19375978 Common code between openssl-1.0.1 and openssl-1.0.1-fips-140 should be shared
--- a/components/openssl/README Wed May 27 17:12:47 2015 -0700
+++ b/components/openssl/README Thu May 28 09:54:36 2015 -0700
@@ -18,7 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved.
#
@@ -57,95 +57,15 @@
The non-fips Build.
---
-The non-fips build is the main build of OpenSSL and includes the regular
+The non-fips build is the 'default' build of OpenSSL and includes the regular
binaries, libraries, man pages, and header files.
-Patches
----
-
-08-6193522.patch
-Give CA.pl better defaults. See 6193522 for more information.
-
-11-6546806.patch
-Make sure the HMAC_CTX_init(3) man page gets delivered. See 6546806 for
-more information.
-
-14-manpage_openssl.patch
-Force openssl to install man pages into man[1357]openssl instead of man[1357].
-
-15-pkcs11_engine-0.9.8a.patch
-Patch which adds the pkcs11 engine. See also the engine/pkcs11
-sub-directory.
-
-18-compiler_opts.patch
-Adds five Solaris specific configurations (both 32bit and 64bit for both sparc
-and x86, plus 64bit sparc for wanboot) to Configure which are then explicitly
-used by the Makefiles. Wanboot configuration is special in that it doesn't link
-with libc and uses -xF=%all to put functions in separate sections, so that
-unused code can be discarded.
-
-Care should be taken if modifying this patch as changes to compile-time options
-can change the ABI. One example of this is the use of RC4_INT vs RC4_CHAR.
-
-20-remove_rpath.patch
-Prevent build binaries having an unnecessary runpath (/lib).
-
-23-noexstack.patch
-Build with non-executable stacks and non-executable data (x86).
-
-27-6978791.patch
-Modifies Makefile.shared so that libssl is built with -znodelete.
-
-28-enginesdir.patch
-Adds a new "enginesdir" option to the Configure script which allows a user to
-specify the engines directory.
-
-30_wanboot.patch:
-Wanboot specific patches.
-- modified Makefiles not to build in engines apps test tools
-- not using vfprintf for error print in crypto/cryptlib.c
-- not using ERR_load_DSO_strings() in crypto/err/err_all.c
-- not using EVP_read_pw_string() in crypto/evp/evp_key.c
- - reading password is implemented in disabled DES library
-- avoid select() in crypto/rand/rand_unix.c
-- direct reading of IP to avoid sscanf() in crypto/x509v3/v3_utl.c
-- using functions from libsock in e_os.h
-- by-passing version of sparc detection in crypto/sparcv9cap.c
- - results in not using FPU for big numbers multiplication
- - should be ok - original detection seems broken, FPU gets never used
-- implementation of atoi()
-- avoid using ssl_fill_hello_random() in s3_clnt.c
-
-37_openssl_t4_inline.patch
-SPARC-only patch.
-Add patch to support inline T4 instruction in OpenSSL upstream code until
-OpenSSL 1.0.2 is released.
-
-opensslconf.patch
-Modifies opensslconf.h so that it is suitable for both 32bit and 64bit installs.
-OpenSSL either builds for 32bit or 64bit - it doesn't allow for combined 32bit
-and 64bit builds.
-
-38_remove_illegal_instruction_calls.patch
-SPARC patch. Solaris-only patch.
-For instructions in sparcv9cap.c, remove if not supported on any platforms.
-Otherwise modify them to call getisax() to check for HW capability instead.
The fips Build
---
We are now shipping FIPS-140 certified OpenSSL 1.0.1 with S12 and S11.2.
The admin may choose to activate 'openssl-fips' implementation using 'pkg mediator'.
-The change will come soon.
-
-
-Patches
----
-
-All the patches from 1.0.1 (non-fips) are used in 1.0.1(fips) as well aside from
-14-manpage_openssl.patch which is not needed since we do not deliver 1.0.1(fips) man
-pages. Once we make fips version public, we should deliver man page.
-(coming soon)
The wanboot Build
----
@@ -312,3 +232,120 @@
Finally, resulting wanboot binary shall be deployed on some install server and
wanbooting from this server shall be tested.
+
+===============
+Common Patches
+===============
+
+Common patch files are located in the components/openssl/common/patches dir,
+and they are copied to both FIPS and non-FIPS 'patches' dir as soon as the
+Makefile is parsed. The Common patch filename has prefix '0',
+
+----
+
+008-6193522.patch
+Give CA.pl better defaults. See 6193522 for more information.
+
+011-6546806.patch
+Make sure the HMAC_CTX_init(3) man page gets delivered. See 6546806 for
+more information.
+
+015-pkcs11_engine-0.9.8a.patch
+Patch which adds the pkcs11 engine. See also the engine/pkcs11
+sub-directory.
+
+018-compiler_opts.patch
+Adds five Solaris specific configurations (both 32bit and 64bit for both sparc
+and x86, plus 64bit sparc for wanboot) to Configure which are then explicitly
+used by the Makefiles. Wanboot configuration is special in that it doesn't link
+with libc and uses -xF=%all to put functions in separate sections, so that
+unused code can be discarded.
+
+Care should be taken if modifying this patch as changes to compile-time options
+can change the ABI. One example of this is the use of RC4_INT vs RC4_CHAR.
+
+020-remove_rpath.patch
+Prevent build binaries having an unnecessary runpath (/lib).
+
+023-noexstack.patch
+Build with non-executable stacks and non-executable data (x86).
+
+027-6978791.patch
+Modifies Makefile.shared so that libssl is built with -znodelete.
+
+028-enginesdir.patch
+Adds a new "enginesdir" option to the Configure script which allows a user to
+specify the engines directory.
+
+029-fork_safe.patch
+Adds the code to setup internal mutexes and callback function.
+See PSARC/2014/077.
+
+032-aes_cbc_len_check.patch
+AES-CBC input length is checked to avoid segmentation fault.
+
+033-cert_chain.patch
+Fixes the certificate chain bug.
+
+036-evp_leak.patch
+Fixes the memory leak bug.
+
+038_remove_illegal_instruction_calls.patch
+SPARC patch. Solaris-only patch.
+For instructions in sparcv9cap.c, remove if not supported on any platforms.
+Otherwise modify them to call getisax() to check for HW capability instead.
+
+039-internal_tests.patch
+Remove test 'test_ca' because it depends on directories not present in the
+build directory.
+
+=========================
+Non-FIPS specific Patches
+=========================
+
+Non-FIPS specific patch files are located in the
+components/openssl/openssl-1.0.1/patches dir.
+The Non-FIPS specific patch filename has prefix '1',
+
+----
+101-manpage_openssl.patch
+Force openssl to install man pages into man[1357]openssl instead of man[1357].
+
+102-wanboot.patch:
+Wanboot specific patches.
+- modified Makefiles not to build in engines apps test tools
+- not using vfprintf for error print in crypto/cryptlib.c
+- not using ERR_load_DSO_strings() in crypto/err/err_all.c
+- not using EVP_read_pw_string() in crypto/evp/evp_key.c
+ - reading password is implemented in disabled DES library
+- avoid select() in crypto/rand/rand_unix.c
+- direct reading of IP to avoid sscanf() in crypto/x509v3/v3_utl.c
+- using functions from libsock in e_os.h
+- by-passing version of sparc detection in crypto/sparcv9cap.c
+ - results in not using FPU for big numbers multiplication
+ - should be ok - original detection seems broken, FPU gets never used
+- implementation of atoi()
+- avoid using ssl_fill_hello_random() in s3_clnt.c
+
+103-openssl_t4_inline.patch
+Add patch to support inline T4 instruction in OpenSSL upstream code until
+OpenSSL 1.0.2 is released.
+
+104-suppress_v8plus_abi_warnings.patch
+Suppress warnings about sparcv8+ ABI violation when building T4-specific
+modules as 32-bit.
+
+=========================
+FIPS specific Patches
+=========================
+
+FIPS specific patch files are located in the
+components/openssl/openssl-1.0.1-fips-140/patches dir.
+The FIPS specific patch filename has prefix '2',
+
+---
+201-openssl_fips.patch
+Change openssl(1) to call the FIPS routines only if the fips mediator is activated.
+
+202-17952966.patch
+FIPS version needs to build with '-lc' explicitly with stuido 12.3 and above.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/common/patches/008-6193522.patch Thu May 28 09:54:36 2015 -0700
@@ -0,0 +1,54 @@
+diff -ruN openssl-0.9.8a/apps/CA.pl.in openssl-0.9.8a/apps/CA.pl.in
+--- openssl-0.9.8a/apps/CA.pl.in 2005-07-04 23:44:22.000000000 +0200
++++ openssl-0.9.8a/apps/CA.pl.in 2009-04-21 16:08:45.354925289 +0200
+@@ -53,7 +53,7 @@
+ $X509="$openssl x509";
+ $PKCS12="$openssl pkcs12";
+
+-$CATOP="./demoCA";
++$CATOP="/etc/openssl";
+ $CAKEY="cakey.pem";
+ $CAREQ="careq.pem";
+ $CACERT="cacert.pem";
+diff -ruN openssl-0.9.8a/apps/openssl.cnf openssl-0.9.8a/apps/openssl.cnf
+--- openssl-0.9.8a/apps/openssl.cnf 2005-09-16 14:20:24.000000000 +0200
++++ openssl-0.9.8a/apps/openssl.cnf 2009-04-21 16:07:13.910980196 +0200
+@@ -39,7 +39,7 @@
+ ####################################################################
+ [ CA_default ]
+
+-dir = ./demoCA # Where everything is kept
++dir = /etc/openssl # Where everything is kept
+ certs = $dir/certs # Where the issued certs are kept
+ crl_dir = $dir/crl # Where the issued crl are kept
+ database = $dir/index.txt # database index file.
+@@ -49,7 +49,7 @@
+
+ certificate = $dir/cacert.pem # The CA certificate
+ serial = $dir/serial # The current serial number
+-crlnumber = $dir/crlnumber # the current crl number
++#crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+ crl = $dir/crl.pem # The current CRL
+ private_key = $dir/private/cakey.pem# The private key
+@@ -126,17 +126,17 @@
+
+ [ req_distinguished_name ]
+ countryName = Country Name (2 letter code)
+-countryName_default = AU
++#countryName_default = US
+ countryName_min = 2
+ countryName_max = 2
+
+ stateOrProvinceName = State or Province Name (full name)
+-stateOrProvinceName_default = Some-State
++#stateOrProvinceName_default = Some-State
+
+ localityName = Locality Name (eg, city)
+
+ 0.organizationName = Organization Name (eg, company)
+-0.organizationName_default = Internet Widgits Pty Ltd
++#0.organizationName_default = Unconfigured OpenSSL Installation
+
+ # we can do this but it is not needed normally :-)
+ #1.organizationName = Second Organization Name (eg, company)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/common/patches/011-6546806.patch Thu May 28 09:54:36 2015 -0700
@@ -0,0 +1,12 @@
+diff -ruN openssl-0.9.8a/doc/crypto/hmac.pod openssl-0.9.8a/doc/crypto/hmac.pod
+--- openssl-0.9.8a/doc/crypto/hmac.pod 2002-07-18 20:54:45.000000000 +0200
++++ openssl-0.9.8a/doc/crypto/hmac.pod 2009-04-10 11:09:46.449071541 +0200
+@@ -2,7 +2,7 @@
+
+ =head1 NAME
+
+-HMAC, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup - HMAC message
++HMAC, HMAC_CTX_init, HMAC_Init, HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_cleanup, HMAC_cleanup - HMAC message
+ authentication code
+
+ =head1 SYNOPSIS
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/common/patches/015-pkcs11_engine-0.9.8a.patch Thu May 28 09:54:36 2015 -0700
@@ -0,0 +1,196 @@
+#
+# This patch file adds the Solaris's pkcs11 engine.
+# This is Solaris-specific (developed in house): not suitable for upstream.
+#
+--- /tmp/Configure Fri Feb 11 14:40:39 2011
++++ openssl-1.0.0d/Configure Fri Feb 11 14:41:36 2011
+@@ -10,7 +10,7 @@
+
+ # see INSTALL for instructions.
+
+-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
++my $usage="Usage: Configure --pk11-libname=PK11_LIB_LOCATION [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+
+ # Options:
+ #
+@@ -19,6 +19,9 @@
+ # --prefix prefix for the OpenSSL include, lib and bin directories
+ # (Default: the OPENSSLDIR directory)
+ #
++# --pk11-libname PKCS#11 library name.
++# (Default: none)
++#
+ # --install_prefix Additional prefix for package builders (empty by
+ # default). This needn't be set in advance, you can
+ # just as well use "make INSTALL_PREFIX=/whatever install".
+@@ -657,6 +661,9 @@
+ my $idx_arflags = $idx++;
+ my $idx_multilib = $idx++;
+
++# PKCS#11 engine patch
++my $pk11_libname="";
++
+ my $prefix="";
+ my $libdir="";
+ my $openssldir="";
+@@ -882,6 +888,10 @@
+ $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
+ $flags.=$_." ";
+ }
++ elsif (/^--pk11-libname=(.*)$/)
++ {
++ $pk11_libname=$1;
++ }
+ elsif (/^--prefix=(.*)$/)
+ {
+ $prefix=$1;
+@@ -1049,6 +1059,13 @@
+ exit 0;
+ }
+
++if (! $pk11_libname)
++ {
++ print STDERR "You must set --pk11-libname for PKCS#11 library.\n";
++ print STDERR "See README.pkcs11 for more information.\n";
++ exit 1;
++ }
++
+ if ($target =~ m/^CygWin32(-.*)$/) {
+ $target = "Cygwin".$1;
+ }
+@@ -1215,6 +1232,8 @@
+ if ($flags ne "") { $cflags="$flags$cflags"; }
+ else { $no_user_cflags=1; }
+
++$cflags="-DPK11_LIB_LOCATION=\"$pk11_libname\" $cflags";
++
+ # Kerberos settings. The flavor must be provided from outside, either through
+ # the script "config" or manually.
+ if (!$no_krb5)
+@@ -1604,6 +1623,7 @@
+ s/^VERSION=.*/VERSION=$version/;
+ s/^MAJOR=.*/MAJOR=$major/;
+ s/^MINOR=.*/MINOR=$minor/;
++ s/^PK11_LIB_LOCATION=.*/PK11_LIB_LOCATION=$pk11_libname/;
+ s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
+ s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
+ s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
+--- /tmp/Makefile.org Fri Feb 11 14:41:54 2011
++++ openssl-1.0.0d/Makefile.org Fri Feb 11 14:38:01 2011
+@@ -26,6 +26,9 @@
+ INSTALL_PREFIX=
+ INSTALLTOP=/usr/local/ssl
+
++# You must set this through --pk11-libname configure option.
++PK11_LIB_LOCATION=
++
+ # Do not edit this manually. Use Configure --openssldir=DIR do change this!
+ OPENSSLDIR=/usr/local/ssl
+
+--- /tmp/Makefile Mon Feb 14 14:59:22 2011
++++ openssl-1.0.0d/engines/Makefile Mon Feb 14 15:00:35 2011
+@@ -26,7 +26,8 @@
+ APPS=
+
+ LIB=$(TOP)/libcrypto.a
+-LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi
++LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi \
++ pk11
+
+ LIBSRC= e_4758cca.c \
+ e_aep.c \
+@@ -38,7 +39,8 @@
+ e_sureware.c \
+ e_ubsec.c \
+ e_padlock.c \
+- e_capi.c
++ e_capi.c \
++ e_pk11.c
+ LIBOBJ= e_4758cca.o \
+ e_aep.o \
+ e_atalla.o \
+@@ -49,7 +51,8 @@
+ e_sureware.o \
+ e_ubsec.o \
+ e_padlock.o \
+- e_capi.o
++ e_capi.o \
++ e_pk11.o
+
+ SRC= $(LIBSRC)
+
+@@ -63,7 +66,8 @@
+ e_nuron_err.c e_nuron_err.h \
+ e_sureware_err.c e_sureware_err.h \
+ e_ubsec_err.c e_ubsec_err.h \
+- e_capi_err.c e_capi_err.h
++ e_capi_err.c e_capi_err.h \
++ e_pk11.h e_pk11_uri.h e_pk11_err.h e_pk11_pub.c e_pk11_uri.c e_pk11_err.c
+
+ ALL= $(GENERAL) $(SRC) $(HEADER)
+
+@@ -78,7 +82,7 @@
+ for l in $(LIBNAMES); do \
+ $(MAKE) -f ../Makefile.shared -e \
+ LIBNAME=$$l LIBEXTRAS=e_$$l.o \
+- LIBDEPS='-L.. -lcrypto $(EX_LIBS)' \
++ LIBDEPS='-L.. -lcrypto -lcryptoutil $(EX_LIBS)' \
+ link_o.$(SHLIB_TARGET); \
+ done; \
+ else \
+--- crypto/engine/eng_all.c Thu Sep 5 12:59:50 2013
++++ openssl-1.0.1e/crypto/engine/eng_all.c Thu Sep 5 12:59:50 2013
+@@ -60,6 +60,16 @@
+ #include "cryptlib.h"
+ #include "eng_int.h"
+
++/*
++ * pkcs11 engine no longer is a built-in engine, and ENGINE_load_pk11() needs to be
++ * defined in libcrypto.so for ssh. Instead of load pkcs11 engine, it load dynamic
++ * engines.
++ */
++void ENGINE_load_pk11(void)
++ {
++ ENGINE_load_dynamic();
++ }
++
+ void ENGINE_load_builtin_engines(void)
+ {
+ /* Some ENGINEs need this */
+--- crypto/dso/dso_lib.c Thu Sep 5 12:59:50 2013
++++ openssl-1.0.1e/crypto/dso/dso_lib.c Thu Sep 5 12:59:50 2013
+@@ -396,6 +396,24 @@
+ DSOerr(DSO_F_DSO_CONVERT_FILENAME, DSO_R_NO_FILENAME);
+ return (NULL);
+ }
++ /*
++ * For pkcs11 engine, use libpk11.so (instead of libpkcs11.so) to
++ * avoid the name collision with PKCS#11 library.
++ */
++ if (strcmp(filename, "pkcs11") == 0) {
++#ifdef _LP64
++ char *fullpath = "/lib/openssl/engines/64/libpk11.so";
++#else
++ char *fullpath = "/lib/openssl/engines/libpk11.so";
++#endif
++ result = OPENSSL_malloc(strlen(fullpath) + 1);
++ if(result == NULL) {
++ DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE);
++ return(NULL);
++ }
++ BUF_strlcpy(result, fullpath, strlen(fullpath) + 1);
++ return (result);
++ }
+ if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
+ if (dso->name_converter != NULL)
+ result = dso->name_converter(dso, filename);
+--- /tmp/engine.h Fri Feb 11 14:46:24 2011
++++ openssl-1.0.0d/crypto/engine/engine.h Fri Feb 11 14:47:32 2011
+@@ -413,6 +413,7 @@
+ # endif
+ # endif
+ void ENGINE_load_cryptodev(void);
++void ENGINE_load_pk11(void);
+ void ENGINE_load_rsax(void);
+ void ENGINE_load_rdrand(void);
+ void ENGINE_load_builtin_engines(void);
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/common/patches/018-compiler_opts.patch Thu May 28 09:54:36 2015 -0700
@@ -0,0 +1,36 @@
+#
+# This was developed in house to support Solaris-specific options.
+# Not suitable for upstream.
+#
+--- openssl-1.0.0d/Configure Thu Feb 10 20:02:41 2011
++++ /tmp/Configure Thu Feb 10 20:01:51 2011
+@@ -133,6 +133,7 @@
+ my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o modexp512-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o:";
+ my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void";
+ my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::ghash-sparcv9.o::void";
++my $fips_sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::ghash-sparcv9.o::void";
+ my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::::void";
+ my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o:::::sha1-alpha.o:::::::ghash-alpha.o::void";
+ my $mips32_asm=":bn-mips.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o::::::::";
+@@ -257,6 +257,21 @@
+ #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
+ "sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
+
++#### Solaris configs, used for OpenSSL as delivered by S11.
++"solaris-x86-cc-sunw","cc:-m32 -xO3 -xspace -Xa::-D_REENTRANT::-lsocket -lnsl -lc:BN_LLONG RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${x86_elf_asm}:dlfcn:solaris-shared:-KPIC:-m32 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign -M/usr/lib/ld/map.noexdata:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++#
++"solaris64-x86_64-cc-sunw","cc:-xO3 -m64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -lc:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR DES_PTR DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign -M/usr/lib/ld/map.noexdata:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++#
++"solaris-sparcv9-cc-sunw","cc:-xtarget=ultra -m32 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc:BN_LLONG RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m32 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++#
++"solaris64-sparcv9-cc-sunw","cc:-xtarget=ultra -m64 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -xspace -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc:BN_LLONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/bin/ar rs::/64",
++"solaris-fips-sparcv9-cc-sunw","cc:-xtarget=ultra -m32 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc -lsoftcrypto -R /lib/openssl/fips-140:BN_LLONG RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${fips_sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m32 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"solaris64-fips-sparcv9-cc-sunw","cc:-xtarget=ultra -m64 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -xspace -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc:BN_LLONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${fips_sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/bin/ar rs::/64",
++# Option -xF=%all instructs the compiler to place functions and data
++# variables into separate section fragments. This enables the link editor
++# to discard unused sections and files when linking wanboot-openssl.o
++"solaris64-sparcv9-cc-sunw-wanboot","cc:-xtarget=ultra -m64 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -xspace -xannotate=no -xF=%all -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl:BN_LLONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/bin/ar rs::/64",
++
+ #### IRIX 5.x configs
+ # -mips2 flag is added by ./config when appropriate.
+ "irix-gcc","gcc:-O3 -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/common/patches/020-remove_rpath.patch Thu May 28 09:54:36 2015 -0700
@@ -0,0 +1,11 @@
+--- /export/openssl/openssl-1.0.0d/Makefile.shared Sat Aug 21 13:36:49 2010
++++ openssl-1.0.0d/Makefile.shared Mon Feb 14 14:25:51 2011
+@@ -393,7 +393,7 @@
+ @ if $(DETECT_GNU_LD); then \
+ $(DO_GNU_APP); \
+ else \
+- LDFLAGS="$(CFLAGS) -R $(LIBRPATH)"; \
++ LDFLAGS="$(CFLAGS)"; \
+ fi; \
+ $(LINK_APP)
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/common/patches/023-noexstack.patch Thu May 28 09:54:36 2015 -0700
@@ -0,0 +1,21 @@
+--- /tmp/Makefile.shared Mon Feb 14 14:33:05 2011
++++ openssl-1.0.0d/Makefile.shared Mon Feb 14 14:35:56 2011
+@@ -389,6 +389,7 @@
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
+ fi; \
+ $(LINK_SO_A)
++# Make sure the apps have non-executable stacks and data (x86/x64 only).
+ link_app.solaris:
+ @ if $(DETECT_GNU_LD); then \
+ $(DO_GNU_APP); \
+@@ -395,6 +396,10 @@
+ else \
+ LDFLAGS="$(CFLAGS)"; \
+ fi; \
++ if expr $(PLATFORM) : '.*x86.*' > /dev/null; then \
++ LDFLAGS="$${LDFLAGS} -M/usr/lib/ld/map.noexdata"; \
++ fi; \
++ LDFLAGS="$${LDFLAGS} -M/usr/lib/ld/map.noexstk -M/usr/lib/ld/map.pagealign"; \
+ $(LINK_APP)
+
+ # OpenServer 5 native compilers used
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/common/patches/027-6978791.patch Thu May 28 09:54:36 2015 -0700
@@ -0,0 +1,12 @@
+--- /tmp/Makefile.shared Mon Feb 14 14:39:29 2011
++++ openssl-1.0.0d/Makefile.shared Mon Feb 14 14:50:52 2011
+@@ -387,6 +387,9 @@
+ ALLSYMSFLAGS="$${MINUSZ}allextract"; \
+ NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
++ if [ $(LIBNAME) = "ssl" ]; then \
++ SHAREDFLAGS="$$SHAREDFLAGS $${MINUSZ}nodelete"; \
++ fi; \
+ fi; \
+ $(LINK_SO_A)
+ # Make sure the apps have non-executable stacks and data (x86/x64 only).
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/common/patches/028-enginesdir.patch Thu May 28 09:54:36 2015 -0700
@@ -0,0 +1,54 @@
+#
+# This was developed in house to configure the engine dir.
+# Not suitable for upstream.
+#
+--- /tmp/18/Configure Fri Feb 11 15:15:50 2011
++++ openssl-1.0.0d/Configure Fri Feb 11 15:18:09 2011
+@@ -18,6 +18,8 @@
+ # --prefix option is given; /usr/local/ssl otherwise)
+ # --prefix prefix for the OpenSSL include, lib and bin directories
+ # (Default: the OPENSSLDIR directory)
++# --enginesdir engines shared library location
++# (Default: $prefix/lib/engines)
+ #
+ # --pk11-libname PKCS#11 library name.
+ # (Default: none)
+@@ -679,6 +679,7 @@
+ my $prefix="";
+ my $libdir="";
+ my $openssldir="";
++my $enginesdir="";
+ my $exe_ext="";
+ my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
+ my $cross_compile_prefix="";
+@@ -917,6 +920,10 @@
+ {
+ $openssldir=$1;
+ }
++ elsif (/^--enginesdir=(.*)$/)
++ {
++ $enginesdir=$1;
++ }
+ elsif (/^--install.prefix=(.*)$/)
+ {
+ $install_prefix=$1;
+@@ -1224,6 +1231,10 @@
+ # we're ready to tolerate, so don't...
+ $multilib="" if !-d "$prefix/lib$multilib";
+
++if ($enginesdir eq "") {
++ $enginesdir = "$prefix/lib/engines";
++}
++
+ $libdir="lib$multilib" if $libdir eq "";
+
+ $cflags = "$cflags$exp_cflags";
+@@ -1846,7 +1857,7 @@
+ }
+ elsif (/^#define\s+ENGINESDIR/)
+ {
+- my $foo = "$prefix/$libdir/engines";
++ my $foo = "$enginesdir";
+ $foo =~ s/\\/\\\\/g;
+ print OUT "#define ENGINESDIR \"$foo\"\n";
+ }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/common/patches/029-fork_safe.patch Thu May 28 09:54:36 2015 -0700
@@ -0,0 +1,275 @@
+#
+# This file adds the code to setup internal mutexes and callback function.
+# PSARC/2014/077
+# PSARC/2015/043
+# This change was implemented in-house. The issue was brought up to
+# the upstream engineers, but there was no commitment.
+#
+--- openssl-1.0.1f/crypto/cryptlib.c.~1~ Fri Feb 7 10:41:36 2014
++++ openssl-1.0.1f/crypto/cryptlib.c Thu Feb 6 16:03:58 2014
+@@ -116,6 +116,7 @@
+
+ #include "cryptlib.h"
+ #include <openssl/safestack.h>
++#include <pthread.h>
+
+ #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
+ static double SSLeay_MSVC5_hack = 0.0; /* and for VC1.5 */
+@@ -184,6 +185,8 @@
+ */
+ static STACK_OF(CRYPTO_dynlock) *dyn_locks = NULL;
+
++static pthread_mutex_t *solaris_openssl_locks;
++
+ static void (MS_FAR *locking_callback) (int mode, int type,
+ const char *file, int line) = 0;
+ static int (MS_FAR *add_lock_callback) (int *pointer, int amount,
+@@ -373,7 +376,10 @@
+ void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func)
+ (const char *file, int line))
+ {
+- dynlock_create_callback = func;
++ /*
++ * we now setup our own dynamic locking callback, and disallow
++ * setting of another locking callback.
++ */
+ }
+
+ void CRYPTO_set_dynlock_lock_callback(void (*func) (int mode,
+@@ -382,7 +388,10 @@
+ const char *file,
+ int line))
+ {
+- dynlock_lock_callback = func;
++ /*
++ * we now setup our own dynamic locking callback, and disallow
++ * setting of another locking callback.
++ */
+ }
+
+ void CRYPTO_set_dynlock_destroy_callback(void (*func)
+@@ -389,7 +398,10 @@
+ (struct CRYPTO_dynlock_value *l,
+ const char *file, int line))
+ {
+- dynlock_destroy_callback = func;
++ /*
++ * we now setup our own dynamic locking callback, and disallow
++ * setting of another locking callback.
++ */
+ }
+
+ void (*CRYPTO_get_locking_callback(void)) (int mode, int type,
+@@ -402,6 +414,129@@
+ return (add_lock_callback);
+ }
+
++/*
++ * This is the locking callback function which all applications will be
++ * using when CRYPTO_lock() is called.
++ */
++static void solaris_locking_callback(int mode, int type, const char *file,
++ int line)
++{
++ if (mode & CRYPTO_LOCK) {
++ pthread_mutex_lock(&solaris_openssl_locks[type]);
++ } else {
++ pthread_mutex_unlock(&solaris_openssl_locks[type]);
++ }
++}
++
++
++/*
++ * Implement Solaris's own dynamic locking routines.
++ */
++static struct CRYPTO_dynlock_value *
++solaris_dynlock_create(const char *file, int line)
++{
++ int ret;
++ pthread_mutex_t *dynlock;
++
++ dynlock = OPENSSL_malloc(sizeof(pthread_mutex_t));
++ if (dynlock == NULL) {
++ return (NULL);
++ }
++
++ ret = pthread_mutex_init(dynlock, NULL);
++ OPENSSL_assert(ret);
++
++ return ((struct CRYPTO_dynlock_value *)dynlock);
++}
++
++static void
++solaris_dynlock_lock(int mode, struct CRYPTO_dynlock_valud *dynlock,
++ const char *file, int line)
++{
++ int ret;
++
++ if (mode & CRYPTO_LOCK) {
++ ret = pthread_mutex_lock((pthread_mutex_t *)dynlock);
++ } else {
++ ret = pthread_mutex_unlock((pthread_mutex_t *)dynlock);
++ }
++
++ OPENSSL_assert(ret == 0);
++}
++
++static void
++solaris_dynlock_destroy(struct CRYPTO_dynlock_value *dynlock,
++ const char *file, int line)
++{
++ int ret;
++ ret = pthread_mutex_destroy((pthread_mutex_t *)dynlock);
++ OPENSSL_assert(ret);
++}
++
++
++/*
++ * This function is called when a child process is forked to setup its own
++ * global locking callback function ptr and mutexes.
++ */
++static void solaris_fork_child(void)
++{
++ /*
++ * clear locking_callback to indicate that locks should
++ * be reinitialized.
++ */
++ locking_callback = NULL;
++ solaris_locking_setup();
++}
++
++/*
++ * This function allocates and initializes the global mutex array, and
++ * sets the locking callback.
++ */
++void solaris_locking_setup()
++{
++ int i;
++ int num_locks;
++
++ /* setup the dynlock callback if not already */
++ if (dynlock_create_callback == NULL) {
++ dynlock_create_callback = solaris_dynlock_create;
++ }
++ if (dynlock_lock_callback == NULL) {
++ dynlock_lock_callback = solaris_dynlock_lock;
++ }
++ if (dynlock_destroy_callback == NULL) {
++ dynlock_destroy_callback = solaris_dynlock_destroy;
++ }
++
++ /* locking callback is already setup. Nothing to do */
++ if (locking_callback != NULL) {
++ return;
++ }
++
++ /*
++ * Set atfork handler so that child can setup its own mutexes and
++ * locking callbacks when it is forked
++ */
++ (void) pthread_atfork(NULL, NULL, solaris_fork_child);
++
++ /* allocate locks needed by OpenSSL */
++ num_locks = CRYPTO_num_locks();
++ solaris_openssl_locks =
++ OPENSSL_malloc(sizeof (pthread_mutex_t) * num_locks);
++ if (solaris_openssl_locks == NULL) {
++ fprintf(stderr,
++ "solaris_locking_setup: memory allocation failure.\n");
++ abort();
++ }
++
++ /* initialize openssl mutexes */
++ for (i = 0; i < num_locks; i++) {
++ pthread_mutex_init(&solaris_openssl_locks[i], NULL);
++ }
++ locking_callback = solaris_locking_callback;
++
++}
++
+ void CRYPTO_set_locking_callback(void (*func) (int mode, int type,
+ const char *file, int line))
+ {
+@@ -410,7 +486,11 @@
+ * started.
+ */
+ OPENSSL_init();
+- locking_callback = func;
++
++ /*
++ * we now setup our own locking callback and mutexes, and disallow
++ * setting of another locking callback.
++ */
+ }
+
+ void CRYPTO_set_add_lock_callback(int (*func) (int *num, int mount, int type,
+@@ -471,9 +551,10 @@
+
+ int CRYPTO_THREADID_set_callback(void (*func) (CRYPTO_THREADID *))
+ {
+- if (threadid_callback)
+- return 0;
+- threadid_callback = func;
++ /*
++ * Use the backup method (the address of 'errno') to identify the
++ * thread and disallow setting the threadid callback.
++ */
+ return 1;
+ }
+
+@@ -531,7 +611,10 @@
+
+ void CRYPTO_set_id_callback(unsigned long (*func) (void))
+ {
+- id_callback = func;
++ /*
++ * Use the backup method to identify the thread/process.
++ * Setting the id callback is disallowed.
++ */
+ }
+
+ unsigned long CRYPTO_thread_id(void)
+--- openssl-1.0.1f/crypto/cryptlib.h.~1~ Fri Feb 7 10:41:42 2014
++++ openssl-1.0.1f/crypto/cryptlib.h Thu Feb 6 16:04:16 2014
+@@ -104,6 +104,8 @@
+ void *OPENSSL_stderr(void);
+ extern int OPENSSL_NONPIC_relocated;
+
++void solaris_locking_setup();
++
+ #ifdef __cplusplus
+ }
+ #endif
+--- openssl-1.0.1f/crypto/sparccpuid.S.~1~ Fri Feb 7 10:41:37 2014
++++ openssl-1.0.1f/crypto/sparccpuid.S Thu Feb 6 16:04:14 2014
+@@ -398,5 +398,7 @@
+ .size OPENSSL_cleanse,.-OPENSSL_cleanse
+
+ .section ".init",#alloc,#execinstr
++ call solaris_locking_setup
++ nop
+ call OPENSSL_cpuid_setup
+ nop
+--- openssl-1.0.1f/crypto/x86_64cpuid.pl.~1~ Wed Feb 12 13:20:09 2014
++++ openssl-1.0.1f/crypto/x86_64cpuid.pl Wed Feb 12 13:21:20 2014
+@@ -20,7 +20,10 @@
+ print<<___;
+ .extern OPENSSL_cpuid_setup
+ .hidden OPENSSL_cpuid_setup
++.extern solaris_locking_setup
++.hidden solaris_locking_setup
+ .section .init
++ call solaris_locking_setup
+ call OPENSSL_cpuid_setup
+
+ .hidden OPENSSL_ia32cap_P
+--- openssl-1.0.1f/crypto/x86cpuid.pl.~1~ Wed Feb 12 13:38:03 2014
++++ openssl-1.0.1f/crypto/x86cpuid.pl Wed Feb 12 13:38:31 2014
+@@ -353,6 +353,7 @@
+ &ret ();
+ &function_end_B("OPENSSL_ia32_rdrand");
+
++&initseg("solaris_locking_setup");
+ &initseg("OPENSSL_cpuid_setup");
+
+ &asm_finish();
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/common/patches/032-aes_cbc_len_check.patch Thu May 28 09:54:36 2015 -0700
@@ -0,0 +1,18 @@
+#
+# This was developed in house and reported to the upstream.
+#
+--- openssl-1.0.1e/crypto/evp/e_aes.c Tue Jul 2 11:03:12 2013
++++ openssl-1.0.1e/crypto/evp/e_aes.c.new Tue Jul 2 11:04:56 2013
+@@ -536,8 +536,12 @@
+ static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len)
+ {
++ size_t bl = ctx->cipher->block_size;
+ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data;
+
++ if (len < bl)
++ return 1;
++
+ if (dat->stream.cbc)
+ (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv, ctx->encrypt);
+ else if (ctx->encrypt)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/common/patches/033-cert_chain.patch Thu May 28 09:54:36 2015 -0700
@@ -0,0 +1,210 @@
+This patch comes from OpenSSL upstream code, and the change has been commited to OpenSSL 1.0.2.
+ http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fbd2164044f92383955a801ad1b2857d71e83f27
+ http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=51e7a4378a78bb0870a2cdc5c524c230c929ebcb
+ http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2dabd822366df7b2608b55d5ca5f31d5d484cbaf
+
+Index: openssl/crypto/x509/x509_trs.c
+============================================================================
+$ diff -ru crypto/x509/x509_trs.c crypto/x509/x509_trs.c
+--- openssl/crypto/x509/x509_trs.c.orig 4 Dec 2012 17:26:04 -0000 1.133.2.11.2.6.2.3
++++ openssl/crypto/x509/x509_trs.c 14 Dec 2012 14:30:45 -0000 1.133.2.11.2.6.2.4
+@@ -119,6 +119,14 @@ int X509_check_trust(X509 *x, int id, int flags)
+ int idx;
+ if (id == -1)
+ return 1;
++ /* We get this as a default value */
++ if (id == 0) {
++ int rv;
++ rv = obj_trust(NID_anyExtendedKeyUsage, x, 0);
++ if (rv != X509_TRUST_UNTRUSTED)
++ return rv;
++ return trust_compat(NULL, x, 0);
++ }
+ idx = X509_TRUST_get_by_id(id);
+ if (idx == -1)
+ return default_trust(id, x, flags);
+Index: openssl/crypto/x509/x509_vfy.c
+============================================================================
+$ cvs diff -u -r1.105.2.9.2.4.2.3 -r1.105.2.9.2.4.2.4 x509_vfy.c
+--- openssl/crypto/x509/x509_vfy.c 14 Dec 2012 12:53:48 -0000 1.105.2.9.2.4.2.3
++++ openssl/crypto/x509/x509_vfy.c 14 Dec 2012 14:30:46 -0000 1.105.2.9.2.4.2.4
+@@ -149,6 +149,33 @@
+ }
+ #endif
+
++/* Given a certificate try and find an exact match in the store */
++
++static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x)
++ {
++ STACK_OF(X509) *certs;
++ X509 *xtmp = NULL;
++ int i;
++ /* Lookup all certs with matching subject name */
++ certs = ctx->lookup_certs(ctx, X509_get_subject_name(x));
++ if (certs == NULL)
++ return NULL;
++ /* Look for exact match */
++ for (i = 0; i < sk_X509_num(certs); i++)
++ {
++ xtmp = sk_X509_value(certs, i);
++ if (!X509_cmp(xtmp, x))
++ break;
++ }
++ if (i < sk_X509_num(certs))
++ CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);
++ else
++ xtmp = NULL;
++ sk_X509_pop_free(certs, X509_free);
++ return xtmp;
++ }
++
++
+ int X509_verify_cert(X509_STORE_CTX *ctx)
+ {
+ X509 *x, *xtmp, *chain_ss = NULL;
+@@ -304,8 +331,17 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
+
+ /* we now have our chain, lets check it... */
+
+- /* Is last certificate looked up self signed? */
+- if (!ctx->check_issued(ctx, x, x)) {
++ i = check_trust(ctx);
++
++ /* If explicitly rejected error */
++ if (i == X509_TRUST_REJECTED)
++ goto end;
++ /*
++ * If not explicitly trusted then indicate error unless it's a single
++ * self signed certificate in which case we've indicated an error already
++ * and set bad_chain == 1
++ */
++ if (i != X509_TRUST_TRUSTED && !bad_chain) {
+ if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) {
+ if (ctx->last_untrusted >= num)
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
+@@ -340,14 +376,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
+ ok = check_name_constraints(ctx);
+
+ if (!ok)
+- goto end;
+-
+- /* The chain extensions are OK: check trust */
+-
+- if (param->trust > 0)
+- ok = check_trust(ctx);
+-
+- if (!ok)
+ goto end;
+
+ /* We may as well copy down any DSA parameters that are required */
+@@ -630,28 +658,53 @@ static int check_name_constraints(X509_STORE_CTX *ctx)
+
+ static int check_trust(X509_STORE_CTX *ctx)
+ {
+-#ifdef OPENSSL_NO_CHAIN_VERIFY
+- return 1;
+-#else
+ int i, ok;
+- X509 *x;
++ X509 *x = NULL;
+ int (*cb) (int xok, X509_STORE_CTX *xctx);
+ cb = ctx->verify_cb;
+-/* For now just check the last certificate in the chain */
+- i = sk_X509_num(ctx->chain) - 1;
+- x = sk_X509_value(ctx->chain, i);
+- ok = X509_check_trust(x, ctx->param->trust, 0);
+- if (ok == X509_TRUST_TRUSTED)
+- return 1;
+- ctx->error_depth = i;
+- ctx->current_cert = x;
+- if (ok == X509_TRUST_REJECTED)
+- ctx->error = X509_V_ERR_CERT_REJECTED;
+- else
+- ctx->error = X509_V_ERR_CERT_UNTRUSTED;
+- ok = cb(0, ctx);
+- return ok;
+-#endif
++ /* Check all trusted certificates in chain */
++ for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) {
++ x = sk_X509_value(ctx->chain, i);
++ ok = X509_check_trust(x, ctx->param->trust, 0);
++ /* If explicitly trusted return trusted */
++ if (ok == X509_TRUST_TRUSTED)
++ return X509_TRUST_TRUSTED;
++ /*
++ * If explicitly rejected notify callback and reject if not
++ * overridden.
++ */
++ if (ok == X509_TRUST_REJECTED) {
++ ctx->error_depth = i;
++ ctx->current_cert = x;
++ ctx->error = X509_V_ERR_CERT_REJECTED;
++ ok = cb(0, ctx);
++ if (!ok)
++ return X509_TRUST_REJECTED;
++ }
++ }
++ /*
++ * If we accept partial chains and have at least one trusted certificate
++ * return success.
++ */
++ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
++ X509 *mx;
++ if (ctx->last_untrusted < sk_X509_num(ctx->chain))
++ return X509_TRUST_TRUSTED;
++ x = sk_X509_value(ctx->chain, 0);
++ mx = lookup_cert_match(ctx, x);
++ if (mx) {
++ (void)sk_X509_set(ctx->chain, 0, mx);
++ X509_free(x);
++ ctx->last_untrusted = 0;
++ return X509_TRUST_TRUSTED;
++ }
++ }
++
++ /*
++ * If no trusted certs in chain at all return untrusted and allow
++ * standard (no issuer cert) etc errors to be indicated.
