Move meta-fsl-ppc content to layer root

This commit is just a rename of all contents of meta-fsl-ppc
subdirectory to this layer's root, merging the contents of common
files, subsequent changes are based on top of that.

Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>

107 files changed, 14340 insertions, 0 deletions

diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README
new file mode 100644
index 00000000..9578982d
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README
@@ -0,0 +1,77 @@
+test_setkey script usage
+
+The scripts in this directory may be used for testing
+native Linux IPsec with the talitos driver as a loadable module.
+
+It's assumed that these scripts have been placed in the directory
+named /test_setkey.
+
+The scripts setup_left and setup_right configure the ip addresses
+for two boards named 'left' and 'right', which are two gateways for
+an IPsec tunnel.  Connect the eth1 interfaces of left and right boards together.
+For smartbits testing, connect eth0 on each board to a smartbits port.
+For other testing (ping, netperf, iperf), connect eth0 on each board to another system.
+
+The scripts named left.conf-* and right.conf-* are setkey scripts
+which configure the IPsec SA and SPD entries.
+The scripts ending in -tunnel use tunnel mode IPsec, and the scripts
+ending in -transport used transport mode IPsec.
+Transport mode is useful for quickly testing security functionality
+using ping or netperf between two boards.
+Tunnel mode can be used for testing throughput using smartbits or other
+performance test equipment.
+
+There is a top level script called 'setup' which
+is used for a one-step setup on the left and right boards.
+'setup' uses two or three parameters. The first parameter is the side, left or right.
+The second parameter is the setkey suffix for the left.conf- and right.conf- files.
+If the third parameter is supplied, the setup will modprobe that name, so
+typically you should provide talitos as the third parameter if you want to load the driver.
+If you have built the talitos driver into the kernel, omit the third parameter to setup.
+You may test software encryption if talitos is built as a module and you omit the third parameter.
+
+Below are example uses of the 'setup' script.
+
+1) One-step setup for smartbits
+   Use a tunnel mode setup on each side.
+   AES-HMAC-SHA1: 
+   Left side:
+      /test_setkey/setup left aes-sha1-tunnel talitos
+   Right side:
+      /test_setkey/setup right aes-sha1-tunnel talitos
+
+   3DES-HMAC-SHA1:
+   Left side:
+      /test_setkey/setup left 3des-sha1-tunnel talitos
+   Right side:
+      /test_setkey/setup right 3des-sha1-tunnel talitos
+
+2) One-step setup for testing ping, netperf, or iperf between two boards. 
+   Use a transport mode setup on each side.
+   AES-HMAC-SHA1: 
+   Left side:
+      /test_setkey/setup left aes-sha1-transport talitos
+   Right side:
+      /test_setkey/setup right aes-sha1-transport talitos
+
+   3DES-HMAC-SHA1:
+   Left side:
+      /test_setkey/setup left 3des-sha1-transport talitos
+   Right side:
+      /test_setkey/setup right 3des-sha1-transport talitos
+
+3) Testing ipv4
+   To test ipv4 (with no security) over the two gateways, use steps below.
+   Testing ipv4 is helpful to get your smartbits configuration verified
+   and also establish a baseline performance for throughput.
+
+   On the left board:
+   cd /test_setkey
+   ./setup_left
+   ./left.ipv4
+
+   On the right board:
+   cd /test_setkey
+   ./setup_right
+   ./right.ipv4
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_left.conf-3des-sha1-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_left.conf-3des-sha1-tunnel
new file mode 100755
index 00000000..6bd6c5d8
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_left.conf-3des-sha1-tunnel
@@ -0,0 +1,32 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_right.conf-3des-sha1-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_right.conf-3des-sha1-tunnel
new file mode 100755
index 00000000..eebf307a
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_right.conf-3des-sha1-tunnel
@@ -0,0 +1,31 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board B setup
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/flush-setkey b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/flush-setkey
new file mode 100755
index 00000000..0be30562
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/flush-setkey
@@ -0,0 +1,4 @@
+#!/usr/sbin/setkey -f
+
+flush;
+spdflush;
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.left b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.left
new file mode 100644
index 00000000..d9d6c0c6
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.left
@@ -0,0 +1,29 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        charondebug="chd 2, knl 2"
+        crlcheckinterval=180
+        strictcrlpolicy=no
+        plutostart=no
+
+conn %default
+        ikelifetime=60m
+        keylife=20m
+        rekeymargin=3m
+        keyingtries=1
+        keyexchange=ikev2
+        type=tunnel
+        auth=esp
+        compress=no
+        mobike=no
+
+conn net-net
+        left=200.200.200.10
+        leftsubnet=192.168.1.0/24
+        leftcert=moonCert.pem
+        leftid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+        leftfirewall=yes
+        right=200.200.200.20
+        rightsubnet=192.168.2.0/24
+        rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
+        auto=add
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.right b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.right
new file mode 100644
index 00000000..c14dee2b
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.right
@@ -0,0 +1,28 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        charondebug="chd 2, knl 2"
+        crlcheckinterval=180
+        strictcrlpolicy=no
+        plutostart=no
+
+conn %default
+        ikelifetime=60m
+        keylife=20m
+        rekeymargin=3m
+        keyingtries=1
+        keyexchange=ikev2
+        auth=esp
+        compress=no
+        mobike=no
+
+conn net-net 
+        left=200.200.200.20
+        leftcert=sunCert.pem
+        leftid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
+        leftsubnet=192.168.2.0/24
+        leftfirewall=yes
+        right=200.200.200.10
+        rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+        rightsubnet=192.168.1.0/24
+        auto=add
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.left b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.left
new file mode 100644
index 00000000..e86d6aa5
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.left
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.right b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.right
new file mode 100644
index 00000000..1095b74c
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.right
@@ -0,0 +1,8 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA sunKey.pem
+
+
+
+
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.left b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.left
new file mode 100644
index 00000000..55025dbc
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.left
@@ -0,0 +1,39 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        plutodebug=control
+        crlcheckinterval=180
+        strictcrlpolicy=no
+        charonstart=no
+
+conn %default
+        ikelifetime=60m
+        keylife=20m
+        rekeymargin=3m
+        keyingtries=1
+        keyexchange=ikev1
+        left=200.200.200.10
+        leftcert=moonCert.pem
+        leftid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+        leftfirewall=yes
+
+conn net-net
+        left=%defaultroute
+        leftsubnet=192.168.1.0/24
+        leftcert=moonCert.pem
+        right=200.200.200.20
+        rightsubnet=192.168.2.0/24
+        rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
+        auto=add
+        
+conn host-host
+        left=%defaultroute
+        leftcert=moonCert.pem
+        right=200.200.200.20
+        rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
+        auto=add
+
+conn rw
+        leftsubnet=192.168.1.0/24
+        right=%any
+        auto=add
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.right b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.right
new file mode 100644
index 00000000..479791ea
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.right
@@ -0,0 +1,34 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        plutodebug=control
+        crlcheckinterval=180
+        strictcrlpolicy=no
+        charonstart=no
+
+conn %default
+        ikelifetime=60m
+        keylife=20m
+        rekeymargin=3m
+        keyingtries=1
+        keyexchange=ikev1
+        left=200.200.200.20
+        leftcert=sunCert.pem
+        leftid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
+        leftfirewall=yes
+
+conn net-net
+        left=%defaultroute
+        leftsubnet=192.168.2.0/24
+        leftcert=sunCert.pem
+        right=200.200.200.10
+        rightsubnet=192.168.1.0/24
+        rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+        auto=add
+
+conn host-host
+        left=%defaultroute
+        leftcert=sunCert.pem
+        right=200.200.200.10
+        rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+        auto=add
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-transport
new file mode 100755
index 00000000..5422771b
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.10
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E 3des-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E 3des-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-tunnel
new file mode 100755
index 00000000..52bf9c3f
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E 3des-cbc  0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E 3des-cbc  0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-transport
new file mode 100755
index 00000000..e5ee0054
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-transport
@@ -0,0 +1,22 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.10
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E 3des-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E 3des-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
+spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-tunnel
new file mode 100755
index 00000000..eb2881db
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E 3des-cbc  0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E 3des-cbc  0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-transport
new file mode 100755
index 00000000..b5286320
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.10
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E 3des-cbc       0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E 3des-cbc       0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-tunnel
new file mode 100755
index 00000000..e7726f08
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel
+    -E 3des-cbc       0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel
+    -E 3des-cbc       0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-transport
new file mode 100755
index 00000000..96f57837
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.10
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E aes-cbc    0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E aes-cbc    0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-tunnel
new file mode 100755
index 00000000..b2cf84bf
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E aes-cbc    0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E aes-cbc    0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-transport
new file mode 100755
index 00000000..f3ffaf5c
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-transport
@@ -0,0 +1,22 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.10
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E aes-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E aes-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
+spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-tunnel
new file mode 100755
index 00000000..1ab7874f
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E aes-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E aes-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-transport
new file mode 100755
index 00000000..d2645d6f
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.10
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E aes-cbc        0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E aes-cbc        0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-tunnel
new file mode 100755
index 00000000..8ed697d1
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel
+    -E aes-cbc        0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel
+    -E aes-cbc        0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-transport
new file mode 100755
index 00000000..84275d07
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.10
+
+flush;
+spdflush;
+
+# ESP SAs doing null encryption
+# and null authentication
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E null
+    -A null;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E null
+    -A null;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-tunnel
new file mode 100755
index 00000000..478d14a8
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
+# ESP SAs doing null encryption
+# and null authentication
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E null
+    -A null;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E null
+    -A null;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.ipv4 b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.ipv4
new file mode 100755
index 00000000..e219f2ad
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.ipv4
@@ -0,0 +1,2 @@
+set -v
+route add -net 192.168.2.0 netmask 255.255.255.0 gw 200.200.200.20
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonCert.pem b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonCert.pem
new file mode 100644
index 00000000..d5c970f4
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonCert.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEIjCCAwqgAwIBAgIBFzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTA5MDgyNzEwMDMzMloXDTE0MDgyNjEwMDMzMlowRjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHDAaBgNVBAMTE21vb24u
+c3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK
+L2M91Lu6BYYhWxWgMS9z9TMSTwszm5rhO7ZIsCtMRo4PAeYw+++SGXt3CPXb/+p+
+SWKGlm11rPE71eQ3ehgh2C3hAurfmWO0iQQaCw+fdreeIVCqOQIOP6UqZ327h5yY
+YpHk8VQv4vBJTpxclU1PqnWheqe1ZlLxsW773LRml/fQt/UgvJkCBTZZONLNMfK+
+7TDnYaVsAtncgvDN78nUNEe2qY92KK7SrBJ6SpUEg49m51F+XgsGcsgWVHS85on3
+Om/G48crLEVJjdu8CxewSRVgb+lPJWzHd8QsU0Vg/7vlqs3ZRMyNtNKrr4opSvVb
+A6agGlTXhDCreDiXU8KHAgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMAsGA1UdDwQE
+AwIDqDAdBgNVHQ4EFgQUapx00fiJeYn2WpTpifH6w2SdKS4wbQYDVR0jBGYwZIAU
+XafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQK
+ExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GC
+AQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzATBgNVHSUEDDAKBggr
+BgEFBQcDATA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
+b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCctXg2xeMozaTV
+jiBL1P8MY9uEH5JtU0EceQ1RbI5/2vGRdnECND9oADY5vamaaE2Mdq2Qh/vlXnML
+o3ii5ELjsQlYdTYZOcMOdcUUXYvbbFX1cwpkBhyBl1H25KptHcgQ/HnceKp3kOuq
+wYOYjgwePXulcpWXx0E2QtQCFQQZFPyEWeNJxH0oglg53QPXfHY9I2/Gukj5V0bz
+p7ME0Gs8KdnYdmbbDqzQgPsta96/m+HoJlsrVF+4Gqihj6BWMBQ2ybjPWZdG3oH9
+25cE8v60Ry98D0Z/tygbAUFnh5oOvaf642paVgc3aoA77I8U+UZjECxISoiHultY
+7QTufOwP
+-----END CERTIFICATE-----
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonKey.pem b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonKey.pem
new file mode 100644
index 00000000..4d99866f
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonKey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAyi9jPdS7ugWGIVsVoDEvc/UzEk8LM5ua4Tu2SLArTEaODwHm
+MPvvkhl7dwj12//qfklihpZtdazxO9XkN3oYIdgt4QLq35ljtIkEGgsPn3a3niFQ
+qjkCDj+lKmd9u4ecmGKR5PFUL+LwSU6cXJVNT6p1oXqntWZS8bFu+9y0Zpf30Lf1
+ILyZAgU2WTjSzTHyvu0w52GlbALZ3ILwze/J1DRHtqmPdiiu0qwSekqVBIOPZudR
+fl4LBnLIFlR0vOaJ9zpvxuPHKyxFSY3bvAsXsEkVYG/pTyVsx3fELFNFYP+75arN
+2UTMjbTSq6+KKUr1WwOmoBpU14Qwq3g4l1PChwIDAQABAoIBACBFB/Xqajv6fbn9
+K6pxrz02uXwGmacXAtVIDoPzejWmXS4QA4l17HrJDmelSnhelDKry8nnYHkTrTz7
+mn0wQ4HDWy86o/okJUG/TKRLd6bf79aRQqqohqd3iQkHk43GyzuXH+oGioVKF0fc
+ACDWw4wfjL7FMNdHCZ4Bz9DrHO/ysHe9B6rvSYm3VZRhSxaneIkaLkkDadKpVx3f
+XNFlMxY4qKPJYYSoJZ61iMqrO7+rnA93tmyDDs8PKU3BtnpfNrdePgleJHhk8Zqy
+Ev2/NOCSUxbKE8NCtLpGTs+T0qjjnu4k3WPd3ZOBAan0uPDekHZeHB/aXGLhYcxx
+J5SurqECgYEA+F1gppkER5Jtoaudt/CUpdQ1sR9wxf75VBqJ4FiYABGQz9xlG4oj
+zL/o572s0iV3bwFpnQa+WuWrxGkP6ZuB/Z82npc0N/vLou/b4dxvg4n7K+eOOEf0
+8FMjsse2tqTIXKCqcmQnR0NPQ1jwuvEKsXP5w/JOlnRXAXnd4jxsJI0CgYEA0GaT
+61ySttUW9jC3mxuY6jkQy8TEQqR3nOFvWwmCXIWOpN/MTTPus+Telxp/pdKhU+mo
+PmX3Unyne5PvwleWDq3YzltX5ZDZGJ5UJlKuNnfGIzQ6OcHRbb7zBpQG6qSRPuug
+bgo688hTnb1L59nK88zWVK45euf6pyuoI+SwIGMCgYEA7yvE8knyhBXvezuv0z1b
+eGHmHp5/VDwY0DQKSEAoiBBiWrkLqLybgwXf/KJ8dZZc8En08aFX2GLJyYe/KiB1
+ys3ypEBJqgvRayP+o/9KZ+qNNRd0rqAksPXvL7ABNNt0kzapTSVDae3Yu6s/j1am
+DIL5qAeERIDedG5uDPpQzdUCgYB7MtjpP63ABhLv8XbpbBQnCxtByw3W89F+Xcrt
+v55gQdhE4cSuMzA/CuMH4vNpPS6AI9aBJNhj3CtKo/cOJachAGb1/wvkO5ALvLW0
+fhZdPstUTnDJain7vfF/hwzbs/PlhXgu9T9KlLfRvXFdG+Sd4g8mumRiozcLkoRw
+y6XPTwKBgDJP+s9wXmdG90HST/aqC7FKrVXLpB63dY5swNUfQP6sa0pFnON0r0JC
+h/YCsGFFIAebQ2uOkM3g3f9nkwTp7910ov+/5uThvRI2w2BBPy0mVuALPjyyF1Z2
+cb9zpyKiIuXoXRCf4sd8r1lR9bn0Fxx0Svpxf+fpMGSI5quHNBKY
+-----END RSA PRIVATE KEY-----
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh
new file mode 100755
index 00000000..faefb245
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+#
+# Usage: ./pingsizes.sh 1440 20 (or greater)
+#
+
+PINGDEST=${PINGDEST:-200.200.200.10}
+k=$1
+lim="$((k+$2))"
+((k-=1))
+while [ "$k" != "$lim" ] ; do
+        echo -n "ping -s $((k+=1)) : "
+        ping -i 1000 -c 1 -s $k $PINGDEST | grep packets &
+        sleep 1
+        PID=`ps -eaf | grep 'ping -i' | grep -v grep | sed 's/[ ][ ]*/ /g' | cut -d " " -f 2`
+        if [ -n "$PID" ] ; then
+                echo "****************** killing $PID"
+                kill $PID > /dev/null
+        fi
+done
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizest.sh b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizest.sh
new file mode 100755
index 00000000..d5ff0f7d
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizest.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+#
+# Usage: ./pingsizes.sh 1440 20 (or greater)
+#
+
+PINGDEST=${PINGDEST:-200.200.200.10}
+k=$1
+lim="$((k+$2))"
+((k-=1))
+while [ "$k" != "$lim" ] ; do
+        echo ping -s $((k+=1))
+        ping -i 1000 -c 1 -s $k $PINGDEST &
+        sleep 1
+        PID=`ps -eaf | grep 'ping -i' | sed 's/[ ][ ]*/ /g' | cut -d " " -f 2`
+        if [ -n "$PID" ] ; then
+                echo "****************** killing $PID"
+                kill $PID
+        fi
+done
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/psk.txt b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/psk.txt
new file mode 100644
index 00000000..46c1ff41
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/psk.txt
@@ -0,0 +1,2 @@
+200.200.200.20 secretkeyracoon
+200.200.200.10 secretkeyracoon
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/racoon.conf b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/racoon.conf
new file mode 100644
index 00000000..cf561f51
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/racoon.conf
@@ -0,0 +1,22 @@
+path pre_shared_key "/test_setkey/psk.txt" ;
+
+        remote anonymous
+        {
+                exchange_mode main ;
+                lifetime time 1 hour ;
+                proposal {
+                        encryption_algorithm 3des;
+                        hash_algorithm sha1;
+                        authentication_method pre_shared_key ;
+                        dh_group 2 ;
+                }
+        }
+
+        sainfo anonymous
+        {
+                pfs_group 2;
+                lifetime time 1 hour ;
+                encryption_algorithm 3des ;
+                authentication_algorithm hmac_sha1 ;
+                compression_algorithm deflate ;
+        }
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-transport
new file mode 100755
index 00000000..7f82fb46
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.20
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E 3des-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E 3des-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-tunnel
new file mode 100755
index 00000000..5a752579
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board B setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E 3des-cbc  0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E 3des-cbc  0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-transport
new file mode 100755
index 00000000..6ef885d4
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-transport
@@ -0,0 +1,22 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.20
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E 3des-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E 3des-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
+# Security policies
+spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
+        esp/transport//require;
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-tunnel
new file mode 100755
index 00000000..16c31578
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-tunnel
@@ -0,0 +1,41 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board B setup
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E 3des-cbc  0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E 3des-cbc  0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-transport
new file mode 100755
index 00000000..b9772092
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.20
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E 3des-cbc       0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E 3des-cbc       0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-tunnel
new file mode 100755
index 00000000..e7c5b4e6
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel
+    -E 3des-cbc       0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel
+    -E 3des-cbc       0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-transport
new file mode 100755
index 00000000..5d55d001
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.20
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E aes-cbc    0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E aes-cbc    0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-tunnel
new file mode 100755
index 00000000..f49bd54a
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board B setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E aes-cbc    0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E aes-cbc    0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-transport
new file mode 100755
index 00000000..d9c65a45
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-transport
@@ -0,0 +1,22 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.20
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E aes-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E aes-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
+# Security policies
+spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
+        esp/transport//require;
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-tunnel
new file mode 100755
index 00000000..1f10136a
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-tunnel
@@ -0,0 +1,41 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board B setup
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E aes-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E aes-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-transport
new file mode 100755
index 00000000..817a8bd4
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.20
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E aes-cbc        0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E aes-cbc        0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-tunnel
new file mode 100755
index 00000000..9bca18fb
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel
+    -E aes-cbc        0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel
+    -E aes-cbc        0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-transport
new file mode 100755
index 00000000..26dfe2e1
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.20
+
+flush;
+spdflush;
+
+# ESP SAs doing null encryption
+# and null authentication
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E null
+    -A null;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E null
+    -A null;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-tunnel
new file mode 100755
index 00000000..bc4f38eb
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board B setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+
+# ESP SAs doing null encryption
+# and null authentication
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E null
+    -A null;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E null
+    -A null;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.ipv4 b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.ipv4
new file mode 100755
index 00000000..67cd1b2c
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.ipv4
@@ -0,0 +1,2 @@
+set -v
+route add -net 192.168.1.0 netmask 255.255.255.0 gw 200.200.200.10
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup
new file mode 100755
index 00000000..9e6fa7fa
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup
@@ -0,0 +1,47 @@
+# setup - quick setup for left or right side of ipsec test
+# see README for example use.
+
+SCRIPT_HOME=/test_setkey/
+cd $SCRIPT_HOME
+
+export PATH=$SCRIPT_HOME:$PATH
+
+if [ "$1" != "left" -a "$1" != "right" ] ; then
+        echo "Usage:    $0 side [config] [driver]"
+        echo "          where side is either left or right."
+        echo "          where config is either"
+        echo "                  aes-sha1-tunnel (default)"
+        echo "               or 3des-sha1-tunnel"
+        echo "          if driver is supplied, script does 'modprobe driver'"
+        exit 1
+fi
+
+SIDE=$1
+POLICY_CFG=$SIDE.conf
+DEFAULT_POLICY=aes-sha1-tunnel
+
+if [ -n "$2" ] ; then
+        POLICY=$2
+else
+        POLICY=$DEFAULT_POLICY
+fi
+
+SETKEY_FILE=$POLICY_CFG-$POLICY
+
+if [ ! -f $SETKEY_FILE ] ; then
+        echo "Missing setkey command file: $SETKEY_FILE"
+        exit 1
+fi
+
+# modprobe any driver name given as last parameter
+if [ -n "$3" ] ; then
+        modprobe $3
+fi
+
+SETUP_CMD_FILE=./setup_$SIDE
+. $SETUP_CMD_FILE
+
+$SETKEY_FILE
+
+setkey -D
+setkey -D -P
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_left b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_left
new file mode 100755
index 00000000..da769099
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_left
@@ -0,0 +1,13 @@
+# board on left setup
+set -v
+ifconfig eth0 down
+ifconfig eth0 hw ether 00:04:9F:11:22:33
+ifconfig eth0 192.168.1.130 netmask 255.255.255.0
+ifconfig eth0 up
+ifconfig eth1 down
+ifconfig eth1 hw ether 00:E0:0C:00:7D:FD
+ifconfig eth1 200.200.200.10 netmask 255.255.255.0
+ifconfig eth1 up
+arp -s 192.168.1.21 00:00:00:00:00:01
+route add default dev eth1
+echo 1 > /proc/sys/net/ipv4/ip_forward
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_right b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_right
new file mode 100755
index 00000000..f0e333ee
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_right
@@ -0,0 +1,13 @@
+# board on right setup
+set -v
+ifconfig eth0 down
+ifconfig eth0 hw ether 00:E0:0C:00:01:FD
+ifconfig eth0 192.168.2.130 netmask 255.255.255.0
+ifconfig eth0 up
+ifconfig eth1 down
+ifconfig eth1 hw ether 00:E0:0C:00:00:FD
+ifconfig eth1 200.200.200.20 netmask 255.255.255.0
+ifconfig eth1 up
+arp -s 192.168.2.21 00:00:00:00:00:02
+route add default dev eth1
+echo 1 > /proc/sys/net/ipv4/ip_forward
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan.conf b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan.conf
new file mode 100644
index 00000000..1701f4ab
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan.conf
@@ -0,0 +1,19 @@
+# strongswan.conf - strongSwan configuration file
+
+charon {
+        load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-raw updown
+        multiple_authentication = no
+}
+
+pluto {
+
+        # plugins to load in pluto
+        #load = aes des sha1 md5 sha2 hmac gmp random pubkey
+        
+}
+
+libstrongswan {
+
+        #  set to no, the DH exponent size is optimized
+        #  dh_exponent_ansi_x9_42 = no
+}
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswanCert.pem b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswanCert.pem
new file mode 100644
index 00000000..0865ad22
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswanCert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDuDCCAqCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTA0MDkxMDEwMDExOFoXDTE5MDkwNzEwMDExOFowRTELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u
+Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/y
+X2LqPVZuWLPIeknK86xhz6ljd3NNhC2z+P1uoCP3sBMuZiZQEjFzhnKcbXxCeo2f
+FnvhOOjrrisSuVkzuu82oxXD3fIkzuS7m9V4E10EZzgmKWIf+WuNRfbgAuUINmLc
+4YGAXBQLPyzpP4Ou48hhz/YQo58Bics6PHy5v34qCVROIXDvqhj91P8g+pS+F21/
+7P+CH2jRcVIEHZtG8M/PweTPQ95dPzpYd2Ov6SZ/U7EWmbMmT8VcUYn1aChxFmy5
+gweVBWlkH6MP+1DeE0/tL5c87xo5KCeGK8Tdqpe7sBRC4pPEEHDQciTUvkeuJ1Pr
+K+1LwdqRxo7HgMRiDw8CAwEAAaOBsjCBrzASBgNVHRMBAf8ECDAGAQH/AgEBMAsG
+A1UdDwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0j
+BGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkw
+FwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJv
+b3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACOSmqEBtBLR9aV3UyCI8gmzR5in
+Lte9aUXXS+qis6F2h2Stf4sN+Nl6Gj7REC6SpfEH4wWdwiUL5J0CJhyoOjQuDl3n
+1Dw3dE4/zqMZdyDKEYTU75TmvusNJBdGsLkrf7EATAjoi/nrTOYPPhSUZvPp/D+Y
+vORJ9Ej51GXlK1nwEB5iA8+tDYniNQn6BD1MEgIejzK+fbiy7braZB1kqhoEr2Si
+7luBSnU912sw494E88a2EWbmMvg2TVHPNzCpVkpNk7kifCiwmw9VldkqYy9y/lCa
+Epyp7lTfKw7cbD04Vk8QJW782L6Csuxkl346b17wmOqn8AZips3tFsuAY3w=
+-----END CERTIFICATE-----
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_left b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_left
new file mode 100755
index 00000000..e55c3e42
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_left
@@ -0,0 +1,10 @@
+#strongswan on left board
+set -v
+cp -rf ipsec.conf.left /etc/ipsec.conf
+cp -rf ipsec.secrets.left /etc/ipsec.secrets
+cp -rf strongswan.conf /etc/
+cp -rf strongswanCert.pem /etc/ipsec.d/cacerts/
+cp -rf moonCert.pem /etc/ipsec.d/certs/
+mkdir /etc/ipsec.d/private
+cp -rf sunKey.pem /etc/ipsec.d/private/
+cp -rf moonKey.pem /etc/ipsec.d/private/
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_right b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_right
new file mode 100755
index 00000000..bcdbb731
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_right
@@ -0,0 +1,10 @@
+#strongswan on left board
+set -v
+cp -rf ipsec.conf.right /etc/ipsec.conf
+cp -rf ipsec.secrets.right /etc/ipsec.secrets
+cp -rf strongswan.conf /etc/
+cp -rf strongswanCert.pem /etc/ipsec.d/cacerts/
+cp -rf sunCert.pem /etc/ipsec.d/certs/
+mkdir /etc/ipsec.d/private
+cp -rf sunKey.pem /etc/ipsec.d/private/
+cp -rf moonKey.pem /etc/ipsec.d/private/
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunCert.pem b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunCert.pem
new file mode 100644
index 00000000..d0937bab
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunCert.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEIDCCAwigAwIBAgIBFjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTA5MDgyNzA5NTkwNFoXDTE0MDgyNjA5NTkwNFowRTELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN1bi5z
+dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+V
+VIpn6Q5jaU//EN6p6A5cSfUfhBK0mFa2laFFZh/Y0h66AXqqrQ3X917h7YNsSk68
+oowY9h9I3gOx7hNVBsJr2VjdYC+b0q5NTha09/A5mimv/prYj6o0yawxoPjoDs9Y
+h7D7Kf+F8fkgk0stlHJZX66J7dNrFXbg1xBld+Ep5Or2FbEZ9QWUpRQTuhdpNt/4
+9YuxQ59DemY9IRbwsrKCHH0mGrJsDdqeb0ap+8QvSXHjCt1fr9MNKWaAFAQLKQI4
+e0da1ntPCEQLeE833+NNRBgGufk0KqGT3eAXqrxa9AEIUJnVcPexQdqUMjcUpXFb
+8WNzRWB8Egh3BDK6FsECAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD
+AgOoMB0GA1UdDgQWBBRW1p4v2qihzRlcI1PnxbZwluML+zBtBgNVHSMEZjBkgBRd
+p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT
+EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB
+ADAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dhbi5vcmcwEwYDVR0lBAwwCgYIKwYB
+BQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9y
+Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAo37LYT9Awx0MK/nA
+FZpPJqUr0Ey+O5Ukcsdx7nd00SlmpiQRY8KmuRXCBQnDEgdLstd3slQjT0pJEgWF
+0pzxybnI6eOzYAhLfhart+X1hURiNGbXjggm2s4I5+K32bVIkNEqlsYnd/6F9oo5
+ZNO0/eTTruLZfkNe/zchBGKe/Z7MacVwlYWWCbMtBV4K1d5dGcRRgpQ9WivDlmat
+Nh9wlscDSgSGk3HJkbxnq695VN7zUbDWAUvWWhV5bIDjlAR/xyT9ApqIxiyVVRul
+fYrE7U05Hbt6GgAroAKLp6qJup9+TxQAKSjKIwJ0hf7OuYyQ8TZtVHS7AOhm+T/5
+G/jGGA==
+-----END CERTIFICATE-----
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunKey.pem b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunKey.pem
new file mode 100644
index 00000000..d8fad9aa
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunKey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA35VUimfpDmNpT/8Q3qnoDlxJ9R+EErSYVraVoUVmH9jSHroB
+eqqtDdf3XuHtg2xKTryijBj2H0jeA7HuE1UGwmvZWN1gL5vSrk1OFrT38DmaKa/+
+mtiPqjTJrDGg+OgOz1iHsPsp/4Xx+SCTSy2Ucllfront02sVduDXEGV34Snk6vYV
+sRn1BZSlFBO6F2k23/j1i7FDn0N6Zj0hFvCysoIcfSYasmwN2p5vRqn7xC9JceMK
+3V+v0w0pZoAUBAspAjh7R1rWe08IRAt4Tzff401EGAa5+TQqoZPd4BeqvFr0AQhQ
+mdVw97FB2pQyNxSlcVvxY3NFYHwSCHcEMroWwQIDAQABAoIBADH51hjN2zk9HVgl
+QmcTAWzcUie5cLMhrP+M9mtC8O3jcCwwFY6OwfnbMU8DHy0GMqHg5lB8b99UUVPw
+HLAzjDw/ESkc6pgZs4EEhJTsxJLsvTnePgHssEgyXnXf7gRVEqJkPohfy+Zy0UCH
+eIUQXiMlOQ7xg7iDMhwNa+UdWSt539DztSKilQn2xdPZjFnMT0/prvl4NA/8Zn54
+/SdWDq5yRdLWb6EK1V7yJ3687GXR1jzGtgy7TXuncUJVTYgX7RdP1Tn6gWD8YAQ/
+RfT0DdWYm4WHSgSb9/NW8lBZH2yy3hg+lNgofXEvTfBkO5QyW31LIr0tCV6zhJIc
+Y9MxaKUCgYEA9sktaXfhPLe0ECjdeQEOq5EKuDrCviSKCOuAV4BDSOsdw6+5LWfY
+Vb/oke8N70lL3RCblcj1pOKWUi2O/SpEJdDRduiw2gM9cXt3/bChSTHC4TsIxxN/
+Db9OGg72kZ4sRY5Au+zyAAQYBwXhFWux194Jk5qK0JblNG9J5QMqZDcCgYEA5+5h
+BgHUMEO+pdME5lAiSc5PcNTejpA6j+OikCh4/HFXy3C/dLx+Cs1+egw64c8iVaIv
+NEo7n7E9I0e3XqanPRXhMnBRrP+39OVsWPmZ18Li2Hi84KwJyi8Y11l3XJOqaYpF
+wMVUuZpxR0dfG5k/5GwT/tEkmQBglOgG3m2zUMcCgYEA4m3Vd9ahV5dp5AXKpzKc
+JjiPMFfhxJo7+FEz0ZUCp03qYljBu/Jy4MKS/grrqyiCLdQGHNlk4SNxLvdUId78
+5gGBnuuDEJU2dAAIKUE9yq2YlBUZSacOxStI2snt28/X6P3LUWHm7LLU5OS1D3Vf
+mKPF/6MlSJuas5CEqVZNN+MCgYBH9Qh7IaQgmVQUBKVXg3Mv7OduvUyTdKIGtHxi
+N3xZ7hxsDP4JjNWaKmlcGmFGX8pqQRheI83d3NJ4GK8GmbP3Wst0p65fezMqsudr
+r30QmPFicgs/tYCQDw6o+aPzwAi2F+VOSqrfrtAIaldSq7hL+VA21dKB+cD9UgOX
+jPd+TwKBgQCbKeg2QNS2qhPIG9eaqJDROuxmxb/07d7OBctgMgxVvKhqW9hW42Sy
+gJ59fyz5QjFBaSfcOdf4gkKyEawVo45/q6ymIQU37R4vF4CW9Z3CfaIbwJp7LcHV
+zH07so/HNsZua6GWCSCLJU5MeCRiZzk2RFiS9KIaLP4gZndv4lXOiQ==
+-----END RSA PRIVATE KEY-----
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb b/recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb
new file mode 100644
index 00000000..56070605
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb
@@ -0,0 +1,25 @@
+SUMMARY = "Scripts and configuration files for ipsec demo"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+RDEPENDS_${PN} = "ipsec-tools"
+
+inherit allarch
+
+SRC_URI = "file://test_setkey"
+
+do_configure() {
+    :
+}
+
+do_compile() {
+    :
+}
+
+do_install(){
+    install -d  ${D}${datadir}
+    cp -a ${WORKDIR}/test_setkey ${D}${datadir}/
+}
+
+FILES_${PN} = "${datadir}/*"
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch
new file mode 100644
index 00000000..e7b874f5
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch
@@ -0,0 +1,83 @@
+From 9297e3834518ff0558d6e7004a62adfd107e659a Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Tue, 10 Sep 2013 12:46:46 +0300
+Subject: [PATCH 01/26] remove double initialization of cryptodev engine
+
+cryptodev engine is initialized together with the other engines in
+ENGINE_load_builtin_engines. The initialization done through
+OpenSSL_add_all_algorithms is redundant.
+
+Change-Id: Ic9488500967595543ff846f147b36f383db7cb27
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/17222
+---
+ crypto/engine/eng_all.c | 11 -----------
+ crypto/engine/engine.h  |  4 ----
+ crypto/evp/c_all.c      |  5 -----
+ util/libeay.num         |  2 +-
+ 4 files changed, 1 insertion(+), 21 deletions(-)
+
+diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
+index 6093376..f16c043 100644
+--- a/crypto/engine/eng_all.c
++++ b/crypto/engine/eng_all.c
+@@ -122,14 +122,3 @@ void ENGINE_load_builtin_engines(void)
+ #endif
+        ENGINE_register_all_complete();
+        }
+-
+-#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
+-void ENGINE_setup_bsd_cryptodev(void) {
+-       static int bsd_cryptodev_default_loaded = 0;
+-       if (!bsd_cryptodev_default_loaded) {
+-               ENGINE_load_cryptodev();
+-               ENGINE_register_all_complete();
+-       }
+-       bsd_cryptodev_default_loaded=1;
+-}
+-#endif
+diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
+index f8be497..237a6c9 100644
+--- a/crypto/engine/engine.h
++++ b/crypto/engine/engine.h
+@@ -740,10 +740,6 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
+  * values. */
+ void *ENGINE_get_static_state(void);
+ 
+-#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
+-void ENGINE_setup_bsd_cryptodev(void);
+-#endif
+-
+ /* BEGIN ERROR CODES */
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+  * made after this point may be overwritten when the script is next run.
+diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c
+index 766c4ce..5d6c21b 100644
+--- a/crypto/evp/c_all.c
++++ b/crypto/evp/c_all.c
+@@ -82,9 +82,4 @@ void OPENSSL_add_all_algorithms_noconf(void)
+        OPENSSL_cpuid_setup();
+        OpenSSL_add_all_ciphers();
+        OpenSSL_add_all_digests();
+-#ifndef OPENSSL_NO_ENGINE
+-# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
+-       ENGINE_setup_bsd_cryptodev();
+-# endif
+-#endif
+        }
+diff --git a/util/libeay.num b/util/libeay.num
+index aa86b2b..ae50040 100755
+--- a/util/libeay.num
++++ b/util/libeay.num
+@@ -2801,7 +2801,7 @@ BIO_indent                              3242      EXIST::FUNCTION:
+ BUF_strlcpy                             3243   EXIST::FUNCTION:
+ OpenSSLDie                              3244   EXIST::FUNCTION:
+ OPENSSL_cleanse                         3245   EXIST::FUNCTION:
+-ENGINE_setup_bsd_cryptodev              3246   EXIST:__FreeBSD__:FUNCTION:ENGINE
++ENGINE_setup_bsd_cryptodev              3246   NOEXIST::FUNCTION:
+ ERR_release_err_state_table             3247   EXIST::FUNCTION:LHASH
+ EVP_aes_128_cfb8                        3248   EXIST::FUNCTION:AES
+ FIPS_corrupt_rsa                        3249   NOEXIST::FUNCTION:
+-- 
+2.3.5
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch b/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
new file mode 100644
index 00000000..ab2b7ea9
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
@@ -0,0 +1,317 @@
+From dfd6ba263dc25ea2a4bbc32448b24ca2b1fc40e8 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Thu, 29 Aug 2013 16:51:18 +0300
+Subject: [PATCH 02/26] eng_cryptodev: add support for TLS algorithms offload
+
+- aes-128-cbc-hmac-sha1
+- aes-256-cbc-hmac-sha1
+
+Requires TLS patches on cryptodev and TLS algorithm support in Linux
+kernel driver.
+
+Change-Id: I43048caa348414daddd6c1a5cdc55e769ac1945f
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/17223
+---
+ crypto/engine/eng_cryptodev.c | 222 +++++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 211 insertions(+), 11 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 5a715ac..7588a28 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -72,6 +72,9 @@ ENGINE_load_cryptodev(void)
+ struct dev_crypto_state {
+        struct session_op d_sess;
+        int d_fd;
++       unsigned char *aad;
++       unsigned int aad_len;
++       unsigned int len;
+ 
+ #ifdef USE_CRYPTODEV_DIGESTS
+        char dummy_mac_key[HASH_MAX_LEN];
+@@ -140,17 +143,20 @@ static struct {
+        int     nid;
+        int     ivmax;
+        int     keylen;
++       int     mackeylen;
+ } ciphers[] = {
+-       { CRYPTO_ARC4,                  NID_rc4,                0,      16, },
+-       { CRYPTO_DES_CBC,               NID_des_cbc,            8,       8, },
+-       { CRYPTO_3DES_CBC,              NID_des_ede3_cbc,       8,      24, },
+-       { CRYPTO_AES_CBC,               NID_aes_128_cbc,        16,     16, },
+-       { CRYPTO_AES_CBC,               NID_aes_192_cbc,        16,     24, },
+-       { CRYPTO_AES_CBC,               NID_aes_256_cbc,        16,     32, },
+-       { CRYPTO_BLF_CBC,               NID_bf_cbc,             8,      16, },
+-       { CRYPTO_CAST_CBC,              NID_cast5_cbc,          8,      16, },
+-       { CRYPTO_SKIPJACK_CBC,          NID_undef,              0,       0, },
+-       { 0,                            NID_undef,              0,       0, },
++       { CRYPTO_ARC4,          NID_rc4,          0,  16, 0},
++       { CRYPTO_DES_CBC,       NID_des_cbc,      8,  8,  0},
++       { CRYPTO_3DES_CBC,      NID_des_ede3_cbc, 8,  24, 0},
++       { CRYPTO_AES_CBC,       NID_aes_128_cbc,  16, 16, 0},
++       { CRYPTO_AES_CBC,       NID_aes_192_cbc,  16, 24, 0},
++       { CRYPTO_AES_CBC,       NID_aes_256_cbc,  16, 32, 0},
++       { CRYPTO_BLF_CBC,       NID_bf_cbc,       8,  16, 0},
++       { CRYPTO_CAST_CBC,      NID_cast5_cbc,    8,  16, 0},
++       { CRYPTO_SKIPJACK_CBC,  NID_undef,        0,  0,  0},
++       { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
++       { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
++       { 0, NID_undef, 0, 0, 0},
+ };
+ 
+ #ifdef USE_CRYPTODEV_DIGESTS
+@@ -250,13 +256,15 @@ get_cryptodev_ciphers(const int **cnids)
+        }
+        memset(&sess, 0, sizeof(sess));
+        sess.key = (caddr_t)"123456789abcdefghijklmno";
++       sess.mackey = (caddr_t)"123456789ABCDEFGHIJKLMNO";
+ 
+        for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+                if (ciphers[i].nid == NID_undef)
+                        continue;
+                sess.cipher = ciphers[i].id;
+                sess.keylen = ciphers[i].keylen;
+-               sess.mac = 0;
++               sess.mackeylen = ciphers[i].mackeylen;
++
+                if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+                        nids[count++] = ciphers[i].nid;
+@@ -414,6 +422,67 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+        return (1);
+ }
+ 
++
++static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++               const unsigned char *in, size_t len)
++{
++       struct crypt_auth_op cryp;
++       struct dev_crypto_state *state = ctx->cipher_data;
++       struct session_op *sess = &state->d_sess;
++       const void *iiv;
++       unsigned char save_iv[EVP_MAX_IV_LENGTH];
++
++       if (state->d_fd < 0)
++               return (0);
++       if (!len)
++               return (1);
++       if ((len % ctx->cipher->block_size) != 0)
++               return (0);
++
++       memset(&cryp, 0, sizeof(cryp));
++
++       /* TODO: make a seamless integration with cryptodev flags */
++       switch (ctx->cipher->nid) {
++       case NID_aes_128_cbc_hmac_sha1:
++       case NID_aes_256_cbc_hmac_sha1:
++               cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
++       }
++       cryp.ses = sess->ses;
++       cryp.len = state->len;
++       cryp.src = (caddr_t) in;
++       cryp.dst = (caddr_t) out;
++       cryp.auth_src = state->aad;
++       cryp.auth_len = state->aad_len;
++
++       cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
++
++       if (ctx->cipher->iv_len) {
++               cryp.iv = (caddr_t) ctx->iv;
++               if (!ctx->encrypt) {
++                       iiv = in + len - ctx->cipher->iv_len;
++                       memcpy(save_iv, iiv, ctx->cipher->iv_len);
++               }
++       } else
++               cryp.iv = NULL;
++
++       if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
++               /* XXX need better errror handling
++                * this can fail for a number of different reasons.
++                */
++               return (0);
++       }
++
++       if (ctx->cipher->iv_len) {
++               if (ctx->encrypt)
++                       iiv = out + len - ctx->cipher->iv_len;
++               else
++                       iiv = save_iv;
++               memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
++       }
++       return (1);
++}
++
++
+ static int
+ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+     const unsigned char *iv, int enc)
+@@ -452,6 +521,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+        return (1);
+ }
+ 
++/* Save the encryption key provided by upper layers.
++ *
++ * This function is called by EVP_CipherInit_ex to initialize the algorithm's
++ * extra data. We can't do much here because the mac key is not available.
++ * The next call should/will be to cryptodev_cbc_hmac_sha1_ctrl with parameter
++ * EVP_CTRL_AEAD_SET_MAC_KEY, to set the hmac key. There we call CIOCGSESSION
++ * with both the crypto and hmac keys.
++ */
++static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx,
++               const unsigned char *key, const unsigned char *iv, int enc)
++{
++       struct dev_crypto_state *state = ctx->cipher_data;
++       struct session_op *sess = &state->d_sess;
++       int cipher = -1, i;
++
++       for (i = 0; ciphers[i].id; i++)
++               if (ctx->cipher->nid == ciphers[i].nid &&
++                   ctx->cipher->iv_len <= ciphers[i].ivmax &&
++                   ctx->key_len == ciphers[i].keylen) {
++                       cipher = ciphers[i].id;
++                       break;
++               }
++
++       if (!ciphers[i].id) {
++               state->d_fd = -1;
++               return (0);
++       }
++
++       memset(sess, 0, sizeof(struct session_op));
++
++       sess->key = (caddr_t)key;
++       sess->keylen = ctx->key_len;
++       sess->cipher = cipher;
++
++       /* for whatever reason, (1) means success */
++       return (1);
++}
++
++
+ /*
+  * free anything we allocated earlier when initting a
+  * session, and close the session.
+@@ -488,6 +596,63 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
+        return (ret);
+ }
+ 
++static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
++               void *ptr)
++{
++       switch (type) {
++       case EVP_CTRL_AEAD_SET_MAC_KEY:
++       {
++               /* TODO: what happens with hmac keys larger than 64 bytes? */
++               struct dev_crypto_state *state = ctx->cipher_data;
++               struct session_op *sess = &state->d_sess;
++
++               if ((state->d_fd = get_dev_crypto()) < 0)
++                       return (0);
++
++               /* the rest should have been set in cryptodev_init_aead_key */
++               sess->mackey = ptr;
++               sess->mackeylen = arg;
++
++               if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
++                       put_dev_crypto(state->d_fd);
++                       state->d_fd = -1;
++                       return (0);
++               }
++               return (1);
++       }
++       case EVP_CTRL_AEAD_TLS1_AAD:
++       {
++               /* ptr points to the associated data buffer of 13 bytes */
++               struct dev_crypto_state *state = ctx->cipher_data;
++               unsigned char *p = ptr;
++               unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
++               unsigned int maclen, padlen;
++               unsigned int bs = ctx->cipher->block_size;
++
++               state->aad = ptr;
++               state->aad_len = arg;
++               state->len = cryptlen;
++
++               /* TODO: this should be an extension of EVP_CIPHER struct */
++               switch (ctx->cipher->nid) {
++               case NID_aes_128_cbc_hmac_sha1:
++               case NID_aes_256_cbc_hmac_sha1:
++                       maclen = SHA_DIGEST_LENGTH;
++               }
++
++               /* space required for encryption (not only TLS padding) */
++               padlen = maclen;
++               if (ctx->encrypt) {
++                       cryptlen += maclen;
++                       padlen += bs - (cryptlen % bs);
++               }
++               return padlen;
++       }
++       default:
++               return -1;
++       }
++}
++
+ /*
+  * libcrypto EVP stuff - this is how we get wired to EVP so the engine
+  * gets called when libcrypto requests a cipher NID.
+@@ -600,6 +765,33 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
+        NULL
+ };
+ 
++const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
++       NID_aes_128_cbc_hmac_sha1,
++       16, 16, 16,
++       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++       cryptodev_init_aead_key,
++       cryptodev_aead_cipher,
++       cryptodev_cleanup,
++       sizeof(struct dev_crypto_state),
++       EVP_CIPHER_set_asn1_iv,
++       EVP_CIPHER_get_asn1_iv,
++       cryptodev_cbc_hmac_sha1_ctrl,
++       NULL
++};
++
++const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
++       NID_aes_256_cbc_hmac_sha1,
++       16, 32, 16,
++       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++       cryptodev_init_aead_key,
++       cryptodev_aead_cipher,
++       cryptodev_cleanup,
++       sizeof(struct dev_crypto_state),
++       EVP_CIPHER_set_asn1_iv,
++       EVP_CIPHER_get_asn1_iv,
++       cryptodev_cbc_hmac_sha1_ctrl,
++       NULL
++};
+ /*
+  * Registered by the ENGINE when used to find out how to deal with
+  * a particular NID in the ENGINE. this says what we'll do at the
+@@ -637,6 +829,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+        case NID_aes_256_cbc:
+                *cipher = &cryptodev_aes_256_cbc;
+                break;
++       case NID_aes_128_cbc_hmac_sha1:
++               *cipher = &cryptodev_aes_128_cbc_hmac_sha1;
++               break;
++       case NID_aes_256_cbc_hmac_sha1:
++               *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
++               break;
+        default:
+                *cipher = NULL;
+                break;
+@@ -1384,6 +1582,8 @@ ENGINE_load_cryptodev(void)
+        }
+        put_dev_crypto(fd);
+ 
++       EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
++       EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
+        if (!ENGINE_set_id(engine, "cryptodev") ||
+            !ENGINE_set_name(engine, "BSD cryptodev engine") ||
+            !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
+-- 
+2.3.5
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch b/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch
new file mode 100644
index 00000000..f0d97e9a
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch
@@ -0,0 +1,64 @@
+From 084fa469a8fef530d71a0870364df1c7997f6465 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Thu, 31 Jul 2014 14:06:19 +0300
+Subject: [PATCH 03/26] cryptodev: fix algorithm registration
+
+Cryptodev specific algorithms must register only if available in kernel.
+
+Change-Id: Iec5af8f4f3138357e4b96f2ec1627278134e4808
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/15326
+Reviewed-by: Horia Ioan Geanta Neag <horia.geanta@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/17224
+---
+ crypto/engine/eng_cryptodev.c | 20 +++++++++++++++++---
+ 1 file changed, 17 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 7588a28..e3eb98b 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -133,6 +133,8 @@ static int cryptodev_dh_compute_key(unsigned char *key,
+ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
+     void (*f)(void));
+ void ENGINE_load_cryptodev(void);
++const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
++const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
+ 
+ static const ENGINE_CMD_DEFN cryptodev_defns[] = {
+        { 0, NULL, NULL, 0 }
+@@ -342,7 +344,21 @@ get_cryptodev_digests(const int **cnids)
+ static int
+ cryptodev_usable_ciphers(const int **nids)
+ {
+-       return (get_cryptodev_ciphers(nids));
++       int i, count;
++
++       count = get_cryptodev_ciphers(nids);
++       /* add ciphers specific to cryptodev if found in kernel */
++       for(i = 0; i < count; i++) {
++               switch (*(*nids + i)) {
++               case NID_aes_128_cbc_hmac_sha1:
++                       EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
++                       break;
++               case NID_aes_256_cbc_hmac_sha1:
++                       EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
++                       break;
++               }
++       }
++       return count;
+ }
+ 
+ static int
+@@ -1582,8 +1598,6 @@ ENGINE_load_cryptodev(void)
+        }
+        put_dev_crypto(fd);
+ 
+-       EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
+-       EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
+        if (!ENGINE_set_id(engine, "cryptodev") ||
+            !ENGINE_set_name(engine, "BSD cryptodev engine") ||
+            !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
+-- 
+2.3.5
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch b/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch
new file mode 100644
index 00000000..2d722d8a
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch
@@ -0,0 +1,74 @@
+From 7d770f0324498d1fa78300cc5cecc8c1dcd3b788 Mon Sep 17 00:00:00 2001
+From: Andy Polyakov <appro@openssl.org>
+Date: Sun, 21 Oct 2012 18:19:41 +0000
+Subject: [PATCH 04/26] linux-pcc: make it more robust and recognize
+ KERNEL_BITS variable.
+
+(cherry picked from commit 78c3e20579d3baa159c8b51b59d415b6e521614b)
+
+Change-Id: I769c466f052305681ab54a1b6545d94c7fbf5a9d
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ config          | 19 +++++++++++++------
+ crypto/ppccap.c |  7 +++++++
+ 2 files changed, 20 insertions(+), 6 deletions(-)
+
+diff --git a/config b/config
+index 41fa2a6..f37b9e6 100755
+--- a/config
++++ b/config
+@@ -587,13 +587,20 @@ case "$GUESSOS" in
+        fi
+        ;;
+   ppc64-*-linux2)
+-       echo "WARNING! If you wish to build 64-bit library, then you have to"
+-       echo "         invoke './Configure linux-ppc64' *manually*."
+-       if [ "$TEST" = "false" -a -t 1 ]; then
+-           echo "         You have about 5 seconds to press Ctrl-C to abort."
+-           (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
++       if [ -z "$KERNEL_BITS" ]; then
++           echo "WARNING! If you wish to build 64-bit library, then you have to"
++           echo "         invoke './Configure linux-ppc64' *manually*."
++           if [ "$TEST" = "false" -a -t 1 ]; then
++               echo "         You have about 5 seconds to press Ctrl-C to abort."
