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+-        goto err;
+    /* memory for message representative */
+    f = malloc(r_len);
+    if (!f) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Add padding, since SEC expects hash to of size r_len */
+    memset(f, 0, r_len - dgst_len);
+
+    /* Skip leading bytes if dgst_len < r_len */
+    memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
+    dgst_len += r_len - dgst_len;
+    kop.crk_op = CRK_DSA_VERIFY;
+    /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+    kop.crk_param[0].crp_p = f;
+    kop.crk_param[0].crp_nbits = dgst_len * 8;
+    kop.crk_param[1].crp_p = q;
+    kop.crk_param[1].crp_nbits = q_len * 8;
+    kop.crk_param[2].crp_p = r;
+    kop.crk_param[2].crp_nbits = r_len * 8;
+    kop.crk_param[3].crp_p = g_xy;
+    kop.crk_param[3].crp_nbits = g_len * 8;
+    kop.crk_param[4].crp_p = w_xy;
+    kop.crk_param[4].crp_nbits = pub_key_len * 8;
+    kop.crk_param[5].crp_p = ab;
+    kop.crk_param[5].crp_nbits = ab_len * 8;
+    kop.crk_param[6].crp_p = c;
+    kop.crk_param[6].crp_nbits = d_len * 8;
+    kop.crk_param[7].crp_p = d;
+    kop.crk_param[7].crp_nbits = d_len * 8;
+    kop.crk_iparams = 8;
+
+    if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
+        /*
+         * OCF success value is 0, if not zero, change ret to fail
+         */
+        if (0 == kop.crk_status)
+            ret = 1;
+    } else {
+        const ECDSA_METHOD *meth = ECDSA_OpenSSL();
+
+        ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey);
+    }
+    kop.crk_param[0].crp_p = NULL;
+    zapparams(&kop);
+
+ err:
+    return ret;
+}
+
+static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst,
+                                         int dgst_len, const BIGNUM *in_kinv,
+                                         const BIGNUM *in_r, EC_KEY *eckey,
+                                         ECDSA_SIG *sig,
+                                         struct pkc_cookie_s *cookie)
+{
+    BIGNUM *m = NULL, *p = NULL, *a = NULL;
+    BIGNUM *b = NULL, *x = NULL, *y = NULL;
+    BN_CTX *ctx = NULL;
+    ECDSA_SIG *sig_ret = NULL;
+    ECDSA_DATA *ecdsa = NULL;
+    unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
+    unsigned char *s = NULL, *f = NULL, *tmp_dgst = NULL;
+    int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
+    int g_len = 0, ab_len = 0, ret = 1;
+    const BIGNUM *order = NULL, *priv_key = NULL;
+    const EC_GROUP *group = NULL;
+    struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
+    ec_curve_t ec_crv = EC_PRIME;
+
+    if (!(sig->r = BN_new()) || !kop)
+        goto err;
+    if ((sig->s = BN_new()) == NULL) {
+        BN_free(r);
+        goto err;
+    }
+
+    memset(kop, 0, sizeof(struct crypt_kop));
+    ecdsa = ecdsa_check(eckey);
+    if (!ecdsa) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
+        goto err;
+    }
+
+    group = EC_KEY_get0_group(eckey);
+    priv_key = EC_KEY_get0_private_key(eckey);
+
+    if (!group || !priv_key) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
+        goto err;
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
+        (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
+        (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
+        (y = BN_new()) == NULL) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    order = &group->order;
+    if (!order || BN_is_zero(order)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
+        goto err;
+    }
+
+    i = BN_num_bits(order);
+    /*
+     * Need to truncate digest if it is too long: first truncate whole bytes
+     */
+    if (8 * dgst_len > i)
+        dgst_len = (i + 7) / 8;
+
+    if (!BN_bin2bn(dgst, dgst_len, m)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /* If still too long truncate remaining bits with a shift */
+    if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /* copy the truncated bits into plain buffer */
+    if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
+        fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__,
+                __LINE__);
+        goto err;
+    }
+
+    /* check if this is prime or binary EC request */
+    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group))
+        == NID_X9_62_prime_field) {
+        ec_crv = EC_PRIME;
+        /* get the generator point pair */
+        if (!EC_POINT_get_affine_coordinates_GFp(group,
+                                                 EC_GROUP_get0_generator
+                                                 (group), x, y, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
+            goto err;
+        }
+
+        /* get the ECC curve parameters */
+        if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
+            goto err;
+        }
+    } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+               NID_X9_62_characteristic_two_field) {
+        ec_crv = EC_BINARY;
+        /* get the ECC curve parameters */
+        if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
+            goto err;
+        }
+
+        /* get the generator point pair */
+        if (!EC_POINT_get_affine_coordinates_GF2m(group,
+                                                  EC_GROUP_get0_generator
+                                                  (group), x, y, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
+            goto err;
+        }
+    } else {
+        printf("Unsupported Curve\n");
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    if (spcf_bn2bin(order, &r, &r_len)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (spcf_bn2bin(p, &q, &q_len)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    priv_key_len = r_len;
+
+        /**
+         * If BN_num_bytes of priv_key returns less then r_len then
+         * add padding bytes before the key
+         */
+    if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Generation of ECC curve parameters */
+    ab_len = 2 * q_len;
+    ab = eng_copy_curve_points(a, b, ab_len, q_len);
+    if (!ab) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (ec_crv == EC_BINARY) {
+        if (eng_ec_get_cparam
+            (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
+            unsigned char *c_temp = NULL;
+            int c_temp_len = q_len;
+            if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
+                memcpy(ab + q_len, c_temp, q_len);
+            else
+                goto err;
+        }
+        kop->curve_type = ECC_BINARY;
+    }
+
+    /* Calculation of Generator point */
+    g_len = 2 * q_len;
+    g_xy = eng_copy_curve_points(x, y, g_len, q_len);
+    if (!g_xy) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* memory for message representative */
+    f = malloc(r_len);
+    if (!f) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Add padding, since SEC expects hash to of size r_len */
+    memset(f, 0, r_len - dgst_len);
+
+    /* Skip leading bytes if dgst_len < r_len */
+    memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
+
+    dgst_len += r_len - dgst_len;
+
+    kop->crk_op = CRK_DSA_SIGN;
+    /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+    kop->crk_param[0].crp_p = f;
+    kop->crk_param[0].crp_nbits = dgst_len * 8;
+    kop->crk_param[1].crp_p = q;
+    kop->crk_param[1].crp_nbits = q_len * 8;
+    kop->crk_param[2].crp_p = r;
+    kop->crk_param[2].crp_nbits = r_len * 8;
+    kop->crk_param[3].crp_p = g_xy;
+    kop->crk_param[3].crp_nbits = g_len * 8;
+    kop->crk_param[4].crp_p = s;
+    kop->crk_param[4].crp_nbits = priv_key_len * 8;
+    kop->crk_param[5].crp_p = ab;
+    kop->crk_param[5].crp_nbits = ab_len * 8;
+    kop->crk_iparams = 6;
+    kop->cookie = cookie;
+
+    if (cryptodev_asym_async(kop, r_len, sig->r, r_len, sig->s))
+        goto err;
+
+    return ret;
+ err:
+    {
+        const ECDSA_METHOD *meth = ECDSA_OpenSSL();
+        BN_free(sig->r);
+        BN_free(sig->s);
+        if (kop)
+            free(kop);
+        sig_ret =
+            (meth->ecdsa_do_sign) (dgst, dgst_len, in_kinv, in_r, eckey);
+        sig->r = sig_ret->r;
+        sig->s = sig_ret->s;
+        cookie->pkc_callback(cookie, 0);
+    }
+    return ret;
+}
+
+static int cryptodev_ecdsa_verify_async(const unsigned char *dgst,
+                                        int dgst_len, const ECDSA_SIG *sig,
+                                        EC_KEY *eckey,
+                                        struct pkc_cookie_s *cookie)
+{
+    BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL;
+    BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
+    BN_CTX *ctx = NULL;
+    ECDSA_DATA *ecdsa = NULL;
+    unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy =
+        NULL;
+    unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
+    int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0;
+    int d_len = 0, ab_len = 0, ret = 1;
+    const EC_POINT *pub_key = NULL;
+    const BIGNUM *order = NULL;
+    const EC_GROUP *group = NULL;
+    ec_curve_t ec_crv = EC_PRIME;
+    struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
+
+    if (!kop)
+        goto err;
+
+    memset(kop, 0, sizeof(struct crypt_kop));
+    ecdsa = ecdsa_check(eckey);
+    if (!ecdsa) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
+        goto err;
+    }
+
+    group = EC_KEY_get0_group(eckey);
+    pub_key = EC_KEY_get0_public_key(eckey);
+
+    if (!group || !pub_key) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
+        goto err;
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
+        (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
+        (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
+        (y = BN_new()) == NULL || (w_x = BN_new()) == NULL ||
+        (w_y = BN_new()) == NULL) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    order = &group->order;
+    if (!order || BN_is_zero(order)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
+        goto err;
+    }
+
+    i = BN_num_bits(order);
+    /*
+     * Need to truncate digest if it is too long: first truncate whole *
+     * bytes
+     */
+    if (8 * dgst_len > i)
+        dgst_len = (i + 7) / 8;
+
+    if (!BN_bin2bn(dgst, dgst_len, m)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /* If still too long truncate remaining bits with a shift */
+    if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+        goto err;
+    }
+    /* copy the truncated bits into plain buffer */
+    if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* check if this is prime or binary EC request */
+    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+        NID_X9_62_prime_field) {
+        ec_crv = EC_PRIME;
+
+        /* get the generator point pair */
+        if (!EC_POINT_get_affine_coordinates_GFp(group,
+                                                 EC_GROUP_get0_generator
+                                                 (group), x, y, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+            goto err;
+        }
+
+        /* get the public key pair for prime curve */
+        if (!EC_POINT_get_affine_coordinates_GFp(group,
+                                                 pub_key, w_x, w_y, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+            goto err;
+        }
+
+        /* get the ECC curve parameters */
+        if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+            goto err;
+        }
+    } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+               NID_X9_62_characteristic_two_field) {
+        ec_crv = EC_BINARY;
+        /* get the ECC curve parameters */
+        if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+            goto err;
+        }
+
+        /* get the generator point pair */
+        if (!EC_POINT_get_affine_coordinates_GF2m(group,
+                                                  EC_GROUP_get0_generator
+                                                  (group), x, y, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+            goto err;
+        }
+
+        /* get the public key pair for binary curve */
+        if (!EC_POINT_get_affine_coordinates_GF2m(group,
+                                                  pub_key, w_x, w_y, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+            goto err;
+        }
+    } else {
+        printf("Unsupported Curve\n");
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    /* Get the order of the subgroup of private keys */
+    if (spcf_bn2bin((BIGNUM *)order, &r, &r_len)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Get the irreducible polynomial that creates the field */
+    if (spcf_bn2bin(p, &q, &q_len)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Get the public key into a flat buffer with appropriate padding */
+    pub_key_len = 2 * q_len;
+
+    w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len);
+    if (!w_xy) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Generation of ECC curve parameters */
+    ab_len = 2 * q_len;
+
+    ab = eng_copy_curve_points(a, b, ab_len, q_len);
+    if (!ab) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (ec_crv == EC_BINARY) {
+        /* copy b' i.e c(b), instead of only b */
+        eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab + q_len, q_len);
+        kop->curve_type = ECC_BINARY;
+    }
+
+    /* Calculation of Generator point */
+    g_len = 2 * q_len;
+
+    g_xy = eng_copy_curve_points(x, y, g_len, q_len);
+    if (!g_xy) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+        /**
+         * Get the 1st part of signature into a flat buffer with
+         * appropriate padding
+         */
+    if (BN_num_bytes(sig->r) < r_len)
+        c_len = r_len;
+
+    if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+        /**
+         * Get the 2nd part of signature into a flat buffer with
+         * appropriate padding
+         */
+    if (BN_num_bytes(sig->s) < r_len)
+        d_len = r_len;
+
+    if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* memory for message representative */
+    f = malloc(r_len);
+    if (!f) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Add padding, since SEC expects hash to of size r_len */
+    memset(f, 0, r_len - dgst_len);
+
+    /* Skip leading bytes if dgst_len < r_len */
+    memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
+
+    dgst_len += r_len - dgst_len;
+
+    kop->crk_op = CRK_DSA_VERIFY;
+    /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+    kop->crk_param[0].crp_p = f;
+    kop->crk_param[0].crp_nbits = dgst_len * 8;
+    kop->crk_param[1].crp_p = q;
+    kop->crk_param[1].crp_nbits = q_len * 8;
+    kop->crk_param[2].crp_p = r;
+    kop->crk_param[2].crp_nbits = r_len * 8;
+    kop->crk_param[3].crp_p = g_xy;
+    kop->crk_param[3].crp_nbits = g_len * 8;
+    kop->crk_param[4].crp_p = w_xy;
+    kop->crk_param[4].crp_nbits = pub_key_len * 8;
+    kop->crk_param[5].crp_p = ab;
+    kop->crk_param[5].crp_nbits = ab_len * 8;
+    kop->crk_param[6].crp_p = c;
+    kop->crk_param[6].crp_nbits = d_len * 8;
+    kop->crk_param[7].crp_p = d;
+    kop->crk_param[7].crp_nbits = d_len * 8;
+    kop->crk_iparams = 8;
+    kop->cookie = cookie;
+
+    if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
+        goto err;
+
+    return ret;
+ err:
+    {
+        const ECDSA_METHOD *meth = ECDSA_OpenSSL();
+
+        if (kop)
+            free(kop);
+        ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey);
+        cookie->pkc_callback(cookie, 0);
+    }
+
+    return ret;
+}
+
+/* Cryptodev DH Key Gen routine */
+static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie)
+{
+    struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
+    int ret = 1, g_len;
+    unsigned char *g = NULL;
+
+    if (!kop)
+        goto sw_try;
+
+    if (dh->priv_key == NULL) {
+        if ((dh->priv_key = BN_new()) == NULL)
+            goto sw_try;
+    }
+
+    if (dh->pub_key == NULL) {
+        if ((dh->pub_key = BN_new()) == NULL)
+            goto sw_try;
+    }
+
+    g_len = BN_num_bytes(dh->p);
+        /**
+         * Get generator into a plain buffer. If length is less than
+         * q_len then add leading padding bytes.
+         */
+    if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
+        DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
+        goto sw_try;
+     }
+ 
+-    /* Add padding, since SEC expects hash to of size r_len */
+-    memset(f, 0, r_len - dgst_len);
+    memset(kop, 0, sizeof(struct crypt_kop));
+    kop->crk_op = CRK_DH_GENERATE_KEY;
+    if (bn2crparam(dh->p, &kop->crk_param[0]))
+        goto sw_try;
+    if (bn2crparam(dh->q, &kop->crk_param[1]))
+        goto sw_try;
+    kop->crk_param[2].crp_p = g;
+    kop->crk_param[2].crp_nbits = g_len * 8;
+    kop->crk_iparams = 3;
+    kop->cookie = cookie;
+ 
+-    /* Skip leading bytes if dgst_len < r_len */
+-    memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
+-    dgst_len += r_len - dgst_len;
+-    kop.crk_op = CRK_DSA_VERIFY;
+-    /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+-    kop.crk_param[0].crp_p = f;
+-    kop.crk_param[0].crp_nbits = dgst_len * 8;
+-    kop.crk_param[1].crp_p = q;
+-    kop.crk_param[1].crp_nbits = q_len * 8;
+-    kop.crk_param[2].crp_p = r;
+-    kop.crk_param[2].crp_nbits = r_len * 8;
+-    kop.crk_param[3].crp_p = g_xy;
+-    kop.crk_param[3].crp_nbits = g_len * 8;
+-    kop.crk_param[4].crp_p = w_xy;
+-    kop.crk_param[4].crp_nbits = pub_key_len * 8;
+-    kop.crk_param[5].crp_p = ab;
+-    kop.crk_param[5].crp_nbits = ab_len * 8;
+-    kop.crk_param[6].crp_p = c;
+-    kop.crk_param[6].crp_nbits = d_len * 8;
+-    kop.crk_param[7].crp_p = d;
+-    kop.crk_param[7].crp_nbits = d_len * 8;
+-    kop.crk_iparams = 8;
+    /* pub_key is or prime length while priv key is of length of order */
+    if (cryptodev_asym_async(kop, BN_num_bytes(dh->p), dh->pub_key,
+                             BN_num_bytes(dh->q), dh->priv_key))
+        goto sw_try;
+ 
+-    if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
+-        /*
+-         * OCF success value is 0, if not zero, change ret to fail
+-         */
+-        if (0 == kop.crk_status)
+-            ret = 1;
+-    } else {
+-        const ECDSA_METHOD *meth = ECDSA_OpenSSL();
+    return ret;
+ sw_try:
+    {
+        const DH_METHOD *meth = DH_OpenSSL();
+ 
+-        ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey);
+        if (kop)
+            free(kop);
+        ret = (meth->generate_key) (dh);
+        cookie->pkc_callback(cookie, 0);
+     }
+-    kop.crk_param[0].crp_p = NULL;
+-    zapparams(&kop);
+-
+- err:
+     return ret;
+ }
+ 
+@@ -2468,6 +3517,54 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+     return (dhret);
+ }
+ 
+/* Return Length if successful and 0 on failure */
+static int
+cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
+                               DH *dh, struct pkc_cookie_s *cookie)
+{
+    struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
+    int ret = 1;
+    int fd, p_len;
+    unsigned char *padded_pub_key = NULL, *p = NULL;
+
+    fd = *(int *)cookie->eng_handle;
+
+    memset(kop, 0, sizeof(struct crypt_kop));
+    kop->crk_op = CRK_DH_COMPUTE_KEY;
+    /* inputs: dh->priv_key pub_key dh->p key */
+    spcf_bn2bin(dh->p, &p, &p_len);
+    spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
+
+    if (bn2crparam(dh->priv_key, &kop->crk_param[0]))
+        goto err;
+    kop->crk_param[1].crp_p = padded_pub_key;
+    kop->crk_param[1].crp_nbits = p_len * 8;
+    kop->crk_param[2].crp_p = p;
+    kop->crk_param[2].crp_nbits = p_len * 8;
+    kop->crk_iparams = 3;
+
+    kop->cookie = cookie;
+    kop->crk_param[3].crp_p = (void *)key;
+    kop->crk_param[3].crp_nbits = p_len * 8;
+    kop->crk_oparams = 1;
+
+    if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
+        goto err;
+
+    return p_len;
+ err:
+    {
+        const DH_METHOD *meth = DH_OpenSSL();
+
+        if (kop)
+            free(kop);
+        ret = (meth->compute_key) (key, pub_key, dh);
+        /* Call user cookie handler */
+        cookie->pkc_callback(cookie, 0);
+    }
+    return (ret);
+}
+
+ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
+                                const EC_POINT *pub_key, EC_KEY *ecdh,
+                                void *(*KDF) (const void *in, size_t inlen,
+@@ -2650,6 +3747,197 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
+     return ret;
+ }
+ 
+int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
+                                     const EC_POINT *pub_key, EC_KEY *ecdh,
+                                     void *(*KDF) (const void *in,
+                                                   size_t inlen, void *out,
+                                                   size_t *outlen),
+                                     struct pkc_cookie_s *cookie)
+{
+    ec_curve_t ec_crv = EC_PRIME;
+    unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
+    BIGNUM *w_x = NULL, *w_y = NULL;
+    int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
+    BIGNUM *p = NULL, *a = NULL, *b = NULL;
+    BN_CTX *ctx;
+    EC_POINT *tmp = NULL;
+    BIGNUM *x = NULL, *y = NULL;
+    const BIGNUM *priv_key;
+    const EC_GROUP *group = NULL;
+    int ret = 1;
+    size_t buflen, len;
+    struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
+
+    if (!(ctx = BN_CTX_new()) || !kop)
+        goto err;
+
+    memset(kop, 0, sizeof(struct crypt_kop));
+
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    p = BN_CTX_get(ctx);
+    a = BN_CTX_get(ctx);
+    b = BN_CTX_get(ctx);
+    w_x = BN_CTX_get(ctx);
+    w_y = BN_CTX_get(ctx);
+
+    if (!x || !y || !p || !a || !b || !w_x || !w_y) {
+        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    priv_key = EC_KEY_get0_private_key(ecdh);
+    if (priv_key == NULL) {
+        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE);
+        goto err;
+    }
+
+    group = EC_KEY_get0_group(ecdh);
+    if ((tmp = EC_POINT_new(group)) == NULL) {
+        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+        NID_X9_62_prime_field) {
+        ec_crv = EC_PRIME;
+
+        if (!EC_POINT_get_affine_coordinates_GFp(group,
+                                                 EC_GROUP_get0_generator
+                                                 (group), x, y, ctx)) {
+            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
+            goto err;
+        }
+
+        /* get the ECC curve parameters */
+        if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
+            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
+            goto err;
+        }
+
+        /* get the public key pair for prime curve */
+        if (!EC_POINT_get_affine_coordinates_GFp
+            (group, pub_key, w_x, w_y, ctx)) {
+            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
+            goto err;
+        }
+    } else {
+        ec_crv = EC_BINARY;
+
+        if (!EC_POINT_get_affine_coordinates_GF2m(group,
+                                                  EC_GROUP_get0_generator
+                                                  (group), x, y, ctx)) {
+            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
+            goto err;
+        }
+
+        /* get the ECC curve parameters */
+        if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
+            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
+            goto err;
+        }
+
+        /* get the public key pair for binary curve */
+        if (!EC_POINT_get_affine_coordinates_GF2m(group,
+                                                  pub_key, w_x, w_y, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+
+    /* irreducible polynomial that creates the field */
+    if (spcf_bn2bin((BIGNUM *)&group->order, &r, &r_len)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Get the irreducible polynomial that creates the field */
+    if (spcf_bn2bin(p, &q, &q_len)) {
+        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /* Get the public key into a flat buffer with appropriate padding */
+    pub_key_len = 2 * q_len;
+    w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len);
+    if (!w_xy) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Generation of ECC curve parameters */
+    ab_len = 2 * q_len;
+    ab = eng_copy_curve_points(a, b, ab_len, q_len);
+    if (!ab) {
+        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    if (ec_crv == EC_BINARY) {
+        /* copy b' i.e c(b), instead of only b */
+        if (eng_ec_get_cparam
+            (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
+            unsigned char *c_temp = NULL;
+            int c_temp_len = q_len;
+            if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
+                memcpy(ab + q_len, c_temp, q_len);
+            else
+                goto err;
+        }
+        kop->curve_type = ECC_BINARY;
+    } else
+        kop->curve_type = ECC_PRIME;
+
+    priv_key_len = r_len;
+
+    /*
+     * If BN_num_bytes of priv_key returns less then r_len then
+     * add padding bytes before the key
+     */
+    if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    buflen = (EC_GROUP_get_degree(group) + 7) / 8;
+    len = BN_num_bytes(x);
+    if (len > buflen || q_len < buflen) {
+        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    kop->crk_op = CRK_DH_COMPUTE_KEY;
+    kop->crk_param[0].crp_p = (void *)s;
+    kop->crk_param[0].crp_nbits = priv_key_len * 8;
+    kop->crk_param[1].crp_p = (void *)w_xy;
+    kop->crk_param[1].crp_nbits = pub_key_len * 8;
+    kop->crk_param[2].crp_p = (void *)q;
+    kop->crk_param[2].crp_nbits = q_len * 8;
+    kop->crk_param[3].crp_p = (void *)ab;
+    kop->crk_param[3].crp_nbits = ab_len * 8;
+    kop->crk_iparams = 4;
+    kop->crk_param[4].crp_p = (void *)out;
+    kop->crk_param[4].crp_nbits = q_len * 8;
+    kop->crk_oparams = 1;
+    kop->cookie = cookie;
+    if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
+        goto err;
+
+    return q_len;
+ err:
+    {
+        const ECDH_METHOD *meth = ECDH_OpenSSL();
+
+        if (kop)
+            free(kop);
+        ret = (meth->compute_key) (out, outlen, pub_key, ecdh, KDF);
+        /* Call user cookie handler */
+        cookie->pkc_callback(cookie, 0);
+    }
+    return ret;
+}
+
+ static DH_METHOD cryptodev_dh = {
+     "cryptodev DH method",
+     NULL,                       /* cryptodev_dh_generate_key */
+@@ -2657,6 +3945,8 @@ static DH_METHOD cryptodev_dh = {
+     NULL,
+     NULL,
+     NULL,
+    NULL,
+    NULL,
+     0,                          /* flags */
+     NULL                        /* app_data */
+ };
+@@ -2665,6 +3955,7 @@ static ECDH_METHOD cryptodev_ecdh = {
+     "cryptodev ECDH method",
+     NULL,                       /* cryptodev_ecdh_compute_key */
+     NULL,
+    NULL,
+     0,                          /* flags */
+     NULL                        /* app_data */
+ };
+@@ -2735,10 +4026,15 @@ void ENGINE_load_cryptodev(void)
+         cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
+         if (cryptodev_asymfeat & CRF_MOD_EXP) {
+             cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
+-            if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
+            cryptodev_rsa.bn_mod_exp_async = cryptodev_bn_mod_exp_async;
+            if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) {
+                 cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_mod_exp;
+-            else
+                cryptodev_rsa.rsa_mod_exp_async = cryptodev_rsa_mod_exp_async;
+            } else {
+                 cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_nocrt_mod_exp;
+                cryptodev_rsa.rsa_mod_exp_async =
+                    cryptodev_rsa_nocrt_mod_exp_async;
+            }
+         }
+     }
+ 
+@@ -2746,12 +4042,18 @@ void ENGINE_load_cryptodev(void)
+         const DSA_METHOD *meth = DSA_OpenSSL();
+ 
+         memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
+-        if (cryptodev_asymfeat & CRF_DSA_SIGN)
+        if (cryptodev_asymfeat & CRF_DSA_SIGN) {
+             cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
+-        if (cryptodev_asymfeat & CRF_DSA_VERIFY)
+            cryptodev_dsa.dsa_do_sign_async = cryptodev_dsa_do_sign_async;
+        }
+        if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
+             cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
+-        if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY)
+            cryptodev_dsa.dsa_do_verify_async = cryptodev_dsa_verify_async;
+        }
+        if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) {
+             cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen;
+            cryptodev_dsa.dsa_keygen_async = cryptodev_dsa_keygen_async;
+        }
+     }
+ 
+     if (ENGINE_set_DH(engine, &cryptodev_dh)) {
+@@ -2759,9 +4061,12 @@ void ENGINE_load_cryptodev(void)
+         memcpy(&cryptodev_dh, dh_meth, sizeof(DH_METHOD));
+         if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
+             cryptodev_dh.compute_key = cryptodev_dh_compute_key;
+            cryptodev_dh.compute_key_async = cryptodev_dh_compute_key_async;
+         }
+         if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) {
+             cryptodev_dh.generate_key = cryptodev_dh_keygen;
+            cryptodev_dh.generate_key_async = cryptodev_dh_keygen_async;
+
+         }
+     }
+ 
+@@ -2770,9 +4075,13 @@ void ENGINE_load_cryptodev(void)
+         memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD));
+         if (cryptodev_asymfeat & CRF_DSA_SIGN) {
+             cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign;
+            cryptodev_ecdsa.ecdsa_do_sign_async =
+                cryptodev_ecdsa_do_sign_async;
+         }
+         if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
+             cryptodev_ecdsa.ecdsa_do_verify = cryptodev_ecdsa_verify;
+            cryptodev_ecdsa.ecdsa_do_verify_async =
+                cryptodev_ecdsa_verify_async;
+         }
+     }
+ 
+@@ -2781,9 +4090,16 @@ void ENGINE_load_cryptodev(void)
+         memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD));
+         if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
+             cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key;
+            cryptodev_ecdh.compute_key_async =
+                cryptodev_ecdh_compute_key_async;
+         }
+     }
+ 
+    ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability);
+    ENGINE_set_close_instance(engine, cryptodev_close_instance);
+    ENGINE_set_init_instance(engine, cryptodev_init_instance);
+    ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC);
+
+     ENGINE_add(engine);
+     ENGINE_free(engine);
+     ERR_clear_error();
+diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
+index 46f163b..b698a0c 100644
+--- a/crypto/engine/eng_int.h
+++ b/crypto/engine/eng_int.h
+@@ -198,6 +198,29 @@ struct engine_st {
+     ENGINE_LOAD_KEY_PTR load_privkey;
+     ENGINE_LOAD_KEY_PTR load_pubkey;
+     ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
+       /*
+        * Instantiate Engine handle to be passed in check_pkc_availability
+        * Ensure that Engine is instantiated before any pkc asynchronous call.
+        */
+       void *(*engine_init_instance)(void);
+       /*
+        * Instantiated Engine handle will be closed with this call.
+        * Ensure that no pkc asynchronous call is made after this call
+        */
+       void (*engine_close_instance)(void *handle);
+       /*
+        * Check availability will extract the data from kernel.
+        * eng_handle: This is the Engine handle corresponds to which
+        * the cookies needs to be polled.
+        * return 0 if cookie available else 1
+        */
+       int (*check_pkc_availability)(void *eng_handle);
+       /*
+        * The following map is used to check if the engine supports asynchronous implementation
+        * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous
+        * implementation need to check this features using "int ENGINE_get_async_map(engine *)";
+        */
+       int async_map;
+     const ENGINE_CMD_DEFN *cmd_defns;
+     int flags;
+     /* reference count on the structure itself */
+diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
+index dc2abd2..0c57e12 100644
+--- a/crypto/engine/eng_lib.c
+++ b/crypto/engine/eng_lib.c
+@@ -100,7 +100,11 @@ void engine_set_all_null(ENGINE *e)
+     e->ctrl = NULL;
+     e->load_privkey = NULL;
+     e->load_pubkey = NULL;
+       e->check_pkc_availability = NULL;
+       e->engine_init_instance = NULL;
+       e->engine_close_instance = NULL;
+     e->cmd_defns = NULL;
+       e->async_map = 0;
+     e->flags = 0;
+ }
+ 
+@@ -246,6 +250,48 @@ int ENGINE_set_id(ENGINE *e, const char *id)
+     }
+     e->id = id;
+     return 1;
+       }
+
+void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void))
+       {
+               e->engine_init_instance = engine_init_instance;
+       }
+
+void ENGINE_set_close_instance(ENGINE *e,
+       void (*engine_close_instance)(void *))
+       {
+               e->engine_close_instance = engine_close_instance;
+       }
+
+void ENGINE_set_async_map(ENGINE *e, int async_map)
+       {
+               e->async_map = async_map;
+       }
+
+void *ENGINE_init_instance(ENGINE *e)
+       {
+               return e->engine_init_instance();
+       }
+
+void ENGINE_close_instance(ENGINE *e, void *eng_handle)
+       {
+               e->engine_close_instance(eng_handle);
+       }
+
+int ENGINE_get_async_map(ENGINE *e)
+       {
+               return e->async_map;
+       }
+
+void ENGINE_set_check_pkc_availability(ENGINE *e,
+       int (*check_pkc_availability)(void *eng_handle))
+       {
+               e->check_pkc_availability = check_pkc_availability;
+       }
+
+int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle)
+       {
+               return e->check_pkc_availability(eng_handle);
+ }
+ 
+ int ENGINE_set_name(ENGINE *e, const char *name)
+diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
+index 020d912..4527aa1 100644
+--- a/crypto/engine/engine.h
+++ b/crypto/engine/engine.h
+@@ -551,6 +551,30 @@ ENGINE *ENGINE_new(void);
+ int ENGINE_free(ENGINE *e);
+ int ENGINE_up_ref(ENGINE *e);
+ int ENGINE_set_id(ENGINE *e, const char *id);
+void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void));
+void ENGINE_set_close_instance(ENGINE *e,
+       void (*engine_free_instance)(void *));
+/*
+ * Following FLAGS are bitmap store in async_map to set asynchronous interface capability
+ *of the engine
+ */
+#define ENGINE_RSA_ASYNC 0x0001
+#define ENGINE_DSA_ASYNC 0x0002
+#define ENGINE_DH_ASYNC 0x0004
+#define ENGINE_ECDSA_ASYNC 0x0008
+#define ENGINE_ECDH_ASYNC 0x0010
+#define ENGINE_ALLPKC_ASYNC 0x001F
+/* Engine implementation will set the bitmap based on above flags using following API */
+void ENGINE_set_async_map(ENGINE *e, int async_map);
+ /* Application need to check the bitmap based on above flags using following API
+  * to confirm asynchronous methods supported
+  */
+int ENGINE_get_async_map(ENGINE *e);
+void *ENGINE_init_instance(ENGINE *e);
+void ENGINE_close_instance(ENGINE *e, void *eng_handle);
+void ENGINE_set_check_pkc_availability(ENGINE *e,
+       int (*check_pkc_availability)(void *eng_handle));
+int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle);
+ int ENGINE_set_name(ENGINE *e, const char *name);
+ int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
+ int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
+diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
+index d2ee374..7c539fc 100644
+--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
+@@ -97,6 +97,29 @@ struct rsa_meth_st {
+     /* Can be null */
+     int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+    /*
+     * Cookie in the following _async variant must be allocated before
+     * submission and can be freed once its corresponding callback
+     * handler is called
+     */
+     int (*rsa_pub_enc_asyn)(int flen,const unsigned char *from,
+                          unsigned char *to, RSA *rsa, int padding,
+                          struct pkc_cookie_s *cookie);
+     int (*rsa_pub_dec_async)(int flen,const unsigned char *from,
+                          unsigned char *to, RSA *rsa, int padding,
+                          struct pkc_cookie_s *cookie);
+     int (*rsa_priv_enc_async)(int flen,const unsigned char *from,
+                           unsigned char *to, RSA *rsa, int padding,
+                           struct pkc_cookie_s *cookie);
+     int (*rsa_priv_dec_async)(int flen,const unsigned char *from,
+                           unsigned char *to, RSA *rsa, int padding,
+                           struct pkc_cookie_s *cookie);
+     int (*rsa_mod_exp_async)(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+                           BN_CTX *ctx, struct pkc_cookie_s *cookie);
+     int (*bn_mod_exp_async)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                         const BIGNUM *m, BN_CTX *ctx,
+                         BN_MONT_CTX *m_ctx, struct pkc_cookie_s *cookie);
+
+     /* called at new */
+     int (*init) (RSA *rsa);
+     /* called at free */
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Fixed-private-key-support-for-DH.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Fixed-private-key-support-for-DH.patch
deleted file mode 100644
index 12fcd7df7..000000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Fixed-private-key-support-for-DH.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 8322e4157bf49d992b5b9e460f2c0785865dd1c1 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta@freescale.com>
-Date: Thu, 20 Mar 2014 19:55:51 -0500
-Subject: [PATCH 07/26] Fixed private key support for DH
-Upstream-status: Pending
-Required Length of the DH result is not returned in dh method in openssl
-Tested-by: Yashpal Dutta <yashpal.dutta@freescale.com>
---
- crypto/dh/dh_ameth.c | 7 -------
- 1 file changed, 7 deletions(-)
-diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
-index ed32004..02ec2d4 100644
--- a/crypto/dh/dh_ameth.c
-+++ b/crypto/dh/dh_ameth.c
-@@ -422,13 +422,6 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
-        if (to->pkey.dh->g != NULL)
-                BN_free(to->pkey.dh->g);
-        to->pkey.dh->g=a;
-       if ((a=BN_dup(from->pkey.dh->q)) != NULL) {
-               if (to->pkey.dh->q != NULL)
-                       BN_free(to->pkey.dh->q);
-               to->pkey.dh->q=a;
-       }
-
-       to->pkey.dh->length = from->pkey.dh->length;
- 
-        return 1;
-        }
-- 
-2.3.5
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
new file mode 100644
index 000000000..ccd24e316
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
@@ -0,0 +1,155 @@
+From 94a3fc9f437c20726209cea19256c419837055a2 Mon Sep 17 00:00:00 2001
+From: Hou Zhiqiang <B48286@freescale.com>
+Date: Wed, 2 Apr 2014 16:10:43 +0800
+Subject: [PATCH 08/48] Add RSA keygen operation and support gendsa command
+ with hardware engine
+Upstream-status: Pending
+Signed-off-by: Hou Zhiqiang <B48286@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 120 ++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 120 insertions(+)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 8303630..44017a3 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -2009,6 +2009,124 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
+     }
+ }
+ 
+/* Cryptodev RSA Key Gen routine */
+static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+{
+    struct crypt_kop kop;
+    int ret, fd;
+    int p_len, q_len;
+    int i;
+
+    if ((fd = get_asym_dev_crypto()) < 0)
+        return fd;
+
+    if (!rsa->n && ((rsa->n = BN_new()) == NULL))
+        goto err;
+    if (!rsa->d && ((rsa->d = BN_new()) == NULL))
+        goto err;
+    if (!rsa->e && ((rsa->e = BN_new()) == NULL))
+        goto err;
+    if (!rsa->p && ((rsa->p = BN_new()) == NULL))
+        goto err;
+    if (!rsa->q && ((rsa->q = BN_new()) == NULL))
+        goto err;
+    if (!rsa->dmp1 && ((rsa->dmp1 = BN_new()) == NULL))
+        goto err;
+    if (!rsa->dmq1 && ((rsa->dmq1 = BN_new()) == NULL))
+        goto err;
+    if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL))
+        goto err;
+
+    BN_copy(rsa->e, e);
+
+    p_len = (bits + 1) / (2 * 8);
+    q_len = (bits - p_len * 8) / 8;
+    memset(&kop, 0, sizeof kop);
+    kop.crk_op = CRK_RSA_GENERATE_KEY;
+
+    /* p length */
+    kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
+    if (!kop.crk_param[kop.crk_iparams].crp_p)
+        goto err;
+    kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
+    memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
+    kop.crk_iparams++;
+    kop.crk_oparams++;
+    /* q length */
+    kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
+    if (!kop.crk_param[kop.crk_iparams].crp_p)
+        goto err;
+    kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
+    memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
+    kop.crk_iparams++;
+    kop.crk_oparams++;
+    /* n length */
+    kop.crk_param[kop.crk_iparams].crp_p =
+        calloc(p_len + q_len + 1, sizeof(char));
+    if (!kop.crk_param[kop.crk_iparams].crp_p)
+        goto err;
+    kop.crk_param[kop.crk_iparams].crp_nbits = bits;
+    memset(kop.crk_param[kop.crk_iparams].crp_p, 0x00, p_len + q_len + 1);
+    kop.crk_iparams++;
+    kop.crk_oparams++;
+    /* d length */
+    kop.crk_param[kop.crk_iparams].crp_p =
+        calloc(p_len + q_len + 1, sizeof(char));
+    if (!kop.crk_param[kop.crk_iparams].crp_p)
+        goto err;
+    kop.crk_param[kop.crk_iparams].crp_nbits = bits;
+    memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + q_len + 1);
+    kop.crk_iparams++;
+    kop.crk_oparams++;
+    /* dp1 length */
+    kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
+    if (!kop.crk_param[kop.crk_iparams].crp_p)
+        goto err;
+    kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
+    memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
+    kop.crk_iparams++;
+    kop.crk_oparams++;
+    /* dq1 length */
+    kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
+    if (!kop.crk_param[kop.crk_iparams].crp_p)
+        goto err;
+    kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
+    memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
+    kop.crk_iparams++;
+    kop.crk_oparams++;
+    /* i length */
+    kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
+    if (!kop.crk_param[kop.crk_iparams].crp_p)
+        goto err;
+    kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
+    memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
+    kop.crk_iparams++;
+    kop.crk_oparams++;
+
+    if (ioctl(fd, CIOCKEY, &kop) == 0) {
+        BN_bin2bn(kop.crk_param[0].crp_p, p_len, rsa->p);
+        BN_bin2bn(kop.crk_param[1].crp_p, q_len, rsa->q);
+        BN_bin2bn(kop.crk_param[2].crp_p, bits / 8, rsa->n);
+        BN_bin2bn(kop.crk_param[3].crp_p, bits / 8, rsa->d);
+        BN_bin2bn(kop.crk_param[4].crp_p, p_len, rsa->dmp1);
+        BN_bin2bn(kop.crk_param[5].crp_p, q_len, rsa->dmq1);
+        BN_bin2bn(kop.crk_param[6].crp_p, p_len, rsa->iqmp);
+        return 1;
+    }
+ sw_try:
+    {
+        const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+        ret = (meth->rsa_keygen) (rsa, bits, e, cb);
+    }
+    return ret;
+
+ err:
+    for (i = 0; i < CRK_MAXPARAM; i++)
+        free(kop.crk_param[i].crp_p);
+    return 0;
+
+}
+
+ /* Cryptodev DSA Key Gen routine */
+ static int cryptodev_dsa_keygen(DSA *dsa)
+ {
+@@ -4035,6 +4153,8 @@ void ENGINE_load_cryptodev(void)
+                 cryptodev_rsa.rsa_mod_exp_async =
+                     cryptodev_rsa_nocrt_mod_exp_async;
+             }
+            if (cryptodev_asymfeat & CRF_RSA_GENERATE_KEY)
+                cryptodev_rsa.rsa_keygen = cryptodev_rsa_keygen;
+         }
+     }
+ 
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Initial-support-for-PKC-in-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Initial-support-for-PKC-in-cryptodev-engine.patch
deleted file mode 100644
index 98272abf2..000000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Initial-support-for-PKC-in-cryptodev-engine.patch
+++ /dev/null
@@ -1,1564 +0,0 @@
-From 107a10d45db0f2e58482f698add04ed9183f7268 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta@freescale.com>
-Date: Tue, 11 Mar 2014 06:29:52 +0545
-Subject: [PATCH 08/26] Initial support for PKC in cryptodev engine
-Upstream-status: Pending
-Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
---
- crypto/engine/eng_cryptodev.c | 1343 ++++++++++++++++++++++++++++++++++++-----
- 1 file changed, 1183 insertions(+), 160 deletions(-)
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index e3eb98b..7ee314b 100644
--- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -54,11 +54,14 @@ ENGINE_load_cryptodev(void)
- #else 
-  
- #include <sys/types.h>
-#include <crypto/cryptodev.h>
- #include <crypto/dh/dh.h>
- #include <crypto/dsa/dsa.h>
- #include <crypto/err/err.h>
- #include <crypto/rsa/rsa.h>
-+#include <crypto/ecdsa/ecs_locl.h>
-+#include <crypto/ecdh/ech_locl.h>
-+#include <crypto/ec/ec_lcl.h>
-+#include <crypto/ec/ec.h>
- #include <sys/ioctl.h>
- #include <errno.h>
- #include <stdio.h>
-@@ -68,6 +71,8 @@ ENGINE_load_cryptodev(void)
- #include <syslog.h>
- #include <errno.h>
- #include <string.h>
-+#include "eng_cryptodev_ec.h"
-+#include <crypto/cryptodev.h>
- 
- struct dev_crypto_state {
-        struct session_op d_sess;
-@@ -116,18 +121,10 @@ static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
- static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
-     RSA *rsa, BN_CTX *ctx);
- static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
-static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
-    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
-    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
-    BN_CTX *ctx, BN_MONT_CTX *mont);
- static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,
-     int dlen, DSA *dsa);
- static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
-     DSA_SIG *sig, DSA *dsa);
-static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
-    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-    BN_MONT_CTX *m_ctx);
- static int cryptodev_dh_compute_key(unsigned char *key,
-     const BIGNUM *pub_key, DH *dh);
- static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
-@@ -136,6 +133,102 @@ void ENGINE_load_cryptodev(void);
- const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
- 
-+static int spcf_bn2bin(BIGNUM *bn, unsigned char **bin,  int *bin_len)
-+{
-+       int len;
-+       unsigned char *p;
-+
-+       len = BN_num_bytes(bn);
-+
-+       if (!len)
-+               return -1;
-+
-+       p = malloc(len);
-+       if (!p)
-+               return -1;
-+
-+       BN_bn2bin(bn,p);
-+
-+       *bin = p;
-+       *bin_len = len;
-+
-+       return 0;
-+}
-+
-+static int spcf_bn2bin_ex(BIGNUM *bn, unsigned char **bin,  int *bin_len)
-+{
-+       int len;
-+       unsigned char *p;
-+
-+       len = BN_num_bytes(bn);
-+
-+       if (!len)
-+               return -1;
-+
-+       if (len < *bin_len)
-+               p = malloc(*bin_len);
-+       else
-+               p = malloc(len);
-+
-+       if (!p)
-+               return -ENOMEM;
-+
-+       if (len < *bin_len) {
-+               /* place padding */
-+               memset(p, 0, (*bin_len - len));
-+               BN_bn2bin(bn,p+(*bin_len-len));
-+       } else {
-+               BN_bn2bin(bn,p);
-+       }
-+
-+       *bin = p;
-+       if (len >= *bin_len)
-+               *bin_len = len;
-+
-+       return 0;
-+}
-+
-+/**
-+ * Convert an ECC F2m 'b' parameter into the 'c' parameter.
-+ *Inputs:
-+ * q, the curve's modulus
-+ * b, the curve's b parameter
-+ * (a bignum for b, a buffer for c)
-+ * Output:
-+ * c, written into bin, right-adjusted to fill q_len bytes.
-+ */
-+static int
-+eng_ec_compute_cparam(const BIGNUM* b, const BIGNUM* q,
-+                       unsigned char **bin, int *bin_len)
-+{
-+       BIGNUM* c = BN_new();
-+       BIGNUM* exp = BN_new();
-+       BN_CTX *ctx = BN_CTX_new();
-+       int m = BN_num_bits(q) - 1;
-+       int ok = 0;
-+
-+       if (!c || !exp || !ctx || *bin)
-+               goto err;
-+
-+       /*
-+        * We have to compute c, where b = c^4, i.e., the fourth root of b.
