aboutsummaryrefslogtreecommitdiffstats
path: root/recipes-kernel/cryptodev
diff options
context:
space:
mode:
authorChunrong Guo <chunrong.guo@nxp.com>2017-11-15 13:26:09 +0800
committerOtavio Salvador <otavio@ossystems.com.br>2017-11-16 11:09:27 -0200
commitd709b2e285633fad2818baf53f3f1ddd35cf8527 (patch)
treecfdf0d78b6fb59e7b090936161d40e7311978096 /recipes-kernel/cryptodev
parent2da03a6ba76d78b075579d569e608ace0334ba39 (diff)
downloadmeta-freescale-d709b2e285633fad2818baf53f3f1ddd35cf8527.tar.gz
meta-freescale-d709b2e285633fad2818baf53f3f1ddd35cf8527.tar.bz2
meta-freescale-d709b2e285633fad2818baf53f3f1ddd35cf8527.zip
cryptodev: update recipes
*Update URL to fetch qoriq-open-source github *Update to f365c69d785 This includes the following changes: f365c69 - add support for composite TLS10(SHA1,AES) algorithm offload ec25290 - check session flags early to avoid incorrect failure modes 6213ae5 - add support for RSA public and private key operations 3245b0f - move structure definition to cryptodev_int.h 00a6861 - remove unnecessary header inclusion 1d7c848 - fix type of returned value a705360 - convert to new AEAD interface in kernels v4.2+ c2bf0e4 - refactoring: relocate code to simplify later patches 20dcf07 - refactoring: split big function to simplify maintainance 87d959d - Release version 1.9 6818263 - Fix ablkcipher algorithms usage in v4.8+ kernels 26e167f - zc: Use the power of #elif 2b29be8 - adjust to API changes in kernel >=4.10 2dbbb23 - do more strict code checking to avoid maintenance issues 88223e4 - avoid implicit conversion between signed and unsigned char 8db6905 - use buf_align macro to reduce code duplication b6d0e0f - rename header file to clarify purpose 1fd6062 - fix warnings of "implicit declaration of function" in async_speed ff3c8ab - remove not used local variables 25a1276 - fix incorrect return code in case of error from openssl_cioccrypt e7ef4ea - Merge pull request #17 from michaelweiser/gup_flags 99c6d21 - fix ignored SIGALRM signals on some platforms 71975fa - setting KERNEL_DIR is not necessary to build tests a96ff97 - fix issues with install target *Cryptodev-linux git includes all sdk patches so remove sdk patches folder Signed-off-by: Chunrong Guo <chunrong.guo@nxp.com> Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Diffstat (limited to 'recipes-kernel/cryptodev')
-rw-r--r--recipes-kernel/cryptodev/cryptodev-qoriq_1.9.inc22
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0001-refactoring-split-big-function-to-simplify-maintaina.patch244
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0002-refactoring-relocate-code-to-simplify-later-patches.patch58
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch96
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0004-fix-type-of-returned-value.patch29
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0005-remove-unnecessary-header-inclusion.patch26
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0006-move-structure-definition-to-cryptodev_int.h.patch51
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0007-add-support-for-RSA-public-and-private-key-operation.patch440
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch54
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0009-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch50
10 files changed, 3 insertions, 1067 deletions
diff --git a/recipes-kernel/cryptodev/cryptodev-qoriq_1.9.inc b/recipes-kernel/cryptodev/cryptodev-qoriq_1.9.inc
index 24cc87c9..3e6fcf7c 100644
--- a/recipes-kernel/cryptodev/cryptodev-qoriq_1.9.inc
+++ b/recipes-kernel/cryptodev/cryptodev-qoriq_1.9.inc
@@ -12,31 +12,15 @@ python() {
d.appendVar("RREPLACES_%s" % p, p.replace('cryptodev-qoriq', 'cryptodev'))
}
-FILESEXTRAPATHS_prepend := "${THISDIR}/sdk_patches:"
FILESEXTRAPATHS_prepend := "${THISDIR}/yocto_patches:"
-SRC_URI = "http://nwl.cc/pub/cryptodev-linux/cryptodev-linux-${PV}.tar.gz"
-
-SRC_URI[md5sum] = "cb4e0ed9e5937716c7c8a7be84895b6d"
-SRC_URI[sha256sum] = "9f4c0b49b30e267d776f79455d09c70cc9c12c86eee400a0d0a0cd1d8e467950"
-
-# SDK patches
-SRC_URI_append = " file://0001-refactoring-split-big-function-to-simplify-maintaina.patch \
- file://0002-refactoring-relocate-code-to-simplify-later-patches.patch \
- file://0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch \
- file://0004-fix-type-of-returned-value.patch \
- file://0005-remove-unnecessary-header-inclusion.patch \
- file://0006-move-structure-definition-to-cryptodev_int.h.patch \
- file://0007-add-support-for-RSA-public-and-private-key-operation.patch \
- file://0008-check-session-flags-early-to-avoid-incorrect-failure.patch \
- file://0009-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch \
-"
-#SRC_URI_append = " file://0003-update-the-install-path-for-cryptodev-tests.patch"
+SRC_URI = "git://github.com/qoriq-open-source/cryptodev-linux.git;nobranch=1"
+SRCREV = "f365c69d7852d6579952825c9f90a27129f92d22"
# NOTE: remove this patch and all traces of DISTRO_FEATURE c29x_pkc
# if pkc-host does not need customized cryptodev patches anymore
#SRC_URI_append = "${@bb.utils.contains('DISTRO_FEATURES', 'c29x_pkc', ' file://0001-don-t-advertise-RSA-keygen.patch', '', d)}"
-S = "${WORKDIR}/cryptodev-linux-${PV}"
+S = "${WORKDIR}/git"
CLEANBROKEN = "1"
diff --git a/recipes-kernel/cryptodev/sdk_patches/0001-refactoring-split-big-function-to-simplify-maintaina.patch b/recipes-kernel/cryptodev/sdk_patches/0001-refactoring-split-big-function-to-simplify-maintaina.patch
deleted file mode 100644
index 57ac8e1e..00000000
--- a/recipes-kernel/cryptodev/sdk_patches/0001-refactoring-split-big-function-to-simplify-maintaina.patch
+++ /dev/null
@@ -1,244 +0,0 @@
-From 20dcf071bc3076ee7db9d603cfbe6a06e86c7d5f Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Thu, 4 May 2017 15:06:20 +0300
-Subject: [PATCH 1/9] refactoring: split big function to simplify maintainance
-
-The setup of auth_buf in tls and aead is now duplicated but this
-is temporary and allows necessary corrections for the aead case
-with v4.2+ kernels.