++               (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
++           fi
++       fi
++       if [ "$KERNEL_BITS" = "64" ]; then
++           OUT="linux-ppc64"
++       else
++           OUT="linux-ppc"
++           (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || options="$options -m32"
+        fi
+-       OUT="linux-ppc"
+        ;;
+   ppc-*-linux2) OUT="linux-ppc" ;;
+   ppc60x-*-vxworks*) OUT="vxworks-ppc60x" ;;
+diff --git a/crypto/ppccap.c b/crypto/ppccap.c
+index f71ba66..531f1b3 100644
+--- a/crypto/ppccap.c
++++ b/crypto/ppccap.c
+@@ -4,6 +4,9 @@
+ #include <setjmp.h>
+ #include <signal.h>
+ #include <unistd.h>
++#ifdef __linux
++#include <sys/utsname.h>
++#endif
+ #include <crypto.h>
+ #include <openssl/bn.h>
+ 
+@@ -102,6 +105,10 @@ void OPENSSL_cpuid_setup(void)
+ 
+        if (sizeof(size_t)==4)
+                {
++#ifdef __linux
++               struct utsname uts;
++               if (uname(&uts)==0 && strcmp(uts.machine,"ppc64")==0)
++#endif
+                if (sigsetjmp(ill_jmp,1) == 0)
+                        {
+                        OPENSSL_ppc64_probe();
+-- 
+2.3.5
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch b/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch
new file mode 100644
index 00000000..c9ff5aa8
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch
@@ -0,0 +1,318 @@
+From 15abbcd740eafbf2a46b5da24be76acf4982743d Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Tue, 11 Mar 2014 05:56:54 +0545
+Subject: [PATCH 05/26] ECC Support header for Cryptodev Engine
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ crypto/engine/eng_cryptodev_ec.h | 296 +++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 296 insertions(+)
+ create mode 100644 crypto/engine/eng_cryptodev_ec.h
+
+diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h
+new file mode 100644
+index 0000000..77aee71
+--- /dev/null
++++ b/crypto/engine/eng_cryptodev_ec.h
+@@ -0,0 +1,296 @@
++/*
++ * Copyright (C) 2012 Freescale Semiconductor, Inc.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN
++ * NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
++ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
++ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
++ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
++ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
++ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++#ifndef __ENG_EC_H
++#define __ENG_EC_H
++
++#define SPCF_CPARAM_INIT(X,...) \
++static unsigned char X##_c[] = {__VA_ARGS__} \
++
++#define SPCF_FREE_BN(X) do { if(X) { BN_clear_free(X); X = NULL; } } while (0)
++
++#define SPCF_COPY_CPARAMS(NIDBUF) \
++  do { \
++      memcpy (buf, NIDBUF, buf_len); \
++    } while (0)
++
++#define SPCF_CPARAM_CASE(X) \
++  case NID_##X: \
++      SPCF_COPY_CPARAMS(X##_c); \
++      break
++
++SPCF_CPARAM_INIT(sect113r1, 0x01, 0x73, 0xE8, 0x34, 0xAF, 0x28, 0xEC, 0x76,
++                0xCB, 0x83, 0xBD, 0x8D, 0xFE, 0xB2, 0xD5);
++SPCF_CPARAM_INIT(sect113r2, 0x00, 0x54, 0xD9, 0xF0, 0x39, 0x57, 0x17, 0x4A,
++                0x32, 0x32, 0x91, 0x67, 0xD7, 0xFE, 0x71);
++SPCF_CPARAM_INIT(sect131r1, 0x03, 0xDB, 0x89, 0xB4, 0x05, 0xE4, 0x91, 0x16,
++                0x0E, 0x3B, 0x2F, 0x07, 0xB0, 0xCE, 0x20, 0xB3, 0x7E);
++SPCF_CPARAM_INIT(sect131r2, 0x07, 0xCB, 0xB9, 0x92, 0x0D, 0x71, 0xA4, 0x8E,
++                0x09, 0x9C, 0x38, 0xD7, 0x1D, 0xA6, 0x49, 0x0E, 0xB1);
++SPCF_CPARAM_INIT(sect163k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x01);
++SPCF_CPARAM_INIT(sect163r1, 0x05, 0xED, 0x40, 0x3E, 0xD5, 0x8E, 0xB4, 0x5B,
++                0x1C, 0xCE, 0xCA, 0x0F, 0x4F, 0x61, 0x65, 0x55, 0x49, 0x86,
++                0x1B, 0xE0, 0x52);
++SPCF_CPARAM_INIT(sect163r2, 0x07, 0x2C, 0x4E, 0x1E, 0xF7, 0xCB, 0x2F, 0x3A,
++                0x03, 0x5D, 0x33, 0x10, 0x42, 0x94, 0x15, 0x96, 0x09, 0x13,
++                0x8B, 0xB4, 0x04);
++SPCF_CPARAM_INIT(sect193r1, 0x01, 0x67, 0xB3, 0x5E, 0xB4, 0x31, 0x3F, 0x26,
++                0x3D, 0x0F, 0x7A, 0x3D, 0x50, 0x36, 0xF0, 0xA0, 0xA3, 0xC9,
++                0x80, 0xD4, 0x0E, 0x5A, 0x05, 0x3E, 0xD2);
++SPCF_CPARAM_INIT(sect193r2, 0x00, 0x69, 0x89, 0xFE, 0x6B, 0xFE, 0x30, 0xED,
++                0xDC, 0x32, 0x44, 0x26, 0x9F, 0x3A, 0xAD, 0x18, 0xD6, 0x6C,
++                0xF3, 0xDB, 0x3E, 0x33, 0x02, 0xFA, 0xA8);
++SPCF_CPARAM_INIT(sect233k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x01);
++SPCF_CPARAM_INIT(sect233r1, 0x00, 0x07, 0xD5, 0xEF, 0x43, 0x89, 0xDF, 0xF1,
++                0x1E, 0xCD, 0xBA, 0x39, 0xC3, 0x09, 0x70, 0xD3, 0xCE, 0x35,
++                0xCE, 0xBB, 0xA5, 0x84, 0x73, 0xF6, 0x4B, 0x4D, 0xC0, 0xF2,
++                0x68, 0x6C);
++SPCF_CPARAM_INIT(sect239k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x01);
++SPCF_CPARAM_INIT(sect283k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01);
++SPCF_CPARAM_INIT(sect283r1, 0x03, 0xD8, 0xC9, 0x3D, 0x3B, 0x0E, 0xA8, 0x1D,
++                0x92, 0x94, 0x03, 0x4D, 0x7E, 0xE3, 0x13, 0x5D, 0x0A, 0xC5,
++                0xFC, 0x8D, 0x9C, 0xB0, 0x27, 0x6F, 0x72, 0x11, 0xF8, 0x80,
++                0xF0, 0xD8, 0x1C, 0xA4, 0xC6, 0xE8, 0x7B, 0x38);
++SPCF_CPARAM_INIT(sect409k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x01);
++SPCF_CPARAM_INIT(sect409r1, 0x01, 0x49, 0xB8, 0xB7, 0xBE, 0xBD, 0x9B, 0x63,
++                0x65, 0x3E, 0xF1, 0xCD, 0x8C, 0x6A, 0x5D, 0xD1, 0x05, 0xA2,
++                0xAA, 0xAC, 0x36, 0xFE, 0x2E, 0xAE, 0x43, 0xCF, 0x28, 0xCE,
++                0x1C, 0xB7, 0xC8, 0x30, 0xC1, 0xEC, 0xDB, 0xFA, 0x41, 0x3A,
++                0xB0, 0x7F, 0xE3, 0x5A, 0x57, 0x81, 0x1A, 0xE4, 0xF8, 0x8D,
++                0x30, 0xAC, 0x63, 0xFB);
++SPCF_CPARAM_INIT(sect571k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x01);
++SPCF_CPARAM_INIT(sect571r1, 0x06, 0x39, 0x5D, 0xB2, 0x2A, 0xB5, 0x94, 0xB1,
++                0x86, 0x8C, 0xED, 0x95, 0x25, 0x78, 0xB6, 0x53, 0x9F, 0xAB,
++                0xA6, 0x94, 0x06, 0xD9, 0xB2, 0x98, 0x61, 0x23, 0xA1, 0x85,
++                0xC8, 0x58, 0x32, 0xE2, 0x5F, 0xD5, 0xB6, 0x38, 0x33, 0xD5,
++                0x14, 0x42, 0xAB, 0xF1, 0xA9, 0xC0, 0x5F, 0xF0, 0xEC, 0xBD,
++                0x88, 0xD7, 0xF7, 0x79, 0x97, 0xF4, 0xDC, 0x91, 0x56, 0xAA,
++                0xF1, 0xCE, 0x08, 0x16, 0x46, 0x86, 0xDD, 0xFF, 0x75, 0x11,
++                0x6F, 0xBC, 0x9A, 0x7A);
++SPCF_CPARAM_INIT(X9_62_c2pnb163v1, 0x04, 0x53, 0xE1, 0xE4, 0xB7, 0x29, 0x1F,
++                0x5C, 0x2D, 0x53, 0xCE, 0x18, 0x48, 0x3F, 0x00, 0x70, 0x81,
++                0xE7, 0xEA, 0x26, 0xEC);
++SPCF_CPARAM_INIT(X9_62_c2pnb163v2, 0x04, 0x35, 0xC0, 0x19, 0x66, 0x0E, 0x01,
++                0x01, 0xBA, 0x87, 0x0C, 0xA3, 0x9F, 0xD9, 0xA7, 0x76, 0x86,
++                0x50, 0x9D, 0x28, 0x13);
++SPCF_CPARAM_INIT(X9_62_c2pnb163v3, 0x06, 0x55, 0xC4, 0x54, 0xE4, 0x1E, 0x38,
++                0x0C, 0x7A, 0x60, 0xB6, 0x67, 0x9A, 0x5B, 0x7A, 0x3F, 0x3A,
++                0xF6, 0x8E, 0x22, 0xC5);
++SPCF_CPARAM_INIT(X9_62_c2pnb176v1, 0x00, 0x69, 0xF7, 0xDA, 0x36, 0x19, 0xA7,
++                0x42, 0xA3, 0x82, 0xFF, 0x05, 0x08, 0x8F, 0xD3, 0x99, 0x42,
++                0xCA, 0x0F, 0x1D, 0x90, 0xB6, 0x5B);
++SPCF_CPARAM_INIT(X9_62_c2tnb191v1, 0x4C, 0x45, 0x25, 0xAB, 0x0B, 0x68, 0x4A,
++                0x64, 0x44, 0x62, 0x0A, 0x86, 0x45, 0xEF, 0x54, 0x6D, 0x54,
++                0x69, 0x39, 0x68, 0xC2, 0xAE, 0x84, 0xAC);
++SPCF_CPARAM_INIT(X9_62_c2tnb191v2, 0x03, 0x7C, 0x8F, 0x57, 0xA2, 0x25, 0xC7,
++                0xB3, 0xD4, 0xED, 0xD5, 0x88, 0x0F, 0x38, 0x0A, 0xCC, 0x55,
++                0x74, 0xEC, 0xB3, 0x6C, 0x9F, 0x51, 0x21);
++SPCF_CPARAM_INIT(X9_62_c2tnb191v3, 0x37, 0x39, 0xFF, 0x98, 0xB4, 0xD1, 0x69,
++                0x3E, 0xCF, 0x52, 0x7A, 0x98, 0x51, 0xED, 0xCF, 0x99, 0x9D,
++                0x9E, 0x75, 0x05, 0x43, 0x33, 0x43, 0x24);
++SPCF_CPARAM_INIT(X9_62_c2pnb208w1, 0x00, 0xDB, 0x05, 0x3C, 0x41, 0x76, 0xCC,
++                0x1D, 0xA1, 0x27, 0x85, 0x2C, 0xA6, 0xD9, 0x88, 0xBE, 0x1A,
++                0xCC, 0xD1, 0x5B, 0x2A, 0xC1, 0xC1, 0x07, 0x42, 0x57, 0x34);
++SPCF_CPARAM_INIT(X9_62_c2tnb239v1, 0x24, 0x59, 0xFC, 0xF4, 0x51, 0x7B, 0xC5,
++                0xA6, 0xB9, 0x9B, 0xE5, 0xC6, 0xC5, 0x62, 0x85, 0xC0, 0x21,
++                0xFE, 0x32, 0xEE, 0x2B, 0x6F, 0x1C, 0x22, 0xEA, 0x5B, 0xE1,
++                0xB8, 0x4B, 0x93);
++SPCF_CPARAM_INIT(X9_62_c2tnb239v2, 0x64, 0x98, 0x84, 0x19, 0x3B, 0x56, 0x2D,
++                0x4A, 0x50, 0xB4, 0xFA, 0x56, 0x34, 0xE0, 0x34, 0x41, 0x3F,
++                0x94, 0xC4, 0x59, 0xDA, 0x7C, 0xDB, 0x16, 0x64, 0x9D, 0xDD,
++                0xF7, 0xE6, 0x0A);
++SPCF_CPARAM_INIT(X9_62_c2tnb239v3, 0x32, 0x63, 0x2E, 0x65, 0x2B, 0xEE, 0x91,
++                0xC2, 0xE4, 0xA2, 0xF5, 0x42, 0xA3, 0x2D, 0x67, 0xA8, 0xB5,
++                0xB4, 0x5F, 0x21, 0xA0, 0x81, 0x02, 0xFB, 0x1F, 0x2A, 0xFB,
++                0xB6, 0xAC, 0xDA);
++SPCF_CPARAM_INIT(X9_62_c2pnb272w1, 0x00, 0xDA, 0x7B, 0x60, 0x28, 0xF4, 0xC8,
++                0x09, 0xA0, 0xB9, 0x78, 0x81, 0xC3, 0xA5, 0x7E, 0x4D, 0x71,
++                0x81, 0x34, 0xD1, 0x3F, 0xEC, 0xE0, 0x90, 0x85, 0x8A, 0xC3,
++                0x1A, 0xE2, 0xDC, 0x2E, 0xDF, 0x8E, 0x3C, 0x8B);
++SPCF_CPARAM_INIT(X9_62_c2pnb304w1, 0x00, 0x3C, 0x67, 0xB4, 0x07, 0xC6, 0xF3,
++                0x3F, 0x81, 0x0B, 0x17, 0xDC, 0x16, 0xE2, 0x14, 0x8A, 0x2C,
++                0x9C, 0xE2, 0x9D, 0x56, 0x05, 0x23, 0x69, 0x6A, 0x55, 0x93,
++                0x8A, 0x15, 0x40, 0x81, 0xE3, 0xE3, 0xAE, 0xFB, 0xCE, 0x45,
++                0x70, 0xC9);
++SPCF_CPARAM_INIT(X9_62_c2tnb359v1, 0x22, 0x39, 0xAA, 0x58, 0x4A, 0xC5, 0x9A,
++                0xF9, 0x61, 0xD0, 0xFA, 0x2D, 0x52, 0x85, 0xB6, 0xFD, 0xF7,
++                0x34, 0x9B, 0xC6, 0x0E, 0x91, 0xE3, 0x20, 0xF4, 0x71, 0x64,
++                0xCE, 0x11, 0xF5, 0x18, 0xEF, 0xB4, 0xC0, 0x8B, 0x9B, 0xDA,
++                0x99, 0x9A, 0x8A, 0x37, 0xF8, 0x2A, 0x22, 0x61);
++SPCF_CPARAM_INIT(X9_62_c2pnb368w1, 0x00, 0xC0, 0x6C, 0xCF, 0x42, 0x89, 0x3A,
++                0x8A, 0xAA, 0x00, 0x1E, 0x0B, 0xC0, 0xD2, 0xA2, 0x27, 0x66,
++                0xEF, 0x3E, 0x41, 0x88, 0x7C, 0xC6, 0x77, 0x6F, 0x4A, 0x04,
++                0x1E, 0xE4, 0x45, 0x14, 0xB2, 0x0A, 0xFC, 0x4E, 0x5C, 0x30,
++                0x40, 0x60, 0x06, 0x5B, 0xC8, 0xD6, 0xCF, 0x04, 0xD3, 0x25);
++SPCF_CPARAM_INIT(X9_62_c2tnb431r1, 0x64, 0xF5, 0xBB, 0xE9, 0xBB, 0x31, 0x66,
++                0xA3, 0xA0, 0x2F, 0x2F, 0x22, 0xBF, 0x05, 0xD9, 0xF7, 0xDA,
++                0x43, 0xEE, 0x70, 0xC1, 0x79, 0x03, 0x15, 0x2B, 0x70, 0xA0,
++                0xB4, 0x25, 0x9B, 0xD2, 0xFC, 0xB2, 0x20, 0x3B, 0x7F, 0xB8,
++                0xD3, 0x39, 0x4E, 0x20, 0xEB, 0x0E, 0xA9, 0x84, 0xDD, 0xB1,
++                0xE1, 0xF1, 0x4C, 0x67, 0xB1, 0x36, 0x2B);
++SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01);
++SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x01);
++SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls4, 0x01, 0x73, 0xE8, 0x34, 0xAF, 0x28,
++                0xEC, 0x76, 0xCB, 0x83, 0xBD, 0x8D, 0xFE, 0xB2, 0xD5);
++SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls5, 0x04, 0x53, 0xE1, 0xE4, 0xB7, 0x29,
++                0x1F, 0x5C, 0x2D, 0x53, 0xCE, 0x18, 0x48, 0x3F, 0x00, 0x70,
++                0x81, 0xE7, 0xEA, 0x26, 0xEC);
++SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x01);
++SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls11, 0x00, 0x07, 0xD5, 0xEF, 0x43, 0x89,
++                0xDF, 0xF1, 0x1E, 0xCD, 0xBA, 0x39, 0xC3, 0x09, 0x70, 0xD3,
++                0xCE, 0x35, 0xCE, 0xBB, 0xA5, 0x84, 0x73, 0xF6, 0x4B, 0x4D,
++                0xC0, 0xF2, 0x68, 0x6C);
++/* Oakley curve #3 over 155 bit binary filed */
++SPCF_CPARAM_INIT(ipsec3, 0x00, 0x31, 0x10, 0x00, 0x00, 0x02, 0x23, 0xA0, 0x00,
++                0xC4, 0x47, 0x40, 0x00, 0x08, 0x8E, 0x80, 0x00, 0x11, 0x1D,
++                0x1D);
++/* Oakley curve #4 over 185 bit binary filed */
++SPCF_CPARAM_INIT(ipsec4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00,
++                0x01, 0x80, 0x00, 0xC0, 0x0C, 0x00, 0x00, 0x00, 0x63, 0x80,
++                0x30, 0x00, 0x1C, 0x00, 0x09);
++
++static inline int
++eng_ec_get_cparam(int nid, unsigned char *buf, unsigned int buf_len)
++{
++       int ret = 0;
++       switch (nid) {
++               SPCF_CPARAM_CASE(sect113r1);
++               SPCF_CPARAM_CASE(sect113r2);
++               SPCF_CPARAM_CASE(sect131r1);
++               SPCF_CPARAM_CASE(sect131r2);
++               SPCF_CPARAM_CASE(sect163k1);
++               SPCF_CPARAM_CASE(sect163r1);
++               SPCF_CPARAM_CASE(sect163r2);
++               SPCF_CPARAM_CASE(sect193r1);
++               SPCF_CPARAM_CASE(sect193r2);
++               SPCF_CPARAM_CASE(sect233k1);
++               SPCF_CPARAM_CASE(sect233r1);
++               SPCF_CPARAM_CASE(sect239k1);
++               SPCF_CPARAM_CASE(sect283k1);
++               SPCF_CPARAM_CASE(sect283r1);
++               SPCF_CPARAM_CASE(sect409k1);
++               SPCF_CPARAM_CASE(sect409r1);
++               SPCF_CPARAM_CASE(sect571k1);
++               SPCF_CPARAM_CASE(sect571r1);
++               SPCF_CPARAM_CASE(X9_62_c2pnb163v1);
++               SPCF_CPARAM_CASE(X9_62_c2pnb163v2);
++               SPCF_CPARAM_CASE(X9_62_c2pnb163v3);
++               SPCF_CPARAM_CASE(X9_62_c2pnb176v1);
++               SPCF_CPARAM_CASE(X9_62_c2tnb191v1);
++               SPCF_CPARAM_CASE(X9_62_c2tnb191v2);
++               SPCF_CPARAM_CASE(X9_62_c2tnb191v3);
++               SPCF_CPARAM_CASE(X9_62_c2pnb208w1);
++               SPCF_CPARAM_CASE(X9_62_c2tnb239v1);
++               SPCF_CPARAM_CASE(X9_62_c2tnb239v2);
++               SPCF_CPARAM_CASE(X9_62_c2tnb239v3);
++               SPCF_CPARAM_CASE(X9_62_c2pnb272w1);
++               SPCF_CPARAM_CASE(X9_62_c2pnb304w1);
++               SPCF_CPARAM_CASE(X9_62_c2tnb359v1);
++               SPCF_CPARAM_CASE(X9_62_c2pnb368w1);
++               SPCF_CPARAM_CASE(X9_62_c2tnb431r1);
++               SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls1);
++               SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls3);
++               SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls4);
++               SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls5);
++               SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls10);
++               SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls11);
++               /* Oakley curve #3 over 155 bit binary filed */
++               SPCF_CPARAM_CASE(ipsec3);
++               /* Oakley curve #4 over 185 bit binary filed */
++               SPCF_CPARAM_CASE(ipsec4);
++       default:
++               ret = -EINVAL;
++               break;
++       }
++       return ret;
++}
++
++/* Copies the curve points to a flat buffer with appropriate padding */
++static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y,
++                                                  int xy_len, int crv_len)
++{
++       unsigned char *xy = NULL;
++       int len1 = 0, len2 = 0;
++
++       len1 = BN_num_bytes(x);
++       len2 = BN_num_bytes(y);
++
++       if (!(xy = malloc(xy_len))) {
++               return NULL;
++       }
++
++       memset(xy, 0, xy_len);
++
++       if (len1 < crv_len) {
++               if (!BN_is_zero(x))
++                       BN_bn2bin(x, xy + (crv_len - len1));
++       }  else {
++               BN_bn2bin(x, xy);
++       }
++
++       if (len2 < crv_len) {
++               if (!BN_is_zero(y))
++                       BN_bn2bin(y, xy+crv_len+(crv_len-len2));
++       } else {
++               BN_bn2bin(y, xy+crv_len);
++       }
++
++       return xy;
++}
++
++enum curve_t {
++       DISCRETE_LOG,
++       ECC_PRIME,
++       ECC_BINARY,
++       MAX_ECC_TYPE
++};
++#endif
+-- 
+2.3.5
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch b/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch
new file mode 100644
index 00000000..01c268b6
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch
@@ -0,0 +1,33 @@
+From 39a9e609290a8a1163a721915bcde0c7cf8f92f7 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Tue, 11 Mar 2014 05:57:47 +0545
+Subject: [PATCH 06/26] Fixed private key support for DH
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ crypto/dh/dh_ameth.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
+index 02ec2d4..ed32004 100644
+--- a/crypto/dh/dh_ameth.c
++++ b/crypto/dh/dh_ameth.c
+@@ -422,6 +422,13 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+        if (to->pkey.dh->g != NULL)
+                BN_free(to->pkey.dh->g);
+        to->pkey.dh->g=a;
++       if ((a=BN_dup(from->pkey.dh->q)) != NULL) {
++               if (to->pkey.dh->q != NULL)
++                       BN_free(to->pkey.dh->q);
++               to->pkey.dh->q=a;
++       }
++
++       to->pkey.dh->length = from->pkey.dh->length;
+ 
+        return 1;
+        }
+-- 
+2.3.5
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch b/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch
new file mode 100644
index 00000000..12fcd7df
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch
@@ -0,0 +1,35 @@
+From 8322e4157bf49d992b5b9e460f2c0785865dd1c1 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Thu, 20 Mar 2014 19:55:51 -0500
+Subject: [PATCH 07/26] Fixed private key support for DH
+
+Upstream-status: Pending
+
+Required Length of the DH result is not returned in dh method in openssl
+
+Tested-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ crypto/dh/dh_ameth.c | 7 -------
+ 1 file changed, 7 deletions(-)
+
+diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
+index ed32004..02ec2d4 100644
+--- a/crypto/dh/dh_ameth.c
++++ b/crypto/dh/dh_ameth.c
+@@ -422,13 +422,6 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+        if (to->pkey.dh->g != NULL)
+                BN_free(to->pkey.dh->g);
+        to->pkey.dh->g=a;
+-       if ((a=BN_dup(from->pkey.dh->q)) != NULL) {
+-               if (to->pkey.dh->q != NULL)
+-                       BN_free(to->pkey.dh->q);
+-               to->pkey.dh->q=a;
+-       }
+-
+-       to->pkey.dh->length = from->pkey.dh->length;
+ 
+        return 1;
+        }
+-- 
+2.3.5
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch
new file mode 100644
index 00000000..8c8b1f22
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch
@@ -0,0 +1,1564 @@
+From 107a10d45db0f2e58482f698add04ed9183f7268 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Tue, 11 Mar 2014 06:29:52 +0545
+Subject: [PATCH 08/26] Initial support for PKC in cryptodev engine
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 1343 ++++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 1183 insertions(+), 160 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index e3eb98b..7ee314b 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -54,11 +54,14 @@ ENGINE_load_cryptodev(void)
+ #else 
+  
+ #include <sys/types.h>
+-#include <crypto/cryptodev.h>
+ #include <crypto/dh/dh.h>
+ #include <crypto/dsa/dsa.h>
+ #include <crypto/err/err.h>
+ #include <crypto/rsa/rsa.h>
++#include <crypto/ecdsa/ecs_locl.h>
++#include <crypto/ecdh/ech_locl.h>
++#include <crypto/ec/ec_lcl.h>
++#include <crypto/ec/ec.h>
+ #include <sys/ioctl.h>
+ #include <errno.h>
+ #include <stdio.h>
+@@ -68,6 +71,8 @@ ENGINE_load_cryptodev(void)
+ #include <syslog.h>
+ #include <errno.h>
+ #include <string.h>
++#include "eng_cryptodev_ec.h"
++#include <crypto/cryptodev.h>
+ 
+ struct dev_crypto_state {
+        struct session_op d_sess;
+@@ -116,18 +121,10 @@ static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
+ static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
+     RSA *rsa, BN_CTX *ctx);
+ static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
+-static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
+-    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+-static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+-    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+-    BN_CTX *ctx, BN_MONT_CTX *mont);
+ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,
+     int dlen, DSA *dsa);
+ static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
+     DSA_SIG *sig, DSA *dsa);
+-static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+-    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+-    BN_MONT_CTX *m_ctx);
+ static int cryptodev_dh_compute_key(unsigned char *key,
+     const BIGNUM *pub_key, DH *dh);
+ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
+@@ -136,6 +133,102 @@ void ENGINE_load_cryptodev(void);
+ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
+ 
++inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin,  int *bin_len)
++{
++       int len;
++       unsigned char *p;
++
++       len = BN_num_bytes(bn);
++
++       if (!len)
++               return -1;
++
++       p = malloc(len);
++       if (!p)
++               return -1;
++
++       BN_bn2bin(bn,p);
++
++       *bin = p;
++       *bin_len = len;
++
++       return 0;
++}
++
++inline int spcf_bn2bin_ex(BIGNUM *bn, unsigned char **bin,  int *bin_len)
++{
++       int len;
++       unsigned char *p;
++
++       len = BN_num_bytes(bn);
++
++       if (!len)
++               return -1;
++
++       if (len < *bin_len)
++               p = malloc(*bin_len);
++       else
++               p = malloc(len);
++
++       if (!p)
++               return -ENOMEM;
++
++       if (len < *bin_len) {
++               /* place padding */
++               memset(p, 0, (*bin_len - len));
++               BN_bn2bin(bn,p+(*bin_len-len));
++       } else {
++               BN_bn2bin(bn,p);
++       }
++
++       *bin = p;
++       if (len >= *bin_len)
++               *bin_len = len;
++
++       return 0;
++}
++
++/**
++ * Convert an ECC F2m 'b' parameter into the 'c' parameter.
++ *Inputs:
++ * q, the curve's modulus
++ * b, the curve's b parameter
++ * (a bignum for b, a buffer for c)
++ * Output:
++ * c, written into bin, right-adjusted to fill q_len bytes.
++ */
++static int
++eng_ec_compute_cparam(const BIGNUM* b, const BIGNUM* q,
++                       unsigned char **bin, int *bin_len)
++{
++       BIGNUM* c = BN_new();
++       BIGNUM* exp = BN_new();
++       BN_CTX *ctx = BN_CTX_new();
++       int m = BN_num_bits(q) - 1;
++       int ok = 0;
++
++       if (!c || !exp || !ctx || *bin)
++               goto err;
++
++       /*
++        * We have to compute c, where b = c^4, i.e., the fourth root of b.
++        * The equation for c is c = b^(2^(m-2))
++        * Compute exp = 2^(m-2)
++        * (1 << x) == 2^x
++        * and then compute c = b^exp
++        */
++       BN_lshift(exp, BN_value_one(), m-2);
++       BN_GF2m_mod_exp(c, b, exp, q, ctx);
++       /* Store c */
++       spcf_bn2bin_ex(c, bin, bin_len);
++       ok = 1;
++err:
++       if (ctx) BN_CTX_free(ctx);
++       if (c) BN_free(c);
++       if (exp) BN_free(exp);
++       return ok;
++}
++
+ static const ENGINE_CMD_DEFN cryptodev_defns[] = {
+        { 0, NULL, NULL, 0 }
+ };
+@@ -1139,7 +1232,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+ static int
+ bn2crparam(const BIGNUM *a, struct crparam *crp)
+ {
+-       int i, j, k;
+        ssize_t bytes, bits;
+        u_char *b;
+ 
+@@ -1156,15 +1248,7 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
+ 
+        crp->crp_p = (caddr_t) b;
+        crp->crp_nbits = bits;
+-
+-       for (i = 0, j = 0; i < a->top; i++) {
+-               for (k = 0; k < BN_BITS2 / 8; k++) {
+-                       if ((j + k) >= bytes)
+-                               return (0);
+-                       b[j + k] = a->d[i] >> (k * 8);
+-               }
+-               j += BN_BITS2 / 8;
+-       }
++       BN_bn2bin(a, crp->crp_p);
+        return (0);
+ }
+ 
+@@ -1172,22 +1256,14 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
+ static int
+ crparam2bn(struct crparam *crp, BIGNUM *a)
+ {
+-       u_int8_t *pd;
+-       int i, bytes;
++       int bytes;
+ 
+        bytes = (crp->crp_nbits + 7) / 8;
+ 
+        if (bytes == 0)
+                return (-1);
+ 
+-       if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
+-               return (-1);
+-
+-       for (i = 0; i < bytes; i++)
+-               pd[i] = crp->crp_p[bytes - i - 1];
+-
+-       BN_bin2bn(pd, bytes, a);
+-       free(pd);
++       BN_bin2bn(crp->crp_p, bytes, a);
+ 
+        return (0);
+ }
+@@ -1235,6 +1311,32 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
+        return (ret);
+ }
+ 
++/* Close an opened instance of cryptodev engine */
++void cryptodev_close_instance(void *handle)
++{
++       int fd;
++
++       if (handle) {
++               fd = *(int *)handle;
++               close(fd);
++               free(handle);
++       }
++}
++
++/* Create an instance of cryptodev for asynchronous interface */
++void *cryptodev_init_instance(void)
++{
++       int *fd = malloc(sizeof(int));
++
++       if (fd) {
++               if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) {
++                       free(fd);
++                       return NULL;
++               }
++       }
++       return fd;
++}
++
+ static int
+ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+@@ -1250,9 +1352,9 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                return (ret);
+        }
+ 
+-       memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_MOD_EXP;
+-
++       kop.crk_oparams = 0;
++       kop.crk_status = 0;
+        /* inputs: a^p % m */
+        if (bn2crparam(a, &kop.crk_param[0]))
+                goto err;
+@@ -1293,28 +1395,38 @@ static int
+ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+ {
+        struct crypt_kop kop;
+-       int ret = 1;
++       int ret = 1, f_len, p_len, q_len;
++       unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq = NULL, *c = NULL;
+ 
+        if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+                /* XXX 0 means failure?? */
+                return (0);
+        }
+ 
+-       memset(&kop, 0, sizeof kop);
++       kop.crk_oparams = 0;
++       kop.crk_status = 0;
+        kop.crk_op = CRK_MOD_EXP_CRT;
++       f_len = BN_num_bytes(rsa->n);
++       spcf_bn2bin_ex(I, &f, &f_len);
++       spcf_bn2bin(rsa->p, &p, &p_len);
++       spcf_bn2bin(rsa->q, &q, &q_len);
++       spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
++       spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
++       spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
+        /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
+-       if (bn2crparam(rsa->p, &kop.crk_param[0]))
+-               goto err;
+-       if (bn2crparam(rsa->q, &kop.crk_param[1]))
+-               goto err;
+-       if (bn2crparam(I, &kop.crk_param[2]))
+-               goto err;
+-       if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
+-               goto err;
+-       if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
+-               goto err;
+-       if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
+-               goto err;
++       kop.crk_param[0].crp_p = p;
++       kop.crk_param[0].crp_nbits = p_len * 8;
++       kop.crk_param[1].crp_p = q;
++       kop.crk_param[1].crp_nbits = q_len * 8;
++       kop.crk_param[2].crp_p = f;
++       kop.crk_param[2].crp_nbits = f_len * 8;
++       kop.crk_param[3].crp_p = dp;
++       kop.crk_param[3].crp_nbits = p_len * 8;
++       /* dq must of length q, rest all of length p*/
++       kop.crk_param[4].crp_p = dq;
++       kop.crk_param[4].crp_nbits = q_len * 8;
++       kop.crk_param[5].crp_p = c;
++       kop.crk_param[5].crp_nbits = p_len * 8;
+        kop.crk_iparams = 6;
+ 
+        if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
+@@ -1350,90 +1462,117 @@ static RSA_METHOD cryptodev_rsa = {
+        NULL                            /* rsa_verify */
+ };
+ 
+-static int
+-cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+-    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+-{
+-       return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+-}
+-
+-static int
+-cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+-    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+-    BN_CTX *ctx, BN_MONT_CTX *mont)
++static DSA_SIG *
++cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+ {
+-       BIGNUM t2;
+-       int ret = 0;
+-
+-       BN_init(&t2);
+-
+-       /* v = ( g^u1 * y^u2 mod p ) mod q */
+-       /* let t1 = g ^ u1 mod p */
+-       ret = 0;
++       struct crypt_kop kop;
++       BIGNUM *c = NULL, *d = NULL;
++       DSA_SIG *dsaret = NULL;
++       int q_len = 0, r_len = 0, g_len = 0;
++       int priv_key_len = 0, ret;
++       unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f = NULL;
+ 
+-       if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
++       memset(&kop, 0, sizeof kop);
++       if ((c = BN_new()) == NULL) {
++               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+                goto err;
++       }
+ 
+-       /* let t2 = y ^ u2 mod p */
+-       if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
++       if ((d = BN_new()) == NULL) {
++               BN_free(c);
++               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+                goto err;
+-       /* let u1 = t1 * t2 mod p */
+-       if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
++       }
++
++       if (spcf_bn2bin(dsa->p, &q, &q_len)) {
++               DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+                goto err;
++       }
+ 
+-       BN_copy(t1,u1);
++       /* Get order of the field of private keys into plain buffer */
++       if (spcf_bn2bin (dsa->q, &r, &r_len)) {
++               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
+ 
+-       ret = 1;
+-err:
+-       BN_free(&t2);
+-       return(ret);
+-}
++       /* sanity test */
++       if (dlen > r_len) {
++               DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
++               goto err;
++       }
+ 
+-static DSA_SIG *
+-cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+-{
+-       struct crypt_kop kop;
+-       BIGNUM *r = NULL, *s = NULL;
+-       DSA_SIG *dsaret = NULL;
++       g_len = q_len;
++       /**
++        * Get generator into a plain buffer. If length is less than
++        * q_len then add leading padding bytes.
++        */
++       if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
++               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
+ 
+-       if ((r = BN_new()) == NULL)
++       priv_key_len = r_len;
++       /**
++        * Get private key into a plain buffer. If length is less than
++        * r_len then add leading padding bytes.
++        */
++        if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) {
++               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+                goto err;
+-       if ((s = BN_new()) == NULL) {
+-               BN_free(r);
++       }
++
++       /* Allocate memory to store hash. */
++       f = OPENSSL_malloc (r_len);
++       if (!f) {
++               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+ 
+-       memset(&kop, 0, sizeof kop);
++       /* Add padding, since SEC expects hash to of size r_len */
++       if (dlen < r_len)
++               memset(f, 0, r_len - dlen);
++
++       /* Skip leading bytes if dgst_len < r_len */
++       memcpy(f + r_len - dlen, dgst, dlen);
++
+        kop.crk_op = CRK_DSA_SIGN;
+ 
+        /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+-       kop.crk_param[0].crp_p = (caddr_t)dgst;
+-       kop.crk_param[0].crp_nbits = dlen * 8;
+-       if (bn2crparam(dsa->p, &kop.crk_param[1]))
+-               goto err;
+-       if (bn2crparam(dsa->q, &kop.crk_param[2]))
+-               goto err;
+-       if (bn2crparam(dsa->g, &kop.crk_param[3]))
+-               goto err;
+-       if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
+-               goto err;
++       kop.crk_param[0].crp_p = (void*)f;
++       kop.crk_param[0].crp_nbits = r_len * 8;
++       kop.crk_param[1].crp_p = (void*)q;
++       kop.crk_param[1].crp_nbits = q_len * 8;
++       kop.crk_param[2].crp_p = (void*)r;
++       kop.crk_param[2].crp_nbits = r_len * 8;
++       kop.crk_param[3].crp_p = (void*)g;
++       kop.crk_param[3].crp_nbits = g_len * 8;
++       kop.crk_param[4].crp_p = (void*)priv_key;
++       kop.crk_param[4].crp_nbits = priv_key_len * 8;
+        kop.crk_iparams = 5;
+ 
+-       if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
+-           BN_num_bytes(dsa->q), s) == 0) {
+-               dsaret = DSA_SIG_new();
+-               dsaret->r = r;
+-               dsaret->s = s;
+-       } else {
+-               const DSA_METHOD *meth = DSA_OpenSSL();
+-               BN_free(r);
+-               BN_free(s);
+-               dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
++       ret = cryptodev_asym(&kop, r_len, c, r_len, d);
++
++       if (ret) {
++               DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DECODE_ERROR);
++               goto err;
+        }
+-err:
+-       kop.crk_param[0].crp_p = NULL;
++
++       dsaret = DSA_SIG_new();
++       dsaret->r = c;
++       dsaret->s = d;
++
+        zapparams(&kop);
+        return (dsaret);
++err:
++       {
++               const DSA_METHOD *meth = DSA_OpenSSL();
++               if (c)
++                       BN_free(c);
++               if (d)
++                       BN_free(d);
++               dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
++               return (dsaret);
++       }
+ }
+ 
+ static int
+@@ -1441,42 +1580,179 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
+     DSA_SIG *sig, DSA *dsa)
+ {
+        struct crypt_kop kop;
+-       int dsaret = 1;
++       int dsaret = 1, q_len = 0, r_len = 0, g_len = 0;
++       int w_len = 0 ,c_len = 0, d_len = 0, ret = -1;
++       unsigned char   * q = NULL, * r = NULL, * w = NULL, * g = NULL;
++       unsigned char   * c = NULL, * d = NULL, *f = NULL;
+ 
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_DSA_VERIFY;
+ 
+-       /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
+-       kop.crk_param[0].crp_p = (caddr_t)dgst;
+-       kop.crk_param[0].crp_nbits = dlen * 8;
+-       if (bn2crparam(dsa->p, &kop.crk_param[1]))
++       if (spcf_bn2bin(dsa->p, &q, &q_len)) {
++               DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               return ret;
++       }
++
++       /* Get Order of field of private keys */
++       if (spcf_bn2bin(dsa->q, &r, &r_len)) {
++               DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+                goto err;
+-       if (bn2crparam(dsa->q, &kop.crk_param[2]))
++       }
++
++       g_len = q_len;
++       /**
++        * Get generator into a plain buffer. If length is less than
++        * q_len then add leading padding bytes.
++        */
++       if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
++               DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+                goto err;
+-       if (bn2crparam(dsa->g, &kop.crk_param[3]))
++       }
++       w_len = q_len;
++       /**
++        * Get public key into a plain buffer. If length is less than
++        * q_len then add leading padding bytes.
++        */
++       if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) {
++               DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++       /**
++        * Get the 1st part of signature into a flat buffer with
++        * appropriate padding
++        */
++       c_len = r_len;
++
++       if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+                goto err;
+-       if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
++       }
++
++       /**
++        * Get the 2nd part of signature into a flat buffer with
++        * appropriate padding
++        */
++       d_len = r_len;
++
++       if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+                goto err;
+-       if (bn2crparam(sig->r, &kop.crk_param[5]))
++       }
++
++
++       /* Sanity test */
++       if (dlen > r_len) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+                goto err;
+-       if (bn2crparam(sig->s, &kop.crk_param[6]))
++       }
++
++       /* Allocate memory to store hash. */
++       f = OPENSSL_malloc (r_len);
++       if (!f) {
++               DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+                goto err;
++       }
++
++       /* Add padding, since SEC expects hash to of size r_len */
++       if (dlen < r_len)
++               memset(f, 0, r_len - dlen);
++
++       /* Skip leading bytes if dgst_len < r_len */
++       memcpy(f + r_len - dlen, dgst, dlen);
++
++       /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
++       kop.crk_param[0].crp_p = (void*)f;
++       kop.crk_param[0].crp_nbits = r_len * 8;
++       kop.crk_param[1].crp_p = q;
++       kop.crk_param[1].crp_nbits = q_len * 8;
++       kop.crk_param[2].crp_p = r;
++       kop.crk_param[2].crp_nbits = r_len * 8;
++       kop.crk_param[3].crp_p = g;
++       kop.crk_param[3].crp_nbits = g_len * 8;
++       kop.crk_param[4].crp_p = w;
++       kop.crk_param[4].crp_nbits = w_len * 8;
++       kop.crk_param[5].crp_p = c;
++       kop.crk_param[5].crp_nbits = c_len * 8;
++       kop.crk_param[6].crp_p = d;
++       kop.crk_param[6].crp_nbits = d_len * 8;
+        kop.crk_iparams = 7;
+ 
+-       if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
+-/*OCF success value is 0, if not zero, change dsaret to fail*/
+-               if(0 != kop.crk_status) dsaret  = 0;
+-       } else {
+-               const DSA_METHOD *meth = DSA_OpenSSL();
++       if ((cryptodev_asym(&kop, 0, NULL, 0, NULL))) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR);
++               goto err;
++       }
+ 
+-               dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
++       /*OCF success value is 0, if not zero, change dsaret to fail*/
++       if(0 != kop.crk_status) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR);
++               goto err;
+        }
+-err:
+-       kop.crk_param[0].crp_p = NULL;
++
+        zapparams(&kop);
+        return (dsaret);
++err:
++       {
++               const DSA_METHOD *meth = DSA_OpenSSL();
++
++               dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
++       }
++       return dsaret;
+ }
+ 
++/* Cryptodev DSA Key Gen routine */
++static int cryptodev_dsa_keygen(DSA *dsa)
++{
++       struct crypt_kop kop;
++       int ret = 1, g_len;
++       unsigned char *g = NULL;
++
++       if (dsa->priv_key == NULL)      {
++               if ((dsa->priv_key=BN_new()) == NULL)
++                       goto sw_try;
++       }
++
++       if (dsa->pub_key == NULL) {
++               if ((dsa->pub_key=BN_new()) == NULL)
++                       goto sw_try;
++       }
++
++       g_len = BN_num_bytes(dsa->p);
++       /**
++        * Get generator into a plain buffer. If length is less than
++        * p_len then add leading padding bytes.
++        */
++       if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
++               DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
++               goto sw_try;
++       }
++
++       memset(&kop, 0, sizeof kop);
++
++       kop.crk_op = CRK_DSA_GENERATE_KEY;
++       if (bn2crparam(dsa->p, &kop.crk_param[0]))
++               goto sw_try;
++       if (bn2crparam(dsa->q, &kop.crk_param[1]))
++               goto sw_try;
++       kop.crk_param[2].crp_p = g;
++       kop.crk_param[2].crp_nbits = g_len * 8;
++       kop.crk_iparams = 3;
++
++       /* pub_key is or prime length while priv key is of length of order */
++       if (cryptodev_asym(&kop, BN_num_bytes(dsa->p), dsa->pub_key,
++           BN_num_bytes(dsa->q), dsa->priv_key))
++           goto sw_try;
++
++       return ret;
++sw_try:
++       {
++               const DSA_METHOD *meth = DSA_OpenSSL();
++               ret = (meth->dsa_keygen)(dsa);
++       }
++       return ret;
++}
++
++
++
+ static DSA_METHOD cryptodev_dsa = {
+        "cryptodev DSA method",
+        NULL,
+@@ -1490,12 +1766,543 @@ static DSA_METHOD cryptodev_dsa = {
+        NULL    /* app_data */
+ };
+ 
+-static int
+-cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+-    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+-    BN_MONT_CTX *m_ctx)
++static ECDSA_METHOD cryptodev_ecdsa = {
++       "cryptodev ECDSA method",
++       NULL,
++       NULL,                           /* ecdsa_sign_setup */
++       NULL,
++       NULL,
++       0,      /* flags */
++       NULL    /* app_data */
++};
++
++typedef enum ec_curve_s
++{
++       EC_PRIME,
++       EC_BINARY
++} ec_curve_t;
++
++/* ENGINE handler for ECDSA Sign */
++static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
++       int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
+ {
+-       return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
++       BIGNUM  *m = NULL, *p = NULL, *a = NULL;
++       BIGNUM  *b = NULL, *x = NULL, *y = NULL;
++       BN_CTX  *ctx = NULL;
++       ECDSA_SIG *ret = NULL;
++       ECDSA_DATA *ecdsa = NULL;
++       unsigned char  * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
++       unsigned char  * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
++       int     i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
++       int     g_len = 0, d_len = 0, ab_len = 0;
++       const BIGNUM   *order = NULL, *priv_key=NULL;
++       const EC_GROUP *group = NULL;
++       struct crypt_kop kop;
++       ec_curve_t ec_crv = EC_PRIME;
++
++       memset(&kop, 0, sizeof(kop));
++       ecdsa = ecdsa_check(eckey);
++       if (!ecdsa) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
++               return NULL;
++       }
++
++       group = EC_KEY_get0_group(eckey);
++       priv_key = EC_KEY_get0_private_key(eckey);
++
++       if (!group || !priv_key) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
++               return NULL;
++       }
++
++       if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
++               (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
++               (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
++               (y = BN_new()) == NULL) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       order = &group->order;
++       if (!order || BN_is_zero(order)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
++               goto err;
++       }
++
++       i = BN_num_bits(order);
++       /* Need to truncate digest if it is too long: first truncate whole
++        bytes */
++       if (8 * dgst_len > i)
++               dgst_len = (i + 7)/8;
++
++       if (!BN_bin2bn(dgst, dgst_len, m)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++               goto err;
++       }
++
++       /* If still too long truncate remaining bits with a shift */
++       if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++               goto err;
++       }
++
++       /* copy the truncated bits into plain buffer */
++       if (spcf_bn2bin(m, &tmp_dgst, &dgst_len))  {
++               fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__);
++               goto err;
++       }
++
++       ret = ECDSA_SIG_new();
++       if  (!ret) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++               goto err;
++       }
++
++       /* check if this is prime or binary EC request */
++       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
++               ec_crv = EC_PRIME;
++               /* get the generator point pair */
++               if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group),
++                       x, y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++                       goto err;
++               }
++
++               /* get the ECC curve parameters */
++               if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++                       goto err;
++               }
++       } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) {
++               ec_crv = EC_BINARY;
++               /* get the ECC curve parameters */
++               if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++                       goto err;
++               }
++
++               /* get the generator point pair */
++               if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                       EC_GROUP_get0_generator(group), x, y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++                       goto err;
++               }
++       } else {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++               goto err;
++       }
++
++       if (spcf_bn2bin(order, &r, &r_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       if (spcf_bn2bin(p, &q, &q_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       priv_key_len = r_len;
++
++       /**
++        * If BN_num_bytes of priv_key returns less then r_len then
++        * add padding bytes before the key
++        */
++       if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len))  {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Generation of ECC curve parameters */
++       ab_len = 2*q_len;
++       ab = eng_copy_curve_points(a, b, ab_len, q_len);
++       if (!ab) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       if (ec_crv == EC_BINARY) {
++               if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
++               {
++                       unsigned char *c_temp = NULL;
++                       int c_temp_len = q_len;
++                       if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
++                               memcpy(ab+q_len, c_temp, q_len);
++                       else
++                               goto err;
++               }
++               kop.curve_type = ECC_BINARY;
++       }
++
++       /* Calculation of Generator point */
++       g_len = 2*q_len;
++       g_xy = eng_copy_curve_points(x, y, g_len, q_len);
++       if (!g_xy) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Memory allocation for first part of digital signature */
++       c = malloc(r_len);
++       if (!c) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       d_len = r_len;
++
++       /* Memory allocation for second part of digital signature */
++       d = malloc(d_len);
++       if (!d) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* memory for message representative */
++       f = malloc(r_len);
++       if (!f) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Add padding, since SEC expects hash to of size r_len */
++       memset(f, 0, r_len - dgst_len);
++
++       /* Skip leading bytes if dgst_len < r_len */
++       memcpy(f +  r_len - dgst_len, tmp_dgst, dgst_len);
++
++       dgst_len +=  r_len - dgst_len;
++       kop.crk_op = CRK_DSA_SIGN;
++       /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
++       kop.crk_param[0].crp_p = f;
++       kop.crk_param[0].crp_nbits = dgst_len * 8;
++       kop.crk_param[1].crp_p = q;
++       kop.crk_param[1].crp_nbits = q_len * 8;
++       kop.crk_param[2].crp_p = r;
++       kop.crk_param[2].crp_nbits = r_len * 8;
++       kop.crk_param[3].crp_p = g_xy;
++       kop.crk_param[3].crp_nbits = g_len * 8;
++       kop.crk_param[4].crp_p = s;
++       kop.crk_param[4].crp_nbits = priv_key_len * 8;
++       kop.crk_param[5].crp_p = ab;
++       kop.crk_param[5].crp_nbits = ab_len * 8;
++       kop.crk_iparams = 6;
++       kop.crk_param[6].crp_p = c;
++       kop.crk_param[6].crp_nbits = d_len * 8;
++       kop.crk_param[7].crp_p = d;
++       kop.crk_param[7].crp_nbits = d_len * 8;
++       kop.crk_oparams = 2;
++
++       if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
++               /* Check if ret->r and s needs to allocated */
++               crparam2bn(&kop.crk_param[6], ret->r);
++               crparam2bn(&kop.crk_param[7], ret->s);
++       } else {
++               const ECDSA_METHOD *meth = ECDSA_OpenSSL();
++               ret = (meth->ecdsa_do_sign)(dgst, dgst_len, in_kinv, in_r, eckey);
++       }
++       kop.crk_param[0].crp_p = NULL;
++       zapparams(&kop);
++err:
++       if (!ret) {
++               ECDSA_SIG_free(ret);
++               ret = NULL;
++       }
++       return ret;
++}
++
++static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
++               ECDSA_SIG *sig, EC_KEY *eckey)
++{
++       BIGNUM  *m = NULL, *p = NULL, *a = NULL, *b = NULL;
++       BIGNUM  *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
++       BN_CTX  *ctx = NULL;
++       ECDSA_DATA      *ecdsa = NULL;
++       unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy = NULL;
++       unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
++       int     i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0;
++       int     d_len = 0, ab_len = 0, ret = -1;
++       const EC_POINT *pub_key = NULL;
++       const BIGNUM   *order = NULL;
++       const EC_GROUP *group=NULL;
++       ec_curve_t       ec_crv = EC_PRIME;
++       struct crypt_kop kop;
++
++       memset(&kop, 0, sizeof kop);
++       ecdsa = ecdsa_check(eckey);
++       if (!ecdsa) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
++               return ret;
++       }
++
++       group    = EC_KEY_get0_group(eckey);
++       pub_key  = EC_KEY_get0_public_key(eckey);
++
++       if (!group || !pub_key) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
++               return ret;
++       }
++
++       if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
++               (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
++               (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
++               (y = BN_new()) == NULL || (w_x = BN_new()) == NULL ||
++               (w_y = BN_new()) == NULL) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       order = &group->order;
++       if (!order || BN_is_zero(order)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
++               goto err;
++       }
++
++       i = BN_num_bits(order);
++       /* Need to truncate digest if it is too long: first truncate whole
++       * bytes */
++       if (8 * dgst_len > i)
++               dgst_len = (i + 7)/8;
++
++       if (!BN_bin2bn(dgst, dgst_len, m)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
++               goto err;
++       }
++
++       /* If still too long truncate remaining bits with a shift */
++       if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
++               goto err;
++       }
++       /* copy the truncated bits into plain buffer */
++       if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* check if this is prime or binary EC request */
++       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
++               ec_crv = EC_PRIME;
++
++               /* get the generator point pair */
++               if (!EC_POINT_get_affine_coordinates_GFp (group,
++                       EC_GROUP_get0_generator(group), x, y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++                       goto err;
++               }
++
++               /* get the public key pair for prime curve */
++               if (!EC_POINT_get_affine_coordinates_GFp (group,
++                       pub_key, w_x, w_y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++                       goto err;
++               }
++
++               /* get the ECC curve parameters */
++               if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++                       goto err;
++               }
++       } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field){
++               ec_crv = EC_BINARY;
++               /* get the ECC curve parameters */
++               if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++                       goto err;
++               }
++
++               /* get the generator point pair */
++               if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                       EC_GROUP_get0_generator(group),x, y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++                       goto err;
++               }
++
++               /* get the public key pair for binary curve */
++               if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                       pub_key, w_x, w_y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++                       goto err;
++               }
++       }else {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++               goto err;
++       }
++
++       /* Get the order of the subgroup of private keys */
++       if (spcf_bn2bin((BIGNUM*)order, &r, &r_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Get the irreducible polynomial that creates the field */
++       if (spcf_bn2bin(p, &q, &q_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Get the public key into a flat buffer with appropriate padding */
++       pub_key_len = 2 * q_len;
++
++       w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len);
++       if (!w_xy) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Generation of ECC curve parameters */
++       ab_len = 2*q_len;
++
++       ab = eng_copy_curve_points (a, b, ab_len, q_len);
++       if (!ab) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       if (ec_crv == EC_BINARY) {
++               /* copy b' i.e c(b), instead of only b */
++               if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
++               {
++                       unsigned char *c_temp = NULL;
++                       int c_temp_len = q_len;
++                       if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
++                               memcpy(ab+q_len, c_temp, q_len);
++                       else
++                               goto err;
++               }
++               kop.curve_type = ECC_BINARY;
++       }
++
++       /* Calculation of Generator point */
++       g_len = 2 * q_len;
++
++       g_xy = eng_copy_curve_points (x, y, g_len, q_len);
++       if (!g_xy) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /**
++        * Get the 1st part of signature into a flat buffer with
++        * appropriate padding
++        */
++       if (BN_num_bytes(sig->r) < r_len)
++               c_len = r_len;
++
++       if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /**
++        * Get the 2nd part of signature into a flat buffer with
++        * appropriate padding
++        */
++       if (BN_num_bytes(sig->s) < r_len)
++               d_len = r_len;
++
++       if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* memory for message representative */
++       f = malloc(r_len);
++       if (!f) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Add padding, since SEC expects hash to of size r_len */
++       memset(f, 0, r_len-dgst_len);
++
++       /* Skip leading bytes if dgst_len < r_len */
++       memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len);
++       dgst_len += r_len-dgst_len;
++       kop.crk_op = CRK_DSA_VERIFY;
++       /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
++       kop.crk_param[0].crp_p = f;
++       kop.crk_param[0].crp_nbits = dgst_len * 8;
++       kop.crk_param[1].crp_p = q;
++       kop.crk_param[1].crp_nbits = q_len * 8;
++       kop.crk_param[2].crp_p = r;
++       kop.crk_param[2].crp_nbits = r_len * 8;
++       kop.crk_param[3].crp_p = g_xy;
++       kop.crk_param[3].crp_nbits = g_len * 8;
++       kop.crk_param[4].crp_p = w_xy;
++       kop.crk_param[4].crp_nbits = pub_key_len * 8;
++       kop.crk_param[5].crp_p = ab;
++       kop.crk_param[5].crp_nbits = ab_len * 8;
++       kop.crk_param[6].crp_p = c;
++       kop.crk_param[6].crp_nbits = d_len * 8;
++       kop.crk_param[7].crp_p = d;
++       kop.crk_param[7].crp_nbits = d_len * 8;
++       kop.crk_iparams = 8;
++
++       if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
++               /*OCF success value is 0, if not zero, change ret to fail*/
++               if(0 == kop.crk_status)
++                       ret  = 1;
++       } else {
++               const ECDSA_METHOD *meth = ECDSA_OpenSSL();
++
++               ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey);
++       }
++       kop.crk_param[0].crp_p = NULL;
++       zapparams(&kop);
++
++err:
++       return ret;
++}
++
++static int cryptodev_dh_keygen(DH *dh)
++{
++       struct crypt_kop kop;
++       int ret = 1, g_len;
++       unsigned char *g = NULL;
++
++       if (dh->priv_key == NULL)       {
++               if ((dh->priv_key=BN_new()) == NULL)
++                       goto sw_try;
++       }
++
++       if (dh->pub_key == NULL) {
++               if ((dh->pub_key=BN_new()) == NULL)
++                       goto sw_try;
++       }
++
++       g_len = BN_num_bytes(dh->p);
++       /**
++        * Get generator into a plain buffer. If length is less than
++        * q_len then add leading padding bytes.
++        */
++       if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
++               DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
++               goto sw_try;
++       }
++
++       memset(&kop, 0, sizeof kop);
++       kop.crk_op = CRK_DH_GENERATE_KEY;
++       if (bn2crparam(dh->p, &kop.crk_param[0]))
++               goto sw_try;
++       if (bn2crparam(dh->q, &kop.crk_param[1]))
++               goto sw_try;
++       kop.crk_param[2].crp_p = g;
++       kop.crk_param[2].crp_nbits = g_len * 8;
++       kop.crk_iparams = 3;
++
++       /* pub_key is or prime length while priv key is of length of order */
++       if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
++           BN_num_bytes(dh->q), dh->priv_key))
++           goto sw_try;
++
++       return ret;
++sw_try:
++       {
++               const DH_METHOD *meth = DH_OpenSSL();
++               ret = (meth->generate_key)(dh);
++       }
++       return ret;
+ }
+ 
+ static int
+@@ -1503,43 +2310,234 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+ {
+        struct crypt_kop kop;
+        int dhret = 1;
+-       int fd, keylen;
++       int fd, p_len;
++       BIGNUM *temp = NULL;
++       unsigned char *padded_pub_key = NULL, *p = NULL;
++
++       if ((fd = get_asym_dev_crypto()) < 0)
++               goto sw_try;
++
++       memset(&kop, 0, sizeof kop);
++       kop.crk_op = CRK_DH_COMPUTE_KEY;
++       /* inputs: dh->priv_key pub_key dh->p key */
++       spcf_bn2bin(dh->p, &p, &p_len);
++       spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
++       if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
++               goto sw_try;
++
++       kop.crk_param[1].crp_p = padded_pub_key;
++       kop.crk_param[1].crp_nbits = p_len * 8;
++       kop.crk_param[2].crp_p = p;
++       kop.crk_param[2].crp_nbits = p_len * 8;
++       kop.crk_iparams = 3;
++       kop.crk_param[3].crp_p = (void*) key;
++       kop.crk_param[3].crp_nbits = p_len * 8;
++       kop.crk_oparams = 1;
++       dhret = p_len;
++
++       if (ioctl(fd, CIOCKEY, &kop))
++               goto sw_try;
+ 
+-       if ((fd = get_asym_dev_crypto()) < 0) {
++       if ((temp = BN_new())) {
++               if (!BN_bin2bn(key, p_len, temp)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++                       goto sw_try;
++               }
++               if (dhret > BN_num_bytes(temp))
++                       dhret=BN_bn2bin(temp,key);
++               BN_free(temp);
++       }
++
++       kop.crk_param[3].crp_p = NULL;
++       zapparams(&kop);
++       return (dhret);
++sw_try:
++       {
+                const DH_METHOD *meth = DH_OpenSSL();
+ 
+-               return ((meth->compute_key)(key, pub_key, dh));
++               dhret = (meth->compute_key)(key, pub_key, dh);
+        }
++       return (dhret);
++}
+ 
+-       keylen = BN_num_bits(dh->p);
++int cryptodev_ecdh_compute_key(void *out, size_t outlen,
++       const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
++       void *out, size_t *outlen))
++{
++       ec_curve_t       ec_crv = EC_PRIME;
++       unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
++       BIGNUM         * w_x = NULL, *w_y = NULL;
++       int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
++       BIGNUM * p = NULL, *a = NULL, *b = NULL;
++       BN_CTX *ctx;
++       EC_POINT *tmp=NULL;
++       BIGNUM *x=NULL, *y=NULL;
++       const BIGNUM *priv_key;
++       const EC_GROUP* group = NULL;
++       int ret = -1;
++       size_t buflen, len;
++       struct crypt_kop kop;
+ 
+        memset(&kop, 0, sizeof kop);
+-       kop.crk_op = CRK_DH_COMPUTE_KEY;
+ 
+-       /* inputs: dh->priv_key pub_key dh->p key */
+-       if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
++       if ((ctx = BN_CTX_new()) == NULL) goto err;
++       BN_CTX_start(ctx);
++       x = BN_CTX_get(ctx);
++       y = BN_CTX_get(ctx);
++       p = BN_CTX_get(ctx);
++       a = BN_CTX_get(ctx);
++       b = BN_CTX_get(ctx);
++       w_x = BN_CTX_get(ctx);
++       w_y = BN_CTX_get(ctx);
++
++       if (!x || !y || !p || !a || !b || !w_x || !w_y) {
++               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
+                goto err;
+-       if (bn2crparam(pub_key, &kop.crk_param[1]))
++       }
++
++       priv_key = EC_KEY_get0_private_key(ecdh);
++       if (priv_key == NULL) {
++               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE);
+                goto err;
+-       if (bn2crparam(dh->p, &kop.crk_param[2]))
++       }
++
++       group = EC_KEY_get0_group(ecdh);
++       if ((tmp=EC_POINT_new(group)) == NULL) {
++               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
+                goto err;
+-       kop.crk_iparams = 3;
++       }
+ 
+-       kop.crk_param[3].crp_p = (caddr_t) key;
+-       kop.crk_param[3].crp_nbits = keylen * 8;
+-       kop.crk_oparams = 1;
++       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
++               NID_X9_62_prime_field) {
++               ec_crv = EC_PRIME;
+ 
+-       if (ioctl(fd, CIOCKEY, &kop) == -1) {
+-               const DH_METHOD *meth = DH_OpenSSL();
++               if (!EC_POINT_get_affine_coordinates_GFp(group,
++                       EC_GROUP_get0_generator(group), x, y, ctx)) {
++                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
++                       goto err;
++               }
+ 
+-               dhret = (meth->compute_key)(key, pub_key, dh);
++               /* get the ECC curve parameters */
++               if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
++                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
++                       goto err;
++               }
++
++               /* get the public key pair for prime curve */
++               if (!EC_POINT_get_affine_coordinates_GFp (group, pub_key, w_x, w_y,ctx)) {
++                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
++                       goto err;
++               }
++       } else {
++               ec_crv = EC_BINARY;
++
++               if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                       EC_GROUP_get0_generator(group), x, y, ctx)) {
++                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
++                       goto err;
++               }
++
++               /* get the ECC curve parameters */
++               if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
++                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
++                       goto err;
++               }
++
++               /* get the public key pair for binary curve */
++               if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                       pub_key, w_x, w_y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++                       goto err;
++               }
++       }
++
++       /* irreducible polynomial that creates the field */
++       if (spcf_bn2bin((BIGNUM*)&group->order, &r, &r_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Get the irreducible polynomial that creates the field */
++       if (spcf_bn2bin(p, &q, &q_len)) {
++               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
++               goto err;
+        }
++
++       /* Get the public key into a flat buffer with appropriate padding */
++       pub_key_len = 2 * q_len;
++       w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len);
++       if (!w_xy) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Generation of ECC curve parameters */
++       ab_len = 2*q_len;
++       ab = eng_copy_curve_points (a, b, ab_len, q_len);
++       if (!ab) {
++               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
++               goto err;
++       }
++
++       if (ec_crv == EC_BINARY) {
++               /* copy b' i.e c(b), instead of only b */
++               if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
++               {
++                       unsigned char *c_temp = NULL;
++                       int c_temp_len = q_len;
++                       if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
++                               memcpy(ab+q_len, c_temp, q_len);
++                       else
++                               goto err;
++               }
++               kop.curve_type = ECC_BINARY;
++       } else
++               kop.curve_type = ECC_PRIME;
++
++       priv_key_len = r_len;
++
++       /*
++        * If BN_num_bytes of priv_key returns less then r_len then
++        * add padding bytes before the key
++        */
++       if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       buflen = (EC_GROUP_get_degree(group) + 7)/8;
++       len = BN_num_bytes(x);
++       if (len > buflen || q_len < buflen) {
++               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_INTERNAL_ERROR);
++               goto err;
++       }
++
++       kop.crk_op = CRK_DH_COMPUTE_KEY;
++       kop.crk_param[0].crp_p = (void*) s;
++       kop.crk_param[0].crp_nbits = priv_key_len*8;
++       kop.crk_param[1].crp_p = (void*) w_xy;
++       kop.crk_param[1].crp_nbits = pub_key_len*8;
++       kop.crk_param[2].crp_p = (void*) q;
++       kop.crk_param[2].crp_nbits = q_len*8;
++       kop.crk_param[3].crp_p = (void*) ab;
++       kop.crk_param[3].crp_nbits = ab_len*8;
++       kop.crk_iparams = 4;
++       kop.crk_param[4].crp_p = (void*) out;
++       kop.crk_param[4].crp_nbits = q_len*8;
++       kop.crk_oparams = 1;
++       ret = q_len;
++       if (cryptodev_asym(&kop, 0, NULL, 0, NULL)) {
++               const ECDH_METHOD *meth = ECDH_OpenSSL();
++               ret = (meth->compute_key)(out, outlen, pub_key, ecdh, KDF);
++       } else
++               ret = q_len;
+ err:
+-       kop.crk_param[3].crp_p = NULL;
++       kop.crk_param[4].crp_p = NULL;
+        zapparams(&kop);
+-       return (dhret);
++       return ret;
+ }
+ 
++
+ static DH_METHOD cryptodev_dh = {
+        "cryptodev DH method",
+        NULL,                           /* cryptodev_dh_generate_key */
+@@ -1551,6 +2549,14 @@ static DH_METHOD cryptodev_dh = {
+        NULL    /* app_data */
+ };
+ 
++static ECDH_METHOD cryptodev_ecdh = {
++       "cryptodev ECDH method",
++       NULL,   /* cryptodev_ecdh_compute_key */
++       NULL,
++       0,              /* flags */
++       NULL    /* app_data */
++};
++
+ /*
+  * ctrl right now is just a wrapper that doesn't do much
+  * but I expect we'll want some options soon.
+@@ -1634,25 +2640,42 @@ ENGINE_load_cryptodev(void)
+                memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
+                if (cryptodev_asymfeat & CRF_DSA_SIGN)
+                        cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
+-               if (cryptodev_asymfeat & CRF_MOD_EXP) {
+-                       cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
+-                       cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
+-               }
+                if (cryptodev_asymfeat & CRF_DSA_VERIFY)
+                        cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
++               if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY)
++                       cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen;
+        }
+ 
+        if (ENGINE_set_DH(engine, &cryptodev_dh)){
+                const DH_METHOD *dh_meth = DH_OpenSSL();
++               memcpy(&cryptodev_dh, dh_meth, sizeof(DH_METHOD));
++               if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
++                       cryptodev_dh.compute_key =
++                               cryptodev_dh_compute_key;
++               }
++               if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) {
++                       cryptodev_dh.generate_key =
++                               cryptodev_dh_keygen;
++               }
++       }
+ 
+-               cryptodev_dh.generate_key = dh_meth->generate_key;
+-               cryptodev_dh.compute_key = dh_meth->compute_key;
+-               cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
+-               if (cryptodev_asymfeat & CRF_MOD_EXP) {
+-                       cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
+-                       if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
+-                               cryptodev_dh.compute_key =
+-                                   cryptodev_dh_compute_key;
++       if (ENGINE_set_ECDSA(engine, &cryptodev_ecdsa)) {
++               const ECDSA_METHOD *meth = ECDSA_OpenSSL();
++               memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD));
++               if (cryptodev_asymfeat & CRF_DSA_SIGN) {
++                       cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign;
++               }
++               if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
++                       cryptodev_ecdsa.ecdsa_do_verify =
++                               cryptodev_ecdsa_verify;
++               }
++       }
++
++       if (ENGINE_set_ECDH(engine, &cryptodev_ecdh)) {
++               const ECDH_METHOD *ecdh_meth = ECDH_OpenSSL();
++               memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD));
++               if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
++                       cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key;
+                }
+        }
+ 
+-- 
+2.3.5
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch b/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch
new file mode 100644
index 00000000..0fb01821
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch
@@ -0,0 +1,28 @@
+From 81c4c62a4f5f5542843381bfb34e39a6171d5cdd Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Tue, 11 Mar 2014 06:42:59 +0545
+Subject: [PATCH 09/26] Added hwrng dev file as source of RNG
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ e_os.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/e_os.h b/e_os.h
+index 6a0aad1..57c0563 100644
+--- a/e_os.h
++++ b/e_os.h
+@@ -79,7 +79,7 @@ extern "C" {
+ #ifndef DEVRANDOM
+ /* set this to a comma-separated list of 'random' device files to try out.
+  * My default, we will try to read at least one of these files */
+-#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
++#define DEVRANDOM "/dev/hwrng","/dev/urandom","/dev/random","/dev/srandom"
+ #endif
+ #ifndef DEVRANDOM_EGD
+ /* set this to a comma-seperated list of 'egd' sockets to try out. These
+-- 
+2.3.5
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch b/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
new file mode 100644
index 00000000..0f889c0f
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
@@ -0,0 +1,2039 @@
+From a933e6341fd8989bdd82f8a5446b6f04aa00eef9 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Tue, 11 Mar 2014 07:14:30 +0545
+Subject: [PATCH 10/26] Asynchronous interface added for PKC cryptodev
+ interface
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ crypto/crypto.h               |   16 +
+ crypto/dh/dh.h                |    4 +-
+ crypto/dsa/dsa.h              |    5 +
+ crypto/ecdh/ech_locl.h        |    3 +
+ crypto/ecdsa/ecs_locl.h       |    5 +
+ crypto/engine/eng_cryptodev.c | 1578 +++++++++++++++++++++++++++++++++++++----
+ crypto/engine/eng_int.h       |   24 +-
+ crypto/engine/eng_lib.c       |   46 ++
+ crypto/engine/engine.h        |   24 +
+ crypto/rsa/rsa.h              |   23 +
+ 10 files changed, 1582 insertions(+), 146 deletions(-)
+
+diff --git a/crypto/crypto.h b/crypto/crypto.h
+index f92fc51..ce12731 100644
+--- a/crypto/crypto.h
++++ b/crypto/crypto.h
+@@ -605,6 +605,22 @@ void ERR_load_CRYPTO_strings(void);
+ #define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED                101
+ #define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK             100
+ 
++/* Additions for Asynchronous PKC Infrastructure */
++struct pkc_cookie_s {
++       void *cookie; /* To be filled by openssl library primitive method function caller */
++       void *eng_cookie; /* To be filled by Engine */
++        /*
++          * Callback handler to be provided by caller. Ensure to pass a
++          * handler which takes the crypto operation to completion.
++          * cookie: Container cookie from library
++          * status: Status of the crypto Job completion.
