7156086 OpenSSL for wanboot should not be build in a separate directory
authorTomas Kuthan <tomas.kuthan@oracle.com>
Sun, 08 Apr 2012 02:30:08 -0700
changeset 763 45da4d38492e
parent 762 d87f60e41094
child 764 1927dad105b7
7156086 OpenSSL for wanboot should not be build in a separate directory 7153178 Problem with crypto/openssl
components/openssl/README
components/openssl/openssl-1.0.0-wanboot/Makefile
components/openssl/openssl-1.0.0-wanboot/README
components/openssl/openssl-1.0.0-wanboot/files/stubs.c
components/openssl/openssl-1.0.0-wanboot/mapfile
components/openssl/openssl-1.0.0-wanboot/patches/18-compiler_opts.patch
components/openssl/openssl-1.0.0-wanboot/patches/30_wanboot.patch
components/openssl/openssl-1.0.0/Makefile
components/openssl/openssl-1.0.0/Makefile.version
components/openssl/openssl-1.0.0/mapfile.wanboot
components/openssl/openssl-1.0.0/patches/18-compiler_opts.patch
components/openssl/openssl-1.0.0/patches/30_wanboot.patch
components/openssl/openssl-1.0.0/patches/openssl-1.0.0d-t4-engine.sparc-patch
components/openssl/openssl-1.0.0/wanboot-openssl/wanboot-stubs.c
--- a/components/openssl/README	Fri Apr 06 11:00:02 2012 -0700
+++ b/components/openssl/README	Sun Apr 08 02:30:08 2012 -0700
@@ -29,10 +29,9 @@
 fips-140, and once for 0.9.8 FIPS-140 canister (in the openssl-fips component)
 needed to build 0.9.8 FIPS-140 certified libraries. All builds apart from 
 static libraries for wanboot are done for 32 and 64 bits. So, in total, OpenSSL
-is built seven times.
+is built seven times. OpenSSL for wanboot is only build on sparc.
 
-For more details on OpenSSL for wanboot see openssl-1.0.0-wanboot/README.
-See also comments in all three Makefiles for more information.
+See also comments in all the Makefiles for more information.
 
 The non-fips Build.
 ---
@@ -58,8 +57,11 @@
 sub-directory. 
 
 18-compiler_opts.patch
-Adds four Solaris specific configurations (both 32bit and 64bit for both sparc
-and x86) to Configure which are then explicitly used by the Makefiles.
+Adds five Solaris specific configurations (both 32bit and 64bit for both sparc
+and x86, plus 64bit sparc for wanboot) to Configure which are then explicitly
+used by the Makefiles. Wanboot configuration is special in that it doesn't link
+with libc and uses -xF=%all to put functions in separate sections, so that
+unused code can be discarded.
 
 Care should be taken if modifying this patch as changes to compile-time options
 can change the ABI. One example of this is the use of RC4_INT vs RC4_CHAR.
@@ -81,6 +83,22 @@
 Modifies engines/Makefile so that the devcrypto engine will be built in the
 "engines" directory. 
 