-+        * The equation for c is c = b^(2^(m-2))
-+        * Compute exp = 2^(m-2)
-+        * (1 << x) == 2^x
-+        * and then compute c = b^exp
-+        */
-+       BN_lshift(exp, BN_value_one(), m-2);
-+       BN_GF2m_mod_exp(c, b, exp, q, ctx);
-+       /* Store c */
-+       spcf_bn2bin_ex(c, bin, bin_len);
-+       ok = 1;
-+err:
-+       if (ctx) BN_CTX_free(ctx);
-+       if (c) BN_free(c);
-+       if (exp) BN_free(exp);
-+       return ok;
-+}
-+
- static const ENGINE_CMD_DEFN cryptodev_defns[] = {
-        { 0, NULL, NULL, 0 }
- };
-@@ -1139,7 +1232,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
- static int
- bn2crparam(const BIGNUM *a, struct crparam *crp)
- {
-       int i, j, k;
-        ssize_t bytes, bits;
-        u_char *b;
- 
-@@ -1156,15 +1248,7 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
- 
-        crp->crp_p = (caddr_t) b;
-        crp->crp_nbits = bits;
-
-       for (i = 0, j = 0; i < a->top; i++) {
-               for (k = 0; k < BN_BITS2 / 8; k++) {
-                       if ((j + k) >= bytes)
-                               return (0);
-                       b[j + k] = a->d[i] >> (k * 8);
-               }
-               j += BN_BITS2 / 8;
-       }
-+       BN_bn2bin(a, crp->crp_p);
-        return (0);
- }
- 
-@@ -1172,22 +1256,14 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
- static int
- crparam2bn(struct crparam *crp, BIGNUM *a)
- {
-       u_int8_t *pd;
-       int i, bytes;
-+       int bytes;
- 
-        bytes = (crp->crp_nbits + 7) / 8;
- 
-        if (bytes == 0)
-                return (-1);
- 
-       if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
-               return (-1);
-
-       for (i = 0; i < bytes; i++)
-               pd[i] = crp->crp_p[bytes - i - 1];
-
-       BN_bin2bn(pd, bytes, a);
-       free(pd);
-+       BN_bin2bn(crp->crp_p, bytes, a);
- 
-        return (0);
- }
-@@ -1235,6 +1311,32 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
-        return (ret);
- }
- 
-+/* Close an opened instance of cryptodev engine */
-+void cryptodev_close_instance(void *handle)
-+{
-+       int fd;
-+
-+       if (handle) {
-+               fd = *(int *)handle;
-+               close(fd);
-+               free(handle);
-+       }
-+}
-+
-+/* Create an instance of cryptodev for asynchronous interface */
-+void *cryptodev_init_instance(void)
-+{
-+       int *fd = malloc(sizeof(int));
-+
-+       if (fd) {
-+               if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) {
-+                       free(fd);
-+                       return NULL;
-+               }
-+       }
-+       return fd;
-+}
-+
- static int
- cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-@@ -1250,9 +1352,9 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                return (ret);
-        }
- 
-       memset(&kop, 0, sizeof kop);
-        kop.crk_op = CRK_MOD_EXP;
-
-+       kop.crk_oparams = 0;
-+       kop.crk_status = 0;
-        /* inputs: a^p % m */
-        if (bn2crparam(a, &kop.crk_param[0]))
-                goto err;
-@@ -1293,28 +1395,38 @@ static int
- cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
-        struct crypt_kop kop;
-       int ret = 1;
-+       int ret = 1, f_len, p_len, q_len;
-+       unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq = NULL, *c = NULL;
- 
-        if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
-                /* XXX 0 means failure?? */
-                return (0);
-        }
- 
-       memset(&kop, 0, sizeof kop);
-+       kop.crk_oparams = 0;
-+       kop.crk_status = 0;
-        kop.crk_op = CRK_MOD_EXP_CRT;
-+       f_len = BN_num_bytes(rsa->n);
-+       spcf_bn2bin_ex(I, &f, &f_len);
-+       spcf_bn2bin(rsa->p, &p, &p_len);
-+       spcf_bn2bin(rsa->q, &q, &q_len);
-+       spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
-+       spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
-+       spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
-        /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
-       if (bn2crparam(rsa->p, &kop.crk_param[0]))
-               goto err;
-       if (bn2crparam(rsa->q, &kop.crk_param[1]))
-               goto err;
-       if (bn2crparam(I, &kop.crk_param[2]))
-               goto err;
-       if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
-               goto err;
-       if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
-               goto err;
-       if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
-               goto err;
-+       kop.crk_param[0].crp_p = p;
-+       kop.crk_param[0].crp_nbits = p_len * 8;
-+       kop.crk_param[1].crp_p = q;
-+       kop.crk_param[1].crp_nbits = q_len * 8;
-+       kop.crk_param[2].crp_p = f;
-+       kop.crk_param[2].crp_nbits = f_len * 8;
-+       kop.crk_param[3].crp_p = dp;
-+       kop.crk_param[3].crp_nbits = p_len * 8;
-+       /* dq must of length q, rest all of length p*/
-+       kop.crk_param[4].crp_p = dq;
-+       kop.crk_param[4].crp_nbits = q_len * 8;
-+       kop.crk_param[5].crp_p = c;
-+       kop.crk_param[5].crp_nbits = p_len * 8;
-        kop.crk_iparams = 6;
- 
-        if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
-@@ -1350,90 +1462,117 @@ static RSA_METHOD cryptodev_rsa = {
-        NULL                            /* rsa_verify */
- };
- 
-static int
-cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
-{
-       return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
-}
-
-static int
-cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
-    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
-    BN_CTX *ctx, BN_MONT_CTX *mont)
-+static DSA_SIG *
-+cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
- {
-       BIGNUM t2;
-       int ret = 0;
-
-       BN_init(&t2);
-
-       /* v = ( g^u1 * y^u2 mod p ) mod q */
-       /* let t1 = g ^ u1 mod p */
-       ret = 0;
-+       struct crypt_kop kop;
-+       BIGNUM *c = NULL, *d = NULL;
-+       DSA_SIG *dsaret = NULL;
-+       int q_len = 0, r_len = 0, g_len = 0;
-+       int priv_key_len = 0, ret;
-+       unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f = NULL;
- 
-       if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
-+       memset(&kop, 0, sizeof kop);
-+       if ((c = BN_new()) == NULL) {
-+               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-                goto err;
-+       }
- 
-       /* let t2 = y ^ u2 mod p */
-       if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
-+       if ((d = BN_new()) == NULL) {
-+               BN_free(c);
-+               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-                goto err;
-       /* let u1 = t1 * t2 mod p */
-       if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
-+       }
-+
-+       if (spcf_bn2bin(dsa->p, &q, &q_len)) {
-+               DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-                goto err;
-+       }
- 
-       BN_copy(t1,u1);
-+       /* Get order of the field of private keys into plain buffer */
-+       if (spcf_bn2bin (dsa->q, &r, &r_len)) {
-+               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
- 
-       ret = 1;
-err:
-       BN_free(&t2);
-       return(ret);
-}
-+       /* sanity test */
-+       if (dlen > r_len) {
-+               DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-+               goto err;
-+       }
- 
-static DSA_SIG *
-cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
-{
-       struct crypt_kop kop;
-       BIGNUM *r = NULL, *s = NULL;
-       DSA_SIG *dsaret = NULL;
-+       g_len = q_len;
-+       /**
-+        * Get generator into a plain buffer. If length is less than
-+        * q_len then add leading padding bytes.
-+        */
-+       if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
- 
-       if ((r = BN_new()) == NULL)
-+       priv_key_len = r_len;
-+       /**
-+        * Get private key into a plain buffer. If length is less than
-+        * r_len then add leading padding bytes.
-+        */
-+        if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) {
-+               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-                goto err;
-       if ((s = BN_new()) == NULL) {
-               BN_free(r);
-+       }
-+
-+       /* Allocate memory to store hash. */
-+       f = OPENSSL_malloc (r_len);
-+       if (!f) {
-+               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
- 
-       memset(&kop, 0, sizeof kop);
-+       /* Add padding, since SEC expects hash to of size r_len */
-+       if (dlen < r_len)
-+               memset(f, 0, r_len - dlen);
-+
-+       /* Skip leading bytes if dgst_len < r_len */
-+       memcpy(f + r_len - dlen, dgst, dlen);
-+
-        kop.crk_op = CRK_DSA_SIGN;
- 
-        /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-       kop.crk_param[0].crp_p = (caddr_t)dgst;
-       kop.crk_param[0].crp_nbits = dlen * 8;
-       if (bn2crparam(dsa->p, &kop.crk_param[1]))
-               goto err;
-       if (bn2crparam(dsa->q, &kop.crk_param[2]))
-               goto err;
-       if (bn2crparam(dsa->g, &kop.crk_param[3]))
-               goto err;
-       if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
-               goto err;
-+       kop.crk_param[0].crp_p = (void*)f;
-+       kop.crk_param[0].crp_nbits = r_len * 8;
-+       kop.crk_param[1].crp_p = (void*)q;
-+       kop.crk_param[1].crp_nbits = q_len * 8;
-+       kop.crk_param[2].crp_p = (void*)r;
-+       kop.crk_param[2].crp_nbits = r_len * 8;
-+       kop.crk_param[3].crp_p = (void*)g;
-+       kop.crk_param[3].crp_nbits = g_len * 8;
-+       kop.crk_param[4].crp_p = (void*)priv_key;
-+       kop.crk_param[4].crp_nbits = priv_key_len * 8;
-        kop.crk_iparams = 5;
- 
-       if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
-           BN_num_bytes(dsa->q), s) == 0) {
-               dsaret = DSA_SIG_new();
-               dsaret->r = r;
-               dsaret->s = s;
-       } else {
-               const DSA_METHOD *meth = DSA_OpenSSL();
-               BN_free(r);
-               BN_free(s);
-               dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
-+       ret = cryptodev_asym(&kop, r_len, c, r_len, d);
-+
-+       if (ret) {
-+               DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DECODE_ERROR);
-+               goto err;
-        }
-err:
-       kop.crk_param[0].crp_p = NULL;
-+
-+       dsaret = DSA_SIG_new();
-+       dsaret->r = c;
-+       dsaret->s = d;
-+
-        zapparams(&kop);
-        return (dsaret);
-+err:
-+       {
-+               const DSA_METHOD *meth = DSA_OpenSSL();
-+               if (c)
-+                       BN_free(c);
-+               if (d)
-+                       BN_free(d);
-+               dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
-+               return (dsaret);
-+       }
- }
- 
- static int
-@@ -1441,42 +1580,179 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
-     DSA_SIG *sig, DSA *dsa)
- {
-        struct crypt_kop kop;
-       int dsaret = 1;
-+       int dsaret = 1, q_len = 0, r_len = 0, g_len = 0;
-+       int w_len = 0 ,c_len = 0, d_len = 0, ret = -1;
-+       unsigned char   * q = NULL, * r = NULL, * w = NULL, * g = NULL;
-+       unsigned char   * c = NULL, * d = NULL, *f = NULL;
- 
-        memset(&kop, 0, sizeof kop);
-        kop.crk_op = CRK_DSA_VERIFY;
- 
-       /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
-       kop.crk_param[0].crp_p = (caddr_t)dgst;
-       kop.crk_param[0].crp_nbits = dlen * 8;
-       if (bn2crparam(dsa->p, &kop.crk_param[1]))
-+       if (spcf_bn2bin(dsa->p, &q, &q_len)) {
-+               DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               return ret;
-+       }
-+
-+       /* Get Order of field of private keys */
-+       if (spcf_bn2bin(dsa->q, &r, &r_len)) {
-+               DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-                goto err;
-       if (bn2crparam(dsa->q, &kop.crk_param[2]))
-+       }
-+
-+       g_len = q_len;
-+       /**
-+        * Get generator into a plain buffer. If length is less than
-+        * q_len then add leading padding bytes.
-+        */
-+       if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+               DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-                goto err;
-       if (bn2crparam(dsa->g, &kop.crk_param[3]))
-+       }
-+       w_len = q_len;
-+       /**
-+        * Get public key into a plain buffer. If length is less than
-+        * q_len then add leading padding bytes.
-+        */
-+       if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) {
-+               DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+       /**
-+        * Get the 1st part of signature into a flat buffer with
-+        * appropriate padding
-+        */
-+       c_len = r_len;
-+
-+       if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-                goto err;
-       if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
-+       }
-+
-+       /**
-+        * Get the 2nd part of signature into a flat buffer with
-+        * appropriate padding
-+        */
-+       d_len = r_len;
-+
-+       if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-                goto err;
-       if (bn2crparam(sig->r, &kop.crk_param[5]))
-+       }
-+
-+
-+       /* Sanity test */
-+       if (dlen > r_len) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-                goto err;
-       if (bn2crparam(sig->s, &kop.crk_param[6]))
-+       }
-+
-+       /* Allocate memory to store hash. */
-+       f = OPENSSL_malloc (r_len);
-+       if (!f) {
-+               DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-                goto err;
-+       }
-+
-+       /* Add padding, since SEC expects hash to of size r_len */
-+       if (dlen < r_len)
-+               memset(f, 0, r_len - dlen);
-+
-+       /* Skip leading bytes if dgst_len < r_len */
-+       memcpy(f + r_len - dlen, dgst, dlen);
-+
-+       /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
-+       kop.crk_param[0].crp_p = (void*)f;
-+       kop.crk_param[0].crp_nbits = r_len * 8;
-+       kop.crk_param[1].crp_p = q;
-+       kop.crk_param[1].crp_nbits = q_len * 8;
-+       kop.crk_param[2].crp_p = r;
-+       kop.crk_param[2].crp_nbits = r_len * 8;
-+       kop.crk_param[3].crp_p = g;
-+       kop.crk_param[3].crp_nbits = g_len * 8;
-+       kop.crk_param[4].crp_p = w;
-+       kop.crk_param[4].crp_nbits = w_len * 8;
-+       kop.crk_param[5].crp_p = c;
-+       kop.crk_param[5].crp_nbits = c_len * 8;
-+       kop.crk_param[6].crp_p = d;
-+       kop.crk_param[6].crp_nbits = d_len * 8;
-        kop.crk_iparams = 7;
- 
-       if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-/*OCF success value is 0, if not zero, change dsaret to fail*/
-               if(0 != kop.crk_status) dsaret  = 0;
-       } else {
-               const DSA_METHOD *meth = DSA_OpenSSL();
-+       if ((cryptodev_asym(&kop, 0, NULL, 0, NULL))) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR);
-+               goto err;
-+       }
- 
-               dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
-+       /*OCF success value is 0, if not zero, change dsaret to fail*/
-+       if(0 != kop.crk_status) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR);
-+               goto err;
-        }
-err:
-       kop.crk_param[0].crp_p = NULL;
-+
-        zapparams(&kop);
-        return (dsaret);
-+err:
-+       {
-+               const DSA_METHOD *meth = DSA_OpenSSL();
-+
-+               dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
-+       }
-+       return dsaret;
- }
- 
-+/* Cryptodev DSA Key Gen routine */
-+static int cryptodev_dsa_keygen(DSA *dsa)
-+{
-+       struct crypt_kop kop;
-+       int ret = 1, g_len;
-+       unsigned char *g = NULL;
-+
-+       if (dsa->priv_key == NULL)      {
-+               if ((dsa->priv_key=BN_new()) == NULL)
-+                       goto sw_try;
-+       }
-+
-+       if (dsa->pub_key == NULL) {
-+               if ((dsa->pub_key=BN_new()) == NULL)
-+                       goto sw_try;
-+       }
-+
-+       g_len = BN_num_bytes(dsa->p);
-+       /**
-+        * Get generator into a plain buffer. If length is less than
-+        * p_len then add leading padding bytes.
-+        */
-+       if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+               DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+               goto sw_try;
-+       }
-+
-+       memset(&kop, 0, sizeof kop);
-+
-+       kop.crk_op = CRK_DSA_GENERATE_KEY;
-+       if (bn2crparam(dsa->p, &kop.crk_param[0]))
-+               goto sw_try;
-+       if (bn2crparam(dsa->q, &kop.crk_param[1]))
-+               goto sw_try;
-+       kop.crk_param[2].crp_p = g;
-+       kop.crk_param[2].crp_nbits = g_len * 8;
-+       kop.crk_iparams = 3;
-+
-+       /* pub_key is or prime length while priv key is of length of order */
-+       if (cryptodev_asym(&kop, BN_num_bytes(dsa->p), dsa->pub_key,
-+           BN_num_bytes(dsa->q), dsa->priv_key))
-+           goto sw_try;
-+
-+       return ret;
-+sw_try:
-+       {
-+               const DSA_METHOD *meth = DSA_OpenSSL();
-+               ret = (meth->dsa_keygen)(dsa);
-+       }
-+       return ret;
-+}
-+
-+
-+
- static DSA_METHOD cryptodev_dsa = {
-        "cryptodev DSA method",
-        NULL,
-@@ -1490,12 +1766,543 @@ static DSA_METHOD cryptodev_dsa = {
-        NULL    /* app_data */
- };
- 
-static int
-cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
-    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-    BN_MONT_CTX *m_ctx)
-+static ECDSA_METHOD cryptodev_ecdsa = {
-+       "cryptodev ECDSA method",
-+       NULL,
-+       NULL,                           /* ecdsa_sign_setup */
-+       NULL,
-+       NULL,
-+       0,      /* flags */
-+       NULL    /* app_data */
-+};
-+
-+typedef enum ec_curve_s
-+{
-+       EC_PRIME,
-+       EC_BINARY
-+} ec_curve_t;
-+
-+/* ENGINE handler for ECDSA Sign */
-+static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
-+       int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
- {
-       return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
-+       BIGNUM  *m = NULL, *p = NULL, *a = NULL;
-+       BIGNUM  *b = NULL, *x = NULL, *y = NULL;
-+       BN_CTX  *ctx = NULL;
-+       ECDSA_SIG *ret = NULL;
-+       ECDSA_DATA *ecdsa = NULL;
-+       unsigned char  * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
-+       unsigned char  * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
-+       int     i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
-+       int     g_len = 0, d_len = 0, ab_len = 0;
-+       const BIGNUM   *order = NULL, *priv_key=NULL;
-+       const EC_GROUP *group = NULL;
-+       struct crypt_kop kop;
-+       ec_curve_t ec_crv = EC_PRIME;
-+
-+       memset(&kop, 0, sizeof(kop));
-+       ecdsa = ecdsa_check(eckey);
-+       if (!ecdsa) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+               return NULL;
-+       }
-+
-+       group = EC_KEY_get0_group(eckey);
-+       priv_key = EC_KEY_get0_private_key(eckey);
-+
-+       if (!group || !priv_key) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+               return NULL;
-+       }
-+
-+       if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+               (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+               (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+               (y = BN_new()) == NULL) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       order = &group->order;
-+       if (!order || BN_is_zero(order)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
-+               goto err;
-+       }
-+
-+       i = BN_num_bits(order);
-+       /* Need to truncate digest if it is too long: first truncate whole
-+        bytes */
-+       if (8 * dgst_len > i)
-+               dgst_len = (i + 7)/8;
-+
-+       if (!BN_bin2bn(dgst, dgst_len, m)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+               goto err;
-+       }
-+
-+       /* If still too long truncate remaining bits with a shift */
-+       if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+               goto err;
-+       }
-+
-+       /* copy the truncated bits into plain buffer */
-+       if (spcf_bn2bin(m, &tmp_dgst, &dgst_len))  {
-+               fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__);
-+               goto err;
-+       }
-+
-+       ret = ECDSA_SIG_new();
-+       if  (!ret) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+               goto err;
-+       }
-+
-+       /* check if this is prime or binary EC request */
-+       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
-+               ec_crv = EC_PRIME;
-+               /* get the generator point pair */
-+               if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group),
-+                       x, y,ctx)) {
-+                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+                       goto err;
-+               }
-+
-+               /* get the ECC curve parameters */
-+               if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) {
-+                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+                       goto err;
-+               }
-+       } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) {
-+               ec_crv = EC_BINARY;
-+               /* get the ECC curve parameters */
-+               if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
-+                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+                       goto err;
-+               }
-+
-+               /* get the generator point pair */
-+               if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+                       EC_GROUP_get0_generator(group), x, y,ctx)) {
-+                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+                       goto err;
-+               }
-+       } else {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+               goto err;
-+       }
-+
-+       if (spcf_bn2bin(order, &r, &r_len)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       if (spcf_bn2bin(p, &q, &q_len)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       priv_key_len = r_len;
-+
-+       /**
-+        * If BN_num_bytes of priv_key returns less then r_len then
-+        * add padding bytes before the key
-+        */
-+       if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len))  {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /* Generation of ECC curve parameters */
-+       ab_len = 2*q_len;
-+       ab = eng_copy_curve_points(a, b, ab_len, q_len);
-+       if (!ab) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       if (ec_crv == EC_BINARY) {
-+               if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
-+               {
-+                       unsigned char *c_temp = NULL;
-+                       int c_temp_len = q_len;
-+                       if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+                               memcpy(ab+q_len, c_temp, q_len);
-+                       else
-+                               goto err;
-+               }
-+               kop.curve_type = ECC_BINARY;
-+       }
-+
-+       /* Calculation of Generator point */
-+       g_len = 2*q_len;
-+       g_xy = eng_copy_curve_points(x, y, g_len, q_len);
-+       if (!g_xy) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /* Memory allocation for first part of digital signature */
-+       c = malloc(r_len);
-+       if (!c) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       d_len = r_len;
-+
-+       /* Memory allocation for second part of digital signature */
-+       d = malloc(d_len);
-+       if (!d) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /* memory for message representative */
-+       f = malloc(r_len);
-+       if (!f) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /* Add padding, since SEC expects hash to of size r_len */
-+       memset(f, 0, r_len - dgst_len);
-+
-+       /* Skip leading bytes if dgst_len < r_len */
-+       memcpy(f +  r_len - dgst_len, tmp_dgst, dgst_len);
-+
-+       dgst_len +=  r_len - dgst_len;
-+       kop.crk_op = CRK_DSA_SIGN;
-+       /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+       kop.crk_param[0].crp_p = f;
-+       kop.crk_param[0].crp_nbits = dgst_len * 8;
-+       kop.crk_param[1].crp_p = q;
-+       kop.crk_param[1].crp_nbits = q_len * 8;
-+       kop.crk_param[2].crp_p = r;
-+       kop.crk_param[2].crp_nbits = r_len * 8;
-+       kop.crk_param[3].crp_p = g_xy;
-+       kop.crk_param[3].crp_nbits = g_len * 8;
-+       kop.crk_param[4].crp_p = s;
-+       kop.crk_param[4].crp_nbits = priv_key_len * 8;
-+       kop.crk_param[5].crp_p = ab;
-+       kop.crk_param[5].crp_nbits = ab_len * 8;
-+       kop.crk_iparams = 6;
-+       kop.crk_param[6].crp_p = c;
-+       kop.crk_param[6].crp_nbits = d_len * 8;
-+       kop.crk_param[7].crp_p = d;
-+       kop.crk_param[7].crp_nbits = d_len * 8;
-+       kop.crk_oparams = 2;
-+
-+       if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-+               /* Check if ret->r and s needs to allocated */
-+               crparam2bn(&kop.crk_param[6], ret->r);
-+               crparam2bn(&kop.crk_param[7], ret->s);
-+       } else {
-+               const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+               ret = (meth->ecdsa_do_sign)(dgst, dgst_len, in_kinv, in_r, eckey);
-+       }
-+       kop.crk_param[0].crp_p = NULL;
-+       zapparams(&kop);
-+err:
-+       if (!ret) {
-+               ECDSA_SIG_free(ret);
-+               ret = NULL;
-+       }
-+       return ret;
-+}
-+
-+static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
-+               ECDSA_SIG *sig, EC_KEY *eckey)
-+{
-+       BIGNUM  *m = NULL, *p = NULL, *a = NULL, *b = NULL;
-+       BIGNUM  *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
-+       BN_CTX  *ctx = NULL;
-+       ECDSA_DATA      *ecdsa = NULL;
-+       unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy = NULL;
-+       unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
-+       int     i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0;
-+       int     d_len = 0, ab_len = 0, ret = -1;
-+       const EC_POINT *pub_key = NULL;
-+       const BIGNUM   *order = NULL;
-+       const EC_GROUP *group=NULL;
-+       ec_curve_t       ec_crv = EC_PRIME;
-+       struct crypt_kop kop;
-+
-+       memset(&kop, 0, sizeof kop);
-+       ecdsa = ecdsa_check(eckey);
-+       if (!ecdsa) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
-+               return ret;
-+       }
-+
-+       group    = EC_KEY_get0_group(eckey);
-+       pub_key  = EC_KEY_get0_public_key(eckey);
-+
-+       if (!group || !pub_key) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
-+               return ret;
-+       }
-+
-+       if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+               (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+               (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+               (y = BN_new()) == NULL || (w_x = BN_new()) == NULL ||
-+               (w_y = BN_new()) == NULL) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       order = &group->order;
-+       if (!order || BN_is_zero(order)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
-+               goto err;
-+       }
-+
-+       i = BN_num_bits(order);
-+       /* Need to truncate digest if it is too long: first truncate whole
-+       * bytes */
-+       if (8 * dgst_len > i)
-+               dgst_len = (i + 7)/8;
-+
-+       if (!BN_bin2bn(dgst, dgst_len, m)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-+               goto err;
-+       }
-+
-+       /* If still too long truncate remaining bits with a shift */
-+       if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-+               goto err;
-+       }
-+       /* copy the truncated bits into plain buffer */
-+       if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /* check if this is prime or binary EC request */
-+       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
-+               ec_crv = EC_PRIME;
-+
-+               /* get the generator point pair */
-+               if (!EC_POINT_get_affine_coordinates_GFp (group,
-+                       EC_GROUP_get0_generator(group), x, y,ctx)) {
-+                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+                       goto err;
-+               }
-+
-+               /* get the public key pair for prime curve */
-+               if (!EC_POINT_get_affine_coordinates_GFp (group,
-+                       pub_key, w_x, w_y,ctx)) {
-+                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+                       goto err;
-+               }
-+
-+               /* get the ECC curve parameters */
-+               if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+                       goto err;
-+               }
-+       } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field){
-+               ec_crv = EC_BINARY;
-+               /* get the ECC curve parameters */
-+               if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
-+                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+                       goto err;
-+               }
-+
-+               /* get the generator point pair */
-+               if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+                       EC_GROUP_get0_generator(group),x, y,ctx)) {
-+                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+                       goto err;
-+               }
-+
-+               /* get the public key pair for binary curve */
-+               if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+                       pub_key, w_x, w_y,ctx)) {
-+                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+                       goto err;
-+               }
-+       }else {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+               goto err;
-+       }
-+
-+       /* Get the order of the subgroup of private keys */
-+       if (spcf_bn2bin((BIGNUM*)order, &r, &r_len)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /* Get the irreducible polynomial that creates the field */
-+       if (spcf_bn2bin(p, &q, &q_len)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /* Get the public key into a flat buffer with appropriate padding */
-+       pub_key_len = 2 * q_len;
-+
-+       w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len);
-+       if (!w_xy) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /* Generation of ECC curve parameters */
-+       ab_len = 2*q_len;
-+
-+       ab = eng_copy_curve_points (a, b, ab_len, q_len);
-+       if (!ab) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       if (ec_crv == EC_BINARY) {
-+               /* copy b' i.e c(b), instead of only b */
-+               if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
-+               {
-+                       unsigned char *c_temp = NULL;
-+                       int c_temp_len = q_len;
-+                       if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+                               memcpy(ab+q_len, c_temp, q_len);
-+                       else
-+                               goto err;
-+               }
-+               kop.curve_type = ECC_BINARY;
-+       }
-+
-+       /* Calculation of Generator point */
-+       g_len = 2 * q_len;
-+
-+       g_xy = eng_copy_curve_points (x, y, g_len, q_len);
-+       if (!g_xy) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /**
-+        * Get the 1st part of signature into a flat buffer with
-+        * appropriate padding
-+        */
-+       if (BN_num_bytes(sig->r) < r_len)
-+               c_len = r_len;
-+
-+       if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /**
-+        * Get the 2nd part of signature into a flat buffer with
-+        * appropriate padding
-+        */
-+       if (BN_num_bytes(sig->s) < r_len)
-+               d_len = r_len;
-+
-+       if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /* memory for message representative */
-+       f = malloc(r_len);
-+       if (!f) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /* Add padding, since SEC expects hash to of size r_len */
-+       memset(f, 0, r_len-dgst_len);
-+
-+       /* Skip leading bytes if dgst_len < r_len */
-+       memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len);
-+       dgst_len += r_len-dgst_len;
-+       kop.crk_op = CRK_DSA_VERIFY;
-+       /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+       kop.crk_param[0].crp_p = f;
-+       kop.crk_param[0].crp_nbits = dgst_len * 8;
-+       kop.crk_param[1].crp_p = q;
-+       kop.crk_param[1].crp_nbits = q_len * 8;
-+       kop.crk_param[2].crp_p = r;
-+       kop.crk_param[2].crp_nbits = r_len * 8;
-+       kop.crk_param[3].crp_p = g_xy;
-+       kop.crk_param[3].crp_nbits = g_len * 8;
-+       kop.crk_param[4].crp_p = w_xy;
-+       kop.crk_param[4].crp_nbits = pub_key_len * 8;
-+       kop.crk_param[5].crp_p = ab;
-+       kop.crk_param[5].crp_nbits = ab_len * 8;
-+       kop.crk_param[6].crp_p = c;
-+       kop.crk_param[6].crp_nbits = d_len * 8;
-+       kop.crk_param[7].crp_p = d;
-+       kop.crk_param[7].crp_nbits = d_len * 8;
-+       kop.crk_iparams = 8;
-+
-+       if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-+               /*OCF success value is 0, if not zero, change ret to fail*/
-+               if(0 == kop.crk_status)
-+                       ret  = 1;
-+       } else {
-+               const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+
-+               ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey);
-+       }
-+       kop.crk_param[0].crp_p = NULL;
-+       zapparams(&kop);
-+
-+err:
-+       return ret;
-+}
-+
-+static int cryptodev_dh_keygen(DH *dh)
-+{
-+       struct crypt_kop kop;
-+       int ret = 1, g_len;
-+       unsigned char *g = NULL;
-+
-+       if (dh->priv_key == NULL)       {
-+               if ((dh->priv_key=BN_new()) == NULL)
-+                       goto sw_try;
-+       }
-+
-+       if (dh->pub_key == NULL) {
-+               if ((dh->pub_key=BN_new()) == NULL)
-+                       goto sw_try;
-+       }
-+
-+       g_len = BN_num_bytes(dh->p);
-+       /**
-+        * Get generator into a plain buffer. If length is less than
-+        * q_len then add leading padding bytes.
-+        */
-+       if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
-+               DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+               goto sw_try;
-+       }
-+
-+       memset(&kop, 0, sizeof kop);
-+       kop.crk_op = CRK_DH_GENERATE_KEY;
-+       if (bn2crparam(dh->p, &kop.crk_param[0]))
-+               goto sw_try;
-+       if (bn2crparam(dh->q, &kop.crk_param[1]))
-+               goto sw_try;
-+       kop.crk_param[2].crp_p = g;
-+       kop.crk_param[2].crp_nbits = g_len * 8;
-+       kop.crk_iparams = 3;
-+
-+       /* pub_key is or prime length while priv key is of length of order */
-+       if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
-+           BN_num_bytes(dh->q), dh->priv_key))
-+           goto sw_try;
-+
-+       return ret;
-+sw_try:
-+       {
-+               const DH_METHOD *meth = DH_OpenSSL();
-+               ret = (meth->generate_key)(dh);
-+       }
-+       return ret;
- }
- 
- static int
-@@ -1503,43 +2310,234 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- {
-        struct crypt_kop kop;
-        int dhret = 1;
-       int fd, keylen;
-+       int fd, p_len;
-+       BIGNUM *temp = NULL;
-+       unsigned char *padded_pub_key = NULL, *p = NULL;
-+
-+       if ((fd = get_asym_dev_crypto()) < 0)
-+               goto sw_try;
-+
-+       memset(&kop, 0, sizeof kop);
-+       kop.crk_op = CRK_DH_COMPUTE_KEY;
-+       /* inputs: dh->priv_key pub_key dh->p key */
-+       spcf_bn2bin(dh->p, &p, &p_len);
-+       spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
-+       if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
-+               goto sw_try;
-+
-+       kop.crk_param[1].crp_p = padded_pub_key;
-+       kop.crk_param[1].crp_nbits = p_len * 8;
-+       kop.crk_param[2].crp_p = p;
-+       kop.crk_param[2].crp_nbits = p_len * 8;
-+       kop.crk_iparams = 3;
-+       kop.crk_param[3].crp_p = (void*) key;
-+       kop.crk_param[3].crp_nbits = p_len * 8;
-+       kop.crk_oparams = 1;
-+       dhret = p_len;
-+
-+       if (ioctl(fd, CIOCKEY, &kop))
-+               goto sw_try;
- 
-       if ((fd = get_asym_dev_crypto()) < 0) {
-+       if ((temp = BN_new())) {
-+               if (!BN_bin2bn(key, p_len, temp)) {
-+                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+                       goto sw_try;
-+               }
-+               if (dhret > BN_num_bytes(temp))
-+                       dhret=BN_bn2bin(temp,key);
-+               BN_free(temp);
-+       }
-+
-+       kop.crk_param[3].crp_p = NULL;
-+       zapparams(&kop);
-+       return (dhret);
-+sw_try:
-+       {
-                const DH_METHOD *meth = DH_OpenSSL();
- 
-               return ((meth->compute_key)(key, pub_key, dh));
-+               dhret = (meth->compute_key)(key, pub_key, dh);
-        }
-+       return (dhret);
-+}
- 
-       keylen = BN_num_bits(dh->p);
-+int cryptodev_ecdh_compute_key(void *out, size_t outlen,
-+       const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
-+       void *out, size_t *outlen))
-+{
-+       ec_curve_t       ec_crv = EC_PRIME;
-+       unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
-+       BIGNUM         * w_x = NULL, *w_y = NULL;
-+       int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
-+       BIGNUM * p = NULL, *a = NULL, *b = NULL;
-+       BN_CTX *ctx;
-+       EC_POINT *tmp=NULL;
-+       BIGNUM *x=NULL, *y=NULL;
-+       const BIGNUM *priv_key;
-+       const EC_GROUP* group = NULL;
-+       int ret = -1;
-+       size_t buflen, len;
-+       struct crypt_kop kop;
- 
-        memset(&kop, 0, sizeof kop);
-       kop.crk_op = CRK_DH_COMPUTE_KEY;
- 
-       /* inputs: dh->priv_key pub_key dh->p key */
-       if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
-+       if ((ctx = BN_CTX_new()) == NULL) goto err;
-+       BN_CTX_start(ctx);
-+       x = BN_CTX_get(ctx);
-+       y = BN_CTX_get(ctx);
-+       p = BN_CTX_get(ctx);
-+       a = BN_CTX_get(ctx);
-+       b = BN_CTX_get(ctx);
-+       w_x = BN_CTX_get(ctx);
-+       w_y = BN_CTX_get(ctx);
-+
-+       if (!x || !y || !p || !a || !b || !w_x || !w_y) {
-+               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
-                goto err;
-       if (bn2crparam(pub_key, &kop.crk_param[1]))
-+       }
-+
-+       priv_key = EC_KEY_get0_private_key(ecdh);
-+       if (priv_key == NULL) {
-+               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE);
-                goto err;
-       if (bn2crparam(dh->p, &kop.crk_param[2]))
-+       }
-+
-+       group = EC_KEY_get0_group(ecdh);
-+       if ((tmp=EC_POINT_new(group)) == NULL) {
-+               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
-                goto err;
-       kop.crk_iparams = 3;
-+       }
- 
-       kop.crk_param[3].crp_p = (caddr_t) key;
-       kop.crk_param[3].crp_nbits = keylen * 8;
-       kop.crk_oparams = 1;
-+       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+               NID_X9_62_prime_field) {
-+               ec_crv = EC_PRIME;
- 
-       if (ioctl(fd, CIOCKEY, &kop) == -1) {
-               const DH_METHOD *meth = DH_OpenSSL();
-+               if (!EC_POINT_get_affine_coordinates_GFp(group,
-+                       EC_GROUP_get0_generator(group), x, y, ctx)) {
-+                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
-+                       goto err;
-+               }
- 
-               dhret = (meth->compute_key)(key, pub_key, dh);
-+               /* get the ECC curve parameters */
-+               if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+                       goto err;
-+               }
-+
-+               /* get the public key pair for prime curve */
-+               if (!EC_POINT_get_affine_coordinates_GFp (group, pub_key, w_x, w_y,ctx)) {
-+                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+                       goto err;
-+               }
-+       } else {
-+               ec_crv = EC_BINARY;
-+
-+               if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+                       EC_GROUP_get0_generator(group), x, y, ctx)) {
-+                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
-+                       goto err;
-+               }
-+
-+               /* get the ECC curve parameters */
-+               if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
-+                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+                       goto err;
-+               }
-+
-+               /* get the public key pair for binary curve */
-+               if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+                       pub_key, w_x, w_y,ctx)) {
-+                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+                       goto err;
-+               }
-+       }
-+
-+       /* irreducible polynomial that creates the field */
-+       if (spcf_bn2bin((BIGNUM*)&group->order, &r, &r_len)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /* Get the irreducible polynomial that creates the field */
-+       if (spcf_bn2bin(p, &q, &q_len)) {
-+               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+               goto err;
-        }
-+
-+       /* Get the public key into a flat buffer with appropriate padding */
-+       pub_key_len = 2 * q_len;
-+       w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len);
-+       if (!w_xy) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /* Generation of ECC curve parameters */
-+       ab_len = 2*q_len;
-+       ab = eng_copy_curve_points (a, b, ab_len, q_len);
-+       if (!ab) {
-+               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+               goto err;
-+       }
-+
-+       if (ec_crv == EC_BINARY) {
-+               /* copy b' i.e c(b), instead of only b */
-+               if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
-+               {
-+                       unsigned char *c_temp = NULL;
-+                       int c_temp_len = q_len;
-+                       if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+                               memcpy(ab+q_len, c_temp, q_len);
-+                       else
-+                               goto err;
-+               }
-+               kop.curve_type = ECC_BINARY;
-+       } else
-+               kop.curve_type = ECC_PRIME;
-+
-+       priv_key_len = r_len;
-+
-+       /*
-+        * If BN_num_bytes of priv_key returns less then r_len then
-+        * add padding bytes before the key
-+        */
-+       if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       buflen = (EC_GROUP_get_degree(group) + 7)/8;
-+       len = BN_num_bytes(x);
-+       if (len > buflen || q_len < buflen) {
-+               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_INTERNAL_ERROR);
-+               goto err;
-+       }
-+
-+       kop.crk_op = CRK_DH_COMPUTE_KEY;
-+       kop.crk_param[0].crp_p = (void*) s;
-+       kop.crk_param[0].crp_nbits = priv_key_len*8;
-+       kop.crk_param[1].crp_p = (void*) w_xy;
-+       kop.crk_param[1].crp_nbits = pub_key_len*8;
-+       kop.crk_param[2].crp_p = (void*) q;
-+       kop.crk_param[2].crp_nbits = q_len*8;
-+       kop.crk_param[3].crp_p = (void*) ab;
-+       kop.crk_param[3].crp_nbits = ab_len*8;
-+       kop.crk_iparams = 4;
-+       kop.crk_param[4].crp_p = (void*) out;
-+       kop.crk_param[4].crp_nbits = q_len*8;
-+       kop.crk_oparams = 1;
-+       ret = q_len;
-+       if (cryptodev_asym(&kop, 0, NULL, 0, NULL)) {
-+               const ECDH_METHOD *meth = ECDH_OpenSSL();
-+               ret = (meth->compute_key)(out, outlen, pub_key, ecdh, KDF);
-+       } else
-+               ret = q_len;
- err:
-       kop.crk_param[3].crp_p = NULL;
-+       kop.crk_param[4].crp_p = NULL;
-        zapparams(&kop);
-       return (dhret);
-+       return ret;
- }
- 
-+
- static DH_METHOD cryptodev_dh = {
-        "cryptodev DH method",
-        NULL,                           /* cryptodev_dh_generate_key */
-@@ -1551,6 +2549,14 @@ static DH_METHOD cryptodev_dh = {
-        NULL    /* app_data */
- };
- 
-+static ECDH_METHOD cryptodev_ecdh = {
-+       "cryptodev ECDH method",
-+       NULL,   /* cryptodev_ecdh_compute_key */
-+       NULL,
-+       0,              /* flags */
-+       NULL    /* app_data */
-+};
-+
- /*
-  * ctrl right now is just a wrapper that doesn't do much
-  * but I expect we'll want some options soon.
-@@ -1634,25 +2640,42 @@ ENGINE_load_cryptodev(void)
-                memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
-                if (cryptodev_asymfeat & CRF_DSA_SIGN)
-                        cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
-               if (cryptodev_asymfeat & CRF_MOD_EXP) {
-                       cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
-                       cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
-               }
-                if (cryptodev_asymfeat & CRF_DSA_VERIFY)
-                        cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
-+               if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY)
-+                       cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen;
-        }
- 
-        if (ENGINE_set_DH(engine, &cryptodev_dh)){
-                const DH_METHOD *dh_meth = DH_OpenSSL();
-+               memcpy(&cryptodev_dh, dh_meth, sizeof(DH_METHOD));
-+               if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
-+                       cryptodev_dh.compute_key =
-+                               cryptodev_dh_compute_key;
-+               }
-+               if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) {
-+                       cryptodev_dh.generate_key =
-+                               cryptodev_dh_keygen;
-+               }
-+       }
- 
-               cryptodev_dh.generate_key = dh_meth->generate_key;
-               cryptodev_dh.compute_key = dh_meth->compute_key;
-               cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
-               if (cryptodev_asymfeat & CRF_MOD_EXP) {
-                       cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
-                       if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
-                               cryptodev_dh.compute_key =
-                                   cryptodev_dh_compute_key;
-+       if (ENGINE_set_ECDSA(engine, &cryptodev_ecdsa)) {
-+               const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+               memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD));
-+               if (cryptodev_asymfeat & CRF_DSA_SIGN) {
-+                       cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign;
-+               }
-+               if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
-+                       cryptodev_ecdsa.ecdsa_do_verify =
-+                               cryptodev_ecdsa_verify;
-+               }
-+       }
-+
-+       if (ENGINE_set_ECDH(engine, &cryptodev_ecdh)) {
-+               const ECDH_METHOD *ecdh_meth = ECDH_OpenSSL();
-+               memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD));
-+               if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
-+                       cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key;
-                }
-        }
- 
-- 
-2.3.5
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-Added-hwrng-dev-file-as-source-of-RNG.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-Added-hwrng-dev-file-as-source-of-RNG.patch
deleted file mode 100644
index 0fb018217..000000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-Added-hwrng-dev-file-as-source-of-RNG.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 81c4c62a4f5f5542843381bfb34e39a6171d5cdd Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta@freescale.com>
-Date: Tue, 11 Mar 2014 06:42:59 +0545
-Subject: [PATCH 09/26] Added hwrng dev file as source of RNG
-Upstream-status: Pending
-Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
---
- e_os.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/e_os.h b/e_os.h
-index 6a0aad1..57c0563 100644
--- a/e_os.h
-+++ b/e_os.h
-@@ -79,7 +79,7 @@ extern "C" {
- #ifndef DEVRANDOM
- /* set this to a comma-separated list of 'random' device files to try out.
-  * My default, we will try to read at least one of these files */
-#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
-+#define DEVRANDOM "/dev/hwrng","/dev/urandom","/dev/random","/dev/srandom"
- #endif
- #ifndef DEVRANDOM_EGD
- /* set this to a comma-seperated list of 'egd' sockets to try out. These
-- 
-2.3.5
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch
new file mode 100644
index 000000000..d4cd02fd2
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch
@@ -0,0 +1,64 @@
+From ca7adb9cf57497d27136a599531ea5b9671876c7 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Wed, 16 Apr 2014 22:53:04 +0545
+Subject: [PATCH 09/48] RSA Keygen Fix
+Upstream-status: Pending
+If Kernel driver doesn't support RSA Keygen or same returns
+error handling the keygen operation, the keygen is gracefully
+handled by software supported rsa_keygen handler
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 44017a3..eac5fb6 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -2018,7 +2018,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+     int i;
+ 
+     if ((fd = get_asym_dev_crypto()) < 0)
+-        return fd;
+        goto sw_try;
+ 
+     if (!rsa->n && ((rsa->n = BN_new()) == NULL))
+         goto err;
+@@ -2047,7 +2047,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+     /* p length */
+     kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
+     if (!kop.crk_param[kop.crk_iparams].crp_p)
+-        goto err;
+        goto sw_try;
+     kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
+     memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
+     kop.crk_iparams++;
+@@ -2055,7 +2055,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+     /* q length */
+     kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
+     if (!kop.crk_param[kop.crk_iparams].crp_p)
+-        goto err;
+        goto sw_try;
+     kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
+     memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
+     kop.crk_iparams++;
+@@ -2115,8 +2115,10 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+     }
+  sw_try:
+     {
+-        const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+-        ret = (meth->rsa_keygen) (rsa, bits, e, cb);
+        const RSA_METHOD *meth = rsa->meth;
+        rsa->meth = RSA_PKCS1_SSLeay();
+        ret = RSA_generate_key_ex(rsa, bits, e, cb);
+        rsa->meth = meth;
+     }
+     return ret;
+ 
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
deleted file mode 100644
index 0f889c0fc..000000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
+++ /dev/null
@@ -1,2039 +0,0 @@
-From a933e6341fd8989bdd82f8a5446b6f04aa00eef9 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta@freescale.com>
-Date: Tue, 11 Mar 2014 07:14:30 +0545
-Subject: [PATCH 10/26] Asynchronous interface added for PKC cryptodev
- interface
-Upstream-status: Pending
-Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
---
- crypto/crypto.h               |   16 +
- crypto/dh/dh.h                |    4 +-
- crypto/dsa/dsa.h              |    5 +
- crypto/ecdh/ech_locl.h        |    3 +
- crypto/ecdsa/ecs_locl.h       |    5 +
- crypto/engine/eng_cryptodev.c | 1578 +++++++++++++++++++++++++++++++++++++----
- crypto/engine/eng_int.h       |   24 +-
- crypto/engine/eng_lib.c       |   46 ++
- crypto/engine/engine.h        |   24 +
- crypto/rsa/rsa.h              |   23 +
- 10 files changed, 1582 insertions(+), 146 deletions(-)
-diff --git a/crypto/crypto.h b/crypto/crypto.h
-index f92fc51..ce12731 100644
--- a/crypto/crypto.h
-+++ b/crypto/crypto.h
-@@ -605,6 +605,22 @@ void ERR_load_CRYPTO_strings(void);
- #define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED                101
- #define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK             100
- 
-+/* Additions for Asynchronous PKC Infrastructure */
-+struct pkc_cookie_s {
-+       void *cookie; /* To be filled by openssl library primitive method function caller */
-+       void *eng_cookie; /* To be filled by Engine */
-+        /*
-+          * Callback handler to be provided by caller. Ensure to pass a
-+          * handler which takes the crypto operation to completion.