++          *            0: Job handled without any issue
++          *            -EINVAL: Parameters Invalid
++          */
++       void (*pkc_callback)(struct pkc_cookie_s *cookie, int status);
++       void *eng_handle;
++};
++
+ #ifdef  __cplusplus
+ }
+ #endif
+diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
+index ea59e61..20ffad2 100644
+--- a/crypto/dh/dh.h
++++ b/crypto/dh/dh.h
+@@ -118,7 +118,9 @@ struct dh_method
+        int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a,
+                                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                                BN_MONT_CTX *m_ctx); /* Can be null */
+-
++       int (*compute_key_async)(unsigned char *key,const BIGNUM *pub_key,DH *dh,
++                               struct pkc_cookie_s *cookie);
++       int (*generate_key_async)(DH *dh, struct pkc_cookie_s *cookie);
+        int (*init)(DH *dh);
+        int (*finish)(DH *dh);
+        int flags;
+diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
+index a6f6d0b..b04a029 100644
+--- a/crypto/dsa/dsa.h
++++ b/crypto/dsa/dsa.h
+@@ -140,6 +140,10 @@ struct dsa_method
+        int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                                const BIGNUM *m, BN_CTX *ctx,
+                                BN_MONT_CTX *m_ctx); /* Can be null */
++       int (*dsa_do_sign_async)(const unsigned char *dgst, int dlen, DSA *dsa,
++                               DSA_SIG *sig, struct pkc_cookie_s *cookie);
++       int (*dsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
++                            DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie);
+        int (*init)(DSA *dsa);
+        int (*finish)(DSA *dsa);
+        int flags;
+@@ -151,6 +155,7 @@ struct dsa_method
+                        BN_GENCB *cb);
+        /* If this is non-NULL, it is used to generate DSA keys */
+        int (*dsa_keygen)(DSA *dsa);
++       int (*dsa_keygen_async)(DSA *dsa, struct pkc_cookie_s *cookie);
+        };
+ 
+ struct dsa_st
+diff --git a/crypto/ecdh/ech_locl.h b/crypto/ecdh/ech_locl.h
+index f6cad6a..adce6b3 100644
+--- a/crypto/ecdh/ech_locl.h
++++ b/crypto/ecdh/ech_locl.h
+@@ -67,6 +67,9 @@ struct ecdh_method
+        const char *name;
+        int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
+                           void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
++       int (*compute_key_async)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
++                          void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen),
++                          struct pkc_cookie_s *cookie);
+ #if 0
+        int (*init)(EC_KEY *eckey);
+        int (*finish)(EC_KEY *eckey);
+diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h
+index cb3be13..eb0ebe0 100644
+--- a/crypto/ecdsa/ecs_locl.h
++++ b/crypto/ecdsa/ecs_locl.h
+@@ -74,6 +74,11 @@ struct ecdsa_method
+                        BIGNUM **r);
+        int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, 
+                        const ECDSA_SIG *sig, EC_KEY *eckey);
++        int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len,
++                       const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey,
++                       ECDSA_SIG *sig, struct pkc_cookie_s *cookie);
++       int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
++                       const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie);
+ #if 0
+        int (*init)(EC_KEY *eckey);
+        int (*finish)(EC_KEY *eckey);
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 7ee314b..9f2416e 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1281,6 +1281,56 @@ zapparams(struct crypt_kop *kop)
+        }
+ }
+ 
++/* Any PKC request has at max 2 output parameters and they are stored here to
++be used while copying in the check availability */
++struct cryptodev_cookie_s {
++       BIGNUM *r;
++       struct crparam r_param;
++       BIGNUM *s;
++       struct crparam s_param;
++       struct crypt_kop *kop;
++};
++
++static int
++cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
++                                       BIGNUM *s)
++{
++       int fd;
++       struct pkc_cookie_s *cookie = kop->cookie;
++       struct cryptodev_cookie_s *eng_cookie;
++
++       fd = *(int *)cookie->eng_handle;
++
++       eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
++
++       if (eng_cookie) {
++               memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
++               if (r) {
++                       kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
++                       if (!kop->crk_param[kop->crk_iparams].crp_p)
++                               return -ENOMEM;
++                       kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
++                       kop->crk_oparams++;
++                       eng_cookie->r = r;
++                       eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
++               }
++               if (s) {
++                       kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
++                       if (!kop->crk_param[kop->crk_iparams+1].crp_p)
++                               return -ENOMEM;
++                       kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
++                       kop->crk_oparams++;
++                       eng_cookie->s = s;
++                       eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
++               }
++       } else
++               return -ENOMEM;
++
++       eng_cookie->kop = kop;
++       cookie->eng_cookie = eng_cookie;
++       return ioctl(fd, CIOCASYMASYNCRYPT, kop);
++}
++
+ static int
+ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
+ {
+@@ -1337,6 +1387,44 @@ void *cryptodev_init_instance(void)
+        return fd;
+ }
+ 
++#include <poll.h>
++
++/* Return 0 on success and 1 on failure */
++int cryptodev_check_availability(void *eng_handle)
++{
++       int fd = *(int *)eng_handle;
++       struct pkc_cookie_list_s cookie_list;
++       struct pkc_cookie_s *cookie;
++       int i;
++
++       /* FETCH COOKIE returns number of cookies extracted */
++       if (ioctl(fd, CIOCASYMFETCHCOOKIE, &cookie_list) <= 0)
++               return 1;
++
++       for (i = 0; i < cookie_list.cookie_available; i++) {
++               cookie = cookie_list.cookie[i];
++               if (cookie) {
++                       struct cryptodev_cookie_s *eng_cookie = cookie->eng_cookie;
++                       if (eng_cookie) {
++                               struct crypt_kop *kop = eng_cookie->kop;
++
++                               if (eng_cookie->r)
++                                       crparam2bn(&eng_cookie->r_param, eng_cookie->r);
++                               if (eng_cookie->s)
++                                       crparam2bn(&eng_cookie->s_param, eng_cookie->s);
++                               if (kop->crk_op == CRK_DH_COMPUTE_KEY)
++                                       kop->crk_oparams = 0;
++
++                               zapparams(eng_cookie->kop);
++                               free(eng_cookie->kop);
++                               free (eng_cookie);
++                       }
++                       cookie->pkc_callback(cookie, cookie_list.status[i]);
++               }
++       }
++       return 0;
++}
++
+ static int
+ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+@@ -1382,6 +1470,63 @@ err:
+ }
+ 
+ static int
++cryptodev_bn_mod_exp_async(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
++    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont, struct pkc_cookie_s *cookie)
++{
++       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++       int ret = 1;
++
++       /* Currently, we know we can do mod exp iff we can do any
++        * asymmetric operations at all.
++        */
++       if (cryptodev_asymfeat == 0 || !kop) {
++               ret = BN_mod_exp(r, a, p, m, ctx);
++               return (ret);
++       }
++
++       kop->crk_oparams = 0;
++       kop->crk_status = 0;
++       kop->crk_op = CRK_MOD_EXP;
++       kop->cookie = cookie;
++       /* inputs: a^p % m */
++       if (bn2crparam(a, &kop->crk_param[0]))
++               goto err;
++       if (bn2crparam(p, &kop->crk_param[1]))
++               goto err;
++       if (bn2crparam(m, &kop->crk_param[2]))
++               goto err;
++
++       kop->crk_iparams = 3;
++       if (cryptodev_asym_async(kop, BN_num_bytes(m), r, 0, NULL))
++               goto err;
++
++       return ret;
++err:
++       {
++               const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
++
++               if (kop)
++                       free(kop);
++               ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
++               if (ret)
++                       /* Call the completion handler immediately */
++                       cookie->pkc_callback(cookie, 0);
++       }
++       return ret;
++}
++
++static int
++cryptodev_rsa_nocrt_mod_exp_async(BIGNUM *r0, const BIGNUM *I,
++               RSA *rsa, BN_CTX *ctx, struct pkc_cookie_s *cookie)
++{
++       int r;
++       ctx = BN_CTX_new();
++       r = cryptodev_bn_mod_exp_async(r0, I, rsa->d, rsa->n, ctx, NULL, cookie);
++       BN_CTX_free(ctx);
++       return r;
++}
++
++static int
+ cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+ {
+        int r;
+@@ -1446,6 +1591,62 @@ err:
+        return (ret);
+ }
+ 
++static int
++cryptodev_rsa_mod_exp_async(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx,
++                               struct pkc_cookie_s *cookie)
++{
++       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++       int ret = 1, f_len, p_len, q_len;
++       unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq = NULL, *c = NULL;
++
++       if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp || !kop) {
++               return (0);
++       }
++
++       kop->crk_oparams = 0;
++       kop->crk_status = 0;
++       kop->crk_op = CRK_MOD_EXP_CRT;
++       f_len = BN_num_bytes(rsa->n);
++       spcf_bn2bin_ex(I, &f, &f_len);
++       spcf_bn2bin(rsa->p, &p, &p_len);
++       spcf_bn2bin(rsa->q, &q, &q_len);
++       spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
++       spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
++       spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
++       /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
++       kop->crk_param[0].crp_p = p;
++       kop->crk_param[0].crp_nbits = p_len * 8;
++       kop->crk_param[1].crp_p = q;
++       kop->crk_param[1].crp_nbits = q_len * 8;
++       kop->crk_param[2].crp_p = f;
++       kop->crk_param[2].crp_nbits = f_len * 8;
++       kop->crk_param[3].crp_p = dp;
++       kop->crk_param[3].crp_nbits = p_len * 8;
++       /* dq must of length q, rest all of length p*/
++       kop->crk_param[4].crp_p = dq;
++       kop->crk_param[4].crp_nbits = q_len * 8;
++       kop->crk_param[5].crp_p = c;
++       kop->crk_param[5].crp_nbits = p_len * 8;
++       kop->crk_iparams = 6;
++       kop->cookie = cookie;
++       if (cryptodev_asym_async(kop, BN_num_bytes(rsa->n), r0, 0, NULL))
++               goto err;
++
++       return ret;
++err:
++       {
++               const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
++
++               if (kop)
++                       free(kop);
++               ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
++               if (ret)
++                       /* Call user completion handler immediately */
++                       cookie->pkc_callback(cookie, 0);
++       }
++       return (ret);
++}
++
+ static RSA_METHOD cryptodev_rsa = {
+        "cryptodev RSA method",
+        NULL,                           /* rsa_pub_enc */
+@@ -1454,6 +1655,12 @@ static RSA_METHOD cryptodev_rsa = {
+        NULL,                           /* rsa_priv_dec */
+        NULL,
+        NULL,
++       NULL,                           /* rsa_pub_enc */
++       NULL,                           /* rsa_pub_dec */
++       NULL,                           /* rsa_priv_enc */
++       NULL,                           /* rsa_priv_dec */
++       NULL,
++       NULL,
+        NULL,                           /* init */
+        NULL,                           /* finish */
+        0,                              /* flags */
+@@ -1751,126 +1958,424 @@ sw_try:
+        return ret;
+ }
+ 
++/* Cryptodev DSA Key Gen routine */
++static int cryptodev_dsa_keygen_async(DSA *dsa,  struct pkc_cookie_s *cookie)
++{
++       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++       int ret = 1, g_len;
++       unsigned char *g = NULL;
+ 
++       if (!kop)
++               goto sw_try;
+ 
+-static DSA_METHOD cryptodev_dsa = {
+-       "cryptodev DSA method",
+-       NULL,
+-       NULL,                           /* dsa_sign_setup */
+-       NULL,
+-       NULL,                           /* dsa_mod_exp */
+-       NULL,
+-       NULL,                           /* init */
+-       NULL,                           /* finish */
+-       0,      /* flags */
+-       NULL    /* app_data */
+-};
++       if (dsa->priv_key == NULL)      {
++               if ((dsa->priv_key=BN_new()) == NULL)
++                       goto sw_try;
++       }
+ 
+-static ECDSA_METHOD cryptodev_ecdsa = {
+-       "cryptodev ECDSA method",
+-       NULL,
+-       NULL,                           /* ecdsa_sign_setup */
+-       NULL,
+-       NULL,
+-       0,      /* flags */
+-       NULL    /* app_data */
+-};
++       if (dsa->pub_key == NULL) {
++               if ((dsa->pub_key=BN_new()) == NULL)
++                       goto sw_try;
++       }
+ 
+-typedef enum ec_curve_s
+-{
+-       EC_PRIME,
+-       EC_BINARY
+-} ec_curve_t;
++       g_len = BN_num_bytes(dsa->p);
++       /**
++        * Get generator into a plain buffer. If length is less than
++        * q_len then add leading padding bytes.
++        */
++       if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
++               DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
++               goto sw_try;
++       }
+ 
+-/* ENGINE handler for ECDSA Sign */
+-static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
+-       int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
+-{
+-       BIGNUM  *m = NULL, *p = NULL, *a = NULL;
+-       BIGNUM  *b = NULL, *x = NULL, *y = NULL;
+-       BN_CTX  *ctx = NULL;
+-       ECDSA_SIG *ret = NULL;
+-       ECDSA_DATA *ecdsa = NULL;
+-       unsigned char  * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
+-       unsigned char  * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
+-       int     i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
+-       int     g_len = 0, d_len = 0, ab_len = 0;
+-       const BIGNUM   *order = NULL, *priv_key=NULL;
+-       const EC_GROUP *group = NULL;
+-       struct crypt_kop kop;
+-       ec_curve_t ec_crv = EC_PRIME;
++       memset(kop, 0, sizeof(struct crypt_kop));
++       kop->crk_op = CRK_DSA_GENERATE_KEY;
++       if (bn2crparam(dsa->p, &kop->crk_param[0]))
++               goto sw_try;
++       if (bn2crparam(dsa->q, &kop->crk_param[1]))
++               goto sw_try;
++       kop->crk_param[2].crp_p = g;
++       kop->crk_param[2].crp_nbits = g_len * 8;
++       kop->crk_iparams = 3;
++       kop->cookie = cookie;
+ 
+-       memset(&kop, 0, sizeof(kop));
+-       ecdsa = ecdsa_check(eckey);
+-       if (!ecdsa) {
+-               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
+-               return NULL;
++       /* pub_key is or prime length while priv key is of length of order */
++       if (cryptodev_asym_async(kop, BN_num_bytes(dsa->p), dsa->pub_key,
++           BN_num_bytes(dsa->q), dsa->priv_key))
++           goto sw_try;
++
++       return ret;
++sw_try:
++       {
++               const DSA_METHOD *meth = DSA_OpenSSL();
++
++               if (kop)
++                       free(kop);
++               ret = (meth->dsa_keygen)(dsa);
++               cookie->pkc_callback(cookie, 0);
+        }
++       return ret;
++}
+ 
+-       group = EC_KEY_get0_group(eckey);
+-       priv_key = EC_KEY_get0_private_key(eckey);
++static int
++cryptodev_dsa_do_sign_async(const unsigned char *dgst, int dlen, DSA *dsa,
++                       DSA_SIG *sig, struct pkc_cookie_s *cookie)
++{
++       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++       DSA_SIG *dsaret = NULL;
++       int q_len = 0, r_len = 0, g_len = 0;
++       int priv_key_len = 0, ret = 1;
++       unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f = NULL;
+ 
+-       if (!group || !priv_key) {
+-               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
+-               return NULL;
++       if (((sig->r = BN_new()) == NULL) || !kop) {
++               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
+        }
+ 
+-       if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
+-               (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
+-               (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
+-               (y = BN_new()) == NULL) {
+-               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++       if ((sig->s = BN_new()) == NULL) {
++               BN_free(sig->r);
++               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+ 
+-       order = &group->order;
+-       if (!order || BN_is_zero(order)) {
+-               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
++       if (spcf_bn2bin(dsa->p, &q, &q_len)) {
++               DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+                goto err;
+        }
+ 
+-       i = BN_num_bits(order);
+-       /* Need to truncate digest if it is too long: first truncate whole
+-        bytes */
+-       if (8 * dgst_len > i)
+-               dgst_len = (i + 7)/8;
++       /* Get order of the field of private keys into plain buffer */
++       if (spcf_bn2bin (dsa->q, &r, &r_len)) {
++               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
+ 
+-       if (!BN_bin2bn(dgst, dgst_len, m)) {
+-               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++       /* sanity test */
++       if (dlen > r_len) {
++               DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+                goto err;
+        }
+ 
+-       /* If still too long truncate remaining bits with a shift */
+-       if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
+-               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++       g_len = q_len;
++       /**
++        * Get generator into a plain buffer. If length is less than
++        * q_len then add leading padding bytes.
++        */
++       if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
++               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+ 
+-       /* copy the truncated bits into plain buffer */
+-       if (spcf_bn2bin(m, &tmp_dgst, &dgst_len))  {
+-               fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__);
++       priv_key_len = r_len;
++       /**
++        * Get private key into a plain buffer. If length is less than
++        * r_len then add leading padding bytes.
++        */
++        if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) {
++               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+ 
+-       ret = ECDSA_SIG_new();
+-       if  (!ret) {
+-               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++       /* Allocate memory to store hash. */
++       f = OPENSSL_malloc (r_len);
++       if (!f) {
++               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+ 
+-       /* check if this is prime or binary EC request */
+-       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
+-               ec_crv = EC_PRIME;
+-               /* get the generator point pair */
+-               if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group),
+-                       x, y,ctx)) {
+-                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
+-                       goto err;
+-               }
++       /* Add padding, since SEC expects hash to of size r_len */
++       if (dlen < r_len)
++               memset(f, 0, r_len - dlen);
+ 
+-               /* get the ECC curve parameters */
+-               if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) {
+-                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++       /* Skip leading bytes if dgst_len < r_len */
++       memcpy(f + r_len - dlen, dgst, dlen);
++
++       dlen = r_len;
++
++       memset(kop, 0, sizeof( struct crypt_kop));
++       kop->crk_op = CRK_DSA_SIGN;
++
++       /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
++       kop->crk_param[0].crp_p = (void*)f;
++       kop->crk_param[0].crp_nbits = dlen * 8;
++       kop->crk_param[1].crp_p = (void*)q;
++       kop->crk_param[1].crp_nbits = q_len * 8;
++       kop->crk_param[2].crp_p = (void*)r;
++       kop->crk_param[2].crp_nbits = r_len * 8;
++       kop->crk_param[3].crp_p = (void*)g;
++       kop->crk_param[3].crp_nbits = g_len * 8;
++       kop->crk_param[4].crp_p = (void*)priv_key;
++       kop->crk_param[4].crp_nbits = priv_key_len * 8;
++       kop->crk_iparams = 5;
++       kop->cookie = cookie;
++
++       if (cryptodev_asym_async(kop, r_len, sig->r, r_len, sig->s))
++           goto err;
++
++       return ret;
++err:
++       {
++               const DSA_METHOD *meth = DSA_OpenSSL();
++
++               if (kop)
++                       free(kop);
++               BN_free(sig->r);
++               BN_free(sig->s);
++               dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
++               sig->r = dsaret->r;
++               sig->s = dsaret->s;
++               /* Call user callback immediately */
++               cookie->pkc_callback(cookie, 0);
++               ret = dsaret;
++       }
++       return ret;
++}
++
++static int
++cryptodev_dsa_verify_async(const unsigned char *dgst, int dlen,
++    DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie)
++{
++       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++       int q_len = 0, r_len = 0, g_len = 0;
++       int w_len = 0 ,c_len = 0, d_len = 0, ret = 1;
++       unsigned char   * q = NULL, * r = NULL, * w = NULL, * g = NULL;
++       unsigned char   *c = NULL, * d = NULL, *f = NULL;
++
++       if (!kop)
++               goto err;
++
++       if (spcf_bn2bin(dsa->p, &q, &q_len)) {
++               DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               return ret;
++       }
++
++       /* Get Order of field of private keys */
++       if (spcf_bn2bin(dsa->q, &r, &r_len)) {
++               DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       g_len = q_len;
++       /**
++        * Get generator into a plain buffer. If length is less than
++        * q_len then add leading padding bytes.
++        */
++       if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
++               DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++       w_len = q_len;
++       /**
++        * Get public key into a plain buffer. If length is less than
++        * q_len then add leading padding bytes.
++        */
++       if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) {
++               DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++       /**
++        * Get the 1st part of signature into a flat buffer with
++        * appropriate padding
++        */
++       c_len = r_len;
++
++       if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /**
++        * Get the 2nd part of signature into a flat buffer with
++        * appropriate padding
++        */
++       d_len = r_len;
++
++       if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++
++       /* Sanity test */
++       if (dlen > r_len) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Allocate memory to store hash. */
++       f = OPENSSL_malloc (r_len);
++       if (!f) {
++               DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Add padding, since SEC expects hash to of size r_len */
++       if (dlen < r_len)
++               memset(f, 0, r_len - dlen);
++
++       /* Skip leading bytes if dgst_len < r_len */
++       memcpy(f + r_len - dlen, dgst, dlen);
++
++       dlen = r_len;
++       memset(kop, 0, sizeof(struct crypt_kop));
++
++       /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
++       kop->crk_param[0].crp_p = (void*)f;
++       kop->crk_param[0].crp_nbits = dlen * 8;
++       kop->crk_param[1].crp_p = q;
++       kop->crk_param[1].crp_nbits = q_len * 8;
++       kop->crk_param[2].crp_p = r;
++       kop->crk_param[2].crp_nbits = r_len * 8;
++       kop->crk_param[3].crp_p = g;
++       kop->crk_param[3].crp_nbits = g_len * 8;
++       kop->crk_param[4].crp_p = w;
++       kop->crk_param[4].crp_nbits = w_len * 8;
++       kop->crk_param[5].crp_p = c;
++       kop->crk_param[5].crp_nbits = c_len * 8;
++       kop->crk_param[6].crp_p = d;
++       kop->crk_param[6].crp_nbits = d_len * 8;
++       kop->crk_iparams = 7;
++       kop->crk_op = CRK_DSA_VERIFY;
++       kop->cookie = cookie;
++       if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
++               goto err;
++
++       return ret;
++err:
++       {
++               const DSA_METHOD *meth = DSA_OpenSSL();
++
++               if (kop)
++                       free(kop);
++
++               ret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
++               cookie->pkc_callback(cookie, 0);
++       }
++       return ret;
++}
++
++static DSA_METHOD cryptodev_dsa = {
++       "cryptodev DSA method",
++       NULL,
++       NULL,                           /* dsa_sign_setup */
++       NULL,
++       NULL,                           /* dsa_mod_exp */
++       NULL,
++       NULL,
++       NULL,
++       NULL,
++       NULL,                           /* init */
++       NULL,                           /* finish */
++       0,      /* flags */
++       NULL    /* app_data */
++};
++
++static ECDSA_METHOD cryptodev_ecdsa = {
++       "cryptodev ECDSA method",
++       NULL,
++       NULL,                           /* ecdsa_sign_setup */
++       NULL,
++       NULL,
++       NULL,
++       NULL,
++       0,      /* flags */
++       NULL    /* app_data */
++};
++
++typedef enum ec_curve_s
++{
++       EC_PRIME,
++       EC_BINARY
++} ec_curve_t;
++
++/* ENGINE handler for ECDSA Sign */
++static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
++       int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
++{
++       BIGNUM  *m = NULL, *p = NULL, *a = NULL;
++       BIGNUM  *b = NULL, *x = NULL, *y = NULL;
++       BN_CTX  *ctx = NULL;
++       ECDSA_SIG *ret = NULL;
++       ECDSA_DATA *ecdsa = NULL;
++       unsigned char  * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
++       unsigned char  * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
++       int     i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
++       int     g_len = 0, d_len = 0, ab_len = 0;
++       const BIGNUM   *order = NULL, *priv_key=NULL;
++       const EC_GROUP *group = NULL;
++       struct crypt_kop kop;
++       ec_curve_t ec_crv = EC_PRIME;
++
++       memset(&kop, 0, sizeof(kop));
++       ecdsa = ecdsa_check(eckey);
++       if (!ecdsa) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
++               return NULL;
++       }
++
++       group = EC_KEY_get0_group(eckey);
++       priv_key = EC_KEY_get0_private_key(eckey);
++
++       if (!group || !priv_key) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
++               return NULL;
++       }
++
++       if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
++               (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
++               (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
++               (y = BN_new()) == NULL) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       order = &group->order;
++       if (!order || BN_is_zero(order)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
++               goto err;
++       }
++
++       i = BN_num_bits(order);
++       /* Need to truncate digest if it is too long: first truncate whole
++        bytes */
++       if (8 * dgst_len > i)
++               dgst_len = (i + 7)/8;
++
++       if (!BN_bin2bn(dgst, dgst_len, m)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++               goto err;
++       }
++
++       /* If still too long truncate remaining bits with a shift */
++       if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++               goto err;
++       }
++
++       /* copy the truncated bits into plain buffer */
++       if (spcf_bn2bin(m, &tmp_dgst, &dgst_len))  {
++               fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__);
++               goto err;
++       }
++
++       ret = ECDSA_SIG_new();
++       if  (!ret) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++               goto err;
++       }
++
++       /* check if this is prime or binary EC request */
++       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
++               ec_crv = EC_PRIME;
++               /* get the generator point pair */
++               if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group),
++                       x, y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++                       goto err;
++               }
++
++               /* get the ECC curve parameters */
++               if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
+                        goto err;
+                }
+        } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) {
+@@ -2195,63 +2700,581 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
+        }
+ 
+        /**
+-        * Get the 2nd part of signature into a flat buffer with
+-        * appropriate padding
++        * Get the 2nd part of signature into a flat buffer with
++        * appropriate padding
++        */
++       if (BN_num_bytes(sig->s) < r_len)
++               d_len = r_len;
++
++       if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* memory for message representative */
++       f = malloc(r_len);
++       if (!f) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Add padding, since SEC expects hash to of size r_len */
++       memset(f, 0, r_len-dgst_len);
++
++       /* Skip leading bytes if dgst_len < r_len */
++       memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len);
++       dgst_len += r_len-dgst_len;
++       kop.crk_op = CRK_DSA_VERIFY;
++       /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
++       kop.crk_param[0].crp_p = f;
++       kop.crk_param[0].crp_nbits = dgst_len * 8;
++       kop.crk_param[1].crp_p = q;
++       kop.crk_param[1].crp_nbits = q_len * 8;
++       kop.crk_param[2].crp_p = r;
++       kop.crk_param[2].crp_nbits = r_len * 8;
++       kop.crk_param[3].crp_p = g_xy;
++       kop.crk_param[3].crp_nbits = g_len * 8;
++       kop.crk_param[4].crp_p = w_xy;
++       kop.crk_param[4].crp_nbits = pub_key_len * 8;
++       kop.crk_param[5].crp_p = ab;
++       kop.crk_param[5].crp_nbits = ab_len * 8;
++       kop.crk_param[6].crp_p = c;
++       kop.crk_param[6].crp_nbits = d_len * 8;
++       kop.crk_param[7].crp_p = d;
++       kop.crk_param[7].crp_nbits = d_len * 8;
++       kop.crk_iparams = 8;
++
++       if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
++               /*OCF success value is 0, if not zero, change ret to fail*/
++               if(0 == kop.crk_status)
++                       ret  = 1;
++       } else {
++               const ECDSA_METHOD *meth = ECDSA_OpenSSL();
++
++               ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey);
++       }
++       kop.crk_param[0].crp_p = NULL;
++       zapparams(&kop);
++
++err:
++       return ret;
++}
++
++static int cryptodev_ecdsa_do_sign_async( const unsigned char  *dgst,
++       int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey,
++       ECDSA_SIG *sig, struct pkc_cookie_s *cookie)
++{
++       BIGNUM  *m = NULL, *p = NULL, *a = NULL;
++       BIGNUM  *b = NULL, *x = NULL, *y = NULL;
++       BN_CTX  *ctx = NULL;
++       ECDSA_SIG *sig_ret = NULL;
++       ECDSA_DATA *ecdsa = NULL;
++       unsigned char  * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
++       unsigned char  * s = NULL, *f = NULL, *tmp_dgst = NULL;
++       int     i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
++       int     g_len = 0, ab_len = 0, ret = 1;
++       const BIGNUM   *order = NULL, *priv_key=NULL;
++       const EC_GROUP *group = NULL;
++       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++       ec_curve_t ec_crv = EC_PRIME;
++
++       if (!(sig->r = BN_new()) || !kop)
++               goto err;
++       if ((sig->s = BN_new()) == NULL) {
++               BN_free(r);
++               goto err;
++       }
++
++       memset(kop, 0, sizeof(struct crypt_kop));
++       ecdsa = ecdsa_check(eckey);
++       if (!ecdsa) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
++               goto err;
++       }
++
++       group = EC_KEY_get0_group(eckey);
++       priv_key = EC_KEY_get0_private_key(eckey);
++
++       if (!group || !priv_key) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
++               goto err;
++       }
++
++       if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
++               (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
++               (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
++               (y = BN_new()) == NULL) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       order = &group->order;
++       if (!order || BN_is_zero(order)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
++               goto err;
++       }
++
++       i = BN_num_bits(order);
++       /* Need to truncate digest if it is too long: first truncate whole
++        bytes */
++       if (8 * dgst_len > i)
++               dgst_len = (i + 7)/8;
++
++       if (!BN_bin2bn(dgst, dgst_len, m)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++               goto err;
++       }
++
++       /* If still too long truncate remaining bits with a shift */
++       if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++               goto err;
++       }
++
++       /* copy the truncated bits into plain buffer */
++       if (spcf_bn2bin(m, &tmp_dgst, &dgst_len))  {
++               fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__);
++               goto err;
++       }
++
++       /* check if this is prime or binary EC request */
++       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group))
++                               == NID_X9_62_prime_field) {
++               ec_crv = EC_PRIME;
++               /* get the generator point pair */
++               if (!EC_POINT_get_affine_coordinates_GFp (group,
++                       EC_GROUP_get0_generator(group), x, y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++                       goto err;
++               }
++
++               /* get the ECC curve parameters */
++               if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++                       goto err;
++               }
++       } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) {
++               ec_crv = EC_BINARY;
++               /* get the ECC curve parameters */
++               if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++                       goto err;
++               }
++
++               /* get the generator point pair */
++               if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                       EC_GROUP_get0_generator(group), x, y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++                       goto err;
++               }
++       } else {
++               printf("Unsupported Curve\n");
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++               goto err;
++       }
++
++       if (spcf_bn2bin(order, &r, &r_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       if (spcf_bn2bin(p, &q, &q_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       priv_key_len = r_len;
++
++       /**
++        * If BN_num_bytes of priv_key returns less then r_len then
++        * add padding bytes before the key
++        */
++       if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len))  {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Generation of ECC curve parameters */
++       ab_len = 2*q_len;
++       ab = eng_copy_curve_points(a, b, ab_len, q_len);
++       if (!ab) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       if (ec_crv == EC_BINARY) {
++               if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
++               {
++                       unsigned char *c_temp = NULL;
++                       int c_temp_len = q_len;
++                       if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
++                               memcpy(ab+q_len, c_temp, q_len);
++                       else
++                               goto err;
++               }
++               kop->curve_type = ECC_BINARY;
++       }
++
++       /* Calculation of Generator point */
++       g_len = 2*q_len;
++       g_xy = eng_copy_curve_points(x, y, g_len, q_len);
++       if (!g_xy) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* memory for message representative */
++       f = malloc(r_len);
++       if (!f) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Add padding, since SEC expects hash to of size r_len */
++       memset(f, 0, r_len - dgst_len);
++
++       /* Skip leading bytes if dgst_len < r_len */
++       memcpy(f +  r_len - dgst_len, tmp_dgst, dgst_len);
++
++       dgst_len +=  r_len - dgst_len;
++
++       kop->crk_op = CRK_DSA_SIGN;
++       /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
++       kop->crk_param[0].crp_p = f;
++       kop->crk_param[0].crp_nbits = dgst_len * 8;
++       kop->crk_param[1].crp_p = q;
++       kop->crk_param[1].crp_nbits = q_len * 8;
++       kop->crk_param[2].crp_p = r;
++       kop->crk_param[2].crp_nbits = r_len * 8;
++       kop->crk_param[3].crp_p = g_xy;
++       kop->crk_param[3].crp_nbits = g_len * 8;
++       kop->crk_param[4].crp_p = s;
++       kop->crk_param[4].crp_nbits = priv_key_len * 8;
++       kop->crk_param[5].crp_p = ab;
++       kop->crk_param[5].crp_nbits = ab_len * 8;
++       kop->crk_iparams = 6;
++       kop->cookie = cookie;
++
++       if (cryptodev_asym_async(kop, r_len, sig->r , r_len, sig->s))
++               goto err;
++
++       return ret;
++err:
++       {
++               const ECDSA_METHOD *meth = ECDSA_OpenSSL();
++               BN_free(sig->r);
++               BN_free(sig->s);
++               if (kop)
++                       free(kop);
++               sig_ret = (meth->ecdsa_do_sign)(dgst, dgst_len, in_kinv, in_r, eckey);
++               sig->r = sig_ret->r;
++               sig->s = sig_ret->s;
++               cookie->pkc_callback(cookie, 0);
++       }
++       return ret;
++}
++
++static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len,
++               const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie)
++{
++       BIGNUM  *m = NULL, *p = NULL, *a = NULL, *b = NULL;
++       BIGNUM  *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
++       BN_CTX  *ctx = NULL;
++       ECDSA_DATA      *ecdsa = NULL;
++       unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy = NULL;
++       unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
++       int     i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0;
++       int     d_len = 0, ab_len = 0, ret = 1;
++       const EC_POINT *pub_key = NULL;
++       const BIGNUM   *order = NULL;
++       const EC_GROUP *group=NULL;
++       ec_curve_t       ec_crv = EC_PRIME;
++       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++
++       if (!kop)
++               goto err;
++
++       memset(kop, 0, sizeof(struct crypt_kop));
++       ecdsa = ecdsa_check(eckey);
++       if (!ecdsa) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
++               goto err;
++       }
++
++       group    = EC_KEY_get0_group(eckey);
++       pub_key  = EC_KEY_get0_public_key(eckey);
++
++       if (!group || !pub_key) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
++               goto err;
++       }
++
++       if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
++               (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
++               (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
++               (y = BN_new()) == NULL || (w_x = BN_new()) == NULL ||
++               (w_y = BN_new()) == NULL) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       order = &group->order;
++       if (!order || BN_is_zero(order)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
++               goto err;
++       }
++
++       i = BN_num_bits(order);
++       /* Need to truncate digest if it is too long: first truncate whole
++       * bytes */
++       if (8 * dgst_len > i)
++               dgst_len = (i + 7)/8;
++
++       if (!BN_bin2bn(dgst, dgst_len, m)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
++               goto err;
++       }
++
++       /* If still too long truncate remaining bits with a shift */
++       if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
++               goto err;
++       }
++       /* copy the truncated bits into plain buffer */
++       if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* check if this is prime or binary EC request */
++       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
++               ec_crv = EC_PRIME;
++
++               /* get the generator point pair */
++               if (!EC_POINT_get_affine_coordinates_GFp (group,
++                       EC_GROUP_get0_generator(group), x, y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++                       goto err;
++               }
++
++               /* get the public key pair for prime curve */
++               if (!EC_POINT_get_affine_coordinates_GFp (group,
++                       pub_key, w_x, w_y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++                       goto err;
++               }
++
++               /* get the ECC curve parameters */
++               if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++                       goto err;
++               }
++       } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field){
++               ec_crv = EC_BINARY;
++               /* get the ECC curve parameters */
++               if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++                       goto err;
++               }
++
++               /* get the generator point pair */
++               if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                       EC_GROUP_get0_generator(group),x, y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++                       goto err;
++               }
++
++               /* get the public key pair for binary curve */
++               if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                       pub_key, w_x, w_y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++                       goto err;
++               }
++       }else {
++               printf("Unsupported Curve\n");
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++               goto err;
++       }
++
++       /* Get the order of the subgroup of private keys */
++       if (spcf_bn2bin((BIGNUM*)order, &r, &r_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Get the irreducible polynomial that creates the field */
++       if (spcf_bn2bin(p, &q, &q_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Get the public key into a flat buffer with appropriate padding */
++       pub_key_len = 2 * q_len;
++
++       w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len);
++       if (!w_xy) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Generation of ECC curve parameters */
++       ab_len = 2*q_len;
++
++       ab = eng_copy_curve_points (a, b, ab_len, q_len);
++       if (!ab) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       if (ec_crv == EC_BINARY) {
++               /* copy b' i.e c(b), instead of only b */
++               eng_ec_get_cparam (EC_GROUP_get_curve_name(group),
++                       ab+q_len, q_len);
++               kop->curve_type = ECC_BINARY;
++       }
++
++       /* Calculation of Generator point */
++       g_len = 2 * q_len;
++
++       g_xy = eng_copy_curve_points (x, y, g_len, q_len);
++       if (!g_xy) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /**
++        * Get the 1st part of signature into a flat buffer with
++        * appropriate padding
++        */
++       if (BN_num_bytes(sig->r) < r_len)
++               c_len = r_len;
++
++       if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /**
++        * Get the 2nd part of signature into a flat buffer with
++        * appropriate padding
++        */
++       if (BN_num_bytes(sig->s) < r_len)
++               d_len = r_len;
++
++       if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* memory for message representative */
++       f = malloc(r_len);
++       if (!f) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Add padding, since SEC expects hash to of size r_len */
++       memset(f, 0, r_len-dgst_len);
++
++       /* Skip leading bytes if dgst_len < r_len */
++       memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len);
++
++       dgst_len += r_len-dgst_len;
++
++       kop->crk_op = CRK_DSA_VERIFY;
++       /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
++       kop->crk_param[0].crp_p = f;
++       kop->crk_param[0].crp_nbits = dgst_len * 8;
++       kop->crk_param[1].crp_p = q;
++       kop->crk_param[1].crp_nbits = q_len * 8;
++       kop->crk_param[2].crp_p = r;
++       kop->crk_param[2].crp_nbits = r_len * 8;
++       kop->crk_param[3].crp_p = g_xy;
++       kop->crk_param[3].crp_nbits = g_len * 8;
++       kop->crk_param[4].crp_p = w_xy;
++       kop->crk_param[4].crp_nbits = pub_key_len * 8;
++       kop->crk_param[5].crp_p = ab;
++       kop->crk_param[5].crp_nbits = ab_len * 8;
++       kop->crk_param[6].crp_p = c;
++       kop->crk_param[6].crp_nbits = d_len * 8;
++       kop->crk_param[7].crp_p = d;
++       kop->crk_param[7].crp_nbits = d_len * 8;
++       kop->crk_iparams = 8;
++       kop->cookie = cookie;
++
++       if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
++               goto err;
++
++       return ret;
++err:
++       {
++               const ECDSA_METHOD *meth = ECDSA_OpenSSL();
++
++               if (kop)
++                       free(kop);
++               ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey);
++               cookie->pkc_callback(cookie, 0);
++       }
++
++       return ret;
++}
++
++/* Cryptodev DH Key Gen routine */
++static int cryptodev_dh_keygen_async(DH *dh,  struct pkc_cookie_s *cookie)
++{
++       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++       int ret = 1, g_len;
++       unsigned char *g = NULL;
++
++       if (!kop)
++               goto sw_try;
++
++       if (dh->priv_key == NULL)       {
++               if ((dh->priv_key=BN_new()) == NULL)
++                       goto sw_try;
++       }
++
++       if (dh->pub_key == NULL) {
++               if ((dh->pub_key=BN_new()) == NULL)
++                       goto sw_try;
++       }
++
++       g_len = BN_num_bytes(dh->p);
++       /**
++        * Get generator into a plain buffer. If length is less than
++        * q_len then add leading padding bytes.
+         */
+-       if (BN_num_bytes(sig->s) < r_len)
+-               d_len = r_len;
+-
+-       if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
+-               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+-               goto err;
+-       }
+-
+-       /* memory for message representative */
+-       f = malloc(r_len);
+-       if (!f) {
+-               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+-               goto err;
++       if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
++               DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
++               goto sw_try;
+        }
+ 
+-       /* Add padding, since SEC expects hash to of size r_len */
+-       memset(f, 0, r_len-dgst_len);
++       memset(kop, 0, sizeof(struct crypt_kop));
++       kop->crk_op = CRK_DH_GENERATE_KEY;
++       if (bn2crparam(dh->p, &kop->crk_param[0]))
++               goto sw_try;
++       if (bn2crparam(dh->q, &kop->crk_param[1]))
++               goto sw_try;
++       kop->crk_param[2].crp_p = g;
++       kop->crk_param[2].crp_nbits = g_len * 8;
++       kop->crk_iparams = 3;
++       kop->cookie = cookie;
+ 
+-       /* Skip leading bytes if dgst_len < r_len */
+-       memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len);
+-       dgst_len += r_len-dgst_len;
+-       kop.crk_op = CRK_DSA_VERIFY;
+-       /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+-       kop.crk_param[0].crp_p = f;
+-       kop.crk_param[0].crp_nbits = dgst_len * 8;
+-       kop.crk_param[1].crp_p = q;
+-       kop.crk_param[1].crp_nbits = q_len * 8;
+-       kop.crk_param[2].crp_p = r;
+-       kop.crk_param[2].crp_nbits = r_len * 8;
+-       kop.crk_param[3].crp_p = g_xy;
+-       kop.crk_param[3].crp_nbits = g_len * 8;
+-       kop.crk_param[4].crp_p = w_xy;
+-       kop.crk_param[4].crp_nbits = pub_key_len * 8;
+-       kop.crk_param[5].crp_p = ab;
+-       kop.crk_param[5].crp_nbits = ab_len * 8;
+-       kop.crk_param[6].crp_p = c;
+-       kop.crk_param[6].crp_nbits = d_len * 8;
+-       kop.crk_param[7].crp_p = d;
+-       kop.crk_param[7].crp_nbits = d_len * 8;
+-       kop.crk_iparams = 8;
++       /* pub_key is or prime length while priv key is of length of order */
++       if (cryptodev_asym_async(kop, BN_num_bytes(dh->p), dh->pub_key,
++           BN_num_bytes(dh->q), dh->priv_key))
++           goto sw_try;
+ 
+-       if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
+-               /*OCF success value is 0, if not zero, change ret to fail*/
+-               if(0 == kop.crk_status)
+-                       ret  = 1;
+-       } else {
+-               const ECDSA_METHOD *meth = ECDSA_OpenSSL();
++       return ret;
++sw_try:
++       {
++               const DH_METHOD *meth = DH_OpenSSL();
+ 
+-               ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey);
++               if (kop)
++                       free(kop);
++               ret = (meth->generate_key)(dh);
++               cookie->pkc_callback(cookie, 0);
+        }
+-       kop.crk_param[0].crp_p = NULL;
+-       zapparams(&kop);
+-
+-err:
+        return ret;
+ }
+ 
+@@ -2360,6 +3383,54 @@ sw_try:
+        return (dhret);
+ }
+ 
++/* Return Length if successful and 0 on failure */
++static int
++cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
++               DH *dh, struct pkc_cookie_s *cookie)
++{
++       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++       int ret = 1;
++       int fd, p_len;
++       unsigned char *padded_pub_key = NULL, *p = NULL;
++
++       fd = *(int *)cookie->eng_handle;
++
++       memset(kop, 0, sizeof(struct crypt_kop));
++       kop->crk_op = CRK_DH_COMPUTE_KEY;
++       /* inputs: dh->priv_key pub_key dh->p key */
++       spcf_bn2bin(dh->p, &p, &p_len);
++       spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
++
++       if (bn2crparam(dh->priv_key, &kop->crk_param[0]))
++               goto err;
++       kop->crk_param[1].crp_p = padded_pub_key;
++       kop->crk_param[1].crp_nbits = p_len * 8;
++       kop->crk_param[2].crp_p = p;
++       kop->crk_param[2].crp_nbits = p_len * 8;
++       kop->crk_iparams = 3;
++
++       kop->cookie = cookie;
++       kop->crk_param[3].crp_p = (void*) key;
++       kop->crk_param[3].crp_nbits = p_len * 8;
++       kop->crk_oparams = 1;
++
++       if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
++               goto err;
++
++       return p_len;
++err:
++       {
++               const DH_METHOD *meth = DH_OpenSSL();
++
++               if (kop)
++                       free(kop);
++               ret = (meth->compute_key)(key, pub_key, dh);
++               /* Call user cookie handler */
++               cookie->pkc_callback(cookie, 0);
++       }
++       return (ret);
++}
++
+ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
+        const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
+        void *out, size_t *outlen))
+@@ -2537,6 +3608,190 @@ err:
+        return ret;
+ }
+ 
++int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
++       const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
++       void *out, size_t *outlen), struct pkc_cookie_s *cookie)
++{
++       ec_curve_t       ec_crv = EC_PRIME;
++       unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
++       BIGNUM         * w_x = NULL, *w_y = NULL;
++       int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
++       BIGNUM * p = NULL, *a = NULL, *b = NULL;
++       BN_CTX *ctx;
++       EC_POINT *tmp=NULL;
++       BIGNUM *x=NULL, *y=NULL;
++       const BIGNUM *priv_key;
++       const EC_GROUP* group = NULL;
++       int ret = 1;
++       size_t buflen, len;
++       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++
++       if (!(ctx = BN_CTX_new()) || !kop)
++                goto err;
++
++       memset(kop, 0, sizeof(struct crypt_kop));
++
++       BN_CTX_start(ctx);
++       x = BN_CTX_get(ctx);
++       y = BN_CTX_get(ctx);
++       p = BN_CTX_get(ctx);
++       a = BN_CTX_get(ctx);
++       b = BN_CTX_get(ctx);
++       w_x = BN_CTX_get(ctx);
++       w_y = BN_CTX_get(ctx);
++
++       if (!x || !y || !p || !a || !b || !w_x || !w_y) {
++               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       priv_key = EC_KEY_get0_private_key(ecdh);
++       if (priv_key == NULL) {
++               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE);
++               goto err;
++       }
++
++       group = EC_KEY_get0_group(ecdh);
++       if ((tmp=EC_POINT_new(group)) == NULL) {
++               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
++               NID_X9_62_prime_field) {
++               ec_crv = EC_PRIME;
++
++               if (!EC_POINT_get_affine_coordinates_GFp(group,
++                       EC_GROUP_get0_generator(group), x, y, ctx)) {
++                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
++                       goto err;
++               }
++
++               /* get the ECC curve parameters */
++               if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
++                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
++                       goto err;
++               }
++
++               /* get the public key pair for prime curve */
++               if (!EC_POINT_get_affine_coordinates_GFp (group, pub_key, w_x, w_y,ctx)) {
++                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
++                       goto err;
++               }
++       } else {
++               ec_crv = EC_BINARY;
++
++               if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                       EC_GROUP_get0_generator(group), x, y, ctx)) {
++                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
++                       goto err;
++               }
++
++               /* get the ECC curve parameters */
++               if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
++                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
++                       goto err;
++               }
++
++               /* get the public key pair for binary curve */
++               if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                       pub_key, w_x, w_y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++                       goto err;
++               }
++       }
++
++       /* irreducible polynomial that creates the field */
++       if (spcf_bn2bin((BIGNUM*)&group->order, &r, &r_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Get the irreducible polynomial that creates the field */
++       if (spcf_bn2bin(p, &q, &q_len)) {
++               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
++               goto err;
++       }
++
++       /* Get the public key into a flat buffer with appropriate padding */
++       pub_key_len = 2 * q_len;
++       w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len);
++       if (!w_xy) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Generation of ECC curve parameters */
++       ab_len = 2*q_len;
++       ab = eng_copy_curve_points (a, b, ab_len, q_len);
++       if (!ab) {
++               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
++               goto err;
++       }
++
++       if (ec_crv == EC_BINARY) {
++               /* copy b' i.e c(b), instead of only b */
++               if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
++               {
++                       unsigned char *c_temp = NULL;
++                       int c_temp_len = q_len;
++                       if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
++                               memcpy(ab+q_len, c_temp, q_len);
++                       else
++                               goto err;
++               }
++               kop->curve_type = ECC_BINARY;
++       } else
++               kop->curve_type = ECC_PRIME;
++
++       priv_key_len = r_len;
++
++       /*
++        * If BN_num_bytes of priv_key returns less then r_len then
++        * add padding bytes before the key
++        */
++       if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       buflen = (EC_GROUP_get_degree(group) + 7)/8;
++       len = BN_num_bytes(x);
++       if (len > buflen || q_len < buflen) {
++               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
++               goto err;
++       }
++
++       kop->crk_op = CRK_DH_COMPUTE_KEY;
++       kop->crk_param[0].crp_p = (void *) s;
++       kop->crk_param[0].crp_nbits = priv_key_len*8;
++       kop->crk_param[1].crp_p = (void *) w_xy;
++       kop->crk_param[1].crp_nbits = pub_key_len*8;
++       kop->crk_param[2].crp_p = (void *) q;
++       kop->crk_param[2].crp_nbits = q_len*8;
++       kop->crk_param[3].crp_p = (void *) ab;
++       kop->crk_param[3].crp_nbits = ab_len*8;
++       kop->crk_iparams = 4;
++       kop->crk_param[4].crp_p = (void *) out;
++       kop->crk_param[4].crp_nbits = q_len*8;
++       kop->crk_oparams = 1;
++       kop->cookie = cookie;
++       if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
++               goto err;
++
++       return q_len;
++err:
++       {
++               const ECDH_METHOD *meth = ECDH_OpenSSL();
++
++               if (kop)
++                       free(kop);
++               ret = (meth->compute_key)(out, outlen, pub_key, ecdh, KDF);
++               /* Call user cookie handler */
++               cookie->pkc_callback(cookie, 0);
++       }
++       return ret;
++}
+ 
+ static DH_METHOD cryptodev_dh = {
+        "cryptodev DH method",
+@@ -2545,6 +3800,8 @@ static DH_METHOD cryptodev_dh = {
+        NULL,
+        NULL,
+        NULL,
++       NULL,
++       NULL,
+        0,      /* flags */
+        NULL    /* app_data */
+ };
+@@ -2553,6 +3810,7 @@ static ECDH_METHOD cryptodev_ecdh = {
+        "cryptodev ECDH method",
+        NULL,   /* cryptodev_ecdh_compute_key */
+        NULL,
++       NULL,
+        0,              /* flags */
+        NULL    /* app_data */
+ };
+@@ -2625,12 +3883,19 @@ ENGINE_load_cryptodev(void)
+                cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
+                if (cryptodev_asymfeat & CRF_MOD_EXP) {
+                        cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
+-                       if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
++                       cryptodev_rsa.bn_mod_exp_async =
++                                cryptodev_bn_mod_exp_async;
++                       if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) {
+                                cryptodev_rsa.rsa_mod_exp =
+                                    cryptodev_rsa_mod_exp;
+-                       else
++                               cryptodev_rsa.rsa_mod_exp_async =
++                                   cryptodev_rsa_mod_exp_async;
++                       } else {
+                                cryptodev_rsa.rsa_mod_exp =
+                                    cryptodev_rsa_nocrt_mod_exp;
++                               cryptodev_rsa.rsa_mod_exp_async =
++                                   cryptodev_rsa_nocrt_mod_exp_async;
++                       }
+                }
+        }
+ 
+@@ -2638,12 +3903,21 @@ ENGINE_load_cryptodev(void)
+                const DSA_METHOD *meth = DSA_OpenSSL();
+ 
+                memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
+-               if (cryptodev_asymfeat & CRF_DSA_SIGN)
++               if (cryptodev_asymfeat & CRF_DSA_SIGN) {
+                        cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
+-               if (cryptodev_asymfeat & CRF_DSA_VERIFY)
++                       cryptodev_dsa.dsa_do_sign_async =
++                                cryptodev_dsa_do_sign_async;
++               }
++               if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
+                        cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
+-               if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY)
++                       cryptodev_dsa.dsa_do_verify_async =
++                                cryptodev_dsa_verify_async;
++               }
++               if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) {
+                        cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen;
++                       cryptodev_dsa.dsa_keygen_async =
++                                cryptodev_dsa_keygen_async;
++               }
+        }
+ 
+        if (ENGINE_set_DH(engine, &cryptodev_dh)){
+@@ -2652,10 +3926,15 @@ ENGINE_load_cryptodev(void)
+                if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
+                        cryptodev_dh.compute_key =
+                                cryptodev_dh_compute_key;
++                       cryptodev_dh.compute_key_async =
++                               cryptodev_dh_compute_key_async;
+                }
+                if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) {
+                        cryptodev_dh.generate_key =
+                                cryptodev_dh_keygen;
++                       cryptodev_dh.generate_key_async =
++                               cryptodev_dh_keygen_async;
++
+                }
+        }
+ 
+@@ -2664,10 +3943,14 @@ ENGINE_load_cryptodev(void)
+                memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD));
+                if (cryptodev_asymfeat & CRF_DSA_SIGN) {
+                        cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign;
++                       cryptodev_ecdsa.ecdsa_do_sign_async =
++                               cryptodev_ecdsa_do_sign_async;
+                }
+                if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
+                        cryptodev_ecdsa.ecdsa_do_verify =
+                                cryptodev_ecdsa_verify;
++                       cryptodev_ecdsa.ecdsa_do_verify_async =
++                               cryptodev_ecdsa_verify_async;
+                }
+        }
+ 
+@@ -2676,9 +3959,16 @@ ENGINE_load_cryptodev(void)
+                memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD));
+                if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
+                        cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key;
++                       cryptodev_ecdh.compute_key_async =
++                                cryptodev_ecdh_compute_key_async;
+                }
+        }
+ 
++       ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability);
++       ENGINE_set_close_instance(engine, cryptodev_close_instance);
++       ENGINE_set_init_instance(engine, cryptodev_init_instance);
++       ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC);
++
+        ENGINE_add(engine);
+        ENGINE_free(engine);
+        ERR_clear_error();
+diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
+index 451ef8f..8fc3077 100644
+--- a/crypto/engine/eng_int.h
++++ b/crypto/engine/eng_int.h
+@@ -181,7 +181,29 @@ struct engine_st
+        ENGINE_LOAD_KEY_PTR load_pubkey;
+ 
+        ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
+-
++       /*
++        * Instantiate Engine handle to be passed in check_pkc_availability
++        * Ensure that Engine is instantiated before any pkc asynchronous call.
++        */
++       void *(*engine_init_instance)(void);
++       /*
++        * Instantiated Engine handle will be closed with this call.
++        * Ensure that no pkc asynchronous call is made after this call
++        */
++       void (*engine_close_instance)(void *handle);
++       /*
++        * Check availability will extract the data from kernel.
++        * eng_handle: This is the Engine handle corresponds to which
++        * the cookies needs to be polled.
++        * return 0 if cookie available else 1
++        */
++       int (*check_pkc_availability)(void *eng_handle);
++       /*
++        * The following map is used to check if the engine supports asynchronous implementation
++        * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous
++        * implementation need to check this features using "int ENGINE_get_async_map(engine *)";
++        */
++       int async_map;
+        const ENGINE_CMD_DEFN *cmd_defns;
+        int flags;
+        /* reference count on the structure itself */
+diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
+index 18a6664..6fa621c 100644
+--- a/crypto/engine/eng_lib.c
++++ b/crypto/engine/eng_lib.c
+@@ -98,7 +98,11 @@ void engine_set_all_null(ENGINE *e)
+        e->ctrl = NULL;
+        e->load_privkey = NULL;
+        e->load_pubkey = NULL;
++       e->check_pkc_availability = NULL;
++       e->engine_init_instance = NULL;
++       e->engine_close_instance = NULL;
+        e->cmd_defns = NULL;
++       e->async_map = 0;
+        e->flags = 0;
+        }
+ 
+@@ -233,6 +237,48 @@ int ENGINE_set_id(ENGINE *e, const char *id)
+        return 1;
+        }
+ 
++void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void))
++       {
++               e->engine_init_instance = engine_init_instance;
++       }
++
++void ENGINE_set_close_instance(ENGINE *e,
++       void (*engine_close_instance)(void *))
++       {
++               e->engine_close_instance = engine_close_instance;
++       }
++
++void ENGINE_set_async_map(ENGINE *e, int async_map)
++       {
++               e->async_map = async_map;
++       }
++
++void *ENGINE_init_instance(ENGINE *e)
++       {
++               return e->engine_init_instance();
++       }
++
++void ENGINE_close_instance(ENGINE *e, void *eng_handle)
++       {
++               e->engine_close_instance(eng_handle);
++       }
++
++int ENGINE_get_async_map(ENGINE *e)
++       {
++               return e->async_map;
++       }
++
++void ENGINE_set_check_pkc_availability(ENGINE *e,
++       int (*check_pkc_availability)(void *eng_handle))
++       {
++               e->check_pkc_availability = check_pkc_availability;
++       }
++
++int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle)
++       {
++               return e->check_pkc_availability(eng_handle);
++       }
++
+ int ENGINE_set_name(ENGINE *e, const char *name)
+        {
+        if(name == NULL)
+diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
+index 237a6c9..ccff86a 100644
+--- a/crypto/engine/engine.h
++++ b/crypto/engine/engine.h
+@@ -473,6 +473,30 @@ ENGINE *ENGINE_new(void);
+ int ENGINE_free(ENGINE *e);
+ int ENGINE_up_ref(ENGINE *e);
+ int ENGINE_set_id(ENGINE *e, const char *id);
++void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void));
++void ENGINE_set_close_instance(ENGINE *e,
++       void (*engine_free_instance)(void *));
++/*
++ * Following FLAGS are bitmap store in async_map to set asynchronous interface capability
++ *of the engine
++ */
++#define ENGINE_RSA_ASYNC 0x0001
++#define ENGINE_DSA_ASYNC 0x0002
++#define ENGINE_DH_ASYNC 0x0004
++#define ENGINE_ECDSA_ASYNC 0x0008
++#define ENGINE_ECDH_ASYNC 0x0010
++#define ENGINE_ALLPKC_ASYNC 0x001F
++/* Engine implementation will set the bitmap based on above flags using following API */
++void ENGINE_set_async_map(ENGINE *e, int async_map);
++ /* Application need to check the bitmap based on above flags using following API
++  * to confirm asynchronous methods supported
++  */
++int ENGINE_get_async_map(ENGINE *e);
++void *ENGINE_init_instance(ENGINE *e);
++void ENGINE_close_instance(ENGINE *e, void *eng_handle);
++void ENGINE_set_check_pkc_availability(ENGINE *e,
++       int (*check_pkc_availability)(void *eng_handle));
++int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle);
+ int ENGINE_set_name(ENGINE *e, const char *name);
+ int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
+ int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
+diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
+index 5f269e5..6ef1b15 100644
+--- a/crypto/rsa/rsa.h
++++ b/crypto/rsa/rsa.h
+@@ -101,6 +101,29 @@ struct rsa_meth_st
+        int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                          const BIGNUM *m, BN_CTX *ctx,
+                          BN_MONT_CTX *m_ctx); /* Can be null */
++       /*
++        * Cookie in the following _async variant must be allocated before
++        * submission and can be freed once its corresponding callback
++        * handler is called
++        */
++       int (*rsa_pub_enc_asyn)(int flen,const unsigned char *from,
++                          unsigned char *to, RSA *rsa, int padding,
++                          struct pkc_cookie_s *cookie);
++       int (*rsa_pub_dec_async)(int flen,const unsigned char *from,
++                          unsigned char *to, RSA *rsa, int padding,
++                          struct pkc_cookie_s *cookie);
++       int (*rsa_priv_enc_async)(int flen,const unsigned char *from,
++                           unsigned char *to, RSA *rsa, int padding,
++                           struct pkc_cookie_s *cookie);
++       int (*rsa_priv_dec_async)(int flen,const unsigned char *from,
++                           unsigned char *to, RSA *rsa, int padding,
++                           struct pkc_cookie_s *cookie);
++       int (*rsa_mod_exp_async)(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
++                           BN_CTX *ctx, struct pkc_cookie_s *cookie);
++       int (*bn_mod_exp_async)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
++                         const BIGNUM *m, BN_CTX *ctx,
++                         BN_MONT_CTX *m_ctx, struct pkc_cookie_s *cookie);
++
+        int (*init)(RSA *rsa);          /* called at new */
+        int (*finish)(RSA *rsa);        /* called at free */
+        int flags;                      /* RSA_METHOD_FLAG_* things */
+-- 
+2.3.5
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch b/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
new file mode 100644
index 00000000..244d230e
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
@@ -0,0 +1,153 @@
+From e4fc051f8ae1c093b25ca346c2ec351ff3b700d1 Mon Sep 17 00:00:00 2001
+From: Hou Zhiqiang <B48286@freescale.com>
+Date: Wed, 2 Apr 2014 16:10:43 +0800
+Subject: [PATCH 11/26] Add RSA keygen operation and support gendsa command
+ with hardware engine
+
+Upstream-status: Pending
+
+Signed-off-by: Hou Zhiqiang <B48286@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 118 ++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 118 insertions(+)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 9f2416e..b2919a8 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1906,6 +1906,121 @@ err:
+        return dsaret;
+ }
+ 
++/* Cryptodev RSA Key Gen routine */
++static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
++{
++       struct crypt_kop kop;
++       int ret, fd;
++       int p_len, q_len;
++       int i;
++
++       if ((fd = get_asym_dev_crypto()) < 0)
++               return fd;
++
++       if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
++       if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err;
++       if(!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err;
++       if(!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err;
++       if(!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err;
++       if(!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err;
++       if(!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err;
++       if(!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err;
++
++       BN_copy(rsa->e, e);
++
++       p_len = (bits+1) / (2 * 8);
++       q_len = (bits - p_len * 8) / 8;
++       memset(&kop, 0, sizeof kop);
++       kop.crk_op = CRK_RSA_GENERATE_KEY;
++
++       /* p length */
++       kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
++       if (!kop.crk_param[kop.crk_iparams].crp_p)
++               goto err;
++       kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
++       memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
++       kop.crk_iparams++;
++       kop.crk_oparams++;
++       /* q length */
++       kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
++       if (!kop.crk_param[kop.crk_iparams].crp_p)
++               goto err;
++       kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
++       memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
++       kop.crk_iparams++;
++       kop.crk_oparams++;
++       /* n length */
++       kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + q_len + 1, sizeof(char));
++       if (!kop.crk_param[kop.crk_iparams].crp_p)
++               goto err;
++       kop.crk_param[kop.crk_iparams].crp_nbits = bits;
++       memset(kop.crk_param[kop.crk_iparams].crp_p, 0x00, p_len + q_len + 1);
++       kop.crk_iparams++;
++       kop.crk_oparams++;
++       /* d length */
++       kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + q_len + 1, sizeof(char));
++       if (!kop.crk_param[kop.crk_iparams].crp_p)
++               goto err;
++       kop.crk_param[kop.crk_iparams].crp_nbits = bits;
++       memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + q_len + 1);
++       kop.crk_iparams++;
++       kop.crk_oparams++;
++       /* dp1 length */
++       kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
++       if (!kop.crk_param[kop.crk_iparams].crp_p)
++               goto err;
++       kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
++       memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
++       kop.crk_iparams++;
++       kop.crk_oparams++;
++       /* dq1 length */
++       kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
++       if (!kop.crk_param[kop.crk_iparams].crp_p)
++               goto err;
++       kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
++       memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
++       kop.crk_iparams++;
++       kop.crk_oparams++;
++       /* i length */
++       kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
++       if (!kop.crk_param[kop.crk_iparams].crp_p)
++               goto err;
++       kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
++       memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
++       kop.crk_iparams++;
++       kop.crk_oparams++;
++
++       if (ioctl(fd, CIOCKEY, &kop) == 0) {
++               BN_bin2bn(kop.crk_param[0].crp_p,
++                               p_len, rsa->p);
++               BN_bin2bn(kop.crk_param[1].crp_p,
++                               q_len, rsa->q);
++               BN_bin2bn(kop.crk_param[2].crp_p,
++                               bits / 8, rsa->n);
++               BN_bin2bn(kop.crk_param[3].crp_p,
++                               bits / 8, rsa->d);
++               BN_bin2bn(kop.crk_param[4].crp_p,
++                               p_len, rsa->dmp1);
++               BN_bin2bn(kop.crk_param[5].crp_p,
++                               q_len, rsa->dmq1);
++               BN_bin2bn(kop.crk_param[6].crp_p,
++                               p_len, rsa->iqmp);
++               return 1;
++       }
++sw_try:
++       {
++               const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
++               ret = (meth->rsa_keygen)(rsa, bits, e, cb);
++       }
++       return ret;
++
++err:
++       for (i = 0; i < CRK_MAXPARAM; i++)
++               free(kop.crk_param[i].crp_p);
++       return 0;
++
++}
++
+ /* Cryptodev DSA Key Gen routine */
+ static int cryptodev_dsa_keygen(DSA *dsa)
+ {
+@@ -3896,6 +4011,9 @@ ENGINE_load_cryptodev(void)
+                                cryptodev_rsa.rsa_mod_exp_async =
+                                    cryptodev_rsa_nocrt_mod_exp_async;
+                        }
++                       if (cryptodev_asymfeat & CRF_RSA_GENERATE_KEY)
++                               cryptodev_rsa.rsa_keygen =
++                                       cryptodev_rsa_keygen;
+                }
+        }
+ 
+-- 
+2.3.5
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch b/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch
new file mode 100644
index 00000000..7f907da4
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch
@@ -0,0 +1,64 @@
+From ac777f046da7151386d667391362ecb553ceee90 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Wed, 16 Apr 2014 22:53:04 +0545
+Subject: [PATCH 12/26] RSA Keygen Fix
+
+Upstream-status: Pending
+
+If Kernel driver doesn't support RSA Keygen or same returns
+error handling the keygen operation, the keygen is gracefully
+handled by software supported rsa_keygen handler
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index b2919a8..ed5f20f 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1915,7 +1915,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+        int i;
+ 
+        if ((fd = get_asym_dev_crypto()) < 0)
+-               return fd;
++               goto sw_try;
+ 
+        if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
+        if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err;
+@@ -1936,7 +1936,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+        /* p length */
+        kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
+        if (!kop.crk_param[kop.crk_iparams].crp_p)
+-               goto err;
++               goto sw_try;
+        kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
+        memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
+        kop.crk_iparams++;
+@@ -1944,7 +1944,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+        /* q length */
+        kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
+        if (!kop.crk_param[kop.crk_iparams].crp_p)
+-               goto err;
++               goto sw_try;
+        kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
+        memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
+        kop.crk_iparams++;
+@@ -2009,8 +2009,10 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+        }
+ sw_try:
+        {
+-               const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+-               ret = (meth->rsa_keygen)(rsa, bits, e, cb);
++               const RSA_METHOD *meth = rsa->meth;
++               rsa->meth = RSA_PKCS1_SSLeay();
++               ret = RSA_generate_key_ex(rsa, bits, e, cb);
++               rsa->meth = meth;
+        }
+        return ret;
+ 
+-- 
+2.3.5
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch b/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch
new file mode 100644
index 00000000..c9d8ace8
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch
@@ -0,0 +1,164 @@
+From 6aaa306cdf878250d7b6eaf30978de313653886b Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Thu, 17 Apr 2014 06:57:59 +0545
+Subject: [PATCH 13/26] Removed local copy of curve_t type
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c    | 34 ++++++++++++++--------------------
+ crypto/engine/eng_cryptodev_ec.h |  7 -------
+ 2 files changed, 14 insertions(+), 27 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index ed5f20f..5d883fa 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -2398,12 +2398,6 @@ static ECDSA_METHOD cryptodev_ecdsa = {
+        NULL    /* app_data */
+ };
+ 
+-typedef enum ec_curve_s
+-{
+-       EC_PRIME,
+-       EC_BINARY
+-} ec_curve_t;
+-
+ /* ENGINE handler for ECDSA Sign */
+ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
+        int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
+@@ -2420,7 +2414,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
+        const BIGNUM   *order = NULL, *priv_key=NULL;
+        const EC_GROUP *group = NULL;
+        struct crypt_kop kop;
+-       ec_curve_t ec_crv = EC_PRIME;
++       enum ec_curve_t ec_crv = EC_PRIME;
+ 
+        memset(&kop, 0, sizeof(kop));
+        ecdsa = ecdsa_check(eckey);
+@@ -2553,7 +2547,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
+                        else
+                                goto err;
+                }
+-               kop.curve_type = ECC_BINARY;
++               kop.curve_type = EC_BINARY;
+        }
+ 
+        /* Calculation of Generator point */
+@@ -2647,7 +2641,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
+        const EC_POINT *pub_key = NULL;
+        const BIGNUM   *order = NULL;
+        const EC_GROUP *group=NULL;
+-       ec_curve_t       ec_crv = EC_PRIME;
++       enum ec_curve_t       ec_crv = EC_PRIME;
+        struct crypt_kop kop;
+ 
+        memset(&kop, 0, sizeof kop);
+@@ -2792,7 +2786,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
+                        else
+                                goto err;
+                }
+-               kop.curve_type = ECC_BINARY;
++               kop.curve_type = EC_BINARY;
+        }
+ 
+        /* Calculation of Generator point */
+@@ -2893,7 +2887,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char  *dgst,
+        const BIGNUM   *order = NULL, *priv_key=NULL;
+        const EC_GROUP *group = NULL;
+        struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
+-       ec_curve_t ec_crv = EC_PRIME;
++       enum ec_curve_t ec_crv = EC_PRIME;
+ 
+        if (!(sig->r = BN_new()) || !kop)
+                goto err;
+@@ -3029,7 +3023,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char  *dgst,
+                        else
+                                goto err;
+                }
+-               kop->curve_type = ECC_BINARY;
++               kop->curve_type = EC_BINARY;
+        }
+ 
+        /* Calculation of Generator point */
+@@ -3105,7 +3099,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len,
+        const EC_POINT *pub_key = NULL;
+        const BIGNUM   *order = NULL;
+        const EC_GROUP *group=NULL;
+-       ec_curve_t       ec_crv = EC_PRIME;
++       enum ec_curve_t       ec_crv = EC_PRIME;
+        struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
+ 
+        if (!kop)
+@@ -3247,7 +3241,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len,
+                /* copy b' i.e c(b), instead of only b */
+                eng_ec_get_cparam (EC_GROUP_get_curve_name(group),
+                        ab+q_len, q_len);
+-               kop->curve_type = ECC_BINARY;
++               kop->curve_type = EC_BINARY;
+        }
+ 
+        /* Calculation of Generator point */
+@@ -3552,7 +3546,7 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
+        const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
+        void *out, size_t *outlen))
+ {
+-       ec_curve_t       ec_crv = EC_PRIME;
++       enum ec_curve_t       ec_crv = EC_PRIME;
+        unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
+        BIGNUM         * w_x = NULL, *w_y = NULL;
+        int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
+@@ -3678,9 +3672,9 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
+                        else
+                                goto err;
+                }
+-               kop.curve_type = ECC_BINARY;
++               kop.curve_type = EC_BINARY;
+        } else
+-               kop.curve_type = ECC_PRIME;
++               kop.curve_type = EC_PRIME;
+ 
+        priv_key_len = r_len;
+ 
+@@ -3729,7 +3723,7 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
+        const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
+        void *out, size_t *outlen), struct pkc_cookie_s *cookie)
+ {
+-       ec_curve_t       ec_crv = EC_PRIME;
++       enum ec_curve_t       ec_crv = EC_PRIME;
+        unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
+        BIGNUM         * w_x = NULL, *w_y = NULL;
+        int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
+@@ -3857,9 +3851,9 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
+                        else
+                                goto err;
+                }
+-               kop->curve_type = ECC_BINARY;
++               kop->curve_type = EC_BINARY;
+        } else
+-               kop->curve_type = ECC_PRIME;
++               kop->curve_type = EC_PRIME;
+ 
+        priv_key_len = r_len;
+ 
+diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h
+index 77aee71..a4b8da5 100644
+--- a/crypto/engine/eng_cryptodev_ec.h
++++ b/crypto/engine/eng_cryptodev_ec.h
+@@ -286,11 +286,4 @@ static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y,
+ 
+        return xy;
+ }
+-
+-enum curve_t {
+-       DISCRETE_LOG,
+-       ECC_PRIME,
+-       ECC_BINARY,
+-       MAX_ECC_TYPE
+-};
+ #endif
+-- 
+2.3.5
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch b/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch
new file mode 100644
index 00000000..198bed70
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch
@@ -0,0 +1,43 @@
+From 14623ca9e417ccef1ad3f4138acfac0ebe682f1f Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Tue, 22 Apr 2014 22:58:33 +0545
+Subject: [PATCH 14/26] Modulus parameter is not populated by dhparams
+
+Upstream-status: Pending
+
+When dhparams are created, modulus parameter required for
+private key generation is not populated. So, falling back
+to software for proper population of modulus parameters followed
+by private key generation
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 5d883fa..6d69336 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -3364,7 +3364,7 @@ static int cryptodev_dh_keygen_async(DH *dh,  struct pkc_cookie_s *cookie)
+        kop->crk_op = CRK_DH_GENERATE_KEY;
+        if (bn2crparam(dh->p, &kop->crk_param[0]))
+                goto sw_try;
+-       if (bn2crparam(dh->q, &kop->crk_param[1]))
++       if (!dh->q || bn2crparam(dh->q, &kop->crk_param[1]))
+                goto sw_try;
+        kop->crk_param[2].crp_p = g;
+        kop->crk_param[2].crp_nbits = g_len * 8;
+@@ -3419,7 +3419,7 @@ static int cryptodev_dh_keygen(DH *dh)
+        kop.crk_op = CRK_DH_GENERATE_KEY;
+        if (bn2crparam(dh->p, &kop.crk_param[0]))
+                goto sw_try;
+-       if (bn2crparam(dh->q, &kop.crk_param[1]))
++       if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1]))
+                goto sw_try;
+        kop.crk_param[2].crp_p = g;
+        kop.crk_param[2].crp_nbits = g_len * 8;
+-- 
+2.3.5
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch b/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch
new file mode 100644
index 00000000..59330a1e
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch
@@ -0,0 +1,53 @@
+From 10be401a33e6ebcc325d6747914c70595cd53d0a Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Thu, 24 Apr 2014 00:35:34 +0545
+Subject: [PATCH 15/26] SW Backoff mechanism for dsa keygen
+
+Upstream-status: Pending
+
+DSA Keygen is not handled in default openssl dsa method. Due to
+same null function pointer in SW DSA method, the backoff for dsa
+keygen gives segmentation fault.
