#
# Automatically generated file; DO NOT EDIT.
-# Linux/arm 3.14.30 Kernel Configuration
+# Linux/arm 3.14.37 Kernel Configuration
#
CONFIG_ARM=y
CONFIG_SYS_SUPPORTS_APM_EMULATION=y
#
# Memory Debugging
#
-# CONFIG_DEBUG_PAGEALLOC is not set
# CONFIG_DEBUG_OBJECTS is not set
# CONFIG_SLUB_DEBUG_ON is not set
# CONFIG_SLUB_STATS is not set
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
+CONFIG_GRKERNSEC_CHROOT_RENAME=y
# CONFIG_GRKERNSEC_CHROOT_CAPS is not set
CONFIG_GRKERNSEC_CHROOT_INITRD=y
#
# Automatically generated file; DO NOT EDIT.
-# Linux/arm 3.14.30 Kernel Configuration
+# Linux/arm 3.14.37 Kernel Configuration
#
CONFIG_ARM=y
CONFIG_MIGHT_HAVE_PCI=y
#
# Memory Debugging
#
-# CONFIG_DEBUG_PAGEALLOC is not set
# CONFIG_DEBUG_OBJECTS is not set
# CONFIG_SLUB_STATS is not set
CONFIG_HAVE_DEBUG_KMEMLEAK=y
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
+CONFIG_GRKERNSEC_CHROOT_RENAME=y
# CONFIG_GRKERNSEC_CHROOT_CAPS is not set
CONFIG_GRKERNSEC_CHROOT_INITRD=y
#
# Automatically generated file; DO NOT EDIT.
-# Linux/arm 3.14.30 Kernel Configuration
+# Linux/arm 3.14.37 Kernel Configuration
#
CONFIG_ARM=y
CONFIG_SYS_SUPPORTS_APM_EMULATION=y
#
# Memory Debugging
#
-# CONFIG_DEBUG_PAGEALLOC is not set
# CONFIG_DEBUG_OBJECTS is not set
# CONFIG_SLUB_DEBUG_ON is not set
# CONFIG_SLUB_STATS is not set
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
+CONFIG_GRKERNSEC_CHROOT_RENAME=y
# CONFIG_GRKERNSEC_CHROOT_CAPS is not set
CONFIG_GRKERNSEC_CHROOT_INITRD=y
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.14.30 Kernel Configuration
+# Linux/x86 3.14.37 Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
CONFIG_PREEMPT_NONE=y
# CONFIG_PREEMPT_VOLUNTARY is not set
# CONFIG_PREEMPT is not set
+CONFIG_X86_UP_APIC_MSI=y
CONFIG_X86_LOCAL_APIC=y
CONFIG_X86_IO_APIC=y
CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y
#
# Memory Debugging
#
-# CONFIG_DEBUG_PAGEALLOC is not set
# CONFIG_DEBUG_OBJECTS is not set
# CONFIG_SLUB_DEBUG_ON is not set
# CONFIG_SLUB_STATS is not set
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
+CONFIG_GRKERNSEC_CHROOT_RENAME=y
# CONFIG_GRKERNSEC_CHROOT_CAPS is not set
CONFIG_GRKERNSEC_CHROOT_INITRD=y
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.14.30 Kernel Configuration
+# Linux/x86 3.14.37 Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
CONFIG_PREEMPT_NONE=y
# CONFIG_PREEMPT_VOLUNTARY is not set
# CONFIG_PREEMPT is not set
+CONFIG_X86_UP_APIC_MSI=y
CONFIG_X86_LOCAL_APIC=y
CONFIG_X86_IO_APIC=y
CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y
#
# Memory Debugging
#
-# CONFIG_DEBUG_PAGEALLOC is not set
# CONFIG_DEBUG_OBJECTS is not set
# CONFIG_SLUB_DEBUG_ON is not set
# CONFIG_SLUB_STATS is not set
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
+CONFIG_GRKERNSEC_CHROOT_RENAME=y
# CONFIG_GRKERNSEC_CHROOT_CAPS is not set
CONFIG_GRKERNSEC_CHROOT_INITRD=y
#boot/dtb-KVER-ipfire-multi/imx6dl-sabresd.dtb
#boot/dtb-KVER-ipfire-multi/imx6dl-wandboard.dtb
#boot/dtb-KVER-ipfire-multi/imx6q-arm2.dtb
+#boot/dtb-KVER-ipfire-multi/imx6q-cm-fx6.dtb
#boot/dtb-KVER-ipfire-multi/imx6q-cubox-i.dtb
#boot/dtb-KVER-ipfire-multi/imx6q-gw51xx.dtb
#boot/dtb-KVER-ipfire-multi/imx6q-gw52xx.dtb
--- /dev/null
+../../../common/fireinfo
\ No newline at end of file
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo-Add-an-other-forbidden-string-Serial.patch
cd $(DIR_APP) && [ -x "configure" ] || sh ./autogen.sh
cd $(DIR_APP) && ./configure --prefix=/usr
include Config
-VER = 3.14.33
+VER = 3.14.37
-RPI_PATCHES = 3.14.33-grsec-ipfire1
-A7M_PATCHES = 3.14.33-grsec-ipfire1
-GRS_PATCHES = grsecurity-3.0-3.14.33-201502180832.patch.xz
+RPI_PATCHES = 3.14.37-grsec-ipfire1
+A7M_PATCHES = 3.14.37-grsec-ipfire1
+GRS_PATCHES = grsecurity-3.1-3.14.37-201503270048.patch.xz
THISAPP = linux-$(VER)
DL_FILE = linux-$(VER).tar.xz
CFLAGS =
CXXFLAGS =
-PAK_VER = 58
+PAK_VER = 59
DEPS = ""
VERSUFIX=ipfire$(KCFG)
arm7-multi-patches-$(A7M_PATCHES).patch.xz = $(URL_IPFIRE)/arm7-multi-patches-$(A7M_PATCHES).patch.xz
$(GRS_PATCHES) = $(URL_IPFIRE)/$(GRS_PATCHES)
-$(DL_FILE)_MD5 = c19feb0646fde7e96602ac313fb7e5d6
-rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = e423c8b3a408f23b9a26f8f0f4384c50
-arm7-multi-patches-$(A7M_PATCHES).patch.xz_MD5 = f147ce7c81889d2c5134304f3a6e60e3
-$(GRS_PATCHES)_MD5 = 119943451628ff5a62437637d60a585d
+$(DL_FILE)_MD5 = 43abcb454054c53fb07296e84119edc5
+rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = 375dc501711ff3ffeffdfc9848675d26
+arm7-multi-patches-$(A7M_PATCHES).patch.xz_MD5 = 8a0a0d6ef78d53b3095691499dac4b71
+$(GRS_PATCHES)_MD5 = d83ca635c83bbd5efc4372992ab58094
install : $(TARGET)
# Install switch api userspace header
cd $(DIR_APP) && install -v -m644 include/uapi/linux/switch.h /usr/include/linux/
- # Fix Lamobo-R1 SATA Power
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.14.x-lamobo-r1-fix-sata-pwr.patch
endif
ifeq "$(KCFG)" "-rpi"
include Config
-VER = 1.0.1k
+VER = 1.0.1m
THISAPP = openssl-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = d4f002bd22a56881340105028842ae1f
+$(DL_FILE)_MD5 = d143d1555d842a069cb7cc34ba745a06
install : $(TARGET)
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1-beta2-build.patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-cryptodev.patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-fix_parallel_build-1.patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-weak-ciphers.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-rpmbuild.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1m-weak-ciphers.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch
+ # Apply our CFLAGS
+ cd $(DIR_APP) && sed -i Configure \
+ -e "s/-O3 -fomit-frame-pointer/$(CFLAGS)/g"
+
cd $(DIR_APP) && find crypto/ -name Makefile -exec \
sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} \;
no-rc5 \
no-srp \
$(CONFIGURE_ARGS) \
- -DSSL_FORBID_ENULL \
- -DHAVE_CRYPTODEV \
- -DUSE_CRYPTODEV_DIGEST
+ -DSSL_FORBID_ENULL
cd $(DIR_APP) && make depend
cd $(DIR_APP) && make
include Config
-VER = 0.9.8ze
+VER = 0.9.8zf
THISAPP = openssl-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = edcca64ac2fbf2b03461936d5e42a262
+$(DL_FILE)_MD5 = c69a4a679233f7df189e1ad6659511ec
install : $(TARGET)
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-0.9.8u-cryptodev.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch
+ # Apply our CFLAGS
+ cd $(DIR_APP) && sed -i Configure \
+ -e "s/-O3 -fomit-frame-pointer/$(CFLAGS)/g"
+
cd $(DIR_APP) && sed -i -e 's/mcpu/march/' config
cd $(DIR_APP) && sed -i -e 's/-O3/-O2/' -e 's/-march=i486/-march=i586/' Configure
zlib-dynamic \
no-engines \
no-asm 386 \
- -DSSL_FORBID_ENULL \
- -DHAVE_CRYPTODEV \
- -DUSE_CRYPTODEV_DIGEST
+ -DSSL_FORBID_ENULL
cd $(DIR_APP) && make depend
cd $(DIR_APP) && make
ifeq "$(ROOT)" ""
TARGET = $(DIR_INFO)/$(THISAPP)
EXTRA_CONFIG = --prefix=/usr --bindir=/bin \
- --libexecdir=/usr/sbin --disable-nls FORCE_UNSAFE_CONFIGURE=1
+ --libexecdir=/usr/sbin --disable-nls
EXTRA_MAKE =
EXTRA_INSTALL =
else
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && ./configure $(EXTRA_CONFIG)
+ cd $(DIR_APP) && ./configure $(EXTRA_CONFIG) FORCE_UNSAFE_CONFIGURE=1
cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
cd $(DIR_APP) && make $(EXTRA_INSTALL) install
@rm -rf $(DIR_APP)
NAME="IPFire" # Software name
SNAME="ipfire" # Short name
VERSION="2.17" # Version number
-CORE="88" # Core Level (Filename)
-PAKFIRE_CORE="88" # Core Level (PAKFIRE)
+CORE="89" # Core Level (Filename)
+PAKFIRE_CORE="89" # Core Level (PAKFIRE)
GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
CONFIG_ROOT=/var/ipfire # Configuration rootdir
--- /dev/null
+From edacae4b2cdc41f1c0bfc93e041532ff6c49f60c Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Tue, 17 Mar 2015 22:19:17 +0100
+Subject: [PATCH] Add an other forbidden string: "Serial"
+
+---
+ src/fireinfo/system.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/fireinfo/system.py b/src/fireinfo/system.py
+index daf77b399d20..9d7872822b85 100644
+--- a/src/fireinfo/system.py
++++ b/src/fireinfo/system.py
+@@ -45,7 +45,7 @@ INVALID_ID_STRINGS = (
+ "EVAL",
+ "Not Applicable",
+ "None", "empty",
+- "System Serial Number",
++ "Serial", "System Serial Number",
+ "XXXXX",
+ "01010101-0101-0101-0101-010101010101",
+ "00020003-0004-0005-0006-000700080009",
+--
+2.1.0
+
+++ /dev/null
-From 7f558e6e8abee42cc966e2cb64be0de875797e07 Mon Sep 17 00:00:00 2001
-From: Arne Fitzenreiter <arne_f@ipfire.org>
-Date: Fri, 20 Feb 2015 10:01:26 +0100
-Subject: [PATCH] sun7i: dts: lamobo-r1: fix sata pwr regulator pin.