-+          * cookie: Container cookie from library
-+          * status: Status of the crypto Job completion.
-+          *            0: Job handled without any issue
-+          *            -EINVAL: Parameters Invalid
-+          */
-+       void (*pkc_callback)(struct pkc_cookie_s *cookie, int status);
-+       void *eng_handle;
-+};
-+
- #ifdef  __cplusplus
- }
- #endif
-diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
-index ea59e61..20ffad2 100644
--- a/crypto/dh/dh.h
-+++ b/crypto/dh/dh.h
-@@ -118,7 +118,9 @@ struct dh_method
-        int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a,
-                                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-                                BN_MONT_CTX *m_ctx); /* Can be null */
-
-+       int (*compute_key_async)(unsigned char *key,const BIGNUM *pub_key,DH *dh,
-+                               struct pkc_cookie_s *cookie);
-+       int (*generate_key_async)(DH *dh, struct pkc_cookie_s *cookie);
-        int (*init)(DH *dh);
-        int (*finish)(DH *dh);
-        int flags;
-diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
-index a6f6d0b..b04a029 100644
--- a/crypto/dsa/dsa.h
-+++ b/crypto/dsa/dsa.h
-@@ -140,6 +140,10 @@ struct dsa_method
-        int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-                                const BIGNUM *m, BN_CTX *ctx,
-                                BN_MONT_CTX *m_ctx); /* Can be null */
-+       int (*dsa_do_sign_async)(const unsigned char *dgst, int dlen, DSA *dsa,
-+                               DSA_SIG *sig, struct pkc_cookie_s *cookie);
-+       int (*dsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
-+                            DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie);
-        int (*init)(DSA *dsa);
-        int (*finish)(DSA *dsa);
-        int flags;
-@@ -151,6 +155,7 @@ struct dsa_method
-                        BN_GENCB *cb);
-        /* If this is non-NULL, it is used to generate DSA keys */
-        int (*dsa_keygen)(DSA *dsa);
-+       int (*dsa_keygen_async)(DSA *dsa, struct pkc_cookie_s *cookie);
-        };
- 
- struct dsa_st
-diff --git a/crypto/ecdh/ech_locl.h b/crypto/ecdh/ech_locl.h
-index f6cad6a..adce6b3 100644
--- a/crypto/ecdh/ech_locl.h
-+++ b/crypto/ecdh/ech_locl.h
-@@ -67,6 +67,9 @@ struct ecdh_method
-        const char *name;
-        int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
-                           void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
-+       int (*compute_key_async)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
-+                          void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen),
-+                          struct pkc_cookie_s *cookie);
- #if 0
-        int (*init)(EC_KEY *eckey);
-        int (*finish)(EC_KEY *eckey);
-diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h
-index cb3be13..eb0ebe0 100644
--- a/crypto/ecdsa/ecs_locl.h
-+++ b/crypto/ecdsa/ecs_locl.h
-@@ -74,6 +74,11 @@ struct ecdsa_method
-                        BIGNUM **r);
-        int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, 
-                        const ECDSA_SIG *sig, EC_KEY *eckey);
-+        int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len,
-+                       const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey,
-+                       ECDSA_SIG *sig, struct pkc_cookie_s *cookie);
-+       int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
-+                       const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie);
- #if 0
-        int (*init)(EC_KEY *eckey);
-        int (*finish)(EC_KEY *eckey);
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 7ee314b..9f2416e 100644
--- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1281,6 +1281,56 @@ zapparams(struct crypt_kop *kop)
-        }
- }
- 
-+/* Any PKC request has at max 2 output parameters and they are stored here to
-+be used while copying in the check availability */
-+struct cryptodev_cookie_s {
-+       BIGNUM *r;
-+       struct crparam r_param;
-+       BIGNUM *s;
-+       struct crparam s_param;
-+       struct crypt_kop *kop;
-+};
-+
-+static int
-+cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
-+                                       BIGNUM *s)
-+{
-+       int fd;
-+       struct pkc_cookie_s *cookie = kop->cookie;
-+       struct cryptodev_cookie_s *eng_cookie;
-+
-+       fd = *(int *)cookie->eng_handle;
-+
-+       eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
-+
-+       if (eng_cookie) {
-+               memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
-+               if (r) {
-+                       kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
-+                       if (!kop->crk_param[kop->crk_iparams].crp_p)
-+                               return -ENOMEM;
-+                       kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
-+                       kop->crk_oparams++;
-+                       eng_cookie->r = r;
-+                       eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
-+               }
-+               if (s) {
-+                       kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
-+                       if (!kop->crk_param[kop->crk_iparams+1].crp_p)
-+                               return -ENOMEM;
-+                       kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
-+                       kop->crk_oparams++;
-+                       eng_cookie->s = s;
-+                       eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
-+               }
-+       } else
-+               return -ENOMEM;
-+
-+       eng_cookie->kop = kop;
-+       cookie->eng_cookie = eng_cookie;
-+       return ioctl(fd, CIOCASYMASYNCRYPT, kop);
-+}
-+
- static int
- cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
- {
-@@ -1337,6 +1387,44 @@ void *cryptodev_init_instance(void)
-        return fd;
- }
- 
-+#include <poll.h>
-+
-+/* Return 0 on success and 1 on failure */
-+int cryptodev_check_availability(void *eng_handle)
-+{
-+       int fd = *(int *)eng_handle;
-+       struct pkc_cookie_list_s cookie_list;
-+       struct pkc_cookie_s *cookie;
-+       int i;
-+
-+       /* FETCH COOKIE returns number of cookies extracted */
-+       if (ioctl(fd, CIOCASYMFETCHCOOKIE, &cookie_list) <= 0)
-+               return 1;
-+
-+       for (i = 0; i < cookie_list.cookie_available; i++) {
-+               cookie = cookie_list.cookie[i];
-+               if (cookie) {
-+                       struct cryptodev_cookie_s *eng_cookie = cookie->eng_cookie;
-+                       if (eng_cookie) {
-+                               struct crypt_kop *kop = eng_cookie->kop;
-+
-+                               if (eng_cookie->r)
-+                                       crparam2bn(&eng_cookie->r_param, eng_cookie->r);
-+                               if (eng_cookie->s)
-+                                       crparam2bn(&eng_cookie->s_param, eng_cookie->s);
-+                               if (kop->crk_op == CRK_DH_COMPUTE_KEY)
-+                                       kop->crk_oparams = 0;
-+
-+                               zapparams(eng_cookie->kop);
-+                               free(eng_cookie->kop);
-+                               free (eng_cookie);
-+                       }
-+                       cookie->pkc_callback(cookie, cookie_list.status[i]);
-+               }
-+       }
-+       return 0;
-+}
-+
- static int
- cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-@@ -1382,6 +1470,63 @@ err:
- }
- 
- static int
-+cryptodev_bn_mod_exp_async(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-+    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont, struct pkc_cookie_s *cookie)
-+{
-+       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+       int ret = 1;
-+
-+       /* Currently, we know we can do mod exp iff we can do any
-+        * asymmetric operations at all.
-+        */
-+       if (cryptodev_asymfeat == 0 || !kop) {
-+               ret = BN_mod_exp(r, a, p, m, ctx);
-+               return (ret);
-+       }
-+
-+       kop->crk_oparams = 0;
-+       kop->crk_status = 0;
-+       kop->crk_op = CRK_MOD_EXP;
-+       kop->cookie = cookie;
-+       /* inputs: a^p % m */
-+       if (bn2crparam(a, &kop->crk_param[0]))
-+               goto err;
-+       if (bn2crparam(p, &kop->crk_param[1]))
-+               goto err;
-+       if (bn2crparam(m, &kop->crk_param[2]))
-+               goto err;
-+
-+       kop->crk_iparams = 3;
-+       if (cryptodev_asym_async(kop, BN_num_bytes(m), r, 0, NULL))
-+               goto err;
-+
-+       return ret;
-+err:
-+       {
-+               const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-+
-+               if (kop)
-+                       free(kop);
-+               ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
-+               if (ret)
-+                       /* Call the completion handler immediately */
-+                       cookie->pkc_callback(cookie, 0);
-+       }
-+       return ret;
-+}
-+
-+static int
-+cryptodev_rsa_nocrt_mod_exp_async(BIGNUM *r0, const BIGNUM *I,
-+               RSA *rsa, BN_CTX *ctx, struct pkc_cookie_s *cookie)
-+{
-+       int r;
-+       ctx = BN_CTX_new();
-+       r = cryptodev_bn_mod_exp_async(r0, I, rsa->d, rsa->n, ctx, NULL, cookie);
-+       BN_CTX_free(ctx);
-+       return r;
-+}
-+
-+static int
- cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
-        int r;
-@@ -1446,6 +1591,62 @@ err:
-        return (ret);
- }
- 
-+static int
-+cryptodev_rsa_mod_exp_async(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx,
-+                               struct pkc_cookie_s *cookie)
-+{
-+       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+       int ret = 1, f_len, p_len, q_len;
-+       unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq = NULL, *c = NULL;
-+
-+       if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp || !kop) {
-+               return (0);
-+       }
-+
-+       kop->crk_oparams = 0;
-+       kop->crk_status = 0;
-+       kop->crk_op = CRK_MOD_EXP_CRT;
-+       f_len = BN_num_bytes(rsa->n);
-+       spcf_bn2bin_ex(I, &f, &f_len);
-+       spcf_bn2bin(rsa->p, &p, &p_len);
-+       spcf_bn2bin(rsa->q, &q, &q_len);
-+       spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
-+       spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
-+       spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
-+       /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
-+       kop->crk_param[0].crp_p = p;
-+       kop->crk_param[0].crp_nbits = p_len * 8;
-+       kop->crk_param[1].crp_p = q;
-+       kop->crk_param[1].crp_nbits = q_len * 8;
-+       kop->crk_param[2].crp_p = f;
-+       kop->crk_param[2].crp_nbits = f_len * 8;
-+       kop->crk_param[3].crp_p = dp;
-+       kop->crk_param[3].crp_nbits = p_len * 8;
-+       /* dq must of length q, rest all of length p*/
-+       kop->crk_param[4].crp_p = dq;
-+       kop->crk_param[4].crp_nbits = q_len * 8;
-+       kop->crk_param[5].crp_p = c;
-+       kop->crk_param[5].crp_nbits = p_len * 8;
-+       kop->crk_iparams = 6;
-+       kop->cookie = cookie;
-+       if (cryptodev_asym_async(kop, BN_num_bytes(rsa->n), r0, 0, NULL))
-+               goto err;
-+
-+       return ret;
-+err:
-+       {
-+               const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-+
-+               if (kop)
-+                       free(kop);
-+               ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
-+               if (ret)
-+                       /* Call user completion handler immediately */
-+                       cookie->pkc_callback(cookie, 0);
-+       }
-+       return (ret);
-+}
-+
- static RSA_METHOD cryptodev_rsa = {
-        "cryptodev RSA method",
-        NULL,                           /* rsa_pub_enc */
-@@ -1454,6 +1655,12 @@ static RSA_METHOD cryptodev_rsa = {
-        NULL,                           /* rsa_priv_dec */
-        NULL,
-        NULL,
-+       NULL,                           /* rsa_pub_enc */
-+       NULL,                           /* rsa_pub_dec */
-+       NULL,                           /* rsa_priv_enc */
-+       NULL,                           /* rsa_priv_dec */
-+       NULL,
-+       NULL,
-        NULL,                           /* init */
-        NULL,                           /* finish */
-        0,                              /* flags */
-@@ -1751,126 +1958,424 @@ sw_try:
-        return ret;
- }
- 
-+/* Cryptodev DSA Key Gen routine */
-+static int cryptodev_dsa_keygen_async(DSA *dsa,  struct pkc_cookie_s *cookie)
-+{
-+       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+       int ret = 1, g_len;
-+       unsigned char *g = NULL;
- 
-+       if (!kop)
-+               goto sw_try;
- 
-static DSA_METHOD cryptodev_dsa = {
-       "cryptodev DSA method",
-       NULL,
-       NULL,                           /* dsa_sign_setup */
-       NULL,
-       NULL,                           /* dsa_mod_exp */
-       NULL,
-       NULL,                           /* init */
-       NULL,                           /* finish */
-       0,      /* flags */
-       NULL    /* app_data */
-};
-+       if (dsa->priv_key == NULL)      {
-+               if ((dsa->priv_key=BN_new()) == NULL)
-+                       goto sw_try;
-+       }
- 
-static ECDSA_METHOD cryptodev_ecdsa = {
-       "cryptodev ECDSA method",
-       NULL,
-       NULL,                           /* ecdsa_sign_setup */
-       NULL,
-       NULL,
-       0,      /* flags */
-       NULL    /* app_data */
-};
-+       if (dsa->pub_key == NULL) {
-+               if ((dsa->pub_key=BN_new()) == NULL)
-+                       goto sw_try;
-+       }
- 
-typedef enum ec_curve_s
-{
-       EC_PRIME,
-       EC_BINARY
-} ec_curve_t;
-+       g_len = BN_num_bytes(dsa->p);
-+       /**
-+        * Get generator into a plain buffer. If length is less than
-+        * q_len then add leading padding bytes.
-+        */
-+       if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+               DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+               goto sw_try;
-+       }
- 
-/* ENGINE handler for ECDSA Sign */
-static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
-       int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
-{
-       BIGNUM  *m = NULL, *p = NULL, *a = NULL;
-       BIGNUM  *b = NULL, *x = NULL, *y = NULL;
-       BN_CTX  *ctx = NULL;
-       ECDSA_SIG *ret = NULL;
-       ECDSA_DATA *ecdsa = NULL;
-       unsigned char  * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
-       unsigned char  * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
-       int     i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
-       int     g_len = 0, d_len = 0, ab_len = 0;
-       const BIGNUM   *order = NULL, *priv_key=NULL;
-       const EC_GROUP *group = NULL;
-       struct crypt_kop kop;
-       ec_curve_t ec_crv = EC_PRIME;
-+       memset(kop, 0, sizeof(struct crypt_kop));
-+       kop->crk_op = CRK_DSA_GENERATE_KEY;
-+       if (bn2crparam(dsa->p, &kop->crk_param[0]))
-+               goto sw_try;
-+       if (bn2crparam(dsa->q, &kop->crk_param[1]))
-+               goto sw_try;
-+       kop->crk_param[2].crp_p = g;
-+       kop->crk_param[2].crp_nbits = g_len * 8;
-+       kop->crk_iparams = 3;
-+       kop->cookie = cookie;
- 
-       memset(&kop, 0, sizeof(kop));
-       ecdsa = ecdsa_check(eckey);
-       if (!ecdsa) {
-               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-               return NULL;
-+       /* pub_key is or prime length while priv key is of length of order */
-+       if (cryptodev_asym_async(kop, BN_num_bytes(dsa->p), dsa->pub_key,
-+           BN_num_bytes(dsa->q), dsa->priv_key))
-+           goto sw_try;
-+
-+       return ret;
-+sw_try:
-+       {
-+               const DSA_METHOD *meth = DSA_OpenSSL();
-+
-+               if (kop)
-+                       free(kop);
-+               ret = (meth->dsa_keygen)(dsa);
-+               cookie->pkc_callback(cookie, 0);
-        }
-+       return ret;
-+}
- 
-       group = EC_KEY_get0_group(eckey);
-       priv_key = EC_KEY_get0_private_key(eckey);
-+static int
-+cryptodev_dsa_do_sign_async(const unsigned char *dgst, int dlen, DSA *dsa,
-+                       DSA_SIG *sig, struct pkc_cookie_s *cookie)
-+{
-+       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+       DSA_SIG *dsaret = NULL;
-+       int q_len = 0, r_len = 0, g_len = 0;
-+       int priv_key_len = 0, ret = 1;
-+       unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f = NULL;
- 
-       if (!group || !priv_key) {
-               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-               return NULL;
-+       if (((sig->r = BN_new()) == NULL) || !kop) {
-+               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+               goto err;
-        }
- 
-       if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-               (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-               (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-               (y = BN_new()) == NULL) {
-               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+       if ((sig->s = BN_new()) == NULL) {
-+               BN_free(sig->r);
-+               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
- 
-       order = &group->order;
-       if (!order || BN_is_zero(order)) {
-               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
-+       if (spcf_bn2bin(dsa->p, &q, &q_len)) {
-+               DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-                goto err;
-        }
- 
-       i = BN_num_bits(order);
-       /* Need to truncate digest if it is too long: first truncate whole
-        bytes */
-       if (8 * dgst_len > i)
-               dgst_len = (i + 7)/8;
-+       /* Get order of the field of private keys into plain buffer */
-+       if (spcf_bn2bin (dsa->q, &r, &r_len)) {
-+               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
- 
-       if (!BN_bin2bn(dgst, dgst_len, m)) {
-               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+       /* sanity test */
-+       if (dlen > r_len) {
-+               DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-                goto err;
-        }
- 
-       /* If still too long truncate remaining bits with a shift */
-       if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+       g_len = q_len;
-+       /**
-+        * Get generator into a plain buffer. If length is less than
-+        * q_len then add leading padding bytes.
-+        */
-+       if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
- 
-       /* copy the truncated bits into plain buffer */
-       if (spcf_bn2bin(m, &tmp_dgst, &dgst_len))  {
-               fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__);
-+       priv_key_len = r_len;
-+       /**
-+        * Get private key into a plain buffer. If length is less than
-+        * r_len then add leading padding bytes.
-+        */
-+        if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) {
-+               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
- 
-       ret = ECDSA_SIG_new();
-       if  (!ret) {
-               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+       /* Allocate memory to store hash. */
-+       f = OPENSSL_malloc (r_len);
-+       if (!f) {
-+               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
- 
-       /* check if this is prime or binary EC request */
-       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
-               ec_crv = EC_PRIME;
-               /* get the generator point pair */
-               if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group),
-                       x, y,ctx)) {
-                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-                       goto err;
-               }
-+       /* Add padding, since SEC expects hash to of size r_len */
-+       if (dlen < r_len)
-+               memset(f, 0, r_len - dlen);
- 
-               /* get the ECC curve parameters */
-               if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) {
-                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+       /* Skip leading bytes if dgst_len < r_len */
-+       memcpy(f + r_len - dlen, dgst, dlen);
-+
-+       dlen = r_len;
-+
-+       memset(kop, 0, sizeof( struct crypt_kop));
-+       kop->crk_op = CRK_DSA_SIGN;
-+
-+       /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+       kop->crk_param[0].crp_p = (void*)f;
-+       kop->crk_param[0].crp_nbits = dlen * 8;
-+       kop->crk_param[1].crp_p = (void*)q;
-+       kop->crk_param[1].crp_nbits = q_len * 8;
-+       kop->crk_param[2].crp_p = (void*)r;
-+       kop->crk_param[2].crp_nbits = r_len * 8;
-+       kop->crk_param[3].crp_p = (void*)g;
-+       kop->crk_param[3].crp_nbits = g_len * 8;
-+       kop->crk_param[4].crp_p = (void*)priv_key;
-+       kop->crk_param[4].crp_nbits = priv_key_len * 8;
-+       kop->crk_iparams = 5;
-+       kop->cookie = cookie;
-+
-+       if (cryptodev_asym_async(kop, r_len, sig->r, r_len, sig->s))
-+           goto err;
-+
-+       return ret;
-+err:
-+       {
-+               const DSA_METHOD *meth = DSA_OpenSSL();
-+
-+               if (kop)
-+                       free(kop);
-+               BN_free(sig->r);
-+               BN_free(sig->s);
-+               dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
-+               sig->r = dsaret->r;
-+               sig->s = dsaret->s;
-+               /* Call user callback immediately */
-+               cookie->pkc_callback(cookie, 0);
-+               ret = dsaret;
-+       }
-+       return ret;
-+}
-+
-+static int
-+cryptodev_dsa_verify_async(const unsigned char *dgst, int dlen,
-+    DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie)
-+{
-+       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+       int q_len = 0, r_len = 0, g_len = 0;
-+       int w_len = 0 ,c_len = 0, d_len = 0, ret = 1;
-+       unsigned char   * q = NULL, * r = NULL, * w = NULL, * g = NULL;
-+       unsigned char   *c = NULL, * d = NULL, *f = NULL;
-+
-+       if (!kop)
-+               goto err;
-+
-+       if (spcf_bn2bin(dsa->p, &q, &q_len)) {
-+               DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               return ret;
-+       }
-+
-+       /* Get Order of field of private keys */
-+       if (spcf_bn2bin(dsa->q, &r, &r_len)) {
-+               DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       g_len = q_len;
-+       /**
-+        * Get generator into a plain buffer. If length is less than
-+        * q_len then add leading padding bytes.
-+        */
-+       if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
-+               DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+       w_len = q_len;
-+       /**
-+        * Get public key into a plain buffer. If length is less than
-+        * q_len then add leading padding bytes.
-+        */
-+       if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) {
-+               DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+       /**
-+        * Get the 1st part of signature into a flat buffer with
-+        * appropriate padding
-+        */
-+       c_len = r_len;
-+
-+       if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /**
-+        * Get the 2nd part of signature into a flat buffer with
-+        * appropriate padding
-+        */
-+       d_len = r_len;
-+
-+       if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+
-+       /* Sanity test */
-+       if (dlen > r_len) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /* Allocate memory to store hash. */
-+       f = OPENSSL_malloc (r_len);
-+       if (!f) {
-+               DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /* Add padding, since SEC expects hash to of size r_len */
-+       if (dlen < r_len)
-+               memset(f, 0, r_len - dlen);
-+
-+       /* Skip leading bytes if dgst_len < r_len */
-+       memcpy(f + r_len - dlen, dgst, dlen);
-+
-+       dlen = r_len;
-+       memset(kop, 0, sizeof(struct crypt_kop));
-+
-+       /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
-+       kop->crk_param[0].crp_p = (void*)f;
-+       kop->crk_param[0].crp_nbits = dlen * 8;
-+       kop->crk_param[1].crp_p = q;
-+       kop->crk_param[1].crp_nbits = q_len * 8;
-+       kop->crk_param[2].crp_p = r;
-+       kop->crk_param[2].crp_nbits = r_len * 8;
-+       kop->crk_param[3].crp_p = g;
-+       kop->crk_param[3].crp_nbits = g_len * 8;
-+       kop->crk_param[4].crp_p = w;
-+       kop->crk_param[4].crp_nbits = w_len * 8;
-+       kop->crk_param[5].crp_p = c;
-+       kop->crk_param[5].crp_nbits = c_len * 8;
-+       kop->crk_param[6].crp_p = d;
-+       kop->crk_param[6].crp_nbits = d_len * 8;
-+       kop->crk_iparams = 7;
-+       kop->crk_op = CRK_DSA_VERIFY;
-+       kop->cookie = cookie;
-+       if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
-+               goto err;
-+
-+       return ret;
-+err:
-+       {
-+               const DSA_METHOD *meth = DSA_OpenSSL();
-+
-+               if (kop)
-+                       free(kop);
-+
-+               ret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
-+               cookie->pkc_callback(cookie, 0);
-+       }
-+       return ret;
-+}
-+
-+static DSA_METHOD cryptodev_dsa = {
-+       "cryptodev DSA method",
-+       NULL,
-+       NULL,                           /* dsa_sign_setup */
-+       NULL,
-+       NULL,                           /* dsa_mod_exp */
-+       NULL,
-+       NULL,
-+       NULL,
-+       NULL,
-+       NULL,                           /* init */
-+       NULL,                           /* finish */
-+       0,      /* flags */
-+       NULL    /* app_data */
-+};
-+
-+static ECDSA_METHOD cryptodev_ecdsa = {
-+       "cryptodev ECDSA method",
-+       NULL,
-+       NULL,                           /* ecdsa_sign_setup */
-+       NULL,
-+       NULL,
-+       NULL,
-+       NULL,
-+       0,      /* flags */
-+       NULL    /* app_data */
-+};
-+
-+typedef enum ec_curve_s
-+{
-+       EC_PRIME,
-+       EC_BINARY
-+} ec_curve_t;
-+
-+/* ENGINE handler for ECDSA Sign */
-+static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
-+       int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
-+{
-+       BIGNUM  *m = NULL, *p = NULL, *a = NULL;
-+       BIGNUM  *b = NULL, *x = NULL, *y = NULL;
-+       BN_CTX  *ctx = NULL;
-+       ECDSA_SIG *ret = NULL;
-+       ECDSA_DATA *ecdsa = NULL;
-+       unsigned char  * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
-+       unsigned char  * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
-+       int     i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
-+       int     g_len = 0, d_len = 0, ab_len = 0;
-+       const BIGNUM   *order = NULL, *priv_key=NULL;
-+       const EC_GROUP *group = NULL;
-+       struct crypt_kop kop;
-+       ec_curve_t ec_crv = EC_PRIME;
-+
-+       memset(&kop, 0, sizeof(kop));
-+       ecdsa = ecdsa_check(eckey);
-+       if (!ecdsa) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+               return NULL;
-+       }
-+
-+       group = EC_KEY_get0_group(eckey);
-+       priv_key = EC_KEY_get0_private_key(eckey);
-+
-+       if (!group || !priv_key) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+               return NULL;
-+       }
-+
-+       if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+               (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+               (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+               (y = BN_new()) == NULL) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       order = &group->order;
-+       if (!order || BN_is_zero(order)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
-+               goto err;
-+       }
-+
-+       i = BN_num_bits(order);
-+       /* Need to truncate digest if it is too long: first truncate whole
-+        bytes */
-+       if (8 * dgst_len > i)
-+               dgst_len = (i + 7)/8;
-+
-+       if (!BN_bin2bn(dgst, dgst_len, m)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+               goto err;
-+       }
-+
-+       /* If still too long truncate remaining bits with a shift */
-+       if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+               goto err;
-+       }
-+
-+       /* copy the truncated bits into plain buffer */
-+       if (spcf_bn2bin(m, &tmp_dgst, &dgst_len))  {
-+               fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__);
-+               goto err;
-+       }
-+
-+       ret = ECDSA_SIG_new();
-+       if  (!ret) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+               goto err;
-+       }
-+
-+       /* check if this is prime or binary EC request */
-+       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
-+               ec_crv = EC_PRIME;
-+               /* get the generator point pair */
-+               if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group),
-+                       x, y,ctx)) {
-+                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+                       goto err;
-+               }
-+
-+               /* get the ECC curve parameters */
-+               if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) {
-+                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-                        goto err;
-                }
-        } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) {
-@@ -2195,63 +2700,581 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
-        }
- 
-        /**
-        * Get the 2nd part of signature into a flat buffer with
-        * appropriate padding
-+        * Get the 2nd part of signature into a flat buffer with
-+        * appropriate padding
-+        */
-+       if (BN_num_bytes(sig->s) < r_len)
-+               d_len = r_len;
-+
-+       if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /* memory for message representative */
-+       f = malloc(r_len);
-+       if (!f) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /* Add padding, since SEC expects hash to of size r_len */
-+       memset(f, 0, r_len-dgst_len);
-+
-+       /* Skip leading bytes if dgst_len < r_len */
-+       memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len);
-+       dgst_len += r_len-dgst_len;
-+       kop.crk_op = CRK_DSA_VERIFY;
-+       /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+       kop.crk_param[0].crp_p = f;
-+       kop.crk_param[0].crp_nbits = dgst_len * 8;
-+       kop.crk_param[1].crp_p = q;
-+       kop.crk_param[1].crp_nbits = q_len * 8;
-+       kop.crk_param[2].crp_p = r;
-+       kop.crk_param[2].crp_nbits = r_len * 8;
-+       kop.crk_param[3].crp_p = g_xy;
-+       kop.crk_param[3].crp_nbits = g_len * 8;
-+       kop.crk_param[4].crp_p = w_xy;
-+       kop.crk_param[4].crp_nbits = pub_key_len * 8;
-+       kop.crk_param[5].crp_p = ab;
-+       kop.crk_param[5].crp_nbits = ab_len * 8;
-+       kop.crk_param[6].crp_p = c;
-+       kop.crk_param[6].crp_nbits = d_len * 8;
-+       kop.crk_param[7].crp_p = d;
-+       kop.crk_param[7].crp_nbits = d_len * 8;
-+       kop.crk_iparams = 8;
-+
-+       if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-+               /*OCF success value is 0, if not zero, change ret to fail*/
-+               if(0 == kop.crk_status)
-+                       ret  = 1;
-+       } else {
-+               const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+
-+               ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey);
-+       }
-+       kop.crk_param[0].crp_p = NULL;
-+       zapparams(&kop);
-+
-+err:
-+       return ret;
-+}
-+
-+static int cryptodev_ecdsa_do_sign_async( const unsigned char  *dgst,
-+       int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey,
-+       ECDSA_SIG *sig, struct pkc_cookie_s *cookie)
-+{
-+       BIGNUM  *m = NULL, *p = NULL, *a = NULL;
-+       BIGNUM  *b = NULL, *x = NULL, *y = NULL;
-+       BN_CTX  *ctx = NULL;
-+       ECDSA_SIG *sig_ret = NULL;
-+       ECDSA_DATA *ecdsa = NULL;
-+       unsigned char  * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
-+       unsigned char  * s = NULL, *f = NULL, *tmp_dgst = NULL;
-+       int     i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
-+       int     g_len = 0, ab_len = 0, ret = 1;
-+       const BIGNUM   *order = NULL, *priv_key=NULL;
-+       const EC_GROUP *group = NULL;
-+       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+       ec_curve_t ec_crv = EC_PRIME;
-+
-+       if (!(sig->r = BN_new()) || !kop)
-+               goto err;
-+       if ((sig->s = BN_new()) == NULL) {
-+               BN_free(r);
-+               goto err;
-+       }
-+
-+       memset(kop, 0, sizeof(struct crypt_kop));
-+       ecdsa = ecdsa_check(eckey);
-+       if (!ecdsa) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+               goto err;
-+       }
-+
-+       group = EC_KEY_get0_group(eckey);
-+       priv_key = EC_KEY_get0_private_key(eckey);
-+
-+       if (!group || !priv_key) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-+               goto err;
-+       }
-+
-+       if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+               (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+               (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+               (y = BN_new()) == NULL) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       order = &group->order;
-+       if (!order || BN_is_zero(order)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
-+               goto err;
-+       }
-+
-+       i = BN_num_bits(order);
-+       /* Need to truncate digest if it is too long: first truncate whole
-+        bytes */
-+       if (8 * dgst_len > i)
-+               dgst_len = (i + 7)/8;
-+
-+       if (!BN_bin2bn(dgst, dgst_len, m)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+               goto err;
-+       }
-+
-+       /* If still too long truncate remaining bits with a shift */
-+       if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-+               goto err;
-+       }
-+
-+       /* copy the truncated bits into plain buffer */
-+       if (spcf_bn2bin(m, &tmp_dgst, &dgst_len))  {
-+               fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__);
-+               goto err;
-+       }
-+
-+       /* check if this is prime or binary EC request */
-+       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group))
-+                               == NID_X9_62_prime_field) {
-+               ec_crv = EC_PRIME;
-+               /* get the generator point pair */
-+               if (!EC_POINT_get_affine_coordinates_GFp (group,
-+                       EC_GROUP_get0_generator(group), x, y,ctx)) {
-+                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+                       goto err;
-+               }
-+
-+               /* get the ECC curve parameters */
-+               if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) {
-+                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+                       goto err;
-+               }
-+       } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) {
-+               ec_crv = EC_BINARY;
-+               /* get the ECC curve parameters */
-+               if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
-+                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+                       goto err;
-+               }
-+
-+               /* get the generator point pair */
-+               if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+                       EC_GROUP_get0_generator(group), x, y,ctx)) {
-+                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+                       goto err;
-+               }
-+       } else {
-+               printf("Unsupported Curve\n");
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+               goto err;
-+       }
-+
-+       if (spcf_bn2bin(order, &r, &r_len)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       if (spcf_bn2bin(p, &q, &q_len)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       priv_key_len = r_len;
-+
-+       /**
-+        * If BN_num_bytes of priv_key returns less then r_len then
-+        * add padding bytes before the key
-+        */
-+       if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len))  {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /* Generation of ECC curve parameters */
-+       ab_len = 2*q_len;
-+       ab = eng_copy_curve_points(a, b, ab_len, q_len);
-+       if (!ab) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       if (ec_crv == EC_BINARY) {
-+               if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
-+               {
-+                       unsigned char *c_temp = NULL;
-+                       int c_temp_len = q_len;
-+                       if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+                               memcpy(ab+q_len, c_temp, q_len);
-+                       else
-+                               goto err;
-+               }
-+               kop->curve_type = ECC_BINARY;
-+       }
-+
-+       /* Calculation of Generator point */
-+       g_len = 2*q_len;
-+       g_xy = eng_copy_curve_points(x, y, g_len, q_len);
-+       if (!g_xy) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /* memory for message representative */
-+       f = malloc(r_len);
-+       if (!f) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /* Add padding, since SEC expects hash to of size r_len */
-+       memset(f, 0, r_len - dgst_len);
-+
-+       /* Skip leading bytes if dgst_len < r_len */
-+       memcpy(f +  r_len - dgst_len, tmp_dgst, dgst_len);
-+
-+       dgst_len +=  r_len - dgst_len;
-+
-+       kop->crk_op = CRK_DSA_SIGN;
-+       /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+       kop->crk_param[0].crp_p = f;
-+       kop->crk_param[0].crp_nbits = dgst_len * 8;
-+       kop->crk_param[1].crp_p = q;
-+       kop->crk_param[1].crp_nbits = q_len * 8;
-+       kop->crk_param[2].crp_p = r;
-+       kop->crk_param[2].crp_nbits = r_len * 8;
-+       kop->crk_param[3].crp_p = g_xy;
-+       kop->crk_param[3].crp_nbits = g_len * 8;
-+       kop->crk_param[4].crp_p = s;
-+       kop->crk_param[4].crp_nbits = priv_key_len * 8;
-+       kop->crk_param[5].crp_p = ab;
-+       kop->crk_param[5].crp_nbits = ab_len * 8;
-+       kop->crk_iparams = 6;
-+       kop->cookie = cookie;
-+
-+       if (cryptodev_asym_async(kop, r_len, sig->r , r_len, sig->s))
-+               goto err;
-+
-+       return ret;
-+err:
-+       {
-+               const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+               BN_free(sig->r);
-+               BN_free(sig->s);
-+               if (kop)
-+                       free(kop);
-+               sig_ret = (meth->ecdsa_do_sign)(dgst, dgst_len, in_kinv, in_r, eckey);
-+               sig->r = sig_ret->r;
-+               sig->s = sig_ret->s;
-+               cookie->pkc_callback(cookie, 0);
-+       }
-+       return ret;
-+}
-+
-+static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len,
-+               const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie)
-+{
-+       BIGNUM  *m = NULL, *p = NULL, *a = NULL, *b = NULL;
-+       BIGNUM  *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
-+       BN_CTX  *ctx = NULL;
-+       ECDSA_DATA      *ecdsa = NULL;
-+       unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy = NULL;
-+       unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
-+       int     i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0;
-+       int     d_len = 0, ab_len = 0, ret = 1;
-+       const EC_POINT *pub_key = NULL;
-+       const BIGNUM   *order = NULL;
-+       const EC_GROUP *group=NULL;
-+       ec_curve_t       ec_crv = EC_PRIME;
-+       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+
-+       if (!kop)
-+               goto err;
-+
-+       memset(kop, 0, sizeof(struct crypt_kop));
-+       ecdsa = ecdsa_check(eckey);
-+       if (!ecdsa) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
-+               goto err;
-+       }
-+
-+       group    = EC_KEY_get0_group(eckey);
-+       pub_key  = EC_KEY_get0_public_key(eckey);
-+
-+       if (!group || !pub_key) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
-+               goto err;
-+       }
-+
-+       if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
-+               (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
-+               (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
-+               (y = BN_new()) == NULL || (w_x = BN_new()) == NULL ||
-+               (w_y = BN_new()) == NULL) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       order = &group->order;
-+       if (!order || BN_is_zero(order)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
-+               goto err;
-+       }
-+
-+       i = BN_num_bits(order);
-+       /* Need to truncate digest if it is too long: first truncate whole
-+       * bytes */
-+       if (8 * dgst_len > i)
-+               dgst_len = (i + 7)/8;
-+
-+       if (!BN_bin2bn(dgst, dgst_len, m)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-+               goto err;
-+       }
-+
-+       /* If still too long truncate remaining bits with a shift */
-+       if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-+               goto err;
-+       }
-+       /* copy the truncated bits into plain buffer */
-+       if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /* check if this is prime or binary EC request */
-+       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
-+               ec_crv = EC_PRIME;
-+
-+               /* get the generator point pair */
-+               if (!EC_POINT_get_affine_coordinates_GFp (group,
-+                       EC_GROUP_get0_generator(group), x, y,ctx)) {
-+                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+                       goto err;
-+               }
-+
-+               /* get the public key pair for prime curve */
-+               if (!EC_POINT_get_affine_coordinates_GFp (group,
-+                       pub_key, w_x, w_y,ctx)) {
-+                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+                       goto err;
-+               }
-+
-+               /* get the ECC curve parameters */
-+               if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+                       goto err;
-+               }
-+       } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field){
-+               ec_crv = EC_BINARY;
-+               /* get the ECC curve parameters */
-+               if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
-+                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+                       goto err;
-+               }
-+
-+               /* get the generator point pair */
-+               if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+                       EC_GROUP_get0_generator(group),x, y,ctx)) {
-+                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+                       goto err;
-+               }
-+
-+               /* get the public key pair for binary curve */
-+               if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+                       pub_key, w_x, w_y,ctx)) {
-+                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+                       goto err;
-+               }
-+       }else {
-+               printf("Unsupported Curve\n");
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-+               goto err;
-+       }
-+
-+       /* Get the order of the subgroup of private keys */
-+       if (spcf_bn2bin((BIGNUM*)order, &r, &r_len)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /* Get the irreducible polynomial that creates the field */
-+       if (spcf_bn2bin(p, &q, &q_len)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /* Get the public key into a flat buffer with appropriate padding */
-+       pub_key_len = 2 * q_len;
-+
-+       w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len);
-+       if (!w_xy) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /* Generation of ECC curve parameters */
-+       ab_len = 2*q_len;
-+
-+       ab = eng_copy_curve_points (a, b, ab_len, q_len);
-+       if (!ab) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       if (ec_crv == EC_BINARY) {
-+               /* copy b' i.e c(b), instead of only b */
-+               eng_ec_get_cparam (EC_GROUP_get_curve_name(group),
-+                       ab+q_len, q_len);
-+               kop->curve_type = ECC_BINARY;
-+       }
-+
-+       /* Calculation of Generator point */
-+       g_len = 2 * q_len;
-+
-+       g_xy = eng_copy_curve_points (x, y, g_len, q_len);
-+       if (!g_xy) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /**
-+        * Get the 1st part of signature into a flat buffer with
-+        * appropriate padding
-+        */
-+       if (BN_num_bytes(sig->r) < r_len)
-+               c_len = r_len;
-+
-+       if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /**
-+        * Get the 2nd part of signature into a flat buffer with
-+        * appropriate padding
-+        */
-+       if (BN_num_bytes(sig->s) < r_len)
-+               d_len = r_len;
-+
-+       if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /* memory for message representative */
-+       f = malloc(r_len);
-+       if (!f) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /* Add padding, since SEC expects hash to of size r_len */
-+       memset(f, 0, r_len-dgst_len);
-+
-+       /* Skip leading bytes if dgst_len < r_len */
-+       memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len);
-+
-+       dgst_len += r_len-dgst_len;
-+
-+       kop->crk_op = CRK_DSA_VERIFY;
-+       /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+       kop->crk_param[0].crp_p = f;
-+       kop->crk_param[0].crp_nbits = dgst_len * 8;
-+       kop->crk_param[1].crp_p = q;
-+       kop->crk_param[1].crp_nbits = q_len * 8;
-+       kop->crk_param[2].crp_p = r;
-+       kop->crk_param[2].crp_nbits = r_len * 8;
-+       kop->crk_param[3].crp_p = g_xy;
-+       kop->crk_param[3].crp_nbits = g_len * 8;
-+       kop->crk_param[4].crp_p = w_xy;
-+       kop->crk_param[4].crp_nbits = pub_key_len * 8;
-+       kop->crk_param[5].crp_p = ab;
-+       kop->crk_param[5].crp_nbits = ab_len * 8;
-+       kop->crk_param[6].crp_p = c;
-+       kop->crk_param[6].crp_nbits = d_len * 8;
-+       kop->crk_param[7].crp_p = d;
-+       kop->crk_param[7].crp_nbits = d_len * 8;
-+       kop->crk_iparams = 8;
-+       kop->cookie = cookie;
-+
-+       if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
-+               goto err;
-+
-+       return ret;
-+err:
-+       {
-+               const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+
-+               if (kop)
-+                       free(kop);
-+               ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey);
-+               cookie->pkc_callback(cookie, 0);
-+       }
-+
-+       return ret;
-+}
-+
-+/* Cryptodev DH Key Gen routine */
-+static int cryptodev_dh_keygen_async(DH *dh,  struct pkc_cookie_s *cookie)
-+{
-+       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+       int ret = 1, g_len;
-+       unsigned char *g = NULL;
-+
-+       if (!kop)
-+               goto sw_try;
-+
-+       if (dh->priv_key == NULL)       {
-+               if ((dh->priv_key=BN_new()) == NULL)
-+                       goto sw_try;
-+       }
-+
-+       if (dh->pub_key == NULL) {
-+               if ((dh->pub_key=BN_new()) == NULL)
-+                       goto sw_try;
-+       }
-+
-+       g_len = BN_num_bytes(dh->p);
-+       /**
-+        * Get generator into a plain buffer. If length is less than
-+        * q_len then add leading padding bytes.