++ */
++ return X509_TRUST_UNTRUSTED;
+ }
+
+ static int check_revocation(X509_STORE_CTX *ctx)
+@@ -1526,6 +1579,8 @@ static int internal_verify(X509_STORE_CTX *ctx)
+ if (ctx->check_issued(ctx, xi, xi))
+ xs = xi;
+ else {
++ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN && n == 0)
++ return check_cert_time(ctx, xi);
+ if (n <= 0) {
+ ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
+ ctx->current_cert = xi;
+Index: openssl/crypto/x509/x509_vfy.h
+============================================================================
+$ cvs diff -u -r1.67.2.3.4.1 -r1.67.2.3.4.2 x509_vfy.h
+--- openssl/crypto/x509/x509_vfy.h 26 Sep 2012 13:50:42 -0000 1.67.2.3.4.1
++++ openssl/crypto/x509/x509_vfy.h 14 Dec 2012 14:30:46 -0000 1.67.2.3.4.2
+@@ -406,6 +406,9 @@
+ /* Check selfsigned CA signature */
+ # define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000
+
++/* Allow partial chains if at least one certificate is in trusted store */
++# define X509_V_FLAG_PARTIAL_CHAIN 0x80000
++
+ # define X509_VP_FLAG_DEFAULT 0x1
+ # define X509_VP_FLAG_OVERWRITE 0x2
+ # define X509_VP_FLAG_RESET_FLAGS 0x4
+Index: openssl/apps/apps.c
+============================================================================
+$ cvs diff -u -r1.133.2.11.2.6.2.3 -r1.133.2.11.2.6.2.4 apps.c
+--- openssl/apps/apps.c 4 Dec 2012 17:26:04 -0000 1.133.2.11.2.6.2.3
++++ openssl/apps/apps.c 14 Dec 2012 14:30:45 -0000 1.133.2.11.2.6.2.4
+@@ -2238,6 +2238,8 @@
+ flags |= X509_V_FLAG_NOTIFY_POLICY;
+ else if (!strcmp(arg, "-check_ss_sig"))
+ flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
++ else if (!strcmp(arg, "-partial_chain"))
++ flags |= X509_V_FLAG_PARTIAL_CHAIN;
+ else
+ return 0;
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/common/patches/036-evp_leak.patch Thu May 28 09:54:36 2015 -0700
@@ -0,0 +1,144 @@
+Patch developed in-house. Solaris-specific; not suitable for upstream.
+
+--- openssl-1.0.1f/crypto/evp/evp_enc.c.orig Mon Feb 11 07:26:04 2013
++++ openssl-1.0.1f/crypto/evp/evp_enc.c Mon Feb 3 16:40:48 2014
+@@ -379,11 +379,13 @@
+
+ if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
+ ret = M_do_cipher(ctx, out, NULL, 0);
+- if (ret < 0)
+- return 0;
+- else
++ if (ret < 0) {
++ ret = 0;
++ goto cleanup;
++ } else
+ *outl = ret;
+- return 1;
++ ret = 1;
++ goto cleanup;
+ }
+
+ b = ctx->cipher->block_size;
+@@ -390,7 +392,8 @@
+ OPENSSL_assert(b <= sizeof ctx->buf);
+ if (b == 1) {
+ *outl = 0;
+- return 1;
++ ret = 1;
++ goto cleanup;
+ }
+ bl = ctx->buf_len;
+ if (ctx->flags & EVP_CIPH_NO_PADDING) {
+@@ -397,10 +400,12 @@
+ if (bl) {
+ EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,
+ EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+- return 0;
++ ret = 0;
++ goto cleanup;
+ }
+ *outl = 0;
+- return 1;
++ ret = 1;
++ goto cleanup;
+ }
+
+ n = b - bl;
+@@ -411,6 +416,11 @@
+ if (ret)
+ *outl = b;
+
++cleanup:
++ if (ctx->cipher->cleanup) {
++ ctx->cipher->cleanup(ctx);
++ }
++
+ return ret;
+ }
+
+@@ -478,6 +488,7 @@
+ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+ {
+ int i, n;
++ int err = 1;
+ unsigned int b;
+ *outl = 0;
+
+@@ -483,11 +494,13 @@
+
+ if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
+ i = M_do_cipher(ctx, out, NULL, 0);
+- if (i < 0)
+- return 0;
+- else
++ if (i < 0) {
++ err = 0;
++ goto cleanup;
++ } else
+ *outl = i;
+- return 1;
++ err = 1;
++ goto cleanup;
+ }
+
+ b = ctx->cipher->block_size;
+@@ -495,10 +508,12 @@
+ if (ctx->buf_len) {
+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
+ EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+- return 0;
++ err = 0;
++ goto cleanup;
+ }
+ *outl = 0;
+- return 1;
++ err = 1;
++ goto cleanup;
+ }
+ if (b > 1) {
+ if (ctx->buf_len || !ctx->final_used) {
+@@ -503,7 +518,8 @@
+ if (b > 1) {
+ if (ctx->buf_len || !ctx->final_used) {
+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
+- return (0);
++ err = 0;
++ goto cleanup;
+ }
+ OPENSSL_assert(b <= sizeof ctx->final);
+
+@@ -514,7 +530,8 @@
+ n = ctx->final[b - 1];
+ if (n == 0 || n > (int)b) {
+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
+- return (0);
++ err = 0;
++ goto cleanup;
+ }
+ for (i = 0; i < n; i++) {
+ if (ctx->final[--b] != n) {
+@@ -519,7 +536,8 @@
+ for (i = 0; i < n; i++) {
+ if (ctx->final[--b] != n) {
+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
+- return (0);
++ err = 0;
++ goto cleanup;
+ }
+ }
+ n = ctx->cipher->block_size - n;
+@@ -528,7 +546,12 @@
+ *outl = n;
+ } else
+ *outl = 0;
+- return (1);
++ err = 1;
++cleanup:
++ if (ctx->cipher->cleanup) {
++ ctx->cipher->cleanup(ctx);
++ }
++ return err;
+ }
+
+ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/common/patches/038-remove_illegal_instruction_calls.patch Thu May 28 09:54:36 2015 -0700
@@ -0,0 +1,167 @@
+#
+# This patch was developed in house.
+# This is Solaris-specific: not suitable for upstream.
+#
+--- openssl-1.0.1g/crypto/sparcv9cap.c.~1~ Thu May 1 13:07:00 2014
++++ openssl-1.0.1g/crypto/sparcv9cap.c Thu May 1 13:11:33 2014
+@@ -2,9 +2,9 @@
+ #include <stdlib.h>
+ #include <string.h>
+ #include <setjmp.h>
+-#include <signal.h>
+ #include <sys/time.h>
+ #include <openssl/bn.h>
++#include <sys/auxv.h>
+
+ #define SPARCV9_TICK_PRIVILEGED (1<<0)
+ #define SPARCV9_PREFER_FPU (1<<1)
+@@ -11,6 +11,7 @@
+ #define SPARCV9_VIS1 (1<<2)
+ #define SPARCV9_VIS2 (1<<3) /* reserved */
+ #define SPARCV9_FMADD (1<<4) /* reserved for SPARC64 V */
++#define SPARCV9_BLK (1<<5)
+
+ static int OPENSSL_sparcv9cap_P = SPARCV9_TICK_PRIVILEGED;
+
+@@ -31,10 +31,7 @@
+ }
+
+ unsigned long _sparcv9_rdtick(void);
+-void _sparcv9_vis1_probe(void);
+ unsigned long _sparcv9_vis1_instrument(void);
+-void _sparcv9_vis2_probe(void);
+-void _sparcv9_fmadd_probe(void);
+
+ unsigned long OPENSSL_rdtsc(void)
+ {
+@@ -170,18 +167,11 @@
+
+ #else
+
+-static sigjmp_buf common_jmp;
+-static void common_handler(int sig)
+-{
+- siglongjmp(common_jmp, sig);
+-}
+-
+ void OPENSSL_cpuid_setup(void)
+ {
+ char *e;
+- struct sigaction common_act, ill_oact, bus_oact;
+- sigset_t all_masked, oset;
+ static int trigger = 0;
++ uint_t ui = 0;
+
+ if (trigger)
+ return;
+@@ -192,54 +182,24 @@
+ return;
+ }
+
++ (void) getisax(&ui, 1);
++
+ /* Initial value, fits UltraSPARC-I&II... */
+- OPENSSL_sparcv9cap_P = SPARCV9_PREFER_FPU | SPARCV9_TICK_PRIVILEGED;
++ OPENSSL_sparcv9cap_P = SPARCV9_BLK;
+
+- sigfillset(&all_masked);
+- sigdelset(&all_masked, SIGILL);
+- sigdelset(&all_masked, SIGTRAP);
+-# ifdef SIGEMT
+- sigdelset(&all_masked, SIGEMT);
+-# endif
+- sigdelset(&all_masked, SIGFPE);
+- sigdelset(&all_masked, SIGBUS);
+- sigdelset(&all_masked, SIGSEGV);
+- sigprocmask(SIG_SETMASK, &all_masked, &oset);
+-
+- memset(&common_act, 0, sizeof(common_act));
+- common_act.sa_handler = common_handler;
+- common_act.sa_mask = all_masked;
+-
+- sigaction(SIGILL, &common_act, &ill_oact);
+- sigaction(SIGBUS, &common_act, &bus_oact); /* T1 fails 16-bit ldda [on
+- * Linux] */
+-
+- if (sigsetjmp(common_jmp, 1) == 0) {
+- _sparcv9_rdtick();
+- OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED;
+- }
+-
+- if (sigsetjmp(common_jmp, 1) == 0) {
+- _sparcv9_vis1_probe();
+- OPENSSL_sparcv9cap_P |= SPARCV9_VIS1;
+- /* detect UltraSPARC-Tx, see sparccpud.S for details... */
+- if (_sparcv9_vis1_instrument() >= 12)
+- OPENSSL_sparcv9cap_P &= ~(SPARCV9_VIS1 | SPARCV9_PREFER_FPU);
+- else {
+- _sparcv9_vis2_probe();
+- OPENSSL_sparcv9cap_P |= SPARCV9_VIS2;
++ if (ui & AV_SPARC_VIS) {
++ /* detect UltraSPARC-Tx, see sparccpuid.S for details... */
++ if (_sparcv9_vis1_instrument() < 7)
++ OPENSSL_sparcv9cap_P |= SPARCV9_TICK_PRIVILEGED;
++ if (_sparcv9_vis1_instrument() < 12) {
++ OPENSSL_sparcv9cap_P |= SPARCV9_VIS1|SPARCV9_PREFER_FPU;
++ if (ui & AV_SPARC_VIS2)
++ OPENSSL_sparcv9cap_P |= SPARCV9_VIS2;
+ }
+ }
+
+- if (sigsetjmp(common_jmp, 1) == 0) {
+- _sparcv9_fmadd_probe();
++ if (ui & AV_SPARC_FMAF)
+ OPENSSL_sparcv9cap_P |= SPARCV9_FMADD;
+- }
+-
+- sigaction(SIGBUS, &bus_oact, NULL);
+- sigaction(SIGILL, &ill_oact, NULL);
+-
+- sigprocmask(SIG_SETMASK, &oset, NULL);
+ }
+
+ #endif
+--- openssl-1.0.1g/crypto/sparccpuid.S.~1~ Thu May 1 13:07:00 2014
++++ openssl-1.0.1g/crypto/sparccpuid.S Thu May 1 13:11:33 2014
+@@ -232,16 +232,6 @@
+ .type _sparcv9_rdtick,#function
+ .size _sparcv9_rdtick,.-_sparcv9_rdtick
+
+-.global _sparcv9_vis1_probe
+-.align 8
+-_sparcv9_vis1_probe:
+- add %sp,BIAS+2,%o1
+- .word 0xc19a5a40 !ldda [%o1]ASI_FP16_P,%f0
+- retl
+- .word 0x81b00d80 !fxor %f0,%f0,%f0
+-.type _sparcv9_vis1_probe,#function
+-.size _sparcv9_vis1_probe,.-_sparcv9_vis1_probe
+-
+ ! Probe and instrument VIS1 instruction. Output is number of cycles it
+ ! takes to execute rdtick and pair of VIS1 instructions. US-Tx VIS unit
+ ! is slow (documented to be 6 cycles on T2) and the core is in-order
+@@ -296,24 +286,6 @@
+ .type _sparcv9_vis1_instrument,#function
+ .size _sparcv9_vis1_instrument,.-_sparcv9_vis1_instrument
+
+-.global _sparcv9_vis2_probe
+-.align 8
+-_sparcv9_vis2_probe:
+- retl
+- .word 0x81b00980 !bshuffle %f0,%f0,%f0
+-.type _sparcv9_vis2_probe,#function
+-.size _sparcv9_vis2_probe,.-_sparcv9_vis2_probe
+-
+-.global _sparcv9_fmadd_probe
+-.align 8
+-_sparcv9_fmadd_probe:
+- .word 0x81b00d80 !fxor %f0,%f0,%f0
+- .word 0x85b08d82 !fxor %f2,%f2,%f2
+- retl
+- .word 0x81b80440 !fmaddd %f0,%f0,%f2,%f0
+-.type _sparcv9_fmadd_probe,#function
+-.size _sparcv9_fmadd_probe,.-_sparcv9_fmadd_probe
+-
+ .global OPENSSL_cleanse
+ .align 32
+ OPENSSL_cleanse:
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/common/patches/039-internal_tests.patch Thu May 28 09:54:36 2015 -0700
@@ -0,0 +1,17 @@
+#
+# Patch developed in-house. Solaris-specific; not suitable for upstream.
+#
+# Remove test 'test_ca' because it depends on directories
+# not present in the build directory. The rest of tests are ok.
+#
+--- a/test/Makefile.orig Thu Apr 2 12:11:12 2015
++++ b/test/Makefile Thu Apr 2 12:11:21 2015
+@@ -142,7 +142,7 @@
+ test_rand test_bn test_ec test_ecdsa test_ecdh \
+ test_enc test_x509 test_rsa test_crl test_sid \
+ test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
+- test_ss test_ca test_engine test_evp test_evp_extra test_ssl test_tsa test_ige \
++ test_ss test_engine test_evp test_evp_extra test_ssl test_tsa test_ige \
+ test_jpake test_srp test_cms test_heartbeat test_constant_time
+
+ test_evp:
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/common/patches/040-uninitialized_ctx.patch Thu May 28 09:54:36 2015 -0700
@@ -0,0 +1,14 @@
+#
+# This was developed in house. Upstreadm notified (PR#277).
+#
+diff -ru openssl-1.0.1m/crypto/evp/evp_enc.c openssl-1.0.1m/crypto/evp/evp_enc.c.new
+--- openssl-1.0.1m/crypto/evp/evp_enc.c Thu May 7 09:46:32 2015
++++ openssl-1.0.1m/crypto/evp/evp_enc.c.new Thu May 7 09:46:23 2015
+@@ -179,6 +179,7 @@
+ EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
++ (void) memset(ctx->cipher_data, 0, ctx->cipher->ctx_size);
+ } else {
+ ctx->cipher_data = NULL;
+ }
--- a/components/openssl/openssl-1.0.1-fips-140/Makefile Wed May 27 17:12:47 2015 -0700
+++ b/components/openssl/openssl-1.0.1-fips-140/Makefile Thu May 28 09:54:36 2015 -0700
@@ -45,6 +45,13 @@
TPNO= 21965
+# Clone the patch files to the patches-all dir.
+# COPY_COMMON_FILES is there so that rsync is called as soon as
+# the Makefile is parsed.
+PATCH_DIR=patches-all
+CLEAN_PATHS += $(PATCH_DIR)
+COPY_COMMON_FILES:= $(shell rsync -ac ../common/patches/ patches/ $(PATCH_DIR))
+
# OpenSSL FIPS directory
OPENSSL_FIPS_DIR = $(COMPONENT_DIR)/../openssl-fips
@@ -104,9 +111,9 @@
# We define our own compiler and linker option sets for Solaris. See Configure
# for more information.
CONFIGURE_OPTIONS32_i386 = solaris-x86-cc-sunw
-CONFIGURE_OPTIONS32_sparc = solaris-sparcv8-cc-sunw
+CONFIGURE_OPTIONS32_sparc = solaris-fips-sparcv9-cc-sunw
CONFIGURE_OPTIONS64_i386 = solaris64-x86_64-cc-sunw
-CONFIGURE_OPTIONS64_sparc = solaris64-sparcv9-cc-sunw
+CONFIGURE_OPTIONS64_sparc = solaris64-fips-sparcv9-cc-sunw
# Some additional options needed for our engines.
CONFIGURE_OPTIONS += --pk11-libname=$(PKCS11_LIB$(BITS))
--- a/components/openssl/openssl-1.0.1-fips-140/patches/08-6193522.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,54 +0,0 @@
-diff -ruN openssl-0.9.8a/apps/CA.pl.in openssl-0.9.8a/apps/CA.pl.in
---- openssl-0.9.8a/apps/CA.pl.in 2005-07-04 23:44:22.000000000 +0200
-+++ openssl-0.9.8a/apps/CA.pl.in 2009-04-21 16:08:45.354925289 +0200
-@@ -53,7 +53,7 @@
- $X509="$openssl x509";
- $PKCS12="$openssl pkcs12";
-
--$CATOP="./demoCA";
-+$CATOP="/etc/openssl";
- $CAKEY="cakey.pem";
- $CAREQ="careq.pem";
- $CACERT="cacert.pem";
-diff -ruN openssl-0.9.8a/apps/openssl.cnf openssl-0.9.8a/apps/openssl.cnf
---- openssl-0.9.8a/apps/openssl.cnf 2005-09-16 14:20:24.000000000 +0200
-+++ openssl-0.9.8a/apps/openssl.cnf 2009-04-21 16:07:13.910980196 +0200
-@@ -39,7 +39,7 @@
- ####################################################################
- [ CA_default ]
-
--dir = ./demoCA # Where everything is kept
-+dir = /etc/openssl # Where everything is kept
- certs = $dir/certs # Where the issued certs are kept
- crl_dir = $dir/crl # Where the issued crl are kept
- database = $dir/index.txt # database index file.
-@@ -49,7 +49,7 @@
-
- certificate = $dir/cacert.pem # The CA certificate
- serial = $dir/serial # The current serial number
--crlnumber = $dir/crlnumber # the current crl number
-+#crlnumber = $dir/crlnumber # the current crl number
- # must be commented out to leave a V1 CRL
- crl = $dir/crl.pem # The current CRL
- private_key = $dir/private/cakey.pem# The private key
-@@ -126,17 +126,17 @@
-
- [ req_distinguished_name ]
- countryName = Country Name (2 letter code)
--countryName_default = AU
-+#countryName_default = US
- countryName_min = 2
- countryName_max = 2
-
- stateOrProvinceName = State or Province Name (full name)
--stateOrProvinceName_default = Some-State
-+#stateOrProvinceName_default = Some-State
-
- localityName = Locality Name (eg, city)
-
- 0.organizationName = Organization Name (eg, company)
--0.organizationName_default = Internet Widgits Pty Ltd
-+#0.organizationName_default = Unconfigured OpenSSL Installation
-
- # we can do this but it is not needed normally :-)
- #1.organizationName = Second Organization Name (eg, company)
--- a/components/openssl/openssl-1.0.1-fips-140/patches/11-6546806.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
-diff -ruN openssl-0.9.8a/doc/crypto/hmac.pod openssl-0.9.8a/doc/crypto/hmac.pod
---- openssl-0.9.8a/doc/crypto/hmac.pod 2002-07-18 20:54:45.000000000 +0200
-+++ openssl-0.9.8a/doc/crypto/hmac.pod 2009-04-10 11:09:46.449071541 +0200
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--HMAC, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup - HMAC message
-+HMAC, HMAC_CTX_init, HMAC_Init, HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_cleanup, HMAC_cleanup - HMAC message
- authentication code
-
- =head1 SYNOPSIS
--- a/components/openssl/openssl-1.0.1-fips-140/patches/15-pkcs11_engine-0.9.8a.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,206 +0,0 @@
-#
-# This patch file adds the Solaris's pkcs11 engine.
-# This is Solaris-specific (developed in house): not suitable for upstream.
-#
---- /tmp/Configure Fri Feb 11 14:40:39 2011
-+++ openssl-1.0.0d/Configure Fri Feb 11 14:41:36 2011
-@@ -10,7 +10,7 @@
-
- # see INSTALL for instructions.
-
--my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
-+my $usage="Usage: Configure --pk11-libname=PK11_LIB_LOCATION [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
-
- # Options:
- #
-@@ -19,6 +19,9 @@
- # --prefix prefix for the OpenSSL include, lib and bin directories
- # (Default: the OPENSSLDIR directory)
- #
-+# --pk11-libname PKCS#11 library name.
-+# (Default: none)
-+#
- # --install_prefix Additional prefix for package builders (empty by
- # default). This needn't be set in advance, you can
- # just as well use "make INSTALL_PREFIX=/whatever install".
-@@ -657,6 +661,9 @@
- my $idx_arflags = $idx++;
- my $idx_multilib = $idx++;
-
-+# PKCS#11 engine patch
-+my $pk11_libname="";
-+
- my $prefix="";
- my $libdir="";
- my $openssldir="";
-@@ -882,6 +888,10 @@
- $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
- $flags.=$_." ";
- }
-+ elsif (/^--pk11-libname=(.*)$/)
-+ {
-+ $pk11_libname=$1;
-+ }
- elsif (/^--prefix=(.*)$/)
- {
- $prefix=$1;
-@@ -1049,6 +1059,13 @@
- exit 0;
- }
-
-+if (! $pk11_libname)
-+ {
-+ print STDERR "You must set --pk11-libname for PKCS#11 library.\n";
-+ print STDERR "See README.pkcs11 for more information.\n";
-+ exit 1;
-+ }
-+
- if ($target =~ m/^CygWin32(-.*)$/) {
- $target = "Cygwin".$1;
- }
-@@ -1215,6 +1232,8 @@
- if ($flags ne "") { $cflags="$flags$cflags"; }
- else { $no_user_cflags=1; }
-
-+$cflags="-DPK11_LIB_LOCATION=\"$pk11_libname\" $cflags";
-+
- # Kerberos settings. The flavor must be provided from outside, either through
- # the script "config" or manually.
- if (!$no_krb5)
-@@ -1604,6 +1623,7 @@
- s/^VERSION=.*/VERSION=$version/;
- s/^MAJOR=.*/MAJOR=$major/;
- s/^MINOR=.*/MINOR=$minor/;
-+ s/^PK11_LIB_LOCATION=.*/PK11_LIB_LOCATION=$pk11_libname/;
- s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
- s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
- s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
---- /tmp/Makefile.org Fri Feb 11 14:41:54 2011
-+++ openssl-1.0.0d/Makefile.org Fri Feb 11 14:38:01 2011
-@@ -26,6 +26,9 @@
- INSTALL_PREFIX=
- INSTALLTOP=/usr/local/ssl
-
-+# You must set this through --pk11-libname configure option.
-+PK11_LIB_LOCATION=
-+
- # Do not edit this manually. Use Configure --openssldir=DIR do change this!
- OPENSSLDIR=/usr/local/ssl
-
---- /tmp/Makefile Mon Feb 14 14:59:22 2011
-+++ openssl-1.0.0d/engines/Makefile Mon Feb 14 15:00:35 2011
-@@ -26,7 +26,8 @@
- APPS=
-
- LIB=$(TOP)/libcrypto.a
--LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi
-+LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi \
-+ pk11
-
- LIBSRC= e_4758cca.c \
- e_aep.c \
-@@ -38,7 +39,8 @@
- e_sureware.c \
- e_ubsec.c \
- e_padlock.c \
-- e_capi.c
-+ e_capi.c \
-+ e_pk11.c
- LIBOBJ= e_4758cca.o \
- e_aep.o \
- e_atalla.o \
-@@ -49,7 +51,8 @@
- e_sureware.o \
- e_ubsec.o \
- e_padlock.o \
-- e_capi.o
-+ e_capi.o \
-+ e_pk11.o
-
- SRC= $(LIBSRC)
-
-@@ -63,7 +66,8 @@
- e_nuron_err.c e_nuron_err.h \
- e_sureware_err.c e_sureware_err.h \
- e_ubsec_err.c e_ubsec_err.h \
-- e_capi_err.c e_capi_err.h
-+ e_capi_err.c e_capi_err.h \
-+ e_pk11.h e_pk11_uri.h e_pk11_err.h e_pk11_pub.c e_pk11_uri.c e_pk11_err.c
-
- ALL= $(GENERAL) $(SRC) $(HEADER)
-
-@@ -78,7 +82,7 @@
- for l in $(LIBNAMES); do \
- $(MAKE) -f ../Makefile.shared -e \
- LIBNAME=$$l LIBEXTRAS=e_$$l.o \
-- LIBDEPS='-L.. -lcrypto $(EX_LIBS)' \
-+ LIBDEPS='-L.. -lcrypto -lcryptoutil $(EX_LIBS)' \
- link_o.$(SHLIB_TARGET); \
- done; \
- else \
---- crypto/engine/eng_all.c Thu Sep 5 12:59:50 2013
-+++ openssl-1.0.1e/crypto/engine/eng_all.c Thu Sep 5 12:59:50 2013
-@@ -60,6 +60,16 @@
- #include "cryptlib.h"
- #include "eng_int.h"
-
-+/*
-+ * pkcs11 engine no longer is a built-in engine, and ENGINE_load_pk11() needs to be
-+ * defined in libcrypto.so for ssh. Instead of load pkcs11 engine, it load dynamic
-+ * engines.
-+ */
-+void ENGINE_load_pk11(void)
-+ {
-+ ENGINE_load_dynamic();
-+ }
-+
- void ENGINE_load_builtin_engines(void)
- {
- /* Some ENGINEs need this */
-@@ -80,6 +90,9 @@
- ENGINE_load_rdrand();
- #endif
- ENGINE_load_dynamic();
-+#ifndef OPENSSL_NO_HW_PKCS11
-+ ENGINE_load_pk11();
-+#endif
- #ifndef OPENSSL_NO_STATIC_ENGINE
- # ifndef OPENSSL_NO_HW
- # ifndef OPENSSL_NO_HW_4758_CCA
---- crypto/dso/dso_lib.c Thu Sep 5 12:59:50 2013
-+++ openssl-1.0.1e/crypto/dso/dso_lib.c Thu Sep 5 12:59:50 2013
-@@ -396,6 +396,24 @@
- DSOerr(DSO_F_DSO_CONVERT_FILENAME, DSO_R_NO_FILENAME);
- return (NULL);
- }
-+ /*
-+ * For pkcs11 engine, use libpk11.so (instead of libpkcs11.so) to
-+ * avoid the name collision with PKCS#11 library.
-+ */
-+ if (strcmp(filename, "pkcs11") == 0) {
-+#ifdef _LP64
-+ static const char fullpath[] = "/lib/openssl/engines/64/libpk11.so";
-+#else
-+ static const char fullpath[] = "/lib/openssl/engines/libpk11.so";
-+#endif
-+ result = OPENSSL_malloc(strlen(fullpath) + 1);
-+ if(result == NULL) {
-+ DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE);
-+ return(NULL);
-+ }
-+ BUF_strlcpy(result, fullpath, strlen(fullpath) + 1);
-+ return (result);
-+ }
- if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
- if (dso->name_converter != NULL)
- result = dso->name_converter(dso, filename);
---- /tmp/engine.h Fri Feb 11 14:46:24 2011
-+++ openssl-1.0.0d/crypto/engine/engine.h Fri Feb 11 14:47:32 2011
-@@ -413,6 +413,7 @@
- # endif
- # endif
- void ENGINE_load_cryptodev(void);
-+void ENGINE_load_pk11(void);
- void ENGINE_load_rsax(void);
- void ENGINE_load_rdrand(void);
- void ENGINE_load_builtin_engines(void);
--- a/components/openssl/openssl-1.0.1-fips-140/patches/18-compiler_opts.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,28 +0,0 @@
-#
-# Solaris-specific; not suitable for upstream
-#
-diff -ruN openssl-0.9.8k/Configure openssl-0.9.8k/Configure
---- openssl-0.9.8k/Configure 2009-02-16 09:44:22.000000000 +0100
-+++ openssl-0.9.8k/Configure 2009-06-25 16:19:22.897811727 +0200
-@@ -133,7 +133,7 @@
-
- my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o modexp512-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o:";
- my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void";
--my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::ghash-sparcv9.o::void";
-+my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::ghash-sparcv9.o::void";
- my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::::void";
- my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o:::::sha1-alpha.o:::::::ghash-alpha.o::void";
- my $mips32_asm=":bn-mips.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o::::::::";
-@@ -257,6 +264,12 @@
- #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
- "sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
-
-+#### Solaris configs, used for OpenSSL as delivered by OpenSolaris
-+"solaris-x86-cc-sunw","cc:-m32 -xO3 -xspace -Xa::-D_REENTRANT::-lsocket -lnsl -lc -R /lib/openssl/fips-140:BN_LLONG RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${x86_elf_asm}:dlfcn:solaris-shared:-KPIC:-m32 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign -M/usr/lib/ld/map.noexdata:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"solaris64-x86_64-cc-sunw","cc:-xO3 -m64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -lc -R /lib/openssl/fips-140/64:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR DES_PTR DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign -M/usr/lib/ld/map.noexdata:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"solaris-sparcv8-cc-sunw","cc:-xtarget=ultra -m32 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc -lsoftcrypto -R /lib/openssl/fips-140:BN_LLONG RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m32 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"solaris64-sparcv9-cc-sunw","cc:-xtarget=ultra -m64 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -xspace -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc -lsoftcrypto -R /lib/openssl/fips-140/64:BN_LLONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs::/64",
-+
- #### IRIX 5.x configs
- # -mips2 flag is added by ./config when appropriate.
- "irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--- a/components/openssl/openssl-1.0.1-fips-140/patches/20-remove_rpath.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,11 +0,0 @@
---- /export/openssl/openssl-1.0.0d/Makefile.shared Sat Aug 21 13:36:49 2010
-+++ openssl-1.0.0d/Makefile.shared Mon Feb 14 14:25:51 2011
-@@ -393,7 +393,7 @@
- @ if $(DETECT_GNU_LD); then \
- $(DO_GNU_APP); \
- else \
-- LDFLAGS="$(CFLAGS) -R $(LIBRPATH)"; \
-+ LDFLAGS="$(CFLAGS)"; \
- fi; \
- $(LINK_APP)
-
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-1.0.1-fips-140/patches/201-openssl_fips.patch Thu May 28 09:54:36 2015 -0700
@@ -0,0 +1,85 @@
+#
+# Patch developed in-house. Solaris-specific; not suitable for upstream.
+#
+--- openssl-0.9.8m/apps/openssl.c Thu Oct 15 19:28:02 2009
++++ openssl-0.9.8m/apps/openssl.c Fri Feb 26 16:12:30 2010
+@@ -135,6 +135,9 @@
+ # include <openssl/fips.h>
+ #endif
+
++/* Solaris OpenSSL */
++#include <dlfcn.h>
++
+ /*
+ * The LHASH callbacks ("hash" & "cmp") have been replaced by functions with
+ * the base prototypes (we cast each variable inside the function to the
+@@ -155,9 +158,10 @@
+ BIO *bio_err = NULL;
+ #endif
+
++static int *modes;
++
+ static void lock_dbg_cb(int mode, int type, const char *file, int line)
+ {
+- static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
+ const char *errstr = NULL;
+ int rw;
+
+@@ -167,7 +168,7 @@
+ goto err;
+ }
+
+- if (type < 0 || type >= CRYPTO_NUM_LOCKS) {
++ if (type < 0 || type >= CRYPTO_num_locks()) {
+ errstr = "type out of bounds";
+ goto err;
+ }
+@@ -305,6 +306,14 @@
+ if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
+ #endif
+ {
++ modes = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (int));
++ if (modes == NULL) {
++ ERR_load_crypto_strings();
++ BIO_printf(bio_err,"Memory allocation failure\n");
++ ERR_print_errors(bio_err);
++ EXIT(1);
++ }
++ memset(modes, 0, CRYPTO_num_locks() * sizeof (int));
+ CRYPTO_set_locking_callback(lock_dbg_cb);
+ }
+
+@@ -308,18 +320,28 @@
+ CRYPTO_set_locking_callback(lock_dbg_cb);
+ }
+
++/*
++ * Solaris OpenSSL
++ * Add a further check for the FIPS_mode_set() symbol before calling to
++ * allow openssl(1openssl) to be run against both fips and non-fips libraries.
++ */
+ if (getenv("OPENSSL_FIPS")) {
+-#ifdef OPENSSL_FIPS
+- if (!FIPS_mode_set(1)) {
++
++ int (*FIPS_mode_set)(int);
++ FIPS_mode_set = (int (*)(int)) dlsym(RTLD_NEXT, "FIPS_mode_set");
++
++ if (FIPS_mode_set != NULL) {
++ if (!(*FIPS_mode_set)(1)) {
+ ERR_load_crypto_strings();
+ ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE));
+ EXIT(1);
+ }
+-#else
+- fprintf(stderr, "FIPS mode not supported.\n");
++ } else {
++ fprintf(stderr, "Failed to enable FIPS mode. "
++ "For more information about running in FIPS mode see openssl(5).\n");
+ EXIT(1);
+-#endif
+ }
++ }
+
+ apps_startup();
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-1.0.1-fips-140/patches/202-17952966.patch Thu May 28 09:54:36 2015 -0700
@@ -0,0 +1,13 @@
+Solaris-specific; not suitable for upstream
+
+--- /tmp/Makefile.shared Mon Feb 14 14:39:29 2011
++++ openssl-1.0.0d/Makefile.shared Mon Feb 14 14:50:52 2011
+@@ -108,7 +108,7 @@
+ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+ $${SHAREDCMD} $${SHAREDFLAGS} \
+ -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+- $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
++ $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS -lc \
+ ) && $(SYMLINK_SO)
+
+ SYMLINK_SO= \
--- a/components/openssl/openssl-1.0.1-fips-140/patches/23-noexstack.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,21 +0,0 @@
---- /tmp/Makefile.shared Mon Feb 14 14:33:05 2011
-+++ openssl-1.0.0d/Makefile.shared Mon Feb 14 14:35:56 2011
-@@ -389,6 +389,7 @@
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
- fi; \
- $(LINK_SO_A)
-+# Make sure the apps have non-executable stacks and data (x86/x64 only).
- link_app.solaris:
- @ if $(DETECT_GNU_LD); then \
- $(DO_GNU_APP); \
-@@ -395,6 +396,10 @@
- else \
- LDFLAGS="$(CFLAGS)"; \
- fi; \
-+ if expr $(PLATFORM) : '.*x86.*' > /dev/null; then \
-+ LDFLAGS="$${LDFLAGS} -M/usr/lib/ld/map.noexdata"; \
-+ fi; \
-+ LDFLAGS="$${LDFLAGS} -M/usr/lib/ld/map.noexstk -M/usr/lib/ld/map.pagealign"; \
- $(LINK_APP)
-
- # OpenServer 5 native compilers used
--- a/components/openssl/openssl-1.0.1-fips-140/patches/26-openssl_fips.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,85 +0,0 @@
-#
-# Patch developed in-house. Solaris-specific; not suitable for upstream.
-#
---- openssl-0.9.8m/apps/openssl.c Thu Oct 15 19:28:02 2009
-+++ openssl-0.9.8m/apps/openssl.c Fri Feb 26 16:12:30 2010
-@@ -135,6 +135,9 @@
- # include <openssl/fips.h>
- #endif
-
-+/* Solaris OpenSSL */
-+#include <dlfcn.h>
-+
- /*
- * The LHASH callbacks ("hash" & "cmp") have been replaced by functions with
- * the base prototypes (we cast each variable inside the function to the
-@@ -155,9 +158,10 @@
- BIO *bio_err = NULL;
- #endif
-
-+static int *modes;
-+
- static void lock_dbg_cb(int mode, int type, const char *file, int line)
- {
-- static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
- const char *errstr = NULL;
- int rw;
-
-@@ -167,7 +168,7 @@
- goto err;
- }
-
-- if (type < 0 || type >= CRYPTO_NUM_LOCKS) {
-+ if (type < 0 || type >= CRYPTO_num_locks()) {
- errstr = "type out of bounds";
- goto err;
- }
-@@ -305,6 +306,14 @@
- if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
- #endif
- {
-+ modes = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (int));
-+ if (modes == NULL) {
-+ ERR_load_crypto_strings();
-+ BIO_printf(bio_err,"Memory allocation failure\n");
-+ ERR_print_errors(bio_err);
-+ EXIT(1);
-+ }
-+ memset(modes, 0, CRYPTO_num_locks() * sizeof (int));
- CRYPTO_set_locking_callback(lock_dbg_cb);
- }
-
-@@ -308,18 +320,28 @@
- CRYPTO_set_locking_callback(lock_dbg_cb);
- }
-
-+/*
-+ * Solaris OpenSSL
-+ * Add a further check for the FIPS_mode_set() symbol before calling to
-+ * allow openssl(1openssl) to be run against both fips and non-fips libraries.
-+ */
- if (getenv("OPENSSL_FIPS")) {
--#ifdef OPENSSL_FIPS
-- if (!FIPS_mode_set(1)) {
-+
-+ int (*FIPS_mode_set)(int);
-+ FIPS_mode_set = (int (*)(int)) dlsym(RTLD_NEXT, "FIPS_mode_set");
-+
-+ if (FIPS_mode_set != NULL) {
-+ if (!(*FIPS_mode_set)(1)) {
- ERR_load_crypto_strings();
- ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE));
- EXIT(1);
- }
--#else
-- fprintf(stderr, "FIPS mode not supported.\n");
-+ } else {
-+ fprintf(stderr, "Failed to enable FIPS mode. "
-+ "For more information about running in FIPS mode see openssl(5).\n");
- EXIT(1);
--#endif
- }
-+ }
-
- apps_startup();
-
--- a/components/openssl/openssl-1.0.1-fips-140/patches/27-6978791.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
---- /tmp/Makefile.shared Mon Feb 14 14:39:29 2011
-+++ openssl-1.0.0d/Makefile.shared Mon Feb 14 14:50:52 2011
-@@ -387,6 +387,9 @@
- ALLSYMSFLAGS="$${MINUSZ}allextract"; \
- NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
-+ if [ $(LIBNAME) = "ssl" ]; then \
-+ SHAREDFLAGS="$$SHAREDFLAGS $${MINUSZ}nodelete"; \
-+ fi; \
- fi; \
- $(LINK_SO_A)
- # Make sure the apps have non-executable stacks and data (x86/x64 only).
--- a/components/openssl/openssl-1.0.1-fips-140/patches/28-enginesdir.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,54 +0,0 @@
-#
-# This was developed in house to configure the engine dir.
-# Not suitable for upstream.
-#
---- /tmp/18/Configure Fri Feb 11 15:15:50 2011
-+++ openssl-1.0.0d/Configure Fri Feb 11 15:18:09 2011
-@@ -18,6 +18,8 @@
- # --prefix option is given; /usr/local/ssl otherwise)
- # --prefix prefix for the OpenSSL include, lib and bin directories
- # (Default: the OPENSSLDIR directory)
-+# --enginesdir engines shared library location
-+# (Default: $prefix/lib/engines)
- #
- # --pk11-libname PKCS#11 library name.
- # (Default: none)
-@@ -679,6 +679,7 @@
- my $prefix="";
- my $libdir="";
- my $openssldir="";
-+my $enginesdir="";
- my $exe_ext="";
- my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
- my $cross_compile_prefix="";
-@@ -917,6 +920,10 @@
- {
- $openssldir=$1;
- }
-+ elsif (/^--enginesdir=(.*)$/)
-+ {
-+ $enginesdir=$1;
-+ }
- elsif (/^--install.prefix=(.*)$/)
- {
- $install_prefix=$1;
-@@ -1224,6 +1231,10 @@
- # we're ready to tolerate, so don't...
- $multilib="" if !-d "$prefix/lib$multilib";
-
-+if ($enginesdir eq "") {
-+ $enginesdir = "$prefix/lib/engines";
-+}
-+
- $libdir="lib$multilib" if $libdir eq "";
-
- $cflags = "$cflags$exp_cflags";
-@@ -1846,7 +1857,7 @@
- }
- elsif (/^#define\s+ENGINESDIR/)
- {
-- my $foo = "$prefix/$libdir/engines";
-+ my $foo = "$enginesdir";
- $foo =~ s/\\/\\\\/g;
- print OUT "#define ENGINESDIR \"$foo\"\n";
- }
--- a/components/openssl/openssl-1.0.1-fips-140/patches/29_fork_safe.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,275 +0,0 @@
-#
-# This file adds the code to setup internal mutexes and callback function.
-# PSARC/2014/077
-# PSARC/2015/043
-# This change was implemented in-house. The issue was brought up to
-# the upstream engineers, but there was no commitment.
-#
---- openssl-1.0.1f/crypto/cryptlib.c.~1~ Fri Feb 7 10:41:36 2014
-+++ openssl-1.0.1f/crypto/cryptlib.c Thu Feb 6 16:03:58 2014
-@@ -116,6 +116,7 @@
-
- #include "cryptlib.h"
- #include <openssl/safestack.h>
-+#include <pthread.h>
-
- #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
- static double SSLeay_MSVC5_hack = 0.0; /* and for VC1.5 */
-@@ -184,6 +185,8 @@
- */
- static STACK_OF(CRYPTO_dynlock) *dyn_locks = NULL;
-
-+static pthread_mutex_t *solaris_openssl_locks;
-+
- static void (MS_FAR *locking_callback) (int mode, int type,
- const char *file, int line) = 0;
- static int (MS_FAR *add_lock_callback) (int *pointer, int amount,
-@@ -373,7 +376,10 @@
- void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func)
- (const char *file, int line))
- {
-- dynlock_create_callback = func;
-+ /*
-+ * we now setup our own dynamic locking callback, and disallow
-+ * setting of another locking callback.
-+ */
- }
-
- void CRYPTO_set_dynlock_lock_callback(void (*func) (int mode,
-@@ -382,7 +388,10 @@
- const char *file,
- int line))
- {
-- dynlock_lock_callback = func;
-+ /*
-+ * we now setup our own dynamic locking callback, and disallow
-+ * setting of another locking callback.
-+ */
- }
-
- void CRYPTO_set_dynlock_destroy_callback(void (*func)
-@@ -389,7 +398,10 @@
- (struct CRYPTO_dynlock_value *l,
- const char *file, int line))
- {
-- dynlock_destroy_callback = func;
-+ /*
-+ * we now setup our own dynamic locking callback, and disallow
-+ * setting of another locking callback.
-+ */
- }
-
- void (*CRYPTO_get_locking_callback(void)) (int mode, int type,
-@@ -402,6 +414,129@@
- return (add_lock_callback);
- }
-
-+/*
-+ * This is the locking callback function which all applications will be
-+ * using when CRYPTO_lock() is called.
-+ */
-+static void solaris_locking_callback(int mode, int type, const char *file,
-+ int line)
-+{
-+ if (mode & CRYPTO_LOCK) {
-+ pthread_mutex_lock(&solaris_openssl_locks[type]);
-+ } else {
-+ pthread_mutex_unlock(&solaris_openssl_locks[type]);
-+ }
-+}
-+
-+
-+/*
-+ * Implement Solaris's own dynamic locking routines.
-+ */
-+static struct CRYPTO_dynlock_value *
-+solaris_dynlock_create(const char *file, int line)
-+{
-+ int ret;
-+ pthread_mutex_t *dynlock;
-+
-+ dynlock = OPENSSL_malloc(sizeof(pthread_mutex_t));
-+ if (dynlock == NULL) {
-+ return (NULL);
-+ }
-+
-+ ret = pthread_mutex_init(dynlock, NULL);
-+ OPENSSL_assert(ret);
-+
-+ return ((struct CRYPTO_dynlock_value *)dynlock);
-+}
-+
-+static void
-+solaris_dynlock_lock(int mode, struct CRYPTO_dynlock_valud *dynlock,
-+ const char *file, int line)
-+{
-+ int ret;
-+
-+ if (mode & CRYPTO_LOCK) {
-+ ret = pthread_mutex_lock((pthread_mutex_t *)dynlock);
-+ } else {
-+ ret = pthread_mutex_unlock((pthread_mutex_t *)dynlock);
-+ }
-+
-+ OPENSSL_assert(ret == 0);
-+}
-+
-+static void
-+solaris_dynlock_destroy(struct CRYPTO_dynlock_value *dynlock,
-+ const char *file, int line)
-+{
-+ int ret;
-+ ret = pthread_mutex_destroy((pthread_mutex_t *)dynlock);
-+ OPENSSL_assert(ret);
-+}
-+
-+
-+/*
-+ * This function is called when a child process is forked to setup its own
-+ * global locking callback function ptr and mutexes.