+30_wanboot.patch:
+Wanboot specific patches.
+- modified Makefiles not to build in engines apps test tools
+- not using vfprintf for error print in crypto/cryptlib.c
+- not using ERR_load_DSO_strings() in crypto/err/err_all.c
+- not using EVP_read_pw_string() in crypto/evp/evp_key.c
+    - reading password is implemented in disabled DES library
+- avoid select() in crypto/rand/rand_unix.c
+- direct reading of IP to avoid sscanf() in crypto/x509v3/v3_utl.c
+- using functions from libsock in e_os.h
+- by-passing version of sparc detection in crypto/sparcv9cap.c
+    - results in not using FPU for big numbers multiplication
+    - should be ok - original detection seems broken, FPU gets never used
+- implementation of atoi()
+
+
 openssl-1.0.0d-aesni-v4.i386-patch
 X86-only patch.
 Add a built-in engine, aesni, to support X86 AES-NI instructions, along with
@@ -118,3 +136,166 @@
 sparc-01-ccwrap.patch
 Workaround so that fingerprinting the canister during runtime and comparing it
 with the saved fingerprint works correctly.
+
+The wanboot Build
+----
+
+There are some significant differences when building OpenSSL for wanboot.
+
+Some additional Configuration options are needed:
+-DNO_CHMOD		chmod not available in stand-alone environment
+-DBOOT			guard for wanboot specific patches
+-DOPENSSL_NO_DTLS1	to avoid dtls1_min_mtu() - DTLS not used anyway
+
+List of object files for wanboot-openssl.o
+----
+
+At this moment, object files for wanboot-openssl.o need to be listed explicitly.
+This is cumbersome and relatively tedious with respect to upgrading to higher
+version of openssl. 
+
+In future, it would be nice, if this could be performed automatically by the
+linker. The required interface for wanboot is already defined in a mapfile and
+linker option '-zdiscard-unused=sections,files' is already used to discard
+unused code. 
+But sadly, at this moment when the linker is given all the object files, it
+correctly discards some unused files, but references to undefined symbols from
+the discarded files don't get discarded along. Later, these undefined references
+cause wanboot linking failure. 
+
+In order to determine which openssl object files are required for wanboot,
+first build static standalone openssl bits in Userland. As a site effect,
+static libraries libssl.a and libcrypto.a are created in build/sparcv9-wanboot.
+
+    $ cd $USERLAND/components/openssl/openssl-1.0.0 ; gmake build
+
+Next, collect some information from linking wanboot static libraries in ON.
+This can be done by the following hack.
+
+    $ cd $ON/usr/src/psm/stand/boot/sparcv9/sun4
+    $ touch wanboot.o
+    $ LD_OPTIONS="-Dfiles,symbols,output=ld.dbg \
+        -L$USERLAND/components/openssl/openssl-1.0.0/build/sparcv9-wanboot " \
+        WAN_OPENSSL=" -lwanboot -lssl -lcrypto" dmake all
+
+The following sort of information ends up in ld.dbg (note that the debugging
+output from the link-editor is not considered a 'stable interface' and may
+change in the future):
+
+    debug: file=/builds/tkuthan/ul-wanboot-rebuilt/components/openssl/openssl-1.0.0/build/sparcv9-wanboot/libcrypto.a(sparcv9cap.o)  [ ET_REL ]
+    debug:
+    debug: symbol table processing; file=/builds/tkuthan/ul-wanboot-rebuilt/components/openssl/openssl-1.0.0/build/sparcv9-wanboot/libcrypto.a(sparcv9cap.o)  [ ET_REL ]
+    debug: symbol[1]=sparcv9cap.c
+    ....
+
+Now run the following script in Userland:
+
+    #!/bin/bash
+ 
+    # set to workspace paths:
+    USERLAND=/builds/tkuthan/ul-wanboot-rebuilt
+    ON=/builds/tkuthan/on11u1-wanboot-rti
+ 
+    BUILD=$USERLAND/components/openssl/openssl-1.0.0/build/sparcv9-wanboot
+    LD_DBG=$ON/usr/src/psm/stand/boot/sparcv9/sun4/ld.dbg
+ 
+    for i in `find $BUILD/crypto $BUILD/ssl -name '*.o'`
+    do
+            f=`basename $i`
+            if grep -q "^debug: file.*\<$f\>" $LD_DBG
+            then
+                    echo $i | sed "s#$BUILD/##"
+            fi
+    done
+
+to get the list of required object files.
+
+Additionally, you can format the list for including to Makefile by:
+    sort | tr '\n' ' ' | fold -s -w74 | sed -e 's/^/    /' -e 's/$/\\/'
+
+Linking with wanboot
+----
+
+When linking with wanboot please pay attention to following pitfalls.
+
+Correct openssl header files need to be included. This is done in
+$ON/usr/src/stand/lib/wanboot/Makefile
+Make sure CPPFLAGS point to the right directories.
+
+EXTREME CAUTION needs to be employed, if WANBOOT GREW IN SIZE because of the
+changes!
+Wanboot is a statically linked standalone binary and it is loaded on a fixed
+address before execution. This address is defined in 
+$ON/usr/src/psm/stand/boot/sparc/common/mapfile:
+
+     27 LOAD_SEGMENT text {
+     28 	FLAGS = READ EXECUTE;
+     29 	VADDR = 0x130000;
+     30 	ASSIGN_SECTION {
+     31 		TYPE = PROGBITS;
+     32 		FLAGS = ALLOC !WRITE;
+     33 	};
+     34 };
+
+This address (VADDR) NEEDS TO BE GREATER THEN 
+    size of wanboot binary + 0x4000
+
+The reason for this is in how wanboot is loaded by OpenBoot Prom:
+1) user initiates boot from network - "boot net"
+2) obp loads wanboot binary at address 0x4000
+3) obp parses ELF header, reads virtual address where to load wanboot to
+4) obp mem-copies .text section to this address
+5) obp copies .data section behind .text
+6) obp starts executing wanboot at entry address
+
+If the given address is too small, obp overwrites part of .data with
+instructions from .text in step 4. resulting in .data being corrupted.
+Initialized variables get bogus values and failure is inevitable.
+This is very hard to troubleshoot.
+
+
+Testing wanboot with new openssl
+----
+
+With every upgrade of OpenSSL, it is necessary to make sure wanboot builds and
+works well with the new bits.
+
+Provided you have a freshly built ON workspace, you can link wanboot with new
+OpenSSL bits by redefining WAN_OPENSSL macro:
+
+    # copy wanboot-openssl.o to ON build machine
+    cp wanboot-openssl.o /var/tmp/
+
+    # prepare to rebuild wanboot
+    cd $ON
+    bldenv developer.sh
+    cd usr/src/psm/stand/boot/sparcv9/sun4
+
+    # hack to force a rebuild
+    touch wanboot.o
+
+    # link new OpenSSL to wanboot
+    WAN_OPENSSL=/var/tmp/wanboot-openssl.o dmake all
+
+Wanboot should build without warning.
+
+If there is something like this in the output:
+
+    Undefined                       first referenced
+     symbol                             in file
+    CRYPTO_ccm128_setiv                 /var/tmp/wanboot-openssl.o
+    SSL_get_srtp_profiles               /var/tmp/wanboot-openssl.o
+    ssl_parse_clienthello_use_srtp_ext  /var/tmp/wanboot-openssl.o
+    CRYPTO_gcm128_setiv                 /var/tmp/wanboot-openssl.o
+    ...
+    cmac_pkey_meth                      /var/tmp/wanboot-openssl.o
+    ld: fatal: symbol referencing errors. No output written to wanboot
+    *** Error code 1
+    dmake: Fatal error: Command failed for target `wanboot'
+
+some additional work has to be done in OpenSSL to either satisfy the function 
+references listed in the linker error message, or to remove the calls to these
+functions.
+
+Finally, resulting wanboot binary shall be deployed on some install server and
+wanbooting from this server shall be tested.
--- a/components/openssl/openssl-1.0.0-wanboot/Makefile	Fri Apr 06 11:00:02 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,250 +0,0 @@
-#
-# CDDL HEADER START
-#
-# The contents of this file are subject to the terms of the
-# Common Development and Distribution License (the "License").
-# You may not use this file except in compliance with the License.
-#
-# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
-# or http://www.opensolaris.org/os/licensing.
-# See the License for the specific language governing permissions
-# and limitations under the License.
-#
-# When distributing Covered Code, include this CDDL HEADER in each
-# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
-# If applicable, add the following below this CDDL HEADER, with the
-# fields enclosed by brackets "[]" replaced with your own identifying
-# information: Portions Copyright [yyyy] [name of copyright owner]
-#
-# CDDL HEADER END
-#
-# Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
-
-
-#
-# This component is not to be installed. It is used from openssl-1.0.0
-# to build static stand-alone OpenSSL binaries to link with wanboot.
-#
-
-include ../../../make-rules/shared-macros.mk
-
-# COMPONENT_NAME, COMPONENT_VERSION, IPS_COMPONENT_VERSION and some other
-# related macros definitions were moved to ../openssl-1.0.0/Makefile.version
-# in order to keep OpenSSL versions in ../openssl-1.0.0 and 
-# ../openssl-1.0.0-wanboot in sync
-include ../openssl-1.0.0/Makefile.version
-
-include $(WS_TOP)/make-rules/prep.mk
-include $(WS_TOP)/make-rules/configure.mk
-include $(WS_TOP)/make-rules/ips.mk
-include $(WS_TOP)/make-rules/lint-libraries.mk
-
-PATH=$(SPRO_VROOT)/bin:/usr/bin:/usr/gnu/bin:/usr/perl5/bin
-
-# OpenSSL does not use autoconf but its own configure system.
-CONFIGURE_SCRIPT = $(SOURCE_DIR)/Configure
-
-# This is to force OpenSSL's Configure script to use gmake for "make links". 
-# Otherwise it fails with:
-#     mksh: Fatal error in reader: Unmatched `(' on line
-CONFIGURE_ENV += MAKE="$(GMAKE)"
-
-CONFIGURE_OPTIONS =  -DNO_WINDOWS_BRAINDEATH
-CONFIGURE_OPTIONS += -DNO_CHMOD -D_BOOT -DOPENSSL_NO_DTLS1
-CONFIGURE_OPTIONS += no-cast
-CONFIGURE_OPTIONS += no-dso
-CONFIGURE_OPTIONS += no-ec
-CONFIGURE_OPTIONS += no-ecdh
-CONFIGURE_OPTIONS += no-ecdsa
-CONFIGURE_OPTIONS += no-mdc2
-CONFIGURE_OPTIONS += no-rc3
-CONFIGURE_OPTIONS += no-rc4
-CONFIGURE_OPTIONS += no-rc5
-CONFIGURE_OPTIONS += no-ripemd
-CONFIGURE_OPTIONS += no-idea
-CONFIGURE_OPTIONS += no-hw
-CONFIGURE_OPTIONS += no-threads
-CONFIGURE_OPTIONS += no-shared
-CONFIGURE_OPTIONS += no-seed
-# We use both no-whirlpool and no-whrlpool since there is an inconsistency in
-# the OpenSSL code and one needs both to build OpenSSL successfully with
-# Whirlpool implementation removed.
-CONFIGURE_OPTIONS += no-whirlpool
-CONFIGURE_OPTIONS += no-whrlpool
-
-# For wanboot, we only need 64-bit sparc binaries
-CONFIGURE_OPTIONS +=	solaris64-sparcv9-cc-sunw
-
-# OpenSSL has its own configure system which must be run from the fully
-# populated source code directory. However, the Userland configuration phase is
-# run from the build directory. So, we must get the full source code into the
-# build directory.
-COMPONENT_PRE_CONFIGURE_ACTION = \
-    ( $(CLONEY) $(SOURCE_DIR) $(BUILD_DIR)/$(MACH$(BITS)); )
-
-# File stubs.c stubs out several functions, that are not available for wanboot.
-# We do not provide it in a form of a patch to ease future maintenance.
-COMPONENT_PRE_BUILD_ACTION = \
-    ( $(CP) -fp files/stubs.c       $(@D)/crypto/; )
-
-# Object files for wanboot-openssl.o have to be listed explicitly.
-WANBOOT_OBJS =  \
-    crypto/aes/aes-sparcv9.o crypto/aes/aes_cbc.o crypto/aes/aes_cfb.o \
-    crypto/aes/aes_core.o crypto/aes/aes_ecb.o crypto/aes/aes_ofb.o \
-    crypto/aes/aes_wrap.o crypto/asn1/a_bitstr.o crypto/asn1/a_bool.o \
-    crypto/asn1/a_bytes.o crypto/asn1/a_d2i_fp.o crypto/asn1/a_digest.o \
-    crypto/asn1/a_dup.o crypto/asn1/a_enum.o crypto/asn1/a_gentm.o \
-    crypto/asn1/a_i2d_fp.o crypto/asn1/a_int.o crypto/asn1/a_mbstr.o \
-    crypto/asn1/a_object.o crypto/asn1/a_octet.o crypto/asn1/a_print.o \
-    crypto/asn1/a_set.o crypto/asn1/a_sign.o crypto/asn1/a_strex.o \
-    crypto/asn1/a_strnid.o crypto/asn1/a_time.o crypto/asn1/a_type.o \
-    crypto/asn1/a_utctm.o crypto/asn1/a_utf8.o crypto/asn1/a_verify.o \
-    crypto/asn1/ameth_lib.o crypto/asn1/asn1_err.o crypto/asn1/asn1_gen.o \
-    crypto/asn1/asn1_lib.o crypto/asn1/asn1_par.o crypto/asn1/asn_mime.o \
-    crypto/asn1/asn_pack.o crypto/asn1/bio_asn1.o crypto/asn1/bio_ndef.o \
-    crypto/asn1/d2i_pr.o crypto/asn1/evp_asn1.o crypto/asn1/f_int.o \
-    crypto/asn1/f_string.o crypto/asn1/i2d_pr.o crypto/asn1/nsseq.o \
-    crypto/asn1/p5_pbe.o crypto/asn1/p5_pbev2.o crypto/asn1/p8_pkey.o \
-    crypto/asn1/t_pkey.o crypto/asn1/t_x509.o crypto/asn1/t_x509a.o \
-    crypto/asn1/tasn_dec.o crypto/asn1/tasn_enc.o crypto/asn1/tasn_fre.o \
-    crypto/asn1/tasn_new.o crypto/asn1/tasn_prn.o crypto/asn1/tasn_typ.o \
-    crypto/asn1/tasn_utl.o crypto/asn1/x_algor.o crypto/asn1/x_attrib.o \
-    crypto/asn1/x_bignum.o crypto/asn1/x_crl.o crypto/asn1/x_exten.o \
-    crypto/asn1/x_info.o crypto/asn1/x_long.o crypto/asn1/x_name.o \
-    crypto/asn1/x_pkey.o crypto/asn1/x_pubkey.o crypto/asn1/x_req.o \
-    crypto/asn1/x_sig.o crypto/asn1/x_spki.o crypto/asn1/x_val.o \
-    crypto/asn1/x_x509.o crypto/asn1/x_x509a.o crypto/bf/bf_cfb64.o \
-    crypto/bf/bf_ecb.o crypto/bf/bf_enc.o crypto/bf/bf_ofb64.o \
-    crypto/bf/bf_skey.o crypto/bio/b_dump.o crypto/bio/b_print.o \
-    crypto/bio/bf_buff.o crypto/bio/bio_err.o crypto/bio/bio_lib.o \
-    crypto/bio/bss_file.o crypto/bio/bss_mem.o crypto/bio/bss_null.o \
-    crypto/bio/bss_sock.o crypto/bn/bn-sparcv9.o crypto/bn/bn_add.o \
-    crypto/bn/bn_blind.o crypto/bn/bn_ctx.o crypto/bn/bn_div.o \
-    crypto/bn/bn_err.o crypto/bn/bn_exp.o crypto/bn/bn_exp2.o \
-    crypto/bn/bn_gcd.o crypto/bn/bn_lib.o crypto/bn/bn_mod.o \
-    crypto/bn/bn_mont.o crypto/bn/bn_mul.o crypto/bn/bn_prime.o \
-    crypto/bn/bn_print.o crypto/bn/bn_rand.o crypto/bn/bn_recp.o \
-    crypto/bn/bn_shift.o crypto/bn/bn_sqr.o crypto/bn/bn_word.o \
-    crypto/bn/sparcv9-mont.o crypto/bn/sparcv9a-mont.o \
-    crypto/buffer/buf_err.o crypto/buffer/buffer.o crypto/camellia/camellia.o \
-    crypto/camellia/cmll_cbc.o crypto/camellia/cmll_cfb.o \
-    crypto/camellia/cmll_ecb.o crypto/camellia/cmll_misc.o \
-    crypto/camellia/cmll_ofb.o crypto/cms/cms_asn1.o crypto/cms/cms_att.o \
-    crypto/cms/cms_dd.o crypto/cms/cms_enc.o crypto/cms/cms_env.o \
-    crypto/cms/cms_err.o crypto/cms/cms_io.o crypto/cms/cms_lib.o \
-    crypto/cms/cms_sd.o crypto/comp/c_zlib.o crypto/comp/comp_err.o \
-    crypto/comp/comp_lib.o crypto/conf/conf_api.o crypto/conf/conf_def.o \
-    crypto/conf/conf_err.o crypto/conf/conf_lib.o crypto/conf/conf_mod.o \
-    crypto/cpt_err.o crypto/cryptlib.o crypto/des/cfb64ede.o \
-    crypto/des/cfb64enc.o crypto/des/cfb_enc.o crypto/des/des_enc-sparc.o \
-    crypto/des/ecb3_enc.o crypto/des/ecb_enc.o crypto/des/ofb64ede.o \
-    crypto/des/ofb64enc.o crypto/des/set_key.o crypto/des/xcbc_enc.o \
-    crypto/dh/dh_ameth.o crypto/dh/dh_asn1.o crypto/dh/dh_check.o \
-    crypto/dh/dh_err.o crypto/dh/dh_gen.o crypto/dh/dh_key.o \
-    crypto/dh/dh_lib.o crypto/dh/dh_pmeth.o crypto/dsa/dsa_ameth.o \
-    crypto/dsa/dsa_asn1.o crypto/dsa/dsa_err.o crypto/dsa/dsa_gen.o \
-    crypto/dsa/dsa_key.o crypto/dsa/dsa_lib.o crypto/dsa/dsa_ossl.o \
-    crypto/dsa/dsa_pmeth.o crypto/dsa/dsa_sign.o crypto/dsa/dsa_vrf.o \
-    crypto/dso/dso_lib.o crypto/dso/dso_null.o crypto/dso/dso_openssl.o \
-    crypto/engine/eng_ctrl.o crypto/engine/eng_err.o crypto/engine/eng_init.o \
-    crypto/engine/eng_lib.o crypto/engine/eng_list.o crypto/engine/eng_pkey.o \
-    crypto/engine/eng_table.o crypto/engine/tb_asnmth.o \
-    crypto/engine/tb_cipher.o crypto/engine/tb_dh.o crypto/engine/tb_digest.o \
-    crypto/engine/tb_dsa.o crypto/engine/tb_pkmeth.o crypto/engine/tb_rand.o \
-    crypto/engine/tb_rsa.o crypto/err/err.o crypto/err/err_all.o \
-    crypto/err/err_prn.o crypto/evp/bio_b64.o crypto/evp/bio_enc.o \
-    crypto/evp/bio_md.o crypto/evp/c_all.o crypto/evp/c_allc.o \
-    crypto/evp/c_alld.o crypto/evp/digest.o crypto/evp/e_aes.o \
-    crypto/evp/e_bf.o crypto/evp/e_camellia.o crypto/evp/e_des.o \
-    crypto/evp/e_des3.o crypto/evp/e_null.o crypto/evp/e_rc2.o \
-    crypto/evp/e_xcbc_d.o crypto/evp/encode.o crypto/evp/evp_enc.o \
-    crypto/evp/evp_err.o crypto/evp/evp_key.o crypto/evp/evp_lib.o \
-    crypto/evp/evp_pbe.o crypto/evp/evp_pkey.o crypto/evp/m_dss.o \
-    crypto/evp/m_dss1.o crypto/evp/m_md4.o crypto/evp/m_md5.o \
-    crypto/evp/m_sha.o crypto/evp/m_sha1.o crypto/evp/m_sigver.o \
-    crypto/evp/names.o crypto/evp/p5_crpt.o crypto/evp/p5_crpt2.o \
-    crypto/evp/p_lib.o crypto/evp/p_sign.o crypto/evp/p_verify.o \
-    crypto/evp/pmeth_fn.o crypto/evp/pmeth_gn.o crypto/evp/pmeth_lib.o \
-    crypto/ex_data.o crypto/hmac/hm_ameth.o crypto/hmac/hm_pmeth.o \
-    crypto/hmac/hmac.o crypto/lhash/lhash.o crypto/md4/md4_dgst.o \
-    crypto/md5/md5_dgst.o crypto/mem.o crypto/mem_dbg.o crypto/modes/cbc128.o \
-    crypto/modes/cfb128.o crypto/modes/ofb128.o crypto/o_dir.o \
-    crypto/o_time.o crypto/objects/o_names.o crypto/objects/obj_dat.o \
-    crypto/objects/obj_err.o crypto/objects/obj_lib.o \
-    crypto/objects/obj_xref.o crypto/ocsp/ocsp_asn.o crypto/ocsp/ocsp_err.o \
-    crypto/pem/pem_all.o crypto/pem/pem_err.o crypto/pem/pem_info.o \
-    crypto/pem/pem_lib.o crypto/pem/pem_oth.o crypto/pem/pem_pk8.o \
-    crypto/pem/pem_pkey.o crypto/pem/pem_x509.o crypto/pem/pem_xaux.o \
-    crypto/pkcs12/p12_add.o crypto/pkcs12/p12_asn.o crypto/pkcs12/p12_attr.o \
-    crypto/pkcs12/p12_crpt.o crypto/pkcs12/p12_decr.o crypto/pkcs12/p12_key.o \
-    crypto/pkcs12/p12_mutl.o crypto/pkcs12/p12_p8d.o crypto/pkcs12/p12_p8e.o \
-    crypto/pkcs12/p12_utl.o crypto/pkcs12/pk12err.o crypto/pkcs7/pk7_asn1.o \
-    crypto/pkcs7/pk7_attr.o crypto/pkcs7/pk7_doit.o crypto/pkcs7/pk7_lib.o \
-    crypto/pkcs7/pkcs7err.o crypto/rand/md_rand.o crypto/rand/rand_err.o \
-    crypto/rand/rand_lib.o crypto/rand/rand_unix.o crypto/rand/randfile.o \
-    crypto/rc2/rc2_cbc.o crypto/rc2/rc2_ecb.o crypto/rc2/rc2_skey.o \
-    crypto/rc2/rc2cfb64.o crypto/rc2/rc2ofb64.o crypto/rsa/rsa_ameth.o \
-    crypto/rsa/rsa_asn1.o crypto/rsa/rsa_eay.o crypto/rsa/rsa_err.o \
-    crypto/rsa/rsa_gen.o crypto/rsa/rsa_lib.o crypto/rsa/rsa_none.o \
-    crypto/rsa/rsa_oaep.o crypto/rsa/rsa_pk1.o crypto/rsa/rsa_pmeth.o \
-    crypto/rsa/rsa_pss.o crypto/rsa/rsa_sign.o crypto/rsa/rsa_ssl.o \
-    crypto/rsa/rsa_x931.o crypto/sha/sha1-sparcv9.o crypto/sha/sha1dgst.o \
-    crypto/sha/sha256-sparcv9.o crypto/sha/sha256.o \
-    crypto/sha/sha512-sparcv9.o crypto/sha/sha512.o crypto/sha/sha_dgst.o \
-    crypto/sparccpuid.o crypto/sparcv9cap.o crypto/stack/stack.o \
-    crypto/stubs.o crypto/ts/ts_err.o crypto/ui/ui_err.o crypto/x509/by_dir.o \
-    crypto/x509/by_file.o crypto/x509/x509_att.o crypto/x509/x509_cmp.o \
-    crypto/x509/x509_d2.o crypto/x509/x509_def.o crypto/x509/x509_err.o \
-    crypto/x509/x509_ext.o crypto/x509/x509_lu.o crypto/x509/x509_obj.o \
-    crypto/x509/x509_req.o crypto/x509/x509_trs.o crypto/x509/x509_txt.o \
-    crypto/x509/x509_v3.o crypto/x509/x509_vfy.o crypto/x509/x509_vpm.o \
-    crypto/x509/x509name.o crypto/x509/x509rset.o crypto/x509/x509type.o \
-    crypto/x509/x_all.o crypto/x509v3/pcy_cache.o crypto/x509v3/pcy_data.o \
-    crypto/x509v3/pcy_lib.o crypto/x509v3/pcy_map.o crypto/x509v3/pcy_node.o \
-    crypto/x509v3/pcy_tree.o crypto/x509v3/v3_akey.o crypto/x509v3/v3_akeya.o \
-    crypto/x509v3/v3_alt.o crypto/x509v3/v3_bcons.o crypto/x509v3/v3_bitst.o \
-    crypto/x509v3/v3_conf.o crypto/x509v3/v3_cpols.o crypto/x509v3/v3_crld.o \
-    crypto/x509v3/v3_enum.o crypto/x509v3/v3_extku.o crypto/x509v3/v3_genn.o \
-    crypto/x509v3/v3_ia5.o crypto/x509v3/v3_info.o crypto/x509v3/v3_int.o \
-    crypto/x509v3/v3_lib.o crypto/x509v3/v3_ncons.o crypto/x509v3/v3_ocsp.o \
-    crypto/x509v3/v3_pci.o crypto/x509v3/v3_pcia.o crypto/x509v3/v3_pcons.o \
-    crypto/x509v3/v3_pku.o crypto/x509v3/v3_pmaps.o crypto/x509v3/v3_prn.o \
-    crypto/x509v3/v3_purp.o crypto/x509v3/v3_skey.o crypto/x509v3/v3_sxnet.o \
-    crypto/x509v3/v3_utl.o crypto/x509v3/v3err.o ssl/s3_both.o ssl/s3_clnt.o \
-    ssl/s3_enc.o ssl/s3_lib.o ssl/s3_pkt.o ssl/ssl_algs.o ssl/ssl_asn1.o \
-    ssl/ssl_cert.o ssl/ssl_ciph.o ssl/ssl_err.o ssl/ssl_err2.o ssl/ssl_lib.o \
-    ssl/ssl_rsa.o ssl/ssl_sess.o ssl/t1_enc.o ssl/t1_lib.o ssl/t1_reneg.o
-
-# Linking of openssl bits for wanboot.
-# Interface for wanboot is specified in mapfile. Object files are compiled 
-# to have functions in separate sections, unused sections get discarded.
-CREATE_BIG_OBJECT_FILE = ( \
-    cd $(BUILD_DIR)/$(MACH64); \
-    $(LD) -o wanboot-openssl.o -r -M../../mapfile -Breduce \
-        -zdiscard-unused=sections,files -zguidance \
-        $(WANBOOT_OBJS); \
-    )
-
-COMPONENT_POST_BUILD_ACTION = \
-    ($(CREATE_BIG_OBJECT_FILE); )
-
-
-# For wanboot, we only need 64-bit sparc binaries
-build_sparc:		$(BUILD_64)
-
-build_i386:
-	@echo "Not available"
-
-build:			build_$(MACH)
-
-install:
-	@echo "This component is not to be installed individually."
-
-publish:
-	@echo "This component is not to be published individually."
-
-test:		$(NO_TESTS)
-
-BUILD_PKG_DEPENDENCIES =	$(BUILD_TOOLS)
-
-include $(WS_TOP)/make-rules/depend.mk
--- a/components/openssl/openssl-1.0.0-wanboot/README	Fri Apr 06 11:00:02 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,241 +0,0 @@
-#
-# CDDL HEADER START
-#
-# The contents of this file are subject to the terms of the
-# Common Development and Distribution License (the "License").
-# You may not use this file except in compliance with the License.
-#
-# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
-# or http://www.opensolaris.org/os/licensing.
-# See the License for the specific language governing permissions
-# and limitations under the License.
-#
-# When distributing Covered Code, include this CDDL HEADER in each
-# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
-# If applicable, add the following below this CDDL HEADER, with the
-# fields enclosed by brackets "[]" replaced with your own identifying
-# information: Portions Copyright [yyyy] [name of copyright owner]
-#
-# CDDL HEADER END
-#
-# Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
-#
-
-
-Disclaimer
-----
-
-The purpose of this directory is solely to build and deliver static OpenSSL
-binaries for wanboot. These binaries have some highly specific patches applied.
-Do not attempt to use these for any other purpose.
-
-
-Building
-----
-
-Building in this directory is triggered by running 'gmake build' in
-../openssl-1.0.0. Calling 'gmake build' locally is possible for debugging
-purposes.  There are no 'install' and 'publish' targets.  Only 64-bit sparc
-version is built, nothing is done for x86.
-
-The outcome of build is file wanboot-openssl.o containing all the openssl bits
-required for wanboot. As part of 'make install' in ../openssl-1.0.0 this file 
-is copied in to its proto area. From there, wanboot-openssl.o is published and
-delivered as a part of pkg:/library/security/openssl package.
-
-
-Patches
-----
-
-18-compiler_opts.patch:
-Taken from $USERLAND/components/openssl/openssl-1.0.0/patches/
-- modified not to link with libc (-lc);
-- '-xF=%all' added to comp. flags to create separate section for each function
-
-30_wanboot.patch:
-Wanboot specific patches.
-- modified Makefiles not to build in engines apps test tools
-- not using vfprintf for error print in crypto/cryptlib.c
-- not using ERR_load_DSO_strings() in crypto/err/err_all.c
-- not using EVP_read_pw_string() in crypto/evp/evp_key.c
-    - reading password is implemented in disabled DES library
-- avoid select() in crypto/rand/rand_unix.c
-- not defining _XOPEN_SOURCE in crypto/rand/randfile.c
-- direct reading of IP to avoid sscanf() in crypto/x509v3/v3_utl.c
-- using functions from libsock in e_os.h
-- by-passing version of sparc detection in crypto/sparcv9cap.c
-    - results in not using FPU for big numbers multiplication
-    - should be ok - original detection seems broken, FPU gets never used
-- stubs for EVP_read_pw_string_min(), OPENSSL_issetugid(), 
-    opendir(), readdir(), closedir() 
-- implementation of atoi()
-
-
-Configure options
-----
-
-Most of the Configure options where carried over from the original code when
-migrating openssl for wanboot from ON to Userland. For the most part, these
