openssl: upgrade to 1.0.1i plus Freescale patches

- include fixes for algorithm registration and 32-bit application hanging
  on E5500 cores.
- add offloading suport for aes-gcm
- upstream patches are kept except for the documentation patch which is
  no longer necessary

Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>

21 files changed, 624 insertions, 661 deletions

diff --git a/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch
index eae6878..233cf6e 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch
@@ -1,20 +1,20 @@
-From f174dd904fb4995a89eed53be3e2ebf7bee25a9b Mon Sep 17 00:00:00 2001
+From 9297e3834518ff0558d6e7004a62adfd107e659a Mon Sep 17 00:00:00 2001
 From: Cristian Stoica <cristian.stoica@freescale.com>
 Date: Tue, 10 Sep 2013 12:46:46 +0300
-Subject: [PATCH][fsl 01/15] remove double initialization of cryptodev engine
-
-Upstream-status: Pending
+Subject: [PATCH 01/17] remove double initialization of cryptodev engine
 
 cryptodev engine is initialized together with the other engines in
 ENGINE_load_builtin_engines. The initialization done through
 OpenSSL_add_all_algorithms is redundant.
 
+Change-Id: Ic9488500967595543ff846f147b36f383db7cb27
 Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/17222
 ---
- crypto/engine/eng_all.c |   11 -----------
- crypto/engine/engine.h  |    4 ----
- crypto/evp/c_all.c      |    5 -----
- util/libeay.num         |    2 +-
+ crypto/engine/eng_all.c | 11 -----------
+ crypto/engine/engine.h  |  4 ----
+ crypto/evp/c_all.c      |  5 -----
+ util/libeay.num         |  2 +-
  4 files changed, 1 insertion(+), 21 deletions(-)
 
 diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
@@ -79,5 +79,5 @@ index aa86b2b..ae50040 100755
  EVP_aes_128_cfb8                        3248   EXIST::FUNCTION:AES
  FIPS_corrupt_rsa                        3249   NOEXIST::FUNCTION:
 -- 
-1.7.9.7
+1.8.3.1
 
diff --git a/recipes-connectivity/openssl/openssl-fsl/0003-add-support-for-TLS-algorithms-offload.patch b/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
index dd99ca9..0b77bfa 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0003-add-support-for-TLS-algorithms-offload.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
@@ -1,20 +1,23 @@
-From 1a8886909afc7e4c9e8539644c815baee8ee4816 Mon Sep 17 00:00:00 2001
+From dfd6ba263dc25ea2a4bbc32448b24ca2b1fc40e8 Mon Sep 17 00:00:00 2001
 From: Cristian Stoica <cristian.stoica@freescale.com>
 Date: Thu, 29 Aug 2013 16:51:18 +0300
-Subject: [PATCH][fsl 03/15] add support for TLS algorithms offload
+Subject: [PATCH 02/17] eng_cryptodev: add support for TLS algorithms offload
 
-Upstream-status: Pending
+- aes-128-cbc-hmac-sha1
+- aes-256-cbc-hmac-sha1
 
 Requires TLS patches on cryptodev and TLS algorithm support in Linux
 kernel driver.
 
+Change-Id: I43048caa348414daddd6c1a5cdc55e769ac1945f
 Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/17223
 ---
- crypto/engine/eng_cryptodev.c |  204 ++++++++++++++++++++++++++++++++++++++---
- 1 file changed, 193 insertions(+), 11 deletions(-)
+ crypto/engine/eng_cryptodev.c | 222 +++++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 211 insertions(+), 11 deletions(-)
 
 diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 5a715ac..123613d 100644
+index 5a715ac..7588a28 100644
 --- a/crypto/engine/eng_cryptodev.c
 +++ b/crypto/engine/eng_cryptodev.c
 @@ -72,6 +72,9 @@ ENGINE_load_cryptodev(void)
@@ -27,7 +30,7 @@ index 5a715ac..123613d 100644
  
  #ifdef USE_CRYPTODEV_DIGESTS
         char dummy_mac_key[HASH_MAX_LEN];
-@@ -140,17 +143,19 @@ static struct {
+@@ -140,17 +143,20 @@ static struct {
         int     nid;
         int     ivmax;
         int     keylen;
@@ -53,11 +56,12 @@ index 5a715ac..123613d 100644
 +       { CRYPTO_CAST_CBC,      NID_cast5_cbc,    8,  16, 0},
 +       { CRYPTO_SKIPJACK_CBC,  NID_undef,        0,  0,  0},
 +       { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
++       { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
 +       { 0, NID_undef, 0, 0, 0},
  };
  
  #ifdef USE_CRYPTODEV_DIGESTS
-@@ -250,13 +255,15 @@ get_cryptodev_ciphers(const int **cnids)
+@@ -250,13 +256,15 @@ get_cryptodev_ciphers(const int **cnids)
         }
         memset(&sess, 0, sizeof(sess));
         sess.key = (caddr_t)"123456789abcdefghijklmno";
@@ -74,7 +78,7 @@ index 5a715ac..123613d 100644
                 if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
                     ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
                         nids[count++] = ciphers[i].nid;
-@@ -414,6 +421,67 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+@@ -414,6 +422,67 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         return (1);
  }
  
@@ -100,11 +104,11 @@ index 5a715ac..123613d 100644
 +       /* TODO: make a seamless integration with cryptodev flags */
 +       switch (ctx->cipher->nid) {
 +       case NID_aes_128_cbc_hmac_sha1:
++       case NID_aes_256_cbc_hmac_sha1:
 +               cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
 +       }
 +       cryp.ses = sess->ses;
 +       cryp.len = state->len;
-+       cryp.dst_len = len;
 +       cryp.src = (caddr_t) in;
 +       cryp.dst = (caddr_t) out;
 +       cryp.auth_src = state->aad;
@@ -142,7 +146,7 @@ index 5a715ac..123613d 100644
  static int
  cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
      const unsigned char *iv, int enc)
-@@ -452,6 +520,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+@@ -452,6 +521,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
         return (1);
  }
  
@@ -188,7 +192,7 @@ index 5a715ac..123613d 100644
  /*
   * free anything we allocated earlier when initting a
   * session, and close the session.
-@@ -488,6 +595,63 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
+@@ -488,6 +596,63 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
         return (ret);
  }
  
@@ -224,7 +228,6 @@ index 5a715ac..123613d 100644
 +               unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
 +               unsigned int maclen, padlen;
 +               unsigned int bs = ctx->cipher->block_size;
-+               int j;
 +
 +               state->aad = ptr;
 +               state->aad_len = arg;
@@ -233,6 +236,7 @@ index 5a715ac..123613d 100644
 +               /* TODO: this should be an extension of EVP_CIPHER struct */
 +               switch (ctx->cipher->nid) {
 +               case NID_aes_128_cbc_hmac_sha1:
++               case NID_aes_256_cbc_hmac_sha1:
 +                       maclen = SHA_DIGEST_LENGTH;
 +               }
 +
@@ -252,7 +256,7 @@ index 5a715ac..123613d 100644
  /*
   * libcrypto EVP stuff - this is how we get wired to EVP so the engine
   * gets called when libcrypto requests a cipher NID.
-@@ -600,6 +764,20 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
+@@ -600,6 +765,33 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
         NULL
  };
  
@@ -270,27 +274,44 @@ index 5a715ac..123613d 100644
 +       NULL
 +};
 +
++const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
++       NID_aes_256_cbc_hmac_sha1,
++       16, 32, 16,
++       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
++       cryptodev_init_aead_key,
++       cryptodev_aead_cipher,
++       cryptodev_cleanup,
++       sizeof(struct dev_crypto_state),
++       EVP_CIPHER_set_asn1_iv,
++       EVP_CIPHER_get_asn1_iv,
++       cryptodev_cbc_hmac_sha1_ctrl,
++       NULL
++};
  /*
   * Registered by the ENGINE when used to find out how to deal with
   * a particular NID in the ENGINE. this says what we'll do at the
-@@ -637,6 +815,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+@@ -637,6 +829,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
         case NID_aes_256_cbc:
                 *cipher = &cryptodev_aes_256_cbc;
                 break;
 +       case NID_aes_128_cbc_hmac_sha1:
 +               *cipher = &cryptodev_aes_128_cbc_hmac_sha1;
 +               break;
++       case NID_aes_256_cbc_hmac_sha1:
++               *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
++               break;
         default:
                 *cipher = NULL;
                 break;
-@@ -1384,6 +1565,7 @@ ENGINE_load_cryptodev(void)
+@@ -1384,6 +1582,8 @@ ENGINE_load_cryptodev(void)
         }
         put_dev_crypto(fd);
  