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 6d69336..dab8fea 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -2069,8 +2069,10 @@ static int cryptodev_dsa_keygen(DSA *dsa)
+        return ret;
+ sw_try:
+        {
+-               const DSA_METHOD *meth = DSA_OpenSSL();
+-               ret = (meth->dsa_keygen)(dsa);
++               const DSA_METHOD *meth = dsa->meth;
++               dsa->meth = DSA_OpenSSL();
++               ret = DSA_generate_key(dsa);
++               dsa->meth = meth;
+        }
+        return ret;
+ }
+@@ -2124,11 +2126,13 @@ static int cryptodev_dsa_keygen_async(DSA *dsa,  struct pkc_cookie_s *cookie)
+        return ret;
+ sw_try:
+        {
+-               const DSA_METHOD *meth = DSA_OpenSSL();
++               const DSA_METHOD *meth = dsa->meth;
+ 
++               dsa->meth = DSA_OpenSSL();
+                if (kop)
+                        free(kop);
+-               ret = (meth->dsa_keygen)(dsa);
++               ret = DSA_generate_key(dsa);
++               dsa->meth = meth;
+                cookie->pkc_callback(cookie, 0);
+        }
+        return ret;
+-- 
+2.3.5
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch b/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch
new file mode 100644
index 00000000..8923cb63
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch
@@ -0,0 +1,100 @@
+From d2c868c6370bcc0d0a254e641907da2cdf992d62 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Thu, 1 May 2014 06:35:45 +0545
+Subject: [PATCH 16/26] Fixed DH keygen pair generator
+
+Upstream-status: Pending
+
+Wrong Padding results into keygen length error
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 50 ++++++++++++++++++++++++++++---------------
+ 1 file changed, 33 insertions(+), 17 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index dab8fea..13d924f 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -3396,44 +3396,60 @@ sw_try:
+ static int cryptodev_dh_keygen(DH *dh)
+ {
+        struct crypt_kop kop;
+-       int ret = 1, g_len;
+-       unsigned char *g = NULL;
++       int ret = 1, q_len = 0;
++       unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL;
++       BIGNUM *pub_key = NULL, *priv_key = NULL;
++       int generate_new_key = 1;
+ 
+-       if (dh->priv_key == NULL)       {
+-               if ((dh->priv_key=BN_new()) == NULL)
+-                       goto sw_try;
+-       }
++       if (dh->priv_key)
++               priv_key = dh->priv_key;
+ 
+-       if (dh->pub_key == NULL) {
+-               if ((dh->pub_key=BN_new()) == NULL)
+-                       goto sw_try;
+-       }
++       if (dh->pub_key)
++               pub_key = dh->pub_key;
+ 
+-       g_len = BN_num_bytes(dh->p);
++       q_len = BN_num_bytes(dh->p);
+        /**
+         * Get generator into a plain buffer. If length is less than
+         * q_len then add leading padding bytes.
+         */
+-       if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
++       if (spcf_bn2bin_ex(dh->g, &g, &q_len)) {
++               DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
++               goto sw_try;
++       }
++
++       if (spcf_bn2bin_ex(dh->p, &q, &q_len)) {
+                DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
+                goto sw_try;
+        }
+ 
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_DH_GENERATE_KEY;
+-       if (bn2crparam(dh->p, &kop.crk_param[0]))
+-               goto sw_try;
++       kop.crk_param[0].crp_p = q;
++       kop.crk_param[0].crp_nbits = q_len * 8;
+        if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1]))
+                goto sw_try;
+        kop.crk_param[2].crp_p = g;
+-       kop.crk_param[2].crp_nbits = g_len * 8;
++       kop.crk_param[2].crp_nbits = q_len * 8;
+        kop.crk_iparams = 3;
+ 
++       s = OPENSSL_malloc (q_len);
++       if (!s) {
++               DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
++               goto sw_try;
++       }
++
++       w = OPENSSL_malloc (q_len);
++       if (!w) {
++               DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
++               goto sw_try;
++       }
++
+        /* pub_key is or prime length while priv key is of length of order */
+-       if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
+-           BN_num_bytes(dh->q), dh->priv_key))
++       if (cryptodev_asym(&kop, q_len, w, q_len, s))
+            goto sw_try;
+ 
++       dh->pub_key = BN_bin2bn(w, q_len, pub_key);
++       dh->pub_key = BN_bin2bn(s, q_len, priv_key);
+        return ret;
+ sw_try:
+        {
+-- 
+2.3.5
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch b/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
new file mode 100644
index 00000000..bd9e61ac
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
@@ -0,0 +1,309 @@
+From 11b55103463bac614e00d74e9f196ec4ec6bade1 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Mon, 16 Jun 2014 14:06:21 +0300
+Subject: [PATCH 17/26] cryptodev: add support for aes-gcm algorithm offloading
+
+Change-Id: I3b77dc5ef8b8f707309549244a02852d95b36168
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/17226
+---
+ apps/speed.c                  |   6 +-
+ crypto/engine/eng_cryptodev.c | 229 +++++++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 233 insertions(+), 2 deletions(-)
+
+diff --git a/apps/speed.c b/apps/speed.c
+index 9886ca3..099dede 100644
+--- a/apps/speed.c
++++ b/apps/speed.c
+@@ -224,7 +224,11 @@
+ #endif
+ 
+ #undef BUFSIZE
+-#define BUFSIZE        ((long)1024*8+1)
++/* The buffer overhead allows GCM tag at the end of the encrypted data. This
++   avoids buffer overflows from cryptodev since Linux kernel GCM
++   implementation allways adds the tag - unlike e_aes.c:aes_gcm_cipher()
++   which doesn't */
++#define BUFSIZE        ((long)1024*8 + EVP_GCM_TLS_TAG_LEN)
+ int run=0;
+ 
+ static int mr=0;
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 13d924f..4493490 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -78,8 +78,10 @@ struct dev_crypto_state {
+        struct session_op d_sess;
+        int d_fd;
+        unsigned char *aad;
+-       unsigned int aad_len;
++       int aad_len;
+        unsigned int len;
++       unsigned char *iv;
++       int ivlen;
+ 
+ #ifdef USE_CRYPTODEV_DIGESTS
+        char dummy_mac_key[HASH_MAX_LEN];
+@@ -251,6 +253,7 @@ static struct {
+        { CRYPTO_SKIPJACK_CBC,  NID_undef,        0,  0,  0},
+        { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
+        { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
++       { CRYPTO_AES_GCM,       NID_aes_128_gcm,  16, 16, 0},
+        { 0, NID_undef, 0, 0, 0},
+ };
+ 
+@@ -271,6 +274,19 @@ static struct {
+ };
+ #endif
+ 
++/* increment counter (64-bit int) by 1 */
++static void ctr64_inc(unsigned char *counter) {
++       int n=8;
++       unsigned char  c;
++
++       do {
++               --n;
++               c = counter[n];
++               ++c;
++               counter[n] = c;
++               if (c) return;
++       } while (n);
++}
+ /*
+  * Return a fd if /dev/crypto seems usable, 0 otherwise.
+  */
+@@ -762,6 +778,197 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+        }
+ }
+ 
++static int cryptodev_init_gcm_key(EVP_CIPHER_CTX *ctx,
++       const unsigned char *key, const unsigned char *iv, int enc)
++{
++       struct dev_crypto_state *state = ctx->cipher_data;
++       struct session_op *sess = &state->d_sess;
++       int cipher = -1, i;
++       if (!iv && !key)
++               return 1;
++
++       if (iv)
++               memcpy(ctx->iv, iv, ctx->cipher->iv_len);
++
++       for (i = 0; ciphers[i].id; i++)
++               if (ctx->cipher->nid == ciphers[i].nid &&
++                   ctx->cipher->iv_len <= ciphers[i].ivmax &&
++                   ctx->key_len == ciphers[i].keylen) {
++                       cipher = ciphers[i].id;
++                       break;
++               }
++
++       if (!ciphers[i].id) {
++               state->d_fd = -1;
++               return 0;
++       }
++
++       memset(sess, 0, sizeof(struct session_op));
++
++       if ((state->d_fd = get_dev_crypto()) < 0)
++               return 0;
++
++       sess->key = (unsigned char *) key;
++       sess->keylen = ctx->key_len;
++       sess->cipher = cipher;
++
++       if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
++               put_dev_crypto(state->d_fd);
++               state->d_fd = -1;
++               return 0;
++       }
++       return 1;
++}
++
++static int cryptodev_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++               const unsigned char *in, size_t len)
++{
++       struct crypt_auth_op cryp = {0};
++       struct dev_crypto_state *state = ctx->cipher_data;
++       struct session_op *sess = &state->d_sess;
++       int rv = len;
++
++       if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ?
++                       EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
++                       EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
++               return 0;
++
++       in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
++       out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
++       len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
++
++       if (ctx->encrypt) {
++               len -= EVP_GCM_TLS_TAG_LEN;
++       }
++       cryp.ses = sess->ses;
++       cryp.len = len;
++       cryp.src = (unsigned char*) in;
++       cryp.dst = out;
++       cryp.auth_src = state->aad;
++       cryp.auth_len = state->aad_len;
++       cryp.iv = ctx->iv;
++       cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
++
++       if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
++               return 0;
++       }
++
++       if (ctx->encrypt)
++               ctr64_inc(state->iv + state->ivlen - 8);
++       else
++               rv = len - EVP_GCM_TLS_TAG_LEN;
++
++       return rv;
++}
++
++static int cryptodev_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++               const unsigned char *in, size_t len)
++{
++       struct crypt_auth_op cryp;
++       struct dev_crypto_state *state = ctx->cipher_data;
++       struct session_op *sess = &state->d_sess;
++
++       if (state->d_fd < 0)
++               return 0;
++
++       if ((len % ctx->cipher->block_size) != 0)
++               return 0;
++
++       if (state->aad_len >= 0)
++               return cryptodev_gcm_tls_cipher(ctx, out, in, len);
++
++       memset(&cryp, 0, sizeof(cryp));
++
++       cryp.ses = sess->ses;
++       cryp.len = len;
++       cryp.src = (unsigned char*) in;
++       cryp.dst = out;
++       cryp.auth_src = NULL;
++       cryp.auth_len = 0;
++       cryp.iv = ctx->iv;
++       cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
++
++       if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
++               return 0;
++       }
++
++       return len;
++}
++
++static int cryptodev_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
++               void *ptr)
++{
++       struct dev_crypto_state *state = ctx->cipher_data;
++       switch (type) {
++       case EVP_CTRL_INIT:
++       {
++               state->ivlen = ctx->cipher->iv_len;
++               state->iv = ctx->iv;
++               state->aad_len = -1;
++               return 1;
++       }
++       case EVP_CTRL_GCM_SET_IV_FIXED:
++       {
++               /* Special case: -1 length restores whole IV */
++               if (arg == -1)
++                       {
++                       memcpy(state->iv, ptr, state->ivlen);
++                       return 1;
++                       }
++               /* Fixed field must be at least 4 bytes and invocation field
++                * at least 8.
++                */
++               if ((arg < 4) || (state->ivlen - arg) < 8)
++                       return 0;
++               if (arg)
++                       memcpy(state->iv, ptr, arg);
++               if (ctx->encrypt &&
++                       RAND_bytes(state->iv + arg, state->ivlen - arg) <= 0)
++                       return 0;
++               return 1;
++       }
++       case EVP_CTRL_AEAD_TLS1_AAD:
++       {
++               unsigned int len;
++               if (arg != 13)
++                       return 0;
++
++               memcpy(ctx->buf, ptr, arg);
++               len=ctx->buf[arg-2] << 8 | ctx->buf[arg-1];
++
++               /* Correct length for explicit IV */
++               len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
++
++               /* If decrypting correct for tag too */
++               if (!ctx->encrypt)
++                       len -= EVP_GCM_TLS_TAG_LEN;
++
++               ctx->buf[arg-2] = len >> 8;
++               ctx->buf[arg-1] = len & 0xff;
++
++               state->aad = ctx->buf;
++               state->aad_len = arg;
++               state->len = len;
++
++               /* Extra padding: tag appended to record */
++               return EVP_GCM_TLS_TAG_LEN;
++       }
++       case EVP_CTRL_GCM_SET_IV_INV:
++       {
++               if (ctx->encrypt)
++                       return 0;
++               memcpy(state->iv + state->ivlen - arg, ptr, arg);
++               return 1;
++       }
++       case EVP_CTRL_GCM_IV_GEN:
++               if (arg <= 0 || arg > state->ivlen)
++                       arg = state->ivlen;
++               memcpy(ptr, state->iv + state->ivlen - arg, arg);
++               return 1;
++       default:
++               return -1;
++       }
++}
+ /*
+  * libcrypto EVP stuff - this is how we get wired to EVP so the engine
+  * gets called when libcrypto requests a cipher NID.
+@@ -901,6 +1108,23 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
+        cryptodev_cbc_hmac_sha1_ctrl,
+        NULL
+ };
++
++const EVP_CIPHER cryptodev_aes_128_gcm = {
++       NID_aes_128_gcm,
++       1, 16, 12,
++       EVP_CIPH_GCM_MODE | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1 \
++       | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
++       | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT,
++       cryptodev_init_gcm_key,
++       cryptodev_gcm_cipher,
++       cryptodev_cleanup,
++       sizeof(struct dev_crypto_state),
++       EVP_CIPHER_set_asn1_iv,
++       EVP_CIPHER_get_asn1_iv,
++       cryptodev_gcm_ctrl,
++       NULL
++};
++
+ /*
+  * Registered by the ENGINE when used to find out how to deal with
+  * a particular NID in the ENGINE. this says what we'll do at the
+@@ -944,6 +1168,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+        case NID_aes_256_cbc_hmac_sha1:
+                *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
+                break;
++       case NID_aes_128_gcm:
++               *cipher = &cryptodev_aes_128_gcm;
++               break;
+        default:
+                *cipher = NULL;
+                break;
+-- 
+2.3.5
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch b/recipes-connectivity/openssl/openssl-fsl/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
new file mode 100644
index 00000000..1118a6fc
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
@@ -0,0 +1,193 @@
+From 21e3ca4ec77f9258aa4001f07faac1c4942b48b4 Mon Sep 17 00:00:00 2001
+From: Tudor Ambarus <tudor.ambarus@freescale.com>
+Date: Fri, 9 May 2014 17:54:06 +0300
+Subject: [PATCH 18/26] eng_cryptodev: extend TLS offload with
+ 3des_cbc_hmac_sha1
+
+Both obj_mac.h and obj_dat.h were generated using the scripts
+from crypto/objects:
+
+$ cd crypto/objects
+$ perl objects.pl objects.txt obj_mac.num obj_mac.h
+$ perl obj_dat.pl obj_mac.h obj_dat.h
+
+Change-Id: I94f13cdd09df67e33e6acd3c00aab47cb358ac46
+Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/34001
+---
+ crypto/engine/eng_cryptodev.c | 24 ++++++++++++++++++++++++
+ crypto/objects/obj_dat.h      | 10 +++++++---
+ crypto/objects/obj_mac.h      |  4 ++++
+ crypto/objects/obj_mac.num    |  1 +
+ crypto/objects/objects.txt    |  1 +
+ ssl/ssl_ciph.c                |  4 ++++
+ 6 files changed, 41 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 79b2678..299e84b 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -135,6 +135,7 @@ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
+ void ENGINE_load_cryptodev(void);
+ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
++const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
+ 
+ inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin,  int *bin_len)
+ {
+@@ -252,6 +253,7 @@ static struct {
+        { CRYPTO_BLF_CBC,       NID_bf_cbc,       8,  16, 0},
+        { CRYPTO_CAST_CBC,      NID_cast5_cbc,    8,  16, 0},
+        { CRYPTO_SKIPJACK_CBC,  NID_undef,        0,  0,  0},
++       { CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20},
+        { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
+        { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
+        { CRYPTO_AES_GCM,       NID_aes_128_gcm,  16, 16, 0},
+@@ -466,6 +468,9 @@ cryptodev_usable_ciphers(const int **nids)
+                case NID_aes_256_cbc_hmac_sha1:
+                        EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
+                        break;
++               case NID_des_ede3_cbc_hmac_sha1:
++                       EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
++                       break;
+                }
+        }
+        return count;
+@@ -571,6 +576,7 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+        switch (ctx->cipher->nid) {
+        case NID_aes_128_cbc_hmac_sha1:
+        case NID_aes_256_cbc_hmac_sha1:
++       case NID_des_ede3_cbc_hmac_sha1:
+                cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
+        }
+        cryp.ses = sess->ses;
+@@ -763,6 +769,7 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                switch (ctx->cipher->nid) {
+                case NID_aes_128_cbc_hmac_sha1:
+                case NID_aes_256_cbc_hmac_sha1:
++               case NID_des_ede3_cbc_hmac_sha1:
+                        maclen = SHA_DIGEST_LENGTH;
+                }
+ 
+@@ -1082,6 +1089,20 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
+        NULL
+ };
+ 
++const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1 = {
++       NID_des_ede3_cbc_hmac_sha1,
++       8, 24, 8,
++       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++       cryptodev_init_aead_key,
++       cryptodev_aead_cipher,
++       cryptodev_cleanup,
++       sizeof(struct dev_crypto_state),
++       EVP_CIPHER_set_asn1_iv,
++       EVP_CIPHER_get_asn1_iv,
++       cryptodev_cbc_hmac_sha1_ctrl,
++       NULL
++};
++
+ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
+        NID_aes_128_cbc_hmac_sha1,
+        16, 16, 16,
+@@ -1163,6 +1184,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+        case NID_aes_256_cbc:
+                *cipher = &cryptodev_aes_256_cbc;
+                break;
++       case NID_des_ede3_cbc_hmac_sha1:
++               *cipher = &cryptodev_3des_cbc_hmac_sha1;
++               break;
+        case NID_aes_128_cbc_hmac_sha1:
+                *cipher = &cryptodev_aes_128_cbc_hmac_sha1;
+                break;
+diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
+index bc69665..9f2267a 100644
+--- a/crypto/objects/obj_dat.h
++++ b/crypto/objects/obj_dat.h
+@@ -62,9 +62,9 @@
+  * [including the GNU Public Licence.]
+  */
+ 
+-#define NUM_NID 920
+-#define NUM_SN 913
+-#define NUM_LN 913
++#define NUM_NID 921
++#define NUM_SN 914
++#define NUM_LN 914
+ #define NUM_OBJ 857
+ 
+ static const unsigned char lvalues[5974]={
+@@ -2399,6 +2399,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
+ {"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1",
+        NID_aes_256_cbc_hmac_sha1,0,NULL,0},
+ {"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0},
++{"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
++       NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
+ };
+ 
+ static const unsigned int sn_objs[NUM_SN]={
+@@ -2474,6 +2476,7 @@ static const unsigned int sn_objs[NUM_SN]={
+ 62,    /* "DES-EDE-OFB" */
+ 33,    /* "DES-EDE3" */
+ 44,    /* "DES-EDE3-CBC" */
++920,   /* "DES-EDE3-CBC-HMAC-SHA1" */
+ 61,    /* "DES-EDE3-CFB" */
+ 658,   /* "DES-EDE3-CFB1" */
+ 659,   /* "DES-EDE3-CFB8" */
+@@ -3585,6 +3588,7 @@ static const unsigned int ln_objs[NUM_LN]={
+ 62,    /* "des-ede-ofb" */
+ 33,    /* "des-ede3" */
+ 44,    /* "des-ede3-cbc" */
++920,   /* "des-ede3-cbc-hmac-sha1" */
+ 61,    /* "des-ede3-cfb" */
+ 658,   /* "des-ede3-cfb1" */
+ 659,   /* "des-ede3-cfb8" */
+diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
+index b5ea7cd..8751902 100644
+--- a/crypto/objects/obj_mac.h
++++ b/crypto/objects/obj_mac.h
+@@ -4030,3 +4030,7 @@
+ #define LN_aes_256_cbc_hmac_sha1               "aes-256-cbc-hmac-sha1"
+ #define NID_aes_256_cbc_hmac_sha1              918
+ 
++#define SN_des_ede3_cbc_hmac_sha1              "DES-EDE3-CBC-HMAC-SHA1"
++#define LN_des_ede3_cbc_hmac_sha1              "des-ede3-cbc-hmac-sha1"
++#define NID_des_ede3_cbc_hmac_sha1             920
++
+diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
+index 1d0a7c8..9d44bb5 100644
+--- a/crypto/objects/obj_mac.num
++++ b/crypto/objects/obj_mac.num
+@@ -917,3 +917,4 @@ aes_128_cbc_hmac_sha1               916
+ aes_192_cbc_hmac_sha1          917
+ aes_256_cbc_hmac_sha1          918
+ rsaesOaep              919
++des_ede3_cbc_hmac_sha1         920
+diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
+index d3bfad7..90d2fc5 100644
+--- a/crypto/objects/objects.txt
++++ b/crypto/objects/objects.txt
+@@ -1290,3 +1290,4 @@ kisa 1 6                : SEED-OFB      : seed-ofb
+                        : AES-128-CBC-HMAC-SHA1         : aes-128-cbc-hmac-sha1
+                        : AES-192-CBC-HMAC-SHA1         : aes-192-cbc-hmac-sha1
+                        : AES-256-CBC-HMAC-SHA1         : aes-256-cbc-hmac-sha1
++                       : DES-EDE3-CBC-HMAC-SHA1        : des-ede3-cbc-hmac-sha1
+diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
+index 8188ff5..310fe76 100644
+--- a/ssl/ssl_ciph.c
++++ b/ssl/ssl_ciph.c
+@@ -639,6 +639,10 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+                         c->algorithm_mac == SSL_SHA1 &&
+                         (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
+                        *enc = evp, *md = NULL;
++               else if (c->algorithm_enc == SSL_3DES &&
++                        c->algorithm_mac == SSL_SHA1 &&
++                        (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
++                       *enc = evp, *md = NULL;
+                return(1);
+                }
+        else
+-- 
+2.3.5
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch b/recipes-connectivity/openssl/openssl-fsl/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
new file mode 100644
index 00000000..988d79ea
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
@@ -0,0 +1,355 @@
+From 1de2b740a3bdcd8e98abb5f4e176d46fd817b932 Mon Sep 17 00:00:00 2001
+From: Tudor Ambarus <tudor.ambarus@freescale.com>
+Date: Tue, 31 Mar 2015 16:30:17 +0300
+Subject: [PATCH 19/26] eng_cryptodev: add support for TLSv1.1 record offload
+
+Supported cipher suites:
+- 3des-ede-cbc-sha
+- aes-128-cbc-hmac-sha
+- aes-256-cbc-hmac-sha
+
+Requires TLS patches on cryptodev and TLS algorithm support in Linux
+kernel driver.
+
+Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
+Change-Id: Id414f36a528de3f476b72688cf85714787d7ccae
+Reviewed-on: http://git.am.freescale.net:8181/34002
+Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 101 ++++++++++++++++++++++++++++++++++++++----
+ crypto/objects/obj_dat.h      |  18 ++++++--
+ crypto/objects/obj_mac.h      |  12 +++++
+ crypto/objects/obj_mac.num    |   3 ++
+ crypto/objects/objects.txt    |   3 ++
+ ssl/ssl_ciph.c                |  26 +++++++++--
+ 6 files changed, 148 insertions(+), 15 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 299e84b..f71ab27 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -66,6 +66,7 @@ ENGINE_load_cryptodev(void)
+ #include <sys/ioctl.h>
+ #include <errno.h>
+ #include <stdio.h>
++#include <stdbool.h>
+ #include <unistd.h>
+ #include <fcntl.h>
+ #include <stdarg.h>
+@@ -133,9 +134,12 @@ static int cryptodev_dh_compute_key(unsigned char *key,
+ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
+     void (*f)(void));
+ void ENGINE_load_cryptodev(void);
++const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
+-const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
++const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
++const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
++const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
+ 
+ inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin,  int *bin_len)
+ {
+@@ -256,6 +260,9 @@ static struct {
+        { CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20},
+        { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
+        { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
++       { CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8, 24, 20},
++       { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16, 20},
++       { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32, 20},
+        { CRYPTO_AES_GCM,       NID_aes_128_gcm,  16, 16, 0},
+        { 0, NID_undef, 0, 0, 0},
+ };
+@@ -462,14 +469,23 @@ cryptodev_usable_ciphers(const int **nids)
+        /* add ciphers specific to cryptodev if found in kernel */
+        for(i = 0; i < count; i++) {
+                switch (*(*nids + i)) {
++               case NID_des_ede3_cbc_hmac_sha1:
++                       EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
++                       break;
+                case NID_aes_128_cbc_hmac_sha1:
+                        EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
+                        break;
+                case NID_aes_256_cbc_hmac_sha1:
+                        EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
+                        break;
+-               case NID_des_ede3_cbc_hmac_sha1:
+-                       EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
++               case NID_tls11_des_ede3_cbc_hmac_sha1:
++                       EVP_add_cipher(&cryptodev_tls11_3des_cbc_hmac_sha1);
++                       break;
++               case NID_tls11_aes_128_cbc_hmac_sha1:
++                       EVP_add_cipher(&cryptodev_tls11_aes_128_cbc_hmac_sha1);
++                       break;
++               case NID_tls11_aes_256_cbc_hmac_sha1:
++                       EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
+                        break;
+                }
+        }
+@@ -574,9 +590,12 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ 
+        /* TODO: make a seamless integration with cryptodev flags */
+        switch (ctx->cipher->nid) {
++       case NID_des_ede3_cbc_hmac_sha1:
+        case NID_aes_128_cbc_hmac_sha1:
+        case NID_aes_256_cbc_hmac_sha1:
+-       case NID_des_ede3_cbc_hmac_sha1:
++       case NID_tls11_des_ede3_cbc_hmac_sha1:
++       case NID_tls11_aes_128_cbc_hmac_sha1:
++       case NID_tls11_aes_256_cbc_hmac_sha1:
+                cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
+        }
+        cryp.ses = sess->ses;
+@@ -758,8 +777,9 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                struct dev_crypto_state *state = ctx->cipher_data;
+                unsigned char *p = ptr;
+                unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
+-               unsigned int maclen, padlen;
++               unsigned int maclen, padlen, len;
+                unsigned int bs = ctx->cipher->block_size;
++               bool aad_needs_fix = false;
+ 
+                state->aad = ptr;
+                state->aad_len = arg;
+@@ -767,10 +787,24 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+ 
+                /* TODO: this should be an extension of EVP_CIPHER struct */
+                switch (ctx->cipher->nid) {
++               case NID_des_ede3_cbc_hmac_sha1:
+                case NID_aes_128_cbc_hmac_sha1:
+                case NID_aes_256_cbc_hmac_sha1:
+-               case NID_des_ede3_cbc_hmac_sha1:
+                        maclen = SHA_DIGEST_LENGTH;
++                       break;
++               case NID_tls11_des_ede3_cbc_hmac_sha1:
++               case NID_tls11_aes_128_cbc_hmac_sha1:
++               case NID_tls11_aes_256_cbc_hmac_sha1:
++                       maclen = SHA_DIGEST_LENGTH;
++                       aad_needs_fix = true;
++                       break;
++               }
++
++               /* Correct length for AAD Length field */
++               if (ctx->encrypt && aad_needs_fix) {
++                       len = cryptlen - bs;
++                       p[arg-2] = len >> 8;
++                       p[arg-1] = len & 0xff;
+                }
+ 
+                /* space required for encryption (not only TLS padding) */
+@@ -1131,6 +1165,48 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
+        NULL
+ };
+ 
++const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1 = {
++       NID_tls11_des_ede3_cbc_hmac_sha1,
++       8, 24, 8,
++       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++       cryptodev_init_aead_key,
++       cryptodev_aead_cipher,
++       cryptodev_cleanup,
++       sizeof(struct dev_crypto_state),
++       EVP_CIPHER_set_asn1_iv,
++       EVP_CIPHER_get_asn1_iv,
++       cryptodev_cbc_hmac_sha1_ctrl,
++       NULL
++};
++
++const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1 = {
++       NID_tls11_aes_128_cbc_hmac_sha1,
++       16, 16, 16,
++       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++       cryptodev_init_aead_key,
++       cryptodev_aead_cipher,
++       cryptodev_cleanup,
++       sizeof(struct dev_crypto_state),
++       EVP_CIPHER_set_asn1_iv,
++       EVP_CIPHER_get_asn1_iv,
++       cryptodev_cbc_hmac_sha1_ctrl,
++       NULL
++};
++
++const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
++       NID_tls11_aes_256_cbc_hmac_sha1,
++       16, 32, 16,
++       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++       cryptodev_init_aead_key,
++       cryptodev_aead_cipher,
++       cryptodev_cleanup,
++       sizeof(struct dev_crypto_state),
++       EVP_CIPHER_set_asn1_iv,
++       EVP_CIPHER_get_asn1_iv,
++       cryptodev_cbc_hmac_sha1_ctrl,
++       NULL
++};
++
+ const EVP_CIPHER cryptodev_aes_128_gcm = {
+        NID_aes_128_gcm,
+        1, 16, 12,
+@@ -1184,6 +1260,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+        case NID_aes_256_cbc:
+                *cipher = &cryptodev_aes_256_cbc;
+                break;
++       case NID_aes_128_gcm:
++               *cipher = &cryptodev_aes_128_gcm;
++               break;
+        case NID_des_ede3_cbc_hmac_sha1:
+                *cipher = &cryptodev_3des_cbc_hmac_sha1;
+                break;
+@@ -1193,8 +1272,14 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+        case NID_aes_256_cbc_hmac_sha1:
+                *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
+                break;
+-       case NID_aes_128_gcm:
+-               *cipher = &cryptodev_aes_128_gcm;
++       case NID_tls11_des_ede3_cbc_hmac_sha1:
++               *cipher = &cryptodev_tls11_3des_cbc_hmac_sha1;
++               break;
++       case NID_tls11_aes_128_cbc_hmac_sha1:
++               *cipher = &cryptodev_tls11_aes_128_cbc_hmac_sha1;
++               break;
++       case NID_tls11_aes_256_cbc_hmac_sha1:
++               *cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1;
+                break;
+        default:
+                *cipher = NULL;
+diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
+index 9f2267a..dc89b0a 100644
+--- a/crypto/objects/obj_dat.h
++++ b/crypto/objects/obj_dat.h
+@@ -62,9 +62,9 @@
+  * [including the GNU Public Licence.]
+  */
+ 
+-#define NUM_NID 921
+-#define NUM_SN 914
+-#define NUM_LN 914
++#define NUM_NID 924
++#define NUM_SN 917
++#define NUM_LN 917
+ #define NUM_OBJ 857
+ 
+ static const unsigned char lvalues[5974]={
+@@ -2401,6 +2401,12 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
+ {"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0},
+ {"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
+        NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
++{"TLS11-DES-EDE3-CBC-HMAC-SHA1","tls11-des-ede3-cbc-hmac-sha1",
++       NID_tls11_des_ede3_cbc_hmac_sha1,0,NULL,0},
++{"TLS11-AES-128-CBC-HMAC-SHA1","tls11-aes-128-cbc-hmac-sha1",
++       NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
++{"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
++       NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
+ };
+ 
+ static const unsigned int sn_objs[NUM_SN]={
+@@ -2586,6 +2592,9 @@ static const unsigned int sn_objs[NUM_SN]={
+ 100,   /* "SN" */
+ 16,    /* "ST" */
+ 143,   /* "SXNetID" */
++922,   /* "TLS11-AES-128-CBC-HMAC-SHA1" */
++923,   /* "TLS11-AES-256-CBC-HMAC-SHA1" */
++921,   /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
+ 458,   /* "UID" */
+  0,    /* "UNDEF" */
+ 11,    /* "X500" */
+@@ -4205,6 +4214,9 @@ static const unsigned int ln_objs[NUM_LN]={
+ 459,   /* "textEncodedORAddress" */
+ 293,   /* "textNotice" */
+ 106,   /* "title" */
++922,   /* "tls11-aes-128-cbc-hmac-sha1" */
++923,   /* "tls11-aes-256-cbc-hmac-sha1" */
++921,   /* "tls11-des-ede3-cbc-hmac-sha1" */
+ 682,   /* "tpBasis" */
+ 436,   /* "ucl" */
+  0,    /* "undefined" */
+diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
+index 8751902..f181890 100644
+--- a/crypto/objects/obj_mac.h
++++ b/crypto/objects/obj_mac.h
+@@ -4034,3 +4034,15 @@
+ #define LN_des_ede3_cbc_hmac_sha1              "des-ede3-cbc-hmac-sha1"
+ #define NID_des_ede3_cbc_hmac_sha1             920
+ 
++#define SN_tls11_des_ede3_cbc_hmac_sha1                "TLS11-DES-EDE3-CBC-HMAC-SHA1"
++#define LN_tls11_des_ede3_cbc_hmac_sha1                "tls11-des-ede3-cbc-hmac-sha1"
++#define NID_tls11_des_ede3_cbc_hmac_sha1               921
++
++#define SN_tls11_aes_128_cbc_hmac_sha1         "TLS11-AES-128-CBC-HMAC-SHA1"
++#define LN_tls11_aes_128_cbc_hmac_sha1         "tls11-aes-128-cbc-hmac-sha1"
++#define NID_tls11_aes_128_cbc_hmac_sha1                922
++
++#define SN_tls11_aes_256_cbc_hmac_sha1         "TLS11-AES-256-CBC-HMAC-SHA1"
++#define LN_tls11_aes_256_cbc_hmac_sha1         "tls11-aes-256-cbc-hmac-sha1"
++#define NID_tls11_aes_256_cbc_hmac_sha1                923
++
+diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
+index 9d44bb5..a02b58c 100644
+--- a/crypto/objects/obj_mac.num
++++ b/crypto/objects/obj_mac.num
+@@ -918,3 +918,6 @@ aes_192_cbc_hmac_sha1               917
+ aes_256_cbc_hmac_sha1          918
+ rsaesOaep              919
+ des_ede3_cbc_hmac_sha1         920
++tls11_des_ede3_cbc_hmac_sha1           921
++tls11_aes_128_cbc_hmac_sha1            922
++tls11_aes_256_cbc_hmac_sha1            923
+diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
+index 90d2fc5..1973658 100644
+--- a/crypto/objects/objects.txt
++++ b/crypto/objects/objects.txt
+@@ -1291,3 +1291,6 @@ kisa 1 6                : SEED-OFB      : seed-ofb
+                        : AES-192-CBC-HMAC-SHA1         : aes-192-cbc-hmac-sha1
+                        : AES-256-CBC-HMAC-SHA1         : aes-256-cbc-hmac-sha1
+                        : DES-EDE3-CBC-HMAC-SHA1        : des-ede3-cbc-hmac-sha1
++                       : TLS11-DES-EDE3-CBC-HMAC-SHA1  : tls11-des-ede3-cbc-hmac-sha1
++                       : TLS11-AES-128-CBC-HMAC-SHA1   : tls11-aes-128-cbc-hmac-sha1
++                       : TLS11-AES-256-CBC-HMAC-SHA1   : tls11-aes-256-cbc-hmac-sha1
+diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
+index 310fe76..0408986 100644
+--- a/ssl/ssl_ciph.c
++++ b/ssl/ssl_ciph.c
+@@ -631,17 +631,35 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+                         c->algorithm_mac == SSL_MD5 &&
+                         (evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
+                        *enc = evp, *md = NULL;
+-               else if (c->algorithm_enc == SSL_AES128 &&
++               else if (s->ssl_version == TLS1_VERSION &&
++                        c->algorithm_enc == SSL_3DES &&
++                        c->algorithm_mac == SSL_SHA1 &&
++                        (evp=EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
++                       *enc = evp, *md = NULL;
++               else if (s->ssl_version == TLS1_VERSION &&
++                        c->algorithm_enc == SSL_AES128 &&
+                         c->algorithm_mac == SSL_SHA1 &&
+                         (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
+                        *enc = evp, *md = NULL;
+-               else if (c->algorithm_enc == SSL_AES256 &&
++               else if (s->ssl_version == TLS1_VERSION &&
++                        c->algorithm_enc == SSL_AES256 &&
+                         c->algorithm_mac == SSL_SHA1 &&
+                         (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
+                        *enc = evp, *md = NULL;
+-               else if (c->algorithm_enc == SSL_3DES &&
++               else if (s->ssl_version == TLS1_1_VERSION &&
++                        c->algorithm_enc == SSL_3DES &&
++                        c->algorithm_mac == SSL_SHA1 &&
++                        (evp=EVP_get_cipherbyname("TLS11-DES-EDE3-CBC-HMAC-SHA1")))
++                       *enc = evp, *md = NULL;
++               else if (s->ssl_version == TLS1_1_VERSION &&
++                        c->algorithm_enc == SSL_AES128 &&
++                        c->algorithm_mac == SSL_SHA1 &&
++                        (evp=EVP_get_cipherbyname("TLS11-AES-128-CBC-HMAC-SHA1")))
++                       *enc = evp, *md = NULL;
++               else if (s->ssl_version == TLS1_1_VERSION &&
++                        c->algorithm_enc == SSL_AES256 &&
+                         c->algorithm_mac == SSL_SHA1 &&
+-                        (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
++                        (evp=EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
+                        *enc = evp, *md = NULL;
+                return(1);
+                }
+-- 
+2.3.5
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch b/recipes-connectivity/openssl/openssl-fsl/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
new file mode 100644
index 00000000..7370c496
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
@@ -0,0 +1,359 @@
+From a58703e6601fcfcfe69fdb3e7152ed76b40d67e9 Mon Sep 17 00:00:00 2001
+From: Tudor Ambarus <tudor.ambarus@freescale.com>
+Date: Tue, 31 Mar 2015 16:32:35 +0300
+Subject: [PATCH 20/26] eng_cryptodev: add support for TLSv1.2 record offload
+
+Supported cipher suites:
+- 3des-ede-cbc-sha
+- aes-128-cbc-hmac-sha
+- aes-256-cbc-hmac-sha
+- aes-128-cbc-hmac-sha256
+- aes-256-cbc-hmac-sha256
+
+Requires TLS patches on cryptodev and TLS algorithm support in Linux
+kernel driver.
+
+Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
+Change-Id: I0ac6953dd62e2655a59d8f3eaefd012b7ecebf55
+Reviewed-on: http://git.am.freescale.net:8181/34003
+Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 123 ++++++++++++++++++++++++++++++++++++++++++
+ crypto/objects/obj_dat.h      |  26 +++++++--
+ crypto/objects/obj_mac.h      |  20 +++++++
+ crypto/objects/obj_mac.num    |   5 ++
+ crypto/objects/objects.txt    |   5 ++
+ ssl/ssl_ciph.c                |  25 +++++++++
+ 6 files changed, 201 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index f71ab27..fa5fe1b 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -140,6 +140,11 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
++const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1;
++const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1;
++const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1;
++const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256;
++const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256;
+ 
+ inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin,  int *bin_len)
+ {
+@@ -263,6 +268,11 @@ static struct {
+        { CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8, 24, 20},
+        { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16, 20},
+        { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32, 20},
++       { CRYPTO_TLS12_3DES_CBC_HMAC_SHA1, NID_tls12_des_ede3_cbc_hmac_sha1, 8, 24, 20},
++       { CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_128_cbc_hmac_sha1, 16, 16, 20},
++       { CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_256_cbc_hmac_sha1, 16, 32, 20},
++       { CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_128_cbc_hmac_sha256, 16, 16, 32},
++       { CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_256_cbc_hmac_sha256, 16, 32, 32},
+        { CRYPTO_AES_GCM,       NID_aes_128_gcm,  16, 16, 0},
+        { 0, NID_undef, 0, 0, 0},
+ };
+@@ -487,6 +497,21 @@ cryptodev_usable_ciphers(const int **nids)
+                case NID_tls11_aes_256_cbc_hmac_sha1:
+                        EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
+                        break;
++               case NID_tls12_des_ede3_cbc_hmac_sha1:
++                       EVP_add_cipher(&cryptodev_tls12_3des_cbc_hmac_sha1);
++                       break;
++               case NID_tls12_aes_128_cbc_hmac_sha1:
++                       EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha1);
++                       break;
++               case NID_tls12_aes_256_cbc_hmac_sha1:
++                       EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha1);
++                       break;
++               case NID_tls12_aes_128_cbc_hmac_sha256:
++                       EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha256);
++                       break;
++               case NID_tls12_aes_256_cbc_hmac_sha256:
++                       EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha256);
++                       break;
+                }
+        }
+        return count;
+@@ -596,6 +621,11 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+        case NID_tls11_des_ede3_cbc_hmac_sha1:
+        case NID_tls11_aes_128_cbc_hmac_sha1:
+        case NID_tls11_aes_256_cbc_hmac_sha1:
++       case NID_tls12_des_ede3_cbc_hmac_sha1:
++       case NID_tls12_aes_128_cbc_hmac_sha1:
++       case NID_tls12_aes_256_cbc_hmac_sha1:
++       case NID_tls12_aes_128_cbc_hmac_sha256:
++       case NID_tls12_aes_256_cbc_hmac_sha256:
+                cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
+        }
+        cryp.ses = sess->ses;
+@@ -795,9 +825,17 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                case NID_tls11_des_ede3_cbc_hmac_sha1:
+                case NID_tls11_aes_128_cbc_hmac_sha1:
+                case NID_tls11_aes_256_cbc_hmac_sha1:
++               case NID_tls12_des_ede3_cbc_hmac_sha1:
++               case NID_tls12_aes_128_cbc_hmac_sha1:
++               case NID_tls12_aes_256_cbc_hmac_sha1:
+                        maclen = SHA_DIGEST_LENGTH;
+                        aad_needs_fix = true;
+                        break;
++               case NID_tls12_aes_128_cbc_hmac_sha256:
++               case NID_tls12_aes_256_cbc_hmac_sha256:
++                       maclen = SHA256_DIGEST_LENGTH;
++                       aad_needs_fix = true;
++                       break;
+                }
+ 
+                /* Correct length for AAD Length field */
+@@ -1207,6 +1245,76 @@ const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
+        NULL
+ };
+ 
++const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1 = {
++       NID_tls12_des_ede3_cbc_hmac_sha1,
++       8, 24, 8,
++       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++       cryptodev_init_aead_key,
++       cryptodev_aead_cipher,
++       cryptodev_cleanup,
++       sizeof(struct dev_crypto_state),
++       EVP_CIPHER_set_asn1_iv,
++       EVP_CIPHER_get_asn1_iv,
++       cryptodev_cbc_hmac_sha1_ctrl,
++       NULL
++};
++
++const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1 = {
++       NID_tls12_aes_128_cbc_hmac_sha1,
++       16, 16, 16,
++       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++       cryptodev_init_aead_key,
++       cryptodev_aead_cipher,
++       cryptodev_cleanup,
++       sizeof(struct dev_crypto_state),
++       EVP_CIPHER_set_asn1_iv,
++       EVP_CIPHER_get_asn1_iv,
++       cryptodev_cbc_hmac_sha1_ctrl,
++       NULL
++};
++
++const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1 = {
++       NID_tls12_aes_256_cbc_hmac_sha1,
++       16, 32, 16,
++       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++       cryptodev_init_aead_key,
++       cryptodev_aead_cipher,
++       cryptodev_cleanup,
++       sizeof(struct dev_crypto_state),
++       EVP_CIPHER_set_asn1_iv,
++       EVP_CIPHER_get_asn1_iv,
++       cryptodev_cbc_hmac_sha1_ctrl,
++       NULL
++};
++
++const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256 = {
++       NID_tls12_aes_128_cbc_hmac_sha256,
++       16, 16, 16,
++       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++       cryptodev_init_aead_key,
++       cryptodev_aead_cipher,
++       cryptodev_cleanup,
++       sizeof(struct dev_crypto_state),
++       EVP_CIPHER_set_asn1_iv,
++       EVP_CIPHER_get_asn1_iv,
++       cryptodev_cbc_hmac_sha1_ctrl,
++       NULL
++};
++
++const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256 = {
++       NID_tls12_aes_256_cbc_hmac_sha256,
++       16, 32, 16,
++       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++       cryptodev_init_aead_key,
++       cryptodev_aead_cipher,
++       cryptodev_cleanup,
++       sizeof(struct dev_crypto_state),
++       EVP_CIPHER_set_asn1_iv,
++       EVP_CIPHER_get_asn1_iv,
++       cryptodev_cbc_hmac_sha1_ctrl,
++       NULL
++};
++
+ const EVP_CIPHER cryptodev_aes_128_gcm = {
+        NID_aes_128_gcm,
+        1, 16, 12,
+@@ -1281,6 +1389,21 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+        case NID_tls11_aes_256_cbc_hmac_sha1:
+                *cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1;
+                break;
++       case NID_tls12_des_ede3_cbc_hmac_sha1:
++               *cipher = &cryptodev_tls12_3des_cbc_hmac_sha1;
++               break;
++       case NID_tls12_aes_128_cbc_hmac_sha1:
++               *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha1;
++               break;
++       case NID_tls12_aes_256_cbc_hmac_sha1:
++               *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha1;
++               break;
++       case NID_tls12_aes_128_cbc_hmac_sha256:
++               *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha256;
++               break;
++       case NID_tls12_aes_256_cbc_hmac_sha256:
++               *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha256;
++               break;
+        default:
+                *cipher = NULL;
+                break;
+diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
+index dc89b0a..dfe19da 100644
+--- a/crypto/objects/obj_dat.h
++++ b/crypto/objects/obj_dat.h
+@@ -62,9 +62,9 @@
+  * [including the GNU Public Licence.]
+  */
+ 
+-#define NUM_NID 924
+-#define NUM_SN 917
+-#define NUM_LN 917
++#define NUM_NID 929
++#define NUM_SN 922
++#define NUM_LN 922
+ #define NUM_OBJ 857
+ 
+ static const unsigned char lvalues[5974]={
+@@ -2407,6 +2407,16 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
+        NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
+ {"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
+        NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
++{"TLS12-DES-EDE3-CBC-HMAC-SHA1","tls12-des-ede3-cbc-hmac-sha1",
++       NID_tls12_des_ede3_cbc_hmac_sha1,0,NULL,0},
++{"TLS12-AES-128-CBC-HMAC-SHA1","tls12-aes-128-cbc-hmac-sha1",
++       NID_tls12_aes_128_cbc_hmac_sha1,0,NULL,0},
++{"TLS12-AES-256-CBC-HMAC-SHA1","tls12-aes-256-cbc-hmac-sha1",
++       NID_tls12_aes_256_cbc_hmac_sha1,0,NULL,0},
++{"TLS12-AES-128-CBC-HMAC-SHA256","tls12-aes-128-cbc-hmac-sha256",
++       NID_tls12_aes_128_cbc_hmac_sha256,0,NULL,0},
++{"TLS12-AES-256-CBC-HMAC-SHA256","tls12-aes-256-cbc-hmac-sha256",
++       NID_tls12_aes_256_cbc_hmac_sha256,0,NULL,0},
+ };
+ 
+ static const unsigned int sn_objs[NUM_SN]={
+@@ -2595,6 +2605,11 @@ static const unsigned int sn_objs[NUM_SN]={
+ 922,   /* "TLS11-AES-128-CBC-HMAC-SHA1" */
+ 923,   /* "TLS11-AES-256-CBC-HMAC-SHA1" */
+ 921,   /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
++925,   /* "TLS12-AES-128-CBC-HMAC-SHA1" */
++927,   /* "TLS12-AES-128-CBC-HMAC-SHA256" */
++926,   /* "TLS12-AES-256-CBC-HMAC-SHA1" */
++928,   /* "TLS12-AES-256-CBC-HMAC-SHA256" */
++924,   /* "TLS12-DES-EDE3-CBC-HMAC-SHA1" */
+ 458,   /* "UID" */
+  0,    /* "UNDEF" */
+ 11,    /* "X500" */
+@@ -4217,6 +4232,11 @@ static const unsigned int ln_objs[NUM_LN]={
+ 922,   /* "tls11-aes-128-cbc-hmac-sha1" */
+ 923,   /* "tls11-aes-256-cbc-hmac-sha1" */
+ 921,   /* "tls11-des-ede3-cbc-hmac-sha1" */
++925,   /* "tls12-aes-128-cbc-hmac-sha1" */
++927,   /* "tls12-aes-128-cbc-hmac-sha256" */
++926,   /* "tls12-aes-256-cbc-hmac-sha1" */
++928,   /* "tls12-aes-256-cbc-hmac-sha256" */
++924,   /* "tls12-des-ede3-cbc-hmac-sha1" */
+ 682,   /* "tpBasis" */
+ 436,   /* "ucl" */
+  0,    /* "undefined" */
+diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
+index f181890..5af125e 100644
+--- a/crypto/objects/obj_mac.h
++++ b/crypto/objects/obj_mac.h
+@@ -4046,3 +4046,23 @@
+ #define LN_tls11_aes_256_cbc_hmac_sha1         "tls11-aes-256-cbc-hmac-sha1"
+ #define NID_tls11_aes_256_cbc_hmac_sha1                923
+ 
++#define SN_tls12_des_ede3_cbc_hmac_sha1                "TLS12-DES-EDE3-CBC-HMAC-SHA1"
++#define LN_tls12_des_ede3_cbc_hmac_sha1                "tls12-des-ede3-cbc-hmac-sha1"
++#define NID_tls12_des_ede3_cbc_hmac_sha1               924
++
++#define SN_tls12_aes_128_cbc_hmac_sha1         "TLS12-AES-128-CBC-HMAC-SHA1"
++#define LN_tls12_aes_128_cbc_hmac_sha1         "tls12-aes-128-cbc-hmac-sha1"
++#define NID_tls12_aes_128_cbc_hmac_sha1                925
++
++#define SN_tls12_aes_256_cbc_hmac_sha1         "TLS12-AES-256-CBC-HMAC-SHA1"
++#define LN_tls12_aes_256_cbc_hmac_sha1         "tls12-aes-256-cbc-hmac-sha1"
++#define NID_tls12_aes_256_cbc_hmac_sha1                926
++
++#define SN_tls12_aes_128_cbc_hmac_sha256               "TLS12-AES-128-CBC-HMAC-SHA256"
++#define LN_tls12_aes_128_cbc_hmac_sha256               "tls12-aes-128-cbc-hmac-sha256"
++#define NID_tls12_aes_128_cbc_hmac_sha256              927
++
++#define SN_tls12_aes_256_cbc_hmac_sha256               "TLS12-AES-256-CBC-HMAC-SHA256"
++#define LN_tls12_aes_256_cbc_hmac_sha256               "tls12-aes-256-cbc-hmac-sha256"
++#define NID_tls12_aes_256_cbc_hmac_sha256              928
++
+diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
+index a02b58c..deeba3a 100644
+--- a/crypto/objects/obj_mac.num
++++ b/crypto/objects/obj_mac.num
+@@ -921,3 +921,8 @@ des_ede3_cbc_hmac_sha1              920
+ tls11_des_ede3_cbc_hmac_sha1           921
+ tls11_aes_128_cbc_hmac_sha1            922
+ tls11_aes_256_cbc_hmac_sha1            923
++tls12_des_ede3_cbc_hmac_sha1           924
++tls12_aes_128_cbc_hmac_sha1            925
++tls12_aes_256_cbc_hmac_sha1            926
++tls12_aes_128_cbc_hmac_sha256          927
++tls12_aes_256_cbc_hmac_sha256          928
+diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
+index 1973658..6e4ac93 100644
+--- a/crypto/objects/objects.txt
++++ b/crypto/objects/objects.txt
+@@ -1294,3 +1294,8 @@ kisa 1 6                : SEED-OFB      : seed-ofb
+                        : TLS11-DES-EDE3-CBC-HMAC-SHA1  : tls11-des-ede3-cbc-hmac-sha1
+                        : TLS11-AES-128-CBC-HMAC-SHA1   : tls11-aes-128-cbc-hmac-sha1
+                        : TLS11-AES-256-CBC-HMAC-SHA1   : tls11-aes-256-cbc-hmac-sha1
++                       : TLS12-DES-EDE3-CBC-HMAC-SHA1  : tls12-des-ede3-cbc-hmac-sha1
++                       : TLS12-AES-128-CBC-HMAC-SHA1   : tls12-aes-128-cbc-hmac-sha1
++                       : TLS12-AES-256-CBC-HMAC-SHA1   : tls12-aes-256-cbc-hmac-sha1
++                       : TLS12-AES-128-CBC-HMAC-SHA256 : tls12-aes-128-cbc-hmac-sha256
++                       : TLS12-AES-256-CBC-HMAC-SHA256 : tls12-aes-256-cbc-hmac-sha256
+diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
+index 0408986..77a82f6 100644
+--- a/ssl/ssl_ciph.c
++++ b/ssl/ssl_ciph.c
+@@ -661,6 +661,31 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+                         c->algorithm_mac == SSL_SHA1 &&
+                         (evp=EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
+                        *enc = evp, *md = NULL;
++               else if (s->ssl_version == TLS1_2_VERSION &&
++                        c->algorithm_enc == SSL_3DES &&
++                        c->algorithm_mac == SSL_SHA1 &&
++                        (evp=EVP_get_cipherbyname("TLS12-DES-EDE3-CBC-HMAC-SHA1")))
++                       *enc = evp, *md = NULL;
++               else if (s->ssl_version == TLS1_2_VERSION &&
++                        c->algorithm_enc == SSL_AES128 &&
++                        c->algorithm_mac == SSL_SHA1 &&
++                        (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA1")))
++                       *enc = evp, *md = NULL;
++               else if (s->ssl_version == TLS1_2_VERSION &&
++                        c->algorithm_enc == SSL_AES256 &&
++                        c->algorithm_mac == SSL_SHA1 &&
++                        (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA1")))
++                       *enc = evp, *md = NULL;
++               else if (s->ssl_version == TLS1_2_VERSION &&
++                        c->algorithm_enc == SSL_AES128 &&
++                        c->algorithm_mac == SSL_SHA256 &&
++                        (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA256")))
++                       *enc = evp, *md = NULL;
++               else if (s->ssl_version == TLS1_2_VERSION &&
++                        c->algorithm_enc == SSL_AES256 &&
++                        c->algorithm_mac == SSL_SHA256 &&
++                        (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA256")))
++                       *enc = evp, *md = NULL;
+                return(1);
+                }
+        else
+-- 
+2.3.5
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0021-cryptodev-drop-redundant-function.patch b/recipes-connectivity/openssl/openssl-fsl/0021-cryptodev-drop-redundant-function.patch
new file mode 100644
index 00000000..16cc6882
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0021-cryptodev-drop-redundant-function.patch
@@ -0,0 +1,75 @@
+From ea4abc255c6c5feec01cb1e30c6082cfe47860e2 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Thu, 19 Feb 2015 16:11:53 +0200
+Subject: [PATCH 21/26] cryptodev: drop redundant function
+
+get_dev_crypto already caches the result. Another cache in-between is
+useless.
