initial commit for Enea Linux 5.0-ppc

Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>

258 files changed, 25415 insertions, 0 deletions

diff --git a/README b/README
new file mode 100644
index 0000000..10158ef
--- /dev/null
+++ b/README
@@ -0,0 +1,49 @@
+OpenEmbedded/Yocto BSP layer for Freescale's PPC platforms
+==========================================================
+
+This layer provides support for Freescale's PPC platforms for use with
+OpenEmbedded and/or Yocto.
+
+This layer depends on:
+
+URI: git://git.openembedded.org/openembedded-core
+branch: master
+revision: HEAD
+
+URI: git://git.openembedded.org/meta-openembedded
+branch: master
+revision: HEAD
+
+Contributing
+------------
+
+To contribute to this layer you should the patches for review to the
+mailing list.
+
+Mailing list:
+
+    https://lists.yoctoproject.org/listinfo/meta-freescale
+
+Source code:
+
+    git://git.yoctoproject.org/meta-fsl-ppc
+    http://git.yoctoproject.org/git/meta-fsl-ppc
+
+When creating patches, please use something like:
+
+    git format-patch -s --subject-prefix='meta-fsl-ppc dylan][PATCH' origin
+optionally include a branch if the patch applies to multiple branches,
+otherwise master is assumed
+
+When sending patches, please use something like:
+
+    git send-email --to meta-freescale@yoctoproject.org <generated patch>
+
+git.yoctoproject.org vs. git.freescale.com:
+-------------------------------------------
+
+git.yoctoproject.org hosts the official upstream work of Freescale's OE/YP repos,
+for official SDK releases at times we need to do last minute fixes or include things
+not supported upstream so we have a different repo on git.freescale.com for the
+official release. git.freescale.com should be based off repos from git.yoctoproject.org
+
diff --git a/classes/qoriq_build_64bit_kernel.bbclass b/classes/qoriq_build_64bit_kernel.bbclass
new file mode 100644
index 0000000..5dd8931
--- /dev/null
+++ b/classes/qoriq_build_64bit_kernel.bbclass
@@ -0,0 +1,14 @@
+inherit distro_features_check
+REQUIRED_DISTRO_FEATURES_e6500 += "multiarch"
+
+python () {
+    promote_kernel = d.getVar('BUILD_64BIT_KERNEL')
+    if promote_kernel == "1":
+        d.setVar('KERNEL_CC_append', ' -m64')
+        d.setVar('KERNEL_LD_append', ' -melf64ppc')
+
+    error_qa = d.getVar('ERROR_QA', True)
+    if 'arch' in error_qa:
+        d.setVar('ERROR_QA', error_qa.replace(' arch', ''))
+}
+
diff --git a/conf/layer.conf b/conf/layer.conf
new file mode 100644
index 0000000..a4d4add
--- /dev/null
+++ b/conf/layer.conf
@@ -0,0 +1,18 @@
+# We have a packages directory, add to BBFILES
+BBPATH .= ":${LAYERDIR}"
+
+BBFILES += "${LAYERDIR}/recipes-*/*/*.bb*"
+BBFILES += "${LAYERDIR}/images/*.bb*"
+BBFILES += "${LAYERDIR}/classes/*.bb*"
+
+BBFILE_COLLECTIONS += "fsl-ppc"
+BBFILE_PATTERN_fsl-ppc = "^${LAYERDIR}/"
+BBFILE_PRIORITY_fsl-ppc = "5"
+
+LICENSE_PATH += "${LAYERDIR}/custom-licenses"
+
+# Let us add layer-specific bbappends which are only applied when that
+# layer is included in our configuration
+BBFILES += "${@' '.join('${LAYERDIR}/%s/recipes*/*/*.bbappend' % layer \
+               for layer in BBFILE_COLLECTIONS.split())}"
+
diff --git a/conf/machine/b4420qds-64b.conf b/conf/machine/b4420qds-64b.conf
new file mode 100644
index 0000000..c0487d9
--- /dev/null
+++ b/conf/machine/b4420qds-64b.conf
@@ -0,0 +1,15 @@
+#@TYPE: Machine
+#@NAME: Freescale B4420QDS-64B
+#@SOC: b4420
+#@DESCRIPTION: Machine configuration for running B4420QDS in 64-bit mode
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e6500-64b.inc
+
+SOC_FAMILY = "b4:b4420"
+UBOOT_MACHINES ?= "B4420QDS"
+KERNEL_DEVICETREE ?= "b4420qds.dtb b4420qds-usdpaa.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+
diff --git a/conf/machine/b4420qds.conf b/conf/machine/b4420qds.conf
new file mode 100644
index 0000000..94ab1d3
--- /dev/null
+++ b/conf/machine/b4420qds.conf
@@ -0,0 +1,15 @@
+#@TYPE: Machine
+#@NAME: Freescale B4420QDS
+#@SOC: b4420
+#@DESCRIPTION: Machine configuration for running B4420QDS in 32-bit mode
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e6500.inc
+
+SOC_FAMILY = "b4:b4420"
+UBOOT_MACHINES ?= "B4420QDS"
+KERNEL_DEVICETREE ?= "b4420qds.dtb b4420qds-usdpaa.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+
diff --git a/conf/machine/b4860qds-64b.conf b/conf/machine/b4860qds-64b.conf
new file mode 100644
index 0000000..88c3d59
--- /dev/null
+++ b/conf/machine/b4860qds-64b.conf
@@ -0,0 +1,30 @@
+#@TYPE: Machine
+#@NAME: Freescale B4860QDS-64B
+#@SOC: b4860
+#@DESCRIPTION: Machine configuration for running B4860QDS in 64-bit mode
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e6500-64b.inc
+
+SOC_FAMILY = "b4:b4860"
+UBOOT_MACHINES ?= "B4860QDS B4860QDS_SECURE_BOOT"
+KERNEL_DEVICETREE ?= "b4860qds.dtb b4860qds-usdpaa.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+
+SERIAL_CONSOLES = "115200;ttyS0 115200;ttyS1 115200;ttyEHV0"
+SERIAL_CONSOLES_CHECK = "${SERIAL_CONSOLES}"
+USE_VT = "0"
+
+#required to build u-boot recipe
+require conf/multilib.conf
+MULTILIBS = "multilib:lib32"
+DEFAULTTUNE_virtclass-multilib-lib32 = "powerpc"
+
+#required to boot rootfs from RAM
+IMAGE_FSTYPES += "ext2.gz.u-boot"
+
+#removed rootfs image-prelink because some errors
+#appeared when prelink of the libs was done 
+USER_CLASSES = "buildstats image-mklibs"
diff --git a/conf/machine/b4860qds.conf b/conf/machine/b4860qds.conf
new file mode 100644
index 0000000..bae326e
--- /dev/null
+++ b/conf/machine/b4860qds.conf
@@ -0,0 +1,15 @@
+#@TYPE: Machine
+#@NAME: Freescale B4860QDS
+#@SOC: b4860
+#@DESCRIPTION: Machine configuration for running B4860QDS in 32-bit mode
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e6500.inc
+
+SOC_FAMILY = "b4:b4860"
+UBOOT_MACHINES ?= "B4860QDS B4860QDS_SECURE_BOOT"
+KERNEL_DEVICETREE ?= "b4860qds.dtb b4860qds-usdpaa.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+
diff --git a/conf/machine/bsc9131rdb.conf b/conf/machine/bsc9131rdb.conf
new file mode 100644
index 0000000..e65f7e4
--- /dev/null
+++ b/conf/machine/bsc9131rdb.conf
@@ -0,0 +1,15 @@
+#@TYPE: Machine
+#@NAME: Freescale BSC9131RDB
+#@SOC: bsc9131
+#@DESCRIPTION: Machine configuration for running BSC9131RDB
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com> 
+
+require conf/machine/include/e500v2.inc
+
+SOC_FAMILY = "bsc9131"
+UBOOT_MACHINES ?= "BSC9131RDB_SPIFLASH BSC9131RDB_NAND BSC9131RDB_NAND_SYSCLK100 BSC9131RDB_SPIFLASH_SYSCLK100"
+KERNEL_DEVICETREE ?= "bsc9131rdb.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/bsc913x_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+
diff --git a/conf/machine/bsc9132qds.conf b/conf/machine/bsc9132qds.conf
new file mode 100644
index 0000000..90ac2a3
--- /dev/null
+++ b/conf/machine/bsc9132qds.conf
@@ -0,0 +1,23 @@
+#@TYPE: Machine
+#@NAME: Freescale BSC9132QDS
+#@SOC: bsc9132
+#@DESCRIPTION: Machine configuration for running BSC9132QDS
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e500v2.inc
+
+SOC_FAMILY = "bsc9132"
+UBOOT_MACHINES ?= " BSC9132QDS_NAND_DDRCLK133 BSC9132QDS_NAND_DDRCLK100 \
+    BSC9132QDS_NOR_DDRCLK100 BSC9132QDS_NOR_DDRCLK133 \
+    BSC9132QDS_SDCARD_DDRCLK100 BSC9132QDS_SDCARD_DDRCLK133 \
+    BSC9132QDS_SPIFLASH_DDRCLK100 BSC9132QDS_SPIFLASH_DDRCLK133 \
+    BSC9132QDS_NAND_DDRCLK100_SECURE BSC9132QDS_NAND_DDRCLK133_SECURE \
+    BSC9132QDS_NOR_DDRCLK100_SECURE BSC9132QDS_NOR_DDRCLK133_SECURE \
+    BSC9132QDS_SDCARD_DDRCLK100_SECURE BSC9132QDS_SDCARD_DDRCLK133_SECURE \
+    BSC9132QDS_SPIFLASH_DDRCLK100_SECURE BSC9132QDS_SPIFLASH_DDRCLK133_SECURE \
+"
+KERNEL_DEVICETREE ?= "bsc9132qds.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/bsc913x_smp_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+
diff --git a/conf/machine/c293pcie.conf b/conf/machine/c293pcie.conf
new file mode 100644
index 0000000..6a63844
--- /dev/null
+++ b/conf/machine/c293pcie.conf
@@ -0,0 +1,16 @@
+#@TYPE: Machine
+#@NAME: Freescale C293PCIE
+#@SOC: c293pcie
+#@DESCRIPTION: Machine configuration for running C293PCIE in 36-bit mode
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e500v2.inc
+
+SOC_FAMILY = "c293pcie"
+BOOTFORMAT_CONFIG = "config_ddr3_512m_c29xpcie_800M.dat"
+UBOOT_MACHINES ?= "C29XPCIE C29XPCIE_SPIFLASH C29XPCIE_SECBOOT C29XPCIE_SPIFLASH_SECBOOT"
+KERNEL_DEVICETREE ?= "c293pcie_36b.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/mpc85xx_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+
diff --git a/conf/machine/include/e500mc.inc b/conf/machine/include/e500mc.inc
new file mode 100644
index 0000000..5871104
--- /dev/null
+++ b/conf/machine/include/e500mc.inc
@@ -0,0 +1,6 @@
+TARGET_FPU = "hard"
+
+require conf/machine/include/tune-ppce500mc.inc
+require conf/machine/include/qoriq-base.inc
+
+MACHINEOVERRIDES .= ":e500mc"
diff --git a/conf/machine/include/e500v2.inc b/conf/machine/include/e500v2.inc
new file mode 100644
index 0000000..a937254
--- /dev/null
+++ b/conf/machine/include/e500v2.inc
@@ -0,0 +1,4 @@
+require conf/machine/include/tune-ppce500v2.inc
+require conf/machine/include/qoriq-base.inc
+
+MACHINEOVERRIDES .= ":e500v2"
diff --git a/conf/machine/include/e5500-64b.inc b/conf/machine/include/e5500-64b.inc
new file mode 100644
index 0000000..d238ca8
--- /dev/null
+++ b/conf/machine/include/e5500-64b.inc
@@ -0,0 +1,12 @@
+TARGET_FPU = "hard"
+DEFAULTTUNE ?= "ppc64e5500"
+
+require conf/machine/include/tune-ppce5500.inc
+require conf/machine/include/qoriq-base.inc
+
+MACHINEOVERRIDES .= ":e5500-64b"
+
+require conf/multilib.conf
+MULTILIBS ?= "multilib:lib32"
+DEFAULTTUNE_virtclass-multilib-lib32 ?= "ppce5500"
+
diff --git a/conf/machine/include/e5500.inc b/conf/machine/include/e5500.inc
new file mode 100644
index 0000000..88f6d06
--- /dev/null
+++ b/conf/machine/include/e5500.inc
@@ -0,0 +1,6 @@
+TARGET_FPU = "hard"
+
+require conf/machine/include/tune-ppce5500.inc
+require conf/machine/include/qoriq-base.inc
+
+MACHINEOVERRIDES .= ":e5500"
diff --git a/conf/machine/include/e6500-64b.inc b/conf/machine/include/e6500-64b.inc
new file mode 100644
index 0000000..522ee71
--- /dev/null
+++ b/conf/machine/include/e6500-64b.inc
@@ -0,0 +1,12 @@
+TARGET_FPU = "hard"
+DEFAULTTUNE ?= "ppc64e6500"
+
+require conf/machine/include/tune-ppce6500.inc
+require conf/machine/include/qoriq-base.inc
+
+MACHINEOVERRIDES .= ":e6500-64b"
+
+require conf/multilib.conf
+MULTILIBS ?= "multilib:lib32"
+DEFAULTTUNE_virtclass-multilib-lib32 ?= "ppce6500"
+
diff --git a/conf/machine/include/e6500.inc b/conf/machine/include/e6500.inc
new file mode 100644
index 0000000..4121fbe
--- /dev/null
+++ b/conf/machine/include/e6500.inc
@@ -0,0 +1,13 @@
+TARGET_FPU = "hard"
+
+require conf/machine/include/tune-ppce6500.inc
+require conf/machine/include/qoriq-base.inc
+
+MACHINEOVERRIDES .= ":e6500"
+
+BUILD_64BIT_KERNEL = "1"
+
+require conf/multilib.conf
+MULTILIBS ?= "multilib:lib64"
+DEFAULTTUNE_virtclass-multilib-lib64 ?= "ppc64e6500"
+
diff --git a/conf/machine/include/qoriq-base.inc b/conf/machine/include/qoriq-base.inc
new file mode 100644
index 0000000..35ca79c
--- /dev/null
+++ b/conf/machine/include/qoriq-base.inc
@@ -0,0 +1,26 @@
+# Provides the QorIQ common settings
+require conf/machine/include/soc-family.inc
+
+# providers
+PREFERRED_PROVIDER_virtual/kernel ?= "linux-qoriq"
+PREFERRED_PROVIDER_u-boot ?= "u-boot-qoriq"
+
+# versions
+PREFERRED_VERSION_qemu = "1.7+fsl"
+PREFERRED_VERSION_openssl = "1.0.1i"
+
+# settings
+MACHINE_FEATURES = "keyboard pci ext2 ext3 serial"
+MACHINE_EXTRA_RRECOMMENDS += "udev-rules-qoriq kernel-modules"
+MACHINEOVERRIDES .= ":qoriq-ppc"
+
+IMAGE_CLASSES += "image_types_uboot"
+EXTRA_IMAGEDEPENDS += "u-boot"
+
+KERNEL_IMAGETYPE ?= "uImage"
+
+SERIAL_CONSOLES ?= "115200;ttyS0 115200;ttyS1 115200;ttyEHV0"
+SERIAL_CONSOLES_CHECK ?= "${SERIAL_CONSOLES}"
+
+USE_VT = "0"
+
diff --git a/conf/machine/p1010rdb.conf b/conf/machine/p1010rdb.conf
new file mode 100644
index 0000000..e24c341
--- /dev/null
+++ b/conf/machine/p1010rdb.conf
@@ -0,0 +1,22 @@
+#@TYPE: Machine
+#@Name: Freescale P1010RDB
+#@SOC: p1010
+#@DESCRIPTION: Machine configuration for running P1010RDB
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e500v2.inc
+
+SOC_FAMILY = "p1010"
+BOOTFORMAT_CONFIG = "config_sram_p1010rdb.dat"
+UBOOT_MACHINES ?= "P1010RDB-PB_NAND P1010RDB-PB_NOR \
+    P1010RDB-PB_SPIFLASH P1010RDB-PB_36BIT_NOR P1010RDB-PB_36BIT_NAND \
+    P1010RDB-PB_36BIT_SPIFLASH P1010RDB-PB_36BIT_NAND_SECBOOT \
+    P1010RDB-PB_36BIT_NOR_SECBOOT P1010RDB-PB_36BIT_SPIFLASH_SECBOOT \
+    P1010RDB-PB_NAND_SECBOOT P1010RDB-PB_NOR_SECBOOT \
+    P1010RDB-PB_SPIFLASH_SECBOOT \
+"
+KERNEL_DEVICETREE ?= "p1010rdb-pa.dtb p1010rdb-pb.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/mpc85xx_defconfig"
+
+JFFS2_ERASEBLOCK = "0x20000"
+
diff --git a/conf/machine/p1020rdb.conf b/conf/machine/p1020rdb.conf
new file mode 100644
index 0000000..e2b706e
--- /dev/null
+++ b/conf/machine/p1020rdb.conf
@@ -0,0 +1,16 @@
+#@TYPE: Machine
+#@NAME: Freescale P1020RDB
+#@SOC: p1020
+#@DESCRIPTION: Machine configuration for running P1020RDB
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e500v2.inc
+
+SOC_FAMILY = "p1020"
+BOOTFORMAT_CONFIG = "config_sram_p1022ds.dat"
+UBOOT_MACHINES ?= " P1020RDB-PD P1020RDB-PD_NAND P1020RDB-PD_SDCARD P1020RDB-PD_SPIFLASH"
+KERNEL_DEVICETREE ?= "p1020rdb-pd_32b.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/mpc85xx_smp_defconfig"
+
+JFFS2_ERASEBLOCK = "0x20000"
+
diff --git a/conf/machine/p1021rdb.conf b/conf/machine/p1021rdb.conf
new file mode 100644
index 0000000..03a1821
--- /dev/null
+++ b/conf/machine/p1021rdb.conf
@@ -0,0 +1,17 @@
+#@TYPE: Machine
+#@Name: Freescale P1021RDB
+#@SOC: p1021
+#@DESCRIPTION: Machine configuration for running P1021RDB
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e500v2.inc
+
+SOC_FAMILY = "p1021"
+BOOTFORMAT_CONFIG = "config_sram_p1022ds.dat"
+UBOOT_MACHINES ?= "P1021RDB-PC P1021RDB-PC_NAND P1021RDB-PC_SDCARD P1021RDB-PC_SPIFLASH P1021RDB-PC_36BIT P1021RDB-PC_36BIT_SPIFLASH P1021RDB-PC_36BIT_NAND P1021RDB-PC_36BIT_SDCARD"
+KERNEL_DEVICETREE ?= "p1021rdb-pc_32b.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/mpc85xx_smp_defconfig"
+
+JFFS2_ERASEBLOCK = "0x20000"
+QE_UCODE ?= "fsl_qe_ucode_1021_10_A.bin"
+
diff --git a/conf/machine/p1022ds.conf b/conf/machine/p1022ds.conf
new file mode 100644
index 0000000..823131a
--- /dev/null
+++ b/conf/machine/p1022ds.conf
@@ -0,0 +1,26 @@
+#@TYPE: Machine
+#@NAME: Freescale P1022DS 
+#@SOC: p1022
+#@DESCRIPTION: Machine configuration for running P1022DS
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e500v2.inc
+
+SOC_FAMILY = "p1022"
+BOOTFORMAT_CONFIG = "config_sram_p1022ds.dat"
+UBOOT_MACHINES ?= "P1022DS P1022DS_NAND P1022DS_SPIFLASH P1022DS_SDCARD P1022DS_36BIT P1022DS_36BIT_SPIFLASH P1022DS_36BIT_NAND P1022DS_36BIT_SDCARD"
+KERNEL_DEVICETREE ?= "p1022ds_32b.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/mpc85xx_smp_defconfig"
+
+PREFERRED_PROVIDER_virtual/xserver ?= "xserver-xorg"
+
+XSERVER = " \
+        xserver-xorg \
+        xf86-input-evdev \
+        xf86-input-mouse \
+        xf86-input-keyboard \
+        xf86-video-fbdev \
+"
+
+JFFS2_ERASEBLOCK = "0x20000"
+
diff --git a/conf/machine/p1023rdb.conf b/conf/machine/p1023rdb.conf
new file mode 100644
index 0000000..02ec4a5
--- /dev/null
+++ b/conf/machine/p1023rdb.conf
@@ -0,0 +1,15 @@
+#@TYPE: Machine
+#@NAME: Freescale P1023RDB
+#@SOC: p1023
+#@DESCRIPTION: Machine configuration for running P1023RDB
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e500v2.inc
+
+SOC_FAMILY = "p1023"
+UBOOT_MACHINES ?= "P1023RDB"
+KERNEL_DEVICETREE ?= "p1023rdb.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/p1023_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+
diff --git a/conf/machine/p1025twr.conf b/conf/machine/p1025twr.conf
new file mode 100644
index 0000000..0c6bb57
--- /dev/null
+++ b/conf/machine/p1025twr.conf
@@ -0,0 +1,17 @@
+#@TYPE: Machine
+#@Name: Freescale P1025TWR
+#@SOC: p1025
+#@DESCRIPTION: Machine configuration for running P1025TWR
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e500v2.inc
+
+SOC_FAMILY = "p1025"
+BOOTFORMAT_CONFIG = "config_ddr3_1gb_p1_p2_rdb_pc_667M.dat"
+UBOOT_MACHINES ?= "TWR-P1025"
+KERNEL_DEVICETREE ?= "p1025twr_32b.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/mpc85xx_smp_defconfig"
+
+JFFS2_ERASEBLOCK = "0x20000"
+QE_UCODE ?= "fsl_qe_ucode_1021_10_A.bin"
+
diff --git a/conf/machine/p2020rdb.conf b/conf/machine/p2020rdb.conf
new file mode 100644
index 0000000..6f0a519
--- /dev/null
+++ b/conf/machine/p2020rdb.conf
@@ -0,0 +1,19 @@
+#@TYPE: Machine
+#@Name: Freescale P2020RDB
+#@SOC: p2020
+#@DESCRIPTION: Machine configuration for running P2020RDB
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e500v2.inc
+
+SOC_FAMILY = "p2020"
+BOOTFORMAT_CONFIG = "config_sram_p1022ds.dat"
+UBOOT_MACHINES ?= " P2020RDB-PC P2020RDB-PC_NAND P2020RDB-PC_SDCARD P2020RDB-PC_SPIFLASH P2020RDB-PC_36BIT P2020RDB-PC_36BIT_SPIFLASH P2020RDB-PC_36BIT_NAND P2020RDB-PC_36BIT_SDCARD"
+KERNEL_DEVICETREE ?= "p2020rdb-pc_32b.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/mpc85xx_smp_defconfig"
+
+JFFS2_ERASEBLOCK = "0x20000"
+
+SERIAL_CONSOLES = "115200;ttyS0 115200;ttyS1"
+SERIAL_CONSOLES_CHECK = "${SERIAL_CONSOLES}"
+USE_VT = "0"
diff --git a/conf/machine/p2041rdb.conf b/conf/machine/p2041rdb.conf
new file mode 100644
index 0000000..3337186
--- /dev/null
+++ b/conf/machine/p2041rdb.conf
@@ -0,0 +1,18 @@
+#@TYPE: Machine
+#@NAME: Freescale P2041RDB
+#@SOC: p2041
+#@DESCRIPTION: Machine configuration for running P2041RDB
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e500mc.inc
+
+SOC_FAMILY = "p2041"
+UBOOT_MACHINES ?= "P2041RDB P2041RDB_NAND P2041RDB_SECURE_BOOT P2041RDB_SDCARD P2041RDB_SPIFLASH"
+KERNEL_DEVICETREE ?= "p2041rdb.dtb p2041rdb-usdpaa.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_smp_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+
+SERIAL_CONSOLES = "115200;ttyS0 115200;ttyS1"
+SERIAL_CONSOLES_CHECK = "${SERIAL_CONSOLES}"
+USE_VT = "0"
diff --git a/conf/machine/p3041ds.conf b/conf/machine/p3041ds.conf
new file mode 100644
index 0000000..01c51e4
--- /dev/null
+++ b/conf/machine/p3041ds.conf
@@ -0,0 +1,15 @@
+#@TYPE: Machine
+#@NAME: Freescale P3041DS
+#@SOC: p3041
+#@DESCRIPTION: Machine configuration for running P3041DS
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e500mc.inc
+
+SOC_FAMILY = "p3041"
+UBOOT_MACHINES ?= "P3041DS P3041DS_NAND P3041DS_SECURE_BOOT P3041DS_SDCARD P3041DS_SPIFLASH"
+KERNEL_DEVICETREE ?= "p3041ds.dtb p3041ds-usdpaa.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_smp_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+
diff --git a/conf/machine/p4080ds.conf b/conf/machine/p4080ds.conf
new file mode 100644
index 0000000..62075e7
--- /dev/null
+++ b/conf/machine/p4080ds.conf
@@ -0,0 +1,18 @@
+#@TYPE: Machine
+#@NAME: Freescale P4080DS
+#@SOC: p4080
+#@DESCRIPTION: Machine configuration for running P4080DS
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e500mc.inc
+
+SOC_FAMILY = "p4080"
+UBOOT_MACHINES ?= "P4080DS P4080DS_SECURE_BOOT P4080DS_SDCARD P4080DS_SPIFLASH "
+KERNEL_DEVICETREE ?= "p4080ds.dtb p4080ds-usdpaa.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_smp_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+
+SERIAL_CONSOLES = "115200;ttyS0 115200;ttyS1"
+SERIAL_CONSOLES_CHECK = "${SERIAL_CONSOLES}"
+USE_VT = "0"
diff --git a/conf/machine/p5020ds-64b.conf b/conf/machine/p5020ds-64b.conf
new file mode 100644
index 0000000..615157f
--- /dev/null
+++ b/conf/machine/p5020ds-64b.conf
@@ -0,0 +1,17 @@
+#@TYPE: Machine
+#@NAME: Freescale P5020DS-64B
+#@SOC: p5020
+#@DESCRIPTION: Machine configuration for running P5020DS in 64-bit mode
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e5500-64b.inc
+
+SOC_FAMILY = "p5020"
+UBOOT_MACHINES ?= "P5020DS P5020DS_NAND P5020DS_SECURE_BOOT \
+    P5020DS_SDCARD P5020DS_SPIFLASH \
+"
+KERNEL_DEVICETREE ?= "p5020ds.dtb p5020ds-usdpaa.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet64_smp_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+
diff --git a/conf/machine/p5020ds.conf b/conf/machine/p5020ds.conf
new file mode 100644
index 0000000..7effe1e
--- /dev/null
+++ b/conf/machine/p5020ds.conf
@@ -0,0 +1,15 @@
+#@TYPE: Machine
+#@NAME: Freescale P5020DS
+#@SOC: p5020
+#@DESCRIPTION: Machine configuration for running P5020DS in 32-bit mode
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e5500.inc
+
+SOC_FAMILY = "p5020"
+UBOOT_MACHINES ?= "P5020DS P5020DS_NAND P5020DS_SECURE_BOOT P5020DS_SDCARD P5020DS_SPIFLASH "
+KERNEL_DEVICETREE ?= "p5020ds.dtb p5020ds-usdpaa.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_smp_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+
diff --git a/conf/machine/p5040ds-64b.conf b/conf/machine/p5040ds-64b.conf
new file mode 100644
index 0000000..fbbe9e2
--- /dev/null
+++ b/conf/machine/p5040ds-64b.conf
@@ -0,0 +1,15 @@
+#@TYPE: Machine
+#@NAME: Freescale P5040DS-64B
+#@SOC: p5040
+#@DESCRIPTION: Machine configuration for running P5040DS in 64-bit mode
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e5500-64b.inc
+
+SOC_FAMILY = "p5040"
+UBOOT_MACHINES ?= "P5040DS  P5040DS_NAND P5040DS_SECURE_BOOT P5040DS_SDCARD P5040DS_SPIFLASH"
+KERNEL_DEVICETREE ?= "p5040ds.dtb p5040ds-usdpaa.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet64_smp_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+
diff --git a/conf/machine/p5040ds.conf b/conf/machine/p5040ds.conf
new file mode 100644
index 0000000..1cd9512
--- /dev/null
+++ b/conf/machine/p5040ds.conf
@@ -0,0 +1,15 @@
+#@TYPE: Machine
+#@NAME: Freescale P5040DS
+#@SOC: p5040
+#@DESCRIPTION: Machine configuration for running P5040DS in 32-bit mode 
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e5500.inc
+
+SOC_FAMILY = "p5040"
+UBOOT_MACHINES ?= "P5040DS P5040DS_NAND P5040DS_SECURE_BOOT P5040DS_SDCARD P5040DS_SPIFLASH"
+KERNEL_DEVICETREE ?= "p5040ds.dtb p5040ds-usdpaa.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_smp_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+
diff --git a/conf/machine/t1024qds-64b.conf b/conf/machine/t1024qds-64b.conf
new file mode 100644
index 0000000..9dc047c
--- /dev/null
+++ b/conf/machine/t1024qds-64b.conf
@@ -0,0 +1,16 @@
+#@TYPE: Machine
+#@NAME: Freescale T1024QDS
+#@SOC: t1024
+#@DESCRIPTION: Machine configuration for running T1024QDS in 64-bit mode
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e5500-64b.inc
+
+SOC_FAMILY = "t1:t1024"
+UBOOT_MACHINES ?= "T1024QDS T1024QDS_D4 T1024QDS_NAND T1024QDS_SDCARD T1024QDS_SPIFLASH T1024QDS_SECURE_BOOT"
+KERNEL_DEVICETREE ?= "t1024qds.dtb t1024qds-usdpaa.dtb t1024qds-usdpaa-capwap.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet64_fmanv3_smp_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+QE_UCODE ?= "iram_Type_A_T1024_r1.0.bin"
+
diff --git a/conf/machine/t1024qds.conf b/conf/machine/t1024qds.conf
new file mode 100644
index 0000000..dc043a3
--- /dev/null
+++ b/conf/machine/t1024qds.conf
@@ -0,0 +1,16 @@
+#@TYPE: Machine
+#@NAME: Freescale T1024QDS
+#@SOC: t1024
+#@DESCRIPTION: Machine configuration for running T1024QDS in 32-bit mode
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e5500.inc
+
+SOC_FAMILY = "t1:t1024"
+UBOOT_MACHINES ?= "T1024QDS T1024QDS_D4 T1024QDS_NAND T1024QDS_SDCARD T1024QDS_SPIFLASH T1024QDS_SECURE_BOOT"
+KERNEL_DEVICETREE ?= "t1024qds.dtb t1024qds-usdpaa.dtb t1024qds-usdpaa-capwap.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_fmanv3_smp_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+QE_UCODE ?= "iram_Type_A_T1024_r1.0.bin"
+
diff --git a/conf/machine/t1024rdb-64b.conf b/conf/machine/t1024rdb-64b.conf
new file mode 100644
index 0000000..e9e66b2
--- /dev/null
+++ b/conf/machine/t1024rdb-64b.conf
@@ -0,0 +1,16 @@
+#@TYPE: Machine
+#@NAME: Freescale T1024RDB
+#@SOC: t1024
+#@DESCRIPTION: Machine configuration for running T1024RDB in 64-bit mode
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e5500-64b.inc
+
+SOC_FAMILY = "t1:t1024"
+UBOOT_MACHINES ?= "T1024RDB T1024RDB_NAND T1024RDB_SDCARD T1024RDB_SPIFLASH T1024RDB_SECURE_BOOT"
+KERNEL_DEVICETREE ?= "t1024rdb.dtb t1024rdb-usdpaa.dtb t1024rdb-usdpaa-capwap.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet64_fmanv3_smp_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+QE_UCODE ?= "iram_Type_A_T1024_r1.0.bin"
+
diff --git a/conf/machine/t1024rdb.conf b/conf/machine/t1024rdb.conf
new file mode 100644
index 0000000..80d87bd
--- /dev/null
+++ b/conf/machine/t1024rdb.conf
@@ -0,0 +1,16 @@
+#@TYPE: Machine
+#@NAME: Freescale T1024RDB
+#@SOC: t1024
+#@DESCRIPTION: Machine configuration for running T1024RDB in 32-bit mode
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e5500.inc
+
+SOC_FAMILY = "t1:t1024"
+UBOOT_MACHINES ?= "T1024RDB T1024RDB_NAND T1024RDB_SDCARD T1024RDB_SPIFLASH T1024RDB_SECURE_BOOT"
+KERNEL_DEVICETREE ?= "t1024rdb.dtb t1024rdb-usdpaa.dtb t1024rdb-usdpaa-capwap.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_fmanv3_smp_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+QE_UCODE ?= "iram_Type_A_T1024_r1.0.bin"
+
diff --git a/conf/machine/t1040rdb-64b.conf b/conf/machine/t1040rdb-64b.conf
new file mode 100644
index 0000000..6196097
--- /dev/null
+++ b/conf/machine/t1040rdb-64b.conf
@@ -0,0 +1,16 @@
+#@TYPE: Machine
+#@NAME: Freescale T1040RDB
+#@SOC: t1040
+#@DESCRIPTION: Machine configuration for running T1040RDB in 64-bit mode
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e5500-64b.inc
+
+SOC_FAMILY = "t1:t1040"
+UBOOT_MACHINES ?= "T1040RDB T1040RDB_SECURE_BOOT"
+KERNEL_DEVICETREE ?= "t1040rdb.dtb t1040rdb-usdpaa.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet64_fmanv3_smp_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+QE_UCODE ?= "iram_Type_A_T1040_r1.0.bin"
+
diff --git a/conf/machine/t1040rdb.conf b/conf/machine/t1040rdb.conf
new file mode 100644
index 0000000..e70c44b
--- /dev/null
+++ b/conf/machine/t1040rdb.conf
@@ -0,0 +1,16 @@
+#@TYPE: Machine
+#@NAME: Freescale T1040RDB
+#@SOC: t1040
+#@DESCRIPTION: Machine configuration for running T1040RDB in 32-bit mode
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e5500.inc
+
+SOC_FAMILY = "t1:t1040"
+UBOOT_MACHINES ?= "T1040RDB T1040RDB_SECURE_BOOT"
+KERNEL_DEVICETREE ?= "t1040rdb.dtb t1040rdb-usdpaa.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_fmanv3_smp_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+QE_UCODE ?= "iram_Type_A_T1040_r1.0.bin"
+
diff --git a/conf/machine/t1042rdb-64b.conf b/conf/machine/t1042rdb-64b.conf
new file mode 100644
index 0000000..d60cdd0
--- /dev/null
+++ b/conf/machine/t1042rdb-64b.conf
@@ -0,0 +1,16 @@
+#@TYPE: Machine
+#@NAME: Freescale T1042RDB
+#@SOC: t1042
+#@DESCRIPTION: Machine configuration for running T1042RDB in 64-bit mode
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e5500-64b.inc
+
+SOC_FAMILY = "t1:t1042"
+UBOOT_MACHINES ?= "T1042RDB_PI"
+KERNEL_DEVICETREE ?= "t1042rdb_pi.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet64_fmanv3_smp_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+QE_UCODE ?= "iram_Type_A_T1040_r1.0.bin"
+
diff --git a/conf/machine/t1042rdb-pi-64b.conf b/conf/machine/t1042rdb-pi-64b.conf
new file mode 100644
index 0000000..4ebef18
--- /dev/null
+++ b/conf/machine/t1042rdb-pi-64b.conf
@@ -0,0 +1,25 @@
+#@TYPE: Machine
+#@NAME: Freescale T1042RDB-PI
+#@SOC: t1042
+#@DESCRIPTION: Machine configuration for running T1042RDB-PI in 64-bit mode
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e5500-64b.inc
+
+SOC_FAMILY = "t1:t1042"
+UBOOT_MACHINES ?= "T1042RDB_PI"
+KERNEL_DEVICETREE ?= "t1042rdb_pi.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet64_fmanv3_smp_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+QE_UCODE ?= "iram_Type_A_T1040_r1.0.bin"
+
+PREFERRED_PROVIDER_virtual/xserver ?= "xserver-xorg"
+XSERVER = " \
+    xserver-xorg \
+    xf86-input-evdev \
+    xf86-input-mouse \
+    xf86-input-keyboard \
+    xf86-video-fbdev \
+"
+
diff --git a/conf/machine/t1042rdb-pi.conf b/conf/machine/t1042rdb-pi.conf
new file mode 100644
index 0000000..60270f0
--- /dev/null
+++ b/conf/machine/t1042rdb-pi.conf
@@ -0,0 +1,24 @@
+#@TYPE: Machine
+#@NAME: Freescale T1042RDB-PI
+#@SOC: t1042
+#@DESCRIPTION: Machine configuration for running T1042RDB-PI in 32-bit mode
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e5500.inc
+
+SOC_FAMILY = "t1:t1042"
+UBOOT_MACHINES ?= "T1042RDB_PI"
+KERNEL_DEVICETREE ?= "t1042rdb_pi.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_fmanv3_smp_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+QE_UCODE ?= "iram_Type_A_T1040_r1.0.bin"
+
+PREFERRED_PROVIDER_virtual/xserver ?= "xserver-xorg"
+XSERVER = " \
+    xserver-xorg \
+    xf86-input-evdev \
+    xf86-input-mouse \
+    xf86-input-keyboard \
+    xf86-video-fbdev \
+"
diff --git a/conf/machine/t1042rdb.conf b/conf/machine/t1042rdb.conf
new file mode 100644
index 0000000..b530b0e
--- /dev/null
+++ b/conf/machine/t1042rdb.conf
@@ -0,0 +1,16 @@
+#@TYPE: Machine
+#@NAME: Freescale T1042RDB
+#@SOC: t1042
+#@DESCRIPTION: Machine configuration for running T1042RDB in 32-bit mode
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e5500.inc
+
+SOC_FAMILY = "t1:t1042"
+UBOOT_MACHINES ?= "T1042RDB_PI"
+KERNEL_DEVICETREE ?= "t1042rdb_pi.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_fmanv3_smp_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+QE_UCODE ?= "iram_Type_A_T1040_r1.0.bin"
+
diff --git a/conf/machine/t2080qds-64b.conf b/conf/machine/t2080qds-64b.conf
new file mode 100644
index 0000000..88cb2c9
--- /dev/null
+++ b/conf/machine/t2080qds-64b.conf
@@ -0,0 +1,17 @@
+#@TYPE: Machine
+#@NAME: Freescale T2080QDS-64B
+#@SOC: t2080
+#@DESCRIPTION: Machine configuration for running T2080QDS in 64-bit mode
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e6500-64b.inc
+
+SOC_FAMILY = "t2:t2080"
+UBOOT_MACHINES ?= "T2080QDS T2080QDS_SDCARD T2080QDS_SPIFLASH \
+    T2080QDS_NAND T2080QDS_SRIO_PCIE_BOOT T2080QDS_SECURE_BOOT \
+"
+KERNEL_DEVICETREE ?= "t2080qds.dtb t2080qds-usdpaa.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+
diff --git a/conf/machine/t2080qds.conf b/conf/machine/t2080qds.conf
new file mode 100644
index 0000000..30478e9
--- /dev/null
+++ b/conf/machine/t2080qds.conf
@@ -0,0 +1,17 @@
+#@TYPE: Machine
+#@NAME: Freescale T2080QDS
+#@SOC: t2080
+#@DESCRIPTION: Machine configuration for running T2080QDS in 32-bit mode
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e6500.inc
+
+SOC_FAMILY = "t2:t2080"
+UBOOT_MACHINES ?= "T2080QDS T2080QDS_SDCARD T2080QDS_SPIFLASH \
+    T2080QDS_NAND T2080QDS_SRIO_PCIE_BOOT T2080QDS_SECURE_BOOT \
+"
+KERNEL_DEVICETREE ?= "t2080qds.dtb t2080qds-usdpaa.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+
diff --git a/conf/machine/t2080rdb-64b.conf b/conf/machine/t2080rdb-64b.conf
new file mode 100644
index 0000000..3892ffb
--- /dev/null
+++ b/conf/machine/t2080rdb-64b.conf
@@ -0,0 +1,17 @@
+#@TYPE: Machine
+#@NAME: Freescale T2080RDB
+#@SOC: t2080
+#@DESCRIPTION: Machine configuration for running T2080RDB in 64-bit mode
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e6500-64b.inc
+
+SOC_FAMILY = "t2:t2080"
+UBOOT_MACHINES ?= "T2080RDB T2080RDB_SDCARD T2080RDB_SPIFLASH \
+    T2080RDB_NAND T2080RDB_SRIO_PCIE_BOOT T2080RDB_SECURE_BOOT \
+"
+KERNEL_DEVICETREE ?= "t2080rdb.dtb t2080rdb-usdpaa.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+
diff --git a/conf/machine/t2080rdb.conf b/conf/machine/t2080rdb.conf
new file mode 100644
index 0000000..28dca0d
--- /dev/null
+++ b/conf/machine/t2080rdb.conf
@@ -0,0 +1,17 @@
+#@TYPE: Machine
+#@NAME: Freescale T2080RDB
+#@SOC: t2080
+#@DESCRIPTION: Machine configuration for running T2080RDB in 32-bit mode
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e6500.inc
+
+SOC_FAMILY = "t2:t2080"
+UBOOT_MACHINES ?= "T2080RDB T2080RDB_SDCARD T2080RDB_SPIFLASH \
+    T2080RDB_NAND T2080RDB_SRIO_PCIE_BOOT T2080RDB_SECURE_BOOT \
+"
+KERNEL_DEVICETREE ?= "t2080rdb.dtb t2080rdb-usdpaa.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+
diff --git a/conf/machine/t4160qds-64b.conf b/conf/machine/t4160qds-64b.conf
new file mode 100644
index 0000000..c63aba8
--- /dev/null
+++ b/conf/machine/t4160qds-64b.conf
@@ -0,0 +1,15 @@
+#@TYPE: Machine
+#@NAME: Freescale T4160QDS-64B
+#@SOC: t4160
+#@DESCRIPTION: Machine configuration for running T4160QDS in 64-bit mode
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e6500-64b.inc
+
+SOC_FAMILY = "t4:t4160"
+UBOOT_MACHINES ?= "T4160QDS T4160QDS_SECURE_BOOT"
+KERNEL_DEVICETREE ?= "t4240qds.dtb t4240qds-usdpaa.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+
diff --git a/conf/machine/t4160qds.conf b/conf/machine/t4160qds.conf
new file mode 100644
index 0000000..83fb5c8
--- /dev/null
+++ b/conf/machine/t4160qds.conf
@@ -0,0 +1,15 @@
+#@TYPE: Machine
+#@NAME: Freescale T4160QDS
+#@SOC: t4160
+#@DESCRIPTION: Machine configuration for running T4160QDS in 32-bit mode
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e6500.inc
+
+SOC_FAMILY = "t4:t4160"
+UBOOT_MACHINES ?= "T4160QDS T4160QDS_SECURE_BOOT"
+KERNEL_DEVICETREE ?= "t4240qds.dtb t4240qds-usdpaa.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+
diff --git a/conf/machine/t4240qds-64b.conf b/conf/machine/t4240qds-64b.conf
new file mode 100644
index 0000000..006c2c1
--- /dev/null
+++ b/conf/machine/t4240qds-64b.conf
@@ -0,0 +1,15 @@
+#@TYPE: Machine
+#@NAME: Freescale T4240QDS-64B
+#@SOC: t4240
+#@DESCRIPTION: Machine configuration for running T4240QDS in 64-bit mode
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e6500-64b.inc
+
+SOC_FAMILY = "t4:t4240"
+UBOOT_MACHINES ?= "T4240QDS T4240QDS_SECURE_BOOT"
+KERNEL_DEVICETREE ?= "t4240qds.dtb t4240qds-usdpaa.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+
diff --git a/conf/machine/t4240qds.conf b/conf/machine/t4240qds.conf
new file mode 100644
index 0000000..fe67584
--- /dev/null
+++ b/conf/machine/t4240qds.conf
@@ -0,0 +1,15 @@
+#@TYPE: Machine
+#@NAME: Freescale T4240QDS
+#@SOC: t4240
+#@DESCRIPTION: Machine configuration for running T4240QDS in 32-bit mode
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e6500.inc
+
+SOC_FAMILY = "t4:t4240"
+UBOOT_MACHINES ?= "T4240QDS T4240QDS_SECURE_BOOT"
+KERNEL_DEVICETREE ?= "t4240qds.dtb t4240qds-usdpaa.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+
diff --git a/conf/machine/t4240rdb-64b.conf b/conf/machine/t4240rdb-64b.conf
new file mode 100644
index 0000000..0974066
--- /dev/null
+++ b/conf/machine/t4240rdb-64b.conf
@@ -0,0 +1,15 @@
+#@TYPE: Machine
+#@NAME: Freescale T4240RDB
+#@SOC: t4240
+#@DESCRIPTION: Machine configuration for running T4240RDB in 64-bit mode
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e6500-64b.inc
+
+SOC_FAMILY = "t4:t4240"
+UBOOT_MACHINES ?= "T4240RDB"
+KERNEL_DEVICETREE ?= "t4240rdb.dtb t4240rdb-usdpaa.dtb t4240rdb-usdpaa-shared-interfaces.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+
diff --git a/conf/machine/t4240rdb.conf b/conf/machine/t4240rdb.conf
new file mode 100644
index 0000000..e4c31f9
--- /dev/null
+++ b/conf/machine/t4240rdb.conf
@@ -0,0 +1,15 @@
+#@TYPE: Machine
+#@NAME: Freescale T4240RDB
+#@SOC: t4240
+#@DESCRIPTION: Machine configuration for running T4240RDB in 32-bit mode
+#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
+
+require conf/machine/include/e6500.inc
+
+SOC_FAMILY = "t4:t4240"
+UBOOT_MACHINES ?= "T4240RDB"
+KERNEL_DEVICETREE ?= "t4240rdb.dtb t4240rdb-usdpaa.dtb t4240rdb-usdpaa-shared-interfaces.dtb"
+KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig"
+
+JFFS2_ERASEBLOCK = "0x10000"
+
diff --git a/custom-licenses/Cortina b/custom-licenses/Cortina
new file mode 100644
index 0000000..a68417c
--- /dev/null
+++ b/custom-licenses/Cortina
@@ -0,0 +1,51 @@
+DEFINITIONS:“Device” is the product described in this document or document set. “Cortina” is Cortina Systems, Inc. 
+“Software” is the software used with the Device, including the Application Programmable Interface (“API”). “You” are a 
+customer, or potential customer, of Devices with whom Cortina has an NDA.
+LICENSE:Subject to the restrictions below, Cortina grants to You a non-exclusive, non-assignable, non-transferable, 
+royalty-free copyright license to (1) copy and modify the source code of the API; (2) incorporate the API in object code 
+form or as a library into Your software which is solely used with Your products (that incorporate the Devices); and (3) 
+distribute to Your customer, inobject code form only, the API.
+RESTRICTIONS:The Software must be used solely in conjunction with the Devices and solely for Your internal 
+evaluation, demonstration, software application development anddistribution for production purposes, either with an 
+Cortina platform that contains the Device or with Your own product that incorporates the Device. Notwithstanding 
+anything to the contrary, the API can be incorporated into Your software as described above and distributed to Your 
+customers in object code form only. You may not distribute the Software as a stand-alone product. You shall not cause 
+the incorporation, modification or distribution of the Software to become subject to any open source licenses. You will 
+make reasonable efforts to discontinue the distribution of any portions of the Software that You are licensed hereunder 
+to distribute upon Cortina’s release of an update, upgrade or new version of the Software. You agree that You are 
+solely responsible for supporting any code which You modify, incorporate or distribute. You may not reverse-assemble, 
+reverse-compile, or otherwise reverse-engineer any Software provided in binary or machine readable form. 
+Distribution of the Software is also subject to the following limitations: You (i) are solely responsible to Your customers 
+for any update or support obligation or other liability which may arise from the modification, incorporation, and 
+distribution of the Software, (ii) do notmake any statement that Your product is“certified,” or that its performance is 
+guaranteed, by Cortina, (iii) do not use Cortina's name or trademarks to market Your product without prior written 
+permission, (iv) shall prohibit disassembly and reverse engineering, and (v) shall indemnify, hold harmless, and defend 
+Cortina and its suppliers from and against any claims or lawsuits, including attorney's fees, that arise or result from 
+Your distribution of any product. 
+OWNERSHIP OF SOFTWARE AND COPYRIGHTS.The title to all copies of the Software remains with Cortina or its 
+suppliers. The Software is copyrighted and protected by the laws of the United States and other countries, and 
+international treaty provisions. You may not remove any copyright notices from the Software. Cortina may make 
+changes to the Software, or to items referenced therein, at any timewithout notice, but is not obligated to support or 
+update the Software. Except as otherwise expressly provided,Cortina grants no express or implied right under Cortina 
+patents, copyrights, trademarks, or other intellectual property rights. 
+DISCLAIMER OF WARRANTIES.THE SOFTWARE IS PROVIDED “AS IS” WITHOUT ANY EXPRESS OR IMPLIED 
+WARRANTY OF ANY KIND. CORTINA AND ITS SUPPLIERSHEREBY DISCLAIM ALL WARRANTIES, INCLUDING 
+ANY IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT, OR FITNESS FOR A PARTICULAR 
+PURPOSE. 
+LIMITATION OF LIABILITY.IN NO EVENT SHALL CORTINA OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES 
+WHATSOEVER (INCLUDING, WITHOUT LIMITATION, LOST PROFITS, BUSINESS INTERRUPTION, OR LOST 
+INFORMATION) ARISING OUT OF THE USE OF OR INABILITY TO USE THE SOFTWARE, EVEN IF CORTINA HAS 
+BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 
+TERMINATION OF THIS LICENSE.Cortina may terminate this license at any time if You violate its terms. Upon 
+termination, You will immediately destroy the Software or return all copies of the Software to Cortina.
+APPLICABLE LAWS.Claims arising under this license shall be governed by the laws of the State of Delaware, 
+excluding its principles of conflict of laws. The provisions of the United Nations Convention on Contracts for the 
+International Sale of Goods shall not apply to this license.You shall not export, either directly or indirectly, any 
+Software or derived object code without first obtaining any required license or other approval from the applicable 
+governmental entity, including the U.S. Department of Commerce or any other agency or department of the United 
+States Government if required. This isthe entire agreement and understanding between You and Cortina relating to 
+this subject matter, and no amendments will be effective unless in a writing signed by both parties.
+GOVERNMENT RESTRICTED RIGHTS.The Software is provided with “RESTRICTED RIGHTS.” Use, duplication, or 
+disclosure by the Government issubject to restrictions as set forth in FAR52.227-14 and DFAR252.227-7013 et seq. or 
+its successor. Use of the Software by the Government constitutes acknowledgment of Cortina's proprietary rights 
+therein. Contractor or Manufacturer is Cortina.
diff --git a/custom-licenses/Freescale-EULA b/custom-licenses/Freescale-EULA
new file mode 100644
index 0000000..2122a1f
--- /dev/null
+++ b/custom-licenses/Freescale-EULA
@@ -0,0 +1,214 @@
+IMPORTANT. Read the following Freescale Software License Agreement ("Agreement")
+completely. By selecting the "I Accept" button at the end of this page, you 
+indicate that you accept the terms of the Freescale Proprietary Software License 
+Agreement and you also acknowledge that you have the authority, on behalf of your
+company, to bind your company to such terms.  You may then download or install the
+file. 
+
+FREESCALE PROPRIETARY  SOFTWARE LICENSE AGREEMENT
+This is a license agreement ("Agreement") between you (either as an individual
+or as an authorized representative acting on behalf of your employer) and Freescale
+Semiconductor, Inc. ("Freescale"). It concerns your rights to use the software 
+provided to you in binary or source code form and any accompanying written materials
+(the "Software"). The Software may include any updates or error corrections or 
+documentation relating to the Software provided to you by Freescale under this 
+License. In consideration for Freescale allowing you to access the Software, you are 
+agreeing to be bound by the terms of this Agreement. If you do not agree to all of 
+the terms of this Agreement, do not download or install the Software. If you change 
+your mind later, stop using the Software and delete all copies of the Software in 
+your possession or control. Any copies of the Software that you have already 
+distributed, where permitted, and do not destroy will continue to be governed by 
+this Agreement. Your prior use will also continue to be governed by this Agreement.
+
+1. LICENSE GRANT. Freescale grants to you, free of charge, the non-exclusive, 
+non-transferable, non-sublicensable right (1) to use the Software, (2) to reproduce 
+the Software, (3) to prepare derivative works of the Software, (4) to distribute the 
+Software and derivative works thereof in object (machine-readable) form as part of 
+a programmable processing unit (e.g. a microprocessor, microcontroller, or digital 
+signal processor) supplied directly or indirectly from Freescale ("Freescale 
+System") and (5) to sublicense to others the right to use the distributed Software, 
+provided that any and all such sublicenses include the same terms and conditions of 
+this Agreement.  Notwithstanding the limitation on damages in Section 8, Licensee 
+will indemnify, defend, and hold harmless Freescale against any and all claims, 
+costs, damages, liabilities, judgments and attorneys' fees resulting from or 
+arising out of any breach by the sublicensee, or resulting from or arising out of 
+any action by the sublicensee inconsistent with this Agreement.  
+You must notify Freescale, in writing, any time you create a derivative of the 
+Software. Freescale owns all derivatives created from the Software, and derivatives
+are licensed to you under the same terms as the Software under this Agreement. Upon
+request, you must provide Freescale the source code of any derivative of the Software.
+If you violate any of the terms or restrictions of this Agreement, Freescale may 
+immediately terminate this Agreement, and require that you stop using and delete all
+copies of the Software and any derivative in your possession or control. Any license
+granted above only extends to Freescale's intellectual property rights that would 
+be necessarily infringed by the Software as provided to you by Freescale and as used
+within the scope of the licenses granted.  You must advise Freescale of any results 
+obtained including any problems or suggested improvements thereof. Freescale retains
+the right to use such results and related information in any manner it deems 
+appropriate.
+
+2. OTHER RESTRICTIONS. Subject to the license grant above, the following restrictions
+ apply:
+
+a. Freescale reserves all rights not expressly granted herein. 
+b. You may not rent, lease, sublicense, lend or encumber the Software, unless 
+   otherwise expressly agreed to within this Agreement 
+c. You may not distribute, manufacture, have manufactured, sublicense or otherwise
+   reproduce the Software for purposes other than intended in this Agreement.
+d. You may not remove or alter any proprietary legends, notices, or trademarks 
+   contained in the Licensed Software,
+e. The terms and conditions of this Agreement will apply to any Software updates, 
+   provided to you at Freescale's discretion, that replace and/or supplement the
+   original Software, unless such update contains a separate license. 
+f. You may not translate, reverse engineer, decompile, or disassemble the Software
+   provided to you solely in object code format (machine readable) except to the 
+   extent applicable law specifically prohibits such restriction.  You will prohibit
+   your sublicensees from translating, reverse engineering, decompiling, or 
+   disassembling the Software except to the extent applicable law specifically 
+   prohibits such restriction.
+
+3. OPEN SOURCE. You are about to download or install certain software that is 
+subject to various open source licenses such as the Apache License, the BSD license,
+the Free Software Foundation General Public License and Lesser General Public 
+License, the Mozilla Public License and others. Your use of such open source 
+software is subject to the terms of each applicable license.  You must agree to the
+terms of each such applicable license, or you should not use the open source software.
+Any open source license that is incompatible with the terms of this Agreement 
+supersedes the terms of this Agreement.  
+
+4. COPYRIGHT. The Software is licensed to you, not sold.  Freescale owns the 
+Software, and United States copyright laws and international treaty provisions 
+protect the Software. Therefore, you must treat the Software like any other 
+copyrighted material (e.g. a book or musical recording). You may not use or 
+copy the Software for any other purpose than what is described in this Agreement.
+Except as expressly provided herein, Freescale does not grant to you any express or
+implied rights under any Freescale or third party patents, copyrights, trademarks, 
+or trade secrets. Additionally, you must reproduce and apply any copyright or other
+proprietary rights notices included on or embedded in the Software to any copies 
+made thereof, in whole or in part, if any.  You may not remove any copyright 
+notices of Freescale incorporated in the Software.
+
+5. TERM AND TERMINATION. The term of this Agreement shall commence on the date 
+of installation or download and shall continue perpetually, unless earlier 
+terminated in accordance with this Agreement. Freescale has the right to terminate
+this Agreement without notice and require that you stop using and delete all copies
+of the Software in your possession or control if you violate any of the terms or 
+restrictions of this Agreement. Freescale may terminate this Agreement should any 
+of the Software become, or in Freescale's reasonable opinion is likely to become, 
+the subject of a claim of intellectual infringement or trade secret misappropriation.
+Upon termination, you must cease use of and destroy, the Software and confirm 
+compliance in writing to Freescale. Upon termination, the license granted pursuant
+to this Agreement immediately terminates and the provisions of Sections 4 through 
+18 will survive any termination of this Agreement. 
+
+6. SUPPORT. Freescale is NOT obligated to provide any support, upgrades or new 
+releases of the Software. If you wish, you may contact Freescale and report problems
+and provide suggestions regarding the Software. Freescale has no obligation 
+whatsoever to respond in any way to such a problem report or suggestion. Freescale 
+may make changes to the Software at any time, without any obligation to notify or 
+provide updated versions of the Software to you.
+
+7. NO WARRANTY. TO THE MAXIMUM EXTENT PERMITTED BY LAW, FREESCALE EXPRESSLY 
+DISCLAIMS ANY WARRANTY FOR THE SOFTWARE. THE SOFTWARE IS PROVIDED "AS IS", 
+WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT 
+LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 
+PURPOSE, OR NON-INFRINGEMENT. YOU ASSUME THE ENTIRE RISK ARISING OUT OF THE USE 
+OR PERFORMANCE OF THE SOFTWARE, OR ANY SYSTEMS YOU DESIGN USING THE SOFTWARE (IF 
+ANY). NOTHING IN THIS AGREEMENT MAY BE CONSTRUED AS A WARRANTY OR REPRESENTATION 
+BY FREESCALE THAT THE SOFTWARE OR ANY DERIVATIVE WORK DEVELOPED WITH OR INCORPORATING
+THE SOFTWARE WILL BE FREE FROM INFRINGEMENT OF THE INTELLECTUAL PROPERTY RIGHTS OF
+THIRD PARTIES. 
+
+8. INDEMNITY. You agree to fully defend and indemnify Freescale from any and all 
+claims, liabilities, and costs (including reasonable attorney's fees) related to
+(1) your use (including your sublicensee's use, if permitted) of the Software or 
+(2) your violation of the terms and conditions of this Agreement.
+
+9. LIMITATION OF LIABILITY. IN NO EVENT WILL FREESCALE BE LIABLE, WHETHER IN 
+CONTRACT, TORT, OR OTHERWISE, FOR ANY INCIDENTAL, SPECIAL, INDIRECT, CONSEQUENTIAL
+OR PUNITIVE DAMAGES, INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR ANY LOSS OF USE, 
+LOSS OF TIME, INCONVENIENCE, COMMERCIAL LOSS, OR LOST PROFITS, SAVINGS, OR REVENUES
+TO THE FULL EXTENT SUCH MAY BE DISCLAIMED BY LAW EVEN IF INFORMED IN ADVANCE OF THE
+POSSIBILITY OF SUCH DAMAGES.  FREESCALE'S LIABILITY WILL IN ANY EVENT AND UNDER ANY
+THEORY OF RECOVERY BE LIMITED TO THE TOTAL AMOUNT RECEIVED BY FREESCALE UNDER THIS 
+AGREEMENT.  
+
+10. COMPLIANCE WITH LAWS; EXPORT RESTRICTIONS. You must not resell, re-export, or 
+provide, directly or indirectly, the licensed software or direct product thereof, 
+in any form without obtaining appropriate export or re-export licenses from the 
+United States Government and from the country from which the export or re-export 
+is to occur. An export occurs when products, technology, or software is transferred
+from one country to another by any means, including physical shipments, FTP file 
+transfers, E-mails, faxes, remote server access, conversations, and the like.  An
+export also occurs when technology or software is transferred to a foreign national
+in the United States, or foreign national of the country in which the business 
+activity is taking place.  A foreign national is any person who is neither a citizen 
+nor permanent resident of the United States, or the country in which the business 
+activity is taking place. Furthermore, if an export/import license, permit or other 
+government required authority (collectively referred to as "government 
+authorization") is required to transfer technology, software, hardware or other 
+Freescale property to non- Freescale party(ies) and is not approved, then Freescale
+is not obligated to transfer the Software under this Agreement until such 
+"government authorization" is granted..
+
+11. GOVERNMENT RIGHTS. The Licensed Software is a "Commercial Item as defined in
+48 C.F.R. $2.101, consisting of "Commercial Computer Software" and "Commercial 
+Computer Software Documentation," as such terms are used in 48 C.F.R. $ 12.212 or
+48 C.F.R. $227.7202, as applicable and are only licensed to U.S. Government end 
+users with the rights as are set forth herein..
+
+12. HIGH RISK ACTIVITIES.  You acknowledge that the Software is not fault tolerant 
+and is not designed, manufactured or intended by Freescale for incorporation into 
+products intended for use or resale in on-line control equipment in hazardous, 
+dangerous to life or potentially life-threatening environments requiring fail-safe
+ performance, such as in the operation of nuclear facilities, aircraft navigation
+ or communication systems, air traffic control, direct life support machines or 
+weapons systems, in which the failure of products could lead directly to death, 
+personal injury or severe physical or environmental damage ("High Risk Activities").
+ You specifically represent and warrant that you will not use the Software or any 
+derivative work of the Software for High Risk Activities. 
+
+13. CHOICE OF LAW; VENUE; LIMITATIONS. You agree that the statutes and laws of the
+United States and the State of Texas, USA, without regard to conflicts of laws 
+principles, will apply to all matters relating to this Agreement or the Software, 
+and you agree that any litigation will be subject to the exclusive jurisdiction of
+the state or federal courts in Texas, USA.  You agree that regardless of any 
+statute or law to the contrary, any claim or cause of action arising out of or 
+related to this Agreement or the Software must be filed within one (1) year after
+such claim or cause of action arose or be forever barred.
+
+14. CONFIDENTIAL INFORMATION.  You must treat the Software as confidential 
+information and you agree to retain the Software in confidence perpetually, with
+respect to Software in source code form (human readable), or for a period of five
+(5) years from the date of termination of this Agreement, with respect to all other
+parts of the Software.  During this period you may not disclose any part of the 
+Software to anyone other than employees who have a need to know of the Software and
+ who have executed written agreements obligating them to protect such Licensed 
+Software to at least the same degree of care as in this Agreement.  You agree to use
+ the same degree of care, but no less than a reasonable degree of care, with the 
+Software as you do with your own confidential information. You may disclose Software
+ to the extent required by a court or under operation of law or order provided that
+ you notify Freescale of such requirement prior to disclosure, which you only 
+disclose information required, and that you allow Freescale the opportunity to 
+object to such court or other legal body requiring such disclosure.
+
+15. PRODUCT LABELING. You are not authorized to use any Freescale trademarks,
+brand names, or logos.
+
+16. ENTIRE AGREEMENT. This Agreement constitutes the entire agreement between you
+and Freescale regarding the subject matter of this Agreement, and supersedes all
+prior communications, negotiations, understandings, agreements or representations, 
+either written or oral, if any.  This Agreement may only be amended in written form,
+executed by you and Freescale.
+
+17. SEVERABILITY. If any provision of this Agreement is held for any reason to be 
+invalid or unenforceable, then the remaining provisions of this Agreement will be 
+unimpaired and, unless a modification or replacement of the invalid or unenforceable 
+provision is further held to deprive you or Freescale of a material benefit, in 
+which case the Agreement will immediately terminate, the invalid or unenforceable 
+provision will be replaced with a provision that is valid and enforceable and that
+comes closest to the intention underlying the invalid or unenforceable provision.
+
+18. NO WAIVER.  The waiver by Freescale of any breach of any provision of this 
+Agreement will not operate or be construed as a waiver of any other or a subsequent
+breach of the same or a different provision.
diff --git a/custom-licenses/TestFloat b/custom-licenses/TestFloat
new file mode 100644
index 0000000..1a1a23f
--- /dev/null
+++ b/custom-licenses/TestFloat
@@ -0,0 +1,24 @@
+Written by John R. Hauser.  This work was made possible in part by the
+International Computer Science Institute, located at Suite 600, 1947 Center
+Street, Berkeley, California 94704.  Funding was partially provided by the
+National Science Foundation under grant MIP-9311980.  The original version
+of this code was written as part of a project to build a fixed-point vector
+processor in collaboration with the University of California at Berkeley,
+overseen by Profs. Nelson Morgan and John Wawrzynek.  More information
+is available through the Web page `http://www.cs.berkeley.edu/~jhauser/
+arithmetic/SoftFloat.html'.
+
+THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE.  Although reasonable effort has
+been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT TIMES
+RESULT IN INCORRECT BEHAVIOR.  USE OF THIS SOFTWARE IS RESTRICTED TO PERSONS
+AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ALL LOSSES,
+COSTS, OR OTHER PROBLEMS THEY INCUR DUE TO THE SOFTWARE, AND WHO FURTHERMORE
+EFFECTIVELY INDEMNIFY JOHN HAUSER AND THE INTERNATIONAL COMPUTER SCIENCE
+INSTITUTE (possibly via similar legal warning) AGAINST ALL LOSSES, COSTS, OR
+OTHER PROBLEMS INCURRED BY THEIR CUSTOMERS AND CLIENTS DUE TO THE SOFTWARE.
+
+Derivative works are acceptable, even for commercial purposes, so long as
+(1) the source code for the derivative work includes prominent notice that
+the work is derivative, and (2) the source code includes prominent notice with
+these four paragraphs for those parts of this code that are retained.
+
diff --git a/openembedded-layer/recipes-devtools/luajit/luajit/ppc-fixplt.patch b/openembedded-layer/recipes-devtools/luajit/luajit/ppc-fixplt.patch
new file mode 100644
index 0000000..b9f17f4
--- /dev/null
+++ b/openembedded-layer/recipes-devtools/luajit/luajit/ppc-fixplt.patch
@@ -0,0 +1,105 @@
+Upstream-Status: Unknown
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+libluajit is having symbols that can't be
+resolved the reloc cannot accommodate an offset greater than 24 bits.
+
+Looking at libluajit with readelf -r, you see a bunch of entries that look like:
+        000082f0  00003c0a R_PPC_REL24       00000000   sqrt + 0
+
+These should not occur when the code is compiled and linked with -fPIC.
+
+It turns out that libluajit *is* compiled and linked with -fPIC, however...
+There is one assembler file called lj_vm.s which is generated during the build.
+This file is missing the `@plt' qualifier from external references.
+
+This file is generated by a program called buildvm.  This in turn uses tables
+in a file called buildvm_arch.h which is generated by dynasm.lua.
+
+Index: LuaJIT-2.0.1/src/host/buildvm.c
+===================================================================
+--- LuaJIT-2.0.1.orig/src/host/buildvm.c        2013-02-19 12:15:00.000000000 -0800
++++ LuaJIT-2.0.1/src/host/buildvm.c     2013-05-14 20:26:05.933444512 -0700
+@@ -107,12 +107,14 @@
+ #endif
+   sprintf(name, "%s%s%s", symprefix, prefix, suffix);
+   p = strchr(name, '@');
++#if 0
+   if (p) {
+     if (!LJ_64 && (ctx->mode == BUILD_coffasm || ctx->mode == BUILD_peobj))
+       name[0] = '@';
+     else
+       *p = '\0';
+   }
++#endif
+   p = (char *)malloc(strlen(name)+1);  /* MSVC doesn't like strdup. */
+   strcpy(p, name);
+   return p;
+Index: LuaJIT-2.0.1/src/vm_ppcspe.dasc
+===================================================================
+--- LuaJIT-2.0.1.orig/src/vm_ppcspe.dasc        2013-02-19 12:15:00.000000000 -0800
++++ LuaJIT-2.0.1/src/vm_ppcspe.dasc     2013-05-14 20:26:05.937444512 -0700
+@@ -1390,7 +1390,7 @@
+   |  checknum CARG2
+   |   evmergehi CARG1, CARG2, CARG2
+   |  checkfail ->fff_fallback
+-  |  bl extern func
++  |  bl extern func@plt
+   |  evmergelo CRET1, CRET1, CRET2
+   |  b ->fff_restv
+   |.endmacro
+@@ -1405,7 +1405,7 @@
+   |  checknum CARG1
+   |   evmergehi CARG3, CARG4, CARG4
+   |  checkanyfail ->fff_fallback
+-  |  bl extern func
++  |  bl extern func@plt
+   |  evmergelo CRET1, CRET1, CRET2
+   |  b ->fff_restv
+   |.endmacro
+@@ -1437,7 +1437,7 @@
+   |  checknum CARG2
+   |   evmergehi CARG1, CARG2, CARG2
+   |  checkfail ->fff_fallback
+-  |  bl extern log
++  |  bl extern log@plt
+   |  evmergelo CRET1, CRET1, CRET2
+   |  b ->fff_restv
+   |
+@@ -1471,7 +1471,7 @@
+   |  checknum CARG1
+   |  checkanyfail ->fff_fallback
+   |  efdctsi CARG3, CARG4
+-  |  bl extern ldexp
++  |  bl extern ldexp@plt
+   |  evmergelo CRET1, CRET1, CRET2
+   |  b ->fff_restv
+   |
+@@ -1484,7 +1484,7 @@
+   |  checkfail ->fff_fallback
+   |  la CARG3, DISPATCH_GL(tmptv)(DISPATCH)
+   |   lwz PC, FRAME_PC(BASE)
+-  |  bl extern frexp
++  |  bl extern frexp@plt
+   |   lwz TMP1, DISPATCH_GL(tmptv)(DISPATCH)
+   |  evmergelo CRET1, CRET1, CRET2
+   |   efdcfsi CRET2, TMP1
+@@ -1503,7 +1503,7 @@
+   |  checkfail ->fff_fallback
+   |  la CARG3, -8(BASE)
+   |   lwz PC, FRAME_PC(BASE)
+-  |  bl extern modf
++  |  bl extern modf@plt
+   |  evmergelo CRET1, CRET1, CRET2
+   |   la RA, -8(BASE)
+   |  evstdd CRET1, 0(BASE)
+@@ -2399,7 +2399,7 @@
+     |  checknum CARG1
+     |   evmergehi CARG3, CARG4, CARG4
+     |  checkanyfail ->vmeta_arith_vv
+-    |  bl extern pow
++    |  bl extern pow@plt
+     |  evmergelo CRET2, CRET1, CRET2
+     |  evstddx CRET2, BASE, RA
+     |  ins_next
diff --git a/openembedded-layer/recipes-devtools/luajit/luajit_%.bbappend b/openembedded-layer/recipes-devtools/luajit/luajit_%.bbappend
new file mode 100644
index 0000000..8c6138c
--- /dev/null
+++ b/openembedded-layer/recipes-devtools/luajit/luajit_%.bbappend
@@ -0,0 +1,4 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"
+
+SRC_URI_append_qoriq-ppc = " file://ppc-fixplt.patch "
+
diff --git a/recipes-bsp/apptrk/apptrk_git.bb b/recipes-bsp/apptrk/apptrk_git.bb
new file mode 100644
index 0000000..09d5de5
--- /dev/null
+++ b/recipes-bsp/apptrk/apptrk_git.bb
@@ -0,0 +1,20 @@
+DESCRIPTION = "Userspace debug agent for PA CodeWarrior"
+LICENSE = "Freescale-EULA"
+LIC_FILES_CHKSUM = "file://COPYING;md5=95560debfde180684364319811cc1421"
+
+DEPENDS = "elfutils"
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/apptrk.git;nobranch=1"
+SRCREV = "cbed10997c5e2a4aaa004fb0e1efec858bf1bbe1"
+
+S = "${WORKDIR}/git"
+
+CFLAGS += " -I${STAGING_INCDIR} -ISource/Linux -ISource/Portable \
+                 -ISource/Linux_PA -ISource/PA -DPPC \
+"
+CFLAGS_append_powerpc64 = " -DENABLE_64BIT_SUPPORT"
+
+do_install() {
+        install -d ${D}/usr/bin
+        oe_runmake install DESTDIR=${D}
+}
diff --git a/recipes-bsp/boot-format/boot-format/flags.patch b/recipes-bsp/boot-format/boot-format/flags.patch
new file mode 100644
index 0000000..cddb34c
--- /dev/null
+++ b/recipes-bsp/boot-format/boot-format/flags.patch
@@ -0,0 +1,21 @@
+Index: git/Makefile
+===================================================================
+--- git.orig/Makefile
++++ git/Makefile
+@@ -3,14 +3,14 @@
+ INSTALL=install
+ PREFIX=/usr
+ 
+-CFLAGS=-Wall
++override CFLAGS+=-Wall
+ 
+ all: boot_format
+ 
+ boot_format.o: boot_format.c boot_format.h
+ 
+ boot_format: boot_format.o
+-       $(CC) $< -o $@
++       $(CC) $(CFLAGS) $< -o $@ $(LDFLAGS)
+ 
+ install: boot_format
+        $(INSTALL) -d $(DESTDIR)$(PREFIX)/bin
diff --git a/recipes-bsp/boot-format/boot-format_git.bb b/recipes-bsp/boot-format/boot-format_git.bb
new file mode 100644
index 0000000..2d9f9b1
--- /dev/null
+++ b/recipes-bsp/boot-format/boot-format_git.bb
@@ -0,0 +1,20 @@
+DESCRIPTION = "Boot format utility for booting from eSDHC/eSPI"
+LICENSE = "GPLv2"
+PR = "r6"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/boot-format.git;nobranch=1 \
+           file://flags.patch"
+SRCREV = "4eb81a6797ef4e58bf7d9b2d58afb37a21c1f550"
+
+S = "${WORKDIR}/git"
+EXTRA_OEMAKE = 'CC="${CC}" CFLAGS="${CFLAGS}" LDFLAGS="${LDFLAGS}"'
+
+do_install(){
+        oe_runmake DESTDIR=${D} PREFIX=${prefix} install
+}
+
+PACKAGES =+ "${PN}-config"
+FILES_${PN}-config += "${datadir}/*"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/recipes-bsp/ipc/ipc-ust_git.bb b/recipes-bsp/ipc/ipc-ust_git.bb
new file mode 100644
index 0000000..c6b3cfe
--- /dev/null
+++ b/recipes-bsp/ipc/ipc-ust_git.bb
@@ -0,0 +1,50 @@
+SUMMARY = "Linux IPC Userspace Tool"
+DESCRIPTION = "DSP boot application and ipc test application"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://COPYING;md5=fa38cd73d71527dc6efb546474f64d10"
+
+require ipc.inc
+
+S = "${WORKDIR}/git"
+
+# workaround for issue of parallel build, required a actual fix in ipc source
+PARALLEL_MAKE = ""
+
+EXTRA_OEMAKE = 'CROSS_COMPILE="${TARGET_PREFIX}" CC="${CC}" AR="${AR}"'
+
+do_compile () {
+    case ${MACHINE} in
+        bsc9132qds|bsc9131rdb) SOC=B913x;;
+        b4860qds|b4420qds|b4860qds-64b) SOC=B4860;;
+    esac
+    oe_runmake ${SOC}=1
+}
+
+do_install () {
+    install -d ${D}${bindir}
+    install -d ${D}${includedir}
+    install -d ${D}/ipc
+    install -m 755 ${S}/dsp_boot/dsp_bt ${D}/ipc
+    install -m 755 ${S}/ipc/ipc_test ${D}/ipc
+    install -m 755 ${S}/ipc/ipc_test67 ${D}/ipc
+    install -m 755 ${S}/ipc/l1d_app ${D}/ipc
+    install -m 755 ${S}/fsl_shm/app ${D}${bindir}/lg_shm_test
+    install -d ${D}${base_libdir}
+    install -m 755 ${S}/ipc/libipc.so ${D}${base_libdir}
+    install -m 755 ${S}/ipc/libmem.so ${D}${base_libdir}
+    install -m 755 ${S}/ipc/libdspboot.so  ${D}${base_libdir}
+    install -d ${D}${includedir}/ipc
+    install -d ${D}${includedir}/ipc/ipc/include
+    install -d ${D}${includedir}/ipc/fsl_shm/lib
+    install ${S}/ipc/include/*.h ${D}${includedir}/ipc/ipc/include
+    install ${S}/dsp_boot/*.h ${D}${includedir}/ipc/ipc/include
+    install ${S}/kernel/fsl_ipc_types.h ${D}${includedir}/ipc/ipc/include
+    install ${S}/kernel/fsl_heterogeneous_common.h ${D}${includedir}/ipc/ipc/include
+    install ${S}/kernel/fsl_heterogeneous_l1_defense.h ${D}${includedir}/ipc/ipc/include
+    install ${S}/fsl_shm/include/*.h ${D}${includedir}/ipc/ipc/include
+    install ${S}/fsl_shm/lib/*.h ${D}${includedir}/ipc/fsl_shm/lib
+}
+
+FILES_${PN} += "/ipc/*"
+FILES_${PN}-dbg += "/ipc/.debug"
+
diff --git a/recipes-bsp/ipc/ipc.inc b/recipes-bsp/ipc/ipc.inc
new file mode 100644
index 0000000..547771a
--- /dev/null
+++ b/recipes-bsp/ipc/ipc.inc
@@ -0,0 +1,7 @@
+DEPENDS = "virtual/kernel"
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/ipc.git;nobranch=1"
+SRCREV = "c9c92ac6a7a31c9d878096eb7d135c22a38f20ff"
+
+COMPATIBLE_MACHINE = "(bsc9132qds|bsc9131rdb|b4860qds|b4420qds)"
+
diff --git a/recipes-bsp/pkc-firmware/pkc-firmware_git.bb b/recipes-bsp/pkc-firmware/pkc-firmware_git.bb
new file mode 100644
index 0000000..3cc5d44
--- /dev/null
+++ b/recipes-bsp/pkc-firmware/pkc-firmware_git.bb
@@ -0,0 +1,41 @@
+DESCRIPTION = "U-boot firmware for c293pcie support "
+HOMEPAGE = "http://u-boot.sf.net"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=1707d6db1d42237583f50183a5651ecb"
+
+INHIBIT_DEFAULT_DEPS = "1"
+DEPENDS = "virtual/${TARGET_PREFIX}gcc libgcc"
+
+inherit deploy
+
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/pkc-firmware.git;nobranch=1"
+SRCREV = "b891873c1eea7a7d53f9472ea601712897cb17b7"
+
+S = "${WORKDIR}/git"
+
+EXTRA_OEMAKE = 'CROSS_COMPILE=${TARGET_PREFIX} CC="${TARGET_PREFIX}gcc ${TOOLCHAIN_OPTIONS}"'
+
+do_compile () {
+    unset LDFLAGS
+    unset CFLAGS
+    unset CPPFLAGS
+    oe_runmake C293QDS_36BIT_SDCARD
+}
+
+do_install(){
+    install -d ${D}${sysconfdir}/crypto/
+    install ${S}/u-boot.bin ${D}${sysconfdir}/crypto/pkc-firmware.bin
+}
+
+do_deploy(){
+    install -d ${DEPLOYDIR}/pkc-firmware
+    install ${S}/u-boot.bin ${DEPLOYDIR}/pkc-firmware/pkc-firmware.bin
+}
+
+addtask deploy after do_install
+
+FILES_{PN} += "/etc/crypto/pkc-firmware.bin"
+COMPATIBLE_MACHINE = "(c293pcie)"
+
diff --git a/recipes-bsp/qe-ucode/qe-ucode_git.bb b/recipes-bsp/qe-ucode/qe-ucode_git.bb
new file mode 100644
index 0000000..028d9bc
--- /dev/null
+++ b/recipes-bsp/qe-ucode/qe-ucode_git.bb
@@ -0,0 +1,35 @@
+DESCRIPTION = "qe microcode binary"
+SECTION = "qe-ucode"
+LICENSE = "Freescale-EULA"
+LIC_FILES_CHKSUM = "file://EULA;md5=60037ccba533a5995e8d1a838d85799c"
+
+python () {
+    if not d.getVar("QE_UCODE", True):
+        machine = d.getVar("MACHINE", True)
+        raise bb.parse.SkipPackage("QE_UCODE not set in \
+            meta-fsl-ppc/conf/machine/%s.conf" % machine)
+}
+
+inherit deploy
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/qe-ucode.git;nobranch=1"
+SRCREV= "49efc94b553de5c2a9bd28093592eff0068e161c"
+
+S = "${WORKDIR}/git"
+
+do_install () {
+    install -d ${D}/boot
+    install -m 644 ${QE_UCODE} ${D}/boot/
+}
+
+do_deploy () {
+    install -d ${DEPLOYDIR}/boot
+    install -m 644 ${QE_UCODE} ${DEPLOYDIR}/boot/
+}
+addtask deploy before do_build after do_install
+
+PACKAGES += "${PN}-image"
+FILES_${PN}-image += "/boot/*"
+ALLOW_EMPTY_${PN} = "1"
+COMPATIBLE_MACHINE = "(p1021rdb|p1025twr|t1)"
+
diff --git a/recipes-bsp/rcw/rcw_git.bb b/recipes-bsp/rcw/rcw_git.bb
new file mode 100644
index 0000000..97ffcb8
--- /dev/null
+++ b/recipes-bsp/rcw/rcw_git.bb
@@ -0,0 +1,47 @@
+DESCRIPTION = "Reset Control Words (RCW)"
+SECTION = "rcw"
+LICENSE = "BSD"
+PR = "r8"
+
+LIC_FILES_CHKSUM = "file://rcw.py;beginline=8;endline=28;md5=9ba0b28922dd187b06b6c8ebcfdd208e"
+
+# this package is specific to the machine itself
+INHIBIT_DEFAULT_DEPS = "1"
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+
+inherit deploy
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/rcw.git;nobranch=1"
+SRCREV = "3e89f378ed70e9b856756de8c3dbdfccb045fa0c"
+
+S = "${WORKDIR}/git"
+
+export PYTHON
+
+do_install () {
+    make install
+
+    M=`echo ${MACHINE} | sed s/-prt//g | sed s/-64b//g`
+    if [ "t1042rdb" = "${M}" ] || [ "t1042rdb-pi" = "${M}" ];then
+        M=t1042rdb_pi
+    fi
+    install -d ${D}/boot/rcw
+    cp -r ${S}/${M}/${M}/* ${D}/boot/rcw
+}
+
+do_deploy () {
+    M=`echo ${MACHINE} | sed s/-prt//g | sed s/-64b//g`
+    if [ "t1042rdb" = "${M}" ] || [ "t1042rdb-pi" = "${M}" ];then
+        M=t1042rdb_pi
+    fi
+    install -d ${DEPLOYDIR}/rcw
+    cp -r ${S}/${M}/${M}/* ${DEPLOYDIR}/rcw
+}
+addtask deploy after do_install
+
+PACKAGES += "${PN}-image"
+FILES_${PN}-image += "/boot"
+
+COMPATIBLE_HOST_qoriq-ppc = ".*"
+COMPATIBLE_HOST ?= "(none)"
+ALLOW_EMPTY_${PN} = "1"
diff --git a/recipes-bsp/u-boot/files/Fix-the-depend-race-issue.patch b/recipes-bsp/u-boot/files/Fix-the-depend-race-issue.patch
new file mode 100644
index 0000000..1ddc667
--- /dev/null
+++ b/recipes-bsp/u-boot/files/Fix-the-depend-race-issue.patch
@@ -0,0 +1,38 @@
+Upstream-Status: Pending
+
+From 301832414369b749918e0d5db850eed19b81c0fc Mon Sep 17 00:00:00 2001
+From: Zhenhua Luo <zhenhua.luo@freescale.com>
+Date: Tue, 24 Sep 2013 00:54:40 -0500
+Subject: [PATCH] Fix the depend race issue
+
+| make[3]: Entering directory `/srv/home/pokybuild/yocto-autobuilder-new/yocto-slave/nightly-fsl-ppc/build/build/tmp/work/p1022ds-poky-linux-gnuspe/u-boot/git-r30/git/arch/powerpc/cpu/mpc85xx'
+| /srv/home/pokybuild/yocto-autobuilder-new/yocto-slave/nightly-fsl-ppc/build/build/tmp/work/p1022ds-poky-linux-gnuspe/u-boot/git-r30/git/P1022DS_NAND/spl/arch/powerpc/cpu/mpc85xx/.depend:125: *** missing separator.  Stop.
+| make[3]: Leaving directory `/srv/home/pokybuild/yocto-autobuilder-new/yocto-slave/nightly-fsl-ppc/build/build/tmp/work/p1022ds-poky-linux-gnuspe/u-boot/git-r30/git/arch/powerpc/cpu/mpc85xx'
+| make[2]: *** [/srv/home/pokybuild/yocto-autobuilder-new/yocto-slave/nightly-fsl-ppc/build/build/tmp/work/p1022ds-poky-linux-gnuspe/u-boot/git-r30/git/P1022DS_NAND/spl/arch/powerpc/cpu/mpc85xx/start.o] Error 2
+| make[2]: *** Waiting for unfinished jobs....
+
+Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com>
+---
+ spl/Makefile | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/spl/Makefile b/spl/Makefile
+index 6dbb105..3156d87 100644
+--- a/spl/Makefile
++++ b/spl/Makefile
+@@ -185,7 +185,11 @@ $(eval $(call make_u_boot_list, $(obj)u-boot.lst, $(LIBS)))
+ $(obj)u-boot-spl.lds: $(LDSCRIPT) $(obj)u-boot.lst depend
+        $(CPP) $(CPPFLAGS) $(LDPPFLAGS) -I$(obj). -ansi -D__ASSEMBLY__ -P - < $< > $@
+ 
+-depend:        $(obj).depend
++# Explicitly make _depend in subdirs containing multiple targets to prevent
++# parallel sub-makes creating .depend files simultaneously.
++depend dep:    $(obj).depend
++               for dir in $(SUBDIRS) $(CPUDIR) $(LDSCRIPT_MAKEFILE_DIR) ; do \
++                       $(MAKE) -C $(SRCTREE)/$$dir _depend ; done
+ .PHONY: depend
+ 
+ # defines $(obj).depend target
+-- 
+1.8.2.1
+
diff --git a/recipes-bsp/u-boot/u-boot-qoriq_2014.07.bb b/recipes-bsp/u-boot/u-boot-qoriq_2014.07.bb
new file mode 100644
index 0000000..b780658
--- /dev/null
+++ b/recipes-bsp/u-boot/u-boot-qoriq_2014.07.bb
@@ -0,0 +1,187 @@
+DESCRIPTION = "U-boot bootloader"
+HOMEPAGE = "http://u-boot.sf.net"
+SECTION = "bootloaders"
+PROVIDES = "virtual/bootloader u-boot"
+LICENSE = "GPLv2 & BSD-3-Clause & BSD-2-Clause & LGPL-2.0 & LGPL-2.1"
+LIC_FILES_CHKSUM = " \
+    file://Licenses/gpl-2.0.txt;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+    file://Licenses/bsd-2-clause.txt;md5=6a31f076f5773aabd8ff86191ad6fdd5 \
+    file://Licenses/bsd-3-clause.txt;md5=4a1190eac56a9db675d58ebe86eaf50c \
+    file://Licenses/lgpl-2.0.txt;md5=5f30f0716dfdd0d91eb439ebec522ec2 \
+    file://Licenses/lgpl-2.1.txt;md5=4fbd65380cdd255951079008b364516c \
+"
+
+PV = "2014.07+fslgit"
+INHIBIT_DEFAULT_DEPS = "1"
+DEPENDS = "boot-format-native libgcc ${@base_contains('TCMODE', 'external-fsl', '', 'virtual/${TARGET_PREFIX}gcc', d)}"
+
+inherit deploy
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/u-boot.git;nobranch=1"
+SRCREV = "659b6a23a8b1f3026200bc6352dbacef53f4dcb1"
+
+python () {
+    if d.getVar("TCMODE", True) == "external-fsl":
+        return
+
+    ml = d.getVar("MULTILIB_VARIANTS", True)
+    arch = d.getVar("OVERRIDES", True)
+
+    if "e5500-64b:" in arch or "e6500-64b:" in arch:
+        if not "lib32" in ml:
+            raise bb.parse.SkipPackage("Building the u-boot for this arch requires multilib to be enabled")
+        sys_multilib = 'powerpc' + d.getVar('TARGET_VENDOR') + 'mllib32-' + d.getVar('HOST_OS')
+        d.setVar('DEPENDS_append', ' lib32-gcc-cross-powerpc lib32-libgcc')
+        d.setVar('PATH_append', ':' + d.getVar('STAGING_BINDIR_NATIVE') + '/' + sys_multilib)
+        d.setVar('TOOLCHAIN_OPTIONS_append', '/../lib32-' + d.getVar("MACHINE"))
+        d.setVar("WRAP_TARGET_PREFIX", sys_multilib + '-')
+}
+
+WRAP_TARGET_PREFIX ?= "${TARGET_PREFIX}"
+
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+
+UBOOT_LOCALVERSION = "${@d.getVar('SDK_VERSION', True).partition(' ')[0]}"
+
+USRC ?= ""
+S = '${@base_conditional("USRC", "", "${WORKDIR}/git", "${USRC}", d)}'
+
+EXTRA_OEMAKE = 'CROSS_COMPILE=${WRAP_TARGET_PREFIX} CC="${WRAP_TARGET_PREFIX}gcc ${TOOLCHAIN_OPTIONS}"'
+
+do_compile () {
+    unset LDFLAGS
+    unset CFLAGS
+    unset CPPFLAGS
+
+    if [ ! -e ${B}/.scmversion -a ! -e ${S}/.scmversion ]
+    then
+        head=`git rev-parse --verify --short HEAD 2> /dev/null`
+        printf "%s%s%s" ${UBOOT_LOCALVERSION} +g $head > ${B}/.scmversion
+        printf "%s%s%s" ${UBOOT_LOCALVERSION} +g $head > ${S}/.scmversion
+    fi
+
+    if [ "x${UBOOT_MACHINES}" = "x" ]; then
+        UBOOT_MACHINES=${UBOOT_MACHINE}
+    fi
+
+    for board in ${UBOOT_MACHINES}; do
+        if ! grep -wq $board ${S}/boards.cfg;then
+            echo "WARNING: $board not supported in boards.cfg"
+            continue
+        fi
+
+        oe_runmake O=${board} distclean
+        oe_runmake O=${board} ${board}_config
+        oe_runmake O=${board} all
+
+        case "${board}" in
+            *SDCARD*)   UBOOT_TARGET="u-boot-sd";;
+            *SPIFLASH*) UBOOT_TARGET="u-boot-spi";;
+            *NAND*)     UBOOT_TARGET="u-boot-nand";;
+            *SRIO*)     UBOOT_TARGET="u-boot-srio";;
+            *)      UBOOT_TARGET="";;
+        esac
+
+        # deal with sd/spi/nand/srio image
+        UBOOT_SOURCE=u-boot.bin
+        if [ "x${UBOOT_TARGET}" != "x" ] && echo $board |egrep -qi "SECBOOT|SECURE"; then
+            cp ${S}/${board}/${UBOOT_SOURCE}  ${S}/${board}/${UBOOT_TARGET}.bin
+        elif [ "x${UBOOT_TARGET}" != "x" ]; then
+            # some boards' final binary was not named as u-boot.bin
+            if [ "${UBOOT_TARGET}" = "u-boot-nand" ];then
+                if echo $board |egrep -q "^(BSC|C29|P10|P2020RDB)";then
+                    UBOOT_SOURCE=u-boot-with-spl.bin
+                elif echo $board |egrep -q "^(B4|T1|T2|T4)";then
+                    UBOOT_SOURCE=u-boot-with-spl-pbl.bin
+                elif echo $board |egrep -q "^(P2041|P3|P4|P5)";then
+                    UBOOT_SOURCE=u-boot.pbl
+                fi
+            elif [ "${UBOOT_TARGET}" = "u-boot-spi" ];then
+                if echo $board |egrep -q "^(P10|P2020RDB)";then
+                    UBOOT_SOURCE=u-boot-with-spl.bin
+                elif echo $board |egrep -q "^(T1|T2)";then
+                    UBOOT_SOURCE=u-boot-with-spl-pbl.bin
+                elif echo $board |egrep -q "^(B4|P2041|P3|P4|P5|T4)";then
+                    UBOOT_SOURCE=u-boot.pbl
+                fi
+            elif [ "${UBOOT_TARGET}" = "u-boot-sd" ];then
+                if echo $board |egrep -q "^(P10|P2020RDB)";then
+                    UBOOT_SOURCE=u-boot-with-spl.bin
+                elif echo $board |egrep -q "^(B4|T1|T2|T4)";then
+                    UBOOT_SOURCE=u-boot-with-spl-pbl.bin
+                elif echo $board |egrep -q "^(P2041|P3|P4|P5)";then
+                    UBOOT_SOURCE=u-boot.pbl
+                fi
+            fi
+            cp ${S}/${board}/${UBOOT_SOURCE}  ${S}/${board}/${UBOOT_TARGET}.bin
+
+            # use boot-format to regenerate spi image if BOOTFORMAT_CONFIG is not empty
+            if [ "${UBOOT_TARGET}" = "u-boot-spi" ] && [ -n "${BOOTFORMAT_CONFIG}" ];then
+                ${STAGING_BINDIR_NATIVE}/boot_format \
+                ${STAGING_DATADIR_NATIVE}/boot_format/${BOOTFORMAT_CONFIG} \
+                ${S}/${board}/${UBOOT_SOURCE} -spi ${S}/${board}/${UBOOT_TARGET}.bin
+            fi
+        fi
+    done
+}
+
+do_install(){
+    if [ "x${UBOOT_MACHINES}" = "x" ]; then
+        UBOOT_MACHINES=${UBOOT_MACHINE}
+    fi
+
+    for board in ${UBOOT_MACHINES}; do
+        if ! grep -wq $board ${S}/boards.cfg;then
+            continue
+        fi
+
+        case "${board}" in
+            *SDCARD*)   UBOOT_TARGET="u-boot-sd";;
+            *SPIFLASH*) UBOOT_TARGET="u-boot-spi";;
+            *NAND*)     UBOOT_TARGET="u-boot-nand";;
+            *SRIO*)     UBOOT_TARGET="u-boot-srio";;
+            *)      UBOOT_TARGET="u-boot";;
+        esac
+
+        if [ -f ${S}/${board}/${UBOOT_TARGET}.bin ]; then
+            mkdir -p ${D}/boot/
+            install ${S}/${board}/${UBOOT_TARGET}.bin ${D}/boot/${UBOOT_TARGET}-${board}-${PV}-${PR}.bin
+            ln -sf ${UBOOT_TARGET}-${board}-${PV}-${PR}.bin ${D}/boot/${UBOOT_TARGET}.bin
+        fi
+    done
+}
+
+do_deploy(){
+    if [ "x${UBOOT_MACHINES}" = "x" ]; then
+        UBOOT_MACHINES=${UBOOT_MACHINE}
+    fi
+
+    for board in ${UBOOT_MACHINES}; do
+        if ! grep -wq $board ${S}/boards.cfg;then
+            continue
+        fi
+
+        case "${board}" in
+            *SDCARD*)   UBOOT_TARGET="u-boot-sd";;
+            *SPIFLASH*) UBOOT_TARGET="u-boot-spi";;
+            *NAND*)     UBOOT_TARGET="u-boot-nand";;
+            *SRIO*)     UBOOT_TARGET="u-boot-srio";;
+            *)      UBOOT_TARGET="u-boot";;
+        esac
+
+        if [ -f ${S}/${board}/${UBOOT_TARGET}.bin ]; then
+            mkdir -p ${DEPLOYDIR}
+            install ${S}/${board}/${UBOOT_TARGET}.bin ${DEPLOYDIR}/${UBOOT_TARGET}-${board}-${PV}-${PR}.bin
+
+            cd ${DEPLOYDIR}
+            rm -f ${UBOOT_TARGET}-${board}.bin
+            ln -sf ${UBOOT_TARGET}-${board}-${PV}-${PR}.bin ${UBOOT_TARGET}-${board}.bin
+        fi
+    done
+}
+addtask deploy after do_install
+
+PACKAGES += "${PN}-images"
+FILES_${PN}-images += "/boot"
+
+ALLOW_EMPTY_${PN} = "1"
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README
new file mode 100644
index 0000000..9578982
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README
@@ -0,0 +1,77 @@
+test_setkey script usage
+
+The scripts in this directory may be used for testing
+native Linux IPsec with the talitos driver as a loadable module.
+
+It's assumed that these scripts have been placed in the directory
+named /test_setkey.
+
+The scripts setup_left and setup_right configure the ip addresses
+for two boards named 'left' and 'right', which are two gateways for
+an IPsec tunnel.  Connect the eth1 interfaces of left and right boards together.
+For smartbits testing, connect eth0 on each board to a smartbits port.
+For other testing (ping, netperf, iperf), connect eth0 on each board to another system.
+
+The scripts named left.conf-* and right.conf-* are setkey scripts
+which configure the IPsec SA and SPD entries.
+The scripts ending in -tunnel use tunnel mode IPsec, and the scripts
+ending in -transport used transport mode IPsec.
+Transport mode is useful for quickly testing security functionality
+using ping or netperf between two boards.
+Tunnel mode can be used for testing throughput using smartbits or other
+performance test equipment.
+
+There is a top level script called 'setup' which
+is used for a one-step setup on the left and right boards.
+'setup' uses two or three parameters. The first parameter is the side, left or right.
+The second parameter is the setkey suffix for the left.conf- and right.conf- files.
+If the third parameter is supplied, the setup will modprobe that name, so
+typically you should provide talitos as the third parameter if you want to load the driver.
+If you have built the talitos driver into the kernel, omit the third parameter to setup.
+You may test software encryption if talitos is built as a module and you omit the third parameter.
+
+Below are example uses of the 'setup' script.
+
+1) One-step setup for smartbits
+   Use a tunnel mode setup on each side.
+   AES-HMAC-SHA1: 
+   Left side:
+      /test_setkey/setup left aes-sha1-tunnel talitos
+   Right side:
+      /test_setkey/setup right aes-sha1-tunnel talitos
+
+   3DES-HMAC-SHA1:
+   Left side:
+      /test_setkey/setup left 3des-sha1-tunnel talitos
+   Right side:
+      /test_setkey/setup right 3des-sha1-tunnel talitos
+
+2) One-step setup for testing ping, netperf, or iperf between two boards. 
+   Use a transport mode setup on each side.
+   AES-HMAC-SHA1: 
+   Left side:
+      /test_setkey/setup left aes-sha1-transport talitos
+   Right side:
+      /test_setkey/setup right aes-sha1-transport talitos
+
+   3DES-HMAC-SHA1:
+   Left side:
+      /test_setkey/setup left 3des-sha1-transport talitos
+   Right side:
+      /test_setkey/setup right 3des-sha1-transport talitos
+
+3) Testing ipv4
+   To test ipv4 (with no security) over the two gateways, use steps below.
+   Testing ipv4 is helpful to get your smartbits configuration verified
+   and also establish a baseline performance for throughput.
+
+   On the left board:
+   cd /test_setkey
+   ./setup_left
+   ./left.ipv4
+
+   On the right board:
+   cd /test_setkey
+   ./setup_right
+   ./right.ipv4
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_left.conf-3des-sha1-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_left.conf-3des-sha1-tunnel
new file mode 100755
index 0000000..6bd6c5d
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_left.conf-3des-sha1-tunnel
@@ -0,0 +1,32 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_right.conf-3des-sha1-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_right.conf-3des-sha1-tunnel
new file mode 100755
index 0000000..eebf307
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_right.conf-3des-sha1-tunnel
@@ -0,0 +1,31 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board B setup
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/flush-setkey b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/flush-setkey
new file mode 100755
index 0000000..0be3056
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/flush-setkey
@@ -0,0 +1,4 @@
+#!/usr/sbin/setkey -f
+
+flush;
+spdflush;
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.left b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.left
new file mode 100644
index 0000000..d9d6c0c
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.left
@@ -0,0 +1,29 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        charondebug="chd 2, knl 2"
+        crlcheckinterval=180
+        strictcrlpolicy=no
+        plutostart=no
+
+conn %default
+        ikelifetime=60m
+        keylife=20m
+        rekeymargin=3m
+        keyingtries=1
+        keyexchange=ikev2
+        type=tunnel
+        auth=esp
+        compress=no
+        mobike=no
+
+conn net-net
+        left=200.200.200.10
+        leftsubnet=192.168.1.0/24
+        leftcert=moonCert.pem
+        leftid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+        leftfirewall=yes
+        right=200.200.200.20
+        rightsubnet=192.168.2.0/24
+        rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
+        auto=add
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.right b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.right
new file mode 100644
index 0000000..c14dee2
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.right
@@ -0,0 +1,28 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        charondebug="chd 2, knl 2"
+        crlcheckinterval=180
+        strictcrlpolicy=no
+        plutostart=no
+
+conn %default
+        ikelifetime=60m
+        keylife=20m
+        rekeymargin=3m
+        keyingtries=1
+        keyexchange=ikev2
+        auth=esp
+        compress=no
+        mobike=no
+
+conn net-net 
+        left=200.200.200.20
+        leftcert=sunCert.pem
+        leftid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
+        leftsubnet=192.168.2.0/24
+        leftfirewall=yes
+        right=200.200.200.10
+        rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+        rightsubnet=192.168.1.0/24
+        auto=add
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.left b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.left
new file mode 100644
index 0000000..e86d6aa
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.left
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.right b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.right
new file mode 100644
index 0000000..1095b74
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.right
@@ -0,0 +1,8 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA sunKey.pem
+
+
+
+
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.left b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.left
new file mode 100644
index 0000000..55025db
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.left
@@ -0,0 +1,39 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        plutodebug=control
+        crlcheckinterval=180
+        strictcrlpolicy=no
+        charonstart=no
+
+conn %default
+        ikelifetime=60m
+        keylife=20m
+        rekeymargin=3m
+        keyingtries=1
+        keyexchange=ikev1
+        left=200.200.200.10
+        leftcert=moonCert.pem
+        leftid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+        leftfirewall=yes
+
+conn net-net
+        left=%defaultroute
+        leftsubnet=192.168.1.0/24
+        leftcert=moonCert.pem
+        right=200.200.200.20
+        rightsubnet=192.168.2.0/24
+        rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
+        auto=add
+        
+conn host-host
+        left=%defaultroute
+        leftcert=moonCert.pem
+        right=200.200.200.20
+        rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
+        auto=add
+
+conn rw
+        leftsubnet=192.168.1.0/24
+        right=%any
+        auto=add
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.right b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.right
new file mode 100644
index 0000000..479791e
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.right
@@ -0,0 +1,34 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        plutodebug=control
+        crlcheckinterval=180
+        strictcrlpolicy=no
+        charonstart=no
+
+conn %default
+        ikelifetime=60m
+        keylife=20m
+        rekeymargin=3m
+        keyingtries=1
+        keyexchange=ikev1
+        left=200.200.200.20
+        leftcert=sunCert.pem
+        leftid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
+        leftfirewall=yes
+
+conn net-net
+        left=%defaultroute
+        leftsubnet=192.168.2.0/24
+        leftcert=sunCert.pem
+        right=200.200.200.10
+        rightsubnet=192.168.1.0/24
+        rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+        auto=add
+
+conn host-host
+        left=%defaultroute
+        leftcert=sunCert.pem
+        right=200.200.200.10
+        rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+        auto=add
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-transport
new file mode 100755
index 0000000..5422771
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.10
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E 3des-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E 3des-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-tunnel
new file mode 100755
index 0000000..52bf9c3
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E 3des-cbc  0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E 3des-cbc  0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-transport
new file mode 100755
index 0000000..e5ee005
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-transport
@@ -0,0 +1,22 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.10
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E 3des-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E 3des-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
+spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-tunnel
new file mode 100755
index 0000000..eb2881d
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E 3des-cbc  0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E 3des-cbc  0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-transport
new file mode 100755
index 0000000..b528632
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.10
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E 3des-cbc       0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E 3des-cbc       0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-tunnel
new file mode 100755
index 0000000..e7726f0
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel
+    -E 3des-cbc       0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel
+    -E 3des-cbc       0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-transport
new file mode 100755
index 0000000..96f5783
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.10
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E aes-cbc    0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E aes-cbc    0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-tunnel
new file mode 100755
index 0000000..b2cf84b
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E aes-cbc    0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E aes-cbc    0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-transport
new file mode 100755
index 0000000..f3ffaf5
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-transport
@@ -0,0 +1,22 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.10
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E aes-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E aes-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
+spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-tunnel
new file mode 100755
index 0000000..1ab7874
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E aes-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E aes-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-transport
new file mode 100755
index 0000000..d2645d6
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.10
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E aes-cbc        0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E aes-cbc        0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-tunnel
new file mode 100755
index 0000000..8ed697d
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel
+    -E aes-cbc        0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel
+    -E aes-cbc        0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-transport
new file mode 100755
index 0000000..84275d0
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.10
+
+flush;
+spdflush;
+
+# ESP SAs doing null encryption
+# and null authentication
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E null
+    -A null;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E null
+    -A null;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-tunnel
new file mode 100755
index 0000000..478d14a
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
+# ESP SAs doing null encryption
+# and null authentication
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E null
+    -A null;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E null
+    -A null;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.ipv4 b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.ipv4
new file mode 100755
index 0000000..e219f2a
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.ipv4
@@ -0,0 +1,2 @@
+set -v
+route add -net 192.168.2.0 netmask 255.255.255.0 gw 200.200.200.20
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonCert.pem b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonCert.pem
new file mode 100644
index 0000000..d5c970f
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonCert.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEIjCCAwqgAwIBAgIBFzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTA5MDgyNzEwMDMzMloXDTE0MDgyNjEwMDMzMlowRjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHDAaBgNVBAMTE21vb24u
+c3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK
+L2M91Lu6BYYhWxWgMS9z9TMSTwszm5rhO7ZIsCtMRo4PAeYw+++SGXt3CPXb/+p+
+SWKGlm11rPE71eQ3ehgh2C3hAurfmWO0iQQaCw+fdreeIVCqOQIOP6UqZ327h5yY
+YpHk8VQv4vBJTpxclU1PqnWheqe1ZlLxsW773LRml/fQt/UgvJkCBTZZONLNMfK+
+7TDnYaVsAtncgvDN78nUNEe2qY92KK7SrBJ6SpUEg49m51F+XgsGcsgWVHS85on3
+Om/G48crLEVJjdu8CxewSRVgb+lPJWzHd8QsU0Vg/7vlqs3ZRMyNtNKrr4opSvVb
+A6agGlTXhDCreDiXU8KHAgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMAsGA1UdDwQE
+AwIDqDAdBgNVHQ4EFgQUapx00fiJeYn2WpTpifH6w2SdKS4wbQYDVR0jBGYwZIAU
+XafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQK
+ExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GC
+AQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzATBgNVHSUEDDAKBggr
+BgEFBQcDATA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
+b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCctXg2xeMozaTV
+jiBL1P8MY9uEH5JtU0EceQ1RbI5/2vGRdnECND9oADY5vamaaE2Mdq2Qh/vlXnML
+o3ii5ELjsQlYdTYZOcMOdcUUXYvbbFX1cwpkBhyBl1H25KptHcgQ/HnceKp3kOuq
+wYOYjgwePXulcpWXx0E2QtQCFQQZFPyEWeNJxH0oglg53QPXfHY9I2/Gukj5V0bz
+p7ME0Gs8KdnYdmbbDqzQgPsta96/m+HoJlsrVF+4Gqihj6BWMBQ2ybjPWZdG3oH9
+25cE8v60Ry98D0Z/tygbAUFnh5oOvaf642paVgc3aoA77I8U+UZjECxISoiHultY
+7QTufOwP
+-----END CERTIFICATE-----
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonKey.pem b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonKey.pem
new file mode 100644
index 0000000..4d99866
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonKey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAyi9jPdS7ugWGIVsVoDEvc/UzEk8LM5ua4Tu2SLArTEaODwHm
+MPvvkhl7dwj12//qfklihpZtdazxO9XkN3oYIdgt4QLq35ljtIkEGgsPn3a3niFQ
+qjkCDj+lKmd9u4ecmGKR5PFUL+LwSU6cXJVNT6p1oXqntWZS8bFu+9y0Zpf30Lf1
+ILyZAgU2WTjSzTHyvu0w52GlbALZ3ILwze/J1DRHtqmPdiiu0qwSekqVBIOPZudR
+fl4LBnLIFlR0vOaJ9zpvxuPHKyxFSY3bvAsXsEkVYG/pTyVsx3fELFNFYP+75arN
+2UTMjbTSq6+KKUr1WwOmoBpU14Qwq3g4l1PChwIDAQABAoIBACBFB/Xqajv6fbn9
+K6pxrz02uXwGmacXAtVIDoPzejWmXS4QA4l17HrJDmelSnhelDKry8nnYHkTrTz7
+mn0wQ4HDWy86o/okJUG/TKRLd6bf79aRQqqohqd3iQkHk43GyzuXH+oGioVKF0fc
+ACDWw4wfjL7FMNdHCZ4Bz9DrHO/ysHe9B6rvSYm3VZRhSxaneIkaLkkDadKpVx3f
+XNFlMxY4qKPJYYSoJZ61iMqrO7+rnA93tmyDDs8PKU3BtnpfNrdePgleJHhk8Zqy
+Ev2/NOCSUxbKE8NCtLpGTs+T0qjjnu4k3WPd3ZOBAan0uPDekHZeHB/aXGLhYcxx
+J5SurqECgYEA+F1gppkER5Jtoaudt/CUpdQ1sR9wxf75VBqJ4FiYABGQz9xlG4oj
+zL/o572s0iV3bwFpnQa+WuWrxGkP6ZuB/Z82npc0N/vLou/b4dxvg4n7K+eOOEf0
+8FMjsse2tqTIXKCqcmQnR0NPQ1jwuvEKsXP5w/JOlnRXAXnd4jxsJI0CgYEA0GaT
+61ySttUW9jC3mxuY6jkQy8TEQqR3nOFvWwmCXIWOpN/MTTPus+Telxp/pdKhU+mo
+PmX3Unyne5PvwleWDq3YzltX5ZDZGJ5UJlKuNnfGIzQ6OcHRbb7zBpQG6qSRPuug
+bgo688hTnb1L59nK88zWVK45euf6pyuoI+SwIGMCgYEA7yvE8knyhBXvezuv0z1b
+eGHmHp5/VDwY0DQKSEAoiBBiWrkLqLybgwXf/KJ8dZZc8En08aFX2GLJyYe/KiB1
+ys3ypEBJqgvRayP+o/9KZ+qNNRd0rqAksPXvL7ABNNt0kzapTSVDae3Yu6s/j1am
+DIL5qAeERIDedG5uDPpQzdUCgYB7MtjpP63ABhLv8XbpbBQnCxtByw3W89F+Xcrt
+v55gQdhE4cSuMzA/CuMH4vNpPS6AI9aBJNhj3CtKo/cOJachAGb1/wvkO5ALvLW0
+fhZdPstUTnDJain7vfF/hwzbs/PlhXgu9T9KlLfRvXFdG+Sd4g8mumRiozcLkoRw
+y6XPTwKBgDJP+s9wXmdG90HST/aqC7FKrVXLpB63dY5swNUfQP6sa0pFnON0r0JC
+h/YCsGFFIAebQ2uOkM3g3f9nkwTp7910ov+/5uThvRI2w2BBPy0mVuALPjyyF1Z2
+cb9zpyKiIuXoXRCf4sd8r1lR9bn0Fxx0Svpxf+fpMGSI5quHNBKY
+-----END RSA PRIVATE KEY-----
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh
new file mode 100755
index 0000000..faefb24
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+#
+# Usage: ./pingsizes.sh 1440 20 (or greater)
+#
+
+PINGDEST=${PINGDEST:-200.200.200.10}
+k=$1
+lim="$((k+$2))"
+((k-=1))
+while [ "$k" != "$lim" ] ; do
+        echo -n "ping -s $((k+=1)) : "
+        ping -i 1000 -c 1 -s $k $PINGDEST | grep packets &
+        sleep 1
+        PID=`ps -eaf | grep 'ping -i' | grep -v grep | sed 's/[ ][ ]*/ /g' | cut -d " " -f 2`
+        if [ -n "$PID" ] ; then
+                echo "****************** killing $PID"
+                kill $PID > /dev/null
+        fi
+done
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizest.sh b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizest.sh
new file mode 100755
index 0000000..d5ff0f7
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizest.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+#
+# Usage: ./pingsizes.sh 1440 20 (or greater)
+#
+
+PINGDEST=${PINGDEST:-200.200.200.10}
+k=$1
+lim="$((k+$2))"
+((k-=1))
+while [ "$k" != "$lim" ] ; do
+        echo ping -s $((k+=1))
+        ping -i 1000 -c 1 -s $k $PINGDEST &
+        sleep 1
+        PID=`ps -eaf | grep 'ping -i' | sed 's/[ ][ ]*/ /g' | cut -d " " -f 2`
+        if [ -n "$PID" ] ; then
+                echo "****************** killing $PID"
+                kill $PID
+        fi
+done
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/psk.txt b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/psk.txt
new file mode 100644
index 0000000..46c1ff4
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/psk.txt
@@ -0,0 +1,2 @@
+200.200.200.20 secretkeyracoon
+200.200.200.10 secretkeyracoon
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/racoon.conf b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/racoon.conf
new file mode 100644
index 0000000..cf561f5
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/racoon.conf
@@ -0,0 +1,22 @@
+path pre_shared_key "/test_setkey/psk.txt" ;
+
+        remote anonymous
+        {
+                exchange_mode main ;
+                lifetime time 1 hour ;
+                proposal {
+                        encryption_algorithm 3des;
+                        hash_algorithm sha1;
+                        authentication_method pre_shared_key ;
+                        dh_group 2 ;
+                }
+        }
+
+        sainfo anonymous
+        {
+                pfs_group 2;
+                lifetime time 1 hour ;
+                encryption_algorithm 3des ;
+                authentication_algorithm hmac_sha1 ;
+                compression_algorithm deflate ;
+        }
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-transport
new file mode 100755
index 0000000..7f82fb4
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.20
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E 3des-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E 3des-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-tunnel
new file mode 100755
index 0000000..5a75257
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board B setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E 3des-cbc  0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E 3des-cbc  0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-transport
new file mode 100755
index 0000000..6ef885d
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-transport
@@ -0,0 +1,22 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.20
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E 3des-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E 3des-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
+# Security policies
+spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
+        esp/transport//require;
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-tunnel
new file mode 100755
index 0000000..16c3157
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-tunnel
@@ -0,0 +1,41 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board B setup
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E 3des-cbc  0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E 3des-cbc  0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-transport
new file mode 100755
index 0000000..b977209
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.20
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E 3des-cbc       0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E 3des-cbc       0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-tunnel
new file mode 100755
index 0000000..e7c5b4e
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel
+    -E 3des-cbc       0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel
+    -E 3des-cbc       0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-transport
new file mode 100755
index 0000000..5d55d00
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.20
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E aes-cbc    0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E aes-cbc    0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-tunnel
new file mode 100755
index 0000000..f49bd54
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board B setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E aes-cbc    0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E aes-cbc    0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-transport
new file mode 100755
index 0000000..d9c65a4
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-transport
@@ -0,0 +1,22 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.20
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E aes-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E aes-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
+# Security policies
+spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
+        esp/transport//require;
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-tunnel
new file mode 100755
index 0000000..1f10136
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-tunnel
@@ -0,0 +1,41 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board B setup
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E aes-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E aes-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-transport
new file mode 100755
index 0000000..817a8bd
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.20
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E aes-cbc        0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E aes-cbc        0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-tunnel
new file mode 100755
index 0000000..9bca18f
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel
+    -E aes-cbc        0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel
+    -E aes-cbc        0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-transport
new file mode 100755
index 0000000..26dfe2e
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.20
+
+flush;
+spdflush;
+
+# ESP SAs doing null encryption
+# and null authentication
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E null
+    -A null;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E null
+    -A null;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-tunnel
new file mode 100755
index 0000000..bc4f38e
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board B setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+
+# ESP SAs doing null encryption
+# and null authentication
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E null
+    -A null;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E null
+    -A null;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.ipv4 b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.ipv4
new file mode 100755
index 0000000..67cd1b2
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.ipv4
@@ -0,0 +1,2 @@
+set -v
+route add -net 192.168.1.0 netmask 255.255.255.0 gw 200.200.200.10
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup
new file mode 100755
index 0000000..9e6fa7f
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup
@@ -0,0 +1,47 @@
+# setup - quick setup for left or right side of ipsec test
+# see README for example use.
+
+SCRIPT_HOME=/test_setkey/
+cd $SCRIPT_HOME
+
+export PATH=$SCRIPT_HOME:$PATH
+
+if [ "$1" != "left" -a "$1" != "right" ] ; then
+        echo "Usage:    $0 side [config] [driver]"
+        echo "          where side is either left or right."