-options exclude unused ciphers.
-
-New options added:
--DNO_CHMOD		chmod not available in stand-alone environment
--DBOOT			guard for wanboot specific patches
--DOPENSSL_NO_DTLS1	to avoid dtls1_min_mtu() - DTLS not used anyway
-
-
-List of object files for wanboot-openssl.o
-----
-
-At this moment, object files for wanboot-openssl.o need to be listed explicitly.
-This is cumbersome and relatively tedious with respect to upgrading to higher
-version of openssl.
-
-In future, it would be nice, if this could be performed automatically by the
-linker. The required interface for wanboot is already defined in a mapfile and
-linker option '-zdiscard-unused=sections,files' is already used to discard
-unused code. 
-But sadly, at this moment when the linker is given all the object files, it
-fails to recognize some unreferenced sections as unused. As a result, numerous
-object files are not discarded, although they should be. These files are not
-patched to work in standalone environment, which causes wanboot linking failure
-due to undefined references.
-
-In order to determine which openssl object files are required for wanboot,
-first build static standalone openssl bits in Userland. As a site effect,
-static libraries libssl.a and libcrypto.a are created.
-
-    $ cd $USERLAND/components/openssl/openssl-1.0.0-wanboot ; gmake build
-
-Next, collect some information from linking wanboot static libraries in ON.
-This can be done by the following hack.
-
-    $ cd $ON/usr/src/psm/stand/boot/sparcv9/sun4
-    $ touch wanboot.o
-    $ LD_OPTIONS="-Dfiles,symbols,output=ld.dbg \
-        -L$USERLAND/components/openssl/openssl-1.0.0-wanboot/build/sparcv9 " \
-        WAN_OPENSSL=" -lwanboot -lssl -lcrypto" dmake all
-
-The following sort of information ends up in ld.dbg (note that the debugging
-output from the link-editor is not considered a 'stable interface' and may
-change in the future):
-
-    debug:
-    debug: file=/builds/tkuthan/ul-s11u1/components/openssl/openssl-1.0.0-wanboot/build/sparcv9/libcrypto.a(sparcv9cap.o)  [ ET_REL ]
-    debug:
-    debug: symbol table processing; file=/builds/tkuthan/ul-s11u1/components/openssl/openssl-1.0.0-wanboot/build/sparcv9/libcrypto.a(sparcv9cap.o)  [ ET_REL ]
-    debug: symbol[1]=sparcv9cap.c
-    ...
-
-Now run the following script in Userland:
-
-    #!/bin/bash
- 
-    # set to workspace paths:
-    USERLAND=/builds/tkuthan/ul-s11u1
-    ON=/builds/tkuthan/on11u1-wanboot-rti
- 
-    BUILD=$USERLAND/components/openssl/openssl-1.0.0-wanboot/build/sparcv9
-    LD_DBG=$ON/usr/src/psm/stand/boot/sparcv9/sun4/ld.dbg
- 
-    for i in `find $BUILD/crypto $BUILD/ssl -name '*.o'`
-    do
-            f=`basename $i`
-            if grep -q "^debug: file.*\<$f\>" $LD_DBG
-            then
-                    echo $i | sed "s#$BUILD/##"
-            fi
-    done
-
-to get the list of required object files.
-
-Additionally, you can format the list for including to Makefile by:
-    $ sort | tr '\n' ' ' | fold -s -w74 | sed -e 's/^/    /' -e 's/$/\\/'
-
-
-Linking with wanboot
-----
-
-When linking with wanboot please pay attention to following pitfalls.
-
-Correct openssl header files need to be included. This is done in
-$ON/usr/src/stand/lib/wanboot/Makefile
-Make sure CPPFLAGS point to the right directories.
-
-EXTREME CAUTION needs to be employed, if WANBOOT GREW IN SIZE because of the
-changes!
-Wanboot is a statically linked standalone binary and it is loaded on a fixed
-address before execution. This address is defined in 
-$ON/usr/src/psm/stand/boot/sparc/common/mapfile:
-
-     27 LOAD_SEGMENT text {
-     28 	FLAGS = READ EXECUTE;
-     29 	VADDR = 0x130000;
-     30 	ASSIGN_SECTION {
-     31 		TYPE = PROGBITS;
-     32 		FLAGS = ALLOC !WRITE;
-     33 	};
-     34 };
-
-This address (VADDR) NEEDS TO BE GREATER THEN 
-    size of .text section + size of .data section + 0x4000
-
-The reason for this is in how wanboot is loaded by OpenBoot Prom:
-1) user initiates boot from network - "boot net"
-2) obp loads wanboot binary at address 0x4000
-3) obp parses ELF header, reads virtual address where to load wanboot to
-4) obp mem-copies .text section to this address
-5) obp copies .data section behind .text
-6) obp starts executing wanboot at entry address
-
-If the given address is too small, obp overwrites part of .data with
-instructions from .text in step 4. resulting in .data being corrupted.
-Initialized variables get bogus values and failure is inevitable.
-This is very hard to troubleshoot.
-
-
-Testing wanboot with new openssl
-----
-
-With every upgrade of OpenSSL, it is necessary to make sure wanboot builds and
-works well with the new bits.
-
-Provided you have a freshly built ON workspace, you can link wanboot with new
-OpenSSL bits by redefining WAN_OPENSSL macro:
-
-    # copy wanboot-openssl.o to ON build machine
-    cp wanboot-openssl.o /var/tmp/
-
-    # prepare to rebuild wanboot
-    cd $ON
-    bldenv developer.sh
-    cd usr/src/psm/stand/boot/sparcv9/sun4
-
-    # hack to force a rebuild
-    touch wanboot.o
-
-    # link new OpenSSL to wanboot
-    WAN_OPENSSL=/var/tmp/wanboot-openssl.o dmake all
-
-Wanboot should build without warning.
-
-If there is something like this in the output:
-
-    Undefined                       first referenced
-     symbol                             in file
-    CRYPTO_ccm128_setiv                 /var/tmp/wanboot-openssl.o
-    SSL_get_srtp_profiles               /var/tmp/wanboot-openssl.o
-    ssl_parse_clienthello_use_srtp_ext  /var/tmp/wanboot-openssl.o
-    CRYPTO_gcm128_setiv                 /var/tmp/wanboot-openssl.o
-    ...
-    cmac_pkey_meth                      /var/tmp/wanboot-openssl.o
-    ld: fatal: symbol referencing errors. No output written to wanboot
-    *** Error code 1
-    dmake: Fatal error: Command failed for target `wanboot'
-
-some additional work has to be done in OpenSSL to either satisfy the function 
-references listed in the linker error message, or to remove the calls to these
-functions.
-
-Finally, resulting wanboot binary shall be deployed on some install server and
-wanbooting from this server shall be tested.
--- a/components/openssl/openssl-1.0.0-wanboot/files/stubs.c	Fri Apr 06 11:00:02 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,118 +0,0 @@
-/*
- * CDDL HEADER START
- *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License (the "License").
- * You may not use this file except in compliance with the License.
- *
- * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
- * or http://www.opensolaris.org/os/licensing.
- * See the License for the specific language governing permissions
- * and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information: Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- */
-/*
- * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
- */
-
-
-#include <sys/types.h>
-#include <dirent.h>
-#include <errno.h>
-#include <stddef.h>
-
-/*
- * In OpenSSL 0.9.7 the EVP_read_pw_string now calls into the new "ui"
- * routines of 0.9.7, which is not compiled in the standalone, so it is
- * stubbed out here to avoid having to add a bunch of #ifndef's elsewhere.
- */
-/* ARGSUSED */
-int
-EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, int
-    verify)
-{
-	return (-1); /* failure */
-}
-
-/*
- * In standalone issetugid() is always false.
- */
-int
-OPENSSL_issetugid(void)
-{
-	return (1);
-}
-
-/*
- * Directory routines -- currently, the only consumer of these interfaces
- * is $SRC/common/openssl/ssl/ssl_cert.c, and it has fallback code in the
- * case of failure, so we just fail opendir() and stub out the rest.  At
- * some point, we may need to provide a real implementation.
- */
-/* ARGSUSED */
-DIR *
-opendir(const char *dirname)
-{
-	errno = EACCES;
-	return (NULL);
-}
-
-/* ARGSUSED */
-struct dirent *
-readdir(DIR *dirp)
-{
-	return (NULL);
-}
-
-/* ARGSUSED */
-int
-closedir(DIR *dirp)
-{
-	return (0);
-}
-
-/*
- * Atoi is used on multiple places in libcrypto.
- * This implementation is taken from stand-alone libsock library:
- * usr/src/stand/lib/sock/sock_test.c
- * Alternative solution: just extern it here, wanboot has -lsock anyway.
- */
-#ifndef	isdigit
-#define	isdigit(c) ((c) >= '0' && (c) <= '9')
-#endif
-
-#ifndef	isspace
-#define	isspace(c) ((c) == ' ' || (c) == '\t' || (c) == '\n' || \
-		    (c) == '\r' || (c) == '\f' || (c) == '\013')
-#endif
-int
-atoi(const char *p)
-{
-	int n;
-	int c = *p++, neg = 0;
-
-	while (isspace(c)) {
-		c = *p++;
-	}
-	if (!isdigit(c)) {
-		switch (c) {
-		case '-':
-			neg++;
-			/* FALLTHROUGH */
-		case '+':
-			c = *p++;
-		}
-	}
-	for (n = 0; isdigit(c); c = *p++) {
-		n *= 10; /* two steps to avoid unnecessary overflow */
-		n += '0' - c; /* accum neg to avoid surprises at MAX */
-	}
-	return (neg ? n : -n);
-}
--- a/components/openssl/openssl-1.0.0-wanboot/mapfile	Fri Apr 06 11:00:02 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,126 +0,0 @@
-#
-# CDDL HEADER START
-#
-# The contents of this file are subject to the terms of the
-# Common Development and Distribution License (the "License").
-# You may not use this file except in compliance with the License.
-#
-# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
-# or http://www.opensolaris.org/os/licensing.
-# See the License for the specific language governing permissions
-# and limitations under the License.
-#
-# When distributing Covered Code, include this CDDL HEADER in each
-# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
-# If applicable, add the following below this CDDL HEADER, with the
-# fields enclosed by brackets "[]" replaced with your own identifying
-# information: Portions Copyright [yyyy] [name of copyright owner]
-#
-# CDDL HEADER END
-#
-# Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
-#
-
-#
-# This file defines interface requirements of wanboot on OpenSSL.
-#
-
-$mapfile_version 2
-SYMBOL_SCOPE {
-		ERR_clear_error;
-		SSL_CTX_set_default_passwd_cb;
-		SSL_load_error_strings;
-		EVP_PKEY_free;
-		SSL_get_peer_certificate;
-		SSL_CIPHER_get_name;
-		sk_value;
-		RAND_load_file;
-		X509_NAME_oneline;
-		SSL_write;
-		X509_NAME_get_text_by_NID;
-		OPENSSL_uni2asc;
-		SSL_CTX_set_default_passwd_cb_userdata;
-		SSL_CTX_use_PrivateKey_file;
-		OPENSSL_asc2uni;
-		SSL_get_error;
-		ASN1_UTF8STRING_free;
-		ASN1_mbstring_copy;
-		ERR_error_string;
-		PKCS12_unpack_p7data;
-		X509_free;
-		ERR_get_error;
-		ERR_put_error;
-		PKCS12_free;
-		ASN1_UTF8STRING_new;
-		OPENSSL_add_all_algorithms_noconf;
-		OBJ_nid2obj;
-		PKCS12_SAFEBAG_free;
-		ASN1_STRING_free;
-		sk_delete;
-		OBJ_obj2nid;
-		SSL_CTX_set_verify_depth;
-		PKCS8_PRIV_KEY_INFO_free;
-		SSL_set_connect_state;
-		sk_pop_free;
-		BIO_s_file;
-		SSL_set_fd;
-		SSL_CTX_use_PrivateKey;
-		ASN1_STRING_to_UTF8;
-		PKCS12_certbag2x509;
-		PKCS7_free;
-		PKCS12_decrypt_skey;
-		BIO_new;
-		RAND_status;
-		sk_num;
-		SSL_get_verify_result;
-		SSL_free;
-		SSL_read;
-		SSL_new;
-		SSLv3_client_method;
-		X509_check_private_key;
-		SSL_CTX_new;
-		ASN1_TYPE_set;
-		ASN1_TYPE_new;
-		ERR_peek_error;
-		CRYPTO_free;
-		SSL_CTX_load_verify_locations;
-		PKCS12_unpack_authsafes;
-		X509_ATTRIBUTE_new;
-		PKCS12_unpack_p7encdata;
-		sk_push;
-		SSL_connect;
-		SSL_shutdown;
-		SSL_CTX_use_certificate_file;
-		PKCS12_get_attr_gen;
-		X509_verify_cert_error_string;
-		X509_ATTRIBUTE_free;
-		X509_alias_set1;
-		PKCS12_verify_mac;
-		ASN1_TIME_print;
-		SSL_CTX_use_certificate;
-		SSL_get_ciphers;
-		SSL_CTX_ctrl;
-		SSL_CTX_free;
-		X509_keyid_set1;
-		ERR_load_strings;
-		EVP_EncodeBlock;
-		ASN1_TYPE_free;
-		sk_new_null;
-		SSL_get_current_cipher;
-		ASN1_STRING_cmp;
-		ASN1_STRING_set;
-		ERR_get_next_error_library;
-		EVP_PKCS82PKEY;
-		X509_get_issuer_name;
-		CRYPTO_malloc;
-		BIO_ctrl;
-		BIO_free;
-		X509_STORE_add_cert;
-		ASN1_STRING_type_new;
-		SSL_CTX_set_cipher_list;
-		X509_get_subject_name;
-		SSL_library_init;
-		d2i_PKCS12_fp;
-	local:
-		*;
-};
--- a/components/openssl/openssl-1.0.0-wanboot/patches/18-compiler_opts.patch	Fri Apr 06 11:00:02 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,15 +0,0 @@
---- openssl-1.0.0f/Configure	Thu Feb 10 20:02:41 2011
-+++ /tmp/Configure	Thu Feb 10 20:01:51 2011
[email protected]@ -246,6 +246,12 @@
- #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
- "sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
- 
-+#### Solaris configs, used for OpenSSL as delivered by S11.
-+# Option -xF=%all instructs the compiler to place functions and data
-+# variables into separate section fragments. This enables the link editor
-+# to discard unused sections and files when linking wanboot-openssl.o
-+"solaris64-sparcv9-cc-sunw","cc:-xtarget=ultra -m64 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -xspace -xF=%all -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl:BN_LLONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/bin/ar rs::/64",
-+
- #### IRIX 5.x configs
- # -mips2 flag is added by ./config when appropriate.
- "irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--- a/components/openssl/openssl-1.0.0-wanboot/patches/30_wanboot.patch	Fri Apr 06 11:00:02 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,348 +0,0 @@
---- openssl-1.0.0e/Makefile	2011-09-06 06:18:01.000000000 -0700
-+++ openssl-1.0.0e_patched/Makefile	2011-12-19 08:29:38.100618700 -0800
[email protected]@ -111,7 +111,7 @@
- ZLIB_INCLUDE=
- LIBZLIB=
- 
--DIRS=   crypto ssl engines apps test tools
-+DIRS=   crypto ssl
- ENGDIRS= ccgost
- SHLIBDIRS= crypto ssl
- 
---- openssl-1.0.0e/Makefile.org	2010-01-27 08:06:58.000000000 -0800
-+++ openssl-1.0.0e_patched/Makefile.org	2011-12-19 08:30:01.795240100 -0800
[email protected]@ -109,7 +109,7 @@
- ZLIB_INCLUDE=
- LIBZLIB=
- 
--DIRS=   crypto ssl engines apps test tools
-+DIRS=   crypto ssl
- ENGDIRS= ccgost
- SHLIBDIRS= crypto ssl
- 
---- openssl-1.0.0e/crypto/cryptlib.c	2011-06-22 08:39:00.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/cryptlib.c	2011-12-12 06:17:45.422476900 -0800
[email protected]@ -871,6 +871,10 @@
- 	MessageBox (NULL,buf,_T("OpenSSL: FATAL"),MB_OK|MB_ICONSTOP);
- }
- #else
-+/* Solaris libsa.a used for WAN boot doesn't provide for vfprintf(). Since
-+ *  * OPENSSL_showfatal() is not used anywhere else then here we can safely use
-+ *   * the code from 0.9.7d version. */
-+#ifndef	_BOOT
- void OPENSSL_showfatal (const char *fmta,...)
- { va_list ap;
- 
[email protected]@ -878,14 +882,21 @@
-     vfprintf (stderr,fmta,ap);
-     va_end (ap);
- }
-+#endif	/* _BOOT */
- int OPENSSL_isservice (void) { return 0; }
- #endif
- 
- void OpenSSLDie(const char *file,int line,const char *assertion)
- 	{
-+#ifndef	_BOOT		
- 	OPENSSL_showfatal(
- 		"%s(%d): OpenSSL internal error, assertion failed: %s\n",
- 		file,line,assertion);
-+#else
-+	fprintf(stderr,
-+		"%s(%d): OpenSSL internal error, assertion failed: %s\n",
-+		file,line,assertion);
-+#endif	
- #if !defined(_WIN32) || defined(__CYGWIN__)
- 	abort();
- #else
---- openssl-1.0.0e/crypto/err/err_all.c	2009-08-09 07:58:05.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/err/err_all.c	2011-12-13 05:22:01.205351400 -0800
[email protected]@ -142,7 +142,9 @@
- 	ERR_load_X509V3_strings();
- 	ERR_load_PKCS12_strings();
- 	ERR_load_RAND_strings();
-+#ifndef _BOOT
- 	ERR_load_DSO_strings();
-+#endif /* _BOOT */
- 	ERR_load_TS_strings();
- #ifndef OPENSSL_NO_ENGINE
- 	ERR_load_ENGINE_strings();
---- openssl-1.0.0e/crypto/evp/evp_key.c	2010-03-27 12:27:50.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/evp/evp_key.c	2011-12-13 05:19:32.956908600 -0800
[email protected]@ -84,7 +84,7 @@
- 	else
- 		return(prompt_string);
- 	}
--
-+#ifndef	_BOOT
- /* For historical reasons, the standard function for reading passwords is
-  * in the DES library -- if someone ever wants to disable DES,
-  * this function will fail */
[email protected]@ -111,6 +111,7 @@
- 	OPENSSL_cleanse(buff,BUFSIZ);
- 	return ret;
- 	}
-+#endif	/* !_BOOT */
- 
- int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, 
- 	     const unsigned char *salt, const unsigned char *data, int datal,
---- openssl-1.0.0e/crypto/rand/rand_unix.c	2009-04-06 07:31:36.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/rand/rand_unix.c	2011-12-19 07:28:39.988944800 -0800
[email protected]@ -122,7 +122,11 @@
- #include <sys/time.h>
- #include <sys/times.h>
- #include <sys/stat.h>
-+#ifdef	_BOOT
-+#include <sys/fcntl.h>
-+#else
- #include <fcntl.h>
-+#endif
- #include <unistd.h>
- #include <time.h>
- #if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually everywhere */
[email protected]@ -253,6 +257,11 @@
- 	const char **egdsocket = NULL;
- #endif
- 
-+#ifdef _BOOT
-+/* open() is provided by standalone libsa not visible from here */
-+extern int open(const char *, int);
-+#endif
-+
- #ifdef DEVRANDOM
- 	memset(randomstats,0,sizeof(randomstats));
- 	/* Use a random entropy pool device. Linux, FreeBSD and OpenBSD
[email protected]@ -295,9 +304,13 @@
- 				{
- 				int try_read = 0;
- 
--#if defined(OPENSSL_SYS_BEOS_R5)
-+#if defined(OPENSSL_SYS_BEOS_R5) || defined(_BOOT)
- 				/* select() is broken in BeOS R5, so we simply
- 				 *  try to read something and snooze if we couldn't */
-+				/* 
-+				 * select() is not available when linking stand-alone
-+				 * library for wanboot 
-+				 */
- 				try_read = 1;
- 
- #elif defined(OPENSSL_SYS_LINUX)
[email protected]@ -355,6 +368,7 @@
- 				else
- 					r = -1;
- 				
-+#ifndef	_BOOT				
- 				/* Some Unixen will update t in select(), some
- 				   won't.  For those who won't, or if we
- 				   didn't use select() in the first place,
[email protected]@ -366,13 +380,17 @@
- 				}
- 			while ((r > 0 ||
- 			       (errno == EINTR || errno == EAGAIN)) && usec != 0 && n < ENTROPY_NEEDED);
-+#else	/* _BOOT */
-+				}
-+			while (r > 0 && n < ENTROPY_NEEDED);
-+#endif	/* _BOOT */			
- 
- 			close(fd);
- 			}
- 		}
- #endif /* defined(DEVRANDOM) */
- 
--#ifdef DEVRANDOM_EGD
-+#if defined(DEVRANDOM_EGD) && !defined(_BOOT)
- 	/* Use an EGD socket to read entropy from an EGD or PRNGD entropy
- 	 * collecting daemon. */
- 
[email protected]@ -395,6 +413,7 @@
- 		}
- #endif
- 
-+#ifndef	_BOOT
- 	/* put in some default random data, we need more than just this */
- 	l=curr_pid;
- 	RAND_add(&l,sizeof(l),0.0);
[email protected]@ -403,6 +422,7 @@
- 
- 	l=time(NULL);
- 	RAND_add(&l,sizeof(l),0.0);
-+#endif /* !_BOOT */	
- 
- #if defined(OPENSSL_SYS_BEOS)
- 	{
-
---- openssl-1.0.0e/crypto/rand/randfile.c	2011-03-19 02:44:37.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/rand/randfile.c	2011-12-13 05:26:51.884824200 -0800
[email protected]@ -57,7 +57,9 @@
-  */
- 
- /* We need to define this to get macros like S_IFBLK and S_IFCHR */
-+#ifndef	_BOOT
- #define _XOPEN_SOURCE 500
-+#endif	/* _BOOT */
- 
- #include <errno.h>
- #include <stdio.h>
---- openssl-1.0.0e/crypto/x509v3/v3_utl.c	2009-07-27 14:08:53.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/x509v3/v3_utl.c	2011-12-13 05:10:08.844191400 -0800
[email protected]@ -659,9 +659,52 @@
- 		}
- 	}
- 
-+#if	defined(_BOOT)
-+/* This function was copied from bio/b_sock.c */
-+static int get_ip(const char *str, unsigned char ip[4])
-+	{
-+	unsigned int tmp[4];
-+	int num=0,c,ok=0;
-+
-+	tmp[0]=tmp[1]=tmp[2]=tmp[3]=0;
-+
-+	for (;;)
-+		{
-+		c= *(str++);
-+		if ((c >= '0') && (c <= '9'))
-+			{
-+			ok=1;
-+			tmp[num]=tmp[num]*10+c-'0';
-+			if (tmp[num] > 255) return(0);
-+			}
-+		else if (c == '.')
-+			{
-+			if (!ok) return(-1);
-+			if (num == 3) return(0);
-+			num++;
-+			ok=0;
-+			}
-+		else if (c == '\0' && (num == 3) && ok)
-+			break;
-+		else
-+			return(0);
-+		}
-+	ip[0]=tmp[0];
-+	ip[1]=tmp[1];
-+	ip[2]=tmp[2];
-+	ip[3]=tmp[3];
-+	return(1);
-+	}
-+#endif /* _BOOT */
-+
- static int ipv4_from_asc(unsigned char *v4, const char *in)
- 	{
- 	int a0, a1, a2, a3;
-+
-+#if	defined(_BOOT)
-+	if (get_ip(in, v4) != 1)
-+		return 0;
-+#else	/* _BOOT */
- 	if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
- 		return 0;
- 	if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255)
[email protected]@ -671,6 +716,7 @@
- 	v4[1] = a1;
- 	v4[2] = a2;
- 	v4[3] = a3;
-+#endif	/* _BOOT */
- 	return 1;
- 	}
- 
---- openssl-1.0.0e/doc/crypto/hmac.pod	2009-09-30 16:40:52.000000000 -0700
-+++ openssl-1.0.0e_patched/doc/crypto/hmac.pod	2011-12-12 05:39:53.818071600 -0800
[email protected]@ -2,7 +2,7 @@
- 
- =head1 NAME
- 
--HMAC, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup - HMAC message
-+HMAC, HMAC_CTX_init, HMAC_Init, HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_cleanup, HMAC_cleanup - HMAC message
- authentication code
- 
- =head1 SYNOPSIS
---- openssl-1.0.0e/e_os.h	2011-12-19 04:17:51.631087400 -0800
-+++ openssl-1.0.0e_patched/e_os.h	2011-12-19 04:15:15.776668900 -0800
[email protected]@ -207,10 +207,19 @@
- #define get_last_socket_error()	errno
- #define clear_socket_error()	errno=0
- #define ioctlsocket(a,b,c)	ioctl(a,b,c)
-+#ifdef	_BOOT
-+#include <netinet/in.h>
-+extern int socket_read(int, void *, size_t, int);
-+extern int socket_close(int);
-+#define	closesocket(s)		socket_close(s)
-+#define	readsocket(s,b,n)	socket_read((s),(b),(n), 200)
-+#define	writesocket(s,b,n)	send((s),(b),(n), 0)
-+#else  /* !_BOOT */
- #define closesocket(s)		close(s)
- #define readsocket(s,b,n)	read((s),(b),(n))
- #define writesocket(s,b,n)	write((s),(b),(n))
- #endif
-+#endif
- 
- #ifdef WIN16 /* never the case */
- #  define MS_CALLBACK	_far _loadds
---- openssl-1.0.0e/crypto/sparcv9cap.c	2010-09-05 12:48:01.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/sparcv9cap.c	2011-12-23 05:24:02.011607700 -0800
[email protected]@ -12,7 +12,7 @@
- #define SPARCV9_VIS2		(1<<3)	/* reserved */
- #define SPARCV9_FMADD		(1<<4)	/* reserved for SPARC64 V */
- 
--static int OPENSSL_sparcv9cap_P=SPARCV9_TICK_PRIVILEGED;
-+static int OPENSSL_sparcv9cap_P = SPARCV9_VIS1;
- 
- int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num)
- 	{
[email protected]@ -32,6 +32,7 @@
- void		_sparcv9_vis2_probe(void);
- void		_sparcv9_fmadd_probe(void);
- 
-+#ifndef _BOOT
- unsigned long OPENSSL_rdtsc(void)
- 	{
- 	if (OPENSSL_sparcv9cap_P&SPARCV9_TICK_PRIVILEGED)
[email protected]@ -43,8 +44,19 @@
- 	else
- 		return _sparcv9_rdtick();
- 	}
-+#endif
-+
-+#if defined(_BOOT)
-+/*
-+ * Hardcoding sparc capabilities for wanboot.
-+ * Older CPUs are EOLed anyway.
-+ */
-+void OPENSSL_cpuid_setup(void)
-+	{
-+	OPENSSL_sparcv9cap_P = SPARCV9_VIS1;
-+	}
- 
--#if 0 && defined(__sun) && defined(__SVR4)
-+#elif 0 && defined(__sun) && defined(__SVR4)
- /* This code path is disabled, because of incompatibility of
-  * libdevinfo.so.1 and libmalloc.so.1 (see below for details)
-  */
---- openssl-1.0.0e/crypto/sparccpuid.S	2010-09-05 12:48:01.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/sparccpuid.S	2012-02-13 07:42:58.259478325 -0800
[email protected]@ -397,6 +397,11 @@
- .type	OPENSSL_cleanse,#function
- .size	OPENSSL_cleanse,.-OPENSSL_cleanse
- 
-+#ifndef _BOOT
- .section	".init",#alloc,#execinstr
-	call	OPENSSL_cpuid_setup
-	nop
-+#else
-+	nop
-+	nop
-+#endif
---- openssl-1.0.0e/crypto/Makefile	2010-07-26 15:09:59.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/Makefile	2011-12-22 08:26:22.041955800 -0800
[email protected]@ -34,8 +34,8 @@
- 
- LIB= $(TOP)/libcrypto.a
- SHARED_LIB= libcrypto$(SHLIB_EXT)
--LIBSRC=	cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c
--LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o $(CPUID_OBJ)
-+LIBSRC=	cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c stubs.c
-+LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o stubs.o $(CPUID_OBJ)
- 
- SRC= $(LIBSRC)
- 
--- a/components/openssl/openssl-1.0.0/Makefile	Fri Apr 06 11:00:02 2012 -0700
+++ b/components/openssl/openssl-1.0.0/Makefile	Sun Apr 08 02:30:08 2012 -0700
@@ -22,11 +22,21 @@
 #
 include ../../../make-rules/shared-macros.mk
 