 +       EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
++       EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
         if (!ENGINE_set_id(engine, "cryptodev") ||
             !ENGINE_set_name(engine, "BSD cryptodev engine") ||
             !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
 -- 
-1.7.9.7
+1.8.3.1
 
diff --git a/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch b/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch
new file mode 100644
index 0000000..b31668e
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch
@@ -0,0 +1,64 @@
+From 084fa469a8fef530d71a0870364df1c7997f6465 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Thu, 31 Jul 2014 14:06:19 +0300
+Subject: [PATCH 03/17] cryptodev: fix algorithm registration
+
+Cryptodev specific algorithms must register only if available in kernel.
+
+Change-Id: Iec5af8f4f3138357e4b96f2ec1627278134e4808
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/15326
+Reviewed-by: Horia Ioan Geanta Neag <horia.geanta@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/17224
+---
+ crypto/engine/eng_cryptodev.c | 20 +++++++++++++++++---
+ 1 file changed, 17 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 7588a28..e3eb98b 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -133,6 +133,8 @@ static int cryptodev_dh_compute_key(unsigned char *key,
+ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
+     void (*f)(void));
+ void ENGINE_load_cryptodev(void);
++const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
++const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
+ 
+ static const ENGINE_CMD_DEFN cryptodev_defns[] = {
+        { 0, NULL, NULL, 0 }
+@@ -342,7 +344,21 @@ get_cryptodev_digests(const int **cnids)
+ static int
+ cryptodev_usable_ciphers(const int **nids)
+ {
+-       return (get_cryptodev_ciphers(nids));
++       int i, count;
++
++       count = get_cryptodev_ciphers(nids);
++       /* add ciphers specific to cryptodev if found in kernel */
++       for(i = 0; i < count; i++) {
++               switch (*(*nids + i)) {
++               case NID_aes_128_cbc_hmac_sha1:
++                       EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
++                       break;
++               case NID_aes_256_cbc_hmac_sha1:
++                       EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
++                       break;
++               }
++       }
++       return count;
+ }
+ 
+ static int
+@@ -1582,8 +1598,6 @@ ENGINE_load_cryptodev(void)
+        }
+        put_dev_crypto(fd);
+ 
+-       EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
+-       EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
+        if (!ENGINE_set_id(engine, "cryptodev") ||
+            !ENGINE_set_name(engine, "BSD cryptodev engine") ||
+            !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
+-- 
+1.8.3.1
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch b/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch
new file mode 100644
index 0000000..af30ad3
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch
@@ -0,0 +1,74 @@
+From 7d770f0324498d1fa78300cc5cecc8c1dcd3b788 Mon Sep 17 00:00:00 2001
+From: Andy Polyakov <appro@openssl.org>
+Date: Sun, 21 Oct 2012 18:19:41 +0000
+Subject: [PATCH 04/17] linux-pcc: make it more robust and recognize
+ KERNEL_BITS variable.
+
+(cherry picked from commit 78c3e20579d3baa159c8b51b59d415b6e521614b)
+
+Change-Id: I769c466f052305681ab54a1b6545d94c7fbf5a9d
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ config          | 19 +++++++++++++------
+ crypto/ppccap.c |  7 +++++++
+ 2 files changed, 20 insertions(+), 6 deletions(-)
+
+diff --git a/config b/config
+index 41fa2a6..f37b9e6 100755
+--- a/config
++++ b/config
+@@ -587,13 +587,20 @@ case "$GUESSOS" in
+        fi
+        ;;
+   ppc64-*-linux2)
+-       echo "WARNING! If you wish to build 64-bit library, then you have to"
+-       echo "         invoke './Configure linux-ppc64' *manually*."
+-       if [ "$TEST" = "false" -a -t 1 ]; then
+-           echo "         You have about 5 seconds to press Ctrl-C to abort."
+-           (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
++       if [ -z "$KERNEL_BITS" ]; then
++           echo "WARNING! If you wish to build 64-bit library, then you have to"
++           echo "         invoke './Configure linux-ppc64' *manually*."
++           if [ "$TEST" = "false" -a -t 1 ]; then
++               echo "         You have about 5 seconds to press Ctrl-C to abort."
++               (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
++           fi
++       fi
++       if [ "$KERNEL_BITS" = "64" ]; then
++           OUT="linux-ppc64"
++       else
++           OUT="linux-ppc"
++           (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || options="$options -m32"
+        fi
+-       OUT="linux-ppc"
+        ;;
+   ppc-*-linux2) OUT="linux-ppc" ;;
+   ppc60x-*-vxworks*) OUT="vxworks-ppc60x" ;;
+diff --git a/crypto/ppccap.c b/crypto/ppccap.c
+index f71ba66..531f1b3 100644
+--- a/crypto/ppccap.c
++++ b/crypto/ppccap.c
+@@ -4,6 +4,9 @@
+ #include <setjmp.h>
+ #include <signal.h>
+ #include <unistd.h>
++#ifdef __linux
++#include <sys/utsname.h>
++#endif
+ #include <crypto.h>
+ #include <openssl/bn.h>
+ 
+@@ -102,6 +105,10 @@ void OPENSSL_cpuid_setup(void)
+ 
+        if (sizeof(size_t)==4)
+                {
++#ifdef __linux
++               struct utsname uts;
++               if (uname(&uts)==0 && strcmp(uts.machine,"ppc64")==0)
++#endif
+                if (sigsetjmp(ill_jmp,1) == 0)
+                        {
+                        OPENSSL_ppc64_probe();
+-- 
+1.8.3.1
+
diff --git a/recipes-connectivity/openssl/openssl-fsl/0002-ECC-Support-header-for-Cryptodev-Engine.patch b/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch
index 717a345..cfcf4a6 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0002-ECC-Support-header-for-Cryptodev-Engine.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch
@@ -1,13 +1,13 @@
-From 154601fba4907a7eb3f98e670d62cfa15a767500 Mon Sep 17 00:00:00 2001
+From 15abbcd740eafbf2a46b5da24be76acf4982743d Mon Sep 17 00:00:00 2001
 From: Yashpal Dutta <yashpal.dutta@freescale.com>
 Date: Tue, 11 Mar 2014 05:56:54 +0545
-Subject: [PATCH][fsl 02/15] ECC Support header for Cryptodev Engine
+Subject: [PATCH 05/17] ECC Support header for Cryptodev Engine
 
 Upstream-status: Pending
 
 Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
 ---
- crypto/engine/eng_cryptodev_ec.h |  296 ++++++++++++++++++++++++++++++++++++++
+ crypto/engine/eng_cryptodev_ec.h | 296 +++++++++++++++++++++++++++++++++++++++
  1 file changed, 296 insertions(+)
  create mode 100644 crypto/engine/eng_cryptodev_ec.h
 
@@ -314,5 +314,5 @@ index 0000000..77aee71
 +};
 +#endif
 -- 
-1.7.9.7
+1.8.3.1
 
diff --git a/recipes-connectivity/openssl/openssl-fsl/0004-Fixed-private-key-support-for-DH.patch b/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch
index 607f603..41f48a2 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0004-Fixed-private-key-support-for-DH.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch
@@ -1,13 +1,13 @@
-From c994fa6c5eb9b684dd6aff45dd5e8eb98237c31e Mon Sep 17 00:00:00 2001
+From 39a9e609290a8a1163a721915bcde0c7cf8f92f7 Mon Sep 17 00:00:00 2001
 From: Yashpal Dutta <yashpal.dutta@freescale.com>
 Date: Tue, 11 Mar 2014 05:57:47 +0545
-Subject: [PATCH][fsl 04/15] Fixed private key support for DH
+Subject: [PATCH 06/17] Fixed private key support for DH
 
 Upstream-status: Pending
 
 Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
 ---
- crypto/dh/dh_ameth.c |    7 +++++++
+ crypto/dh/dh_ameth.c | 7 +++++++
  1 file changed, 7 insertions(+)
 
 diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
@@ -29,5 +29,5 @@ index 02ec2d4..ed32004 100644
         return 1;
         }
 -- 
-1.7.9.7
+1.8.3.1
 
diff --git a/recipes-connectivity/openssl/openssl-fsl/0005-Fixed-private-key-support-for-DH.patch b/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch
index 06dff88..f507fff 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0005-Fixed-private-key-support-for-DH.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch
@@ -1,7 +1,7 @@
-From 408bdb2a3971edd6a949f5a93bd44d0a6f3eb823 Mon Sep 17 00:00:00 2001
+From 8322e4157bf49d992b5b9e460f2c0785865dd1c1 Mon Sep 17 00:00:00 2001
 From: Yashpal Dutta <yashpal.dutta@freescale.com>
 Date: Thu, 20 Mar 2014 19:55:51 -0500
-Subject: [PATCH][fsl 05/15] Fixed private key support for DH
+Subject: [PATCH 07/17] Fixed private key support for DH
 
 Upstream-status: Pending
 
@@ -9,7 +9,7 @@ Required Length of the DH result is not returned in dh method in openssl
 
 Tested-by: Yashpal Dutta <yashpal.dutta@freescale.com>
 ---
- crypto/dh/dh_ameth.c |    7 -------
+ crypto/dh/dh_ameth.c | 7 -------
  1 file changed, 7 deletions(-)
 
 diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
@@ -31,5 +31,5 @@ index ed32004..02ec2d4 100644
         return 1;
         }
 -- 
-1.7.9.7
+1.8.3.1
 
diff --git a/recipes-connectivity/openssl/openssl-fsl/0006-Initial-support-for-PKC-in-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch
index b5ac55d..6903c88 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0006-Initial-support-for-PKC-in-cryptodev-engine.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch
@@ -1,7 +1,7 @@
-From 8e9a39aab2fce48c117460eb1d14bcc02be6de6c Mon Sep 17 00:00:00 2001
+From 107a10d45db0f2e58482f698add04ed9183f7268 Mon Sep 17 00:00:00 2001
 From: Yashpal Dutta <yashpal.dutta@freescale.com>
 Date: Tue, 11 Mar 2014 06:29:52 +0545
-Subject: [PATCH][fsl 06/15] Initial support for PKC in cryptodev engine
+Subject: [PATCH 08/17] Initial support for PKC in cryptodev engine
 