+
+Change-Id: Ibd162529d3fb7a561a17f1a707d5d287c1586a3a
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/34216
+---
+ crypto/engine/eng_cryptodev.c | 18 +++---------------
+ 1 file changed, 3 insertions(+), 15 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index fa5fe1b..1ab5551 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -96,7 +96,6 @@ struct dev_crypto_state {
+ 
+ static u_int32_t cryptodev_asymfeat = 0;
+ 
+-static int get_asym_dev_crypto(void);
+ static int open_dev_crypto(void);
+ static int get_dev_crypto(void);
+ static int get_cryptodev_ciphers(const int **cnids);
+@@ -357,17 +356,6 @@ static void put_dev_crypto(int fd)
+ #endif
+ }
+ 
+-/* Caching version for asym operations */
+-static int
+-get_asym_dev_crypto(void)
+-{
+-       static int fd = -1;
+-
+-       if (fd == -1)
+-               fd = get_dev_crypto();
+-       return fd;
+-}
+-
+ /*
+  * Find out what ciphers /dev/crypto will let us have a session for.
+  * XXX note, that some of these openssl doesn't deal with yet!
+@@ -1796,7 +1784,7 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
+ {
+        int fd, ret = -1;
+ 
+-       if ((fd = get_asym_dev_crypto()) < 0)
++       if ((fd = get_dev_crypto()) < 0)
+                return (ret);
+ 
+        if (r) {
+@@ -2374,7 +2362,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+        int p_len, q_len;
+        int i;
+ 
+-       if ((fd = get_asym_dev_crypto()) < 0)
++       if ((fd = get_dev_crypto()) < 0)
+                goto sw_try;
+ 
+        if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
+@@ -3928,7 +3916,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+        BIGNUM *temp = NULL;
+        unsigned char *padded_pub_key = NULL, *p = NULL;
+ 
+-       if ((fd = get_asym_dev_crypto()) < 0)
++       if ((fd = get_dev_crypto()) < 0)
+                goto sw_try;
+ 
+        memset(&kop, 0, sizeof kop);
+-- 
+2.3.5
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0022-cryptodev-do-not-zero-the-buffer-before-use.patch b/recipes-connectivity/openssl/openssl-fsl/0022-cryptodev-do-not-zero-the-buffer-before-use.patch
new file mode 100644
index 00000000..0b2f0f1b
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0022-cryptodev-do-not-zero-the-buffer-before-use.patch
@@ -0,0 +1,48 @@
+From 75e3e7d600eb72e7374b1ecf5ece7b831bc98ed8 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Tue, 17 Feb 2015 13:12:53 +0200
+Subject: [PATCH 22/26] cryptodev: do not zero the buffer before use
+
+- The buffer is just about to be overwritten. Zeroing it before that has
+  no purpose
+
+Change-Id: I478c31bd2e254561474a7edf5e37980ca04217ce
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/34217
+---
+ crypto/engine/eng_cryptodev.c | 13 ++++---------
+ 1 file changed, 4 insertions(+), 9 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 1ab5551..dbc5989 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1681,21 +1681,16 @@ static int
+ bn2crparam(const BIGNUM *a, struct crparam *crp)
+ {
+        ssize_t bytes, bits;
+-       u_char *b;
+-
+-       crp->crp_p = NULL;
+-       crp->crp_nbits = 0;
+ 
+        bits = BN_num_bits(a);
+        bytes = (bits + 7) / 8;
+ 
+-       b = malloc(bytes);
+-       if (b == NULL)
++       crp->crp_nbits = bits;
++       crp->crp_p = malloc(bytes);
++
++       if (crp->crp_p == NULL)
+                return (1);
+-       memset(b, 0, bytes);
+ 
+-       crp->crp_p = (caddr_t) b;
+-       crp->crp_nbits = bits;
+        BN_bn2bin(a, crp->crp_p);
+        return (0);
+ }
+-- 
+2.3.5
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0023-cryptodev-clean-up-code-layout.patch b/recipes-connectivity/openssl/openssl-fsl/0023-cryptodev-clean-up-code-layout.patch
new file mode 100644
index 00000000..5ff1c5ca
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0023-cryptodev-clean-up-code-layout.patch
@@ -0,0 +1,72 @@
+From 4453b06b940fc03a0973cfd96f908e46cce61054 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Wed, 18 Feb 2015 10:39:46 +0200
+Subject: [PATCH 23/26] cryptodev: clean-up code layout
+
+This is just a refactoring that uses else branch to check for malloc failures
+
+Change-Id: I6dc157af36d6ec51a4edfc82cf97fae2e7e83628
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/34218
+---
+ crypto/engine/eng_cryptodev.c | 42 ++++++++++++++++++++----------------------
+ 1 file changed, 20 insertions(+), 22 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index dbc5989..dceb4f5 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1745,30 +1745,28 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+        fd = *(int *)cookie->eng_handle;
+ 
+        eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
+-
+-       if (eng_cookie) {
+-               memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
+-               if (r) {
+-                       kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
+-                       if (!kop->crk_param[kop->crk_iparams].crp_p)
+-                               return -ENOMEM;
+-                       kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
+-                       kop->crk_oparams++;
+-                       eng_cookie->r = r;
+-                       eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
+-               }
+-               if (s) {
+-                       kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
+-                       if (!kop->crk_param[kop->crk_iparams+1].crp_p)
+-                               return -ENOMEM;
+-                       kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
+-                       kop->crk_oparams++;
+-                       eng_cookie->s = s;
+-                       eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
+-               }
+-       } else
++       if (!eng_cookie)
+                return -ENOMEM;
+ 
++       memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
++       if (r) {
++               kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
++               if (!kop->crk_param[kop->crk_iparams].crp_p)
++                       return -ENOMEM;
++               kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
++               kop->crk_oparams++;
++               eng_cookie->r = r;
++               eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
++       }
++       if (s) {
++               kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
++               if (!kop->crk_param[kop->crk_iparams+1].crp_p)
++                       return -ENOMEM;
++               kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
++               kop->crk_oparams++;
++               eng_cookie->s = s;
++               eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
++       }
+        eng_cookie->kop = kop;
+        cookie->eng_cookie = eng_cookie;
+        return ioctl(fd, CIOCASYMASYNCRYPT, kop);
+-- 
+2.3.5
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch b/recipes-connectivity/openssl/openssl-fsl/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch
new file mode 100644
index 00000000..e798d3e2
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch
@@ -0,0 +1,100 @@
+From a44701abd995b3db80001d0c5d88e9ead05972c1 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Thu, 19 Feb 2015 16:43:29 +0200
+Subject: [PATCH 24/26] cryptodev: do not cache file descriptor in 'open'
+
+The file descriptor returned by get_dev_crypto is cached after a
+successful return. The issue is, it is cached inside 'open_dev_crypto'
+which is no longer useful as a general purpose open("/dev/crypto")
+function.
+
+This patch is a refactoring that moves the caching operation from
+open_dev_crypto to get_dev_crypto and leaves the former as a simpler
+function true to its name
+
+Change-Id: I980170969410381973ce75f6679a4a1401738847
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/34219
+---
+ crypto/engine/eng_cryptodev.c | 50 +++++++++++++++++++++----------------------
+ 1 file changed, 24 insertions(+), 26 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index dceb4f5..b74fc7c 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -306,47 +306,45 @@ static void ctr64_inc(unsigned char *counter) {
+                if (c) return;
+        } while (n);
+ }
+-/*
+- * Return a fd if /dev/crypto seems usable, 0 otherwise.
+- */
+-static int
+-open_dev_crypto(void)
++
++static int open_dev_crypto(void)
+ {
+-       static int fd = -1;
++       int fd;
+ 
+-       if (fd == -1) {
+-               if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
+-                       return (-1);
+-               /* close on exec */
+-               if (fcntl(fd, F_SETFD, 1) == -1) {
+-                       close(fd);
+-                       fd = -1;
+-                       return (-1);
+-               }
++       fd = open("/dev/crypto", O_RDWR, 0);
++       if ( fd < 0)
++               return -1;
++
++       /* close on exec */
++       if (fcntl(fd, F_SETFD, 1) == -1) {
++               close(fd);
++               return -1;
+        }
+-       return (fd);
++
++       return fd;
+ }
+ 
+-static int
+-get_dev_crypto(void)
++static int get_dev_crypto(void)
+ {
+-       int fd, retfd;
++       static int fd = -1;
++       int retfd;
+ 
+-       if ((fd = open_dev_crypto()) == -1)
+-               return (-1);
+-#ifndef CRIOGET_NOT_NEEDED
++       if (fd == -1)
++               fd = open_dev_crypto();
++#ifdef CRIOGET_NOT_NEEDED
++       return fd;
++#else
++       if (fd == -1)
++               return -1;
+        if (ioctl(fd, CRIOGET, &retfd) == -1)
+                return (-1);
+-
+        /* close on exec */
+        if (fcntl(retfd, F_SETFD, 1) == -1) {
+                close(retfd);
+                return (-1);
+        }
+-#else
+-        retfd = fd;
++       return retfd;
+ #endif
+-       return (retfd);
+ }
+ 
+ static void put_dev_crypto(int fd)
+-- 
+2.3.5
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0025-cryptodev-put_dev_crypto-should-be-an-int.patch b/recipes-connectivity/openssl/openssl-fsl/0025-cryptodev-put_dev_crypto-should-be-an-int.patch
new file mode 100644
index 00000000..a48dc6a6
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0025-cryptodev-put_dev_crypto-should-be-an-int.patch
@@ -0,0 +1,35 @@
+From 84a8007b6e92fe4c2696cc9e330207ee03303a20 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Thu, 19 Feb 2015 13:09:32 +0200
+Subject: [PATCH 25/26] cryptodev: put_dev_crypto should be an int
+
+Change-Id: Ie0a83bc07a37132286c098b17ef35d98de74b043
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/34220
+---
+ crypto/engine/eng_cryptodev.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index b74fc7c..c9db27d 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -347,10 +347,12 @@ static int get_dev_crypto(void)
+ #endif
+ }
+ 
+-static void put_dev_crypto(int fd)
++static int put_dev_crypto(int fd)
+ {
+-#ifndef CRIOGET_NOT_NEEDED
+-       close(fd);
++#ifdef CRIOGET_NOT_NEEDED
++       return 0;
++#else
++       return close(fd);
+ #endif
+ }
+ 
+-- 
+2.3.5
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch b/recipes-connectivity/openssl/openssl-fsl/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch
new file mode 100644
index 00000000..6527ac8f
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch
@@ -0,0 +1,250 @@
+From 787539e7720c99785f6c664a7484842bba08f6ed Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Thu, 19 Feb 2015 13:39:52 +0200
+Subject: [PATCH 26/26] cryptodev: simplify cryptodev pkc support code
+
+- Engine init returns directly a file descriptor instead of a pointer to one
+- Similarly, the Engine close will now just close the file
+
+Change-Id: Ief736d0776c7009dee002204fb1d4ce9d31c8787
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/34221
+---
+ crypto/crypto.h               |  2 +-
+ crypto/engine/eng_cryptodev.c | 35 +++-----------------------
+ crypto/engine/eng_int.h       | 14 +++--------
+ crypto/engine/eng_lib.c       | 57 +++++++++++++++++++++----------------------
+ crypto/engine/engine.h        | 13 +++++-----
+ 5 files changed, 42 insertions(+), 79 deletions(-)
+
+diff --git a/crypto/crypto.h b/crypto/crypto.h
+index ce12731..292427e 100644
+--- a/crypto/crypto.h
++++ b/crypto/crypto.h
+@@ -618,7 +618,7 @@ struct pkc_cookie_s {
+           *            -EINVAL: Parameters Invalid
+           */
+        void (*pkc_callback)(struct pkc_cookie_s *cookie, int status);
+-       void *eng_handle;
++       int eng_handle;
+ };
+ 
+ #ifdef  __cplusplus
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index c9db27d..f173bde 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1742,7 +1742,7 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+        struct pkc_cookie_s *cookie = kop->cookie;
+        struct cryptodev_cookie_s *eng_cookie;
+ 
+-       fd = *(int *)cookie->eng_handle;
++       fd = cookie->eng_handle;
+ 
+        eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
+        if (!eng_cookie)
+@@ -1802,38 +1802,11 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
+        return (ret);
+ }
+ 
+-/* Close an opened instance of cryptodev engine */
+-void cryptodev_close_instance(void *handle)
+-{
+-       int fd;
+-
+-       if (handle) {
+-               fd = *(int *)handle;
+-               close(fd);
+-               free(handle);
+-       }
+-}
+-
+-/* Create an instance of cryptodev for asynchronous interface */
+-void *cryptodev_init_instance(void)
+-{
+-       int *fd = malloc(sizeof(int));
+-
+-       if (fd) {
+-               if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) {
+-                       free(fd);
+-                       return NULL;
+-               }
+-       }
+-       return fd;
+-}
+-
+ #include <poll.h>
+ 
+ /* Return 0 on success and 1 on failure */
+-int cryptodev_check_availability(void *eng_handle)
++int cryptodev_check_availability(int fd)
+ {
+-       int fd = *(int *)eng_handle;
+        struct pkc_cookie_list_s cookie_list;
+        struct pkc_cookie_s *cookie;
+        int i;
+@@ -4540,8 +4513,8 @@ ENGINE_load_cryptodev(void)
+        }
+ 
+        ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability);
+-       ENGINE_set_close_instance(engine, cryptodev_close_instance);
+-       ENGINE_set_init_instance(engine, cryptodev_init_instance);
++       ENGINE_set_close_instance(engine, put_dev_crypto);
++       ENGINE_set_open_instance(engine, open_dev_crypto);
+        ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC);
+ 
+        ENGINE_add(engine);
+diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
+index 8fc3077..8fb79c0 100644
+--- a/crypto/engine/eng_int.h
++++ b/crypto/engine/eng_int.h
+@@ -181,23 +181,15 @@ struct engine_st
+        ENGINE_LOAD_KEY_PTR load_pubkey;
+ 
+        ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
+-       /*
+-        * Instantiate Engine handle to be passed in check_pkc_availability
+-        * Ensure that Engine is instantiated before any pkc asynchronous call.
+-        */
+-       void *(*engine_init_instance)(void);
+-       /*
+-        * Instantiated Engine handle will be closed with this call.
+-        * Ensure that no pkc asynchronous call is made after this call
+-        */
+-       void (*engine_close_instance)(void *handle);
++       int (*engine_open_instance)(void);
++       int (*engine_close_instance)(int fd);
+        /*
+         * Check availability will extract the data from kernel.
+         * eng_handle: This is the Engine handle corresponds to which
+         * the cookies needs to be polled.
+         * return 0 if cookie available else 1
+         */
+-       int (*check_pkc_availability)(void *eng_handle);
++       int (*check_pkc_availability)(int fd);
+        /*
+         * The following map is used to check if the engine supports asynchronous implementation
+         * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous
+diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
+index 6fa621c..6c9471b 100644
+--- a/crypto/engine/eng_lib.c
++++ b/crypto/engine/eng_lib.c
+@@ -99,7 +99,7 @@ void engine_set_all_null(ENGINE *e)
+        e->load_privkey = NULL;
+        e->load_pubkey = NULL;
+        e->check_pkc_availability = NULL;
+-       e->engine_init_instance = NULL;
++       e->engine_open_instance = NULL;
+        e->engine_close_instance = NULL;
+        e->cmd_defns = NULL;
+        e->async_map = 0;
+@@ -237,47 +237,46 @@ int ENGINE_set_id(ENGINE *e, const char *id)
+        return 1;
+        }
+ 
+-void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void))
+-       {
+-               e->engine_init_instance = engine_init_instance;
+-       }
++void ENGINE_set_open_instance(ENGINE *e, int (*engine_open_instance)(void))
++{
++       e->engine_open_instance = engine_open_instance;
++}
+ 
+-void ENGINE_set_close_instance(ENGINE *e,
+-       void (*engine_close_instance)(void *))
+-       {
+-               e->engine_close_instance = engine_close_instance;
+-       }
++void ENGINE_set_close_instance(ENGINE *e, int (*engine_close_instance)(int))
++{
++       e->engine_close_instance = engine_close_instance;
++}
+ 
+ void ENGINE_set_async_map(ENGINE *e, int async_map)
+        {
+                e->async_map = async_map;
+        }
+ 
+-void *ENGINE_init_instance(ENGINE *e)
+-       {
+-               return e->engine_init_instance();
+-       }
+-
+-void ENGINE_close_instance(ENGINE *e, void *eng_handle)
+-       {
+-               e->engine_close_instance(eng_handle);
+-       }
+-
+ int ENGINE_get_async_map(ENGINE *e)
+        {
+                return e->async_map;
+        }
+ 
+-void ENGINE_set_check_pkc_availability(ENGINE *e,
+-       int (*check_pkc_availability)(void *eng_handle))
+-       {
+-               e->check_pkc_availability = check_pkc_availability;
+-       }
++int ENGINE_open_instance(ENGINE *e)
++{
++       return e->engine_open_instance();
++}
+ 
+-int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle)
+-       {
+-               return e->check_pkc_availability(eng_handle);
+-       }
++int ENGINE_close_instance(ENGINE *e, int fd)
++{
++       return e->engine_close_instance(fd);
++}
++
++void ENGINE_set_check_pkc_availability(ENGINE *e,
++       int (*check_pkc_availability)(int fd))
++{
++       e->check_pkc_availability = check_pkc_availability;
++}
++
++int ENGINE_check_pkc_availability(ENGINE *e, int fd)
++{
++       return e->check_pkc_availability(fd);
++}
+ 
+ int ENGINE_set_name(ENGINE *e, const char *name)
+        {
+diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
+index ccff86a..3ba3e97 100644
+--- a/crypto/engine/engine.h
++++ b/crypto/engine/engine.h
+@@ -473,9 +473,6 @@ ENGINE *ENGINE_new(void);
+ int ENGINE_free(ENGINE *e);
+ int ENGINE_up_ref(ENGINE *e);
+ int ENGINE_set_id(ENGINE *e, const char *id);
+-void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void));
+-void ENGINE_set_close_instance(ENGINE *e,
+-       void (*engine_free_instance)(void *));
+ /*
+  * Following FLAGS are bitmap store in async_map to set asynchronous interface capability
+  *of the engine
+@@ -492,11 +489,13 @@ void ENGINE_set_async_map(ENGINE *e, int async_map);
+   * to confirm asynchronous methods supported
+   */
+ int ENGINE_get_async_map(ENGINE *e);
+-void *ENGINE_init_instance(ENGINE *e);
+-void ENGINE_close_instance(ENGINE *e, void *eng_handle);
++int ENGINE_open_instance(ENGINE *e);
++int ENGINE_close_instance(ENGINE *e, int fd);
++void ENGINE_set_init_instance(ENGINE *e, int(*engine_init_instance)(void));
++void ENGINE_set_close_instance(ENGINE *e, int(*engine_close_instance)(int));
+ void ENGINE_set_check_pkc_availability(ENGINE *e,
+-       int (*check_pkc_availability)(void *eng_handle));
+-int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle);
++       int (*check_pkc_availability)(int fd));
++int ENGINE_check_pkc_availability(ENGINE *e, int fd);
+ int ENGINE_set_name(ENGINE *e, const char *name);
+ int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
+ int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
+-- 
+2.3.5
+
diff --git a/recipes-connectivity/openssl/openssl.inc b/recipes-connectivity/openssl/openssl.inc
new file mode 100644
index 00000000..ee02fb79
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl.inc
@@ -0,0 +1,173 @@
+SUMMARY = "Secure Socket Layer"
+DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
+HOMEPAGE = "http://www.openssl.org/"
+BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
+SECTION = "libs/network"
+
+# "openssl | SSLeay" dual license
+LICENSE = "openssl"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
+
+DEPENDS = "perl-native-runtime"
+
+SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
+          "
+S = "${WORKDIR}/openssl-${PV}"
+
+PACKAGECONFIG[perl] = ",,,"
+
+AR_append = " r"
+# Avoid binaries being marked as requiring an executable stack since it 
+# doesn't(which causes and this causes issues with SELinux
+CFLAG = "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
+        -DTERMIO ${CFLAGS} -Wall -Wa,--noexecstack"
+
+# -02 does not work on mipsel: ssh hangs when it tries to read /dev/urandom
+CFLAG_mtx-1 := "${@'${CFLAG}'.replace('-O2', '')}"
+CFLAG_mtx-2 := "${@'${CFLAG}'.replace('-O2', '')}"
+
+export DIRS = "crypto ssl apps"
+export EX_LIBS = "-lgcc -ldl"
+export AS = "${CC} -c"
+
+inherit pkgconfig siteinfo multilib_header
+
+PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf"
+FILES_libcrypto = "${base_libdir}/libcrypto${SOLIBS}"
+FILES_libssl = "${libdir}/libssl.so.*"
+FILES_${PN} =+ " ${libdir}/ssl/*"
+FILES_${PN}-misc = "${libdir}/ssl/misc ${bindir}/c_rehash"
+RDEPENDS_${PN}-misc = "${@base_contains('PACKAGECONFIG', 'perl', 'perl', '', d)}"
+FILES_${PN}-dev += "${base_libdir}/libcrypto${SOLIBSDEV}"
+
+# Add the openssl.cnf file to the openssl-conf package.  Make the libcrypto
+# package RRECOMMENDS on this package.  This will enable the configuration
+# file to be installed for both the base openssl package and the libcrypto
+# package since the base openssl package depends on the libcrypto package.
+FILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
+CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
+RRECOMMENDS_libcrypto += "openssl-conf"
+
+do_configure_prepend_darwin () {
+        sed -i -e '/version-script=openssl\.ld/d' Configure
+}
+
+do_configure () {
+        cd util
+        perl perlpath.pl ${STAGING_BINDIR_NATIVE}
+        cd ..
+        ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
+
+        os=${HOST_OS}
+        if [ "x$os" = "xlinux-uclibc" ]; then
+                os=linux
+        elif [ "x$os" = "xlinux-uclibceabi" ]; then
+                os=linux
+        elif [ "x$os" = "xlinux-uclibcspe" ]; then
+                os=linux
+        elif [ "x$os" = "xlinux-gnuspe" ]; then
+                os=linux
+        elif [ "x$os" = "xlinux-gnueabi" ]; then
+                os=linux
+        fi
+        target="$os-${HOST_ARCH}"
+        case $target in
+        linux-arm)
+                target=linux-armv4
+                ;;
+        linux-armeb)
+                target=linux-elf-armeb
+                ;;
+        linux-aarch64*)
+                target=linux-generic64
+                ;;
+        linux-sh3)
+                target=debian-sh3
+                ;;
+        linux-sh4)
+                target=debian-sh4
+                ;;
+        linux-i486)
+                target=debian-i386-i486
+                ;;
+        linux-i586 | linux-viac3)
+                target=debian-i386-i586
+                ;;
+        linux-i686)
+                target=debian-i386-i686/cmov
+                ;;
+        linux-gnux32-x86_64)
+                target=linux-x32
+                ;;
+        linux-gnu64-x86_64)
+                target=linux-x86_64
+                ;;
+        linux-mips)
+                target=debian-mips
+                ;;
+        linux-mipsel)
+                target=debian-mipsel
+                ;;
+        linux-*-mips64)
+               target=linux-mips
+                ;;
+        linux-powerpc)
+                target=linux-ppc
+                ;;
+        linux-powerpc64)
+                target=linux-ppc64
+                ;;
+        linux-supersparc)
+                target=linux-sparcv8
+                ;;
+        linux-sparc)
+                target=linux-sparcv8
+                ;;
+        darwin-i386)
+                target=darwin-i386-cc
+                ;;
+        esac
+        # inject machine-specific flags
+        sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure
+        useprefix=${prefix}
+        if [ "x$useprefix" = "x" ]; then
+                useprefix=/
+        fi        
+        perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target
+}
+
+do_compile () {
+        oe_runmake
+}
+
+do_install () {
+        oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install
+
+        oe_libinstall -so libcrypto ${D}${libdir}
+        oe_libinstall -so libssl ${D}${libdir}
+
+        # Moving libcrypto to /lib
+        if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then
+                mkdir -p ${D}/${base_libdir}/
+                mv ${D}${libdir}/libcrypto* ${D}${base_libdir}/
+                sed -i s#libdir=\$\{exec_prefix\}\/lib#libdir=${base_libdir}# ${D}/${libdir}/pkgconfig/libcrypto.pc
+        fi
+
+        install -d ${D}${includedir}
+        cp --dereference -R include/openssl ${D}${includedir}
+
+        oe_multilib_header openssl/opensslconf.h
+        if [ "${@base_contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then
+                install -m 0755 ${S}/tools/c_rehash ${D}${bindir}
+                sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${bindir}/c_rehash
+                sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
+                sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
+                # The c_rehash utility isn't installed by the normal installation process.
+        else
+                rm -f ${D}${bindir}/c_rehash
+                rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
+        fi
+}
+
+BBCLASSEXTEND = "native nativesdk"
+
diff --git a/recipes-connectivity/openssl/openssl/configure-targets.patch b/recipes-connectivity/openssl/openssl/configure-targets.patch
new file mode 100644
index 00000000..c1f3d087
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/configure-targets.patch
@@ -0,0 +1,34 @@
+Upstream-Status: Inappropriate [embedded specific]
+
+The number of colons are important :)
+
+
+---
+ Configure |   16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+--- a/Configure
++++ b/Configure
+@@ -403,6 +403,22 @@ my %table=(
+ "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+ "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+ 
++ # Linux on ARM
++"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++
++"linux-avr32","$ENV{'CC'}:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
++
++#### Linux on MIPS/MIPS64
++"linux-mips","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++
+ # Android: linux-* but without -DTERMIO and pointers to headers and libs.
+ "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch b/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
new file mode 100644
index 00000000..ac1b19b9
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
@@ -0,0 +1,45 @@
+Upstream-Status: Backport [debian]
+
+From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001
+From: Ludwig Nussel <ludwig.nussel@suse.de>
+Date: Wed, 21 Apr 2010 15:52:10 +0200
+Subject: [PATCH] also create old hash for compatibility
+
+---
+ tools/c_rehash.in |    8 +++++++-
+ 1 files changed, 7 insertions(+), 1 deletions(-)
+
+Index: openssl-1.0.0d/tools/c_rehash.in
+===================================================================
+--- openssl-1.0.0d.orig/tools/c_rehash.in       2011-04-13 20:41:28.000000000 +0000
++++ openssl-1.0.0d/tools/c_rehash.in    2011-04-13 20:41:28.000000000 +0000
+@@ -86,6 +86,7 @@
+                        }
+                }
+                link_hash_cert($fname) if($cert);
++               link_hash_cert_old($fname) if($cert);
+                link_hash_crl($fname) if($crl);
+        }
+ }
+@@ -119,8 +120,9 @@
+ 
+ sub link_hash_cert {
+                my $fname = $_[0];
++               my $hashopt = $_[1] || '-subject_hash';
+                $fname =~ s/'/'\\''/g;
+-               my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`;
++               my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$fname"`;
+                chomp $hash;
+                chomp $fprint;
+                $fprint =~ s/^.*=//;
+@@ -150,6 +152,10 @@
+                $hashlist{$hash} = $fprint;
+ }
+ 
++sub link_hash_cert_old {
++               link_hash_cert($_[0], '-subject_hash_old');
++}
++
+ # Same as above except for a CRL. CRL links are of the form <hash>.r<n>
+ 
+ sub link_hash_crl {
diff --git a/recipes-connectivity/openssl/openssl/debian/ca.patch b/recipes-connectivity/openssl/openssl/debian/ca.patch
new file mode 100644
index 00000000..aba4d429
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/debian/ca.patch
@@ -0,0 +1,22 @@
+Upstream-Status: Backport [debian]
+
+Index: openssl-0.9.8m/apps/CA.pl.in
+===================================================================
+--- openssl-0.9.8m.orig/apps/CA.pl.in   2006-04-28 00:28:51.000000000 +0000
++++ openssl-0.9.8m/apps/CA.pl.in        2010-02-27 00:36:51.000000000 +0000
+@@ -65,6 +65,7 @@
+ foreach (@ARGV) {
+        if ( /^(-\?|-h|-help)$/ ) {
+            print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
++           print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
+            exit 0;
+        } elsif (/^-newcert$/) {
+            # create a certificate
+@@ -165,6 +166,7 @@
+        } else {
+            print STDERR "Unknown arg $_\n";
+            print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
++           print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
+            exit 1;
+        }
+ }
diff --git a/recipes-connectivity/openssl/openssl/debian/debian-targets.patch b/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
new file mode 100644
index 00000000..8101edf0
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
@@ -0,0 +1,66 @@
+Upstream-Status: Backport [debian]
+
+Index: openssl-1.0.1/Configure
+===================================================================
+--- openssl-1.0.1.orig/Configure        2012-03-17 15:37:54.000000000 +0000
++++ openssl-1.0.1/Configure     2012-03-17 16:13:49.000000000 +0000
+@@ -105,6 +105,10 @@
+ 
+ my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
+ 
++# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS
++my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall";
++$debian_cflags =~ s/\n/ /g;
++
+ my $strict_warnings = 0;
+ 
+ my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
+@@ -338,6 +342,48 @@
+ "osf1-alpha-cc",  "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
+ "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
+ 
++# Debian GNU/* (various architectures)
++"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-armeb","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
++"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-kfreebsd-i386","gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-hppa","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-hurd-i386","gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -mtune=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-ia64","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-i386","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-i386-i486","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-i386-i586","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i586::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-i386-i686/cmov","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i686::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mips",   "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mipsel",   "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-netbsd-i386",  "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-netbsd-m68k",  "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-openbsd-i386",  "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
++"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sh3",   "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sh4",   "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sh3eb",   "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sh4eb",   "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-m32r","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sparc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++
+ ####
+ #### Variety of LINUX:-)
+ ####
diff --git a/recipes-connectivity/openssl/openssl/debian/make-targets.patch b/recipes-connectivity/openssl/openssl/debian/make-targets.patch
new file mode 100644
index 00000000..ee0a62c3
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/debian/make-targets.patch
@@ -0,0 +1,15 @@
+Upstream-Status: Backport [debian]
+
+Index: openssl-1.0.1/Makefile.org
+===================================================================
+--- openssl-1.0.1.orig/Makefile.org     2012-03-17 09:41:07.000000000 +0000
++++ openssl-1.0.1/Makefile.org  2012-03-17 09:41:21.000000000 +0000
+@@ -135,7 +135,7 @@
+ 
+ BASEADDR=
+ 
+-DIRS=   crypto ssl engines apps test tools
++DIRS=   crypto ssl engines apps tools
+ ENGDIRS= ccgost
+ SHLIBDIRS= crypto ssl
+ 
diff --git a/recipes-connectivity/openssl/openssl/debian/man-dir.patch b/recipes-connectivity/openssl/openssl/debian/man-dir.patch
new file mode 100644
index 00000000..4085e3b1
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/debian/man-dir.patch
@@ -0,0 +1,15 @@
+Upstream-Status: Backport [debian]
+
+Index: openssl-1.0.0c/Makefile.org
+===================================================================
+--- openssl-1.0.0c.orig/Makefile.org    2010-12-12 16:11:27.000000000 +0100
++++ openssl-1.0.0c/Makefile.org 2010-12-12 16:11:37.000000000 +0100
+@@ -131,7 +131,7 @@
+ 
+ MAKEFILE= Makefile
+ 
+-MANDIR=$(OPENSSLDIR)/man
++MANDIR=/usr/share/man
+ MAN1=1
+ MAN3=3
+ MANSUFFIX=
diff --git a/recipes-connectivity/openssl/openssl/debian/man-section.patch b/recipes-connectivity/openssl/openssl/debian/man-section.patch
new file mode 100644
index 00000000..21c1d1a4
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/debian/man-section.patch
@@ -0,0 +1,34 @@
+Upstream-Status: Backport [debian]
+
+Index: openssl-1.0.0c/Makefile.org
+===================================================================
+--- openssl-1.0.0c.orig/Makefile.org    2010-12-12 16:11:37.000000000 +0100
++++ openssl-1.0.0c/Makefile.org 2010-12-12 16:13:28.000000000 +0100
+@@ -160,7 +160,8 @@
+ MANDIR=/usr/share/man
+ MAN1=1
+ MAN3=3
+-MANSUFFIX=
++MANSUFFIX=ssl
++MANSECTION=SSL
+ HTMLSUFFIX=html
+ HTMLDIR=$(OPENSSLDIR)/html
+ SHELL=/bin/sh
+@@ -651,7 +652,7 @@
+                echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+                (cd `$(PERL) util/dirname.pl $$i`; \
+                sh -c "$$pod2man \
+-                       --section=$$sec --center=OpenSSL \
++                       --section=$${sec}$(MANSECTION) --center=OpenSSL \
+                        --release=$(VERSION) `basename $$i`") \
+                        >  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+                $(PERL) util/extract-names.pl < $$i | \
+@@ -668,7 +669,7 @@
+                echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+                (cd `$(PERL) util/dirname.pl $$i`; \
+                sh -c "$$pod2man \
+-                       --section=$$sec --center=OpenSSL \
++                       --section=$${sec}$(MANSECTION) --center=OpenSSL \
+                        --release=$(VERSION) `basename $$i`") \
+                        >  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+                $(PERL) util/extract-names.pl < $$i | \
diff --git a/recipes-connectivity/openssl/openssl/debian/no-rpath.patch b/recipes-connectivity/openssl/openssl/debian/no-rpath.patch
new file mode 100644
index 00000000..1ccb3b86
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/debian/no-rpath.patch
@@ -0,0 +1,15 @@
+Upstream-Status: Backport [debian]
+
+Index: openssl-1.0.0c/Makefile.shared
+===================================================================
+--- openssl-1.0.0c.orig/Makefile.shared 2010-08-21 13:36:49.000000000 +0200
++++ openssl-1.0.0c/Makefile.shared      2010-12-12 16:13:36.000000000 +0100
+@@ -153,7 +153,7 @@
+        NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+        SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+ 
+-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
++DO_GNU_APP=LDFLAGS="$(CFLAGS)"
+ 
+ #This is rather special.  It's a special target with which one can link
+ #applications without bothering with any features that have anything to
diff --git a/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch b/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch
new file mode 100644
index 00000000..cc4408ab
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch
@@ -0,0 +1,15 @@
+Upstream-Status: Backport [debian]
+
+Index: openssl-1.0.0c/Makefile.shared
+===================================================================
+--- openssl-1.0.0c.orig/Makefile.shared 2010-12-12 16:13:36.000000000 +0100
++++ openssl-1.0.0c/Makefile.shared      2010-12-12 16:13:44.000000000 +0100
+@@ -151,7 +151,7 @@
+        SHLIB_SUFFIX=; \
+        ALLSYMSFLAGS='-Wl,--whole-archive'; \
+        NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+-       SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
++       SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+ 
+ DO_GNU_APP=LDFLAGS="$(CFLAGS)"
+ 
diff --git a/recipes-connectivity/openssl/openssl/debian/pic.patch b/recipes-connectivity/openssl/openssl/debian/pic.patch
new file mode 100644
index 00000000..bfda3888
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/debian/pic.patch
@@ -0,0 +1,177 @@
+Upstream-Status: Backport [debian]
+
+Index: openssl-1.0.1c/crypto/des/asm/desboth.pl
+===================================================================
+--- openssl-1.0.1c.orig/crypto/des/asm/desboth.pl       2001-10-24 23:20:56.000000000 +0200
++++ openssl-1.0.1c/crypto/des/asm/desboth.pl    2012-07-29 14:15:26.000000000 +0200
+@@ -16,6 +16,11 @@
+ 
+        &push("edi");
+ 
++       &call   (&label("pic_point0"));
++       &set_label("pic_point0");
++       &blindpop("ebp");
++       &add    ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
++
+        &comment("");
+        &comment("Load the data words");
+        &mov($L,&DWP(0,"ebx","",0));
+@@ -47,15 +52,21 @@
+        &mov(&swtmp(2), (DWC(($enc)?"1":"0")));
+        &mov(&swtmp(1), "eax");
+        &mov(&swtmp(0), "ebx");
+-       &call("DES_encrypt2");
++       &exch("ebx", "ebp");
++       &call("DES_encrypt2\@PLT");
++       &exch("ebx", "ebp");
+        &mov(&swtmp(2), (DWC(($enc)?"0":"1")));
+        &mov(&swtmp(1), "edi");
+        &mov(&swtmp(0), "ebx");
+-       &call("DES_encrypt2");
++       &exch("ebx", "ebp");
++       &call("DES_encrypt2\@PLT");
++       &exch("ebx", "ebp");
+        &mov(&swtmp(2), (DWC(($enc)?"1":"0")));
+        &mov(&swtmp(1), "esi");
+        &mov(&swtmp(0), "ebx");
+-       &call("DES_encrypt2");
++       &exch("ebx", "ebp");
++       &call("DES_encrypt2\@PLT");
++       &exch("ebx", "ebp");
+ 
+        &stack_pop(3);
+        &mov($L,&DWP(0,"ebx","",0));
+Index: openssl-1.0.1c/crypto/perlasm/cbc.pl
+===================================================================
+--- openssl-1.0.1c.orig/crypto/perlasm/cbc.pl   2011-07-13 08:22:46.000000000 +0200
++++ openssl-1.0.1c/crypto/perlasm/cbc.pl        2012-07-29 14:15:26.000000000 +0200
+@@ -122,7 +122,11 @@
+        &mov(&DWP($data_off,"esp","",0),        "eax"); # put in array for call
+        &mov(&DWP($data_off+4,"esp","",0),      "ebx"); #
+ 
+-       &call($enc_func);
++       &call   (&label("pic_point0"));
++       &set_label("pic_point0");
++       &blindpop("ebx");
++       &add    ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
++       &call("$enc_func\@PLT");
+ 
+        &mov("eax",     &DWP($data_off,"esp","",0));
+        &mov("ebx",     &DWP($data_off+4,"esp","",0));
+@@ -185,7 +189,11 @@
+        &mov(&DWP($data_off,"esp","",0),        "eax"); # put in array for call
+        &mov(&DWP($data_off+4,"esp","",0),      "ebx"); #
+ 
+-       &call($enc_func);
++       &call   (&label("pic_point1"));
++       &set_label("pic_point1");
++       &blindpop("ebx");
++       &add    ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]");
++       &call("$enc_func\@PLT");
+ 
+        &mov("eax",     &DWP($data_off,"esp","",0));
+        &mov("ebx",     &DWP($data_off+4,"esp","",0));
+@@ -218,7 +226,11 @@
+        &mov(&DWP($data_off,"esp","",0),        "eax"); # put back
+        &mov(&DWP($data_off+4,"esp","",0),      "ebx"); #
+ 
+-       &call($dec_func);
++       &call   (&label("pic_point2"));
++       &set_label("pic_point2");
++       &blindpop("ebx");
++       &add    ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]");
++       &call("$dec_func\@PLT");
+ 
+        &mov("eax",     &DWP($data_off,"esp","",0));    # get return
+        &mov("ebx",     &DWP($data_off+4,"esp","",0));  #
+@@ -261,7 +273,11 @@
+        &mov(&DWP($data_off,"esp","",0),        "eax"); # put back
+        &mov(&DWP($data_off+4,"esp","",0),      "ebx"); #
+ 
+-       &call($dec_func);
++       &call   (&label("pic_point3"));
++       &set_label("pic_point3");
++       &blindpop("ebx");
++       &add    ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]");
++       &call("$dec_func\@PLT");
+ 
+        &mov("eax",     &DWP($data_off,"esp","",0));    # get return
+        &mov("ebx",     &DWP($data_off+4,"esp","",0));  #
+Index: openssl-1.0.1c/crypto/perlasm/x86gas.pl
+===================================================================
+--- openssl-1.0.1c.orig/crypto/perlasm/x86gas.pl        2011-12-09 20:16:35.000000000 +0100
++++ openssl-1.0.1c/crypto/perlasm/x86gas.pl     2012-07-29 14:15:26.000000000 +0200
+@@ -161,6 +161,7 @@
+        if ($::macosx)  { push (@out,"$tmp,2\n"); }
+        elsif ($::elf)  { push (@out,"$tmp,4\n"); }
+        else            { push (@out,"$tmp\n"); }
++       if ($::elf)     { push (@out,".hidden\tOPENSSL_ia32cap_P\n"); }
+     }
+     push(@out,$initseg) if ($initseg);
+ }
+@@ -218,8 +219,23 @@
+     elsif ($::elf)
+     {  $initseg.=<<___;
+ .section       .init
++___
++        if ($::pic)
++       {   $initseg.=<<___;
++       pushl   %ebx
++       call    .pic_point0
++.pic_point0:
++       popl    %ebx
++       addl    \$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx
++       call    $f\@PLT
++       popl    %ebx
++___
++       }
++       else
++       {   $initseg.=<<___;
+        call    $f
+ ___
++       }
+     }
+     elsif ($::coff)
+     {   $initseg.=<<___;       # applies to both Cygwin and Mingw
+Index: openssl-1.0.1c/crypto/x86cpuid.pl
+===================================================================
+--- openssl-1.0.1c.orig/crypto/x86cpuid.pl      2012-02-28 15:20:34.000000000 +0100
++++ openssl-1.0.1c/crypto/x86cpuid.pl   2012-07-29 14:15:26.000000000 +0200
+@@ -8,6 +8,8 @@
+ 
+ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+ 
++push(@out, ".hidden OPENSSL_ia32cap_P\n");
++
+ &function_begin("OPENSSL_ia32_cpuid");
+        &xor    ("edx","edx");
+        &pushf  ();
+@@ -139,9 +141,7 @@
+ &set_label("nocpuid");
+ &function_end("OPENSSL_ia32_cpuid");
+ 
+-&external_label("OPENSSL_ia32cap_P");
+-
+-&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
++&function_begin_B("OPENSSL_rdtsc");
+        &xor    ("eax","eax");
+        &xor    ("edx","edx");
+        &picmeup("ecx","OPENSSL_ia32cap_P");
+@@ -155,7 +155,7 @@
+ # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host],
+ # but it's safe to call it on any [supported] 32-bit platform...
+ # Just check for [non-]zero return value...
+-&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
++&function_begin_B("OPENSSL_instrument_halt");
+        &picmeup("ecx","OPENSSL_ia32cap_P");
+        &bt     (&DWP(0,"ecx"),4);
+        &jnc    (&label("nohalt"));     # no TSC
+@@ -222,7 +222,7 @@
+        &ret    ();
+ &function_end_B("OPENSSL_far_spin");
+ 
+-&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
++&function_begin_B("OPENSSL_wipe_cpu");
+        &xor    ("eax","eax");
+        &xor    ("edx","edx");
+        &picmeup("ecx","OPENSSL_ia32cap_P");
diff --git a/recipes-connectivity/openssl/openssl/debian/version-script.patch b/recipes-connectivity/openssl/openssl/debian/version-script.patch
new file mode 100644
index 00000000..ece8b9b4
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/debian/version-script.patch
@@ -0,0 +1,4670 @@
+Upstream-Status: Backport [debian]
+
+Index: openssl-1.0.1d/Configure
+===================================================================
+--- openssl-1.0.1d.orig/Configure       2013-02-06 19:41:43.000000000 +0100
++++ openssl-1.0.1d/Configure    2013-02-06 19:41:43.000000000 +0100
+@@ -1621,6 +1621,8 @@
+                }
+        }
+ 
++$shared_ldflag .= " -Wl,--version-script=openssl.ld";
++
+ open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
+ unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
+ open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
+Index: openssl-1.0.1d/openssl.ld
+===================================================================
+--- /dev/null   1970-01-01 00:00:00.000000000 +0000
++++ openssl-1.0.1d/openssl.ld   2013-02-06 19:44:25.000000000 +0100
+@@ -0,0 +1,4620 @@
++OPENSSL_1.0.0 {
++       global:
++               BIO_f_ssl;
++               BIO_new_buffer_ssl_connect;
++               BIO_new_ssl;
++               BIO_new_ssl_connect;
++               BIO_proxy_ssl_copy_session_id;
++               BIO_ssl_copy_session_id;
++               BIO_ssl_shutdown;
++               d2i_SSL_SESSION;
++               DTLSv1_client_method;
++               DTLSv1_method;
++               DTLSv1_server_method;
++               ERR_load_SSL_strings;
++               i2d_SSL_SESSION;
++               kssl_build_principal_2;
++               kssl_cget_tkt;
++               kssl_check_authent;
++               kssl_ctx_free;
++               kssl_ctx_new;
++               kssl_ctx_setkey;
++               kssl_ctx_setprinc;
++               kssl_ctx_setstring;
++               kssl_ctx_show;
++               kssl_err_set;
++               kssl_krb5_free_data_contents;
++               kssl_sget_tkt;
++               kssl_skip_confound;
++               kssl_validate_times;
++               PEM_read_bio_SSL_SESSION;
++               PEM_read_SSL_SESSION;
++               PEM_write_bio_SSL_SESSION;
++               PEM_write_SSL_SESSION;
++               SSL_accept;
++               SSL_add_client_CA;
++               SSL_add_dir_cert_subjects_to_stack;
++               SSL_add_dir_cert_subjs_to_stk;
++               SSL_add_file_cert_subjects_to_stack;
++               SSL_add_file_cert_subjs_to_stk;
++               SSL_alert_desc_string;
++               SSL_alert_desc_string_long;
++               SSL_alert_type_string;
++               SSL_alert_type_string_long;
++               SSL_callback_ctrl;
++               SSL_check_private_key;
++               SSL_CIPHER_description;
++               SSL_CIPHER_get_bits;
++               SSL_CIPHER_get_name;
++               SSL_CIPHER_get_version;
++               SSL_clear;
++               SSL_COMP_add_compression_method;
++               SSL_COMP_get_compression_methods;
++               SSL_COMP_get_compress_methods;
++               SSL_COMP_get_name;
++               SSL_connect;
++               SSL_copy_session_id;
++               SSL_ctrl;
++               SSL_CTX_add_client_CA;
++               SSL_CTX_add_session;
++               SSL_CTX_callback_ctrl;
++               SSL_CTX_check_private_key;
++               SSL_CTX_ctrl;
++               SSL_CTX_flush_sessions;
++               SSL_CTX_free;
++               SSL_CTX_get_cert_store;
++               SSL_CTX_get_client_CA_list;
++               SSL_CTX_get_client_cert_cb;
++               SSL_CTX_get_ex_data;
++               SSL_CTX_get_ex_new_index;
++               SSL_CTX_get_info_callback;
++               SSL_CTX_get_quiet_shutdown;
++               SSL_CTX_get_timeout;
++               SSL_CTX_get_verify_callback;
++               SSL_CTX_get_verify_depth;
++               SSL_CTX_get_verify_mode;
++               SSL_CTX_load_verify_locations;
++               SSL_CTX_new;
++               SSL_CTX_remove_session;
++               SSL_CTX_sess_get_get_cb;
++               SSL_CTX_sess_get_new_cb;
++               SSL_CTX_sess_get_remove_cb;
++               SSL_CTX_sessions;
++               SSL_CTX_sess_set_get_cb;
++               SSL_CTX_sess_set_new_cb;
++               SSL_CTX_sess_set_remove_cb;
++               SSL_CTX_set1_param;
++               SSL_CTX_set_cert_store;
++               SSL_CTX_set_cert_verify_callback;
++               SSL_CTX_set_cert_verify_cb;
++               SSL_CTX_set_cipher_list;
++               SSL_CTX_set_client_CA_list;
++               SSL_CTX_set_client_cert_cb;
++               SSL_CTX_set_client_cert_engine;
++               SSL_CTX_set_cookie_generate_cb;
++               SSL_CTX_set_cookie_verify_cb;
++               SSL_CTX_set_default_passwd_cb;
++               SSL_CTX_set_default_passwd_cb_userdata;
++               SSL_CTX_set_default_verify_paths;
++               SSL_CTX_set_def_passwd_cb_ud;
++               SSL_CTX_set_def_verify_paths;
++               SSL_CTX_set_ex_data;
++               SSL_CTX_set_generate_session_id;
++               SSL_CTX_set_info_callback;
++               SSL_CTX_set_msg_callback;
++               SSL_CTX_set_psk_client_callback;
++               SSL_CTX_set_psk_server_callback;
++               SSL_CTX_set_purpose;
++               SSL_CTX_set_quiet_shutdown;
++               SSL_CTX_set_session_id_context;
++               SSL_CTX_set_ssl_version;
++               SSL_CTX_set_timeout;
++               SSL_CTX_set_tmp_dh_callback;
++               SSL_CTX_set_tmp_ecdh_callback;
++               SSL_CTX_set_tmp_rsa_callback;
++               SSL_CTX_set_trust;
++               SSL_CTX_set_verify;
++               SSL_CTX_set_verify_depth;
++               SSL_CTX_use_cert_chain_file;
++               SSL_CTX_use_certificate;
++               SSL_CTX_use_certificate_ASN1;
++               SSL_CTX_use_certificate_chain_file;
++               SSL_CTX_use_certificate_file;
++               SSL_CTX_use_PrivateKey;
++               SSL_CTX_use_PrivateKey_ASN1;
++               SSL_CTX_use_PrivateKey_file;
++               SSL_CTX_use_psk_identity_hint;
++               SSL_CTX_use_RSAPrivateKey;
++               SSL_CTX_use_RSAPrivateKey_ASN1;
++               SSL_CTX_use_RSAPrivateKey_file;
++               SSL_do_handshake;
++               SSL_dup;
++               SSL_dup_CA_list;
++               SSLeay_add_ssl_algorithms;
++               SSL_free;
++               SSL_get1_session;
++               SSL_get_certificate;
++               SSL_get_cipher_list;
++               SSL_get_ciphers;
++               SSL_get_client_CA_list;
++               SSL_get_current_cipher;
++               SSL_get_current_compression;
++               SSL_get_current_expansion;
++               SSL_get_default_timeout;
++               SSL_get_error;
++               SSL_get_ex_data;
++               SSL_get_ex_data_X509_STORE_CTX_idx;
++               SSL_get_ex_d_X509_STORE_CTX_idx;
++               SSL_get_ex_new_index;
++               SSL_get_fd;
++               SSL_get_finished;
++               SSL_get_info_callback;
++               SSL_get_peer_cert_chain;
++               SSL_get_peer_certificate;
++               SSL_get_peer_finished;
++               SSL_get_privatekey;
++               SSL_get_psk_identity;
++               SSL_get_psk_identity_hint;
++               SSL_get_quiet_shutdown;
++               SSL_get_rbio;
++               SSL_get_read_ahead;
++               SSL_get_rfd;
++               SSL_get_servername;
++               SSL_get_servername_type;
++               SSL_get_session;
++               SSL_get_shared_ciphers;
++               SSL_get_shutdown;
++               SSL_get_SSL_CTX;
++               SSL_get_ssl_method;
++               SSL_get_verify_callback;
++               SSL_get_verify_depth;
++               SSL_get_verify_mode;
++               SSL_get_verify_result;
++               SSL_get_version;
++               SSL_get_wbio;
++               SSL_get_wfd;
++               SSL_has_matching_session_id;
++               SSL_library_init;
++               SSL_load_client_CA_file;
++               SSL_load_error_strings;
++               SSL_new;
++               SSL_peek;
++               SSL_pending;
++               SSL_read;
++               SSL_renegotiate;
++               SSL_renegotiate_pending;
++               SSL_rstate_string;
++               SSL_rstate_string_long;
++               SSL_SESSION_cmp;
++               SSL_SESSION_free;
++               SSL_SESSION_get_ex_data;
++               SSL_SESSION_get_ex_new_index;
++               SSL_SESSION_get_id;
++               SSL_SESSION_get_time;
++               SSL_SESSION_get_timeout;
++               SSL_SESSION_hash;
++               SSL_SESSION_new;
++               SSL_SESSION_print;
++               SSL_SESSION_print_fp;
++               SSL_SESSION_set_ex_data;
++               SSL_SESSION_set_time;
++               SSL_SESSION_set_timeout;
++               SSL_set1_param;
++               SSL_set_accept_state;
++               SSL_set_bio;
++               SSL_set_cipher_list;
++               SSL_set_client_CA_list;
++               SSL_set_connect_state;
++               SSL_set_ex_data;
++               SSL_set_fd;
++               SSL_set_generate_session_id;
++               SSL_set_info_callback;
++               SSL_set_msg_callback;
++               SSL_set_psk_client_callback;
++               SSL_set_psk_server_callback;
++               SSL_set_purpose;
++               SSL_set_quiet_shutdown;
++               SSL_set_read_ahead;
++               SSL_set_rfd;
++               SSL_set_session;
++               SSL_set_session_id_context;
++               SSL_set_session_secret_cb;
++               SSL_set_session_ticket_ext;
++               SSL_set_session_ticket_ext_cb;
++               SSL_set_shutdown;
++               SSL_set_SSL_CTX;
++               SSL_set_ssl_method;
++               SSL_set_tmp_dh_callback;
++               SSL_set_tmp_ecdh_callback;
++               SSL_set_tmp_rsa_callback;
++               SSL_set_trust;
++               SSL_set_verify;
++               SSL_set_verify_depth;
++               SSL_set_verify_result;
++               SSL_set_wfd;
++               SSL_shutdown;
++               SSL_state;
++               SSL_state_string;
++               SSL_state_string_long;
++               SSL_use_certificate;
++               SSL_use_certificate_ASN1;
++               SSL_use_certificate_file;
++               SSL_use_PrivateKey;
++               SSL_use_PrivateKey_ASN1;
++               SSL_use_PrivateKey_file;
++               SSL_use_psk_identity_hint;
++               SSL_use_RSAPrivateKey;
++               SSL_use_RSAPrivateKey_ASN1;
++               SSL_use_RSAPrivateKey_file;
++               SSLv23_client_method;
++               SSLv23_method;
++               SSLv23_server_method;
++               SSLv2_client_method;
++               SSLv2_method;
++               SSLv2_server_method;
++               SSLv3_client_method;
++               SSLv3_method;
++               SSLv3_server_method;
++               SSL_version;
++               SSL_want;
++               SSL_write;
++               TLSv1_client_method;
++               TLSv1_method;
++               TLSv1_server_method;
++
++
++               SSLeay;
++               SSLeay_version;
++               ASN1_BIT_STRING_asn1_meth;
++               ASN1_HEADER_free;
++               ASN1_HEADER_new;
++               ASN1_IA5STRING_asn1_meth;
++               ASN1_INTEGER_get;
++               ASN1_INTEGER_set;
++               ASN1_INTEGER_to_BN;
++               ASN1_OBJECT_create;
++               ASN1_OBJECT_free;
++               ASN1_OBJECT_new;
++               ASN1_PRINTABLE_type;
++               ASN1_STRING_cmp;
++               ASN1_STRING_dup;
++               ASN1_STRING_free;
++               ASN1_STRING_new;
++               ASN1_STRING_print;
++               ASN1_STRING_set;
++               ASN1_STRING_type_new;
++               ASN1_TYPE_free;
++               ASN1_TYPE_new;
++               ASN1_UNIVERSALSTRING_to_string;
++               ASN1_UTCTIME_check;
++               ASN1_UTCTIME_print;
++               ASN1_UTCTIME_set;
++               ASN1_check_infinite_end;
++               ASN1_d2i_bio;
++               ASN1_d2i_fp;
++               ASN1_digest;
++               ASN1_dup;
++               ASN1_get_object;
++               ASN1_i2d_bio;
++               ASN1_i2d_fp;
++               ASN1_object_size;
++               ASN1_parse;
++               ASN1_put_object;
++               ASN1_sign;
++               ASN1_verify;
++               BF_cbc_encrypt;
++               BF_cfb64_encrypt;
++               BF_ecb_encrypt;
++               BF_encrypt;
++               BF_ofb64_encrypt;
++               BF_options;
++               BF_set_key;
++               BIO_CONNECT_free;
++               BIO_CONNECT_new;
++               BIO_accept;
++               BIO_ctrl;
++               BIO_int_ctrl;
++               BIO_debug_callback;
++               BIO_dump;
++               BIO_dup_chain;
++               BIO_f_base64;
++               BIO_f_buffer;
++               BIO_f_cipher;
++               BIO_f_md;
++               BIO_f_null;
++               BIO_f_proxy_server;
++               BIO_fd_non_fatal_error;
++               BIO_fd_should_retry;
++               BIO_find_type;
++               BIO_free;
++               BIO_free_all;
++               BIO_get_accept_socket;
++               BIO_get_filter_bio;
++               BIO_get_host_ip;
++               BIO_get_port;
++               BIO_get_retry_BIO;
++               BIO_get_retry_reason;
++               BIO_gethostbyname;
++               BIO_gets;
++               BIO_new;
++               BIO_new_accept;
++               BIO_new_connect;
++               BIO_new_fd;
++               BIO_new_file;
++               BIO_new_fp;
++               BIO_new_socket;
++               BIO_pop;
++               BIO_printf;
++               BIO_push;
++               BIO_puts;
++               BIO_read;
++               BIO_s_accept;
++               BIO_s_connect;
++               BIO_s_fd;
++               BIO_s_file;
++               BIO_s_mem;
++               BIO_s_null;
++               BIO_s_proxy_client;
++               BIO_s_socket;
++               BIO_set;
++               BIO_set_cipher;
++               BIO_set_tcp_ndelay;
++               BIO_sock_cleanup;
++               BIO_sock_error;
++               BIO_sock_init;
++               BIO_sock_non_fatal_error;
++               BIO_sock_should_retry;
++               BIO_socket_ioctl;
++               BIO_write;
++               BN_CTX_free;
++               BN_CTX_new;
++               BN_MONT_CTX_free;
++               BN_MONT_CTX_new;
++               BN_MONT_CTX_set;
++               BN_add;
++               BN_add_word;
++               BN_hex2bn;
++               BN_bin2bn;
++               BN_bn2hex;
++               BN_bn2bin;
++               BN_clear;
++               BN_clear_bit;
++               BN_clear_free;
++               BN_cmp;
++               BN_copy;
++               BN_div;
++               BN_div_word;
++               BN_dup;
++               BN_free;
++               BN_from_montgomery;
++               BN_gcd;
++               BN_generate_prime;
++               BN_get_word;
++               BN_is_bit_set;
++               BN_is_prime;
++               BN_lshift;
++               BN_lshift1;
++               BN_mask_bits;
++               BN_mod;
++               BN_mod_exp;
++               BN_mod_exp_mont;
++               BN_mod_exp_simple;
++               BN_mod_inverse;
++               BN_mod_mul;
++               BN_mod_mul_montgomery;
++               BN_mod_word;
++               BN_mul;
++               BN_new;
++               BN_num_bits;
++               BN_num_bits_word;
++               BN_options;
++               BN_print;
++               BN_print_fp;
++               BN_rand;
++               BN_reciprocal;
++               BN_rshift;
++               BN_rshift1;
++               BN_set_bit;
++               BN_set_word;
++               BN_sqr;
++               BN_sub;
++               BN_to_ASN1_INTEGER;
++               BN_ucmp;
++               BN_value_one;
++               BUF_MEM_free;
++               BUF_MEM_grow;
++               BUF_MEM_new;
++               BUF_strdup;
++               CONF_free;
++               CONF_get_number;
++               CONF_get_section;
++               CONF_get_string;
++               CONF_load;
++               CRYPTO_add_lock;
++               CRYPTO_dbg_free;
++               CRYPTO_dbg_malloc;
++               CRYPTO_dbg_realloc;
++               CRYPTO_dbg_remalloc;
++               CRYPTO_free;
++               CRYPTO_get_add_lock_callback;
++               CRYPTO_get_id_callback;
++               CRYPTO_get_lock_name;
++               CRYPTO_get_locking_callback;
++               CRYPTO_get_mem_functions;
++               CRYPTO_lock;
++               CRYPTO_malloc;
++               CRYPTO_mem_ctrl;
++               CRYPTO_mem_leaks;
++               CRYPTO_mem_leaks_cb;
++               CRYPTO_mem_leaks_fp;
++               CRYPTO_realloc;