-# COMPONENT_NAME, COMPONENT_VERSION, IPS_COMPONENT_VERSION and some other
-# related macros definitions were moved to ../openssl-1.0.0/Makefile.version
-# in order to keep OpenSSL versions in ../openssl-1.0.0 and
-# ../openssl-1.0.0-wanboot in sync
-include Makefile.version
+COMPONENT_NAME =	openssl
+# When new version of OpenSSL comes in, you must update both COMPONENT_VERSION
+# and IPS_COMPONENT_VERSION.
+# When upgrading OpenSSL, please, DON'T FORGET TO TEST WANBOOT too. 
+# For more information about wanboot-openssl testing, please refer to
+# ../README.
+COMPONENT_VERSION =	1.0.0h
+# Version for IPS. It is easier to do it manually than convert the letter to a
+# number while taking into account that there might be no letter at all.
+IPS_COMPONENT_VERSION = 1.0.0.8
+COMPONENT_PROJECT_URL=	http://www.openssl.org/
+COMPONENT_SRC =		$(COMPONENT_NAME)-$(COMPONENT_VERSION)
+COMPONENT_ARCHIVE =	$(COMPONENT_SRC).tar.gz
+COMPONENT_ARCHIVE_HASH=	sha1:6d4587a96817147021e93ca266441daf4bcbf485
+COMPONENT_ARCHIVE_URL =	$(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
 
