13 files changed, 2413 insertions, 0 deletions

diff --git a/recipes-kernel/cryptodev/cryptodev-fsl.inc b/recipes-kernel/cryptodev/cryptodev-fsl.inc
new file mode 100644
index 0000000..e32e350
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-fsl.inc
@@ -0,0 +1,17 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/cryptodev-fsl:"
+
+SRC_URI_qoriq-ppc = "git://github.com/cryptodev-linux/cryptodev-linux.git \
+        file://0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch \
+        file://0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch \
+        file://0003-PKC-support-added-in-cryptodev-module.patch \
+        file://0004-Compat-versions-of-PKC-IOCTLs.patch \
+        file://0005-Asynchronous-interface-changes-in-cryptodev.patch \
+        file://0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch \
+        file://0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch \
+        file://0008-Add-RSA-Key-generation-offloading.patch \
+        file://0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch \
+"
+SRCREV_qoriq-ppc = "6aa62a2c320b04f55fdfe0ed015c3d9b48997239"
+
+S_qoriq-ppc = "${WORKDIR}/git"
+
diff --git a/recipes-kernel/cryptodev/cryptodev-fsl/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch b/recipes-kernel/cryptodev/cryptodev-fsl/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch
new file mode 100644
index 0000000..796e548
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-fsl/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch
@@ -0,0 +1,52 @@
+From 715ade8236f40cf811c39f9538dfd60803967fcd Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Thu, 29 Aug 2013 16:52:30 +0300
+Subject: [PATCH 1/9] add support for composite TLS10(SHA1,AES) algorithm
+ offload
+
+This adds support for composite algorithm offload as a primitive
+crypto (cipher + hmac) operation.
+
+It requires kernel support for tls10(hmac(sha1),cbc(aes)) algorithm
+provided either in software or accelerated by hardware such as
+Freescale B*, P* and T* platforms.
+
+Change-Id: Ia1c605da3860e91e681295dfc8df7c09eb4006cf
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/17218
+---
+ crypto/cryptodev.h | 1 +
+ ioctl.c            | 5 +++++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
+index 7fb9c7d..c0e8cd4 100644
+--- a/crypto/cryptodev.h
++++ b/crypto/cryptodev.h
+@@ -50,6 +50,7 @@ enum cryptodev_crypto_op_t {
+        CRYPTO_SHA2_384,
+        CRYPTO_SHA2_512,
+        CRYPTO_SHA2_224_HMAC,
++       CRYPTO_TLS10_AES_CBC_HMAC_SHA1,
+        CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
+ };
+ 
+diff --git a/ioctl.c b/ioctl.c
+index 5a55a76..f9b9b2e 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -159,6 +159,11 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
+                stream = 1;
+                aead = 1;
+                break;
++       case CRYPTO_TLS10_AES_CBC_HMAC_SHA1:
++               alg_name = "tls10(hmac(sha1),cbc(aes))";
++               stream = 0;
++               aead = 1;
++               break;
+        case CRYPTO_NULL:
+                alg_name = "ecb(cipher_null)";
+                stream = 1;
+-- 
+1.8.3.1
+
diff --git a/recipes-kernel/cryptodev/cryptodev-fsl/0001-don-t-advertise-RSA-keygen.patch b/recipes-kernel/cryptodev/cryptodev-fsl/0001-don-t-advertise-RSA-keygen.patch
new file mode 100644
index 0000000..3d7c608
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-fsl/0001-don-t-advertise-RSA-keygen.patch
@@ -0,0 +1,32 @@
+From b6e2a3747e3cffdf3cc515b0ce35d6bcdcb051c5 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Tue, 9 Dec 2014 16:41:25 +0200
+Subject: [PATCH] don't advertise RSA keygen
+
+This is supposed to avoid RSA keygen operations when they are not
+available. Since no testing can be done, the patch should be applied
+selectively (for example when offloading through pkc driver on C293)
+
+Change-Id: I60765f46fd7a39053d42e075d2ec71b032b2ed8a
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ ioctl.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/ioctl.c b/ioctl.c
+index e907167..3239093 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -961,8 +961,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+        case CIOCASYMFEAT:
+                return put_user(CRF_MOD_EXP_CRT |  CRF_MOD_EXP | CRF_DSA_SIGN |
+                        CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY |
+-                       CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY |
+-                       CRF_RSA_GENERATE_KEY, p);
++                       CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p);
+        case CRIOGET:
+                fd = clonefd(filp);
+                ret = put_user(fd, p);
+-- 
+2.2.0
+
diff --git a/recipes-kernel/cryptodev/cryptodev-fsl/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch b/recipes-kernel/cryptodev/cryptodev-fsl/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch
new file mode 100644
index 0000000..086a97f
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-fsl/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch
@@ -0,0 +1,207 @@
+From 4b766c93e4ee19248dd66bbebb61fb5cc9c8a012 Mon Sep 17 00:00:00 2001
+From: Horia Geanta <horia.geanta@freescale.com>
+Date: Wed, 4 Dec 2013 15:43:41 +0200
+Subject: [PATCH 2/9] add support for COMPAT_CIOCAUTHCRYPT ioctl()
+
+Upstream-status: Pending
+
+Needed for 64b kernel with 32b user space.
+
+Change-Id: I44a999a4164e7ae7122dee6ed0716b2f25cadbc1
+Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ authenc.c       | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ cryptodev_int.h | 40 +++++++++++++++++++++++++++++
+ ioctl.c         | 16 ++++++++++++
+ 3 files changed, 134 insertions(+)
+
+diff --git a/authenc.c b/authenc.c
+index 1bd7377..ef0d3db 100644
+--- a/authenc.c
++++ b/authenc.c
+@@ -272,6 +272,84 @@ static int fill_caop_from_kcaop(struct kernel_crypt_auth_op *kcaop, struct fcryp
+        return 0;
+ }
+ 
++/* compatibility code for 32bit userlands */
++#ifdef CONFIG_COMPAT
++
++static inline void
++compat_to_crypt_auth_op(struct compat_crypt_auth_op *compat,
++                       struct crypt_auth_op *caop)
++{
++       caop->ses = compat->ses;
++       caop->op = compat->op;
++       caop->flags = compat->flags;
++       caop->len = compat->len;
++       caop->auth_len = compat->auth_len;
++       caop->tag_len = compat->tag_len;
++       caop->iv_len = compat->iv_len;
++
++       caop->auth_src = compat_ptr(compat->auth_src);
++       caop->src = compat_ptr(compat->src);
++       caop->dst = compat_ptr(compat->dst);
++       caop->tag = compat_ptr(compat->tag);
++       caop->iv = compat_ptr(compat->iv);
++}
++
++static inline void
++crypt_auth_op_to_compat(struct crypt_auth_op *caop,
++                       struct compat_crypt_auth_op *compat)
++{
++       compat->ses = caop->ses;
++       compat->op = caop->op;
++       compat->flags = caop->flags;
++       compat->len = caop->len;
++       compat->auth_len = caop->auth_len;
++       compat->tag_len = caop->tag_len;
++       compat->iv_len = caop->iv_len;
++
++       compat->auth_src = ptr_to_compat(caop->auth_src);
++       compat->src = ptr_to_compat(caop->src);
++       compat->dst = ptr_to_compat(caop->dst);
++       compat->tag = ptr_to_compat(caop->tag);
++       compat->iv = ptr_to_compat(caop->iv);
++}
++
++int compat_kcaop_from_user(struct kernel_crypt_auth_op *kcaop,
++                               struct fcrypt *fcr, void __user *arg)
++{
++       struct compat_crypt_auth_op compat_caop;
++
++       if (unlikely(copy_from_user(&compat_caop, arg, sizeof(compat_caop)))) {
++               dprintk(1, KERN_ERR, "Error in copying from userspace\n");
++               return -EFAULT;
++       }
++
++       compat_to_crypt_auth_op(&compat_caop, &kcaop->caop);
++
++       return fill_kcaop_from_caop(kcaop, fcr);
++}
++
++int compat_kcaop_to_user(struct kernel_crypt_auth_op *kcaop,
++                               struct fcrypt *fcr, void __user *arg)
++{
++       int ret;
++       struct compat_crypt_auth_op compat_caop;
++
++       ret = fill_caop_from_kcaop(kcaop, fcr);
++       if (unlikely(ret)) {
++               dprintk(1, KERN_ERR, "fill_caop_from_kcaop\n");
++               return ret;
++       }
++
++       crypt_auth_op_to_compat(&kcaop->caop, &compat_caop);
++
++       if (unlikely(copy_to_user(arg, &compat_caop, sizeof(compat_caop)))) {
++               dprintk(1, KERN_ERR, "Error in copying to userspace\n");
++               return -EFAULT;
++       }
++       return 0;
++}
++
++#endif /* CONFIG_COMPAT */
+ 
+ int kcaop_from_user(struct kernel_crypt_auth_op *kcaop,
+                        struct fcrypt *fcr, void __user *arg)
+diff --git a/cryptodev_int.h b/cryptodev_int.h
+index d7660fa..8e687e7 100644
+--- a/cryptodev_int.h
++++ b/cryptodev_int.h
+@@ -73,11 +73,42 @@ struct compat_crypt_op {
+        compat_uptr_t   iv;/* initialization vector for encryption operations */
+ };
+ 
++ /* input of CIOCAUTHCRYPT */
++struct compat_crypt_auth_op {
++       uint32_t        ses;            /* session identifier */
++       uint16_t        op;             /* COP_ENCRYPT or COP_DECRYPT */
++       uint16_t        flags;          /* see COP_FLAG_AEAD_* */
++       uint32_t        len;            /* length of source data */
++       uint32_t        auth_len;       /* length of auth data */
++       compat_uptr_t   auth_src;       /* authenticated-only data */
++
++       /* The current implementation is more efficient if data are
++        * encrypted in-place (src==dst). */
++       compat_uptr_t   src;            /* data to be encrypted and
++       authenticated */
++       compat_uptr_t   dst;            /* pointer to output data. Must have
++                                        * space for tag. For TLS this should be
++                                        * at least len + tag_size + block_size
++                                        * for padding */
++
++       compat_uptr_t   tag;            /* where the tag will be copied to. TLS
++                                        * mode doesn't use that as tag is
++                                        * copied to dst.
