diff --git a/meta-digi-dey/recipes-connectivity/openssl/openssl/0001-e_devcrypto-add-func-ptr-for-init-do-ctrl.patch b/meta-digi-dey/recipes-connectivity/openssl/openssl/0001-e_devcrypto-add-func-ptr-for-init-do-ctrl.patch
index e016fb5ce..5720886d0 100644
--- a/meta-digi-dey/recipes-connectivity/openssl/openssl/0001-e_devcrypto-add-func-ptr-for-init-do-ctrl.patch
+++ b/meta-digi-dey/recipes-connectivity/openssl/openssl/0001-e_devcrypto-add-func-ptr-for-init-do-ctrl.patch
@@ -1,7 +1,6 @@
-From d6c1bf7031cbd96c1d0dec589f318ad942107d23 Mon Sep 17 00:00:00 2001
 From: Pankaj Gupta <pankaj.gupta@nxp.com>
 Date: Tue, 18 Jan 2022 17:37:37 +0530
-Subject: [PATCH 1/2] e_devcrypto: add func ptr for init, do, ctrl
+Subject: [PATCH] e_devcrypto: add func ptr for init, do, ctrl
 
 In engine "devcrypto", as part prepare_cipher_methods()
 - Added function pointer for init, do, ctrl and
@@ -12,27 +11,26 @@ In engine "devcrypto", as part prepare_cipher_methods()
 Upstream-Status: Pending [i.MX, Layerscape specific]
 Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
 ---
- engines/e_devcrypto.c | 34 ++++++++++++++++++++++++----------
- 1 file changed, 24 insertions(+), 10 deletions(-)
+ engines/e_devcrypto.c | 31 ++++++++++++++++++++++++-------
+ 1 file changed, 24 insertions(+), 7 deletions(-)
 
 diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c
-index fa01317db5..eb56baec19 100644
+index f66c7f1c1cf4..a46196b9f4aa 100644
 --- a/engines/e_devcrypto.c
 +++ b/engines/e_devcrypto.c
-@@ -408,7 +408,11 @@ static int known_cipher_nids_amount = -1; /* -1 indicates not yet initialised */
- static EVP_CIPHER *known_cipher_methods[OSSL_NELEM(cipher_data)] = { NULL, };
+@@ -403,6 +403,11 @@ static EVP_CIPHER *known_cipher_methods[OSSL_NELEM(cipher_data)] = {
+ };
  static int selected_ciphers[OSSL_NELEM(cipher_data)];
  static struct driver_info_st cipher_driver_info[OSSL_NELEM(cipher_data)];
--
 +int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 +                const unsigned char *iv, int enc);
 +int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,
 +                const unsigned char *in, size_t inl);
 +int (*ctrl)(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
-
+ 
  static int devcrypto_test_cipher(size_t cipher_data_index)
  {
-@@ -427,6 +431,7 @@ static void prepare_cipher_methods(void)
+@@ -421,6 +426,7 @@ static void prepare_cipher_methods(void)
      size_t i;
      session_op_t sess;
      unsigned long cipher_mode;
@@ -40,15 +38,15 @@ index fa01317db5..eb56baec19 100644
  #ifdef CIOCGSESSION2
      struct crypt_find_op fop;
      enum devcrypto_accelerated_t accelerated;
-@@ -438,16 +443,26 @@ static void prepare_cipher_methods(void)
-
+@@ -432,16 +438,26 @@ static void prepare_cipher_methods(void)
+ 
      memset(&sess, 0, sizeof(sess));
      sess.key = (void *)"01234567890123456789012345678901234567890123456789";
 +    sess.mackey = (void *)"123456789ABCDEFGHIJKLMNO";
-
+ 
      for (i = 0, known_cipher_nids_amount = 0;
-          i < OSSL_NELEM(cipher_data); i++) {
-
+         i < OSSL_NELEM(cipher_data); i++) {
+ 
          selected_ciphers[i] = 1;
 +
 +        init  = cipher_init;
@@ -67,38 +65,33 @@ index fa01317db5..eb56baec19 100644
  #ifdef CIOCGSESSION2
          /*
           * When using CIOCGSESSION2, first try to allocate a hardware
-@@ -474,6 +489,10 @@ static void prepare_cipher_methods(void)
-
+@@ -468,6 +484,10 @@ static void prepare_cipher_methods(void)
+ 
          cipher_mode = cipher_data[i].flags & EVP_CIPH_MODE;
-
+ 
 +        do_cipher = (cipher_mode == EVP_CIPH_CTR_MODE ?