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- authenc.c | 197 ++++++++++++++++++++++++++++++++++++++++----------------------
- 1 file changed, 126 insertions(+), 71 deletions(-)
-
-diff --git a/authenc.c b/authenc.c
-index 1bd7377..28eb0f9 100644
---- a/authenc.c
-+++ b/authenc.c
-@@ -609,96 +609,151 @@ auth_n_crypt(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop,
- return 0;
- }
-
--/* This is the main crypto function - zero-copy edition */
--static int
--__crypto_auth_run_zc(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
-+static int crypto_auth_zc_srtp(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
- {
-- struct scatterlist *dst_sg, *auth_sg, *src_sg;
-+ struct scatterlist *dst_sg, *auth_sg;
- struct crypt_auth_op *caop = &kcaop->caop;
-- int ret = 0;
-+ int ret;
-
-- if (caop->flags & COP_FLAG_AEAD_SRTP_TYPE) {
-- if (unlikely(ses_ptr->cdata.init != 0 &&
-- (ses_ptr->cdata.stream == 0 ||
-- ses_ptr->cdata.aead != 0))) {
-- derr(0, "Only stream modes are allowed in SRTP mode (but not AEAD)");
-- return -EINVAL;
-- }
-+ if (unlikely(ses_ptr->cdata.init != 0 &&
-+ (ses_ptr->cdata.stream == 0 || ses_ptr->cdata.aead != 0))) {
-+ derr(0, "Only stream modes are allowed in SRTP mode (but not AEAD)");
-+ return -EINVAL;
-+ }
-
-- ret = get_userbuf_srtp(ses_ptr, kcaop, &auth_sg, &dst_sg);
-- if (unlikely(ret)) {
-- derr(1, "get_userbuf_srtp(): Error getting user pages.");
-- return ret;
-- }
-+ ret = get_userbuf_srtp(ses_ptr, kcaop, &auth_sg, &dst_sg);
-+ if (unlikely(ret)) {
-+ derr(1, "get_userbuf_srtp(): Error getting user pages.");
-+ return ret;
-+ }
-
-- ret = srtp_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
-- dst_sg, caop->len);
-+ ret = srtp_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
-+ dst_sg, caop->len);
-
-- release_user_pages(ses_ptr);
-- } else { /* TLS and normal cases. Here auth data are usually small
-- * so we just copy them to a free page, instead of trying
-- * to map them.
-- */
-- unsigned char *auth_buf = NULL;
-- struct scatterlist tmp;
-+ release_user_pages(ses_ptr);
-
-- if (unlikely(caop->auth_len > PAGE_SIZE)) {
-- derr(1, "auth data len is excessive.");
-- return -EINVAL;
-- }
-+ return ret;
-+}
-
-- auth_buf = (char *)__get_free_page(GFP_KERNEL);
-- if (unlikely(!auth_buf)) {
-- derr(1, "unable to get a free page.");
-- return -ENOMEM;
-- }
-+static int crypto_auth_zc_tls(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
-+{
-+ struct crypt_auth_op *caop = &kcaop->caop;
-+ struct scatterlist *dst_sg, *auth_sg;
-+ unsigned char *auth_buf = NULL;
-+ struct scatterlist tmp;
-+ int ret;
-
-- if (caop->auth_src && caop->auth_len > 0) {
-- if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
-- derr(1, "unable to copy auth data from userspace.");
-- ret = -EFAULT;
-- goto free_auth_buf;
-- }
-+ if (unlikely(ses_ptr->cdata.aead != 0)) {
-+ return -EINVAL;
-+ }
-+
-+ if (unlikely(caop->auth_len > PAGE_SIZE)) {
-+ derr(1, "auth data len is excessive.");
-+ return -EINVAL;
-+ }
-+
-+ auth_buf = (char *)__get_free_page(GFP_KERNEL);
-+ if (unlikely(!auth_buf)) {
-+ derr(1, "unable to get a free page.");
-+ return -ENOMEM;
-+ }
-
-- sg_init_one(&tmp, auth_buf, caop->auth_len);
-- auth_sg = &tmp;
-- } else {
-- auth_sg = NULL;
-+ if (caop->auth_src && caop->auth_len > 0) {
-+ if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
-+ derr(1, "unable to copy auth data from userspace.");
-+ ret = -EFAULT;
-+ goto free_auth_buf;
- }
-
-- if (caop->flags & COP_FLAG_AEAD_TLS_TYPE && ses_ptr->cdata.aead == 0) {
-- ret = get_userbuf_tls(ses_ptr, kcaop, &dst_sg);
-- if (unlikely(ret)) {
-- derr(1, "get_userbuf_tls(): Error getting user pages.");
-- goto free_auth_buf;
-- }
-+ sg_init_one(&tmp, auth_buf, caop->auth_len);
-+ auth_sg = &tmp;
-+ } else {
-+ auth_sg = NULL;
-+ }
-
-- ret = tls_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
-- dst_sg, caop->len);
-- } else {
-- if (unlikely(ses_ptr->cdata.init == 0 ||
-- (ses_ptr->cdata.stream == 0 &&
-- ses_ptr->cdata.aead == 0))) {
-- derr(0, "Only stream and AEAD ciphers are allowed for authenc");
-- ret = -EINVAL;
-- goto free_auth_buf;
-- }
-+ ret = get_userbuf_tls(ses_ptr, kcaop, &dst_sg);
-+ if (unlikely(ret)) {
-+ derr(1, "get_userbuf_tls(): Error getting user pages.");
-+ goto free_auth_buf;
-+ }
-
-- ret = get_userbuf(ses_ptr, caop->src, caop->len, caop->dst, kcaop->dst_len,
-- kcaop->task, kcaop->mm, &src_sg, &dst_sg);
-- if (unlikely(ret)) {
-- derr(1, "get_userbuf(): Error getting user pages.");
-- goto free_auth_buf;
-- }
-+ ret = tls_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
-+ dst_sg, caop->len);
-+ release_user_pages(ses_ptr);
-+
-+free_auth_buf:
-+ free_page((unsigned long)auth_buf);
-+ return ret;
-+}
-+
-+static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
-+{
-+ struct scatterlist *dst_sg, *auth_sg, *src_sg;
-+ struct crypt_auth_op *caop = &kcaop->caop;