 # Architecture-specific patches
 EXTRA_PATCHES.i386 = $(PATCH_DIR)/openssl-1.0.0d-aesni-v4.i386-patch
@@ -40,6 +50,9 @@
 
 PATH=$(SPRO_VROOT)/bin:/usr/bin:/usr/gnu/bin:/usr/perl5/bin
 
+# Variant of OpenSSL for wanboot is built in build/sparcv9-wanboot.
+BUILD_DIR_WANBOOT = $(BUILD_DIR)/$(MACH64)-wanboot
+
 # OpenSSL does not use autoconf but its own configure system.
 CONFIGURE_SCRIPT = $(SOURCE_DIR)/Configure
 
@@ -54,6 +67,7 @@
 ENGINESDIR_32 = /lib/openssl/engines
 ENGINESDIR_64 = /lib/openssl/engines/64
 
+# Configure options common to both regular OpenSSL and OpenSSL for wanboot.
 CONFIGURE_OPTIONS =  -DSOLARIS_OPENSSL -DNO_WINDOWS_BRAINDEATH
 CONFIGURE_OPTIONS += --openssldir=/etc/openssl
 CONFIGURE_OPTIONS += --prefix=/usr
@@ -78,8 +92,6 @@
 CONFIGURE_OPTIONS += no-hw_sureware
 CONFIGURE_OPTIONS += no-hw_ubsec
 CONFIGURE_OPTIONS += no-hw_cswift
-CONFIGURE_OPTIONS += threads
-CONFIGURE_OPTIONS += shared
 # MD2 is not enabled by default in OpensSSL but some software we have in
 # Userland needs it. One example is nmap.
 CONFIGURE_OPTIONS += enable-md2
@@ -89,6 +101,9 @@
 # Whirlpool implementation removed.
 CONFIGURE_OPTIONS += no-whirlpool
 CONFIGURE_OPTIONS += no-whrlpool
+# Some additional options needed for our engines.
+CONFIGURE_OPTIONS += --pk11-libname=$(PKCS11_LIB$(BITS))
+CONFIGURE_OPTIONS += --enginesdir=$(ENGINESDIR_$(BITS))
 
 # We define our own compiler and linker option sets for Solaris. See Configure
 # for more information.
@@ -97,10 +112,34 @@
 CONFIGURE_OPTIONS64_i386 =	solaris64-x86_64-cc-sunw
 CONFIGURE_OPTIONS64_sparc =	solaris64-sparcv9-cc-sunw
 
-# Some additional options needed for our engines.
-CONFIGURE_OPTIONS += --pk11-libname=$(PKCS11_LIB$(BITS))
-CONFIGURE_OPTIONS += --enginesdir=$(ENGINESDIR_$(BITS))
-CONFIGURE_OPTIONS += $(CONFIGURE_OPTIONS$(BITS)_$(MACH))
+# Options specific to regular build.
+# They must not be specified as common, as they cannot be overridden.
+$(BUILD_DIR)/$(MACH32)/.configured:	CONFIGURE_OPTIONS += threads
+$(BUILD_DIR)/$(MACH64)/.configured:	CONFIGURE_OPTIONS += threads
+$(BUILD_DIR)/$(MACH32)/.configured:	CONFIGURE_OPTIONS += shared
+$(BUILD_DIR)/$(MACH64)/.configured:	CONFIGURE_OPTIONS += shared
+$(BUILD_DIR)/$(MACH32)/.configured:	CONFIGURE_OPTIONS += shared
+$(BUILD_DIR)/$(MACH64)/.configured:	CONFIGURE_OPTIONS += shared
+$(BUILD_DIR)/$(MACH32)/.configured:	CONFIGURE_OPTIONS += \
+	$(CONFIGURE_OPTIONS32_$(MACH))
+$(BUILD_DIR)/$(MACH64)/.configured:	CONFIGURE_OPTIONS += \
+	$(CONFIGURE_OPTIONS64_$(MACH))
+
+# OpenSSL for wanboot specific options
+$(BUILD_DIR_WANBOOT)/.configured:	BITS=64
+$(BUILD_DIR_WANBOOT)/.configured:	CONFIGURE_OPTIONS += -DNO_CHMOD
+$(BUILD_DIR_WANBOOT)/.configured:	CONFIGURE_OPTIONS += -D_BOOT
+$(BUILD_DIR_WANBOOT)/.configured:	CONFIGURE_OPTIONS += -DOPENSSL_NO_DTLS1
+$(BUILD_DIR_WANBOOT)/.configured:	CONFIGURE_OPTIONS += no-cast
+$(BUILD_DIR_WANBOOT)/.configured:	CONFIGURE_OPTIONS += no-dso
+$(BUILD_DIR_WANBOOT)/.configured:	CONFIGURE_OPTIONS += no-rc4
+$(BUILD_DIR_WANBOOT)/.configured:	CONFIGURE_OPTIONS += no-ripemd
+$(BUILD_DIR_WANBOOT)/.configured:	CONFIGURE_OPTIONS += no-hw
+$(BUILD_DIR_WANBOOT)/.configured:	CONFIGURE_OPTIONS += no-threads
+$(BUILD_DIR_WANBOOT)/.configured:	CONFIGURE_OPTIONS += no-shared
+$(BUILD_DIR_WANBOOT)/.configured:	CONFIGURE_OPTIONS += \
+	solaris64-sparcv9-cc-sunw-wanboot
+
 
 # OpenSSL has its own configure system which must be run from the fully
 # populated source code directory. However, the Userland configuration phase is
@@ -109,6 +148,9 @@
 COMPONENT_PRE_CONFIGURE_ACTION = \
     ( $(CLONEY) $(SOURCE_DIR) $(BUILD_DIR)/$(MACH$(BITS)); )
 
+$(BUILD_DIR_WANBOOT)/.configured:	COMPONENT_PRE_CONFIGURE_ACTION = \
+	    ( $(CLONEY) $(SOURCE_DIR) $(BUILD_DIR_WANBOOT); )
+
 # We deliver only one opensslconf.h file which must be suitable for both 32 and
 # 64 bits. Depending on the configuration option, OpenSSL's Configure script
 # creates opensslconf.h for either 32 or 64 bits. A patch makes the resulting
@@ -118,38 +160,12 @@
     ( [ $(BITS) -eq 32 ] && $(GPATCH) -p1 $(@D)/crypto/opensslconf.h \
       patches-post-config/opensslconf.patch; cd $(@D); $(MAKE) depend; )
 
-# This conditional part triggers actions in ../openssl-1.0.0-wanboot directory
-# in order to create static openssl bits for linking with wanboot.
-# Specifically
-#     - propagate clean and clobber targets to wanboot dir
-#     - build wanboot bits and copy in wanboot-openssl.o to proto area
-#     - cache (link) openssl tarball from wanboot dir
-ifeq ($(MACH), sparc)
-WANBOOT_DIR	= $(COMPONENT_DIR)/../openssl-1.0.0-wanboot
-WANBOOT_TO	= $(PROTO_DIR)/lib/openssl/wanboot/$(MACH64)
-clobber clean::
-	(cd $(WANBOOT_DIR) ; $(GMAKE) [email protected])
-
-# In order not to download the tarball twice (once here and once in 
-# ../openssl-1.0.0-wanboot), there is a hacky caching applied.
-# After having build in ../openssl-1.0.0-wanboot an attempt is made to create
-# a soft-link in this directory pointing to the tarball. 
-$(WANBOOT_DIR)/build/$(MACH64)/.built:
-	(cd $(WANBOOT_DIR) ; $(GMAKE) build;)
-	-$(LN) -s $(WANBOOT_DIR)/$(COMPONENT_ARCHIVE) $(COMPONENT_DIR)/ 
-
-build: $(WANBOOT_DIR)/build/$(MACH64)/.built
-install: $(WANBOOT_DIR)/build/$(MACH64)/.built
-
-$(INSTALL_64): COMPONENT_POST_INSTALL_ACTION = \
-    ( $(MKDIR) -p $(WANBOOT_TO); \
-      $(CP) $(WANBOOT_DIR)/build/$(MACH64)/wanboot-openssl.o $(WANBOOT_TO); )
-endif
-
 