 +                                              ctr_do_cipher :
 +                                              cipher_do_cipher);
 +
-         if ((known_cipher_methods[i] =
-                  EVP_CIPHER_meth_new(cipher_data[i].nid,
-                                      cipher_mode == EVP_CIPH_CTR_MODE ? 1 :
-@@ -482,16 +501,11 @@ static void prepare_cipher_methods(void)
+         if ((known_cipher_methods[i] = EVP_CIPHER_meth_new(cipher_data[i].nid,
+                  cipher_mode == EVP_CIPH_CTR_MODE ? 1 : cipher_data[i].blocksize,
+                  cipher_data[i].keylen))
+@@ -475,14 +495,11 @@ static void prepare_cipher_methods(void)
              || !EVP_CIPHER_meth_set_iv_length(known_cipher_methods[i],
-                                               cipher_data[i].ivlen)
+                 cipher_data[i].ivlen)
              || !EVP_CIPHER_meth_set_flags(known_cipher_methods[i],
--                                          cipher_data[i].flags
--                                          | EVP_CIPH_CUSTOM_COPY
--                                          | EVP_CIPH_CTRL_INIT
--                                          | EVP_CIPH_FLAG_DEFAULT_ASN1)
+-                cipher_data[i].flags
+-                    | EVP_CIPH_CUSTOM_COPY
+-                    | EVP_CIPH_CTRL_INIT
+-                    | EVP_CIPH_FLAG_DEFAULT_ASN1)
 -            || !EVP_CIPHER_meth_set_init(known_cipher_methods[i], cipher_init)
 +                                          flags)
 +            || !EVP_CIPHER_meth_set_init(known_cipher_methods[i], init)
              || !EVP_CIPHER_meth_set_do_cipher(known_cipher_methods[i],
--                                     cipher_mode == EVP_CIPH_CTR_MODE ?
--                                              ctr_do_cipher :
--                                              cipher_do_cipher)
+-                cipher_mode == EVP_CIPH_CTR_MODE ? ctr_do_cipher : cipher_do_cipher)
 -            || !EVP_CIPHER_meth_set_ctrl(known_cipher_methods[i], cipher_ctrl)
 +                                              do_cipher)
 +            || !EVP_CIPHER_meth_set_ctrl(known_cipher_methods[i], ctrl)
              || !EVP_CIPHER_meth_set_cleanup(known_cipher_methods[i],
-                                             cipher_cleanup)
+                 cipher_cleanup)
              || !EVP_CIPHER_meth_set_impl_ctx_size(known_cipher_methods[i],
---
-2.17.1
-
diff --git a/meta-digi-dey/recipes-connectivity/openssl/openssl/0002-e_devcrypto-add-support-for-TLS1.2-algorithms-offloa.patch b/meta-digi-dey/recipes-connectivity/openssl/openssl/0002-e_devcrypto-add-support-for-TLS1.2-algorithms-offloa.patch
index 01ffbd5ea..0f579790b 100644
--- a/meta-digi-dey/recipes-connectivity/openssl/openssl/0002-e_devcrypto-add-support-for-TLS1.2-algorithms-offloa.patch
+++ b/meta-digi-dey/recipes-connectivity/openssl/openssl/0002-e_devcrypto-add-support-for-TLS1.2-algorithms-offloa.patch
@@ -1,4 +1,3 @@
-From f674b2f81a18af2146291eda1bbf60d6f71b2935 Mon Sep 17 00:00:00 2001
 From: Pankaj Gupta <pankaj.gupta@nxp.com>
 Date: Tue, 18 Jan 2022 17:38:11 +0530
 Subject: [PATCH] e_devcrypto: add support for TLS1.2 algorithms offload
@@ -17,13 +16,12 @@ Fix: Remove the support for TLS1.0.
 
 Upstream-Status: Pending [i.MX, Layerscape specific]
 Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
-
 ---
  engines/e_devcrypto.c | 273 ++++++++++++++++++++++++++++++++++++++----
  1 file changed, 249 insertions(+), 24 deletions(-)
 
 diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c
-index 02f3abc..8529bac 100644
+index a46196b9f4aa..1d21dffabfbf 100644
 --- a/engines/e_devcrypto.c
 +++ b/engines/e_devcrypto.c
 @@ -28,6 +28,7 @@
@@ -33,11 +31,11 @@ index 02f3abc..8529bac 100644
 +#define TLS1_1_VERSION  0x0302
  
  #if CRYPTO_ALGORITHM_MIN < CRYPTO_ALGORITHM_MAX
- # define CHECK_BSD_STYLE_MACROS
-@@ -107,10 +108,14 @@ struct cipher_ctx {
+ #define CHECK_BSD_STYLE_MACROS
+@@ -108,10 +109,14 @@ struct cipher_ctx {
      session_op_t sess;
-     int op;                      /* COP_ENCRYPT or COP_DECRYPT */
-     unsigned long mode;          /* EVP_CIPH_*_MODE */
+     int op; /* COP_ENCRYPT or COP_DECRYPT */
+     unsigned long mode; /* EVP_CIPH_*_MODE */
 +    unsigned char *aad;
 +    unsigned int aad_len;
 +    unsigned int len;
@@ -49,7 +47,7 @@ index 02f3abc..8529bac 100644
  };
  
  static const struct cipher_data_st {
-@@ -120,49 +125,66 @@ static const struct cipher_data_st {
+@@ -121,49 +126,66 @@ static const struct cipher_data_st {
      int ivlen;
      int flags;
      int devcryptoid;
@@ -99,7 +97,7 @@ index 02f3abc..8529bac 100644
