This is http://people.freebsd.org/~pjd/patches/hw_cryptodev.c.patch adopted for
openssl-0.9.8l. It makes AES192 and AES256 CBC known to the cryptodev engine.

There's also http://people.freebsd.org/~pjd/patches/eng_cryptodev.c.patch,
which seems more current, also adds SHA digests and does somehting CTX-related
to cryptodev_rsa_nocrt_mod_exp(). But since digests are disabled in
cryptodev_usable_digests() anyway and cryptodev_rsa_nocrt_mod_exp() is used for
RSA only, I didn't bother with it.

--- openssl-0.9.8l/crypto/engine/eng_cryptodev.caes256	2004-06-15 13:45:42.000000000 +0200
+++ openssl-0.9.8l/crypto/engine/eng_cryptodev.c	2010-02-16 21:57:15.000000000 +0100
@@ -133,11 +133,14 @@
 	{ CRYPTO_DES_CBC,		NID_des_cbc,		8,	 8, },
 	{ CRYPTO_3DES_CBC,		NID_des_ede3_cbc,	8,	24, },
 	{ CRYPTO_AES_CBC,		NID_aes_128_cbc,	16,	16, },
+	{ CRYPTO_AES_CBC,		NID_aes_192_cbc,	16,	24, },
+	{ CRYPTO_AES_CBC,		NID_aes_256_cbc,	16,	32, },
 	{ CRYPTO_BLF_CBC,		NID_bf_cbc,		8,	16, },
 	{ CRYPTO_CAST_CBC,		NID_cast5_cbc,		8,	16, },
 	{ CRYPTO_SKIPJACK_CBC,		NID_undef,		0,	 0, },
 	{ 0,				NID_undef,		0,	 0, },
 };
+#define	NCIPHERS	(sizeof(ciphers) / sizeof(ciphers[0]))
 
 static struct {
 	int	id;
@@ -229,8 +232,8 @@
 	int i;
 
 	for (i = 0; ciphers[i].id; i++)
-		if (ciphers[i].id == cipher)
-			return (ciphers[i].keylen == len);
+		if (ciphers[i].id == cipher && ciphers[i].keylen == len)
+			return (1);
 	return (0);
 }
 
@@ -255,7 +258,7 @@
 static int
 get_cryptodev_ciphers(const int **cnids)
 {
-	static int nids[CRYPTO_ALGORITHM_MAX];
+	static int nids[NCIPHERS];
 	struct session_op sess;
 	int fd, i, count = 0;
 
@@ -266,7 +269,7 @@
 	memset(&sess, 0, sizeof(sess));
 	sess.key = (caddr_t)"123456781234567812345678";
 
-	for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+	for (i = 0; ciphers[i].id && count < NCIPHERS; i++) {
 		if (ciphers[i].nid == NID_undef)
 			continue;
 		sess.cipher = ciphers[i].id;
@@ -550,7 +553,7 @@
 	NULL
 };
 
-const EVP_CIPHER cryptodev_aes_cbc = {
+const EVP_CIPHER cryptodev_aes128_cbc = {
 	NID_aes_128_cbc,
 	16, 16, 16,
 	EVP_CIPH_CBC_MODE,
@@ -563,6 +566,32 @@
 	NULL
 };
 
+const EVP_CIPHER cryptodev_aes192_cbc = {
+	NID_aes_192_cbc,
+	16, 24, 16,
+	EVP_CIPH_CBC_MODE,
+	cryptodev_init_key,
+	cryptodev_cipher,
+	cryptodev_cleanup,
+	sizeof(struct dev_crypto_state),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	NULL
+};
+
+const EVP_CIPHER cryptodev_aes256_cbc = {
+	NID_aes_256_cbc,
+	16, 32, 16,
+	EVP_CIPH_CBC_MODE,
+	cryptodev_init_key,
+	cryptodev_cipher,
+	cryptodev_cleanup,
+	sizeof(struct dev_crypto_state),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	NULL
+};
+
 /*
  * Registered by the ENGINE when used to find out how to deal with
  * a particular NID in the ENGINE. this says what we'll do at the
@@ -589,7 +618,13 @@
 		*cipher = &cryptodev_cast_cbc;
 		break;
 	case NID_aes_128_cbc:
-		*cipher = &cryptodev_aes_cbc;
+		*cipher = &cryptodev_aes128_cbc;
+		break;
+	case NID_aes_192_cbc:
+		*cipher = &cryptodev_aes192_cbc;
+		break;
+	case NID_aes_256_cbc:
+		*cipher = &cryptodev_aes256_cbc;
 		break;
 	default:
 		*cipher = NULL;