-         */
-       if (BN_num_bytes(sig->s) < r_len)
-               d_len = r_len;
-
-       if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
-               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-               goto err;
-       }
-
-       /* memory for message representative */
-       f = malloc(r_len);
-       if (!f) {
-               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-               goto err;
-+       if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
-+               DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+               goto sw_try;
-        }
- 
-       /* Add padding, since SEC expects hash to of size r_len */
-       memset(f, 0, r_len-dgst_len);
-+       memset(kop, 0, sizeof(struct crypt_kop));
-+       kop->crk_op = CRK_DH_GENERATE_KEY;
-+       if (bn2crparam(dh->p, &kop->crk_param[0]))
-+               goto sw_try;
-+       if (bn2crparam(dh->q, &kop->crk_param[1]))
-+               goto sw_try;
-+       kop->crk_param[2].crp_p = g;
-+       kop->crk_param[2].crp_nbits = g_len * 8;
-+       kop->crk_iparams = 3;
-+       kop->cookie = cookie;
- 
-       /* Skip leading bytes if dgst_len < r_len */
-       memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len);
-       dgst_len += r_len-dgst_len;
-       kop.crk_op = CRK_DSA_VERIFY;
-       /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-       kop.crk_param[0].crp_p = f;
-       kop.crk_param[0].crp_nbits = dgst_len * 8;
-       kop.crk_param[1].crp_p = q;
-       kop.crk_param[1].crp_nbits = q_len * 8;
-       kop.crk_param[2].crp_p = r;
-       kop.crk_param[2].crp_nbits = r_len * 8;
-       kop.crk_param[3].crp_p = g_xy;
-       kop.crk_param[3].crp_nbits = g_len * 8;
-       kop.crk_param[4].crp_p = w_xy;
-       kop.crk_param[4].crp_nbits = pub_key_len * 8;
-       kop.crk_param[5].crp_p = ab;
-       kop.crk_param[5].crp_nbits = ab_len * 8;
-       kop.crk_param[6].crp_p = c;
-       kop.crk_param[6].crp_nbits = d_len * 8;
-       kop.crk_param[7].crp_p = d;
-       kop.crk_param[7].crp_nbits = d_len * 8;
-       kop.crk_iparams = 8;
-+       /* pub_key is or prime length while priv key is of length of order */
-+       if (cryptodev_asym_async(kop, BN_num_bytes(dh->p), dh->pub_key,
-+           BN_num_bytes(dh->q), dh->priv_key))
-+           goto sw_try;
- 
-       if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-               /*OCF success value is 0, if not zero, change ret to fail*/
-               if(0 == kop.crk_status)
-                       ret  = 1;
-       } else {
-               const ECDSA_METHOD *meth = ECDSA_OpenSSL();
-+       return ret;
-+sw_try:
-+       {
-+               const DH_METHOD *meth = DH_OpenSSL();
- 
-               ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey);
-+               if (kop)
-+                       free(kop);
-+               ret = (meth->generate_key)(dh);
-+               cookie->pkc_callback(cookie, 0);
-        }
-       kop.crk_param[0].crp_p = NULL;
-       zapparams(&kop);
-
-err:
-        return ret;
- }
- 
-@@ -2360,6 +3383,54 @@ sw_try:
-        return (dhret);
- }
- 
-+/* Return Length if successful and 0 on failure */
-+static int
-+cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
-+               DH *dh, struct pkc_cookie_s *cookie)
-+{
-+       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+       int ret = 1;
-+       int fd, p_len;
-+       unsigned char *padded_pub_key = NULL, *p = NULL;
-+
-+       fd = *(int *)cookie->eng_handle;
-+
-+       memset(kop, 0, sizeof(struct crypt_kop));
-+       kop->crk_op = CRK_DH_COMPUTE_KEY;
-+       /* inputs: dh->priv_key pub_key dh->p key */
-+       spcf_bn2bin(dh->p, &p, &p_len);
-+       spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
-+
-+       if (bn2crparam(dh->priv_key, &kop->crk_param[0]))
-+               goto err;
-+       kop->crk_param[1].crp_p = padded_pub_key;
-+       kop->crk_param[1].crp_nbits = p_len * 8;
-+       kop->crk_param[2].crp_p = p;
-+       kop->crk_param[2].crp_nbits = p_len * 8;
-+       kop->crk_iparams = 3;
-+
-+       kop->cookie = cookie;
-+       kop->crk_param[3].crp_p = (void*) key;
-+       kop->crk_param[3].crp_nbits = p_len * 8;
-+       kop->crk_oparams = 1;
-+
-+       if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
-+               goto err;
-+
-+       return p_len;
-+err:
-+       {
-+               const DH_METHOD *meth = DH_OpenSSL();
-+
-+               if (kop)
-+                       free(kop);
-+               ret = (meth->compute_key)(key, pub_key, dh);
-+               /* Call user cookie handler */
-+               cookie->pkc_callback(cookie, 0);
-+       }
-+       return (ret);
-+}
-+
- int cryptodev_ecdh_compute_key(void *out, size_t outlen,
-        const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
-        void *out, size_t *outlen))
-@@ -2537,6 +3608,190 @@ err:
-        return ret;
- }
- 
-+int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
-+       const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
-+       void *out, size_t *outlen), struct pkc_cookie_s *cookie)
-+{
-+       ec_curve_t       ec_crv = EC_PRIME;
-+       unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
-+       BIGNUM         * w_x = NULL, *w_y = NULL;
-+       int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
-+       BIGNUM * p = NULL, *a = NULL, *b = NULL;
-+       BN_CTX *ctx;
-+       EC_POINT *tmp=NULL;
-+       BIGNUM *x=NULL, *y=NULL;
-+       const BIGNUM *priv_key;
-+       const EC_GROUP* group = NULL;
-+       int ret = 1;
-+       size_t buflen, len;
-+       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-+
-+       if (!(ctx = BN_CTX_new()) || !kop)
-+                goto err;
-+
-+       memset(kop, 0, sizeof(struct crypt_kop));
-+
-+       BN_CTX_start(ctx);
-+       x = BN_CTX_get(ctx);
-+       y = BN_CTX_get(ctx);
-+       p = BN_CTX_get(ctx);
-+       a = BN_CTX_get(ctx);
-+       b = BN_CTX_get(ctx);
-+       w_x = BN_CTX_get(ctx);
-+       w_y = BN_CTX_get(ctx);
-+
-+       if (!x || !y || !p || !a || !b || !w_x || !w_y) {
-+               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       priv_key = EC_KEY_get0_private_key(ecdh);
-+       if (priv_key == NULL) {
-+               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE);
-+               goto err;
-+       }
-+
-+       group = EC_KEY_get0_group(ecdh);
-+       if ((tmp=EC_POINT_new(group)) == NULL) {
-+               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-+               NID_X9_62_prime_field) {
-+               ec_crv = EC_PRIME;
-+
-+               if (!EC_POINT_get_affine_coordinates_GFp(group,
-+                       EC_GROUP_get0_generator(group), x, y, ctx)) {
-+                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
-+                       goto err;
-+               }
-+
-+               /* get the ECC curve parameters */
-+               if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
-+                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+                       goto err;
-+               }
-+
-+               /* get the public key pair for prime curve */
-+               if (!EC_POINT_get_affine_coordinates_GFp (group, pub_key, w_x, w_y,ctx)) {
-+                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+                       goto err;
-+               }
-+       } else {
-+               ec_crv = EC_BINARY;
-+
-+               if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+                       EC_GROUP_get0_generator(group), x, y, ctx)) {
-+                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
-+                       goto err;
-+               }
-+
-+               /* get the ECC curve parameters */
-+               if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
-+                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+                       goto err;
-+               }
-+
-+               /* get the public key pair for binary curve */
-+               if (!EC_POINT_get_affine_coordinates_GF2m(group,
-+                       pub_key, w_x, w_y,ctx)) {
-+                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-+                       goto err;
-+               }
-+       }
-+
-+       /* irreducible polynomial that creates the field */
-+       if (spcf_bn2bin((BIGNUM*)&group->order, &r, &r_len)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /* Get the irreducible polynomial that creates the field */
-+       if (spcf_bn2bin(p, &q, &q_len)) {
-+               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+               goto err;
-+       }
-+
-+       /* Get the public key into a flat buffer with appropriate padding */
-+       pub_key_len = 2 * q_len;
-+       w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len);
-+       if (!w_xy) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       /* Generation of ECC curve parameters */
-+       ab_len = 2*q_len;
-+       ab = eng_copy_curve_points (a, b, ab_len, q_len);
-+       if (!ab) {
-+               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-+               goto err;
-+       }
-+
-+       if (ec_crv == EC_BINARY) {
-+               /* copy b' i.e c(b), instead of only b */
-+               if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
-+               {
-+                       unsigned char *c_temp = NULL;
-+                       int c_temp_len = q_len;
-+                       if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
-+                               memcpy(ab+q_len, c_temp, q_len);
-+                       else
-+                               goto err;
-+               }
-+               kop->curve_type = ECC_BINARY;
-+       } else
-+               kop->curve_type = ECC_PRIME;
-+
-+       priv_key_len = r_len;
-+
-+       /*
-+        * If BN_num_bytes of priv_key returns less then r_len then
-+        * add padding bytes before the key
-+        */
-+       if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) {
-+               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-+               goto err;
-+       }
-+
-+       buflen = (EC_GROUP_get_degree(group) + 7)/8;
-+       len = BN_num_bytes(x);
-+       if (len > buflen || q_len < buflen) {
-+               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
-+               goto err;
-+       }
-+
-+       kop->crk_op = CRK_DH_COMPUTE_KEY;
-+       kop->crk_param[0].crp_p = (void *) s;
-+       kop->crk_param[0].crp_nbits = priv_key_len*8;
-+       kop->crk_param[1].crp_p = (void *) w_xy;
-+       kop->crk_param[1].crp_nbits = pub_key_len*8;
-+       kop->crk_param[2].crp_p = (void *) q;
-+       kop->crk_param[2].crp_nbits = q_len*8;
-+       kop->crk_param[3].crp_p = (void *) ab;
-+       kop->crk_param[3].crp_nbits = ab_len*8;
-+       kop->crk_iparams = 4;
-+       kop->crk_param[4].crp_p = (void *) out;
-+       kop->crk_param[4].crp_nbits = q_len*8;
-+       kop->crk_oparams = 1;
-+       kop->cookie = cookie;
-+       if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
-+               goto err;
-+
-+       return q_len;
-+err:
-+       {
-+               const ECDH_METHOD *meth = ECDH_OpenSSL();
-+
-+               if (kop)
-+                       free(kop);
-+               ret = (meth->compute_key)(out, outlen, pub_key, ecdh, KDF);
-+               /* Call user cookie handler */
-+               cookie->pkc_callback(cookie, 0);
-+       }
-+       return ret;
-+}
- 
- static DH_METHOD cryptodev_dh = {
-        "cryptodev DH method",
-@@ -2545,6 +3800,8 @@ static DH_METHOD cryptodev_dh = {
-        NULL,
-        NULL,
-        NULL,
-+       NULL,
-+       NULL,
-        0,      /* flags */
-        NULL    /* app_data */
- };
-@@ -2553,6 +3810,7 @@ static ECDH_METHOD cryptodev_ecdh = {
-        "cryptodev ECDH method",
-        NULL,   /* cryptodev_ecdh_compute_key */
-        NULL,
-+       NULL,
-        0,              /* flags */
-        NULL    /* app_data */
- };
-@@ -2625,12 +3883,19 @@ ENGINE_load_cryptodev(void)
-                cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
-                if (cryptodev_asymfeat & CRF_MOD_EXP) {
-                        cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
-                       if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
-+                       cryptodev_rsa.bn_mod_exp_async =
-+                                cryptodev_bn_mod_exp_async;
-+                       if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) {
-                                cryptodev_rsa.rsa_mod_exp =
-                                    cryptodev_rsa_mod_exp;
-                       else
-+                               cryptodev_rsa.rsa_mod_exp_async =
-+                                   cryptodev_rsa_mod_exp_async;
-+                       } else {
-                                cryptodev_rsa.rsa_mod_exp =
-                                    cryptodev_rsa_nocrt_mod_exp;
-+                               cryptodev_rsa.rsa_mod_exp_async =
-+                                   cryptodev_rsa_nocrt_mod_exp_async;
-+                       }
-                }
-        }
- 
-@@ -2638,12 +3903,21 @@ ENGINE_load_cryptodev(void)
-                const DSA_METHOD *meth = DSA_OpenSSL();
- 
-                memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
-               if (cryptodev_asymfeat & CRF_DSA_SIGN)
-+               if (cryptodev_asymfeat & CRF_DSA_SIGN) {
-                        cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
-               if (cryptodev_asymfeat & CRF_DSA_VERIFY)
-+                       cryptodev_dsa.dsa_do_sign_async =
-+                                cryptodev_dsa_do_sign_async;
-+               }
-+               if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
-                        cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
-               if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY)
-+                       cryptodev_dsa.dsa_do_verify_async =
-+                                cryptodev_dsa_verify_async;
-+               }
-+               if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) {
-                        cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen;
-+                       cryptodev_dsa.dsa_keygen_async =
-+                                cryptodev_dsa_keygen_async;
-+               }
-        }
- 
-        if (ENGINE_set_DH(engine, &cryptodev_dh)){
-@@ -2652,10 +3926,15 @@ ENGINE_load_cryptodev(void)
-                if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
-                        cryptodev_dh.compute_key =
-                                cryptodev_dh_compute_key;
-+                       cryptodev_dh.compute_key_async =
-+                               cryptodev_dh_compute_key_async;
-                }
-                if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) {
-                        cryptodev_dh.generate_key =
-                                cryptodev_dh_keygen;
-+                       cryptodev_dh.generate_key_async =
-+                               cryptodev_dh_keygen_async;
-+
-                }
-        }
- 
-@@ -2664,10 +3943,14 @@ ENGINE_load_cryptodev(void)
-                memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD));
-                if (cryptodev_asymfeat & CRF_DSA_SIGN) {
-                        cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign;
-+                       cryptodev_ecdsa.ecdsa_do_sign_async =
-+                               cryptodev_ecdsa_do_sign_async;
-                }
-                if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
-                        cryptodev_ecdsa.ecdsa_do_verify =
-                                cryptodev_ecdsa_verify;
-+                       cryptodev_ecdsa.ecdsa_do_verify_async =
-+                               cryptodev_ecdsa_verify_async;
-                }
-        }
- 
-@@ -2676,9 +3959,16 @@ ENGINE_load_cryptodev(void)
-                memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD));
-                if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
-                        cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key;
-+                       cryptodev_ecdh.compute_key_async =
-+                                cryptodev_ecdh_compute_key_async;
-                }
-        }
- 
-+       ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability);
-+       ENGINE_set_close_instance(engine, cryptodev_close_instance);
-+       ENGINE_set_init_instance(engine, cryptodev_init_instance);
-+       ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC);
-+
-        ENGINE_add(engine);
-        ENGINE_free(engine);
-        ERR_clear_error();
-diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
-index 451ef8f..8fc3077 100644
--- a/crypto/engine/eng_int.h
-+++ b/crypto/engine/eng_int.h
-@@ -181,7 +181,29 @@ struct engine_st
-        ENGINE_LOAD_KEY_PTR load_pubkey;
- 
-        ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
-
-+       /*
-+        * Instantiate Engine handle to be passed in check_pkc_availability
-+        * Ensure that Engine is instantiated before any pkc asynchronous call.
-+        */
-+       void *(*engine_init_instance)(void);
-+       /*
-+        * Instantiated Engine handle will be closed with this call.
-+        * Ensure that no pkc asynchronous call is made after this call
-+        */
-+       void (*engine_close_instance)(void *handle);
-+       /*
-+        * Check availability will extract the data from kernel.
-+        * eng_handle: This is the Engine handle corresponds to which
-+        * the cookies needs to be polled.
-+        * return 0 if cookie available else 1
-+        */
-+       int (*check_pkc_availability)(void *eng_handle);
-+       /*
-+        * The following map is used to check if the engine supports asynchronous implementation
-+        * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous
-+        * implementation need to check this features using "int ENGINE_get_async_map(engine *)";
-+        */
-+       int async_map;
-        const ENGINE_CMD_DEFN *cmd_defns;
-        int flags;
-        /* reference count on the structure itself */
-diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
-index 18a6664..6fa621c 100644
--- a/crypto/engine/eng_lib.c
-+++ b/crypto/engine/eng_lib.c
-@@ -98,7 +98,11 @@ void engine_set_all_null(ENGINE *e)
-        e->ctrl = NULL;
-        e->load_privkey = NULL;
-        e->load_pubkey = NULL;
-+       e->check_pkc_availability = NULL;
-+       e->engine_init_instance = NULL;
-+       e->engine_close_instance = NULL;
-        e->cmd_defns = NULL;
-+       e->async_map = 0;
-        e->flags = 0;
-        }
- 
-@@ -233,6 +237,48 @@ int ENGINE_set_id(ENGINE *e, const char *id)
-        return 1;
-        }
- 
-+void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void))
-+       {
-+               e->engine_init_instance = engine_init_instance;
-+       }
-+
-+void ENGINE_set_close_instance(ENGINE *e,
-+       void (*engine_close_instance)(void *))
-+       {
-+               e->engine_close_instance = engine_close_instance;
-+       }
-+
-+void ENGINE_set_async_map(ENGINE *e, int async_map)
-+       {
-+               e->async_map = async_map;
-+       }
-+
-+void *ENGINE_init_instance(ENGINE *e)
-+       {
-+               return e->engine_init_instance();
-+       }
-+
-+void ENGINE_close_instance(ENGINE *e, void *eng_handle)
-+       {
-+               e->engine_close_instance(eng_handle);
-+       }
-+
-+int ENGINE_get_async_map(ENGINE *e)
-+       {
-+               return e->async_map;
-+       }
-+
-+void ENGINE_set_check_pkc_availability(ENGINE *e,
-+       int (*check_pkc_availability)(void *eng_handle))
-+       {
-+               e->check_pkc_availability = check_pkc_availability;
-+       }
-+
-+int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle)
-+       {
-+               return e->check_pkc_availability(eng_handle);
-+       }
-+
- int ENGINE_set_name(ENGINE *e, const char *name)
-        {
-        if(name == NULL)
-diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
-index 237a6c9..ccff86a 100644
--- a/crypto/engine/engine.h
-+++ b/crypto/engine/engine.h
-@@ -473,6 +473,30 @@ ENGINE *ENGINE_new(void);
- int ENGINE_free(ENGINE *e);
- int ENGINE_up_ref(ENGINE *e);
- int ENGINE_set_id(ENGINE *e, const char *id);
-+void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void));
-+void ENGINE_set_close_instance(ENGINE *e,
-+       void (*engine_free_instance)(void *));
-+/*
-+ * Following FLAGS are bitmap store in async_map to set asynchronous interface capability
-+ *of the engine
-+ */
-+#define ENGINE_RSA_ASYNC 0x0001
-+#define ENGINE_DSA_ASYNC 0x0002
-+#define ENGINE_DH_ASYNC 0x0004
-+#define ENGINE_ECDSA_ASYNC 0x0008
-+#define ENGINE_ECDH_ASYNC 0x0010
-+#define ENGINE_ALLPKC_ASYNC 0x001F
-+/* Engine implementation will set the bitmap based on above flags using following API */
-+void ENGINE_set_async_map(ENGINE *e, int async_map);
-+ /* Application need to check the bitmap based on above flags using following API
-+  * to confirm asynchronous methods supported
-+  */
-+int ENGINE_get_async_map(ENGINE *e);
-+void *ENGINE_init_instance(ENGINE *e);
-+void ENGINE_close_instance(ENGINE *e, void *eng_handle);
-+void ENGINE_set_check_pkc_availability(ENGINE *e,
-+       int (*check_pkc_availability)(void *eng_handle));
-+int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle);
- int ENGINE_set_name(ENGINE *e, const char *name);
- int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
- int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
-diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
-index 5f269e5..6ef1b15 100644
--- a/crypto/rsa/rsa.h
-+++ b/crypto/rsa/rsa.h
-@@ -101,6 +101,29 @@ struct rsa_meth_st
-        int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                          const BIGNUM *m, BN_CTX *ctx,
-                          BN_MONT_CTX *m_ctx); /* Can be null */
-+       /*
-+        * Cookie in the following _async variant must be allocated before
-+        * submission and can be freed once its corresponding callback
-+        * handler is called
-+        */
-+       int (*rsa_pub_enc_asyn)(int flen,const unsigned char *from,
-+                          unsigned char *to, RSA *rsa, int padding,
-+                          struct pkc_cookie_s *cookie);
-+       int (*rsa_pub_dec_async)(int flen,const unsigned char *from,
-+                          unsigned char *to, RSA *rsa, int padding,
-+                          struct pkc_cookie_s *cookie);
-+       int (*rsa_priv_enc_async)(int flen,const unsigned char *from,
-+                           unsigned char *to, RSA *rsa, int padding,
-+                           struct pkc_cookie_s *cookie);
-+       int (*rsa_priv_dec_async)(int flen,const unsigned char *from,
-+                           unsigned char *to, RSA *rsa, int padding,
-+                           struct pkc_cookie_s *cookie);
-+       int (*rsa_mod_exp_async)(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
-+                           BN_CTX *ctx, struct pkc_cookie_s *cookie);
-+       int (*bn_mod_exp_async)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-+                         const BIGNUM *m, BN_CTX *ctx,
-+                         BN_MONT_CTX *m_ctx, struct pkc_cookie_s *cookie);
-+
-        int (*init)(RSA *rsa);          /* called at new */
-        int (*finish)(RSA *rsa);        /* called at free */
-        int flags;                      /* RSA_METHOD_FLAG_* things */
-- 
-2.3.5
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch
new file mode 100644
index 000000000..8908d5482
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch
@@ -0,0 +1,163 @@
+From cd80be25a3da28d23dfcb2762252b413879eaa74 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Thu, 17 Apr 2014 06:57:59 +0545
+Subject: [PATCH 10/48] Removed local copy of curve_t type
+Upstream-status: Pending
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c    | 33 ++++++++++++++-------------------
+ crypto/engine/eng_cryptodev_ec.h |  7 -------
+ 2 files changed, 14 insertions(+), 26 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index eac5fb6..151774c 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -2504,11 +2504,6 @@ static ECDSA_METHOD cryptodev_ecdsa = {
+     NULL                        /* app_data */
+ };
+ 
+-typedef enum ec_curve_s {
+-    EC_PRIME,
+-    EC_BINARY
+-} ec_curve_t;
+-
+ /* ENGINE handler for ECDSA Sign */
+ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
+                                           int dgst_len, const BIGNUM *in_kinv,
+@@ -2527,7 +2522,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
+     const BIGNUM *order = NULL, *priv_key = NULL;
+     const EC_GROUP *group = NULL;
+     struct crypt_kop kop;
+-    ec_curve_t ec_crv = EC_PRIME;
+    enum ec_curve_t ec_crv = EC_PRIME;
+ 
+     memset(&kop, 0, sizeof(kop));
+     ecdsa = ecdsa_check(eckey);
+@@ -2665,7 +2660,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
+             else
+                 goto err;
+         }
+-        kop.curve_type = ECC_BINARY;
+        kop.curve_type = EC_BINARY;
+     }
+ 
+     /* Calculation of Generator point */
+@@ -2760,7 +2755,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
+     const EC_POINT *pub_key = NULL;
+     const BIGNUM *order = NULL;
+     const EC_GROUP *group = NULL;
+-    ec_curve_t ec_crv = EC_PRIME;
+    enum ec_curve_t ec_crv = EC_PRIME;
+     struct crypt_kop kop;
+ 
+     memset(&kop, 0, sizeof kop);
+@@ -2911,7 +2906,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
+             else
+                 goto err;
+         }
+-        kop.curve_type = ECC_BINARY;
+        kop.curve_type = EC_BINARY;
+     }
+ 
+     /* Calculation of Generator point */
+@@ -3016,7 +3011,7 @@ static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst,
+     const BIGNUM *order = NULL, *priv_key = NULL;
+     const EC_GROUP *group = NULL;
+     struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
+-    ec_curve_t ec_crv = EC_PRIME;
+    enum ec_curve_t ec_crv = EC_PRIME;
+ 
+     if (!(sig->r = BN_new()) || !kop)
+         goto err;
+@@ -3157,7 +3152,7 @@ static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst,
+             else
+                 goto err;
+         }
+-        kop->curve_type = ECC_BINARY;
+        kop->curve_type = EC_BINARY;
+     }
+ 
+     /* Calculation of Generator point */
+@@ -3237,7 +3232,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst,
+     const EC_POINT *pub_key = NULL;
+     const BIGNUM *order = NULL;
+     const EC_GROUP *group = NULL;
+-    ec_curve_t ec_crv = EC_PRIME;
+    enum ec_curve_t ec_crv = EC_PRIME;
+     struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
+ 
+     if (!kop)
+@@ -3384,7 +3379,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst,
+     if (ec_crv == EC_BINARY) {
+         /* copy b' i.e c(b), instead of only b */
+         eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab + q_len, q_len);
+-        kop->curve_type = ECC_BINARY;
+        kop->curve_type = EC_BINARY;
+     }
+ 
+     /* Calculation of Generator point */
+@@ -3690,7 +3685,7 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
+                                void *(*KDF) (const void *in, size_t inlen,
+                                              void *out, size_t *outlen))
+ {
+-    ec_curve_t ec_crv = EC_PRIME;
+    enum ec_curve_t ec_crv = EC_PRIME;
+     unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
+     BIGNUM *w_x = NULL, *w_y = NULL;
+     int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
+@@ -3820,9 +3815,9 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
+             else
+                 goto err;
+         }
+-        kop.curve_type = ECC_BINARY;
+        kop.curve_type = EC_BINARY;
+     } else
+-        kop.curve_type = ECC_PRIME;
+        kop.curve_type = EC_PRIME;
+ 
+     priv_key_len = r_len;
+ 
+@@ -3874,7 +3869,7 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
+                                                    size_t *outlen),
+                                      struct pkc_cookie_s *cookie)
+ {
+-    ec_curve_t ec_crv = EC_PRIME;
+    enum ec_curve_t ec_crv = EC_PRIME;
+     unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
+     BIGNUM *w_x = NULL, *w_y = NULL;
+     int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
+@@ -4005,9 +4000,9 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
+             else
+                 goto err;
+         }
+-        kop->curve_type = ECC_BINARY;
+        kop->curve_type = EC_BINARY;
+     } else
+-        kop->curve_type = ECC_PRIME;
+        kop->curve_type = EC_PRIME;
+ 
+     priv_key_len = r_len;
+ 
+diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h
+index af54c51..41a8702 100644
+--- a/crypto/engine/eng_cryptodev_ec.h
+++ b/crypto/engine/eng_cryptodev_ec.h
+@@ -287,11 +287,4 @@ static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y,
+ 
+        return xy;
+ }
+-
+-enum curve_t {
+-       DISCRETE_LOG,
+-       ECC_PRIME,
+-       ECC_BINARY,
+-       MAX_ECC_TYPE
+-};
+ #endif
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
deleted file mode 100644
index 244d230ec..000000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
+++ /dev/null
@@ -1,153 +0,0 @@
-From e4fc051f8ae1c093b25ca346c2ec351ff3b700d1 Mon Sep 17 00:00:00 2001
-From: Hou Zhiqiang <B48286@freescale.com>
-Date: Wed, 2 Apr 2014 16:10:43 +0800
-Subject: [PATCH 11/26] Add RSA keygen operation and support gendsa command
- with hardware engine
-Upstream-status: Pending
-Signed-off-by: Hou Zhiqiang <B48286@freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
---
- crypto/engine/eng_cryptodev.c | 118 ++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 118 insertions(+)
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 9f2416e..b2919a8 100644
--- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1906,6 +1906,121 @@ err:
-        return dsaret;
- }
- 
-+/* Cryptodev RSA Key Gen routine */
-+static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
-+{
-+       struct crypt_kop kop;
-+       int ret, fd;
-+       int p_len, q_len;
-+       int i;
-+
-+       if ((fd = get_asym_dev_crypto()) < 0)
-+               return fd;
-+
-+       if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
-+       if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err;
-+       if(!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err;
-+       if(!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err;
-+       if(!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err;
-+       if(!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err;
-+       if(!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err;
-+       if(!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err;
-+
-+       BN_copy(rsa->e, e);
-+
-+       p_len = (bits+1) / (2 * 8);
-+       q_len = (bits - p_len * 8) / 8;
-+       memset(&kop, 0, sizeof kop);
-+       kop.crk_op = CRK_RSA_GENERATE_KEY;
-+
-+       /* p length */
-+       kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
-+       if (!kop.crk_param[kop.crk_iparams].crp_p)
-+               goto err;
-+       kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
-+       memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
-+       kop.crk_iparams++;
-+       kop.crk_oparams++;
-+       /* q length */
-+       kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
-+       if (!kop.crk_param[kop.crk_iparams].crp_p)
-+               goto err;
-+       kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
-+       memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
-+       kop.crk_iparams++;
-+       kop.crk_oparams++;
-+       /* n length */
-+       kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + q_len + 1, sizeof(char));
-+       if (!kop.crk_param[kop.crk_iparams].crp_p)
-+               goto err;
-+       kop.crk_param[kop.crk_iparams].crp_nbits = bits;
-+       memset(kop.crk_param[kop.crk_iparams].crp_p, 0x00, p_len + q_len + 1);
-+       kop.crk_iparams++;
-+       kop.crk_oparams++;
-+       /* d length */
-+       kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + q_len + 1, sizeof(char));
-+       if (!kop.crk_param[kop.crk_iparams].crp_p)
-+               goto err;
-+       kop.crk_param[kop.crk_iparams].crp_nbits = bits;
-+       memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + q_len + 1);
-+       kop.crk_iparams++;
-+       kop.crk_oparams++;
-+       /* dp1 length */
-+       kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
-+       if (!kop.crk_param[kop.crk_iparams].crp_p)
-+               goto err;
-+       kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
-+       memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
-+       kop.crk_iparams++;
-+       kop.crk_oparams++;
-+       /* dq1 length */
-+       kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
-+       if (!kop.crk_param[kop.crk_iparams].crp_p)
-+               goto err;
-+       kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
-+       memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
-+       kop.crk_iparams++;
-+       kop.crk_oparams++;
-+       /* i length */
-+       kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
-+       if (!kop.crk_param[kop.crk_iparams].crp_p)
-+               goto err;
-+       kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
-+       memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
-+       kop.crk_iparams++;
-+       kop.crk_oparams++;
-+
-+       if (ioctl(fd, CIOCKEY, &kop) == 0) {
-+               BN_bin2bn(kop.crk_param[0].crp_p,
-+                               p_len, rsa->p);
-+               BN_bin2bn(kop.crk_param[1].crp_p,
-+                               q_len, rsa->q);
-+               BN_bin2bn(kop.crk_param[2].crp_p,
-+                               bits / 8, rsa->n);
-+               BN_bin2bn(kop.crk_param[3].crp_p,
-+                               bits / 8, rsa->d);
-+               BN_bin2bn(kop.crk_param[4].crp_p,
-+                               p_len, rsa->dmp1);
-+               BN_bin2bn(kop.crk_param[5].crp_p,
-+                               q_len, rsa->dmq1);
-+               BN_bin2bn(kop.crk_param[6].crp_p,
-+                               p_len, rsa->iqmp);
-+               return 1;
-+       }
-+sw_try:
-+       {
-+               const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-+               ret = (meth->rsa_keygen)(rsa, bits, e, cb);
-+       }
-+       return ret;
-+
-+err:
-+       for (i = 0; i < CRK_MAXPARAM; i++)
-+               free(kop.crk_param[i].crp_p);
-+       return 0;
-+
-+}
-+
- /* Cryptodev DSA Key Gen routine */
- static int cryptodev_dsa_keygen(DSA *dsa)
- {
-@@ -3896,6 +4011,9 @@ ENGINE_load_cryptodev(void)
-                                cryptodev_rsa.rsa_mod_exp_async =
-                                    cryptodev_rsa_nocrt_mod_exp_async;
-                        }
-+                       if (cryptodev_asymfeat & CRF_RSA_GENERATE_KEY)
-+                               cryptodev_rsa.rsa_keygen =
-+                                       cryptodev_rsa_keygen;
-                }
-        }
- 
-- 
-2.3.5
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch
new file mode 100644
index 000000000..13aea0156
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch
@@ -0,0 +1,43 @@
+From f9d9da58818740334ef356d0384d4e88da865dca Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Tue, 22 Apr 2014 22:58:33 +0545
+Subject: [PATCH 11/48] Modulus parameter is not populated by dhparams
+Upstream-status: Pending
+When dhparams are created, modulus parameter required for
+private key generation is not populated. So, falling back
+to software for proper population of modulus parameters followed
+by private key generation
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 151774c..1f1f307 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -3502,7 +3502,7 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie)
+     kop->crk_op = CRK_DH_GENERATE_KEY;
+     if (bn2crparam(dh->p, &kop->crk_param[0]))
+         goto sw_try;
+-    if (bn2crparam(dh->q, &kop->crk_param[1]))
+    if (!dh->q || bn2crparam(dh->q, &kop->crk_param[1]))
+         goto sw_try;
+     kop->crk_param[2].crp_p = g;
+     kop->crk_param[2].crp_nbits = g_len * 8;
+@@ -3557,7 +3557,7 @@ static int cryptodev_dh_keygen(DH *dh)
+     kop.crk_op = CRK_DH_GENERATE_KEY;
+     if (bn2crparam(dh->p, &kop.crk_param[0]))
+         goto sw_try;
+-    if (bn2crparam(dh->q, &kop.crk_param[1]))
+    if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1]))
+         goto sw_try;
+     kop.crk_param[2].crp_p = g;
+     kop.crk_param[2].crp_nbits = g_len * 8;
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-RSA-Keygen-Fix.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-RSA-Keygen-Fix.patch
deleted file mode 100644
index 7f907da4a..000000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-RSA-Keygen-Fix.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From ac777f046da7151386d667391362ecb553ceee90 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta@freescale.com>
-Date: Wed, 16 Apr 2014 22:53:04 +0545
-Subject: [PATCH 12/26] RSA Keygen Fix
-Upstream-status: Pending
-If Kernel driver doesn't support RSA Keygen or same returns
-error handling the keygen operation, the keygen is gracefully
-handled by software supported rsa_keygen handler
-Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
---
- crypto/engine/eng_cryptodev.c | 12 +++++++-----
- 1 file changed, 7 insertions(+), 5 deletions(-)
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index b2919a8..ed5f20f 100644
--- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1915,7 +1915,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
-        int i;
- 
-        if ((fd = get_asym_dev_crypto()) < 0)
-               return fd;
-+               goto sw_try;
- 
-        if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
-        if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err;
-@@ -1936,7 +1936,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
-        /* p length */
-        kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
-        if (!kop.crk_param[kop.crk_iparams].crp_p)
-               goto err;
-+               goto sw_try;
-        kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
-        memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
-        kop.crk_iparams++;
-@@ -1944,7 +1944,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
-        /* q length */
-        kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
-        if (!kop.crk_param[kop.crk_iparams].crp_p)
-               goto err;
-+               goto sw_try;
-        kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
-        memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
-        kop.crk_iparams++;
-@@ -2009,8 +2009,10 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
-        }
- sw_try:
-        {
-               const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-               ret = (meth->rsa_keygen)(rsa, bits, e, cb);
-+               const RSA_METHOD *meth = rsa->meth;
-+               rsa->meth = RSA_PKCS1_SSLeay();
-+               ret = RSA_generate_key_ex(rsa, bits, e, cb);
-+               rsa->meth = meth;
-        }
-        return ret;
- 
-- 
-2.3.5
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch
new file mode 100644
index 000000000..bf36a3226
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch
@@ -0,0 +1,53 @@
+From 18f4dbbba2c0142792b394bec35531cefe277712 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Thu, 24 Apr 2014 00:35:34 +0545
+Subject: [PATCH 12/48] SW Backoff mechanism for dsa keygen
+Upstream-status: Pending
+DSA Keygen is not handled in default openssl dsa method. Due to
+same null function pointer in SW DSA method, the backoff for dsa
+keygen gives segmentation fault.
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 1f1f307..db8e02d 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -2175,8 +2175,10 @@ static int cryptodev_dsa_keygen(DSA *dsa)
+     return ret;
+  sw_try:
+     {
+-        const DSA_METHOD *meth = DSA_OpenSSL();
+-        ret = (meth->dsa_keygen) (dsa);
+        const DSA_METHOD *meth = dsa->meth;
+        dsa->meth = DSA_OpenSSL();
+        ret = DSA_generate_key(dsa);
+        dsa->meth = meth;
+     }
+     return ret;
+ }
+@@ -2230,11 +2232,13 @@ static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie)
+     return ret;
+  sw_try:
+     {
+-        const DSA_METHOD *meth = DSA_OpenSSL();
+        const DSA_METHOD *meth = dsa->meth;
+ 
+        dsa->meth = DSA_OpenSSL();
+         if (kop)
+             free(kop);
+-        ret = (meth->dsa_keygen) (dsa);
+        ret = DSA_generate_key(dsa);
+        dsa->meth = meth;
+         cookie->pkc_callback(cookie, 0);
+     }
+     return ret;
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch
new file mode 100644
index 000000000..12465d7ef
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch
@@ -0,0 +1,100 @@
+From 4d5ffd41f423309fc9aaf3621598ca51c5838e31 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Thu, 1 May 2014 06:35:45 +0545
+Subject: [PATCH 13/48] Fixed DH keygen pair generator
+Upstream-status: Pending
+Wrong Padding results into keygen length error
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 50 ++++++++++++++++++++++++++++---------------
+ 1 file changed, 33 insertions(+), 17 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index db8e02d..4929ae6 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -3534,44 +3534,60 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie)
+ static int cryptodev_dh_keygen(DH *dh)
+ {
+     struct crypt_kop kop;
+-    int ret = 1, g_len;
+-    unsigned char *g = NULL;
+    int ret = 1, q_len = 0;
+    unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL;
+    BIGNUM *pub_key = NULL, *priv_key = NULL;
+    int generate_new_key = 1;
+ 
+-    if (dh->priv_key == NULL) {
+-        if ((dh->priv_key = BN_new()) == NULL)
+-            goto sw_try;
+-    }
+    if (dh->priv_key)
+        priv_key = dh->priv_key;
+ 
+-    if (dh->pub_key == NULL) {
+-        if ((dh->pub_key = BN_new()) == NULL)
+-            goto sw_try;
+-    }
+    if (dh->pub_key)
+        pub_key = dh->pub_key;
+ 
+-    g_len = BN_num_bytes(dh->p);
+    q_len = BN_num_bytes(dh->p);
+         /**
+          * Get generator into a plain buffer. If length is less than
+          * q_len then add leading padding bytes.
+          */
+-    if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
+    if (spcf_bn2bin_ex(dh->g, &g, &q_len)) {
+        DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
+        goto sw_try;
+    }
+
+    if (spcf_bn2bin_ex(dh->p, &q, &q_len)) {
+         DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
+         goto sw_try;
+     }
+ 
+     memset(&kop, 0, sizeof kop);
+     kop.crk_op = CRK_DH_GENERATE_KEY;
+-    if (bn2crparam(dh->p, &kop.crk_param[0]))
+-        goto sw_try;
+    kop.crk_param[0].crp_p = q;
+    kop.crk_param[0].crp_nbits = q_len * 8;
+     if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1]))
+         goto sw_try;
+     kop.crk_param[2].crp_p = g;
+-    kop.crk_param[2].crp_nbits = g_len * 8;
+    kop.crk_param[2].crp_nbits = q_len * 8;
+     kop.crk_iparams = 3;
+ 
+    s = OPENSSL_malloc(q_len);
+    if (!s) {
+        DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
+        goto sw_try;
+    }
+
+    w = OPENSSL_malloc(q_len);
+    if (!w) {
+        DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
+        goto sw_try;
+    }
+
+     /* pub_key is or prime length while priv key is of length of order */
+-    if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
+-                       BN_num_bytes(dh->q), dh->priv_key))
+    if (cryptodev_asym(&kop, q_len, w, q_len, s))
+         goto sw_try;
+ 
+    dh->pub_key = BN_bin2bn(w, q_len, pub_key);
+    dh->pub_key = BN_bin2bn(s, q_len, priv_key);
+     return ret;
+  sw_try:
+     {
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Removed-local-copy-of-curve_t-type.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Removed-local-copy-of-curve_t-type.patch
deleted file mode 100644
index c9d8ace86..000000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Removed-local-copy-of-curve_t-type.patch
+++ /dev/null
@@ -1,164 +0,0 @@
-From 6aaa306cdf878250d7b6eaf30978de313653886b Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta@freescale.com>
-Date: Thu, 17 Apr 2014 06:57:59 +0545
-Subject: [PATCH 13/26] Removed local copy of curve_t type
-Upstream-status: Pending
-Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
---
- crypto/engine/eng_cryptodev.c    | 34 ++++++++++++++--------------------
- crypto/engine/eng_cryptodev_ec.h |  7 -------
- 2 files changed, 14 insertions(+), 27 deletions(-)
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index ed5f20f..5d883fa 100644
--- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2398,12 +2398,6 @@ static ECDSA_METHOD cryptodev_ecdsa = {
-        NULL    /* app_data */
- };
- 
-typedef enum ec_curve_s
-{
-       EC_PRIME,
-       EC_BINARY
-} ec_curve_t;
-
- /* ENGINE handler for ECDSA Sign */
- static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
-        int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
-@@ -2420,7 +2414,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
-        const BIGNUM   *order = NULL, *priv_key=NULL;
-        const EC_GROUP *group = NULL;
-        struct crypt_kop kop;
-       ec_curve_t ec_crv = EC_PRIME;
-+       enum ec_curve_t ec_crv = EC_PRIME;
- 
-        memset(&kop, 0, sizeof(kop));
-        ecdsa = ecdsa_check(eckey);
-@@ -2553,7 +2547,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
-                        else
-                                goto err;
-                }
-               kop.curve_type = ECC_BINARY;
-+               kop.curve_type = EC_BINARY;
-        }
- 
-        /* Calculation of Generator point */
-@@ -2647,7 +2641,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
-        const EC_POINT *pub_key = NULL;
-        const BIGNUM   *order = NULL;
-        const EC_GROUP *group=NULL;
-       ec_curve_t       ec_crv = EC_PRIME;
-+       enum ec_curve_t       ec_crv = EC_PRIME;
-        struct crypt_kop kop;
- 
-        memset(&kop, 0, sizeof kop);
-@@ -2792,7 +2786,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
-                        else
-                                goto err;
-                }
-               kop.curve_type = ECC_BINARY;
-+               kop.curve_type = EC_BINARY;
-        }
- 
-        /* Calculation of Generator point */
-@@ -2893,7 +2887,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char  *dgst,
-        const BIGNUM   *order = NULL, *priv_key=NULL;
-        const EC_GROUP *group = NULL;
-        struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
-       ec_curve_t ec_crv = EC_PRIME;
-+       enum ec_curve_t ec_crv = EC_PRIME;
- 
-        if (!(sig->r = BN_new()) || !kop)
-                goto err;
-@@ -3029,7 +3023,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char  *dgst,
-                        else
-                                goto err;
-                }
-               kop->curve_type = ECC_BINARY;
-+               kop->curve_type = EC_BINARY;
-        }
- 
-        /* Calculation of Generator point */
-@@ -3105,7 +3099,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len,
-        const EC_POINT *pub_key = NULL;
-        const BIGNUM   *order = NULL;
-        const EC_GROUP *group=NULL;
-       ec_curve_t       ec_crv = EC_PRIME;
-+       enum ec_curve_t       ec_crv = EC_PRIME;
-        struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
- 
-        if (!kop)
-@@ -3247,7 +3241,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len,
-                /* copy b' i.e c(b), instead of only b */
-                eng_ec_get_cparam (EC_GROUP_get_curve_name(group),
-                        ab+q_len, q_len);
-               kop->curve_type = ECC_BINARY;
-+               kop->curve_type = EC_BINARY;
-        }
- 
-        /* Calculation of Generator point */
-@@ -3552,7 +3546,7 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
-        const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
-        void *out, size_t *outlen))
- {
-       ec_curve_t       ec_crv = EC_PRIME;
-+       enum ec_curve_t       ec_crv = EC_PRIME;
-        unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
-        BIGNUM         * w_x = NULL, *w_y = NULL;
-        int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
-@@ -3678,9 +3672,9 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
-                        else
-                                goto err;
-                }
-               kop.curve_type = ECC_BINARY;
-+               kop.curve_type = EC_BINARY;
-        } else
-               kop.curve_type = ECC_PRIME;
-+               kop.curve_type = EC_PRIME;
- 
-        priv_key_len = r_len;
- 
-@@ -3729,7 +3723,7 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
-        const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
-        void *out, size_t *outlen), struct pkc_cookie_s *cookie)
- {
-       ec_curve_t       ec_crv = EC_PRIME;
-+       enum ec_curve_t       ec_crv = EC_PRIME;
-        unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
-        BIGNUM         * w_x = NULL, *w_y = NULL;
-        int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
-@@ -3857,9 +3851,9 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
-                        else
-                                goto err;
-                }
-               kop->curve_type = ECC_BINARY;
-+               kop->curve_type = EC_BINARY;
-        } else
-               kop->curve_type = ECC_PRIME;
-+               kop->curve_type = EC_PRIME;
- 
-        priv_key_len = r_len;
- 
-diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h
-index 77aee71..a4b8da5 100644
--- a/crypto/engine/eng_cryptodev_ec.h
-+++ b/crypto/engine/eng_cryptodev_ec.h
-@@ -286,11 +286,4 @@ static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y,
- 
-        return xy;
- }
-
-enum curve_t {
-       DISCRETE_LOG,
-       ECC_PRIME,
-       ECC_BINARY,
-       MAX_ECC_TYPE
-};
- #endif
-- 
-2.3.5
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-Modulus-parameter-is-not-populated-by-dhparams.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-Modulus-parameter-is-not-populated-by-dhparams.patch
deleted file mode 100644
index 198bed702..000000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-Modulus-parameter-is-not-populated-by-dhparams.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 14623ca9e417ccef1ad3f4138acfac0ebe682f1f Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta@freescale.com>
-Date: Tue, 22 Apr 2014 22:58:33 +0545
-Subject: [PATCH 14/26] Modulus parameter is not populated by dhparams
-Upstream-status: Pending
-When dhparams are created, modulus parameter required for
-private key generation is not populated. So, falling back
-to software for proper population of modulus parameters followed
-by private key generation
-Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
---
- crypto/engine/eng_cryptodev.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 5d883fa..6d69336 100644
--- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -3364,7 +3364,7 @@ static int cryptodev_dh_keygen_async(DH *dh,  struct pkc_cookie_s *cookie)
-        kop->crk_op = CRK_DH_GENERATE_KEY;
-        if (bn2crparam(dh->p, &kop->crk_param[0]))
-                goto sw_try;
-       if (bn2crparam(dh->q, &kop->crk_param[1]))
-+       if (!dh->q || bn2crparam(dh->q, &kop->crk_param[1]))
-                goto sw_try;
-        kop->crk_param[2].crp_p = g;
-        kop->crk_param[2].crp_nbits = g_len * 8;
-@@ -3419,7 +3419,7 @@ static int cryptodev_dh_keygen(DH *dh)
-        kop.crk_op = CRK_DH_GENERATE_KEY;
-        if (bn2crparam(dh->p, &kop.crk_param[0]))
-                goto sw_try;
-       if (bn2crparam(dh->q, &kop.crk_param[1]))
-+       if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1]))
-                goto sw_try;
-        kop.crk_param[2].crp_p = g;
-        kop.crk_param[2].crp_nbits = g_len * 8;
-- 
-2.3.5
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
new file mode 100644
index 000000000..5a8c2d290
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
@@ -0,0 +1,321 @@
+From 317e3d9870097e6b115dd8c9a13ccb5e5ca76f2e Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Mon, 16 Jun 2014 14:06:21 +0300
+Subject: [PATCH 14/48] cryptodev: add support for aes-gcm algorithm offloading
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ apps/speed.c                  |   6 +-
+ crypto/engine/eng_cryptodev.c | 236 +++++++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 240 insertions(+), 2 deletions(-)
+diff --git a/apps/speed.c b/apps/speed.c
+index 95adcc1..e5e609b 100644
+--- a/apps/speed.c
+++ b/apps/speed.c
+@@ -226,7 +226,11 @@
+ # endif
+ 
+ # undef BUFSIZE
+-# define BUFSIZE ((long)1024*8+1)
+/* The buffer overhead allows GCM tag at the end of the encrypted data. This
+   avoids buffer overflows from cryptodev since Linux kernel GCM
+   implementation allways adds the tag - unlike e_aes.c:aes_gcm_cipher()
+   which doesn't */
+#define BUFSIZE        ((long)1024*8 + EVP_GCM_TLS_TAG_LEN)
+ static volatile int run = 0;
+ 
+ static int mr = 0;
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 4929ae6..d2cdca0 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -2,6 +2,7 @@
+  * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
+  * Copyright (c) 2002 Theo de Raadt
+  * Copyright (c) 2002 Markus Friedl
+ * Copyright (c) 2013-2014 Freescale Semiconductor, Inc.
+  * All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+@@ -77,8 +78,10 @@ struct dev_crypto_state {
+     struct session_op d_sess;
+     int d_fd;
+     unsigned char *aad;
+-    unsigned int aad_len;
+    int aad_len;
+     unsigned int len;
+    unsigned char *iv;
+    int ivlen;
+ # ifdef USE_CRYPTODEV_DIGESTS
+     char dummy_mac_key[HASH_MAX_LEN];
+     unsigned char digest_res[HASH_MAX_LEN];
+@@ -287,6 +290,9 @@ static struct {
+         CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20
+     },
+     {
+        CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0
+    },
+    {
+         0, NID_undef, 0, 0, 0
+     },
+ };
+@@ -325,6 +331,22 @@ static struct {
+ };
+ # endif
+ 
+/* increment counter (64-bit int) by 1 */
+static void ctr64_inc(unsigned char *counter)
+{
+    int n = 8;
+    unsigned char c;
+
+    do {
+        --n;
+        c = counter[n];
+        ++c;
+        counter[n] = c;
+        if (c)
+            return;
+    } while (n);
+}
+
+ /*
+  * Return a fd if /dev/crypto seems usable, 0 otherwise.