+        echo "          where config is either"
+        echo "                  aes-sha1-tunnel (default)"
+        echo "               or 3des-sha1-tunnel"
+        echo "          if driver is supplied, script does 'modprobe driver'"
+        exit 1
+fi
+
+SIDE=$1
+POLICY_CFG=$SIDE.conf
+DEFAULT_POLICY=aes-sha1-tunnel
+
+if [ -n "$2" ] ; then
+        POLICY=$2
+else
+        POLICY=$DEFAULT_POLICY
+fi
+
+SETKEY_FILE=$POLICY_CFG-$POLICY
+
+if [ ! -f $SETKEY_FILE ] ; then
+        echo "Missing setkey command file: $SETKEY_FILE"
+        exit 1
+fi
+
+# modprobe any driver name given as last parameter
+if [ -n "$3" ] ; then
+        modprobe $3
+fi
+
+SETUP_CMD_FILE=./setup_$SIDE
+. $SETUP_CMD_FILE
+
+$SETKEY_FILE
+
+setkey -D
+setkey -D -P
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_left b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_left
new file mode 100755
index 0000000..da76909
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_left
@@ -0,0 +1,13 @@
+# board on left setup
+set -v
+ifconfig eth0 down
+ifconfig eth0 hw ether 00:04:9F:11:22:33
+ifconfig eth0 192.168.1.130 netmask 255.255.255.0
+ifconfig eth0 up
+ifconfig eth1 down
+ifconfig eth1 hw ether 00:E0:0C:00:7D:FD
+ifconfig eth1 200.200.200.10 netmask 255.255.255.0
+ifconfig eth1 up
+arp -s 192.168.1.21 00:00:00:00:00:01
+route add default dev eth1
+echo 1 > /proc/sys/net/ipv4/ip_forward
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_right b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_right
new file mode 100755
index 0000000..f0e333e
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_right
@@ -0,0 +1,13 @@
+# board on right setup
+set -v
+ifconfig eth0 down
+ifconfig eth0 hw ether 00:E0:0C:00:01:FD
+ifconfig eth0 192.168.2.130 netmask 255.255.255.0
+ifconfig eth0 up
+ifconfig eth1 down
+ifconfig eth1 hw ether 00:E0:0C:00:00:FD
+ifconfig eth1 200.200.200.20 netmask 255.255.255.0
+ifconfig eth1 up
+arp -s 192.168.2.21 00:00:00:00:00:02
+route add default dev eth1
+echo 1 > /proc/sys/net/ipv4/ip_forward
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan.conf b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan.conf
new file mode 100644
index 0000000..1701f4a
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan.conf
@@ -0,0 +1,19 @@
+# strongswan.conf - strongSwan configuration file
+
+charon {
+        load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-raw updown
+        multiple_authentication = no
+}
+
+pluto {
+
+        # plugins to load in pluto
+        #load = aes des sha1 md5 sha2 hmac gmp random pubkey
+        
+}
+
+libstrongswan {
+
+        #  set to no, the DH exponent size is optimized
+        #  dh_exponent_ansi_x9_42 = no
+}
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswanCert.pem b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswanCert.pem
new file mode 100644
index 0000000..0865ad2
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswanCert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDuDCCAqCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTA0MDkxMDEwMDExOFoXDTE5MDkwNzEwMDExOFowRTELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u
+Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/y
+X2LqPVZuWLPIeknK86xhz6ljd3NNhC2z+P1uoCP3sBMuZiZQEjFzhnKcbXxCeo2f
+FnvhOOjrrisSuVkzuu82oxXD3fIkzuS7m9V4E10EZzgmKWIf+WuNRfbgAuUINmLc
+4YGAXBQLPyzpP4Ou48hhz/YQo58Bics6PHy5v34qCVROIXDvqhj91P8g+pS+F21/
+7P+CH2jRcVIEHZtG8M/PweTPQ95dPzpYd2Ov6SZ/U7EWmbMmT8VcUYn1aChxFmy5
+gweVBWlkH6MP+1DeE0/tL5c87xo5KCeGK8Tdqpe7sBRC4pPEEHDQciTUvkeuJ1Pr
+K+1LwdqRxo7HgMRiDw8CAwEAAaOBsjCBrzASBgNVHRMBAf8ECDAGAQH/AgEBMAsG
+A1UdDwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0j
+BGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkw
+FwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJv
+b3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACOSmqEBtBLR9aV3UyCI8gmzR5in
+Lte9aUXXS+qis6F2h2Stf4sN+Nl6Gj7REC6SpfEH4wWdwiUL5J0CJhyoOjQuDl3n
+1Dw3dE4/zqMZdyDKEYTU75TmvusNJBdGsLkrf7EATAjoi/nrTOYPPhSUZvPp/D+Y
+vORJ9Ej51GXlK1nwEB5iA8+tDYniNQn6BD1MEgIejzK+fbiy7braZB1kqhoEr2Si
+7luBSnU912sw494E88a2EWbmMvg2TVHPNzCpVkpNk7kifCiwmw9VldkqYy9y/lCa
+Epyp7lTfKw7cbD04Vk8QJW782L6Csuxkl346b17wmOqn8AZips3tFsuAY3w=
+-----END CERTIFICATE-----
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_left b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_left
new file mode 100755
index 0000000..e55c3e4
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_left
@@ -0,0 +1,10 @@
+#strongswan on left board
+set -v
+cp -rf ipsec.conf.left /etc/ipsec.conf
+cp -rf ipsec.secrets.left /etc/ipsec.secrets
+cp -rf strongswan.conf /etc/
+cp -rf strongswanCert.pem /etc/ipsec.d/cacerts/
+cp -rf moonCert.pem /etc/ipsec.d/certs/
+mkdir /etc/ipsec.d/private
+cp -rf sunKey.pem /etc/ipsec.d/private/
+cp -rf moonKey.pem /etc/ipsec.d/private/
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_right b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_right
new file mode 100755
index 0000000..bcdbb73
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_right
@@ -0,0 +1,10 @@
+#strongswan on left board
+set -v
+cp -rf ipsec.conf.right /etc/ipsec.conf
+cp -rf ipsec.secrets.right /etc/ipsec.secrets
+cp -rf strongswan.conf /etc/
+cp -rf strongswanCert.pem /etc/ipsec.d/cacerts/
+cp -rf sunCert.pem /etc/ipsec.d/certs/
+mkdir /etc/ipsec.d/private
+cp -rf sunKey.pem /etc/ipsec.d/private/
+cp -rf moonKey.pem /etc/ipsec.d/private/
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunCert.pem b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunCert.pem
new file mode 100644
index 0000000..d0937ba
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunCert.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEIDCCAwigAwIBAgIBFjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTA5MDgyNzA5NTkwNFoXDTE0MDgyNjA5NTkwNFowRTELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN1bi5z
+dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+V
+VIpn6Q5jaU//EN6p6A5cSfUfhBK0mFa2laFFZh/Y0h66AXqqrQ3X917h7YNsSk68
+oowY9h9I3gOx7hNVBsJr2VjdYC+b0q5NTha09/A5mimv/prYj6o0yawxoPjoDs9Y
+h7D7Kf+F8fkgk0stlHJZX66J7dNrFXbg1xBld+Ep5Or2FbEZ9QWUpRQTuhdpNt/4
+9YuxQ59DemY9IRbwsrKCHH0mGrJsDdqeb0ap+8QvSXHjCt1fr9MNKWaAFAQLKQI4
+e0da1ntPCEQLeE833+NNRBgGufk0KqGT3eAXqrxa9AEIUJnVcPexQdqUMjcUpXFb
+8WNzRWB8Egh3BDK6FsECAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD
+AgOoMB0GA1UdDgQWBBRW1p4v2qihzRlcI1PnxbZwluML+zBtBgNVHSMEZjBkgBRd
+p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT
+EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB
+ADAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dhbi5vcmcwEwYDVR0lBAwwCgYIKwYB
+BQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9y
+Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAo37LYT9Awx0MK/nA
+FZpPJqUr0Ey+O5Ukcsdx7nd00SlmpiQRY8KmuRXCBQnDEgdLstd3slQjT0pJEgWF
+0pzxybnI6eOzYAhLfhart+X1hURiNGbXjggm2s4I5+K32bVIkNEqlsYnd/6F9oo5
+ZNO0/eTTruLZfkNe/zchBGKe/Z7MacVwlYWWCbMtBV4K1d5dGcRRgpQ9WivDlmat
+Nh9wlscDSgSGk3HJkbxnq695VN7zUbDWAUvWWhV5bIDjlAR/xyT9ApqIxiyVVRul
+fYrE7U05Hbt6GgAroAKLp6qJup9+TxQAKSjKIwJ0hf7OuYyQ8TZtVHS7AOhm+T/5
+G/jGGA==
+-----END CERTIFICATE-----
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunKey.pem b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunKey.pem
new file mode 100644
index 0000000..d8fad9a
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunKey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA35VUimfpDmNpT/8Q3qnoDlxJ9R+EErSYVraVoUVmH9jSHroB
+eqqtDdf3XuHtg2xKTryijBj2H0jeA7HuE1UGwmvZWN1gL5vSrk1OFrT38DmaKa/+
+mtiPqjTJrDGg+OgOz1iHsPsp/4Xx+SCTSy2Ucllfront02sVduDXEGV34Snk6vYV
+sRn1BZSlFBO6F2k23/j1i7FDn0N6Zj0hFvCysoIcfSYasmwN2p5vRqn7xC9JceMK
+3V+v0w0pZoAUBAspAjh7R1rWe08IRAt4Tzff401EGAa5+TQqoZPd4BeqvFr0AQhQ
+mdVw97FB2pQyNxSlcVvxY3NFYHwSCHcEMroWwQIDAQABAoIBADH51hjN2zk9HVgl
+QmcTAWzcUie5cLMhrP+M9mtC8O3jcCwwFY6OwfnbMU8DHy0GMqHg5lB8b99UUVPw
+HLAzjDw/ESkc6pgZs4EEhJTsxJLsvTnePgHssEgyXnXf7gRVEqJkPohfy+Zy0UCH
+eIUQXiMlOQ7xg7iDMhwNa+UdWSt539DztSKilQn2xdPZjFnMT0/prvl4NA/8Zn54
+/SdWDq5yRdLWb6EK1V7yJ3687GXR1jzGtgy7TXuncUJVTYgX7RdP1Tn6gWD8YAQ/
+RfT0DdWYm4WHSgSb9/NW8lBZH2yy3hg+lNgofXEvTfBkO5QyW31LIr0tCV6zhJIc
+Y9MxaKUCgYEA9sktaXfhPLe0ECjdeQEOq5EKuDrCviSKCOuAV4BDSOsdw6+5LWfY
+Vb/oke8N70lL3RCblcj1pOKWUi2O/SpEJdDRduiw2gM9cXt3/bChSTHC4TsIxxN/
+Db9OGg72kZ4sRY5Au+zyAAQYBwXhFWux194Jk5qK0JblNG9J5QMqZDcCgYEA5+5h
+BgHUMEO+pdME5lAiSc5PcNTejpA6j+OikCh4/HFXy3C/dLx+Cs1+egw64c8iVaIv
+NEo7n7E9I0e3XqanPRXhMnBRrP+39OVsWPmZ18Li2Hi84KwJyi8Y11l3XJOqaYpF
+wMVUuZpxR0dfG5k/5GwT/tEkmQBglOgG3m2zUMcCgYEA4m3Vd9ahV5dp5AXKpzKc
+JjiPMFfhxJo7+FEz0ZUCp03qYljBu/Jy4MKS/grrqyiCLdQGHNlk4SNxLvdUId78
+5gGBnuuDEJU2dAAIKUE9yq2YlBUZSacOxStI2snt28/X6P3LUWHm7LLU5OS1D3Vf
+mKPF/6MlSJuas5CEqVZNN+MCgYBH9Qh7IaQgmVQUBKVXg3Mv7OduvUyTdKIGtHxi
+N3xZ7hxsDP4JjNWaKmlcGmFGX8pqQRheI83d3NJ4GK8GmbP3Wst0p65fezMqsudr
+r30QmPFicgs/tYCQDw6o+aPzwAi2F+VOSqrfrtAIaldSq7hL+VA21dKB+cD9UgOX
+jPd+TwKBgQCbKeg2QNS2qhPIG9eaqJDROuxmxb/07d7OBctgMgxVvKhqW9hW42Sy
+gJ59fyz5QjFBaSfcOdf4gkKyEawVo45/q6ymIQU37R4vF4CW9Z3CfaIbwJp7LcHV
+zH07so/HNsZua6GWCSCLJU5MeCRiZzk2RFiS9KIaLP4gZndv4lXOiQ==
+-----END RSA PRIVATE KEY-----
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb b/recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb
new file mode 100644
index 0000000..5607060
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb
@@ -0,0 +1,25 @@
+SUMMARY = "Scripts and configuration files for ipsec demo"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+RDEPENDS_${PN} = "ipsec-tools"
+
+inherit allarch
+
+SRC_URI = "file://test_setkey"
+
+do_configure() {
+    :
+}
+
+do_compile() {
+    :
+}
+
+do_install(){
+    install -d  ${D}${datadir}
+    cp -a ${WORKDIR}/test_setkey ${D}${datadir}/
+}
+
+FILES_${PN} = "${datadir}/*"
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch
new file mode 100644
index 0000000..233cf6e
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch
@@ -0,0 +1,83 @@
+From 9297e3834518ff0558d6e7004a62adfd107e659a Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Tue, 10 Sep 2013 12:46:46 +0300
+Subject: [PATCH 01/17] remove double initialization of cryptodev engine
+
+cryptodev engine is initialized together with the other engines in
+ENGINE_load_builtin_engines. The initialization done through
+OpenSSL_add_all_algorithms is redundant.
+
+Change-Id: Ic9488500967595543ff846f147b36f383db7cb27
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/17222
+---
+ crypto/engine/eng_all.c | 11 -----------
+ crypto/engine/engine.h  |  4 ----
+ crypto/evp/c_all.c      |  5 -----
+ util/libeay.num         |  2 +-
+ 4 files changed, 1 insertion(+), 21 deletions(-)
+
+diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
+index 6093376..f16c043 100644
+--- a/crypto/engine/eng_all.c
++++ b/crypto/engine/eng_all.c
+@@ -122,14 +122,3 @@ void ENGINE_load_builtin_engines(void)
+ #endif
+        ENGINE_register_all_complete();
+        }
+-
+-#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
+-void ENGINE_setup_bsd_cryptodev(void) {
+-       static int bsd_cryptodev_default_loaded = 0;
+-       if (!bsd_cryptodev_default_loaded) {
+-               ENGINE_load_cryptodev();
+-               ENGINE_register_all_complete();
+-       }
+-       bsd_cryptodev_default_loaded=1;
+-}
+-#endif
+diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
+index f8be497..237a6c9 100644
+--- a/crypto/engine/engine.h
++++ b/crypto/engine/engine.h
+@@ -740,10 +740,6 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
+  * values. */
+ void *ENGINE_get_static_state(void);
+ 
+-#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
+-void ENGINE_setup_bsd_cryptodev(void);
+-#endif
+-
+ /* BEGIN ERROR CODES */
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+  * made after this point may be overwritten when the script is next run.
+diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c
+index 766c4ce..5d6c21b 100644
+--- a/crypto/evp/c_all.c
++++ b/crypto/evp/c_all.c
+@@ -82,9 +82,4 @@ void OPENSSL_add_all_algorithms_noconf(void)
+        OPENSSL_cpuid_setup();
+        OpenSSL_add_all_ciphers();
+        OpenSSL_add_all_digests();
+-#ifndef OPENSSL_NO_ENGINE
+-# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
+-       ENGINE_setup_bsd_cryptodev();
+-# endif
+-#endif
+        }
+diff --git a/util/libeay.num b/util/libeay.num
+index aa86b2b..ae50040 100755
+--- a/util/libeay.num
++++ b/util/libeay.num
+@@ -2801,7 +2801,7 @@ BIO_indent                              3242      EXIST::FUNCTION:
+ BUF_strlcpy                             3243   EXIST::FUNCTION:
+ OpenSSLDie                              3244   EXIST::FUNCTION:
+ OPENSSL_cleanse                         3245   EXIST::FUNCTION:
+-ENGINE_setup_bsd_cryptodev              3246   EXIST:__FreeBSD__:FUNCTION:ENGINE
++ENGINE_setup_bsd_cryptodev              3246   NOEXIST::FUNCTION:
+ ERR_release_err_state_table             3247   EXIST::FUNCTION:LHASH
+ EVP_aes_128_cfb8                        3248   EXIST::FUNCTION:AES
+ FIPS_corrupt_rsa                        3249   NOEXIST::FUNCTION:
+-- 
+1.8.3.1
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch b/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
new file mode 100644
index 0000000..0b77bfa
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
@@ -0,0 +1,317 @@
+From dfd6ba263dc25ea2a4bbc32448b24ca2b1fc40e8 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Thu, 29 Aug 2013 16:51:18 +0300
+Subject: [PATCH 02/17] eng_cryptodev: add support for TLS algorithms offload
+
+- aes-128-cbc-hmac-sha1
+- aes-256-cbc-hmac-sha1
+
+Requires TLS patches on cryptodev and TLS algorithm support in Linux
+kernel driver.
+
+Change-Id: I43048caa348414daddd6c1a5cdc55e769ac1945f
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/17223
+---
+ crypto/engine/eng_cryptodev.c | 222 +++++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 211 insertions(+), 11 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 5a715ac..7588a28 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -72,6 +72,9 @@ ENGINE_load_cryptodev(void)
+ struct dev_crypto_state {
+        struct session_op d_sess;
+        int d_fd;
++       unsigned char *aad;
++       unsigned int aad_len;
++       unsigned int len;
+ 
+ #ifdef USE_CRYPTODEV_DIGESTS
+        char dummy_mac_key[HASH_MAX_LEN];
+@@ -140,17 +143,20 @@ static struct {
+        int     nid;
+        int     ivmax;
+        int     keylen;
++       int     mackeylen;
+ } ciphers[] = {
+-       { CRYPTO_ARC4,                  NID_rc4,                0,      16, },
+-       { CRYPTO_DES_CBC,               NID_des_cbc,            8,       8, },
+-       { CRYPTO_3DES_CBC,              NID_des_ede3_cbc,       8,      24, },
+-       { CRYPTO_AES_CBC,               NID_aes_128_cbc,        16,     16, },
+-       { CRYPTO_AES_CBC,               NID_aes_192_cbc,        16,     24, },
+-       { CRYPTO_AES_CBC,               NID_aes_256_cbc,        16,     32, },
+-       { CRYPTO_BLF_CBC,               NID_bf_cbc,             8,      16, },
+-       { CRYPTO_CAST_CBC,              NID_cast5_cbc,          8,      16, },
+-       { CRYPTO_SKIPJACK_CBC,          NID_undef,              0,       0, },
+-       { 0,                            NID_undef,              0,       0, },
++       { CRYPTO_ARC4,          NID_rc4,          0,  16, 0},
++       { CRYPTO_DES_CBC,       NID_des_cbc,      8,  8,  0},
++       { CRYPTO_3DES_CBC,      NID_des_ede3_cbc, 8,  24, 0},
++       { CRYPTO_AES_CBC,       NID_aes_128_cbc,  16, 16, 0},
++       { CRYPTO_AES_CBC,       NID_aes_192_cbc,  16, 24, 0},
++       { CRYPTO_AES_CBC,       NID_aes_256_cbc,  16, 32, 0},
++       { CRYPTO_BLF_CBC,       NID_bf_cbc,       8,  16, 0},
++       { CRYPTO_CAST_CBC,      NID_cast5_cbc,    8,  16, 0},
++       { CRYPTO_SKIPJACK_CBC,  NID_undef,        0,  0,  0},
++       { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
++       { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
++       { 0, NID_undef, 0, 0, 0},
+ };
+ 
+ #ifdef USE_CRYPTODEV_DIGESTS
+@@ -250,13 +256,15 @@ get_cryptodev_ciphers(const int **cnids)
+        }
+        memset(&sess, 0, sizeof(sess));
+        sess.key = (caddr_t)"123456789abcdefghijklmno";
++       sess.mackey = (caddr_t)"123456789ABCDEFGHIJKLMNO";
+ 
+        for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+                if (ciphers[i].nid == NID_undef)
+                        continue;
+                sess.cipher = ciphers[i].id;
+                sess.keylen = ciphers[i].keylen;
+-               sess.mac = 0;
++               sess.mackeylen = ciphers[i].mackeylen;
++
+                if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+                        nids[count++] = ciphers[i].nid;
+@@ -414,6 +422,67 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+        return (1);
+ }
+ 
++
++static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++               const unsigned char *in, size_t len)
++{
++       struct crypt_auth_op cryp;
++       struct dev_crypto_state *state = ctx->cipher_data;
++       struct session_op *sess = &state->d_sess;
++       const void *iiv;
++       unsigned char save_iv[EVP_MAX_IV_LENGTH];
++
++       if (state->d_fd < 0)
++               return (0);
++       if (!len)
++               return (1);
++       if ((len % ctx->cipher->block_size) != 0)
++               return (0);
++
++       memset(&cryp, 0, sizeof(cryp));
++
++       /* TODO: make a seamless integration with cryptodev flags */
++       switch (ctx->cipher->nid) {
++       case NID_aes_128_cbc_hmac_sha1:
++       case NID_aes_256_cbc_hmac_sha1:
++               cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
++       }
++       cryp.ses = sess->ses;
++       cryp.len = state->len;
++       cryp.src = (caddr_t) in;
++       cryp.dst = (caddr_t) out;
++       cryp.auth_src = state->aad;
++       cryp.auth_len = state->aad_len;
++
++       cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
++
++       if (ctx->cipher->iv_len) {
++               cryp.iv = (caddr_t) ctx->iv;
++               if (!ctx->encrypt) {
++                       iiv = in + len - ctx->cipher->iv_len;
++                       memcpy(save_iv, iiv, ctx->cipher->iv_len);
++               }
++       } else
++               cryp.iv = NULL;
++
++       if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
++               /* XXX need better errror handling
++                * this can fail for a number of different reasons.
++                */
++               return (0);
++       }
++
++       if (ctx->cipher->iv_len) {
++               if (ctx->encrypt)
++                       iiv = out + len - ctx->cipher->iv_len;
++               else
++                       iiv = save_iv;
++               memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
++       }
++       return (1);
++}
++
++
+ static int
+ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+     const unsigned char *iv, int enc)
+@@ -452,6 +521,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+        return (1);
+ }
+ 
++/* Save the encryption key provided by upper layers.
++ *
++ * This function is called by EVP_CipherInit_ex to initialize the algorithm's
++ * extra data. We can't do much here because the mac key is not available.
++ * The next call should/will be to cryptodev_cbc_hmac_sha1_ctrl with parameter
++ * EVP_CTRL_AEAD_SET_MAC_KEY, to set the hmac key. There we call CIOCGSESSION
++ * with both the crypto and hmac keys.
++ */
++static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx,
++               const unsigned char *key, const unsigned char *iv, int enc)
++{
++       struct dev_crypto_state *state = ctx->cipher_data;
++       struct session_op *sess = &state->d_sess;
++       int cipher = -1, i;
++
++       for (i = 0; ciphers[i].id; i++)
++               if (ctx->cipher->nid == ciphers[i].nid &&
++                   ctx->cipher->iv_len <= ciphers[i].ivmax &&
++                   ctx->key_len == ciphers[i].keylen) {
++                       cipher = ciphers[i].id;
++                       break;
++               }
++
++       if (!ciphers[i].id) {
++               state->d_fd = -1;
++               return (0);
++       }
++
++       memset(sess, 0, sizeof(struct session_op));
++
++       sess->key = (caddr_t)key;
++       sess->keylen = ctx->key_len;
++       sess->cipher = cipher;
++
++       /* for whatever reason, (1) means success */
++       return (1);
++}
++
++
+ /*
+  * free anything we allocated earlier when initting a
+  * session, and close the session.
+@@ -488,6 +596,63 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
+        return (ret);
+ }
+ 
++static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
++               void *ptr)
++{
++       switch (type) {
++       case EVP_CTRL_AEAD_SET_MAC_KEY:
++       {
++               /* TODO: what happens with hmac keys larger than 64 bytes? */
++               struct dev_crypto_state *state = ctx->cipher_data;
++               struct session_op *sess = &state->d_sess;
++
++               if ((state->d_fd = get_dev_crypto()) < 0)
++                       return (0);
++
++               /* the rest should have been set in cryptodev_init_aead_key */
++               sess->mackey = ptr;
++               sess->mackeylen = arg;
++
++               if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
++                       put_dev_crypto(state->d_fd);
++                       state->d_fd = -1;
++                       return (0);
++               }
++               return (1);
++       }
++       case EVP_CTRL_AEAD_TLS1_AAD:
++       {
++               /* ptr points to the associated data buffer of 13 bytes */
++               struct dev_crypto_state *state = ctx->cipher_data;
++               unsigned char *p = ptr;
++               unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
++               unsigned int maclen, padlen;
++               unsigned int bs = ctx->cipher->block_size;
++
++               state->aad = ptr;
++               state->aad_len = arg;
++               state->len = cryptlen;
++
++               /* TODO: this should be an extension of EVP_CIPHER struct */
++               switch (ctx->cipher->nid) {
++               case NID_aes_128_cbc_hmac_sha1:
++               case NID_aes_256_cbc_hmac_sha1:
++                       maclen = SHA_DIGEST_LENGTH;
++               }
++
++               /* space required for encryption (not only TLS padding) */
++               padlen = maclen;
++               if (ctx->encrypt) {
++                       cryptlen += maclen;
++                       padlen += bs - (cryptlen % bs);
++               }
++               return padlen;
++       }
++       default:
++               return -1;
++       }
++}
++
+ /*
+  * libcrypto EVP stuff - this is how we get wired to EVP so the engine
+  * gets called when libcrypto requests a cipher NID.
+@@ -600,6 +765,33 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
+        NULL
+ };
+ 
++const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
++       NID_aes_128_cbc_hmac_sha1,
++       16, 16, 16,
++       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++       cryptodev_init_aead_key,
++       cryptodev_aead_cipher,
++       cryptodev_cleanup,
++       sizeof(struct dev_crypto_state),
++       EVP_CIPHER_set_asn1_iv,
++       EVP_CIPHER_get_asn1_iv,
++       cryptodev_cbc_hmac_sha1_ctrl,
++       NULL
++};
++
++const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
++       NID_aes_256_cbc_hmac_sha1,
++       16, 32, 16,
++       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++       cryptodev_init_aead_key,
++       cryptodev_aead_cipher,
++       cryptodev_cleanup,
++       sizeof(struct dev_crypto_state),
++       EVP_CIPHER_set_asn1_iv,
++       EVP_CIPHER_get_asn1_iv,
++       cryptodev_cbc_hmac_sha1_ctrl,
++       NULL
++};
+ /*
+  * Registered by the ENGINE when used to find out how to deal with
+  * a particular NID in the ENGINE. this says what we'll do at the
+@@ -637,6 +829,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+        case NID_aes_256_cbc:
+                *cipher = &cryptodev_aes_256_cbc;
+                break;
++       case NID_aes_128_cbc_hmac_sha1:
++               *cipher = &cryptodev_aes_128_cbc_hmac_sha1;
++               break;
++       case NID_aes_256_cbc_hmac_sha1:
++               *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
++               break;
+        default:
+                *cipher = NULL;
+                break;
+@@ -1384,6 +1582,8 @@ ENGINE_load_cryptodev(void)
+        }
+        put_dev_crypto(fd);
+ 
++       EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
++       EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
+        if (!ENGINE_set_id(engine, "cryptodev") ||
+            !ENGINE_set_name(engine, "BSD cryptodev engine") ||
+            !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
+-- 
+1.8.3.1
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch b/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch
new file mode 100644
index 0000000..b31668e
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch
@@ -0,0 +1,64 @@
+From 084fa469a8fef530d71a0870364df1c7997f6465 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Thu, 31 Jul 2014 14:06:19 +0300
+Subject: [PATCH 03/17] cryptodev: fix algorithm registration
+
+Cryptodev specific algorithms must register only if available in kernel.
+
+Change-Id: Iec5af8f4f3138357e4b96f2ec1627278134e4808
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/15326
+Reviewed-by: Horia Ioan Geanta Neag <horia.geanta@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/17224
+---
+ crypto/engine/eng_cryptodev.c | 20 +++++++++++++++++---
+ 1 file changed, 17 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 7588a28..e3eb98b 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -133,6 +133,8 @@ static int cryptodev_dh_compute_key(unsigned char *key,
+ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
+     void (*f)(void));
+ void ENGINE_load_cryptodev(void);
++const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
++const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
+ 
+ static const ENGINE_CMD_DEFN cryptodev_defns[] = {
+        { 0, NULL, NULL, 0 }
+@@ -342,7 +344,21 @@ get_cryptodev_digests(const int **cnids)
+ static int
+ cryptodev_usable_ciphers(const int **nids)
+ {
+-       return (get_cryptodev_ciphers(nids));
++       int i, count;
++
++       count = get_cryptodev_ciphers(nids);
++       /* add ciphers specific to cryptodev if found in kernel */
++       for(i = 0; i < count; i++) {
++               switch (*(*nids + i)) {
++               case NID_aes_128_cbc_hmac_sha1:
++                       EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
++                       break;
++               case NID_aes_256_cbc_hmac_sha1:
++                       EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
++                       break;
++               }
++       }
++       return count;
+ }
+ 
+ static int
+@@ -1582,8 +1598,6 @@ ENGINE_load_cryptodev(void)
+        }
+        put_dev_crypto(fd);
+ 
+-       EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
+-       EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
+        if (!ENGINE_set_id(engine, "cryptodev") ||
+            !ENGINE_set_name(engine, "BSD cryptodev engine") ||
+            !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
+-- 
+1.8.3.1
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch b/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch
new file mode 100644
index 0000000..af30ad3
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch
@@ -0,0 +1,74 @@
+From 7d770f0324498d1fa78300cc5cecc8c1dcd3b788 Mon Sep 17 00:00:00 2001
+From: Andy Polyakov <appro@openssl.org>
+Date: Sun, 21 Oct 2012 18:19:41 +0000
+Subject: [PATCH 04/17] linux-pcc: make it more robust and recognize
+ KERNEL_BITS variable.
+
+(cherry picked from commit 78c3e20579d3baa159c8b51b59d415b6e521614b)
+
+Change-Id: I769c466f052305681ab54a1b6545d94c7fbf5a9d
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ config          | 19 +++++++++++++------
+ crypto/ppccap.c |  7 +++++++
+ 2 files changed, 20 insertions(+), 6 deletions(-)
+
+diff --git a/config b/config
+index 41fa2a6..f37b9e6 100755
+--- a/config
++++ b/config
+@@ -587,13 +587,20 @@ case "$GUESSOS" in
+        fi
+        ;;
+   ppc64-*-linux2)
+-       echo "WARNING! If you wish to build 64-bit library, then you have to"
+-       echo "         invoke './Configure linux-ppc64' *manually*."
+-       if [ "$TEST" = "false" -a -t 1 ]; then
+-           echo "         You have about 5 seconds to press Ctrl-C to abort."
+-           (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
++       if [ -z "$KERNEL_BITS" ]; then
++           echo "WARNING! If you wish to build 64-bit library, then you have to"
++           echo "         invoke './Configure linux-ppc64' *manually*."
++           if [ "$TEST" = "false" -a -t 1 ]; then
++               echo "         You have about 5 seconds to press Ctrl-C to abort."
++               (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
++           fi
++       fi
++       if [ "$KERNEL_BITS" = "64" ]; then
++           OUT="linux-ppc64"
++       else
++           OUT="linux-ppc"
++           (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || options="$options -m32"
+        fi
+-       OUT="linux-ppc"
+        ;;
+   ppc-*-linux2) OUT="linux-ppc" ;;
+   ppc60x-*-vxworks*) OUT="vxworks-ppc60x" ;;
+diff --git a/crypto/ppccap.c b/crypto/ppccap.c
+index f71ba66..531f1b3 100644
+--- a/crypto/ppccap.c
++++ b/crypto/ppccap.c
+@@ -4,6 +4,9 @@
+ #include <setjmp.h>
+ #include <signal.h>
+ #include <unistd.h>
++#ifdef __linux
++#include <sys/utsname.h>
++#endif
+ #include <crypto.h>
+ #include <openssl/bn.h>
+ 
+@@ -102,6 +105,10 @@ void OPENSSL_cpuid_setup(void)
+ 
+        if (sizeof(size_t)==4)
+                {
++#ifdef __linux
++               struct utsname uts;
++               if (uname(&uts)==0 && strcmp(uts.machine,"ppc64")==0)
++#endif
+                if (sigsetjmp(ill_jmp,1) == 0)
+                        {
+                        OPENSSL_ppc64_probe();
+-- 
+1.8.3.1
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch b/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch
new file mode 100644
index 0000000..cfcf4a6
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch
@@ -0,0 +1,318 @@
+From 15abbcd740eafbf2a46b5da24be76acf4982743d Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Tue, 11 Mar 2014 05:56:54 +0545
+Subject: [PATCH 05/17] ECC Support header for Cryptodev Engine
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ crypto/engine/eng_cryptodev_ec.h | 296 +++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 296 insertions(+)
+ create mode 100644 crypto/engine/eng_cryptodev_ec.h
+
+diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h
+new file mode 100644
+index 0000000..77aee71
+--- /dev/null
++++ b/crypto/engine/eng_cryptodev_ec.h
+@@ -0,0 +1,296 @@
++/*
++ * Copyright (C) 2012 Freescale Semiconductor, Inc.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN
++ * NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
++ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
++ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
++ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
++ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
++ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++#ifndef __ENG_EC_H
++#define __ENG_EC_H
++
++#define SPCF_CPARAM_INIT(X,...) \
++static unsigned char X##_c[] = {__VA_ARGS__} \
++
++#define SPCF_FREE_BN(X) do { if(X) { BN_clear_free(X); X = NULL; } } while (0)
++
++#define SPCF_COPY_CPARAMS(NIDBUF) \
++  do { \
++      memcpy (buf, NIDBUF, buf_len); \
++    } while (0)
++
++#define SPCF_CPARAM_CASE(X) \
++  case NID_##X: \
++      SPCF_COPY_CPARAMS(X##_c); \
++      break
++
++SPCF_CPARAM_INIT(sect113r1, 0x01, 0x73, 0xE8, 0x34, 0xAF, 0x28, 0xEC, 0x76,
++                0xCB, 0x83, 0xBD, 0x8D, 0xFE, 0xB2, 0xD5);
++SPCF_CPARAM_INIT(sect113r2, 0x00, 0x54, 0xD9, 0xF0, 0x39, 0x57, 0x17, 0x4A,
++                0x32, 0x32, 0x91, 0x67, 0xD7, 0xFE, 0x71);
++SPCF_CPARAM_INIT(sect131r1, 0x03, 0xDB, 0x89, 0xB4, 0x05, 0xE4, 0x91, 0x16,
++                0x0E, 0x3B, 0x2F, 0x07, 0xB0, 0xCE, 0x20, 0xB3, 0x7E);
++SPCF_CPARAM_INIT(sect131r2, 0x07, 0xCB, 0xB9, 0x92, 0x0D, 0x71, 0xA4, 0x8E,
++                0x09, 0x9C, 0x38, 0xD7, 0x1D, 0xA6, 0x49, 0x0E, 0xB1);
++SPCF_CPARAM_INIT(sect163k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x01);
++SPCF_CPARAM_INIT(sect163r1, 0x05, 0xED, 0x40, 0x3E, 0xD5, 0x8E, 0xB4, 0x5B,
++                0x1C, 0xCE, 0xCA, 0x0F, 0x4F, 0x61, 0x65, 0x55, 0x49, 0x86,
++                0x1B, 0xE0, 0x52);
++SPCF_CPARAM_INIT(sect163r2, 0x07, 0x2C, 0x4E, 0x1E, 0xF7, 0xCB, 0x2F, 0x3A,
++                0x03, 0x5D, 0x33, 0x10, 0x42, 0x94, 0x15, 0x96, 0x09, 0x13,
++                0x8B, 0xB4, 0x04);
++SPCF_CPARAM_INIT(sect193r1, 0x01, 0x67, 0xB3, 0x5E, 0xB4, 0x31, 0x3F, 0x26,
++                0x3D, 0x0F, 0x7A, 0x3D, 0x50, 0x36, 0xF0, 0xA0, 0xA3, 0xC9,
++                0x80, 0xD4, 0x0E, 0x5A, 0x05, 0x3E, 0xD2);
++SPCF_CPARAM_INIT(sect193r2, 0x00, 0x69, 0x89, 0xFE, 0x6B, 0xFE, 0x30, 0xED,
++                0xDC, 0x32, 0x44, 0x26, 0x9F, 0x3A, 0xAD, 0x18, 0xD6, 0x6C,
++                0xF3, 0xDB, 0x3E, 0x33, 0x02, 0xFA, 0xA8);
++SPCF_CPARAM_INIT(sect233k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x01);
++SPCF_CPARAM_INIT(sect233r1, 0x00, 0x07, 0xD5, 0xEF, 0x43, 0x89, 0xDF, 0xF1,
++                0x1E, 0xCD, 0xBA, 0x39, 0xC3, 0x09, 0x70, 0xD3, 0xCE, 0x35,
++                0xCE, 0xBB, 0xA5, 0x84, 0x73, 0xF6, 0x4B, 0x4D, 0xC0, 0xF2,
++                0x68, 0x6C);
++SPCF_CPARAM_INIT(sect239k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x01);
++SPCF_CPARAM_INIT(sect283k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01);
++SPCF_CPARAM_INIT(sect283r1, 0x03, 0xD8, 0xC9, 0x3D, 0x3B, 0x0E, 0xA8, 0x1D,
++                0x92, 0x94, 0x03, 0x4D, 0x7E, 0xE3, 0x13, 0x5D, 0x0A, 0xC5,
++                0xFC, 0x8D, 0x9C, 0xB0, 0x27, 0x6F, 0x72, 0x11, 0xF8, 0x80,
++                0xF0, 0xD8, 0x1C, 0xA4, 0xC6, 0xE8, 0x7B, 0x38);
++SPCF_CPARAM_INIT(sect409k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x01);
++SPCF_CPARAM_INIT(sect409r1, 0x01, 0x49, 0xB8, 0xB7, 0xBE, 0xBD, 0x9B, 0x63,
++                0x65, 0x3E, 0xF1, 0xCD, 0x8C, 0x6A, 0x5D, 0xD1, 0x05, 0xA2,
++                0xAA, 0xAC, 0x36, 0xFE, 0x2E, 0xAE, 0x43, 0xCF, 0x28, 0xCE,
++                0x1C, 0xB7, 0xC8, 0x30, 0xC1, 0xEC, 0xDB, 0xFA, 0x41, 0x3A,
++                0xB0, 0x7F, 0xE3, 0x5A, 0x57, 0x81, 0x1A, 0xE4, 0xF8, 0x8D,
++                0x30, 0xAC, 0x63, 0xFB);
++SPCF_CPARAM_INIT(sect571k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x01);
++SPCF_CPARAM_INIT(sect571r1, 0x06, 0x39, 0x5D, 0xB2, 0x2A, 0xB5, 0x94, 0xB1,
++                0x86, 0x8C, 0xED, 0x95, 0x25, 0x78, 0xB6, 0x53, 0x9F, 0xAB,
++                0xA6, 0x94, 0x06, 0xD9, 0xB2, 0x98, 0x61, 0x23, 0xA1, 0x85,
++                0xC8, 0x58, 0x32, 0xE2, 0x5F, 0xD5, 0xB6, 0x38, 0x33, 0xD5,
++                0x14, 0x42, 0xAB, 0xF1, 0xA9, 0xC0, 0x5F, 0xF0, 0xEC, 0xBD,
++                0x88, 0xD7, 0xF7, 0x79, 0x97, 0xF4, 0xDC, 0x91, 0x56, 0xAA,
++                0xF1, 0xCE, 0x08, 0x16, 0x46, 0x86, 0xDD, 0xFF, 0x75, 0x11,
++                0x6F, 0xBC, 0x9A, 0x7A);
++SPCF_CPARAM_INIT(X9_62_c2pnb163v1, 0x04, 0x53, 0xE1, 0xE4, 0xB7, 0x29, 0x1F,
++                0x5C, 0x2D, 0x53, 0xCE, 0x18, 0x48, 0x3F, 0x00, 0x70, 0x81,
++                0xE7, 0xEA, 0x26, 0xEC);
++SPCF_CPARAM_INIT(X9_62_c2pnb163v2, 0x04, 0x35, 0xC0, 0x19, 0x66, 0x0E, 0x01,
++                0x01, 0xBA, 0x87, 0x0C, 0xA3, 0x9F, 0xD9, 0xA7, 0x76, 0x86,
++                0x50, 0x9D, 0x28, 0x13);
++SPCF_CPARAM_INIT(X9_62_c2pnb163v3, 0x06, 0x55, 0xC4, 0x54, 0xE4, 0x1E, 0x38,
++                0x0C, 0x7A, 0x60, 0xB6, 0x67, 0x9A, 0x5B, 0x7A, 0x3F, 0x3A,
++                0xF6, 0x8E, 0x22, 0xC5);
++SPCF_CPARAM_INIT(X9_62_c2pnb176v1, 0x00, 0x69, 0xF7, 0xDA, 0x36, 0x19, 0xA7,
++                0x42, 0xA3, 0x82, 0xFF, 0x05, 0x08, 0x8F, 0xD3, 0x99, 0x42,
++                0xCA, 0x0F, 0x1D, 0x90, 0xB6, 0x5B);
++SPCF_CPARAM_INIT(X9_62_c2tnb191v1, 0x4C, 0x45, 0x25, 0xAB, 0x0B, 0x68, 0x4A,
++                0x64, 0x44, 0x62, 0x0A, 0x86, 0x45, 0xEF, 0x54, 0x6D, 0x54,
++                0x69, 0x39, 0x68, 0xC2, 0xAE, 0x84, 0xAC);
++SPCF_CPARAM_INIT(X9_62_c2tnb191v2, 0x03, 0x7C, 0x8F, 0x57, 0xA2, 0x25, 0xC7,
++                0xB3, 0xD4, 0xED, 0xD5, 0x88, 0x0F, 0x38, 0x0A, 0xCC, 0x55,
++                0x74, 0xEC, 0xB3, 0x6C, 0x9F, 0x51, 0x21);
++SPCF_CPARAM_INIT(X9_62_c2tnb191v3, 0x37, 0x39, 0xFF, 0x98, 0xB4, 0xD1, 0x69,
++                0x3E, 0xCF, 0x52, 0x7A, 0x98, 0x51, 0xED, 0xCF, 0x99, 0x9D,
++                0x9E, 0x75, 0x05, 0x43, 0x33, 0x43, 0x24);
++SPCF_CPARAM_INIT(X9_62_c2pnb208w1, 0x00, 0xDB, 0x05, 0x3C, 0x41, 0x76, 0xCC,
++                0x1D, 0xA1, 0x27, 0x85, 0x2C, 0xA6, 0xD9, 0x88, 0xBE, 0x1A,
++                0xCC, 0xD1, 0x5B, 0x2A, 0xC1, 0xC1, 0x07, 0x42, 0x57, 0x34);
++SPCF_CPARAM_INIT(X9_62_c2tnb239v1, 0x24, 0x59, 0xFC, 0xF4, 0x51, 0x7B, 0xC5,
++                0xA6, 0xB9, 0x9B, 0xE5, 0xC6, 0xC5, 0x62, 0x85, 0xC0, 0x21,
++                0xFE, 0x32, 0xEE, 0x2B, 0x6F, 0x1C, 0x22, 0xEA, 0x5B, 0xE1,
++                0xB8, 0x4B, 0x93);
++SPCF_CPARAM_INIT(X9_62_c2tnb239v2, 0x64, 0x98, 0x84, 0x19, 0x3B, 0x56, 0x2D,
++                0x4A, 0x50, 0xB4, 0xFA, 0x56, 0x34, 0xE0, 0x34, 0x41, 0x3F,
++                0x94, 0xC4, 0x59, 0xDA, 0x7C, 0xDB, 0x16, 0x64, 0x9D, 0xDD,
++                0xF7, 0xE6, 0x0A);
++SPCF_CPARAM_INIT(X9_62_c2tnb239v3, 0x32, 0x63, 0x2E, 0x65, 0x2B, 0xEE, 0x91,
++                0xC2, 0xE4, 0xA2, 0xF5, 0x42, 0xA3, 0x2D, 0x67, 0xA8, 0xB5,
++                0xB4, 0x5F, 0x21, 0xA0, 0x81, 0x02, 0xFB, 0x1F, 0x2A, 0xFB,
++                0xB6, 0xAC, 0xDA);
++SPCF_CPARAM_INIT(X9_62_c2pnb272w1, 0x00, 0xDA, 0x7B, 0x60, 0x28, 0xF4, 0xC8,
++                0x09, 0xA0, 0xB9, 0x78, 0x81, 0xC3, 0xA5, 0x7E, 0x4D, 0x71,
++                0x81, 0x34, 0xD1, 0x3F, 0xEC, 0xE0, 0x90, 0x85, 0x8A, 0xC3,
++                0x1A, 0xE2, 0xDC, 0x2E, 0xDF, 0x8E, 0x3C, 0x8B);
++SPCF_CPARAM_INIT(X9_62_c2pnb304w1, 0x00, 0x3C, 0x67, 0xB4, 0x07, 0xC6, 0xF3,
++                0x3F, 0x81, 0x0B, 0x17, 0xDC, 0x16, 0xE2, 0x14, 0x8A, 0x2C,
++                0x9C, 0xE2, 0x9D, 0x56, 0x05, 0x23, 0x69, 0x6A, 0x55, 0x93,
++                0x8A, 0x15, 0x40, 0x81, 0xE3, 0xE3, 0xAE, 0xFB, 0xCE, 0x45,
++                0x70, 0xC9);
++SPCF_CPARAM_INIT(X9_62_c2tnb359v1, 0x22, 0x39, 0xAA, 0x58, 0x4A, 0xC5, 0x9A,
++                0xF9, 0x61, 0xD0, 0xFA, 0x2D, 0x52, 0x85, 0xB6, 0xFD, 0xF7,
++                0x34, 0x9B, 0xC6, 0x0E, 0x91, 0xE3, 0x20, 0xF4, 0x71, 0x64,
++                0xCE, 0x11, 0xF5, 0x18, 0xEF, 0xB4, 0xC0, 0x8B, 0x9B, 0xDA,
++                0x99, 0x9A, 0x8A, 0x37, 0xF8, 0x2A, 0x22, 0x61);
++SPCF_CPARAM_INIT(X9_62_c2pnb368w1, 0x00, 0xC0, 0x6C, 0xCF, 0x42, 0x89, 0x3A,
++                0x8A, 0xAA, 0x00, 0x1E, 0x0B, 0xC0, 0xD2, 0xA2, 0x27, 0x66,
++                0xEF, 0x3E, 0x41, 0x88, 0x7C, 0xC6, 0x77, 0x6F, 0x4A, 0x04,
++                0x1E, 0xE4, 0x45, 0x14, 0xB2, 0x0A, 0xFC, 0x4E, 0x5C, 0x30,
++                0x40, 0x60, 0x06, 0x5B, 0xC8, 0xD6, 0xCF, 0x04, 0xD3, 0x25);
++SPCF_CPARAM_INIT(X9_62_c2tnb431r1, 0x64, 0xF5, 0xBB, 0xE9, 0xBB, 0x31, 0x66,
++                0xA3, 0xA0, 0x2F, 0x2F, 0x22, 0xBF, 0x05, 0xD9, 0xF7, 0xDA,
++                0x43, 0xEE, 0x70, 0xC1, 0x79, 0x03, 0x15, 0x2B, 0x70, 0xA0,
++                0xB4, 0x25, 0x9B, 0xD2, 0xFC, 0xB2, 0x20, 0x3B, 0x7F, 0xB8,
++                0xD3, 0x39, 0x4E, 0x20, 0xEB, 0x0E, 0xA9, 0x84, 0xDD, 0xB1,
++                0xE1, 0xF1, 0x4C, 0x67, 0xB1, 0x36, 0x2B);
++SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01);
++SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x01);
++SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls4, 0x01, 0x73, 0xE8, 0x34, 0xAF, 0x28,
++                0xEC, 0x76, 0xCB, 0x83, 0xBD, 0x8D, 0xFE, 0xB2, 0xD5);
++SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls5, 0x04, 0x53, 0xE1, 0xE4, 0xB7, 0x29,
++                0x1F, 0x5C, 0x2D, 0x53, 0xCE, 0x18, 0x48, 0x3F, 0x00, 0x70,
++                0x81, 0xE7, 0xEA, 0x26, 0xEC);
++SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++                0x00, 0x00, 0x00, 0x01);
++SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls11, 0x00, 0x07, 0xD5, 0xEF, 0x43, 0x89,
++                0xDF, 0xF1, 0x1E, 0xCD, 0xBA, 0x39, 0xC3, 0x09, 0x70, 0xD3,
++                0xCE, 0x35, 0xCE, 0xBB, 0xA5, 0x84, 0x73, 0xF6, 0x4B, 0x4D,
++                0xC0, 0xF2, 0x68, 0x6C);
++/* Oakley curve #3 over 155 bit binary filed */
++SPCF_CPARAM_INIT(ipsec3, 0x00, 0x31, 0x10, 0x00, 0x00, 0x02, 0x23, 0xA0, 0x00,
++                0xC4, 0x47, 0x40, 0x00, 0x08, 0x8E, 0x80, 0x00, 0x11, 0x1D,
++                0x1D);
++/* Oakley curve #4 over 185 bit binary filed */
++SPCF_CPARAM_INIT(ipsec4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00,
++                0x01, 0x80, 0x00, 0xC0, 0x0C, 0x00, 0x00, 0x00, 0x63, 0x80,
++                0x30, 0x00, 0x1C, 0x00, 0x09);
++
++static inline int
++eng_ec_get_cparam(int nid, unsigned char *buf, unsigned int buf_len)
++{
++       int ret = 0;
++       switch (nid) {
++               SPCF_CPARAM_CASE(sect113r1);
++               SPCF_CPARAM_CASE(sect113r2);
++               SPCF_CPARAM_CASE(sect131r1);
++               SPCF_CPARAM_CASE(sect131r2);
++               SPCF_CPARAM_CASE(sect163k1);
++               SPCF_CPARAM_CASE(sect163r1);
++               SPCF_CPARAM_CASE(sect163r2);
++               SPCF_CPARAM_CASE(sect193r1);
++               SPCF_CPARAM_CASE(sect193r2);
++               SPCF_CPARAM_CASE(sect233k1);
++               SPCF_CPARAM_CASE(sect233r1);
++               SPCF_CPARAM_CASE(sect239k1);
++               SPCF_CPARAM_CASE(sect283k1);
++               SPCF_CPARAM_CASE(sect283r1);
++               SPCF_CPARAM_CASE(sect409k1);
++               SPCF_CPARAM_CASE(sect409r1);
++               SPCF_CPARAM_CASE(sect571k1);
++               SPCF_CPARAM_CASE(sect571r1);
++               SPCF_CPARAM_CASE(X9_62_c2pnb163v1);
++               SPCF_CPARAM_CASE(X9_62_c2pnb163v2);
++               SPCF_CPARAM_CASE(X9_62_c2pnb163v3);
++               SPCF_CPARAM_CASE(X9_62_c2pnb176v1);
++               SPCF_CPARAM_CASE(X9_62_c2tnb191v1);
++               SPCF_CPARAM_CASE(X9_62_c2tnb191v2);
++               SPCF_CPARAM_CASE(X9_62_c2tnb191v3);
++               SPCF_CPARAM_CASE(X9_62_c2pnb208w1);
++               SPCF_CPARAM_CASE(X9_62_c2tnb239v1);
++               SPCF_CPARAM_CASE(X9_62_c2tnb239v2);
++               SPCF_CPARAM_CASE(X9_62_c2tnb239v3);
++               SPCF_CPARAM_CASE(X9_62_c2pnb272w1);
++               SPCF_CPARAM_CASE(X9_62_c2pnb304w1);
++               SPCF_CPARAM_CASE(X9_62_c2tnb359v1);
++               SPCF_CPARAM_CASE(X9_62_c2pnb368w1);
++               SPCF_CPARAM_CASE(X9_62_c2tnb431r1);
++               SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls1);
++               SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls3);
++               SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls4);
++               SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls5);
++               SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls10);
++               SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls11);
++               /* Oakley curve #3 over 155 bit binary filed */
++               SPCF_CPARAM_CASE(ipsec3);
++               /* Oakley curve #4 over 185 bit binary filed */
++               SPCF_CPARAM_CASE(ipsec4);
++       default:
++               ret = -EINVAL;
++               break;
++       }
++       return ret;
++}
++
++/* Copies the curve points to a flat buffer with appropriate padding */
++static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y,
++                                                  int xy_len, int crv_len)
++{
++       unsigned char *xy = NULL;
++       int len1 = 0, len2 = 0;
++
++       len1 = BN_num_bytes(x);
++       len2 = BN_num_bytes(y);
++
++       if (!(xy = malloc(xy_len))) {
++               return NULL;
++       }
++
++       memset(xy, 0, xy_len);
++
++       if (len1 < crv_len) {
++               if (!BN_is_zero(x))
++                       BN_bn2bin(x, xy + (crv_len - len1));
++       }  else {
++               BN_bn2bin(x, xy);
++       }
++
++       if (len2 < crv_len) {
++               if (!BN_is_zero(y))
++                       BN_bn2bin(y, xy+crv_len+(crv_len-len2));
++       } else {
++               BN_bn2bin(y, xy+crv_len);
++       }
++
++       return xy;
++}
++
++enum curve_t {
++       DISCRETE_LOG,
++       ECC_PRIME,
++       ECC_BINARY,
++       MAX_ECC_TYPE
++};
++#endif
+-- 
+1.8.3.1
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch b/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch
new file mode 100644
index 0000000..41f48a2
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch
@@ -0,0 +1,33 @@
+From 39a9e609290a8a1163a721915bcde0c7cf8f92f7 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Tue, 11 Mar 2014 05:57:47 +0545
+Subject: [PATCH 06/17] Fixed private key support for DH
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ crypto/dh/dh_ameth.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
+index 02ec2d4..ed32004 100644
+--- a/crypto/dh/dh_ameth.c
++++ b/crypto/dh/dh_ameth.c
+@@ -422,6 +422,13 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+        if (to->pkey.dh->g != NULL)
+                BN_free(to->pkey.dh->g);
+        to->pkey.dh->g=a;
++       if ((a=BN_dup(from->pkey.dh->q)) != NULL) {
++               if (to->pkey.dh->q != NULL)
++                       BN_free(to->pkey.dh->q);
++               to->pkey.dh->q=a;
++       }
++
++       to->pkey.dh->length = from->pkey.dh->length;
+ 
+        return 1;
+        }
+-- 
+1.8.3.1
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch b/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch
new file mode 100644
index 0000000..f507fff
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch
@@ -0,0 +1,35 @@
+From 8322e4157bf49d992b5b9e460f2c0785865dd1c1 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Thu, 20 Mar 2014 19:55:51 -0500
+Subject: [PATCH 07/17] Fixed private key support for DH
+
+Upstream-status: Pending
+
+Required Length of the DH result is not returned in dh method in openssl
+
+Tested-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ crypto/dh/dh_ameth.c | 7 -------
+ 1 file changed, 7 deletions(-)
+
+diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
+index ed32004..02ec2d4 100644
+--- a/crypto/dh/dh_ameth.c
++++ b/crypto/dh/dh_ameth.c
+@@ -422,13 +422,6 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+        if (to->pkey.dh->g != NULL)
+                BN_free(to->pkey.dh->g);
+        to->pkey.dh->g=a;
+-       if ((a=BN_dup(from->pkey.dh->q)) != NULL) {
+-               if (to->pkey.dh->q != NULL)
+-                       BN_free(to->pkey.dh->q);
+-               to->pkey.dh->q=a;
+-       }
+-
+-       to->pkey.dh->length = from->pkey.dh->length;
+ 
+        return 1;
+        }
+-- 
+1.8.3.1
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch
new file mode 100644
index 0000000..6903c88
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch
@@ -0,0 +1,1564 @@
+From 107a10d45db0f2e58482f698add04ed9183f7268 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Tue, 11 Mar 2014 06:29:52 +0545
+Subject: [PATCH 08/17] Initial support for PKC in cryptodev engine
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 1343 ++++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 1183 insertions(+), 160 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index e3eb98b..7ee314b 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -54,11 +54,14 @@ ENGINE_load_cryptodev(void)
+ #else 
+  
+ #include <sys/types.h>
+-#include <crypto/cryptodev.h>
+ #include <crypto/dh/dh.h>
+ #include <crypto/dsa/dsa.h>
+ #include <crypto/err/err.h>
+ #include <crypto/rsa/rsa.h>
++#include <crypto/ecdsa/ecs_locl.h>
++#include <crypto/ecdh/ech_locl.h>
++#include <crypto/ec/ec_lcl.h>
++#include <crypto/ec/ec.h>
+ #include <sys/ioctl.h>
+ #include <errno.h>
+ #include <stdio.h>
+@@ -68,6 +71,8 @@ ENGINE_load_cryptodev(void)
+ #include <syslog.h>
+ #include <errno.h>
+ #include <string.h>
++#include "eng_cryptodev_ec.h"
++#include <crypto/cryptodev.h>
+ 
+ struct dev_crypto_state {
+        struct session_op d_sess;
+@@ -116,18 +121,10 @@ static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
+ static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
+     RSA *rsa, BN_CTX *ctx);
+ static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
+-static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
+-    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+-static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+-    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+-    BN_CTX *ctx, BN_MONT_CTX *mont);
+ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,
+     int dlen, DSA *dsa);
+ static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
+     DSA_SIG *sig, DSA *dsa);
+-static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+-    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+-    BN_MONT_CTX *m_ctx);
+ static int cryptodev_dh_compute_key(unsigned char *key,
+     const BIGNUM *pub_key, DH *dh);
+ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
+@@ -136,6 +133,102 @@ void ENGINE_load_cryptodev(void);
+ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
+ 
++inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin,  int *bin_len)
++{
++       int len;
++       unsigned char *p;
++
++       len = BN_num_bytes(bn);
++
++       if (!len)
++               return -1;
++
++       p = malloc(len);
++       if (!p)
++               return -1;
++
++       BN_bn2bin(bn,p);
++
++       *bin = p;
++       *bin_len = len;
++
++       return 0;
++}
++
++inline int spcf_bn2bin_ex(BIGNUM *bn, unsigned char **bin,  int *bin_len)
++{
++       int len;
++       unsigned char *p;
++
++       len = BN_num_bytes(bn);
++
++       if (!len)
++               return -1;
++
++       if (len < *bin_len)
++               p = malloc(*bin_len);
++       else
++               p = malloc(len);
++
++       if (!p)
++               return -ENOMEM;
++
++       if (len < *bin_len) {
++               /* place padding */
++               memset(p, 0, (*bin_len - len));
++               BN_bn2bin(bn,p+(*bin_len-len));
++       } else {
++               BN_bn2bin(bn,p);
++       }
++
++       *bin = p;
++       if (len >= *bin_len)
++               *bin_len = len;
++
++       return 0;
++}
++
++/**
++ * Convert an ECC F2m 'b' parameter into the 'c' parameter.
++ *Inputs:
++ * q, the curve's modulus
++ * b, the curve's b parameter
++ * (a bignum for b, a buffer for c)
++ * Output:
++ * c, written into bin, right-adjusted to fill q_len bytes.
++ */
++static int
++eng_ec_compute_cparam(const BIGNUM* b, const BIGNUM* q,
++                       unsigned char **bin, int *bin_len)
++{
++       BIGNUM* c = BN_new();
++       BIGNUM* exp = BN_new();
++       BN_CTX *ctx = BN_CTX_new();
++       int m = BN_num_bits(q) - 1;
++       int ok = 0;
++
++       if (!c || !exp || !ctx || *bin)
++               goto err;
++
++       /*
++        * We have to compute c, where b = c^4, i.e., the fourth root of b.
++        * The equation for c is c = b^(2^(m-2))
++        * Compute exp = 2^(m-2)
++        * (1 << x) == 2^x
++        * and then compute c = b^exp
++        */
++       BN_lshift(exp, BN_value_one(), m-2);
++       BN_GF2m_mod_exp(c, b, exp, q, ctx);
++       /* Store c */
++       spcf_bn2bin_ex(c, bin, bin_len);
++       ok = 1;
++err:
++       if (ctx) BN_CTX_free(ctx);
++       if (c) BN_free(c);
++       if (exp) BN_free(exp);
++       return ok;
++}
++
+ static const ENGINE_CMD_DEFN cryptodev_defns[] = {
+        { 0, NULL, NULL, 0 }
+ };
+@@ -1139,7 +1232,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+ static int
+ bn2crparam(const BIGNUM *a, struct crparam *crp)
+ {
+-       int i, j, k;
+        ssize_t bytes, bits;
+        u_char *b;
+ 
+@@ -1156,15 +1248,7 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
+ 
+        crp->crp_p = (caddr_t) b;
+        crp->crp_nbits = bits;
+-
+-       for (i = 0, j = 0; i < a->top; i++) {
+-               for (k = 0; k < BN_BITS2 / 8; k++) {
+-                       if ((j + k) >= bytes)
+-                               return (0);
+-                       b[j + k] = a->d[i] >> (k * 8);
+-               }
+-               j += BN_BITS2 / 8;
+-       }
++       BN_bn2bin(a, crp->crp_p);
+        return (0);
+ }
+ 
+@@ -1172,22 +1256,14 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
+ static int
+ crparam2bn(struct crparam *crp, BIGNUM *a)
+ {
+-       u_int8_t *pd;
+-       int i, bytes;
++       int bytes;
+ 
+        bytes = (crp->crp_nbits + 7) / 8;
+ 
+        if (bytes == 0)
+                return (-1);
+ 
+-       if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
+-               return (-1);
+-
+-       for (i = 0; i < bytes; i++)
+-               pd[i] = crp->crp_p[bytes - i - 1];
+-
+-       BN_bin2bn(pd, bytes, a);
+-       free(pd);
++       BN_bin2bn(crp->crp_p, bytes, a);
+ 
+        return (0);
+ }
+@@ -1235,6 +1311,32 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
+        return (ret);
+ }
+ 
++/* Close an opened instance of cryptodev engine */
++void cryptodev_close_instance(void *handle)
++{
++       int fd;
++
++       if (handle) {
++               fd = *(int *)handle;
++               close(fd);
++               free(handle);
++       }
++}
++
++/* Create an instance of cryptodev for asynchronous interface */
++void *cryptodev_init_instance(void)
++{
++       int *fd = malloc(sizeof(int));
++
++       if (fd) {
++               if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) {
++                       free(fd);
++                       return NULL;
++               }
++       }
++       return fd;
++}
++
+ static int
+ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+@@ -1250,9 +1352,9 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                return (ret);
+        }
+ 
+-       memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_MOD_EXP;
+-
++       kop.crk_oparams = 0;
++       kop.crk_status = 0;
+        /* inputs: a^p % m */
+        if (bn2crparam(a, &kop.crk_param[0]))
+                goto err;
+@@ -1293,28 +1395,38 @@ static int
+ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+ {
+        struct crypt_kop kop;
+-       int ret = 1;
++       int ret = 1, f_len, p_len, q_len;
++       unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq = NULL, *c = NULL;
+ 
+        if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+                /* XXX 0 means failure?? */
+                return (0);
+        }
+ 
+-       memset(&kop, 0, sizeof kop);
++       kop.crk_oparams = 0;
++       kop.crk_status = 0;
+        kop.crk_op = CRK_MOD_EXP_CRT;
++       f_len = BN_num_bytes(rsa->n);
++       spcf_bn2bin_ex(I, &f, &f_len);
++       spcf_bn2bin(rsa->p, &p, &p_len);
++       spcf_bn2bin(rsa->q, &q, &q_len);
++       spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
++       spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
++       spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
+        /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
+-       if (bn2crparam(rsa->p, &kop.crk_param[0]))
+-               goto err;
+-       if (bn2crparam(rsa->q, &kop.crk_param[1]))
+-               goto err;
+-       if (bn2crparam(I, &kop.crk_param[2]))
+-               goto err;
+-       if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
+-               goto err;
+-       if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
+-               goto err;
+-       if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
+-               goto err;
++       kop.crk_param[0].crp_p = p;
++       kop.crk_param[0].crp_nbits = p_len * 8;
++       kop.crk_param[1].crp_p = q;
++       kop.crk_param[1].crp_nbits = q_len * 8;
++       kop.crk_param[2].crp_p = f;
++       kop.crk_param[2].crp_nbits = f_len * 8;
++       kop.crk_param[3].crp_p = dp;
++       kop.crk_param[3].crp_nbits = p_len * 8;
++       /* dq must of length q, rest all of length p*/
++       kop.crk_param[4].crp_p = dq;
++       kop.crk_param[4].crp_nbits = q_len * 8;
++       kop.crk_param[5].crp_p = c;
++       kop.crk_param[5].crp_nbits = p_len * 8;
+        kop.crk_iparams = 6;
+ 
+        if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
+@@ -1350,90 +1462,117 @@ static RSA_METHOD cryptodev_rsa = {
+        NULL                            /* rsa_verify */
+ };
+ 
+-static int
+-cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+-    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+-{
+-       return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+-}
+-
+-static int
+-cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+-    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+-    BN_CTX *ctx, BN_MONT_CTX *mont)
++static DSA_SIG *
++cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+ {
+-       BIGNUM t2;
+-       int ret = 0;
+-
+-       BN_init(&t2);
+-
+-       /* v = ( g^u1 * y^u2 mod p ) mod q */
+-       /* let t1 = g ^ u1 mod p */
+-       ret = 0;
++       struct crypt_kop kop;
++       BIGNUM *c = NULL, *d = NULL;
++       DSA_SIG *dsaret = NULL;
++       int q_len = 0, r_len = 0, g_len = 0;
++       int priv_key_len = 0, ret;
++       unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f = NULL;
+ 
+-       if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
++       memset(&kop, 0, sizeof kop);
++       if ((c = BN_new()) == NULL) {
++               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+                goto err;
++       }
+ 
+-       /* let t2 = y ^ u2 mod p */
+-       if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
++       if ((d = BN_new()) == NULL) {
++               BN_free(c);
++               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+                goto err;
+-       /* let u1 = t1 * t2 mod p */
+-       if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
++       }
++
++       if (spcf_bn2bin(dsa->p, &q, &q_len)) {
++               DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+                goto err;
++       }
+ 
+-       BN_copy(t1,u1);
++       /* Get order of the field of private keys into plain buffer */
++       if (spcf_bn2bin (dsa->q, &r, &r_len)) {
++               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
+ 
+-       ret = 1;
+-err:
+-       BN_free(&t2);
+-       return(ret);
+-}
++       /* sanity test */
++       if (dlen > r_len) {
++               DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
++               goto err;
++       }
+ 
+-static DSA_SIG *
+-cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+-{
+-       struct crypt_kop kop;
+-       BIGNUM *r = NULL, *s = NULL;
+-       DSA_SIG *dsaret = NULL;
++       g_len = q_len;
++       /**
++        * Get generator into a plain buffer. If length is less than
++        * q_len then add leading padding bytes.
++        */
++       if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
++               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
+ 
+-       if ((r = BN_new()) == NULL)
++       priv_key_len = r_len;
++       /**
++        * Get private key into a plain buffer. If length is less than
++        * r_len then add leading padding bytes.
++        */
++        if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) {
++               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+                goto err;
+-       if ((s = BN_new()) == NULL) {
+-               BN_free(r);
++       }
++
++       /* Allocate memory to store hash. */
++       f = OPENSSL_malloc (r_len);
++       if (!f) {
++               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+ 
+-       memset(&kop, 0, sizeof kop);
++       /* Add padding, since SEC expects hash to of size r_len */
++       if (dlen < r_len)
++               memset(f, 0, r_len - dlen);
++
++       /* Skip leading bytes if dgst_len < r_len */
++       memcpy(f + r_len - dlen, dgst, dlen);
++
+        kop.crk_op = CRK_DSA_SIGN;
+ 
+        /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+-       kop.crk_param[0].crp_p = (caddr_t)dgst;
+-       kop.crk_param[0].crp_nbits = dlen * 8;
+-       if (bn2crparam(dsa->p, &kop.crk_param[1]))
+-               goto err;
+-       if (bn2crparam(dsa->q, &kop.crk_param[2]))
+-               goto err;
+-       if (bn2crparam(dsa->g, &kop.crk_param[3]))
+-               goto err;
+-       if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
+-               goto err;
++       kop.crk_param[0].crp_p = (void*)f;
++       kop.crk_param[0].crp_nbits = r_len * 8;
++       kop.crk_param[1].crp_p = (void*)q;
++       kop.crk_param[1].crp_nbits = q_len * 8;
++       kop.crk_param[2].crp_p = (void*)r;
++       kop.crk_param[2].crp_nbits = r_len * 8;
++       kop.crk_param[3].crp_p = (void*)g;
++       kop.crk_param[3].crp_nbits = g_len * 8;
++       kop.crk_param[4].crp_p = (void*)priv_key;
++       kop.crk_param[4].crp_nbits = priv_key_len * 8;
+        kop.crk_iparams = 5;
+ 
+-       if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
+-           BN_num_bytes(dsa->q), s) == 0) {
+-               dsaret = DSA_SIG_new();
+-               dsaret->r = r;
+-               dsaret->s = s;
+-       } else {
+-               const DSA_METHOD *meth = DSA_OpenSSL();
+-               BN_free(r);
+-               BN_free(s);
+-               dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
++       ret = cryptodev_asym(&kop, r_len, c, r_len, d);
++
++       if (ret) {
++               DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DECODE_ERROR);
++               goto err;
+        }
+-err:
+-       kop.crk_param[0].crp_p = NULL;
++
++       dsaret = DSA_SIG_new();
++       dsaret->r = c;
++       dsaret->s = d;
++
+        zapparams(&kop);
+        return (dsaret);
++err:
++       {
++               const DSA_METHOD *meth = DSA_OpenSSL();
++               if (c)
++                       BN_free(c);
++               if (d)
++                       BN_free(d);
++               dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
++               return (dsaret);
++       }
+ }
+ 
+ static int
+@@ -1441,42 +1580,179 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
+     DSA_SIG *sig, DSA *dsa)
+ {
+        struct crypt_kop kop;
+-       int dsaret = 1;
++       int dsaret = 1, q_len = 0, r_len = 0, g_len = 0;
++       int w_len = 0 ,c_len = 0, d_len = 0, ret = -1;
++       unsigned char   * q = NULL, * r = NULL, * w = NULL, * g = NULL;
++       unsigned char   * c = NULL, * d = NULL, *f = NULL;
+ 
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_DSA_VERIFY;
+ 
+-       /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
+-       kop.crk_param[0].crp_p = (caddr_t)dgst;
+-       kop.crk_param[0].crp_nbits = dlen * 8;
+-       if (bn2crparam(dsa->p, &kop.crk_param[1]))
++       if (spcf_bn2bin(dsa->p, &q, &q_len)) {
++               DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               return ret;
++       }
++
++       /* Get Order of field of private keys */
++       if (spcf_bn2bin(dsa->q, &r, &r_len)) {
++               DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+                goto err;
+-       if (bn2crparam(dsa->q, &kop.crk_param[2]))
++       }
++
++       g_len = q_len;
++       /**
++        * Get generator into a plain buffer. If length is less than
++        * q_len then add leading padding bytes.
++        */
++       if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
++               DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+                goto err;
+-       if (bn2crparam(dsa->g, &kop.crk_param[3]))
++       }
++       w_len = q_len;
++       /**
++        * Get public key into a plain buffer. If length is less than
++        * q_len then add leading padding bytes.
++        */
++       if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) {
++               DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++       /**
++        * Get the 1st part of signature into a flat buffer with
++        * appropriate padding
++        */
++       c_len = r_len;
++
++       if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+                goto err;
+-       if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
++       }
++
++       /**
++        * Get the 2nd part of signature into a flat buffer with
++        * appropriate padding
++        */
++       d_len = r_len;
++
++       if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+                goto err;
+-       if (bn2crparam(sig->r, &kop.crk_param[5]))
++       }
++
++
++       /* Sanity test */
++       if (dlen > r_len) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+                goto err;
+-       if (bn2crparam(sig->s, &kop.crk_param[6]))
++       }
++
++       /* Allocate memory to store hash. */
++       f = OPENSSL_malloc (r_len);
++       if (!f) {
++               DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+                goto err;
++       }
++
++       /* Add padding, since SEC expects hash to of size r_len */
++       if (dlen < r_len)
++               memset(f, 0, r_len - dlen);
++
++       /* Skip leading bytes if dgst_len < r_len */
++       memcpy(f + r_len - dlen, dgst, dlen);
++
++       /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
++       kop.crk_param[0].crp_p = (void*)f;
++       kop.crk_param[0].crp_nbits = r_len * 8;
++       kop.crk_param[1].crp_p = q;
++       kop.crk_param[1].crp_nbits = q_len * 8;
++       kop.crk_param[2].crp_p = r;
++       kop.crk_param[2].crp_nbits = r_len * 8;
++       kop.crk_param[3].crp_p = g;
++       kop.crk_param[3].crp_nbits = g_len * 8;
++       kop.crk_param[4].crp_p = w;
++       kop.crk_param[4].crp_nbits = w_len * 8;
++       kop.crk_param[5].crp_p = c;
++       kop.crk_param[5].crp_nbits = c_len * 8;
++       kop.crk_param[6].crp_p = d;
++       kop.crk_param[6].crp_nbits = d_len * 8;
+        kop.crk_iparams = 7;
+ 
+-       if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
+-/*OCF success value is 0, if not zero, change dsaret to fail*/
+-               if(0 != kop.crk_status) dsaret  = 0;
+-       } else {
+-               const DSA_METHOD *meth = DSA_OpenSSL();
++       if ((cryptodev_asym(&kop, 0, NULL, 0, NULL))) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR);
++               goto err;
++       }
+ 
+-               dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
++       /*OCF success value is 0, if not zero, change dsaret to fail*/
++       if(0 != kop.crk_status) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR);
++               goto err;
+        }
+-err:
+-       kop.crk_param[0].crp_p = NULL;
++
+        zapparams(&kop);
+        return (dsaret);
++err:
++       {
++               const DSA_METHOD *meth = DSA_OpenSSL();
++
++               dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
++       }
++       return dsaret;
+ }
+ 
++/* Cryptodev DSA Key Gen routine */
++static int cryptodev_dsa_keygen(DSA *dsa)
++{
++       struct crypt_kop kop;
++       int ret = 1, g_len;
++       unsigned char *g = NULL;
++
++       if (dsa->priv_key == NULL)      {
++               if ((dsa->priv_key=BN_new()) == NULL)
++                       goto sw_try;
++       }
++
++       if (dsa->pub_key == NULL) {
++               if ((dsa->pub_key=BN_new()) == NULL)
++                       goto sw_try;
++       }
++
++       g_len = BN_num_bytes(dsa->p);
++       /**
++        * Get generator into a plain buffer. If length is less than
++        * p_len then add leading padding bytes.
++        */
++       if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
++               DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
++               goto sw_try;
++       }
++
++       memset(&kop, 0, sizeof kop);
++
++       kop.crk_op = CRK_DSA_GENERATE_KEY;
++       if (bn2crparam(dsa->p, &kop.crk_param[0]))
++               goto sw_try;
++       if (bn2crparam(dsa->q, &kop.crk_param[1]))
++               goto sw_try;
++       kop.crk_param[2].crp_p = g;
++       kop.crk_param[2].crp_nbits = g_len * 8;
++       kop.crk_iparams = 3;
++
++       /* pub_key is or prime length while priv key is of length of order */
++       if (cryptodev_asym(&kop, BN_num_bytes(dsa->p), dsa->pub_key,
++           BN_num_bytes(dsa->q), dsa->priv_key))
++           goto sw_try;
++
++       return ret;
++sw_try:
++       {
++               const DSA_METHOD *meth = DSA_OpenSSL();
++               ret = (meth->dsa_keygen)(dsa);
++       }
++       return ret;
++}
++
++
++
+ static DSA_METHOD cryptodev_dsa = {
+        "cryptodev DSA method",
+        NULL,
+@@ -1490,12 +1766,543 @@ static DSA_METHOD cryptodev_dsa = {
+        NULL    /* app_data */
+ };
+ 
+-static int
+-cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+-    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+-    BN_MONT_CTX *m_ctx)
++static ECDSA_METHOD cryptodev_ecdsa = {
++       "cryptodev ECDSA method",
++       NULL,
++       NULL,                           /* ecdsa_sign_setup */
++       NULL,
++       NULL,
++       0,      /* flags */
++       NULL    /* app_data */
++};
++
++typedef enum ec_curve_s
++{
++       EC_PRIME,
++       EC_BINARY
++} ec_curve_t;
++
++/* ENGINE handler for ECDSA Sign */
++static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
++       int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
+ {
+-       return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
++       BIGNUM  *m = NULL, *p = NULL, *a = NULL;
++       BIGNUM  *b = NULL, *x = NULL, *y = NULL;
++       BN_CTX  *ctx = NULL;
++       ECDSA_SIG *ret = NULL;
++       ECDSA_DATA *ecdsa = NULL;
++       unsigned char  * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
++       unsigned char  * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
++       int     i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
++       int     g_len = 0, d_len = 0, ab_len = 0;
++       const BIGNUM   *order = NULL, *priv_key=NULL;
++       const EC_GROUP *group = NULL;
++       struct crypt_kop kop;
++       ec_curve_t ec_crv = EC_PRIME;
++
++       memset(&kop, 0, sizeof(kop));
++       ecdsa = ecdsa_check(eckey);
++       if (!ecdsa) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
++               return NULL;
++       }
++
++       group = EC_KEY_get0_group(eckey);
++       priv_key = EC_KEY_get0_private_key(eckey);
++
++       if (!group || !priv_key) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
++               return NULL;
++       }
++
++       if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
++               (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
++               (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
++               (y = BN_new()) == NULL) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       order = &group->order;
++       if (!order || BN_is_zero(order)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
++               goto err;
++       }
++
++       i = BN_num_bits(order);
++       /* Need to truncate digest if it is too long: first truncate whole
++        bytes */
++       if (8 * dgst_len > i)
++               dgst_len = (i + 7)/8;
++
++       if (!BN_bin2bn(dgst, dgst_len, m)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++               goto err;
++       }
++
++       /* If still too long truncate remaining bits with a shift */
++       if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++               goto err;
++       }
++
++       /* copy the truncated bits into plain buffer */
++       if (spcf_bn2bin(m, &tmp_dgst, &dgst_len))  {
++               fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__);
++               goto err;
++       }
++
++       ret = ECDSA_SIG_new();
++       if  (!ret) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++               goto err;
++       }
++
++       /* check if this is prime or binary EC request */
++       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
++               ec_crv = EC_PRIME;
++               /* get the generator point pair */
++               if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group),
++                       x, y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++                       goto err;
++               }
++
++               /* get the ECC curve parameters */
++               if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++                       goto err;
++               }
++       } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) {
++               ec_crv = EC_BINARY;
++               /* get the ECC curve parameters */
++               if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++                       goto err;
++               }
++
++               /* get the generator point pair */
++               if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                       EC_GROUP_get0_generator(group), x, y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++                       goto err;
++               }
++       } else {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++               goto err;
++       }
++
++       if (spcf_bn2bin(order, &r, &r_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       if (spcf_bn2bin(p, &q, &q_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       priv_key_len = r_len;
++
++       /**
++        * If BN_num_bytes of priv_key returns less then r_len then
++        * add padding bytes before the key
++        */
++       if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len))  {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Generation of ECC curve parameters */
++       ab_len = 2*q_len;
++       ab = eng_copy_curve_points(a, b, ab_len, q_len);
++       if (!ab) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       if (ec_crv == EC_BINARY) {
++               if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
++               {
++                       unsigned char *c_temp = NULL;
++                       int c_temp_len = q_len;
++                       if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
++                               memcpy(ab+q_len, c_temp, q_len);
++                       else
++                               goto err;
++               }
++               kop.curve_type = ECC_BINARY;
++       }
++
++       /* Calculation of Generator point */
++       g_len = 2*q_len;
++       g_xy = eng_copy_curve_points(x, y, g_len, q_len);
++       if (!g_xy) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Memory allocation for first part of digital signature */
++       c = malloc(r_len);
++       if (!c) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       d_len = r_len;
++
++       /* Memory allocation for second part of digital signature */
++       d = malloc(d_len);
++       if (!d) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* memory for message representative */
++       f = malloc(r_len);
++       if (!f) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Add padding, since SEC expects hash to of size r_len */
++       memset(f, 0, r_len - dgst_len);
++
++       /* Skip leading bytes if dgst_len < r_len */
++       memcpy(f +  r_len - dgst_len, tmp_dgst, dgst_len);
++
++       dgst_len +=  r_len - dgst_len;
++       kop.crk_op = CRK_DSA_SIGN;
++       /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
++       kop.crk_param[0].crp_p = f;
++       kop.crk_param[0].crp_nbits = dgst_len * 8;
++       kop.crk_param[1].crp_p = q;
++       kop.crk_param[1].crp_nbits = q_len * 8;
++       kop.crk_param[2].crp_p = r;
++       kop.crk_param[2].crp_nbits = r_len * 8;
++       kop.crk_param[3].crp_p = g_xy;
++       kop.crk_param[3].crp_nbits = g_len * 8;
++       kop.crk_param[4].crp_p = s;
++       kop.crk_param[4].crp_nbits = priv_key_len * 8;
++       kop.crk_param[5].crp_p = ab;
++       kop.crk_param[5].crp_nbits = ab_len * 8;
++       kop.crk_iparams = 6;
++       kop.crk_param[6].crp_p = c;
++       kop.crk_param[6].crp_nbits = d_len * 8;
++       kop.crk_param[7].crp_p = d;
++       kop.crk_param[7].crp_nbits = d_len * 8;
++       kop.crk_oparams = 2;
++
++       if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
++               /* Check if ret->r and s needs to allocated */
++               crparam2bn(&kop.crk_param[6], ret->r);
++               crparam2bn(&kop.crk_param[7], ret->s);
++       } else {
++               const ECDSA_METHOD *meth = ECDSA_OpenSSL();
++               ret = (meth->ecdsa_do_sign)(dgst, dgst_len, in_kinv, in_r, eckey);
++       }
++       kop.crk_param[0].crp_p = NULL;
++       zapparams(&kop);
++err:
++       if (!ret) {
++               ECDSA_SIG_free(ret);
++               ret = NULL;
++       }
++       return ret;
++}
++
++static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
++               ECDSA_SIG *sig, EC_KEY *eckey)
++{
++       BIGNUM  *m = NULL, *p = NULL, *a = NULL, *b = NULL;
++       BIGNUM  *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
++       BN_CTX  *ctx = NULL;
++       ECDSA_DATA      *ecdsa = NULL;
++       unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy = NULL;
++       unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
++       int     i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0;
++       int     d_len = 0, ab_len = 0, ret = -1;
++       const EC_POINT *pub_key = NULL;
++       const BIGNUM   *order = NULL;
++       const EC_GROUP *group=NULL;
++       ec_curve_t       ec_crv = EC_PRIME;
++       struct crypt_kop kop;
++
++       memset(&kop, 0, sizeof kop);
++       ecdsa = ecdsa_check(eckey);
++       if (!ecdsa) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
++               return ret;
++       }
++
++       group    = EC_KEY_get0_group(eckey);
++       pub_key  = EC_KEY_get0_public_key(eckey);
++
++       if (!group || !pub_key) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
++               return ret;
++       }
++
++       if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
++               (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
++               (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
++               (y = BN_new()) == NULL || (w_x = BN_new()) == NULL ||
++               (w_y = BN_new()) == NULL) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       order = &group->order;
++       if (!order || BN_is_zero(order)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
++               goto err;
++       }
++
++       i = BN_num_bits(order);
++       /* Need to truncate digest if it is too long: first truncate whole
++       * bytes */
++       if (8 * dgst_len > i)
++               dgst_len = (i + 7)/8;
++
++       if (!BN_bin2bn(dgst, dgst_len, m)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
++               goto err;
++       }
++
++       /* If still too long truncate remaining bits with a shift */
++       if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
++               goto err;
++       }
++       /* copy the truncated bits into plain buffer */
++       if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* check if this is prime or binary EC request */
++       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
++               ec_crv = EC_PRIME;
++
++               /* get the generator point pair */
++               if (!EC_POINT_get_affine_coordinates_GFp (group,
++                       EC_GROUP_get0_generator(group), x, y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++                       goto err;
++               }
++
++               /* get the public key pair for prime curve */
++               if (!EC_POINT_get_affine_coordinates_GFp (group,
++                       pub_key, w_x, w_y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++                       goto err;
++               }
++
++               /* get the ECC curve parameters */
++               if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++                       goto err;
++               }
++       } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field){
++               ec_crv = EC_BINARY;
++               /* get the ECC curve parameters */
++               if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++                       goto err;
++               }
++
++               /* get the generator point pair */
++               if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                       EC_GROUP_get0_generator(group),x, y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++                       goto err;
++               }
++
++               /* get the public key pair for binary curve */
++               if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                       pub_key, w_x, w_y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++                       goto err;
++               }
++       }else {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++               goto err;
++       }
++
++       /* Get the order of the subgroup of private keys */
++       if (spcf_bn2bin((BIGNUM*)order, &r, &r_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Get the irreducible polynomial that creates the field */
++       if (spcf_bn2bin(p, &q, &q_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Get the public key into a flat buffer with appropriate padding */
++       pub_key_len = 2 * q_len;
++
++       w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len);
++       if (!w_xy) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Generation of ECC curve parameters */
++       ab_len = 2*q_len;
++
++       ab = eng_copy_curve_points (a, b, ab_len, q_len);
++       if (!ab) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       if (ec_crv == EC_BINARY) {
++               /* copy b' i.e c(b), instead of only b */
++               if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
++               {
++                       unsigned char *c_temp = NULL;
++                       int c_temp_len = q_len;
++                       if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
++                               memcpy(ab+q_len, c_temp, q_len);
++                       else
++                               goto err;
++               }
++               kop.curve_type = ECC_BINARY;
++       }
++
++       /* Calculation of Generator point */
++       g_len = 2 * q_len;
++
++       g_xy = eng_copy_curve_points (x, y, g_len, q_len);
++       if (!g_xy) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /**
++        * Get the 1st part of signature into a flat buffer with
++        * appropriate padding
++        */
++       if (BN_num_bytes(sig->r) < r_len)
++               c_len = r_len;
++
++       if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /**
++        * Get the 2nd part of signature into a flat buffer with
++        * appropriate padding
++        */
++       if (BN_num_bytes(sig->s) < r_len)
++               d_len = r_len;
++
++       if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* memory for message representative */
++       f = malloc(r_len);
++       if (!f) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Add padding, since SEC expects hash to of size r_len */
++       memset(f, 0, r_len-dgst_len);
++
++       /* Skip leading bytes if dgst_len < r_len */
++       memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len);
++       dgst_len += r_len-dgst_len;
++       kop.crk_op = CRK_DSA_VERIFY;
++       /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
++       kop.crk_param[0].crp_p = f;
++       kop.crk_param[0].crp_nbits = dgst_len * 8;
++       kop.crk_param[1].crp_p = q;
++       kop.crk_param[1].crp_nbits = q_len * 8;
++       kop.crk_param[2].crp_p = r;
++       kop.crk_param[2].crp_nbits = r_len * 8;
++       kop.crk_param[3].crp_p = g_xy;
++       kop.crk_param[3].crp_nbits = g_len * 8;
++       kop.crk_param[4].crp_p = w_xy;
++       kop.crk_param[4].crp_nbits = pub_key_len * 8;
++       kop.crk_param[5].crp_p = ab;
++       kop.crk_param[5].crp_nbits = ab_len * 8;
++       kop.crk_param[6].crp_p = c;
++       kop.crk_param[6].crp_nbits = d_len * 8;
++       kop.crk_param[7].crp_p = d;
++       kop.crk_param[7].crp_nbits = d_len * 8;
++       kop.crk_iparams = 8;
++
++       if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
++               /*OCF success value is 0, if not zero, change ret to fail*/
++               if(0 == kop.crk_status)
++                       ret  = 1;
++       } else {
++               const ECDSA_METHOD *meth = ECDSA_OpenSSL();
++
++               ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey);
++       }
++       kop.crk_param[0].crp_p = NULL;
++       zapparams(&kop);
++
++err:
++       return ret;
++}
++
++static int cryptodev_dh_keygen(DH *dh)
++{
++       struct crypt_kop kop;
++       int ret = 1, g_len;
++       unsigned char *g = NULL;
++
++       if (dh->priv_key == NULL)       {
++               if ((dh->priv_key=BN_new()) == NULL)
++                       goto sw_try;
++       }
++
++       if (dh->pub_key == NULL) {
++               if ((dh->pub_key=BN_new()) == NULL)
++                       goto sw_try;
++       }
++
++       g_len = BN_num_bytes(dh->p);
++       /**
++        * Get generator into a plain buffer. If length is less than
++        * q_len then add leading padding bytes.
++        */
++       if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
++               DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
++               goto sw_try;
++       }
++
++       memset(&kop, 0, sizeof kop);
++       kop.crk_op = CRK_DH_GENERATE_KEY;
++       if (bn2crparam(dh->p, &kop.crk_param[0]))
++               goto sw_try;
++       if (bn2crparam(dh->q, &kop.crk_param[1]))
++               goto sw_try;
++       kop.crk_param[2].crp_p = g;
++       kop.crk_param[2].crp_nbits = g_len * 8;
++       kop.crk_iparams = 3;
++
++       /* pub_key is or prime length while priv key is of length of order */
++       if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
++           BN_num_bytes(dh->q), dh->priv_key))
++           goto sw_try;
++
++       return ret;
++sw_try:
++       {
++               const DH_METHOD *meth = DH_OpenSSL();
++               ret = (meth->generate_key)(dh);
++       }
++       return ret;
+ }
+ 
+ static int
+@@ -1503,43 +2310,234 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+ {
+        struct crypt_kop kop;
+        int dhret = 1;
+-       int fd, keylen;
++       int fd, p_len;
++       BIGNUM *temp = NULL;
++       unsigned char *padded_pub_key = NULL, *p = NULL;
++
++       if ((fd = get_asym_dev_crypto()) < 0)
++               goto sw_try;
++
++       memset(&kop, 0, sizeof kop);
++       kop.crk_op = CRK_DH_COMPUTE_KEY;
++       /* inputs: dh->priv_key pub_key dh->p key */
++       spcf_bn2bin(dh->p, &p, &p_len);
++       spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
++       if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
++               goto sw_try;
++
++       kop.crk_param[1].crp_p = padded_pub_key;
++       kop.crk_param[1].crp_nbits = p_len * 8;
++       kop.crk_param[2].crp_p = p;
++       kop.crk_param[2].crp_nbits = p_len * 8;
++       kop.crk_iparams = 3;
++       kop.crk_param[3].crp_p = (void*) key;
++       kop.crk_param[3].crp_nbits = p_len * 8;
++       kop.crk_oparams = 1;
++       dhret = p_len;
++
++       if (ioctl(fd, CIOCKEY, &kop))
++               goto sw_try;
+ 
+-       if ((fd = get_asym_dev_crypto()) < 0) {
++       if ((temp = BN_new())) {
++               if (!BN_bin2bn(key, p_len, temp)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++                       goto sw_try;
++               }
++               if (dhret > BN_num_bytes(temp))
++                       dhret=BN_bn2bin(temp,key);
++               BN_free(temp);
++       }
++
++       kop.crk_param[3].crp_p = NULL;
++       zapparams(&kop);
++       return (dhret);
++sw_try:
++       {
+                const DH_METHOD *meth = DH_OpenSSL();
+ 
+-               return ((meth->compute_key)(key, pub_key, dh));
++               dhret = (meth->compute_key)(key, pub_key, dh);
+        }
++       return (dhret);
++}
+ 
+-       keylen = BN_num_bits(dh->p);
++int cryptodev_ecdh_compute_key(void *out, size_t outlen,
++       const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
++       void *out, size_t *outlen))
++{
++       ec_curve_t       ec_crv = EC_PRIME;
++       unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
++       BIGNUM         * w_x = NULL, *w_y = NULL;
++       int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
++       BIGNUM * p = NULL, *a = NULL, *b = NULL;
++       BN_CTX *ctx;
++       EC_POINT *tmp=NULL;
++       BIGNUM *x=NULL, *y=NULL;
++       const BIGNUM *priv_key;
++       const EC_GROUP* group = NULL;
++       int ret = -1;
++       size_t buflen, len;
++       struct crypt_kop kop;
+ 
+        memset(&kop, 0, sizeof kop);
+-       kop.crk_op = CRK_DH_COMPUTE_KEY;
+ 
+-       /* inputs: dh->priv_key pub_key dh->p key */
+-       if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
++       if ((ctx = BN_CTX_new()) == NULL) goto err;
++       BN_CTX_start(ctx);
++       x = BN_CTX_get(ctx);
++       y = BN_CTX_get(ctx);
++       p = BN_CTX_get(ctx);
++       a = BN_CTX_get(ctx);
++       b = BN_CTX_get(ctx);
++       w_x = BN_CTX_get(ctx);
++       w_y = BN_CTX_get(ctx);
++
++       if (!x || !y || !p || !a || !b || !w_x || !w_y) {
++               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
+                goto err;
+-       if (bn2crparam(pub_key, &kop.crk_param[1]))
++       }
++
++       priv_key = EC_KEY_get0_private_key(ecdh);
++       if (priv_key == NULL) {
++               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE);
+                goto err;
+-       if (bn2crparam(dh->p, &kop.crk_param[2]))
++       }
++
++       group = EC_KEY_get0_group(ecdh);
++       if ((tmp=EC_POINT_new(group)) == NULL) {
++               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
+                goto err;
+-       kop.crk_iparams = 3;
++       }
+ 
+-       kop.crk_param[3].crp_p = (caddr_t) key;
+-       kop.crk_param[3].crp_nbits = keylen * 8;
+-       kop.crk_oparams = 1;
++       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
++               NID_X9_62_prime_field) {
++               ec_crv = EC_PRIME;
+ 
+-       if (ioctl(fd, CIOCKEY, &kop) == -1) {
+-               const DH_METHOD *meth = DH_OpenSSL();
++               if (!EC_POINT_get_affine_coordinates_GFp(group,
++                       EC_GROUP_get0_generator(group), x, y, ctx)) {
++                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
++                       goto err;
++               }
+ 
+-               dhret = (meth->compute_key)(key, pub_key, dh);
++               /* get the ECC curve parameters */
++               if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
++                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
++                       goto err;
++               }
++
++               /* get the public key pair for prime curve */
++               if (!EC_POINT_get_affine_coordinates_GFp (group, pub_key, w_x, w_y,ctx)) {
++                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
++                       goto err;
++               }
++       } else {
++               ec_crv = EC_BINARY;
++
++               if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                       EC_GROUP_get0_generator(group), x, y, ctx)) {
++                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
++                       goto err;
++               }
++
++               /* get the ECC curve parameters */
++               if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
++                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
++                       goto err;
++               }
++
++               /* get the public key pair for binary curve */
++               if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                       pub_key, w_x, w_y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++                       goto err;
++               }
++       }
++
++       /* irreducible polynomial that creates the field */
++       if (spcf_bn2bin((BIGNUM*)&group->order, &r, &r_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Get the irreducible polynomial that creates the field */
++       if (spcf_bn2bin(p, &q, &q_len)) {
++               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
++               goto err;
+        }
++
++       /* Get the public key into a flat buffer with appropriate padding */
++       pub_key_len = 2 * q_len;
++       w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len);
++       if (!w_xy) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Generation of ECC curve parameters */
++       ab_len = 2*q_len;
++       ab = eng_copy_curve_points (a, b, ab_len, q_len);
++       if (!ab) {
++               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
++               goto err;
++       }
++
++       if (ec_crv == EC_BINARY) {
++               /* copy b' i.e c(b), instead of only b */
++               if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
++               {
++                       unsigned char *c_temp = NULL;
++                       int c_temp_len = q_len;
++                       if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
++                               memcpy(ab+q_len, c_temp, q_len);
++                       else
++                               goto err;
++               }
++               kop.curve_type = ECC_BINARY;
++       } else
++               kop.curve_type = ECC_PRIME;
++
++       priv_key_len = r_len;
++
++       /*
++        * If BN_num_bytes of priv_key returns less then r_len then
++        * add padding bytes before the key
++        */
++       if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       buflen = (EC_GROUP_get_degree(group) + 7)/8;
++       len = BN_num_bytes(x);
++       if (len > buflen || q_len < buflen) {
++               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_INTERNAL_ERROR);
++               goto err;
++       }
++
++       kop.crk_op = CRK_DH_COMPUTE_KEY;
++       kop.crk_param[0].crp_p = (void*) s;
++       kop.crk_param[0].crp_nbits = priv_key_len*8;
++       kop.crk_param[1].crp_p = (void*) w_xy;
++       kop.crk_param[1].crp_nbits = pub_key_len*8;
++       kop.crk_param[2].crp_p = (void*) q;
++       kop.crk_param[2].crp_nbits = q_len*8;
++       kop.crk_param[3].crp_p = (void*) ab;
++       kop.crk_param[3].crp_nbits = ab_len*8;
++       kop.crk_iparams = 4;
++       kop.crk_param[4].crp_p = (void*) out;
++       kop.crk_param[4].crp_nbits = q_len*8;
++       kop.crk_oparams = 1;
++       ret = q_len;
++       if (cryptodev_asym(&kop, 0, NULL, 0, NULL)) {
++               const ECDH_METHOD *meth = ECDH_OpenSSL();
++               ret = (meth->compute_key)(out, outlen, pub_key, ecdh, KDF);
++       } else
++               ret = q_len;
+ err:
+-       kop.crk_param[3].crp_p = NULL;
++       kop.crk_param[4].crp_p = NULL;
+        zapparams(&kop);
+-       return (dhret);
++       return ret;
+ }
+ 
++
+ static DH_METHOD cryptodev_dh = {
+        "cryptodev DH method",
+        NULL,                           /* cryptodev_dh_generate_key */
+@@ -1551,6 +2549,14 @@ static DH_METHOD cryptodev_dh = {
+        NULL    /* app_data */
+ };
+ 
++static ECDH_METHOD cryptodev_ecdh = {
++       "cryptodev ECDH method",
++       NULL,   /* cryptodev_ecdh_compute_key */
++       NULL,
++       0,              /* flags */
++       NULL    /* app_data */
++};
++
+ /*
+  * ctrl right now is just a wrapper that doesn't do much
+  * but I expect we'll want some options soon.
+@@ -1634,25 +2640,42 @@ ENGINE_load_cryptodev(void)
+                memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
+                if (cryptodev_asymfeat & CRF_DSA_SIGN)
+                        cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
+-               if (cryptodev_asymfeat & CRF_MOD_EXP) {
+-                       cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
+-                       cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
+-               }
+                if (cryptodev_asymfeat & CRF_DSA_VERIFY)
+                        cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
++               if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY)
++                       cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen;
+        }
+ 
+        if (ENGINE_set_DH(engine, &cryptodev_dh)){
+                const DH_METHOD *dh_meth = DH_OpenSSL();
++               memcpy(&cryptodev_dh, dh_meth, sizeof(DH_METHOD));
++               if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
++                       cryptodev_dh.compute_key =
++                               cryptodev_dh_compute_key;
++               }
++               if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) {
++                       cryptodev_dh.generate_key =
++                               cryptodev_dh_keygen;
++               }
++       }
+ 
+-               cryptodev_dh.generate_key = dh_meth->generate_key;
+-               cryptodev_dh.compute_key = dh_meth->compute_key;
+-               cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
+-               if (cryptodev_asymfeat & CRF_MOD_EXP) {
+-                       cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
+-                       if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
+-                               cryptodev_dh.compute_key =
+-                                   cryptodev_dh_compute_key;
++       if (ENGINE_set_ECDSA(engine, &cryptodev_ecdsa)) {
++               const ECDSA_METHOD *meth = ECDSA_OpenSSL();
++               memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD));
++               if (cryptodev_asymfeat & CRF_DSA_SIGN) {
++                       cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign;
++               }
++               if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
++                       cryptodev_ecdsa.ecdsa_do_verify =
++                               cryptodev_ecdsa_verify;
++               }
++       }
++
++       if (ENGINE_set_ECDH(engine, &cryptodev_ecdh)) {
++               const ECDH_METHOD *ecdh_meth = ECDH_OpenSSL();
++               memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD));
++               if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
++                       cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key;
+                }
+        }
+ 
+-- 
+1.8.3.1
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch b/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch
new file mode 100644
index 0000000..6a69c32
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch
@@ -0,0 +1,28 @@
+From 81c4c62a4f5f5542843381bfb34e39a6171d5cdd Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Tue, 11 Mar 2014 06:42:59 +0545
+Subject: [PATCH 09/17] Added hwrng dev file as source of RNG
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ e_os.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/e_os.h b/e_os.h
+index 6a0aad1..57c0563 100644
+--- a/e_os.h
++++ b/e_os.h
+@@ -79,7 +79,7 @@ extern "C" {
+ #ifndef DEVRANDOM
+ /* set this to a comma-separated list of 'random' device files to try out.
+  * My default, we will try to read at least one of these files */
+-#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
++#define DEVRANDOM "/dev/hwrng","/dev/urandom","/dev/random","/dev/srandom"
+ #endif
+ #ifndef DEVRANDOM_EGD
+ /* set this to a comma-seperated list of 'egd' sockets to try out. These
+-- 
+1.8.3.1
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch b/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
new file mode 100644
index 0000000..b7702d1
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
@@ -0,0 +1,2039 @@
+From a933e6341fd8989bdd82f8a5446b6f04aa00eef9 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Tue, 11 Mar 2014 07:14:30 +0545
+Subject: [PATCH 10/17] Asynchronous interface added for PKC cryptodev
+ interface
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ crypto/crypto.h               |   16 +
+ crypto/dh/dh.h                |    4 +-
+ crypto/dsa/dsa.h              |    5 +
+ crypto/ecdh/ech_locl.h        |    3 +
+ crypto/ecdsa/ecs_locl.h       |    5 +
+ crypto/engine/eng_cryptodev.c | 1578 +++++++++++++++++++++++++++++++++++++----
+ crypto/engine/eng_int.h       |   24 +-
+ crypto/engine/eng_lib.c       |   46 ++
+ crypto/engine/engine.h        |   24 +
+ crypto/rsa/rsa.h              |   23 +
+ 10 files changed, 1582 insertions(+), 146 deletions(-)
+
+diff --git a/crypto/crypto.h b/crypto/crypto.h
+index f92fc51..ce12731 100644
+--- a/crypto/crypto.h
++++ b/crypto/crypto.h
+@@ -605,6 +605,22 @@ void ERR_load_CRYPTO_strings(void);
+ #define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED                101
+ #define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK             100
+ 
++/* Additions for Asynchronous PKC Infrastructure */
++struct pkc_cookie_s {
++       void *cookie; /* To be filled by openssl library primitive method function caller */
++       void *eng_cookie; /* To be filled by Engine */
++        /*
++          * Callback handler to be provided by caller. Ensure to pass a
++          * handler which takes the crypto operation to completion.
++          * cookie: Container cookie from library
++          * status: Status of the crypto Job completion.
++          *            0: Job handled without any issue
++          *            -EINVAL: Parameters Invalid
++          */
++       void (*pkc_callback)(struct pkc_cookie_s *cookie, int status);
++       void *eng_handle;
++};
++
+ #ifdef  __cplusplus
+ }
+ #endif
+diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
+index ea59e61..20ffad2 100644
+--- a/crypto/dh/dh.h
++++ b/crypto/dh/dh.h
+@@ -118,7 +118,9 @@ struct dh_method
+        int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a,
+                                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                                BN_MONT_CTX *m_ctx); /* Can be null */
+-
++       int (*compute_key_async)(unsigned char *key,const BIGNUM *pub_key,DH *dh,
++                               struct pkc_cookie_s *cookie);
++       int (*generate_key_async)(DH *dh, struct pkc_cookie_s *cookie);
+        int (*init)(DH *dh);
+        int (*finish)(DH *dh);
+        int flags;
+diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
+index a6f6d0b..b04a029 100644
+--- a/crypto/dsa/dsa.h
++++ b/crypto/dsa/dsa.h
+@@ -140,6 +140,10 @@ struct dsa_method
+        int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                                const BIGNUM *m, BN_CTX *ctx,
+                                BN_MONT_CTX *m_ctx); /* Can be null */
++       int (*dsa_do_sign_async)(const unsigned char *dgst, int dlen, DSA *dsa,
++                               DSA_SIG *sig, struct pkc_cookie_s *cookie);
++       int (*dsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
++                            DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie);
+        int (*init)(DSA *dsa);
+        int (*finish)(DSA *dsa);
+        int flags;
+@@ -151,6 +155,7 @@ struct dsa_method
+                        BN_GENCB *cb);
+        /* If this is non-NULL, it is used to generate DSA keys */
+        int (*dsa_keygen)(DSA *dsa);
++       int (*dsa_keygen_async)(DSA *dsa, struct pkc_cookie_s *cookie);
+        };
+ 
+ struct dsa_st
+diff --git a/crypto/ecdh/ech_locl.h b/crypto/ecdh/ech_locl.h
+index f6cad6a..adce6b3 100644
+--- a/crypto/ecdh/ech_locl.h
++++ b/crypto/ecdh/ech_locl.h
+@@ -67,6 +67,9 @@ struct ecdh_method
+        const char *name;
+        int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
+                           void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
++       int (*compute_key_async)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
++                          void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen),
++                          struct pkc_cookie_s *cookie);
+ #if 0
+        int (*init)(EC_KEY *eckey);
+        int (*finish)(EC_KEY *eckey);
+diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h
+index cb3be13..eb0ebe0 100644
+--- a/crypto/ecdsa/ecs_locl.h
++++ b/crypto/ecdsa/ecs_locl.h
+@@ -74,6 +74,11 @@ struct ecdsa_method
+                        BIGNUM **r);
+        int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, 
+                        const ECDSA_SIG *sig, EC_KEY *eckey);
++        int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len,
++                       const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey,
++                       ECDSA_SIG *sig, struct pkc_cookie_s *cookie);
++       int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
++                       const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie);
+ #if 0
+        int (*init)(EC_KEY *eckey);
+        int (*finish)(EC_KEY *eckey);
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 7ee314b..9f2416e 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1281,6 +1281,56 @@ zapparams(struct crypt_kop *kop)
+        }
+ }
+ 
++/* Any PKC request has at max 2 output parameters and they are stored here to
++be used while copying in the check availability */
++struct cryptodev_cookie_s {
++       BIGNUM *r;
++       struct crparam r_param;
++       BIGNUM *s;
++       struct crparam s_param;
++       struct crypt_kop *kop;
++};
++
++static int
++cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
++                                       BIGNUM *s)
++{
++       int fd;
++       struct pkc_cookie_s *cookie = kop->cookie;
++       struct cryptodev_cookie_s *eng_cookie;
++
++       fd = *(int *)cookie->eng_handle;
++
++       eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
++
++       if (eng_cookie) {
++               memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
++               if (r) {
++                       kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
++                       if (!kop->crk_param[kop->crk_iparams].crp_p)
++                               return -ENOMEM;
++                       kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
++                       kop->crk_oparams++;
++                       eng_cookie->r = r;
++                       eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
++               }
++               if (s) {
++                       kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
++                       if (!kop->crk_param[kop->crk_iparams+1].crp_p)
++                               return -ENOMEM;
++                       kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
++                       kop->crk_oparams++;
++                       eng_cookie->s = s;
++                       eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
++               }
++       } else
++               return -ENOMEM;
++
++       eng_cookie->kop = kop;
++       cookie->eng_cookie = eng_cookie;
++       return ioctl(fd, CIOCASYMASYNCRYPT, kop);
++}
++
+ static int
+ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
+ {
+@@ -1337,6 +1387,44 @@ void *cryptodev_init_instance(void)
+        return fd;
+ }
+ 
++#include <poll.h>
++
++/* Return 0 on success and 1 on failure */
++int cryptodev_check_availability(void *eng_handle)
++{
++       int fd = *(int *)eng_handle;
++       struct pkc_cookie_list_s cookie_list;
++       struct pkc_cookie_s *cookie;
++       int i;
++
++       /* FETCH COOKIE returns number of cookies extracted */
++       if (ioctl(fd, CIOCASYMFETCHCOOKIE, &cookie_list) <= 0)
++               return 1;
++
++       for (i = 0; i < cookie_list.cookie_available; i++) {
++               cookie = cookie_list.cookie[i];
++               if (cookie) {
++                       struct cryptodev_cookie_s *eng_cookie = cookie->eng_cookie;
++                       if (eng_cookie) {
++                               struct crypt_kop *kop = eng_cookie->kop;
++
++                               if (eng_cookie->r)
++                                       crparam2bn(&eng_cookie->r_param, eng_cookie->r);
++                               if (eng_cookie->s)
++                                       crparam2bn(&eng_cookie->s_param, eng_cookie->s);
++                               if (kop->crk_op == CRK_DH_COMPUTE_KEY)
++                                       kop->crk_oparams = 0;
++
++                               zapparams(eng_cookie->kop);
++                               free(eng_cookie->kop);
++                               free (eng_cookie);
++                       }
++                       cookie->pkc_callback(cookie, cookie_list.status[i]);
++               }
++       }
++       return 0;
++}
++
+ static int
+ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+@@ -1382,6 +1470,63 @@ err:
+ }
+ 
+ static int
++cryptodev_bn_mod_exp_async(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
++    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont, struct pkc_cookie_s *cookie)
++{
++       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++       int ret = 1;
++
++       /* Currently, we know we can do mod exp iff we can do any
++        * asymmetric operations at all.
++        */
++       if (cryptodev_asymfeat == 0 || !kop) {
++               ret = BN_mod_exp(r, a, p, m, ctx);
++               return (ret);
++       }
++
++       kop->crk_oparams = 0;
++       kop->crk_status = 0;
++       kop->crk_op = CRK_MOD_EXP;
++       kop->cookie = cookie;
++       /* inputs: a^p % m */
++       if (bn2crparam(a, &kop->crk_param[0]))
++               goto err;
++       if (bn2crparam(p, &kop->crk_param[1]))
++               goto err;
++       if (bn2crparam(m, &kop->crk_param[2]))
++               goto err;
++
++       kop->crk_iparams = 3;
++       if (cryptodev_asym_async(kop, BN_num_bytes(m), r, 0, NULL))
++               goto err;
++
++       return ret;
++err:
++       {
++               const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
++
++               if (kop)
++                       free(kop);
++               ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
++               if (ret)
++                       /* Call the completion handler immediately */
++                       cookie->pkc_callback(cookie, 0);
++       }
++       return ret;
++}
++
++static int
++cryptodev_rsa_nocrt_mod_exp_async(BIGNUM *r0, const BIGNUM *I,
++               RSA *rsa, BN_CTX *ctx, struct pkc_cookie_s *cookie)
++{
++       int r;
++       ctx = BN_CTX_new();
++       r = cryptodev_bn_mod_exp_async(r0, I, rsa->d, rsa->n, ctx, NULL, cookie);
++       BN_CTX_free(ctx);
++       return r;
++}
++
++static int
+ cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+ {
+        int r;
+@@ -1446,6 +1591,62 @@ err:
+        return (ret);
+ }
+ 
++static int
++cryptodev_rsa_mod_exp_async(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx,
++                               struct pkc_cookie_s *cookie)
++{
++       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++       int ret = 1, f_len, p_len, q_len;
++       unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq = NULL, *c = NULL;
++
++       if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp || !kop) {
++               return (0);
++       }
++
++       kop->crk_oparams = 0;
++       kop->crk_status = 0;
++       kop->crk_op = CRK_MOD_EXP_CRT;
++       f_len = BN_num_bytes(rsa->n);
++       spcf_bn2bin_ex(I, &f, &f_len);
++       spcf_bn2bin(rsa->p, &p, &p_len);
++       spcf_bn2bin(rsa->q, &q, &q_len);
++       spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
++       spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
++       spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
++       /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
++       kop->crk_param[0].crp_p = p;
++       kop->crk_param[0].crp_nbits = p_len * 8;
++       kop->crk_param[1].crp_p = q;
++       kop->crk_param[1].crp_nbits = q_len * 8;
++       kop->crk_param[2].crp_p = f;
++       kop->crk_param[2].crp_nbits = f_len * 8;
++       kop->crk_param[3].crp_p = dp;
++       kop->crk_param[3].crp_nbits = p_len * 8;
++       /* dq must of length q, rest all of length p*/
++       kop->crk_param[4].crp_p = dq;
++       kop->crk_param[4].crp_nbits = q_len * 8;
++       kop->crk_param[5].crp_p = c;
++       kop->crk_param[5].crp_nbits = p_len * 8;
++       kop->crk_iparams = 6;
++       kop->cookie = cookie;
++       if (cryptodev_asym_async(kop, BN_num_bytes(rsa->n), r0, 0, NULL))
++               goto err;
++
++       return ret;
++err:
++       {
++               const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
++
++               if (kop)
++                       free(kop);
++               ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
++               if (ret)
++                       /* Call user completion handler immediately */
++                       cookie->pkc_callback(cookie, 0);
++       }
++       return (ret);
++}
++
+ static RSA_METHOD cryptodev_rsa = {
+        "cryptodev RSA method",
+        NULL,                           /* rsa_pub_enc */
+@@ -1454,6 +1655,12 @@ static RSA_METHOD cryptodev_rsa = {
+        NULL,                           /* rsa_priv_dec */
+        NULL,
+        NULL,
++       NULL,                           /* rsa_pub_enc */
++       NULL,                           /* rsa_pub_dec */
++       NULL,                           /* rsa_priv_enc */
++       NULL,                           /* rsa_priv_dec */
++       NULL,
++       NULL,
+        NULL,                           /* init */
+        NULL,                           /* finish */
+        0,                              /* flags */
+@@ -1751,126 +1958,424 @@ sw_try:
+        return ret;
+ }
+ 
++/* Cryptodev DSA Key Gen routine */
++static int cryptodev_dsa_keygen_async(DSA *dsa,  struct pkc_cookie_s *cookie)
++{
++       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++       int ret = 1, g_len;
++       unsigned char *g = NULL;
+ 
++       if (!kop)
++               goto sw_try;
+ 
+-static DSA_METHOD cryptodev_dsa = {
+-       "cryptodev DSA method",
+-       NULL,
+-       NULL,                           /* dsa_sign_setup */
+-       NULL,
+-       NULL,                           /* dsa_mod_exp */
+-       NULL,
+-       NULL,                           /* init */
+-       NULL,                           /* finish */
+-       0,      /* flags */
+-       NULL    /* app_data */
+-};
++       if (dsa->priv_key == NULL)      {
++               if ((dsa->priv_key=BN_new()) == NULL)
++                       goto sw_try;
++       }
+ 
+-static ECDSA_METHOD cryptodev_ecdsa = {
+-       "cryptodev ECDSA method",
+-       NULL,
+-       NULL,                           /* ecdsa_sign_setup */
+-       NULL,
+-       NULL,
+-       0,      /* flags */
+-       NULL    /* app_data */
+-};
++       if (dsa->pub_key == NULL) {
++               if ((dsa->pub_key=BN_new()) == NULL)
++                       goto sw_try;
++       }
+ 
+-typedef enum ec_curve_s
+-{
+-       EC_PRIME,
+-       EC_BINARY
+-} ec_curve_t;
++       g_len = BN_num_bytes(dsa->p);
++       /**
++        * Get generator into a plain buffer. If length is less than
++        * q_len then add leading padding bytes.
++        */
++       if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
++               DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
++               goto sw_try;
++       }
+ 
+-/* ENGINE handler for ECDSA Sign */
+-static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
+-       int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
+-{
+-       BIGNUM  *m = NULL, *p = NULL, *a = NULL;
+-       BIGNUM  *b = NULL, *x = NULL, *y = NULL;
+-       BN_CTX  *ctx = NULL;
+-       ECDSA_SIG *ret = NULL;
+-       ECDSA_DATA *ecdsa = NULL;
+-       unsigned char  * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
+-       unsigned char  * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
+-       int     i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
+-       int     g_len = 0, d_len = 0, ab_len = 0;
+-       const BIGNUM   *order = NULL, *priv_key=NULL;
+-       const EC_GROUP *group = NULL;
+-       struct crypt_kop kop;
+-       ec_curve_t ec_crv = EC_PRIME;
++       memset(kop, 0, sizeof(struct crypt_kop));
++       kop->crk_op = CRK_DSA_GENERATE_KEY;
++       if (bn2crparam(dsa->p, &kop->crk_param[0]))
++               goto sw_try;
++       if (bn2crparam(dsa->q, &kop->crk_param[1]))
++               goto sw_try;
++       kop->crk_param[2].crp_p = g;
++       kop->crk_param[2].crp_nbits = g_len * 8;
++       kop->crk_iparams = 3;
++       kop->cookie = cookie;
+ 
+-       memset(&kop, 0, sizeof(kop));
+-       ecdsa = ecdsa_check(eckey);
+-       if (!ecdsa) {
+-               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
+-               return NULL;
++       /* pub_key is or prime length while priv key is of length of order */
++       if (cryptodev_asym_async(kop, BN_num_bytes(dsa->p), dsa->pub_key,
++           BN_num_bytes(dsa->q), dsa->priv_key))
++           goto sw_try;
++
++       return ret;
++sw_try:
++       {
++               const DSA_METHOD *meth = DSA_OpenSSL();
++
++               if (kop)
++                       free(kop);
++               ret = (meth->dsa_keygen)(dsa);
++               cookie->pkc_callback(cookie, 0);
+        }
++       return ret;
++}
+ 
+-       group = EC_KEY_get0_group(eckey);
+-       priv_key = EC_KEY_get0_private_key(eckey);
++static int
++cryptodev_dsa_do_sign_async(const unsigned char *dgst, int dlen, DSA *dsa,
++                       DSA_SIG *sig, struct pkc_cookie_s *cookie)
++{
++       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++       DSA_SIG *dsaret = NULL;
++       int q_len = 0, r_len = 0, g_len = 0;
++       int priv_key_len = 0, ret = 1;
++       unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f = NULL;
+ 
+-       if (!group || !priv_key) {
+-               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
+-               return NULL;
++       if (((sig->r = BN_new()) == NULL) || !kop) {
++               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
+        }
+ 
+-       if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
+-               (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
+-               (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
+-               (y = BN_new()) == NULL) {
+-               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++       if ((sig->s = BN_new()) == NULL) {
++               BN_free(sig->r);
++               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+ 
+-       order = &group->order;
+-       if (!order || BN_is_zero(order)) {
+-               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
++       if (spcf_bn2bin(dsa->p, &q, &q_len)) {
++               DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+                goto err;
+        }
+ 
+-       i = BN_num_bits(order);
+-       /* Need to truncate digest if it is too long: first truncate whole
+-        bytes */
+-       if (8 * dgst_len > i)
+-               dgst_len = (i + 7)/8;
++       /* Get order of the field of private keys into plain buffer */
++       if (spcf_bn2bin (dsa->q, &r, &r_len)) {
++               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
+ 
+-       if (!BN_bin2bn(dgst, dgst_len, m)) {
+-               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++       /* sanity test */
++       if (dlen > r_len) {
++               DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+                goto err;
+        }
+ 
+-       /* If still too long truncate remaining bits with a shift */
+-       if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
+-               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++       g_len = q_len;
++       /**
++        * Get generator into a plain buffer. If length is less than
++        * q_len then add leading padding bytes.
++        */
++       if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
++               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+ 
+-       /* copy the truncated bits into plain buffer */
+-       if (spcf_bn2bin(m, &tmp_dgst, &dgst_len))  {
+-               fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__);
++       priv_key_len = r_len;
++       /**
++        * Get private key into a plain buffer. If length is less than
++        * r_len then add leading padding bytes.
++        */
++        if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) {
++               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+ 
+-       ret = ECDSA_SIG_new();
+-       if  (!ret) {
+-               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++       /* Allocate memory to store hash. */
++       f = OPENSSL_malloc (r_len);
++       if (!f) {
++               DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+ 
+-       /* check if this is prime or binary EC request */
+-       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
+-               ec_crv = EC_PRIME;
+-               /* get the generator point pair */
+-               if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group),
+-                       x, y,ctx)) {
+-                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
+-                       goto err;
+-               }
++       /* Add padding, since SEC expects hash to of size r_len */
++       if (dlen < r_len)
++               memset(f, 0, r_len - dlen);
+ 
+-               /* get the ECC curve parameters */
+-               if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) {
+-                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++       /* Skip leading bytes if dgst_len < r_len */
++       memcpy(f + r_len - dlen, dgst, dlen);
++
++       dlen = r_len;
++
++       memset(kop, 0, sizeof( struct crypt_kop));
++       kop->crk_op = CRK_DSA_SIGN;
++
++       /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
++       kop->crk_param[0].crp_p = (void*)f;
++       kop->crk_param[0].crp_nbits = dlen * 8;
++       kop->crk_param[1].crp_p = (void*)q;
++       kop->crk_param[1].crp_nbits = q_len * 8;
++       kop->crk_param[2].crp_p = (void*)r;
++       kop->crk_param[2].crp_nbits = r_len * 8;
++       kop->crk_param[3].crp_p = (void*)g;
++       kop->crk_param[3].crp_nbits = g_len * 8;
++       kop->crk_param[4].crp_p = (void*)priv_key;
++       kop->crk_param[4].crp_nbits = priv_key_len * 8;
++       kop->crk_iparams = 5;
++       kop->cookie = cookie;
++
++       if (cryptodev_asym_async(kop, r_len, sig->r, r_len, sig->s))
++           goto err;
++
++       return ret;
++err:
++       {
++               const DSA_METHOD *meth = DSA_OpenSSL();
++
++               if (kop)
++                       free(kop);
++               BN_free(sig->r);
++               BN_free(sig->s);
++               dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
++               sig->r = dsaret->r;
++               sig->s = dsaret->s;
++               /* Call user callback immediately */
++               cookie->pkc_callback(cookie, 0);
++               ret = dsaret;
++       }
++       return ret;
++}
++
++static int
++cryptodev_dsa_verify_async(const unsigned char *dgst, int dlen,
++    DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie)
++{
++       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++       int q_len = 0, r_len = 0, g_len = 0;
++       int w_len = 0 ,c_len = 0, d_len = 0, ret = 1;
++       unsigned char   * q = NULL, * r = NULL, * w = NULL, * g = NULL;
++       unsigned char   *c = NULL, * d = NULL, *f = NULL;
++
++       if (!kop)
++               goto err;
++
++       if (spcf_bn2bin(dsa->p, &q, &q_len)) {
++               DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               return ret;
++       }
++
++       /* Get Order of field of private keys */
++       if (spcf_bn2bin(dsa->q, &r, &r_len)) {
++               DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       g_len = q_len;
++       /**
++        * Get generator into a plain buffer. If length is less than
++        * q_len then add leading padding bytes.
++        */
++       if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
++               DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++       w_len = q_len;
++       /**
++        * Get public key into a plain buffer. If length is less than
++        * q_len then add leading padding bytes.