-
-Lamobo-R1 use PB3 instead of PB8 for controlling the SATA power regulator.
----
- arch/arm/boot/dts/sun7i-a20-lamobo-r1.dts | 18 ++++++++++++++++++
- 1 file changed, 18 insertions(+)
-
-diff --git a/arch/arm/boot/dts/sun7i-a20-lamobo-r1.dts b/arch/arm/boot/dts/sun7i-a20-lamobo-r1.dts
-index 1eb6c9b..d634d2f 100644
---- a/arch/arm/boot/dts/sun7i-a20-lamobo-r1.dts
-+++ b/arch/arm/boot/dts/sun7i-a20-lamobo-r1.dts
-@@ -166,6 +166,16 @@
- reg = <1>;
- };
- };
-+
-+ pio: pinctrl@01c20800 {
-+ ahci_pwr_pin_a: ahci_pwr_pin@0 {
-+ allwinner,pins = "PB3";
-+ allwinner,function = "gpio_out";
-+ allwinner,drive = <0>;
-+ allwinner,pull = <0>;
-+ };
-+ };
-+
- };
-
- leds {
-@@ -181,6 +191,14 @@
- };
-
- reg_ahci_5v: ahci-5v {
-+ compatible = "regulator-fixed";
-+ pinctrl-names = "default";
-+ pinctrl-0 = <&ahci_pwr_pin_a>;
-+ regulator-name = "ahci-5v";
-+ regulator-min-microvolt = <5000000>;
-+ regulator-max-microvolt = <5000000>;
-+ enable-active-high;
-+ gpio = <&pio 1 3 0>;
- status = "okay";
- };
-
---
-1.8.5.2
-
+++ /dev/null
-diff -Naur openssl-0.9.8u.org/crypto/engine/eng_all.c openssl-0.9.8u/crypto/engine/eng_all.c
---- openssl-0.9.8u.org/crypto/engine/eng_all.c 2010-03-01 01:30:11.000000000 +0100
-+++ openssl-0.9.8u/crypto/engine/eng_all.c 2012-03-27 14:07:11.000000000 +0200
-@@ -113,7 +113,6 @@
- #endif
- }
-
--#if defined(__OpenBSD__) || defined(__FreeBSD__)
- void ENGINE_setup_bsd_cryptodev(void) {
- static int bsd_cryptodev_default_loaded = 0;
- if (!bsd_cryptodev_default_loaded) {
-@@ -122,4 +121,3 @@
- }
- bsd_cryptodev_default_loaded=1;
- }
--#endif
-diff -Naur openssl-0.9.8u.org/crypto/engine/eng_cryptodev.c openssl-0.9.8u/crypto/engine/eng_cryptodev.c
---- openssl-0.9.8u.org/crypto/engine/eng_cryptodev.c 2012-03-06 14:22:32.000000000 +0100
-+++ openssl-0.9.8u/crypto/engine/eng_cryptodev.c 2012-03-27 14:02:59.000000000 +0200
-@@ -2,6 +2,7 @@
- * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
- * Copyright (c) 2002 Theo de Raadt
- * Copyright (c) 2002 Markus Friedl
-+ * Copyright (c) 2012 Nikos Mavrogiannopoulos
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
-@@ -30,10 +31,6 @@
- #include <openssl/engine.h>
- #include <openssl/evp.h>
- #include <openssl/bn.h>
--#include <openssl/dsa.h>
--#include <openssl/rsa.h>
--#include <openssl/dh.h>
--#include <openssl/err.h>
-
- #if (defined(__unix__) || defined(unix)) && !defined(USG) && \
- (defined(OpenBSD) || defined(__FreeBSD__))
-@@ -59,6 +56,10 @@
-
- #include <sys/types.h>
- #include <crypto/cryptodev.h>
-+#include <crypto/dh/dh.h>
-+#include <crypto/dsa/dsa.h>
-+#include <crypto/err/err.h>
-+#include <crypto/rsa/rsa.h>
- #include <sys/ioctl.h>
- #include <errno.h>
- #include <stdio.h>
-@@ -72,6 +73,12 @@
- struct dev_crypto_state {
- struct session_op d_sess;
- int d_fd;
-+
-+#ifdef USE_CRYPTODEV_DIGESTS
-+ unsigned char digest_res[HASH_MAX_LEN];
-+ char *mac_data;
-+ int mac_len;
-+#endif
- };
-
- static u_int32_t cryptodev_asymfeat = 0;
-@@ -79,15 +86,14 @@
- static int get_asym_dev_crypto(void);
- static int open_dev_crypto(void);
- static int get_dev_crypto(void);
--static int cryptodev_max_iv(int cipher);
--static int cryptodev_key_length_valid(int cipher, int len);
--static int cipher_nid_to_cryptodev(int nid);
- static int get_cryptodev_ciphers(const int **cnids);
--/*static int get_cryptodev_digests(const int **cnids);*/
-+#ifdef USE_CRYPTODEV_DIGESTS
-+static int get_cryptodev_digests(const int **cnids);
-+#endif
- static int cryptodev_usable_ciphers(const int **nids);
- static int cryptodev_usable_digests(const int **nids);
- static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-- const unsigned char *in, unsigned int inl);
-+ const unsigned char *in, size_t inl);
- static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc);
- static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
-@@ -121,7 +127,7 @@
- static int cryptodev_dh_compute_key(unsigned char *key,
- const BIGNUM *pub_key, DH *dh);
- static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
-- void (*f)());
-+ void (*f)(void));
- void ENGINE_load_cryptodev(void);
-
- static const ENGINE_CMD_DEFN cryptodev_defns[] = {
-@@ -134,27 +140,38 @@
- int ivmax;
- int keylen;
- } ciphers[] = {
-+ { CRYPTO_ARC4, NID_rc4, 0, 16, },
- { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, },
- { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, },
- { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, },
-+ { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, },
-+ { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, },
- { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, },
- { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, },
- { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, },
- { 0, NID_undef, 0, 0, },
- };
-
--#if 0
-+#ifdef USE_CRYPTODEV_DIGESTS
- static struct {
- int id;
- int nid;
-+ int digestlen;
- } digests[] = {
-- { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, },
-- { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, },
-- { CRYPTO_MD5_KPDK, NID_undef, },
-- { CRYPTO_SHA1_KPDK, NID_undef, },
-- { CRYPTO_MD5, NID_md5, },
-- { CRYPTO_SHA1, NID_undef, },
-- { 0, NID_undef, },
-+#if 0
-+ /* HMAC is not supported */
-+ { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16},
-+ { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20},
-+ { CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA256, 32},
-+ { CRYPTO_SHA2_384_HMAC, NID_hmacWithSHA384, 48},
-+ { CRYPTO_SHA2_512_HMAC, NID_hmacWithSHA512, 64},
-+#endif
-+ { CRYPTO_MD5, NID_md5, 16},
-+ { CRYPTO_SHA1, NID_sha1, 20},
-+ { CRYPTO_SHA2_256, NID_sha256, 32},
-+ { CRYPTO_SHA2_384, NID_sha384, 48},
-+ { CRYPTO_SHA2_512, NID_sha512, 64},
-+ { 0, NID_undef, 0},
- };
- #endif
-
-@@ -186,6 +203,7 @@
-
- if ((fd = open_dev_crypto()) == -1)
- return (-1);
-+#ifndef CRIOGET_NOT_NEEDED
- if (ioctl(fd, CRIOGET, &retfd) == -1)
- return (-1);
-
-@@ -194,9 +212,19 @@
- close(retfd);
- return (-1);
- }
-+#else
-+ retfd = fd;
-+#endif
- return (retfd);
- }
-
-+static void put_dev_crypto(int fd)
-+{
-+#ifndef CRIOGET_NOT_NEEDED
-+ close(fd);
-+#endif
-+}
-+
- /* Caching version for asym operations */
- static int
- get_asym_dev_crypto(void)
-@@ -209,50 +237,6 @@
- }
-
- /*
-- * XXXX this needs to be set for each alg - and determined from
-- * a running card.
-- */
--static int
--cryptodev_max_iv(int cipher)
--{
-- int i;
--
-- for (i = 0; ciphers[i].id; i++)
-- if (ciphers[i].id == cipher)
-- return (ciphers[i].ivmax);
-- return (0);
--}
--
--/*
-- * XXXX this needs to be set for each alg - and determined from
-- * a running card. For now, fake it out - but most of these
-- * for real devices should return 1 for the supported key
-- * sizes the device can handle.
-- */
--static int
--cryptodev_key_length_valid(int cipher, int len)
--{
-- int i;
--
-- for (i = 0; ciphers[i].id; i++)
-- if (ciphers[i].id == cipher)
-- return (ciphers[i].keylen == len);
-- return (0);
--}
--
--/* convert libcrypto nids to cryptodev */
--static int
--cipher_nid_to_cryptodev(int nid)
--{
-- int i;
--
-- for (i = 0; ciphers[i].id; i++)
-- if (ciphers[i].nid == nid)
-- return (ciphers[i].id);
-- return (0);
--}
--
--/*
- * Find out what ciphers /dev/crypto will let us have a session for.
- * XXX note, that some of these openssl doesn't deal with yet!
- * returning them here is harmless, as long as we return NULL
-@@ -264,13 +248,14 @@
- static int nids[CRYPTO_ALGORITHM_MAX];
- struct session_op sess;
- int fd, i, count = 0;
-+ unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
-
- if ((fd = get_dev_crypto()) < 0) {
- *cnids = NULL;
- return (0);
- }
- memset(&sess, 0, sizeof(sess));
-- sess.key = (caddr_t)"123456781234567812345678";
-+ sess.key = (void*)fake_key;
-
- for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
- if (ciphers[i].nid == NID_undef)
-@@ -282,7 +267,7 @@
- ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
- nids[count++] = ciphers[i].nid;
- }
-- close(fd);
-+ put_dev_crypto(fd);
-
- if (count > 0)
- *cnids = nids;
-@@ -291,7 +276,7 @@
- return (count);
- }
-
--#if 0 /* unused */
-+#ifdef USE_CRYPTODEV_DIGESTS
- /*
- * Find out what digests /dev/crypto will let us have a session for.
- * XXX note, that some of these openssl doesn't deal with yet!