 # We do not ship our engines as patches since it would be more difficult to
 # update the files which have been under continuous development. We rather copy
 # the files to the right directories.
+# Same holds for wanboot-stubs.c, which stubs out several functions, that are
+# not available in the stand-alone environment of wanboot.
 COMPONENT_PRE_BUILD_ACTION = \
     ( $(CP) -fp engines/aesni/eng_aesni.c	$(@D)/crypto/engine; \
       $(CP) -fp engines/aesni/aesni-x86*.pl	$(@D)/crypto/aes/asm; \
@@ -159,10 +175,159 @@
       $(CP) -fp engines/t4/t4_aes.S		$(@D)/crypto/aes/asm; \
       $(CP) -fp engines/t4/t4_des.S		$(@D)/crypto/des/asm; \
       $(CP) -fp engines/t4/t4_md5.S		$(@D)/crypto/md5/asm; \
-      $(CP) -fp engines/t4/t4_sha?.S		$(@D)/crypto/sha/asm; )
+      $(CP) -fp engines/t4/t4_sha?.S		$(@D)/crypto/sha/asm; \
+      $(CP) -fp wanboot-openssl/wanboot-stubs.c	$(@D)/crypto; )
+
+# OpenSSL for wanboot is built on sparc only.
+ifeq ($(MACH), sparc)
+BUILD_64 +=	$(BUILD_DIR_WANBOOT)/.built
+endif
 
 build:		$(BUILD_32_and_64)
 
+# Object files for wanboot-openssl.o have to be listed explicitly.
+WANBOOT_OBJS =  \
+    crypto/aes/aes-sparcv9.o crypto/aes/aes_cbc.o crypto/aes/aes_cfb.o \
+    crypto/aes/aes_core.o crypto/aes/aes_ecb.o crypto/aes/aes_ofb.o \
+    crypto/aes/aes_wrap.o crypto/asn1/a_bitstr.o crypto/asn1/a_bool.o \
+    crypto/asn1/a_bytes.o crypto/asn1/a_d2i_fp.o crypto/asn1/a_digest.o \
+    crypto/asn1/a_dup.o crypto/asn1/a_enum.o crypto/asn1/a_gentm.o \
+    crypto/asn1/a_i2d_fp.o crypto/asn1/a_int.o crypto/asn1/a_mbstr.o \
+    crypto/asn1/a_object.o crypto/asn1/a_octet.o crypto/asn1/a_print.o \
+    crypto/asn1/a_set.o crypto/asn1/a_sign.o crypto/asn1/a_strex.o \
+    crypto/asn1/a_strnid.o crypto/asn1/a_time.o crypto/asn1/a_type.o \
+    crypto/asn1/a_utctm.o crypto/asn1/a_utf8.o crypto/asn1/a_verify.o \
+    crypto/asn1/ameth_lib.o crypto/asn1/asn1_err.o crypto/asn1/asn1_gen.o \
+    crypto/asn1/asn1_lib.o crypto/asn1/asn1_par.o crypto/asn1/asn_mime.o \
+    crypto/asn1/asn_pack.o crypto/asn1/bio_asn1.o crypto/asn1/bio_ndef.o \
+    crypto/asn1/d2i_pr.o crypto/asn1/evp_asn1.o crypto/asn1/f_int.o \
+    crypto/asn1/f_string.o crypto/asn1/i2d_pr.o crypto/asn1/nsseq.o \
+    crypto/asn1/p5_pbe.o crypto/asn1/p5_pbev2.o crypto/asn1/p8_pkey.o \
+    crypto/asn1/t_pkey.o crypto/asn1/t_x509.o crypto/asn1/t_x509a.o \
+    crypto/asn1/tasn_dec.o crypto/asn1/tasn_enc.o crypto/asn1/tasn_fre.o \
+    crypto/asn1/tasn_new.o crypto/asn1/tasn_prn.o crypto/asn1/tasn_typ.o \
+    crypto/asn1/tasn_utl.o crypto/asn1/x_algor.o crypto/asn1/x_attrib.o \
+    crypto/asn1/x_bignum.o crypto/asn1/x_crl.o crypto/asn1/x_exten.o \
+    crypto/asn1/x_info.o crypto/asn1/x_long.o crypto/asn1/x_name.o \
+    crypto/asn1/x_pkey.o crypto/asn1/x_pubkey.o crypto/asn1/x_req.o \
+    crypto/asn1/x_sig.o crypto/asn1/x_spki.o crypto/asn1/x_val.o \
+    crypto/asn1/x_x509.o crypto/asn1/x_x509a.o crypto/bf/bf_cfb64.o \
+    crypto/bf/bf_ecb.o crypto/bf/bf_enc.o crypto/bf/bf_ofb64.o \
+    crypto/bf/bf_skey.o crypto/bio/b_dump.o crypto/bio/b_print.o \
+    crypto/bio/bf_buff.o crypto/bio/bio_err.o crypto/bio/bio_lib.o \
+    crypto/bio/bss_file.o crypto/bio/bss_mem.o crypto/bio/bss_null.o \
+    crypto/bio/bss_sock.o crypto/bn/bn-sparcv9.o crypto/bn/bn_add.o \
+    crypto/bn/bn_blind.o crypto/bn/bn_ctx.o crypto/bn/bn_div.o \
+    crypto/bn/bn_err.o crypto/bn/bn_exp.o crypto/bn/bn_exp2.o \
+    crypto/bn/bn_gcd.o crypto/bn/bn_lib.o crypto/bn/bn_mod.o \
+    crypto/bn/bn_mont.o crypto/bn/bn_mul.o crypto/bn/bn_prime.o \
+    crypto/bn/bn_print.o crypto/bn/bn_rand.o crypto/bn/bn_recp.o \
+    crypto/bn/bn_shift.o crypto/bn/bn_sqr.o crypto/bn/bn_word.o \
+    crypto/bn/sparcv9-mont.o crypto/bn/sparcv9a-mont.o \
+    crypto/buffer/buf_err.o crypto/buffer/buffer.o crypto/camellia/camellia.o \
+    crypto/camellia/cmll_cbc.o crypto/camellia/cmll_cfb.o \
+    crypto/camellia/cmll_ecb.o crypto/camellia/cmll_misc.o \
+    crypto/camellia/cmll_ofb.o crypto/cms/cms_asn1.o crypto/cms/cms_att.o \
+    crypto/cms/cms_dd.o crypto/cms/cms_enc.o crypto/cms/cms_env.o \
+    crypto/cms/cms_err.o crypto/cms/cms_io.o crypto/cms/cms_lib.o \
+    crypto/cms/cms_sd.o crypto/comp/c_zlib.o crypto/comp/comp_err.o \
+    crypto/comp/comp_lib.o crypto/conf/conf_api.o crypto/conf/conf_def.o \
+    crypto/conf/conf_err.o crypto/conf/conf_lib.o crypto/conf/conf_mod.o \
+    crypto/cpt_err.o crypto/cryptlib.o crypto/des/cfb64ede.o \
+    crypto/des/cfb64enc.o crypto/des/cfb_enc.o crypto/des/des_enc-sparc.o \
+    crypto/des/ecb3_enc.o crypto/des/ecb_enc.o crypto/des/ofb64ede.o \
+    crypto/des/ofb64enc.o crypto/des/set_key.o crypto/des/xcbc_enc.o \
+    crypto/dh/dh_ameth.o crypto/dh/dh_asn1.o crypto/dh/dh_check.o \
+    crypto/dh/dh_err.o crypto/dh/dh_gen.o crypto/dh/dh_key.o \
+    crypto/dh/dh_lib.o crypto/dh/dh_pmeth.o crypto/dsa/dsa_ameth.o \
+    crypto/dsa/dsa_asn1.o crypto/dsa/dsa_err.o crypto/dsa/dsa_gen.o \
+    crypto/dsa/dsa_key.o crypto/dsa/dsa_lib.o crypto/dsa/dsa_ossl.o \
+    crypto/dsa/dsa_pmeth.o crypto/dsa/dsa_sign.o crypto/dsa/dsa_vrf.o \
+    crypto/dso/dso_lib.o crypto/dso/dso_null.o crypto/dso/dso_openssl.o \
+    crypto/engine/eng_ctrl.o crypto/engine/eng_err.o crypto/engine/eng_init.o \
+    crypto/engine/eng_lib.o crypto/engine/eng_list.o crypto/engine/eng_pkey.o \
+    crypto/engine/eng_table.o crypto/engine/tb_asnmth.o \
+    crypto/engine/tb_cipher.o crypto/engine/tb_dh.o crypto/engine/tb_digest.o \
+    crypto/engine/tb_dsa.o crypto/engine/tb_pkmeth.o crypto/engine/tb_rand.o \
+    crypto/engine/tb_rsa.o crypto/err/err.o crypto/err/err_all.o \
+    crypto/err/err_prn.o crypto/evp/bio_b64.o crypto/evp/bio_enc.o \
+    crypto/evp/bio_md.o crypto/evp/c_all.o crypto/evp/c_allc.o \
+    crypto/evp/c_alld.o crypto/evp/digest.o crypto/evp/e_aes.o \
+    crypto/evp/e_bf.o crypto/evp/e_camellia.o crypto/evp/e_des.o \
+    crypto/evp/e_des3.o crypto/evp/e_null.o crypto/evp/e_rc2.o \
+    crypto/evp/e_xcbc_d.o crypto/evp/encode.o crypto/evp/evp_enc.o \
+    crypto/evp/evp_err.o crypto/evp/evp_key.o crypto/evp/evp_lib.o \
+    crypto/evp/evp_pbe.o crypto/evp/evp_pkey.o crypto/evp/m_dss.o \
+    crypto/evp/m_dss1.o crypto/evp/m_md4.o crypto/evp/m_md5.o \
+    crypto/evp/m_sha.o crypto/evp/m_sha1.o crypto/evp/m_sigver.o \
+    crypto/evp/names.o crypto/evp/p5_crpt.o crypto/evp/p5_crpt2.o \
+    crypto/evp/p_lib.o crypto/evp/p_sign.o crypto/evp/p_verify.o \
+    crypto/evp/pmeth_fn.o crypto/evp/pmeth_gn.o crypto/evp/pmeth_lib.o \
+    crypto/ex_data.o crypto/hmac/hm_ameth.o crypto/hmac/hm_pmeth.o \
+    crypto/hmac/hmac.o crypto/lhash/lhash.o crypto/md4/md4_dgst.o \
+    crypto/md5/md5_dgst.o crypto/mem.o crypto/mem_dbg.o crypto/modes/cbc128.o \
+    crypto/modes/cfb128.o crypto/modes/ofb128.o crypto/o_dir.o \
+    crypto/o_time.o crypto/objects/o_names.o crypto/objects/obj_dat.o \
+    crypto/objects/obj_err.o crypto/objects/obj_lib.o \
+    crypto/objects/obj_xref.o crypto/ocsp/ocsp_asn.o crypto/ocsp/ocsp_err.o \
+    crypto/pem/pem_all.o crypto/pem/pem_err.o crypto/pem/pem_info.o \
+    crypto/pem/pem_lib.o crypto/pem/pem_oth.o crypto/pem/pem_pk8.o \
+    crypto/pem/pem_pkey.o crypto/pem/pem_x509.o crypto/pem/pem_xaux.o \
+    crypto/pkcs12/p12_add.o crypto/pkcs12/p12_asn.o crypto/pkcs12/p12_attr.o \
+    crypto/pkcs12/p12_crpt.o crypto/pkcs12/p12_decr.o crypto/pkcs12/p12_key.o \
+    crypto/pkcs12/p12_mutl.o crypto/pkcs12/p12_p8d.o crypto/pkcs12/p12_p8e.o \
+    crypto/pkcs12/p12_utl.o crypto/pkcs12/pk12err.o crypto/pkcs7/pk7_asn1.o \
+    crypto/pkcs7/pk7_attr.o crypto/pkcs7/pk7_doit.o crypto/pkcs7/pk7_lib.o \
+    crypto/pkcs7/pkcs7err.o crypto/rand/md_rand.o crypto/rand/rand_err.o \
+    crypto/rand/rand_lib.o crypto/rand/rand_unix.o crypto/rand/randfile.o \
+    crypto/rc2/rc2_cbc.o crypto/rc2/rc2_ecb.o crypto/rc2/rc2_skey.o \
+    crypto/rc2/rc2cfb64.o crypto/rc2/rc2ofb64.o crypto/rsa/rsa_ameth.o \
+    crypto/rsa/rsa_asn1.o crypto/rsa/rsa_eay.o crypto/rsa/rsa_err.o \
+    crypto/rsa/rsa_gen.o crypto/rsa/rsa_lib.o crypto/rsa/rsa_none.o \
+    crypto/rsa/rsa_oaep.o crypto/rsa/rsa_pk1.o crypto/rsa/rsa_pmeth.o \
+    crypto/rsa/rsa_pss.o crypto/rsa/rsa_sign.o crypto/rsa/rsa_ssl.o \
+    crypto/rsa/rsa_x931.o crypto/sha/sha1-sparcv9.o crypto/sha/sha1dgst.o \
+    crypto/sha/sha256-sparcv9.o crypto/sha/sha256.o \
+    crypto/sha/sha512-sparcv9.o crypto/sha/sha512.o crypto/sha/sha_dgst.o \
+    crypto/sparccpuid.o crypto/sparcv9cap.o crypto/stack/stack.o \
+    crypto/wanboot-stubs.o \
+    crypto/ts/ts_err.o crypto/ui/ui_err.o crypto/x509/by_dir.o \
+    crypto/x509/by_file.o crypto/x509/x509_att.o crypto/x509/x509_cmp.o \
+    crypto/x509/x509_d2.o crypto/x509/x509_def.o crypto/x509/x509_err.o \
+    crypto/x509/x509_ext.o crypto/x509/x509_lu.o crypto/x509/x509_obj.o \
+    crypto/x509/x509_req.o crypto/x509/x509_trs.o crypto/x509/x509_txt.o \
+    crypto/x509/x509_v3.o crypto/x509/x509_vfy.o crypto/x509/x509_vpm.o \
+    crypto/x509/x509name.o crypto/x509/x509rset.o crypto/x509/x509type.o \
+    crypto/x509/x_all.o crypto/x509v3/pcy_cache.o crypto/x509v3/pcy_data.o \
+    crypto/x509v3/pcy_lib.o crypto/x509v3/pcy_map.o crypto/x509v3/pcy_node.o \
+    crypto/x509v3/pcy_tree.o crypto/x509v3/v3_akey.o crypto/x509v3/v3_akeya.o \
+    crypto/x509v3/v3_alt.o crypto/x509v3/v3_bcons.o crypto/x509v3/v3_bitst.o \
+    crypto/x509v3/v3_conf.o crypto/x509v3/v3_cpols.o crypto/x509v3/v3_crld.o \
+    crypto/x509v3/v3_enum.o crypto/x509v3/v3_extku.o crypto/x509v3/v3_genn.o \
+    crypto/x509v3/v3_ia5.o crypto/x509v3/v3_info.o crypto/x509v3/v3_int.o \
+    crypto/x509v3/v3_lib.o crypto/x509v3/v3_ncons.o crypto/x509v3/v3_ocsp.o \
+    crypto/x509v3/v3_pci.o crypto/x509v3/v3_pcia.o crypto/x509v3/v3_pcons.o \
+    crypto/x509v3/v3_pku.o crypto/x509v3/v3_pmaps.o crypto/x509v3/v3_prn.o \
+    crypto/x509v3/v3_purp.o crypto/x509v3/v3_skey.o crypto/x509v3/v3_sxnet.o \
+    crypto/x509v3/v3_utl.o crypto/x509v3/v3err.o ssl/s3_both.o ssl/s3_clnt.o \
+    ssl/s3_enc.o ssl/s3_lib.o ssl/s3_pkt.o ssl/ssl_algs.o ssl/ssl_asn1.o \
+    ssl/ssl_cert.o ssl/ssl_ciph.o ssl/ssl_err.o ssl/ssl_err2.o ssl/ssl_lib.o \
+    ssl/ssl_rsa.o ssl/ssl_sess.o ssl/t1_enc.o ssl/t1_lib.o ssl/t1_reneg.o
+
+# Linking of openssl bits for wanboot.
+# Interface for wanboot is specified in mapfile.wanboot. Object files are
+# compiled to have functions in separate sections, unused sections get
+# discarded.
+CREATE_BIG_OBJECT_FILE = ( \
+    cd $(BUILD_DIR_WANBOOT); \
+    $(LD) -o wanboot-openssl.o -r -M../../mapfile.wanboot -Breduce \
+        -zdiscard-unused=sections,files -zguidance \
+        $(WANBOOT_OBJS); \
+    )
+
+$(BUILD_DIR_WANBOOT)/.built:	COMPONENT_POST_BUILD_ACTION = \
+    ($(CREATE_BIG_OBJECT_FILE); )
+
 # OpenSSL uses sections man[1357] by default so we must create the man
 # directories we use for OpenSSL man pages in Solaris. Note that we patch the
 # OpenSSL man page install script to use the correct directories.
@@ -184,12 +349,21 @@
 # from the tarball which would corrupt some man pages.
 COMPONENT_INSTALL_ARGS += PATH=$(PATH) MANDIR=/usr/share/man
 
