openssl: update to latest stable version

package/openssl/Makefile

@@ -4,9 +4,9 @@
 include ${ADK_TOPDIR}/rules.mk
 
 PKG_NAME:=		openssl
-PKG_VERSION:=		1.0.2d
+PKG_VERSION:=		1.0.2e
 PKG_RELEASE:=		1
-PKG_HASH:=		671c36487785628a703374c652ad2cebea45fa920ae5681515df25d9f2c9a8c8
+PKG_HASH:=		e23ccafdb75cfcde782da0151731aa2185195ac745eea3846133f2e05c0e0bff
 PKG_DESCR:=		secure socket layer libraries
 PKG_SECTION:=		libs/crypto
 PKG_DEPENDS:=		zlib
@@ -42,7 +42,7 @@ ALL_TARGET+=		build-shared
 TARGET_CFLAGS+=		-ldl
 endif
 
-OPENSSL_OPTIONS+= threads no-err no-krb5 no-engines no-camellia no-idea no-rc5 no-mdc2 no-sha0 no-smime no-aes192 no-cast
+OPENSSL_OPTIONS+= threads no-err no-krb5 no-engines no-rc5 no-sha0 no-smime no-aes192
 
 HOST_STYLE:=		manual
 CONFIG_STYLE:=		manual

package/openssl/patches/patch-crypto_engine_eng_cryptodev_c

@@ -1,2539 +0,0 @@
---- openssl-1.0.2a.orig/crypto/engine/eng_cryptodev.c	2015-03-19 14:30:36.000000000 +0100
-+++ openssl-1.0.2a/crypto/engine/eng_cryptodev.c	2015-02-02 21:02:31.009892700 +0100
-@@ -2,6 +2,7 @@
-  * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
-  * Copyright (c) 2002 Theo de Raadt
-  * Copyright (c) 2002 Markus Friedl
-+ * Copyright (c) 2012 Nikos Mavrogiannopoulos
-  * All rights reserved.
-  *
-  * Redistribution and use in source and binary forms, with or without
-@@ -32,8 +33,8 @@
- #include <openssl/bn.h>
- 
- #if (defined(__unix__) || defined(unix)) && !defined(USG) && \
--        (defined(OpenBSD) || defined(__FreeBSD__))
--# include <sys/param.h>
-+	(defined(OpenBSD) || defined(__FreeBSD__))
-+#include <sys/param.h>
- # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
- #  define HAVE_CRYPTODEV
- # endif
-@@ -44,39 +45,40 @@
- 
- #ifndef HAVE_CRYPTODEV
- 
--void ENGINE_load_cryptodev(void)
-+void
-+ENGINE_load_cryptodev(void)
- {
--    /* This is a NOP on platforms without /dev/crypto */
--    return;
-+	/* This is a NOP on platforms without /dev/crypto */
-+	return;
- }
- 
--#else
--
--# include <sys/types.h>
--# include <crypto/cryptodev.h>
--# include <openssl/dh.h>
--# include <openssl/dsa.h>
--# include <openssl/err.h>
--# include <openssl/rsa.h>
--# include <sys/ioctl.h>
--# include <errno.h>
--# include <stdio.h>
--# include <unistd.h>
--# include <fcntl.h>
--# include <stdarg.h>
--# include <syslog.h>
--# include <errno.h>
--# include <string.h>
-+#else 
-+ 
-+#include <sys/types.h>
-+#include <crypto/cryptodev.h>
-+#include <crypto/dh/dh.h>
-+#include <crypto/dsa/dsa.h>
-+#include <crypto/err/err.h>
-+#include <crypto/rsa/rsa.h>
-+#include <sys/ioctl.h>
-+#include <errno.h>
-+#include <stdio.h>
-+#include <unistd.h>
-+#include <fcntl.h>
-+#include <stdarg.h>
-+#include <syslog.h>
-+#include <errno.h>
-+#include <string.h>
- 
- struct dev_crypto_state {
--    struct session_op d_sess;
--    int d_fd;
--# ifdef USE_CRYPTODEV_DIGESTS
--    char dummy_mac_key[HASH_MAX_LEN];
--    unsigned char digest_res[HASH_MAX_LEN];
--    char *mac_data;
--    int mac_len;
--# endif
-+	struct session_op d_sess;
-+	int d_fd;
-+
-+#ifdef USE_CRYPTODEV_DIGESTS
-+	unsigned char digest_res[64];
-+	char *mac_data;
-+	int mac_len;
-+#endif
- };
- 
- static u_int32_t cryptodev_asymfeat = 0;
-@@ -85,196 +87,153 @@ static int get_asym_dev_crypto(void);
- static int open_dev_crypto(void);
- static int get_dev_crypto(void);
- static int get_cryptodev_ciphers(const int **cnids);
--# ifdef USE_CRYPTODEV_DIGESTS
-+#ifdef USE_CRYPTODEV_DIGESTS
- static int get_cryptodev_digests(const int **cnids);
--# endif
-+#endif
- static int cryptodev_usable_ciphers(const int **nids);
- static int cryptodev_usable_digests(const int **nids);
- static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
--                            const unsigned char *in, size_t inl);
-+    const unsigned char *in, size_t inl);
- static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
--                              const unsigned char *iv, int enc);
-+    const unsigned char *iv, int enc);
- static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
- static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
--                                    const int **nids, int nid);
-+    const int **nids, int nid);
- static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
--                                    const int **nids, int nid);
-+    const int **nids, int nid);
- static int bn2crparam(const BIGNUM *a, struct crparam *crp);
- static int crparam2bn(struct crparam *crp, BIGNUM *a);
- static void zapparams(struct crypt_kop *kop);
- static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
--                          int slen, BIGNUM *s);
-+    int slen, BIGNUM *s);
- 
- static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
--                                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
--                                BN_MONT_CTX *m_ctx);
--static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
--                                       BN_CTX *ctx);
--static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
--                                 BN_CTX *ctx);
-+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-+static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
-+    RSA *rsa, BN_CTX *ctx);
-+static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
- static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
--                                    const BIGNUM *p, const BIGNUM *m,
--                                    BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
- static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
--                                     BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2,
--                                     BIGNUM *p, BN_CTX *ctx,
--                                     BN_MONT_CTX *mont);
--static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
--                                      DSA *dsa);
-+    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
-+    BN_CTX *ctx, BN_MONT_CTX *mont);
-+static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,
-+    int dlen, DSA *dsa);
- static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
--                                DSA_SIG *sig, DSA *dsa);
-+    DSA_SIG *sig, DSA *dsa);
- static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
--                                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
--                                BN_MONT_CTX *m_ctx);
--static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
--                                    DH *dh);
-+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-+    BN_MONT_CTX *m_ctx);
-+static int cryptodev_dh_compute_key(unsigned char *key,
-+    const BIGNUM *pub_key, DH *dh);
- static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
--                          void (*f) (void));
-+    void (*f)(void));
- void ENGINE_load_cryptodev(void);
- 
- static const ENGINE_CMD_DEFN cryptodev_defns[] = {
--    {0, NULL, NULL, 0}
-+	{ 0, NULL, NULL, 0 }
- };
- 
- static struct {
--    int id;
--    int nid;
--    int ivmax;
--    int keylen;
-+	int	id;
-+	int	nid;
-+	int	ivmax;
-+	int	keylen;
- } ciphers[] = {
--    {
--        CRYPTO_ARC4, NID_rc4, 0, 16,
--    },
--    {
--        CRYPTO_DES_CBC, NID_des_cbc, 8, 8,
--    },
--    {
--        CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24,
--    },
--    {
--        CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16,
--    },
--    {
--        CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24,
--    },
--    {
--        CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32,
--    },
--# ifdef CRYPTO_AES_CTR
--    {
--        CRYPTO_AES_CTR, NID_aes_128_ctr, 14, 16,
--    },
--    {
--        CRYPTO_AES_CTR, NID_aes_192_ctr, 14, 24,
--    },
--    {
--        CRYPTO_AES_CTR, NID_aes_256_ctr, 14, 32,
--    },
--# endif
--    {
--        CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16,
--    },
--    {
--        CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16,
--    },
--    {
--        CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0,
--    },
--    {
--        0, NID_undef, 0, 0,
--    },
-+	{ CRYPTO_ARC4,			NID_rc4,		0,	16, },
-+	{ CRYPTO_DES_CBC,		NID_des_cbc,		8,	 8, },
-+	{ CRYPTO_3DES_CBC,		NID_des_ede3_cbc,	8,	24, },
-+	{ CRYPTO_AES_CBC,		NID_aes_128_cbc,	16,	16, },
-+	{ CRYPTO_AES_CBC,		NID_aes_192_cbc,	16,	24, },
-+	{ CRYPTO_AES_CBC,		NID_aes_256_cbc,	16,	32, },
-+	{ CRYPTO_BLF_CBC,		NID_bf_cbc,		8,	16, },
-+	{ CRYPTO_CAST_CBC,		NID_cast5_cbc,		8,	16, },
-+	{ CRYPTO_SKIPJACK_CBC,		NID_undef,		0,	 0, },
-+	{ 0,				NID_undef,		0,	 0, },
- };
- 
--# ifdef USE_CRYPTODEV_DIGESTS
-+#ifdef USE_CRYPTODEV_DIGESTS
- static struct {
--    int id;
--    int nid;
--    int keylen;
-+	int	id;
-+	int	nid;
-+	int 	digestlen;
- } digests[] = {
--    {
--        CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16
--    },
--    {
--        CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20
--    },
--    {
--        CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16
--        /* ? */
--    },
--    {
--        CRYPTO_MD5_KPDK, NID_undef, 0
--    },
--    {
--        CRYPTO_SHA1_KPDK, NID_undef, 0
--    },
--    {
--        CRYPTO_MD5, NID_md5, 16
--    },
--    {
--        CRYPTO_SHA1, NID_sha1, 20
--    },
--    {
--        0, NID_undef, 0
--    },
-+#if 0
-+        /* HMAC is not supported */
-+	{ CRYPTO_MD5_HMAC,		NID_hmacWithMD5,	16},
-+	{ CRYPTO_SHA1_HMAC,		NID_hmacWithSHA1,	20},
-+	{ CRYPTO_SHA2_256_HMAC,		NID_hmacWithSHA256,	32},
-+	{ CRYPTO_SHA2_384_HMAC,		NID_hmacWithSHA384,	48},
-+	{ CRYPTO_SHA2_512_HMAC,		NID_hmacWithSHA512,	64},
-+#endif
-+	{ CRYPTO_MD5,			NID_md5,		16},
-+	{ CRYPTO_SHA1,			NID_sha1,		20},
-+	{ CRYPTO_SHA2_256,		NID_sha256,		32},
-+	{ CRYPTO_SHA2_384,		NID_sha384,		48},
-+	{ CRYPTO_SHA2_512,		NID_sha512,		64},
-+	{ 0,				NID_undef,		0},
- };
--# endif
-+#endif
- 
- /*
-  * Return a fd if /dev/crypto seems usable, 0 otherwise.