 Upstream-status: Pending
 
@@ -11,7 +11,7 @@ Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
  1 file changed, 1183 insertions(+), 160 deletions(-)
 
 diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 123613d..88caec1 100644
+index e3eb98b..7ee314b 100644
 --- a/crypto/engine/eng_cryptodev.c
 +++ b/crypto/engine/eng_cryptodev.c
 @@ -54,11 +54,14 @@ ENGINE_load_cryptodev(void)
@@ -39,7 +39,7 @@ index 123613d..88caec1 100644
  
  struct dev_crypto_state {
         struct session_op d_sess;
-@@ -116,24 +121,112 @@ static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
+@@ -116,18 +121,10 @@ static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
  static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
      RSA *rsa, BN_CTX *ctx);
  static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
@@ -58,8 +58,9 @@ index 123613d..88caec1 100644
  static int cryptodev_dh_compute_key(unsigned char *key,
      const BIGNUM *pub_key, DH *dh);
  static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
-     void (*f)(void));
- void ENGINE_load_cryptodev(void);
+@@ -136,6 +133,102 @@ void ENGINE_load_cryptodev(void);
+ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
+ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
  
 +inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin,  int *bin_len)
 +{
@@ -160,7 +161,7 @@ index 123613d..88caec1 100644
  static const ENGINE_CMD_DEFN cryptodev_defns[] = {
         { 0, NULL, NULL, 0 }
  };
-@@ -1106,7 +1199,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+@@ -1139,7 +1232,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
  static int
  bn2crparam(const BIGNUM *a, struct crparam *crp)
  {
@@ -168,7 +169,7 @@ index 123613d..88caec1 100644
         ssize_t bytes, bits;
         u_char *b;
  
-@@ -1123,15 +1215,7 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
+@@ -1156,15 +1248,7 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
  
         crp->crp_p = (caddr_t) b;
         crp->crp_nbits = bits;
@@ -185,7 +186,7 @@ index 123613d..88caec1 100644
         return (0);
  }
  
-@@ -1139,22 +1223,14 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
+@@ -1172,22 +1256,14 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
  static int
  crparam2bn(struct crparam *crp, BIGNUM *a)
  {
@@ -210,7 +211,7 @@ index 123613d..88caec1 100644
  
         return (0);
  }
-@@ -1202,6 +1278,32 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
+@@ -1235,6 +1311,32 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
         return (ret);
  }
  
@@ -243,7 +244,7 @@ index 123613d..88caec1 100644
  static int
  cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
      const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-@@ -1217,9 +1319,9 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+@@ -1250,9 +1352,9 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                 return (ret);
         }
  
@@ -255,7 +256,7 @@ index 123613d..88caec1 100644
         /* inputs: a^p % m */
         if (bn2crparam(a, &kop.crk_param[0]))
                 goto err;
-@@ -1260,28 +1362,38 @@ static int
+@@ -1293,28 +1395,38 @@ static int
  cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
  {
         struct crypt_kop kop;
@@ -308,7 +309,7 @@ index 123613d..88caec1 100644
         kop.crk_iparams = 6;
  
         if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
-@@ -1317,90 +1429,117 @@ static RSA_METHOD cryptodev_rsa = {
+@@ -1350,90 +1462,117 @@ static RSA_METHOD cryptodev_rsa = {
         NULL                            /* rsa_verify */
  };
  
@@ -488,7 +489,7 @@ index 123613d..88caec1 100644
  }
  
  static int
-@@ -1408,42 +1547,179 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
+@@ -1441,42 +1580,179 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
      DSA_SIG *sig, DSA *dsa)
  {
         struct crypt_kop kop;
@@ -686,7 +687,7 @@ index 123613d..88caec1 100644
  static DSA_METHOD cryptodev_dsa = {
         "cryptodev DSA method",
         NULL,
-@@ -1457,12 +1733,543 @@ static DSA_METHOD cryptodev_dsa = {
+@@ -1490,12 +1766,543 @@ static DSA_METHOD cryptodev_dsa = {
         NULL    /* app_data */
  };
  
@@ -1235,7 +1236,7 @@ index 123613d..88caec1 100644
  }
  
  static int
-@@ -1470,43 +2277,234 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+@@ -1503,43 +2310,234 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
  {
         struct crypt_kop kop;
         int dhret = 1;
@@ -1488,7 +1489,7 @@ index 123613d..88caec1 100644
  static DH_METHOD cryptodev_dh = {
         "cryptodev DH method",
         NULL,                           /* cryptodev_dh_generate_key */
-@@ -1518,6 +2516,14 @@ static DH_METHOD cryptodev_dh = {
+@@ -1551,6 +2549,14 @@ static DH_METHOD cryptodev_dh = {
         NULL    /* app_data */
  };
  
@@ -1503,7 +1504,7 @@ index 123613d..88caec1 100644
  /*
   * ctrl right now is just a wrapper that doesn't do much
   * but I expect we'll want some options soon.
-@@ -1602,25 +2608,42 @@ ENGINE_load_cryptodev(void)
+@@ -1634,25 +2640,42 @@ ENGINE_load_cryptodev(void)
                 memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
                 if (cryptodev_asymfeat & CRF_DSA_SIGN)
                         cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
@@ -1559,5 +1560,5 @@ index 123613d..88caec1 100644
         }
  
 -- 
-1.7.9.7
+1.8.3.1
 
diff --git a/recipes-connectivity/openssl/openssl-fsl/0007-Added-hwrng-dev-file-as-source-of-RNG.patch b/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch
index afe9f7c..6a69c32 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0007-Added-hwrng-dev-file-as-source-of-RNG.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch
@@ -1,13 +1,13 @@
-From 6ee6f7acad9824244b32ac23248f1d12f2c2b201 Mon Sep 17 00:00:00 2001
+From 81c4c62a4f5f5542843381bfb34e39a6171d5cdd Mon Sep 17 00:00:00 2001
 From: Yashpal Dutta <yashpal.dutta@freescale.com>
 Date: Tue, 11 Mar 2014 06:42:59 +0545
-Subject: [PATCH][fsl 07/15] Added hwrng dev file as source of RNG
+Subject: [PATCH 09/17] Added hwrng dev file as source of RNG
 
 Upstream-status: Pending
 
 Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
 ---
- e_os.h |    2 +-
+ e_os.h | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/e_os.h b/e_os.h
@@ -24,5 +24,5 @@ index 6a0aad1..57c0563 100644
  #ifndef DEVRANDOM_EGD
  /* set this to a comma-seperated list of 'egd' sockets to try out. These
 -- 
-1.7.9.7
+1.8.3.1
 
diff --git a/recipes-connectivity/openssl/openssl-fsl/0009-eng_cryptodev-extend-TLS-offload-with-new-algorithms.patch b/recipes-connectivity/openssl/openssl-fsl/0009-eng_cryptodev-extend-TLS-offload-with-new-algorithms.patch
deleted file mode 100644
index a417884..0000000
--- a/recipes-connectivity/openssl/openssl-fsl/0009-eng_cryptodev-extend-TLS-offload-with-new-algorithms.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From 6555c11c9f62fc37c60bb335cfeb5c9d641e493a Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@freescale.com>
-Date: Fri, 21 Mar 2014 16:22:27 +0200
-Subject: [PATCH][fsl 09/15] eng_cryptodev: extend TLS offload with new
- algorithms
-
-Upstream-status: Pending
-
-- aes-192-cbc-hmac-sha1
-- aes-256-cbc-hmac-sha1
-
-Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
----
- crypto/engine/eng_cryptodev.c |   41 +++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 41 insertions(+)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index c5e8fb3..e2d4c53 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -248,6 +248,8 @@ static struct {
-        { CRYPTO_CAST_CBC,      NID_cast5_cbc,    8,  16, 0},
-        { CRYPTO_SKIPJACK_CBC,  NID_undef,        0,  0,  0},
-        { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
-+       { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_192_cbc_hmac_sha1, 16, 24, 20},
-+       { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
-        { 0, NID_undef, 0, 0, 0},
- };
- 
-@@ -536,6 +538,8 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        /* TODO: make a seamless integration with cryptodev flags */
-        switch (ctx->cipher->nid) {
-        case NID_aes_128_cbc_hmac_sha1:
-+       case NID_aes_192_cbc_hmac_sha1:
-+       case NID_aes_256_cbc_hmac_sha1:
-                cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
-        }
-        cryp.ses = sess->ses;
-@@ -729,6 +733,8 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
-                /* TODO: this should be an extension of EVP_CIPHER struct */
-                switch (ctx->cipher->nid) {
-                case NID_aes_128_cbc_hmac_sha1:
-+               case NID_aes_192_cbc_hmac_sha1:
-+               case NID_aes_256_cbc_hmac_sha1:
-                        maclen = SHA_DIGEST_LENGTH;
-                }
- 
-@@ -871,6 +877,33 @@ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
-        NULL
- };
- 
-+const EVP_CIPHER cryptodev_aes_192_cbc_hmac_sha1 = {
-+       NID_aes_192_cbc_hmac_sha1,
-+       16, 24, 16,
-+       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+       cryptodev_init_aead_key,
-+       cryptodev_aead_cipher,
-+       cryptodev_cleanup,
-+       sizeof(struct dev_crypto_state),
-+       EVP_CIPHER_set_asn1_iv,
-+       EVP_CIPHER_get_asn1_iv,
-+       cryptodev_cbc_hmac_sha1_ctrl,
-+       NULL
-+};
-+
-+const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
-+       NID_aes_256_cbc_hmac_sha1,
-+       16, 32, 16,
-+       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+       cryptodev_init_aead_key,
-+       cryptodev_aead_cipher,
-+       cryptodev_cleanup,
-+       sizeof(struct dev_crypto_state),
-+       EVP_CIPHER_set_asn1_iv,
-+       EVP_CIPHER_get_asn1_iv,
-+       cryptodev_cbc_hmac_sha1_ctrl,
-+       NULL
-+};
- /*
-  * Registered by the ENGINE when used to find out how to deal with
-  * a particular NID in the ENGINE. this says what we'll do at the
-@@ -911,6 +944,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-        case NID_aes_128_cbc_hmac_sha1:
-                *cipher = &cryptodev_aes_128_cbc_hmac_sha1;
-                break;
-+       case NID_aes_192_cbc_hmac_sha1:
-+               *cipher = &cryptodev_aes_192_cbc_hmac_sha1;
-+               break;
-+       case NID_aes_256_cbc_hmac_sha1:
-+               *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
-+               break;
-        default:
-                *cipher = NULL;
-                break;
-@@ -3830,6 +3869,8 @@ ENGINE_load_cryptodev(void)
-        put_dev_crypto(fd);
- 
-        EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
-+       EVP_add_cipher(&cryptodev_aes_192_cbc_hmac_sha1);
-+       EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
-        if (!ENGINE_set_id(engine, "cryptodev") ||
-            !ENGINE_set_name(engine, "BSD cryptodev engine") ||
-            !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
--- 
-1.7.9.7
-
diff --git a/recipes-connectivity/openssl/openssl-fsl/0008-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch b/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
index d8b5d95..b7702d1 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0008-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
@@ -1,7 +1,7 @@
-From 68f8054c5a1f72e40884782d2d548892406d6049 Mon Sep 17 00:00:00 2001
+From a933e6341fd8989bdd82f8a5446b6f04aa00eef9 Mon Sep 17 00:00:00 2001
 From: Yashpal Dutta <yashpal.dutta@freescale.com>
 Date: Tue, 11 Mar 2014 07:14:30 +0545
-Subject: [PATCH][fsl 08/15] Asynchronous interface added for PKC cryptodev
+Subject: [PATCH 10/17] Asynchronous interface added for PKC cryptodev
  interface
 