++        */
++       if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) {
++               DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++       /**
++        * Get the 1st part of signature into a flat buffer with
++        * appropriate padding
++        */
++       c_len = r_len;
++
++       if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /**
++        * Get the 2nd part of signature into a flat buffer with
++        * appropriate padding
++        */
++       d_len = r_len;
++
++       if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++
++       /* Sanity test */
++       if (dlen > r_len) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Allocate memory to store hash. */
++       f = OPENSSL_malloc (r_len);
++       if (!f) {
++               DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Add padding, since SEC expects hash to of size r_len */
++       if (dlen < r_len)
++               memset(f, 0, r_len - dlen);
++
++       /* Skip leading bytes if dgst_len < r_len */
++       memcpy(f + r_len - dlen, dgst, dlen);
++
++       dlen = r_len;
++       memset(kop, 0, sizeof(struct crypt_kop));
++
++       /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
++       kop->crk_param[0].crp_p = (void*)f;
++       kop->crk_param[0].crp_nbits = dlen * 8;
++       kop->crk_param[1].crp_p = q;
++       kop->crk_param[1].crp_nbits = q_len * 8;
++       kop->crk_param[2].crp_p = r;
++       kop->crk_param[2].crp_nbits = r_len * 8;
++       kop->crk_param[3].crp_p = g;
++       kop->crk_param[3].crp_nbits = g_len * 8;
++       kop->crk_param[4].crp_p = w;
++       kop->crk_param[4].crp_nbits = w_len * 8;
++       kop->crk_param[5].crp_p = c;
++       kop->crk_param[5].crp_nbits = c_len * 8;
++       kop->crk_param[6].crp_p = d;
++       kop->crk_param[6].crp_nbits = d_len * 8;
++       kop->crk_iparams = 7;
++       kop->crk_op = CRK_DSA_VERIFY;
++       kop->cookie = cookie;
++       if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
++               goto err;
++
++       return ret;
++err:
++       {
++               const DSA_METHOD *meth = DSA_OpenSSL();
++
++               if (kop)
++                       free(kop);
++
++               ret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
++               cookie->pkc_callback(cookie, 0);
++       }
++       return ret;
++}
++
++static DSA_METHOD cryptodev_dsa = {
++       "cryptodev DSA method",
++       NULL,
++       NULL,                           /* dsa_sign_setup */
++       NULL,
++       NULL,                           /* dsa_mod_exp */
++       NULL,
++       NULL,
++       NULL,
++       NULL,
++       NULL,                           /* init */
++       NULL,                           /* finish */
++       0,      /* flags */
++       NULL    /* app_data */
++};
++
++static ECDSA_METHOD cryptodev_ecdsa = {
++       "cryptodev ECDSA method",
++       NULL,
++       NULL,                           /* ecdsa_sign_setup */
++       NULL,
++       NULL,
++       NULL,
++       NULL,
++       0,      /* flags */
++       NULL    /* app_data */
++};
++
++typedef enum ec_curve_s
++{
++       EC_PRIME,
++       EC_BINARY
++} ec_curve_t;
++
++/* ENGINE handler for ECDSA Sign */
++static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
++       int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
++{
++       BIGNUM  *m = NULL, *p = NULL, *a = NULL;
++       BIGNUM  *b = NULL, *x = NULL, *y = NULL;
++       BN_CTX  *ctx = NULL;
++       ECDSA_SIG *ret = NULL;
++       ECDSA_DATA *ecdsa = NULL;
++       unsigned char  * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
++       unsigned char  * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
++       int     i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
++       int     g_len = 0, d_len = 0, ab_len = 0;
++       const BIGNUM   *order = NULL, *priv_key=NULL;
++       const EC_GROUP *group = NULL;
++       struct crypt_kop kop;
++       ec_curve_t ec_crv = EC_PRIME;
++
++       memset(&kop, 0, sizeof(kop));
++       ecdsa = ecdsa_check(eckey);
++       if (!ecdsa) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
++               return NULL;
++       }
++
++       group = EC_KEY_get0_group(eckey);
++       priv_key = EC_KEY_get0_private_key(eckey);
++
++       if (!group || !priv_key) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
++               return NULL;
++       }
++
++       if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
++               (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
++               (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
++               (y = BN_new()) == NULL) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       order = &group->order;
++       if (!order || BN_is_zero(order)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
++               goto err;
++       }
++
++       i = BN_num_bits(order);
++       /* Need to truncate digest if it is too long: first truncate whole
++        bytes */
++       if (8 * dgst_len > i)
++               dgst_len = (i + 7)/8;
++
++       if (!BN_bin2bn(dgst, dgst_len, m)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++               goto err;
++       }
++
++       /* If still too long truncate remaining bits with a shift */
++       if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++               goto err;
++       }
++
++       /* copy the truncated bits into plain buffer */
++       if (spcf_bn2bin(m, &tmp_dgst, &dgst_len))  {
++               fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__);
++               goto err;
++       }
++
++       ret = ECDSA_SIG_new();
++       if  (!ret) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++               goto err;
++       }
++
++       /* check if this is prime or binary EC request */
++       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
++               ec_crv = EC_PRIME;
++               /* get the generator point pair */
++               if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group),
++                       x, y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++                       goto err;
++               }
++
++               /* get the ECC curve parameters */
++               if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
+                        goto err;
+                }
+        } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) {
+@@ -2195,63 +2700,581 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
+        }
+ 
+        /**
+-        * Get the 2nd part of signature into a flat buffer with
+-        * appropriate padding
++        * Get the 2nd part of signature into a flat buffer with
++        * appropriate padding
++        */
++       if (BN_num_bytes(sig->s) < r_len)
++               d_len = r_len;
++
++       if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* memory for message representative */
++       f = malloc(r_len);
++       if (!f) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Add padding, since SEC expects hash to of size r_len */
++       memset(f, 0, r_len-dgst_len);
++
++       /* Skip leading bytes if dgst_len < r_len */
++       memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len);
++       dgst_len += r_len-dgst_len;
++       kop.crk_op = CRK_DSA_VERIFY;
++       /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
++       kop.crk_param[0].crp_p = f;
++       kop.crk_param[0].crp_nbits = dgst_len * 8;
++       kop.crk_param[1].crp_p = q;
++       kop.crk_param[1].crp_nbits = q_len * 8;
++       kop.crk_param[2].crp_p = r;
++       kop.crk_param[2].crp_nbits = r_len * 8;
++       kop.crk_param[3].crp_p = g_xy;
++       kop.crk_param[3].crp_nbits = g_len * 8;
++       kop.crk_param[4].crp_p = w_xy;
++       kop.crk_param[4].crp_nbits = pub_key_len * 8;
++       kop.crk_param[5].crp_p = ab;
++       kop.crk_param[5].crp_nbits = ab_len * 8;
++       kop.crk_param[6].crp_p = c;
++       kop.crk_param[6].crp_nbits = d_len * 8;
++       kop.crk_param[7].crp_p = d;
++       kop.crk_param[7].crp_nbits = d_len * 8;
++       kop.crk_iparams = 8;
++
++       if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
++               /*OCF success value is 0, if not zero, change ret to fail*/
++               if(0 == kop.crk_status)
++                       ret  = 1;
++       } else {
++               const ECDSA_METHOD *meth = ECDSA_OpenSSL();
++
++               ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey);
++       }
++       kop.crk_param[0].crp_p = NULL;
++       zapparams(&kop);
++
++err:
++       return ret;
++}
++
++static int cryptodev_ecdsa_do_sign_async( const unsigned char  *dgst,
++       int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey,
++       ECDSA_SIG *sig, struct pkc_cookie_s *cookie)
++{
++       BIGNUM  *m = NULL, *p = NULL, *a = NULL;
++       BIGNUM  *b = NULL, *x = NULL, *y = NULL;
++       BN_CTX  *ctx = NULL;
++       ECDSA_SIG *sig_ret = NULL;
++       ECDSA_DATA *ecdsa = NULL;
++       unsigned char  * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
++       unsigned char  * s = NULL, *f = NULL, *tmp_dgst = NULL;
++       int     i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
++       int     g_len = 0, ab_len = 0, ret = 1;
++       const BIGNUM   *order = NULL, *priv_key=NULL;
++       const EC_GROUP *group = NULL;
++       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++       ec_curve_t ec_crv = EC_PRIME;
++
++       if (!(sig->r = BN_new()) || !kop)
++               goto err;
++       if ((sig->s = BN_new()) == NULL) {
++               BN_free(r);
++               goto err;
++       }
++
++       memset(kop, 0, sizeof(struct crypt_kop));
++       ecdsa = ecdsa_check(eckey);
++       if (!ecdsa) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
++               goto err;
++       }
++
++       group = EC_KEY_get0_group(eckey);
++       priv_key = EC_KEY_get0_private_key(eckey);
++
++       if (!group || !priv_key) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
++               goto err;
++       }
++
++       if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
++               (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
++               (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
++               (y = BN_new()) == NULL) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       order = &group->order;
++       if (!order || BN_is_zero(order)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
++               goto err;
++       }
++
++       i = BN_num_bits(order);
++       /* Need to truncate digest if it is too long: first truncate whole
++        bytes */
++       if (8 * dgst_len > i)
++               dgst_len = (i + 7)/8;
++
++       if (!BN_bin2bn(dgst, dgst_len, m)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++               goto err;
++       }
++
++       /* If still too long truncate remaining bits with a shift */
++       if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++               goto err;
++       }
++
++       /* copy the truncated bits into plain buffer */
++       if (spcf_bn2bin(m, &tmp_dgst, &dgst_len))  {
++               fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__);
++               goto err;
++       }
++
++       /* check if this is prime or binary EC request */
++       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group))
++                               == NID_X9_62_prime_field) {
++               ec_crv = EC_PRIME;
++               /* get the generator point pair */
++               if (!EC_POINT_get_affine_coordinates_GFp (group,
++                       EC_GROUP_get0_generator(group), x, y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++                       goto err;
++               }
++
++               /* get the ECC curve parameters */
++               if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++                       goto err;
++               }
++       } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) {
++               ec_crv = EC_BINARY;
++               /* get the ECC curve parameters */
++               if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++                       goto err;
++               }
++
++               /* get the generator point pair */
++               if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                       EC_GROUP_get0_generator(group), x, y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++                       goto err;
++               }
++       } else {
++               printf("Unsupported Curve\n");
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++               goto err;
++       }
++
++       if (spcf_bn2bin(order, &r, &r_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       if (spcf_bn2bin(p, &q, &q_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       priv_key_len = r_len;
++
++       /**
++        * If BN_num_bytes of priv_key returns less then r_len then
++        * add padding bytes before the key
++        */
++       if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len))  {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Generation of ECC curve parameters */
++       ab_len = 2*q_len;
++       ab = eng_copy_curve_points(a, b, ab_len, q_len);
++       if (!ab) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       if (ec_crv == EC_BINARY) {
++               if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
++               {
++                       unsigned char *c_temp = NULL;
++                       int c_temp_len = q_len;
++                       if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
++                               memcpy(ab+q_len, c_temp, q_len);
++                       else
++                               goto err;
++               }
++               kop->curve_type = ECC_BINARY;
++       }
++
++       /* Calculation of Generator point */
++       g_len = 2*q_len;
++       g_xy = eng_copy_curve_points(x, y, g_len, q_len);
++       if (!g_xy) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* memory for message representative */
++       f = malloc(r_len);
++       if (!f) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Add padding, since SEC expects hash to of size r_len */
++       memset(f, 0, r_len - dgst_len);
++
++       /* Skip leading bytes if dgst_len < r_len */
++       memcpy(f +  r_len - dgst_len, tmp_dgst, dgst_len);
++
++       dgst_len +=  r_len - dgst_len;
++
++       kop->crk_op = CRK_DSA_SIGN;
++       /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
++       kop->crk_param[0].crp_p = f;
++       kop->crk_param[0].crp_nbits = dgst_len * 8;
++       kop->crk_param[1].crp_p = q;
++       kop->crk_param[1].crp_nbits = q_len * 8;
++       kop->crk_param[2].crp_p = r;
++       kop->crk_param[2].crp_nbits = r_len * 8;
++       kop->crk_param[3].crp_p = g_xy;
++       kop->crk_param[3].crp_nbits = g_len * 8;
++       kop->crk_param[4].crp_p = s;
++       kop->crk_param[4].crp_nbits = priv_key_len * 8;
++       kop->crk_param[5].crp_p = ab;
++       kop->crk_param[5].crp_nbits = ab_len * 8;
++       kop->crk_iparams = 6;
++       kop->cookie = cookie;
++
++       if (cryptodev_asym_async(kop, r_len, sig->r , r_len, sig->s))
++               goto err;
++
++       return ret;
++err:
++       {
++               const ECDSA_METHOD *meth = ECDSA_OpenSSL();
++               BN_free(sig->r);
++               BN_free(sig->s);
++               if (kop)
++                       free(kop);
++               sig_ret = (meth->ecdsa_do_sign)(dgst, dgst_len, in_kinv, in_r, eckey);
++               sig->r = sig_ret->r;
++               sig->s = sig_ret->s;
++               cookie->pkc_callback(cookie, 0);
++       }
++       return ret;
++}
++
++static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len,
++               const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie)
++{
++       BIGNUM  *m = NULL, *p = NULL, *a = NULL, *b = NULL;
++       BIGNUM  *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
++       BN_CTX  *ctx = NULL;
++       ECDSA_DATA      *ecdsa = NULL;
++       unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy = NULL;
++       unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
++       int     i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0;
++       int     d_len = 0, ab_len = 0, ret = 1;
++       const EC_POINT *pub_key = NULL;
++       const BIGNUM   *order = NULL;
++       const EC_GROUP *group=NULL;
++       ec_curve_t       ec_crv = EC_PRIME;
++       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++
++       if (!kop)
++               goto err;
++
++       memset(kop, 0, sizeof(struct crypt_kop));
++       ecdsa = ecdsa_check(eckey);
++       if (!ecdsa) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
++               goto err;
++       }
++
++       group    = EC_KEY_get0_group(eckey);
++       pub_key  = EC_KEY_get0_public_key(eckey);
++
++       if (!group || !pub_key) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
++               goto err;
++       }
++
++       if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
++               (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
++               (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
++               (y = BN_new()) == NULL || (w_x = BN_new()) == NULL ||
++               (w_y = BN_new()) == NULL) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       order = &group->order;
++       if (!order || BN_is_zero(order)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
++               goto err;
++       }
++
++       i = BN_num_bits(order);
++       /* Need to truncate digest if it is too long: first truncate whole
++       * bytes */
++       if (8 * dgst_len > i)
++               dgst_len = (i + 7)/8;
++
++       if (!BN_bin2bn(dgst, dgst_len, m)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
++               goto err;
++       }
++
++       /* If still too long truncate remaining bits with a shift */
++       if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
++               goto err;
++       }
++       /* copy the truncated bits into plain buffer */
++       if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* check if this is prime or binary EC request */
++       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
++               ec_crv = EC_PRIME;
++
++               /* get the generator point pair */
++               if (!EC_POINT_get_affine_coordinates_GFp (group,
++                       EC_GROUP_get0_generator(group), x, y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++                       goto err;
++               }
++
++               /* get the public key pair for prime curve */
++               if (!EC_POINT_get_affine_coordinates_GFp (group,
++                       pub_key, w_x, w_y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++                       goto err;
++               }
++
++               /* get the ECC curve parameters */
++               if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++                       goto err;
++               }
++       } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field){
++               ec_crv = EC_BINARY;
++               /* get the ECC curve parameters */
++               if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++                       goto err;
++               }
++
++               /* get the generator point pair */
++               if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                       EC_GROUP_get0_generator(group),x, y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++                       goto err;
++               }
++
++               /* get the public key pair for binary curve */
++               if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                       pub_key, w_x, w_y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++                       goto err;
++               }
++       }else {
++               printf("Unsupported Curve\n");
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
++               goto err;
++       }
++
++       /* Get the order of the subgroup of private keys */
++       if (spcf_bn2bin((BIGNUM*)order, &r, &r_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Get the irreducible polynomial that creates the field */
++       if (spcf_bn2bin(p, &q, &q_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Get the public key into a flat buffer with appropriate padding */
++       pub_key_len = 2 * q_len;
++
++       w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len);
++       if (!w_xy) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Generation of ECC curve parameters */
++       ab_len = 2*q_len;
++
++       ab = eng_copy_curve_points (a, b, ab_len, q_len);
++       if (!ab) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       if (ec_crv == EC_BINARY) {
++               /* copy b' i.e c(b), instead of only b */
++               eng_ec_get_cparam (EC_GROUP_get_curve_name(group),
++                       ab+q_len, q_len);
++               kop->curve_type = ECC_BINARY;
++       }
++
++       /* Calculation of Generator point */
++       g_len = 2 * q_len;
++
++       g_xy = eng_copy_curve_points (x, y, g_len, q_len);
++       if (!g_xy) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /**
++        * Get the 1st part of signature into a flat buffer with
++        * appropriate padding
++        */
++       if (BN_num_bytes(sig->r) < r_len)
++               c_len = r_len;
++
++       if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /**
++        * Get the 2nd part of signature into a flat buffer with
++        * appropriate padding
++        */
++       if (BN_num_bytes(sig->s) < r_len)
++               d_len = r_len;
++
++       if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* memory for message representative */
++       f = malloc(r_len);
++       if (!f) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Add padding, since SEC expects hash to of size r_len */
++       memset(f, 0, r_len-dgst_len);
++
++       /* Skip leading bytes if dgst_len < r_len */
++       memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len);
++
++       dgst_len += r_len-dgst_len;
++
++       kop->crk_op = CRK_DSA_VERIFY;
++       /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
++       kop->crk_param[0].crp_p = f;
++       kop->crk_param[0].crp_nbits = dgst_len * 8;
++       kop->crk_param[1].crp_p = q;
++       kop->crk_param[1].crp_nbits = q_len * 8;
++       kop->crk_param[2].crp_p = r;
++       kop->crk_param[2].crp_nbits = r_len * 8;
++       kop->crk_param[3].crp_p = g_xy;
++       kop->crk_param[3].crp_nbits = g_len * 8;
++       kop->crk_param[4].crp_p = w_xy;
++       kop->crk_param[4].crp_nbits = pub_key_len * 8;
++       kop->crk_param[5].crp_p = ab;
++       kop->crk_param[5].crp_nbits = ab_len * 8;
++       kop->crk_param[6].crp_p = c;
++       kop->crk_param[6].crp_nbits = d_len * 8;
++       kop->crk_param[7].crp_p = d;
++       kop->crk_param[7].crp_nbits = d_len * 8;
++       kop->crk_iparams = 8;
++       kop->cookie = cookie;
++
++       if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
++               goto err;
++
++       return ret;
++err:
++       {
++               const ECDSA_METHOD *meth = ECDSA_OpenSSL();
++
++               if (kop)
++                       free(kop);
++               ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey);
++               cookie->pkc_callback(cookie, 0);
++       }
++
++       return ret;
++}
++
++/* Cryptodev DH Key Gen routine */
++static int cryptodev_dh_keygen_async(DH *dh,  struct pkc_cookie_s *cookie)
++{
++       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++       int ret = 1, g_len;
++       unsigned char *g = NULL;
++
++       if (!kop)
++               goto sw_try;
++
++       if (dh->priv_key == NULL)       {
++               if ((dh->priv_key=BN_new()) == NULL)
++                       goto sw_try;
++       }
++
++       if (dh->pub_key == NULL) {
++               if ((dh->pub_key=BN_new()) == NULL)
++                       goto sw_try;
++       }
++
++       g_len = BN_num_bytes(dh->p);
++       /**
++        * Get generator into a plain buffer. If length is less than
++        * q_len then add leading padding bytes.
+         */
+-       if (BN_num_bytes(sig->s) < r_len)
+-               d_len = r_len;
+-
+-       if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
+-               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+-               goto err;
+-       }
+-
+-       /* memory for message representative */
+-       f = malloc(r_len);
+-       if (!f) {
+-               ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+-               goto err;
++       if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
++               DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
++               goto sw_try;
+        }
+ 
+-       /* Add padding, since SEC expects hash to of size r_len */
+-       memset(f, 0, r_len-dgst_len);
++       memset(kop, 0, sizeof(struct crypt_kop));
++       kop->crk_op = CRK_DH_GENERATE_KEY;
++       if (bn2crparam(dh->p, &kop->crk_param[0]))
++               goto sw_try;
++       if (bn2crparam(dh->q, &kop->crk_param[1]))
++               goto sw_try;
++       kop->crk_param[2].crp_p = g;
++       kop->crk_param[2].crp_nbits = g_len * 8;
++       kop->crk_iparams = 3;
++       kop->cookie = cookie;
+ 
+-       /* Skip leading bytes if dgst_len < r_len */
+-       memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len);
+-       dgst_len += r_len-dgst_len;
+-       kop.crk_op = CRK_DSA_VERIFY;
+-       /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+-       kop.crk_param[0].crp_p = f;
+-       kop.crk_param[0].crp_nbits = dgst_len * 8;
+-       kop.crk_param[1].crp_p = q;
+-       kop.crk_param[1].crp_nbits = q_len * 8;
+-       kop.crk_param[2].crp_p = r;
+-       kop.crk_param[2].crp_nbits = r_len * 8;
+-       kop.crk_param[3].crp_p = g_xy;
+-       kop.crk_param[3].crp_nbits = g_len * 8;
+-       kop.crk_param[4].crp_p = w_xy;
+-       kop.crk_param[4].crp_nbits = pub_key_len * 8;
+-       kop.crk_param[5].crp_p = ab;
+-       kop.crk_param[5].crp_nbits = ab_len * 8;
+-       kop.crk_param[6].crp_p = c;
+-       kop.crk_param[6].crp_nbits = d_len * 8;
+-       kop.crk_param[7].crp_p = d;
+-       kop.crk_param[7].crp_nbits = d_len * 8;
+-       kop.crk_iparams = 8;
++       /* pub_key is or prime length while priv key is of length of order */
++       if (cryptodev_asym_async(kop, BN_num_bytes(dh->p), dh->pub_key,
++           BN_num_bytes(dh->q), dh->priv_key))
++           goto sw_try;
+ 
+-       if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
+-               /*OCF success value is 0, if not zero, change ret to fail*/
+-               if(0 == kop.crk_status)
+-                       ret  = 1;
+-       } else {
+-               const ECDSA_METHOD *meth = ECDSA_OpenSSL();
++       return ret;
++sw_try:
++       {
++               const DH_METHOD *meth = DH_OpenSSL();
+ 
+-               ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey);
++               if (kop)
++                       free(kop);
++               ret = (meth->generate_key)(dh);
++               cookie->pkc_callback(cookie, 0);
+        }
+-       kop.crk_param[0].crp_p = NULL;
+-       zapparams(&kop);
+-
+-err:
+        return ret;
+ }
+ 
+@@ -2360,6 +3383,54 @@ sw_try:
+        return (dhret);
+ }
+ 
++/* Return Length if successful and 0 on failure */
++static int
++cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
++               DH *dh, struct pkc_cookie_s *cookie)
++{
++       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++       int ret = 1;
++       int fd, p_len;
++       unsigned char *padded_pub_key = NULL, *p = NULL;
++
++       fd = *(int *)cookie->eng_handle;
++
++       memset(kop, 0, sizeof(struct crypt_kop));
++       kop->crk_op = CRK_DH_COMPUTE_KEY;
++       /* inputs: dh->priv_key pub_key dh->p key */
++       spcf_bn2bin(dh->p, &p, &p_len);
++       spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
++
++       if (bn2crparam(dh->priv_key, &kop->crk_param[0]))
++               goto err;
++       kop->crk_param[1].crp_p = padded_pub_key;
++       kop->crk_param[1].crp_nbits = p_len * 8;
++       kop->crk_param[2].crp_p = p;
++       kop->crk_param[2].crp_nbits = p_len * 8;
++       kop->crk_iparams = 3;
++
++       kop->cookie = cookie;
++       kop->crk_param[3].crp_p = (void*) key;
++       kop->crk_param[3].crp_nbits = p_len * 8;
++       kop->crk_oparams = 1;
++
++       if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
++               goto err;
++
++       return p_len;
++err:
++       {
++               const DH_METHOD *meth = DH_OpenSSL();
++
++               if (kop)
++                       free(kop);
++               ret = (meth->compute_key)(key, pub_key, dh);
++               /* Call user cookie handler */
++               cookie->pkc_callback(cookie, 0);
++       }
++       return (ret);
++}
++
+ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
+        const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
+        void *out, size_t *outlen))
+@@ -2537,6 +3608,190 @@ err:
+        return ret;
+ }
+ 
++int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
++       const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
++       void *out, size_t *outlen), struct pkc_cookie_s *cookie)
++{
++       ec_curve_t       ec_crv = EC_PRIME;
++       unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
++       BIGNUM         * w_x = NULL, *w_y = NULL;
++       int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
++       BIGNUM * p = NULL, *a = NULL, *b = NULL;
++       BN_CTX *ctx;
++       EC_POINT *tmp=NULL;
++       BIGNUM *x=NULL, *y=NULL;
++       const BIGNUM *priv_key;
++       const EC_GROUP* group = NULL;
++       int ret = 1;
++       size_t buflen, len;
++       struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
++
++       if (!(ctx = BN_CTX_new()) || !kop)
++                goto err;
++
++       memset(kop, 0, sizeof(struct crypt_kop));
++
++       BN_CTX_start(ctx);
++       x = BN_CTX_get(ctx);
++       y = BN_CTX_get(ctx);
++       p = BN_CTX_get(ctx);
++       a = BN_CTX_get(ctx);
++       b = BN_CTX_get(ctx);
++       w_x = BN_CTX_get(ctx);
++       w_y = BN_CTX_get(ctx);
++
++       if (!x || !y || !p || !a || !b || !w_x || !w_y) {
++               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       priv_key = EC_KEY_get0_private_key(ecdh);
++       if (priv_key == NULL) {
++               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE);
++               goto err;
++       }
++
++       group = EC_KEY_get0_group(ecdh);
++       if ((tmp=EC_POINT_new(group)) == NULL) {
++               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
++               NID_X9_62_prime_field) {
++               ec_crv = EC_PRIME;
++
++               if (!EC_POINT_get_affine_coordinates_GFp(group,
++                       EC_GROUP_get0_generator(group), x, y, ctx)) {
++                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
++                       goto err;
++               }
++
++               /* get the ECC curve parameters */
++               if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
++                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
++                       goto err;
++               }
++
++               /* get the public key pair for prime curve */
++               if (!EC_POINT_get_affine_coordinates_GFp (group, pub_key, w_x, w_y,ctx)) {
++                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
++                       goto err;
++               }
++       } else {
++               ec_crv = EC_BINARY;
++
++               if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                       EC_GROUP_get0_generator(group), x, y, ctx)) {
++                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
++                       goto err;
++               }
++
++               /* get the ECC curve parameters */
++               if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
++                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
++                       goto err;
++               }
++
++               /* get the public key pair for binary curve */
++               if (!EC_POINT_get_affine_coordinates_GF2m(group,
++                       pub_key, w_x, w_y,ctx)) {
++                       ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
++                       goto err;
++               }
++       }
++
++       /* irreducible polynomial that creates the field */
++       if (spcf_bn2bin((BIGNUM*)&group->order, &r, &r_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Get the irreducible polynomial that creates the field */
++       if (spcf_bn2bin(p, &q, &q_len)) {
++               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
++               goto err;
++       }
++
++       /* Get the public key into a flat buffer with appropriate padding */
++       pub_key_len = 2 * q_len;
++       w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len);
++       if (!w_xy) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       /* Generation of ECC curve parameters */
++       ab_len = 2*q_len;
++       ab = eng_copy_curve_points (a, b, ab_len, q_len);
++       if (!ab) {
++               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
++               goto err;
++       }
++
++       if (ec_crv == EC_BINARY) {
++               /* copy b' i.e c(b), instead of only b */
++               if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
++               {
++                       unsigned char *c_temp = NULL;
++                       int c_temp_len = q_len;
++                       if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
++                               memcpy(ab+q_len, c_temp, q_len);
++                       else
++                               goto err;
++               }
++               kop->curve_type = ECC_BINARY;
++       } else
++               kop->curve_type = ECC_PRIME;
++
++       priv_key_len = r_len;
++
++       /*
++        * If BN_num_bytes of priv_key returns less then r_len then
++        * add padding bytes before the key
++        */
++       if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) {
++               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++               goto err;
++       }
++
++       buflen = (EC_GROUP_get_degree(group) + 7)/8;
++       len = BN_num_bytes(x);
++       if (len > buflen || q_len < buflen) {
++               ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
++               goto err;
++       }
++
++       kop->crk_op = CRK_DH_COMPUTE_KEY;
++       kop->crk_param[0].crp_p = (void *) s;
++       kop->crk_param[0].crp_nbits = priv_key_len*8;
++       kop->crk_param[1].crp_p = (void *) w_xy;
++       kop->crk_param[1].crp_nbits = pub_key_len*8;
++       kop->crk_param[2].crp_p = (void *) q;
++       kop->crk_param[2].crp_nbits = q_len*8;
++       kop->crk_param[3].crp_p = (void *) ab;
++       kop->crk_param[3].crp_nbits = ab_len*8;
++       kop->crk_iparams = 4;
++       kop->crk_param[4].crp_p = (void *) out;
++       kop->crk_param[4].crp_nbits = q_len*8;
++       kop->crk_oparams = 1;
++       kop->cookie = cookie;
++       if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
++               goto err;
++
++       return q_len;
++err:
++       {
++               const ECDH_METHOD *meth = ECDH_OpenSSL();
++
++               if (kop)
++                       free(kop);
++               ret = (meth->compute_key)(out, outlen, pub_key, ecdh, KDF);
++               /* Call user cookie handler */
++               cookie->pkc_callback(cookie, 0);
++       }
++       return ret;
++}
+ 
+ static DH_METHOD cryptodev_dh = {
+        "cryptodev DH method",
+@@ -2545,6 +3800,8 @@ static DH_METHOD cryptodev_dh = {
+        NULL,
+        NULL,
+        NULL,
++       NULL,
++       NULL,
+        0,      /* flags */
+        NULL    /* app_data */
+ };
+@@ -2553,6 +3810,7 @@ static ECDH_METHOD cryptodev_ecdh = {
+        "cryptodev ECDH method",
+        NULL,   /* cryptodev_ecdh_compute_key */
+        NULL,
++       NULL,
+        0,              /* flags */
+        NULL    /* app_data */
+ };
+@@ -2625,12 +3883,19 @@ ENGINE_load_cryptodev(void)
+                cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
+                if (cryptodev_asymfeat & CRF_MOD_EXP) {
+                        cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
+-                       if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
++                       cryptodev_rsa.bn_mod_exp_async =
++                                cryptodev_bn_mod_exp_async;
++                       if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) {
+                                cryptodev_rsa.rsa_mod_exp =
+                                    cryptodev_rsa_mod_exp;
+-                       else
++                               cryptodev_rsa.rsa_mod_exp_async =
++                                   cryptodev_rsa_mod_exp_async;
++                       } else {
+                                cryptodev_rsa.rsa_mod_exp =
+                                    cryptodev_rsa_nocrt_mod_exp;
++                               cryptodev_rsa.rsa_mod_exp_async =
++                                   cryptodev_rsa_nocrt_mod_exp_async;
++                       }
+                }
+        }
+ 
+@@ -2638,12 +3903,21 @@ ENGINE_load_cryptodev(void)
+                const DSA_METHOD *meth = DSA_OpenSSL();
+ 
+                memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
+-               if (cryptodev_asymfeat & CRF_DSA_SIGN)
++               if (cryptodev_asymfeat & CRF_DSA_SIGN) {
+                        cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
+-               if (cryptodev_asymfeat & CRF_DSA_VERIFY)
++                       cryptodev_dsa.dsa_do_sign_async =
++                                cryptodev_dsa_do_sign_async;
++               }
++               if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
+                        cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
+-               if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY)
++                       cryptodev_dsa.dsa_do_verify_async =
++                                cryptodev_dsa_verify_async;
++               }
++               if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) {
+                        cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen;
++                       cryptodev_dsa.dsa_keygen_async =
++                                cryptodev_dsa_keygen_async;
++               }
+        }
+ 
+        if (ENGINE_set_DH(engine, &cryptodev_dh)){
+@@ -2652,10 +3926,15 @@ ENGINE_load_cryptodev(void)
+                if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
+                        cryptodev_dh.compute_key =
+                                cryptodev_dh_compute_key;
++                       cryptodev_dh.compute_key_async =
++                               cryptodev_dh_compute_key_async;
+                }
+                if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) {
+                        cryptodev_dh.generate_key =
+                                cryptodev_dh_keygen;
++                       cryptodev_dh.generate_key_async =
++                               cryptodev_dh_keygen_async;
++
+                }
+        }
+ 
+@@ -2664,10 +3943,14 @@ ENGINE_load_cryptodev(void)
+                memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD));
+                if (cryptodev_asymfeat & CRF_DSA_SIGN) {
+                        cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign;
++                       cryptodev_ecdsa.ecdsa_do_sign_async =
++                               cryptodev_ecdsa_do_sign_async;
+                }
+                if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
+                        cryptodev_ecdsa.ecdsa_do_verify =
+                                cryptodev_ecdsa_verify;
++                       cryptodev_ecdsa.ecdsa_do_verify_async =
++                               cryptodev_ecdsa_verify_async;
+                }
+        }
+ 
+@@ -2676,9 +3959,16 @@ ENGINE_load_cryptodev(void)
+                memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD));
+                if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
+                        cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key;
++                       cryptodev_ecdh.compute_key_async =
++                                cryptodev_ecdh_compute_key_async;
+                }
+        }
+ 
++       ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability);
++       ENGINE_set_close_instance(engine, cryptodev_close_instance);
++       ENGINE_set_init_instance(engine, cryptodev_init_instance);
++       ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC);
++
+        ENGINE_add(engine);
+        ENGINE_free(engine);
+        ERR_clear_error();
+diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
+index 451ef8f..8fc3077 100644
+--- a/crypto/engine/eng_int.h
++++ b/crypto/engine/eng_int.h
+@@ -181,7 +181,29 @@ struct engine_st
+        ENGINE_LOAD_KEY_PTR load_pubkey;
+ 
+        ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
+-
++       /*
++        * Instantiate Engine handle to be passed in check_pkc_availability
++        * Ensure that Engine is instantiated before any pkc asynchronous call.
++        */
++       void *(*engine_init_instance)(void);
++       /*
++        * Instantiated Engine handle will be closed with this call.
++        * Ensure that no pkc asynchronous call is made after this call
++        */
++       void (*engine_close_instance)(void *handle);
++       /*
++        * Check availability will extract the data from kernel.
++        * eng_handle: This is the Engine handle corresponds to which
++        * the cookies needs to be polled.
++        * return 0 if cookie available else 1
++        */
++       int (*check_pkc_availability)(void *eng_handle);
++       /*
++        * The following map is used to check if the engine supports asynchronous implementation
++        * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous
++        * implementation need to check this features using "int ENGINE_get_async_map(engine *)";
++        */
++       int async_map;
+        const ENGINE_CMD_DEFN *cmd_defns;
+        int flags;
+        /* reference count on the structure itself */
+diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
+index 18a6664..6fa621c 100644
+--- a/crypto/engine/eng_lib.c
++++ b/crypto/engine/eng_lib.c
+@@ -98,7 +98,11 @@ void engine_set_all_null(ENGINE *e)
+        e->ctrl = NULL;
+        e->load_privkey = NULL;
+        e->load_pubkey = NULL;
++       e->check_pkc_availability = NULL;
++       e->engine_init_instance = NULL;
++       e->engine_close_instance = NULL;
+        e->cmd_defns = NULL;
++       e->async_map = 0;
+        e->flags = 0;
+        }
+ 
+@@ -233,6 +237,48 @@ int ENGINE_set_id(ENGINE *e, const char *id)
+        return 1;
+        }
+ 
++void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void))
++       {
++               e->engine_init_instance = engine_init_instance;
++       }
++
++void ENGINE_set_close_instance(ENGINE *e,
++       void (*engine_close_instance)(void *))
++       {
++               e->engine_close_instance = engine_close_instance;
++       }
++
++void ENGINE_set_async_map(ENGINE *e, int async_map)
++       {
++               e->async_map = async_map;
++       }
++
++void *ENGINE_init_instance(ENGINE *e)
++       {
++               return e->engine_init_instance();
++       }
++
++void ENGINE_close_instance(ENGINE *e, void *eng_handle)
++       {
++               e->engine_close_instance(eng_handle);
++       }
++
++int ENGINE_get_async_map(ENGINE *e)
++       {
++               return e->async_map;
++       }
++
++void ENGINE_set_check_pkc_availability(ENGINE *e,
++       int (*check_pkc_availability)(void *eng_handle))
++       {
++               e->check_pkc_availability = check_pkc_availability;
++       }
++
++int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle)
++       {
++               return e->check_pkc_availability(eng_handle);
++       }
++
+ int ENGINE_set_name(ENGINE *e, const char *name)
+        {
+        if(name == NULL)
+diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
+index 237a6c9..ccff86a 100644
+--- a/crypto/engine/engine.h
++++ b/crypto/engine/engine.h
+@@ -473,6 +473,30 @@ ENGINE *ENGINE_new(void);
+ int ENGINE_free(ENGINE *e);
+ int ENGINE_up_ref(ENGINE *e);
+ int ENGINE_set_id(ENGINE *e, const char *id);
++void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void));
++void ENGINE_set_close_instance(ENGINE *e,
++       void (*engine_free_instance)(void *));
++/*
++ * Following FLAGS are bitmap store in async_map to set asynchronous interface capability
++ *of the engine
++ */
++#define ENGINE_RSA_ASYNC 0x0001
++#define ENGINE_DSA_ASYNC 0x0002
++#define ENGINE_DH_ASYNC 0x0004
++#define ENGINE_ECDSA_ASYNC 0x0008
++#define ENGINE_ECDH_ASYNC 0x0010
++#define ENGINE_ALLPKC_ASYNC 0x001F
++/* Engine implementation will set the bitmap based on above flags using following API */
++void ENGINE_set_async_map(ENGINE *e, int async_map);
++ /* Application need to check the bitmap based on above flags using following API
++  * to confirm asynchronous methods supported
++  */
++int ENGINE_get_async_map(ENGINE *e);
++void *ENGINE_init_instance(ENGINE *e);
++void ENGINE_close_instance(ENGINE *e, void *eng_handle);
++void ENGINE_set_check_pkc_availability(ENGINE *e,
++       int (*check_pkc_availability)(void *eng_handle));
++int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle);
+ int ENGINE_set_name(ENGINE *e, const char *name);
+ int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
+ int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
+diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
+index 5f269e5..6ef1b15 100644
+--- a/crypto/rsa/rsa.h
++++ b/crypto/rsa/rsa.h
+@@ -101,6 +101,29 @@ struct rsa_meth_st
+        int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                          const BIGNUM *m, BN_CTX *ctx,
+                          BN_MONT_CTX *m_ctx); /* Can be null */
++       /*
++        * Cookie in the following _async variant must be allocated before
++        * submission and can be freed once its corresponding callback
++        * handler is called
++        */
++       int (*rsa_pub_enc_asyn)(int flen,const unsigned char *from,
++                          unsigned char *to, RSA *rsa, int padding,
++                          struct pkc_cookie_s *cookie);
++       int (*rsa_pub_dec_async)(int flen,const unsigned char *from,
++                          unsigned char *to, RSA *rsa, int padding,
++                          struct pkc_cookie_s *cookie);
++       int (*rsa_priv_enc_async)(int flen,const unsigned char *from,
++                           unsigned char *to, RSA *rsa, int padding,
++                           struct pkc_cookie_s *cookie);
++       int (*rsa_priv_dec_async)(int flen,const unsigned char *from,
++                           unsigned char *to, RSA *rsa, int padding,
++                           struct pkc_cookie_s *cookie);
++       int (*rsa_mod_exp_async)(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
++                           BN_CTX *ctx, struct pkc_cookie_s *cookie);
++       int (*bn_mod_exp_async)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
++                         const BIGNUM *m, BN_CTX *ctx,
++                         BN_MONT_CTX *m_ctx, struct pkc_cookie_s *cookie);
++
+        int (*init)(RSA *rsa);          /* called at new */
+        int (*finish)(RSA *rsa);        /* called at free */
+        int flags;                      /* RSA_METHOD_FLAG_* things */
+-- 
+1.8.3.1
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch b/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
new file mode 100644
index 0000000..5e74298
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
@@ -0,0 +1,153 @@
+From e4fc051f8ae1c093b25ca346c2ec351ff3b700d1 Mon Sep 17 00:00:00 2001
+From: Hou Zhiqiang <B48286@freescale.com>
+Date: Wed, 2 Apr 2014 16:10:43 +0800
+Subject: [PATCH 11/17] Add RSA keygen operation and support gendsa command
+ with hardware engine
+
+Upstream-status: Pending
+
+Signed-off-by: Hou Zhiqiang <B48286@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 118 ++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 118 insertions(+)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 9f2416e..b2919a8 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1906,6 +1906,121 @@ err:
+        return dsaret;
+ }
+ 
++/* Cryptodev RSA Key Gen routine */
++static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
++{
++       struct crypt_kop kop;
++       int ret, fd;
++       int p_len, q_len;
++       int i;
++
++       if ((fd = get_asym_dev_crypto()) < 0)
++               return fd;
++
++       if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
++       if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err;
++       if(!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err;
++       if(!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err;
++       if(!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err;
++       if(!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err;
++       if(!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err;
++       if(!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err;
++
++       BN_copy(rsa->e, e);
++
++       p_len = (bits+1) / (2 * 8);
++       q_len = (bits - p_len * 8) / 8;
++       memset(&kop, 0, sizeof kop);
++       kop.crk_op = CRK_RSA_GENERATE_KEY;
++
++       /* p length */
++       kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
++       if (!kop.crk_param[kop.crk_iparams].crp_p)
++               goto err;
++       kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
++       memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
++       kop.crk_iparams++;
++       kop.crk_oparams++;
++       /* q length */
++       kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
++       if (!kop.crk_param[kop.crk_iparams].crp_p)
++               goto err;
++       kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
++       memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
++       kop.crk_iparams++;
++       kop.crk_oparams++;
++       /* n length */
++       kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + q_len + 1, sizeof(char));
++       if (!kop.crk_param[kop.crk_iparams].crp_p)
++               goto err;
++       kop.crk_param[kop.crk_iparams].crp_nbits = bits;
++       memset(kop.crk_param[kop.crk_iparams].crp_p, 0x00, p_len + q_len + 1);
++       kop.crk_iparams++;
++       kop.crk_oparams++;
++       /* d length */
++       kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + q_len + 1, sizeof(char));
++       if (!kop.crk_param[kop.crk_iparams].crp_p)
++               goto err;
++       kop.crk_param[kop.crk_iparams].crp_nbits = bits;
++       memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + q_len + 1);
++       kop.crk_iparams++;
++       kop.crk_oparams++;
++       /* dp1 length */
++       kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
++       if (!kop.crk_param[kop.crk_iparams].crp_p)
++               goto err;
++       kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
++       memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
++       kop.crk_iparams++;
++       kop.crk_oparams++;
++       /* dq1 length */
++       kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
++       if (!kop.crk_param[kop.crk_iparams].crp_p)
++               goto err;
++       kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
++       memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
++       kop.crk_iparams++;
++       kop.crk_oparams++;
++       /* i length */
++       kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
++       if (!kop.crk_param[kop.crk_iparams].crp_p)
++               goto err;
++       kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
++       memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
++       kop.crk_iparams++;
++       kop.crk_oparams++;
++
++       if (ioctl(fd, CIOCKEY, &kop) == 0) {
++               BN_bin2bn(kop.crk_param[0].crp_p,
++                               p_len, rsa->p);
++               BN_bin2bn(kop.crk_param[1].crp_p,
++                               q_len, rsa->q);
++               BN_bin2bn(kop.crk_param[2].crp_p,
++                               bits / 8, rsa->n);
++               BN_bin2bn(kop.crk_param[3].crp_p,
++                               bits / 8, rsa->d);
++               BN_bin2bn(kop.crk_param[4].crp_p,
++                               p_len, rsa->dmp1);
++               BN_bin2bn(kop.crk_param[5].crp_p,
++                               q_len, rsa->dmq1);
++               BN_bin2bn(kop.crk_param[6].crp_p,
++                               p_len, rsa->iqmp);
++               return 1;
++       }
++sw_try:
++       {
++               const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
++               ret = (meth->rsa_keygen)(rsa, bits, e, cb);
++       }
++       return ret;
++
++err:
++       for (i = 0; i < CRK_MAXPARAM; i++)
++               free(kop.crk_param[i].crp_p);
++       return 0;
++
++}
++
+ /* Cryptodev DSA Key Gen routine */
+ static int cryptodev_dsa_keygen(DSA *dsa)
+ {
+@@ -3896,6 +4011,9 @@ ENGINE_load_cryptodev(void)
+                                cryptodev_rsa.rsa_mod_exp_async =
+                                    cryptodev_rsa_nocrt_mod_exp_async;
+                        }
++                       if (cryptodev_asymfeat & CRF_RSA_GENERATE_KEY)
++                               cryptodev_rsa.rsa_keygen =
++                                       cryptodev_rsa_keygen;
+                }
+        }
+ 
+-- 
+1.8.3.1
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch b/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch
new file mode 100644
index 0000000..4489973
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch
@@ -0,0 +1,64 @@
+From ac777f046da7151386d667391362ecb553ceee90 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Wed, 16 Apr 2014 22:53:04 +0545
+Subject: [PATCH 12/17] RSA Keygen Fix
+
+Upstream-status: Pending
+
+If Kernel driver doesn't support RSA Keygen or same returns
+error handling the keygen operation, the keygen is gracefully
+handled by software supported rsa_keygen handler
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index b2919a8..ed5f20f 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -1915,7 +1915,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+        int i;
+ 
+        if ((fd = get_asym_dev_crypto()) < 0)
+-               return fd;
++               goto sw_try;
+ 
+        if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
+        if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err;
+@@ -1936,7 +1936,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+        /* p length */
+        kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
+        if (!kop.crk_param[kop.crk_iparams].crp_p)
+-               goto err;
++               goto sw_try;
+        kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
+        memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
+        kop.crk_iparams++;
+@@ -1944,7 +1944,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+        /* q length */
+        kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
+        if (!kop.crk_param[kop.crk_iparams].crp_p)
+-               goto err;
++               goto sw_try;
+        kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
+        memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
+        kop.crk_iparams++;
+@@ -2009,8 +2009,10 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+        }
+ sw_try:
+        {
+-               const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+-               ret = (meth->rsa_keygen)(rsa, bits, e, cb);
++               const RSA_METHOD *meth = rsa->meth;
++               rsa->meth = RSA_PKCS1_SSLeay();
++               ret = RSA_generate_key_ex(rsa, bits, e, cb);
++               rsa->meth = meth;
+        }
+        return ret;
+ 
+-- 
+1.8.3.1
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch b/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch
new file mode 100644
index 0000000..183f3fb
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch
@@ -0,0 +1,164 @@
+From 6aaa306cdf878250d7b6eaf30978de313653886b Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Thu, 17 Apr 2014 06:57:59 +0545
+Subject: [PATCH 13/17] Removed local copy of curve_t type
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c    | 34 ++++++++++++++--------------------
+ crypto/engine/eng_cryptodev_ec.h |  7 -------
+ 2 files changed, 14 insertions(+), 27 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index ed5f20f..5d883fa 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -2398,12 +2398,6 @@ static ECDSA_METHOD cryptodev_ecdsa = {
+        NULL    /* app_data */
+ };
+ 
+-typedef enum ec_curve_s
+-{
+-       EC_PRIME,
+-       EC_BINARY
+-} ec_curve_t;
+-
+ /* ENGINE handler for ECDSA Sign */
+ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
+        int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
+@@ -2420,7 +2414,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
+        const BIGNUM   *order = NULL, *priv_key=NULL;
+        const EC_GROUP *group = NULL;
+        struct crypt_kop kop;
+-       ec_curve_t ec_crv = EC_PRIME;
++       enum ec_curve_t ec_crv = EC_PRIME;
+ 
+        memset(&kop, 0, sizeof(kop));
+        ecdsa = ecdsa_check(eckey);
+@@ -2553,7 +2547,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
+                        else
+                                goto err;
+                }
+-               kop.curve_type = ECC_BINARY;
++               kop.curve_type = EC_BINARY;
+        }
+ 
+        /* Calculation of Generator point */
+@@ -2647,7 +2641,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
+        const EC_POINT *pub_key = NULL;
+        const BIGNUM   *order = NULL;
+        const EC_GROUP *group=NULL;
+-       ec_curve_t       ec_crv = EC_PRIME;
++       enum ec_curve_t       ec_crv = EC_PRIME;
+        struct crypt_kop kop;
+ 
+        memset(&kop, 0, sizeof kop);
+@@ -2792,7 +2786,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
+                        else
+                                goto err;
+                }
+-               kop.curve_type = ECC_BINARY;
++               kop.curve_type = EC_BINARY;
+        }
+ 
+        /* Calculation of Generator point */
+@@ -2893,7 +2887,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char  *dgst,
+        const BIGNUM   *order = NULL, *priv_key=NULL;
+        const EC_GROUP *group = NULL;
+        struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
+-       ec_curve_t ec_crv = EC_PRIME;
++       enum ec_curve_t ec_crv = EC_PRIME;
+ 
+        if (!(sig->r = BN_new()) || !kop)
+                goto err;
+@@ -3029,7 +3023,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char  *dgst,
+                        else
+                                goto err;
+                }
+-               kop->curve_type = ECC_BINARY;
++               kop->curve_type = EC_BINARY;
+        }
+ 
+        /* Calculation of Generator point */
+@@ -3105,7 +3099,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len,
+        const EC_POINT *pub_key = NULL;
+        const BIGNUM   *order = NULL;
+        const EC_GROUP *group=NULL;
+-       ec_curve_t       ec_crv = EC_PRIME;
++       enum ec_curve_t       ec_crv = EC_PRIME;
+        struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
+ 
+        if (!kop)
+@@ -3247,7 +3241,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len,
+                /* copy b' i.e c(b), instead of only b */
+                eng_ec_get_cparam (EC_GROUP_get_curve_name(group),
+                        ab+q_len, q_len);
+-               kop->curve_type = ECC_BINARY;
++               kop->curve_type = EC_BINARY;
+        }
+ 
+        /* Calculation of Generator point */
+@@ -3552,7 +3546,7 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
+        const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
+        void *out, size_t *outlen))
+ {
+-       ec_curve_t       ec_crv = EC_PRIME;
++       enum ec_curve_t       ec_crv = EC_PRIME;
+        unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
+        BIGNUM         * w_x = NULL, *w_y = NULL;
+        int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
+@@ -3678,9 +3672,9 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
+                        else
+                                goto err;
+                }
+-               kop.curve_type = ECC_BINARY;
++               kop.curve_type = EC_BINARY;
+        } else
+-               kop.curve_type = ECC_PRIME;
++               kop.curve_type = EC_PRIME;
+ 
+        priv_key_len = r_len;
+ 
+@@ -3729,7 +3723,7 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
+        const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
+        void *out, size_t *outlen), struct pkc_cookie_s *cookie)
+ {
+-       ec_curve_t       ec_crv = EC_PRIME;
++       enum ec_curve_t       ec_crv = EC_PRIME;
+        unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
+        BIGNUM         * w_x = NULL, *w_y = NULL;
+        int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
+@@ -3857,9 +3851,9 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
+                        else
+                                goto err;
+                }
+-               kop->curve_type = ECC_BINARY;
++               kop->curve_type = EC_BINARY;
+        } else
+-               kop->curve_type = ECC_PRIME;
++               kop->curve_type = EC_PRIME;
+ 
+        priv_key_len = r_len;
+ 
+diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h
+index 77aee71..a4b8da5 100644
+--- a/crypto/engine/eng_cryptodev_ec.h
++++ b/crypto/engine/eng_cryptodev_ec.h
+@@ -286,11 +286,4 @@ static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y,
+ 
+        return xy;
+ }
+-
+-enum curve_t {
+-       DISCRETE_LOG,
+-       ECC_PRIME,
+-       ECC_BINARY,
+-       MAX_ECC_TYPE
+-};
+ #endif
+-- 
+1.8.3.1
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch b/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch
new file mode 100644
index 0000000..46846f8
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch
@@ -0,0 +1,43 @@
+From 14623ca9e417ccef1ad3f4138acfac0ebe682f1f Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Tue, 22 Apr 2014 22:58:33 +0545
+Subject: [PATCH 14/17] Modulus parameter is not populated by dhparams
+
+Upstream-status: Pending
+
+When dhparams are created, modulus parameter required for
+private key generation is not populated. So, falling back
+to software for proper population of modulus parameters followed
+by private key generation
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 5d883fa..6d69336 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -3364,7 +3364,7 @@ static int cryptodev_dh_keygen_async(DH *dh,  struct pkc_cookie_s *cookie)
+        kop->crk_op = CRK_DH_GENERATE_KEY;
+        if (bn2crparam(dh->p, &kop->crk_param[0]))
+                goto sw_try;
+-       if (bn2crparam(dh->q, &kop->crk_param[1]))
++       if (!dh->q || bn2crparam(dh->q, &kop->crk_param[1]))
+                goto sw_try;
+        kop->crk_param[2].crp_p = g;
+        kop->crk_param[2].crp_nbits = g_len * 8;
+@@ -3419,7 +3419,7 @@ static int cryptodev_dh_keygen(DH *dh)
+        kop.crk_op = CRK_DH_GENERATE_KEY;
+        if (bn2crparam(dh->p, &kop.crk_param[0]))
+                goto sw_try;
+-       if (bn2crparam(dh->q, &kop.crk_param[1]))
++       if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1]))
+                goto sw_try;
+        kop.crk_param[2].crp_p = g;
+        kop.crk_param[2].crp_nbits = g_len * 8;
+-- 
+1.8.3.1
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch b/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch
new file mode 100644
index 0000000..c20f9d7
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch
@@ -0,0 +1,53 @@
+From 10be401a33e6ebcc325d6747914c70595cd53d0a Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Thu, 24 Apr 2014 00:35:34 +0545
+Subject: [PATCH 15/17] SW Backoff mechanism for dsa keygen
+
+Upstream-status: Pending
+
+DSA Keygen is not handled in default openssl dsa method. Due to
+same null function pointer in SW DSA method, the backoff for dsa
+keygen gives segmentation fault.
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 6d69336..dab8fea 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -2069,8 +2069,10 @@ static int cryptodev_dsa_keygen(DSA *dsa)
+        return ret;
+ sw_try:
+        {
+-               const DSA_METHOD *meth = DSA_OpenSSL();
+-               ret = (meth->dsa_keygen)(dsa);
++               const DSA_METHOD *meth = dsa->meth;
++               dsa->meth = DSA_OpenSSL();
++               ret = DSA_generate_key(dsa);
++               dsa->meth = meth;
+        }
+        return ret;
+ }
+@@ -2124,11 +2126,13 @@ static int cryptodev_dsa_keygen_async(DSA *dsa,  struct pkc_cookie_s *cookie)
+        return ret;
+ sw_try:
+        {
+-               const DSA_METHOD *meth = DSA_OpenSSL();
++               const DSA_METHOD *meth = dsa->meth;
+ 
++               dsa->meth = DSA_OpenSSL();
+                if (kop)
+                        free(kop);
+-               ret = (meth->dsa_keygen)(dsa);
++               ret = DSA_generate_key(dsa);
++               dsa->meth = meth;
+                cookie->pkc_callback(cookie, 0);
+        }
+        return ret;
+-- 
+1.8.3.1
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch b/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch
new file mode 100644
index 0000000..abcc2ef
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch
@@ -0,0 +1,100 @@
+From d2c868c6370bcc0d0a254e641907da2cdf992d62 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Thu, 1 May 2014 06:35:45 +0545
+Subject: [PATCH 16/17] Fixed DH keygen pair generator
+
+Upstream-status: Pending
+
+Wrong Padding results into keygen length error
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 50 ++++++++++++++++++++++++++++---------------
+ 1 file changed, 33 insertions(+), 17 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index dab8fea..13d924f 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -3396,44 +3396,60 @@ sw_try:
+ static int cryptodev_dh_keygen(DH *dh)
+ {
+        struct crypt_kop kop;
+-       int ret = 1, g_len;
+-       unsigned char *g = NULL;
++       int ret = 1, q_len = 0;
++       unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL;
++       BIGNUM *pub_key = NULL, *priv_key = NULL;
++       int generate_new_key = 1;
+ 
+-       if (dh->priv_key == NULL)       {
+-               if ((dh->priv_key=BN_new()) == NULL)
+-                       goto sw_try;
+-       }
++       if (dh->priv_key)
++               priv_key = dh->priv_key;
+ 
+-       if (dh->pub_key == NULL) {
+-               if ((dh->pub_key=BN_new()) == NULL)
+-                       goto sw_try;
+-       }
++       if (dh->pub_key)
++               pub_key = dh->pub_key;
+ 
+-       g_len = BN_num_bytes(dh->p);
++       q_len = BN_num_bytes(dh->p);
+        /**
+         * Get generator into a plain buffer. If length is less than
+         * q_len then add leading padding bytes.
+         */
+-       if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
++       if (spcf_bn2bin_ex(dh->g, &g, &q_len)) {
++               DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
++               goto sw_try;
++       }
++
++       if (spcf_bn2bin_ex(dh->p, &q, &q_len)) {
+                DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
+                goto sw_try;
+        }
+ 
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_DH_GENERATE_KEY;
+-       if (bn2crparam(dh->p, &kop.crk_param[0]))
+-               goto sw_try;
++       kop.crk_param[0].crp_p = q;
++       kop.crk_param[0].crp_nbits = q_len * 8;
+        if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1]))
+                goto sw_try;
+        kop.crk_param[2].crp_p = g;
+-       kop.crk_param[2].crp_nbits = g_len * 8;
++       kop.crk_param[2].crp_nbits = q_len * 8;
+        kop.crk_iparams = 3;
+ 
++       s = OPENSSL_malloc (q_len);
++       if (!s) {
++               DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
++               goto sw_try;
++       }
++
++       w = OPENSSL_malloc (q_len);
++       if (!w) {
++               DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
++               goto sw_try;
++       }
++
+        /* pub_key is or prime length while priv key is of length of order */
+-       if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
+-           BN_num_bytes(dh->q), dh->priv_key))
++       if (cryptodev_asym(&kop, q_len, w, q_len, s))
+            goto sw_try;
+ 
++       dh->pub_key = BN_bin2bn(w, q_len, pub_key);
++       dh->pub_key = BN_bin2bn(s, q_len, priv_key);
+        return ret;
+ sw_try:
+        {
+-- 
+1.8.3.1
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch b/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
new file mode 100644
index 0000000..a71bb45
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
@@ -0,0 +1,309 @@
+From 11b55103463bac614e00d74e9f196ec4ec6bade1 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Mon, 16 Jun 2014 14:06:21 +0300
+Subject: [PATCH 17/17] cryptodev: add support for aes-gcm algorithm offloading
+
+Change-Id: I3b77dc5ef8b8f707309549244a02852d95b36168
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/17226
+---
+ apps/speed.c                  |   6 +-
+ crypto/engine/eng_cryptodev.c | 229 +++++++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 233 insertions(+), 2 deletions(-)
+
+diff --git a/apps/speed.c b/apps/speed.c
+index 9886ca3..099dede 100644
+--- a/apps/speed.c
++++ b/apps/speed.c
+@@ -224,7 +224,11 @@
+ #endif
+ 
+ #undef BUFSIZE
+-#define BUFSIZE        ((long)1024*8+1)
++/* The buffer overhead allows GCM tag at the end of the encrypted data. This
++   avoids buffer overflows from cryptodev since Linux kernel GCM
++   implementation allways adds the tag - unlike e_aes.c:aes_gcm_cipher()
++   which doesn't */
++#define BUFSIZE        ((long)1024*8 + EVP_GCM_TLS_TAG_LEN)
+ int run=0;
+ 
+ static int mr=0;
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 13d924f..4493490 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -78,8 +78,10 @@ struct dev_crypto_state {
+        struct session_op d_sess;
+        int d_fd;
+        unsigned char *aad;
+-       unsigned int aad_len;
++       int aad_len;
+        unsigned int len;
++       unsigned char *iv;
++       int ivlen;
+ 
+ #ifdef USE_CRYPTODEV_DIGESTS
+        char dummy_mac_key[HASH_MAX_LEN];
+@@ -251,6 +253,7 @@ static struct {
+        { CRYPTO_SKIPJACK_CBC,  NID_undef,        0,  0,  0},
+        { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
+        { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
++       { CRYPTO_AES_GCM,       NID_aes_128_gcm,  16, 16, 0},
+        { 0, NID_undef, 0, 0, 0},
+ };
+ 
+@@ -271,6 +274,19 @@ static struct {
+ };
+ #endif
+ 
++/* increment counter (64-bit int) by 1 */
++static void ctr64_inc(unsigned char *counter) {
++       int n=8;
++       unsigned char  c;
++
++       do {
++               --n;
++               c = counter[n];
++               ++c;
++               counter[n] = c;
++               if (c) return;
++       } while (n);
++}
+ /*
+  * Return a fd if /dev/crypto seems usable, 0 otherwise.
+  */
+@@ -762,6 +778,197 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+        }
+ }
+ 
++static int cryptodev_init_gcm_key(EVP_CIPHER_CTX *ctx,
++       const unsigned char *key, const unsigned char *iv, int enc)
++{
++       struct dev_crypto_state *state = ctx->cipher_data;
++       struct session_op *sess = &state->d_sess;
++       int cipher = -1, i;
++       if (!iv && !key)
++               return 1;
++
++       if (iv)
++               memcpy(ctx->iv, iv, ctx->cipher->iv_len);
++
++       for (i = 0; ciphers[i].id; i++)
++               if (ctx->cipher->nid == ciphers[i].nid &&
++                   ctx->cipher->iv_len <= ciphers[i].ivmax &&
++                   ctx->key_len == ciphers[i].keylen) {
++                       cipher = ciphers[i].id;
++                       break;
++               }
++
++       if (!ciphers[i].id) {
++               state->d_fd = -1;
++               return 0;
++       }
++
++       memset(sess, 0, sizeof(struct session_op));
++
++       if ((state->d_fd = get_dev_crypto()) < 0)
++               return 0;
++
++       sess->key = (unsigned char *) key;
++       sess->keylen = ctx->key_len;
++       sess->cipher = cipher;
++
++       if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
++               put_dev_crypto(state->d_fd);
++               state->d_fd = -1;
++               return 0;
++       }
++       return 1;
++}
++
++static int cryptodev_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++               const unsigned char *in, size_t len)
++{
++       struct crypt_auth_op cryp = {0};
++       struct dev_crypto_state *state = ctx->cipher_data;
++       struct session_op *sess = &state->d_sess;
++       int rv = len;
++
++       if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ?
++                       EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
++                       EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
++               return 0;
++
++       in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
++       out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
++       len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
++
++       if (ctx->encrypt) {
++               len -= EVP_GCM_TLS_TAG_LEN;
++       }
++       cryp.ses = sess->ses;
++       cryp.len = len;
++       cryp.src = (unsigned char*) in;
++       cryp.dst = out;
++       cryp.auth_src = state->aad;
++       cryp.auth_len = state->aad_len;
++       cryp.iv = ctx->iv;
++       cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
++
++       if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
++               return 0;
++       }
++
++       if (ctx->encrypt)
++               ctr64_inc(state->iv + state->ivlen - 8);
++       else
++               rv = len - EVP_GCM_TLS_TAG_LEN;
++
++       return rv;
++}
++
++static int cryptodev_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++               const unsigned char *in, size_t len)
++{
++       struct crypt_auth_op cryp;
++       struct dev_crypto_state *state = ctx->cipher_data;
++       struct session_op *sess = &state->d_sess;
++
++       if (state->d_fd < 0)
++               return 0;
++
++       if ((len % ctx->cipher->block_size) != 0)
++               return 0;
++
++       if (state->aad_len >= 0)
++               return cryptodev_gcm_tls_cipher(ctx, out, in, len);
++
++       memset(&cryp, 0, sizeof(cryp));
++
++       cryp.ses = sess->ses;
++       cryp.len = len;
++       cryp.src = (unsigned char*) in;
++       cryp.dst = out;
++       cryp.auth_src = NULL;
++       cryp.auth_len = 0;
++       cryp.iv = ctx->iv;
++       cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
++
++       if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
++               return 0;
++       }
++
++       return len;
++}
++
++static int cryptodev_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
++               void *ptr)
++{
++       struct dev_crypto_state *state = ctx->cipher_data;
++       switch (type) {
++       case EVP_CTRL_INIT:
++       {
++               state->ivlen = ctx->cipher->iv_len;
++               state->iv = ctx->iv;
++               state->aad_len = -1;
++               return 1;
++       }
++       case EVP_CTRL_GCM_SET_IV_FIXED:
++       {
++               /* Special case: -1 length restores whole IV */
++               if (arg == -1)
++                       {
++                       memcpy(state->iv, ptr, state->ivlen);
++                       return 1;
++                       }
++               /* Fixed field must be at least 4 bytes and invocation field
++                * at least 8.
++                */
++               if ((arg < 4) || (state->ivlen - arg) < 8)
++                       return 0;
++               if (arg)
++                       memcpy(state->iv, ptr, arg);
++               if (ctx->encrypt &&
++                       RAND_bytes(state->iv + arg, state->ivlen - arg) <= 0)
++                       return 0;
++               return 1;
++       }
++       case EVP_CTRL_AEAD_TLS1_AAD:
++       {
++               unsigned int len;
++               if (arg != 13)
++                       return 0;
++
++               memcpy(ctx->buf, ptr, arg);
++               len=ctx->buf[arg-2] << 8 | ctx->buf[arg-1];
++
++               /* Correct length for explicit IV */
++               len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
++
++               /* If decrypting correct for tag too */
++               if (!ctx->encrypt)
++                       len -= EVP_GCM_TLS_TAG_LEN;
++
++               ctx->buf[arg-2] = len >> 8;
++               ctx->buf[arg-1] = len & 0xff;
++
++               state->aad = ctx->buf;
++               state->aad_len = arg;
++               state->len = len;
++
++               /* Extra padding: tag appended to record */
++               return EVP_GCM_TLS_TAG_LEN;
++       }
++       case EVP_CTRL_GCM_SET_IV_INV:
++       {
++               if (ctx->encrypt)
++                       return 0;
++               memcpy(state->iv + state->ivlen - arg, ptr, arg);
++               return 1;
++       }
++       case EVP_CTRL_GCM_IV_GEN:
++               if (arg <= 0 || arg > state->ivlen)
++                       arg = state->ivlen;
++               memcpy(ptr, state->iv + state->ivlen - arg, arg);
++               return 1;
++       default:
++               return -1;
++       }
++}
+ /*
+  * libcrypto EVP stuff - this is how we get wired to EVP so the engine
+  * gets called when libcrypto requests a cipher NID.
+@@ -901,6 +1108,23 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
+        cryptodev_cbc_hmac_sha1_ctrl,
+        NULL
+ };
++
++const EVP_CIPHER cryptodev_aes_128_gcm = {
++       NID_aes_128_gcm,
++       1, 16, 12,
++       EVP_CIPH_GCM_MODE | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1 \
++       | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
++       | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT,
++       cryptodev_init_gcm_key,
++       cryptodev_gcm_cipher,
++       cryptodev_cleanup,
++       sizeof(struct dev_crypto_state),
++       EVP_CIPHER_set_asn1_iv,
++       EVP_CIPHER_get_asn1_iv,
++       cryptodev_gcm_ctrl,
++       NULL
++};
++
+ /*
+  * Registered by the ENGINE when used to find out how to deal with
+  * a particular NID in the ENGINE. this says what we'll do at the
+@@ -944,6 +1168,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+        case NID_aes_256_cbc_hmac_sha1:
+                *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
+                break;
++       case NID_aes_128_gcm:
++               *cipher = &cryptodev_aes_128_gcm;
++               break;
+        default:
+                *cipher = NULL;
+                break;
+-- 
+1.8.3.1
+
diff --git a/recipes-connectivity/openssl/openssl.inc b/recipes-connectivity/openssl/openssl.inc
new file mode 100644
index 0000000..0e82606
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl.inc
@@ -0,0 +1,203 @@
+SUMMARY = "Secure Socket Layer"
+DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
+HOMEPAGE = "http://www.openssl.org/"
+BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
+SECTION = "libs/network"
+
+# "openssl | SSLeay" dual license
+LICENSE = "openssl"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
+
+DEPENDS = "perl-native-runtime"
+DEPENDS_append_class-target = " openssl-native"
+
+SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
+          "
+S = "${WORKDIR}/openssl-${PV}"
+
+PACKAGECONFIG[perl] = ",,,"
+
+AR_append = " r"
+# Avoid binaries being marked as requiring an executable stack since it 
+# doesn't(which causes and this causes issues with SELinux
+CFLAG = "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
+        -DTERMIO ${CFLAGS} -Wall -Wa,--noexecstack"
+
+# -02 does not work on mipsel: ssh hangs when it tries to read /dev/urandom
+CFLAG_mtx-1 := "${@'${CFLAG}'.replace('-O2', '')}"
+CFLAG_mtx-2 := "${@'${CFLAG}'.replace('-O2', '')}"
+
+export DIRS = "crypto ssl apps"
+export EX_LIBS = "-lgcc -ldl"
+export AS = "${CC} -c"
+
+inherit pkgconfig siteinfo multilib_header ptest
+
+PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf"
+FILES_libcrypto = "${base_libdir}/libcrypto${SOLIBS}"
+FILES_libssl = "${libdir}/libssl.so.*"
+FILES_${PN} =+ " ${libdir}/ssl/*"
+FILES_${PN}-misc = "${libdir}/ssl/misc ${bindir}/c_rehash"
+RDEPENDS_${PN}-misc = "${@base_contains('PACKAGECONFIG', 'perl', 'perl', '', d)}"
+FILES_${PN}-dev += "${base_libdir}/libcrypto${SOLIBSDEV}"
+
+# Add the openssl.cnf file to the openssl-conf package.  Make the libcrypto
+# package RRECOMMENDS on this package.  This will enable the configuration
+# file to be installed for both the base openssl package and the libcrypto
+# package since the base openssl package depends on the libcrypto package.
+FILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
+CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
+RRECOMMENDS_libcrypto += "openssl-conf"
+RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
+
+do_configure_prepend_darwin () {
+        sed -i -e '/version-script=openssl\.ld/d' Configure
+}
+
+do_configure () {
+        cd util
+        perl perlpath.pl ${STAGING_BINDIR_NATIVE}
+        cd ..
+        ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
+
+        os=${HOST_OS}
+        if [ "x$os" = "xlinux-uclibc" ]; then
+                os=linux
+        elif [ "x$os" = "xlinux-uclibceabi" ]; then
+                os=linux
+        elif [ "x$os" = "xlinux-uclibcspe" ]; then
+                os=linux
+        elif [ "x$os" = "xlinux-gnuspe" ]; then
+                os=linux
+        elif [ "x$os" = "xlinux-gnueabi" ]; then
+                os=linux
+        fi
+        target="$os-${HOST_ARCH}"
+        case $target in
+        linux-arm)
+                target=linux-armv4
+                ;;
+        linux-armeb)
+                target=linux-elf-armeb
+                ;;
+        linux-aarch64*)
+                target=linux-generic64
+                ;;
+        linux-sh3)
+                target=debian-sh3
+                ;;
+        linux-sh4)
+                target=debian-sh4
+                ;;
+        linux-i486)
+                target=debian-i386-i486
+                ;;
+        linux-i586 | linux-viac3)
+                target=debian-i386-i586
+                ;;
+        linux-i686)
+                target=debian-i386-i686/cmov
+                ;;
+        linux-gnux32-x86_64)
+                target=linux-x32
+                ;;
+        linux-gnu64-x86_64)
+                target=linux-x86_64
+                ;;
+        linux-mips)
+                target=debian-mips
+                ;;
+        linux-mipsel)
+                target=debian-mipsel
+                ;;
+        linux-*-mips64)
+               target=linux-mips
+                ;;
+        linux-powerpc)
+                target=linux-ppc
+                ;;
+        linux-powerpc64)
+                target=linux-ppc64
+                ;;
+        linux-supersparc)
+                target=linux-sparcv8
+                ;;
+        linux-sparc)
+                target=linux-sparcv8
+                ;;
+        darwin-i386)
+                target=darwin-i386-cc
+                ;;
+        esac
+        # inject machine-specific flags
+        sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure
+        useprefix=${prefix}
+        if [ "x$useprefix" = "x" ]; then
+                useprefix=/
+        fi        
+        perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target
+}
+
+do_compile_prepend_class-target () {
+    sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
+}
+
+do_compile () {
+        oe_runmake
+}
+
+do_compile_ptest () {
+        oe_runmake buildtest
+}
+
+do_install () {
+        oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install
+
+        oe_libinstall -so libcrypto ${D}${libdir}
+        oe_libinstall -so libssl ${D}${libdir}
+
+        # Moving libcrypto to /lib
+        if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then
+                mkdir -p ${D}/${base_libdir}/
+                mv ${D}${libdir}/libcrypto* ${D}${base_libdir}/
+                sed -i s#libdir=\$\{exec_prefix\}\/lib#libdir=${base_libdir}# ${D}/${libdir}/pkgconfig/libcrypto.pc
+        fi
+
+        install -d ${D}${includedir}
+        cp --dereference -R include/openssl ${D}${includedir}
+
+        oe_multilib_header openssl/opensslconf.h
+        if [ "${@base_contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then
+                install -m 0755 ${S}/tools/c_rehash ${D}${bindir}
+                sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${bindir}/c_rehash
+                sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
+                sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
+                # The c_rehash utility isn't installed by the normal installation process.
+        else
+                rm -f ${D}${bindir}/c_rehash
+                rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
+        fi
+}
+
+do_install_ptest () {
+        cp -r Makefile test ${D}${PTEST_PATH}
+        cp -r certs ${D}${PTEST_PATH}
+        mkdir -p ${D}${PTEST_PATH}/apps
+        ln -sf /usr/lib/ssl/misc/CA.sh  ${D}${PTEST_PATH}/apps
+        ln -sf /usr/lib/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
+        ln -sf /usr/bin/openssl         ${D}${PTEST_PATH}/apps
+        cp apps/server2.pem             ${D}${PTEST_PATH}/apps
+        mkdir -p ${D}${PTEST_PATH}/util
+        install util/opensslwrap.sh    ${D}${PTEST_PATH}/util
+        install util/shlib_wrap.sh     ${D}${PTEST_PATH}/util
+}
+
+do_install_append_virtclass-native() {
+        create_wrapper ${D}${bindir}/openssl \
+            OPENSSL_CONF=${libdir}/ssl/openssl.cnf \
+            SSL_CERT_DIR=${libdir}/ssl/certs \
+            SSL_CERT_FILE=${libdir}/ssl/cert.pem \
+            OPENSSL_ENGINES=${libdir}/ssl/engines
+}
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch b/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch
new file mode 100644
index 0000000..ac53a91
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch
@@ -0,0 +1,75 @@
+Add 'buildtest' and 'runtest' targets to Makefile, to build and run tests
+cross-compiled.
+
+Signed-off-by: Anders Roxell <anders.roxell@enea.com>
+Signed-off-by: Maxin B. John <maxin.john@enea.com>
+Upstream-Status: Pending
+---
+diff -uNr a/Makefile b/Makefile
+--- a/Makefile.org      2012-05-10 17:06:02.000000000 +0200
++++ b/Makefile.org      2012-10-27 00:05:55.359424024 +0200
+@@ -411,8 +411,16 @@
+ test:   tests
+ 
+ tests: rehash
++       $(MAKE) buildtest
++       $(MAKE) runtest
++
++buildtest:
++       @(cd test && \
++       $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf exe apps);
++
++runtest:
+        @(cd test && echo "testing..." && \
+-       $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
++       $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf alltests );
+        OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
+ 
+ report:
+diff --git a/test/Makefile b/test/Makefile
+index 3912f82..1696767 100644
+--- a/test/Makefile
++++ b/test/Makefile
+@@ -128,7 +128,7 @@ tests:      exe apps $(TESTS)
+ apps:
+        @(cd ..; $(MAKE) DIRS=apps all)
+ 
+-alltests: \
++all-tests= \
+        test_des test_idea test_sha test_md4 test_md5 test_hmac \
+        test_md2 test_mdc2 test_wp \
+        test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
+@@ -138,6 +138,11 @@ alltests: \
+        test_ss test_ca test_engine test_evp test_ssl test_tsa test_ige \
+        test_jpake test_cms
+ 
++alltests:
++       @(for i in $(all-tests); do \
++       ( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \
++       done)
++
+ test_evp:
+        ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
+ 
+@@ -203,7 +208,7 @@ test_x509:
+        echo test second x509v3 certificate
+        sh ./tx509 v3-cert2.pem 2>/dev/null
+ 
+-test_rsa: $(RSATEST)$(EXE_EXT)
++test_rsa:
+        @sh ./trsa 2>/dev/null
+        ../util/shlib_wrap.sh ./$(RSATEST)
+ 
+@@ -298,11 +303,11 @@ test_tsa:
+          sh ./testtsa; \
+        fi
+ 
+-test_ige: $(IGETEST)$(EXE_EXT)
++test_ige:
+        @echo "Test IGE mode"
+        ../util/shlib_wrap.sh ./$(IGETEST)
+ 
+-test_jpake: $(JPAKETEST)$(EXE_EXT)
++test_jpake:
+        @echo "Test JPAKE"
+        ../util/shlib_wrap.sh ./$(JPAKETEST)
diff --git a/recipes-connectivity/openssl/openssl/configure-targets.patch b/recipes-connectivity/openssl/openssl/configure-targets.patch
new file mode 100644
index 0000000..c1f3d08
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/configure-targets.patch
@@ -0,0 +1,34 @@
+Upstream-Status: Inappropriate [embedded specific]
+
+The number of colons are important :)
+
+
+---
+ Configure |   16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+--- a/Configure
++++ b/Configure
+@@ -403,6 +403,22 @@ my %table=(
+ "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+ "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+ 
++ # Linux on ARM
++"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++
++"linux-avr32","$ENV{'CC'}:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
++
++#### Linux on MIPS/MIPS64
++"linux-mips","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++
+ # Android: linux-* but without -DTERMIO and pointers to headers and libs.
+ "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch b/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
new file mode 100644
index 0000000..ac1b19b
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
@@ -0,0 +1,45 @@
+Upstream-Status: Backport [debian]
+
+From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001
+From: Ludwig Nussel <ludwig.nussel@suse.de>
+Date: Wed, 21 Apr 2010 15:52:10 +0200
+Subject: [PATCH] also create old hash for compatibility
+
+---
+ tools/c_rehash.in |    8 +++++++-
+ 1 files changed, 7 insertions(+), 1 deletions(-)
+
+Index: openssl-1.0.0d/tools/c_rehash.in
+===================================================================
+--- openssl-1.0.0d.orig/tools/c_rehash.in       2011-04-13 20:41:28.000000000 +0000
++++ openssl-1.0.0d/tools/c_rehash.in    2011-04-13 20:41:28.000000000 +0000
+@@ -86,6 +86,7 @@
+                        }
+                }
+                link_hash_cert($fname) if($cert);
++               link_hash_cert_old($fname) if($cert);
+                link_hash_crl($fname) if($crl);
+        }
+ }
+@@ -119,8 +120,9 @@
+ 
+ sub link_hash_cert {
+                my $fname = $_[0];
++               my $hashopt = $_[1] || '-subject_hash';
+                $fname =~ s/'/'\\''/g;
+-               my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`;
++               my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$fname"`;
+                chomp $hash;
+                chomp $fprint;
+                $fprint =~ s/^.*=//;
+@@ -150,6 +152,10 @@
+                $hashlist{$hash} = $fprint;
+ }
+ 
++sub link_hash_cert_old {
++               link_hash_cert($_[0], '-subject_hash_old');
++}
++
+ # Same as above except for a CRL. CRL links are of the form <hash>.r<n>
+ 
+ sub link_hash_crl {
diff --git a/recipes-connectivity/openssl/openssl/debian/ca.patch b/recipes-connectivity/openssl/openssl/debian/ca.patch
new file mode 100644
index 0000000..aba4d42
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/debian/ca.patch
@@ -0,0 +1,22 @@
+Upstream-Status: Backport [debian]
+
+Index: openssl-0.9.8m/apps/CA.pl.in
+===================================================================
+--- openssl-0.9.8m.orig/apps/CA.pl.in   2006-04-28 00:28:51.000000000 +0000
++++ openssl-0.9.8m/apps/CA.pl.in        2010-02-27 00:36:51.000000000 +0000
+@@ -65,6 +65,7 @@
+ foreach (@ARGV) {
+        if ( /^(-\?|-h|-help)$/ ) {
+            print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
++           print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
+            exit 0;
+        } elsif (/^-newcert$/) {
+            # create a certificate
+@@ -165,6 +166,7 @@
+        } else {
+            print STDERR "Unknown arg $_\n";
+            print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
++           print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
+            exit 1;
+        }
+ }
diff --git a/recipes-connectivity/openssl/openssl/debian/debian-targets.patch b/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
new file mode 100644
index 0000000..8101edf
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
@@ -0,0 +1,66 @@
+Upstream-Status: Backport [debian]
+
+Index: openssl-1.0.1/Configure
+===================================================================
+--- openssl-1.0.1.orig/Configure        2012-03-17 15:37:54.000000000 +0000
++++ openssl-1.0.1/Configure     2012-03-17 16:13:49.000000000 +0000
+@@ -105,6 +105,10 @@
+ 
+ my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
+ 
++# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS
++my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall";
++$debian_cflags =~ s/\n/ /g;
++
+ my $strict_warnings = 0;
+ 
+ my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
+@@ -338,6 +342,48 @@
+ "osf1-alpha-cc",  "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
+ "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
+ 
++# Debian GNU/* (various architectures)
++"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-armeb","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
++"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-kfreebsd-i386","gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-hppa","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-hurd-i386","gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -mtune=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-ia64","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-i386","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-i386-i486","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-i386-i586","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i586::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-i386-i686/cmov","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i686::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mips",   "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mipsel",   "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-netbsd-i386",  "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-netbsd-m68k",  "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-openbsd-i386",  "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
++"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sh3",   "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sh4",   "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sh3eb",   "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sh4eb",   "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-m32r","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sparc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++
+ ####
+ #### Variety of LINUX:-)
+ ####
diff --git a/recipes-connectivity/openssl/openssl/debian/make-targets.patch b/recipes-connectivity/openssl/openssl/debian/make-targets.patch
new file mode 100644
index 0000000..ee0a62c
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/debian/make-targets.patch
@@ -0,0 +1,15 @@
+Upstream-Status: Backport [debian]
+
+Index: openssl-1.0.1/Makefile.org
+===================================================================
+--- openssl-1.0.1.orig/Makefile.org     2012-03-17 09:41:07.000000000 +0000
++++ openssl-1.0.1/Makefile.org  2012-03-17 09:41:21.000000000 +0000
+@@ -135,7 +135,7 @@
+ 
+ BASEADDR=
+ 
+-DIRS=   crypto ssl engines apps test tools
++DIRS=   crypto ssl engines apps tools
+ ENGDIRS= ccgost
+ SHLIBDIRS= crypto ssl
+ 
diff --git a/recipes-connectivity/openssl/openssl/debian/man-dir.patch b/recipes-connectivity/openssl/openssl/debian/man-dir.patch
new file mode 100644
index 0000000..4085e3b
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/debian/man-dir.patch
@@ -0,0 +1,15 @@
+Upstream-Status: Backport [debian]
+
+Index: openssl-1.0.0c/Makefile.org
+===================================================================
+--- openssl-1.0.0c.orig/Makefile.org    2010-12-12 16:11:27.000000000 +0100
++++ openssl-1.0.0c/Makefile.org 2010-12-12 16:11:37.000000000 +0100
+@@ -131,7 +131,7 @@
+ 
+ MAKEFILE= Makefile
+ 
+-MANDIR=$(OPENSSLDIR)/man
++MANDIR=/usr/share/man
+ MAN1=1
+ MAN3=3
+ MANSUFFIX=
diff --git a/recipes-connectivity/openssl/openssl/debian/man-section.patch b/recipes-connectivity/openssl/openssl/debian/man-section.patch
new file mode 100644
index 0000000..21c1d1a
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/debian/man-section.patch
@@ -0,0 +1,34 @@
+Upstream-Status: Backport [debian]
+
+Index: openssl-1.0.0c/Makefile.org
+===================================================================
+--- openssl-1.0.0c.orig/Makefile.org    2010-12-12 16:11:37.000000000 +0100
++++ openssl-1.0.0c/Makefile.org 2010-12-12 16:13:28.000000000 +0100
+@@ -160,7 +160,8 @@
+ MANDIR=/usr/share/man
+ MAN1=1
+ MAN3=3
+-MANSUFFIX=
++MANSUFFIX=ssl
++MANSECTION=SSL
+ HTMLSUFFIX=html
+ HTMLDIR=$(OPENSSLDIR)/html
+ SHELL=/bin/sh
+@@ -651,7 +652,7 @@
+                echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+                (cd `$(PERL) util/dirname.pl $$i`; \
+                sh -c "$$pod2man \
+-                       --section=$$sec --center=OpenSSL \
++                       --section=$${sec}$(MANSECTION) --center=OpenSSL \
+                        --release=$(VERSION) `basename $$i`") \
+                        >  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+                $(PERL) util/extract-names.pl < $$i | \
+@@ -668,7 +669,7 @@
+                echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+                (cd `$(PERL) util/dirname.pl $$i`; \
+                sh -c "$$pod2man \
+-                       --section=$$sec --center=OpenSSL \
++                       --section=$${sec}$(MANSECTION) --center=OpenSSL \
+                        --release=$(VERSION) `basename $$i`") \
+                        >  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+                $(PERL) util/extract-names.pl < $$i | \
diff --git a/recipes-connectivity/openssl/openssl/debian/no-rpath.patch b/recipes-connectivity/openssl/openssl/debian/no-rpath.patch
new file mode 100644
index 0000000..1ccb3b8
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/debian/no-rpath.patch
@@ -0,0 +1,15 @@
+Upstream-Status: Backport [debian]
+
+Index: openssl-1.0.0c/Makefile.shared
+===================================================================
+--- openssl-1.0.0c.orig/Makefile.shared 2010-08-21 13:36:49.000000000 +0200
++++ openssl-1.0.0c/Makefile.shared      2010-12-12 16:13:36.000000000 +0100
+@@ -153,7 +153,7 @@
+        NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+        SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+ 
+-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
++DO_GNU_APP=LDFLAGS="$(CFLAGS)"
+ 
+ #This is rather special.  It's a special target with which one can link
+ #applications without bothering with any features that have anything to
diff --git a/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch b/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch
new file mode 100644
index 0000000..cc4408a
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch
@@ -0,0 +1,15 @@
+Upstream-Status: Backport [debian]
+
+Index: openssl-1.0.0c/Makefile.shared
+===================================================================
+--- openssl-1.0.0c.orig/Makefile.shared 2010-12-12 16:13:36.000000000 +0100
++++ openssl-1.0.0c/Makefile.shared      2010-12-12 16:13:44.000000000 +0100
+@@ -151,7 +151,7 @@
+        SHLIB_SUFFIX=; \
+        ALLSYMSFLAGS='-Wl,--whole-archive'; \
+        NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+-       SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
++       SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+ 
+ DO_GNU_APP=LDFLAGS="$(CFLAGS)"
+ 
diff --git a/recipes-connectivity/openssl/openssl/debian/pic.patch b/recipes-connectivity/openssl/openssl/debian/pic.patch
new file mode 100644
index 0000000..bfda388
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/debian/pic.patch
@@ -0,0 +1,177 @@
+Upstream-Status: Backport [debian]
+
+Index: openssl-1.0.1c/crypto/des/asm/desboth.pl
+===================================================================
+--- openssl-1.0.1c.orig/crypto/des/asm/desboth.pl       2001-10-24 23:20:56.000000000 +0200
++++ openssl-1.0.1c/crypto/des/asm/desboth.pl    2012-07-29 14:15:26.000000000 +0200
+@@ -16,6 +16,11 @@
+ 
+        &push("edi");
+ 
++       &call   (&label("pic_point0"));
++       &set_label("pic_point0");
++       &blindpop("ebp");
++       &add    ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
++
+        &comment("");
+        &comment("Load the data words");
+        &mov($L,&DWP(0,"ebx","",0));
+@@ -47,15 +52,21 @@
+        &mov(&swtmp(2), (DWC(($enc)?"1":"0")));
+        &mov(&swtmp(1), "eax");
+        &mov(&swtmp(0), "ebx");
+-       &call("DES_encrypt2");
++       &exch("ebx", "ebp");
++       &call("DES_encrypt2\@PLT");
++       &exch("ebx", "ebp");
+        &mov(&swtmp(2), (DWC(($enc)?"0":"1")));
+        &mov(&swtmp(1), "edi");
+        &mov(&swtmp(0), "ebx");
+-       &call("DES_encrypt2");
++       &exch("ebx", "ebp");
++       &call("DES_encrypt2\@PLT");
++       &exch("ebx", "ebp");
+        &mov(&swtmp(2), (DWC(($enc)?"1":"0")));
+        &mov(&swtmp(1), "esi");
+        &mov(&swtmp(0), "ebx");
+-       &call("DES_encrypt2");
++       &exch("ebx", "ebp");
++       &call("DES_encrypt2\@PLT");
++       &exch("ebx", "ebp");
+ 
+        &stack_pop(3);
+        &mov($L,&DWP(0,"ebx","",0));
+Index: openssl-1.0.1c/crypto/perlasm/cbc.pl
+===================================================================
+--- openssl-1.0.1c.orig/crypto/perlasm/cbc.pl   2011-07-13 08:22:46.000000000 +0200
++++ openssl-1.0.1c/crypto/perlasm/cbc.pl        2012-07-29 14:15:26.000000000 +0200
+@@ -122,7 +122,11 @@
+        &mov(&DWP($data_off,"esp","",0),        "eax"); # put in array for call
+        &mov(&DWP($data_off+4,"esp","",0),      "ebx"); #
+ 
+-       &call($enc_func);
++       &call   (&label("pic_point0"));
++       &set_label("pic_point0");
++       &blindpop("ebx");
++       &add    ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
++       &call("$enc_func\@PLT");
+ 
+        &mov("eax",     &DWP($data_off,"esp","",0));
+        &mov("ebx",     &DWP($data_off+4,"esp","",0));
+@@ -185,7 +189,11 @@
+        &mov(&DWP($data_off,"esp","",0),        "eax"); # put in array for call
+        &mov(&DWP($data_off+4,"esp","",0),      "ebx"); #
+ 
+-       &call($enc_func);
++       &call   (&label("pic_point1"));
++       &set_label("pic_point1");
++       &blindpop("ebx");
++       &add    ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]");
++       &call("$enc_func\@PLT");
+ 
+        &mov("eax",     &DWP($data_off,"esp","",0));
+        &mov("ebx",     &DWP($data_off+4,"esp","",0));
+@@ -218,7 +226,11 @@
+        &mov(&DWP($data_off,"esp","",0),        "eax"); # put back
+        &mov(&DWP($data_off+4,"esp","",0),      "ebx"); #
+ 
+-       &call($dec_func);
++       &call   (&label("pic_point2"));
++       &set_label("pic_point2");
++       &blindpop("ebx");
++       &add    ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]");
++       &call("$dec_func\@PLT");
+ 
+        &mov("eax",     &DWP($data_off,"esp","",0));    # get return
+        &mov("ebx",     &DWP($data_off+4,"esp","",0));  #
+@@ -261,7 +273,11 @@
+        &mov(&DWP($data_off,"esp","",0),        "eax"); # put back
+        &mov(&DWP($data_off+4,"esp","",0),      "ebx"); #
+ 
+-       &call($dec_func);
++       &call   (&label("pic_point3"));
++       &set_label("pic_point3");
++       &blindpop("ebx");
++       &add    ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]");
++       &call("$dec_func\@PLT");
+ 
+        &mov("eax",     &DWP($data_off,"esp","",0));    # get return
+        &mov("ebx",     &DWP($data_off+4,"esp","",0));  #
+Index: openssl-1.0.1c/crypto/perlasm/x86gas.pl
+===================================================================
+--- openssl-1.0.1c.orig/crypto/perlasm/x86gas.pl        2011-12-09 20:16:35.000000000 +0100
++++ openssl-1.0.1c/crypto/perlasm/x86gas.pl     2012-07-29 14:15:26.000000000 +0200
+@@ -161,6 +161,7 @@
+        if ($::macosx)  { push (@out,"$tmp,2\n"); }
+        elsif ($::elf)  { push (@out,"$tmp,4\n"); }
+        else            { push (@out,"$tmp\n"); }
++       if ($::elf)     { push (@out,".hidden\tOPENSSL_ia32cap_P\n"); }
+     }
+     push(@out,$initseg) if ($initseg);
+ }
+@@ -218,8 +219,23 @@
+     elsif ($::elf)
+     {  $initseg.=<<___;
+ .section       .init
++___
++        if ($::pic)
++       {   $initseg.=<<___;
++       pushl   %ebx
++       call    .pic_point0
++.pic_point0:
++       popl    %ebx
++       addl    \$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx
++       call    $f\@PLT
++       popl    %ebx
++___
++       }
++       else
++       {   $initseg.=<<___;
+        call    $f
+ ___
++       }
+     }
+     elsif ($::coff)
+     {   $initseg.=<<___;       # applies to both Cygwin and Mingw
+Index: openssl-1.0.1c/crypto/x86cpuid.pl
+===================================================================
+--- openssl-1.0.1c.orig/crypto/x86cpuid.pl      2012-02-28 15:20:34.000000000 +0100
++++ openssl-1.0.1c/crypto/x86cpuid.pl   2012-07-29 14:15:26.000000000 +0200
+@@ -8,6 +8,8 @@
+ 
+ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+ 
++push(@out, ".hidden OPENSSL_ia32cap_P\n");
++
+ &function_begin("OPENSSL_ia32_cpuid");
+        &xor    ("edx","edx");
+        &pushf  ();
+@@ -139,9 +141,7 @@
+ &set_label("nocpuid");
+ &function_end("OPENSSL_ia32_cpuid");
+ 
+-&external_label("OPENSSL_ia32cap_P");
+-
+-&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
++&function_begin_B("OPENSSL_rdtsc");
+        &xor    ("eax","eax");
+        &xor    ("edx","edx");
+        &picmeup("ecx","OPENSSL_ia32cap_P");
+@@ -155,7 +155,7 @@
+ # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host],
+ # but it's safe to call it on any [supported] 32-bit platform...
+ # Just check for [non-]zero return value...