+  */
+@@ -807,6 +829,199 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
+     }
+ }
+ 
+static int cryptodev_init_gcm_key(EVP_CIPHER_CTX *ctx,
+                                  const unsigned char *key,
+                                  const unsigned char *iv, int enc)
+{
+    struct dev_crypto_state *state = ctx->cipher_data;
+    struct session_op *sess = &state->d_sess;
+    int cipher = -1, i;
+    if (!iv && !key)
+        return 1;
+
+    if (iv)
+        memcpy(ctx->iv, iv, ctx->cipher->iv_len);
+
+    for (i = 0; ciphers[i].id; i++)
+        if (ctx->cipher->nid == ciphers[i].nid &&
+            ctx->cipher->iv_len <= ciphers[i].ivmax &&
+            ctx->key_len == ciphers[i].keylen) {
+            cipher = ciphers[i].id;
+            break;
+        }
+
+    if (!ciphers[i].id) {
+        state->d_fd = -1;
+        return 0;
+    }
+
+    memset(sess, 0, sizeof(struct session_op));
+
+    if ((state->d_fd = get_dev_crypto()) < 0)
+        return 0;
+
+    sess->key = (unsigned char *)key;
+    sess->keylen = ctx->key_len;
+    sess->cipher = cipher;
+
+    if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
+        put_dev_crypto(state->d_fd);
+        state->d_fd = -1;
+        return 0;
+    }
+    return 1;
+}
+
+static int cryptodev_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                    const unsigned char *in, size_t len)
+{
+    struct crypt_auth_op cryp = { 0 };
+    struct dev_crypto_state *state = ctx->cipher_data;
+    struct session_op *sess = &state->d_sess;
+    int rv = len;
+
+    if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ?
+                            EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
+                            EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
+        return 0;
+
+    in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+    out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+    len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+
+    if (ctx->encrypt) {
+        len -= EVP_GCM_TLS_TAG_LEN;
+    }
+    cryp.ses = sess->ses;
+    cryp.len = len;
+    cryp.src = (unsigned char *)in;
+    cryp.dst = out;
+    cryp.auth_src = state->aad;
+    cryp.auth_len = state->aad_len;
+    cryp.iv = ctx->iv;
+    cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+
+    if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
+        return 0;
+    }
+
+    if (ctx->encrypt)
+        ctr64_inc(state->iv + state->ivlen - 8);
+    else
+        rv = len - EVP_GCM_TLS_TAG_LEN;
+
+    return rv;
+}
+
+static int cryptodev_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len)
+{
+    struct crypt_auth_op cryp;
+    struct dev_crypto_state *state = ctx->cipher_data;
+    struct session_op *sess = &state->d_sess;
+
+    if (state->d_fd < 0)
+        return 0;
+
+    if ((len % ctx->cipher->block_size) != 0)
+        return 0;
+
+    if (state->aad_len >= 0)
+        return cryptodev_gcm_tls_cipher(ctx, out, in, len);
+
+    memset(&cryp, 0, sizeof(cryp));
+
+    cryp.ses = sess->ses;
+    cryp.len = len;
+    cryp.src = (unsigned char *)in;
+    cryp.dst = out;
+    cryp.auth_src = NULL;
+    cryp.auth_len = 0;
+    cryp.iv = ctx->iv;
+    cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+
+    if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
+        return 0;
+    }
+
+    return len;
+}
+
+static int cryptodev_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                              void *ptr)
+{
+    struct dev_crypto_state *state = ctx->cipher_data;
+    switch (type) {
+    case EVP_CTRL_INIT:
+        {
+            state->ivlen = ctx->cipher->iv_len;
+            state->iv = ctx->iv;
+            state->aad_len = -1;
+            return 1;
+        }
+    case EVP_CTRL_GCM_SET_IV_FIXED:
+        {
+            /* Special case: -1 length restores whole IV */
+            if (arg == -1) {
+                memcpy(state->iv, ptr, state->ivlen);
+                return 1;
+            }
+            /*
+             * Fixed field must be at least 4 bytes and invocation field at
+             * least 8.
+             */
+            if ((arg < 4) || (state->ivlen - arg) < 8)
+                return 0;
+            if (arg)
+                memcpy(state->iv, ptr, arg);
+            if (ctx->encrypt &&
+                RAND_bytes(state->iv + arg, state->ivlen - arg) <= 0)
+                return 0;
+            return 1;
+        }
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        {
+            unsigned int len;
+            if (arg != 13)
+                return 0;
+
+            memcpy(ctx->buf, ptr, arg);
+            len = ctx->buf[arg - 2] << 8 | ctx->buf[arg - 1];
+
+            /* Correct length for explicit IV */
+            len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+
+            /* If decrypting correct for tag too */
+            if (!ctx->encrypt)
+                len -= EVP_GCM_TLS_TAG_LEN;
+
+            ctx->buf[arg - 2] = len >> 8;
+            ctx->buf[arg - 1] = len & 0xff;
+
+            state->aad = ctx->buf;
+            state->aad_len = arg;
+            state->len = len;
+
+            /* Extra padding: tag appended to record */
+            return EVP_GCM_TLS_TAG_LEN;
+        }
+    case EVP_CTRL_GCM_SET_IV_INV:
+        {
+            if (ctx->encrypt)
+                return 0;
+            memcpy(state->iv + state->ivlen - arg, ptr, arg);
+            return 1;
+        }
+    case EVP_CTRL_GCM_IV_GEN:
+        if (arg <= 0 || arg > state->ivlen)
+            arg = state->ivlen;
+        memcpy(ptr, state->iv + state->ivlen - arg, arg);
+        return 1;
+    default:
+        return -1;
+    }
+}
+
+ /*
+  * libcrypto EVP stuff - this is how we get wired to EVP so the engine
+  * gets called when libcrypto requests a cipher NID.
+@@ -947,6 +1162,22 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
+     NULL
+ };
+ 
+const EVP_CIPHER cryptodev_aes_128_gcm = {
+    NID_aes_128_gcm,
+    1, 16, 12,
+    EVP_CIPH_GCM_MODE | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1
+        | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER
+        | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT,
+    cryptodev_init_gcm_key,
+    cryptodev_gcm_cipher,
+    cryptodev_cleanup,
+    sizeof(struct dev_crypto_state),
+    EVP_CIPHER_set_asn1_iv,
+    EVP_CIPHER_get_asn1_iv,
+    cryptodev_gcm_ctrl,
+    NULL
+};
+
+ # ifdef CRYPTO_AES_CTR
+ const EVP_CIPHER cryptodev_aes_ctr = {
+     NID_aes_128_ctr,
+@@ -1041,6 +1272,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+     case NID_aes_256_cbc_hmac_sha1:
+         *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
+         break;
+    case NID_aes_128_gcm:
+        *cipher = &cryptodev_aes_128_gcm;
+        break;
+     default:
+         *cipher = NULL;
+         break;
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-SW-Backoff-mechanism-for-dsa-keygen.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-SW-Backoff-mechanism-for-dsa-keygen.patch
deleted file mode 100644
index 59330a1e0..000000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-SW-Backoff-mechanism-for-dsa-keygen.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 10be401a33e6ebcc325d6747914c70595cd53d0a Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta@freescale.com>
-Date: Thu, 24 Apr 2014 00:35:34 +0545
-Subject: [PATCH 15/26] SW Backoff mechanism for dsa keygen
-Upstream-status: Pending
-DSA Keygen is not handled in default openssl dsa method. Due to
-same null function pointer in SW DSA method, the backoff for dsa
-keygen gives segmentation fault.
-Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
---
- crypto/engine/eng_cryptodev.c | 12 ++++++++----
- 1 file changed, 8 insertions(+), 4 deletions(-)
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 6d69336..dab8fea 100644
--- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2069,8 +2069,10 @@ static int cryptodev_dsa_keygen(DSA *dsa)
-        return ret;
- sw_try:
-        {
-               const DSA_METHOD *meth = DSA_OpenSSL();
-               ret = (meth->dsa_keygen)(dsa);
-+               const DSA_METHOD *meth = dsa->meth;
-+               dsa->meth = DSA_OpenSSL();
-+               ret = DSA_generate_key(dsa);
-+               dsa->meth = meth;
-        }
-        return ret;
- }
-@@ -2124,11 +2126,13 @@ static int cryptodev_dsa_keygen_async(DSA *dsa,  struct pkc_cookie_s *cookie)
-        return ret;
- sw_try:
-        {
-               const DSA_METHOD *meth = DSA_OpenSSL();
-+               const DSA_METHOD *meth = dsa->meth;
- 
-+               dsa->meth = DSA_OpenSSL();
-                if (kop)
-                        free(kop);
-               ret = (meth->dsa_keygen)(dsa);
-+               ret = DSA_generate_key(dsa);
-+               dsa->meth = meth;
-                cookie->pkc_callback(cookie, 0);
-        }
-        return ret;
-- 
-2.3.5
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
new file mode 100644
index 000000000..623c58b98
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
@@ -0,0 +1,199 @@
+From 7dd6b35c35b027be8ef0ef2e29a949bc4ce96bbd Mon Sep 17 00:00:00 2001
+From: Tudor Ambarus <tudor.ambarus@freescale.com>
+Date: Fri, 9 May 2014 17:54:06 +0300
+Subject: [PATCH 15/48] eng_cryptodev: extend TLS offload with
+ 3des_cbc_hmac_sha1
+Both obj_mac.h and obj_dat.h were generated using the scripts
+from crypto/objects:
+$ cd crypto/objects
+$ perl objects.pl objects.txt obj_mac.num obj_mac.h
+$ perl obj_dat.pl obj_mac.h obj_dat.h
+Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 26 ++++++++++++++++++++++++++
+ crypto/objects/obj_dat.h      | 10 +++++++---
+ crypto/objects/obj_mac.h      |  4 ++++
+ crypto/objects/obj_mac.num    |  1 +
+ crypto/objects/objects.txt    |  1 +
+ ssl/ssl_ciph.c                |  4 ++++
+ 6 files changed, 43 insertions(+), 3 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index d2cdca0..8f73a18 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -132,6 +132,7 @@ static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
+ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
+                           void (*f) (void));
+ void ENGINE_load_cryptodev(void);
+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
+ 
+@@ -284,6 +285,9 @@ static struct {
+         CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0
+     },
+     {
+        CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20
+    },
+    {
+         CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20
+     },
+     {
+@@ -519,6 +523,9 @@ static int cryptodev_usable_ciphers(const int **nids)
+         case NID_aes_256_cbc_hmac_sha1:
+             EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
+             break;
+        case NID_des_ede3_cbc_hmac_sha1:
+            EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
+            break;
+         }
+     }
+     return count;
+@@ -623,6 +630,7 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+     switch (ctx->cipher->nid) {
+     case NID_aes_128_cbc_hmac_sha1:
+     case NID_aes_256_cbc_hmac_sha1:
+    case NID_des_ede3_cbc_hmac_sha1:
+         cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
+     }
+     cryp.ses = sess->ses;
+@@ -813,6 +821,7 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
+             switch (ctx->cipher->nid) {
+             case NID_aes_128_cbc_hmac_sha1:
+             case NID_aes_256_cbc_hmac_sha1:
+            case NID_des_ede3_cbc_hmac_sha1:
+                 maclen = SHA_DIGEST_LENGTH;
+             }
+ 
+@@ -1134,6 +1143,20 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
+     NULL
+ };
+ 
+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1 = {
+    NID_des_ede3_cbc_hmac_sha1,
+    8, 24, 8,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
+    cryptodev_init_aead_key,
+    cryptodev_aead_cipher,
+    cryptodev_cleanup,
+    sizeof(struct dev_crypto_state),
+    EVP_CIPHER_set_asn1_iv,
+    EVP_CIPHER_get_asn1_iv,
+    cryptodev_cbc_hmac_sha1_ctrl,
+    NULL
+};
+
+ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
+     NID_aes_128_cbc_hmac_sha1,
+     16, 16, 16,
+@@ -1255,6 +1278,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+     case NID_aes_256_cbc:
+         *cipher = &cryptodev_aes_256_cbc;
+         break;
+    case NID_des_ede3_cbc_hmac_sha1:
+        *cipher = &cryptodev_3des_cbc_hmac_sha1;
+        break;
+ # ifdef CRYPTO_AES_CTR
+     case NID_aes_128_ctr:
+         *cipher = &cryptodev_aes_ctr;
+diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
+index b7e3cf2..35d1abc 100644
+--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
+@@ -62,9 +62,9 @@
+  * [including the GNU Public Licence.]
+  */
+ 
+-#define NUM_NID 958
+-#define NUM_SN 951
+-#define NUM_LN 951
+#define NUM_NID 959
+#define NUM_SN 952
+#define NUM_LN 952
+ #define NUM_OBJ 890
+ 
+ static const unsigned char lvalues[6255]={
+@@ -2514,6 +2514,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
+        NID_jurisdictionStateOrProvinceName,11,&(lvalues[6232]),0},
+ {"jurisdictionC","jurisdictionCountryName",
+        NID_jurisdictionCountryName,11,&(lvalues[6243]),0},
+{"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
+       NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
+ };
+ 
+ static const unsigned int sn_objs[NUM_SN]={
+@@ -2592,6 +2594,7 @@ static const unsigned int sn_objs[NUM_SN]={
+ 62,    /* "DES-EDE-OFB" */
+ 33,    /* "DES-EDE3" */
+ 44,    /* "DES-EDE3-CBC" */
+958,   /* "DES-EDE3-CBC-HMAC-SHA1" */
+ 61,    /* "DES-EDE3-CFB" */
+ 658,   /* "DES-EDE3-CFB1" */
+ 659,   /* "DES-EDE3-CFB8" */
+@@ -3760,6 +3763,7 @@ static const unsigned int ln_objs[NUM_LN]={
+ 62,    /* "des-ede-ofb" */
+ 33,    /* "des-ede3" */
+ 44,    /* "des-ede3-cbc" */
+958,   /* "des-ede3-cbc-hmac-sha1" */
+ 61,    /* "des-ede3-cfb" */
+ 658,   /* "des-ede3-cfb1" */
+ 659,   /* "des-ede3-cfb8" */
+diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
+index 779c309..cb318bc 100644
+--- a/crypto/objects/obj_mac.h
+++ b/crypto/objects/obj_mac.h
+@@ -4047,6 +4047,10 @@
+ #define LN_aes_256_cbc_hmac_sha256              "aes-256-cbc-hmac-sha256"
+ #define NID_aes_256_cbc_hmac_sha256             950
+ 
+#define SN_des_ede3_cbc_hmac_sha1               "DES-EDE3-CBC-HMAC-SHA1"
+#define LN_des_ede3_cbc_hmac_sha1               "des-ede3-cbc-hmac-sha1"
+#define NID_des_ede3_cbc_hmac_sha1              958
+
+ #define SN_dhpublicnumber               "dhpublicnumber"
+ #define LN_dhpublicnumber               "X9.42 DH"
+ #define NID_dhpublicnumber              920
+diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
+index 8e5ea83..02d1bb8 100644
+--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
+@@ -955,3 +955,4 @@ ct_cert_scts                954
+ jurisdictionLocalityName               955
+ jurisdictionStateOrProvinceName                956
+ jurisdictionCountryName                957
+des_ede3_cbc_hmac_sha1         958
+diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
+index b57aabb..4e1ff18 100644
+--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
+@@ -1294,6 +1294,7 @@ kisa 1 6                : SEED-OFB      : seed-ofb
+                        : AES-128-CBC-HMAC-SHA256       : aes-128-cbc-hmac-sha256
+                        : AES-192-CBC-HMAC-SHA256       : aes-192-cbc-hmac-sha256
+                        : AES-256-CBC-HMAC-SHA256       : aes-256-cbc-hmac-sha256
+                       : DES-EDE3-CBC-HMAC-SHA1        : des-ede3-cbc-hmac-sha1
+ 
+ ISO-US 10046 2 1       : dhpublicnumber                : X9.42 DH
+ 
+diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
+index 302464e..a379273 100644
+--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
+@@ -668,6 +668,10 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+                  c->algorithm_mac == SSL_SHA256 &&
+                  (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
+             *enc = evp, *md = NULL;
+        else if (c->algorithm_enc == SSL_3DES &&
+                c->algorithm_mac == SSL_SHA1 &&
+                (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
+            *enc = evp, *md = NULL;
+         return (1);
+     } else
+         return (0);
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-Fixed-DH-keygen-pair-generator.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-Fixed-DH-keygen-pair-generator.patch
deleted file mode 100644
index 8923cb639..000000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-Fixed-DH-keygen-pair-generator.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From d2c868c6370bcc0d0a254e641907da2cdf992d62 Mon Sep 17 00:00:00 2001
-From: Yashpal Dutta <yashpal.dutta@freescale.com>
-Date: Thu, 1 May 2014 06:35:45 +0545
-Subject: [PATCH 16/26] Fixed DH keygen pair generator
-Upstream-status: Pending
-Wrong Padding results into keygen length error
-Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
---
- crypto/engine/eng_cryptodev.c | 50 ++++++++++++++++++++++++++++---------------
- 1 file changed, 33 insertions(+), 17 deletions(-)
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index dab8fea..13d924f 100644
--- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -3396,44 +3396,60 @@ sw_try:
- static int cryptodev_dh_keygen(DH *dh)
- {
-        struct crypt_kop kop;
-       int ret = 1, g_len;
-       unsigned char *g = NULL;
-+       int ret = 1, q_len = 0;
-+       unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL;
-+       BIGNUM *pub_key = NULL, *priv_key = NULL;
-+       int generate_new_key = 1;
- 
-       if (dh->priv_key == NULL)       {
-               if ((dh->priv_key=BN_new()) == NULL)
-                       goto sw_try;
-       }
-+       if (dh->priv_key)
-+               priv_key = dh->priv_key;
- 
-       if (dh->pub_key == NULL) {
-               if ((dh->pub_key=BN_new()) == NULL)
-                       goto sw_try;
-       }
-+       if (dh->pub_key)
-+               pub_key = dh->pub_key;
- 
-       g_len = BN_num_bytes(dh->p);
-+       q_len = BN_num_bytes(dh->p);
-        /**
-         * Get generator into a plain buffer. If length is less than
-         * q_len then add leading padding bytes.
-         */
-       if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
-+       if (spcf_bn2bin_ex(dh->g, &g, &q_len)) {
-+               DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+               goto sw_try;
-+       }
-+
-+       if (spcf_bn2bin_ex(dh->p, &q, &q_len)) {
-                DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-                goto sw_try;
-        }
- 
-        memset(&kop, 0, sizeof kop);
-        kop.crk_op = CRK_DH_GENERATE_KEY;
-       if (bn2crparam(dh->p, &kop.crk_param[0]))
-               goto sw_try;
-+       kop.crk_param[0].crp_p = q;
-+       kop.crk_param[0].crp_nbits = q_len * 8;
-        if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1]))
-                goto sw_try;
-        kop.crk_param[2].crp_p = g;
-       kop.crk_param[2].crp_nbits = g_len * 8;
-+       kop.crk_param[2].crp_nbits = q_len * 8;
-        kop.crk_iparams = 3;
- 
-+       s = OPENSSL_malloc (q_len);
-+       if (!s) {
-+               DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+               goto sw_try;
-+       }
-+
-+       w = OPENSSL_malloc (q_len);
-+       if (!w) {
-+               DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
-+               goto sw_try;
-+       }
-+
-        /* pub_key is or prime length while priv key is of length of order */
-       if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
-           BN_num_bytes(dh->q), dh->priv_key))
-+       if (cryptodev_asym(&kop, q_len, w, q_len, s))
-            goto sw_try;
- 
-+       dh->pub_key = BN_bin2bn(w, q_len, pub_key);
-+       dh->pub_key = BN_bin2bn(s, q_len, priv_key);
-        return ret;
- sw_try:
-        {
-- 
-2.3.5
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
new file mode 100644
index 000000000..c5866212c
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
@@ -0,0 +1,338 @@
+From 3f34089ab0a3b31ec6b31a6cbf308ca20c6ef597 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Fri, 22 Jan 2016 11:58:34 +0200
+Subject: [PATCH 16/48] eng_cryptodev: add support for TLSv1.1 record offload
+Supported cipher suites:
+- 3des-ede-cbc-sha
+- aes-128-cbc-hmac-sha
+- aes-256-cbc-hmac-sha
+Requires TLS patches on cryptodev and TLS algorithm support in Linux
+kernel driver.
+Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 96 ++++++++++++++++++++++++++++++++++++++++++-
+ crypto/objects/obj_dat.h      | 18 ++++++--
+ crypto/objects/obj_mac.h      | 12 ++++++
+ crypto/objects/obj_mac.num    |  3 ++
+ crypto/objects/objects.txt    |  3 ++
+ ssl/ssl_ciph.c                | 28 ++++++++++---
+ 6 files changed, 151 insertions(+), 9 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 8f73a18..e37a661 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -66,6 +66,7 @@ void ENGINE_load_cryptodev(void)
+ # include <sys/ioctl.h>
+ # include <errno.h>
+ # include <stdio.h>
+# include <stdbool.h>
+ # include <unistd.h>
+ # include <fcntl.h>
+ # include <stdarg.h>
+@@ -135,6 +136,9 @@ void ENGINE_load_cryptodev(void);
+ const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
+const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
+const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
+const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
+ 
+ inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
+ {
+@@ -294,6 +298,18 @@ static struct {
+         CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20
+     },
+     {
+        CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8,
+        24, 20
+    },
+    {
+        CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16,
+        20
+    },
+    {
+        CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32,
+        20
+    },
+    {
+         CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0
+     },
+     {
+@@ -526,6 +542,15 @@ static int cryptodev_usable_ciphers(const int **nids)
+         case NID_des_ede3_cbc_hmac_sha1:
+             EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
+             break;
+        case NID_tls11_des_ede3_cbc_hmac_sha1:
+            EVP_add_cipher(&cryptodev_tls11_3des_cbc_hmac_sha1);
+            break;
+        case NID_tls11_aes_128_cbc_hmac_sha1:
+            EVP_add_cipher(&cryptodev_tls11_aes_128_cbc_hmac_sha1);
+            break;
+        case NID_tls11_aes_256_cbc_hmac_sha1:
+            EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
+            break;
+         }
+     }
+     return count;
+@@ -631,6 +656,9 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+     case NID_aes_128_cbc_hmac_sha1:
+     case NID_aes_256_cbc_hmac_sha1:
+     case NID_des_ede3_cbc_hmac_sha1:
+    case NID_tls11_des_ede3_cbc_hmac_sha1:
+    case NID_tls11_aes_128_cbc_hmac_sha1:
+    case NID_tls11_aes_256_cbc_hmac_sha1:
+         cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
+     }
+     cryp.ses = sess->ses;
+@@ -810,8 +838,9 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
+             struct dev_crypto_state *state = ctx->cipher_data;
+             unsigned char *p = ptr;
+             unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
+-            unsigned int maclen, padlen;
+            unsigned int maclen, padlen, len;
+             unsigned int bs = ctx->cipher->block_size;
+            bool aad_needs_fix = false;
+ 
+             state->aad = ptr;
+             state->aad_len = arg;
+@@ -823,6 +852,20 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
+             case NID_aes_256_cbc_hmac_sha1:
+             case NID_des_ede3_cbc_hmac_sha1:
+                 maclen = SHA_DIGEST_LENGTH;
+                break;
+            case NID_tls11_des_ede3_cbc_hmac_sha1:
+            case NID_tls11_aes_128_cbc_hmac_sha1:
+            case NID_tls11_aes_256_cbc_hmac_sha1:
+                maclen = SHA_DIGEST_LENGTH;
+                aad_needs_fix = true;
+                break;
+            }
+
+            /* Correct length for AAD Length field */
+            if (ctx->encrypt && aad_needs_fix) {
+                len = cryptlen - bs;
+                p[arg - 2] = len >> 8;
+                p[arg - 1] = len & 0xff;
+             }
+ 
+             /* space required for encryption (not only TLS padding) */
+@@ -1185,6 +1228,48 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
+     NULL
+ };
+ 
+const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1 = {
+    NID_tls11_des_ede3_cbc_hmac_sha1,
+    8, 24, 8,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
+    cryptodev_init_aead_key,
+    cryptodev_aead_cipher,
+    cryptodev_cleanup,
+    sizeof(struct dev_crypto_state),
+    EVP_CIPHER_set_asn1_iv,
+    EVP_CIPHER_get_asn1_iv,
+    cryptodev_cbc_hmac_sha1_ctrl,
+    NULL
+};
+
+const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1 = {
+    NID_tls11_aes_128_cbc_hmac_sha1,
+    16, 16, 16,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
+    cryptodev_init_aead_key,
+    cryptodev_aead_cipher,
+    cryptodev_cleanup,
+    sizeof(struct dev_crypto_state),
+    EVP_CIPHER_set_asn1_iv,
+    EVP_CIPHER_get_asn1_iv,
+    cryptodev_cbc_hmac_sha1_ctrl,
+    NULL
+};
+
+const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
+    NID_tls11_aes_256_cbc_hmac_sha1,
+    16, 32, 16,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
+    cryptodev_init_aead_key,
+    cryptodev_aead_cipher,
+    cryptodev_cleanup,
+    sizeof(struct dev_crypto_state),
+    EVP_CIPHER_set_asn1_iv,
+    EVP_CIPHER_get_asn1_iv,
+    cryptodev_cbc_hmac_sha1_ctrl,
+    NULL
+};
+
+ const EVP_CIPHER cryptodev_aes_128_gcm = {
+     NID_aes_128_gcm,
+     1, 16, 12,
+@@ -1298,6 +1383,15 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+     case NID_aes_256_cbc_hmac_sha1:
+         *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
+         break;
+    case NID_tls11_des_ede3_cbc_hmac_sha1:
+        *cipher = &cryptodev_tls11_3des_cbc_hmac_sha1;
+        break;
+    case NID_tls11_aes_128_cbc_hmac_sha1:
+        *cipher = &cryptodev_tls11_aes_128_cbc_hmac_sha1;
+        break;
+    case NID_tls11_aes_256_cbc_hmac_sha1:
+        *cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1;
+        break;
+     case NID_aes_128_gcm:
+         *cipher = &cryptodev_aes_128_gcm;
+         break;
+diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
+index 35d1abc..4dd32a1 100644
+--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
+@@ -62,9 +62,9 @@
+  * [including the GNU Public Licence.]
+  */
+ 
+-#define NUM_NID 959
+-#define NUM_SN 952
+-#define NUM_LN 952
+#define NUM_NID 962
+#define NUM_SN 955
+#define NUM_LN 955
+ #define NUM_OBJ 890
+ 
+ static const unsigned char lvalues[6255]={
+@@ -2516,6 +2516,12 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
+        NID_jurisdictionCountryName,11,&(lvalues[6243]),0},
+ {"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
+        NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
+{"TLS11-DES-EDE3-CBC-HMAC-SHA1","tls11-des-ede3-cbc-hmac-sha1",
+       NID_tls11_des_ede3_cbc_hmac_sha1,0,NULL,0},
+{"TLS11-AES-128-CBC-HMAC-SHA1","tls11-aes-128-cbc-hmac-sha1",
+       NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
+{"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
+       NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
+ };
+ 
+ static const unsigned int sn_objs[NUM_SN]={
+@@ -2705,6 +2711,9 @@ static const unsigned int sn_objs[NUM_SN]={
+ 100,   /* "SN" */
+ 16,    /* "ST" */
+ 143,   /* "SXNetID" */
+960,   /* "TLS11-AES-128-CBC-HMAC-SHA1" */
+961,   /* "TLS11-AES-256-CBC-HMAC-SHA1" */
+959,   /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
+ 458,   /* "UID" */
+  0,    /* "UNDEF" */
+ 11,    /* "X500" */
+@@ -4396,6 +4405,9 @@ static const unsigned int ln_objs[NUM_LN]={
+ 459,   /* "textEncodedORAddress" */
+ 293,   /* "textNotice" */
+ 106,   /* "title" */
+960,   /* "tls11-aes-128-cbc-hmac-sha1" */
+961,   /* "tls11-aes-256-cbc-hmac-sha1" */
+959,   /* "tls11-des-ede3-cbc-hmac-sha1" */
+ 682,   /* "tpBasis" */
+ 436,   /* "ucl" */
+  0,    /* "undefined" */
+diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
+index cb318bc..5930563 100644
+--- a/crypto/objects/obj_mac.h
+++ b/crypto/objects/obj_mac.h
+@@ -4051,6 +4051,18 @@
+ #define LN_des_ede3_cbc_hmac_sha1               "des-ede3-cbc-hmac-sha1"
+ #define NID_des_ede3_cbc_hmac_sha1              958
+ 
+#define SN_tls11_des_ede3_cbc_hmac_sha1         "TLS11-DES-EDE3-CBC-HMAC-SHA1"
+#define LN_tls11_des_ede3_cbc_hmac_sha1         "tls11-des-ede3-cbc-hmac-sha1"
+#define NID_tls11_des_ede3_cbc_hmac_sha1                959
+
+#define SN_tls11_aes_128_cbc_hmac_sha1          "TLS11-AES-128-CBC-HMAC-SHA1"
+#define LN_tls11_aes_128_cbc_hmac_sha1          "tls11-aes-128-cbc-hmac-sha1"
+#define NID_tls11_aes_128_cbc_hmac_sha1         960
+
+#define SN_tls11_aes_256_cbc_hmac_sha1          "TLS11-AES-256-CBC-HMAC-SHA1"
+#define LN_tls11_aes_256_cbc_hmac_sha1          "tls11-aes-256-cbc-hmac-sha1"
+#define NID_tls11_aes_256_cbc_hmac_sha1         961
+
+ #define SN_dhpublicnumber               "dhpublicnumber"
+ #define LN_dhpublicnumber               "X9.42 DH"
+ #define NID_dhpublicnumber              920
+diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
+index 02d1bb8..02f1728 100644
+--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
+@@ -956,3 +956,6 @@ jurisdictionLocalityName            955
+ jurisdictionStateOrProvinceName                956
+ jurisdictionCountryName                957
+ des_ede3_cbc_hmac_sha1         958
+tls11_des_ede3_cbc_hmac_sha1           959
+tls11_aes_128_cbc_hmac_sha1            960
+tls11_aes_256_cbc_hmac_sha1            961
+diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
+index 4e1ff18..cda81da 100644
+--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
+@@ -1295,6 +1295,9 @@ kisa 1 6                : SEED-OFB      : seed-ofb
+                        : AES-192-CBC-HMAC-SHA256       : aes-192-cbc-hmac-sha256
+                        : AES-256-CBC-HMAC-SHA256       : aes-256-cbc-hmac-sha256
+                        : DES-EDE3-CBC-HMAC-SHA1        : des-ede3-cbc-hmac-sha1
+                       : TLS11-DES-EDE3-CBC-HMAC-SHA1  : tls11-des-ede3-cbc-hmac-sha1
+                       : TLS11-AES-128-CBC-HMAC-SHA1   : tls11-aes-128-cbc-hmac-sha1
+                       : TLS11-AES-256-CBC-HMAC-SHA1   : tls11-aes-256-cbc-hmac-sha1
+ 
+ ISO-US 10046 2 1       : dhpublicnumber                : X9.42 DH
+ 
+diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
+index a379273..e3d73ac 100644
+--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
+@@ -652,11 +652,13 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+             c->algorithm_mac == SSL_MD5 &&
+             (evp = EVP_get_cipherbyname("RC4-HMAC-MD5")))
+             *enc = evp, *md = NULL;
+-        else if (c->algorithm_enc == SSL_AES128 &&
+        else if (s->ssl_version == TLS1_VERSION &&
+                 c->algorithm_enc == SSL_AES128 &&
+                  c->algorithm_mac == SSL_SHA1 &&
+                  (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
+             *enc = evp, *md = NULL;
+-        else if (c->algorithm_enc == SSL_AES256 &&
+        else if (s->ssl_version == TLS1_VERSION &&
+                 c->algorithm_enc == SSL_AES256 &&
+                  c->algorithm_mac == SSL_SHA1 &&
+                  (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
+             *enc = evp, *md = NULL;
+@@ -668,9 +670,25 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+                  c->algorithm_mac == SSL_SHA256 &&
+                  (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
+             *enc = evp, *md = NULL;
+-        else if (c->algorithm_enc == SSL_3DES &&
+-                c->algorithm_mac == SSL_SHA1 &&
+-                (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
+        else if (s->ssl_version == TLS1_VERSION &&
+                 c->algorithm_enc == SSL_3DES &&
+                 c->algorithm_mac == SSL_SHA1 &&
+                 (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
+            *enc = evp, *md = NULL;
+        else if (s->ssl_version == TLS1_1_VERSION &&
+                 c->algorithm_enc == SSL_3DES &&
+                 c->algorithm_mac == SSL_SHA1 &&
+                 (evp = EVP_get_cipherbyname("TLS11-DES-EDE3-CBC-HMAC-SHA1")))
+            *enc = evp, *md = NULL;
+        else if (s->ssl_version == TLS1_1_VERSION &&
+                 c->algorithm_enc == SSL_AES128 &&
+                 c->algorithm_mac == SSL_SHA1 &&
+                 (evp = EVP_get_cipherbyname("TLS11-AES-128-CBC-HMAC-SHA1")))
+            *enc = evp, *md = NULL;
+        else if (s->ssl_version == TLS1_1_VERSION &&
+                 c->algorithm_enc == SSL_AES256 &&
+                 c->algorithm_mac == SSL_SHA1 &&
+                 (evp = EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
+             *enc = evp, *md = NULL;
+         return (1);
+     } else
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
deleted file mode 100644
index bd9e61ac0..000000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
+++ /dev/null
@@ -1,309 +0,0 @@
-From 11b55103463bac614e00d74e9f196ec4ec6bade1 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@freescale.com>
-Date: Mon, 16 Jun 2014 14:06:21 +0300
-Subject: [PATCH 17/26] cryptodev: add support for aes-gcm algorithm offloading
-Change-Id: I3b77dc5ef8b8f707309549244a02852d95b36168
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/17226
---
- apps/speed.c                  |   6 +-
- crypto/engine/eng_cryptodev.c | 229 +++++++++++++++++++++++++++++++++++++++++-
- 2 files changed, 233 insertions(+), 2 deletions(-)
-diff --git a/apps/speed.c b/apps/speed.c
-index 9886ca3..099dede 100644
--- a/apps/speed.c
-+++ b/apps/speed.c
-@@ -224,7 +224,11 @@
- #endif
- 
- #undef BUFSIZE
-#define BUFSIZE        ((long)1024*8+1)
-+/* The buffer overhead allows GCM tag at the end of the encrypted data. This
-+   avoids buffer overflows from cryptodev since Linux kernel GCM
-+   implementation allways adds the tag - unlike e_aes.c:aes_gcm_cipher()
-+   which doesn't */
-+#define BUFSIZE        ((long)1024*8 + EVP_GCM_TLS_TAG_LEN)
- int run=0;
- 
- static int mr=0;
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 13d924f..4493490 100644
--- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -78,8 +78,10 @@ struct dev_crypto_state {
-        struct session_op d_sess;
-        int d_fd;
-        unsigned char *aad;
-       unsigned int aad_len;
-+       int aad_len;
-        unsigned int len;
-+       unsigned char *iv;
-+       int ivlen;
- 
- #ifdef USE_CRYPTODEV_DIGESTS
-        char dummy_mac_key[HASH_MAX_LEN];
-@@ -251,6 +253,7 @@ static struct {
-        { CRYPTO_SKIPJACK_CBC,  NID_undef,        0,  0,  0},
-        { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
-        { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
-+       { CRYPTO_AES_GCM,       NID_aes_128_gcm,  16, 16, 0},
-        { 0, NID_undef, 0, 0, 0},
- };
- 
-@@ -271,6 +274,19 @@ static struct {
- };
- #endif
- 
-+/* increment counter (64-bit int) by 1 */
-+static void ctr64_inc(unsigned char *counter) {
-+       int n=8;
-+       unsigned char  c;
-+
-+       do {
-+               --n;
-+               c = counter[n];
-+               ++c;
-+               counter[n] = c;
-+               if (c) return;
-+       } while (n);
-+}
- /*
-  * Return a fd if /dev/crypto seems usable, 0 otherwise.
-  */
-@@ -762,6 +778,197 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
-        }
- }
- 
-+static int cryptodev_init_gcm_key(EVP_CIPHER_CTX *ctx,
-+       const unsigned char *key, const unsigned char *iv, int enc)
-+{
-+       struct dev_crypto_state *state = ctx->cipher_data;
-+       struct session_op *sess = &state->d_sess;
-+       int cipher = -1, i;
-+       if (!iv && !key)
-+               return 1;
-+
-+       if (iv)
-+               memcpy(ctx->iv, iv, ctx->cipher->iv_len);
-+
-+       for (i = 0; ciphers[i].id; i++)
-+               if (ctx->cipher->nid == ciphers[i].nid &&
-+                   ctx->cipher->iv_len <= ciphers[i].ivmax &&
-+                   ctx->key_len == ciphers[i].keylen) {
-+                       cipher = ciphers[i].id;
-+                       break;
-+               }
-+
-+       if (!ciphers[i].id) {
-+               state->d_fd = -1;
-+               return 0;
-+       }
-+
-+       memset(sess, 0, sizeof(struct session_op));
-+
-+       if ((state->d_fd = get_dev_crypto()) < 0)
-+               return 0;
-+
-+       sess->key = (unsigned char *) key;
-+       sess->keylen = ctx->key_len;
-+       sess->cipher = cipher;
-+
-+       if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
-+               put_dev_crypto(state->d_fd);
-+               state->d_fd = -1;
-+               return 0;
-+       }
-+       return 1;
-+}
-+
-+static int cryptodev_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+               const unsigned char *in, size_t len)
-+{
-+       struct crypt_auth_op cryp = {0};
-+       struct dev_crypto_state *state = ctx->cipher_data;
-+       struct session_op *sess = &state->d_sess;
-+       int rv = len;
-+
-+       if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ?
-+                       EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
-+                       EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
-+               return 0;
-+
-+       in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-+       out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-+       len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
-+
-+       if (ctx->encrypt) {
-+               len -= EVP_GCM_TLS_TAG_LEN;
-+       }
-+       cryp.ses = sess->ses;
-+       cryp.len = len;
-+       cryp.src = (unsigned char*) in;
-+       cryp.dst = out;
-+       cryp.auth_src = state->aad;
-+       cryp.auth_len = state->aad_len;
-+       cryp.iv = ctx->iv;
-+       cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-+
-+       if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
-+               return 0;
-+       }
-+
-+       if (ctx->encrypt)
-+               ctr64_inc(state->iv + state->ivlen - 8);
-+       else
-+               rv = len - EVP_GCM_TLS_TAG_LEN;
-+
-+       return rv;
-+}
-+
-+static int cryptodev_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+               const unsigned char *in, size_t len)
-+{
-+       struct crypt_auth_op cryp;
-+       struct dev_crypto_state *state = ctx->cipher_data;
-+       struct session_op *sess = &state->d_sess;
-+
-+       if (state->d_fd < 0)
-+               return 0;
-+
-+       if ((len % ctx->cipher->block_size) != 0)
-+               return 0;
-+
-+       if (state->aad_len >= 0)
-+               return cryptodev_gcm_tls_cipher(ctx, out, in, len);
-+
-+       memset(&cryp, 0, sizeof(cryp));
-+
-+       cryp.ses = sess->ses;
-+       cryp.len = len;
-+       cryp.src = (unsigned char*) in;
-+       cryp.dst = out;
-+       cryp.auth_src = NULL;
-+       cryp.auth_len = 0;
-+       cryp.iv = ctx->iv;
-+       cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-+
-+       if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
-+               return 0;
-+       }
-+
-+       return len;
-+}
-+
-+static int cryptodev_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
-+               void *ptr)
-+{
-+       struct dev_crypto_state *state = ctx->cipher_data;
-+       switch (type) {
-+       case EVP_CTRL_INIT:
-+       {
-+               state->ivlen = ctx->cipher->iv_len;
-+               state->iv = ctx->iv;
-+               state->aad_len = -1;
-+               return 1;
-+       }
-+       case EVP_CTRL_GCM_SET_IV_FIXED:
-+       {
-+               /* Special case: -1 length restores whole IV */
-+               if (arg == -1)
-+                       {
-+                       memcpy(state->iv, ptr, state->ivlen);
-+                       return 1;
-+                       }
-+               /* Fixed field must be at least 4 bytes and invocation field
-+                * at least 8.
-+                */
-+               if ((arg < 4) || (state->ivlen - arg) < 8)
-+                       return 0;
-+               if (arg)
-+                       memcpy(state->iv, ptr, arg);
-+               if (ctx->encrypt &&
-+                       RAND_bytes(state->iv + arg, state->ivlen - arg) <= 0)
-+                       return 0;
-+               return 1;
-+       }
-+       case EVP_CTRL_AEAD_TLS1_AAD:
-+       {
-+               unsigned int len;
-+               if (arg != 13)
-+                       return 0;
-+
-+               memcpy(ctx->buf, ptr, arg);
-+               len=ctx->buf[arg-2] << 8 | ctx->buf[arg-1];
-+
-+               /* Correct length for explicit IV */
-+               len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
-+
-+               /* If decrypting correct for tag too */
-+               if (!ctx->encrypt)
-+                       len -= EVP_GCM_TLS_TAG_LEN;
-+
-+               ctx->buf[arg-2] = len >> 8;
-+               ctx->buf[arg-1] = len & 0xff;
-+
-+               state->aad = ctx->buf;
-+               state->aad_len = arg;
-+               state->len = len;
-+
-+               /* Extra padding: tag appended to record */
-+               return EVP_GCM_TLS_TAG_LEN;
-+       }
-+       case EVP_CTRL_GCM_SET_IV_INV:
-+       {
-+               if (ctx->encrypt)
-+                       return 0;
-+               memcpy(state->iv + state->ivlen - arg, ptr, arg);
-+               return 1;
-+       }
-+       case EVP_CTRL_GCM_IV_GEN:
-+               if (arg <= 0 || arg > state->ivlen)
-+                       arg = state->ivlen;
-+               memcpy(ptr, state->iv + state->ivlen - arg, arg);
-+               return 1;
-+       default:
-+               return -1;
-+       }
-+}
- /*
-  * libcrypto EVP stuff - this is how we get wired to EVP so the engine
-  * gets called when libcrypto requests a cipher NID.
-@@ -901,6 +1108,23 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
-        cryptodev_cbc_hmac_sha1_ctrl,
-        NULL
- };
-+
-+const EVP_CIPHER cryptodev_aes_128_gcm = {
-+       NID_aes_128_gcm,
-+       1, 16, 12,
-+       EVP_CIPH_GCM_MODE | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1 \
-+       | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
-+       | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT,
-+       cryptodev_init_gcm_key,
-+       cryptodev_gcm_cipher,
-+       cryptodev_cleanup,
-+       sizeof(struct dev_crypto_state),
-+       EVP_CIPHER_set_asn1_iv,
-+       EVP_CIPHER_get_asn1_iv,
-+       cryptodev_gcm_ctrl,
-+       NULL
-+};
-+
- /*
-  * Registered by the ENGINE when used to find out how to deal with
-  * a particular NID in the ENGINE. this says what we'll do at the
-@@ -944,6 +1168,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-        case NID_aes_256_cbc_hmac_sha1:
-                *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
-                break;
-+       case NID_aes_128_gcm:
-+               *cipher = &cryptodev_aes_128_gcm;
-+               break;
-        default:
-                *cipher = NULL;
-                break;
-- 
-2.3.5
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
new file mode 100644
index 000000000..5e65ec6ee
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
@@ -0,0 +1,377 @@
+From 4c1531a088076118ce3c06cb0af15998f0796cb3 Mon Sep 17 00:00:00 2001
+From: Tudor Ambarus <tudor.ambarus@freescale.com>
+Date: Tue, 31 Mar 2015 16:32:35 +0300
+Subject: [PATCH 17/48] eng_cryptodev: add support for TLSv1.2 record offload
+Supported cipher suites:
+- 3des-ede-cbc-sha
+- aes-128-cbc-hmac-sha
+- aes-256-cbc-hmac-sha
+- aes-128-cbc-hmac-sha256
+- aes-256-cbc-hmac-sha256
+Requires TLS patches on cryptodev and TLS algorithm support in Linux
+kernel driver.
+Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 138 ++++++++++++++++++++++++++++++++++++++++++
+ crypto/objects/obj_dat.h      |  26 +++++++-
+ crypto/objects/obj_mac.h      |  20 ++++++
+ crypto/objects/obj_mac.num    |   5 ++
+ crypto/objects/objects.txt    |   5 ++
+ ssl/ssl_ciph.c                |  25 ++++++++
+ 6 files changed, 216 insertions(+), 3 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index e37a661..e6f9f16 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -139,6 +139,11 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1;
+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1;
+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1;
+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256;
+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256;
+ 
+ inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
+ {
+@@ -310,6 +315,26 @@ static struct {
+         20
+     },
+     {
+        CRYPTO_TLS12_3DES_CBC_HMAC_SHA1, NID_tls12_des_ede3_cbc_hmac_sha1, 8,
+        24, 20
+    },
+    {
+        CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_128_cbc_hmac_sha1, 16, 16,
+        20
+    },
+    {
+        CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_256_cbc_hmac_sha1, 16, 32,
+        20
+    },
+    {
+        CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_128_cbc_hmac_sha256, 16,
+        16, 32
+    },
+    {
+        CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_256_cbc_hmac_sha256, 16,
+        32, 32
+    },
+    {
+         CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0
+     },
+     {
+@@ -551,6 +576,21 @@ static int cryptodev_usable_ciphers(const int **nids)
+         case NID_tls11_aes_256_cbc_hmac_sha1:
+             EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
+             break;
+        case NID_tls12_des_ede3_cbc_hmac_sha1:
+            EVP_add_cipher(&cryptodev_tls12_3des_cbc_hmac_sha1);
+            break;
+        case NID_tls12_aes_128_cbc_hmac_sha1:
+            EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha1);
+            break;
+        case NID_tls12_aes_256_cbc_hmac_sha1:
+            EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha1);
+            break;
+        case NID_tls12_aes_128_cbc_hmac_sha256:
+            EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha256);
+            break;
+        case NID_tls12_aes_256_cbc_hmac_sha256:
+            EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha256);
+            break;
+         }
+     }
+     return count;
+@@ -659,6 +699,11 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+     case NID_tls11_des_ede3_cbc_hmac_sha1:
+     case NID_tls11_aes_128_cbc_hmac_sha1:
+     case NID_tls11_aes_256_cbc_hmac_sha1:
+    case NID_tls12_des_ede3_cbc_hmac_sha1:
+    case NID_tls12_aes_128_cbc_hmac_sha1:
+    case NID_tls12_aes_256_cbc_hmac_sha1:
+    case NID_tls12_aes_128_cbc_hmac_sha256:
+    case NID_tls12_aes_256_cbc_hmac_sha256:
+         cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
+     }
+     cryp.ses = sess->ses;
+@@ -856,9 +901,17 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
+             case NID_tls11_des_ede3_cbc_hmac_sha1:
+             case NID_tls11_aes_128_cbc_hmac_sha1:
+             case NID_tls11_aes_256_cbc_hmac_sha1:
+            case NID_tls12_des_ede3_cbc_hmac_sha1:
+            case NID_tls12_aes_128_cbc_hmac_sha1:
+            case NID_tls12_aes_256_cbc_hmac_sha1:
+                 maclen = SHA_DIGEST_LENGTH;
+                 aad_needs_fix = true;
+                 break;
+            case NID_tls12_aes_128_cbc_hmac_sha256:
+            case NID_tls12_aes_256_cbc_hmac_sha256:
+                maclen = SHA256_DIGEST_LENGTH;
+                aad_needs_fix = true;
+                break;
+             }
+ 
+             /* Correct length for AAD Length field */
+@@ -1270,6 +1323,76 @@ const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
+     NULL
+ };
+ 
+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1 = {
+    NID_tls12_des_ede3_cbc_hmac_sha1,
+    8, 24, 8,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
+    cryptodev_init_aead_key,
+    cryptodev_aead_cipher,
+    cryptodev_cleanup,
+    sizeof(struct dev_crypto_state),
+    EVP_CIPHER_set_asn1_iv,
+    EVP_CIPHER_get_asn1_iv,
+    cryptodev_cbc_hmac_sha1_ctrl,
+    NULL
+};
+
+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1 = {
+    NID_tls12_aes_128_cbc_hmac_sha1,
+    16, 16, 16,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
+    cryptodev_init_aead_key,
+    cryptodev_aead_cipher,
+    cryptodev_cleanup,
+    sizeof(struct dev_crypto_state),
+    EVP_CIPHER_set_asn1_iv,
+    EVP_CIPHER_get_asn1_iv,
+    cryptodev_cbc_hmac_sha1_ctrl,
+    NULL
+};
+
+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1 = {
+    NID_tls12_aes_256_cbc_hmac_sha1,
+    16, 32, 16,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
+    cryptodev_init_aead_key,
+    cryptodev_aead_cipher,
+    cryptodev_cleanup,
+    sizeof(struct dev_crypto_state),
+    EVP_CIPHER_set_asn1_iv,
+    EVP_CIPHER_get_asn1_iv,
+    cryptodev_cbc_hmac_sha1_ctrl,
+    NULL
+};
+
+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256 = {
+    NID_tls12_aes_128_cbc_hmac_sha256,
+    16, 16, 16,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
+    cryptodev_init_aead_key,
+    cryptodev_aead_cipher,
+    cryptodev_cleanup,
+    sizeof(struct dev_crypto_state),
+    EVP_CIPHER_set_asn1_iv,
+    EVP_CIPHER_get_asn1_iv,
+    cryptodev_cbc_hmac_sha1_ctrl,
+    NULL
+};
+
+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256 = {
+    NID_tls12_aes_256_cbc_hmac_sha256,
+    16, 32, 16,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
+    cryptodev_init_aead_key,
+    cryptodev_aead_cipher,
+    cryptodev_cleanup,
+    sizeof(struct dev_crypto_state),
+    EVP_CIPHER_set_asn1_iv,
+    EVP_CIPHER_get_asn1_iv,
+    cryptodev_cbc_hmac_sha1_ctrl,
+    NULL
+};
+
+ const EVP_CIPHER cryptodev_aes_128_gcm = {
+     NID_aes_128_gcm,
+     1, 16, 12,
+@@ -1395,6 +1518,21 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+     case NID_aes_128_gcm:
+         *cipher = &cryptodev_aes_128_gcm;
+         break;
+    case NID_tls12_des_ede3_cbc_hmac_sha1:
+        *cipher = &cryptodev_tls12_3des_cbc_hmac_sha1;
+        break;
+    case NID_tls12_aes_128_cbc_hmac_sha1:
+        *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha1;
+        break;
+    case NID_tls12_aes_256_cbc_hmac_sha1:
+        *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha1;
+        break;
+    case NID_tls12_aes_128_cbc_hmac_sha256:
+        *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha256;
+        break;
+    case NID_tls12_aes_256_cbc_hmac_sha256:
+        *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha256;
+        break;
+     default:
+         *cipher = NULL;
+         break;
+diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
+index 4dd32a1..e3a2505 100644
+--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
+@@ -62,9 +62,9 @@
+  * [including the GNU Public Licence.]
+  */
+ 
+-#define NUM_NID 962
+-#define NUM_SN 955
+-#define NUM_LN 955
+#define NUM_NID 967
+#define NUM_SN 960
+#define NUM_LN 960
+ #define NUM_OBJ 890
+ 
+ static const unsigned char lvalues[6255]={
+@@ -2522,6 +2522,16 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
+        NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
+ {"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
+        NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
+{"TLS12-DES-EDE3-CBC-HMAC-SHA1","tls12-des-ede3-cbc-hmac-sha1",
+       NID_tls12_des_ede3_cbc_hmac_sha1,0,NULL,0},
+{"TLS12-AES-128-CBC-HMAC-SHA1","tls12-aes-128-cbc-hmac-sha1",
+       NID_tls12_aes_128_cbc_hmac_sha1,0,NULL,0},
+{"TLS12-AES-256-CBC-HMAC-SHA1","tls12-aes-256-cbc-hmac-sha1",
+       NID_tls12_aes_256_cbc_hmac_sha1,0,NULL,0},
+{"TLS12-AES-128-CBC-HMAC-SHA256","tls12-aes-128-cbc-hmac-sha256",
+       NID_tls12_aes_128_cbc_hmac_sha256,0,NULL,0},
+{"TLS12-AES-256-CBC-HMAC-SHA256","tls12-aes-256-cbc-hmac-sha256",
+       NID_tls12_aes_256_cbc_hmac_sha256,0,NULL,0},
+ };
+ 
+ static const unsigned int sn_objs[NUM_SN]={
+@@ -2714,6 +2724,11 @@ static const unsigned int sn_objs[NUM_SN]={
+ 960,   /* "TLS11-AES-128-CBC-HMAC-SHA1" */
+ 961,   /* "TLS11-AES-256-CBC-HMAC-SHA1" */
+ 959,   /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
+963,   /* "TLS12-AES-128-CBC-HMAC-SHA1" */
+965,   /* "TLS12-AES-128-CBC-HMAC-SHA256" */
+964,   /* "TLS12-AES-256-CBC-HMAC-SHA1" */
+966,   /* "TLS12-AES-256-CBC-HMAC-SHA256" */
+962,   /* "TLS12-DES-EDE3-CBC-HMAC-SHA1" */
+ 458,   /* "UID" */
+  0,    /* "UNDEF" */
+ 11,    /* "X500" */
+@@ -4408,6 +4423,11 @@ static const unsigned int ln_objs[NUM_LN]={
+ 960,   /* "tls11-aes-128-cbc-hmac-sha1" */
+ 961,   /* "tls11-aes-256-cbc-hmac-sha1" */
+ 959,   /* "tls11-des-ede3-cbc-hmac-sha1" */
+963,   /* "tls12-aes-128-cbc-hmac-sha1" */
+965,   /* "tls12-aes-128-cbc-hmac-sha256" */
+964,   /* "tls12-aes-256-cbc-hmac-sha1" */
+966,   /* "tls12-aes-256-cbc-hmac-sha256" */
+962,   /* "tls12-des-ede3-cbc-hmac-sha1" */
+ 682,   /* "tpBasis" */
+ 436,   /* "ucl" */
+  0,    /* "undefined" */
+diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
+index 5930563..f4a81cb 100644
+--- a/crypto/objects/obj_mac.h
+++ b/crypto/objects/obj_mac.h
+@@ -4063,6 +4063,26 @@
+ #define LN_tls11_aes_256_cbc_hmac_sha1          "tls11-aes-256-cbc-hmac-sha1"
+ #define NID_tls11_aes_256_cbc_hmac_sha1         961
+ 
+#define SN_tls12_des_ede3_cbc_hmac_sha1         "TLS12-DES-EDE3-CBC-HMAC-SHA1"
+#define LN_tls12_des_ede3_cbc_hmac_sha1         "tls12-des-ede3-cbc-hmac-sha1"
+#define NID_tls12_des_ede3_cbc_hmac_sha1                962
+
+#define SN_tls12_aes_128_cbc_hmac_sha1          "TLS12-AES-128-CBC-HMAC-SHA1"
+#define LN_tls12_aes_128_cbc_hmac_sha1          "tls12-aes-128-cbc-hmac-sha1"
+#define NID_tls12_aes_128_cbc_hmac_sha1         963
+
+#define SN_tls12_aes_256_cbc_hmac_sha1          "TLS12-AES-256-CBC-HMAC-SHA1"
+#define LN_tls12_aes_256_cbc_hmac_sha1          "tls12-aes-256-cbc-hmac-sha1"
+#define NID_tls12_aes_256_cbc_hmac_sha1         964
+
+#define SN_tls12_aes_128_cbc_hmac_sha256                "TLS12-AES-128-CBC-HMAC-SHA256"
+#define LN_tls12_aes_128_cbc_hmac_sha256                "tls12-aes-128-cbc-hmac-sha256"
+#define NID_tls12_aes_128_cbc_hmac_sha256               965
+
+#define SN_tls12_aes_256_cbc_hmac_sha256                "TLS12-AES-256-CBC-HMAC-SHA256"
+#define LN_tls12_aes_256_cbc_hmac_sha256                "tls12-aes-256-cbc-hmac-sha256"
+#define NID_tls12_aes_256_cbc_hmac_sha256               966
+
+ #define SN_dhpublicnumber               "dhpublicnumber"
+ #define LN_dhpublicnumber               "X9.42 DH"
+ #define NID_dhpublicnumber              920
+diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
+index 02f1728..401be03 100644
+--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
+@@ -959,3 +959,8 @@ des_ede3_cbc_hmac_sha1              958
+ tls11_des_ede3_cbc_hmac_sha1           959
+ tls11_aes_128_cbc_hmac_sha1            960
+ tls11_aes_256_cbc_hmac_sha1            961
+tls12_des_ede3_cbc_hmac_sha1           962
+tls12_aes_128_cbc_hmac_sha1            963
+tls12_aes_256_cbc_hmac_sha1            964
+tls12_aes_128_cbc_hmac_sha256          965
+tls12_aes_256_cbc_hmac_sha256          966
+diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
+index cda81da..68a8da8 100644
+--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
+@@ -1298,6 +1298,11 @@ kisa 1 6                : SEED-OFB      : seed-ofb
+                        : TLS11-DES-EDE3-CBC-HMAC-SHA1  : tls11-des-ede3-cbc-hmac-sha1
+                        : TLS11-AES-128-CBC-HMAC-SHA1   : tls11-aes-128-cbc-hmac-sha1
+                        : TLS11-AES-256-CBC-HMAC-SHA1   : tls11-aes-256-cbc-hmac-sha1
+                       : TLS12-DES-EDE3-CBC-HMAC-SHA1  : tls12-des-ede3-cbc-hmac-sha1
+                       : TLS12-AES-128-CBC-HMAC-SHA1   : tls12-aes-128-cbc-hmac-sha1
+                       : TLS12-AES-256-CBC-HMAC-SHA1   : tls12-aes-256-cbc-hmac-sha1
+                       : TLS12-AES-128-CBC-HMAC-SHA256 : tls12-aes-128-cbc-hmac-sha256
+                       : TLS12-AES-256-CBC-HMAC-SHA256 : tls12-aes-256-cbc-hmac-sha256
+ 
+ ISO-US 10046 2 1       : dhpublicnumber                : X9.42 DH
+ 
+diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
+index e3d73ac..4698528 100644
+--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
+@@ -690,6 +690,31 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+                  c->algorithm_mac == SSL_SHA1 &&
+                  (evp = EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
+             *enc = evp, *md = NULL;
+        else if (s->ssl_version == TLS1_2_VERSION &&
+                 c->algorithm_enc == SSL_3DES &&
+                 c->algorithm_mac == SSL_SHA1 &&
+                 (evp=EVP_get_cipherbyname("TLS12-DES-EDE3-CBC-HMAC-SHA1")))
+            *enc = evp, *md = NULL;
+        else if (s->ssl_version == TLS1_2_VERSION &&
+                 c->algorithm_enc == SSL_AES128 &&
+                 c->algorithm_mac == SSL_SHA1 &&
+                 (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA1")))
+            *enc = evp, *md = NULL;
+        else if (s->ssl_version == TLS1_2_VERSION &&
+                 c->algorithm_enc == SSL_AES256 &&
+                 c->algorithm_mac == SSL_SHA1 &&
+                 (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA1")))
+            *enc = evp, *md = NULL;
+        else if (s->ssl_version == TLS1_2_VERSION &&
+                 c->algorithm_enc == SSL_AES128 &&
+                 c->algorithm_mac == SSL_SHA256 &&
+                 (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA256")))
+            *enc = evp, *md = NULL;
+        else if (s->ssl_version == TLS1_2_VERSION &&
+                 c->algorithm_enc == SSL_AES256 &&
+                 c->algorithm_mac == SSL_SHA256 &&
+                 (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA256")))
+            *enc = evp, *md = NULL;
+         return (1);
+     } else
+         return (0);
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch
new file mode 100644
index 000000000..c1f0c9dbe
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch
@@ -0,0 +1,72 @@
+From 07d8dad75fb1e4c3487ae560ac51e2141aa0e0c1 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Thu, 19 Feb 2015 16:11:53 +0200
+Subject: [PATCH 18/48] cryptodev: drop redundant function
+get_dev_crypto already caches the result. Another cache in-between is
+useless.
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 17 +++--------------
+ 1 file changed, 3 insertions(+), 14 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index e6f9f16..4cffaf1 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -93,7 +93,6 @@ struct dev_crypto_state {
+ 
+ static u_int32_t cryptodev_asymfeat = 0;
+ 
+-static int get_asym_dev_crypto(void);
+ static int open_dev_crypto(void);
+ static int get_dev_crypto(void);
+ static int get_cryptodev_ciphers(const int **cnids);
+@@ -440,16 +439,6 @@ static void put_dev_crypto(int fd)
+ # endif
+ }
+ 
+-/* Caching version for asym operations */
+-static int get_asym_dev_crypto(void)
+-{
+-    static int fd = -1;
+-
+-    if (fd == -1)
+-        fd = get_dev_crypto();
+-    return fd;
+-}
+-
+ /*
+  * Find out what ciphers /dev/crypto will let us have a session for.
+  * XXX note, that some of these openssl doesn't deal with yet!
+@@ -1919,7 +1908,7 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+ {
+     int fd, ret = -1;
+ 
+-    if ((fd = get_asym_dev_crypto()) < 0)
+    if ((fd = get_dev_crypto()) < 0)
+         return (ret);
+ 
+     if (r) {
+@@ -2509,7 +2498,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+     int p_len, q_len;
+     int i;
+ 
+-    if ((fd = get_asym_dev_crypto()) < 0)
+    if ((fd = get_dev_crypto()) < 0)
+         goto sw_try;
+ 
+     if (!rsa->n && ((rsa->n = BN_new()) == NULL))
+@@ -4098,7 +4087,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+     BIGNUM *temp = NULL;
+     unsigned char *padded_pub_key = NULL, *p = NULL;
+ 
+-    if ((fd = get_asym_dev_crypto()) < 0)
+    if ((fd = get_dev_crypto()) < 0)
+         goto sw_try;
+ 
+     memset(&kop, 0, sizeof kop);
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
deleted file mode 100644
index 1118a6fc3..000000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
+++ /dev/null
@@ -1,193 +0,0 @@
-From 21e3ca4ec77f9258aa4001f07faac1c4942b48b4 Mon Sep 17 00:00:00 2001
-From: Tudor Ambarus <tudor.ambarus@freescale.com>
-Date: Fri, 9 May 2014 17:54:06 +0300
-Subject: [PATCH 18/26] eng_cryptodev: extend TLS offload with
- 3des_cbc_hmac_sha1
-Both obj_mac.h and obj_dat.h were generated using the scripts
-from crypto/objects:
-$ cd crypto/objects
-$ perl objects.pl objects.txt obj_mac.num obj_mac.h
-$ perl obj_dat.pl obj_mac.h obj_dat.h
-Change-Id: I94f13cdd09df67e33e6acd3c00aab47cb358ac46
-Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/34001
---
- crypto/engine/eng_cryptodev.c | 24 ++++++++++++++++++++++++
- crypto/objects/obj_dat.h      | 10 +++++++---
- crypto/objects/obj_mac.h      |  4 ++++
- crypto/objects/obj_mac.num    |  1 +
- crypto/objects/objects.txt    |  1 +
- ssl/ssl_ciph.c                |  4 ++++
- 6 files changed, 41 insertions(+), 3 deletions(-)
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 79b2678..299e84b 100644
--- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -135,6 +135,7 @@ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
- void ENGINE_load_cryptodev(void);
- const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
- 
- inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin,  int *bin_len)
- {
-@@ -252,6 +253,7 @@ static struct {
-        { CRYPTO_BLF_CBC,       NID_bf_cbc,       8,  16, 0},
-        { CRYPTO_CAST_CBC,      NID_cast5_cbc,    8,  16, 0},
-        { CRYPTO_SKIPJACK_CBC,  NID_undef,        0,  0,  0},
-+       { CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20},
-        { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
-        { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
-        { CRYPTO_AES_GCM,       NID_aes_128_gcm,  16, 16, 0},
-@@ -466,6 +468,9 @@ cryptodev_usable_ciphers(const int **nids)
-                case NID_aes_256_cbc_hmac_sha1:
-                        EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
-                        break;
-+               case NID_des_ede3_cbc_hmac_sha1:
-+                       EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
-+                       break;
-                }
-        }
-        return count;
-@@ -571,6 +576,7 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        switch (ctx->cipher->nid) {
-        case NID_aes_128_cbc_hmac_sha1:
-        case NID_aes_256_cbc_hmac_sha1:
-+       case NID_des_ede3_cbc_hmac_sha1:
-                cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
-        }
-        cryp.ses = sess->ses;
-@@ -763,6 +769,7 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
-                switch (ctx->cipher->nid) {
-                case NID_aes_128_cbc_hmac_sha1:
-                case NID_aes_256_cbc_hmac_sha1:
-+               case NID_des_ede3_cbc_hmac_sha1:
-                        maclen = SHA_DIGEST_LENGTH;
-                }
- 
-@@ -1082,6 +1089,20 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
-        NULL
- };
- 
-+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1 = {
-+       NID_des_ede3_cbc_hmac_sha1,
-+       8, 24, 8,
-+       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+       cryptodev_init_aead_key,
-+       cryptodev_aead_cipher,
-+       cryptodev_cleanup,
-+       sizeof(struct dev_crypto_state),
-+       EVP_CIPHER_set_asn1_iv,
-+       EVP_CIPHER_get_asn1_iv,
-+       cryptodev_cbc_hmac_sha1_ctrl,
-+       NULL
-+};
-+
- const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
-        NID_aes_128_cbc_hmac_sha1,
-        16, 16, 16,
-@@ -1163,6 +1184,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-        case NID_aes_256_cbc:
-                *cipher = &cryptodev_aes_256_cbc;
-                break;
-+       case NID_des_ede3_cbc_hmac_sha1:
-+               *cipher = &cryptodev_3des_cbc_hmac_sha1;
-+               break;
-        case NID_aes_128_cbc_hmac_sha1:
-                *cipher = &cryptodev_aes_128_cbc_hmac_sha1;
-                break;
-diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
-index bc69665..9f2267a 100644
--- a/crypto/objects/obj_dat.h
-+++ b/crypto/objects/obj_dat.h
-@@ -62,9 +62,9 @@
-  * [including the GNU Public Licence.]
-  */
- 
-#define NUM_NID 920
-#define NUM_SN 913
-#define NUM_LN 913
-+#define NUM_NID 921
-+#define NUM_SN 914
-+#define NUM_LN 914
- #define NUM_OBJ 857
- 
- static const unsigned char lvalues[5974]={
-@@ -2399,6 +2399,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
- {"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1",
-        NID_aes_256_cbc_hmac_sha1,0,NULL,0},
- {"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0},
-+{"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
-+       NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
- };
- 
- static const unsigned int sn_objs[NUM_SN]={
-@@ -2474,6 +2476,7 @@ static const unsigned int sn_objs[NUM_SN]={
- 62,    /* "DES-EDE-OFB" */
- 33,    /* "DES-EDE3" */
- 44,    /* "DES-EDE3-CBC" */
-+920,   /* "DES-EDE3-CBC-HMAC-SHA1" */
- 61,    /* "DES-EDE3-CFB" */
- 658,   /* "DES-EDE3-CFB1" */
- 659,   /* "DES-EDE3-CFB8" */
-@@ -3585,6 +3588,7 @@ static const unsigned int ln_objs[NUM_LN]={
- 62,    /* "des-ede-ofb" */
- 33,    /* "des-ede3" */
- 44,    /* "des-ede3-cbc" */
-+920,   /* "des-ede3-cbc-hmac-sha1" */
- 61,    /* "des-ede3-cfb" */
- 658,   /* "des-ede3-cfb1" */
- 659,   /* "des-ede3-cfb8" */
-diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
-index b5ea7cd..8751902 100644
--- a/crypto/objects/obj_mac.h
-+++ b/crypto/objects/obj_mac.h
-@@ -4030,3 +4030,7 @@
- #define LN_aes_256_cbc_hmac_sha1               "aes-256-cbc-hmac-sha1"
- #define NID_aes_256_cbc_hmac_sha1              918
- 
-+#define SN_des_ede3_cbc_hmac_sha1              "DES-EDE3-CBC-HMAC-SHA1"
-+#define LN_des_ede3_cbc_hmac_sha1              "des-ede3-cbc-hmac-sha1"
-+#define NID_des_ede3_cbc_hmac_sha1             920
-+
-diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
-index 1d0a7c8..9d44bb5 100644
--- a/crypto/objects/obj_mac.num
-+++ b/crypto/objects/obj_mac.num
-@@ -917,3 +917,4 @@ aes_128_cbc_hmac_sha1               916
- aes_192_cbc_hmac_sha1          917
- aes_256_cbc_hmac_sha1          918
- rsaesOaep              919
-+des_ede3_cbc_hmac_sha1         920
-diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
-index d3bfad7..90d2fc5 100644
--- a/crypto/objects/objects.txt
-+++ b/crypto/objects/objects.txt
-@@ -1290,3 +1290,4 @@ kisa 1 6                : SEED-OFB      : seed-ofb
-                        : AES-128-CBC-HMAC-SHA1         : aes-128-cbc-hmac-sha1
-                        : AES-192-CBC-HMAC-SHA1         : aes-192-cbc-hmac-sha1
-                        : AES-256-CBC-HMAC-SHA1         : aes-256-cbc-hmac-sha1
-+                       : DES-EDE3-CBC-HMAC-SHA1        : des-ede3-cbc-hmac-sha1
-diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index 8188ff5..310fe76 100644
--- a/ssl/ssl_ciph.c
-+++ b/ssl/ssl_ciph.c
-@@ -639,6 +639,10 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
-                         c->algorithm_mac == SSL_SHA1 &&
-                         (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
-                        *enc = evp, *md = NULL;
-+               else if (c->algorithm_enc == SSL_3DES &&
-+                        c->algorithm_mac == SSL_SHA1 &&
-+                        (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
-+                       *enc = evp, *md = NULL;
-                return(1);
-                }
-        else
-- 
-2.3.5
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch
new file mode 100644
index 000000000..248d88ec1
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch
@@ -0,0 +1,48 @@
+From 1f7ef531a010a3a86c9c16f801044b5f01652eb2 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Tue, 17 Feb 2015 13:12:53 +0200
+Subject: [PATCH 19/48] cryptodev: do not zero the buffer before use
+- The buffer is just about to be overwritten. Zeroing it before that has
+  no purpose
+Change-Id: I478c31bd2e254561474a7edf5e37980ca04217ce
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/34217
+---
+ crypto/engine/eng_cryptodev.c | 14 ++++----------
+ 1 file changed, 4 insertions(+), 10 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 4cffaf1..bbc903b 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -1801,21 +1801,15 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+ static int bn2crparam(const BIGNUM *a, struct crparam *crp)
+ {
+     ssize_t bytes, bits;
+-    u_char *b;
+-
+-    crp->crp_p = NULL;
+-    crp->crp_nbits = 0;
+ 
+     bits = BN_num_bits(a);
+     bytes = (bits + 7) / 8;
+ 
+-    b = malloc(bytes);
+-    if (b == NULL)
+-        return (1);
+-    memset(b, 0, bytes);
+-
+-    crp->crp_p = (caddr_t) b;
+     crp->crp_nbits = bits;
+    crp->crp_p = malloc(bytes);
+
+    if (crp->crp_p == NULL)
+        return (1);
+ 
+     BN_bn2bin(a, crp->crp_p);
+     return (0);
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
deleted file mode 100644
index 988d79ea6..000000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
+++ /dev/null
@@ -1,355 +0,0 @@
-From 1de2b740a3bdcd8e98abb5f4e176d46fd817b932 Mon Sep 17 00:00:00 2001
-From: Tudor Ambarus <tudor.ambarus@freescale.com>
-Date: Tue, 31 Mar 2015 16:30:17 +0300
-Subject: [PATCH 19/26] eng_cryptodev: add support for TLSv1.1 record offload
-Supported cipher suites:
- 3des-ede-cbc-sha
- aes-128-cbc-hmac-sha
- aes-256-cbc-hmac-sha
-Requires TLS patches on cryptodev and TLS algorithm support in Linux
-kernel driver.
-Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
-Change-Id: Id414f36a528de3f476b72688cf85714787d7ccae
-Reviewed-on: http://git.am.freescale.net:8181/34002
-Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
---
- crypto/engine/eng_cryptodev.c | 101 ++++++++++++++++++++++++++++++++++++++----
- crypto/objects/obj_dat.h      |  18 ++++++--
- crypto/objects/obj_mac.h      |  12 +++++
- crypto/objects/obj_mac.num    |   3 ++
- crypto/objects/objects.txt    |   3 ++
- ssl/ssl_ciph.c                |  26 +++++++++--
- 6 files changed, 148 insertions(+), 15 deletions(-)
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 299e84b..f71ab27 100644
--- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -66,6 +66,7 @@ ENGINE_load_cryptodev(void)
- #include <sys/ioctl.h>
- #include <errno.h>
- #include <stdio.h>
-+#include <stdbool.h>
- #include <unistd.h>
- #include <fcntl.h>
- #include <stdarg.h>
-@@ -133,9 +134,12 @@ static int cryptodev_dh_compute_key(unsigned char *key,
- static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
-     void (*f)(void));
- void ENGINE_load_cryptodev(void);
-+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
-const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
- 
- inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin,  int *bin_len)
- {
-@@ -256,6 +260,9 @@ static struct {
-        { CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20},
-        { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
-        { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
-+       { CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8, 24, 20},
-+       { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16, 20},
-+       { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32, 20},
-        { CRYPTO_AES_GCM,       NID_aes_128_gcm,  16, 16, 0},
-        { 0, NID_undef, 0, 0, 0},
- };
-@@ -462,14 +469,23 @@ cryptodev_usable_ciphers(const int **nids)
-        /* add ciphers specific to cryptodev if found in kernel */
-        for(i = 0; i < count; i++) {
-                switch (*(*nids + i)) {
-+               case NID_des_ede3_cbc_hmac_sha1:
-+                       EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
-+                       break;
-                case NID_aes_128_cbc_hmac_sha1:
-                        EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
-                        break;
-                case NID_aes_256_cbc_hmac_sha1:
-                        EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
-                        break;
-               case NID_des_ede3_cbc_hmac_sha1:
-                       EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
-+               case NID_tls11_des_ede3_cbc_hmac_sha1:
-+                       EVP_add_cipher(&cryptodev_tls11_3des_cbc_hmac_sha1);
-+                       break;
-+               case NID_tls11_aes_128_cbc_hmac_sha1:
-+                       EVP_add_cipher(&cryptodev_tls11_aes_128_cbc_hmac_sha1);
-+                       break;
-+               case NID_tls11_aes_256_cbc_hmac_sha1:
-+                       EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
-                        break;
-                }
-        }
-@@ -574,9 +590,12 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- 
-        /* TODO: make a seamless integration with cryptodev flags */
-        switch (ctx->cipher->nid) {
-+       case NID_des_ede3_cbc_hmac_sha1:
-        case NID_aes_128_cbc_hmac_sha1:
-        case NID_aes_256_cbc_hmac_sha1:
-       case NID_des_ede3_cbc_hmac_sha1:
-+       case NID_tls11_des_ede3_cbc_hmac_sha1:
-+       case NID_tls11_aes_128_cbc_hmac_sha1:
-+       case NID_tls11_aes_256_cbc_hmac_sha1:
-                cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
-        }
-        cryp.ses = sess->ses;
-@@ -758,8 +777,9 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
-                struct dev_crypto_state *state = ctx->cipher_data;
-                unsigned char *p = ptr;
-                unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
-               unsigned int maclen, padlen;
-+               unsigned int maclen, padlen, len;
-                unsigned int bs = ctx->cipher->block_size;
-+               bool aad_needs_fix = false;
- 
-                state->aad = ptr;
-                state->aad_len = arg;
-@@ -767,10 +787,24 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
- 
-                /* TODO: this should be an extension of EVP_CIPHER struct */
-                switch (ctx->cipher->nid) {
-+               case NID_des_ede3_cbc_hmac_sha1:
-                case NID_aes_128_cbc_hmac_sha1:
-                case NID_aes_256_cbc_hmac_sha1:
-               case NID_des_ede3_cbc_hmac_sha1:
-                        maclen = SHA_DIGEST_LENGTH;
-+                       break;
-+               case NID_tls11_des_ede3_cbc_hmac_sha1:
-+               case NID_tls11_aes_128_cbc_hmac_sha1:
-+               case NID_tls11_aes_256_cbc_hmac_sha1:
-+                       maclen = SHA_DIGEST_LENGTH;
-+                       aad_needs_fix = true;
-+                       break;
-+               }
-+
-+               /* Correct length for AAD Length field */
-+               if (ctx->encrypt && aad_needs_fix) {
-+                       len = cryptlen - bs;
-+                       p[arg-2] = len >> 8;
-+                       p[arg-1] = len & 0xff;
-                }
- 
-                /* space required for encryption (not only TLS padding) */
-@@ -1131,6 +1165,48 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
-        NULL
- };
- 
-+const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1 = {
-+       NID_tls11_des_ede3_cbc_hmac_sha1,
-+       8, 24, 8,
-+       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+       cryptodev_init_aead_key,
-+       cryptodev_aead_cipher,
-+       cryptodev_cleanup,
-+       sizeof(struct dev_crypto_state),
-+       EVP_CIPHER_set_asn1_iv,
-+       EVP_CIPHER_get_asn1_iv,
-+       cryptodev_cbc_hmac_sha1_ctrl,
-+       NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1 = {
-+       NID_tls11_aes_128_cbc_hmac_sha1,
-+       16, 16, 16,
-+       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+       cryptodev_init_aead_key,
-+       cryptodev_aead_cipher,
-+       cryptodev_cleanup,
-+       sizeof(struct dev_crypto_state),
-+       EVP_CIPHER_set_asn1_iv,
-+       EVP_CIPHER_get_asn1_iv,
-+       cryptodev_cbc_hmac_sha1_ctrl,
-+       NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
-+       NID_tls11_aes_256_cbc_hmac_sha1,
-+       16, 32, 16,
-+       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+       cryptodev_init_aead_key,
-+       cryptodev_aead_cipher,
-+       cryptodev_cleanup,
-+       sizeof(struct dev_crypto_state),
-+       EVP_CIPHER_set_asn1_iv,
-+       EVP_CIPHER_get_asn1_iv,
-+       cryptodev_cbc_hmac_sha1_ctrl,
-+       NULL
-+};
-+
- const EVP_CIPHER cryptodev_aes_128_gcm = {
-        NID_aes_128_gcm,
-        1, 16, 12,
-@@ -1184,6 +1260,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-        case NID_aes_256_cbc:
-                *cipher = &cryptodev_aes_256_cbc;
-                break;
-+       case NID_aes_128_gcm:
-+               *cipher = &cryptodev_aes_128_gcm;
-+               break;
-        case NID_des_ede3_cbc_hmac_sha1:
-                *cipher = &cryptodev_3des_cbc_hmac_sha1;
-                break;
-@@ -1193,8 +1272,14 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-        case NID_aes_256_cbc_hmac_sha1:
-                *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
-                break;
-       case NID_aes_128_gcm:
-               *cipher = &cryptodev_aes_128_gcm;
-+       case NID_tls11_des_ede3_cbc_hmac_sha1:
-+               *cipher = &cryptodev_tls11_3des_cbc_hmac_sha1;
-+               break;
-+       case NID_tls11_aes_128_cbc_hmac_sha1:
-+               *cipher = &cryptodev_tls11_aes_128_cbc_hmac_sha1;
-+               break;
-+       case NID_tls11_aes_256_cbc_hmac_sha1:
-+               *cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1;
-                break;
-        default:
-                *cipher = NULL;
-diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
-index 9f2267a..dc89b0a 100644
--- a/crypto/objects/obj_dat.h
-+++ b/crypto/objects/obj_dat.h
-@@ -62,9 +62,9 @@
-  * [including the GNU Public Licence.]
-  */
- 
-#define NUM_NID 921
-#define NUM_SN 914
-#define NUM_LN 914
-+#define NUM_NID 924
-+#define NUM_SN 917
-+#define NUM_LN 917
- #define NUM_OBJ 857
- 
- static const unsigned char lvalues[5974]={
-@@ -2401,6 +2401,12 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
- {"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0},
- {"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
-        NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
-+{"TLS11-DES-EDE3-CBC-HMAC-SHA1","tls11-des-ede3-cbc-hmac-sha1",
-+       NID_tls11_des_ede3_cbc_hmac_sha1,0,NULL,0},
-+{"TLS11-AES-128-CBC-HMAC-SHA1","tls11-aes-128-cbc-hmac-sha1",
-+       NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
-+{"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
-+       NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
- };
- 
- static const unsigned int sn_objs[NUM_SN]={
-@@ -2586,6 +2592,9 @@ static const unsigned int sn_objs[NUM_SN]={
- 100,   /* "SN" */
- 16,    /* "ST" */
- 143,   /* "SXNetID" */
-+922,   /* "TLS11-AES-128-CBC-HMAC-SHA1" */
-+923,   /* "TLS11-AES-256-CBC-HMAC-SHA1" */
-+921,   /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
- 458,   /* "UID" */
-  0,    /* "UNDEF" */
- 11,    /* "X500" */
-@@ -4205,6 +4214,9 @@ static const unsigned int ln_objs[NUM_LN]={
- 459,   /* "textEncodedORAddress" */
- 293,   /* "textNotice" */
- 106,   /* "title" */
-+922,   /* "tls11-aes-128-cbc-hmac-sha1" */
-+923,   /* "tls11-aes-256-cbc-hmac-sha1" */
-+921,   /* "tls11-des-ede3-cbc-hmac-sha1" */
- 682,   /* "tpBasis" */
- 436,   /* "ucl" */
-  0,    /* "undefined" */
-diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
-index 8751902..f181890 100644
--- a/crypto/objects/obj_mac.h
-+++ b/crypto/objects/obj_mac.h
-@@ -4034,3 +4034,15 @@
- #define LN_des_ede3_cbc_hmac_sha1              "des-ede3-cbc-hmac-sha1"
- #define NID_des_ede3_cbc_hmac_sha1             920
- 
-+#define SN_tls11_des_ede3_cbc_hmac_sha1                "TLS11-DES-EDE3-CBC-HMAC-SHA1"
-+#define LN_tls11_des_ede3_cbc_hmac_sha1                "tls11-des-ede3-cbc-hmac-sha1"
-+#define NID_tls11_des_ede3_cbc_hmac_sha1               921
-+
-+#define SN_tls11_aes_128_cbc_hmac_sha1         "TLS11-AES-128-CBC-HMAC-SHA1"
-+#define LN_tls11_aes_128_cbc_hmac_sha1         "tls11-aes-128-cbc-hmac-sha1"
-+#define NID_tls11_aes_128_cbc_hmac_sha1                922
-+
-+#define SN_tls11_aes_256_cbc_hmac_sha1         "TLS11-AES-256-CBC-HMAC-SHA1"
-+#define LN_tls11_aes_256_cbc_hmac_sha1         "tls11-aes-256-cbc-hmac-sha1"
-+#define NID_tls11_aes_256_cbc_hmac_sha1                923
-+
-diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
-index 9d44bb5..a02b58c 100644
--- a/crypto/objects/obj_mac.num
-+++ b/crypto/objects/obj_mac.num
-@@ -918,3 +918,6 @@ aes_192_cbc_hmac_sha1               917
- aes_256_cbc_hmac_sha1          918
- rsaesOaep              919
- des_ede3_cbc_hmac_sha1         920
-+tls11_des_ede3_cbc_hmac_sha1           921
-+tls11_aes_128_cbc_hmac_sha1            922
-+tls11_aes_256_cbc_hmac_sha1            923
-diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
-index 90d2fc5..1973658 100644
--- a/crypto/objects/objects.txt
-+++ b/crypto/objects/objects.txt
-@@ -1291,3 +1291,6 @@ kisa 1 6                : SEED-OFB      : seed-ofb
-                        : AES-192-CBC-HMAC-SHA1         : aes-192-cbc-hmac-sha1
-                        : AES-256-CBC-HMAC-SHA1         : aes-256-cbc-hmac-sha1
-                        : DES-EDE3-CBC-HMAC-SHA1        : des-ede3-cbc-hmac-sha1
-+                       : TLS11-DES-EDE3-CBC-HMAC-SHA1  : tls11-des-ede3-cbc-hmac-sha1
-+                       : TLS11-AES-128-CBC-HMAC-SHA1   : tls11-aes-128-cbc-hmac-sha1
-+                       : TLS11-AES-256-CBC-HMAC-SHA1   : tls11-aes-256-cbc-hmac-sha1
-diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index 310fe76..0408986 100644
--- a/ssl/ssl_ciph.c
-+++ b/ssl/ssl_ciph.c
-@@ -631,17 +631,35 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
-                         c->algorithm_mac == SSL_MD5 &&
-                         (evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
-                        *enc = evp, *md = NULL;
-               else if (c->algorithm_enc == SSL_AES128 &&
-+               else if (s->ssl_version == TLS1_VERSION &&
-+                        c->algorithm_enc == SSL_3DES &&
-+                        c->algorithm_mac == SSL_SHA1 &&
-+                        (evp=EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
-+                       *enc = evp, *md = NULL;
-+               else if (s->ssl_version == TLS1_VERSION &&
-+                        c->algorithm_enc == SSL_AES128 &&
-                         c->algorithm_mac == SSL_SHA1 &&
-                         (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
-                        *enc = evp, *md = NULL;
-               else if (c->algorithm_enc == SSL_AES256 &&
-+               else if (s->ssl_version == TLS1_VERSION &&
-+                        c->algorithm_enc == SSL_AES256 &&
-                         c->algorithm_mac == SSL_SHA1 &&
-                         (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
-                        *enc = evp, *md = NULL;
-               else if (c->algorithm_enc == SSL_3DES &&
-+               else if (s->ssl_version == TLS1_1_VERSION &&
-+                        c->algorithm_enc == SSL_3DES &&
-+                        c->algorithm_mac == SSL_SHA1 &&
-+                        (evp=EVP_get_cipherbyname("TLS11-DES-EDE3-CBC-HMAC-SHA1")))
-+                       *enc = evp, *md = NULL;
-+               else if (s->ssl_version == TLS1_1_VERSION &&
-+                        c->algorithm_enc == SSL_AES128 &&
-+                        c->algorithm_mac == SSL_SHA1 &&
-+                        (evp=EVP_get_cipherbyname("TLS11-AES-128-CBC-HMAC-SHA1")))
-+                       *enc = evp, *md = NULL;
-+               else if (s->ssl_version == TLS1_1_VERSION &&
-+                        c->algorithm_enc == SSL_AES256 &&
-                         c->algorithm_mac == SSL_SHA1 &&
-                        (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
-+                        (evp=EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
-                        *enc = evp, *md = NULL;
-                return(1);
-                }
-- 
-2.3.5
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch
new file mode 100644
index 000000000..c600bdab4
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch
@@ -0,0 +1,73 @@
+From 453c617b10fb2c4e748b5799ab4b00c184470c60 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Wed, 18 Feb 2015 10:39:46 +0200
+Subject: [PATCH 20/48] cryptodev: clean-up code layout
+This is just a refactoring that uses else branch to check for malloc failures
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 45 ++++++++++++++++++++-----------------------
+ 1 file changed, 21 insertions(+), 24 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index bbc903b..14dcddf 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -1865,32 +1865,29 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+     fd = *(int *)cookie->eng_handle;
+ 
+     eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
+-
+-    if (eng_cookie) {
+-        memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
+-        if (r) {
+-            kop->crk_param[kop->crk_iparams].crp_p =
+-                calloc(rlen, sizeof(char));
+-            if (!kop->crk_param[kop->crk_iparams].crp_p)
+-                return -ENOMEM;
+-            kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
+-            kop->crk_oparams++;
+-            eng_cookie->r = r;
+-            eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
+-        }
+-        if (s) {
+-            kop->crk_param[kop->crk_iparams + 1].crp_p =
+-                calloc(slen, sizeof(char));
+-            if (!kop->crk_param[kop->crk_iparams + 1].crp_p)
+-                return -ENOMEM;
+-            kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
+-            kop->crk_oparams++;
+-            eng_cookie->s = s;
+-            eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
+-        }
+-    } else
+    if (!eng_cookie)
+         return -ENOMEM;
+ 
+    memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
+    if (r) {
+        kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
+        if (!kop->crk_param[kop->crk_iparams].crp_p)
+            return -ENOMEM;
+        kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
+        kop->crk_oparams++;
+        eng_cookie->r = r;
+        eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
+    }
+    if (s) {
+        kop->crk_param[kop->crk_iparams + 1].crp_p =
+            calloc(slen, sizeof(char));
+        if (!kop->crk_param[kop->crk_iparams + 1].crp_p)
+            return -ENOMEM;
+        kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
+        kop->crk_oparams++;
+        eng_cookie->s = s;
+        eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
+    }
+     eng_cookie->kop = kop;
+     cookie->eng_cookie = eng_cookie;
+     return ioctl(fd, CIOCASYMASYNCRYPT, kop);
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
deleted file mode 100644
index 7370c4969..000000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
+++ /dev/null
@@ -1,359 +0,0 @@
-From a58703e6601fcfcfe69fdb3e7152ed76b40d67e9 Mon Sep 17 00:00:00 2001
-From: Tudor Ambarus <tudor.ambarus@freescale.com>
-Date: Tue, 31 Mar 2015 16:32:35 +0300
-Subject: [PATCH 20/26] eng_cryptodev: add support for TLSv1.2 record offload
-Supported cipher suites:
- 3des-ede-cbc-sha
- aes-128-cbc-hmac-sha
- aes-256-cbc-hmac-sha
- aes-128-cbc-hmac-sha256
- aes-256-cbc-hmac-sha256
-Requires TLS patches on cryptodev and TLS algorithm support in Linux
-kernel driver.
-Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
-Change-Id: I0ac6953dd62e2655a59d8f3eaefd012b7ecebf55
-Reviewed-on: http://git.am.freescale.net:8181/34003
-Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com>
-Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
---
- crypto/engine/eng_cryptodev.c | 123 ++++++++++++++++++++++++++++++++++++++++++
- crypto/objects/obj_dat.h      |  26 +++++++--
- crypto/objects/obj_mac.h      |  20 +++++++
- crypto/objects/obj_mac.num    |   5 ++
- crypto/objects/objects.txt    |   5 ++
- ssl/ssl_ciph.c                |  25 +++++++++
- 6 files changed, 201 insertions(+), 3 deletions(-)
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index f71ab27..fa5fe1b 100644
--- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -140,6 +140,11 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
- const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1;
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256;
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256;
- 
- inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin,  int *bin_len)
- {
-@@ -263,6 +268,11 @@ static struct {
-        { CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8, 24, 20},
-        { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16, 20},
-        { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32, 20},
-+       { CRYPTO_TLS12_3DES_CBC_HMAC_SHA1, NID_tls12_des_ede3_cbc_hmac_sha1, 8, 24, 20},
-+       { CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_128_cbc_hmac_sha1, 16, 16, 20},
-+       { CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_256_cbc_hmac_sha1, 16, 32, 20},
-+       { CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_128_cbc_hmac_sha256, 16, 16, 32},
-+       { CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_256_cbc_hmac_sha256, 16, 32, 32},
-        { CRYPTO_AES_GCM,       NID_aes_128_gcm,  16, 16, 0},
-        { 0, NID_undef, 0, 0, 0},
- };
-@@ -487,6 +497,21 @@ cryptodev_usable_ciphers(const int **nids)
-                case NID_tls11_aes_256_cbc_hmac_sha1:
-                        EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
-                        break;
-+               case NID_tls12_des_ede3_cbc_hmac_sha1:
-+                       EVP_add_cipher(&cryptodev_tls12_3des_cbc_hmac_sha1);
-+                       break;
-+               case NID_tls12_aes_128_cbc_hmac_sha1:
-+                       EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha1);
-+                       break;
-+               case NID_tls12_aes_256_cbc_hmac_sha1:
-+                       EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha1);
-+                       break;
-+               case NID_tls12_aes_128_cbc_hmac_sha256:
-+                       EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha256);
-+                       break;
-+               case NID_tls12_aes_256_cbc_hmac_sha256:
-+                       EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha256);
-+                       break;
-                }
-        }
-        return count;
-@@ -596,6 +621,11 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        case NID_tls11_des_ede3_cbc_hmac_sha1:
-        case NID_tls11_aes_128_cbc_hmac_sha1:
-        case NID_tls11_aes_256_cbc_hmac_sha1:
-+       case NID_tls12_des_ede3_cbc_hmac_sha1:
-+       case NID_tls12_aes_128_cbc_hmac_sha1:
-+       case NID_tls12_aes_256_cbc_hmac_sha1:
-+       case NID_tls12_aes_128_cbc_hmac_sha256:
-+       case NID_tls12_aes_256_cbc_hmac_sha256:
-                cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
-        }
-        cryp.ses = sess->ses;
-@@ -795,9 +825,17 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
-                case NID_tls11_des_ede3_cbc_hmac_sha1:
-                case NID_tls11_aes_128_cbc_hmac_sha1:
-                case NID_tls11_aes_256_cbc_hmac_sha1:
-+               case NID_tls12_des_ede3_cbc_hmac_sha1:
-+               case NID_tls12_aes_128_cbc_hmac_sha1:
-+               case NID_tls12_aes_256_cbc_hmac_sha1:
-                        maclen = SHA_DIGEST_LENGTH;
-                        aad_needs_fix = true;
-                        break;
-+               case NID_tls12_aes_128_cbc_hmac_sha256:
-+               case NID_tls12_aes_256_cbc_hmac_sha256:
-+                       maclen = SHA256_DIGEST_LENGTH;
-+                       aad_needs_fix = true;
-+                       break;
-                }
- 
-                /* Correct length for AAD Length field */
-@@ -1207,6 +1245,76 @@ const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
-        NULL
- };
- 
-+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1 = {
-+       NID_tls12_des_ede3_cbc_hmac_sha1,
-+       8, 24, 8,
-+       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+       cryptodev_init_aead_key,
-+       cryptodev_aead_cipher,
-+       cryptodev_cleanup,
-+       sizeof(struct dev_crypto_state),
-+       EVP_CIPHER_set_asn1_iv,
-+       EVP_CIPHER_get_asn1_iv,
-+       cryptodev_cbc_hmac_sha1_ctrl,
-+       NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1 = {
-+       NID_tls12_aes_128_cbc_hmac_sha1,
-+       16, 16, 16,
-+       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+       cryptodev_init_aead_key,
-+       cryptodev_aead_cipher,
-+       cryptodev_cleanup,
-+       sizeof(struct dev_crypto_state),
-+       EVP_CIPHER_set_asn1_iv,
-+       EVP_CIPHER_get_asn1_iv,
-+       cryptodev_cbc_hmac_sha1_ctrl,
-+       NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1 = {
-+       NID_tls12_aes_256_cbc_hmac_sha1,
-+       16, 32, 16,
-+       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+       cryptodev_init_aead_key,
-+       cryptodev_aead_cipher,
-+       cryptodev_cleanup,
-+       sizeof(struct dev_crypto_state),
-+       EVP_CIPHER_set_asn1_iv,
-+       EVP_CIPHER_get_asn1_iv,
-+       cryptodev_cbc_hmac_sha1_ctrl,
-+       NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256 = {
-+       NID_tls12_aes_128_cbc_hmac_sha256,
-+       16, 16, 16,
-+       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+       cryptodev_init_aead_key,
-+       cryptodev_aead_cipher,
-+       cryptodev_cleanup,
-+       sizeof(struct dev_crypto_state),
-+       EVP_CIPHER_set_asn1_iv,
-+       EVP_CIPHER_get_asn1_iv,
-+       cryptodev_cbc_hmac_sha1_ctrl,
-+       NULL
-+};
-+
-+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256 = {
-+       NID_tls12_aes_256_cbc_hmac_sha256,
-+       16, 32, 16,
-+       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+       cryptodev_init_aead_key,
-+       cryptodev_aead_cipher,
-+       cryptodev_cleanup,
-+       sizeof(struct dev_crypto_state),
-+       EVP_CIPHER_set_asn1_iv,
-+       EVP_CIPHER_get_asn1_iv,
-+       cryptodev_cbc_hmac_sha1_ctrl,
-+       NULL
-+};
-+
- const EVP_CIPHER cryptodev_aes_128_gcm = {
-        NID_aes_128_gcm,
-        1, 16, 12,
-@@ -1281,6 +1389,21 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-        case NID_tls11_aes_256_cbc_hmac_sha1:
-                *cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1;
-                break;
-+       case NID_tls12_des_ede3_cbc_hmac_sha1:
-+               *cipher = &cryptodev_tls12_3des_cbc_hmac_sha1;
-+               break;
-+       case NID_tls12_aes_128_cbc_hmac_sha1:
-+               *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha1;
-+               break;
-+       case NID_tls12_aes_256_cbc_hmac_sha1:
-+               *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha1;
-+               break;
-+       case NID_tls12_aes_128_cbc_hmac_sha256:
-+               *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha256;
-+               break;
-+       case NID_tls12_aes_256_cbc_hmac_sha256:
-+               *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha256;
-+               break;
-        default:
-                *cipher = NULL;
-                break;
-diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
-index dc89b0a..dfe19da 100644
--- a/crypto/objects/obj_dat.h
-+++ b/crypto/objects/obj_dat.h
-@@ -62,9 +62,9 @@
-  * [including the GNU Public Licence.]
-  */
- 
-#define NUM_NID 924
-#define NUM_SN 917
-#define NUM_LN 917
-+#define NUM_NID 929
-+#define NUM_SN 922
-+#define NUM_LN 922
- #define NUM_OBJ 857
- 
- static const unsigned char lvalues[5974]={
-@@ -2407,6 +2407,16 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
-        NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
- {"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
-        NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-DES-EDE3-CBC-HMAC-SHA1","tls12-des-ede3-cbc-hmac-sha1",
-+       NID_tls12_des_ede3_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-AES-128-CBC-HMAC-SHA1","tls12-aes-128-cbc-hmac-sha1",
-+       NID_tls12_aes_128_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-AES-256-CBC-HMAC-SHA1","tls12-aes-256-cbc-hmac-sha1",
-+       NID_tls12_aes_256_cbc_hmac_sha1,0,NULL,0},
-+{"TLS12-AES-128-CBC-HMAC-SHA256","tls12-aes-128-cbc-hmac-sha256",
-+       NID_tls12_aes_128_cbc_hmac_sha256,0,NULL,0},
-+{"TLS12-AES-256-CBC-HMAC-SHA256","tls12-aes-256-cbc-hmac-sha256",
-+       NID_tls12_aes_256_cbc_hmac_sha256,0,NULL,0},
- };
- 
- static const unsigned int sn_objs[NUM_SN]={
-@@ -2595,6 +2605,11 @@ static const unsigned int sn_objs[NUM_SN]={
- 922,   /* "TLS11-AES-128-CBC-HMAC-SHA1" */
- 923,   /* "TLS11-AES-256-CBC-HMAC-SHA1" */
- 921,   /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
-+925,   /* "TLS12-AES-128-CBC-HMAC-SHA1" */
-+927,   /* "TLS12-AES-128-CBC-HMAC-SHA256" */
-+926,   /* "TLS12-AES-256-CBC-HMAC-SHA1" */
-+928,   /* "TLS12-AES-256-CBC-HMAC-SHA256" */
-+924,   /* "TLS12-DES-EDE3-CBC-HMAC-SHA1" */
- 458,   /* "UID" */
-  0,    /* "UNDEF" */
- 11,    /* "X500" */
-@@ -4217,6 +4232,11 @@ static const unsigned int ln_objs[NUM_LN]={
- 922,   /* "tls11-aes-128-cbc-hmac-sha1" */
- 923,   /* "tls11-aes-256-cbc-hmac-sha1" */
- 921,   /* "tls11-des-ede3-cbc-hmac-sha1" */
-+925,   /* "tls12-aes-128-cbc-hmac-sha1" */
-+927,   /* "tls12-aes-128-cbc-hmac-sha256" */
-+926,   /* "tls12-aes-256-cbc-hmac-sha1" */
-+928,   /* "tls12-aes-256-cbc-hmac-sha256" */
-+924,   /* "tls12-des-ede3-cbc-hmac-sha1" */
- 682,   /* "tpBasis" */
- 436,   /* "ucl" */
-  0,    /* "undefined" */
-diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
-index f181890..5af125e 100644
--- a/crypto/objects/obj_mac.h
-+++ b/crypto/objects/obj_mac.h
-@@ -4046,3 +4046,23 @@
- #define LN_tls11_aes_256_cbc_hmac_sha1         "tls11-aes-256-cbc-hmac-sha1"
- #define NID_tls11_aes_256_cbc_hmac_sha1                923
- 
-+#define SN_tls12_des_ede3_cbc_hmac_sha1                "TLS12-DES-EDE3-CBC-HMAC-SHA1"
-+#define LN_tls12_des_ede3_cbc_hmac_sha1                "tls12-des-ede3-cbc-hmac-sha1"
-+#define NID_tls12_des_ede3_cbc_hmac_sha1               924
-+
-+#define SN_tls12_aes_128_cbc_hmac_sha1         "TLS12-AES-128-CBC-HMAC-SHA1"
-+#define LN_tls12_aes_128_cbc_hmac_sha1         "tls12-aes-128-cbc-hmac-sha1"
-+#define NID_tls12_aes_128_cbc_hmac_sha1                925
-+
-+#define SN_tls12_aes_256_cbc_hmac_sha1         "TLS12-AES-256-CBC-HMAC-SHA1"
-+#define LN_tls12_aes_256_cbc_hmac_sha1         "tls12-aes-256-cbc-hmac-sha1"
-+#define NID_tls12_aes_256_cbc_hmac_sha1                926
-+
-+#define SN_tls12_aes_128_cbc_hmac_sha256               "TLS12-AES-128-CBC-HMAC-SHA256"
-+#define LN_tls12_aes_128_cbc_hmac_sha256               "tls12-aes-128-cbc-hmac-sha256"
-+#define NID_tls12_aes_128_cbc_hmac_sha256              927
-+
-+#define SN_tls12_aes_256_cbc_hmac_sha256               "TLS12-AES-256-CBC-HMAC-SHA256"
-+#define LN_tls12_aes_256_cbc_hmac_sha256               "tls12-aes-256-cbc-hmac-sha256"
-+#define NID_tls12_aes_256_cbc_hmac_sha256              928
-+
-diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
-index a02b58c..deeba3a 100644
--- a/crypto/objects/obj_mac.num
-+++ b/crypto/objects/obj_mac.num
-@@ -921,3 +921,8 @@ des_ede3_cbc_hmac_sha1              920
- tls11_des_ede3_cbc_hmac_sha1           921
- tls11_aes_128_cbc_hmac_sha1            922
- tls11_aes_256_cbc_hmac_sha1            923
-+tls12_des_ede3_cbc_hmac_sha1           924
-+tls12_aes_128_cbc_hmac_sha1            925
-+tls12_aes_256_cbc_hmac_sha1            926
-+tls12_aes_128_cbc_hmac_sha256          927
-+tls12_aes_256_cbc_hmac_sha256          928
-diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
-index 1973658..6e4ac93 100644
--- a/crypto/objects/objects.txt
-+++ b/crypto/objects/objects.txt
-@@ -1294,3 +1294,8 @@ kisa 1 6                : SEED-OFB      : seed-ofb
-                        : TLS11-DES-EDE3-CBC-HMAC-SHA1  : tls11-des-ede3-cbc-hmac-sha1
-                        : TLS11-AES-128-CBC-HMAC-SHA1   : tls11-aes-128-cbc-hmac-sha1
-                        : TLS11-AES-256-CBC-HMAC-SHA1   : tls11-aes-256-cbc-hmac-sha1
-+                       : TLS12-DES-EDE3-CBC-HMAC-SHA1  : tls12-des-ede3-cbc-hmac-sha1
-+                       : TLS12-AES-128-CBC-HMAC-SHA1   : tls12-aes-128-cbc-hmac-sha1
-+                       : TLS12-AES-256-CBC-HMAC-SHA1   : tls12-aes-256-cbc-hmac-sha1
-+                       : TLS12-AES-128-CBC-HMAC-SHA256 : tls12-aes-128-cbc-hmac-sha256
-+                       : TLS12-AES-256-CBC-HMAC-SHA256 : tls12-aes-256-cbc-hmac-sha256
-diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index 0408986..77a82f6 100644
--- a/ssl/ssl_ciph.c
-+++ b/ssl/ssl_ciph.c
-@@ -661,6 +661,31 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
-                         c->algorithm_mac == SSL_SHA1 &&
-                         (evp=EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
-                        *enc = evp, *md = NULL;
-+               else if (s->ssl_version == TLS1_2_VERSION &&
-+                        c->algorithm_enc == SSL_3DES &&
-+                        c->algorithm_mac == SSL_SHA1 &&
-+                        (evp=EVP_get_cipherbyname("TLS12-DES-EDE3-CBC-HMAC-SHA1")))
-+                       *enc = evp, *md = NULL;
-+               else if (s->ssl_version == TLS1_2_VERSION &&
-+                        c->algorithm_enc == SSL_AES128 &&
-+                        c->algorithm_mac == SSL_SHA1 &&
-+                        (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA1")))
-+                       *enc = evp, *md = NULL;
-+               else if (s->ssl_version == TLS1_2_VERSION &&
-+                        c->algorithm_enc == SSL_AES256 &&
-+                        c->algorithm_mac == SSL_SHA1 &&
-+                        (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA1")))
-+                       *enc = evp, *md = NULL;
-+               else if (s->ssl_version == TLS1_2_VERSION &&
-+                        c->algorithm_enc == SSL_AES128 &&
-+                        c->algorithm_mac == SSL_SHA256 &&
-+                        (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA256")))
-+                       *enc = evp, *md = NULL;
-+               else if (s->ssl_version == TLS1_2_VERSION &&
-+                        c->algorithm_enc == SSL_AES256 &&
-+                        c->algorithm_mac == SSL_SHA256 &&
-+                        (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA256")))
-+                       *enc = evp, *md = NULL;
-                return(1);
-                }
-        else
-- 
-2.3.5
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch
new file mode 100644
index 000000000..9c6e503b8
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch
@@ -0,0 +1,93 @@
+From d9395f7d876f7dfaaae25867c88d1e1f684589de Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Thu, 19 Feb 2015 16:43:29 +0200
+Subject: [PATCH 21/48] cryptodev: do not cache file descriptor in 'open'
+The file descriptor returned by get_dev_crypto is cached after a
+successful return. The issue is, it is cached inside 'open_dev_crypto'
+which is no longer useful as a general purpose open("/dev/crypto")
+function.
+This patch is a refactoring that moves the caching operation from
+open_dev_crypto to get_dev_crypto and leaves the former as a simpler
+function true to its name
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 43 +++++++++++++++++++++----------------------
+ 1 file changed, 21 insertions(+), 22 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 14dcddf..75fca7f 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -391,45 +391,44 @@ static void ctr64_inc(unsigned char *counter)
+     } while (n);
+ }
+ 
+-/*
+- * Return a fd if /dev/crypto seems usable, 0 otherwise.
+- */
+ static int open_dev_crypto(void)
+ {
+-    static int fd = -1;
+    int fd;
+ 
+-    if (fd == -1) {
+-        if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
+-            return (-1);
+-        /* close on exec */
+-        if (fcntl(fd, F_SETFD, 1) == -1) {
+-            close(fd);
+-            fd = -1;
+-            return (-1);
+-        }
+    fd = open("/dev/crypto", O_RDWR, 0);
+    if (fd < 0)
+        return -1;
+
+    /* close on exec */
+    if (fcntl(fd, F_SETFD, 1) == -1) {
+        close(fd);
+        return -1;
+     }
+-    return (fd);
+
+    return fd;
+ }
+ 
+ static int get_dev_crypto(void)
+ {
+-    int fd, retfd;
+    static int fd = -1;
+    int retfd;
+ 
+-    if ((fd = open_dev_crypto()) == -1)
+-        return (-1);
+-# ifndef CRIOGET_NOT_NEEDED
+    if (fd == -1)
+        fd = open_dev_crypto();
+# ifdef CRIOGET_NOT_NEEDED
+    return fd;
+# else
+    if (fd == -1)
+        return -1;
+     if (ioctl(fd, CRIOGET, &retfd) == -1)
+         return (-1);
+-
+     /* close on exec */
+     if (fcntl(retfd, F_SETFD, 1) == -1) {
+         close(retfd);
+         return (-1);
+     }
+-# else
+-    retfd = fd;
+    return retfd;
+ # endif
+-    return (retfd);
+ }
+ 
+ static void put_dev_crypto(int fd)
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-drop-redundant-function.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-drop-redundant-function.patch
deleted file mode 100644
index 16cc6882b..000000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-drop-redundant-function.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From ea4abc255c6c5feec01cb1e30c6082cfe47860e2 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@freescale.com>
-Date: Thu, 19 Feb 2015 16:11:53 +0200
-Subject: [PATCH 21/26] cryptodev: drop redundant function
-get_dev_crypto already caches the result. Another cache in-between is
-useless.
-Change-Id: Ibd162529d3fb7a561a17f1a707d5d287c1586a3a
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/34216
---
- crypto/engine/eng_cryptodev.c | 18 +++---------------
- 1 file changed, 3 insertions(+), 15 deletions(-)
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index fa5fe1b..1ab5551 100644
--- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -96,7 +96,6 @@ struct dev_crypto_state {
- 
- static u_int32_t cryptodev_asymfeat = 0;
- 
-static int get_asym_dev_crypto(void);
- static int open_dev_crypto(void);
- static int get_dev_crypto(void);
- static int get_cryptodev_ciphers(const int **cnids);
-@@ -357,17 +356,6 @@ static void put_dev_crypto(int fd)
- #endif
- }
- 
-/* Caching version for asym operations */
-static int
-get_asym_dev_crypto(void)
-{
-       static int fd = -1;
-
-       if (fd == -1)
-               fd = get_dev_crypto();
-       return fd;
-}
-
- /*
-  * Find out what ciphers /dev/crypto will let us have a session for.
-  * XXX note, that some of these openssl doesn't deal with yet!
-@@ -1796,7 +1784,7 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
- {
-        int fd, ret = -1;
- 
-       if ((fd = get_asym_dev_crypto()) < 0)
-+       if ((fd = get_dev_crypto()) < 0)
-                return (ret);
- 
-        if (r) {
-@@ -2374,7 +2362,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
-        int p_len, q_len;
-        int i;
- 
-       if ((fd = get_asym_dev_crypto()) < 0)
-+       if ((fd = get_dev_crypto()) < 0)
-                goto sw_try;
- 
-        if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
-@@ -3928,7 +3916,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
-        BIGNUM *temp = NULL;
-        unsigned char *padded_pub_key = NULL, *p = NULL;
- 
-       if ((fd = get_asym_dev_crypto()) < 0)
-+       if ((fd = get_dev_crypto()) < 0)
-                goto sw_try;
- 
-        memset(&kop, 0, sizeof kop);
-- 
-2.3.5
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-do-not-zero-the-buffer-before-use.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-do-not-zero-the-buffer-before-use.patch
deleted file mode 100644
index 0b2f0f1b5..000000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-do-not-zero-the-buffer-before-use.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 75e3e7d600eb72e7374b1ecf5ece7b831bc98ed8 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@freescale.com>
-Date: Tue, 17 Feb 2015 13:12:53 +0200
-Subject: [PATCH 22/26] cryptodev: do not zero the buffer before use
- The buffer is just about to be overwritten. Zeroing it before that has
-  no purpose
-Change-Id: I478c31bd2e254561474a7edf5e37980ca04217ce
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/34217
---
- crypto/engine/eng_cryptodev.c | 13 ++++---------
- 1 file changed, 4 insertions(+), 9 deletions(-)
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 1ab5551..dbc5989 100644
--- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1681,21 +1681,16 @@ static int
- bn2crparam(const BIGNUM *a, struct crparam *crp)
- {
-        ssize_t bytes, bits;
-       u_char *b;
-
-       crp->crp_p = NULL;
-       crp->crp_nbits = 0;
- 
-        bits = BN_num_bits(a);
-        bytes = (bits + 7) / 8;
- 
-       b = malloc(bytes);
-       if (b == NULL)
-+       crp->crp_nbits = bits;
-+       crp->crp_p = malloc(bytes);
-+
-+       if (crp->crp_p == NULL)
-                return (1);
-       memset(b, 0, bytes);
- 
-       crp->crp_p = (caddr_t) b;
-       crp->crp_nbits = bits;
-        BN_bn2bin(a, crp->crp_p);
-        return (0);
- }
-- 
-2.3.5
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-put_dev_crypto-should-be-an-int.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch
index a48dc6a67..121123d63 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-put_dev_crypto-should-be-an-int.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch
@@ -1,7 +1,7 @@
-From 84a8007b6e92fe4c2696cc9e330207ee03303a20 Mon Sep 17 00:00:00 2001
+From 79d6976e2ad2e5ac31374bc24ee29ae53f55c0e1 Mon Sep 17 00:00:00 2001
 From: Cristian Stoica <cristian.stoica@freescale.com>
 Date: Thu, 19 Feb 2015 13:09:32 +0200
-Subject: [PATCH 25/26] cryptodev: put_dev_crypto should be an int
+Subject: [PATCH 22/48] cryptodev: put_dev_crypto should be an int
 Change-Id: Ie0a83bc07a37132286c098b17ef35d98de74b043
 Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
@@ -11,25 +11,25 @@ Reviewed-on: http://git.am.freescale.net:8181/34220
 1 file changed, 5 insertions(+), 3 deletions(-)
 diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index b74fc7c..c9db27d 100644
+index 75fca7f..b162646 100644
 --- a/crypto/engine/eng_cryptodev.c
 +++ b/crypto/engine/eng_cryptodev.c
-@@ -347,10 +347,12 @@ static int get_dev_crypto(void)
+@@ -431,10 +431,12 @@ static int get_dev_crypto(void)
- #endif
+ # endif
 }
 
 -static void put_dev_crypto(int fd)
 +static int put_dev_crypto(int fd)
 {
-#ifndef CRIOGET_NOT_NEEDED
+-# ifndef CRIOGET_NOT_NEEDED
-       close(fd);
+-    close(fd);
 +#ifdef CRIOGET_NOT_NEEDED
 +       return 0;
 +#else
 +       return close(fd);
- #endif
+ # endif
 }
 
 -- 
-2.3.5
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-clean-up-code-layout.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-clean-up-code-layout.patch
deleted file mode 100644
index 5ff1c5cac..000000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-clean-up-code-layout.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 4453b06b940fc03a0973cfd96f908e46cce61054 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@freescale.com>
-Date: Wed, 18 Feb 2015 10:39:46 +0200
-Subject: [PATCH 23/26] cryptodev: clean-up code layout
-This is just a refactoring that uses else branch to check for malloc failures
-Change-Id: I6dc157af36d6ec51a4edfc82cf97fae2e7e83628
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/34218
---
- crypto/engine/eng_cryptodev.c | 42 ++++++++++++++++++++----------------------
- 1 file changed, 20 insertions(+), 22 deletions(-)
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index dbc5989..dceb4f5 100644
--- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1745,30 +1745,28 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
-        fd = *(int *)cookie->eng_handle;
- 
-        eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
-
-       if (eng_cookie) {
-               memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
-               if (r) {
-                       kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
-                       if (!kop->crk_param[kop->crk_iparams].crp_p)
-                               return -ENOMEM;
-                       kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
-                       kop->crk_oparams++;
-                       eng_cookie->r = r;
-                       eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
-               }
-               if (s) {
-                       kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
-                       if (!kop->crk_param[kop->crk_iparams+1].crp_p)
-                               return -ENOMEM;
-                       kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
-                       kop->crk_oparams++;
-                       eng_cookie->s = s;
-                       eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
-               }
-       } else
-+       if (!eng_cookie)
-                return -ENOMEM;
- 
-+       memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
-+       if (r) {
-+               kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
-+               if (!kop->crk_param[kop->crk_iparams].crp_p)
-+                       return -ENOMEM;
-+               kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
-+               kop->crk_oparams++;
-+               eng_cookie->r = r;
-+               eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
-+       }
-+       if (s) {
-+               kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
-+               if (!kop->crk_param[kop->crk_iparams+1].crp_p)
-+                       return -ENOMEM;
-+               kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
-+               kop->crk_oparams++;
-+               eng_cookie->s = s;
-+               eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
-+       }
-        eng_cookie->kop = kop;
-        cookie->eng_cookie = eng_cookie;
-        return ioctl(fd, CIOCASYMASYNCRYPT, kop);
-- 
-2.3.5
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch
index 6527ac8f3..1043fbd49 100644
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch
@@ -1,27 +1,25 @@
-From 787539e7720c99785f6c664a7484842bba08f6ed Mon Sep 17 00:00:00 2001
+From f99682e0ccaeadb7446d211dfad6dbf8fcd5675f Mon Sep 17 00:00:00 2001
 From: Cristian Stoica <cristian.stoica@freescale.com>
 Date: Thu, 19 Feb 2015 13:39:52 +0200
-Subject: [PATCH 26/26] cryptodev: simplify cryptodev pkc support code
+Subject: [PATCH 23/48] cryptodev: simplify cryptodev pkc support code
 - Engine init returns directly a file descriptor instead of a pointer to one
 - Similarly, the Engine close will now just close the file
-Change-Id: Ief736d0776c7009dee002204fb1d4ce9d31c8787
 Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/34221
 ---
 crypto/crypto.h               |  2 +-
- crypto/engine/eng_cryptodev.c | 35 +++-----------------------
+ crypto/engine/eng_cryptodev.c | 43 +++++++----------------------------
- crypto/engine/eng_int.h       | 14 +++--------
+ crypto/engine/eng_int.h       | 14 +++---------
- crypto/engine/eng_lib.c       | 57 +++++++++++++++++++++----------------------
+ crypto/engine/eng_lib.c       | 53 +++++++++++++++++++++----------------------
- crypto/engine/engine.h        | 13 +++++-----
+ crypto/engine/engine.h        | 13 +++++------
- 5 files changed, 42 insertions(+), 79 deletions(-)
+ 5 files changed, 44 insertions(+), 81 deletions(-)
 diff --git a/crypto/crypto.h b/crypto/crypto.h
-index ce12731..292427e 100644
+index 2b4ec59..ddb9b69 100644
 --- a/crypto/crypto.h
 +++ b/crypto/crypto.h
-@@ -618,7 +618,7 @@ struct pkc_cookie_s {
+@@ -668,7 +668,7 @@ struct pkc_cookie_s {
           *            -EINVAL: Parameters Invalid
           */
        void (*pkc_callback)(struct pkc_cookie_s *cookie, int status);
@@ -31,77 +29,92 @@ index ce12731..292427e 100644
 
 #ifdef  __cplusplus
 diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index c9db27d..f173bde 100644
+index b162646..1910c89 100644
 --- a/crypto/engine/eng_cryptodev.c
 +++ b/crypto/engine/eng_cryptodev.c
-@@ -1742,7 +1742,7 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+@@ -433,10 +433,10 @@ static int get_dev_crypto(void)
-        struct pkc_cookie_s *cookie = kop->cookie;
-        struct cryptodev_cookie_s *eng_cookie;
 
-       fd = *(int *)cookie->eng_handle;
+ static int put_dev_crypto(int fd)
-+       fd = cookie->eng_handle;
+ {
+-#ifdef CRIOGET_NOT_NEEDED
+-       return 0;
+-#else
+-       return close(fd);
+# ifdef CRIOGET_NOT_NEEDED
+    return 0;
+# else
+    return close(fd);
+ # endif
+ }
+ 
+@@ -1863,7 +1863,7 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+     struct pkc_cookie_s *cookie = kop->cookie;
+     struct cryptodev_cookie_s *eng_cookie;
+ 
+-    fd = *(int *)cookie->eng_handle;
+    fd = cookie->eng_handle;
 
-        eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
+     eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
-        if (!eng_cookie)
+     if (!eng_cookie)
-@@ -1802,38 +1802,11 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
+@@ -1926,38 +1926,11 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
-        return (ret);
+     return (ret);
 }
 
 -/* Close an opened instance of cryptodev engine */
 -void cryptodev_close_instance(void *handle)
 -{
-       int fd;
+-    int fd;
 -
-       if (handle) {
+-    if (handle) {
-               fd = *(int *)handle;
+-        fd = *(int *)handle;
-               close(fd);
+-        close(fd);
-               free(handle);
+-        free(handle);
-       }
+-    }
 -}
 -
 -/* Create an instance of cryptodev for asynchronous interface */
 -void *cryptodev_init_instance(void)
 -{
-       int *fd = malloc(sizeof(int));
+-    int *fd = malloc(sizeof(int));
 -
-       if (fd) {
+-    if (fd) {
-               if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) {
+-        if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) {
-                       free(fd);
+-            free(fd);
-                       return NULL;
+-            return NULL;
-               }
+-        }
-       }
+-    }
-       return fd;
+-    return fd;
 -}
 -
- #include <poll.h>
+ # include <poll.h>
 
 /* Return 0 on success and 1 on failure */
 -int cryptodev_check_availability(void *eng_handle)
 +int cryptodev_check_availability(int fd)
 {
-       int fd = *(int *)eng_handle;
+-    int fd = *(int *)eng_handle;
-        struct pkc_cookie_list_s cookie_list;
+     struct pkc_cookie_list_s cookie_list;
-        struct pkc_cookie_s *cookie;
+     struct pkc_cookie_s *cookie;
-        int i;
+     int i;
-@@ -4540,8 +4513,8 @@ ENGINE_load_cryptodev(void)
+@@ -4706,8 +4679,8 @@ void ENGINE_load_cryptodev(void)
-        }
+     }
 
-        ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability);
+     ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability);
-       ENGINE_set_close_instance(engine, cryptodev_close_instance);
+-    ENGINE_set_close_instance(engine, cryptodev_close_instance);
-       ENGINE_set_init_instance(engine, cryptodev_init_instance);
+-    ENGINE_set_init_instance(engine, cryptodev_init_instance);
-+       ENGINE_set_close_instance(engine, put_dev_crypto);
+    ENGINE_set_close_instance(engine, put_dev_crypto);
-+       ENGINE_set_open_instance(engine, open_dev_crypto);
+    ENGINE_set_open_instance(engine, open_dev_crypto);
-        ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC);
+     ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC);
 
-        ENGINE_add(engine);
+     ENGINE_add(engine);
 diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
-index 8fc3077..8fb79c0 100644
+index b698a0c..7541beb 100644
 --- a/crypto/engine/eng_int.h
 +++ b/crypto/engine/eng_int.h
-@@ -181,23 +181,15 @@ struct engine_st
+@@ -198,23 +198,15 @@ struct engine_st {
-        ENGINE_LOAD_KEY_PTR load_pubkey;
+     ENGINE_LOAD_KEY_PTR load_privkey;
- 
+     ENGINE_LOAD_KEY_PTR load_pubkey;
-        ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
+     ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
 -       /*
 -        * Instantiate Engine handle to be passed in check_pkc_availability
 -        * Ensure that Engine is instantiated before any pkc asynchronous call.
@@ -126,20 +139,20 @@ index 8fc3077..8fb79c0 100644
         * The following map is used to check if the engine supports asynchronous implementation
         * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous
 diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
-index 6fa621c..6c9471b 100644
+index 0c57e12..4fdcfd6 100644
 --- a/crypto/engine/eng_lib.c
 +++ b/crypto/engine/eng_lib.c
-@@ -99,7 +99,7 @@ void engine_set_all_null(ENGINE *e)
+@@ -101,7 +101,7 @@ void engine_set_all_null(ENGINE *e)
-        e->load_privkey = NULL;
+     e->load_privkey = NULL;
-        e->load_pubkey = NULL;
+     e->load_pubkey = NULL;
        e->check_pkc_availability = NULL;
 -       e->engine_init_instance = NULL;
 +       e->engine_open_instance = NULL;
        e->engine_close_instance = NULL;
-        e->cmd_defns = NULL;
+     e->cmd_defns = NULL;
        e->async_map = 0;
-@@ -237,47 +237,46 @@ int ENGINE_set_id(ENGINE *e, const char *id)
+@@ -252,46 +252,45 @@ int ENGINE_set_id(ENGINE *e, const char *id)
-        return 1;
+     return 1;
        }
 
 -void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void))
@@ -181,43 +194,40 @@ index 6fa621c..6c9471b 100644
                return e->async_map;
        }
 
-void ENGINE_set_check_pkc_availability(ENGINE *e,
-       int (*check_pkc_availability)(void *eng_handle))
-       {
-               e->check_pkc_availability = check_pkc_availability;
-       }
 +int ENGINE_open_instance(ENGINE *e)
 +{
 +       return e->engine_open_instance();
 +}
- 
+
-int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle)
-       {
-               return e->check_pkc_availability(eng_handle);
-       }
 +int ENGINE_close_instance(ENGINE *e, int fd)
 +{
 +       return e->engine_close_instance(fd);
 +}
 +
-+void ENGINE_set_check_pkc_availability(ENGINE *e,
+ void ENGINE_set_check_pkc_availability(ENGINE *e,
+-       int (*check_pkc_availability)(void *eng_handle))
+-       {
+-               e->check_pkc_availability = check_pkc_availability;
+-       }
 +       int (*check_pkc_availability)(int fd))
 +{
 +       e->check_pkc_availability = check_pkc_availability;
 +}
-+
+ 
+-int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle)
+-       {
+-               return e->check_pkc_availability(eng_handle);
 +int ENGINE_check_pkc_availability(ENGINE *e, int fd)
 +{
 +       return e->check_pkc_availability(fd);
-+}
+ }
 
 int ENGINE_set_name(ENGINE *e, const char *name)
-        {
 diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
-index ccff86a..3ba3e97 100644
+index 4527aa1..f83ee73 100644
 --- a/crypto/engine/engine.h
 +++ b/crypto/engine/engine.h
-@@ -473,9 +473,6 @@ ENGINE *ENGINE_new(void);
+@@ -551,9 +551,6 @@ ENGINE *ENGINE_new(void);
 int ENGINE_free(ENGINE *e);
 int ENGINE_up_ref(ENGINE *e);
 int ENGINE_set_id(ENGINE *e, const char *id);
@@ -227,7 +237,7 @@ index ccff86a..3ba3e97 100644
 /*
  * Following FLAGS are bitmap store in async_map to set asynchronous interface capability
  *of the engine
-@@ -492,11 +489,13 @@ void ENGINE_set_async_map(ENGINE *e, int async_map);
+@@ -570,11 +567,13 @@ void ENGINE_set_async_map(ENGINE *e, int async_map);
   * to confirm asynchronous methods supported
   */
 int ENGINE_get_async_map(ENGINE *e);
@@ -246,5 +256,5 @@ index ccff86a..3ba3e97 100644
 int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
 int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
 -- 
-2.3.5
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch
new file mode 100644
index 000000000..27ccd95a5
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch
@@ -0,0 +1,37 @@
+From cb6842dac159b40acdc755526b0ba0afb61d9d64 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Mon, 14 Dec 2015 14:02:00 +0200
+Subject: [PATCH 24/48] cryptodev: clarify code, remove assignments from
+ conditionals
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 1910c89..fcfd232 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -1559,14 +1559,16 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+     struct session_op *sess = &state->d_sess;
+     int digest;
+ 
+-    if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef) {
+    digest = digest_nid_to_cryptodev(ctx->digest->type);
+    if (digest == NID_undef) {
+         printf("cryptodev_digest_init: Can't get digest \n");
+         return (0);
+     }
+ 
+     memset(state, 0, sizeof(struct dev_crypto_state));
+ 
+-    if ((state->d_fd = get_dev_crypto()) < 0) {
+    state->d_fd = get_dev_crypto();
+    if (state->d_fd < 0) {
+         printf("cryptodev_digest_init: Can't get Dev \n");
+         return (0);
+     }
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch
deleted file mode 100644
index e798d3e23..000000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From a44701abd995b3db80001d0c5d88e9ead05972c1 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@freescale.com>
-Date: Thu, 19 Feb 2015 16:43:29 +0200
-Subject: [PATCH 24/26] cryptodev: do not cache file descriptor in 'open'
-The file descriptor returned by get_dev_crypto is cached after a
-successful return. The issue is, it is cached inside 'open_dev_crypto'
-which is no longer useful as a general purpose open("/dev/crypto")
-function.
-This patch is a refactoring that moves the caching operation from
-open_dev_crypto to get_dev_crypto and leaves the former as a simpler
-function true to its name
-Change-Id: I980170969410381973ce75f6679a4a1401738847
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
-Reviewed-on: http://git.am.freescale.net:8181/34219
---
- crypto/engine/eng_cryptodev.c | 50 +++++++++++++++++++++----------------------
- 1 file changed, 24 insertions(+), 26 deletions(-)
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index dceb4f5..b74fc7c 100644
--- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -306,47 +306,45 @@ static void ctr64_inc(unsigned char *counter) {
-                if (c) return;
-        } while (n);
- }
-/*
- * Return a fd if /dev/crypto seems usable, 0 otherwise.
- */
-static int
-open_dev_crypto(void)
-+
-+static int open_dev_crypto(void)
- {
-       static int fd = -1;
-+       int fd;
- 
-       if (fd == -1) {
-               if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
-                       return (-1);
-               /* close on exec */
-               if (fcntl(fd, F_SETFD, 1) == -1) {
-                       close(fd);
-                       fd = -1;
-                       return (-1);
-               }
-+       fd = open("/dev/crypto", O_RDWR, 0);
-+       if ( fd < 0)
-+               return -1;
-+
-+       /* close on exec */
-+       if (fcntl(fd, F_SETFD, 1) == -1) {
-+               close(fd);
-+               return -1;
-        }
-       return (fd);
-+
-+       return fd;
- }
- 
-static int
-get_dev_crypto(void)
-+static int get_dev_crypto(void)
- {
-       int fd, retfd;
-+       static int fd = -1;
-+       int retfd;
- 
-       if ((fd = open_dev_crypto()) == -1)
-               return (-1);
-#ifndef CRIOGET_NOT_NEEDED
-+       if (fd == -1)
-+               fd = open_dev_crypto();
-+#ifdef CRIOGET_NOT_NEEDED
-+       return fd;
-+#else
-+       if (fd == -1)
-+               return -1;
-        if (ioctl(fd, CRIOGET, &retfd) == -1)
-                return (-1);
-
-        /* close on exec */
-        if (fcntl(retfd, F_SETFD, 1) == -1) {
-                close(retfd);
-                return (-1);
-        }
-#else
-        retfd = fd;
-+       return retfd;
- #endif
-       return (retfd);
- }
- 
- static void put_dev_crypto(int fd)
-- 
-2.3.5
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch
new file mode 100644
index 000000000..ad5c3035e
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch
@@ -0,0 +1,34 @@
+From 087ae4ecbaf9cd49a2fcae9cb09c491beabc4c88 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Tue, 15 Dec 2015 12:10:37 +0200
+Subject: [PATCH 25/48] cryptodev: clean-up context state before anything else
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index fcfd232..16e6fd9 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -1559,14 +1559,14 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+     struct session_op *sess = &state->d_sess;
+     int digest;
+ 
+    memset(state, 0, sizeof(struct dev_crypto_state));
+
+     digest = digest_nid_to_cryptodev(ctx->digest->type);
+     if (digest == NID_undef) {
+         printf("cryptodev_digest_init: Can't get digest \n");
+         return (0);
+     }
+ 
+-    memset(state, 0, sizeof(struct dev_crypto_state));
+-
+     state->d_fd = get_dev_crypto();
+     if (state->d_fd < 0) {
+         printf("cryptodev_digest_init: Can't get Dev \n");
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch
new file mode 100644
index 000000000..936aafced
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch
@@ -0,0 +1,155 @@
+From 02dd4d275f7544a4027ca3452b60ac5bdd9376fb Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Mon, 14 Dec 2015 17:49:08 +0200
+Subject: [PATCH 26/48] cryptodev: remove code duplication in digest operations
+This patch simplifies code and removes duplication in digest_update and
+digest_final for cryptodev engine.
+Note: The current design of eng_cryptodev for digests operations assumes
+      the presence of all the data before processing (this is suboptimal
+      with cryptodev-linux because Linux kernel has support for digest-update
+      operations and there is no need to accumulate the input data).