++                                        * SRTP mode copies tag there. */
++       uint32_t        tag_len;        /* the length of the tag. Use zero for
++                                        * digest size or max tag. */
++
++       /* initialization vector for encryption operations */
++       compat_uptr_t   iv;
++       uint32_t        iv_len;
++};
++
+ /* compat ioctls, defined for the above structs */
+ #define COMPAT_CIOCGSESSION    _IOWR('c', 102, struct compat_session_op)
+ #define COMPAT_CIOCCRYPT       _IOWR('c', 104, struct compat_crypt_op)
+ #define COMPAT_CIOCASYNCCRYPT  _IOW('c', 107, struct compat_crypt_op)
+ #define COMPAT_CIOCASYNCFETCH  _IOR('c', 108, struct compat_crypt_op)
++#define COMPAT_CIOCAUTHCRYPT   _IOWR('c', 109, struct compat_crypt_auth_op)
+ 
+ #endif /* CONFIG_COMPAT */
+ 
+@@ -108,6 +139,15 @@ struct kernel_crypt_auth_op {
+ 
+ /* auth */
+ 
++#ifdef CONFIG_COMPAT
++int compat_kcaop_from_user(struct kernel_crypt_auth_op *kcaop,
++                               struct fcrypt *fcr, void __user *arg);
++
++int compat_kcaop_to_user(struct kernel_crypt_auth_op *kcaop,
++                               struct fcrypt *fcr, void __user *arg);
++#endif /* CONFIG_COMPAT */
++
++
+ int kcaop_from_user(struct kernel_crypt_auth_op *kcop,
+                        struct fcrypt *fcr, void __user *arg);
+ int kcaop_to_user(struct kernel_crypt_auth_op *kcaop,
+diff --git a/ioctl.c b/ioctl.c
+index f9b9b2e..1563c75 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -998,6 +998,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
+        struct session_op sop;
+        struct compat_session_op compat_sop;
+        struct kernel_crypt_op kcop;
++       struct kernel_crypt_auth_op kcaop;
+        int ret;
+ 
+        if (unlikely(!pcr))
+@@ -1040,6 +1041,21 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
+                        return ret;
+ 
+                return compat_kcop_to_user(&kcop, fcr, arg);
++
++       case COMPAT_CIOCAUTHCRYPT:
++               if (unlikely(ret = compat_kcaop_from_user(&kcaop, fcr, arg))) {
++                       dprintk(1, KERN_WARNING, "Error copying from user\n");
++                       return ret;
++               }
++
++               ret = crypto_auth_run(fcr, &kcaop);
++               if (unlikely(ret)) {
++                       dprintk(1, KERN_WARNING, "Error in crypto_auth_run\n");
++                       return ret;
++               }
++
++               return compat_kcaop_to_user(&kcaop, fcr, arg);
++
+ #ifdef ENABLE_ASYNC
+        case COMPAT_CIOCASYNCCRYPT:
+                if (unlikely(ret = compat_kcop_from_user(&kcop, fcr, arg)))
+-- 
+1.8.3.1
+
diff --git a/recipes-kernel/cryptodev/cryptodev-fsl/0003-PKC-support-added-in-cryptodev-module.patch b/recipes-kernel/cryptodev/cryptodev-fsl/0003-PKC-support-added-in-cryptodev-module.patch
new file mode 100644
index 0000000..a4f7816
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-fsl/0003-PKC-support-added-in-cryptodev-module.patch
@@ -0,0 +1,898 @@
+From 5b57fc2124cef0acc3c7e8de376ebd9aa4f1fdd3 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Fri, 7 Mar 2014 06:16:09 +0545
+Subject: [PATCH 3/9] PKC support added in cryptodev module
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ cryptlib.c         |  66 +++++++++-
+ cryptlib.h         |  28 ++++
+ crypto/cryptodev.h |  15 ++-
+ cryptodev_int.h    |  20 ++-
+ ioctl.c            | 196 +++++++++++++++++++++++++--
+ main.c             | 378 +++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 6 files changed, 685 insertions(+), 18 deletions(-)
+
+diff --git a/cryptlib.c b/cryptlib.c
+index 44ce763..6900028 100644
+--- a/cryptlib.c
++++ b/cryptlib.c
+@@ -5,6 +5,8 @@
+  * Portions Copyright (c) 2010 Michael Weiser
+  * Portions Copyright (c) 2010 Phil Sutter
+  *
++ * Copyright 2012 Freescale Semiconductor, Inc.
++ *
+  * This file is part of linux cryptodev.
+  *
+  * This program is free software; you can redistribute it and/or
+@@ -39,11 +41,6 @@
+ #include "cryptodev_int.h"
+ 
+ 
+-struct cryptodev_result {
+-       struct completion completion;
+-       int err;
+-};
+-
+ static void cryptodev_complete(struct crypto_async_request *req, int err)
+ {
+        struct cryptodev_result *res = req->data;
+@@ -259,7 +256,6 @@ static inline int waitfor(struct cryptodev_result *cr, ssize_t ret)
+        case 0:
+                break;
+        case -EINPROGRESS:
+-       case -EBUSY:
+                wait_for_completion(&cr->completion);
+                /* At this point we known for sure the request has finished,
+                 * because wait_for_completion above was not interruptible.
+@@ -439,3 +435,61 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output)
+        return waitfor(hdata->async.result, ret);
+ }
+ 
++int cryptodev_pkc_offload(struct cryptodev_pkc  *pkc)
++{
++       int ret = 0;
++       struct pkc_request *pkc_req = &pkc->req, *pkc_requested;
++
++       switch (pkc_req->type) {
++       case RSA_PUB:
++       case RSA_PRIV_FORM1:
++       case RSA_PRIV_FORM2:
++       case RSA_PRIV_FORM3:
++               pkc->s = crypto_alloc_pkc("pkc(rsa)",
++                        CRYPTO_ALG_TYPE_PKC_RSA, 0);
++               break;
++       case DSA_SIGN:
++       case DSA_VERIFY:
++       case ECDSA_SIGN:
++       case ECDSA_VERIFY:
++               pkc->s = crypto_alloc_pkc("pkc(dsa)",
++                        CRYPTO_ALG_TYPE_PKC_DSA, 0);
++               break;
++       case DH_COMPUTE_KEY:
++       case ECDH_COMPUTE_KEY:
++               pkc->s = crypto_alloc_pkc("pkc(dh)",
++                        CRYPTO_ALG_TYPE_PKC_DH, 0);
++               break;
++       default:
++               return -EINVAL;
++       }
++
++       if (IS_ERR_OR_NULL(pkc->s))
++               return -EINVAL;
++
++       init_completion(&pkc->result.completion);
++       pkc_requested = pkc_request_alloc(pkc->s, GFP_KERNEL);
++
++       if (unlikely(IS_ERR_OR_NULL(pkc_requested))) {
++               ret = -ENOMEM;
++               goto error;
++       }
++       pkc_requested->type = pkc_req->type;
++       pkc_requested->curve_type = pkc_req->curve_type;
++       memcpy(&pkc_requested->req_u, &pkc_req->req_u, sizeof(pkc_req->req_u));
++       pkc_request_set_callback(pkc_requested, CRYPTO_TFM_REQ_MAY_BACKLOG,
++                                cryptodev_complete_asym, pkc);
++       ret = crypto_pkc_op(pkc_requested);
++       if (ret != -EINPROGRESS && ret != 0)
++               goto error2;
++
++       if (pkc->type == SYNCHRONOUS)
++               ret = waitfor(&pkc->result, ret);
++
++       return ret;
++error2:
++       kfree(pkc_requested);
++error:
++       crypto_free_pkc(pkc->s);
++       return ret;
++}
+diff --git a/cryptlib.h b/cryptlib.h
+index a0a8a63..56d325a 100644
+--- a/cryptlib.h
++++ b/cryptlib.h
+@@ -1,3 +1,6 @@
++/*
++ * Copyright 2012 Freescale Semiconductor, Inc.
++ */
+ #ifndef CRYPTLIB_H
+ # define CRYPTLIB_H
+ 
+@@ -89,5 +92,30 @@ void cryptodev_hash_deinit(struct hash_data *hdata);
+ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name,
+                        int hmac_mode, void *mackey, size_t mackeylen);
+ 
++/* Operation Type */
++enum offload_type {
++       SYNCHRONOUS,
++       ASYNCHRONOUS
++};
++
++struct cryptodev_result {
++       struct completion completion;
++       int err;
++};
++
++struct cryptodev_pkc {
++       struct list_head list; /* To maintain the Jobs in completed
++                                cryptodev lists */
++       struct kernel_crypt_kop kop;
++       struct crypto_pkc *s;    /* Transform pointer from CryptoAPI */
++       struct cryptodev_result result; /* Result to be updated by
++                                        completion handler */
++       struct pkc_request req; /* PKC request structure allocated
++                                from CryptoAPI */
++       enum offload_type type; /* Synchronous Vs Asynchronous request */
++       void *cookie; /*Additional opaque cookie to be used in future */
++       struct crypt_priv *priv;
++};
+ 
++int cryptodev_pkc_offload(struct cryptodev_pkc  *);
+ #endif
+diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
+index c0e8cd4..96675fe 100644
+--- a/crypto/cryptodev.h
++++ b/crypto/cryptodev.h
+@@ -1,6 +1,10 @@
+-/* This is a source compatible implementation with the original API of
++/*
++ * Copyright 2012 Freescale Semiconductor, Inc.
++ *
++ * This is a source compatible implementation with the original API of
+  * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h.
+- * Placed under public domain */
++ * Placed under public domain
++ */
+ 
+ #ifndef L_CRYPTODEV_H
+ #define L_CRYPTODEV_H
+@@ -245,6 +249,9 @@ struct crypt_kop {
+        __u16   crk_oparams;
+        __u32   crk_pad1;
+        struct crparam  crk_param[CRK_MAXPARAM];
++       enum curve_t curve_type; /* 0 == Discrete Log,
++                               1 = EC_PRIME, 2 = EC_BINARY */
++       void *cookie;
+ };
+ 
+ enum cryptodev_crk_op_t {
+@@ -289,5 +296,7 @@ enum cryptodev_crk_op_t {
+  */
+ #define CIOCASYNCCRYPT    _IOW('c', 110, struct crypt_op)
+ #define CIOCASYNCFETCH    _IOR('c', 111, struct crypt_op)
+-
++/* additional ioctls for asynchronous  operation for asymmetric ciphers*/
++#define CIOCASYMASYNCRYPT    _IOW('c', 112, struct crypt_kop)
++#define CIOCASYMASYNFETCH    _IOR('c', 113, struct crypt_kop)
+ #endif /* L_CRYPTODEV_H */
+diff --git a/cryptodev_int.h b/cryptodev_int.h
+index 8e687e7..fdbcc61 100644
+--- a/cryptodev_int.h
++++ b/cryptodev_int.h
+@@ -1,4 +1,6 @@
+-/* cipher stuff */
++/* cipher stuff
++ * Copyright 2012 Freescale Semiconductor, Inc.
++ */
+ #ifndef CRYPTODEV_INT_H
+ # define CRYPTODEV_INT_H
+ 
+@@ -112,6 +114,14 @@ struct compat_crypt_auth_op {
+ 
+ #endif /* CONFIG_COMPAT */
+ 
++/* kernel-internal extension to struct crypt_kop */
++struct kernel_crypt_kop {
++       struct crypt_kop kop;
++
++       struct task_struct *task;
++       struct mm_struct *mm;
++};
++
+ /* kernel-internal extension to struct crypt_op */
+ struct kernel_crypt_op {
+        struct crypt_op cop;
+@@ -157,6 +167,14 @@ int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop);
+ 
+ #include <cryptlib.h>
+ 
++/* Cryptodev Key operation handler */
++int crypto_bn_modexp(struct cryptodev_pkc *);
++int crypto_modexp_crt(struct cryptodev_pkc *);
++int crypto_kop_dsasign(struct cryptodev_pkc *);
++int crypto_kop_dsaverify(struct cryptodev_pkc *);
++int crypto_run_asym(struct cryptodev_pkc *);
++void cryptodev_complete_asym(struct crypto_async_request *, int);
++
+ /* other internal structs */
+ struct csession {
+        struct list_head entry;
+diff --git a/ioctl.c b/ioctl.c
+index 1563c75..782d7fe 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -4,6 +4,7 @@
+  * Copyright (c) 2004 Michal Ludvig <mludvig@logix.net.nz>, SuSE Labs
+  * Copyright (c) 2009,2010,2011 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+  * Copyright (c) 2010 Phil Sutter
++ * Copyright 2012 Freescale Semiconductor, Inc.
+  *
+  * This file is part of linux cryptodev.