 +    { NID_aes_192_ctr, 16, 192 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR, 0 },
 +    { NID_aes_256_ctr, 16, 256 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR, 0 },
  #endif
- #if 0                            /* Not yet supported */
+ #if 0 /* Not yet supported */
 -    { NID_aes_128_xts, 16, 128 / 8 * 2, 16, EVP_CIPH_XTS_MODE, CRYPTO_AES_XTS },
 -    { NID_aes_256_xts, 16, 256 / 8 * 2, 16, EVP_CIPH_XTS_MODE, CRYPTO_AES_XTS },
 +    { NID_aes_128_xts, 16, 128 / 8 * 2, 16, EVP_CIPH_XTS_MODE, CRYPTO_AES_XTS, 0 },
@@ -113,7 +111,7 @@ index 02f3abc..8529bac 100644
 +    { NID_aes_192_ecb, 16, 192 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB, 0 },
 +    { NID_aes_256_ecb, 16, 256 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB, 0 },
  #endif
- #if 0                            /* Not yet supported */
+ #if 0 /* Not yet supported */
 -    { NID_aes_128_gcm, 16, 128 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM },
 -    { NID_aes_192_gcm, 16, 192 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM },
 -    { NID_aes_256_gcm, 16, 256 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM },
@@ -127,18 +125,18 @@ index 02f3abc..8529bac 100644
  #endif
  #ifndef OPENSSL_NO_CAMELLIA
      { NID_camellia_128_cbc, 16, 128 / 8, 16, EVP_CIPH_CBC_MODE,
--      CRYPTO_CAMELLIA_CBC },
-+      CRYPTO_CAMELLIA_CBC, 0 },
+-        CRYPTO_CAMELLIA_CBC },
++        CRYPTO_CAMELLIA_CBC, 0 },
      { NID_camellia_192_cbc, 16, 192 / 8, 16, EVP_CIPH_CBC_MODE,
--      CRYPTO_CAMELLIA_CBC },
-+      CRYPTO_CAMELLIA_CBC, 0 },
+-        CRYPTO_CAMELLIA_CBC },
++        CRYPTO_CAMELLIA_CBC, 0 },
      { NID_camellia_256_cbc, 16, 256 / 8, 16, EVP_CIPH_CBC_MODE,
--      CRYPTO_CAMELLIA_CBC },
-+      CRYPTO_CAMELLIA_CBC, 0 },
+-        CRYPTO_CAMELLIA_CBC },
++        CRYPTO_CAMELLIA_CBC, 0 },
  #endif
  };
  
-@@ -197,6 +219,193 @@ static const struct cipher_data_st *get_cipher_data(int nid)
+@@ -198,6 +220,193 @@ static const struct cipher_data_st *get_cipher_data(int nid)
      return &cipher_data[get_cipher_data_index(nid)];
  }
  
@@ -332,7 +330,7 @@ index 02f3abc..8529bac 100644
  /*
   * Following are the three necessary functions to map OpenSSL functionality
   * with cryptodev.
-@@ -463,6 +672,7 @@ static void prepare_cipher_methods(void)
+@@ -457,6 +666,7 @@ static void prepare_cipher_methods(void)
           */
          sess.cipher = cipher_data[i].devcryptoid;
          sess.keylen = cipher_data[i].keylen;
@@ -340,7 +338,7 @@ index 02f3abc..8529bac 100644
  
  #ifdef CIOCGSESSION2
          /*
-@@ -494,6 +704,15 @@ static void prepare_cipher_methods(void)
+@@ -488,6 +698,15 @@ static void prepare_cipher_methods(void)
                                                ctr_do_cipher :
                                                cipher_do_cipher);
  
@@ -353,10 +351,10 @@ index 02f3abc..8529bac 100644
 +                ctrl = cryptodev_cbc_hmac_sha1_ctrl;
 +                flags = cipher_data[i].flags;
 +        }
-         if ((known_cipher_methods[i] =
-                  EVP_CIPHER_meth_new(cipher_data[i].nid,
-                                      cipher_mode == EVP_CIPH_CTR_MODE ? 1 :
-@@ -538,11 +757,17 @@ static void prepare_cipher_methods(void)
+         if ((known_cipher_methods[i] = EVP_CIPHER_meth_new(cipher_data[i].nid,
+                  cipher_mode == EVP_CIPH_CTR_MODE ? 1 : cipher_data[i].blocksize,
+                  cipher_data[i].keylen))
+@@ -529,10 +748,16 @@ static void prepare_cipher_methods(void)
              }
  #endif /* CIOCGSESSINFO */
          }
@@ -370,8 +368,7 @@ index 02f3abc..8529bac 100644
          ioctl(cfd, CIOCFSESSION, &sess.ses);
 -        if (devcrypto_test_cipher(i)) {
 +        if (devcrypto_test_cipher(i))
-             known_cipher_nids[known_cipher_nids_amount++] =
-                 cipher_data[i].nid;
+             known_cipher_nids[known_cipher_nids_amount++] = cipher_data[i].nid;
 -        }
      }
  }
diff --git a/meta-digi-dey/recipes-connectivity/openssl/openssl/0003-Set-algorithm-id-before-generating-the-EC-key.patch b/meta-digi-dey/recipes-connectivity/openssl/openssl/0003-Set-algorithm-id-before-generating-the-EC-key.patch
index 69cdce7d0..b1bd5bd70 100644
--- a/meta-digi-dey/recipes-connectivity/openssl/openssl/0003-Set-algorithm-id-before-generating-the-EC-key.patch
+++ b/meta-digi-dey/recipes-connectivity/openssl/openssl/0003-Set-algorithm-id-before-generating-the-EC-key.patch
@@ -1,20 +1,18 @@
-From 27e4bd35a42287248bd5253836c265dd555b1ee2 Mon Sep 17 00:00:00 2001
 From: Ilie Halip <ilie.halip@nxp.com>
-Date: Wed, 10 Sep 2025 08:46:50 +0200
-Subject: [PATCH] [PATCH] Set "algorithm-id" before generating the EC key.