-  */
--static int open_dev_crypto(void)
-+static int
-+open_dev_crypto(void)
- {
--    static int fd = -1;
-+	static int fd = -1;
- 
--    if (fd == -1) {
--        if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
--            return (-1);
--        /* close on exec */
--        if (fcntl(fd, F_SETFD, 1) == -1) {
--            close(fd);
--            fd = -1;
--            return (-1);
--        }
--    }
--    return (fd);
-+	if (fd == -1) {
-+		if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
-+			return (-1);
-+		/* close on exec */
-+		if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) {
-+			close(fd);
-+			fd = -1;
-+			return (-1);
-+		}
-+	}
-+	return (fd);
- }
- 
--static int get_dev_crypto(void)
-+static int
-+get_dev_crypto(void)
- {
--    int fd, retfd;
-+	int fd, retfd;
- 
--    if ((fd = open_dev_crypto()) == -1)
--        return (-1);
--# ifndef CRIOGET_NOT_NEEDED
--    if (ioctl(fd, CRIOGET, &retfd) == -1)
--        return (-1);
-+	if ((fd = open_dev_crypto()) == -1)
-+		return (-1);
-+#ifndef CRIOGET_NOT_NEEDED
-+	if (ioctl(fd, CRIOGET, &retfd) == -1)
-+		return (-1);
- 
--    /* close on exec */
--    if (fcntl(retfd, F_SETFD, 1) == -1) {
--        close(retfd);
--        return (-1);
--    }
--# else
--    retfd = fd;
--# endif
--    return (retfd);
-+	/* close on exec */
-+	if (fcntl(retfd, F_SETFD, 1) == -1) {
-+		close(retfd);
-+		return (-1);
-+	}
-+#else
-+        retfd = fd;
-+#endif
-+	return (retfd);
- }
- 
- static void put_dev_crypto(int fd)
- {
--# ifndef CRIOGET_NOT_NEEDED
--    close(fd);
--# endif
-+#ifndef CRIOGET_NOT_NEEDED
-+	close(fd);
-+#endif
- }
- 
- /* Caching version for asym operations */
--static int get_asym_dev_crypto(void)
-+static int
-+get_asym_dev_crypto(void)
- {
--    static int fd = -1;
-+	static int fd = -1;
- 
--    if (fd == -1)
--        fd = get_dev_crypto();
--    return fd;
-+	if (fd == -1)
-+		fd = get_dev_crypto();
-+	return fd;
- }
- 
- /*
-@@ -283,76 +242,80 @@ static int get_asym_dev_crypto(void)
-  * returning them here is harmless, as long as we return NULL
-  * when asked for a handler in the cryptodev_engine_ciphers routine
-  */
--static int get_cryptodev_ciphers(const int **cnids)
-+static int
-+get_cryptodev_ciphers(const int **cnids)
- {
--    static int nids[CRYPTO_ALGORITHM_MAX];
--    struct session_op sess;
--    int fd, i, count = 0;
-+	static int nids[CRYPTO_ALGORITHM_MAX];
-+	struct session_op sess;
-+	int fd, i, count = 0;
-+	unsigned char fake_key[EVP_MAX_KEY_LENGTH];
- 
--    if ((fd = get_dev_crypto()) < 0) {
--        *cnids = NULL;
--        return (0);
--    }
--    memset(&sess, 0, sizeof(sess));
--    sess.key = (caddr_t) "123456789abcdefghijklmno";
-+	if ((fd = get_dev_crypto()) < 0) {
-+		*cnids = NULL;
-+		return (0);
-+	}
-+	memset(&sess, 0, sizeof(sess));
-+	sess.key = (void*)fake_key;
- 
--    for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
--        if (ciphers[i].nid == NID_undef)
--            continue;
--        sess.cipher = ciphers[i].id;
--        sess.keylen = ciphers[i].keylen;
--        sess.mac = 0;
--        if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
--            ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
--            nids[count++] = ciphers[i].nid;
--    }
--    put_dev_crypto(fd);
-+	for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
-+		if (ciphers[i].nid == NID_undef)
-+			continue;
-+		sess.cipher = ciphers[i].id;
-+		sess.keylen = ciphers[i].keylen;
-+		sess.mac = 0;
-+		if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
-+		    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
-+			nids[count++] = ciphers[i].nid;
-+	}
-+	put_dev_crypto(fd);
- 
--    if (count > 0)
--        *cnids = nids;
--    else
--        *cnids = NULL;
--    return (count);
-+	if (count > 0)
-+		*cnids = nids;
-+	else
-+		*cnids = NULL;
-+	return (count);
- }
- 
--# ifdef USE_CRYPTODEV_DIGESTS
-+#ifdef USE_CRYPTODEV_DIGESTS
- /*
-  * Find out what digests /dev/crypto will let us have a session for.
-  * XXX note, that some of these openssl doesn't deal with yet!
-  * returning them here is harmless, as long as we return NULL
-  * when asked for a handler in the cryptodev_engine_digests routine
-  */
--static int get_cryptodev_digests(const int **cnids)
-+static int
-+get_cryptodev_digests(const int **cnids)
- {
--    static int nids[CRYPTO_ALGORITHM_MAX];
--    struct session_op sess;
--    int fd, i, count = 0;
-+	static int nids[CRYPTO_ALGORITHM_MAX];
-+	unsigned char fake_key[EVP_MAX_KEY_LENGTH];
-+	struct session_op sess;
-+	int fd, i, count = 0;
- 
--    if ((fd = get_dev_crypto()) < 0) {
--        *cnids = NULL;
--        return (0);
--    }
--    memset(&sess, 0, sizeof(sess));
--    sess.mackey = (caddr_t) "123456789abcdefghijklmno";
--    for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
--        if (digests[i].nid == NID_undef)
--            continue;
--        sess.mac = digests[i].id;
--        sess.mackeylen = digests[i].keylen;
--        sess.cipher = 0;
--        if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
--            ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
--            nids[count++] = digests[i].nid;
--    }
--    put_dev_crypto(fd);
-+	if ((fd = get_dev_crypto()) < 0) {
-+		*cnids = NULL;
-+		return (0);
-+	}
-+	memset(&sess, 0, sizeof(sess));
-+	sess.mackey = fake_key;
-+	for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
-+		if (digests[i].nid == NID_undef)
-+			continue;
-+		sess.mac = digests[i].id;
-+		sess.mackeylen = 8;
-+		sess.cipher = 0;
-+		if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
-+		    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
-+			nids[count++] = digests[i].nid;
-+	}
-+	put_dev_crypto(fd);
- 
--    if (count > 0)
--        *cnids = nids;
--    else
--        *cnids = NULL;
--    return (count);
-+	if (count > 0)
-+		*cnids = nids;
-+	else
-+		*cnids = NULL;
-+	return (count);
- }
--# endif                         /* 0 */
-+#endif  /* 0 */
- 
- /*
-  * Find the useable ciphers|digests from dev/crypto - this is the first
-@@ -375,158 +338,161 @@ static int get_cryptodev_digests(const i
-  * want most of the decisions made about what we actually want
-  * to use from /dev/crypto.
-  */
--static int cryptodev_usable_ciphers(const int **nids)
-+static int
-+cryptodev_usable_ciphers(const int **nids)
- {
--    return (get_cryptodev_ciphers(nids));
-+	return (get_cryptodev_ciphers(nids));
- }
- 
--static int cryptodev_usable_digests(const int **nids)
-+static int
-+cryptodev_usable_digests(const int **nids)
- {
--# ifdef USE_CRYPTODEV_DIGESTS
--    return (get_cryptodev_digests(nids));
--# else
--    /*
--     * XXXX just disable all digests for now, because it sucks.
--     * we need a better way to decide this - i.e. I may not
--     * want digests on slow cards like hifn on fast machines,
--     * but might want them on slow or loaded machines, etc.
--     * will also want them when using crypto cards that don't
--     * suck moose gonads - would be nice to be able to decide something
--     * as reasonable default without having hackery that's card dependent.
--     * of course, the default should probably be just do everything,
--     * with perhaps a sysctl to turn algoritms off (or have them off
--     * by default) on cards that generally suck like the hifn.
--     */
--    *nids = NULL;
--    return (0);
--# endif
-+#ifdef USE_CRYPTODEV_DIGESTS
-+	return (get_cryptodev_digests(nids));
-+#else
-+	/*
-+	 * XXXX just disable all digests for now, because it sucks.
-+	 * we need a better way to decide this - i.e. I may not
-+	 * want digests on slow cards like hifn on fast machines,
-+	 * but might want them on slow or loaded machines, etc.
-+	 * will also want them when using crypto cards that don't
-+	 * suck moose gonads - would be nice to be able to decide something
-+	 * as reasonable default without having hackery that's card dependent.
-+	 * of course, the default should probably be just do everything,
-+	 * with perhaps a sysctl to turn algoritms off (or have them off
-+	 * by default) on cards that generally suck like the hifn.
