openssl: add sdk-v1.8 patches

The imports the following changes: eng_cryptodev: extend TLS offload with+ 3des_cbc_hmac_sha1 eng_cryptodev: add support for TLSv1.1 record offload eng_cryptodev: add support for TLSv1.2 record offload cryptodev: drop redundant function cryptodev: do not zero the buffer before use cryptodev: clean-up code layout cryptodev: do not cache file descriptor in 'open' cryptodev: put_dev_crypto should be an int cryptodev: simplify cryptodev pkc support code Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> Acked-by: Otavio Salvador <otavio@ossystems.com.br>
author: Cristian Stoica <cristian.stoica@freescale.com> 2015-07-17 17:29:43 +0800
committer: Zhenhua Luo <zhenhua.luo@freescale.com> 2015-07-22 17:38:00 +0800
commit: c0590434ae1571602fde9441f447a6fb35967e4c (patch)
tree: bd0bd8d2592651c8fd406e490e2a6d08a0cd6e44
parent: 1d729c77e7aadc0cb90cc4c1ad6401c38408899e (diff)
download: meta-fsl-ppc-c0590434ae1571602fde9441f447a6fb35967e4c.tar.gz
27 files changed, 1531 insertions, 34 deletions
diff --git a/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch
index 233cf6e..e7b874f 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch
@@ -1,7 +1,7 @@
 From 9297e3834518ff0558d6e7004a62adfd107e659a Mon Sep 17 00:00:00 2001
 From: Cristian Stoica <cristian.stoica@freescale.com>
 Date: Tue, 10 Sep 2013 12:46:46 +0300
-Subject: [PATCH 01/17] remove double initialization of cryptodev engine
+Subject: [PATCH 01/26] remove double initialization of cryptodev engine
 cryptodev engine is initialized together with the other engines in
 ENGINE_load_builtin_engines. The initialization done through
@@ -79,5 +79,5 @@ index aa86b2b..ae50040 100755
 EVP_aes_128_cfb8                        3248   EXIST::FUNCTION:AES
 FIPS_corrupt_rsa                        3249   NOEXIST::FUNCTION:
 -- 
-1.8.3.1
+2.3.5
diff --git a/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch b/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
index 0b77bfa..ab2b7ea 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
@@ -1,7 +1,7 @@
 From dfd6ba263dc25ea2a4bbc32448b24ca2b1fc40e8 Mon Sep 17 00:00:00 2001
 From: Cristian Stoica <cristian.stoica@freescale.com>
 Date: Thu, 29 Aug 2013 16:51:18 +0300
-Subject: [PATCH 02/17] eng_cryptodev: add support for TLS algorithms offload
+Subject: [PATCH 02/26] eng_cryptodev: add support for TLS algorithms offload
 - aes-128-cbc-hmac-sha1
 - aes-256-cbc-hmac-sha1
@@ -313,5 +313,5 @@ index 5a715ac..7588a28 100644
            !ENGINE_set_name(engine, "BSD cryptodev engine") ||
            !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
 -- 
-1.8.3.1
+2.3.5
diff --git a/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch b/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch
index b31668e..f0d97e9 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch
@@ -1,7 +1,7 @@
 From 084fa469a8fef530d71a0870364df1c7997f6465 Mon Sep 17 00:00:00 2001
 From: Cristian Stoica <cristian.stoica@freescale.com>
 Date: Thu, 31 Jul 2014 14:06:19 +0300
-Subject: [PATCH 03/17] cryptodev: fix algorithm registration
+Subject: [PATCH 03/26] cryptodev: fix algorithm registration
 Cryptodev specific algorithms must register only if available in kernel.
@@ -60,5 +60,5 @@ index 7588a28..e3eb98b 100644
            !ENGINE_set_name(engine, "BSD cryptodev engine") ||
            !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
 -- 
-1.8.3.1
+2.3.5
diff --git a/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch b/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch
index af30ad3..2d722d8 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch
@@ -1,7 +1,7 @@
 From 7d770f0324498d1fa78300cc5cecc8c1dcd3b788 Mon Sep 17 00:00:00 2001
 From: Andy Polyakov <appro@openssl.org>
 Date: Sun, 21 Oct 2012 18:19:41 +0000
-Subject: [PATCH 04/17] linux-pcc: make it more robust and recognize
+Subject: [PATCH 04/26] linux-pcc: make it more robust and recognize
 KERNEL_BITS variable.
 (cherry picked from commit 78c3e20579d3baa159c8b51b59d415b6e521614b)
@@ -70,5 +70,5 @@ index f71ba66..531f1b3 100644
                        {
                        OPENSSL_ppc64_probe();
 -- 
-1.8.3.1
+2.3.5
diff --git a/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch b/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch
index cfcf4a6..c9ff5aa 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch
@@ -1,7 +1,7 @@
 From 15abbcd740eafbf2a46b5da24be76acf4982743d Mon Sep 17 00:00:00 2001
 From: Yashpal Dutta <yashpal.dutta@freescale.com>
 Date: Tue, 11 Mar 2014 05:56:54 +0545
-Subject: [PATCH 05/17] ECC Support header for Cryptodev Engine
+Subject: [PATCH 05/26] ECC Support header for Cryptodev Engine
 Upstream-status: Pending
@@ -314,5 +314,5 @@ index 0000000..77aee71
 +};
 +#endif
 -- 
-1.8.3.1
+2.3.5
diff --git a/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch b/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch
index 41f48a2..01c268b 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch
@@ -1,7 +1,7 @@
 From 39a9e609290a8a1163a721915bcde0c7cf8f92f7 Mon Sep 17 00:00:00 2001
 From: Yashpal Dutta <yashpal.dutta@freescale.com>
 Date: Tue, 11 Mar 2014 05:57:47 +0545
-Subject: [PATCH 06/17] Fixed private key support for DH
+Subject: [PATCH 06/26] Fixed private key support for DH
 Upstream-status: Pending
@@ -29,5 +29,5 @@ index 02ec2d4..ed32004 100644
        return 1;
        }
 -- 
-1.8.3.1
+2.3.5
diff --git a/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch b/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch
index f507fff..12fcd7d 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch
@@ -1,7 +1,7 @@
 From 8322e4157bf49d992b5b9e460f2c0785865dd1c1 Mon Sep 17 00:00:00 2001
 From: Yashpal Dutta <yashpal.dutta@freescale.com>
 Date: Thu, 20 Mar 2014 19:55:51 -0500
-Subject: [PATCH 07/17] Fixed private key support for DH
+Subject: [PATCH 07/26] Fixed private key support for DH
 Upstream-status: Pending
@@ -31,5 +31,5 @@ index ed32004..02ec2d4 100644
        return 1;
        }
 -- 
-1.8.3.1
+2.3.5
diff --git a/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch
index 6903c88..8c8b1f2 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch
@@ -1,7 +1,7 @@
 From 107a10d45db0f2e58482f698add04ed9183f7268 Mon Sep 17 00:00:00 2001
 From: Yashpal Dutta <yashpal.dutta@freescale.com>
 Date: Tue, 11 Mar 2014 06:29:52 +0545
-Subject: [PATCH 08/17] Initial support for PKC in cryptodev engine
+Subject: [PATCH 08/26] Initial support for PKC in cryptodev engine
 Upstream-status: Pending
@@ -1560,5 +1560,5 @@ index e3eb98b..7ee314b 100644
        }
 
 -- 
-1.8.3.1
+2.3.5
diff --git a/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch b/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch
index 6a69c32..0fb0182 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch
@@ -1,7 +1,7 @@
 From 81c4c62a4f5f5542843381bfb34e39a6171d5cdd Mon Sep 17 00:00:00 2001
 From: Yashpal Dutta <yashpal.dutta@freescale.com>
 Date: Tue, 11 Mar 2014 06:42:59 +0545
-Subject: [PATCH 09/17] Added hwrng dev file as source of RNG
+Subject: [PATCH 09/26] Added hwrng dev file as source of RNG
 Upstream-status: Pending
@@ -24,5 +24,5 @@ index 6a0aad1..57c0563 100644
 #ifndef DEVRANDOM_EGD
 /* set this to a comma-seperated list of 'egd' sockets to try out. These
 -- 
-1.8.3.1
+2.3.5
diff --git a/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch b/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
index b7702d1..0f889c0 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
@@ -1,7 +1,7 @@
 From a933e6341fd8989bdd82f8a5446b6f04aa00eef9 Mon Sep 17 00:00:00 2001
 From: Yashpal Dutta <yashpal.dutta@freescale.com>
 Date: Tue, 11 Mar 2014 07:14:30 +0545
-Subject: [PATCH 10/17] Asynchronous interface added for PKC cryptodev
+Subject: [PATCH 10/26] Asynchronous interface added for PKC cryptodev
 interface
 Upstream-status: Pending
@@ -2035,5 +2035,5 @@ index 5f269e5..6ef1b15 100644
        int (*finish)(RSA *rsa);        /* called at free */
        int flags;                      /* RSA_METHOD_FLAG_* things */
 -- 
-1.8.3.1
+2.3.5
diff --git a/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch b/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
index 5e74298..244d230 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
@@ -1,7 +1,7 @@
 From e4fc051f8ae1c093b25ca346c2ec351ff3b700d1 Mon Sep 17 00:00:00 2001
 From: Hou Zhiqiang <B48286@freescale.com>
 Date: Wed, 2 Apr 2014 16:10:43 +0800
-Subject: [PATCH 11/17] Add RSA keygen operation and support gendsa command