+Date: Wed, 12 Mar 2025 20:57:10 +0200
+Subject: [PATCH] Set "algorithm-id" before generating the EC key.
 
 Upstream-Status: Pending
-
 Signed-off-by: Ilie Halip <ilie.halip@nxp.com>
 ---
  ssl/s3_lib.c | 30 ++++++++++++++++++++++++++++++
  1 file changed, 30 insertions(+)
 
 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
-index d6ed169f39..68938bb8fb 100644
+index 0e1445b38fb7..62f7409cb2aa 100644
 --- a/ssl/s3_lib.c
 +++ b/ssl/s3_lib.c
-@@ -4742,6 +4742,30 @@ int ssl_generate_master_secret(SSL_CONNECTION *s, unsigned char *pms,
+@@ -5274,6 +5274,30 @@ err:
      return ret;
  }
  
@@ -45,17 +43,17 @@ index d6ed169f39..68938bb8fb 100644
  /* Generate a private key from parameters */
  EVP_PKEY *ssl_generate_pkey(SSL_CONNECTION *s, EVP_PKEY *pm)
  {
-@@ -4756,6 +4780,9 @@ EVP_PKEY *ssl_generate_pkey(SSL_CONNECTION *s, EVP_PKEY *pm)
+@@ -5288,6 +5312,9 @@ EVP_PKEY *ssl_generate_pkey(SSL_CONNECTION *s, EVP_PKEY *pm)
          goto err;
      if (EVP_PKEY_keygen_init(pctx) <= 0)
          goto err;
-+        
++
 +    ssl_generate_set_pkey_alg(s, pctx);
 +
      if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
          EVP_PKEY_free(pkey);
          pkey = NULL;
-@@ -4794,6 +4821,9 @@ EVP_PKEY *ssl_generate_pkey_group(SSL_CONNECTION *s, uint16_t id)
+@@ -5326,6 +5353,9 @@ EVP_PKEY *ssl_generate_pkey_group(SSL_CONNECTION *s, uint16_t id)
          SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
          goto err;
      }
@@ -65,6 +63,3 @@ index d6ed169f39..68938bb8fb 100644
      if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
          SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
          EVP_PKEY_free(pkey);
--- 
-2.43.0
-
diff --git a/meta-digi-dey/recipes-connectivity/openssl/openssl/0004-Amend-the-design-of-AlgorithmIdentifier-parameter-pa.patch b/meta-digi-dey/recipes-connectivity/openssl/openssl/0004-Amend-the-design-of-AlgorithmIdentifier-parameter-pa.patch
deleted file mode 100644
index 140e477c2..000000000
--- a/meta-digi-dey/recipes-connectivity/openssl/openssl/0004-Amend-the-design-of-AlgorithmIdentifier-parameter-pa.patch
+++ /dev/null
@@ -1,267 +0,0 @@
-From 284653acb6df4d68e276d4515a45ccd50ff54eab Mon Sep 17 00:00:00 2001
-From: Richard Levitte <levitte@openssl.org>
-Date: Thu, 25 Jul 2024 11:56:13 +0200
-Subject: [PATCH] Amend the design of AlgorithmIdentifier parameter passing
-
-I realised that any application that passes AlgorithmIdentifier parameters
-to and from a provider may also be interested in the full AlgorithmIdentifier
-of the implementation invocation.
-
-Likewise, any application that wants to get the full AlgorithmIdentifier
-from an implementation invocation may also want to pass AlgorithmIdentifier
-parameters to that same implementation invocation.
-
-These amendments should be useful to cover all intended uses of the legacy
-ctrls for PKCS7 and CMS:
-
-- EVP_PKEY_CTRL_PKCS7_ENCRYPT
-- EVP_PKEY_CTRL_PKCS7_DECRYPT
-- EVP_PKEY_CTRL_PKCS7_SIGN
-- EVP_PKEY_CTRL_CMS_ENCRYPT
-- EVP_PKEY_CTRL_CMS_DECRYPT
-- EVP_PKEY_CTRL_CMS_SIGN
-
-It should also cover a number of other cases that were previously implemented
-through EVP_PKEY_ASN1_METHOD, as well as all sorts of other cases where the
-application has had to assemble a X509_ALGOR on their own.