-+	 */
-+	*nids = NULL;
-+	return (0);
-+#endif
- }
- 
- static int
- cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
--                 const unsigned char *in, size_t inl)
-+    const unsigned char *in, size_t inl)
- {
--    struct crypt_op cryp;
--    struct dev_crypto_state *state = ctx->cipher_data;
--    struct session_op *sess = &state->d_sess;
--    const void *iiv;
--    unsigned char save_iv[EVP_MAX_IV_LENGTH];
-+	struct crypt_op cryp;
-+	struct dev_crypto_state *state = ctx->cipher_data;
-+	struct session_op *sess = &state->d_sess;
-+	const void *iiv;
-+	unsigned char save_iv[EVP_MAX_IV_LENGTH];
- 
--    if (state->d_fd < 0)
--        return (0);
--    if (!inl)
--        return (1);
--    if ((inl % ctx->cipher->block_size) != 0)
--        return (0);
-+	if (state->d_fd < 0)
-+		return (0);
-+	if (!inl)
-+		return (1);
-+	if ((inl % ctx->cipher->block_size) != 0)
-+		return (0);
- 
--    memset(&cryp, 0, sizeof(cryp));
-+	memset(&cryp, 0, sizeof(cryp));
- 
--    cryp.ses = sess->ses;
--    cryp.flags = 0;
--    cryp.len = inl;
--    cryp.src = (caddr_t) in;
--    cryp.dst = (caddr_t) out;
--    cryp.mac = 0;
-+	cryp.ses = sess->ses;
-+	cryp.flags = 0;
-+	cryp.len = inl;
-+	cryp.src = (void*) in;
-+	cryp.dst = (void*) out;
-+	cryp.mac = 0;
- 
--    cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-+	cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
- 
--    if (ctx->cipher->iv_len) {
--        cryp.iv = (caddr_t) ctx->iv;
--        if (!ctx->encrypt) {
--            iiv = in + inl - ctx->cipher->iv_len;
--            memcpy(save_iv, iiv, ctx->cipher->iv_len);
--        }
--    } else
--        cryp.iv = NULL;
-+	if (ctx->cipher->iv_len) {
-+		cryp.iv = (void*) ctx->iv;
-+		if (!ctx->encrypt) {
-+			iiv = in + inl - ctx->cipher->iv_len;
-+			memcpy(save_iv, iiv, ctx->cipher->iv_len);
-+		}
-+	} else
-+		cryp.iv = NULL;
- 
--    if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
--        /*
--         * XXX need better errror handling this can fail for a number of
--         * different reasons.
--         */
--        return (0);
--    }
-+	if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
-+		/* XXX need better errror handling
-+		 * this can fail for a number of different reasons.
-+		 */
-+		return (0);
-+	}
- 
--    if (ctx->cipher->iv_len) {
--        if (ctx->encrypt)
--            iiv = out + inl - ctx->cipher->iv_len;
--        else
--            iiv = save_iv;
--        memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
--    }
--    return (1);
-+	if (ctx->cipher->iv_len) {
-+		if (ctx->encrypt)
-+			iiv = out + inl - ctx->cipher->iv_len;
-+		else
-+			iiv = save_iv;
-+		memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
-+	}
-+	return (1);
- }
- 
- static int
- cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
--                   const unsigned char *iv, int enc)
-+    const unsigned char *iv, int enc)
- {
--    struct dev_crypto_state *state = ctx->cipher_data;
--    struct session_op *sess = &state->d_sess;
--    int cipher = -1, i;
-+	struct dev_crypto_state *state = ctx->cipher_data;
-+	struct session_op *sess = &state->d_sess;
-+	int cipher = -1, i;
- 
--    for (i = 0; ciphers[i].id; i++)
--        if (ctx->cipher->nid == ciphers[i].nid &&
--            ctx->cipher->iv_len <= ciphers[i].ivmax &&
--            ctx->key_len == ciphers[i].keylen) {
--            cipher = ciphers[i].id;
--            break;
--        }
-+	for (i = 0; ciphers[i].id; i++)
-+		if (ctx->cipher->nid == ciphers[i].nid &&
-+		    ctx->cipher->iv_len <= ciphers[i].ivmax &&
-+		    ctx->key_len == ciphers[i].keylen) {
-+			cipher = ciphers[i].id;
-+			break;
-+		}
- 
--    if (!ciphers[i].id) {
--        state->d_fd = -1;
--        return (0);
--    }
-+	if (!ciphers[i].id) {
-+		state->d_fd = -1;
-+		return (0);
-+	}
- 
--    memset(sess, 0, sizeof(struct session_op));
-+	memset(sess, 0, sizeof(struct session_op));
- 
--    if ((state->d_fd = get_dev_crypto()) < 0)
--        return (0);
-+	if ((state->d_fd = get_dev_crypto()) < 0)
-+		return (0);
- 
--    sess->key = (caddr_t) key;
--    sess->keylen = ctx->key_len;
--    sess->cipher = cipher;
-+	sess->key = (void*)key;
-+	sess->keylen = ctx->key_len;
-+	sess->cipher = cipher;
- 
--    if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
--        put_dev_crypto(state->d_fd);
--        state->d_fd = -1;
--        return (0);
--    }
--    return (1);
-+	if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
-+		put_dev_crypto(state->d_fd);
-+		state->d_fd = -1;
-+		return (0);
-+	}
-+	return (1);
- }
- 
- /*
-  * free anything we allocated earlier when initting a
-  * session, and close the session.
-  */
--static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
-+static int
-+cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
- {
--    int ret = 0;
--    struct dev_crypto_state *state = ctx->cipher_data;
--    struct session_op *sess = &state->d_sess;
-+	int ret = 0;
-+	struct dev_crypto_state *state = ctx->cipher_data;
-+	struct session_op *sess = &state->d_sess;
- 
--    if (state->d_fd < 0)
--        return (0);
-+	if (state->d_fd < 0)
-+		return (0);
- 
--    /*
--     * XXX if this ioctl fails, someting's wrong. the invoker may have called
--     * us with a bogus ctx, or we could have a device that for whatever
--     * reason just doesn't want to play ball - it's not clear what's right
--     * here - should this be an error? should it just increase a counter,
--     * hmm. For right now, we return 0 - I don't believe that to be "right".
--     * we could call the gorpy openssl lib error handlers that print messages
--     * to users of the library. hmm..
--     */
-+	/* XXX if this ioctl fails, someting's wrong. the invoker
-+	 * may have called us with a bogus ctx, or we could
-+	 * have a device that for whatever reason just doesn't
-+	 * want to play ball - it's not clear what's right
-+	 * here - should this be an error? should it just
-+	 * increase a counter, hmm. For right now, we return
-+	 * 0 - I don't believe that to be "right". we could
-+	 * call the gorpy openssl lib error handlers that
-+	 * print messages to users of the library. hmm..
-+	 */
- 
--    if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
--        ret = 0;
--    } else {
--        ret = 1;
--    }
--    put_dev_crypto(state->d_fd);
--    state->d_fd = -1;
-+	if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
-+		ret = 0;
-+	} else {
-+		ret = 1;
-+	}
-+	put_dev_crypto(state->d_fd);
-+	state->d_fd = -1;
- 
--    return (ret);
-+	return (ret);
- }
- 
- /*
-@@ -536,151 +502,111 @@ static int cryptodev_cleanup(EVP_CIPHER_
- 
- /* RC4 */
- const EVP_CIPHER cryptodev_rc4 = {
--    NID_rc4,
--    1, 16, 0,
--    EVP_CIPH_VARIABLE_LENGTH,
--    cryptodev_init_key,
--    cryptodev_cipher,
--    cryptodev_cleanup,
--    sizeof(struct dev_crypto_state),
--    NULL,
--    NULL,
--    NULL
-+	NID_rc4,
-+	1, 16, 0,
-+	EVP_CIPH_VARIABLE_LENGTH,
-+	cryptodev_init_key,
-+	cryptodev_cipher,
-+	cryptodev_cleanup,
-+	sizeof(struct dev_crypto_state),
-+	NULL,
-+	NULL,
-+	NULL
- };
- 
- /* DES CBC EVP */
- const EVP_CIPHER cryptodev_des_cbc = {
--    NID_des_cbc,
--    8, 8, 8,
--    EVP_CIPH_CBC_MODE,
--    cryptodev_init_key,
--    cryptodev_cipher,
--    cryptodev_cleanup,
--    sizeof(struct dev_crypto_state),
--    EVP_CIPHER_set_asn1_iv,
--    EVP_CIPHER_get_asn1_iv,
--    NULL
-+	NID_des_cbc,
-+	8, 8, 8,
-+	EVP_CIPH_CBC_MODE,
-+	cryptodev_init_key,
-+	cryptodev_cipher,
-+	cryptodev_cleanup,
-+	sizeof(struct dev_crypto_state),
-+	EVP_CIPHER_set_asn1_iv,
-+	EVP_CIPHER_get_asn1_iv,
-+	NULL
- };
- 
- /* 3DES CBC EVP */
- const EVP_CIPHER cryptodev_3des_cbc = {
--    NID_des_ede3_cbc,
--    8, 24, 8,
--    EVP_CIPH_CBC_MODE,
--    cryptodev_init_key,
--    cryptodev_cipher,
--    cryptodev_cleanup,
--    sizeof(struct dev_crypto_state),
--    EVP_CIPHER_set_asn1_iv,
--    EVP_CIPHER_get_asn1_iv,
--    NULL
-+	NID_des_ede3_cbc,
-+	8, 24, 8,
-+	EVP_CIPH_CBC_MODE,
-+	cryptodev_init_key,
-+	cryptodev_cipher,
-+	cryptodev_cleanup,
-+	sizeof(struct dev_crypto_state),
-+	EVP_CIPHER_set_asn1_iv,
-+	EVP_CIPHER_get_asn1_iv,
-+	NULL
- };
- 
- const EVP_CIPHER cryptodev_bf_cbc = {
--    NID_bf_cbc,
--    8, 16, 8,
--    EVP_CIPH_CBC_MODE,
--    cryptodev_init_key,
--    cryptodev_cipher,
--    cryptodev_cleanup,
--    sizeof(struct dev_crypto_state),
--    EVP_CIPHER_set_asn1_iv,
--    EVP_CIPHER_get_asn1_iv,
--    NULL
-+	NID_bf_cbc,
-+	8, 16, 8,
-+	EVP_CIPH_CBC_MODE,
-+	cryptodev_init_key,
-+	cryptodev_cipher,
-+	cryptodev_cleanup,
-+	sizeof(struct dev_crypto_state),
-+	EVP_CIPHER_set_asn1_iv,
-+	EVP_CIPHER_get_asn1_iv,
-+	NULL
- };
- 
- const EVP_CIPHER cryptodev_cast_cbc = {
--    NID_cast5_cbc,
--    8, 16, 8,
--    EVP_CIPH_CBC_MODE,
--    cryptodev_init_key,
--    cryptodev_cipher,
--    cryptodev_cleanup,
--    sizeof(struct dev_crypto_state),
--    EVP_CIPHER_set_asn1_iv,
--    EVP_CIPHER_get_asn1_iv,
--    NULL
-+	NID_cast5_cbc,
-+	8, 16, 8,
-+	EVP_CIPH_CBC_MODE,
-+	cryptodev_init_key,
-+	cryptodev_cipher,
-+	cryptodev_cleanup,
-+	sizeof(struct dev_crypto_state),
-+	EVP_CIPHER_set_asn1_iv,
-+	EVP_CIPHER_get_asn1_iv,
-+	NULL
- };
- 
- const EVP_CIPHER cryptodev_aes_cbc = {
--    NID_aes_128_cbc,
--    16, 16, 16,
--    EVP_CIPH_CBC_MODE,
--    cryptodev_init_key,
--    cryptodev_cipher,
--    cryptodev_cleanup,
--    sizeof(struct dev_crypto_state),