+Subject: [PATCH 11/26] Add RSA keygen operation and support gendsa command
 with hardware engine
 Upstream-status: Pending
@@ -149,5 +149,5 @@ index 9f2416e..b2919a8 100644
        }
 
 -- 
-1.8.3.1
+2.3.5
diff --git a/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch b/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch
index 4489973..7f907da 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch
@@ -1,7 +1,7 @@
 From ac777f046da7151386d667391362ecb553ceee90 Mon Sep 17 00:00:00 2001
 From: Yashpal Dutta <yashpal.dutta@freescale.com>
 Date: Wed, 16 Apr 2014 22:53:04 +0545
-Subject: [PATCH 12/17] RSA Keygen Fix
+Subject: [PATCH 12/26] RSA Keygen Fix
 Upstream-status: Pending
@@ -60,5 +60,5 @@ index b2919a8..ed5f20f 100644
        return ret;
 
 -- 
-1.8.3.1
+2.3.5
diff --git a/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch b/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch
index 183f3fb..c9d8ace 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch
@@ -1,7 +1,7 @@
 From 6aaa306cdf878250d7b6eaf30978de313653886b Mon Sep 17 00:00:00 2001
 From: Yashpal Dutta <yashpal.dutta@freescale.com>
 Date: Thu, 17 Apr 2014 06:57:59 +0545
-Subject: [PATCH 13/17] Removed local copy of curve_t type
+Subject: [PATCH 13/26] Removed local copy of curve_t type
 Upstream-status: Pending
@@ -160,5 +160,5 @@ index 77aee71..a4b8da5 100644
 -};
 #endif
 -- 
-1.8.3.1
+2.3.5
diff --git a/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch b/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch
index 46846f8..198bed7 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch
@@ -1,7 +1,7 @@
 From 14623ca9e417ccef1ad3f4138acfac0ebe682f1f Mon Sep 17 00:00:00 2001
 From: Yashpal Dutta <yashpal.dutta@freescale.com>
 Date: Tue, 22 Apr 2014 22:58:33 +0545
-Subject: [PATCH 14/17] Modulus parameter is not populated by dhparams
+Subject: [PATCH 14/26] Modulus parameter is not populated by dhparams
 Upstream-status: Pending
@@ -39,5 +39,5 @@ index 5d883fa..6d69336 100644
        kop.crk_param[2].crp_p = g;
        kop.crk_param[2].crp_nbits = g_len * 8;
 -- 
-1.8.3.1
+2.3.5
diff --git a/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch b/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch
index c20f9d7..59330a1 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch
@@ -1,7 +1,7 @@
 From 10be401a33e6ebcc325d6747914c70595cd53d0a Mon Sep 17 00:00:00 2001
 From: Yashpal Dutta <yashpal.dutta@freescale.com>
 Date: Thu, 24 Apr 2014 00:35:34 +0545
-Subject: [PATCH 15/17] SW Backoff mechanism for dsa keygen
+Subject: [PATCH 15/26] SW Backoff mechanism for dsa keygen
 Upstream-status: Pending
@@ -49,5 +49,5 @@ index 6d69336..dab8fea 100644
        }
        return ret;
 -- 
-1.8.3.1
+2.3.5
diff --git a/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch b/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch
index abcc2ef..8923cb6 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch
@@ -1,7 +1,7 @@
 From d2c868c6370bcc0d0a254e641907da2cdf992d62 Mon Sep 17 00:00:00 2001
 From: Yashpal Dutta <yashpal.dutta@freescale.com>
 Date: Thu, 1 May 2014 06:35:45 +0545
-Subject: [PATCH 16/17] Fixed DH keygen pair generator
+Subject: [PATCH 16/26] Fixed DH keygen pair generator
 Upstream-status: Pending
@@ -96,5 +96,5 @@ index dab8fea..13d924f 100644
 sw_try:
        {
 -- 
-1.8.3.1
+2.3.5
diff --git a/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch b/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
index a71bb45..bd9e61a 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
@@ -1,7 +1,7 @@
 From 11b55103463bac614e00d74e9f196ec4ec6bade1 Mon Sep 17 00:00:00 2001
 From: Cristian Stoica <cristian.stoica@freescale.com>
 Date: Mon, 16 Jun 2014 14:06:21 +0300
-Subject: [PATCH 17/17] cryptodev: add support for aes-gcm algorithm offloading
+Subject: [PATCH 17/26] cryptodev: add support for aes-gcm algorithm offloading
 Change-Id: I3b77dc5ef8b8f707309549244a02852d95b36168
 Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
@@ -305,5 +305,5 @@ index 13d924f..4493490 100644
                *cipher = NULL;
                break;
 -- 
-1.8.3.1
+2.3.5
diff --git a/recipes-connectivity/openssl/openssl-fsl/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch b/recipes-connectivity/openssl/openssl-fsl/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
new file mode 100644
index 0000000..1118a6f
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
@@ -0,0 +1,193 @@
+From 21e3ca4ec77f9258aa4001f07faac1c4942b48b4 Mon Sep 17 00:00:00 2001
+From: Tudor Ambarus <tudor.ambarus@freescale.com>
+Date: Fri, 9 May 2014 17:54:06 +0300
+Subject: [PATCH 18/26] eng_cryptodev: extend TLS offload with
+ 3des_cbc_hmac_sha1
+Both obj_mac.h and obj_dat.h were generated using the scripts
+from crypto/objects:
+$ cd crypto/objects
+$ perl objects.pl objects.txt obj_mac.num obj_mac.h
+$ perl obj_dat.pl obj_mac.h obj_dat.h
+Change-Id: I94f13cdd09df67e33e6acd3c00aab47cb358ac46
+Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/34001
+---
+ crypto/engine/eng_cryptodev.c | 24 ++++++++++++++++++++++++
+ crypto/objects/obj_dat.h      | 10 +++++++---
+ crypto/objects/obj_mac.h      |  4 ++++
+ crypto/objects/obj_mac.num    |  1 +
+ crypto/objects/objects.txt    |  1 +
+ ssl/ssl_ciph.c                |  4 ++++
+ 6 files changed, 41 insertions(+), 3 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 79b2678..299e84b 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -135,6 +135,7 @@ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
+ void ENGINE_load_cryptodev(void);
+ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
+ 
+ inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin,  int *bin_len)
+ {
+@@ -252,6 +253,7 @@ static struct {
+        { CRYPTO_BLF_CBC,       NID_bf_cbc,       8,  16, 0},
+        { CRYPTO_CAST_CBC,      NID_cast5_cbc,    8,  16, 0},
+        { CRYPTO_SKIPJACK_CBC,  NID_undef,        0,  0,  0},
+       { CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20},
+        { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
+        { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
+        { CRYPTO_AES_GCM,       NID_aes_128_gcm,  16, 16, 0},
+@@ -466,6 +468,9 @@ cryptodev_usable_ciphers(const int **nids)
+                case NID_aes_256_cbc_hmac_sha1:
+                        EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
+                        break;
+               case NID_des_ede3_cbc_hmac_sha1:
+                       EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
+                       break;
+                }
+        }
+        return count;
+@@ -571,6 +576,7 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+        switch (ctx->cipher->nid) {
+        case NID_aes_128_cbc_hmac_sha1:
+        case NID_aes_256_cbc_hmac_sha1:
+       case NID_des_ede3_cbc_hmac_sha1:
+                cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
+        }
+        cryp.ses = sess->ses;
+@@ -763,6 +769,7 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                switch (ctx->cipher->nid) {
+                case NID_aes_128_cbc_hmac_sha1:
+                case NID_aes_256_cbc_hmac_sha1:
+               case NID_des_ede3_cbc_hmac_sha1:
+                        maclen = SHA_DIGEST_LENGTH;
+                }
+ 
+@@ -1082,6 +1089,20 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
+        NULL
+ };
+ 
+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1 = {
+       NID_des_ede3_cbc_hmac_sha1,
+       8, 24, 8,
+       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
+       cryptodev_init_aead_key,
+       cryptodev_aead_cipher,
+       cryptodev_cleanup,
+       sizeof(struct dev_crypto_state),
+       EVP_CIPHER_set_asn1_iv,
+       EVP_CIPHER_get_asn1_iv,
+       cryptodev_cbc_hmac_sha1_ctrl,
+       NULL
+};
+
+ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
+        NID_aes_128_cbc_hmac_sha1,
+        16, 16, 16,
+@@ -1163,6 +1184,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+        case NID_aes_256_cbc:
+                *cipher = &cryptodev_aes_256_cbc;
+                break;
+       case NID_des_ede3_cbc_hmac_sha1:
+               *cipher = &cryptodev_3des_cbc_hmac_sha1;
+               break;
+        case NID_aes_128_cbc_hmac_sha1:
+                *cipher = &cryptodev_aes_128_cbc_hmac_sha1;
+                break;
+diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
+index bc69665..9f2267a 100644
+--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
+@@ -62,9 +62,9 @@
+  * [including the GNU Public Licence.]