+-&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
++&function_begin_B("OPENSSL_instrument_halt");
+        &picmeup("ecx","OPENSSL_ia32cap_P");
+        &bt     (&DWP(0,"ecx"),4);
+        &jnc    (&label("nohalt"));     # no TSC
+@@ -222,7 +222,7 @@
+        &ret    ();
+ &function_end_B("OPENSSL_far_spin");
+ 
+-&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
++&function_begin_B("OPENSSL_wipe_cpu");
+        &xor    ("eax","eax");
+        &xor    ("edx","edx");
+        &picmeup("ecx","OPENSSL_ia32cap_P");
diff --git a/recipes-connectivity/openssl/openssl/debian/version-script.patch b/recipes-connectivity/openssl/openssl/debian/version-script.patch
new file mode 100644
index 0000000..ece8b9b
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/debian/version-script.patch
@@ -0,0 +1,4670 @@
+Upstream-Status: Backport [debian]
+
+Index: openssl-1.0.1d/Configure
+===================================================================
+--- openssl-1.0.1d.orig/Configure       2013-02-06 19:41:43.000000000 +0100
++++ openssl-1.0.1d/Configure    2013-02-06 19:41:43.000000000 +0100
+@@ -1621,6 +1621,8 @@
+                }
+        }
+ 
++$shared_ldflag .= " -Wl,--version-script=openssl.ld";
++
+ open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
+ unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
+ open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
+Index: openssl-1.0.1d/openssl.ld
+===================================================================
+--- /dev/null   1970-01-01 00:00:00.000000000 +0000
++++ openssl-1.0.1d/openssl.ld   2013-02-06 19:44:25.000000000 +0100
+@@ -0,0 +1,4620 @@
++OPENSSL_1.0.0 {
++       global:
++               BIO_f_ssl;
++               BIO_new_buffer_ssl_connect;
++               BIO_new_ssl;
++               BIO_new_ssl_connect;
++               BIO_proxy_ssl_copy_session_id;
++               BIO_ssl_copy_session_id;
++               BIO_ssl_shutdown;
++               d2i_SSL_SESSION;
++               DTLSv1_client_method;
++               DTLSv1_method;
++               DTLSv1_server_method;
++               ERR_load_SSL_strings;
++               i2d_SSL_SESSION;
++               kssl_build_principal_2;
++               kssl_cget_tkt;
++               kssl_check_authent;
++               kssl_ctx_free;
++               kssl_ctx_new;
++               kssl_ctx_setkey;
++               kssl_ctx_setprinc;
++               kssl_ctx_setstring;
++               kssl_ctx_show;
++               kssl_err_set;
++               kssl_krb5_free_data_contents;
++               kssl_sget_tkt;
++               kssl_skip_confound;
++               kssl_validate_times;
++               PEM_read_bio_SSL_SESSION;
++               PEM_read_SSL_SESSION;
++               PEM_write_bio_SSL_SESSION;
++               PEM_write_SSL_SESSION;
++               SSL_accept;
++               SSL_add_client_CA;
++               SSL_add_dir_cert_subjects_to_stack;
++               SSL_add_dir_cert_subjs_to_stk;
++               SSL_add_file_cert_subjects_to_stack;
++               SSL_add_file_cert_subjs_to_stk;
++               SSL_alert_desc_string;
++               SSL_alert_desc_string_long;
++               SSL_alert_type_string;
++               SSL_alert_type_string_long;
++               SSL_callback_ctrl;
++               SSL_check_private_key;
++               SSL_CIPHER_description;
++               SSL_CIPHER_get_bits;
++               SSL_CIPHER_get_name;
++               SSL_CIPHER_get_version;
++               SSL_clear;
++               SSL_COMP_add_compression_method;
++               SSL_COMP_get_compression_methods;
++               SSL_COMP_get_compress_methods;
++               SSL_COMP_get_name;
++               SSL_connect;
++               SSL_copy_session_id;
++               SSL_ctrl;
++               SSL_CTX_add_client_CA;
++               SSL_CTX_add_session;
++               SSL_CTX_callback_ctrl;
++               SSL_CTX_check_private_key;
++               SSL_CTX_ctrl;
++               SSL_CTX_flush_sessions;
++               SSL_CTX_free;
++               SSL_CTX_get_cert_store;
++               SSL_CTX_get_client_CA_list;
++               SSL_CTX_get_client_cert_cb;
++               SSL_CTX_get_ex_data;
++               SSL_CTX_get_ex_new_index;
++               SSL_CTX_get_info_callback;
++               SSL_CTX_get_quiet_shutdown;
++               SSL_CTX_get_timeout;
++               SSL_CTX_get_verify_callback;
++               SSL_CTX_get_verify_depth;
++               SSL_CTX_get_verify_mode;
++               SSL_CTX_load_verify_locations;
++               SSL_CTX_new;
++               SSL_CTX_remove_session;
++               SSL_CTX_sess_get_get_cb;
++               SSL_CTX_sess_get_new_cb;
++               SSL_CTX_sess_get_remove_cb;
++               SSL_CTX_sessions;
++               SSL_CTX_sess_set_get_cb;
++               SSL_CTX_sess_set_new_cb;
++               SSL_CTX_sess_set_remove_cb;
++               SSL_CTX_set1_param;
++               SSL_CTX_set_cert_store;
++               SSL_CTX_set_cert_verify_callback;
++               SSL_CTX_set_cert_verify_cb;
++               SSL_CTX_set_cipher_list;
++               SSL_CTX_set_client_CA_list;
++               SSL_CTX_set_client_cert_cb;
++               SSL_CTX_set_client_cert_engine;
++               SSL_CTX_set_cookie_generate_cb;
++               SSL_CTX_set_cookie_verify_cb;
++               SSL_CTX_set_default_passwd_cb;
++               SSL_CTX_set_default_passwd_cb_userdata;
++               SSL_CTX_set_default_verify_paths;
++               SSL_CTX_set_def_passwd_cb_ud;
++               SSL_CTX_set_def_verify_paths;
++               SSL_CTX_set_ex_data;
++               SSL_CTX_set_generate_session_id;
++               SSL_CTX_set_info_callback;
++               SSL_CTX_set_msg_callback;
++               SSL_CTX_set_psk_client_callback;
++               SSL_CTX_set_psk_server_callback;
++               SSL_CTX_set_purpose;
++               SSL_CTX_set_quiet_shutdown;
++               SSL_CTX_set_session_id_context;
++               SSL_CTX_set_ssl_version;
++               SSL_CTX_set_timeout;
++               SSL_CTX_set_tmp_dh_callback;
++               SSL_CTX_set_tmp_ecdh_callback;
++               SSL_CTX_set_tmp_rsa_callback;
++               SSL_CTX_set_trust;
++               SSL_CTX_set_verify;
++               SSL_CTX_set_verify_depth;
++               SSL_CTX_use_cert_chain_file;
++               SSL_CTX_use_certificate;
++               SSL_CTX_use_certificate_ASN1;
++               SSL_CTX_use_certificate_chain_file;
++               SSL_CTX_use_certificate_file;
++               SSL_CTX_use_PrivateKey;
++               SSL_CTX_use_PrivateKey_ASN1;
++               SSL_CTX_use_PrivateKey_file;
++               SSL_CTX_use_psk_identity_hint;
++               SSL_CTX_use_RSAPrivateKey;
++               SSL_CTX_use_RSAPrivateKey_ASN1;
++               SSL_CTX_use_RSAPrivateKey_file;
++               SSL_do_handshake;
++               SSL_dup;
++               SSL_dup_CA_list;
++               SSLeay_add_ssl_algorithms;
++               SSL_free;
++               SSL_get1_session;
++               SSL_get_certificate;
++               SSL_get_cipher_list;
++               SSL_get_ciphers;
++               SSL_get_client_CA_list;
++               SSL_get_current_cipher;
++               SSL_get_current_compression;
++               SSL_get_current_expansion;
++               SSL_get_default_timeout;
++               SSL_get_error;
++               SSL_get_ex_data;
++               SSL_get_ex_data_X509_STORE_CTX_idx;
++               SSL_get_ex_d_X509_STORE_CTX_idx;
++               SSL_get_ex_new_index;
++               SSL_get_fd;
++               SSL_get_finished;
++               SSL_get_info_callback;
++               SSL_get_peer_cert_chain;
++               SSL_get_peer_certificate;
++               SSL_get_peer_finished;
++               SSL_get_privatekey;
++               SSL_get_psk_identity;
++               SSL_get_psk_identity_hint;
++               SSL_get_quiet_shutdown;
++               SSL_get_rbio;
++               SSL_get_read_ahead;
++               SSL_get_rfd;
++               SSL_get_servername;
++               SSL_get_servername_type;
++               SSL_get_session;
++               SSL_get_shared_ciphers;
++               SSL_get_shutdown;
++               SSL_get_SSL_CTX;
++               SSL_get_ssl_method;
++               SSL_get_verify_callback;
++               SSL_get_verify_depth;
++               SSL_get_verify_mode;
++               SSL_get_verify_result;
++               SSL_get_version;
++               SSL_get_wbio;
++               SSL_get_wfd;
++               SSL_has_matching_session_id;
++               SSL_library_init;
++               SSL_load_client_CA_file;
++               SSL_load_error_strings;
++               SSL_new;
++               SSL_peek;
++               SSL_pending;
++               SSL_read;
++               SSL_renegotiate;
++               SSL_renegotiate_pending;
++               SSL_rstate_string;
++               SSL_rstate_string_long;
++               SSL_SESSION_cmp;
++               SSL_SESSION_free;
++               SSL_SESSION_get_ex_data;
++               SSL_SESSION_get_ex_new_index;
++               SSL_SESSION_get_id;
++               SSL_SESSION_get_time;
++               SSL_SESSION_get_timeout;
++               SSL_SESSION_hash;
++               SSL_SESSION_new;
++               SSL_SESSION_print;
++               SSL_SESSION_print_fp;
++               SSL_SESSION_set_ex_data;
++               SSL_SESSION_set_time;
++               SSL_SESSION_set_timeout;
++               SSL_set1_param;
++               SSL_set_accept_state;
++               SSL_set_bio;
++               SSL_set_cipher_list;
++               SSL_set_client_CA_list;
++               SSL_set_connect_state;
++               SSL_set_ex_data;
++               SSL_set_fd;
++               SSL_set_generate_session_id;
++               SSL_set_info_callback;
++               SSL_set_msg_callback;
++               SSL_set_psk_client_callback;
++               SSL_set_psk_server_callback;
++               SSL_set_purpose;
++               SSL_set_quiet_shutdown;
++               SSL_set_read_ahead;
++               SSL_set_rfd;
++               SSL_set_session;
++               SSL_set_session_id_context;
++               SSL_set_session_secret_cb;
++               SSL_set_session_ticket_ext;
++               SSL_set_session_ticket_ext_cb;
++               SSL_set_shutdown;
++               SSL_set_SSL_CTX;
++               SSL_set_ssl_method;
++               SSL_set_tmp_dh_callback;
++               SSL_set_tmp_ecdh_callback;
++               SSL_set_tmp_rsa_callback;
++               SSL_set_trust;
++               SSL_set_verify;
++               SSL_set_verify_depth;
++               SSL_set_verify_result;
++               SSL_set_wfd;
++               SSL_shutdown;
++               SSL_state;
++               SSL_state_string;
++               SSL_state_string_long;
++               SSL_use_certificate;
++               SSL_use_certificate_ASN1;
++               SSL_use_certificate_file;
++               SSL_use_PrivateKey;
++               SSL_use_PrivateKey_ASN1;
++               SSL_use_PrivateKey_file;
++               SSL_use_psk_identity_hint;
++               SSL_use_RSAPrivateKey;
++               SSL_use_RSAPrivateKey_ASN1;
++               SSL_use_RSAPrivateKey_file;
++               SSLv23_client_method;
++               SSLv23_method;
++               SSLv23_server_method;
++               SSLv2_client_method;
++               SSLv2_method;
++               SSLv2_server_method;
++               SSLv3_client_method;
++               SSLv3_method;
++               SSLv3_server_method;
++               SSL_version;
++               SSL_want;
++               SSL_write;
++               TLSv1_client_method;
++               TLSv1_method;
++               TLSv1_server_method;
++
++
++               SSLeay;
++               SSLeay_version;
++               ASN1_BIT_STRING_asn1_meth;
++               ASN1_HEADER_free;
++               ASN1_HEADER_new;
++               ASN1_IA5STRING_asn1_meth;
++               ASN1_INTEGER_get;
++               ASN1_INTEGER_set;
++               ASN1_INTEGER_to_BN;
++               ASN1_OBJECT_create;
++               ASN1_OBJECT_free;
++               ASN1_OBJECT_new;
++               ASN1_PRINTABLE_type;
++               ASN1_STRING_cmp;
++               ASN1_STRING_dup;
++               ASN1_STRING_free;
++               ASN1_STRING_new;
++               ASN1_STRING_print;
++               ASN1_STRING_set;
++               ASN1_STRING_type_new;
++               ASN1_TYPE_free;
++               ASN1_TYPE_new;
++               ASN1_UNIVERSALSTRING_to_string;
++               ASN1_UTCTIME_check;
++               ASN1_UTCTIME_print;
++               ASN1_UTCTIME_set;
++               ASN1_check_infinite_end;
++               ASN1_d2i_bio;
++               ASN1_d2i_fp;
++               ASN1_digest;
++               ASN1_dup;
++               ASN1_get_object;
++               ASN1_i2d_bio;
++               ASN1_i2d_fp;
++               ASN1_object_size;
++               ASN1_parse;
++               ASN1_put_object;
++               ASN1_sign;
++               ASN1_verify;
++               BF_cbc_encrypt;
++               BF_cfb64_encrypt;
++               BF_ecb_encrypt;
++               BF_encrypt;
++               BF_ofb64_encrypt;
++               BF_options;
++               BF_set_key;
++               BIO_CONNECT_free;
++               BIO_CONNECT_new;
++               BIO_accept;
++               BIO_ctrl;
++               BIO_int_ctrl;
++               BIO_debug_callback;
++               BIO_dump;
++               BIO_dup_chain;
++               BIO_f_base64;
++               BIO_f_buffer;
++               BIO_f_cipher;
++               BIO_f_md;
++               BIO_f_null;
++               BIO_f_proxy_server;
++               BIO_fd_non_fatal_error;
++               BIO_fd_should_retry;
++               BIO_find_type;
++               BIO_free;
++               BIO_free_all;
++               BIO_get_accept_socket;
++               BIO_get_filter_bio;
++               BIO_get_host_ip;
++               BIO_get_port;
++               BIO_get_retry_BIO;
++               BIO_get_retry_reason;
++               BIO_gethostbyname;
++               BIO_gets;
++               BIO_new;
++               BIO_new_accept;
++               BIO_new_connect;
++               BIO_new_fd;
++               BIO_new_file;
++               BIO_new_fp;
++               BIO_new_socket;
++               BIO_pop;
++               BIO_printf;
++               BIO_push;
++               BIO_puts;
++               BIO_read;
++               BIO_s_accept;
++               BIO_s_connect;
++               BIO_s_fd;
++               BIO_s_file;
++               BIO_s_mem;
++               BIO_s_null;
++               BIO_s_proxy_client;
++               BIO_s_socket;
++               BIO_set;
++               BIO_set_cipher;
++               BIO_set_tcp_ndelay;
++               BIO_sock_cleanup;
++               BIO_sock_error;
++               BIO_sock_init;
++               BIO_sock_non_fatal_error;
++               BIO_sock_should_retry;
++               BIO_socket_ioctl;
++               BIO_write;
++               BN_CTX_free;
++               BN_CTX_new;
++               BN_MONT_CTX_free;
++               BN_MONT_CTX_new;
++               BN_MONT_CTX_set;
++               BN_add;
++               BN_add_word;
++               BN_hex2bn;
++               BN_bin2bn;
++               BN_bn2hex;
++               BN_bn2bin;
++               BN_clear;
++               BN_clear_bit;
++               BN_clear_free;
++               BN_cmp;
++               BN_copy;
++               BN_div;
++               BN_div_word;
++               BN_dup;
++               BN_free;
++               BN_from_montgomery;
++               BN_gcd;
++               BN_generate_prime;
++               BN_get_word;
++               BN_is_bit_set;
++               BN_is_prime;
++               BN_lshift;
++               BN_lshift1;
++               BN_mask_bits;
++               BN_mod;
++               BN_mod_exp;
++               BN_mod_exp_mont;
++               BN_mod_exp_simple;
++               BN_mod_inverse;
++               BN_mod_mul;
++               BN_mod_mul_montgomery;
++               BN_mod_word;
++               BN_mul;
++               BN_new;
++               BN_num_bits;
++               BN_num_bits_word;
++               BN_options;
++               BN_print;
++               BN_print_fp;
++               BN_rand;
++               BN_reciprocal;
++               BN_rshift;
++               BN_rshift1;
++               BN_set_bit;
++               BN_set_word;
++               BN_sqr;
++               BN_sub;
++               BN_to_ASN1_INTEGER;
++               BN_ucmp;
++               BN_value_one;
++               BUF_MEM_free;
++               BUF_MEM_grow;
++               BUF_MEM_new;
++               BUF_strdup;
++               CONF_free;
++               CONF_get_number;
++               CONF_get_section;
++               CONF_get_string;
++               CONF_load;
++               CRYPTO_add_lock;
++               CRYPTO_dbg_free;
++               CRYPTO_dbg_malloc;
++               CRYPTO_dbg_realloc;
++               CRYPTO_dbg_remalloc;
++               CRYPTO_free;
++               CRYPTO_get_add_lock_callback;
++               CRYPTO_get_id_callback;
++               CRYPTO_get_lock_name;
++               CRYPTO_get_locking_callback;
++               CRYPTO_get_mem_functions;
++               CRYPTO_lock;
++               CRYPTO_malloc;
++               CRYPTO_mem_ctrl;
++               CRYPTO_mem_leaks;
++               CRYPTO_mem_leaks_cb;
++               CRYPTO_mem_leaks_fp;
++               CRYPTO_realloc;
++               CRYPTO_remalloc;
++               CRYPTO_set_add_lock_callback;
++               CRYPTO_set_id_callback;
++               CRYPTO_set_locking_callback;
++               CRYPTO_set_mem_functions;
++               CRYPTO_thread_id;
++               DH_check;
++               DH_compute_key;
++               DH_free;
++               DH_generate_key;
++               DH_generate_parameters;
++               DH_new;
++               DH_size;
++               DHparams_print;
++               DHparams_print_fp;
++               DSA_free;
++               DSA_generate_key;
++               DSA_generate_parameters;
++               DSA_is_prime;
++               DSA_new;
++               DSA_print;
++               DSA_print_fp;
++               DSA_sign;
++               DSA_sign_setup;
++               DSA_size;
++               DSA_verify;
++               DSAparams_print;
++               DSAparams_print_fp;
++               ERR_clear_error;
++               ERR_error_string;
++               ERR_free_strings;
++               ERR_func_error_string;
++               ERR_get_err_state_table;
++               ERR_get_error;
++               ERR_get_error_line;
++               ERR_get_state;
++               ERR_get_string_table;
++               ERR_lib_error_string;
++               ERR_load_ASN1_strings;
++               ERR_load_BIO_strings;
++               ERR_load_BN_strings;
++               ERR_load_BUF_strings;
++               ERR_load_CONF_strings;
++               ERR_load_DH_strings;
++               ERR_load_DSA_strings;
++               ERR_load_ERR_strings;
++               ERR_load_EVP_strings;
++               ERR_load_OBJ_strings;
++               ERR_load_PEM_strings;
++               ERR_load_PROXY_strings;
++               ERR_load_RSA_strings;
++               ERR_load_X509_strings;
++               ERR_load_crypto_strings;
++               ERR_load_strings;
++               ERR_peek_error;
++               ERR_peek_error_line;
++               ERR_print_errors;
++               ERR_print_errors_fp;
++               ERR_put_error;
++               ERR_reason_error_string;
++               ERR_remove_state;
++               EVP_BytesToKey;
++               EVP_CIPHER_CTX_cleanup;
++               EVP_CipherFinal;
++               EVP_CipherInit;
++               EVP_CipherUpdate;
++               EVP_DecodeBlock;
++               EVP_DecodeFinal;
++               EVP_DecodeInit;
++               EVP_DecodeUpdate;
++               EVP_DecryptFinal;
++               EVP_DecryptInit;
++               EVP_DecryptUpdate;
++               EVP_DigestFinal;
++               EVP_DigestInit;
++               EVP_DigestUpdate;
++               EVP_EncodeBlock;
++               EVP_EncodeFinal;
++               EVP_EncodeInit;
++               EVP_EncodeUpdate;
++               EVP_EncryptFinal;
++               EVP_EncryptInit;
++               EVP_EncryptUpdate;
++               EVP_OpenFinal;
++               EVP_OpenInit;
++               EVP_PKEY_assign;
++               EVP_PKEY_copy_parameters;
++               EVP_PKEY_free;
++               EVP_PKEY_missing_parameters;
++               EVP_PKEY_new;
++               EVP_PKEY_save_parameters;
++               EVP_PKEY_size;
++               EVP_PKEY_type;
++               EVP_SealFinal;
++               EVP_SealInit;
++               EVP_SignFinal;
++               EVP_VerifyFinal;
++               EVP_add_alias;
++               EVP_add_cipher;
++               EVP_add_digest;
++               EVP_bf_cbc;
++               EVP_bf_cfb64;
++               EVP_bf_ecb;
++               EVP_bf_ofb;
++               EVP_cleanup;
++               EVP_des_cbc;
++               EVP_des_cfb64;
++               EVP_des_ecb;
++               EVP_des_ede;
++               EVP_des_ede3;
++               EVP_des_ede3_cbc;
++               EVP_des_ede3_cfb64;
++               EVP_des_ede3_ofb;
++               EVP_des_ede_cbc;
++               EVP_des_ede_cfb64;
++               EVP_des_ede_ofb;
++               EVP_des_ofb;
++               EVP_desx_cbc;
++               EVP_dss;
++               EVP_dss1;
++               EVP_enc_null;
++               EVP_get_cipherbyname;
++               EVP_get_digestbyname;
++               EVP_get_pw_prompt;
++               EVP_idea_cbc;
++               EVP_idea_cfb64;
++               EVP_idea_ecb;
++               EVP_idea_ofb;
++               EVP_md2;
++               EVP_md5;
++               EVP_md_null;
++               EVP_rc2_cbc;
++               EVP_rc2_cfb64;
++               EVP_rc2_ecb;
++               EVP_rc2_ofb;
++               EVP_rc4;
++               EVP_read_pw_string;
++               EVP_set_pw_prompt;
++               EVP_sha;
++               EVP_sha1;
++               MD2;
++               MD2_Final;
++               MD2_Init;
++               MD2_Update;
++               MD2_options;
++               MD5;
++               MD5_Final;
++               MD5_Init;
++               MD5_Update;
++               MDC2;
++               MDC2_Final;
++               MDC2_Init;
++               MDC2_Update;
++               NETSCAPE_SPKAC_free;
++               NETSCAPE_SPKAC_new;
++               NETSCAPE_SPKI_free;
++               NETSCAPE_SPKI_new;
++               NETSCAPE_SPKI_sign;
++               NETSCAPE_SPKI_verify;
++               OBJ_add_object;
++               OBJ_bsearch;
++               OBJ_cleanup;
++               OBJ_cmp;
++               OBJ_create;
++               OBJ_dup;
++               OBJ_ln2nid;
++               OBJ_new_nid;
++               OBJ_nid2ln;
++               OBJ_nid2obj;
++               OBJ_nid2sn;
++               OBJ_obj2nid;
++               OBJ_sn2nid;
++               OBJ_txt2nid;
++               PEM_ASN1_read;
++               PEM_ASN1_read_bio;
++               PEM_ASN1_write;
++               PEM_ASN1_write_bio;
++               PEM_SealFinal;
++               PEM_SealInit;
++               PEM_SealUpdate;
++               PEM_SignFinal;
++               PEM_SignInit;
++               PEM_SignUpdate;
++               PEM_X509_INFO_read;
++               PEM_X509_INFO_read_bio;
++               PEM_X509_INFO_write_bio;
++               PEM_dek_info;
++               PEM_do_header;
++               PEM_get_EVP_CIPHER_INFO;
++               PEM_proc_type;
++               PEM_read;
++               PEM_read_DHparams;
++               PEM_read_DSAPrivateKey;
++               PEM_read_DSAparams;
++               PEM_read_PKCS7;
++               PEM_read_PrivateKey;
++               PEM_read_RSAPrivateKey;
++               PEM_read_X509;
++               PEM_read_X509_CRL;
++               PEM_read_X509_REQ;
++               PEM_read_bio;
++               PEM_read_bio_DHparams;
++               PEM_read_bio_DSAPrivateKey;
++               PEM_read_bio_DSAparams;
++               PEM_read_bio_PKCS7;
++               PEM_read_bio_PrivateKey;
++               PEM_read_bio_RSAPrivateKey;
++               PEM_read_bio_X509;
++               PEM_read_bio_X509_CRL;
++               PEM_read_bio_X509_REQ;
++               PEM_write;
++               PEM_write_DHparams;
++               PEM_write_DSAPrivateKey;
++               PEM_write_DSAparams;
++               PEM_write_PKCS7;
++               PEM_write_PrivateKey;
++               PEM_write_RSAPrivateKey;
++               PEM_write_X509;
++               PEM_write_X509_CRL;
++               PEM_write_X509_REQ;
++               PEM_write_bio;
++               PEM_write_bio_DHparams;
++               PEM_write_bio_DSAPrivateKey;
++               PEM_write_bio_DSAparams;
++               PEM_write_bio_PKCS7;
++               PEM_write_bio_PrivateKey;
++               PEM_write_bio_RSAPrivateKey;
++               PEM_write_bio_X509;
++               PEM_write_bio_X509_CRL;
++               PEM_write_bio_X509_REQ;
++               PKCS7_DIGEST_free;
++               PKCS7_DIGEST_new;
++               PKCS7_ENCRYPT_free;
++               PKCS7_ENCRYPT_new;
++               PKCS7_ENC_CONTENT_free;
++               PKCS7_ENC_CONTENT_new;
++               PKCS7_ENVELOPE_free;
++               PKCS7_ENVELOPE_new;
++               PKCS7_ISSUER_AND_SERIAL_digest;
++               PKCS7_ISSUER_AND_SERIAL_free;
++               PKCS7_ISSUER_AND_SERIAL_new;
++               PKCS7_RECIP_INFO_free;
++               PKCS7_RECIP_INFO_new;
++               PKCS7_SIGNED_free;
++               PKCS7_SIGNED_new;
++               PKCS7_SIGNER_INFO_free;
++               PKCS7_SIGNER_INFO_new;
++               PKCS7_SIGN_ENVELOPE_free;
++               PKCS7_SIGN_ENVELOPE_new;
++               PKCS7_dup;
++               PKCS7_free;
++               PKCS7_new;
++               PROXY_ENTRY_add_noproxy;
++               PROXY_ENTRY_clear_noproxy;
++               PROXY_ENTRY_free;
++               PROXY_ENTRY_get_noproxy;
++               PROXY_ENTRY_new;
++               PROXY_ENTRY_set_server;
++               PROXY_add_noproxy;
++               PROXY_add_server;
++               PROXY_check_by_host;
++               PROXY_check_url;
++               PROXY_clear_noproxy;
++               PROXY_free;
++               PROXY_get_noproxy;
++               PROXY_get_proxies;
++               PROXY_get_proxy_entry;
++               PROXY_load_conf;
++               PROXY_new;
++               PROXY_print;
++               RAND_bytes;
++               RAND_cleanup;
++               RAND_file_name;
++               RAND_load_file;
++               RAND_screen;
++               RAND_seed;
++               RAND_write_file;
++               RC2_cbc_encrypt;
++               RC2_cfb64_encrypt;
++               RC2_ecb_encrypt;
++               RC2_encrypt;
++               RC2_ofb64_encrypt;
++               RC2_set_key;
++               RC4;
++               RC4_options;
++               RC4_set_key;
++               RSAPrivateKey_asn1_meth;
++               RSAPrivateKey_dup;
++               RSAPublicKey_dup;
++               RSA_PKCS1_SSLeay;
++               RSA_free;
++               RSA_generate_key;
++               RSA_new;
++               RSA_new_method;
++               RSA_print;
++               RSA_print_fp;
++               RSA_private_decrypt;
++               RSA_private_encrypt;
++               RSA_public_decrypt;
++               RSA_public_encrypt;
++               RSA_set_default_method;
++               RSA_sign;
++               RSA_sign_ASN1_OCTET_STRING;
++               RSA_size;
++               RSA_verify;
++               RSA_verify_ASN1_OCTET_STRING;
++               SHA;
++               SHA1;
++               SHA1_Final;
++               SHA1_Init;
++               SHA1_Update;
++               SHA_Final;
++               SHA_Init;
++               SHA_Update;
++               OpenSSL_add_all_algorithms;
++               OpenSSL_add_all_ciphers;
++               OpenSSL_add_all_digests;
++               TXT_DB_create_index;
++               TXT_DB_free;
++               TXT_DB_get_by_index;
++               TXT_DB_insert;
++               TXT_DB_read;
++               TXT_DB_write;
++               X509_ALGOR_free;
++               X509_ALGOR_new;
++               X509_ATTRIBUTE_free;
++               X509_ATTRIBUTE_new;
++               X509_CINF_free;
++               X509_CINF_new;
++               X509_CRL_INFO_free;
++               X509_CRL_INFO_new;
++               X509_CRL_add_ext;
++               X509_CRL_cmp;
++               X509_CRL_delete_ext;
++               X509_CRL_dup;
++               X509_CRL_free;
++               X509_CRL_get_ext;
++               X509_CRL_get_ext_by_NID;
++               X509_CRL_get_ext_by_OBJ;
++               X509_CRL_get_ext_by_critical;
++               X509_CRL_get_ext_count;
++               X509_CRL_new;
++               X509_CRL_sign;
++               X509_CRL_verify;
++               X509_EXTENSION_create_by_NID;
++               X509_EXTENSION_create_by_OBJ;
++               X509_EXTENSION_dup;
++               X509_EXTENSION_free;
++               X509_EXTENSION_get_critical;
++               X509_EXTENSION_get_data;
++               X509_EXTENSION_get_object;
++               X509_EXTENSION_new;
++               X509_EXTENSION_set_critical;
++               X509_EXTENSION_set_data;
++               X509_EXTENSION_set_object;
++               X509_INFO_free;
++               X509_INFO_new;
++               X509_LOOKUP_by_alias;
++               X509_LOOKUP_by_fingerprint;
++               X509_LOOKUP_by_issuer_serial;
++               X509_LOOKUP_by_subject;
++               X509_LOOKUP_ctrl;
++               X509_LOOKUP_file;
++               X509_LOOKUP_free;
++               X509_LOOKUP_hash_dir;
++               X509_LOOKUP_init;
++               X509_LOOKUP_new;
++               X509_LOOKUP_shutdown;
++               X509_NAME_ENTRY_create_by_NID;
++               X509_NAME_ENTRY_create_by_OBJ;
++               X509_NAME_ENTRY_dup;
++               X509_NAME_ENTRY_free;
++               X509_NAME_ENTRY_get_data;
++               X509_NAME_ENTRY_get_object;
++               X509_NAME_ENTRY_new;
++               X509_NAME_ENTRY_set_data;
++               X509_NAME_ENTRY_set_object;
++               X509_NAME_add_entry;
++               X509_NAME_cmp;
++               X509_NAME_delete_entry;
++               X509_NAME_digest;
++               X509_NAME_dup;
++               X509_NAME_entry_count;
++               X509_NAME_free;
++               X509_NAME_get_entry;
++               X509_NAME_get_index_by_NID;
++               X509_NAME_get_index_by_OBJ;
++               X509_NAME_get_text_by_NID;
++               X509_NAME_get_text_by_OBJ;
++               X509_NAME_hash;
++               X509_NAME_new;
++               X509_NAME_oneline;
++               X509_NAME_print;
++               X509_NAME_set;
++               X509_OBJECT_free_contents;
++               X509_OBJECT_retrieve_by_subject;
++               X509_OBJECT_up_ref_count;
++               X509_PKEY_free;
++               X509_PKEY_new;
++               X509_PUBKEY_free;
++               X509_PUBKEY_get;
++               X509_PUBKEY_new;
++               X509_PUBKEY_set;
++               X509_REQ_INFO_free;
++               X509_REQ_INFO_new;
++               X509_REQ_dup;
++               X509_REQ_free;
++               X509_REQ_get_pubkey;
++               X509_REQ_new;
++               X509_REQ_print;
++               X509_REQ_print_fp;
++               X509_REQ_set_pubkey;
++               X509_REQ_set_subject_name;
++               X509_REQ_set_version;
++               X509_REQ_sign;
++               X509_REQ_to_X509;
++               X509_REQ_verify;
++               X509_REVOKED_add_ext;
++               X509_REVOKED_delete_ext;
++               X509_REVOKED_free;
++               X509_REVOKED_get_ext;
++               X509_REVOKED_get_ext_by_NID;
++               X509_REVOKED_get_ext_by_OBJ;
++               X509_REVOKED_get_ext_by_critical;
++               X509_REVOKED_get_ext_by_critic;
++               X509_REVOKED_get_ext_count;
++               X509_REVOKED_new;
++               X509_SIG_free;
++               X509_SIG_new;
++               X509_STORE_CTX_cleanup;
++               X509_STORE_CTX_init;
++               X509_STORE_add_cert;
++               X509_STORE_add_lookup;
++               X509_STORE_free;
++               X509_STORE_get_by_subject;
++               X509_STORE_load_locations;
++               X509_STORE_new;
++               X509_STORE_set_default_paths;
++               X509_VAL_free;
++               X509_VAL_new;
++               X509_add_ext;
++               X509_asn1_meth;
++               X509_certificate_type;
++               X509_check_private_key;
++               X509_cmp_current_time;
++               X509_delete_ext;
++               X509_digest;
++               X509_dup;
++               X509_free;
++               X509_get_default_cert_area;
++               X509_get_default_cert_dir;
++               X509_get_default_cert_dir_env;
++               X509_get_default_cert_file;
++               X509_get_default_cert_file_env;
++               X509_get_default_private_dir;
++               X509_get_ext;
++               X509_get_ext_by_NID;
++               X509_get_ext_by_OBJ;
++               X509_get_ext_by_critical;
++               X509_get_ext_count;
++               X509_get_issuer_name;
++               X509_get_pubkey;
++               X509_get_pubkey_parameters;
++               X509_get_serialNumber;
++               X509_get_subject_name;
++               X509_gmtime_adj;
++               X509_issuer_and_serial_cmp;
++               X509_issuer_and_serial_hash;
++               X509_issuer_name_cmp;
++               X509_issuer_name_hash;
++               X509_load_cert_file;
++               X509_new;
++               X509_print;
++               X509_print_fp;
++               X509_set_issuer_name;
++               X509_set_notAfter;
++               X509_set_notBefore;
++               X509_set_pubkey;
++               X509_set_serialNumber;
++               X509_set_subject_name;
++               X509_set_version;
++               X509_sign;
++               X509_subject_name_cmp;
++               X509_subject_name_hash;
++               X509_to_X509_REQ;
++               X509_verify;
++               X509_verify_cert;
++               X509_verify_cert_error_string;
++               X509v3_add_ext;
++               X509v3_add_extension;
++               X509v3_add_netscape_extensions;
++               X509v3_add_standard_extensions;
++               X509v3_cleanup_extensions;
++               X509v3_data_type_by_NID;
++               X509v3_data_type_by_OBJ;
++               X509v3_delete_ext;
++               X509v3_get_ext;
++               X509v3_get_ext_by_NID;
++               X509v3_get_ext_by_OBJ;
++               X509v3_get_ext_by_critical;
++               X509v3_get_ext_count;
++               X509v3_pack_string;
++               X509v3_pack_type_by_NID;
++               X509v3_pack_type_by_OBJ;
++               X509v3_unpack_string;
++               _des_crypt;
++               a2d_ASN1_OBJECT;
++               a2i_ASN1_INTEGER;
++               a2i_ASN1_STRING;
++               asn1_Finish;
++               asn1_GetSequence;
++               bn_div_words;
++               bn_expand2;
++               bn_mul_add_words;
++               bn_mul_words;
++               BN_uadd;
++               BN_usub;
++               bn_sqr_words;
++               _ossl_old_crypt;
++               d2i_ASN1_BIT_STRING;
++               d2i_ASN1_BOOLEAN;
++               d2i_ASN1_HEADER;
++               d2i_ASN1_IA5STRING;
++               d2i_ASN1_INTEGER;
++               d2i_ASN1_OBJECT;
++               d2i_ASN1_OCTET_STRING;
++               d2i_ASN1_PRINTABLE;
++               d2i_ASN1_PRINTABLESTRING;
++               d2i_ASN1_SET;
++               d2i_ASN1_T61STRING;
++               d2i_ASN1_TYPE;
++               d2i_ASN1_UTCTIME;
++               d2i_ASN1_bytes;
++               d2i_ASN1_type_bytes;
++               d2i_DHparams;
++               d2i_DSAPrivateKey;
++               d2i_DSAPrivateKey_bio;
++               d2i_DSAPrivateKey_fp;
++               d2i_DSAPublicKey;
++               d2i_DSAparams;
++               d2i_NETSCAPE_SPKAC;
++               d2i_NETSCAPE_SPKI;
++               d2i_Netscape_RSA;
++               d2i_PKCS7;
++               d2i_PKCS7_DIGEST;
++               d2i_PKCS7_ENCRYPT;
++               d2i_PKCS7_ENC_CONTENT;
++               d2i_PKCS7_ENVELOPE;
++               d2i_PKCS7_ISSUER_AND_SERIAL;
++               d2i_PKCS7_RECIP_INFO;
++               d2i_PKCS7_SIGNED;
++               d2i_PKCS7_SIGNER_INFO;
++               d2i_PKCS7_SIGN_ENVELOPE;
++               d2i_PKCS7_bio;
++               d2i_PKCS7_fp;
++               d2i_PrivateKey;
++               d2i_PublicKey;
++               d2i_RSAPrivateKey;
++               d2i_RSAPrivateKey_bio;
++               d2i_RSAPrivateKey_fp;
++               d2i_RSAPublicKey;
++               d2i_X509;
++               d2i_X509_ALGOR;
++               d2i_X509_ATTRIBUTE;
++               d2i_X509_CINF;
++               d2i_X509_CRL;
++               d2i_X509_CRL_INFO;
++               d2i_X509_CRL_bio;
++               d2i_X509_CRL_fp;
++               d2i_X509_EXTENSION;
++               d2i_X509_NAME;
++               d2i_X509_NAME_ENTRY;
++               d2i_X509_PKEY;
++               d2i_X509_PUBKEY;
++               d2i_X509_REQ;
++               d2i_X509_REQ_INFO;
++               d2i_X509_REQ_bio;
++               d2i_X509_REQ_fp;
++               d2i_X509_REVOKED;
++               d2i_X509_SIG;
++               d2i_X509_VAL;
++               d2i_X509_bio;
++               d2i_X509_fp;
++               DES_cbc_cksum;
++               DES_cbc_encrypt;
++               DES_cblock_print_file;
++               DES_cfb64_encrypt;
++               DES_cfb_encrypt;
++               DES_decrypt3;
++               DES_ecb3_encrypt;
++               DES_ecb_encrypt;
++               DES_ede3_cbc_encrypt;
++               DES_ede3_cfb64_encrypt;
++               DES_ede3_ofb64_encrypt;
++               DES_enc_read;
++               DES_enc_write;
++               DES_encrypt1;
++               DES_encrypt2;
++               DES_encrypt3;
++               DES_fcrypt;
++               DES_is_weak_key;
++               DES_key_sched;
++               DES_ncbc_encrypt;
++               DES_ofb64_encrypt;
++               DES_ofb_encrypt;
++               DES_options;
++               DES_pcbc_encrypt;
++               DES_quad_cksum;
++               DES_random_key;
++               _ossl_old_des_random_seed;
++               _ossl_old_des_read_2passwords;
++               _ossl_old_des_read_password;
++               _ossl_old_des_read_pw;
++               _ossl_old_des_read_pw_string;
++               DES_set_key;
++               DES_set_odd_parity;
++               DES_string_to_2keys;
++               DES_string_to_key;
++               DES_xcbc_encrypt;
++               DES_xwhite_in2out;
++               fcrypt_body;
++               i2a_ASN1_INTEGER;
++               i2a_ASN1_OBJECT;
++               i2a_ASN1_STRING;
++               i2d_ASN1_BIT_STRING;
++               i2d_ASN1_BOOLEAN;
++               i2d_ASN1_HEADER;
++               i2d_ASN1_IA5STRING;
++               i2d_ASN1_INTEGER;
++               i2d_ASN1_OBJECT;
++               i2d_ASN1_OCTET_STRING;
++               i2d_ASN1_PRINTABLE;
++               i2d_ASN1_SET;
++               i2d_ASN1_TYPE;
++               i2d_ASN1_UTCTIME;
++               i2d_ASN1_bytes;
++               i2d_DHparams;
++               i2d_DSAPrivateKey;
++               i2d_DSAPrivateKey_bio;
++               i2d_DSAPrivateKey_fp;
++               i2d_DSAPublicKey;
++               i2d_DSAparams;
++               i2d_NETSCAPE_SPKAC;
++               i2d_NETSCAPE_SPKI;
++               i2d_Netscape_RSA;
++               i2d_PKCS7;
++               i2d_PKCS7_DIGEST;
++               i2d_PKCS7_ENCRYPT;
++               i2d_PKCS7_ENC_CONTENT;
++               i2d_PKCS7_ENVELOPE;
++               i2d_PKCS7_ISSUER_AND_SERIAL;
++               i2d_PKCS7_RECIP_INFO;
++               i2d_PKCS7_SIGNED;
++               i2d_PKCS7_SIGNER_INFO;
++               i2d_PKCS7_SIGN_ENVELOPE;
++               i2d_PKCS7_bio;
++               i2d_PKCS7_fp;
++               i2d_PrivateKey;
++               i2d_PublicKey;
++               i2d_RSAPrivateKey;
++               i2d_RSAPrivateKey_bio;
++               i2d_RSAPrivateKey_fp;
++               i2d_RSAPublicKey;
++               i2d_X509;
++               i2d_X509_ALGOR;
++               i2d_X509_ATTRIBUTE;
++               i2d_X509_CINF;
++               i2d_X509_CRL;
++               i2d_X509_CRL_INFO;
++               i2d_X509_CRL_bio;
++               i2d_X509_CRL_fp;
++               i2d_X509_EXTENSION;
++               i2d_X509_NAME;
++               i2d_X509_NAME_ENTRY;
++               i2d_X509_PKEY;
++               i2d_X509_PUBKEY;
++               i2d_X509_REQ;
++               i2d_X509_REQ_INFO;
++               i2d_X509_REQ_bio;
++               i2d_X509_REQ_fp;
++               i2d_X509_REVOKED;
++               i2d_X509_SIG;
++               i2d_X509_VAL;
++               i2d_X509_bio;
++               i2d_X509_fp;
++               idea_cbc_encrypt;
++               idea_cfb64_encrypt;
++               idea_ecb_encrypt;
++               idea_encrypt;
++               idea_ofb64_encrypt;
++               idea_options;
++               idea_set_decrypt_key;
++               idea_set_encrypt_key;
++               lh_delete;
++               lh_doall;
++               lh_doall_arg;
++               lh_free;
++               lh_insert;
++               lh_new;
++               lh_node_stats;
++               lh_node_stats_bio;
++               lh_node_usage_stats;
++               lh_node_usage_stats_bio;
++               lh_retrieve;
++               lh_stats;
++               lh_stats_bio;
++               lh_strhash;
++               sk_delete;
++               sk_delete_ptr;
++               sk_dup;
++               sk_find;
++               sk_free;
++               sk_insert;
++               sk_new;
++               sk_pop;
++               sk_pop_free;
++               sk_push;
++               sk_set_cmp_func;
++               sk_shift;
++               sk_unshift;
++               sk_zero;
++               BIO_f_nbio_test;
++               ASN1_TYPE_get;
++               ASN1_TYPE_set;
++               PKCS7_content_free;
++               ERR_load_PKCS7_strings;
++               X509_find_by_issuer_and_serial;
++               X509_find_by_subject;
++               PKCS7_ctrl;
++               PKCS7_set_type;
++               PKCS7_set_content;
++               PKCS7_SIGNER_INFO_set;
++               PKCS7_add_signer;
++               PKCS7_add_certificate;
++               PKCS7_add_crl;
++               PKCS7_content_new;
++               PKCS7_dataSign;
++               PKCS7_dataVerify;
++               PKCS7_dataInit;
++               PKCS7_add_signature;
++               PKCS7_cert_from_signer_info;
++               PKCS7_get_signer_info;
++               EVP_delete_alias;
++               EVP_mdc2;
++               PEM_read_bio_RSAPublicKey;
++               PEM_write_bio_RSAPublicKey;
++               d2i_RSAPublicKey_bio;
++               i2d_RSAPublicKey_bio;
++               PEM_read_RSAPublicKey;
++               PEM_write_RSAPublicKey;
++               d2i_RSAPublicKey_fp;
++               i2d_RSAPublicKey_fp;
++               BIO_copy_next_retry;
++               RSA_flags;
++               X509_STORE_add_crl;
++               X509_load_crl_file;
++               EVP_rc2_40_cbc;
++               EVP_rc4_40;
++               EVP_CIPHER_CTX_init;
++               HMAC;
++               HMAC_Init;
++               HMAC_Update;
++               HMAC_Final;
++               ERR_get_next_error_library;
++               EVP_PKEY_cmp_parameters;
++               HMAC_cleanup;
++               BIO_ptr_ctrl;
++               BIO_new_file_internal;
++               BIO_new_fp_internal;
++               BIO_s_file_internal;
++               BN_BLINDING_convert;
++               BN_BLINDING_invert;
++               BN_BLINDING_update;
++               RSA_blinding_on;
++               RSA_blinding_off;
++               i2t_ASN1_OBJECT;
++               BN_BLINDING_new;
++               BN_BLINDING_free;
++               EVP_cast5_cbc;
++               EVP_cast5_cfb64;
++               EVP_cast5_ecb;
++               EVP_cast5_ofb;
++               BF_decrypt;
++               CAST_set_key;
++               CAST_encrypt;
++               CAST_decrypt;
++               CAST_ecb_encrypt;
++               CAST_cbc_encrypt;
++               CAST_cfb64_encrypt;
++               CAST_ofb64_encrypt;
++               RC2_decrypt;
++               OBJ_create_objects;
++               BN_exp;
++               BN_mul_word;
++               BN_sub_word;
++               BN_dec2bn;
++               BN_bn2dec;
++               BIO_ghbn_ctrl;
++               CRYPTO_free_ex_data;
++               CRYPTO_get_ex_data;
++               CRYPTO_set_ex_data;
++               ERR_load_CRYPTO_strings;
++               ERR_load_CRYPTOlib_strings;
++               EVP_PKEY_bits;
++               MD5_Transform;
++               SHA1_Transform;
++               SHA_Transform;
++               X509_STORE_CTX_get_chain;
++               X509_STORE_CTX_get_current_cert;
++               X509_STORE_CTX_get_error;
++               X509_STORE_CTX_get_error_depth;
++               X509_STORE_CTX_get_ex_data;
++               X509_STORE_CTX_set_cert;
++               X509_STORE_CTX_set_chain;
++               X509_STORE_CTX_set_error;
++               X509_STORE_CTX_set_ex_data;
++               CRYPTO_dup_ex_data;
++               CRYPTO_get_new_lockid;
++               CRYPTO_new_ex_data;
++               RSA_set_ex_data;
++               RSA_get_ex_data;
++               RSA_get_ex_new_index;
++               RSA_padding_add_PKCS1_type_1;
++               RSA_padding_add_PKCS1_type_2;
++               RSA_padding_add_SSLv23;
++               RSA_padding_add_none;
++               RSA_padding_check_PKCS1_type_1;
++               RSA_padding_check_PKCS1_type_2;
++               RSA_padding_check_SSLv23;
++               RSA_padding_check_none;
++               bn_add_words;
++               d2i_Netscape_RSA_2;
++               CRYPTO_get_ex_new_index;
++               RIPEMD160_Init;
++               RIPEMD160_Update;
++               RIPEMD160_Final;
++               RIPEMD160;
++               RIPEMD160_Transform;
++               RC5_32_set_key;
++               RC5_32_ecb_encrypt;
++               RC5_32_encrypt;
++               RC5_32_decrypt;
++               RC5_32_cbc_encrypt;
++               RC5_32_cfb64_encrypt;
++               RC5_32_ofb64_encrypt;
++               BN_bn2mpi;
++               BN_mpi2bn;
++               ASN1_BIT_STRING_get_bit;
++               ASN1_BIT_STRING_set_bit;
++               BIO_get_ex_data;
++               BIO_get_ex_new_index;
++               BIO_set_ex_data;
++               X509v3_get_key_usage;
++               X509v3_set_key_usage;
++               a2i_X509v3_key_usage;
++               i2a_X509v3_key_usage;
++               EVP_PKEY_decrypt;
++               EVP_PKEY_encrypt;
++               PKCS7_RECIP_INFO_set;
++               PKCS7_add_recipient;
++               PKCS7_add_recipient_info;
++               PKCS7_set_cipher;
++               ASN1_TYPE_get_int_octetstring;
++               ASN1_TYPE_get_octetstring;
++               ASN1_TYPE_set_int_octetstring;
++               ASN1_TYPE_set_octetstring;
++               ASN1_UTCTIME_set_string;
++               ERR_add_error_data;
++               ERR_set_error_data;
++               EVP_CIPHER_asn1_to_param;
++               EVP_CIPHER_param_to_asn1;
++               EVP_CIPHER_get_asn1_iv;
++               EVP_CIPHER_set_asn1_iv;
++               EVP_rc5_32_12_16_cbc;
++               EVP_rc5_32_12_16_cfb64;
++               EVP_rc5_32_12_16_ecb;
++               EVP_rc5_32_12_16_ofb;
++               asn1_add_error;
++               d2i_ASN1_BMPSTRING;
++               i2d_ASN1_BMPSTRING;
++               BIO_f_ber;
++               BN_init;
++               COMP_CTX_new;
++               COMP_CTX_free;
++               COMP_CTX_compress_block;
++               COMP_CTX_expand_block;
++               X509_STORE_CTX_get_ex_new_index;
++               OBJ_NAME_add;
++               BIO_socket_nbio;
++               EVP_rc2_64_cbc;
++               OBJ_NAME_cleanup;
++               OBJ_NAME_get;
++               OBJ_NAME_init;
++               OBJ_NAME_new_index;
++               OBJ_NAME_remove;
++               BN_MONT_CTX_copy;
++               BIO_new_socks4a_connect;
++               BIO_s_socks4a_connect;
++               PROXY_set_connect_mode;
++               RAND_SSLeay;
++               RAND_set_rand_method;
++               RSA_memory_lock;
++               bn_sub_words;
++               bn_mul_normal;
++               bn_mul_comba8;
++               bn_mul_comba4;
++               bn_sqr_normal;
++               bn_sqr_comba8;
++               bn_sqr_comba4;
++               bn_cmp_words;
++               bn_mul_recursive;
++               bn_mul_part_recursive;
++               bn_sqr_recursive;
++               bn_mul_low_normal;
++               BN_RECP_CTX_init;
++               BN_RECP_CTX_new;
++               BN_RECP_CTX_free;
++               BN_RECP_CTX_set;
++               BN_mod_mul_reciprocal;
++               BN_mod_exp_recp;
++               BN_div_recp;
++               BN_CTX_init;
++               BN_MONT_CTX_init;
++               RAND_get_rand_method;
++               PKCS7_add_attribute;
++               PKCS7_add_signed_attribute;
++               PKCS7_digest_from_attributes;
++               PKCS7_get_attribute;
++               PKCS7_get_issuer_and_serial;
++               PKCS7_get_signed_attribute;
++               COMP_compress_block;
++               COMP_expand_block;
++               COMP_rle;
++               COMP_zlib;
++               ms_time_diff;
++               ms_time_new;
++               ms_time_free;
++               ms_time_cmp;
++               ms_time_get;
++               PKCS7_set_attributes;
++               PKCS7_set_signed_attributes;
++               X509_ATTRIBUTE_create;
++               X509_ATTRIBUTE_dup;
++               ASN1_GENERALIZEDTIME_check;
++               ASN1_GENERALIZEDTIME_print;
++               ASN1_GENERALIZEDTIME_set;
++               ASN1_GENERALIZEDTIME_set_string;
++               ASN1_TIME_print;
++               BASIC_CONSTRAINTS_free;
++               BASIC_CONSTRAINTS_new;
++               ERR_load_X509V3_strings;
++               NETSCAPE_CERT_SEQUENCE_free;
++               NETSCAPE_CERT_SEQUENCE_new;
++               OBJ_txt2obj;
++               PEM_read_NETSCAPE_CERT_SEQUENCE;
++               PEM_read_NS_CERT_SEQ;
++               PEM_read_bio_NETSCAPE_CERT_SEQUENCE;
++               PEM_read_bio_NS_CERT_SEQ;
++               PEM_write_NETSCAPE_CERT_SEQUENCE;
++               PEM_write_NS_CERT_SEQ;
++               PEM_write_bio_NETSCAPE_CERT_SEQUENCE;
++               PEM_write_bio_NS_CERT_SEQ;
++               X509V3_EXT_add;
++               X509V3_EXT_add_alias;
++               X509V3_EXT_add_conf;
++               X509V3_EXT_cleanup;
++               X509V3_EXT_conf;
++               X509V3_EXT_conf_nid;
++               X509V3_EXT_get;
++               X509V3_EXT_get_nid;
++               X509V3_EXT_print;
++               X509V3_EXT_print_fp;
++               X509V3_add_standard_extensions;
++               X509V3_add_value;
++               X509V3_add_value_bool;
++               X509V3_add_value_int;
++               X509V3_conf_free;
++               X509V3_get_value_bool;
++               X509V3_get_value_int;
++               X509V3_parse_list;
++               d2i_ASN1_GENERALIZEDTIME;
++               d2i_ASN1_TIME;
++               d2i_BASIC_CONSTRAINTS;
++               d2i_NETSCAPE_CERT_SEQUENCE;
++               d2i_ext_ku;
++               ext_ku_free;
++               ext_ku_new;
++               i2d_ASN1_GENERALIZEDTIME;
++               i2d_ASN1_TIME;
++               i2d_BASIC_CONSTRAINTS;
++               i2d_NETSCAPE_CERT_SEQUENCE;
++               i2d_ext_ku;
++               EVP_MD_CTX_copy;
++               i2d_ASN1_ENUMERATED;
++               d2i_ASN1_ENUMERATED;
++               ASN1_ENUMERATED_set;
++               ASN1_ENUMERATED_get;
++               BN_to_ASN1_ENUMERATED;
++               ASN1_ENUMERATED_to_BN;
++               i2a_ASN1_ENUMERATED;
++               a2i_ASN1_ENUMERATED;
++               i2d_GENERAL_NAME;
++               d2i_GENERAL_NAME;
++               GENERAL_NAME_new;
++               GENERAL_NAME_free;
++               GENERAL_NAMES_new;
++               GENERAL_NAMES_free;
++               d2i_GENERAL_NAMES;
++               i2d_GENERAL_NAMES;
++               i2v_GENERAL_NAMES;
++               i2s_ASN1_OCTET_STRING;
++               s2i_ASN1_OCTET_STRING;
++               X509V3_EXT_check_conf;
++               hex_to_string;
++               string_to_hex;
++               DES_ede3_cbcm_encrypt;
++               RSA_padding_add_PKCS1_OAEP;
++               RSA_padding_check_PKCS1_OAEP;
++               X509_CRL_print_fp;
++               X509_CRL_print;
++               i2v_GENERAL_NAME;
++               v2i_GENERAL_NAME;
++               i2d_PKEY_USAGE_PERIOD;
++               d2i_PKEY_USAGE_PERIOD;
++               PKEY_USAGE_PERIOD_new;
++               PKEY_USAGE_PERIOD_free;
++               v2i_GENERAL_NAMES;
++               i2s_ASN1_INTEGER;
++               X509V3_EXT_d2i;
++               name_cmp;
++               str_dup;
++               i2s_ASN1_ENUMERATED;
++               i2s_ASN1_ENUMERATED_TABLE;
++               BIO_s_log;
++               BIO_f_reliable;
++               PKCS7_dataFinal;
++               PKCS7_dataDecode;
++               X509V3_EXT_CRL_add_conf;
++               BN_set_params;
++               BN_get_params;
++               BIO_get_ex_num;
++               BIO_set_ex_free_func;
++               EVP_ripemd160;
++               ASN1_TIME_set;
++               i2d_AUTHORITY_KEYID;
++               d2i_AUTHORITY_KEYID;
++               AUTHORITY_KEYID_new;
++               AUTHORITY_KEYID_free;
++               ASN1_seq_unpack;
++               ASN1_seq_pack;
++               ASN1_unpack_string;
++               ASN1_pack_string;
++               PKCS12_pack_safebag;
++               PKCS12_MAKE_KEYBAG;
++               PKCS8_encrypt;
++               PKCS12_MAKE_SHKEYBAG;
++               PKCS12_pack_p7data;
++               PKCS12_pack_p7encdata;
++               PKCS12_add_localkeyid;
++               PKCS12_add_friendlyname_asc;
++               PKCS12_add_friendlyname_uni;
++               PKCS12_get_friendlyname;
++               PKCS12_pbe_crypt;
++               PKCS12_decrypt_d2i;
++               PKCS12_i2d_encrypt;
++               PKCS12_init;
++               PKCS12_key_gen_asc;
++               PKCS12_key_gen_uni;
++               PKCS12_gen_mac;
++               PKCS12_verify_mac;
++               PKCS12_set_mac;
++               PKCS12_setup_mac;
++               OPENSSL_asc2uni;
++               OPENSSL_uni2asc;
++               i2d_PKCS12_BAGS;
++               PKCS12_BAGS_new;
++               d2i_PKCS12_BAGS;
++               PKCS12_BAGS_free;
++               i2d_PKCS12;
++               d2i_PKCS12;
++               PKCS12_new;
++               PKCS12_free;
++               i2d_PKCS12_MAC_DATA;
++               PKCS12_MAC_DATA_new;
++               d2i_PKCS12_MAC_DATA;
++               PKCS12_MAC_DATA_free;
++               i2d_PKCS12_SAFEBAG;
++               PKCS12_SAFEBAG_new;
++               d2i_PKCS12_SAFEBAG;
++               PKCS12_SAFEBAG_free;
++               ERR_load_PKCS12_strings;
++               PKCS12_PBE_add;
++               PKCS8_add_keyusage;
++               PKCS12_get_attr_gen;
++               PKCS12_parse;
++               PKCS12_create;
++               i2d_PKCS12_bio;
++               i2d_PKCS12_fp;
++               d2i_PKCS12_bio;
++               d2i_PKCS12_fp;
++               i2d_PBEPARAM;
++               PBEPARAM_new;
++               d2i_PBEPARAM;
++               PBEPARAM_free;
++               i2d_PKCS8_PRIV_KEY_INFO;
++               PKCS8_PRIV_KEY_INFO_new;
++               d2i_PKCS8_PRIV_KEY_INFO;
++               PKCS8_PRIV_KEY_INFO_free;
++               EVP_PKCS82PKEY;
++               EVP_PKEY2PKCS8;
++               PKCS8_set_broken;
++               EVP_PBE_ALGOR_CipherInit;
++               EVP_PBE_alg_add;
++               PKCS5_pbe_set;
++               EVP_PBE_cleanup;
++               i2d_SXNET;
++               d2i_SXNET;
++               SXNET_new;
++               SXNET_free;
++               i2d_SXNETID;
++               d2i_SXNETID;
++               SXNETID_new;
++               SXNETID_free;
++               DSA_SIG_new;
++               DSA_SIG_free;
++               DSA_do_sign;
++               DSA_do_verify;
++               d2i_DSA_SIG;
++               i2d_DSA_SIG;
++               i2d_ASN1_VISIBLESTRING;
++               d2i_ASN1_VISIBLESTRING;
++               i2d_ASN1_UTF8STRING;
++               d2i_ASN1_UTF8STRING;
++               i2d_DIRECTORYSTRING;
++               d2i_DIRECTORYSTRING;
++               i2d_DISPLAYTEXT;
++               d2i_DISPLAYTEXT;
++               d2i_ASN1_SET_OF_X509;
++               i2d_ASN1_SET_OF_X509;
++               i2d_PBKDF2PARAM;
++               PBKDF2PARAM_new;
++               d2i_PBKDF2PARAM;
++               PBKDF2PARAM_free;
++               i2d_PBE2PARAM;
++               PBE2PARAM_new;
++               d2i_PBE2PARAM;
++               PBE2PARAM_free;
++               d2i_ASN1_SET_OF_GENERAL_NAME;
++               i2d_ASN1_SET_OF_GENERAL_NAME;
++               d2i_ASN1_SET_OF_SXNETID;
++               i2d_ASN1_SET_OF_SXNETID;
++               d2i_ASN1_SET_OF_POLICYQUALINFO;
++               i2d_ASN1_SET_OF_POLICYQUALINFO;
++               d2i_ASN1_SET_OF_POLICYINFO;
++               i2d_ASN1_SET_OF_POLICYINFO;
++               SXNET_add_id_asc;
++               SXNET_add_id_ulong;
++               SXNET_add_id_INTEGER;
++               SXNET_get_id_asc;
++               SXNET_get_id_ulong;
++               SXNET_get_id_INTEGER;
++               X509V3_set_conf_lhash;
++               i2d_CERTIFICATEPOLICIES;
++               CERTIFICATEPOLICIES_new;
++               CERTIFICATEPOLICIES_free;
++               d2i_CERTIFICATEPOLICIES;
++               i2d_POLICYINFO;
++               POLICYINFO_new;
++               d2i_POLICYINFO;
++               POLICYINFO_free;
++               i2d_POLICYQUALINFO;
++               POLICYQUALINFO_new;
++               d2i_POLICYQUALINFO;
++               POLICYQUALINFO_free;
++               i2d_USERNOTICE;
++               USERNOTICE_new;
++               d2i_USERNOTICE;
++               USERNOTICE_free;
++               i2d_NOTICEREF;
++               NOTICEREF_new;
++               d2i_NOTICEREF;
++               NOTICEREF_free;
++               X509V3_get_string;
++               X509V3_get_section;
++               X509V3_string_free;
++               X509V3_section_free;
++               X509V3_set_ctx;
++               s2i_ASN1_INTEGER;
++               CRYPTO_set_locked_mem_functions;
++               CRYPTO_get_locked_mem_functions;
++               CRYPTO_malloc_locked;
++               CRYPTO_free_locked;
++               BN_mod_exp2_mont;
++               ERR_get_error_line_data;
++               ERR_peek_error_line_data;
++               PKCS12_PBE_keyivgen;
++               X509_ALGOR_dup;
++               d2i_ASN1_SET_OF_DIST_POINT;
++               i2d_ASN1_SET_OF_DIST_POINT;
++               i2d_CRL_DIST_POINTS;
++               CRL_DIST_POINTS_new;
++               CRL_DIST_POINTS_free;
++               d2i_CRL_DIST_POINTS;
++               i2d_DIST_POINT;
++               DIST_POINT_new;
++               d2i_DIST_POINT;
++               DIST_POINT_free;
++               i2d_DIST_POINT_NAME;
++               DIST_POINT_NAME_new;
++               DIST_POINT_NAME_free;
++               d2i_DIST_POINT_NAME;
++               X509V3_add_value_uchar;
++               d2i_ASN1_SET_OF_X509_ATTRIBUTE;
++               i2d_ASN1_SET_OF_ASN1_TYPE;
++               d2i_ASN1_SET_OF_X509_EXTENSION;
++               d2i_ASN1_SET_OF_X509_NAME_ENTRY;
++               d2i_ASN1_SET_OF_ASN1_TYPE;
++               i2d_ASN1_SET_OF_X509_ATTRIBUTE;
++               i2d_ASN1_SET_OF_X509_EXTENSION;
++               i2d_ASN1_SET_OF_X509_NAME_ENTRY;
++               X509V3_EXT_i2d;
++               X509V3_EXT_val_prn;
++               X509V3_EXT_add_list;
++               EVP_CIPHER_type;
++               EVP_PBE_CipherInit;
++               X509V3_add_value_bool_nf;
++               d2i_ASN1_UINTEGER;
++               sk_value;
++               sk_num;
++               sk_set;
++               i2d_ASN1_SET_OF_X509_REVOKED;
++               sk_sort;
++               d2i_ASN1_SET_OF_X509_REVOKED;
++               i2d_ASN1_SET_OF_X509_ALGOR;
++               i2d_ASN1_SET_OF_X509_CRL;
++               d2i_ASN1_SET_OF_X509_ALGOR;
++               d2i_ASN1_SET_OF_X509_CRL;
++               i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO;
++               i2d_ASN1_SET_OF_PKCS7_RECIP_INFO;
++               d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO;
++               d2i_ASN1_SET_OF_PKCS7_RECIP_INFO;
++               PKCS5_PBE_add;
++               PEM_write_bio_PKCS8;
++               i2d_PKCS8_fp;
++               PEM_read_bio_PKCS8_PRIV_KEY_INFO;
++               PEM_read_bio_P8_PRIV_KEY_INFO;
++               d2i_PKCS8_bio;
++               d2i_PKCS8_PRIV_KEY_INFO_fp;
++               PEM_write_bio_PKCS8_PRIV_KEY_INFO;
++               PEM_write_bio_P8_PRIV_KEY_INFO;
++               PEM_read_PKCS8;
++               d2i_PKCS8_PRIV_KEY_INFO_bio;
++               d2i_PKCS8_fp;
++               PEM_write_PKCS8;
++               PEM_read_PKCS8_PRIV_KEY_INFO;
++               PEM_read_P8_PRIV_KEY_INFO;
++               PEM_read_bio_PKCS8;
++               PEM_write_PKCS8_PRIV_KEY_INFO;
++               PEM_write_P8_PRIV_KEY_INFO;
++               PKCS5_PBE_keyivgen;
++               i2d_PKCS8_bio;
++               i2d_PKCS8_PRIV_KEY_INFO_fp;
++               i2d_PKCS8_PRIV_KEY_INFO_bio;
++               BIO_s_bio;
++               PKCS5_pbe2_set;
++               PKCS5_PBKDF2_HMAC_SHA1;
++               PKCS5_v2_PBE_keyivgen;
++               PEM_write_bio_PKCS8PrivateKey;
++               PEM_write_PKCS8PrivateKey;
++               BIO_ctrl_get_read_request;
++               BIO_ctrl_pending;
++               BIO_ctrl_wpending;
++               BIO_new_bio_pair;
++               BIO_ctrl_get_write_guarantee;
++               CRYPTO_num_locks;
++               CONF_load_bio;
++               CONF_load_fp;
++               i2d_ASN1_SET_OF_ASN1_OBJECT;
++               d2i_ASN1_SET_OF_ASN1_OBJECT;
++               PKCS7_signatureVerify;
++               RSA_set_method;
++               RSA_get_method;
++               RSA_get_default_method;
++               RSA_check_key;
++               OBJ_obj2txt;
++               DSA_dup_DH;
++               X509_REQ_get_extensions;
++               X509_REQ_set_extension_nids;
++               BIO_nwrite;
++               X509_REQ_extension_nid;
++               BIO_nread;
++               X509_REQ_get_extension_nids;
++               BIO_nwrite0;
++               X509_REQ_add_extensions_nid;
++               BIO_nread0;
++               X509_REQ_add_extensions;
++               BIO_new_mem_buf;
++               DH_set_ex_data;
++               DH_set_method;
++               DSA_OpenSSL;
++               DH_get_ex_data;
++               DH_get_ex_new_index;
++               DSA_new_method;
++               DH_new_method;
++               DH_OpenSSL;
++               DSA_get_ex_new_index;
++               DH_get_default_method;
++               DSA_set_ex_data;
++               DH_set_default_method;
++               DSA_get_ex_data;
++               X509V3_EXT_REQ_add_conf;
++               NETSCAPE_SPKI_print;
++               NETSCAPE_SPKI_set_pubkey;
++               NETSCAPE_SPKI_b64_encode;
++               NETSCAPE_SPKI_get_pubkey;
++               NETSCAPE_SPKI_b64_decode;
++               UTF8_putc;
++               UTF8_getc;
++               RSA_null_method;
++               ASN1_tag2str;
++               BIO_ctrl_reset_read_request;
++               DISPLAYTEXT_new;
++               ASN1_GENERALIZEDTIME_free;
++               X509_REVOKED_get_ext_d2i;
++               X509_set_ex_data;
++               X509_reject_set_bit_asc;
++               X509_NAME_add_entry_by_txt;
++               X509_NAME_add_entry_by_NID;
++               X509_PURPOSE_get0;
++               PEM_read_X509_AUX;
++               d2i_AUTHORITY_INFO_ACCESS;
++               PEM_write_PUBKEY;
++               ACCESS_DESCRIPTION_new;
++               X509_CERT_AUX_free;
++               d2i_ACCESS_DESCRIPTION;
++               X509_trust_clear;
++               X509_TRUST_add;
++               ASN1_VISIBLESTRING_new;
++               X509_alias_set1;
++               ASN1_PRINTABLESTRING_free;
++               EVP_PKEY_get1_DSA;
++               ASN1_BMPSTRING_new;
++               ASN1_mbstring_copy;
++               ASN1_UTF8STRING_new;
++               DSA_get_default_method;
++               i2d_ASN1_SET_OF_ACCESS_DESCRIPTION;
++               ASN1_T61STRING_free;
++               DSA_set_method;
++               X509_get_ex_data;
++               ASN1_STRING_type;
++               X509_PURPOSE_get_by_sname;
++               ASN1_TIME_free;
++               ASN1_OCTET_STRING_cmp;
++               ASN1_BIT_STRING_new;
++               X509_get_ext_d2i;
++               PEM_read_bio_X509_AUX;
++               ASN1_STRING_set_default_mask_asc;
++               ASN1_STRING_set_def_mask_asc;
++               PEM_write_bio_RSA_PUBKEY;
++               ASN1_INTEGER_cmp;
++               d2i_RSA_PUBKEY_fp;
++               X509_trust_set_bit_asc;
++               PEM_write_bio_DSA_PUBKEY;
++               X509_STORE_CTX_free;
++               EVP_PKEY_set1_DSA;
++               i2d_DSA_PUBKEY_fp;
++               X509_load_cert_crl_file;
++               ASN1_TIME_new;
++               i2d_RSA_PUBKEY;
++               X509_STORE_CTX_purpose_inherit;
++               PEM_read_RSA_PUBKEY;
++               d2i_X509_AUX;
++               i2d_DSA_PUBKEY;
++               X509_CERT_AUX_print;
++               PEM_read_DSA_PUBKEY;
++               i2d_RSA_PUBKEY_bio;
++               ASN1_BIT_STRING_num_asc;
++               i2d_PUBKEY;
++               ASN1_UTCTIME_free;
++               DSA_set_default_method;
++               X509_PURPOSE_get_by_id;
++               ACCESS_DESCRIPTION_free;
++               PEM_read_bio_PUBKEY;
++               ASN1_STRING_set_by_NID;
++               X509_PURPOSE_get_id;
++               DISPLAYTEXT_free;
++               OTHERNAME_new;
++               X509_CERT_AUX_new;
++               X509_TRUST_cleanup;
++               X509_NAME_add_entry_by_OBJ;
++               X509_CRL_get_ext_d2i;
++               X509_PURPOSE_get0_name;
++               PEM_read_PUBKEY;
++               i2d_DSA_PUBKEY_bio;
++               i2d_OTHERNAME;
++               ASN1_OCTET_STRING_free;
++               ASN1_BIT_STRING_set_asc;
++               X509_get_ex_new_index;
++               ASN1_STRING_TABLE_cleanup;
++               X509_TRUST_get_by_id;
++               X509_PURPOSE_get_trust;
++               ASN1_STRING_length;
++               d2i_ASN1_SET_OF_ACCESS_DESCRIPTION;
++               ASN1_PRINTABLESTRING_new;
++               X509V3_get_d2i;
++               ASN1_ENUMERATED_free;
++               i2d_X509_CERT_AUX;
++               X509_STORE_CTX_set_trust;
++               ASN1_STRING_set_default_mask;
++               X509_STORE_CTX_new;
++               EVP_PKEY_get1_RSA;
++               DIRECTORYSTRING_free;
++               PEM_write_X509_AUX;
++               ASN1_OCTET_STRING_set;
++               d2i_DSA_PUBKEY_fp;
++               d2i_RSA_PUBKEY;
++               X509_TRUST_get0_name;
++               X509_TRUST_get0;
++               AUTHORITY_INFO_ACCESS_free;
++               ASN1_IA5STRING_new;
++               d2i_DSA_PUBKEY;
++               X509_check_purpose;
++               ASN1_ENUMERATED_new;
++               d2i_RSA_PUBKEY_bio;
++               d2i_PUBKEY;
++               X509_TRUST_get_trust;
++               X509_TRUST_get_flags;
++               ASN1_BMPSTRING_free;
++               ASN1_T61STRING_new;
++               ASN1_UTCTIME_new;
++               i2d_AUTHORITY_INFO_ACCESS;
++               EVP_PKEY_set1_RSA;
++               X509_STORE_CTX_set_purpose;
++               ASN1_IA5STRING_free;
++               PEM_write_bio_X509_AUX;
++               X509_PURPOSE_get_count;
++               CRYPTO_add_info;
++               X509_NAME_ENTRY_create_by_txt;
++               ASN1_STRING_get_default_mask;
++               X509_alias_get0;
++               ASN1_STRING_data;
++               i2d_ACCESS_DESCRIPTION;
++               X509_trust_set_bit;
++               ASN1_BIT_STRING_free;
++               PEM_read_bio_RSA_PUBKEY;
++               X509_add1_reject_object;
++               X509_check_trust;
++               PEM_read_bio_DSA_PUBKEY;
++               X509_PURPOSE_add;
++               ASN1_STRING_TABLE_get;
++               ASN1_UTF8STRING_free;
++               d2i_DSA_PUBKEY_bio;
++               PEM_write_RSA_PUBKEY;
++               d2i_OTHERNAME;
++               X509_reject_set_bit;
++               PEM_write_DSA_PUBKEY;
++               X509_PURPOSE_get0_sname;
++               EVP_PKEY_set1_DH;
++               ASN1_OCTET_STRING_dup;
++               ASN1_BIT_STRING_set;
++               X509_TRUST_get_count;
++               ASN1_INTEGER_free;
++               OTHERNAME_free;
++               i2d_RSA_PUBKEY_fp;
++               ASN1_INTEGER_dup;
++               d2i_X509_CERT_AUX;
++               PEM_write_bio_PUBKEY;
++               ASN1_VISIBLESTRING_free;
++               X509_PURPOSE_cleanup;
++               ASN1_mbstring_ncopy;
++               ASN1_GENERALIZEDTIME_new;
++               EVP_PKEY_get1_DH;
++               ASN1_OCTET_STRING_new;
++               ASN1_INTEGER_new;
++               i2d_X509_AUX;
++               ASN1_BIT_STRING_name_print;
++               X509_cmp;
++               ASN1_STRING_length_set;
++               DIRECTORYSTRING_new;
++               X509_add1_trust_object;
++               PKCS12_newpass;
++               SMIME_write_PKCS7;
++               SMIME_read_PKCS7;
++               DES_set_key_checked;
++               PKCS7_verify;
++               PKCS7_encrypt;
++               DES_set_key_unchecked;
++               SMIME_crlf_copy;
++               i2d_ASN1_PRINTABLESTRING;
++               PKCS7_get0_signers;
++               PKCS7_decrypt;
++               SMIME_text;
++               PKCS7_simple_smimecap;
++               PKCS7_get_smimecap;
++               PKCS7_sign;
++               PKCS7_add_attrib_smimecap;
++               CRYPTO_dbg_set_options;
++               CRYPTO_remove_all_info;
++               CRYPTO_get_mem_debug_functions;
++               CRYPTO_is_mem_check_on;
++               CRYPTO_set_mem_debug_functions;
++               CRYPTO_pop_info;
++               CRYPTO_push_info_;
++               CRYPTO_set_mem_debug_options;
++               PEM_write_PKCS8PrivateKey_nid;
++               PEM_write_bio_PKCS8PrivateKey_nid;
++               PEM_write_bio_PKCS8PrivKey_nid;
++               d2i_PKCS8PrivateKey_bio;
++               ASN1_NULL_free;
++               d2i_ASN1_NULL;
++               ASN1_NULL_new;
++               i2d_PKCS8PrivateKey_bio;
++               i2d_PKCS8PrivateKey_fp;
++               i2d_ASN1_NULL;
++               i2d_PKCS8PrivateKey_nid_fp;
++               d2i_PKCS8PrivateKey_fp;
++               i2d_PKCS8PrivateKey_nid_bio;
++               i2d_PKCS8PrivateKeyInfo_fp;
++               i2d_PKCS8PrivateKeyInfo_bio;
++               PEM_cb;
++               i2d_PrivateKey_fp;
++               d2i_PrivateKey_bio;
++               d2i_PrivateKey_fp;
++               i2d_PrivateKey_bio;
++               X509_reject_clear;
++               X509_TRUST_set_default;
++               d2i_AutoPrivateKey;
++               X509_ATTRIBUTE_get0_type;
++               X509_ATTRIBUTE_set1_data;
++               X509at_get_attr;
++               X509at_get_attr_count;
++               X509_ATTRIBUTE_create_by_NID;
++               X509_ATTRIBUTE_set1_object;
++               X509_ATTRIBUTE_count;
++               X509_ATTRIBUTE_create_by_OBJ;
++               X509_ATTRIBUTE_get0_object;
++               X509at_get_attr_by_NID;
++               X509at_add1_attr;
++               X509_ATTRIBUTE_get0_data;
++               X509at_delete_attr;
++               X509at_get_attr_by_OBJ;
++               RAND_add;
++               BIO_number_written;
++               BIO_number_read;
++               X509_STORE_CTX_get1_chain;
++               ERR_load_RAND_strings;
++               RAND_pseudo_bytes;
++               X509_REQ_get_attr_by_NID;
++               X509_REQ_get_attr;
++               X509_REQ_add1_attr_by_NID;
++               X509_REQ_get_attr_by_OBJ;
++               X509at_add1_attr_by_NID;
++               X509_REQ_add1_attr_by_OBJ;
++               X509_REQ_get_attr_count;
++               X509_REQ_add1_attr;
++               X509_REQ_delete_attr;
++               X509at_add1_attr_by_OBJ;
++               X509_REQ_add1_attr_by_txt;
++               X509_ATTRIBUTE_create_by_txt;
++               X509at_add1_attr_by_txt;
++               BN_pseudo_rand;
++               BN_is_prime_fasttest;
++               BN_CTX_end;
++               BN_CTX_start;
++               BN_CTX_get;
++               EVP_PKEY2PKCS8_broken;
++               ASN1_STRING_TABLE_add;
++               CRYPTO_dbg_get_options;
++               AUTHORITY_INFO_ACCESS_new;
++               CRYPTO_get_mem_debug_options;
++               DES_crypt;
++               PEM_write_bio_X509_REQ_NEW;
++               PEM_write_X509_REQ_NEW;
++               BIO_callback_ctrl;
++               RAND_egd;
++               RAND_status;
++               bn_dump1;
++               DES_check_key_parity;
++               lh_num_items;
++               RAND_event;
++               DSO_new;
++               DSO_new_method;
++               DSO_free;
++               DSO_flags;
++               DSO_up;
++               DSO_set_default_method;
++               DSO_get_default_method;
++               DSO_get_method;
++               DSO_set_method;
++               DSO_load;
++               DSO_bind_var;
++               DSO_METHOD_null;
++               DSO_METHOD_openssl;
++               DSO_METHOD_dlfcn;
++               DSO_METHOD_win32;
++               ERR_load_DSO_strings;
++               DSO_METHOD_dl;
++               NCONF_load;
++               NCONF_load_fp;
++               NCONF_new;
++               NCONF_get_string;
++               NCONF_free;
++               NCONF_get_number;
++               CONF_dump_fp;
++               NCONF_load_bio;
++               NCONF_dump_fp;
++               NCONF_get_section;
++               NCONF_dump_bio;
++               CONF_dump_bio;
++               NCONF_free_data;
++               CONF_set_default_method;
++               ERR_error_string_n;
++               BIO_snprintf;
++               DSO_ctrl;
++               i2d_ASN1_SET_OF_ASN1_INTEGER;
++               i2d_ASN1_SET_OF_PKCS12_SAFEBAG;
++               i2d_ASN1_SET_OF_PKCS7;
++               BIO_vfree;
++               d2i_ASN1_SET_OF_ASN1_INTEGER;
++               d2i_ASN1_SET_OF_PKCS12_SAFEBAG;
++               ASN1_UTCTIME_get;
++               X509_REQ_digest;
++               X509_CRL_digest;
++               d2i_ASN1_SET_OF_PKCS7;
++               EVP_CIPHER_CTX_set_key_length;
++               EVP_CIPHER_CTX_ctrl;
++               BN_mod_exp_mont_word;
++               RAND_egd_bytes;
++               X509_REQ_get1_email;
++               X509_get1_email;
++               X509_email_free;
++               i2d_RSA_NET;
++               d2i_RSA_NET_2;
++               d2i_RSA_NET;
++               DSO_bind_func;
++               CRYPTO_get_new_dynlockid;
++               sk_new_null;
++               CRYPTO_set_dynlock_destroy_callback;
++               CRYPTO_set_dynlock_destroy_cb;
++               CRYPTO_destroy_dynlockid;
++               CRYPTO_set_dynlock_size;
++               CRYPTO_set_dynlock_create_callback;
++               CRYPTO_set_dynlock_create_cb;
++               CRYPTO_set_dynlock_lock_callback;
++               CRYPTO_set_dynlock_lock_cb;
++               CRYPTO_get_dynlock_lock_callback;
++               CRYPTO_get_dynlock_lock_cb;
++               CRYPTO_get_dynlock_destroy_callback;
++               CRYPTO_get_dynlock_destroy_cb;
++               CRYPTO_get_dynlock_value;
++               CRYPTO_get_dynlock_create_callback;
++               CRYPTO_get_dynlock_create_cb;
++               c2i_ASN1_BIT_STRING;
++               i2c_ASN1_BIT_STRING;
++               RAND_poll;
++               c2i_ASN1_INTEGER;
++               i2c_ASN1_INTEGER;
++               BIO_dump_indent;
++               ASN1_parse_dump;
++               c2i_ASN1_OBJECT;
++               X509_NAME_print_ex_fp;
++               ASN1_STRING_print_ex_fp;
++               X509_NAME_print_ex;
++               ASN1_STRING_print_ex;
++               MD4;
++               MD4_Transform;
++               MD4_Final;
++               MD4_Update;
++               MD4_Init;
++               EVP_md4;
++               i2d_PUBKEY_bio;
++               i2d_PUBKEY_fp;
++               d2i_PUBKEY_bio;
++               ASN1_STRING_to_UTF8;
++               BIO_vprintf;
++               BIO_vsnprintf;
++               d2i_PUBKEY_fp;
++               X509_cmp_time;
++               X509_STORE_CTX_set_time;
++               X509_STORE_CTX_get1_issuer;
++               X509_OBJECT_retrieve_match;
++               X509_OBJECT_idx_by_subject;
++               X509_STORE_CTX_set_flags;
++               X509_STORE_CTX_trusted_stack;
++               X509_time_adj;
++               X509_check_issued;
++               ASN1_UTCTIME_cmp_time_t;
++               DES_set_weak_key_flag;
++               DES_check_key;
++               DES_rw_mode;
++               RSA_PKCS1_RSAref;
++               X509_keyid_set1;
++               BIO_next;
++               DSO_METHOD_vms;
++               BIO_f_linebuffer;
++               BN_bntest_rand;
++               OPENSSL_issetugid;
++               BN_rand_range;
++               ERR_load_ENGINE_strings;
++               ENGINE_set_DSA;
++               ENGINE_get_finish_function;
++               ENGINE_get_default_RSA;
++               ENGINE_get_BN_mod_exp;
++               DSA_get_default_openssl_method;
++               ENGINE_set_DH;
++               ENGINE_set_def_BN_mod_exp_crt;
++               ENGINE_set_default_BN_mod_exp_crt;
++               ENGINE_init;
++               DH_get_default_openssl_method;
++               RSA_set_default_openssl_method;
++               ENGINE_finish;
++               ENGINE_load_public_key;
++               ENGINE_get_DH;
++               ENGINE_ctrl;
++               ENGINE_get_init_function;
++               ENGINE_set_init_function;
++               ENGINE_set_default_DSA;
++               ENGINE_get_name;
++               ENGINE_get_last;
++               ENGINE_get_prev;
++               ENGINE_get_default_DH;
++               ENGINE_get_RSA;
++               ENGINE_set_default;
++               ENGINE_get_RAND;
++               ENGINE_get_first;
++               ENGINE_by_id;
++               ENGINE_set_finish_function;
++               ENGINE_get_def_BN_mod_exp_crt;
++               ENGINE_get_default_BN_mod_exp_crt;
++               RSA_get_default_openssl_method;
++               ENGINE_set_RSA;
++               ENGINE_load_private_key;
++               ENGINE_set_default_RAND;
++               ENGINE_set_BN_mod_exp;
++               ENGINE_remove;
++               ENGINE_free;
++               ENGINE_get_BN_mod_exp_crt;
++               ENGINE_get_next;
++               ENGINE_set_name;
++               ENGINE_get_default_DSA;
++               ENGINE_set_default_BN_mod_exp;
++               ENGINE_set_default_RSA;
++               ENGINE_get_default_RAND;
++               ENGINE_get_default_BN_mod_exp;
++               ENGINE_set_RAND;
++               ENGINE_set_id;
++               ENGINE_set_BN_mod_exp_crt;
++               ENGINE_set_default_DH;
++               ENGINE_new;
++               ENGINE_get_id;
++               DSA_set_default_openssl_method;
++               ENGINE_add;
++               DH_set_default_openssl_method;
++               ENGINE_get_DSA;
++               ENGINE_get_ctrl_function;
++               ENGINE_set_ctrl_function;
++               BN_pseudo_rand_range;
++               X509_STORE_CTX_set_verify_cb;
++               ERR_load_COMP_strings;
++               PKCS12_item_decrypt_d2i;
++               ASN1_UTF8STRING_it;
++               ASN1_UTF8STRING_it;
++               ENGINE_unregister_ciphers;
++               ENGINE_get_ciphers;
++               d2i_OCSP_BASICRESP;
++               KRB5_CHECKSUM_it;
++               KRB5_CHECKSUM_it;
++               EC_POINT_add;
++               ASN1_item_ex_i2d;
++               OCSP_CERTID_it;
++               OCSP_CERTID_it;
++               d2i_OCSP_RESPBYTES;
++               X509V3_add1_i2d;
++               PKCS7_ENVELOPE_it;
++               PKCS7_ENVELOPE_it;
++               UI_add_input_boolean;
++               ENGINE_unregister_RSA;
++               X509V3_EXT_nconf;
++               ASN1_GENERALSTRING_free;
++               d2i_OCSP_CERTSTATUS;
++               X509_REVOKED_set_serialNumber;
++               X509_print_ex;
++               OCSP_ONEREQ_get1_ext_d2i;
++               ENGINE_register_all_RAND;
++               ENGINE_load_dynamic;
++               PBKDF2PARAM_it;
++               PBKDF2PARAM_it;
++               EXTENDED_KEY_USAGE_new;
++               EC_GROUP_clear_free;
++               OCSP_sendreq_bio;
++               ASN1_item_digest;
++               OCSP_BASICRESP_delete_ext;
++               OCSP_SIGNATURE_it;
++               OCSP_SIGNATURE_it;
++               X509_CRL_it;
++               X509_CRL_it;
++               OCSP_BASICRESP_add_ext;
++               KRB5_ENCKEY_it;
++               KRB5_ENCKEY_it;
++               UI_method_set_closer;
++               X509_STORE_set_purpose;
++               i2d_ASN1_GENERALSTRING;
++               OCSP_response_status;
++               i2d_OCSP_SERVICELOC;
++               ENGINE_get_digest_engine;
++               EC_GROUP_set_curve_GFp;
++               OCSP_REQUEST_get_ext_by_OBJ;
++               _ossl_old_des_random_key;
++               ASN1_T61STRING_it;
++               ASN1_T61STRING_it;
++               EC_GROUP_method_of;
++               i2d_KRB5_APREQ;
++               _ossl_old_des_encrypt;
++               ASN1_PRINTABLE_new;
++               HMAC_Init_ex;
++               d2i_KRB5_AUTHENT;
++               OCSP_archive_cutoff_new;
++               EC_POINT_set_Jprojective_coordinates_GFp;
++               EC_POINT_set_Jproj_coords_GFp;
++               _ossl_old_des_is_weak_key;
++               OCSP_BASICRESP_get_ext_by_OBJ;
++               EC_POINT_oct2point;
++               OCSP_SINGLERESP_get_ext_count;
++               UI_ctrl;
++               _shadow_DES_rw_mode;
++               _shadow_DES_rw_mode;
++               asn1_do_adb;
++               ASN1_template_i2d;
++               ENGINE_register_DH;
++               UI_construct_prompt;
++               X509_STORE_set_trust;
++               UI_dup_input_string;
++               d2i_KRB5_APREQ;
++               EVP_MD_CTX_copy_ex;
++               OCSP_request_is_signed;
++               i2d_OCSP_REQINFO;
++               KRB5_ENCKEY_free;
++               OCSP_resp_get0;
++               GENERAL_NAME_it;
++               GENERAL_NAME_it;
++               ASN1_GENERALIZEDTIME_it;
++               ASN1_GENERALIZEDTIME_it;
++               X509_STORE_set_flags;
++               EC_POINT_set_compressed_coordinates_GFp;
++               EC_POINT_set_compr_coords_GFp;
++               OCSP_response_status_str;
++               d2i_OCSP_REVOKEDINFO;
++               OCSP_basic_add1_cert;
++               ERR_get_implementation;
++               EVP_CipherFinal_ex;
++               OCSP_CERTSTATUS_new;
++               CRYPTO_cleanup_all_ex_data;
++               OCSP_resp_find;
++               BN_nnmod;
++               X509_CRL_sort;
++               X509_REVOKED_set_revocationDate;
++               ENGINE_register_RAND;
++               OCSP_SERVICELOC_new;
++               EC_POINT_set_affine_coordinates_GFp;
++               EC_POINT_set_affine_coords_GFp;
++               _ossl_old_des_options;
++               SXNET_it;
++               SXNET_it;
++               UI_dup_input_boolean;
++               PKCS12_add_CSPName_asc;
++               EC_POINT_is_at_infinity;
++               ENGINE_load_cryptodev;
++               DSO_convert_filename;
++               POLICYQUALINFO_it;
++               POLICYQUALINFO_it;
++               ENGINE_register_ciphers;
++               BN_mod_lshift_quick;
++               DSO_set_filename;
++               ASN1_item_free;
++               KRB5_TKTBODY_free;
++               AUTHORITY_KEYID_it;
++               AUTHORITY_KEYID_it;
++               KRB5_APREQBODY_new;
++               X509V3_EXT_REQ_add_nconf;
++               ENGINE_ctrl_cmd_string;
++               i2d_OCSP_RESPDATA;
++               EVP_MD_CTX_init;
++               EXTENDED_KEY_USAGE_free;
++               PKCS7_ATTR_SIGN_it;
++               PKCS7_ATTR_SIGN_it;
++               UI_add_error_string;
++               KRB5_CHECKSUM_free;
++               OCSP_REQUEST_get_ext;
++               ENGINE_load_ubsec;
++               ENGINE_register_all_digests;
++               PKEY_USAGE_PERIOD_it;
++               PKEY_USAGE_PERIOD_it;
++               PKCS12_unpack_authsafes;
++               ASN1_item_unpack;
++               NETSCAPE_SPKAC_it;
++               NETSCAPE_SPKAC_it;
++               X509_REVOKED_it;
++               X509_REVOKED_it;
++               ASN1_STRING_encode;
++               EVP_aes_128_ecb;
++               KRB5_AUTHENT_free;
++               OCSP_BASICRESP_get_ext_by_critical;
++               OCSP_BASICRESP_get_ext_by_crit;
++               OCSP_cert_status_str;
++               d2i_OCSP_REQUEST;
++               UI_dup_info_string;
++               _ossl_old_des_xwhite_in2out;
++               PKCS12_it;
++               PKCS12_it;
++               OCSP_SINGLERESP_get_ext_by_critical;
++               OCSP_SINGLERESP_get_ext_by_crit;
++               OCSP_CERTSTATUS_free;
++               _ossl_old_des_crypt;
++               ASN1_item_i2d;
++               EVP_DecryptFinal_ex;
++               ENGINE_load_openssl;
++               ENGINE_get_cmd_defns;
++               ENGINE_set_load_privkey_function;
++               ENGINE_set_load_privkey_fn;
++               EVP_EncryptFinal_ex;
++               ENGINE_set_default_digests;
++               X509_get0_pubkey_bitstr;
++               asn1_ex_i2c;
++               ENGINE_register_RSA;
++               ENGINE_unregister_DSA;
++               _ossl_old_des_key_sched;
++               X509_EXTENSION_it;
++               X509_EXTENSION_it;
++               i2d_KRB5_AUTHENT;
++               SXNETID_it;
++               SXNETID_it;
++               d2i_OCSP_SINGLERESP;
++               EDIPARTYNAME_new;
++               PKCS12_certbag2x509;
++               _ossl_old_des_ofb64_encrypt;
++               d2i_EXTENDED_KEY_USAGE;
++               ERR_print_errors_cb;
++               ENGINE_set_ciphers;
++               d2i_KRB5_APREQBODY;
++               UI_method_get_flusher;
++               X509_PUBKEY_it;
++               X509_PUBKEY_it;
++               _ossl_old_des_enc_read;
++               PKCS7_ENCRYPT_it;
++               PKCS7_ENCRYPT_it;
++               i2d_OCSP_RESPONSE;
++               EC_GROUP_get_cofactor;
++               PKCS12_unpack_p7data;
++               d2i_KRB5_AUTHDATA;
++               OCSP_copy_nonce;
++               KRB5_AUTHDATA_new;
++               OCSP_RESPDATA_new;
++               EC_GFp_mont_method;
++               OCSP_REVOKEDINFO_free;
++               UI_get_ex_data;
++               KRB5_APREQBODY_free;
++               EC_GROUP_get0_generator;
++               UI_get_default_method;
++               X509V3_set_nconf;
++               PKCS12_item_i2d_encrypt;
++               X509_add1_ext_i2d;
++               PKCS7_SIGNER_INFO_it;
++               PKCS7_SIGNER_INFO_it;
++               KRB5_PRINCNAME_new;
++               PKCS12_SAFEBAG_it;
++               PKCS12_SAFEBAG_it;
++               EC_GROUP_get_order;
++               d2i_OCSP_RESPID;
++               OCSP_request_verify;
++               NCONF_get_number_e;
++               _ossl_old_des_decrypt3;
++               X509_signature_print;
++               OCSP_SINGLERESP_free;
++               ENGINE_load_builtin_engines;
++               i2d_OCSP_ONEREQ;
++               OCSP_REQUEST_add_ext;
++               OCSP_RESPBYTES_new;
++               EVP_MD_CTX_create;
++               OCSP_resp_find_status;
++               X509_ALGOR_it;
++               X509_ALGOR_it;
++               ASN1_TIME_it;
++               ASN1_TIME_it;
++               OCSP_request_set1_name;
++               OCSP_ONEREQ_get_ext_count;
++               UI_get0_result;
++               PKCS12_AUTHSAFES_it;
++               PKCS12_AUTHSAFES_it;
++               EVP_aes_256_ecb;
++               PKCS12_pack_authsafes;
++               ASN1_IA5STRING_it;
++               ASN1_IA5STRING_it;
++               UI_get_input_flags;
++               EC_GROUP_set_generator;
++               _ossl_old_des_string_to_2keys;
++               OCSP_CERTID_free;
++               X509_CERT_AUX_it;
++               X509_CERT_AUX_it;
++               CERTIFICATEPOLICIES_it;
++               CERTIFICATEPOLICIES_it;
++               _ossl_old_des_ede3_cbc_encrypt;
++               RAND_set_rand_engine;
++               DSO_get_loaded_filename;
++               X509_ATTRIBUTE_it;
++               X509_ATTRIBUTE_it;
++               OCSP_ONEREQ_get_ext_by_NID;
++               PKCS12_decrypt_skey;
++               KRB5_AUTHENT_it;
++               KRB5_AUTHENT_it;
++               UI_dup_error_string;
++               RSAPublicKey_it;
++               RSAPublicKey_it;
++               i2d_OCSP_REQUEST;
++               PKCS12_x509crl2certbag;
++               OCSP_SERVICELOC_it;
++               OCSP_SERVICELOC_it;
++               ASN1_item_sign;
++               X509_CRL_set_issuer_name;
++               OBJ_NAME_do_all_sorted;
++               i2d_OCSP_BASICRESP;
++               i2d_OCSP_RESPBYTES;
++               PKCS12_unpack_p7encdata;
++               HMAC_CTX_init;
++               ENGINE_get_digest;
++               OCSP_RESPONSE_print;
++               KRB5_TKTBODY_it;
++               KRB5_TKTBODY_it;
++               ACCESS_DESCRIPTION_it;
++               ACCESS_DESCRIPTION_it;
++               PKCS7_ISSUER_AND_SERIAL_it;
++               PKCS7_ISSUER_AND_SERIAL_it;
++               PBE2PARAM_it;
++               PBE2PARAM_it;
++               PKCS12_certbag2x509crl;
++               PKCS7_SIGNED_it;
++               PKCS7_SIGNED_it;
++               ENGINE_get_cipher;
++               i2d_OCSP_CRLID;
++               OCSP_SINGLERESP_new;
++               ENGINE_cmd_is_executable;
++               RSA_up_ref;
++               ASN1_GENERALSTRING_it;
++               ASN1_GENERALSTRING_it;
++               ENGINE_register_DSA;
++               X509V3_EXT_add_nconf_sk;
++               ENGINE_set_load_pubkey_function;
++               PKCS8_decrypt;
++               PEM_bytes_read_bio;
++               DIRECTORYSTRING_it;
++               DIRECTORYSTRING_it;
++               d2i_OCSP_CRLID;
++               EC_POINT_is_on_curve;
++               CRYPTO_set_locked_mem_ex_functions;
++               CRYPTO_set_locked_mem_ex_funcs;
++               d2i_KRB5_CHECKSUM;
++               ASN1_item_dup;
++               X509_it;
++               X509_it;
++               BN_mod_add;
++               KRB5_AUTHDATA_free;
++               _ossl_old_des_cbc_cksum;
++               ASN1_item_verify;
++               CRYPTO_set_mem_ex_functions;
++               EC_POINT_get_Jprojective_coordinates_GFp;
++               EC_POINT_get_Jproj_coords_GFp;
++               ZLONG_it;
++               ZLONG_it;
++               CRYPTO_get_locked_mem_ex_functions;
++               CRYPTO_get_locked_mem_ex_funcs;
++               ASN1_TIME_check;
++               UI_get0_user_data;
++               HMAC_CTX_cleanup;
++               DSA_up_ref;
++               _ossl_old_des_ede3_cfb64_encrypt;
++               _ossl_odes_ede3_cfb64_encrypt;
++               ASN1_BMPSTRING_it;
++               ASN1_BMPSTRING_it;
++               ASN1_tag2bit;
++               UI_method_set_flusher;
++               X509_ocspid_print;
++               KRB5_ENCDATA_it;
++               KRB5_ENCDATA_it;
++               ENGINE_get_load_pubkey_function;
++               UI_add_user_data;
++               OCSP_REQUEST_delete_ext;
++               UI_get_method;
++               OCSP_ONEREQ_free;
++               ASN1_PRINTABLESTRING_it;
++               ASN1_PRINTABLESTRING_it;
++               X509_CRL_set_nextUpdate;
++               OCSP_REQUEST_it;
++               OCSP_REQUEST_it;
++               OCSP_BASICRESP_it;
++               OCSP_BASICRESP_it;
++               AES_ecb_encrypt;
++               BN_mod_sqr;
++               NETSCAPE_CERT_SEQUENCE_it;
++               NETSCAPE_CERT_SEQUENCE_it;
++               GENERAL_NAMES_it;
++               GENERAL_NAMES_it;
++               AUTHORITY_INFO_ACCESS_it;
++               AUTHORITY_INFO_ACCESS_it;
++               ASN1_FBOOLEAN_it;
++               ASN1_FBOOLEAN_it;
++               UI_set_ex_data;
++               _ossl_old_des_string_to_key;
++               ENGINE_register_all_RSA;
++               d2i_KRB5_PRINCNAME;
++               OCSP_RESPBYTES_it;
++               OCSP_RESPBYTES_it;
++               X509_CINF_it;
++               X509_CINF_it;
++               ENGINE_unregister_digests;
++               d2i_EDIPARTYNAME;
++               d2i_OCSP_SERVICELOC;
++               ENGINE_get_digests;
++               _ossl_old_des_set_odd_parity;
++               OCSP_RESPDATA_free;
++               d2i_KRB5_TICKET;
++               OTHERNAME_it;
++               OTHERNAME_it;
++               EVP_MD_CTX_cleanup;
++               d2i_ASN1_GENERALSTRING;
++               X509_CRL_set_version;
++               BN_mod_sub;
++               OCSP_SINGLERESP_get_ext_by_NID;
++               ENGINE_get_ex_new_index;
++               OCSP_REQUEST_free;
++               OCSP_REQUEST_add1_ext_i2d;
++               X509_VAL_it;
++               X509_VAL_it;
++               EC_POINTs_make_affine;
++               EC_POINT_mul;
++               X509V3_EXT_add_nconf;
++               X509_TRUST_set;
++               X509_CRL_add1_ext_i2d;
++               _ossl_old_des_fcrypt;
++               DISPLAYTEXT_it;
++               DISPLAYTEXT_it;
++               X509_CRL_set_lastUpdate;
++               OCSP_BASICRESP_free;
++               OCSP_BASICRESP_add1_ext_i2d;
++               d2i_KRB5_AUTHENTBODY;
++               CRYPTO_set_ex_data_implementation;
++               CRYPTO_set_ex_data_impl;
++               KRB5_ENCDATA_new;
++               DSO_up_ref;
++               OCSP_crl_reason_str;
++               UI_get0_result_string;
++               ASN1_GENERALSTRING_new;
++               X509_SIG_it;
++               X509_SIG_it;
++               ERR_set_implementation;
++               ERR_load_EC_strings;
++               UI_get0_action_string;
++               OCSP_ONEREQ_get_ext;
++               EC_POINT_method_of;
++               i2d_KRB5_APREQBODY;
++               _ossl_old_des_ecb3_encrypt;
++               CRYPTO_get_mem_ex_functions;
++               ENGINE_get_ex_data;
++               UI_destroy_method;
++               ASN1_item_i2d_bio;
++               OCSP_ONEREQ_get_ext_by_OBJ;
++               ASN1_primitive_new;
++               ASN1_PRINTABLE_it;
++               ASN1_PRINTABLE_it;
++               EVP_aes_192_ecb;
++               OCSP_SIGNATURE_new;
++               LONG_it;
++               LONG_it;
++               ASN1_VISIBLESTRING_it;
++               ASN1_VISIBLESTRING_it;
++               OCSP_SINGLERESP_add1_ext_i2d;
++               d2i_OCSP_CERTID;
++               ASN1_item_d2i_fp;
++               CRL_DIST_POINTS_it;
++               CRL_DIST_POINTS_it;
++               GENERAL_NAME_print;
++               OCSP_SINGLERESP_delete_ext;
++               PKCS12_SAFEBAGS_it;
++               PKCS12_SAFEBAGS_it;
++               d2i_OCSP_SIGNATURE;
++               OCSP_request_add1_nonce;
++               ENGINE_set_cmd_defns;
++               OCSP_SERVICELOC_free;
++               EC_GROUP_free;
++               ASN1_BIT_STRING_it;
++               ASN1_BIT_STRING_it;
++               X509_REQ_it;
++               X509_REQ_it;
++               _ossl_old_des_cbc_encrypt;
++               ERR_unload_strings;
++               PKCS7_SIGN_ENVELOPE_it;
++               PKCS7_SIGN_ENVELOPE_it;
++               EDIPARTYNAME_free;
++               OCSP_REQINFO_free;
++               EC_GROUP_new_curve_GFp;
++               OCSP_REQUEST_get1_ext_d2i;
++               PKCS12_item_pack_safebag;
++               asn1_ex_c2i;
++               ENGINE_register_digests;
++               i2d_OCSP_REVOKEDINFO;
++               asn1_enc_restore;
++               UI_free;
++               UI_new_method;
++               EVP_EncryptInit_ex;
++               X509_pubkey_digest;
++               EC_POINT_invert;
++               OCSP_basic_sign;
++               i2d_OCSP_RESPID;
++               OCSP_check_nonce;
++               ENGINE_ctrl_cmd;
++               d2i_KRB5_ENCKEY;
++               OCSP_parse_url;
++               OCSP_SINGLERESP_get_ext;
++               OCSP_CRLID_free;
++               OCSP_BASICRESP_get1_ext_d2i;
++               RSAPrivateKey_it;
++               RSAPrivateKey_it;
++               ENGINE_register_all_DH;
++               i2d_EDIPARTYNAME;
++               EC_POINT_get_affine_coordinates_GFp;
++               EC_POINT_get_affine_coords_GFp;
++               OCSP_CRLID_new;
++               ENGINE_get_flags;
++               OCSP_ONEREQ_it;
++               OCSP_ONEREQ_it;
++               UI_process;
++               ASN1_INTEGER_it;
++               ASN1_INTEGER_it;
++               EVP_CipherInit_ex;
++               UI_get_string_type;
++               ENGINE_unregister_DH;
++               ENGINE_register_all_DSA;
++               OCSP_ONEREQ_get_ext_by_critical;
++               bn_dup_expand;
++               OCSP_cert_id_new;
++               BASIC_CONSTRAINTS_it;
++               BASIC_CONSTRAINTS_it;
++               BN_mod_add_quick;
++               EC_POINT_new;
++               EVP_MD_CTX_destroy;
++               OCSP_RESPBYTES_free;
++               EVP_aes_128_cbc;
++               OCSP_SINGLERESP_get1_ext_d2i;
++               EC_POINT_free;
++               DH_up_ref;
++               X509_NAME_ENTRY_it;
++               X509_NAME_ENTRY_it;
++               UI_get_ex_new_index;
++               BN_mod_sub_quick;
++               OCSP_ONEREQ_add_ext;
++               OCSP_request_sign;
++               EVP_DigestFinal_ex;
++               ENGINE_set_digests;
++               OCSP_id_issuer_cmp;
++               OBJ_NAME_do_all;
++               EC_POINTs_mul;
++               ENGINE_register_complete;
++               X509V3_EXT_nconf_nid;
++               ASN1_SEQUENCE_it;
++               ASN1_SEQUENCE_it;
++               UI_set_default_method;
++               RAND_query_egd_bytes;
++               UI_method_get_writer;
++               UI_OpenSSL;
++               PEM_def_callback;
++               ENGINE_cleanup;
++               DIST_POINT_it;
++               DIST_POINT_it;
++               OCSP_SINGLERESP_it;
++               OCSP_SINGLERESP_it;
++               d2i_KRB5_TKTBODY;
++               EC_POINT_cmp;
++               OCSP_REVOKEDINFO_new;
++               i2d_OCSP_CERTSTATUS;
++               OCSP_basic_add1_nonce;
++               ASN1_item_ex_d2i;
++               BN_mod_lshift1_quick;
++               UI_set_method;
++               OCSP_id_get0_info;
++               BN_mod_sqrt;
++               EC_GROUP_copy;
++               KRB5_ENCDATA_free;
++               _ossl_old_des_cfb_encrypt;
++               OCSP_SINGLERESP_get_ext_by_OBJ;
++               OCSP_cert_to_id;
++               OCSP_RESPID_new;
++               OCSP_RESPDATA_it;
++               OCSP_RESPDATA_it;
++               d2i_OCSP_RESPDATA;
++               ENGINE_register_all_complete;
++               OCSP_check_validity;
++               PKCS12_BAGS_it;
++               PKCS12_BAGS_it;
++               OCSP_url_svcloc_new;
++               ASN1_template_free;
++               OCSP_SINGLERESP_add_ext;
++               KRB5_AUTHENTBODY_it;
++               KRB5_AUTHENTBODY_it;
++               X509_supported_extension;
++               i2d_KRB5_AUTHDATA;
++               UI_method_get_opener;
++               ENGINE_set_ex_data;
++               OCSP_REQUEST_print;
++               CBIGNUM_it;
++               CBIGNUM_it;
++               KRB5_TICKET_new;
++               KRB5_APREQ_new;
++               EC_GROUP_get_curve_GFp;
++               KRB5_ENCKEY_new;
++               ASN1_template_d2i;
++               _ossl_old_des_quad_cksum;
++               OCSP_single_get0_status;
++               BN_swap;
++               POLICYINFO_it;
++               POLICYINFO_it;
++               ENGINE_set_destroy_function;
++               asn1_enc_free;
++               OCSP_RESPID_it;
++               OCSP_RESPID_it;
++               EC_GROUP_new;
++               EVP_aes_256_cbc;
++               i2d_KRB5_PRINCNAME;
++               _ossl_old_des_encrypt2;
++               _ossl_old_des_encrypt3;
++               PKCS8_PRIV_KEY_INFO_it;
++               PKCS8_PRIV_KEY_INFO_it;
++               OCSP_REQINFO_it;
++               OCSP_REQINFO_it;
++               PBEPARAM_it;
++               PBEPARAM_it;
++               KRB5_AUTHENTBODY_new;
++               X509_CRL_add0_revoked;
++               EDIPARTYNAME_it;
++               EDIPARTYNAME_it;
++               NETSCAPE_SPKI_it;
++               NETSCAPE_SPKI_it;
++               UI_get0_test_string;
++               ENGINE_get_cipher_engine;
++               ENGINE_register_all_ciphers;
++               EC_POINT_copy;
++               BN_kronecker;
++               _ossl_old_des_ede3_ofb64_encrypt;
++               _ossl_odes_ede3_ofb64_encrypt;
++               UI_method_get_reader;
++               OCSP_BASICRESP_get_ext_count;
++               ASN1_ENUMERATED_it;
++               ASN1_ENUMERATED_it;
++               UI_set_result;
++               i2d_KRB5_TICKET;
++               X509_print_ex_fp;
++               EVP_CIPHER_CTX_set_padding;
++               d2i_OCSP_RESPONSE;
++               ASN1_UTCTIME_it;
++               ASN1_UTCTIME_it;
++               _ossl_old_des_enc_write;
++               OCSP_RESPONSE_new;
++               AES_set_encrypt_key;
++               OCSP_resp_count;
++               KRB5_CHECKSUM_new;
++               ENGINE_load_cswift;
++               OCSP_onereq_get0_id;
++               ENGINE_set_default_ciphers;
++               NOTICEREF_it;
++               NOTICEREF_it;
++               X509V3_EXT_CRL_add_nconf;
++               OCSP_REVOKEDINFO_it;
++               OCSP_REVOKEDINFO_it;
++               AES_encrypt;
++               OCSP_REQUEST_new;
++               ASN1_ANY_it;
++               ASN1_ANY_it;
++               CRYPTO_ex_data_new_class;
++               _ossl_old_des_ncbc_encrypt;
++               i2d_KRB5_TKTBODY;
++               EC_POINT_clear_free;
++               AES_decrypt;
++               asn1_enc_init;
++               UI_get_result_maxsize;
++               OCSP_CERTID_new;
++               ENGINE_unregister_RAND;
++               UI_method_get_closer;
++               d2i_KRB5_ENCDATA;
++               OCSP_request_onereq_count;
++               OCSP_basic_verify;
++               KRB5_AUTHENTBODY_free;
++               ASN1_item_d2i;
++               ASN1_primitive_free;
++               i2d_EXTENDED_KEY_USAGE;
++               i2d_OCSP_SIGNATURE;
++               asn1_enc_save;
++               ENGINE_load_nuron;
++               _ossl_old_des_pcbc_encrypt;
++               PKCS12_MAC_DATA_it;
++               PKCS12_MAC_DATA_it;
++               OCSP_accept_responses_new;
++               asn1_do_lock;
++               PKCS7_ATTR_VERIFY_it;
++               PKCS7_ATTR_VERIFY_it;
++               KRB5_APREQBODY_it;
++               KRB5_APREQBODY_it;
++               i2d_OCSP_SINGLERESP;
++               ASN1_item_ex_new;
++               UI_add_verify_string;
++               _ossl_old_des_set_key;
++               KRB5_PRINCNAME_it;
++               KRB5_PRINCNAME_it;
++               EVP_DecryptInit_ex;
++               i2d_OCSP_CERTID;
++               ASN1_item_d2i_bio;
++               EC_POINT_dbl;
++               asn1_get_choice_selector;
++               i2d_KRB5_CHECKSUM;
++               ENGINE_set_table_flags;
++               AES_options;
++               ENGINE_load_chil;
++               OCSP_id_cmp;
++               OCSP_BASICRESP_new;
++               OCSP_REQUEST_get_ext_by_NID;
++               KRB5_APREQ_it;
++               KRB5_APREQ_it;
++               ENGINE_get_destroy_function;
++               CONF_set_nconf;
++               ASN1_PRINTABLE_free;
++               OCSP_BASICRESP_get_ext_by_NID;
++               DIST_POINT_NAME_it;
++               DIST_POINT_NAME_it;
++               X509V3_extensions_print;
++               _ossl_old_des_cfb64_encrypt;
++               X509_REVOKED_add1_ext_i2d;
++               _ossl_old_des_ofb_encrypt;
++               KRB5_TKTBODY_new;
++               ASN1_OCTET_STRING_it;
++               ASN1_OCTET_STRING_it;
++               ERR_load_UI_strings;
++               i2d_KRB5_ENCKEY;
++               ASN1_template_new;
++               OCSP_SIGNATURE_free;
++               ASN1_item_i2d_fp;
++               KRB5_PRINCNAME_free;
++               PKCS7_RECIP_INFO_it;
++               PKCS7_RECIP_INFO_it;
++               EXTENDED_KEY_USAGE_it;
++               EXTENDED_KEY_USAGE_it;
++               EC_GFp_simple_method;
++               EC_GROUP_precompute_mult;
++               OCSP_request_onereq_get0;
++               UI_method_set_writer;
++               KRB5_AUTHENT_new;
++               X509_CRL_INFO_it;
++               X509_CRL_INFO_it;
++               DSO_set_name_converter;
++               AES_set_decrypt_key;
++               PKCS7_DIGEST_it;
++               PKCS7_DIGEST_it;
++               PKCS12_x5092certbag;
++               EVP_DigestInit_ex;
++               i2a_ACCESS_DESCRIPTION;
++               OCSP_RESPONSE_it;
++               OCSP_RESPONSE_it;
++               PKCS7_ENC_CONTENT_it;
++               PKCS7_ENC_CONTENT_it;
++               OCSP_request_add0_id;
++               EC_POINT_make_affine;
++               DSO_get_filename;
++               OCSP_CERTSTATUS_it;
++               OCSP_CERTSTATUS_it;
++               OCSP_request_add1_cert;
++               UI_get0_output_string;
++               UI_dup_verify_string;
++               BN_mod_lshift;
++               KRB5_AUTHDATA_it;
++               KRB5_AUTHDATA_it;
++               asn1_set_choice_selector;
++               OCSP_basic_add1_status;
++               OCSP_RESPID_free;
++               asn1_get_field_ptr;
++               UI_add_input_string;
++               OCSP_CRLID_it;
++               OCSP_CRLID_it;
++               i2d_KRB5_AUTHENTBODY;
++               OCSP_REQUEST_get_ext_count;
++               ENGINE_load_atalla;
++               X509_NAME_it;
++               X509_NAME_it;
++               USERNOTICE_it;
++               USERNOTICE_it;
++               OCSP_REQINFO_new;
++               OCSP_BASICRESP_get_ext;
++               CRYPTO_get_ex_data_implementation;
++               CRYPTO_get_ex_data_impl;
++               ASN1_item_pack;
++               i2d_KRB5_ENCDATA;
++               X509_PURPOSE_set;
++               X509_REQ_INFO_it;
++               X509_REQ_INFO_it;
++               UI_method_set_opener;
++               ASN1_item_ex_free;
++               ASN1_BOOLEAN_it;
++               ASN1_BOOLEAN_it;
++               ENGINE_get_table_flags;
++               UI_create_method;
++               OCSP_ONEREQ_add1_ext_i2d;
++               _shadow_DES_check_key;
++               _shadow_DES_check_key;
++               d2i_OCSP_REQINFO;
++               UI_add_info_string;
++               UI_get_result_minsize;
++               ASN1_NULL_it;
++               ASN1_NULL_it;
++               BN_mod_lshift1;
++               d2i_OCSP_ONEREQ;
++               OCSP_ONEREQ_new;
++               KRB5_TICKET_it;
++               KRB5_TICKET_it;
++               EVP_aes_192_cbc;
++               KRB5_TICKET_free;
++               UI_new;
++               OCSP_response_create;
++               _ossl_old_des_xcbc_encrypt;
++               PKCS7_it;
++               PKCS7_it;
++               OCSP_REQUEST_get_ext_by_critical;
++               OCSP_REQUEST_get_ext_by_crit;
++               ENGINE_set_flags;
++               _ossl_old_des_ecb_encrypt;
++               OCSP_response_get1_basic;
++               EVP_Digest;
++               OCSP_ONEREQ_delete_ext;
++               ASN1_TBOOLEAN_it;
++               ASN1_TBOOLEAN_it;
++               ASN1_item_new;
++               ASN1_TIME_to_generalizedtime;
++               BIGNUM_it;
++               BIGNUM_it;
++               AES_cbc_encrypt;
++               ENGINE_get_load_privkey_function;
++               ENGINE_get_load_privkey_fn;
++               OCSP_RESPONSE_free;
++               UI_method_set_reader;
++               i2d_ASN1_T61STRING;
++               EC_POINT_set_to_infinity;
++               ERR_load_OCSP_strings;
++               EC_POINT_point2oct;
++               KRB5_APREQ_free;
++               ASN1_OBJECT_it;
++               ASN1_OBJECT_it;
++               OCSP_crlID_new;
++               OCSP_crlID2_new;
++               CONF_modules_load_file;
++               CONF_imodule_set_usr_data;
++               ENGINE_set_default_string;
++               CONF_module_get_usr_data;
++               ASN1_add_oid_module;
++               CONF_modules_finish;
++               OPENSSL_config;
++               CONF_modules_unload;
++               CONF_imodule_get_value;
++               CONF_module_set_usr_data;
++               CONF_parse_list;
++               CONF_module_add;
++               CONF_get1_default_config_file;
++               CONF_imodule_get_flags;
++               CONF_imodule_get_module;
++               CONF_modules_load;
++               CONF_imodule_get_name;
++               ERR_peek_top_error;
++               CONF_imodule_get_usr_data;
++               CONF_imodule_set_flags;
++               ENGINE_add_conf_module;
++               ERR_peek_last_error_line;
++               ERR_peek_last_error_line_data;
++               ERR_peek_last_error;
++               DES_read_2passwords;
++               DES_read_password;
++               UI_UTIL_read_pw;
++               UI_UTIL_read_pw_string;
++               ENGINE_load_aep;
++               ENGINE_load_sureware;
++               OPENSSL_add_all_algorithms_noconf;
++               OPENSSL_add_all_algo_noconf;
++               OPENSSL_add_all_algorithms_conf;
++               OPENSSL_add_all_algo_conf;
++               OPENSSL_load_builtin_modules;
++               AES_ofb128_encrypt;
++               AES_ctr128_encrypt;
++               AES_cfb128_encrypt;
++               ENGINE_load_4758cca;
++               _ossl_096_des_random_seed;
++               EVP_aes_256_ofb;
++               EVP_aes_192_ofb;
++               EVP_aes_128_cfb128;
++               EVP_aes_256_cfb128;
++               EVP_aes_128_ofb;
++               EVP_aes_192_cfb128;
++               CONF_modules_free;
++               NCONF_default;
++               OPENSSL_no_config;
++               NCONF_WIN32;
++               ASN1_UNIVERSALSTRING_new;
++               EVP_des_ede_ecb;
++               i2d_ASN1_UNIVERSALSTRING;
++               ASN1_UNIVERSALSTRING_free;
++               ASN1_UNIVERSALSTRING_it;
++               ASN1_UNIVERSALSTRING_it;
++               d2i_ASN1_UNIVERSALSTRING;
++               EVP_des_ede3_ecb;
++               X509_REQ_print_ex;
++               ENGINE_up_ref;
++               BUF_MEM_grow_clean;
++               CRYPTO_realloc_clean;
++               BUF_strlcat;
++               BIO_indent;
++               BUF_strlcpy;
++               OpenSSLDie;
++               OPENSSL_cleanse;
++               ENGINE_setup_bsd_cryptodev;
++               ERR_release_err_state_table;
++               EVP_aes_128_cfb8;
++               FIPS_corrupt_rsa;
++               FIPS_selftest_des;
++               EVP_aes_128_cfb1;
++               EVP_aes_192_cfb8;
++               FIPS_mode_set;
++               FIPS_selftest_dsa;
++               EVP_aes_256_cfb8;
++               FIPS_allow_md5;
++               DES_ede3_cfb_encrypt;
++               EVP_des_ede3_cfb8;
++               FIPS_rand_seeded;
++               AES_cfbr_encrypt_block;
++               AES_cfb8_encrypt;
++               FIPS_rand_seed;
++               FIPS_corrupt_des;
++               EVP_aes_192_cfb1;
++               FIPS_selftest_aes;
++               FIPS_set_prng_key;
++               EVP_des_cfb8;
++               FIPS_corrupt_dsa;
++               FIPS_test_mode;
++               FIPS_rand_method;
++               EVP_aes_256_cfb1;
++               ERR_load_FIPS_strings;
++               FIPS_corrupt_aes;
++               FIPS_selftest_sha1;
++               FIPS_selftest_rsa;
++               FIPS_corrupt_sha1;
++               EVP_des_cfb1;
++               FIPS_dsa_check;
++               AES_cfb1_encrypt;
++               EVP_des_ede3_cfb1;
++               FIPS_rand_check;
++               FIPS_md5_allowed;
++               FIPS_mode;
++               FIPS_selftest_failed;
++               sk_is_sorted;
++               X509_check_ca;
++               HMAC_CTX_set_flags;
++               d2i_PROXY_CERT_INFO_EXTENSION;
++               PROXY_POLICY_it;
++               PROXY_POLICY_it;
++               i2d_PROXY_POLICY;
++               i2d_PROXY_CERT_INFO_EXTENSION;
++               d2i_PROXY_POLICY;
++               PROXY_CERT_INFO_EXTENSION_new;
++               PROXY_CERT_INFO_EXTENSION_free;
++               PROXY_CERT_INFO_EXTENSION_it;
++               PROXY_CERT_INFO_EXTENSION_it;
++               PROXY_POLICY_free;
++               PROXY_POLICY_new;
++               BN_MONT_CTX_set_locked;
++               FIPS_selftest_rng;
++               EVP_sha384;
++               EVP_sha512;
++               EVP_sha224;
++               EVP_sha256;
++               FIPS_selftest_hmac;
++               FIPS_corrupt_rng;
++               BN_mod_exp_mont_consttime;
++               RSA_X931_hash_id;
++               RSA_padding_check_X931;
++               RSA_verify_PKCS1_PSS;
++               RSA_padding_add_X931;
++               RSA_padding_add_PKCS1_PSS;
++               PKCS1_MGF1;
++               BN_X931_generate_Xpq;
++               RSA_X931_generate_key;
++               BN_X931_derive_prime;
++               BN_X931_generate_prime;
++               RSA_X931_derive;
++               BIO_new_dgram;
++               BN_get0_nist_prime_384;
++               ERR_set_mark;
++               X509_STORE_CTX_set0_crls;
++               ENGINE_set_STORE;
++               ENGINE_register_ECDSA;
++               STORE_meth_set_list_start_fn;
++               STORE_method_set_list_start_function;
++               BN_BLINDING_invert_ex;
++               NAME_CONSTRAINTS_free;
++               STORE_ATTR_INFO_set_number;
++               BN_BLINDING_get_thread_id;
++               X509_STORE_CTX_set0_param;
++               POLICY_MAPPING_it;
++               POLICY_MAPPING_it;
++               STORE_parse_attrs_start;
++               POLICY_CONSTRAINTS_free;
++               EVP_PKEY_add1_attr_by_NID;
++               BN_nist_mod_192;
++               EC_GROUP_get_trinomial_basis;
++               STORE_set_method;
++               GENERAL_SUBTREE_free;
++               NAME_CONSTRAINTS_it;
++               NAME_CONSTRAINTS_it;
++               ECDH_get_default_method;
++               PKCS12_add_safe;
++               EC_KEY_new_by_curve_name;
++               STORE_meth_get_update_store_fn;
++               STORE_method_get_update_store_function;
++               ENGINE_register_ECDH;
++               SHA512_Update;
++               i2d_ECPrivateKey;
++               BN_get0_nist_prime_192;
++               STORE_modify_certificate;
++               EC_POINT_set_affine_coordinates_GF2m;
++               EC_POINT_set_affine_coords_GF2m;
++               BN_GF2m_mod_exp_arr;
++               STORE_ATTR_INFO_modify_number;
++               X509_keyid_get0;
++               ENGINE_load_gmp;
++               pitem_new;
++               BN_GF2m_mod_mul_arr;
++               STORE_list_public_key_endp;
++               o2i_ECPublicKey;
++               EC_KEY_copy;
++               BIO_dump_fp;
++               X509_policy_node_get0_parent;
++               EC_GROUP_check_discriminant;
++               i2o_ECPublicKey;
++               EC_KEY_precompute_mult;
++               a2i_IPADDRESS;
++               STORE_meth_set_initialise_fn;
++               STORE_method_set_initialise_function;
++               X509_STORE_CTX_set_depth;
++               X509_VERIFY_PARAM_inherit;
++               EC_POINT_point2bn;
++               STORE_ATTR_INFO_set_dn;
++               X509_policy_tree_get0_policies;
++               EC_GROUP_new_curve_GF2m;
++               STORE_destroy_method;
++               ENGINE_unregister_STORE;
++               EVP_PKEY_get1_EC_KEY;
++               STORE_ATTR_INFO_get0_number;
++               ENGINE_get_default_ECDH;
++               EC_KEY_get_conv_form;
++               ASN1_OCTET_STRING_NDEF_it;
++               ASN1_OCTET_STRING_NDEF_it;
++               STORE_delete_public_key;
++               STORE_get_public_key;
++               STORE_modify_arbitrary;
++               ENGINE_get_static_state;
++               pqueue_iterator;
++               ECDSA_SIG_new;
++               OPENSSL_DIR_end;
++               BN_GF2m_mod_sqr;
++               EC_POINT_bn2point;
++               X509_VERIFY_PARAM_set_depth;
++               EC_KEY_set_asn1_flag;
++               STORE_get_method;
++               EC_KEY_get_key_method_data;
++               ECDSA_sign_ex;
++               STORE_parse_attrs_end;
++               EC_GROUP_get_point_conversion_form;
++               EC_GROUP_get_point_conv_form;
++               STORE_method_set_store_function;
++               STORE_ATTR_INFO_in;
++               PEM_read_bio_ECPKParameters;
++               EC_GROUP_get_pentanomial_basis;
++               EVP_PKEY_add1_attr_by_txt;
++               BN_BLINDING_set_flags;
++               X509_VERIFY_PARAM_set1_policies;
++               X509_VERIFY_PARAM_set1_name;
++               X509_VERIFY_PARAM_set_purpose;
++               STORE_get_number;
++               ECDSA_sign_setup;
++               BN_GF2m_mod_solve_quad_arr;
++               EC_KEY_up_ref;
++               POLICY_MAPPING_free;
++               BN_GF2m_mod_div;
++               X509_VERIFY_PARAM_set_flags;
++               EC_KEY_free;
++               STORE_meth_set_list_next_fn;
++               STORE_method_set_list_next_function;
++               PEM_write_bio_ECPrivateKey;
++               d2i_EC_PUBKEY;
++               STORE_meth_get_generate_fn;
++               STORE_method_get_generate_function;
++               STORE_meth_set_list_end_fn;
++               STORE_method_set_list_end_function;
++               pqueue_print;
++               EC_GROUP_have_precompute_mult;
++               EC_KEY_print_fp;
++               BN_GF2m_mod_arr;
++               PEM_write_bio_X509_CERT_PAIR;
++               EVP_PKEY_cmp;
++               X509_policy_level_node_count;
++               STORE_new_engine;
++               STORE_list_public_key_start;
++               X509_VERIFY_PARAM_new;
++               ECDH_get_ex_data;
++               EVP_PKEY_get_attr;
++               ECDSA_do_sign;
++               ENGINE_unregister_ECDH;
++               ECDH_OpenSSL;
++               EC_KEY_set_conv_form;
++               EC_POINT_dup;
++               GENERAL_SUBTREE_new;
++               STORE_list_crl_endp;
++               EC_get_builtin_curves;
++               X509_policy_node_get0_qualifiers;
++               X509_pcy_node_get0_qualifiers;
++               STORE_list_crl_end;
++               EVP_PKEY_set1_EC_KEY;
++               BN_GF2m_mod_sqrt_arr;
++               i2d_ECPrivateKey_bio;
++               ECPKParameters_print_fp;
++               pqueue_find;
++               ECDSA_SIG_free;
++               PEM_write_bio_ECPKParameters;
++               STORE_method_set_ctrl_function;
++               STORE_list_public_key_end;
++               EC_KEY_set_private_key;
++               pqueue_peek;
++               STORE_get_arbitrary;
++               STORE_store_crl;
++               X509_policy_node_get0_policy;
++               PKCS12_add_safes;
++               BN_BLINDING_convert_ex;
++               X509_policy_tree_free;
++               OPENSSL_ia32cap_loc;
++               BN_GF2m_poly2arr;
++               STORE_ctrl;
++               STORE_ATTR_INFO_compare;
++               BN_get0_nist_prime_224;
++               i2d_ECParameters;
++               i2d_ECPKParameters;
++               BN_GENCB_call;
++               d2i_ECPKParameters;
++               STORE_meth_set_generate_fn;
++               STORE_method_set_generate_function;
++               ENGINE_set_ECDH;
++               NAME_CONSTRAINTS_new;
++               SHA256_Init;
++               EC_KEY_get0_public_key;
++               PEM_write_bio_EC_PUBKEY;
++               STORE_ATTR_INFO_set_cstr;
++               STORE_list_crl_next;
++               STORE_ATTR_INFO_in_range;
++               ECParameters_print;
++               STORE_meth_set_delete_fn;
++               STORE_method_set_delete_function;
++               STORE_list_certificate_next;
++               ASN1_generate_nconf;
++               BUF_memdup;
++               BN_GF2m_mod_mul;
++               STORE_meth_get_list_next_fn;
++               STORE_method_get_list_next_function;
++               STORE_ATTR_INFO_get0_dn;
++               STORE_list_private_key_next;
++               EC_GROUP_set_seed;
++               X509_VERIFY_PARAM_set_trust;
++               STORE_ATTR_INFO_free;
++               STORE_get_private_key;
++               EVP_PKEY_get_attr_count;
++               STORE_ATTR_INFO_new;
++               EC_GROUP_get_curve_GF2m;
++               STORE_meth_set_revoke_fn;
++               STORE_method_set_revoke_function;
++               STORE_store_number;
++               BN_is_prime_ex;
++               STORE_revoke_public_key;
++               X509_STORE_CTX_get0_param;
++               STORE_delete_arbitrary;
++               PEM_read_X509_CERT_PAIR;
++               X509_STORE_set_depth;
++               ECDSA_get_ex_data;
++               SHA224;
++               BIO_dump_indent_fp;
++               EC_KEY_set_group;
++               BUF_strndup;
++               STORE_list_certificate_start;
++               BN_GF2m_mod;
++               X509_REQ_check_private_key;
++               EC_GROUP_get_seed_len;
++               ERR_load_STORE_strings;
++               PEM_read_bio_EC_PUBKEY;
++               STORE_list_private_key_end;
++               i2d_EC_PUBKEY;
++               ECDSA_get_default_method;
++               ASN1_put_eoc;
++               X509_STORE_CTX_get_explicit_policy;
++               X509_STORE_CTX_get_expl_policy;
++               X509_VERIFY_PARAM_table_cleanup;
++               STORE_modify_private_key;
++               X509_VERIFY_PARAM_free;
++               EC_METHOD_get_field_type;
++               EC_GFp_nist_method;
++               STORE_meth_set_modify_fn;
++               STORE_method_set_modify_function;
++               STORE_parse_attrs_next;
++               ENGINE_load_padlock;
++               EC_GROUP_set_curve_name;
++               X509_CERT_PAIR_it;
++               X509_CERT_PAIR_it;
++               STORE_meth_get_revoke_fn;
++               STORE_method_get_revoke_function;
++               STORE_method_set_get_function;
++               STORE_modify_number;
++               STORE_method_get_store_function;
++               STORE_store_private_key;
++               BN_GF2m_mod_sqr_arr;
++               RSA_setup_blinding;
++               BIO_s_datagram;
++               STORE_Memory;
++               sk_find_ex;
++               EC_GROUP_set_curve_GF2m;
++               ENGINE_set_default_ECDSA;
++               POLICY_CONSTRAINTS_new;
++               BN_GF2m_mod_sqrt;
++               ECDH_set_default_method;
++               EC_KEY_generate_key;
++               SHA384_Update;
++               BN_GF2m_arr2poly;
++               STORE_method_get_get_function;
++               STORE_meth_set_cleanup_fn;
++               STORE_method_set_cleanup_function;
++               EC_GROUP_check;
++               d2i_ECPrivateKey_bio;
++               EC_KEY_insert_key_method_data;
++               STORE_meth_get_lock_store_fn;
++               STORE_method_get_lock_store_function;
++               X509_VERIFY_PARAM_get_depth;
++               SHA224_Final;
++               STORE_meth_set_update_store_fn;
++               STORE_method_set_update_store_function;
++               SHA224_Update;
++               d2i_ECPrivateKey;
++               ASN1_item_ndef_i2d;
++               STORE_delete_private_key;
++               ERR_pop_to_mark;
++               ENGINE_register_all_STORE;
++               X509_policy_level_get0_node;
++               i2d_PKCS7_NDEF;
++               EC_GROUP_get_degree;
++               ASN1_generate_v3;
++               STORE_ATTR_INFO_modify_cstr;
++               X509_policy_tree_level_count;
++               BN_GF2m_add;
++               EC_KEY_get0_group;
++               STORE_generate_crl;
++               STORE_store_public_key;
++               X509_CERT_PAIR_free;
++               STORE_revoke_private_key;
++               BN_nist_mod_224;
++               SHA512_Final;
++               STORE_ATTR_INFO_modify_dn;
++               STORE_meth_get_initialise_fn;
++               STORE_method_get_initialise_function;
++               STORE_delete_number;
++               i2d_EC_PUBKEY_bio;
++               BIO_dgram_non_fatal_error;
++               EC_GROUP_get_asn1_flag;
++               STORE_ATTR_INFO_in_ex;
++               STORE_list_crl_start;
++               ECDH_get_ex_new_index;
++               STORE_meth_get_modify_fn;
++               STORE_method_get_modify_function;
++               v2i_ASN1_BIT_STRING;
++               STORE_store_certificate;
++               OBJ_bsearch_ex;
++               X509_STORE_CTX_set_default;
++               STORE_ATTR_INFO_set_sha1str;
++               BN_GF2m_mod_inv;
++               BN_GF2m_mod_exp;
++               STORE_modify_public_key;
++               STORE_meth_get_list_start_fn;
++               STORE_method_get_list_start_function;
++               EC_GROUP_get0_seed;
++               STORE_store_arbitrary;
++               STORE_meth_set_unlock_store_fn;
++               STORE_method_set_unlock_store_function;
++               BN_GF2m_mod_div_arr;
++               ENGINE_set_ECDSA;
++               STORE_create_method;
++               ECPKParameters_print;
++               EC_KEY_get0_private_key;
++               PEM_write_EC_PUBKEY;
++               X509_VERIFY_PARAM_set1;
++               ECDH_set_method;
++               v2i_GENERAL_NAME_ex;
++               ECDH_set_ex_data;
++               STORE_generate_key;
++               BN_nist_mod_521;
++               X509_policy_tree_get0_level;
++               EC_GROUP_set_point_conversion_form;
++               EC_GROUP_set_point_conv_form;
++               PEM_read_EC_PUBKEY;
++               i2d_ECDSA_SIG;
++               ECDSA_OpenSSL;
++               STORE_delete_crl;
++               EC_KEY_get_enc_flags;
++               ASN1_const_check_infinite_end;
++               EVP_PKEY_delete_attr;
++               ECDSA_set_default_method;
++               EC_POINT_set_compressed_coordinates_GF2m;
++               EC_POINT_set_compr_coords_GF2m;
++               EC_GROUP_cmp;
++               STORE_revoke_certificate;
++               BN_get0_nist_prime_256;
++               STORE_meth_get_delete_fn;
++               STORE_method_get_delete_function;
++               SHA224_Init;
++               PEM_read_ECPrivateKey;
++               SHA512_Init;
++               STORE_parse_attrs_endp;
++               BN_set_negative;
++               ERR_load_ECDSA_strings;
++               EC_GROUP_get_basis_type;
++               STORE_list_public_key_next;
++               i2v_ASN1_BIT_STRING;
++               STORE_OBJECT_free;
++               BN_nist_mod_384;
++               i2d_X509_CERT_PAIR;
++               PEM_write_ECPKParameters;
++               ECDH_compute_key;
++               STORE_ATTR_INFO_get0_sha1str;
++               ENGINE_register_all_ECDH;
++               pqueue_pop;
++               STORE_ATTR_INFO_get0_cstr;
++               POLICY_CONSTRAINTS_it;
++               POLICY_CONSTRAINTS_it;
++               STORE_get_ex_new_index;
++               EVP_PKEY_get_attr_by_OBJ;
++               X509_VERIFY_PARAM_add0_policy;
++               BN_GF2m_mod_solve_quad;
++               SHA256;
++               i2d_ECPrivateKey_fp;
++               X509_policy_tree_get0_user_policies;
++               X509_pcy_tree_get0_usr_policies;
++               OPENSSL_DIR_read;
++               ENGINE_register_all_ECDSA;
++               X509_VERIFY_PARAM_lookup;
++               EC_POINT_get_affine_coordinates_GF2m;
++               EC_POINT_get_affine_coords_GF2m;
++               EC_GROUP_dup;
++               ENGINE_get_default_ECDSA;
++               EC_KEY_new;
++               SHA256_Transform;
++               EC_KEY_set_enc_flags;
++               ECDSA_verify;
++               EC_POINT_point2hex;
++               ENGINE_get_STORE;
++               SHA512;
++               STORE_get_certificate;
++               ECDSA_do_sign_ex;
++               ECDSA_do_verify;
++               d2i_ECPrivateKey_fp;
++               STORE_delete_certificate;
++               SHA512_Transform;
++               X509_STORE_set1_param;
++               STORE_method_get_ctrl_function;
++               STORE_free;
++               PEM_write_ECPrivateKey;
++               STORE_meth_get_unlock_store_fn;
++               STORE_method_get_unlock_store_function;
++               STORE_get_ex_data;
++               EC_KEY_set_public_key;
++               PEM_read_ECPKParameters;
++               X509_CERT_PAIR_new;
++               ENGINE_register_STORE;
++               RSA_generate_key_ex;
++               DSA_generate_parameters_ex;
++               ECParameters_print_fp;
++               X509V3_NAME_from_section;
++               EVP_PKEY_add1_attr;
++               STORE_modify_crl;
++               STORE_list_private_key_start;
++               POLICY_MAPPINGS_it;
++               POLICY_MAPPINGS_it;
++               GENERAL_SUBTREE_it;
++               GENERAL_SUBTREE_it;
++               EC_GROUP_get_curve_name;
++               PEM_write_X509_CERT_PAIR;
++               BIO_dump_indent_cb;
++               d2i_X509_CERT_PAIR;
++               STORE_list_private_key_endp;
++               asn1_const_Finish;
++               i2d_EC_PUBKEY_fp;
++               BN_nist_mod_256;
++               X509_VERIFY_PARAM_add0_table;
++               pqueue_free;
++               BN_BLINDING_create_param;
++               ECDSA_size;
++               d2i_EC_PUBKEY_bio;
++               BN_get0_nist_prime_521;
++               STORE_ATTR_INFO_modify_sha1str;
++               BN_generate_prime_ex;
++               EC_GROUP_new_by_curve_name;
++               SHA256_Final;
++               DH_generate_parameters_ex;
++               PEM_read_bio_ECPrivateKey;
++               STORE_meth_get_cleanup_fn;
++               STORE_method_get_cleanup_function;
++               ENGINE_get_ECDH;
++               d2i_ECDSA_SIG;
++               BN_is_prime_fasttest_ex;
++               ECDSA_sign;
++               X509_policy_check;
++               EVP_PKEY_get_attr_by_NID;
++               STORE_set_ex_data;
++               ENGINE_get_ECDSA;
++               EVP_ecdsa;
++               BN_BLINDING_get_flags;
++               PKCS12_add_cert;
++               STORE_OBJECT_new;
++               ERR_load_ECDH_strings;
++               EC_KEY_dup;
++               EVP_CIPHER_CTX_rand_key;
++               ECDSA_set_method;
++               a2i_IPADDRESS_NC;
++               d2i_ECParameters;
++               STORE_list_certificate_end;
++               STORE_get_crl;
++               X509_POLICY_NODE_print;
++               SHA384_Init;
++               EC_GF2m_simple_method;
++               ECDSA_set_ex_data;
++               SHA384_Final;
++               PKCS7_set_digest;
++               EC_KEY_print;
++               STORE_meth_set_lock_store_fn;
++               STORE_method_set_lock_store_function;
++               ECDSA_get_ex_new_index;
++               SHA384;
++               POLICY_MAPPING_new;
++               STORE_list_certificate_endp;
++               X509_STORE_CTX_get0_policy_tree;
++               EC_GROUP_set_asn1_flag;
++               EC_KEY_check_key;
++               d2i_EC_PUBKEY_fp;
++               PKCS7_set0_type_other;
++               PEM_read_bio_X509_CERT_PAIR;
++               pqueue_next;
++               STORE_meth_get_list_end_fn;
++               STORE_method_get_list_end_function;
++               EVP_PKEY_add1_attr_by_OBJ;
++               X509_VERIFY_PARAM_set_time;
++               pqueue_new;
++               ENGINE_set_default_ECDH;
++               STORE_new_method;
++               PKCS12_add_key;
++               DSO_merge;
++               EC_POINT_hex2point;
++               BIO_dump_cb;
++               SHA256_Update;
++               pqueue_insert;
++               pitem_free;
++               BN_GF2m_mod_inv_arr;
++               ENGINE_unregister_ECDSA;
++               BN_BLINDING_set_thread_id;
++               get_rfc3526_prime_8192;
++               X509_VERIFY_PARAM_clear_flags;
++               get_rfc2409_prime_1024;
++               DH_check_pub_key;
++               get_rfc3526_prime_2048;
++               get_rfc3526_prime_6144;
++               get_rfc3526_prime_1536;
++               get_rfc3526_prime_3072;
++               get_rfc3526_prime_4096;
++               get_rfc2409_prime_768;
++               X509_VERIFY_PARAM_get_flags;
++               EVP_CIPHER_CTX_new;
++               EVP_CIPHER_CTX_free;
++               Camellia_cbc_encrypt;
++               Camellia_cfb128_encrypt;
++               Camellia_cfb1_encrypt;
++               Camellia_cfb8_encrypt;
++               Camellia_ctr128_encrypt;
++               Camellia_cfbr_encrypt_block;
++               Camellia_decrypt;
++               Camellia_ecb_encrypt;
++               Camellia_encrypt;
++               Camellia_ofb128_encrypt;
++               Camellia_set_key;
++               EVP_camellia_128_cbc;
++               EVP_camellia_128_cfb128;
++               EVP_camellia_128_cfb1;
++               EVP_camellia_128_cfb8;
++               EVP_camellia_128_ecb;
++               EVP_camellia_128_ofb;
++               EVP_camellia_192_cbc;
++               EVP_camellia_192_cfb128;
++               EVP_camellia_192_cfb1;
++               EVP_camellia_192_cfb8;
++               EVP_camellia_192_ecb;
++               EVP_camellia_192_ofb;
++               EVP_camellia_256_cbc;
++               EVP_camellia_256_cfb128;
++               EVP_camellia_256_cfb1;
++               EVP_camellia_256_cfb8;
++               EVP_camellia_256_ecb;
++               EVP_camellia_256_ofb;
++               a2i_ipadd;
++               ASIdentifiers_free;
++               i2d_ASIdOrRange;
++               EVP_CIPHER_block_size;
++               v3_asid_is_canonical;
++               IPAddressChoice_free;
++               EVP_CIPHER_CTX_set_app_data;
++               BIO_set_callback_arg;
++               v3_addr_add_prefix;
++               IPAddressOrRange_it;
++               IPAddressOrRange_it;
++               BIO_set_flags;
++               ASIdentifiers_it;
++               ASIdentifiers_it;
++               v3_addr_get_range;
++               BIO_method_type;
++               v3_addr_inherits;
++               IPAddressChoice_it;
++               IPAddressChoice_it;
++               AES_ige_encrypt;
++               v3_addr_add_range;
++               EVP_CIPHER_CTX_nid;
++               d2i_ASRange;
++               v3_addr_add_inherit;
++               v3_asid_add_id_or_range;
++               v3_addr_validate_resource_set;
++               EVP_CIPHER_iv_length;
++               EVP_MD_type;
++               v3_asid_canonize;
++               IPAddressRange_free;
++               v3_asid_add_inherit;
++               EVP_CIPHER_CTX_key_length;
++               IPAddressRange_new;
++               ASIdOrRange_new;
++               EVP_MD_size;
++               EVP_MD_CTX_test_flags;
++               BIO_clear_flags;
++               i2d_ASRange;
++               IPAddressRange_it;
++               IPAddressRange_it;
++               IPAddressChoice_new;
++               ASIdentifierChoice_new;
++               ASRange_free;
++               EVP_MD_pkey_type;
++               EVP_MD_CTX_clear_flags;
++               IPAddressFamily_free;
++               i2d_IPAddressFamily;
++               IPAddressOrRange_new;
++               EVP_CIPHER_flags;
++               v3_asid_validate_resource_set;
++               d2i_IPAddressRange;
++               AES_bi_ige_encrypt;
++               BIO_get_callback;
++               IPAddressOrRange_free;
++               v3_addr_subset;
++               d2i_IPAddressFamily;
++               v3_asid_subset;
++               BIO_test_flags;
++               i2d_ASIdentifierChoice;
++               ASRange_it;
++               ASRange_it;
++               d2i_ASIdentifiers;
++               ASRange_new;
++               d2i_IPAddressChoice;
++               v3_addr_get_afi;
++               EVP_CIPHER_key_length;
++               EVP_Cipher;
++               i2d_IPAddressOrRange;
++               ASIdOrRange_it;
++               ASIdOrRange_it;
++               EVP_CIPHER_nid;
++               i2d_IPAddressChoice;
++               EVP_CIPHER_CTX_block_size;
++               ASIdentifiers_new;
++               v3_addr_validate_path;
++               IPAddressFamily_new;
++               EVP_MD_CTX_set_flags;
++               v3_addr_is_canonical;
++               i2d_IPAddressRange;
++               IPAddressFamily_it;
++               IPAddressFamily_it;
++               v3_asid_inherits;
++               EVP_CIPHER_CTX_cipher;
++               EVP_CIPHER_CTX_get_app_data;
++               EVP_MD_block_size;
++               EVP_CIPHER_CTX_flags;
++               v3_asid_validate_path;
++               d2i_IPAddressOrRange;
++               v3_addr_canonize;
++               ASIdentifierChoice_it;
++               ASIdentifierChoice_it;
++               EVP_MD_CTX_md;
++               d2i_ASIdentifierChoice;
++               BIO_method_name;
++               EVP_CIPHER_CTX_iv_length;
++               ASIdOrRange_free;
++               ASIdentifierChoice_free;
++               BIO_get_callback_arg;
++               BIO_set_callback;
++               d2i_ASIdOrRange;
++               i2d_ASIdentifiers;
++               SEED_decrypt;
++               SEED_encrypt;
++               SEED_cbc_encrypt;
++               EVP_seed_ofb;
++               SEED_cfb128_encrypt;
++               SEED_ofb128_encrypt;
++               EVP_seed_cbc;
++               SEED_ecb_encrypt;
++               EVP_seed_ecb;
++               SEED_set_key;
++               EVP_seed_cfb128;
++               X509_EXTENSIONS_it;
++               X509_EXTENSIONS_it;
++               X509_get1_ocsp;
++               OCSP_REQ_CTX_free;
++               i2d_X509_EXTENSIONS;
++               OCSP_sendreq_nbio;
++               OCSP_sendreq_new;
++               d2i_X509_EXTENSIONS;
++               X509_ALGORS_it;
++               X509_ALGORS_it;
++               X509_ALGOR_get0;
++               X509_ALGOR_set0;
++               AES_unwrap_key;
++               AES_wrap_key;
++               X509at_get0_data_by_OBJ;
++               ASN1_TYPE_set1;
++               ASN1_STRING_set0;
++               i2d_X509_ALGORS;
++               BIO_f_zlib;
++               COMP_zlib_cleanup;
++               d2i_X509_ALGORS;
++               CMS_ReceiptRequest_free;
++               PEM_write_CMS;
++               CMS_add0_CertificateChoices;
++               CMS_unsigned_add1_attr_by_OBJ;
++               ERR_load_CMS_strings;
++               CMS_sign_receipt;
++               i2d_CMS_ContentInfo;
++               CMS_signed_delete_attr;
++               d2i_CMS_bio;
++               CMS_unsigned_get_attr_by_NID;
++               CMS_verify;
++               SMIME_read_CMS;
++               CMS_decrypt_set1_key;
++               CMS_SignerInfo_get0_algs;
++               CMS_add1_cert;
++               CMS_set_detached;
++               CMS_encrypt;
++               CMS_EnvelopedData_create;
++               CMS_uncompress;
++               CMS_add0_crl;
++               CMS_SignerInfo_verify_content;
++               CMS_unsigned_get0_data_by_OBJ;
++               PEM_write_bio_CMS;
++               CMS_unsigned_get_attr;
++               CMS_RecipientInfo_ktri_cert_cmp;
++               CMS_RecipientInfo_ktri_get0_algs;
++               CMS_RecipInfo_ktri_get0_algs;
++               CMS_ContentInfo_free;
++               CMS_final;
++               CMS_add_simple_smimecap;
++               CMS_SignerInfo_verify;
++               CMS_data;
++               CMS_ContentInfo_it;
++               CMS_ContentInfo_it;
++               d2i_CMS_ReceiptRequest;
++               CMS_compress;
++               CMS_digest_create;
++               CMS_SignerInfo_cert_cmp;
++               CMS_SignerInfo_sign;
++               CMS_data_create;
++               i2d_CMS_bio;
++               CMS_EncryptedData_set1_key;
++               CMS_decrypt;
++               int_smime_write_ASN1;
++               CMS_unsigned_delete_attr;
++               CMS_unsigned_get_attr_count;
++               CMS_add_smimecap;
++               PEM_read_CMS;
++               CMS_signed_get_attr_by_OBJ;
++               d2i_CMS_ContentInfo;
++               CMS_add_standard_smimecap;
++               CMS_ContentInfo_new;
++               CMS_RecipientInfo_type;
++               CMS_get0_type;
++               CMS_is_detached;
++               CMS_sign;
++               CMS_signed_add1_attr;
++               CMS_unsigned_get_attr_by_OBJ;
++               SMIME_write_CMS;
++               CMS_EncryptedData_decrypt;
++               CMS_get0_RecipientInfos;
++               CMS_add0_RevocationInfoChoice;
++               CMS_decrypt_set1_pkey;
++               CMS_SignerInfo_set1_signer_cert;
++               CMS_get0_signers;
++               CMS_ReceiptRequest_get0_values;
++               CMS_signed_get0_data_by_OBJ;
++               CMS_get0_SignerInfos;
++               CMS_add0_cert;
++               CMS_EncryptedData_encrypt;
++               CMS_digest_verify;
++               CMS_set1_signers_certs;
++               CMS_signed_get_attr;
++               CMS_RecipientInfo_set0_key;
++               CMS_SignedData_init;
++               CMS_RecipientInfo_kekri_get0_id;
++               CMS_verify_receipt;
++               CMS_ReceiptRequest_it;
++               CMS_ReceiptRequest_it;
++               PEM_read_bio_CMS;
++               CMS_get1_crls;
++               CMS_add0_recipient_key;
++               SMIME_read_ASN1;
++               CMS_ReceiptRequest_new;
++               CMS_get0_content;
++               CMS_get1_ReceiptRequest;
++               CMS_signed_add1_attr_by_OBJ;
++               CMS_RecipientInfo_kekri_id_cmp;
++               CMS_add1_ReceiptRequest;
++               CMS_SignerInfo_get0_signer_id;
++               CMS_unsigned_add1_attr_by_NID;
++               CMS_unsigned_add1_attr;
++               CMS_signed_get_attr_by_NID;
++               CMS_get1_certs;
++               CMS_signed_add1_attr_by_NID;
++               CMS_unsigned_add1_attr_by_txt;
++               CMS_dataFinal;
++               CMS_RecipientInfo_ktri_get0_signer_id;
++               CMS_RecipInfo_ktri_get0_sigr_id;
++               i2d_CMS_ReceiptRequest;
++               CMS_add1_recipient_cert;
++               CMS_dataInit;
++               CMS_signed_add1_attr_by_txt;
++               CMS_RecipientInfo_decrypt;
++               CMS_signed_get_attr_count;
++               CMS_get0_eContentType;
++               CMS_set1_eContentType;
++               CMS_ReceiptRequest_create0;
++               CMS_add1_signer;
++               CMS_RecipientInfo_set0_pkey;
++               ENGINE_set_load_ssl_client_cert_function;
++               ENGINE_set_ld_ssl_clnt_cert_fn;
++               ENGINE_get_ssl_client_cert_function;
++               ENGINE_get_ssl_client_cert_fn;
++               ENGINE_load_ssl_client_cert;
++               ENGINE_load_capi;
++               OPENSSL_isservice;
++               FIPS_dsa_sig_decode;
++               EVP_CIPHER_CTX_clear_flags;
++               FIPS_rand_status;
++               FIPS_rand_set_key;
++               CRYPTO_set_mem_info_functions;
++               RSA_X931_generate_key_ex;
++               int_ERR_set_state_func;
++               int_EVP_MD_set_engine_callbacks;
++               int_CRYPTO_set_do_dynlock_callback;
++               FIPS_rng_stick;
++               EVP_CIPHER_CTX_set_flags;
++               BN_X931_generate_prime_ex;
++               FIPS_selftest_check;
++               FIPS_rand_set_dt;
++               CRYPTO_dbg_pop_info;
++               FIPS_dsa_free;
++               RSA_X931_derive_ex;
++               FIPS_rsa_new;
++               FIPS_rand_bytes;
++               fips_cipher_test;
++               EVP_CIPHER_CTX_test_flags;
++               CRYPTO_malloc_debug_init;
++               CRYPTO_dbg_push_info;
++               FIPS_corrupt_rsa_keygen;
++               FIPS_dh_new;
++               FIPS_corrupt_dsa_keygen;
++               FIPS_dh_free;
++               fips_pkey_signature_test;
++               EVP_add_alg_module;
++               int_RAND_init_engine_callbacks;
++               int_EVP_CIPHER_set_engine_callbacks;
++               int_EVP_MD_init_engine_callbacks;
++               FIPS_rand_test_mode;
++               FIPS_rand_reset;
++               FIPS_dsa_new;
++               int_RAND_set_callbacks;
++               BN_X931_derive_prime_ex;
++               int_ERR_lib_init;
++               int_EVP_CIPHER_init_engine_callbacks;
++               FIPS_rsa_free;
++               FIPS_dsa_sig_encode;
++               CRYPTO_dbg_remove_all_info;
++               OPENSSL_init;
++               CRYPTO_strdup;
++               JPAKE_STEP3A_process;
++               JPAKE_STEP1_release;
++               JPAKE_get_shared_key;
++               JPAKE_STEP3B_init;
++               JPAKE_STEP1_generate;
++               JPAKE_STEP1_init;
++               JPAKE_STEP3B_process;
++               JPAKE_STEP2_generate;
++               JPAKE_CTX_new;
++               JPAKE_CTX_free;
++               JPAKE_STEP3B_release;
++               JPAKE_STEP3A_release;
++               JPAKE_STEP2_process;
++               JPAKE_STEP3B_generate;
++               JPAKE_STEP1_process;
++               JPAKE_STEP3A_generate;
++               JPAKE_STEP2_release;
++               JPAKE_STEP3A_init;
++               ERR_load_JPAKE_strings;
++               JPAKE_STEP2_init;
++               pqueue_size;
++               i2d_TS_ACCURACY;
++               i2d_TS_MSG_IMPRINT_fp;
++               i2d_TS_MSG_IMPRINT;
++               EVP_PKEY_print_public;
++               EVP_PKEY_CTX_new;
++               i2d_TS_TST_INFO;
++               EVP_PKEY_asn1_find;
++               DSO_METHOD_beos;
++               TS_CONF_load_cert;
++               TS_REQ_get_ext;
++               EVP_PKEY_sign_init;
++               ASN1_item_print;
++               TS_TST_INFO_set_nonce;
++               TS_RESP_dup;
++               ENGINE_register_pkey_meths;
++               EVP_PKEY_asn1_add0;
++               PKCS7_add0_attrib_signing_time;
++               i2d_TS_TST_INFO_fp;
++               BIO_asn1_get_prefix;
++               TS_TST_INFO_set_time;
++               EVP_PKEY_meth_set_decrypt;
++               EVP_PKEY_set_type_str;
++               EVP_PKEY_CTX_get_keygen_info;
++               TS_REQ_set_policy_id;
++               d2i_TS_RESP_fp;
++               ENGINE_get_pkey_asn1_meth_engine;
++               ENGINE_get_pkey_asn1_meth_eng;
++               WHIRLPOOL_Init;
++               TS_RESP_set_status_info;
++               EVP_PKEY_keygen;
++               EVP_DigestSignInit;
++               TS_ACCURACY_set_millis;
++               TS_REQ_dup;
++               GENERAL_NAME_dup;
++               ASN1_SEQUENCE_ANY_it;
++               ASN1_SEQUENCE_ANY_it;
++               WHIRLPOOL;
++               X509_STORE_get1_crls;
++               ENGINE_get_pkey_asn1_meth;
++               EVP_PKEY_asn1_new;
++               BIO_new_NDEF;
++               ENGINE_get_pkey_meth;
++               TS_MSG_IMPRINT_set_algo;
++               i2d_TS_TST_INFO_bio;
++               TS_TST_INFO_set_ordering;
++               TS_TST_INFO_get_ext_by_OBJ;
++               CRYPTO_THREADID_set_pointer;
++               TS_CONF_get_tsa_section;
++               SMIME_write_ASN1;
++               TS_RESP_CTX_set_signer_key;
++               EVP_PKEY_encrypt_old;
++               EVP_PKEY_encrypt_init;
++               CRYPTO_THREADID_cpy;
++               ASN1_PCTX_get_cert_flags;
++               i2d_ESS_SIGNING_CERT;
++               TS_CONF_load_key;
++               i2d_ASN1_SEQUENCE_ANY;
++               d2i_TS_MSG_IMPRINT_bio;
++               EVP_PKEY_asn1_set_public;
++               b2i_PublicKey_bio;
++               BIO_asn1_set_prefix;
++               EVP_PKEY_new_mac_key;
++               BIO_new_CMS;
++               CRYPTO_THREADID_cmp;
++               TS_REQ_ext_free;
++               EVP_PKEY_asn1_set_free;
++               EVP_PKEY_get0_asn1;
++               d2i_NETSCAPE_X509;
++               EVP_PKEY_verify_recover_init;
++               EVP_PKEY_CTX_set_data;
++               EVP_PKEY_keygen_init;
++               TS_RESP_CTX_set_status_info;
++               TS_MSG_IMPRINT_get_algo;
++               TS_REQ_print_bio;
++               EVP_PKEY_CTX_ctrl_str;
++               EVP_PKEY_get_default_digest_nid;
++               PEM_write_bio_PKCS7_stream;
++               TS_MSG_IMPRINT_print_bio;
++               BN_asc2bn;
++               TS_REQ_get_policy_id;
++               ENGINE_set_default_pkey_asn1_meths;
++               ENGINE_set_def_pkey_asn1_meths;
++               d2i_TS_ACCURACY;
++               DSO_global_lookup;
++               TS_CONF_set_tsa_name;
++               i2d_ASN1_SET_ANY;
++               ENGINE_load_gost;
++               WHIRLPOOL_BitUpdate;
++               ASN1_PCTX_get_flags;
++               TS_TST_INFO_get_ext_by_NID;
++               TS_RESP_new;
++               ESS_CERT_ID_dup;
++               TS_STATUS_INFO_dup;
++               TS_REQ_delete_ext;
++               EVP_DigestVerifyFinal;
++               EVP_PKEY_print_params;
++               i2d_CMS_bio_stream;
++               TS_REQ_get_msg_imprint;
++               OBJ_find_sigid_by_algs;
++               TS_TST_INFO_get_serial;
++               TS_REQ_get_nonce;
++               X509_PUBKEY_set0_param;
++               EVP_PKEY_CTX_set0_keygen_info;
++               DIST_POINT_set_dpname;
++               i2d_ISSUING_DIST_POINT;
++               ASN1_SET_ANY_it;
++               ASN1_SET_ANY_it;
++               EVP_PKEY_CTX_get_data;
++               TS_STATUS_INFO_print_bio;
++               EVP_PKEY_derive_init;
++               d2i_TS_TST_INFO;
++               EVP_PKEY_asn1_add_alias;
++               d2i_TS_RESP_bio;
++               OTHERNAME_cmp;
++               GENERAL_NAME_set0_value;
++               PKCS7_RECIP_INFO_get0_alg;
++               TS_RESP_CTX_new;
++               TS_RESP_set_tst_info;
++               PKCS7_final;
++               EVP_PKEY_base_id;
++               TS_RESP_CTX_set_signer_cert;
++               TS_REQ_set_msg_imprint;
++               EVP_PKEY_CTX_ctrl;
++               TS_CONF_set_digests;
++               d2i_TS_MSG_IMPRINT;
++               EVP_PKEY_meth_set_ctrl;
++               TS_REQ_get_ext_by_NID;
++               PKCS5_pbe_set0_algor;
++               BN_BLINDING_thread_id;
++               TS_ACCURACY_new;
++               X509_CRL_METHOD_free;
++               ASN1_PCTX_get_nm_flags;
++               EVP_PKEY_meth_set_sign;
++               CRYPTO_THREADID_current;
++               EVP_PKEY_decrypt_init;
++               NETSCAPE_X509_free;
++               i2b_PVK_bio;
++               EVP_PKEY_print_private;
++               GENERAL_NAME_get0_value;
++               b2i_PVK_bio;
++               ASN1_UTCTIME_adj;
++               TS_TST_INFO_new;
++               EVP_MD_do_all_sorted;
++               TS_CONF_set_default_engine;
++               TS_ACCURACY_set_seconds;
++               TS_TST_INFO_get_time;
++               PKCS8_pkey_get0;
++               EVP_PKEY_asn1_get0;
++               OBJ_add_sigid;
++               PKCS7_SIGNER_INFO_sign;
++               EVP_PKEY_paramgen_init;
++               EVP_PKEY_sign;
++               OBJ_sigid_free;
++               EVP_PKEY_meth_set_init;
++               d2i_ESS_ISSUER_SERIAL;
++               ISSUING_DIST_POINT_new;
++               ASN1_TIME_adj;
++               TS_OBJ_print_bio;
++               EVP_PKEY_meth_set_verify_recover;
++               EVP_PKEY_meth_set_vrfy_recover;
++               TS_RESP_get_status_info;
++               CMS_stream;
++               EVP_PKEY_CTX_set_cb;
++               PKCS7_to_TS_TST_INFO;
++               ASN1_PCTX_get_oid_flags;
++               TS_TST_INFO_add_ext;
++               EVP_PKEY_meth_set_derive;
++               i2d_TS_RESP_fp;
++               i2d_TS_MSG_IMPRINT_bio;
++               TS_RESP_CTX_set_accuracy;
++               TS_REQ_set_nonce;
++               ESS_CERT_ID_new;
++               ENGINE_pkey_asn1_find_str;
++               TS_REQ_get_ext_count;
++               BUF_reverse;
++               TS_TST_INFO_print_bio;
++               d2i_ISSUING_DIST_POINT;
++               ENGINE_get_pkey_meths;
++               i2b_PrivateKey_bio;
++               i2d_TS_RESP;
++               b2i_PublicKey;
++               TS_VERIFY_CTX_cleanup;
++               TS_STATUS_INFO_free;
++               TS_RESP_verify_token;
++               OBJ_bsearch_ex_;
++               ASN1_bn_print;
++               EVP_PKEY_asn1_get_count;
++               ENGINE_register_pkey_asn1_meths;
++               ASN1_PCTX_set_nm_flags;
++               EVP_DigestVerifyInit;
++               ENGINE_set_default_pkey_meths;
++               TS_TST_INFO_get_policy_id;
++               TS_REQ_get_cert_req;
++               X509_CRL_set_meth_data;
++               PKCS8_pkey_set0;
++               ASN1_STRING_copy;
++               d2i_TS_TST_INFO_fp;
++               X509_CRL_match;
++               EVP_PKEY_asn1_set_private;
++               TS_TST_INFO_get_ext_d2i;
++               TS_RESP_CTX_add_policy;
++               d2i_TS_RESP;
++               TS_CONF_load_certs;
++               TS_TST_INFO_get_msg_imprint;
++               ERR_load_TS_strings;
++               TS_TST_INFO_get_version;
++               EVP_PKEY_CTX_dup;
++               EVP_PKEY_meth_set_verify;
++               i2b_PublicKey_bio;
++               TS_CONF_set_certs;
++               EVP_PKEY_asn1_get0_info;
++               TS_VERIFY_CTX_free;
++               TS_REQ_get_ext_by_critical;
++               TS_RESP_CTX_set_serial_cb;
++               X509_CRL_get_meth_data;
++               TS_RESP_CTX_set_time_cb;
++               TS_MSG_IMPRINT_get_msg;
++               TS_TST_INFO_ext_free;
++               TS_REQ_get_version;
++               TS_REQ_add_ext;
++               EVP_PKEY_CTX_set_app_data;
++               OBJ_bsearch_;
++               EVP_PKEY_meth_set_verifyctx;
++               i2d_PKCS7_bio_stream;
++               CRYPTO_THREADID_set_numeric;
++               PKCS7_sign_add_signer;
++               d2i_TS_TST_INFO_bio;
++               TS_TST_INFO_get_ordering;
++               TS_RESP_print_bio;
++               TS_TST_INFO_get_exts;
++               HMAC_CTX_copy;
++               PKCS5_pbe2_set_iv;
++               ENGINE_get_pkey_asn1_meths;
++               b2i_PrivateKey;
++               EVP_PKEY_CTX_get_app_data;
++               TS_REQ_set_cert_req;
++               CRYPTO_THREADID_set_callback;
++               TS_CONF_set_serial;
++               TS_TST_INFO_free;
++               d2i_TS_REQ_fp;
++               TS_RESP_verify_response;
++               i2d_ESS_ISSUER_SERIAL;
++               TS_ACCURACY_get_seconds;
++               EVP_CIPHER_do_all;
++               b2i_PrivateKey_bio;
++               OCSP_CERTID_dup;
++               X509_PUBKEY_get0_param;
++               TS_MSG_IMPRINT_dup;
++               PKCS7_print_ctx;
++               i2d_TS_REQ_bio;
++               EVP_whirlpool;
++               EVP_PKEY_asn1_set_param;
++               EVP_PKEY_meth_set_encrypt;
++               ASN1_PCTX_set_flags;
++               i2d_ESS_CERT_ID;
++               TS_VERIFY_CTX_new;
++               TS_RESP_CTX_set_extension_cb;
++               ENGINE_register_all_pkey_meths;
++               TS_RESP_CTX_set_status_info_cond;
++               TS_RESP_CTX_set_stat_info_cond;
++               EVP_PKEY_verify;
++               WHIRLPOOL_Final;
++               X509_CRL_METHOD_new;
++               EVP_DigestSignFinal;
++               TS_RESP_CTX_set_def_policy;
++               NETSCAPE_X509_it;
++               NETSCAPE_X509_it;
++               TS_RESP_create_response;
++               PKCS7_SIGNER_INFO_get0_algs;
++               TS_TST_INFO_get_nonce;
++               EVP_PKEY_decrypt_old;
++               TS_TST_INFO_set_policy_id;
++               TS_CONF_set_ess_cert_id_chain;
++               EVP_PKEY_CTX_get0_pkey;
++               d2i_TS_REQ;
++               EVP_PKEY_asn1_find_str;
++               BIO_f_asn1;
++               ESS_SIGNING_CERT_new;
++               EVP_PBE_find;
++               X509_CRL_get0_by_cert;
++               EVP_PKEY_derive;
++               i2d_TS_REQ;
++               TS_TST_INFO_delete_ext;
++               ESS_ISSUER_SERIAL_free;
++               ASN1_PCTX_set_str_flags;
++               ENGINE_get_pkey_asn1_meth_str;
++               TS_CONF_set_signer_key;
++               TS_ACCURACY_get_millis;
++               TS_RESP_get_token;
++               TS_ACCURACY_dup;
++               ENGINE_register_all_pkey_asn1_meths;
++               ENGINE_reg_all_pkey_asn1_meths;
++               X509_CRL_set_default_method;
++               CRYPTO_THREADID_hash;
++               CMS_ContentInfo_print_ctx;
++               TS_RESP_free;
++               ISSUING_DIST_POINT_free;
++               ESS_ISSUER_SERIAL_new;
++               CMS_add1_crl;
++               PKCS7_add1_attrib_digest;
++               TS_RESP_CTX_add_md;
++               TS_TST_INFO_dup;
++               ENGINE_set_pkey_asn1_meths;
++               PEM_write_bio_Parameters;
++               TS_TST_INFO_get_accuracy;
++               X509_CRL_get0_by_serial;
++               TS_TST_INFO_set_version;
++               TS_RESP_CTX_get_tst_info;
++               TS_RESP_verify_signature;
++               CRYPTO_THREADID_get_callback;
++               TS_TST_INFO_get_tsa;
++               TS_STATUS_INFO_new;
++               EVP_PKEY_CTX_get_cb;
++               TS_REQ_get_ext_d2i;
++               GENERAL_NAME_set0_othername;
++               TS_TST_INFO_get_ext_count;
++               TS_RESP_CTX_get_request;
++               i2d_NETSCAPE_X509;
++               ENGINE_get_pkey_meth_engine;
++               EVP_PKEY_meth_set_signctx;
++               EVP_PKEY_asn1_copy;
++               ASN1_TYPE_cmp;
++               EVP_CIPHER_do_all_sorted;
++               EVP_PKEY_CTX_free;
++               ISSUING_DIST_POINT_it;
++               ISSUING_DIST_POINT_it;
++               d2i_TS_MSG_IMPRINT_fp;
++               X509_STORE_get1_certs;
++               EVP_PKEY_CTX_get_operation;
++               d2i_ESS_SIGNING_CERT;
++               TS_CONF_set_ordering;
++               EVP_PBE_alg_add_type;
++               TS_REQ_set_version;
++               EVP_PKEY_get0;
++               BIO_asn1_set_suffix;
++               i2d_TS_STATUS_INFO;
++               EVP_MD_do_all;
++               TS_TST_INFO_set_accuracy;
++               PKCS7_add_attrib_content_type;
++               ERR_remove_thread_state;
++               EVP_PKEY_meth_add0;
++               TS_TST_INFO_set_tsa;
++               EVP_PKEY_meth_new;
++               WHIRLPOOL_Update;
++               TS_CONF_set_accuracy;
++               ASN1_PCTX_set_oid_flags;
++               ESS_SIGNING_CERT_dup;
++               d2i_TS_REQ_bio;
++               X509_time_adj_ex;
++               TS_RESP_CTX_add_flags;
++               d2i_TS_STATUS_INFO;
++               TS_MSG_IMPRINT_set_msg;
++               BIO_asn1_get_suffix;
++               TS_REQ_free;
++               EVP_PKEY_meth_free;
++               TS_REQ_get_exts;
++               TS_RESP_CTX_set_clock_precision_digits;
++               TS_RESP_CTX_set_clk_prec_digits;
++               TS_RESP_CTX_add_failure_info;
++               i2d_TS_RESP_bio;
++               EVP_PKEY_CTX_get0_peerkey;
++               PEM_write_bio_CMS_stream;
++               TS_REQ_new;
++               TS_MSG_IMPRINT_new;
++               EVP_PKEY_meth_find;
++               EVP_PKEY_id;
++               TS_TST_INFO_set_serial;
++               a2i_GENERAL_NAME;
++               TS_CONF_set_crypto_device;
++               EVP_PKEY_verify_init;
++               TS_CONF_set_policies;
++               ASN1_PCTX_new;
++               ESS_CERT_ID_free;
++               ENGINE_unregister_pkey_meths;
++               TS_MSG_IMPRINT_free;
++               TS_VERIFY_CTX_init;
++               PKCS7_stream;
++               TS_RESP_CTX_set_certs;
++               TS_CONF_set_def_policy;
++               ASN1_GENERALIZEDTIME_adj;
++               NETSCAPE_X509_new;
++               TS_ACCURACY_free;
++               TS_RESP_get_tst_info;
++               EVP_PKEY_derive_set_peer;
++               PEM_read_bio_Parameters;
++               TS_CONF_set_clock_precision_digits;
++               TS_CONF_set_clk_prec_digits;
++               ESS_ISSUER_SERIAL_dup;
++               TS_ACCURACY_get_micros;
++               ASN1_PCTX_get_str_flags;
++               NAME_CONSTRAINTS_check;
++               ASN1_BIT_STRING_check;
++               X509_check_akid;
++               ENGINE_unregister_pkey_asn1_meths;
++               ENGINE_unreg_pkey_asn1_meths;
++               ASN1_PCTX_free;
++               PEM_write_bio_ASN1_stream;
++               i2d_ASN1_bio_stream;
++               TS_X509_ALGOR_print_bio;
++               EVP_PKEY_meth_set_cleanup;
++               EVP_PKEY_asn1_free;
++               ESS_SIGNING_CERT_free;
++               TS_TST_INFO_set_msg_imprint;
++               GENERAL_NAME_cmp;
++               d2i_ASN1_SET_ANY;
++               ENGINE_set_pkey_meths;
++               i2d_TS_REQ_fp;
++               d2i_ASN1_SEQUENCE_ANY;
++               GENERAL_NAME_get0_otherName;
++               d2i_ESS_CERT_ID;
++               OBJ_find_sigid_algs;
++               EVP_PKEY_meth_set_keygen;
++               PKCS5_PBKDF2_HMAC;
++               EVP_PKEY_paramgen;
++               EVP_PKEY_meth_set_paramgen;
++               BIO_new_PKCS7;
++               EVP_PKEY_verify_recover;
++               TS_ext_print_bio;
++               TS_ASN1_INTEGER_print_bio;
++               check_defer;
++               DSO_pathbyaddr;
++               EVP_PKEY_set_type;
++               TS_ACCURACY_set_micros;
++               TS_REQ_to_TS_VERIFY_CTX;
++               EVP_PKEY_meth_set_copy;
++               ASN1_PCTX_set_cert_flags;
++               TS_TST_INFO_get_ext;
++               EVP_PKEY_asn1_set_ctrl;
++               TS_TST_INFO_get_ext_by_critical;
++               EVP_PKEY_CTX_new_id;
++               TS_REQ_get_ext_by_OBJ;
++               TS_CONF_set_signer_cert;
++               X509_NAME_hash_old;
++               ASN1_TIME_set_string;
++               EVP_MD_flags;
++               TS_RESP_CTX_free;
++               DSAparams_dup;
++               DHparams_dup;
++               OCSP_REQ_CTX_add1_header;
++               OCSP_REQ_CTX_set1_req;
++               X509_STORE_set_verify_cb;
++               X509_STORE_CTX_get0_current_crl;
++               X509_STORE_CTX_get0_parent_ctx;
++               X509_STORE_CTX_get0_current_issuer;
++               X509_STORE_CTX_get0_cur_issuer;
++               X509_issuer_name_hash_old;
++               X509_subject_name_hash_old;
++               EVP_CIPHER_CTX_copy;
++               UI_method_get_prompt_constructor;
++               UI_method_get_prompt_constructr;
++               UI_method_set_prompt_constructor;
++               UI_method_set_prompt_constructr;
++               EVP_read_pw_string_min;
++               CRYPTO_cts128_encrypt;
++               CRYPTO_cts128_decrypt_block;
++               CRYPTO_cfb128_1_encrypt;
++               CRYPTO_cbc128_encrypt;
++               CRYPTO_ctr128_encrypt;
++               CRYPTO_ofb128_encrypt;
++               CRYPTO_cts128_decrypt;
++               CRYPTO_cts128_encrypt_block;
++               CRYPTO_cbc128_decrypt;
++               CRYPTO_cfb128_encrypt;
++               CRYPTO_cfb128_8_encrypt;
++
++       local:
++               *;
++};
++
++
++OPENSSL_1.0.1 {
++       global:
++               SSL_renegotiate_abbreviated;
++               TLSv1_1_method;
++               TLSv1_1_client_method;
++               TLSv1_1_server_method;
++               SSL_CTX_set_srp_client_pwd_callback;
++               SSL_CTX_set_srp_client_pwd_cb;
++               SSL_get_srp_g;
++               SSL_CTX_set_srp_username_callback;
++               SSL_CTX_set_srp_un_cb;
++               SSL_get_srp_userinfo;
++               SSL_set_srp_server_param;
++               SSL_set_srp_server_param_pw;
++               SSL_get_srp_N;
++               SSL_get_srp_username;
++               SSL_CTX_set_srp_password;
++               SSL_CTX_set_srp_strength;
++               SSL_CTX_set_srp_verify_param_callback;
++               SSL_CTX_set_srp_vfy_param_cb;
++               SSL_CTX_set_srp_cb_arg;
++               SSL_CTX_set_srp_username;
++               SSL_CTX_SRP_CTX_init;
++               SSL_SRP_CTX_init;
++               SRP_Calc_A_param;
++               SRP_generate_server_master_secret;
++               SRP_gen_server_master_secret;
++               SSL_CTX_SRP_CTX_free;
++               SRP_generate_client_master_secret;
++               SRP_gen_client_master_secret;
++               SSL_srp_server_param_with_username;
++               SSL_srp_server_param_with_un;
++               SSL_SRP_CTX_free;
++               SSL_set_debug;
++               SSL_SESSION_get0_peer;
++               TLSv1_2_client_method;
++               SSL_SESSION_set1_id_context;
++               TLSv1_2_server_method;
++               SSL_cache_hit;
++               SSL_get0_kssl_ctx;
++               SSL_set0_kssl_ctx;
++               SSL_set_state;
++               SSL_CIPHER_get_id;
++               TLSv1_2_method;
++               kssl_ctx_get0_client_princ;
++               SSL_export_keying_material;
++               SSL_set_tlsext_use_srtp;
++               SSL_CTX_set_next_protos_advertised_cb;
++               SSL_CTX_set_next_protos_adv_cb;
++               SSL_get0_next_proto_negotiated;
++               SSL_get_selected_srtp_profile;
++               SSL_CTX_set_tlsext_use_srtp;
++               SSL_select_next_proto;
++               SSL_get_srtp_profiles;
++               SSL_CTX_set_next_proto_select_cb;
++               SSL_CTX_set_next_proto_sel_cb;
++               SSL_SESSION_get_compress_id;
++
++               SRP_VBASE_get_by_user;
++               SRP_Calc_server_key;
++               SRP_create_verifier;
++               SRP_create_verifier_BN;
++               SRP_Calc_u;
++               SRP_VBASE_free;
++               SRP_Calc_client_key;
++               SRP_get_default_gN;
++               SRP_Calc_x;
++               SRP_Calc_B;
++               SRP_VBASE_new;
++               SRP_check_known_gN_param;
++               SRP_Calc_A;
++               SRP_Verify_A_mod_N;
++               SRP_VBASE_init;
++               SRP_Verify_B_mod_N;
++               EC_KEY_set_public_key_affine_coordinates;
++               EC_KEY_set_pub_key_aff_coords;
++               EVP_aes_192_ctr;
++               EVP_PKEY_meth_get0_info;
++               EVP_PKEY_meth_copy;
++               ERR_add_error_vdata;
++               EVP_aes_128_ctr;
++               EVP_aes_256_ctr;
++               EC_GFp_nistp224_method;
++               EC_KEY_get_flags;
++               RSA_padding_add_PKCS1_PSS_mgf1;
++               EVP_aes_128_xts;
++               EVP_aes_256_xts;
++               EVP_aes_128_gcm;
++               EC_KEY_clear_flags;
++               EC_KEY_set_flags;
++               EVP_aes_256_ccm;
++               RSA_verify_PKCS1_PSS_mgf1;
++               EVP_aes_128_ccm;
++               EVP_aes_192_gcm;
++               X509_ALGOR_set_md;
++               RAND_init_fips;
++               EVP_aes_256_gcm;
++               EVP_aes_192_ccm;
++               CMAC_CTX_copy;
++               CMAC_CTX_free;
++               CMAC_CTX_get0_cipher_ctx;
++               CMAC_CTX_cleanup;
++               CMAC_Init;
++               CMAC_Update;
++               CMAC_resume;
++               CMAC_CTX_new;
++               CMAC_Final;
++               CRYPTO_ctr128_encrypt_ctr32;
++               CRYPTO_gcm128_release;
++               CRYPTO_ccm128_decrypt_ccm64;
++               CRYPTO_ccm128_encrypt;
++               CRYPTO_gcm128_encrypt;
++               CRYPTO_xts128_encrypt;
++               EVP_rc4_hmac_md5;
++               CRYPTO_nistcts128_decrypt_block;
++               CRYPTO_gcm128_setiv;
++               CRYPTO_nistcts128_encrypt;
++               EVP_aes_128_cbc_hmac_sha1;
++               CRYPTO_gcm128_tag;
++               CRYPTO_ccm128_encrypt_ccm64;
++               ENGINE_load_rdrand;
++               CRYPTO_ccm128_setiv;
++               CRYPTO_nistcts128_encrypt_block;
++               CRYPTO_gcm128_aad;
++               CRYPTO_ccm128_init;
++               CRYPTO_nistcts128_decrypt;
++               CRYPTO_gcm128_new;
++               CRYPTO_ccm128_tag;
++               CRYPTO_ccm128_decrypt;
++               CRYPTO_ccm128_aad;
++               CRYPTO_gcm128_init;
++               CRYPTO_gcm128_decrypt;
++               ENGINE_load_rsax;
++               CRYPTO_gcm128_decrypt_ctr32;
++               CRYPTO_gcm128_encrypt_ctr32;
++               CRYPTO_gcm128_finish;
++               EVP_aes_256_cbc_hmac_sha1;
++               PKCS5_pbkdf2_set;
++               CMS_add0_recipient_password;
++               CMS_decrypt_set1_password;
++               CMS_RecipientInfo_set0_password;
++               RAND_set_fips_drbg_type;
++               X509_REQ_sign_ctx;
++               RSA_PSS_PARAMS_new;
++               X509_CRL_sign_ctx;
++               X509_signature_dump;
++               d2i_RSA_PSS_PARAMS;
++               RSA_PSS_PARAMS_it;
++               RSA_PSS_PARAMS_it;
++               RSA_PSS_PARAMS_free;
++               X509_sign_ctx;
++               i2d_RSA_PSS_PARAMS;
++               ASN1_item_sign_ctx;
++               EC_GFp_nistp521_method;
++               EC_GFp_nistp256_method;
++               OPENSSL_stderr;
++               OPENSSL_cpuid_setup;
++               OPENSSL_showfatal;
++               BIO_new_dgram_sctp;
++               BIO_dgram_sctp_msg_waiting;
++               BIO_dgram_sctp_wait_for_dry;
++               BIO_s_datagram_sctp;
++               BIO_dgram_is_sctp;
++               BIO_dgram_sctp_notification_cb;
++} OPENSSL_1.0.0;
++
++OPENSSL_1.0.1d {
++       global:
++               CRYPTO_memcmp;
++} OPENSSL_1.0.1;
++
+Index: openssl-1.0.1d/engines/openssl.ld
+===================================================================
+--- /dev/null   1970-01-01 00:00:00.000000000 +0000
++++ openssl-1.0.1d/engines/openssl.ld   2013-02-06 19:41:43.000000000 +0100
+@@ -0,0 +1,10 @@
++OPENSSL_1.0.0 {
++       global:
++               bind_engine;
++               v_check;
++               OPENSSL_init;
++               OPENSSL_finish;
++       local:
++               *;
++};
++
+Index: openssl-1.0.1d/engines/ccgost/openssl.ld
+===================================================================
+--- /dev/null   1970-01-01 00:00:00.000000000 +0000
++++ openssl-1.0.1d/engines/ccgost/openssl.ld    2013-02-06 19:41:43.000000000 +0100
+@@ -0,0 +1,10 @@
++OPENSSL_1.0.0 {
++       global:
++               bind_engine;
++               v_check;
++               OPENSSL_init;
++               OPENSSL_finish;
++       local:
++               *;
++};
++
diff --git a/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch b/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
new file mode 100644
index 0000000..d8a6f1a
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
@@ -0,0 +1,56 @@
+Upstream-Status: Inappropriate [configuration]
+
+
+Index: openssl-1.0.0/engines/Makefile
+===================================================================
+--- openssl-1.0.0.orig/engines/Makefile
++++ openssl-1.0.0/engines/Makefile
+@@ -107,7 +107,7 @@
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @if [ -n "$(SHARED_LIBS)" ]; then \
+                set -e; \
+-               $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \
++               $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines; \
+                for l in $(LIBNAMES); do \
+                        ( echo installing $$l; \
+                          pfx=lib; \
+@@ -119,13 +119,13 @@
+                                *DSO_WIN32*)    sfx="eay32.dll"; pfx=;; \
+                                *)              sfx=".bad";;    \
+                                esac; \
+-                               cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
++                               cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
+                          else \
+                                sfx=".so"; \
+-                               cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
++                               cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
+                          fi; \
+-                         chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+-                         mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
++                         chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
++                         mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx ); \
+                done; \
+        fi
+        @target=install; $(RECURSIVE_MAKE)
+Index: openssl-1.0.0/engines/ccgost/Makefile
+===================================================================
+--- openssl-1.0.0.orig/engines/ccgost/Makefile
++++ openssl-1.0.0/engines/ccgost/Makefile
+@@ -53,13 +53,13 @@
+                        *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
+                        *) sfx=".bad";; \
+                        esac; \
+-                       cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++                       cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+                else \
+                        sfx=".so"; \
+-                       cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++                       cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+                fi; \
+-               chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+-               mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
++               chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++               mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx; \
+        fi
+ 
+ links:
diff --git a/recipes-connectivity/openssl/openssl/find.pl b/recipes-connectivity/openssl/openssl/find.pl
new file mode 100644
index 0000000..8e1b42c
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/find.pl
@@ -0,0 +1,54 @@
+warn "Legacy library @{[(caller(0))[6]]} will be removed from the Perl core distribution in the next major release. Please install it from the CPAN distribution Perl4::CoreLibs. It is being used at @{[(caller)[1]]}, line @{[(caller)[2]]}.\n";
+
+# This library is deprecated and unmaintained. It is included for
+# compatibility with Perl 4 scripts which may use it, but it will be
+# removed in a future version of Perl. Please use the File::Find module
+# instead.