-+ */
-+static void solaris_fork_child(void)
-+{
-+ /*
-+ * clear locking_callback to indicate that locks should
-+ * be reinitialized.
-+ */
-+ locking_callback = NULL;
-+ solaris_locking_setup();
-+}
-+
-+/*
-+ * This function allocates and initializes the global mutex array, and
-+ * sets the locking callback.
-+ */
-+void solaris_locking_setup()
-+{
-+ int i;
-+ int num_locks;
-+
-+ /* setup the dynlock callback if not already */
-+ if (dynlock_create_callback == NULL) {
-+ dynlock_create_callback = solaris_dynlock_create;
-+ }
-+ if (dynlock_lock_callback == NULL) {
-+ dynlock_lock_callback = solaris_dynlock_lock;
-+ }
-+ if (dynlock_destroy_callback == NULL) {
-+ dynlock_destroy_callback = solaris_dynlock_destroy;
-+ }
-+
-+ /* locking callback is already setup. Nothing to do */
-+ if (locking_callback != NULL) {
-+ return;
-+ }
-+
-+ /*
-+ * Set atfork handler so that child can setup its own mutexes and
-+ * locking callbacks when it is forked
-+ */
-+ (void) pthread_atfork(NULL, NULL, solaris_fork_child);
-+
-+ /* allocate locks needed by OpenSSL */
-+ num_locks = CRYPTO_num_locks();
-+ solaris_openssl_locks =
-+ OPENSSL_malloc(sizeof (pthread_mutex_t) * num_locks);
-+ if (solaris_openssl_locks == NULL) {
-+ fprintf(stderr,
-+ "solaris_locking_setup: memory allocation failure.\n");
-+ abort();
-+ }
-+
-+ /* initialize openssl mutexes */
-+ for (i = 0; i < num_locks; i++) {
-+ pthread_mutex_init(&solaris_openssl_locks[i], NULL);
-+ }
-+ locking_callback = solaris_locking_callback;
-+
-+}
-+
- void CRYPTO_set_locking_callback(void (*func) (int mode, int type,
- const char *file, int line))
- {
-@@ -410,7 +486,11 @@
- * started.
- */
- OPENSSL_init();
-- locking_callback = func;
-+
-+ /*
-+ * we now setup our own locking callback and mutexes, and disallow
-+ * setting of another locking callback.
-+ */
- }
-
- void CRYPTO_set_add_lock_callback(int (*func) (int *num, int mount, int type,
-@@ -471,9 +551,10 @@
-
- int CRYPTO_THREADID_set_callback(void (*func) (CRYPTO_THREADID *))
- {
-- if (threadid_callback)
-- return 0;
-- threadid_callback = func;
-+ /*
-+ * Use the backup method (the address of 'errno') to identify the
-+ * thread and disallow setting the threadid callback.
-+ */
- return 1;
- }
-
-@@ -531,7 +611,10 @@
-
- void CRYPTO_set_id_callback(unsigned long (*func) (void))
- {
-- id_callback = func;
-+ /*
-+ * Use the backup method to identify the thread/process.
-+ * Setting the id callback is disallowed.
-+ */
- }
-
- unsigned long CRYPTO_thread_id(void)
---- openssl-1.0.1f/crypto/cryptlib.h.~1~ Fri Feb 7 10:41:42 2014
-+++ openssl-1.0.1f/crypto/cryptlib.h Thu Feb 6 16:04:16 2014
-@@ -104,6 +104,8 @@
- void *OPENSSL_stderr(void);
- extern int OPENSSL_NONPIC_relocated;
-
-+void solaris_locking_setup();
-+
- #ifdef __cplusplus
- }
- #endif
---- openssl-1.0.1f/crypto/sparccpuid.S.~1~ Fri Feb 7 10:41:37 2014
-+++ openssl-1.0.1f/crypto/sparccpuid.S Thu Feb 6 16:04:14 2014
-@@ -398,5 +398,7 @@
- .size OPENSSL_cleanse,.-OPENSSL_cleanse
-
- .section ".init",#alloc,#execinstr
-+ call solaris_locking_setup
-+ nop
- call OPENSSL_cpuid_setup
- nop
---- openssl-1.0.1f/crypto/x86_64cpuid.pl.~1~ Wed Feb 12 13:20:09 2014
-+++ openssl-1.0.1f/crypto/x86_64cpuid.pl Wed Feb 12 13:21:20 2014
-@@ -20,7 +20,10 @@
- print<<___;
- .extern OPENSSL_cpuid_setup
- .hidden OPENSSL_cpuid_setup
-+.extern solaris_locking_setup
-+.hidden solaris_locking_setup
- .section .init
-+ call solaris_locking_setup
- call OPENSSL_cpuid_setup
-
- .hidden OPENSSL_ia32cap_P
---- openssl-1.0.1f/crypto/x86cpuid.pl.~1~ Wed Feb 12 13:38:03 2014
-+++ openssl-1.0.1f/crypto/x86cpuid.pl Wed Feb 12 13:38:31 2014
-@@ -353,6 +353,7 @@
- &ret ();
- &function_end_B("OPENSSL_ia32_rdrand");
-
-+&initseg("solaris_locking_setup");
- &initseg("OPENSSL_cpuid_setup");
-
- &asm_finish();
--- a/components/openssl/openssl-1.0.1-fips-140/patches/32_aes_cbc_len_check.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,18 +0,0 @@
-#
-# This was developed in house and reported to the upstream.
-#
---- openssl-1.0.1e/crypto/evp/e_aes.c Tue Jul 2 11:03:12 2013
-+++ openssl-1.0.1e/crypto/evp/e_aes.c.new Tue Jul 2 11:04:56 2013
-@@ -536,8 +536,12 @@
- static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, size_t len)
- {
-+ size_t bl = ctx->cipher->block_size;
- EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data;
-
-+ if (len < bl)
-+ return 1;
-+
- if (dat->stream.cbc)
- (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv, ctx->encrypt);
- else if (ctx->encrypt)
--- a/components/openssl/openssl-1.0.1-fips-140/patches/33_cert_chain.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,210 +0,0 @@
-This patch comes from OpenSSL upstream code, and the change has been commited to OpenSSL 1.0.2.
- http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fbd2164044f92383955a801ad1b2857d71e83f27
- http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=51e7a4378a78bb0870a2cdc5c524c230c929ebcb
- http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2dabd822366df7b2608b55d5ca5f31d5d484cbaf
-
-Index: openssl/crypto/x509/x509_trs.c
-============================================================================
-$ diff -ru crypto/x509/x509_trs.c crypto/x509/x509_trs.c
---- openssl/crypto/x509/x509_trs.c.orig 4 Dec 2012 17:26:04 -0000 1.133.2.11.2.6.2.3
-+++ openssl/crypto/x509/x509_trs.c 14 Dec 2012 14:30:45 -0000 1.133.2.11.2.6.2.4
-@@ -119,6 +119,14 @@ int X509_check_trust(X509 *x, int id, int flags)
- int idx;
- if (id == -1)
- return 1;
-+ /* We get this as a default value */
-+ if (id == 0) {
-+ int rv;
-+ rv = obj_trust(NID_anyExtendedKeyUsage, x, 0);
-+ if (rv != X509_TRUST_UNTRUSTED)
-+ return rv;
-+ return trust_compat(NULL, x, 0);
-+ }
- idx = X509_TRUST_get_by_id(id);
- if (idx == -1)
- return default_trust(id, x, flags);
-Index: openssl/crypto/x509/x509_vfy.c
-============================================================================
-$ cvs diff -u -r1.105.2.9.2.4.2.3 -r1.105.2.9.2.4.2.4 x509_vfy.c
---- openssl/crypto/x509/x509_vfy.c 14 Dec 2012 12:53:48 -0000 1.105.2.9.2.4.2.3
-+++ openssl/crypto/x509/x509_vfy.c 14 Dec 2012 14:30:46 -0000 1.105.2.9.2.4.2.4
-@@ -149,6 +149,33 @@
- }
- #endif
-
-+/* Given a certificate try and find an exact match in the store */
-+
-+static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x)
-+ {
-+ STACK_OF(X509) *certs;
-+ X509 *xtmp = NULL;
-+ int i;
-+ /* Lookup all certs with matching subject name */
-+ certs = ctx->lookup_certs(ctx, X509_get_subject_name(x));
-+ if (certs == NULL)
-+ return NULL;
-+ /* Look for exact match */
-+ for (i = 0; i < sk_X509_num(certs); i++)
-+ {
-+ xtmp = sk_X509_value(certs, i);
-+ if (!X509_cmp(xtmp, x))
-+ break;
-+ }
-+ if (i < sk_X509_num(certs))
-+ CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);
-+ else
-+ xtmp = NULL;
-+ sk_X509_pop_free(certs, X509_free);
-+ return xtmp;
-+ }
-+
-+
- int X509_verify_cert(X509_STORE_CTX *ctx)
- {
- X509 *x, *xtmp, *chain_ss = NULL;
-@@ -304,8 +331,17 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
-
- /* we now have our chain, lets check it... */
-
-- /* Is last certificate looked up self signed? */
-- if (!ctx->check_issued(ctx, x, x)) {
-+ i = check_trust(ctx);
-+
-+ /* If explicitly rejected error */
-+ if (i == X509_TRUST_REJECTED)
-+ goto end;
-+ /*
-+ * If not explicitly trusted then indicate error unless it's a single
-+ * self signed certificate in which case we've indicated an error already
-+ * and set bad_chain == 1
-+ */
-+ if (i != X509_TRUST_TRUSTED && !bad_chain) {
- if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) {
- if (ctx->last_untrusted >= num)
- ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
-@@ -340,14 +376,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
- ok = check_name_constraints(ctx);
-
- if (!ok)
-- goto end;
--
-- /* The chain extensions are OK: check trust */
--
-- if (param->trust > 0)
-- ok = check_trust(ctx);
--
-- if (!ok)
- goto end;
-
- /* We may as well copy down any DSA parameters that are required */
-@@ -630,28 +658,53 @@ static int check_name_constraints(X509_STORE_CTX *ctx)
-
- static int check_trust(X509_STORE_CTX *ctx)
- {
--#ifdef OPENSSL_NO_CHAIN_VERIFY
-- return 1;
--#else
- int i, ok;
-- X509 *x;
-+ X509 *x = NULL;
- int (*cb) (int xok, X509_STORE_CTX *xctx);
- cb = ctx->verify_cb;
--/* For now just check the last certificate in the chain */
-- i = sk_X509_num(ctx->chain) - 1;
-- x = sk_X509_value(ctx->chain, i);
-- ok = X509_check_trust(x, ctx->param->trust, 0);
-- if (ok == X509_TRUST_TRUSTED)
-- return 1;
-- ctx->error_depth = i;
-- ctx->current_cert = x;
-- if (ok == X509_TRUST_REJECTED)
-- ctx->error = X509_V_ERR_CERT_REJECTED;
-- else
-- ctx->error = X509_V_ERR_CERT_UNTRUSTED;
-- ok = cb(0, ctx);
-- return ok;
--#endif
-+ /* Check all trusted certificates in chain */
-+ for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) {
-+ x = sk_X509_value(ctx->chain, i);
-+ ok = X509_check_trust(x, ctx->param->trust, 0);
-+ /* If explicitly trusted return trusted */
-+ if (ok == X509_TRUST_TRUSTED)
-+ return X509_TRUST_TRUSTED;
-+ /*
-+ * If explicitly rejected notify callback and reject if not
-+ * overridden.
-+ */
-+ if (ok == X509_TRUST_REJECTED) {
-+ ctx->error_depth = i;
-+ ctx->current_cert = x;
-+ ctx->error = X509_V_ERR_CERT_REJECTED;
-+ ok = cb(0, ctx);
-+ if (!ok)
-+ return X509_TRUST_REJECTED;
-+ }
-+ }
-+ /*
-+ * If we accept partial chains and have at least one trusted certificate
-+ * return success.
-+ */
-+ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
-+ X509 *mx;
-+ if (ctx->last_untrusted < sk_X509_num(ctx->chain))
-+ return X509_TRUST_TRUSTED;
-+ x = sk_X509_value(ctx->chain, 0);
-+ mx = lookup_cert_match(ctx, x);
-+ if (mx) {
-+ (void)sk_X509_set(ctx->chain, 0, mx);
-+ X509_free(x);
-+ ctx->last_untrusted = 0;
-+ return X509_TRUST_TRUSTED;
-+ }
-+ }
-+
-+ /*
-+ * If no trusted certs in chain at all return untrusted and allow
-+ * standard (no issuer cert) etc errors to be indicated.
-+ */
-+ return X509_TRUST_UNTRUSTED;
- }
-
- static int check_revocation(X509_STORE_CTX *ctx)
-@@ -1526,6 +1579,8 @@ static int internal_verify(X509_STORE_CTX *ctx)
- if (ctx->check_issued(ctx, xi, xi))
- xs = xi;
- else {
-+ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN && n == 0)
-+ return check_cert_time(ctx, xi);
- if (n <= 0) {
- ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
- ctx->current_cert = xi;
-Index: openssl/crypto/x509/x509_vfy.h
-============================================================================
-$ cvs diff -u -r1.67.2.3.4.1 -r1.67.2.3.4.2 x509_vfy.h
---- openssl/crypto/x509/x509_vfy.h 26 Sep 2012 13:50:42 -0000 1.67.2.3.4.1
-+++ openssl/crypto/x509/x509_vfy.h 14 Dec 2012 14:30:46 -0000 1.67.2.3.4.2
-@@ -406,6 +406,9 @@
- /* Check selfsigned CA signature */
- # define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000
-
-+/* Allow partial chains if at least one certificate is in trusted store */
-+# define X509_V_FLAG_PARTIAL_CHAIN 0x80000
-+
- # define X509_VP_FLAG_DEFAULT 0x1
- # define X509_VP_FLAG_OVERWRITE 0x2
- # define X509_VP_FLAG_RESET_FLAGS 0x4
-Index: openssl/apps/apps.c
-============================================================================
-$ cvs diff -u -r1.133.2.11.2.6.2.3 -r1.133.2.11.2.6.2.4 apps.c
---- openssl/apps/apps.c 4 Dec 2012 17:26:04 -0000 1.133.2.11.2.6.2.3
-+++ openssl/apps/apps.c 14 Dec 2012 14:30:45 -0000 1.133.2.11.2.6.2.4
-@@ -2238,6 +2238,8 @@
- flags |= X509_V_FLAG_NOTIFY_POLICY;
- else if (!strcmp(arg, "-check_ss_sig"))
- flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
-+ else if (!strcmp(arg, "-partial_chain"))
-+ flags |= X509_V_FLAG_PARTIAL_CHAIN;
- else
- return 0;
-
--- a/components/openssl/openssl-1.0.1-fips-140/patches/35-17952966.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
-Solaris-specific; not suitable for upstream
-
---- /tmp/Makefile.shared Mon Feb 14 14:39:29 2011
-+++ openssl-1.0.0d/Makefile.shared Mon Feb 14 14:50:52 2011
-@@ -108,7 +108,7 @@
- LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
- $${SHAREDCMD} $${SHAREDFLAGS} \
- -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-- $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
-+ $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS -lc \
- ) && $(SYMLINK_SO)
-
- SYMLINK_SO= \
--- a/components/openssl/openssl-1.0.1-fips-140/patches/36_evp_leak.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,144 +0,0 @@
-Patch developed in-house. Solaris-specific; not suitable for upstream.
-
---- openssl-1.0.1f/crypto/evp/evp_enc.c.orig Mon Feb 11 07:26:04 2013
-+++ openssl-1.0.1f/crypto/evp/evp_enc.c Mon Feb 3 16:40:48 2014
-@@ -379,11 +379,13 @@
-
- if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
- ret = M_do_cipher(ctx, out, NULL, 0);
-- if (ret < 0)
-- return 0;
-- else
-+ if (ret < 0) {
-+ ret = 0;
-+ goto cleanup;
-+ } else
- *outl = ret;
-- return 1;
-+ ret = 1;
-+ goto cleanup;
- }
-
- b = ctx->cipher->block_size;
-@@ -390,7 +392,8 @@
- OPENSSL_assert(b <= sizeof ctx->buf);
- if (b == 1) {
- *outl = 0;
-- return 1;
-+ ret = 1;
-+ goto cleanup;
- }
- bl = ctx->buf_len;
- if (ctx->flags & EVP_CIPH_NO_PADDING) {
-@@ -397,10 +400,12 @@
- if (bl) {
- EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,
- EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
-- return 0;
-+ ret = 0;
-+ goto cleanup;
- }
- *outl = 0;
-- return 1;
-+ ret = 1;
-+ goto cleanup;
- }
-
- n = b - bl;
-@@ -411,6 +416,11 @@
- if (ret)
- *outl = b;
-
-+cleanup:
-+ if (ctx->cipher->cleanup) {
-+ ctx->cipher->cleanup(ctx);
-+ }
-+
- return ret;
- }
-
-@@ -478,6 +488,7 @@
- int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
- {
- int i, n;
-+ int err = 1;
- unsigned int b;
- *outl = 0;
-
-@@ -483,11 +494,13 @@
-
- if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
- i = M_do_cipher(ctx, out, NULL, 0);
-- if (i < 0)
-- return 0;
-- else
-+ if (i < 0) {
-+ err = 0;
-+ goto cleanup;
-+ } else
- *outl = i;
-- return 1;
-+ err = 1;
-+ goto cleanup;
- }
-
- b = ctx->cipher->block_size;
-@@ -495,10 +508,12 @@
- if (ctx->buf_len) {
- EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
- EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
-- return 0;
-+ err = 0;
-+ goto cleanup;
- }
- *outl = 0;
-- return 1;
-+ err = 1;
-+ goto cleanup;
- }
- if (b > 1) {
- if (ctx->buf_len || !ctx->final_used) {
-@@ -503,7 +518,8 @@
- if (b > 1) {
- if (ctx->buf_len || !ctx->final_used) {
- EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
-- return (0);
-+ err = 0;
-+ goto cleanup;
- }
- OPENSSL_assert(b <= sizeof ctx->final);
-
-@@ -514,7 +530,8 @@
- n = ctx->final[b - 1];
- if (n == 0 || n > (int)b) {
- EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
-- return (0);
-+ err = 0;
-+ goto cleanup;
- }
- for (i = 0; i < n; i++) {
- if (ctx->final[--b] != n) {
-@@ -519,7 +536,8 @@
- for (i = 0; i < n; i++) {
- if (ctx->final[--b] != n) {
- EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
-- return (0);
-+ err = 0;
-+ goto cleanup;
- }
- }
- n = ctx->cipher->block_size - n;
-@@ -528,7 +546,12 @@
- *outl = n;
- } else
- *outl = 0;
-- return (1);
-+ err = 1;
-+cleanup:
-+ if (ctx->cipher->cleanup) {
-+ ctx->cipher->cleanup(ctx);
-+ }
-+ return err;
- }
-
- void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
--- a/components/openssl/openssl-1.0.1-fips-140/patches/38_remove_illegal_instruction_calls.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,167 +0,0 @@
-#
-# This patch was developed in house.
-# This is Solaris-specific: not suitable for upstream.
-#
---- openssl-1.0.1g/crypto/sparcv9cap.c.~1~ Thu May 1 13:07:00 2014
-+++ openssl-1.0.1g/crypto/sparcv9cap.c Thu May 1 13:11:33 2014
-@@ -2,9 +2,9 @@
- #include <stdlib.h>
- #include <string.h>
- #include <setjmp.h>
--#include <signal.h>
- #include <sys/time.h>
- #include <openssl/bn.h>
-+#include <sys/auxv.h>
-
- #define SPARCV9_TICK_PRIVILEGED (1<<0)
- #define SPARCV9_PREFER_FPU (1<<1)
-@@ -11,6 +11,7 @@
- #define SPARCV9_VIS1 (1<<2)
- #define SPARCV9_VIS2 (1<<3) /* reserved */
- #define SPARCV9_FMADD (1<<4) /* reserved for SPARC64 V */
-+#define SPARCV9_BLK (1<<5)
-
- static int OPENSSL_sparcv9cap_P = SPARCV9_TICK_PRIVILEGED;
-
-@@ -31,10 +31,7 @@
- }
-
- unsigned long _sparcv9_rdtick(void);
--void _sparcv9_vis1_probe(void);
- unsigned long _sparcv9_vis1_instrument(void);
--void _sparcv9_vis2_probe(void);
--void _sparcv9_fmadd_probe(void);
-
- unsigned long OPENSSL_rdtsc(void)
- {
-@@ -170,18 +167,11 @@
-
- #else
-
--static sigjmp_buf common_jmp;
--static void common_handler(int sig)
--{
-- siglongjmp(common_jmp, sig);
--}
--
- void OPENSSL_cpuid_setup(void)
- {
- char *e;
-- struct sigaction common_act, ill_oact, bus_oact;
-- sigset_t all_masked, oset;
- static int trigger = 0;
-+ uint_t ui = 0;
-
- if (trigger)
- return;
-@@ -192,54 +182,24 @@
- return;
- }
-
-+ (void) getisax(&ui, 1);
-+
- /* Initial value, fits UltraSPARC-I&II... */
-- OPENSSL_sparcv9cap_P = SPARCV9_PREFER_FPU | SPARCV9_TICK_PRIVILEGED;
-+ OPENSSL_sparcv9cap_P = SPARCV9_BLK;
-
-- sigfillset(&all_masked);
-- sigdelset(&all_masked, SIGILL);
-- sigdelset(&all_masked, SIGTRAP);
--# ifdef SIGEMT
-- sigdelset(&all_masked, SIGEMT);
--# endif
-- sigdelset(&all_masked, SIGFPE);
-- sigdelset(&all_masked, SIGBUS);
-- sigdelset(&all_masked, SIGSEGV);
-- sigprocmask(SIG_SETMASK, &all_masked, &oset);
--
-- memset(&common_act, 0, sizeof(common_act));
-- common_act.sa_handler = common_handler;
-- common_act.sa_mask = all_masked;
--
-- sigaction(SIGILL, &common_act, &ill_oact);
-- sigaction(SIGBUS, &common_act, &bus_oact); /* T1 fails 16-bit ldda [on
-- * Linux] */
--
-- if (sigsetjmp(common_jmp, 1) == 0) {
-- _sparcv9_rdtick();
-- OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED;
-- }
--
-- if (sigsetjmp(common_jmp, 1) == 0) {
-- _sparcv9_vis1_probe();
-- OPENSSL_sparcv9cap_P |= SPARCV9_VIS1;
-- /* detect UltraSPARC-Tx, see sparccpud.S for details... */
-- if (_sparcv9_vis1_instrument() >= 12)
-- OPENSSL_sparcv9cap_P &= ~(SPARCV9_VIS1 | SPARCV9_PREFER_FPU);
-- else {
-- _sparcv9_vis2_probe();
-- OPENSSL_sparcv9cap_P |= SPARCV9_VIS2;
-+ if (ui & AV_SPARC_VIS) {
-+ /* detect UltraSPARC-Tx, see sparccpuid.S for details... */
-+ if (_sparcv9_vis1_instrument() < 7)
-+ OPENSSL_sparcv9cap_P |= SPARCV9_TICK_PRIVILEGED;
-+ if (_sparcv9_vis1_instrument() < 12) {
-+ OPENSSL_sparcv9cap_P |= SPARCV9_VIS1|SPARCV9_PREFER_FPU;
-+ if (ui & AV_SPARC_VIS2)
-+ OPENSSL_sparcv9cap_P |= SPARCV9_VIS2;
- }
- }
-
-- if (sigsetjmp(common_jmp, 1) == 0) {
-- _sparcv9_fmadd_probe();
-+ if (ui & AV_SPARC_FMAF)
- OPENSSL_sparcv9cap_P |= SPARCV9_FMADD;
-- }
--
-- sigaction(SIGBUS, &bus_oact, NULL);
-- sigaction(SIGILL, &ill_oact, NULL);
--
-- sigprocmask(SIG_SETMASK, &oset, NULL);
- }
-
- #endif
---- openssl-1.0.1g/crypto/sparccpuid.S.~1~ Thu May 1 13:07:00 2014
-+++ openssl-1.0.1g/crypto/sparccpuid.S Thu May 1 13:11:33 2014
-@@ -232,16 +232,6 @@
- .type _sparcv9_rdtick,#function
- .size _sparcv9_rdtick,.-_sparcv9_rdtick
-
--.global _sparcv9_vis1_probe
--.align 8
--_sparcv9_vis1_probe:
-- add %sp,BIAS+2,%o1
-- .word 0xc19a5a40 !ldda [%o1]ASI_FP16_P,%f0
-- retl
-- .word 0x81b00d80 !fxor %f0,%f0,%f0
--.type _sparcv9_vis1_probe,#function
--.size _sparcv9_vis1_probe,.-_sparcv9_vis1_probe
--
- ! Probe and instrument VIS1 instruction. Output is number of cycles it
- ! takes to execute rdtick and pair of VIS1 instructions. US-Tx VIS unit
- ! is slow (documented to be 6 cycles on T2) and the core is in-order
-@@ -296,24 +286,6 @@
- .type _sparcv9_vis1_instrument,#function
- .size _sparcv9_vis1_instrument,.-_sparcv9_vis1_instrument
-
--.global _sparcv9_vis2_probe
--.align 8
--_sparcv9_vis2_probe:
-- retl
-- .word 0x81b00980 !bshuffle %f0,%f0,%f0
--.type _sparcv9_vis2_probe,#function
--.size _sparcv9_vis2_probe,.-_sparcv9_vis2_probe
--
--.global _sparcv9_fmadd_probe
--.align 8
--_sparcv9_fmadd_probe:
-- .word 0x81b00d80 !fxor %f0,%f0,%f0
-- .word 0x85b08d82 !fxor %f2,%f2,%f2
-- retl
-- .word 0x81b80440 !fmaddd %f0,%f0,%f2,%f0
--.type _sparcv9_fmadd_probe,#function
--.size _sparcv9_fmadd_probe,.-_sparcv9_fmadd_probe
--
- .global OPENSSL_cleanse
- .align 32
- OPENSSL_cleanse:
--- a/components/openssl/openssl-1.0.1-fips-140/patches/39_test.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,15 +0,0 @@
-#
-# Remove test 'test_ca' because it depends on directories
-# not present in the build directory. The rest of tests are ok.
-#
---- a/test/Makefile.orig Thu Apr 2 12:11:12 2015
-+++ b/test/Makefile Thu Apr 2 12:11:21 2015
-@@ -142,7 +142,7 @@
- test_rand test_bn test_ec test_ecdsa test_ecdh \
- test_enc test_x509 test_rsa test_crl test_sid \
- test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
-- test_ss test_ca test_engine test_evp test_evp_extra test_ssl test_tsa test_ige \
-+ test_ss test_engine test_evp test_evp_extra test_ssl test_tsa test_ige \
- test_jpake test_srp test_cms test_heartbeat test_constant_time
-
- test_evp:
--- a/components/openssl/openssl-1.0.1-fips-140/patches/41_uninitialized_ctx.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,14 +0,0 @@
-#
-# This was developed in house. Upstreadm notified (PR#277).
-#
-diff -ru openssl-1.0.1m/crypto/evp/evp_enc.c openssl-1.0.1m/crypto/evp/evp_enc.c.new
---- openssl-1.0.1m/crypto/evp/evp_enc.c Thu May 7 09:46:32 2015
-+++ openssl-1.0.1m/crypto/evp/evp_enc.c.new Thu May 7 09:46:23 2015
-@@ -179,6 +179,7 @@
- EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
- return 0;
- }
-+ (void) memset(ctx->cipher_data, 0, ctx->cipher->ctx_size);
- } else {
- ctx->cipher_data = NULL;
- }
--- a/components/openssl/openssl-1.0.1/Makefile Wed May 27 17:12:47 2015 -0700
+++ b/components/openssl/openssl-1.0.1/Makefile Thu May 28 09:54:36 2015 -0700
@@ -42,6 +42,13 @@
TPNO= 21965
+# Clone the patch files to the patches-all dir.
+# COPY_COMMON_FILES is there so that rsync is called as soon as
+# the Makefile is parsed.
+PATCH_DIR=patches-all
+CLEAN_PATHS += $(PATCH_DIR)
+COPY_COMMON_FILES:= $(shell rsync -ac ../common/patches/ patches/ $(PATCH_DIR))
+
include $(WS_MAKE_RULES)/prep.mk
include $(WS_MAKE_RULES)/configure.mk
include $(WS_MAKE_RULES)/ips.mk
--- a/components/openssl/openssl-1.0.1/patches/08-6193522.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,54 +0,0 @@
-diff -ruN openssl-0.9.8a/apps/CA.pl.in openssl-0.9.8a/apps/CA.pl.in
---- openssl-0.9.8a/apps/CA.pl.in 2005-07-04 23:44:22.000000000 +0200
-+++ openssl-0.9.8a/apps/CA.pl.in 2009-04-21 16:08:45.354925289 +0200
-@@ -53,7 +53,7 @@
- $X509="$openssl x509";
- $PKCS12="$openssl pkcs12";
-
--$CATOP="./demoCA";
-+$CATOP="/etc/openssl";
- $CAKEY="cakey.pem";
- $CAREQ="careq.pem";
- $CACERT="cacert.pem";
-diff -ruN openssl-0.9.8a/apps/openssl.cnf openssl-0.9.8a/apps/openssl.cnf
---- openssl-0.9.8a/apps/openssl.cnf 2005-09-16 14:20:24.000000000 +0200
-+++ openssl-0.9.8a/apps/openssl.cnf 2009-04-21 16:07:13.910980196 +0200
-@@ -39,7 +39,7 @@
- ####################################################################
- [ CA_default ]
-
--dir = ./demoCA # Where everything is kept
-+dir = /etc/openssl # Where everything is kept
- certs = $dir/certs # Where the issued certs are kept
- crl_dir = $dir/crl # Where the issued crl are kept
- database = $dir/index.txt # database index file.
-@@ -49,7 +49,7 @@
-
- certificate = $dir/cacert.pem # The CA certificate
- serial = $dir/serial # The current serial number
--crlnumber = $dir/crlnumber # the current crl number
-+#crlnumber = $dir/crlnumber # the current crl number
- # must be commented out to leave a V1 CRL
- crl = $dir/crl.pem # The current CRL
- private_key = $dir/private/cakey.pem# The private key
-@@ -126,17 +126,17 @@
-
- [ req_distinguished_name ]
- countryName = Country Name (2 letter code)
--countryName_default = AU
-+#countryName_default = US
- countryName_min = 2
- countryName_max = 2
-
- stateOrProvinceName = State or Province Name (full name)
--stateOrProvinceName_default = Some-State
-+#stateOrProvinceName_default = Some-State
-
- localityName = Locality Name (eg, city)
-
- 0.organizationName = Organization Name (eg, company)
--0.organizationName_default = Internet Widgits Pty Ltd
-+#0.organizationName_default = Unconfigured OpenSSL Installation
-
- # we can do this but it is not needed normally :-)
- #1.organizationName = Second Organization Name (eg, company)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-1.0.1/patches/101-manpage_openssl.patch Thu May 28 09:54:36 2015 -0700
@@ -0,0 +1,16 @@
+diff -ruN openssl-0.9.8a/util/extract-section.pl openssl-0.9.8a/util/extract-section.pl
+--- openssl-0.9.8a/util/extract-section.pl 2004-11-25 18:47:31.000000000 +0100
++++ openssl-0.9.8a/util/extract-section.pl 2009-04-08 12:05:03.128230348 +0200
+@@ -3,10 +3,10 @@
+ while(<STDIN>) {
+ if (/=for\s+comment\s+openssl_manual_section:(\S+)/)
+ {
+- print "$1\n";
++ print "${1}openssl\n";
+ exit 0;
+ }
+ }
+
+-print "$ARGV[0]\n";
++print "${ARGV[0]}openssl\n";
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-1.0.1/patches/102-wanboot.patch Thu May 28 09:54:36 2015 -0700
@@ -0,0 +1,486 @@
+#
+# This patch file makes the changes neccessary to build wanboot-openssl.o
+# binary. This is Solaris-specific: not suitable for upstream.
+#
+--- openssl-1.0.0g/Makefile.org 2010-01-27 08:06:58.000000000 -0800
++++ openssl-1.0.0g-1/Makefile.org 2012-03-26 03:04:08.440194448 -0700
+@@ -138,7 +138,13 @@
+
+ BASEADDR=
+
++# For wanboot, we only need crypto and ssl.
++# 'apps' are not patched to work in stand-alone environment anyway.
++ifeq ($(PLATFORM), solaris64-sparcv9-cc-sunw-wanboot)
++DIRS= crypto ssl
++else
+ DIRS= crypto ssl engines apps test tools
++endif
+ ENGDIRS= ccgost
+ SHLIBDIRS= crypto ssl
+
+--- openssl-1.0.0g/Makefile 2012-01-18 05:42:28.000000000 -0800
++++ openssl-1.0.0g-1/Makefile 2012-03-26 03:03:59.170540344 -0700
+@@ -137,7 +137,13 @@
+
+ BASEADDR=0xFB00000
+
++# For wanboot, we only need crypto and ssl.
++# 'apps' are not patched to work in stand-alone environment anyway.
++ifeq ($(PLATFORM), solaris64-sparcv9-cc-sunw-wanboot)
++DIRS= crypto ssl
++else
+ DIRS= crypto ssl engines apps test tools
++endif
+ ENGDIRS= ccgost
+ SHLIBDIRS= crypto ssl
+
+--- openssl-1.0.0e/crypto/cryptlib.c 2011-06-22 08:39:00.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/cryptlib.c 2011-12-12 06:17:45.422476900 -0800
+@@ -421,11 +421,13 @@
+ static void solaris_locking_callback(int mode, int type, const char *file,
+ int line)
+ {
++#ifndef _BOOT
+ if (mode & CRYPTO_LOCK) {
+ pthread_mutex_lock(&solaris_openssl_locks[type]);
+ } else {
+ pthread_mutex_unlock(&solaris_openssl_locks[type]);
+ }
++#endif
+ }
+
+
+@@ -435,6 +437,7 @@
+ static struct CRYPTO_dynlock_value *
+ solaris_dynlock_create(const char *file, int line)
+ {
++#ifndef _BOOT
+ int ret;
+ pthread_mutex_t *dynlock;
+
+@@ -447,6 +450,9 @@
+ OPENSSL_assert(ret);
+
+ return ((struct CRYPTO_dynlock_value *)dynlock);
++#else
++ return (NULL);
++#endif
+ }
+
+ static void
+@@ -453,6 +459,7 @@
+ solaris_dynlock_lock(int mode, struct CRYPTO_dynlock_valud *dynlock,
+ const char *file, int line)
+ {
++#ifndef _BOOT
+ int ret;
+
+ if (mode & CRYPTO_LOCK) {
+@@ -462,6 +469,7 @@
+ }
+
+ OPENSSL_assert(ret == 0);
++#endif
+ }
+
+ static void
+@@ -468,9 +476,11 @@
+ solaris_dynlock_destroy(struct CRYPTO_dynlock_value *dynlock,
+ const char *file, int line)
+ {
++#ifndef _BOOT
+ int ret;
+ ret = pthread_mutex_destroy((pthread_mutex_t *)dynlock);
+ OPENSSL_assert(ret);
++#endif
+ }
+
+
+@@ -514,6 +524,12 @@
+ }
+
+ /*
++ * pthread_* can't be used in wanboot.
++ * wanboot needs not be thread-safe and mutexes and locking callback
++ * function will not be setup for wanboot.
++ */
++#ifndef _BOOT
++ /*
+ * Set atfork handler so that child can setup its own mutexes and
+ * locking callbacks when it is forked
+ */
+@@ -534,7 +550,7 @@
+ pthread_mutex_init(&solaris_openssl_locks[i], NULL);
+ }
+ locking_callback = solaris_locking_callback;
+-
++#endif
+ }
+
+ void CRYPTO_set_locking_callback(void (*func) (int mode, int type,
+@@ -1084,6 +1100,12 @@
+ MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONSTOP);
+ }
+ #else
++/*
++ * Solaris libsa.a used for WAN boot doesn't provide for vfprintf(). Since
++ * OPENSSL_showfatal() is not used anywhere else then here we can safely use
++ * the code from 0.9.7d version.
++ */
++#ifndef _BOOT
+ void OPENSSL_showfatal(const char *fmta, ...)
+ {
+ va_list ap;
+@@ -1092,6 +1114,7 @@
+ vfprintf(stderr, fmta, ap);
+ va_end(ap);
+ }
++#endif /* _BOOT */
+
+ int OPENSSL_isservice(void)
+ {
+@@ -1101,9 +1124,15 @@
+
+ void OpenSSLDie(const char *file, int line, const char *assertion)
+ {
++#ifndef _BOOT
+ OPENSSL_showfatal
+ ("%s(%d): OpenSSL internal error, assertion failed: %s\n", file, line,
+ assertion);
++#else
++ fprintf(stderr,
++ "%s(%d): OpenSSL internal error, assertion failed: %s\n",
++ file,line,assertion);
++#endif
+ #if !defined(_WIN32) || defined(__CYGWIN__)
+ abort();
+ #else
+--- openssl-1.0.0e/crypto/err/err_all.c 2009-08-09 07:58:05.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/err/err_all.c 2011-12-13 05:22:01.205351400 -0800
+@@ -148,7 +148,9 @@
+ ERR_load_X509V3_strings();
+ ERR_load_PKCS12_strings();
+ ERR_load_RAND_strings();
++#ifndef _BOOT
+ ERR_load_DSO_strings();
++#endif /* _BOOT */
+ ERR_load_TS_strings();
+ # ifndef OPENSSL_NO_ENGINE
+ ERR_load_ENGINE_strings();
+--- openssl-1.0.0e/crypto/evp/evp_key.c 2010-03-27 12:27:50.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/evp/evp_key.c 2011-12-13 05:19:32.956908600 -0800
+@@ -83,7 +83,7 @@
+ else
+ return (prompt_string);
+ }
+-
++#ifndef _BOOT
+ /*
+ * For historical reasons, the standard function for reading passwords is in
+ * the DES library -- if someone ever wants to disable DES, this function
+@@ -115,6 +115,7 @@
+ OPENSSL_cleanse(buff, BUFSIZ);
+ return ret;
+ }
++#endif /* !_BOOT */
+
+ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
+ const unsigned char *salt, const unsigned char *data,
+--- openssl-1.0.0e/crypto/rand/rand_unix.c 2009-04-06 07:31:36.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/rand/rand_unix.c 2011-12-19 07:28:39.988944800 -0800
+@@ -122,7 +122,11 @@
+ # include <sys/time.h>
+ # include <sys/times.h>
+ # include <sys/stat.h>
++#ifdef _BOOT
++# include <sys/fcntl.h>
++#else
+ # include <fcntl.h>
++#endif
+ # include <unistd.h>
+ # include <time.h>
+ # if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually
+@@ -259,6 +263,11 @@
+ const char **egdsocket = NULL;
+ # endif
+
++#ifdef _BOOT
++/* open() is provided by standalone libsa not visible from here */
++extern int open(const char *, int);
++#endif
++
+ # ifdef DEVRANDOM
+ memset(randomstats, 0, sizeof(randomstats));
+ /*
+@@ -307,11 +316,15 @@
+ do {
+ int try_read = 0;
+
+-# if defined(OPENSSL_SYS_BEOS_R5)
++# if defined(OPENSSL_SYS_BEOS_R5) || defined(_BOOT)
+ /*
+ * select() is broken in BeOS R5, so we simply try to read
+ * something and snooze if we couldn't
+ */
++ /*
++ * select() is not available when linking stand-alone
++ * library for wanboot
++ */
+ try_read = 1;
+
+ # elif defined(OPENSSL_SYS_LINUX)
+@@ -365,6 +378,7 @@
+ } else
+ r = -1;
+
++#ifndef _BOOT
+ /*
+ * Some Unixen will update t in select(), some won't. For
+ * those who won't, or if we didn't use select() in the first
+@@ -377,13 +391,17 @@
+ while ((r > 0 ||
+ (errno == EINTR || errno == EAGAIN)) && usec != 0
+ && n < ENTROPY_NEEDED);
++#else /* _BOOT */
++ }
++ while (r > 0 && n < ENTROPY_NEEDED);
++#endif /* _BOOT */
+
+ close(fd);
+ }
+ }
+ # endif /* defined(DEVRANDOM) */
+
+-# ifdef DEVRANDOM_EGD
++# if defined(DEVRANDOM_EGD) && !defined(_BOOT)
+ /*
+ * Use an EGD socket to read entropy from an EGD or PRNGD entropy
+ * collecting daemon.