+  *
+@@ -89,8 +90,37 @@ struct crypt_priv {
+        int itemcount;
+        struct work_struct cryptask;
+        wait_queue_head_t user_waiter;
++       /* List of pending cryptodev_pkc asym requests */
++       struct list_head asym_completed_list;
++       /* For addition/removal of entry in pending list of asymmetric request*/
++       spinlock_t completion_lock;
+ };
+ 
++/* Asymmetric request Completion handler */
++void cryptodev_complete_asym(struct crypto_async_request *req, int err)
++{
++       struct cryptodev_pkc *pkc = req->data;
++       struct cryptodev_result *res = &pkc->result;
++
++       crypto_free_pkc(pkc->s);
++       res->err = err;
++       if (pkc->type == SYNCHRONOUS) {
++               if (err == -EINPROGRESS)
++                       return;
++               complete(&res->completion);
++       } else {
++               struct crypt_priv *pcr = pkc->priv;
++               unsigned long flags;
++               spin_lock_irqsave(&pcr->completion_lock, flags);
++               list_add_tail(&pkc->list, &pcr->asym_completed_list);
++               spin_unlock_irqrestore(&pcr->completion_lock, flags);
++               /* wake for POLLIN */
++               wake_up_interruptible(&pcr->user_waiter);
++       }
++
++       kfree(req);
++}
++
+ #define FILL_SG(sg, ptr, len)                                  \
+        do {                                                    \
+                (sg)->page = virt_to_page(ptr);                 \
+@@ -472,7 +502,8 @@ cryptodev_open(struct inode *inode, struct file *filp)
+        INIT_LIST_HEAD(&pcr->free.list);
+        INIT_LIST_HEAD(&pcr->todo.list);
+        INIT_LIST_HEAD(&pcr->done.list);
+-
++       INIT_LIST_HEAD(&pcr->asym_completed_list);
++       spin_lock_init(&pcr->completion_lock);
+        INIT_WORK(&pcr->cryptask, cryptask_routine);
+ 
+        init_waitqueue_head(&pcr->user_waiter);
+@@ -639,6 +670,79 @@ static int crypto_async_fetch(struct crypt_priv *pcr,
+ }
+ #endif
+ 
++/* get the first asym cipher completed job from the "done" queue
++ *
++ * returns:
++ * -EBUSY if no completed jobs are ready (yet)
++ * the return value otherwise */
++static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
++{
++       int ret = 0;
++       struct kernel_crypt_kop *kop = &pkc->kop;
++       struct crypt_kop *ckop = &kop->kop;
++       struct pkc_request *pkc_req = &pkc->req;
++
++       switch (ckop->crk_op) {
++       case CRK_MOD_EXP:
++       {
++               struct rsa_pub_req_s *rsa_req = &pkc_req->req_u.rsa_pub_req;
++               copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g,
++                            rsa_req->g_len);
++       }
++       break;
++       case CRK_MOD_EXP_CRT:
++       {
++               struct rsa_priv_frm3_req_s *rsa_req =
++                        &pkc_req->req_u.rsa_priv_f3;
++               copy_to_user(ckop->crk_param[6].crp_p,
++                            rsa_req->f, rsa_req->f_len);
++       }
++       break;
++       case CRK_DSA_SIGN:
++       {
++               struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign;
++
++               if (pkc_req->type == ECDSA_SIGN) {
++                       copy_to_user(ckop->crk_param[6].crp_p,
++                                    dsa_req->c, dsa_req->d_len);
++                       copy_to_user(ckop->crk_param[7].crp_p,
++                                    dsa_req->d, dsa_req->d_len);
++               } else {
++                       copy_to_user(ckop->crk_param[5].crp_p,
++                                    dsa_req->c, dsa_req->d_len);
++                       copy_to_user(ckop->crk_param[6].crp_p,
++                                    dsa_req->d, dsa_req->d_len);
++               }
++       }
++       break;
++       case CRK_DSA_VERIFY:
++               break;
++       case CRK_DH_COMPUTE_KEY:
++       {
++               struct dh_key_req_s *dh_req = &pkc_req->req_u.dh_req;
++               if (pkc_req->type == ECDH_COMPUTE_KEY)
++                       copy_to_user(ckop->crk_param[4].crp_p,
++                                    dh_req->z, dh_req->z_len);
++               else
++                       copy_to_user(ckop->crk_param[3].crp_p,
++                                    dh_req->z, dh_req->z_len);
++       }
++       break;
++       default:
++               ret = -EINVAL;
++       }
++       kfree(pkc->cookie);
++       return ret;
++}
++
++/* this function has to be called from process context */
++static int fill_kop_from_cop(struct kernel_crypt_kop *kop)
++{
++       kop->task = current;
++       kop->mm = current->mm;
++       return 0;
++}
++
+ /* this function has to be called from process context */
+ static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr)
+ {
+@@ -662,11 +766,8 @@ static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr)
+ 
+        if (cop->iv) {
+                rc = copy_from_user(kcop->iv, cop->iv, kcop->ivlen);
+-               if (unlikely(rc)) {
+-                       derr(1, "error copying IV (%d bytes), copy_from_user returned %d for address %p",
+-                                       kcop->ivlen, rc, cop->iv);
++               if (unlikely(rc))
+                        return -EFAULT;
+-               }
+        }
+ 
+        return 0;
+@@ -692,6 +793,25 @@ static int fill_cop_from_kcop(struct kernel_crypt_op *kcop, struct fcrypt *fcr)
+        return 0;
+ }
+ 
++static int kop_from_user(struct kernel_crypt_kop *kop,
++                       void __user *arg)
++{
++       if (unlikely(copy_from_user(&kop->kop, arg, sizeof(kop->kop))))
++               return -EFAULT;
++
++       return fill_kop_from_cop(kop);
++}
++
++static int kop_to_user(struct kernel_crypt_kop *kop,
++                       void __user *arg)
++{
++       if (unlikely(copy_to_user(arg, &kop->kop, sizeof(kop->kop)))) {
++               dprintk(1, KERN_ERR, "Cannot copy to userspace\n");
++               return -EFAULT;
++       }
++       return 0;
++}
++
+ static int kcop_from_user(struct kernel_crypt_op *kcop,
+                        struct fcrypt *fcr, void __user *arg)
+ {
+@@ -821,7 +941,8 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+ 
+        switch (cmd) {
+        case CIOCASYMFEAT:
+-               return put_user(0, p);
++               return put_user(CRF_MOD_EXP_CRT |  CRF_MOD_EXP |
++                       CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY, p);
+        case CRIOGET:
+                fd = clonefd(filp);
+                ret = put_user(fd, p);
+@@ -857,6 +978,24 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+                if (unlikely(ret))
+                        return ret;
+                return copy_to_user(arg, &siop, sizeof(siop));
++       case CIOCKEY:
++       {
++               struct cryptodev_pkc *pkc =
++                       kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
++
++               if (!pkc)
++                       return -ENOMEM;
++
++               ret = kop_from_user(&pkc->kop, arg);
++               if (unlikely(ret)) {
++                       kfree(pkc);
++                       return ret;
++               }
++               pkc->type = SYNCHRONOUS;
++               ret = crypto_run_asym(pkc);
++               kfree(pkc);
++       }
++       return ret;
+        case CIOCCRYPT:
+                if (unlikely(ret = kcop_from_user(&kcop, fcr, arg))) {
+                        dwarning(1, "Error copying from user");
+@@ -895,6 +1034,45 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+ 
+                return kcop_to_user(&kcop, fcr, arg);
+ #endif
++       case CIOCASYMASYNCRYPT:
++       {
++               struct cryptodev_pkc *pkc =
++                       kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
++               ret = kop_from_user(&pkc->kop, arg);
++
++               if (unlikely(ret))
++                       return -EINVAL;
++
++               /* Store associated FD priv data with asymmetric request */
++               pkc->priv = pcr;
++               pkc->type = ASYNCHRONOUS;
++               ret = crypto_run_asym(pkc);
++               if (ret == -EINPROGRESS)
++                       ret = 0;
++       }
++       return ret;
++       case CIOCASYMASYNFETCH:
++       {
++               struct cryptodev_pkc *pkc;
++               unsigned long flags;
++
++               spin_lock_irqsave(&pcr->completion_lock, flags);
++               if (list_empty(&pcr->asym_completed_list)) {
++                       spin_unlock_irqrestore(&pcr->completion_lock, flags);
++                       return -ENOMEM;
++               }
++               pkc = list_first_entry(&pcr->asym_completed_list,
++                       struct cryptodev_pkc, list);
++               list_del(&pkc->list);
++               spin_unlock_irqrestore(&pcr->completion_lock, flags);
++               ret = crypto_async_fetch_asym(pkc);
++
++               /* Reflect the updated request to user-space */
++               if (!ret)
++                       kop_to_user(&pkc->kop, arg);
++               kfree(pkc);
++       }
++       return ret;
+        default:
+                return -EINVAL;
+        }
+@@ -1083,9 +1261,11 @@ static unsigned int cryptodev_poll(struct file *file, poll_table *wait)
+ 
+        poll_wait(file, &pcr->user_waiter, wait);
+ 
+-       if (!list_empty_careful(&pcr->done.list))
++       if (!list_empty_careful(&pcr->done.list) ||
++           !list_empty_careful(&pcr->asym_completed_list))
+                ret |= POLLIN | POLLRDNORM;
+-       if (!list_empty_careful(&pcr->free.list) || pcr->itemcount < MAX_COP_RINGSIZE)
++       if (!list_empty_careful(&pcr->free.list) ||
++           pcr->itemcount < MAX_COP_RINGSIZE)
+                ret |= POLLOUT | POLLWRNORM;
+ 
+        return ret;
+diff --git a/main.c b/main.c
+index 57e5c38..0b7951e 100644
+--- a/main.c
++++ b/main.c
+@@ -181,6 +181,384 @@ __crypto_run_zc(struct csession *ses_ptr, struct kernel_crypt_op *kcop)
+        return ret;
+ }
+ 
++int crypto_kop_dsasign(struct cryptodev_pkc *pkc)
++{
++       struct kernel_crypt_kop *kop = &pkc->kop;
++       struct crypt_kop *cop = &kop->kop;
++       struct pkc_request *pkc_req = &pkc->req;
++       struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign;
++       int rc, buf_size;
++       uint8_t *buf;
++
++       if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
++           !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits ||
++           !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits ||
++           !cop->crk_param[6].crp_nbits || (cop->crk_iparams == 6 &&
++           !cop->crk_param[7].crp_nbits))
++               return -EINVAL;
++
++       dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8;
++       dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8;
++       dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8;
++       dsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8;
++       dsa_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8;
++       dsa_req->d_len = (cop->crk_param[6].crp_nbits + 7)/8;
++       buf_size = dsa_req->m_len + dsa_req->q_len + dsa_req->r_len +
++                  dsa_req->g_len + dsa_req->priv_key_len + dsa_req->d_len +
++                  dsa_req->d_len;
++       if (cop->crk_iparams == 6) {
++               dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8;
++               buf_size += dsa_req->ab_len;
++               pkc_req->type = ECDSA_SIGN;
++               pkc_req->curve_type = cop->curve_type;
++       } else {
++               pkc_req->type = DSA_SIGN;
++       }
++
++       buf = kzalloc(buf_size, GFP_DMA);
++
++       dsa_req->q = buf;
++       dsa_req->r = dsa_req->q + dsa_req->q_len;
++       dsa_req->g = dsa_req->r + dsa_req->r_len;
++       dsa_req->priv_key = dsa_req->g + dsa_req->g_len;
++       dsa_req->m = dsa_req->priv_key + dsa_req->priv_key_len;
++       dsa_req->c = dsa_req->m + dsa_req->m_len;
++       dsa_req->d = dsa_req->c + dsa_req->d_len;
++       copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len);
++       copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len);
++       copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len);
++       copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len);
++       copy_from_user(dsa_req->priv_key, cop->crk_param[4].crp_p,
++                      dsa_req->priv_key_len);
++       if (cop->crk_iparams == 6) {
++               dsa_req->ab = dsa_req->d + dsa_req->d_len;
++               copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p,
++                              dsa_req->ab_len);
++       }
++       rc = cryptodev_pkc_offload(pkc);
++       if (pkc->type == SYNCHRONOUS) {