 Upstream-status: Pending
@@ -116,10 +116,10 @@ index cb3be13..eb0ebe0 100644
         int (*init)(EC_KEY *eckey);
         int (*finish)(EC_KEY *eckey);
 diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 88caec1..c5e8fb3 100644
+index 7ee314b..9f2416e 100644
 --- a/crypto/engine/eng_cryptodev.c
 +++ b/crypto/engine/eng_cryptodev.c
-@@ -1248,6 +1248,56 @@ zapparams(struct crypt_kop *kop)
+@@ -1281,6 +1281,56 @@ zapparams(struct crypt_kop *kop)
         }
  }
  
@@ -176,7 +176,7 @@ index 88caec1..c5e8fb3 100644
  static int
  cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
  {
-@@ -1304,6 +1354,44 @@ void *cryptodev_init_instance(void)
+@@ -1337,6 +1387,44 @@ void *cryptodev_init_instance(void)
         return fd;
  }
  
@@ -221,7 +221,7 @@ index 88caec1..c5e8fb3 100644
  static int
  cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
      const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-@@ -1349,6 +1437,63 @@ err:
+@@ -1382,6 +1470,63 @@ err:
  }
  
  static int
@@ -285,7 +285,7 @@ index 88caec1..c5e8fb3 100644
  cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
  {
         int r;
-@@ -1413,6 +1558,62 @@ err:
+@@ -1446,6 +1591,62 @@ err:
         return (ret);
  }
  
@@ -348,7 +348,7 @@ index 88caec1..c5e8fb3 100644
  static RSA_METHOD cryptodev_rsa = {
         "cryptodev RSA method",
         NULL,                           /* rsa_pub_enc */
-@@ -1421,6 +1622,12 @@ static RSA_METHOD cryptodev_rsa = {
+@@ -1454,6 +1655,12 @@ static RSA_METHOD cryptodev_rsa = {
         NULL,                           /* rsa_priv_dec */
         NULL,
         NULL,
@@ -361,7 +361,7 @@ index 88caec1..c5e8fb3 100644
         NULL,                           /* init */
         NULL,                           /* finish */
         0,                              /* flags */
-@@ -1718,126 +1925,424 @@ sw_try:
+@@ -1751,126 +1958,424 @@ sw_try:
         return ret;
  }
  
@@ -875,7 +875,7 @@ index 88caec1..c5e8fb3 100644
                         goto err;
                 }
         } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) {
-@@ -2162,63 +2667,581 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
+@@ -2195,63 +2700,581 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
         }
  
         /**
@@ -1507,7 +1507,7 @@ index 88caec1..c5e8fb3 100644
         return ret;
  }
  
-@@ -2327,6 +3350,54 @@ sw_try:
+@@ -2360,6 +3383,54 @@ sw_try:
         return (dhret);
  }
  
@@ -1562,7 +1562,7 @@ index 88caec1..c5e8fb3 100644
  int cryptodev_ecdh_compute_key(void *out, size_t outlen,
         const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
         void *out, size_t *outlen))
-@@ -2504,6 +3575,190 @@ err:
+@@ -2537,6 +3608,190 @@ err:
         return ret;
  }
  
@@ -1753,7 +1753,7 @@ index 88caec1..c5e8fb3 100644
  
  static DH_METHOD cryptodev_dh = {
         "cryptodev DH method",
-@@ -2512,6 +3767,8 @@ static DH_METHOD cryptodev_dh = {
+@@ -2545,6 +3800,8 @@ static DH_METHOD cryptodev_dh = {
         NULL,
         NULL,
         NULL,
@@ -1762,7 +1762,7 @@ index 88caec1..c5e8fb3 100644
         0,      /* flags */
         NULL    /* app_data */
  };
-@@ -2520,6 +3777,7 @@ static ECDH_METHOD cryptodev_ecdh = {
+@@ -2553,6 +3810,7 @@ static ECDH_METHOD cryptodev_ecdh = {
         "cryptodev ECDH method",
         NULL,   /* cryptodev_ecdh_compute_key */
         NULL,
@@ -1770,7 +1770,7 @@ index 88caec1..c5e8fb3 100644
         0,              /* flags */
         NULL    /* app_data */
  };
-@@ -2593,12 +3851,19 @@ ENGINE_load_cryptodev(void)
+@@ -2625,12 +3883,19 @@ ENGINE_load_cryptodev(void)
                 cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
                 if (cryptodev_asymfeat & CRF_MOD_EXP) {
                         cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
@@ -1792,7 +1792,7 @@ index 88caec1..c5e8fb3 100644
                 }
         }
  
-@@ -2606,12 +3871,21 @@ ENGINE_load_cryptodev(void)
+@@ -2638,12 +3903,21 @@ ENGINE_load_cryptodev(void)
                 const DSA_METHOD *meth = DSA_OpenSSL();
  
                 memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
@@ -1817,7 +1817,7 @@ index 88caec1..c5e8fb3 100644
         }
  
         if (ENGINE_set_DH(engine, &cryptodev_dh)){
-@@ -2620,10 +3894,15 @@ ENGINE_load_cryptodev(void)
+@@ -2652,10 +3926,15 @@ ENGINE_load_cryptodev(void)
                 if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
                         cryptodev_dh.compute_key =
                                 cryptodev_dh_compute_key;
@@ -1833,7 +1833,7 @@ index 88caec1..c5e8fb3 100644
                 }
         }
  
-@@ -2632,10 +3911,14 @@ ENGINE_load_cryptodev(void)
+@@ -2664,10 +3943,14 @@ ENGINE_load_cryptodev(void)
                 memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD));
                 if (cryptodev_asymfeat & CRF_DSA_SIGN) {
                         cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign;
@@ -1848,7 +1848,7 @@ index 88caec1..c5e8fb3 100644
                 }
         }
  
-@@ -2644,9 +3927,16 @@ ENGINE_load_cryptodev(void)
+@@ -2676,9 +3959,16 @@ ENGINE_load_cryptodev(void)
                 memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD));
                 if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
                         cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key;
@@ -2035,5 +2035,5 @@ index 5f269e5..6ef1b15 100644
         int (*finish)(RSA *rsa);        /* called at free */
         int flags;                      /* RSA_METHOD_FLAG_* things */
 -- 
-1.7.9.7
+1.8.3.1
 
diff --git a/recipes-connectivity/openssl/openssl-fsl/0010-Add-RSA-keygen-operation-and-support-gendsa-command-.patch b/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
index 4eaaeaa..5e74298 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0010-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
@@ -1,22 +1,22 @@
-From a08f27a22d2c78f058b63dd2565925ca92ad08b2 Mon Sep 17 00:00:00 2001
+From e4fc051f8ae1c093b25ca346c2ec351ff3b700d1 Mon Sep 17 00:00:00 2001
 From: Hou Zhiqiang <B48286@freescale.com>
 Date: Wed, 2 Apr 2014 16:10:43 +0800
-Subject: [PATCH][fsl 10/15] Add RSA keygen operation and support gendsa
- command with hardware engine
+Subject: [PATCH 11/17] Add RSA keygen operation and support gendsa command
+ with hardware engine
 
 Upstream-status: Pending
 
 Signed-off-by: Hou Zhiqiang <B48286@freescale.com>
 Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
 ---
- crypto/engine/eng_cryptodev.c |  118 +++++++++++++++++++++++++++++++++++++++++
+ crypto/engine/eng_cryptodev.c | 118 ++++++++++++++++++++++++++++++++++++++++++
  1 file changed, 118 insertions(+)
 
 diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index e2d4c53..0a6567c 100644
+index 9f2416e..b2919a8 100644
 --- a/crypto/engine/eng_cryptodev.c
 +++ b/crypto/engine/eng_cryptodev.c
-@@ -1912,6 +1912,121 @@ err:
+@@ -1906,6 +1906,121 @@ err:
         return dsaret;
  }
  
@@ -138,7 +138,7 @@ index e2d4c53..0a6567c 100644
  /* Cryptodev DSA Key Gen routine */
  static int cryptodev_dsa_keygen(DSA *dsa)
  {
-@@ -3905,6 +4020,9 @@ ENGINE_load_cryptodev(void)
+@@ -3896,6 +4011,9 @@ ENGINE_load_cryptodev(void)
                                 cryptodev_rsa.rsa_mod_exp_async =
                                     cryptodev_rsa_nocrt_mod_exp_async;
                         }
@@ -149,5 +149,5 @@ index e2d4c53..0a6567c 100644
         }
  