--    EVP_CIPHER_set_asn1_iv,
--    EVP_CIPHER_get_asn1_iv,
--    NULL
-+	NID_aes_128_cbc,
-+	16, 16, 16,
-+	EVP_CIPH_CBC_MODE,
-+	cryptodev_init_key,
-+	cryptodev_cipher,
-+	cryptodev_cleanup,
-+	sizeof(struct dev_crypto_state),
-+	EVP_CIPHER_set_asn1_iv,
-+	EVP_CIPHER_get_asn1_iv,
-+	NULL
- };
- 
- const EVP_CIPHER cryptodev_aes_192_cbc = {
--    NID_aes_192_cbc,
--    16, 24, 16,
--    EVP_CIPH_CBC_MODE,
--    cryptodev_init_key,
--    cryptodev_cipher,
--    cryptodev_cleanup,
--    sizeof(struct dev_crypto_state),
--    EVP_CIPHER_set_asn1_iv,
--    EVP_CIPHER_get_asn1_iv,
--    NULL
-+	NID_aes_192_cbc,
-+	16, 24, 16,
-+	EVP_CIPH_CBC_MODE,
-+	cryptodev_init_key,
-+	cryptodev_cipher,
-+	cryptodev_cleanup,
-+	sizeof(struct dev_crypto_state),
-+	EVP_CIPHER_set_asn1_iv,
-+	EVP_CIPHER_get_asn1_iv,
-+	NULL
- };
- 
- const EVP_CIPHER cryptodev_aes_256_cbc = {
--    NID_aes_256_cbc,
--    16, 32, 16,
--    EVP_CIPH_CBC_MODE,
--    cryptodev_init_key,
--    cryptodev_cipher,
--    cryptodev_cleanup,
--    sizeof(struct dev_crypto_state),
--    EVP_CIPHER_set_asn1_iv,
--    EVP_CIPHER_get_asn1_iv,
--    NULL
--};
--
--# ifdef CRYPTO_AES_CTR
--const EVP_CIPHER cryptodev_aes_ctr = {
--    NID_aes_128_ctr,
--    16, 16, 14,
--    EVP_CIPH_CTR_MODE,
--    cryptodev_init_key,
--    cryptodev_cipher,
--    cryptodev_cleanup,
--    sizeof(struct dev_crypto_state),
--    EVP_CIPHER_set_asn1_iv,
--    EVP_CIPHER_get_asn1_iv,
--    NULL
--};
--
--const EVP_CIPHER cryptodev_aes_ctr_192 = {
--    NID_aes_192_ctr,
--    16, 24, 14,
--    EVP_CIPH_CTR_MODE,
--    cryptodev_init_key,
--    cryptodev_cipher,
--    cryptodev_cleanup,
--    sizeof(struct dev_crypto_state),
--    EVP_CIPHER_set_asn1_iv,
--    EVP_CIPHER_get_asn1_iv,
--    NULL
-+	NID_aes_256_cbc,
-+	16, 32, 16,
-+	EVP_CIPH_CBC_MODE,
-+	cryptodev_init_key,
-+	cryptodev_cipher,
-+	cryptodev_cleanup,
-+	sizeof(struct dev_crypto_state),
-+	EVP_CIPHER_set_asn1_iv,
-+	EVP_CIPHER_get_asn1_iv,
-+	NULL
- };
- 
--const EVP_CIPHER cryptodev_aes_ctr_256 = {
--    NID_aes_256_ctr,
--    16, 32, 14,
--    EVP_CIPH_CTR_MODE,
--    cryptodev_init_key,
--    cryptodev_cipher,
--    cryptodev_cleanup,
--    sizeof(struct dev_crypto_state),
--    EVP_CIPHER_set_asn1_iv,
--    EVP_CIPHER_get_asn1_iv,
--    NULL
--};
--# endif
- /*
-  * Registered by the ENGINE when used to find out how to deal with
-  * a particular NID in the ENGINE. this says what we'll do at the
-@@ -688,316 +614,353 @@ const EVP_CIPHER cryptodev_aes_ctr_256 =
-  */
- static int
- cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
--                         const int **nids, int nid)
-+    const int **nids, int nid)
- {
--    if (!cipher)
--        return (cryptodev_usable_ciphers(nids));
-+	if (!cipher)
-+		return (cryptodev_usable_ciphers(nids));
- 
--    switch (nid) {
--    case NID_rc4:
--        *cipher = &cryptodev_rc4;
--        break;
--    case NID_des_ede3_cbc:
--        *cipher = &cryptodev_3des_cbc;
--        break;
--    case NID_des_cbc:
--        *cipher = &cryptodev_des_cbc;
--        break;
--    case NID_bf_cbc:
--        *cipher = &cryptodev_bf_cbc;
--        break;
--    case NID_cast5_cbc:
--        *cipher = &cryptodev_cast_cbc;
--        break;
--    case NID_aes_128_cbc:
--        *cipher = &cryptodev_aes_cbc;
--        break;
--    case NID_aes_192_cbc:
--        *cipher = &cryptodev_aes_192_cbc;
--        break;
--    case NID_aes_256_cbc:
--        *cipher = &cryptodev_aes_256_cbc;
--        break;
--# ifdef CRYPTO_AES_CTR
--    case NID_aes_128_ctr:
--        *cipher = &cryptodev_aes_ctr;
--        break;
--    case NID_aes_192_ctr:
--        *cipher = &cryptodev_aes_ctr_192;
--        break;
--    case NID_aes_256_ctr:
--        *cipher = &cryptodev_aes_ctr_256;
--        break;
--# endif
--    default:
--        *cipher = NULL;
--        break;
--    }
--    return (*cipher != NULL);
-+	switch (nid) {
-+	case NID_rc4:
-+		*cipher = &cryptodev_rc4;
-+		break;
-+	case NID_des_ede3_cbc:
-+		*cipher = &cryptodev_3des_cbc;
-+		break;
-+	case NID_des_cbc:
-+		*cipher = &cryptodev_des_cbc;
-+		break;
-+	case NID_bf_cbc:
-+		*cipher = &cryptodev_bf_cbc;
-+		break;
-+	case NID_cast5_cbc:
-+		*cipher = &cryptodev_cast_cbc;
-+		break;
-+	case NID_aes_128_cbc:
-+		*cipher = &cryptodev_aes_cbc;
-+		break;
-+	case NID_aes_192_cbc:
-+		*cipher = &cryptodev_aes_192_cbc;
-+		break;
-+	case NID_aes_256_cbc:
-+		*cipher = &cryptodev_aes_256_cbc;
-+		break;
-+	default:
-+		*cipher = NULL;
-+		break;
-+	}
-+	return (*cipher != NULL);
- }
- 
--# ifdef USE_CRYPTODEV_DIGESTS
-+
-+#ifdef USE_CRYPTODEV_DIGESTS
- 
- /* convert digest type to cryptodev */
--static int digest_nid_to_cryptodev(int nid)
-+static int
-+digest_nid_to_cryptodev(int nid)
- {
--    int i;
-+	int i;
- 
--    for (i = 0; digests[i].id; i++)
--        if (digests[i].nid == nid)
--            return (digests[i].id);
--    return (0);
-+	for (i = 0; digests[i].id; i++)
-+		if (digests[i].nid == nid)
-+			return (digests[i].id);
-+	return (0);
- }
- 
--static int digest_key_length(int nid)
--{
--    int i;
--
--    for (i = 0; digests[i].id; i++)
--        if (digests[i].nid == nid)
--            return digests[i].keylen;
--    return (0);
--}
- 
- static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- {
--    struct dev_crypto_state *state = ctx->md_data;
--    struct session_op *sess = &state->d_sess;
--    int digest;
--
--    if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef) {
--        printf("cryptodev_digest_init: Can't get digest \n");
--        return (0);
--    }
-+	struct dev_crypto_state *state = ctx->md_data;
-+	struct session_op *sess = &state->d_sess;
-+	int digest;
- 
--    memset(state, 0, sizeof(struct dev_crypto_state));
-+	if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){
-+		printf("cryptodev_digest_init: Can't get digest \n");
-+		return (0);
-+	}
-+	memset(state, 0, sizeof(struct dev_crypto_state));
- 
--    if ((state->d_fd = get_dev_crypto()) < 0) {
--        printf("cryptodev_digest_init: Can't get Dev \n");
--        return (0);
--    }
-+	if ((state->d_fd = get_dev_crypto()) < 0) {
-+		printf("cryptodev_digest_init: Can't get Dev \n");
-+		return (0);
-+	}
- 
--    sess->mackey = state->dummy_mac_key;
--    sess->mackeylen = digest_key_length(ctx->digest->type);
--    sess->mac = digest;
-+	sess->mackey = NULL;
-+	sess->mackeylen = 0;
-+	sess->mac = digest;
- 
--    if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
--        put_dev_crypto(state->d_fd);
--        state->d_fd = -1;
--        printf("cryptodev_digest_init: Open session failed\n");
--        return (0);
--    }
-+	if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-+		put_dev_crypto(state->d_fd);
-+		state->d_fd = -1;
-+		printf("cryptodev_digest_init: Open session failed\n");
-+		return (0);
-+	}
- 
--    return (1);
-+	return (1);
- }
- 
- static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
--                                   size_t count)
-+		size_t count)
- {
--    struct crypt_op cryp;
--    struct dev_crypto_state *state = ctx->md_data;
--    struct session_op *sess = &state->d_sess;
--
--    if (!data || state->d_fd < 0) {
--        printf("cryptodev_digest_update: illegal inputs \n");
--        return (0);
--    }
-+	struct dev_crypto_state *state = ctx->md_data;
-+	struct crypt_op cryp;
-+	struct session_op *sess = &state->d_sess;
- 
--    if (!count) {
--        return (0);
--    }
-+	if (!data || state->d_fd < 0) {
-+		printf("cryptodev_digest_update: illegal inputs \n");
-+		return (0);
-+	}
- 
--    if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
--        /* if application doesn't support one buffer */
--        state->mac_data =
--            OPENSSL_realloc(state->mac_data, state->mac_len + count);
-+	if (!count) {
-+		return (1);
-+	}
- 
--        if (!state->mac_data) {
--            printf("cryptodev_digest_update: realloc failed\n");
--            return (0);
--        }
-+	if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
-+		/* if application doesn't support one buffer */
-+		state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count);
- 
--        memcpy(state->mac_data + state->mac_len, data, count);
--        state->mac_len += count;
-+		if (!state->mac_data) {
-+			printf("cryptodev_digest_update: realloc failed\n");
-+			return (0);
-+		}
- 
--        return (1);
--    }
-+		memcpy(state->mac_data + state->mac_len, data, count);
-+   		state->mac_len += count;
-+	
-+		return (1);
-+	}
- 
--    memset(&cryp, 0, sizeof(cryp));
-+	memset(&cryp, 0, sizeof(cryp));
- 
--    cryp.ses = sess->ses;
--    cryp.flags = 0;
--    cryp.len = count;
--    cryp.src = (caddr_t) data;
--    cryp.dst = NULL;
--    cryp.mac = (caddr_t) state->digest_res;
--    if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
--        printf("cryptodev_digest_update: digest failed\n");
--        return (0);
--    }
--    return (1);
-+	cryp.ses = sess->ses;
-+	cryp.flags = 0;
-+	cryp.len = count;
-+	cryp.src = (void*) data;
-+	cryp.dst = NULL;
-+	cryp.mac = (void*) state->digest_res;
-+	if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-+		printf("cryptodev_digest_update: digest failed\n");
-+		return (0);
-+	}
-+	return (1);
- }
- 
-+
- static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
- {
--    struct crypt_op cryp;
--    struct dev_crypto_state *state = ctx->md_data;