++               CRYPTO_remalloc;
++               CRYPTO_set_add_lock_callback;
++               CRYPTO_set_id_callback;
++               CRYPTO_set_locking_callback;
++               CRYPTO_set_mem_functions;
++               CRYPTO_thread_id;
++               DH_check;
++               DH_compute_key;
++               DH_free;
++               DH_generate_key;
++               DH_generate_parameters;
++               DH_new;
++               DH_size;
++               DHparams_print;
++               DHparams_print_fp;
++               DSA_free;
++               DSA_generate_key;
++               DSA_generate_parameters;
++               DSA_is_prime;
++               DSA_new;
++               DSA_print;
++               DSA_print_fp;
++               DSA_sign;
++               DSA_sign_setup;
++               DSA_size;
++               DSA_verify;
++               DSAparams_print;
++               DSAparams_print_fp;
++               ERR_clear_error;
++               ERR_error_string;
++               ERR_free_strings;
++               ERR_func_error_string;
++               ERR_get_err_state_table;
++               ERR_get_error;
++               ERR_get_error_line;
++               ERR_get_state;
++               ERR_get_string_table;
++               ERR_lib_error_string;
++               ERR_load_ASN1_strings;
++               ERR_load_BIO_strings;
++               ERR_load_BN_strings;
++               ERR_load_BUF_strings;
++               ERR_load_CONF_strings;
++               ERR_load_DH_strings;
++               ERR_load_DSA_strings;
++               ERR_load_ERR_strings;
++               ERR_load_EVP_strings;
++               ERR_load_OBJ_strings;
++               ERR_load_PEM_strings;
++               ERR_load_PROXY_strings;
++               ERR_load_RSA_strings;
++               ERR_load_X509_strings;
++               ERR_load_crypto_strings;
++               ERR_load_strings;
++               ERR_peek_error;
++               ERR_peek_error_line;
++               ERR_print_errors;
++               ERR_print_errors_fp;
++               ERR_put_error;
++               ERR_reason_error_string;
++               ERR_remove_state;
++               EVP_BytesToKey;
++               EVP_CIPHER_CTX_cleanup;
++               EVP_CipherFinal;
++               EVP_CipherInit;
++               EVP_CipherUpdate;
++               EVP_DecodeBlock;
++               EVP_DecodeFinal;
++               EVP_DecodeInit;
++               EVP_DecodeUpdate;
++               EVP_DecryptFinal;
++               EVP_DecryptInit;
++               EVP_DecryptUpdate;
++               EVP_DigestFinal;
++               EVP_DigestInit;
++               EVP_DigestUpdate;
++               EVP_EncodeBlock;
++               EVP_EncodeFinal;
++               EVP_EncodeInit;
++               EVP_EncodeUpdate;
++               EVP_EncryptFinal;
++               EVP_EncryptInit;
++               EVP_EncryptUpdate;
++               EVP_OpenFinal;
++               EVP_OpenInit;
++               EVP_PKEY_assign;
++               EVP_PKEY_copy_parameters;
++               EVP_PKEY_free;
++               EVP_PKEY_missing_parameters;
++               EVP_PKEY_new;
++               EVP_PKEY_save_parameters;
++               EVP_PKEY_size;
++               EVP_PKEY_type;
++               EVP_SealFinal;
++               EVP_SealInit;
++               EVP_SignFinal;
++               EVP_VerifyFinal;
++               EVP_add_alias;
++               EVP_add_cipher;
++               EVP_add_digest;
++               EVP_bf_cbc;
++               EVP_bf_cfb64;
++               EVP_bf_ecb;
++               EVP_bf_ofb;
++               EVP_cleanup;
++               EVP_des_cbc;
++               EVP_des_cfb64;
++               EVP_des_ecb;
++               EVP_des_ede;
++               EVP_des_ede3;
++               EVP_des_ede3_cbc;
++               EVP_des_ede3_cfb64;
++               EVP_des_ede3_ofb;
++               EVP_des_ede_cbc;
++               EVP_des_ede_cfb64;
++               EVP_des_ede_ofb;
++               EVP_des_ofb;
++               EVP_desx_cbc;
++               EVP_dss;
++               EVP_dss1;
++               EVP_enc_null;
++               EVP_get_cipherbyname;
++               EVP_get_digestbyname;
++               EVP_get_pw_prompt;
++               EVP_idea_cbc;
++               EVP_idea_cfb64;
++               EVP_idea_ecb;
++               EVP_idea_ofb;
++               EVP_md2;
++               EVP_md5;
++               EVP_md_null;
++               EVP_rc2_cbc;
++               EVP_rc2_cfb64;
++               EVP_rc2_ecb;
++               EVP_rc2_ofb;
++               EVP_rc4;
++               EVP_read_pw_string;
++               EVP_set_pw_prompt;
++               EVP_sha;
++               EVP_sha1;
++               MD2;
++               MD2_Final;
++               MD2_Init;
++               MD2_Update;
++               MD2_options;
++               MD5;
++               MD5_Final;
++               MD5_Init;
++               MD5_Update;
++               MDC2;
++               MDC2_Final;
++               MDC2_Init;
++               MDC2_Update;
++               NETSCAPE_SPKAC_free;
++               NETSCAPE_SPKAC_new;
++               NETSCAPE_SPKI_free;
++               NETSCAPE_SPKI_new;
++               NETSCAPE_SPKI_sign;
++               NETSCAPE_SPKI_verify;
++               OBJ_add_object;
++               OBJ_bsearch;
++               OBJ_cleanup;
++               OBJ_cmp;
++               OBJ_create;
++               OBJ_dup;
++               OBJ_ln2nid;
++               OBJ_new_nid;
++               OBJ_nid2ln;
++               OBJ_nid2obj;
++               OBJ_nid2sn;
++               OBJ_obj2nid;
++               OBJ_sn2nid;
++               OBJ_txt2nid;
++               PEM_ASN1_read;
++               PEM_ASN1_read_bio;
++               PEM_ASN1_write;
++               PEM_ASN1_write_bio;
++               PEM_SealFinal;
++               PEM_SealInit;
++               PEM_SealUpdate;
++               PEM_SignFinal;
++               PEM_SignInit;
++               PEM_SignUpdate;
++               PEM_X509_INFO_read;
++               PEM_X509_INFO_read_bio;
++               PEM_X509_INFO_write_bio;
++               PEM_dek_info;
++               PEM_do_header;
++               PEM_get_EVP_CIPHER_INFO;
++               PEM_proc_type;
++               PEM_read;
++               PEM_read_DHparams;
++               PEM_read_DSAPrivateKey;
++               PEM_read_DSAparams;
++               PEM_read_PKCS7;
++               PEM_read_PrivateKey;
++               PEM_read_RSAPrivateKey;
++               PEM_read_X509;
++               PEM_read_X509_CRL;
++               PEM_read_X509_REQ;
++               PEM_read_bio;
++               PEM_read_bio_DHparams;
++               PEM_read_bio_DSAPrivateKey;
++               PEM_read_bio_DSAparams;
++               PEM_read_bio_PKCS7;
++               PEM_read_bio_PrivateKey;
++               PEM_read_bio_RSAPrivateKey;
++               PEM_read_bio_X509;
++               PEM_read_bio_X509_CRL;
++               PEM_read_bio_X509_REQ;
++               PEM_write;
++               PEM_write_DHparams;
++               PEM_write_DSAPrivateKey;
++               PEM_write_DSAparams;
++               PEM_write_PKCS7;
++               PEM_write_PrivateKey;
++               PEM_write_RSAPrivateKey;
++               PEM_write_X509;
++               PEM_write_X509_CRL;
++               PEM_write_X509_REQ;
++               PEM_write_bio;
++               PEM_write_bio_DHparams;
++               PEM_write_bio_DSAPrivateKey;
++               PEM_write_bio_DSAparams;
++               PEM_write_bio_PKCS7;
++               PEM_write_bio_PrivateKey;
++               PEM_write_bio_RSAPrivateKey;
++               PEM_write_bio_X509;
++               PEM_write_bio_X509_CRL;
++               PEM_write_bio_X509_REQ;
++               PKCS7_DIGEST_free;
++               PKCS7_DIGEST_new;
++               PKCS7_ENCRYPT_free;
++               PKCS7_ENCRYPT_new;
++               PKCS7_ENC_CONTENT_free;
++               PKCS7_ENC_CONTENT_new;
++               PKCS7_ENVELOPE_free;
++               PKCS7_ENVELOPE_new;
++               PKCS7_ISSUER_AND_SERIAL_digest;
++               PKCS7_ISSUER_AND_SERIAL_free;
++               PKCS7_ISSUER_AND_SERIAL_new;
++               PKCS7_RECIP_INFO_free;
++               PKCS7_RECIP_INFO_new;
++               PKCS7_SIGNED_free;
++               PKCS7_SIGNED_new;
++               PKCS7_SIGNER_INFO_free;
++               PKCS7_SIGNER_INFO_new;
++               PKCS7_SIGN_ENVELOPE_free;
++               PKCS7_SIGN_ENVELOPE_new;
++               PKCS7_dup;
++               PKCS7_free;
++               PKCS7_new;
++               PROXY_ENTRY_add_noproxy;
++               PROXY_ENTRY_clear_noproxy;
++               PROXY_ENTRY_free;
++               PROXY_ENTRY_get_noproxy;
++               PROXY_ENTRY_new;
++               PROXY_ENTRY_set_server;
++               PROXY_add_noproxy;
++               PROXY_add_server;
++               PROXY_check_by_host;
++               PROXY_check_url;
++               PROXY_clear_noproxy;
++               PROXY_free;
++               PROXY_get_noproxy;
++               PROXY_get_proxies;
++               PROXY_get_proxy_entry;
++               PROXY_load_conf;
++               PROXY_new;
++               PROXY_print;
++               RAND_bytes;
++               RAND_cleanup;
++               RAND_file_name;
++               RAND_load_file;
++               RAND_screen;
++               RAND_seed;
++               RAND_write_file;
++               RC2_cbc_encrypt;
++               RC2_cfb64_encrypt;
++               RC2_ecb_encrypt;
++               RC2_encrypt;
++               RC2_ofb64_encrypt;
++               RC2_set_key;
++               RC4;
++               RC4_options;
++               RC4_set_key;
++               RSAPrivateKey_asn1_meth;
++               RSAPrivateKey_dup;
++               RSAPublicKey_dup;
++               RSA_PKCS1_SSLeay;
++               RSA_free;
++               RSA_generate_key;
++               RSA_new;
++               RSA_new_method;
++               RSA_print;
++               RSA_print_fp;
++               RSA_private_decrypt;
++               RSA_private_encrypt;
++               RSA_public_decrypt;
++               RSA_public_encrypt;
++               RSA_set_default_method;
++               RSA_sign;
++               RSA_sign_ASN1_OCTET_STRING;
++               RSA_size;
++               RSA_verify;
++               RSA_verify_ASN1_OCTET_STRING;
++               SHA;
++               SHA1;
++               SHA1_Final;
++               SHA1_Init;
++               SHA1_Update;
++               SHA_Final;
++               SHA_Init;
++               SHA_Update;
++               OpenSSL_add_all_algorithms;
++               OpenSSL_add_all_ciphers;
++               OpenSSL_add_all_digests;
++               TXT_DB_create_index;
++               TXT_DB_free;
++               TXT_DB_get_by_index;
++               TXT_DB_insert;
++               TXT_DB_read;
++               TXT_DB_write;
++               X509_ALGOR_free;
++               X509_ALGOR_new;
++               X509_ATTRIBUTE_free;
++               X509_ATTRIBUTE_new;
++               X509_CINF_free;
++               X509_CINF_new;
++               X509_CRL_INFO_free;
++               X509_CRL_INFO_new;
++               X509_CRL_add_ext;
++               X509_CRL_cmp;
++               X509_CRL_delete_ext;
++               X509_CRL_dup;
++               X509_CRL_free;
++               X509_CRL_get_ext;
++               X509_CRL_get_ext_by_NID;
++               X509_CRL_get_ext_by_OBJ;
++               X509_CRL_get_ext_by_critical;
++               X509_CRL_get_ext_count;
++               X509_CRL_new;
++               X509_CRL_sign;
++               X509_CRL_verify;
++               X509_EXTENSION_create_by_NID;
++               X509_EXTENSION_create_by_OBJ;
++               X509_EXTENSION_dup;
++               X509_EXTENSION_free;
++               X509_EXTENSION_get_critical;
++               X509_EXTENSION_get_data;
++               X509_EXTENSION_get_object;
++               X509_EXTENSION_new;
++               X509_EXTENSION_set_critical;
++               X509_EXTENSION_set_data;
++               X509_EXTENSION_set_object;
++               X509_INFO_free;
++               X509_INFO_new;
++               X509_LOOKUP_by_alias;
++               X509_LOOKUP_by_fingerprint;
++               X509_LOOKUP_by_issuer_serial;
++               X509_LOOKUP_by_subject;
++               X509_LOOKUP_ctrl;
++               X509_LOOKUP_file;
++               X509_LOOKUP_free;
++               X509_LOOKUP_hash_dir;
++               X509_LOOKUP_init;
++               X509_LOOKUP_new;
++               X509_LOOKUP_shutdown;
++               X509_NAME_ENTRY_create_by_NID;
++               X509_NAME_ENTRY_create_by_OBJ;
++               X509_NAME_ENTRY_dup;
++               X509_NAME_ENTRY_free;
++               X509_NAME_ENTRY_get_data;
++               X509_NAME_ENTRY_get_object;
++               X509_NAME_ENTRY_new;
++               X509_NAME_ENTRY_set_data;
++               X509_NAME_ENTRY_set_object;
++               X509_NAME_add_entry;
++               X509_NAME_cmp;
++               X509_NAME_delete_entry;
++               X509_NAME_digest;
++               X509_NAME_dup;
++               X509_NAME_entry_count;
++               X509_NAME_free;
++               X509_NAME_get_entry;
++               X509_NAME_get_index_by_NID;
++               X509_NAME_get_index_by_OBJ;
++               X509_NAME_get_text_by_NID;
++               X509_NAME_get_text_by_OBJ;
++               X509_NAME_hash;
++               X509_NAME_new;
++               X509_NAME_oneline;
++               X509_NAME_print;
++               X509_NAME_set;
++               X509_OBJECT_free_contents;
++               X509_OBJECT_retrieve_by_subject;
++               X509_OBJECT_up_ref_count;
++               X509_PKEY_free;
++               X509_PKEY_new;
++               X509_PUBKEY_free;
++               X509_PUBKEY_get;
++               X509_PUBKEY_new;
++               X509_PUBKEY_set;
++               X509_REQ_INFO_free;
++               X509_REQ_INFO_new;
++               X509_REQ_dup;
++               X509_REQ_free;
++               X509_REQ_get_pubkey;
++               X509_REQ_new;
++               X509_REQ_print;
++               X509_REQ_print_fp;
++               X509_REQ_set_pubkey;
++               X509_REQ_set_subject_name;
++               X509_REQ_set_version;
++               X509_REQ_sign;
++               X509_REQ_to_X509;
++               X509_REQ_verify;
++               X509_REVOKED_add_ext;
++               X509_REVOKED_delete_ext;
++               X509_REVOKED_free;
++               X509_REVOKED_get_ext;
++               X509_REVOKED_get_ext_by_NID;
++               X509_REVOKED_get_ext_by_OBJ;
++               X509_REVOKED_get_ext_by_critical;
++               X509_REVOKED_get_ext_by_critic;
++               X509_REVOKED_get_ext_count;
++               X509_REVOKED_new;
++               X509_SIG_free;
++               X509_SIG_new;
++               X509_STORE_CTX_cleanup;
++               X509_STORE_CTX_init;
++               X509_STORE_add_cert;
++               X509_STORE_add_lookup;
++               X509_STORE_free;
++               X509_STORE_get_by_subject;
++               X509_STORE_load_locations;
++               X509_STORE_new;
++               X509_STORE_set_default_paths;
++               X509_VAL_free;
++               X509_VAL_new;
++               X509_add_ext;
++               X509_asn1_meth;
++               X509_certificate_type;
++               X509_check_private_key;
++               X509_cmp_current_time;
++               X509_delete_ext;
++               X509_digest;
++               X509_dup;
++               X509_free;
++               X509_get_default_cert_area;
++               X509_get_default_cert_dir;
++               X509_get_default_cert_dir_env;
++               X509_get_default_cert_file;
++               X509_get_default_cert_file_env;
++               X509_get_default_private_dir;
++               X509_get_ext;
++               X509_get_ext_by_NID;
++               X509_get_ext_by_OBJ;
++               X509_get_ext_by_critical;
++               X509_get_ext_count;
++               X509_get_issuer_name;
++               X509_get_pubkey;
++               X509_get_pubkey_parameters;
++               X509_get_serialNumber;
++               X509_get_subject_name;
++               X509_gmtime_adj;
++               X509_issuer_and_serial_cmp;
++               X509_issuer_and_serial_hash;
++               X509_issuer_name_cmp;
++               X509_issuer_name_hash;
++               X509_load_cert_file;
++               X509_new;
++               X509_print;
++               X509_print_fp;
++               X509_set_issuer_name;
++               X509_set_notAfter;
++               X509_set_notBefore;
++               X509_set_pubkey;
++               X509_set_serialNumber;
++               X509_set_subject_name;
++               X509_set_version;
++               X509_sign;
++               X509_subject_name_cmp;
++               X509_subject_name_hash;
++               X509_to_X509_REQ;
++               X509_verify;
++               X509_verify_cert;
++               X509_verify_cert_error_string;
++               X509v3_add_ext;
++               X509v3_add_extension;
++               X509v3_add_netscape_extensions;
++               X509v3_add_standard_extensions;
++               X509v3_cleanup_extensions;
++               X509v3_data_type_by_NID;
++               X509v3_data_type_by_OBJ;
++               X509v3_delete_ext;
++               X509v3_get_ext;
++               X509v3_get_ext_by_NID;
++               X509v3_get_ext_by_OBJ;
++               X509v3_get_ext_by_critical;
++               X509v3_get_ext_count;
++               X509v3_pack_string;
++               X509v3_pack_type_by_NID;
++               X509v3_pack_type_by_OBJ;
++               X509v3_unpack_string;
++               _des_crypt;
++               a2d_ASN1_OBJECT;
++               a2i_ASN1_INTEGER;
++               a2i_ASN1_STRING;
++               asn1_Finish;
++               asn1_GetSequence;
++               bn_div_words;
++               bn_expand2;
++               bn_mul_add_words;
++               bn_mul_words;
++               BN_uadd;
++               BN_usub;
++               bn_sqr_words;
++               _ossl_old_crypt;
++               d2i_ASN1_BIT_STRING;
++               d2i_ASN1_BOOLEAN;
++               d2i_ASN1_HEADER;
++               d2i_ASN1_IA5STRING;
++               d2i_ASN1_INTEGER;
++               d2i_ASN1_OBJECT;
++               d2i_ASN1_OCTET_STRING;
++               d2i_ASN1_PRINTABLE;
++               d2i_ASN1_PRINTABLESTRING;
++               d2i_ASN1_SET;
++               d2i_ASN1_T61STRING;
++               d2i_ASN1_TYPE;
++               d2i_ASN1_UTCTIME;
++               d2i_ASN1_bytes;
++               d2i_ASN1_type_bytes;
++               d2i_DHparams;
++               d2i_DSAPrivateKey;
++               d2i_DSAPrivateKey_bio;
++               d2i_DSAPrivateKey_fp;
++               d2i_DSAPublicKey;
++               d2i_DSAparams;
++               d2i_NETSCAPE_SPKAC;
++               d2i_NETSCAPE_SPKI;
++               d2i_Netscape_RSA;
++               d2i_PKCS7;
++               d2i_PKCS7_DIGEST;
++               d2i_PKCS7_ENCRYPT;
++               d2i_PKCS7_ENC_CONTENT;
++               d2i_PKCS7_ENVELOPE;
++               d2i_PKCS7_ISSUER_AND_SERIAL;
++               d2i_PKCS7_RECIP_INFO;
++               d2i_PKCS7_SIGNED;
++               d2i_PKCS7_SIGNER_INFO;
++               d2i_PKCS7_SIGN_ENVELOPE;
++               d2i_PKCS7_bio;
++               d2i_PKCS7_fp;
++               d2i_PrivateKey;
++               d2i_PublicKey;
++               d2i_RSAPrivateKey;
++               d2i_RSAPrivateKey_bio;
++               d2i_RSAPrivateKey_fp;
++               d2i_RSAPublicKey;
++               d2i_X509;
++               d2i_X509_ALGOR;
++               d2i_X509_ATTRIBUTE;
++               d2i_X509_CINF;
++               d2i_X509_CRL;
++               d2i_X509_CRL_INFO;
++               d2i_X509_CRL_bio;
++               d2i_X509_CRL_fp;
++               d2i_X509_EXTENSION;
++               d2i_X509_NAME;
++               d2i_X509_NAME_ENTRY;
++               d2i_X509_PKEY;
++               d2i_X509_PUBKEY;
++               d2i_X509_REQ;
++               d2i_X509_REQ_INFO;
++               d2i_X509_REQ_bio;
++               d2i_X509_REQ_fp;
++               d2i_X509_REVOKED;
++               d2i_X509_SIG;
++               d2i_X509_VAL;
++               d2i_X509_bio;
++               d2i_X509_fp;
++               DES_cbc_cksum;
++               DES_cbc_encrypt;
++               DES_cblock_print_file;
++               DES_cfb64_encrypt;
++               DES_cfb_encrypt;
++               DES_decrypt3;
++               DES_ecb3_encrypt;
++               DES_ecb_encrypt;
++               DES_ede3_cbc_encrypt;
++               DES_ede3_cfb64_encrypt;
++               DES_ede3_ofb64_encrypt;
++               DES_enc_read;
++               DES_enc_write;
++               DES_encrypt1;
++               DES_encrypt2;
++               DES_encrypt3;
++               DES_fcrypt;
++               DES_is_weak_key;
++               DES_key_sched;
++               DES_ncbc_encrypt;
++               DES_ofb64_encrypt;
++               DES_ofb_encrypt;
++               DES_options;
++               DES_pcbc_encrypt;
++               DES_quad_cksum;
++               DES_random_key;
++               _ossl_old_des_random_seed;
++               _ossl_old_des_read_2passwords;
++               _ossl_old_des_read_password;
++               _ossl_old_des_read_pw;
++               _ossl_old_des_read_pw_string;
++               DES_set_key;
++               DES_set_odd_parity;
++               DES_string_to_2keys;
++               DES_string_to_key;
++               DES_xcbc_encrypt;
++               DES_xwhite_in2out;
++               fcrypt_body;
++               i2a_ASN1_INTEGER;
++               i2a_ASN1_OBJECT;
++               i2a_ASN1_STRING;
++               i2d_ASN1_BIT_STRING;
++               i2d_ASN1_BOOLEAN;
++               i2d_ASN1_HEADER;
++               i2d_ASN1_IA5STRING;
++               i2d_ASN1_INTEGER;
++               i2d_ASN1_OBJECT;
++               i2d_ASN1_OCTET_STRING;
++               i2d_ASN1_PRINTABLE;
++               i2d_ASN1_SET;
++               i2d_ASN1_TYPE;
++               i2d_ASN1_UTCTIME;
++               i2d_ASN1_bytes;
++               i2d_DHparams;
++               i2d_DSAPrivateKey;
++               i2d_DSAPrivateKey_bio;
++               i2d_DSAPrivateKey_fp;
++               i2d_DSAPublicKey;
++               i2d_DSAparams;
++               i2d_NETSCAPE_SPKAC;
++               i2d_NETSCAPE_SPKI;
++               i2d_Netscape_RSA;
++               i2d_PKCS7;
++               i2d_PKCS7_DIGEST;
++               i2d_PKCS7_ENCRYPT;
++               i2d_PKCS7_ENC_CONTENT;
++               i2d_PKCS7_ENVELOPE;
++               i2d_PKCS7_ISSUER_AND_SERIAL;
++               i2d_PKCS7_RECIP_INFO;
++               i2d_PKCS7_SIGNED;
++               i2d_PKCS7_SIGNER_INFO;
++               i2d_PKCS7_SIGN_ENVELOPE;
++               i2d_PKCS7_bio;
++               i2d_PKCS7_fp;
++               i2d_PrivateKey;
++               i2d_PublicKey;
++               i2d_RSAPrivateKey;
++               i2d_RSAPrivateKey_bio;
++               i2d_RSAPrivateKey_fp;
++               i2d_RSAPublicKey;
++               i2d_X509;
++               i2d_X509_ALGOR;
++               i2d_X509_ATTRIBUTE;
++               i2d_X509_CINF;
++               i2d_X509_CRL;
++               i2d_X509_CRL_INFO;
++               i2d_X509_CRL_bio;
++               i2d_X509_CRL_fp;
++               i2d_X509_EXTENSION;
++               i2d_X509_NAME;
++               i2d_X509_NAME_ENTRY;
++               i2d_X509_PKEY;
++               i2d_X509_PUBKEY;
++               i2d_X509_REQ;
++               i2d_X509_REQ_INFO;
++               i2d_X509_REQ_bio;
++               i2d_X509_REQ_fp;
++               i2d_X509_REVOKED;
++               i2d_X509_SIG;
++               i2d_X509_VAL;
++               i2d_X509_bio;
++               i2d_X509_fp;
++               idea_cbc_encrypt;
++               idea_cfb64_encrypt;
++               idea_ecb_encrypt;
++               idea_encrypt;
++               idea_ofb64_encrypt;
++               idea_options;
++               idea_set_decrypt_key;
++               idea_set_encrypt_key;
++               lh_delete;
++               lh_doall;
++               lh_doall_arg;
++               lh_free;
++               lh_insert;
++               lh_new;
++               lh_node_stats;
++               lh_node_stats_bio;
++               lh_node_usage_stats;
++               lh_node_usage_stats_bio;
++               lh_retrieve;
++               lh_stats;
++               lh_stats_bio;
++               lh_strhash;
++               sk_delete;
++               sk_delete_ptr;
++               sk_dup;
++               sk_find;
++               sk_free;
++               sk_insert;
++               sk_new;
++               sk_pop;
++               sk_pop_free;
++               sk_push;
++               sk_set_cmp_func;
++               sk_shift;
++               sk_unshift;
++               sk_zero;
++               BIO_f_nbio_test;
++               ASN1_TYPE_get;
++               ASN1_TYPE_set;
++               PKCS7_content_free;
++               ERR_load_PKCS7_strings;
++               X509_find_by_issuer_and_serial;
++               X509_find_by_subject;
++               PKCS7_ctrl;
++               PKCS7_set_type;
++               PKCS7_set_content;
++               PKCS7_SIGNER_INFO_set;
++               PKCS7_add_signer;
++               PKCS7_add_certificate;
++               PKCS7_add_crl;
++               PKCS7_content_new;
++               PKCS7_dataSign;
++               PKCS7_dataVerify;
++               PKCS7_dataInit;
++               PKCS7_add_signature;
++               PKCS7_cert_from_signer_info;
++               PKCS7_get_signer_info;
++               EVP_delete_alias;
++               EVP_mdc2;
++               PEM_read_bio_RSAPublicKey;
++               PEM_write_bio_RSAPublicKey;
++               d2i_RSAPublicKey_bio;
++               i2d_RSAPublicKey_bio;
++               PEM_read_RSAPublicKey;
++               PEM_write_RSAPublicKey;
++               d2i_RSAPublicKey_fp;
++               i2d_RSAPublicKey_fp;
++               BIO_copy_next_retry;
++               RSA_flags;
++               X509_STORE_add_crl;
++               X509_load_crl_file;
++               EVP_rc2_40_cbc;
++               EVP_rc4_40;
++               EVP_CIPHER_CTX_init;
++               HMAC;
++               HMAC_Init;
++               HMAC_Update;
++               HMAC_Final;
++               ERR_get_next_error_library;
++               EVP_PKEY_cmp_parameters;
++               HMAC_cleanup;
++               BIO_ptr_ctrl;
++               BIO_new_file_internal;
++               BIO_new_fp_internal;
++               BIO_s_file_internal;
++               BN_BLINDING_convert;
++               BN_BLINDING_invert;
++               BN_BLINDING_update;
++               RSA_blinding_on;
++               RSA_blinding_off;
++               i2t_ASN1_OBJECT;
++               BN_BLINDING_new;
++               BN_BLINDING_free;
++               EVP_cast5_cbc;
++               EVP_cast5_cfb64;
++               EVP_cast5_ecb;
++               EVP_cast5_ofb;
++               BF_decrypt;
++               CAST_set_key;
++               CAST_encrypt;
++               CAST_decrypt;
++               CAST_ecb_encrypt;
++               CAST_cbc_encrypt;
++               CAST_cfb64_encrypt;
++               CAST_ofb64_encrypt;
++               RC2_decrypt;
++               OBJ_create_objects;
++               BN_exp;
++               BN_mul_word;
++               BN_sub_word;
++               BN_dec2bn;
++               BN_bn2dec;
++               BIO_ghbn_ctrl;
++               CRYPTO_free_ex_data;
++               CRYPTO_get_ex_data;
++               CRYPTO_set_ex_data;
++               ERR_load_CRYPTO_strings;
++               ERR_load_CRYPTOlib_strings;
++               EVP_PKEY_bits;
++               MD5_Transform;
++               SHA1_Transform;
++               SHA_Transform;
++               X509_STORE_CTX_get_chain;
++               X509_STORE_CTX_get_current_cert;
++               X509_STORE_CTX_get_error;
++               X509_STORE_CTX_get_error_depth;
++               X509_STORE_CTX_get_ex_data;
++               X509_STORE_CTX_set_cert;
++               X509_STORE_CTX_set_chain;
++               X509_STORE_CTX_set_error;
++               X509_STORE_CTX_set_ex_data;
++               CRYPTO_dup_ex_data;
++               CRYPTO_get_new_lockid;
++               CRYPTO_new_ex_data;
++               RSA_set_ex_data;
++               RSA_get_ex_data;
++               RSA_get_ex_new_index;
++               RSA_padding_add_PKCS1_type_1;
++               RSA_padding_add_PKCS1_type_2;
++               RSA_padding_add_SSLv23;
++               RSA_padding_add_none;
++               RSA_padding_check_PKCS1_type_1;
++               RSA_padding_check_PKCS1_type_2;
++               RSA_padding_check_SSLv23;
++               RSA_padding_check_none;
++               bn_add_words;
++               d2i_Netscape_RSA_2;
++               CRYPTO_get_ex_new_index;
++               RIPEMD160_Init;
++               RIPEMD160_Update;
++               RIPEMD160_Final;
++               RIPEMD160;
++               RIPEMD160_Transform;
++               RC5_32_set_key;
++               RC5_32_ecb_encrypt;
++               RC5_32_encrypt;
++               RC5_32_decrypt;
++               RC5_32_cbc_encrypt;
++               RC5_32_cfb64_encrypt;
++               RC5_32_ofb64_encrypt;
++               BN_bn2mpi;
++               BN_mpi2bn;
++               ASN1_BIT_STRING_get_bit;
++               ASN1_BIT_STRING_set_bit;
++               BIO_get_ex_data;
++               BIO_get_ex_new_index;
++               BIO_set_ex_data;
++               X509v3_get_key_usage;
++               X509v3_set_key_usage;
++               a2i_X509v3_key_usage;
++               i2a_X509v3_key_usage;
++               EVP_PKEY_decrypt;
++               EVP_PKEY_encrypt;
++               PKCS7_RECIP_INFO_set;
++               PKCS7_add_recipient;
++               PKCS7_add_recipient_info;
++               PKCS7_set_cipher;
++               ASN1_TYPE_get_int_octetstring;
++               ASN1_TYPE_get_octetstring;
++               ASN1_TYPE_set_int_octetstring;
++               ASN1_TYPE_set_octetstring;
++               ASN1_UTCTIME_set_string;
++               ERR_add_error_data;
++               ERR_set_error_data;
++               EVP_CIPHER_asn1_to_param;
++               EVP_CIPHER_param_to_asn1;
++               EVP_CIPHER_get_asn1_iv;
++               EVP_CIPHER_set_asn1_iv;
++               EVP_rc5_32_12_16_cbc;
++               EVP_rc5_32_12_16_cfb64;
++               EVP_rc5_32_12_16_ecb;
++               EVP_rc5_32_12_16_ofb;
++               asn1_add_error;
++               d2i_ASN1_BMPSTRING;
++               i2d_ASN1_BMPSTRING;
++               BIO_f_ber;
++               BN_init;
++               COMP_CTX_new;
++               COMP_CTX_free;
++               COMP_CTX_compress_block;
++               COMP_CTX_expand_block;
++               X509_STORE_CTX_get_ex_new_index;
++               OBJ_NAME_add;
++               BIO_socket_nbio;
++               EVP_rc2_64_cbc;
++               OBJ_NAME_cleanup;
++               OBJ_NAME_get;
++               OBJ_NAME_init;
++               OBJ_NAME_new_index;
++               OBJ_NAME_remove;
++               BN_MONT_CTX_copy;
++               BIO_new_socks4a_connect;
++               BIO_s_socks4a_connect;
++               PROXY_set_connect_mode;
++               RAND_SSLeay;
++               RAND_set_rand_method;
++               RSA_memory_lock;
++               bn_sub_words;
++               bn_mul_normal;
++               bn_mul_comba8;
++               bn_mul_comba4;
++               bn_sqr_normal;
++               bn_sqr_comba8;
++               bn_sqr_comba4;
++               bn_cmp_words;
++               bn_mul_recursive;
++               bn_mul_part_recursive;
++               bn_sqr_recursive;
++               bn_mul_low_normal;
++               BN_RECP_CTX_init;
++               BN_RECP_CTX_new;
++               BN_RECP_CTX_free;
++               BN_RECP_CTX_set;
++               BN_mod_mul_reciprocal;
++               BN_mod_exp_recp;
++               BN_div_recp;
++               BN_CTX_init;
++               BN_MONT_CTX_init;
++               RAND_get_rand_method;
++               PKCS7_add_attribute;
++               PKCS7_add_signed_attribute;
++               PKCS7_digest_from_attributes;
++               PKCS7_get_attribute;
++               PKCS7_get_issuer_and_serial;
++               PKCS7_get_signed_attribute;
++               COMP_compress_block;
++               COMP_expand_block;
++               COMP_rle;
++               COMP_zlib;
++               ms_time_diff;
++               ms_time_new;
++               ms_time_free;
++               ms_time_cmp;
++               ms_time_get;
++               PKCS7_set_attributes;
++               PKCS7_set_signed_attributes;
++               X509_ATTRIBUTE_create;
++               X509_ATTRIBUTE_dup;
++               ASN1_GENERALIZEDTIME_check;
++               ASN1_GENERALIZEDTIME_print;
++               ASN1_GENERALIZEDTIME_set;
++               ASN1_GENERALIZEDTIME_set_string;
++               ASN1_TIME_print;
++               BASIC_CONSTRAINTS_free;
++               BASIC_CONSTRAINTS_new;
++               ERR_load_X509V3_strings;
++               NETSCAPE_CERT_SEQUENCE_free;
++               NETSCAPE_CERT_SEQUENCE_new;
++               OBJ_txt2obj;
++               PEM_read_NETSCAPE_CERT_SEQUENCE;
++               PEM_read_NS_CERT_SEQ;
++               PEM_read_bio_NETSCAPE_CERT_SEQUENCE;
++               PEM_read_bio_NS_CERT_SEQ;
++               PEM_write_NETSCAPE_CERT_SEQUENCE;
++               PEM_write_NS_CERT_SEQ;
++               PEM_write_bio_NETSCAPE_CERT_SEQUENCE;
++               PEM_write_bio_NS_CERT_SEQ;
++               X509V3_EXT_add;
++               X509V3_EXT_add_alias;
++               X509V3_EXT_add_conf;
++               X509V3_EXT_cleanup;
++               X509V3_EXT_conf;
++               X509V3_EXT_conf_nid;
++               X509V3_EXT_get;
++               X509V3_EXT_get_nid;
++               X509V3_EXT_print;
++               X509V3_EXT_print_fp;
++               X509V3_add_standard_extensions;
++               X509V3_add_value;
++               X509V3_add_value_bool;
++               X509V3_add_value_int;
++               X509V3_conf_free;
++               X509V3_get_value_bool;
++               X509V3_get_value_int;
++               X509V3_parse_list;
++               d2i_ASN1_GENERALIZEDTIME;
++               d2i_ASN1_TIME;
++               d2i_BASIC_CONSTRAINTS;
++               d2i_NETSCAPE_CERT_SEQUENCE;
++               d2i_ext_ku;
++               ext_ku_free;
++               ext_ku_new;
++               i2d_ASN1_GENERALIZEDTIME;
++               i2d_ASN1_TIME;
++               i2d_BASIC_CONSTRAINTS;
++               i2d_NETSCAPE_CERT_SEQUENCE;
++               i2d_ext_ku;
++               EVP_MD_CTX_copy;
++               i2d_ASN1_ENUMERATED;
++               d2i_ASN1_ENUMERATED;
++               ASN1_ENUMERATED_set;
++               ASN1_ENUMERATED_get;
++               BN_to_ASN1_ENUMERATED;
++               ASN1_ENUMERATED_to_BN;
++               i2a_ASN1_ENUMERATED;
++               a2i_ASN1_ENUMERATED;
++               i2d_GENERAL_NAME;
++               d2i_GENERAL_NAME;
++               GENERAL_NAME_new;
++               GENERAL_NAME_free;
++               GENERAL_NAMES_new;
++               GENERAL_NAMES_free;
++               d2i_GENERAL_NAMES;
++               i2d_GENERAL_NAMES;
++               i2v_GENERAL_NAMES;
++               i2s_ASN1_OCTET_STRING;
++               s2i_ASN1_OCTET_STRING;
++               X509V3_EXT_check_conf;
++               hex_to_string;
++               string_to_hex;
++               DES_ede3_cbcm_encrypt;
++               RSA_padding_add_PKCS1_OAEP;
++               RSA_padding_check_PKCS1_OAEP;
++               X509_CRL_print_fp;
++               X509_CRL_print;
++               i2v_GENERAL_NAME;
++               v2i_GENERAL_NAME;
++               i2d_PKEY_USAGE_PERIOD;
++               d2i_PKEY_USAGE_PERIOD;
++               PKEY_USAGE_PERIOD_new;
++               PKEY_USAGE_PERIOD_free;
++               v2i_GENERAL_NAMES;
++               i2s_ASN1_INTEGER;
++               X509V3_EXT_d2i;
++               name_cmp;
++               str_dup;
++               i2s_ASN1_ENUMERATED;
++               i2s_ASN1_ENUMERATED_TABLE;
++               BIO_s_log;
++               BIO_f_reliable;
++               PKCS7_dataFinal;
++               PKCS7_dataDecode;
++               X509V3_EXT_CRL_add_conf;
++               BN_set_params;
++               BN_get_params;
++               BIO_get_ex_num;
++               BIO_set_ex_free_func;
++               EVP_ripemd160;
++               ASN1_TIME_set;
++               i2d_AUTHORITY_KEYID;
++               d2i_AUTHORITY_KEYID;
++               AUTHORITY_KEYID_new;
++               AUTHORITY_KEYID_free;
++               ASN1_seq_unpack;
++               ASN1_seq_pack;
++               ASN1_unpack_string;
++               ASN1_pack_string;
++               PKCS12_pack_safebag;
++               PKCS12_MAKE_KEYBAG;
++               PKCS8_encrypt;
++               PKCS12_MAKE_SHKEYBAG;
++               PKCS12_pack_p7data;
++               PKCS12_pack_p7encdata;
++               PKCS12_add_localkeyid;
++               PKCS12_add_friendlyname_asc;
++               PKCS12_add_friendlyname_uni;
++               PKCS12_get_friendlyname;
++               PKCS12_pbe_crypt;
++               PKCS12_decrypt_d2i;
++               PKCS12_i2d_encrypt;
++               PKCS12_init;
++               PKCS12_key_gen_asc;
++               PKCS12_key_gen_uni;
++               PKCS12_gen_mac;
++               PKCS12_verify_mac;
++               PKCS12_set_mac;
++               PKCS12_setup_mac;
++               OPENSSL_asc2uni;
++               OPENSSL_uni2asc;
++               i2d_PKCS12_BAGS;
++               PKCS12_BAGS_new;
++               d2i_PKCS12_BAGS;
++               PKCS12_BAGS_free;
++               i2d_PKCS12;
++               d2i_PKCS12;
++               PKCS12_new;
++               PKCS12_free;
++               i2d_PKCS12_MAC_DATA;
++               PKCS12_MAC_DATA_new;
++               d2i_PKCS12_MAC_DATA;
++               PKCS12_MAC_DATA_free;
++               i2d_PKCS12_SAFEBAG;
++               PKCS12_SAFEBAG_new;
++               d2i_PKCS12_SAFEBAG;
++               PKCS12_SAFEBAG_free;
++               ERR_load_PKCS12_strings;
++               PKCS12_PBE_add;
++               PKCS8_add_keyusage;
++               PKCS12_get_attr_gen;
++               PKCS12_parse;
++               PKCS12_create;
++               i2d_PKCS12_bio;
++               i2d_PKCS12_fp;
++               d2i_PKCS12_bio;
++               d2i_PKCS12_fp;
++               i2d_PBEPARAM;
++               PBEPARAM_new;
++               d2i_PBEPARAM;
++               PBEPARAM_free;
++               i2d_PKCS8_PRIV_KEY_INFO;
++               PKCS8_PRIV_KEY_INFO_new;
++               d2i_PKCS8_PRIV_KEY_INFO;
++               PKCS8_PRIV_KEY_INFO_free;
++               EVP_PKCS82PKEY;
++               EVP_PKEY2PKCS8;
++               PKCS8_set_broken;
++               EVP_PBE_ALGOR_CipherInit;
++               EVP_PBE_alg_add;
++               PKCS5_pbe_set;
++               EVP_PBE_cleanup;
++               i2d_SXNET;
++               d2i_SXNET;
++               SXNET_new;
++               SXNET_free;
++               i2d_SXNETID;
++               d2i_SXNETID;
++               SXNETID_new;
++               SXNETID_free;
++               DSA_SIG_new;
++               DSA_SIG_free;
++               DSA_do_sign;
++               DSA_do_verify;
++               d2i_DSA_SIG;
++               i2d_DSA_SIG;
++               i2d_ASN1_VISIBLESTRING;
++               d2i_ASN1_VISIBLESTRING;
++               i2d_ASN1_UTF8STRING;
++               d2i_ASN1_UTF8STRING;
++               i2d_DIRECTORYSTRING;
++               d2i_DIRECTORYSTRING;
++               i2d_DISPLAYTEXT;
++               d2i_DISPLAYTEXT;
++               d2i_ASN1_SET_OF_X509;
++               i2d_ASN1_SET_OF_X509;
++               i2d_PBKDF2PARAM;
++               PBKDF2PARAM_new;
++               d2i_PBKDF2PARAM;
++               PBKDF2PARAM_free;
++               i2d_PBE2PARAM;
++               PBE2PARAM_new;
++               d2i_PBE2PARAM;
++               PBE2PARAM_free;
++               d2i_ASN1_SET_OF_GENERAL_NAME;
++               i2d_ASN1_SET_OF_GENERAL_NAME;
++               d2i_ASN1_SET_OF_SXNETID;
++               i2d_ASN1_SET_OF_SXNETID;
++               d2i_ASN1_SET_OF_POLICYQUALINFO;
++               i2d_ASN1_SET_OF_POLICYQUALINFO;
++               d2i_ASN1_SET_OF_POLICYINFO;
++               i2d_ASN1_SET_OF_POLICYINFO;
++               SXNET_add_id_asc;
++               SXNET_add_id_ulong;
++               SXNET_add_id_INTEGER;
++               SXNET_get_id_asc;
++               SXNET_get_id_ulong;
++               SXNET_get_id_INTEGER;
++               X509V3_set_conf_lhash;
++               i2d_CERTIFICATEPOLICIES;
++               CERTIFICATEPOLICIES_new;
++               CERTIFICATEPOLICIES_free;
++               d2i_CERTIFICATEPOLICIES;
++               i2d_POLICYINFO;
++               POLICYINFO_new;
++               d2i_POLICYINFO;
++               POLICYINFO_free;
++               i2d_POLICYQUALINFO;
++               POLICYQUALINFO_new;
++               d2i_POLICYQUALINFO;
++               POLICYQUALINFO_free;
++               i2d_USERNOTICE;
++               USERNOTICE_new;
++               d2i_USERNOTICE;
++               USERNOTICE_free;
++               i2d_NOTICEREF;
++               NOTICEREF_new;
++               d2i_NOTICEREF;
++               NOTICEREF_free;
++               X509V3_get_string;
++               X509V3_get_section;
++               X509V3_string_free;
++               X509V3_section_free;
++               X509V3_set_ctx;
++               s2i_ASN1_INTEGER;
++               CRYPTO_set_locked_mem_functions;
++               CRYPTO_get_locked_mem_functions;
++               CRYPTO_malloc_locked;
++               CRYPTO_free_locked;
++               BN_mod_exp2_mont;
++               ERR_get_error_line_data;
++               ERR_peek_error_line_data;
++               PKCS12_PBE_keyivgen;
++               X509_ALGOR_dup;
++               d2i_ASN1_SET_OF_DIST_POINT;
++               i2d_ASN1_SET_OF_DIST_POINT;
++               i2d_CRL_DIST_POINTS;
++               CRL_DIST_POINTS_new;
++               CRL_DIST_POINTS_free;
++               d2i_CRL_DIST_POINTS;
++               i2d_DIST_POINT;
++               DIST_POINT_new;
++               d2i_DIST_POINT;
++               DIST_POINT_free;
++               i2d_DIST_POINT_NAME;
++               DIST_POINT_NAME_new;
++               DIST_POINT_NAME_free;
++               d2i_DIST_POINT_NAME;
++               X509V3_add_value_uchar;
++               d2i_ASN1_SET_OF_X509_ATTRIBUTE;
++               i2d_ASN1_SET_OF_ASN1_TYPE;
++               d2i_ASN1_SET_OF_X509_EXTENSION;
++               d2i_ASN1_SET_OF_X509_NAME_ENTRY;
++               d2i_ASN1_SET_OF_ASN1_TYPE;
++               i2d_ASN1_SET_OF_X509_ATTRIBUTE;
++               i2d_ASN1_SET_OF_X509_EXTENSION;
++               i2d_ASN1_SET_OF_X509_NAME_ENTRY;
++               X509V3_EXT_i2d;
++               X509V3_EXT_val_prn;
++               X509V3_EXT_add_list;
++               EVP_CIPHER_type;
++               EVP_PBE_CipherInit;
++               X509V3_add_value_bool_nf;
++               d2i_ASN1_UINTEGER;
++               sk_value;
++               sk_num;
++               sk_set;
++               i2d_ASN1_SET_OF_X509_REVOKED;
++               sk_sort;
++               d2i_ASN1_SET_OF_X509_REVOKED;
++               i2d_ASN1_SET_OF_X509_ALGOR;
++               i2d_ASN1_SET_OF_X509_CRL;
++               d2i_ASN1_SET_OF_X509_ALGOR;
++               d2i_ASN1_SET_OF_X509_CRL;
++               i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO;
++               i2d_ASN1_SET_OF_PKCS7_RECIP_INFO;
++               d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO;
++               d2i_ASN1_SET_OF_PKCS7_RECIP_INFO;
++               PKCS5_PBE_add;
++               PEM_write_bio_PKCS8;
++               i2d_PKCS8_fp;
++               PEM_read_bio_PKCS8_PRIV_KEY_INFO;
++               PEM_read_bio_P8_PRIV_KEY_INFO;
++               d2i_PKCS8_bio;
++               d2i_PKCS8_PRIV_KEY_INFO_fp;
++               PEM_write_bio_PKCS8_PRIV_KEY_INFO;
++               PEM_write_bio_P8_PRIV_KEY_INFO;
++               PEM_read_PKCS8;
++               d2i_PKCS8_PRIV_KEY_INFO_bio;
++               d2i_PKCS8_fp;
++               PEM_write_PKCS8;
++               PEM_read_PKCS8_PRIV_KEY_INFO;
++               PEM_read_P8_PRIV_KEY_INFO;
++               PEM_read_bio_PKCS8;
++               PEM_write_PKCS8_PRIV_KEY_INFO;
++               PEM_write_P8_PRIV_KEY_INFO;
++               PKCS5_PBE_keyivgen;
++               i2d_PKCS8_bio;
++               i2d_PKCS8_PRIV_KEY_INFO_fp;
++               i2d_PKCS8_PRIV_KEY_INFO_bio;
++               BIO_s_bio;
++               PKCS5_pbe2_set;
++               PKCS5_PBKDF2_HMAC_SHA1;
++               PKCS5_v2_PBE_keyivgen;
++               PEM_write_bio_PKCS8PrivateKey;
++               PEM_write_PKCS8PrivateKey;
++               BIO_ctrl_get_read_request;
++               BIO_ctrl_pending;
++               BIO_ctrl_wpending;
++               BIO_new_bio_pair;
++               BIO_ctrl_get_write_guarantee;
++               CRYPTO_num_locks;
++               CONF_load_bio;
++               CONF_load_fp;
++               i2d_ASN1_SET_OF_ASN1_OBJECT;
++               d2i_ASN1_SET_OF_ASN1_OBJECT;
++               PKCS7_signatureVerify;
++               RSA_set_method;
++               RSA_get_method;
++               RSA_get_default_method;
++               RSA_check_key;
++               OBJ_obj2txt;
++               DSA_dup_DH;
++               X509_REQ_get_extensions;
++               X509_REQ_set_extension_nids;
++               BIO_nwrite;
++               X509_REQ_extension_nid;
++               BIO_nread;
++               X509_REQ_get_extension_nids;
++               BIO_nwrite0;
++               X509_REQ_add_extensions_nid;
++               BIO_nread0;
++               X509_REQ_add_extensions;
++               BIO_new_mem_buf;
++               DH_set_ex_data;
++               DH_set_method;
++               DSA_OpenSSL;
++               DH_get_ex_data;
++               DH_get_ex_new_index;
++               DSA_new_method;
++               DH_new_method;
++               DH_OpenSSL;
++               DSA_get_ex_new_index;
++               DH_get_default_method;
++               DSA_set_ex_data;
++               DH_set_default_method;
++               DSA_get_ex_data;
++               X509V3_EXT_REQ_add_conf;
++               NETSCAPE_SPKI_print;
++               NETSCAPE_SPKI_set_pubkey;
++               NETSCAPE_SPKI_b64_encode;
++               NETSCAPE_SPKI_get_pubkey;
++               NETSCAPE_SPKI_b64_decode;
++               UTF8_putc;
++               UTF8_getc;
++               RSA_null_method;
++               ASN1_tag2str;
++               BIO_ctrl_reset_read_request;
++               DISPLAYTEXT_new;
++               ASN1_GENERALIZEDTIME_free;
++               X509_REVOKED_get_ext_d2i;
++               X509_set_ex_data;
++               X509_reject_set_bit_asc;
++               X509_NAME_add_entry_by_txt;
++               X509_NAME_add_entry_by_NID;
++               X509_PURPOSE_get0;
++               PEM_read_X509_AUX;
++               d2i_AUTHORITY_INFO_ACCESS;
++               PEM_write_PUBKEY;
++               ACCESS_DESCRIPTION_new;
++               X509_CERT_AUX_free;
++               d2i_ACCESS_DESCRIPTION;
++               X509_trust_clear;
++               X509_TRUST_add;
++               ASN1_VISIBLESTRING_new;
++               X509_alias_set1;
++               ASN1_PRINTABLESTRING_free;
++               EVP_PKEY_get1_DSA;
++               ASN1_BMPSTRING_new;
++               ASN1_mbstring_copy;
++               ASN1_UTF8STRING_new;
++               DSA_get_default_method;
++               i2d_ASN1_SET_OF_ACCESS_DESCRIPTION;
++               ASN1_T61STRING_free;
++               DSA_set_method;
++               X509_get_ex_data;
++               ASN1_STRING_type;
++               X509_PURPOSE_get_by_sname;
++               ASN1_TIME_free;
++               ASN1_OCTET_STRING_cmp;
++               ASN1_BIT_STRING_new;
++               X509_get_ext_d2i;
++               PEM_read_bio_X509_AUX;
++               ASN1_STRING_set_default_mask_asc;
++               ASN1_STRING_set_def_mask_asc;
++               PEM_write_bio_RSA_PUBKEY;
++               ASN1_INTEGER_cmp;
++               d2i_RSA_PUBKEY_fp;
++               X509_trust_set_bit_asc;
++               PEM_write_bio_DSA_PUBKEY;
++               X509_STORE_CTX_free;
++               EVP_PKEY_set1_DSA;
++               i2d_DSA_PUBKEY_fp;
++               X509_load_cert_crl_file;
++               ASN1_TIME_new;
++               i2d_RSA_PUBKEY;
++               X509_STORE_CTX_purpose_inherit;
++               PEM_read_RSA_PUBKEY;
++               d2i_X509_AUX;
++               i2d_DSA_PUBKEY;
++               X509_CERT_AUX_print;
++               PEM_read_DSA_PUBKEY;
++               i2d_RSA_PUBKEY_bio;
++               ASN1_BIT_STRING_num_asc;
++               i2d_PUBKEY;
++               ASN1_UTCTIME_free;
++               DSA_set_default_method;
++               X509_PURPOSE_get_by_id;
++               ACCESS_DESCRIPTION_free;
++               PEM_read_bio_PUBKEY;
++               ASN1_STRING_set_by_NID;
++               X509_PURPOSE_get_id;
++               DISPLAYTEXT_free;
++               OTHERNAME_new;
++               X509_CERT_AUX_new;
++               X509_TRUST_cleanup;
++               X509_NAME_add_entry_by_OBJ;
++               X509_CRL_get_ext_d2i;
++               X509_PURPOSE_get0_name;
++               PEM_read_PUBKEY;
++               i2d_DSA_PUBKEY_bio;
++               i2d_OTHERNAME;
++               ASN1_OCTET_STRING_free;
++               ASN1_BIT_STRING_set_asc;
++               X509_get_ex_new_index;
++               ASN1_STRING_TABLE_cleanup;
++               X509_TRUST_get_by_id;
++               X509_PURPOSE_get_trust;
++               ASN1_STRING_length;
++               d2i_ASN1_SET_OF_ACCESS_DESCRIPTION;
++               ASN1_PRINTABLESTRING_new;
++               X509V3_get_d2i;
++               ASN1_ENUMERATED_free;
++               i2d_X509_CERT_AUX;
++               X509_STORE_CTX_set_trust;
++               ASN1_STRING_set_default_mask;
++               X509_STORE_CTX_new;
++               EVP_PKEY_get1_RSA;
++               DIRECTORYSTRING_free;
++               PEM_write_X509_AUX;
++               ASN1_OCTET_STRING_set;
++               d2i_DSA_PUBKEY_fp;
++               d2i_RSA_PUBKEY;
++               X509_TRUST_get0_name;
++               X509_TRUST_get0;
++               AUTHORITY_INFO_ACCESS_free;
++               ASN1_IA5STRING_new;
++               d2i_DSA_PUBKEY;
++               X509_check_purpose;
++               ASN1_ENUMERATED_new;
++               d2i_RSA_PUBKEY_bio;
++               d2i_PUBKEY;
++               X509_TRUST_get_trust;
++               X509_TRUST_get_flags;
++               ASN1_BMPSTRING_free;
++               ASN1_T61STRING_new;
++               ASN1_UTCTIME_new;
++               i2d_AUTHORITY_INFO_ACCESS;
++               EVP_PKEY_set1_RSA;
++               X509_STORE_CTX_set_purpose;
++               ASN1_IA5STRING_free;
++               PEM_write_bio_X509_AUX;
++               X509_PURPOSE_get_count;
++               CRYPTO_add_info;
++               X509_NAME_ENTRY_create_by_txt;
++               ASN1_STRING_get_default_mask;
++               X509_alias_get0;
++               ASN1_STRING_data;
++               i2d_ACCESS_DESCRIPTION;
++               X509_trust_set_bit;
++               ASN1_BIT_STRING_free;
++               PEM_read_bio_RSA_PUBKEY;
++               X509_add1_reject_object;
++               X509_check_trust;
++               PEM_read_bio_DSA_PUBKEY;
++               X509_PURPOSE_add;
++               ASN1_STRING_TABLE_get;
++               ASN1_UTF8STRING_free;
++               d2i_DSA_PUBKEY_bio;
++               PEM_write_RSA_PUBKEY;
++               d2i_OTHERNAME;
++               X509_reject_set_bit;
++               PEM_write_DSA_PUBKEY;
++               X509_PURPOSE_get0_sname;
++               EVP_PKEY_set1_DH;
++               ASN1_OCTET_STRING_dup;
++               ASN1_BIT_STRING_set;
++               X509_TRUST_get_count;
++               ASN1_INTEGER_free;
++               OTHERNAME_free;
++               i2d_RSA_PUBKEY_fp;
++               ASN1_INTEGER_dup;
++               d2i_X509_CERT_AUX;
++               PEM_write_bio_PUBKEY;
++               ASN1_VISIBLESTRING_free;
++               X509_PURPOSE_cleanup;
++               ASN1_mbstring_ncopy;
++               ASN1_GENERALIZEDTIME_new;
++               EVP_PKEY_get1_DH;
++               ASN1_OCTET_STRING_new;
++               ASN1_INTEGER_new;
++               i2d_X509_AUX;
++               ASN1_BIT_STRING_name_print;
++               X509_cmp;
++               ASN1_STRING_length_set;
++               DIRECTORYSTRING_new;
++               X509_add1_trust_object;
++               PKCS12_newpass;
++               SMIME_write_PKCS7;
++               SMIME_read_PKCS7;
++               DES_set_key_checked;
++               PKCS7_verify;
++               PKCS7_encrypt;
++               DES_set_key_unchecked;
++               SMIME_crlf_copy;
++               i2d_ASN1_PRINTABLESTRING;
++               PKCS7_get0_signers;
++               PKCS7_decrypt;
++               SMIME_text;
++               PKCS7_simple_smimecap;
++               PKCS7_get_smimecap;
++               PKCS7_sign;
++               PKCS7_add_attrib_smimecap;
++               CRYPTO_dbg_set_options;
++               CRYPTO_remove_all_info;
++               CRYPTO_get_mem_debug_functions;
++               CRYPTO_is_mem_check_on;
++               CRYPTO_set_mem_debug_functions;
++               CRYPTO_pop_info;
++               CRYPTO_push_info_;
++               CRYPTO_set_mem_debug_options;
++               PEM_write_PKCS8PrivateKey_nid;
++               PEM_write_bio_PKCS8PrivateKey_nid;
++               PEM_write_bio_PKCS8PrivKey_nid;
++               d2i_PKCS8PrivateKey_bio;
++               ASN1_NULL_free;
++               d2i_ASN1_NULL;
++               ASN1_NULL_new;
++               i2d_PKCS8PrivateKey_bio;
++               i2d_PKCS8PrivateKey_fp;
++               i2d_ASN1_NULL;
++               i2d_PKCS8PrivateKey_nid_fp;
++               d2i_PKCS8PrivateKey_fp;
++               i2d_PKCS8PrivateKey_nid_bio;
++               i2d_PKCS8PrivateKeyInfo_fp;
++               i2d_PKCS8PrivateKeyInfo_bio;
++               PEM_cb;
++               i2d_PrivateKey_fp;
++               d2i_PrivateKey_bio;
++               d2i_PrivateKey_fp;
++               i2d_PrivateKey_bio;
++               X509_reject_clear;
++               X509_TRUST_set_default;
++               d2i_AutoPrivateKey;
++               X509_ATTRIBUTE_get0_type;
++               X509_ATTRIBUTE_set1_data;
++               X509at_get_attr;
++               X509at_get_attr_count;
++               X509_ATTRIBUTE_create_by_NID;
++               X509_ATTRIBUTE_set1_object;
++               X509_ATTRIBUTE_count;
++               X509_ATTRIBUTE_create_by_OBJ;
++               X509_ATTRIBUTE_get0_object;
++               X509at_get_attr_by_NID;
++               X509at_add1_attr;
++               X509_ATTRIBUTE_get0_data;
++               X509at_delete_attr;
++               X509at_get_attr_by_OBJ;
++               RAND_add;
++               BIO_number_written;
++               BIO_number_read;
++               X509_STORE_CTX_get1_chain;
++               ERR_load_RAND_strings;
++               RAND_pseudo_bytes;
++               X509_REQ_get_attr_by_NID;
++               X509_REQ_get_attr;
++               X509_REQ_add1_attr_by_NID;
++               X509_REQ_get_attr_by_OBJ;
++               X509at_add1_attr_by_NID;
++               X509_REQ_add1_attr_by_OBJ;
++               X509_REQ_get_attr_count;
++               X509_REQ_add1_attr;
++               X509_REQ_delete_attr;
++               X509at_add1_attr_by_OBJ;
++               X509_REQ_add1_attr_by_txt;
++               X509_ATTRIBUTE_create_by_txt;
++               X509at_add1_attr_by_txt;
++               BN_pseudo_rand;
++               BN_is_prime_fasttest;
++               BN_CTX_end;
++               BN_CTX_start;
++               BN_CTX_get;
++               EVP_PKEY2PKCS8_broken;
++               ASN1_STRING_TABLE_add;
++               CRYPTO_dbg_get_options;
++               AUTHORITY_INFO_ACCESS_new;
++               CRYPTO_get_mem_debug_options;
++               DES_crypt;
++               PEM_write_bio_X509_REQ_NEW;
++               PEM_write_X509_REQ_NEW;
++               BIO_callback_ctrl;
++               RAND_egd;
++               RAND_status;
++               bn_dump1;
++               DES_check_key_parity;
++               lh_num_items;
++               RAND_event;
++               DSO_new;
++               DSO_new_method;
++               DSO_free;
++               DSO_flags;
++               DSO_up;
++               DSO_set_default_method;
++               DSO_get_default_method;
++               DSO_get_method;
++               DSO_set_method;
++               DSO_load;
++               DSO_bind_var;
++               DSO_METHOD_null;
++               DSO_METHOD_openssl;
++               DSO_METHOD_dlfcn;
++               DSO_METHOD_win32;
++               ERR_load_DSO_strings;
++               DSO_METHOD_dl;
++               NCONF_load;
++               NCONF_load_fp;
++               NCONF_new;
++               NCONF_get_string;
++               NCONF_free;
++               NCONF_get_number;
++               CONF_dump_fp;
++               NCONF_load_bio;
++               NCONF_dump_fp;
++               NCONF_get_section;
++               NCONF_dump_bio;
++               CONF_dump_bio;
++               NCONF_free_data;
++               CONF_set_default_method;
++               ERR_error_string_n;
++               BIO_snprintf;
++               DSO_ctrl;
++               i2d_ASN1_SET_OF_ASN1_INTEGER;
++               i2d_ASN1_SET_OF_PKCS12_SAFEBAG;
++               i2d_ASN1_SET_OF_PKCS7;
++               BIO_vfree;
++               d2i_ASN1_SET_OF_ASN1_INTEGER;
++               d2i_ASN1_SET_OF_PKCS12_SAFEBAG;
++               ASN1_UTCTIME_get;
++               X509_REQ_digest;
++               X509_CRL_digest;
++               d2i_ASN1_SET_OF_PKCS7;
++               EVP_CIPHER_CTX_set_key_length;
++               EVP_CIPHER_CTX_ctrl;
++               BN_mod_exp_mont_word;
++               RAND_egd_bytes;
++               X509_REQ_get1_email;
++               X509_get1_email;
++               X509_email_free;
++               i2d_RSA_NET;
++               d2i_RSA_NET_2;
++               d2i_RSA_NET;
++               DSO_bind_func;
++               CRYPTO_get_new_dynlockid;
++               sk_new_null;
++               CRYPTO_set_dynlock_destroy_callback;
++               CRYPTO_set_dynlock_destroy_cb;
++               CRYPTO_destroy_dynlockid;
++               CRYPTO_set_dynlock_size;
++               CRYPTO_set_dynlock_create_callback;
++               CRYPTO_set_dynlock_create_cb;
++               CRYPTO_set_dynlock_lock_callback;
++               CRYPTO_set_dynlock_lock_cb;
++               CRYPTO_get_dynlock_lock_callback;
++               CRYPTO_get_dynlock_lock_cb;
++               CRYPTO_get_dynlock_destroy_callback;
++               CRYPTO_get_dynlock_destroy_cb;
++               CRYPTO_get_dynlock_value;
++               CRYPTO_get_dynlock_create_callback;
++               CRYPTO_get_dynlock_create_cb;
++               c2i_ASN1_BIT_STRING;
++               i2c_ASN1_BIT_STRING;
++               RAND_poll;
++               c2i_ASN1_INTEGER;
++               i2c_ASN1_INTEGER;
++               BIO_dump_indent;
++               ASN1_parse_dump;
++               c2i_ASN1_OBJECT;
++               X509_NAME_print_ex_fp;
++               ASN1_STRING_print_ex_fp;
++               X509_NAME_print_ex;
++               ASN1_STRING_print_ex;
++               MD4;
++               MD4_Transform;
++               MD4_Final;
++               MD4_Update;
++               MD4_Init;
++               EVP_md4;
++               i2d_PUBKEY_bio;
++               i2d_PUBKEY_fp;
++               d2i_PUBKEY_bio;
++               ASN1_STRING_to_UTF8;
++               BIO_vprintf;
++               BIO_vsnprintf;
++               d2i_PUBKEY_fp;
++               X509_cmp_time;
++               X509_STORE_CTX_set_time;
++               X509_STORE_CTX_get1_issuer;
++               X509_OBJECT_retrieve_match;
++               X509_OBJECT_idx_by_subject;
++               X509_STORE_CTX_set_flags;
++               X509_STORE_CTX_trusted_stack;
++               X509_time_adj;
++               X509_check_issued;
++               ASN1_UTCTIME_cmp_time_t;
++               DES_set_weak_key_flag;
++               DES_check_key;
++               DES_rw_mode;
++               RSA_PKCS1_RSAref;
++               X509_keyid_set1;
++               BIO_next;
++               DSO_METHOD_vms;
++               BIO_f_linebuffer;
++               BN_bntest_rand;
++               OPENSSL_issetugid;