 -- 
-1.7.9.7
+1.8.3.1
 
diff --git a/recipes-connectivity/openssl/openssl-fsl/0011-RSA-Keygen-Fix.patch b/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch
index b2d636a..4489973 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0011-RSA-Keygen-Fix.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch
@@ -1,7 +1,7 @@
-From f44fc935d5bc601cd625a64a366e64b19f2bb730 Mon Sep 17 00:00:00 2001
+From ac777f046da7151386d667391362ecb553ceee90 Mon Sep 17 00:00:00 2001
 From: Yashpal Dutta <yashpal.dutta@freescale.com>
 Date: Wed, 16 Apr 2014 22:53:04 +0545
-Subject: [PATCH][fsl 11/15] RSA Keygen Fix
+Subject: [PATCH 12/17] RSA Keygen Fix
 
 Upstream-status: Pending
 
@@ -12,14 +12,14 @@ handled by software supported rsa_keygen handler
 Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
 Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
 ---
- crypto/engine/eng_cryptodev.c |   12 +++++++-----
+ crypto/engine/eng_cryptodev.c | 12 +++++++-----
  1 file changed, 7 insertions(+), 5 deletions(-)
 
 diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 0a6567c..5d54f7e 100644
+index b2919a8..ed5f20f 100644
 --- a/crypto/engine/eng_cryptodev.c
 +++ b/crypto/engine/eng_cryptodev.c
-@@ -1921,7 +1921,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+@@ -1915,7 +1915,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
         int i;
  
         if ((fd = get_asym_dev_crypto()) < 0)
@@ -28,7 +28,7 @@ index 0a6567c..5d54f7e 100644
  
         if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
         if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err;
-@@ -1942,7 +1942,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+@@ -1936,7 +1936,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
         /* p length */
         kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
         if (!kop.crk_param[kop.crk_iparams].crp_p)
@@ -37,7 +37,7 @@ index 0a6567c..5d54f7e 100644
         kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
         memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
         kop.crk_iparams++;
-@@ -1950,7 +1950,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+@@ -1944,7 +1944,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
         /* q length */
         kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
         if (!kop.crk_param[kop.crk_iparams].crp_p)
@@ -46,7 +46,7 @@ index 0a6567c..5d54f7e 100644
         kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
         memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
         kop.crk_iparams++;
-@@ -2015,8 +2015,10 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+@@ -2009,8 +2009,10 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
         }
  sw_try:
         {
@@ -60,5 +60,5 @@ index 0a6567c..5d54f7e 100644
         return ret;
  
 -- 
-1.7.9.7
+1.8.3.1
 
diff --git a/recipes-connectivity/openssl/openssl-fsl/0012-Removed-local-copy-of-curve_t-type.patch b/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch
index 077b08e..183f3fb 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0012-Removed-local-copy-of-curve_t-type.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch
@@ -1,22 +1,22 @@
-From 7a6848210c3b2f42aed4de60646e0e63c0e35fcb Mon Sep 17 00:00:00 2001
+From 6aaa306cdf878250d7b6eaf30978de313653886b Mon Sep 17 00:00:00 2001
 From: Yashpal Dutta <yashpal.dutta@freescale.com>
 Date: Thu, 17 Apr 2014 06:57:59 +0545
-Subject: [PATCH][fsl 12/15] Removed local copy of curve_t type
+Subject: [PATCH 13/17] Removed local copy of curve_t type
 
 Upstream-status: Pending
 
 Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
 Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
 ---
- crypto/engine/eng_cryptodev.c    |   34 ++++++++++++++--------------------
- crypto/engine/eng_cryptodev_ec.h |    7 -------
+ crypto/engine/eng_cryptodev.c    | 34 ++++++++++++++--------------------
+ crypto/engine/eng_cryptodev_ec.h |  7 -------
  2 files changed, 14 insertions(+), 27 deletions(-)
 
 diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 5d54f7e..33447c8 100644
+index ed5f20f..5d883fa 100644
 --- a/crypto/engine/eng_cryptodev.c
 +++ b/crypto/engine/eng_cryptodev.c
-@@ -2404,12 +2404,6 @@ static ECDSA_METHOD cryptodev_ecdsa = {
+@@ -2398,12 +2398,6 @@ static ECDSA_METHOD cryptodev_ecdsa = {
         NULL    /* app_data */
  };
  
@@ -29,7 +29,7 @@ index 5d54f7e..33447c8 100644
  /* ENGINE handler for ECDSA Sign */
  static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
         int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
-@@ -2426,7 +2420,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
+@@ -2420,7 +2414,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
         const BIGNUM   *order = NULL, *priv_key=NULL;
         const EC_GROUP *group = NULL;
         struct crypt_kop kop;
@@ -38,7 +38,7 @@ index 5d54f7e..33447c8 100644
  
         memset(&kop, 0, sizeof(kop));
         ecdsa = ecdsa_check(eckey);
-@@ -2559,7 +2553,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
+@@ -2553,7 +2547,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char  *dgst,
                         else
                                 goto err;
                 }
@@ -47,7 +47,7 @@ index 5d54f7e..33447c8 100644
         }
  
         /* Calculation of Generator point */
-@@ -2653,7 +2647,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
+@@ -2647,7 +2641,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
         const EC_POINT *pub_key = NULL;
         const BIGNUM   *order = NULL;
         const EC_GROUP *group=NULL;
@@ -56,7 +56,7 @@ index 5d54f7e..33447c8 100644
         struct crypt_kop kop;
  
         memset(&kop, 0, sizeof kop);
-@@ -2798,7 +2792,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
+@@ -2792,7 +2786,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
                         else
                                 goto err;
                 }
@@ -65,7 +65,7 @@ index 5d54f7e..33447c8 100644
         }
  
         /* Calculation of Generator point */
-@@ -2899,7 +2893,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char  *dgst,
+@@ -2893,7 +2887,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char  *dgst,
         const BIGNUM   *order = NULL, *priv_key=NULL;
         const EC_GROUP *group = NULL;
         struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
@@ -74,7 +74,7 @@ index 5d54f7e..33447c8 100644
  
         if (!(sig->r = BN_new()) || !kop)
                 goto err;
-@@ -3035,7 +3029,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char  *dgst,
+@@ -3029,7 +3023,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char  *dgst,
                         else
                                 goto err;
                 }
@@ -83,7 +83,7 @@ index 5d54f7e..33447c8 100644
         }
  
         /* Calculation of Generator point */
-@@ -3111,7 +3105,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len,
+@@ -3105,7 +3099,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len,
         const EC_POINT *pub_key = NULL;
         const BIGNUM   *order = NULL;
         const EC_GROUP *group=NULL;
@@ -92,7 +92,7 @@ index 5d54f7e..33447c8 100644
         struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
  
         if (!kop)
-@@ -3253,7 +3247,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len,
+@@ -3247,7 +3241,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len,
                 /* copy b' i.e c(b), instead of only b */
                 eng_ec_get_cparam (EC_GROUP_get_curve_name(group),
                         ab+q_len, q_len);
@@ -101,7 +101,7 @@ index 5d54f7e..33447c8 100644
         }
  
         /* Calculation of Generator point */
-@@ -3558,7 +3552,7 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
+@@ -3552,7 +3546,7 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
         const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
         void *out, size_t *outlen))
  {
@@ -110,7 +110,7 @@ index 5d54f7e..33447c8 100644
         unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
         BIGNUM         * w_x = NULL, *w_y = NULL;
         int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
-@@ -3684,9 +3678,9 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
+@@ -3678,9 +3672,9 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
                         else
                                 goto err;
                 }
@@ -122,7 +122,7 @@ index 5d54f7e..33447c8 100644
  
         priv_key_len = r_len;
  
-@@ -3735,7 +3729,7 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
+@@ -3729,7 +3723,7 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
         const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
         void *out, size_t *outlen), struct pkc_cookie_s *cookie)
  {
@@ -131,7 +131,7 @@ index 5d54f7e..33447c8 100644
         unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
         BIGNUM         * w_x = NULL, *w_y = NULL;
         int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
-@@ -3863,9 +3857,9 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
+@@ -3857,9 +3851,9 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
                         else
                                 goto err;
                 }
@@ -160,5 +160,5 @@ index 77aee71..a4b8da5 100644
 -};
  #endif
 -- 
-1.7.9.7
+1.8.3.1
 
diff --git a/recipes-connectivity/openssl/openssl-fsl/0013-Modulus-parameter-is-not-populated-by-dhparams.patch b/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch
index 11f0622..46846f8 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0013-Modulus-parameter-is-not-populated-by-dhparams.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch
@@ -1,7 +1,7 @@
-From 8aabfeb1308188a46d3f370cd757de130e73eb9b Mon Sep 17 00:00:00 2001
+From 14623ca9e417ccef1ad3f4138acfac0ebe682f1f Mon Sep 17 00:00:00 2001
 From: Yashpal Dutta <yashpal.dutta@freescale.com>
 Date: Tue, 22 Apr 2014 22:58:33 +0545
-Subject: [PATCH][fsl 13/15] Modulus parameter is not populated by dhparams
+Subject: [PATCH 14/17] Modulus parameter is not populated by dhparams
 