--    struct session_op *sess = &state->d_sess;
--
--    int ret = 1;
-+	struct crypt_op cryp;
-+	struct dev_crypto_state *state = ctx->md_data;
-+	struct session_op *sess = &state->d_sess;
- 
--    if (!md || state->d_fd < 0) {
--        printf("cryptodev_digest_final: illegal input\n");
--        return (0);
--    }
-+	if (!md || state->d_fd < 0) {
-+		printf("cryptodev_digest_final: illegal input\n");
-+		return(0);
-+	}
- 
--    if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
--        /* if application doesn't support one buffer */
--        memset(&cryp, 0, sizeof(cryp));
--        cryp.ses = sess->ses;
--        cryp.flags = 0;
--        cryp.len = state->mac_len;
--        cryp.src = state->mac_data;
--        cryp.dst = NULL;
--        cryp.mac = (caddr_t) md;
--        if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
--            printf("cryptodev_digest_final: digest failed\n");
--            return (0);
--        }
-+	if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
-+		/* if application doesn't support one buffer */
-+		memset(&cryp, 0, sizeof(cryp));
-+		cryp.ses = sess->ses;
-+		cryp.flags = 0;
-+		cryp.len = state->mac_len;
-+		cryp.src = state->mac_data;
-+		cryp.dst = NULL;
-+		cryp.mac = (void*)md;
-+		if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-+			printf("cryptodev_digest_final: digest failed\n");
-+			return (0);
-+		}
- 
--        return 1;
--    }
-+		return 1;
-+	}
- 
--    memcpy(md, state->digest_res, ctx->digest->md_size);
-+	memcpy(md, state->digest_res, ctx->digest->md_size);
- 
--    return (ret);
-+	return 1;
- }
- 
-+
- static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
- {
--    int ret = 1;
--    struct dev_crypto_state *state = ctx->md_data;
--    struct session_op *sess = &state->d_sess;
-+	int ret = 1;
-+	struct dev_crypto_state *state = ctx->md_data;
-+	struct session_op *sess = &state->d_sess;
- 
--    if (state == NULL)
--        return 0;
-+	if (state == NULL)
-+	  return 0;
- 
--    if (state->d_fd < 0) {
--        printf("cryptodev_digest_cleanup: illegal input\n");
--        return (0);
--    }
-+	if (state->d_fd < 0) {
-+		printf("cryptodev_digest_cleanup: illegal input\n");
-+		return (0);
-+	}
- 
--    if (state->mac_data) {
--        OPENSSL_free(state->mac_data);
--        state->mac_data = NULL;
--        state->mac_len = 0;
--    }
-+	if (state->mac_data) {
-+		OPENSSL_free(state->mac_data);
-+		state->mac_data = NULL;
-+		state->mac_len = 0;
-+	}
- 
--    if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
--        printf("cryptodev_digest_cleanup: failed to close session\n");
--        ret = 0;
--    } else {
--        ret = 1;
--    }
--    put_dev_crypto(state->d_fd);
--    state->d_fd = -1;
-+	if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
-+		printf("cryptodev_digest_cleanup: failed to close session\n");
-+		ret = 0;
-+	} else {
-+		ret = 1;
-+	}
-+	put_dev_crypto(state->d_fd);	
-+	state->d_fd = -1;
- 
--    return (ret);
-+	return (ret);
- }
- 
--static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
-+static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
- {
--    struct dev_crypto_state *fstate = from->md_data;
--    struct dev_crypto_state *dstate = to->md_data;
--    struct session_op *sess;
--    int digest;
-+	struct dev_crypto_state *fstate = from->md_data;
-+	struct dev_crypto_state *dstate = to->md_data;
-+	struct session_op *sess;
-+	int digest;
- 
--    if (dstate == NULL || fstate == NULL)
--        return 1;
-+	if (dstate == NULL || fstate == NULL)
-+	  return 1;
- 
--    memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
-+       	memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
- 
--    sess = &dstate->d_sess;
-+	sess = &dstate->d_sess;
- 
--    digest = digest_nid_to_cryptodev(to->digest->type);
-+	digest = digest_nid_to_cryptodev(to->digest->type);
- 
--    sess->mackey = dstate->dummy_mac_key;
--    sess->mackeylen = digest_key_length(to->digest->type);
--    sess->mac = digest;
-+	sess->mackey = NULL;
-+	sess->mackeylen = 0;
-+	sess->mac = digest;
- 
--    dstate->d_fd = get_dev_crypto();
-+	dstate->d_fd = get_dev_crypto();
- 
--    if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
--        put_dev_crypto(dstate->d_fd);
--        dstate->d_fd = -1;
--        printf("cryptodev_digest_init: Open session failed\n");
--        return (0);
--    }
-+	if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
-+		put_dev_crypto(dstate->d_fd);
-+		dstate->d_fd = -1;
-+		printf("cryptodev_digest_init: Open session failed\n");
-+		return (0);
-+	}
- 
--    if (fstate->mac_len != 0) {
--        if (fstate->mac_data != NULL) {
--            dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
--            memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
--            dstate->mac_len = fstate->mac_len;
--        }
--    }
-+	if (fstate->mac_len != 0) {
-+	        if (fstate->mac_data != NULL)
-+	                {
-+        		dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
-+	        	memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
-+           		dstate->mac_len = fstate->mac_len;
-+	        	}
-+	}
- 
--    return 1;
-+	return 1;
- }
- 
--const EVP_MD cryptodev_sha1 = {
--    NID_sha1,
--    NID_undef,
--    SHA_DIGEST_LENGTH,
--    EVP_MD_FLAG_ONESHOT,
--    cryptodev_digest_init,
--    cryptodev_digest_update,
--    cryptodev_digest_final,
--    cryptodev_digest_copy,
--    cryptodev_digest_cleanup,
--    EVP_PKEY_NULL_method,
--    SHA_CBLOCK,
--    sizeof(struct dev_crypto_state),
-+
-+static const EVP_MD cryptodev_sha1 = {
-+	NID_sha1,
-+	NID_sha1WithRSAEncryption,
-+	SHA_DIGEST_LENGTH, 
-+	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT,
-+	cryptodev_digest_init,
-+	cryptodev_digest_update,
-+	cryptodev_digest_final,
-+	cryptodev_digest_copy,
-+	cryptodev_digest_cleanup,
-+	EVP_PKEY_RSA_method,
-+	SHA_CBLOCK,
-+	sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
- };
- 
--const EVP_MD cryptodev_md5 = {
--    NID_md5,
--    NID_undef,
--    16 /* MD5_DIGEST_LENGTH */ ,
--    EVP_MD_FLAG_ONESHOT,
--    cryptodev_digest_init,
--    cryptodev_digest_update,
--    cryptodev_digest_final,
--    cryptodev_digest_copy,
--    cryptodev_digest_cleanup,
--    EVP_PKEY_NULL_method,
--    64 /* MD5_CBLOCK */ ,
--    sizeof(struct dev_crypto_state),
-+static const EVP_MD cryptodev_sha256 = {
-+	NID_sha256,
-+	NID_sha256WithRSAEncryption,
-+	SHA256_DIGEST_LENGTH, 
-+	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT,
-+	cryptodev_digest_init,
-+	cryptodev_digest_update,
-+	cryptodev_digest_final,
-+	cryptodev_digest_copy,
-+	cryptodev_digest_cleanup,
-+	EVP_PKEY_RSA_method,
-+	SHA256_CBLOCK,
-+	sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
- };
- 
--# endif                         /* USE_CRYPTODEV_DIGESTS */
-+static const EVP_MD cryptodev_sha384 = {
-+	NID_sha384,
-+	NID_sha384WithRSAEncryption, 
-+	SHA384_DIGEST_LENGTH, 
-+	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT,
-+	cryptodev_digest_init,
-+	cryptodev_digest_update,
-+	cryptodev_digest_final,
-+	cryptodev_digest_copy,
-+	cryptodev_digest_cleanup,
-+	EVP_PKEY_RSA_method,
-+	SHA512_CBLOCK,
-+	sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
-+};
-+
-+static const EVP_MD cryptodev_sha512 = {
-+	NID_sha512,
-+	NID_sha512WithRSAEncryption, 
-+	SHA512_DIGEST_LENGTH, 
-+	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT,
-+	cryptodev_digest_init,
-+	cryptodev_digest_update,
-+	cryptodev_digest_final,
-+	cryptodev_digest_copy,
-+	cryptodev_digest_cleanup,
-+	EVP_PKEY_RSA_method,
-+	SHA512_CBLOCK,
-+	sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
-+};
-+
-+static const EVP_MD cryptodev_md5 = {
-+	NID_md5,
-+	NID_md5WithRSAEncryption, 
-+	16 /* MD5_DIGEST_LENGTH */, 
-+	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT,
-+	cryptodev_digest_init,
-+	cryptodev_digest_update,
-+	cryptodev_digest_final,
-+	cryptodev_digest_copy,
-+	cryptodev_digest_cleanup,
-+	EVP_PKEY_RSA_method,
-+	64 /* MD5_CBLOCK */,
-+	sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
-+};
-+
-+#endif /* USE_CRYPTODEV_DIGESTS */
-+
- 
- static int
- cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
--                         const int **nids, int nid)
-+    const int **nids, int nid)
- {
--    if (!digest)
--        return (cryptodev_usable_digests(nids));
-+	if (!digest)
-+		return (cryptodev_usable_digests(nids));
- 
--    switch (nid) {
--# ifdef USE_CRYPTODEV_DIGESTS
--    case NID_md5:
--        *digest = &cryptodev_md5;
--        break;
--    case NID_sha1:
--        *digest = &cryptodev_sha1;
--        break;
--    default:
--# endif                         /* USE_CRYPTODEV_DIGESTS */
--        *digest = NULL;
--        break;
--    }
--    return (*digest != NULL);
-+	switch (nid) {
-+#ifdef USE_CRYPTODEV_DIGESTS
-+	case NID_md5:
-+		*digest = &cryptodev_md5; 
-+		break;
-+	case NID_sha1:
-+		*digest = &cryptodev_sha1;
-+ 		break;
-+	case NID_sha256:
-+		*digest = &cryptodev_sha256;
-+ 		break;
-+	case NID_sha384:
-+		*digest = &cryptodev_sha384;
-+ 		break;
-+	case NID_sha512:
-+		*digest = &cryptodev_sha512;
-+ 		break;
-+	default:
-+#endif /* USE_CRYPTODEV_DIGESTS */
-+		*digest = NULL;
-+		break;
-+	}
-+	return (*digest != NULL);
- }
- 
- /*
-@@ -1005,423 +968,419 @@ cryptodev_engine_digests(ENGINE *e, cons
-  * Upon completion of use, the caller is responsible for freeing
-  * crp->crp_p.