-
-Upstream-Status: Backport [https://github.com/openssl/openssl/commit/0941666728c44d701496004ebd5bf96ac7b715fb]
-Reviewed-by: Matt Caswell <matt@openssl.org>
-Reviewed-by: Neil Horman <nhorman@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/25000)
----
- .../passing-algorithmidentifier-parameters.md | 65 ++++++++++++-------
- doc/man3/EVP_EncryptInit.pod                  | 19 ++++--
- util/perl/OpenSSL/paramnames.pm               | 57 ++++++++++++----
- 3 files changed, 101 insertions(+), 40 deletions(-)
-
-diff --git a/doc/designs/passing-algorithmidentifier-parameters.md b/doc/designs/passing-algorithmidentifier-parameters.md
-index bb3821e337..f33862e45e 100644
---- a/doc/designs/passing-algorithmidentifier-parameters.md
-+++ b/doc/designs/passing-algorithmidentifier-parameters.md
-@@ -1,11 +1,13 @@
--Passing AlgorithmIdentifier parameters to operations
--====================================================
-+Handling AlgorithmIdentifier and its parameters with provider operations
-+========================================================================
- 
- Quick background
- ----------------
- 
- We currently only support passing the AlgorithmIdentifier (`X509_ALGOR`)
--parameter field to symmetric cipher provider implementations.
-+parameter field to symmetric cipher provider implementations.  We currently
-+only support getting full AlgorithmIdentifier (`X509_ALGOR`) from signature
-+provider implementations.
- 
- We do support passing them to legacy implementations of other types of
- operation algorithms as well, but it's done in a way that can't be supported
-@@ -15,18 +17,30 @@ libcrypto and the backend implementation.
- For a longer background and explanation, see
- [Background / tl;dr](#background-tldr) at the end of this design.
- 
--Establish an OSSL_PARAM key that any algorithms may become aware of
---------------------------------------------------------------------
-+Establish OSSL_PARAM keys that any algorithms may become aware of
-+-----------------------------------------------------------------
- 
--We already have a parameter key, but it's currently only specified for
--`EVP_CIPHER`, in support of `EVP_CIPHER_param_to_asn1()` and
--`EVP_CIPHER_asn1_to_param()`.
-+We already have known parameter keys:
- 
--"alg_id_param", also known as the macro `OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS`
-+- "algor_id_param", also known as the macro `OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS`.
- 
--This parameter can be used in the exact same manner with other operations,
--with the value of the AlgorithmIdentifier parameter as an octet string, to
--be interpreted by the implementations in whatever way they see fit.
-+  This is currently only specified for `EVP_CIPHER`, in support of
-+  `EVP_CIPHER_param_to_asn1()` and `EVP_CIPHER_asn1_to_param()`
-+
-+- "algorithm-id", also known as the macro `OSSL_SIGNATURE_PARAM_ALGORITHM_ID`.
-+
-+This design proposes:
-+
-+1. Adding a parameter key "algorithm-id-params", to replace "algor_id_param",
-+   and deprecate the latter.
-+2. Making both "algorithm-id" and "algorithm-id-params" generically available,
-+   rather than only tied to `EVP_SIGNATURE` ("algorithm-id") or `EVP_CIPHER`
-+   ("algor_id_param").
-+
-+This way, these parameters can be used in the exact same manner with other
-+operations, with the value of the AlgorithmIdentifier as well as its
-+parameters as octet strings, to be used and interpreted by applications and
-+provider implementations alike in whatever way they see fit.
- 
- Applications can choose to add these in an `OSSL_PARAM` array, to be passed
- with the multitude of initialization functions that take such an array, or
-@@ -34,7 +48,7 @@ using specific operation `OSSL_PARAM` setters and getters (such as
- `EVP_PKEY_CTX_set_params`), or using other available convenience functions
- (see below).
- 
--This parameter will have to be documented in the following files:
-+These parameter will have to be documented in the following files:
- 
- - `doc/man7/provider-asym_cipher.pod`
- - `doc/man7/provider-cipher.pod`
-@@ -67,20 +81,25 @@ such parameter data from them.
-  * These two would essentially be aliases for EVP_CIPHER_param_to_asn1()
-  * and EVP_CIPHER_asn1_to_param().