+  */
+ 
+-#define NUM_NID 920
+-#define NUM_SN 913
+-#define NUM_LN 913
+#define NUM_NID 921
+#define NUM_SN 914
+#define NUM_LN 914
+ #define NUM_OBJ 857
+ 
+ static const unsigned char lvalues[5974]={
+@@ -2399,6 +2399,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
+ {"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1",
+        NID_aes_256_cbc_hmac_sha1,0,NULL,0},
+ {"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0},
+{"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
+       NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
+ };
+ 
+ static const unsigned int sn_objs[NUM_SN]={
+@@ -2474,6 +2476,7 @@ static const unsigned int sn_objs[NUM_SN]={
+ 62,    /* "DES-EDE-OFB" */
+ 33,    /* "DES-EDE3" */
+ 44,    /* "DES-EDE3-CBC" */
+920,   /* "DES-EDE3-CBC-HMAC-SHA1" */
+ 61,    /* "DES-EDE3-CFB" */
+ 658,   /* "DES-EDE3-CFB1" */
+ 659,   /* "DES-EDE3-CFB8" */
+@@ -3585,6 +3588,7 @@ static const unsigned int ln_objs[NUM_LN]={
+ 62,    /* "des-ede-ofb" */
+ 33,    /* "des-ede3" */
+ 44,    /* "des-ede3-cbc" */
+920,   /* "des-ede3-cbc-hmac-sha1" */
+ 61,    /* "des-ede3-cfb" */
+ 658,   /* "des-ede3-cfb1" */
+ 659,   /* "des-ede3-cfb8" */
+diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
+index b5ea7cd..8751902 100644
+--- a/crypto/objects/obj_mac.h
+++ b/crypto/objects/obj_mac.h
+@@ -4030,3 +4030,7 @@
+ #define LN_aes_256_cbc_hmac_sha1               "aes-256-cbc-hmac-sha1"
+ #define NID_aes_256_cbc_hmac_sha1              918
+ 
+#define SN_des_ede3_cbc_hmac_sha1              "DES-EDE3-CBC-HMAC-SHA1"
+#define LN_des_ede3_cbc_hmac_sha1              "des-ede3-cbc-hmac-sha1"
+#define NID_des_ede3_cbc_hmac_sha1             920
+
+diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
+index 1d0a7c8..9d44bb5 100644
+--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
+@@ -917,3 +917,4 @@ aes_128_cbc_hmac_sha1               916
+ aes_192_cbc_hmac_sha1          917
+ aes_256_cbc_hmac_sha1          918
+ rsaesOaep              919
+des_ede3_cbc_hmac_sha1         920
+diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
+index d3bfad7..90d2fc5 100644
+--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
+@@ -1290,3 +1290,4 @@ kisa 1 6                : SEED-OFB      : seed-ofb
+                        : AES-128-CBC-HMAC-SHA1         : aes-128-cbc-hmac-sha1
+                        : AES-192-CBC-HMAC-SHA1         : aes-192-cbc-hmac-sha1
+                        : AES-256-CBC-HMAC-SHA1         : aes-256-cbc-hmac-sha1
+                       : DES-EDE3-CBC-HMAC-SHA1        : des-ede3-cbc-hmac-sha1
+diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
+index 8188ff5..310fe76 100644
+--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
+@@ -639,6 +639,10 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+                         c->algorithm_mac == SSL_SHA1 &&
+                         (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
+                        *enc = evp, *md = NULL;
+               else if (c->algorithm_enc == SSL_3DES &&
+                        c->algorithm_mac == SSL_SHA1 &&
+                        (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
+                       *enc = evp, *md = NULL;
+                return(1);
+                }
+        else
+-- 
+2.3.5
diff --git a/recipes-connectivity/openssl/openssl-fsl/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch b/recipes-connectivity/openssl/openssl-fsl/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
new file mode 100644
index 0000000..988d79e
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
@@ -0,0 +1,355 @@
+From 1de2b740a3bdcd8e98abb5f4e176d46fd817b932 Mon Sep 17 00:00:00 2001
+From: Tudor Ambarus <tudor.ambarus@freescale.com>
+Date: Tue, 31 Mar 2015 16:30:17 +0300
+Subject: [PATCH 19/26] eng_cryptodev: add support for TLSv1.1 record offload
+Supported cipher suites:
+- 3des-ede-cbc-sha
+- aes-128-cbc-hmac-sha
+- aes-256-cbc-hmac-sha
+Requires TLS patches on cryptodev and TLS algorithm support in Linux
+kernel driver.
+Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
+Change-Id: Id414f36a528de3f476b72688cf85714787d7ccae
+Reviewed-on: http://git.am.freescale.net:8181/34002
+Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 101 ++++++++++++++++++++++++++++++++++++++----
+ crypto/objects/obj_dat.h      |  18 ++++++--
+ crypto/objects/obj_mac.h      |  12 +++++
+ crypto/objects/obj_mac.num    |   3 ++
+ crypto/objects/objects.txt    |   3 ++
+ ssl/ssl_ciph.c                |  26 +++++++++--
+ 6 files changed, 148 insertions(+), 15 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 299e84b..f71ab27 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -66,6 +66,7 @@ ENGINE_load_cryptodev(void)
+ #include <sys/ioctl.h>
+ #include <errno.h>
+ #include <stdio.h>
+#include <stdbool.h>
+ #include <unistd.h>
+ #include <fcntl.h>
+ #include <stdarg.h>
+@@ -133,9 +134,12 @@ static int cryptodev_dh_compute_key(unsigned char *key,
+ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
+     void (*f)(void));
+ void ENGINE_load_cryptodev(void);
+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
+-const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
+const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
+const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
+const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
+ 
+ inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin,  int *bin_len)
+ {
+@@ -256,6 +260,9 @@ static struct {
+        { CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20},
+        { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
+        { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
+       { CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8, 24, 20},
+       { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16, 20},
+       { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32, 20},
+        { CRYPTO_AES_GCM,       NID_aes_128_gcm,  16, 16, 0},
+        { 0, NID_undef, 0, 0, 0},
+ };
+@@ -462,14 +469,23 @@ cryptodev_usable_ciphers(const int **nids)
+        /* add ciphers specific to cryptodev if found in kernel */
+        for(i = 0; i < count; i++) {
+                switch (*(*nids + i)) {
+               case NID_des_ede3_cbc_hmac_sha1:
+                       EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
+                       break;
+                case NID_aes_128_cbc_hmac_sha1:
+                        EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
+                        break;
+                case NID_aes_256_cbc_hmac_sha1:
+                        EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
+                        break;
+-               case NID_des_ede3_cbc_hmac_sha1:
+-                       EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
+               case NID_tls11_des_ede3_cbc_hmac_sha1:
+                       EVP_add_cipher(&cryptodev_tls11_3des_cbc_hmac_sha1);
+                       break;
+               case NID_tls11_aes_128_cbc_hmac_sha1:
+                       EVP_add_cipher(&cryptodev_tls11_aes_128_cbc_hmac_sha1);
+                       break;
+               case NID_tls11_aes_256_cbc_hmac_sha1:
+                       EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
+                        break;
+                }
+        }
+@@ -574,9 +590,12 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ 
+        /* TODO: make a seamless integration with cryptodev flags */
+        switch (ctx->cipher->nid) {
+       case NID_des_ede3_cbc_hmac_sha1:
+        case NID_aes_128_cbc_hmac_sha1:
+        case NID_aes_256_cbc_hmac_sha1:
+-       case NID_des_ede3_cbc_hmac_sha1:
+       case NID_tls11_des_ede3_cbc_hmac_sha1:
+       case NID_tls11_aes_128_cbc_hmac_sha1:
+       case NID_tls11_aes_256_cbc_hmac_sha1:
+                cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
+        }
+        cryp.ses = sess->ses;
+@@ -758,8 +777,9 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                struct dev_crypto_state *state = ctx->cipher_data;
+                unsigned char *p = ptr;
+                unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
+-               unsigned int maclen, padlen;
+               unsigned int maclen, padlen, len;
+                unsigned int bs = ctx->cipher->block_size;
+               bool aad_needs_fix = false;
+ 
+                state->aad = ptr;
+                state->aad_len = arg;
+@@ -767,10 +787,24 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+ 
+                /* TODO: this should be an extension of EVP_CIPHER struct */
+                switch (ctx->cipher->nid) {
+               case NID_des_ede3_cbc_hmac_sha1:
+                case NID_aes_128_cbc_hmac_sha1:
+                case NID_aes_256_cbc_hmac_sha1:
+-               case NID_des_ede3_cbc_hmac_sha1:
+                        maclen = SHA_DIGEST_LENGTH;
+                       break;
+               case NID_tls11_des_ede3_cbc_hmac_sha1:
+               case NID_tls11_aes_128_cbc_hmac_sha1:
+               case NID_tls11_aes_256_cbc_hmac_sha1:
+                       maclen = SHA_DIGEST_LENGTH;
+                       aad_needs_fix = true;
+                       break;
+               }
+
+               /* Correct length for AAD Length field */
+               if (ctx->encrypt && aad_needs_fix) {
+                       len = cryptlen - bs;
+                       p[arg-2] = len >> 8;
+                       p[arg-1] = len & 0xff;
+                }
+ 
+                /* space required for encryption (not only TLS padding) */
+@@ -1131,6 +1165,48 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
+        NULL
+ };
+ 
+const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1 = {
+       NID_tls11_des_ede3_cbc_hmac_sha1,
+       8, 24, 8,
+       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
+       cryptodev_init_aead_key,
+       cryptodev_aead_cipher,
+       cryptodev_cleanup,
+       sizeof(struct dev_crypto_state),
+       EVP_CIPHER_set_asn1_iv,
+       EVP_CIPHER_get_asn1_iv,
+       cryptodev_cbc_hmac_sha1_ctrl,
+       NULL
+};
+
+const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1 = {
+       NID_tls11_aes_128_cbc_hmac_sha1,
+       16, 16, 16,
+       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
+       cryptodev_init_aead_key,
+       cryptodev_aead_cipher,
+       cryptodev_cleanup,
+       sizeof(struct dev_crypto_state),
+       EVP_CIPHER_set_asn1_iv,
+       EVP_CIPHER_get_asn1_iv,
+       cryptodev_cbc_hmac_sha1_ctrl,
+       NULL
+};
+
+const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
+       NID_tls11_aes_256_cbc_hmac_sha1,
+       16, 32, 16,
+       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
+       cryptodev_init_aead_key,
+       cryptodev_aead_cipher,
+       cryptodev_cleanup,
+       sizeof(struct dev_crypto_state),
+       EVP_CIPHER_set_asn1_iv,
+       EVP_CIPHER_get_asn1_iv,
+       cryptodev_cbc_hmac_sha1_ctrl,
+       NULL
+};
+
+ const EVP_CIPHER cryptodev_aes_128_gcm = {
+        NID_aes_128_gcm,
+        1, 16, 12,
+@@ -1184,6 +1260,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+        case NID_aes_256_cbc:
+                *cipher = &cryptodev_aes_256_cbc;
+                break;
+       case NID_aes_128_gcm:
+               *cipher = &cryptodev_aes_128_gcm;
+               break;
+        case NID_des_ede3_cbc_hmac_sha1:
+                *cipher = &cryptodev_3des_cbc_hmac_sha1;
+                break;
+@@ -1193,8 +1272,14 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+        case NID_aes_256_cbc_hmac_sha1:
+                *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
+                break;
+-       case NID_aes_128_gcm:
+-               *cipher = &cryptodev_aes_128_gcm;
+       case NID_tls11_des_ede3_cbc_hmac_sha1:
+               *cipher = &cryptodev_tls11_3des_cbc_hmac_sha1;
+               break;
+       case NID_tls11_aes_128_cbc_hmac_sha1:
+               *cipher = &cryptodev_tls11_aes_128_cbc_hmac_sha1;
+               break;
+       case NID_tls11_aes_256_cbc_hmac_sha1:
+               *cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1;
+                break;
+        default:
+                *cipher = NULL;
+diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
+index 9f2267a..dc89b0a 100644
+--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
+@@ -62,9 +62,9 @@
+  * [including the GNU Public Licence.]