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 76 ++++++++++++++++---------------------------
+ 1 file changed, 28 insertions(+), 48 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 16e6fd9..048e050 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -1590,24 +1590,25 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+                                    size_t count)
+ {
+-    struct crypt_op cryp;
+     struct dev_crypto_state *state = ctx->md_data;
+-    struct session_op *sess = &state->d_sess;
+ 
+-    if (!data || state->d_fd < 0) {
+    if (!data || !count) {
+         printf("cryptodev_digest_update: illegal inputs \n");
+-        return (0);
+-    }
+-
+-    if (!count) {
+-        return (0);
+        return 0;
+     }
+ 
+-    if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
+-        /* if application doesn't support one buffer */
+    /*
+     * Accumulate input data if it is scattered in several buffers. TODO:
+     * Depending on number of calls and data size, this code can be optimized
+     * to take advantage of Linux kernel crypto API, balancing between
+     * cryptodev calls and accumulating small amounts of data
+     */
+    if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) {
+        state->mac_data = data;
+        state->mac_len = count;
+    } else {
+         state->mac_data =
+             OPENSSL_realloc(state->mac_data, state->mac_len + count);
+-
+         if (!state->mac_data) {
+             printf("cryptodev_digest_update: realloc failed\n");
+             return (0);
+@@ -1615,23 +1616,9 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+ 
+         memcpy(state->mac_data + state->mac_len, data, count);
+         state->mac_len += count;
+-
+-        return (1);
+     }
+ 
+-    memset(&cryp, 0, sizeof(cryp));
+-
+-    cryp.ses = sess->ses;
+-    cryp.flags = 0;
+-    cryp.len = count;
+-    cryp.src = (caddr_t) data;
+-    cryp.dst = NULL;
+-    cryp.mac = (caddr_t) state->digest_res;
+-    if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+-        printf("cryptodev_digest_update: digest failed\n");
+-        return (0);
+-    }
+-    return (1);
+    return 1;
+ }
+ 
+ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+@@ -1640,33 +1627,25 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+     struct dev_crypto_state *state = ctx->md_data;
+     struct session_op *sess = &state->d_sess;
+ 
+-    int ret = 1;
+-
+     if (!md || state->d_fd < 0) {
+         printf("cryptodev_digest_final: illegal input\n");
+         return (0);
+     }
+ 
+-    if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
+-        /* if application doesn't support one buffer */
+-        memset(&cryp, 0, sizeof(cryp));
+-        cryp.ses = sess->ses;
+-        cryp.flags = 0;
+-        cryp.len = state->mac_len;
+-        cryp.src = state->mac_data;
+-        cryp.dst = NULL;
+-        cryp.mac = (caddr_t) md;
+-        if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+-            printf("cryptodev_digest_final: digest failed\n");
+-            return (0);
+-        }
+    memset(&cryp, 0, sizeof(cryp));
+ 
+-        return 1;
+-    }
+    cryp.ses = sess->ses;
+    cryp.flags = 0;
+    cryp.len = state->mac_len;
+    cryp.src = state->mac_data;
+    cryp.mac = md;
+ 
+-    memcpy(md, state->digest_res, ctx->digest->md_size);
+    if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+        printf("cryptodev_digest_final: digest failed\n");
+        return (0);
+    }
+ 
+-    return (ret);
+    return (1);
+ }
+ 
+ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
+@@ -1683,11 +1662,11 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
+         return (0);
+     }
+ 
+-    if (state->mac_data) {
+    if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
+         OPENSSL_free(state->mac_data);
+-        state->mac_data = NULL;
+-        state->mac_len = 0;
+     }
+    state->mac_data = NULL;
+    state->mac_len = 0;
+ 
+     if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
+         printf("cryptodev_digest_cleanup: failed to close session\n");
+@@ -1695,6 +1674,7 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
+     } else {
+         ret = 1;
+     }
+
+     put_dev_crypto(state->d_fd);
+     state->d_fd = -1;
+ 
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch
new file mode 100644
index 000000000..46b3ced9c
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch
@@ -0,0 +1,108 @@
+From 2187b18ffe4851efcb6465ca02ac036d2fe031b8 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Tue, 15 Dec 2015 12:23:13 +0200
+Subject: [PATCH 27/48] cryptodev: put all digest ioctls into a single function
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 44 +++++++++++++++++++------------------------
+ 1 file changed, 19 insertions(+), 25 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 048e050..76faa35 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -1577,13 +1577,6 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+     sess->mackeylen = digest_key_length(ctx->digest->type);
+     sess->mac = digest;
+ 
+-    if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
+-        put_dev_crypto(state->d_fd);
+-        state->d_fd = -1;
+-        printf("cryptodev_digest_init: Open session failed\n");
+-        return (0);
+-    }
+-
+     return (1);
+ }
+ 
+@@ -1623,6 +1616,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+ 
+ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+ {
+    int ret = 1;
+     struct crypt_op cryp;
+     struct dev_crypto_state *state = ctx->md_data;
+     struct session_op *sess = &state->d_sess;
+@@ -1632,6 +1626,11 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+         return (0);
+     }
+ 
+    if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
+        printf("cryptodev_digest_init: Open session failed\n");
+        return (0);
+    }
+
+     memset(&cryp, 0, sizeof(cryp));
+ 
+     cryp.ses = sess->ses;
+@@ -1642,43 +1641,38 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+ 
+     if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+         printf("cryptodev_digest_final: digest failed\n");
+-        return (0);
+        ret = 0;
+     }
+ 
+-    return (1);
+    if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
+        printf("cryptodev_digest_cleanup: failed to close session\n");
+    }
+
+    return ret;
+ }
+ 
+ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
+ {
+-    int ret = 1;
+     struct dev_crypto_state *state = ctx->md_data;
+     struct session_op *sess = &state->d_sess;
+ 
+-    if (state == NULL)
+    if (state == NULL) {
+         return 0;
+-
+-    if (state->d_fd < 0) {
+-        printf("cryptodev_digest_cleanup: illegal input\n");
+-        return (0);
+     }
+ 
+     if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
+         OPENSSL_free(state->mac_data);
+     }
+-    state->mac_data = NULL;
+-    state->mac_len = 0;
+ 
+-    if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
+-        printf("cryptodev_digest_cleanup: failed to close session\n");
+-        ret = 0;
+-    } else {
+-        ret = 1;
+    if (state->d_fd >= 0) {
+        put_dev_crypto(state->d_fd);
+        state->d_fd = -1;
+     }
+ 
+-    put_dev_crypto(state->d_fd);
+-    state->d_fd = -1;
+    state->mac_data = NULL;
+    state->mac_len = 0;
+ 
+-    return (ret);
+    return 1;
+ }
+ 
+ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch
new file mode 100644
index 000000000..03d1b96a3
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch
@@ -0,0 +1,90 @@
+From 3dd41691dc8162ec26d188269934689ad834894c Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Tue, 15 Dec 2015 12:51:36 +0200
+Subject: [PATCH 28/48] cryptodev: fix debug print messages
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 76faa35..1585009 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -1563,13 +1563,13 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+ 
+     digest = digest_nid_to_cryptodev(ctx->digest->type);
+     if (digest == NID_undef) {
+-        printf("cryptodev_digest_init: Can't get digest \n");
+        printf("%s: Can't get digest\n", __func__);
+         return (0);
+     }
+ 
+     state->d_fd = get_dev_crypto();
+     if (state->d_fd < 0) {
+-        printf("cryptodev_digest_init: Can't get Dev \n");
+        printf("%s: Can't get Dev\n", __func__);
+         return (0);
+     }
+ 
+@@ -1586,7 +1586,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+     struct dev_crypto_state *state = ctx->md_data;
+ 
+     if (!data || !count) {
+-        printf("cryptodev_digest_update: illegal inputs \n");
+        printf("%s: illegal inputs\n", __func__);
+         return 0;
+     }
+ 
+@@ -1603,7 +1603,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+         state->mac_data =
+             OPENSSL_realloc(state->mac_data, state->mac_len + count);
+         if (!state->mac_data) {
+-            printf("cryptodev_digest_update: realloc failed\n");
+            printf("%s: realloc failed\n", __func__);
+             return (0);
+         }
+ 
+@@ -1622,12 +1622,12 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+     struct session_op *sess = &state->d_sess;
+ 
+     if (!md || state->d_fd < 0) {
+-        printf("cryptodev_digest_final: illegal input\n");
+        printf("%s: illegal input\n", __func__);
+         return (0);
+     }
+ 
+     if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
+-        printf("cryptodev_digest_init: Open session failed\n");
+        printf("%s: Open session failed\n", __func__);
+         return (0);
+     }
+ 
+@@ -1640,12 +1640,12 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+     cryp.mac = md;
+ 
+     if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+-        printf("cryptodev_digest_final: digest failed\n");
+        printf("%s: digest failed\n", __func__);
+         ret = 0;
+     }
+ 
+     if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
+-        printf("cryptodev_digest_cleanup: failed to close session\n");
+        printf("%s: failed to close session\n", __func__);
+     }
+ 
+     return ret;
+@@ -1700,7 +1700,7 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
+     if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
+         put_dev_crypto(dstate->d_fd);
+         dstate->d_fd = -1;
+-        printf("cryptodev_digest_init: Open session failed\n");
+        printf("%s: Open session failed\n", __func__);
+         return (0);
+     }
+ 
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch
new file mode 100644
index 000000000..3dc2b9226
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch
@@ -0,0 +1,91 @@
+From 3fe44ab50a87106af3349148e81ec8a1d524de82 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Tue, 15 Dec 2015 15:43:28 +0200
+Subject: [PATCH 29/48] cryptodev: use CIOCHASH ioctl for digest operations
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 34 +++++++++++-----------------------
+ 1 file changed, 11 insertions(+), 23 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 1585009..dc27b55 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -84,6 +84,7 @@ struct dev_crypto_state {
+     unsigned char *iv;
+     int ivlen;
+ # ifdef USE_CRYPTODEV_DIGESTS
+    struct hash_op_data hash_op;
+     char dummy_mac_key[HASH_MAX_LEN];
+     unsigned char digest_res[HASH_MAX_LEN];
+     char *mac_data;
+@@ -1556,7 +1557,7 @@ static int digest_key_length(int nid)
+ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+ {
+     struct dev_crypto_state *state = ctx->md_data;
+-    struct session_op *sess = &state->d_sess;
+    struct hash_op_data *hash_op = &state->hash_op;
+     int digest;
+ 
+     memset(state, 0, sizeof(struct dev_crypto_state));
+@@ -1573,9 +1574,9 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+         return (0);
+     }
+ 
+-    sess->mackey = state->dummy_mac_key;
+-    sess->mackeylen = digest_key_length(ctx->digest->type);
+-    sess->mac = digest;
+    hash_op->mac_op = digest;
+    hash_op->mackey = state->dummy_mac_key;
+    hash_op->mackeylen = digest_key_length(ctx->digest->type);
+ 
+     return (1);
+ }
+@@ -1617,37 +1618,24 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+ {
+     int ret = 1;
+-    struct crypt_op cryp;
+     struct dev_crypto_state *state = ctx->md_data;
+-    struct session_op *sess = &state->d_sess;
+    struct hash_op_data *hash_op = &state->hash_op;
+ 
+     if (!md || state->d_fd < 0) {
+         printf("%s: illegal input\n", __func__);
+         return (0);
+     }
+ 
+-    if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
+-        printf("%s: Open session failed\n", __func__);
+-        return (0);
+-    }
+-
+-    memset(&cryp, 0, sizeof(cryp));
+    hash_op->flags = 0;
+    hash_op->len = state->mac_len;
+    hash_op->src = state->mac_data;
+    hash_op->mac_result = md;
+ 
+-    cryp.ses = sess->ses;
+-    cryp.flags = 0;
+-    cryp.len = state->mac_len;
+-    cryp.src = state->mac_data;
+-    cryp.mac = md;
+-
+-    if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+    if (ioctl(state->d_fd, CIOCHASH, hash_op) < 0) {
+         printf("%s: digest failed\n", __func__);
+         ret = 0;
+     }
+ 
+-    if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
+-        printf("%s: failed to close session\n", __func__);
+-    }
+-
+     return ret;
+ }
+ 
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch
new file mode 100644
index 000000000..995a593f8
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch
@@ -0,0 +1,106 @@
+From 12fad710349bb72b7f95ee30b40c2e6dfbb5d373 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Wed, 13 Jan 2016 15:18:20 +0200
+Subject: [PATCH 30/48] cryptodev: reduce duplicated efforts for searching
+ inside digests table
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 44 ++++++++++++++++++-------------------------
+ 1 file changed, 18 insertions(+), 26 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index dc27b55..30713e5 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -1533,37 +1533,31 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+ 
+ # ifdef USE_CRYPTODEV_DIGESTS
+ 
+-/* convert digest type to cryptodev */
+-static int digest_nid_to_cryptodev(int nid)
+static int digest_nid_to_id(int nid)
+ {
+     int i;
+ 
+-    for (i = 0; digests[i].id; i++)
+-        if (digests[i].nid == nid)
+-            return (digests[i].id);
+-    return (0);
+-}
+-
+-static int digest_key_length(int nid)
+-{
+-    int i;
+-
+-    for (i = 0; digests[i].id; i++)
+-        if (digests[i].nid == nid)
+-            return digests[i].keylen;
+-    return (0);
+    for (i = 0;; i++) {
+        if ((digests[i].nid == nid) || (digests[i].id == 0)) {
+            break;
+        }
+    }
+    return i;
+ }
+ 
+ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+ {
+     struct dev_crypto_state *state = ctx->md_data;
+     struct hash_op_data *hash_op = &state->hash_op;
+-    int digest;
+    int id;
+ 
+     memset(state, 0, sizeof(struct dev_crypto_state));
+ 
+-    digest = digest_nid_to_cryptodev(ctx->digest->type);
+-    if (digest == NID_undef) {
+    id = digest_nid_to_id(ctx->digest->type);
+
+    hash_op->mac_op = digests[id].id;
+    hash_op->mackeylen = digests[id].keylen;
+    if (hash_op->mac_op == 0) {
+         printf("%s: Can't get digest\n", __func__);
+         return (0);
+     }
+@@ -1574,11 +1568,9 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+         return (0);
+     }
+ 
+-    hash_op->mac_op = digest;
+     hash_op->mackey = state->dummy_mac_key;
+-    hash_op->mackeylen = digest_key_length(ctx->digest->type);
+ 
+-    return (1);
+    return 1;
+ }
+ 
+ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+@@ -1668,7 +1660,7 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
+     struct dev_crypto_state *fstate = from->md_data;
+     struct dev_crypto_state *dstate = to->md_data;
+     struct session_op *sess;
+-    int digest;
+    int id;
+ 
+     if (dstate == NULL || fstate == NULL)
+         return 1;
+@@ -1677,11 +1669,11 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
+ 
+     sess = &dstate->d_sess;
+ 
+-    digest = digest_nid_to_cryptodev(to->digest->type);
+    id = digest_nid_to_id(to->digest->type);
+ 
+     sess->mackey = dstate->dummy_mac_key;
+-    sess->mackeylen = digest_key_length(to->digest->type);
+-    sess->mac = digest;
+    sess->mackeylen = digests[id].keylen;
+    sess->mac = digests[id].id;
+ 
+     dstate->d_fd = get_dev_crypto();
+ 
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch
new file mode 100644
index 000000000..fc23e0c1b
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch
@@ -0,0 +1,46 @@
+From 8cd09ffdfd7d9c25605401f1c0947b1b4acc6e57 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Mon, 8 Feb 2016 16:00:22 +0200
+Subject: [PATCH 31/48] cryptodev: remove not used local variables
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 30713e5..2734500 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -1634,7 +1634,6 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
+ {
+     struct dev_crypto_state *state = ctx->md_data;
+-    struct session_op *sess = &state->d_sess;
+ 
+     if (state == NULL) {
+         return 0;
+@@ -3939,7 +3938,6 @@ static int cryptodev_dh_keygen(DH *dh)
+     int ret = 1, q_len = 0;
+     unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL;
+     BIGNUM *pub_key = NULL, *priv_key = NULL;
+-    int generate_new_key = 1;
+ 
+     if (dh->priv_key)
+         priv_key = dh->priv_key;
+@@ -4061,11 +4059,9 @@ cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
+ {
+     struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
+     int ret = 1;
+-    int fd, p_len;
+    int p_len;
+     unsigned char *padded_pub_key = NULL, *p = NULL;
+ 
+-    fd = *(int *)cookie->eng_handle;
+-
+     memset(kop, 0, sizeof(struct crypt_kop));
+     kop->crk_op = CRK_DH_COMPUTE_KEY;
+     /* inputs: dh->priv_key pub_key dh->p key */
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch
new file mode 100644
index 000000000..9ff4d361a
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch
@@ -0,0 +1,27 @@
+From 335c80f847eacc573e10ba925b6a645963b16197 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Mon, 8 Feb 2016 17:22:49 +0200
+Subject: [PATCH 32/48] cryptodev: hide not used variable behind #ifndef
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 2 ++
+ 1 file changed, 2 insertions(+)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 2734500..5a68c76 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -412,7 +412,9 @@ static int open_dev_crypto(void)
+ static int get_dev_crypto(void)
+ {
+     static int fd = -1;
+# ifndef CRIOGET_NOT_NEEDED
+     int retfd;
+# endif
+ 
+     if (fd == -1)
+         fd = open_dev_crypto();
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch
new file mode 100644
index 000000000..82ccebad5
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch
@@ -0,0 +1,26 @@
+From 03bdddf1495707119e4fa0eda385ecdccf66cbd8 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Mon, 8 Feb 2016 16:08:25 +0200
+Subject: [PATCH 33/48] cryptodev: fix function declaration typo
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ crypto/engine/engine.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
+index f83ee73..c8efbe1 100644
+--- a/crypto/engine/engine.h
+++ b/crypto/engine/engine.h
+@@ -569,7 +569,7 @@ void ENGINE_set_async_map(ENGINE *e, int async_map);
+ int ENGINE_get_async_map(ENGINE *e);
+ int ENGINE_open_instance(ENGINE *e);
+ int ENGINE_close_instance(ENGINE *e, int fd);
+-void ENGINE_set_init_instance(ENGINE *e, int(*engine_init_instance)(void));
+void ENGINE_set_open_instance(ENGINE *e, int(*engine_open_instance)(void));
+ void ENGINE_set_close_instance(ENGINE *e, int(*engine_close_instance)(int));
+ void ENGINE_set_check_pkc_availability(ENGINE *e,
+        int (*check_pkc_availability)(int fd));
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch
new file mode 100644
index 000000000..84268c580
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch
@@ -0,0 +1,26 @@
+From 7012cf33a00618749319b1903f48ee3a35f5887b Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Mon, 8 Feb 2016 16:12:54 +0200
+Subject: [PATCH 34/48] cryptodev: fix incorrect function signature
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 5a68c76..cec6938 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -3148,7 +3148,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
+ }
+ 
+ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
+-                                  ECDSA_SIG *sig, EC_KEY *eckey)
+                                  const ECDSA_SIG *sig, EC_KEY *eckey)
+ {
+     BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL;
+     BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch
new file mode 100644
index 000000000..0e90d82bd
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch
@@ -0,0 +1,110 @@
+From 82612e3c4161ed6e10379841b953a0f56e557be4 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Mon, 8 Feb 2016 16:21:46 +0200
+Subject: [PATCH 35/48] cryptodev: fix warnings on excess elements in struct
+ initializer
+The initialization data for these structures had either missing or excess
+values and did not match the structure definitions.
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ crypto/dh/dh.h                |  6 +++---
+ crypto/dsa/dsa.h              | 11 ++++++-----
+ crypto/engine/eng_cryptodev.c | 11 ++++++-----
+ 3 files changed, 15 insertions(+), 13 deletions(-)
+diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
+index 31dd762..11c6c7d 100644
+--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
+@@ -123,9 +123,9 @@ struct dh_method {
+     int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a,
+                        const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                        BN_MONT_CTX *m_ctx);
+-       int (*compute_key_async)(unsigned char *key,const BIGNUM *pub_key,DH *dh,
+-                               struct pkc_cookie_s *cookie);
+-       int (*generate_key_async)(DH *dh, struct pkc_cookie_s *cookie);
+    int (*compute_key_async) (unsigned char *key, const BIGNUM *pub_key,
+                              DH *dh, struct pkc_cookie_s * cookie);
+    int (*generate_key_async) (DH *dh, struct pkc_cookie_s * cookie);
+     int (*init) (DH *dh);
+     int (*finish) (DH *dh);
+     int flags;
+diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
+index 8584731..ab52add 100644
+--- a/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
+@@ -139,10 +139,11 @@ struct dsa_method {
+     /* Can be null */
+     int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+-       int (*dsa_do_sign_async)(const unsigned char *dgst, int dlen, DSA *dsa,
+-                               DSA_SIG *sig, struct pkc_cookie_s *cookie);
+-       int (*dsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
+-                            DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie);
+    int (*dsa_do_sign_async) (const unsigned char *dgst, int dlen, DSA *dsa,
+                              DSA_SIG *sig, struct pkc_cookie_s * cookie);
+    int (*dsa_do_verify_async) (const unsigned char *dgst, int dgst_len,
+                                DSA_SIG *sig, DSA *dsa,
+                                struct pkc_cookie_s * cookie);
+     int (*init) (DSA *dsa);
+     int (*finish) (DSA *dsa);
+     int flags;
+@@ -154,7 +155,7 @@ struct dsa_method {
+                          BN_GENCB *cb);
+     /* If this is non-NULL, it is used to generate DSA keys */
+     int (*dsa_keygen) (DSA *dsa);
+-       int (*dsa_keygen_async)(DSA *dsa, struct pkc_cookie_s *cookie);
+    int (*dsa_keygen_async) (DSA *dsa, struct pkc_cookie_s * cookie);
+ };
+ 
+ struct dsa_st {
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index cec6938..407ea62 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -2892,11 +2892,13 @@ static DSA_METHOD cryptodev_dsa = {
+     NULL,
+     NULL,
+     NULL,
+-    NULL,
+     NULL,                       /* init */
+     NULL,                       /* finish */
+     0,                          /* flags */
+-    NULL                        /* app_data */
+    NULL,                       /* app_data */
+    NULL,
+    NULL,
+    NULL
+ };
+ 
+ static ECDSA_METHOD cryptodev_ecdsa = {
+@@ -2906,7 +2908,6 @@ static ECDSA_METHOD cryptodev_ecdsa = {
+     NULL,
+     NULL,
+     NULL,
+-    NULL,
+     0,                          /* flags */
+     NULL                        /* app_data */
+ };
+@@ -4483,14 +4484,14 @@ static DH_METHOD cryptodev_dh = {
+     NULL,
+     NULL,
+     0,                          /* flags */
+-    NULL                        /* app_data */
+    NULL,                       /* app_data */
+    NULL,                       /* generate_params */
+ };
+ 
+ static ECDH_METHOD cryptodev_ecdh = {
+     "cryptodev ECDH method",
+     NULL,                       /* cryptodev_ecdh_compute_key */
+     NULL,
+-    NULL,
+     0,                          /* flags */
+     NULL                        /* app_data */
+ };
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch
new file mode 100644
index 000000000..94b9f0f69
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch
@@ -0,0 +1,46 @@
+From 8ccc9b12954b7eb299020a1b15d9d1e5735779df Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Mon, 8 Feb 2016 16:36:33 +0200
+Subject: [PATCH 36/48] cryptodev: fix free on error path
+This was most likely a typo that escaped code review
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ crypto/ecdsa/ecs_locl.h       | 4 ++--
+ crypto/engine/eng_cryptodev.c | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h
+index 9b28c04..c3843c6 100644
+--- a/crypto/ecdsa/ecs_locl.h
+++ b/crypto/ecdsa/ecs_locl.h
+@@ -74,10 +74,10 @@ struct ecdsa_method {
+                              BIGNUM **r);
+     int (*ecdsa_do_verify) (const unsigned char *dgst, int dgst_len,
+                             const ECDSA_SIG *sig, EC_KEY *eckey);
+-        int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len,
+    int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len,
+                        const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey,
+                        ECDSA_SIG *sig, struct pkc_cookie_s *cookie);
+-       int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
+    int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
+                        const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie);
+ # if 0
+     int (*init) (EC_KEY *eckey);
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 407ea62..1b1fdc7 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -3424,7 +3424,7 @@ static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst,
+     if (!(sig->r = BN_new()) || !kop)
+         goto err;
+     if ((sig->s = BN_new()) == NULL) {
+-        BN_free(r);
+        BN_free(sig->r);
+         goto err;
+     }
+ 
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch
new file mode 100644
index 000000000..2e9567b3e
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch
@@ -0,0 +1,28 @@
+From b3d3b86063e65b84ce53f4653295e3f6a83d5794 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Mon, 8 Feb 2016 16:55:32 +0200
+Subject: [PATCH 37/48] cryptodev: fix return value on error
+Even though we're on error path, the operation is taken care of on
+software; return success (ret is 1)
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 1 -
+ 1 file changed, 1 deletion(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 1b1fdc7..8cd3aa3 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -2755,7 +2755,6 @@ cryptodev_dsa_do_sign_async(const unsigned char *dgst, int dlen, DSA *dsa,
+         sig->s = dsaret->s;
+         /* Call user callback immediately */
+         cookie->pkc_callback(cookie, 0);
+-        ret = dsaret;
+     }
+     return ret;
+ }
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch
new file mode 100644
index 000000000..6e083bad9
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch
@@ -0,0 +1,29 @@
+From dcc3254b6dbb8627dd710fa58585542b98c80394 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Mon, 8 Feb 2016 17:11:43 +0200
+Subject: [PATCH 38/48] cryptodev: match types with cryptodev.h
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 8cd3aa3..4613d2d 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -85,9 +85,9 @@ struct dev_crypto_state {
+     int ivlen;
+ # ifdef USE_CRYPTODEV_DIGESTS
+     struct hash_op_data hash_op;
+-    char dummy_mac_key[HASH_MAX_LEN];
+    unsigned char dummy_mac_key[HASH_MAX_LEN];
+     unsigned char digest_res[HASH_MAX_LEN];
+-    char *mac_data;
+    unsigned char *mac_data;
+     int mac_len;
+ # endif
+ };
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch
new file mode 100644
index 000000000..916c47e9d
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch
@@ -0,0 +1,30 @@
+From 605210c8ae9241cad6c4ec071f5193bf3e83b2d4 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Mon, 8 Feb 2016 17:15:25 +0200
+Subject: [PATCH 39/48] cryptodev: explicitly discard const qualifier
+The const qualifier is discarded by the assignment as a result of how
+the variables are defined. This patch drops the const qualifier
+explicitly to avoid build errors.
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 4613d2d..2791ca3 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -1592,7 +1592,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+      * cryptodev calls and accumulating small amounts of data
+      */
+     if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) {
+-        state->mac_data = data;
+        state->mac_data = (void *)data;
+         state->mac_len = count;
+     } else {
+         state->mac_data =
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch
new file mode 100644
index 000000000..2c61d9b88
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch
@@ -0,0 +1,95 @@
+From 45429e5ea075867f9219a6fcb233677d062a4451 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Tue, 9 Feb 2016 11:28:23 +0200
+Subject: [PATCH 40/48] cryptodev: replace caddr_t with void *
+This avoids warnings such as "pointer targets in assignment differ in
+signedness" when compiling the code
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 2791ca3..f172173 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -460,8 +460,8 @@ static int get_cryptodev_ciphers(const int **cnids)
+         return (0);
+     }
+     memset(&sess, 0, sizeof(sess));
+-    sess.key = (caddr_t) "123456789abcdefghijklmno";
+-    sess.mackey = (caddr_t) "123456789ABCDEFGHIJKLMNO";
+    sess.key = (void *)"123456789abcdefghijklmno";
+    sess.mackey = (void *)"123456789ABCDEFGHIJKLMNO";
+ 
+     for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+         if (ciphers[i].nid == NID_undef)
+@@ -501,7 +501,7 @@ static int get_cryptodev_digests(const int **cnids)
+         return (0);
+     }
+     memset(&sess, 0, sizeof(sess));
+-    sess.mackey = (caddr_t) "123456789abcdefghijklmno";
+    sess.mackey = (void *)"123456789abcdefghijklmno";
+     for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+         if (digests[i].nid == NID_undef)
+             continue;
+@@ -633,14 +633,14 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+     cryp.ses = sess->ses;
+     cryp.flags = 0;
+     cryp.len = inl;
+-    cryp.src = (caddr_t) in;
+-    cryp.dst = (caddr_t) out;
+    cryp.src = (void *)in;
+    cryp.dst = (void *)out;
+     cryp.mac = 0;
+ 
+     cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+ 
+     if (ctx->cipher->iv_len) {
+-        cryp.iv = (caddr_t) ctx->iv;
+        cryp.iv = (void *)ctx->iv;
+         if (!ctx->encrypt) {
+             iiv = in + inl - ctx->cipher->iv_len;
+             memcpy(save_iv, iiv, ctx->cipher->iv_len);
+@@ -701,15 +701,15 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+     }
+     cryp.ses = sess->ses;
+     cryp.len = state->len;
+-    cryp.src = (caddr_t) in;
+-    cryp.dst = (caddr_t) out;
+    cryp.src = (void *)in;
+    cryp.dst = (void *)out;
+     cryp.auth_src = state->aad;
+     cryp.auth_len = state->aad_len;
+ 
+     cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+ 
+     if (ctx->cipher->iv_len) {
+-        cryp.iv = (caddr_t) ctx->iv;
+        cryp.iv = (void *)ctx->iv;
+         if (!ctx->encrypt) {
+             iiv = in + len - ctx->cipher->iv_len;
+             memcpy(save_iv, iiv, ctx->cipher->iv_len);
+@@ -761,7 +761,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+     if ((state->d_fd = get_dev_crypto()) < 0)
+         return (0);
+ 
+-    sess->key = (caddr_t) key;
+    sess->key = (void *)key;
+     sess->keylen = ctx->key_len;
+     sess->cipher = cipher;
+ 
+@@ -804,7 +804,7 @@ static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx,
+ 
+     memset(sess, 0, sizeof(struct session_op));
+ 
+-    sess->key = (caddr_t) key;
+    sess->key = (void *)key;
+     sess->keylen = ctx->key_len;
+     sess->cipher = cipher;
+ 
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
new file mode 100644
index 000000000..552504548
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
@@ -0,0 +1,49 @@
+From f10d471839dff079a23d79d1b4ecb3e3e6529283 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Mon, 8 Feb 2016 17:04:25 +0200
+Subject: [PATCH 41/48] cryptodev: check for errors inside
+ cryptodev_rsa_mod_exp
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 24 ++++++++++++++++++------
+ 1 file changed, 18 insertions(+), 6 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index f172173..695848d 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -2054,12 +2054,24 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+     kop.crk_status = 0;
+     kop.crk_op = CRK_MOD_EXP_CRT;
+     f_len = BN_num_bytes(rsa->n);
+-    spcf_bn2bin_ex(I, &f, &f_len);
+-    spcf_bn2bin(rsa->p, &p, &p_len);
+-    spcf_bn2bin(rsa->q, &q, &q_len);
+-    spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
+-    spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
+-    spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
+    if (spcf_bn2bin_ex(I, &f, &f_len) != 0) {
+        goto err;
+    }
+    if (spcf_bn2bin(rsa->p, &p, &p_len) != 0) {
+        goto err;
+    }
+    if (spcf_bn2bin(rsa->q, &q, &q_len) != 0) {
+        goto err;
+    }
+    if (spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len) != 0) {
+        goto err;
+    }
+    if (spcf_bn2bin_ex(rsa->iqmp, &c, &p_len) != 0) {
+        goto err;
+    }
+    if (spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len) != 0) {
+        goto err;
+    }
+     /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
+     kop.crk_param[0].crp_p = p;
+     kop.crk_param[0].crp_nbits = p_len * 8;
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
new file mode 100644
index 000000000..218accb18
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
@@ -0,0 +1,69 @@
+From 402a2e4da471728fa537462d7a13aa35955cd6d8 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Tue, 9 Feb 2016 11:47:52 +0200
+Subject: [PATCH 42/48] cryptodev: check for errors inside
+ cryptodev_rsa_mod_exp_async
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 33 +++++++++++++++++++++++++--------
+ 1 file changed, 25 insertions(+), 8 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 695848d..8e84972 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -2109,25 +2109,42 @@ static int
+ cryptodev_rsa_mod_exp_async(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+                             BN_CTX *ctx, struct pkc_cookie_s *cookie)
+ {
+-    struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
+    struct crypt_kop *kop;
+     int ret = 1, f_len, p_len, q_len;
+     unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq =
+         NULL, *c = NULL;
+ 
+-    if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp || !kop) {
+    if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+         return (0);
+     }
+ 
+    kop = malloc(sizeof(struct crypt_kop));
+    if (kop == NULL) {
+        goto err;
+    }
+
+     kop->crk_oparams = 0;
+     kop->crk_status = 0;
+     kop->crk_op = CRK_MOD_EXP_CRT;
+     f_len = BN_num_bytes(rsa->n);
+-    spcf_bn2bin_ex(I, &f, &f_len);
+-    spcf_bn2bin(rsa->p, &p, &p_len);
+-    spcf_bn2bin(rsa->q, &q, &q_len);
+-    spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
+-    spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
+-    spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
+    if (spcf_bn2bin_ex(I, &f, &f_len) != 0) {
+        goto err;
+    }
+    if (spcf_bn2bin(rsa->p, &p, &p_len) != 0) {
+        goto err;
+    }
+    if (spcf_bn2bin(rsa->q, &q, &q_len) != 0) {
+        goto err;
+    }
+    if (spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len) != 0) {
+        goto err;
+    }
+    if (spcf_bn2bin_ex(rsa->iqmp, &c, &p_len) != 0) {
+        goto err;
+    }
+    if (spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len) != 0) {
+        goto err;
+    }
+     /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
+     kop->crk_param[0].crp_p = p;
+     kop->crk_param[0].crp_nbits = p_len * 8;
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
new file mode 100644
index 000000000..931141de6
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
@@ -0,0 +1,52 @@
+From c8a5f714d35c3bd63d2511ad69e0661a7d1d5dcd Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Tue, 9 Feb 2016 11:53:22 +0200
+Subject: [PATCH 43/48] cryptodev: check for errors inside
+ cryptodev_dh_compute_key
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 15 +++++++++++----
+ 1 file changed, 11 insertions(+), 4 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 8e84972..55b2047 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -4043,11 +4043,15 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+     memset(&kop, 0, sizeof kop);
+     kop.crk_op = CRK_DH_COMPUTE_KEY;
+     /* inputs: dh->priv_key pub_key dh->p key */
+-    spcf_bn2bin(dh->p, &p, &p_len);
+-    spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
+-    if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
+    if (spcf_bn2bin(dh->p, &p, &p_len) != 0) {
+         goto sw_try;
+-
+    }
+    if (spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len) != 0) {
+        goto sw_try;
+    }
+    if (bn2crparam(dh->priv_key, &kop.crk_param[0]) != 0) {
+        goto sw_try;
+    }
+     kop.crk_param[1].crp_p = padded_pub_key;
+     kop.crk_param[1].crp_nbits = p_len * 8;
+     kop.crk_param[2].crp_p = p;
+@@ -4074,10 +4078,13 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+     kop.crk_param[3].crp_p = NULL;
+     zapparams(&kop);
+     return (dhret);
+
+  sw_try:
+     {
+         const DH_METHOD *meth = DH_OpenSSL();
+ 
+        free(p);
+        free(padded_pub_key);
+         dhret = (meth->compute_key) (key, pub_key, dh);
+     }
+     return (dhret);
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
new file mode 100644
index 000000000..be9964358
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
@@ -0,0 +1,76 @@
+From 42a1c45091ab7996c4411f3dd74539c908c63208 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Tue, 9 Feb 2016 11:53:33 +0200
+Subject: [PATCH 44/48] cryptodev: check for errors inside
+ cryptodev_dh_compute_key_async
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 29 +++++++++++++++++++++--------
+ 1 file changed, 21 insertions(+), 8 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 55b2047..e0f9d4b 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -4095,19 +4095,28 @@ static int
+ cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
+                                DH *dh, struct pkc_cookie_s *cookie)
+ {
+-    struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
+    struct crypt_kop *kop;
+     int ret = 1;
+     int p_len;
+     unsigned char *padded_pub_key = NULL, *p = NULL;
+ 
+    kop = malloc(sizeof(struct crypt_kop));
+    if (kop == NULL) {
+        goto err;
+    }
+
+     memset(kop, 0, sizeof(struct crypt_kop));
+     kop->crk_op = CRK_DH_COMPUTE_KEY;
+     /* inputs: dh->priv_key pub_key dh->p key */
+-    spcf_bn2bin(dh->p, &p, &p_len);
+-    spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
+-
+-    if (bn2crparam(dh->priv_key, &kop->crk_param[0]))
+    if (spcf_bn2bin(dh->p, &p, &p_len) != 0) {
+        goto err;
+    }
+    if (spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len) != 0) {
+         goto err;
+    }
+    if (bn2crparam(dh->priv_key, &kop->crk_param[0]) != 0) {
+        goto err;
+    }
+     kop->crk_param[1].crp_p = padded_pub_key;
+     kop->crk_param[1].crp_nbits = p_len * 8;
+     kop->crk_param[2].crp_p = p;
+@@ -4119,16 +4128,20 @@ cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
+     kop->crk_param[3].crp_nbits = p_len * 8;
+     kop->crk_oparams = 1;
+ 
+-    if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
+    if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) {
+         goto err;
+    }
+ 
+     return p_len;
+  err:
+     {
+         const DH_METHOD *meth = DH_OpenSSL();
+-
+-        if (kop)
+        free(p);
+        free(padded_pub_key);
+        if (kop) {
+             free(kop);
+        }
+
+         ret = (meth->compute_key) (key, pub_key, dh);
+         /* Call user cookie handler */
+         cookie->pkc_callback(cookie, 0);
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch
new file mode 100644
index 000000000..11f1a5411
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch
@@ -0,0 +1,38 @@
+From 528e4965e536d31cdccb11abe5e04db28a1008a8 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Tue, 9 Feb 2016 12:11:32 +0200
+Subject: [PATCH 45/48] cryptodev: change signature for conversion functions
+These functions are called with const BIGNUMs, so we change the
+signatures to avoid compilation warnings
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index e0f9d4b..3024a68 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -145,7 +145,7 @@ const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256;
+ const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256;
+ 
+-inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
+inline int spcf_bn2bin(const BIGNUM *bn, unsigned char **bin, int *bin_len)
+ {
+     int len;
+     unsigned char *p;
+@@ -167,7 +167,7 @@ inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
+     return 0;
+ }
+ 
+-inline int spcf_bn2bin_ex(BIGNUM *bn, unsigned char **bin, int *bin_len)
+inline int spcf_bn2bin_ex(const BIGNUM *bn, unsigned char **bin, int *bin_len)
+ {
+     int len;
+     unsigned char *p;
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch
new file mode 100644
index 000000000..e7a5aa32f
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch
@@ -0,0 +1,26 @@
+From b27823ac9f460c96a72d9003e2e134c1288ac85f Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Tue, 9 Feb 2016 12:13:59 +0200
+Subject: [PATCH 46/48] cryptodev: add explicit cast for known BIGNUM values
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 3024a68..539be62 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -4014,7 +4014,7 @@ static int cryptodev_dh_keygen(DH *dh)
+     }
+ 
+     /* pub_key is or prime length while priv key is of length of order */
+-    if (cryptodev_asym(&kop, q_len, w, q_len, s))
+    if (cryptodev_asym(&kop, q_len, (BIGNUM *)w, q_len, (BIGNUM *)s))
+         goto sw_try;
+ 
+     dh->pub_key = BN_bin2bn(w, q_len, pub_key);
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch
new file mode 100644
index 000000000..2163998bd
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch
@@ -0,0 +1,28 @@
+From 596735ad86a3dae987e19c21ef22259179966fc6 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Mon, 8 Feb 2016 15:15:02 +0200
+Subject: [PATCH 47/48] cryptodev: treat all build warnings as errors
+This patch has the purpose of maintaining a higher level of code quality.
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ crypto/engine/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/crypto/engine/Makefile b/crypto/engine/Makefile
+index 426388e..010f21d 100644
+--- a/crypto/engine/Makefile
+++ b/crypto/engine/Makefile
+@@ -10,7 +10,7 @@ CFLAG=-g
+ MAKEFILE=      Makefile
+ AR=            ar r
+ 
+-CFLAGS= $(INCLUDES) $(CFLAG)
+CFLAGS= -Wall -Werror $(INCLUDES) $(CFLAG)
+ 
+ GENERAL=Makefile
+ TEST= enginetest.c
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch
new file mode 100644
index 000000000..d7b84e6ab
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch
@@ -0,0 +1,29 @@
+From 116bd4f6f1ee5acdb997d414902d9646b24df1be Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Wed, 6 Apr 2016 15:22:58 +0300
+Subject: [PATCH 48/48] fix 'maclen is used uninitialized' warning on some
+ compilers
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ crypto/engine/eng_cryptodev.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 539be62..35b71b0 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -905,6 +905,10 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
+                 maclen = SHA256_DIGEST_LENGTH;
+                 aad_needs_fix = true;
+                 break;
+            default:
+                fprintf(stderr, "%s: unsupported NID: %d\n",
+                        __func__, ctx->cipher->nid);
+                return -1;
+             }
+ 
+             /* Correct length for AAD Length field */
+-- 
+2.7.0
diff --git a/recipes-connectivity/openssl/openssl-qoriq/run-ptest b/recipes-connectivity/openssl/openssl-qoriq/run-ptest
new file mode 100755
index 000000000..3b20fce1e
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/run-ptest
@@ -0,0 +1,2 @@
+#!/bin/sh
+make -k runtest
diff --git a/recipes-connectivity/openssl/openssl-qoriq_1.0.1i.bb b/recipes-connectivity/openssl/openssl-qoriq_1.0.1i.bb
deleted file mode 100644
index 3b9d56eb0..000000000
--- a/recipes-connectivity/openssl/openssl-qoriq_1.0.1i.bb
+++ /dev/null
@@ -1,96 +0,0 @@
-require openssl-qoriq.inc
-# For target side versions of openssl enable support for cryptodev Linux driver
-# if they are available.
-DEPENDS_class-target += "cryptodev-linux"
-CFLAG_class-target += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
-export DIRS = "crypto ssl apps engines"
-export OE_LDFLAGS="${LDFLAGS}"
-SRC_URI += "file://configure-targets.patch \
-            file://shared-libs.patch \
-            file://oe-ldflags.patch \
-            file://engines-install-in-libdir-ssl.patch \
-            file://openssl-fix-link.patch \
-            file://debian/version-script.patch \
-            file://debian/pic.patch \
-            file://debian/c_rehash-compat.patch \
-            file://debian/ca.patch \
-            file://debian/make-targets.patch \
-            file://debian/no-rpath.patch \
-            file://debian/man-dir.patch \
-            file://debian/man-section.patch \
-            file://debian/no-symbolic.patch \
-            file://debian/debian-targets.patch \
-            file://openssl_fix_for_x32.patch \
-            file://fix-cipher-des-ede3-cfb1.patch \
-            file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
-            file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \
-            file://initial-aarch64-bits.patch \
-            file://find.pl \
-            file://openssl-fix-des.pod-error.patch \
-           "
-SRC_URI_append_class-target = "\
-        file://qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch \
-        file://qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch \
-        file://qoriq/0003-cryptodev-fix-algorithm-registration.patch \
-        file://qoriq/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch \
-        file://qoriq/0005-ECC-Support-header-for-Cryptodev-Engine.patch \
-        file://qoriq/0006-Fixed-private-key-support-for-DH.patch \
-        file://qoriq/0007-Fixed-private-key-support-for-DH.patch \
-        file://qoriq/0008-Initial-support-for-PKC-in-cryptodev-engine.patch \
-        file://qoriq/0009-Added-hwrng-dev-file-as-source-of-RNG.patch \
-        file://qoriq/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch \
-        file://qoriq/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch \
-        file://qoriq/0012-RSA-Keygen-Fix.patch \
-        file://qoriq/0013-Removed-local-copy-of-curve_t-type.patch \
-        file://qoriq/0014-Modulus-parameter-is-not-populated-by-dhparams.patch \
-        file://qoriq/0015-SW-Backoff-mechanism-for-dsa-keygen.patch \
-        file://qoriq/0016-Fixed-DH-keygen-pair-generator.patch \
-        file://qoriq/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch \
-        file://qoriq/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch \
-        file://qoriq/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch \
-        file://qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch \
-        file://qoriq/0021-cryptodev-drop-redundant-function.patch \
-        file://qoriq/0022-cryptodev-do-not-zero-the-buffer-before-use.patch \
-        file://qoriq/0023-cryptodev-clean-up-code-layout.patch \
-        file://qoriq/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch \
-        file://qoriq/0025-cryptodev-put_dev_crypto-should-be-an-int.patch \
-        file://qoriq/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch \
-"
-SRC_URI[md5sum] = "c8dc151a671b9b92ff3e4c118b174972"
-SRC_URI[sha256sum] = "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7"
-PACKAGES =+ " \
-        ${PN}-engines-dbg \
-        ${PN}-engines \
-"
-FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
-FILES_${PN}-engines-dbg = "${libdir}/engines/.debug ${libdir}/ssl/engines/.debug"
-PARALLEL_MAKE = ""
-PARALLEL_MAKEINST = ""
-# Digest offloading through cryptodev is not recommended because of the
-# performance penalty of the Openssl engine interface. Openssl generates a huge
-# number of calls to digest functions for even a small amount of work data.
-# For example there are 70 calls to cipher code and over 10000 to digest code
-# when downloading only 10 files of 700 bytes each.
-# Do not build OpenSSL with cryptodev digest support until engine digest
-# interface gets some rework:
-CFLAG_class-target := "${@'${CFLAG}'.replace('-DUSE_CRYPTODEV_DIGESTS', '')}"
-do_configure_prepend() {
-  cp ${WORKDIR}/find.pl ${S}/util/find.pl
-}
-RDEPENDS_${PN}_class-target += "cryptodev-module"
-COMPATIBLE_MACHINE = "(qoriq)"
diff --git a/recipes-connectivity/openssl/openssl-qoriq_1.0.2h.bb b/recipes-connectivity/openssl/openssl-qoriq_1.0.2h.bb
new file mode 100644
index 000000000..deb4fd7ce
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq_1.0.2h.bb
@@ -0,0 +1,111 @@
+require openssl-qoriq.inc
+DISABLE_STATIC = ""
+RRECOMMENDS_libcrypto += "cryptodev-module"
+COMPATIBLE_MACHINE = "(qoriq)"
+# For target side versions of openssl enable support for OCF Linux driver
+# if they are available.
+DEPENDS += "cryptodev-linux"
+CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"
+export DIRS = "crypto ssl apps engines"
+export OE_LDFLAGS="${LDFLAGS}"
+SRC_URI += "file://find.pl;subdir=${BP}/util/ \
+            file://run-ptest \
+            file://openssl-c_rehash.sh \
+            file://configure-targets.patch \
+            file://shared-libs.patch \
+            file://oe-ldflags.patch \
+            file://engines-install-in-libdir-ssl.patch \
+            file://debian1.0.2/block_diginotar.patch \
+            file://debian1.0.2/block_digicert_malaysia.patch \
+            file://debian/ca.patch \
+            file://debian/c_rehash-compat.patch \
+            file://debian/debian-targets.patch \
+            file://debian/man-dir.patch \
+            file://debian/man-section.patch \
+            file://debian/no-rpath.patch \
+            file://debian/no-symbolic.patch \
+            file://debian/pic.patch \
+            file://debian1.0.2/version-script.patch \
+            file://openssl_fix_for_x32.patch \
+            file://fix-cipher-des-ede3-cfb1.patch \
+            file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
+            file://openssl-fix-des.pod-error.patch \
+            file://Makefiles-ptest.patch \
+            file://ptest-deps.patch \
+            file://openssl-1.0.2a-x32-asm.patch \
+            file://ptest_makefile_deps.patch  \
+            file://configure-musl-target.patch \
+            file://parallel.patch \
+           "
+SRC_URI += "file://0001-remove-double-initialization-of-cryptodev-engine.patch \
+        file://0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch \
+        file://0003-cryptodev-fix-algorithm-registration.patch \
+        file://0004-ECC-Support-header-for-Cryptodev-Engine.patch \
+        file://0005-Initial-support-for-PKC-in-cryptodev-engine.patch \
+        file://0006-Added-hwrng-dev-file-as-source-of-RNG.patch \
+        file://0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch \
+        file://0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch \
+        file://0009-RSA-Keygen-Fix.patch \
+        file://0010-Removed-local-copy-of-curve_t-type.patch \
+        file://0011-Modulus-parameter-is-not-populated-by-dhparams.patch \
+        file://0012-SW-Backoff-mechanism-for-dsa-keygen.patch \
+        file://0013-Fixed-DH-keygen-pair-generator.patch \
+        file://0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch \
+        file://0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch \
+        file://0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch \
+        file://0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch \
+        file://0018-cryptodev-drop-redundant-function.patch \
+        file://0019-cryptodev-do-not-zero-the-buffer-before-use.patch \
+        file://0020-cryptodev-clean-up-code-layout.patch \
+        file://0021-cryptodev-do-not-cache-file-descriptor-in-open.patch \
+        file://0022-cryptodev-put_dev_crypto-should-be-an-int.patch \
+        file://0023-cryptodev-simplify-cryptodev-pkc-support-code.patch \
+        file://0024-cryptodev-clarify-code-remove-assignments-from-condi.patch \
+        file://0025-cryptodev-clean-up-context-state-before-anything-els.patch \
+        file://0026-cryptodev-remove-code-duplication-in-digest-operatio.patch \
+        file://0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch \
+        file://0028-cryptodev-fix-debug-print-messages.patch \
+        file://0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch \
+        file://0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch \
+        file://0031-cryptodev-remove-not-used-local-variables.patch \
+        file://0032-cryptodev-hide-not-used-variable-behind-ifndef.patch \
+        file://0033-cryptodev-fix-function-declaration-typo.patch \
+        file://0034-cryptodev-fix-incorrect-function-signature.patch \
+        file://0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch \
+        file://0036-cryptodev-fix-free-on-error-path.patch \
+        file://0037-cryptodev-fix-return-value-on-error.patch \
+        file://0038-cryptodev-match-types-with-cryptodev.h.patch \
+        file://0039-cryptodev-explicitly-discard-const-qualifier.patch \
+        file://0040-cryptodev-replace-caddr_t-with-void.patch \
+        file://0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch \
+        file://0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch \
+        file://0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch \
+        file://0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch \
+        file://0045-cryptodev-change-signature-for-conversion-functions.patch \
+        file://0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch \
+        file://0047-cryptodev-treat-all-build-warnings-as-errors.patch \
+        file://0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch \
+"
+SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0"
+SRC_URI[sha256sum] = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919"
+PACKAGES =+ "${PN}-engines"
+FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
+# The crypto_use_bigint patch means that perl's bignum module needs to be
+# installed, but some distributions (for example Fedora 23) don't ship it by
+# default.  As the resulting error is very misleading check for bignum before
+# building.
+do_configure_prepend() {
+        if ! perl -Mbigint -e true; then
+                bbfatal "The perl module 'bignum' was not found but this is required to build openssl.  Please install this module (often packaged as perl-bignum) and re-run bitbake."
+        fi
+}