+@@ -407,6 +424,7 @@
+ }
+ # endif
+
++#ifndef _BOOT
+ /* put in some default random data, we need more than just this */
+ l = curr_pid;
+ RAND_add(&l, sizeof(l), 0.0);
+@@ -415,6 +433,7 @@
+
+ l = time(NULL);
+ RAND_add(&l, sizeof(l), 0.0);
++#endif /* !_BOOT */
+
+ # if defined(OPENSSL_SYS_BEOS)
+ {
+--- openssl-1.0.0e/crypto/rand/randfile.c 2011-03-19 02:44:37.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/rand/randfile.c 2011-12-13 05:26:51.884824200 -0800
+@@ -57,9 +57,11 @@
+ */
+
+ /* We need to define this to get macros like S_IFBLK and S_IFCHR */
++#ifndef _BOOT
+ #if !defined(OPENSSL_SYS_VXWORKS)
+ # define _XOPEN_SOURCE 500
+ #endif
++#endif /* _BOOT */
+
+ #include <errno.h>
+ #include <stdio.h>
+@@ -191,6 +193,7 @@
+ return (ret);
+ }
+
++#ifndef _BOOT
+ int RAND_write_file(const char *file)
+ {
+ unsigned char buf[BUFSIZE];
+@@ -335,3 +338,5 @@
+ #endif
+ return (buf);
+ }
++
++#endif /* _BOOT */
+--- openssl-1.0.0e/crypto/x509v3/v3_utl.c 2009-07-27 14:08:53.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/x509v3/v3_utl.c 2011-12-13 05:10:08.844191400 -0800
+@@ -715,9 +715,50 @@
+ }
+ }
+
++#if defined(_BOOT)
++/* This function was copied from bio/b_sock.c */
++static int get_ip(const char *str, unsigned char ip[4])
++{
++ unsigned int tmp[4];
++ int num = 0, c, ok = 0;
++
++ tmp[0]=tmp[1]=tmp[2]=tmp[3]=0;
++
++ for (;;) {
++ c = *(str++);
++ if ((c >= '0') && (c <= '9')) {
++ ok = 1;
++ tmp[num] = tmp[num]*10+c-'0';
++ if (tmp[num] > 255)
++ return(0);
++ } else if (c == '.') {
++ if (!ok)
++ return (-1);
++ if (num == 3)
++ return (0);
++ num++;
++ ok = 0;
++ } else if (c == '\0' && (num == 3) && ok)
++ break;
++ else
++ return(0);
++ }
++ ip[0]=tmp[0];
++ ip[1]=tmp[1];
++ ip[2]=tmp[2];
++ ip[3]=tmp[3];
++ return(1);
++}
++#endif /* _BOOT */
++
+ static int ipv4_from_asc(unsigned char *v4, const char *in)
+ {
+ int a0, a1, a2, a3;
++
++#if defined(_BOOT)
++ if (get_ip(in, v4) != 1)
++ return 0;
++#else /* _BOOT */
+ if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
+ return 0;
+ if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255)
+@@ -727,6 +768,7 @@
+ v4[1] = a1;
+ v4[2] = a2;
+ v4[3] = a3;
++#endif /* _BOOT */
+ return 1;
+ }
+
+--- openssl-1.0.0e/e_os.h 2011-12-19 04:17:51.631087400 -0800
++++ openssl-1.0.0e_patched/e_os.h 2011-12-19 04:15:15.776668900 -0800
+@@ -213,10 +213,19 @@
+ # define get_last_socket_error() errno
+ # define clear_socket_error() errno=0
+ # define ioctlsocket(a,b,c) ioctl(a,b,c)
++#ifdef _BOOT
++#include <netinet/in.h>
++extern int socket_read(int, void *, size_t, int);
++extern int socket_close(int);
++# define closesocket(s) socket_close(s)
++# define readsocket(s,b,n) socket_read((s),(b),(n), 200)
++# define writesocket(s,b,n) send((s),(b),(n), 0)
++#else /* !_BOOT */
+ # define closesocket(s) close(s)
+ # define readsocket(s,b,n) read((s),(b),(n))
+ # define writesocket(s,b,n) write((s),(b),(n))
+ # endif
++#endif
+
+ # ifdef WIN16 /* never the case */
+ # define MS_CALLBACK _far _loadds
+--- openssl-1.0.0e/crypto/sparcv9cap.c 2010-09-05 12:48:01.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/sparcv9cap.c 2011-12-23 05:24:02.011607700 -0800
+@@ -13,7 +13,11 @@
+ #define SPARCV9_FMADD (1<<4) /* reserved for SPARC64 V */
+ #define SPARCV9_BLK (1<<5)
+
++#ifndef _BOOT
+ static int OPENSSL_sparcv9cap_P = SPARCV9_TICK_PRIVILEGED;
++#else
++static int OPENSSL_sparcv9cap_P = SPARCV9_VIS1;
++#endif
+
+ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ const BN_ULONG *np, const BN_ULONG *n0, int num)
+@@ -34,6 +38,7 @@
+ unsigned long _sparcv9_rdtick(void);
+ unsigned long _sparcv9_vis1_instrument(void);
+
++#ifndef _BOOT
+ unsigned long OPENSSL_rdtsc(void)
+ {
+ if (OPENSSL_sparcv9cap_P & SPARCV9_TICK_PRIVILEGED)
+@@ -45,8 +50,19 @@
+ else
+ return _sparcv9_rdtick();
+ }
++#endif
++
++#if defined(_BOOT)
++/*
++ * Hardcoding sparc capabilities for wanboot.
++ * Older CPUs are EOLed anyway.
++ */
++void OPENSSL_cpuid_setup(void)
++ {
++ OPENSSL_sparcv9cap_P = SPARCV9_VIS1;
++ }
+
+-#if 0 && defined(__sun) && defined(__SVR4)
++#elif 0 && defined(__sun) && defined(__SVR4)
+ /*
+ * This code path is disabled, because of incompatibility of libdevinfo.so.1
+ * and libmalloc.so.1 (see below for details)
+--- openssl-1.0.0e/crypto/sparccpuid.S 2010-09-05 12:48:01.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/sparccpuid.S 2012-02-13 07:42:58.259478325 -0800
+@@ -369,8 +369,13 @@
+ .type OPENSSL_cleanse,#function
+ .size OPENSSL_cleanse,.-OPENSSL_cleanse
+
++#ifndef _BOOT
+ .section ".init",#alloc,#execinstr
+ call solaris_locking_setup
+ nop
+ call OPENSSL_cpuid_setup
+ nop
++#else
++ nop
++ nop
++#endif
+--- openssl-1.0.1c/crypto/Makefile Thu Aug 2 12:56:38 2012
++++ openssl-1.0.1c/crypto/Makefile.new Thu Aug 2 12:59:43 2012
+@@ -36,9 +36,9 @@
+ LIB= $(TOP)/libcrypto.a
+ SHARED_LIB= libcrypto$(SHLIB_EXT)
+ LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
+- ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c
++ ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c wanboot-stubs.c
+ LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o \
+- uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o $(CPUID_OBJ)
++ uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o wanboot-stubs.o $(CPUID_OBJ)
+
+ SRC= $(LIBSRC)
+
+--- openssl-1.0.1f/ssl/s3_clnt.c Thu Jan 30 02:53:33 2014
++++ openssl-1.0.1f/ssl/s3_clnt.c.new Thu Jan 30 02:57:51 2014
+@@ -668,7 +668,11 @@
+
+ p = s->s3->client_random;
+
++#ifndef _BOOT
+ if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
++#else
++ if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0)
++#endif
+ goto err;
+
+ /* Do the message type and length last */
+--- openssl-1.0.1f/ssl/s3_lib.c Wed Oct 15 11:18:30 2014
++++ openssl-1.0.1f/ssl/s3_lib.c.new Wed Oct 15 11:20:07 2014
+@@ -3343,7 +3343,11 @@
+ * Apparently we're using a version-flexible SSL_METHOD (not at its
+ * highest protocol version).
+ */
++#ifndef _BOOT
+ if (s->ctx->method->version == SSLv23_method()->version) {
++#else
++ if (s->ctx->method->version == TLS1_2_VERSION) {
++#endif
+ #if TLS_MAX_VERSION != TLS1_2_VERSION
+ # error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION.
+ #endif
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-1.0.1/patches/103-openssl_t4_inline.patch Thu May 28 09:54:36 2015 -0700
@@ -0,0 +1,2229 @@
+#
+# This file adds inline T4 instruction support to OpenSSL upstream code.
+# The change was brought in from OpenSSL 1.0.2.
+#
+Index: Configure
+===================================================================
+diff -ru openssl-1.0.1e/Configure openssl-1.0.1e/Configure
+--- openssl-1.0.1e/Configure 2011-05-24 17:02:24.000000000 -0700
++++ openssl-1.0.1e/Configure 2011-07-27 10:48:17.817470000 -0700
+@@ -135,7 +135,7 @@
+
+ my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o modexp512-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o:";
+ my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void";
+-my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::ghash-sparcv9.o::void";
++my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o:des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::ghash-sparcv9.o::void";
+ my $fips_sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::ghash-sparcv9.o::void";
+ my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::::void";
+ my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o:::::sha1-alpha.o:::::::ghash-alpha.o::void";
+Index: crypto/sparccpuid.S
+===================================================================
+diff -ru openssl-1.0.1e/crypto/sparccpuid.S openssl-1.0.1e/crypto/sparccpuid.S
+--- openssl-1.0.1e/crypto/sparccpuid.S 2011-05-24 17:02:24.000000000 -0700
++++ openssl-1.0.1e/crypto/sparccpuid.S 2011-07-27 10:48:17.817470000 -0700
+@@ -1,3 +1,7 @@
++#ifdef OPENSSL_FIPSCANISTER
++#include <openssl/fipssyms.h>
++#endif
++
+ #if defined(__SUNPRO_C) && defined(__sparcv9)
+ # define ABI64 /* They've said -xarch=v9 at command line */
+ #elif defined(__GNUC__) && defined(__arch64__)
+@@ -241,7 +245,12 @@
+ ! UltraSPARC IIe 7
+ ! UltraSPARC III 7
+ ! UltraSPARC T1 24
++! SPARC T4 65(*)
+ !
++! (*) result has lesser to do with VIS instruction latencies, rdtick
++! appears that slow, but it does the trick in sense that FP and
++! VIS code paths are still slower than integer-only ones.
++!
+ ! Numbers for T2 and SPARC64 V-VII are more than welcomed.
+ !
+ ! It would be possible to detect specifically US-T1 by instrumenting
+@@ -250,6 +259,8 @@
+ .global _sparcv9_vis1_instrument
+ .align 8
+ _sparcv9_vis1_instrument:
++ .word 0x81b00d80 !fxor %f0,%f0,%f0
++ .word 0x85b08d82 !fxor %f2,%f2,%f2
+ .word 0x91410000 !rd %tick,%o0
+ .word 0x81b00d80 !fxor %f0,%f0,%f0
+ .word 0x85b08d82 !fxor %f2,%f2,%f2
+@@ -286,6 +297,30 @@
+ .type _sparcv9_vis1_instrument,#function
+ .size _sparcv9_vis1_instrument,.-_sparcv9_vis1_instrument
+
++.global _sparcv9_rdcfr
++.align 8
++_sparcv9_rdcfr:
++ retl
++ .word 0x91468000 !rd %asr26,%o0
++.type _sparcv9_rdcfr,#function
++.size _sparcv9_rdcfr,.-_sparcv9_rdcfr
++
++.global _sparcv9_vis3_probe
++.align 8
++_sparcv9_vis3_probe:
++ retl
++ .word 0x81b022a0 !xmulx %g0,%g0,%g0
++.type _sparcv9_vis3_probe,#function
++.size _sparcv9_vis3_probe,.-_sparcv9_vis3_probe
++
++.global _sparcv9_random
++.align 8
++_sparcv9_random:
++ retl
++ .word 0x91b002a0 !random %o0
++.type _sparcv9_random,#function
++.size _sparcv9_random,.-_sparcv9_vis3_probe
++
+ .global OPENSSL_cleanse
+ .align 32
+ OPENSSL_cleanse:
+@@ -370,6 +405,102 @@
+ .size OPENSSL_cleanse,.-OPENSSL_cleanse
+
+ #ifndef _BOOT
++.global _sparcv9_vis1_instrument_bus
++.align 8
++_sparcv9_vis1_instrument_bus:
++ mov %o1,%o3 ! save cnt
++ .word 0x99410000 !rd %tick,%o4 ! tick
++ mov %o4,%o5 ! lasttick = tick
++ set 0,%g4 ! diff
++
++ andn %o0,63,%g1
++ .word 0xc1985e00 !ldda [%g1]0xf0,%f0 ! block load
++ .word 0x8143e040 !membar #Sync
++ .word 0xc1b85c00 !stda %f0,[%g1]0xe0 ! block store and commit
++ .word 0x8143e040 !membar #Sync
++ ld [%o0],%o4
++ add %o4,%g4,%g4
++ .word 0xc9e2100c !cas [%o0],%o4,%g4
++
++.Loop: .word 0x99410000 !rd %tick,%o4
++ sub %o4,%o5,%g4 ! diff=tick-lasttick
++ mov %o4,%o5 ! lasttick=tick
++
++ andn %o0,63,%g1
++ .word 0xc1985e00 !ldda [%g1]0xf0,%f0 ! block load
++ .word 0x8143e040 !membar #Sync
++ .word 0xc1b85c00 !stda %f0,[%g1]0xe0 ! block store and commit
++ .word 0x8143e040 !membar #Sync
++ ld [%o0],%o4
++ add %o4,%g4,%g4
++ .word 0xc9e2100c !cas [%o0],%o4,%g4
++ subcc %o1,1,%o1 ! --$cnt
++ bnz .Loop
++ add %o0,4,%o0 ! ++$out
++
++ retl
++ mov %o3,%o0
++.type _sparcv9_vis1_instrument_bus,#function
++.size _sparcv9_vis1_instrument_bus,.-_sparcv9_vis1_instrument_bus
++
++.global _sparcv9_vis1_instrument_bus2
++.align 8
++_sparcv9_vis1_instrument_bus2:
++ mov %o1,%o3 ! save cnt
++ sll %o1,2,%o1 ! cnt*=4
++
++ .word 0x99410000 !rd %tick,%o4 ! tick
++ mov %o4,%o5 ! lasttick = tick
++ set 0,%g4 ! diff
++
++ andn %o0,63,%g1
++ .word 0xc1985e00 !ldda [%g1]0xf0,%f0 ! block load
++ .word 0x8143e040 !membar #Sync
++ .word 0xc1b85c00 !stda %f0,[%g1]0xe0 ! block store and commit
++ .word 0x8143e040 !membar #Sync
++ ld [%o0],%o4
++ add %o4,%g4,%g4
++ .word 0xc9e2100c !cas [%o0],%o4,%g4
++
++ .word 0x99410000 !rd %tick,%o4 ! tick
++ sub %o4,%o5,%g4 ! diff=tick-lasttick
++ mov %o4,%o5 ! lasttick=tick
++ mov %g4,%g5 ! lastdiff=diff
++.Loop2:
++ andn %o0,63,%g1
++ .word 0xc1985e00 !ldda [%g1]0xf0,%f0 ! block load
++ .word 0x8143e040 !membar #Sync
++ .word 0xc1b85c00 !stda %f0,[%g1]0xe0 ! block store and commit
++ .word 0x8143e040 !membar #Sync
++ ld [%o0],%o4
++ add %o4,%g4,%g4
++ .word 0xc9e2100c !cas [%o0],%o4,%g4
++
++ subcc %o2,1,%o2 ! --max
++ bz .Ldone2
++ nop
++
++ .word 0x99410000 !rd %tick,%o4 ! tick
++ sub %o4,%o5,%g4 ! diff=tick-lasttick
++ mov %o4,%o5 ! lasttick=tick
++ cmp %g4,%g5
++ mov %g4,%g5 ! lastdiff=diff
++
++ .word 0x83408000 !rd %ccr,%g1
++ and %g1,4,%g1 ! isolate zero flag
++ xor %g1,4,%g1 ! flip zero flag
++
++ subcc %o1,%g1,%o1 ! conditional --$cnt
++ bnz .Loop2
++ add %o0,%g1,%o0 ! conditional ++$out
++
++.Ldone2:
++ srl %o1,2,%o1
++ retl
++ sub %o3,%o1,%o0
++.type _sparcv9_vis1_instrument_bus2,#function
++.size _sparcv9_vis1_instrument_bus2,.-_sparcv9_vis1_instrument_bus2
++
+ .section ".init",#alloc,#execinstr
+ call solaris_locking_setup
+ nop
+Index: crypto/sparcv9cap.c
+===================================================================
+diff -ru openssl-1.0.1e/crypto/sparcv9cap.c openssl-1.0.1e/crypto/sparcv9cap.c
+--- openssl-1.0.1e/crypto/sparcv9cap.c 2011-05-24 17:02:24.000000000 -0700
++++ openssl-1.0.1e/crypto/sparcv9cap.c 2011-07-27 10:48:17.817470000 -0700
+@@ -3,36 +3,59 @@
+ #include <string.h>
+ #include <setjmp.h>
+ #include <sys/time.h>
++#include <unistd.h>
+ #include <openssl/bn.h>
+ #include <sys/auxv.h>
+
+-#define SPARCV9_TICK_PRIVILEGED (1<<0)
+-#define SPARCV9_PREFER_FPU (1<<1)
+-#define SPARCV9_VIS1 (1<<2)
+-#define SPARCV9_VIS2 (1<<3) /* reserved */
+-#define SPARCV9_FMADD (1<<4) /* reserved for SPARC64 V */
+-#define SPARCV9_BLK (1<<5)
++#include "sparc_arch.h"
+
++#if defined(__GNUC__) && defined(__linux)
++__attribute__((visibility("hidden")))
++#endif
+ #ifndef _BOOT
+-static int OPENSSL_sparcv9cap_P = SPARCV9_TICK_PRIVILEGED;
++unsigned int OPENSSL_sparcv9cap_P[2] = {SPARCV9_TICK_PRIVILEGED, 0};
+ #else
+-static int OPENSSL_sparcv9cap_P = SPARCV9_VIS1;
++unsigned int OPENSSL_sparcv9cap_P[2] = {SPARCV9_VIS1, 0};
+ #endif
+
+ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ const BN_ULONG *np, const BN_ULONG *n0, int num)
+ {
++ int bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
++ const BN_ULONG *np,const BN_ULONG *n0, int num);
+ int bn_mul_mont_fpu(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ const BN_ULONG *np, const BN_ULONG *n0, int num);
+ int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ const BN_ULONG *np, const BN_ULONG *n0, int num);
+
+- if (num >= 8 && !(num & 1) &&
+- (OPENSSL_sparcv9cap_P & (SPARCV9_PREFER_FPU | SPARCV9_VIS1)) ==
+- (SPARCV9_PREFER_FPU | SPARCV9_VIS1))
+- return bn_mul_mont_fpu(rp, ap, bp, np, n0, num);
+- else
+- return bn_mul_mont_int(rp, ap, bp, np, n0, num);
++ if (!(num&1) && num>=6) {
++ if ((num&15)==0 && num<=64 &&
++ (OPENSSL_sparcv9cap_P[1]&(CFR_MONTMUL|CFR_MONTSQR))==
++ (CFR_MONTMUL|CFR_MONTSQR))
++ {
++ typedef int (*bn_mul_mont_f)(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0);
++ int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0);
++ int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0);
++ int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0);
++ int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0);
++ static const bn_mul_mont_f funcs[4] = {
++ bn_mul_mont_t4_8, bn_mul_mont_t4_16,
++ bn_mul_mont_t4_24, bn_mul_mont_t4_32 };
++ bn_mul_mont_f worker = funcs[num/16-1];
++
++ if ((*worker)(rp,ap,bp,np,n0)) return 1;
++ /* retry once and fall back */
++ if ((*worker)(rp,ap,bp,np,n0)) return 1;
++ return bn_mul_mont_vis3(rp,ap,bp,np,n0,num);
++ }
++ if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS3))
++ return bn_mul_mont_vis3(rp,ap,bp,np,n0,num);
++ else if (num>=8 &&
++ (OPENSSL_sparcv9cap_P[0]&(SPARCV9_PREFER_FPU|SPARCV9_VIS1)) ==
++ (SPARCV9_PREFER_FPU|SPARCV9_VIS1))
++ return bn_mul_mont_fpu(rp,ap,bp,np,n0,num);
++ }
++ return bn_mul_mont_int(rp,ap,bp,np,n0,num);
+ }
+
+ unsigned long _sparcv9_rdtick(void);
+@@ -37,11 +60,16 @@
+
+ unsigned long _sparcv9_rdtick(void);
+ unsigned long _sparcv9_vis1_instrument(void);
++unsigned long _sparcv9_rdcfr(void);
++#ifndef _BOOT
++size_t _sparcv9_vis1_instrument_bus(unsigned int *,size_t);
++size_t _sparcv9_vis1_instrument_bus2(unsigned int *,size_t,size_t);
++#endif
+
+ #ifndef _BOOT
+ unsigned long OPENSSL_rdtsc(void)
+ {
+- if (OPENSSL_sparcv9cap_P & SPARCV9_TICK_PRIVILEGED)
++ if (OPENSSL_sparcv9cap_P[0] & SPARCV9_TICK_PRIVILEGED)
+ #if defined(__sun) && defined(__SVR4)
+ return gethrtime();
+ #else
+@@ -50,6 +80,24 @@
+ else
+ return _sparcv9_rdtick();
+ }
++
++size_t OPENSSL_instrument_bus(unsigned int *out,size_t cnt)
++{
++ if ((OPENSSL_sparcv9cap_P[0]&(SPARCV9_TICK_PRIVILEGED|SPARCV9_BLK)) ==
++ SPARCV9_BLK)
++ return _sparcv9_vis1_instrument_bus(out,cnt);
++ else
++ return 0;
++}
++
++size_t OPENSSL_instrument_bus2(unsigned int *out,size_t cnt,size_t max)
++{
++ if ((OPENSSL_sparcv9cap_P[0]&(SPARCV9_TICK_PRIVILEGED|SPARCV9_BLK)) ==
++ SPARCV9_BLK)
++ return _sparcv9_vis1_instrument_bus2(out,cnt,max);
++ else
++ return 0;
++}
+ #endif
+
+ #if defined(_BOOT)
+@@ -59,7 +107,7 @@
+ */
+ void OPENSSL_cpuid_setup(void)
+ {
+- OPENSSL_sparcv9cap_P = SPARCV9_VIS1;
++ OPENSSL_sparcv9cap_P[0] = SPARCV9_VIS1;
+ }
+
+ #elif 0 && defined(__sun) && defined(__SVR4)
+@@ -88,11 +136,11 @@
+ if (!strcmp(name, "SUNW,UltraSPARC") ||
+ /* covers II,III,IV */
+ !strncmp(name, "SUNW,UltraSPARC-I", 17)) {
+- OPENSSL_sparcv9cap_P |= SPARCV9_PREFER_FPU | SPARCV9_VIS1;
++ OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU | SPARCV9_VIS1;
+
+ /* %tick is privileged only on UltraSPARC-I/II, but not IIe */
+ if (name[14] != '\0' && name[17] != '\0' && name[18] != '\0')
+- OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED;
++ OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
+
+ return DI_WALK_TERMINATE;
+ }
+@@ -98,7 +146,7 @@
+ }
+ /* This is expected to catch remaining UltraSPARCs, such as T1 */
+ else if (!strncmp(name, "SUNW,UltraSPARC", 15)) {
+- OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED;
++ OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
+
+ return DI_WALK_TERMINATE;
+ }
+@@ -117,7 +165,7 @@
+ trigger = 1;
+
+ if ((e = getenv("OPENSSL_sparcv9cap"))) {
+- OPENSSL_sparcv9cap_P = strtoul(e, NULL, 0);
++ OPENSSL_sparcv9cap_P[0] = strtoul(e, NULL, 0);
+ return;
+ }
+
+@@ -124,15 +172,15 @@
+ if (sysinfo(SI_MACHINE, si, sizeof(si)) > 0) {
+ if (strcmp(si, "sun4v"))
+ /* FPU is preferred for all CPUs, but US-T1/2 */
+- OPENSSL_sparcv9cap_P |= SPARCV9_PREFER_FPU;
++ OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU;
+ }
+
+ if (sysinfo(SI_ISALIST, si, sizeof(si)) > 0) {
+ if (strstr(si, "+vis"))
+- OPENSSL_sparcv9cap_P |= SPARCV9_VIS1;
++ OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1 | SPARCV9_BLK;
+ if (strstr(si, "+vis2")) {
+- OPENSSL_sparcv9cap_P |= SPARCV9_VIS2;
+- OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED;
++ OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2;
++ OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
+ return;
+ }
+ }
+@@ -195,7 +241,9 @@
+ trigger = 1;
+
+ if ((e = getenv("OPENSSL_sparcv9cap"))) {
+- OPENSSL_sparcv9cap_P = strtoul(e, NULL, 0);
++ OPENSSL_sparcv9cap_P[0] = strtoul(e, NULL, 0);
++ if ((e = strchr(e, ':')))
++ OPENSSL_sparcv9cap_P[1] = strtoul(e + 1, NULL, 0);
+ return;
+ }
+
+@@ -202,21 +250,48 @@
+ (void) getisax(&ui, 1);
+
+ /* Initial value, fits UltraSPARC-I&II... */
+- OPENSSL_sparcv9cap_P = SPARCV9_BLK;
++ OPENSSL_sparcv9cap_P[0] = SPARCV9_BLK;
+
+ if (ui & AV_SPARC_VIS) {
+- /* detect UltraSPARC-Tx, see sparccpuid.S for details... */
++ /* detect UltraSPARC-Tx, see sparccpud.S for details... */
+ if (_sparcv9_vis1_instrument() < 7)
+- OPENSSL_sparcv9cap_P |= SPARCV9_TICK_PRIVILEGED;
++ OPENSSL_sparcv9cap_P[0] |= SPARCV9_TICK_PRIVILEGED;
+ if (_sparcv9_vis1_instrument() < 12) {
+- OPENSSL_sparcv9cap_P |= SPARCV9_VIS1|SPARCV9_PREFER_FPU;
++ OPENSSL_sparcv9cap_P[0] |= (SPARCV9_VIS1 | SPARCV9_PREFER_FPU);
+ if (ui & AV_SPARC_VIS2)
+- OPENSSL_sparcv9cap_P |= SPARCV9_VIS2;
+- }
++ OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2;
++ }
+ }
+
+ if (ui & AV_SPARC_FMAF)
+- OPENSSL_sparcv9cap_P |= SPARCV9_FMADD;
++ OPENSSL_sparcv9cap_P[0] |= SPARCV9_FMADD;
++
++ /*
++ * VIS3 flag is tested independently from VIS1, unlike VIS2 that is,
++ * because VIS3 defines even integer instructions.
++ */
++ if (ui & AV_SPARC_VIS3)
++ OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3;
++
++#define AV_T4_MECHS (AV_SPARC_AES | AV_SPARC_DES | AV_SPARC_KASUMI | \
++ AV_SPARC_CAMELLIA | AV_SPARC_MD5 | AV_SPARC_SHA1 | \
++ AV_SPARC_SHA256 | AV_SPARC_SHA512 | AV_SPARC_MPMUL | \
++ AV_SPARC_CRC32C)
++
++ if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS3) && (ui & AV_T4_MECHS))
++ OPENSSL_sparcv9cap_P[1] = (unsigned int)_sparcv9_rdcfr();
++
++ if (sizeof(size_t) == 8)
++ OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK;
++#ifdef __linux
++ else
++ {
++ int ret = syscall(340);
++
++ if (ret >= 0 && ret & 1)
++ OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK;
++ }
++#endif
+ }
+
+ #endif
+Index: crypto/md5/Makefile
+===================================================================
+diff -ru openssl-1.0.1e/crypto/md5/Makefile openssl-1.0.1e/crypto/md5/Makefile
+--- openssl-1.0.1e/crypto/md5/Makefile 2011-05-24 17:02:24.000000000 -0700
++++ openssl-1.0.1e/crypto/md5/Makefile 2011-07-27 10:48:17.817470000 -0700
+@@ -52,6 +52,9 @@
+ $(CC) $(CFLAGS) -E asm/md5-ia64.S | \
+ $(PERL) -ne 's/;\s+/;\n/g; print;' > $@
+
++md5-sparcv9.S: asm/md5-sparcv9.pl
++ $(PERL) asm/md5-sparcv9.pl $@ $(CFLAGS)
++
+ files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+Index: crypto/md5/md5_locl.h
+===================================================================
+diff -ru openssl-1.0.1e/crypto/md5/md5_locl.h openssl-1.0.1e/crypto/md5/md5_locl.h
+--- openssl-1.0.1e/crypto/md5/md5_locl.h 2011-05-24 17:02:24.000000000 -0700
++++ openssl-1.0.1e/crypto/md5/md5_locl.h 2011-07-27 10:48:17.817470000 -0700
+@@ -71,6 +71,8 @@
+ # define md5_block_data_order md5_block_asm_data_order
+ # elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
+ # define md5_block_data_order md5_block_asm_data_order
++# elif defined(__sparc) || defined(__sparc__)
++# define md5_block_data_order md5_block_asm_data_order
+ # endif
+ #endif
+
+Index: crypto/sha/Makefile
+===================================================================
+diff -ru openssl-1.0.1e/crypto/sha/Makefile openssl-1.0.1e/crypto/sha/Makefile
+--- openssl-1.0.1e/crypto/sha/Makefile 2011-05-24 17:02:24.000000000 -0700
++++ openssl-1.0.1e/crypto/sha/Makefile 2011-07-27 10:48:17.817470000 -0700
+@@ -68,9 +68,9 @@
+ sha1-x86_64.s: asm/sha1-x86_64.pl; $(PERL) asm/sha1-x86_64.pl $(PERLASM_SCHEME) > $@
+ sha256-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) $@
+ sha512-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) $@
+-sha1-sparcv9.s: asm/sha1-sparcv9.pl; $(PERL) asm/sha1-sparcv9.pl $@ $(CFLAGS)
+-sha256-sparcv9.s:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS)
+-sha512-sparcv9.s:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS)
++sha1-sparcv9.S: asm/sha1-sparcv9.pl; $(PERL) asm/sha1-sparcv9.pl $@ $(CFLAGS)
++sha256-sparcv9.S:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS)
++sha512-sparcv9.S:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS)
+
+ sha1-ppc.s: asm/sha1-ppc.pl; $(PERL) asm/sha1-ppc.pl $(PERLASM_SCHEME) $@
+ sha256-ppc.s: asm/sha512-ppc.pl; $(PERL) asm/sha512-ppc.pl $(PERLASM_SCHEME) $@
+Index: crypto/sha/asm/sha1-sparcv9.pl
+===================================================================
+diff -ru openssl-1.0.1e/crypto/sha/asm/sha1-sparcv9.pl openssl-1.0.1e/crypto/sha/asm/sha1-sparcv9.pl
+--- openssl-1.0.1e/crypto/sha/asm/sha1-sparcv9.pl 2011-05-24 17:02:24.000000000 -0700
++++ openssl-1.0.1e/crypto/sha/asm/sha1-sparcv9.pl 2011-07-27 10:48:17.817470000 -0700
+@@ -5,6 +5,8 @@
+ # project. The module is, however, dual licensed under OpenSSL and
+ # CRYPTOGAMS licenses depending on where you obtain it. For further
+ # details see http://www.openssl.org/~appro/cryptogams/.
++#
++# Hardware SPARC T4 support by David S. Miller <[email protected]>.
+ # ====================================================================
+
+ # Performance improvement is not really impressive on pre-T1 CPU: +8%
+@@ -18,6 +20,11 @@
+ # ensure scalability on UltraSPARC T1, or rather to avoid decay when
+ # amount of active threads exceeds the number of physical cores.
+
++# SPARC T4 SHA1 hardware achieves 3.72 cycles per byte, which is 3.1x
++# faster than software. Multi-process benchmark saturates at 11x
++# single-process result on 8-core processor, or ~9GBps per 2.85GHz
++# socket.
++
+ $bits=32;
+ for (@ARGV) { $bits=64 if (/\-m64/ || /\-xarch\=v9/); }
+ if ($bits==64) { $bias=2047; $frame=192; }
+@@ -183,11 +190,93 @@
+ .register %g3,#scratch
+ ___
+ $code.=<<___;
++#include "sparc_arch.h"
++
+ .section ".text",#alloc,#execinstr
+
++#ifdef __PIC__
++SPARC_PIC_THUNK(%g1)
++#endif
++
+ .align 32
+ .globl sha1_block_data_order
+ sha1_block_data_order:
++ SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5)
++ ld [%g1+4],%g1 ! OPENSSL_sparcv9cap_P[1]
++
++ andcc %g1, CFR_SHA1, %g0
++ be .Lsoftware
++ nop
++
++ ld [%o0 + 0x00], %f0 ! load context
++ ld [%o0 + 0x04], %f1
++ ld [%o0 + 0x08], %f2
++ andcc %o1, 0x7, %g0
++ ld [%o0 + 0x0c], %f3
++ bne,pn %icc, .Lhwunaligned
++ ld [%o0 + 0x10], %f4
++
++.Lhw_loop:
++ ldd [%o1 + 0x00], %f8
++ ldd [%o1 + 0x08], %f10
++ ldd [%o1 + 0x10], %f12
++ ldd [%o1 + 0x18], %f14
++ ldd [%o1 + 0x20], %f16
++ ldd [%o1 + 0x28], %f18
++ ldd [%o1 + 0x30], %f20
++ subcc %o2, 1, %o2 ! done yet?
++ ldd [%o1 + 0x38], %f22
++ add %o1, 0x40, %o1
++
++ .word 0x81b02820 ! SHA1
++
++ bne,pt `$bits==64?"%xcc":"%icc"`, .Lhw_loop
++ nop
++
++.Lhwfinish:
++ st %f0, [%o0 + 0x00] ! store context
++ st %f1, [%o0 + 0x04]
++ st %f2, [%o0 + 0x08]
++ st %f3, [%o0 + 0x0c]
++ retl
++ st %f4, [%o0 + 0x10]
++
++.align 8
++.Lhwunaligned:
++ alignaddr %o1, %g0, %o1
++
++ ldd [%o1 + 0x00], %f10
++.Lhwunaligned_loop:
++ ldd [%o1 + 0x08], %f12
++ ldd [%o1 + 0x10], %f14
++ ldd [%o1 + 0x18], %f16
++ ldd [%o1 + 0x20], %f18
++ ldd [%o1 + 0x28], %f20
++ ldd [%o1 + 0x30], %f22
++ ldd [%o1 + 0x38], %f24
++ subcc %o2, 1, %o2 ! done yet?
++ ldd [%o1 + 0x40], %f26
++ add %o1, 0x40, %o1
++
++ faligndata %f10, %f12, %f8
++ faligndata %f12, %f14, %f10
++ faligndata %f14, %f16, %f12
++ faligndata %f16, %f18, %f14
++ faligndata %f18, %f20, %f16
++ faligndata %f20, %f22, %f18
++ faligndata %f22, %f24, %f20
++ faligndata %f24, %f26, %f22
++
++ .word 0x81b02820 ! SHA1
++
++ bne,pt `$bits==64?"%xcc":"%icc"`, .Lhwunaligned_loop
++ for %f26, %f26, %f10 ! %f10=%f26
++
++ ba .Lhwfinish
++ nop
++
++.align 16
++.Lsoftware:
+ save %sp,-$frame,%sp
+ sllx $len,6,$len
+ add $inp,$len,$len
+@@ -279,6 +368,62 @@
+ .align 4
+ ___
+
+-$code =~ s/\`([^\`]*)\`/eval $1/gem;
+-print $code;
++# Purpose of these subroutines is to explicitly encode VIS instructions,
++# so that one can compile the module without having to specify VIS
++# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
++# Idea is to reserve for option to produce "universal" binary and let
++# programmer detect if current CPU is VIS capable at run-time.
++sub unvis {
++my ($mnemonic,$rs1,$rs2,$rd)=@_;
++my $ref,$opf;
++my %visopf = ( "faligndata" => 0x048,
++ "for" => 0x07c );
++
++ $ref = "$mnemonic\t$rs1,$rs2,$rd";
++
++ if ($opf=$visopf{$mnemonic}) {
++ foreach ($rs1,$rs2,$rd) {
++ return $ref if (!/%f([0-9]{1,2})/);
++ $_=$1;
++ if ($1>=32) {
++ return $ref if ($1&1);
++ # re-encode for upper double register addressing
++ $_=($1|$1>>5)&31;
++ }
++ }
++
++ return sprintf ".word\t0x%08x !%s",
++ 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
++ $ref;
++ } else {
++ return $ref;
++ }
++}
++sub unalignaddr {
++my ($mnemonic,$rs1,$rs2,$rd)=@_;
++my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
++my $ref="$mnemonic\t$rs1,$rs2,$rd";
++
++ foreach ($rs1,$rs2,$rd) {
++ if (/%([goli])([0-7])/) { $_=$bias{$1}+$2; }
++ else { return $ref; }
++ }
++ return sprintf ".word\t0x%08x !%s",
++ 0x81b00300|$rd<<25|$rs1<<14|$rs2,
++ $ref;
++}
++
++foreach (split("\n",$code)) {
++ s/\`([^\`]*)\`/eval $1/ge;
++
++ s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
++ &unvis($1,$2,$3,$4)
++ /ge;
++ s/\b(alignaddr)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/
++ &unalignaddr($1,$2,$3,$4)
++ /ge;
++
++ print $_,"\n";
++}
++
+ close STDOUT;
+
+Index: crypto/sha/asm/sha512-sparcv9.pl
+===================================================================
+diff -ru openssl-1.0.1e/crypto/sha/asm/sha512-sparcv9.pl openssl-1.0.1e/crypto/sha/asm/sha512-sparcv9.pl
+--- openssl-1.0.1e/crypto/sha/asm/sha512-sparcv9.pl 2011-05-24 17:02:24.000000000 -0700
++++ openssl-1.0.1e/crypto/sha/asm/sha512-sparcv9.pl 2011-07-27 10:48:17.817470000 -0700
+@@ -5,6 +5,8 @@
+ # project. The module is, however, dual licensed under OpenSSL and
+ # CRYPTOGAMS licenses depending on where you obtain it. For further
+ # details see http://www.openssl.org/~appro/cryptogams/.
++#
++# Hardware SPARC T4 support by David S. Miller <[email protected]>.
+ # ====================================================================
+
+ # SHA256 performance improvement over compiler generated code varies
+@@ -41,6 +43,12 @@
+ # loads are always slower than one 64-bit load. Once again this
+ # is unlike pre-T1 UltraSPARC, where, if scheduled appropriately,
+ # 2x32-bit loads can be as fast as 1x64-bit ones.
++#
++# SPARC T4 SHA256/512 hardware achieves 3.17/2.01 cycles per byte,
++# which is 9.3x/11.1x faster than software. Multi-process benchmark
++# saturates at 11.5x single-process result on 8-core processor, or
++# ~11/16GBps per 2.85GHz socket.
++
+
+ $bits=32;
+ for (@ARGV) { $bits=64 if (/\-m64/ || /\-xarch\=v9/); }
+@@ -386,6 +394,8 @@
+ .register %g3,#scratch
+ ___
+ $code.=<<___;
++#include "sparc_arch.h"
++
+ .section ".text",#alloc,#execinstr
+
+ .align 64
+@@ -457,8 +467,196 @@
+ }
+ $code.=<<___;
+ .size K${label},.-K${label}
++
++#ifdef __PIC__
++SPARC_PIC_THUNK(%g1)
++#endif
++
+ .globl sha${label}_block_data_order
++.align 32
+ sha${label}_block_data_order:
++ SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5)
++ ld [%g1+4],%g1 ! OPENSSL_sparcv9cap_P[1]
++
++ andcc %g1, CFR_SHA${label}, %g0
++ be .Lsoftware
++ nop
++___
++$code.=<<___ if ($SZ==8); # SHA512
++ ldd [%o0 + 0x00], %f0 ! load context
++ ldd [%o0 + 0x08], %f2
++ ldd [%o0 + 0x10], %f4
++ ldd [%o0 + 0x18], %f6
++ ldd [%o0 + 0x20], %f8
++ ldd [%o0 + 0x28], %f10
++ andcc %o1, 0x7, %g0
++ ldd [%o0 + 0x30], %f12
++ bne,pn %icc, .Lhwunaligned
++ ldd [%o0 + 0x38], %f14
++
++.Lhwaligned_loop:
++ ldd [%o1 + 0x00], %f16
++ ldd [%o1 + 0x08], %f18
++ ldd [%o1 + 0x10], %f20
++ ldd [%o1 + 0x18], %f22
++ ldd [%o1 + 0x20], %f24
++ ldd [%o1 + 0x28], %f26
++ ldd [%o1 + 0x30], %f28
++ ldd [%o1 + 0x38], %f30
++ ldd [%o1 + 0x40], %f32
++ ldd [%o1 + 0x48], %f34
++ ldd [%o1 + 0x50], %f36
++ ldd [%o1 + 0x58], %f38
++ ldd [%o1 + 0x60], %f40
++ ldd [%o1 + 0x68], %f42
++ ldd [%o1 + 0x70], %f44
++ subcc %o2, 1, %o2 ! done yet?
++ ldd [%o1 + 0x78], %f46
++ add %o1, 0x80, %o1
++
++ .word 0x81b02860 ! SHA512
++
++ bne,pt `$bits==64?"%xcc":"%icc"`, .Lhwaligned_loop
++ nop
++
++.Lhwfinish:
++ std %f0, [%o0 + 0x00] ! store context
++ std %f2, [%o0 + 0x08]
++ std %f4, [%o0 + 0x10]
++ std %f6, [%o0 + 0x18]
++ std %f8, [%o0 + 0x20]
++ std %f10, [%o0 + 0x28]
++ std %f12, [%o0 + 0x30]
++ retl
++ std %f14, [%o0 + 0x38]
++
++.align 16
++.Lhwunaligned:
++ alignaddr %o1, %g0, %o1
++
++ ldd [%o1 + 0x00], %f18
++.Lhwunaligned_loop:
++ ldd [%o1 + 0x08], %f20
++ ldd [%o1 + 0x10], %f22
++ ldd [%o1 + 0x18], %f24
++ ldd [%o1 + 0x20], %f26
++ ldd [%o1 + 0x28], %f28
++ ldd [%o1 + 0x30], %f30
++ ldd [%o1 + 0x38], %f32
++ ldd [%o1 + 0x40], %f34
++ ldd [%o1 + 0x48], %f36
++ ldd [%o1 + 0x50], %f38
++ ldd [%o1 + 0x58], %f40
++ ldd [%o1 + 0x60], %f42
++ ldd [%o1 + 0x68], %f44
++ ldd [%o1 + 0x70], %f46
++ ldd [%o1 + 0x78], %f48
++ subcc %o2, 1, %o2 ! done yet?
++ ldd [%o1 + 0x80], %f50
++ add %o1, 0x80, %o1
++
++ faligndata %f18, %f20, %f16
++ faligndata %f20, %f22, %f18
++ faligndata %f22, %f24, %f20
++ faligndata %f24, %f26, %f22
++ faligndata %f26, %f28, %f24
++ faligndata %f28, %f30, %f26
++ faligndata %f30, %f32, %f28
++ faligndata %f32, %f34, %f30
++ faligndata %f34, %f36, %f32
++ faligndata %f36, %f38, %f34
++ faligndata %f38, %f40, %f36
++ faligndata %f40, %f42, %f38
++ faligndata %f42, %f44, %f40
++ faligndata %f44, %f46, %f42
++ faligndata %f46, %f48, %f44
++ faligndata %f48, %f50, %f46
++
++ .word 0x81b02860 ! SHA512
++
++ bne,pt `$bits==64?"%xcc":"%icc"`, .Lhwunaligned_loop
++ for %f50, %f50, %f18 ! %f18=%f50
++
++ ba .Lhwfinish
++ nop
++___
++$code.=<<___ if ($SZ==4); # SHA256
++ ld [%o0 + 0x00], %f0
++ ld [%o0 + 0x04], %f1
++ ld [%o0 + 0x08], %f2
++ ld [%o0 + 0x0c], %f3
++ ld [%o0 + 0x10], %f4
++ ld [%o0 + 0x14], %f5
++ andcc %o1, 0x7, %g0
++ ld [%o0 + 0x18], %f6
++ bne,pn %icc, .Lhwunaligned
++ ld [%o0 + 0x1c], %f7
++
++.Lhwloop:
++ ldd [%o1 + 0x00], %f8
++ ldd [%o1 + 0x08], %f10
++ ldd [%o1 + 0x10], %f12
++ ldd [%o1 + 0x18], %f14
++ ldd [%o1 + 0x20], %f16
++ ldd [%o1 + 0x28], %f18
++ ldd [%o1 + 0x30], %f20
++ subcc %o2, 1, %o2 ! done yet?
++ ldd [%o1 + 0x38], %f22
++ add %o1, 0x40, %o1
++
++ .word 0x81b02840 ! SHA256
++
++ bne,pt `$bits==64?"%xcc":"%icc"`, .Lhwloop
++ nop
++
++.Lhwfinish:
++ st %f0, [%o0 + 0x00] ! store context
++ st %f1, [%o0 + 0x04]
++ st %f2, [%o0 + 0x08]
++ st %f3, [%o0 + 0x0c]
++ st %f4, [%o0 + 0x10]
++ st %f5, [%o0 + 0x14]
++ st %f6, [%o0 + 0x18]
++ retl
++ st %f7, [%o0 + 0x1c]
++
++.align 8
++.Lhwunaligned:
++ alignaddr %o1, %g0, %o1
++
++ ldd [%o1 + 0x00], %f10
++.Lhwunaligned_loop:
++ ldd [%o1 + 0x08], %f12
++ ldd [%o1 + 0x10], %f14
++ ldd [%o1 + 0x18], %f16
++ ldd [%o1 + 0x20], %f18
++ ldd [%o1 + 0x28], %f20
++ ldd [%o1 + 0x30], %f22
++ ldd [%o1 + 0x38], %f24
++ subcc %o2, 1, %o2 ! done yet?