-  */
--static int bn2crparam(const BIGNUM *a, struct crparam *crp)
-+static int
-+bn2crparam(const BIGNUM *a, struct crparam *crp)
- {
--    int i, j, k;
--    ssize_t bytes, bits;
--    u_char *b;
-+	int i, j, k;
-+	ssize_t bytes, bits;
-+	u_char *b;
- 
--    crp->crp_p = NULL;
--    crp->crp_nbits = 0;
-+	crp->crp_p = NULL;
-+	crp->crp_nbits = 0;
- 
--    bits = BN_num_bits(a);
--    bytes = (bits + 7) / 8;
-+	bits = BN_num_bits(a);
-+	bytes = (bits + 7) / 8;
- 
--    b = malloc(bytes);
--    if (b == NULL)
--        return (1);
--    memset(b, 0, bytes);
-+	b = malloc(bytes);
-+	if (b == NULL)
-+		return (1);
-+	memset(b, 0, bytes);
- 
--    crp->crp_p = (caddr_t) b;
--    crp->crp_nbits = bits;
-+	crp->crp_p = (void*) b;
-+	crp->crp_nbits = bits;
- 
--    for (i = 0, j = 0; i < a->top; i++) {
--        for (k = 0; k < BN_BITS2 / 8; k++) {
--            if ((j + k) >= bytes)
--                return (0);
--            b[j + k] = a->d[i] >> (k * 8);
--        }
--        j += BN_BITS2 / 8;
--    }
--    return (0);
-+	for (i = 0, j = 0; i < a->top; i++) {
-+		for (k = 0; k < BN_BITS2 / 8; k++) {
-+			if ((j + k) >= bytes)
-+				return (0);
-+			b[j + k] = a->d[i] >> (k * 8);
-+		}
-+		j += BN_BITS2 / 8;
-+	}
-+	return (0);
- }
- 
- /* Convert a /dev/crypto parameter to a BIGNUM */
--static int crparam2bn(struct crparam *crp, BIGNUM *a)
-+static int
-+crparam2bn(struct crparam *crp, BIGNUM *a)
- {
--    u_int8_t *pd;
--    int i, bytes;
-+	u_int8_t *pd;
-+	int i, bytes;
- 
--    bytes = (crp->crp_nbits + 7) / 8;
-+	bytes = (crp->crp_nbits + 7) / 8;
- 
--    if (bytes == 0)
--        return (-1);
-+	if (bytes == 0)
-+		return (-1);
- 
--    if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
--        return (-1);
-+	if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
-+		return (-1);
- 
--    for (i = 0; i < bytes; i++)
--        pd[i] = crp->crp_p[bytes - i - 1];
-+	for (i = 0; i < bytes; i++)
-+		pd[i] = crp->crp_p[bytes - i - 1];
- 
--    BN_bin2bn(pd, bytes, a);
--    free(pd);
-+	BN_bin2bn(pd, bytes, a);
-+	free(pd);
- 
--    return (0);
-+	return (0);
- }
- 
--static void zapparams(struct crypt_kop *kop)
-+static void
-+zapparams(struct crypt_kop *kop)
- {
--    int i;
-+	int i;
- 
--    for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
--        if (kop->crk_param[i].crp_p)
--            free(kop->crk_param[i].crp_p);
--        kop->crk_param[i].crp_p = NULL;
--        kop->crk_param[i].crp_nbits = 0;
--    }
-+	for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
-+		if (kop->crk_param[i].crp_p)
-+			free(kop->crk_param[i].crp_p);
-+		kop->crk_param[i].crp_p = NULL;
-+		kop->crk_param[i].crp_nbits = 0;
-+	}
- }
- 
- static int
--cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
--               BIGNUM *s)
-+cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
- {
--    int fd, ret = -1;
-+	int fd, ret = -1;
- 
--    if ((fd = get_asym_dev_crypto()) < 0)
--        return (ret);
-+	if ((fd = get_asym_dev_crypto()) < 0)
-+		return (ret);
- 
--    if (r) {
--        kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
--        kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
--        kop->crk_oparams++;
--    }
--    if (s) {
--        kop->crk_param[kop->crk_iparams + 1].crp_p =
--            calloc(slen, sizeof(char));
--        kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
--        kop->crk_oparams++;
--    }
-+	if (r) {
-+		kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
-+		kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
-+		kop->crk_oparams++;
-+	}
-+	if (s) {
-+		kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
-+		kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
-+		kop->crk_oparams++;
-+	}
- 
--    if (ioctl(fd, CIOCKEY, kop) == 0) {
--        if (r)
--            crparam2bn(&kop->crk_param[kop->crk_iparams], r);
--        if (s)
--            crparam2bn(&kop->crk_param[kop->crk_iparams + 1], s);
--        ret = 0;
--    }
-+	if (ioctl(fd, CIOCKEY, kop) == 0) {
-+		if (r)
-+			crparam2bn(&kop->crk_param[kop->crk_iparams], r);
-+		if (s)
-+			crparam2bn(&kop->crk_param[kop->crk_iparams+1], s);
-+		ret = 0;
-+	}
- 
--    return (ret);
-+	return (ret);
- }
- 
- static int
- cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
--                     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-+    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
--    struct crypt_kop kop;
--    int ret = 1;
-+	struct crypt_kop kop;
-+	int ret = 1;
- 
--    /*
--     * Currently, we know we can do mod exp iff we can do any asymmetric
--     * operations at all.
--     */
--    if (cryptodev_asymfeat == 0) {
--        ret = BN_mod_exp(r, a, p, m, ctx);
--        return (ret);
--    }
-+	/* Currently, we know we can do mod exp iff we can do any
-+	 * asymmetric operations at all.