+  */
+ 
+-#define NUM_NID 921
+-#define NUM_SN 914
+-#define NUM_LN 914
+#define NUM_NID 924
+#define NUM_SN 917
+#define NUM_LN 917
+ #define NUM_OBJ 857
+ 
+ static const unsigned char lvalues[5974]={
+@@ -2401,6 +2401,12 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
+ {"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0},
+ {"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
+        NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
+{"TLS11-DES-EDE3-CBC-HMAC-SHA1","tls11-des-ede3-cbc-hmac-sha1",
+       NID_tls11_des_ede3_cbc_hmac_sha1,0,NULL,0},
+{"TLS11-AES-128-CBC-HMAC-SHA1","tls11-aes-128-cbc-hmac-sha1",
+       NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
+{"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
+       NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
+ };
+ 
+ static const unsigned int sn_objs[NUM_SN]={
+@@ -2586,6 +2592,9 @@ static const unsigned int sn_objs[NUM_SN]={
+ 100,   /* "SN" */
+ 16,    /* "ST" */
+ 143,   /* "SXNetID" */
+922,   /* "TLS11-AES-128-CBC-HMAC-SHA1" */
+923,   /* "TLS11-AES-256-CBC-HMAC-SHA1" */
+921,   /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
+ 458,   /* "UID" */
+  0,    /* "UNDEF" */
+ 11,    /* "X500" */
+@@ -4205,6 +4214,9 @@ static const unsigned int ln_objs[NUM_LN]={
+ 459,   /* "textEncodedORAddress" */
+ 293,   /* "textNotice" */
+ 106,   /* "title" */
+922,   /* "tls11-aes-128-cbc-hmac-sha1" */
+923,   /* "tls11-aes-256-cbc-hmac-sha1" */
+921,   /* "tls11-des-ede3-cbc-hmac-sha1" */
+ 682,   /* "tpBasis" */
+ 436,   /* "ucl" */
+  0,    /* "undefined" */
+diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
+index 8751902..f181890 100644
+--- a/crypto/objects/obj_mac.h
+++ b/crypto/objects/obj_mac.h
+@@ -4034,3 +4034,15 @@
+ #define LN_des_ede3_cbc_hmac_sha1              "des-ede3-cbc-hmac-sha1"
+ #define NID_des_ede3_cbc_hmac_sha1             920
+ 
+#define SN_tls11_des_ede3_cbc_hmac_sha1                "TLS11-DES-EDE3-CBC-HMAC-SHA1"
+#define LN_tls11_des_ede3_cbc_hmac_sha1                "tls11-des-ede3-cbc-hmac-sha1"
+#define NID_tls11_des_ede3_cbc_hmac_sha1               921
+
+#define SN_tls11_aes_128_cbc_hmac_sha1         "TLS11-AES-128-CBC-HMAC-SHA1"
+#define LN_tls11_aes_128_cbc_hmac_sha1         "tls11-aes-128-cbc-hmac-sha1"
+#define NID_tls11_aes_128_cbc_hmac_sha1                922
+
+#define SN_tls11_aes_256_cbc_hmac_sha1         "TLS11-AES-256-CBC-HMAC-SHA1"
+#define LN_tls11_aes_256_cbc_hmac_sha1         "tls11-aes-256-cbc-hmac-sha1"
+#define NID_tls11_aes_256_cbc_hmac_sha1                923
+
+diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
+index 9d44bb5..a02b58c 100644
+--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
+@@ -918,3 +918,6 @@ aes_192_cbc_hmac_sha1               917
+ aes_256_cbc_hmac_sha1          918
+ rsaesOaep              919
+ des_ede3_cbc_hmac_sha1         920
+tls11_des_ede3_cbc_hmac_sha1           921
+tls11_aes_128_cbc_hmac_sha1            922
+tls11_aes_256_cbc_hmac_sha1            923
+diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
+index 90d2fc5..1973658 100644
+--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
+@@ -1291,3 +1291,6 @@ kisa 1 6                : SEED-OFB      : seed-ofb
+                        : AES-192-CBC-HMAC-SHA1         : aes-192-cbc-hmac-sha1
+                        : AES-256-CBC-HMAC-SHA1         : aes-256-cbc-hmac-sha1
+                        : DES-EDE3-CBC-HMAC-SHA1        : des-ede3-cbc-hmac-sha1
+                       : TLS11-DES-EDE3-CBC-HMAC-SHA1  : tls11-des-ede3-cbc-hmac-sha1
+                       : TLS11-AES-128-CBC-HMAC-SHA1   : tls11-aes-128-cbc-hmac-sha1
+                       : TLS11-AES-256-CBC-HMAC-SHA1   : tls11-aes-256-cbc-hmac-sha1
+diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
+index 310fe76..0408986 100644
+--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
+@@ -631,17 +631,35 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+                         c->algorithm_mac == SSL_MD5 &&
+                         (evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
+                        *enc = evp, *md = NULL;
+-               else if (c->algorithm_enc == SSL_AES128 &&
+               else if (s->ssl_version == TLS1_VERSION &&
+                        c->algorithm_enc == SSL_3DES &&
+                        c->algorithm_mac == SSL_SHA1 &&
+                        (evp=EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
+                       *enc = evp, *md = NULL;
+               else if (s->ssl_version == TLS1_VERSION &&
+                        c->algorithm_enc == SSL_AES128 &&
+                         c->algorithm_mac == SSL_SHA1 &&
+                         (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
+                        *enc = evp, *md = NULL;
+-               else if (c->algorithm_enc == SSL_AES256 &&
+               else if (s->ssl_version == TLS1_VERSION &&
+                        c->algorithm_enc == SSL_AES256 &&
+                         c->algorithm_mac == SSL_SHA1 &&
+                         (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
+                        *enc = evp, *md = NULL;
+-               else if (c->algorithm_enc == SSL_3DES &&
+               else if (s->ssl_version == TLS1_1_VERSION &&
+                        c->algorithm_enc == SSL_3DES &&
+                        c->algorithm_mac == SSL_SHA1 &&
+                        (evp=EVP_get_cipherbyname("TLS11-DES-EDE3-CBC-HMAC-SHA1")))
+                       *enc = evp, *md = NULL;
+               else if (s->ssl_version == TLS1_1_VERSION &&
+                        c->algorithm_enc == SSL_AES128 &&
+                        c->algorithm_mac == SSL_SHA1 &&
+                        (evp=EVP_get_cipherbyname("TLS11-AES-128-CBC-HMAC-SHA1")))
+                       *enc = evp, *md = NULL;
+               else if (s->ssl_version == TLS1_1_VERSION &&
+                        c->algorithm_enc == SSL_AES256 &&
+                         c->algorithm_mac == SSL_SHA1 &&
+-                        (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
+                        (evp=EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
+                        *enc = evp, *md = NULL;
+                return(1);
+                }
+-- 
+2.3.5
diff --git a/recipes-connectivity/openssl/openssl-fsl/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch b/recipes-connectivity/openssl/openssl-fsl/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
new file mode 100644
index 0000000..7370c49
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
@@ -0,0 +1,359 @@
+From a58703e6601fcfcfe69fdb3e7152ed76b40d67e9 Mon Sep 17 00:00:00 2001
+From: Tudor Ambarus <tudor.ambarus@freescale.com>
+Date: Tue, 31 Mar 2015 16:32:35 +0300
+Subject: [PATCH 20/26] eng_cryptodev: add support for TLSv1.2 record offload
+Supported cipher suites:
+- 3des-ede-cbc-sha
+- aes-128-cbc-hmac-sha
+- aes-256-cbc-hmac-sha
+- aes-128-cbc-hmac-sha256
+- aes-256-cbc-hmac-sha256
+Requires TLS patches on cryptodev and TLS algorithm support in Linux
+kernel driver.
+Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
+Change-Id: I0ac6953dd62e2655a59d8f3eaefd012b7ecebf55
+Reviewed-on: http://git.am.freescale.net:8181/34003
+Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 123 ++++++++++++++++++++++++++++++++++++++++++
+ crypto/objects/obj_dat.h      |  26 +++++++--
+ crypto/objects/obj_mac.h      |  20 +++++++
+ crypto/objects/obj_mac.num    |   5 ++
+ crypto/objects/objects.txt    |   5 ++
+ ssl/ssl_ciph.c                |  25 +++++++++
+ 6 files changed, 201 insertions(+), 3 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index f71ab27..fa5fe1b 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -140,6 +140,11 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1;
+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1;
+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1;
+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256;
+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256;
+ 
+ inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin,  int *bin_len)
+ {
+@@ -263,6 +268,11 @@ static struct {
+        { CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8, 24, 20},
+        { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16, 20},
+        { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32, 20},
+       { CRYPTO_TLS12_3DES_CBC_HMAC_SHA1, NID_tls12_des_ede3_cbc_hmac_sha1, 8, 24, 20},
+       { CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_128_cbc_hmac_sha1, 16, 16, 20},
+       { CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_256_cbc_hmac_sha1, 16, 32, 20},
+       { CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_128_cbc_hmac_sha256, 16, 16, 32},
+       { CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_256_cbc_hmac_sha256, 16, 32, 32},
+        { CRYPTO_AES_GCM,       NID_aes_128_gcm,  16, 16, 0},
+        { 0, NID_undef, 0, 0, 0},
+ };
+@@ -487,6 +497,21 @@ cryptodev_usable_ciphers(const int **nids)
+                case NID_tls11_aes_256_cbc_hmac_sha1:
+                        EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
+                        break;
+               case NID_tls12_des_ede3_cbc_hmac_sha1:
+                       EVP_add_cipher(&cryptodev_tls12_3des_cbc_hmac_sha1);
+                       break;
+               case NID_tls12_aes_128_cbc_hmac_sha1:
+                       EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha1);
+                       break;
+               case NID_tls12_aes_256_cbc_hmac_sha1:
+                       EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha1);
+                       break;
+               case NID_tls12_aes_128_cbc_hmac_sha256:
+                       EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha256);
+                       break;
+               case NID_tls12_aes_256_cbc_hmac_sha256:
+                       EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha256);
+                       break;
+                }
+        }
+        return count;
+@@ -596,6 +621,11 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+        case NID_tls11_des_ede3_cbc_hmac_sha1:
+        case NID_tls11_aes_128_cbc_hmac_sha1:
+        case NID_tls11_aes_256_cbc_hmac_sha1:
+       case NID_tls12_des_ede3_cbc_hmac_sha1:
+       case NID_tls12_aes_128_cbc_hmac_sha1:
+       case NID_tls12_aes_256_cbc_hmac_sha1:
+       case NID_tls12_aes_128_cbc_hmac_sha256:
+       case NID_tls12_aes_256_cbc_hmac_sha256:
+                cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
+        }
+        cryp.ses = sess->ses;
+@@ -795,9 +825,17 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                case NID_tls11_des_ede3_cbc_hmac_sha1:
+                case NID_tls11_aes_128_cbc_hmac_sha1:
+                case NID_tls11_aes_256_cbc_hmac_sha1:
+               case NID_tls12_des_ede3_cbc_hmac_sha1:
+               case NID_tls12_aes_128_cbc_hmac_sha1:
+               case NID_tls12_aes_256_cbc_hmac_sha1:
+                        maclen = SHA_DIGEST_LENGTH;
+                        aad_needs_fix = true;
+                        break;
+               case NID_tls12_aes_128_cbc_hmac_sha256:
+               case NID_tls12_aes_256_cbc_hmac_sha256:
+                       maclen = SHA256_DIGEST_LENGTH;
+                       aad_needs_fix = true;
+                       break;
+                }
+ 
+                /* Correct length for AAD Length field */
+@@ -1207,6 +1245,76 @@ const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
+        NULL
+ };
+ 
+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1 = {
+       NID_tls12_des_ede3_cbc_hmac_sha1,
+       8, 24, 8,
+       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
+       cryptodev_init_aead_key,
+       cryptodev_aead_cipher,
+       cryptodev_cleanup,
+       sizeof(struct dev_crypto_state),
+       EVP_CIPHER_set_asn1_iv,
+       EVP_CIPHER_get_asn1_iv,
+       cryptodev_cbc_hmac_sha1_ctrl,
+       NULL
+};
+
+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1 = {
+       NID_tls12_aes_128_cbc_hmac_sha1,
+       16, 16, 16,
+       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
+       cryptodev_init_aead_key,
+       cryptodev_aead_cipher,
+       cryptodev_cleanup,
+       sizeof(struct dev_crypto_state),
+       EVP_CIPHER_set_asn1_iv,
+       EVP_CIPHER_get_asn1_iv,
+       cryptodev_cbc_hmac_sha1_ctrl,
+       NULL
+};
+
+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1 = {
+       NID_tls12_aes_256_cbc_hmac_sha1,
+       16, 32, 16,
+       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
+       cryptodev_init_aead_key,
+       cryptodev_aead_cipher,
+       cryptodev_cleanup,
+       sizeof(struct dev_crypto_state),
+       EVP_CIPHER_set_asn1_iv,
+       EVP_CIPHER_get_asn1_iv,
+       cryptodev_cbc_hmac_sha1_ctrl,
+       NULL
+};
+
+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256 = {
+       NID_tls12_aes_128_cbc_hmac_sha256,
+       16, 16, 16,
+       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
+       cryptodev_init_aead_key,
+       cryptodev_aead_cipher,
+       cryptodev_cleanup,
+       sizeof(struct dev_crypto_state),
+       EVP_CIPHER_set_asn1_iv,
+       EVP_CIPHER_get_asn1_iv,
+       cryptodev_cbc_hmac_sha1_ctrl,
+       NULL
+};
+
+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256 = {
+       NID_tls12_aes_256_cbc_hmac_sha256,
+       16, 32, 16,
+       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
+       cryptodev_init_aead_key,
+       cryptodev_aead_cipher,
+       cryptodev_cleanup,
+       sizeof(struct dev_crypto_state),
+       EVP_CIPHER_set_asn1_iv,
+       EVP_CIPHER_get_asn1_iv,
+       cryptodev_cbc_hmac_sha1_ctrl,
+       NULL
+};
+
+ const EVP_CIPHER cryptodev_aes_128_gcm = {
+        NID_aes_128_gcm,
+        1, 16, 12,
+@@ -1281,6 +1389,21 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+        case NID_tls11_aes_256_cbc_hmac_sha1:
+                *cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1;
+                break;
+       case NID_tls12_des_ede3_cbc_hmac_sha1:
+               *cipher = &cryptodev_tls12_3des_cbc_hmac_sha1;
+               break;
+       case NID_tls12_aes_128_cbc_hmac_sha1:
+               *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha1;
+               break;
+       case NID_tls12_aes_256_cbc_hmac_sha1:
+               *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha1;
+               break;
+       case NID_tls12_aes_128_cbc_hmac_sha256:
+               *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha256;
+               break;
+       case NID_tls12_aes_256_cbc_hmac_sha256:
+               *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha256;
+               break;
+        default:
+                *cipher = NULL;
+                break;
+diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
+index dc89b0a..dfe19da 100644
+--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
+@@ -62,9 +62,9 @@
+  * [including the GNU Public Licence.]