 Upstream-status: Pending
 
@@ -13,14 +13,14 @@ by private key generation
 Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
 Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
 ---
- crypto/engine/eng_cryptodev.c |    4 ++--
+ crypto/engine/eng_cryptodev.c | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 33447c8..8de8f09 100644
+index 5d883fa..6d69336 100644
 --- a/crypto/engine/eng_cryptodev.c
 +++ b/crypto/engine/eng_cryptodev.c
-@@ -3370,7 +3370,7 @@ static int cryptodev_dh_keygen_async(DH *dh,  struct pkc_cookie_s *cookie)
+@@ -3364,7 +3364,7 @@ static int cryptodev_dh_keygen_async(DH *dh,  struct pkc_cookie_s *cookie)
         kop->crk_op = CRK_DH_GENERATE_KEY;
         if (bn2crparam(dh->p, &kop->crk_param[0]))
                 goto sw_try;
@@ -29,7 +29,7 @@ index 33447c8..8de8f09 100644
                 goto sw_try;
         kop->crk_param[2].crp_p = g;
         kop->crk_param[2].crp_nbits = g_len * 8;
-@@ -3425,7 +3425,7 @@ static int cryptodev_dh_keygen(DH *dh)
+@@ -3419,7 +3419,7 @@ static int cryptodev_dh_keygen(DH *dh)
         kop.crk_op = CRK_DH_GENERATE_KEY;
         if (bn2crparam(dh->p, &kop.crk_param[0]))
                 goto sw_try;
@@ -39,5 +39,5 @@ index 33447c8..8de8f09 100644
         kop.crk_param[2].crp_p = g;
         kop.crk_param[2].crp_nbits = g_len * 8;
 -- 
-1.7.9.7
+1.8.3.1
 
diff --git a/recipes-connectivity/openssl/openssl-fsl/0014-SW-Backoff-mechanism-for-dsa-keygen.patch b/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch
index e5aa1ba..c20f9d7 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0014-SW-Backoff-mechanism-for-dsa-keygen.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch
@@ -1,7 +1,7 @@
-From 8b1ed323d08dce8b6e303ce63a82337543e9187f Mon Sep 17 00:00:00 2001
+From 10be401a33e6ebcc325d6747914c70595cd53d0a Mon Sep 17 00:00:00 2001
 From: Yashpal Dutta <yashpal.dutta@freescale.com>
 Date: Thu, 24 Apr 2014 00:35:34 +0545
-Subject: [PATCH][fsl 14/15] SW Backoff mechanism for dsa keygen
+Subject: [PATCH 15/17] SW Backoff mechanism for dsa keygen
 
 Upstream-status: Pending
 
@@ -12,14 +12,14 @@ keygen gives segmentation fault.
 Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
 Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
 ---
- crypto/engine/eng_cryptodev.c |   12 ++++++++----
+ crypto/engine/eng_cryptodev.c | 12 ++++++++----
  1 file changed, 8 insertions(+), 4 deletions(-)
 
 diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 8de8f09..7c2661f 100644
+index 6d69336..dab8fea 100644
 --- a/crypto/engine/eng_cryptodev.c
 +++ b/crypto/engine/eng_cryptodev.c
-@@ -2075,8 +2075,10 @@ static int cryptodev_dsa_keygen(DSA *dsa)
+@@ -2069,8 +2069,10 @@ static int cryptodev_dsa_keygen(DSA *dsa)
         return ret;
  sw_try:
         {
@@ -32,7 +32,7 @@ index 8de8f09..7c2661f 100644
         }
         return ret;
  }
-@@ -2130,11 +2132,13 @@ static int cryptodev_dsa_keygen_async(DSA *dsa,  struct pkc_cookie_s *cookie)
+@@ -2124,11 +2126,13 @@ static int cryptodev_dsa_keygen_async(DSA *dsa,  struct pkc_cookie_s *cookie)
         return ret;
  sw_try:
         {
@@ -49,5 +49,5 @@ index 8de8f09..7c2661f 100644
         }
         return ret;
 -- 
-1.7.9.7
+1.8.3.1
 
diff --git a/recipes-connectivity/openssl/openssl-fsl/0015-Fixed-DH-keygen-pair-generator.patch b/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch
index 99e6094..abcc2ef 100644
--- a/recipes-connectivity/openssl/openssl-fsl/0015-Fixed-DH-keygen-pair-generator.patch
+++ b/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch
@@ -1,7 +1,7 @@
-From 9dfc18846063a110070782ede699c513b30257e5 Mon Sep 17 00:00:00 2001
+From d2c868c6370bcc0d0a254e641907da2cdf992d62 Mon Sep 17 00:00:00 2001
 From: Yashpal Dutta <yashpal.dutta@freescale.com>
 Date: Thu, 1 May 2014 06:35:45 +0545
-Subject: [PATCH][fsl 15/15] Fixed DH keygen pair generator
+Subject: [PATCH 16/17] Fixed DH keygen pair generator
 
 Upstream-status: Pending
 
@@ -10,14 +10,14 @@ Wrong Padding results into keygen length error
 Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
 Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
 ---
- crypto/engine/eng_cryptodev.c |   50 +++++++++++++++++++++++++++--------------
+ crypto/engine/eng_cryptodev.c | 50 ++++++++++++++++++++++++++++---------------
  1 file changed, 33 insertions(+), 17 deletions(-)
 
 diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 7c2661f..703eee4 100644
+index dab8fea..13d924f 100644
 --- a/crypto/engine/eng_cryptodev.c
 +++ b/crypto/engine/eng_cryptodev.c
-@@ -3402,44 +3402,60 @@ sw_try:
+@@ -3396,44 +3396,60 @@ sw_try:
  static int cryptodev_dh_keygen(DH *dh)
  {
         struct crypt_kop kop;
@@ -96,5 +96,5 @@ index 7c2661f..703eee4 100644
  sw_try:
         {
 -- 
-1.7.9.7
+1.8.3.1
 