-+ unsigned char *auth_buf = NULL;
-+ struct scatterlist tmp;
-+ int ret;
-
-- ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
-- src_sg, dst_sg, caop->len);
-+ if (unlikely(ses_ptr->cdata.init == 0 ||
-+ (ses_ptr->cdata.stream == 0 && ses_ptr->cdata.aead == 0))) {
-+ derr(0, "Only stream and AEAD ciphers are allowed for authenc");
-+ return -EINVAL;
-+ }
-+
-+ if (unlikely(caop->auth_len > PAGE_SIZE)) {
-+ derr(1, "auth data len is excessive.");
-+ return -EINVAL;
-+ }
-+
-+ auth_buf = (char *)__get_free_page(GFP_KERNEL);
-+ if (unlikely(!auth_buf)) {
-+ derr(1, "unable to get a free page.");
-+ return -ENOMEM;
-+ }
-+
-+ if (caop->auth_src && caop->auth_len > 0) {
-+ if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
-+ derr(1, "unable to copy auth data from userspace.");
-+ ret = -EFAULT;
-+ goto free_auth_buf;
- }
-
-- release_user_pages(ses_ptr);
-+ sg_init_one(&tmp, auth_buf, caop->auth_len);
-+ auth_sg = &tmp;
-+ } else {
-+ auth_sg = NULL;
-+ }
-+
-+ ret = get_userbuf(ses_ptr, caop->src, caop->len, caop->dst, kcaop->dst_len,
-+ kcaop->task, kcaop->mm, &src_sg, &dst_sg);
-+ if (unlikely(ret)) {
-+ derr(1, "get_userbuf(): Error getting user pages.");
-+ goto free_auth_buf;
-+ }
-+
-+ ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
-+ src_sg, dst_sg, caop->len);
-+
-+ release_user_pages(ses_ptr);
-
- free_auth_buf:
-- free_page((unsigned long)auth_buf);
-+ free_page((unsigned long)auth_buf);
-+
-+ return ret;
-+}
-+
-+static int
-+__crypto_auth_run_zc(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
-+{
-+ struct crypt_auth_op *caop = &kcaop->caop;
-+ int ret;
-+
-+ if (caop->flags & COP_FLAG_AEAD_SRTP_TYPE) {
-+ ret = crypto_auth_zc_srtp(ses_ptr, kcaop);
-+ } else if (caop->flags & COP_FLAG_AEAD_TLS_TYPE) {
-+ ret = crypto_auth_zc_tls(ses_ptr, kcaop);
-+ } else {
-+ ret = crypto_auth_zc_aead(ses_ptr, kcaop);
- }
-
- return ret;
---
-2.7.4
-
diff --git a/recipes-kernel/cryptodev/sdk_patches/0002-refactoring-relocate-code-to-simplify-later-patches.patch b/recipes-kernel/cryptodev/sdk_patches/0002-refactoring-relocate-code-to-simplify-later-patches.patch
deleted file mode 100644
index b948c914..00000000
--- a/recipes-kernel/cryptodev/sdk_patches/0002-refactoring-relocate-code-to-simplify-later-patches.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From c2bf0e42b1d9fda60cde4a3a682784d349ef1c0b Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Thu, 4 May 2017 15:06:21 +0300
-Subject: [PATCH 2/9] refactoring: relocate code to simplify later patches
-
-This code move will simplify the conversion to new AEAD interface in
-next patches
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- authenc.c | 17 +++++++++--------
- 1 file changed, 9 insertions(+), 8 deletions(-)
-
-diff --git a/authenc.c b/authenc.c
-index 28eb0f9..95727b4 100644
---- a/authenc.c
-+++ b/authenc.c
-@@ -711,11 +711,18 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut
- return -ENOMEM;
- }
-
-+ ret = get_userbuf(ses_ptr, caop->src, caop->len, caop->dst, kcaop->dst_len,
-+ kcaop->task, kcaop->mm, &src_sg, &dst_sg);
-+ if (unlikely(ret)) {
-+ derr(1, "get_userbuf(): Error getting user pages.");
-+ goto free_auth_buf;
-+ }
-+
- if (caop->auth_src && caop->auth_len > 0) {
- if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
- derr(1, "unable to copy auth data from userspace.");
- ret = -EFAULT;
-- goto free_auth_buf;
-+ goto free_pages;
- }
-
- sg_init_one(&tmp, auth_buf, caop->auth_len);
-@@ -724,16 +731,10 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut
- auth_sg = NULL;
- }
-
-- ret = get_userbuf(ses_ptr, caop->src, caop->len, caop->dst, kcaop->dst_len,
-- kcaop->task, kcaop->mm, &src_sg, &dst_sg);
-- if (unlikely(ret)) {
-- derr(1, "get_userbuf(): Error getting user pages.");
-- goto free_auth_buf;
-- }
--
- ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
- src_sg, dst_sg, caop->len);
-
-+free_pages:
- release_user_pages(ses_ptr);
-
- free_auth_buf:
---
-2.7.4
-
diff --git a/recipes-kernel/cryptodev/sdk_patches/0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch b/recipes-kernel/cryptodev/sdk_patches/0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch
deleted file mode 100644
index ab3c7a81..00000000
--- a/recipes-kernel/cryptodev/sdk_patches/0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From a705360197260d28535746ae98c461ba2cfb7a9e Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Thu, 4 May 2017 15:06:22 +0300
-Subject: [PATCH 3/9] convert to new AEAD interface in kernels v4.2+
-
-The crypto API for AEAD ciphers changed in recent kernels so that
-associated data is now part of both source and destination scatter
-gathers. The source, destination and associated data buffers need
-to be stiched accordingly for the operations to succeed:
-
-src_sg: auth_buf + src_buf
-dst_sg: auth_buf + (dst_buf + tag space)
-
-This patch fixes a kernel crash observed with cipher-gcm test.