++               BN_rand_range;
++               ERR_load_ENGINE_strings;
++               ENGINE_set_DSA;
++               ENGINE_get_finish_function;
++               ENGINE_get_default_RSA;
++               ENGINE_get_BN_mod_exp;
++               DSA_get_default_openssl_method;
++               ENGINE_set_DH;
++               ENGINE_set_def_BN_mod_exp_crt;
++               ENGINE_set_default_BN_mod_exp_crt;
++               ENGINE_init;
++               DH_get_default_openssl_method;
++               RSA_set_default_openssl_method;
++               ENGINE_finish;
++               ENGINE_load_public_key;
++               ENGINE_get_DH;
++               ENGINE_ctrl;
++               ENGINE_get_init_function;
++               ENGINE_set_init_function;
++               ENGINE_set_default_DSA;
++               ENGINE_get_name;
++               ENGINE_get_last;
++               ENGINE_get_prev;
++               ENGINE_get_default_DH;
++               ENGINE_get_RSA;
++               ENGINE_set_default;
++               ENGINE_get_RAND;
++               ENGINE_get_first;
++               ENGINE_by_id;
++               ENGINE_set_finish_function;
++               ENGINE_get_def_BN_mod_exp_crt;
++               ENGINE_get_default_BN_mod_exp_crt;
++               RSA_get_default_openssl_method;
++               ENGINE_set_RSA;
++               ENGINE_load_private_key;
++               ENGINE_set_default_RAND;
++               ENGINE_set_BN_mod_exp;
++               ENGINE_remove;
++               ENGINE_free;
++               ENGINE_get_BN_mod_exp_crt;
++               ENGINE_get_next;
++               ENGINE_set_name;
++               ENGINE_get_default_DSA;
++               ENGINE_set_default_BN_mod_exp;
++               ENGINE_set_default_RSA;
++               ENGINE_get_default_RAND;
++               ENGINE_get_default_BN_mod_exp;
++               ENGINE_set_RAND;
++               ENGINE_set_id;
++               ENGINE_set_BN_mod_exp_crt;
++               ENGINE_set_default_DH;
++               ENGINE_new;
++               ENGINE_get_id;
++               DSA_set_default_openssl_method;
++               ENGINE_add;
++               DH_set_default_openssl_method;
++               ENGINE_get_DSA;
++               ENGINE_get_ctrl_function;
++               ENGINE_set_ctrl_function;
++               BN_pseudo_rand_range;
++               X509_STORE_CTX_set_verify_cb;
++               ERR_load_COMP_strings;
++               PKCS12_item_decrypt_d2i;
++               ASN1_UTF8STRING_it;
++               ASN1_UTF8STRING_it;
++               ENGINE_unregister_ciphers;
++               ENGINE_get_ciphers;
++               d2i_OCSP_BASICRESP;
++               KRB5_CHECKSUM_it;
++               KRB5_CHECKSUM_it;
++               EC_POINT_add;
++               ASN1_item_ex_i2d;
++               OCSP_CERTID_it;
++               OCSP_CERTID_it;
++               d2i_OCSP_RESPBYTES;
++               X509V3_add1_i2d;
++               PKCS7_ENVELOPE_it;
++               PKCS7_ENVELOPE_it;
++               UI_add_input_boolean;
++               ENGINE_unregister_RSA;
++               X509V3_EXT_nconf;
++               ASN1_GENERALSTRING_free;
++               d2i_OCSP_CERTSTATUS;
++               X509_REVOKED_set_serialNumber;
++               X509_print_ex;
++               OCSP_ONEREQ_get1_ext_d2i;
++               ENGINE_register_all_RAND;
++               ENGINE_load_dynamic;
++               PBKDF2PARAM_it;
++               PBKDF2PARAM_it;
++               EXTENDED_KEY_USAGE_new;
++               EC_GROUP_clear_free;
++               OCSP_sendreq_bio;
++               ASN1_item_digest;
++               OCSP_BASICRESP_delete_ext;
++               OCSP_SIGNATURE_it;
++               OCSP_SIGNATURE_it;
++               X509_CRL_it;
++               X509_CRL_it;
++               OCSP_BASICRESP_add_ext;
++               KRB5_ENCKEY_it;
++               KRB5_ENCKEY_it;
++               UI_method_set_closer;
++               X509_STORE_set_purpose;
++               i2d_ASN1_GENERALSTRING;
++               OCSP_response_status;
++               i2d_OCSP_SERVICELOC;
++               ENGINE_get_digest_engine;
++               EC_GROUP_set_curve_GFp;
++               OCSP_REQUEST_get_ext_by_OBJ;
++               _ossl_old_des_random_key;
++               ASN1_T61STRING_it;
++               ASN1_T61STRING_it;
++               EC_GROUP_method_of;
++               i2d_KRB5_APREQ;
++               _ossl_old_des_encrypt;
++               ASN1_PRINTABLE_new;
++               HMAC_Init_ex;
++               d2i_KRB5_AUTHENT;
++               OCSP_archive_cutoff_new;
++               EC_POINT_set_Jprojective_coordinates_GFp;
++               EC_POINT_set_Jproj_coords_GFp;
++               _ossl_old_des_is_weak_key;
++               OCSP_BASICRESP_get_ext_by_OBJ;
++               EC_POINT_oct2point;
++               OCSP_SINGLERESP_get_ext_count;
++               UI_ctrl;
++               _shadow_DES_rw_mode;
++               _shadow_DES_rw_mode;
++               asn1_do_adb;
++               ASN1_template_i2d;
++               ENGINE_register_DH;
++               UI_construct_prompt;
++               X509_STORE_set_trust;
++               UI_dup_input_string;
++               d2i_KRB5_APREQ;
++               EVP_MD_CTX_copy_ex;
++               OCSP_request_is_signed;
++               i2d_OCSP_REQINFO;
++               KRB5_ENCKEY_free;
++               OCSP_resp_get0;
++               GENERAL_NAME_it;
++               GENERAL_NAME_it;
++               ASN1_GENERALIZEDTIME_it;
++               ASN1_GENERALIZEDTIME_it;
++               X509_STORE_set_flags;
++               EC_POINT_set_compressed_coordinates_GFp;
++               EC_POINT_set_compr_coords_GFp;
++               OCSP_response_status_str;
++               d2i_OCSP_REVOKEDINFO;
++               OCSP_basic_add1_cert;
++               ERR_get_implementation;
++               EVP_CipherFinal_ex;
++               OCSP_CERTSTATUS_new;
++               CRYPTO_cleanup_all_ex_data;
++               OCSP_resp_find;
++               BN_nnmod;
++               X509_CRL_sort;
++               X509_REVOKED_set_revocationDate;
++               ENGINE_register_RAND;
++               OCSP_SERVICELOC_new;
++               EC_POINT_set_affine_coordinates_GFp;
++               EC_POINT_set_affine_coords_GFp;
++               _ossl_old_des_options;
++               SXNET_it;
++               SXNET_it;
++               UI_dup_input_boolean;
++               PKCS12_add_CSPName_asc;
++               EC_POINT_is_at_infinity;
++               ENGINE_load_cryptodev;
++               DSO_convert_filename;
++               POLICYQUALINFO_it;
++               POLICYQUALINFO_it;
++               ENGINE_register_ciphers;
++               BN_mod_lshift_quick;
++               DSO_set_filename;
++               ASN1_item_free;
++               KRB5_TKTBODY_free;
++               AUTHORITY_KEYID_it;
++               AUTHORITY_KEYID_it;
++               KRB5_APREQBODY_new;
++               X509V3_EXT_REQ_add_nconf;
++               ENGINE_ctrl_cmd_string;
++               i2d_OCSP_RESPDATA;
++               EVP_MD_CTX_init;
++               EXTENDED_KEY_USAGE_free;
++               PKCS7_ATTR_SIGN_it;
++               PKCS7_ATTR_SIGN_it;
++               UI_add_error_string;
++               KRB5_CHECKSUM_free;
++               OCSP_REQUEST_get_ext;
++               ENGINE_load_ubsec;
++               ENGINE_register_all_digests;
++               PKEY_USAGE_PERIOD_it;
++               PKEY_USAGE_PERIOD_it;
++               PKCS12_unpack_authsafes;
++               ASN1_item_unpack;
++               NETSCAPE_SPKAC_it;
++               NETSCAPE_SPKAC_it;
++               X509_REVOKED_it;
++               X509_REVOKED_it;
++               ASN1_STRING_encode;
++               EVP_aes_128_ecb;
++               KRB5_AUTHENT_free;
++               OCSP_BASICRESP_get_ext_by_critical;
++               OCSP_BASICRESP_get_ext_by_crit;
++               OCSP_cert_status_str;
++               d2i_OCSP_REQUEST;
++               UI_dup_info_string;
++               _ossl_old_des_xwhite_in2out;
++               PKCS12_it;
++               PKCS12_it;
++               OCSP_SINGLERESP_get_ext_by_critical;
++               OCSP_SINGLERESP_get_ext_by_crit;
++               OCSP_CERTSTATUS_free;
++               _ossl_old_des_crypt;
++               ASN1_item_i2d;
++               EVP_DecryptFinal_ex;
++               ENGINE_load_openssl;
++               ENGINE_get_cmd_defns;
++               ENGINE_set_load_privkey_function;
++               ENGINE_set_load_privkey_fn;
++               EVP_EncryptFinal_ex;
++               ENGINE_set_default_digests;
++               X509_get0_pubkey_bitstr;
++               asn1_ex_i2c;
++               ENGINE_register_RSA;
++               ENGINE_unregister_DSA;
++               _ossl_old_des_key_sched;
++               X509_EXTENSION_it;
++               X509_EXTENSION_it;
++               i2d_KRB5_AUTHENT;
++               SXNETID_it;
++               SXNETID_it;
++               d2i_OCSP_SINGLERESP;
++               EDIPARTYNAME_new;
++               PKCS12_certbag2x509;
++               _ossl_old_des_ofb64_encrypt;
++               d2i_EXTENDED_KEY_USAGE;
++               ERR_print_errors_cb;
++               ENGINE_set_ciphers;
++               d2i_KRB5_APREQBODY;
++               UI_method_get_flusher;
++               X509_PUBKEY_it;
++               X509_PUBKEY_it;
++               _ossl_old_des_enc_read;
++               PKCS7_ENCRYPT_it;
++               PKCS7_ENCRYPT_it;
++               i2d_OCSP_RESPONSE;
++               EC_GROUP_get_cofactor;
++               PKCS12_unpack_p7data;
++               d2i_KRB5_AUTHDATA;
++               OCSP_copy_nonce;
++               KRB5_AUTHDATA_new;
++               OCSP_RESPDATA_new;
++               EC_GFp_mont_method;
++               OCSP_REVOKEDINFO_free;
++               UI_get_ex_data;
++               KRB5_APREQBODY_free;
++               EC_GROUP_get0_generator;
++               UI_get_default_method;
++               X509V3_set_nconf;
++               PKCS12_item_i2d_encrypt;
++               X509_add1_ext_i2d;
++               PKCS7_SIGNER_INFO_it;
++               PKCS7_SIGNER_INFO_it;
++               KRB5_PRINCNAME_new;
++               PKCS12_SAFEBAG_it;
++               PKCS12_SAFEBAG_it;
++               EC_GROUP_get_order;
++               d2i_OCSP_RESPID;
++               OCSP_request_verify;
++               NCONF_get_number_e;
++               _ossl_old_des_decrypt3;
++               X509_signature_print;
++               OCSP_SINGLERESP_free;
++               ENGINE_load_builtin_engines;
++               i2d_OCSP_ONEREQ;
++               OCSP_REQUEST_add_ext;
++               OCSP_RESPBYTES_new;
++               EVP_MD_CTX_create;
++               OCSP_resp_find_status;
++               X509_ALGOR_it;
++               X509_ALGOR_it;
++               ASN1_TIME_it;
++               ASN1_TIME_it;
++               OCSP_request_set1_name;
++               OCSP_ONEREQ_get_ext_count;
++               UI_get0_result;
++               PKCS12_AUTHSAFES_it;
++               PKCS12_AUTHSAFES_it;
++               EVP_aes_256_ecb;
++               PKCS12_pack_authsafes;
++               ASN1_IA5STRING_it;
++               ASN1_IA5STRING_it;
++               UI_get_input_flags;
++               EC_GROUP_set_generator;
++               _ossl_old_des_string_to_2keys;
++               OCSP_CERTID_free;
++               X509_CERT_AUX_it;
++               X509_CERT_AUX_it;
++               CERTIFICATEPOLICIES_it;
++               CERTIFICATEPOLICIES_it;
++               _ossl_old_des_ede3_cbc_encrypt;
++               RAND_set_rand_engine;
++               DSO_get_loaded_filename;
++               X509_ATTRIBUTE_it;
++               X509_ATTRIBUTE_it;
++               OCSP_ONEREQ_get_ext_by_NID;
++               PKCS12_decrypt_skey;
++               KRB5_AUTHENT_it;
++               KRB5_AUTHENT_it;
++               UI_dup_error_string;
++               RSAPublicKey_it;
++               RSAPublicKey_it;
++               i2d_OCSP_REQUEST;
++               PKCS12_x509crl2certbag;
++               OCSP_SERVICELOC_it;
++               OCSP_SERVICELOC_it;
++               ASN1_item_sign;
++               X509_CRL_set_issuer_name;
++               OBJ_NAME_do_all_sorted;
++               i2d_OCSP_BASICRESP;
++               i2d_OCSP_RESPBYTES;
++               PKCS12_unpack_p7encdata;
++               HMAC_CTX_init;
++               ENGINE_get_digest;
++               OCSP_RESPONSE_print;
++               KRB5_TKTBODY_it;
++               KRB5_TKTBODY_it;
++               ACCESS_DESCRIPTION_it;
++               ACCESS_DESCRIPTION_it;
++               PKCS7_ISSUER_AND_SERIAL_it;
++               PKCS7_ISSUER_AND_SERIAL_it;
++               PBE2PARAM_it;
++               PBE2PARAM_it;
++               PKCS12_certbag2x509crl;
++               PKCS7_SIGNED_it;
++               PKCS7_SIGNED_it;
++               ENGINE_get_cipher;
++               i2d_OCSP_CRLID;
++               OCSP_SINGLERESP_new;
++               ENGINE_cmd_is_executable;
++               RSA_up_ref;
++               ASN1_GENERALSTRING_it;
++               ASN1_GENERALSTRING_it;
++               ENGINE_register_DSA;
++               X509V3_EXT_add_nconf_sk;
++               ENGINE_set_load_pubkey_function;
++               PKCS8_decrypt;
++               PEM_bytes_read_bio;
++               DIRECTORYSTRING_it;
++               DIRECTORYSTRING_it;
++               d2i_OCSP_CRLID;
++               EC_POINT_is_on_curve;
++               CRYPTO_set_locked_mem_ex_functions;
++               CRYPTO_set_locked_mem_ex_funcs;
++               d2i_KRB5_CHECKSUM;
++               ASN1_item_dup;
++               X509_it;
++               X509_it;
++               BN_mod_add;
++               KRB5_AUTHDATA_free;
++               _ossl_old_des_cbc_cksum;
++               ASN1_item_verify;
++               CRYPTO_set_mem_ex_functions;
++               EC_POINT_get_Jprojective_coordinates_GFp;
++               EC_POINT_get_Jproj_coords_GFp;
++               ZLONG_it;
++               ZLONG_it;
++               CRYPTO_get_locked_mem_ex_functions;
++               CRYPTO_get_locked_mem_ex_funcs;
++               ASN1_TIME_check;
++               UI_get0_user_data;
++               HMAC_CTX_cleanup;
++               DSA_up_ref;
++               _ossl_old_des_ede3_cfb64_encrypt;
++               _ossl_odes_ede3_cfb64_encrypt;
++               ASN1_BMPSTRING_it;
++               ASN1_BMPSTRING_it;
++               ASN1_tag2bit;
++               UI_method_set_flusher;
++               X509_ocspid_print;
++               KRB5_ENCDATA_it;
++               KRB5_ENCDATA_it;
++               ENGINE_get_load_pubkey_function;
++               UI_add_user_data;
++               OCSP_REQUEST_delete_ext;
++               UI_get_method;
++               OCSP_ONEREQ_free;
++               ASN1_PRINTABLESTRING_it;
++               ASN1_PRINTABLESTRING_it;
++               X509_CRL_set_nextUpdate;
++               OCSP_REQUEST_it;
++               OCSP_REQUEST_it;
++               OCSP_BASICRESP_it;
++               OCSP_BASICRESP_it;
++               AES_ecb_encrypt;
++               BN_mod_sqr;
++               NETSCAPE_CERT_SEQUENCE_it;
++               NETSCAPE_CERT_SEQUENCE_it;
++               GENERAL_NAMES_it;
++               GENERAL_NAMES_it;
++               AUTHORITY_INFO_ACCESS_it;
++               AUTHORITY_INFO_ACCESS_it;
++               ASN1_FBOOLEAN_it;
++               ASN1_FBOOLEAN_it;
++               UI_set_ex_data;
++               _ossl_old_des_string_to_key;
++               ENGINE_register_all_RSA;
++               d2i_KRB5_PRINCNAME;
++               OCSP_RESPBYTES_it;
++               OCSP_RESPBYTES_it;
++               X509_CINF_it;
++               X509_CINF_it;
++               ENGINE_unregister_digests;
++               d2i_EDIPARTYNAME;
++               d2i_OCSP_SERVICELOC;
++               ENGINE_get_digests;
++               _ossl_old_des_set_odd_parity;
++               OCSP_RESPDATA_free;
++               d2i_KRB5_TICKET;
++               OTHERNAME_it;
++               OTHERNAME_it;
++               EVP_MD_CTX_cleanup;
++               d2i_ASN1_GENERALSTRING;
++               X509_CRL_set_version;
++               BN_mod_sub;
++               OCSP_SINGLERESP_get_ext_by_NID;
++               ENGINE_get_ex_new_index;
++               OCSP_REQUEST_free;
++               OCSP_REQUEST_add1_ext_i2d;
++               X509_VAL_it;
++               X509_VAL_it;
++               EC_POINTs_make_affine;
++               EC_POINT_mul;
++               X509V3_EXT_add_nconf;
++               X509_TRUST_set;
++               X509_CRL_add1_ext_i2d;
++               _ossl_old_des_fcrypt;
++               DISPLAYTEXT_it;
++               DISPLAYTEXT_it;
++               X509_CRL_set_lastUpdate;
++               OCSP_BASICRESP_free;
++               OCSP_BASICRESP_add1_ext_i2d;
++               d2i_KRB5_AUTHENTBODY;
++               CRYPTO_set_ex_data_implementation;
++               CRYPTO_set_ex_data_impl;
++               KRB5_ENCDATA_new;
++               DSO_up_ref;
++               OCSP_crl_reason_str;
++               UI_get0_result_string;
++               ASN1_GENERALSTRING_new;
++               X509_SIG_it;
++               X509_SIG_it;
++               ERR_set_implementation;
++               ERR_load_EC_strings;
++               UI_get0_action_string;
++               OCSP_ONEREQ_get_ext;
++               EC_POINT_method_of;
++               i2d_KRB5_APREQBODY;
++               _ossl_old_des_ecb3_encrypt;
++               CRYPTO_get_mem_ex_functions;
++               ENGINE_get_ex_data;
++               UI_destroy_method;
++               ASN1_item_i2d_bio;
++               OCSP_ONEREQ_get_ext_by_OBJ;
++               ASN1_primitive_new;
++               ASN1_PRINTABLE_it;
++               ASN1_PRINTABLE_it;
++               EVP_aes_192_ecb;
++               OCSP_SIGNATURE_new;
++               LONG_it;
++               LONG_it;
++               ASN1_VISIBLESTRING_it;
++               ASN1_VISIBLESTRING_it;
++               OCSP_SINGLERESP_add1_ext_i2d;
++               d2i_OCSP_CERTID;
++               ASN1_item_d2i_fp;
++               CRL_DIST_POINTS_it;
++               CRL_DIST_POINTS_it;
++               GENERAL_NAME_print;
++               OCSP_SINGLERESP_delete_ext;
++               PKCS12_SAFEBAGS_it;
++               PKCS12_SAFEBAGS_it;
++               d2i_OCSP_SIGNATURE;
++               OCSP_request_add1_nonce;
++               ENGINE_set_cmd_defns;
++               OCSP_SERVICELOC_free;
++               EC_GROUP_free;
++               ASN1_BIT_STRING_it;
++               ASN1_BIT_STRING_it;
++               X509_REQ_it;
++               X509_REQ_it;
++               _ossl_old_des_cbc_encrypt;
++               ERR_unload_strings;
++               PKCS7_SIGN_ENVELOPE_it;
++               PKCS7_SIGN_ENVELOPE_it;
++               EDIPARTYNAME_free;
++               OCSP_REQINFO_free;
++               EC_GROUP_new_curve_GFp;
++               OCSP_REQUEST_get1_ext_d2i;
++               PKCS12_item_pack_safebag;
++               asn1_ex_c2i;
++               ENGINE_register_digests;
++               i2d_OCSP_REVOKEDINFO;
++               asn1_enc_restore;
++               UI_free;
++               UI_new_method;
++               EVP_EncryptInit_ex;
++               X509_pubkey_digest;
++               EC_POINT_invert;
++               OCSP_basic_sign;
++               i2d_OCSP_RESPID;
++               OCSP_check_nonce;
++               ENGINE_ctrl_cmd;
++               d2i_KRB5_ENCKEY;
++               OCSP_parse_url;
++               OCSP_SINGLERESP_get_ext;
++               OCSP_CRLID_free;
++               OCSP_BASICRESP_get1_ext_d2i;
++               RSAPrivateKey_it;
++               RSAPrivateKey_it;
++               ENGINE_register_all_DH;
++               i2d_EDIPARTYNAME;
++               EC_POINT_get_affine_coordinates_GFp;
++               EC_POINT_get_affine_coords_GFp;
++               OCSP_CRLID_new;
++               ENGINE_get_flags;
++               OCSP_ONEREQ_it;
++               OCSP_ONEREQ_it;
++               UI_process;
++               ASN1_INTEGER_it;
++               ASN1_INTEGER_it;
++               EVP_CipherInit_ex;
++               UI_get_string_type;
++               ENGINE_unregister_DH;
++               ENGINE_register_all_DSA;
++               OCSP_ONEREQ_get_ext_by_critical;
++               bn_dup_expand;
++               OCSP_cert_id_new;
++               BASIC_CONSTRAINTS_it;
++               BASIC_CONSTRAINTS_it;
++               BN_mod_add_quick;
++               EC_POINT_new;
++               EVP_MD_CTX_destroy;
++               OCSP_RESPBYTES_free;
++               EVP_aes_128_cbc;
++               OCSP_SINGLERESP_get1_ext_d2i;
++               EC_POINT_free;
++               DH_up_ref;
++               X509_NAME_ENTRY_it;
++               X509_NAME_ENTRY_it;
++               UI_get_ex_new_index;
++               BN_mod_sub_quick;
++               OCSP_ONEREQ_add_ext;
++               OCSP_request_sign;
++               EVP_DigestFinal_ex;
++               ENGINE_set_digests;
++               OCSP_id_issuer_cmp;
++               OBJ_NAME_do_all;
++               EC_POINTs_mul;
++               ENGINE_register_complete;
++               X509V3_EXT_nconf_nid;
++               ASN1_SEQUENCE_it;
++               ASN1_SEQUENCE_it;
++               UI_set_default_method;
++               RAND_query_egd_bytes;
++               UI_method_get_writer;
++               UI_OpenSSL;
++               PEM_def_callback;
++               ENGINE_cleanup;
++               DIST_POINT_it;
++               DIST_POINT_it;
++               OCSP_SINGLERESP_it;
++               OCSP_SINGLERESP_it;
++               d2i_KRB5_TKTBODY;
++               EC_POINT_cmp;
++               OCSP_REVOKEDINFO_new;
++               i2d_OCSP_CERTSTATUS;
++               OCSP_basic_add1_nonce;
++               ASN1_item_ex_d2i;
++               BN_mod_lshift1_quick;
++               UI_set_method;
++               OCSP_id_get0_info;
++               BN_mod_sqrt;
++               EC_GROUP_copy;
++               KRB5_ENCDATA_free;
++               _ossl_old_des_cfb_encrypt;
++               OCSP_SINGLERESP_get_ext_by_OBJ;
++               OCSP_cert_to_id;
++               OCSP_RESPID_new;
++               OCSP_RESPDATA_it;
++               OCSP_RESPDATA_it;
++               d2i_OCSP_RESPDATA;
++               ENGINE_register_all_complete;
++               OCSP_check_validity;
++               PKCS12_BAGS_it;
++               PKCS12_BAGS_it;
++               OCSP_url_svcloc_new;
++               ASN1_template_free;
++               OCSP_SINGLERESP_add_ext;
++               KRB5_AUTHENTBODY_it;
++               KRB5_AUTHENTBODY_it;
++               X509_supported_extension;
++               i2d_KRB5_AUTHDATA;
++               UI_method_get_opener;
++               ENGINE_set_ex_data;
++               OCSP_REQUEST_print;
++               CBIGNUM_it;
++               CBIGNUM_it;
++               KRB5_TICKET_new;
++               KRB5_APREQ_new;
++               EC_GROUP_get_curve_GFp;
++               KRB5_ENCKEY_new;
++               ASN1_template_d2i;
++               _ossl_old_des_quad_cksum;
++               OCSP_single_get0_status;
++               BN_swap;
++               POLICYINFO_it;
++               POLICYINFO_it;
++               ENGINE_set_destroy_function;
++               asn1_enc_free;
++               OCSP_RESPID_it;
++               OCSP_RESPID_it;
++               EC_GROUP_new;
++               EVP_aes_256_cbc;
++               i2d_KRB5_PRINCNAME;
++               _ossl_old_des_encrypt2;
++               _ossl_old_des_encrypt3;
++               PKCS8_PRIV_KEY_INFO_it;
++               PKCS8_PRIV_KEY_INFO_it;
++               OCSP_REQINFO_it;
++               OCSP_REQINFO_it;
++               PBEPARAM_it;
++               PBEPARAM_it;
++               KRB5_AUTHENTBODY_new;
++               X509_CRL_add0_revoked;
++               EDIPARTYNAME_it;
++               EDIPARTYNAME_it;
++               NETSCAPE_SPKI_it;
++               NETSCAPE_SPKI_it;
++               UI_get0_test_string;
++               ENGINE_get_cipher_engine;
++               ENGINE_register_all_ciphers;
++               EC_POINT_copy;
++               BN_kronecker;
++               _ossl_old_des_ede3_ofb64_encrypt;
++               _ossl_odes_ede3_ofb64_encrypt;
++               UI_method_get_reader;
++               OCSP_BASICRESP_get_ext_count;
++               ASN1_ENUMERATED_it;
++               ASN1_ENUMERATED_it;
++               UI_set_result;
++               i2d_KRB5_TICKET;
++               X509_print_ex_fp;
++               EVP_CIPHER_CTX_set_padding;
++               d2i_OCSP_RESPONSE;
++               ASN1_UTCTIME_it;
++               ASN1_UTCTIME_it;
++               _ossl_old_des_enc_write;
++               OCSP_RESPONSE_new;
++               AES_set_encrypt_key;
++               OCSP_resp_count;
++               KRB5_CHECKSUM_new;
++               ENGINE_load_cswift;
++               OCSP_onereq_get0_id;
++               ENGINE_set_default_ciphers;
++               NOTICEREF_it;
++               NOTICEREF_it;
++               X509V3_EXT_CRL_add_nconf;
++               OCSP_REVOKEDINFO_it;
++               OCSP_REVOKEDINFO_it;
++               AES_encrypt;
++               OCSP_REQUEST_new;
++               ASN1_ANY_it;
++               ASN1_ANY_it;
++               CRYPTO_ex_data_new_class;
++               _ossl_old_des_ncbc_encrypt;
++               i2d_KRB5_TKTBODY;
++               EC_POINT_clear_free;
++               AES_decrypt;
++               asn1_enc_init;
++               UI_get_result_maxsize;
++               OCSP_CERTID_new;
++               ENGINE_unregister_RAND;
++               UI_method_get_closer;
++               d2i_KRB5_ENCDATA;
++               OCSP_request_onereq_count;
++               OCSP_basic_verify;
++               KRB5_AUTHENTBODY_free;
++               ASN1_item_d2i;
++               ASN1_primitive_free;
++               i2d_EXTENDED_KEY_USAGE;
++               i2d_OCSP_SIGNATURE;
++               asn1_enc_save;
++               ENGINE_load_nuron;
++               _ossl_old_des_pcbc_encrypt;
++               PKCS12_MAC_DATA_it;
++               PKCS12_MAC_DATA_it;
++               OCSP_accept_responses_new;
++               asn1_do_lock;
++               PKCS7_ATTR_VERIFY_it;
++               PKCS7_ATTR_VERIFY_it;
++               KRB5_APREQBODY_it;
++               KRB5_APREQBODY_it;
++               i2d_OCSP_SINGLERESP;
++               ASN1_item_ex_new;
++               UI_add_verify_string;
++               _ossl_old_des_set_key;
++               KRB5_PRINCNAME_it;
++               KRB5_PRINCNAME_it;
++               EVP_DecryptInit_ex;
++               i2d_OCSP_CERTID;
++               ASN1_item_d2i_bio;
++               EC_POINT_dbl;
++               asn1_get_choice_selector;
++               i2d_KRB5_CHECKSUM;
++               ENGINE_set_table_flags;
++               AES_options;
++               ENGINE_load_chil;
++               OCSP_id_cmp;
++               OCSP_BASICRESP_new;
++               OCSP_REQUEST_get_ext_by_NID;
++               KRB5_APREQ_it;
++               KRB5_APREQ_it;
++               ENGINE_get_destroy_function;
++               CONF_set_nconf;
++               ASN1_PRINTABLE_free;
++               OCSP_BASICRESP_get_ext_by_NID;
++               DIST_POINT_NAME_it;
++               DIST_POINT_NAME_it;
++               X509V3_extensions_print;
++               _ossl_old_des_cfb64_encrypt;
++               X509_REVOKED_add1_ext_i2d;
++               _ossl_old_des_ofb_encrypt;
++               KRB5_TKTBODY_new;
++               ASN1_OCTET_STRING_it;
++               ASN1_OCTET_STRING_it;
++               ERR_load_UI_strings;
++               i2d_KRB5_ENCKEY;
++               ASN1_template_new;
++               OCSP_SIGNATURE_free;
++               ASN1_item_i2d_fp;
++               KRB5_PRINCNAME_free;
++               PKCS7_RECIP_INFO_it;
++               PKCS7_RECIP_INFO_it;
++               EXTENDED_KEY_USAGE_it;
++               EXTENDED_KEY_USAGE_it;
++               EC_GFp_simple_method;
++               EC_GROUP_precompute_mult;
++               OCSP_request_onereq_get0;
++               UI_method_set_writer;
++               KRB5_AUTHENT_new;
++               X509_CRL_INFO_it;
++               X509_CRL_INFO_it;
++               DSO_set_name_converter;
++               AES_set_decrypt_key;
++               PKCS7_DIGEST_it;
++               PKCS7_DIGEST_it;
++               PKCS12_x5092certbag;
++               EVP_DigestInit_ex;
++               i2a_ACCESS_DESCRIPTION;
++               OCSP_RESPONSE_it;
++               OCSP_RESPONSE_it;
++               PKCS7_ENC_CONTENT_it;
++               PKCS7_ENC_CONTENT_it;
++               OCSP_request_add0_id;
++               EC_POINT_make_affine;
++               DSO_get_filename;
++               OCSP_CERTSTATUS_it;
++               OCSP_CERTSTATUS_it;
++               OCSP_request_add1_cert;
++               UI_get0_output_string;
++               UI_dup_verify_string;
++               BN_mod_lshift;
++               KRB5_AUTHDATA_it;
++               KRB5_AUTHDATA_it;
++               asn1_set_choice_selector;
++               OCSP_basic_add1_status;
++               OCSP_RESPID_free;
++               asn1_get_field_ptr;
++               UI_add_input_string;
++               OCSP_CRLID_it;
++               OCSP_CRLID_it;
++               i2d_KRB5_AUTHENTBODY;
++               OCSP_REQUEST_get_ext_count;
++               ENGINE_load_atalla;
++               X509_NAME_it;
++               X509_NAME_it;
++               USERNOTICE_it;
++               USERNOTICE_it;
++               OCSP_REQINFO_new;
++               OCSP_BASICRESP_get_ext;
++               CRYPTO_get_ex_data_implementation;
++               CRYPTO_get_ex_data_impl;
++               ASN1_item_pack;
++               i2d_KRB5_ENCDATA;
++               X509_PURPOSE_set;
++               X509_REQ_INFO_it;
++               X509_REQ_INFO_it;
++               UI_method_set_opener;
++               ASN1_item_ex_free;
++               ASN1_BOOLEAN_it;
++               ASN1_BOOLEAN_it;
++               ENGINE_get_table_flags;
++               UI_create_method;
++               OCSP_ONEREQ_add1_ext_i2d;
++               _shadow_DES_check_key;
++               _shadow_DES_check_key;
++               d2i_OCSP_REQINFO;
++               UI_add_info_string;
++               UI_get_result_minsize;
++               ASN1_NULL_it;
++               ASN1_NULL_it;
++               BN_mod_lshift1;
++               d2i_OCSP_ONEREQ;
++               OCSP_ONEREQ_new;
++               KRB5_TICKET_it;
++               KRB5_TICKET_it;
++               EVP_aes_192_cbc;
++               KRB5_TICKET_free;
++               UI_new;
++               OCSP_response_create;
++               _ossl_old_des_xcbc_encrypt;
++               PKCS7_it;
++               PKCS7_it;
++               OCSP_REQUEST_get_ext_by_critical;
++               OCSP_REQUEST_get_ext_by_crit;
++               ENGINE_set_flags;
++               _ossl_old_des_ecb_encrypt;
++               OCSP_response_get1_basic;
++               EVP_Digest;
++               OCSP_ONEREQ_delete_ext;
++               ASN1_TBOOLEAN_it;
++               ASN1_TBOOLEAN_it;
++               ASN1_item_new;
++               ASN1_TIME_to_generalizedtime;
++               BIGNUM_it;
++               BIGNUM_it;
++               AES_cbc_encrypt;
++               ENGINE_get_load_privkey_function;
++               ENGINE_get_load_privkey_fn;
++               OCSP_RESPONSE_free;
++               UI_method_set_reader;
++               i2d_ASN1_T61STRING;
++               EC_POINT_set_to_infinity;
++               ERR_load_OCSP_strings;
++               EC_POINT_point2oct;
++               KRB5_APREQ_free;
++               ASN1_OBJECT_it;
++               ASN1_OBJECT_it;
++               OCSP_crlID_new;
++               OCSP_crlID2_new;
++               CONF_modules_load_file;
++               CONF_imodule_set_usr_data;
++               ENGINE_set_default_string;
++               CONF_module_get_usr_data;
++               ASN1_add_oid_module;
++               CONF_modules_finish;
++               OPENSSL_config;
++               CONF_modules_unload;
++               CONF_imodule_get_value;
++               CONF_module_set_usr_data;
++               CONF_parse_list;
++               CONF_module_add;
++               CONF_get1_default_config_file;
++               CONF_imodule_get_flags;
++               CONF_imodule_get_module;
++               CONF_modules_load;
++               CONF_imodule_get_name;
++               ERR_peek_top_error;
++               CONF_imodule_get_usr_data;
++               CONF_imodule_set_flags;
++               ENGINE_add_conf_module;
++               ERR_peek_last_error_line;
++               ERR_peek_last_error_line_data;
++               ERR_peek_last_error;
++               DES_read_2passwords;
++               DES_read_password;
++               UI_UTIL_read_pw;
++               UI_UTIL_read_pw_string;
++               ENGINE_load_aep;
++               ENGINE_load_sureware;
++               OPENSSL_add_all_algorithms_noconf;
++               OPENSSL_add_all_algo_noconf;
++               OPENSSL_add_all_algorithms_conf;
++               OPENSSL_add_all_algo_conf;
++               OPENSSL_load_builtin_modules;
++               AES_ofb128_encrypt;
++               AES_ctr128_encrypt;
++               AES_cfb128_encrypt;
++               ENGINE_load_4758cca;
++               _ossl_096_des_random_seed;
++               EVP_aes_256_ofb;
++               EVP_aes_192_ofb;
++               EVP_aes_128_cfb128;
++               EVP_aes_256_cfb128;
++               EVP_aes_128_ofb;
++               EVP_aes_192_cfb128;
++               CONF_modules_free;
++               NCONF_default;
++               OPENSSL_no_config;
++               NCONF_WIN32;
++               ASN1_UNIVERSALSTRING_new;
++               EVP_des_ede_ecb;
++               i2d_ASN1_UNIVERSALSTRING;
++               ASN1_UNIVERSALSTRING_free;
++               ASN1_UNIVERSALSTRING_it;
++               ASN1_UNIVERSALSTRING_it;
++               d2i_ASN1_UNIVERSALSTRING;
++               EVP_des_ede3_ecb;
++               X509_REQ_print_ex;
++               ENGINE_up_ref;
++               BUF_MEM_grow_clean;
++               CRYPTO_realloc_clean;
++               BUF_strlcat;
++               BIO_indent;
++               BUF_strlcpy;
++               OpenSSLDie;
++               OPENSSL_cleanse;
++               ENGINE_setup_bsd_cryptodev;
++               ERR_release_err_state_table;
++               EVP_aes_128_cfb8;
++               FIPS_corrupt_rsa;
++               FIPS_selftest_des;
++               EVP_aes_128_cfb1;
++               EVP_aes_192_cfb8;
++               FIPS_mode_set;
++               FIPS_selftest_dsa;
++               EVP_aes_256_cfb8;
++               FIPS_allow_md5;
++               DES_ede3_cfb_encrypt;
++               EVP_des_ede3_cfb8;
++               FIPS_rand_seeded;
++               AES_cfbr_encrypt_block;
++               AES_cfb8_encrypt;
++               FIPS_rand_seed;
++               FIPS_corrupt_des;
++               EVP_aes_192_cfb1;
++               FIPS_selftest_aes;
++               FIPS_set_prng_key;
++               EVP_des_cfb8;
++               FIPS_corrupt_dsa;
++               FIPS_test_mode;
++               FIPS_rand_method;
++               EVP_aes_256_cfb1;
++               ERR_load_FIPS_strings;
++               FIPS_corrupt_aes;
++               FIPS_selftest_sha1;
++               FIPS_selftest_rsa;
++               FIPS_corrupt_sha1;
++               EVP_des_cfb1;
++               FIPS_dsa_check;
++               AES_cfb1_encrypt;
++               EVP_des_ede3_cfb1;
++               FIPS_rand_check;
++               FIPS_md5_allowed;
++               FIPS_mode;
++               FIPS_selftest_failed;
++               sk_is_sorted;
++               X509_check_ca;
++               HMAC_CTX_set_flags;
++               d2i_PROXY_CERT_INFO_EXTENSION;
++               PROXY_POLICY_it;
++               PROXY_POLICY_it;
++               i2d_PROXY_POLICY;
++               i2d_PROXY_CERT_INFO_EXTENSION;
++               d2i_PROXY_POLICY;
++               PROXY_CERT_INFO_EXTENSION_new;
++               PROXY_CERT_INFO_EXTENSION_free;
++               PROXY_CERT_INFO_EXTENSION_it;
++               PROXY_CERT_INFO_EXTENSION_it;
++               PROXY_POLICY_free;
++               PROXY_POLICY_new;
++               BN_MONT_CTX_set_locked;
++               FIPS_selftest_rng;
++               EVP_sha384;
++               EVP_sha512;
++               EVP_sha224;
++               EVP_sha256;
++               FIPS_selftest_hmac;
++               FIPS_corrupt_rng;
++               BN_mod_exp_mont_consttime;
++               RSA_X931_hash_id;
++               RSA_padding_check_X931;
++               RSA_verify_PKCS1_PSS;
++               RSA_padding_add_X931;
++               RSA_padding_add_PKCS1_PSS;
++               PKCS1_MGF1;
++               BN_X931_generate_Xpq;
++               RSA_X931_generate_key;
++               BN_X931_derive_prime;
++               BN_X931_generate_prime;
++               RSA_X931_derive;
++               BIO_new_dgram;
++               BN_get0_nist_prime_384;
++               ERR_set_mark;
++               X509_STORE_CTX_set0_crls;
++               ENGINE_set_STORE;
++               ENGINE_register_ECDSA;
++               STORE_meth_set_list_start_fn;
++               STORE_method_set_list_start_function;
++               BN_BLINDING_invert_ex;
++               NAME_CONSTRAINTS_free;
++               STORE_ATTR_INFO_set_number;
++               BN_BLINDING_get_thread_id;
++               X509_STORE_CTX_set0_param;
++               POLICY_MAPPING_it;
++               POLICY_MAPPING_it;
++               STORE_parse_attrs_start;
++               POLICY_CONSTRAINTS_free;
++               EVP_PKEY_add1_attr_by_NID;
++               BN_nist_mod_192;
++               EC_GROUP_get_trinomial_basis;
++               STORE_set_method;
++               GENERAL_SUBTREE_free;
++               NAME_CONSTRAINTS_it;
++               NAME_CONSTRAINTS_it;
++               ECDH_get_default_method;
++               PKCS12_add_safe;
++               EC_KEY_new_by_curve_name;
++               STORE_meth_get_update_store_fn;
++               STORE_method_get_update_store_function;
++               ENGINE_register_ECDH;
++               SHA512_Update;
++               i2d_ECPrivateKey;
++               BN_get0_nist_prime_192;
++               STORE_modify_certificate;
++               EC_POINT_set_affine_coordinates_GF2m;
++               EC_POINT_set_affine_coords_GF2m;
++               BN_GF2m_mod_exp_arr;
++               STORE_ATTR_INFO_modify_number;
++               X509_keyid_get0;
++               ENGINE_load_gmp;
++               pitem_new;
++               BN_GF2m_mod_mul_arr;
++               STORE_list_public_key_endp;
++               o2i_ECPublicKey;
++               EC_KEY_copy;
++               BIO_dump_fp;
++               X509_policy_node_get0_parent;
++               EC_GROUP_check_discriminant;
++               i2o_ECPublicKey;
++               EC_KEY_precompute_mult;
++               a2i_IPADDRESS;
++               STORE_meth_set_initialise_fn;
++               STORE_method_set_initialise_function;
++               X509_STORE_CTX_set_depth;
++               X509_VERIFY_PARAM_inherit;
++               EC_POINT_point2bn;
++               STORE_ATTR_INFO_set_dn;
++               X509_policy_tree_get0_policies;
++               EC_GROUP_new_curve_GF2m;
++               STORE_destroy_method;
++               ENGINE_unregister_STORE;
++               EVP_PKEY_get1_EC_KEY;
++               STORE_ATTR_INFO_get0_number;
++               ENGINE_get_default_ECDH;
++               EC_KEY_get_conv_form;
++               ASN1_OCTET_STRING_NDEF_it;
++               ASN1_OCTET_STRING_NDEF_it;
++               STORE_delete_public_key;
++               STORE_get_public_key;
++               STORE_modify_arbitrary;
++               ENGINE_get_static_state;
++               pqueue_iterator;
++               ECDSA_SIG_new;
++               OPENSSL_DIR_end;
++               BN_GF2m_mod_sqr;
++               EC_POINT_bn2point;
++               X509_VERIFY_PARAM_set_depth;
++               EC_KEY_set_asn1_flag;
++               STORE_get_method;
++               EC_KEY_get_key_method_data;
++               ECDSA_sign_ex;
++               STORE_parse_attrs_end;
++               EC_GROUP_get_point_conversion_form;
++               EC_GROUP_get_point_conv_form;
++               STORE_method_set_store_function;
++               STORE_ATTR_INFO_in;
++               PEM_read_bio_ECPKParameters;
++               EC_GROUP_get_pentanomial_basis;
++               EVP_PKEY_add1_attr_by_txt;
++               BN_BLINDING_set_flags;
++               X509_VERIFY_PARAM_set1_policies;
++               X509_VERIFY_PARAM_set1_name;
++               X509_VERIFY_PARAM_set_purpose;
++               STORE_get_number;
++               ECDSA_sign_setup;
++               BN_GF2m_mod_solve_quad_arr;
++               EC_KEY_up_ref;
++               POLICY_MAPPING_free;
++               BN_GF2m_mod_div;
++               X509_VERIFY_PARAM_set_flags;
++               EC_KEY_free;
++               STORE_meth_set_list_next_fn;
++               STORE_method_set_list_next_function;
++               PEM_write_bio_ECPrivateKey;
++               d2i_EC_PUBKEY;
++               STORE_meth_get_generate_fn;
++               STORE_method_get_generate_function;
++               STORE_meth_set_list_end_fn;
++               STORE_method_set_list_end_function;
++               pqueue_print;
++               EC_GROUP_have_precompute_mult;
++               EC_KEY_print_fp;
++               BN_GF2m_mod_arr;
++               PEM_write_bio_X509_CERT_PAIR;
++               EVP_PKEY_cmp;
++               X509_policy_level_node_count;
++               STORE_new_engine;
++               STORE_list_public_key_start;
++               X509_VERIFY_PARAM_new;
++               ECDH_get_ex_data;
++               EVP_PKEY_get_attr;
++               ECDSA_do_sign;
++               ENGINE_unregister_ECDH;
++               ECDH_OpenSSL;
++               EC_KEY_set_conv_form;
++               EC_POINT_dup;
++               GENERAL_SUBTREE_new;
++               STORE_list_crl_endp;
++               EC_get_builtin_curves;
++               X509_policy_node_get0_qualifiers;
++               X509_pcy_node_get0_qualifiers;
++               STORE_list_crl_end;
++               EVP_PKEY_set1_EC_KEY;
++               BN_GF2m_mod_sqrt_arr;
++               i2d_ECPrivateKey_bio;
++               ECPKParameters_print_fp;
++               pqueue_find;
++               ECDSA_SIG_free;
++               PEM_write_bio_ECPKParameters;
++               STORE_method_set_ctrl_function;
++               STORE_list_public_key_end;
++               EC_KEY_set_private_key;
++               pqueue_peek;
++               STORE_get_arbitrary;
++               STORE_store_crl;
++               X509_policy_node_get0_policy;
++               PKCS12_add_safes;
++               BN_BLINDING_convert_ex;
++               X509_policy_tree_free;
++               OPENSSL_ia32cap_loc;
++               BN_GF2m_poly2arr;
++               STORE_ctrl;
++               STORE_ATTR_INFO_compare;
++               BN_get0_nist_prime_224;
++               i2d_ECParameters;
++               i2d_ECPKParameters;
++               BN_GENCB_call;
++               d2i_ECPKParameters;
++               STORE_meth_set_generate_fn;
++               STORE_method_set_generate_function;
++               ENGINE_set_ECDH;
++               NAME_CONSTRAINTS_new;
++               SHA256_Init;
++               EC_KEY_get0_public_key;
++               PEM_write_bio_EC_PUBKEY;
++               STORE_ATTR_INFO_set_cstr;
++               STORE_list_crl_next;
++               STORE_ATTR_INFO_in_range;
++               ECParameters_print;
++               STORE_meth_set_delete_fn;
++               STORE_method_set_delete_function;
++               STORE_list_certificate_next;
++               ASN1_generate_nconf;
++               BUF_memdup;
++               BN_GF2m_mod_mul;
++               STORE_meth_get_list_next_fn;
++               STORE_method_get_list_next_function;
++               STORE_ATTR_INFO_get0_dn;
++               STORE_list_private_key_next;
++               EC_GROUP_set_seed;
++               X509_VERIFY_PARAM_set_trust;
++               STORE_ATTR_INFO_free;
++               STORE_get_private_key;
++               EVP_PKEY_get_attr_count;
++               STORE_ATTR_INFO_new;
++               EC_GROUP_get_curve_GF2m;
++               STORE_meth_set_revoke_fn;
++               STORE_method_set_revoke_function;
++               STORE_store_number;
++               BN_is_prime_ex;
++               STORE_revoke_public_key;
++               X509_STORE_CTX_get0_param;
++               STORE_delete_arbitrary;
++               PEM_read_X509_CERT_PAIR;
++               X509_STORE_set_depth;
++               ECDSA_get_ex_data;
++               SHA224;
++               BIO_dump_indent_fp;
++               EC_KEY_set_group;
++               BUF_strndup;
++               STORE_list_certificate_start;
++               BN_GF2m_mod;
++               X509_REQ_check_private_key;
++               EC_GROUP_get_seed_len;
++               ERR_load_STORE_strings;
++               PEM_read_bio_EC_PUBKEY;
++               STORE_list_private_key_end;
++               i2d_EC_PUBKEY;
++               ECDSA_get_default_method;
++               ASN1_put_eoc;
++               X509_STORE_CTX_get_explicit_policy;
++               X509_STORE_CTX_get_expl_policy;
++               X509_VERIFY_PARAM_table_cleanup;
++               STORE_modify_private_key;
++               X509_VERIFY_PARAM_free;
++               EC_METHOD_get_field_type;
++               EC_GFp_nist_method;
++               STORE_meth_set_modify_fn;
++               STORE_method_set_modify_function;
++               STORE_parse_attrs_next;
++               ENGINE_load_padlock;
++               EC_GROUP_set_curve_name;
++               X509_CERT_PAIR_it;
++               X509_CERT_PAIR_it;
++               STORE_meth_get_revoke_fn;
++               STORE_method_get_revoke_function;
++               STORE_method_set_get_function;
++               STORE_modify_number;
++               STORE_method_get_store_function;
++               STORE_store_private_key;
++               BN_GF2m_mod_sqr_arr;
++               RSA_setup_blinding;
++               BIO_s_datagram;
++               STORE_Memory;
++               sk_find_ex;
++               EC_GROUP_set_curve_GF2m;
++               ENGINE_set_default_ECDSA;
++               POLICY_CONSTRAINTS_new;
++               BN_GF2m_mod_sqrt;
++               ECDH_set_default_method;
++               EC_KEY_generate_key;
++               SHA384_Update;
++               BN_GF2m_arr2poly;
++               STORE_method_get_get_function;
++               STORE_meth_set_cleanup_fn;
++               STORE_method_set_cleanup_function;
++               EC_GROUP_check;
++               d2i_ECPrivateKey_bio;
++               EC_KEY_insert_key_method_data;
++               STORE_meth_get_lock_store_fn;
++               STORE_method_get_lock_store_function;
++               X509_VERIFY_PARAM_get_depth;
++               SHA224_Final;
++               STORE_meth_set_update_store_fn;
++               STORE_method_set_update_store_function;
++               SHA224_Update;
++               d2i_ECPrivateKey;
++               ASN1_item_ndef_i2d;
++               STORE_delete_private_key;
++               ERR_pop_to_mark;
++               ENGINE_register_all_STORE;
++               X509_policy_level_get0_node;
++               i2d_PKCS7_NDEF;
++               EC_GROUP_get_degree;
++               ASN1_generate_v3;
++               STORE_ATTR_INFO_modify_cstr;
++               X509_policy_tree_level_count;
++               BN_GF2m_add;
++               EC_KEY_get0_group;
++               STORE_generate_crl;
++               STORE_store_public_key;
++               X509_CERT_PAIR_free;
++               STORE_revoke_private_key;
++               BN_nist_mod_224;
++               SHA512_Final;
++               STORE_ATTR_INFO_modify_dn;
++               STORE_meth_get_initialise_fn;
++               STORE_method_get_initialise_function;
++               STORE_delete_number;
++               i2d_EC_PUBKEY_bio;
++               BIO_dgram_non_fatal_error;
++               EC_GROUP_get_asn1_flag;
++               STORE_ATTR_INFO_in_ex;
++               STORE_list_crl_start;
++               ECDH_get_ex_new_index;
++               STORE_meth_get_modify_fn;
++               STORE_method_get_modify_function;
++               v2i_ASN1_BIT_STRING;
++               STORE_store_certificate;
++               OBJ_bsearch_ex;
++               X509_STORE_CTX_set_default;
++               STORE_ATTR_INFO_set_sha1str;
++               BN_GF2m_mod_inv;
++               BN_GF2m_mod_exp;
++               STORE_modify_public_key;
++               STORE_meth_get_list_start_fn;
++               STORE_method_get_list_start_function;
++               EC_GROUP_get0_seed;
++               STORE_store_arbitrary;
++               STORE_meth_set_unlock_store_fn;
++               STORE_method_set_unlock_store_function;
++               BN_GF2m_mod_div_arr;
++               ENGINE_set_ECDSA;
++               STORE_create_method;
++               ECPKParameters_print;
++               EC_KEY_get0_private_key;
++               PEM_write_EC_PUBKEY;
++               X509_VERIFY_PARAM_set1;
++               ECDH_set_method;
++               v2i_GENERAL_NAME_ex;
++               ECDH_set_ex_data;
++               STORE_generate_key;
++               BN_nist_mod_521;
++               X509_policy_tree_get0_level;
++               EC_GROUP_set_point_conversion_form;
++               EC_GROUP_set_point_conv_form;
++               PEM_read_EC_PUBKEY;
++               i2d_ECDSA_SIG;
++               ECDSA_OpenSSL;
++               STORE_delete_crl;
++               EC_KEY_get_enc_flags;
++               ASN1_const_check_infinite_end;
++               EVP_PKEY_delete_attr;
++               ECDSA_set_default_method;
++               EC_POINT_set_compressed_coordinates_GF2m;
++               EC_POINT_set_compr_coords_GF2m;
++               EC_GROUP_cmp;
++               STORE_revoke_certificate;
++               BN_get0_nist_prime_256;
++               STORE_meth_get_delete_fn;
++               STORE_method_get_delete_function;
++               SHA224_Init;
++               PEM_read_ECPrivateKey;
++               SHA512_Init;
++               STORE_parse_attrs_endp;
++               BN_set_negative;
++               ERR_load_ECDSA_strings;
++               EC_GROUP_get_basis_type;
++               STORE_list_public_key_next;
++               i2v_ASN1_BIT_STRING;
++               STORE_OBJECT_free;
++               BN_nist_mod_384;
++               i2d_X509_CERT_PAIR;
++               PEM_write_ECPKParameters;
++               ECDH_compute_key;
++               STORE_ATTR_INFO_get0_sha1str;
++               ENGINE_register_all_ECDH;
++               pqueue_pop;
++               STORE_ATTR_INFO_get0_cstr;
++               POLICY_CONSTRAINTS_it;
++               POLICY_CONSTRAINTS_it;
++               STORE_get_ex_new_index;
++               EVP_PKEY_get_attr_by_OBJ;
++               X509_VERIFY_PARAM_add0_policy;
++               BN_GF2m_mod_solve_quad;
++               SHA256;
++               i2d_ECPrivateKey_fp;
++               X509_policy_tree_get0_user_policies;
++               X509_pcy_tree_get0_usr_policies;
++               OPENSSL_DIR_read;
++               ENGINE_register_all_ECDSA;
++               X509_VERIFY_PARAM_lookup;
++               EC_POINT_get_affine_coordinates_GF2m;
++               EC_POINT_get_affine_coords_GF2m;
++               EC_GROUP_dup;
++               ENGINE_get_default_ECDSA;
++               EC_KEY_new;
++               SHA256_Transform;
++               EC_KEY_set_enc_flags;
++               ECDSA_verify;
++               EC_POINT_point2hex;
++               ENGINE_get_STORE;
++               SHA512;
++               STORE_get_certificate;
++               ECDSA_do_sign_ex;
++               ECDSA_do_verify;
++               d2i_ECPrivateKey_fp;
++               STORE_delete_certificate;
++               SHA512_Transform;
++               X509_STORE_set1_param;
++               STORE_method_get_ctrl_function;
++               STORE_free;
++               PEM_write_ECPrivateKey;
++               STORE_meth_get_unlock_store_fn;
++               STORE_method_get_unlock_store_function;
++               STORE_get_ex_data;
++               EC_KEY_set_public_key;
++               PEM_read_ECPKParameters;
++               X509_CERT_PAIR_new;
++               ENGINE_register_STORE;
++               RSA_generate_key_ex;
++               DSA_generate_parameters_ex;
++               ECParameters_print_fp;
++               X509V3_NAME_from_section;
++               EVP_PKEY_add1_attr;
++               STORE_modify_crl;
++               STORE_list_private_key_start;
++               POLICY_MAPPINGS_it;
++               POLICY_MAPPINGS_it;
++               GENERAL_SUBTREE_it;
++               GENERAL_SUBTREE_it;
++               EC_GROUP_get_curve_name;
++               PEM_write_X509_CERT_PAIR;
++               BIO_dump_indent_cb;
++               d2i_X509_CERT_PAIR;
++               STORE_list_private_key_endp;
++               asn1_const_Finish;
++               i2d_EC_PUBKEY_fp;
++               BN_nist_mod_256;
++               X509_VERIFY_PARAM_add0_table;
++               pqueue_free;
++               BN_BLINDING_create_param;
++               ECDSA_size;
++               d2i_EC_PUBKEY_bio;
++               BN_get0_nist_prime_521;
++               STORE_ATTR_INFO_modify_sha1str;
++               BN_generate_prime_ex;
++               EC_GROUP_new_by_curve_name;
++               SHA256_Final;
++               DH_generate_parameters_ex;
++               PEM_read_bio_ECPrivateKey;
++               STORE_meth_get_cleanup_fn;
++               STORE_method_get_cleanup_function;
++               ENGINE_get_ECDH;
++               d2i_ECDSA_SIG;
++               BN_is_prime_fasttest_ex;
++               ECDSA_sign;
++               X509_policy_check;
++               EVP_PKEY_get_attr_by_NID;
++               STORE_set_ex_data;
++               ENGINE_get_ECDSA;
++               EVP_ecdsa;
++               BN_BLINDING_get_flags;
++               PKCS12_add_cert;
++               STORE_OBJECT_new;
++               ERR_load_ECDH_strings;
++               EC_KEY_dup;
++               EVP_CIPHER_CTX_rand_key;
++               ECDSA_set_method;
++               a2i_IPADDRESS_NC;
++               d2i_ECParameters;
++               STORE_list_certificate_end;
++               STORE_get_crl;
++               X509_POLICY_NODE_print;
++               SHA384_Init;
++               EC_GF2m_simple_method;
++               ECDSA_set_ex_data;
++               SHA384_Final;
++               PKCS7_set_digest;
++               EC_KEY_print;
++               STORE_meth_set_lock_store_fn;
++               STORE_method_set_lock_store_function;
++               ECDSA_get_ex_new_index;
++               SHA384;
++               POLICY_MAPPING_new;
++               STORE_list_certificate_endp;
++               X509_STORE_CTX_get0_policy_tree;
++               EC_GROUP_set_asn1_flag;
++               EC_KEY_check_key;
++               d2i_EC_PUBKEY_fp;
++               PKCS7_set0_type_other;
++               PEM_read_bio_X509_CERT_PAIR;
++               pqueue_next;
++               STORE_meth_get_list_end_fn;
++               STORE_method_get_list_end_function;
++               EVP_PKEY_add1_attr_by_OBJ;
++               X509_VERIFY_PARAM_set_time;
++               pqueue_new;
++               ENGINE_set_default_ECDH;
++               STORE_new_method;
++               PKCS12_add_key;
++               DSO_merge;
++               EC_POINT_hex2point;
++               BIO_dump_cb;
++               SHA256_Update;
++               pqueue_insert;
++               pitem_free;
++               BN_GF2m_mod_inv_arr;
++               ENGINE_unregister_ECDSA;
++               BN_BLINDING_set_thread_id;
++               get_rfc3526_prime_8192;
++               X509_VERIFY_PARAM_clear_flags;
++               get_rfc2409_prime_1024;
++               DH_check_pub_key;
++               get_rfc3526_prime_2048;
++               get_rfc3526_prime_6144;
++               get_rfc3526_prime_1536;
++               get_rfc3526_prime_3072;
++               get_rfc3526_prime_4096;
++               get_rfc2409_prime_768;
++               X509_VERIFY_PARAM_get_flags;
++               EVP_CIPHER_CTX_new;
++               EVP_CIPHER_CTX_free;
++               Camellia_cbc_encrypt;
++               Camellia_cfb128_encrypt;
++               Camellia_cfb1_encrypt;
++               Camellia_cfb8_encrypt;
++               Camellia_ctr128_encrypt;
++               Camellia_cfbr_encrypt_block;
++               Camellia_decrypt;
++               Camellia_ecb_encrypt;
++               Camellia_encrypt;
++               Camellia_ofb128_encrypt;
++               Camellia_set_key;
++               EVP_camellia_128_cbc;
++               EVP_camellia_128_cfb128;
++               EVP_camellia_128_cfb1;
++               EVP_camellia_128_cfb8;
++               EVP_camellia_128_ecb;
++               EVP_camellia_128_ofb;
++               EVP_camellia_192_cbc;
++               EVP_camellia_192_cfb128;
++               EVP_camellia_192_cfb1;
++               EVP_camellia_192_cfb8;
++               EVP_camellia_192_ecb;
++               EVP_camellia_192_ofb;
++               EVP_camellia_256_cbc;
++               EVP_camellia_256_cfb128;
++               EVP_camellia_256_cfb1;
++               EVP_camellia_256_cfb8;
++               EVP_camellia_256_ecb;
++               EVP_camellia_256_ofb;
++               a2i_ipadd;
++               ASIdentifiers_free;
++               i2d_ASIdOrRange;
++               EVP_CIPHER_block_size;
++               v3_asid_is_canonical;
++               IPAddressChoice_free;
++               EVP_CIPHER_CTX_set_app_data;
++               BIO_set_callback_arg;
++               v3_addr_add_prefix;
++               IPAddressOrRange_it;
++               IPAddressOrRange_it;
++               BIO_set_flags;
++               ASIdentifiers_it;
++               ASIdentifiers_it;
++               v3_addr_get_range;
++               BIO_method_type;
++               v3_addr_inherits;
++               IPAddressChoice_it;
++               IPAddressChoice_it;
++               AES_ige_encrypt;
++               v3_addr_add_range;
++               EVP_CIPHER_CTX_nid;
++               d2i_ASRange;
++               v3_addr_add_inherit;
++               v3_asid_add_id_or_range;
++               v3_addr_validate_resource_set;
++               EVP_CIPHER_iv_length;
++               EVP_MD_type;
++               v3_asid_canonize;
++               IPAddressRange_free;
++               v3_asid_add_inherit;
++               EVP_CIPHER_CTX_key_length;
++               IPAddressRange_new;
++               ASIdOrRange_new;
++               EVP_MD_size;
++               EVP_MD_CTX_test_flags;
++               BIO_clear_flags;
++               i2d_ASRange;
++               IPAddressRange_it;
++               IPAddressRange_it;
++               IPAddressChoice_new;
++               ASIdentifierChoice_new;
++               ASRange_free;
++               EVP_MD_pkey_type;
++               EVP_MD_CTX_clear_flags;
++               IPAddressFamily_free;
++               i2d_IPAddressFamily;
++               IPAddressOrRange_new;
++               EVP_CIPHER_flags;
++               v3_asid_validate_resource_set;
++               d2i_IPAddressRange;
++               AES_bi_ige_encrypt;
++               BIO_get_callback;
++               IPAddressOrRange_free;
++               v3_addr_subset;
++               d2i_IPAddressFamily;
++               v3_asid_subset;
++               BIO_test_flags;
++               i2d_ASIdentifierChoice;
++               ASRange_it;
++               ASRange_it;
++               d2i_ASIdentifiers;
++               ASRange_new;
++               d2i_IPAddressChoice;
++               v3_addr_get_afi;
++               EVP_CIPHER_key_length;
++               EVP_Cipher;
++               i2d_IPAddressOrRange;
++               ASIdOrRange_it;
++               ASIdOrRange_it;
++               EVP_CIPHER_nid;
++               i2d_IPAddressChoice;
++               EVP_CIPHER_CTX_block_size;
++               ASIdentifiers_new;
++               v3_addr_validate_path;
++               IPAddressFamily_new;
++               EVP_MD_CTX_set_flags;
++               v3_addr_is_canonical;
++               i2d_IPAddressRange;
++               IPAddressFamily_it;
++               IPAddressFamily_it;
++               v3_asid_inherits;
++               EVP_CIPHER_CTX_cipher;
++               EVP_CIPHER_CTX_get_app_data;
++               EVP_MD_block_size;
++               EVP_CIPHER_CTX_flags;
++               v3_asid_validate_path;
++               d2i_IPAddressOrRange;
++               v3_addr_canonize;
++               ASIdentifierChoice_it;
++               ASIdentifierChoice_it;
++               EVP_MD_CTX_md;
++               d2i_ASIdentifierChoice;
++               BIO_method_name;
++               EVP_CIPHER_CTX_iv_length;
++               ASIdOrRange_free;
++               ASIdentifierChoice_free;
++               BIO_get_callback_arg;
++               BIO_set_callback;
++               d2i_ASIdOrRange;
++               i2d_ASIdentifiers;