+  */
+ 
+-#define NUM_NID 924
+-#define NUM_SN 917
+-#define NUM_LN 917
+#define NUM_NID 929
+#define NUM_SN 922
+#define NUM_LN 922
+ #define NUM_OBJ 857
+ 
+ static const unsigned char lvalues[5974]={
+@@ -2407,6 +2407,16 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
+        NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
+ {"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
+        NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
+{"TLS12-DES-EDE3-CBC-HMAC-SHA1","tls12-des-ede3-cbc-hmac-sha1",
+       NID_tls12_des_ede3_cbc_hmac_sha1,0,NULL,0},
+{"TLS12-AES-128-CBC-HMAC-SHA1","tls12-aes-128-cbc-hmac-sha1",
+       NID_tls12_aes_128_cbc_hmac_sha1,0,NULL,0},
+{"TLS12-AES-256-CBC-HMAC-SHA1","tls12-aes-256-cbc-hmac-sha1",
+       NID_tls12_aes_256_cbc_hmac_sha1,0,NULL,0},
+{"TLS12-AES-128-CBC-HMAC-SHA256","tls12-aes-128-cbc-hmac-sha256",
+       NID_tls12_aes_128_cbc_hmac_sha256,0,NULL,0},
+{"TLS12-AES-256-CBC-HMAC-SHA256","tls12-aes-256-cbc-hmac-sha256",
+       NID_tls12_aes_256_cbc_hmac_sha256,0,NULL,0},
+ };
+ 
+ static const unsigned int sn_objs[NUM_SN]={
+@@ -2595,6 +2605,11 @@ static const unsigned int sn_objs[NUM_SN]={
+ 922,   /* "TLS11-AES-128-CBC-HMAC-SHA1" */
+ 923,   /* "TLS11-AES-256-CBC-HMAC-SHA1" */
+ 921,   /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
+925,   /* "TLS12-AES-128-CBC-HMAC-SHA1" */
+927,   /* "TLS12-AES-128-CBC-HMAC-SHA256" */
+926,   /* "TLS12-AES-256-CBC-HMAC-SHA1" */
+928,   /* "TLS12-AES-256-CBC-HMAC-SHA256" */
+924,   /* "TLS12-DES-EDE3-CBC-HMAC-SHA1" */
+ 458,   /* "UID" */
+  0,    /* "UNDEF" */
+ 11,    /* "X500" */
+@@ -4217,6 +4232,11 @@ static const unsigned int ln_objs[NUM_LN]={
+ 922,   /* "tls11-aes-128-cbc-hmac-sha1" */
+ 923,   /* "tls11-aes-256-cbc-hmac-sha1" */
+ 921,   /* "tls11-des-ede3-cbc-hmac-sha1" */
+925,   /* "tls12-aes-128-cbc-hmac-sha1" */
+927,   /* "tls12-aes-128-cbc-hmac-sha256" */
+926,   /* "tls12-aes-256-cbc-hmac-sha1" */
+928,   /* "tls12-aes-256-cbc-hmac-sha256" */
+924,   /* "tls12-des-ede3-cbc-hmac-sha1" */
+ 682,   /* "tpBasis" */
+ 436,   /* "ucl" */
+  0,    /* "undefined" */
+diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
+index f181890..5af125e 100644
+--- a/crypto/objects/obj_mac.h
+++ b/crypto/objects/obj_mac.h
+@@ -4046,3 +4046,23 @@
+ #define LN_tls11_aes_256_cbc_hmac_sha1         "tls11-aes-256-cbc-hmac-sha1"
+ #define NID_tls11_aes_256_cbc_hmac_sha1                923
+ 
+#define SN_tls12_des_ede3_cbc_hmac_sha1                "TLS12-DES-EDE3-CBC-HMAC-SHA1"
+#define LN_tls12_des_ede3_cbc_hmac_sha1                "tls12-des-ede3-cbc-hmac-sha1"
+#define NID_tls12_des_ede3_cbc_hmac_sha1               924
+
+#define SN_tls12_aes_128_cbc_hmac_sha1         "TLS12-AES-128-CBC-HMAC-SHA1"
+#define LN_tls12_aes_128_cbc_hmac_sha1         "tls12-aes-128-cbc-hmac-sha1"
+#define NID_tls12_aes_128_cbc_hmac_sha1                925
+
+#define SN_tls12_aes_256_cbc_hmac_sha1         "TLS12-AES-256-CBC-HMAC-SHA1"
+#define LN_tls12_aes_256_cbc_hmac_sha1         "tls12-aes-256-cbc-hmac-sha1"
+#define NID_tls12_aes_256_cbc_hmac_sha1                926
+
+#define SN_tls12_aes_128_cbc_hmac_sha256               "TLS12-AES-128-CBC-HMAC-SHA256"
+#define LN_tls12_aes_128_cbc_hmac_sha256               "tls12-aes-128-cbc-hmac-sha256"
+#define NID_tls12_aes_128_cbc_hmac_sha256              927
+
+#define SN_tls12_aes_256_cbc_hmac_sha256               "TLS12-AES-256-CBC-HMAC-SHA256"
+#define LN_tls12_aes_256_cbc_hmac_sha256               "tls12-aes-256-cbc-hmac-sha256"
+#define NID_tls12_aes_256_cbc_hmac_sha256              928
+
+diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
+index a02b58c..deeba3a 100644
+--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
+@@ -921,3 +921,8 @@ des_ede3_cbc_hmac_sha1              920
+ tls11_des_ede3_cbc_hmac_sha1           921
+ tls11_aes_128_cbc_hmac_sha1            922
+ tls11_aes_256_cbc_hmac_sha1            923
+tls12_des_ede3_cbc_hmac_sha1           924
+tls12_aes_128_cbc_hmac_sha1            925
+tls12_aes_256_cbc_hmac_sha1            926
+tls12_aes_128_cbc_hmac_sha256          927
+tls12_aes_256_cbc_hmac_sha256          928
+diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
+index 1973658..6e4ac93 100644
+--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
+@@ -1294,3 +1294,8 @@ kisa 1 6                : SEED-OFB      : seed-ofb
+                        : TLS11-DES-EDE3-CBC-HMAC-SHA1  : tls11-des-ede3-cbc-hmac-sha1
+                        : TLS11-AES-128-CBC-HMAC-SHA1   : tls11-aes-128-cbc-hmac-sha1
+                        : TLS11-AES-256-CBC-HMAC-SHA1   : tls11-aes-256-cbc-hmac-sha1
+                       : TLS12-DES-EDE3-CBC-HMAC-SHA1  : tls12-des-ede3-cbc-hmac-sha1
+                       : TLS12-AES-128-CBC-HMAC-SHA1   : tls12-aes-128-cbc-hmac-sha1
+                       : TLS12-AES-256-CBC-HMAC-SHA1   : tls12-aes-256-cbc-hmac-sha1
+                       : TLS12-AES-128-CBC-HMAC-SHA256 : tls12-aes-128-cbc-hmac-sha256
+                       : TLS12-AES-256-CBC-HMAC-SHA256 : tls12-aes-256-cbc-hmac-sha256
+diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
+index 0408986..77a82f6 100644
+--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
+@@ -661,6 +661,31 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+                         c->algorithm_mac == SSL_SHA1 &&
+                         (evp=EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
+                        *enc = evp, *md = NULL;
+               else if (s->ssl_version == TLS1_2_VERSION &&
+                        c->algorithm_enc == SSL_3DES &&
+                        c->algorithm_mac == SSL_SHA1 &&
+                        (evp=EVP_get_cipherbyname("TLS12-DES-EDE3-CBC-HMAC-SHA1")))
+                       *enc = evp, *md = NULL;
+               else if (s->ssl_version == TLS1_2_VERSION &&
+                        c->algorithm_enc == SSL_AES128 &&
+                        c->algorithm_mac == SSL_SHA1 &&
+                        (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA1")))
+                       *enc = evp, *md = NULL;
+               else if (s->ssl_version == TLS1_2_VERSION &&
+                        c->algorithm_enc == SSL_AES256 &&
+                        c->algorithm_mac == SSL_SHA1 &&
+                        (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA1")))
+                       *enc = evp, *md = NULL;
+               else if (s->ssl_version == TLS1_2_VERSION &&
+                        c->algorithm_enc == SSL_AES128 &&
+                        c->algorithm_mac == SSL_SHA256 &&
+                        (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA256")))
+                       *enc = evp, *md = NULL;
+               else if (s->ssl_version == TLS1_2_VERSION &&
+                        c->algorithm_enc == SSL_AES256 &&
+                        c->algorithm_mac == SSL_SHA256 &&
+                        (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA256")))
+                       *enc = evp, *md = NULL;
+                return(1);
+                }
+        else
+-- 
+2.3.5
diff --git a/recipes-connectivity/openssl/openssl-fsl/0021-cryptodev-drop-redundant-function.patch b/recipes-connectivity/openssl/openssl-fsl/0021-cryptodev-drop-redundant-function.patch
new file mode 100644
index 0000000..16cc688
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0021-cryptodev-drop-redundant-function.patch
@@ -0,0 +1,75 @@
+From ea4abc255c6c5feec01cb1e30c6082cfe47860e2 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Thu, 19 Feb 2015 16:11:53 +0200
+Subject: [PATCH 21/26] cryptodev: drop redundant function
+get_dev_crypto already caches the result. Another cache in-between is
+useless.
+Change-Id: Ibd162529d3fb7a561a17f1a707d5d287c1586a3a
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/34216
+---
+ crypto/engine/eng_cryptodev.c | 18 +++---------------
+ 1 file changed, 3 insertions(+), 15 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index fa5fe1b..1ab5551 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -96,7 +96,6 @@ struct dev_crypto_state {
+ 
+ static u_int32_t cryptodev_asymfeat = 0;
+ 
+-static int get_asym_dev_crypto(void);
+ static int open_dev_crypto(void);
+ static int get_dev_crypto(void);
+ static int get_cryptodev_ciphers(const int **cnids);
+@@ -357,17 +356,6 @@ static void put_dev_crypto(int fd)
+ #endif
+ }
+ 
+-/* Caching version for asym operations */
+-static int
+-get_asym_dev_crypto(void)
+-{
+-       static int fd = -1;
+-
+-       if (fd == -1)
+-               fd = get_dev_crypto();
+-       return fd;
+-}
+-
+ /*
+  * Find out what ciphers /dev/crypto will let us have a session for.
+  * XXX note, that some of these openssl doesn't deal with yet!