-
-See also kernel patch: 81c4c35eb61a69c229871c490b011c1171511d5a
- crypto: ccm - Convert to new AEAD interface
-
-Reported-by: Phil Sutter <phil@nwl.cc>
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- authenc.c | 40 ++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 38 insertions(+), 2 deletions(-)
-
-diff --git a/authenc.c b/authenc.c
-index 95727b4..692951f 100644
---- a/authenc.c
-+++ b/authenc.c
-@@ -688,12 +688,20 @@ free_auth_buf:
-
- static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
- {
-- struct scatterlist *dst_sg, *auth_sg, *src_sg;
-+ struct scatterlist *dst_sg;
-+ struct scatterlist *src_sg;
- struct crypt_auth_op *caop = &kcaop->caop;
- unsigned char *auth_buf = NULL;
-- struct scatterlist tmp;
- int ret;
-
-+#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 2, 0))
-+ struct scatterlist tmp;
-+ struct scatterlist *auth_sg;
-+#else
-+ struct scatterlist auth1[2];
-+ struct scatterlist auth2[2];
-+#endif
-+
- if (unlikely(ses_ptr->cdata.init == 0 ||
- (ses_ptr->cdata.stream == 0 && ses_ptr->cdata.aead == 0))) {
- derr(0, "Only stream and AEAD ciphers are allowed for authenc");
-@@ -718,6 +726,7 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut
- goto free_auth_buf;
- }
-
-+#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 2, 0))
- if (caop->auth_src && caop->auth_len > 0) {
- if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
- derr(1, "unable to copy auth data from userspace.");
-@@ -733,6 +742,33 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut
-
- ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
- src_sg, dst_sg, caop->len);
-+#else
-+ if (caop->auth_src && caop->auth_len > 0) {
-+ if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
-+ derr(1, "unable to copy auth data from userspace.");
-+ ret = -EFAULT;
-+ goto free_pages;
-+ }
-+
-+ sg_init_table(auth1, 2);
-+ sg_set_buf(auth1, auth_buf, caop->auth_len);
-+ sg_chain(auth1, 2, src_sg);
-+
-+ if (src_sg == dst_sg) {
-+ src_sg = auth1;
-+ dst_sg = auth1;
-+ } else {
-+ sg_init_table(auth2, 2);
-+ sg_set_buf(auth2, auth_buf, caop->auth_len);
-+ sg_chain(auth2, 2, dst_sg);
-+ src_sg = auth1;
-+ dst_sg = auth2;
-+ }
-+ }
-+
-+ ret = auth_n_crypt(ses_ptr, kcaop, NULL, caop->auth_len,
-+ src_sg, dst_sg, caop->len);
-+#endif
-
- free_pages:
- release_user_pages(ses_ptr);
---
-2.7.4
-
diff --git a/recipes-kernel/cryptodev/sdk_patches/0004-fix-type-of-returned-value.patch b/recipes-kernel/cryptodev/sdk_patches/0004-fix-type-of-returned-value.patch
deleted file mode 100644
index faad6cc5..00000000
--- a/recipes-kernel/cryptodev/sdk_patches/0004-fix-type-of-returned-value.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 1d7c84838445981a06812869f8906bdef52e69eb Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Mon, 15 Feb 2016 18:27:35 +0200
-Subject: [PATCH 4/9] fix type of returned value
-
-The function is declared as unsigned int so we return an
-unsigned int as well
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- ioctl.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ioctl.c b/ioctl.c
-index 0385203..db7207a 100644
---- a/ioctl.c
-+++ b/ioctl.c
-@@ -1065,7 +1065,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
- static unsigned int cryptodev_poll(struct file *file, poll_table *wait)
- {
- struct crypt_priv *pcr = file->private_data;
-- int ret = 0;
-+ unsigned int ret = 0;
-
- poll_wait(file, &pcr->user_waiter, wait);
-
---
-2.7.4
-
diff --git a/recipes-kernel/cryptodev/sdk_patches/0005-remove-unnecessary-header-inclusion.patch b/recipes-kernel/cryptodev/sdk_patches/0005-remove-unnecessary-header-inclusion.patch
deleted file mode 100644
index f9c8f3a0..00000000
--- a/recipes-kernel/cryptodev/sdk_patches/0005-remove-unnecessary-header-inclusion.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 00a686189f7e05d70a7184cd6218f7424ab21b0d Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 23 May 2017 15:28:58 +0300
-Subject: [PATCH 5/9] remove unnecessary header inclusion
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- zc.h | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/zc.h b/zc.h
-index 6f975d6..666c4a5 100644
---- a/zc.h
-+++ b/zc.h
-@@ -1,8 +1,6 @@
- #ifndef ZC_H
- # define ZC_H
-
--#include "cryptodev_int.h"
--
- /* For zero copy */
- int __get_userbuf(uint8_t __user *addr, uint32_t len, int write,
- unsigned int pgcount, struct page **pg, struct scatterlist *sg,
---
-2.7.4
-
diff --git a/recipes-kernel/cryptodev/sdk_patches/0006-move-structure-definition-to-cryptodev_int.h.patch b/recipes-kernel/cryptodev/sdk_patches/0006-move-structure-definition-to-cryptodev_int.h.patch
deleted file mode 100644
index 9a7ef3dc..00000000
--- a/recipes-kernel/cryptodev/sdk_patches/0006-move-structure-definition-to-cryptodev_int.h.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 3245b0f9ed2085f6167068409fb344166093808c Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 23 May 2017 15:50:40 +0300
-Subject: [PATCH 6/9] move structure definition to cryptodev_int.h
-
-This is necessary for the rsa patch and makes this data structure
-visible to kernel_crypt_pkop structure which will be defined in
-cryptodev_int.h as well.