+
+# Usage:
+#       require "find.pl";
+#
+#       &find('/foo','/bar');
+#
+#       sub wanted { ... }
+#               where wanted does whatever you want.  $dir contains the
+#               current directory name, and $_ the current filename within
+#               that directory.  $name contains "$dir/$_".  You are cd'ed
+#               to $dir when the function is called.  The function may
+#               set $prune to prune the tree.
+#
+# For example,
+#
+#   find / -name .nfs\* -mtime +7 -exec rm -f {} \; -o -fstype nfs -prune
+#
+# corresponds to this
+#
+#       sub wanted {
+#           /^\.nfs.*$/ &&
+#           (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_)) &&
+#           int(-M _) > 7 &&
+#           unlink($_)
+#           ||
+#           ($nlink || (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_))) &&
+#           $dev < 0 &&
+#           ($prune = 1);
+#       }
+#
+# Set the variable $dont_use_nlink if you're using AFS, since AFS cheats.
+
+use File::Find ();
+
+*name           = *File::Find::name;
+*prune          = *File::Find::prune;
+*dir            = *File::Find::dir;
+*topdir         = *File::Find::topdir;
+*topdev         = *File::Find::topdev;
+*topino         = *File::Find::topino;
+*topmode        = *File::Find::topmode;
+*topnlink       = *File::Find::topnlink;
+
+sub find {
+    &File::Find::find(\&wanted, @_);
+}
+
+1;
diff --git a/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch b/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
new file mode 100644
index 0000000..f0e1778
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
@@ -0,0 +1,22 @@
+Upstream-Status: Submitted
+
+This patch adds the fix for one of the ciphers used in openssl, namely
+the cipher des-ede3-cfb1. Complete bug log and patch is present here:
+http://rt.openssl.org/Ticket/Display.html?id=2867
+
+Signed-Off-By: Muhammad Shakeel <muhammad_shakeel@mentor.com>
+
+diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
+index 3232cfe..df84922 100644
+===================================================================
+--- a/crypto/evp/e_des3.c
++++ b/crypto/evp/e_des3.c
+@@ -173,7 +173,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+     size_t n;
+     unsigned char c[1],d[1];
+ 
+-    for(n=0 ; n < inl ; ++n)
++    for(n=0 ; n < inl*8 ; ++n)
+        {
+        c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
+        DES_ede3_cfb_encrypt(c,d,1,1,
diff --git a/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch b/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
new file mode 100644
index 0000000..2185ff8
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
@@ -0,0 +1,119 @@
+From: Andy Polyakov <appro@openssl.org>
+Date: Sun, 13 Oct 2013 17:15:15 +0000 (+0200)
+Subject: Initial aarch64 bits.
+X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=039081b80977e2a5de84e1f88f8b4d025b559956
+
+Initial aarch64 bits.
+---
+ crypto/bn/bn_lcl.h       |    9 +++++++++
+ crypto/md32_common.h     |   18 ++++++++++++++++++
+ crypto/modes/modes_lcl.h |    8 ++++++++
+ crypto/sha/sha512.c      |   13 +++++++++++++
+ 4 files changed, 48 insertions(+)
+
+Index: openssl-1.0.1f/crypto/bn/bn_lcl.h
+===================================================================
+--- openssl-1.0.1f.orig/crypto/bn/bn_lcl.h      2014-01-06 15:47:42.000000000 +0200
++++ openssl-1.0.1f/crypto/bn/bn_lcl.h   2014-02-28 10:37:55.495979037 +0200
+@@ -300,6 +300,15 @@
+             : "r"(a), "r"(b));
+ #    endif
+ #  endif
++# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG)
++#  if defined(__GNUC__) && __GNUC__>=2
++#   define BN_UMULT_HIGH(a,b)  ({  \
++   register BN_ULONG ret;      \
++   asm ("umulh %0,%1,%2"   \
++        : "=r"(ret)        \
++        : "r"(a), "r"(b));     \
++   ret;            })
++#  endif
+ # endif                /* cpu */
+ #endif         /* OPENSSL_NO_ASM */
+ 
+Index: openssl-1.0.1f/crypto/md32_common.h
+===================================================================
+--- openssl-1.0.1f.orig/crypto/md32_common.h    2014-01-06 15:47:42.000000000 +0200
++++ openssl-1.0.1f/crypto/md32_common.h 2014-02-28 10:39:21.751979107 +0200
+@@ -213,6 +213,24 @@
+                                   asm ("bswapl %0":"=r"(r):"0"(r));    \
+                                   *((unsigned int *)(c))=r; (c)+=4; r; })
+ #   endif
++#  elif defined(__aarch64__)
++#   if defined(__BYTE_ORDER__)
++#    if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
++#     define HOST_c2l(c,l) ({ unsigned int r;      \
++                  asm ("rev    %w0,%w1"    \
++                   :"=r"(r)        \
++                   :"r"(*((const unsigned int *)(c))));\
++                  (c)+=4; (l)=r;       })
++#     define HOST_l2c(l,c) ({ unsigned int r;      \
++                  asm ("rev    %w0,%w1"    \
++                   :"=r"(r)        \
++                   :"r"((unsigned int)(l)));\
++                  *((unsigned int *)(c))=r; (c)+=4; r; })
++#    elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
++#     define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
++#     define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
++#    endif
++#   endif
+ #  endif
+ # endif
+ #endif
+Index: openssl-1.0.1f/crypto/modes/modes_lcl.h
+===================================================================
+--- openssl-1.0.1f.orig/crypto/modes/modes_lcl.h        2014-02-28 10:47:48.731979011 +0200
++++ openssl-1.0.1f/crypto/modes/modes_lcl.h     2014-02-28 10:48:49.707978919 +0200
+@@ -29,6 +29,7 @@
+ #if defined(__i386)    || defined(__i386__)    || \
+     defined(__x86_64)  || defined(__x86_64__)  || \
+     defined(_M_IX86)   || defined(_M_AMD64)    || defined(_M_X64) || \
++    defined(__aarch64__)           || \
+     defined(__s390__)  || defined(__s390x__)
+ # undef STRICT_ALIGNMENT
+ #endif
+@@ -50,6 +51,13 @@
+ #  define BSWAP4(x) ({ u32 ret=(x);                    \
+                        asm ("bswapl %0"                \
+                        : "+r"(ret));   ret;            })
++# elif defined(__aarch64__)
++#  define BSWAP8(x) ({ u64 ret;            \
++           asm ("rev %0,%1"        \
++           : "=r"(ret) : "r"(x)); ret; })
++#  define BSWAP4(x) ({ u32 ret;            \
++           asm ("rev %w0,%w1"      \
++           : "=r"(ret) : "r"(x)); ret; })
+ # elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
+ #  define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x);     \
+                        asm ("rev %0,%0; rev %1,%1"     \
+Index: openssl-1.0.1f/crypto/sha/sha512.c
+===================================================================
+--- openssl-1.0.1f.orig/crypto/sha/sha512.c     2014-01-06 15:47:42.000000000 +0200
++++ openssl-1.0.1f/crypto/sha/sha512.c  2014-02-28 10:52:14.579978981 +0200
+@@ -55,6 +55,7 @@
+ #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
+     defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
+     defined(__s390__) || defined(__s390x__) || \
++    defined(__aarch64__) || \
+     defined(SHA512_ASM)
+ #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+ #endif
+@@ -347,6 +348,18 @@
+                                asm ("rotrdi %0,%1,%2"  \
+                                : "=r"(ret)             \
+                                : "r"(a),"K"(n)); ret;  })
++#  elif defined(__aarch64__)
++#   define ROTR(a,n)   ({ SHA_LONG64 ret;      \
++               asm ("ror %0,%1,%2" \
++               : "=r"(ret)     \
++               : "r"(a),"I"(n)); ret;  })
++#   if  defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
++   __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
++#    define PULL64(x)  ({ SHA_LONG64 ret;          \
++               asm ("rev   %0,%1"      \
++               : "=r"(ret)         \
++               : "r"(*((const SHA_LONG64 *)(&(x))))); ret;     })
++#   endif
+ #  endif
+ # elif defined(_MSC_VER)
+ #  if defined(_WIN64)  /* applies to both IA-64 and AMD64 */
diff --git a/recipes-connectivity/openssl/openssl/oe-ldflags.patch b/recipes-connectivity/openssl/openssl/oe-ldflags.patch
new file mode 100644
index 0000000..292e13d
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/oe-ldflags.patch
@@ -0,0 +1,24 @@
+Upstream-Status: Inappropriate [open-embedded]
+
+Index: openssl-1.0.0/Makefile.shared
+===================================================================
+--- openssl-1.0.0.orig/Makefile.shared
++++ openssl-1.0.0/Makefile.shared
+@@ -92,7 +92,7 @@
+ LINK_APP=      \
+   ( $(SET_X);   \
+     LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
+-    LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
++    LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$(OE_LDFLAGS) $${LDFLAGS:-$(CFLAGS)}"; \
+     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+@@ -102,7 +102,7 @@
+   ( $(SET_X);   \
+     LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
+     SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
+-    SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
++    SHAREDFLAGS="$(OE_LDFLAGS) $${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
diff --git a/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
new file mode 100644
index 0000000..c161e62
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
@@ -0,0 +1,21 @@
+openssl: avoid NULL pointer dereference in EVP_DigestInit_ex()
+
+We should avoid accessing the type pointer if it's NULL,
+this could happen if ctx->digest is not NULL.
+
+Upstream-Status: Submitted
+http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
+
+Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
+---
+--- a/crypto/evp/digest.c
++++ b/crypto/evp/digest.c
+@@ -199,7 +199,7 @@
+                return 0;
+                }
+ #endif
+-       if (ctx->digest != type)
++       if (type && (ctx->digest != type))
+                {
+                if (ctx->digest && ctx->digest->ctx_size)
+                        OPENSSL_free(ctx->md_data);
diff --git a/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch b/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
new file mode 100644
index 0000000..3e93fe4
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
@@ -0,0 +1,39 @@
+openssl: avoid NULL pointer dereference in dh_pub_encode()/dsa_pub_encode()
+
+We should avoid accessing the pointer if ASN1_STRING_new()
+allocates memory failed.
+
+Upstream-Status: Submitted
+http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html
+
+Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
+---
+--- a/crypto/dh/dh_ameth.c
++++ b/crypto/dh/dh_ameth.c
+@@ -139,6 +139,12 @@
+        dh=pkey->pkey.dh;
+ 
+        str = ASN1_STRING_new();
++       if (!str)
++               {
++               DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
++               goto err;
++               }
++
+        str->length = i2d_DHparams(dh, &str->data);
+        if (str->length <= 0)
+                {
+--- a/crypto/dsa/dsa_ameth.c
++++ b/crypto/dsa/dsa_ameth.c
+@@ -148,6 +148,11 @@
+                {
+                ASN1_STRING *str;
+                str = ASN1_STRING_new();
++               if (!str)
++                       {
++                       DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
++                       goto err;
++                       }
+                str->length = i2d_DSAparams(dsa, &str->data);
+                if (str->length <= 0)
+                        {
diff --git a/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch b/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch
new file mode 100644
index 0000000..de49729
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch
@@ -0,0 +1,19 @@
+openssl: Fix pod2man des.pod error on Ubuntu 12.04
+
+This is a formatting fix, '=back' is required before
+'=head1' on Ubuntu 12.04.
+
+Upstream-Status: Pending
+Signed-off-by: Baogen Shang <baogen.shang@windriver.com>
+diff -urpN a_origin/des.pod b_modify/des.pod
+--- a_origin/crypto/des/des.pod 2013-08-15 15:02:56.211674589 +0800
++++ b_modify/crypto/des/des.pod 2013-08-15 15:04:14.439674580 +0800
+@@ -181,6 +181,8 @@ the uuencoded file to embed in the begin
+ output.  If there is no name specified after the B<-u>, the name text.des
+ will be embedded in the header.
+ 
++=back
++
+ =head1 SEE ALSO
+ 
+ ps(1),
diff --git a/recipes-connectivity/openssl/openssl/openssl-fix-link.patch b/recipes-connectivity/openssl/openssl/openssl-fix-link.patch
new file mode 100644
index 0000000..154106c
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/openssl-fix-link.patch
@@ -0,0 +1,35 @@
+From aabfb6f78af8e337d3239142117ba303fce55e7e Mon Sep 17 00:00:00 2001
+From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+Date: Thu, 22 Sep 2011 08:55:26 +0200
+Subject: [PATCH] fix the parallel build regarding shared libraries.
+
+Upstream-Status: Pending
+---
+ .../openssl-1.0.0e/Makefile.org                    |    8 ++++----
+ 1 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/Makefile.org
+index 3c7aea1..6326cd6 100644
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -243,13 +243,13 @@ build_libs: build_crypto build_ssl build_engines
+ 
+ build_crypto:
+        @dir=crypto; target=all; $(BUILD_ONE_CMD)
+-build_ssl:
++build_ssl: build_crypto
+        @dir=ssl; target=all; $(BUILD_ONE_CMD)
+-build_engines:
++build_engines: build_crypto
+        @dir=engines; target=all; $(BUILD_ONE_CMD)
+-build_apps:
++build_apps: build_crypto build_ssl
+        @dir=apps; target=all; $(BUILD_ONE_CMD)
+-build_tests:
++build_tests: build_crypto build_ssl
+        @dir=test; target=all; $(BUILD_ONE_CMD)
+ build_tools:
+        @dir=tools; target=all; $(BUILD_ONE_CMD)
+-- 
+1.6.6.1
+
diff --git a/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch b/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
new file mode 100644
index 0000000..93ce034
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
@@ -0,0 +1,90 @@
+Upstream-Status: Pending
+
+Received from H J Liu @ Intel
+Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors.
+Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
+
+ported the patch to the 1.0.0e version
+Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
+Index: openssl-1.0.1e/Configure
+===================================================================
+--- openssl-1.0.1e.orig/Configure
++++ openssl-1.0.1e/Configure
+@@ -402,6 +402,7 @@ my %table=(
+ "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-x86_64",        "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++"linux-x32", "gcc:-mx32 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
+ "linux64-s390x",       "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+ #### So called "highgprs" target for z/Architecture CPUs
+ # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
+Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
+===================================================================
+--- openssl-1.0.1e.orig/crypto/bn/asm/x86_64-gcc.c
++++ openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
+@@ -55,7 +55,7 @@
+  *    machine.
+  */
+ 
+-#ifdef _WIN64
++#if defined _WIN64 || !defined __LP64__
+ #define BN_ULONG unsigned long long
+ #else
+ #define BN_ULONG unsigned long
+@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con
+        asm (
+        "       subq    %2,%2           \n"
+        ".p2align 4                     \n"
+-       "1:     movq    (%4,%2,8),%0    \n"
+-       "       adcq    (%5,%2,8),%0    \n"
+-       "       movq    %0,(%3,%2,8)    \n"
++       "1:     movq    (%q4,%2,8),%0   \n"
++       "       adcq    (%q5,%2,8),%0   \n"
++       "       movq    %0,(%q3,%2,8)   \n"
+        "       leaq    1(%2),%2        \n"
+        "       loop    1b              \n"
+        "       sbbq    %0,%0           \n"
+@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con
+        asm (
+        "       subq    %2,%2           \n"
+        ".p2align 4                     \n"
+-       "1:     movq    (%4,%2,8),%0    \n"
+-       "       sbbq    (%5,%2,8),%0    \n"
+-       "       movq    %0,(%3,%2,8)    \n"
++       "1:     movq    (%q4,%2,8),%0   \n"
++       "       sbbq    (%q5,%2,8),%0   \n"
++       "       movq    %0,(%q3,%2,8)   \n"
+        "       leaq    1(%2),%2        \n"
+        "       loop    1b              \n"
+        "       sbbq    %0,%0           \n"
+Index: openssl-1.0.1e/crypto/bn/bn.h
+===================================================================
+--- openssl-1.0.1e.orig/crypto/bn/bn.h
++++ openssl-1.0.1e/crypto/bn/bn.h
+@@ -172,6 +172,13 @@ extern "C" {
+ # endif
+ #endif
+ 
++/* Address type.  */
++#ifdef _WIN64
++#define BN_ADDR unsigned long long
++#else
++#define BN_ADDR unsigned long
++#endif
++
+ /* assuming long is 64bit - this is the DEC Alpha
+  * unsigned long long is only 64 bits :-(, don't define
+  * BN_LLONG for the DEC Alpha */
+Index: openssl-1.0.1e/crypto/bn/bn_exp.c
+===================================================================
+--- openssl-1.0.1e.orig/crypto/bn/bn_exp.c
++++ openssl-1.0.1e/crypto/bn/bn_exp.c
+@@ -567,7 +567,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
+ 
+ /* Given a pointer value, compute the next address that is a cache line multiple. */
+ #define MOD_EXP_CTIME_ALIGN(x_) \
+-       ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
++       ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+ 
+ /* This variant of BN_mod_exp_mont() uses fixed windows and the special
+  * precomputation memory layout to limit data-dependency to a minimum
diff --git a/recipes-connectivity/openssl/openssl/ptest-deps.patch b/recipes-connectivity/openssl/openssl/ptest-deps.patch
new file mode 100644
index 0000000..527e10c
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/ptest-deps.patch
@@ -0,0 +1,30 @@
+Remove Makefile dependencies for test targets
+
+These are probably here because the executables aren't always built for
+other platforms (e.g. Windows); however we can safely assume they'll
+always be there. None of the other test targets have such dependencies
+and if we don't remove them, make tries to rebuild the executables and
+fails during run-ptest.
+
+Upstream-Status: Inappropriate [config]
+
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+diff --git a/test/Makefile b/test/Makefile
+index e6fcfb4..5ae043b 100644
+--- a/test/Makefile
++++ b/test/Makefile
+@@ -322,11 +322,11 @@ test_cms:
+        @echo "CMS consistency test"
+        $(PERL) cms-test.pl
+ 
+-test_srp: $(SRPTEST)$(EXE_EXT)
++test_srp:
+        @echo "Test SRP"
+        ../util/shlib_wrap.sh ./srptest
+ 
+-test_heartbeat: $(HEARTBEATTEST)$(EXE_EXT)
++test_heartbeat:
+        ../util/shlib_wrap.sh ./$(HEARTBEATTEST)
+ 
+ lint:
diff --git a/recipes-connectivity/openssl/openssl/run-ptest b/recipes-connectivity/openssl/openssl/run-ptest
new file mode 100644
index 0000000..3b20fce
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/run-ptest
@@ -0,0 +1,2 @@
+#!/bin/sh
+make -k runtest
diff --git a/recipes-connectivity/openssl/openssl/shared-libs.patch b/recipes-connectivity/openssl/openssl/shared-libs.patch
new file mode 100644
index 0000000..a7ca0a3
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/shared-libs.patch
@@ -0,0 +1,41 @@
+Upstream-Status: Inappropriate [configuration]
+
+Index: openssl-1.0.1e/crypto/Makefile
+===================================================================
+--- openssl-1.0.1e.orig/crypto/Makefile
++++ openssl-1.0.1e/crypto/Makefile
+@@ -108,7 +108,7 @@ $(LIB):     $(LIBOBJ)
+ 
+ shared: buildinf.h lib subdirs
+        if [ -n "$(SHARED_LIBS)" ]; then \
+-               (cd ..; $(MAKE) $(SHARED_LIB)); \
++               (cd ..; $(MAKE) -e $(SHARED_LIB)); \
+        fi
+ 
+ libs:
+Index: openssl-1.0.1e/Makefile.org
+===================================================================
+--- openssl-1.0.1e.orig/Makefile.org
++++ openssl-1.0.1e/Makefile.org
+@@ -310,7 +310,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_
+ 
+ libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
+        @if [ "$(SHLIB_TARGET)" != "" ]; then \
+-               $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
++               $(MAKE) -e SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
+        else \
+                echo "There's no support for shared libraries on this platform" >&2; \
+                exit 1; \
+Index: openssl-1.0.1e/ssl/Makefile
+===================================================================
+--- openssl-1.0.1e.orig/ssl/Makefile
++++ openssl-1.0.1e/ssl/Makefile
+@@ -62,7 +62,7 @@ lib:  $(LIBOBJ)
+ 
+ shared: lib
+        if [ -n "$(SHARED_LIBS)" ]; then \
+-               (cd ..; $(MAKE) $(SHARED_LIB)); \
++               (cd ..; $(MAKE) -e $(SHARED_LIB)); \
+        fi
+ 
+ files:
diff --git a/recipes-connectivity/openssl/openssl_1.0.1i.bb b/recipes-connectivity/openssl/openssl_1.0.1i.bb
new file mode 100644
index 0000000..f3c20e8
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl_1.0.1i.bb
@@ -0,0 +1,55 @@
+require openssl.inc
+
+# For target side versions of openssl enable support for OCF Linux driver
+# if they are available.
+DEPENDS += "cryptodev-linux"
+
+CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
+
+export DIRS = "crypto ssl apps engines"
+export OE_LDFLAGS="${LDFLAGS}"
+
+SRC_URI += "file://configure-targets.patch \
+            file://shared-libs.patch \
+            file://oe-ldflags.patch \
+            file://engines-install-in-libdir-ssl.patch \
+            file://openssl-fix-link.patch \
+            file://debian/version-script.patch \
+            file://debian/pic.patch \
+            file://debian/c_rehash-compat.patch \
+            file://debian/ca.patch \
+            file://debian/make-targets.patch \
+            file://debian/no-rpath.patch \
+            file://debian/man-dir.patch \
+            file://debian/man-section.patch \
+            file://debian/no-symbolic.patch \
+            file://debian/debian-targets.patch \
+            file://openssl_fix_for_x32.patch \
+            file://openssl-fix-doc.patch \
+            file://fix-cipher-des-ede3-cfb1.patch \
+            file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
+            file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \
+            file://initial-aarch64-bits.patch \
+            file://find.pl \
+            file://openssl-fix-des.pod-error.patch \
+           "
+
+SRC_URI[md5sum] = "de62b43dfcd858e66a74bee1c834e959"
+SRC_URI[sha256sum] = "53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028"
+
+PACKAGES =+ " \
+        ${PN}-engines \
+        ${PN}-engines-dbg \
+        "
+
+FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
+FILES_${PN}-engines-dbg = "${libdir}/ssl/engines/.debug"
+
+PARALLEL_MAKE = ""
+PARALLEL_MAKEINST = ""
+
+do_configure_prepend() {
+  cp ${WORKDIR}/find.pl ${S}/util/find.pl
+}
diff --git a/recipes-connectivity/openssl/openssl_1.0.1i.bbappend b/recipes-connectivity/openssl/openssl_1.0.1i.bbappend
new file mode 100644
index 0000000..1e0781e
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl_1.0.1i.bbappend
@@ -0,0 +1,64 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/openssl-fsl:"
+
+RDEPENDS_${PN}_class-target += "cryptodev-module"
+
+# base package is taken from Freescale repository
+SRCBRANCH = "OpenSSL_1_0_1-stable"
+SRC_URI = "git://git.openssl.org/openssl.git;branch=${SRCBRANCH} \
+        file://0001-remove-double-initialization-of-cryptodev-engine.patch \
+        file://0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch \
+        file://0003-cryptodev-fix-algorithm-registration.patch \
+        file://0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch \
+        file://0005-ECC-Support-header-for-Cryptodev-Engine.patch \
+        file://0006-Fixed-private-key-support-for-DH.patch \
+        file://0007-Fixed-private-key-support-for-DH.patch \
+        file://0008-Initial-support-for-PKC-in-cryptodev-engine.patch \
+        file://0009-Added-hwrng-dev-file-as-source-of-RNG.patch \
+        file://0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch \
+        file://0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch \
+        file://0012-RSA-Keygen-Fix.patch \
+        file://0013-Removed-local-copy-of-curve_t-type.patch \
+        file://0014-Modulus-parameter-is-not-populated-by-dhparams.patch \
+        file://0015-SW-Backoff-mechanism-for-dsa-keygen.patch \
+        file://0016-Fixed-DH-keygen-pair-generator.patch \
+        file://0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch \
+        file://Makefiles-ptest.patch \
+        file://ptest-deps.patch \
+        file://run-ptest \
+        "
+
+SRCREV = "2b456034457b58454aae3998a2765b6a5b9bc837"
+
+SRC_URI += "file://configure-targets.patch \
+            file://shared-libs.patch \
+            file://oe-ldflags.patch \
+            file://engines-install-in-libdir-ssl.patch \
+            file://openssl-fix-link.patch \
+            file://debian/version-script.patch \
+            file://debian/pic.patch \
+            file://debian/c_rehash-compat.patch \
+            file://debian/ca.patch \
+            file://debian/make-targets.patch \
+            file://debian/no-rpath.patch \
+            file://debian/man-dir.patch \
+            file://debian/man-section.patch \
+            file://debian/no-symbolic.patch \
+            file://debian/debian-targets.patch \
+            file://openssl_fix_for_x32.patch \
+            file://fix-cipher-des-ede3-cfb1.patch \
+            file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
+            file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \
+            file://initial-aarch64-bits.patch \
+            file://find.pl \
+            file://openssl-fix-des.pod-error.patch \
+           "
+S = "${WORKDIR}/git"
+
+# Digest offloading through cryptodev is not recommended because of the
+# performance penalty of the Openssl engine interface. Openssl generates a huge
+# number of calls to digest functions for even a small amount of work data.
+# For example there are 70 calls to cipher code and over 10000 to digest code
+# when downloading only 10 files of 700 bytes each.
+# Do not build OpenSSL with cryptodev digest support until engine digest
+# interface gets some rework:
+CFLAG := "${@'${CFLAG}'.replace('-DUSE_CRYPTODEV_DIGESTS', '')}"
diff --git a/recipes-core/init-ifupdown/init-ifupdown/qoriq-ppc/interfaces b/recipes-core/init-ifupdown/init-ifupdown/qoriq-ppc/interfaces
new file mode 100644
index 0000000..3737c8b
--- /dev/null
+++ b/recipes-core/init-ifupdown/init-ifupdown/qoriq-ppc/interfaces
@@ -0,0 +1,6 @@
+# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
+ 
+# The loopback interface
+auto lo
+iface lo inet loopback
+
diff --git a/recipes-core/init-ifupdown/init-ifupdown_%.bbappend b/recipes-core/init-ifupdown/init-ifupdown_%.bbappend
new file mode 100644
index 0000000..0005787
--- /dev/null
+++ b/recipes-core/init-ifupdown/init-ifupdown_%.bbappend
@@ -0,0 +1,2 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"
+
diff --git a/recipes-core/udev/udev-rules-qoriq.bb b/recipes-core/udev/udev-rules-qoriq.bb
new file mode 100644
index 0000000..546f9e8
--- /dev/null
+++ b/recipes-core/udev/udev-rules-qoriq.bb
@@ -0,0 +1,23 @@
+DESCRIPTION = "udev rules for Freescale QorIQ SOCs"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690"
+
+SRC_URI = "\
+    file://71-fsl-dpaa-persistent-networking.rules \
+    file://72-fsl-dpaa-persistent-networking.rules \
+"
+RULE ?= "71-fsl-dpaa-persistent-networking.rules"
+RULE_e6500 = "72-fsl-dpaa-persistent-networking.rules"
+RULE_e6500-64b = "72-fsl-dpaa-persistent-networking.rules"
+RULE_t1024 = "72-fsl-dpaa-persistent-networking.rules"
+
+do_install () {
+    install -d ${D}${sysconfdir}/udev/rules.d/
+    install -m 0644 ${WORKDIR}/${RULE} ${D}${sysconfdir}/udev/rules.d/
+
+    # skip mmc rpmb partitions
+    echo "/dev/mmcblk.*rpmb" >>${D}${sysconfdir}/udev/mount.blacklist
+    # skip nbd (network block device)
+    echo "/dev/nbd*" >>${D}${sysconfdir}/udev/mount.blacklist
+}
+
diff --git a/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/71-fsl-dpaa-persistent-networking.rules b/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/71-fsl-dpaa-persistent-networking.rules
new file mode 100644
index 0000000..6c6dc35
--- /dev/null
+++ b/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/71-fsl-dpaa-persistent-networking.rules
@@ -0,0 +1,20 @@
+# Rules for handling naming the DPAA FMan ethernet ports in a consistent way
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e0000", NAME="fm1-gb0"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e2000", NAME="fm1-gb1"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e4000", NAME="fm1-gb2"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e6000", NAME="fm1-gb3"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e8000", NAME="fm1-gb4"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4f0000", NAME="fm1-10g"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e0000", NAME="fm2-gb0"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e2000", NAME="fm2-gb1"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e4000", NAME="fm2-gb2"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e6000", NAME="fm2-gb3"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e8000", NAME="fm2-gb4"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5f0000", NAME="fm2-10g"
+
+# P1023 has its Fman @ different offsets
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ff7e0000", NAME="fm1-gb0"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ff7e2000", NAME="fm1-gb1"
+
+# Rename macless0 port to "macless0"
+SUBSYSTEM=="net", ATTR{device_type}=="macless0", NAME="macless0"
diff --git a/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/72-fsl-dpaa-persistent-networking.rules b/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/72-fsl-dpaa-persistent-networking.rules
new file mode 100644
index 0000000..d0eec9c
--- /dev/null
+++ b/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/72-fsl-dpaa-persistent-networking.rules
@@ -0,0 +1,24 @@
+# Rules for handling naming the DPAA FMan ethernet ports in a consistent way
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e0000", NAME="fm1-mac1"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e2000", NAME="fm1-mac2"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e4000", NAME="fm1-mac3"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e6000", NAME="fm1-mac4"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e8000", NAME="fm1-mac5"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4ea000", NAME="fm1-mac6"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4ec000", NAME="fm1-mac7"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4ee000", NAME="fm1-mac8"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4f0000", NAME="fm1-mac9"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4f2000", NAME="fm1-mac10"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e0000", NAME="fm2-mac1"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e2000", NAME="fm2-mac2"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e4000", NAME="fm2-mac3"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e6000", NAME="fm2-mac4"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e8000", NAME="fm2-mac5"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5ea000", NAME="fm2-mac6"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5ec000", NAME="fm2-mac7"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5ee000", NAME="fm2-mac8"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5f0000", NAME="fm2-mac9"
+SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5f2000", NAME="fm2-mac10"
+
+# Rename macless0 to "macless0"
+SUBSYSTEM=="net", ATTR{device_type}=="macless0", NAME="macless0"
diff --git a/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/automount.rules b/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/automount.rules
new file mode 100644
index 0000000..a47efda
--- /dev/null
+++ b/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/automount.rules
@@ -0,0 +1,23 @@
+# There are a number of modifiers that are allowed to be used in some
+# of the different fields. They provide the following subsitutions:
+#
+# %n the "kernel number" of the device.
+#    For example, 'sda3' has a "kernel number" of '3'
+# %e the smallest number for that name which does not matches an existing node
+# %k the kernel name for the device
+# %M the kernel major number for the device
+# %m the kernel minor number for the device
+# %b the bus id for the device
+# %c the string returned by the PROGRAM
+# %s{filename} the content of a sysfs attribute
+# %% the '%' char itself
+#
+
+SUBSYSTEM=="block", ENV{DEVTYPE}=="partition", GOTO="automount_end"
+
+# Media automounting
+SUBSYSTEM=="block", ACTION=="add"    RUN+="/etc/udev/scripts/mount.sh"
+SUBSYSTEM=="block", ACTION=="remove" RUN+="/etc/udev/scripts/mount.sh"
+
+LABEL="automount_end"
+
diff --git a/recipes-core/udev/udev/skip-rules-for-mmc-rpmb-partition.patch b/recipes-core/udev/udev/skip-rules-for-mmc-rpmb-partition.patch
new file mode 100644
index 0000000..edbc0b3
--- /dev/null
+++ b/recipes-core/udev/udev/skip-rules-for-mmc-rpmb-partition.patch
@@ -0,0 +1,41 @@
+From 68a780f4cbba18c01d8409faafb1f7904afa86a9 Mon Sep 17 00:00:00 2001
+From: Ting Liu <ting.liu@freescale.com>
+Date: Thu, 31 Jul 2014 16:12:32 +0800
+Subject: [PATCH] skip rules for mmc rpmb partition
+
+Upstream-status: Pending
+
+In FSL SDK 1.6 Kernel, mmc driver has created a new partition 
+with "mmcblkXrpmb" if device expresses it support of RPMB.
+
+RPMB (Replay Protected Memory Block), A signed access to a Replay 
+Protected Memory Block is provided. This function provides means 
+for the system to store data to the specific memory area in an 
+authenticated and replay protected manner.
+
+In that case, any read/write access to this partition device will 
+report errors which will not impact any fuction.
+
+add rules to skip it.
+
+Signed-off-by: Ting Liu <ting.liu@freescale.com>
+---
+ rules/60-persistent-storage.rules | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/rules/60-persistent-storage.rules b/rules/60-persistent-storage.rules
+index fa687f2..bb3f8f9 100644
+--- a/rules/60-persistent-storage.rules
++++ b/rules/60-persistent-storage.rules
+@@ -14,7 +14,7 @@ ACTION=="add", SUBSYSTEM=="module", KERNEL=="block", ATTR{parameters/events_dfl_
+ SUBSYSTEM!="block", GOTO="persistent_storage_end"
+ 
+ # skip rules for inappropriate block devices
+-KERNEL=="fd*|mtd*|nbd*|gnbd*|btibm*|dm-*|md*", GOTO="persistent_storage_end"
++KERNEL=="fd*|mtd*|nbd*|gnbd*|btibm*|dm-*|md*|mmcblk*rpmb", GOTO="persistent_storage_end"
+ 
+ # ignore partitions that span the entire disk
+ TEST=="whole_disk", GOTO="persistent_storage_end"
+-- 
+1.8.3.2
+
diff --git a/recipes-core/udev/udev_182.bbappend b/recipes-core/udev/udev_182.bbappend
new file mode 100644
index 0000000..4eedfd8
--- /dev/null
+++ b/recipes-core/udev/udev_182.bbappend
@@ -0,0 +1,6 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"
+
+SRC_URI_append_qoriq-ppc = " \
+    file://skip-rules-for-mmc-rpmb-partition.patch \
+"
+
diff --git a/recipes-devtools/qemu/qemu_fslgit.bb b/recipes-devtools/qemu/qemu_fslgit.bb
new file mode 100644
index 0000000..32e738e
--- /dev/null
+++ b/recipes-devtools/qemu/qemu_fslgit.bb
@@ -0,0 +1,57 @@
+require recipes-devtools/qemu/qemu.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac \
+                    file://COPYING.LIB;endline=24;md5=c04def7ae38850e7d3ef548588159913"
+
+# This means QEMU v1.7 with FSL specific patches applied
+PV = "1.7+fsl"
+
+# NOTE: these options are note available in qemu 1.7, but qemu.inc assumes
+# version 2.0+ where they are available. For now we unset them, but we should
+# remove the following lines when upgrading to qemu 2.0+:
+PACKAGECONFIG[quorum] = ""
+PACKAGECONFIG[lzo]    = ""
+PACKAGECONFIG[numa]   = ""
+PACKAGECONFIG[gtk+] = ""
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/qemu.git;nobranch=1"
+SRCREV = "6ac4597c059d35e2737b234747243e56d340f4db"
+
+S = "${WORKDIR}/git"
+
+QEMU_TARGETS = "ppc"
+PPC_OECONF = '${SDL} --cross-prefix=${TARGET_PREFIX} --disable-werror --disable-vnc --disable-bluez --disable-curl --enable-libusb'
+EXTRA_OECONF_e5500-64b = "--target-list=ppc64-softmmu ${PPC_OECONF}"
+EXTRA_OECONF_e6500-64b = "--target-list=ppc64-softmmu ${PPC_OECONF}"
+EXTRA_OECONF_e6500 = "--target-list=ppc64-softmmu ${PPC_OECONF}"
+EXTRA_OECONF_e5500 = "--target-list=ppc64-softmmu ${PPC_OECONF}"
+EXTRA_OECONF_e500v2 = "--target-list=ppc-softmmu ${PPC_OECONF}"
+EXTRA_OECONF_e500mc = "--target-list=ppc-softmmu ${PPC_OECONF}"
+
+do_configure_prepend() {
+        export PKG_CONFIG=${STAGING_DIR_NATIVE}${bindir_native}/pkg-config
+}
+
+do_configure_append () {
+        grep 'CONFIG_FDT=y' config-host.mak
+}
+
+# gets around qemu.inc trying to install powerpc_rom.bin
+do_install_prepend() {
+        touch ${WORKDIR}/powerpc_rom.bin
+}
+
+do_install_append() {
+        rm ${WORKDIR}/powerpc_rom.bin
+    # Prevent QA warnings about installed ${localstatedir}/run
+    if [ -d ${D}${localstatedir}/run ]; then rmdir ${D}${localstatedir}/run; fi
+}
+
+INSANE_SKIP_${PN} += "dev-deps"
+
+# This is only meant to be build to run on the target
+# for the given arch types listed, otherwise don't let
+# the package get built. COMPATIBLE_HOST would not work
+# because it was too generic
+COMPATIBLE_MACHINE = "a^"
+COMPATIBLE_MACHINE_libc-glibc_qoriq-ppc = ".*"
diff --git a/recipes-dpaa/eth-config/eth-config_git.bb b/recipes-dpaa/eth-config/eth-config_git.bb
new file mode 100644
index 0000000..878121f
--- /dev/null
+++ b/recipes-dpaa/eth-config/eth-config_git.bb
@@ -0,0 +1,17 @@
+DESCRIPTION = "Ethernet Configuration Files"
+SECTION = "eth-config"
+LICENSE = "BSD & GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=8ed5eddbfbb84af5089ea94c382d423c"
+
+PR = "r2"
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/eth-config.git;branch=sdk-v1.7.x"
+SRCREV = "8040e0b1a7cb18cecfe0c7657d42f59f222b7930"
+
+S = "${WORKDIR}/git"
+
+EXTRA_OEMAKE = "D=${D}"
+
+do_install() {
+    oe_runmake install
+}
diff --git a/recipes-dpaa/flib/flib_git.bb b/recipes-dpaa/flib/flib_git.bb
new file mode 100644
index 0000000..3ac7886
--- /dev/null
+++ b/recipes-dpaa/flib/flib_git.bb
@@ -0,0 +1,15 @@
+DESCRIPTION = "Foundation Library"
+SECTION = "flib"
+LICENSE = "BSD & GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=75d2f6a74299640c05ae6c69ed7a4ad6"
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/flib.git;nobranch=1"
+SRCREV = "4bd48d4d6dbb1bd57c3c608fe66e97f4eb8e05b9"
+
+S = "${WORKDIR}/git"
+
+do_install(){
+    oe_runmake install DESTDIR=${D}
+}
+
+ALLOW_EMPTY_${PN} = "1"
diff --git a/recipes-dpaa/fm-ucode/fm-ucode_git.bb b/recipes-dpaa/fm-ucode/fm-ucode_git.bb
new file mode 100644
index 0000000..1bb7098
--- /dev/null
+++ b/recipes-dpaa/fm-ucode/fm-ucode_git.bb
@@ -0,0 +1,37 @@
+DESCRIPTION = "Fman microcode binary"
+SECTION = "fm-ucode"
+LICENSE = "Freescale-EULA"
+LIC_FILES_CHKSUM = "file://EULA;md5=60037ccba533a5995e8d1a838d85799c"
+
+PR = "r1"
+
+inherit deploy
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/fm-ucode.git;nobranch=1"
+SRCREV = "4cda2e3f36408ded79022cf599260add07769786"
+
+S = "${WORKDIR}/git"
+
+REGLEX ?= "${MACHINE}"
+REGLEX_t1042 = "t1040"
+REGLEX_b4420 = "b4860"
+REGLEX_t4160 = "t4240"
+
+do_install () {
+    UCODE=`echo ${REGLEX} | sed -e 's,-.*$,,' -e 's,[a-zA-Z]*$,,'`
+    install -d ${D}/boot
+    install -m 644 fsl_fman_ucode_${UCODE}*.bin ${D}/boot/
+}
+
+do_deploy () {
+    UCODE=`echo ${REGLEX} | sed -e 's,-.*$,,' -e 's,[a-zA-Z]*$,,'`
+    install -d ${DEPLOYDIR}/
+    install -m 644 fsl_fman_ucode_${UCODE}*.bin ${DEPLOYDIR}/
+}
+addtask deploy before do_build after do_install
+
+PACKAGES += "${PN}-image"
+FILES_${PN}-image += "/boot"
+ALLOW_EMPTY_${PN} = "1"
+COMPATIBLE_MACHINE = "(p1023rdb|e500mc|e5500|e5500-64b|e6500|e6500-64b)"
+
diff --git a/recipes-dpaa/fmc/fmc_git.bb b/recipes-dpaa/fmc/fmc_git.bb
new file mode 100644
index 0000000..a9da96f
--- /dev/null
+++ b/recipes-dpaa/fmc/fmc_git.bb
@@ -0,0 +1,53 @@
+DESCRIPTION = "Frame Manager Configuration tool"
+SECTION = "fmc"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://COPYING;md5=a504ab5a8ff235e67c7301214749346c"
+
+PR = "r2"
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/fmc.git;nobranch=1"
+SRCREV = "4f4a3ebe447c3c982d453596a82af7b40ac3a28a"
+
+DEPENDS = "libxml2 fmlib tclap"
+
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+COMPATIBLE_HOST_qoriq-ppc = ".*"
+COMPATIBLE_HOST ?= "(none)"
+
+S = "${WORKDIR}/git"
+
+EXTRA_OEMAKE = 'FMD_USPACE_HEADER_PATH="${STAGING_INCDIR}/fmd" \
+    FMD_USPACE_LIB_PATH="${STAGING_LIBDIR}" LIBXML2_HEADER_PATH="${STAGING_INCDIR}/libxml2" \
+    TCLAP_HEADER_PATH="${STAGING_INCDIR}" '
+EXTRA_OEMAKE_virtclass-native = 'FMCHOSTMODE=1 FMD_USPACE_HEADER_PATH="${STAGING_INCDIR}/fmd" \
+    FMD_USPACE_LIB_PATH="${STAGING_LIBDIR}" LIBXML2_HEADER_PATH="${STAGING_INCDIR}/libxml2" \
+    TCLAP_HEADER_PATH="${STAGING_INCDIR}" '
+
+PARALLEL_MAKE = ""
+
+do_compile () {
+    if echo ${MACHINE} | egrep -q "^(b4|t1|t2|t4)"; then
+        EXTRA_OEMAKE_PLATFORM="b4860qds"
+    elif [ "p1023rds" = "${MACHINE}" ];then
+        EXTRA_OEMAKE_PLATFORM="p1023rds"
+    else
+        EXTRA_OEMAKE_PLATFORM=""
+    fi
+    oe_runmake MACHINE=${EXTRA_OEMAKE_PLATFORM} -C source
+}
+
+do_install () {
+    install -d ${D}/${bindir}
+    install -m 755 ${S}/source/fmc ${D}/${bindir}/fmc
+
+    install -d ${D}/etc/fmc/config
+    install -m 644 ${S}/etc/fmc/config/hxs_pdl_v3.xml ${D}/etc/fmc/config
+
+    install -d ${D}/${includedir}/fmc
+    install ${S}/source/fmc.h ${D}/${includedir}/fmc
+
+    install -d ${D}/${libdir}
+    install ${S}/source/libfmc.a ${D}/${libdir}
+}
+
+BBCLASSEXTEND = "native"
diff --git a/recipes-dpaa/fmlib/fmlib_git.bb b/recipes-dpaa/fmlib/fmlib_git.bb
new file mode 100644
index 0000000..4d394a5
--- /dev/null
+++ b/recipes-dpaa/fmlib/fmlib_git.bb
@@ -0,0 +1,45 @@
+DESCRIPTION = "Frame Manager User Space Library"
+SECTION = "fman"
+LICENSE = "BSD & GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=3f16fa8e677e45af3127c5c4bafc3c00"
+
+PR = "r1"
+
+DEPENDS += "virtual/kernel"
+DEPENDS_virtclass-native = ""
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/fmlib.git;nobranch=1"
+SRCREV = "661d7822aa182f720029134008d7e1db07b0d504"
+
+S = "${WORKDIR}/git"
+
+TARGET_ARCH_FMLIB = "${DEFAULTTUNE}"
+TARGET_ARCH_FMLIB_e5500 = "ppc32e5500"
+TARGET_ARCH_FMLIB_e6500 = "ppc32e6500"
+COMPATIBLE_HOST_qoriq-ppc = ".*"
+COMPATIBLE_HOST ?= "(none)"
+
+EXTRA_OEMAKE = "DESTDIR=${D} PREFIX=${prefix} LIB_DEST_DIR=${libdir} \
+        CROSS_COMPILE=${TARGET_PREFIX} KERNEL_SRC=${STAGING_KERNEL_DIR}"
+
+FMLIB_TARGET = "libfm-${TARGET_ARCH_FMLIB}"
+FMLIB_TARGET_t1 = "libfm-${TARGET_ARCH_FMLIB}-fmv3"
+do_compile () {
+    oe_runmake ${FMLIB_TARGET}.a
+}
+
+do_compile_virtclass-native () {
+}
+
+do_install () {
+    oe_runmake install-${FMLIB_TARGET}
+}
+
+do_install_virtclass-native () {
+    install -d ${D}/${includedir}
+    cp -rf ${S}/include/* ${D}/${includedir}
+}
+
+ALLOW_EMPTY_${PN} = "1"
+
+BBCLASSEXTEND = "native"
diff --git a/recipes-dpaa/usdpaa/usdpaa_git.bb b/recipes-dpaa/usdpaa/usdpaa_git.bb
new file mode 100644
index 0000000..e6bf5f6
--- /dev/null
+++ b/recipes-dpaa/usdpaa/usdpaa_git.bb
@@ -0,0 +1,62 @@
+DESCRIPTION = "User-Space Data-Path Acceleration Architecture drivers"
+LICENSE = "BSD & GPLv2"
+LIC_FILES_CHKSUM = "file://Makefile;endline=30;md5=39e58bedc879163c9338596e52df5b1f"
+PR = "r4"
+
+inherit pkgconfig
+
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+
+DEPENDS = "libxml2 libedit ncurses readline flib fmc"
+DEPENDS_append_b4860qds = " ipc-ust"
+DEPENDS_append_b4420qds = " ipc-ust"
+
+RDEPENDS_${PN} = "libgcc bash"
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/usdpaa.git;nobranch=1"
+SRCREV = "d9975948bb6bf9fdcec189c0f1c31ce45f74961c"
+
+S = "${WORKDIR}/git"
+
+EXTRA_OEMAKE = 'CC="${CC}" LD="${LD}" AR="${AR}"'
+export ARCH="${TARGET_ARCH}"
+
+SOC ?= "P4080"
+SOC_b4 = "B4860"
+SOC_t1 = "T1040"
+SOC_t2 = "T2080"
+SOC_t4 = "T4240"
+SOC_p1023rdb = "P1023"
+
+FMAN_VARIANT ?= "P4080"
+FMAN_VARIANT_b4 = "B4860"
+FMAN_VARIANT_t1 = "B4860"
+FMAN_VARIANT_t2 = "B4860"
+FMAN_VARIANT_t4 = "B4860"
+FMAN_VARIANT_p1023rdb = "P1023"
+
+do_compile_prepend () {
+    export SOC=${SOC}
+    export FMC_EXTRA_CFLAGS="-I ${STAGING_INCDIR}/fmc"
+    export FMLIB_EXTRA_CFLAGS="-I ${STAGING_INCDIR}/fmd \
+        -I ${STAGING_INCDIR}/fmd/Peripherals \
+        -I ${STAGING_INCDIR}/fmd/integrations \
+        -D${FMAN_VARIANT}"
+
+    export LIBXML2_CFLAGS="$(pkg-config --cflags libxml-2.0)"
+    export LIBXML2_LDFLAGS="$(pkg-config --libs --static libxml-2.0)"
+    export LIBEDIT_CFLAGS="$(pkg-config --cflags libedit)"
+    export LIBEDIT_LDFLAGS="$(pkg-config --libs --static libedit)"
+}
+
+do_install () {
+    export SOC=${SOC}
+    oe_runmake install DESTDIR=${D}
+}
+
+PARALLEL_MAKE_pn-${PN} = ""
+FILES_${PN} += "/root/SOURCE_THIS /usr/etc/"
+
+COMPATIBLE_HOST_qoriq-ppc = ".*"
+COMPATIBLE_HOST ?= "(none)"
+
diff --git a/recipes-extended/cst/cst_git.bb b/recipes-extended/cst/cst_git.bb
new file mode 100644
index 0000000..e9f1b6f
--- /dev/null
+++ b/recipes-extended/cst/cst_git.bb
@@ -0,0 +1,26 @@
+SUMMARY = "utility for security boot"
+SECTION = "cst"
+LICENSE = "BSD"
+
+# TODO: fix license - this file is not a license
+LIC_FILES_CHKSUM = "file://RELEASENOTES;beginline=8;endline=43;md5=5a7b22a2c96b5f94e0498c5f413aa8d3"
+
+DEPENDS += "openssl"
+
+inherit kernel-arch
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/cst.git;nobranch=1"
+SRCREV = "2d35e98539c0daa2bc8049e3bd44994d3d93bbe7"
+
+S = "${WORKDIR}/git"
+
+EXTRA_OEMAKE = 'CC="${CC}" LD="${CC}"'
+
+PARALLEL_MAKE = ""
+
+do_install () {
+    oe_runmake install DESTDIR=${D} BIN_DEST_DIR=${bindir}
+}
+
+FILES_${PN}-dbg += "${bindir}/cst/.debug"
+BBCLASSEXTEND = "native nativesdk"
diff --git a/recipes-extended/merge-files/merge-files/merge/README b/recipes-extended/merge-files/merge-files/merge/README
new file mode 100644
index 0000000..8f0d85a
--- /dev/null
+++ b/recipes-extended/merge-files/merge-files/merge/README
@@ -0,0 +1,7 @@
+This package is used to merge specified files into rootfs.
+
+Steps:
+1> copy files to recipes-*/merge-files/merge-files/merge/
+2> add 'IMAGE_INSTALL += "merge-files"' into rootfs recipe
+3> bitbake <rootfs_image_type>
+
diff --git a/recipes-extended/merge-files/merge-files_1.0.bb b/recipes-extended/merge-files/merge-files_1.0.bb
new file mode 100644
index 0000000..f64b909
--- /dev/null
+++ b/recipes-extended/merge-files/merge-files_1.0.bb
@@ -0,0 +1,25 @@
+DESCRIPTION = "Merge prebuilt/extra files into rootfs"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
+                    file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+inherit allarch
+
+SRC_URI = "file://merge"
+
+MERGED_DST ?= "${ROOT_HOME}"
+do_install () {
+    install -d ${D}/${MERGED_DST}
+    find ${WORKDIR}/merge/ -maxdepth 1 -mindepth 1 -not -name README \
+    -exec cp -fr '{}' ${D}/${MERGED_DST}/ \;
+    find ${WORKDIR}/merge/ -maxdepth 1 -mindepth 1 -exec rm -fr '{}' \;
+}
+do_unpack[nostamp] = "1"
+do_install[nostamp] = "1"
+do_configure[noexec] = "1"
+do_compile[noexec] = "1"
+
+FILES_${PN} = "/*"
+ALLOW_EMPTY_${PN} = "1"
+INSANE_SKIP_${PN} = "debug-files dev-so"
+
diff --git a/recipes-extended/procps/procps_%.bbappend b/recipes-extended/procps/procps_%.bbappend
new file mode 100644
index 0000000..face0cc
--- /dev/null
+++ b/recipes-extended/procps/procps_%.bbappend
@@ -0,0 +1,9 @@
+do_install_append_qoriq-ppc() {
+    for keyword in \
+        net.ipv4.conf.default.rp_filter \
+        net.ipv4.conf.all.rp_filter \
+    ; do
+        sed -i 's,'"$keyword"'=.*,'"$keyword"'=0,' ${D}${sysconfdir}/sysctl.conf
+    done
+}
+
diff --git a/recipes-extended/skmm-ep/skmm-ep/add-two-missing-header-files.patch b/recipes-extended/skmm-ep/skmm-ep/add-two-missing-header-files.patch
new file mode 100644
index 0000000..2a7bb9f
--- /dev/null
+++ b/recipes-extended/skmm-ep/skmm-ep/add-two-missing-header-files.patch
@@ -0,0 +1,660 @@
+add two missing header files
+
+Upstream-status: Pending
+
+---
+ include/linux/fsl_pci_ep_vfio.h |  79 ++++++
+ include/linux/vfio.h            | 555 ++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 634 insertions(+)
+ create mode 100644 include/linux/fsl_pci_ep_vfio.h
+ create mode 100644 include/linux/vfio.h
+
+diff --git a/include/linux/fsl_pci_ep_vfio.h b/include/linux/fsl_pci_ep_vfio.h
+new file mode 100644
+index 0000000..8960157
+--- /dev/null
++++ b/include/linux/fsl_pci_ep_vfio.h
+@@ -0,0 +1,79 @@
++/*
++ * Copyright 2013 Freescale Semiconductor, Inc.
++ *
++ * Author: Minghuan Lian <Minghuan.Lian@freescale.com>
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License, version 2, as
++ * published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
++ *
++ */
++
++#ifndef _FSL_PCI_EP_VFIO_H
++#define _FSL_PCI_EP_VFIO_H
++
++#include <linux/vfio.h>
++
++enum {
++       PCI_EP_TYPE_PF,
++       PCI_EP_TYPE_VF,
++};
++
++enum PCI_EP_REGION_TYPE {
++       PCI_EP_REGION_IBWIN,
++       PCI_EP_REGION_OBWIN,
++       PCI_EP_REGION_VF_IBWIN,
++       PCI_EP_REGION_VF_OBWIN,
++       PCI_EP_REGION_REGS,
++       PCI_EP_REGION_CONFIG,
++       PCI_EP_REGION_MEM,
++       PCI_EP_REGION_MSIX_OBWIN
++};
++
++enum PCI_EP_REGION_INDEX {
++       PCI_EP_WIN0_INDEX,
++       PCI_EP_WIN1_INDEX,
++       PCI_EP_WIN2_INDEX,
++       PCI_EP_WIN3_INDEX,
++       PCI_EP_WIN4_INDEX,
++       PCI_EP_WIN5_INDEX,
++};
++
++#define PCI_EP_MSI_WIN_INDEX PCI_EP_WIN1_INDEX
++#define PCI_EP_CCSR_WIN_INDEX PCI_EP_WIN0_INDEX
++#define PCI_EP_DEFAULT_OW_INDEX PCI_EP_WIN0_INDEX
++
++struct pci_ep_win {
++       uint64_t pci_addr;
++       uint64_t cpu_addr;
++       uint64_t size;
++       uint64_t offset;
++       uint32_t attr;
++       uint32_t type;
++       uint32_t idx;
++};
++
++#define VFIO_DEVICE_SET_WIN_INFO       _IO(VFIO_TYPE, VFIO_BASE + 20)
++#define VFIO_DEVICE_GET_WIN_INFO       _IO(VFIO_TYPE, VFIO_BASE + 21)
++
++struct pci_ep_info {
++       uint32_t type;
++       uint32_t pf_idx;
++       uint32_t vf_idx;
++       uint32_t iw_num;
++       uint32_t ow_num;
++       uint32_t vf_iw_num;
++       uint32_t vf_ow_num;
++       bool msix_enable;
++};
++
++#endif
+diff --git a/include/linux/vfio.h b/include/linux/vfio.h
+new file mode 100644
+index 0000000..44578d2
+--- /dev/null
++++ b/include/linux/vfio.h
+@@ -0,0 +1,555 @@
++/*
++ * VFIO API definition
++ *
++ * Copyright (C) 2012 Red Hat, Inc.  All rights reserved.
++ *     Author: Alex Williamson <alex.williamson@redhat.com>
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 2 as
++ * published by the Free Software Foundation.
++ */
++#ifndef _UAPIVFIO_H
++#define _UAPIVFIO_H
++
++#include <linux/types.h>
++#include <linux/ioctl.h>
++
++#define VFIO_API_VERSION       0
++
++
++/* Kernel & User level defines for VFIO IOCTLs. */
++
++/* Extensions */
++
++#define VFIO_TYPE1_IOMMU               1
++#define VFIO_SPAPR_TCE_IOMMU           2
++#define VFIO_FSL_PAMU_IOMMU            1000
++#define VFIO_IOMMU_DUMMY               1001
++
++/*
++ * The IOCTL interface is designed for extensibility by embedding the
++ * structure length (argsz) and flags into structures passed between
++ * kernel and userspace.  We therefore use the _IO() macro for these
++ * defines to avoid implicitly embedding a size into the ioctl request.
++ * As structure fields are added, argsz will increase to match and flag
++ * bits will be defined to indicate additional fields with valid data.
++ * It's *always* the caller's responsibility to indicate the size of
++ * the structure passed by setting argsz appropriately.
++ */
++
++#define VFIO_TYPE      (';')
++#define VFIO_BASE      100
++
++/* -------- IOCTLs for VFIO file descriptor (/dev/vfio/vfio) -------- */
++
++/**
++ * VFIO_GET_API_VERSION - _IO(VFIO_TYPE, VFIO_BASE + 0)
++ *
++ * Report the version of the VFIO API.  This allows us to bump the entire
++ * API version should we later need to add or change features in incompatible
++ * ways.
++ * Return: VFIO_API_VERSION
++ * Availability: Always
++ */
++#define VFIO_GET_API_VERSION           _IO(VFIO_TYPE, VFIO_BASE + 0)
++
++/**
++ * VFIO_CHECK_EXTENSION - _IOW(VFIO_TYPE, VFIO_BASE + 1, __u32)
++ *
++ * Check whether an extension is supported.
++ * Return: 0 if not supported, 1 (or some other positive integer) if supported.
++ * Availability: Always
++ */
++#define VFIO_CHECK_EXTENSION           _IO(VFIO_TYPE, VFIO_BASE + 1)
++
++/**
++ * VFIO_SET_IOMMU - _IOW(VFIO_TYPE, VFIO_BASE + 2, __s32)
++ *
++ * Set the iommu to the given type.  The type must be supported by an
++ * iommu driver as verified by calling CHECK_EXTENSION using the same
++ * type.  A group must be set to this file descriptor before this
++ * ioctl is available.  The IOMMU interfaces enabled by this call are
++ * specific to the value set.
++ * Return: 0 on success, -errno on failure
++ * Availability: When VFIO group attached
++ */
++#define VFIO_SET_IOMMU                 _IO(VFIO_TYPE, VFIO_BASE + 2)
++
++/* -------- IOCTLs for GROUP file descriptors (/dev/vfio/$GROUP) -------- */
++
++/**
++ * VFIO_GROUP_GET_STATUS - _IOR(VFIO_TYPE, VFIO_BASE + 3,
++ *                                             struct vfio_group_status)
++ *
++ * Retrieve information about the group.  Fills in provided
++ * struct vfio_group_info.  Caller sets argsz.
++ * Return: 0 on succes, -errno on failure.
++ * Availability: Always
++ */
++struct vfio_group_status {
++       __u32   argsz;
++       __u32   flags;
++#define VFIO_GROUP_FLAGS_VIABLE                (1 << 0)
++#define VFIO_GROUP_FLAGS_CONTAINER_SET (1 << 1)
++};
++#define VFIO_GROUP_GET_STATUS          _IO(VFIO_TYPE, VFIO_BASE + 3)
++
++/**
++ * VFIO_GROUP_SET_CONTAINER - _IOW(VFIO_TYPE, VFIO_BASE + 4, __s32)
++ *
++ * Set the container for the VFIO group to the open VFIO file
++ * descriptor provided.  Groups may only belong to a single
++ * container.  Containers may, at their discretion, support multiple
++ * groups.  Only when a container is set are all of the interfaces
++ * of the VFIO file descriptor and the VFIO group file descriptor
++ * available to the user.
++ * Return: 0 on success, -errno on failure.
++ * Availability: Always
++ */
++#define VFIO_GROUP_SET_CONTAINER       _IO(VFIO_TYPE, VFIO_BASE + 4)
++
++/**
++ * VFIO_GROUP_UNSET_CONTAINER - _IO(VFIO_TYPE, VFIO_BASE + 5)
++ *
++ * Remove the group from the attached container.  This is the
++ * opposite of the SET_CONTAINER call and returns the group to
++ * an initial state.  All device file descriptors must be released
++ * prior to calling this interface.  When removing the last group
++ * from a container, the IOMMU will be disabled and all state lost,
++ * effectively also returning the VFIO file descriptor to an initial
++ * state.
++ * Return: 0 on success, -errno on failure.
++ * Availability: When attached to container
++ */
++#define VFIO_GROUP_UNSET_CONTAINER     _IO(VFIO_TYPE, VFIO_BASE + 5)
++
++/**
++ * VFIO_GROUP_GET_DEVICE_FD - _IOW(VFIO_TYPE, VFIO_BASE + 6, char)
++ *
++ * Return a new file descriptor for the device object described by
++ * the provided string.  The string should match a device listed in
++ * the devices subdirectory of the IOMMU group sysfs entry.  The
++ * group containing the device must already be added to this context.
++ * Return: new file descriptor on success, -errno on failure.
++ * Availability: When attached to container
++ */
++#define VFIO_GROUP_GET_DEVICE_FD       _IO(VFIO_TYPE, VFIO_BASE + 6)
++
++/* --------------- IOCTLs for DEVICE file descriptors --------------- */
++
++/**
++ * VFIO_DEVICE_GET_INFO - _IOR(VFIO_TYPE, VFIO_BASE + 7,
++ *                                             struct vfio_device_info)
++ *
++ * Retrieve information about the device.  Fills in provided
++ * struct vfio_device_info.  Caller sets argsz.
++ * Return: 0 on success, -errno on failure.
++ */
++struct vfio_device_info {
++       __u32   argsz;
++       __u32   flags;
++#define VFIO_DEVICE_FLAGS_RESET        (1 << 0)        /* Device supports reset */
++#define VFIO_DEVICE_FLAGS_PCI  (1 << 1)        /* vfio-pci device */
++       __u32   num_regions;    /* Max region index + 1 */
++       __u32   num_irqs;       /* Max IRQ index + 1 */
++};
++#define VFIO_DEVICE_GET_INFO           _IO(VFIO_TYPE, VFIO_BASE + 7)
++
++/**
++ * VFIO_DEVICE_GET_REGION_INFO - _IOWR(VFIO_TYPE, VFIO_BASE + 8,
++ *                                    struct vfio_region_info)
++ *
++ * Retrieve information about a device region.  Caller provides
++ * struct vfio_region_info with index value set.  Caller sets argsz.
++ * Implementation of region mapping is bus driver specific.  This is
++ * intended to describe MMIO, I/O port, as well as bus specific
++ * regions (ex. PCI config space).  Zero sized regions may be used
++ * to describe unimplemented regions (ex. unimplemented PCI BARs).
++ * Return: 0 on success, -errno on failure.
++ */
++struct vfio_region_info {
++       __u32   argsz;
++       __u32   flags;
++#define VFIO_REGION_INFO_FLAG_READ     (1 << 0) /* Region supports read */
++#define VFIO_REGION_INFO_FLAG_WRITE    (1 << 1) /* Region supports write */
++#define VFIO_REGION_INFO_FLAG_MMAP     (1 << 2) /* Region supports mmap */
++       __u32   index;          /* Region index */
++       __u32   resv;           /* Reserved for alignment */
++       __u64   size;           /* Region size (bytes) */
++       __u64   offset;         /* Region offset from start of device fd */
++};
++#define VFIO_DEVICE_GET_REGION_INFO    _IO(VFIO_TYPE, VFIO_BASE + 8)
++
++/**
++ * VFIO_DEVICE_GET_IRQ_INFO - _IOWR(VFIO_TYPE, VFIO_BASE + 9,
++ *                                 struct vfio_irq_info)
++ *
++ * Retrieve information about a device IRQ.  Caller provides
++ * struct vfio_irq_info with index value set.  Caller sets argsz.
++ * Implementation of IRQ mapping is bus driver specific.  Indexes
++ * using multiple IRQs are primarily intended to support MSI-like
++ * interrupt blocks.  Zero count irq blocks may be used to describe
++ * unimplemented interrupt types.
++ *
++ * The EVENTFD flag indicates the interrupt index supports eventfd based
++ * signaling.
++ *
++ * The MASKABLE flags indicates the index supports MASK and UNMASK
++ * actions described below.
++ *
++ * AUTOMASKED indicates that after signaling, the interrupt line is
++ * automatically masked by VFIO and the user needs to unmask the line
++ * to receive new interrupts.  This is primarily intended to distinguish
++ * level triggered interrupts.
++ *
++ * The NORESIZE flag indicates that the interrupt lines within the index
++ * are setup as a set and new subindexes cannot be enabled without first
++ * disabling the entire index.  This is used for interrupts like PCI MSI
++ * and MSI-X where the driver may only use a subset of the available
++ * indexes, but VFIO needs to enable a specific number of vectors
++ * upfront.  In the case of MSI-X, where the user can enable MSI-X and
++ * then add and unmask vectors, it's up to userspace to make the decision
++ * whether to allocate the maximum supported number of vectors or tear
++ * down setup and incrementally increase the vectors as each is enabled.
++ */
++struct vfio_irq_info {
++       __u32   argsz;
++       __u32   flags;
++#define VFIO_IRQ_INFO_EVENTFD          (1 << 0)
++#define VFIO_IRQ_INFO_MASKABLE         (1 << 1)
++#define VFIO_IRQ_INFO_AUTOMASKED       (1 << 2)
++#define VFIO_IRQ_INFO_NORESIZE         (1 << 3)
++       __u32   index;          /* IRQ index */
++       __u32   count;          /* Number of IRQs within this index */
++};
++#define VFIO_DEVICE_GET_IRQ_INFO       _IO(VFIO_TYPE, VFIO_BASE + 9)
++
++/**
++ * VFIO_DEVICE_SET_IRQS - _IOW(VFIO_TYPE, VFIO_BASE + 10, struct vfio_irq_set)
++ *
++ * Set signaling, masking, and unmasking of interrupts.  Caller provides
++ * struct vfio_irq_set with all fields set.  'start' and 'count' indicate
++ * the range of subindexes being specified.
++ *
++ * The DATA flags specify the type of data provided.  If DATA_NONE, the
++ * operation performs the specified action immediately on the specified
++ * interrupt(s).  For example, to unmask AUTOMASKED interrupt [0,0]:
++ * flags = (DATA_NONE|ACTION_UNMASK), index = 0, start = 0, count = 1.
++ *
++ * DATA_BOOL allows sparse support for the same on arrays of interrupts.
++ * For example, to mask interrupts [0,1] and [0,3] (but not [0,2]):
++ * flags = (DATA_BOOL|ACTION_MASK), index = 0, start = 1, count = 3,
++ * data = {1,0,1}
++ *
++ * DATA_EVENTFD binds the specified ACTION to the provided __s32 eventfd.
++ * A value of -1 can be used to either de-assign interrupts if already
++ * assigned or skip un-assigned interrupts.  For example, to set an eventfd
++ * to be trigger for interrupts [0,0] and [0,2]:
++ * flags = (DATA_EVENTFD|ACTION_TRIGGER), index = 0, start = 0, count = 3,
++ * data = {fd1, -1, fd2}
++ * If index [0,1] is previously set, two count = 1 ioctls calls would be
++ * required to set [0,0] and [0,2] without changing [0,1].
++ *
++ * Once a signaling mechanism is set, DATA_BOOL or DATA_NONE can be used
++ * with ACTION_TRIGGER to perform kernel level interrupt loopback testing
++ * from userspace (ie. simulate hardware triggering).
++ *
++ * Setting of an event triggering mechanism to userspace for ACTION_TRIGGER
++ * enables the interrupt index for the device.  Individual subindex interrupts
++ * can be disabled using the -1 value for DATA_EVENTFD or the index can be
++ * disabled as a whole with: flags = (DATA_NONE|ACTION_TRIGGER), count = 0.
++ *
++ * Note that ACTION_[UN]MASK specify user->kernel signaling (irqfds) while
++ * ACTION_TRIGGER specifies kernel->user signaling.
++ */
++struct vfio_irq_set {
++       __u32   argsz;
++       __u32   flags;
++#define VFIO_IRQ_SET_DATA_NONE         (1 << 0) /* Data not present */
++#define VFIO_IRQ_SET_DATA_BOOL         (1 << 1) /* Data is bool (u8) */
++#define VFIO_IRQ_SET_DATA_EVENTFD      (1 << 2) /* Data is eventfd (s32) */
++#define VFIO_IRQ_SET_ACTION_MASK       (1 << 3) /* Mask interrupt */
++#define VFIO_IRQ_SET_ACTION_UNMASK     (1 << 4) /* Unmask interrupt */
++#define VFIO_IRQ_SET_ACTION_TRIGGER    (1 << 5) /* Trigger interrupt */
++       __u32   index;
++       __u32   start;
++       __u32   count;
++       __u8    data[];
++};
++#define VFIO_DEVICE_SET_IRQS           _IO(VFIO_TYPE, VFIO_BASE + 10)
++
++#define VFIO_IRQ_SET_DATA_TYPE_MASK    (VFIO_IRQ_SET_DATA_NONE | \
++                                        VFIO_IRQ_SET_DATA_BOOL | \
++                                        VFIO_IRQ_SET_DATA_EVENTFD)
++#define VFIO_IRQ_SET_ACTION_TYPE_MASK  (VFIO_IRQ_SET_ACTION_MASK | \
++                                        VFIO_IRQ_SET_ACTION_UNMASK | \
++                                        VFIO_IRQ_SET_ACTION_TRIGGER)
++/**
++ * VFIO_DEVICE_RESET - _IO(VFIO_TYPE, VFIO_BASE + 11)
++ *
++ * Reset a device.
++ */
++#define VFIO_DEVICE_RESET              _IO(VFIO_TYPE, VFIO_BASE + 11)
++
++/*
++ * The VFIO-PCI bus driver makes use of the following fixed region and
++ * IRQ index mapping.  Unimplemented regions return a size of zero.
++ * Unimplemented IRQ types return a count of zero.
++ */
++
++enum {
++       VFIO_PCI_BAR0_REGION_INDEX,
++       VFIO_PCI_BAR1_REGION_INDEX,
++       VFIO_PCI_BAR2_REGION_INDEX,
++       VFIO_PCI_BAR3_REGION_INDEX,
++       VFIO_PCI_BAR4_REGION_INDEX,
++       VFIO_PCI_BAR5_REGION_INDEX,
++       VFIO_PCI_ROM_REGION_INDEX,
++       VFIO_PCI_CONFIG_REGION_INDEX,
++       /*
++        * Expose VGA regions defined for PCI base class 03, subclass 00.
++        * This includes I/O port ranges 0x3b0 to 0x3bb and 0x3c0 to 0x3df
++        * as well as the MMIO range 0xa0000 to 0xbffff.  Each implemented
++        * range is found at it's identity mapped offset from the region
++        * offset, for example 0x3b0 is region_info.offset + 0x3b0.  Areas
++        * between described ranges are unimplemented.
++        */
++       VFIO_PCI_VGA_REGION_INDEX,
++       VFIO_PCI_NUM_REGIONS
++};
++
++enum {
++       VFIO_PCI_INTX_IRQ_INDEX,
++       VFIO_PCI_MSI_IRQ_INDEX,
++       VFIO_PCI_MSIX_IRQ_INDEX,
++       VFIO_PCI_ERR_IRQ_INDEX,
++       VFIO_PCI_NUM_IRQS
++};
++
++/**
++ * VFIO_DEVICE_GET_PCI_HOT_RESET_INFO - _IORW(VFIO_TYPE, VFIO_BASE + 12,
++ *                                           struct vfio_pci_hot_reset_info)
++ *
++ * Return: 0 on success, -errno on failure:
++ *     -enospc = insufficient buffer, -enodev = unsupported for device.
++ */
++struct vfio_pci_dependent_device {
++       __u32   group_id;
++       __u16   segment;
++       __u8    bus;
++       __u8    devfn; /* Use PCI_SLOT/PCI_FUNC */
++};
++
++struct vfio_pci_hot_reset_info {
++       __u32   argsz;
++       __u32   flags;
++       __u32   count;
++       struct vfio_pci_dependent_device        devices[];
++};
++
++#define VFIO_DEVICE_GET_PCI_HOT_RESET_INFO     _IO(VFIO_TYPE, VFIO_BASE + 12)
++
++/**
++ * VFIO_DEVICE_PCI_HOT_RESET - _IOW(VFIO_TYPE, VFIO_BASE + 13,
++ *                                 struct vfio_pci_hot_reset)
++ *
++ * Return: 0 on success, -errno on failure.
++ */
++struct vfio_pci_hot_reset {
++       __u32   argsz;
++       __u32   flags;
++       __u32   count;
++       __s32   group_fds[];
++};
++
++#define VFIO_DEVICE_PCI_HOT_RESET      _IO(VFIO_TYPE, VFIO_BASE + 13)
++
++/* -------- API for Type1 VFIO IOMMU -------- */
++
++/**
++ * VFIO_IOMMU_GET_INFO - _IOR(VFIO_TYPE, VFIO_BASE + 12, struct vfio_iommu_info)
++ *
++ * Retrieve information about the IOMMU object. Fills in provided
++ * struct vfio_iommu_info. Caller sets argsz.
++ *
++ * XXX Should we do these by CHECK_EXTENSION too?
++ */
++struct vfio_iommu_type1_info {
++       __u32   argsz;
++       __u32   flags;
++#define VFIO_IOMMU_INFO_PGSIZES (1 << 0)       /* supported page sizes info */
++       __u64   iova_pgsizes;           /* Bitmap of supported page sizes */
++};
++
++#define VFIO_IOMMU_GET_INFO _IO(VFIO_TYPE, VFIO_BASE + 12)
++
++/**
++ * VFIO_IOMMU_MAP_DMA - _IOW(VFIO_TYPE, VFIO_BASE + 13, struct vfio_dma_map)
++ *
++ * Map process virtual addresses to IO virtual addresses using the
++ * provided struct vfio_dma_map. Caller sets argsz. READ &/ WRITE required.
++ */
++struct vfio_iommu_type1_dma_map {
++       __u32   argsz;
++       __u32   flags;
++#define VFIO_DMA_MAP_FLAG_READ (1 << 0)                /* readable from device */
++#define VFIO_DMA_MAP_FLAG_WRITE (1 << 1)       /* writable from device */
++       __u64   vaddr;                          /* Process virtual address */
++       __u64   iova;                           /* IO virtual address */
++       __u64   size;                           /* Size of mapping (bytes) */
++};
++
++#define VFIO_IOMMU_MAP_DMA _IO(VFIO_TYPE, VFIO_BASE + 13)
++
++/**
++ * VFIO_IOMMU_UNMAP_DMA - _IOWR(VFIO_TYPE, VFIO_BASE + 14,
++ *                                                     struct vfio_dma_unmap)
++ *
++ * Unmap IO virtual addresses using the provided struct vfio_dma_unmap.
++ * Caller sets argsz.  The actual unmapped size is returned in the size
++ * field.  No guarantee is made to the user that arbitrary unmaps of iova
++ * or size different from those used in the original mapping call will
++ * succeed.
++ */
++struct vfio_iommu_type1_dma_unmap {
++       __u32   argsz;
++       __u32   flags;
++       __u64   iova;                           /* IO virtual address */
++       __u64   size;                           /* Size of mapping (bytes) */
++};
++
++#define VFIO_IOMMU_UNMAP_DMA _IO(VFIO_TYPE, VFIO_BASE + 14)
++
++/*********** APIs for VFIO_PAMU type only ****************/
++/*
++ * VFIO_IOMMU_PAMU_GET_ATTR - _IO(VFIO_TYPE, VFIO_BASE + 15,
++ *                               struct vfio_pamu_attr)
++ *
++ * Gets the iommu attributes for the current vfio container.
++ * Caller sets argsz and attribute.  The ioctl fills in
++ * the provided struct vfio_pamu_attr based on the attribute
++ * value that was set.
++ * Return: 0 on success, -errno on failure
++ */
++struct vfio_pamu_attr {
++       __u32   argsz;
++       __u32   flags;  /* no flags currently */
++#define VFIO_ATTR_GEOMETRY     0
++#define VFIO_ATTR_WINDOWS      1
++#define VFIO_ATTR_PAMU_STASH   2
++       __u32   attribute;
++
++       union {
++               /* VFIO_ATTR_GEOMETRY */
++               struct {
++                       /* first addr that can be mapped */
++                       __u64 aperture_start;
++                       /* last addr that can be mapped */
++                       __u64 aperture_end;
++               } attr;
++
++               /* VFIO_ATTR_WINDOWS */
++               __u32 windows;  /* number of windows in the aperture
++                                * initially this will be the max number
++                                * of windows that can be set
++                                */
++               /* VFIO_ATTR_PAMU_STASH */
++               struct {
++                       __u32 cpu;      /* CPU number for stashing */
++                       __u32 cache;    /* cache ID for stashing */
++               } stash;
++       } attr_info;
++};
++#define VFIO_IOMMU_PAMU_GET_ATTR  _IO(VFIO_TYPE, VFIO_BASE + 15)
++
++/*
++ * VFIO_IOMMU_PAMU_SET_ATTR - _IO(VFIO_TYPE, VFIO_BASE + 16,
++ *                               struct vfio_pamu_attr)
++ *
++ * Sets the iommu attributes for the current vfio container.
++ * Caller sets struct vfio_pamu attr, including argsz and attribute and
++ * setting any fields that are valid for the attribute.
++ * Return: 0 on success, -errno on failure
++ */
++#define VFIO_IOMMU_PAMU_SET_ATTR  _IO(VFIO_TYPE, VFIO_BASE + 16)
++
++/*
++ * VFIO_IOMMU_PAMU_GET_MSI_BANK_COUNT - _IO(VFIO_TYPE, VFIO_BASE + 17, __u32)
++ *
++ * Returns the number of MSI banks for this platform.  This tells user space
++ * how many aperture windows should be reserved for MSI banks when setting
++ * the PAMU geometry and window count.
++ * Return: __u32 bank count on success, -errno on failure
++ */
++#define VFIO_IOMMU_PAMU_GET_MSI_BANK_COUNT _IO(VFIO_TYPE, VFIO_BASE + 17)
++
++/*
++ * VFIO_IOMMU_PAMU_MAP_MSI_BANK - _IO(VFIO_TYPE, VFIO_BASE + 18,
++ *                                   struct vfio_pamu_msi_bank_map)
++ *
++ * Maps the MSI bank at the specified index and iova.  User space must
++ * call this ioctl once for each MSI bank (count of banks is returned by
++ * VFIO_IOMMU_PAMU_GET_MSI_BANK_COUNT).
++ * Caller provides struct vfio_pamu_msi_bank_map with all fields set.
++ * Return: 0 on success, -errno on failure
++ */
++
++struct vfio_pamu_msi_bank_map {
++       __u32   argsz;
++       __u32   flags;          /* no flags currently */
++       __u32   msi_bank_index; /* the index of the MSI bank */
++       __u64   iova;           /* the iova the bank is to be mapped to */
++};
++#define VFIO_IOMMU_PAMU_MAP_MSI_BANK  _IO(VFIO_TYPE, VFIO_BASE + 18)
++
++/*
++ * VFIO_IOMMU_PAMU_UNMAP_MSI_BANK - _IO(VFIO_TYPE, VFIO_BASE + 19,
++ *                                     struct vfio_pamu_msi_bank_unmap)
++ *
++ * Unmaps the MSI bank at the specified iova.
++ * Caller provides struct vfio_pamu_msi_bank_unmap with all fields set.
++ * Operates on VFIO file descriptor (/dev/vfio/vfio).
++ * Return: 0 on success, -errno on failure
++ */
++
++struct vfio_pamu_msi_bank_unmap {
++       __u32   argsz;
++       __u32   flags;  /* no flags currently */
++       __u64   iova;   /* the iova to be unmapped to */
++};
++#define VFIO_IOMMU_PAMU_UNMAP_MSI_BANK  _IO(VFIO_TYPE, VFIO_BASE + 19)
++
++/*
++ * IOCTLs to enable/disable IOMMU container usage.
++ * No parameters are supported.
++ */
++#define VFIO_IOMMU_ENABLE      _IO(VFIO_TYPE, VFIO_BASE + 15)
++#define VFIO_IOMMU_DISABLE     _IO(VFIO_TYPE, VFIO_BASE + 16)
++
++/* -------- Additional API for SPAPR TCE (Server POWERPC) IOMMU -------- */
++
++/*
++ * The SPAPR TCE info struct provides the information about the PCI bus
++ * address ranges available for DMA, these values are programmed into
++ * the hardware so the guest has to know that information.
++ *
++ * The DMA 32 bit window start is an absolute PCI bus address.
++ * The IOVA address passed via map/unmap ioctls are absolute PCI bus
++ * addresses too so the window works as a filter rather than an offset
++ * for IOVA addresses.
++ *
++ * A flag will need to be added if other page sizes are supported,
++ * so as defined here, it is always 4k.
++ */
++struct vfio_iommu_spapr_tce_info {
++       __u32 argsz;
++       __u32 flags;                    /* reserved for future use */
++       __u32 dma32_window_start;       /* 32 bit window start (bytes) */
++       __u32 dma32_window_size;        /* 32 bit window size (bytes) */
++};
++
++#define VFIO_IOMMU_SPAPR_TCE_GET_INFO  _IO(VFIO_TYPE, VFIO_BASE + 12)
++
++/* ***************************************************************** */
++
++#endif /* _UAPIVFIO_H */
+-- 
+1.8.3.2
+
diff --git a/recipes-extended/skmm-ep/skmm-ep_git.bb b/recipes-extended/skmm-ep/skmm-ep_git.bb
new file mode 100644
index 0000000..fcbd2ed
--- /dev/null
+++ b/recipes-extended/skmm-ep/skmm-ep_git.bb
@@ -0,0 +1,31 @@
+DESCRIPTION = "SKMM application for PCIe endpoint"
+SECTION = "skmm-ep"
+LICENSE = "BSD & GPLv2"
+LIC_FILES_CHKSUM = "file://Makefile;endline=30;md5=39e58bedc879163c9338596e52df5b1f"
+
+DEPENDS = "libedit openssl virtual/kernel"
+
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/skmm-ep.git;nobranch=1 \
+    file://add-two-missing-header-files.patch \
+"
+SRCREV = "27156a6621c8f6d7f98210b1ca5cd97bde926875"
+
+COMPATIBLE_MACHINE = "(p4080ds|t4240qds|c293pcie)"
+
+S = "${WORKDIR}/git"
+
+EXTRA_OEMAKE = 'MACHINE=${MACHINE}'
+
+export LIBEDIT_CFLAGS="$(pkg-config --cflags libedit)"
+export LIBEDIT_LDFLAGS="$(pkg-config --libs --static libedit)"
+
+do_compile () {
+        export ARCH=${TARGET_ARCH}
+        oe_runmake
+}
+
+do_install () {
+        oe_runmake ARCH=${TARGET_ARCH} install DESTDIR=${D}
+}
diff --git a/recipes-extended/testfloat/files/SoftFloat-powerpc-1.patch b/recipes-extended/testfloat/files/SoftFloat-powerpc-1.patch
new file mode 100644
index 0000000..b6db2de
--- /dev/null
+++ b/recipes-extended/testfloat/files/SoftFloat-powerpc-1.patch
@@ -0,0 +1,1427 @@
+This patch adds PowerPC support in SoftFloat.
+
+Signed-off-by: Ebony Zhu <ebony.zhu@freescale.com>
+Signed-off-by: Liu Yu <Yu.Liu@freescale.com>
+---
+ SoftFloat-2b/processors/powerpc-GCC.h              |   87 ++++
+ SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile |   26 ++
+ SoftFloat-2b/softfloat/bits32/powerpc-GCC/milieu.h |   55 +++
+ .../bits32/powerpc-GCC/softfloat-specialize        |  252 ++++++++++++
+ .../softfloat/bits32/powerpc-GCC/softfloat.h       |  155 +++++++
+ SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile |   24 ++
+ SoftFloat-2b/softfloat/bits64/powerpc-GCC/milieu.h |   55 +++
+ .../bits64/powerpc-GCC/softfloat-specialize        |  422 ++++++++++++++++++++
+ .../softfloat/bits64/powerpc-GCC/softfloat.h       |  269 +++++++++++++
+ 9 files changed, 1345 insertions(+), 0 deletions(-)
+ create mode 100644 SoftFloat-2b/processors/powerpc-GCC.h
+ create mode 100644 SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile
+ create mode 100644 SoftFloat-2b/softfloat/bits32/powerpc-GCC/milieu.h
+ create mode 100644 SoftFloat-2b/softfloat/bits32/powerpc-GCC/softfloat-specialize
+ create mode 100644 SoftFloat-2b/softfloat/bits32/powerpc-GCC/softfloat.h
+ create mode 100644 SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile
+ create mode 100644 SoftFloat-2b/softfloat/bits64/powerpc-GCC/milieu.h
+ create mode 100644 SoftFloat-2b/softfloat/bits64/powerpc-GCC/softfloat-specialize
+ create mode 100644 SoftFloat-2b/softfloat/bits64/powerpc-GCC/softfloat.h
+
+diff --git a/SoftFloat-2b/processors/powerpc-GCC.h b/SoftFloat-2b/processors/powerpc-GCC.h
+new file mode 100644
+index 0000000..002a786
+--- /dev/null
++++ b/SoftFloat-2b/processors/powerpc-GCC.h
+@@ -0,0 +1,87 @@
++/*
++ * This file is derived from processors/386-gcc.h,
++ * the copyright for that material belongs to the original owners.
++ *
++ * Additional material and changes where applicable is:
++ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved.
++ *
++ * Author: Ebony Zhu,  <ebony.zhu@freescale.com>
++ *         Yu Liu,     <yu.liu@freescale.com>
++ *
++ * THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE.  Although reasonable effort has
++ * been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT TIMES
++ * RESULT IN INCORRECT BEHAVIOR.  USE OF THIS SOFTWARE IS RESTRICTED TO PERSONS
++ * AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ALL LOSSES,
++ * COSTS, OR OTHER PROBLEMS THEY INCUR DUE TO THE SOFTWARE, AND WHO FURTHERMORE
++ * EFFECTIVELY INDEMNIFY JOHN HAUSER AND THE INTERNATIONAL COMPUTER SCIENCE
++ * INSTITUTE (possibly via similar legal warning) AGAINST ALL LOSSES, COSTS, OR
++ * OTHER PROBLEMS INCURRED BY THEIR CUSTOMERS AND CLIENTS DUE TO THE SOFTWARE.
++ */
++
++/*----------------------------------------------------------------------------
++| One of the macros `BIGENDIAN' or `LITTLEENDIAN' must be defined.
++*----------------------------------------------------------------------------*/
++#define BIGENDIAN
++
++/*----------------------------------------------------------------------------
++| The macro `BITS64' can be defined to indicate that 64-bit integer types are
++| supported by the compiler.
++*----------------------------------------------------------------------------*/
++#define BITS32
++
++/*----------------------------------------------------------------------------
++| Each of the following `typedef's defines the most convenient type that holds
++| integers of at least as many bits as specified.  For example, `uint8' should
++| be the most convenient type that can hold unsigned integers of as many as
++| 8 bits.  The `flag' type must be able to hold either a 0 or 1.  For most
++| implementations of C, `flag', `uint8', and `int8' should all be `typedef'ed
++| to the same as `int'.
++*----------------------------------------------------------------------------*/
++typedef int flag;
++typedef int uint8;
++typedef int int8;
++typedef int uint16;
++typedef int int16;
++typedef unsigned int uint32;
++typedef signed int int32;
++#ifdef BITS64
++typedef unsigned long long int uint64;
++typedef signed long long int int64;
++#endif
++
++/*----------------------------------------------------------------------------
++| Each of the following `typedef's defines a type that holds integers
++| of _exactly_ the number of bits specified.  For instance, for most
++| implementation of C, `bits16' and `sbits16' should be `typedef'ed to
++| `unsigned short int' and `signed short int' (or `short int'), respectively.
++*----------------------------------------------------------------------------*/
++typedef unsigned char bits8;
++typedef signed char sbits8;
++typedef unsigned short int bits16;
++typedef signed short int sbits16;
++typedef unsigned int bits32;
++typedef signed int sbits32;
++#ifdef BITS64
++typedef unsigned long long int bits64;
++typedef signed long long int sbits64;
++#endif
++
++#ifdef BITS64
++/*----------------------------------------------------------------------------
++| The `LIT64' macro takes as its argument a textual integer literal and
++| if necessary ``marks'' the literal as having a 64-bit integer type.
++| For example, the GNU C Compiler (`gcc') requires that 64-bit literals be
++| appended with the letters `LL' standing for `long long', which is `gcc's
++| name for the 64-bit integer type.  Some compilers may allow `LIT64' to be
++| defined as the identity macro:  `#define LIT64( a ) a'.
++*----------------------------------------------------------------------------*/
++#define LIT64( a ) a##LL
++#endif
++
++/*----------------------------------------------------------------------------
++| The macro `INLINE' can be used before functions that should be inlined.  If
++| a compiler does not support explicit inlining, this macro should be defined
++| to be `static'.
++*----------------------------------------------------------------------------*/
++#define INLINE extern inline
++
+diff --git a/SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile
+new file mode 100644
+index 0000000..28f1e33
+--- /dev/null
++++ b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile
+@@ -0,0 +1,26 @@
++
++PROCESSOR_H = ../../../processors/powerpc-GCC.h
++SOFTFLOAT_MACROS = ../softfloat-macros
++
++OBJ = .o
++EXE =
++INCLUDES = -I. -I..
++COMPILE_C = $(COMPILE_PREFIX)gcc -msoft-float -c -o $@ $(INCLUDES) -I- -O2
++LINK = $(COMPILE_PREFIX)gcc -o $@
++
++ALL: softfloat$(OBJ) timesoftfloat$(EXE)
++
++milieu.h: $(PROCESSOR_H)
++       touch milieu.h
++
++softfloat$(OBJ): milieu.h softfloat.h softfloat-specialize $(SOFTFLOAT_MACROS) ../softfloat.c
++       $(COMPILE_C) ../softfloat.c
++
++timesoftfloat$(OBJ): milieu.h softfloat.h ../timesoftfloat.c
++       $(COMPILE_C) ../timesoftfloat.c
++
++timesoftfloat$(EXE): softfloat$(OBJ) timesoftfloat$(OBJ)
++       $(LINK) softfloat$(OBJ) timesoftfloat$(OBJ)
++
++clean:
++       rm -f *.o timesoftfloat$(EXE)
+diff --git a/SoftFloat-2b/softfloat/bits32/powerpc-GCC/milieu.h b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/milieu.h
+new file mode 100644
+index 0000000..d8b6012
+--- /dev/null
++++ b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/milieu.h
+@@ -0,0 +1,55 @@
++/*
++ * This file is derived from softfloat/bits32/386-Win32-GCC/milieu.h,
++ * the copyright for that material belongs to the original owners.
++ *
++ * Additional material and changes where applicable is:
++ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved.
++ *
++ * Author: Ebony Zhu,  <ebony.zhu@freescale.com>
++ *         Yu Liu,     <yu.liu@freescale.com>
++ */
++
++/*============================================================================
++
++This C header file is part of the SoftFloat IEC/IEEE Floating-point Arithmetic
++Package, Release 2b.
++
++Written by John R. Hauser.  This work was made possible in part by the
++International Computer Science Institute, located at Suite 600, 1947 Center
++Street, Berkeley, California 94704.  Funding was partially provided by the
++National Science Foundation under grant MIP-9311980.  The original version
++of this code was written as part of a project to build a fixed-point vector
++processor in collaboration with the University of California at Berkeley,
++overseen by Profs. Nelson Morgan and John Wawrzynek.  More information
++is available through the Web page `http://www.cs.berkeley.edu/~jhauser/
++arithmetic/SoftFloat.html'.
++
++THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE.  Although reasonable effort has
++been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT TIMES
++RESULT IN INCORRECT BEHAVIOR.  USE OF THIS SOFTWARE IS RESTRICTED TO PERSONS
++AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ALL LOSSES,
++COSTS, OR OTHER PROBLEMS THEY INCUR DUE TO THE SOFTWARE, AND WHO FURTHERMORE
++EFFECTIVELY INDEMNIFY JOHN HAUSER AND THE INTERNATIONAL COMPUTER SCIENCE
++INSTITUTE (possibly via similar legal warning) AGAINST ALL LOSSES, COSTS, OR
++OTHER PROBLEMS INCURRED BY THEIR CUSTOMERS AND CLIENTS DUE TO THE SOFTWARE.
++
++Derivative works are acceptable, even for commercial purposes, so long as
++(1) the source code for the derivative work includes prominent notice that
++the work is derivative, and (2) the source code includes prominent notice with
++these four paragraphs for those parts of this code that are retained.
++
++=============================================================================*/
++
++/*----------------------------------------------------------------------------
++| Include common integer types and flags.
++*----------------------------------------------------------------------------*/
++#include "../../../processors/powerpc-GCC.h"
++
++/*----------------------------------------------------------------------------
++| Symbolic Boolean literals.
++*----------------------------------------------------------------------------*/
++enum {
++    FALSE = 0,
++    TRUE  = 1
++};
++
+diff --git a/SoftFloat-2b/softfloat/bits32/powerpc-GCC/softfloat-specialize b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/softfloat-specialize
+new file mode 100644
+index 0000000..fd2caa4
+--- /dev/null
++++ b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/softfloat-specialize
+@@ -0,0 +1,252 @@
++/*
++ * This file is derived from softfloat/bits32/386-Win32-GCC/softfloat-specialize,
++ * the copyright for that material belongs to the original owners.
