From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 28 Apr 2015 09:14:45 +0000 (+0200)
Subject: Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
X-Git-Tag: v2.17-core91~95
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1cbc5ca0a4e0827ae5073ddf19c515e4492baa16;hp=eb7e5ec69ffcf35b1748b8fa2e5ed6fd07763014;p=ipfire-2.x.git

Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
---

diff --git a/lfs/openssl b/lfs/openssl
index 9cc1b4b0f5..a1f4fbe731 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -33,7 +33,16 @@ DIR_APP    = $(DIR_SRC)/$(THISAPP)
 
 TARGET = $(DIR_INFO)/$(THISAPP)$(KCFG)
 
+ifneq "$(KCFG)" "-sse2"
 CFLAGS += -DPURIFY
+else
+CFLAGS =-O2 -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fPIC
+CFLAGS+= -fstack-protector-all --param=ssp-buffer-size=4
+CFLAGS+= -march=i686 -mmmx -msse -msse2 -mfpmath=sse
+CFLAGS+= -fomit-frame-pointer -DPURIFY
+CXXFLAGS="${CFLAGS}"
+endif
+
 export RPM_OPT_FLAGS = $(CFLAGS)
 
 CONFIGURE_OPTIONS = \
@@ -108,6 +117,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1m-weak-ciphers.patch
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch
 
+	# Enable Padlock in i586
+ifeq "$(MACHINE)" "i586"
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_auto_enable_padlock.patch
+endif
+
 	# Apply our CFLAGS
 	cd $(DIR_APP) && sed -i Configure \
 		-e "s/-O3 -fomit-frame-pointer/$(CFLAGS)/g"
diff --git a/src/patches/openssl-1.0.2a_auto_enable_padlock.patch b/src/patches/openssl-1.0.2a_auto_enable_padlock.patch
new file mode 100644
index 0000000000..b5c0e95a2e
--- /dev/null
+++ b/src/patches/openssl-1.0.2a_auto_enable_padlock.patch
@@ -0,0 +1,34 @@
+diff -Naur openssl-1.0.2a.org/crypto/engine/eng_all.c openssl-1.0.2a/crypto/engine/eng_all.c
+--- openssl-1.0.2a.org/crypto/engine/eng_all.c	2015-03-19 14:30:36.000000000 +0100
++++ openssl-1.0.2a/crypto/engine/eng_all.c	2015-04-27 12:27:05.063569969 +0200
+@@ -120,6 +120,14 @@
+     ENGINE_load_capi();
+ # endif
+ #endif
++#ifdef OPENSSL_NO_STATIC_ENGINE
++	ENGINE *e;
++	e = ENGINE_by_id("padlock");
++	if (e != NULL) {
++		ENGINE_add(e);
++		ENGINE_free(e);
++	}
++#endif
+     ENGINE_register_all_complete();
+ }
+ 
+diff -Naur openssl-1.0.2a.org/ssl/ssl_algs.c openssl-1.0.2a/ssl/ssl_algs.c
+--- openssl-1.0.2a.org/ssl/ssl_algs.c	2015-03-19 14:30:36.000000000 +0100
++++ openssl-1.0.2a/ssl/ssl_algs.c	2015-04-27 11:04:27.893399695 +0200
+@@ -151,5 +151,12 @@
+ #endif
+     /* initialize cipher/digest methods table */
+     ssl_load_ciphers();
++
++    /* Init available hardware crypto engines */
++    ENGINE_load_builtin_engines();
++    ENGINE_register_all_complete();
++    ENGINE * padlock = ENGINE_by_id("padlock");
++    if (padlock) ENGINE_set_default_ciphers(padlock);
++
+     return (1);
+ }