++ ldd [%o1 + 0x40], %f26
++ add %o1, 0x40, %o1
++
++ faligndata %f10, %f12, %f8
++ faligndata %f12, %f14, %f10
++ faligndata %f14, %f16, %f12
++ faligndata %f16, %f18, %f14
++ faligndata %f18, %f20, %f16
++ faligndata %f20, %f22, %f18
++ faligndata %f22, %f24, %f20
++ faligndata %f24, %f26, %f22
++
++ .word 0x81b02840 ! SHA256
++
++ bne,pt `$bits==64?"%xcc":"%icc"`, .Lhwunaligned_loop
++ for %f26, %f26, %f10 ! %f10=%f26
++
++ ba .Lhwfinish
++ nop
++___
++$code.=<<___;
++.align 16
++.Lsoftware:
+ save %sp,`-$frame-$locals`,%sp
+ and $inp,`$align-1`,$tmp31
+ sllx $len,`log(16*$SZ)/log(2)`,$len
+@@ -589,6 +787,62 @@
+ .align 4
+ ___
+
+-$code =~ s/\`([^\`]*)\`/eval $1/gem;
+-print $code;
++# Purpose of these subroutines is to explicitly encode VIS instructions,
++# so that one can compile the module without having to specify VIS
++# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
++# Idea is to reserve for option to produce "universal" binary and let
++# programmer detect if current CPU is VIS capable at run-time.
++sub unvis {
++my ($mnemonic,$rs1,$rs2,$rd)=@_;
++my $ref,$opf;
++my %visopf = ( "faligndata" => 0x048,
++ "for" => 0x07c );
++
++ $ref = "$mnemonic\t$rs1,$rs2,$rd";
++
++ if ($opf=$visopf{$mnemonic}) {
++ foreach ($rs1,$rs2,$rd) {
++ return $ref if (!/%f([0-9]{1,2})/);
++ $_=$1;
++ if ($1>=32) {
++ return $ref if ($1&1);
++ # re-encode for upper double register addressing
++ $_=($1|$1>>5)&31;
++ }
++ }
++
++ return sprintf ".word\t0x%08x !%s",
++ 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
++ $ref;
++ } else {
++ return $ref;
++ }
++}
++sub unalignaddr {
++my ($mnemonic,$rs1,$rs2,$rd)=@_;
++my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
++my $ref="$mnemonic\t$rs1,$rs2,$rd";
++
++ foreach ($rs1,$rs2,$rd) {
++ if (/%([goli])([0-7])/) { $_=$bias{$1}+$2; }
++ else { return $ref; }
++ }
++ return sprintf ".word\t0x%08x !%s",
++ 0x81b00300|$rd<<25|$rs1<<14|$rs2,
++ $ref;
++}
++
++foreach (split("\n",$code)) {
++ s/\`([^\`]*)\`/eval $1/ge;
++
++ s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
++ &unvis($1,$2,$3,$4)
++ /ge;
++ s/\b(alignaddr)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/
++ &unalignaddr($1,$2,$3,$4)
++ /ge;
++
++ print $_,"\n";
++}
++
+ close STDOUT;
+Index: crypto/des/Makefile
+===================================================================
+diff -ru openssl-1.0.1e/crypto/des/Makefile.orig openssl-1.0.1e/crypto/des/Makefile
+--- a/crypto/des/Makefile
++++ b/crypto/des/Makefile
+@@ -61,6 +61,8 @@ des: des.o cbc3_enc.o lib
+
+ des_enc-sparc.S: asm/des_enc.m4
+ m4 -B 8192 asm/des_enc.m4 > des_enc-sparc.S
++dest4-sparcv9.s: asm/dest4-sparcv9.pl
++ $(PERL) asm/dest4-sparcv9.pl $(CFLAGS) > $@
+
+ des-586.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+ $(PERL) asm/des-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@
+Index: crypto/evp/e_des.c
+===================================================================
+diff -ru openssl-1.0.1e/crypto/evp/e_des.c.orig openssl-1.0.1e/crypto/evp/e_des.c
+--- a/crypto/evp/e_des.c
++++ b/crypto/evp/e_des.c
+@@ -65,6 +65,30 @@
+ # include <openssl/des.h>
+ # include <openssl/rand.h>
+
++typedef struct {
++ union { double align; DES_key_schedule ks; } ks;
++ union {
++ void (*cbc)(const void *,void *,size_t,const void *,void *);
++ } stream;
++} EVP_DES_KEY;
++
++#if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
++/* ---------^^^ this is not a typo, just a way to detect that
++ * assembler support was in general requested...
++ */
++#include "sparc_arch.h"
++
++extern unsigned int OPENSSL_sparcv9cap_P[];
++
++#define SPARC_DES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_DES)
++
++void des_t4_key_expand(const void *key, DES_key_schedule *ks);
++void des_t4_cbc_encrypt(const void *inp,void *out,size_t len,
++ DES_key_schedule *ks,unsigned char iv[8]);
++void des_t4_cbc_decrypt(const void *inp,void *out,size_t len,
++ DES_key_schedule *ks,unsigned char iv[8]);
++#endif
++
+ static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+ static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
+@@ -102,6 +126,12 @@ static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t inl)
+ {
++ EVP_DES_KEY *dat = (EVP_DES_KEY *)ctx->cipher_data;
++
++ if (dat->stream.cbc) {
++ (*dat->stream.cbc)(in,out,inl,&dat->ks.ks,ctx->iv);
++ return 1;
++ }
+ while (inl >= EVP_MAXCHUNK) {
+ DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
+ (DES_cblock *)ctx->iv, ctx->encrypt);
+@@ -179,16 +209,16 @@
+ return 1;
+ }
+
+-BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
++BLOCK_CIPHER_defs(des, EVP_DES_KEY, NID_des, 8, 8, 8, 64,
+ EVP_CIPH_RAND_KEY, des_init_key, NULL,
+ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
+
+
+-BLOCK_CIPHER_def_cfb(des, DES_key_schedule, NID_des, 8, 8, 1,
++BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1,
+ EVP_CIPH_RAND_KEY, des_init_key, NULL,
+ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
+
+-BLOCK_CIPHER_def_cfb(des, DES_key_schedule, NID_des, 8, 8, 8,
++BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8,
+ EVP_CIPH_RAND_KEY, des_init_key, NULL,
+ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
+
+@@ -196,8 +226,23 @@ static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+ {
+ DES_cblock *deskey = (DES_cblock *)key;
++ EVP_DES_KEY *dat = (EVP_DES_KEY *)ctx->cipher_data;
++
++ dat->stream.cbc = NULL;
++#if defined(SPARC_DES_CAPABLE)
++ if (SPARC_DES_CAPABLE) {
++ int mode = ctx->cipher->flags & EVP_CIPH_MODE;
++
++ if (mode == EVP_CIPH_CBC_MODE) {
++ des_t4_key_expand(key,&dat->ks.ks);
++ dat->stream.cbc = enc ? des_t4_cbc_encrypt :
++ des_t4_cbc_decrypt;
++ return 1;
++ }
++ }
++#endif
+ # ifdef EVP_CHECK_DES_KEY
+- if (DES_set_key_checked(deskey, ctx->cipher_data) != 0)
++ if (DES_set_key_checked(deskey, dat->ks.ks) != 0)
+ return 0;
+ # else
+ DES_set_key_unchecked(deskey, ctx->cipher_data);
+Index: crypto/evp/e_des3.c
+===================================================================
+diff -ru openssl-1.0.1e/crypto/evp/e_des3.c.orig openssl-1.0.1e/crypto/evp/e_des3.c
+--- a/crypto/evp/e_des3.c
++++ b/crypto/evp/e_des3.c
+@@ -65,6 +65,32 @@
+ # include <openssl/des.h>
+ # include <openssl/rand.h>
+
++typedef struct {
++ union { double align; DES_key_schedule ks[3]; } ks;
++ union {
++ void (*cbc)(const void *,void *,size_t,const void *,void *);
++ } stream;
++} DES_EDE_KEY;
++#define ks1 ks.ks[0]
++#define ks2 ks.ks[1]
++#define ks3 ks.ks[2]
++
++#if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
++/* ---------^^^ this is not a typo, just a way to detect that
++ * assembler support was in general requested... */
++#include "sparc_arch.h"
++
++extern unsigned int OPENSSL_sparcv9cap_P[];
++
++#define SPARC_DES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_DES)
++
++void des_t4_key_expand(const void *key, DES_key_schedule *ks);
++void des_t4_ede3_cbc_encrypt(const void *inp,void *out,size_t len,
++ DES_key_schedule *ks,unsigned char iv[8]);
++void des_t4_ede3_cbc_decrypt(const void *inp,void *out,size_t len,
++ DES_key_schedule *ks,unsigned char iv[8]);
++#endif
++
+ # ifndef OPENSSL_FIPS
+
+ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+@@ -75,12 +100,6 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+
+ static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
+
+-typedef struct {
+- DES_key_schedule ks1; /* key schedule */
+- DES_key_schedule ks2; /* key schedule (for ede) */
+- DES_key_schedule ks3; /* key schedule (for ede3) */
+-} DES_EDE_KEY;
+-
+ # define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data)
+
+ /*
+@@ -123,6 +117,7 @@ static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t inl)
+ {
++ DES_EDE_KEY *dat = data(ctx);
+ # ifdef KSSL_DEBUG
+ {
+ int i;
+@@ -134,11 +155,15 @@
+ fprintf(stderr, "\n");
+ }
+ # endif /* KSSL_DEBUG */
++ if (dat->stream.cbc) {
++ (*dat->stream.cbc)(in,out,inl,&dat->ks,ctx->iv);
++ return 1;
++ }
++
+ while (inl >= EVP_MAXCHUNK) {
+ DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
+- &data(ctx)->ks1, &data(ctx)->ks2,
+- &data(ctx)->ks3, (DES_cblock *)ctx->iv,
+- ctx->encrypt);
++ &dat->ks1, &dat->ks2, &dat->ks3,
++ (DES_cblock *)ctx->iv, ctx->encrypt);
+ inl -= EVP_MAXCHUNK;
+ in += EVP_MAXCHUNK;
+ out += EVP_MAXCHUNK;
+@@ -145,9 +170,8 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ }
+ if (inl)
+ DES_ede3_cbc_encrypt(in, out, (long)inl,
+- &data(ctx)->ks1, &data(ctx)->ks2,
+- &data(ctx)->ks3, (DES_cblock *)ctx->iv,
+- ctx->encrypt);
++ &dat->ks1, &dat->ks2, &dat->ks3,
++ (DES_cblock *)ctx->iv, ctx->encrypt);
+ return 1;
+ }
+
+@@ -215,39 +239,58 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ }
+
+ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
+- EVP_CIPH_RAND_KEY, des_ede_init_key, NULL,
+- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des3_ctrl)
++ EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_DEFAULT_ASN1,
++ des_ede_init_key, NULL, NULL, NULL,
++ des3_ctrl)
+ # define des_ede3_cfb64_cipher des_ede_cfb64_cipher
+ # define des_ede3_ofb_cipher des_ede_ofb_cipher
+ # define des_ede3_cbc_cipher des_ede_cbc_cipher
+ # define des_ede3_ecb_cipher des_ede_ecb_cipher
+ BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
+- EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL,
+- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des3_ctrl)
++ EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
++ des_ede3_init_key, NULL, NULL, NULL,
++ des3_ctrl)
+
+ BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
+- EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL,
+- EVP_CIPHER_set_asn1_iv,
+- EVP_CIPHER_get_asn1_iv, des3_ctrl)
++ EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
++ des_ede3_init_key, NULL, NULL, NULL,
++ des3_ctrl)
+
+ BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
+- EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL,
+- EVP_CIPHER_set_asn1_iv,
+- EVP_CIPHER_get_asn1_iv, des3_ctrl)
++ EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
++ des_ede3_init_key, NULL, NULL, NULL,
++ des3_ctrl)
+
+ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+ {
+ DES_cblock *deskey = (DES_cblock *)key;
++ DES_EDE_KEY *dat = data(ctx);
++
++ dat->stream.cbc = NULL;
++#if defined(SPARC_DES_CAPABLE)
++ if (SPARC_DES_CAPABLE) {
++ int mode = ctx->cipher->flags & EVP_CIPH_MODE;
++
++ if (mode == EVP_CIPH_CBC_MODE) {
++ des_t4_key_expand(&deskey[0],&dat->ks1);
++ des_t4_key_expand(&deskey[1],&dat->ks2);
++ memcpy(&dat->ks3,&dat->ks1,sizeof(dat->ks1));
++ dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt :
++ des_t4_ede3_cbc_decrypt;
++ return 1;
++ }
++ }
++#endif
+ # ifdef EVP_CHECK_DES_KEY
+- if (DES_set_key_checked(&deskey[0], &data(ctx)->ks1)
+- ! !DES_set_key_checked(&deskey[1], &data(ctx)->ks2))
++ if (DES_set_key_checked(&deskey[0],&dat->ks1)
++ !! DES_set_key_checked(&deskey[1],&dat->ks2))
+ return 0;
+ # else
+- DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1);
+- DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2);
++ DES_set_key_unchecked(&deskey[0],&dat->ks1);
++ DES_set_key_unchecked(&deskey[1],&dat->ks2);
+ # endif
+- memcpy(&data(ctx)->ks3, &data(ctx)->ks1, sizeof(data(ctx)->ks1));
++ memcpy(&dat->ks3,&dat->ks1, sizeof(dat->ks1));
+ return 1;
+ }
+
+@@ -255,6 +298,8 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+ {
+ DES_cblock *deskey = (DES_cblock *)key;
++ DES_EDE_KEY *dat = data(ctx);
++
+ # ifdef KSSL_DEBUG
+ {
+ int i;
+@@ -272,15 +317,30 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ }
+ # endif /* KSSL_DEBUG */
+
++ dat->stream.cbc = NULL;
++#if defined(SPARC_DES_CAPABLE)
++ if (SPARC_DES_CAPABLE) {
++ int mode = ctx->cipher->flags & EVP_CIPH_MODE;
++
++ if (mode == EVP_CIPH_CBC_MODE) {
++ des_t4_key_expand(&deskey[0],&dat->ks1);
++ des_t4_key_expand(&deskey[1],&dat->ks2);
++ des_t4_key_expand(&deskey[2],&dat->ks3);
++ dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt :
++ des_t4_ede3_cbc_decrypt;
++ return 1;
++ }
++ }
++#endif
+ # ifdef EVP_CHECK_DES_KEY
+- if (DES_set_key_checked(&deskey[0], &data(ctx)->ks1)
+- || DES_set_key_checked(&deskey[1], &data(ctx)->ks2)
+- || DES_set_key_checked(&deskey[2], &data(ctx)->ks3))
++ if (DES_set_key_checked(&deskey[0],&dat->ks1)
++ || DES_set_key_checked(&deskey[1],&dat->ks2)
++ || DES_set_key_checked(&deskey[2],&dat->ks3))
+ return 0;
+ # else
+- DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1);
+- DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2);
+- DES_set_key_unchecked(&deskey[2], &data(ctx)->ks3);
++ DES_set_key_unchecked(&deskey[0],&dat->ks1);
++ DES_set_key_unchecked(&deskey[1],&dat->ks2);
++ DES_set_key_unchecked(&deskey[2],&dat->ks3);
+ # endif
+ return 1;
+ }
+Index: openssl/crypto/bn/Makefile
+===================================================================
+diff -ru openssl-1.0.1e/crypto/bn/Makefile openssl-1.0.1e/crypto/bn/Makefile.new
+--- openssl-1.0.1e/crypto/bn/Makefile 2011-05-24 17:02:24.000000000 -0700
++++ openssl-1.0.1e/crypto/bn/Makefile 2011-07-27 10:48:17.817470000 -0700
+@@ -77,6 +77,12 @@
+ $(PERL) asm/sparcv9a-mont.pl $(CFLAGS) > $@
+ sparcv9-mont.s: asm/sparcv9-mont.pl
+ $(PERL) asm/sparcv9-mont.pl $(CFLAGS) > $@
++vis3-mont.s: asm/vis3-mont.pl
++ $(PERL) asm/vis3-mont.pl $(CFLAGS) > $@
++sparct4-mont.S: asm/sparct4-mont.pl
++ $(PERL) asm/sparct4-mont.pl $(CFLAGS) > $@
++sparcv9-gf2m.S: asm/sparcv9-gf2m.pl
++ $(PERL) asm/sparcv9-gf2m.pl $(CFLAGS) > $@
+
+ bn-mips3.o: asm/mips3.s
+ @if [ "$(CC)" = "gcc" ]; then \
+Index: openssl/crypto/bn/bn_exp.c
+===================================================================
+diff -ru openssl-1.0.1e/crypto/bn/bn_exp.c openssl-1.0.1e/crypto/bn/bn_exp.c.new
+--- bn_exp.c 2011/10/29 19:25:13 1.38
++++ bn_exp.c 2012/11/17 10:34:11 1.39
+@@ -122,8 +122,15 @@
+ # ifndef alloca
+ # define alloca(s) __builtin_alloca((s))
+ # endif
++#else
++#include <alloca.h>
+ #endif
+
++#if defined(OPENSSL_BN_ASM_MONT) && defined(__sparc)
++# include "sparc_arch.h"
++extern unsigned int OPENSSL_sparcv9cap_P[];
++#endif
++
+ /* maximum precomputation table size for *variable* sliding windows */
+ #define TABLE_SIZE 32
+
+@@ -464,8 +471,16 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+ wstart = bits - 1; /* The top bit of the window */
+ wend = 0; /* The bottom bit of the window */
+
++#if 1 /* by Shay Gueron's suggestion */
++ j = mont->N.top; /* borrow j */
++ if (bn_wexpand(r,j) == NULL) goto err;
++ r->d[0] = (0-m->d[0])&BN_MASK2; /* 2^(top*BN_BITS2) - m */
++ for(i=1;i<j;i++) r->d[i] = (~m->d[i])&BN_MASK2;
++ r->top = j;
++#else
+ if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
+ goto err;
++#endif
+ for (;;) {
+ if (BN_is_bit_set(p, wstart) == 0) {
+ if (!start) {
+@@ -515,6 +530,17 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+ if (wstart < 0)
+ break;
+ }
++#if defined(OPENSSL_BN_ASM_MONT) && (defined(__sparc__) || defined(__sparc))
++ if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3|SPARCV9_PREFER_FPU)) {
++ j = mont->N.top; /* borrow j */
++ val[0]->d[0] = 1; /* borrow val[0] */
++ for (i=1;i<j;i++)
++ val[0]->d[i] = 0;
++ val[0]->top = j;
++ if (!BN_mod_mul_montgomery(rr, r, val[0], mont, ctx))
++ goto err;
++ } else
++#endif
+ if (!BN_from_montgomery(rr, r, mont, ctx))
+ goto err;
+ ret = 1;
+@@ -526,6 +552,26 @@ err:
+ return (ret);
+ }
+
++#if defined(OPENSSL_BN_ASM_MONT) && (defined(__sparc__) || defined(__sparc))
++static BN_ULONG bn_get_bits(const BIGNUM *a, int bitpos) {
++ BN_ULONG ret = 0;
++ int wordpos;
++
++ wordpos = bitpos / BN_BITS2;
++ bitpos %= BN_BITS2;
++ if (wordpos>=0 && wordpos < a->top) {
++ ret = a->d[wordpos]&BN_MASK2;
++ if (bitpos) {
++ ret >>= bitpos;
++ if (++wordpos < a->top)
++ ret |= a->d[wordpos]<<(BN_BITS2-bitpos);
++ }
++ }
++
++ return ret & BN_MASK2;
++}
++#endif
++
+ /*
+ * BN_mod_exp_mont_consttime() stores the precomputed powers in a specific
+ * layout so that accessing any of these table values shows the same access
+@@ -594,6 +640,9 @@
+ int powerbufLen = 0;
+ unsigned char *powerbuf = NULL;
+ BIGNUM tmp, am;
++#if defined(OPENSSL_BN_ASM_MONT) && defined(__sparc)
++ unsigned int t4=0;
++#endif
+
+ bn_check_top(a);
+ bn_check_top(p);
+@@ -628,10 +677,18 @@
+
+ /* Get the window size to use with size of p. */
+ window = BN_window_bits_for_ctime_exponent_size(bits);
++#if defined(OPENSSL_BN_ASM_MONT) && defined(__sparc)
++ if (window>=5 && (top&15)==0 && top<=64 &&
++ (OPENSSL_sparcv9cap_P[1]&(CFR_MONTMUL|CFR_MONTSQR))==
++ (CFR_MONTMUL|CFR_MONTSQR) && (t4=OPENSSL_sparcv9cap_P[0]))
++ window=5;
++ else
++#endif
+ #if defined(OPENSSL_BN_ASM_MONT5)
+ if (window == 6 && bits <= 1024)
+ window = 5; /* ~5% improvement of 2048-bit RSA sign */
+ #endif
++ (void) 0;
+
+ /*
+ * Allocate a buffer large enough to hold all of the pre-computed powers
+@@ -670,14 +727,14 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+ tmp.flags = am.flags = BN_FLG_STATIC_DATA;
+
+ /* prepare a^0 in Montgomery domain */
+-#if 1
+- if (!BN_to_montgomery(&tmp, BN_value_one(), mont, ctx))
+- goto err;
+-#else
++#if 1 /* by Shay Gueron's suggestion */
+ tmp.d[0] = (0 - m->d[0]) & BN_MASK2; /* 2^(top*BN_BITS2) - m */
+ for (i = 1; i < top; i++)
+ tmp.d[i] = (~m->d[i]) & BN_MASK2;
+ tmp.top = top;
++#else
++ if (!BN_to_montgomery(&tmp,BN_value_one(),mont,ctx))
++ goto err;
+ #endif
+
+ /* prepare a^1 in Montgomery domain */
+@@ -689,6 +746,122 @@
+ } else if (!BN_to_montgomery(&am, a, mont, ctx))
+ goto err;
+
++#if defined(OPENSSL_BN_ASM_MONT) && defined(__sparc)
++ if (t4) {
++ typedef int (*bn_pwr5_mont_f)(BN_ULONG *tp,const BN_ULONG *np,
++ const BN_ULONG *n0,const void *table,int power,int bits);
++ int bn_pwr5_mont_t4_8(BN_ULONG *tp,const BN_ULONG *np,
++ const BN_ULONG *n0,const void *table,int power,int bits);
++ int bn_pwr5_mont_t4_16(BN_ULONG *tp,const BN_ULONG *np,
++ const BN_ULONG *n0,const void *table,int power,int bits);
++ int bn_pwr5_mont_t4_24(BN_ULONG *tp,const BN_ULONG *np,
++ const BN_ULONG *n0,const void *table,int power,int bits);
++ int bn_pwr5_mont_t4_32(BN_ULONG *tp,const BN_ULONG *np,
++ const BN_ULONG *n0,const void *table,int power,int bits);
++ static const bn_pwr5_mont_f pwr5_funcs[4] = {
++ bn_pwr5_mont_t4_8, bn_pwr5_mont_t4_16,
++ bn_pwr5_mont_t4_24, bn_pwr5_mont_t4_32 };
++ bn_pwr5_mont_f pwr5_worker = pwr5_funcs[top/16-1];
++
++ typedef int (*bn_mul_mont_f)(BN_ULONG *rp,const BN_ULONG *ap,
++ const void *bp,const BN_ULONG *np,const BN_ULONG *n0);
++ int bn_mul_mont_t4_8(BN_ULONG *rp,const BN_ULONG *ap,
++ const void *bp,const BN_ULONG *np,const BN_ULONG *n0);
++ int bn_mul_mont_t4_16(BN_ULONG *rp,const BN_ULONG *ap,
++ const void *bp,const BN_ULONG *np,const BN_ULONG *n0);
++ int bn_mul_mont_t4_24(BN_ULONG *rp,const BN_ULONG *ap,
++ const void *bp,const BN_ULONG *np,const BN_ULONG *n0);
++ int bn_mul_mont_t4_32(BN_ULONG *rp,const BN_ULONG *ap,
++ const void *bp,const BN_ULONG *np,const BN_ULONG *n0);
++ static const bn_mul_mont_f mul_funcs[4] = {
++ bn_mul_mont_t4_8, bn_mul_mont_t4_16,
++ bn_mul_mont_t4_24, bn_mul_mont_t4_32 };
++ bn_mul_mont_f mul_worker = mul_funcs[top/16-1];
++
++ void bn_mul_mont_vis3(BN_ULONG *rp,const BN_ULONG *ap,
++ const void *bp,const BN_ULONG *np,
++ const BN_ULONG *n0,int num);
++ void bn_mul_mont_t4(BN_ULONG *rp,const BN_ULONG *ap,
++ const void *bp,const BN_ULONG *np,
++ const BN_ULONG *n0,int num);
++ void bn_mul_mont_gather5_t4(BN_ULONG *rp,const BN_ULONG *ap,
++ const void *table,const BN_ULONG *np,
++ const BN_ULONG *n0,int num,int power);
++ void bn_flip_n_scatter5_t4(const BN_ULONG *inp,size_t num,
++ void *table,size_t power);
++ void bn_gather5_t4(BN_ULONG *out,size_t num,
++ void *table,size_t power);
++ void bn_flip_t4(BN_ULONG *dst,BN_ULONG *src,size_t num);
++
++ BN_ULONG *np=mont->N.d, *n0=mont->n0;
++ int stride = 5*(6-(top/16-1)); /* multiple of 5, but less than 32 */
++
++ /*
++ * BN_to_montgomery can contaminate words above .top
++ * [in BN_DEBUG[_DEBUG] build]...
++ */
++ for (i=am.top; i<top; i++) am.d[i]=0;
++ for (i=tmp.top; i<top; i++) tmp.d[i]=0;
++
++ bn_flip_n_scatter5_t4(tmp.d,top,powerbuf,0);
++ bn_flip_n_scatter5_t4(am.d,top,powerbuf,1);
++ if (!(*mul_worker)(tmp.d,am.d,am.d,np,n0) &&
++ !(*mul_worker)(tmp.d,am.d,am.d,np,n0))
++ bn_mul_mont_vis3(tmp.d,am.d,am.d,np,n0,top);
++ bn_flip_n_scatter5_t4(tmp.d,top,powerbuf,2);
++
++ for (i=3; i<32; i++) {
++ /* Calculate a^i = a^(i-1) * a */
++ if (!(*mul_worker)(tmp.d,tmp.d,am.d,np,n0) &&
++ !(*mul_worker)(tmp.d,tmp.d,am.d,np,n0))
++ bn_mul_mont_vis3(tmp.d,tmp.d,am.d,np,n0,top);
++ bn_flip_n_scatter5_t4(tmp.d,top,powerbuf,i);
++ }
++
++ /* switch to 64-bit domain */
++ np = alloca(top*sizeof(BN_ULONG));
++ top /= 2;
++ bn_flip_t4(np,mont->N.d,top);
++
++ bits--;
++ for (wvalue=0, i=bits%5; i>=0; i--,bits--)
++ wvalue = (wvalue<<1)+BN_is_bit_set(p,bits);
++ bn_gather5_t4(tmp.d,top,powerbuf,wvalue);
++
++ /* Scan the exponent one window at a time starting from the most
++ * significant bits.
++ */
++ while (bits >= 0) {
++ if (bits < stride)
++ stride = bits+1;
++ bits -= stride;
++ wvalue = (bn_get_bits(p,bits+1));
++
++ if ((*pwr5_worker)(tmp.d,np,n0,powerbuf,wvalue,stride))
++ continue;
++ /* retry once and fall back */
++ if ((*pwr5_worker)(tmp.d,np,n0,powerbuf,wvalue,stride))
++ continue;
++
++ bits += stride-5;
++ wvalue >>= stride-5;
++ wvalue &= 31;
++ bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top);
++ bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top);
++ bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top);
++ bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top);
++ bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top);
++ bn_mul_mont_gather5_t4(tmp.d,tmp.d,powerbuf,np,n0,top,wvalue);
++ }
++
++ bn_flip_t4(tmp.d,tmp.d,top);
++ top *= 2;
++ /* back to 32-bit domain */
++ tmp.top=top;
++ bn_correct_top(&tmp);
++ OPENSSL_cleanse(np,top*sizeof(BN_ULONG));
++ } else
++#endif
+ #if defined(OPENSSL_BN_ASM_MONT5)
+ if (window == 5 && top > 1) {
+ /*
+@@ -844,6 +1017,15 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+ }
+
+ /* Convert the final result from montgomery to standard format */
++#if defined(OPENSSL_BN_ASM_MONT) && (defined(__sparc__) || defined(__sparc))
++ if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3|SPARCV9_PREFER_FPU)) {
++ am.d[0] = 1; /* borrow am */
++ for (i = 1; i < top; i++)
++ am.d[i] = 0;
++ if (!BN_mod_mul_montgomery(rr,&tmp,&am,mont,ctx))
++ goto err;
++ } else
++#endif
+ if (!BN_from_montgomery(rr, &tmp, mont, ctx))
+ goto err;
+ ret = 1;
+Index: openssl/apps/speed.c
+===================================================================
+diff -ru openssl-1.0.1e/apps/spped.c openssl-1.0.1e/apps/speed.c
+--- openssl-1.0.1e/apps/speed.c 2011-05-24 17:02:24.000000000 -0700
++++ openssl-1.0.1e/apps/spped.c 2011-07-27 10:48:17.817470000 -0700
+@@ -1586,8 +1586,7 @@
+ print_message(names[D_MD5], c[D_MD5][j], lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_MD5][j]); count++)
+- EVP_Digest(&(buf[0]), (unsigned long)lengths[j], &(md5[0]),
+- NULL, EVP_get_digestbyname("md5"), NULL);
++ MD5(buf, lengths[j], md5);
+ d = Time_F(STOP);
+ print_result(D_MD5, j, count, d);
+ }
+@@ -1622,8 +1621,7 @@
+ print_message(names[D_SHA1], c[D_SHA1][j], lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_SHA1][j]); count++)
+- EVP_Digest(buf, (unsigned long)lengths[j], &(sha[0]), NULL,
+- EVP_sha1(), NULL);
++ SHA1(buf, lengths[j], sha);
+ d = Time_F(STOP);
+ print_result(D_SHA1, j, count, d);
+ }
+Index: openssl/crypto/aes/Makefile
+===================================================================
+--- Makefile Thu May 2 13:42:37 2013
++++ Makefile.orig Thu May 2 13:41:51 2013
+@@ -69,6 +69,9 @@
+ aes-sparcv9.s: asm/aes-sparcv9.pl
+ $(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@
+
++aest4-sparcv9.s: asm/aest4-sparcv9.pl
++ $(PERL) asm/aest4-sparcv9.pl $(CFLAGS) > $@
++
+ aes-ppc.s: asm/aes-ppc.pl
+ $(PERL) asm/aes-ppc.pl $(PERLASM_SCHEME) $@
+
+Index: openssl/crypto/evp/e_aes.c
+===================================================================
+--- e_aes.c Mon Feb 11 07:26:04 2013
++++ e_aes.c.56 Thu May 2 14:26:35 2013
+@@ -56,12 +58,11 @@
+ # include <assert.h>
+ # include <openssl/aes.h>
+ # include "evp_locl.h"
+-# ifndef OPENSSL_FIPS
+ # include "modes_lcl.h"
+ # include <openssl/rand.h>
+
+ typedef struct {
+- AES_KEY ks;
++ union { double align; AES_KEY ks; } ks;
+ block128_f block;
+ union {
+ cbc128_f cbc;
+@@ -70,7 +69,7 @@
+ } EVP_AES_KEY;
+
+ typedef struct {
+- AES_KEY ks; /* AES key schedule to use */
++ union { double align; AES_KEY ks; } ks; /* AES key schedule to use */
+ int key_set; /* Set if key initialised */
+ int iv_set; /* Set if an iv is set */
+ GCM128_CONTEXT gcm;
+@@ -83,7 +82,7 @@
+ } EVP_AES_GCM_CTX;
+
+ typedef struct {
+- AES_KEY ks1, ks2; /* AES key schedules to use */
++ union { double align; AES_KEY ks; } ks1, ks2; /* AES key schedules to use */
+ XTS128_CONTEXT xts;
+ void (*stream) (const unsigned char *in,
+ unsigned char *out, size_t length,
+@@ -92,7 +91,7 @@
+ } EVP_AES_XTS_CTX;
+
+ typedef struct {
+- AES_KEY ks; /* AES key schedule to use */
++ union { double align; AES_KEY ks; } ks; /* AES key schedule to use */
+ int key_set; /* Set if key initialised */
+ int iv_set; /* Set if an iv is set */
+ int tag_set; /* Set if tag is valid */
+@@ -155,7 +154,7 @@
+ defined(_M_AMD64) || defined(_M_X64) || \
+ defined(__INTEL__) )
+
+-extern unsigned int OPENSSL_ia32cap_P[2];
++extern unsigned int OPENSSL_ia32cap_P[];
+
+ # ifdef VPAES_ASM
+ # define VPAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
+@@ -297,7 +296,7 @@
+ if (!iv && !key)
+ return 1;
+ if (key) {
+- aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
++ aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
+ CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) aesni_encrypt);
+ gctx->ctr = (ctr128_f) aesni_ctr32_encrypt_blocks;
+ /*
+@@ -336,17 +335,17 @@
+ if (key) {
+ /* key_len is two AES keys */
+ if (enc) {
+- aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
++ aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
+ xctx->xts.block1 = (block128_f) aesni_encrypt;
+ xctx->stream = aesni_xts_encrypt;
+ } else {
+- aesni_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
++ aesni_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
+ xctx->xts.block1 = (block128_f) aesni_decrypt;
+ xctx->stream = aesni_xts_decrypt;
+ }
+
+ aesni_set_encrypt_key(key + ctx->key_len / 2,
+- ctx->key_len * 4, &xctx->ks2);
++ ctx->key_len * 4, &xctx->ks2.ks);
+ xctx->xts.block2 = (block128_f) aesni_encrypt;
+
+ xctx->xts.key1 = &xctx->ks1;
+@@ -371,7 +370,7 @@
+ if (!iv && !key)
+ return 1;
+ if (key) {
+- aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
++ aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks);
+ CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+ &cctx->ks, (block128_f) aesni_encrypt);
+ cctx->str = enc ? (ccm128_f) aesni_ccm64_encrypt_blocks :
+@@ -432,6 +431,364 @@
+ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+ { return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; }
+
++#elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
++
++#include "sparc_arch.h"
++
++extern unsigned int OPENSSL_sparcv9cap_P[];
++
++#define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES)
++
++void aes_t4_set_encrypt_key (const unsigned char *key, int bits,
++ AES_KEY *ks);
++void aes_t4_set_decrypt_key (const unsigned char *key, int bits,
++ AES_KEY *ks);
++void aes_t4_encrypt (const unsigned char *in, unsigned char *out,
++ const AES_KEY *key);
++void aes_t4_decrypt (const unsigned char *in, unsigned char *out,
++ const AES_KEY *key);
++/*
++ * Key-length specific subroutines were chosen for following reason.
++ * Each SPARC T4 core can execute up to 8 threads which share core's
++ * resources. Loading as much key material to registers allows to
++ * minimize references to shared memory interface, as well as amount
++ * of instructions in inner loops [much needed on T4]. But then having
++ * non-key-length specific routines would require conditional branches
++ * either in inner loops or on subroutines' entries. Former is hardly
++ * acceptable, while latter means code size increase to size occupied
++ * by multiple key-length specfic subroutines, so why fight?
++ */
++void aes128_t4_cbc_encrypt (const unsigned char *in, unsigned char *out,
++ size_t len, const AES_KEY *key,
++ unsigned char *ivec);
++void aes128_t4_cbc_decrypt (const unsigned char *in, unsigned char *out,
++ size_t len, const AES_KEY *key,
++ unsigned char *ivec);
++void aes192_t4_cbc_encrypt (const unsigned char *in, unsigned char *out,
++ size_t len, const AES_KEY *key,
++ unsigned char *ivec);
++void aes192_t4_cbc_decrypt (const unsigned char *in, unsigned char *out,
++ size_t len, const AES_KEY *key,
++ unsigned char *ivec);
++void aes256_t4_cbc_encrypt (const unsigned char *in, unsigned char *out,
++ size_t len, const AES_KEY *key,
++ unsigned char *ivec);
++void aes256_t4_cbc_decrypt (const unsigned char *in, unsigned char *out,
++ size_t len, const AES_KEY *key,
++ unsigned char *ivec);
++void aes128_t4_ctr32_encrypt (const unsigned char *in, unsigned char *out,
++ size_t blocks, const AES_KEY *key,
++ unsigned char *ivec);
++void aes192_t4_ctr32_encrypt (const unsigned char *in, unsigned char *out,
++ size_t blocks, const AES_KEY *key,
++ unsigned char *ivec);
++void aes256_t4_ctr32_encrypt (const unsigned char *in, unsigned char *out,
++ size_t blocks, const AES_KEY *key,
++ unsigned char *ivec);
++
++static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
++ const unsigned char *iv, int enc)
++{
++ int ret, mode, bits;
++ EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
++
++ mode = ctx->cipher->flags & EVP_CIPH_MODE;
++ bits = ctx->key_len*8;
++ if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && !enc) {
++ ret = 0;
++ aes_t4_set_decrypt_key(key, bits, ctx->cipher_data);
++ dat->block = (block128_f)aes_t4_decrypt;
++ switch (bits) {
++ case 128:
++ dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ?
++ (cbc128_f)aes128_t4_cbc_decrypt :
++ NULL;
++ break;
++ case 192:
++ dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ?
++ (cbc128_f)aes192_t4_cbc_decrypt :
++ NULL;
++ break;
++ case 256:
++ dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ?
++ (cbc128_f)aes256_t4_cbc_decrypt :
++ NULL;
++ break;
++ default:
++ ret = -1;
++ }
++ } else {
++ ret = 0;
++ aes_t4_set_encrypt_key(key, bits, ctx->cipher_data);
++ dat->block = (block128_f)aes_t4_encrypt;
++ switch (bits) {
++ case 128:
++ if (mode==EVP_CIPH_CBC_MODE)
++ dat->stream.cbc = (cbc128_f)aes128_t4_cbc_encrypt;
++ else if (mode==EVP_CIPH_CTR_MODE)
++ dat->stream.ctr = (ctr128_f)aes128_t4_ctr32_encrypt;
++ else
++ dat->stream.cbc = NULL;
++ break;
++ case 192:
++ if (mode==EVP_CIPH_CBC_MODE)
++ dat->stream.cbc = (cbc128_f)aes192_t4_cbc_encrypt;
++ else if (mode==EVP_CIPH_CTR_MODE)
++ dat->stream.ctr = (ctr128_f)aes192_t4_ctr32_encrypt;
++ else
++ dat->stream.cbc = NULL;
++ break;
++ case 256:
++ if (mode==EVP_CIPH_CBC_MODE)
++ dat->stream.cbc = (cbc128_f)aes256_t4_cbc_encrypt;
++ else if (mode==EVP_CIPH_CTR_MODE)
++ dat->stream.ctr = (ctr128_f)aes256_t4_ctr32_encrypt;
++ else
++ dat->stream.cbc = NULL;
++ break;
++ default:
++ ret = -1;
++ }
++ }
++
++ if (ret < 0) {
++ EVPerr(EVP_F_AES_T4_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
++ return 0;
++ }
++
++ return 1;
++}
++
++#define aes_t4_cbc_cipher aes_cbc_cipher
++static int aes_t4_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
++ const unsigned char *in, size_t len);
++
++#define aes_t4_ecb_cipher aes_ecb_cipher
++static int aes_t4_ecb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
++ const unsigned char *in, size_t len);
++
++#define aes_t4_ofb_cipher aes_ofb_cipher
++static int aes_t4_ofb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
++ const unsigned char *in,size_t len);
++
++#define aes_t4_cfb_cipher aes_cfb_cipher
++static int aes_t4_cfb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
++ const unsigned char *in,size_t len);
++
++#define aes_t4_cfb8_cipher aes_cfb8_cipher
++static int aes_t4_cfb8_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
++ const unsigned char *in,size_t len);
++
++#define aes_t4_cfb1_cipher aes_cfb1_cipher
++static int aes_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
++ const unsigned char *in,size_t len);
++
++#define aes_t4_ctr_cipher aes_ctr_cipher
++static int aes_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++ const unsigned char *in, size_t len);
++
++static int aes_t4_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
++ const unsigned char *iv, int enc)
++{
++ EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
++ if (!iv && !key)
++ return 1;
++ if (key) {
++ int bits = ctx->key_len * 8;
++ aes_t4_set_encrypt_key(key, bits, &gctx->ks.ks);
++ CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
++ (block128_f)aes_t4_encrypt);
++ switch (bits) {
++ case 128:
++ gctx->ctr = (ctr128_f)aes128_t4_ctr32_encrypt;
++ break;
++ case 192:
++ gctx->ctr = (ctr128_f)aes192_t4_ctr32_encrypt;
++ break;
++ case 256:
++ gctx->ctr = (ctr128_f)aes256_t4_ctr32_encrypt;
++ break;
++ default:
++ return 0;
++ }
++ /* If we have an iv can set it directly, otherwise use
++ * saved IV.