++ *
++ * Additional material and changes where applicable is:
++ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved.
++ *
++ * Author: Ebony Zhu,  <ebony.zhu@freescale.com>
++ *         Yu Liu,     <yu.liu@freescale.com>
++ */
++
++/*============================================================================
++
++This C source fragment is part of the SoftFloat IEC/IEEE Floating-point
++Arithmetic Package, Release 2b.
++
++Written by John R. Hauser.  This work was made possible in part by the
++International Computer Science Institute, located at Suite 600, 1947 Center
++Street, Berkeley, California 94704.  Funding was partially provided by the
++National Science Foundation under grant MIP-9311980.  The original version
++of this code was written as part of a project to build a fixed-point vector
++processor in collaboration with the University of California at Berkeley,
++overseen by Profs. Nelson Morgan and John Wawrzynek.  More information
++is available through the Web page `http://www.cs.berkeley.edu/~jhauser/
++arithmetic/SoftFloat.html'.
++
++THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE.  Although reasonable effort has
++been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT TIMES
++RESULT IN INCORRECT BEHAVIOR.  USE OF THIS SOFTWARE IS RESTRICTED TO PERSONS
++AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ALL LOSSES,
++COSTS, OR OTHER PROBLEMS THEY INCUR DUE TO THE SOFTWARE, AND WHO FURTHERMORE
++EFFECTIVELY INDEMNIFY JOHN HAUSER AND THE INTERNATIONAL COMPUTER SCIENCE
++INSTITUTE (possibly via similar legal warning) AGAINST ALL LOSSES, COSTS, OR
++OTHER PROBLEMS INCURRED BY THEIR CUSTOMERS AND CLIENTS DUE TO THE SOFTWARE.
++
++Derivative works are acceptable, even for commercial purposes, so long as
++(1) the source code for the derivative work includes prominent notice that
++the work is derivative, and (2) the source code includes prominent notice with
++these four paragraphs for those parts of this code that are retained.
++
++=============================================================================*/
++
++/*----------------------------------------------------------------------------
++| Underflow tininess-detection mode, statically initialized to default value.
++| (The declaration in `softfloat.h' must match the `int8' type here.)
++*----------------------------------------------------------------------------*/
++int8 float_detect_tininess = float_tininess_after_rounding;
++
++/*----------------------------------------------------------------------------
++| Raises the exceptions specified by `flags'.  Floating-point traps can be
++| defined here if desired.  It is currently not possible for such a trap
++| to substitute a result value.  If traps are not implemented, this routine
++| should be simply `float_exception_flags |= flags;'.
++*----------------------------------------------------------------------------*/
++
++void float_raise( int8 flags )
++{
++
++    float_exception_flags |= flags;
++
++}
++
++/*----------------------------------------------------------------------------
++| Internal canonical NaN format.
++*----------------------------------------------------------------------------*/
++typedef struct {
++    flag sign;
++    bits32 high, low;
++} commonNaNT;
++
++/*----------------------------------------------------------------------------
++| The pattern for a default generated single-precision NaN.
++*----------------------------------------------------------------------------*/
++enum {
++    float32_default_nan = 0xFFFFFFFF
++};
++
++/*----------------------------------------------------------------------------
++| Returns 1 if the single-precision floating-point value `a' is a NaN;
++| otherwise returns 0.
++*----------------------------------------------------------------------------*/
++
++flag float32_is_nan( float32 a )
++{
++
++    return ( 0xFF000000 < (bits32) ( a<<1 ) );
++
++}
++
++/*----------------------------------------------------------------------------
++| Returns 1 if the single-precision floating-point value `a' is a signaling
++| NaN; otherwise returns 0.
++*----------------------------------------------------------------------------*/
++
++flag float32_is_signaling_nan( float32 a )
++{
++
++    return ( ( ( a>>22 ) & 0x1FF ) == 0x1FE ) && ( a & 0x003FFFFF );
++
++}
++
++/*----------------------------------------------------------------------------
++| Returns the result of converting the single-precision floating-point NaN
++| `a' to the canonical NaN format.  If `a' is a signaling NaN, the invalid
++| exception is raised.
++*----------------------------------------------------------------------------*/
++
++static commonNaNT float32ToCommonNaN( float32 a )
++{
++    commonNaNT z;
++
++    if ( float32_is_signaling_nan( a ) ) float_raise( float_flag_invalid );
++    z.sign = a>>31;
++    z.low = 0;
++    z.high = a<<9;
++    return z;
++
++}
++
++/*----------------------------------------------------------------------------
++| Returns the result of converting the canonical NaN `a' to the single-
++| precision floating-point format.
++*----------------------------------------------------------------------------*/
++
++static float32 commonNaNToFloat32( commonNaNT a )
++{
++
++    return ( ( (bits32) a.sign )<<31 ) | 0x7FC00000 | ( a.high>>9 );
++
++}
++
++/*----------------------------------------------------------------------------
++| Takes two single-precision floating-point values `a' and `b', one of which
++| is a NaN, and returns the appropriate NaN result.  If either `a' or `b' is a
++| signaling NaN, the invalid exception is raised.
++*----------------------------------------------------------------------------*/
++
++static float32 propagateFloat32NaN( float32 a, float32 b )
++{
++    flag aIsNaN, aIsSignalingNaN, bIsNaN, bIsSignalingNaN;
++
++    aIsNaN = float32_is_nan( a );
++    aIsSignalingNaN = float32_is_signaling_nan( a );
++    bIsNaN = float32_is_nan( b );
++    bIsSignalingNaN = float32_is_signaling_nan( b );
++    a |= 0x00400000;
++    b |= 0x00400000;
++    if ( aIsSignalingNaN | bIsSignalingNaN ) float_raise( float_flag_invalid );
++    if ( aIsNaN ) {
++        return ( aIsSignalingNaN & bIsNaN ) ? b : a;
++    }
++    else {
++        return b;
++    }
++
++}
++
++/*----------------------------------------------------------------------------
++| The pattern for a default generated double-precision NaN.  The `high' and
++| `low' values hold the most- and least-significant bits, respectively.
++*----------------------------------------------------------------------------*/
++enum {
++    float64_default_nan_high = 0xFFFFFFFF,
++    float64_default_nan_low  = 0xFFFFFFFF
++};
++
++/*----------------------------------------------------------------------------
++| Returns 1 if the double-precision floating-point value `a' is a NaN;
++| otherwise returns 0.
++*----------------------------------------------------------------------------*/
++
++flag float64_is_nan( float64 a )
++{
++
++    return
++           ( 0xFFE00000 <= (bits32) ( a.high<<1 ) )
++        && ( a.low || ( a.high & 0x000FFFFF ) );
++
++}
++
++/*----------------------------------------------------------------------------
++| Returns 1 if the double-precision floating-point value `a' is a signaling
++| NaN; otherwise returns 0.
++*----------------------------------------------------------------------------*/
++
++flag float64_is_signaling_nan( float64 a )
++{
++
++    return
++           ( ( ( a.high>>19 ) & 0xFFF ) == 0xFFE )
++        && ( a.low || ( a.high & 0x0007FFFF ) );
++
++}
++
++/*----------------------------------------------------------------------------
++| Returns the result of converting the double-precision floating-point NaN
++| `a' to the canonical NaN format.  If `a' is a signaling NaN, the invalid
++| exception is raised.
++*----------------------------------------------------------------------------*/
++
++static commonNaNT float64ToCommonNaN( float64 a )
++{
++    commonNaNT z;
++
++    if ( float64_is_signaling_nan( a ) ) float_raise( float_flag_invalid );
++    z.sign = a.high>>31;
++    shortShift64Left( a.high, a.low, 12, &z.high, &z.low );
++    return z;
++
++}
++
++/*----------------------------------------------------------------------------
++| Returns the result of converting the canonical NaN `a' to the double-
++| precision floating-point format.
++*----------------------------------------------------------------------------*/
++
++static float64 commonNaNToFloat64( commonNaNT a )
++{
++    float64 z;
++
++    shift64Right( a.high, a.low, 12, &z.high, &z.low );
++    z.high |= ( ( (bits32) a.sign )<<31 ) | 0x7FF80000;
++    return z;
++
++}
++
++/*----------------------------------------------------------------------------
++| Takes two double-precision floating-point values `a' and `b', one of which
++| is a NaN, and returns the appropriate NaN result.  If either `a' or `b' is a
++| signaling NaN, the invalid exception is raised.
++*----------------------------------------------------------------------------*/
++
++static float64 propagateFloat64NaN( float64 a, float64 b )
++{
++    flag aIsNaN, aIsSignalingNaN, bIsNaN, bIsSignalingNaN;
++
++    aIsNaN = float64_is_nan( a );
++    aIsSignalingNaN = float64_is_signaling_nan( a );
++    bIsNaN = float64_is_nan( b );
++    bIsSignalingNaN = float64_is_signaling_nan( b );
++    a.high |= 0x00080000;
++    b.high |= 0x00080000;
++    if ( aIsSignalingNaN | bIsSignalingNaN ) float_raise( float_flag_invalid );
++    if ( aIsNaN ) {
++        return ( aIsSignalingNaN & bIsNaN ) ? b : a;
++    }
++    else {
++        return b;
++    }
++
++}
++
+diff --git a/SoftFloat-2b/softfloat/bits32/powerpc-GCC/softfloat.h b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/softfloat.h
+new file mode 100644
+index 0000000..0015b8e
+--- /dev/null
++++ b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/softfloat.h
+@@ -0,0 +1,155 @@
++/*
++ * This file is derived from softfloat/bits32/386-Win32-GCC/softfloat.h,
++ * the copyright for that material belongs to the original owners.
++ *
++ * Additional material and changes where applicable is:
++ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved.
++ *
++ * Author: Ebony Zhu,  <ebony.zhu@freescale.com>
++ *         Yu Liu,     <yu.liu@freescale.com>
++ */
++
++/*============================================================================
++
++This C header file is part of the SoftFloat IEC/IEEE Floating-point Arithmetic
++Package, Release 2b.
++
++Written by John R. Hauser.  This work was made possible in part by the
++International Computer Science Institute, located at Suite 600, 1947 Center
++Street, Berkeley, California 94704.  Funding was partially provided by the
++National Science Foundation under grant MIP-9311980.  The original version
++of this code was written as part of a project to build a fixed-point vector
++processor in collaboration with the University of California at Berkeley,
++overseen by Profs. Nelson Morgan and John Wawrzynek.  More information
++is available through the Web page `http://www.cs.berkeley.edu/~jhauser/
++arithmetic/SoftFloat.html'.
++
++THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE.  Although reasonable effort has
++been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT TIMES
++RESULT IN INCORRECT BEHAVIOR.  USE OF THIS SOFTWARE IS RESTRICTED TO PERSONS
++AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ALL LOSSES,
++COSTS, OR OTHER PROBLEMS THEY INCUR DUE TO THE SOFTWARE, AND WHO FURTHERMORE
++EFFECTIVELY INDEMNIFY JOHN HAUSER AND THE INTERNATIONAL COMPUTER SCIENCE
++INSTITUTE (possibly via similar legal warning) AGAINST ALL LOSSES, COSTS, OR
++OTHER PROBLEMS INCURRED BY THEIR CUSTOMERS AND CLIENTS DUE TO THE SOFTWARE.
++
++Derivative works are acceptable, even for commercial purposes, so long as
++(1) the source code for the derivative work includes prominent notice that
++the work is derivative, and (2) the source code includes prominent notice with
++these four paragraphs for those parts of this code that are retained.
++
++=============================================================================*/
++
++/*----------------------------------------------------------------------------
++| Software IEC/IEEE floating-point types.
++*----------------------------------------------------------------------------*/
++typedef bits32 float32;
++typedef struct {
++    bits32 high, low;
++} float64;
++
++/*----------------------------------------------------------------------------
++| Software IEC/IEEE floating-point underflow tininess-detection mode.
++*----------------------------------------------------------------------------*/
++extern int8 float_detect_tininess;
++enum {
++    float_tininess_after_rounding  = 0,
++    float_tininess_before_rounding = 1
++};
++
++/*----------------------------------------------------------------------------
++| Software IEC/IEEE floating-point rounding mode.
++*----------------------------------------------------------------------------*/
++extern int8 float_rounding_mode;
++enum {
++    float_round_nearest_even = 0,
++    float_round_to_zero      = 1,
++    float_round_up           = 2,
++    float_round_down         = 3
++};
++
++/*----------------------------------------------------------------------------
++| Software IEC/IEEE floating-point exception flags.
++*----------------------------------------------------------------------------*/
++/*
++extern int8 float_exception_flags;
++enum {
++    float_flag_inexact   =  1,
++    float_flag_underflow =  2,
++    float_flag_overflow  =  4,
++    float_flag_divbyzero =  8,
++    float_flag_invalid   = 16
++};
++*/
++
++extern int8 float_exception_flags;
++enum {
++    float_flag_inexact   =  16,
++    float_flag_underflow =  2,
++    float_flag_overflow  =  1,
++    float_flag_divbyzero =  4,
++    float_flag_invalid   = 8
++};
++
++/*----------------------------------------------------------------------------
++| Routine to raise any or all of the software IEC/IEEE floating-point
++| exception flags.
++*----------------------------------------------------------------------------*/
++void float_raise( int8 );
++
++/*----------------------------------------------------------------------------
++| Software IEC/IEEE integer-to-floating-point conversion routines.
++*----------------------------------------------------------------------------*/
++float32 int32_to_float32( int32 );
++float64 int32_to_float64( int32 );
++
++/*----------------------------------------------------------------------------
++| Software IEC/IEEE single-precision conversion routines.
++*----------------------------------------------------------------------------*/
++int32 float32_to_int32( float32 );
++int32 float32_to_int32_round_to_zero( float32 );
++float64 float32_to_float64( float32 );
++
++/*----------------------------------------------------------------------------
++| Software IEC/IEEE single-precision operations.
++*----------------------------------------------------------------------------*/
++float32 float32_round_to_int( float32 );
++float32 float32_add( float32, float32 );
++float32 float32_sub( float32, float32 );
++float32 float32_mul( float32, float32 );
++float32 float32_div( float32, float32 );
++float32 float32_rem( float32, float32 );
++float32 float32_sqrt( float32 );
++flag float32_eq( float32, float32 );
++flag float32_le( float32, float32 );
++flag float32_lt( float32, float32 );
++flag float32_eq_signaling( float32, float32 );
++flag float32_le_quiet( float32, float32 );
++flag float32_lt_quiet( float32, float32 );
++flag float32_is_signaling_nan( float32 );
++
++/*----------------------------------------------------------------------------
++| Software IEC/IEEE double-precision conversion routines.
++*----------------------------------------------------------------------------*/
++int32 float64_to_int32( float64 );
++int32 float64_to_int32_round_to_zero( float64 );
++float32 float64_to_float32( float64 );
++
++/*----------------------------------------------------------------------------
++| Software IEC/IEEE double-precision operations.
++*----------------------------------------------------------------------------*/
++float64 float64_round_to_int( float64 );
++float64 float64_add( float64, float64 );
++float64 float64_sub( float64, float64 );
++float64 float64_mul( float64, float64 );
++float64 float64_div( float64, float64 );
++float64 float64_rem( float64, float64 );
++float64 float64_sqrt( float64 );
++flag float64_eq( float64, float64 );
++flag float64_le( float64, float64 );
++flag float64_lt( float64, float64 );
++flag float64_eq_signaling( float64, float64 );
++flag float64_le_quiet( float64, float64 );
++flag float64_lt_quiet( float64, float64 );
++flag float64_is_signaling_nan( float64 );
++
+diff --git a/SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile
+new file mode 100644
+index 0000000..a5e2cc7
+--- /dev/null
++++ b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile
+@@ -0,0 +1,24 @@
++
++PROCESSOR_H = ../../../processors/powerpc-GCC.h
++SOFTFLOAT_MACROS = ../softfloat-macros
++
++OBJ = .o
++EXE =
++INCLUDES = -I. -I..
++COMPILE_C = $(COMPILE_PREFIX) -mcpu=8548 -mhard-float -mfloat-gprs=double -o $@ $(INCLUDES) -I- -O2
++LINK = $(COMPILE_PREFIX) -o $@
++
++ALL: softfloat$(OBJ) timesoftfloat$(EXE)
++
++milieu.h: $(PROCESSOR_H)
++       touch milieu.h
++
++softfloat$(OBJ): milieu.h softfloat.h softfloat-specialize $(SOFTFLOAT_MACROS) ../softfloat.c
++       $(COMPILE_C) ../softfloat.c
++
++timesoftfloat$(OBJ): milieu.h softfloat.h ../timesoftfloat.c
++       $(COMPILE_C) ../timesoftfloat.c
++
++timesoftfloat$(EXE): softfloat$(OBJ) timesoftfloat$(OBJ)
++       $(LINK) softfloat$(OBJ) timesoftfloat$(OBJ)
++
+diff --git a/SoftFloat-2b/softfloat/bits64/powerpc-GCC/milieu.h b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/milieu.h
+new file mode 100644
+index 0000000..1b66490
+--- /dev/null
++++ b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/milieu.h
+@@ -0,0 +1,55 @@
++/*
++ * This file is derived from softfloat/bits64/386-Win32-GCC/milieu.h,
++ * the copyright for that material belongs to the original owners.
++ *
++ * Additional material and changes where applicable is:
++ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved.
++ *
++ * Author: Ebony Zhu,  <ebony.zhu@freescale.com>
++ *         Yu Liu,     <yu.liu@freescale.com>
++ */
++
++/*============================================================================
++
++This C header file is part of the SoftFloat IEC/IEEE Floating-point Arithmetic
++Package, Release 2b.
++
++Written by John R. Hauser.  This work was made possible in part by the
++International Computer Science Institute, located at Suite 600, 1947 Center
++Street, Berkeley, California 94704.  Funding was partially provided by the
++National Science Foundation under grant MIP-9311980.  The original version
++of this code was written as part of a project to build a fixed-point vector
++processor in collaboration with the University of California at Berkeley,
++overseen by Profs. Nelson Morgan and John Wawrzynek.  More information
++is available through the Web page `http://www.cs.berkeley.edu/~jhauser/
++arithmetic/SoftFloat.html'.
++
++THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE.  Although reasonable effort has
++been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT TIMES
++RESULT IN INCORRECT BEHAVIOR.  USE OF THIS SOFTWARE IS RESTRICTED TO PERSONS
++AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ALL LOSSES,
++COSTS, OR OTHER PROBLEMS THEY INCUR DUE TO THE SOFTWARE, AND WHO FURTHERMORE
++EFFECTIVELY INDEMNIFY JOHN HAUSER AND THE INTERNATIONAL COMPUTER SCIENCE
++INSTITUTE (possibly via similar legal warning) AGAINST ALL LOSSES, COSTS, OR
++OTHER PROBLEMS INCURRED BY THEIR CUSTOMERS AND CLIENTS DUE TO THE SOFTWARE.
++
++Derivative works are acceptable, even for commercial purposes, so long as
++(1) the source code for the derivative work includes prominent notice that
++the work is derivative, and (2) the source code includes prominent notice with
++these four paragraphs for those parts of this code that are retained.
++
++=============================================================================*/
++
++/*----------------------------------------------------------------------------
++| Include common integer types and flags.
++*----------------------------------------------------------------------------*/
++#include "../../../processors/SPARC-GCC.h"
++
++/*----------------------------------------------------------------------------
++| Symbolic Boolean literals.
++*----------------------------------------------------------------------------*/
++enum {
++    FALSE = 0,
++    TRUE  = 1
++};
++
+diff --git a/SoftFloat-2b/softfloat/bits64/powerpc-GCC/softfloat-specialize b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/softfloat-specialize
+new file mode 100644
+index 0000000..b1d0bc8
+--- /dev/null
++++ b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/softfloat-specialize
+@@ -0,0 +1,422 @@
++/*
++ * This file is derived from softfloat/bits64/386-Win32-GCC/softfloat-specialize,
++ * the copyright for that material belongs to the original owners.
++ *
++ * Additional material and changes where applicable is:
++ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved.
++ *
++ * Author: Ebony Zhu,  <ebony.zhu@freescale.com>
++ *         Yu Liu,     <yu.liu@freescale.com>
++ */
++
++/*============================================================================
++
++This C source fragment is part of the SoftFloat IEC/IEEE Floating-point
++Arithmetic Package, Release 2b.
++
++Written by John R. Hauser.  This work was made possible in part by the
++International Computer Science Institute, located at Suite 600, 1947 Center
++Street, Berkeley, California 94704.  Funding was partially provided by the
++National Science Foundation under grant MIP-9311980.  The original version
++of this code was written as part of a project to build a fixed-point vector
++processor in collaboration with the University of California at Berkeley,
++overseen by Profs. Nelson Morgan and John Wawrzynek.  More information
++is available through the Web page `http://www.cs.berkeley.edu/~jhauser/
++arithmetic/SoftFloat.html'.
++
++THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE.  Although reasonable effort has
++been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT TIMES
++RESULT IN INCORRECT BEHAVIOR.  USE OF THIS SOFTWARE IS RESTRICTED TO PERSONS
++AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ALL LOSSES,
++COSTS, OR OTHER PROBLEMS THEY INCUR DUE TO THE SOFTWARE, AND WHO FURTHERMORE
++EFFECTIVELY INDEMNIFY JOHN HAUSER AND THE INTERNATIONAL COMPUTER SCIENCE
++INSTITUTE (possibly via similar legal warning) AGAINST ALL LOSSES, COSTS, OR
++OTHER PROBLEMS INCURRED BY THEIR CUSTOMERS AND CLIENTS DUE TO THE SOFTWARE.
++
++Derivative works are acceptable, even for commercial purposes, so long as
++(1) the source code for the derivative work includes prominent notice that
++the work is derivative, and (2) the source code includes prominent notice with
++these four paragraphs for those parts of this code that are retained.
++
++=============================================================================*/
++
++/*----------------------------------------------------------------------------
++| Underflow tininess-detection mode, statically initialized to default value.
++| (The declaration in `softfloat.h' must match the `int8' type here.)
++*----------------------------------------------------------------------------*/
++int8 float_detect_tininess = float_tininess_before_rounding;
++
++/*----------------------------------------------------------------------------
++| Raises the exceptions specified by `flags'.  Floating-point traps can be
++| defined here if desired.  It is currently not possible for such a trap
++| to substitute a result value.  If traps are not implemented, this routine
++| should be simply `float_exception_flags |= flags;'.
++*----------------------------------------------------------------------------*/
++
++void float_raise( int8 flags )
++{
++
++    float_exception_flags |= flags;
++
++}
++
++/*----------------------------------------------------------------------------
++| Internal canonical NaN format.
++*----------------------------------------------------------------------------*/
++typedef struct {
++    flag sign;
++    bits64 high, low;
++} commonNaNT;
++
++/*----------------------------------------------------------------------------
++| The pattern for a default generated single-precision NaN.
++*----------------------------------------------------------------------------*/
++#define float32_default_nan 0x7FFFFFFF
++
++/*----------------------------------------------------------------------------
++| Returns 1 if the single-precision floating-point value `a' is a NaN;
++| otherwise returns 0.
++*----------------------------------------------------------------------------*/
++
++flag float32_is_nan( float32 a )
++{
++
++    return ( 0xFF000000 < (bits32) ( a<<1 ) );
++
++}
++
++/*----------------------------------------------------------------------------
++| Returns 1 if the single-precision floating-point value `a' is a signaling
++| NaN; otherwise returns 0.
++*----------------------------------------------------------------------------*/
++
++flag float32_is_signaling_nan( float32 a )
++{
++
++    return ( ( ( a>>22 ) & 0x1FF ) == 0x1FE ) && ( a & 0x003FFFFF );
++
++}
++
++/*----------------------------------------------------------------------------
++| Returns the result of converting the single-precision floating-point NaN
++| `a' to the canonical NaN format.  If `a' is a signaling NaN, the invalid
++| exception is raised.
++*----------------------------------------------------------------------------*/
++
++static commonNaNT float32ToCommonNaN( float32 a )
++{
++    commonNaNT z;
++
++    if ( float32_is_signaling_nan( a ) ) float_raise( float_flag_invalid );
++    z.sign = a>>31;
++    z.low = 0;
++    z.high = ( (bits64) a )<<41;
++    return z;
++
++}
++
++/*----------------------------------------------------------------------------
++| Returns the result of converting the canonical NaN `a' to the single-
++| precision floating-point format.
++*----------------------------------------------------------------------------*/
++
++static float32 commonNaNToFloat32( commonNaNT a )
++{
++
++    return ( ( (bits32) a.sign )<<31 ) | 0x7FC00000 | ( a.high>>41 );
++
++}
++
++/*----------------------------------------------------------------------------
++| Takes two single-precision floating-point values `a' and `b', one of which
++| is a NaN, and returns the appropriate NaN result.  If either `a' or `b' is a
++| signaling NaN, the invalid exception is raised.
++*----------------------------------------------------------------------------*/
++
++static float32 propagateFloat32NaN( float32 a, float32 b )
++{
++    flag aIsNaN, aIsSignalingNaN, bIsNaN, bIsSignalingNaN;
++
++    aIsNaN = float32_is_nan( a );
++    aIsSignalingNaN = float32_is_signaling_nan( a );
++    bIsNaN = float32_is_nan( b );
++    bIsSignalingNaN = float32_is_signaling_nan( b );
++    a |= 0x00400000;
++    b |= 0x00400000;
++    if ( aIsSignalingNaN | bIsSignalingNaN ) float_raise( float_flag_invalid );
++    return bIsSignalingNaN ? b : aIsSignalingNaN ? a : bIsNaN ? b : a;
++
++}
++
++/*----------------------------------------------------------------------------
++| The pattern for a default generated double-precision NaN.
++*----------------------------------------------------------------------------*/
++#define float64_default_nan LIT64( 0x7FFFFFFFFFFFFFFF )
++
++/*----------------------------------------------------------------------------
++| Returns 1 if the double-precision floating-point value `a' is a NaN;
++| otherwise returns 0.
++*----------------------------------------------------------------------------*/
++
++flag float64_is_nan( float64 a )
++{
++
++    return ( LIT64( 0xFFE0000000000000 ) < (bits64) ( a<<1 ) );
++
++}
++
++/*----------------------------------------------------------------------------
++| Returns 1 if the double-precision floating-point value `a' is a signaling
++| NaN; otherwise returns 0.
++*----------------------------------------------------------------------------*/
++
++flag float64_is_signaling_nan( float64 a )
++{
++
++    return
++           ( ( ( a>>51 ) & 0xFFF ) == 0xFFE )
++        && ( a & LIT64( 0x0007FFFFFFFFFFFF ) );
++
++}
++
++/*----------------------------------------------------------------------------
++| Returns the result of converting the double-precision floating-point NaN
++| `a' to the canonical NaN format.  If `a' is a signaling NaN, the invalid
++| exception is raised.
++*----------------------------------------------------------------------------*/
++
++static commonNaNT float64ToCommonNaN( float64 a )
++{
++    commonNaNT z;
++
++    if ( float64_is_signaling_nan( a ) ) float_raise( float_flag_invalid );
++    z.sign = a>>63;
++    z.low = 0;
++    z.high = a<<12;
++    return z;
++
++}
++
++/*----------------------------------------------------------------------------
++| Returns the result of converting the canonical NaN `a' to the double-
++| precision floating-point format.
++*----------------------------------------------------------------------------*/
++
++static float64 commonNaNToFloat64( commonNaNT a )
++{
++
++    return
++          ( ( (bits64) a.sign )<<63 )
++        | LIT64( 0x7FF8000000000000 )
++        | ( a.high>>12 );
++
++}
++
++/*----------------------------------------------------------------------------
++| Takes two double-precision floating-point values `a' and `b', one of which
++| is a NaN, and returns the appropriate NaN result.  If either `a' or `b' is a
++| signaling NaN, the invalid exception is raised.
++*----------------------------------------------------------------------------*/
++
++static float64 propagateFloat64NaN( float64 a, float64 b )
++{
++    flag aIsNaN, aIsSignalingNaN, bIsNaN, bIsSignalingNaN;
++
++    aIsNaN = float64_is_nan( a );
++    aIsSignalingNaN = float64_is_signaling_nan( a );
++    bIsNaN = float64_is_nan( b );
++    bIsSignalingNaN = float64_is_signaling_nan( b );
++    a |= LIT64( 0x0008000000000000 );
++    b |= LIT64( 0x0008000000000000 );
++    if ( aIsSignalingNaN | bIsSignalingNaN ) float_raise( float_flag_invalid );
++    return bIsSignalingNaN ? b : aIsSignalingNaN ? a : bIsNaN ? b : a;
++
++}
++
++#ifdef FLOATX80
++
++/*----------------------------------------------------------------------------
++| The pattern for a default generated extended double-precision NaN.  The
++| `high' and `low' values hold the most- and least-significant bits,
++| respectively.
++*----------------------------------------------------------------------------*/
++#define floatx80_default_nan_high 0x7FFF
++#define floatx80_default_nan_low  LIT64( 0xFFFFFFFFFFFFFFFF )
++
++/*----------------------------------------------------------------------------
++| Returns 1 if the extended double-precision floating-point value `a' is a
++| NaN; otherwise returns 0.
++*----------------------------------------------------------------------------*/
++
++flag floatx80_is_nan( floatx80 a )
++{
++
++    return ( ( a.high & 0x7FFF ) == 0x7FFF ) && (bits64) ( a.low<<1 );
++
++}
++
++/*----------------------------------------------------------------------------
++| Returns 1 if the extended double-precision floating-point value `a' is a
++| signaling NaN; otherwise returns 0.
++*----------------------------------------------------------------------------*/
++
++flag floatx80_is_signaling_nan( floatx80 a )
++{
++    bits64 aLow;
++
++    aLow = a.low & ~ LIT64( 0x4000000000000000 );
++    return
++           ( ( a.high & 0x7FFF ) == 0x7FFF )
++        && (bits64) ( aLow<<1 )
++        && ( a.low == aLow );
++
++}
++
++/*----------------------------------------------------------------------------
++| Returns the result of converting the extended double-precision floating-
++| point NaN `a' to the canonical NaN format.  If `a' is a signaling NaN, the
++| invalid exception is raised.
++*----------------------------------------------------------------------------*/
++
++static commonNaNT floatx80ToCommonNaN( floatx80 a )
++{
++    commonNaNT z;
++
++    if ( floatx80_is_signaling_nan( a ) ) float_raise( float_flag_invalid );
++    z.sign = a.high>>15;
++    z.low = 0;
++    z.high = a.low<<1;
++    return z;
++
++}
++
++/*----------------------------------------------------------------------------
++| Returns the result of converting the canonical NaN `a' to the extended
++| double-precision floating-point format.
++*----------------------------------------------------------------------------*/
++
++static floatx80 commonNaNToFloatx80( commonNaNT a )
++{
++    floatx80 z;
++
++    z.low = LIT64( 0xC000000000000000 ) | ( a.high>>1 );
++    z.high = ( ( (bits16) a.sign )<<15 ) | 0x7FFF;
++    return z;
++
++}
++
++/*----------------------------------------------------------------------------
++| Takes two extended double-precision floating-point values `a' and `b', one
++| of which is a NaN, and returns the appropriate NaN result.  If either `a' or
++| `b' is a signaling NaN, the invalid exception is raised.
++*----------------------------------------------------------------------------*/
++
++static floatx80 propagateFloatx80NaN( floatx80 a, floatx80 b )
++{
++    flag aIsNaN, aIsSignalingNaN, bIsNaN, bIsSignalingNaN;
++
++    aIsNaN = floatx80_is_nan( a );
++    aIsSignalingNaN = floatx80_is_signaling_nan( a );
++    bIsNaN = floatx80_is_nan( b );
++    bIsSignalingNaN = floatx80_is_signaling_nan( b );
++    a.low |= LIT64( 0xC000000000000000 );
++    b.low |= LIT64( 0xC000000000000000 );
++    if ( aIsSignalingNaN | bIsSignalingNaN ) float_raise( float_flag_invalid );
++    return bIsSignalingNaN ? b : aIsSignalingNaN ? a : bIsNaN ? b : a;
++
++}
++
++#endif
++
++#ifdef FLOAT128
++
++/*----------------------------------------------------------------------------
++| The pattern for a default generated quadruple-precision NaN.  The `high' and
++| `low' values hold the most- and least-significant bits, respectively.
++*----------------------------------------------------------------------------*/
++#define float128_default_nan_high LIT64( 0x7FFFFFFFFFFFFFFF )
++#define float128_default_nan_low  LIT64( 0xFFFFFFFFFFFFFFFF )
++
++/*----------------------------------------------------------------------------
++| Returns 1 if the quadruple-precision floating-point value `a' is a NaN;
++| otherwise returns 0.
++*----------------------------------------------------------------------------*/
++
++flag float128_is_nan( float128 a )
++{
++
++    return
++           ( LIT64( 0xFFFE000000000000 ) <= (bits64) ( a.high<<1 ) )
++        && ( a.low || ( a.high & LIT64( 0x0000FFFFFFFFFFFF ) ) );
++
++}
++
++/*----------------------------------------------------------------------------
++| Returns 1 if the quadruple-precision floating-point value `a' is a
++| signaling NaN; otherwise returns 0.
++*----------------------------------------------------------------------------*/
++
++flag float128_is_signaling_nan( float128 a )
++{
++
++    return
++           ( ( ( a.high>>47 ) & 0xFFFF ) == 0xFFFE )
++        && ( a.low || ( a.high & LIT64( 0x00007FFFFFFFFFFF ) ) );
++
++}
++
++/*----------------------------------------------------------------------------
++| Returns the result of converting the quadruple-precision floating-point NaN
++| `a' to the canonical NaN format.  If `a' is a signaling NaN, the invalid
++| exception is raised.
++*----------------------------------------------------------------------------*/
++
++static commonNaNT float128ToCommonNaN( float128 a )
++{
++    commonNaNT z;
++
++    if ( float128_is_signaling_nan( a ) ) float_raise( float_flag_invalid );
++    z.sign = a.high>>63;
++    shortShift128Left( a.high, a.low, 16, &z.high, &z.low );
++    return z;
++
++}
++
++/*----------------------------------------------------------------------------
++| Returns the result of converting the canonical NaN `a' to the quadruple-
++| precision floating-point format.
++*----------------------------------------------------------------------------*/
++
++static float128 commonNaNToFloat128( commonNaNT a )
++{
++    float128 z;
++
++    shift128Right( a.high, a.low, 16, &z.high, &z.low );
++    z.high |= ( ( (bits64) a.sign )<<63 ) | LIT64( 0x7FFF800000000000 );
++    return z;
++
++}
++
++/*----------------------------------------------------------------------------
++| Takes two quadruple-precision floating-point values `a' and `b', one of
++| which is a NaN, and returns the appropriate NaN result.  If either `a' or
++| `b' is a signaling NaN, the invalid exception is raised.
++*----------------------------------------------------------------------------*/
++
++static float128 propagateFloat128NaN( float128 a, float128 b )
++{
++    flag aIsNaN, aIsSignalingNaN, bIsNaN, bIsSignalingNaN;
++
++    aIsNaN = float128_is_nan( a );
++    aIsSignalingNaN = float128_is_signaling_nan( a );
++    bIsNaN = float128_is_nan( b );
++    bIsSignalingNaN = float128_is_signaling_nan( b );
++    a.high |= LIT64( 0x0000800000000000 );
++    b.high |= LIT64( 0x0000800000000000 );
++    if ( aIsSignalingNaN | bIsSignalingNaN ) float_raise( float_flag_invalid );
++    return bIsSignalingNaN ? b : aIsSignalingNaN ? a : bIsNaN ? b : a;
++
++}
++
++#endif
++
+diff --git a/SoftFloat-2b/softfloat/bits64/powerpc-GCC/softfloat.h b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/softfloat.h
+new file mode 100644
+index 0000000..5b7cb1c
+--- /dev/null
++++ b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/softfloat.h
+@@ -0,0 +1,269 @@
++/*
++ * This file is derived from softfloat/bits64/386-Win32-GCC/softfloat.h,
++ * the copyright for that material belongs to the original owners.
++ *
++ * Additional material and changes where applicable is:
++ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved.
++ *
++ * Author: Ebony Zhu,  <ebony.zhu@freescale.com>
++ *         Yu Liu,     <yu.liu@freescale.com>
++ */
++
++/*============================================================================
++
++This C header file is part of the SoftFloat IEC/IEEE Floating-point Arithmetic
++Package, Release 2b.
++
++Written by John R. Hauser.  This work was made possible in part by the
++International Computer Science Institute, located at Suite 600, 1947 Center
++Street, Berkeley, California 94704.  Funding was partially provided by the
++National Science Foundation under grant MIP-9311980.  The original version
++of this code was written as part of a project to build a fixed-point vector
++processor in collaboration with the University of California at Berkeley,
++overseen by Profs. Nelson Morgan and John Wawrzynek.  More information
++is available through the Web page `http://www.cs.berkeley.edu/~jhauser/
++arithmetic/SoftFloat.html'.
++
++THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE.  Although reasonable effort has
++been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT TIMES
++RESULT IN INCORRECT BEHAVIOR.  USE OF THIS SOFTWARE IS RESTRICTED TO PERSONS
++AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ALL LOSSES,
++COSTS, OR OTHER PROBLEMS THEY INCUR DUE TO THE SOFTWARE, AND WHO FURTHERMORE
++EFFECTIVELY INDEMNIFY JOHN HAUSER AND THE INTERNATIONAL COMPUTER SCIENCE
++INSTITUTE (possibly via similar legal warning) AGAINST ALL LOSSES, COSTS, OR
++OTHER PROBLEMS INCURRED BY THEIR CUSTOMERS AND CLIENTS DUE TO THE SOFTWARE.
++
++Derivative works are acceptable, even for commercial purposes, so long as
++(1) the source code for the derivative work includes prominent notice that
++the work is derivative, and (2) the source code includes prominent notice with
++these four paragraphs for those parts of this code that are retained.
++
++=============================================================================*/
++
++/*----------------------------------------------------------------------------
++| The macro `FLOATX80' must be defined to enable the extended double-precision
++| floating-point format `floatx80'.  If this macro is not defined, the
++| `floatx80' type will not be defined, and none of the functions that either
++| input or output the `floatx80' type will be defined.  The same applies to
++| the `FLOAT128' macro and the quadruple-precision format `float128'.
++*----------------------------------------------------------------------------*/
++#define FLOATX80
++#define FLOAT128
++
++/*----------------------------------------------------------------------------
++| Software IEC/IEEE floating-point types.
++*----------------------------------------------------------------------------*/
++typedef unsigned int float32;
++typedef unsigned long long float64;
++#ifdef FLOATX80
++typedef struct {
++    unsigned short high;
++    unsigned long long low;
++} floatx80;
++#endif
++#ifdef FLOAT128
++typedef struct {
++    unsigned long long high, low;
++} float128;
++#endif
++
++/*----------------------------------------------------------------------------
++| Software IEC/IEEE floating-point underflow tininess-detection mode.
++*----------------------------------------------------------------------------*/
++extern int float_detect_tininess;
++enum {
++    float_tininess_after_rounding  = 0,
++    float_tininess_before_rounding = 1
++};
++
++/*----------------------------------------------------------------------------
++| Software IEC/IEEE floating-point rounding mode.
++*----------------------------------------------------------------------------*/
++extern int float_rounding_mode;
++enum {
++    float_round_nearest_even = 0,
++    float_round_to_zero      = 1,
++    float_round_up           = 2,
++    float_round_down         = 3
++};
++
++/*----------------------------------------------------------------------------
++| Software IEC/IEEE floating-point exception flags.
++*----------------------------------------------------------------------------*/
++extern int float_exception_flags;
++enum {
++    float_flag_inexact   =  1,
++    float_flag_divbyzero =  2,
++    float_flag_underflow =  4,
++    float_flag_overflow  =  8,
++    float_flag_invalid   = 16
++};
++
++/*----------------------------------------------------------------------------
++| Routine to raise any or all of the software IEC/IEEE floating-point
++| exception flags.
++*----------------------------------------------------------------------------*/
++void float_raise( int );
++
++/*----------------------------------------------------------------------------
++| Software IEC/IEEE integer-to-floating-point conversion routines.
++*----------------------------------------------------------------------------*/
++float32 int32_to_float32( int );
++float64 int32_to_float64( int );
++#ifdef FLOATX80
++floatx80 int32_to_floatx80( int );
++#endif
++#ifdef FLOAT128
++float128 int32_to_float128( int );
++#endif
++float32 int64_to_float32( long long );
++float64 int64_to_float64( long long );
++#ifdef FLOATX80
++floatx80 int64_to_floatx80( long long );
++#endif
++#ifdef FLOAT128
++float128 int64_to_float128( long long );
++#endif
++
++/*----------------------------------------------------------------------------
++| Software IEC/IEEE single-precision conversion routines.
++*----------------------------------------------------------------------------*/
++int float32_to_int32( float32 );
++int float32_to_int32_round_to_zero( float32 );
++long long float32_to_int64( float32 );
++long long float32_to_int64_round_to_zero( float32 );
++float64 float32_to_float64( float32 );
++#ifdef FLOATX80
++floatx80 float32_to_floatx80( float32 );
++#endif
++#ifdef FLOAT128
++float128 float32_to_float128( float32 );
++#endif
++
++/*----------------------------------------------------------------------------
++| Software IEC/IEEE single-precision operations.
++*----------------------------------------------------------------------------*/
++float32 float32_round_to_int( float32 );
++float32 float32_add( float32, float32 );
++float32 float32_sub( float32, float32 );
++float32 float32_mul( float32, float32 );
++float32 float32_div( float32, float32 );
++float32 float32_rem( float32, float32 );
++float32 float32_sqrt( float32 );
++int float32_eq( float32, float32 );
++int float32_le( float32, float32 );
++int float32_lt( float32, float32 );
++int float32_eq_signaling( float32, float32 );
++int float32_le_quiet( float32, float32 );
++int float32_lt_quiet( float32, float32 );
++int float32_is_signaling_nan( float32 );
++
++/*----------------------------------------------------------------------------
++| Software IEC/IEEE double-precision conversion routines.
++*----------------------------------------------------------------------------*/
++int float64_to_int32( float64 );
++int float64_to_int32_round_to_zero( float64 );
++long long float64_to_int64( float64 );
++long long float64_to_int64_round_to_zero( float64 );
++float32 float64_to_float32( float64 );
++#ifdef FLOATX80
++floatx80 float64_to_floatx80( float64 );
++#endif
++#ifdef FLOAT128
++float128 float64_to_float128( float64 );
++#endif
++
++/*----------------------------------------------------------------------------
++| Software IEC/IEEE double-precision operations.
++*----------------------------------------------------------------------------*/
++float64 float64_round_to_int( float64 );
++float64 float64_add( float64, float64 );
++float64 float64_sub( float64, float64 );
++float64 float64_mul( float64, float64 );
++float64 float64_div( float64, float64 );
++float64 float64_rem( float64, float64 );
++float64 float64_sqrt( float64 );
++int float64_eq( float64, float64 );
++int float64_le( float64, float64 );
++int float64_lt( float64, float64 );
++int float64_eq_signaling( float64, float64 );
++int float64_le_quiet( float64, float64 );
++int float64_lt_quiet( float64, float64 );
++int float64_is_signaling_nan( float64 );
++
++#ifdef FLOATX80
++
++/*----------------------------------------------------------------------------
++| Software IEC/IEEE extended double-precision conversion routines.
++*----------------------------------------------------------------------------*/
++int floatx80_to_int32( floatx80 );
++int floatx80_to_int32_round_to_zero( floatx80 );
++long long floatx80_to_int64( floatx80 );
++long long floatx80_to_int64_round_to_zero( floatx80 );
++float32 floatx80_to_float32( floatx80 );
++float64 floatx80_to_float64( floatx80 );
++#ifdef FLOAT128
++float128 floatx80_to_float128( floatx80 );
++#endif
++
++/*----------------------------------------------------------------------------
++| Software IEC/IEEE extended double-precision rounding precision.  Valid
++| values are 32, 64, and 80.
++*----------------------------------------------------------------------------*/
++extern int floatx80_rounding_precision;
++
++/*----------------------------------------------------------------------------
++| Software IEC/IEEE extended double-precision operations.
++*----------------------------------------------------------------------------*/
++floatx80 floatx80_round_to_int( floatx80 );
++floatx80 floatx80_add( floatx80, floatx80 );
++floatx80 floatx80_sub( floatx80, floatx80 );
++floatx80 floatx80_mul( floatx80, floatx80 );
++floatx80 floatx80_div( floatx80, floatx80 );
++floatx80 floatx80_rem( floatx80, floatx80 );
++floatx80 floatx80_sqrt( floatx80 );
++int floatx80_eq( floatx80, floatx80 );
++int floatx80_le( floatx80, floatx80 );
++int floatx80_lt( floatx80, floatx80 );
++int floatx80_eq_signaling( floatx80, floatx80 );
++int floatx80_le_quiet( floatx80, floatx80 );
++int floatx80_lt_quiet( floatx80, floatx80 );
++int floatx80_is_signaling_nan( floatx80 );
++
++#endif
++
++#ifdef FLOAT128
++
++/*----------------------------------------------------------------------------
++| Software IEC/IEEE quadruple-precision conversion routines.
++*----------------------------------------------------------------------------*/
++int float128_to_int32( float128 );
++int float128_to_int32_round_to_zero( float128 );
++long long float128_to_int64( float128 );
++long long float128_to_int64_round_to_zero( float128 );
++float32 float128_to_float32( float128 );
++float64 float128_to_float64( float128 );
++#ifdef FLOATX80
++floatx80 float128_to_floatx80( float128 );
++#endif
++
++/*----------------------------------------------------------------------------
++| Software IEC/IEEE quadruple-precision operations.
++*----------------------------------------------------------------------------*/
++float128 float128_round_to_int( float128 );
++float128 float128_add( float128, float128 );
++float128 float128_sub( float128, float128 );
++float128 float128_mul( float128, float128 );
++float128 float128_div( float128, float128 );
++float128 float128_rem( float128, float128 );
++float128 float128_sqrt( float128 );
++int float128_eq( float128, float128 );
++int float128_le( float128, float128 );
++int float128_lt( float128, float128 );
++int float128_eq_signaling( float128, float128 );
++int float128_le_quiet( float128, float128 );
++int float128_lt_quiet( float128, float128 );
++int float128_is_signaling_nan( float128 );
++
++#endif
++
+-- 
+1.5.4
+
diff --git a/recipes-extended/testfloat/files/TestFloat-powerpc-E500v2-SPE-1.patch b/recipes-extended/testfloat/files/TestFloat-powerpc-E500v2-SPE-1.patch
new file mode 100644
index 0000000..c34421c
--- /dev/null
+++ b/recipes-extended/testfloat/files/TestFloat-powerpc-E500v2-SPE-1.patch
@@ -0,0 +1,1644 @@
+This patch adds PowerPC E500v2 SPE support in TestFloat.
+And it disables the testing for hardware that can not trigger SPE interrupt.
+
+Signed-off-by: Ebony Zhu <ebony.zhu@freescale.com>
+Signed-off-by: Liu Yu <Yu.Liu@freescale.com>
+---
+ processors/POWERPC-gcc.h                |   99 +++++
+ testfloat/powerpc-linux-gcc/Makefile    |   83 +++++
+ testfloat/powerpc-linux-gcc/milieu.h    |   71 ++++
+ testfloat/powerpc-linux-gcc/systflags.c |  107 ++++++
+ testfloat/powerpc-linux-gcc/systfloat.c |  595 +++++++++++++++++++++++++++++++
+ testfloat/powerpc-linux-gcc/systmodes.c |   67 ++++
+ testfloat/templates/Makefile            |   18 +-
+ testfloat/templates/milieu.h            |    2 +-
+ testfloat/testFunction.h                |    2 +-
+ testfloat/testLoops.c                   |  216 +++++++++++
+ 10 files changed, 1252 insertions(+), 8 deletions(-)
+ create mode 100644 processors/POWERPC-gcc.h
+ create mode 100644 testfloat/powerpc-linux-gcc/Makefile
+ create mode 100644 testfloat/powerpc-linux-gcc/milieu.h
+ create mode 100644 testfloat/powerpc-linux-gcc/systflags.c
+ create mode 100644 testfloat/powerpc-linux-gcc/systfloat.c
+ create mode 100644 testfloat/powerpc-linux-gcc/systmodes.c
+
+diff --git a/processors/POWERPC-gcc.h b/processors/POWERPC-gcc.h
+new file mode 100644
+index 0000000..4201faa
+--- /dev/null
++++ b/processors/POWERPC-gcc.h
+@@ -0,0 +1,99 @@
++/*
++ * This file is derived from processors/i386-GCC.h,
++ * the copyright for that material belongs to the original owners.
++ *
++ * Additional material and changes where applicable is:
++ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved.
++ *
++ * Author: Ebony Zhu,  <ebony.zhu@freescale.com>
++ *         Yu Liu,     <yu.liu@freescale.com>
++ *
++ * THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE.  Although reasonable effort has
++ * been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT TIMES
++ * RESULT IN INCORRECT BEHAVIOR.  USE OF THIS SOFTWARE IS RESTRICTED TO PERSONS
++ * AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ALL LOSSES,
++ * COSTS, OR OTHER PROBLEMS THEY INCUR DUE TO THE SOFTWARE, AND WHO FURTHERMORE
++ * EFFECTIVELY INDEMNIFY JOHN HAUSER AND THE INTERNATIONAL COMPUTER SCIENCE
++ * INSTITUTE (possibly via similar legal warning) AGAINST ALL LOSSES, COSTS, OR
++ * OTHER PROBLEMS INCURRED BY THEIR CUSTOMERS AND CLIENTS DUE TO THE SOFTWARE.
++ */
++
++/*
++-------------------------------------------------------------------------------
++One of the macros `BIGENDIAN' or `LITTLEENDIAN' must be defined.
++-------------------------------------------------------------------------------
++*/
++#define BIGENDIAN
++
++/*
++-------------------------------------------------------------------------------
++The macro `BITS64' can be defined to indicate that 64-bit integer types are
++supported by the compiler.
++-------------------------------------------------------------------------------
++*/
++#undef BITS64
++
++/*
++-------------------------------------------------------------------------------
++Each of the following `typedef's defines the most convenient type that holds
++integers of at least as many bits as specified.  For example, `uint8' should
++be the most convenient type that can hold unsigned integers of as many as
++8 bits.  The `flag' type must be able to hold either a 0 or 1.  For most
++implementations of C, `flag', `uint8', and `int8' should all be `typedef'ed
++to the same as `int'.
++-------------------------------------------------------------------------------
++*/
++typedef int flag;
++typedef int uint8;
++typedef int int8;
++typedef int uint16;
++typedef int int16;
++typedef unsigned int uint32;
++typedef signed int int32;
++#ifdef BITS64
++typedef unsigned long long int uint64;
++typedef signed long long int int64;
++#endif
++
++/*
++-------------------------------------------------------------------------------
++Each of the following `typedef's defines a type that holds integers
++of _exactly_ the number of bits specified.  For instance, for most
++implementation of C, `bits16' and `sbits16' should be `typedef'ed to
++`unsigned short int' and `signed short int' (or `short int'), respectively.
++-------------------------------------------------------------------------------
++*/
++typedef unsigned char bits8;
++typedef signed char sbits8;
++typedef unsigned short int bits16;
++typedef signed short int sbits16;
++typedef unsigned int bits32;
++typedef signed int sbits32;
++#ifdef BITS64
++typedef unsigned long long int bits64;
++typedef signed long long int sbits64;
++#endif
++
++#ifdef BITS64
++/*
++-------------------------------------------------------------------------------
++The `LIT64' macro takes as its argument a textual integer literal and
++if necessary ``marks'' the literal as having a 64-bit integer type.
++For example, the GNU C Compiler (`gcc') requires that 64-bit literals be
++appended with the letters `LL' standing for `long long', which is `gcc's
++name for the 64-bit integer type.  Some compilers may allow `LIT64' to be
++defined as the identity macro:  `#define LIT64( a ) a'.
++-------------------------------------------------------------------------------
++*/
++#define LIT64( a ) a##LL
++#endif
++
++/*
++-------------------------------------------------------------------------------
++The macro `INLINE' can be used before functions that should be inlined.  If
++a compiler does not support explicit inlining, this macro should be defined
++to be `static'.
++-------------------------------------------------------------------------------
++*/
++#define INLINE extern inline
++
+diff --git a/testfloat/powerpc-linux-gcc/Makefile b/testfloat/powerpc-linux-gcc/Makefile
+new file mode 100644
+index 0000000..de50aad
+--- /dev/null
++++ b/testfloat/powerpc-linux-gcc/Makefile
+@@ -0,0 +1,83 @@
++
++PROCESSOR_H = ../../processors/POWERPC-gcc.h
++SOFTFLOAT_VERSION = bits32
++TARGET = powerpc-GCC
++SOFTFLOAT_DIR = ../../SoftFloat-2b/softfloat/$(SOFTFLOAT_VERSION)/$(TARGET)
++
++OBJ = .o
++EXE =
++INCLUDES = -I. -I.. -I$(SOFTFLOAT_DIR)
++
++COMPILE_C = $(COMPILE_PREFIX)gcc -c -o $@ $(INCLUDES) -I- -O $(EXTRA_CFLAGS)
++
++COMPILE_C_HARD = $(COMPILE_PREFIX)gcc -c -te500v2 -o $@ $(INCLUDES)
++
++COMPILE_SLOWFLOAT_C = $(COMPILE_PREFIX)gcc -c -o $@ $(INCLUDES) -I- -O
++
++LINK = $(COMPILE_PREFIX)gcc -lm -o $@
++
++SOFTFLOAT_H = $(SOFTFLOAT_DIR)/softfloat.h
++SOFTFLOAT_OBJ = $(SOFTFLOAT_DIR)/softfloat$(OBJ)
++
++ALL: testsoftfloat$(EXE) testfloat$(EXE)
++
++systmodes$(OBJ): milieu.h systmodes.c
++       $(COMPILE_C) systmodes.c
++
++systflags$(OBJ): milieu.h ../systflags.h systflags.c
++       $(COMPILE_C) systflags.c
++
++systfloat$(OBJ): milieu.h $(SOFTFLOAT_H) ../systfloat.h systfloat.c
++       $(COMPILE_C_HARD) systfloat.c
++
++#------------------------------------------------------------------------------
++# Probably O.K. below here.
++#------------------------------------------------------------------------------
++
++milieu.h: $(PROCESSOR_H)
++       touch milieu.h
++
++fail$(OBJ): milieu.h ../fail.h
++       $(COMPILE_C) ../fail.c
++
++random$(OBJ): milieu.h ../random.h
++       $(COMPILE_C) ../random.c
++
++testCases$(OBJ): milieu.h ../fail.h ../random.h $(SOFTFLOAT_H) ../testCases.h ../testCases.c
++       $(COMPILE_C) ../testCases.c
++
++writeHex$(OBJ): milieu.h $(SOFTFLOAT_H) ../writeHex.h ../writeHex.c
++       $(COMPILE_C) ../writeHex.c
++
++testLoops$(OBJ): milieu.h $(SOFTFLOAT_H) ../testCases.h ../writeHex.h ../testLoops.h ../testLoops.c
++       $(COMPILE_C) ../testLoops.c
++
++slowfloat$(OBJ): milieu.h $(SOFTFLOAT_H) ../slowfloat.h ../slowfloat-32.c ../slowfloat-64.c ../slowfloat.c
++       $(COMPILE_SLOWFLOAT_C) ../slowfloat.c
++
++testsoftfloat$(OBJ): milieu.h ../fail.h $(SOFTFLOAT_H) ../testCases.h ../testLoops.h ../slowfloat.h ../testsoftfloat.c
++       $(COMPILE_C) ../testsoftfloat.c
++
++testsoftfloat$(EXE): fail$(OBJ) random$(OBJ) $(SOFTFLOAT_OBJ) testCases$(OBJ) writeHex$(OBJ) testLoops$(OBJ) slowfloat$(OBJ) testsoftfloat$(OBJ) systflags$(OBJ) systmodes$(OBJ)
++       $(LINK) fail$(OBJ) random$(OBJ) $(SOFTFLOAT_OBJ) testCases$(OBJ) writeHex$(OBJ) testLoops$(OBJ) slowfloat$(OBJ) testsoftfloat$(OBJ) systflags$(OBJ) systmodes$(OBJ)
++
++testFunction$(OBJ): milieu.h $(SOFTFLOAT_H) ../testCases.h ../testLoops.h ../systmodes.h ../systflags.h ../systfloat.h ../testFunction.h ../testFunction.c
++       $(COMPILE_C) ../testFunction.c
++
++testfloat$(OBJ): milieu.h ../fail.h $(SOFTFLOAT_H) ../testCases.h ../testLoops.h ../systflags.h ../testFunction.h ../testfloat.c
++       $(COMPILE_C) ../testfloat.c
++
++testfloat$(EXE): fail$(OBJ) random$(OBJ) $(SOFTFLOAT_OBJ) testCases$(OBJ) writeHex$(OBJ) testLoops$(OBJ) systmodes$(OBJ) systflags$(OBJ) systfloat$(OBJ) testFunction$(OBJ) testfloat$(OBJ)
++       $(LINK) fail$(OBJ) random$(OBJ) $(SOFTFLOAT_OBJ) testCases$(OBJ) writeHex$(OBJ) testLoops$(OBJ) systmodes$(OBJ) systflags$(OBJ) systfloat$(OBJ) testFunction$(OBJ) testfloat$(OBJ)
++
++$(SOFTFLOAT_OBJ):
++       make -C $(SOFTFLOAT_DIR)
++
++cp: ALL
++       cp  testsoftfloat$(EXE) ../../test_softfloat$(EXE)
++       cp  testfloat$(EXE)  ../../test_float$(EXE)
++
++clean:
++       make -C $(SOFTFLOAT_DIR) clean
++       rm -f *.o testfloat$(EXE) testsoftfloat$(EXE) 
++       rm -f ../../test_softfloat$(EXE) ../../test_float$(EXE)
+diff --git a/testfloat/powerpc-linux-gcc/milieu.h b/testfloat/powerpc-linux-gcc/milieu.h
+new file mode 100644
+index 0000000..29d2b18
+--- /dev/null
++++ b/testfloat/powerpc-linux-gcc/milieu.h
+@@ -0,0 +1,71 @@
++/*
++ * This file is derived from testfloat/386-Win32-gcc/milieu.h,
++ * the copyright for that material belongs to the original owners.
++ *
++ * Additional material and changes where applicable is:
++ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved.
++ *
++ * Author: Ebony Zhu,  <ebony.zhu@freescale.com>
++ *         Yu Liu,     <yu.liu@freescale.com>
++ */
++
++/*
++===============================================================================
++
++This C header file is part of TestFloat, Release 2a, a package of programs
++for testing the correctness of floating-point arithmetic complying to the
++IEC/IEEE Standard for Floating-Point.
++
++Written by John R. Hauser.  More information is available through the Web
++page `http://HTTP.CS.Berkeley.EDU/~jhauser/arithmetic/TestFloat.html'.
++
++THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE.  Although reasonable effort
++has been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT
++TIMES RESULT IN INCORRECT BEHAVIOR.  USE OF THIS SOFTWARE IS RESTRICTED TO
++PERSONS AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ANY
++AND ALL LOSSES, COSTS, OR OTHER PROBLEMS ARISING FROM ITS USE.
++
++Derivative works are acceptable, even for commercial purposes, so long as
++(1) they include prominent notice that the work is derivative, and (2) they
++include prominent notice akin to these four paragraphs for those parts of
++this code that are retained.
++
++===============================================================================
++*/
++
++/*
++-------------------------------------------------------------------------------
++Include common integer types and flags.
++-------------------------------------------------------------------------------
++*/
++#include "../../processors/POWERPC-gcc.h"
++/*
++-------------------------------------------------------------------------------
++If the `BITS64' macro is defined by the processor header file but the
++version of SoftFloat being used/tested is the 32-bit one (`bits32'), the
++`BITS64' macro must be undefined here.
++-------------------------------------------------------------------------------
++*/
++
++#undef BITS64
++/*
++-------------------------------------------------------------------------------
++The macro `LONG_DOUBLE_IS_FLOATX80' can be defined to indicate that the
++C compiler supports the type `long double' as an extended double-precision
++format.  Alternatively, the macro `LONG_DOUBLE_IS_FLOAT128' can be defined
++to indicate that `long double' is a quadruple-precision format.  If neither
++of these macros is defined, `long double' will be ignored.
++-------------------------------------------------------------------------------
++#define LONG_DOUBLE_IS_FLOATX80
++*/
++
++/*
++-------------------------------------------------------------------------------
++Symbolic Boolean literals.
++-------------------------------------------------------------------------------
++*/
++enum {
++    FALSE = 0,
++    TRUE  = 1
++};
++
+diff --git a/testfloat/powerpc-linux-gcc/systflags.c b/testfloat/powerpc-linux-gcc/systflags.c
+new file mode 100644
+index 0000000..c382442
+--- /dev/null
++++ b/testfloat/powerpc-linux-gcc/systflags.c
+@@ -0,0 +1,107 @@
++/*
++ * This file is derived from testfloat/386-Win32-gcc/systflags.c,
++ * the copyright for that material belongs to the original owners.
++ *
++ * Additional material and changes where applicable is:
++ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved.
++ *
++ * Author: Ebony Zhu,  <ebony.zhu@freescale.com>
++ *         Yu Liu,     <yu.liu@freescale.com>
++ */
++
++/*
++===============================================================================
++
++This C source file is part of TestFloat, Release 2a, a package of programs
++for testing the correctness of floating-point arithmetic complying to the
++IEC/IEEE Standard for Floating-Point.
++
++Written by John R. Hauser.  More information is available through the Web
++page `http://HTTP.CS.Berkeley.EDU/~jhauser/arithmetic/TestFloat.html'.
++
++THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE.  Although reasonable effort
++has been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT
++TIMES RESULT IN INCORRECT BEHAVIOR.  USE OF THIS SOFTWARE IS RESTRICTED TO
++PERSONS AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ANY
++AND ALL LOSSES, COSTS, OR OTHER PROBLEMS ARISING FROM ITS USE.
++
++Derivative works are acceptable, even for commercial purposes, so long as
++(1) they include prominent notice that the work is derivative, and (2) they
++include prominent notice akin to these four paragraphs for those parts of
++this code that are retained.
++
++===============================================================================
++*/
++
++#include "milieu.h"
++#include "systflags.h"
++#include <fenv.h>
++#include <stdio.h>
++#include <math.h>
++#include <bits/nan.h>
++#include <bits/inf.h>
++
++#ifdef __SPE__
++
++#include <spe.h>
++
++
++#define SPE_FINV_ENABLE                (1UL << 5)
++#define SPE_FDBZ_ENABLE                (1UL << 4)
++#define SPE_FUNF_ENABLE                (1UL << 3)
++#define SPE_FOVF_ENABLE                (1UL << 2)
++
++#define SPE_FG                 (1UL << 13)
++#define SPE_FX                 (1UL << 12)
++#define SPE_FINV               (1UL << 11)
++#define SPE_FDBZ               (1UL << 10)
++#define SPE_FUNF               (1UL << 9)
++#define SPE_FOVF               (1UL << 8)
++
++#define SPE_FG_H               (1UL << 29)
++#define SPE_FX_H               (1UL << 28)
++#define SPE_FINV_H             (1UL << 27)
++#define SPE_FDBZ_H             (1UL << 26)
++#define SPE_FUNF_H             (1UL << 25)
++#define SPE_FOVF_H             (1UL << 24)
++
++static int is_soft_emu = 0;
++
++#endif
++/*
++-------------------------------------------------------------------------------
++Clears the system's IEC/IEEE floating-point exception flags.  Returns the
++previous value of the flags.
++-------------------------------------------------------------------------------
++*/
++extern int rounding;
++unsigned int spefscr = 0;
++
++int8 syst_float_flags_clear( void )
++{
++#ifdef TEST_KERNEL_EMU
++       if( (spefscr & (SPE_FINV | SPE_FINV_H))
++          || (spefscr & (SPE_FDBZ | SPE_FDBZ_H))
++          || (spefscr & (SPE_FUNF | SPE_FUNF_H))
++          || (spefscr & (SPE_FOVF | SPE_FOVF_H))
++          || (spefscr & (SPE_FX | SPE_FG | SPE_FX_H | SPE_FG_H))){ 
++               is_soft_emu = 1;
++       } else {
++               is_soft_emu = 0;
++       }
++#endif 
++       __builtin_spe_mtspefscr(0x3c|(rounding & 0x3));
++
++       return ((spefscr>>17) & 0x1f);
++}
++
++int syst_float_is_soft_emu(void)
++{
++       int ret = 0;
++#ifdef TEST_KERNEL_EMU
++       ret = is_soft_emu;
++#endif
++       return ret;
++}
++
++
+diff --git a/testfloat/powerpc-linux-gcc/systfloat.c b/testfloat/powerpc-linux-gcc/systfloat.c
+new file mode 100644
+index 0000000..8d06f9f
+--- /dev/null
++++ b/testfloat/powerpc-linux-gcc/systfloat.c
+@@ -0,0 +1,595 @@
++/*
++ * This file is derived from testfloat/systfloat.c,
++ * the copyright for that material belongs to the original owners.
++ *
++ * Additional material and changes where applicable is:
++ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved.
++ *
++ * Author: Ebony Zhu,  <ebony.zhu@freescale.com>
++ *         Yu Liu,     <yu.liu@freescale.com>
++ */
++
++/*
++===============================================================================
++
++This C source file is part of TestFloat, Release 2a, a package of programs
++for testing the correctness of floating-point arithmetic complying to the
++IEC/IEEE Standard for Floating-Point.
++
++Written by John R. Hauser.  More information is available through the Web
++page `http://HTTP.CS.Berkeley.EDU/~jhauser/arithmetic/TestFloat.html'.
++
++THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE.  Although reasonable effort
++has been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT
++TIMES RESULT IN INCORRECT BEHAVIOR.  USE OF THIS SOFTWARE IS RESTRICTED TO
++PERSONS AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ANY
++AND ALL LOSSES, COSTS, OR OTHER PROBLEMS ARISING FROM ITS USE.
++
++Derivative works are acceptable, even for commercial purposes, so long as
++(1) they include prominent notice that the work is derivative, and (2) they
++include prominent notice akin to these four paragraphs for those parts of
++this code that are retained.
++
++===============================================================================
++*/
++
++#include <math.h>
++#include "milieu.h"
++#include "softfloat.h"
++#include "systfloat.h"
++
++extern unsigned int spefscr;
++
++float32 syst_int32_to_float32( int32 a )
++{
++    float32 z;
++
++    *( (float *) &z ) = a;
++    spefscr = __builtin_spe_mfspefscr();
++    return z;
++
++}
++
++float64 syst_int32_to_float64( int32 a )
++{
++    float64 z;
++
++    *( (double *) &z ) = a;
++    spefscr = __builtin_spe_mfspefscr();
++    return z;
++
++}
++
++#if defined( FLOATX80 ) && defined( LONG_DOUBLE_IS_FLOATX80 )
++
++floatx80 syst_int32_to_floatx80( int32 a )
++{
++    floatx80 z;
++
++    *( (long double *) &z ) = a;
++    return z;
++
++}
++
++#endif
++
++#if defined( FLOAT128 ) && defined( LONG_DOUBLE_IS_FLOAT128 )
++
++float128 syst_int32_to_float128( int32 a )
++{
++    float128 z;
++
++    *( (long double *) &z ) = a;
++    return z;
++
++}
++
++#endif
++
++#ifdef BITS64
++
++float32 syst_int64_to_float32( int64 a )
++{
++    float32 z;
++
++    *( (float *) &z ) = a;
++    spefscr = __builtin_spe_mfspefscr();
++    return z;
++
++}
++
++float64 syst_int64_to_float64( int64 a )
++{
++    float64 z;
++
++    *( (double *) &z ) = a;
++    spefscr = __builtin_spe_mfspefscr();
++    return z;
++
++}
++
++#if defined( FLOATX80 ) && defined( LONG_DOUBLE_IS_FLOATX80 )
++
++floatx80 syst_int64_to_floatx80( int64 a )
++{
++    floatx80 z;
++
++    *( (long double *) &z ) = a;
++    return z;
++
++}
++
++#endif
++
++#if defined( FLOAT128 ) && defined( LONG_DOUBLE_IS_FLOAT128 )
++
++float128 syst_int64_to_float128( int64 a )
++{
++    float128 z;
++
++    *( (long double *) &z ) = a;
++    return z;
++
++}
++
++#endif
++
++#endif
++
++int32 syst_float32_to_int32_round_to_zero( float32 a )
++{
++    int32 z = *( (float *) &a );
++    spefscr = __builtin_spe_mfspefscr();
++
++    return z;
++
++}
++
++#ifdef BITS64
++
++int64 syst_float32_to_int64_round_to_zero( float32 a )
++{
++    int64 z = *( (float *) &a );
++    spefscr = __builtin_spe_mfspefscr();
++    return z;
++
++}
++
++#endif
++
++float64 syst_float32_to_float64( float32 a )
++{
++    float64 z;
++
++    *( (double *) &z ) = *( (float *) &a );
++    spefscr = __builtin_spe_mfspefscr();
++    return z;
++
++}
++
++#if defined( FLOATX80 ) && defined( LONG_DOUBLE_IS_FLOATX80 )
++
++floatx80 syst_float32_to_floatx80( float32 a )
++{
++    floatx80 z;
++
++    *( (long double *) &z ) = *( (float *) &a );
++    return z;
++
++}
++
++#endif
++
++#if defined( FLOAT128 ) && defined( LONG_DOUBLE_IS_FLOAT128 )
++
++float128 syst_float32_to_float128( float32 a )
++{
++    float128 z;
++
++    *( (long double *) &z ) = *( (float *) &a );
++    return z;
++
++}
++
++#endif
++
++float32 syst_float32_add( float32 a, float32 b )
++{
++    float32 z;
++
++    *( (float *) &z ) = *( (float *) &a ) + *( (float *) &b );
++    spefscr = __builtin_spe_mfspefscr();
++    return z;
++
++}
++
++float32 syst_float32_sub( float32 a, float32 b )
++{
++    float32 z;
++
++    *( (float *) &z ) = *( (float *) &a ) - *( (float *) &b );
++    spefscr = __builtin_spe_mfspefscr();
++    return z;
++
++}
++
++float32 syst_float32_mul( float32 a, float32 b )
++{
++    float32 z;
++
++    *( (float *) &z ) = *( (float *) &a ) * *( (float *) &b );
++    spefscr = __builtin_spe_mfspefscr();
++    return z;
++
++}
++
++float32 syst_float32_div( float32 a, float32 b )
++{
++    float32 z;
++
++    *( (float *) &z ) = *( (float *) &a ) / *( (float *) &b );
++    spefscr = __builtin_spe_mfspefscr();
++    return z;
++
++}
++
++flag syst_float32_eq( float32 a, float32 b )
++{
++    flag f = ( *( (float *) &a ) == *( (float *) &b ) );
++    spefscr = __builtin_spe_mfspefscr();
++    return f;
++
++}
++
++flag syst_float32_le( float32 a, float32 b )
++{
++    flag f = ( *( (float *) &a ) <= *( (float *) &b ) );
++    spefscr = __builtin_spe_mfspefscr();
++    return f;
++
++}
++
++flag syst_float32_lt( float32 a, float32 b )
++{
++    flag f = ( *( (float *) &a ) < *( (float *) &b ) );
++    spefscr = __builtin_spe_mfspefscr();
++    return f;
++
++}
++
++int32 syst_float64_to_int32_round_to_zero( float64 a )
++{
++    int32 z = *( (double *) &a );
++    spefscr = __builtin_spe_mfspefscr();
++    return z;
++
++}
++
++#ifdef BITS64
++
++int64 syst_float64_to_int64_round_to_zero( float64 a )
++{
++    int64 z = *( (double *) &a );
++    spefscr = __builtin_spe_mfspefscr();
++    return z;
++
++}
++
++#endif
++
++float32 syst_float64_to_float32( float64 a )
++{
++    float32 z;
++
++    *( (float *) &z ) = *( (double *) &a );
++    spefscr = __builtin_spe_mfspefscr();
++    return z;
++
++}
++
++#if defined( FLOATX80 ) && defined( LONG_DOUBLE_IS_FLOATX80 )
++
++floatx80 syst_float64_to_floatx80( float64 a )
++{
++    floatx80 z;
++
++    *( (long double *) &z ) = *( (double *) &a );
++    return z;
++
++}
++
++#endif
++
++#if defined( FLOAT128 ) && defined( LONG_DOUBLE_IS_FLOAT128 )
++
++float128 syst_float64_to_float128( float64 a )
++{
++    float128 z;
++
++    *( (long double *) &z ) = *( (double *) &a );
++    return z;
++
++}
++
++#endif
++
++float64 syst_float64_add( float64 a, float64 b )
++{
++    float64 z;
++
++    *( (double *) &z ) = *( (double *) &a ) + *( (double *) &b );
++    spefscr = __builtin_spe_mfspefscr();
++    return z;
++
++}
++
++float64 syst_float64_sub( float64 a, float64 b )
++{
++    float64 z;
++
++    *( (double *) &z ) = *( (double *) &a ) - *( (double *) &b );
++    spefscr = __builtin_spe_mfspefscr();
++    return z;
++
++}
++
++float64 syst_float64_mul( float64 a, float64 b )
++{
++    float64 z;
++
++    *( (double *) &z ) = *( (double *) &a ) * *( (double *) &b );
++    spefscr = __builtin_spe_mfspefscr();
++    return z;
++
++}
++
++float64 syst_float64_div( float64 a, float64 b )
++{
++    float64 z;
++
++    *( (double *) &z ) = *( (double *) &a ) / *( (double *) &b );
++    spefscr = __builtin_spe_mfspefscr();
++    return z;
++
++}
++
++float64 syst_float64_sqrt( float64 a )
++{
++       /* Ebony
++    float64 z;
++
++    *( (double *) &z ) = sqrt( *( (double *) &a ) );
++    spefscr = __builtin_spe_mfspefscr();
++    return z;
++    */
++
++}
++
++flag syst_float64_eq( float64 a, float64 b )
++{
++    flag f = ( *( (double *) &a ) == *( (double *) &b ) );
++    spefscr = __builtin_spe_mfspefscr();
++    return f;
++
++}
++
++flag syst_float64_le( float64 a, float64 b )
++{
++    flag f = ( *( (double *) &a ) <= *( (double *) &b ) );
++    spefscr = __builtin_spe_mfspefscr();
++    return f;
++
++}
++
++flag syst_float64_lt( float64 a, float64 b )
++{
++    flag f = ( *( (double *) &a ) < *( (double *) &b ) );
++    spefscr = __builtin_spe_mfspefscr();
++    return f;
++
++}
++
++#if defined( FLOATX80 ) && defined( LONG_DOUBLE_IS_FLOATX80 )
++
++int32 syst_floatx80_to_int32_round_to_zero( floatx80 a )
++{
++
++    return *( (long double *) &a );
++
++}
++
++#ifdef BITS64
++
++int64 syst_floatx80_to_int64_round_to_zero( floatx80 a )
++{
++
++    return *( (long double *) &a );
++
++}
++
++#endif
++
++float32 syst_floatx80_to_float32( floatx80 a )
++{
++    float32 z;
++
++    *( (float *) &z ) = *( (long double *) &a );
++    return z;
++
++}
++
++float64 syst_floatx80_to_float64( floatx80 a )
++{
++    float64 z;
++
++    *( (double *) &z ) = *( (long double *) &a );
++    return z;
++
++}
++
++floatx80 syst_floatx80_add( floatx80 a, floatx80 b )
++{
++    floatx80 z;
++
++    *( (long double *) &z ) =
++        *( (long double *) &a ) + *( (long double *) &b );
++    return z;
++
++}
++
++floatx80 syst_floatx80_sub( floatx80 a, floatx80 b )
++{
++    floatx80 z;
++
++    *( (long double *) &z ) =
++        *( (long double *) &a ) - *( (long double *) &b );
++    return z;
++
++}
++
++floatx80 syst_floatx80_mul( floatx80 a, floatx80 b )
++{
++    floatx80 z;
++
++    *( (long double *) &z ) =
++        *( (long double *) &a ) * *( (long double *) &b );
++    return z;
++
++}
++
++floatx80 syst_floatx80_div( floatx80 a, floatx80 b )
++{
++    floatx80 z;
++
++    *( (long double *) &z ) =
++        *( (long double *) &a ) / *( (long double *) &b );
++    spefscr = __builtin_spe_mfspefscr();
++    return z;
++
++}
++
++flag syst_floatx80_eq( floatx80 a, floatx80 b )
++{
++
++    return ( *( (long double *) &a ) == *( (long double *) &b ) );
++
++}
++
++flag syst_floatx80_le( floatx80 a, floatx80 b )
++{
++
++    return ( *( (long double *) &a ) <= *( (long double *) &b ) );
++
++}
++
++flag syst_floatx80_lt( floatx80 a, floatx80 b )
++{
++
++    return ( *( (long double *) &a ) < *( (long double *) &b ) );
++
++}
++
++#endif
++
++#if defined( FLOAT128 ) && defined( LONG_DOUBLE_IS_FLOAT128 )
++
++int32 syst_float128_to_int32_round_to_zero( float128 a )
++{
++
++    return *( (long double *) &a );
++
++}
++
++#ifdef BITS64
++
++int64 syst_float128_to_int64_round_to_zero( float128 a )
++{
++
++    return *( (long double *) &a );
++
++}
++
++#endif
++
++float32 syst_float128_to_float32( float128 a )
++{
++    float32 z;
++
++    *( (float *) &z ) = *( (long double *) &a );
++    return z;
++
++}
++
++float64 syst_float128_to_float64( float128 a )
++{
++    float64 z;
++
++    *( (double *) &z ) = *( (long double *) &a );
++    return z;
++
++}
++
++float128 syst_float128_add( float128 a, float128 b )
++{
++    float128 z;
++
++    *( (long double *) &z ) =
++        *( (long double *) &a ) + *( (long double *) &b );
++    return z;
++
++}
++
++float128 syst_float128_sub( float128 a, float128 b )
++{
++    float128 z;
++
++    *( (long double *) &z ) =
++        *( (long double *) &a ) - *( (long double *) &b );
++    return z;
++
++}
++
++float128 syst_float128_mul( float128 a, float128 b )
++{
++    float128 z;
++
++    *( (long double *) &z ) =
++        *( (long double *) &a ) * *( (long double *) &b );
++    return z;
++
++}
++
++float128 syst_float128_div( float128 a, float128 b )
++{
++    float128 z;
++
++    *( (long double *) &z ) =
++        *( (long double *) &a ) / *( (long double *) &b );
++    spefscr = __builtin_spe_mfspefscr();
++    return z;
++
++}
++
++flag syst_float128_eq( float128 a, float128 b )
++{
++
++    return ( *( (long double *) &a ) == *( (long double *) &b ) );
++
++}
++
++flag syst_float128_le( float128 a, float128 b )
++{
++
++    return ( *( (long double *) &a ) <= *( (long double *) &b ) );
++
++}
++
++flag syst_float128_lt( float128 a, float128 b )
++{
++
++    return ( *( (long double *) &a ) < *( (long double *) &b ) );
++
++}
++
++#endif
++
+diff --git a/testfloat/powerpc-linux-gcc/systmodes.c b/testfloat/powerpc-linux-gcc/systmodes.c
+new file mode 100644
+index 0000000..143cdea
+--- /dev/null
++++ b/testfloat/powerpc-linux-gcc/systmodes.c
+@@ -0,0 +1,67 @@
++/*
++ * This file is derived from testfloat/386-Win32-gcc/systmodes.S,
++ * the copyright for that material belongs to the original owners.
++ *
++ * Additional material and changes where applicable is:
++ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved.
++ *
++ * Author: Ebony Zhu,  <ebony.zhu@freescale.com>
++ *         Yu Liu,     <yu.liu@freescale.com>
++ */
++
++/*
++===============================================================================
++
++This C source file is part of TestFloat, Release 2a, a package of programs
++for testing the correctness of floating-point arithmetic complying to the
++IEC/IEEE Standard for Floating-Point.
++
++Written by John R. Hauser.  More information is available through the Web
++page `http://HTTP.CS.Berkeley.EDU/~jhauser/arithmetic/TestFloat.html'.
++
++THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE.  Although reasonable effort
++has been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT
++TIMES RESULT IN INCORRECT BEHAVIOR.  USE OF THIS SOFTWARE IS RESTRICTED TO
++PERSONS AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ANY
++AND ALL LOSSES, COSTS, OR OTHER PROBLEMS ARISING FROM ITS USE.
++
++Derivative works are acceptable, even for commercial purposes, so long as
++(1) they include prominent notice that the work is derivative, and (2) they
++include prominent notice akin to these four paragraphs for those parts of
++this code that are retained.
++
++===============================================================================
++*/
++
++#include <fenv.h>
++#include "milieu.h"
++#include "systmodes.h"
++/*
++-------------------------------------------------------------------------------
++Sets the system's IEC/IEEE floating-point rounding mode.  Also disables all
++system exception traps.
++-------------------------------------------------------------------------------
++*/
++int rounding;
++
++void syst_float_set_rounding_mode( int8 roundingMode )
++{
++       (void) fesetround ( roundingMode );
++       rounding = roundingMode;
++}
++
++/*
++-------------------------------------------------------------------------------
++Sets the rounding precision of subsequent extended double-precision
++operations.  The `precision' argument should be one of 0, 32, 64, or 80.
++If `precision' is 32, the rounding precision is set equivalent to single
++precision; else if `precision' is 64, the rounding precision is set
++equivalent to double precision; else the rounding precision is set to full
++extended double precision.
++-------------------------------------------------------------------------------
++*/
++void syst_float_set_rounding_precision( int8 precision )
++{
++
++}
++
+diff --git a/testfloat/templates/Makefile b/testfloat/templates/Makefile
+index f5f3cde..18cffe0 100644
+--- a/testfloat/templates/Makefile
++++ b/testfloat/templates/Makefile
+@@ -1,15 +1,21 @@
+ 
+-PROCESSOR_H = ../../processors/!!!processor.h
++#PROCESSOR_H = ../../processors/!!!processor.h
++PROCESSOR_H = ../../processors/POWERPC-gcc.h
+ SOFTFLOAT_VERSION = bits64
+-TARGET = !!!target
+-SOFTFLOAT_DIR = ../../softfloat/$(SOFTFLOAT_VERSION)/$(TARGET)
++
++#TARGET = !!!target
++TARGET = powerpc-GCC
++SOFTFLOAT_DIR = ../../../SoftFloat-2b/softfloat/$(SOFTFLOAT_VERSION)/$(TARGET)
+ 
+ OBJ = .o
+ EXE =
+ INCLUDES = -I. -I.. -I$(SOFTFLOAT_DIR)
+-COMPILE_C = gcc -c -o $@ $(INCLUDES) -I- -O2
+-COMPILE_SLOWFLOAT_C = gcc -c -o $@ $(INCLUDES) -I- -O3
+-LINK = gcc -o $@
++#COMPILE_C = gcc -c -o $@ $(INCLUDES) -I- -O2
++#COMPILE_SLOWFLOAT_C = gcc -c -o $@ $(INCLUDES) -I- -O3
++#LINK = gcc -o $@
++COMPILE_C = /opt/mtwk/usr/local/gcc-3_4-e500-glibc-2.3.4-dp/powerpc-linux-gnuspe/bin/powerpc-linux-gnuspe-gcc -c -o $@ $(INCLUDES) -I- -O2
++COMPILE_SLOWFLOAT_C = /opt/mtwk/usr/local/gcc-3_4-e500-glibc-2.3.4-dp/powerpc-linux-gnuspe/bin/powerpc-linux-gnuspe-gcc -c -o $@ $(INCLUDES) -I- -O3
++LINK = /opt/mtwk/usr/local/gcc-3_4-e500-glibc-2.3.4-dp/powerpc-linux-gnuspe/bin/powerpc-linux-gnuspe-gcc -o $@
+ 
+ SOFTFLOAT_H = $(SOFTFLOAT_DIR)/softfloat.h
+ SOFTFLOAT_OBJ = $(SOFTFLOAT_DIR)/softfloat$(OBJ)
+diff --git a/testfloat/templates/milieu.h b/testfloat/templates/milieu.h
+index 56d3ac4..3214ca8 100644
+--- a/testfloat/templates/milieu.h
++++ b/testfloat/templates/milieu.h
+@@ -28,7 +28,7 @@ this code that are retained.
+ Include common integer types and flags.
+ -------------------------------------------------------------------------------
+ */
+-#include "../../processors/!!!processor.h"
++#include "../../processors/SPARC-gcc.h"
+ 
+ /*
+ -------------------------------------------------------------------------------
+diff --git a/testfloat/testFunction.h b/testfloat/testFunction.h
+index 04bf856..00139a7 100644
+--- a/testfloat/testFunction.h
++++ b/testfloat/testFunction.h
+@@ -126,8 +126,8 @@ extern const flag functionExists[ NUM_FUNCTIONS ];
+ enum {
+     ROUND_NEAREST_EVEN = 1,
+     ROUND_TO_ZERO,
+-    ROUND_DOWN,
+     ROUND_UP,
++    ROUND_DOWN,
+     NUM_ROUNDINGMODES
+ };
+ 
+diff --git a/testfloat/testLoops.c b/testfloat/testLoops.c
+index 8ba92f3..ba05548 100644
+--- a/testfloat/testLoops.c
++++ b/testfloat/testLoops.c
+@@ -488,6 +488,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_int32 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -539,6 +544,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_int32 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -592,6 +602,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_int32 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -647,6 +662,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_int32 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -702,6 +722,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_int64 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -753,6 +778,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_int64 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -806,6 +836,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_int64 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -861,6 +896,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_int64 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -916,6 +956,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_float32 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -973,6 +1018,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_float32 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -1030,6 +1080,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_float32 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -1087,6 +1142,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_float32 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -1146,6 +1206,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_float32 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -1203,6 +1268,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_float32 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -1260,6 +1330,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_float32, testCases_b_float32 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -1312,6 +1387,25 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_float32, testCases_b_float32 );
+         testFlags = testFlagsFunctionPtr();
++
++if(testCases_a_float32 == 0x7ffffe && testCases_b_float32 == 0x3f7ffffe)
++{
++
++                writeErrorFound( 10000 - count );
++                writeInputs_ab_float32();
++                fputs( "  ", stdout );
++                writeOutputs_z_float32( trueZ, trueFlags, testZ, testFlags );
++                fflush( stdout );
++       if (! syst_float_is_soft_emu()){
++               exit(-1);
++       }
++}
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
++        
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -1370,6 +1464,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_float64 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -1427,6 +1526,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_float64 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -1484,6 +1588,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_float64 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -1541,6 +1650,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_float64 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -1600,6 +1714,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_float64 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -1657,6 +1776,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_float64 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -1714,6 +1838,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_float64, testCases_b_float64 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -1766,6 +1895,13 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_float64, testCases_b_float64 );
+         testFlags = testFlagsFunctionPtr();
++
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
++
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -1826,6 +1962,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_floatx80 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -1883,6 +2024,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_floatx80 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -1940,6 +2086,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_floatx80 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -1995,6 +2146,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_floatx80 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -2052,6 +2208,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_floatx80 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -2109,6 +2270,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_floatx80 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -2166,6 +2332,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_floatx80, testCases_b_floatx80 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -2218,6 +2389,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_floatx80, testCases_b_floatx80 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -2280,6 +2456,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_float128 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -2337,6 +2518,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_float128 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -2394,6 +2580,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_float128 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -2449,6 +2640,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_float128 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -2506,6 +2702,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_float128 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -2563,6 +2764,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_float128 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -2620,6 +2826,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_float128, testCases_b_float128 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+@@ -2672,6 +2883,11 @@ void
+         (void) testFlagsFunctionPtr();
+         testZ = testFunction( testCases_a_float128, testCases_b_float128 );
+         testFlags = testFlagsFunctionPtr();
++#ifdef TEST_KERNEL_EMU
++       if (! syst_float_is_soft_emu()){
++               continue;
++       }
++#endif
+         --count;
+         if ( count == 0 ) {
+             checkEarlyExit();
+-- 
+1.5.4
+
diff --git a/recipes-extended/testfloat/files/Yocto-replace-COMPILE_PREFIX-gcc.patch b/recipes-extended/testfloat/files/Yocto-replace-COMPILE_PREFIX-gcc.patch
new file mode 100644
index 0000000..42de56d
--- /dev/null
+++ b/recipes-extended/testfloat/files/Yocto-replace-COMPILE_PREFIX-gcc.patch
@@ -0,0 +1,67 @@
+From 6c7567e05c28b8cb6c7dc68c278950a32feb6f64 Mon Sep 17 00:00:00 2001
+From: Ting Liu <b28495@freescale.com>
+Date: Wed, 9 May 2012 02:42:57 -0500
+Subject: [PATCH] Yocto: replace $(COMPILE_PREFIX)gcc with $(CC) and remove -te500v2 flags
+
+Signed-off-by: Ting Liu <b28495@freescale.com>
+---
+ SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile |    4 ++--
+ SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile |    4 ++--
+ testfloat/powerpc-linux-gcc/Makefile               |    8 ++++----
+ 3 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile
+index 28f1e33..4098048 100644
+--- a/SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile
++++ b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile
+@@ -5,8 +5,8 @@ SOFTFLOAT_MACROS = ../softfloat-macros
+ OBJ = .o
+ EXE =
+ INCLUDES = -I. -I..
+-COMPILE_C = $(COMPILE_PREFIX)gcc -msoft-float -c -o $@ $(INCLUDES) -I- -O2
+-LINK = $(COMPILE_PREFIX)gcc -o $@
++COMPILE_C = $(CC) -msoft-float -c -o $@ $(INCLUDES) -I- -O2
++LINK = $(CC) -o $@
+ 
+ ALL: softfloat$(OBJ) timesoftfloat$(EXE)
+ 
+diff --git a/SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile
+index a5e2cc7..c34e16e 100644
+--- a/SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile
++++ b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile
+@@ -5,8 +5,8 @@ SOFTFLOAT_MACROS = ../softfloat-macros
+ OBJ = .o
+ EXE =
+ INCLUDES = -I. -I..
+-COMPILE_C = $(COMPILE_PREFIX) -mcpu=8548 -mhard-float -mfloat-gprs=double -o $@ $(INCLUDES) -I- -O2
+-LINK = $(COMPILE_PREFIX) -o $@
++COMPILE_C = $(CC) -mcpu=8548 -mhard-float -mfloat-gprs=double -o $@ $(INCLUDES) -I- -O2
++LINK = $(CC) -o $@
+ 
+ ALL: softfloat$(OBJ) timesoftfloat$(EXE)
+ 
+diff --git a/testfloat/powerpc-linux-gcc/Makefile b/testfloat/powerpc-linux-gcc/Makefile
+index de50aad..1a8b5f7 100644
+--- a/testfloat/powerpc-linux-gcc/Makefile
++++ b/testfloat/powerpc-linux-gcc/Makefile
+@@ -8,13 +8,13 @@ OBJ = .o
+ EXE =
+ INCLUDES = -I. -I.. -I$(SOFTFLOAT_DIR)
+ 
+-COMPILE_C = $(COMPILE_PREFIX)gcc -c -o $@ $(INCLUDES) -I- -O $(EXTRA_CFLAGS)
++COMPILE_C = $(CC) -c -o $@ $(INCLUDES) -I- -O $(EXTRA_CFLAGS)
+ 
+-COMPILE_C_HARD = $(COMPILE_PREFIX)gcc -c -te500v2 -o $@ $(INCLUDES)
++COMPILE_C_HARD = $(CC) -c -o $@ $(INCLUDES)
+ 
+-COMPILE_SLOWFLOAT_C = $(COMPILE_PREFIX)gcc -c -o $@ $(INCLUDES) -I- -O
++COMPILE_SLOWFLOAT_C = $(CC) -c -o $@ $(INCLUDES) -I- -O
+ 
+-LINK = $(COMPILE_PREFIX)gcc -lm -o $@
++LINK = $(CC) -lm -o $@
+ 
+ SOFTFLOAT_H = $(SOFTFLOAT_DIR)/softfloat.h
+ SOFTFLOAT_OBJ = $(SOFTFLOAT_DIR)/softfloat$(OBJ)
+-- 
+1.7.3.4
+
diff --git a/recipes-extended/testfloat/testfloat_2a.bb b/recipes-extended/testfloat/testfloat_2a.bb
new file mode 100644
index 0000000..800cef3
--- /dev/null
+++ b/recipes-extended/testfloat/testfloat_2a.bb
@@ -0,0 +1,45 @@
+DESCRIPTION = "A program for testing floating-point implementation"
+LICENSE = "TestFloat"
+
+LIC_FILES_CHKSUM = "file://testfloat/testfloat.txt;beginline=87;endline=95;md5=bdb2e8111838a48015c29bd97f5b6145"
+
+SRC_URI = " http://www.jhauser.us/arithmetic/TestFloat-2a.tar.Z;name=TestFloat \
+            http://www.jhauser.us/arithmetic/SoftFloat-2b.tar.Z;name=SoftFloat \
+          "
+SRC_URI_append_qoriq-ppc = " file://SoftFloat-powerpc-1.patch \
+                              file://TestFloat-powerpc-E500v2-SPE-1.patch \
+                              file://Yocto-replace-COMPILE_PREFIX-gcc.patch \
+                            "
+SRC_URI[TestFloat.md5sum] = "4dc889319ae1e0c5381ec511f784553a"
+SRC_URI[TestFloat.sha256sum] = "84d14aa42adefbda2ec9708b42946f7fa59f93689b042684bd027863481f8e4e"
+SRC_URI[SoftFloat.md5sum] = "b4a58b5c941f1a2317e4c2500086e3fa"
+SRC_URI[SoftFloat.sha256sum] = "89d14b55113a2ba8cbda7011443ba1d298d381c89d939515d56c5f18f2febf81"
+
+S = "${WORKDIR}/TestFloat-2a"
+
+do_unpack2(){
+    mv ${WORKDIR}/SoftFloat-2b ${S}/SoftFloat-2b
+    cd ${S}
+    if [ -n "$(which fromdos)" ];then
+        find -type f -exec fromdos {} \;
+    elif [ -n "$(which dos2unix)" ];then
+        find -type f -exec dos2unix {} \;
+    else
+        echo -e "\nERROR: command dos2unix or fromdos not found\n" && return 1
+    fi
+}
+addtask do_unpack2 after do_unpack before do_patch
+
+do_compile(){
+    oe_runmake -C testfloat/powerpc-linux-gcc/ CC="${CC}" EXTRA_CFLAGS="-DTEST_KERNEL_EMU"
+}
+
+do_install(){
+    install -d ${D}/${bindir}
+    install testfloat/powerpc-linux-gcc/testfloat ${D}/${bindir}
+    install testfloat/powerpc-linux-gcc/testsoftfloat ${D}/${bindir}
+}
+
+COMPATIBLE_HOST_e500v2 = ".*"
+COMPATIBLE_HOST ?= "(none)"
+
diff --git a/recipes-extended/web-sysmon/web-sysmon_git.bb b/recipes-extended/web-sysmon/web-sysmon_git.bb
new file mode 100644
index 0000000..84f60d5
--- /dev/null
+++ b/recipes-extended/web-sysmon/web-sysmon_git.bb
@@ -0,0 +1,23 @@
+DESCRIPTION = "Web System Monitor Files"
+SECTION = "web-sysmon"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e"
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/web-sysmon-dev.git;nobranch=1"
+SRCREV = "8d0c6eca1113832fabe917fd0cb25abe2d4d7157"
+
+inherit update-rc.d
+
+S = "${WORKDIR}/git"
+
+RDEPENDS_${PN} = "lighttpd"
+
+EXTRA_OEMAKE += "D=${D}"
+do_install () {
+        oe_runmake install
+}
+
+FILES_${PN} += "/"
+
+INITSCRIPT_NAME = "web-sysmon.sh"
+INITSCRIPT_PARAMS = "defaults 99 20"
diff --git a/recipes-graphics/xorg-driver/xf86-video-fbdev_0.4.2.bb b/recipes-graphics/xorg-driver/xf86-video-fbdev_0.4.2.bb
new file mode 100644
index 0000000..038c421
--- /dev/null
+++ b/recipes-graphics/xorg-driver/xf86-video-fbdev_0.4.2.bb
@@ -0,0 +1,11 @@
+require xorg-driver-video.inc
+LIC_FILES_CHKSUM = "file://COPYING;md5=d8cbd99fff773f92e844948f74ef0df8"
+
+DESCRIPTION = "X.Org X server -- fbdev display driver"
+PE = "1"
+PR = "${INC_PR}.1"
+
+DEPENDS += "virtual/xserver"
+
+SRC_URI[md5sum] = "53a533d9e0c2da50962282526bace074"
+SRC_URI[sha256sum] = "93b271b4b41d7e5ca108849a583b9523e96c51813d046282285355b7001f82d5"
diff --git a/recipes-graphics/xorg-driver/xorg-driver-common.inc b/recipes-graphics/xorg-driver/xorg-driver-common.inc
new file mode 100644
index 0000000..c0f4a15
--- /dev/null
+++ b/recipes-graphics/xorg-driver/xorg-driver-common.inc
@@ -0,0 +1,40 @@
+DESCRIPTION = "X driver"
+HOMEPAGE = "http://www.x.org"
+SECTION = "x11/drivers"
+LICENSE = "MIT-X"
+INC_PR = "r15"
+
+DEPENDS = "randrproto virtual/xserver-xf86 xproto"
+
+SRC_URI = "${XORG_MIRROR}/individual/driver/${BPN}-${PV}.tar.bz2"
+
+S = "${WORKDIR}/${BPN}-${PV}"
+
+FILES_${PN} += " ${libdir}/xorg/modules"
+FILES_${PN}-dbg +=  "${libdir}/xorg/modules/*/.debug"
+
+inherit autotools pkgconfig
+
+TARGET_CPPFLAGS += "-I${STAGING_DIR_HOST}/usr/include/xorg"
+
+# Another sucky behavor from Xorg configure scripts.
+# They use AC_CHECK_FILE to check for DRI headers. Yuck!
+# Of course this will blow up when cross compiling.
+
+do_configure_prepend() {
+        incdir=${layout_includedir}/xorg
+        for f in dri.h sarea.h dristruct.h exa.h damage.h xf86Module.h; do
+                path="$incdir/$f"
+                if [ -f "${STAGING_DIR_HOST}/$path" ]; then
+                        p=`echo "$path" | sed 'y%*+%pp%;s%[^_[:alnum:]]%_%g'`
+                        eval "export ac_cv_file_$p=yes"
+                fi
+        done
+}
+
+# FIXME: We don't want to include the libtool archives (*.la) from modules
+# directory, as they serve no useful purpose. Upstream should fix Makefile.am
+do_install_append() {
+        find ${D}${libdir}/xorg/modules -regex ".*\.la$" | xargs rm -f --
+}
+
diff --git a/recipes-graphics/xorg-driver/xorg-driver-video.inc b/recipes-graphics/xorg-driver/xorg-driver-video.inc
new file mode 100644
index 0000000..bce8c9a
--- /dev/null
+++ b/recipes-graphics/xorg-driver/xorg-driver-video.inc
@@ -0,0 +1,4 @@
+include xorg-driver-common.inc
+
+DEPENDS = "randrproto renderproto videoproto xextproto fontsproto xproto"
+
diff --git a/recipes-graphics/xorg-xserver/xserver-xf86-config/p1022ds/xorg.conf b/recipes-graphics/xorg-xserver/xserver-xf86-config/p1022ds/xorg.conf
new file mode 100644
index 0000000..57f284e
--- /dev/null
+++ b/recipes-graphics/xorg-xserver/xserver-xf86-config/p1022ds/xorg.conf
@@ -0,0 +1,27 @@
+Section "Screen"
+           Identifier      "Builtin Default fbdev Screen 0"
+           Device  "Builtin Default fbdev Device 0"
+EndSection
+
+Section "ServerLayout"
+           Identifier      "Builtin Default Layout"
+           Screen  "Builtin Default fbdev Screen 0"
+EndSection
+
+Section "ServerFlags"
+        Option          "DontZap"  "0"
+EndSection
+
+Section "InputClass"
+        Identifier "keyboard-all"
+        Driver "evdev"
+        MatchIsKeyboard "on"
+EndSection
+
+
+Section "InputClass"
+       Identifier "mouse-all"
+       Driver "evdev"
+       MatchIsPointer "on"
+EndSection
+
diff --git a/recipes-graphics/xorg-xserver/xserver-xf86-config_%.bbappend b/recipes-graphics/xorg-xserver/xserver-xf86-config_%.bbappend
new file mode 100644
index 0000000..6d4804d
--- /dev/null
+++ b/recipes-graphics/xorg-xserver/xserver-xf86-config_%.bbappend
@@ -0,0 +1,2 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+
diff --git a/recipes-kernel/asf/asf_git.bb b/recipes-kernel/asf/asf_git.bb
new file mode 100644
index 0000000..8070f5a
--- /dev/null
+++ b/recipes-kernel/asf/asf_git.bb
@@ -0,0 +1,29 @@
+DESCRIPTION = "Non-DPAA software Application Specific Fast-path"
+SECTION = "asf"
+LICENSE = "GPLv2 & GPLv2+ & BSD"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b5881ecf398da8a03a3f4c501e29d287"
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/asf.git;nobranch=1"
+SRCREV = "16eb472d6b2b34c8b605a86c469611bc8ddec1c9"
+
+
+inherit module qoriq_build_64bit_kernel
+
+S = "${WORKDIR}/git/asfmodule"
+
+EXTRA_OEMAKE = "CROSS_COMPILE=${TARGET_PREFIX}"
+export KERNEL_PATH = "${STAGING_KERNEL_DIR}"
+
+INHIBIT_PACKAGE_STRIP = "1"
+
+do_install(){
+    install -d ${D}/${libexecdir} 
+    install -d ${D}/lib/modules/${KERNEL_VERSION}/asf
+    cp -rf ${S}/bin/full ${D}/lib/modules/${KERNEL_VERSION}/asf 
+    cp -rf ${S}/bin/min  ${D}/lib/modules/${KERNEL_VERSION}/asf
+    cp -rf ${S}/../scripts ${D}/${libexecdir}/
+}
+
+FILES_${PN} += "${libexecdir} /lib/modules/${KERNEL_VERSION}/asf"
+RDEPENDS_${PN} += "ipsec-tools"
+
diff --git a/recipes-kernel/auto-resp/ar_git.bb b/recipes-kernel/auto-resp/ar_git.bb
new file mode 100644
index 0000000..81a94a0
--- /dev/null
+++ b/recipes-kernel/auto-resp/ar_git.bb
@@ -0,0 +1,25 @@
+SUMMARY = "Auto Response Control Module"
+LICENSE = "GPLv2 & BSD"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b5881ecf398da8a03a3f4c501e29d287"
+
+inherit module
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/auto-resp.git;branch=sdk-v1.7.x"
+SRCREV =  "dbede76fb4020a370baa393f7c53af4c0db8f175"
+
+S = "${WORKDIR}/git"
+
+EXTRA_OEMAKE = "CROSS_COMPILE=${TARGET_PREFIX} SYSROOT=${STAGING_DIR_TARGET}"
+export KERNEL_PATH
+
+INHIBIT_PACKAGE_STRIP = "1"
+
+do_install(){
+        install -d ${D}/lib/modules/${KERNEL_VERSION}
+        install -d ${D}${bindir}
+        install -m 644 ${B}/bin/ar.ko ${D}/lib/modules/${KERNEL_VERSION}/
+        cp -f ${S}/bin/ar_* ${D}${bindir}/ 
+}
+
+FILES_${PN} += "${bindir}/"
+
diff --git a/recipes-kernel/ceetm/ceetm_git.bb b/recipes-kernel/ceetm/ceetm_git.bb
new file mode 100644
index 0000000..266261e
--- /dev/null
+++ b/recipes-kernel/ceetm/ceetm_git.bb
@@ -0,0 +1,25 @@
+DESCRIPTION = "CEETM TC QDISC"
+LICENSE = "GPLv2 & BSD"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b5881ecf398da8a03a3f4c501e29d287"
+
+DEPENDS="virtual/kernel"
+
+inherit module qoriq_build_64bit_kernel
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/ceetm.git;nobranch=1"
+SRCREV =  "ecf55c9ca0cd42a212653e1f99c19cd611e3a008"
+
+S = "${WORKDIR}/git"
+
+EXTRA_OEMAKE = "CROSS_COMPILE=${TARGET_PREFIX} SYSROOT=${STAGING_DIR_TARGET}"
+export KERNEL_PATH = "${STAGING_KERNEL_DIR}"
+
+do_install(){
+        mkdir -p ${D}/usr/driver/ceetm
+        mkdir -p ${D}/${libdir}/tc
+        cp ${S}/bin/ceetm.ko ${D}/usr/driver/ceetm
+        cp ${S}/bin/q_ceetm.so ${D}/${libdir}/tc/.
+}
+
+FILES_${PN} += "/usr/driver/ceetm ${libdir}/tc"
+INHIBIT_PACKAGE_STRIP = "1"
diff --git a/recipes-kernel/cryptodev/cryptodev-fsl.inc b/recipes-kernel/cryptodev/cryptodev-fsl.inc
new file mode 100644
index 0000000..e32e350
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-fsl.inc
@@ -0,0 +1,17 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/cryptodev-fsl:"
+
+SRC_URI_qoriq-ppc = "git://github.com/cryptodev-linux/cryptodev-linux.git \
+        file://0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch \
+        file://0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch \
+        file://0003-PKC-support-added-in-cryptodev-module.patch \
+        file://0004-Compat-versions-of-PKC-IOCTLs.patch \
+        file://0005-Asynchronous-interface-changes-in-cryptodev.patch \
+        file://0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch \
+        file://0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch \
+        file://0008-Add-RSA-Key-generation-offloading.patch \
+        file://0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch \
+"
+SRCREV_qoriq-ppc = "6aa62a2c320b04f55fdfe0ed015c3d9b48997239"
+
+S_qoriq-ppc = "${WORKDIR}/git"
+
diff --git a/recipes-kernel/cryptodev/cryptodev-fsl/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch b/recipes-kernel/cryptodev/cryptodev-fsl/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch
new file mode 100644
index 0000000..796e548
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-fsl/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch
@@ -0,0 +1,52 @@
+From 715ade8236f40cf811c39f9538dfd60803967fcd Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Thu, 29 Aug 2013 16:52:30 +0300
+Subject: [PATCH 1/9] add support for composite TLS10(SHA1,AES) algorithm
+ offload
+
+This adds support for composite algorithm offload as a primitive
+crypto (cipher + hmac) operation.
+
+It requires kernel support for tls10(hmac(sha1),cbc(aes)) algorithm
+provided either in software or accelerated by hardware such as
+Freescale B*, P* and T* platforms.
+
+Change-Id: Ia1c605da3860e91e681295dfc8df7c09eb4006cf
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/17218
+---
+ crypto/cryptodev.h | 1 +
+ ioctl.c            | 5 +++++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
+index 7fb9c7d..c0e8cd4 100644
+--- a/crypto/cryptodev.h
++++ b/crypto/cryptodev.h
+@@ -50,6 +50,7 @@ enum cryptodev_crypto_op_t {
+        CRYPTO_SHA2_384,
+        CRYPTO_SHA2_512,
+        CRYPTO_SHA2_224_HMAC,
++       CRYPTO_TLS10_AES_CBC_HMAC_SHA1,
+        CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
+ };
+ 
+diff --git a/ioctl.c b/ioctl.c
+index 5a55a76..f9b9b2e 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -159,6 +159,11 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
+                stream = 1;
+                aead = 1;
+                break;
++       case CRYPTO_TLS10_AES_CBC_HMAC_SHA1:
++               alg_name = "tls10(hmac(sha1),cbc(aes))";
++               stream = 0;
++               aead = 1;
++               break;
+        case CRYPTO_NULL:
+                alg_name = "ecb(cipher_null)";
+                stream = 1;
+-- 
+1.8.3.1
+
diff --git a/recipes-kernel/cryptodev/cryptodev-fsl/0001-don-t-advertise-RSA-keygen.patch b/recipes-kernel/cryptodev/cryptodev-fsl/0001-don-t-advertise-RSA-keygen.patch
new file mode 100644
index 0000000..3d7c608
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-fsl/0001-don-t-advertise-RSA-keygen.patch
@@ -0,0 +1,32 @@
+From b6e2a3747e3cffdf3cc515b0ce35d6bcdcb051c5 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Tue, 9 Dec 2014 16:41:25 +0200
+Subject: [PATCH] don't advertise RSA keygen
+
+This is supposed to avoid RSA keygen operations when they are not
+available. Since no testing can be done, the patch should be applied
+selectively (for example when offloading through pkc driver on C293)
+
+Change-Id: I60765f46fd7a39053d42e075d2ec71b032b2ed8a
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ ioctl.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/ioctl.c b/ioctl.c
+index e907167..3239093 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -961,8 +961,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+        case CIOCASYMFEAT:
+                return put_user(CRF_MOD_EXP_CRT |  CRF_MOD_EXP | CRF_DSA_SIGN |
+                        CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY |
+-                       CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY |
+-                       CRF_RSA_GENERATE_KEY, p);
++                       CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p);
+        case CRIOGET:
+                fd = clonefd(filp);
+                ret = put_user(fd, p);
+-- 
+2.2.0
+
diff --git a/recipes-kernel/cryptodev/cryptodev-fsl/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch b/recipes-kernel/cryptodev/cryptodev-fsl/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch
new file mode 100644
index 0000000..086a97f
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-fsl/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch
@@ -0,0 +1,207 @@
+From 4b766c93e4ee19248dd66bbebb61fb5cc9c8a012 Mon Sep 17 00:00:00 2001
+From: Horia Geanta <horia.geanta@freescale.com>
+Date: Wed, 4 Dec 2013 15:43:41 +0200
+Subject: [PATCH 2/9] add support for COMPAT_CIOCAUTHCRYPT ioctl()
+
+Upstream-status: Pending
+
+Needed for 64b kernel with 32b user space.
+
+Change-Id: I44a999a4164e7ae7122dee6ed0716b2f25cadbc1
+Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ authenc.c       | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ cryptodev_int.h | 40 +++++++++++++++++++++++++++++
+ ioctl.c         | 16 ++++++++++++
+ 3 files changed, 134 insertions(+)
+
+diff --git a/authenc.c b/authenc.c
+index 1bd7377..ef0d3db 100644
+--- a/authenc.c
++++ b/authenc.c
+@@ -272,6 +272,84 @@ static int fill_caop_from_kcaop(struct kernel_crypt_auth_op *kcaop, struct fcryp
+        return 0;
+ }
+ 
++/* compatibility code for 32bit userlands */
++#ifdef CONFIG_COMPAT
++
++static inline void
++compat_to_crypt_auth_op(struct compat_crypt_auth_op *compat,
++                       struct crypt_auth_op *caop)
++{
++       caop->ses = compat->ses;
++       caop->op = compat->op;
++       caop->flags = compat->flags;
++       caop->len = compat->len;
++       caop->auth_len = compat->auth_len;
++       caop->tag_len = compat->tag_len;
++       caop->iv_len = compat->iv_len;
++
++       caop->auth_src = compat_ptr(compat->auth_src);
++       caop->src = compat_ptr(compat->src);
++       caop->dst = compat_ptr(compat->dst);
++       caop->tag = compat_ptr(compat->tag);
++       caop->iv = compat_ptr(compat->iv);
++}
++
++static inline void
++crypt_auth_op_to_compat(struct crypt_auth_op *caop,
++                       struct compat_crypt_auth_op *compat)
++{
++       compat->ses = caop->ses;
++       compat->op = caop->op;
++       compat->flags = caop->flags;
++       compat->len = caop->len;
++       compat->auth_len = caop->auth_len;
++       compat->tag_len = caop->tag_len;
++       compat->iv_len = caop->iv_len;
++
++       compat->auth_src = ptr_to_compat(caop->auth_src);
++       compat->src = ptr_to_compat(caop->src);
++       compat->dst = ptr_to_compat(caop->dst);
++       compat->tag = ptr_to_compat(caop->tag);
++       compat->iv = ptr_to_compat(caop->iv);
++}
++
++int compat_kcaop_from_user(struct kernel_crypt_auth_op *kcaop,
++                               struct fcrypt *fcr, void __user *arg)
++{
++       struct compat_crypt_auth_op compat_caop;
++
++       if (unlikely(copy_from_user(&compat_caop, arg, sizeof(compat_caop)))) {
++               dprintk(1, KERN_ERR, "Error in copying from userspace\n");
++               return -EFAULT;
++       }
++
++       compat_to_crypt_auth_op(&compat_caop, &kcaop->caop);
++
++       return fill_kcaop_from_caop(kcaop, fcr);
++}
++
++int compat_kcaop_to_user(struct kernel_crypt_auth_op *kcaop,
++                               struct fcrypt *fcr, void __user *arg)
++{
++       int ret;
++       struct compat_crypt_auth_op compat_caop;
++
++       ret = fill_caop_from_kcaop(kcaop, fcr);
++       if (unlikely(ret)) {
++               dprintk(1, KERN_ERR, "fill_caop_from_kcaop\n");
++               return ret;
++       }
++
++       crypt_auth_op_to_compat(&kcaop->caop, &compat_caop);
++
++       if (unlikely(copy_to_user(arg, &compat_caop, sizeof(compat_caop)))) {
++               dprintk(1, KERN_ERR, "Error in copying to userspace\n");
++               return -EFAULT;
++       }
++       return 0;
++}
++
++#endif /* CONFIG_COMPAT */
+ 
+ int kcaop_from_user(struct kernel_crypt_auth_op *kcaop,
+                        struct fcrypt *fcr, void __user *arg)
+diff --git a/cryptodev_int.h b/cryptodev_int.h
+index d7660fa..8e687e7 100644
+--- a/cryptodev_int.h
++++ b/cryptodev_int.h
+@@ -73,11 +73,42 @@ struct compat_crypt_op {
+        compat_uptr_t   iv;/* initialization vector for encryption operations */
+ };
+ 
++ /* input of CIOCAUTHCRYPT */
++struct compat_crypt_auth_op {
++       uint32_t        ses;            /* session identifier */
++       uint16_t        op;             /* COP_ENCRYPT or COP_DECRYPT */
++       uint16_t        flags;          /* see COP_FLAG_AEAD_* */
++       uint32_t        len;            /* length of source data */
++       uint32_t        auth_len;       /* length of auth data */
++       compat_uptr_t   auth_src;       /* authenticated-only data */
++
++       /* The current implementation is more efficient if data are
++        * encrypted in-place (src==dst). */
++       compat_uptr_t   src;            /* data to be encrypted and
++       authenticated */
++       compat_uptr_t   dst;            /* pointer to output data. Must have
++                                        * space for tag. For TLS this should be
++                                        * at least len + tag_size + block_size
++                                        * for padding */
++
++       compat_uptr_t   tag;            /* where the tag will be copied to. TLS
++                                        * mode doesn't use that as tag is
++                                        * copied to dst.
++                                        * SRTP mode copies tag there. */
++       uint32_t        tag_len;        /* the length of the tag. Use zero for
++                                        * digest size or max tag. */
++
++       /* initialization vector for encryption operations */
++       compat_uptr_t   iv;
++       uint32_t        iv_len;
++};
++
+ /* compat ioctls, defined for the above structs */
+ #define COMPAT_CIOCGSESSION    _IOWR('c', 102, struct compat_session_op)
+ #define COMPAT_CIOCCRYPT       _IOWR('c', 104, struct compat_crypt_op)
+ #define COMPAT_CIOCASYNCCRYPT  _IOW('c', 107, struct compat_crypt_op)
+ #define COMPAT_CIOCASYNCFETCH  _IOR('c', 108, struct compat_crypt_op)
++#define COMPAT_CIOCAUTHCRYPT   _IOWR('c', 109, struct compat_crypt_auth_op)
+ 
+ #endif /* CONFIG_COMPAT */
+ 
+@@ -108,6 +139,15 @@ struct kernel_crypt_auth_op {
+ 
+ /* auth */
+ 
++#ifdef CONFIG_COMPAT
++int compat_kcaop_from_user(struct kernel_crypt_auth_op *kcaop,
++                               struct fcrypt *fcr, void __user *arg);
++
++int compat_kcaop_to_user(struct kernel_crypt_auth_op *kcaop,
++                               struct fcrypt *fcr, void __user *arg);
++#endif /* CONFIG_COMPAT */
++
++
+ int kcaop_from_user(struct kernel_crypt_auth_op *kcop,
+                        struct fcrypt *fcr, void __user *arg);
+ int kcaop_to_user(struct kernel_crypt_auth_op *kcaop,
+diff --git a/ioctl.c b/ioctl.c
+index f9b9b2e..1563c75 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -998,6 +998,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
+        struct session_op sop;
+        struct compat_session_op compat_sop;
+        struct kernel_crypt_op kcop;
++       struct kernel_crypt_auth_op kcaop;
+        int ret;
+ 
+        if (unlikely(!pcr))
+@@ -1040,6 +1041,21 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
+                        return ret;
+ 
+                return compat_kcop_to_user(&kcop, fcr, arg);
++
++       case COMPAT_CIOCAUTHCRYPT:
++               if (unlikely(ret = compat_kcaop_from_user(&kcaop, fcr, arg))) {
++                       dprintk(1, KERN_WARNING, "Error copying from user\n");
++                       return ret;
++               }
++
++               ret = crypto_auth_run(fcr, &kcaop);
++               if (unlikely(ret)) {
++                       dprintk(1, KERN_WARNING, "Error in crypto_auth_run\n");
++                       return ret;
++               }
++
++               return compat_kcaop_to_user(&kcaop, fcr, arg);
++
+ #ifdef ENABLE_ASYNC
+        case COMPAT_CIOCASYNCCRYPT:
+                if (unlikely(ret = compat_kcop_from_user(&kcop, fcr, arg)))
+-- 
+1.8.3.1
+
diff --git a/recipes-kernel/cryptodev/cryptodev-fsl/0003-PKC-support-added-in-cryptodev-module.patch b/recipes-kernel/cryptodev/cryptodev-fsl/0003-PKC-support-added-in-cryptodev-module.patch
new file mode 100644
index 0000000..a4f7816
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-fsl/0003-PKC-support-added-in-cryptodev-module.patch
@@ -0,0 +1,898 @@
+From 5b57fc2124cef0acc3c7e8de376ebd9aa4f1fdd3 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Fri, 7 Mar 2014 06:16:09 +0545
+Subject: [PATCH 3/9] PKC support added in cryptodev module
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ cryptlib.c         |  66 +++++++++-
+ cryptlib.h         |  28 ++++
+ crypto/cryptodev.h |  15 ++-
+ cryptodev_int.h    |  20 ++-
+ ioctl.c            | 196 +++++++++++++++++++++++++--
+ main.c             | 378 +++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 6 files changed, 685 insertions(+), 18 deletions(-)
+
+diff --git a/cryptlib.c b/cryptlib.c
+index 44ce763..6900028 100644
+--- a/cryptlib.c
++++ b/cryptlib.c
+@@ -5,6 +5,8 @@
+  * Portions Copyright (c) 2010 Michael Weiser
+  * Portions Copyright (c) 2010 Phil Sutter
+  *
++ * Copyright 2012 Freescale Semiconductor, Inc.
++ *
+  * This file is part of linux cryptodev.
+  *
+  * This program is free software; you can redistribute it and/or
+@@ -39,11 +41,6 @@
+ #include "cryptodev_int.h"
+ 
+ 
+-struct cryptodev_result {
+-       struct completion completion;
+-       int err;
+-};
+-
+ static void cryptodev_complete(struct crypto_async_request *req, int err)
+ {
+        struct cryptodev_result *res = req->data;
+@@ -259,7 +256,6 @@ static inline int waitfor(struct cryptodev_result *cr, ssize_t ret)
+        case 0:
+                break;
+        case -EINPROGRESS:
+-       case -EBUSY:
+                wait_for_completion(&cr->completion);
+                /* At this point we known for sure the request has finished,
+                 * because wait_for_completion above was not interruptible.
+@@ -439,3 +435,61 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output)
+        return waitfor(hdata->async.result, ret);
+ }
+ 
++int cryptodev_pkc_offload(struct cryptodev_pkc  *pkc)
++{
++       int ret = 0;
++       struct pkc_request *pkc_req = &pkc->req, *pkc_requested;
++
++       switch (pkc_req->type) {
++       case RSA_PUB:
++       case RSA_PRIV_FORM1:
++       case RSA_PRIV_FORM2:
++       case RSA_PRIV_FORM3:
++               pkc->s = crypto_alloc_pkc("pkc(rsa)",
++                        CRYPTO_ALG_TYPE_PKC_RSA, 0);
++               break;
++       case DSA_SIGN:
++       case DSA_VERIFY:
++       case ECDSA_SIGN:
++       case ECDSA_VERIFY:
++               pkc->s = crypto_alloc_pkc("pkc(dsa)",
++                        CRYPTO_ALG_TYPE_PKC_DSA, 0);
++               break;
++       case DH_COMPUTE_KEY:
++       case ECDH_COMPUTE_KEY:
++               pkc->s = crypto_alloc_pkc("pkc(dh)",
++                        CRYPTO_ALG_TYPE_PKC_DH, 0);
++               break;
++       default:
++               return -EINVAL;
++       }
++
++       if (IS_ERR_OR_NULL(pkc->s))
++               return -EINVAL;
++
++       init_completion(&pkc->result.completion);
++       pkc_requested = pkc_request_alloc(pkc->s, GFP_KERNEL);
++
++       if (unlikely(IS_ERR_OR_NULL(pkc_requested))) {
++               ret = -ENOMEM;
++               goto error;
++       }
++       pkc_requested->type = pkc_req->type;
++       pkc_requested->curve_type = pkc_req->curve_type;
++       memcpy(&pkc_requested->req_u, &pkc_req->req_u, sizeof(pkc_req->req_u));
++       pkc_request_set_callback(pkc_requested, CRYPTO_TFM_REQ_MAY_BACKLOG,
++                                cryptodev_complete_asym, pkc);
++       ret = crypto_pkc_op(pkc_requested);
++       if (ret != -EINPROGRESS && ret != 0)
++               goto error2;
++
++       if (pkc->type == SYNCHRONOUS)
++               ret = waitfor(&pkc->result, ret);
++
++       return ret;
++error2:
++       kfree(pkc_requested);
++error:
++       crypto_free_pkc(pkc->s);
++       return ret;
++}
+diff --git a/cryptlib.h b/cryptlib.h
+index a0a8a63..56d325a 100644
+--- a/cryptlib.h
++++ b/cryptlib.h
+@@ -1,3 +1,6 @@
++/*
++ * Copyright 2012 Freescale Semiconductor, Inc.