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- cryptlib.h | 6 ------
- cryptodev_int.h | 5 +++++
- 2 files changed, 5 insertions(+), 6 deletions(-)
-
-diff --git a/cryptlib.h b/cryptlib.h
-index 8e8aa71..48fe9bd 100644
---- a/cryptlib.h
-+++ b/cryptlib.h
-@@ -2,12 +2,6 @@
- # define CRYPTLIB_H
-
- #include <linux/version.h>
--
--struct cryptodev_result {
-- struct completion completion;
-- int err;
--};
--
- #include "cipherapi.h"
-
- struct cipher_data {
-diff --git a/cryptodev_int.h b/cryptodev_int.h
-index d7660fa..c1879fd 100644
---- a/cryptodev_int.h
-+++ b/cryptodev_int.h
-@@ -35,6 +35,11 @@
- #define ddebug(level, format, a...) dprintk(level, KERN_DEBUG, format, ##a)
-
-
-+struct cryptodev_result {
-+ struct completion completion;
-+ int err;
-+};
-+
- extern int cryptodev_verbosity;
-
- struct fcrypt {
---
-2.7.4
-
diff --git a/recipes-kernel/cryptodev/sdk_patches/0007-add-support-for-RSA-public-and-private-key-operation.patch b/recipes-kernel/cryptodev/sdk_patches/0007-add-support-for-RSA-public-and-private-key-operation.patch
deleted file mode 100644
index 803b90ad..00000000
--- a/recipes-kernel/cryptodev/sdk_patches/0007-add-support-for-RSA-public-and-private-key-operation.patch
+++ /dev/null
@@ -1,440 +0,0 @@
-From 6213ae5228a2ff0bb3521474ae37effda95a5d46 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Fri, 12 May 2017 17:04:40 +0300
-Subject: [PATCH 7/9] add support for RSA public and private key operations
-
-Only form 1 support is added with this patch. To maintain
-compatibility with OpenBSD we need to reverse bignum buffers before
-giving them to the kernel. This adds an artificial performance
-penalty that can be resolved only with a CIOCKEY extension in
-cryptodev API.
-
-As of Linux kernel 4.12 it is not possible to give to the kernel
-directly a pointer to a RSA key structure and must resort to a BER
-encoding scheme.
-
-Support for private keys in form 3 (CRT) must wait for updates and
-fixes in Linux kernel crypto API.
-
-Known issue:
-Kernels <= v4.7 strip leading zeros from the result and we get padding
-errors from Openssl: RSA_EAY_PUBLIC_DECRYPT: padding check failed
-(Fixed with kernel commit "crypto: rsa - Generate fixed-length output"
-9b45b7bba3d22de52e09df63c50f390a193a3f53)
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- cryptlib.c | 234 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- cryptlib.h | 4 +-
- cryptodev_int.h | 17 ++++
- ioctl.c | 17 +++-
- main.c | 42 ++++++++++
- 5 files changed, 312 insertions(+), 2 deletions(-)
-
-diff --git a/cryptlib.c b/cryptlib.c
-index 2c6028e..1c044a4 100644
---- a/cryptlib.c
-+++ b/cryptlib.c
-@@ -37,6 +37,10 @@
- #include <crypto/authenc.h>
- #include "cryptodev_int.h"
- #include "cipherapi.h"
-+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
-+#include <linux/asn1_ber_bytecode.h>
-+#include <crypto/akcipher.h>
-+#endif
-
- extern const struct crypto_type crypto_givcipher_type;
-
-@@ -435,3 +439,233 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output)
- return waitfor(&hdata->async.result, ret);
- }
-
-+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
-+/* This function is necessary because the bignums in Linux kernel are MSB first
-+ * (big endian) as opposed to LSB first as OpenBSD crypto layer uses */
-+void reverse_buf(uint8_t *buf, size_t sz)
-+{
-+ int i;
-+ uint8_t *end;
-+ uint8_t tmp;
-+
-+ end = buf + sz;
-+
-+ for (i = 0; i < sz/2; i++) {
-+ end--;
-+
-+ tmp = *buf;
-+ *buf = *end;
-+ *end = tmp;
-+
-+ buf++;
-+ }
-+}
-+
-+int ber_wr_tag(uint8_t **ber_ptr, uint8_t tag)
-+{
-+ **ber_ptr = tag;
-+ *ber_ptr += 1;
-+
-+ return 0;
-+}
-+
-+int ber_wr_len(uint8_t **ber_ptr, size_t len, size_t sz)
-+{
-+ if (len < 127) {
-+ **ber_ptr = len;
-+ *ber_ptr += 1;
-+ } else {