++ */
++ if (iv == NULL && gctx->iv_set)
++ iv = gctx->iv;
++ if (iv) {
++ CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
++ gctx->iv_set = 1;
++ }
++ gctx->key_set = 1;
++ } else {
++ /* If key set use IV, otherwise copy */
++ if (gctx->key_set)
++ CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
++ else
++ memcpy(gctx->iv, iv, gctx->ivlen);
++ gctx->iv_set = 1;
++ gctx->iv_gen = 0;
++ }
++ return 1;
++}
++
++#define aes_t4_gcm_cipher aes_gcm_cipher
++static int aes_t4_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++ const unsigned char *in, size_t len);
++
++static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
++ const unsigned char *iv, int enc)
++{
++ EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
++ if (!iv && !key)
++ return 1;
++
++ if (key) {
++ int bits = ctx->key_len * 4;
++ /* key_len is two AES keys */
++ if (enc) {
++ aes_t4_set_encrypt_key(key, bits, &xctx->ks1.ks);
++ xctx->xts.block1 = (block128_f)aes_t4_encrypt;
++#if 0 /* not yet */
++ switch (bits) {
++ case 128:
++ xctx->stream = aes128_t4_xts_encrypt;
++ break;
++ case 192:
++ xctx->stream = aes192_t4_xts_encrypt;
++ break;
++ case 256:
++ xctx->stream = aes256_t4_xts_encrypt;
++ break;
++ default:
++ return 0;
++ }
++#endif
++ } else {
++ aes_t4_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
++ xctx->xts.block1 = (block128_f)aes_t4_decrypt;
++#if 0 /* not yet */
++ switch (bits) {
++ case 128:
++ xctx->stream = aes128_t4_xts_decrypt;
++ break;
++ case 192:
++ xctx->stream = aes192_t4_xts_decrypt;
++ break;
++ case 256:
++ xctx->stream = aes256_t4_xts_decrypt;
++ break;
++ default:
++ return 0;
++ }
++#endif
++ }
++
++ aes_t4_set_encrypt_key(key + ctx->key_len/2,
++ ctx->key_len * 4, &xctx->ks2.ks);
++ xctx->xts.block2 = (block128_f)aes_t4_encrypt;
++
++ xctx->xts.key1 = &xctx->ks1;
++ }
++
++ if (iv) {
++ xctx->xts.key2 = &xctx->ks2;
++ memcpy(ctx->iv, iv, 16);
++ }
++
++ return 1;
++}
++
++#define aes_t4_xts_cipher aes_xts_cipher
++static int aes_t4_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++ const unsigned char *in, size_t len);
++
++static int aes_t4_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
++ const unsigned char *iv, int enc)
++{
++ EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
++ if (!iv && !key)
++ return 1;
++ if (key) {
++ int bits = ctx->key_len * 8;
++ aes_t4_set_encrypt_key(key, bits, &cctx->ks.ks);
++ CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
++ &cctx->ks, (block128_f)aes_t4_encrypt);
++#if 0 /* not yet */
++ switch (bits) {
++ case 128:
++ cctx->str = enc?(ccm128_f)aes128_t4_ccm64_encrypt :
++ (ccm128_f)ae128_t4_ccm64_decrypt;
++ break;
++ case 192:
++ cctx->str = enc?(ccm128_f)aes192_t4_ccm64_encrypt :
++ (ccm128_f)ae192_t4_ccm64_decrypt;
++ break;
++ case 256:
++ cctx->str = enc?(ccm128_f)aes256_t4_ccm64_encrypt :
++ (ccm128_f)ae256_t4_ccm64_decrypt;
++ break;
++ default:
++ return 0;
++ }
++#endif
++ cctx->key_set = 1;
++ }
++ if (iv) {
++ memcpy(ctx->iv, iv, 15 - cctx->L);
++ cctx->iv_set = 1;
++ }
++ return 1;
++}
++
++#define aes_t4_ccm_cipher aes_ccm_cipher
++static int aes_t4_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++ const unsigned char *in, size_t len);
++
++#define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
++static const EVP_CIPHER aes_t4_##keylen##_##mode = { \
++ nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
++ flags|EVP_CIPH_##MODE##_MODE, \
++ aes_t4_init_key, \
++ aes_t4_##mode##_cipher, \
++ NULL, \
++ sizeof(EVP_AES_KEY), \
++ NULL,NULL,NULL,NULL }; \
++static const EVP_CIPHER aes_##keylen##_##mode = { \
++ nid##_##keylen##_##nmode,blocksize, \
++ keylen/8,ivlen, \
++ flags|EVP_CIPH_##MODE##_MODE, \
++ aes_init_key, \
++ aes_##mode##_cipher, \
++ NULL, \
++ sizeof(EVP_AES_KEY), \
++ NULL,NULL,NULL,NULL }; \
++const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
++{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; }
++
++#define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
++static const EVP_CIPHER aes_t4_##keylen##_##mode = { \
++ nid##_##keylen##_##mode,blocksize, \
++ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
++ flags|EVP_CIPH_##MODE##_MODE, \
++ aes_t4_##mode##_init_key, \
++ aes_t4_##mode##_cipher, \
++ aes_##mode##_cleanup, \
++ sizeof(EVP_AES_##MODE##_CTX), \
++ NULL,NULL,aes_##mode##_ctrl,NULL }; \
++static const EVP_CIPHER aes_##keylen##_##mode = { \
++ nid##_##keylen##_##mode,blocksize, \
++ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
++ flags|EVP_CIPH_##MODE##_MODE, \
++ aes_##mode##_init_key, \
++ aes_##mode##_cipher, \
++ aes_##mode##_cleanup, \
++ sizeof(EVP_AES_##MODE##_CTX), \
++ NULL,NULL,aes_##mode##_ctrl,NULL }; \
++const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
++{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; }
++
+ # else
+
+ # define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+@@ -480,7 +837,7 @@
+ && !enc)
+ # ifdef BSAES_CAPABLE
+ if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) {
+- ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks);
++ ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
+ dat->block = (block128_f) AES_decrypt;
+ dat->stream.cbc = (cbc128_f) bsaes_cbc_encrypt;
+ } else
+@@ -487,7 +844,7 @@
+ # endif
+ # ifdef VPAES_CAPABLE
+ if (VPAES_CAPABLE) {
+- ret = vpaes_set_decrypt_key(key, ctx->key_len * 8, &dat->ks);
++ ret = vpaes_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
+ dat->block = (block128_f) vpaes_decrypt;
+ dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+ (cbc128_f) vpaes_cbc_encrypt : NULL;
+@@ -494,7 +851,7 @@
+ } else
+ # endif
+ {
+- ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks);
++ ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
+ dat->block = (block128_f) AES_decrypt;
+ dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+ (cbc128_f) AES_cbc_encrypt : NULL;
+@@ -508,7 +865,7 @@
+ # endif
+ # ifdef VPAES_CAPABLE
+ if (VPAES_CAPABLE) {
+- ret = vpaes_set_encrypt_key(key, ctx->key_len * 8, &dat->ks);
++ ret = vpaes_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
+ dat->block = (block128_f) vpaes_encrypt;
+ dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+ (cbc128_f) vpaes_cbc_encrypt : NULL;
+@@ -515,7 +872,7 @@
+ } else
+ # endif
+ {
+- ret = AES_set_encrypt_key(key, ctx->key_len * 8, &dat->ks);
++ ret = AES_set_encrypt_key(key, ctx->key_len*8, &dat->ks.ks);
+ dat->block = (block128_f) AES_encrypt;
+ dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+ (cbc128_f) AES_cbc_encrypt : NULL;
+@@ -810,7 +1167,7 @@
+ do {
+ # ifdef BSAES_CAPABLE
+ if (BSAES_CAPABLE) {
+- AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
++ AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
+ CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+ (block128_f) AES_encrypt);
+ gctx->ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks;
+@@ -819,7 +1176,7 @@
+ # endif
+ # ifdef VPAES_CAPABLE
+ if (VPAES_CAPABLE) {
+- vpaes_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
++ vpaes_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
+ CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+ (block128_f) vpaes_encrypt);
+ gctx->ctr = NULL;
+@@ -828,7 +1185,7 @@
+ # endif
+ (void)0; /* terminate potentially open 'else' */
+
+- AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
++ AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
+ CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+ (block128_f) AES_encrypt);
+ # ifdef AES_CTR_ASM
+@@ -1049,15 +1406,15 @@
+ # ifdef VPAES_CAPABLE
+ if (VPAES_CAPABLE) {
+ if (enc) {
+- vpaes_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
++ vpaes_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
+ xctx->xts.block1 = (block128_f) vpaes_encrypt;
+ } else {
+- vpaes_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
++ vpaes_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
+ xctx->xts.block1 = (block128_f) vpaes_decrypt;
+ }
+
+ vpaes_set_encrypt_key(key + ctx->key_len / 2,
+- ctx->key_len * 4, &xctx->ks2);
++ ctx->key_len * 4, &xctx->ks2.ks);
+ xctx->xts.block2 = (block128_f) vpaes_encrypt;
+
+ xctx->xts.key1 = &xctx->ks1;
+@@ -1067,15 +1424,15 @@
+ (void)0; /* terminate potentially open 'else' */
+
+ if (enc) {
+- AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
++ AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
+ xctx->xts.block1 = (block128_f) AES_encrypt;
+ } else {
+- AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
++ AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
+ xctx->xts.block1 = (block128_f) AES_decrypt;
+ }
+
+ AES_set_encrypt_key(key + ctx->key_len / 2,
+- ctx->key_len * 4, &xctx->ks2);
++ ctx->key_len * 4, &xctx->ks2.ks);
+ xctx->xts.block2 = (block128_f) AES_encrypt;
+
+ xctx->xts.key1 = &xctx->ks1;
+@@ -1196,7 +1553,7 @@
+ do {
+ # ifdef VPAES_CAPABLE
+ if (VPAES_CAPABLE) {
+- vpaes_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
++ vpaes_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks);
+ CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+ &cctx->ks, (block128_f) vpaes_encrypt);
+ cctx->str = NULL;
+@@ -1204,7 +1561,7 @@
+ break;
+ }
+ # endif
+- AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
++ AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks);
+ CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+ &cctx->ks, (block128_f) AES_encrypt);
+ cctx->str = NULL;
+@@ -1285,5 +1642,4 @@
+ EVP_CIPH_FLAG_FIPS | CUSTOM_FLAGS)
+ BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
+ EVP_CIPH_FLAG_FIPS | CUSTOM_FLAGS)
+-# endif
+ #endif
+Index: openssl/crypto/evp/evp.h
+===================================================================
+--- evp.h Mon Feb 11 07:26:04 2013
++++ evp.h.new Thu May 2 14:31:55 2013
+@@ -1325,6 +1325,7 @@
+ # define EVP_F_AESNI_INIT_KEY 165
+ # define EVP_F_AESNI_XTS_CIPHER 176
+ # define EVP_F_AES_INIT_KEY 133
++# define EVP_F_AES_T4_INIT_KEY 178
+ # define EVP_F_AES_XTS 172
+ # define EVP_F_AES_XTS_CIPHER 175
+ # define EVP_F_ALG_MODULE_INIT 177
+Index: openssl/crypto/evp/evp_err.c
+===================================================================
+--- evp_err.c Mon Feb 11 07:26:04 2013
++++ evp_err.c.new Thu May 2 14:33:24 2013
+@@ -73,6 +73,7 @@
+ {ERR_FUNC(EVP_F_AESNI_INIT_KEY), "AESNI_INIT_KEY"},
+ {ERR_FUNC(EVP_F_AESNI_XTS_CIPHER), "AESNI_XTS_CIPHER"},
+ {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
++ {ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "AES_T4_INIT_KEY"},
+ {ERR_FUNC(EVP_F_AES_XTS), "AES_XTS"},
+ {ERR_FUNC(EVP_F_AES_XTS_CIPHER), "AES_XTS_CIPHER"},
+ {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"},
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-1.0.1/patches/104-suppress_v8plus_abi_warnings.patch Thu May 28 09:54:36 2015 -0700
@@ -0,0 +1,46 @@
+#
+# Patch developed in-house. Solaris-specific; not suitable for upstream.
+#
+# Suppress warnings about sparcv8+ ABI violation
+# when building T4-specific modules as 32-bit:
+# v8+ ABI violation: illegal use of %i or %l register as rs1 in "brnz,a" instruction
+# This has been confirmed as a valid usecase and is thus intentional.
+#
+--- a/crypto/aes/Makefile.orig čt dub 30 03:15:03 2015
++++ b/crypto/aes/Makefile čt dub 30 03:19:32 2015
+@@ -72,6 +72,9 @@
+ aest4-sparcv9.s: asm/aest4-sparcv9.pl
+ $(PERL) asm/aest4-sparcv9.pl $(CFLAGS) > $@
+
++aest4-sparcv9.o: aest4-sparcv9.s
++ $(AS) $(ASFLAGS) -Wa,-n -o $@ $^
++
+ aes-ppc.s: asm/aes-ppc.pl
+ $(PERL) asm/aes-ppc.pl $(PERLASM_SCHEME) $@
+
+--- a/crypto/sha/Makefile.orig čt dub 30 14:37:32 2015
++++ b/crypto/sha/Makefile čt dub 30 14:40:49 2015
+@@ -71,6 +71,8 @@
+ sha1-sparcv9.S: asm/sha1-sparcv9.pl; $(PERL) asm/sha1-sparcv9.pl $@ $(CFLAGS)
+ sha256-sparcv9.S:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS)
+ sha512-sparcv9.S:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS)
++sha512-sparcv9.o: sha512-sparcv9.S
++ $(CC) $(CFLAGS) -Wa,-n -c -o $@ $^
+
+ sha1-ppc.s: asm/sha1-ppc.pl; $(PERL) asm/sha1-ppc.pl $(PERLASM_SCHEME) $@
+ sha256-ppc.s: asm/sha512-ppc.pl; $(PERL) asm/sha512-ppc.pl $(PERLASM_SCHEME) $@
+--- a/crypto/bn/Makefile.orig čt dub 30 14:43:20 2015
++++ b/crypto/bn/Makefile čt dub 30 14:45:11 2015
+@@ -79,8 +79,12 @@
+ $(PERL) asm/sparcv9-mont.pl $(CFLAGS) > $@
+ vis3-mont.s: asm/vis3-mont.pl
+ $(PERL) asm/vis3-mont.pl $(CFLAGS) > $@
++vis3-mont.o: vis3-mont.s
++ $(AS) $(ASFLAGS) -Wa,-n -o $@ $^
+ sparct4-mont.S: asm/sparct4-mont.pl
+ $(PERL) asm/sparct4-mont.pl $(CFLAGS) > $@
++sparct4-mont.o: sparct4-mont.S
++ $(CC) $(CFLAGS) -Wa,-n -c -o $@ $^
+ sparcv9-gf2m.S: asm/sparcv9-gf2m.pl
+ $(PERL) asm/sparcv9-gf2m.pl $(CFLAGS) > $@
+
--- a/components/openssl/openssl-1.0.1/patches/11-6546806.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
-diff -ruN openssl-0.9.8a/doc/crypto/hmac.pod openssl-0.9.8a/doc/crypto/hmac.pod
---- openssl-0.9.8a/doc/crypto/hmac.pod 2002-07-18 20:54:45.000000000 +0200
-+++ openssl-0.9.8a/doc/crypto/hmac.pod 2009-04-10 11:09:46.449071541 +0200
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--HMAC, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup - HMAC message
-+HMAC, HMAC_CTX_init, HMAC_Init, HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_cleanup, HMAC_cleanup - HMAC message
- authentication code
-
- =head1 SYNOPSIS
--- a/components/openssl/openssl-1.0.1/patches/14-manpage_openssl.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,16 +0,0 @@
-diff -ruN openssl-0.9.8a/util/extract-section.pl openssl-0.9.8a/util/extract-section.pl
---- openssl-0.9.8a/util/extract-section.pl 2004-11-25 18:47:31.000000000 +0100
-+++ openssl-0.9.8a/util/extract-section.pl 2009-04-08 12:05:03.128230348 +0200
-@@ -3,10 +3,10 @@
- while(<STDIN>) {
- if (/=for\s+comment\s+openssl_manual_section:(\S+)/)
- {
-- print "$1\n";
-+ print "${1}openssl\n";
- exit 0;
- }
- }
-
--print "$ARGV[0]\n";
-+print "${ARGV[0]}openssl\n";
-
--- a/components/openssl/openssl-1.0.1/patches/15-pkcs11_engine-0.9.8a.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,196 +0,0 @@
-#
-# This patch file adds the Solaris's pkcs11 engine.
-# This is Solaris-specific (developed in house): not suitable for upstream.
-#
---- /tmp/Configure Fri Feb 11 14:40:39 2011
-+++ openssl-1.0.0d/Configure Fri Feb 11 14:41:36 2011
-@@ -10,7 +10,7 @@
-
- # see INSTALL for instructions.
-
--my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
-+my $usage="Usage: Configure --pk11-libname=PK11_LIB_LOCATION [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
-
- # Options:
- #
-@@ -19,6 +19,9 @@
- # --prefix prefix for the OpenSSL include, lib and bin directories
- # (Default: the OPENSSLDIR directory)
- #
-+# --pk11-libname PKCS#11 library name.
-+# (Default: none)
-+#
- # --install_prefix Additional prefix for package builders (empty by
- # default). This needn't be set in advance, you can
- # just as well use "make INSTALL_PREFIX=/whatever install".
-@@ -657,6 +661,9 @@
- my $idx_arflags = $idx++;
- my $idx_multilib = $idx++;
-
-+# PKCS#11 engine patch
-+my $pk11_libname="";
-+
- my $prefix="";
- my $libdir="";
- my $openssldir="";
-@@ -882,6 +888,10 @@
- $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
- $flags.=$_." ";
- }
-+ elsif (/^--pk11-libname=(.*)$/)
-+ {
-+ $pk11_libname=$1;
-+ }
- elsif (/^--prefix=(.*)$/)
- {
- $prefix=$1;
-@@ -1049,6 +1059,13 @@
- exit 0;
- }
-
-+if (! $pk11_libname)
-+ {
-+ print STDERR "You must set --pk11-libname for PKCS#11 library.\n";
-+ print STDERR "See README.pkcs11 for more information.\n";
-+ exit 1;
-+ }
-+
- if ($target =~ m/^CygWin32(-.*)$/) {
- $target = "Cygwin".$1;
- }
-@@ -1215,6 +1232,8 @@
- if ($flags ne "") { $cflags="$flags$cflags"; }
- else { $no_user_cflags=1; }
-
-+$cflags="-DPK11_LIB_LOCATION=\"$pk11_libname\" $cflags";
-+
- # Kerberos settings. The flavor must be provided from outside, either through
- # the script "config" or manually.
- if (!$no_krb5)
-@@ -1604,6 +1623,7 @@
- s/^VERSION=.*/VERSION=$version/;
- s/^MAJOR=.*/MAJOR=$major/;
- s/^MINOR=.*/MINOR=$minor/;
-+ s/^PK11_LIB_LOCATION=.*/PK11_LIB_LOCATION=$pk11_libname/;
- s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
- s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
- s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
---- /tmp/Makefile.org Fri Feb 11 14:41:54 2011
-+++ openssl-1.0.0d/Makefile.org Fri Feb 11 14:38:01 2011
-@@ -26,6 +26,9 @@
- INSTALL_PREFIX=
- INSTALLTOP=/usr/local/ssl
-
-+# You must set this through --pk11-libname configure option.
-+PK11_LIB_LOCATION=
-+
- # Do not edit this manually. Use Configure --openssldir=DIR do change this!
- OPENSSLDIR=/usr/local/ssl
-
---- /tmp/Makefile Mon Feb 14 14:59:22 2011
-+++ openssl-1.0.0d/engines/Makefile Mon Feb 14 15:00:35 2011
-@@ -26,7 +26,8 @@
- APPS=
-
- LIB=$(TOP)/libcrypto.a
--LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi
-+LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi \
-+ pk11
-
- LIBSRC= e_4758cca.c \
- e_aep.c \
-@@ -38,7 +39,8 @@
- e_sureware.c \
- e_ubsec.c \
- e_padlock.c \
-- e_capi.c
-+ e_capi.c \
-+ e_pk11.c
- LIBOBJ= e_4758cca.o \
- e_aep.o \
- e_atalla.o \
-@@ -49,7 +51,8 @@
- e_sureware.o \
- e_ubsec.o \
- e_padlock.o \
-- e_capi.o
-+ e_capi.o \
-+ e_pk11.o
-
- SRC= $(LIBSRC)
-
-@@ -63,7 +66,8 @@
- e_nuron_err.c e_nuron_err.h \
- e_sureware_err.c e_sureware_err.h \
- e_ubsec_err.c e_ubsec_err.h \
-- e_capi_err.c e_capi_err.h
-+ e_capi_err.c e_capi_err.h \
-+ e_pk11.h e_pk11_uri.h e_pk11_err.h e_pk11_pub.c e_pk11_uri.c e_pk11_err.c
-
- ALL= $(GENERAL) $(SRC) $(HEADER)
-
-@@ -78,7 +82,7 @@
- for l in $(LIBNAMES); do \
- $(MAKE) -f ../Makefile.shared -e \
- LIBNAME=$$l LIBEXTRAS=e_$$l.o \
-- LIBDEPS='-L.. -lcrypto $(EX_LIBS)' \
-+ LIBDEPS='-L.. -lcrypto -lcryptoutil $(EX_LIBS)' \
- link_o.$(SHLIB_TARGET); \
- done; \
- else \
---- crypto/engine/eng_all.c Thu Sep 5 12:59:50 2013
-+++ openssl-1.0.1e/crypto/engine/eng_all.c Thu Sep 5 12:59:50 2013
-@@ -60,6 +60,16 @@
- #include "cryptlib.h"
- #include "eng_int.h"
-
-+/*
-+ * pkcs11 engine no longer is a built-in engine, and ENGINE_load_pk11() needs to be
-+ * defined in libcrypto.so for ssh. Instead of load pkcs11 engine, it load dynamic
-+ * engines.
-+ */
-+void ENGINE_load_pk11(void)
-+ {
-+ ENGINE_load_dynamic();
-+ }
-+
- void ENGINE_load_builtin_engines(void)
- {
- /* Some ENGINEs need this */
---- crypto/dso/dso_lib.c Thu Sep 5 12:59:50 2013
-+++ openssl-1.0.1e/crypto/dso/dso_lib.c Thu Sep 5 12:59:50 2013
-@@ -396,6 +396,24 @@
- DSOerr(DSO_F_DSO_CONVERT_FILENAME, DSO_R_NO_FILENAME);
- return (NULL);
- }
-+ /*
-+ * For pkcs11 engine, use libpk11.so (instead of libpkcs11.so) to
-+ * avoid the name collision with PKCS#11 library.
-+ */
-+ if (strcmp(filename, "pkcs11") == 0) {
-+#ifdef _LP64
-+ char *fullpath = "/lib/openssl/engines/64/libpk11.so";
-+#else
-+ char *fullpath = "/lib/openssl/engines/libpk11.so";
-+#endif
-+ result = OPENSSL_malloc(strlen(fullpath) + 1);
-+ if(result == NULL) {
-+ DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE);
-+ return(NULL);
-+ }
-+ BUF_strlcpy(result, fullpath, strlen(fullpath) + 1);
-+ return (result);
-+ }
- if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
- if (dso->name_converter != NULL)
- result = dso->name_converter(dso, filename);
---- /tmp/engine.h Fri Feb 11 14:46:24 2011
-+++ openssl-1.0.0d/crypto/engine/engine.h Fri Feb 11 14:47:32 2011
-@@ -413,6 +413,7 @@
- # endif
- # endif
- void ENGINE_load_cryptodev(void);
-+void ENGINE_load_pk11(void);
- void ENGINE_load_rsax(void);
- void ENGINE_load_rdrand(void);
- void ENGINE_load_builtin_engines(void);
--- a/components/openssl/openssl-1.0.1/patches/18-compiler_opts.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,26 +0,0 @@
-#
-# This was developed in house to support Solaris-specific options.
-# Not suitable for upstream.
-#
---- openssl-1.0.0d/Configure Thu Feb 10 20:02:41 2011
-+++ /tmp/Configure Thu Feb 10 20:01:51 2011
-@@ -257,6 +257,19 @@
- #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
- "sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
-
-+#### Solaris configs, used for OpenSSL as delivered by S11.
-+"solaris-x86-cc-sunw","cc:-m32 -xO3 -xspace -Xa::-D_REENTRANT::-lsocket -lnsl -lc:BN_LLONG RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${x86_elf_asm}:dlfcn:solaris-shared:-KPIC:-m32 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign -M/usr/lib/ld/map.noexdata:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+#
-+"solaris64-x86_64-cc-sunw","cc:-xO3 -m64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -lc:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR DES_PTR DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign -M/usr/lib/ld/map.noexdata:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+#
-+"solaris-sparcv9-cc-sunw","cc:-xtarget=ultra -m32 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc:BN_LLONG RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m32 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+#
-+"solaris64-sparcv9-cc-sunw","cc:-xtarget=ultra -m64 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -xspace -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc:BN_LLONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/bin/ar rs::/64",
-+# Option -xF=%all instructs the compiler to place functions and data
-+# variables into separate section fragments. This enables the link editor
-+# to discard unused sections and files when linking wanboot-openssl.o
-+"solaris64-sparcv9-cc-sunw-wanboot","cc:-xtarget=ultra -m64 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -xspace -xannotate=no -xF=%all -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl:BN_LLONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/bin/ar rs::/64",
-+
- #### IRIX 5.x configs
- # -mips2 flag is added by ./config when appropriate.
- "irix-gcc","gcc:-O3 -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--- a/components/openssl/openssl-1.0.1/patches/20-remove_rpath.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,11 +0,0 @@
---- /export/openssl/openssl-1.0.0d/Makefile.shared Sat Aug 21 13:36:49 2010
-+++ openssl-1.0.0d/Makefile.shared Mon Feb 14 14:25:51 2011
-@@ -393,7 +393,7 @@
- @ if $(DETECT_GNU_LD); then \
- $(DO_GNU_APP); \
- else \
-- LDFLAGS="$(CFLAGS) -R $(LIBRPATH)"; \
-+ LDFLAGS="$(CFLAGS)"; \
- fi; \
- $(LINK_APP)
-
--- a/components/openssl/openssl-1.0.1/patches/23-noexstack.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,21 +0,0 @@
---- /tmp/Makefile.shared Mon Feb 14 14:33:05 2011
-+++ openssl-1.0.0d/Makefile.shared Mon Feb 14 14:35:56 2011
-@@ -389,6 +389,7 @@
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
- fi; \
- $(LINK_SO_A)
-+# Make sure the apps have non-executable stacks and data (x86/x64 only).
- link_app.solaris:
- @ if $(DETECT_GNU_LD); then \
- $(DO_GNU_APP); \
-@@ -395,6 +396,10 @@
- else \
- LDFLAGS="$(CFLAGS)"; \
- fi; \
-+ if expr $(PLATFORM) : '.*x86.*' > /dev/null; then \
-+ LDFLAGS="$${LDFLAGS} -M/usr/lib/ld/map.noexdata"; \
-+ fi; \
-+ LDFLAGS="$${LDFLAGS} -M/usr/lib/ld/map.noexstk -M/usr/lib/ld/map.pagealign"; \
- $(LINK_APP)
-
- # OpenServer 5 native compilers used
--- a/components/openssl/openssl-1.0.1/patches/27-6978791.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
---- /tmp/Makefile.shared Mon Feb 14 14:39:29 2011
-+++ openssl-1.0.0d/Makefile.shared Mon Feb 14 14:50:52 2011
-@@ -387,6 +387,9 @@
- ALLSYMSFLAGS="$${MINUSZ}allextract"; \
- NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
-+ if [ $(LIBNAME) = "ssl" ]; then \
-+ SHAREDFLAGS="$$SHAREDFLAGS $${MINUSZ}nodelete"; \
-+ fi; \
- fi; \
- $(LINK_SO_A)
- # Make sure the apps have non-executable stacks and data (x86/x64 only).
--- a/components/openssl/openssl-1.0.1/patches/28-enginesdir.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,54 +0,0 @@
-#
-# This was developed in house to configure the engine dir.
-# Not suitable for upstream.
-#
---- /tmp/18/Configure Fri Feb 11 15:15:50 2011
-+++ openssl-1.0.0d/Configure Fri Feb 11 15:18:09 2011
-@@ -18,6 +18,8 @@
- # --prefix option is given; /usr/local/ssl otherwise)
- # --prefix prefix for the OpenSSL include, lib and bin directories
- # (Default: the OPENSSLDIR directory)
-+# --enginesdir engines shared library location
-+# (Default: $prefix/lib/engines)
- #
- # --pk11-libname PKCS#11 library name.
- # (Default: none)
-@@ -679,6 +679,7 @@
- my $prefix="";
- my $libdir="";
- my $openssldir="";
-+my $enginesdir="";
- my $exe_ext="";
- my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
- my $cross_compile_prefix="";
-@@ -917,6 +920,10 @@
- {
- $openssldir=$1;
- }
-+ elsif (/^--enginesdir=(.*)$/)
-+ {
-+ $enginesdir=$1;
-+ }
- elsif (/^--install.prefix=(.*)$/)
- {
- $install_prefix=$1;
-@@ -1224,6 +1231,10 @@
- # we're ready to tolerate, so don't...
- $multilib="" if !-d "$prefix/lib$multilib";
-
-+if ($enginesdir eq "") {
-+ $enginesdir = "$prefix/lib/engines";
-+}
-+
- $libdir="lib$multilib" if $libdir eq "";
-
- $cflags = "$cflags$exp_cflags";
-@@ -1846,7 +1857,7 @@
- }
- elsif (/^#define\s+ENGINESDIR/)
- {
-- my $foo = "$prefix/$libdir/engines";
-+ my $foo = "$enginesdir";
- $foo =~ s/\\/\\\\/g;
- print OUT "#define ENGINESDIR \"$foo\"\n";
- }
--- a/components/openssl/openssl-1.0.1/patches/29_fork_safe.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,275 +0,0 @@
-#
-# This file adds the code to setup internal mutexes and callback function.
-# PSARC/2014/077
-# PSARC/2015/043
-# This change was implemented in-house. The issue was brought up to
-# the upstream engineers, but there was no commitment.
-#
---- openssl-1.0.1f/crypto/cryptlib.c.~1~ Fri Feb 7 10:41:36 2014
-+++ openssl-1.0.1f/crypto/cryptlib.c Thu Feb 6 16:03:58 2014
-@@ -116,6 +116,7 @@
-
- #include "cryptlib.h"
- #include <openssl/safestack.h>
-+#include <pthread.h>
-
- #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
- static double SSLeay_MSVC5_hack = 0.0; /* and for VC1.5 */
-@@ -184,6 +185,8 @@
- */
- static STACK_OF(CRYPTO_dynlock) *dyn_locks = NULL;
-
-+static pthread_mutex_t *solaris_openssl_locks;
-+
- static void (MS_FAR *locking_callback) (int mode, int type,
- const char *file, int line) = 0;
- static int (MS_FAR *add_lock_callback) (int *pointer, int amount,
-@@ -373,7 +376,10 @@
- void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func)
- (const char *file, int line))
- {
-- dynlock_create_callback = func;
-+ /*
-+ * we now setup our own dynamic locking callback, and disallow
-+ * setting of another locking callback.
-+ */
- }
-
- void CRYPTO_set_dynlock_lock_callback(void (*func) (int mode,
-@@ -382,7 +388,10 @@
- const char *file,
- int line))
- {
-- dynlock_lock_callback = func;
-+ /*
-+ * we now setup our own dynamic locking callback, and disallow
-+ * setting of another locking callback.
-+ */
- }
-
- void CRYPTO_set_dynlock_destroy_callback(void (*func)
-@@ -389,7 +398,10 @@
- (struct CRYPTO_dynlock_value *l,
- const char *file, int line))
- {
-- dynlock_destroy_callback = func;
-+ /*
-+ * we now setup our own dynamic locking callback, and disallow
-+ * setting of another locking callback.
-+ */
- }
-
- void (*CRYPTO_get_locking_callback(void)) (int mode, int type,
-@@ -402,6 +414,129@@
- return (add_lock_callback);
- }
-
-+/*
-+ * This is the locking callback function which all applications will be
-+ * using when CRYPTO_lock() is called.
-+ */
-+static void solaris_locking_callback(int mode, int type, const char *file,
-+ int line)
-+{
-+ if (mode & CRYPTO_LOCK) {
-+ pthread_mutex_lock(&solaris_openssl_locks[type]);
-+ } else {
-+ pthread_mutex_unlock(&solaris_openssl_locks[type]);
-+ }
-+}
-+
-+
-+/*
-+ * Implement Solaris's own dynamic locking routines.
-+ */
-+static struct CRYPTO_dynlock_value *
-+solaris_dynlock_create(const char *file, int line)
-+{
-+ int ret;
-+ pthread_mutex_t *dynlock;
-+
-+ dynlock = OPENSSL_malloc(sizeof(pthread_mutex_t));
-+ if (dynlock == NULL) {
-+ return (NULL);
-+ }
-+
-+ ret = pthread_mutex_init(dynlock, NULL);
-+ OPENSSL_assert(ret);
-+
-+ return ((struct CRYPTO_dynlock_value *)dynlock);
-+}
-+
-+static void
-+solaris_dynlock_lock(int mode, struct CRYPTO_dynlock_valud *dynlock,
-+ const char *file, int line)
-+{
-+ int ret;
-+
-+ if (mode & CRYPTO_LOCK) {
-+ ret = pthread_mutex_lock((pthread_mutex_t *)dynlock);
-+ } else {
-+ ret = pthread_mutex_unlock((pthread_mutex_t *)dynlock);
-+ }
-+
-+ OPENSSL_assert(ret == 0);
-+}
-+
-+static void
-+solaris_dynlock_destroy(struct CRYPTO_dynlock_value *dynlock,
-+ const char *file, int line)
-+{
-+ int ret;
-+ ret = pthread_mutex_destroy((pthread_mutex_t *)dynlock);
-+ OPENSSL_assert(ret);
-+}
-+
-+
-+/*
-+ * This function is called when a child process is forked to setup its own
-+ * global locking callback function ptr and mutexes.
-+ */
-+static void solaris_fork_child(void)
-+{
-+ /*
-+ * clear locking_callback to indicate that locks should
-+ * be reinitialized.
-+ */
-+ locking_callback = NULL;
-+ solaris_locking_setup();
-+}
-+
-+/*
-+ * This function allocates and initializes the global mutex array, and
-+ * sets the locking callback.
-+ */
-+void solaris_locking_setup()
-+{
-+ int i;
-+ int num_locks;
-+
-+ /* setup the dynlock callback if not already */
-+ if (dynlock_create_callback == NULL) {
-+ dynlock_create_callback = solaris_dynlock_create;
-+ }
-+ if (dynlock_lock_callback == NULL) {
-+ dynlock_lock_callback = solaris_dynlock_lock;
-+ }
-+ if (dynlock_destroy_callback == NULL) {
-+ dynlock_destroy_callback = solaris_dynlock_destroy;
-+ }
-+
-+ /* locking callback is already setup. Nothing to do */
-+ if (locking_callback != NULL) {
-+ return;
-+ }
-+
-+ /*
-+ * Set atfork handler so that child can setup its own mutexes and
-+ * locking callbacks when it is forked
-+ */
-+ (void) pthread_atfork(NULL, NULL, solaris_fork_child);
-+
-+ /* allocate locks needed by OpenSSL */
-+ num_locks = CRYPTO_num_locks();
-+ solaris_openssl_locks =
-+ OPENSSL_malloc(sizeof (pthread_mutex_t) * num_locks);
-+ if (solaris_openssl_locks == NULL) {
-+ fprintf(stderr,
-+ "solaris_locking_setup: memory allocation failure.\n");
-+ abort();
-+ }
-+
-+ /* initialize openssl mutexes */
-+ for (i = 0; i < num_locks; i++) {
-+ pthread_mutex_init(&solaris_openssl_locks[i], NULL);
-+ }
-+ locking_callback = solaris_locking_callback;
-+
-+}
-+
- void CRYPTO_set_locking_callback(void (*func) (int mode, int type,
- const char *file, int line))
- {
-@@ -410,7 +486,11 @@
- * started.
- */
- OPENSSL_init();
-- locking_callback = func;
-+
-+ /*
-+ * we now setup our own locking callback and mutexes, and disallow
-+ * setting of another locking callback.
-+ */
- }
-
- void CRYPTO_set_add_lock_callback(int (*func) (int *num, int mount, int type,
-@@ -471,9 +551,10 @@
-
- int CRYPTO_THREADID_set_callback(void (*func) (CRYPTO_THREADID *))
- {
-- if (threadid_callback)
-- return 0;
-- threadid_callback = func;
-+ /*
-+ * Use the backup method (the address of 'errno') to identify the
-+ * thread and disallow setting the threadid callback.
-+ */
- return 1;
- }
-
-@@ -531,7 +611,10 @@
-
- void CRYPTO_set_id_callback(unsigned long (*func) (void))
- {
-- id_callback = func;
-+ /*
-+ * Use the backup method to identify the thread/process.
-+ * Setting the id callback is disallowed.
-+ */
- }
-
- unsigned long CRYPTO_thread_id(void)
---- openssl-1.0.1f/crypto/cryptlib.h.~1~ Fri Feb 7 10:41:42 2014
-+++ openssl-1.0.1f/crypto/cryptlib.h Thu Feb 6 16:04:16 2014
-@@ -104,6 +104,8 @@
- void *OPENSSL_stderr(void);
- extern int OPENSSL_NONPIC_relocated;
-
-+void solaris_locking_setup();
-+
- #ifdef __cplusplus
- }
- #endif
---- openssl-1.0.1f/crypto/sparccpuid.S.~1~ Fri Feb 7 10:41:37 2014
-+++ openssl-1.0.1f/crypto/sparccpuid.S Thu Feb 6 16:04:14 2014
-@@ -398,5 +398,7 @@
- .size OPENSSL_cleanse,.-OPENSSL_cleanse
-
- .section ".init",#alloc,#execinstr
-+ call solaris_locking_setup
-+ nop
- call OPENSSL_cpuid_setup
- nop
---- openssl-1.0.1f/crypto/x86_64cpuid.pl.~1~ Wed Feb 12 13:20:09 2014
-+++ openssl-1.0.1f/crypto/x86_64cpuid.pl Wed Feb 12 13:21:20 2014
-@@ -20,7 +20,10 @@
- print<<___;
- .extern OPENSSL_cpuid_setup
- .hidden OPENSSL_cpuid_setup
-+.extern solaris_locking_setup
-+.hidden solaris_locking_setup
- .section .init
-+ call solaris_locking_setup
- call OPENSSL_cpuid_setup
-
- .hidden OPENSSL_ia32cap_P
---- openssl-1.0.1f/crypto/x86cpuid.pl.~1~ Wed Feb 12 13:38:03 2014
-+++ openssl-1.0.1f/crypto/x86cpuid.pl Wed Feb 12 13:38:31 2014
-@@ -353,6 +353,7 @@
- &ret ();
- &function_end_B("OPENSSL_ia32_rdrand");
-
-+&initseg("solaris_locking_setup");
- &initseg("OPENSSL_cpuid_setup");
-
- &asm_finish();
--- a/components/openssl/openssl-1.0.1/patches/30_wanboot.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,486 +0,0 @@
-#
-# This patch file makes the changes neccessary to build wanboot-openssl.o
-# binary. This is Solaris-specific: not suitable for upstream.
-#
---- openssl-1.0.0g/Makefile.org 2010-01-27 08:06:58.000000000 -0800
-+++ openssl-1.0.0g-1/Makefile.org 2012-03-26 03:04:08.440194448 -0700
-@@ -138,7 +138,13 @@
-
- BASEADDR=
-
-+# For wanboot, we only need crypto and ssl.
-+# 'apps' are not patched to work in stand-alone environment anyway.
-+ifeq ($(PLATFORM), solaris64-sparcv9-cc-sunw-wanboot)
-+DIRS= crypto ssl
-+else
- DIRS= crypto ssl engines apps test tools
-+endif
- ENGDIRS= ccgost
- SHLIBDIRS= crypto ssl
-
---- openssl-1.0.0g/Makefile 2012-01-18 05:42:28.000000000 -0800
-+++ openssl-1.0.0g-1/Makefile 2012-03-26 03:03:59.170540344 -0700
-@@ -137,7 +137,13 @@
-
- BASEADDR=0xFB00000
-
-+# For wanboot, we only need crypto and ssl.
-+# 'apps' are not patched to work in stand-alone environment anyway.
-+ifeq ($(PLATFORM), solaris64-sparcv9-cc-sunw-wanboot)
-+DIRS= crypto ssl
-+else
- DIRS= crypto ssl engines apps test tools
-+endif
- ENGDIRS= ccgost
- SHLIBDIRS= crypto ssl
-
---- openssl-1.0.0e/crypto/cryptlib.c 2011-06-22 08:39:00.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/cryptlib.c 2011-12-12 06:17:45.422476900 -0800
-@@ -421,11 +421,13 @@
- static void solaris_locking_callback(int mode, int type, const char *file,
- int line)
- {
-+#ifndef _BOOT
- if (mode & CRYPTO_LOCK) {
- pthread_mutex_lock(&solaris_openssl_locks[type]);
- } else {
- pthread_mutex_unlock(&solaris_openssl_locks[type]);
- }
-+#endif
- }
-
-
-@@ -435,6 +437,7 @@
- static struct CRYPTO_dynlock_value *
- solaris_dynlock_create(const char *file, int line)
- {
-+#ifndef _BOOT
- int ret;
- pthread_mutex_t *dynlock;
-
-@@ -447,6 +450,9 @@
- OPENSSL_assert(ret);
-
- return ((struct CRYPTO_dynlock_value *)dynlock);
-+#else
-+ return (NULL);
-+#endif
- }
-
- static void
-@@ -453,6 +459,7 @@
- solaris_dynlock_lock(int mode, struct CRYPTO_dynlock_valud *dynlock,
- const char *file, int line)
- {
-+#ifndef _BOOT
- int ret;
-
- if (mode & CRYPTO_LOCK) {
-@@ -462,6 +469,7 @@
- }
-
- OPENSSL_assert(ret == 0);
-+#endif
- }
-
- static void
-@@ -468,9 +476,11 @@
- solaris_dynlock_destroy(struct CRYPTO_dynlock_value *dynlock,
- const char *file, int line)
- {
-+#ifndef _BOOT
- int ret;
- ret = pthread_mutex_destroy((pthread_mutex_t *)dynlock);
- OPENSSL_assert(ret);
-+#endif
- }
-
-
-@@ -514,6 +524,12 @@
- }
-
- /*
-+ * pthread_* can't be used in wanboot.
-+ * wanboot needs not be thread-safe and mutexes and locking callback
-+ * function will not be setup for wanboot.
-+ */
-+#ifndef _BOOT
-+ /*
- * Set atfork handler so that child can setup its own mutexes and
- * locking callbacks when it is forked
- */
-@@ -534,7 +550,7 @@
- pthread_mutex_init(&solaris_openssl_locks[i], NULL);
- }
- locking_callback = solaris_locking_callback;
--
-+#endif
- }
-
- void CRYPTO_set_locking_callback(void (*func) (int mode, int type,
-@@ -1084,6 +1100,12 @@
- MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONSTOP);
- }
- #else
-+/*
-+ * Solaris libsa.a used for WAN boot doesn't provide for vfprintf(). Since
-+ * OPENSSL_showfatal() is not used anywhere else then here we can safely use
-+ * the code from 0.9.7d version.
-+ */
-+#ifndef _BOOT
- void OPENSSL_showfatal(const char *fmta, ...)