++ */
+ #ifndef CRYPTLIB_H
+ # define CRYPTLIB_H
+ 
+@@ -89,5 +92,30 @@ void cryptodev_hash_deinit(struct hash_data *hdata);
+ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name,
+                        int hmac_mode, void *mackey, size_t mackeylen);
+ 
++/* Operation Type */
++enum offload_type {
++       SYNCHRONOUS,
++       ASYNCHRONOUS
++};
++
++struct cryptodev_result {
++       struct completion completion;
++       int err;
++};
++
++struct cryptodev_pkc {
++       struct list_head list; /* To maintain the Jobs in completed
++                                cryptodev lists */
++       struct kernel_crypt_kop kop;
++       struct crypto_pkc *s;    /* Transform pointer from CryptoAPI */
++       struct cryptodev_result result; /* Result to be updated by
++                                        completion handler */
++       struct pkc_request req; /* PKC request structure allocated
++                                from CryptoAPI */
++       enum offload_type type; /* Synchronous Vs Asynchronous request */
++       void *cookie; /*Additional opaque cookie to be used in future */
++       struct crypt_priv *priv;
++};
+ 
++int cryptodev_pkc_offload(struct cryptodev_pkc  *);
+ #endif
+diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
+index c0e8cd4..96675fe 100644
+--- a/crypto/cryptodev.h
++++ b/crypto/cryptodev.h
+@@ -1,6 +1,10 @@
+-/* This is a source compatible implementation with the original API of
++/*
++ * Copyright 2012 Freescale Semiconductor, Inc.
++ *
++ * This is a source compatible implementation with the original API of
+  * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h.
+- * Placed under public domain */
++ * Placed under public domain
++ */
+ 
+ #ifndef L_CRYPTODEV_H
+ #define L_CRYPTODEV_H
+@@ -245,6 +249,9 @@ struct crypt_kop {
+        __u16   crk_oparams;
+        __u32   crk_pad1;
+        struct crparam  crk_param[CRK_MAXPARAM];
++       enum curve_t curve_type; /* 0 == Discrete Log,
++                               1 = EC_PRIME, 2 = EC_BINARY */
++       void *cookie;
+ };
+ 
+ enum cryptodev_crk_op_t {
+@@ -289,5 +296,7 @@ enum cryptodev_crk_op_t {
+  */
+ #define CIOCASYNCCRYPT    _IOW('c', 110, struct crypt_op)
+ #define CIOCASYNCFETCH    _IOR('c', 111, struct crypt_op)
+-
++/* additional ioctls for asynchronous  operation for asymmetric ciphers*/
++#define CIOCASYMASYNCRYPT    _IOW('c', 112, struct crypt_kop)
++#define CIOCASYMASYNFETCH    _IOR('c', 113, struct crypt_kop)
+ #endif /* L_CRYPTODEV_H */
+diff --git a/cryptodev_int.h b/cryptodev_int.h
+index 8e687e7..fdbcc61 100644
+--- a/cryptodev_int.h
++++ b/cryptodev_int.h
+@@ -1,4 +1,6 @@
+-/* cipher stuff */
++/* cipher stuff
++ * Copyright 2012 Freescale Semiconductor, Inc.
++ */
+ #ifndef CRYPTODEV_INT_H
+ # define CRYPTODEV_INT_H
+ 
+@@ -112,6 +114,14 @@ struct compat_crypt_auth_op {
+ 
+ #endif /* CONFIG_COMPAT */
+ 
++/* kernel-internal extension to struct crypt_kop */
++struct kernel_crypt_kop {
++       struct crypt_kop kop;
++
++       struct task_struct *task;
++       struct mm_struct *mm;
++};
++
+ /* kernel-internal extension to struct crypt_op */
+ struct kernel_crypt_op {
+        struct crypt_op cop;
+@@ -157,6 +167,14 @@ int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop);
+ 
+ #include <cryptlib.h>
+ 
++/* Cryptodev Key operation handler */
++int crypto_bn_modexp(struct cryptodev_pkc *);
++int crypto_modexp_crt(struct cryptodev_pkc *);
++int crypto_kop_dsasign(struct cryptodev_pkc *);
++int crypto_kop_dsaverify(struct cryptodev_pkc *);
++int crypto_run_asym(struct cryptodev_pkc *);
++void cryptodev_complete_asym(struct crypto_async_request *, int);
++
+ /* other internal structs */
+ struct csession {
+        struct list_head entry;
+diff --git a/ioctl.c b/ioctl.c
+index 1563c75..782d7fe 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -4,6 +4,7 @@
+  * Copyright (c) 2004 Michal Ludvig <mludvig@logix.net.nz>, SuSE Labs
+  * Copyright (c) 2009,2010,2011 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+  * Copyright (c) 2010 Phil Sutter
++ * Copyright 2012 Freescale Semiconductor, Inc.
+  *
+  * This file is part of linux cryptodev.
+  *
+@@ -89,8 +90,37 @@ struct crypt_priv {
+        int itemcount;
+        struct work_struct cryptask;
+        wait_queue_head_t user_waiter;
++       /* List of pending cryptodev_pkc asym requests */
++       struct list_head asym_completed_list;
++       /* For addition/removal of entry in pending list of asymmetric request*/
++       spinlock_t completion_lock;
+ };
+ 
++/* Asymmetric request Completion handler */
++void cryptodev_complete_asym(struct crypto_async_request *req, int err)
++{
++       struct cryptodev_pkc *pkc = req->data;
++       struct cryptodev_result *res = &pkc->result;
++
++       crypto_free_pkc(pkc->s);
++       res->err = err;
++       if (pkc->type == SYNCHRONOUS) {
++               if (err == -EINPROGRESS)
++                       return;
++               complete(&res->completion);
++       } else {
++               struct crypt_priv *pcr = pkc->priv;
++               unsigned long flags;
++               spin_lock_irqsave(&pcr->completion_lock, flags);
++               list_add_tail(&pkc->list, &pcr->asym_completed_list);
++               spin_unlock_irqrestore(&pcr->completion_lock, flags);
++               /* wake for POLLIN */
++               wake_up_interruptible(&pcr->user_waiter);
++       }
++
++       kfree(req);
++}
++
+ #define FILL_SG(sg, ptr, len)                                  \
+        do {                                                    \
+                (sg)->page = virt_to_page(ptr);                 \
+@@ -472,7 +502,8 @@ cryptodev_open(struct inode *inode, struct file *filp)
+        INIT_LIST_HEAD(&pcr->free.list);
+        INIT_LIST_HEAD(&pcr->todo.list);
+        INIT_LIST_HEAD(&pcr->done.list);
+-
++       INIT_LIST_HEAD(&pcr->asym_completed_list);
++       spin_lock_init(&pcr->completion_lock);
+        INIT_WORK(&pcr->cryptask, cryptask_routine);
+ 
+        init_waitqueue_head(&pcr->user_waiter);
+@@ -639,6 +670,79 @@ static int crypto_async_fetch(struct crypt_priv *pcr,
+ }
+ #endif
+ 
++/* get the first asym cipher completed job from the "done" queue
++ *
++ * returns:
++ * -EBUSY if no completed jobs are ready (yet)
++ * the return value otherwise */
++static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
++{
++       int ret = 0;
++       struct kernel_crypt_kop *kop = &pkc->kop;
++       struct crypt_kop *ckop = &kop->kop;
++       struct pkc_request *pkc_req = &pkc->req;
++
++       switch (ckop->crk_op) {
++       case CRK_MOD_EXP:
++       {
++               struct rsa_pub_req_s *rsa_req = &pkc_req->req_u.rsa_pub_req;
++               copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g,
++                            rsa_req->g_len);
++       }
++       break;
++       case CRK_MOD_EXP_CRT:
++       {
++               struct rsa_priv_frm3_req_s *rsa_req =
++                        &pkc_req->req_u.rsa_priv_f3;
++               copy_to_user(ckop->crk_param[6].crp_p,
++                            rsa_req->f, rsa_req->f_len);
++       }
++       break;
++       case CRK_DSA_SIGN:
++       {
++               struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign;
++
++               if (pkc_req->type == ECDSA_SIGN) {
++                       copy_to_user(ckop->crk_param[6].crp_p,
++                                    dsa_req->c, dsa_req->d_len);
++                       copy_to_user(ckop->crk_param[7].crp_p,
++                                    dsa_req->d, dsa_req->d_len);
++               } else {
++                       copy_to_user(ckop->crk_param[5].crp_p,
++                                    dsa_req->c, dsa_req->d_len);
++                       copy_to_user(ckop->crk_param[6].crp_p,
++                                    dsa_req->d, dsa_req->d_len);
++               }
++       }
++       break;
++       case CRK_DSA_VERIFY:
++               break;
++       case CRK_DH_COMPUTE_KEY:
++       {
++               struct dh_key_req_s *dh_req = &pkc_req->req_u.dh_req;
++               if (pkc_req->type == ECDH_COMPUTE_KEY)
++                       copy_to_user(ckop->crk_param[4].crp_p,
++                                    dh_req->z, dh_req->z_len);
++               else
++                       copy_to_user(ckop->crk_param[3].crp_p,
++                                    dh_req->z, dh_req->z_len);
++       }
++       break;
++       default:
++               ret = -EINVAL;
++       }
++       kfree(pkc->cookie);
++       return ret;
++}
++
++/* this function has to be called from process context */
++static int fill_kop_from_cop(struct kernel_crypt_kop *kop)
++{
++       kop->task = current;
++       kop->mm = current->mm;
++       return 0;
++}
++
+ /* this function has to be called from process context */
+ static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr)
+ {
+@@ -662,11 +766,8 @@ static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr)
+ 
+        if (cop->iv) {
+                rc = copy_from_user(kcop->iv, cop->iv, kcop->ivlen);
+-               if (unlikely(rc)) {
+-                       derr(1, "error copying IV (%d bytes), copy_from_user returned %d for address %p",
+-                                       kcop->ivlen, rc, cop->iv);
++               if (unlikely(rc))
+                        return -EFAULT;
+-               }
+        }
+ 
+        return 0;
+@@ -692,6 +793,25 @@ static int fill_cop_from_kcop(struct kernel_crypt_op *kcop, struct fcrypt *fcr)
+        return 0;
+ }
+ 
++static int kop_from_user(struct kernel_crypt_kop *kop,
++                       void __user *arg)
++{
++       if (unlikely(copy_from_user(&kop->kop, arg, sizeof(kop->kop))))
++               return -EFAULT;
++
++       return fill_kop_from_cop(kop);
++}
++
++static int kop_to_user(struct kernel_crypt_kop *kop,
++                       void __user *arg)
++{
++       if (unlikely(copy_to_user(arg, &kop->kop, sizeof(kop->kop)))) {
++               dprintk(1, KERN_ERR, "Cannot copy to userspace\n");
++               return -EFAULT;
++       }
++       return 0;
++}
++
+ static int kcop_from_user(struct kernel_crypt_op *kcop,
+                        struct fcrypt *fcr, void __user *arg)
+ {
+@@ -821,7 +941,8 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+ 
+        switch (cmd) {
+        case CIOCASYMFEAT:
+-               return put_user(0, p);
++               return put_user(CRF_MOD_EXP_CRT |  CRF_MOD_EXP |
++                       CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY, p);
+        case CRIOGET:
+                fd = clonefd(filp);
+                ret = put_user(fd, p);
+@@ -857,6 +978,24 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+                if (unlikely(ret))
+                        return ret;
+                return copy_to_user(arg, &siop, sizeof(siop));
++       case CIOCKEY:
++       {
++               struct cryptodev_pkc *pkc =
++                       kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
++
++               if (!pkc)
++                       return -ENOMEM;
++
++               ret = kop_from_user(&pkc->kop, arg);
++               if (unlikely(ret)) {
++                       kfree(pkc);
++                       return ret;
++               }
++               pkc->type = SYNCHRONOUS;
++               ret = crypto_run_asym(pkc);
++               kfree(pkc);
++       }
++       return ret;
+        case CIOCCRYPT:
+                if (unlikely(ret = kcop_from_user(&kcop, fcr, arg))) {
+                        dwarning(1, "Error copying from user");
+@@ -895,6 +1034,45 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+ 
+                return kcop_to_user(&kcop, fcr, arg);
+ #endif
++       case CIOCASYMASYNCRYPT:
++       {
++               struct cryptodev_pkc *pkc =
++                       kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
++               ret = kop_from_user(&pkc->kop, arg);
++
++               if (unlikely(ret))
++                       return -EINVAL;
++
++               /* Store associated FD priv data with asymmetric request */
++               pkc->priv = pcr;
++               pkc->type = ASYNCHRONOUS;
++               ret = crypto_run_asym(pkc);
++               if (ret == -EINPROGRESS)
++                       ret = 0;
++       }
++       return ret;
++       case CIOCASYMASYNFETCH:
++       {
++               struct cryptodev_pkc *pkc;
++               unsigned long flags;
++
++               spin_lock_irqsave(&pcr->completion_lock, flags);
++               if (list_empty(&pcr->asym_completed_list)) {
++                       spin_unlock_irqrestore(&pcr->completion_lock, flags);
++                       return -ENOMEM;
++               }
++               pkc = list_first_entry(&pcr->asym_completed_list,
++                       struct cryptodev_pkc, list);
++               list_del(&pkc->list);
++               spin_unlock_irqrestore(&pcr->completion_lock, flags);
++               ret = crypto_async_fetch_asym(pkc);
++
++               /* Reflect the updated request to user-space */
++               if (!ret)
++                       kop_to_user(&pkc->kop, arg);
++               kfree(pkc);
++       }
++       return ret;
+        default:
+                return -EINVAL;
+        }
+@@ -1083,9 +1261,11 @@ static unsigned int cryptodev_poll(struct file *file, poll_table *wait)
+ 
+        poll_wait(file, &pcr->user_waiter, wait);
+ 
+-       if (!list_empty_careful(&pcr->done.list))
++       if (!list_empty_careful(&pcr->done.list) ||
++           !list_empty_careful(&pcr->asym_completed_list))
+                ret |= POLLIN | POLLRDNORM;
+-       if (!list_empty_careful(&pcr->free.list) || pcr->itemcount < MAX_COP_RINGSIZE)
++       if (!list_empty_careful(&pcr->free.list) ||
++           pcr->itemcount < MAX_COP_RINGSIZE)
+                ret |= POLLOUT | POLLWRNORM;
+ 
+        return ret;
+diff --git a/main.c b/main.c
+index 57e5c38..0b7951e 100644
+--- a/main.c
++++ b/main.c
+@@ -181,6 +181,384 @@ __crypto_run_zc(struct csession *ses_ptr, struct kernel_crypt_op *kcop)
+        return ret;
+ }
+ 
++int crypto_kop_dsasign(struct cryptodev_pkc *pkc)
++{
++       struct kernel_crypt_kop *kop = &pkc->kop;
++       struct crypt_kop *cop = &kop->kop;
++       struct pkc_request *pkc_req = &pkc->req;
++       struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign;
++       int rc, buf_size;
++       uint8_t *buf;
++
++       if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
++           !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits ||
++           !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits ||
++           !cop->crk_param[6].crp_nbits || (cop->crk_iparams == 6 &&
++           !cop->crk_param[7].crp_nbits))
++               return -EINVAL;
++
++       dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8;
++       dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8;
++       dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8;
++       dsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8;
++       dsa_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8;
++       dsa_req->d_len = (cop->crk_param[6].crp_nbits + 7)/8;
++       buf_size = dsa_req->m_len + dsa_req->q_len + dsa_req->r_len +
++                  dsa_req->g_len + dsa_req->priv_key_len + dsa_req->d_len +
++                  dsa_req->d_len;
++       if (cop->crk_iparams == 6) {
++               dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8;
++               buf_size += dsa_req->ab_len;
++               pkc_req->type = ECDSA_SIGN;
++               pkc_req->curve_type = cop->curve_type;
++       } else {
++               pkc_req->type = DSA_SIGN;
++       }
++
++       buf = kzalloc(buf_size, GFP_DMA);
++
++       dsa_req->q = buf;
++       dsa_req->r = dsa_req->q + dsa_req->q_len;
++       dsa_req->g = dsa_req->r + dsa_req->r_len;
++       dsa_req->priv_key = dsa_req->g + dsa_req->g_len;
++       dsa_req->m = dsa_req->priv_key + dsa_req->priv_key_len;
++       dsa_req->c = dsa_req->m + dsa_req->m_len;
++       dsa_req->d = dsa_req->c + dsa_req->d_len;
++       copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len);
++       copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len);
++       copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len);
++       copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len);
++       copy_from_user(dsa_req->priv_key, cop->crk_param[4].crp_p,
++                      dsa_req->priv_key_len);
++       if (cop->crk_iparams == 6) {
++               dsa_req->ab = dsa_req->d + dsa_req->d_len;
++               copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p,
++                              dsa_req->ab_len);
++       }
++       rc = cryptodev_pkc_offload(pkc);
++       if (pkc->type == SYNCHRONOUS) {
++               if (rc)
++                       goto err;
++               if (cop->crk_iparams == 6) {
++                       copy_to_user(cop->crk_param[6].crp_p, dsa_req->c,
++                                    dsa_req->d_len);
++                       copy_to_user(cop->crk_param[7].crp_p, dsa_req->d,
++                                    dsa_req->d_len);
++               } else {
++                       copy_to_user(cop->crk_param[5].crp_p, dsa_req->c,
++                                    dsa_req->d_len);
++                       copy_to_user(cop->crk_param[6].crp_p, dsa_req->d,
++                                    dsa_req->d_len);
++               }
++       } else {
++               if (rc != -EINPROGRESS && rc != 0)
++                       goto err;
++
++               pkc->cookie = buf;
++               return rc;
++       }
++err:
++       kfree(buf);
++       return rc;
++}
++
++int crypto_kop_dsaverify(struct cryptodev_pkc *pkc)
++{
++       struct kernel_crypt_kop *kop = &pkc->kop;
++       struct crypt_kop *cop = &kop->kop;
++       struct pkc_request *pkc_req;
++       struct dsa_verify_req_s *dsa_req;
++       int rc, buf_size;
++       uint8_t *buf;
++
++       if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
++           !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits ||
++           !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits ||
++           !cop->crk_param[6].crp_nbits  || (cop->crk_iparams == 8 &&
++           !cop->crk_param[7].crp_nbits))
++               return -EINVAL;
++
++       pkc_req = &pkc->req;
++       dsa_req = &pkc_req->req_u.dsa_verify;
++       dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8;
++       dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8;
++       dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8;
++       dsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8;
++       dsa_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8;
++       dsa_req->d_len = (cop->crk_param[6].crp_nbits + 7)/8;
++       buf_size = dsa_req->m_len + dsa_req->q_len + dsa_req->r_len +
++               dsa_req->g_len + dsa_req->pub_key_len + dsa_req->d_len +
++               dsa_req->d_len;
++       if (cop->crk_iparams == 8) {
++               dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8;
++               buf_size += dsa_req->ab_len;
++               pkc_req->type = ECDSA_VERIFY;
++               pkc_req->curve_type = cop->curve_type;
++       } else {
++               pkc_req->type = DSA_VERIFY;
++       }
++
++       buf = kzalloc(buf_size, GFP_DMA);
++
++       dsa_req->q = buf;
++       dsa_req->r = dsa_req->q + dsa_req->q_len;
++       dsa_req->g = dsa_req->r + dsa_req->r_len;
++       dsa_req->pub_key = dsa_req->g + dsa_req->g_len;
++       dsa_req->m = dsa_req->pub_key + dsa_req->pub_key_len;
++       dsa_req->c = dsa_req->m + dsa_req->m_len;
++       dsa_req->d = dsa_req->c + dsa_req->d_len;
++       copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len);
++       copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len);
++       copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len);
++       copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len);
++       copy_from_user(dsa_req->pub_key, cop->crk_param[4].crp_p,
++                      dsa_req->pub_key_len);
++       if (cop->crk_iparams == 8) {
++               dsa_req->ab = dsa_req->d + dsa_req->d_len;
++               copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p,
++                              dsa_req->ab_len);
++               copy_from_user(dsa_req->c, cop->crk_param[6].crp_p,
++                              dsa_req->d_len);
++               copy_from_user(dsa_req->d, cop->crk_param[7].crp_p,
++                              dsa_req->d_len);
++       } else {
++               copy_from_user(dsa_req->c, cop->crk_param[5].crp_p,
++                              dsa_req->d_len);
++               copy_from_user(dsa_req->d, cop->crk_param[6].crp_p,
++                              dsa_req->d_len);
++       }
++       rc = cryptodev_pkc_offload(pkc);
++       if (pkc->type == SYNCHRONOUS) {
++               if (rc)
++                       goto err;
++       } else {
++               if (rc != -EINPROGRESS && !rc)
++                       goto err;
++               pkc->cookie = buf;
++               return rc;
++       }
++err:
++       kfree(buf);
++       return rc;
++}
++
++int crypto_kop_dh_key(struct cryptodev_pkc *pkc)
++{
++       struct kernel_crypt_kop *kop = &pkc->kop;
++       struct crypt_kop *cop = &kop->kop;
++       struct pkc_request *pkc_req;
++       struct dh_key_req_s *dh_req;
++       int buf_size;
++       uint8_t *buf;
++       int rc = -EINVAL;
++
++       pkc_req = &pkc->req;
++       dh_req = &pkc_req->req_u.dh_req;
++       dh_req->s_len = (cop->crk_param[0].crp_nbits + 7)/8;
++       dh_req->pub_key_len = (cop->crk_param[1].crp_nbits + 7)/8;
++       dh_req->q_len = (cop->crk_param[2].crp_nbits + 7)/8;
++       buf_size = dh_req->q_len + dh_req->pub_key_len + dh_req->s_len;
++       if (cop->crk_iparams == 4) {
++               pkc_req->type = ECDH_COMPUTE_KEY;
++               dh_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8;
++               dh_req->z_len = (cop->crk_param[4].crp_nbits + 7)/8;
++               buf_size += dh_req->ab_len;
++       } else {
++               dh_req->z_len = (cop->crk_param[3].crp_nbits + 7)/8;
++               pkc_req->type = DH_COMPUTE_KEY;
++       }
++       buf_size += dh_req->z_len;
++       buf = kzalloc(buf_size, GFP_DMA);
++       dh_req->q = buf;
++       dh_req->s = dh_req->q + dh_req->q_len;
++       dh_req->pub_key = dh_req->s + dh_req->s_len;
++       dh_req->z = dh_req->pub_key + dh_req->pub_key_len;
++       if (cop->crk_iparams == 4) {
++               dh_req->ab = dh_req->z + dh_req->z_len;
++               pkc_req->curve_type = cop->curve_type;
++               copy_from_user(dh_req->ab, cop->crk_param[3].crp_p,
++                              dh_req->ab_len);
++       }
++       copy_from_user(dh_req->s, cop->crk_param[0].crp_p, dh_req->s_len);
++       copy_from_user(dh_req->pub_key, cop->crk_param[1].crp_p,
++                      dh_req->pub_key_len);
++       copy_from_user(dh_req->q, cop->crk_param[2].crp_p, dh_req->q_len);
++       rc = cryptodev_pkc_offload(pkc);
++       if (pkc->type == SYNCHRONOUS) {
++               if (rc)
++                       goto err;
++               if (cop->crk_iparams == 4)
++                       copy_to_user(cop->crk_param[4].crp_p, dh_req->z,
++                                    dh_req->z_len);
++               else
++                       copy_to_user(cop->crk_param[3].crp_p, dh_req->z,
++                                    dh_req->z_len);
++       } else {
++               if (rc != -EINPROGRESS && rc != 0)
++                       goto err;
++
++               pkc->cookie = buf;
++               return rc;
++       }
++err:
++       kfree(buf);
++       return rc;
++}
++
++int crypto_modexp_crt(struct cryptodev_pkc *pkc)
++{
++       struct kernel_crypt_kop *kop = &pkc->kop;
++       struct crypt_kop *cop = &kop->kop;
++       struct pkc_request *pkc_req;
++       struct rsa_priv_frm3_req_s *rsa_req;
++       int rc;
++       uint8_t *buf;
++
++       if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
++           !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits ||
++           !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits)
++               return -EINVAL;
++
++       pkc_req = &pkc->req;
++       pkc_req->type = RSA_PRIV_FORM3;
++       rsa_req = &pkc_req->req_u.rsa_priv_f3;
++       rsa_req->p_len = (cop->crk_param[0].crp_nbits + 7)/8;
++       rsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8;
++       rsa_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8;
++       rsa_req->dp_len = (cop->crk_param[3].crp_nbits + 7)/8;
++       rsa_req->dq_len = (cop->crk_param[4].crp_nbits + 7)/8;
++       rsa_req->c_len = (cop->crk_param[5].crp_nbits + 7)/8;
++       rsa_req->f_len = (cop->crk_param[6].crp_nbits + 7)/8;
++       buf = kzalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len +
++                     rsa_req->dp_len + rsa_req->dp_len + rsa_req->c_len +
++                     rsa_req->g_len, GFP_DMA);
++       rsa_req->p = buf;
++       rsa_req->q = rsa_req->p + rsa_req->p_len;
++       rsa_req->g = rsa_req->q + rsa_req->q_len;
++       rsa_req->dp = rsa_req->g + rsa_req->g_len;
++       rsa_req->dq = rsa_req->dp + rsa_req->dp_len;
++       rsa_req->c = rsa_req->dq + rsa_req->dq_len;
++       rsa_req->f = rsa_req->c + rsa_req->c_len;
++       copy_from_user(rsa_req->p, cop->crk_param[0].crp_p, rsa_req->p_len);
++       copy_from_user(rsa_req->q, cop->crk_param[1].crp_p, rsa_req->q_len);
++       copy_from_user(rsa_req->g, cop->crk_param[2].crp_p, rsa_req->g_len);
++       copy_from_user(rsa_req->dp, cop->crk_param[3].crp_p, rsa_req->dp_len);
++       copy_from_user(rsa_req->dq, cop->crk_param[4].crp_p, rsa_req->dq_len);
++       copy_from_user(rsa_req->c, cop->crk_param[5].crp_p, rsa_req->c_len);
++       rc = cryptodev_pkc_offload(pkc);
++
++       if (pkc->type == SYNCHRONOUS) {
++               if (rc)
++                       goto err;
++               copy_to_user(cop->crk_param[6].crp_p, rsa_req->f,
++                            rsa_req->f_len);
++       } else {
++               if (rc != -EINPROGRESS && rc != 0)
++                       goto err;
++
++               pkc->cookie = buf;
++               return rc;
++       }
++err:
++       kfree(buf);
++       return rc;
++}
++
++int crypto_bn_modexp(struct cryptodev_pkc *pkc)
++{
++       struct pkc_request *pkc_req;
++       struct rsa_pub_req_s *rsa_req;
++       int rc;
++       struct kernel_crypt_kop *kop = &pkc->kop;
++       struct crypt_kop *cop = &kop->kop;
++       uint8_t *buf;
++
++       if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
++           !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits)
++               return -EINVAL;
++
++       pkc_req = &pkc->req;
++       pkc_req->type = RSA_PUB;
++       rsa_req = &pkc_req->req_u.rsa_pub_req;
++       rsa_req->f_len = (cop->crk_param[0].crp_nbits + 7)/8;
++       rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8;
++       rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8;
++       rsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8;
++       buf = kzalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len
++                       + rsa_req->g_len, GFP_DMA);
++       if (!buf)
++               return -ENOMEM;
++
++       rsa_req->e = buf;
++       rsa_req->f = rsa_req->e + rsa_req->e_len;
++       rsa_req->g = rsa_req->f + rsa_req->f_len;
++       rsa_req->n = rsa_req->g + rsa_req->g_len;
++       copy_from_user(rsa_req->f, cop->crk_param[0].crp_p, rsa_req->f_len);
++       copy_from_user(rsa_req->e, cop->crk_param[1].crp_p, rsa_req->e_len);
++       copy_from_user(rsa_req->n, cop->crk_param[2].crp_p, rsa_req->n_len);
++       rc = cryptodev_pkc_offload(pkc);
++       if (pkc->type == SYNCHRONOUS) {
++               if (rc)
++                       goto err;
++
++               copy_to_user(cop->crk_param[3].crp_p, rsa_req->g,
++                            rsa_req->g_len);
++       } else {
++               if (rc != -EINPROGRESS && rc != 0)
++                       goto err;
++
++               /* This one will be freed later in fetch handler */
++               pkc->cookie = buf;
++               return rc;
++       }
++err:
++       kfree(buf);
++       return rc;
++}
++
++int crypto_run_asym(struct cryptodev_pkc *pkc)
++{
++       int ret = -EINVAL;
++       struct kernel_crypt_kop *kop = &pkc->kop;
++
++       switch (kop->kop.crk_op) {
++       case CRK_MOD_EXP:
++               if (kop->kop.crk_iparams != 3 && kop->kop.crk_oparams != 1)
++                       goto err;
++
++               ret = crypto_bn_modexp(pkc);
++               break;
++       case CRK_MOD_EXP_CRT:
++               if (kop->kop.crk_iparams != 6 && kop->kop.crk_oparams != 1)
++                       goto err;
++
++               ret = crypto_modexp_crt(pkc);
++               break;
++       case CRK_DSA_SIGN:
++               if ((kop->kop.crk_iparams != 5 && kop->kop.crk_iparams != 6) ||
++                   kop->kop.crk_oparams != 2)
++                       goto err;
++
++               ret = crypto_kop_dsasign(pkc);
++               break;
++       case CRK_DSA_VERIFY:
++               if ((kop->kop.crk_iparams != 7 && kop->kop.crk_iparams != 8) ||
++                   kop->kop.crk_oparams != 0)
++                       goto err;
++
++               ret = crypto_kop_dsaverify(pkc);
++               break;
++       case CRK_DH_COMPUTE_KEY:
++               if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4) ||
++                   kop->kop.crk_oparams != 1)
++                       goto err;
++               ret = crypto_kop_dh_key(pkc);
++               break;
++       }
++err:
++       return ret;
++}
++
+ int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop)
+ {
+        struct csession *ses_ptr;
+-- 
+1.8.3.1
+
diff --git a/recipes-kernel/cryptodev/cryptodev-fsl/0004-Compat-versions-of-PKC-IOCTLs.patch b/recipes-kernel/cryptodev/cryptodev-fsl/0004-Compat-versions-of-PKC-IOCTLs.patch
new file mode 100644
index 0000000..2eedcc7
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-fsl/0004-Compat-versions-of-PKC-IOCTLs.patch
@@ -0,0 +1,200 @@
+From 5435dfd329cd90837ce36c6dadc26166c7906cab Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Fri, 7 Mar 2014 06:52:13 +0545
+Subject: [PATCH 4/9] Compat versions of PKC IOCTLs
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ cryptodev_int.h |  20 ++++++++++
+ ioctl.c         | 120 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 140 insertions(+)
+
+diff --git a/cryptodev_int.h b/cryptodev_int.h
+index fdbcc61..cf54dac 100644
+--- a/cryptodev_int.h
++++ b/cryptodev_int.h
+@@ -75,6 +75,24 @@ struct compat_crypt_op {
+        compat_uptr_t   iv;/* initialization vector for encryption operations */
+ };
+ 
++/* input of CIOCKEY */
++struct compat_crparam {
++       compat_uptr_t   crp_p;
++       uint32_t        crp_nbits;
++};
++
++struct compat_crypt_kop {
++       uint32_t        crk_op;         /* cryptodev_crk_ot_t */
++       uint32_t        crk_status;
++       uint16_t        crk_iparams;
++       uint16_t        crk_oparams;
++       uint32_t        crk_pad1;
++       struct compat_crparam   crk_param[CRK_MAXPARAM];
++       enum curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME,
++                                2 = EC_BINARY */
++       compat_uptr_t cookie;
++};
++
+  /* input of CIOCAUTHCRYPT */
+ struct compat_crypt_auth_op {
+        uint32_t        ses;            /* session identifier */
+@@ -111,6 +129,8 @@ struct compat_crypt_auth_op {
+ #define COMPAT_CIOCASYNCCRYPT  _IOW('c', 107, struct compat_crypt_op)
+ #define COMPAT_CIOCASYNCFETCH  _IOR('c', 108, struct compat_crypt_op)
+ #define COMPAT_CIOCAUTHCRYPT   _IOWR('c', 109, struct compat_crypt_auth_op)
++#define COMPAT_CIOCASYMASYNCRYPT    _IOW('c', 110, struct compat_crypt_kop)
++#define COMPAT_CIOCASYMASYNFETCH    _IOR('c', 111, struct compat_crypt_kop)
+ 
+ #endif /* CONFIG_COMPAT */
+ 
+diff --git a/ioctl.c b/ioctl.c
+index 782d7fe..3baf3e6 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -1081,6 +1081,68 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+ /* compatibility code for 32bit userlands */
+ #ifdef CONFIG_COMPAT
+ 
++static inline void compat_to_crypt_kop(struct compat_crypt_kop *compat,
++                struct crypt_kop *kop)
++{
++       int i;
++       kop->crk_op      = compat->crk_op;
++       kop->crk_status  = compat->crk_status;
++       kop->crk_iparams = compat->crk_iparams;
++       kop->crk_oparams = compat->crk_oparams;
++
++       for (i = 0; i < CRK_MAXPARAM; i++) {
++               kop->crk_param[i].crp_p =
++                       compat_ptr(compat->crk_param[i].crp_p);
++               kop->crk_param[i].crp_nbits = compat->crk_param[i].crp_nbits;
++       }
++
++       kop->curve_type = compat->curve_type;
++       kop->cookie = compat->cookie;
++}
++
++static int compat_kop_from_user(struct kernel_crypt_kop *kop,
++       void __user *arg)
++{
++       struct compat_crypt_kop compat_kop;
++
++       if (unlikely(copy_from_user(&compat_kop, arg, sizeof(compat_kop))))
++               return -EFAULT;
++
++       compat_to_crypt_kop(&compat_kop, &kop->kop);
++       return fill_kop_from_cop(kop);
++}
++
++static inline void crypt_kop_to_compat(struct crypt_kop *kop,
++                                struct compat_crypt_kop *compat)
++{
++       int i;
++
++       compat->crk_op      = kop->crk_op;
++       compat->crk_status  = kop->crk_status;
++       compat->crk_iparams = kop->crk_iparams;
++       compat->crk_oparams = kop->crk_oparams;
++
++       for (i = 0; i < CRK_MAXPARAM; i++) {
++               compat->crk_param[i].crp_p =
++                        ptr_to_compat(kop->crk_param[i].crp_p);
++               compat->crk_param[i].crp_nbits = kop->crk_param[i].crp_nbits;
++       }
++       compat->cookie = kop->cookie;
++       compat->curve_type = kop->curve_type;
++}
++
++static int compat_kop_to_user(struct kernel_crypt_kop *kop, void __user *arg)
++{
++       struct compat_crypt_kop compat_kop;
++
++       crypt_kop_to_compat(&kop->kop, &compat_kop);
++       if (unlikely(copy_to_user(arg, &compat_kop, sizeof(compat_kop)))) {
++               dprintk(1, KERN_ERR, "Cannot copy to userspace\n");
++               return -EFAULT;
++       }
++       return 0;
++}
++
+ static inline void
+ compat_to_session_op(struct compat_session_op *compat, struct session_op *sop)
+ {
+@@ -1208,7 +1270,26 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
+                        return -EFAULT;
+                }
+                return ret;
++       case COMPAT_CIOCKEY:
++       {
++               struct cryptodev_pkc *pkc =
++                        kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
++
++               if (!pkc)
++                       return -ENOMEM;
++
++               ret = compat_kop_from_user(&pkc->kop, arg);
++
++               if (unlikely(ret)) {
++                       kfree(pkc);
++                       return ret;
++               }
+ 
++               pkc->type = SYNCHRONOUS;
++               ret = crypto_run_asym(pkc);
++               kfree(pkc);
++       }
++       return ret;
+        case COMPAT_CIOCCRYPT:
+                ret = compat_kcop_from_user(&kcop, fcr, arg);
+                if (unlikely(ret))
+@@ -1247,6 +1328,45 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
+ 
+                return compat_kcop_to_user(&kcop, fcr, arg);
+ #endif
++       case COMPAT_CIOCASYMASYNCRYPT:
++       {
++               struct cryptodev_pkc *pkc =
++                       kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
++
++               ret = compat_kop_from_user(&pkc->kop, arg);
++               if (unlikely(ret))
++                       return -EINVAL;
++
++               /* Store associated FD priv data with asymmetric request */
++               pkc->priv = pcr;
++               pkc->type = ASYNCHRONOUS;
++               ret = crypto_run_asym(pkc);
++               if (ret == -EINPROGRESS)
++                       ret = 0;
++       }
++       return ret;
++       case COMPAT_CIOCASYMASYNFETCH:
++       {
++               struct cryptodev_pkc *pkc;
++               unsigned long flags;
++
++               spin_lock_irqsave(&pcr->completion_lock, flags);
++               if (list_empty(&pcr->asym_completed_list)) {
++                       spin_unlock_irqrestore(&pcr->completion_lock, flags);
++                       return -ENOMEM;
++               }
++               pkc = list_first_entry(&pcr->asym_completed_list,
++                        struct cryptodev_pkc, list);
++               list_del(&pkc->list);
++               spin_unlock_irqrestore(&pcr->completion_lock, flags);
++               ret = crypto_async_fetch_asym(pkc);
++
++               /* Reflect the updated request to user-space */
++               if (!ret)
++                       compat_kop_to_user(&pkc->kop, arg);
++               kfree(pkc);
++       }
++       return ret;
+        default:
+                return -EINVAL;
+        }
+-- 
+1.8.3.1
+
diff --git a/recipes-kernel/cryptodev/cryptodev-fsl/0005-Asynchronous-interface-changes-in-cryptodev.patch b/recipes-kernel/cryptodev/cryptodev-fsl/0005-Asynchronous-interface-changes-in-cryptodev.patch
new file mode 100644
index 0000000..2f88eda
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-fsl/0005-Asynchronous-interface-changes-in-cryptodev.patch
@@ -0,0 +1,213 @@
+From ddc4179a454cea79c8385fd6756d20cbf3c6dcb5 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Fri, 7 Mar 2014 07:24:00 +0545
+Subject: [PATCH 5/9] Asynchronous interface changes in cryptodev
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ cryptlib.h         |  7 ++++-
+ crypto/cryptodev.h | 10 ++++++-
+ cryptodev_int.h    | 10 ++++++-
+ ioctl.c            | 76 +++++++++++++++++++++++++++++++++++++-----------------
+ 4 files changed, 76 insertions(+), 27 deletions(-)
+
+diff --git a/cryptlib.h b/cryptlib.h
+index 56d325a..7ffa54c 100644
+--- a/cryptlib.h
++++ b/cryptlib.h
+@@ -113,7 +113,12 @@ struct cryptodev_pkc {
+        struct pkc_request req; /* PKC request structure allocated
+                                 from CryptoAPI */
+        enum offload_type type; /* Synchronous Vs Asynchronous request */
+-       void *cookie; /*Additional opaque cookie to be used in future */
++       /*
++        * cookie used for transfering tranparent information from async
++        * submission to async fetch. Currently some dynamic allocated
++        * buffers are maintained which will be freed later during fetch
++        */
++       void *cookie;
+        struct crypt_priv *priv;
+ };
+ 
+diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
+index 96675fe..4436fbf 100644
+--- a/crypto/cryptodev.h
++++ b/crypto/cryptodev.h
+@@ -254,6 +254,14 @@ struct crypt_kop {
+        void *cookie;
+ };
+ 
++#define MAX_COOKIES 4
++
++struct pkc_cookie_list_s {
++       int cookie_available;
++       void *cookie[MAX_COOKIES];
++       int status[MAX_COOKIES];
++};
++
+ enum cryptodev_crk_op_t {
+        CRK_MOD_EXP = 0,
+        CRK_MOD_EXP_CRT = 1,
+@@ -298,5 +306,5 @@ enum cryptodev_crk_op_t {
+ #define CIOCASYNCFETCH    _IOR('c', 111, struct crypt_op)
+ /* additional ioctls for asynchronous  operation for asymmetric ciphers*/
+ #define CIOCASYMASYNCRYPT    _IOW('c', 112, struct crypt_kop)
+-#define CIOCASYMASYNFETCH    _IOR('c', 113, struct crypt_kop)
++#define CIOCASYMFETCHCOOKIE    _IOR('c', 113, struct pkc_cookie_list_s)
+ #endif /* L_CRYPTODEV_H */
+diff --git a/cryptodev_int.h b/cryptodev_int.h
+index cf54dac..5347cae 100644
+--- a/cryptodev_int.h
++++ b/cryptodev_int.h
+@@ -93,6 +93,12 @@ struct compat_crypt_kop {
+        compat_uptr_t cookie;
+ };
+ 
++struct compat_pkc_cookie_list_s {
++       int cookie_available;
++       compat_uptr_t cookie[MAX_COOKIES];
++       int status[MAX_COOKIES];
++};
++
+  /* input of CIOCAUTHCRYPT */
+ struct compat_crypt_auth_op {
+        uint32_t        ses;            /* session identifier */
+@@ -126,11 +132,13 @@ struct compat_crypt_auth_op {
+ /* compat ioctls, defined for the above structs */
+ #define COMPAT_CIOCGSESSION    _IOWR('c', 102, struct compat_session_op)
+ #define COMPAT_CIOCCRYPT       _IOWR('c', 104, struct compat_crypt_op)
++#define COMPAT_CIOCKEY    _IOW('c', 105, struct compat_crypt_kop)
+ #define COMPAT_CIOCASYNCCRYPT  _IOW('c', 107, struct compat_crypt_op)
+ #define COMPAT_CIOCASYNCFETCH  _IOR('c', 108, struct compat_crypt_op)
+ #define COMPAT_CIOCAUTHCRYPT   _IOWR('c', 109, struct compat_crypt_auth_op)
+ #define COMPAT_CIOCASYMASYNCRYPT    _IOW('c', 110, struct compat_crypt_kop)
+-#define COMPAT_CIOCASYMASYNFETCH    _IOR('c', 111, struct compat_crypt_kop)
++#define COMPAT_CIOCASYMFETCHCOOKIE    _IOR('c', 111, \
++                               struct compat_pkc_cookie_list_s)
+ 
+ #endif /* CONFIG_COMPAT */
+ 
+diff --git a/ioctl.c b/ioctl.c
+index 3baf3e6..2eb7f03 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -105,8 +105,6 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err)
+        crypto_free_pkc(pkc->s);
+        res->err = err;
+        if (pkc->type == SYNCHRONOUS) {
+-               if (err == -EINPROGRESS)
+-                       return;
+                complete(&res->completion);
+        } else {
+                struct crypt_priv *pcr = pkc->priv;
+@@ -1051,26 +1049,41 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+                        ret = 0;
+        }
+        return ret;
+-       case CIOCASYMASYNFETCH:
++       case CIOCASYMFETCHCOOKIE:
+        {
+                struct cryptodev_pkc *pkc;
+                unsigned long flags;
++               int i;
++               struct pkc_cookie_list_s cookie_list;
+ 
+                spin_lock_irqsave(&pcr->completion_lock, flags);
+-               if (list_empty(&pcr->asym_completed_list)) {
+-                       spin_unlock_irqrestore(&pcr->completion_lock, flags);
+-                       return -ENOMEM;
++               cookie_list.cookie_available = 0;
++               for (i = 0; i < MAX_COOKIES; i++) {
++                       if (!list_empty(&pcr->asym_completed_list)) {
++                               /* Run a loop in the list for upto  elements
++                                and copy their response back */
++                               pkc =
++                                list_first_entry(&pcr->asym_completed_list,
++                                               struct cryptodev_pkc, list);
++                               list_del(&pkc->list);
++                               ret = crypto_async_fetch_asym(pkc);
++                               if (!ret) {
++                                       cookie_list.cookie_available++;
++                                       cookie_list.cookie[i] =
++                                               pkc->kop.kop.cookie;
++                                       cookie_list.status[i] = pkc->result.err;
++                               }
++                               kfree(pkc);
++                       } else {
++                               break;
++                       }
+                }
+-               pkc = list_first_entry(&pcr->asym_completed_list,
+-                       struct cryptodev_pkc, list);
+-               list_del(&pkc->list);
+                spin_unlock_irqrestore(&pcr->completion_lock, flags);
+-               ret = crypto_async_fetch_asym(pkc);
+ 
+                /* Reflect the updated request to user-space */
+-               if (!ret)
+-                       kop_to_user(&pkc->kop, arg);
+-               kfree(pkc);
++               if (cookie_list.cookie_available)
++                       copy_to_user(arg, &cookie_list,
++                                    sizeof(struct pkc_cookie_list_s));
+        }
+        return ret;
+        default:
+@@ -1345,26 +1358,41 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
+                        ret = 0;
+        }
+        return ret;
+-       case COMPAT_CIOCASYMASYNFETCH:
++       case COMPAT_CIOCASYMFETCHCOOKIE:
+        {
+                struct cryptodev_pkc *pkc;
+                unsigned long flags;
++               int i = 0;
++               struct compat_pkc_cookie_list_s cookie_list;
+ 
+                spin_lock_irqsave(&pcr->completion_lock, flags);
+-               if (list_empty(&pcr->asym_completed_list)) {
+-                       spin_unlock_irqrestore(&pcr->completion_lock, flags);
+-                       return -ENOMEM;
++               cookie_list.cookie_available = 0;
++
++               for (i = 0; i < MAX_COOKIES; i++) {
++                       if (!list_empty(&pcr->asym_completed_list)) {
++                               /* Run a loop in the list for upto  elements
++                                and copy their response back */
++                               pkc =
++                                list_first_entry(&pcr->asym_completed_list,
++                                               struct cryptodev_pkc, list);
++                               list_del(&pkc->list);
++                               ret = crypto_async_fetch_asym(pkc);
++                               if (!ret) {
++                                       cookie_list.cookie_available++;
++                                       cookie_list.cookie[i] =
++                                                pkc->kop.kop.cookie;
++                               }
++                               kfree(pkc);
++                       } else {
++                               break;
++                       }
+                }
+-               pkc = list_first_entry(&pcr->asym_completed_list,
+-                        struct cryptodev_pkc, list);
+-               list_del(&pkc->list);
+                spin_unlock_irqrestore(&pcr->completion_lock, flags);
+-               ret = crypto_async_fetch_asym(pkc);
+ 
+                /* Reflect the updated request to user-space */
+-               if (!ret)
+-                       compat_kop_to_user(&pkc->kop, arg);
+-               kfree(pkc);
++               if (cookie_list.cookie_available)
++                       copy_to_user(arg, &cookie_list,
++                                    sizeof(struct compat_pkc_cookie_list_s));
+        }
+        return ret;
+        default:
+-- 
+1.8.3.1
+
diff --git a/recipes-kernel/cryptodev/cryptodev-fsl/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch b/recipes-kernel/cryptodev/cryptodev-fsl/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch
new file mode 100644
index 0000000..e70a057
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-fsl/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch
@@ -0,0 +1,212 @@
+From 30fc86a09109f169815befc2cd8bbfcae79fe7e0 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Fri, 7 Mar 2014 07:53:53 +0545
+Subject: [PATCH 6/9] ECC_KEYGEN and DLC_KEYGEN supported in cryptodev module
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ cryptlib.c         |  2 ++
+ crypto/cryptodev.h |  5 +++-
+ ioctl.c            | 29 +++++++++++++++++--
+ main.c             | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 118 insertions(+), 3 deletions(-)
+
+diff --git a/cryptlib.c b/cryptlib.c
+index 6900028..47cd568 100644
+--- a/cryptlib.c
++++ b/cryptlib.c
+@@ -452,6 +452,8 @@ int cryptodev_pkc_offload(struct cryptodev_pkc  *pkc)
+        case DSA_VERIFY:
+        case ECDSA_SIGN:
+        case ECDSA_VERIFY:
++       case DLC_KEYGEN:
++       case ECC_KEYGEN:
+                pkc->s = crypto_alloc_pkc("pkc(dsa)",
+                         CRYPTO_ALG_TYPE_PKC_DSA, 0);
+                break;
+diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
+index 4436fbf..275a55c 100644
+--- a/crypto/cryptodev.h
++++ b/crypto/cryptodev.h
+@@ -268,6 +268,8 @@ enum cryptodev_crk_op_t {
+        CRK_DSA_SIGN = 2,
+        CRK_DSA_VERIFY = 3,
+        CRK_DH_COMPUTE_KEY = 4,
++       CRK_DSA_GENERATE_KEY = 5,
++       CRK_DH_GENERATE_KEY = 6,
+        CRK_ALGORITHM_ALL
+ };
+ 
+@@ -280,7 +282,8 @@ enum cryptodev_crk_op_t {
+ #define CRF_DSA_SIGN           (1 << CRK_DSA_SIGN)
+ #define CRF_DSA_VERIFY         (1 << CRK_DSA_VERIFY)
+ #define CRF_DH_COMPUTE_KEY     (1 << CRK_DH_COMPUTE_KEY)
+-
++#define CRF_DSA_GENERATE_KEY   (1 << CRK_DSA_GENERATE_KEY)
++#define CRF_DH_GENERATE_KEY    (1 << CRK_DH_GENERATE_KEY)
+ 
+ /* ioctl's. Compatible with old linux cryptodev.h
+  */
+diff --git a/ioctl.c b/ioctl.c
+index 2eb7f03..c813c8c 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -726,6 +726,23 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
+                                     dh_req->z, dh_req->z_len);
+        }
+        break;
++       case CRK_DSA_GENERATE_KEY:
++       case CRK_DH_GENERATE_KEY:
++       {
++               struct keygen_req_s *key_req = &pkc_req->req_u.keygen;
++
++               if (pkc_req->type == ECC_KEYGEN) {
++                       copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key,
++                                    key_req->pub_key_len);
++                       copy_to_user(ckop->crk_param[5].crp_p,
++                                    key_req->priv_key, key_req->priv_key_len);
++               } else {
++                       copy_to_user(ckop->crk_param[3].crp_p,
++                                    key_req->pub_key, key_req->pub_key_len);
++                       copy_to_user(ckop->crk_param[4].crp_p,
++                                    key_req->priv_key, key_req->priv_key_len);
++               }
++       }
+        default:
+                ret = -EINVAL;
+        }
+@@ -939,8 +956,9 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+ 
+        switch (cmd) {
+        case CIOCASYMFEAT:
+-               return put_user(CRF_MOD_EXP_CRT |  CRF_MOD_EXP |
+-                       CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY, p);
++               return put_user(CRF_MOD_EXP_CRT |  CRF_MOD_EXP | CRF_DSA_SIGN |
++                       CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY |
++                       CRF_DSA_GENERATE_KEY, p);
+        case CRIOGET:
+                fd = clonefd(filp);
+                ret = put_user(fd, p);
+@@ -1084,7 +1102,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+                if (cookie_list.cookie_available)
+                        copy_to_user(arg, &cookie_list,
+                                     sizeof(struct pkc_cookie_list_s));
++               else {
++                       struct pkc_cookie_list_s *user_ck_list = (void *)arg;
++
++                       put_user(0, &(user_ck_list->cookie_available));
++               }
++               ret = cookie_list.cookie_available;
+        }
++
+        return ret;
+        default:
+                return -EINVAL;
+diff --git a/main.c b/main.c
+index 0b7951e..c901bc7 100644
+--- a/main.c
++++ b/main.c
+@@ -342,6 +342,85 @@ err:
+        return rc;
+ }
+ 
++int crypto_kop_keygen(struct cryptodev_pkc *pkc)
++{
++       struct kernel_crypt_kop *kop = &pkc->kop;
++       struct crypt_kop *cop = &kop->kop;
++       struct pkc_request *pkc_req;
++       struct keygen_req_s *key_req;
++       int rc, buf_size;
++       uint8_t *buf;
++
++       if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
++           !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits ||
++           !cop->crk_param[4].crp_nbits)
++               return -EINVAL;
++
++       pkc_req = &pkc->req;
++       key_req = &pkc_req->req_u.keygen;
++       key_req->q_len = (cop->crk_param[0].crp_nbits + 7)/8;
++       key_req->r_len = (cop->crk_param[1].crp_nbits + 7)/8;
++       key_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8;
++       if (cop->crk_iparams == 3) {
++               key_req->pub_key_len = (cop->crk_param[3].crp_nbits + 7)/8;
++               key_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8;
++               buf_size = key_req->q_len + key_req->r_len + key_req->g_len +
++                       key_req->pub_key_len + key_req->priv_key_len;
++               pkc_req->type = DLC_KEYGEN;
++       } else {
++               key_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8;
++               key_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8;
++               key_req->priv_key_len = (cop->crk_param[5].crp_nbits + 7)/8;
++               buf_size = key_req->q_len + key_req->r_len + key_req->g_len +
++                       key_req->pub_key_len + key_req->priv_key_len +
++                       key_req->ab_len;
++               pkc_req->type = ECC_KEYGEN;
++               pkc_req->curve_type = cop->curve_type;
++       }
++
++       buf = kzalloc(buf_size, GFP_DMA);
++       if (!buf)
++               return -ENOMEM;
++
++       key_req->q = buf;
++       key_req->r = key_req->q + key_req->q_len;
++       key_req->g = key_req->r + key_req->r_len;
++       key_req->pub_key = key_req->g + key_req->g_len;
++       key_req->priv_key = key_req->pub_key + key_req->pub_key_len;
++       copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len);
++       copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len);
++       copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len);
++       if (cop->crk_iparams == 3) {
++               copy_from_user(key_req->pub_key, cop->crk_param[3].crp_p,
++                              key_req->pub_key_len);
++               copy_from_user(key_req->priv_key, cop->crk_param[4].crp_p,
++                              key_req->priv_key_len);
++       } else {
++               key_req->ab = key_req->priv_key + key_req->priv_key_len;
++               copy_from_user(key_req->ab, cop->crk_param[3].crp_p,
++                              key_req->ab_len);
++               copy_from_user(key_req->pub_key, cop->crk_param[4].crp_p,
++                              key_req->pub_key_len);
++               copy_from_user(key_req->priv_key, cop->crk_param[5].crp_p,
++                              key_req->priv_key_len);
++       }
++
++       rc = cryptodev_pkc_offload(pkc);
++       if (pkc->type == SYNCHRONOUS) {
++               if (rc)
++                       goto err;
++       } else {
++               if (rc != -EINPROGRESS && !rc)
++                       goto err;
++
++               pkc->cookie = buf;
++               return rc;
++       }
++err:
++       kfree(buf);
++       return rc;
++}
++
+ int crypto_kop_dh_key(struct cryptodev_pkc *pkc)
+ {
+        struct kernel_crypt_kop *kop = &pkc->kop;
+@@ -554,6 +633,12 @@ int crypto_run_asym(struct cryptodev_pkc *pkc)
+                        goto err;
+                ret = crypto_kop_dh_key(pkc);
+                break;
++       case CRK_DH_GENERATE_KEY:
++       case CRK_DSA_GENERATE_KEY:
++               if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4))
++                       goto err;
++               ret = crypto_kop_keygen(pkc);
++               break;
+        }
+ err:
+        return ret;
+-- 
+1.8.3.1
+
diff --git a/recipes-kernel/cryptodev/cryptodev-fsl/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch b/recipes-kernel/cryptodev/cryptodev-fsl/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch
new file mode 100644
index 0000000..93a2248
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-fsl/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch
@@ -0,0 +1,238 @@
+From d60b9dbf53d63092fd292c00bb03c250c26703cf Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Fri, 7 Mar 2014 08:49:15 +0545
+Subject: [PATCH 7/9] RCU stall fixed in PKC asynchronous interface
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ ioctl.c | 23 +++++++++++------------
+ main.c  | 43 +++++++++++++++++++++++++++----------------
+ 2 files changed, 38 insertions(+), 28 deletions(-)
+
+diff --git a/ioctl.c b/ioctl.c
+index c813c8c..7e4c671 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -108,10 +108,9 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err)
+                complete(&res->completion);
+        } else {
+                struct crypt_priv *pcr = pkc->priv;
+-               unsigned long flags;
+-               spin_lock_irqsave(&pcr->completion_lock, flags);
++               spin_lock_bh(&pcr->completion_lock);
+                list_add_tail(&pkc->list, &pcr->asym_completed_list);
+-               spin_unlock_irqrestore(&pcr->completion_lock, flags);
++               spin_unlock_bh(&pcr->completion_lock);
+                /* wake for POLLIN */
+                wake_up_interruptible(&pcr->user_waiter);
+        }
+@@ -958,7 +957,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+        case CIOCASYMFEAT:
+                return put_user(CRF_MOD_EXP_CRT |  CRF_MOD_EXP | CRF_DSA_SIGN |
+                        CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY |
+-                       CRF_DSA_GENERATE_KEY, p);
++                       CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p);
+        case CRIOGET:
+                fd = clonefd(filp);
+                ret = put_user(fd, p);
+@@ -997,7 +996,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+        case CIOCKEY:
+        {
+                struct cryptodev_pkc *pkc =
+-                       kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
++                       kmalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
+ 
+                if (!pkc)
+                        return -ENOMEM;
+@@ -1053,7 +1052,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+        case CIOCASYMASYNCRYPT:
+        {
+                struct cryptodev_pkc *pkc =
+-                       kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
++                       kmalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
+                ret = kop_from_user(&pkc->kop, arg);
+ 
+                if (unlikely(ret))
+@@ -1070,13 +1069,12 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+        case CIOCASYMFETCHCOOKIE:
+        {
+                struct cryptodev_pkc *pkc;
+-               unsigned long flags;
+                int i;
+                struct pkc_cookie_list_s cookie_list;
+ 
+-               spin_lock_irqsave(&pcr->completion_lock, flags);
+                cookie_list.cookie_available = 0;
+                for (i = 0; i < MAX_COOKIES; i++) {
++                       spin_lock_bh(&pcr->completion_lock);
+                        if (!list_empty(&pcr->asym_completed_list)) {
+                                /* Run a loop in the list for upto  elements
+                                 and copy their response back */
+@@ -1084,6 +1082,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+                                 list_first_entry(&pcr->asym_completed_list,
+                                                struct cryptodev_pkc, list);
+                                list_del(&pkc->list);
++                               spin_unlock_bh(&pcr->completion_lock);
+                                ret = crypto_async_fetch_asym(pkc);
+                                if (!ret) {
+                                        cookie_list.cookie_available++;
+@@ -1093,10 +1092,10 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+                                }
+                                kfree(pkc);
+                        } else {
++                               spin_unlock_bh(&pcr->completion_lock);
+                                break;
+                        }
+                }
+-               spin_unlock_irqrestore(&pcr->completion_lock, flags);
+ 
+                /* Reflect the updated request to user-space */
+                if (cookie_list.cookie_available)
+@@ -1386,14 +1385,13 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
+        case COMPAT_CIOCASYMFETCHCOOKIE:
+        {
+                struct cryptodev_pkc *pkc;
+-               unsigned long flags;
+                int i = 0;
+                struct compat_pkc_cookie_list_s cookie_list;
+ 
+-               spin_lock_irqsave(&pcr->completion_lock, flags);
+                cookie_list.cookie_available = 0;
+ 
+                for (i = 0; i < MAX_COOKIES; i++) {
++                       spin_lock_bh(&pcr->completion_lock);
+                        if (!list_empty(&pcr->asym_completed_list)) {
+                                /* Run a loop in the list for upto  elements
+                                 and copy their response back */
+@@ -1401,6 +1399,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
+                                 list_first_entry(&pcr->asym_completed_list,
+                                                struct cryptodev_pkc, list);
+                                list_del(&pkc->list);
++                               spin_unlock_bh(&pcr->completion_lock);
+                                ret = crypto_async_fetch_asym(pkc);
+                                if (!ret) {
+                                        cookie_list.cookie_available++;
+@@ -1409,10 +1408,10 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
+                                }
+                                kfree(pkc);
+                        } else {
++                               spin_unlock_bh(&pcr->completion_lock);
+                                break;
+                        }
+                }
+-               spin_unlock_irqrestore(&pcr->completion_lock, flags);
+ 
+                /* Reflect the updated request to user-space */
+                if (cookie_list.cookie_available)
+diff --git a/main.c b/main.c
+index c901bc7..2747706 100644
+--- a/main.c
++++ b/main.c
+@@ -215,7 +215,9 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc)
+                pkc_req->type = DSA_SIGN;
+        }
+ 
+-       buf = kzalloc(buf_size, GFP_DMA);
++       buf = kmalloc(buf_size, GFP_DMA);
++       if (!buf)
++               return -ENOMEM;
+ 
+        dsa_req->q = buf;
+        dsa_req->r = dsa_req->q + dsa_req->q_len;
+@@ -298,7 +300,9 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc)
+                pkc_req->type = DSA_VERIFY;
+        }
+ 
+-       buf = kzalloc(buf_size, GFP_DMA);
++       buf = kmalloc(buf_size, GFP_DMA);
++       if (!buf)
++               return -ENOMEM;
+ 
+        dsa_req->q = buf;
+        dsa_req->r = dsa_req->q + dsa_req->q_len;
+@@ -378,7 +382,7 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
+                pkc_req->curve_type = cop->curve_type;
+        }
+ 
+-       buf = kzalloc(buf_size, GFP_DMA);
++       buf = kmalloc(buf_size, GFP_DMA);
+        if (!buf)
+                return -ENOMEM;
+ 
+@@ -390,25 +394,28 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
+        copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len);
+        copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len);
+        copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len);
+-       if (cop->crk_iparams == 3) {
+-               copy_from_user(key_req->pub_key, cop->crk_param[3].crp_p,
+-                              key_req->pub_key_len);
+-               copy_from_user(key_req->priv_key, cop->crk_param[4].crp_p,
+-                              key_req->priv_key_len);
+-       } else {
++       if (cop->crk_iparams == 4) {
+                key_req->ab = key_req->priv_key + key_req->priv_key_len;
+                copy_from_user(key_req->ab, cop->crk_param[3].crp_p,
+                               key_req->ab_len);
+-               copy_from_user(key_req->pub_key, cop->crk_param[4].crp_p,
+-                              key_req->pub_key_len);
+-               copy_from_user(key_req->priv_key, cop->crk_param[5].crp_p,
+-                              key_req->priv_key_len);
+        }
+ 
+        rc = cryptodev_pkc_offload(pkc);
+        if (pkc->type == SYNCHRONOUS) {
+                if (rc)
+                        goto err;
++
++               if (cop->crk_iparams == 4) {
++                       copy_to_user(cop->crk_param[4].crp_p, key_req->pub_key,
++                                    key_req->pub_key_len);
++                       copy_to_user(cop->crk_param[5].crp_p, key_req->priv_key,
++                                    key_req->priv_key_len);
++               } else {
++                       copy_to_user(cop->crk_param[3].crp_p, key_req->pub_key,
++                                    key_req->pub_key_len);
++                       copy_to_user(cop->crk_param[4].crp_p,
++                                    key_req->priv_key, key_req->priv_key_len);
++               }
+        } else {
+                if (rc != -EINPROGRESS && !rc)
+                        goto err;
+@@ -447,7 +454,9 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc)
+                pkc_req->type = DH_COMPUTE_KEY;
+        }
+        buf_size += dh_req->z_len;
+-       buf = kzalloc(buf_size, GFP_DMA);
++       buf = kmalloc(buf_size, GFP_DMA);
++       if (!buf)
++               return -ENOMEM;
+        dh_req->q = buf;
+        dh_req->s = dh_req->q + dh_req->q_len;
+        dh_req->pub_key = dh_req->s + dh_req->s_len;
+@@ -508,9 +517,11 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc)
+        rsa_req->dq_len = (cop->crk_param[4].crp_nbits + 7)/8;
+        rsa_req->c_len = (cop->crk_param[5].crp_nbits + 7)/8;
+        rsa_req->f_len = (cop->crk_param[6].crp_nbits + 7)/8;
+-       buf = kzalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len +
++       buf = kmalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len +
+                      rsa_req->dp_len + rsa_req->dp_len + rsa_req->c_len +
+                      rsa_req->g_len, GFP_DMA);
++       if (!buf)
++               return -ENOMEM;
+        rsa_req->p = buf;
+        rsa_req->q = rsa_req->p + rsa_req->p_len;
+        rsa_req->g = rsa_req->q + rsa_req->q_len;
+@@ -563,7 +574,7 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc)
+        rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8;
+        rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8;
+        rsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8;
+-       buf = kzalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len
++       buf = kmalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len
+                        + rsa_req->g_len, GFP_DMA);
+        if (!buf)
+                return -ENOMEM;
+-- 
+1.8.3.1
+
diff --git a/recipes-kernel/cryptodev/cryptodev-fsl/0008-Add-RSA-Key-generation-offloading.patch b/recipes-kernel/cryptodev/cryptodev-fsl/0008-Add-RSA-Key-generation-offloading.patch
new file mode 100644
index 0000000..affb2e7
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-fsl/0008-Add-RSA-Key-generation-offloading.patch
@@ -0,0 +1,170 @@
+From af5e4289f60c38ab17adab14c82d6204d155f25f Mon Sep 17 00:00:00 2001
+From: Hou Zhiqiang <B48286@freescale.com>
+Date: Wed, 19 Mar 2014 14:02:46 +0800
+Subject: [PATCH 8/9] Add RSA Key generation offloading
+
+Upstream-status: Pending
+
+Signed-off-by: Hou Zhiqiang <B48286@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ cryptlib.c         |  1 +
+ crypto/cryptodev.h |  2 ++
+ ioctl.c            |  3 +-
+ main.c             | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
+ 4 files changed, 84 insertions(+), 2 deletions(-)
+
+diff --git a/cryptlib.c b/cryptlib.c
+index 47cd568..4dd1847 100644
+--- a/cryptlib.c
++++ b/cryptlib.c
+@@ -441,6 +441,7 @@ int cryptodev_pkc_offload(struct cryptodev_pkc  *pkc)
+        struct pkc_request *pkc_req = &pkc->req, *pkc_requested;
+ 
+        switch (pkc_req->type) {
++       case RSA_KEYGEN:
+        case RSA_PUB:
+        case RSA_PRIV_FORM1:
+        case RSA_PRIV_FORM2:
+diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
+index 275a55c..d0cc542 100644
+--- a/crypto/cryptodev.h
++++ b/crypto/cryptodev.h
+@@ -270,6 +270,7 @@ enum cryptodev_crk_op_t {
+        CRK_DH_COMPUTE_KEY = 4,
+        CRK_DSA_GENERATE_KEY = 5,
+        CRK_DH_GENERATE_KEY = 6,
++       CRK_RSA_GENERATE_KEY = 7,
+        CRK_ALGORITHM_ALL
+ };
+ 
+@@ -279,6 +280,7 @@ enum cryptodev_crk_op_t {
+  */
+ #define CRF_MOD_EXP            (1 << CRK_MOD_EXP)
+ #define CRF_MOD_EXP_CRT                (1 << CRK_MOD_EXP_CRT)
++#define CRF_RSA_GENERATE_KEY   (1 << CRK_RSA_GENERATE_KEY)
+ #define CRF_DSA_SIGN           (1 << CRK_DSA_SIGN)
+ #define CRF_DSA_VERIFY         (1 << CRK_DSA_VERIFY)
+ #define CRF_DH_COMPUTE_KEY     (1 << CRK_DH_COMPUTE_KEY)
+diff --git a/ioctl.c b/ioctl.c
+index 7e4c671..14888d6 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -957,7 +957,8 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+        case CIOCASYMFEAT:
+                return put_user(CRF_MOD_EXP_CRT |  CRF_MOD_EXP | CRF_DSA_SIGN |
+                        CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY |
+-                       CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p);
++                       CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY |
++                       CRF_RSA_GENERATE_KEY, p);
+        case CRIOGET:
+                fd = clonefd(filp);
+                ret = put_user(fd, p);
+diff --git a/main.c b/main.c
+index 2747706..14dcf40 100644
+--- a/main.c
++++ b/main.c
+@@ -346,6 +346,82 @@ err:
+        return rc;
+ }
+ 
++int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc)
++{
++       struct kernel_crypt_kop *kop = &pkc->kop;
++       struct crypt_kop *cop = &kop->kop;
++       struct pkc_request *pkc_req;
++       struct rsa_keygen_req_s *key_req;
++       int rc, buf_size;
++       uint8_t *buf;
++
++       if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
++               !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits ||
++               !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits ||
++               !cop->crk_param[6].crp_nbits)
++               return -EINVAL;
++
++       pkc_req = &pkc->req;
++       pkc_req->type = RSA_KEYGEN;
++       key_req = &pkc_req->req_u.rsa_keygen;
++       key_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8;
++       key_req->p_len = (cop->crk_param[0].crp_nbits + 7) / 8;
++       key_req->q_len = (cop->crk_param[1].crp_nbits + 7) / 8;
++       key_req->n_len = (cop->crk_param[2].crp_nbits + 7) / 8;
++       key_req->d_len = (cop->crk_param[3].crp_nbits + 7) / 8;
++       key_req->dp_len = (cop->crk_param[4].crp_nbits + 7) / 8;
++       key_req->dq_len = (cop->crk_param[5].crp_nbits + 7) / 8;
++       key_req->c_len = (cop->crk_param[6].crp_nbits + 7) / 8;
++
++       buf_size = key_req->p_len + key_req->q_len + key_req->n_len +
++                       key_req->d_len + key_req->dp_len +
++                       key_req->dq_len + key_req->c_len;
++
++       buf = kmalloc(buf_size, GFP_DMA);
++       if (!buf)
++               return -ENOMEM;
++       key_req->p = buf;
++       key_req->q = key_req->p + key_req->p_len;
++       key_req->n = key_req->q + key_req->q_len;
++       key_req->d = key_req->n + key_req->n_len;
++       key_req->dp = key_req->d + key_req->d_len;
++       key_req->dq = key_req->dp + key_req->dp_len;
++       key_req->c = key_req->dq + key_req->dq_len;
++
++       rc = cryptodev_pkc_offload(pkc);
++
++       if (pkc->type == SYNCHRONOUS) {
++               if (rc)
++                       goto err;
++
++               copy_to_user(cop->crk_param[0].crp_p,
++                               key_req->p, key_req->p_len);
++               copy_to_user(cop->crk_param[1].crp_p,
++                               key_req->q, key_req->q_len);
++               copy_to_user(cop->crk_param[2].crp_p,
++                               key_req->n, key_req->n_len);
++               copy_to_user(cop->crk_param[3].crp_p,
++                               key_req->d, key_req->d_len);
++               copy_to_user(cop->crk_param[4].crp_p,
++                               key_req->dp, key_req->dp_len);
++               copy_to_user(cop->crk_param[5].crp_p,
++                               key_req->dq, key_req->dq_len);
++               copy_to_user(cop->crk_param[6].crp_p,
++                               key_req->c, key_req->c_len);
++               } else {
++               if (rc != -EINPROGRESS && !rc) {
++                       printk("%s: Failed\n", __func__);
++                       goto err;
++               }
++               pkc->cookie = buf;
++               return rc;
++       }
++err:
++       kfree(buf);
++       return rc;
++
++}
++
+ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
+ {
+        struct kernel_crypt_kop *kop = &pkc->kop;
+@@ -385,7 +461,6 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
+        buf = kmalloc(buf_size, GFP_DMA);
+        if (!buf)
+                return -ENOMEM;
+-
+        key_req->q = buf;
+        key_req->r = key_req->q + key_req->q_len;
+        key_req->g = key_req->r + key_req->r_len;
+@@ -650,6 +725,9 @@ int crypto_run_asym(struct cryptodev_pkc *pkc)
+                        goto err;
+                ret = crypto_kop_keygen(pkc);
+                break;
++       case CRK_RSA_GENERATE_KEY:
++               ret = crypto_kop_rsa_keygen(pkc);
++               break;
+        }
+ err:
+        return ret;
+-- 
+1.8.3.1
+
diff --git a/recipes-kernel/cryptodev/cryptodev-fsl/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch b/recipes-kernel/cryptodev/cryptodev-fsl/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch
new file mode 100644
index 0000000..32757ca
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-fsl/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch
@@ -0,0 +1,160 @@
+From e791b55b03d295ee11476382a7bd93ab131e2e52 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Thu, 17 Apr 2014 07:08:47 +0545
+Subject: [PATCH 9/9] Fixed compilation error of openssl with fsl cryptodev
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ authenc.c          | 1 +
+ cryptlib.c         | 9 ++++-----
+ crypto/cryptodev.h | 9 ++++++++-
+ cryptodev_int.h    | 2 +-
+ ioctl.c            | 8 ++++++--
+ main.c             | 1 +
+ 6 files changed, 21 insertions(+), 9 deletions(-)
+
+diff --git a/authenc.c b/authenc.c
+index ef0d3db..2aa4d38 100644
+--- a/authenc.c
++++ b/authenc.c
+@@ -2,6 +2,7 @@
+  * Driver for /dev/crypto device (aka CryptoDev)
+  *
+  * Copyright (c) 2011, 2012 OpenSSL Software Foundation, Inc.
++ * Copyright (c) 2014 Freescale Semiconductor, Inc.
+  *
+  * Author: Nikos Mavrogiannopoulos
+  *
+diff --git a/cryptlib.c b/cryptlib.c
+index 4dd1847..ec6693e 100644
+--- a/cryptlib.c
++++ b/cryptlib.c
+@@ -4,8 +4,7 @@
+  * Copyright (c) 2010,2011 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+  * Portions Copyright (c) 2010 Michael Weiser
+  * Portions Copyright (c) 2010 Phil Sutter
+- *
+- * Copyright 2012 Freescale Semiconductor, Inc.
++ * Copyright 2012-2014 Freescale Semiconductor, Inc.
+  *
+  * This file is part of linux cryptodev.
+  *
+@@ -144,7 +143,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name,
+                        if (alg->max_keysize > 0 &&
+                                        unlikely((keylen < alg->min_keysize) ||
+                                        (keylen > alg->max_keysize))) {
+-                               ddebug(1, "Wrong keylen '%zu' for algorithm '%s'. Use %u to %u.",
++                               ddebug(1, "Wrong keylen '%u' for algorithm '%s'. Use %u to %u.",
+                                                keylen, alg_name, alg->min_keysize, alg->max_keysize);
+                                ret = -EINVAL;
+                                goto error;
+@@ -171,7 +170,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name,
+        }
+ 
+        if (unlikely(ret)) {
+-               ddebug(1, "Setting key failed for %s-%zu.", alg_name, keylen*8);
++               ddebug(1, "Setting key failed for %s-%u.", alg_name, keylen*8);
+                ret = -EINVAL;
+                goto error;
+        }
+@@ -338,7 +337,7 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name,
+        if (hmac_mode != 0) {
+                ret = crypto_ahash_setkey(hdata->async.s, mackey, mackeylen);
+                if (unlikely(ret)) {
+-                       ddebug(1, "Setting hmac key failed for %s-%zu.",
++                       ddebug(1, "Setting hmac key failed for %s-%u.",
+                                        alg_name, mackeylen*8);
+                        ret = -EINVAL;
+                        goto error;
+diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
+index d0cc542..e7edd97 100644
+--- a/crypto/cryptodev.h
++++ b/crypto/cryptodev.h
+@@ -234,6 +234,13 @@ struct crypt_auth_op {
+ #define        CRYPTO_ALG_FLAG_RNG_ENABLE      2
+ #define        CRYPTO_ALG_FLAG_DSA_SHA         4
+ 
++enum ec_curve_t {
++       EC_DISCRETE_LOG,
++       EC_PRIME,
++       EC_BINARY,
++       MAX_EC_TYPE
++};
++
+ struct crparam {
+        __u8    *crp_p;
+        __u32   crp_nbits;
+@@ -249,7 +256,7 @@ struct crypt_kop {
+        __u16   crk_oparams;
+        __u32   crk_pad1;
+        struct crparam  crk_param[CRK_MAXPARAM];
+-       enum curve_t curve_type; /* 0 == Discrete Log,
++       enum ec_curve_t curve_type; /* 0 == Discrete Log,
+                                1 = EC_PRIME, 2 = EC_BINARY */
+        void *cookie;
+ };
+diff --git a/cryptodev_int.h b/cryptodev_int.h
+index 5347cae..c83c885 100644
+--- a/cryptodev_int.h
++++ b/cryptodev_int.h
+@@ -88,7 +88,7 @@ struct compat_crypt_kop {
+        uint16_t        crk_oparams;
+        uint32_t        crk_pad1;
+        struct compat_crparam   crk_param[CRK_MAXPARAM];
+-       enum curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME,
++       enum ec_curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME,
+                                 2 = EC_BINARY */
+        compat_uptr_t cookie;
+ };
+diff --git a/ioctl.c b/ioctl.c
+index 14888d6..20ab4ca 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -4,7 +4,7 @@
+  * Copyright (c) 2004 Michal Ludvig <mludvig@logix.net.nz>, SuSE Labs
+  * Copyright (c) 2009,2010,2011 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+  * Copyright (c) 2010 Phil Sutter
+- * Copyright 2012 Freescale Semiconductor, Inc.
++ * Copyright 2012-2014 Freescale Semiconductor, Inc.
+  *
+  * This file is part of linux cryptodev.
+  *
+@@ -501,6 +501,7 @@ cryptodev_open(struct inode *inode, struct file *filp)
+        INIT_LIST_HEAD(&pcr->done.list);
+        INIT_LIST_HEAD(&pcr->asym_completed_list);
+        spin_lock_init(&pcr->completion_lock);
++
+        INIT_WORK(&pcr->cryptask, cryptask_routine);
+ 
+        init_waitqueue_head(&pcr->user_waiter);
+@@ -780,8 +781,11 @@ static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr)
+ 
+        if (cop->iv) {
+                rc = copy_from_user(kcop->iv, cop->iv, kcop->ivlen);
+-               if (unlikely(rc))
++               if (unlikely(rc)) {
++                       derr(1, "error copying IV (%d bytes), copy_from_user returned %d for address %p",
++                                       kcop->ivlen, rc, cop->iv);
+                        return -EFAULT;
++               }
+        }
+ 
+        return 0;
+diff --git a/main.c b/main.c
+index 14dcf40..6365911 100644
+--- a/main.c
++++ b/main.c
+@@ -3,6 +3,7 @@
+  *
+  * Copyright (c) 2004 Michal Ludvig <mludvig@logix.net.nz>, SuSE Labs
+  * Copyright (c) 2009-2013 Nikos Mavrogiannopoulos <nmav@gnutls.org>
++ * Copyright (c) 2014 Freescale Semiconductor, Inc.
+  *
+  * This file is part of linux cryptodev.
+  *
+-- 
+2.2.0
+
diff --git a/recipes-kernel/cryptodev/cryptodev-linux_1.6.bbappend b/recipes-kernel/cryptodev/cryptodev-linux_1.6.bbappend
new file mode 100644
index 0000000..3cbbb3d
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-linux_1.6.bbappend
@@ -0,0 +1,2 @@
+require recipes-kernel/cryptodev/cryptodev-fsl.inc
+
diff --git a/recipes-kernel/cryptodev/cryptodev-module_1.6.bbappend b/recipes-kernel/cryptodev/cryptodev-module_1.6.bbappend
new file mode 100644
index 0000000..2bf012c
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-module_1.6.bbappend
@@ -0,0 +1,12 @@
+require recipes-kernel/cryptodev/cryptodev-fsl.inc
+
+inherit qoriq_build_64bit_kernel
+
+do_install_append_qoriq-ppc () {
+    rm -fr ${D}/usr
+}
+
+# Currently pkc-host does not support RSA_KEYGEN, remove this
+# if it is fixed.
+SRC_URI_append_qoriq-ppc = "${@base_contains('DISTRO_FEATURES', 'c29x_pkc', ' file://0001-don-t-advertise-RSA-keygen.patch', '', d)}"
+
diff --git a/recipes-kernel/ipc/ipc-modules-multi_git.bb b/recipes-kernel/ipc/ipc-modules-multi_git.bb
new file mode 100644
index 0000000..e5dc115
--- /dev/null
+++ b/recipes-kernel/ipc/ipc-modules-multi_git.bb
@@ -0,0 +1,11 @@
+require ipc-modules.inc
+
+EXTRA_OEMAKE ="KERNEL_DIR=${STAGING_KERNEL_DIR} ${SOC}=1 CONFIG_MULTI_RAT=1"
+
+do_install(){
+    install -d ${D}/usr/driver/IPC/multi_rat
+    install -m 755 ${S}/kernel/*.ko ${D}/usr/driver/IPC/multi_rat
+}
+
+FILES_${PN} += "/usr/driver/IPC/multi_rat/*.ko"
+FILES_${PN}-dbg += "/usr/driver/IPC/multi_rat/.debug"
diff --git a/recipes-kernel/ipc/ipc-modules-single_git.bb b/recipes-kernel/ipc/ipc-modules-single_git.bb
new file mode 100644
index 0000000..03817e0
--- /dev/null
+++ b/recipes-kernel/ipc/ipc-modules-single_git.bb
@@ -0,0 +1,11 @@
+require ipc-modules.inc
+
+EXTRA_OEMAKE ="KERNEL_DIR=${STAGING_KERNEL_DIR} ${SOC}=1"
+
+do_install(){
+    install -d ${D}/usr/driver/IPC/single_rat
+    install -m 755 ${S}/kernel/*.ko ${D}/usr/driver/IPC/single_rat
+}
+
+FILES_${PN} += "/usr/driver/IPC/single_rat/*.ko"
+FILES_${PN}-dbg += "/usr/driver/IPC/single_rat/.debug"
diff --git a/recipes-kernel/ipc/ipc-modules.inc b/recipes-kernel/ipc/ipc-modules.inc
new file mode 100644
index 0000000..e403e6b
--- /dev/null
+++ b/recipes-kernel/ipc/ipc-modules.inc
@@ -0,0 +1,21 @@
+SUMMARY = "Linux IPC KERNEL MODULE "
+DESCRIPTION = "DSP boot application and ipc test application"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://COPYING;md5=fa38cd73d71527dc6efb546474f64d10"
+
+require recipes-bsp/ipc/ipc.inc
+
+inherit  module qoriq_build_64bit_kernel
+
+S = "${WORKDIR}/git"
+
+do_compile_prepend () {
+    cd ${S}/kernel
+    case ${MACHINE} in
+        bsc9132qds|bsc9131rdb) SOC=B913x;;
+        b4860qds|b4420qds) SOC=B4860;;
+    esac
+}
+
+INHIBIT_PACKAGE_STRIP = "1"
+
diff --git a/recipes-kernel/linux/files/0001-ALSA-CVE-2014-4652.patch b/recipes-kernel/linux/files/0001-ALSA-CVE-2014-4652.patch
new file mode 100644
index 0000000..0130768
--- /dev/null
+++ b/recipes-kernel/linux/files/0001-ALSA-CVE-2014-4652.patch
@@ -0,0 +1,140 @@
+From ed81e6b21790b717cda5f5bab2bdb07d2ce17ab1 Mon Sep 17 00:00:00 2001
+From: Lars-Peter Clausen <lars@metafoo.de>
+Date: Wed, 18 Jun 2014 13:32:31 +0200
+Subject: [PATCH] ALSA: control: Protect user controls against concurrent
+ access
+
+commit 07f4d9d74a04aa7c72c5dae0ef97565f28f17b92 upstream.
+
+The user-control put and get handlers as well as the tlv do not protect against
+concurrent access from multiple threads. Since the state of the control is not
+updated atomically it is possible that either two write operations or a write
+and a read operation race against each other. Both can lead to arbitrary memory
+disclosure. This patch introduces a new lock that protects user-controls from
+concurrent access. Since applications typically access controls sequentially
+than in parallel a single lock per card should be fine.
+
+This fixes CVE-2014-4652
+Upstream-Status: Backport
+
+Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
+Acked-by: Jaroslav Kysela <perex@perex.cz>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ include/sound/core.h |  2 ++
+ sound/core/control.c | 31 +++++++++++++++++++++++++------
+ sound/core/init.c    |  1 +
+ 3 files changed, 28 insertions(+), 6 deletions(-)
+
+diff --git a/include/sound/core.h b/include/sound/core.h
+index 2a14f1f..d6bc961 100644
+--- a/include/sound/core.h
++++ b/include/sound/core.h
+@@ -121,6 +121,8 @@ struct snd_card {
+        int user_ctl_count;             /* count of all user controls */
+        struct list_head controls;      /* all controls for this card */
+        struct list_head ctl_files;     /* active control files */
++       struct mutex user_ctl_lock;     /* protects user controls against
++                                          concurrent access */
+ 
+        struct snd_info_entry *proc_root;       /* root for soundcard specific files */
+        struct snd_info_entry *proc_id; /* the card id */
+diff --git a/sound/core/control.c b/sound/core/control.c
+index d8aa206..183fab2 100644
+--- a/sound/core/control.c
++++ b/sound/core/control.c
+@@ -992,6 +992,7 @@ static int snd_ctl_elem_unlock(struct snd_ctl_file *file,
+ 
+ struct user_element {
+        struct snd_ctl_elem_info info;
++       struct snd_card *card;
+        void *elem_data;                /* element data */
+        unsigned long elem_data_size;   /* size of element data in bytes */
+        void *tlv_data;                 /* TLV data */
+@@ -1035,7 +1036,9 @@ static int snd_ctl_elem_user_get(struct snd_kcontrol *kcontrol,
+ {
+        struct user_element *ue = kcontrol->private_data;
+ 
++       mutex_lock(&ue->card->user_ctl_lock);
+        memcpy(&ucontrol->value, ue->elem_data, ue->elem_data_size);
++       mutex_unlock(&ue->card->user_ctl_lock);
+        return 0;
+ }
+ 
+@@ -1044,10 +1047,12 @@ static int snd_ctl_elem_user_put(struct snd_kcontrol *kcontrol,
+ {
+        int change;
+        struct user_element *ue = kcontrol->private_data;
+-       
++
++       mutex_lock(&ue->card->user_ctl_lock);
+        change = memcmp(&ucontrol->value, ue->elem_data, ue->elem_data_size) != 0;
+        if (change)
+                memcpy(ue->elem_data, &ucontrol->value, ue->elem_data_size);
++       mutex_unlock(&ue->card->user_ctl_lock);
+        return change;
+ }
+ 
+@@ -1067,19 +1072,32 @@ static int snd_ctl_elem_user_tlv(struct snd_kcontrol *kcontrol,
+                new_data = memdup_user(tlv, size);
+                if (IS_ERR(new_data))
+                        return PTR_ERR(new_data);
++               mutex_lock(&ue->card->user_ctl_lock);
+                change = ue->tlv_data_size != size;
+                if (!change)
+                        change = memcmp(ue->tlv_data, new_data, size);
+                kfree(ue->tlv_data);
+                ue->tlv_data = new_data;
+                ue->tlv_data_size = size;
++               mutex_unlock(&ue->card->user_ctl_lock);
+        } else {
+-               if (! ue->tlv_data_size || ! ue->tlv_data)
+-                       return -ENXIO;
+-               if (size < ue->tlv_data_size)
+-                       return -ENOSPC;
++               int ret = 0;
++
++               mutex_lock(&ue->card->user_ctl_lock);
++               if (!ue->tlv_data_size || !ue->tlv_data) {
++                       ret = -ENXIO;
++                       goto err_unlock;
++               }
++               if (size < ue->tlv_data_size) {
++                       ret = -ENOSPC;
++                       goto err_unlock;
++               }
+                if (copy_to_user(tlv, ue->tlv_data, ue->tlv_data_size))
+-                       return -EFAULT;
++                       ret = -EFAULT;
++err_unlock:
++               mutex_unlock(&ue->card->user_ctl_lock);
++               if (ret)
++                       return ret;
+        }
+        return change;
+ }
+@@ -1211,6 +1229,7 @@ static int snd_ctl_elem_add(struct snd_ctl_file *file,
+        ue = kzalloc(sizeof(struct user_element) + private_size, GFP_KERNEL);
+        if (ue == NULL)
+                return -ENOMEM;
++       ue->card = card;
+        ue->info = *info;
+        ue->info.access = 0;
+        ue->elem_data = (char *)ue + sizeof(*ue);
+diff --git a/sound/core/init.c b/sound/core/init.c
+index d047851..b9268a5 100644
+--- a/sound/core/init.c
++++ b/sound/core/init.c
+@@ -215,6 +215,7 @@ int snd_card_create(int idx, const char *xid,
+        INIT_LIST_HEAD(&card->devices);
+        init_rwsem(&card->controls_rwsem);
+        rwlock_init(&card->ctl_files_rwlock);
++       mutex_init(&card->user_ctl_lock);
+        INIT_LIST_HEAD(&card->controls);
+        INIT_LIST_HEAD(&card->ctl_files);
+        spin_lock_init(&card->files_lock);
+-- 
+1.9.1
+
diff --git a/recipes-kernel/linux/files/0001-HID-CVE-2014-3181.patch b/recipes-kernel/linux/files/0001-HID-CVE-2014-3181.patch
new file mode 100644
index 0000000..4355c68
--- /dev/null
+++ b/recipes-kernel/linux/files/0001-HID-CVE-2014-3181.patch
@@ -0,0 +1,52 @@
+From c54def7bd64d7c0b6993336abcffb8444795bf38 Mon Sep 17 00:00:00 2001
+From: Jiri Kosina <jkosina@suse.cz>
+Date: Wed, 27 Aug 2014 09:12:24 +0200
+Subject: [PATCH] HID: magicmouse: sanity check report size in raw_event()
+ callback
+
+The report passed to us from transport driver could potentially be
+arbitrarily large, therefore we better sanity-check it so that
+magicmouse_emit_touch() gets only valid values of raw_id.
+
+This fixes CVE-2014-3181
+Upstream-Status: Backport
+
+Cc: stable@vger.kernel.org
+Reported-by: Steven Vittitoe <scvitti@google.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ drivers/hid/hid-magicmouse.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/drivers/hid/hid-magicmouse.c b/drivers/hid/hid-magicmouse.c
+index ecc2cbf..29a74c1 100644
+--- a/drivers/hid/hid-magicmouse.c
++++ b/drivers/hid/hid-magicmouse.c
+@@ -290,6 +290,11 @@ static int magicmouse_raw_event(struct hid_device *hdev,
+                if (size < 4 || ((size - 4) % 9) != 0)
+                        return 0;
+                npoints = (size - 4) / 9;
++               if (npoints > 15) {
++                       hid_warn(hdev, "invalid size value (%d) for TRACKPAD_REPORT_ID\n",
++                                       size);
++                       return 0;
++               }
+                msc->ntouches = 0;
+                for (ii = 0; ii < npoints; ii++)
+                        magicmouse_emit_touch(msc, ii, data + ii * 9 + 4);
+@@ -307,6 +312,11 @@ static int magicmouse_raw_event(struct hid_device *hdev,
+                if (size < 6 || ((size - 6) % 8) != 0)
+                        return 0;
+                npoints = (size - 6) / 8;
++               if (npoints > 15) {
++                       hid_warn(hdev, "invalid size value (%d) for MOUSE_REPORT_ID\n",
++                                       size);
++                       return 0;
++               }
+                msc->ntouches = 0;
+                for (ii = 0; ii < npoints; ii++)
+                        magicmouse_emit_touch(msc, ii, data + ii * 8 + 6);
+-- 
+1.9.1
+
diff --git a/recipes-kernel/linux/files/0001-kvm-iommu-CVE-2014-3601.patch b/recipes-kernel/linux/files/0001-kvm-iommu-CVE-2014-3601.patch
new file mode 100644
index 0000000..e19a3c1
--- /dev/null
+++ b/recipes-kernel/linux/files/0001-kvm-iommu-CVE-2014-3601.patch
@@ -0,0 +1,94 @@
+From e35b1e9f17e0567f96502f3a2a31dace727ed3da Mon Sep 17 00:00:00 2001
+From: "Michael S. Tsirkin" <mst@redhat.com>
+Date: Tue, 19 Aug 2014 19:14:50 +0800
+Subject: [PATCH] kvm: iommu: fix the third parameter of kvm_iommu_put_pages
+ (CVE-2014-3601)
+
+commit 350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7 upstream.
+
+The third parameter of kvm_iommu_put_pages is wrong,
+It should be 'gfn - slot->base_gfn'.
+
+By making gfn very large, malicious guest or userspace can cause kvm to
+go to this error path, and subsequently to pass a huge value as size.
+Alternatively if gfn is small, then pages would be pinned but never
+unpinned, causing host memory leak and local DOS.
+
+Passing a reasonable but large value could be the most dangerous case,
+because it would unpin a page that should have stayed pinned, and thus
+allow the device to DMA into arbitrary memory.  However, this cannot
+happen because of the condition that can trigger the error:
+
+- out of memory (where you can't allocate even a single page)
+  should not be possible for the attacker to trigger
+
+- when exceeding the iommu's address space, guest pages after gfn
+  will also exceed the iommu's address space, and inside
+  kvm_iommu_put_pages() the iommu_iova_to_phys() will fail.  The
+  page thus would not be unpinned at all.
+
+Upstream-Status: Backport
+
+Reported-by: Jack Morgenstein <jackm@mellanox.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ virt/kvm/iommu.c | 19 ++++++++++---------
+ 1 file changed, 10 insertions(+), 9 deletions(-)
+
+diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c
+index c329c8f..dec9971 100644
+--- a/virt/kvm/iommu.c
++++ b/virt/kvm/iommu.c
+@@ -61,6 +61,14 @@ static pfn_t kvm_pin_pages(struct kvm_memory_slot *slot, gfn_t gfn,
+        return pfn;
+ }
+ 
++static void kvm_unpin_pages(struct kvm *kvm, pfn_t pfn, unsigned long npages)
++{
++       unsigned long i;
++
++       for (i = 0; i < npages; ++i)
++               kvm_release_pfn_clean(pfn + i);
++}
++
+ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
+ {
+        gfn_t gfn, end_gfn;
+@@ -123,6 +131,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
+                if (r) {
+                        printk(KERN_ERR "kvm_iommu_map_address:"
+                               "iommu failed to map pfn=%llx\n", pfn);
++                       kvm_unpin_pages(kvm, pfn, page_size);
+                        goto unmap_pages;
+                }
+ 
+@@ -134,7 +143,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
+        return 0;
+ 
+ unmap_pages:
+-       kvm_iommu_put_pages(kvm, slot->base_gfn, gfn);
++       kvm_iommu_put_pages(kvm, slot->base_gfn, gfn - slot->base_gfn);
+        return r;
+ }
+ 
+@@ -272,14 +281,6 @@ out_unlock:
+        return r;
+ }
+ 
+-static void kvm_unpin_pages(struct kvm *kvm, pfn_t pfn, unsigned long npages)
+-{
+-       unsigned long i;
+-
+-       for (i = 0; i < npages; ++i)
+-               kvm_release_pfn_clean(pfn + i);
+-}
+-
+ static void kvm_iommu_put_pages(struct kvm *kvm,
+                                gfn_t base_gfn, unsigned long npages)
+ {
+-- 
+1.9.1
+
diff --git a/recipes-kernel/linux/files/0001-mnt-CVE-2014-5206_CVE-2014-5207.patch b/recipes-kernel/linux/files/0001-mnt-CVE-2014-5206_CVE-2014-5207.patch
new file mode 100644
index 0000000..aec8930
--- /dev/null
+++ b/recipes-kernel/linux/files/0001-mnt-CVE-2014-5206_CVE-2014-5207.patch
@@ -0,0 +1,62 @@
+From 25c1def33a2f74079f3062b7afdf98fcf9f34e6d Mon Sep 17 00:00:00 2001
+From: "Eric W. Biederman" <ebiederm@xmission.com>
+Date: Mon, 28 Jul 2014 16:26:53 -0700
+Subject: [PATCH] mnt: Only change user settable mount flags in remount
+
+commit a6138db815df5ee542d848318e5dae681590fccd upstream.
+
+Kenton Varda <kenton@sandstorm.io> discovered that by remounting a
+read-only bind mount read-only in a user namespace the
+MNT_LOCK_READONLY bit would be cleared, allowing an unprivileged user
+to the remount a read-only mount read-write.
+
+Correct this by replacing the mask of mount flags to preserve
+with a mask of mount flags that may be changed, and preserve
+all others.   This ensures that any future bugs with this mask and
+remount will fail in an easy to detect way where new mount flags
+simply won't change.
+
+Fix for CVE-2014-5206 and CVE-2014-5207
+Upstream-Status: backport
+
+Cc: stable@vger.kernel.org
+Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
+Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ fs/namespace.c        | 2 +-
+ include/linux/mount.h | 4 +++-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/fs/namespace.c b/fs/namespace.c
+index 84447db..34fa7a5 100644
+--- a/fs/namespace.c
++++ b/fs/namespace.c
+@@ -1847,7 +1847,7 @@ static int do_remount(struct path *path, int flags, int mnt_flags,
+                err = do_remount_sb(sb, flags, data, 0);
+        if (!err) {
+                br_write_lock(&vfsmount_lock);
+-               mnt_flags |= mnt->mnt.mnt_flags & MNT_PROPAGATION_MASK;
++               mnt_flags |= mnt->mnt.mnt_flags & ~MNT_USER_SETTABLE_MASK;
+                mnt->mnt.mnt_flags = mnt_flags;
+                br_write_unlock(&vfsmount_lock);
+        }
+diff --git a/include/linux/mount.h b/include/linux/mount.h
+index 38cd98f..8707c9e 100644
+--- a/include/linux/mount.h
++++ b/include/linux/mount.h
+@@ -42,7 +42,9 @@ struct mnt_namespace;
+  * flag, consider how it interacts with shared mounts.
+  */
+ #define MNT_SHARED_MASK        (MNT_UNBINDABLE)
+-#define MNT_PROPAGATION_MASK   (MNT_SHARED | MNT_UNBINDABLE)
++#define MNT_USER_SETTABLE_MASK  (MNT_NOSUID | MNT_NODEV | MNT_NOEXEC \
++                                | MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME \
++                                | MNT_READONLY)
+ 
+ 
+ #define MNT_INTERNAL   0x4000
+-- 
+1.9.1
+
diff --git a/recipes-kernel/linux/files/0001-net-sctp-CVE-2014-3673.patch b/recipes-kernel/linux/files/0001-net-sctp-CVE-2014-3673.patch
new file mode 100644
index 0000000..68289f2
--- /dev/null
+++ b/recipes-kernel/linux/files/0001-net-sctp-CVE-2014-3673.patch
@@ -0,0 +1,348 @@
+From bbd951a21e0fd555cd9ede44c7196af09d04d171 Mon Sep 17 00:00:00 2001
+From: Daniel Borkmann <dborkman@redhat.com>
+Date: Thu, 9 Oct 2014 22:55:31 +0200
+Subject: [PATCH] net: sctp: fix skb_over_panic when receiving malformed ASCONF
+ chunks
+
+commit 9de7922bc709eee2f609cd01d98aaedc4cf5ea74 upstream.
+
+Commit 6f4c618ddb0 ("SCTP : Add paramters validity check for
+ASCONF chunk") added basic verification of ASCONF chunks, however,
+it is still possible to remotely crash a server by sending a
+special crafted ASCONF chunk, even up to pre 2.6.12 kernels:
+
+skb_over_panic: text:ffffffffa01ea1c3 len:31056 put:30768
+ head:ffff88011bd81800 data:ffff88011bd81800 tail:0x7950
+ end:0x440 dev:<NULL>
+ ------------[ cut here ]------------
+kernel BUG at net/core/skbuff.c:129!
+[...]
+Call Trace:
+ <IRQ>
+ [<ffffffff8144fb1c>] skb_put+0x5c/0x70
+ [<ffffffffa01ea1c3>] sctp_addto_chunk+0x63/0xd0 [sctp]
+ [<ffffffffa01eadaf>] sctp_process_asconf+0x1af/0x540 [sctp]
+ [<ffffffff8152d025>] ? _read_unlock_bh+0x15/0x20
+ [<ffffffffa01e0038>] sctp_sf_do_asconf+0x168/0x240 [sctp]
+ [<ffffffffa01e3751>] sctp_do_sm+0x71/0x1210 [sctp]
+ [<ffffffff8147645d>] ? fib_rules_lookup+0xad/0xf0
+ [<ffffffffa01e6b22>] ? sctp_cmp_addr_exact+0x32/0x40 [sctp]
+ [<ffffffffa01e8393>] sctp_assoc_bh_rcv+0xd3/0x180 [sctp]
+ [<ffffffffa01ee986>] sctp_inq_push+0x56/0x80 [sctp]
+ [<ffffffffa01fcc42>] sctp_rcv+0x982/0xa10 [sctp]
+ [<ffffffffa01d5123>] ? ipt_local_in_hook+0x23/0x28 [iptable_filter]
+ [<ffffffff8148bdc9>] ? nf_iterate+0x69/0xb0
+ [<ffffffff81496d10>] ? ip_local_deliver_finish+0x0/0x2d0
+ [<ffffffff8148bf86>] ? nf_hook_slow+0x76/0x120
+ [<ffffffff81496d10>] ? ip_local_deliver_finish+0x0/0x2d0
+ [<ffffffff81496ded>] ip_local_deliver_finish+0xdd/0x2d0
+ [<ffffffff81497078>] ip_local_deliver+0x98/0xa0
+ [<ffffffff8149653d>] ip_rcv_finish+0x12d/0x440
+ [<ffffffff81496ac5>] ip_rcv+0x275/0x350
+ [<ffffffff8145c88b>] __netif_receive_skb+0x4ab/0x750
+ [<ffffffff81460588>] netif_receive_skb+0x58/0x60
+
+This can be triggered e.g., through a simple scripted nmap
+connection scan injecting the chunk after the handshake, for
+example, ...
+
+  -------------- INIT[ASCONF; ASCONF_ACK] ------------->
+  <----------- INIT-ACK[ASCONF; ASCONF_ACK] ------------
+  -------------------- COOKIE-ECHO -------------------->
+  <-------------------- COOKIE-ACK ---------------------
+  ------------------ ASCONF; UNKNOWN ------------------>
+
+... where ASCONF chunk of length 280 contains 2 parameters ...
+
+  1) Add IP address parameter (param length: 16)
+  2) Add/del IP address parameter (param length: 255)
+
+... followed by an UNKNOWN chunk of e.g. 4 bytes. Here, the
+Address Parameter in the ASCONF chunk is even missing, too.
+This is just an example and similarly-crafted ASCONF chunks
+could be used just as well.
+
+The ASCONF chunk passes through sctp_verify_asconf() as all
+parameters passed sanity checks, and after walking, we ended
+up successfully at the chunk end boundary, and thus may invoke
+sctp_process_asconf(). Parameter walking is done with
+WORD_ROUND() to take padding into account.
+
+In sctp_process_asconf()'s TLV processing, we may fail in
+sctp_process_asconf_param() e.g., due to removal of the IP
+address that is also the source address of the packet containing
+the ASCONF chunk, and thus we need to add all TLVs after the
+failure to our ASCONF response to remote via helper function
+sctp_add_asconf_response(), which basically invokes a
+sctp_addto_chunk() adding the error parameters to the given
+skb.
+
+When walking to the next parameter this time, we proceed
+with ...
+
+  length = ntohs(asconf_param->param_hdr.length);
+  asconf_param = (void *)asconf_param + length;
+
+... instead of the WORD_ROUND()'ed length, thus resulting here
+in an off-by-one that leads to reading the follow-up garbage
+parameter length of 12336, and thus throwing an skb_over_panic
+for the reply when trying to sctp_addto_chunk() next time,
+which implicitly calls the skb_put() with that length.
+
+Fix it by using sctp_walk_params() [ which is also used in
+INIT parameter processing ] macro in the verification *and*
+in ASCONF processing: it will make sure we don't spill over,
+that we walk parameters WORD_ROUND()'ed. Moreover, we're being
+more defensive and guard against unknown parameter types and
+missized addresses.
+
+Joint work with Vlad Yasevich.
+
+Fixes CVE-2014-3673
+Upstream-Status: Backport
+
+Fixes: b896b82be4ae ("[SCTP] ADDIP: Support for processing incoming ASCONF_ACK chunks.")
+Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
+Signed-off-by: Vlad Yasevich <vyasevich@gmail.com>
+Acked-by: Neil Horman <nhorman@tuxdriver.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Cc: Josh Boyer <jwboyer@fedoraproject.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ include/net/sctp/sm.h    |  6 +--
+ net/sctp/sm_make_chunk.c | 99 +++++++++++++++++++++++++++---------------------
+ net/sctp/sm_statefuns.c  | 18 +--------
+ 3 files changed, 60 insertions(+), 63 deletions(-)
+
+diff --git a/include/net/sctp/sm.h b/include/net/sctp/sm.h
+index 4ef75af..c91b6f5 100644
+--- a/include/net/sctp/sm.h
++++ b/include/net/sctp/sm.h
+@@ -249,9 +249,9 @@ struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *,
+                                              int, __be16);
+ struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc,
+                                             union sctp_addr *addr);
+-int sctp_verify_asconf(const struct sctp_association *asoc,
+-                      struct sctp_paramhdr *param_hdr, void *chunk_end,
+-                      struct sctp_paramhdr **errp);
++bool sctp_verify_asconf(const struct sctp_association *asoc,
++                       struct sctp_chunk *chunk, bool addr_param_needed,
++                       struct sctp_paramhdr **errp);
+ struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
+                                       struct sctp_chunk *asconf);
+ int sctp_process_asconf_ack(struct sctp_association *asoc,
+diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
+index e342387..d800160 100644
+--- a/net/sctp/sm_make_chunk.c
++++ b/net/sctp/sm_make_chunk.c
+@@ -3126,50 +3126,63 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc,
+        return SCTP_ERROR_NO_ERROR;
+ }
+ 
+-/* Verify the ASCONF packet before we process it.  */
+-int sctp_verify_asconf(const struct sctp_association *asoc,
+-                      struct sctp_paramhdr *param_hdr, void *chunk_end,
+-                      struct sctp_paramhdr **errp) {
+-       sctp_addip_param_t *asconf_param;
++/* Verify the ASCONF packet before we process it. */
++bool sctp_verify_asconf(const struct sctp_association *asoc,
++                       struct sctp_chunk *chunk, bool addr_param_needed,
++                       struct sctp_paramhdr **errp)
++{
++       sctp_addip_chunk_t *addip = (sctp_addip_chunk_t *) chunk->chunk_hdr;
+        union sctp_params param;
+-       int length, plen;
+-
+-       param.v = (sctp_paramhdr_t *) param_hdr;
+-       while (param.v <= chunk_end - sizeof(sctp_paramhdr_t)) {
+-               length = ntohs(param.p->length);
+-               *errp = param.p;
++       bool addr_param_seen = false;
+ 
+-               if (param.v > chunk_end - length ||
+-                   length < sizeof(sctp_paramhdr_t))
+-                       return 0;
++       sctp_walk_params(param, addip, addip_hdr.params) {
++               size_t length = ntohs(param.p->length);
+ 
++               *errp = param.p;
+                switch (param.p->type) {
++               case SCTP_PARAM_ERR_CAUSE:
++                       break;
++               case SCTP_PARAM_IPV4_ADDRESS:
++                       if (length != sizeof(sctp_ipv4addr_param_t))
++                               return false;
++                       addr_param_seen = true;
++                       break;
++               case SCTP_PARAM_IPV6_ADDRESS:
++                       if (length != sizeof(sctp_ipv6addr_param_t))
++                               return false;
++                       addr_param_seen = true;
++                       break;
+                case SCTP_PARAM_ADD_IP:
+                case SCTP_PARAM_DEL_IP:
+                case SCTP_PARAM_SET_PRIMARY:
+-                       asconf_param = (sctp_addip_param_t *)param.v;
+-                       plen = ntohs(asconf_param->param_hdr.length);
+-                       if (plen < sizeof(sctp_addip_param_t) +
+-                           sizeof(sctp_paramhdr_t))
+-                               return 0;
++                       /* In ASCONF chunks, these need to be first. */
++                       if (addr_param_needed && !addr_param_seen)
++                               return false;
++                       length = ntohs(param.addip->param_hdr.length);
++                       if (length < sizeof(sctp_addip_param_t) +
++                                    sizeof(sctp_paramhdr_t))
++                               return false;
+                        break;
+                case SCTP_PARAM_SUCCESS_REPORT:
+                case SCTP_PARAM_ADAPTATION_LAYER_IND:
+                        if (length != sizeof(sctp_addip_param_t))
+-                               return 0;
+-
++                               return false;
+                        break;
+                default:
+-                       break;
++                       /* This is unkown to us, reject! */
++                       return false;
+                }
+-
+-               param.v += WORD_ROUND(length);
+        }
+ 
+-       if (param.v != chunk_end)
+-               return 0;
++       /* Remaining sanity checks. */
++       if (addr_param_needed && !addr_param_seen)
++               return false;
++       if (!addr_param_needed && addr_param_seen)
++               return false;
++       if (param.v != chunk->chunk_end)
++               return false;
+ 
+-       return 1;
++       return true;
+ }
+ 
+ /* Process an incoming ASCONF chunk with the next expected serial no. and
+@@ -3178,16 +3191,17 @@ int sctp_verify_asconf(const struct sctp_association *asoc,
+ struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
+                                       struct sctp_chunk *asconf)
+ {
++       sctp_addip_chunk_t *addip = (sctp_addip_chunk_t *) asconf->chunk_hdr;
++       bool all_param_pass = true;
++       union sctp_params param;
+        sctp_addiphdr_t         *hdr;
+        union sctp_addr_param   *addr_param;
+        sctp_addip_param_t      *asconf_param;
+        struct sctp_chunk       *asconf_ack;
+-
+        __be16  err_code;
+        int     length = 0;
+        int     chunk_len;
+        __u32   serial;
+-       int     all_param_pass = 1;
+ 
+        chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t);
+        hdr = (sctp_addiphdr_t *)asconf->skb->data;
+@@ -3215,9 +3229,14 @@ struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
+                goto done;
+ 
+        /* Process the TLVs contained within the ASCONF chunk. */
+-       while (chunk_len > 0) {
++       sctp_walk_params(param, addip, addip_hdr.params) {
++               /* Skip preceeding address parameters. */
++               if (param.p->type == SCTP_PARAM_IPV4_ADDRESS ||
++                   param.p->type == SCTP_PARAM_IPV6_ADDRESS)
++                       continue;
++
+                err_code = sctp_process_asconf_param(asoc, asconf,
+-                                                    asconf_param);
++                                                    param.addip);
+                /* ADDIP 4.1 A7)
+                 * If an error response is received for a TLV parameter,
+                 * all TLVs with no response before the failed TLV are
+@@ -3225,28 +3244,20 @@ struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
+                 * the failed response are considered unsuccessful unless
+                 * a specific success indication is present for the parameter.
+                 */
+-               if (SCTP_ERROR_NO_ERROR != err_code)
+-                       all_param_pass = 0;
+-
++               if (err_code != SCTP_ERROR_NO_ERROR)
++                       all_param_pass = false;
+                if (!all_param_pass)
+-                       sctp_add_asconf_response(asconf_ack,
+-                                                asconf_param->crr_id, err_code,
+-                                                asconf_param);
++                       sctp_add_asconf_response(asconf_ack, param.addip->crr_id,
++                                                err_code, param.addip);
+ 
+                /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add
+                 * an IP address sends an 'Out of Resource' in its response, it
+                 * MUST also fail any subsequent add or delete requests bundled
+                 * in the ASCONF.
+                 */
+-               if (SCTP_ERROR_RSRC_LOW == err_code)
++               if (err_code == SCTP_ERROR_RSRC_LOW)
+                        goto done;
+-
+-               /* Move to the next ASCONF param. */
+-               length = ntohs(asconf_param->param_hdr.length);
+-               asconf_param = (void *)asconf_param + length;
+-               chunk_len -= length;
+        }
+-
+ done:
+        asoc->peer.addip_serial++;
+ 
+diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
+index 62623cc..bf12098 100644
+--- a/net/sctp/sm_statefuns.c
++++ b/net/sctp/sm_statefuns.c
+@@ -3595,9 +3595,7 @@ sctp_disposition_t sctp_sf_do_asconf(struct net *net,
+        struct sctp_chunk       *asconf_ack = NULL;
+        struct sctp_paramhdr    *err_param = NULL;
+        sctp_addiphdr_t         *hdr;
+-       union sctp_addr_param   *addr_param;
+        __u32                   serial;
+-       int                     length;
+ 
+        if (!sctp_vtag_verify(chunk, asoc)) {
+                sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG,
+@@ -3622,17 +3620,8 @@ sctp_disposition_t sctp_sf_do_asconf(struct net *net,
+        hdr = (sctp_addiphdr_t *)chunk->skb->data;
+        serial = ntohl(hdr->serial);
+ 
+-       addr_param = (union sctp_addr_param *)hdr->params;
+-       length = ntohs(addr_param->p.length);
+-       if (length < sizeof(sctp_paramhdr_t))
+-               return sctp_sf_violation_paramlen(net, ep, asoc, type, arg,
+-                          (void *)addr_param, commands);
+-
+        /* Verify the ASCONF chunk before processing it. */
+-       if (!sctp_verify_asconf(asoc,
+-                           (sctp_paramhdr_t *)((void *)addr_param + length),
+-                           (void *)chunk->chunk_end,
+-                           &err_param))
++       if (!sctp_verify_asconf(asoc, chunk, true, &err_param))
+                return sctp_sf_violation_paramlen(net, ep, asoc, type, arg,
+                                                  (void *)err_param, commands);
+ 
+@@ -3750,10 +3739,7 @@ sctp_disposition_t sctp_sf_do_asconf_ack(struct net *net,
+        rcvd_serial = ntohl(addip_hdr->serial);
+ 
+        /* Verify the ASCONF-ACK chunk before processing it. */
+-       if (!sctp_verify_asconf(asoc,
+-           (sctp_paramhdr_t *)addip_hdr->params,
+-           (void *)asconf_ack->chunk_end,
+-           &err_param))
++       if (!sctp_verify_asconf(asoc, asconf_ack, false, &err_param))
+                return sctp_sf_violation_paramlen(net, ep, asoc, type, arg,
+                           (void *)err_param, commands);
+ 
+-- 
+1.9.1
+
diff --git a/recipes-kernel/linux/files/0002-ALSA-CVE-2014-4653.patch b/recipes-kernel/linux/files/0002-ALSA-CVE-2014-4653.patch
new file mode 100644
index 0000000..8612d74
--- /dev/null
+++ b/recipes-kernel/linux/files/0002-ALSA-CVE-2014-4653.patch
@@ -0,0 +1,92 @@
+From 0bf595fd311aa4d6e82c43879f2c0d0650e83271 Mon Sep 17 00:00:00 2001
+From: Lars-Peter Clausen <lars@metafoo.de>
+Date: Wed, 18 Jun 2014 13:32:33 +0200
+Subject: [PATCH] ALSA: control: Don't access controls outside of protected
+ regions
+
+commit fd9f26e4eca5d08a27d12c0933fceef76ed9663d upstream.
+
+A control that is visible on the card->controls list can be freed at any time.
+This means we must not access any of its memory while not holding the
+controls_rw_lock. Otherwise we risk a use after free access.
+
+This fixes CVE-2014-4653
+Upstream-Status: Backport
+
+Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
+Acked-by: Jaroslav Kysela <perex@perex.cz>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ sound/core/control.c | 15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/sound/core/control.c b/sound/core/control.c
+index 15bc844..d4a597f 100644
+--- a/sound/core/control.c
++++ b/sound/core/control.c
+@@ -331,6 +331,7 @@ int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol)
+ {
+        struct snd_ctl_elem_id id;
+        unsigned int idx;
++       unsigned int count;
+        int err = -EINVAL;
+ 
+        if (! kcontrol)
+@@ -359,8 +360,9 @@ int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol)
+        card->controls_count += kcontrol->count;
+        kcontrol->id.numid = card->last_numid + 1;
+        card->last_numid += kcontrol->count;
++       count = kcontrol->count;
+        up_write(&card->controls_rwsem);
+-       for (idx = 0; idx < kcontrol->count; idx++, id.index++, id.numid++)
++       for (idx = 0; idx < count; idx++, id.index++, id.numid++)
+                snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_ADD, &id);
+        return 0;
+ 
+@@ -389,6 +391,7 @@ int snd_ctl_replace(struct snd_card *card, struct snd_kcontrol *kcontrol,
+                    bool add_on_replace)
+ {
+        struct snd_ctl_elem_id id;
++       unsigned int count;
+        unsigned int idx;
+        struct snd_kcontrol *old;
+        int ret;
+@@ -424,8 +427,9 @@ add:
+        card->controls_count += kcontrol->count;
+        kcontrol->id.numid = card->last_numid + 1;
+        card->last_numid += kcontrol->count;
++       count = kcontrol->count;
+        up_write(&card->controls_rwsem);
+-       for (idx = 0; idx < kcontrol->count; idx++, id.index++, id.numid++)
++       for (idx = 0; idx < count; idx++, id.index++, id.numid++)
+                snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_ADD, &id);
+        return 0;
+ 
+@@ -898,9 +902,9 @@ static int snd_ctl_elem_write(struct snd_card *card, struct snd_ctl_file *file,
+                        result = kctl->put(kctl, control);
+                }
+                if (result > 0) {
++                       struct snd_ctl_elem_id id = control->id;
+                        up_read(&card->controls_rwsem);
+-                       snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_VALUE,
+-                                      &control->id);
++                       snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_VALUE, &id);
+                        return 0;
+                }
+        }
+@@ -1334,8 +1338,9 @@ static int snd_ctl_tlv_ioctl(struct snd_ctl_file *file,
+                }
+                err = kctl->tlv.c(kctl, op_flag, tlv.length, _tlv->tlv);
+                if (err > 0) {
++                       struct snd_ctl_elem_id id = kctl->id;
+                        up_read(&card->controls_rwsem);
+-                       snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_TLV, &kctl->id);
++                       snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_TLV, &id);
+                        return 0;
+                }
+        } else {
+-- 
+1.9.1
+
diff --git a/recipes-kernel/linux/files/0002-HID-CVE-2014-3182.patch b/recipes-kernel/linux/files/0002-HID-CVE-2014-3182.patch
new file mode 100644
index 0000000..a90d079
--- /dev/null
+++ b/recipes-kernel/linux/files/0002-HID-CVE-2014-3182.patch
@@ -0,0 +1,65 @@
+From ad3e14d7c5268c2e24477c6ef54bbdf88add5d36 Mon Sep 17 00:00:00 2001
+From: Jiri Kosina <jkosina@suse.cz>
+Date: Thu, 21 Aug 2014 09:57:17 -0500
+Subject: [PATCH] HID: logitech: perform bounds checking on device_id early
+ enough
+
+device_index is a char type and the size of paired_dj_deivces is 7
+elements, therefore proper bounds checking has to be applied to
+device_index before it is used.
+
+We are currently performing the bounds checking in
+logi_dj_recv_add_djhid_device(), which is too late, as malicious device
+could send REPORT_TYPE_NOTIF_DEVICE_UNPAIRED early enough and trigger the
+problem in one of the report forwarding functions called from
+logi_dj_raw_event().
+
+Fix this by performing the check at the earliest possible ocasion in
+logi_dj_raw_event().
+
+This fixes CVE-2014-3182
+Upstream-Status: Backport
+
+Cc: stable@vger.kernel.org
+Reported-by: Ben Hawkes <hawkes@google.com>
+Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ drivers/hid/hid-logitech-dj.c | 13 ++++++-------
+ 1 file changed, 6 insertions(+), 7 deletions(-)
+
+diff --git a/drivers/hid/hid-logitech-dj.c b/drivers/hid/hid-logitech-dj.c
+index ca0ab51..b7ba829 100644
+--- a/drivers/hid/hid-logitech-dj.c
++++ b/drivers/hid/hid-logitech-dj.c
+@@ -238,13 +238,6 @@ static void logi_dj_recv_add_djhid_device(struct dj_receiver_dev *djrcv_dev,
+                return;
+        }
+ 
+-       if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) ||
+-           (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) {
+-               dev_err(&djrcv_hdev->dev, "%s: invalid device index:%d\n",
+-                       __func__, dj_report->device_index);
+-               return;
+-       }
+-
+        if (djrcv_dev->paired_dj_devices[dj_report->device_index]) {
+                /* The device is already known. No need to reallocate it. */
+                dbg_hid("%s: device is already known\n", __func__);
+@@ -690,6 +683,12 @@ static int logi_dj_raw_event(struct hid_device *hdev,
+         * device (via hid_input_report() ) and return 1 so hid-core does not do
+         * anything else with it.
+         */
++       if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) ||
++           (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) {
++               dev_err(&hdev->dev, "%s: invalid device index:%d\n",
++                               __func__, dj_report->device_index);
++               return false;
++       }
+ 
+        spin_lock_irqsave(&djrcv_dev->lock, flags);
+        if (dj_report->report_id == REPORT_ID_DJ_SHORT) {
+-- 
+1.9.1
+
diff --git a/recipes-kernel/linux/files/0002-kvm-iommu-CVE-2014-8369.patch b/recipes-kernel/linux/files/0002-kvm-iommu-CVE-2014-8369.patch
new file mode 100644
index 0000000..e43771c
--- /dev/null
+++ b/recipes-kernel/linux/files/0002-kvm-iommu-CVE-2014-8369.patch
@@ -0,0 +1,86 @@
+From 248541357433e3035d954435dafcdb9e70afee4e Mon Sep 17 00:00:00 2001
+From: Quentin Casasnovas <quentin.casasnovas@oracle.com>
+Date: Fri, 17 Oct 2014 22:55:59 +0200
+Subject: [PATCH] kvm: fix excessive pages un-pinning in kvm_iommu_map error
+ path.
+
+commit 3d32e4dbe71374a6780eaf51d719d76f9a9bf22f upstream.
+
+The third parameter of kvm_unpin_pages() when called from
+kvm_iommu_map_pages() is wrong, it should be the number of pages to un-pin
+and not the page size.
+
+This error was facilitated with an inconsistent API: kvm_pin_pages() takes
+a size, but kvn_unpin_pages() takes a number of pages, so fix the problem
+by matching the two.
+
+This was introduced by commit 350b8bd ("kvm: iommu: fix the third parameter
+of kvm_iommu_put_pages (CVE-2014-3601)"), which fixes the lack of
+un-pinning for pages intended to be un-pinned (i.e. memory leak) but
+unfortunately potentially aggravated the number of pages we un-pin that
+should have stayed pinned. As far as I understand though, the same
+practical mitigations apply.
+
+This issue was found during review of Red Hat 6.6 patches to prepare
+Ksplice rebootless updates.
+
+Thanks to Vegard for his time on a late Friday evening to help me in
+understanding this code.
+
+Fix for CVE-2014-8369
+
+Upstream-Status: Backport
+
+Fixes: 350b8bd ("kvm: iommu: fix the third parameter of... (CVE-2014-3601)")
+Signed-off-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
+Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
+Signed-off-by: Jamie Iles <jamie.iles@oracle.com>
+Reviewed-by: Sasha Levin <sasha.levin@oracle.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ virt/kvm/iommu.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c
+index dec9971..a650aa4 100644
+--- a/virt/kvm/iommu.c
++++ b/virt/kvm/iommu.c
+@@ -43,13 +43,13 @@ static void kvm_iommu_put_pages(struct kvm *kvm,
+                                gfn_t base_gfn, unsigned long npages);
+ 
+ static pfn_t kvm_pin_pages(struct kvm_memory_slot *slot, gfn_t gfn,
+-                          unsigned long size)
++                          unsigned long npages)
+ {
+        gfn_t end_gfn;
+        pfn_t pfn;
+ 
+        pfn     = gfn_to_pfn_memslot(slot, gfn);
+-       end_gfn = gfn + (size >> PAGE_SHIFT);
++       end_gfn = gfn + npages;
+        gfn    += 1;
+ 
+        if (is_error_noslot_pfn(pfn))
+@@ -119,7 +119,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
+                 * Pin all pages we are about to map in memory. This is
+                 * important because we unmap and unpin in 4kb steps later.