-+ size_t sz_save = sz;
-+
-+ sz--;
-+ **ber_ptr = 0x80 | sz;
-+
-+ while (sz > 0) {
-+ *(*ber_ptr + sz) = len & 0xff;
-+ len >>= 8;
-+ sz--;
-+ }
-+ *ber_ptr += sz_save;
-+ }
-+
-+ return 0;
-+}
-+
-+int ber_wr_int(uint8_t **ber_ptr, uint8_t *crp_p, size_t sz)
-+{
-+ int ret;
-+
-+ ret = copy_from_user(*ber_ptr, crp_p, sz);
-+ reverse_buf(*ber_ptr, sz);
-+
-+ *ber_ptr += sz;
-+
-+ return ret;
-+}
-+
-+/* calculate the size of the length field itself in BER encoding */
-+size_t ber_enc_len(size_t len)
-+{
-+ size_t sz;
-+
-+ sz = 1;
-+ if (len > 127) { /* long encoding */
-+ while (len != 0) {
-+ len >>= 8;
-+ sz++;
-+ }
-+ }
-+
-+ return sz;
-+}
-+
-+void *cryptodev_alloc_rsa_pub_key(struct kernel_crypt_pkop *pkop,
-+ uint32_t *key_len)
-+{
-+ struct crypt_kop *cop = &pkop->pkop;
-+ uint8_t *ber_key;
-+ uint8_t *ber_ptr;
-+ uint32_t ber_key_len;
-+ size_t s_sz;
-+ size_t e_sz;
-+ size_t n_sz;
-+ size_t s_enc_len;
-+ size_t e_enc_len;
-+ size_t n_enc_len;
-+ int err;
-+
-+ /* BER public key format:
-+ * SEQUENCE TAG 1 byte
-+ * SEQUENCE LENGTH s_enc_len bytes
-+ * INTEGER TAG 1 byte
-+ * INTEGER LENGTH n_enc_len bytes
-+ * INTEGER (n modulus) n_sz bytes
-+ * INTEGER TAG 1 byte
-+ * INTEGER LENGTH e_enc_len bytes
-+ * INTEGER (e exponent) e_sz bytes
-+ */
-+
-+ e_sz = (cop->crk_param[1].crp_nbits + 7)/8;
-+ n_sz = (cop->crk_param[2].crp_nbits + 7)/8;
-+
-+ e_enc_len = ber_enc_len(e_sz);
-+ n_enc_len = ber_enc_len(n_sz);
-+
-+ /*
-+ * Sequence length is the size of all the fields following the sequence
-+ * tag, added together. The two added bytes account for the two INT
-+ * tags in the Public Key sequence
-+ */
-+ s_sz = e_sz + e_enc_len + n_sz + n_enc_len + 2;
-+ s_enc_len = ber_enc_len(s_sz);
-+
-+ /* The added byte accounts for the SEQ tag at the start of the key */
-+ ber_key_len = s_sz + s_enc_len + 1;
-+
-+ /* Linux asn1_ber_decoder doesn't like keys that are too large */
-+ if (ber_key_len > 65535) {
-+ return NULL;
-+ }
-+
-+ ber_key = kmalloc(ber_key_len, GFP_DMA);
-+ if (!ber_key) {
-+ return NULL;
-+ }
-+
-+ ber_ptr = ber_key;
-+
-+ err = ber_wr_tag(&ber_ptr, _tag(UNIV, CONS, SEQ)) ||
-+ ber_wr_len(&ber_ptr, s_sz, s_enc_len) ||
-+ ber_wr_tag(&ber_ptr, _tag(UNIV, PRIM, INT)) ||
-+ ber_wr_len(&ber_ptr, n_sz, n_enc_len) ||
-+ ber_wr_int(&ber_ptr, cop->crk_param[2].crp_p, n_sz) ||
-+ ber_wr_tag(&ber_ptr, _tag(UNIV, PRIM, INT)) ||
-+ ber_wr_len(&ber_ptr, e_sz, e_enc_len) ||
-+ ber_wr_int(&ber_ptr, cop->crk_param[1].crp_p, e_sz);
-+ if (err != 0) {
-+ goto free_key;
-+ }
-+
-+ *key_len = ber_key_len;
-+ return ber_key;
-+
-+free_key:
-+ kfree(ber_key);
-+ return NULL;
-+}
-+
-+int crypto_bn_modexp(struct kernel_crypt_pkop *pkop)
-+{
-+ struct crypt_kop *cop = &pkop->pkop;
-+ uint8_t *ber_key;
-+ uint32_t ber_key_len;
-+ size_t m_sz;
-+ size_t c_sz;
-+ size_t c_sz_max;
-+ uint8_t *m_buf;
-+ uint8_t *c_buf;
-+ struct scatterlist src;
-+ struct scatterlist dst;
-+ int err;
-+
-+ ber_key = cryptodev_alloc_rsa_pub_key(pkop, &ber_key_len);
-+ if (!ber_key) {
-+ return -ENOMEM;
-+ }
-+
-+ err = crypto_akcipher_set_pub_key(pkop->s, ber_key, ber_key_len);
-+ if (err != 0) {
-+ goto free_key;
-+ }
-+
-+ m_sz = (cop->crk_param[0].crp_nbits + 7)/8;
-+ c_sz = (cop->crk_param[3].crp_nbits + 7)/8;
-+
-+ m_buf = kmalloc(m_sz, GFP_DMA);
-+ if (!m_buf) {
-+ err = -ENOMEM;
-+ goto free_key;
-+ }
-+
-+ err = copy_from_user(m_buf, cop->crk_param[0].crp_p, m_sz);
-+ if (err != 0) {
-+ goto free_m_buf;
-+ }
-+ reverse_buf(m_buf, m_sz);
-+
-+ c_sz_max = crypto_akcipher_maxsize(pkop->s);
-+ if (c_sz > c_sz_max) {
-+ err = -EINVAL;
-+ goto free_m_buf;
-+ }
-+
-+ c_buf = kzalloc(c_sz_max, GFP_KERNEL);
-+ if (!c_buf) {
-+ goto free_m_buf;
-+ }
-+
-+ sg_init_one(&src, m_buf, m_sz);
-+ sg_init_one(&dst, c_buf, c_sz);
-+