- {
- va_list ap;
-@@ -1092,6 +1114,7 @@
- vfprintf(stderr, fmta, ap);
- va_end(ap);
- }
-+#endif /* _BOOT */
-
- int OPENSSL_isservice(void)
- {
-@@ -1101,9 +1124,15 @@
-
- void OpenSSLDie(const char *file, int line, const char *assertion)
- {
-+#ifndef _BOOT
- OPENSSL_showfatal
- ("%s(%d): OpenSSL internal error, assertion failed: %s\n", file, line,
- assertion);
-+#else
-+ fprintf(stderr,
-+ "%s(%d): OpenSSL internal error, assertion failed: %s\n",
-+ file,line,assertion);
-+#endif
- #if !defined(_WIN32) || defined(__CYGWIN__)
- abort();
- #else
---- openssl-1.0.0e/crypto/err/err_all.c 2009-08-09 07:58:05.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/err/err_all.c 2011-12-13 05:22:01.205351400 -0800
-@@ -148,7 +148,9 @@
- ERR_load_X509V3_strings();
- ERR_load_PKCS12_strings();
- ERR_load_RAND_strings();
-+#ifndef _BOOT
- ERR_load_DSO_strings();
-+#endif /* _BOOT */
- ERR_load_TS_strings();
- # ifndef OPENSSL_NO_ENGINE
- ERR_load_ENGINE_strings();
---- openssl-1.0.0e/crypto/evp/evp_key.c 2010-03-27 12:27:50.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/evp/evp_key.c 2011-12-13 05:19:32.956908600 -0800
-@@ -83,7 +83,7 @@
- else
- return (prompt_string);
- }
--
-+#ifndef _BOOT
- /*
- * For historical reasons, the standard function for reading passwords is in
- * the DES library -- if someone ever wants to disable DES, this function
-@@ -115,6 +115,7 @@
- OPENSSL_cleanse(buff, BUFSIZ);
- return ret;
- }
-+#endif /* !_BOOT */
-
- int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
- const unsigned char *salt, const unsigned char *data,
---- openssl-1.0.0e/crypto/rand/rand_unix.c 2009-04-06 07:31:36.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/rand/rand_unix.c 2011-12-19 07:28:39.988944800 -0800
-@@ -122,7 +122,11 @@
- # include <sys/time.h>
- # include <sys/times.h>
- # include <sys/stat.h>
-+#ifdef _BOOT
-+# include <sys/fcntl.h>
-+#else
- # include <fcntl.h>
-+#endif
- # include <unistd.h>
- # include <time.h>
- # if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually
-@@ -259,6 +263,11 @@
- const char **egdsocket = NULL;
- # endif
-
-+#ifdef _BOOT
-+/* open() is provided by standalone libsa not visible from here */
-+extern int open(const char *, int);
-+#endif
-+
- # ifdef DEVRANDOM
- memset(randomstats, 0, sizeof(randomstats));
- /*
-@@ -307,11 +316,15 @@
- do {
- int try_read = 0;
-
--# if defined(OPENSSL_SYS_BEOS_R5)
-+# if defined(OPENSSL_SYS_BEOS_R5) || defined(_BOOT)
- /*
- * select() is broken in BeOS R5, so we simply try to read
- * something and snooze if we couldn't
- */
-+ /*
-+ * select() is not available when linking stand-alone
-+ * library for wanboot
-+ */
- try_read = 1;
-
- # elif defined(OPENSSL_SYS_LINUX)
-@@ -365,6 +378,7 @@
- } else
- r = -1;
-
-+#ifndef _BOOT
- /*
- * Some Unixen will update t in select(), some won't. For
- * those who won't, or if we didn't use select() in the first
-@@ -377,13 +391,17 @@
- while ((r > 0 ||
- (errno == EINTR || errno == EAGAIN)) && usec != 0
- && n < ENTROPY_NEEDED);
-+#else /* _BOOT */
-+ }
-+ while (r > 0 && n < ENTROPY_NEEDED);
-+#endif /* _BOOT */
-
- close(fd);
- }
- }
- # endif /* defined(DEVRANDOM) */
-
--# ifdef DEVRANDOM_EGD
-+# if defined(DEVRANDOM_EGD) && !defined(_BOOT)
- /*
- * Use an EGD socket to read entropy from an EGD or PRNGD entropy
- * collecting daemon.
-@@ -407,6 +424,7 @@
- }
- # endif
-
-+#ifndef _BOOT
- /* put in some default random data, we need more than just this */
- l = curr_pid;
- RAND_add(&l, sizeof(l), 0.0);
-@@ -415,6 +433,7 @@
-
- l = time(NULL);
- RAND_add(&l, sizeof(l), 0.0);
-+#endif /* !_BOOT */
-
- # if defined(OPENSSL_SYS_BEOS)
- {
---- openssl-1.0.0e/crypto/rand/randfile.c 2011-03-19 02:44:37.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/rand/randfile.c 2011-12-13 05:26:51.884824200 -0800
-@@ -57,9 +57,11 @@
- */
-
- /* We need to define this to get macros like S_IFBLK and S_IFCHR */
-+#ifndef _BOOT
- #if !defined(OPENSSL_SYS_VXWORKS)
- # define _XOPEN_SOURCE 500
- #endif
-+#endif /* _BOOT */
-
- #include <errno.h>
- #include <stdio.h>
-@@ -191,6 +193,7 @@
- return (ret);
- }
-
-+#ifndef _BOOT
- int RAND_write_file(const char *file)
- {
- unsigned char buf[BUFSIZE];
-@@ -335,3 +338,5 @@
- #endif
- return (buf);
- }
-+
-+#endif /* _BOOT */
---- openssl-1.0.0e/crypto/x509v3/v3_utl.c 2009-07-27 14:08:53.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/x509v3/v3_utl.c 2011-12-13 05:10:08.844191400 -0800
-@@ -715,9 +715,50 @@
- }
- }
-
-+#if defined(_BOOT)
-+/* This function was copied from bio/b_sock.c */
-+static int get_ip(const char *str, unsigned char ip[4])
-+{
-+ unsigned int tmp[4];
-+ int num = 0, c, ok = 0;
-+
-+ tmp[0]=tmp[1]=tmp[2]=tmp[3]=0;
-+
-+ for (;;) {
-+ c = *(str++);
-+ if ((c >= '0') && (c <= '9')) {
-+ ok = 1;
-+ tmp[num] = tmp[num]*10+c-'0';
-+ if (tmp[num] > 255)
-+ return(0);
-+ } else if (c == '.') {
-+ if (!ok)
-+ return (-1);
-+ if (num == 3)
-+ return (0);
-+ num++;
-+ ok = 0;
-+ } else if (c == '\0' && (num == 3) && ok)
-+ break;
-+ else
-+ return(0);
-+ }
-+ ip[0]=tmp[0];
-+ ip[1]=tmp[1];
-+ ip[2]=tmp[2];
-+ ip[3]=tmp[3];
-+ return(1);
-+}
-+#endif /* _BOOT */
-+
- static int ipv4_from_asc(unsigned char *v4, const char *in)
- {
- int a0, a1, a2, a3;
-+
-+#if defined(_BOOT)
-+ if (get_ip(in, v4) != 1)
-+ return 0;
-+#else /* _BOOT */
- if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
- return 0;
- if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255)
-@@ -727,6 +768,7 @@
- v4[1] = a1;
- v4[2] = a2;
- v4[3] = a3;
-+#endif /* _BOOT */
- return 1;
- }
-
---- openssl-1.0.0e/e_os.h 2011-12-19 04:17:51.631087400 -0800
-+++ openssl-1.0.0e_patched/e_os.h 2011-12-19 04:15:15.776668900 -0800
-@@ -213,10 +213,19 @@
- # define get_last_socket_error() errno
- # define clear_socket_error() errno=0
- # define ioctlsocket(a,b,c) ioctl(a,b,c)
-+#ifdef _BOOT
-+#include <netinet/in.h>
-+extern int socket_read(int, void *, size_t, int);
-+extern int socket_close(int);
-+# define closesocket(s) socket_close(s)
-+# define readsocket(s,b,n) socket_read((s),(b),(n), 200)
-+# define writesocket(s,b,n) send((s),(b),(n), 0)
-+#else /* !_BOOT */
- # define closesocket(s) close(s)
- # define readsocket(s,b,n) read((s),(b),(n))
- # define writesocket(s,b,n) write((s),(b),(n))
- # endif
-+#endif
-
- # ifdef WIN16 /* never the case */
- # define MS_CALLBACK _far _loadds
---- openssl-1.0.0e/crypto/sparcv9cap.c 2010-09-05 12:48:01.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/sparcv9cap.c 2011-12-23 05:24:02.011607700 -0800
-@@ -12,7 +12,11 @@
- #define SPARCV9_VIS2 (1<<3) /* reserved */
- #define SPARCV9_FMADD (1<<4) /* reserved for SPARC64 V */
-
-+#ifndef _BOOT
- static int OPENSSL_sparcv9cap_P = SPARCV9_TICK_PRIVILEGED;
-+#else
-+static int OPENSSL_sparcv9cap_P = SPARCV9_VIS1;
-+#endif
-
- int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
- const BN_ULONG *np, const BN_ULONG *n0, int num)
-@@ -36,6 +40,7 @@
- void _sparcv9_vis2_probe(void);
- void _sparcv9_fmadd_probe(void);
-
-+#ifndef _BOOT
- unsigned long OPENSSL_rdtsc(void)
- {
- if (OPENSSL_sparcv9cap_P & SPARCV9_TICK_PRIVILEGED)
-@@ -47,8 +52,19 @@
- else
- return _sparcv9_rdtick();
- }
-+#endif
-+
-+#if defined(_BOOT)
-+/*
-+ * Hardcoding sparc capabilities for wanboot.
-+ * Older CPUs are EOLed anyway.
-+ */
-+void OPENSSL_cpuid_setup(void)
-+ {
-+ OPENSSL_sparcv9cap_P = SPARCV9_VIS1;
-+ }
-
--#if 0 && defined(__sun) && defined(__SVR4)
-+#elif 0 && defined(__sun) && defined(__SVR4)
- /*
- * This code path is disabled, because of incompatibility of libdevinfo.so.1
- * and libmalloc.so.1 (see below for details)
---- openssl-1.0.0e/crypto/sparccpuid.S 2010-09-05 12:48:01.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/sparccpuid.S 2012-02-13 07:42:58.259478325 -0800
-@@ -397,8 +397,13 @@
- .type OPENSSL_cleanse,#function
- .size OPENSSL_cleanse,.-OPENSSL_cleanse
-
-+#ifndef _BOOT
- .section ".init",#alloc,#execinstr
- call solaris_locking_setup
- nop
- call OPENSSL_cpuid_setup
- nop
-+#else
-+ nop
-+ nop
-+#endif
---- openssl-1.0.1c/crypto/Makefile Thu Aug 2 12:56:38 2012
-+++ openssl-1.0.1c/crypto/Makefile.new Thu Aug 2 12:59:43 2012
-@@ -36,9 +36,9 @@
- LIB= $(TOP)/libcrypto.a
- SHARED_LIB= libcrypto$(SHLIB_EXT)
- LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
-- ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c
-+ ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c wanboot-stubs.c
- LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o \
-- uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o $(CPUID_OBJ)
-+ uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o wanboot-stubs.o $(CPUID_OBJ)
-
- SRC= $(LIBSRC)
-
---- openssl-1.0.1f/ssl/s3_clnt.c Thu Jan 30 02:53:33 2014
-+++ openssl-1.0.1f/ssl/s3_clnt.c.new Thu Jan 30 02:57:51 2014
-@@ -668,7 +668,11 @@
-
- p = s->s3->client_random;
-
-+#ifndef _BOOT
- if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
-+#else
-+ if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0)
-+#endif
- goto err;
-
- /* Do the message type and length last */
---- openssl-1.0.1f/ssl/s3_lib.c Wed Oct 15 11:18:30 2014
-+++ openssl-1.0.1f/ssl/s3_lib.c.new Wed Oct 15 11:20:07 2014
-@@ -3343,7 +3343,11 @@
- * Apparently we're using a version-flexible SSL_METHOD (not at its
- * highest protocol version).
- */
-+#ifndef _BOOT
- if (s->ctx->method->version == SSLv23_method()->version) {
-+#else
-+ if (s->ctx->method->version == TLS1_2_VERSION) {
-+#endif
- #if TLS_MAX_VERSION != TLS1_2_VERSION
- # error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION.
- #endif
--- a/components/openssl/openssl-1.0.1/patches/32_aes_cbc_len_check.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,18 +0,0 @@
-#
-# This was developed in house and reported to the upstream.
-#
---- openssl-1.0.1e/crypto/evp/e_aes.c Tue Jul 2 11:03:12 2013
-+++ openssl-1.0.1e/crypto/evp/e_aes.c.new Tue Jul 2 11:04:56 2013
-@@ -536,8 +536,12 @@
- static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, size_t len)
- {
-+ size_t bl = ctx->cipher->block_size;
- EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data;
-
-+ if (len < bl)
-+ return 1;
-+
- if (dat->stream.cbc)
- (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv, ctx->encrypt);
- else if (ctx->encrypt)
--- a/components/openssl/openssl-1.0.1/patches/33_cert_chain.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,210 +0,0 @@
-This patch comes from OpenSSL upstream code, and the change has been commited to OpenSSL 1.0.2.
- http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fbd2164044f92383955a801ad1b2857d71e83f27
- http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=51e7a4378a78bb0870a2cdc5c524c230c929ebcb
- http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2dabd822366df7b2608b55d5ca5f31d5d484cbaf
-
-Index: openssl/crypto/x509/x509_trs.c
-============================================================================
-$ diff -ru crypto/x509/x509_trs.c crypto/x509/x509_trs.c
---- openssl/crypto/x509/x509_trs.c.orig 4 Dec 2012 17:26:04 -0000 1.133.2.11.2.6.2.3
-+++ openssl/crypto/x509/x509_trs.c 14 Dec 2012 14:30:45 -0000 1.133.2.11.2.6.2.4
-@@ -119,6 +119,14 @@ int X509_check_trust(X509 *x, int id, int flags)
- int idx;
- if (id == -1)
- return 1;
-+ /* We get this as a default value */
-+ if (id == 0) {
-+ int rv;
-+ rv = obj_trust(NID_anyExtendedKeyUsage, x, 0);
-+ if (rv != X509_TRUST_UNTRUSTED)
-+ return rv;
-+ return trust_compat(NULL, x, 0);
-+ }
- idx = X509_TRUST_get_by_id(id);
- if (idx == -1)
- return default_trust(id, x, flags);
-Index: openssl/crypto/x509/x509_vfy.c
-============================================================================
-$ cvs diff -u -r1.105.2.9.2.4.2.3 -r1.105.2.9.2.4.2.4 x509_vfy.c
---- openssl/crypto/x509/x509_vfy.c 14 Dec 2012 12:53:48 -0000 1.105.2.9.2.4.2.3
-+++ openssl/crypto/x509/x509_vfy.c 14 Dec 2012 14:30:46 -0000 1.105.2.9.2.4.2.4
-@@ -149,6 +149,33 @@
- }
- #endif
-
-+/* Given a certificate try and find an exact match in the store */
-+
-+static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x)
-+ {
-+ STACK_OF(X509) *certs;
-+ X509 *xtmp = NULL;
-+ int i;
-+ /* Lookup all certs with matching subject name */
-+ certs = ctx->lookup_certs(ctx, X509_get_subject_name(x));
-+ if (certs == NULL)
-+ return NULL;
-+ /* Look for exact match */
-+ for (i = 0; i < sk_X509_num(certs); i++)
-+ {
-+ xtmp = sk_X509_value(certs, i);
-+ if (!X509_cmp(xtmp, x))
-+ break;
-+ }
-+ if (i < sk_X509_num(certs))
-+ CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);
-+ else
-+ xtmp = NULL;
-+ sk_X509_pop_free(certs, X509_free);
-+ return xtmp;
-+ }
-+
-+
- int X509_verify_cert(X509_STORE_CTX *ctx)
- {
- X509 *x, *xtmp, *chain_ss = NULL;
-@@ -304,8 +331,17 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
-
- /* we now have our chain, lets check it... */
-
-- /* Is last certificate looked up self signed? */
-- if (!ctx->check_issued(ctx, x, x)) {
-+ i = check_trust(ctx);
-+
-+ /* If explicitly rejected error */
-+ if (i == X509_TRUST_REJECTED)
-+ goto end;
-+ /*
-+ * If not explicitly trusted then indicate error unless it's a single
-+ * self signed certificate in which case we've indicated an error already
-+ * and set bad_chain == 1
-+ */
-+ if (i != X509_TRUST_TRUSTED && !bad_chain) {
- if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) {
- if (ctx->last_untrusted >= num)
- ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
-@@ -340,14 +376,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
- ok = check_name_constraints(ctx);
-
- if (!ok)
-- goto end;
--
-- /* The chain extensions are OK: check trust */
--
-- if (param->trust > 0)
-- ok = check_trust(ctx);
--
-- if (!ok)
- goto end;
-
- /* We may as well copy down any DSA parameters that are required */
-@@ -630,28 +658,53 @@ static int check_name_constraints(X509_STORE_CTX *ctx)
-
- static int check_trust(X509_STORE_CTX *ctx)
- {
--#ifdef OPENSSL_NO_CHAIN_VERIFY
-- return 1;
--#else
- int i, ok;
-- X509 *x;
-+ X509 *x = NULL;
- int (*cb) (int xok, X509_STORE_CTX *xctx);
- cb = ctx->verify_cb;
--/* For now just check the last certificate in the chain */
-- i = sk_X509_num(ctx->chain) - 1;
-- x = sk_X509_value(ctx->chain, i);
-- ok = X509_check_trust(x, ctx->param->trust, 0);
-- if (ok == X509_TRUST_TRUSTED)
-- return 1;
-- ctx->error_depth = i;
-- ctx->current_cert = x;
-- if (ok == X509_TRUST_REJECTED)
-- ctx->error = X509_V_ERR_CERT_REJECTED;
-- else
-- ctx->error = X509_V_ERR_CERT_UNTRUSTED;
-- ok = cb(0, ctx);
-- return ok;
--#endif
-+ /* Check all trusted certificates in chain */
-+ for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) {
-+ x = sk_X509_value(ctx->chain, i);
-+ ok = X509_check_trust(x, ctx->param->trust, 0);
-+ /* If explicitly trusted return trusted */
-+ if (ok == X509_TRUST_TRUSTED)
-+ return X509_TRUST_TRUSTED;
-+ /*
-+ * If explicitly rejected notify callback and reject if not
-+ * overridden.
-+ */
-+ if (ok == X509_TRUST_REJECTED) {
-+ ctx->error_depth = i;
-+ ctx->current_cert = x;
-+ ctx->error = X509_V_ERR_CERT_REJECTED;
-+ ok = cb(0, ctx);
-+ if (!ok)
-+ return X509_TRUST_REJECTED;
-+ }
-+ }
-+ /*
-+ * If we accept partial chains and have at least one trusted certificate
-+ * return success.
-+ */
-+ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
-+ X509 *mx;
-+ if (ctx->last_untrusted < sk_X509_num(ctx->chain))
-+ return X509_TRUST_TRUSTED;
-+ x = sk_X509_value(ctx->chain, 0);
-+ mx = lookup_cert_match(ctx, x);
-+ if (mx) {
-+ (void)sk_X509_set(ctx->chain, 0, mx);
-+ X509_free(x);
-+ ctx->last_untrusted = 0;
-+ return X509_TRUST_TRUSTED;
-+ }
-+ }
-+
-+ /*
-+ * If no trusted certs in chain at all return untrusted and allow
-+ * standard (no issuer cert) etc errors to be indicated.
-+ */
-+ return X509_TRUST_UNTRUSTED;
- }
-
- static int check_revocation(X509_STORE_CTX *ctx)
-@@ -1526,6 +1579,8 @@ static int internal_verify(X509_STORE_CTX *ctx)
- if (ctx->check_issued(ctx, xi, xi))
- xs = xi;
- else {
-+ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN && n == 0)
-+ return check_cert_time(ctx, xi);
- if (n <= 0) {
- ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
- ctx->current_cert = xi;
-Index: openssl/crypto/x509/x509_vfy.h
-============================================================================
-$ cvs diff -u -r1.67.2.3.4.1 -r1.67.2.3.4.2 x509_vfy.h
---- openssl/crypto/x509/x509_vfy.h 26 Sep 2012 13:50:42 -0000 1.67.2.3.4.1
-+++ openssl/crypto/x509/x509_vfy.h 14 Dec 2012 14:30:46 -0000 1.67.2.3.4.2
-@@ -406,6 +406,9 @@
- /* Check selfsigned CA signature */
- # define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000
-
-+/* Allow partial chains if at least one certificate is in trusted store */
-+# define X509_V_FLAG_PARTIAL_CHAIN 0x80000
-+
- # define X509_VP_FLAG_DEFAULT 0x1
- # define X509_VP_FLAG_OVERWRITE 0x2
- # define X509_VP_FLAG_RESET_FLAGS 0x4
-Index: openssl/apps/apps.c
-============================================================================
-$ cvs diff -u -r1.133.2.11.2.6.2.3 -r1.133.2.11.2.6.2.4 apps.c
---- openssl/apps/apps.c 4 Dec 2012 17:26:04 -0000 1.133.2.11.2.6.2.3
-+++ openssl/apps/apps.c 14 Dec 2012 14:30:45 -0000 1.133.2.11.2.6.2.4
-@@ -2238,6 +2238,8 @@
- flags |= X509_V_FLAG_NOTIFY_POLICY;
- else if (!strcmp(arg, "-check_ss_sig"))
- flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
-+ else if (!strcmp(arg, "-partial_chain"))
-+ flags |= X509_V_FLAG_PARTIAL_CHAIN;
- else
- return 0;
-
--- a/components/openssl/openssl-1.0.1/patches/36_evp_leak.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,144 +0,0 @@
-Patch developed in-house. Solaris-specific; not suitable for upstream.
-
---- openssl-1.0.1f/crypto/evp/evp_enc.c.orig Mon Feb 11 07:26:04 2013
-+++ openssl-1.0.1f/crypto/evp/evp_enc.c Mon Feb 3 16:40:48 2014
-@@ -379,11 +379,13 @@
-
- if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
- ret = M_do_cipher(ctx, out, NULL, 0);
-- if (ret < 0)
-- return 0;
-- else
-+ if (ret < 0) {
-+ ret = 0;
-+ goto cleanup;
-+ } else
- *outl = ret;
-- return 1;
-+ ret = 1;
-+ goto cleanup;
- }
-
- b = ctx->cipher->block_size;
-@@ -390,7 +392,8 @@
- OPENSSL_assert(b <= sizeof ctx->buf);
- if (b == 1) {
- *outl = 0;
-- return 1;
-+ ret = 1;
-+ goto cleanup;
- }
- bl = ctx->buf_len;
- if (ctx->flags & EVP_CIPH_NO_PADDING) {
-@@ -397,10 +400,12 @@
- if (bl) {
- EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,
- EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
-- return 0;
-+ ret = 0;
-+ goto cleanup;
- }
- *outl = 0;
-- return 1;
-+ ret = 1;
-+ goto cleanup;
- }
-
- n = b - bl;
-@@ -411,6 +416,11 @@
- if (ret)
- *outl = b;
-
-+cleanup:
-+ if (ctx->cipher->cleanup) {
-+ ctx->cipher->cleanup(ctx);
-+ }
-+
- return ret;
- }
-
-@@ -478,6 +488,7 @@
- int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
- {
- int i, n;
-+ int err = 1;
- unsigned int b;
- *outl = 0;
-
-@@ -483,11 +494,13 @@
-
- if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
- i = M_do_cipher(ctx, out, NULL, 0);
-- if (i < 0)
-- return 0;
-- else
-+ if (i < 0) {
-+ err = 0;
-+ goto cleanup;
-+ } else
- *outl = i;
-- return 1;
-+ err = 1;
-+ goto cleanup;
- }
-
- b = ctx->cipher->block_size;
-@@ -495,10 +508,12 @@
- if (ctx->buf_len) {
- EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
- EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
-- return 0;
-+ err = 0;
-+ goto cleanup;
- }
- *outl = 0;
-- return 1;
-+ err = 1;
-+ goto cleanup;
- }
- if (b > 1) {
- if (ctx->buf_len || !ctx->final_used) {
-@@ -503,7 +518,8 @@
- if (b > 1) {
- if (ctx->buf_len || !ctx->final_used) {
- EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
-- return (0);
-+ err = 0;
-+ goto cleanup;
- }
- OPENSSL_assert(b <= sizeof ctx->final);
-
-@@ -514,7 +530,8 @@
- n = ctx->final[b - 1];
- if (n == 0 || n > (int)b) {
- EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
-- return (0);
-+ err = 0;
-+ goto cleanup;
- }
- for (i = 0; i < n; i++) {
- if (ctx->final[--b] != n) {
-@@ -519,7 +536,8 @@
- for (i = 0; i < n; i++) {
- if (ctx->final[--b] != n) {
- EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
-- return (0);
-+ err = 0;
-+ goto cleanup;
- }
- }
- n = ctx->cipher->block_size - n;
-@@ -528,7 +546,12 @@
- *outl = n;
- } else
- *outl = 0;
-- return (1);
-+ err = 1;
-+cleanup:
-+ if (ctx->cipher->cleanup) {
-+ ctx->cipher->cleanup(ctx);
-+ }
-+ return err;
- }
-
- void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
--- a/components/openssl/openssl-1.0.1/patches/37_openssl_t4_inline.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,2267 +0,0 @@
-#
-# This file adds inline T4 instruction support to OpenSSL upstream code.
-# The change was brought in from OpenSSL 1.0.2.
-#
-Index: Configure
-===================================================================
-diff -ru openssl-1.0.1e/Configure openssl-1.0.1e/Configure
---- openssl-1.0.1e/Configure 2011-05-24 17:02:24.000000000 -0700
-+++ openssl-1.0.1e/Configure 2011-07-27 10:48:17.817470000 -0700
-@@ -135,7 +135,7 @@
-
- my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o modexp512-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o:";
- my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void";
--my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::ghash-sparcv9.o::void";
-+my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o:des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::ghash-sparcv9.o::void";
- my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::::void";
- my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o:::::sha1-alpha.o:::::::ghash-alpha.o::void";
- my $mips32_asm=":bn-mips.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o::::::::";
-Index: crypto/sparccpuid.S
-===================================================================
-diff -ru openssl-1.0.1e/crypto/sparccpuid.S openssl-1.0.1e/crypto/sparccpuid.S
---- openssl-1.0.1e/crypto/sparccpuid.S 2011-05-24 17:02:24.000000000 -0700
-+++ openssl-1.0.1e/crypto/sparccpuid.S 2011-07-27 10:48:17.817470000 -0700
-@@ -1,3 +1,7 @@
-+#ifdef OPENSSL_FIPSCANISTER
-+#include <openssl/fipssyms.h>
-+#endif
-+
- #if defined(__SUNPRO_C) && defined(__sparcv9)
- # define ABI64 /* They've said -xarch=v9 at command line */
- #elif defined(__GNUC__) && defined(__arch64__)
-@@ -235,10 +239,10 @@
- .global _sparcv9_vis1_probe
- .align 8
- _sparcv9_vis1_probe:
-+ .word 0x81b00d80 !fxor %f0,%f0,%f0
- add %sp,BIAS+2,%o1
-- .word 0xc19a5a40 !ldda [%o1]ASI_FP16_P,%f0
- retl
-- .word 0x81b00d80 !fxor %f0,%f0,%f0
-+ .word 0xc19a5a40 !ldda [%o1]ASI_FP16_P,%f0
- .type _sparcv9_vis1_probe,#function
- .size _sparcv9_vis1_probe,.-_sparcv9_vis1_probe
-
-@@ -251,7 +255,12 @@
- ! UltraSPARC IIe 7
- ! UltraSPARC III 7
- ! UltraSPARC T1 24
-+! SPARC T4 65(*)
- !
-+! (*) result has lesser to do with VIS instruction latencies, rdtick
-+! appears that slow, but it does the trick in sense that FP and
-+! VIS code paths are still slower than integer-only ones.
-+!
- ! Numbers for T2 and SPARC64 V-VII are more than welcomed.
- !
- ! It would be possible to detect specifically US-T1 by instrumenting
-@@ -260,6 +269,8 @@
- .global _sparcv9_vis1_instrument
- .align 8
- _sparcv9_vis1_instrument:
-+ .word 0x81b00d80 !fxor %f0,%f0,%f0
-+ .word 0x85b08d82 !fxor %f2,%f2,%f2
- .word 0x91410000 !rd %tick,%o0
- .word 0x81b00d80 !fxor %f0,%f0,%f0
- .word 0x85b08d82 !fxor %f2,%f2,%f2
-@@ -314,6 +325,30 @@
- .type _sparcv9_fmadd_probe,#function
- .size _sparcv9_fmadd_probe,.-_sparcv9_fmadd_probe
-
-+.global _sparcv9_rdcfr
-+.align 8
-+_sparcv9_rdcfr:
-+ retl
-+ .word 0x91468000 !rd %asr26,%o0
-+.type _sparcv9_rdcfr,#function
-+.size _sparcv9_rdcfr,.-_sparcv9_rdcfr
-+
-+.global _sparcv9_vis3_probe
-+.align 8
-+_sparcv9_vis3_probe:
-+ retl
-+ .word 0x81b022a0 !xmulx %g0,%g0,%g0
-+.type _sparcv9_vis3_probe,#function
-+.size _sparcv9_vis3_probe,.-_sparcv9_vis3_probe
-+
-+.global _sparcv9_random
-+.align 8
-+_sparcv9_random:
-+ retl
-+ .word 0x91b002a0 !random %o0
-+.type _sparcv9_random,#function
-+.size _sparcv9_random,.-_sparcv9_vis3_probe
-+
- .global OPENSSL_cleanse
- .align 32
- OPENSSL_cleanse:
-@@ -398,6 +433,102 @@
- .size OPENSSL_cleanse,.-OPENSSL_cleanse
-
- #ifndef _BOOT
-+.global _sparcv9_vis1_instrument_bus
-+.align 8
-+_sparcv9_vis1_instrument_bus:
-+ mov %o1,%o3 ! save cnt
-+ .word 0x99410000 !rd %tick,%o4 ! tick
-+ mov %o4,%o5 ! lasttick = tick
-+ set 0,%g4 ! diff
-+
-+ andn %o0,63,%g1
-+ .word 0xc1985e00 !ldda [%g1]0xf0,%f0 ! block load
-+ .word 0x8143e040 !membar #Sync
-+ .word 0xc1b85c00 !stda %f0,[%g1]0xe0 ! block store and commit
-+ .word 0x8143e040 !membar #Sync
-+ ld [%o0],%o4
-+ add %o4,%g4,%g4
-+ .word 0xc9e2100c !cas [%o0],%o4,%g4
-+
-+.Loop: .word 0x99410000 !rd %tick,%o4
-+ sub %o4,%o5,%g4 ! diff=tick-lasttick
-+ mov %o4,%o5 ! lasttick=tick
-+
-+ andn %o0,63,%g1
-+ .word 0xc1985e00 !ldda [%g1]0xf0,%f0 ! block load
-+ .word 0x8143e040 !membar #Sync
-+ .word 0xc1b85c00 !stda %f0,[%g1]0xe0 ! block store and commit
-+ .word 0x8143e040 !membar #Sync
-+ ld [%o0],%o4
-+ add %o4,%g4,%g4
-+ .word 0xc9e2100c !cas [%o0],%o4,%g4
-+ subcc %o1,1,%o1 ! --$cnt
-+ bnz .Loop
-+ add %o0,4,%o0 ! ++$out
-+
-+ retl
-+ mov %o3,%o0
-+.type _sparcv9_vis1_instrument_bus,#function
-+.size _sparcv9_vis1_instrument_bus,.-_sparcv9_vis1_instrument_bus
-+
-+.global _sparcv9_vis1_instrument_bus2
-+.align 8
-+_sparcv9_vis1_instrument_bus2:
-+ mov %o1,%o3 ! save cnt
-+ sll %o1,2,%o1 ! cnt*=4
-+
-+ .word 0x99410000 !rd %tick,%o4 ! tick
-+ mov %o4,%o5 ! lasttick = tick
-+ set 0,%g4 ! diff
-+
-+ andn %o0,63,%g1
-+ .word 0xc1985e00 !ldda [%g1]0xf0,%f0 ! block load
-+ .word 0x8143e040 !membar #Sync
-+ .word 0xc1b85c00 !stda %f0,[%g1]0xe0 ! block store and commit
-+ .word 0x8143e040 !membar #Sync
-+ ld [%o0],%o4
-+ add %o4,%g4,%g4
-+ .word 0xc9e2100c !cas [%o0],%o4,%g4
-+
-+ .word 0x99410000 !rd %tick,%o4 ! tick
-+ sub %o4,%o5,%g4 ! diff=tick-lasttick
-+ mov %o4,%o5 ! lasttick=tick
-+ mov %g4,%g5 ! lastdiff=diff
-+.Loop2:
-+ andn %o0,63,%g1
-+ .word 0xc1985e00 !ldda [%g1]0xf0,%f0 ! block load
-+ .word 0x8143e040 !membar #Sync
-+ .word 0xc1b85c00 !stda %f0,[%g1]0xe0 ! block store and commit
-+ .word 0x8143e040 !membar #Sync
-+ ld [%o0],%o4
-+ add %o4,%g4,%g4
-+ .word 0xc9e2100c !cas [%o0],%o4,%g4
-+
-+ subcc %o2,1,%o2 ! --max
-+ bz .Ldone2
-+ nop
-+
-+ .word 0x99410000 !rd %tick,%o4 ! tick
-+ sub %o4,%o5,%g4 ! diff=tick-lasttick
-+ mov %o4,%o5 ! lasttick=tick
-+ cmp %g4,%g5
-+ mov %g4,%g5 ! lastdiff=diff
-+
-+ .word 0x83408000 !rd %ccr,%g1
-+ and %g1,4,%g1 ! isolate zero flag
-+ xor %g1,4,%g1 ! flip zero flag
-+
-+ subcc %o1,%g1,%o1 ! conditional --$cnt
-+ bnz .Loop2
-+ add %o0,%g1,%o0 ! conditional ++$out
-+
-+.Ldone2:
-+ srl %o1,2,%o1
-+ retl
-+ sub %o3,%o1,%o0
-+.type _sparcv9_vis1_instrument_bus2,#function
-+.size _sparcv9_vis1_instrument_bus2,.-_sparcv9_vis1_instrument_bus2
-+
- .section ".init",#alloc,#execinstr
- call solaris_locking_setup
- nop
-Index: crypto/sparcv9cap.c
-===================================================================
-diff -ru openssl-1.0.1e/crypto/sparcv9cap.c openssl-1.0.1e/crypto/sparcv9cap.c
---- openssl-1.0.1e/crypto/sparcv9cap.c 2011-05-24 17:02:24.000000000 -0700
-+++ openssl-1.0.1e/crypto/sparcv9cap.c 2011-07-27 10:48:17.817470000 -0700
-@@ -4,34 +4,58 @@
- #include <setjmp.h>
- #include <signal.h>
- #include <sys/time.h>
-+#include <unistd.h>
- #include <openssl/bn.h>
-
--#define SPARCV9_TICK_PRIVILEGED (1<<0)
--#define SPARCV9_PREFER_FPU (1<<1)
--#define SPARCV9_VIS1 (1<<2)
--#define SPARCV9_VIS2 (1<<3) /* reserved */
--#define SPARCV9_FMADD (1<<4) /* reserved for SPARC64 V */
-+#include "sparc_arch.h"
-
-+#if defined(__GNUC__) && defined(__linux)
-+__attribute__((visibility("hidden")))
-+#endif
- #ifndef _BOOT
--static int OPENSSL_sparcv9cap_P = SPARCV9_TICK_PRIVILEGED;
-+unsigned int OPENSSL_sparcv9cap_P[2] = {SPARCV9_TICK_PRIVILEGED, 0};
- #else
--static int OPENSSL_sparcv9cap_P = SPARCV9_VIS1;
-+unsigned int OPENSSL_sparcv9cap_P[2] = {SPARCV9_VIS1, 0};
- #endif
-
- int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
- const BN_ULONG *np, const BN_ULONG *n0, int num)
- {
-+ int bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
-+ const BN_ULONG *np,const BN_ULONG *n0, int num);
- int bn_mul_mont_fpu(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
- const BN_ULONG *np, const BN_ULONG *n0, int num);
- int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
- const BN_ULONG *np, const BN_ULONG *n0, int num);
-
-- if (num >= 8 && !(num & 1) &&
-- (OPENSSL_sparcv9cap_P & (SPARCV9_PREFER_FPU | SPARCV9_VIS1)) ==
-- (SPARCV9_PREFER_FPU | SPARCV9_VIS1))
-- return bn_mul_mont_fpu(rp, ap, bp, np, n0, num);
-- else
-- return bn_mul_mont_int(rp, ap, bp, np, n0, num);
-+ if (!(num&1) && num>=6) {
-+ if ((num&15)==0 && num<=64 &&
-+ (OPENSSL_sparcv9cap_P[1]&(CFR_MONTMUL|CFR_MONTSQR))==
-+ (CFR_MONTMUL|CFR_MONTSQR))
-+ {
-+ typedef int (*bn_mul_mont_f)(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0);
-+ int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0);
-+ int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0);
-+ int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0);
-+ int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0);
-+ static const bn_mul_mont_f funcs[4] = {
-+ bn_mul_mont_t4_8, bn_mul_mont_t4_16,
-+ bn_mul_mont_t4_24, bn_mul_mont_t4_32 };
-+ bn_mul_mont_f worker = funcs[num/16-1];
-+
-+ if ((*worker)(rp,ap,bp,np,n0)) return 1;
-+ /* retry once and fall back */
-+ if ((*worker)(rp,ap,bp,np,n0)) return 1;
-+ return bn_mul_mont_vis3(rp,ap,bp,np,n0,num);
-+ }
-+ if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS3))
-+ return bn_mul_mont_vis3(rp,ap,bp,np,n0,num);
-+ else if (num>=8 &&
-+ (OPENSSL_sparcv9cap_P[0]&(SPARCV9_PREFER_FPU|SPARCV9_VIS1)) ==
-+ (SPARCV9_PREFER_FPU|SPARCV9_VIS1))
-+ return bn_mul_mont_fpu(rp,ap,bp,np,n0,num);
-+ }
-+ return bn_mul_mont_int(rp,ap,bp,np,n0,num);
- }
-
- unsigned long _sparcv9_rdtick(void);
-@@ -39,11 +63,18 @@
- unsigned long _sparcv9_vis1_instrument(void);
- void _sparcv9_vis2_probe(void);
- void _sparcv9_fmadd_probe(void);
-+unsigned long _sparcv9_rdcfr(void);
-+void _sparcv9_vis3_probe(void);
-+unsigned long _sparcv9_random(void);
-+#ifndef _BOOT
-+size_t _sparcv9_vis1_instrument_bus(unsigned int *,size_t);
-+size_t _sparcv9_vis1_instrument_bus2(unsigned int *,size_t,size_t);
-+#endif
-
- #ifndef _BOOT
- unsigned long OPENSSL_rdtsc(void)
- {
-- if (OPENSSL_sparcv9cap_P & SPARCV9_TICK_PRIVILEGED)
-+ if (OPENSSL_sparcv9cap_P[0] & SPARCV9_TICK_PRIVILEGED)
- #if defined(__sun) && defined(__SVR4)
- return gethrtime();
- #else
-@@ -52,6 +83,24 @@
- else
- return _sparcv9_rdtick();
- }
-+
-+size_t OPENSSL_instrument_bus(unsigned int *out,size_t cnt)
-+{
-+ if ((OPENSSL_sparcv9cap_P[0]&(SPARCV9_TICK_PRIVILEGED|SPARCV9_BLK)) ==
-+ SPARCV9_BLK)
-+ return _sparcv9_vis1_instrument_bus(out,cnt);
-+ else
-+ return 0;
-+}
-+
-+size_t OPENSSL_instrument_bus2(unsigned int *out,size_t cnt,size_t max)
-+{
-+ if ((OPENSSL_sparcv9cap_P[0]&(SPARCV9_TICK_PRIVILEGED|SPARCV9_BLK)) ==
-+ SPARCV9_BLK)
-+ return _sparcv9_vis1_instrument_bus2(out,cnt,max);
-+ else
-+ return 0;
-+}
- #endif
-
- #if defined(_BOOT)
-@@ -61,7 +110,7 @@
- */
- void OPENSSL_cpuid_setup(void)
- {
-- OPENSSL_sparcv9cap_P = SPARCV9_VIS1;
-+ OPENSSL_sparcv9cap_P[0] = SPARCV9_VIS1;
- }
-
- #elif 0 && defined(__sun) && defined(__SVR4)
-@@ -90,11 +139,11 @@
- if (!strcmp(name, "SUNW,UltraSPARC") ||
- /* covers II,III,IV */
- !strncmp(name, "SUNW,UltraSPARC-I", 17)) {
-- OPENSSL_sparcv9cap_P |= SPARCV9_PREFER_FPU | SPARCV9_VIS1;
-+ OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU | SPARCV9_VIS1;
-
- /* %tick is privileged only on UltraSPARC-I/II, but not IIe */
- if (name[14] != '\0' && name[17] != '\0' && name[18] != '\0')
-- OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED;
-+ OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
-
- return DI_WALK_TERMINATE;
- }
-@@ -100,7 +149,7 @@
- }
- /* This is expected to catch remaining UltraSPARCs, such as T1 */
- else if (!strncmp(name, "SUNW,UltraSPARC", 15)) {
-- OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED;
-+ OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
-
- return DI_WALK_TERMINATE;
- }
-@@ -119,7 +168,7 @@
- trigger = 1;
-
- if ((e = getenv("OPENSSL_sparcv9cap"))) {
-- OPENSSL_sparcv9cap_P = strtoul(e, NULL, 0);
-+ OPENSSL_sparcv9cap_P[0] = strtoul(e, NULL, 0);
- return;
- }
-
-@@ -126,15 +175,15 @@
- if (sysinfo(SI_MACHINE, si, sizeof(si)) > 0) {
- if (strcmp(si, "sun4v"))
- /* FPU is preferred for all CPUs, but US-T1/2 */
-- OPENSSL_sparcv9cap_P |= SPARCV9_PREFER_FPU;
-+ OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU;
- }
-
- if (sysinfo(SI_ISALIST, si, sizeof(si)) > 0) {
- if (strstr(si, "+vis"))
-- OPENSSL_sparcv9cap_P |= SPARCV9_VIS1;
-+ OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1 | SPARCV9_BLK;
- if (strstr(si, "+vis2")) {
-- OPENSSL_sparcv9cap_P |= SPARCV9_VIS2;
-- OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED;
-+ OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2;
-+ OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
- return;
- }
- }
-@@ -204,12 +253,14 @@
- trigger = 1;
-
- if ((e = getenv("OPENSSL_sparcv9cap"))) {
-- OPENSSL_sparcv9cap_P = strtoul(e, NULL, 0);
-+ OPENSSL_sparcv9cap_P[0] = strtoul(e, NULL, 0);
-+ if ((e = strchr(e, ':')))
-+ OPENSSL_sparcv9cap_P[1] = strtoul(e + 1, NULL, 0);
- return;
- }
-
- /* Initial value, fits UltraSPARC-I&II... */
-- OPENSSL_sparcv9cap_P = SPARCV9_PREFER_FPU | SPARCV9_TICK_PRIVILEGED;
-+ OPENSSL_sparcv9cap_P[0] = SPARCV9_PREFER_FPU | SPARCV9_TICK_PRIVILEGED;
-
- sigfillset(&all_masked);
- sigdelset(&all_masked, SIGILL);
-@@ -232,18 +283,18 @@
-
- if (sigsetjmp(common_jmp, 1) == 0) {
- _sparcv9_rdtick();
-- OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED;
-+ OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
- }
-
- if (sigsetjmp(common_jmp, 1) == 0) {
- _sparcv9_vis1_probe();
-- OPENSSL_sparcv9cap_P |= SPARCV9_VIS1;
-+ OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1 | SPARCV9_BLK;
- /* detect UltraSPARC-Tx, see sparccpud.S for details... */
- if (_sparcv9_vis1_instrument() >= 12)
-- OPENSSL_sparcv9cap_P &= ~(SPARCV9_VIS1 | SPARCV9_PREFER_FPU);
-+ OPENSSL_sparcv9cap_P[0] &= ~(SPARCV9_VIS1 | SPARCV9_PREFER_FPU);
- else {
- _sparcv9_vis2_probe();
-- OPENSSL_sparcv9cap_P |= SPARCV9_VIS2;
-+ OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2;
- }
- }
-
-@@ -249,13 +300,50 @@
-
- if (sigsetjmp(common_jmp, 1) == 0) {
- _sparcv9_fmadd_probe();
-- OPENSSL_sparcv9cap_P |= SPARCV9_FMADD;
-+ OPENSSL_sparcv9cap_P[0] |= SPARCV9_FMADD;
- }
-
-+ /*
-+ * VIS3 flag is tested independently from VIS1, unlike VIS2 that is,
-+ * because VIS3 defines even integer instructions.