+                 */
+-               pfn = kvm_pin_pages(slot, gfn, page_size);
++               pfn = kvm_pin_pages(slot, gfn, page_size >> PAGE_SHIFT);
+                if (is_error_noslot_pfn(pfn)) {
+                        gfn += 1;
+                        continue;
+@@ -131,7 +131,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
+                if (r) {
+                        printk(KERN_ERR "kvm_iommu_map_address:"
+                               "iommu failed to map pfn=%llx\n", pfn);
+-                       kvm_unpin_pages(kvm, pfn, page_size);
++                       kvm_unpin_pages(kvm, pfn, page_size >> PAGE_SHIFT);
+                        goto unmap_pages;
+                }
+ 
+-- 
+1.9.1
+
diff --git a/recipes-kernel/linux/files/0002-mnt-CVE-2014-5206_CVE-2014-5207.patch b/recipes-kernel/linux/files/0002-mnt-CVE-2014-5206_CVE-2014-5207.patch
new file mode 100644
index 0000000..b08f217
--- /dev/null
+++ b/recipes-kernel/linux/files/0002-mnt-CVE-2014-5206_CVE-2014-5207.patch
@@ -0,0 +1,62 @@
+From cab259f821fad20afa688d3fbeb47356447ac20b Mon Sep 17 00:00:00 2001
+From: "Eric W. Biederman" <ebiederm@xmission.com>
+Date: Mon, 28 Jul 2014 17:10:56 -0700
+Subject: [PATCH] mnt: Move the test for MNT_LOCK_READONLY from
+ change_mount_flags into do_remount
+
+commit 07b645589dcda8b7a5249e096fece2a67556f0f4 upstream.
+
+There are no races as locked mount flags are guaranteed to never change.
+
+Moving the test into do_remount makes it more visible, and ensures all
+filesystem remounts pass the MNT_LOCK_READONLY permission check.  This
+second case is not an issue today as filesystem remounts are guarded
+by capable(CAP_DAC_ADMIN) and thus will always fail in less privileged
+mount namespaces, but it could become an issue in the future.
+
+Fix for CVE-2014-5206 and CVE-2014-5207
+Upstream-Status: backport
+
+Cc: stable@vger.kernel.org
+Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
+Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ fs/namespace.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/fs/namespace.c b/fs/namespace.c
+index 34fa7a5..8e90b03 100644
+--- a/fs/namespace.c
++++ b/fs/namespace.c
+@@ -1806,9 +1806,6 @@ static int change_mount_flags(struct vfsmount *mnt, int ms_flags)
+        if (readonly_request == __mnt_is_readonly(mnt))
+                return 0;
+ 
+-       if (mnt->mnt_flags & MNT_LOCK_READONLY)
+-               return -EPERM;
+-
+        if (readonly_request)
+                error = mnt_make_readonly(real_mount(mnt));
+        else
+@@ -1834,6 +1831,16 @@ static int do_remount(struct path *path, int flags, int mnt_flags,
+        if (path->dentry != path->mnt->mnt_root)
+                return -EINVAL;
+ 
++       /* Don't allow changing of locked mnt flags.
++        *
++        * No locks need to be held here while testing the various
++        * MNT_LOCK flags because those flags can never be cleared
++        * once they are set.
++        */
++       if ((mnt->mnt.mnt_flags & MNT_LOCK_READONLY) &&
++           !(mnt_flags & MNT_READONLY)) {
++               return -EPERM;
++       }
+        err = security_sb_remount(sb, data);
+        if (err)
+                return err;
+-- 
+1.9.1
+
diff --git a/recipes-kernel/linux/files/0002-net-sctp-CVE-2014-3687.patch b/recipes-kernel/linux/files/0002-net-sctp-CVE-2014-3687.patch
new file mode 100644
index 0000000..b05aaf2
--- /dev/null
+++ b/recipes-kernel/linux/files/0002-net-sctp-CVE-2014-3687.patch
@@ -0,0 +1,102 @@
+From a723db0be941b8aebaa1a98b33d17a91b16603e4 Mon Sep 17 00:00:00 2001
+From: Daniel Borkmann <dborkman@redhat.com>
+Date: Thu, 9 Oct 2014 22:55:32 +0200
+Subject: [PATCH] net: sctp: fix panic on duplicate ASCONF chunks
+
+commit b69040d8e39f20d5215a03502a8e8b4c6ab78395 upstream.
+
+When receiving a e.g. semi-good formed connection scan in the
+form of ...
+
+  -------------- INIT[ASCONF; ASCONF_ACK] ------------->
+  <----------- INIT-ACK[ASCONF; ASCONF_ACK] ------------
+  -------------------- COOKIE-ECHO -------------------->
+  <-------------------- COOKIE-ACK ---------------------
+  ---------------- ASCONF_a; ASCONF_b ----------------->
+
+... where ASCONF_a equals ASCONF_b chunk (at least both serials
+need to be equal), we panic an SCTP server!
+
+The problem is that good-formed ASCONF chunks that we reply with
+ASCONF_ACK chunks are cached per serial. Thus, when we receive a
+same ASCONF chunk twice (e.g. through a lost ASCONF_ACK), we do
+not need to process them again on the server side (that was the
+idea, also proposed in the RFC). Instead, we know it was cached
+and we just resend the cached chunk instead. So far, so good.
+
+Where things get nasty is in SCTP's side effect interpreter, that
+is, sctp_cmd_interpreter():
+
+While incoming ASCONF_a (chunk = event_arg) is being marked
+!end_of_packet and !singleton, and we have an association context,
+we do not flush the outqueue the first time after processing the
+ASCONF_ACK singleton chunk via SCTP_CMD_REPLY. Instead, we keep it
+queued up, although we set local_cork to 1. Commit 2e3216cd54b1
+changed the precedence, so that as long as we get bundled, incoming
+chunks we try possible bundling on outgoing queue as well. Before
+this commit, we would just flush the output queue.
+
+Now, while ASCONF_a's ASCONF_ACK sits in the corked outq, we
+continue to process the same ASCONF_b chunk from the packet. As
+we have cached the previous ASCONF_ACK, we find it, grab it and
+do another SCTP_CMD_REPLY command on it. So, effectively, we rip
+the chunk->list pointers and requeue the same ASCONF_ACK chunk
+another time. Since we process ASCONF_b, it's correctly marked
+with end_of_packet and we enforce an uncork, and thus flush, thus
+crashing the kernel.
+
+Fix it by testing if the ASCONF_ACK is currently pending and if
+that is the case, do not requeue it. When flushing the output
+queue we may relink the chunk for preparing an outgoing packet,
+but eventually unlink it when it's copied into the skb right
+before transmission.
+
+Joint work with Vlad Yasevich.
+
+Fixes CVE-2014-3687
+Upstream-Status: Backport
+
+Fixes: 2e3216cd54b1 ("sctp: Follow security requirement of responding with 1 packet")
+Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
+Signed-off-by: Vlad Yasevich <vyasevich@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Cc: Josh Boyer <jwboyer@fedoraproject.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ include/net/sctp/sctp.h | 5 +++++
+ net/sctp/associola.c    | 2 ++
+ 2 files changed, 7 insertions(+)
+
+diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h
+index 3794c5a..3848934 100644
+--- a/include/net/sctp/sctp.h
++++ b/include/net/sctp/sctp.h
+@@ -454,6 +454,11 @@ static inline void sctp_assoc_pending_pmtu(struct sock *sk, struct sctp_associat
+        asoc->pmtu_pending = 0;
+ }
+ 
++static inline bool sctp_chunk_pending(const struct sctp_chunk *chunk)
++{
++       return !list_empty(&chunk->list);
++}
++
+ /* Walk through a list of TLV parameters.  Don't trust the
+  * individual parameter lengths and instead depend on
+  * the chunk length to indicate when to stop.  Make sure
+diff --git a/net/sctp/associola.c b/net/sctp/associola.c
+index ad5cd6f..737050f 100644
+--- a/net/sctp/associola.c
++++ b/net/sctp/associola.c
+@@ -1645,6 +1645,8 @@ struct sctp_chunk *sctp_assoc_lookup_asconf_ack(
+         * ack chunk whose serial number matches that of the request.
+         */
+        list_for_each_entry(ack, &asoc->asconf_ack_list, transmitted_list) {
++               if (sctp_chunk_pending(ack))
++                       continue;
+                if (ack->subh.addip_hdr->serial == serial) {
+                        sctp_chunk_hold(ack);
+                        return ack;
+-- 
+1.9.1
+
diff --git a/recipes-kernel/linux/files/0003-HID-CVE-2014-3184.patch b/recipes-kernel/linux/files/0003-HID-CVE-2014-3184.patch
new file mode 100644
index 0000000..f58b2f0
--- /dev/null
+++ b/recipes-kernel/linux/files/0003-HID-CVE-2014-3184.patch
@@ -0,0 +1,114 @@
+From 4ab25786c87eb20857bbb715c3ae34ec8fd6a214 Mon Sep 17 00:00:00 2001
+From: Jiri Kosina <jkosina@suse.cz>
+Date: Thu, 21 Aug 2014 09:57:48 -0500
+Subject: [PATCH] HID: fix a couple of off-by-ones
+
+There are a few very theoretical off-by-one bugs in report descriptor size
+checking when performing a pre-parsing fixup. Fix those.
+
+This fixes CVE-2014-3184
+Upstream-Status: Backport
+
+Cc: stable@vger.kernel.org
+Reported-by: Ben Hawkes <hawkes@google.com>
+Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ drivers/hid/hid-cherry.c   | 2 +-
+ drivers/hid/hid-kye.c      | 2 +-
+ drivers/hid/hid-lg.c       | 4 ++--
+ drivers/hid/hid-monterey.c | 2 +-
+ drivers/hid/hid-petalynx.c | 2 +-
+ drivers/hid/hid-sunplus.c  | 2 +-
+ 6 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/drivers/hid/hid-cherry.c b/drivers/hid/hid-cherry.c
+index 1bdcccc..f745d2c 100644
+--- a/drivers/hid/hid-cherry.c
++++ b/drivers/hid/hid-cherry.c
+@@ -28,7 +28,7 @@
+ static __u8 *ch_report_fixup(struct hid_device *hdev, __u8 *rdesc,
+                unsigned int *rsize)
+ {
+-       if (*rsize >= 17 && rdesc[11] == 0x3c && rdesc[12] == 0x02) {
++       if (*rsize >= 18 && rdesc[11] == 0x3c && rdesc[12] == 0x02) {
+                hid_info(hdev, "fixing up Cherry Cymotion report descriptor\n");
+                rdesc[11] = rdesc[16] = 0xff;
+                rdesc[12] = rdesc[17] = 0x03;
+diff --git a/drivers/hid/hid-kye.c b/drivers/hid/hid-kye.c
+index e776963..b92bf01 100644
+--- a/drivers/hid/hid-kye.c
++++ b/drivers/hid/hid-kye.c
+@@ -300,7 +300,7 @@ static __u8 *kye_report_fixup(struct hid_device *hdev, __u8 *rdesc,
+                 *   - change the button usage range to 4-7 for the extra
+                 *     buttons
+                 */
+-               if (*rsize >= 74 &&
++               if (*rsize >= 75 &&
+                        rdesc[61] == 0x05 && rdesc[62] == 0x08 &&
+                        rdesc[63] == 0x19 && rdesc[64] == 0x08 &&
+                        rdesc[65] == 0x29 && rdesc[66] == 0x0f &&
+diff --git a/drivers/hid/hid-lg.c b/drivers/hid/hid-lg.c
+index a976f48..f91ff14 100644
+--- a/drivers/hid/hid-lg.c
++++ b/drivers/hid/hid-lg.c
+@@ -345,14 +345,14 @@ static __u8 *lg_report_fixup(struct hid_device *hdev, __u8 *rdesc,
+        struct usb_device_descriptor *udesc;
+        __u16 bcdDevice, rev_maj, rev_min;
+ 
+-       if ((drv_data->quirks & LG_RDESC) && *rsize >= 90 && rdesc[83] == 0x26 &&
++       if ((drv_data->quirks & LG_RDESC) && *rsize >= 91 && rdesc[83] == 0x26 &&
+                        rdesc[84] == 0x8c && rdesc[85] == 0x02) {
+                hid_info(hdev,
+                         "fixing up Logitech keyboard report descriptor\n");
+                rdesc[84] = rdesc[89] = 0x4d;
+                rdesc[85] = rdesc[90] = 0x10;
+        }
+-       if ((drv_data->quirks & LG_RDESC_REL_ABS) && *rsize >= 50 &&
++       if ((drv_data->quirks & LG_RDESC_REL_ABS) && *rsize >= 51 &&
+                        rdesc[32] == 0x81 && rdesc[33] == 0x06 &&
+                        rdesc[49] == 0x81 && rdesc[50] == 0x06) {
+                hid_info(hdev,
+diff --git a/drivers/hid/hid-monterey.c b/drivers/hid/hid-monterey.c
+index 9e14c00..25daf28 100644
+--- a/drivers/hid/hid-monterey.c
++++ b/drivers/hid/hid-monterey.c
+@@ -24,7 +24,7 @@
+ static __u8 *mr_report_fixup(struct hid_device *hdev, __u8 *rdesc,
+                unsigned int *rsize)
+ {
+-       if (*rsize >= 30 && rdesc[29] == 0x05 && rdesc[30] == 0x09) {
++       if (*rsize >= 31 && rdesc[29] == 0x05 && rdesc[30] == 0x09) {
+                hid_info(hdev, "fixing up button/consumer in HID report descriptor\n");
+                rdesc[30] = 0x0c;
+        }
+diff --git a/drivers/hid/hid-petalynx.c b/drivers/hid/hid-petalynx.c
+index 736b250..6aca4f2 100644
+--- a/drivers/hid/hid-petalynx.c
++++ b/drivers/hid/hid-petalynx.c
+@@ -25,7 +25,7 @@
+ static __u8 *pl_report_fixup(struct hid_device *hdev, __u8 *rdesc,
+                unsigned int *rsize)
+ {
+-       if (*rsize >= 60 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 &&
++       if (*rsize >= 62 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 &&
+                        rdesc[41] == 0x00 && rdesc[59] == 0x26 &&
+                        rdesc[60] == 0xf9 && rdesc[61] == 0x00) {
+                hid_info(hdev, "fixing up Petalynx Maxter Remote report descriptor\n");
+diff --git a/drivers/hid/hid-sunplus.c b/drivers/hid/hid-sunplus.c
+index 87fc91e..91072fa 100644
+--- a/drivers/hid/hid-sunplus.c
++++ b/drivers/hid/hid-sunplus.c
+@@ -24,7 +24,7 @@
+ static __u8 *sp_report_fixup(struct hid_device *hdev, __u8 *rdesc,
+                unsigned int *rsize)
+ {
+-       if (*rsize >= 107 && rdesc[104] == 0x26 && rdesc[105] == 0x80 &&
++       if (*rsize >= 112 && rdesc[104] == 0x26 && rdesc[105] == 0x80 &&
+                        rdesc[106] == 0x03) {
+                hid_info(hdev, "fixing up Sunplus Wireless Desktop report descriptor\n");
+                rdesc[105] = rdesc[110] = 0x03;
+-- 
+1.9.1
+
diff --git a/recipes-kernel/linux/files/0003-mnt-CVE-2014-5206_CVE-2014-5207.patch b/recipes-kernel/linux/files/0003-mnt-CVE-2014-5206_CVE-2014-5207.patch
new file mode 100644
index 0000000..aa5ca1b
--- /dev/null
+++ b/recipes-kernel/linux/files/0003-mnt-CVE-2014-5206_CVE-2014-5207.patch
@@ -0,0 +1,137 @@
+From 8b18c0adbc5d0cb1530692e72bcfb88fd7bb77bb Mon Sep 17 00:00:00 2001
+From: "Eric W. Biederman" <ebiederm@xmission.com>
+Date: Mon, 28 Jul 2014 17:26:07 -0700
+Subject: [PATCH] mnt: Correct permission checks in do_remount
+
+commit 9566d6742852c527bf5af38af5cbb878dad75705 upstream.
+
+While invesgiating the issue where in "mount --bind -oremount,ro ..."
+would result in later "mount --bind -oremount,rw" succeeding even if
+the mount started off locked I realized that there are several
+additional mount flags that should be locked and are not.
+
+In particular MNT_NOSUID, MNT_NODEV, MNT_NOEXEC, and the atime
+flags in addition to MNT_READONLY should all be locked.  These
+flags are all per superblock, can all be changed with MS_BIND,
+and should not be changable if set by a more privileged user.
+
+The following additions to the current logic are added in this patch.
+- nosuid may not be clearable by a less privileged user.
+- nodev  may not be clearable by a less privielged user.
+- noexec may not be clearable by a less privileged user.
+- atime flags may not be changeable by a less privileged user.
+
+The logic with atime is that always setting atime on access is a
+global policy and backup software and auditing software could break if
+atime bits are not updated (when they are configured to be updated),
+and serious performance degradation could result (DOS attack) if atime
+updates happen when they have been explicitly disabled.  Therefore an
+unprivileged user should not be able to mess with the atime bits set
+by a more privileged user.
+
+The additional restrictions are implemented with the addition of
+MNT_LOCK_NOSUID, MNT_LOCK_NODEV, MNT_LOCK_NOEXEC, and MNT_LOCK_ATIME
+mnt flags.
+
+Taken together these changes and the fixes for MNT_LOCK_READONLY
+should make it safe for an unprivileged user to create a user
+namespace and to call "mount --bind -o remount,... ..." without
+the danger of mount flags being changed maliciously.
+
+Fix for CVE-2014-5206 and CVE-2014-5207
+Upstream-Status: backport
+
+Cc: stable@vger.kernel.org
+Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
+Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ fs/namespace.c        | 36 +++++++++++++++++++++++++++++++++---
+ include/linux/mount.h |  5 +++++
+ 2 files changed, 38 insertions(+), 3 deletions(-)
+
+diff --git a/fs/namespace.c b/fs/namespace.c
+index 8e90b03..7c67de8 100644
+--- a/fs/namespace.c
++++ b/fs/namespace.c
+@@ -827,8 +827,21 @@ static struct mount *clone_mnt(struct mount *old, struct dentry *root,
+ 
+        mnt->mnt.mnt_flags = old->mnt.mnt_flags & ~MNT_WRITE_HOLD;
+        /* Don't allow unprivileged users to change mount flags */
+-       if ((flag & CL_UNPRIVILEGED) && (mnt->mnt.mnt_flags & MNT_READONLY))
+-               mnt->mnt.mnt_flags |= MNT_LOCK_READONLY;
++       if (flag & CL_UNPRIVILEGED) {
++               mnt->mnt.mnt_flags |= MNT_LOCK_ATIME;
++
++               if (mnt->mnt.mnt_flags & MNT_READONLY)
++                       mnt->mnt.mnt_flags |= MNT_LOCK_READONLY;
++
++               if (mnt->mnt.mnt_flags & MNT_NODEV)
++                       mnt->mnt.mnt_flags |= MNT_LOCK_NODEV;
++
++               if (mnt->mnt.mnt_flags & MNT_NOSUID)
++                       mnt->mnt.mnt_flags |= MNT_LOCK_NOSUID;
++
++               if (mnt->mnt.mnt_flags & MNT_NOEXEC)
++                       mnt->mnt.mnt_flags |= MNT_LOCK_NOEXEC;
++       }
+ 
+        /* Don't allow unprivileged users to reveal what is under a mount */
+        if ((flag & CL_UNPRIVILEGED) && list_empty(&old->mnt_expire))
+@@ -1841,6 +1854,23 @@ static int do_remount(struct path *path, int flags, int mnt_flags,
+            !(mnt_flags & MNT_READONLY)) {
+                return -EPERM;
+        }
++       if ((mnt->mnt.mnt_flags & MNT_LOCK_NODEV) &&
++           !(mnt_flags & MNT_NODEV)) {
++               return -EPERM;
++       }
++       if ((mnt->mnt.mnt_flags & MNT_LOCK_NOSUID) &&
++           !(mnt_flags & MNT_NOSUID)) {
++               return -EPERM;
++       }
++       if ((mnt->mnt.mnt_flags & MNT_LOCK_NOEXEC) &&
++           !(mnt_flags & MNT_NOEXEC)) {
++               return -EPERM;
++       }
++       if ((mnt->mnt.mnt_flags & MNT_LOCK_ATIME) &&
++           ((mnt->mnt.mnt_flags & MNT_ATIME_MASK) != (mnt_flags & MNT_ATIME_MASK))) {
++               return -EPERM;
++       }
++
+        err = security_sb_remount(sb, data);
+        if (err)
+                return err;
+@@ -2043,7 +2073,7 @@ static int do_new_mount(struct path *path, const char *fstype, int flags,
+                 */
+                if (!(type->fs_flags & FS_USERNS_DEV_MOUNT)) {
+                        flags |= MS_NODEV;
+-                       mnt_flags |= MNT_NODEV;
++                       mnt_flags |= MNT_NODEV | MNT_LOCK_NODEV;
+                }
+        }
+ 
+diff --git a/include/linux/mount.h b/include/linux/mount.h
+index 8707c9e..22e5b96 100644
+--- a/include/linux/mount.h
++++ b/include/linux/mount.h
+@@ -45,10 +45,15 @@ struct mnt_namespace;
+ #define MNT_USER_SETTABLE_MASK  (MNT_NOSUID | MNT_NODEV | MNT_NOEXEC \
+                                 | MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME \
+                                 | MNT_READONLY)
++#define MNT_ATIME_MASK (MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME )
+ 
+ 
+ #define MNT_INTERNAL   0x4000
+ 
++#define MNT_LOCK_ATIME         0x040000
++#define MNT_LOCK_NOEXEC                0x080000
++#define MNT_LOCK_NOSUID                0x100000
++#define MNT_LOCK_NODEV         0x200000
+ #define MNT_LOCK_READONLY      0x400000
+ #define MNT_LOCKED             0x800000
+ 
+-- 
+1.9.1
+
diff --git a/recipes-kernel/linux/files/0003-net-sctp-CVE-2014-3688.patch b/recipes-kernel/linux/files/0003-net-sctp-CVE-2014-3688.patch
new file mode 100644
index 0000000..1b4716d
--- /dev/null
+++ b/recipes-kernel/linux/files/0003-net-sctp-CVE-2014-3688.patch
@@ -0,0 +1,160 @@
+From e476841415c1b7b54e4118d8a219f5db71878675 Mon Sep 17 00:00:00 2001
+From: Daniel Borkmann <dborkman@redhat.com>
+Date: Thu, 9 Oct 2014 22:55:33 +0200
+Subject: [PATCH] net: sctp: fix remote memory pressure from excessive queueing
+
+commit 26b87c7881006311828bb0ab271a551a62dcceb4 upstream.
+
+This scenario is not limited to ASCONF, just taken as one
+example triggering the issue. When receiving ASCONF probes
+in the form of ...
+
+  -------------- INIT[ASCONF; ASCONF_ACK] ------------->
+  <----------- INIT-ACK[ASCONF; ASCONF_ACK] ------------
+  -------------------- COOKIE-ECHO -------------------->
+  <-------------------- COOKIE-ACK ---------------------
+  ---- ASCONF_a; [ASCONF_b; ...; ASCONF_n;] JUNK ------>
+  [...]
+  ---- ASCONF_m; [ASCONF_o; ...; ASCONF_z;] JUNK ------>
+
+... where ASCONF_a, ASCONF_b, ..., ASCONF_z are good-formed
+ASCONFs and have increasing serial numbers, we process such
+ASCONF chunk(s) marked with !end_of_packet and !singleton,
+since we have not yet reached the SCTP packet end. SCTP does
+only do verification on a chunk by chunk basis, as an SCTP
+packet is nothing more than just a container of a stream of
+chunks which it eats up one by one.
+
+We could run into the case that we receive a packet with a
+malformed tail, above marked as trailing JUNK. All previous
+chunks are here goodformed, so the stack will eat up all
+previous chunks up to this point. In case JUNK does not fit
+into a chunk header and there are no more other chunks in
+the input queue, or in case JUNK contains a garbage chunk
+header, but the encoded chunk length would exceed the skb
+tail, or we came here from an entirely different scenario
+and the chunk has pdiscard=1 mark (without having had a flush
+point), it will happen, that we will excessively queue up
+the association's output queue (a correct final chunk may
+then turn it into a response flood when flushing the
+queue ;)): I ran a simple script with incremental ASCONF
+serial numbers and could see the server side consuming
+excessive amount of RAM [before/after: up to 2GB and more].
+
+The issue at heart is that the chunk train basically ends
+with !end_of_packet and !singleton markers and since commit
+2e3216cd54b1 ("sctp: Follow security requirement of responding
+with 1 packet") therefore preventing an output queue flush
+point in sctp_do_sm() -> sctp_cmd_interpreter() on the input
+chunk (chunk = event_arg) even though local_cork is set,
+but its precedence has changed since then. In the normal
+case, the last chunk with end_of_packet=1 would trigger the
+queue flush to accommodate possible outgoing bundling.
+
+In the input queue, sctp_inq_pop() seems to do the right thing
+in terms of discarding invalid chunks. So, above JUNK will
+not enter the state machine and instead be released and exit
+the sctp_assoc_bh_rcv() chunk processing loop. It's simply
+the flush point being missing at loop exit. Adding a try-flush
+approach on the output queue might not work as the underlying
+infrastructure might be long gone at this point due to the
+side-effect interpreter run.
+
+One possibility, albeit a bit of a kludge, would be to defer
+invalid chunk freeing into the state machine in order to
+possibly trigger packet discards and thus indirectly a queue
+flush on error. It would surely be better to discard chunks
+as in the current, perhaps better controlled environment, but
+going back and forth, it's simply architecturally not possible.
+I tried various trailing JUNK attack cases and it seems to
+look good now.
+
+Joint work with Vlad Yasevich.
+
+Fixes CVE-2014-3688
+Upstream-Status: Backport
+
+Fixes: 2e3216cd54b1 ("sctp: Follow security requirement of responding with 1 packet")
+Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
+Signed-off-by: Vlad Yasevich <vyasevich@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Cc: Josh Boyer <jwboyer@fedoraproject.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ net/sctp/inqueue.c      | 33 +++++++--------------------------
+ net/sctp/sm_statefuns.c |  3 +++
+ 2 files changed, 10 insertions(+), 26 deletions(-)
+
+diff --git a/net/sctp/inqueue.c b/net/sctp/inqueue.c
+index 5856932..560cd41 100644
+--- a/net/sctp/inqueue.c
++++ b/net/sctp/inqueue.c
+@@ -141,18 +141,9 @@ struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue)
+                } else {
+                        /* Nothing to do. Next chunk in the packet, please. */
+                        ch = (sctp_chunkhdr_t *) chunk->chunk_end;
+-
+                        /* Force chunk->skb->data to chunk->chunk_end.  */
+-                       skb_pull(chunk->skb,
+-                                chunk->chunk_end - chunk->skb->data);
+-
+-                       /* Verify that we have at least chunk headers
+-                        * worth of buffer left.
+-                        */
+-                       if (skb_headlen(chunk->skb) < sizeof(sctp_chunkhdr_t)) {
+-                               sctp_chunk_free(chunk);
+-                               chunk = queue->in_progress = NULL;
+-                       }
++                       skb_pull(chunk->skb, chunk->chunk_end - chunk->skb->data);
++                       /* We are guaranteed to pull a SCTP header. */
+                }
+        }
+ 
+@@ -188,24 +179,14 @@ struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue)
+        skb_pull(chunk->skb, sizeof(sctp_chunkhdr_t));
+        chunk->subh.v = NULL; /* Subheader is no longer valid.  */
+ 
+-       if (chunk->chunk_end < skb_tail_pointer(chunk->skb)) {
++       if (chunk->chunk_end + sizeof(sctp_chunkhdr_t) <
++           skb_tail_pointer(chunk->skb)) {
+                /* This is not a singleton */
+                chunk->singleton = 0;
+        } else if (chunk->chunk_end > skb_tail_pointer(chunk->skb)) {
+-               /* RFC 2960, Section 6.10  Bundling
+-                *
+-                * Partial chunks MUST NOT be placed in an SCTP packet.
+-                * If the receiver detects a partial chunk, it MUST drop
+-                * the chunk.
+-                *
+-                * Since the end of the chunk is past the end of our buffer
+-                * (which contains the whole packet, we can freely discard
+-                * the whole packet.
+-                */
+-               sctp_chunk_free(chunk);
+-               chunk = queue->in_progress = NULL;
+-
+-               return NULL;
++               /* Discard inside state machine. */
++               chunk->pdiscard = 1;
++               chunk->chunk_end = skb_tail_pointer(chunk->skb);
+        } else {
+                /* We are at the end of the packet, so mark the chunk
+                 * in case we need to send a SACK.
+diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
+index 1dbcc6a..62623cc 100644
+--- a/net/sctp/sm_statefuns.c
++++ b/net/sctp/sm_statefuns.c
+@@ -171,6 +171,9 @@ sctp_chunk_length_valid(struct sctp_chunk *chunk,
+ {
+        __u16 chunk_length = ntohs(chunk->chunk_hdr->length);
+ 
++       /* Previously already marked? */
++       if (unlikely(chunk->pdiscard))
++               return 0;
+        if (unlikely(chunk_length < required_length))
+                return 0;
+ 
+-- 
+1.9.1
+
diff --git a/recipes-kernel/linux/files/0004-USB-CVE-2014-3185.patch b/recipes-kernel/linux/files/0004-USB-CVE-2014-3185.patch
new file mode 100644
index 0000000..0820807
--- /dev/null
+++ b/recipes-kernel/linux/files/0004-USB-CVE-2014-3185.patch
@@ -0,0 +1,51 @@
+From 6817ae225cd650fb1c3295d769298c38b1eba818 Mon Sep 17 00:00:00 2001
+From: James Forshaw <forshaw@google.com>
+Date: Sat, 23 Aug 2014 14:39:48 -0700
+Subject: [PATCH] USB: whiteheat: Added bounds checking for bulk command
+ response
+
+This patch fixes a potential security issue in the whiteheat USB driver
+which might allow a local attacker to cause kernel memory corrpution. This
+is due to an unchecked memcpy into a fixed size buffer (of 64 bytes). On
+EHCI and XHCI busses it's possible to craft responses greater than 64
+bytes leading a buffer overflow.
+
+This fixes CVE-2014-3185
+Upstream-Status: Backport
+
+Signed-off-by: James Forshaw <forshaw@google.com>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ drivers/usb/serial/whiteheat.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/usb/serial/whiteheat.c b/drivers/usb/serial/whiteheat.c
+index e62f2df..6c3734d 100644
+--- a/drivers/usb/serial/whiteheat.c
++++ b/drivers/usb/serial/whiteheat.c
+@@ -514,6 +514,10 @@ static void command_port_read_callback(struct urb *urb)
+                dev_dbg(&urb->dev->dev, "%s - command_info is NULL, exiting.\n", __func__);
+                return;
+        }
++       if (!urb->actual_length) {
++               dev_dbg(&urb->dev->dev, "%s - empty response, exiting.\n", __func__);
++               return;
++       }
+        if (status) {
+                dev_dbg(&urb->dev->dev, "%s - nonzero urb status: %d\n", __func__, status);
+                if (status != -ENOENT)
+@@ -534,7 +538,8 @@ static void command_port_read_callback(struct urb *urb)
+                /* These are unsolicited reports from the firmware, hence no
+                   waiting command to wakeup */
+                dev_dbg(&urb->dev->dev, "%s - event received\n", __func__);
+-       } else if (data[0] == WHITEHEAT_GET_DTR_RTS) {
++       } else if ((data[0] == WHITEHEAT_GET_DTR_RTS) &&
++               (urb->actual_length - 1 <= sizeof(command_info->result_buffer))) {
+                memcpy(command_info->result_buffer, &data[1],
+                                                urb->actual_length - 1);
+                command_info->command_finished = WHITEHEAT_CMD_COMPLETE;
+-- 
+1.9.1
+
diff --git a/recipes-kernel/linux/files/0004-mnt-CVE-2014-5206_CVE-2014-5207.patch b/recipes-kernel/linux/files/0004-mnt-CVE-2014-5206_CVE-2014-5207.patch
new file mode 100644
index 0000000..8cd4b13
--- /dev/null
+++ b/recipes-kernel/linux/files/0004-mnt-CVE-2014-5206_CVE-2014-5207.patch
@@ -0,0 +1,64 @@
+From fafbc9412b8f2dae04bc3ca233ae7b49482c8df8 Mon Sep 17 00:00:00 2001
+From: "Eric W. Biederman" <ebiederm@xmission.com>
+Date: Mon, 28 Jul 2014 17:36:04 -0700
+Subject: [PATCH] mnt: Change the default remount atime from relatime to the
+ existing value
+
+commit ffbc6f0ead47fa5a1dc9642b0331cb75c20a640e upstream.
+
+Since March 2009 the kernel has treated the state that if no
+MS_..ATIME flags are passed then the kernel defaults to relatime.
+
+Defaulting to relatime instead of the existing atime state during a
+remount is silly, and causes problems in practice for people who don't
+specify any MS_...ATIME flags and to get the default filesystem atime
+setting.  Those users may encounter a permission error because the
+default atime setting does not work.
+
+A default that does not work and causes permission problems is
+ridiculous, so preserve the existing value to have a default
+atime setting that is always guaranteed to work.
+
+Using the default atime setting in this way is particularly
+interesting for applications built to run in restricted userspace
+environments without /proc mounted, as the existing atime mount
+options of a filesystem can not be read from /proc/mounts.
+
+In practice this fixes user space that uses the default atime
+setting on remount that are broken by the permission checks
+keeping less privileged users from changing more privileged users
+atime settings.
+
+Fix for CVE-2014-5206 and CVE-2014-5207
+Upstream-Status: backport
+
+Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
+Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ fs/namespace.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/fs/namespace.c b/fs/namespace.c
+index 7c67de8..4ea2b73 100644
+--- a/fs/namespace.c
++++ b/fs/namespace.c
+@@ -2391,6 +2391,14 @@ long do_mount(const char *dev_name, const char *dir_name,
+        if (flags & MS_RDONLY)
+                mnt_flags |= MNT_READONLY;
+ 
++       /* The default atime for remount is preservation */
++       if ((flags & MS_REMOUNT) &&
++           ((flags & (MS_NOATIME | MS_NODIRATIME | MS_RELATIME |
++                      MS_STRICTATIME)) == 0)) {
++               mnt_flags &= ~MNT_ATIME_MASK;
++               mnt_flags |= path.mnt->mnt_flags & MNT_ATIME_MASK;
++       }
++
+        flags &= ~(MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_ACTIVE | MS_BORN |
+                   MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
+                   MS_STRICTATIME);
+-- 
+1.9.1
+
diff --git a/recipes-kernel/linux/files/0005-mnt-CVE-2014-5206_CVE-2014-5207.patch b/recipes-kernel/linux/files/0005-mnt-CVE-2014-5206_CVE-2014-5207.patch
new file mode 100644
index 0000000..caa89db
--- /dev/null
+++ b/recipes-kernel/linux/files/0005-mnt-CVE-2014-5206_CVE-2014-5207.patch
@@ -0,0 +1,324 @@
+From 4194b9700ce41ff2f7031aa0c6108c2539028ab5 Mon Sep 17 00:00:00 2001
+From: "Eric W. Biederman" <ebiederm@xmission.com>
+Date: Tue, 29 Jul 2014 15:50:44 -0700
+Subject: [PATCH] mnt: Add tests for unprivileged remount cases that have found
+ to be faulty
+
+commit db181ce011e3c033328608299cd6fac06ea50130 upstream.
+
+Kenton Varda <kenton@sandstorm.io> discovered that by remounting a
+read-only bind mount read-only in a user namespace the
+MNT_LOCK_READONLY bit would be cleared, allowing an unprivileged user
+to the remount a read-only mount read-write.
+
+Upon review of the code in remount it was discovered that the code allowed
+nosuid, noexec, and nodev to be cleared.  It was also discovered that
+the code was allowing the per mount atime flags to be changed.
+
+The first naive patch to fix these issues contained the flaw that using
+default atime settings when remounting a filesystem could be disallowed.
+
+To avoid this problems in the future add tests to ensure unprivileged
+remounts are succeeding and failing at the appropriate times.
+
+Fix for CVE-2014-5206 and CVE-2014-5207
+Upstream-Status: backport
+
+Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
+Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ tools/testing/selftests/Makefile                   |   1 +
+ tools/testing/selftests/mount/Makefile             |  17 ++
+ .../selftests/mount/unprivileged-remount-test.c    | 242 +++++++++++++++++++++
+ 3 files changed, 260 insertions(+)
+ create mode 100644 tools/testing/selftests/mount/Makefile
+ create mode 100644 tools/testing/selftests/mount/unprivileged-remount-test.c
+
+diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile
+index 9f3eae2..2d9ab94 100644
+--- a/tools/testing/selftests/Makefile
++++ b/tools/testing/selftests/Makefile
+@@ -4,6 +4,7 @@ TARGETS += efivarfs
+ TARGETS += kcmp
+ TARGETS += memory-hotplug
+ TARGETS += mqueue
++TARGETS += mount
+ TARGETS += net
+ TARGETS += ptrace
+ TARGETS += timers
+diff --git a/tools/testing/selftests/mount/Makefile b/tools/testing/selftests/mount/Makefile
+new file mode 100644
+index 0000000..337d853
+--- /dev/null
++++ b/tools/testing/selftests/mount/Makefile
+@@ -0,0 +1,17 @@
++# Makefile for mount selftests.
++
++all: unprivileged-remount-test
++
++unprivileged-remount-test: unprivileged-remount-test.c
++       gcc -Wall -O2 unprivileged-remount-test.c -o unprivileged-remount-test
++
++# Allow specific tests to be selected.
++test_unprivileged_remount: unprivileged-remount-test
++       @if [ -f /proc/self/uid_map ] ; then ./unprivileged-remount-test ; fi
++
++run_tests: all test_unprivileged_remount
++
++clean:
++       rm -f unprivileged-remount-test
++
++.PHONY: all test_unprivileged_remount
+diff --git a/tools/testing/selftests/mount/unprivileged-remount-test.c b/tools/testing/selftests/mount/unprivileged-remount-test.c
+new file mode 100644
+index 0000000..1b3ff2f
+--- /dev/null
++++ b/tools/testing/selftests/mount/unprivileged-remount-test.c
+@@ -0,0 +1,242 @@
++#define _GNU_SOURCE
++#include <sched.h>
++#include <stdio.h>
++#include <errno.h>
++#include <string.h>
++#include <sys/types.h>
++#include <sys/mount.h>
++#include <sys/wait.h>
++#include <stdlib.h>
++#include <unistd.h>
++#include <fcntl.h>
++#include <grp.h>
++#include <stdbool.h>
++#include <stdarg.h>
++
++#ifndef CLONE_NEWNS
++# define CLONE_NEWNS 0x00020000
++#endif
++#ifndef CLONE_NEWUTS
++# define CLONE_NEWUTS 0x04000000
++#endif
++#ifndef CLONE_NEWIPC
++# define CLONE_NEWIPC 0x08000000
++#endif
++#ifndef CLONE_NEWNET
++# define CLONE_NEWNET 0x40000000
++#endif
++#ifndef CLONE_NEWUSER
++# define CLONE_NEWUSER 0x10000000
++#endif
++#ifndef CLONE_NEWPID
++# define CLONE_NEWPID 0x20000000
++#endif
++
++#ifndef MS_RELATIME
++#define MS_RELATIME (1 << 21)
++#endif
++#ifndef MS_STRICTATIME
++#define MS_STRICTATIME (1 << 24)
++#endif
++
++static void die(char *fmt, ...)
++{
++       va_list ap;
++       va_start(ap, fmt);
++       vfprintf(stderr, fmt, ap);
++       va_end(ap);
++       exit(EXIT_FAILURE);
++}
++
++static void write_file(char *filename, char *fmt, ...)
++{
++       char buf[4096];
++       int fd;
++       ssize_t written;
++       int buf_len;
++       va_list ap;
++
++       va_start(ap, fmt);
++       buf_len = vsnprintf(buf, sizeof(buf), fmt, ap);
++       va_end(ap);
++       if (buf_len < 0) {
++               die("vsnprintf failed: %s\n",
++                   strerror(errno));
++       }
++       if (buf_len >= sizeof(buf)) {
++               die("vsnprintf output truncated\n");
++       }
++
++       fd = open(filename, O_WRONLY);
++       if (fd < 0) {
++               die("open of %s failed: %s\n",
++                   filename, strerror(errno));
++       }
++       written = write(fd, buf, buf_len);
++       if (written != buf_len) {
++               if (written >= 0) {
++                       die("short write to %s\n", filename);
++               } else {
++                       die("write to %s failed: %s\n",
++                               filename, strerror(errno));
++               }
++       }
++       if (close(fd) != 0) {
++               die("close of %s failed: %s\n",
++                       filename, strerror(errno));
++       }
++}
++
++static void create_and_enter_userns(void)
++{
++       uid_t uid;
++       gid_t gid;
++
++       uid = getuid();
++       gid = getgid();
++
++       if (unshare(CLONE_NEWUSER) !=0) {
++               die("unshare(CLONE_NEWUSER) failed: %s\n",
++                       strerror(errno));
++       }
++
++       write_file("/proc/self/uid_map", "0 %d 1", uid);
++       write_file("/proc/self/gid_map", "0 %d 1", gid);
++
++       if (setgroups(0, NULL) != 0) {
++               die("setgroups failed: %s\n",
++                       strerror(errno));
++       }
++       if (setgid(0) != 0) {
++               die ("setgid(0) failed %s\n",
++                       strerror(errno));
++       }
++       if (setuid(0) != 0) {
++               die("setuid(0) failed %s\n",
++                       strerror(errno));
++       }
++}
++
++static
++bool test_unpriv_remount(int mount_flags, int remount_flags, int invalid_flags)
++{
++       pid_t child;
++
++       child = fork();
++       if (child == -1) {
++               die("fork failed: %s\n",
++                       strerror(errno));
++       }
++       if (child != 0) { /* parent */
++               pid_t pid;
++               int status;
++               pid = waitpid(child, &status, 0);
++               if (pid == -1) {
++                       die("waitpid failed: %s\n",
++                               strerror(errno));
++               }
++               if (pid != child) {
++                       die("waited for %d got %d\n",
++                               child, pid);
++               }
++               if (!WIFEXITED(status)) {
++                       die("child did not terminate cleanly\n");
++               }
++               return WEXITSTATUS(status) == EXIT_SUCCESS ? true : false;
++       }
++
++       create_and_enter_userns();
++       if (unshare(CLONE_NEWNS) != 0) {
++               die("unshare(CLONE_NEWNS) failed: %s\n",
++                       strerror(errno));
++       }
++
++       if (mount("testing", "/tmp", "ramfs", mount_flags, NULL) != 0) {
++               die("mount of /tmp failed: %s\n",
++                       strerror(errno));
++       }
++
++       create_and_enter_userns();
++
++       if (unshare(CLONE_NEWNS) != 0) {
++               die("unshare(CLONE_NEWNS) failed: %s\n",
++                       strerror(errno));
++       }
++
++       if (mount("/tmp", "/tmp", "none",
++                 MS_REMOUNT | MS_BIND | remount_flags, NULL) != 0) {
++               /* system("cat /proc/self/mounts"); */
++               die("remount of /tmp failed: %s\n",
++                   strerror(errno));
++       }
++
++       if (mount("/tmp", "/tmp", "none",
++                 MS_REMOUNT | MS_BIND | invalid_flags, NULL) == 0) {
++               /* system("cat /proc/self/mounts"); */
++               die("remount of /tmp with invalid flags "
++                   "succeeded unexpectedly\n");
++       }
++       exit(EXIT_SUCCESS);
++}
++
++static bool test_unpriv_remount_simple(int mount_flags)
++{
++       return test_unpriv_remount(mount_flags, mount_flags, 0);
++}
++
++static bool test_unpriv_remount_atime(int mount_flags, int invalid_flags)
++{
++       return test_unpriv_remount(mount_flags, mount_flags, invalid_flags);
++}
++
++int main(int argc, char **argv)
++{
++       if (!test_unpriv_remount_simple(MS_RDONLY|MS_NODEV)) {
++               die("MS_RDONLY malfunctions\n");
++       }
++       if (!test_unpriv_remount_simple(MS_NODEV)) {
++               die("MS_NODEV malfunctions\n");
++       }
++       if (!test_unpriv_remount_simple(MS_NOSUID|MS_NODEV)) {
++               die("MS_NOSUID malfunctions\n");
++       }
++       if (!test_unpriv_remount_simple(MS_NOEXEC|MS_NODEV)) {
++               die("MS_NOEXEC malfunctions\n");
++       }
++       if (!test_unpriv_remount_atime(MS_RELATIME|MS_NODEV,
++                                      MS_NOATIME|MS_NODEV))
++       {
++               die("MS_RELATIME malfunctions\n");
++       }
++       if (!test_unpriv_remount_atime(MS_STRICTATIME|MS_NODEV,
++                                      MS_NOATIME|MS_NODEV))
++       {
++               die("MS_STRICTATIME malfunctions\n");
++       }
++       if (!test_unpriv_remount_atime(MS_NOATIME|MS_NODEV,
++                                      MS_STRICTATIME|MS_NODEV))
++       {
++               die("MS_RELATIME malfunctions\n");
++       }
++       if (!test_unpriv_remount_atime(MS_RELATIME|MS_NODIRATIME|MS_NODEV,
++                                      MS_NOATIME|MS_NODEV))
++       {
++               die("MS_RELATIME malfunctions\n");
++       }
++       if (!test_unpriv_remount_atime(MS_STRICTATIME|MS_NODIRATIME|MS_NODEV,
++                                      MS_NOATIME|MS_NODEV))
++       {
++               die("MS_RELATIME malfunctions\n");
++       }
++       if (!test_unpriv_remount_atime(MS_NOATIME|MS_NODIRATIME|MS_NODEV,
++                                      MS_STRICTATIME|MS_NODEV))
++       {
++               die("MS_RELATIME malfunctions\n");
++       }
++       if (!test_unpriv_remount(MS_STRICTATIME|MS_NODEV, MS_NODEV,
++                                MS_NOATIME|MS_NODEV))
++       {
++               die("Default atime malfunctions\n");
++       }
++       return EXIT_SUCCESS;
++}
+-- 
+1.9.1
+
diff --git a/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch b/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch
new file mode 100644
index 0000000..7d16535
--- /dev/null
+++ b/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch
@@ -0,0 +1,41 @@
+CVE-2014-5077 Kernel/SCTP: fix a NULL pointer dereference
+
+A NULL pointer dereference flaw was found in the way the
+Linux kernel's Stream Control Transmission Protocol
+(SCTP) implementation handled simultaneous connections
+between the same hosts. A remote attacker could use this
+flaw to crash the system.
+
+Upstream-Status: Backport (from v3.16, commit 1be9a950c646c)
+
+References:
+    - https://access.redhat.com/security/cve/CVE-2014-5077
+    - http://patchwork.ozlabs.org/patch/372475/
+
+Fixes: 730fc3d05cd4 ("[SCTP]: Implete SCTP-AUTH parameter processing")
+Reported-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
+Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
+Tested-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
+Cc: Vlad Yasevich <vyasevich@gmail.com>
+Acked-by: Vlad Yasevich <vyasevich@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Liviu Gheorghisan <liviu.gheorghisan@enea.com>
+---
+ net/sctp/associola.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/net/sctp/associola.c b/net/sctp/associola.c
+index 9de23a2..06a9ee6 100644
+--- a/net/sctp/associola.c
++++ b/net/sctp/associola.c
+@@ -1097,6 +1097,7 @@ void sctp_assoc_update(struct sctp_association *asoc,
+        asoc->c = new->c;
+        asoc->peer.rwnd = new->peer.rwnd;
+        asoc->peer.sack_needed = new->peer.sack_needed;
++       asoc->peer.auth_capable = new->peer.auth_capable;
+        asoc->peer.i = new->peer.i;
+        sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
+                         asoc->peer.i.initial_tsn, GFP_ATOMIC);
+-- 
+1.9.1
+
diff --git a/recipes-kernel/linux/files/Fix-CVE-2014-5471_CVE-2014-5472.patch b/recipes-kernel/linux/files/Fix-CVE-2014-5471_CVE-2014-5472.patch
new file mode 100644
index 0000000..65107d6
--- /dev/null
+++ b/recipes-kernel/linux/files/Fix-CVE-2014-5471_CVE-2014-5472.patch
@@ -0,0 +1,212 @@
+From 4488e1f5ef40441c9846b1d0a29152c208a05e66 Mon Sep 17 00:00:00 2001
+From: Jan Kara <jack@suse.cz>
+Date: Sun, 17 Aug 2014 11:49:57 +0200
+Subject: [PATCH] isofs: Fix unbounded recursion when processing relocated
+ directories
+
+commit 410dd3cf4c9b36f27ed4542ee18b1af5e68645a4 upstream.
+
+We did not check relocated directory in any way when processing Rock
+Ridge 'CL' tag. Thus a corrupted isofs image can possibly have a CL
+entry pointing to another CL entry leading to possibly unbounded
+recursion in kernel code and thus stack overflow or deadlocks (if there
+is a loop created from CL entries).
+
+Fix the problem by not allowing CL entry to point to a directory entry
+with CL entry (such use makes no good sense anyway) and by checking
+whether CL entry doesn't point to itself.
+
+Upstream status: backported (from v3.12 e4ca8b780c82c04ec0)
+
+Reported-by: Chris Evans <cevans@google.com>
+Signed-off-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ fs/isofs/inode.c | 15 ++++++++-------
+ fs/isofs/isofs.h | 23 +++++++++++++++++++----
+ fs/isofs/rock.c  | 39 ++++++++++++++++++++++++++++-----------
+ 3 files changed, 55 insertions(+), 22 deletions(-)
+
+diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c
+index e5d408a..2e2af97 100644
+--- a/fs/isofs/inode.c
++++ b/fs/isofs/inode.c
+@@ -61,7 +61,7 @@ static void isofs_put_super(struct super_block *sb)
+        return;
+ }
+ 
+-static int isofs_read_inode(struct inode *);
++static int isofs_read_inode(struct inode *, int relocated);
+ static int isofs_statfs (struct dentry *, struct kstatfs *);
+ 
+ static struct kmem_cache *isofs_inode_cachep;
+@@ -1258,7 +1258,7 @@ out_toomany:
+        goto out;
+ }
+ 
+-static int isofs_read_inode(struct inode *inode)
++static int isofs_read_inode(struct inode *inode, int relocated)
+ {
+        struct super_block *sb = inode->i_sb;
+        struct isofs_sb_info *sbi = ISOFS_SB(sb);
+@@ -1403,7 +1403,7 @@ static int isofs_read_inode(struct inode *inode)
+         */
+ 
+        if (!high_sierra) {
+-               parse_rock_ridge_inode(de, inode);
++               parse_rock_ridge_inode(de, inode, relocated);
+                /* if we want uid/gid set, override the rock ridge setting */
+                if (sbi->s_uid_set)
+                        inode->i_uid = sbi->s_uid;
+@@ -1482,9 +1482,10 @@ static int isofs_iget5_set(struct inode *ino, void *data)
+  * offset that point to the underlying meta-data for the inode.  The
+  * code below is otherwise similar to the iget() code in
+  * include/linux/fs.h */
+-struct inode *isofs_iget(struct super_block *sb,
+-                        unsigned long block,
+-                        unsigned long offset)
++struct inode *__isofs_iget(struct super_block *sb,
++                          unsigned long block,
++                          unsigned long offset,
++                          int relocated)
+ {
+        unsigned long hashval;
+        struct inode *inode;
+@@ -1506,7 +1507,7 @@ struct inode *isofs_iget(struct super_block *sb,
+                return ERR_PTR(-ENOMEM);
+ 
+        if (inode->i_state & I_NEW) {
+-               ret = isofs_read_inode(inode);
++               ret = isofs_read_inode(inode, relocated);
+                if (ret < 0) {
+                        iget_failed(inode);
+                        inode = ERR_PTR(ret);
+diff --git a/fs/isofs/isofs.h b/fs/isofs/isofs.h
+index 9916723..0ac4c1f 100644
+--- a/fs/isofs/isofs.h
++++ b/fs/isofs/isofs.h
+@@ -107,7 +107,7 @@ extern int iso_date(char *, int);
+ 
+ struct inode;          /* To make gcc happy */
+ 
+-extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *);
++extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *, int relocated);
+ extern int get_rock_ridge_filename(struct iso_directory_record *, char *, struct inode *);
+ extern int isofs_name_translate(struct iso_directory_record *, char *, struct inode *);
+ 
+@@ -118,9 +118,24 @@ extern struct dentry *isofs_lookup(struct inode *, struct dentry *, unsigned int
+ extern struct buffer_head *isofs_bread(struct inode *, sector_t);
+ extern int isofs_get_blocks(struct inode *, sector_t, struct buffer_head **, unsigned long);
+ 
+-extern struct inode *isofs_iget(struct super_block *sb,
+-                                unsigned long block,
+-                                unsigned long offset);
++struct inode *__isofs_iget(struct super_block *sb,
++                          unsigned long block,
++                          unsigned long offset,
++                          int relocated);
++
++static inline struct inode *isofs_iget(struct super_block *sb,
++                                      unsigned long block,
++                                      unsigned long offset)
++{
++       return __isofs_iget(sb, block, offset, 0);
++}
++
++static inline struct inode *isofs_iget_reloc(struct super_block *sb,
++                                            unsigned long block,
++                                            unsigned long offset)
++{
++       return __isofs_iget(sb, block, offset, 1);
++}
+ 
+ /* Because the inode number is no longer relevant to finding the
+  * underlying meta-data for an inode, we are free to choose a more
+diff --git a/fs/isofs/rock.c b/fs/isofs/rock.c
+index c0bf424..f488bba 100644
+--- a/fs/isofs/rock.c
++++ b/fs/isofs/rock.c
+@@ -288,12 +288,16 @@ eio:
+        goto out;
+ }
+ 
++#define RR_REGARD_XA 1
++#define RR_RELOC_DE 2
++
+ static int
+ parse_rock_ridge_inode_internal(struct iso_directory_record *de,
+-                               struct inode *inode, int regard_xa)
++                               struct inode *inode, int flags)
+ {
+        int symlink_len = 0;
+        int cnt, sig;
++       unsigned int reloc_block;
+        struct inode *reloc;
+        struct rock_ridge *rr;
+        int rootflag;
+@@ -305,7 +309,7 @@ parse_rock_ridge_inode_internal(struct iso_directory_record *de,
+ 
+        init_rock_state(&rs, inode);
+        setup_rock_ridge(de, inode, &rs);
+-       if (regard_xa) {
++       if (flags & RR_REGARD_XA) {
+                rs.chr += 14;
+                rs.len -= 14;
+                if (rs.len < 0)
+@@ -485,12 +489,22 @@ repeat:
+                                        "relocated directory\n");
+                        goto out;
+                case SIG('C', 'L'):
+-                       ISOFS_I(inode)->i_first_extent =
+-                           isonum_733(rr->u.CL.location);
+-                       reloc =
+-                           isofs_iget(inode->i_sb,
+-                                      ISOFS_I(inode)->i_first_extent,
+-                                      0);
++                       if (flags & RR_RELOC_DE) {
++                               printk(KERN_ERR
++                                      "ISOFS: Recursive directory relocation "
++                                      "is not supported\n");
++                               goto eio;
++                       }
++                       reloc_block = isonum_733(rr->u.CL.location);
++                       if (reloc_block == ISOFS_I(inode)->i_iget5_block &&
++                           ISOFS_I(inode)->i_iget5_offset == 0) {
++                               printk(KERN_ERR
++                                      "ISOFS: Directory relocation points to "
++                                      "itself\n");
++                               goto eio;
++                       }
++                       ISOFS_I(inode)->i_first_extent = reloc_block;
++                       reloc = isofs_iget_reloc(inode->i_sb, reloc_block, 0);
+                        if (IS_ERR(reloc)) {
+                                ret = PTR_ERR(reloc);
+                                goto out;
+@@ -637,9 +651,11 @@ static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr, char *plimit)
+        return rpnt;
+ }
+ 
+-int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode)
++int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode,
++                          int relocated)
+ {
+-       int result = parse_rock_ridge_inode_internal(de, inode, 0);
++       int flags = relocated ? RR_RELOC_DE : 0;
++       int result = parse_rock_ridge_inode_internal(de, inode, flags);
+ 
+        /*
+         * if rockridge flag was reset and we didn't look for attributes
+@@ -647,7 +663,8 @@ int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode)
+         */
+        if ((ISOFS_SB(inode->i_sb)->s_rock_offset == -1)
+            && (ISOFS_SB(inode->i_sb)->s_rock == 2)) {
+-               result = parse_rock_ridge_inode_internal(de, inode, 14);
++               result = parse_rock_ridge_inode_internal(de, inode,
++                                                        flags | RR_REGARD_XA);
+        }
+        return result;
+ }
+-- 
+1.9.1
+
diff --git a/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch b/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch
new file mode 100644
index 0000000..1ae600f
--- /dev/null
+++ b/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch
@@ -0,0 +1,47 @@
+fs: umount on symlink leaks mnt count
+
+commit 295dc39d941dc2ae53d5c170365af4c9d5c16212 upstream.
+
+Currently umount on symlink blocks following umount:
+
+/vz is separate mount
+
+drwxr-xr-x.  2 root root       4096 Jul 19 01:14 testdir
+lrwxrwxrwx.  1 root root         11 Jul 19 01:16 testlink -> /vz/testdir
+umount: /vz/testlink: not mounted (expected)
+
+umount: /vz: device is busy. (unexpected)
+
+In this case mountpoint_last() gets an extra refcount on path->mnt
+
+Upstream-Status: Backport
+
+Signed-off-by: Vasily Averin <vvs@openvz.org>
+Acked-by: Ian Kent <raven@themaw.net>
+Acked-by: Jeff Layton <jlayton@primarydata.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ fs/namei.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/fs/namei.c b/fs/namei.c
+index 187cacf..c199dcc 100644
+--- a/fs/namei.c
++++ b/fs/namei.c
+@@ -2280,9 +2280,10 @@ done:
+                goto out;
+        }
+        path->dentry = dentry;
+-       path->mnt = mntget(nd->path.mnt);
++       path->mnt = nd->path.mnt;
+        if (should_follow_link(dentry->d_inode, nd->flags & LOOKUP_FOLLOW))
+                return 1;
++       mntget(path->mnt);
+        follow_mount(path);
+        error = 0;
+ out:
+-- 
+1.9.1
+
diff --git a/recipes-kernel/linux/files/auditsc-CVE-2014-3917.patch b/recipes-kernel/linux/files/auditsc-CVE-2014-3917.patch
new file mode 100644
index 0000000..a0bdc27
--- /dev/null
+++ b/recipes-kernel/linux/files/auditsc-CVE-2014-3917.patch
@@ -0,0 +1,91 @@
+From 6004b0e5ac2e8e9e1bb0f012dc9242e03cca95df Mon Sep 17 00:00:00 2001
+From: Andy Lutomirski <luto@amacapital.net>
+Date: Wed, 28 May 2014 23:09:58 -0400
+Subject: [PATCH] auditsc: audit_krule mask accesses need bounds checking
+
+commit a3c54931199565930d6d84f4c3456f6440aefd41 upstream.
+
+Fixes an easy DoS and possible information disclosure.
+
+This does nothing about the broken state of x32 auditing.
+
+eparis: If the admin has enabled auditd and has specifically loaded
+audit rules.  This bug has been around since before git.  Wow...
+
+This fixes CVE-2014-3917
+Upstream-Status: Backport
+
+Signed-off-by: Andy Lutomirski <luto@amacapital.net>
+Signed-off-by: Eric Paris <eparis@redhat.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ kernel/auditsc.c | 27 ++++++++++++++++++---------
+ 1 file changed, 18 insertions(+), 9 deletions(-)
+
+diff --git a/kernel/auditsc.c b/kernel/auditsc.c
+index 3b79a47..979c00b 100644
+--- a/kernel/auditsc.c
++++ b/kernel/auditsc.c
+@@ -733,6 +733,22 @@ static enum audit_state audit_filter_task(struct task_struct *tsk, char **key)
+        return AUDIT_BUILD_CONTEXT;
+ }
+ 
++static int audit_in_mask(const struct audit_krule *rule, unsigned long val)
++{
++       int word, bit;
++
++       if (val > 0xffffffff)
++               return false;
++
++       word = AUDIT_WORD(val);
++       if (word >= AUDIT_BITMASK_SIZE)
++               return false;
++
++       bit = AUDIT_BIT(val);
++
++       return rule->mask[word] & bit;
++}
++
+ /* At syscall entry and exit time, this filter is called if the
+  * audit_state is not low enough that auditing cannot take place, but is
+  * also not high enough that we already know we have to write an audit
+@@ -750,11 +766,8 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk,
+ 
+        rcu_read_lock();
+        if (!list_empty(list)) {
+-               int word = AUDIT_WORD(ctx->major);
+-               int bit  = AUDIT_BIT(ctx->major);
+-
+                list_for_each_entry_rcu(e, list, list) {
+-                       if ((e->rule.mask[word] & bit) == bit &&
++                       if (audit_in_mask(&e->rule, ctx->major) &&
+                            audit_filter_rules(tsk, &e->rule, ctx, NULL,
+                                               &state, false)) {
+                                rcu_read_unlock();
+@@ -774,20 +787,16 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk,
+ static int audit_filter_inode_name(struct task_struct *tsk,
+                                   struct audit_names *n,
+                                   struct audit_context *ctx) {
+-       int word, bit;
+        int h = audit_hash_ino((u32)n->ino);
+        struct list_head *list = &audit_inode_hash[h];
+        struct audit_entry *e;
+        enum audit_state state;
+ 
+-       word = AUDIT_WORD(ctx->major);
+-       bit  = AUDIT_BIT(ctx->major);
+-
+        if (list_empty(list))
+                return 0;
+ 
+        list_for_each_entry_rcu(e, list, list) {
+-               if ((e->rule.mask[word] & bit) == bit &&
++               if (audit_in_mask(&e->rule, ctx->major) &&
+                    audit_filter_rules(tsk, &e->rule, ctx, n, &state, false)) {
+                        ctx->current_state = state;
+                        return 1;
+-- 
+1.9.1
+
diff --git a/recipes-kernel/linux/files/modify-defconfig-t1040-nr-cpus.patch b/recipes-kernel/linux/files/modify-defconfig-t1040-nr-cpus.patch
new file mode 100644
index 0000000..635c2bb
--- /dev/null
+++ b/recipes-kernel/linux/files/modify-defconfig-t1040-nr-cpus.patch
@@ -0,0 +1,47 @@
+From 8545129540a5862b22aad03badb2a9f93bf29117 Mon Sep 17 00:00:00 2001
+From: Bob Cochran <yocto@mindchasers.com>
+Date: Mon, 3 Nov 2014 22:45:35 -0500
+Subject: [meta-fsl-ppc][PATCH] linux-qoriq: Change defconfig for T1040 to
+ match number of CPUS
+
+Having a number higher than necessary for NR_CPUS wastes memory by
+instantiating unnecessary structures in RAM.  An example is in the DPAA where
+DPAA_ETH_TX_QUEUES is defined based on NR_CPUS and used to create
+dozens of extra qman_fq structures.  Using the prior value of 24, which was
+left over from the T4240 created an additonal 60 frame queue structures alone.
+
+This has been tested on t1040rdb-64b.  .
+
+Signed-off-by: Bob Cochran <yocto@mindchasers.com>
+---
+ arch/powerpc/configs/corenet32_fmanv3_smp_defconfig |    2 +-
+ arch/powerpc/configs/corenet64_fmanv3_smp_defconfig |    2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/arch/powerpc/configs/corenet32_fmanv3_smp_defconfig b/arch/powerpc/configs/corenet32_fmanv3_smp_defconfig
+index a401e7c..5542248 100644
+--- a/arch/powerpc/configs/corenet32_fmanv3_smp_defconfig
++++ b/arch/powerpc/configs/corenet32_fmanv3_smp_defconfig
+@@ -1,6 +1,6 @@
+ CONFIG_PPC_85xx=y
+ CONFIG_SMP=y
+-CONFIG_NR_CPUS=8
++CONFIG_NR_CPUS=4
+ CONFIG_EXPERIMENTAL=y
+ CONFIG_SYSVIPC=y
+ CONFIG_POSIX_MQUEUE=y
+diff --git a/arch/powerpc/configs/corenet64_fmanv3_smp_defconfig b/arch/powerpc/configs/corenet64_fmanv3_smp_defconfig
+index 1b987d9..bc0dacf 100644
+--- a/arch/powerpc/configs/corenet64_fmanv3_smp_defconfig
++++ b/arch/powerpc/configs/corenet64_fmanv3_smp_defconfig
+@@ -2,7 +2,7 @@ CONFIG_PPC64=y
+ CONFIG_PPC_BOOK3E_64=y
+ CONFIG_ALTIVEC=y
+ CONFIG_SMP=y
+-CONFIG_NR_CPUS=24
++CONFIG_NR_CPUS=4
+ CONFIG_SYSVIPC=y
+ CONFIG_POSIX_MQUEUE=y
+ CONFIG_IRQ_DOMAIN_DEBUG=y
+--
+1.7.9.5
diff --git a/recipes-kernel/linux/files/net-sctp-CVE-2014-0101.patch b/recipes-kernel/linux/files/net-sctp-CVE-2014-0101.patch
new file mode 100644
index 0000000..6fc5610
--- /dev/null
+++ b/recipes-kernel/linux/files/net-sctp-CVE-2014-0101.patch
@@ -0,0 +1,145 @@
+From 00c53b02cb01976b35d37670a4b5c5d7a6ad3c62 Mon Sep 17 00:00:00 2001
+From: Daniel Borkmann <dborkman@redhat.com>
+Date: Mon, 3 Mar 2014 17:23:04 +0100
+Subject: [PATCH] net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is
+ AUTH capable
+
+[ Upstream commit ec0223ec48a90cb605244b45f7c62de856403729 ]
+
+RFC4895 introduced AUTH chunks for SCTP; during the SCTP
+handshake RANDOM; CHUNKS; HMAC-ALGO are negotiated (CHUNKS
+being optional though):
+
+  ---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ---------->
+  <------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] ---------
+  -------------------- COOKIE-ECHO -------------------->
+  <-------------------- COOKIE-ACK ---------------------
+
+A special case is when an endpoint requires COOKIE-ECHO
+chunks to be authenticated:
+
+  ---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ---------->
+  <------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] ---------
+  ------------------ AUTH; COOKIE-ECHO ---------------->
+  <-------------------- COOKIE-ACK ---------------------
+
+RFC4895, section 6.3. Receiving Authenticated Chunks says:
+
+  The receiver MUST use the HMAC algorithm indicated in
+  the HMAC Identifier field. If this algorithm was not
+  specified by the receiver in the HMAC-ALGO parameter in
+  the INIT or INIT-ACK chunk during association setup, the
+  AUTH chunk and all the chunks after it MUST be discarded
+  and an ERROR chunk SHOULD be sent with the error cause
+  defined in Section 4.1. [...] If no endpoint pair shared
+  key has been configured for that Shared Key Identifier,
+  all authenticated chunks MUST be silently discarded. [...]
+
+  When an endpoint requires COOKIE-ECHO chunks to be
+  authenticated, some special procedures have to be followed
+  because the reception of a COOKIE-ECHO chunk might result
+  in the creation of an SCTP association. If a packet arrives
+  containing an AUTH chunk as a first chunk, a COOKIE-ECHO
+  chunk as the second chunk, and possibly more chunks after
+  them, and the receiver does not have an STCB for that
+  packet, then authentication is based on the contents of
+  the COOKIE-ECHO chunk. In this situation, the receiver MUST
+  authenticate the chunks in the packet by using the RANDOM
+  parameters, CHUNKS parameters and HMAC_ALGO parameters
+  obtained from the COOKIE-ECHO chunk, and possibly a local
+  shared secret as inputs to the authentication procedure
+  specified in Section 6.3. If authentication fails, then
+  the packet is discarded. If the authentication is successful,
+  the COOKIE-ECHO and all the chunks after the COOKIE-ECHO
+  MUST be processed. If the receiver has an STCB, it MUST
+  process the AUTH chunk as described above using the STCB
+  from the existing association to authenticate the
+  COOKIE-ECHO chunk and all the chunks after it. [...]
+
+Commit bbd0d59809f9 introduced the possibility to receive
+and verification of AUTH chunk, including the edge case for
+authenticated COOKIE-ECHO. On reception of COOKIE-ECHO,
+the function sctp_sf_do_5_1D_ce() handles processing,
+unpacks and creates a new association if it passed sanity
+checks and also tests for authentication chunks being
+present. After a new association has been processed, it
+invokes sctp_process_init() on the new association and
+walks through the parameter list it received from the INIT
+chunk. It checks SCTP_PARAM_RANDOM, SCTP_PARAM_HMAC_ALGO
+and SCTP_PARAM_CHUNKS, and copies them into asoc->peer
+meta data (peer_random, peer_hmacs, peer_chunks) in case
+sysctl -w net.sctp.auth_enable=1 is set. If in INIT's
+SCTP_PARAM_SUPPORTED_EXT parameter SCTP_CID_AUTH is set,
+peer_random != NULL and peer_hmacs != NULL the peer is to be
+assumed asoc->peer.auth_capable=1, in any other case
+asoc->peer.auth_capable=0.
+
+Now, if in sctp_sf_do_5_1D_ce() chunk->auth_chunk is
+available, we set up a fake auth chunk and pass that on to
+sctp_sf_authenticate(), which at latest in
+sctp_auth_calculate_hmac() reliably dereferences a NULL pointer
+at position 0..0008 when setting up the crypto key in
+crypto_hash_setkey() by using asoc->asoc_shared_key that is
+NULL as condition key_id == asoc->active_key_id is true if
+the AUTH chunk was injected correctly from remote. This
+happens no matter what net.sctp.auth_enable sysctl says.
+
+The fix is to check for net->sctp.auth_enable and for
+asoc->peer.auth_capable before doing any operations like
+sctp_sf_authenticate() as no key is activated in
+sctp_auth_asoc_init_active_key() for each case.
+
+Now as RFC4895 section 6.3 states that if the used HMAC-ALGO
+passed from the INIT chunk was not used in the AUTH chunk, we
+SHOULD send an error; however in this case it would be better
+to just silently discard such a maliciously prepared handshake
+as we didn't even receive a parameter at all. Also, as our
+endpoint has no shared key configured, section 6.3 says that
+MUST silently discard, which we are doing from now onwards.
+
+Before calling sctp_sf_pdiscard(), we need not only to free
+the association, but also the chunk->auth_chunk skb, as
+commit bbd0d59809f9 created a skb clone in that case.
+
+I have tested this locally by using netfilter's nfqueue and
+re-injecting packets into the local stack after maliciously
+modifying the INIT chunk (removing RANDOM; HMAC-ALGO param)
+and the SCTP packet containing the COOKIE_ECHO (injecting
+AUTH chunk before COOKIE_ECHO). Fixed with this patch applied.
+
+This fixes CVE-2014-0101
+Upstream-Status: Backport
+
+Fixes: bbd0d59809f9 ("[SCTP]: Implement the receive and verification of AUTH chunk")
+Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
+Cc: Vlad Yasevich <yasevich@gmail.com>
+Cc: Neil Horman <nhorman@tuxdriver.com>
+Acked-by: Vlad Yasevich <vyasevich@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ net/sctp/sm_statefuns.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
+index dfe3f36..56ebe71 100644
+--- a/net/sctp/sm_statefuns.c
++++ b/net/sctp/sm_statefuns.c
+@@ -759,6 +759,13 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(struct net *net,
+                struct sctp_chunk auth;
+                sctp_ierror_t ret;
+ 
++               /* Make sure that we and the peer are AUTH capable */
++               if (!net->sctp.auth_enable || !new_asoc->peer.auth_capable) {
++                       kfree_skb(chunk->auth_chunk);
++                       sctp_association_free(new_asoc);
++                       return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands);
++               }
++
+                /* set-up our fake chunk so that we can process it */
+                auth.skb = chunk->auth_chunk;
+                auth.asoc = chunk->asoc;
+-- 
+1.9.1
+
diff --git a/recipes-kernel/linux/files/powerpc-Fix-64-bit-builds-with-binutils-2.24.patch b/recipes-kernel/linux/files/powerpc-Fix-64-bit-builds-with-binutils-2.24.patch
new file mode 100644
index 0000000..2fdcc9f
--- /dev/null
+++ b/recipes-kernel/linux/files/powerpc-Fix-64-bit-builds-with-binutils-2.24.patch
@@ -0,0 +1,80 @@
+From 7998eb3dc700aaf499f93f50b3d77da834ef9e1d Mon Sep 17 00:00:00 2001
+From: Guenter Roeck <linux@roeck-us.net>
+Date: Thu, 15 May 2014 09:33:42 -0700
+Subject: powerpc: Fix 64 bit builds with binutils 2.24
+
+Upstream-Status: Backport
+
+With binutils 2.24, various 64 bit builds fail with relocation errors
+such as
+
+arch/powerpc/kernel/built-in.o: In function `exc_debug_crit_book3e':
+        (.text+0x165ee): relocation truncated to fit: R_PPC64_ADDR16_HI
+        against symbol `interrupt_base_book3e' defined in .text section
+        in arch/powerpc/kernel/built-in.o
+arch/powerpc/kernel/built-in.o: In function `exc_debug_crit_book3e':
+        (.text+0x16602): relocation truncated to fit: R_PPC64_ADDR16_HI
+        against symbol `interrupt_end_book3e' defined in .text section
+        in arch/powerpc/kernel/built-in.o
+
+The assembler maintainer says:
+
+ I changed the ABI, something that had to be done but unfortunately
+ happens to break the booke kernel code.  When building up a 64-bit
+ value with lis, ori, shl, oris, ori or similar sequences, you now
+ should use @high and @higha in place of @h and @ha.  @h and @ha
+ (and their associated relocs R_PPC64_ADDR16_HI and R_PPC64_ADDR16_HA)
+ now report overflow if the value is out of 32-bit signed range.
+ ie. @h and @ha assume you're building a 32-bit value. This is needed
+ to report out-of-range -mcmodel=medium toc pointer offsets in @toc@h
+ and @toc@ha expressions, and for consistency I did the same for all
+ other @h and @ha relocs.
+
+Replacing @h with @high in one strategic location fixes the relocation
+errors. This has to be done conditionally since the assembler either
+supports @h or @high but not both.
+
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
+
+diff --git a/arch/powerpc/Makefile b/arch/powerpc/Makefile
+index 4c0cedf..ce4c68a 100644
+--- a/arch/powerpc/Makefile
++++ b/arch/powerpc/Makefile
+@@ -150,7 +150,9 @@ endif
+ 
+ CFLAGS-$(CONFIG_TUNE_CELL) += $(call cc-option,-mtune=cell)
+ 
+-KBUILD_CPPFLAGS        += -Iarch/$(ARCH)
++asinstr := $(call as-instr,lis 9$(comma)foo@high,-DHAVE_AS_ATHIGH=1)
++
++KBUILD_CPPFLAGS        += -Iarch/$(ARCH) $(asinstr)
+ KBUILD_AFLAGS  += -Iarch/$(ARCH)
+ KBUILD_CFLAGS  += -msoft-float -pipe -Iarch/$(ARCH) $(CFLAGS-y)
+ CPP            = $(CC) -E $(KBUILD_CFLAGS)
+diff --git a/arch/powerpc/include/asm/ppc_asm.h b/arch/powerpc/include/asm/ppc_asm.h
+index 6586a40..cded7c1 100644
+--- a/arch/powerpc/include/asm/ppc_asm.h
++++ b/arch/powerpc/include/asm/ppc_asm.h
+@@ -318,11 +318,16 @@ n:
+        addi    reg,reg,(name - 0b)@l;
+ 
+ #ifdef __powerpc64__
++#ifdef HAVE_AS_ATHIGH
++#define __AS_ATHIGH high
++#else
++#define __AS_ATHIGH h
++#endif
+ #define LOAD_REG_IMMEDIATE(reg,expr)           \
+        lis     reg,(expr)@highest;             \
+        ori     reg,reg,(expr)@higher;  \
+        rldicr  reg,reg,32,31;          \
+-       oris    reg,reg,(expr)@h;               \
++       oris    reg,reg,(expr)@__AS_ATHIGH;     \
+        ori     reg,reg,(expr)@l;
+ 
+ #define LOAD_REG_ADDR(reg,name)                        \
+-- 
+cgit v0.10.1
+
diff --git a/recipes-kernel/linux/files/sctp-CVE-2014-4667.patch b/recipes-kernel/linux/files/sctp-CVE-2014-4667.patch
new file mode 100644
index 0000000..e7b1228
--- /dev/null
+++ b/recipes-kernel/linux/files/sctp-CVE-2014-4667.patch
@@ -0,0 +1,51 @@
+From ddb638e68690ca61959775b262a5ef0719c5c066 Mon Sep 17 00:00:00 2001
+From: Xufeng Zhang <xufeng.zhang@windriver.com>
+Date: Thu, 12 Jun 2014 10:53:36 +0800
+Subject: [PATCH] sctp: Fix sk_ack_backlog wrap-around problem
+
+[ Upstream commit d3217b15a19a4779c39b212358a5c71d725822ee ]
+
+Consider the scenario:
+For a TCP-style socket, while processing the COOKIE_ECHO chunk in
+sctp_sf_do_5_1D_ce(), after it has passed a series of sanity check,
+a new association would be created in sctp_unpack_cookie(), but afterwards,
+some processing maybe failed, and sctp_association_free() will be called to
+free the previously allocated association, in sctp_association_free(),
+sk_ack_backlog value is decremented for this socket, since the initial
+value for sk_ack_backlog is 0, after the decrement, it will be 65535,
+a wrap-around problem happens, and if we want to establish new associations
+afterward in the same socket, ABORT would be triggered since sctp deem the
+accept queue as full.
+Fix this issue by only decrementing sk_ack_backlog for associations in
+the endpoint's list.
+
+Fixes CVE-2014-4667
+Upstream-Status: Backport
+
+Fix-suggested-by: Neil Horman <nhorman@tuxdriver.com>
+Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
+Acked-by: Daniel Borkmann <dborkman@redhat.com>
+Acked-by: Vlad Yasevich <vyasevich@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ net/sctp/associola.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/net/sctp/associola.c b/net/sctp/associola.c
+index cef5099..f6d6dcd 100644
+--- a/net/sctp/associola.c
++++ b/net/sctp/associola.c
+@@ -375,7 +375,7 @@ void sctp_association_free(struct sctp_association *asoc)
+        /* Only real associations count against the endpoint, so
+         * don't bother for if this is a temporary association.
+         */
+-       if (!asoc->temp) {
++       if (!list_empty(&asoc->asocs)) {
+                list_del(&asoc->asocs);
+ 
+                /* Decrement the backlog value for a TCP-style listening
+-- 
+1.9.1
+
diff --git a/recipes-kernel/linux/files/sctp-CVE-2014-7841.patch b/recipes-kernel/linux/files/sctp-CVE-2014-7841.patch
new file mode 100644
index 0000000..0c4beb3
--- /dev/null
+++ b/recipes-kernel/linux/files/sctp-CVE-2014-7841.patch
@@ -0,0 +1,85 @@
+From 4008f1dbe6fea8114e7f79ed2d238e369dc9138f Mon Sep 17 00:00:00 2001
+From: Daniel Borkmann <dborkman@redhat.com>
+Date: Mon, 10 Nov 2014 17:54:26 +0100
+Subject: [PATCH] net: sctp: fix NULL pointer dereference in
+ af->from_addr_param on malformed packet
+
+[ Upstream commit e40607cbe270a9e8360907cb1e62ddf0736e4864 ]
+
+An SCTP server doing ASCONF will panic on malformed INIT ping-of-death
+in the form of:
+
+  ------------ INIT[PARAM: SET_PRIMARY_IP] ------------>
+
+While the INIT chunk parameter verification dissects through many things
+in order to detect malformed input, it misses to actually check parameters
+inside of parameters. E.g. RFC5061, section 4.2.4 proposes a 'set primary
+IP address' parameter in ASCONF, which has as a subparameter an address
+parameter.
+
+So an attacker may send a parameter type other than SCTP_PARAM_IPV4_ADDRESS
+or SCTP_PARAM_IPV6_ADDRESS, param_type2af() will subsequently return 0
+and thus sctp_get_af_specific() returns NULL, too, which we then happily
+dereference unconditionally through af->from_addr_param().
+
+The trace for the log:
+
+BUG: unable to handle kernel NULL pointer dereference at 0000000000000078
+IP: [<ffffffffa01e9c62>] sctp_process_init+0x492/0x990 [sctp]
+PGD 0
+Oops: 0000 [#1] SMP
+[...]
+Pid: 0, comm: swapper Not tainted 2.6.32-504.el6.x86_64 #1 Bochs Bochs
+RIP: 0010:[<ffffffffa01e9c62>]  [<ffffffffa01e9c62>] sctp_process_init+0x492/0x990 [sctp]
+[...]
+Call Trace:
+ <IRQ>
+ [<ffffffffa01f2add>] ? sctp_bind_addr_copy+0x5d/0xe0 [sctp]
+ [<ffffffffa01e1fcb>] sctp_sf_do_5_1B_init+0x21b/0x340 [sctp]
+ [<ffffffffa01e3751>] sctp_do_sm+0x71/0x1210 [sctp]
+ [<ffffffffa01e5c09>] ? sctp_endpoint_lookup_assoc+0xc9/0xf0 [sctp]
+ [<ffffffffa01e61f6>] sctp_endpoint_bh_rcv+0x116/0x230 [sctp]
+ [<ffffffffa01ee986>] sctp_inq_push+0x56/0x80 [sctp]
+ [<ffffffffa01fcc42>] sctp_rcv+0x982/0xa10 [sctp]
+ [<ffffffffa01d5123>] ? ipt_local_in_hook+0x23/0x28 [iptable_filter]
+ [<ffffffff8148bdc9>] ? nf_iterate+0x69/0xb0
+ [<ffffffff81496d10>] ? ip_local_deliver_finish+0x0/0x2d0
+ [<ffffffff8148bf86>] ? nf_hook_slow+0x76/0x120
+ [<ffffffff81496d10>] ? ip_local_deliver_finish+0x0/0x2d0
+[...]
+
+A minimal way to address this is to check for NULL as we do on all
+other such occasions where we know sctp_get_af_specific() could
+possibly return with NULL.
+
+Fix for CVE-2014-7841
+Upstream-Status: Backport
+
+Fixes: d6de3097592b ("[SCTP]: Add the handling of "Set Primary IP Address" parameter to INIT")
+Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
+Cc: Vlad Yasevich <vyasevich@gmail.com>
+Acked-by: Neil Horman <nhorman@tuxdriver.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ net/sctp/sm_make_chunk.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
+index 1e06f3b..e342387 100644
+--- a/net/sctp/sm_make_chunk.c
++++ b/net/sctp/sm_make_chunk.c
+@@ -2622,6 +2622,9 @@ do_addr_param:
+                addr_param = param.v + sizeof(sctp_addip_param_t);
+ 
+                af = sctp_get_af_specific(param_type2af(param.p->type));
++               if (af == NULL)
++                       break;
++
+                af->from_addr_param(&addr, addr_param,
+                                    htons(asoc->peer.port), 0);
+ 
+-- 
+1.9.1
+
diff --git a/recipes-kernel/linux/files/udf-CVE-2014-6410.patch b/recipes-kernel/linux/files/udf-CVE-2014-6410.patch
new file mode 100644
index 0000000..9086e0a
--- /dev/null
+++ b/recipes-kernel/linux/files/udf-CVE-2014-6410.patch
@@ -0,0 +1,96 @@
+From 07d209bd092d023976fdb881ba6d4b30fe18aebe Mon Sep 17 00:00:00 2001
+From: Jan Kara <jack@suse.cz>
+Date: Thu, 4 Sep 2014 14:06:55 +0200
+Subject: [PATCH] udf: Avoid infinite loop when processing indirect ICBs
+
+commit c03aa9f6e1f938618e6db2e23afef0574efeeb65 upstream.
+
+We did not implement any bound on number of indirect ICBs we follow when
+loading inode. Thus corrupted medium could cause kernel to go into an
+infinite loop, possibly causing a stack overflow.
+
+Fix the possible stack overflow by removing recursion from
+__udf_read_inode() and limit number of indirect ICBs we follow to avoid
+infinite loops.
+
+Upstream-Status: Backport
+
+Signed-off-by: Jan Kara <jack@suse.cz>
+Cc: Chuck Ebbert <cebbert.lkml@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ fs/udf/inode.c | 35 +++++++++++++++++++++--------------
+ 1 file changed, 21 insertions(+), 14 deletions(-)
+
+diff --git a/fs/udf/inode.c b/fs/udf/inode.c
+index b6d15d3..aa02328 100644
+--- a/fs/udf/inode.c
++++ b/fs/udf/inode.c
+@@ -1270,13 +1270,22 @@ update_time:
+        return 0;
+ }
+ 
++/*
++ * Maximum length of linked list formed by ICB hierarchy. The chosen number is
++ * arbitrary - just that we hopefully don't limit any real use of rewritten
++ * inode on write-once media but avoid looping for too long on corrupted media.
++ */
++#define UDF_MAX_ICB_NESTING 1024
++
+ static void __udf_read_inode(struct inode *inode)
+ {
+        struct buffer_head *bh = NULL;
+        struct fileEntry *fe;
+        uint16_t ident;
+        struct udf_inode_info *iinfo = UDF_I(inode);
++       unsigned int indirections = 0;
+ 
++reread:
+        /*
+         * Set defaults, but the inode is still incomplete!
+         * Note: get_new_inode() sets the following on a new inode:
+@@ -1313,28 +1322,26 @@ static void __udf_read_inode(struct inode *inode)
+                ibh = udf_read_ptagged(inode->i_sb, &iinfo->i_location, 1,
+                                        &ident);
+                if (ident == TAG_IDENT_IE && ibh) {
+-                       struct buffer_head *nbh = NULL;
+                        struct kernel_lb_addr loc;
+                        struct indirectEntry *ie;
+ 
+                        ie = (struct indirectEntry *)ibh->b_data;
+                        loc = lelb_to_cpu(ie->indirectICB.extLocation);
+ 
+-                       if (ie->indirectICB.extLength &&
+-                               (nbh = udf_read_ptagged(inode->i_sb, &loc, 0,
+-                                                       &ident))) {
+-                               if (ident == TAG_IDENT_FE ||
+-                                       ident == TAG_IDENT_EFE) {
+-                                       memcpy(&iinfo->i_location,
+-                                               &loc,
+-                                               sizeof(struct kernel_lb_addr));
+-                                       brelse(bh);
+-                                       brelse(ibh);
+-                                       brelse(nbh);
+-                                       __udf_read_inode(inode);
++                       if (ie->indirectICB.extLength) {
++                               brelse(bh);
++                               brelse(ibh);
++                               memcpy(&iinfo->i_location, &loc,
++                                      sizeof(struct kernel_lb_addr));
++                               if (++indirections > UDF_MAX_ICB_NESTING) {
++                                       udf_err(inode->i_sb,
++                                               "too many ICBs in ICB hierarchy"
++                                               " (max %d supported)\n",
++                                               UDF_MAX_ICB_NESTING);
++                                       make_bad_inode(inode);
+                                        return;
+                                }
+-                               brelse(nbh);
++                               goto reread;
+                        }
+                }
+                brelse(ibh);
+-- 
+1.9.1
+
diff --git a/recipes-kernel/linux/linux-qoriq-prt_3.12.bb b/recipes-kernel/linux/linux-qoriq-prt_3.12.bb
new file mode 100644
index 0000000..1716651
--- /dev/null
+++ b/recipes-kernel/linux/linux-qoriq-prt_3.12.bb
@@ -0,0 +1,8 @@
+require recipes-kernel/linux/linux-qoriq.inc
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/linux.git;nobranch=1 \
+    file://powerpc-Fix-64-bit-builds-with-binutils-2.24.patch \
+    file://Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch \
+"
+SRCREV = "c29fe1a733308cbe592b3af054a97be1b91cf2dd"
+
diff --git a/recipes-kernel/linux/linux-qoriq.inc b/recipes-kernel/linux/linux-qoriq.inc
new file mode 100644
index 0000000..3534445
--- /dev/null
+++ b/recipes-kernel/linux/linux-qoriq.inc
@@ -0,0 +1,46 @@
+inherit kernel qoriq_build_64bit_kernel
+require recipes-kernel/linux/linux-dtb.inc
+
+DESCRIPTION = "Linux kernel for Freescale platforms"
+SECTION = "kernel"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=d7810fab7487fb0aad327b76f1be7cd7"
+
+KSRC ?= ""
+S = '${@base_conditional("KSRC", "", "${WORKDIR}/git", "${KSRC}", d)}'
+
+DEPENDS_append = " libgcc"
+KERNEL_CC_append = " ${TOOLCHAIN_OPTIONS}"
+KERNEL_LD_append = " ${TOOLCHAIN_OPTIONS}"
+
+SCMVERSION ?= "y"
+DELTA_KERNEL_DEFCONFIG ?= ""
+do_configure_prepend() {
+        # copy desired defconfig so we pick it up for the real kernel_do_configure
+        cp ${KERNEL_DEFCONFIG} ${B}/.config
+
+        # add config fragments
+        for deltacfg in ${DELTA_KERNEL_DEFCONFIG}; do
+                if [ -f "${WORKDIR}/${deltacfg}" ]; then
+                        ${S}/scripts/kconfig/merge_config.sh -m .config ${WORKDIR}/${deltacfg}
+                elif [ -f "${S}/arch/powerpc/configs/${deltacfg}" ]; then
+                    ${S}/scripts/kconfig/merge_config.sh -m .config \
+                            ${S}/arch/powerpc/configs/${deltacfg}
+                fi
+        done
+
+    #add git revision to the local version
+    if [ "${SCMVERSION}" = "y" ]; then
+            # append sdk version if SDK_VERSION is defined
+            sdkversion=''
+            if [ -n "${SDK_VERSION}" ]; then
+                sdkversion="-${SDK_VERSION}"
+            fi
+            head=`git --git-dir=${S}/.git rev-parse --verify --short HEAD 2> /dev/null`
+            printf "%s%s%s" $sdkversion +g $head > ${B}/.scmversion
+    fi
+}
+
+# make everything compatible for the time being
+COMPATIBLE_MACHINE_$MACHINE = "$MACHINE"
+
diff --git a/recipes-kernel/linux/linux-qoriq_3.12.bb b/recipes-kernel/linux/linux-qoriq_3.12.bb
new file mode 100644
index 0000000..5c67dc3
--- /dev/null
+++ b/recipes-kernel/linux/linux-qoriq_3.12.bb
@@ -0,0 +1,32 @@
+require recipes-kernel/linux/linux-qoriq.inc
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/linux.git;nobranch=1 \
+    file://powerpc-Fix-64-bit-builds-with-binutils-2.24.patch \
+    file://Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch \
+    file://Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch \
+    file://Fix-CVE-2014-5471_CVE-2014-5472.patch \
+    file://modify-defconfig-t1040-nr-cpus.patch \
+    file://0001-mnt-CVE-2014-5206_CVE-2014-5207.patch \
+    file://0002-mnt-CVE-2014-5206_CVE-2014-5207.patch \
+    file://0003-mnt-CVE-2014-5206_CVE-2014-5207.patch \
+    file://0004-mnt-CVE-2014-5206_CVE-2014-5207.patch \
+    file://0005-mnt-CVE-2014-5206_CVE-2014-5207.patch \
+    file://udf-CVE-2014-6410.patch \
+    file://net-sctp-CVE-2014-0101.patch \
+    file://0001-HID-CVE-2014-3181.patch \
+    file://0002-HID-CVE-2014-3182.patch \
+    file://0003-HID-CVE-2014-3184.patch \
+    file://0004-USB-CVE-2014-3185.patch \
+    file://0001-kvm-iommu-CVE-2014-3601.patch \
+    file://0002-kvm-iommu-CVE-2014-8369.patch \
+    file://0001-net-sctp-CVE-2014-3673.patch \
+    file://0002-net-sctp-CVE-2014-3687.patch \
+    file://0003-net-sctp-CVE-2014-3688.patch \
+    file://auditsc-CVE-2014-3917.patch \
+    file://0001-ALSA-CVE-2014-4652.patch \
+    file://0002-ALSA-CVE-2014-4653.patch \
+    file://sctp-CVE-2014-4667.patch \
+    file://sctp-CVE-2014-7841.patch \
+"
+SRCREV = "6619b8b55796cdf0cec04b66a71288edd3057229"
+
diff --git a/recipes-kernel/lttng/lttng-modules_%.bbappend b/recipes-kernel/lttng/lttng-modules_%.bbappend
new file mode 100644
index 0000000..5ff765d
--- /dev/null
+++ b/recipes-kernel/lttng/lttng-modules_%.bbappend
@@ -0,0 +1,2 @@
+inherit qoriq_build_64bit_kernel
+
diff --git a/recipes-kernel/pkc-host/pkc-host_git.bb b/recipes-kernel/pkc-host/pkc-host_git.bb
new file mode 100644
index 0000000..2d5e316
--- /dev/null
+++ b/recipes-kernel/pkc-host/pkc-host_git.bb
@@ -0,0 +1,33 @@
+DESCRIPTION = "pkc host driver"
+SECTION = "pkc-host"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://Makefile;endline=30;md5=6a26ed8e76a8ea2e019c525369ed0f03"
+
+inherit  module qoriq_build_64bit_kernel
+RDEPENDS_${PN} += "cryptodev-module"
+
+# Currently pkc-host does not support RSA_KEYGEN, remove this
+# if it is fixed.
+REQUIRED_DISTRO_FEATURES = "c29x_pkc"
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/pkc-host.git;nobranch=1"
+SRCREV = "cae512c94e2a26cc6b0d6393d307cdea2d7282c9"
+
+S = "${WORKDIR}/git"
+
+EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"'
+
+do_install() {
+        install -d ${D}/lib/modules/c2x0
+        install -d ${D}/etc/crypto
+        install -d ${D}/${bindir}
+        cp ${S}/*.ko ${D}/lib/modules/c2x0
+        cp ${S}/crypto.cfg ${D}/etc/crypto
+        cp ${S}/images/pkc-firmware.bin ${D}/etc/crypto
+        cp ${S}/perf/mini_calc/mini_calc ${D}/${bindir}
+        cp ${S}/apps/cli/cli ${D}/${bindir}
+        cp ${S}/perf/c29x_driver_perf_profile.sh ${D}/${bindir}
+}
+
+
+FILES_${PN} += "${bindir}/mini_calc ${bindir}/cli ${bindir}/c29x_driver_perf_profile.sh /etc/crypto/crypto.cfg /etc/crypto/pkc-firmware.bin"
diff --git a/recipes-kernel/qoriq-debug/qoriq-debug_git.bb b/recipes-kernel/qoriq-debug/qoriq-debug_git.bb
new file mode 100644
index 0000000..c08f057
--- /dev/null
+++ b/recipes-kernel/qoriq-debug/qoriq-debug_git.bb
@@ -0,0 +1,15 @@
+DESCRIPTION = "QorIQ Debug File System Module"
+SECTION = "qoriq-debug"
+LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=e29234dd5d40dc352cc60cc0c93437ba"
+
+inherit module autotools-brokensep qoriq_build_64bit_kernel
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/qoriq-debug.git;nobranch=1"
+SRCREV = "20615c1ea332102635f8314cee5787c48c1a4254"
+
+S = "${WORKDIR}/git"
+
+EXTRA_OECONF += "--with-linux=${STAGING_KERNEL_DIR}"
+EXTRA_OEMAKE += 'SYSROOT="${D}"'
+
diff --git a/recipes-kernel/skmm-host/skmm-host_git.bb b/recipes-kernel/skmm-host/skmm-host_git.bb
new file mode 100644
index 0000000..a1c43f3
--- /dev/null
+++ b/recipes-kernel/skmm-host/skmm-host_git.bb
@@ -0,0 +1,15 @@
+DESCRIPTION = "skmm host driver offload data to PCIe EP and push the data en-decrypted back to application"
+SECTION = "c293-skmm-host"
+LICENSE = "Freescale-EULA"
+LIC_FILES_CHKSUM = "file://Makefile;endline=7;md5=edffaac1da9e809ade0d2fcfcc18d8df"
+
+inherit  module qoriq_build_64bit_kernel
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/skmm-host.git;nobranch=1"
+SRCREV = "97c9241a359edccdf8913cb9accbfe4ceb511523"
+
+S = "${WORKDIR}/git"
+
+EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"'
+
+FILES_${PN} += "/etc/skmm/"
diff --git a/recipes-kernel/uio-seville/uio-seville_0.1.bb b/recipes-kernel/uio-seville/uio-seville_0.1.bb
new file mode 100755
index 0000000..51e1475
--- /dev/null
+++ b/recipes-kernel/uio-seville/uio-seville_0.1.bb
@@ -0,0 +1,15 @@
+DESCRIPTION = "UIO driver for T1040 L2 Switch"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e"
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/l2switch-uio.git;branch=sdk-v1.7.x"
+SRCREV = "35af73f3ba00745777f32787400d9eb0317d7ff5"
+
+inherit module
+
+S = "${WORKDIR}/git/uio-driver"
+
+COMPATIBLE_MACHINE ?= "(none)"
+COMPATIBLE_MACHINE_t1040 = ".*"
+COMPATIBLE_MACHINE_t1042 = ".*"
+
diff --git a/recipes-virtualization/hv-cfg/hv-cfg_git.bb b/recipes-virtualization/hv-cfg/hv-cfg_git.bb
new file mode 100644
index 0000000..599bce2
--- /dev/null
+++ b/recipes-virtualization/hv-cfg/hv-cfg_git.bb
@@ -0,0 +1,52 @@
+DESCRIPTION = "Hypervisor Config"
+SECTION = "hv-cfg"
+LICENSE = "BSD"
+PR = "r6"
+
+LIC_FILES_CHKSUM = " \
+        file://p2041rdb/LICENSE;md5=96dd72f26e9bb861de5c76c60e35e1bc \
+        file://p3041ds/LICENSE;md5=96dd72f26e9bb861de5c76c60e35e1bc \
+        file://p4080ds/LICENSE;md5=96dd72f26e9bb861de5c76c60e35e1bc \
+        file://p5020ds/LICENSE;md5=96dd72f26e9bb861de5c76c60e35e1bc \
+"
+
+DEPENDS += "dtc-native"
+
+# this package is specific to the machine itself
+INHIBIT_DEFAULT_DEPS = "1"
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+
+inherit deploy
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/hv-cfg.git;nobranch=1"
+SRCREV = "f79080739851b3a3dfcd435f2ef1572459a4313c"
+
+S = "${WORKDIR}/git"
+
+do_install () {
+        make install
+
+        M=`echo ${MACHINE} | sed s/-64b//g`
+        if [ "t1042rdb" = "${M}" ];then
+                M=t1040rdb
+        fi
+        install -d ${D}/boot/hv-cfg
+        cp -r ${S}/${M}/${M}/* ${D}/boot/hv-cfg
+}
+
+do_deploy () {
+        M=`echo ${MACHINE} | sed s/-64b//g`
+        if [ "t1042rdb" = "${M}" ];then
+                M=t1040rdb
+        fi
+        install -d ${DEPLOYDIR}/hv-cfg
+        cp -r ${S}/${M}/${M}/* ${DEPLOYDIR}/hv-cfg
+}
+addtask deploy after do_install
+
+PACKAGES += "${PN}-image"
+FILES_${PN}-image += "/boot"
+
+COMPATIBLE_HOST_qoriq-ppc = ".*"
+COMPATIBLE_HOST ?= "(none)"
+ALLOW_EMPTY_${PN} = "1"
diff --git a/recipes-virtualization/hypervisor/files/81-fsl-embedded-hv.rules b/recipes-virtualization/hypervisor/files/81-fsl-embedded-hv.rules
new file mode 100644
index 0000000..5edfa11
--- /dev/null
+++ b/recipes-virtualization/hypervisor/files/81-fsl-embedded-hv.rules
@@ -0,0 +1,2 @@
+# Add rule to handle setting up device node for FSL HV mgmt driver
+SUBSYSTEM=="misc", KERNEL=="fsl-hv", NAME="fsl-hv"
diff --git a/recipes-virtualization/hypervisor/hypervisor_git.bb b/recipes-virtualization/hypervisor/hypervisor_git.bb
new file mode 100644
index 0000000..3a7f838
--- /dev/null
+++ b/recipes-virtualization/hypervisor/hypervisor_git.bb
@@ -0,0 +1,94 @@
+DESCRIPTION = "Freescale embedded hypervisor"
+SECTION = "embedded-hv"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://README;endline=22;md5=0655bbc3b7d7166c30c87208b4e23cf0"
+
+PR = "r3"
+
+DEPENDS = "u-boot-mkimage-native"
+
+inherit deploy
+
+# TODO: fix dtc to use the already built package
+SRC_URI = " \
+        git://git.freescale.com/ppc/sdk/hypervisor/hypervisor.git;name=hypervisor;nobranch=1 \
+        git://git.freescale.com/ppc/sdk/hypervisor/kconfig.git;name=kconfig;destsuffix=git/kconfig;nobranch=1 \
+        git://git.freescale.com/ppc/sdk/hypervisor/libos.git;name=libos;destsuffix=git/libos;nobranch=1 \
+        git://git.kernel.org/pub/scm/utils/dtc/dtc.git;name=dtc;destsuffix=dtc \
+        git://git.freescale.com/ppc/sdk/hypertrk.git;name=hypertrk;destsuffix=git/hypertrk;nobranch=1 \
+        file://81-fsl-embedded-hv.rules \
+          "
+
+SRCREV_FORMAT="hypervisor"
+SRCREV = "99b04d937b944d57b2685b55584e982d8e36dd41"
+SRCREV_kconfig = "a56025d4da992b856796b0eccac2e410d751dbac"
+SRCREV_libos = "819bda2a913bc1f6afb43f5f2b026da5872866ea"
+SRCREV_dtc = "a6d55e039fd22048687fe061b4609e2807efe764"
+SRCREV_hypertrk = "975c98b562186afbd3bbf103ae54b96cf9b3e533"
+
+S = "${WORKDIR}/git"
+
+OUTPUT ?= "output32"
+OUTPUT_powerpc64 = "output64"
+
+EXTRA_OEMAKE = 'CROSS_COMPILE=${TARGET_PREFIX} CC="${TARGET_PREFIX}gcc ${TOOLCHAIN_OPTIONS}" O="${OUTPUT}"'
+
+DEFCONFIG = "defconfig"
+DEFCONFIG_powerpc64 = "64bit_defconfig"
+
+COMPATIBLE_HOST_qoriq-ppc = ".*"
+COMPATIBLE_HOST ?= "(none)"
+
+inherit cml1
+do_configure () {
+        oe_runmake ${DEFCONFIG}
+}
+
+PKG_HV_HYPERTRK_SUPPORT = "n"
+do_compile () {
+        if [ "${PKG_HV_HYPERTRK_SUPPORT}" = "y" ]
+        then
+                oe_runmake silentoldconfig
+                export HV_DIR=$PWD
+                cd hypertrk
+                oe_runmake deploy
+                cd ..
+        fi
+
+        oe_runmake
+        oe_runmake partman
+}
+
+do_install () {
+        install -d ${D}/${bindir}
+        install ${B}/${OUTPUT}/bin/linux/partman ${D}/${bindir}/partman
+
+        install -d ${D}${sysconfdir}/udev/rules.d
+        install -m 0644 ${WORKDIR}/81-fsl-embedded-hv.rules ${D}${sysconfdir}/udev/rules.d
+
+        install -d ${D}/boot/hv
+        install ${B}/${OUTPUT}/.config ${D}/boot/hv/hypervisor.config
+        install -m 644 ${B}/${OUTPUT}/bin/hv ${B}/${OUTPUT}/bin/hv.map \
+                ${B}/${OUTPUT}/bin/hv.uImage ${B}/${OUTPUT}/bin/hv.bin \
+                        ${D}/boot/hv/
+}
+
+do_deploy () {
+        install -d ${DEPLOYDIR}/hv/
+        install ${B}/${OUTPUT}/.config ${DEPLOYDIR}/hv/hypervisor.config
+        install -m 644 ${B}/${OUTPUT}/bin/hv ${B}/${OUTPUT}/bin/hv.map \
+                ${B}/${OUTPUT}/bin/hv.uImage ${B}/${OUTPUT}/bin/hv.bin \
+                        ${DEPLOYDIR}/hv/
+}
+addtask deploy before do_build after do_install
+
+do_deploy_append() {
+        rm -f ${B}/../hv
+}
+
+INSANE_SKIP_${PN} = 'already-stripped'
+INHIBIT_PACKAGE_DEBUG_SPLIT = "1"
+ALLOW_EMPTY_${PN} = "1"
+PACKAGES_prepend = "${PN}-image ${PN}-partman "
+FILES_${PN}-image = "/boot/"
+FILES_${PN}-partman = "${bindir}/partman"
diff --git a/recipes-virtualization/mux-server/files/mux-server-1.02.tar.gz b/recipes-virtualization/mux-server/files/mux-server-1.02.tar.gz
new file mode 100644
index 0000000..d8f2014
--- /dev/null
+++ b/recipes-virtualization/mux-server/files/mux-server-1.02.tar.gz
diff --git a/recipes-virtualization/mux-server/mux-server_1.02.bb b/recipes-virtualization/mux-server/mux-server_1.02.bb
new file mode 100644
index 0000000..ab9cce1
--- /dev/null
+++ b/recipes-virtualization/mux-server/mux-server_1.02.bb
@@ -0,0 +1,16 @@
+DESCRIPTION = "A Linux-based utility supporting console multiplexing and demultiplexing"
+SECTION = "mux-server"
+LICENSE = "LGPL-2.1"
+# TODO: add a dedicated COPYING file
+LIC_FILES_CHKSUM = "file://mux_server.c;endline=9;md5=e59eeb0812bb88b7af2d932f2dc22aed"
+
+SRC_URI = "file://mux-server-${PV}.tar.gz;name=mux_server"
+
+EXTRA_OEMAKE='HOSTCC="${CC}"'
+
+do_install () {
+        install -d ${D}${bindir}
+        install -m 755 mux_server ${D}${bindir}
+}
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/virtualization-layer/recipes-extended/libvirt/libvirt/qoriq-ppc/qemu.conf b/virtualization-layer/recipes-extended/libvirt/libvirt/qoriq-ppc/qemu.conf
new file mode 100644
index 0000000..cc22fa1
--- /dev/null
+++ b/virtualization-layer/recipes-extended/libvirt/libvirt/qoriq-ppc/qemu.conf
@@ -0,0 +1,465 @@
+# Master configuration file for the QEMU driver.
+# All settings described here are optional - if omitted, sensible
+# defaults are used.
+
+# VNC is configured to listen on 127.0.0.1 by default.
+# To make it listen on all public interfaces, uncomment
+# this next option.
+#
+# NB, strong recommendation to enable TLS + x509 certificate
+# verification when allowing public access
+#
+#vnc_listen = "0.0.0.0"
+
+# Enable this option to have VNC served over an automatically created
+# unix socket. This prevents unprivileged access from users on the
+# host machine, though most VNC clients do not support it.
+#
+# This will only be enabled for VNC configurations that do not have
+# a hardcoded 'listen' or 'socket' value. This setting takes preference
+# over vnc_listen.
+#
+#vnc_auto_unix_socket = 1
+
+# Enable use of TLS encryption on the VNC server. This requires
+# a VNC client which supports the VeNCrypt protocol extension.
+# Examples include vinagre, virt-viewer, virt-manager and vencrypt
+# itself. UltraVNC, RealVNC, TightVNC do not support this
+#
+# It is necessary to setup CA and issue a server certificate
+# before enabling this.
+#
+#vnc_tls = 1
+
+
+# Use of TLS requires that x509 certificates be issued. The
+# default it to keep them in /etc/pki/libvirt-vnc. This directory
+# must contain
+#
+#  ca-cert.pem - the CA master certificate
+#  server-cert.pem - the server certificate signed with ca-cert.pem
+#  server-key.pem  - the server private key
+#
+# This option allows the certificate directory to be changed
+#
+#vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"
+
+
+# The default TLS configuration only uses certificates for the server
+# allowing the client to verify the server's identity and establish
+# an encrypted channel.
+#
+# It is possible to use x509 certificates for authentication too, by
+# issuing a x509 certificate to every client who needs to connect.
+#
+# Enabling this option will reject any client who does not have a
+# certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem
+#
+#vnc_tls_x509_verify = 1
+
+
+# The default VNC password. Only 8 letters are significant for
+# VNC passwords. This parameter is only used if the per-domain
+# XML config does not already provide a password. To allow
+# access without passwords, leave this commented out. An empty
+# string will still enable passwords, but be rejected by QEMU,
+# effectively preventing any use of VNC. Obviously change this
+# example here before you set this.
+#
+#vnc_password = "XYZ12345"
+
+
+# Enable use of SASL encryption on the VNC server. This requires
+# a VNC client which supports the SASL protocol extension.
+# Examples include vinagre, virt-viewer and virt-manager
+# itself. UltraVNC, RealVNC, TightVNC do not support this
+#
+# It is necessary to configure /etc/sasl2/qemu.conf to choose
+# the desired SASL plugin (eg, GSSPI for Kerberos)
+#
+#vnc_sasl = 1
+
+
+# The default SASL configuration file is located in /etc/sasl2/
+# When running libvirtd unprivileged, it may be desirable to
+# override the configs in this location. Set this parameter to
+# point to the directory, and create a qemu.conf in that location
+#
+#vnc_sasl_dir = "/some/directory/sasl2"
+
+
+# QEMU implements an extension for providing audio over a VNC connection,
+# though if your VNC client does not support it, your only chance for getting
+# sound output is through regular audio backends. By default, libvirt will
+# disable all QEMU sound backends if using VNC, since they can cause
+# permissions issues. Enabling this option will make libvirtd honor the
+# QEMU_AUDIO_DRV environment variable when using VNC.
+#
+#vnc_allow_host_audio = 0
+
+
+
+# SPICE is configured to listen on 127.0.0.1 by default.
+# To make it listen on all public interfaces, uncomment
+# this next option.
+#
+# NB, strong recommendation to enable TLS + x509 certificate
+# verification when allowing public access
+#
+#spice_listen = "0.0.0.0"
+
+
+# Enable use of TLS encryption on the SPICE server.
+#
+# It is necessary to setup CA and issue a server certificate
+# before enabling this.
+#
+#spice_tls = 1
+
+
+# Use of TLS requires that x509 certificates be issued. The
+# default it to keep them in /etc/pki/libvirt-spice. This directory
+# must contain
+#
+#  ca-cert.pem - the CA master certificate
+#  server-cert.pem - the server certificate signed with ca-cert.pem
+#  server-key.pem  - the server private key
+#
+# This option allows the certificate directory to be changed.
+#
+#spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice"
+
+
+# The default SPICE password. This parameter is only used if the
+# per-domain XML config does not already provide a password. To
+# allow access without passwords, leave this commented out. An
+# empty string will still enable passwords, but be rejected by
+# QEMU, effectively preventing any use of SPICE. Obviously change
+# this example here before you set this.
+#
+#spice_password = "XYZ12345"
+
+
+# Enable use of SASL encryption on the SPICE server. This requires
+# a SPICE client which supports the SASL protocol extension.
+#
+# It is necessary to configure /etc/sasl2/qemu.conf to choose
+# the desired SASL plugin (eg, GSSPI for Kerberos)
+#
+#spice_sasl = 1
+
+# The default SASL configuration file is located in /etc/sasl2/
+# When running libvirtd unprivileged, it may be desirable to
+# override the configs in this location. Set this parameter to
+# point to the directory, and create a qemu.conf in that location
+#
+#spice_sasl_dir = "/some/directory/sasl2"
+
+
+# By default, if no graphical front end is configured, libvirt will disable
+# QEMU audio output since directly talking to alsa/pulseaudio may not work
+# with various security settings. If you know what you're doing, enable
+# the setting below and libvirt will passthrough the QEMU_AUDIO_DRV
+# environment variable when using nographics.
+#
+#nographics_allow_host_audio = 1
+
+
+# Override the port for creating both VNC and SPICE sessions (min).
+# This defaults to 5900 and increases for consecutive sessions
+# or when ports are occupied, until it hits the maximum.
+#
+# Minimum must be greater than or equal to 5900 as lower number would
+# result into negative vnc display number.
+#
+# Maximum must be less than 65536, because higher numbers do not make
+# sense as a port number.
+#
+#remote_display_port_min = 5900
+#remote_display_port_max = 65535
+
+# VNC WebSocket port policies, same rules apply as with remote display
+# ports.  VNC WebSockets use similar display <-> port mappings, with
+# the exception being that ports starts from 5700 instead of 5900.
+#
+#remote_websocket_port_min = 5700
+#remote_websocket_port_max = 65535
+
+# The default security driver is SELinux. If SELinux is disabled
+# on the host, then the security driver will automatically disable
+# itself. If you wish to disable QEMU SELinux security driver while
+# leaving SELinux enabled for the host in general, then set this
+# to 'none' instead. It's also possible to use more than one security
+# driver at the same time, for this use a list of names separated by
+# comma and delimited by square brackets. For example:
+#
+#       security_driver = [ "selinux", "apparmor" ]
+#
+# Notes: The DAC security driver is always enabled; as a result, the
+# value of security_driver cannot contain "dac".  The value "none" is
+# a special value; security_driver can be set to that value in
+# isolation, but it cannot appear in a list of drivers.
+#
+#security_driver = "selinux"
+
+# If set to non-zero, then the default security labeling
+# will make guests confined. If set to zero, then guests
+# will be unconfined by default. Defaults to 1.
+#security_default_confined = 1
+
+# If set to non-zero, then attempts to create unconfined
+# guests will be blocked. Defaults to 0.
+#security_require_confined = 1
+
+# The user for QEMU processes run by the system instance. It can be
+# specified as a user name or as a user id. The qemu driver will try to
+# parse this value first as a name and then, if the name doesn't exist,
+# as a user id.
+#
+# Since a sequence of digits is a valid user name, a leading plus sign
+# can be used to ensure that a user id will not be interpreted as a user
+# name.
+#
+# Some examples of valid values are:
+#
+#       user = "qemu"   # A user named "qemu"
+#       user = "+0"     # Super user (uid=0)
+#       user = "100"    # A user named "100" or a user with uid=100
+#
+#user = "root"
+
+# The group for QEMU processes run by the system instance. It can be
+# specified in a similar way to user.
+#group = "root"
+
+# Whether libvirt should dynamically change file ownership
+# to match the configured user/group above. Defaults to 1.
+# Set to 0 to disable file ownership changes.
+#dynamic_ownership = 1
+
+
+# What cgroup controllers to make use of with QEMU guests
+#
+#  - 'cpu' - use for schedular tunables
+#  - 'devices' - use for device whitelisting
+#  - 'memory' - use for memory tunables
+#  - 'blkio' - use for block devices I/O tunables
+#  - 'cpuset' - use for CPUs and memory nodes
+#  - 'cpuacct' - use for CPUs statistics.
+#
+# NB, even if configured here, they won't be used unless
+# the administrator has mounted cgroups, e.g.:
+#
+#  mkdir /dev/cgroup
+#  mount -t cgroup -o devices,cpu,memory,blkio,cpuset none /dev/cgroup
+#
+# They can be mounted anywhere, and different controllers
+# can be mounted in different locations. libvirt will detect
+# where they are located.
+#
+#cgroup_controllers = [ "cpu", "devices", "memory", "blkio", "cpuset", "cpuacct" ]
+
+# This is the basic set of devices allowed / required by
+# all virtual machines.
+#
+# As well as this, any configured block backed disks,
+# all sound device, and all PTY devices are allowed.
+#
+# This will only need setting if newer QEMU suddenly
+# wants some device we don't already know about.
+#
+cgroup_device_acl = [
+    "/dev/null", "/dev/full", "/dev/zero",
+    "/dev/random", "/dev/urandom",
+    "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
+    "/dev/rtc", "/dev/hpet", "/dev/vfio/vfio", "/dev/net/tun"
+]
+
+
+# The default format for Qemu/KVM guest save images is raw; that is, the
+# memory from the domain is dumped out directly to a file.  If you have
+# guests with a large amount of memory, however, this can take up quite
+# a bit of space.  If you would like to compress the images while they
+# are being saved to disk, you can also set "lzop", "gzip", "bzip2", or "xz"
+# for save_image_format.  Note that this means you slow down the process of
+# saving a domain in order to save disk space; the list above is in descending
+# order by performance and ascending order by compression ratio.
+#
+# save_image_format is used when you use 'virsh save' or 'virsh managedsave'
+# at scheduled saving, and it is an error if the specified save_image_format
+# is not valid, or the requested compression program can't be found.
+#
+# dump_image_format is used when you use 'virsh dump' at emergency
+# crashdump, and if the specified dump_image_format is not valid, or
+# the requested compression program can't be found, this falls
+# back to "raw" compression.
+#
+# snapshot_image_format specifies the compression algorithm of the memory save
+# image when an external snapshot of a domain is taken. This does not apply
+# on disk image format. It is an error if the specified format isn't valid,
+# or the requested compression program can't be found.
+#
+#save_image_format = "raw"
+#dump_image_format = "raw"
+#snapshot_image_format = "raw"
+
+# When a domain is configured to be auto-dumped when libvirtd receives a
+# watchdog event from qemu guest, libvirtd will save dump files in directory
+# specified by auto_dump_path. Default value is /var/lib/libvirt/qemu/dump
+#
+#auto_dump_path = "/var/lib/libvirt/qemu/dump"
+
+# When a domain is configured to be auto-dumped, enabling this flag
+# has the same effect as using the VIR_DUMP_BYPASS_CACHE flag with the
+# virDomainCoreDump API.  That is, the system will avoid using the
+# file system cache while writing the dump file, but may cause
+# slower operation.
+#
+#auto_dump_bypass_cache = 0
+
+# When a domain is configured to be auto-started, enabling this flag
+# has the same effect as using the VIR_DOMAIN_START_BYPASS_CACHE flag
+# with the virDomainCreateWithFlags API.  That is, the system will
+# avoid using the file system cache when restoring any managed state
+# file, but may cause slower operation.
+#
+#auto_start_bypass_cache = 0
+
+# If provided by the host and a hugetlbfs mount point is configured,
+# a guest may request huge page backing.  When this mount point is
+# unspecified here, determination of a host mount point in /proc/mounts
+# will be attempted.  Specifying an explicit mount overrides detection
+# of the same in /proc/mounts.  Setting the mount point to "" will
+# disable guest hugepage backing.
+#
+# NB, within this mount point, guests will create memory backing files
+# in a location of  $MOUNTPOINT/libvirt/qemu
+#
+#hugetlbfs_mount = "/dev/hugepages"
+
+
+# Path to the setuid helper for creating tap devices.  This executable
+# is used to create <source type='bridge'> interfaces when libvirtd is
+# running unprivileged.  libvirt invokes the helper directly, instead
+# of using "-netdev bridge", for security reasons.
+#bridge_helper = "/usr/libexec/qemu-bridge-helper"
+
+
+
+# If clear_emulator_capabilities is enabled, libvirt will drop all
+# privileged capabilities of the QEmu/KVM emulator. This is enabled by
+# default.
+#
+# Warning: Disabling this option means that a compromised guest can
+# exploit the privileges and possibly do damage to the host.
+#
+#clear_emulator_capabilities = 1
+
+
+# If enabled, libvirt will have QEMU set its process name to
+# "qemu:VM_NAME", where VM_NAME is the name of the VM. The QEMU
+# process will appear as "qemu:VM_NAME" in process listings and
+# other system monitoring tools. By default, QEMU does not set
+# its process title, so the complete QEMU command (emulator and
+# its arguments) appear in process listings.
+#
+#set_process_name = 1
+
+
+# If max_processes is set to a positive integer, libvirt will use
+# it to set the maximum number of processes that can be run by qemu
+# user. This can be used to override default value set by host OS.
+# The same applies to max_files which sets the limit on the maximum
+# number of opened files.
+#
+#max_processes = 0
+#max_files = 0
+
+
+
+# mac_filter enables MAC addressed based filtering on bridge ports.
+# This currently requires ebtables to be installed.
+#
+#mac_filter = 1
+
+
+# By default, PCI devices below non-ACS switch are not allowed to be assigned
+# to guests. By setting relaxed_acs_check to 1 such devices will be allowed to
+# be assigned to guests.
+#
+#relaxed_acs_check = 1
+
+
+# If allow_disk_format_probing is enabled, libvirt will probe disk
+# images to attempt to identify their format, when not otherwise
+# specified in the XML. This is disabled by default.
+#
+# WARNING: Enabling probing is a security hole in almost all
+# deployments. It is strongly recommended that users update their
+# guest XML <disk> elements to include  <driver type='XXXX'/>
+# elements instead of enabling this option.
+#
+#allow_disk_format_probing = 1
+
+
+# To enable 'Sanlock' project based locking of the file
+# content (to prevent two VMs writing to the same
+# disk), uncomment this
+#
+#lock_manager = "sanlock"
+
+
+
+# Set limit of maximum APIs queued on one domain. All other APIs
+# over this threshold will fail on acquiring job lock. Specially,
+# setting to zero turns this feature off.
+# Note, that job lock is per domain.
+#
+#max_queued = 0
+
+###################################################################
+# Keepalive protocol:
+# This allows qemu driver to detect broken connections to remote
+# libvirtd during peer-to-peer migration.  A keepalive message is
+# sent to the deamon after keepalive_interval seconds of inactivity
+# to check if the deamon is still responding; keepalive_count is a
+# maximum number of keepalive messages that are allowed to be sent
+# to the deamon without getting any response before the connection
+# is considered broken.  In other words, the connection is
+# automatically closed approximately after
+# keepalive_interval * (keepalive_count + 1) seconds since the last
+# message received from the deamon.  If keepalive_interval is set to
+# -1, qemu driver will not send keepalive requests during
+# peer-to-peer migration; however, the remote libvirtd can still
+# send them and source libvirtd will send responses.  When
+# keepalive_count is set to 0, connections will be automatically
+# closed after keepalive_interval seconds of inactivity without
+# sending any keepalive messages.
+#
+#keepalive_interval = 5
+#keepalive_count = 5
+
+
+
+# Use seccomp syscall whitelisting in QEMU.
+# 1 = on, 0 = off, -1 = use QEMU default
+# Defaults to -1.
+#
+#seccomp_sandbox = 1
+
+
+
+# Override the listen address for all incoming migrations. Defaults to
+# 0.0.0.0 or :: in case if both host and qemu are capable of IPv6.
+#migration_address = "127.0.0.1"
+
+
+# Override the port range used for incoming migrations.
+#
+# Minimum must be greater than 0, however when QEMU is not running as root,
+# setting the minimum to be lower than 1024 will not work.
+#
+# Maximum must not be greater than 65535.
+#
+#migration_port_min = 49152
+#migration_port_max = 49215
diff --git a/virtualization-layer/recipes-extended/libvirt/libvirt_%.bbappend b/virtualization-layer/recipes-extended/libvirt/libvirt_%.bbappend
new file mode 100644
index 0000000..c7e6d32
--- /dev/null
+++ b/virtualization-layer/recipes-extended/libvirt/libvirt_%.bbappend
@@ -0,0 +1,9 @@
+PACKAGECONFIG_qoriq-ppc = "qemu yajl lxc test remote macvtap libvirtd netcf udev python"
+
+FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"
+SRC_URI_append_qoriq-ppc = " file://qemu.conf"
+
+do_install_append_qoriq-ppc() {
+        install -m 0644 ${WORKDIR}/qemu.conf ${D}${sysconfdir}/libvirt/qemu.conf
+}
+