-+ init_completion(&pkop->result.completion);
-+ akcipher_request_set_callback(pkop->req, 0,
-+ cryptodev_complete, &pkop->result);
-+ akcipher_request_set_crypt(pkop->req, &src, &dst, m_sz, c_sz);
-+
-+ err = crypto_akcipher_encrypt(pkop->req);
-+ err = waitfor(&pkop->result, err);
-+
-+ if (err == 0) {
-+ reverse_buf(c_buf, c_sz);
-+ err = copy_to_user(cop->crk_param[3].crp_p, c_buf, c_sz);
-+ }
-+
-+ kfree(c_buf);
-+free_m_buf:
-+ kfree(m_buf);
-+free_key:
-+ kfree(ber_key);
-+
-+ return err;
-+}
-+#endif
-diff --git a/cryptlib.h b/cryptlib.h
-index 48fe9bd..f909c34 100644
---- a/cryptlib.h
-+++ b/cryptlib.h
-@@ -95,6 +95,8 @@ int cryptodev_hash_reset(struct hash_data *hdata);
- void cryptodev_hash_deinit(struct hash_data *hdata);
- int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name,
- int hmac_mode, void *mackey, size_t mackeylen);
--
-+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
-+int crypto_bn_modexp(struct kernel_crypt_pkop *pkop);
-+#endif
-
- #endif
-diff --git a/cryptodev_int.h b/cryptodev_int.h
-index c1879fd..7860c39 100644
---- a/cryptodev_int.h
-+++ b/cryptodev_int.h
-@@ -19,6 +19,10 @@
- #include <linux/scatterlist.h>
- #include <crypto/cryptodev.h>
- #include <crypto/aead.h>
-+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
-+#include <crypto/internal/rsa.h>
-+#endif
-+
-
- #define PFX "cryptodev: "
- #define dprintk(level, severity, format, a...) \
-@@ -111,6 +115,18 @@ struct kernel_crypt_auth_op {
- struct mm_struct *mm;
- };
-
-+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
-+struct kernel_crypt_pkop {
-+ struct crypt_kop pkop;
-+
-+ struct crypto_akcipher *s; /* Transform pointer from CryptoAPI */
-+ struct akcipher_request *req; /* PKC request allocated from CryptoAPI */
-+ struct cryptodev_result result; /* updated by completion handler */
-+};
-+
-+int crypto_run_asym(struct kernel_crypt_pkop *pkop);
-+#endif
-+
- /* auth */
-
- int kcaop_from_user(struct kernel_crypt_auth_op *kcop,
-@@ -122,6 +138,7 @@ int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop);
-
- #include <cryptlib.h>
-
-+
- /* other internal structs */
- struct csession {
- struct list_head entry;
-diff --git a/ioctl.c b/ioctl.c
-index db7207a..8b0df4e 100644
---- a/ioctl.c
-+++ b/ioctl.c
-@@ -810,6 +810,9 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
- struct session_op sop;
- struct kernel_crypt_op kcop;
- struct kernel_crypt_auth_op kcaop;
-+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
-+ struct kernel_crypt_pkop pkop;
-+#endif
- struct crypt_priv *pcr = filp->private_data;
- struct fcrypt *fcr;
- struct session_info_op siop;
-@@ -823,7 +826,11 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
-
- switch (cmd) {
- case CIOCASYMFEAT:
-- return put_user(0, p);
-+ ses = 0;
-+ if (crypto_has_alg("rsa", 0, 0)) {
-+ ses = CRF_MOD_EXP;
-+ }
-+ return put_user(ses, p);
- case CRIOGET:
- fd = clonefd(filp);
- ret = put_user(fd, p);
-@@ -859,6 +866,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
- if (unlikely(ret))
- return ret;
- return copy_to_user(arg, &siop, sizeof(siop));
-+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
-+ case CIOCKEY:
-+ ret = copy_from_user(&pkop.pkop, arg, sizeof(struct crypt_kop));
-+ if (ret == 0) {
-+ ret = crypto_run_asym(&pkop);
-+ }
-+ return ret;
-+#endif
- case CIOCCRYPT:
- if (unlikely(ret = kcop_from_user(&kcop, fcr, arg))) {
- dwarning(1, "Error copying from user");
-diff --git a/main.c b/main.c
-index 57e5c38..2bfe6f0 100644
---- a/main.c
-+++ b/main.c
-@@ -48,6 +48,9 @@
- #include "zc.h"
- #include "cryptlib.h"
- #include "version.h"
-+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
-+#include <crypto/akcipher.h>
-+#endif
-
- /* This file contains the traditional operations of encryption
- * and hashing of /dev/crypto.