++               if (rc)
++                       goto err;
++               if (cop->crk_iparams == 6) {
++                       copy_to_user(cop->crk_param[6].crp_p, dsa_req->c,
++                                    dsa_req->d_len);
++                       copy_to_user(cop->crk_param[7].crp_p, dsa_req->d,
++                                    dsa_req->d_len);
++               } else {
++                       copy_to_user(cop->crk_param[5].crp_p, dsa_req->c,
++                                    dsa_req->d_len);
++                       copy_to_user(cop->crk_param[6].crp_p, dsa_req->d,
++                                    dsa_req->d_len);
++               }
++       } else {
++               if (rc != -EINPROGRESS && rc != 0)
++                       goto err;
++
++               pkc->cookie = buf;
++               return rc;
++       }
++err:
++       kfree(buf);
++       return rc;
++}
++
++int crypto_kop_dsaverify(struct cryptodev_pkc *pkc)
++{
++       struct kernel_crypt_kop *kop = &pkc->kop;
++       struct crypt_kop *cop = &kop->kop;
++       struct pkc_request *pkc_req;
++       struct dsa_verify_req_s *dsa_req;
++       int rc, buf_size;
++       uint8_t *buf;
++
++       if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
++           !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits ||
++           !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits ||
++           !cop->crk_param[6].crp_nbits  || (cop->crk_iparams == 8 &&
++           !cop->crk_param[7].crp_nbits))
++               return -EINVAL;
++
++       pkc_req = &pkc->req;
++       dsa_req = &pkc_req->req_u.dsa_verify;
++       dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8;
++       dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8;
++       dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8;
++       dsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8;
++       dsa_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8;
++       dsa_req->d_len = (cop->crk_param[6].crp_nbits + 7)/8;
++       buf_size = dsa_req->m_len + dsa_req->q_len + dsa_req->r_len +
++               dsa_req->g_len + dsa_req->pub_key_len + dsa_req->d_len +
++               dsa_req->d_len;
++       if (cop->crk_iparams == 8) {
++               dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8;
++               buf_size += dsa_req->ab_len;
++               pkc_req->type = ECDSA_VERIFY;
++               pkc_req->curve_type = cop->curve_type;
++       } else {
++               pkc_req->type = DSA_VERIFY;
++       }
++
++       buf = kzalloc(buf_size, GFP_DMA);
++
++       dsa_req->q = buf;
++       dsa_req->r = dsa_req->q + dsa_req->q_len;
++       dsa_req->g = dsa_req->r + dsa_req->r_len;
++       dsa_req->pub_key = dsa_req->g + dsa_req->g_len;
++       dsa_req->m = dsa_req->pub_key + dsa_req->pub_key_len;
++       dsa_req->c = dsa_req->m + dsa_req->m_len;
++       dsa_req->d = dsa_req->c + dsa_req->d_len;
++       copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len);
++       copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len);
++       copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len);
++       copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len);
++       copy_from_user(dsa_req->pub_key, cop->crk_param[4].crp_p,
++                      dsa_req->pub_key_len);
++       if (cop->crk_iparams == 8) {
++               dsa_req->ab = dsa_req->d + dsa_req->d_len;
++               copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p,
++                              dsa_req->ab_len);
++               copy_from_user(dsa_req->c, cop->crk_param[6].crp_p,
++                              dsa_req->d_len);
++               copy_from_user(dsa_req->d, cop->crk_param[7].crp_p,
++                              dsa_req->d_len);
++       } else {
++               copy_from_user(dsa_req->c, cop->crk_param[5].crp_p,
++                              dsa_req->d_len);
++               copy_from_user(dsa_req->d, cop->crk_param[6].crp_p,
++                              dsa_req->d_len);
++       }
++       rc = cryptodev_pkc_offload(pkc);
++       if (pkc->type == SYNCHRONOUS) {
++               if (rc)
++                       goto err;
++       } else {
++               if (rc != -EINPROGRESS && !rc)
++                       goto err;
++               pkc->cookie = buf;
++               return rc;
++       }
++err:
++       kfree(buf);
++       return rc;
++}
++
++int crypto_kop_dh_key(struct cryptodev_pkc *pkc)
++{
++       struct kernel_crypt_kop *kop = &pkc->kop;
++       struct crypt_kop *cop = &kop->kop;
++       struct pkc_request *pkc_req;
++       struct dh_key_req_s *dh_req;
++       int buf_size;
++       uint8_t *buf;
++       int rc = -EINVAL;
++
++       pkc_req = &pkc->req;
++       dh_req = &pkc_req->req_u.dh_req;
++       dh_req->s_len = (cop->crk_param[0].crp_nbits + 7)/8;
++       dh_req->pub_key_len = (cop->crk_param[1].crp_nbits + 7)/8;
++       dh_req->q_len = (cop->crk_param[2].crp_nbits + 7)/8;
++       buf_size = dh_req->q_len + dh_req->pub_key_len + dh_req->s_len;
++       if (cop->crk_iparams == 4) {
++               pkc_req->type = ECDH_COMPUTE_KEY;
++               dh_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8;
++               dh_req->z_len = (cop->crk_param[4].crp_nbits + 7)/8;
++               buf_size += dh_req->ab_len;
++       } else {
++               dh_req->z_len = (cop->crk_param[3].crp_nbits + 7)/8;
++               pkc_req->type = DH_COMPUTE_KEY;
++       }
++       buf_size += dh_req->z_len;
++       buf = kzalloc(buf_size, GFP_DMA);
++       dh_req->q = buf;
++       dh_req->s = dh_req->q + dh_req->q_len;
++       dh_req->pub_key = dh_req->s + dh_req->s_len;
++       dh_req->z = dh_req->pub_key + dh_req->pub_key_len;
++       if (cop->crk_iparams == 4) {
++               dh_req->ab = dh_req->z + dh_req->z_len;
++               pkc_req->curve_type = cop->curve_type;
++               copy_from_user(dh_req->ab, cop->crk_param[3].crp_p,
++                              dh_req->ab_len);
++       }
++       copy_from_user(dh_req->s, cop->crk_param[0].crp_p, dh_req->s_len);
++       copy_from_user(dh_req->pub_key, cop->crk_param[1].crp_p,
++                      dh_req->pub_key_len);
++       copy_from_user(dh_req->q, cop->crk_param[2].crp_p, dh_req->q_len);
++       rc = cryptodev_pkc_offload(pkc);
++       if (pkc->type == SYNCHRONOUS) {
++               if (rc)
++                       goto err;
++               if (cop->crk_iparams == 4)
++                       copy_to_user(cop->crk_param[4].crp_p, dh_req->z,
++                                    dh_req->z_len);
++               else
++                       copy_to_user(cop->crk_param[3].crp_p, dh_req->z,
++                                    dh_req->z_len);
++       } else {
++               if (rc != -EINPROGRESS && rc != 0)
++                       goto err;
++
++               pkc->cookie = buf;
++               return rc;
++       }
++err:
++       kfree(buf);
++       return rc;
++}
++
++int crypto_modexp_crt(struct cryptodev_pkc *pkc)
++{
++       struct kernel_crypt_kop *kop = &pkc->kop;
++       struct crypt_kop *cop = &kop->kop;
++       struct pkc_request *pkc_req;
++       struct rsa_priv_frm3_req_s *rsa_req;
++       int rc;
++       uint8_t *buf;
++
++       if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
++           !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits ||
++           !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits)
++               return -EINVAL;
++
++       pkc_req = &pkc->req;
++       pkc_req->type = RSA_PRIV_FORM3;
++       rsa_req = &pkc_req->req_u.rsa_priv_f3;
++       rsa_req->p_len = (cop->crk_param[0].crp_nbits + 7)/8;
++       rsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8;
++       rsa_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8;
++       rsa_req->dp_len = (cop->crk_param[3].crp_nbits + 7)/8;
++       rsa_req->dq_len = (cop->crk_param[4].crp_nbits + 7)/8;
++       rsa_req->c_len = (cop->crk_param[5].crp_nbits + 7)/8;
++       rsa_req->f_len = (cop->crk_param[6].crp_nbits + 7)/8;
++       buf = kzalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len +
++                     rsa_req->dp_len + rsa_req->dp_len + rsa_req->c_len +
++                     rsa_req->g_len, GFP_DMA);
++       rsa_req->p = buf;
++       rsa_req->q = rsa_req->p + rsa_req->p_len;
++       rsa_req->g = rsa_req->q + rsa_req->q_len;
++       rsa_req->dp = rsa_req->g + rsa_req->g_len;
++       rsa_req->dq = rsa_req->dp + rsa_req->dp_len;
++       rsa_req->c = rsa_req->dq + rsa_req->dq_len;
++       rsa_req->f = rsa_req->c + rsa_req->c_len;
++       copy_from_user(rsa_req->p, cop->crk_param[0].crp_p, rsa_req->p_len);
++       copy_from_user(rsa_req->q, cop->crk_param[1].crp_p, rsa_req->q_len);
++       copy_from_user(rsa_req->g, cop->crk_param[2].crp_p, rsa_req->g_len);
++       copy_from_user(rsa_req->dp, cop->crk_param[3].crp_p, rsa_req->dp_len);
++       copy_from_user(rsa_req->dq, cop->crk_param[4].crp_p, rsa_req->dq_len);
++       copy_from_user(rsa_req->c, cop->crk_param[5].crp_p, rsa_req->c_len);
++       rc = cryptodev_pkc_offload(pkc);
++
++       if (pkc->type == SYNCHRONOUS) {
++               if (rc)
++                       goto err;
++               copy_to_user(cop->crk_param[6].crp_p, rsa_req->f,
++                            rsa_req->f_len);
++       } else {
++               if (rc != -EINPROGRESS && rc != 0)
++                       goto err;
++
++               pkc->cookie = buf;
++               return rc;
++       }
++err:
++       kfree(buf);
++       return rc;
++}
++
++int crypto_bn_modexp(struct cryptodev_pkc *pkc)
++{
++       struct pkc_request *pkc_req;
++       struct rsa_pub_req_s *rsa_req;
++       int rc;
++       struct kernel_crypt_kop *kop = &pkc->kop;
++       struct crypt_kop *cop = &kop->kop;
++       uint8_t *buf;
++
++       if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
++           !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits)
++               return -EINVAL;
++
++       pkc_req = &pkc->req;
++       pkc_req->type = RSA_PUB;
++       rsa_req = &pkc_req->req_u.rsa_pub_req;
++       rsa_req->f_len = (cop->crk_param[0].crp_nbits + 7)/8;
++       rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8;
++       rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8;
++       rsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8;
++       buf = kzalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len
++                       + rsa_req->g_len, GFP_DMA);
++       if (!buf)
++               return -ENOMEM;
++
++       rsa_req->e = buf;
++       rsa_req->f = rsa_req->e + rsa_req->e_len;
++       rsa_req->g = rsa_req->f + rsa_req->f_len;
++       rsa_req->n = rsa_req->g + rsa_req->g_len;
++       copy_from_user(rsa_req->f, cop->crk_param[0].crp_p, rsa_req->f_len);
++       copy_from_user(rsa_req->e, cop->crk_param[1].crp_p, rsa_req->e_len);
++       copy_from_user(rsa_req->n, cop->crk_param[2].crp_p, rsa_req->n_len);
++       rc = cryptodev_pkc_offload(pkc);
++       if (pkc->type == SYNCHRONOUS) {
++               if (rc)
++                       goto err;
++
++               copy_to_user(cop->crk_param[3].crp_p, rsa_req->g,
++                            rsa_req->g_len);
++       } else {
++               if (rc != -EINPROGRESS && rc != 0)
++                       goto err;
++
++               /* This one will be freed later in fetch handler */
++               pkc->cookie = buf;
++               return rc;
++       }
++err:
++       kfree(buf);
++       return rc;
++}
++
++int crypto_run_asym(struct cryptodev_pkc *pkc)
++{
++       int ret = -EINVAL;
++       struct kernel_crypt_kop *kop = &pkc->kop;
++
++       switch (kop->kop.crk_op) {
++       case CRK_MOD_EXP:
++               if (kop->kop.crk_iparams != 3 && kop->kop.crk_oparams != 1)
++                       goto err;
++
++               ret = crypto_bn_modexp(pkc);
++               break;
++       case CRK_MOD_EXP_CRT:
++               if (kop->kop.crk_iparams != 6 && kop->kop.crk_oparams != 1)
++                       goto err;
++
++               ret = crypto_modexp_crt(pkc);
++               break;
++       case CRK_DSA_SIGN:
++               if ((kop->kop.crk_iparams != 5 && kop->kop.crk_iparams != 6) ||
++                   kop->kop.crk_oparams != 2)
++                       goto err;
++
++               ret = crypto_kop_dsasign(pkc);
++               break;
++       case CRK_DSA_VERIFY:
++               if ((kop->kop.crk_iparams != 7 && kop->kop.crk_iparams != 8) ||
++                   kop->kop.crk_oparams != 0)
++                       goto err;
++
++               ret = crypto_kop_dsaverify(pkc);