-@@ -302,6 +287,7 @@
- get_cryptodev_digests(const int **cnids)
- {
- static int nids[CRYPTO_ALGORITHM_MAX];
-+ unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
- struct session_op sess;
- int fd, i, count = 0;
-
-@@ -310,16 +296,18 @@
- return (0);
- }
- memset(&sess, 0, sizeof(sess));
-+ sess.mackey = fake_key;
- for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
- if (digests[i].nid == NID_undef)
- continue;
- sess.mac = digests[i].id;
-+ sess.mackeylen = 8;
- sess.cipher = 0;
- if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
- ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
- nids[count++] = digests[i].nid;
- }
-- close(fd);
-+ put_dev_crypto(fd);
-
- if (count > 0)
- *cnids = nids;
-@@ -327,8 +315,7 @@
- *cnids = NULL;
- return (count);
- }
--
--#endif
-+#endif /* 0 */
-
- /*
- * Find the useable ciphers|digests from dev/crypto - this is the first
-@@ -360,6 +347,9 @@
- static int
- cryptodev_usable_digests(const int **nids)
- {
-+#ifdef USE_CRYPTODEV_DIGESTS
-+ return (get_cryptodev_digests(nids));
-+#else
- /*
- * XXXX just disable all digests for now, because it sucks.
- * we need a better way to decide this - i.e. I may not
-@@ -374,11 +364,12 @@
- */
- *nids = NULL;
- return (0);
-+#endif
- }
-
- static int
- cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-- const unsigned char *in, unsigned int inl)
-+ const unsigned char *in, size_t inl)
- {
- struct crypt_op cryp;
- struct dev_crypto_state *state = ctx->cipher_data;
-@@ -398,14 +389,14 @@
- cryp.ses = sess->ses;
- cryp.flags = 0;
- cryp.len = inl;
-- cryp.src = (caddr_t) in;
-- cryp.dst = (caddr_t) out;
-+ cryp.src = (void*) in;
-+ cryp.dst = (void*) out;
- cryp.mac = 0;
-
- cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-
- if (ctx->cipher->iv_len) {
-- cryp.iv = (caddr_t) ctx->iv;
-+ cryp.iv = (void*) ctx->iv;
- if (!ctx->encrypt) {
- iiv = in + inl - ctx->cipher->iv_len;
- memcpy(save_iv, iiv, ctx->cipher->iv_len);
-@@ -436,28 +427,32 @@
- {
- struct dev_crypto_state *state = ctx->cipher_data;
- struct session_op *sess = &state->d_sess;
-- int cipher;
-+ int cipher = -1, i;
-
-- if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef)
-- return (0);
--
-- if (ctx->cipher->iv_len > cryptodev_max_iv(cipher))
-- return (0);
-+ for (i = 0; ciphers[i].id; i++)
-+ if (ctx->cipher->nid == ciphers[i].nid &&
-+ ctx->cipher->iv_len <= ciphers[i].ivmax &&
-+ ctx->key_len == ciphers[i].keylen) {
-+ cipher = ciphers[i].id;
-+ break;
-+ }
-
-- if (!cryptodev_key_length_valid(cipher, ctx->key_len))
-+ if (!ciphers[i].id) {
-+ state->d_fd = -1;
- return (0);
-+ }
-
- memset(sess, 0, sizeof(struct session_op));
-
- if ((state->d_fd = get_dev_crypto()) < 0)
- return (0);
-
-- sess->key = (char *)key;
-+ sess->key = (void*)key;
- sess->keylen = ctx->key_len;
- sess->cipher = cipher;
-
- if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
-- close(state->d_fd);
-+ put_dev_crypto(state->d_fd);
- state->d_fd = -1;
- return (0);
- }
-@@ -494,7 +489,7 @@
- } else {
- ret = 1;
- }
-- close(state->d_fd);
-+ put_dev_crypto(state->d_fd);
- state->d_fd = -1;
-
- return (ret);
-@@ -505,6 +500,20 @@
- * gets called when libcrypto requests a cipher NID.
- */
-
-+/* RC4 */
-+const EVP_CIPHER cryptodev_rc4 = {
-+ NID_rc4,
-+ 1, 16, 0,
-+ EVP_CIPH_VARIABLE_LENGTH,
-+ cryptodev_init_key,
-+ cryptodev_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ NULL,
-+ NULL,
-+ NULL
-+};
-+
- /* DES CBC EVP */
- const EVP_CIPHER cryptodev_des_cbc = {
- NID_des_cbc,
-@@ -572,6 +581,32 @@
- NULL
- };
-
-+const EVP_CIPHER cryptodev_aes_192_cbc = {
-+ NID_aes_192_cbc,
-+ 16, 24, 16,
-+ EVP_CIPH_CBC_MODE,
-+ cryptodev_init_key,
-+ cryptodev_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+};
-+
-+const EVP_CIPHER cryptodev_aes_256_cbc = {
-+ NID_aes_256_cbc,
-+ 16, 32, 16,
-+ EVP_CIPH_CBC_MODE,
-+ cryptodev_init_key,
-+ cryptodev_cipher,
-+ cryptodev_cleanup,
-+ sizeof(struct dev_crypto_state),
-+ EVP_CIPHER_set_asn1_iv,
-+ EVP_CIPHER_get_asn1_iv,
-+ NULL
-+};
-+
- /*
- * Registered by the ENGINE when used to find out how to deal with
- * a particular NID in the ENGINE. this says what we'll do at the
-@@ -585,6 +620,9 @@
- return (cryptodev_usable_ciphers(nids));
-
- switch (nid) {
-+ case NID_rc4:
-+ *cipher = &cryptodev_rc4;
-+ break;
- case NID_des_ede3_cbc:
- *cipher = &cryptodev_3des_cbc;
- break;
-@@ -600,6 +638,12 @@
- case NID_aes_128_cbc:
- *cipher = &cryptodev_aes_cbc;
- break;
-+ case NID_aes_192_cbc:
-+ *cipher = &cryptodev_aes_192_cbc;
-+ break;
-+ case NID_aes_256_cbc:
-+ *cipher = &cryptodev_aes_256_cbc;
-+ break;
- default:
- *cipher = NULL;
- break;
-@@ -607,6 +651,286 @@
- return (*cipher != NULL);
- }
-
-+
-+#ifdef USE_CRYPTODEV_DIGESTS
-+
-+/* convert digest type to cryptodev */
-+static int
-+digest_nid_to_cryptodev(int nid)
-+{
-+ int i;
-+
-+ for (i = 0; digests[i].id; i++)
-+ if (digests[i].nid == nid)
-+ return (digests[i].id);
-+ return (0);
-+}
-+
-+
-+static int cryptodev_digest_init(EVP_MD_CTX *ctx)
-+{
-+ struct dev_crypto_state *state = ctx->md_data;
-+ struct session_op *sess = &state->d_sess;
-+ int digest;
-+
-+ if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){
-+ printf("cryptodev_digest_init: Can't get digest \n");
-+ return (0);
-+ }
-+ memset(state, 0, sizeof(struct dev_crypto_state));
-+
-+ if ((state->d_fd = get_dev_crypto()) < 0) {
-+ printf("cryptodev_digest_init: Can't get Dev \n");
-+ return (0);
-+ }
-+
-+ sess->mackey = NULL;
-+ sess->mackeylen = 0;
-+ sess->mac = digest;
-+
-+ if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-+ put_dev_crypto(state->d_fd);
-+ state->d_fd = -1;
-+ printf("cryptodev_digest_init: Open session failed\n");
-+ return (0);
-+ }
-+
-+ return (1);
-+}
-+
-+static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
-+ size_t count)
-+{
-+ struct dev_crypto_state *state = ctx->md_data;
-+ struct crypt_op cryp;
-+ struct session_op *sess = &state->d_sess;
-+
-+ if (!data || state->d_fd < 0) {
-+ printf("cryptodev_digest_update: illegal inputs \n");
-+ return (0);
-+ }
-+
-+ if (!count) {
-+ return (1);
-+ }
-+
-+ if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
-+ /* if application doesn't support one buffer */
-+ state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count);
-+
-+ if (!state->mac_data) {
-+ printf("cryptodev_digest_update: realloc failed\n");
-+ return (0);
-+ }
-+
-+ memcpy(state->mac_data + state->mac_len, data, count);
-+ state->mac_len += count;
-+
-+ return (1);
-+ }
-+
-+ memset(&cryp, 0, sizeof(cryp));
-+
-+ cryp.ses = sess->ses;
-+ cryp.flags = 0;
-+ cryp.len = count;
-+ cryp.src = (void*) data;
-+ cryp.dst = NULL;
-+ cryp.mac = (void*) state->digest_res;
-+ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-+ printf("cryptodev_digest_update: digest failed\n");
-+ return (0);
-+ }
-+ return (1);
-+}
-+
-+
-+static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
-+{
-+ struct crypt_op cryp;
-+ struct dev_crypto_state *state = ctx->md_data;
-+ struct session_op *sess = &state->d_sess;
-+
-+ if (!md || state->d_fd < 0) {
-+ printf("cryptodev_digest_final: illegal input\n");
-+ return(0);
-+ }
-+
-+ if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
-+ /* if application doesn't support one buffer */
-+ memset(&cryp, 0, sizeof(cryp));
-+ cryp.ses = sess->ses;
-+ cryp.flags = 0;
-+ cryp.len = state->mac_len;
-+ cryp.src = state->mac_data;
-+ cryp.dst = NULL;
-+ cryp.mac = (void*)md;
-+ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-+ printf("cryptodev_digest_final: digest failed\n");
-+ return (0);
-+ }
-+
-+ return 1;
-+ }
-+
-+ memcpy(md, state->digest_res, ctx->digest->md_size);
-+
-+ return 1;
-+}
-+
-+
-+static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
-+{
-+ int ret = 1;
-+ struct dev_crypto_state *state = ctx->md_data;
-+ struct session_op *sess = &state->d_sess;
-+
-+ if (state == NULL)
-+ return 0;
-+
-+ if (state->d_fd < 0) {
-+ printf("cryptodev_digest_cleanup: illegal input\n");
-+ return (0);
-+ }
-+
-+ if (state->mac_data) {
-+ OPENSSL_free(state->mac_data);
-+ state->mac_data = NULL;
-+ state->mac_len = 0;
-+ }
-+
-+ if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
-+ printf("cryptodev_digest_cleanup: failed to close session\n");
-+ ret = 0;
-+ } else {
-+ ret = 1;
-+ }
-+ put_dev_crypto(state->d_fd);
-+ state->d_fd = -1;
-+
-+ return (ret);
-+}
-+
-+static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
-+{
-+ struct dev_crypto_state *fstate = from->md_data;
-+ struct dev_crypto_state *dstate = to->md_data;
-+ struct session_op *sess;
-+ int digest;
-+
-+ if (dstate == NULL || fstate == NULL)
-+ return 1;
-+
-+ memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
-+
-+ sess = &dstate->d_sess;
-+
-+ digest = digest_nid_to_cryptodev(to->digest->type);
-+
-+ sess->mackey = NULL;
-+ sess->mackeylen = 0;
-+ sess->mac = digest;
-+
-+ dstate->d_fd = get_dev_crypto();
-+
-+ if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
-+ put_dev_crypto(dstate->d_fd);
-+ dstate->d_fd = -1;
-+ printf("cryptodev_digest_init: Open session failed\n");
-+ return (0);
-+ }
-+
-+ if (fstate->mac_len != 0) {
-+ if (fstate->mac_data != NULL)
-+ {
-+ dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
-+ memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
-+ dstate->mac_len = fstate->mac_len;
-+ }
-+ }
-+
-+ return 1;
-+}
-+
-+
-+static const EVP_MD cryptodev_sha1 = {
-+ NID_sha1,
-+ NID_sha1WithRSAEncryption,
-+ SHA_DIGEST_LENGTH,
-+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT,
-+ cryptodev_digest_init,
-+ cryptodev_digest_update,
-+ cryptodev_digest_final,
-+ cryptodev_digest_copy,
-+ cryptodev_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ SHA_CBLOCK,
-+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
-+};
-+
-+static const EVP_MD cryptodev_sha256 = {
-+ NID_sha256,
-+ NID_sha256WithRSAEncryption,
-+ SHA256_DIGEST_LENGTH,
-+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT,
-+ cryptodev_digest_init,
-+ cryptodev_digest_update,
-+ cryptodev_digest_final,
-+ cryptodev_digest_copy,
-+ cryptodev_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ SHA256_CBLOCK,
-+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
-+};
-+
-+static const EVP_MD cryptodev_sha384 = {
-+ NID_sha384,
-+ NID_sha384WithRSAEncryption,