-+	 */
-+	if (cryptodev_asymfeat == 0) {
-+		ret = BN_mod_exp(r, a, p, m, ctx);
-+		return (ret);
-+	}
- 
--    memset(&kop, 0, sizeof kop);
--    kop.crk_op = CRK_MOD_EXP;
-+	memset(&kop, 0, sizeof kop);
-+	kop.crk_op = CRK_MOD_EXP;
- 
--    /* inputs: a^p % m */
--    if (bn2crparam(a, &kop.crk_param[0]))
--        goto err;
--    if (bn2crparam(p, &kop.crk_param[1]))
--        goto err;
--    if (bn2crparam(m, &kop.crk_param[2]))
--        goto err;
--    kop.crk_iparams = 3;
-+	/* inputs: a^p % m */
-+	if (bn2crparam(a, &kop.crk_param[0]))
-+		goto err;
-+	if (bn2crparam(p, &kop.crk_param[1]))
-+		goto err;
-+	if (bn2crparam(m, &kop.crk_param[2]))
-+		goto err;
-+	kop.crk_iparams = 3;
- 
--    if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
--        const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
--        printf("OCF asym process failed, Running in software\n");
--        ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
-+	if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
-+		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-+		printf("OCF asym process failed, Running in software\n");
-+		ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
- 
--    } else if (ECANCELED == kop.crk_status) {
--        const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
--        printf("OCF hardware operation cancelled. Running in Software\n");
--        ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
--    }
--    /* else cryptodev operation worked ok ==> ret = 1 */
-+	} else if (ECANCELED == kop.crk_status) {
-+		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-+		printf("OCF hardware operation cancelled. Running in Software\n");
-+		ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
-+	}
-+	/* else cryptodev operation worked ok ==> ret = 1*/
- 
-- err:
--    zapparams(&kop);
--    return (ret);
-+err:
-+	zapparams(&kop);
-+	return (ret);
- }
- 
- static int
--cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
--                            BN_CTX *ctx)
-+cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
--    int r;
--    ctx = BN_CTX_new();
--    r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
--    BN_CTX_free(ctx);
--    return (r);
-+	int r;
-+	ctx = BN_CTX_new();
-+	r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
-+	BN_CTX_free(ctx);
-+	return (r);
- }
- 
- static int
- cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
--    struct crypt_kop kop;
--    int ret = 1;
-+	struct crypt_kop kop;
-+	int ret = 1;
- 
--    if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
--        /* XXX 0 means failure?? */
--        return (0);
--    }
-+	if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
-+		/* XXX 0 means failure?? */
-+		return (0);
-+	}
- 
--    memset(&kop, 0, sizeof kop);
--    kop.crk_op = CRK_MOD_EXP_CRT;
--    /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
--    if (bn2crparam(rsa->p, &kop.crk_param[0]))
--        goto err;
--    if (bn2crparam(rsa->q, &kop.crk_param[1]))
--        goto err;
--    if (bn2crparam(I, &kop.crk_param[2]))
--        goto err;
--    if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
--        goto err;
--    if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
--        goto err;
--    if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
--        goto err;
--    kop.crk_iparams = 6;
-+	memset(&kop, 0, sizeof kop);
-+	kop.crk_op = CRK_MOD_EXP_CRT;
-+	/* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
-+	if (bn2crparam(rsa->p, &kop.crk_param[0]))
-+		goto err;
-+	if (bn2crparam(rsa->q, &kop.crk_param[1]))
-+		goto err;
-+	if (bn2crparam(I, &kop.crk_param[2]))
-+		goto err;
-+	if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
-+		goto err;
-+	if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
-+		goto err;
-+	if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
-+		goto err;
-+	kop.crk_iparams = 6;
- 
--    if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
--        const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
--        printf("OCF asym process failed, running in Software\n");
--        ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
-+	if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
-+		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-+		printf("OCF asym process failed, running in Software\n");
-+		ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
- 
--    } else if (ECANCELED == kop.crk_status) {
--        const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
--        printf("OCF hardware operation cancelled. Running in Software\n");
--        ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
--    }
--    /* else cryptodev operation worked ok ==> ret = 1 */
-+	} else if (ECANCELED == kop.crk_status) {
-+		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-+		printf("OCF hardware operation cancelled. Running in Software\n");
-+		ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
-+	}
-+	/* else cryptodev operation worked ok ==> ret = 1*/
- 
-- err:
--    zapparams(&kop);
--    return (ret);
-+err:
-+	zapparams(&kop);
-+	return (ret);
- }
- 
- static RSA_METHOD cryptodev_rsa = {
--    "cryptodev RSA method",
--    NULL,                       /* rsa_pub_enc */
--    NULL,                       /* rsa_pub_dec */
--    NULL,                       /* rsa_priv_enc */
--    NULL,                       /* rsa_priv_dec */
--    NULL,
--    NULL,
--    NULL,                       /* init */
--    NULL,                       /* finish */
--    0,                          /* flags */
--    NULL,                       /* app_data */
--    NULL,                       /* rsa_sign */
--    NULL                        /* rsa_verify */
-+	"cryptodev RSA method",
-+	NULL,				/* rsa_pub_enc */
-+	NULL,				/* rsa_pub_dec */
-+	NULL,				/* rsa_priv_enc */
-+	NULL,				/* rsa_priv_dec */
-+	NULL,
-+	NULL,
-+	NULL,				/* init */
-+	NULL,				/* finish */
-+	0,				/* flags */
-+	NULL,				/* app_data */
-+	NULL,				/* rsa_sign */
-+	NULL				/* rsa_verify */
- };
- 
- static int
- cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
--                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
-+    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
--    return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
-+	return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
- }
- 
- static int
- cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
--                          BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
--                          BN_CTX *ctx, BN_MONT_CTX *mont)
-+    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
-+    BN_CTX *ctx, BN_MONT_CTX *mont)
- {
--    BIGNUM t2;
--    int ret = 0;
-+	BIGNUM t2;
-+	int ret = 0;
- 
--    BN_init(&t2);
-+	BN_init(&t2);
- 
--    /* v = ( g^u1 * y^u2 mod p ) mod q */
--    /* let t1 = g ^ u1 mod p */
--    ret = 0;
-+	/* v = ( g^u1 * y^u2 mod p ) mod q */
-+	/* let t1 = g ^ u1 mod p */
-+	ret = 0;
- 
--    if (!dsa->meth->bn_mod_exp(dsa, t1, dsa->g, u1, dsa->p, ctx, mont))
--        goto err;
-+	if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
-+		goto err;
- 
--    /* let t2 = y ^ u2 mod p */
--    if (!dsa->meth->bn_mod_exp(dsa, &t2, dsa->pub_key, u2, dsa->p, ctx, mont))
--        goto err;
--    /* let u1 = t1 * t2 mod p */
--    if (!BN_mod_mul(u1, t1, &t2, dsa->p, ctx))
--        goto err;
-+	/* let t2 = y ^ u2 mod p */
-+	if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
-+		goto err;
-+	/* let u1 = t1 * t2 mod p */
-+	if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
-+		goto err;
- 
--    BN_copy(t1, u1);
-+	BN_copy(t1,u1);
- 
--    ret = 1;
-- err:
--    BN_free(&t2);
--    return (ret);
-+	ret = 1;
-+err:
-+	BN_free(&t2);
-+	return(ret);
- }
- 
--static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
--                                      DSA *dsa)
-+static DSA_SIG *
-+cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
- {
--    struct crypt_kop kop;
--    BIGNUM *r = NULL, *s = NULL;
--    DSA_SIG *dsaret = NULL;
-+	struct crypt_kop kop;
-+	BIGNUM *r = NULL, *s = NULL;
-+	DSA_SIG *dsaret = NULL;
- 
--    if ((r = BN_new()) == NULL)
--        goto err;
--    if ((s = BN_new()) == NULL) {
--        BN_free(r);
--        goto err;
--    }
-+	if ((r = BN_new()) == NULL)
-+		goto err;
-+	if ((s = BN_new()) == NULL) {
-+		BN_free(r);
-+		goto err;
-+	}
- 
--    memset(&kop, 0, sizeof kop);
--    kop.crk_op = CRK_DSA_SIGN;
-+	memset(&kop, 0, sizeof kop);
-+	kop.crk_op = CRK_DSA_SIGN;
- 
--    /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
--    kop.crk_param[0].crp_p = (caddr_t) dgst;
--    kop.crk_param[0].crp_nbits = dlen * 8;
--    if (bn2crparam(dsa->p, &kop.crk_param[1]))
--        goto err;
--    if (bn2crparam(dsa->q, &kop.crk_param[2]))
--        goto err;
--    if (bn2crparam(dsa->g, &kop.crk_param[3]))
--        goto err;
--    if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
--        goto err;
--    kop.crk_iparams = 5;
-+	/* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-+	kop.crk_param[0].crp_p = (void*)dgst;
-+	kop.crk_param[0].crp_nbits = dlen * 8;
-+	if (bn2crparam(dsa->p, &kop.crk_param[1]))
-+		goto err;
-+	if (bn2crparam(dsa->q, &kop.crk_param[2]))
-+		goto err;
-+	if (bn2crparam(dsa->g, &kop.crk_param[3]))
-+		goto err;
-+	if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
-+		goto err;
-+	kop.crk_iparams = 5;
- 
--    if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
--                       BN_num_bytes(dsa->q), s) == 0) {
--        dsaret = DSA_SIG_new();
--        dsaret->r = r;
--        dsaret->s = s;
--    } else {
--        const DSA_METHOD *meth = DSA_OpenSSL();
--        BN_free(r);
--        BN_free(s);
--        dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);
--    }
-- err:
--    kop.crk_param[0].crp_p = NULL;
--    zapparams(&kop);
--    return (dsaret);
-+	if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
-+	    BN_num_bytes(dsa->q), s) == 0) {
-+		dsaret = DSA_SIG_new();
-+		dsaret->r = r;
-+		dsaret->s = s;
-+	} else {
-+		const DSA_METHOD *meth = DSA_OpenSSL();
-+		BN_free(r);
-+		BN_free(s);
-+		dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
-+	}
-+err:
-+	kop.crk_param[0].crp_p = NULL;
-+	zapparams(&kop);
-+	return (dsaret);
- }
- 
- static int
- cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
--                     DSA_SIG *sig, DSA *dsa)
-+    DSA_SIG *sig, DSA *dsa)
- {
--    struct crypt_kop kop;
--    int dsaret = 1;
-+	struct crypt_kop kop;
-+	int dsaret = 1;
- 
--    memset(&kop, 0, sizeof kop);
--    kop.crk_op = CRK_DSA_VERIFY;
-+	memset(&kop, 0, sizeof kop);
-+	kop.crk_op = CRK_DSA_VERIFY;
- 
--    /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
--    kop.crk_param[0].crp_p = (caddr_t) dgst;
--    kop.crk_param[0].crp_nbits = dlen * 8;
--    if (bn2crparam(dsa->p, &kop.crk_param[1]))
--        goto err;
--    if (bn2crparam(dsa->q, &kop.crk_param[2]))
--        goto err;
--    if (bn2crparam(dsa->g, &kop.crk_param[3]))
--        goto err;
--    if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
--        goto err;
--    if (bn2crparam(sig->r, &kop.crk_param[5]))
--        goto err;
--    if (bn2crparam(sig->s, &kop.crk_param[6]))
--        goto err;
--    kop.crk_iparams = 7;
-+	/* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
-+	kop.crk_param[0].crp_p = (void*)dgst;
-+	kop.crk_param[0].crp_nbits = dlen * 8;
-+	if (bn2crparam(dsa->p, &kop.crk_param[1]))