-@@ -265,3 +268,42 @@ out_unlock:
- crypto_put_session(ses_ptr);
- return ret;
- }
-+
-+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
-+int crypto_run_asym(struct kernel_crypt_pkop *pkop)
-+{
-+ int err;
-+
-+ pkop->s = crypto_alloc_akcipher("rsa", 0, 0);
-+ if (IS_ERR(pkop->s)) {
-+ return PTR_ERR(pkop->s);
-+ }
-+
-+ pkop->req = akcipher_request_alloc(pkop->s, GFP_KERNEL);
-+ if (pkop->req == NULL) {
-+ err = -ENOMEM;
-+ goto out_free_tfm;
-+ }
-+
-+ switch (pkop->pkop.crk_op) {
-+ case CRK_MOD_EXP: /* RSA_PUB or PRIV form 1 */
-+ if (pkop->pkop.crk_iparams != 3 && pkop->pkop.crk_oparams != 1) {
-+ err = -EINVAL;
-+ goto out_free_req;
-+ }
-+ err = crypto_bn_modexp(pkop);
-+ break;
-+ default:
-+ err = -EINVAL;
-+ break;
-+ }
-+
-+out_free_req:
-+ kfree(pkop->req);
-+
-+out_free_tfm:
-+ crypto_free_akcipher(pkop->s);
-+
-+ return err;
-+}
-+#endif
---
-2.7.4
-
diff --git a/recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch b/recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch
deleted file mode 100644
index 1fce5580..00000000
--- a/recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From ec2529027a6565fdede79e7bda4a0232757acf70 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Wed, 14 Jun 2017 11:23:18 +0300
-Subject: [PATCH 8/9] check session flags early to avoid incorrect failure
- modes
-
-This verification of aead flag was incorrectly removed in
-"refactoring: split big function to simplify maintainance"
-20dcf071bc3076ee7db9d603cfbe6a06e86c7d5f
-resulting in an incorrect dispatching of functions.
-
-Add back this check and at the same time remove the second check from
-the called function which now becomes redundant.
-Add another guard check for aead modes and reject not supported combinations.
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- authenc.c | 11 +++++------
- 1 file changed, 5 insertions(+), 6 deletions(-)
-
-diff --git a/authenc.c b/authenc.c
-index 692951f..fc32f43 100644
---- a/authenc.c
-+++ b/authenc.c
-@@ -643,10 +643,6 @@ static int crypto_auth_zc_tls(struct csession *ses_ptr, struct kernel_crypt_auth
- struct scatterlist tmp;
- int ret;
-
-- if (unlikely(ses_ptr->cdata.aead != 0)) {
-- return -EINVAL;
-- }
--
- if (unlikely(caop->auth_len > PAGE_SIZE)) {
- derr(1, "auth data len is excessive.");
- return -EINVAL;
-@@ -787,10 +783,13 @@ __crypto_auth_run_zc(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcao
-
- if (caop->flags & COP_FLAG_AEAD_SRTP_TYPE) {
- ret = crypto_auth_zc_srtp(ses_ptr, kcaop);
-- } else if (caop->flags & COP_FLAG_AEAD_TLS_TYPE) {
-+ } else if (caop->flags & COP_FLAG_AEAD_TLS_TYPE &&
-+ ses_ptr->cdata.aead == 0) {
- ret = crypto_auth_zc_tls(ses_ptr, kcaop);
-- } else {
-+ } else if (ses_ptr->cdata.aead) {
- ret = crypto_auth_zc_aead(ses_ptr, kcaop);
-+ } else {
-+ ret = -EINVAL;
- }
-
- return ret;
---
-2.7.4
-
diff --git a/recipes-kernel/cryptodev/sdk_patches/0009-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch b/recipes-kernel/cryptodev/sdk_patches/0009-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch
deleted file mode 100644
index 795abdf0..00000000
--- a/recipes-kernel/cryptodev/sdk_patches/0009-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From f365c69d7852d6579952825c9f90a27129f92d22 Mon Sep 17 00:00:00 2001
-From: Cristian Stoica <cristian.stoica@nxp.com>
-Date: Tue, 13 Jun 2017 11:13:33 +0300
-Subject: [PATCH 9/9] add support for composite TLS10(SHA1,AES) algorithm
- offload
-
-This adds support for composite algorithm offload as a primitive
-crypto (cipher + hmac) operation.
-
-It requires kernel support for tls10(hmac(sha1),cbc(aes)) algorithm
-provided either in software or accelerated by hardware such as
-Freescale B*, P* and T* platforms.
-
-Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
----
- crypto/cryptodev.h | 1 +
- ioctl.c | 5 +++++
- 2 files changed, 6 insertions(+)
-
-diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
-index 7fb9c7d..c0e8cd4 100644
---- a/crypto/cryptodev.h
-+++ b/crypto/cryptodev.h
-@@ -50,6 +50,7 @@ enum cryptodev_crypto_op_t {
- CRYPTO_SHA2_384,
- CRYPTO_SHA2_512,
- CRYPTO_SHA2_224_HMAC,
-+ CRYPTO_TLS10_AES_CBC_HMAC_SHA1,
- CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
- };
-
-diff --git a/ioctl.c b/ioctl.c
-index 8b0df4e..998f51a 100644
---- a/ioctl.c
-+++ b/ioctl.c
-@@ -159,6 +159,11 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
- stream = 1;
- aead = 1;
- break;
-+ case CRYPTO_TLS10_AES_CBC_HMAC_SHA1:
-+ alg_name = "tls10(hmac(sha1),cbc(aes))";
-+ stream = 0;
-+ aead = 1;
-+ break;
- case CRYPTO_NULL:
- alg_name = "ecb(cipher_null)";
- stream = 1;
---
-2.7.4
-