-+ SHA384_DIGEST_LENGTH,
-+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT,
-+ cryptodev_digest_init,
-+ cryptodev_digest_update,
-+ cryptodev_digest_final,
-+ cryptodev_digest_copy,
-+ cryptodev_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ SHA512_CBLOCK,
-+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
-+};
-+
-+static const EVP_MD cryptodev_sha512 = {
-+ NID_sha512,
-+ NID_sha512WithRSAEncryption,
-+ SHA512_DIGEST_LENGTH,
-+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT,
-+ cryptodev_digest_init,
-+ cryptodev_digest_update,
-+ cryptodev_digest_final,
-+ cryptodev_digest_copy,
-+ cryptodev_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ SHA512_CBLOCK,
-+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
-+};
-+
-+static const EVP_MD cryptodev_md5 = {
-+ NID_md5,
-+ NID_md5WithRSAEncryption,
-+ 16 /* MD5_DIGEST_LENGTH */,
-+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT,
-+ cryptodev_digest_init,
-+ cryptodev_digest_update,
-+ cryptodev_digest_final,
-+ cryptodev_digest_copy,
-+ cryptodev_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ 64 /* MD5_CBLOCK */,
-+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
-+};
-+
-+#endif /* USE_CRYPTODEV_DIGESTS */
-+
-+
- static int
- cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
- const int **nids, int nid)
-@@ -615,10 +939,24 @@
- return (cryptodev_usable_digests(nids));
-
- switch (nid) {
-+#ifdef USE_CRYPTODEV_DIGESTS
- case NID_md5:
-- *digest = NULL; /* need to make a clean md5 critter */
-+ *digest = &cryptodev_md5;
- break;
-+ case NID_sha1:
-+ *digest = &cryptodev_sha1;
-+ break;
-+ case NID_sha256:
-+ *digest = &cryptodev_sha256;
-+ break;
-+ case NID_sha384:
-+ *digest = &cryptodev_sha384;
-+ break;
-+ case NID_sha512:
-+ *digest = &cryptodev_sha512;
-+ break;
- default:
-+#endif /* USE_CRYPTODEV_DIGESTS */
- *digest = NULL;
- break;
- }
-@@ -646,8 +984,9 @@
- b = malloc(bytes);
- if (b == NULL)
- return (1);
-+ memset(b, 0, bytes);
-
-- crp->crp_p = (char *)b;
-+ crp->crp_p = (void*) b;
- crp->crp_nbits = bits;
-
- for (i = 0, j = 0; i < a->top; i++) {
-@@ -690,7 +1029,7 @@
- {
- int i;
-
-- for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) {
-+ for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
- if (kop->crk_param[i].crp_p)
- free(kop->crk_param[i].crp_p);
- kop->crk_param[i].crp_p = NULL;
-@@ -776,8 +1115,9 @@
- cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- int r;
--
-+ ctx = BN_CTX_new();
- r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
-+ BN_CTX_free(ctx);
- return (r);
- }
-
-@@ -899,7 +1239,7 @@
- kop.crk_op = CRK_DSA_SIGN;
-
- /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-- kop.crk_param[0].crp_p = (caddr_t)dgst;
-+ kop.crk_param[0].crp_p = (void*)dgst;
- kop.crk_param[0].crp_nbits = dlen * 8;
- if (bn2crparam(dsa->p, &kop.crk_param[1]))
- goto err;
-@@ -939,7 +1279,7 @@
- kop.crk_op = CRK_DSA_VERIFY;
-
- /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
-- kop.crk_param[0].crp_p = (caddr_t)dgst;
-+ kop.crk_param[0].crp_p = (void*)dgst;
- kop.crk_param[0].crp_nbits = dlen * 8;
- if (bn2crparam(dsa->p, &kop.crk_param[1]))
- goto err;
-@@ -1017,7 +1357,7 @@
- goto err;
- kop.crk_iparams = 3;
-
-- kop.crk_param[3].crp_p = (char *)key;
-+ kop.crk_param[3].crp_p = (void*) key;
- kop.crk_param[3].crp_nbits = keylen * 8;
- kop.crk_oparams = 1;
-
-@@ -1048,7 +1388,7 @@
- * but I expect we'll want some options soon.
- */
- static int
--cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
-+cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- #ifdef HAVE_SYSLOG_R
- struct syslog_data sd = SYSLOG_DATA_INIT;
-@@ -1084,14 +1424,14 @@
- * find out what asymmetric crypto algorithms we support
- */
- if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
-- close(fd);
-+ put_dev_crypto(fd);
- ENGINE_free(engine);
- return;
- }
-- close(fd);
-+ put_dev_crypto(fd);
-
- if (!ENGINE_set_id(engine, "cryptodev") ||
-- !ENGINE_set_name(engine, "BSD cryptodev engine") ||
-+ !ENGINE_set_name(engine, "cryptodev engine") ||
- !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
- !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
- !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
-diff -Naur openssl-0.9.8u.org/crypto/engine/engine.h openssl-0.9.8u/crypto/engine/engine.h
---- openssl-0.9.8u.org/crypto/engine/engine.h 2010-02-09 15:18:15.000000000 +0100
-+++ openssl-0.9.8u/crypto/engine/engine.h 2012-03-27 14:05:15.000000000 +0200
-@@ -705,9 +705,7 @@
- * values. */
- void *ENGINE_get_static_state(void);
-
--#if defined(__OpenBSD__) || defined(__FreeBSD__)
- void ENGINE_setup_bsd_cryptodev(void);
--#endif
-
- /* BEGIN ERROR CODES */
- /* The following lines are auto generated by the script mkerr.pl. Any changes
-diff -Naur openssl-0.9.8u.org/crypto/evp/c_all.c openssl-0.9.8u/crypto/evp/c_all.c
---- openssl-0.9.8u.org/crypto/evp/c_all.c 2004-08-29 18:36:04.000000000 +0200
-+++ openssl-0.9.8u/crypto/evp/c_all.c 2012-03-27 14:05:15.000000000 +0200
-@@ -83,8 +83,6 @@
- OpenSSL_add_all_ciphers();
- OpenSSL_add_all_digests();
- #ifndef OPENSSL_NO_ENGINE
--# if defined(__OpenBSD__) || defined(__FreeBSD__)
- ENGINE_setup_bsd_cryptodev();
--# endif
- #endif
- }
+++ /dev/null
-diff -up openssl-1.0.1-beta2/Configure.rpmbuild openssl-1.0.1-beta2/Configure
---- openssl-1.0.1-beta2/Configure.rpmbuild 2012-01-05 01:07:34.000000000 +0100
-+++ openssl-1.0.1-beta2/Configure 2012-02-02 12:43:56.547409325 +0100
-@@ -343,23 +343,23 @@ my %table=(
- ####
- # *-generic* is endian-neutral target, but ./config is free to
- # throw in -D[BL]_ENDIAN, whichever appropriate...
--"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-generic32","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
-+"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
- # It's believed that majority of ARM toolchains predefine appropriate -march.
- # If you compiler does not, do complement config command line with one!
--"linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-armv4", "gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
- #### IA-32 targets...
- "linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
- "linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
- ####
--"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
--"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
-+"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
-+"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
- "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
--"linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
-+"linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
- #### So called "highgprs" target for z/Architecture CPUs
- # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
- # /proc/cpuinfo. The idea is to preserve most significant bits of
-@@ -373,16 +373,16 @@ my %table=(
- # ldconfig and run-time linker to autodiscover. Unfortunately it
- # doesn't work just yet, because of couple of bugs in glibc
- # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1...
--"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs",
-+"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::/highgprs",
- #### SPARC Linux setups
- # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
- # assisted with debugging of following two configs.
--"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-sparcv8","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
- # it's a real mess with -mcpu=ultrasparc option under Linux, but
- # -Wa,-Av8plus should do the trick no matter what.
--"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
- # GCC 3.1 is a requirement
--"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux64-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
- #### Alpha Linux with GNU C and Compaq C setups
- # Special notes:
- # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
-@@ -396,8 +396,8 @@ my %table=(
- #
- # <appro@fy.chalmers.se>
- #
--"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-alpha-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
-+"linux-alpha+bwx-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
- "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
- "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
-
-@@ -1678,7 +1678,7 @@ while (<IN>)
- elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
- {
- my $sotmp = $1;
-- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
-+ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_SONAMEVER) .s$sotmp/;
- }
- elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
- {
-diff -up openssl-1.0.1-beta2/Makefile.org.rpmbuild openssl-1.0.1-beta2/Makefile.org
---- openssl-1.0.1-beta2/Makefile.org.rpmbuild 2011-12-27 16:17:50.000000000 +0100
-+++ openssl-1.0.1-beta2/Makefile.org 2012-02-02 12:30:23.652495435 +0100
-@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY=
- SHLIB_MAJOR=
- SHLIB_MINOR=
- SHLIB_EXT=
-+SHLIB_SONAMEVER=10
- PLATFORM=dist
- OPTIONS=
- CONFIGURE_ARGS=
-@@ -333,10 +334,9 @@ clean-shared:
- link-shared:
- @ set -e; for i in $(SHLIBDIRS); do \
- $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
-- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
-+ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \
- LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
- symlink.$(SHLIB_TARGET); \
-- libs="$$libs -l$$i"; \
- done
-
- build-shared: do_$(SHLIB_TARGET) link-shared
-@@ -347,7 +347,7 @@ do_$(SHLIB_TARGET):
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
-- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
-+ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \
- LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
- LIBDEPS="$$libs $(EX_LIBS)" \
- link_a.$(SHLIB_TARGET); \
+++ /dev/null
-Patch created by Michael Tremer <michael.tremer@ipfire.org> from
- http://download.gna.org/cryptodev-linux/cryptodev-linux-1.6.tar.gz
-
-diff -Nur openssl-1.0.1e-vanilla/crypto/cryptodev.h openssl-1.0.1e/crypto/cryptodev.h
---- openssl-1.0.1e-vanilla/crypto/cryptodev.h 1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.1e/crypto/cryptodev.h 2013-12-25 14:27:20.907326820 +0000
-@@ -0,0 +1,292 @@
-+/* This is a source compatible implementation with the original API of
-+ * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h.