+WANBOOT_TO      = $(PROTO_DIR)/lib/openssl/wanboot/$(MACH64)
+
 # We could run OpenSSL install code for 32 bits only to process header files and
-# manual pages. However, link libraries depend on install stamps so we run
+# manual pages. However, lint libraries depend on install stamps so we run
 # install for 64 bit as well. Note that we must take built binary files from
 # build directories, not from the proto area which contains whatever was
 # installed first.
+# OpenSSL for wanboot is built on sparc only.
+ifeq ($(MACH), sparc)
+install:	$(INSTALL_32_and_64) $(BUILD_DIR_WANBOOT)/.built
+	$(MKDIR) -p $(WANBOOT_TO);
+	$(CP) $(BUILD_DIR_WANBOOT)/wanboot-openssl.o $(WANBOOT_TO);
+else
 install:	$(INSTALL_32_and_64)
+endif
 
 # We need to modify the default lint flags to include patched opensslconf.h from
 # the build directory. If we do not do that, lint will complain about md2.h
--- a/components/openssl/openssl-1.0.0/Makefile.version	Fri Apr 06 11:00:02 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,45 +0,0 @@
-#
-# CDDL HEADER START
-#
-# The contents of this file are subject to the terms of the
-# Common Development and Distribution License (the "License").
-# You may not use this file except in compliance with the License.
-#
-# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
-# or http://www.opensolaris.org/os/licensing.
-# See the License for the specific language governing permissions
-# and limitations under the License.
-#
-# When distributing Covered Code, include this CDDL HEADER in each
-# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
-# If applicable, add the following below this CDDL HEADER, with the
-# fields enclosed by brackets "[]" replaced with your own identifying
-# information: Portions Copyright [yyyy] [name of copyright owner]
-#
-# CDDL HEADER END
-#
-# Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
-
-
-#
-# This file contains version-related macro definitions. It is included
-# by both ./Makefile and ../openssl-1.0.0-wanboot/Makefile in order to
-# keep them in sync.
-#
-
-COMPONENT_NAME =	openssl
-# When new version of OpenSSL comes in, you must update both COMPONENT_VERSION
-# and IPS_COMPONENT_VERSION.
-# When upgrading OpenSSL, please, DON'T FORGET TO TEST WANBOOT too. 
-# For more information about wanboot-openssl testing, please refer to
-# ../openssl-1.0.0-wanboot/README.
-COMPONENT_VERSION =	1.0.0g
-# Version for IPS. It is easier to do it manually than convert the letter to a
-# number while taking into account that there might be no letter at all.
-IPS_COMPONENT_VERSION = 1.0.0.7
-COMPONENT_PROJECT_URL=	http://www.openssl.org/
-COMPONENT_SRC =		$(COMPONENT_NAME)-$(COMPONENT_VERSION)
-COMPONENT_ARCHIVE =	$(COMPONENT_SRC).tar.gz
-COMPONENT_ARCHIVE_HASH=	sha1:2b517baada2338663c27314cb922f9755e73e07f
-COMPONENT_ARCHIVE_URL =	$(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
-
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-1.0.0/mapfile.wanboot	Sun Apr 08 02:30:08 2012 -0700
@@ -0,0 +1,126 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+#
+
+#
+# This file defines interface requirements of wanboot on OpenSSL.
+#
+
+$mapfile_version 2
+SYMBOL_SCOPE {
+		ERR_clear_error;
+		SSL_CTX_set_default_passwd_cb;
+		SSL_load_error_strings;
+		EVP_PKEY_free;
+		SSL_get_peer_certificate;
+		SSL_CIPHER_get_name;
+		sk_value;
+		RAND_load_file;
+		X509_NAME_oneline;
+		SSL_write;
+		X509_NAME_get_text_by_NID;
+		OPENSSL_uni2asc;
+		SSL_CTX_set_default_passwd_cb_userdata;
+		SSL_CTX_use_PrivateKey_file;
+		OPENSSL_asc2uni;
+		SSL_get_error;
+		ASN1_UTF8STRING_free;
+		ASN1_mbstring_copy;
+		ERR_error_string;
+		PKCS12_unpack_p7data;
+		X509_free;
+		ERR_get_error;
+		ERR_put_error;
+		PKCS12_free;
+		ASN1_UTF8STRING_new;
+		OPENSSL_add_all_algorithms_noconf;
+		OBJ_nid2obj;
+		PKCS12_SAFEBAG_free;
+		ASN1_STRING_free;
+		sk_delete;
+		OBJ_obj2nid;
+		SSL_CTX_set_verify_depth;
+		PKCS8_PRIV_KEY_INFO_free;
+		SSL_set_connect_state;
+		sk_pop_free;
+		BIO_s_file;
+		SSL_set_fd;
+		SSL_CTX_use_PrivateKey;
+		ASN1_STRING_to_UTF8;
+		PKCS12_certbag2x509;
+		PKCS7_free;
+		PKCS12_decrypt_skey;
+		BIO_new;
+		RAND_status;
+		sk_num;
+		SSL_get_verify_result;
+		SSL_free;
+		SSL_read;
+		SSL_new;
+		SSLv3_client_method;
+		X509_check_private_key;
+		SSL_CTX_new;
+		ASN1_TYPE_set;
+		ASN1_TYPE_new;
+		ERR_peek_error;
+		CRYPTO_free;
+		SSL_CTX_load_verify_locations;
+		PKCS12_unpack_authsafes;
+		X509_ATTRIBUTE_new;
+		PKCS12_unpack_p7encdata;
+		sk_push;
+		SSL_connect;
+		SSL_shutdown;
+		SSL_CTX_use_certificate_file;
+		PKCS12_get_attr_gen;
+		X509_verify_cert_error_string;
+		X509_ATTRIBUTE_free;
+		X509_alias_set1;
+		PKCS12_verify_mac;
+		ASN1_TIME_print;
+		SSL_CTX_use_certificate;
+		SSL_get_ciphers;
+		SSL_CTX_ctrl;
+		SSL_CTX_free;
+		X509_keyid_set1;
+		ERR_load_strings;
+		EVP_EncodeBlock;
+		ASN1_TYPE_free;
+		sk_new_null;
+		SSL_get_current_cipher;
+		ASN1_STRING_cmp;
+		ASN1_STRING_set;
+		ERR_get_next_error_library;
+		EVP_PKCS82PKEY;
+		X509_get_issuer_name;
+		CRYPTO_malloc;
+		BIO_ctrl;
+		BIO_free;
+		X509_STORE_add_cert;
+		ASN1_STRING_type_new;
+		SSL_CTX_set_cipher_list;
+		X509_get_subject_name;
+		SSL_library_init;
+		d2i_PKCS12_fp;
+	local:
+		*;
+};
--- a/components/openssl/openssl-1.0.0/patches/18-compiler_opts.patch	Fri Apr 06 11:00:02 2012 -0700
+++ b/components/openssl/openssl-1.0.0/patches/18-compiler_opts.patch	Sun Apr 08 02:30:08 2012 -0700
@@ -1,6 +1,6 @@
 --- openssl-1.0.0d/Configure	Thu Feb 10 20:02:41 2011
 +++ /tmp/Configure	Thu Feb 10 20:01:51 2011
[email protected]@ -249,6 +255,15 @@
[email protected]@ -249,6 +255,19 @@
  #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
  "sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
  