++               break;
++       case CRK_DH_COMPUTE_KEY:
++               if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4) ||
++                   kop->kop.crk_oparams != 1)
++                       goto err;
++               ret = crypto_kop_dh_key(pkc);
++               break;
++       }
++err:
++       return ret;
++}
++
+ int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop)
+ {
+        struct csession *ses_ptr;
+-- 
+1.8.3.1
+
diff --git a/recipes-kernel/cryptodev/cryptodev-fsl/0004-Compat-versions-of-PKC-IOCTLs.patch b/recipes-kernel/cryptodev/cryptodev-fsl/0004-Compat-versions-of-PKC-IOCTLs.patch
new file mode 100644
index 0000000..2eedcc7
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-fsl/0004-Compat-versions-of-PKC-IOCTLs.patch
@@ -0,0 +1,200 @@
+From 5435dfd329cd90837ce36c6dadc26166c7906cab Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Fri, 7 Mar 2014 06:52:13 +0545
+Subject: [PATCH 4/9] Compat versions of PKC IOCTLs
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ cryptodev_int.h |  20 ++++++++++
+ ioctl.c         | 120 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 140 insertions(+)
+
+diff --git a/cryptodev_int.h b/cryptodev_int.h
+index fdbcc61..cf54dac 100644
+--- a/cryptodev_int.h
++++ b/cryptodev_int.h
+@@ -75,6 +75,24 @@ struct compat_crypt_op {
+        compat_uptr_t   iv;/* initialization vector for encryption operations */
+ };
+ 
++/* input of CIOCKEY */
++struct compat_crparam {
++       compat_uptr_t   crp_p;
++       uint32_t        crp_nbits;
++};
++
++struct compat_crypt_kop {
++       uint32_t        crk_op;         /* cryptodev_crk_ot_t */
++       uint32_t        crk_status;
++       uint16_t        crk_iparams;
++       uint16_t        crk_oparams;
++       uint32_t        crk_pad1;
++       struct compat_crparam   crk_param[CRK_MAXPARAM];
++       enum curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME,
++                                2 = EC_BINARY */
++       compat_uptr_t cookie;
++};
++
+  /* input of CIOCAUTHCRYPT */
+ struct compat_crypt_auth_op {
+        uint32_t        ses;            /* session identifier */
+@@ -111,6 +129,8 @@ struct compat_crypt_auth_op {
+ #define COMPAT_CIOCASYNCCRYPT  _IOW('c', 107, struct compat_crypt_op)
+ #define COMPAT_CIOCASYNCFETCH  _IOR('c', 108, struct compat_crypt_op)
+ #define COMPAT_CIOCAUTHCRYPT   _IOWR('c', 109, struct compat_crypt_auth_op)
++#define COMPAT_CIOCASYMASYNCRYPT    _IOW('c', 110, struct compat_crypt_kop)
++#define COMPAT_CIOCASYMASYNFETCH    _IOR('c', 111, struct compat_crypt_kop)
+ 
+ #endif /* CONFIG_COMPAT */
+ 
+diff --git a/ioctl.c b/ioctl.c
+index 782d7fe..3baf3e6 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -1081,6 +1081,68 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+ /* compatibility code for 32bit userlands */
+ #ifdef CONFIG_COMPAT
+ 
++static inline void compat_to_crypt_kop(struct compat_crypt_kop *compat,
++                struct crypt_kop *kop)
++{
++       int i;
++       kop->crk_op      = compat->crk_op;
++       kop->crk_status  = compat->crk_status;
++       kop->crk_iparams = compat->crk_iparams;
++       kop->crk_oparams = compat->crk_oparams;
++
++       for (i = 0; i < CRK_MAXPARAM; i++) {
++               kop->crk_param[i].crp_p =
++                       compat_ptr(compat->crk_param[i].crp_p);
++               kop->crk_param[i].crp_nbits = compat->crk_param[i].crp_nbits;
++       }
++
++       kop->curve_type = compat->curve_type;
++       kop->cookie = compat->cookie;
++}
++
++static int compat_kop_from_user(struct kernel_crypt_kop *kop,
++       void __user *arg)
++{
++       struct compat_crypt_kop compat_kop;
++
++       if (unlikely(copy_from_user(&compat_kop, arg, sizeof(compat_kop))))
++               return -EFAULT;
++
++       compat_to_crypt_kop(&compat_kop, &kop->kop);
++       return fill_kop_from_cop(kop);
++}
++
++static inline void crypt_kop_to_compat(struct crypt_kop *kop,
++                                struct compat_crypt_kop *compat)
++{
++       int i;
++
++       compat->crk_op      = kop->crk_op;
++       compat->crk_status  = kop->crk_status;
++       compat->crk_iparams = kop->crk_iparams;
++       compat->crk_oparams = kop->crk_oparams;
++
++       for (i = 0; i < CRK_MAXPARAM; i++) {
++               compat->crk_param[i].crp_p =
++                        ptr_to_compat(kop->crk_param[i].crp_p);
++               compat->crk_param[i].crp_nbits = kop->crk_param[i].crp_nbits;
++       }
++       compat->cookie = kop->cookie;
++       compat->curve_type = kop->curve_type;
++}
++
++static int compat_kop_to_user(struct kernel_crypt_kop *kop, void __user *arg)
++{
++       struct compat_crypt_kop compat_kop;
++
++       crypt_kop_to_compat(&kop->kop, &compat_kop);
++       if (unlikely(copy_to_user(arg, &compat_kop, sizeof(compat_kop)))) {
++               dprintk(1, KERN_ERR, "Cannot copy to userspace\n");
++               return -EFAULT;
++       }
++       return 0;
++}
++
+ static inline void
+ compat_to_session_op(struct compat_session_op *compat, struct session_op *sop)
+ {
+@@ -1208,7 +1270,26 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
+                        return -EFAULT;
+                }
+                return ret;
++       case COMPAT_CIOCKEY:
++       {
++               struct cryptodev_pkc *pkc =
++                        kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
++
++               if (!pkc)
++                       return -ENOMEM;
++
++               ret = compat_kop_from_user(&pkc->kop, arg);
++
++               if (unlikely(ret)) {
++                       kfree(pkc);
++                       return ret;
++               }
+ 
++               pkc->type = SYNCHRONOUS;
++               ret = crypto_run_asym(pkc);
++               kfree(pkc);
++       }
++       return ret;
+        case COMPAT_CIOCCRYPT:
+                ret = compat_kcop_from_user(&kcop, fcr, arg);
+                if (unlikely(ret))
+@@ -1247,6 +1328,45 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
+ 
+                return compat_kcop_to_user(&kcop, fcr, arg);
+ #endif
++       case COMPAT_CIOCASYMASYNCRYPT:
++       {
++               struct cryptodev_pkc *pkc =
++                       kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
++
++               ret = compat_kop_from_user(&pkc->kop, arg);
++               if (unlikely(ret))
++                       return -EINVAL;
++
++               /* Store associated FD priv data with asymmetric request */
++               pkc->priv = pcr;
++               pkc->type = ASYNCHRONOUS;
++               ret = crypto_run_asym(pkc);
++               if (ret == -EINPROGRESS)
++                       ret = 0;
++       }
++       return ret;
++       case COMPAT_CIOCASYMASYNFETCH:
++       {
++               struct cryptodev_pkc *pkc;
++               unsigned long flags;
++
++               spin_lock_irqsave(&pcr->completion_lock, flags);
++               if (list_empty(&pcr->asym_completed_list)) {
++                       spin_unlock_irqrestore(&pcr->completion_lock, flags);
++                       return -ENOMEM;
++               }
++               pkc = list_first_entry(&pcr->asym_completed_list,
++                        struct cryptodev_pkc, list);
++               list_del(&pkc->list);
++               spin_unlock_irqrestore(&pcr->completion_lock, flags);
++               ret = crypto_async_fetch_asym(pkc);
++
++               /* Reflect the updated request to user-space */
++               if (!ret)
++                       compat_kop_to_user(&pkc->kop, arg);
++               kfree(pkc);
++       }
++       return ret;
+        default:
+                return -EINVAL;
+        }
+-- 
+1.8.3.1
+
diff --git a/recipes-kernel/cryptodev/cryptodev-fsl/0005-Asynchronous-interface-changes-in-cryptodev.patch b/recipes-kernel/cryptodev/cryptodev-fsl/0005-Asynchronous-interface-changes-in-cryptodev.patch
new file mode 100644
index 0000000..2f88eda
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-fsl/0005-Asynchronous-interface-changes-in-cryptodev.patch
@@ -0,0 +1,213 @@
+From ddc4179a454cea79c8385fd6756d20cbf3c6dcb5 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Fri, 7 Mar 2014 07:24:00 +0545
+Subject: [PATCH 5/9] Asynchronous interface changes in cryptodev
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ cryptlib.h         |  7 ++++-
+ crypto/cryptodev.h | 10 ++++++-
+ cryptodev_int.h    | 10 ++++++-
+ ioctl.c            | 76 +++++++++++++++++++++++++++++++++++++-----------------
+ 4 files changed, 76 insertions(+), 27 deletions(-)
+
+diff --git a/cryptlib.h b/cryptlib.h
+index 56d325a..7ffa54c 100644
+--- a/cryptlib.h
++++ b/cryptlib.h
+@@ -113,7 +113,12 @@ struct cryptodev_pkc {
+        struct pkc_request req; /* PKC request structure allocated
+                                 from CryptoAPI */
+        enum offload_type type; /* Synchronous Vs Asynchronous request */
+-       void *cookie; /*Additional opaque cookie to be used in future */
++       /*
++        * cookie used for transfering tranparent information from async
++        * submission to async fetch. Currently some dynamic allocated
++        * buffers are maintained which will be freed later during fetch
++        */
++       void *cookie;
+        struct crypt_priv *priv;
+ };
+ 
+diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
+index 96675fe..4436fbf 100644
+--- a/crypto/cryptodev.h
++++ b/crypto/cryptodev.h
+@@ -254,6 +254,14 @@ struct crypt_kop {
+        void *cookie;
+ };
+ 
++#define MAX_COOKIES 4
++
++struct pkc_cookie_list_s {
++       int cookie_available;
++       void *cookie[MAX_COOKIES];
++       int status[MAX_COOKIES];
++};
++
+ enum cryptodev_crk_op_t {
+        CRK_MOD_EXP = 0,
+        CRK_MOD_EXP_CRT = 1,
+@@ -298,5 +306,5 @@ enum cryptodev_crk_op_t {
+ #define CIOCASYNCFETCH    _IOR('c', 111, struct crypt_op)
+ /* additional ioctls for asynchronous  operation for asymmetric ciphers*/
+ #define CIOCASYMASYNCRYPT    _IOW('c', 112, struct crypt_kop)
+-#define CIOCASYMASYNFETCH    _IOR('c', 113, struct crypt_kop)
++#define CIOCASYMFETCHCOOKIE    _IOR('c', 113, struct pkc_cookie_list_s)
+ #endif /* L_CRYPTODEV_H */
+diff --git a/cryptodev_int.h b/cryptodev_int.h
+index cf54dac..5347cae 100644
+--- a/cryptodev_int.h
++++ b/cryptodev_int.h
+@@ -93,6 +93,12 @@ struct compat_crypt_kop {
+        compat_uptr_t cookie;
+ };
+ 
++struct compat_pkc_cookie_list_s {
++       int cookie_available;
++       compat_uptr_t cookie[MAX_COOKIES];
++       int status[MAX_COOKIES];
++};
++
+  /* input of CIOCAUTHCRYPT */
+ struct compat_crypt_auth_op {
+        uint32_t        ses;            /* session identifier */
+@@ -126,11 +132,13 @@ struct compat_crypt_auth_op {
+ /* compat ioctls, defined for the above structs */
+ #define COMPAT_CIOCGSESSION    _IOWR('c', 102, struct compat_session_op)
+ #define COMPAT_CIOCCRYPT       _IOWR('c', 104, struct compat_crypt_op)
++#define COMPAT_CIOCKEY    _IOW('c', 105, struct compat_crypt_kop)
+ #define COMPAT_CIOCASYNCCRYPT  _IOW('c', 107, struct compat_crypt_op)
+ #define COMPAT_CIOCASYNCFETCH  _IOR('c', 108, struct compat_crypt_op)
+ #define COMPAT_CIOCAUTHCRYPT   _IOWR('c', 109, struct compat_crypt_auth_op)
+ #define COMPAT_CIOCASYMASYNCRYPT    _IOW('c', 110, struct compat_crypt_kop)
+-#define COMPAT_CIOCASYMASYNFETCH    _IOR('c', 111, struct compat_crypt_kop)
++#define COMPAT_CIOCASYMFETCHCOOKIE    _IOR('c', 111, \
++                               struct compat_pkc_cookie_list_s)
+ 
+ #endif /* CONFIG_COMPAT */
+ 
+diff --git a/ioctl.c b/ioctl.c
+index 3baf3e6..2eb7f03 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -105,8 +105,6 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err)
+        crypto_free_pkc(pkc->s);
+        res->err = err;
+        if (pkc->type == SYNCHRONOUS) {
+-               if (err == -EINPROGRESS)
+-                       return;
+                complete(&res->completion);
+        } else {
+                struct crypt_priv *pcr = pkc->priv;
+@@ -1051,26 +1049,41 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+                        ret = 0;
+        }
+        return ret;
+-       case CIOCASYMASYNFETCH:
++       case CIOCASYMFETCHCOOKIE:
+        {
+                struct cryptodev_pkc *pkc;
+                unsigned long flags;
++               int i;
++               struct pkc_cookie_list_s cookie_list;
+ 
+                spin_lock_irqsave(&pcr->completion_lock, flags);
+-               if (list_empty(&pcr->asym_completed_list)) {
+-                       spin_unlock_irqrestore(&pcr->completion_lock, flags);
+-                       return -ENOMEM;
++               cookie_list.cookie_available = 0;
++               for (i = 0; i < MAX_COOKIES; i++) {
++                       if (!list_empty(&pcr->asym_completed_list)) {
++                               /* Run a loop in the list for upto  elements
++                                and copy their response back */
++                               pkc =
++                                list_first_entry(&pcr->asym_completed_list,
++                                               struct cryptodev_pkc, list);
++                               list_del(&pkc->list);
++                               ret = crypto_async_fetch_asym(pkc);
++                               if (!ret) {
++                                       cookie_list.cookie_available++;
++                                       cookie_list.cookie[i] =
++                                               pkc->kop.kop.cookie;
++                                       cookie_list.status[i] = pkc->result.err;
++                               }
++                               kfree(pkc);
++                       } else {
++                               break;
++                       }
+                }
+-               pkc = list_first_entry(&pcr->asym_completed_list,
+-                       struct cryptodev_pkc, list);
+-               list_del(&pkc->list);
+                spin_unlock_irqrestore(&pcr->completion_lock, flags);
+-               ret = crypto_async_fetch_asym(pkc);
+ 
+                /* Reflect the updated request to user-space */
+-               if (!ret)
+-                       kop_to_user(&pkc->kop, arg);
+-               kfree(pkc);
++               if (cookie_list.cookie_available)
++                       copy_to_user(arg, &cookie_list,
++                                    sizeof(struct pkc_cookie_list_s));
+        }
+        return ret;
+        default:
+@@ -1345,26 +1358,41 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
+                        ret = 0;
+        }
+        return ret;
+-       case COMPAT_CIOCASYMASYNFETCH:
++       case COMPAT_CIOCASYMFETCHCOOKIE:
+        {
+                struct cryptodev_pkc *pkc;
+                unsigned long flags;
++               int i = 0;
++               struct compat_pkc_cookie_list_s cookie_list;
+ 
+                spin_lock_irqsave(&pcr->completion_lock, flags);
+-               if (list_empty(&pcr->asym_completed_list)) {
+-                       spin_unlock_irqrestore(&pcr->completion_lock, flags);
+-                       return -ENOMEM;
++               cookie_list.cookie_available = 0;
++
++               for (i = 0; i < MAX_COOKIES; i++) {
++                       if (!list_empty(&pcr->asym_completed_list)) {
++                               /* Run a loop in the list for upto  elements
++                                and copy their response back */
++                               pkc =
++                                list_first_entry(&pcr->asym_completed_list,
++                                               struct cryptodev_pkc, list);
++                               list_del(&pkc->list);
++                               ret = crypto_async_fetch_asym(pkc);
++                               if (!ret) {
++                                       cookie_list.cookie_available++;
++                                       cookie_list.cookie[i] =
++                                                pkc->kop.kop.cookie;
++                               }
++                               kfree(pkc);
++                       } else {
++                               break;
++                       }
+                }
+-               pkc = list_first_entry(&pcr->asym_completed_list,
+-                        struct cryptodev_pkc, list);
+-               list_del(&pkc->list);
+                spin_unlock_irqrestore(&pcr->completion_lock, flags);
+-               ret = crypto_async_fetch_asym(pkc);
+ 
+                /* Reflect the updated request to user-space */
+-               if (!ret)
+-                       compat_kop_to_user(&pkc->kop, arg);
+-               kfree(pkc);
++               if (cookie_list.cookie_available)
++                       copy_to_user(arg, &cookie_list,
++                                    sizeof(struct compat_pkc_cookie_list_s));
+        }
+        return ret;
+        default:
+-- 
+1.8.3.1
+
diff --git a/recipes-kernel/cryptodev/cryptodev-fsl/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch b/recipes-kernel/cryptodev/cryptodev-fsl/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch
new file mode 100644
index 0000000..e70a057
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-fsl/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch
@@ -0,0 +1,212 @@
+From 30fc86a09109f169815befc2cd8bbfcae79fe7e0 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Fri, 7 Mar 2014 07:53:53 +0545
+Subject: [PATCH 6/9] ECC_KEYGEN and DLC_KEYGEN supported in cryptodev module
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ cryptlib.c         |  2 ++
+ crypto/cryptodev.h |  5 +++-
+ ioctl.c            | 29 +++++++++++++++++--
+ main.c             | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 118 insertions(+), 3 deletions(-)
+
+diff --git a/cryptlib.c b/cryptlib.c
+index 6900028..47cd568 100644
+--- a/cryptlib.c
++++ b/cryptlib.c
+@@ -452,6 +452,8 @@ int cryptodev_pkc_offload(struct cryptodev_pkc  *pkc)
+        case DSA_VERIFY:
+        case ECDSA_SIGN:
+        case ECDSA_VERIFY:
++       case DLC_KEYGEN:
++       case ECC_KEYGEN:
+                pkc->s = crypto_alloc_pkc("pkc(dsa)",
+                         CRYPTO_ALG_TYPE_PKC_DSA, 0);
+                break;
+diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
+index 4436fbf..275a55c 100644
+--- a/crypto/cryptodev.h
++++ b/crypto/cryptodev.h
+@@ -268,6 +268,8 @@ enum cryptodev_crk_op_t {
+        CRK_DSA_SIGN = 2,
+        CRK_DSA_VERIFY = 3,
+        CRK_DH_COMPUTE_KEY = 4,
++       CRK_DSA_GENERATE_KEY = 5,
++       CRK_DH_GENERATE_KEY = 6,
+        CRK_ALGORITHM_ALL
+ };
+ 
+@@ -280,7 +282,8 @@ enum cryptodev_crk_op_t {
+ #define CRF_DSA_SIGN           (1 << CRK_DSA_SIGN)
+ #define CRF_DSA_VERIFY         (1 << CRK_DSA_VERIFY)
+ #define CRF_DH_COMPUTE_KEY     (1 << CRK_DH_COMPUTE_KEY)
+-
++#define CRF_DSA_GENERATE_KEY   (1 << CRK_DSA_GENERATE_KEY)
++#define CRF_DH_GENERATE_KEY    (1 << CRK_DH_GENERATE_KEY)
+ 
+ /* ioctl's. Compatible with old linux cryptodev.h
+  */
+diff --git a/ioctl.c b/ioctl.c
+index 2eb7f03..c813c8c 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -726,6 +726,23 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
+                                     dh_req->z, dh_req->z_len);
+        }
+        break;
++       case CRK_DSA_GENERATE_KEY:
++       case CRK_DH_GENERATE_KEY:
++       {
++               struct keygen_req_s *key_req = &pkc_req->req_u.keygen;
++
++               if (pkc_req->type == ECC_KEYGEN) {
++                       copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key,
++                                    key_req->pub_key_len);
++                       copy_to_user(ckop->crk_param[5].crp_p,
++                                    key_req->priv_key, key_req->priv_key_len);
++               } else {
++                       copy_to_user(ckop->crk_param[3].crp_p,
++                                    key_req->pub_key, key_req->pub_key_len);
++                       copy_to_user(ckop->crk_param[4].crp_p,
++                                    key_req->priv_key, key_req->priv_key_len);
++               }
++       }
+        default:
+                ret = -EINVAL;
+        }
+@@ -939,8 +956,9 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+ 
+        switch (cmd) {
+        case CIOCASYMFEAT:
+-               return put_user(CRF_MOD_EXP_CRT |  CRF_MOD_EXP |
+-                       CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY, p);
++               return put_user(CRF_MOD_EXP_CRT |  CRF_MOD_EXP | CRF_DSA_SIGN |
++                       CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY |
++                       CRF_DSA_GENERATE_KEY, p);
+        case CRIOGET:
+                fd = clonefd(filp);
+                ret = put_user(fd, p);
+@@ -1084,7 +1102,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+                if (cookie_list.cookie_available)
+                        copy_to_user(arg, &cookie_list,
+                                     sizeof(struct pkc_cookie_list_s));
++               else {
++                       struct pkc_cookie_list_s *user_ck_list = (void *)arg;
++
++                       put_user(0, &(user_ck_list->cookie_available));
++               }
++               ret = cookie_list.cookie_available;
+        }
++
+        return ret;
+        default:
+                return -EINVAL;
+diff --git a/main.c b/main.c
+index 0b7951e..c901bc7 100644
+--- a/main.c
++++ b/main.c
+@@ -342,6 +342,85 @@ err:
+        return rc;
+ }
+ 
++int crypto_kop_keygen(struct cryptodev_pkc *pkc)
++{
++       struct kernel_crypt_kop *kop = &pkc->kop;
++       struct crypt_kop *cop = &kop->kop;
++       struct pkc_request *pkc_req;
++       struct keygen_req_s *key_req;
++       int rc, buf_size;
++       uint8_t *buf;
++
++       if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
++           !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits ||
++           !cop->crk_param[4].crp_nbits)
++               return -EINVAL;
++
++       pkc_req = &pkc->req;
++       key_req = &pkc_req->req_u.keygen;
++       key_req->q_len = (cop->crk_param[0].crp_nbits + 7)/8;
++       key_req->r_len = (cop->crk_param[1].crp_nbits + 7)/8;
++       key_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8;
++       if (cop->crk_iparams == 3) {
++               key_req->pub_key_len = (cop->crk_param[3].crp_nbits + 7)/8;
++               key_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8;
++               buf_size = key_req->q_len + key_req->r_len + key_req->g_len +
++                       key_req->pub_key_len + key_req->priv_key_len;
++               pkc_req->type = DLC_KEYGEN;
++       } else {
++               key_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8;
++               key_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8;
++               key_req->priv_key_len = (cop->crk_param[5].crp_nbits + 7)/8;
++               buf_size = key_req->q_len + key_req->r_len + key_req->g_len +
++                       key_req->pub_key_len + key_req->priv_key_len +
++                       key_req->ab_len;
++               pkc_req->type = ECC_KEYGEN;
++               pkc_req->curve_type = cop->curve_type;
++       }
++
++       buf = kzalloc(buf_size, GFP_DMA);
++       if (!buf)
++               return -ENOMEM;
++
++       key_req->q = buf;
++       key_req->r = key_req->q + key_req->q_len;
++       key_req->g = key_req->r + key_req->r_len;
++       key_req->pub_key = key_req->g + key_req->g_len;
++       key_req->priv_key = key_req->pub_key + key_req->pub_key_len;
++       copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len);
++       copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len);
++       copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len);
++       if (cop->crk_iparams == 3) {
++               copy_from_user(key_req->pub_key, cop->crk_param[3].crp_p,
++                              key_req->pub_key_len);
++               copy_from_user(key_req->priv_key, cop->crk_param[4].crp_p,
++                              key_req->priv_key_len);
++       } else {
++               key_req->ab = key_req->priv_key + key_req->priv_key_len;
++               copy_from_user(key_req->ab, cop->crk_param[3].crp_p,
++                              key_req->ab_len);
++               copy_from_user(key_req->pub_key, cop->crk_param[4].crp_p,
++                              key_req->pub_key_len);
++               copy_from_user(key_req->priv_key, cop->crk_param[5].crp_p,
++                              key_req->priv_key_len);
++       }
++
++       rc = cryptodev_pkc_offload(pkc);
++       if (pkc->type == SYNCHRONOUS) {
++               if (rc)
++                       goto err;
++       } else {
++               if (rc != -EINPROGRESS && !rc)
++                       goto err;
++
++               pkc->cookie = buf;
++               return rc;
++       }
++err:
++       kfree(buf);
++       return rc;
++}
++
+ int crypto_kop_dh_key(struct cryptodev_pkc *pkc)
+ {
+        struct kernel_crypt_kop *kop = &pkc->kop;
+@@ -554,6 +633,12 @@ int crypto_run_asym(struct cryptodev_pkc *pkc)
+                        goto err;
+                ret = crypto_kop_dh_key(pkc);
+                break;
++       case CRK_DH_GENERATE_KEY:
++       case CRK_DSA_GENERATE_KEY:
++               if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4))