diff --git a/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch b/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
new file mode 100644
index 0000000..a71bb45
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
@@ -0,0 +1,309 @@
+From 11b55103463bac614e00d74e9f196ec4ec6bade1 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Mon, 16 Jun 2014 14:06:21 +0300
+Subject: [PATCH 17/17] cryptodev: add support for aes-gcm algorithm offloading
+
+Change-Id: I3b77dc5ef8b8f707309549244a02852d95b36168
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/17226
+---
+ apps/speed.c                  |   6 +-
+ crypto/engine/eng_cryptodev.c | 229 +++++++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 233 insertions(+), 2 deletions(-)
+
+diff --git a/apps/speed.c b/apps/speed.c
+index 9886ca3..099dede 100644
+--- a/apps/speed.c
++++ b/apps/speed.c
+@@ -224,7 +224,11 @@
+ #endif
+ 
+ #undef BUFSIZE
+-#define BUFSIZE        ((long)1024*8+1)
++/* The buffer overhead allows GCM tag at the end of the encrypted data. This
++   avoids buffer overflows from cryptodev since Linux kernel GCM
++   implementation allways adds the tag - unlike e_aes.c:aes_gcm_cipher()
++   which doesn't */
++#define BUFSIZE        ((long)1024*8 + EVP_GCM_TLS_TAG_LEN)
+ int run=0;
+ 
+ static int mr=0;
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 13d924f..4493490 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
+@@ -78,8 +78,10 @@ struct dev_crypto_state {
+        struct session_op d_sess;
+        int d_fd;
+        unsigned char *aad;
+-       unsigned int aad_len;
++       int aad_len;
+        unsigned int len;
++       unsigned char *iv;
++       int ivlen;
+ 
+ #ifdef USE_CRYPTODEV_DIGESTS
+        char dummy_mac_key[HASH_MAX_LEN];
+@@ -251,6 +253,7 @@ static struct {
+        { CRYPTO_SKIPJACK_CBC,  NID_undef,        0,  0,  0},
+        { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
+        { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
++       { CRYPTO_AES_GCM,       NID_aes_128_gcm,  16, 16, 0},
+        { 0, NID_undef, 0, 0, 0},
+ };
+ 
+@@ -271,6 +274,19 @@ static struct {
+ };
+ #endif
+ 
++/* increment counter (64-bit int) by 1 */
++static void ctr64_inc(unsigned char *counter) {
++       int n=8;
++       unsigned char  c;
++
++       do {
++               --n;
++               c = counter[n];
++               ++c;
++               counter[n] = c;
++               if (c) return;
++       } while (n);
++}
+ /*
+  * Return a fd if /dev/crypto seems usable, 0 otherwise.
+  */
+@@ -762,6 +778,197 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+        }
+ }
+ 
++static int cryptodev_init_gcm_key(EVP_CIPHER_CTX *ctx,
++       const unsigned char *key, const unsigned char *iv, int enc)
++{
++       struct dev_crypto_state *state = ctx->cipher_data;
++       struct session_op *sess = &state->d_sess;
++       int cipher = -1, i;
++       if (!iv && !key)
++               return 1;
++
++       if (iv)
++               memcpy(ctx->iv, iv, ctx->cipher->iv_len);
++
++       for (i = 0; ciphers[i].id; i++)
++               if (ctx->cipher->nid == ciphers[i].nid &&
++                   ctx->cipher->iv_len <= ciphers[i].ivmax &&
++                   ctx->key_len == ciphers[i].keylen) {
++                       cipher = ciphers[i].id;
++                       break;
++               }
++
++       if (!ciphers[i].id) {
++               state->d_fd = -1;
++               return 0;
++       }
++
++       memset(sess, 0, sizeof(struct session_op));
++
++       if ((state->d_fd = get_dev_crypto()) < 0)
++               return 0;
++
++       sess->key = (unsigned char *) key;
++       sess->keylen = ctx->key_len;
++       sess->cipher = cipher;
++
++       if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
++               put_dev_crypto(state->d_fd);
++               state->d_fd = -1;
++               return 0;
++       }
++       return 1;
++}
++
++static int cryptodev_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++               const unsigned char *in, size_t len)
++{
++       struct crypt_auth_op cryp = {0};
++       struct dev_crypto_state *state = ctx->cipher_data;
++       struct session_op *sess = &state->d_sess;
++       int rv = len;
++
++       if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ?
++                       EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
++                       EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
++               return 0;
++
++       in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
++       out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
++       len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
++
++       if (ctx->encrypt) {
++               len -= EVP_GCM_TLS_TAG_LEN;
++       }
++       cryp.ses = sess->ses;
++       cryp.len = len;
++       cryp.src = (unsigned char*) in;
++       cryp.dst = out;
++       cryp.auth_src = state->aad;
++       cryp.auth_len = state->aad_len;
++       cryp.iv = ctx->iv;
++       cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
++
++       if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
++               return 0;
++       }
++
++       if (ctx->encrypt)
++               ctr64_inc(state->iv + state->ivlen - 8);
++       else
++               rv = len - EVP_GCM_TLS_TAG_LEN;
++
++       return rv;
++}
++
++static int cryptodev_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++               const unsigned char *in, size_t len)
++{
++       struct crypt_auth_op cryp;
++       struct dev_crypto_state *state = ctx->cipher_data;
++       struct session_op *sess = &state->d_sess;
++
++       if (state->d_fd < 0)
++               return 0;
++
++       if ((len % ctx->cipher->block_size) != 0)
++               return 0;
++
++       if (state->aad_len >= 0)
++               return cryptodev_gcm_tls_cipher(ctx, out, in, len);
++
++       memset(&cryp, 0, sizeof(cryp));
++
++       cryp.ses = sess->ses;
++       cryp.len = len;
++       cryp.src = (unsigned char*) in;
++       cryp.dst = out;
++       cryp.auth_src = NULL;
++       cryp.auth_len = 0;
++       cryp.iv = ctx->iv;
++       cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
++
++       if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
++               return 0;
++       }
++
++       return len;
++}
++
++static int cryptodev_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
++               void *ptr)
++{
++       struct dev_crypto_state *state = ctx->cipher_data;
++       switch (type) {
++       case EVP_CTRL_INIT:
++       {
++               state->ivlen = ctx->cipher->iv_len;
++               state->iv = ctx->iv;
++               state->aad_len = -1;
++               return 1;
++       }
++       case EVP_CTRL_GCM_SET_IV_FIXED:
++       {
++               /* Special case: -1 length restores whole IV */
++               if (arg == -1)
++                       {
++                       memcpy(state->iv, ptr, state->ivlen);
++                       return 1;
++                       }
++               /* Fixed field must be at least 4 bytes and invocation field
++                * at least 8.
++                */
++               if ((arg < 4) || (state->ivlen - arg) < 8)
++                       return 0;
++               if (arg)
++                       memcpy(state->iv, ptr, arg);
++               if (ctx->encrypt &&
++                       RAND_bytes(state->iv + arg, state->ivlen - arg) <= 0)
++                       return 0;
++               return 1;
++       }
++       case EVP_CTRL_AEAD_TLS1_AAD:
++       {
++               unsigned int len;
++               if (arg != 13)
++                       return 0;
++
++               memcpy(ctx->buf, ptr, arg);
++               len=ctx->buf[arg-2] << 8 | ctx->buf[arg-1];
++
++               /* Correct length for explicit IV */
++               len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
++
++               /* If decrypting correct for tag too */
++               if (!ctx->encrypt)
++                       len -= EVP_GCM_TLS_TAG_LEN;
++
++               ctx->buf[arg-2] = len >> 8;
++               ctx->buf[arg-1] = len & 0xff;
++
++               state->aad = ctx->buf;
++               state->aad_len = arg;
++               state->len = len;
++
++               /* Extra padding: tag appended to record */
++               return EVP_GCM_TLS_TAG_LEN;
++       }
++       case EVP_CTRL_GCM_SET_IV_INV:
++       {
++               if (ctx->encrypt)
++                       return 0;
++               memcpy(state->iv + state->ivlen - arg, ptr, arg);
++               return 1;
++       }
++       case EVP_CTRL_GCM_IV_GEN:
++               if (arg <= 0 || arg > state->ivlen)
++                       arg = state->ivlen;
++               memcpy(ptr, state->iv + state->ivlen - arg, arg);
++               return 1;
++       default:
++               return -1;
++       }
++}
+ /*
+  * libcrypto EVP stuff - this is how we get wired to EVP so the engine
+  * gets called when libcrypto requests a cipher NID.
+@@ -901,6 +1108,23 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
+        cryptodev_cbc_hmac_sha1_ctrl,
+        NULL
+ };
++
++const EVP_CIPHER cryptodev_aes_128_gcm = {
++       NID_aes_128_gcm,
++       1, 16, 12,
++       EVP_CIPH_GCM_MODE | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1 \
++       | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
++       | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT,
++       cryptodev_init_gcm_key,
++       cryptodev_gcm_cipher,
++       cryptodev_cleanup,
++       sizeof(struct dev_crypto_state),
++       EVP_CIPHER_set_asn1_iv,
++       EVP_CIPHER_get_asn1_iv,
++       cryptodev_gcm_ctrl,
++       NULL
++};
++
+ /*
+  * Registered by the ENGINE when used to find out how to deal with
+  * a particular NID in the ENGINE. this says what we'll do at the
+@@ -944,6 +1168,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+        case NID_aes_256_cbc_hmac_sha1:
+                *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
+                break;
++       case NID_aes_128_gcm:
++               *cipher = &cryptodev_aes_128_gcm;
++               break;
+        default:
+                *cipher = NULL;
+                break;
+-- 
+1.8.3.1
+
diff --git a/recipes-connectivity/openssl/openssl/openssl-fix-doc.patch b/recipes-connectivity/openssl/openssl/openssl-fix-doc.patch
deleted file mode 100644
index 451256e..0000000
--- a/recipes-connectivity/openssl/openssl/openssl-fix-doc.patch
+++ /dev/null
@@ -1,401 +0,0 @@
-Fix documentation build errors with Perl 5.18 pod2man
-
-This fixes errors building man pages with newer versions of pod2man
-included with Perl 5.18.
-
-Upstream-Status: Submitted
-Signed-off-by: Jonathan Liu
-
-Index: openssl-1.0.1f/doc/apps/cms.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/apps/cms.pod        2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/apps/cms.pod     2014-02-28 10:13:51.899979213 +0200
-@@ -450,28 +450,28 @@
- 
- =over 4
- 
--=item 0
-+=item Z<>0
- 
- the operation was completely successfully.
- 
--=item 1 
-+=item Z<>1 
- 
- an error occurred parsing the command options.
- 
--=item 2
-+=item Z<>2
- 
- one of the input files could not be read.
- 
--=item 3
-+=item Z<>3
- 
- an error occurred creating the CMS file or when reading the MIME
- message.
- 
--=item 4
-+=item Z<>4
- 
- an error occurred decrypting or verifying the message.
- 
--=item 5
-+=item Z<>5
- 
- the message was verified correctly but an error occurred writing out
- the signers certificates.
-Index: openssl-1.0.1f/doc/apps/smime.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/apps/smime.pod      2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/apps/smime.pod   2014-02-28 10:16:57.795979233 +0200
-@@ -308,28 +308,28 @@
- 
- =over 4
- 
--=item 0
-+=item Z<>0
- 
- the operation was completely successfully.
- 
--=item 1 
-+=item Z<>1 
- 
- an error occurred parsing the command options.
- 
--=item 2
-+=item Z<>2
- 
- one of the input files could not be read.
- 
--=item 3
-+=item Z<>3
- 
- an error occurred creating the PKCS#7 file or when reading the MIME