-+ * Placed under public domain */
-+
-+#ifndef L_CRYPTODEV_H
-+#define L_CRYPTODEV_H
-+
-+#include <linux/types.h>
-+#ifndef __KERNEL__
-+#define __user
-+#endif
-+
-+/* API extensions for linux */
-+#define CRYPTO_HMAC_MAX_KEY_LEN 512
-+#define CRYPTO_CIPHER_MAX_KEY_LEN 64
-+
-+/* All the supported algorithms
-+ */
-+enum cryptodev_crypto_op_t {
-+ CRYPTO_DES_CBC = 1,
-+ CRYPTO_3DES_CBC = 2,
-+ CRYPTO_BLF_CBC = 3,
-+ CRYPTO_CAST_CBC = 4,
-+ CRYPTO_SKIPJACK_CBC = 5,
-+ CRYPTO_MD5_HMAC = 6,
-+ CRYPTO_SHA1_HMAC = 7,
-+ CRYPTO_RIPEMD160_HMAC = 8,
-+ CRYPTO_MD5_KPDK = 9,
-+ CRYPTO_SHA1_KPDK = 10,
-+ CRYPTO_RIJNDAEL128_CBC = 11,
-+ CRYPTO_AES_CBC = CRYPTO_RIJNDAEL128_CBC,
-+ CRYPTO_ARC4 = 12,
-+ CRYPTO_MD5 = 13,
-+ CRYPTO_SHA1 = 14,
-+ CRYPTO_DEFLATE_COMP = 15,
-+ CRYPTO_NULL = 16,
-+ CRYPTO_LZS_COMP = 17,
-+ CRYPTO_SHA2_256_HMAC = 18,
-+ CRYPTO_SHA2_384_HMAC = 19,
-+ CRYPTO_SHA2_512_HMAC = 20,
-+ CRYPTO_AES_CTR = 21,
-+ CRYPTO_AES_XTS = 22,
-+ CRYPTO_AES_ECB = 23,
-+ CRYPTO_AES_GCM = 50,
-+
-+ CRYPTO_CAMELLIA_CBC = 101,
-+ CRYPTO_RIPEMD160,
-+ CRYPTO_SHA2_224,
-+ CRYPTO_SHA2_256,
-+ CRYPTO_SHA2_384,
-+ CRYPTO_SHA2_512,
-+ CRYPTO_SHA2_224_HMAC,
-+ CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
-+};
-+
-+#define CRYPTO_ALGORITHM_MAX (CRYPTO_ALGORITHM_ALL - 1)
-+
-+/* Values for ciphers */
-+#define DES_BLOCK_LEN 8
-+#define DES3_BLOCK_LEN 8
-+#define RIJNDAEL128_BLOCK_LEN 16
-+#define AES_BLOCK_LEN RIJNDAEL128_BLOCK_LEN
-+#define CAMELLIA_BLOCK_LEN 16
-+#define BLOWFISH_BLOCK_LEN 8
-+#define SKIPJACK_BLOCK_LEN 8
-+#define CAST128_BLOCK_LEN 8
-+
-+/* the maximum of the above */
-+#define EALG_MAX_BLOCK_LEN 16
-+
-+/* Values for hashes/MAC */
-+#define AALG_MAX_RESULT_LEN 64
-+
-+/* maximum length of verbose alg names (depends on CRYPTO_MAX_ALG_NAME) */
-+#define CRYPTODEV_MAX_ALG_NAME 64
-+
-+#define HASH_MAX_LEN 64
-+
-+/* input of CIOCGSESSION */
-+struct session_op {
-+ /* Specify either cipher or mac
-+ */
-+ __u32 cipher; /* cryptodev_crypto_op_t */
-+ __u32 mac; /* cryptodev_crypto_op_t */
-+
-+ __u32 keylen;
-+ __u8 __user *key;
-+ __u32 mackeylen;
-+ __u8 __user *mackey;
-+
-+ __u32 ses; /* session identifier */
-+};
-+
-+struct session_info_op {
-+ __u32 ses; /* session identifier */
-+
-+ /* verbose names for the requested ciphers */
-+ struct alg_info {
-+ char cra_name[CRYPTODEV_MAX_ALG_NAME];
-+ char cra_driver_name[CRYPTODEV_MAX_ALG_NAME];
-+ } cipher_info, hash_info;
-+
-+ __u16 alignmask; /* alignment constraints */
-+ __u32 flags; /* SIOP_FLAGS_* */
-+};
-+
-+/* If this flag is set then this algorithm uses
-+ * a driver only available in kernel (software drivers,
-+ * or drivers based on instruction sets do not set this flag).
-+ *
-+ * If multiple algorithms are involved (as in AEAD case), then
-+ * if one of them is kernel-driver-only this flag will be set.
-+ */
-+#define SIOP_FLAG_KERNEL_DRIVER_ONLY 1
-+
-+#define COP_ENCRYPT 0
-+#define COP_DECRYPT 1
-+
-+/* input of CIOCCRYPT */
-+struct crypt_op {
-+ __u32 ses; /* session identifier */
-+ __u16 op; /* COP_ENCRYPT or COP_DECRYPT */
-+ __u16 flags; /* see COP_FLAG_* */
-+ __u32 len; /* length of source data */
-+ __u8 __user *src; /* source data */
-+ __u8 __user *dst; /* pointer to output data */
-+ /* pointer to output data for hash/MAC operations */
-+ __u8 __user *mac;
-+ /* initialization vector for encryption operations */
-+ __u8 __user *iv;
-+};
-+
-+/* input of CIOCAUTHCRYPT */
-+struct crypt_auth_op {
-+ __u32 ses; /* session identifier */
-+ __u16 op; /* COP_ENCRYPT or COP_DECRYPT */
-+ __u16 flags; /* see COP_FLAG_AEAD_* */
-+ __u32 len; /* length of source data */
-+ __u32 auth_len; /* length of auth data */
-+ __u8 __user *auth_src; /* authenticated-only data */
-+
-+ /* The current implementation is more efficient if data are
-+ * encrypted in-place (src==dst). */
-+ __u8 __user *src; /* data to be encrypted and authenticated */
-+ __u8 __user *dst; /* pointer to output data. Must have
-+ * space for tag. For TLS this should be at least
-+ * len + tag_size + block_size for padding */
-+
-+ __u8 __user *tag; /* where the tag will be copied to. TLS mode
-+ * doesn't use that as tag is copied to dst.
-+ * SRTP mode copies tag there. */
-+ __u32 tag_len; /* the length of the tag. Use zero for digest size or max tag. */
-+
-+ /* initialization vector for encryption operations */
-+ __u8 __user *iv;
-+ __u32 iv_len;
-+};
-+
-+/* In plain AEAD mode the following are required:
-+ * flags : 0
-+ * iv : the initialization vector (12 bytes)
-+ * auth_len: the length of the data to be authenticated
-+ * auth_src: the data to be authenticated
-+ * len : length of data to be encrypted
-+ * src : the data to be encrypted
-+ * dst : space to hold encrypted data. It must have
-+ * at least a size of len + tag_size.
-+ * tag_size: the size of the desired authentication tag or zero to use
-+ * the maximum tag output.
-+ *
-+ * Note tag isn't being used because the Linux AEAD interface
-+ * copies the tag just after data.
-+ */
-+
-+/* In TLS mode (used for CBC ciphers that required padding)
-+ * the following are required:
-+ * flags : COP_FLAG_AEAD_TLS_TYPE
-+ * iv : the initialization vector
-+ * auth_len: the length of the data to be authenticated only
-+ * len : length of data to be encrypted
-+ * auth_src: the data to be authenticated
-+ * src : the data to be encrypted
-+ * dst : space to hold encrypted data (preferably in-place). It must have
-+ * at least a size of len + tag_size + blocksize.
-+ * tag_size: the size of the desired authentication tag or zero to use
-+ * the default mac output.
-+ *
-+ * Note that the padding used is the minimum padding.
-+ */
-+
-+/* In SRTP mode the following are required:
-+ * flags : COP_FLAG_AEAD_SRTP_TYPE
-+ * iv : the initialization vector
-+ * auth_len: the length of the data to be authenticated. This must
-+ * include the SRTP header + SRTP payload (data to be encrypted) + rest
-+ *
-+ * len : length of data to be encrypted
-+ * auth_src: pointer the data to be authenticated. Should point at the same buffer as src.
-+ * src : pointer to the data to be encrypted.
-+ * dst : This is mandatory to be the same as src (in-place only).
-+ * tag_size: the size of the desired authentication tag or zero to use
-+ * the default mac output.
-+ * tag : Pointer to an address where the authentication tag will be copied.
-+ */
-+
-+
-+/* struct crypt_op flags */
-+
-+#define COP_FLAG_NONE (0 << 0) /* totally no flag */
-+#define COP_FLAG_UPDATE (1 << 0) /* multi-update hash mode */
-+#define COP_FLAG_FINAL (1 << 1) /* multi-update final hash mode */
-+#define COP_FLAG_WRITE_IV (1 << 2) /* update the IV during operation */
-+#define COP_FLAG_NO_ZC (1 << 3) /* do not zero-copy */
-+#define COP_FLAG_AEAD_TLS_TYPE (1 << 4) /* authenticate and encrypt using the
-+ * TLS protocol rules */
-+#define COP_FLAG_AEAD_SRTP_TYPE (1 << 5) /* authenticate and encrypt using the
-+ * SRTP protocol rules */
-+#define COP_FLAG_RESET (1 << 6) /* multi-update reset the state.
-+ * should be used in combination
-+ * with COP_FLAG_UPDATE */
-+
-+
-+/* Stuff for bignum arithmetic and public key
-+ * cryptography - not supported yet by linux
-+ * cryptodev.