@@ -12,6 +12,10 @@
 +"solaris-sparcv9-cc-sunw","cc:-xtarget=ultra -m32 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc:BN_LLONG RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m32 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +#
 +"solaris64-sparcv9-cc-sunw","cc:-xtarget=ultra -m64 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -xspace -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc:BN_LLONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs::/64",
++# Option -xF=%all instructs the compiler to place functions and data
++# variables into separate section fragments. This enables the link editor
++# to discard unused sections and files when linking wanboot-openssl.o
++"solaris64-sparcv9-cc-sunw-wanboot","cc:-xtarget=ultra -m64 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -xspace -xF=%all -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl:BN_LLONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/bin/ar rs::/64",
 +
  #### IRIX 5.x configs
  # -mips2 flag is added by ./config when appropriate.
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-1.0.0/patches/30_wanboot.patch	Sun Apr 08 02:30:08 2012 -0700
@@ -0,0 +1,350 @@
+--- openssl-1.0.0g/Makefile.org	2010-01-27 08:06:58.000000000 -0800
++++ openssl-1.0.0g-1/Makefile.org	2012-03-26 03:04:08.440194448 -0700
[email protected]@ -109,7 +109,13 @@
+ ZLIB_INCLUDE=
+ LIBZLIB=
+ 
++# For wanboot, we only need crypto and ssl.
++# 'apps' are not patched to work in stand-alone environment anyway.
++ifeq ($(PLATFORM), solaris64-sparcv9-cc-sunw-wanboot)
++DIRS=   crypto ssl
++else
+ DIRS=   crypto ssl engines apps test tools
++endif
+ ENGDIRS= ccgost
+ SHLIBDIRS= crypto ssl
+ 
+--- openssl-1.0.0g/Makefile	2012-01-18 05:42:28.000000000 -0800
++++ openssl-1.0.0g-1/Makefile	2012-03-26 03:03:59.170540344 -0700
[email protected]@ -111,7 +111,13 @@
+ ZLIB_INCLUDE=
+ LIBZLIB=
+ 
++# For wanboot, we only need crypto and ssl.
++# 'apps' are not patched to work in stand-alone environment anyway.
++ifeq ($(PLATFORM), solaris64-sparcv9-cc-sunw-wanboot)
++DIRS=   crypto ssl
++else
+ DIRS=   crypto ssl engines apps test tools
++endif
+ ENGDIRS= ccgost
+ SHLIBDIRS= crypto ssl
+ 
+--- openssl-1.0.0e/crypto/cryptlib.c	2011-06-22 08:39:00.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/cryptlib.c	2011-12-12 06:17:45.422476900 -0800
[email protected]@ -871,6 +871,10 @@
+ 	MessageBox (NULL,buf,_T("OpenSSL: FATAL"),MB_OK|MB_ICONSTOP);
+ }
+ #else
++/* Solaris libsa.a used for WAN boot doesn't provide for vfprintf(). Since
++ *  * OPENSSL_showfatal() is not used anywhere else then here we can safely use
++ *   * the code from 0.9.7d version. */
++#ifndef	_BOOT
+ void OPENSSL_showfatal (const char *fmta,...)
+ { va_list ap;
+ 
[email protected]@ -878,14 +882,21 @@
+     vfprintf (stderr,fmta,ap);
+     va_end (ap);
+ }
++#endif	/* _BOOT */
+ int OPENSSL_isservice (void) { return 0; }
+ #endif
+ 
+ void OpenSSLDie(const char *file,int line,const char *assertion)
+ 	{
++#ifndef	_BOOT		
+ 	OPENSSL_showfatal(
+ 		"%s(%d): OpenSSL internal error, assertion failed: %s\n",
+ 		file,line,assertion);
++#else
++	fprintf(stderr,
++		"%s(%d): OpenSSL internal error, assertion failed: %s\n",
++		file,line,assertion);
++#endif	
+ #if !defined(_WIN32) || defined(__CYGWIN__)
+ 	abort();
+ #else
+--- openssl-1.0.0e/crypto/err/err_all.c	2009-08-09 07:58:05.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/err/err_all.c	2011-12-13 05:22:01.205351400 -0800
[email protected]@ -142,7 +142,9 @@
+ 	ERR_load_X509V3_strings();
+ 	ERR_load_PKCS12_strings();
+ 	ERR_load_RAND_strings();
++#ifndef _BOOT
+ 	ERR_load_DSO_strings();
++#endif /* _BOOT */
+ 	ERR_load_TS_strings();
+ #ifndef OPENSSL_NO_ENGINE
+ 	ERR_load_ENGINE_strings();
+--- openssl-1.0.0e/crypto/evp/evp_key.c	2010-03-27 12:27:50.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/evp/evp_key.c	2011-12-13 05:19:32.956908600 -0800
[email protected]@ -84,7 +84,7 @@
+ 	else
+ 		return(prompt_string);
+ 	}
+-
++#ifndef	_BOOT
+ /* For historical reasons, the standard function for reading passwords is
+  * in the DES library -- if someone ever wants to disable DES,
+  * this function will fail */
[email protected]@ -111,6 +111,7 @@
+ 	OPENSSL_cleanse(buff,BUFSIZ);
+ 	return ret;
+ 	}
++#endif	/* !_BOOT */
+ 
+ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, 
+ 	     const unsigned char *salt, const unsigned char *data, int datal,
+--- openssl-1.0.0e/crypto/rand/rand_unix.c	2009-04-06 07:31:36.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/rand/rand_unix.c	2011-12-19 07:28:39.988944800 -0800
[email protected]@ -122,7 +122,11 @@
+ #include <sys/time.h>
+ #include <sys/times.h>
+ #include <sys/stat.h>
++#ifdef	_BOOT
++#include <sys/fcntl.h>
++#else
+ #include <fcntl.h>
++#endif
+ #include <unistd.h>
+ #include <time.h>
+ #if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually everywhere */
[email protected]@ -253,6 +257,11 @@
+ 	const char **egdsocket = NULL;
+ #endif
+ 
++#ifdef _BOOT
++/* open() is provided by standalone libsa not visible from here */
++extern int open(const char *, int);
++#endif
++
+ #ifdef DEVRANDOM
+ 	memset(randomstats,0,sizeof(randomstats));
+ 	/* Use a random entropy pool device. Linux, FreeBSD and OpenBSD
[email protected]@ -295,9 +304,13 @@
+ 				{
+ 				int try_read = 0;
+ 
+-#if defined(OPENSSL_SYS_BEOS_R5)
++#if defined(OPENSSL_SYS_BEOS_R5) || defined(_BOOT)
+ 				/* select() is broken in BeOS R5, so we simply
+ 				 *  try to read something and snooze if we couldn't */
++				/* 
++				 * select() is not available when linking stand-alone
++				 * library for wanboot 
++				 */
+ 				try_read = 1;
+ 
+ #elif defined(OPENSSL_SYS_LINUX)
[email protected]@ -355,6 +368,7 @@
+ 				else
+ 					r = -1;
+ 				
++#ifndef	_BOOT				
+ 				/* Some Unixen will update t in select(), some
+ 				   won't.  For those who won't, or if we
+ 				   didn't use select() in the first place,
[email protected]@ -366,13 +380,17 @@
+ 				}
+ 			while ((r > 0 ||
+ 			       (errno == EINTR || errno == EAGAIN)) && usec != 0 && n < ENTROPY_NEEDED);
++#else	/* _BOOT */
++				}
++			while (r > 0 && n < ENTROPY_NEEDED);
++#endif	/* _BOOT */			
+ 
+ 			close(fd);
+ 			}
+ 		}
+ #endif /* defined(DEVRANDOM) */
+ 
+-#ifdef DEVRANDOM_EGD
++#if defined(DEVRANDOM_EGD) && !defined(_BOOT)
+ 	/* Use an EGD socket to read entropy from an EGD or PRNGD entropy
+ 	 * collecting daemon. */
+ 
[email protected]@ -395,6 +413,7 @@
+ 		}
+ #endif
+ 
++#ifndef	_BOOT
+ 	/* put in some default random data, we need more than just this */
+ 	l=curr_pid;
+ 	RAND_add(&l,sizeof(l),0.0);
[email protected]@ -403,6 +422,7 @@
+ 
+ 	l=time(NULL);
+ 	RAND_add(&l,sizeof(l),0.0);
++#endif /* !_BOOT */	
+ 
+ #if defined(OPENSSL_SYS_BEOS)
+ 	{
+
+--- openssl-1.0.0e/crypto/rand/randfile.c	2011-03-19 02:44:37.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/rand/randfile.c	2011-12-13 05:26:51.884824200 -0800
[email protected]@ -57,7 +57,9 @@
+  */
+ 
+ /* We need to define this to get macros like S_IFBLK and S_IFCHR */
++#ifndef	_BOOT
+ #define _XOPEN_SOURCE 500
++#endif	/* _BOOT */
+ 
+ #include <errno.h>
+ #include <stdio.h>
+--- openssl-1.0.0e/crypto/x509v3/v3_utl.c	2009-07-27 14:08:53.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/x509v3/v3_utl.c	2011-12-13 05:10:08.844191400 -0800
[email protected]@ -659,9 +659,52 @@
+ 		}
+ 	}
+ 
++#if	defined(_BOOT)
++/* This function was copied from bio/b_sock.c */
++static int get_ip(const char *str, unsigned char ip[4])
++	{
++	unsigned int tmp[4];
++	int num=0,c,ok=0;
++
++	tmp[0]=tmp[1]=tmp[2]=tmp[3]=0;
++
++	for (;;)
++		{
++		c= *(str++);
++		if ((c >= '0') && (c <= '9'))
++			{
++			ok=1;
++			tmp[num]=tmp[num]*10+c-'0';
++			if (tmp[num] > 255) return(0);
++			}
++		else if (c == '.')
++			{
++			if (!ok) return(-1);
++			if (num == 3) return(0);
++			num++;
++			ok=0;
++			}
++		else if (c == '\0' && (num == 3) && ok)
++			break;
++		else
++			return(0);
++		}
++	ip[0]=tmp[0];
++	ip[1]=tmp[1];
++	ip[2]=tmp[2];
++	ip[3]=tmp[3];
++	return(1);
++	}
++#endif /* _BOOT */
++
+ static int ipv4_from_asc(unsigned char *v4, const char *in)
+ 	{
+ 	int a0, a1, a2, a3;
++
++#if	defined(_BOOT)
++	if (get_ip(in, v4) != 1)
++		return 0;
++#else	/* _BOOT */
+ 	if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
+ 		return 0;
+ 	if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255)
[email protected]@ -671,6 +716,7 @@
+ 	v4[1] = a1;
+ 	v4[2] = a2;
+ 	v4[3] = a3;
++#endif	/* _BOOT */
+ 	return 1;
+ 	}
+ 
+--- openssl-1.0.0e/e_os.h	2011-12-19 04:17:51.631087400 -0800
++++ openssl-1.0.0e_patched/e_os.h	2011-12-19 04:15:15.776668900 -0800
[email protected]@ -207,10 +207,19 @@
+ #define get_last_socket_error()	errno
+ #define clear_socket_error()	errno=0
+ #define ioctlsocket(a,b,c)	ioctl(a,b,c)
++#ifdef	_BOOT
++#include <netinet/in.h>
++extern int socket_read(int, void *, size_t, int);
++extern int socket_close(int);
++#define	closesocket(s)		socket_close(s)
++#define	readsocket(s,b,n)	socket_read((s),(b),(n), 200)
++#define	writesocket(s,b,n)	send((s),(b),(n), 0)
++#else  /* !_BOOT */
+ #define closesocket(s)		close(s)
+ #define readsocket(s,b,n)	read((s),(b),(n))
+ #define writesocket(s,b,n)	write((s),(b),(n))
+ #endif
++#endif
+ 
+ #ifdef WIN16 /* never the case */
+ #  define MS_CALLBACK	_far _loadds
+--- openssl-1.0.0e/crypto/sparcv9cap.c	2010-09-05 12:48:01.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/sparcv9cap.c	2011-12-23 05:24:02.011607700 -0800
[email protected]@ -12,7 +12,11 @@
+ #define SPARCV9_VIS2		(1<<3)	/* reserved */
+ #define SPARCV9_FMADD		(1<<4)	/* reserved for SPARC64 V */
+ 
++#ifndef	_BOOT
+ static int OPENSSL_sparcv9cap_P=SPARCV9_TICK_PRIVILEGED;
++#else
++static int OPENSSL_sparcv9cap_P = SPARCV9_VIS1;
++#endif
+ 
+ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num)
+ 	{
[email protected]@ -32,6 +36,7 @@
+ void		_sparcv9_vis2_probe(void);
+ void		_sparcv9_fmadd_probe(void);
+ 
++#ifndef _BOOT
+ unsigned long OPENSSL_rdtsc(void)
+ 	{
+ 	if (OPENSSL_sparcv9cap_P&SPARCV9_TICK_PRIVILEGED)
[email protected]@ -43,8 +48,19 @@
+ 	else
+ 		return _sparcv9_rdtick();
+ 	}
++#endif
++
++#if defined(_BOOT)
++/*
++ * Hardcoding sparc capabilities for wanboot.
++ * Older CPUs are EOLed anyway.
++ */
++void OPENSSL_cpuid_setup(void)
++	{
++	OPENSSL_sparcv9cap_P = SPARCV9_VIS1;
++	}
+ 
+-#if 0 && defined(__sun) && defined(__SVR4)
++#elif 0 && defined(__sun) && defined(__SVR4)
+ /* This code path is disabled, because of incompatibility of
+  * libdevinfo.so.1 and libmalloc.so.1 (see below for details)
+  */
+--- openssl-1.0.0e/crypto/sparccpuid.S	2010-09-05 12:48:01.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/sparccpuid.S	2012-02-13 07:42:58.259478325 -0800
[email protected]@ -397,6 +397,11 @@
+ .type	OPENSSL_cleanse,#function
+ .size	OPENSSL_cleanse,.-OPENSSL_cleanse
+ 
++#ifndef _BOOT
+ .section	".init",#alloc,#execinstr
+	call	OPENSSL_cpuid_setup
+	nop
++#else
++	nop
++	nop
++#endif
+--- openssl-1.0.0e/crypto/Makefile	2010-07-26 15:09:59.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/Makefile	2011-12-22 08:26:22.041955800 -0800
[email protected]@ -34,8 +34,8 @@
+ 
+ LIB= $(TOP)/libcrypto.a
+ SHARED_LIB= libcrypto$(SHLIB_EXT)
+-LIBSRC=	cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c
+-LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o $(CPUID_OBJ)
++LIBSRC=	cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c wanboot-stubs.c
++LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o wanboot-stubs.o $(CPUID_OBJ)
+ 
+ SRC= $(LIBSRC)
+ 
--- a/components/openssl/openssl-1.0.0/patches/openssl-1.0.0d-t4-engine.sparc-patch	Fri Apr 06 11:00:02 2012 -0700
+++ b/components/openssl/openssl-1.0.0/patches/openssl-1.0.0d-t4-engine.sparc-patch	Sun Apr 08 02:30:08 2012 -0700
@@ -27,10 +27,9 @@
  #
 -"solaris64-sparcv9-cc-sunw","cc:-xtarget=ultra -m64 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -xspace -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc:BN_LLONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs::/64",
 +"solaris64-sparcv9-cc-sunw","cc:-xtarget=ultra -m64 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -xspace -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc -lsoftcrypto:BN_LLONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs::/64",
- 
- #### IRIX 5.x configs
- # -mips2 flag is added by ./config when appropriate.
-Index: crypto/aes/Makefile
+ # Option -xF=%all instructs the compiler to place functions and data
+ # variables into separate section fragments. This enables the link editor
+ # to discard unused sections and files when linking wanboot-openssl.o
 ===================================================================
 diff -ru openssl-1.0.0d/crypto/aes/ openssl-1.0.0d/crypto/aes/Makefile
 --- openssl-1.0.0d/crypto/aes/Makefile	2011-05-24 17:03:31.000000000 -0700
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-1.0.0/wanboot-openssl/wanboot-stubs.c	Sun Apr 08 02:30:08 2012 -0700
@@ -0,0 +1,122 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+/*
+ * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+ */
+
+/* Content of this file is only needed for wanboot. */
+#ifdef	_BOOT
+
+#include <sys/types.h>
+#include <dirent.h>
+#include <errno.h>
+#include <stddef.h>
+
+/*
+ * In OpenSSL 0.9.7 the EVP_read_pw_string now calls into the new "ui"
+ * routines of 0.9.7, which is not compiled in the standalone, so it is
+ * stubbed out here to avoid having to add a bunch of #ifndef's elsewhere.
+ */
+/* ARGSUSED */
+int
+EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, int
+    verify)
+{
+	return (-1); /* failure */
+}
+
+/*
+ * In standalone issetugid() is always false.
+ */
+int
+OPENSSL_issetugid(void)
+{
+	return (1);
+}
+
+/*
+ * Directory routines -- currently, the only consumer of these interfaces
+ * is $SRC/common/openssl/ssl/ssl_cert.c, and it has fallback code in the
+ * case of failure, so we just fail opendir() and stub out the rest.  At
+ * some point, we may need to provide a real implementation.
+ */
+/* ARGSUSED */
+DIR *
+opendir(const char *dirname)
+{
+	errno = EACCES;
+	return (NULL);
+}
+
+/* ARGSUSED */
+struct dirent *
+readdir(DIR *dirp)
+{
+	return (NULL);
+}
+
+/* ARGSUSED */
+int
+closedir(DIR *dirp)
+{
+	return (0);
+}
+
+/*
+ * Atoi is used on multiple places in libcrypto.
+ * This implementation is taken from stand-alone libsock library:
+ * usr/src/stand/lib/sock/sock_test.c
+ * Alternative solution: just extern it here, wanboot has -lsock anyway.
+ */
+#ifndef	isdigit
+#define	isdigit(c) ((c) >= '0' && (c) <= '9')
+#endif
+
+#ifndef	isspace
+#define	isspace(c) ((c) == ' ' || (c) == '\t' || (c) == '\n' || \
+		    (c) == '\r' || (c) == '\f' || (c) == '\013')
+#endif
+int
+atoi(const char *p)
+{
+	int n;
+	int c = *p++, neg = 0;
+
+	while (isspace(c)) {
+		c = *p++;
+	}
+	if (!isdigit(c)) {
+		switch (c) {
+		case '-':
+			neg++;
+			/* FALLTHROUGH */
+		case '+':
+			c = *p++;
+		}
+	}
+	for (n = 0; isdigit(c); c = *p++) {
+		n *= 10; /* two steps to avoid unnecessary overflow */
+		n += '0' - c; /* accum neg to avoid surprises at MAX */
+	}
+	return (neg ? n : -n);
+}
+
+#endif	/* _BOOT */