++               SEED_decrypt;
++               SEED_encrypt;
++               SEED_cbc_encrypt;
++               EVP_seed_ofb;
++               SEED_cfb128_encrypt;
++               SEED_ofb128_encrypt;
++               EVP_seed_cbc;
++               SEED_ecb_encrypt;
++               EVP_seed_ecb;
++               SEED_set_key;
++               EVP_seed_cfb128;
++               X509_EXTENSIONS_it;
++               X509_EXTENSIONS_it;
++               X509_get1_ocsp;
++               OCSP_REQ_CTX_free;
++               i2d_X509_EXTENSIONS;
++               OCSP_sendreq_nbio;
++               OCSP_sendreq_new;
++               d2i_X509_EXTENSIONS;
++               X509_ALGORS_it;
++               X509_ALGORS_it;
++               X509_ALGOR_get0;
++               X509_ALGOR_set0;
++               AES_unwrap_key;
++               AES_wrap_key;
++               X509at_get0_data_by_OBJ;
++               ASN1_TYPE_set1;
++               ASN1_STRING_set0;
++               i2d_X509_ALGORS;
++               BIO_f_zlib;
++               COMP_zlib_cleanup;
++               d2i_X509_ALGORS;
++               CMS_ReceiptRequest_free;
++               PEM_write_CMS;
++               CMS_add0_CertificateChoices;
++               CMS_unsigned_add1_attr_by_OBJ;
++               ERR_load_CMS_strings;
++               CMS_sign_receipt;
++               i2d_CMS_ContentInfo;
++               CMS_signed_delete_attr;
++               d2i_CMS_bio;
++               CMS_unsigned_get_attr_by_NID;
++               CMS_verify;
++               SMIME_read_CMS;
++               CMS_decrypt_set1_key;
++               CMS_SignerInfo_get0_algs;
++               CMS_add1_cert;
++               CMS_set_detached;
++               CMS_encrypt;
++               CMS_EnvelopedData_create;
++               CMS_uncompress;
++               CMS_add0_crl;
++               CMS_SignerInfo_verify_content;
++               CMS_unsigned_get0_data_by_OBJ;
++               PEM_write_bio_CMS;
++               CMS_unsigned_get_attr;
++               CMS_RecipientInfo_ktri_cert_cmp;
++               CMS_RecipientInfo_ktri_get0_algs;
++               CMS_RecipInfo_ktri_get0_algs;
++               CMS_ContentInfo_free;
++               CMS_final;
++               CMS_add_simple_smimecap;
++               CMS_SignerInfo_verify;
++               CMS_data;
++               CMS_ContentInfo_it;
++               CMS_ContentInfo_it;
++               d2i_CMS_ReceiptRequest;
++               CMS_compress;
++               CMS_digest_create;
++               CMS_SignerInfo_cert_cmp;
++               CMS_SignerInfo_sign;
++               CMS_data_create;
++               i2d_CMS_bio;
++               CMS_EncryptedData_set1_key;
++               CMS_decrypt;
++               int_smime_write_ASN1;
++               CMS_unsigned_delete_attr;
++               CMS_unsigned_get_attr_count;
++               CMS_add_smimecap;
++               PEM_read_CMS;
++               CMS_signed_get_attr_by_OBJ;
++               d2i_CMS_ContentInfo;
++               CMS_add_standard_smimecap;
++               CMS_ContentInfo_new;
++               CMS_RecipientInfo_type;
++               CMS_get0_type;
++               CMS_is_detached;
++               CMS_sign;
++               CMS_signed_add1_attr;
++               CMS_unsigned_get_attr_by_OBJ;
++               SMIME_write_CMS;
++               CMS_EncryptedData_decrypt;
++               CMS_get0_RecipientInfos;
++               CMS_add0_RevocationInfoChoice;
++               CMS_decrypt_set1_pkey;
++               CMS_SignerInfo_set1_signer_cert;
++               CMS_get0_signers;
++               CMS_ReceiptRequest_get0_values;
++               CMS_signed_get0_data_by_OBJ;
++               CMS_get0_SignerInfos;
++               CMS_add0_cert;
++               CMS_EncryptedData_encrypt;
++               CMS_digest_verify;
++               CMS_set1_signers_certs;
++               CMS_signed_get_attr;
++               CMS_RecipientInfo_set0_key;
++               CMS_SignedData_init;
++               CMS_RecipientInfo_kekri_get0_id;
++               CMS_verify_receipt;
++               CMS_ReceiptRequest_it;
++               CMS_ReceiptRequest_it;
++               PEM_read_bio_CMS;
++               CMS_get1_crls;
++               CMS_add0_recipient_key;
++               SMIME_read_ASN1;
++               CMS_ReceiptRequest_new;
++               CMS_get0_content;
++               CMS_get1_ReceiptRequest;
++               CMS_signed_add1_attr_by_OBJ;
++               CMS_RecipientInfo_kekri_id_cmp;
++               CMS_add1_ReceiptRequest;
++               CMS_SignerInfo_get0_signer_id;
++               CMS_unsigned_add1_attr_by_NID;
++               CMS_unsigned_add1_attr;
++               CMS_signed_get_attr_by_NID;
++               CMS_get1_certs;
++               CMS_signed_add1_attr_by_NID;
++               CMS_unsigned_add1_attr_by_txt;
++               CMS_dataFinal;
++               CMS_RecipientInfo_ktri_get0_signer_id;
++               CMS_RecipInfo_ktri_get0_sigr_id;
++               i2d_CMS_ReceiptRequest;
++               CMS_add1_recipient_cert;
++               CMS_dataInit;
++               CMS_signed_add1_attr_by_txt;
++               CMS_RecipientInfo_decrypt;
++               CMS_signed_get_attr_count;
++               CMS_get0_eContentType;
++               CMS_set1_eContentType;
++               CMS_ReceiptRequest_create0;
++               CMS_add1_signer;
++               CMS_RecipientInfo_set0_pkey;
++               ENGINE_set_load_ssl_client_cert_function;
++               ENGINE_set_ld_ssl_clnt_cert_fn;
++               ENGINE_get_ssl_client_cert_function;
++               ENGINE_get_ssl_client_cert_fn;
++               ENGINE_load_ssl_client_cert;
++               ENGINE_load_capi;
++               OPENSSL_isservice;
++               FIPS_dsa_sig_decode;
++               EVP_CIPHER_CTX_clear_flags;
++               FIPS_rand_status;
++               FIPS_rand_set_key;
++               CRYPTO_set_mem_info_functions;
++               RSA_X931_generate_key_ex;
++               int_ERR_set_state_func;
++               int_EVP_MD_set_engine_callbacks;
++               int_CRYPTO_set_do_dynlock_callback;
++               FIPS_rng_stick;
++               EVP_CIPHER_CTX_set_flags;
++               BN_X931_generate_prime_ex;
++               FIPS_selftest_check;
++               FIPS_rand_set_dt;
++               CRYPTO_dbg_pop_info;
++               FIPS_dsa_free;
++               RSA_X931_derive_ex;
++               FIPS_rsa_new;
++               FIPS_rand_bytes;
++               fips_cipher_test;
++               EVP_CIPHER_CTX_test_flags;
++               CRYPTO_malloc_debug_init;
++               CRYPTO_dbg_push_info;
++               FIPS_corrupt_rsa_keygen;
++               FIPS_dh_new;
++               FIPS_corrupt_dsa_keygen;
++               FIPS_dh_free;
++               fips_pkey_signature_test;
++               EVP_add_alg_module;
++               int_RAND_init_engine_callbacks;
++               int_EVP_CIPHER_set_engine_callbacks;
++               int_EVP_MD_init_engine_callbacks;
++               FIPS_rand_test_mode;
++               FIPS_rand_reset;
++               FIPS_dsa_new;
++               int_RAND_set_callbacks;
++               BN_X931_derive_prime_ex;
++               int_ERR_lib_init;
++               int_EVP_CIPHER_init_engine_callbacks;
++               FIPS_rsa_free;
++               FIPS_dsa_sig_encode;
++               CRYPTO_dbg_remove_all_info;
++               OPENSSL_init;
++               CRYPTO_strdup;
++               JPAKE_STEP3A_process;
++               JPAKE_STEP1_release;
++               JPAKE_get_shared_key;
++               JPAKE_STEP3B_init;
++               JPAKE_STEP1_generate;
++               JPAKE_STEP1_init;
++               JPAKE_STEP3B_process;
++               JPAKE_STEP2_generate;
++               JPAKE_CTX_new;
++               JPAKE_CTX_free;
++               JPAKE_STEP3B_release;
++               JPAKE_STEP3A_release;
++               JPAKE_STEP2_process;
++               JPAKE_STEP3B_generate;
++               JPAKE_STEP1_process;
++               JPAKE_STEP3A_generate;
++               JPAKE_STEP2_release;
++               JPAKE_STEP3A_init;
++               ERR_load_JPAKE_strings;
++               JPAKE_STEP2_init;
++               pqueue_size;
++               i2d_TS_ACCURACY;
++               i2d_TS_MSG_IMPRINT_fp;
++               i2d_TS_MSG_IMPRINT;
++               EVP_PKEY_print_public;
++               EVP_PKEY_CTX_new;
++               i2d_TS_TST_INFO;
++               EVP_PKEY_asn1_find;
++               DSO_METHOD_beos;
++               TS_CONF_load_cert;
++               TS_REQ_get_ext;
++               EVP_PKEY_sign_init;
++               ASN1_item_print;
++               TS_TST_INFO_set_nonce;
++               TS_RESP_dup;
++               ENGINE_register_pkey_meths;
++               EVP_PKEY_asn1_add0;
++               PKCS7_add0_attrib_signing_time;
++               i2d_TS_TST_INFO_fp;
++               BIO_asn1_get_prefix;
++               TS_TST_INFO_set_time;
++               EVP_PKEY_meth_set_decrypt;
++               EVP_PKEY_set_type_str;
++               EVP_PKEY_CTX_get_keygen_info;
++               TS_REQ_set_policy_id;
++               d2i_TS_RESP_fp;
++               ENGINE_get_pkey_asn1_meth_engine;
++               ENGINE_get_pkey_asn1_meth_eng;
++               WHIRLPOOL_Init;
++               TS_RESP_set_status_info;
++               EVP_PKEY_keygen;
++               EVP_DigestSignInit;
++               TS_ACCURACY_set_millis;
++               TS_REQ_dup;
++               GENERAL_NAME_dup;
++               ASN1_SEQUENCE_ANY_it;
++               ASN1_SEQUENCE_ANY_it;
++               WHIRLPOOL;
++               X509_STORE_get1_crls;
++               ENGINE_get_pkey_asn1_meth;
++               EVP_PKEY_asn1_new;
++               BIO_new_NDEF;
++               ENGINE_get_pkey_meth;
++               TS_MSG_IMPRINT_set_algo;
++               i2d_TS_TST_INFO_bio;
++               TS_TST_INFO_set_ordering;
++               TS_TST_INFO_get_ext_by_OBJ;
++               CRYPTO_THREADID_set_pointer;
++               TS_CONF_get_tsa_section;
++               SMIME_write_ASN1;
++               TS_RESP_CTX_set_signer_key;
++               EVP_PKEY_encrypt_old;
++               EVP_PKEY_encrypt_init;
++               CRYPTO_THREADID_cpy;
++               ASN1_PCTX_get_cert_flags;
++               i2d_ESS_SIGNING_CERT;
++               TS_CONF_load_key;
++               i2d_ASN1_SEQUENCE_ANY;
++               d2i_TS_MSG_IMPRINT_bio;
++               EVP_PKEY_asn1_set_public;
++               b2i_PublicKey_bio;
++               BIO_asn1_set_prefix;
++               EVP_PKEY_new_mac_key;
++               BIO_new_CMS;
++               CRYPTO_THREADID_cmp;
++               TS_REQ_ext_free;
++               EVP_PKEY_asn1_set_free;
++               EVP_PKEY_get0_asn1;
++               d2i_NETSCAPE_X509;
++               EVP_PKEY_verify_recover_init;
++               EVP_PKEY_CTX_set_data;
++               EVP_PKEY_keygen_init;
++               TS_RESP_CTX_set_status_info;
++               TS_MSG_IMPRINT_get_algo;
++               TS_REQ_print_bio;
++               EVP_PKEY_CTX_ctrl_str;
++               EVP_PKEY_get_default_digest_nid;
++               PEM_write_bio_PKCS7_stream;
++               TS_MSG_IMPRINT_print_bio;
++               BN_asc2bn;
++               TS_REQ_get_policy_id;
++               ENGINE_set_default_pkey_asn1_meths;
++               ENGINE_set_def_pkey_asn1_meths;
++               d2i_TS_ACCURACY;
++               DSO_global_lookup;
++               TS_CONF_set_tsa_name;
++               i2d_ASN1_SET_ANY;
++               ENGINE_load_gost;
++               WHIRLPOOL_BitUpdate;
++               ASN1_PCTX_get_flags;
++               TS_TST_INFO_get_ext_by_NID;
++               TS_RESP_new;
++               ESS_CERT_ID_dup;
++               TS_STATUS_INFO_dup;
++               TS_REQ_delete_ext;
++               EVP_DigestVerifyFinal;
++               EVP_PKEY_print_params;
++               i2d_CMS_bio_stream;
++               TS_REQ_get_msg_imprint;
++               OBJ_find_sigid_by_algs;
++               TS_TST_INFO_get_serial;
++               TS_REQ_get_nonce;
++               X509_PUBKEY_set0_param;
++               EVP_PKEY_CTX_set0_keygen_info;
++               DIST_POINT_set_dpname;
++               i2d_ISSUING_DIST_POINT;
++               ASN1_SET_ANY_it;
++               ASN1_SET_ANY_it;
++               EVP_PKEY_CTX_get_data;
++               TS_STATUS_INFO_print_bio;
++               EVP_PKEY_derive_init;
++               d2i_TS_TST_INFO;
++               EVP_PKEY_asn1_add_alias;
++               d2i_TS_RESP_bio;
++               OTHERNAME_cmp;
++               GENERAL_NAME_set0_value;
++               PKCS7_RECIP_INFO_get0_alg;
++               TS_RESP_CTX_new;
++               TS_RESP_set_tst_info;
++               PKCS7_final;
++               EVP_PKEY_base_id;
++               TS_RESP_CTX_set_signer_cert;
++               TS_REQ_set_msg_imprint;
++               EVP_PKEY_CTX_ctrl;
++               TS_CONF_set_digests;
++               d2i_TS_MSG_IMPRINT;
++               EVP_PKEY_meth_set_ctrl;
++               TS_REQ_get_ext_by_NID;
++               PKCS5_pbe_set0_algor;
++               BN_BLINDING_thread_id;
++               TS_ACCURACY_new;
++               X509_CRL_METHOD_free;
++               ASN1_PCTX_get_nm_flags;
++               EVP_PKEY_meth_set_sign;
++               CRYPTO_THREADID_current;
++               EVP_PKEY_decrypt_init;
++               NETSCAPE_X509_free;
++               i2b_PVK_bio;
++               EVP_PKEY_print_private;
++               GENERAL_NAME_get0_value;
++               b2i_PVK_bio;
++               ASN1_UTCTIME_adj;
++               TS_TST_INFO_new;
++               EVP_MD_do_all_sorted;
++               TS_CONF_set_default_engine;
++               TS_ACCURACY_set_seconds;
++               TS_TST_INFO_get_time;
++               PKCS8_pkey_get0;
++               EVP_PKEY_asn1_get0;
++               OBJ_add_sigid;
++               PKCS7_SIGNER_INFO_sign;
++               EVP_PKEY_paramgen_init;
++               EVP_PKEY_sign;
++               OBJ_sigid_free;
++               EVP_PKEY_meth_set_init;
++               d2i_ESS_ISSUER_SERIAL;
++               ISSUING_DIST_POINT_new;
++               ASN1_TIME_adj;
++               TS_OBJ_print_bio;
++               EVP_PKEY_meth_set_verify_recover;
++               EVP_PKEY_meth_set_vrfy_recover;
++               TS_RESP_get_status_info;
++               CMS_stream;
++               EVP_PKEY_CTX_set_cb;
++               PKCS7_to_TS_TST_INFO;
++               ASN1_PCTX_get_oid_flags;
++               TS_TST_INFO_add_ext;
++               EVP_PKEY_meth_set_derive;
++               i2d_TS_RESP_fp;
++               i2d_TS_MSG_IMPRINT_bio;
++               TS_RESP_CTX_set_accuracy;
++               TS_REQ_set_nonce;
++               ESS_CERT_ID_new;
++               ENGINE_pkey_asn1_find_str;
++               TS_REQ_get_ext_count;
++               BUF_reverse;
++               TS_TST_INFO_print_bio;
++               d2i_ISSUING_DIST_POINT;
++               ENGINE_get_pkey_meths;
++               i2b_PrivateKey_bio;
++               i2d_TS_RESP;
++               b2i_PublicKey;
++               TS_VERIFY_CTX_cleanup;
++               TS_STATUS_INFO_free;
++               TS_RESP_verify_token;
++               OBJ_bsearch_ex_;
++               ASN1_bn_print;
++               EVP_PKEY_asn1_get_count;
++               ENGINE_register_pkey_asn1_meths;
++               ASN1_PCTX_set_nm_flags;
++               EVP_DigestVerifyInit;
++               ENGINE_set_default_pkey_meths;
++               TS_TST_INFO_get_policy_id;
++               TS_REQ_get_cert_req;
++               X509_CRL_set_meth_data;
++               PKCS8_pkey_set0;
++               ASN1_STRING_copy;
++               d2i_TS_TST_INFO_fp;
++               X509_CRL_match;
++               EVP_PKEY_asn1_set_private;
++               TS_TST_INFO_get_ext_d2i;
++               TS_RESP_CTX_add_policy;
++               d2i_TS_RESP;
++               TS_CONF_load_certs;
++               TS_TST_INFO_get_msg_imprint;
++               ERR_load_TS_strings;
++               TS_TST_INFO_get_version;
++               EVP_PKEY_CTX_dup;
++               EVP_PKEY_meth_set_verify;
++               i2b_PublicKey_bio;
++               TS_CONF_set_certs;
++               EVP_PKEY_asn1_get0_info;
++               TS_VERIFY_CTX_free;
++               TS_REQ_get_ext_by_critical;
++               TS_RESP_CTX_set_serial_cb;
++               X509_CRL_get_meth_data;
++               TS_RESP_CTX_set_time_cb;
++               TS_MSG_IMPRINT_get_msg;
++               TS_TST_INFO_ext_free;
++               TS_REQ_get_version;
++               TS_REQ_add_ext;
++               EVP_PKEY_CTX_set_app_data;
++               OBJ_bsearch_;
++               EVP_PKEY_meth_set_verifyctx;
++               i2d_PKCS7_bio_stream;
++               CRYPTO_THREADID_set_numeric;
++               PKCS7_sign_add_signer;
++               d2i_TS_TST_INFO_bio;
++               TS_TST_INFO_get_ordering;
++               TS_RESP_print_bio;
++               TS_TST_INFO_get_exts;
++               HMAC_CTX_copy;
++               PKCS5_pbe2_set_iv;
++               ENGINE_get_pkey_asn1_meths;
++               b2i_PrivateKey;
++               EVP_PKEY_CTX_get_app_data;
++               TS_REQ_set_cert_req;
++               CRYPTO_THREADID_set_callback;
++               TS_CONF_set_serial;
++               TS_TST_INFO_free;
++               d2i_TS_REQ_fp;
++               TS_RESP_verify_response;
++               i2d_ESS_ISSUER_SERIAL;
++               TS_ACCURACY_get_seconds;
++               EVP_CIPHER_do_all;
++               b2i_PrivateKey_bio;
++               OCSP_CERTID_dup;
++               X509_PUBKEY_get0_param;
++               TS_MSG_IMPRINT_dup;
++               PKCS7_print_ctx;
++               i2d_TS_REQ_bio;
++               EVP_whirlpool;
++               EVP_PKEY_asn1_set_param;
++               EVP_PKEY_meth_set_encrypt;
++               ASN1_PCTX_set_flags;
++               i2d_ESS_CERT_ID;
++               TS_VERIFY_CTX_new;
++               TS_RESP_CTX_set_extension_cb;
++               ENGINE_register_all_pkey_meths;
++               TS_RESP_CTX_set_status_info_cond;
++               TS_RESP_CTX_set_stat_info_cond;
++               EVP_PKEY_verify;
++               WHIRLPOOL_Final;
++               X509_CRL_METHOD_new;
++               EVP_DigestSignFinal;
++               TS_RESP_CTX_set_def_policy;
++               NETSCAPE_X509_it;
++               NETSCAPE_X509_it;
++               TS_RESP_create_response;
++               PKCS7_SIGNER_INFO_get0_algs;
++               TS_TST_INFO_get_nonce;
++               EVP_PKEY_decrypt_old;
++               TS_TST_INFO_set_policy_id;
++               TS_CONF_set_ess_cert_id_chain;
++               EVP_PKEY_CTX_get0_pkey;
++               d2i_TS_REQ;
++               EVP_PKEY_asn1_find_str;
++               BIO_f_asn1;
++               ESS_SIGNING_CERT_new;
++               EVP_PBE_find;
++               X509_CRL_get0_by_cert;
++               EVP_PKEY_derive;
++               i2d_TS_REQ;
++               TS_TST_INFO_delete_ext;
++               ESS_ISSUER_SERIAL_free;
++               ASN1_PCTX_set_str_flags;
++               ENGINE_get_pkey_asn1_meth_str;
++               TS_CONF_set_signer_key;
++               TS_ACCURACY_get_millis;
++               TS_RESP_get_token;
++               TS_ACCURACY_dup;
++               ENGINE_register_all_pkey_asn1_meths;
++               ENGINE_reg_all_pkey_asn1_meths;
++               X509_CRL_set_default_method;
++               CRYPTO_THREADID_hash;
++               CMS_ContentInfo_print_ctx;
++               TS_RESP_free;
++               ISSUING_DIST_POINT_free;
++               ESS_ISSUER_SERIAL_new;
++               CMS_add1_crl;
++               PKCS7_add1_attrib_digest;
++               TS_RESP_CTX_add_md;
++               TS_TST_INFO_dup;
++               ENGINE_set_pkey_asn1_meths;
++               PEM_write_bio_Parameters;
++               TS_TST_INFO_get_accuracy;
++               X509_CRL_get0_by_serial;
++               TS_TST_INFO_set_version;
++               TS_RESP_CTX_get_tst_info;
++               TS_RESP_verify_signature;
++               CRYPTO_THREADID_get_callback;
++               TS_TST_INFO_get_tsa;
++               TS_STATUS_INFO_new;
++               EVP_PKEY_CTX_get_cb;
++               TS_REQ_get_ext_d2i;
++               GENERAL_NAME_set0_othername;
++               TS_TST_INFO_get_ext_count;
++               TS_RESP_CTX_get_request;
++               i2d_NETSCAPE_X509;
++               ENGINE_get_pkey_meth_engine;
++               EVP_PKEY_meth_set_signctx;
++               EVP_PKEY_asn1_copy;
++               ASN1_TYPE_cmp;
++               EVP_CIPHER_do_all_sorted;
++               EVP_PKEY_CTX_free;
++               ISSUING_DIST_POINT_it;
++               ISSUING_DIST_POINT_it;
++               d2i_TS_MSG_IMPRINT_fp;
++               X509_STORE_get1_certs;
++               EVP_PKEY_CTX_get_operation;
++               d2i_ESS_SIGNING_CERT;
++               TS_CONF_set_ordering;
++               EVP_PBE_alg_add_type;
++               TS_REQ_set_version;
++               EVP_PKEY_get0;
++               BIO_asn1_set_suffix;
++               i2d_TS_STATUS_INFO;
++               EVP_MD_do_all;
++               TS_TST_INFO_set_accuracy;
++               PKCS7_add_attrib_content_type;
++               ERR_remove_thread_state;
++               EVP_PKEY_meth_add0;
++               TS_TST_INFO_set_tsa;
++               EVP_PKEY_meth_new;
++               WHIRLPOOL_Update;
++               TS_CONF_set_accuracy;
++               ASN1_PCTX_set_oid_flags;
++               ESS_SIGNING_CERT_dup;
++               d2i_TS_REQ_bio;
++               X509_time_adj_ex;
++               TS_RESP_CTX_add_flags;
++               d2i_TS_STATUS_INFO;
++               TS_MSG_IMPRINT_set_msg;
++               BIO_asn1_get_suffix;
++               TS_REQ_free;
++               EVP_PKEY_meth_free;
++               TS_REQ_get_exts;
++               TS_RESP_CTX_set_clock_precision_digits;
++               TS_RESP_CTX_set_clk_prec_digits;
++               TS_RESP_CTX_add_failure_info;
++               i2d_TS_RESP_bio;
++               EVP_PKEY_CTX_get0_peerkey;
++               PEM_write_bio_CMS_stream;
++               TS_REQ_new;
++               TS_MSG_IMPRINT_new;
++               EVP_PKEY_meth_find;
++               EVP_PKEY_id;
++               TS_TST_INFO_set_serial;
++               a2i_GENERAL_NAME;
++               TS_CONF_set_crypto_device;
++               EVP_PKEY_verify_init;
++               TS_CONF_set_policies;
++               ASN1_PCTX_new;
++               ESS_CERT_ID_free;
++               ENGINE_unregister_pkey_meths;
++               TS_MSG_IMPRINT_free;
++               TS_VERIFY_CTX_init;
++               PKCS7_stream;
++               TS_RESP_CTX_set_certs;
++               TS_CONF_set_def_policy;
++               ASN1_GENERALIZEDTIME_adj;
++               NETSCAPE_X509_new;
++               TS_ACCURACY_free;
++               TS_RESP_get_tst_info;
++               EVP_PKEY_derive_set_peer;
++               PEM_read_bio_Parameters;
++               TS_CONF_set_clock_precision_digits;
++               TS_CONF_set_clk_prec_digits;
++               ESS_ISSUER_SERIAL_dup;
++               TS_ACCURACY_get_micros;
++               ASN1_PCTX_get_str_flags;
++               NAME_CONSTRAINTS_check;
++               ASN1_BIT_STRING_check;
++               X509_check_akid;
++               ENGINE_unregister_pkey_asn1_meths;
++               ENGINE_unreg_pkey_asn1_meths;
++               ASN1_PCTX_free;
++               PEM_write_bio_ASN1_stream;
++               i2d_ASN1_bio_stream;
++               TS_X509_ALGOR_print_bio;
++               EVP_PKEY_meth_set_cleanup;
++               EVP_PKEY_asn1_free;
++               ESS_SIGNING_CERT_free;
++               TS_TST_INFO_set_msg_imprint;
++               GENERAL_NAME_cmp;
++               d2i_ASN1_SET_ANY;
++               ENGINE_set_pkey_meths;
++               i2d_TS_REQ_fp;
++               d2i_ASN1_SEQUENCE_ANY;
++               GENERAL_NAME_get0_otherName;
++               d2i_ESS_CERT_ID;
++               OBJ_find_sigid_algs;
++               EVP_PKEY_meth_set_keygen;
++               PKCS5_PBKDF2_HMAC;
++               EVP_PKEY_paramgen;
++               EVP_PKEY_meth_set_paramgen;
++               BIO_new_PKCS7;
++               EVP_PKEY_verify_recover;
++               TS_ext_print_bio;
++               TS_ASN1_INTEGER_print_bio;
++               check_defer;
++               DSO_pathbyaddr;
++               EVP_PKEY_set_type;
++               TS_ACCURACY_set_micros;
++               TS_REQ_to_TS_VERIFY_CTX;
++               EVP_PKEY_meth_set_copy;
++               ASN1_PCTX_set_cert_flags;
++               TS_TST_INFO_get_ext;
++               EVP_PKEY_asn1_set_ctrl;
++               TS_TST_INFO_get_ext_by_critical;
++               EVP_PKEY_CTX_new_id;
++               TS_REQ_get_ext_by_OBJ;
++               TS_CONF_set_signer_cert;
++               X509_NAME_hash_old;
++               ASN1_TIME_set_string;
++               EVP_MD_flags;
++               TS_RESP_CTX_free;
++               DSAparams_dup;
++               DHparams_dup;
++               OCSP_REQ_CTX_add1_header;
++               OCSP_REQ_CTX_set1_req;
++               X509_STORE_set_verify_cb;
++               X509_STORE_CTX_get0_current_crl;
++               X509_STORE_CTX_get0_parent_ctx;
++               X509_STORE_CTX_get0_current_issuer;
++               X509_STORE_CTX_get0_cur_issuer;
++               X509_issuer_name_hash_old;
++               X509_subject_name_hash_old;
++               EVP_CIPHER_CTX_copy;
++               UI_method_get_prompt_constructor;
++               UI_method_get_prompt_constructr;
++               UI_method_set_prompt_constructor;
++               UI_method_set_prompt_constructr;
++               EVP_read_pw_string_min;
++               CRYPTO_cts128_encrypt;
++               CRYPTO_cts128_decrypt_block;
++               CRYPTO_cfb128_1_encrypt;
++               CRYPTO_cbc128_encrypt;
++               CRYPTO_ctr128_encrypt;
++               CRYPTO_ofb128_encrypt;
++               CRYPTO_cts128_decrypt;
++               CRYPTO_cts128_encrypt_block;
++               CRYPTO_cbc128_decrypt;
++               CRYPTO_cfb128_encrypt;
++               CRYPTO_cfb128_8_encrypt;
++
++       local:
++               *;
++};
++
++
++OPENSSL_1.0.1 {
++       global:
++               SSL_renegotiate_abbreviated;
++               TLSv1_1_method;
++               TLSv1_1_client_method;
++               TLSv1_1_server_method;
++               SSL_CTX_set_srp_client_pwd_callback;
++               SSL_CTX_set_srp_client_pwd_cb;
++               SSL_get_srp_g;
++               SSL_CTX_set_srp_username_callback;
++               SSL_CTX_set_srp_un_cb;
++               SSL_get_srp_userinfo;
++               SSL_set_srp_server_param;
++               SSL_set_srp_server_param_pw;
++               SSL_get_srp_N;
++               SSL_get_srp_username;
++               SSL_CTX_set_srp_password;
++               SSL_CTX_set_srp_strength;
++               SSL_CTX_set_srp_verify_param_callback;
++               SSL_CTX_set_srp_vfy_param_cb;
++               SSL_CTX_set_srp_cb_arg;
++               SSL_CTX_set_srp_username;
++               SSL_CTX_SRP_CTX_init;
++               SSL_SRP_CTX_init;
++               SRP_Calc_A_param;
++               SRP_generate_server_master_secret;
++               SRP_gen_server_master_secret;
++               SSL_CTX_SRP_CTX_free;
++               SRP_generate_client_master_secret;
++               SRP_gen_client_master_secret;
++               SSL_srp_server_param_with_username;
++               SSL_srp_server_param_with_un;
++               SSL_SRP_CTX_free;
++               SSL_set_debug;
++               SSL_SESSION_get0_peer;
++               TLSv1_2_client_method;
++               SSL_SESSION_set1_id_context;
++               TLSv1_2_server_method;
++               SSL_cache_hit;
++               SSL_get0_kssl_ctx;
++               SSL_set0_kssl_ctx;
++               SSL_set_state;
++               SSL_CIPHER_get_id;
++               TLSv1_2_method;
++               kssl_ctx_get0_client_princ;
++               SSL_export_keying_material;
++               SSL_set_tlsext_use_srtp;
++               SSL_CTX_set_next_protos_advertised_cb;
++               SSL_CTX_set_next_protos_adv_cb;
++               SSL_get0_next_proto_negotiated;
++               SSL_get_selected_srtp_profile;
++               SSL_CTX_set_tlsext_use_srtp;
++               SSL_select_next_proto;
++               SSL_get_srtp_profiles;
++               SSL_CTX_set_next_proto_select_cb;
++               SSL_CTX_set_next_proto_sel_cb;
++               SSL_SESSION_get_compress_id;
++
++               SRP_VBASE_get_by_user;
++               SRP_Calc_server_key;
++               SRP_create_verifier;
++               SRP_create_verifier_BN;
++               SRP_Calc_u;
++               SRP_VBASE_free;
++               SRP_Calc_client_key;
++               SRP_get_default_gN;
++               SRP_Calc_x;
++               SRP_Calc_B;
++               SRP_VBASE_new;
++               SRP_check_known_gN_param;
++               SRP_Calc_A;
++               SRP_Verify_A_mod_N;
++               SRP_VBASE_init;
++               SRP_Verify_B_mod_N;
++               EC_KEY_set_public_key_affine_coordinates;
++               EC_KEY_set_pub_key_aff_coords;
++               EVP_aes_192_ctr;
++               EVP_PKEY_meth_get0_info;
++               EVP_PKEY_meth_copy;
++               ERR_add_error_vdata;
++               EVP_aes_128_ctr;
++               EVP_aes_256_ctr;
++               EC_GFp_nistp224_method;
++               EC_KEY_get_flags;
++               RSA_padding_add_PKCS1_PSS_mgf1;
++               EVP_aes_128_xts;
++               EVP_aes_256_xts;
++               EVP_aes_128_gcm;
++               EC_KEY_clear_flags;
++               EC_KEY_set_flags;
++               EVP_aes_256_ccm;
++               RSA_verify_PKCS1_PSS_mgf1;
++               EVP_aes_128_ccm;
++               EVP_aes_192_gcm;
++               X509_ALGOR_set_md;
++               RAND_init_fips;
++               EVP_aes_256_gcm;
++               EVP_aes_192_ccm;
++               CMAC_CTX_copy;
++               CMAC_CTX_free;
++               CMAC_CTX_get0_cipher_ctx;
++               CMAC_CTX_cleanup;
++               CMAC_Init;
++               CMAC_Update;
++               CMAC_resume;
++               CMAC_CTX_new;
++               CMAC_Final;
++               CRYPTO_ctr128_encrypt_ctr32;
++               CRYPTO_gcm128_release;
++               CRYPTO_ccm128_decrypt_ccm64;
++               CRYPTO_ccm128_encrypt;
++               CRYPTO_gcm128_encrypt;
++               CRYPTO_xts128_encrypt;
++               EVP_rc4_hmac_md5;
++               CRYPTO_nistcts128_decrypt_block;
++               CRYPTO_gcm128_setiv;
++               CRYPTO_nistcts128_encrypt;
++               EVP_aes_128_cbc_hmac_sha1;
++               CRYPTO_gcm128_tag;
++               CRYPTO_ccm128_encrypt_ccm64;
++               ENGINE_load_rdrand;
++               CRYPTO_ccm128_setiv;
++               CRYPTO_nistcts128_encrypt_block;
++               CRYPTO_gcm128_aad;
++               CRYPTO_ccm128_init;
++               CRYPTO_nistcts128_decrypt;
++               CRYPTO_gcm128_new;
++               CRYPTO_ccm128_tag;
++               CRYPTO_ccm128_decrypt;
++               CRYPTO_ccm128_aad;
++               CRYPTO_gcm128_init;
++               CRYPTO_gcm128_decrypt;
++               ENGINE_load_rsax;
++               CRYPTO_gcm128_decrypt_ctr32;
++               CRYPTO_gcm128_encrypt_ctr32;
++               CRYPTO_gcm128_finish;
++               EVP_aes_256_cbc_hmac_sha1;
++               PKCS5_pbkdf2_set;
++               CMS_add0_recipient_password;
++               CMS_decrypt_set1_password;
++               CMS_RecipientInfo_set0_password;
++               RAND_set_fips_drbg_type;
++               X509_REQ_sign_ctx;
++               RSA_PSS_PARAMS_new;
++               X509_CRL_sign_ctx;
++               X509_signature_dump;
++               d2i_RSA_PSS_PARAMS;
++               RSA_PSS_PARAMS_it;
++               RSA_PSS_PARAMS_it;
++               RSA_PSS_PARAMS_free;
++               X509_sign_ctx;
++               i2d_RSA_PSS_PARAMS;
++               ASN1_item_sign_ctx;
++               EC_GFp_nistp521_method;
++               EC_GFp_nistp256_method;
++               OPENSSL_stderr;
++               OPENSSL_cpuid_setup;
++               OPENSSL_showfatal;
++               BIO_new_dgram_sctp;
++               BIO_dgram_sctp_msg_waiting;
++               BIO_dgram_sctp_wait_for_dry;
++               BIO_s_datagram_sctp;
++               BIO_dgram_is_sctp;
++               BIO_dgram_sctp_notification_cb;
++} OPENSSL_1.0.0;
++
++OPENSSL_1.0.1d {
++       global:
++               CRYPTO_memcmp;
++} OPENSSL_1.0.1;
++
+Index: openssl-1.0.1d/engines/openssl.ld
+===================================================================
+--- /dev/null   1970-01-01 00:00:00.000000000 +0000
++++ openssl-1.0.1d/engines/openssl.ld   2013-02-06 19:41:43.000000000 +0100
+@@ -0,0 +1,10 @@
++OPENSSL_1.0.0 {
++       global:
++               bind_engine;
++               v_check;
++               OPENSSL_init;
++               OPENSSL_finish;
++       local:
++               *;
++};
++
+Index: openssl-1.0.1d/engines/ccgost/openssl.ld
+===================================================================
+--- /dev/null   1970-01-01 00:00:00.000000000 +0000
++++ openssl-1.0.1d/engines/ccgost/openssl.ld    2013-02-06 19:41:43.000000000 +0100
+@@ -0,0 +1,10 @@
++OPENSSL_1.0.0 {
++       global:
++               bind_engine;
++               v_check;
++               OPENSSL_init;
++               OPENSSL_finish;
++       local:
++               *;
++};
++
diff --git a/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch b/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
new file mode 100644
index 00000000..d8a6f1a2
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
@@ -0,0 +1,56 @@
+Upstream-Status: Inappropriate [configuration]
+
+
+Index: openssl-1.0.0/engines/Makefile
+===================================================================
+--- openssl-1.0.0.orig/engines/Makefile
++++ openssl-1.0.0/engines/Makefile
+@@ -107,7 +107,7 @@
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @if [ -n "$(SHARED_LIBS)" ]; then \
+                set -e; \
+-               $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \
++               $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines; \
+                for l in $(LIBNAMES); do \
+                        ( echo installing $$l; \
+                          pfx=lib; \
+@@ -119,13 +119,13 @@
+                                *DSO_WIN32*)    sfx="eay32.dll"; pfx=;; \
+                                *)              sfx=".bad";;    \
+                                esac; \
+-                               cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
++                               cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
+                          else \
+                                sfx=".so"; \
+-                               cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
++                               cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
+                          fi; \
+-                         chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+-                         mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
++                         chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
++                         mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx ); \
+                done; \
+        fi
+        @target=install; $(RECURSIVE_MAKE)
+Index: openssl-1.0.0/engines/ccgost/Makefile
+===================================================================
+--- openssl-1.0.0.orig/engines/ccgost/Makefile
++++ openssl-1.0.0/engines/ccgost/Makefile
+@@ -53,13 +53,13 @@
+                        *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
+                        *) sfx=".bad";; \
+                        esac; \
+-                       cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++                       cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+                else \
+                        sfx=".so"; \
+-                       cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++                       cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+                fi; \
+-               chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+-               mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
++               chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++               mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx; \
+        fi
+ 
+ links:
diff --git a/recipes-connectivity/openssl/openssl/find.pl b/recipes-connectivity/openssl/openssl/find.pl
new file mode 100644
index 00000000..8e1b42c8
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/find.pl
@@ -0,0 +1,54 @@
+warn "Legacy library @{[(caller(0))[6]]} will be removed from the Perl core distribution in the next major release. Please install it from the CPAN distribution Perl4::CoreLibs. It is being used at @{[(caller)[1]]}, line @{[(caller)[2]]}.\n";
+
+# This library is deprecated and unmaintained. It is included for
+# compatibility with Perl 4 scripts which may use it, but it will be
+# removed in a future version of Perl. Please use the File::Find module
+# instead.
+
+# Usage:
+#       require "find.pl";
+#
+#       &find('/foo','/bar');
+#
+#       sub wanted { ... }
+#               where wanted does whatever you want.  $dir contains the
+#               current directory name, and $_ the current filename within
+#               that directory.  $name contains "$dir/$_".  You are cd'ed
+#               to $dir when the function is called.  The function may
+#               set $prune to prune the tree.
+#
+# For example,
+#
+#   find / -name .nfs\* -mtime +7 -exec rm -f {} \; -o -fstype nfs -prune
+#
+# corresponds to this
+#
+#       sub wanted {
+#           /^\.nfs.*$/ &&
+#           (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_)) &&
+#           int(-M _) > 7 &&
+#           unlink($_)
+#           ||
+#           ($nlink || (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_))) &&
+#           $dev < 0 &&
+#           ($prune = 1);
+#       }
+#
+# Set the variable $dont_use_nlink if you're using AFS, since AFS cheats.
+
+use File::Find ();
+
+*name           = *File::Find::name;
+*prune          = *File::Find::prune;
+*dir            = *File::Find::dir;
+*topdir         = *File::Find::topdir;
+*topdev         = *File::Find::topdev;
+*topino         = *File::Find::topino;
+*topmode        = *File::Find::topmode;
+*topnlink       = *File::Find::topnlink;
+
+sub find {
+    &File::Find::find(\&wanted, @_);
+}
+
+1;
diff --git a/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch b/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
new file mode 100644
index 00000000..f0e17784
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
@@ -0,0 +1,22 @@
+Upstream-Status: Submitted
+
+This patch adds the fix for one of the ciphers used in openssl, namely
+the cipher des-ede3-cfb1. Complete bug log and patch is present here:
+http://rt.openssl.org/Ticket/Display.html?id=2867
+
+Signed-Off-By: Muhammad Shakeel <muhammad_shakeel@mentor.com>
+
+diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
+index 3232cfe..df84922 100644
+===================================================================
+--- a/crypto/evp/e_des3.c
++++ b/crypto/evp/e_des3.c
+@@ -173,7 +173,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+     size_t n;
+     unsigned char c[1],d[1];
+ 
+-    for(n=0 ; n < inl ; ++n)
++    for(n=0 ; n < inl*8 ; ++n)
+        {
+        c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
+        DES_ede3_cfb_encrypt(c,d,1,1,
diff --git a/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch b/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
new file mode 100644
index 00000000..2185ff8a
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
@@ -0,0 +1,119 @@
+From: Andy Polyakov <appro@openssl.org>
+Date: Sun, 13 Oct 2013 17:15:15 +0000 (+0200)
+Subject: Initial aarch64 bits.
+X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=039081b80977e2a5de84e1f88f8b4d025b559956
+
+Initial aarch64 bits.
+---
+ crypto/bn/bn_lcl.h       |    9 +++++++++
+ crypto/md32_common.h     |   18 ++++++++++++++++++
+ crypto/modes/modes_lcl.h |    8 ++++++++
+ crypto/sha/sha512.c      |   13 +++++++++++++
+ 4 files changed, 48 insertions(+)
+
+Index: openssl-1.0.1f/crypto/bn/bn_lcl.h
+===================================================================
+--- openssl-1.0.1f.orig/crypto/bn/bn_lcl.h      2014-01-06 15:47:42.000000000 +0200
++++ openssl-1.0.1f/crypto/bn/bn_lcl.h   2014-02-28 10:37:55.495979037 +0200
+@@ -300,6 +300,15 @@
+             : "r"(a), "r"(b));
+ #    endif
+ #  endif
++# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG)
++#  if defined(__GNUC__) && __GNUC__>=2
++#   define BN_UMULT_HIGH(a,b)  ({  \
++   register BN_ULONG ret;      \
++   asm ("umulh %0,%1,%2"   \
++        : "=r"(ret)        \
++        : "r"(a), "r"(b));     \
++   ret;            })
++#  endif
+ # endif                /* cpu */
+ #endif         /* OPENSSL_NO_ASM */
+ 
+Index: openssl-1.0.1f/crypto/md32_common.h
+===================================================================
+--- openssl-1.0.1f.orig/crypto/md32_common.h    2014-01-06 15:47:42.000000000 +0200
++++ openssl-1.0.1f/crypto/md32_common.h 2014-02-28 10:39:21.751979107 +0200
+@@ -213,6 +213,24 @@
+                                   asm ("bswapl %0":"=r"(r):"0"(r));    \
+                                   *((unsigned int *)(c))=r; (c)+=4; r; })
+ #   endif
++#  elif defined(__aarch64__)
++#   if defined(__BYTE_ORDER__)
++#    if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
++#     define HOST_c2l(c,l) ({ unsigned int r;      \
++                  asm ("rev    %w0,%w1"    \
++                   :"=r"(r)        \
++                   :"r"(*((const unsigned int *)(c))));\
++                  (c)+=4; (l)=r;       })
++#     define HOST_l2c(l,c) ({ unsigned int r;      \
++                  asm ("rev    %w0,%w1"    \
++                   :"=r"(r)        \
++                   :"r"((unsigned int)(l)));\
++                  *((unsigned int *)(c))=r; (c)+=4; r; })
++#    elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
++#     define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
++#     define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
++#    endif
++#   endif
+ #  endif
+ # endif
+ #endif
+Index: openssl-1.0.1f/crypto/modes/modes_lcl.h
+===================================================================
+--- openssl-1.0.1f.orig/crypto/modes/modes_lcl.h        2014-02-28 10:47:48.731979011 +0200
++++ openssl-1.0.1f/crypto/modes/modes_lcl.h     2014-02-28 10:48:49.707978919 +0200
+@@ -29,6 +29,7 @@
+ #if defined(__i386)    || defined(__i386__)    || \
+     defined(__x86_64)  || defined(__x86_64__)  || \
+     defined(_M_IX86)   || defined(_M_AMD64)    || defined(_M_X64) || \
++    defined(__aarch64__)           || \
+     defined(__s390__)  || defined(__s390x__)
+ # undef STRICT_ALIGNMENT
+ #endif
+@@ -50,6 +51,13 @@
+ #  define BSWAP4(x) ({ u32 ret=(x);                    \
+                        asm ("bswapl %0"                \
+                        : "+r"(ret));   ret;            })
++# elif defined(__aarch64__)
++#  define BSWAP8(x) ({ u64 ret;            \
++           asm ("rev %0,%1"        \
++           : "=r"(ret) : "r"(x)); ret; })
++#  define BSWAP4(x) ({ u32 ret;            \
++           asm ("rev %w0,%w1"      \
++           : "=r"(ret) : "r"(x)); ret; })
+ # elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
+ #  define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x);     \
+                        asm ("rev %0,%0; rev %1,%1"     \
+Index: openssl-1.0.1f/crypto/sha/sha512.c
+===================================================================
+--- openssl-1.0.1f.orig/crypto/sha/sha512.c     2014-01-06 15:47:42.000000000 +0200
++++ openssl-1.0.1f/crypto/sha/sha512.c  2014-02-28 10:52:14.579978981 +0200
+@@ -55,6 +55,7 @@
+ #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
+     defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
+     defined(__s390__) || defined(__s390x__) || \
++    defined(__aarch64__) || \
+     defined(SHA512_ASM)
+ #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+ #endif
+@@ -347,6 +348,18 @@
+                                asm ("rotrdi %0,%1,%2"  \
+                                : "=r"(ret)             \
+                                : "r"(a),"K"(n)); ret;  })
++#  elif defined(__aarch64__)
++#   define ROTR(a,n)   ({ SHA_LONG64 ret;      \
++               asm ("ror %0,%1,%2" \
++               : "=r"(ret)     \
++               : "r"(a),"I"(n)); ret;  })
++#   if  defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
++   __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
++#    define PULL64(x)  ({ SHA_LONG64 ret;          \
++               asm ("rev   %0,%1"      \
++               : "=r"(ret)         \
++               : "r"(*((const SHA_LONG64 *)(&(x))))); ret;     })
++#   endif
+ #  endif
+ # elif defined(_MSC_VER)
+ #  if defined(_WIN64)  /* applies to both IA-64 and AMD64 */
diff --git a/recipes-connectivity/openssl/openssl/oe-ldflags.patch b/recipes-connectivity/openssl/openssl/oe-ldflags.patch
new file mode 100644
index 00000000..292e13dc
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/oe-ldflags.patch
@@ -0,0 +1,24 @@
+Upstream-Status: Inappropriate [open-embedded]
+
+Index: openssl-1.0.0/Makefile.shared
+===================================================================
+--- openssl-1.0.0.orig/Makefile.shared
++++ openssl-1.0.0/Makefile.shared
+@@ -92,7 +92,7 @@
+ LINK_APP=      \
+   ( $(SET_X);   \
+     LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
+-    LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
++    LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$(OE_LDFLAGS) $${LDFLAGS:-$(CFLAGS)}"; \
+     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+@@ -102,7 +102,7 @@
+   ( $(SET_X);   \
+     LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
+     SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
+-    SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
++    SHAREDFLAGS="$(OE_LDFLAGS) $${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
diff --git a/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
new file mode 100644
index 00000000..c161e62f
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
@@ -0,0 +1,21 @@
+openssl: avoid NULL pointer dereference in EVP_DigestInit_ex()
+
+We should avoid accessing the type pointer if it's NULL,
+this could happen if ctx->digest is not NULL.
+
+Upstream-Status: Submitted
+http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
+
+Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
+---
+--- a/crypto/evp/digest.c
++++ b/crypto/evp/digest.c
+@@ -199,7 +199,7 @@
+                return 0;
+                }
+ #endif
+-       if (ctx->digest != type)
++       if (type && (ctx->digest != type))
+                {
+                if (ctx->digest && ctx->digest->ctx_size)
+                        OPENSSL_free(ctx->md_data);
diff --git a/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch b/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
new file mode 100644
index 00000000..3e93fe4e
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
@@ -0,0 +1,39 @@
+openssl: avoid NULL pointer dereference in dh_pub_encode()/dsa_pub_encode()
+
+We should avoid accessing the pointer if ASN1_STRING_new()
+allocates memory failed.
+
+Upstream-Status: Submitted
+http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html
+
+Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
+---
+--- a/crypto/dh/dh_ameth.c
++++ b/crypto/dh/dh_ameth.c
+@@ -139,6 +139,12 @@
+        dh=pkey->pkey.dh;
+ 
+        str = ASN1_STRING_new();
++       if (!str)
++               {
++               DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
++               goto err;
++               }
++
+        str->length = i2d_DHparams(dh, &str->data);
+        if (str->length <= 0)
+                {
+--- a/crypto/dsa/dsa_ameth.c
++++ b/crypto/dsa/dsa_ameth.c
+@@ -148,6 +148,11 @@
+                {
+                ASN1_STRING *str;
+                str = ASN1_STRING_new();
++               if (!str)
++                       {
++                       DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
++                       goto err;
++                       }
+                str->length = i2d_DSAparams(dsa, &str->data);
+                if (str->length <= 0)
+                        {
diff --git a/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch b/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch
new file mode 100644
index 00000000..de49729e
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch
@@ -0,0 +1,19 @@
+openssl: Fix pod2man des.pod error on Ubuntu 12.04
+
+This is a formatting fix, '=back' is required before
+'=head1' on Ubuntu 12.04.
+
+Upstream-Status: Pending
+Signed-off-by: Baogen Shang <baogen.shang@windriver.com>
+diff -urpN a_origin/des.pod b_modify/des.pod
+--- a_origin/crypto/des/des.pod 2013-08-15 15:02:56.211674589 +0800
++++ b_modify/crypto/des/des.pod 2013-08-15 15:04:14.439674580 +0800
+@@ -181,6 +181,8 @@ the uuencoded file to embed in the begin
+ output.  If there is no name specified after the B<-u>, the name text.des
+ will be embedded in the header.
+ 
++=back
++
+ =head1 SEE ALSO
+ 
+ ps(1),
diff --git a/recipes-connectivity/openssl/openssl/openssl-fix-link.patch b/recipes-connectivity/openssl/openssl/openssl-fix-link.patch
new file mode 100644
index 00000000..154106cb
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/openssl-fix-link.patch
@@ -0,0 +1,35 @@
+From aabfb6f78af8e337d3239142117ba303fce55e7e Mon Sep 17 00:00:00 2001
+From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+Date: Thu, 22 Sep 2011 08:55:26 +0200
+Subject: [PATCH] fix the parallel build regarding shared libraries.
+
+Upstream-Status: Pending
+---
+ .../openssl-1.0.0e/Makefile.org                    |    8 ++++----
+ 1 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/Makefile.org
+index 3c7aea1..6326cd6 100644
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -243,13 +243,13 @@ build_libs: build_crypto build_ssl build_engines
+ 
+ build_crypto:
+        @dir=crypto; target=all; $(BUILD_ONE_CMD)
+-build_ssl:
++build_ssl: build_crypto
+        @dir=ssl; target=all; $(BUILD_ONE_CMD)
+-build_engines:
++build_engines: build_crypto
+        @dir=engines; target=all; $(BUILD_ONE_CMD)
+-build_apps:
++build_apps: build_crypto build_ssl
+        @dir=apps; target=all; $(BUILD_ONE_CMD)
+-build_tests:
++build_tests: build_crypto build_ssl
+        @dir=test; target=all; $(BUILD_ONE_CMD)
+ build_tools:
+        @dir=tools; target=all; $(BUILD_ONE_CMD)
+-- 
+1.6.6.1
+
diff --git a/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch b/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
new file mode 100644
index 00000000..93ce0343
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
@@ -0,0 +1,90 @@
+Upstream-Status: Pending
+
+Received from H J Liu @ Intel
+Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors.
+Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
+
+ported the patch to the 1.0.0e version
+Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
+Index: openssl-1.0.1e/Configure
+===================================================================
+--- openssl-1.0.1e.orig/Configure
++++ openssl-1.0.1e/Configure
+@@ -402,6 +402,7 @@ my %table=(
+ "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-x86_64",        "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++"linux-x32", "gcc:-mx32 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
+ "linux64-s390x",       "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+ #### So called "highgprs" target for z/Architecture CPUs
+ # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
+Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
+===================================================================
+--- openssl-1.0.1e.orig/crypto/bn/asm/x86_64-gcc.c
++++ openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
+@@ -55,7 +55,7 @@
+  *    machine.
+  */
+ 
+-#ifdef _WIN64
++#if defined _WIN64 || !defined __LP64__
+ #define BN_ULONG unsigned long long
+ #else
+ #define BN_ULONG unsigned long
+@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con
+        asm (
+        "       subq    %2,%2           \n"
+        ".p2align 4                     \n"
+-       "1:     movq    (%4,%2,8),%0    \n"
+-       "       adcq    (%5,%2,8),%0    \n"
+-       "       movq    %0,(%3,%2,8)    \n"
++       "1:     movq    (%q4,%2,8),%0   \n"
++       "       adcq    (%q5,%2,8),%0   \n"
++       "       movq    %0,(%q3,%2,8)   \n"
+        "       leaq    1(%2),%2        \n"
+        "       loop    1b              \n"
+        "       sbbq    %0,%0           \n"
+@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con
+        asm (
+        "       subq    %2,%2           \n"
+        ".p2align 4                     \n"
+-       "1:     movq    (%4,%2,8),%0    \n"
+-       "       sbbq    (%5,%2,8),%0    \n"
+-       "       movq    %0,(%3,%2,8)    \n"
++       "1:     movq    (%q4,%2,8),%0   \n"
++       "       sbbq    (%q5,%2,8),%0   \n"
++       "       movq    %0,(%q3,%2,8)   \n"
+        "       leaq    1(%2),%2        \n"
+        "       loop    1b              \n"
+        "       sbbq    %0,%0           \n"
+Index: openssl-1.0.1e/crypto/bn/bn.h
+===================================================================
+--- openssl-1.0.1e.orig/crypto/bn/bn.h
++++ openssl-1.0.1e/crypto/bn/bn.h
+@@ -172,6 +172,13 @@ extern "C" {
+ # endif
+ #endif
+ 
++/* Address type.  */
++#ifdef _WIN64
++#define BN_ADDR unsigned long long
++#else
++#define BN_ADDR unsigned long
++#endif
++
+ /* assuming long is 64bit - this is the DEC Alpha
+  * unsigned long long is only 64 bits :-(, don't define
+  * BN_LLONG for the DEC Alpha */
+Index: openssl-1.0.1e/crypto/bn/bn_exp.c
+===================================================================
+--- openssl-1.0.1e.orig/crypto/bn/bn_exp.c
++++ openssl-1.0.1e/crypto/bn/bn_exp.c
+@@ -567,7 +567,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
+ 
+ /* Given a pointer value, compute the next address that is a cache line multiple. */
+ #define MOD_EXP_CTIME_ALIGN(x_) \
+-       ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
++       ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+ 
+ /* This variant of BN_mod_exp_mont() uses fixed windows and the special
+  * precomputation memory layout to limit data-dependency to a minimum
diff --git a/recipes-connectivity/openssl/openssl/shared-libs.patch b/recipes-connectivity/openssl/openssl/shared-libs.patch
new file mode 100644
index 00000000..a7ca0a30
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/shared-libs.patch
@@ -0,0 +1,41 @@
+Upstream-Status: Inappropriate [configuration]
+
+Index: openssl-1.0.1e/crypto/Makefile
+===================================================================
+--- openssl-1.0.1e.orig/crypto/Makefile
++++ openssl-1.0.1e/crypto/Makefile
+@@ -108,7 +108,7 @@ $(LIB):     $(LIBOBJ)
+ 
+ shared: buildinf.h lib subdirs
+        if [ -n "$(SHARED_LIBS)" ]; then \
+-               (cd ..; $(MAKE) $(SHARED_LIB)); \
++               (cd ..; $(MAKE) -e $(SHARED_LIB)); \
+        fi
+ 
+ libs:
+Index: openssl-1.0.1e/Makefile.org
+===================================================================
+--- openssl-1.0.1e.orig/Makefile.org
++++ openssl-1.0.1e/Makefile.org
+@@ -310,7 +310,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_
+ 
+ libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
+        @if [ "$(SHLIB_TARGET)" != "" ]; then \
+-               $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
++               $(MAKE) -e SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
+        else \
+                echo "There's no support for shared libraries on this platform" >&2; \
+                exit 1; \
+Index: openssl-1.0.1e/ssl/Makefile
+===================================================================
+--- openssl-1.0.1e.orig/ssl/Makefile
++++ openssl-1.0.1e/ssl/Makefile
+@@ -62,7 +62,7 @@ lib:  $(LIBOBJ)
+ 
+ shared: lib
+        if [ -n "$(SHARED_LIBS)" ]; then \
+-               (cd ..; $(MAKE) $(SHARED_LIB)); \
++               (cd ..; $(MAKE) -e $(SHARED_LIB)); \
+        fi
+ 
+ files:
diff --git a/recipes-connectivity/openssl/openssl_1.0.1i.bb b/recipes-connectivity/openssl/openssl_1.0.1i.bb
new file mode 100644
index 00000000..9d093efe
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl_1.0.1i.bb
@@ -0,0 +1,53 @@
+require openssl.inc
+
+# For target side versions of openssl enable support for cryptodev Linux driver
+# if they are available.
+DEPENDS_class-target += "cryptodev-linux"
+CFLAG_class-target += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
+
+export DIRS = "crypto ssl apps engines"
+export OE_LDFLAGS="${LDFLAGS}"
+
+SRC_URI += "file://configure-targets.patch \
+            file://shared-libs.patch \
+            file://oe-ldflags.patch \
+            file://engines-install-in-libdir-ssl.patch \
+            file://openssl-fix-link.patch \
+            file://debian/version-script.patch \
+            file://debian/pic.patch \
+            file://debian/c_rehash-compat.patch \
+            file://debian/ca.patch \
+            file://debian/make-targets.patch \
+            file://debian/no-rpath.patch \
+            file://debian/man-dir.patch \
+            file://debian/man-section.patch \
+            file://debian/no-symbolic.patch \
+            file://debian/debian-targets.patch \
+            file://openssl_fix_for_x32.patch \
+            file://fix-cipher-des-ede3-cfb1.patch \
+            file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
+            file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \
+            file://initial-aarch64-bits.patch \
+            file://find.pl \
+            file://openssl-fix-des.pod-error.patch \
+           "
+
+SRC_URI[md5sum] = "c8dc151a671b9b92ff3e4c118b174972"
+SRC_URI[sha256sum] = "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7"
+
+PACKAGES =+ " \
+        ${PN}-engines-dbg \
+        ${PN}-engines \
+"
+
+FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
+FILES_${PN}-engines-dbg = "${libdir}/engines/.debug ${libdir}/ssl/engines/.debug"
+
+PARALLEL_MAKE = ""
+PARALLEL_MAKEINST = ""
+
+do_configure_prepend() {
+  cp ${WORKDIR}/find.pl ${S}/util/find.pl
+}
diff --git a/recipes-connectivity/openssl/openssl_1.0.1i.bbappend b/recipes-connectivity/openssl/openssl_1.0.1i.bbappend
new file mode 100644
index 00000000..7b381ffb
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl_1.0.1i.bbappend
@@ -0,0 +1,40 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/openssl-fsl:"
+
+RDEPENDS_${PN}_class-target += "cryptodev-module"
+
+SRC_URI_append_class-target = " file://0001-remove-double-initialization-of-cryptodev-engine.patch \
+        file://0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch \
+        file://0003-cryptodev-fix-algorithm-registration.patch \
+        file://0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch \
+        file://0005-ECC-Support-header-for-Cryptodev-Engine.patch \
+        file://0006-Fixed-private-key-support-for-DH.patch \
+        file://0007-Fixed-private-key-support-for-DH.patch \
+        file://0008-Initial-support-for-PKC-in-cryptodev-engine.patch \
+        file://0009-Added-hwrng-dev-file-as-source-of-RNG.patch \
+        file://0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch \
+        file://0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch \
+        file://0012-RSA-Keygen-Fix.patch \
+        file://0013-Removed-local-copy-of-curve_t-type.patch \
+        file://0014-Modulus-parameter-is-not-populated-by-dhparams.patch \
+        file://0015-SW-Backoff-mechanism-for-dsa-keygen.patch \
+        file://0016-Fixed-DH-keygen-pair-generator.patch \
+        file://0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch \
+        file://0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch \
+        file://0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch \
+        file://0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch \
+        file://0021-cryptodev-drop-redundant-function.patch \
+        file://0022-cryptodev-do-not-zero-the-buffer-before-use.patch \
+        file://0023-cryptodev-clean-up-code-layout.patch \
+        file://0024-cryptodev-do-not-cache-file-descriptor-in-open.patch \
+        file://0025-cryptodev-put_dev_crypto-should-be-an-int.patch \
+        file://0026-cryptodev-simplify-cryptodev-pkc-support-code.patch \
+"
+
+# Digest offloading through cryptodev is not recommended because of the
+# performance penalty of the Openssl engine interface. Openssl generates a huge
+# number of calls to digest functions for even a small amount of work data.
+# For example there are 70 calls to cipher code and over 10000 to digest code
+# when downloading only 10 files of 700 bytes each.
+# Do not build OpenSSL with cryptodev digest support until engine digest
+# interface gets some rework:
+CFLAG_class-target := "${@'${CFLAG}'.replace('-DUSE_CRYPTODEV_DIGESTS', '')}"