- message.
- 
--=item 4
-+=item Z<>4
- 
- an error occurred decrypting or verifying the message.
- 
--=item 5
-+=item Z<>5
- 
- the message was verified correctly but an error occurred writing out
- the signers certificates.
-Index: openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_COMP_add_compression_method.pod     2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod  2014-02-28 10:18:09.679979225 +0200
-@@ -53,11 +53,11 @@
- 
- =over 4
- 
--=item 0
-+=item Z<>0
- 
- The operation succeeded.
- 
--=item 1
-+=item Z<>1
- 
- The operation failed. Check the error queue to find out the reason.
- 
-Index: openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_add_session.pod 2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod      2014-02-28 10:18:42.687979221 +0200
-@@ -52,13 +52,13 @@
- 
- =over 4
- 
--=item 0
-+=item Z<>0
- 
-  The operation failed. In case of the add operation, it was tried to add
-  the same (identical) session twice. In case of the remove operation, the
-  session was not found in the cache.
- 
--=item 1
-+=item Z<>1
-  
-  The operation succeeded.
- 
-Index: openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_load_verify_locations.pod       2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod    2014-02-28 10:19:09.079979218 +0200
-@@ -100,13 +100,13 @@
- 
- =over 4
- 
--=item 0
-+=item Z<>0
- 
- The operation failed because B<CAfile> and B<CApath> are NULL or the
- processing at one of the locations specified failed. Check the error
- stack to find out the reason.
- 
--=item 1
-+=item Z<>1
- 
- The operation succeeded.
- 
-Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod  2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod       2014-02-28 10:19:42.999979220 +0200
-@@ -66,13 +66,13 @@
- 
- =over 4
- 
--=item 0
-+=item Z<>0
- 
- A failure while manipulating the STACK_OF(X509_NAME) object occurred or
- the X509_NAME could not be extracted from B<cacert>. Check the error stack
- to find out the reason.
- 
--=item 1
-+=item Z<>1
- 
- The operation succeeded.
- 
-Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_session_id_context.pod      2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod   2014-02-28 10:20:06.495979211 +0200
-@@ -64,13 +64,13 @@
- 
- =over 4
- 
--=item 0
-+=item Z<>0
- 
- The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
- the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
- is logged to the error stack.
- 
--=item 1
-+=item Z<>1
- 
- The operation succeeded.
- 
-Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_ssl_version.pod     2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod  2014-02-28 10:20:32.111979208 +0200
-@@ -42,11 +42,11 @@
- 
- =over 4
- 
--=item 0
-+=item Z<>0
- 
- The new choice failed, check the error stack to find out the reason.
- 
--=item 1
-+=item Z<>1
- 
- The operation succeeded.
- 
-Index: openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod       2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod    2014-02-28 10:21:12.351979203 +0200
-@@ -96,7 +96,7 @@
- connection will fail with decryption_error before it will be finished
- completely.
- 
--=item 0
-+=item Z<>0
- 
- PSK identity was not found. An "unknown_psk_identity" alert message
- will be sent and the connection setup fails.
-Index: openssl-1.0.1f/doc/ssl/SSL_accept.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_accept.pod  2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_accept.pod       2014-02-28 10:21:51.535979215 +0200
-@@ -44,13 +44,13 @@
- 
- =over 4
- 
--=item 0
-+=item Z<>0
- 
- The TLS/SSL handshake was not successful but was shut down controlled and
- by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
- return value B<ret> to find out the reason.
- 
--=item 1
-+=item Z<>1
- 
- The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
- established.
-Index: openssl-1.0.1f/doc/ssl/SSL_clear.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_clear.pod   2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_clear.pod        2014-02-28 10:22:13.087979196 +0200
-@@ -56,12 +56,12 @@
- 
- =over 4
- 
--=item 0
-+=item Z<>0
- 
- The SSL_clear() operation could not be performed. Check the error stack to
- find out the reason.
- 
--=item 1
-+=item Z<>1
- 
- The SSL_clear() operation was successful.
- 
-Index: openssl-1.0.1f/doc/ssl/SSL_connect.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_connect.pod 2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_connect.pod      2014-02-28 10:22:33.991979193 +0200
-@@ -41,13 +41,13 @@
- 
- =over 4
- 
--=item 0
-+=item Z<>0
- 
- The TLS/SSL handshake was not successful but was shut down controlled and
- by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
- return value B<ret> to find out the reason.
- 
--=item 1
-+=item Z<>1
- 
- The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
- established.
-Index: openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_do_handshake.pod    2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod 2014-02-28 10:22:56.887979159 +0200
-@@ -45,13 +45,13 @@
- 
- =over 4
- 
--=item 0
-+=item Z<>0
- 
- The TLS/SSL handshake was not successful but was shut down controlled and
- by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
- return value B<ret> to find out the reason.
- 
--=item 1
-+=item Z<>1
- 
- The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
- established.
-Index: openssl-1.0.1f/doc/ssl/SSL_read.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_read.pod    2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_read.pod 2014-02-28 10:23:15.303979188 +0200
-@@ -86,7 +86,7 @@
- The read operation was successful; the return value is the number of
- bytes actually read from the TLS/SSL connection.
- 
--=item 0
-+=item Z<>0
- 
- The read operation was not successful. The reason may either be a clean
- shutdown due to a "close notify" alert sent by the peer (in which case
-Index: openssl-1.0.1f/doc/ssl/SSL_session_reused.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_session_reused.pod  2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_session_reused.pod       2014-02-28 10:23:36.615979186 +0200
-@@ -27,11 +27,11 @@
- 
- =over 4
- 
--=item 0
-+=item Z<>0
- 
- A new session was negotiated.
- 
--=item 1
-+=item Z<>1
- 
- A session was reused.
- 
-Index: openssl-1.0.1f/doc/ssl/SSL_set_fd.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_set_fd.pod  2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_set_fd.pod       2014-02-28 10:23:57.599979183 +0200
-@@ -35,11 +35,11 @@
- 
- =over 4
- 
--=item 0
-+=item Z<>0
- 
- The operation failed. Check the error stack to find out why.
- 
--=item 1
-+=item Z<>1
- 
- The operation succeeded.
- 
-Index: openssl-1.0.1f/doc/ssl/SSL_set_session.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_set_session.pod     2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_set_session.pod  2014-02-28 10:24:16.943979181 +0200
-@@ -37,11 +37,11 @@
- 
- =over 4
- 
--=item 0
-+=item Z<>0
- 
- The operation failed; check the error stack to find out the reason.
- 
--=item 1
-+=item Z<>1
- 
- The operation succeeded.
- 
-Index: openssl-1.0.1f/doc/ssl/SSL_shutdown.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_shutdown.pod        2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_shutdown.pod     2014-02-28 10:25:03.623979175 +0200
-@@ -92,19 +92,19 @@
- 
- =over 4
- 
--=item 0
-+=item Z<>0
- 
- The shutdown is not yet finished. Call SSL_shutdown() for a second time,
- if a bidirectional shutdown shall be performed.
- The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
- erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
- 
--=item 1
-+=item Z<>1
- 
- The shutdown was successfully completed. The "close notify" alert was sent
- and the peer's "close notify" alert was received.
- 
--=item -1
-+=item Z<>-1
- 
- The shutdown was not successful because a fatal error occurred either
- at the protocol level or a connection failure occurred. It can also occur if
-Index: openssl-1.0.1f/doc/ssl/SSL_write.pod
-===================================================================
---- openssl-1.0.1f.orig/doc/ssl/SSL_write.pod   2014-01-06 15:47:42.000000000 +0200
-+++ openssl-1.0.1f/doc/ssl/SSL_write.pod        2014-02-28 10:25:36.031979168 +0200
-@@ -79,7 +79,7 @@
- The write operation was successful, the return value is the number of
- bytes actually written to the TLS/SSL connection.
- 
--=item 0
-+=item Z<>0
- 
- The write operation was not successful. Probably the underlying connection
- was closed. Call SSL_get_error() with the return value B<ret> to find out,
diff --git a/recipes-connectivity/openssl/openssl_1.0.1g.bb b/recipes-connectivity/openssl/openssl_1.0.1i.bb
index f3c20e8..f3c20e8 100644
--- a/recipes-connectivity/openssl/openssl_1.0.1g.bb
+++ b/recipes-connectivity/openssl/openssl_1.0.1i.bb
diff --git a/recipes-connectivity/openssl/openssl_1.0.1g.bbappend b/recipes-connectivity/openssl/openssl_1.0.1i.bbappend
index ab1985b..89d7339 100644
--- a/recipes-connectivity/openssl/openssl_1.0.1g.bbappend
+++ b/recipes-connectivity/openssl/openssl_1.0.1i.bbappend
@@ -5,23 +5,25 @@ RDEPENDS_${PN}_class-target += "cryptodev-module"
 # base package is taken from Freescale repository
 SRCBRANCH = "OpenSSL_1_0_1-stable"
 SRC_URI = "git://git.openssl.org/openssl.git;branch=${SRCBRANCH} \
-    file://0001-remove-double-initialization-of-cryptodev-engine.patch \
-    file://0002-ECC-Support-header-for-Cryptodev-Engine.patch \
-    file://0003-add-support-for-TLS-algorithms-offload.patch \
-    file://0004-Fixed-private-key-support-for-DH.patch \
-    file://0005-Fixed-private-key-support-for-DH.patch \
-    file://0006-Initial-support-for-PKC-in-cryptodev-engine.patch \
-    file://0007-Added-hwrng-dev-file-as-source-of-RNG.patch \
-    file://0008-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch \
-    file://0009-eng_cryptodev-extend-TLS-offload-with-new-algorithms.patch \
-    file://0010-Add-RSA-keygen-operation-and-support-gendsa-command-.patch \
-    file://0011-RSA-Keygen-Fix.patch \
-    file://0012-Removed-local-copy-of-curve_t-type.patch \
-    file://0013-Modulus-parameter-is-not-populated-by-dhparams.patch \
-    file://0014-SW-Backoff-mechanism-for-dsa-keygen.patch \
-    file://0015-Fixed-DH-keygen-pair-generator.patch \
+        file://0001-remove-double-initialization-of-cryptodev-engine.patch \
+        file://0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch \
+        file://0003-cryptodev-fix-algorithm-registration.patch \
+        file://0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch \
+        file://0005-ECC-Support-header-for-Cryptodev-Engine.patch \
+        file://0006-Fixed-private-key-support-for-DH.patch \
+        file://0007-Fixed-private-key-support-for-DH.patch \
+        file://0008-Initial-support-for-PKC-in-cryptodev-engine.patch \
+        file://0009-Added-hwrng-dev-file-as-source-of-RNG.patch \
+        file://0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch \
+        file://0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch \
+        file://0012-RSA-Keygen-Fix.patch \
+        file://0013-Removed-local-copy-of-curve_t-type.patch \
+        file://0014-Modulus-parameter-is-not-populated-by-dhparams.patch \
+        file://0015-SW-Backoff-mechanism-for-dsa-keygen.patch \
+        file://0016-Fixed-DH-keygen-pair-generator.patch \
+        file://0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch \
 "
-SRCREV = "b2d951e4232d2f90168f9a3dd0b7df9ecf2d81a8"
+SRCREV = "2b456034457b58454aae3998a2765b6a5b9bc837"
 
 SRC_URI += "file://configure-targets.patch \
             file://shared-libs.patch \
@@ -39,7 +41,6 @@ SRC_URI += "file://configure-targets.patch \
             file://debian/no-symbolic.patch \
             file://debian/debian-targets.patch \
             file://openssl_fix_for_x32.patch \
-            file://openssl-fix-doc.patch \
             file://fix-cipher-des-ede3-cfb1.patch \
             file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
             file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \