aboutsummaryrefslogtreecommitdiffstats
path: root/recipes-kernel/cryptodev
diff options
context:
space:
mode:
authorOtavio Salvador <otavio@ossystems.com.br>2015-07-23 16:02:25 -0300
committerOtavio Salvador <otavio@ossystems.com.br>2015-07-28 23:26:59 -0300
commit6a868a671472d454b407a165fc31c5f7dfe783c6 (patch)
tree7bd2ab13a04d14215264cc992501970cacfb20ef /recipes-kernel/cryptodev
parent62e212fe4812a6c726df4ac8e77d4a77e0e54247 (diff)
downloadmeta-freescale-6a868a671472d454b407a165fc31c5f7dfe783c6.tar.gz
meta-freescale-6a868a671472d454b407a165fc31c5f7dfe783c6.tar.bz2
meta-freescale-6a868a671472d454b407a165fc31c5f7dfe783c6.zip
Move meta-fsl-ppc content to layer root
This commit is just a rename of all contents of meta-fsl-ppc subdirectory to this layer's root, merging the contents of common files, subsequent changes are based on top of that. Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Diffstat (limited to 'recipes-kernel/cryptodev')
-rw-r--r--recipes-kernel/cryptodev/cryptodev-linux_1.7.bb12
-rw-r--r--recipes-kernel/cryptodev/cryptodev-module_1.7.bb10
-rw-r--r--recipes-kernel/cryptodev/cryptodev-tests_1.7.bb17
-rw-r--r--recipes-kernel/cryptodev/cryptodev_1.7.inc47
-rw-r--r--recipes-kernel/cryptodev/files/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch52
-rw-r--r--recipes-kernel/cryptodev/files/0001-don-t-advertise-RSA-keygen.patch33
-rw-r--r--recipes-kernel/cryptodev/files/0001-fix-compilation-against-linux-3.19.patch36
-rw-r--r--recipes-kernel/cryptodev/files/0002-Fix-tests-Makefile-usage-of-LDLIBS-vs.-LDFLAGS.patch29
-rw-r--r--recipes-kernel/cryptodev/files/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch207
-rw-r--r--recipes-kernel/cryptodev/files/0002-tests-Makefile-fix-arg-passing-to-CC-in-implicit-rul.patch28
-rw-r--r--recipes-kernel/cryptodev/files/0003-Disable-installing-header-file-provided-by-another-p.patch29
-rw-r--r--recipes-kernel/cryptodev/files/0003-PKC-support-added-in-cryptodev-module.patch898
-rw-r--r--recipes-kernel/cryptodev/files/0004-Add-the-compile-and-install-rules-for-cryptodev-test.patch65
-rw-r--r--recipes-kernel/cryptodev/files/0004-Compat-versions-of-PKC-IOCTLs.patch200
-rw-r--r--recipes-kernel/cryptodev/files/0005-Asynchronous-interface-changes-in-cryptodev.patch213
-rw-r--r--recipes-kernel/cryptodev/files/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch212
-rw-r--r--recipes-kernel/cryptodev/files/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch238
-rw-r--r--recipes-kernel/cryptodev/files/0008-Add-RSA-Key-generation-offloading.patch170
-rw-r--r--recipes-kernel/cryptodev/files/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch160
-rw-r--r--recipes-kernel/cryptodev/files/0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch54
-rw-r--r--recipes-kernel/cryptodev/files/0011-add-support-for-TLSv1.1-record-offload.patch76
-rw-r--r--recipes-kernel/cryptodev/files/0012-add-support-for-TLSv1.2-record-offload.patch72
-rw-r--r--recipes-kernel/cryptodev/files/0013-clean-up-code-layout.patch186
-rw-r--r--recipes-kernel/cryptodev/files/0014-remove-redundant-data-copy-for-pkc-operations.patch494
-rw-r--r--recipes-kernel/cryptodev/files/0015-fix-pkc-request-deallocation.patch40
-rw-r--r--recipes-kernel/cryptodev/files/0016-add-basic-detection-of-asym-features.patch37
-rw-r--r--recipes-kernel/cryptodev/files/0017-remove-dead-code.patch67
-rw-r--r--recipes-kernel/cryptodev/files/0018-fix-compat-warnings.patch64
-rw-r--r--recipes-kernel/cryptodev/files/0019-fix-size_t-print-format.patch61
-rw-r--r--recipes-kernel/cryptodev/files/0020-fix-uninitialized-variable-compiler-warning.patch38
30 files changed, 3845 insertions, 0 deletions
diff --git a/recipes-kernel/cryptodev/cryptodev-linux_1.7.bb b/recipes-kernel/cryptodev/cryptodev-linux_1.7.bb
new file mode 100644
index 00000000..92ccd717
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-linux_1.7.bb
@@ -0,0 +1,12 @@
+require cryptodev_${PV}.inc
+
+SUMMARY = "A /dev/crypto device driver header file"
+
+do_compile[noexec] = "1"
+
+# Just install cryptodev.h which is the only header file needed to be exported
+do_install() {
+ install -D ${S}/crypto/cryptodev.h ${D}${includedir}/crypto/cryptodev.h
+}
+
+ALLOW_EMPTY_${PN} = "1"
diff --git a/recipes-kernel/cryptodev/cryptodev-module_1.7.bb b/recipes-kernel/cryptodev/cryptodev-module_1.7.bb
new file mode 100644
index 00000000..e6b1f27c
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-module_1.7.bb
@@ -0,0 +1,10 @@
+require cryptodev_${PV}.inc
+
+SUMMARY = "A /dev/crypto device driver kernel module"
+
+inherit module qoriq_build_64bit_kernel
+
+# Header file provided by a separate package
+DEPENDS += "cryptodev-linux"
+
+EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"'
diff --git a/recipes-kernel/cryptodev/cryptodev-tests_1.7.bb b/recipes-kernel/cryptodev/cryptodev-tests_1.7.bb
new file mode 100644
index 00000000..128ccc99
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev-tests_1.7.bb
@@ -0,0 +1,17 @@
+require cryptodev_${PV}.inc
+
+SUMMARY = "A test suite for /dev/crypto device driver"
+DEPENDS = "openssl"
+
+EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"'
+
+do_compile() {
+ oe_runmake testprogs
+}
+
+do_install() {
+ oe_runmake install_tests
+}
+
+FILES_${PN}-dbg += "${bindir}/tests_cryptodev/.debug"
+FILES_${PN} = "${bindir}/tests_cryptodev/*"
diff --git a/recipes-kernel/cryptodev/cryptodev_1.7.inc b/recipes-kernel/cryptodev/cryptodev_1.7.inc
new file mode 100644
index 00000000..6b65f729
--- /dev/null
+++ b/recipes-kernel/cryptodev/cryptodev_1.7.inc
@@ -0,0 +1,47 @@
+HOMEPAGE = "http://cryptodev-linux.org/"
+
+RCONFLICTS_${PN} = "ocf-linux"
+RREPLACES_${PN} = "ocf-linux"
+
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
+
+SRC_URI = "http://download.gna.org/cryptodev-linux/cryptodev-linux-${PV}.tar.gz"
+SRC_URI[md5sum] = "0b63b3481cf2c90386b35f057481d36b"
+SRC_URI[sha256sum] = "41880533b53de4d7b3f054e230f576988dafb8eed7bef5ebcf6422bb2e3a3b25"
+
+# Upstream hotfixes and yocto specific patches
+SRC_URI_append = " \
+file://0001-fix-compilation-against-linux-3.19.patch \
+file://0002-tests-Makefile-fix-arg-passing-to-CC-in-implicit-rul.patch \
+file://0003-Disable-installing-header-file-provided-by-another-p.patch \
+file://0004-Add-the-compile-and-install-rules-for-cryptodev-test.patch \
+"
+# SDK patches
+SRC_URI_append = " file://0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch \
+file://0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch \
+file://0003-PKC-support-added-in-cryptodev-module.patch \
+file://0004-Compat-versions-of-PKC-IOCTLs.patch \
+file://0005-Asynchronous-interface-changes-in-cryptodev.patch \
+file://0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch \
+file://0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch \
+file://0008-Add-RSA-Key-generation-offloading.patch \
+file://0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch \
+file://0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch \
+file://0011-add-support-for-TLSv1.1-record-offload.patch \
+file://0012-add-support-for-TLSv1.2-record-offload.patch \
+file://0013-clean-up-code-layout.patch \
+file://0014-remove-redundant-data-copy-for-pkc-operations.patch \
+file://0015-fix-pkc-request-deallocation.patch \
+file://0016-add-basic-detection-of-asym-features.patch \
+file://0017-remove-dead-code.patch \
+file://0018-fix-compat-warnings.patch \
+file://0019-fix-size_t-print-format.patch \
+file://0020-fix-uninitialized-variable-compiler-warning.patch \
+"
+
+# NOTE: remove this patch and all traces of DISTRO_FEATURE c29x_pkc
+# if pkc-host does not need customized cryptodev patches anymore
+SRC_URI_append = "${@base_contains('DISTRO_FEATURES', 'c29x_pkc', ' file://0001-don-t-advertise-RSA-keygen.patch', '', d)}"
+
+S = "${WORKDIR}/cryptodev-linux-${PV}"
diff --git a/recipes-kernel/cryptodev/files/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch b/recipes-kernel/cryptodev/files/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch
new file mode 100644
index 00000000..7d957ec1
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch
@@ -0,0 +1,52 @@
+From c653e3a70499c6bb66b57c1788d2d38ca9b8a07e Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Thu, 29 Aug 2013 16:52:30 +0300
+Subject: [PATCH 01/15] add support for composite TLS10(SHA1,AES) algorithm
+ offload
+
+This adds support for composite algorithm offload as a primitive
+crypto (cipher + hmac) operation.
+
+It requires kernel support for tls10(hmac(sha1),cbc(aes)) algorithm
+provided either in software or accelerated by hardware such as
+Freescale B*, P* and T* platforms.
+
+Change-Id: Ia1c605da3860e91e681295dfc8df7c09eb4006cf
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/17218
+---
+ crypto/cryptodev.h | 1 +
+ ioctl.c | 5 +++++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
+index 7fb9c7d..c0e8cd4 100644
+--- a/crypto/cryptodev.h
++++ b/crypto/cryptodev.h
+@@ -50,6 +50,7 @@ enum cryptodev_crypto_op_t {
+ CRYPTO_SHA2_384,
+ CRYPTO_SHA2_512,
+ CRYPTO_SHA2_224_HMAC,
++ CRYPTO_TLS10_AES_CBC_HMAC_SHA1,
+ CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
+ };
+
+diff --git a/ioctl.c b/ioctl.c
+index b23f5fd..a3f8379 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -159,6 +159,11 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
+ stream = 1;
+ aead = 1;
+ break;
++ case CRYPTO_TLS10_AES_CBC_HMAC_SHA1:
++ alg_name = "tls10(hmac(sha1),cbc(aes))";
++ stream = 0;
++ aead = 1;
++ break;
+ case CRYPTO_NULL:
+ alg_name = "ecb(cipher_null)";
+ stream = 1;
+--
+2.3.5
+
diff --git a/recipes-kernel/cryptodev/files/0001-don-t-advertise-RSA-keygen.patch b/recipes-kernel/cryptodev/files/0001-don-t-advertise-RSA-keygen.patch
new file mode 100644
index 00000000..10d6c8b5
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0001-don-t-advertise-RSA-keygen.patch
@@ -0,0 +1,33 @@
+From d30c9c64aca4a7905e1b7eb3e28e1c616191bd34 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Tue, 9 Dec 2014 16:41:25 +0200
+Subject: [PATCH] don't advertise RSA keygen
+
+Disable RSA keygen operations when they are not available.
+
+Currently no testing can be done and this patch should be applied
+selectively on platforms that have incomplete support for RSA operations
+(for example pkc driver on C293)
+
+Change-Id: Ic8df014623410c3cf4b0b217a246efcea8f2eeef
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ ioctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ioctl.c b/ioctl.c
+index 53dbf64..27dc66e 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -979,7 +979,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+ case CIOCASYMFEAT:
+ ses = 0;
+ if (crypto_has_alg("pkc(rsa)", 0, 0))
+- ses = CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_RSA_GENERATE_KEY;
++ ses = CRF_MOD_EXP_CRT | CRF_MOD_EXP ;
+ if (crypto_has_alg("pkc(dsa)", 0, 0))
+ ses |= CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DSA_GENERATE_KEY;
+ if (crypto_has_alg("pkc(dh)", 0, 0))
+--
+2.3.5
+
diff --git a/recipes-kernel/cryptodev/files/0001-fix-compilation-against-linux-3.19.patch b/recipes-kernel/cryptodev/files/0001-fix-compilation-against-linux-3.19.patch
new file mode 100644
index 00000000..ab276d2d
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0001-fix-compilation-against-linux-3.19.patch
@@ -0,0 +1,36 @@
+From 5054d20d45571cc85339351fde52f872eeb82206 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Tue, 10 Feb 2015 04:57:05 +0100
+Subject: [PATCH 1/4] fix compilation against linux-3.19
+
+Commit f938612dd97d481b8b5bf960c992ae577f081c17 in linux.git removes
+get_unused_fd() macro. This patch changes the calling code to use it's
+content 'get_unused_fd_flags(0)' instead. Checking for when
+get_unused_fd_flags was introduced shows it's been there since 2.6.23 at
+least, so probably no need to make this change conditional on the target
+kernel version.
+
+Original patch by Ricardo Ribalda Delgado for Open Embedded, reported by
+Oleg Rakhmanov.
+
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+---
+ ioctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ioctl.c b/ioctl.c
+index 5a55a76..b23f5fd 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -546,7 +546,7 @@ static int
+ clonefd(struct file *filp)
+ {
+ int ret;
+- ret = get_unused_fd();
++ ret = get_unused_fd_flags(0);
+ if (ret >= 0) {
+ get_file(filp);
+ fd_install(ret, filp);
+--
+2.3.5
+
diff --git a/recipes-kernel/cryptodev/files/0002-Fix-tests-Makefile-usage-of-LDLIBS-vs.-LDFLAGS.patch b/recipes-kernel/cryptodev/files/0002-Fix-tests-Makefile-usage-of-LDLIBS-vs.-LDFLAGS.patch
new file mode 100644
index 00000000..f5ab8b4f
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0002-Fix-tests-Makefile-usage-of-LDLIBS-vs.-LDFLAGS.patch
@@ -0,0 +1,29 @@
+From 47ff1eb9bb4f872c1d731b93d334ee5865bf3439 Mon Sep 17 00:00:00 2001
+From: Denys Dmytriyenko <denys@ti.com>
+Date: Sun, 6 Apr 2014 22:16:30 -0400
+Subject: [PATCH] Fix tests Makefile usage of LDLIBS vs. LDFLAGS
+
+Libraries must come after objects, as link order matters, especially
+when using linker flags like -Wl,--as-needed.
+
+Signed-off-by: Denys Dmytriyenko <denys@ti.com>
+
+Upstream-Status: Pending
+---
+ tests/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/Makefile b/tests/Makefile
+index cd202af..67c3c83 100644
+--- a/tests/Makefile
++++ b/tests/Makefile
+@@ -39,5 +39,5 @@ testprogs: $(hostprogs)
+ clean:
+ rm -f *.o *~ $(hostprogs)
+
+-${comp_progs}: LDFLAGS += -lssl -lcrypto
++${comp_progs}: LDLIBS += -lssl -lcrypto
+ ${comp_progs}: %: %.o openssl_wrapper.o
+--
+1.9.1
+
diff --git a/recipes-kernel/cryptodev/files/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch b/recipes-kernel/cryptodev/files/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch
new file mode 100644
index 00000000..08d92313
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch
@@ -0,0 +1,207 @@
+From 71b317347179225693c6d41b740d387ae2c25061 Mon Sep 17 00:00:00 2001
+From: Horia Geanta <horia.geanta@freescale.com>
+Date: Wed, 4 Dec 2013 15:43:41 +0200
+Subject: [PATCH 02/15] add support for COMPAT_CIOCAUTHCRYPT ioctl()
+
+Upstream-status: Pending
+
+Needed for 64b kernel with 32b user space.
+
+Change-Id: I44a999a4164e7ae7122dee6ed0716b2f25cadbc1
+Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ authenc.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ cryptodev_int.h | 40 +++++++++++++++++++++++++++++
+ ioctl.c | 16 ++++++++++++
+ 3 files changed, 134 insertions(+)
+
+diff --git a/authenc.c b/authenc.c
+index 1bd7377..ef0d3db 100644
+--- a/authenc.c
++++ b/authenc.c
+@@ -272,6 +272,84 @@ static int fill_caop_from_kcaop(struct kernel_crypt_auth_op *kcaop, struct fcryp
+ return 0;
+ }
+
++/* compatibility code for 32bit userlands */
++#ifdef CONFIG_COMPAT
++
++static inline void
++compat_to_crypt_auth_op(struct compat_crypt_auth_op *compat,
++ struct crypt_auth_op *caop)
++{
++ caop->ses = compat->ses;
++ caop->op = compat->op;
++ caop->flags = compat->flags;
++ caop->len = compat->len;
++ caop->auth_len = compat->auth_len;
++ caop->tag_len = compat->tag_len;
++ caop->iv_len = compat->iv_len;
++
++ caop->auth_src = compat_ptr(compat->auth_src);
++ caop->src = compat_ptr(compat->src);
++ caop->dst = compat_ptr(compat->dst);
++ caop->tag = compat_ptr(compat->tag);
++ caop->iv = compat_ptr(compat->iv);
++}
++
++static inline void
++crypt_auth_op_to_compat(struct crypt_auth_op *caop,
++ struct compat_crypt_auth_op *compat)
++{
++ compat->ses = caop->ses;
++ compat->op = caop->op;
++ compat->flags = caop->flags;
++ compat->len = caop->len;
++ compat->auth_len = caop->auth_len;
++ compat->tag_len = caop->tag_len;
++ compat->iv_len = caop->iv_len;
++
++ compat->auth_src = ptr_to_compat(caop->auth_src);
++ compat->src = ptr_to_compat(caop->src);
++ compat->dst = ptr_to_compat(caop->dst);
++ compat->tag = ptr_to_compat(caop->tag);
++ compat->iv = ptr_to_compat(caop->iv);
++}
++
++int compat_kcaop_from_user(struct kernel_crypt_auth_op *kcaop,
++ struct fcrypt *fcr, void __user *arg)
++{
++ struct compat_crypt_auth_op compat_caop;
++
++ if (unlikely(copy_from_user(&compat_caop, arg, sizeof(compat_caop)))) {
++ dprintk(1, KERN_ERR, "Error in copying from userspace\n");
++ return -EFAULT;
++ }
++
++ compat_to_crypt_auth_op(&compat_caop, &kcaop->caop);
++
++ return fill_kcaop_from_caop(kcaop, fcr);
++}
++
++int compat_kcaop_to_user(struct kernel_crypt_auth_op *kcaop,
++ struct fcrypt *fcr, void __user *arg)
++{
++ int ret;
++ struct compat_crypt_auth_op compat_caop;
++
++ ret = fill_caop_from_kcaop(kcaop, fcr);
++ if (unlikely(ret)) {
++ dprintk(1, KERN_ERR, "fill_caop_from_kcaop\n");
++ return ret;
++ }
++
++ crypt_auth_op_to_compat(&kcaop->caop, &compat_caop);
++
++ if (unlikely(copy_to_user(arg, &compat_caop, sizeof(compat_caop)))) {
++ dprintk(1, KERN_ERR, "Error in copying to userspace\n");
++ return -EFAULT;
++ }
++ return 0;
++}
++
++#endif /* CONFIG_COMPAT */
+
+ int kcaop_from_user(struct kernel_crypt_auth_op *kcaop,
+ struct fcrypt *fcr, void __user *arg)
+diff --git a/cryptodev_int.h b/cryptodev_int.h
+index d7660fa..8e687e7 100644
+--- a/cryptodev_int.h
++++ b/cryptodev_int.h
+@@ -73,11 +73,42 @@ struct compat_crypt_op {
+ compat_uptr_t iv;/* initialization vector for encryption operations */
+ };
+
++ /* input of CIOCAUTHCRYPT */
++struct compat_crypt_auth_op {
++ uint32_t ses; /* session identifier */
++ uint16_t op; /* COP_ENCRYPT or COP_DECRYPT */
++ uint16_t flags; /* see COP_FLAG_AEAD_* */
++ uint32_t len; /* length of source data */
++ uint32_t auth_len; /* length of auth data */
++ compat_uptr_t auth_src; /* authenticated-only data */
++
++ /* The current implementation is more efficient if data are
++ * encrypted in-place (src==dst). */
++ compat_uptr_t src; /* data to be encrypted and
++ authenticated */
++ compat_uptr_t dst; /* pointer to output data. Must have
++ * space for tag. For TLS this should be
++ * at least len + tag_size + block_size
++ * for padding */
++
++ compat_uptr_t tag; /* where the tag will be copied to. TLS
++ * mode doesn't use that as tag is
++ * copied to dst.
++ * SRTP mode copies tag there. */
++ uint32_t tag_len; /* the length of the tag. Use zero for
++ * digest size or max tag. */
++
++ /* initialization vector for encryption operations */
++ compat_uptr_t iv;
++ uint32_t iv_len;
++};
++
+ /* compat ioctls, defined for the above structs */
+ #define COMPAT_CIOCGSESSION _IOWR('c', 102, struct compat_session_op)
+ #define COMPAT_CIOCCRYPT _IOWR('c', 104, struct compat_crypt_op)
+ #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op)
+ #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op)
++#define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op)
+
+ #endif /* CONFIG_COMPAT */
+
+@@ -108,6 +139,15 @@ struct kernel_crypt_auth_op {
+
+ /* auth */
+
++#ifdef CONFIG_COMPAT
++int compat_kcaop_from_user(struct kernel_crypt_auth_op *kcaop,
++ struct fcrypt *fcr, void __user *arg);
++
++int compat_kcaop_to_user(struct kernel_crypt_auth_op *kcaop,
++ struct fcrypt *fcr, void __user *arg);
++#endif /* CONFIG_COMPAT */
++
++
+ int kcaop_from_user(struct kernel_crypt_auth_op *kcop,
+ struct fcrypt *fcr, void __user *arg);
+ int kcaop_to_user(struct kernel_crypt_auth_op *kcaop,
+diff --git a/ioctl.c b/ioctl.c
+index a3f8379..5a44807 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -998,6 +998,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
+ struct session_op sop;
+ struct compat_session_op compat_sop;
+ struct kernel_crypt_op kcop;
++ struct kernel_crypt_auth_op kcaop;
+ int ret;
+
+ if (unlikely(!pcr))
+@@ -1040,6 +1041,21 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
+ return ret;
+
+ return compat_kcop_to_user(&kcop, fcr, arg);
++
++ case COMPAT_CIOCAUTHCRYPT:
++ if (unlikely(ret = compat_kcaop_from_user(&kcaop, fcr, arg))) {
++ dprintk(1, KERN_WARNING, "Error copying from user\n");
++ return ret;
++ }
++
++ ret = crypto_auth_run(fcr, &kcaop);
++ if (unlikely(ret)) {
++ dprintk(1, KERN_WARNING, "Error in crypto_auth_run\n");
++ return ret;
++ }
++
++ return compat_kcaop_to_user(&kcaop, fcr, arg);
++
+ #ifdef ENABLE_ASYNC
+ case COMPAT_CIOCASYNCCRYPT:
+ if (unlikely(ret = compat_kcop_from_user(&kcop, fcr, arg)))
+--
+2.3.5
+
diff --git a/recipes-kernel/cryptodev/files/0002-tests-Makefile-fix-arg-passing-to-CC-in-implicit-rul.patch b/recipes-kernel/cryptodev/files/0002-tests-Makefile-fix-arg-passing-to-CC-in-implicit-rul.patch
new file mode 100644
index 00000000..68c48e0c
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0002-tests-Makefile-fix-arg-passing-to-CC-in-implicit-rul.patch
@@ -0,0 +1,28 @@
+From da730106c2558c8e0c8e1b1b1812d32ef9574ab7 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Sat, 11 Apr 2015 12:45:05 +0200
+Subject: [PATCH 2/4] tests/Makefile: fix arg passing to CC in implicit rule
+
+GCC docs suggest passing -lfoo after object files referring to functions
+in libfoo. Therefore use LDLIBS to specify libraries, which puts them at
+the right place when make calls CC implicitly.
+
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+---
+ tests/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/Makefile b/tests/Makefile
+index c9f04e8..20c52ba 100644
+--- a/tests/Makefile
++++ b/tests/Makefile
+@@ -31,5 +31,5 @@ check: $(hostprogs)
+ clean:
+ rm -f *.o *~ $(hostprogs)
+
+-${comp_progs}: LDFLAGS += -lssl -lcrypto
++${comp_progs}: LDLIBS += -lssl -lcrypto
+ ${comp_progs}: %: %.o openssl_wrapper.o
+--
+2.3.5
+
diff --git a/recipes-kernel/cryptodev/files/0003-Disable-installing-header-file-provided-by-another-p.patch b/recipes-kernel/cryptodev/files/0003-Disable-installing-header-file-provided-by-another-p.patch
new file mode 100644
index 00000000..e384950c
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0003-Disable-installing-header-file-provided-by-another-p.patch
@@ -0,0 +1,29 @@
+From c618f882c283511dd4f7547113a1117c4785f56f Mon Sep 17 00:00:00 2001
+From: Denys Dmytriyenko <denys@ti.com>
+Date: Sun, 6 Apr 2014 19:51:39 -0400
+Subject: [PATCH 3/4] Disable installing header file provided by another
+ package
+
+Signed-off-by: Denys Dmytriyenko <denys@ti.com>
+
+Upstream-Status: Inappropriate [ OE specific ]
+---
+ Makefile | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 31c4b3f..855bb54 100644
+--- a/Makefile
++++ b/Makefile
+@@ -31,8 +31,6 @@ install: modules_install
+
+ modules_install:
+ make -C $(KERNEL_DIR) SUBDIRS=`pwd` modules_install
+- @echo "Installing cryptodev.h in $(PREFIX)/usr/include/crypto ..."
+- @install -D crypto/cryptodev.h $(PREFIX)/usr/include/crypto/cryptodev.h
+
+ clean:
+ make -C $(KERNEL_DIR) SUBDIRS=`pwd` clean
+--
+2.3.5
+
diff --git a/recipes-kernel/cryptodev/files/0003-PKC-support-added-in-cryptodev-module.patch b/recipes-kernel/cryptodev/files/0003-PKC-support-added-in-cryptodev-module.patch
new file mode 100644
index 00000000..46f24320
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0003-PKC-support-added-in-cryptodev-module.patch
@@ -0,0 +1,898 @@
+From fc9ee6ed33c76372de6e3748d2e951fa10f7c47e Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Fri, 7 Mar 2014 06:16:09 +0545
+Subject: [PATCH 03/15] PKC support added in cryptodev module
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ cryptlib.c | 66 +++++++++-
+ cryptlib.h | 28 ++++
+ crypto/cryptodev.h | 15 ++-
+ cryptodev_int.h | 20 ++-
+ ioctl.c | 196 +++++++++++++++++++++++++--
+ main.c | 378 +++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 6 files changed, 685 insertions(+), 18 deletions(-)
+
+diff --git a/cryptlib.c b/cryptlib.c
+index 44ce763..6900028 100644
+--- a/cryptlib.c
++++ b/cryptlib.c
+@@ -5,6 +5,8 @@
+ * Portions Copyright (c) 2010 Michael Weiser
+ * Portions Copyright (c) 2010 Phil Sutter
+ *
++ * Copyright 2012 Freescale Semiconductor, Inc.
++ *
+ * This file is part of linux cryptodev.
+ *
+ * This program is free software; you can redistribute it and/or
+@@ -39,11 +41,6 @@
+ #include "cryptodev_int.h"
+
+
+-struct cryptodev_result {
+- struct completion completion;
+- int err;
+-};
+-
+ static void cryptodev_complete(struct crypto_async_request *req, int err)
+ {
+ struct cryptodev_result *res = req->data;
+@@ -259,7 +256,6 @@ static inline int waitfor(struct cryptodev_result *cr, ssize_t ret)
+ case 0:
+ break;
+ case -EINPROGRESS:
+- case -EBUSY:
+ wait_for_completion(&cr->completion);
+ /* At this point we known for sure the request has finished,
+ * because wait_for_completion above was not interruptible.
+@@ -439,3 +435,61 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output)
+ return waitfor(hdata->async.result, ret);
+ }
+
++int cryptodev_pkc_offload(struct cryptodev_pkc *pkc)
++{
++ int ret = 0;
++ struct pkc_request *pkc_req = &pkc->req, *pkc_requested;
++
++ switch (pkc_req->type) {
++ case RSA_PUB:
++ case RSA_PRIV_FORM1:
++ case RSA_PRIV_FORM2:
++ case RSA_PRIV_FORM3:
++ pkc->s = crypto_alloc_pkc("pkc(rsa)",
++ CRYPTO_ALG_TYPE_PKC_RSA, 0);
++ break;
++ case DSA_SIGN:
++ case DSA_VERIFY:
++ case ECDSA_SIGN:
++ case ECDSA_VERIFY:
++ pkc->s = crypto_alloc_pkc("pkc(dsa)",
++ CRYPTO_ALG_TYPE_PKC_DSA, 0);
++ break;
++ case DH_COMPUTE_KEY:
++ case ECDH_COMPUTE_KEY:
++ pkc->s = crypto_alloc_pkc("pkc(dh)",
++ CRYPTO_ALG_TYPE_PKC_DH, 0);
++ break;
++ default:
++ return -EINVAL;
++ }
++
++ if (IS_ERR_OR_NULL(pkc->s))
++ return -EINVAL;
++
++ init_completion(&pkc->result.completion);
++ pkc_requested = pkc_request_alloc(pkc->s, GFP_KERNEL);
++
++ if (unlikely(IS_ERR_OR_NULL(pkc_requested))) {
++ ret = -ENOMEM;
++ goto error;
++ }
++ pkc_requested->type = pkc_req->type;
++ pkc_requested->curve_type = pkc_req->curve_type;
++ memcpy(&pkc_requested->req_u, &pkc_req->req_u, sizeof(pkc_req->req_u));
++ pkc_request_set_callback(pkc_requested, CRYPTO_TFM_REQ_MAY_BACKLOG,
++ cryptodev_complete_asym, pkc);
++ ret = crypto_pkc_op(pkc_requested);
++ if (ret != -EINPROGRESS && ret != 0)
++ goto error2;
++
++ if (pkc->type == SYNCHRONOUS)
++ ret = waitfor(&pkc->result, ret);
++
++ return ret;
++error2:
++ kfree(pkc_requested);
++error:
++ crypto_free_pkc(pkc->s);
++ return ret;
++}
+diff --git a/cryptlib.h b/cryptlib.h
+index a0a8a63..56d325a 100644
+--- a/cryptlib.h
++++ b/cryptlib.h
+@@ -1,3 +1,6 @@
++/*
++ * Copyright 2012 Freescale Semiconductor, Inc.
++ */
+ #ifndef CRYPTLIB_H
+ # define CRYPTLIB_H
+
+@@ -89,5 +92,30 @@ void cryptodev_hash_deinit(struct hash_data *hdata);
+ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name,
+ int hmac_mode, void *mackey, size_t mackeylen);
+
++/* Operation Type */
++enum offload_type {
++ SYNCHRONOUS,
++ ASYNCHRONOUS
++};
++
++struct cryptodev_result {
++ struct completion completion;
++ int err;
++};
++
++struct cryptodev_pkc {
++ struct list_head list; /* To maintain the Jobs in completed
++ cryptodev lists */
++ struct kernel_crypt_kop kop;
++ struct crypto_pkc *s; /* Transform pointer from CryptoAPI */
++ struct cryptodev_result result; /* Result to be updated by
++ completion handler */
++ struct pkc_request req; /* PKC request structure allocated
++ from CryptoAPI */
++ enum offload_type type; /* Synchronous Vs Asynchronous request */
++ void *cookie; /*Additional opaque cookie to be used in future */
++ struct crypt_priv *priv;
++};
+
++int cryptodev_pkc_offload(struct cryptodev_pkc *);
+ #endif
+diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
+index c0e8cd4..96675fe 100644
+--- a/crypto/cryptodev.h
++++ b/crypto/cryptodev.h
+@@ -1,6 +1,10 @@
+-/* This is a source compatible implementation with the original API of
++/*
++ * Copyright 2012 Freescale Semiconductor, Inc.
++ *
++ * This is a source compatible implementation with the original API of
+ * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h.
+- * Placed under public domain */
++ * Placed under public domain
++ */
+
+ #ifndef L_CRYPTODEV_H
+ #define L_CRYPTODEV_H
+@@ -245,6 +249,9 @@ struct crypt_kop {
+ __u16 crk_oparams;
+ __u32 crk_pad1;
+ struct crparam crk_param[CRK_MAXPARAM];
++ enum curve_t curve_type; /* 0 == Discrete Log,
++ 1 = EC_PRIME, 2 = EC_BINARY */
++ void *cookie;
+ };
+
+ enum cryptodev_crk_op_t {
+@@ -289,5 +296,7 @@ enum cryptodev_crk_op_t {
+ */
+ #define CIOCASYNCCRYPT _IOW('c', 110, struct crypt_op)
+ #define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op)
+-
++/* additional ioctls for asynchronous operation for asymmetric ciphers*/
++#define CIOCASYMASYNCRYPT _IOW('c', 112, struct crypt_kop)
++#define CIOCASYMASYNFETCH _IOR('c', 113, struct crypt_kop)
+ #endif /* L_CRYPTODEV_H */
+diff --git a/cryptodev_int.h b/cryptodev_int.h
+index 8e687e7..fdbcc61 100644
+--- a/cryptodev_int.h
++++ b/cryptodev_int.h
+@@ -1,4 +1,6 @@
+-/* cipher stuff */
++/* cipher stuff
++ * Copyright 2012 Freescale Semiconductor, Inc.
++ */
+ #ifndef CRYPTODEV_INT_H
+ # define CRYPTODEV_INT_H
+
+@@ -112,6 +114,14 @@ struct compat_crypt_auth_op {
+
+ #endif /* CONFIG_COMPAT */
+
++/* kernel-internal extension to struct crypt_kop */
++struct kernel_crypt_kop {
++ struct crypt_kop kop;
++
++ struct task_struct *task;
++ struct mm_struct *mm;
++};
++
+ /* kernel-internal extension to struct crypt_op */
+ struct kernel_crypt_op {
+ struct crypt_op cop;
+@@ -157,6 +167,14 @@ int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop);
+
+ #include <cryptlib.h>
+
++/* Cryptodev Key operation handler */
++int crypto_bn_modexp(struct cryptodev_pkc *);
++int crypto_modexp_crt(struct cryptodev_pkc *);
++int crypto_kop_dsasign(struct cryptodev_pkc *);
++int crypto_kop_dsaverify(struct cryptodev_pkc *);
++int crypto_run_asym(struct cryptodev_pkc *);
++void cryptodev_complete_asym(struct crypto_async_request *, int);
++
+ /* other internal structs */
+ struct csession {
+ struct list_head entry;
+diff --git a/ioctl.c b/ioctl.c
+index 5a44807..69980e3 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -4,6 +4,7 @@
+ * Copyright (c) 2004 Michal Ludvig <mludvig@logix.net.nz>, SuSE Labs
+ * Copyright (c) 2009,2010,2011 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+ * Copyright (c) 2010 Phil Sutter
++ * Copyright 2012 Freescale Semiconductor, Inc.
+ *
+ * This file is part of linux cryptodev.
+ *
+@@ -89,8 +90,37 @@ struct crypt_priv {
+ int itemcount;
+ struct work_struct cryptask;
+ wait_queue_head_t user_waiter;
++ /* List of pending cryptodev_pkc asym requests */
++ struct list_head asym_completed_list;
++ /* For addition/removal of entry in pending list of asymmetric request*/
++ spinlock_t completion_lock;
+ };
+
++/* Asymmetric request Completion handler */
++void cryptodev_complete_asym(struct crypto_async_request *req, int err)
++{
++ struct cryptodev_pkc *pkc = req->data;
++ struct cryptodev_result *res = &pkc->result;
++
++ crypto_free_pkc(pkc->s);
++ res->err = err;
++ if (pkc->type == SYNCHRONOUS) {
++ if (err == -EINPROGRESS)
++ return;
++ complete(&res->completion);
++ } else {
++ struct crypt_priv *pcr = pkc->priv;
++ unsigned long flags;
++ spin_lock_irqsave(&pcr->completion_lock, flags);
++ list_add_tail(&pkc->list, &pcr->asym_completed_list);
++ spin_unlock_irqrestore(&pcr->completion_lock, flags);
++ /* wake for POLLIN */
++ wake_up_interruptible(&pcr->user_waiter);
++ }
++
++ kfree(req);
++}
++
+ #define FILL_SG(sg, ptr, len) \
+ do { \
+ (sg)->page = virt_to_page(ptr); \
+@@ -472,7 +502,8 @@ cryptodev_open(struct inode *inode, struct file *filp)
+ INIT_LIST_HEAD(&pcr->free.list);
+ INIT_LIST_HEAD(&pcr->todo.list);
+ INIT_LIST_HEAD(&pcr->done.list);
+-
++ INIT_LIST_HEAD(&pcr->asym_completed_list);
++ spin_lock_init(&pcr->completion_lock);
+ INIT_WORK(&pcr->cryptask, cryptask_routine);
+
+ init_waitqueue_head(&pcr->user_waiter);
+@@ -639,6 +670,79 @@ static int crypto_async_fetch(struct crypt_priv *pcr,
+ }
+ #endif
+
++/* get the first asym cipher completed job from the "done" queue
++ *
++ * returns:
++ * -EBUSY if no completed jobs are ready (yet)
++ * the return value otherwise */
++static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
++{
++ int ret = 0;
++ struct kernel_crypt_kop *kop = &pkc->kop;
++ struct crypt_kop *ckop = &kop->kop;
++ struct pkc_request *pkc_req = &pkc->req;
++
++ switch (ckop->crk_op) {
++ case CRK_MOD_EXP:
++ {
++ struct rsa_pub_req_s *rsa_req = &pkc_req->req_u.rsa_pub_req;
++ copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g,
++ rsa_req->g_len);
++ }
++ break;
++ case CRK_MOD_EXP_CRT:
++ {
++ struct rsa_priv_frm3_req_s *rsa_req =
++ &pkc_req->req_u.rsa_priv_f3;
++ copy_to_user(ckop->crk_param[6].crp_p,
++ rsa_req->f, rsa_req->f_len);
++ }
++ break;
++ case CRK_DSA_SIGN:
++ {
++ struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign;
++
++ if (pkc_req->type == ECDSA_SIGN) {
++ copy_to_user(ckop->crk_param[6].crp_p,
++ dsa_req->c, dsa_req->d_len);
++ copy_to_user(ckop->crk_param[7].crp_p,
++ dsa_req->d, dsa_req->d_len);
++ } else {
++ copy_to_user(ckop->crk_param[5].crp_p,
++ dsa_req->c, dsa_req->d_len);
++ copy_to_user(ckop->crk_param[6].crp_p,
++ dsa_req->d, dsa_req->d_len);
++ }
++ }
++ break;
++ case CRK_DSA_VERIFY:
++ break;
++ case CRK_DH_COMPUTE_KEY:
++ {
++ struct dh_key_req_s *dh_req = &pkc_req->req_u.dh_req;
++ if (pkc_req->type == ECDH_COMPUTE_KEY)
++ copy_to_user(ckop->crk_param[4].crp_p,
++ dh_req->z, dh_req->z_len);
++ else
++ copy_to_user(ckop->crk_param[3].crp_p,
++ dh_req->z, dh_req->z_len);
++ }
++ break;
++ default:
++ ret = -EINVAL;
++ }
++ kfree(pkc->cookie);
++ return ret;
++}
++
++/* this function has to be called from process context */
++static int fill_kop_from_cop(struct kernel_crypt_kop *kop)
++{
++ kop->task = current;
++ kop->mm = current->mm;
++ return 0;
++}
++
+ /* this function has to be called from process context */
+ static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr)
+ {
+@@ -662,11 +766,8 @@ static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr)
+
+ if (cop->iv) {
+ rc = copy_from_user(kcop->iv, cop->iv, kcop->ivlen);
+- if (unlikely(rc)) {
+- derr(1, "error copying IV (%d bytes), copy_from_user returned %d for address %p",
+- kcop->ivlen, rc, cop->iv);
++ if (unlikely(rc))
+ return -EFAULT;
+- }
+ }
+
+ return 0;
+@@ -692,6 +793,25 @@ static int fill_cop_from_kcop(struct kernel_crypt_op *kcop, struct fcrypt *fcr)
+ return 0;
+ }
+
++static int kop_from_user(struct kernel_crypt_kop *kop,
++ void __user *arg)
++{
++ if (unlikely(copy_from_user(&kop->kop, arg, sizeof(kop->kop))))
++ return -EFAULT;
++
++ return fill_kop_from_cop(kop);
++}
++
++static int kop_to_user(struct kernel_crypt_kop *kop,
++ void __user *arg)
++{
++ if (unlikely(copy_to_user(arg, &kop->kop, sizeof(kop->kop)))) {
++ dprintk(1, KERN_ERR, "Cannot copy to userspace\n");
++ return -EFAULT;
++ }
++ return 0;
++}
++
+ static int kcop_from_user(struct kernel_crypt_op *kcop,
+ struct fcrypt *fcr, void __user *arg)
+ {
+@@ -821,7 +941,8 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+
+ switch (cmd) {
+ case CIOCASYMFEAT:
+- return put_user(0, p);
++ return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP |
++ CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY, p);
+ case CRIOGET:
+ fd = clonefd(filp);
+ ret = put_user(fd, p);
+@@ -857,6 +978,24 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+ if (unlikely(ret))
+ return ret;
+ return copy_to_user(arg, &siop, sizeof(siop));
++ case CIOCKEY:
++ {
++ struct cryptodev_pkc *pkc =
++ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
++
++ if (!pkc)
++ return -ENOMEM;
++
++ ret = kop_from_user(&pkc->kop, arg);
++ if (unlikely(ret)) {
++ kfree(pkc);
++ return ret;
++ }
++ pkc->type = SYNCHRONOUS;
++ ret = crypto_run_asym(pkc);
++ kfree(pkc);
++ }
++ return ret;
+ case CIOCCRYPT:
+ if (unlikely(ret = kcop_from_user(&kcop, fcr, arg))) {
+ dwarning(1, "Error copying from user");
+@@ -895,6 +1034,45 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+
+ return kcop_to_user(&kcop, fcr, arg);
+ #endif
++ case CIOCASYMASYNCRYPT:
++ {
++ struct cryptodev_pkc *pkc =
++ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
++ ret = kop_from_user(&pkc->kop, arg);
++
++ if (unlikely(ret))
++ return -EINVAL;
++
++ /* Store associated FD priv data with asymmetric request */
++ pkc->priv = pcr;
++ pkc->type = ASYNCHRONOUS;
++ ret = crypto_run_asym(pkc);
++ if (ret == -EINPROGRESS)
++ ret = 0;
++ }
++ return ret;
++ case CIOCASYMASYNFETCH:
++ {
++ struct cryptodev_pkc *pkc;
++ unsigned long flags;
++
++ spin_lock_irqsave(&pcr->completion_lock, flags);
++ if (list_empty(&pcr->asym_completed_list)) {
++ spin_unlock_irqrestore(&pcr->completion_lock, flags);
++ return -ENOMEM;
++ }
++ pkc = list_first_entry(&pcr->asym_completed_list,
++ struct cryptodev_pkc, list);
++ list_del(&pkc->list);
++ spin_unlock_irqrestore(&pcr->completion_lock, flags);
++ ret = crypto_async_fetch_asym(pkc);
++
++ /* Reflect the updated request to user-space */
++ if (!ret)
++ kop_to_user(&pkc->kop, arg);
++ kfree(pkc);
++ }
++ return ret;
+ default:
+ return -EINVAL;
+ }
+@@ -1083,9 +1261,11 @@ static unsigned int cryptodev_poll(struct file *file, poll_table *wait)
+
+ poll_wait(file, &pcr->user_waiter, wait);
+
+- if (!list_empty_careful(&pcr->done.list))
++ if (!list_empty_careful(&pcr->done.list) ||
++ !list_empty_careful(&pcr->asym_completed_list))
+ ret |= POLLIN | POLLRDNORM;
+- if (!list_empty_careful(&pcr->free.list) || pcr->itemcount < MAX_COP_RINGSIZE)
++ if (!list_empty_careful(&pcr->free.list) ||
++ pcr->itemcount < MAX_COP_RINGSIZE)
+ ret |= POLLOUT | POLLWRNORM;
+
+ return ret;
+diff --git a/main.c b/main.c
+index 57e5c38..0b7951e 100644
+--- a/main.c
++++ b/main.c
+@@ -181,6 +181,384 @@ __crypto_run_zc(struct csession *ses_ptr, struct kernel_crypt_op *kcop)
+ return ret;
+ }
+
++int crypto_kop_dsasign(struct cryptodev_pkc *pkc)
++{
++ struct kernel_crypt_kop *kop = &pkc->kop;
++ struct crypt_kop *cop = &kop->kop;
++ struct pkc_request *pkc_req = &pkc->req;
++ struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign;
++ int rc, buf_size;
++ uint8_t *buf;
++
++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits ||
++ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits ||
++ !cop->crk_param[6].crp_nbits || (cop->crk_iparams == 6 &&
++ !cop->crk_param[7].crp_nbits))
++ return -EINVAL;
++
++ dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8;
++ dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8;
++ dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8;
++ dsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8;
++ dsa_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8;
++ dsa_req->d_len = (cop->crk_param[6].crp_nbits + 7)/8;
++ buf_size = dsa_req->m_len + dsa_req->q_len + dsa_req->r_len +
++ dsa_req->g_len + dsa_req->priv_key_len + dsa_req->d_len +
++ dsa_req->d_len;
++ if (cop->crk_iparams == 6) {
++ dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8;
++ buf_size += dsa_req->ab_len;
++ pkc_req->type = ECDSA_SIGN;
++ pkc_req->curve_type = cop->curve_type;
++ } else {
++ pkc_req->type = DSA_SIGN;
++ }
++
++ buf = kzalloc(buf_size, GFP_DMA);
++
++ dsa_req->q = buf;
++ dsa_req->r = dsa_req->q + dsa_req->q_len;
++ dsa_req->g = dsa_req->r + dsa_req->r_len;
++ dsa_req->priv_key = dsa_req->g + dsa_req->g_len;
++ dsa_req->m = dsa_req->priv_key + dsa_req->priv_key_len;
++ dsa_req->c = dsa_req->m + dsa_req->m_len;
++ dsa_req->d = dsa_req->c + dsa_req->d_len;
++ copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len);
++ copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len);
++ copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len);
++ copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len);
++ copy_from_user(dsa_req->priv_key, cop->crk_param[4].crp_p,
++ dsa_req->priv_key_len);
++ if (cop->crk_iparams == 6) {
++ dsa_req->ab = dsa_req->d + dsa_req->d_len;
++ copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p,
++ dsa_req->ab_len);
++ }
++ rc = cryptodev_pkc_offload(pkc);
++ if (pkc->type == SYNCHRONOUS) {
++ if (rc)
++ goto err;
++ if (cop->crk_iparams == 6) {
++ copy_to_user(cop->crk_param[6].crp_p, dsa_req->c,
++ dsa_req->d_len);
++ copy_to_user(cop->crk_param[7].crp_p, dsa_req->d,
++ dsa_req->d_len);
++ } else {
++ copy_to_user(cop->crk_param[5].crp_p, dsa_req->c,
++ dsa_req->d_len);
++ copy_to_user(cop->crk_param[6].crp_p, dsa_req->d,
++ dsa_req->d_len);
++ }
++ } else {
++ if (rc != -EINPROGRESS && rc != 0)
++ goto err;
++
++ pkc->cookie = buf;
++ return rc;
++ }
++err:
++ kfree(buf);
++ return rc;
++}
++
++int crypto_kop_dsaverify(struct cryptodev_pkc *pkc)
++{
++ struct kernel_crypt_kop *kop = &pkc->kop;
++ struct crypt_kop *cop = &kop->kop;
++ struct pkc_request *pkc_req;
++ struct dsa_verify_req_s *dsa_req;
++ int rc, buf_size;
++ uint8_t *buf;
++
++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits ||
++ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits ||
++ !cop->crk_param[6].crp_nbits || (cop->crk_iparams == 8 &&
++ !cop->crk_param[7].crp_nbits))
++ return -EINVAL;
++
++ pkc_req = &pkc->req;
++ dsa_req = &pkc_req->req_u.dsa_verify;
++ dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8;
++ dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8;
++ dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8;
++ dsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8;
++ dsa_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8;
++ dsa_req->d_len = (cop->crk_param[6].crp_nbits + 7)/8;
++ buf_size = dsa_req->m_len + dsa_req->q_len + dsa_req->r_len +
++ dsa_req->g_len + dsa_req->pub_key_len + dsa_req->d_len +
++ dsa_req->d_len;
++ if (cop->crk_iparams == 8) {
++ dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8;
++ buf_size += dsa_req->ab_len;
++ pkc_req->type = ECDSA_VERIFY;
++ pkc_req->curve_type = cop->curve_type;
++ } else {
++ pkc_req->type = DSA_VERIFY;
++ }
++
++ buf = kzalloc(buf_size, GFP_DMA);
++
++ dsa_req->q = buf;
++ dsa_req->r = dsa_req->q + dsa_req->q_len;
++ dsa_req->g = dsa_req->r + dsa_req->r_len;
++ dsa_req->pub_key = dsa_req->g + dsa_req->g_len;
++ dsa_req->m = dsa_req->pub_key + dsa_req->pub_key_len;
++ dsa_req->c = dsa_req->m + dsa_req->m_len;
++ dsa_req->d = dsa_req->c + dsa_req->d_len;
++ copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len);
++ copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len);
++ copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len);
++ copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len);
++ copy_from_user(dsa_req->pub_key, cop->crk_param[4].crp_p,
++ dsa_req->pub_key_len);
++ if (cop->crk_iparams == 8) {
++ dsa_req->ab = dsa_req->d + dsa_req->d_len;
++ copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p,
++ dsa_req->ab_len);
++ copy_from_user(dsa_req->c, cop->crk_param[6].crp_p,
++ dsa_req->d_len);
++ copy_from_user(dsa_req->d, cop->crk_param[7].crp_p,
++ dsa_req->d_len);
++ } else {
++ copy_from_user(dsa_req->c, cop->crk_param[5].crp_p,
++ dsa_req->d_len);
++ copy_from_user(dsa_req->d, cop->crk_param[6].crp_p,
++ dsa_req->d_len);
++ }
++ rc = cryptodev_pkc_offload(pkc);
++ if (pkc->type == SYNCHRONOUS) {
++ if (rc)
++ goto err;
++ } else {
++ if (rc != -EINPROGRESS && !rc)
++ goto err;
++ pkc->cookie = buf;
++ return rc;
++ }
++err:
++ kfree(buf);
++ return rc;
++}
++
++int crypto_kop_dh_key(struct cryptodev_pkc *pkc)
++{
++ struct kernel_crypt_kop *kop = &pkc->kop;
++ struct crypt_kop *cop = &kop->kop;
++ struct pkc_request *pkc_req;
++ struct dh_key_req_s *dh_req;
++ int buf_size;
++ uint8_t *buf;
++ int rc = -EINVAL;
++
++ pkc_req = &pkc->req;
++ dh_req = &pkc_req->req_u.dh_req;
++ dh_req->s_len = (cop->crk_param[0].crp_nbits + 7)/8;
++ dh_req->pub_key_len = (cop->crk_param[1].crp_nbits + 7)/8;
++ dh_req->q_len = (cop->crk_param[2].crp_nbits + 7)/8;
++ buf_size = dh_req->q_len + dh_req->pub_key_len + dh_req->s_len;
++ if (cop->crk_iparams == 4) {
++ pkc_req->type = ECDH_COMPUTE_KEY;
++ dh_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8;
++ dh_req->z_len = (cop->crk_param[4].crp_nbits + 7)/8;
++ buf_size += dh_req->ab_len;
++ } else {
++ dh_req->z_len = (cop->crk_param[3].crp_nbits + 7)/8;
++ pkc_req->type = DH_COMPUTE_KEY;
++ }
++ buf_size += dh_req->z_len;
++ buf = kzalloc(buf_size, GFP_DMA);
++ dh_req->q = buf;
++ dh_req->s = dh_req->q + dh_req->q_len;
++ dh_req->pub_key = dh_req->s + dh_req->s_len;
++ dh_req->z = dh_req->pub_key + dh_req->pub_key_len;
++ if (cop->crk_iparams == 4) {
++ dh_req->ab = dh_req->z + dh_req->z_len;
++ pkc_req->curve_type = cop->curve_type;
++ copy_from_user(dh_req->ab, cop->crk_param[3].crp_p,
++ dh_req->ab_len);
++ }
++ copy_from_user(dh_req->s, cop->crk_param[0].crp_p, dh_req->s_len);
++ copy_from_user(dh_req->pub_key, cop->crk_param[1].crp_p,
++ dh_req->pub_key_len);
++ copy_from_user(dh_req->q, cop->crk_param[2].crp_p, dh_req->q_len);
++ rc = cryptodev_pkc_offload(pkc);
++ if (pkc->type == SYNCHRONOUS) {
++ if (rc)
++ goto err;
++ if (cop->crk_iparams == 4)
++ copy_to_user(cop->crk_param[4].crp_p, dh_req->z,
++ dh_req->z_len);
++ else
++ copy_to_user(cop->crk_param[3].crp_p, dh_req->z,
++ dh_req->z_len);
++ } else {
++ if (rc != -EINPROGRESS && rc != 0)
++ goto err;
++
++ pkc->cookie = buf;
++ return rc;
++ }
++err:
++ kfree(buf);
++ return rc;
++}
++
++int crypto_modexp_crt(struct cryptodev_pkc *pkc)
++{
++ struct kernel_crypt_kop *kop = &pkc->kop;
++ struct crypt_kop *cop = &kop->kop;
++ struct pkc_request *pkc_req;
++ struct rsa_priv_frm3_req_s *rsa_req;
++ int rc;
++ uint8_t *buf;
++
++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits ||
++ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits)
++ return -EINVAL;
++
++ pkc_req = &pkc->req;
++ pkc_req->type = RSA_PRIV_FORM3;
++ rsa_req = &pkc_req->req_u.rsa_priv_f3;
++ rsa_req->p_len = (cop->crk_param[0].crp_nbits + 7)/8;
++ rsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8;
++ rsa_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8;
++ rsa_req->dp_len = (cop->crk_param[3].crp_nbits + 7)/8;
++ rsa_req->dq_len = (cop->crk_param[4].crp_nbits + 7)/8;
++ rsa_req->c_len = (cop->crk_param[5].crp_nbits + 7)/8;
++ rsa_req->f_len = (cop->crk_param[6].crp_nbits + 7)/8;
++ buf = kzalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len +
++ rsa_req->dp_len + rsa_req->dp_len + rsa_req->c_len +
++ rsa_req->g_len, GFP_DMA);
++ rsa_req->p = buf;
++ rsa_req->q = rsa_req->p + rsa_req->p_len;
++ rsa_req->g = rsa_req->q + rsa_req->q_len;
++ rsa_req->dp = rsa_req->g + rsa_req->g_len;
++ rsa_req->dq = rsa_req->dp + rsa_req->dp_len;
++ rsa_req->c = rsa_req->dq + rsa_req->dq_len;
++ rsa_req->f = rsa_req->c + rsa_req->c_len;
++ copy_from_user(rsa_req->p, cop->crk_param[0].crp_p, rsa_req->p_len);
++ copy_from_user(rsa_req->q, cop->crk_param[1].crp_p, rsa_req->q_len);
++ copy_from_user(rsa_req->g, cop->crk_param[2].crp_p, rsa_req->g_len);
++ copy_from_user(rsa_req->dp, cop->crk_param[3].crp_p, rsa_req->dp_len);
++ copy_from_user(rsa_req->dq, cop->crk_param[4].crp_p, rsa_req->dq_len);
++ copy_from_user(rsa_req->c, cop->crk_param[5].crp_p, rsa_req->c_len);
++ rc = cryptodev_pkc_offload(pkc);
++
++ if (pkc->type == SYNCHRONOUS) {
++ if (rc)
++ goto err;
++ copy_to_user(cop->crk_param[6].crp_p, rsa_req->f,
++ rsa_req->f_len);
++ } else {
++ if (rc != -EINPROGRESS && rc != 0)
++ goto err;
++
++ pkc->cookie = buf;
++ return rc;
++ }
++err:
++ kfree(buf);
++ return rc;
++}
++
++int crypto_bn_modexp(struct cryptodev_pkc *pkc)
++{
++ struct pkc_request *pkc_req;
++ struct rsa_pub_req_s *rsa_req;
++ int rc;
++ struct kernel_crypt_kop *kop = &pkc->kop;
++ struct crypt_kop *cop = &kop->kop;
++ uint8_t *buf;
++
++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits)
++ return -EINVAL;
++
++ pkc_req = &pkc->req;
++ pkc_req->type = RSA_PUB;
++ rsa_req = &pkc_req->req_u.rsa_pub_req;
++ rsa_req->f_len = (cop->crk_param[0].crp_nbits + 7)/8;
++ rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8;
++ rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8;
++ rsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8;
++ buf = kzalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len
++ + rsa_req->g_len, GFP_DMA);
++ if (!buf)
++ return -ENOMEM;
++
++ rsa_req->e = buf;
++ rsa_req->f = rsa_req->e + rsa_req->e_len;
++ rsa_req->g = rsa_req->f + rsa_req->f_len;
++ rsa_req->n = rsa_req->g + rsa_req->g_len;
++ copy_from_user(rsa_req->f, cop->crk_param[0].crp_p, rsa_req->f_len);
++ copy_from_user(rsa_req->e, cop->crk_param[1].crp_p, rsa_req->e_len);
++ copy_from_user(rsa_req->n, cop->crk_param[2].crp_p, rsa_req->n_len);
++ rc = cryptodev_pkc_offload(pkc);
++ if (pkc->type == SYNCHRONOUS) {
++ if (rc)
++ goto err;
++
++ copy_to_user(cop->crk_param[3].crp_p, rsa_req->g,
++ rsa_req->g_len);
++ } else {
++ if (rc != -EINPROGRESS && rc != 0)
++ goto err;
++
++ /* This one will be freed later in fetch handler */
++ pkc->cookie = buf;
++ return rc;
++ }
++err:
++ kfree(buf);
++ return rc;
++}
++
++int crypto_run_asym(struct cryptodev_pkc *pkc)
++{
++ int ret = -EINVAL;
++ struct kernel_crypt_kop *kop = &pkc->kop;
++
++ switch (kop->kop.crk_op) {
++ case CRK_MOD_EXP:
++ if (kop->kop.crk_iparams != 3 && kop->kop.crk_oparams != 1)
++ goto err;
++
++ ret = crypto_bn_modexp(pkc);
++ break;
++ case CRK_MOD_EXP_CRT:
++ if (kop->kop.crk_iparams != 6 && kop->kop.crk_oparams != 1)
++ goto err;
++
++ ret = crypto_modexp_crt(pkc);
++ break;
++ case CRK_DSA_SIGN:
++ if ((kop->kop.crk_iparams != 5 && kop->kop.crk_iparams != 6) ||
++ kop->kop.crk_oparams != 2)
++ goto err;
++
++ ret = crypto_kop_dsasign(pkc);
++ break;
++ case CRK_DSA_VERIFY:
++ if ((kop->kop.crk_iparams != 7 && kop->kop.crk_iparams != 8) ||
++ kop->kop.crk_oparams != 0)
++ goto err;
++
++ ret = crypto_kop_dsaverify(pkc);
++ break;
++ case CRK_DH_COMPUTE_KEY:
++ if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4) ||
++ kop->kop.crk_oparams != 1)
++ goto err;
++ ret = crypto_kop_dh_key(pkc);
++ break;
++ }
++err:
++ return ret;
++}
++
+ int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop)
+ {
+ struct csession *ses_ptr;
+--
+2.3.5
+
diff --git a/recipes-kernel/cryptodev/files/0004-Add-the-compile-and-install-rules-for-cryptodev-test.patch b/recipes-kernel/cryptodev/files/0004-Add-the-compile-and-install-rules-for-cryptodev-test.patch
new file mode 100644
index 00000000..25a52a9c
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0004-Add-the-compile-and-install-rules-for-cryptodev-test.patch
@@ -0,0 +1,65 @@
+From 188f30f6233d05eb62b58bf6d94a16bcbeeae0ee Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Mon, 27 Apr 2015 15:26:14 +0300
+Subject: [PATCH 4/4] Add the compile and install rules for cryptodev tests
+
+Change-Id: Ica10dc563c77220dcf0e0993515230df8a86c34d
+Signed-off-by: Yu Zongchun <b40527@freescale.com>
+---
+ Makefile | 6 ++++++
+ tests/Makefile | 8 ++++++++
+ 2 files changed, 14 insertions(+)
+
+diff --git a/Makefile b/Makefile
+index 855bb54..5497037 100644
+--- a/Makefile
++++ b/Makefile
+@@ -32,6 +32,9 @@ install: modules_install
+ modules_install:
+ make -C $(KERNEL_DIR) SUBDIRS=`pwd` modules_install
+
++install_tests:
++ make -C tests install DESTDIR=$(PREFIX)
++
+ clean:
+ make -C $(KERNEL_DIR) SUBDIRS=`pwd` clean
+ rm -f $(hostprogs) *~
+@@ -40,6 +43,9 @@ clean:
+ check:
+ CFLAGS=$(CRYPTODEV_CFLAGS) KERNEL_DIR=$(KERNEL_DIR) make -C tests check
+
++testprogs:
++ KERNEL_DIR=$(KERNEL_DIR) make -C tests testprogs
++
+ CPOPTS =
+ ifneq (${SHOW_TYPES},)
+ CPOPTS += --show-types
+diff --git a/tests/Makefile b/tests/Makefile
+index 20c52ba..67c3c83 100644
+--- a/tests/Makefile
++++ b/tests/Makefile
+@@ -19,6 +19,12 @@ example-async-hmac-objs := async_hmac.o
+ example-async-speed-objs := async_speed.o
+ example-hashcrypt-speed-objs := hashcrypt_speed.c
+
++install:
++ install -d $(DESTDIR)/usr/bin/tests_cryptodev
++ for bin in $(hostprogs); do \
++ install -m 755 $${bin} $(DESTDIR)/usr/bin/tests_cryptodev/; \
++ done
++
+ check: $(hostprogs)
+ ./cipher
+ ./hmac
+@@ -28,6 +34,8 @@ check: $(hostprogs)
+ ./cipher-gcm
+ ./cipher-aead
+
++testprogs: $(hostprogs)
++
+ clean:
+ rm -f *.o *~ $(hostprogs)
+
+--
+2.3.5
+
diff --git a/recipes-kernel/cryptodev/files/0004-Compat-versions-of-PKC-IOCTLs.patch b/recipes-kernel/cryptodev/files/0004-Compat-versions-of-PKC-IOCTLs.patch
new file mode 100644
index 00000000..2f35768b
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0004-Compat-versions-of-PKC-IOCTLs.patch
@@ -0,0 +1,200 @@
+From b109fbdb64de6be0dc2f0d2ef108cead34652495 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Fri, 7 Mar 2014 06:52:13 +0545
+Subject: [PATCH 04/15] Compat versions of PKC IOCTLs
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ cryptodev_int.h | 20 ++++++++++
+ ioctl.c | 120 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 140 insertions(+)
+
+diff --git a/cryptodev_int.h b/cryptodev_int.h
+index fdbcc61..cf54dac 100644
+--- a/cryptodev_int.h
++++ b/cryptodev_int.h
+@@ -75,6 +75,24 @@ struct compat_crypt_op {
+ compat_uptr_t iv;/* initialization vector for encryption operations */
+ };
+
++/* input of CIOCKEY */
++struct compat_crparam {
++ compat_uptr_t crp_p;
++ uint32_t crp_nbits;
++};
++
++struct compat_crypt_kop {
++ uint32_t crk_op; /* cryptodev_crk_ot_t */
++ uint32_t crk_status;
++ uint16_t crk_iparams;
++ uint16_t crk_oparams;
++ uint32_t crk_pad1;
++ struct compat_crparam crk_param[CRK_MAXPARAM];
++ enum curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME,
++ 2 = EC_BINARY */
++ compat_uptr_t cookie;
++};
++
+ /* input of CIOCAUTHCRYPT */
+ struct compat_crypt_auth_op {
+ uint32_t ses; /* session identifier */
+@@ -111,6 +129,8 @@ struct compat_crypt_auth_op {
+ #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op)
+ #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op)
+ #define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op)
++#define COMPAT_CIOCASYMASYNCRYPT _IOW('c', 110, struct compat_crypt_kop)
++#define COMPAT_CIOCASYMASYNFETCH _IOR('c', 111, struct compat_crypt_kop)
+
+ #endif /* CONFIG_COMPAT */
+
+diff --git a/ioctl.c b/ioctl.c
+index 69980e3..9431025 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -1081,6 +1081,68 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+ /* compatibility code for 32bit userlands */
+ #ifdef CONFIG_COMPAT
+
++static inline void compat_to_crypt_kop(struct compat_crypt_kop *compat,
++ struct crypt_kop *kop)
++{
++ int i;
++ kop->crk_op = compat->crk_op;
++ kop->crk_status = compat->crk_status;
++ kop->crk_iparams = compat->crk_iparams;
++ kop->crk_oparams = compat->crk_oparams;
++
++ for (i = 0; i < CRK_MAXPARAM; i++) {
++ kop->crk_param[i].crp_p =
++ compat_ptr(compat->crk_param[i].crp_p);
++ kop->crk_param[i].crp_nbits = compat->crk_param[i].crp_nbits;
++ }
++
++ kop->curve_type = compat->curve_type;
++ kop->cookie = compat->cookie;
++}
++
++static int compat_kop_from_user(struct kernel_crypt_kop *kop,
++ void __user *arg)
++{
++ struct compat_crypt_kop compat_kop;
++
++ if (unlikely(copy_from_user(&compat_kop, arg, sizeof(compat_kop))))
++ return -EFAULT;
++
++ compat_to_crypt_kop(&compat_kop, &kop->kop);
++ return fill_kop_from_cop(kop);
++}
++
++static inline void crypt_kop_to_compat(struct crypt_kop *kop,
++ struct compat_crypt_kop *compat)
++{
++ int i;
++
++ compat->crk_op = kop->crk_op;
++ compat->crk_status = kop->crk_status;
++ compat->crk_iparams = kop->crk_iparams;
++ compat->crk_oparams = kop->crk_oparams;
++
++ for (i = 0; i < CRK_MAXPARAM; i++) {
++ compat->crk_param[i].crp_p =
++ ptr_to_compat(kop->crk_param[i].crp_p);
++ compat->crk_param[i].crp_nbits = kop->crk_param[i].crp_nbits;
++ }
++ compat->cookie = kop->cookie;
++ compat->curve_type = kop->curve_type;
++}
++
++static int compat_kop_to_user(struct kernel_crypt_kop *kop, void __user *arg)
++{
++ struct compat_crypt_kop compat_kop;
++
++ crypt_kop_to_compat(&kop->kop, &compat_kop);
++ if (unlikely(copy_to_user(arg, &compat_kop, sizeof(compat_kop)))) {
++ dprintk(1, KERN_ERR, "Cannot copy to userspace\n");
++ return -EFAULT;
++ }
++ return 0;
++}
++
+ static inline void
+ compat_to_session_op(struct compat_session_op *compat, struct session_op *sop)
+ {
+@@ -1208,7 +1270,26 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
+ return -EFAULT;
+ }
+ return ret;
++ case COMPAT_CIOCKEY:
++ {
++ struct cryptodev_pkc *pkc =
++ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
++
++ if (!pkc)
++ return -ENOMEM;
++
++ ret = compat_kop_from_user(&pkc->kop, arg);
++
++ if (unlikely(ret)) {
++ kfree(pkc);
++ return ret;
++ }
+
++ pkc->type = SYNCHRONOUS;
++ ret = crypto_run_asym(pkc);
++ kfree(pkc);
++ }
++ return ret;
+ case COMPAT_CIOCCRYPT:
+ ret = compat_kcop_from_user(&kcop, fcr, arg);
+ if (unlikely(ret))
+@@ -1247,6 +1328,45 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
+
+ return compat_kcop_to_user(&kcop, fcr, arg);
+ #endif
++ case COMPAT_CIOCASYMASYNCRYPT:
++ {
++ struct cryptodev_pkc *pkc =
++ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
++
++ ret = compat_kop_from_user(&pkc->kop, arg);
++ if (unlikely(ret))
++ return -EINVAL;
++
++ /* Store associated FD priv data with asymmetric request */
++ pkc->priv = pcr;
++ pkc->type = ASYNCHRONOUS;
++ ret = crypto_run_asym(pkc);
++ if (ret == -EINPROGRESS)
++ ret = 0;
++ }
++ return ret;
++ case COMPAT_CIOCASYMASYNFETCH:
++ {
++ struct cryptodev_pkc *pkc;
++ unsigned long flags;
++
++ spin_lock_irqsave(&pcr->completion_lock, flags);
++ if (list_empty(&pcr->asym_completed_list)) {
++ spin_unlock_irqrestore(&pcr->completion_lock, flags);
++ return -ENOMEM;
++ }
++ pkc = list_first_entry(&pcr->asym_completed_list,
++ struct cryptodev_pkc, list);
++ list_del(&pkc->list);
++ spin_unlock_irqrestore(&pcr->completion_lock, flags);
++ ret = crypto_async_fetch_asym(pkc);
++
++ /* Reflect the updated request to user-space */
++ if (!ret)
++ compat_kop_to_user(&pkc->kop, arg);
++ kfree(pkc);
++ }
++ return ret;
+ default:
+ return -EINVAL;
+ }
+--
+2.3.5
+
diff --git a/recipes-kernel/cryptodev/files/0005-Asynchronous-interface-changes-in-cryptodev.patch b/recipes-kernel/cryptodev/files/0005-Asynchronous-interface-changes-in-cryptodev.patch
new file mode 100644
index 00000000..8827fb0f
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0005-Asynchronous-interface-changes-in-cryptodev.patch
@@ -0,0 +1,213 @@
+From 7594d5375d998eb25241750b623661ff021697d3 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Fri, 7 Mar 2014 07:24:00 +0545
+Subject: [PATCH 05/15] Asynchronous interface changes in cryptodev
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ cryptlib.h | 7 ++++-
+ crypto/cryptodev.h | 10 ++++++-
+ cryptodev_int.h | 10 ++++++-
+ ioctl.c | 76 +++++++++++++++++++++++++++++++++++++-----------------
+ 4 files changed, 76 insertions(+), 27 deletions(-)
+
+diff --git a/cryptlib.h b/cryptlib.h
+index 56d325a..7ffa54c 100644
+--- a/cryptlib.h
++++ b/cryptlib.h
+@@ -113,7 +113,12 @@ struct cryptodev_pkc {
+ struct pkc_request req; /* PKC request structure allocated
+ from CryptoAPI */
+ enum offload_type type; /* Synchronous Vs Asynchronous request */
+- void *cookie; /*Additional opaque cookie to be used in future */
++ /*
++ * cookie used for transfering tranparent information from async
++ * submission to async fetch. Currently some dynamic allocated
++ * buffers are maintained which will be freed later during fetch
++ */
++ void *cookie;
+ struct crypt_priv *priv;
+ };
+
+diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
+index 96675fe..4436fbf 100644
+--- a/crypto/cryptodev.h
++++ b/crypto/cryptodev.h
+@@ -254,6 +254,14 @@ struct crypt_kop {
+ void *cookie;
+ };
+
++#define MAX_COOKIES 4
++
++struct pkc_cookie_list_s {
++ int cookie_available;
++ void *cookie[MAX_COOKIES];
++ int status[MAX_COOKIES];
++};
++
+ enum cryptodev_crk_op_t {
+ CRK_MOD_EXP = 0,
+ CRK_MOD_EXP_CRT = 1,
+@@ -298,5 +306,5 @@ enum cryptodev_crk_op_t {
+ #define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op)
+ /* additional ioctls for asynchronous operation for asymmetric ciphers*/
+ #define CIOCASYMASYNCRYPT _IOW('c', 112, struct crypt_kop)
+-#define CIOCASYMASYNFETCH _IOR('c', 113, struct crypt_kop)
++#define CIOCASYMFETCHCOOKIE _IOR('c', 113, struct pkc_cookie_list_s)
+ #endif /* L_CRYPTODEV_H */
+diff --git a/cryptodev_int.h b/cryptodev_int.h
+index cf54dac..5347cae 100644
+--- a/cryptodev_int.h
++++ b/cryptodev_int.h
+@@ -93,6 +93,12 @@ struct compat_crypt_kop {
+ compat_uptr_t cookie;
+ };
+
++struct compat_pkc_cookie_list_s {
++ int cookie_available;
++ compat_uptr_t cookie[MAX_COOKIES];
++ int status[MAX_COOKIES];
++};
++
+ /* input of CIOCAUTHCRYPT */
+ struct compat_crypt_auth_op {
+ uint32_t ses; /* session identifier */
+@@ -126,11 +132,13 @@ struct compat_crypt_auth_op {
+ /* compat ioctls, defined for the above structs */
+ #define COMPAT_CIOCGSESSION _IOWR('c', 102, struct compat_session_op)
+ #define COMPAT_CIOCCRYPT _IOWR('c', 104, struct compat_crypt_op)
++#define COMPAT_CIOCKEY _IOW('c', 105, struct compat_crypt_kop)
+ #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op)
+ #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op)
+ #define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op)
+ #define COMPAT_CIOCASYMASYNCRYPT _IOW('c', 110, struct compat_crypt_kop)
+-#define COMPAT_CIOCASYMASYNFETCH _IOR('c', 111, struct compat_crypt_kop)
++#define COMPAT_CIOCASYMFETCHCOOKIE _IOR('c', 111, \
++ struct compat_pkc_cookie_list_s)
+
+ #endif /* CONFIG_COMPAT */
+
+diff --git a/ioctl.c b/ioctl.c
+index 9431025..e2f407f 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -105,8 +105,6 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err)
+ crypto_free_pkc(pkc->s);
+ res->err = err;
+ if (pkc->type == SYNCHRONOUS) {
+- if (err == -EINPROGRESS)
+- return;
+ complete(&res->completion);
+ } else {
+ struct crypt_priv *pcr = pkc->priv;
+@@ -1051,26 +1049,41 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+ ret = 0;
+ }
+ return ret;
+- case CIOCASYMASYNFETCH:
++ case CIOCASYMFETCHCOOKIE:
+ {
+ struct cryptodev_pkc *pkc;
+ unsigned long flags;
++ int i;
++ struct pkc_cookie_list_s cookie_list;
+
+ spin_lock_irqsave(&pcr->completion_lock, flags);
+- if (list_empty(&pcr->asym_completed_list)) {
+- spin_unlock_irqrestore(&pcr->completion_lock, flags);
+- return -ENOMEM;
++ cookie_list.cookie_available = 0;
++ for (i = 0; i < MAX_COOKIES; i++) {
++ if (!list_empty(&pcr->asym_completed_list)) {
++ /* Run a loop in the list for upto elements
++ and copy their response back */
++ pkc =
++ list_first_entry(&pcr->asym_completed_list,
++ struct cryptodev_pkc, list);
++ list_del(&pkc->list);
++ ret = crypto_async_fetch_asym(pkc);
++ if (!ret) {
++ cookie_list.cookie_available++;
++ cookie_list.cookie[i] =
++ pkc->kop.kop.cookie;
++ cookie_list.status[i] = pkc->result.err;
++ }
++ kfree(pkc);
++ } else {
++ break;
++ }
+ }
+- pkc = list_first_entry(&pcr->asym_completed_list,
+- struct cryptodev_pkc, list);
+- list_del(&pkc->list);
+ spin_unlock_irqrestore(&pcr->completion_lock, flags);
+- ret = crypto_async_fetch_asym(pkc);
+
+ /* Reflect the updated request to user-space */
+- if (!ret)
+- kop_to_user(&pkc->kop, arg);
+- kfree(pkc);
++ if (cookie_list.cookie_available)
++ copy_to_user(arg, &cookie_list,
++ sizeof(struct pkc_cookie_list_s));
+ }
+ return ret;
+ default:
+@@ -1345,26 +1358,41 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
+ ret = 0;
+ }
+ return ret;
+- case COMPAT_CIOCASYMASYNFETCH:
++ case COMPAT_CIOCASYMFETCHCOOKIE:
+ {
+ struct cryptodev_pkc *pkc;
+ unsigned long flags;
++ int i = 0;
++ struct compat_pkc_cookie_list_s cookie_list;
+
+ spin_lock_irqsave(&pcr->completion_lock, flags);
+- if (list_empty(&pcr->asym_completed_list)) {
+- spin_unlock_irqrestore(&pcr->completion_lock, flags);
+- return -ENOMEM;
++ cookie_list.cookie_available = 0;
++
++ for (i = 0; i < MAX_COOKIES; i++) {
++ if (!list_empty(&pcr->asym_completed_list)) {
++ /* Run a loop in the list for upto elements
++ and copy their response back */
++ pkc =
++ list_first_entry(&pcr->asym_completed_list,
++ struct cryptodev_pkc, list);
++ list_del(&pkc->list);
++ ret = crypto_async_fetch_asym(pkc);
++ if (!ret) {
++ cookie_list.cookie_available++;
++ cookie_list.cookie[i] =
++ pkc->kop.kop.cookie;
++ }
++ kfree(pkc);
++ } else {
++ break;
++ }
+ }
+- pkc = list_first_entry(&pcr->asym_completed_list,
+- struct cryptodev_pkc, list);
+- list_del(&pkc->list);
+ spin_unlock_irqrestore(&pcr->completion_lock, flags);
+- ret = crypto_async_fetch_asym(pkc);
+
+ /* Reflect the updated request to user-space */
+- if (!ret)
+- compat_kop_to_user(&pkc->kop, arg);
+- kfree(pkc);
++ if (cookie_list.cookie_available)
++ copy_to_user(arg, &cookie_list,
++ sizeof(struct compat_pkc_cookie_list_s));
+ }
+ return ret;
+ default:
+--
+2.3.5
+
diff --git a/recipes-kernel/cryptodev/files/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch b/recipes-kernel/cryptodev/files/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch
new file mode 100644
index 00000000..89cace37
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch
@@ -0,0 +1,212 @@
+From eccd6277b067cd85094eb057225cc0a983300b9f Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Fri, 7 Mar 2014 07:53:53 +0545
+Subject: [PATCH 06/15] ECC_KEYGEN and DLC_KEYGEN supported in cryptodev module
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ cryptlib.c | 2 ++
+ crypto/cryptodev.h | 5 +++-
+ ioctl.c | 29 +++++++++++++++++--
+ main.c | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 118 insertions(+), 3 deletions(-)
+
+diff --git a/cryptlib.c b/cryptlib.c
+index 6900028..47cd568 100644
+--- a/cryptlib.c
++++ b/cryptlib.c
+@@ -452,6 +452,8 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc)
+ case DSA_VERIFY:
+ case ECDSA_SIGN:
+ case ECDSA_VERIFY:
++ case DLC_KEYGEN:
++ case ECC_KEYGEN:
+ pkc->s = crypto_alloc_pkc("pkc(dsa)",
+ CRYPTO_ALG_TYPE_PKC_DSA, 0);
+ break;
+diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
+index 4436fbf..275a55c 100644
+--- a/crypto/cryptodev.h
++++ b/crypto/cryptodev.h
+@@ -268,6 +268,8 @@ enum cryptodev_crk_op_t {
+ CRK_DSA_SIGN = 2,
+ CRK_DSA_VERIFY = 3,
+ CRK_DH_COMPUTE_KEY = 4,
++ CRK_DSA_GENERATE_KEY = 5,
++ CRK_DH_GENERATE_KEY = 6,
+ CRK_ALGORITHM_ALL
+ };
+
+@@ -280,7 +282,8 @@ enum cryptodev_crk_op_t {
+ #define CRF_DSA_SIGN (1 << CRK_DSA_SIGN)
+ #define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY)
+ #define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY)
+-
++#define CRF_DSA_GENERATE_KEY (1 << CRK_DSA_GENERATE_KEY)
++#define CRF_DH_GENERATE_KEY (1 << CRK_DH_GENERATE_KEY)
+
+ /* ioctl's. Compatible with old linux cryptodev.h
+ */
+diff --git a/ioctl.c b/ioctl.c
+index e2f407f..1f0741a 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -726,6 +726,23 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
+ dh_req->z, dh_req->z_len);
+ }
+ break;
++ case CRK_DSA_GENERATE_KEY:
++ case CRK_DH_GENERATE_KEY:
++ {
++ struct keygen_req_s *key_req = &pkc_req->req_u.keygen;
++
++ if (pkc_req->type == ECC_KEYGEN) {
++ copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key,
++ key_req->pub_key_len);
++ copy_to_user(ckop->crk_param[5].crp_p,
++ key_req->priv_key, key_req->priv_key_len);
++ } else {
++ copy_to_user(ckop->crk_param[3].crp_p,
++ key_req->pub_key, key_req->pub_key_len);
++ copy_to_user(ckop->crk_param[4].crp_p,
++ key_req->priv_key, key_req->priv_key_len);
++ }
++ }
+ default:
+ ret = -EINVAL;
+ }
+@@ -939,8 +956,9 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+
+ switch (cmd) {
+ case CIOCASYMFEAT:
+- return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP |
+- CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY, p);
++ return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN |
++ CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY |
++ CRF_DSA_GENERATE_KEY, p);
+ case CRIOGET:
+ fd = clonefd(filp);
+ ret = put_user(fd, p);
+@@ -1084,7 +1102,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+ if (cookie_list.cookie_available)
+ copy_to_user(arg, &cookie_list,
+ sizeof(struct pkc_cookie_list_s));
++ else {
++ struct pkc_cookie_list_s *user_ck_list = (void *)arg;
++
++ put_user(0, &(user_ck_list->cookie_available));
++ }
++ ret = cookie_list.cookie_available;
+ }
++
+ return ret;
+ default:
+ return -EINVAL;
+diff --git a/main.c b/main.c
+index 0b7951e..c901bc7 100644
+--- a/main.c
++++ b/main.c
+@@ -342,6 +342,85 @@ err:
+ return rc;
+ }
+
++int crypto_kop_keygen(struct cryptodev_pkc *pkc)
++{
++ struct kernel_crypt_kop *kop = &pkc->kop;
++ struct crypt_kop *cop = &kop->kop;
++ struct pkc_request *pkc_req;
++ struct keygen_req_s *key_req;
++ int rc, buf_size;
++ uint8_t *buf;
++
++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits ||
++ !cop->crk_param[4].crp_nbits)
++ return -EINVAL;
++
++ pkc_req = &pkc->req;
++ key_req = &pkc_req->req_u.keygen;
++ key_req->q_len = (cop->crk_param[0].crp_nbits + 7)/8;
++ key_req->r_len = (cop->crk_param[1].crp_nbits + 7)/8;
++ key_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8;
++ if (cop->crk_iparams == 3) {
++ key_req->pub_key_len = (cop->crk_param[3].crp_nbits + 7)/8;
++ key_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8;
++ buf_size = key_req->q_len + key_req->r_len + key_req->g_len +
++ key_req->pub_key_len + key_req->priv_key_len;
++ pkc_req->type = DLC_KEYGEN;
++ } else {
++ key_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8;
++ key_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8;
++ key_req->priv_key_len = (cop->crk_param[5].crp_nbits + 7)/8;
++ buf_size = key_req->q_len + key_req->r_len + key_req->g_len +
++ key_req->pub_key_len + key_req->priv_key_len +
++ key_req->ab_len;
++ pkc_req->type = ECC_KEYGEN;
++ pkc_req->curve_type = cop->curve_type;
++ }
++
++ buf = kzalloc(buf_size, GFP_DMA);
++ if (!buf)
++ return -ENOMEM;
++
++ key_req->q = buf;
++ key_req->r = key_req->q + key_req->q_len;
++ key_req->g = key_req->r + key_req->r_len;
++ key_req->pub_key = key_req->g + key_req->g_len;
++ key_req->priv_key = key_req->pub_key + key_req->pub_key_len;
++ copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len);
++ copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len);
++ copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len);
++ if (cop->crk_iparams == 3) {
++ copy_from_user(key_req->pub_key, cop->crk_param[3].crp_p,
++ key_req->pub_key_len);
++ copy_from_user(key_req->priv_key, cop->crk_param[4].crp_p,
++ key_req->priv_key_len);
++ } else {
++ key_req->ab = key_req->priv_key + key_req->priv_key_len;
++ copy_from_user(key_req->ab, cop->crk_param[3].crp_p,
++ key_req->ab_len);
++ copy_from_user(key_req->pub_key, cop->crk_param[4].crp_p,
++ key_req->pub_key_len);
++ copy_from_user(key_req->priv_key, cop->crk_param[5].crp_p,
++ key_req->priv_key_len);
++ }
++
++ rc = cryptodev_pkc_offload(pkc);
++ if (pkc->type == SYNCHRONOUS) {
++ if (rc)
++ goto err;
++ } else {
++ if (rc != -EINPROGRESS && !rc)
++ goto err;
++
++ pkc->cookie = buf;
++ return rc;
++ }
++err:
++ kfree(buf);
++ return rc;
++}
++
+ int crypto_kop_dh_key(struct cryptodev_pkc *pkc)
+ {
+ struct kernel_crypt_kop *kop = &pkc->kop;
+@@ -554,6 +633,12 @@ int crypto_run_asym(struct cryptodev_pkc *pkc)
+ goto err;
+ ret = crypto_kop_dh_key(pkc);
+ break;
++ case CRK_DH_GENERATE_KEY:
++ case CRK_DSA_GENERATE_KEY:
++ if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4))
++ goto err;
++ ret = crypto_kop_keygen(pkc);
++ break;
+ }
+ err:
+ return ret;
+--
+2.3.5
+
diff --git a/recipes-kernel/cryptodev/files/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch b/recipes-kernel/cryptodev/files/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch
new file mode 100644
index 00000000..a76aca47
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch
@@ -0,0 +1,238 @@
+From 78c01e1882def52c72966c0e86913950ec201af9 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Fri, 7 Mar 2014 08:49:15 +0545
+Subject: [PATCH 07/15] RCU stall fixed in PKC asynchronous interface
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+---
+ ioctl.c | 23 +++++++++++------------
+ main.c | 43 +++++++++++++++++++++++++++----------------
+ 2 files changed, 38 insertions(+), 28 deletions(-)
+
+diff --git a/ioctl.c b/ioctl.c
+index 1f0741a..e4e16a8 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -108,10 +108,9 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err)
+ complete(&res->completion);
+ } else {
+ struct crypt_priv *pcr = pkc->priv;
+- unsigned long flags;
+- spin_lock_irqsave(&pcr->completion_lock, flags);
++ spin_lock_bh(&pcr->completion_lock);
+ list_add_tail(&pkc->list, &pcr->asym_completed_list);
+- spin_unlock_irqrestore(&pcr->completion_lock, flags);
++ spin_unlock_bh(&pcr->completion_lock);
+ /* wake for POLLIN */
+ wake_up_interruptible(&pcr->user_waiter);
+ }
+@@ -958,7 +957,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+ case CIOCASYMFEAT:
+ return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN |
+ CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY |
+- CRF_DSA_GENERATE_KEY, p);
++ CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p);
+ case CRIOGET:
+ fd = clonefd(filp);
+ ret = put_user(fd, p);
+@@ -997,7 +996,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+ case CIOCKEY:
+ {
+ struct cryptodev_pkc *pkc =
+- kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
++ kmalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
+
+ if (!pkc)
+ return -ENOMEM;
+@@ -1053,7 +1052,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+ case CIOCASYMASYNCRYPT:
+ {
+ struct cryptodev_pkc *pkc =
+- kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
++ kmalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
+ ret = kop_from_user(&pkc->kop, arg);
+
+ if (unlikely(ret))
+@@ -1070,13 +1069,12 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+ case CIOCASYMFETCHCOOKIE:
+ {
+ struct cryptodev_pkc *pkc;
+- unsigned long flags;
+ int i;
+ struct pkc_cookie_list_s cookie_list;
+
+- spin_lock_irqsave(&pcr->completion_lock, flags);
+ cookie_list.cookie_available = 0;
+ for (i = 0; i < MAX_COOKIES; i++) {
++ spin_lock_bh(&pcr->completion_lock);
+ if (!list_empty(&pcr->asym_completed_list)) {
+ /* Run a loop in the list for upto elements
+ and copy their response back */
+@@ -1084,6 +1082,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+ list_first_entry(&pcr->asym_completed_list,
+ struct cryptodev_pkc, list);
+ list_del(&pkc->list);
++ spin_unlock_bh(&pcr->completion_lock);
+ ret = crypto_async_fetch_asym(pkc);
+ if (!ret) {
+ cookie_list.cookie_available++;
+@@ -1093,10 +1092,10 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+ }
+ kfree(pkc);
+ } else {
++ spin_unlock_bh(&pcr->completion_lock);
+ break;
+ }
+ }
+- spin_unlock_irqrestore(&pcr->completion_lock, flags);
+
+ /* Reflect the updated request to user-space */
+ if (cookie_list.cookie_available)
+@@ -1386,14 +1385,13 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
+ case COMPAT_CIOCASYMFETCHCOOKIE:
+ {
+ struct cryptodev_pkc *pkc;
+- unsigned long flags;
+ int i = 0;
+ struct compat_pkc_cookie_list_s cookie_list;
+
+- spin_lock_irqsave(&pcr->completion_lock, flags);
+ cookie_list.cookie_available = 0;
+
+ for (i = 0; i < MAX_COOKIES; i++) {
++ spin_lock_bh(&pcr->completion_lock);
+ if (!list_empty(&pcr->asym_completed_list)) {
+ /* Run a loop in the list for upto elements
+ and copy their response back */
+@@ -1401,6 +1399,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
+ list_first_entry(&pcr->asym_completed_list,
+ struct cryptodev_pkc, list);
+ list_del(&pkc->list);
++ spin_unlock_bh(&pcr->completion_lock);
+ ret = crypto_async_fetch_asym(pkc);
+ if (!ret) {
+ cookie_list.cookie_available++;
+@@ -1409,10 +1408,10 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
+ }
+ kfree(pkc);
+ } else {
++ spin_unlock_bh(&pcr->completion_lock);
+ break;
+ }
+ }
+- spin_unlock_irqrestore(&pcr->completion_lock, flags);
+
+ /* Reflect the updated request to user-space */
+ if (cookie_list.cookie_available)
+diff --git a/main.c b/main.c
+index c901bc7..2747706 100644
+--- a/main.c
++++ b/main.c
+@@ -215,7 +215,9 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc)
+ pkc_req->type = DSA_SIGN;
+ }
+
+- buf = kzalloc(buf_size, GFP_DMA);
++ buf = kmalloc(buf_size, GFP_DMA);
++ if (!buf)
++ return -ENOMEM;
+
+ dsa_req->q = buf;
+ dsa_req->r = dsa_req->q + dsa_req->q_len;
+@@ -298,7 +300,9 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc)
+ pkc_req->type = DSA_VERIFY;
+ }
+
+- buf = kzalloc(buf_size, GFP_DMA);
++ buf = kmalloc(buf_size, GFP_DMA);
++ if (!buf)
++ return -ENOMEM;
+
+ dsa_req->q = buf;
+ dsa_req->r = dsa_req->q + dsa_req->q_len;
+@@ -378,7 +382,7 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
+ pkc_req->curve_type = cop->curve_type;
+ }
+
+- buf = kzalloc(buf_size, GFP_DMA);
++ buf = kmalloc(buf_size, GFP_DMA);
+ if (!buf)
+ return -ENOMEM;
+
+@@ -390,25 +394,28 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
+ copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len);
+ copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len);
+ copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len);
+- if (cop->crk_iparams == 3) {
+- copy_from_user(key_req->pub_key, cop->crk_param[3].crp_p,
+- key_req->pub_key_len);
+- copy_from_user(key_req->priv_key, cop->crk_param[4].crp_p,
+- key_req->priv_key_len);
+- } else {
++ if (cop->crk_iparams == 4) {
+ key_req->ab = key_req->priv_key + key_req->priv_key_len;
+ copy_from_user(key_req->ab, cop->crk_param[3].crp_p,
+ key_req->ab_len);
+- copy_from_user(key_req->pub_key, cop->crk_param[4].crp_p,
+- key_req->pub_key_len);
+- copy_from_user(key_req->priv_key, cop->crk_param[5].crp_p,
+- key_req->priv_key_len);
+ }
+
+ rc = cryptodev_pkc_offload(pkc);
+ if (pkc->type == SYNCHRONOUS) {
+ if (rc)
+ goto err;
++
++ if (cop->crk_iparams == 4) {
++ copy_to_user(cop->crk_param[4].crp_p, key_req->pub_key,
++ key_req->pub_key_len);
++ copy_to_user(cop->crk_param[5].crp_p, key_req->priv_key,
++ key_req->priv_key_len);
++ } else {
++ copy_to_user(cop->crk_param[3].crp_p, key_req->pub_key,
++ key_req->pub_key_len);
++ copy_to_user(cop->crk_param[4].crp_p,
++ key_req->priv_key, key_req->priv_key_len);
++ }
+ } else {
+ if (rc != -EINPROGRESS && !rc)
+ goto err;
+@@ -447,7 +454,9 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc)
+ pkc_req->type = DH_COMPUTE_KEY;
+ }
+ buf_size += dh_req->z_len;
+- buf = kzalloc(buf_size, GFP_DMA);
++ buf = kmalloc(buf_size, GFP_DMA);
++ if (!buf)
++ return -ENOMEM;
+ dh_req->q = buf;
+ dh_req->s = dh_req->q + dh_req->q_len;
+ dh_req->pub_key = dh_req->s + dh_req->s_len;
+@@ -508,9 +517,11 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc)
+ rsa_req->dq_len = (cop->crk_param[4].crp_nbits + 7)/8;
+ rsa_req->c_len = (cop->crk_param[5].crp_nbits + 7)/8;
+ rsa_req->f_len = (cop->crk_param[6].crp_nbits + 7)/8;
+- buf = kzalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len +
++ buf = kmalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len +
+ rsa_req->dp_len + rsa_req->dp_len + rsa_req->c_len +
+ rsa_req->g_len, GFP_DMA);
++ if (!buf)
++ return -ENOMEM;
+ rsa_req->p = buf;
+ rsa_req->q = rsa_req->p + rsa_req->p_len;
+ rsa_req->g = rsa_req->q + rsa_req->q_len;
+@@ -563,7 +574,7 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc)
+ rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8;
+ rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8;
+ rsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8;
+- buf = kzalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len
++ buf = kmalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len
+ + rsa_req->g_len, GFP_DMA);
+ if (!buf)
+ return -ENOMEM;
+--
+2.3.5
+
diff --git a/recipes-kernel/cryptodev/files/0008-Add-RSA-Key-generation-offloading.patch b/recipes-kernel/cryptodev/files/0008-Add-RSA-Key-generation-offloading.patch
new file mode 100644
index 00000000..d251c660
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0008-Add-RSA-Key-generation-offloading.patch
@@ -0,0 +1,170 @@
+From 5127db3483a2e4f6dc13330bea7237931c5f15a0 Mon Sep 17 00:00:00 2001
+From: Hou Zhiqiang <B48286@freescale.com>
+Date: Wed, 19 Mar 2014 14:02:46 +0800
+Subject: [PATCH 08/15] Add RSA Key generation offloading
+
+Upstream-status: Pending
+
+Signed-off-by: Hou Zhiqiang <B48286@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ cryptlib.c | 1 +
+ crypto/cryptodev.h | 2 ++
+ ioctl.c | 3 +-
+ main.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
+ 4 files changed, 84 insertions(+), 2 deletions(-)
+
+diff --git a/cryptlib.c b/cryptlib.c
+index 47cd568..4dd1847 100644
+--- a/cryptlib.c
++++ b/cryptlib.c
+@@ -441,6 +441,7 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc)
+ struct pkc_request *pkc_req = &pkc->req, *pkc_requested;
+
+ switch (pkc_req->type) {
++ case RSA_KEYGEN:
+ case RSA_PUB:
+ case RSA_PRIV_FORM1:
+ case RSA_PRIV_FORM2:
+diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
+index 275a55c..d0cc542 100644
+--- a/crypto/cryptodev.h
++++ b/crypto/cryptodev.h
+@@ -270,6 +270,7 @@ enum cryptodev_crk_op_t {
+ CRK_DH_COMPUTE_KEY = 4,
+ CRK_DSA_GENERATE_KEY = 5,
+ CRK_DH_GENERATE_KEY = 6,
++ CRK_RSA_GENERATE_KEY = 7,
+ CRK_ALGORITHM_ALL
+ };
+
+@@ -279,6 +280,7 @@ enum cryptodev_crk_op_t {
+ */
+ #define CRF_MOD_EXP (1 << CRK_MOD_EXP)
+ #define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT)
++#define CRF_RSA_GENERATE_KEY (1 << CRK_RSA_GENERATE_KEY)
+ #define CRF_DSA_SIGN (1 << CRK_DSA_SIGN)
+ #define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY)
+ #define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY)
+diff --git a/ioctl.c b/ioctl.c
+index e4e16a8..3762a47 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -957,7 +957,8 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+ case CIOCASYMFEAT:
+ return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN |
+ CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY |
+- CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p);
++ CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY |
++ CRF_RSA_GENERATE_KEY, p);
+ case CRIOGET:
+ fd = clonefd(filp);
+ ret = put_user(fd, p);
+diff --git a/main.c b/main.c
+index 2747706..14dcf40 100644
+--- a/main.c
++++ b/main.c
+@@ -346,6 +346,82 @@ err:
+ return rc;
+ }
+
++int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc)
++{
++ struct kernel_crypt_kop *kop = &pkc->kop;
++ struct crypt_kop *cop = &kop->kop;
++ struct pkc_request *pkc_req;
++ struct rsa_keygen_req_s *key_req;
++ int rc, buf_size;
++ uint8_t *buf;
++
++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits ||
++ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits ||
++ !cop->crk_param[6].crp_nbits)
++ return -EINVAL;
++
++ pkc_req = &pkc->req;
++ pkc_req->type = RSA_KEYGEN;
++ key_req = &pkc_req->req_u.rsa_keygen;
++ key_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8;
++ key_req->p_len = (cop->crk_param[0].crp_nbits + 7) / 8;
++ key_req->q_len = (cop->crk_param[1].crp_nbits + 7) / 8;
++ key_req->n_len = (cop->crk_param[2].crp_nbits + 7) / 8;
++ key_req->d_len = (cop->crk_param[3].crp_nbits + 7) / 8;
++ key_req->dp_len = (cop->crk_param[4].crp_nbits + 7) / 8;
++ key_req->dq_len = (cop->crk_param[5].crp_nbits + 7) / 8;
++ key_req->c_len = (cop->crk_param[6].crp_nbits + 7) / 8;
++
++ buf_size = key_req->p_len + key_req->q_len + key_req->n_len +
++ key_req->d_len + key_req->dp_len +
++ key_req->dq_len + key_req->c_len;
++
++ buf = kmalloc(buf_size, GFP_DMA);
++ if (!buf)
++ return -ENOMEM;
++ key_req->p = buf;
++ key_req->q = key_req->p + key_req->p_len;
++ key_req->n = key_req->q + key_req->q_len;
++ key_req->d = key_req->n + key_req->n_len;
++ key_req->dp = key_req->d + key_req->d_len;
++ key_req->dq = key_req->dp + key_req->dp_len;
++ key_req->c = key_req->dq + key_req->dq_len;
++
++ rc = cryptodev_pkc_offload(pkc);
++
++ if (pkc->type == SYNCHRONOUS) {
++ if (rc)
++ goto err;
++
++ copy_to_user(cop->crk_param[0].crp_p,
++ key_req->p, key_req->p_len);
++ copy_to_user(cop->crk_param[1].crp_p,
++ key_req->q, key_req->q_len);
++ copy_to_user(cop->crk_param[2].crp_p,
++ key_req->n, key_req->n_len);
++ copy_to_user(cop->crk_param[3].crp_p,
++ key_req->d, key_req->d_len);
++ copy_to_user(cop->crk_param[4].crp_p,
++ key_req->dp, key_req->dp_len);
++ copy_to_user(cop->crk_param[5].crp_p,
++ key_req->dq, key_req->dq_len);
++ copy_to_user(cop->crk_param[6].crp_p,
++ key_req->c, key_req->c_len);
++ } else {
++ if (rc != -EINPROGRESS && !rc) {
++ printk("%s: Failed\n", __func__);
++ goto err;
++ }
++ pkc->cookie = buf;
++ return rc;
++ }
++err:
++ kfree(buf);
++ return rc;
++
++}
++
+ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
+ {
+ struct kernel_crypt_kop *kop = &pkc->kop;
+@@ -385,7 +461,6 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
+ buf = kmalloc(buf_size, GFP_DMA);
+ if (!buf)
+ return -ENOMEM;
+-
+ key_req->q = buf;
+ key_req->r = key_req->q + key_req->q_len;
+ key_req->g = key_req->r + key_req->r_len;
+@@ -650,6 +725,9 @@ int crypto_run_asym(struct cryptodev_pkc *pkc)
+ goto err;
+ ret = crypto_kop_keygen(pkc);
+ break;
++ case CRK_RSA_GENERATE_KEY:
++ ret = crypto_kop_rsa_keygen(pkc);
++ break;
+ }
+ err:
+ return ret;
+--
+2.3.5
+
diff --git a/recipes-kernel/cryptodev/files/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch b/recipes-kernel/cryptodev/files/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch
new file mode 100644
index 00000000..2213faec
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch
@@ -0,0 +1,160 @@
+From 800af48d0c26830943ca2308dd426b5b09811750 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Thu, 17 Apr 2014 07:08:47 +0545
+Subject: [PATCH 09/15] Fixed compilation error of openssl with fsl cryptodev
+
+Upstream-status: Pending
+
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ authenc.c | 1 +
+ cryptlib.c | 9 ++++-----
+ crypto/cryptodev.h | 9 ++++++++-
+ cryptodev_int.h | 2 +-
+ ioctl.c | 8 ++++++--
+ main.c | 1 +
+ 6 files changed, 21 insertions(+), 9 deletions(-)
+
+diff --git a/authenc.c b/authenc.c
+index ef0d3db..2aa4d38 100644
+--- a/authenc.c
++++ b/authenc.c
+@@ -2,6 +2,7 @@
+ * Driver for /dev/crypto device (aka CryptoDev)
+ *
+ * Copyright (c) 2011, 2012 OpenSSL Software Foundation, Inc.
++ * Copyright (c) 2014 Freescale Semiconductor, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+diff --git a/cryptlib.c b/cryptlib.c
+index 4dd1847..ec6693e 100644
+--- a/cryptlib.c
++++ b/cryptlib.c
+@@ -4,8 +4,7 @@
+ * Copyright (c) 2010,2011 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+ * Portions Copyright (c) 2010 Michael Weiser
+ * Portions Copyright (c) 2010 Phil Sutter
+- *
+- * Copyright 2012 Freescale Semiconductor, Inc.
++ * Copyright 2012-2014 Freescale Semiconductor, Inc.
+ *
+ * This file is part of linux cryptodev.
+ *
+@@ -144,7 +143,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name,
+ if (alg->max_keysize > 0 &&
+ unlikely((keylen < alg->min_keysize) ||
+ (keylen > alg->max_keysize))) {
+- ddebug(1, "Wrong keylen '%zu' for algorithm '%s'. Use %u to %u.",
++ ddebug(1, "Wrong keylen '%u' for algorithm '%s'. Use %u to %u.",
+ keylen, alg_name, alg->min_keysize, alg->max_keysize);
+ ret = -EINVAL;
+ goto error;
+@@ -171,7 +170,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name,
+ }
+
+ if (unlikely(ret)) {
+- ddebug(1, "Setting key failed for %s-%zu.", alg_name, keylen*8);
++ ddebug(1, "Setting key failed for %s-%u.", alg_name, keylen*8);
+ ret = -EINVAL;
+ goto error;
+ }
+@@ -338,7 +337,7 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name,
+ if (hmac_mode != 0) {
+ ret = crypto_ahash_setkey(hdata->async.s, mackey, mackeylen);
+ if (unlikely(ret)) {
+- ddebug(1, "Setting hmac key failed for %s-%zu.",
++ ddebug(1, "Setting hmac key failed for %s-%u.",
+ alg_name, mackeylen*8);
+ ret = -EINVAL;
+ goto error;
+diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
+index d0cc542..e7edd97 100644
+--- a/crypto/cryptodev.h
++++ b/crypto/cryptodev.h
+@@ -234,6 +234,13 @@ struct crypt_auth_op {
+ #define CRYPTO_ALG_FLAG_RNG_ENABLE 2
+ #define CRYPTO_ALG_FLAG_DSA_SHA 4
+
++enum ec_curve_t {
++ EC_DISCRETE_LOG,
++ EC_PRIME,
++ EC_BINARY,
++ MAX_EC_TYPE
++};
++
+ struct crparam {
+ __u8 *crp_p;
+ __u32 crp_nbits;
+@@ -249,7 +256,7 @@ struct crypt_kop {
+ __u16 crk_oparams;
+ __u32 crk_pad1;
+ struct crparam crk_param[CRK_MAXPARAM];
+- enum curve_t curve_type; /* 0 == Discrete Log,
++ enum ec_curve_t curve_type; /* 0 == Discrete Log,
+ 1 = EC_PRIME, 2 = EC_BINARY */
+ void *cookie;
+ };
+diff --git a/cryptodev_int.h b/cryptodev_int.h
+index 5347cae..c83c885 100644
+--- a/cryptodev_int.h
++++ b/cryptodev_int.h
+@@ -88,7 +88,7 @@ struct compat_crypt_kop {
+ uint16_t crk_oparams;
+ uint32_t crk_pad1;
+ struct compat_crparam crk_param[CRK_MAXPARAM];
+- enum curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME,
++ enum ec_curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME,
+ 2 = EC_BINARY */
+ compat_uptr_t cookie;
+ };
+diff --git a/ioctl.c b/ioctl.c
+index 3762a47..c97320b 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -4,7 +4,7 @@
+ * Copyright (c) 2004 Michal Ludvig <mludvig@logix.net.nz>, SuSE Labs
+ * Copyright (c) 2009,2010,2011 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+ * Copyright (c) 2010 Phil Sutter
+- * Copyright 2012 Freescale Semiconductor, Inc.
++ * Copyright 2012-2014 Freescale Semiconductor, Inc.
+ *
+ * This file is part of linux cryptodev.
+ *
+@@ -501,6 +501,7 @@ cryptodev_open(struct inode *inode, struct file *filp)
+ INIT_LIST_HEAD(&pcr->done.list);
+ INIT_LIST_HEAD(&pcr->asym_completed_list);
+ spin_lock_init(&pcr->completion_lock);
++
+ INIT_WORK(&pcr->cryptask, cryptask_routine);
+
+ init_waitqueue_head(&pcr->user_waiter);
+@@ -780,8 +781,11 @@ static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr)
+
+ if (cop->iv) {
+ rc = copy_from_user(kcop->iv, cop->iv, kcop->ivlen);
+- if (unlikely(rc))
++ if (unlikely(rc)) {
++ derr(1, "error copying IV (%d bytes), copy_from_user returned %d for address %p",
++ kcop->ivlen, rc, cop->iv);
+ return -EFAULT;
++ }
+ }
+
+ return 0;
+diff --git a/main.c b/main.c
+index 14dcf40..6365911 100644
+--- a/main.c
++++ b/main.c
+@@ -3,6 +3,7 @@
+ *
+ * Copyright (c) 2004 Michal Ludvig <mludvig@logix.net.nz>, SuSE Labs
+ * Copyright (c) 2009-2013 Nikos Mavrogiannopoulos <nmav@gnutls.org>
++ * Copyright (c) 2014 Freescale Semiconductor, Inc.
+ *
+ * This file is part of linux cryptodev.
+ *
+--
+2.3.5
+
diff --git a/recipes-kernel/cryptodev/files/0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch b/recipes-kernel/cryptodev/files/0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch
new file mode 100644
index 00000000..20321595
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch
@@ -0,0 +1,54 @@
+From 55ee0ae703a68db74a492f5910937260502b9602 Mon Sep 17 00:00:00 2001
+From: Tudor Ambarus <tudor.ambarus@freescale.com>
+Date: Tue, 10 Jun 2014 08:27:59 +0300
+Subject: [PATCH 10/15] add support for composite TLS10(SHA1,3DES) algorithm
+ offload
+
+This adds support for composite algorithm offload in a single crypto
+(cipher + hmac) operation.
+
+It requires either software or hardware TLS support in the Linux kernel
+and can be used with Freescale B*, P* and T* platforms that have support
+for hardware TLS acceleration.
+
+Change-Id: Ibce0ceb4174809c9c96b453cd3202bc5220ff084
+Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/34000
+Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/cryptodev.h | 1 +
+ ioctl.c | 5 +++++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
+index e7edd97..07f40b2 100644
+--- a/crypto/cryptodev.h
++++ b/crypto/cryptodev.h
+@@ -55,6 +55,7 @@ enum cryptodev_crypto_op_t {
+ CRYPTO_SHA2_512,
+ CRYPTO_SHA2_224_HMAC,
+ CRYPTO_TLS10_AES_CBC_HMAC_SHA1,
++ CRYPTO_TLS10_3DES_CBC_HMAC_SHA1,
+ CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
+ };
+
+diff --git a/ioctl.c b/ioctl.c
+index c97320b..574e913 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -191,6 +191,11 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
+ stream = 0;
+ aead = 1;
+ break;
++ case CRYPTO_TLS10_3DES_CBC_HMAC_SHA1:
++ alg_name = "tls10(hmac(sha1),cbc(des3_ede))";
++ stream = 0;
++ aead = 1;
++ break;
+ case CRYPTO_NULL:
+ alg_name = "ecb(cipher_null)";
+ stream = 1;
+--
+2.3.5
+
diff --git a/recipes-kernel/cryptodev/files/0011-add-support-for-TLSv1.1-record-offload.patch b/recipes-kernel/cryptodev/files/0011-add-support-for-TLSv1.1-record-offload.patch
new file mode 100644
index 00000000..37862b55
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0011-add-support-for-TLSv1.1-record-offload.patch
@@ -0,0 +1,76 @@
+From 06cca15fd0412ae872c2b2c5d50216e1eb34fc50 Mon Sep 17 00:00:00 2001
+From: Tudor Ambarus <tudor.ambarus@freescale.com>
+Date: Tue, 31 Mar 2015 16:15:47 +0300
+Subject: [PATCH 11/15] add support for TLSv1.1 record offload
+
+This adds support for composite algorithm offload in a single crypto
+(cipher + hmac) operation.
+
+Supported cipher suites:
+- 3des-ede-cbc-sha
+- aes-128-cbc-hmac-sha
+- aes-256-cbc-hmac-sha
+
+It requires either software or hardware TLS support in the Linux kernel
+and can be used with Freescale B*, P* and T* platforms that have support
+for hardware TLS acceleration.
+
+Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
+Change-Id: Ia5f3fa7ec090d5643d71b0f608c68a274ec6b51f
+Reviewed-on: http://git.am.freescale.net:8181/33998
+Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/cryptodev.h | 4 +++-
+ ioctl.c | 14 ++++++++++++--
+ 2 files changed, 15 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
+index 07f40b2..61e8599 100644
+--- a/crypto/cryptodev.h
++++ b/crypto/cryptodev.h
+@@ -54,8 +54,10 @@ enum cryptodev_crypto_op_t {
+ CRYPTO_SHA2_384,
+ CRYPTO_SHA2_512,
+ CRYPTO_SHA2_224_HMAC,
+- CRYPTO_TLS10_AES_CBC_HMAC_SHA1,
+ CRYPTO_TLS10_3DES_CBC_HMAC_SHA1,
++ CRYPTO_TLS10_AES_CBC_HMAC_SHA1,
++ CRYPTO_TLS11_3DES_CBC_HMAC_SHA1,
++ CRYPTO_TLS11_AES_CBC_HMAC_SHA1,
+ CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
+ };
+
+diff --git a/ioctl.c b/ioctl.c
+index 574e913..ba82387 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -186,13 +186,23 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
+ stream = 1;
+ aead = 1;
+ break;
++ case CRYPTO_TLS10_3DES_CBC_HMAC_SHA1:
++ alg_name = "tls10(hmac(sha1),cbc(des3_ede))";
++ stream = 0;
++ aead = 1;
++ break;
+ case CRYPTO_TLS10_AES_CBC_HMAC_SHA1:
+ alg_name = "tls10(hmac(sha1),cbc(aes))";
+ stream = 0;
+ aead = 1;
+ break;
+- case CRYPTO_TLS10_3DES_CBC_HMAC_SHA1:
+- alg_name = "tls10(hmac(sha1),cbc(des3_ede))";
++ case CRYPTO_TLS11_3DES_CBC_HMAC_SHA1:
++ alg_name = "tls11(hmac(sha1),cbc(des3_ede))";
++ stream = 0;
++ aead = 1;
++ break;
++ case CRYPTO_TLS11_AES_CBC_HMAC_SHA1:
++ alg_name = "tls11(hmac(sha1),cbc(aes))";
+ stream = 0;
+ aead = 1;
+ break;
+--
+2.3.5
+
diff --git a/recipes-kernel/cryptodev/files/0012-add-support-for-TLSv1.2-record-offload.patch b/recipes-kernel/cryptodev/files/0012-add-support-for-TLSv1.2-record-offload.patch
new file mode 100644
index 00000000..6aa672a7
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0012-add-support-for-TLSv1.2-record-offload.patch
@@ -0,0 +1,72 @@
+From 15999e402dd7472cafe51be3fd0ce66433ca924b Mon Sep 17 00:00:00 2001
+From: Tudor Ambarus <tudor.ambarus@freescale.com>
+Date: Tue, 31 Mar 2015 16:16:28 +0300
+Subject: [PATCH 12/15] add support for TLSv1.2 record offload
+
+This adds support for composite algorithm offload in a single crypto
+(cipher + hmac) operation.
+
+Supported cipher suites:
+- 3des-ede-cbc-sha
+- aes-128-cbc-hmac-sha
+- aes-256-cbc-hmac-sha
+- aes-128-cbc-hmac-sha256
+- aes-256-cbc-hmac-sha256
+
+It requires either software or hardware TLS support in the Linux kernel
+and can be used with Freescale B*, P* and T* platforms that have support
+for hardware TLS acceleration.
+
+Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
+Change-Id: I21f45993505fc3dad09848a13aa20f778a7c2de0
+Reviewed-on: http://git.am.freescale.net:8181/33999
+Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/cryptodev.h | 3 +++
+ ioctl.c | 15 +++++++++++++++
+ 2 files changed, 18 insertions(+)
+
+diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
+index 61e8599..f6058ca 100644
+--- a/crypto/cryptodev.h
++++ b/crypto/cryptodev.h
+@@ -58,6 +58,9 @@ enum cryptodev_crypto_op_t {
+ CRYPTO_TLS10_AES_CBC_HMAC_SHA1,
+ CRYPTO_TLS11_3DES_CBC_HMAC_SHA1,
+ CRYPTO_TLS11_AES_CBC_HMAC_SHA1,
++ CRYPTO_TLS12_3DES_CBC_HMAC_SHA1,
++ CRYPTO_TLS12_AES_CBC_HMAC_SHA1,
++ CRYPTO_TLS12_AES_CBC_HMAC_SHA256,
+ CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
+ };
+
+diff --git a/ioctl.c b/ioctl.c
+index ba82387..fb4c4e3 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -206,6 +206,21 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
+ stream = 0;
+ aead = 1;
+ break;
++ case CRYPTO_TLS12_3DES_CBC_HMAC_SHA1:
++ alg_name = "tls12(hmac(sha1),cbc(des3_ede))";
++ stream = 0;
++ aead = 1;
++ break;
++ case CRYPTO_TLS12_AES_CBC_HMAC_SHA1:
++ alg_name = "tls12(hmac(sha1),cbc(aes))";
++ stream = 0;
++ aead = 1;
++ break;
++ case CRYPTO_TLS12_AES_CBC_HMAC_SHA256:
++ alg_name = "tls12(hmac(sha256),cbc(aes))";
++ stream = 0;
++ aead = 1;
++ break;
+ case CRYPTO_NULL:
+ alg_name = "ecb(cipher_null)";
+ stream = 1;
+--
+2.3.5
+
diff --git a/recipes-kernel/cryptodev/files/0013-clean-up-code-layout.patch b/recipes-kernel/cryptodev/files/0013-clean-up-code-layout.patch
new file mode 100644
index 00000000..86cf6a2b
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0013-clean-up-code-layout.patch
@@ -0,0 +1,186 @@
+From 39abcb9cea60540528e848d6c66169c36d666861 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Fri, 20 Feb 2015 12:46:58 +0200
+Subject: [PATCH 13/15] clean-up code layout
+
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Change-Id: I92c2f4baeed9470a2c3c42b592d878e65918b0af
+Reviewed-on: http://git.am.freescale.net:8181/34222
+---
+ cryptlib.c | 11 ++++-------
+ ioctl.c | 55 +++++++++++++++++++++----------------------------------
+ main.c | 4 +---
+ 3 files changed, 26 insertions(+), 44 deletions(-)
+
+diff --git a/cryptlib.c b/cryptlib.c
+index ec6693e..21e691b 100644
+--- a/cryptlib.c
++++ b/cryptlib.c
+@@ -434,7 +434,7 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output)
+ return waitfor(hdata->async.result, ret);
+ }
+
+-int cryptodev_pkc_offload(struct cryptodev_pkc *pkc)
++int cryptodev_pkc_offload(struct cryptodev_pkc *pkc)
+ {
+ int ret = 0;
+ struct pkc_request *pkc_req = &pkc->req, *pkc_requested;
+@@ -445,8 +445,7 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc)
+ case RSA_PRIV_FORM1:
+ case RSA_PRIV_FORM2:
+ case RSA_PRIV_FORM3:
+- pkc->s = crypto_alloc_pkc("pkc(rsa)",
+- CRYPTO_ALG_TYPE_PKC_RSA, 0);
++ pkc->s = crypto_alloc_pkc("pkc(rsa)", CRYPTO_ALG_TYPE_PKC_RSA, 0);
+ break;
+ case DSA_SIGN:
+ case DSA_VERIFY:
+@@ -454,13 +453,11 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc)
+ case ECDSA_VERIFY:
+ case DLC_KEYGEN:
+ case ECC_KEYGEN:
+- pkc->s = crypto_alloc_pkc("pkc(dsa)",
+- CRYPTO_ALG_TYPE_PKC_DSA, 0);
++ pkc->s = crypto_alloc_pkc("pkc(dsa)", CRYPTO_ALG_TYPE_PKC_DSA, 0);
+ break;
+ case DH_COMPUTE_KEY:
+ case ECDH_COMPUTE_KEY:
+- pkc->s = crypto_alloc_pkc("pkc(dh)",
+- CRYPTO_ALG_TYPE_PKC_DH, 0);
++ pkc->s = crypto_alloc_pkc("pkc(dh)", CRYPTO_ALG_TYPE_PKC_DH, 0);
+ break;
+ default:
+ return -EINVAL;
+diff --git a/ioctl.c b/ioctl.c
+index fb4c4e3..ee0486c 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -714,16 +714,13 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
+ case CRK_MOD_EXP:
+ {
+ struct rsa_pub_req_s *rsa_req = &pkc_req->req_u.rsa_pub_req;
+- copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g,
+- rsa_req->g_len);
++ copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len);
+ }
+ break;
+ case CRK_MOD_EXP_CRT:
+ {
+- struct rsa_priv_frm3_req_s *rsa_req =
+- &pkc_req->req_u.rsa_priv_f3;
+- copy_to_user(ckop->crk_param[6].crp_p,
+- rsa_req->f, rsa_req->f_len);
++ struct rsa_priv_frm3_req_s *rsa_req = &pkc_req->req_u.rsa_priv_f3;
++ copy_to_user(ckop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len);
+ }
+ break;
+ case CRK_DSA_SIGN:
+@@ -731,15 +728,11 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
+ struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign;
+
+ if (pkc_req->type == ECDSA_SIGN) {
+- copy_to_user(ckop->crk_param[6].crp_p,
+- dsa_req->c, dsa_req->d_len);
+- copy_to_user(ckop->crk_param[7].crp_p,
+- dsa_req->d, dsa_req->d_len);
++ copy_to_user(ckop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len);
++ copy_to_user(ckop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len);
+ } else {
+- copy_to_user(ckop->crk_param[5].crp_p,
+- dsa_req->c, dsa_req->d_len);
+- copy_to_user(ckop->crk_param[6].crp_p,
+- dsa_req->d, dsa_req->d_len);
++ copy_to_user(ckop->crk_param[5].crp_p, dsa_req->c, dsa_req->d_len);
++ copy_to_user(ckop->crk_param[6].crp_p, dsa_req->d, dsa_req->d_len);
+ }
+ }
+ break;
+@@ -749,11 +742,9 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
+ {
+ struct dh_key_req_s *dh_req = &pkc_req->req_u.dh_req;
+ if (pkc_req->type == ECDH_COMPUTE_KEY)
+- copy_to_user(ckop->crk_param[4].crp_p,
+- dh_req->z, dh_req->z_len);
++ copy_to_user(ckop->crk_param[4].crp_p, dh_req->z, dh_req->z_len);
+ else
+- copy_to_user(ckop->crk_param[3].crp_p,
+- dh_req->z, dh_req->z_len);
++ copy_to_user(ckop->crk_param[3].crp_p, dh_req->z, dh_req->z_len);
+ }
+ break;
+ case CRK_DSA_GENERATE_KEY:
+@@ -763,14 +754,14 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
+
+ if (pkc_req->type == ECC_KEYGEN) {
+ copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key,
+- key_req->pub_key_len);
+- copy_to_user(ckop->crk_param[5].crp_p,
+- key_req->priv_key, key_req->priv_key_len);
++ key_req->pub_key_len);
++ copy_to_user(ckop->crk_param[5].crp_p, key_req->priv_key,
++ key_req->priv_key_len);
+ } else {
+- copy_to_user(ckop->crk_param[3].crp_p,
+- key_req->pub_key, key_req->pub_key_len);
+- copy_to_user(ckop->crk_param[4].crp_p,
+- key_req->priv_key, key_req->priv_key_len);
++ copy_to_user(ckop->crk_param[3].crp_p, key_req->pub_key,
++ key_req->pub_key_len);
++ copy_to_user(ckop->crk_param[4].crp_p, key_req->priv_key,
++ key_req->priv_key_len);
+ }
+ }
+ default:
+@@ -1113,16 +1104,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+ if (!list_empty(&pcr->asym_completed_list)) {
+ /* Run a loop in the list for upto elements
+ and copy their response back */
+- pkc =
+- list_first_entry(&pcr->asym_completed_list,
++ pkc = list_first_entry(&pcr->asym_completed_list,
+ struct cryptodev_pkc, list);
+ list_del(&pkc->list);
+ spin_unlock_bh(&pcr->completion_lock);
+ ret = crypto_async_fetch_asym(pkc);
+ if (!ret) {
+ cookie_list.cookie_available++;
+- cookie_list.cookie[i] =
+- pkc->kop.kop.cookie;
++ cookie_list.cookie[i] = pkc->kop.kop.cookie;
+ cookie_list.status[i] = pkc->result.err;
+ }
+ kfree(pkc);
+@@ -1133,12 +1122,10 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+ }
+
+ /* Reflect the updated request to user-space */
+- if (cookie_list.cookie_available)
+- copy_to_user(arg, &cookie_list,
+- sizeof(struct pkc_cookie_list_s));
+- else {
++ if (cookie_list.cookie_available) {
++ copy_to_user(arg, &cookie_list, sizeof(struct pkc_cookie_list_s));
++ } else {
+ struct pkc_cookie_list_s *user_ck_list = (void *)arg;
+-
+ put_user(0, &(user_ck_list->cookie_available));
+ }
+ ret = cookie_list.cookie_available;
+diff --git a/main.c b/main.c
+index 6365911..af66553 100644
+--- a/main.c
++++ b/main.c
+@@ -666,9 +666,7 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc)
+ if (pkc->type == SYNCHRONOUS) {
+ if (rc)
+ goto err;
+-
+- copy_to_user(cop->crk_param[3].crp_p, rsa_req->g,
+- rsa_req->g_len);
++ copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len);
+ } else {
+ if (rc != -EINPROGRESS && rc != 0)
+ goto err;
+--
+2.3.5
+
diff --git a/recipes-kernel/cryptodev/files/0014-remove-redundant-data-copy-for-pkc-operations.patch b/recipes-kernel/cryptodev/files/0014-remove-redundant-data-copy-for-pkc-operations.patch
new file mode 100644
index 00000000..b9e9d2bd
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0014-remove-redundant-data-copy-for-pkc-operations.patch
@@ -0,0 +1,494 @@
+From 34e765977633b5f81845c0183af6d388d8225f00 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Mon, 23 Feb 2015 12:14:07 +0200
+Subject: [PATCH 14/15] remove redundant data copy for pkc operations
+
+This patch removes a copy of a pkc request that was
+allocated on the hot-path. The copy was not necessary
+and was just slowing things down.
+
+Change-Id: I3ad85f78c188f100ab9fc03a5777bb704a9dcb63
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/34223
+---
+ cryptlib.c | 49 +++----------------
+ cryptlib.h | 3 +-
+ ioctl.c | 17 +++----
+ main.c | 162 +++++++++++++++++++++++++++++++++++++------------------------
+ 4 files changed, 113 insertions(+), 118 deletions(-)
+
+diff --git a/cryptlib.c b/cryptlib.c
+index 21e691b..5882a30 100644
+--- a/cryptlib.c
++++ b/cryptlib.c
+@@ -436,59 +436,22 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output)
+
+ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc)
+ {
+- int ret = 0;
+- struct pkc_request *pkc_req = &pkc->req, *pkc_requested;
+-
+- switch (pkc_req->type) {
+- case RSA_KEYGEN:
+- case RSA_PUB:
+- case RSA_PRIV_FORM1:
+- case RSA_PRIV_FORM2:
+- case RSA_PRIV_FORM3:
+- pkc->s = crypto_alloc_pkc("pkc(rsa)", CRYPTO_ALG_TYPE_PKC_RSA, 0);
+- break;
+- case DSA_SIGN:
+- case DSA_VERIFY:
+- case ECDSA_SIGN:
+- case ECDSA_VERIFY:
+- case DLC_KEYGEN:
+- case ECC_KEYGEN:
+- pkc->s = crypto_alloc_pkc("pkc(dsa)", CRYPTO_ALG_TYPE_PKC_DSA, 0);
+- break;
+- case DH_COMPUTE_KEY:
+- case ECDH_COMPUTE_KEY:
+- pkc->s = crypto_alloc_pkc("pkc(dh)", CRYPTO_ALG_TYPE_PKC_DH, 0);
+- break;
+- default:
+- return -EINVAL;
+- }
+-
+- if (IS_ERR_OR_NULL(pkc->s))
+- return -EINVAL;
++ int ret;
+
+ init_completion(&pkc->result.completion);
+- pkc_requested = pkc_request_alloc(pkc->s, GFP_KERNEL);
+-
+- if (unlikely(IS_ERR_OR_NULL(pkc_requested))) {
+- ret = -ENOMEM;
+- goto error;
+- }
+- pkc_requested->type = pkc_req->type;
+- pkc_requested->curve_type = pkc_req->curve_type;
+- memcpy(&pkc_requested->req_u, &pkc_req->req_u, sizeof(pkc_req->req_u));
+- pkc_request_set_callback(pkc_requested, CRYPTO_TFM_REQ_MAY_BACKLOG,
++ pkc_request_set_callback(pkc->req, CRYPTO_TFM_REQ_MAY_BACKLOG,
+ cryptodev_complete_asym, pkc);
+- ret = crypto_pkc_op(pkc_requested);
++ ret = crypto_pkc_op(pkc->req);
+ if (ret != -EINPROGRESS && ret != 0)
+- goto error2;
++ goto error;
+
+ if (pkc->type == SYNCHRONOUS)
+ ret = waitfor(&pkc->result, ret);
+
+ return ret;
+-error2:
+- kfree(pkc_requested);
++
+ error:
++ kfree(pkc->req);
+ crypto_free_pkc(pkc->s);
+ return ret;
+ }
+diff --git a/cryptlib.h b/cryptlib.h
+index 7ffa54c..4fac0c8 100644
+--- a/cryptlib.h
++++ b/cryptlib.h
+@@ -110,8 +110,7 @@ struct cryptodev_pkc {
+ struct crypto_pkc *s; /* Transform pointer from CryptoAPI */
+ struct cryptodev_result result; /* Result to be updated by
+ completion handler */
+- struct pkc_request req; /* PKC request structure allocated
+- from CryptoAPI */
++ struct pkc_request *req; /* PKC request allocated from CryptoAPI */
+ enum offload_type type; /* Synchronous Vs Asynchronous request */
+ /*
+ * cookie used for transfering tranparent information from async
+diff --git a/ioctl.c b/ioctl.c
+index ee0486c..797b73c 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -708,26 +708,25 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
+ int ret = 0;
+ struct kernel_crypt_kop *kop = &pkc->kop;
+ struct crypt_kop *ckop = &kop->kop;
+- struct pkc_request *pkc_req = &pkc->req;
+
+ switch (ckop->crk_op) {
+ case CRK_MOD_EXP:
+ {
+- struct rsa_pub_req_s *rsa_req = &pkc_req->req_u.rsa_pub_req;
++ struct rsa_pub_req_s *rsa_req = &pkc->req->req_u.rsa_pub_req;
+ copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len);
+ }
+ break;
+ case CRK_MOD_EXP_CRT:
+ {
+- struct rsa_priv_frm3_req_s *rsa_req = &pkc_req->req_u.rsa_priv_f3;
++ struct rsa_priv_frm3_req_s *rsa_req = &pkc->req->req_u.rsa_priv_f3;
+ copy_to_user(ckop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len);
+ }
+ break;
+ case CRK_DSA_SIGN:
+ {
+- struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign;
++ struct dsa_sign_req_s *dsa_req = &pkc->req->req_u.dsa_sign;
+
+- if (pkc_req->type == ECDSA_SIGN) {
++ if (pkc->req->type == ECDSA_SIGN) {
+ copy_to_user(ckop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len);
+ copy_to_user(ckop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len);
+ } else {
+@@ -740,8 +739,8 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
+ break;
+ case CRK_DH_COMPUTE_KEY:
+ {
+- struct dh_key_req_s *dh_req = &pkc_req->req_u.dh_req;
+- if (pkc_req->type == ECDH_COMPUTE_KEY)
++ struct dh_key_req_s *dh_req = &pkc->req->req_u.dh_req;
++ if (pkc->req->type == ECDH_COMPUTE_KEY)
+ copy_to_user(ckop->crk_param[4].crp_p, dh_req->z, dh_req->z_len);
+ else
+ copy_to_user(ckop->crk_param[3].crp_p, dh_req->z, dh_req->z_len);
+@@ -750,9 +749,9 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
+ case CRK_DSA_GENERATE_KEY:
+ case CRK_DH_GENERATE_KEY:
+ {
+- struct keygen_req_s *key_req = &pkc_req->req_u.keygen;
++ struct keygen_req_s *key_req = &pkc->req->req_u.keygen;
+
+- if (pkc_req->type == ECC_KEYGEN) {
++ if (pkc->req->type == ECC_KEYGEN) {
+ copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key,
+ key_req->pub_key_len);
+ copy_to_user(ckop->crk_param[5].crp_p, key_req->priv_key,
+diff --git a/main.c b/main.c
+index af66553..ed1c69a 100644
+--- a/main.c
++++ b/main.c
+@@ -186,8 +186,7 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc)
+ {
+ struct kernel_crypt_kop *kop = &pkc->kop;
+ struct crypt_kop *cop = &kop->kop;
+- struct pkc_request *pkc_req = &pkc->req;
+- struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign;
++ struct dsa_sign_req_s *dsa_req = &pkc->req->req_u.dsa_sign;
+ int rc, buf_size;
+ uint8_t *buf;
+
+@@ -210,10 +209,7 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc)
+ if (cop->crk_iparams == 6) {
+ dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8;
+ buf_size += dsa_req->ab_len;
+- pkc_req->type = ECDSA_SIGN;
+- pkc_req->curve_type = cop->curve_type;
+- } else {
+- pkc_req->type = DSA_SIGN;
++ pkc->req->curve_type = cop->curve_type;
+ }
+
+ buf = kmalloc(buf_size, GFP_DMA);
+@@ -269,7 +265,6 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc)
+ {
+ struct kernel_crypt_kop *kop = &pkc->kop;
+ struct crypt_kop *cop = &kop->kop;
+- struct pkc_request *pkc_req;
+ struct dsa_verify_req_s *dsa_req;
+ int rc, buf_size;
+ uint8_t *buf;
+@@ -281,8 +276,7 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc)
+ !cop->crk_param[7].crp_nbits))
+ return -EINVAL;
+
+- pkc_req = &pkc->req;
+- dsa_req = &pkc_req->req_u.dsa_verify;
++ dsa_req = &pkc->req->req_u.dsa_verify;
+ dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8;
+ dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8;
+ dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8;
+@@ -295,10 +289,7 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc)
+ if (cop->crk_iparams == 8) {
+ dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8;
+ buf_size += dsa_req->ab_len;
+- pkc_req->type = ECDSA_VERIFY;
+- pkc_req->curve_type = cop->curve_type;
+- } else {
+- pkc_req->type = DSA_VERIFY;
++ pkc->req->curve_type = cop->curve_type;
+ }
+
+ buf = kmalloc(buf_size, GFP_DMA);
+@@ -351,7 +342,6 @@ int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc)
+ {
+ struct kernel_crypt_kop *kop = &pkc->kop;
+ struct crypt_kop *cop = &kop->kop;
+- struct pkc_request *pkc_req;
+ struct rsa_keygen_req_s *key_req;
+ int rc, buf_size;
+ uint8_t *buf;
+@@ -362,9 +352,7 @@ int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc)
+ !cop->crk_param[6].crp_nbits)
+ return -EINVAL;
+
+- pkc_req = &pkc->req;
+- pkc_req->type = RSA_KEYGEN;
+- key_req = &pkc_req->req_u.rsa_keygen;
++ key_req = &pkc->req->req_u.rsa_keygen;
+ key_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8;
+ key_req->p_len = (cop->crk_param[0].crp_nbits + 7) / 8;
+ key_req->q_len = (cop->crk_param[1].crp_nbits + 7) / 8;
+@@ -427,7 +415,6 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
+ {
+ struct kernel_crypt_kop *kop = &pkc->kop;
+ struct crypt_kop *cop = &kop->kop;
+- struct pkc_request *pkc_req;
+ struct keygen_req_s *key_req;
+ int rc, buf_size;
+ uint8_t *buf;
+@@ -437,8 +424,7 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
+ !cop->crk_param[4].crp_nbits)
+ return -EINVAL;
+
+- pkc_req = &pkc->req;
+- key_req = &pkc_req->req_u.keygen;
++ key_req = &pkc->req->req_u.keygen;
+ key_req->q_len = (cop->crk_param[0].crp_nbits + 7)/8;
+ key_req->r_len = (cop->crk_param[1].crp_nbits + 7)/8;
+ key_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8;
+@@ -447,7 +433,6 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
+ key_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8;
+ buf_size = key_req->q_len + key_req->r_len + key_req->g_len +
+ key_req->pub_key_len + key_req->priv_key_len;
+- pkc_req->type = DLC_KEYGEN;
+ } else {
+ key_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8;
+ key_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8;
+@@ -455,8 +440,7 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
+ buf_size = key_req->q_len + key_req->r_len + key_req->g_len +
+ key_req->pub_key_len + key_req->priv_key_len +
+ key_req->ab_len;
+- pkc_req->type = ECC_KEYGEN;
+- pkc_req->curve_type = cop->curve_type;
++ pkc->req->curve_type = cop->curve_type;
+ }
+
+ buf = kmalloc(buf_size, GFP_DMA);
+@@ -508,26 +492,22 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc)
+ {
+ struct kernel_crypt_kop *kop = &pkc->kop;
+ struct crypt_kop *cop = &kop->kop;
+- struct pkc_request *pkc_req;
+ struct dh_key_req_s *dh_req;
+ int buf_size;
+ uint8_t *buf;
+ int rc = -EINVAL;
+
+- pkc_req = &pkc->req;
+- dh_req = &pkc_req->req_u.dh_req;
++ dh_req = &pkc->req->req_u.dh_req;
+ dh_req->s_len = (cop->crk_param[0].crp_nbits + 7)/8;
+ dh_req->pub_key_len = (cop->crk_param[1].crp_nbits + 7)/8;
+ dh_req->q_len = (cop->crk_param[2].crp_nbits + 7)/8;
+ buf_size = dh_req->q_len + dh_req->pub_key_len + dh_req->s_len;
+ if (cop->crk_iparams == 4) {
+- pkc_req->type = ECDH_COMPUTE_KEY;
+ dh_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8;
+ dh_req->z_len = (cop->crk_param[4].crp_nbits + 7)/8;
+ buf_size += dh_req->ab_len;
+ } else {
+ dh_req->z_len = (cop->crk_param[3].crp_nbits + 7)/8;
+- pkc_req->type = DH_COMPUTE_KEY;
+ }
+ buf_size += dh_req->z_len;
+ buf = kmalloc(buf_size, GFP_DMA);
+@@ -539,7 +519,7 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc)
+ dh_req->z = dh_req->pub_key + dh_req->pub_key_len;
+ if (cop->crk_iparams == 4) {
+ dh_req->ab = dh_req->z + dh_req->z_len;
+- pkc_req->curve_type = cop->curve_type;
++ pkc->req->curve_type = cop->curve_type;
+ copy_from_user(dh_req->ab, cop->crk_param[3].crp_p,
+ dh_req->ab_len);
+ }
+@@ -573,7 +553,6 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc)
+ {
+ struct kernel_crypt_kop *kop = &pkc->kop;
+ struct crypt_kop *cop = &kop->kop;
+- struct pkc_request *pkc_req;
+ struct rsa_priv_frm3_req_s *rsa_req;
+ int rc;
+ uint8_t *buf;
+@@ -583,9 +562,7 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc)
+ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits)
+ return -EINVAL;
+
+- pkc_req = &pkc->req;
+- pkc_req->type = RSA_PRIV_FORM3;
+- rsa_req = &pkc_req->req_u.rsa_priv_f3;
++ rsa_req = &pkc->req->req_u.rsa_priv_f3;
+ rsa_req->p_len = (cop->crk_param[0].crp_nbits + 7)/8;
+ rsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8;
+ rsa_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8;
+@@ -632,7 +609,6 @@ err:
+
+ int crypto_bn_modexp(struct cryptodev_pkc *pkc)
+ {
+- struct pkc_request *pkc_req;
+ struct rsa_pub_req_s *rsa_req;
+ int rc;
+ struct kernel_crypt_kop *kop = &pkc->kop;
+@@ -643,9 +619,7 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc)
+ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits)
+ return -EINVAL;
+
+- pkc_req = &pkc->req;
+- pkc_req->type = RSA_PUB;
+- rsa_req = &pkc_req->req_u.rsa_pub_req;
++ rsa_req = &pkc->req->req_u.rsa_pub_req;
+ rsa_req->f_len = (cop->crk_param[0].crp_nbits + 7)/8;
+ rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8;
+ rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8;
+@@ -680,56 +654,116 @@ err:
+ return rc;
+ }
+
++static struct {
++ char *alg_name;
++ u32 type;
++ u32 mask;
++} pkc_alg_list[] = {
++ {"pkc(rsa)", CRYPTO_ALG_TYPE_PKC_RSA, 0},
++ {"pkc(dsa)", CRYPTO_ALG_TYPE_PKC_DSA, 0},
++ {"pkc(dh)", CRYPTO_ALG_TYPE_PKC_DH, 0},
++};
++
+ int crypto_run_asym(struct cryptodev_pkc *pkc)
+ {
+- int ret = -EINVAL;
++ int err = -EINVAL;
++ int id;
+ struct kernel_crypt_kop *kop = &pkc->kop;
++ enum pkc_req_type pkc_req_type;
++ int (*call_next_action)(struct cryptodev_pkc *pkc);
+
+ switch (kop->kop.crk_op) {
+ case CRK_MOD_EXP:
+ if (kop->kop.crk_iparams != 3 && kop->kop.crk_oparams != 1)
+- goto err;
+-
+- ret = crypto_bn_modexp(pkc);
++ return err;
++ pkc_req_type = RSA_PUB;
++ id = 0;
++ call_next_action = crypto_bn_modexp;
+ break;
+ case CRK_MOD_EXP_CRT:
+ if (kop->kop.crk_iparams != 6 && kop->kop.crk_oparams != 1)
+- goto err;
+-
+- ret = crypto_modexp_crt(pkc);
++ return err;
++ pkc_req_type = RSA_PRIV_FORM3;
++ id = 0;
++ call_next_action = crypto_modexp_crt;
+ break;
+ case CRK_DSA_SIGN:
+- if ((kop->kop.crk_iparams != 5 && kop->kop.crk_iparams != 6) ||
+- kop->kop.crk_oparams != 2)
+- goto err;
+-
+- ret = crypto_kop_dsasign(pkc);
++ if (kop->kop.crk_oparams != 2)
++ return err;
++ else if (kop->kop.crk_iparams == 5)
++ pkc_req_type = DSA_SIGN;
++ else if (kop->kop.crk_iparams == 6)
++ pkc_req_type = ECDSA_SIGN;
++ else
++ return err;
++ id = 1;
++ call_next_action = crypto_kop_dsasign;
+ break;
+ case CRK_DSA_VERIFY:
+- if ((kop->kop.crk_iparams != 7 && kop->kop.crk_iparams != 8) ||
+- kop->kop.crk_oparams != 0)
+- goto err;
+-
+- ret = crypto_kop_dsaverify(pkc);
++ if (kop->kop.crk_oparams != 0)
++ return err;
++ else if (kop->kop.crk_iparams == 7)
++ pkc_req_type = DSA_VERIFY;
++ else if (kop->kop.crk_iparams == 8)
++ pkc_req_type = ECDSA_VERIFY;
++ else
++ return err;
++ id = 1;
++ call_next_action = crypto_kop_dsaverify;
+ break;
+ case CRK_DH_COMPUTE_KEY:
+- if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4) ||
+- kop->kop.crk_oparams != 1)
+- goto err;
+- ret = crypto_kop_dh_key(pkc);
++ if (kop->kop.crk_oparams != 1)
++ return err;
++ else if (kop->kop.crk_iparams == 3)
++ pkc_req_type = DH_COMPUTE_KEY;
++ else if (kop->kop.crk_iparams == 4)
++ pkc_req_type = ECDH_COMPUTE_KEY;
++ else
++ return err;
++ id = 2;
++ call_next_action = crypto_kop_dh_key;
+ break;
+ case CRK_DH_GENERATE_KEY:
+ case CRK_DSA_GENERATE_KEY:
+- if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4))
+- goto err;
+- ret = crypto_kop_keygen(pkc);
++ if (kop->kop.crk_iparams == 3)
++ pkc_req_type = DLC_KEYGEN;
++ else if (kop->kop.crk_iparams == 4)
++ pkc_req_type = ECC_KEYGEN;
++ else
++ return err;
++ id = 1;
++ call_next_action = crypto_kop_keygen;
+ break;
+ case CRK_RSA_GENERATE_KEY:
+- ret = crypto_kop_rsa_keygen(pkc);
++ pkc_req_type = RSA_KEYGEN;
++ id = 0;
++ call_next_action = crypto_kop_rsa_keygen;
+ break;
++ default:
++ return err;
+ }
+-err:
+- return ret;
++ err = -ENOMEM;
++ pkc->s = crypto_alloc_pkc(pkc_alg_list[id].alg_name,
++ pkc_alg_list[id].type,
++ pkc_alg_list[id].mask);
++ if (IS_ERR_OR_NULL(pkc->s))
++ return err;
++
++ pkc->req = pkc_request_alloc(pkc->s, GFP_KERNEL);
++ if (IS_ERR_OR_NULL(pkc->req))
++ goto out_free_tfm;
++
++ /* todo - fix alloc-free on error path */
++ pkc->req->type = pkc_req_type;
++ err = call_next_action(pkc);
++ if (pkc->type == SYNCHRONOUS)
++ kfree(pkc->req);
++
++ return err;
++
++out_free_tfm:
++ crypto_free_pkc(pkc->s);
++ return err;
+ }
+
+ int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop)
+--
+2.3.5
+
diff --git a/recipes-kernel/cryptodev/files/0015-fix-pkc-request-deallocation.patch b/recipes-kernel/cryptodev/files/0015-fix-pkc-request-deallocation.patch
new file mode 100644
index 00000000..949fe121
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0015-fix-pkc-request-deallocation.patch
@@ -0,0 +1,40 @@
+From 8361f99c940fbe270fca2112dae3d97c9a5776d6 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Mon, 23 Feb 2015 15:28:22 +0200
+Subject: [PATCH 15/15] fix pkc request deallocation
+
+The request to be freed is actually pkc->req, and should be done inside
+the fetch ioctl for ASYNC (this patch) and in crypt ioctl for SYNC
+operations.
+
+Change-Id: I6f046f2ebeae4cb513a419996ca96b52e37468ed
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/34224
+---
+ ioctl.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/ioctl.c b/ioctl.c
+index 797b73c..da3a842 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -114,8 +114,6 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err)
+ /* wake for POLLIN */
+ wake_up_interruptible(&pcr->user_waiter);
+ }
+-
+- kfree(req);
+ }
+
+ #define FILL_SG(sg, ptr, len) \
+@@ -1113,6 +1111,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+ cookie_list.cookie[i] = pkc->kop.kop.cookie;
+ cookie_list.status[i] = pkc->result.err;
+ }
++ kfree(pkc->req);
+ kfree(pkc);
+ } else {
+ spin_unlock_bh(&pcr->completion_lock);
+--
+2.3.5
+
diff --git a/recipes-kernel/cryptodev/files/0016-add-basic-detection-of-asym-features.patch b/recipes-kernel/cryptodev/files/0016-add-basic-detection-of-asym-features.patch
new file mode 100644
index 00000000..cefb6dcc
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0016-add-basic-detection-of-asym-features.patch
@@ -0,0 +1,37 @@
+From 586bc4a6cd1014c57364020013062f07a8861e38 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Mon, 20 Apr 2015 13:18:47 +0300
+Subject: [PATCH] add basic detection of asym features
+
+Change-Id: I3b3ba8664bf631a63be1f11e715024509e20f841
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ ioctl.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/ioctl.c b/ioctl.c
+index da3a842..53dbf64 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -977,10 +977,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+
+ switch (cmd) {
+ case CIOCASYMFEAT:
+- return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN |
+- CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY |
+- CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY |
+- CRF_RSA_GENERATE_KEY, p);
++ ses = 0;
++ if (crypto_has_alg("pkc(rsa)", 0, 0))
++ ses = CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_RSA_GENERATE_KEY;
++ if (crypto_has_alg("pkc(dsa)", 0, 0))
++ ses |= CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DSA_GENERATE_KEY;
++ if (crypto_has_alg("pkc(dh)", 0, 0))
++ ses |= CRF_DH_COMPUTE_KEY |CRF_DH_GENERATE_KEY;
++ return put_user(ses, p);
+ case CRIOGET:
+ fd = clonefd(filp);
+ ret = put_user(fd, p);
+--
+2.3.5
+
diff --git a/recipes-kernel/cryptodev/files/0017-remove-dead-code.patch b/recipes-kernel/cryptodev/files/0017-remove-dead-code.patch
new file mode 100644
index 00000000..b3c36b3d
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0017-remove-dead-code.patch
@@ -0,0 +1,67 @@
+From 0ca641091b4113d73e75d30ef530c88836849308 Mon Sep 17 00:00:00 2001
+From: Tudor Ambarus <tudor.ambarus@freescale.com>
+Date: Fri, 29 May 2015 15:28:47 +0300
+Subject: [PATCH 17/20] remove dead code
+
+Functions kop_to_user and compat_kop_to_user are never used. Delete them
+to avoid compiler warnings.
+
+
+crypto/../../cryptodev-linux/ioctl.c:841:12: warning: 'kop_to_user' defined but not used [-Wunused-function]
+ static int kop_to_user(struct kernel_crypt_kop *kop,
+ ^
+crypto/../../cryptodev-linux/ioctl.c: At top level:
+crypto/../../cryptodev-linux/ioctl.c:1195:12: warning: 'compat_kop_to_user' defined but not used [-Wunused-function]
+ static int compat_kop_to_user(struct kernel_crypt_kop *kop, void __user *arg)
+ ^
+Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Change-Id: I6bd8a7eb6144224a20cd400813ab15a7a192dbb1
+Reviewed-on: http://git.am.freescale.net:8181/37440
+---
+ ioctl.c | 22 ----------------------
+ 1 file changed, 22 deletions(-)
+
+diff --git a/ioctl.c b/ioctl.c
+index 53dbf64..39635a4 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -838,16 +838,6 @@ static int kop_from_user(struct kernel_crypt_kop *kop,
+ return fill_kop_from_cop(kop);
+ }
+
+-static int kop_to_user(struct kernel_crypt_kop *kop,
+- void __user *arg)
+-{
+- if (unlikely(copy_to_user(arg, &kop->kop, sizeof(kop->kop)))) {
+- dprintk(1, KERN_ERR, "Cannot copy to userspace\n");
+- return -EFAULT;
+- }
+- return 0;
+-}
+-
+ static int kcop_from_user(struct kernel_crypt_op *kcop,
+ struct fcrypt *fcr, void __user *arg)
+ {
+@@ -1192,18 +1182,6 @@ static inline void crypt_kop_to_compat(struct crypt_kop *kop,
+ compat->curve_type = kop->curve_type;
+ }
+
+-static int compat_kop_to_user(struct kernel_crypt_kop *kop, void __user *arg)
+-{
+- struct compat_crypt_kop compat_kop;
+-
+- crypt_kop_to_compat(&kop->kop, &compat_kop);
+- if (unlikely(copy_to_user(arg, &compat_kop, sizeof(compat_kop)))) {
+- dprintk(1, KERN_ERR, "Cannot copy to userspace\n");
+- return -EFAULT;
+- }
+- return 0;
+-}
+-
+ static inline void
+ compat_to_session_op(struct compat_session_op *compat, struct session_op *sop)
+ {
+--
+2.3.5
+
diff --git a/recipes-kernel/cryptodev/files/0018-fix-compat-warnings.patch b/recipes-kernel/cryptodev/files/0018-fix-compat-warnings.patch
new file mode 100644
index 00000000..bf93f5b1
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0018-fix-compat-warnings.patch
@@ -0,0 +1,64 @@
+From 596378a22532908487f2c5e4d717c5ae618c4c7d Mon Sep 17 00:00:00 2001
+From: Tudor Ambarus <tudor.ambarus@freescale.com>
+Date: Tue, 2 Jun 2015 10:44:12 +0300
+Subject: [PATCH 18/20] fix compat warnings
+
+ CC [M] crypto/../../cryptodev-linux/ioctl.o
+crypto/../../cryptodev-linux/ioctl.c: In function 'compat_to_crypt_kop':
+crypto/../../cryptodev-linux/ioctl.c:1161:14: warning: assignment makes pointer from integer without a cast
+ kop->cookie = compat->cookie;
+ ^
+crypto/../../cryptodev-linux/ioctl.c: In function 'crypt_kop_to_compat':
+crypto/../../cryptodev-linux/ioctl.c:1191:17: warning: assignment makes integer from pointer without a cast
+ compat->cookie = kop->cookie;
+ ^
+crypto/../../cryptodev-linux/ioctl.c: In function 'cryptodev_compat_ioctl':
+crypto/../../cryptodev-linux/ioctl.c:1430:28: warning: assignment makes integer from pointer without a cast
+ cookie_list.cookie[i] =
+ ^
+
+Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
+Change-Id: Id851408c0c743c01447f3b0ced38fbc1ae94d4db
+Reviewed-on: http://git.am.freescale.net:8181/37442
+Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ ioctl.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/ioctl.c b/ioctl.c
+index 39635a4..f3ce2f6 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -1148,7 +1148,7 @@ static inline void compat_to_crypt_kop(struct compat_crypt_kop *compat,
+ }
+
+ kop->curve_type = compat->curve_type;
+- kop->cookie = compat->cookie;
++ kop->cookie = compat_ptr(compat->cookie);
+ }
+
+ static int compat_kop_from_user(struct kernel_crypt_kop *kop,
+@@ -1178,7 +1178,7 @@ static inline void crypt_kop_to_compat(struct crypt_kop *kop,
+ ptr_to_compat(kop->crk_param[i].crp_p);
+ compat->crk_param[i].crp_nbits = kop->crk_param[i].crp_nbits;
+ }
+- compat->cookie = kop->cookie;
++ compat->cookie = ptr_to_compat(kop->cookie);
+ compat->curve_type = kop->curve_type;
+ }
+
+@@ -1405,8 +1405,8 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
+ ret = crypto_async_fetch_asym(pkc);
+ if (!ret) {
+ cookie_list.cookie_available++;
+- cookie_list.cookie[i] =
+- pkc->kop.kop.cookie;
++ cookie_list.cookie[i] = ptr_to_compat(
++ pkc->kop.kop.cookie);
+ }
+ kfree(pkc);
+ } else {
+--
+2.3.5
+
diff --git a/recipes-kernel/cryptodev/files/0019-fix-size_t-print-format.patch b/recipes-kernel/cryptodev/files/0019-fix-size_t-print-format.patch
new file mode 100644
index 00000000..a71cff49
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0019-fix-size_t-print-format.patch
@@ -0,0 +1,61 @@
+From 1d10f06bef0f07980a08b387850c1daf1d3a8e87 Mon Sep 17 00:00:00 2001
+From: Tudor Ambarus <tudor.ambarus@freescale.com>
+Date: Tue, 2 Jun 2015 12:11:12 +0300
+Subject: [PATCH 19/20] fix size_t print format
+
+ CC [M] crypto/../../cryptodev-linux/cryptlib.o
+crypto/../../cryptodev-linux/cryptlib.c: In function 'cryptodev_cipher_init':
+crypto/../../cryptodev-linux/cryptlib.c:146:5: warning: format '%u' expects argument of type 'unsigned int', but argument 6 has type 'size_t' [-Wformat=]
+ ddebug(1, "Wrong keylen '%u' for algorithm '%s'. Use %u to %u.",
+ ^
+crypto/../../cryptodev-linux/cryptlib.c:173:3: warning: format '%u' expects argument of type 'unsigned int', but argument 7 has type 'size_t' [-Wformat=]
+ ddebug(1, "Setting key failed for %s-%u.", alg_name, keylen*8);
+ ^
+crypto/../../cryptodev-linux/cryptlib.c: In function 'cryptodev_hash_init':
+crypto/../../cryptodev-linux/cryptlib.c:340:4: warning: format '%u' expects argument of type 'unsigned int', but argument 7 has type 'size_t' [-Wformat=]
+ ddebug(1, "Setting hmac key failed for %s-%u.",
+ ^
+
+Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
+Change-Id: I67f2d79f68b4d62b598073c6a918a110523fadfd
+Reviewed-on: http://git.am.freescale.net:8181/37443
+Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ cryptlib.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/cryptlib.c b/cryptlib.c
+index 5882a30..10f5e1a 100644
+--- a/cryptlib.c
++++ b/cryptlib.c
+@@ -143,7 +143,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name,
+ if (alg->max_keysize > 0 &&
+ unlikely((keylen < alg->min_keysize) ||
+ (keylen > alg->max_keysize))) {
+- ddebug(1, "Wrong keylen '%u' for algorithm '%s'. Use %u to %u.",
++ ddebug(1, "Wrong keylen '%zu' for algorithm '%s'. Use %u to %u.",
+ keylen, alg_name, alg->min_keysize, alg->max_keysize);
+ ret = -EINVAL;
+ goto error;
+@@ -170,7 +170,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name,
+ }
+
+ if (unlikely(ret)) {
+- ddebug(1, "Setting key failed for %s-%u.", alg_name, keylen*8);
++ ddebug(1, "Setting key failed for %s-%zu.", alg_name, keylen*8);
+ ret = -EINVAL;
+ goto error;
+ }
+@@ -337,7 +337,7 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name,
+ if (hmac_mode != 0) {
+ ret = crypto_ahash_setkey(hdata->async.s, mackey, mackeylen);
+ if (unlikely(ret)) {
+- ddebug(1, "Setting hmac key failed for %s-%u.",
++ ddebug(1, "Setting hmac key failed for %s-%zu.",
+ alg_name, mackeylen*8);
+ ret = -EINVAL;
+ goto error;
+--
+2.3.5
+
diff --git a/recipes-kernel/cryptodev/files/0020-fix-uninitialized-variable-compiler-warning.patch b/recipes-kernel/cryptodev/files/0020-fix-uninitialized-variable-compiler-warning.patch
new file mode 100644
index 00000000..a97a2d4e
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0020-fix-uninitialized-variable-compiler-warning.patch
@@ -0,0 +1,38 @@
+From be9f6a0dc90847dbb00307d23f47b8b3fc3ff130 Mon Sep 17 00:00:00 2001
+From: Tudor Ambarus <tudor.ambarus@freescale.com>
+Date: Fri, 29 May 2015 15:49:22 +0300
+Subject: [PATCH 20/20] fix uninitialized variable compiler warning
+
+crypto/../../cryptodev-linux/ioctl.c: In function 'cryptodev_compat_ioctl':
+crypto/../../cryptodev-linux/ioctl.c:1445:2: warning: 'ret' may be used uninitialized in this function [-Wmaybe-uninitialized]
+ return ret;
+ ^
+
+Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
+Change-Id: Id5226fc97a3bb880ca6db86df58957122bbaa428
+Reviewed-on: http://git.am.freescale.net:8181/37441
+Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ ioctl.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/ioctl.c b/ioctl.c
+index f3ce2f6..7cd3c56 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -1387,9 +1387,10 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
+ case COMPAT_CIOCASYMFETCHCOOKIE:
+ {
+ struct cryptodev_pkc *pkc;
+- int i = 0;
++ int i;
+ struct compat_pkc_cookie_list_s cookie_list;
+
++ ret = 0;
+ cookie_list.cookie_available = 0;
+
+ for (i = 0; i < MAX_COOKIES; i++) {
+--
+2.3.5
+