+@@ -1796,7 +1784,7 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
+ {
+        int fd, ret = -1;
+ 
+-       if ((fd = get_asym_dev_crypto()) < 0)
+       if ((fd = get_dev_crypto()) < 0)
+                return (ret);
+ 
+        if (r) {
+@@ -2374,7 +2362,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+        int p_len, q_len;
+        int i;
+ 
+-       if ((fd = get_asym_dev_crypto()) < 0)
+       if ((fd = get_dev_crypto()) < 0)
+                goto sw_try;
+ 
+        if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
+@@ -3928,7 +3916,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+        BIGNUM *temp = NULL;
+        unsigned char *padded_pub_key = NULL, *p = NULL;
+ 
+-       if ((fd = get_asym_dev_crypto()) < 0)
+       if ((fd = get_dev_crypto()) < 0)
+                goto sw_try;
+ 
+        memset(&kop, 0, sizeof kop);
+-- 
+2.3.5
diff --git a/recipes-connectivity/openssl/openssl-fsl/0022-cryptodev-do-not-zero-the-buffer-before-use.patch b/recipes-connectivity/openssl/openssl-fsl/0022-cryptodev-do-not-zero-the-buffer-before-use.patch
new file mode 100644
index 0000000..0b2f0f1
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0022-cryptodev-do-not-zero-the-buffer-before-use.patch
@@ -0,0 +1,48 @@
+From 75e3e7d600eb72e7374b1ecf5ece7b831bc98ed8 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Tue, 17 Feb 2015 13:12:53 +0200
+Subject: [PATCH 22/26] cryptodev: do not zero the buffer before use
+- The buffer is just about to be overwritten. Zeroing it before that has
+  no purpose
+Change-Id: I478c31bd2e254561474a7edf5e37980ca04217ce
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/34217
+---
+ crypto/engine/eng_cryptodev.c | 13 ++++---------
+ 1 file changed, 4 insertions(+), 9 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 1ab5551..dbc5989 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -1681,21 +1681,16 @@ static int
+ bn2crparam(const BIGNUM *a, struct crparam *crp)
+ {
+        ssize_t bytes, bits;
+-       u_char *b;
+-
+-       crp->crp_p = NULL;
+-       crp->crp_nbits = 0;
+ 
+        bits = BN_num_bits(a);
+        bytes = (bits + 7) / 8;
+ 
+-       b = malloc(bytes);
+-       if (b == NULL)
+       crp->crp_nbits = bits;
+       crp->crp_p = malloc(bytes);
+
+       if (crp->crp_p == NULL)
+                return (1);
+-       memset(b, 0, bytes);
+ 
+-       crp->crp_p = (caddr_t) b;
+-       crp->crp_nbits = bits;
+        BN_bn2bin(a, crp->crp_p);
+        return (0);
+ }
+-- 
+2.3.5
diff --git a/recipes-connectivity/openssl/openssl-fsl/0023-cryptodev-clean-up-code-layout.patch b/recipes-connectivity/openssl/openssl-fsl/0023-cryptodev-clean-up-code-layout.patch
new file mode 100644
index 0000000..5ff1c5c
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0023-cryptodev-clean-up-code-layout.patch
@@ -0,0 +1,72 @@
+From 4453b06b940fc03a0973cfd96f908e46cce61054 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Wed, 18 Feb 2015 10:39:46 +0200
+Subject: [PATCH 23/26] cryptodev: clean-up code layout
+This is just a refactoring that uses else branch to check for malloc failures
+Change-Id: I6dc157af36d6ec51a4edfc82cf97fae2e7e83628
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/34218
+---
+ crypto/engine/eng_cryptodev.c | 42 ++++++++++++++++++++----------------------
+ 1 file changed, 20 insertions(+), 22 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index dbc5989..dceb4f5 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -1745,30 +1745,28 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+        fd = *(int *)cookie->eng_handle;
+ 
+        eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
+-
+-       if (eng_cookie) {
+-               memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
+-               if (r) {
+-                       kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
+-                       if (!kop->crk_param[kop->crk_iparams].crp_p)
+-                               return -ENOMEM;
+-                       kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
+-                       kop->crk_oparams++;
+-                       eng_cookie->r = r;
+-                       eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
+-               }
+-               if (s) {
+-                       kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
+-                       if (!kop->crk_param[kop->crk_iparams+1].crp_p)
+-                               return -ENOMEM;
+-                       kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
+-                       kop->crk_oparams++;
+-                       eng_cookie->s = s;
+-                       eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
+-               }
+-       } else
+       if (!eng_cookie)
+                return -ENOMEM;
+ 
+       memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
+       if (r) {
+               kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
+               if (!kop->crk_param[kop->crk_iparams].crp_p)
+                       return -ENOMEM;
+               kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
+               kop->crk_oparams++;
+               eng_cookie->r = r;
+               eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
+       }
+       if (s) {
+               kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
+               if (!kop->crk_param[kop->crk_iparams+1].crp_p)
+                       return -ENOMEM;
+               kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
+               kop->crk_oparams++;
+               eng_cookie->s = s;
+               eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
+       }
+        eng_cookie->kop = kop;
+        cookie->eng_cookie = eng_cookie;
+        return ioctl(fd, CIOCASYMASYNCRYPT, kop);
+-- 
+2.3.5
diff --git a/recipes-connectivity/openssl/openssl-fsl/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch b/recipes-connectivity/openssl/openssl-fsl/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch
new file mode 100644
index 0000000..e798d3e
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch
@@ -0,0 +1,100 @@
+From a44701abd995b3db80001d0c5d88e9ead05972c1 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Thu, 19 Feb 2015 16:43:29 +0200
+Subject: [PATCH 24/26] cryptodev: do not cache file descriptor in 'open'
+The file descriptor returned by get_dev_crypto is cached after a
+successful return. The issue is, it is cached inside 'open_dev_crypto'
+which is no longer useful as a general purpose open("/dev/crypto")
+function.
+This patch is a refactoring that moves the caching operation from
+open_dev_crypto to get_dev_crypto and leaves the former as a simpler
+function true to its name
+Change-Id: I980170969410381973ce75f6679a4a1401738847
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/34219
+---
+ crypto/engine/eng_cryptodev.c | 50 +++++++++++++++++++++----------------------
+ 1 file changed, 24 insertions(+), 26 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index dceb4f5..b74fc7c 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -306,47 +306,45 @@ static void ctr64_inc(unsigned char *counter) {
+                if (c) return;
+        } while (n);
+ }
+-/*
+- * Return a fd if /dev/crypto seems usable, 0 otherwise.
+- */
+-static int
+-open_dev_crypto(void)
+
+static int open_dev_crypto(void)
+ {
+-       static int fd = -1;
+       int fd;
+ 
+-       if (fd == -1) {
+-               if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
+-                       return (-1);
+-               /* close on exec */
+-               if (fcntl(fd, F_SETFD, 1) == -1) {
+-                       close(fd);
+-                       fd = -1;
+-                       return (-1);
+-               }
+       fd = open("/dev/crypto", O_RDWR, 0);
+       if ( fd < 0)
+               return -1;
+
+       /* close on exec */
+       if (fcntl(fd, F_SETFD, 1) == -1) {
+               close(fd);
+               return -1;
+        }
+-       return (fd);
+
+       return fd;
+ }
+ 
+-static int
+-get_dev_crypto(void)
+static int get_dev_crypto(void)
+ {
+-       int fd, retfd;
+       static int fd = -1;
+       int retfd;
+ 
+-       if ((fd = open_dev_crypto()) == -1)
+-               return (-1);
+-#ifndef CRIOGET_NOT_NEEDED
+       if (fd == -1)
+               fd = open_dev_crypto();
+#ifdef CRIOGET_NOT_NEEDED
+       return fd;
+#else
+       if (fd == -1)
+               return -1;
+        if (ioctl(fd, CRIOGET, &retfd) == -1)
+                return (-1);
+-
+        /* close on exec */
+        if (fcntl(retfd, F_SETFD, 1) == -1) {
+                close(retfd);
+                return (-1);
+        }
+-#else
+-        retfd = fd;
+       return retfd;
+ #endif
+-       return (retfd);
+ }
+ 
+ static void put_dev_crypto(int fd)
+-- 
+2.3.5
diff --git a/recipes-connectivity/openssl/openssl-fsl/0025-cryptodev-put_dev_crypto-should-be-an-int.patch b/recipes-connectivity/openssl/openssl-fsl/0025-cryptodev-put_dev_crypto-should-be-an-int.patch
new file mode 100644
index 0000000..a48dc6a
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0025-cryptodev-put_dev_crypto-should-be-an-int.patch
@@ -0,0 +1,35 @@
+From 84a8007b6e92fe4c2696cc9e330207ee03303a20 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Thu, 19 Feb 2015 13:09:32 +0200
+Subject: [PATCH 25/26] cryptodev: put_dev_crypto should be an int
+Change-Id: Ie0a83bc07a37132286c098b17ef35d98de74b043
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/34220
+---
+ crypto/engine/eng_cryptodev.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index b74fc7c..c9db27d 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -347,10 +347,12 @@ static int get_dev_crypto(void)
+ #endif
+ }
+ 
+-static void put_dev_crypto(int fd)
+static int put_dev_crypto(int fd)
+ {
+-#ifndef CRIOGET_NOT_NEEDED
+-       close(fd);
+#ifdef CRIOGET_NOT_NEEDED
+       return 0;
+#else
+       return close(fd);
+ #endif
+ }
+ 
+-- 
+2.3.5
diff --git a/recipes-connectivity/openssl/openssl-fsl/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch b/recipes-connectivity/openssl/openssl-fsl/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch
new file mode 100644
index 0000000..6527ac8
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch
@@ -0,0 +1,250 @@
+From 787539e7720c99785f6c664a7484842bba08f6ed Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Thu, 19 Feb 2015 13:39:52 +0200
+Subject: [PATCH 26/26] cryptodev: simplify cryptodev pkc support code
+- Engine init returns directly a file descriptor instead of a pointer to one
+- Similarly, the Engine close will now just close the file
+Change-Id: Ief736d0776c7009dee002204fb1d4ce9d31c8787
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/34221
+---
+ crypto/crypto.h               |  2 +-
+ crypto/engine/eng_cryptodev.c | 35 +++-----------------------
+ crypto/engine/eng_int.h       | 14 +++--------
+ crypto/engine/eng_lib.c       | 57 +++++++++++++++++++++----------------------
+ crypto/engine/engine.h        | 13 +++++-----
+ 5 files changed, 42 insertions(+), 79 deletions(-)
+diff --git a/crypto/crypto.h b/crypto/crypto.h
+index ce12731..292427e 100644
+--- a/crypto/crypto.h
+++ b/crypto/crypto.h
+@@ -618,7 +618,7 @@ struct pkc_cookie_s {
+           *            -EINVAL: Parameters Invalid
+           */
+        void (*pkc_callback)(struct pkc_cookie_s *cookie, int status);
+-       void *eng_handle;
+       int eng_handle;
+ };
+ 
+ #ifdef  __cplusplus
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index c9db27d..f173bde 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -1742,7 +1742,7 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+        struct pkc_cookie_s *cookie = kop->cookie;
+        struct cryptodev_cookie_s *eng_cookie;
+ 
+-       fd = *(int *)cookie->eng_handle;
+       fd = cookie->eng_handle;
+ 
+        eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
+        if (!eng_cookie)
+@@ -1802,38 +1802,11 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
+        return (ret);
+ }
+ 
+-/* Close an opened instance of cryptodev engine */
+-void cryptodev_close_instance(void *handle)
+-{
+-       int fd;
+-
+-       if (handle) {
+-               fd = *(int *)handle;
+-               close(fd);
+-               free(handle);
+-       }
+-}
+-
+-/* Create an instance of cryptodev for asynchronous interface */
+-void *cryptodev_init_instance(void)
+-{
+-       int *fd = malloc(sizeof(int));
+-
+-       if (fd) {
+-               if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) {
+-                       free(fd);
+-                       return NULL;
+-               }
+-       }
+-       return fd;
+-}
+-
+ #include <poll.h>
+ 
+ /* Return 0 on success and 1 on failure */
+-int cryptodev_check_availability(void *eng_handle)
+int cryptodev_check_availability(int fd)
+ {
+-       int fd = *(int *)eng_handle;
+        struct pkc_cookie_list_s cookie_list;
+        struct pkc_cookie_s *cookie;
+        int i;
+@@ -4540,8 +4513,8 @@ ENGINE_load_cryptodev(void)
+        }
+ 
+        ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability);
+-       ENGINE_set_close_instance(engine, cryptodev_close_instance);
+-       ENGINE_set_init_instance(engine, cryptodev_init_instance);
+       ENGINE_set_close_instance(engine, put_dev_crypto);
+       ENGINE_set_open_instance(engine, open_dev_crypto);
+        ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC);
+ 
+        ENGINE_add(engine);
+diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
+index 8fc3077..8fb79c0 100644
+--- a/crypto/engine/eng_int.h
+++ b/crypto/engine/eng_int.h
+@@ -181,23 +181,15 @@ struct engine_st
+        ENGINE_LOAD_KEY_PTR load_pubkey;
+ 
+        ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
+-       /*
+-        * Instantiate Engine handle to be passed in check_pkc_availability
+-        * Ensure that Engine is instantiated before any pkc asynchronous call.