-  */
--EVP_CIPHER_CTX_set_algor_param(EVP_PKEY_CTX *ctx, X509_ALGOR *alg);
--EVP_CIPHER_CTX_get_algor_param(EVP_PKEY_CTX *ctx, X509_ALGOR *alg);
-+EVP_CIPHER_CTX_set_algor_params(EVP_CIPHER_CTX *ctx, const X509_ALGOR *alg);
-+EVP_CIPHER_CTX_get_algor_params(EVP_CIPHER_CTX *ctx, X509_ALGOR *alg);
-+EVP_CIPHER_CTX_get_algor(EVP_CIPHER_CTX *ctx, X509_ALGOR **alg);
- 
--EVP_MD_CTX_set_algor_param(EVP_PKEY_CTX *ctx, X509_ALGOR *alg);
--EVP_MD_CTX_get_algor_param(EVP_PKEY_CTX *ctx, X509_ALGOR *alg);
-+EVP_MD_CTX_set_algor_params(EVP_MD_CTX *ctx, const X509_ALGOR *alg);
-+EVP_MD_CTX_get_algor_params(EVP_MD_CTX *ctx, X509_ALGOR *alg);
-+EVP_MD_CTX_get_algor(EVP_MD_CTX *ctx, X509_ALGOR **alg);
- 
--EVP_MAC_CTX_set_algor_param(EVP_PKEY_CTX *ctx, X509_ALGOR *alg);
--EVP_MAC_CTX_get_algor_param(EVP_PKEY_CTX *ctx, X509_ALGOR *alg);
-+EVP_MAC_CTX_set_algor_params(EVP_MAC_CTX *ctx, const X509_ALGOR *alg);
-+EVP_MAC_CTX_get_algor_params(EVP_MAC_CTX *ctx, X509_ALGOR *alg);
-+EVP_MAC_CTX_get_algor(EVP_MAC_CTX *ctx, X509_ALGOR **alg);
- 
--EVP_KDF_CTX_set_algor_param(EVP_PKEY_CTX *ctx, X509_ALGOR *alg);
--EVP_KDF_CTX_get_algor_param(EVP_PKEY_CTX *ctx, X509_ALGOR *alg);
-+EVP_KDF_CTX_set_algor_params(EVP_KDF_CTX *ctx, const X509_ALGOR *alg);
-+EVP_KDF_CTX_get_algor_params(EVP_KDF_CTX *ctx, X509_ALGOR *alg);
-+EVP_KDF_CTX_get_algor(EVP_KDF_CTX *ctx, X509_ALGOR **alg);
- 
--EVP_PKEY_CTX_set_algor_param(EVP_PKEY_CTX *ctx, X509_ALGOR *alg);
--EVP_PKEY_CTX_get_algor_param(EVP_PKEY_CTX *ctx, X509_ALGOR *alg);
-+EVP_PKEY_CTX_set_algor_params(EVP_PKEY_CTX *ctx, const X509_ALGOR *alg);
-+EVP_PKEY_CTX_get_algor_params(EVP_PKEY_CTX *ctx, X509_ALGOR *alg);
-+EVP_PKEY_CTX_get_algor(EVP_PKEY_CTX *ctx, X509_ALGOR **alg);
- ```
- 
- Note that all might not need to be added immediately, depending on if they
-diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod
-index 45c3cb062c..648dc60853 100644
---- a/doc/man3/EVP_EncryptInit.pod
-+++ b/doc/man3/EVP_EncryptInit.pod
-@@ -770,12 +770,23 @@ The length of the "keybits" parameter should not exceed that of a B<size_t>.
- Gets or sets the number of rounds to be used for a cipher.
- This is used by the RC5 cipher.
- 
--=item "alg_id_param" (B<OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS>) <octet string>
-+=item "algorithm-id" (B<OSSL_CIPHER_PARAM_ALGORITHM_ID>) <octet string>
-+
-+Used to get the DER encoded AlgorithmIdentifier from the cipher
-+implementation.  Functions like L<EVP_PKEY_CTX_get_algor(3)> use this
-+parameter.
-+
-+=item "algorithm-id-params" (B<OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS>) <octet string>
- 
- Used to pass the DER encoded AlgorithmIdentifier parameter to or from
--the cipher implementation.  Functions like L<EVP_CIPHER_param_to_asn1(3)>
--and L<EVP_CIPHER_asn1_to_param(3)> use this parameter for any implementation
--that has the flag B<EVP_CIPH_FLAG_CUSTOM_ASN1> set.
-+the cipher implementation.
-+Functions like L<EVP_CIPHER_CTX_set_algor_params(3)> and
-+L<EVP_CIPHER_CTX_get_algor_params(3)> use this parameter.
-+
-+=item "alg_id_params" (B<OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS_OLD>) <octet string>
-+
-+An deprecated alias for "algorithm-id-params", only used by
-+L<EVP_CIPHER_param_to_asn1(3)> and L<EVP_CIPHER_asn1_to_param(3)>.
- 
- =item "cts_mode" (B<OSSL_CIPHER_PARAM_CTS_MODE>) <UTF8 string>
- 
-diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm
-index bfa75f760c..8c70a594b9 100644
---- a/util/perl/OpenSSL/paramnames.pm
-+++ b/util/perl/OpenSSL/paramnames.pm
-@@ -68,6 +68,16 @@ my %params = (
-     'ALG_PARAM_MAC' =>          "mac",          # utf8_string
-     'ALG_PARAM_PROPERTIES' =>   "properties",   # utf8_string
- 
-+    # For any operation that deals with AlgorithmIdentifier, they should
-+    # implement both of these.
-+    # ALG_PARAM_ALGORITHM_ID is intended to be gettable, and is the
-+    # implementation's idea of what its full AlgID should look like.
-+    # ALG_PARAM_ALGORITHM_ID_PARAMS is intended to be both settable
-+    # and gettable, to allow the calling application to pass or get
-+    # AlgID parameters to and from the provided implementation.