++                       goto err;
++               ret = crypto_kop_keygen(pkc);
++               break;
+        }
+ err:
+        return ret;
+-- 
+1.8.3.1
+
diff --git a/recipes-kernel/cryptodev/cryptodev-fsl/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch b/recipes-kernel/cryptodev/cryptodev-fsl/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch
new file mode 100644
index 0000000..93a2248
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-fsl/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch
@@ -0,0 +1,238 @@
+From d60b9dbf53d63092fd292c00bb03c250c26703cf Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Fri, 7 Mar 2014 08:49:15 +0545
+Subject: [PATCH 7/9] RCU stall fixed in PKC asynchronous interface
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ ioctl.c | 23 +++++++++++------------
+ main.c  | 43 +++++++++++++++++++++++++++----------------
+ 2 files changed, 38 insertions(+), 28 deletions(-)
+
+diff --git a/ioctl.c b/ioctl.c
+index c813c8c..7e4c671 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -108,10 +108,9 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err)
+                complete(&res->completion);
+        } else {
+                struct crypt_priv *pcr = pkc->priv;
+-               unsigned long flags;
+-               spin_lock_irqsave(&pcr->completion_lock, flags);
++               spin_lock_bh(&pcr->completion_lock);
+                list_add_tail(&pkc->list, &pcr->asym_completed_list);
+-               spin_unlock_irqrestore(&pcr->completion_lock, flags);
++               spin_unlock_bh(&pcr->completion_lock);
+                /* wake for POLLIN */
+                wake_up_interruptible(&pcr->user_waiter);
+        }
+@@ -958,7 +957,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+        case CIOCASYMFEAT:
+                return put_user(CRF_MOD_EXP_CRT |  CRF_MOD_EXP | CRF_DSA_SIGN |
+                        CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY |
+-                       CRF_DSA_GENERATE_KEY, p);
++                       CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p);
+        case CRIOGET:
+                fd = clonefd(filp);
+                ret = put_user(fd, p);
+@@ -997,7 +996,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+        case CIOCKEY:
+        {
+                struct cryptodev_pkc *pkc =
+-                       kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
++                       kmalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
+ 
+                if (!pkc)
+                        return -ENOMEM;
+@@ -1053,7 +1052,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+        case CIOCASYMASYNCRYPT:
+        {
+                struct cryptodev_pkc *pkc =
+-                       kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
++                       kmalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
+                ret = kop_from_user(&pkc->kop, arg);
+ 
+                if (unlikely(ret))
+@@ -1070,13 +1069,12 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+        case CIOCASYMFETCHCOOKIE:
+        {
+                struct cryptodev_pkc *pkc;
+-               unsigned long flags;
+                int i;
+                struct pkc_cookie_list_s cookie_list;
+ 
+-               spin_lock_irqsave(&pcr->completion_lock, flags);
+                cookie_list.cookie_available = 0;
+                for (i = 0; i < MAX_COOKIES; i++) {
++                       spin_lock_bh(&pcr->completion_lock);
+                        if (!list_empty(&pcr->asym_completed_list)) {
+                                /* Run a loop in the list for upto  elements
+                                 and copy their response back */
+@@ -1084,6 +1082,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+                                 list_first_entry(&pcr->asym_completed_list,
+                                                struct cryptodev_pkc, list);
+                                list_del(&pkc->list);
++                               spin_unlock_bh(&pcr->completion_lock);
+                                ret = crypto_async_fetch_asym(pkc);
+                                if (!ret) {
+                                        cookie_list.cookie_available++;
+@@ -1093,10 +1092,10 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+                                }
+                                kfree(pkc);
+                        } else {
++                               spin_unlock_bh(&pcr->completion_lock);
+                                break;
+                        }
+                }
+-               spin_unlock_irqrestore(&pcr->completion_lock, flags);
+ 
+                /* Reflect the updated request to user-space */
+                if (cookie_list.cookie_available)
+@@ -1386,14 +1385,13 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
+        case COMPAT_CIOCASYMFETCHCOOKIE:
+        {
+                struct cryptodev_pkc *pkc;
+-               unsigned long flags;
+                int i = 0;
+                struct compat_pkc_cookie_list_s cookie_list;
+ 
+-               spin_lock_irqsave(&pcr->completion_lock, flags);
+                cookie_list.cookie_available = 0;
+ 
+                for (i = 0; i < MAX_COOKIES; i++) {
++                       spin_lock_bh(&pcr->completion_lock);
+                        if (!list_empty(&pcr->asym_completed_list)) {
+                                /* Run a loop in the list for upto  elements
+                                 and copy their response back */
+@@ -1401,6 +1399,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
+                                 list_first_entry(&pcr->asym_completed_list,
+                                                struct cryptodev_pkc, list);
+                                list_del(&pkc->list);
++                               spin_unlock_bh(&pcr->completion_lock);
+                                ret = crypto_async_fetch_asym(pkc);
+                                if (!ret) {
+                                        cookie_list.cookie_available++;
+@@ -1409,10 +1408,10 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
+                                }
+                                kfree(pkc);
+                        } else {
++                               spin_unlock_bh(&pcr->completion_lock);
+                                break;
+                        }
+                }
+-               spin_unlock_irqrestore(&pcr->completion_lock, flags);
+ 
+                /* Reflect the updated request to user-space */
+                if (cookie_list.cookie_available)
+diff --git a/main.c b/main.c
+index c901bc7..2747706 100644
+--- a/main.c
++++ b/main.c
+@@ -215,7 +215,9 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc)
+                pkc_req->type = DSA_SIGN;
+        }
+ 
+-       buf = kzalloc(buf_size, GFP_DMA);
++       buf = kmalloc(buf_size, GFP_DMA);
++       if (!buf)
++               return -ENOMEM;
+ 
+        dsa_req->q = buf;
+        dsa_req->r = dsa_req->q + dsa_req->q_len;
+@@ -298,7 +300,9 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc)
+                pkc_req->type = DSA_VERIFY;
+        }
+ 
+-       buf = kzalloc(buf_size, GFP_DMA);
++       buf = kmalloc(buf_size, GFP_DMA);
++       if (!buf)
++               return -ENOMEM;
+ 
+        dsa_req->q = buf;
+        dsa_req->r = dsa_req->q + dsa_req->q_len;
+@@ -378,7 +382,7 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
+                pkc_req->curve_type = cop->curve_type;
+        }
+ 
+-       buf = kzalloc(buf_size, GFP_DMA);
++       buf = kmalloc(buf_size, GFP_DMA);
+        if (!buf)
+                return -ENOMEM;
+ 
+@@ -390,25 +394,28 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
+        copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len);
+        copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len);
+        copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len);
+-       if (cop->crk_iparams == 3) {
+-               copy_from_user(key_req->pub_key, cop->crk_param[3].crp_p,
+-                              key_req->pub_key_len);
+-               copy_from_user(key_req->priv_key, cop->crk_param[4].crp_p,
+-                              key_req->priv_key_len);
+-       } else {
++       if (cop->crk_iparams == 4) {
+                key_req->ab = key_req->priv_key + key_req->priv_key_len;
+                copy_from_user(key_req->ab, cop->crk_param[3].crp_p,
+                               key_req->ab_len);
+-               copy_from_user(key_req->pub_key, cop->crk_param[4].crp_p,
+-                              key_req->pub_key_len);
+-               copy_from_user(key_req->priv_key, cop->crk_param[5].crp_p,
+-                              key_req->priv_key_len);
+        }
+ 
+        rc = cryptodev_pkc_offload(pkc);
+        if (pkc->type == SYNCHRONOUS) {
+                if (rc)
+                        goto err;
++
++               if (cop->crk_iparams == 4) {
++                       copy_to_user(cop->crk_param[4].crp_p, key_req->pub_key,
++                                    key_req->pub_key_len);
++                       copy_to_user(cop->crk_param[5].crp_p, key_req->priv_key,
++                                    key_req->priv_key_len);
++               } else {
++                       copy_to_user(cop->crk_param[3].crp_p, key_req->pub_key,
++                                    key_req->pub_key_len);
++                       copy_to_user(cop->crk_param[4].crp_p,
++                                    key_req->priv_key, key_req->priv_key_len);
++               }
+        } else {
+                if (rc != -EINPROGRESS && !rc)
+                        goto err;
+@@ -447,7 +454,9 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc)
+                pkc_req->type = DH_COMPUTE_KEY;
+        }
+        buf_size += dh_req->z_len;
+-       buf = kzalloc(buf_size, GFP_DMA);
++       buf = kmalloc(buf_size, GFP_DMA);
++       if (!buf)
++               return -ENOMEM;
+        dh_req->q = buf;
+        dh_req->s = dh_req->q + dh_req->q_len;
+        dh_req->pub_key = dh_req->s + dh_req->s_len;
+@@ -508,9 +517,11 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc)
+        rsa_req->dq_len = (cop->crk_param[4].crp_nbits + 7)/8;
+        rsa_req->c_len = (cop->crk_param[5].crp_nbits + 7)/8;
+        rsa_req->f_len = (cop->crk_param[6].crp_nbits + 7)/8;
+-       buf = kzalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len +
++       buf = kmalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len +
+                      rsa_req->dp_len + rsa_req->dp_len + rsa_req->c_len +
+                      rsa_req->g_len, GFP_DMA);
++       if (!buf)
++               return -ENOMEM;
+        rsa_req->p = buf;
+        rsa_req->q = rsa_req->p + rsa_req->p_len;
+        rsa_req->g = rsa_req->q + rsa_req->q_len;
+@@ -563,7 +574,7 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc)
+        rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8;
+        rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8;
+        rsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8;
+-       buf = kzalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len
++       buf = kmalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len
+                        + rsa_req->g_len, GFP_DMA);
+        if (!buf)
+                return -ENOMEM;
+-- 
+1.8.3.1
+
diff --git a/recipes-kernel/cryptodev/cryptodev-fsl/0008-Add-RSA-Key-generation-offloading.patch b/recipes-kernel/cryptodev/cryptodev-fsl/0008-Add-RSA-Key-generation-offloading.patch
new file mode 100644
index 0000000..affb2e7
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-fsl/0008-Add-RSA-Key-generation-offloading.patch
@@ -0,0 +1,170 @@
+From af5e4289f60c38ab17adab14c82d6204d155f25f Mon Sep 17 00:00:00 2001
+From: Hou Zhiqiang <B48286@freescale.com>
+Date: Wed, 19 Mar 2014 14:02:46 +0800
+Subject: [PATCH 8/9] Add RSA Key generation offloading
+
+Upstream-status: Pending
+
+Signed-off-by: Hou Zhiqiang <B48286@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ cryptlib.c         |  1 +
+ crypto/cryptodev.h |  2 ++
+ ioctl.c            |  3 +-
+ main.c             | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
+ 4 files changed, 84 insertions(+), 2 deletions(-)
+
+diff --git a/cryptlib.c b/cryptlib.c
+index 47cd568..4dd1847 100644
+--- a/cryptlib.c
++++ b/cryptlib.c
+@@ -441,6 +441,7 @@ int cryptodev_pkc_offload(struct cryptodev_pkc  *pkc)
+        struct pkc_request *pkc_req = &pkc->req, *pkc_requested;
+ 
+        switch (pkc_req->type) {
++       case RSA_KEYGEN:
+        case RSA_PUB:
+        case RSA_PRIV_FORM1:
+        case RSA_PRIV_FORM2:
+diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
+index 275a55c..d0cc542 100644
+--- a/crypto/cryptodev.h
++++ b/crypto/cryptodev.h
+@@ -270,6 +270,7 @@ enum cryptodev_crk_op_t {
+        CRK_DH_COMPUTE_KEY = 4,
+        CRK_DSA_GENERATE_KEY = 5,
+        CRK_DH_GENERATE_KEY = 6,
++       CRK_RSA_GENERATE_KEY = 7,
+        CRK_ALGORITHM_ALL
+ };
+ 
+@@ -279,6 +280,7 @@ enum cryptodev_crk_op_t {
+  */
+ #define CRF_MOD_EXP            (1 << CRK_MOD_EXP)
+ #define CRF_MOD_EXP_CRT                (1 << CRK_MOD_EXP_CRT)
++#define CRF_RSA_GENERATE_KEY   (1 << CRK_RSA_GENERATE_KEY)
+ #define CRF_DSA_SIGN           (1 << CRK_DSA_SIGN)
+ #define CRF_DSA_VERIFY         (1 << CRK_DSA_VERIFY)
+ #define CRF_DH_COMPUTE_KEY     (1 << CRK_DH_COMPUTE_KEY)
+diff --git a/ioctl.c b/ioctl.c
+index 7e4c671..14888d6 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -957,7 +957,8 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+        case CIOCASYMFEAT:
+                return put_user(CRF_MOD_EXP_CRT |  CRF_MOD_EXP | CRF_DSA_SIGN |
+                        CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY |
+-                       CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p);
++                       CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY |
++                       CRF_RSA_GENERATE_KEY, p);
+        case CRIOGET:
+                fd = clonefd(filp);
+                ret = put_user(fd, p);
+diff --git a/main.c b/main.c
+index 2747706..14dcf40 100644
+--- a/main.c
++++ b/main.c
+@@ -346,6 +346,82 @@ err:
+        return rc;
+ }
+ 
++int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc)
++{
++       struct kernel_crypt_kop *kop = &pkc->kop;
++       struct crypt_kop *cop = &kop->kop;
++       struct pkc_request *pkc_req;
++       struct rsa_keygen_req_s *key_req;
++       int rc, buf_size;
++       uint8_t *buf;
++
++       if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
++               !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits ||
++               !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits ||
++               !cop->crk_param[6].crp_nbits)
++               return -EINVAL;
++
++       pkc_req = &pkc->req;
++       pkc_req->type = RSA_KEYGEN;
++       key_req = &pkc_req->req_u.rsa_keygen;
++       key_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8;
++       key_req->p_len = (cop->crk_param[0].crp_nbits + 7) / 8;
++       key_req->q_len = (cop->crk_param[1].crp_nbits + 7) / 8;
++       key_req->n_len = (cop->crk_param[2].crp_nbits + 7) / 8;
++       key_req->d_len = (cop->crk_param[3].crp_nbits + 7) / 8;
++       key_req->dp_len = (cop->crk_param[4].crp_nbits + 7) / 8;
++       key_req->dq_len = (cop->crk_param[5].crp_nbits + 7) / 8;
++       key_req->c_len = (cop->crk_param[6].crp_nbits + 7) / 8;
++
++       buf_size = key_req->p_len + key_req->q_len + key_req->n_len +
++                       key_req->d_len + key_req->dp_len +
++                       key_req->dq_len + key_req->c_len;
++
++       buf = kmalloc(buf_size, GFP_DMA);
++       if (!buf)
++               return -ENOMEM;
++       key_req->p = buf;
++       key_req->q = key_req->p + key_req->p_len;
++       key_req->n = key_req->q + key_req->q_len;
++       key_req->d = key_req->n + key_req->n_len;
++       key_req->dp = key_req->d + key_req->d_len;
++       key_req->dq = key_req->dp + key_req->dp_len;
++       key_req->c = key_req->dq + key_req->dq_len;
++
++       rc = cryptodev_pkc_offload(pkc);
++
++       if (pkc->type == SYNCHRONOUS) {
++               if (rc)
++                       goto err;
++
++               copy_to_user(cop->crk_param[0].crp_p,
++                               key_req->p, key_req->p_len);
++               copy_to_user(cop->crk_param[1].crp_p,
++                               key_req->q, key_req->q_len);
++               copy_to_user(cop->crk_param[2].crp_p,
++                               key_req->n, key_req->n_len);
++               copy_to_user(cop->crk_param[3].crp_p,
++                               key_req->d, key_req->d_len);
++               copy_to_user(cop->crk_param[4].crp_p,
++                               key_req->dp, key_req->dp_len);
++               copy_to_user(cop->crk_param[5].crp_p,
++                               key_req->dq, key_req->dq_len);
++               copy_to_user(cop->crk_param[6].crp_p,
++                               key_req->c, key_req->c_len);
++               } else {
++               if (rc != -EINPROGRESS && !rc) {
++                       printk("%s: Failed\n", __func__);
++                       goto err;
++               }
++               pkc->cookie = buf;
++               return rc;
++       }
++err:
++       kfree(buf);
++       return rc;
++
++}
++
+ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
+ {
+        struct kernel_crypt_kop *kop = &pkc->kop;
+@@ -385,7 +461,6 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
+        buf = kmalloc(buf_size, GFP_DMA);
+        if (!buf)
+                return -ENOMEM;
+-
+        key_req->q = buf;
+        key_req->r = key_req->q + key_req->q_len;
+        key_req->g = key_req->r + key_req->r_len;
+@@ -650,6 +725,9 @@ int crypto_run_asym(struct cryptodev_pkc *pkc)
+                        goto err;
+                ret = crypto_kop_keygen(pkc);
+                break;
++       case CRK_RSA_GENERATE_KEY:
++               ret = crypto_kop_rsa_keygen(pkc);
++               break;
+        }
+ err:
+        return ret;
+-- 
+1.8.3.1
+
diff --git a/recipes-kernel/cryptodev/cryptodev-fsl/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch b/recipes-kernel/cryptodev/cryptodev-fsl/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch
new file mode 100644
index 0000000..32757ca
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-fsl/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch
@@ -0,0 +1,160 @@
+From e791b55b03d295ee11476382a7bd93ab131e2e52 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Thu, 17 Apr 2014 07:08:47 +0545
+Subject: [PATCH 9/9] Fixed compilation error of openssl with fsl cryptodev
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ authenc.c          | 1 +
+ cryptlib.c         | 9 ++++-----
+ crypto/cryptodev.h | 9 ++++++++-
+ cryptodev_int.h    | 2 +-
+ ioctl.c            | 8 ++++++--
+ main.c             | 1 +
+ 6 files changed, 21 insertions(+), 9 deletions(-)
+
+diff --git a/authenc.c b/authenc.c
+index ef0d3db..2aa4d38 100644
+--- a/authenc.c
++++ b/authenc.c
+@@ -2,6 +2,7 @@
+  * Driver for /dev/crypto device (aka CryptoDev)
+  *
+  * Copyright (c) 2011, 2012 OpenSSL Software Foundation, Inc.
++ * Copyright (c) 2014 Freescale Semiconductor, Inc.
+  *
+  * Author: Nikos Mavrogiannopoulos
+  *
+diff --git a/cryptlib.c b/cryptlib.c
+index 4dd1847..ec6693e 100644
+--- a/cryptlib.c
++++ b/cryptlib.c
+@@ -4,8 +4,7 @@
+  * Copyright (c) 2010,2011 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+  * Portions Copyright (c) 2010 Michael Weiser
+  * Portions Copyright (c) 2010 Phil Sutter
+- *
+- * Copyright 2012 Freescale Semiconductor, Inc.
++ * Copyright 2012-2014 Freescale Semiconductor, Inc.
+  *
+  * This file is part of linux cryptodev.
+  *
+@@ -144,7 +143,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name,
+                        if (alg->max_keysize > 0 &&
+                                        unlikely((keylen < alg->min_keysize) ||
+                                        (keylen > alg->max_keysize))) {
+-                               ddebug(1, "Wrong keylen '%zu' for algorithm '%s'. Use %u to %u.",
++                               ddebug(1, "Wrong keylen '%u' for algorithm '%s'. Use %u to %u.",
+                                                keylen, alg_name, alg->min_keysize, alg->max_keysize);
+                                ret = -EINVAL;
+                                goto error;
+@@ -171,7 +170,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name,
+        }
+ 
+        if (unlikely(ret)) {
+-               ddebug(1, "Setting key failed for %s-%zu.", alg_name, keylen*8);
++               ddebug(1, "Setting key failed for %s-%u.", alg_name, keylen*8);
+                ret = -EINVAL;
+                goto error;
+        }
+@@ -338,7 +337,7 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name,
+        if (hmac_mode != 0) {
+                ret = crypto_ahash_setkey(hdata->async.s, mackey, mackeylen);
+                if (unlikely(ret)) {
+-                       ddebug(1, "Setting hmac key failed for %s-%zu.",
++                       ddebug(1, "Setting hmac key failed for %s-%u.",
+                                        alg_name, mackeylen*8);
+                        ret = -EINVAL;
+                        goto error;
+diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
+index d0cc542..e7edd97 100644
+--- a/crypto/cryptodev.h
++++ b/crypto/cryptodev.h
+@@ -234,6 +234,13 @@ struct crypt_auth_op {
+ #define        CRYPTO_ALG_FLAG_RNG_ENABLE      2
+ #define        CRYPTO_ALG_FLAG_DSA_SHA         4
+ 
++enum ec_curve_t {
++       EC_DISCRETE_LOG,
++       EC_PRIME,
++       EC_BINARY,
++       MAX_EC_TYPE
++};
++
+ struct crparam {
+        __u8    *crp_p;
+        __u32   crp_nbits;
+@@ -249,7 +256,7 @@ struct crypt_kop {
+        __u16   crk_oparams;
+        __u32   crk_pad1;
+        struct crparam  crk_param[CRK_MAXPARAM];
+-       enum curve_t curve_type; /* 0 == Discrete Log,
++       enum ec_curve_t curve_type; /* 0 == Discrete Log,
+                                1 = EC_PRIME, 2 = EC_BINARY */
+        void *cookie;
+ };
+diff --git a/cryptodev_int.h b/cryptodev_int.h
+index 5347cae..c83c885 100644
+--- a/cryptodev_int.h
++++ b/cryptodev_int.h
+@@ -88,7 +88,7 @@ struct compat_crypt_kop {
+        uint16_t        crk_oparams;
+        uint32_t        crk_pad1;
+        struct compat_crparam   crk_param[CRK_MAXPARAM];
+-       enum curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME,
++       enum ec_curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME,
+                                 2 = EC_BINARY */
+        compat_uptr_t cookie;
+ };
+diff --git a/ioctl.c b/ioctl.c
+index 14888d6..20ab4ca 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -4,7 +4,7 @@
+  * Copyright (c) 2004 Michal Ludvig <mludvig@logix.net.nz>, SuSE Labs
+  * Copyright (c) 2009,2010,2011 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+  * Copyright (c) 2010 Phil Sutter
+- * Copyright 2012 Freescale Semiconductor, Inc.
++ * Copyright 2012-2014 Freescale Semiconductor, Inc.
+  *
+  * This file is part of linux cryptodev.
+  *
+@@ -501,6 +501,7 @@ cryptodev_open(struct inode *inode, struct file *filp)
+        INIT_LIST_HEAD(&pcr->done.list);
+        INIT_LIST_HEAD(&pcr->asym_completed_list);
+        spin_lock_init(&pcr->completion_lock);
++
+        INIT_WORK(&pcr->cryptask, cryptask_routine);
+ 
+        init_waitqueue_head(&pcr->user_waiter);
+@@ -780,8 +781,11 @@ static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr)
+ 
+        if (cop->iv) {
+                rc = copy_from_user(kcop->iv, cop->iv, kcop->ivlen);
+-               if (unlikely(rc))
++               if (unlikely(rc)) {
++                       derr(1, "error copying IV (%d bytes), copy_from_user returned %d for address %p",
++                                       kcop->ivlen, rc, cop->iv);
+                        return -EFAULT;
++               }
+        }
+ 
+        return 0;
+diff --git a/main.c b/main.c
+index 14dcf40..6365911 100644
+--- a/main.c
++++ b/main.c
+@@ -3,6 +3,7 @@
+  *
+  * Copyright (c) 2004 Michal Ludvig <mludvig@logix.net.nz>, SuSE Labs
+  * Copyright (c) 2009-2013 Nikos Mavrogiannopoulos <nmav@gnutls.org>
++ * Copyright (c) 2014 Freescale Semiconductor, Inc.
+  *
+  * This file is part of linux cryptodev.
+  *
+-- 
+2.2.0
+
diff --git a/recipes-kernel/cryptodev/cryptodev-linux_1.6.bbappend b/recipes-kernel/cryptodev/cryptodev-linux_1.6.bbappend
new file mode 100644
index 0000000..3cbbb3d
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-linux_1.6.bbappend
@@ -0,0 +1,2 @@
+require recipes-kernel/cryptodev/cryptodev-fsl.inc
+
diff --git a/recipes-kernel/cryptodev/cryptodev-module_1.6.bbappend b/recipes-kernel/cryptodev/cryptodev-module_1.6.bbappend
new file mode 100644
index 0000000..2bf012c
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-module_1.6.bbappend
@@ -0,0 +1,12 @@
+require recipes-kernel/cryptodev/cryptodev-fsl.inc
+
+inherit qoriq_build_64bit_kernel
+
+do_install_append_qoriq-ppc () {
+    rm -fr ${D}/usr
+}
+
+# Currently pkc-host does not support RSA_KEYGEN, remove this
+# if it is fixed.
+SRC_URI_append_qoriq-ppc = "${@base_contains('DISTRO_FEATURES', 'c29x_pkc', ' file://0001-don-t-advertise-RSA-keygen.patch', '', d)}"
+