+-        */
+-       void *(*engine_init_instance)(void);
+-       /*
+-        * Instantiated Engine handle will be closed with this call.
+-        * Ensure that no pkc asynchronous call is made after this call
+-        */
+-       void (*engine_close_instance)(void *handle);
+       int (*engine_open_instance)(void);
+       int (*engine_close_instance)(int fd);
+        /*
+         * Check availability will extract the data from kernel.
+         * eng_handle: This is the Engine handle corresponds to which
+         * the cookies needs to be polled.
+         * return 0 if cookie available else 1
+         */
+-       int (*check_pkc_availability)(void *eng_handle);
+       int (*check_pkc_availability)(int fd);
+        /*
+         * The following map is used to check if the engine supports asynchronous implementation
+         * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous
+diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
+index 6fa621c..6c9471b 100644
+--- a/crypto/engine/eng_lib.c
+++ b/crypto/engine/eng_lib.c
+@@ -99,7 +99,7 @@ void engine_set_all_null(ENGINE *e)
+        e->load_privkey = NULL;
+        e->load_pubkey = NULL;
+        e->check_pkc_availability = NULL;
+-       e->engine_init_instance = NULL;
+       e->engine_open_instance = NULL;
+        e->engine_close_instance = NULL;
+        e->cmd_defns = NULL;
+        e->async_map = 0;
+@@ -237,47 +237,46 @@ int ENGINE_set_id(ENGINE *e, const char *id)
+        return 1;
+        }
+ 
+-void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void))
+-       {
+-               e->engine_init_instance = engine_init_instance;
+-       }
+void ENGINE_set_open_instance(ENGINE *e, int (*engine_open_instance)(void))
+{
+       e->engine_open_instance = engine_open_instance;
+}
+ 
+-void ENGINE_set_close_instance(ENGINE *e,
+-       void (*engine_close_instance)(void *))
+-       {
+-               e->engine_close_instance = engine_close_instance;
+-       }
+void ENGINE_set_close_instance(ENGINE *e, int (*engine_close_instance)(int))
+{
+       e->engine_close_instance = engine_close_instance;
+}
+ 
+ void ENGINE_set_async_map(ENGINE *e, int async_map)
+        {
+                e->async_map = async_map;
+        }
+ 
+-void *ENGINE_init_instance(ENGINE *e)
+-       {
+-               return e->engine_init_instance();
+-       }
+-
+-void ENGINE_close_instance(ENGINE *e, void *eng_handle)
+-       {
+-               e->engine_close_instance(eng_handle);
+-       }
+-
+ int ENGINE_get_async_map(ENGINE *e)
+        {
+                return e->async_map;
+        }
+ 
+-void ENGINE_set_check_pkc_availability(ENGINE *e,
+-       int (*check_pkc_availability)(void *eng_handle))
+-       {
+-               e->check_pkc_availability = check_pkc_availability;
+-       }
+int ENGINE_open_instance(ENGINE *e)
+{
+       return e->engine_open_instance();
+}
+ 
+-int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle)
+-       {
+-               return e->check_pkc_availability(eng_handle);
+-       }
+int ENGINE_close_instance(ENGINE *e, int fd)
+{
+       return e->engine_close_instance(fd);
+}
+
+void ENGINE_set_check_pkc_availability(ENGINE *e,
+       int (*check_pkc_availability)(int fd))
+{
+       e->check_pkc_availability = check_pkc_availability;
+}
+
+int ENGINE_check_pkc_availability(ENGINE *e, int fd)
+{
+       return e->check_pkc_availability(fd);
+}
+ 
+ int ENGINE_set_name(ENGINE *e, const char *name)
+        {
+diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
+index ccff86a..3ba3e97 100644
+--- a/crypto/engine/engine.h
+++ b/crypto/engine/engine.h
+@@ -473,9 +473,6 @@ ENGINE *ENGINE_new(void);
+ int ENGINE_free(ENGINE *e);
+ int ENGINE_up_ref(ENGINE *e);
+ int ENGINE_set_id(ENGINE *e, const char *id);
+-void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void));
+-void ENGINE_set_close_instance(ENGINE *e,
+-       void (*engine_free_instance)(void *));
+ /*
+  * Following FLAGS are bitmap store in async_map to set asynchronous interface capability
+  *of the engine
+@@ -492,11 +489,13 @@ void ENGINE_set_async_map(ENGINE *e, int async_map);
+   * to confirm asynchronous methods supported
+   */
+ int ENGINE_get_async_map(ENGINE *e);
+-void *ENGINE_init_instance(ENGINE *e);
+-void ENGINE_close_instance(ENGINE *e, void *eng_handle);
+int ENGINE_open_instance(ENGINE *e);
+int ENGINE_close_instance(ENGINE *e, int fd);
+void ENGINE_set_init_instance(ENGINE *e, int(*engine_init_instance)(void));
+void ENGINE_set_close_instance(ENGINE *e, int(*engine_close_instance)(int));
+ void ENGINE_set_check_pkc_availability(ENGINE *e,
+-       int (*check_pkc_availability)(void *eng_handle));
+-int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle);
+       int (*check_pkc_availability)(int fd));
+int ENGINE_check_pkc_availability(ENGINE *e, int fd);
+ int ENGINE_set_name(ENGINE *e, const char *name);
+ int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
+ int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
+-- 
+2.3.5
diff --git a/recipes-connectivity/openssl/openssl_1.0.1i.bbappend b/recipes-connectivity/openssl/openssl_1.0.1i.bbappend
index 2fa098f..7b381ff 100644
--- a/recipes-connectivity/openssl/openssl_1.0.1i.bbappend
+++ b/recipes-connectivity/openssl/openssl_1.0.1i.bbappend
@@ -19,7 +19,17 @@ SRC_URI_append_class-target = " file://0001-remove-double-initialization-of-cryp
        file://0015-SW-Backoff-mechanism-for-dsa-keygen.patch \
        file://0016-Fixed-DH-keygen-pair-generator.patch \
        file://0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch \
+        file://0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch \
+        file://0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch \
+        file://0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch \
+        file://0021-cryptodev-drop-redundant-function.patch \
+        file://0022-cryptodev-do-not-zero-the-buffer-before-use.patch \
+        file://0023-cryptodev-clean-up-code-layout.patch \
+        file://0024-cryptodev-do-not-cache-file-descriptor-in-open.patch \
+        file://0025-cryptodev-put_dev_crypto-should-be-an-int.patch \
+        file://0026-cryptodev-simplify-cryptodev-pkc-support-code.patch \
 "
 # Digest offloading through cryptodev is not recommended because of the
 # performance penalty of the Openssl engine interface. Openssl generates a huge
 # number of calls to digest functions for even a small amount of work data.
author	Cristian Stoica <cristian.stoica@freescale.com>	2015-07-17 17:29:43 +0800
committer	Zhenhua Luo <zhenhua.luo@freescale.com>	2015-07-22 17:38:00 +0800
commit	c0590434ae1571602fde9441f447a6fb35967e4c (patch)
tree	bd0bd8d2592651c8fd406e490e2a6d08a0cd6e44
parent	1d729c77e7aadc0cb90cc4c1ad6401c38408899e (diff)
download	meta-fsl-ppc-c0590434ae1571602fde9441f447a6fb35967e4c.tar.gz