-+ */
-+
-+#define CRYPTO_ALG_FLAG_SUPPORTED 1
-+#define CRYPTO_ALG_FLAG_RNG_ENABLE 2
-+#define CRYPTO_ALG_FLAG_DSA_SHA 4
-+
-+struct crparam {
-+ __u8 *crp_p;
-+ __u32 crp_nbits;
-+};
-+
-+#define CRK_MAXPARAM 8
-+
-+/* input of CIOCKEY */
-+struct crypt_kop {
-+ __u32 crk_op; /* cryptodev_crk_ot_t */
-+ __u32 crk_status;
-+ __u16 crk_iparams;
-+ __u16 crk_oparams;
-+ __u32 crk_pad1;
-+ struct crparam crk_param[CRK_MAXPARAM];
-+};
-+
-+enum cryptodev_crk_op_t {
-+ CRK_MOD_EXP = 0,
-+ CRK_MOD_EXP_CRT = 1,
-+ CRK_DSA_SIGN = 2,
-+ CRK_DSA_VERIFY = 3,
-+ CRK_DH_COMPUTE_KEY = 4,
-+ CRK_ALGORITHM_ALL
-+};
-+
-+#define CRK_ALGORITHM_MAX (CRK_ALGORITHM_ALL-1)
-+
-+/* features to be queried with CIOCASYMFEAT ioctl
-+ */
-+#define CRF_MOD_EXP (1 << CRK_MOD_EXP)
-+#define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT)
-+#define CRF_DSA_SIGN (1 << CRK_DSA_SIGN)
-+#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY)
-+#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY)
-+
-+
-+/* ioctl's. Compatible with old linux cryptodev.h
-+ */
-+#define CRIOGET _IOWR('c', 101, __u32)
-+#define CIOCGSESSION _IOWR('c', 102, struct session_op)
-+#define CIOCFSESSION _IOW('c', 103, __u32)
-+#define CIOCCRYPT _IOWR('c', 104, struct crypt_op)
-+#define CIOCKEY _IOWR('c', 105, struct crypt_kop)
-+#define CIOCASYMFEAT _IOR('c', 106, __u32)
-+#define CIOCGSESSINFO _IOWR('c', 107, struct session_info_op)
-+
-+/* to indicate that CRIOGET is not required in linux
-+ */
-+#define CRIOGET_NOT_NEEDED 1
-+
-+/* additional ioctls for AEAD */
-+#define CIOCAUTHCRYPT _IOWR('c', 109, struct crypt_auth_op)
-+
-+/* additional ioctls for asynchronous operation.
-+ * These are conditionally enabled since version 1.6.
-+ */
-+#define CIOCASYNCCRYPT _IOW('c', 110, struct crypt_op)
-+#define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op)
-+
-+#endif /* L_CRYPTODEV_H */
-diff -Nur openssl-1.0.1e-vanilla/crypto/engine/eng_cryptodev.c openssl-1.0.1e/crypto/engine/eng_cryptodev.c
---- openssl-1.0.1e-vanilla/crypto/engine/eng_cryptodev.c 2013-02-11 15:26:04.000000000 +0000
-+++ openssl-1.0.1e/crypto/engine/eng_cryptodev.c 2013-12-25 14:27:06.968877039 +0000
-@@ -2,6 +2,7 @@
- * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
- * Copyright (c) 2002 Theo de Raadt
- * Copyright (c) 2002 Markus Friedl
-+ * Copyright (c) 2012 Nikos Mavrogiannopoulos
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
-@@ -74,8 +75,6 @@
- int d_fd;
-
- #ifdef USE_CRYPTODEV_DIGESTS
-- char dummy_mac_key[HASH_MAX_LEN];
--
- unsigned char digest_res[HASH_MAX_LEN];
- char *mac_data;
- int mac_len;
-@@ -157,15 +156,21 @@
- static struct {
- int id;
- int nid;
-- int keylen;
-+ int digestlen;
- } digests[] = {
-+#if 0
-+ /* HMAC is not supported */
- { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16},
- { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20},
-- { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16/*?*/},
-- { CRYPTO_MD5_KPDK, NID_undef, 0},
-- { CRYPTO_SHA1_KPDK, NID_undef, 0},
-+ { CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA256, 32},
-+ { CRYPTO_SHA2_384_HMAC, NID_hmacWithSHA384, 48},
-+ { CRYPTO_SHA2_512_HMAC, NID_hmacWithSHA512, 64},
-+#endif
- { CRYPTO_MD5, NID_md5, 16},
- { CRYPTO_SHA1, NID_sha1, 20},
-+ { CRYPTO_SHA2_256, NID_sha256, 32},
-+ { CRYPTO_SHA2_384, NID_sha384, 48},
-+ { CRYPTO_SHA2_512, NID_sha512, 64},
- { 0, NID_undef, 0},
- };
- #endif
-@@ -243,13 +248,14 @@
- static int nids[CRYPTO_ALGORITHM_MAX];
- struct session_op sess;
- int fd, i, count = 0;
-+ unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
-
- if ((fd = get_dev_crypto()) < 0) {
- *cnids = NULL;
- return (0);
- }
- memset(&sess, 0, sizeof(sess));
-- sess.key = (caddr_t)"123456789abcdefghijklmno";
-+ sess.key = (void*)fake_key;
-
- for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
- if (ciphers[i].nid == NID_undef)
-@@ -281,6 +287,7 @@
- get_cryptodev_digests(const int **cnids)
- {
- static int nids[CRYPTO_ALGORITHM_MAX];
-+ unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
- struct session_op sess;
- int fd, i, count = 0;
-
-@@ -289,12 +296,12 @@
- return (0);
- }
- memset(&sess, 0, sizeof(sess));
-- sess.mackey = (caddr_t)"123456789abcdefghijklmno";
-+ sess.mackey = fake_key;
- for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
- if (digests[i].nid == NID_undef)
- continue;
- sess.mac = digests[i].id;
-- sess.mackeylen = digests[i].keylen;
-+ sess.mackeylen = 8;
- sess.cipher = 0;
- if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
- ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
-@@ -382,14 +389,14 @@
- cryp.ses = sess->ses;
- cryp.flags = 0;
- cryp.len = inl;
-- cryp.src = (caddr_t) in;
-- cryp.dst = (caddr_t) out;
-+ cryp.src = (void*) in;
-+ cryp.dst = (void*) out;
- cryp.mac = 0;
-
- cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-
- if (ctx->cipher->iv_len) {
-- cryp.iv = (caddr_t) ctx->iv;
-+ cryp.iv = (void*) ctx->iv;
- if (!ctx->encrypt) {
- iiv = in + inl - ctx->cipher->iv_len;
- memcpy(save_iv, iiv, ctx->cipher->iv_len);
-@@ -440,7 +447,7 @@
- if ((state->d_fd = get_dev_crypto()) < 0)
- return (0);
-
-- sess->key = (caddr_t)key;
-+ sess->key = (void*)key;
- sess->keylen = ctx->key_len;
- sess->cipher = cipher;
-
-@@ -660,18 +667,6 @@
- }
-
-
--static int
--digest_key_length(int nid)
--{
-- int i;
--
-- for (i = 0; digests[i].id; i++)
-- if (digests[i].nid == nid)
-- return digests[i].keylen;
-- return (0);
--}
--
--
- static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- {
- struct dev_crypto_state *state = ctx->md_data;
-@@ -682,7 +677,6 @@
- printf("cryptodev_digest_init: Can't get digest \n");
- return (0);
- }
--
- memset(state, 0, sizeof(struct dev_crypto_state));
-
- if ((state->d_fd = get_dev_crypto()) < 0) {
-@@ -690,8 +684,8 @@
- return (0);
- }
-
-- sess->mackey = state->dummy_mac_key;
-- sess->mackeylen = digest_key_length(ctx->digest->type);
-+ sess->mackey = NULL;
-+ sess->mackeylen = 0;
- sess->mac = digest;
-
- if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-@@ -707,8 +701,8 @@
- static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
- size_t count)
- {
-- struct crypt_op cryp;
- struct dev_crypto_state *state = ctx->md_data;
-+ struct crypt_op cryp;
- struct session_op *sess = &state->d_sess;
-
- if (!data || state->d_fd < 0) {
-@@ -717,7 +711,7 @@
- }
-
- if (!count) {
-- return (0);
-+ return (1);
- }
-
- if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
-@@ -740,9 +734,9 @@
- cryp.ses = sess->ses;
- cryp.flags = 0;
- cryp.len = count;
-- cryp.src = (caddr_t) data;
-+ cryp.src = (void*) data;
- cryp.dst = NULL;
-- cryp.mac = (caddr_t) state->digest_res;
-+ cryp.mac = (void*) state->digest_res;
- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
- printf("cryptodev_digest_update: digest failed\n");
- return (0);
-@@ -757,8 +751,6 @@
- struct dev_crypto_state *state = ctx->md_data;
- struct session_op *sess = &state->d_sess;
-
-- int ret = 1;
--
- if (!md || state->d_fd < 0) {
- printf("cryptodev_digest_final: illegal input\n");
- return(0);
-@@ -772,7 +764,7 @@
- cryp.len = state->mac_len;
- cryp.src = state->mac_data;
- cryp.dst = NULL;
-- cryp.mac = (caddr_t)md;
-+ cryp.mac = (void*)md;
- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
- printf("cryptodev_digest_final: digest failed\n");
- return (0);
-@@ -783,7 +775,7 @@
-
- memcpy(md, state->digest_res, ctx->digest->md_size);
-
-- return (ret);
-+ return 1;
- }
-
-
-@@ -835,8 +827,8 @@
-
- digest = digest_nid_to_cryptodev(to->digest->type);
-
-- sess->mackey = dstate->dummy_mac_key;
-- sess->mackeylen = digest_key_length(to->digest->type);
-+ sess->mackey = NULL;
-+ sess->mackeylen = 0;
- sess->mac = digest;
-
- dstate->d_fd = get_dev_crypto();
-@@ -861,34 +853,117 @@
- }
-
-
--const EVP_MD cryptodev_sha1 = {
-+static const EVP_MD cryptodev_sha1 = {
- NID_sha1,
-- NID_undef,
-+ NID_sha1WithRSAEncryption,
- SHA_DIGEST_LENGTH,
-+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
-+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
-+ EVP_MD_FLAG_DIGALGID_ABSENT|
-+#endif
- EVP_MD_FLAG_ONESHOT,
- cryptodev_digest_init,
- cryptodev_digest_update,
- cryptodev_digest_final,
- cryptodev_digest_copy,
- cryptodev_digest_cleanup,
-- EVP_PKEY_NULL_method,
-+ EVP_PKEY_RSA_method,
- SHA_CBLOCK,
-- sizeof(struct dev_crypto_state),
-+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
-+};
-+
-+static const EVP_MD cryptodev_sha256 = {
-+ NID_sha256,
-+ NID_sha256WithRSAEncryption,
-+ SHA256_DIGEST_LENGTH,
-+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
-+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
-+ EVP_MD_FLAG_DIGALGID_ABSENT|
-+#endif
-+ EVP_MD_FLAG_ONESHOT,
-+ cryptodev_digest_init,
-+ cryptodev_digest_update,
-+ cryptodev_digest_final,
-+ cryptodev_digest_copy,
-+ cryptodev_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ SHA256_CBLOCK,
-+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
-+};
-+static const EVP_MD cryptodev_sha224 = {
-+ NID_sha224,
-+ NID_sha224WithRSAEncryption,
-+ SHA224_DIGEST_LENGTH,
-+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
-+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
-+ EVP_MD_FLAG_DIGALGID_ABSENT|
-+#endif
-+ EVP_MD_FLAG_ONESHOT,
-+ cryptodev_digest_init,
-+ cryptodev_digest_update,
-+ cryptodev_digest_final,
-+ cryptodev_digest_copy,
-+ cryptodev_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ SHA256_CBLOCK,
-+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
-+};
-+
-+static const EVP_MD cryptodev_sha384 = {
-+ NID_sha384,
-+ NID_sha384WithRSAEncryption,
-+ SHA384_DIGEST_LENGTH,
-+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
-+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
-+ EVP_MD_FLAG_DIGALGID_ABSENT|
-+#endif
-+ EVP_MD_FLAG_ONESHOT,
-+ cryptodev_digest_init,
-+ cryptodev_digest_update,
-+ cryptodev_digest_final,
-+ cryptodev_digest_copy,
-+ cryptodev_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ SHA512_CBLOCK,
-+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
-+};
-+
-+static const EVP_MD cryptodev_sha512 = {
-+ NID_sha512,
-+ NID_sha512WithRSAEncryption,
-+ SHA512_DIGEST_LENGTH,
-+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
-+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
-+ EVP_MD_FLAG_DIGALGID_ABSENT|
-+#endif
-+ EVP_MD_FLAG_ONESHOT,
-+ cryptodev_digest_init,
-+ cryptodev_digest_update,
-+ cryptodev_digest_final,
-+ cryptodev_digest_copy,
-+ cryptodev_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ SHA512_CBLOCK,
-+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
- };
-
--const EVP_MD cryptodev_md5 = {
-+static const EVP_MD cryptodev_md5 = {
- NID_md5,
-- NID_undef,
-+ NID_md5WithRSAEncryption,
- 16 /* MD5_DIGEST_LENGTH */,
-+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
-+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
-+ EVP_MD_FLAG_DIGALGID_ABSENT|
-+#endif
- EVP_MD_FLAG_ONESHOT,
- cryptodev_digest_init,
- cryptodev_digest_update,
- cryptodev_digest_final,
- cryptodev_digest_copy,
- cryptodev_digest_cleanup,
-- EVP_PKEY_NULL_method,
-+ EVP_PKEY_RSA_method,
- 64 /* MD5_CBLOCK */,
-- sizeof(struct dev_crypto_state),
-+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
- };
-
- #endif /* USE_CRYPTODEV_DIGESTS */
-@@ -909,6 +984,18 @@
- case NID_sha1:
- *digest = &cryptodev_sha1;
- break;
-+ case NID_sha224:
-+ *digest = &cryptodev_sha224;
-+ break;
-+ case NID_sha256:
-+ *digest = &cryptodev_sha256;
-+ break;
-+ case NID_sha384:
-+ *digest = &cryptodev_sha384;
-+ break;
-+ case NID_sha512:
-+ *digest = &cryptodev_sha512;
-+ break;
- default:
- #endif /* USE_CRYPTODEV_DIGESTS */
- *digest = NULL;
-@@ -940,7 +1027,7 @@
- return (1);
- memset(b, 0, bytes);
-
-- crp->crp_p = (caddr_t) b;
-+ crp->crp_p = (void*) b;
- crp->crp_nbits = bits;
-
- for (i = 0, j = 0; i < a->top; i++) {
-@@ -1193,7 +1280,7 @@
- kop.crk_op = CRK_DSA_SIGN;
-
- /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-- kop.crk_param[0].crp_p = (caddr_t)dgst;
-+ kop.crk_param[0].crp_p = (void*)dgst;
- kop.crk_param[0].crp_nbits = dlen * 8;
- if (bn2crparam(dsa->p, &kop.crk_param[1]))
- goto err;
-@@ -1233,7 +1320,7 @@
- kop.crk_op = CRK_DSA_VERIFY;
-
- /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
-- kop.crk_param[0].crp_p = (caddr_t)dgst;
-+ kop.crk_param[0].crp_p = (void*)dgst;
- kop.crk_param[0].crp_nbits = dlen * 8;
- if (bn2crparam(dsa->p, &kop.crk_param[1]))
- goto err;
-@@ -1311,9 +1398,10 @@
- goto err;
- kop.crk_iparams = 3;
-
-- kop.crk_param[3].crp_p = (caddr_t) key;
-- kop.crk_param[3].crp_nbits = keylen * 8;
-+ kop.crk_param[3].crp_p = (void*) key;
-+ kop.crk_param[3].crp_nbits = keylen;
- kop.crk_oparams = 1;
-+ dhret = keylen/8;
-
- if (ioctl(fd, CIOCKEY, &kop) == -1) {
- const DH_METHOD *meth = DH_OpenSSL();
-@@ -1385,7 +1473,7 @@
- put_dev_crypto(fd);
-
- if (!ENGINE_set_id(engine, "cryptodev") ||
-- !ENGINE_set_name(engine, "BSD cryptodev engine") ||
-+ !ENGINE_set_name(engine, "cryptodev engine") ||
- !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
- !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
- !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
+++ /dev/null
-Submitted By: Armin K. <krejzi at email dot com>
-Date: 2013-05-05
-Initial Package Version: 1.0.1e
-Upstream Status: Unknown
-Origin: https://github.com/Alexpux/Qt-builds/tree/master/patches/openssl
-Description: Fixes build with make -jx, where x is greater than 1.
-
---- a/crypto/Makefile 2013-02-11 16:26:04.000000000 +0100
-+++ b/crypto/Makefile 2013-05-05 20:06:34.872208113 +0200
-@@ -86,11 +86,11 @@
- @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-
- subdirs:
-- @target=all; $(RECURSIVE_MAKE)
-+ +@target=all; $(RECURSIVE_MAKE)
-
- files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-- @target=files; $(RECURSIVE_MAKE)
-+ +@target=files; $(RECURSIVE_MAKE)
-
- links:
- @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -101,7 +101,7 @@
- # lib: $(LIB): are splitted to avoid end-less loop
- lib: $(LIB)
- @touch lib
--$(LIB): $(LIBOBJ)
-+$(LIB): $(LIBOBJ) | subdirs
- $(AR) $(LIB) $(LIBOBJ)
- [ -z "$(FIPSLIBDIR)" ] || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
- $(RANLIB) $(LIB) || echo Never mind.
-@@ -112,7 +112,7 @@
- fi
-
- libs:
-- @target=lib; $(RECURSIVE_MAKE)
-+ +@target=lib; $(RECURSIVE_MAKE)
-
- install:
- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -121,7 +121,7 @@
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
-- @target=install; $(RECURSIVE_MAKE)
-+ +@target=install; $(RECURSIVE_MAKE)
-
- lint:
- @target=lint; $(RECURSIVE_MAKE)
---- a/engines/Makefile 2013-02-11 16:26:04.000000000 +0100
-+++ b/engines/Makefile 2013-05-05 20:06:34.872208113 +0200
-@@ -72,7 +72,7 @@
-
- all: lib subdirs
-
--lib: $(LIBOBJ)
-+lib: $(LIBOBJ) | subdirs
- @if [ -n "$(SHARED_LIBS)" ]; then \
- set -e; \
- for l in $(LIBNAMES); do \
-@@ -89,7 +89,7 @@
-
- subdirs:
- echo $(EDIRS)
-- @target=all; $(RECURSIVE_MAKE)
-+ +@target=all; $(RECURSIVE_MAKE)
-
- files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-@@ -128,7 +128,7 @@
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
- done; \
- fi
-- @target=install; $(RECURSIVE_MAKE)
-+ +@target=install; $(RECURSIVE_MAKE)
-
- tags:
- ctags $(SRC)
---- a/Makefile.org 2013-02-11 16:26:04.000000000 +0100
-+++ b/Makefile.org 2013-05-05 20:06:34.862207917 +0200
-@@ -273,17 +273,17 @@
- build_libs: build_crypto build_ssl build_engines
-
- build_crypto:
-- @dir=crypto; target=all; $(BUILD_ONE_CMD)
--build_ssl:
-- @dir=ssl; target=all; $(BUILD_ONE_CMD)
--build_engines:
-- @dir=engines; target=all; $(BUILD_ONE_CMD)
--build_apps:
-- @dir=apps; target=all; $(BUILD_ONE_CMD)
--build_tests:
-- @dir=test; target=all; $(BUILD_ONE_CMD)
--build_tools:
-- @dir=tools; target=all; $(BUILD_ONE_CMD)
-+ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
-+build_ssl: build_crypto
-+ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
-+build_engines: build_crypto
-+ +@dir=engines; target=all; $(BUILD_ONE_CMD)
-+build_apps: build_libs
-+ +@dir=apps; target=all; $(BUILD_ONE_CMD)
-+build_tests: build_libs
-+ +@dir=test; target=all; $(BUILD_ONE_CMD)
-+build_tools: build_libs
-+ +@dir=tools; target=all; $(BUILD_ONE_CMD)
-
- all_testapps: build_libs build_testapps
- build_testapps:
-@@ -537,9 +537,9 @@
- dist_pem_h:
- (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
-
--install: all install_docs install_sw
-+install: install_docs install_sw
-
--install_sw:
-+install_dirs:
- @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-@@ -548,12 +548,19 @@
- $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/private
-+ @$(PERL) $(TOP)/util/mkdir-p.pl \
-+ $(INSTALL_PREFIX)$(MANDIR)/man1 \
-+ $(INSTALL_PREFIX)$(MANDIR)/man3 \
-+ $(INSTALL_PREFIX)$(MANDIR)/man5 \
-+ $(INSTALL_PREFIX)$(MANDIR)/man7
-+
-+install_sw: install_dirs
- @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
-- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
-+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
- @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
- do \
- if [ -f "$$i" ]; then \
-@@ -633,12 +640,7 @@
- done; \
- done
-
--install_docs:
-- @$(PERL) $(TOP)/util/mkdir-p.pl \
-- $(INSTALL_PREFIX)$(MANDIR)/man1 \
-- $(INSTALL_PREFIX)$(MANDIR)/man3 \
-- $(INSTALL_PREFIX)$(MANDIR)/man5 \
-- $(INSTALL_PREFIX)$(MANDIR)/man7
-+install_docs: install_dirs
- @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
- here="`pwd`"; \
- filecase=; \
---- a/Makefile.shared 2013-02-11 16:26:04.000000000 +0100
-+++ b/Makefile.shared 2013-05-05 20:06:34.872208113 +0200
-@@ -105,6 +105,7 @@
- SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
- LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
- LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
- LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
- $${SHAREDCMD} $${SHAREDFLAGS} \
- -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-@@ -122,6 +123,7 @@
- done; \
- fi; \
- if [ -n "$$SHLIB_SOVER" ]; then \
-+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
- ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
- ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
- fi; \
---- a/test/Makefile 2013-02-11 16:26:04.000000000 +0100
-+++ b/test/Makefile 2013-05-05 20:06:34.872208113 +0200
-@@ -124,7 +124,7 @@
- tags:
- ctags $(SRC)
-
--tests: exe apps $(TESTS)
-+tests: exe $(TESTS)
-
- apps:
- @(cd ..; $(MAKE) DIRS=apps all)
-@@ -365,109 +365,109 @@
- link_app.$${shlib_target}
-
- $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
-- @target=$(RSATEST); $(BUILD_CMD)
-+ +@target=$(RSATEST); $(BUILD_CMD)
-
- $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
-- @target=$(BNTEST); $(BUILD_CMD)
-+ +@target=$(BNTEST); $(BUILD_CMD)
-
- $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
-- @target=$(ECTEST); $(BUILD_CMD)
-+ +@target=$(ECTEST); $(BUILD_CMD)
-
- $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
-- @target=$(EXPTEST); $(BUILD_CMD)
-+ +@target=$(EXPTEST); $(BUILD_CMD)
-
- $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
-- @target=$(IDEATEST); $(BUILD_CMD)
-+ +@target=$(IDEATEST); $(BUILD_CMD)
-
- $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
-- @target=$(MD2TEST); $(BUILD_CMD)
-+ +@target=$(MD2TEST); $(BUILD_CMD)
-
- $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
-- @target=$(SHATEST); $(BUILD_CMD)
-+ +@target=$(SHATEST); $(BUILD_CMD)
-
- $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
-- @target=$(SHA1TEST); $(BUILD_CMD)
-+ +@target=$(SHA1TEST); $(BUILD_CMD)
-
- $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
-- @target=$(SHA256TEST); $(BUILD_CMD)
-+ +@target=$(SHA256TEST); $(BUILD_CMD)
-
- $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
-- @target=$(SHA512TEST); $(BUILD_CMD)
-+ +@target=$(SHA512TEST); $(BUILD_CMD)
-
- $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
-- @target=$(RMDTEST); $(BUILD_CMD)
-+ +@target=$(RMDTEST); $(BUILD_CMD)
-
- $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
-- @target=$(MDC2TEST); $(BUILD_CMD)
-+ +@target=$(MDC2TEST); $(BUILD_CMD)
-
- $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
-- @target=$(MD4TEST); $(BUILD_CMD)
-+ +@target=$(MD4TEST); $(BUILD_CMD)
-
- $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
-- @target=$(MD5TEST); $(BUILD_CMD)
-+ +@target=$(MD5TEST); $(BUILD_CMD)
-
- $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
-- @target=$(HMACTEST); $(BUILD_CMD)
-+ +@target=$(HMACTEST); $(BUILD_CMD)
-
- $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
-- @target=$(WPTEST); $(BUILD_CMD)
-+ +@target=$(WPTEST); $(BUILD_CMD)
-
- $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
-- @target=$(RC2TEST); $(BUILD_CMD)
-+ +@target=$(RC2TEST); $(BUILD_CMD)
-
- $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
-- @target=$(BFTEST); $(BUILD_CMD)
-+ +@target=$(BFTEST); $(BUILD_CMD)
-
- $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
-- @target=$(CASTTEST); $(BUILD_CMD)
-+ +@target=$(CASTTEST); $(BUILD_CMD)
-
- $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
-- @target=$(RC4TEST); $(BUILD_CMD)
-+ +@target=$(RC4TEST); $(BUILD_CMD)
-
- $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
-- @target=$(RC5TEST); $(BUILD_CMD)
-+ +@target=$(RC5TEST); $(BUILD_CMD)
-
- $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
-- @target=$(DESTEST); $(BUILD_CMD)
-+ +@target=$(DESTEST); $(BUILD_CMD)
-
- $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
-- @target=$(RANDTEST); $(BUILD_CMD)
-+ +@target=$(RANDTEST); $(BUILD_CMD)
-
- $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
-- @target=$(DHTEST); $(BUILD_CMD)
-+ +@target=$(DHTEST); $(BUILD_CMD)
-
- $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
-- @target=$(DSATEST); $(BUILD_CMD)
-+ +@target=$(DSATEST); $(BUILD_CMD)
-
- $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
-- @target=$(METHTEST); $(BUILD_CMD)
-+ +@target=$(METHTEST); $(BUILD_CMD)
-
- $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
-- @target=$(SSLTEST); $(FIPS_BUILD_CMD)
-+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
-
- $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
-- @target=$(ENGINETEST); $(BUILD_CMD)
-+ +@target=$(ENGINETEST); $(BUILD_CMD)
-
- $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
-- @target=$(EVPTEST); $(BUILD_CMD)
-+ +@target=$(EVPTEST); $(BUILD_CMD)
-
- $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
-- @target=$(ECDSATEST); $(BUILD_CMD)
-+ +@target=$(ECDSATEST); $(BUILD_CMD)
-
- $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
-- @target=$(ECDHTEST); $(BUILD_CMD)
-+ +@target=$(ECDHTEST); $(BUILD_CMD)
-
- $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
-- @target=$(IGETEST); $(BUILD_CMD)
-+ +@target=$(IGETEST); $(BUILD_CMD)
-
- $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
-- @target=$(JPAKETEST); $(BUILD_CMD)
-+ +@target=$(JPAKETEST); $(BUILD_CMD)
-
- $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
-- @target=$(ASN1TEST); $(BUILD_CMD)
-+ +@target=$(ASN1TEST); $(BUILD_CMD)
-
- $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
-- @target=$(SRPTEST); $(BUILD_CMD)
-+ +@target=$(SRPTEST); $(BUILD_CMD)
-
- #$(AESTEST).o: $(AESTEST).c
- # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -480,7 +480,7 @@
- # fi
-
- dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
-- @target=dummytest; $(BUILD_CMD)
-+ +@target=dummytest; $(BUILD_CMD)
-
- # DO NOT DELETE THIS LINE -- make depend depends on it.
-
--- /dev/null
+diff -up openssl-1.0.1e/Configure.rpmbuild openssl-1.0.1e/Configure
+--- openssl-1.0.1e/Configure.rpmbuild 2014-08-13 19:19:53.211005598 +0200
++++ openssl-1.0.1e/Configure 2014-08-13 19:29:21.704099285 +0200
+@@ -1675,7 +1676,7 @@ while (<IN>)
+ elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
+ {
+ my $sotmp = $1;
+- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
++ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_SONAMEVER) .s$sotmp/;
+ }
+ elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
+ {
+diff -up openssl-1.0.1e/Makefile.org.rpmbuild openssl-1.0.1e/Makefile.org
+--- openssl-1.0.1e/Makefile.org.rpmbuild 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/Makefile.org 2014-08-13 19:19:53.218005759 +0200
+@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY=
+ SHLIB_MAJOR=
+ SHLIB_MINOR=
+ SHLIB_EXT=
++SHLIB_SONAMEVER=10
+ PLATFORM=dist
+ OPTIONS=
+ CONFIGURE_ARGS=
+@@ -333,10 +334,9 @@ clean-shared:
+ link-shared:
+ @ set -e; for i in $(SHLIBDIRS); do \
+ $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
+- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
++ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \
+ LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
+ symlink.$(SHLIB_TARGET); \
+- libs="$$libs -l$$i"; \
+ done
+
+ build-shared: do_$(SHLIB_TARGET) link-shared
+@@ -347,7 +347,7 @@ do_$(SHLIB_TARGET):
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
+ $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
+- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
++ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \
+ LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
+ LIBDEPS="$$libs $(EX_LIBS)" \
+ link_a.$(SHLIB_TARGET); \
+--- a/Configure.old 2015-03-19 18:10:45.101201021 +0000
++++ b/Configure 2015-03-19 18:11:19.324547495 +0000
+@@ -345,14 +345,14 @@
+ ####
+ # *-generic* is endian-neutral target, but ./config is free to
+ # throw in -D[BL]_ENDIAN, whichever appropriate...
+-"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_SONAMEVER)",
+ "linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ # It's believed that majority of ARM toolchains predefine appropriate -march.
+ # If you compiler does not, do complement config command line with one!
+ "linux-armv4", "gcc:-O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ #### IA-32 targets...
+ "linux-ia32-icc", "icc:-DL_ENDIAN -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_SONAMEVER)",
+ "linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
+ ####
+ "linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+++ /dev/null
-diff -up openssl-1.0.1e/ssl/ssl.h.weak-ciphers openssl-1.0.1e/ssl/ssl.h
---- openssl-1.0.1e/ssl/ssl.h.weak-ciphers 2013-12-18 15:50:40.881620314 +0100
-+++ openssl-1.0.1e/ssl/ssl.h 2013-12-18 14:25:25.596566704 +0100
-@@ -331,7 +331,7 @@ extern "C" {
- /* The following cipher list is used by default.
- * It also is substituted when an application-defined cipher list string
- * starts with 'DEFAULT'. */
--#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2"
-+#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2:!EXPORT:!RC2:!DES"
- /* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
- * starts with a reasonable order, and all we have to do for DEFAULT is
- * throwing out anonymous and unencrypted ciphersuites!
--- /dev/null
+--- openssl-1.0.1m/ssl/ssl.h.old 2015-03-19 15:25:20.646533583 +0100
++++ openssl-1.0.1m/ssl/ssl.h 2015-03-19 15:25:31.229875691 +0100
+@@ -334,7 +334,7 @@
+ * The following cipher list is used by default. It also is substituted when
+ * an application-defined cipher list string starts with 'DEFAULT'.
+ */
+-# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2"
++# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:!RC2:!DES"
+ /*
+ * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
+ * starts with a reasonable order, and all we have to do for DEFAULT is
-diff -up openssl-1.0.1h/ssl/ssl_lib.c.v2v3 openssl-1.0.1h/ssl/ssl_lib.c\r
---- openssl-1.0.1h/ssl/ssl_lib.c.v2v3 2014-06-11 16:02:52.000000000 +0200\r
-+++ openssl-1.0.1h/ssl/ssl_lib.c 2014-06-30 14:18:04.290248080 +0200\r
-@@ -1875,6 +1875,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m\r
- */\r
- ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;\r
- \r
-+ /* Disable SSLv2 and SSLv3 by default (affects the SSLv23_method() only) */\r
-+ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;\r
-+\r
- return(ret);\r
- err:\r
- SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);\r
+--- openssl-1.0.1m/ssl/ssl_lib.c.old 2015-03-19 15:56:40.966287977 +0100
++++ openssl-1.0.1m/ssl/ssl_lib.c 2015-03-19 15:57:07.976160846 +0100
+@@ -1892,6 +1892,9 @@
+ */
+ ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
+
++ /* Disable SSLv2 and SSLv3 by default (affects the SSLv23_method() only) */
++ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
++
+ return (ret);
+ err:
+ SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);