-+		goto err;
-+	if (bn2crparam(dsa->q, &kop.crk_param[2]))
-+		goto err;
-+	if (bn2crparam(dsa->g, &kop.crk_param[3]))
-+		goto err;
-+	if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
-+		goto err;
-+	if (bn2crparam(sig->r, &kop.crk_param[5]))
-+		goto err;
-+	if (bn2crparam(sig->s, &kop.crk_param[6]))
-+		goto err;
-+	kop.crk_iparams = 7;
- 
--    if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
--        /*
--         * OCF success value is 0, if not zero, change dsaret to fail
--         */
--        if (0 != kop.crk_status)
--            dsaret = 0;
--    } else {
--        const DSA_METHOD *meth = DSA_OpenSSL();
-+	if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-+/*OCF success value is 0, if not zero, change dsaret to fail*/
-+		if(0 != kop.crk_status) dsaret  = 0;
-+	} else {
-+		const DSA_METHOD *meth = DSA_OpenSSL();
- 
--        dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
--    }
-- err:
--    kop.crk_param[0].crp_p = NULL;
--    zapparams(&kop);
--    return (dsaret);
-+		dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
-+	}
-+err:
-+	kop.crk_param[0].crp_p = NULL;
-+	zapparams(&kop);
-+	return (dsaret);
- }
- 
- static DSA_METHOD cryptodev_dsa = {
--    "cryptodev DSA method",
--    NULL,
--    NULL,                       /* dsa_sign_setup */
--    NULL,
--    NULL,                       /* dsa_mod_exp */
--    NULL,
--    NULL,                       /* init */
--    NULL,                       /* finish */
--    0,                          /* flags */
--    NULL                        /* app_data */
-+	"cryptodev DSA method",
-+	NULL,
-+	NULL,				/* dsa_sign_setup */
-+	NULL,
-+	NULL,				/* dsa_mod_exp */
-+	NULL,
-+	NULL,				/* init */
-+	NULL,				/* finish */
-+	0,	/* flags */
-+	NULL	/* app_data */
- };
- 
- static int
- cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
--                     const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
--                     BN_MONT_CTX *m_ctx)
-+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-+    BN_MONT_CTX *m_ctx)
- {
--    return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
-+	return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
- }
- 
- static int
- cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- {
--    struct crypt_kop kop;
--    int dhret = 1;
--    int fd, keylen;
-+	struct crypt_kop kop;
-+	int dhret = 1;
-+	int fd, keylen;
- 
--    if ((fd = get_asym_dev_crypto()) < 0) {
--        const DH_METHOD *meth = DH_OpenSSL();
-+	if ((fd = get_asym_dev_crypto()) < 0) {
-+		const DH_METHOD *meth = DH_OpenSSL();
- 
--        return ((meth->compute_key) (key, pub_key, dh));
--    }
-+		return ((meth->compute_key)(key, pub_key, dh));
-+	}
- 
--    keylen = BN_num_bits(dh->p);
-+	keylen = BN_num_bits(dh->p);
- 
--    memset(&kop, 0, sizeof kop);
--    kop.crk_op = CRK_DH_COMPUTE_KEY;
-+	memset(&kop, 0, sizeof kop);
-+	kop.crk_op = CRK_DH_COMPUTE_KEY;
- 
--    /* inputs: dh->priv_key pub_key dh->p key */
--    if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
--        goto err;
--    if (bn2crparam(pub_key, &kop.crk_param[1]))
--        goto err;
--    if (bn2crparam(dh->p, &kop.crk_param[2]))
--        goto err;
--    kop.crk_iparams = 3;
-+	/* inputs: dh->priv_key pub_key dh->p key */
-+	if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
-+		goto err;
-+	if (bn2crparam(pub_key, &kop.crk_param[1]))
-+		goto err;
-+	if (bn2crparam(dh->p, &kop.crk_param[2]))
-+		goto err;
-+	kop.crk_iparams = 3;
- 
--    kop.crk_param[3].crp_p = (caddr_t) key;
--    kop.crk_param[3].crp_nbits = keylen * 8;
--    kop.crk_oparams = 1;
-+	kop.crk_param[3].crp_p = (void*) key;
-+	kop.crk_param[3].crp_nbits = keylen * 8;
-+	kop.crk_oparams = 1;
- 
--    if (ioctl(fd, CIOCKEY, &kop) == -1) {
--        const DH_METHOD *meth = DH_OpenSSL();
-+	if (ioctl(fd, CIOCKEY, &kop) == -1) {
-+		const DH_METHOD *meth = DH_OpenSSL();
- 
--        dhret = (meth->compute_key) (key, pub_key, dh);
--    }
-- err:
--    kop.crk_param[3].crp_p = NULL;
--    zapparams(&kop);
--    return (dhret);
-+		dhret = (meth->compute_key)(key, pub_key, dh);
-+	}
-+err:
-+	kop.crk_param[3].crp_p = NULL;
-+	zapparams(&kop);
-+	return (dhret);
- }
- 
- static DH_METHOD cryptodev_dh = {
--    "cryptodev DH method",
--    NULL,                       /* cryptodev_dh_generate_key */
--    NULL,
--    NULL,
--    NULL,
--    NULL,
--    0,                          /* flags */
--    NULL                        /* app_data */
-+	"cryptodev DH method",
-+	NULL,				/* cryptodev_dh_generate_key */
-+	NULL,
-+	NULL,
-+	NULL,
-+	NULL,
-+	0,	/* flags */
-+	NULL	/* app_data */
- };
- 
- /*
-@@ -1429,104 +1388,109 @@ static DH_METHOD cryptodev_dh = {
-  * but I expect we'll want some options soon.
-  */
- static int
--cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
-+cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
--# ifdef HAVE_SYSLOG_R
--    struct syslog_data sd = SYSLOG_DATA_INIT;
--# endif
-+#ifdef HAVE_SYSLOG_R
-+	struct syslog_data sd = SYSLOG_DATA_INIT;
-+#endif
- 
--    switch (cmd) {
--    default:
--# ifdef HAVE_SYSLOG_R
--        syslog_r(LOG_ERR, &sd, "cryptodev_ctrl: unknown command %d", cmd);
--# else
--        syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
--# endif
--        break;
--    }
--    return (1);
-+	switch (cmd) {
-+	default:
-+#ifdef HAVE_SYSLOG_R
-+		syslog_r(LOG_ERR, &sd,
-+		    "cryptodev_ctrl: unknown command %d", cmd);
-+#else
-+		syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
-+#endif
-+		break;
-+	}
-+	return (1);
- }
- 
--void ENGINE_load_cryptodev(void)
-+void
-+ENGINE_load_cryptodev(void)
- {
--    ENGINE *engine = ENGINE_new();
--    int fd;
-+	ENGINE *engine = ENGINE_new();
-+	int fd;
- 
--    if (engine == NULL)
--        return;
--    if ((fd = get_dev_crypto()) < 0) {
--        ENGINE_free(engine);
--        return;
--    }
-+	if (engine == NULL)
-+		return;
-+	if ((fd = get_dev_crypto()) < 0) {
-+		ENGINE_free(engine);
-+		return;
-+	}
- 
--    /*
--     * find out what asymmetric crypto algorithms we support
--     */
--    if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
--        put_dev_crypto(fd);
--        ENGINE_free(engine);
--        return;
--    }
--    put_dev_crypto(fd);
-+	/*
-+	 * find out what asymmetric crypto algorithms we support
-+	 */
-+	if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
-+		put_dev_crypto(fd);
-+		ENGINE_free(engine);
-+		return;
-+	}
-+	put_dev_crypto(fd);
- 
--    if (!ENGINE_set_id(engine, "cryptodev") ||
--        !ENGINE_set_name(engine, "BSD cryptodev engine") ||
--        !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
--        !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
--        !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
--        !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
--        ENGINE_free(engine);
--        return;
--    }
-+	if (!ENGINE_set_id(engine, "cryptodev") ||
-+	    !ENGINE_set_name(engine, "cryptodev engine") ||
-+	    !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
-+	    !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
-+	    !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
-+	    !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
-+		ENGINE_free(engine);
-+		return;
-+	}
- 
--    if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
--        const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
-+	if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
-+		const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
- 
--        cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
--        cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
--        cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
--        cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
--        cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
--        cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
--        if (cryptodev_asymfeat & CRF_MOD_EXP) {
--            cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
--            if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
--                cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_mod_exp;
--            else
--                cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_nocrt_mod_exp;
--        }
--    }
-+		cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
-+		cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
-+		cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
-+		cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
-+		cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
-+		cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
-+		if (cryptodev_asymfeat & CRF_MOD_EXP) {
-+			cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
-+			if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
-+				cryptodev_rsa.rsa_mod_exp =
-+				    cryptodev_rsa_mod_exp;
-+			else
-+				cryptodev_rsa.rsa_mod_exp =
-+				    cryptodev_rsa_nocrt_mod_exp;
-+		}
-+	}
- 
--    if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
--        const DSA_METHOD *meth = DSA_OpenSSL();
-+	if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
-+		const DSA_METHOD *meth = DSA_OpenSSL();
- 
--        memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
--        if (cryptodev_asymfeat & CRF_DSA_SIGN)
--            cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
--        if (cryptodev_asymfeat & CRF_MOD_EXP) {
--            cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
--            cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
--        }
--        if (cryptodev_asymfeat & CRF_DSA_VERIFY)
--            cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
--    }
-+		memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
-+		if (cryptodev_asymfeat & CRF_DSA_SIGN)
-+			cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
-+		if (cryptodev_asymfeat & CRF_MOD_EXP) {
-+			cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
-+			cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
-+		}
-+		if (cryptodev_asymfeat & CRF_DSA_VERIFY)
-+			cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
-+	}
- 
--    if (ENGINE_set_DH(engine, &cryptodev_dh)) {
--        const DH_METHOD *dh_meth = DH_OpenSSL();
-+	if (ENGINE_set_DH(engine, &cryptodev_dh)){
-+		const DH_METHOD *dh_meth = DH_OpenSSL();
- 
--        cryptodev_dh.generate_key = dh_meth->generate_key;
--        cryptodev_dh.compute_key = dh_meth->compute_key;
--        cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
--        if (cryptodev_asymfeat & CRF_MOD_EXP) {
--            cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
--            if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
--                cryptodev_dh.compute_key = cryptodev_dh_compute_key;
--        }
--    }
-+		cryptodev_dh.generate_key = dh_meth->generate_key;
-+		cryptodev_dh.compute_key = dh_meth->compute_key;
-+		cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
-+		if (cryptodev_asymfeat & CRF_MOD_EXP) {
-+			cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
-+			if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
-+				cryptodev_dh.compute_key =
-+				    cryptodev_dh_compute_key;
-+		}
-+	}
- 
--    ENGINE_add(engine);
--    ENGINE_free(engine);
--    ERR_clear_error();
-+	ENGINE_add(engine);
-+	ENGINE_free(engine);
-+	ERR_clear_error();
- }
- 
--#endif                          /* HAVE_CRYPTODEV */
-+#endif /* HAVE_CRYPTODEV */