-+    'ALG_PARAM_ALGORITHM_ID' => "algorithm-id", # octet_string (DER)
-+    'ALG_PARAM_ALGORITHM_ID_PARAMS' =>  "algorithm-id-params", # octet_string
-+
- # cipher parameters
-     'CIPHER_PARAM_PADDING' =>              "padding",     # uint
-     'CIPHER_PARAM_USE_BITS' =>             "use-bits",    # uint
-@@ -100,8 +110,16 @@ my %params = (
-     'CIPHER_PARAM_RC2_KEYBITS' =>          "keybits",     # size_t
-     'CIPHER_PARAM_SPEED' =>                "speed",       # uint
-     'CIPHER_PARAM_CTS_MODE' =>             "cts_mode",    # utf8_string
--# For passing the AlgorithmIdentifier parameter in DER form
--    'CIPHER_PARAM_ALGORITHM_ID_PARAMS' =>  "alg_id_param",# octet_string
-+    'CIPHER_PARAM_DECRYPT_ONLY' =>         "decrypt-only",  # int, 0 or 1
-+    'CIPHER_PARAM_FIPS_ENCRYPT_CHECK' =>   "encrypt-check", # int
-+    'CIPHER_PARAM_FIPS_APPROVED_INDICATOR' => '*ALG_PARAM_FIPS_APPROVED_INDICATOR',
-+    'CIPHER_PARAM_ALGORITHM_ID' =>         '*ALG_PARAM_ALGORITHM_ID',
-+    # Historically, CIPHER_PARAM_ALGORITHM_ID_PARAMS_OLD was used.  For the
-+    # time being, the old libcrypto functions will use both, so old providers
-+    # continue to work.
-+    # New providers are encouraged to use CIPHER_PARAM_ALGORITHM_ID_PARAMS.
-+    'CIPHER_PARAM_ALGORITHM_ID_PARAMS' =>  '*ALG_PARAM_ALGORITHM_ID_PARAMS',
-+    'CIPHER_PARAM_ALGORITHM_ID_PARAMS_OLD' => "alg_id_param", # octet_string
-     'CIPHER_PARAM_XTS_STANDARD' =>         "xts_standard",# utf8_string
- 
-     'CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT' =>  "tls1multi_maxsndfrag",# uint
-@@ -250,6 +268,10 @@ my %params = (
-     # it for API stability, but please use ASYM_CIPHER_PARAM_IMPLICIT_REJECTION
-     # instead.
-     'PKEY_PARAM_IMPLICIT_REJECTION' =>  "implicit-rejection",
-+    'PKEY_PARAM_FIPS_DIGEST_CHECK' =>   "digest-check",
-+    'PKEY_PARAM_FIPS_KEY_CHECK' =>      "key-check",
-+    'PKEY_PARAM_ALGORITHM_ID' =>        '*ALG_PARAM_ALGORITHM_ID',
-+    'PKEY_PARAM_ALGORITHM_ID_PARAMS' => '*ALG_PARAM_ALGORITHM_ID_PARAMS',
- 
- # Diffie-Hellman/DSA Parameters
-     'PKEY_PARAM_FFC_P' =>               "p",
-@@ -378,17 +400,26 @@ my %params = (
-     'EXCHANGE_PARAM_KDF_UKM' =>               "kdf-ukm",
- 
- # Signature parameters
--    'SIGNATURE_PARAM_ALGORITHM_ID' =>       "algorithm-id",
--    'SIGNATURE_PARAM_PAD_MODE' =>           '*PKEY_PARAM_PAD_MODE',
--    'SIGNATURE_PARAM_DIGEST' =>             '*PKEY_PARAM_DIGEST',
--    'SIGNATURE_PARAM_PROPERTIES' =>         '*PKEY_PARAM_PROPERTIES',
--    'SIGNATURE_PARAM_PSS_SALTLEN' =>        "saltlen",
--    'SIGNATURE_PARAM_MGF1_DIGEST' =>        '*PKEY_PARAM_MGF1_DIGEST',
--    'SIGNATURE_PARAM_MGF1_PROPERTIES' =>    '*PKEY_PARAM_MGF1_PROPERTIES',
--    'SIGNATURE_PARAM_DIGEST_SIZE' =>        '*PKEY_PARAM_DIGEST_SIZE',
--    'SIGNATURE_PARAM_NONCE_TYPE' =>         "nonce-type",
--    'SIGNATURE_PARAM_INSTANCE' =>           "instance",
--    'SIGNATURE_PARAM_CONTEXT_STRING' =>     "context-string",
-+    'SIGNATURE_PARAM_ALGORITHM_ID' =>         '*PKEY_PARAM_ALGORITHM_ID',
-+    'SIGNATURE_PARAM_ALGORITHM_ID_PARAMS' =>  '*PKEY_PARAM_ALGORITHM_ID_PARAMS',
-+    'SIGNATURE_PARAM_PAD_MODE' =>             '*PKEY_PARAM_PAD_MODE',
-+    'SIGNATURE_PARAM_DIGEST' =>               '*PKEY_PARAM_DIGEST',
-+    'SIGNATURE_PARAM_PROPERTIES' =>           '*PKEY_PARAM_PROPERTIES',
-+    'SIGNATURE_PARAM_PSS_SALTLEN' =>          "saltlen",
-+    'SIGNATURE_PARAM_MGF1_DIGEST' =>          '*PKEY_PARAM_MGF1_DIGEST',
-+    'SIGNATURE_PARAM_MGF1_PROPERTIES' =>      '*PKEY_PARAM_MGF1_PROPERTIES',
-+    'SIGNATURE_PARAM_DIGEST_SIZE' =>          '*PKEY_PARAM_DIGEST_SIZE',
-+    'SIGNATURE_PARAM_NONCE_TYPE' =>           "nonce-type",
-+    'SIGNATURE_PARAM_INSTANCE' =>             "instance",
-+    'SIGNATURE_PARAM_CONTEXT_STRING' =>       "context-string",
-+    'SIGNATURE_PARAM_FIPS_DIGEST_CHECK' =>    '*PKEY_PARAM_FIPS_DIGEST_CHECK',
-+    'SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE' =>  'verify-message',
-+    'SIGNATURE_PARAM_FIPS_KEY_CHECK' =>       '*PKEY_PARAM_FIPS_KEY_CHECK',
-+    'SIGNATURE_PARAM_FIPS_SIGN_CHECK' =>      '*PKEY_PARAM_FIPS_SIGN_CHECK',
-+    'SIGNATURE_PARAM_FIPS_RSA_PSS_SALTLEN_CHECK' => "rsa-pss-saltlen-check",
-+    'SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK' => "sign-x931-pad-check",
-+    'SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR' => '*ALG_PARAM_FIPS_APPROVED_INDICATOR',
-+    'SIGNATURE_PARAM_SIGNATURE' =>          "signature",
- 
- # Asym cipher parameters
-     'ASYM_CIPHER_PARAM_DIGEST' =>                   '*PKEY_PARAM_DIGEST',
--- 
-2.43.0
-
diff --git a/meta-digi-dey/recipes-connectivity/openssl/openssl/openssl-3.0-add-Kernel-TLS-configuration.patch b/meta-digi-dey/recipes-connectivity/openssl/openssl/openssl-3.0-add-Kernel-TLS-configuration.patch
index 8983db913..decdda2cb 100644
--- a/meta-digi-dey/recipes-connectivity/openssl/openssl/openssl-3.0-add-Kernel-TLS-configuration.patch
+++ b/meta-digi-dey/recipes-connectivity/openssl/openssl/openssl-3.0-add-Kernel-TLS-configuration.patch
@@ -1,4 +1,3 @@
-From 24254454e5f5fc503b5e4cc1fa8c6d9b1a3ae9ba Mon Sep 17 00:00:00 2001
 From: Gaurav Jain <gaurav.jain@nxp.com>
 Date: Wed, 19 Jan 2022 15:45:29 +0530
 Subject: [PATCH] openssl 3.0: add Kernel TLS configuration
@@ -10,7 +9,7 @@ Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
  1 file changed, 9 insertions(+)
 
 diff --git a/apps/openssl.cnf b/apps/openssl.cnf
-index 03330e0120..ec18df388e 100644
+index abace0ea7f1c..f4d5ec19de27 100644
 --- a/apps/openssl.cnf
 +++ b/apps/openssl.cnf
 @@ -30,6 +30,15 @@ oid_section = new_oids
@@ -29,6 +28,3 @@ index 03330e0120..ec18df388e 100644
  [ new_oids ]
  # We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
  # Add a simple OID like this:
--- 
-2.25.1
-
diff --git a/meta-digi-dey/recipes-connectivity/openssl/openssl_%.bbappend b/meta-digi-dey/recipes-connectivity/openssl/openssl_3.5.%.bbappend
similarity index 78%
rename from meta-digi-dey/recipes-connectivity/openssl/openssl_%.bbappend
rename to meta-digi-dey/recipes-connectivity/openssl/openssl_3.5.%.bbappend
index 7beba0439..23474a0a8 100644
--- a/meta-digi-dey/recipes-connectivity/openssl/openssl_%.bbappend
+++ b/meta-digi-dey/recipes-connectivity/openssl/openssl_3.5.%.bbappend
@@ -1,4 +1,4 @@
-# Copyright (C) 2022,2026 Digi International Inc.
+# Copyright (C) 2022-2026 Digi International Inc.
 
 FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
 
@@ -6,7 +6,7 @@ SRC_URI += "file://openssl-3.0-add-Kernel-TLS-configuration.patch \
             file://0001-e_devcrypto-add-func-ptr-for-init-do-ctrl.patch \
             file://0002-e_devcrypto-add-support-for-TLS1.2-algorithms-offloa.patch \
             file://0003-Set-algorithm-id-before-generating-the-EC-key.patch \
-            file://0004-Amend-the-design-of-AlgorithmIdentifier-parameter-pa.patch"
+           "
 
 PACKAGECONFIG:append:imx-nxp-bsp = " cryptodev-linux"