-+ */
-+ if (sigsetjmp(common_jmp,1) == 0) {
-+ _sparcv9_vis3_probe();
-+ OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3;
-+ }
-+
-+ if (sigsetjmp(common_jmp,1) == 0) {
-+ (void)_sparcv9_random();
-+ OPENSSL_sparcv9cap_P[0] |= SPARCV9_RANDOM;
-+ }
-+
-+ /*
-+ * In wait for better solution _sparcv9_rdcfr is masked by
-+ * VIS3 flag, because it goes to uninterruptable endless
-+ * loop on UltraSPARC II running Solaris. Things might be
-+ * different on Linux...
-+ */
-+ if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS3) &&
-+ sigsetjmp(common_jmp, 1) == 0) {
-+ OPENSSL_sparcv9cap_P[1] = (unsigned int)_sparcv9_rdcfr();
-+ }
-+
- sigaction(SIGBUS, &bus_oact, NULL);
- sigaction(SIGILL, &ill_oact, NULL);
-
- sigprocmask(SIG_SETMASK, &oset, NULL);
-+
-+ if (sizeof(size_t) == 8)
-+ OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK;
-+#ifdef __linux
-+ else
-+ {
-+ int ret = syscall(340);
-+
-+ if (ret >= 0 && ret & 1)
-+ OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK;
-+ }
-+#endif
- }
-
- #endif
-Index: crypto/md5/Makefile
-===================================================================
-diff -ru openssl-1.0.1e/crypto/md5/Makefile openssl-1.0.1e/crypto/md5/Makefile
---- openssl-1.0.1e/crypto/md5/Makefile 2011-05-24 17:02:24.000000000 -0700
-+++ openssl-1.0.1e/crypto/md5/Makefile 2011-07-27 10:48:17.817470000 -0700
-@@ -52,6 +52,9 @@
- $(CC) $(CFLAGS) -E asm/md5-ia64.S | \
- $(PERL) -ne 's/;\s+/;\n/g; print;' > $@
-
-+md5-sparcv9.S: asm/md5-sparcv9.pl
-+ $(PERL) asm/md5-sparcv9.pl $@ $(CFLAGS)
-+
- files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-Index: crypto/md5/md5_locl.h
-===================================================================
-diff -ru openssl-1.0.1e/crypto/md5/md5_locl.h openssl-1.0.1e/crypto/md5/md5_locl.h
---- openssl-1.0.1e/crypto/md5/md5_locl.h 2011-05-24 17:02:24.000000000 -0700
-+++ openssl-1.0.1e/crypto/md5/md5_locl.h 2011-07-27 10:48:17.817470000 -0700
-@@ -71,6 +71,8 @@
- # define md5_block_data_order md5_block_asm_data_order
- # elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
- # define md5_block_data_order md5_block_asm_data_order
-+# elif defined(__sparc) || defined(__sparc__)
-+# define md5_block_data_order md5_block_asm_data_order
- # endif
- #endif
-
-Index: crypto/sha/Makefile
-===================================================================
-diff -ru openssl-1.0.1e/crypto/sha/Makefile openssl-1.0.1e/crypto/sha/Makefile
---- openssl-1.0.1e/crypto/sha/Makefile 2011-05-24 17:02:24.000000000 -0700
-+++ openssl-1.0.1e/crypto/sha/Makefile 2011-07-27 10:48:17.817470000 -0700
-@@ -68,9 +68,9 @@
- sha1-x86_64.s: asm/sha1-x86_64.pl; $(PERL) asm/sha1-x86_64.pl $(PERLASM_SCHEME) > $@
- sha256-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) $@
- sha512-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) $@
--sha1-sparcv9.s: asm/sha1-sparcv9.pl; $(PERL) asm/sha1-sparcv9.pl $@ $(CFLAGS)
--sha256-sparcv9.s:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS)
--sha512-sparcv9.s:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS)
-+sha1-sparcv9.S: asm/sha1-sparcv9.pl; $(PERL) asm/sha1-sparcv9.pl $@ $(CFLAGS)
-+sha256-sparcv9.S:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS)
-+sha512-sparcv9.S:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS)
-
- sha1-ppc.s: asm/sha1-ppc.pl; $(PERL) asm/sha1-ppc.pl $(PERLASM_SCHEME) $@
- sha256-ppc.s: asm/sha512-ppc.pl; $(PERL) asm/sha512-ppc.pl $(PERLASM_SCHEME) $@
-Index: crypto/sha/asm/sha1-sparcv9.pl
-===================================================================
-diff -ru openssl-1.0.1e/crypto/sha/asm/sha1-sparcv9.pl openssl-1.0.1e/crypto/sha/asm/sha1-sparcv9.pl
---- openssl-1.0.1e/crypto/sha/asm/sha1-sparcv9.pl 2011-05-24 17:02:24.000000000 -0700
-+++ openssl-1.0.1e/crypto/sha/asm/sha1-sparcv9.pl 2011-07-27 10:48:17.817470000 -0700
-@@ -5,6 +5,8 @@
- # project. The module is, however, dual licensed under OpenSSL and
- # CRYPTOGAMS licenses depending on where you obtain it. For further
- # details see http://www.openssl.org/~appro/cryptogams/.
-+#
-+# Hardware SPARC T4 support by David S. Miller <[email protected]>.
- # ====================================================================
-
- # Performance improvement is not really impressive on pre-T1 CPU: +8%
-@@ -18,6 +20,11 @@
- # ensure scalability on UltraSPARC T1, or rather to avoid decay when
- # amount of active threads exceeds the number of physical cores.
-
-+# SPARC T4 SHA1 hardware achieves 3.72 cycles per byte, which is 3.1x
-+# faster than software. Multi-process benchmark saturates at 11x
-+# single-process result on 8-core processor, or ~9GBps per 2.85GHz
-+# socket.
-+
- $bits=32;
- for (@ARGV) { $bits=64 if (/\-m64/ || /\-xarch\=v9/); }
- if ($bits==64) { $bias=2047; $frame=192; }
-@@ -183,11 +190,93 @@
- .register %g3,#scratch
- ___
- $code.=<<___;
-+#include "sparc_arch.h"
-+
- .section ".text",#alloc,#execinstr
-
-+#ifdef __PIC__
-+SPARC_PIC_THUNK(%g1)
-+#endif
-+
- .align 32
- .globl sha1_block_data_order
- sha1_block_data_order:
-+ SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5)
-+ ld [%g1+4],%g1 ! OPENSSL_sparcv9cap_P[1]
-+
-+ andcc %g1, CFR_SHA1, %g0
-+ be .Lsoftware
-+ nop
-+
-+ ld [%o0 + 0x00], %f0 ! load context
-+ ld [%o0 + 0x04], %f1
-+ ld [%o0 + 0x08], %f2
-+ andcc %o1, 0x7, %g0
-+ ld [%o0 + 0x0c], %f3
-+ bne,pn %icc, .Lhwunaligned
-+ ld [%o0 + 0x10], %f4
-+
-+.Lhw_loop:
-+ ldd [%o1 + 0x00], %f8
-+ ldd [%o1 + 0x08], %f10
-+ ldd [%o1 + 0x10], %f12
-+ ldd [%o1 + 0x18], %f14
-+ ldd [%o1 + 0x20], %f16
-+ ldd [%o1 + 0x28], %f18
-+ ldd [%o1 + 0x30], %f20
-+ subcc %o2, 1, %o2 ! done yet?
-+ ldd [%o1 + 0x38], %f22
-+ add %o1, 0x40, %o1
-+
-+ .word 0x81b02820 ! SHA1
-+
-+ bne,pt `$bits==64?"%xcc":"%icc"`, .Lhw_loop
-+ nop
-+
-+.Lhwfinish:
-+ st %f0, [%o0 + 0x00] ! store context
-+ st %f1, [%o0 + 0x04]
-+ st %f2, [%o0 + 0x08]
-+ st %f3, [%o0 + 0x0c]
-+ retl
-+ st %f4, [%o0 + 0x10]
-+
-+.align 8
-+.Lhwunaligned:
-+ alignaddr %o1, %g0, %o1
-+
-+ ldd [%o1 + 0x00], %f10
-+.Lhwunaligned_loop:
-+ ldd [%o1 + 0x08], %f12
-+ ldd [%o1 + 0x10], %f14
-+ ldd [%o1 + 0x18], %f16
-+ ldd [%o1 + 0x20], %f18
-+ ldd [%o1 + 0x28], %f20
-+ ldd [%o1 + 0x30], %f22
-+ ldd [%o1 + 0x38], %f24
-+ subcc %o2, 1, %o2 ! done yet?
-+ ldd [%o1 + 0x40], %f26
-+ add %o1, 0x40, %o1
-+
-+ faligndata %f10, %f12, %f8
-+ faligndata %f12, %f14, %f10
-+ faligndata %f14, %f16, %f12
-+ faligndata %f16, %f18, %f14
-+ faligndata %f18, %f20, %f16
-+ faligndata %f20, %f22, %f18
-+ faligndata %f22, %f24, %f20
-+ faligndata %f24, %f26, %f22
-+
-+ .word 0x81b02820 ! SHA1
-+
-+ bne,pt `$bits==64?"%xcc":"%icc"`, .Lhwunaligned_loop
-+ for %f26, %f26, %f10 ! %f10=%f26
-+
-+ ba .Lhwfinish
-+ nop
-+
-+.align 16
-+.Lsoftware:
- save %sp,-$frame,%sp
- sllx $len,6,$len
- add $inp,$len,$len
-@@ -279,6 +368,62 @@
- .align 4
- ___
-
--$code =~ s/\`([^\`]*)\`/eval $1/gem;
--print $code;
-+# Purpose of these subroutines is to explicitly encode VIS instructions,
-+# so that one can compile the module without having to specify VIS
-+# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
-+# Idea is to reserve for option to produce "universal" binary and let
-+# programmer detect if current CPU is VIS capable at run-time.
-+sub unvis {
-+my ($mnemonic,$rs1,$rs2,$rd)=@_;
-+my $ref,$opf;
-+my %visopf = ( "faligndata" => 0x048,
-+ "for" => 0x07c );
-+
-+ $ref = "$mnemonic\t$rs1,$rs2,$rd";
-+
-+ if ($opf=$visopf{$mnemonic}) {
-+ foreach ($rs1,$rs2,$rd) {
-+ return $ref if (!/%f([0-9]{1,2})/);
-+ $_=$1;
-+ if ($1>=32) {
-+ return $ref if ($1&1);
-+ # re-encode for upper double register addressing
-+ $_=($1|$1>>5)&31;
-+ }
-+ }
-+
-+ return sprintf ".word\t0x%08x !%s",
-+ 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
-+ $ref;
-+ } else {
-+ return $ref;
-+ }
-+}
-+sub unalignaddr {
-+my ($mnemonic,$rs1,$rs2,$rd)=@_;
-+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
-+my $ref="$mnemonic\t$rs1,$rs2,$rd";
-+
-+ foreach ($rs1,$rs2,$rd) {
-+ if (/%([goli])([0-7])/) { $_=$bias{$1}+$2; }
-+ else { return $ref; }
-+ }
-+ return sprintf ".word\t0x%08x !%s",
-+ 0x81b00300|$rd<<25|$rs1<<14|$rs2,
-+ $ref;
-+}
-+
-+foreach (split("\n",$code)) {
-+ s/\`([^\`]*)\`/eval $1/ge;
-+
-+ s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
-+ &unvis($1,$2,$3,$4)
-+ /ge;
-+ s/\b(alignaddr)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/
-+ &unalignaddr($1,$2,$3,$4)
-+ /ge;
-+
-+ print $_,"\n";
-+}
-+
- close STDOUT;
-
-Index: crypto/sha/asm/sha512-sparcv9.pl
-===================================================================
-diff -ru openssl-1.0.1e/crypto/sha/asm/sha512-sparcv9.pl openssl-1.0.1e/crypto/sha/asm/sha512-sparcv9.pl
---- openssl-1.0.1e/crypto/sha/asm/sha512-sparcv9.pl 2011-05-24 17:02:24.000000000 -0700
-+++ openssl-1.0.1e/crypto/sha/asm/sha512-sparcv9.pl 2011-07-27 10:48:17.817470000 -0700
-@@ -5,6 +5,8 @@
- # project. The module is, however, dual licensed under OpenSSL and
- # CRYPTOGAMS licenses depending on where you obtain it. For further
- # details see http://www.openssl.org/~appro/cryptogams/.
-+#
-+# Hardware SPARC T4 support by David S. Miller <[email protected]>.
- # ====================================================================
-
- # SHA256 performance improvement over compiler generated code varies
-@@ -41,6 +43,12 @@
- # loads are always slower than one 64-bit load. Once again this
- # is unlike pre-T1 UltraSPARC, where, if scheduled appropriately,
- # 2x32-bit loads can be as fast as 1x64-bit ones.
-+#
-+# SPARC T4 SHA256/512 hardware achieves 3.17/2.01 cycles per byte,
-+# which is 9.3x/11.1x faster than software. Multi-process benchmark
-+# saturates at 11.5x single-process result on 8-core processor, or
-+# ~11/16GBps per 2.85GHz socket.
-+
-
- $bits=32;
- for (@ARGV) { $bits=64 if (/\-m64/ || /\-xarch\=v9/); }
-@@ -386,6 +394,8 @@
- .register %g3,#scratch
- ___
- $code.=<<___;
-+#include "sparc_arch.h"
-+
- .section ".text",#alloc,#execinstr
-
- .align 64
-@@ -457,8 +467,196 @@
- }
- $code.=<<___;
- .size K${label},.-K${label}
-+
-+#ifdef __PIC__
-+SPARC_PIC_THUNK(%g1)
-+#endif
-+
- .globl sha${label}_block_data_order
-+.align 32
- sha${label}_block_data_order:
-+ SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5)
-+ ld [%g1+4],%g1 ! OPENSSL_sparcv9cap_P[1]
-+
-+ andcc %g1, CFR_SHA${label}, %g0
-+ be .Lsoftware
-+ nop
-+___
-+$code.=<<___ if ($SZ==8); # SHA512
-+ ldd [%o0 + 0x00], %f0 ! load context
-+ ldd [%o0 + 0x08], %f2
-+ ldd [%o0 + 0x10], %f4
-+ ldd [%o0 + 0x18], %f6
-+ ldd [%o0 + 0x20], %f8
-+ ldd [%o0 + 0x28], %f10
-+ andcc %o1, 0x7, %g0
-+ ldd [%o0 + 0x30], %f12
-+ bne,pn %icc, .Lhwunaligned
-+ ldd [%o0 + 0x38], %f14
-+
-+.Lhwaligned_loop:
-+ ldd [%o1 + 0x00], %f16
-+ ldd [%o1 + 0x08], %f18
-+ ldd [%o1 + 0x10], %f20
-+ ldd [%o1 + 0x18], %f22
-+ ldd [%o1 + 0x20], %f24
-+ ldd [%o1 + 0x28], %f26
-+ ldd [%o1 + 0x30], %f28
-+ ldd [%o1 + 0x38], %f30
-+ ldd [%o1 + 0x40], %f32
-+ ldd [%o1 + 0x48], %f34
-+ ldd [%o1 + 0x50], %f36
-+ ldd [%o1 + 0x58], %f38
-+ ldd [%o1 + 0x60], %f40
-+ ldd [%o1 + 0x68], %f42
-+ ldd [%o1 + 0x70], %f44
-+ subcc %o2, 1, %o2 ! done yet?
-+ ldd [%o1 + 0x78], %f46
-+ add %o1, 0x80, %o1
-+
-+ .word 0x81b02860 ! SHA512
-+
-+ bne,pt `$bits==64?"%xcc":"%icc"`, .Lhwaligned_loop
-+ nop
-+
-+.Lhwfinish:
-+ std %f0, [%o0 + 0x00] ! store context
-+ std %f2, [%o0 + 0x08]
-+ std %f4, [%o0 + 0x10]
-+ std %f6, [%o0 + 0x18]
-+ std %f8, [%o0 + 0x20]
-+ std %f10, [%o0 + 0x28]
-+ std %f12, [%o0 + 0x30]
-+ retl
-+ std %f14, [%o0 + 0x38]
-+
-+.align 16
-+.Lhwunaligned:
-+ alignaddr %o1, %g0, %o1
-+
-+ ldd [%o1 + 0x00], %f18
-+.Lhwunaligned_loop:
-+ ldd [%o1 + 0x08], %f20
-+ ldd [%o1 + 0x10], %f22
-+ ldd [%o1 + 0x18], %f24
-+ ldd [%o1 + 0x20], %f26
-+ ldd [%o1 + 0x28], %f28
-+ ldd [%o1 + 0x30], %f30
-+ ldd [%o1 + 0x38], %f32
-+ ldd [%o1 + 0x40], %f34
-+ ldd [%o1 + 0x48], %f36
-+ ldd [%o1 + 0x50], %f38
-+ ldd [%o1 + 0x58], %f40
-+ ldd [%o1 + 0x60], %f42
-+ ldd [%o1 + 0x68], %f44
-+ ldd [%o1 + 0x70], %f46
-+ ldd [%o1 + 0x78], %f48
-+ subcc %o2, 1, %o2 ! done yet?
-+ ldd [%o1 + 0x80], %f50
-+ add %o1, 0x80, %o1
-+
-+ faligndata %f18, %f20, %f16
-+ faligndata %f20, %f22, %f18
-+ faligndata %f22, %f24, %f20
-+ faligndata %f24, %f26, %f22
-+ faligndata %f26, %f28, %f24
-+ faligndata %f28, %f30, %f26
-+ faligndata %f30, %f32, %f28
-+ faligndata %f32, %f34, %f30
-+ faligndata %f34, %f36, %f32
-+ faligndata %f36, %f38, %f34
-+ faligndata %f38, %f40, %f36
-+ faligndata %f40, %f42, %f38
-+ faligndata %f42, %f44, %f40
-+ faligndata %f44, %f46, %f42
-+ faligndata %f46, %f48, %f44
-+ faligndata %f48, %f50, %f46
-+
-+ .word 0x81b02860 ! SHA512
-+
-+ bne,pt `$bits==64?"%xcc":"%icc"`, .Lhwunaligned_loop
-+ for %f50, %f50, %f18 ! %f18=%f50
-+
-+ ba .Lhwfinish
-+ nop
-+___
-+$code.=<<___ if ($SZ==4); # SHA256
-+ ld [%o0 + 0x00], %f0
-+ ld [%o0 + 0x04], %f1
-+ ld [%o0 + 0x08], %f2
-+ ld [%o0 + 0x0c], %f3
-+ ld [%o0 + 0x10], %f4
-+ ld [%o0 + 0x14], %f5
-+ andcc %o1, 0x7, %g0
-+ ld [%o0 + 0x18], %f6
-+ bne,pn %icc, .Lhwunaligned
-+ ld [%o0 + 0x1c], %f7
-+
-+.Lhwloop:
-+ ldd [%o1 + 0x00], %f8
-+ ldd [%o1 + 0x08], %f10
-+ ldd [%o1 + 0x10], %f12
-+ ldd [%o1 + 0x18], %f14
-+ ldd [%o1 + 0x20], %f16
-+ ldd [%o1 + 0x28], %f18
-+ ldd [%o1 + 0x30], %f20
-+ subcc %o2, 1, %o2 ! done yet?
-+ ldd [%o1 + 0x38], %f22
-+ add %o1, 0x40, %o1
-+
-+ .word 0x81b02840 ! SHA256
-+
-+ bne,pt `$bits==64?"%xcc":"%icc"`, .Lhwloop
-+ nop
-+
-+.Lhwfinish:
-+ st %f0, [%o0 + 0x00] ! store context
-+ st %f1, [%o0 + 0x04]
-+ st %f2, [%o0 + 0x08]
-+ st %f3, [%o0 + 0x0c]
-+ st %f4, [%o0 + 0x10]
-+ st %f5, [%o0 + 0x14]
-+ st %f6, [%o0 + 0x18]
-+ retl
-+ st %f7, [%o0 + 0x1c]
-+
-+.align 8
-+.Lhwunaligned:
-+ alignaddr %o1, %g0, %o1
-+
-+ ldd [%o1 + 0x00], %f10
-+.Lhwunaligned_loop:
-+ ldd [%o1 + 0x08], %f12
-+ ldd [%o1 + 0x10], %f14
-+ ldd [%o1 + 0x18], %f16
-+ ldd [%o1 + 0x20], %f18
-+ ldd [%o1 + 0x28], %f20
-+ ldd [%o1 + 0x30], %f22
-+ ldd [%o1 + 0x38], %f24
-+ subcc %o2, 1, %o2 ! done yet?
-+ ldd [%o1 + 0x40], %f26
-+ add %o1, 0x40, %o1
-+
-+ faligndata %f10, %f12, %f8
-+ faligndata %f12, %f14, %f10
-+ faligndata %f14, %f16, %f12
-+ faligndata %f16, %f18, %f14
-+ faligndata %f18, %f20, %f16
-+ faligndata %f20, %f22, %f18
-+ faligndata %f22, %f24, %f20
-+ faligndata %f24, %f26, %f22
-+
-+ .word 0x81b02840 ! SHA256
-+
-+ bne,pt `$bits==64?"%xcc":"%icc"`, .Lhwunaligned_loop
-+ for %f26, %f26, %f10 ! %f10=%f26
-+
-+ ba .Lhwfinish
-+ nop
-+___
-+$code.=<<___;
-+.align 16
-+.Lsoftware:
- save %sp,`-$frame-$locals`,%sp
- and $inp,`$align-1`,$tmp31
- sllx $len,`log(16*$SZ)/log(2)`,$len
-@@ -589,6 +787,62 @@
- .align 4
- ___
-
--$code =~ s/\`([^\`]*)\`/eval $1/gem;
--print $code;
-+# Purpose of these subroutines is to explicitly encode VIS instructions,
-+# so that one can compile the module without having to specify VIS
-+# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
-+# Idea is to reserve for option to produce "universal" binary and let
-+# programmer detect if current CPU is VIS capable at run-time.
-+sub unvis {
-+my ($mnemonic,$rs1,$rs2,$rd)=@_;
-+my $ref,$opf;
-+my %visopf = ( "faligndata" => 0x048,
-+ "for" => 0x07c );
-+
-+ $ref = "$mnemonic\t$rs1,$rs2,$rd";
-+
-+ if ($opf=$visopf{$mnemonic}) {
-+ foreach ($rs1,$rs2,$rd) {
-+ return $ref if (!/%f([0-9]{1,2})/);
-+ $_=$1;
-+ if ($1>=32) {
-+ return $ref if ($1&1);
-+ # re-encode for upper double register addressing
-+ $_=($1|$1>>5)&31;
-+ }
-+ }
-+
-+ return sprintf ".word\t0x%08x !%s",
-+ 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
-+ $ref;
-+ } else {
-+ return $ref;
-+ }
-+}
-+sub unalignaddr {
-+my ($mnemonic,$rs1,$rs2,$rd)=@_;
-+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
-+my $ref="$mnemonic\t$rs1,$rs2,$rd";
-+
-+ foreach ($rs1,$rs2,$rd) {
-+ if (/%([goli])([0-7])/) { $_=$bias{$1}+$2; }
-+ else { return $ref; }
-+ }
-+ return sprintf ".word\t0x%08x !%s",
-+ 0x81b00300|$rd<<25|$rs1<<14|$rs2,
-+ $ref;
-+}
-+
-+foreach (split("\n",$code)) {
-+ s/\`([^\`]*)\`/eval $1/ge;
-+
-+ s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
-+ &unvis($1,$2,$3,$4)
-+ /ge;
-+ s/\b(alignaddr)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/
-+ &unalignaddr($1,$2,$3,$4)
-+ /ge;
-+
-+ print $_,"\n";
-+}
-+
- close STDOUT;
-Index: crypto/des/Makefile
-===================================================================
-diff -ru openssl-1.0.1e/crypto/des/Makefile.orig openssl-1.0.1e/crypto/des/Makefile
---- a/crypto/des/Makefile
-+++ b/crypto/des/Makefile
-@@ -61,6 +61,8 @@ des: des.o cbc3_enc.o lib
-
- des_enc-sparc.S: asm/des_enc.m4
- m4 -B 8192 asm/des_enc.m4 > des_enc-sparc.S
-+dest4-sparcv9.s: asm/dest4-sparcv9.pl
-+ $(PERL) asm/dest4-sparcv9.pl $(CFLAGS) > $@
-
- des-586.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
- $(PERL) asm/des-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@
-Index: crypto/evp/e_des.c
-===================================================================
-diff -ru openssl-1.0.1e/crypto/evp/e_des.c.orig openssl-1.0.1e/crypto/evp/e_des.c
---- a/crypto/evp/e_des.c
-+++ b/crypto/evp/e_des.c
-@@ -65,6 +65,30 @@
- # include <openssl/des.h>
- # include <openssl/rand.h>
-
-+typedef struct {
-+ union { double align; DES_key_schedule ks; } ks;
-+ union {
-+ void (*cbc)(const void *,void *,size_t,const void *,void *);
-+ } stream;
-+} EVP_DES_KEY;
-+
-+#if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
-+/* ---------^^^ this is not a typo, just a way to detect that
-+ * assembler support was in general requested...
-+ */
-+#include "sparc_arch.h"
-+
-+extern unsigned int OPENSSL_sparcv9cap_P[];
-+
-+#define SPARC_DES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_DES)
-+
-+void des_t4_key_expand(const void *key, DES_key_schedule *ks);
-+void des_t4_cbc_encrypt(const void *inp,void *out,size_t len,
-+ DES_key_schedule *ks,unsigned char iv[8]);
-+void des_t4_cbc_decrypt(const void *inp,void *out,size_t len,
-+ DES_key_schedule *ks,unsigned char iv[8]);
-+#endif
-+
- static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc);
- static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
-@@ -102,6 +126,12 @@ static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, size_t inl)
- {
-+ EVP_DES_KEY *dat = (EVP_DES_KEY *)ctx->cipher_data;
-+
-+ if (dat->stream.cbc) {
-+ (*dat->stream.cbc)(in,out,inl,&dat->ks.ks,ctx->iv);
-+ return 1;
-+ }
- while (inl >= EVP_MAXCHUNK) {
- DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
- (DES_cblock *)ctx->iv, ctx->encrypt);
-@@ -179,16 +209,16 @@
- return 1;
- }
-
--BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
-+BLOCK_CIPHER_defs(des, EVP_DES_KEY, NID_des, 8, 8, 8, 64,
- EVP_CIPH_RAND_KEY, des_init_key, NULL,
- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
-
-
--BLOCK_CIPHER_def_cfb(des, DES_key_schedule, NID_des, 8, 8, 1,
-+BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1,
- EVP_CIPH_RAND_KEY, des_init_key, NULL,
- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
-
--BLOCK_CIPHER_def_cfb(des, DES_key_schedule, NID_des, 8, 8, 8,
-+BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8,
- EVP_CIPH_RAND_KEY, des_init_key, NULL,
- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
-
-@@ -196,8 +226,23 @@ static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
- {
- DES_cblock *deskey = (DES_cblock *)key;
-+ EVP_DES_KEY *dat = (EVP_DES_KEY *)ctx->cipher_data;
-+
-+ dat->stream.cbc = NULL;
-+#if defined(SPARC_DES_CAPABLE)
-+ if (SPARC_DES_CAPABLE) {
-+ int mode = ctx->cipher->flags & EVP_CIPH_MODE;
-+
-+ if (mode == EVP_CIPH_CBC_MODE) {
-+ des_t4_key_expand(key,&dat->ks.ks);
-+ dat->stream.cbc = enc ? des_t4_cbc_encrypt :
-+ des_t4_cbc_decrypt;
-+ return 1;
-+ }
-+ }
-+#endif
- # ifdef EVP_CHECK_DES_KEY
-- if (DES_set_key_checked(deskey, ctx->cipher_data) != 0)
-+ if (DES_set_key_checked(deskey, dat->ks.ks) != 0)
- return 0;
- # else
- DES_set_key_unchecked(deskey, ctx->cipher_data);
-Index: crypto/evp/e_des3.c
-===================================================================
-diff -ru openssl-1.0.1e/crypto/evp/e_des3.c.orig openssl-1.0.1e/crypto/evp/e_des3.c
---- a/crypto/evp/e_des3.c
-+++ b/crypto/evp/e_des3.c
-@@ -65,6 +65,32 @@
- # include <openssl/des.h>
- # include <openssl/rand.h>
-
-+typedef struct {
-+ union { double align; DES_key_schedule ks[3]; } ks;
-+ union {
-+ void (*cbc)(const void *,void *,size_t,const void *,void *);
-+ } stream;
-+} DES_EDE_KEY;
-+#define ks1 ks.ks[0]
-+#define ks2 ks.ks[1]
-+#define ks3 ks.ks[2]
-+
-+#if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
-+/* ---------^^^ this is not a typo, just a way to detect that
-+ * assembler support was in general requested... */
-+#include "sparc_arch.h"
-+
-+extern unsigned int OPENSSL_sparcv9cap_P[];
-+
-+#define SPARC_DES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_DES)
-+
-+void des_t4_key_expand(const void *key, DES_key_schedule *ks);
-+void des_t4_ede3_cbc_encrypt(const void *inp,void *out,size_t len,
-+ DES_key_schedule *ks,unsigned char iv[8]);
-+void des_t4_ede3_cbc_decrypt(const void *inp,void *out,size_t len,
-+ DES_key_schedule *ks,unsigned char iv[8]);
-+#endif
-+
- # ifndef OPENSSL_FIPS
-
- static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-@@ -75,12 +100,6 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-
- static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
-
--typedef struct {
-- DES_key_schedule ks1; /* key schedule */
-- DES_key_schedule ks2; /* key schedule (for ede) */
-- DES_key_schedule ks3; /* key schedule (for ede3) */
--} DES_EDE_KEY;
--
- # define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data)
-
- /*
-@@ -123,6 +117,7 @@ static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, size_t inl)
- {
-+ DES_EDE_KEY *dat = data(ctx);
- # ifdef KSSL_DEBUG
- {
- int i;
-@@ -134,11 +155,15 @@
- fprintf(stderr, "\n");
- }
- # endif /* KSSL_DEBUG */
-+ if (dat->stream.cbc) {
-+ (*dat->stream.cbc)(in,out,inl,&dat->ks,ctx->iv);
-+ return 1;
-+ }
-+
- while (inl >= EVP_MAXCHUNK) {
- DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
-- &data(ctx)->ks1, &data(ctx)->ks2,
-- &data(ctx)->ks3, (DES_cblock *)ctx->iv,
-- ctx->encrypt);
-+ &dat->ks1, &dat->ks2, &dat->ks3,
-+ (DES_cblock *)ctx->iv, ctx->encrypt);
- inl -= EVP_MAXCHUNK;
- in += EVP_MAXCHUNK;
- out += EVP_MAXCHUNK;
-@@ -145,9 +170,8 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- }
- if (inl)
- DES_ede3_cbc_encrypt(in, out, (long)inl,
-- &data(ctx)->ks1, &data(ctx)->ks2,
-- &data(ctx)->ks3, (DES_cblock *)ctx->iv,
-- ctx->encrypt);
-+ &dat->ks1, &dat->ks2, &dat->ks3,
-+ (DES_cblock *)ctx->iv, ctx->encrypt);
- return 1;
- }
-
-@@ -215,39 +239,58 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- }
-
- BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
-- EVP_CIPH_RAND_KEY, des_ede_init_key, NULL,
-- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des3_ctrl)
-+ EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_DEFAULT_ASN1,
-+ des_ede_init_key, NULL, NULL, NULL,
-+ des3_ctrl)
- # define des_ede3_cfb64_cipher des_ede_cfb64_cipher
- # define des_ede3_ofb_cipher des_ede_ofb_cipher
- # define des_ede3_cbc_cipher des_ede_cbc_cipher
- # define des_ede3_ecb_cipher des_ede_ecb_cipher
- BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
-- EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL,
-- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des3_ctrl)
-+ EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
-+ des_ede3_init_key, NULL, NULL, NULL,
-+ des3_ctrl)
-
- BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
-- EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL,
-- EVP_CIPHER_set_asn1_iv,
-- EVP_CIPHER_get_asn1_iv, des3_ctrl)
-+ EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
-+ des_ede3_init_key, NULL, NULL, NULL,
-+ des3_ctrl)
-
- BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
-- EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL,
-- EVP_CIPHER_set_asn1_iv,
-- EVP_CIPHER_get_asn1_iv, des3_ctrl)
-+ EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
-+ des_ede3_init_key, NULL, NULL, NULL,
-+ des3_ctrl)
-
- static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
- {
- DES_cblock *deskey = (DES_cblock *)key;
-+ DES_EDE_KEY *dat = data(ctx);
-+
-+ dat->stream.cbc = NULL;
-+#if defined(SPARC_DES_CAPABLE)
-+ if (SPARC_DES_CAPABLE) {
-+ int mode = ctx->cipher->flags & EVP_CIPH_MODE;
-+
-+ if (mode == EVP_CIPH_CBC_MODE) {
-+ des_t4_key_expand(&deskey[0],&dat->ks1);
-+ des_t4_key_expand(&deskey[1],&dat->ks2);
-+ memcpy(&dat->ks3,&dat->ks1,sizeof(dat->ks1));
-+ dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt :
-+ des_t4_ede3_cbc_decrypt;
-+ return 1;
-+ }
-+ }
-+#endif
- # ifdef EVP_CHECK_DES_KEY
-- if (DES_set_key_checked(&deskey[0], &data(ctx)->ks1)
-- ! !DES_set_key_checked(&deskey[1], &data(ctx)->ks2))
-+ if (DES_set_key_checked(&deskey[0],&dat->ks1)
-+ !! DES_set_key_checked(&deskey[1],&dat->ks2))
- return 0;
- # else
-- DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1);
-- DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2);
-+ DES_set_key_unchecked(&deskey[0],&dat->ks1);
-+ DES_set_key_unchecked(&deskey[1],&dat->ks2);
- # endif
-- memcpy(&data(ctx)->ks3, &data(ctx)->ks1, sizeof(data(ctx)->ks1));
-+ memcpy(&dat->ks3,&dat->ks1, sizeof(dat->ks1));
- return 1;
- }
-
-@@ -255,6 +298,8 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
- {
- DES_cblock *deskey = (DES_cblock *)key;
-+ DES_EDE_KEY *dat = data(ctx);
-+
- # ifdef KSSL_DEBUG
- {
- int i;
-@@ -272,15 +317,30 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- }
- # endif /* KSSL_DEBUG */
-
-+ dat->stream.cbc = NULL;
-+#if defined(SPARC_DES_CAPABLE)
-+ if (SPARC_DES_CAPABLE) {
-+ int mode = ctx->cipher->flags & EVP_CIPH_MODE;
-+
-+ if (mode == EVP_CIPH_CBC_MODE) {
-+ des_t4_key_expand(&deskey[0],&dat->ks1);
-+ des_t4_key_expand(&deskey[1],&dat->ks2);
-+ des_t4_key_expand(&deskey[2],&dat->ks3);
-+ dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt :
-+ des_t4_ede3_cbc_decrypt;
-+ return 1;
-+ }
-+ }
-+#endif
- # ifdef EVP_CHECK_DES_KEY
-- if (DES_set_key_checked(&deskey[0], &data(ctx)->ks1)
-- || DES_set_key_checked(&deskey[1], &data(ctx)->ks2)
-- || DES_set_key_checked(&deskey[2], &data(ctx)->ks3))
-+ if (DES_set_key_checked(&deskey[0],&dat->ks1)
-+ || DES_set_key_checked(&deskey[1],&dat->ks2)
-+ || DES_set_key_checked(&deskey[2],&dat->ks3))
- return 0;
- # else
-- DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1);
-- DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2);
-- DES_set_key_unchecked(&deskey[2], &data(ctx)->ks3);
-+ DES_set_key_unchecked(&deskey[0],&dat->ks1);
-+ DES_set_key_unchecked(&deskey[1],&dat->ks2);
-+ DES_set_key_unchecked(&deskey[2],&dat->ks3);
- # endif
- return 1;
- }
-Index: openssl/crypto/bn/Makefile
-===================================================================
-diff -ru openssl-1.0.1e/crypto/bn/Makefile openssl-1.0.1e/crypto/bn/Makefile.new
---- openssl-1.0.1e/crypto/bn/Makefile 2011-05-24 17:02:24.000000000 -0700
-+++ openssl-1.0.1e/crypto/bn/Makefile 2011-07-27 10:48:17.817470000 -0700
-@@ -77,6 +77,12 @@
- $(PERL) asm/sparcv9a-mont.pl $(CFLAGS) > $@
- sparcv9-mont.s: asm/sparcv9-mont.pl
- $(PERL) asm/sparcv9-mont.pl $(CFLAGS) > $@
-+vis3-mont.s: asm/vis3-mont.pl
-+ $(PERL) asm/vis3-mont.pl $(CFLAGS) > $@
-+sparct4-mont.S: asm/sparct4-mont.pl
-+ $(PERL) asm/sparct4-mont.pl $(CFLAGS) > $@
-+sparcv9-gf2m.S: asm/sparcv9-gf2m.pl
-+ $(PERL) asm/sparcv9-gf2m.pl $(CFLAGS) > $@
-
- bn-mips3.o: asm/mips3.s
- @if [ "$(CC)" = "gcc" ]; then \
-Index: openssl/crypto/bn/bn_exp.c
-===================================================================
-diff -ru openssl-1.0.1e/crypto/bn/bn_exp.c openssl-1.0.1e/crypto/bn/bn_exp.c.new
---- bn_exp.c 2011/10/29 19:25:13 1.38
-+++ bn_exp.c 2012/11/17 10:34:11 1.39
-@@ -122,8 +122,15 @@
- # ifndef alloca
- # define alloca(s) __builtin_alloca((s))
- # endif
-+#else
-+#include <alloca.h>
- #endif
-
-+#if defined(OPENSSL_BN_ASM_MONT) && defined(__sparc)
-+# include "sparc_arch.h"
-+extern unsigned int OPENSSL_sparcv9cap_P[];
-+#endif
-+
- /* maximum precomputation table size for *variable* sliding windows */
- #define TABLE_SIZE 32
-
-@@ -464,8 +471,16 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
- wstart = bits - 1; /* The top bit of the window */
- wend = 0; /* The bottom bit of the window */
-
-+#if 1 /* by Shay Gueron's suggestion */
-+ j = mont->N.top; /* borrow j */
-+ if (bn_wexpand(r,j) == NULL) goto err;
-+ r->d[0] = (0-m->d[0])&BN_MASK2; /* 2^(top*BN_BITS2) - m */
-+ for(i=1;i<j;i++) r->d[i] = (~m->d[i])&BN_MASK2;
-+ r->top = j;
-+#else
- if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
- goto err;
-+#endif
- for (;;) {
- if (BN_is_bit_set(p, wstart) == 0) {
- if (!start) {
-@@ -515,6 +530,17 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
- if (wstart < 0)
- break;
- }
-+#if defined(OPENSSL_BN_ASM_MONT) && (defined(__sparc__) || defined(__sparc))
-+ if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3|SPARCV9_PREFER_FPU)) {
-+ j = mont->N.top; /* borrow j */
-+ val[0]->d[0] = 1; /* borrow val[0] */
-+ for (i=1;i<j;i++)
-+ val[0]->d[i] = 0;
-+ val[0]->top = j;
-+ if (!BN_mod_mul_montgomery(rr, r, val[0], mont, ctx))
-+ goto err;
-+ } else
-+#endif
- if (!BN_from_montgomery(rr, r, mont, ctx))
- goto err;
- ret = 1;
-@@ -526,6 +552,26 @@ err:
- return (ret);
- }
-
-+#if defined(OPENSSL_BN_ASM_MONT) && (defined(__sparc__) || defined(__sparc))
-+static BN_ULONG bn_get_bits(const BIGNUM *a, int bitpos) {
-+ BN_ULONG ret = 0;
-+ int wordpos;
-+
-+ wordpos = bitpos / BN_BITS2;
-+ bitpos %= BN_BITS2;
-+ if (wordpos>=0 && wordpos < a->top) {
-+ ret = a->d[wordpos]&BN_MASK2;
-+ if (bitpos) {
-+ ret >>= bitpos;
-+ if (++wordpos < a->top)
-+ ret |= a->d[wordpos]<<(BN_BITS2-bitpos);
-+ }
-+ }
-+
-+ return ret & BN_MASK2;
-+}
-+#endif
-+
- /*
- * BN_mod_exp_mont_consttime() stores the precomputed powers in a specific
- * layout so that accessing any of these table values shows the same access
-@@ -594,6 +640,9 @@
- int powerbufLen = 0;
- unsigned char *powerbuf = NULL;
- BIGNUM tmp, am;
-+#if defined(OPENSSL_BN_ASM_MONT) && defined(__sparc)
-+ unsigned int t4=0;
-+#endif
-
- bn_check_top(a);
- bn_check_top(p);
-@@ -628,10 +677,18 @@
-
- /* Get the window size to use with size of p. */
- window = BN_window_bits_for_ctime_exponent_size(bits);
-+#if defined(OPENSSL_BN_ASM_MONT) && defined(__sparc)
-+ if (window>=5 && (top&15)==0 && top<=64 &&
-+ (OPENSSL_sparcv9cap_P[1]&(CFR_MONTMUL|CFR_MONTSQR))==
-+ (CFR_MONTMUL|CFR_MONTSQR) && (t4=OPENSSL_sparcv9cap_P[0]))
-+ window=5;
-+ else
-+#endif
- #if defined(OPENSSL_BN_ASM_MONT5)
- if (window == 6 && bits <= 1024)
- window = 5; /* ~5% improvement of 2048-bit RSA sign */
- #endif
-+ (void) 0;
-
- /*
- * Allocate a buffer large enough to hold all of the pre-computed powers
-@@ -670,14 +727,14 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
- tmp.flags = am.flags = BN_FLG_STATIC_DATA;
-
- /* prepare a^0 in Montgomery domain */
--#if 1
-- if (!BN_to_montgomery(&tmp, BN_value_one(), mont, ctx))
-- goto err;
--#else
-+#if 1 /* by Shay Gueron's suggestion */
- tmp.d[0] = (0 - m->d[0]) & BN_MASK2; /* 2^(top*BN_BITS2) - m */
- for (i = 1; i < top; i++)
- tmp.d[i] = (~m->d[i]) & BN_MASK2;
- tmp.top = top;
-+#else
-+ if (!BN_to_montgomery(&tmp,BN_value_one(),mont,ctx))
-+ goto err;
- #endif
-
- /* prepare a^1 in Montgomery domain */
-@@ -689,6 +746,122 @@
- } else if (!BN_to_montgomery(&am, a, mont, ctx))
- goto err;
-
-+#if defined(OPENSSL_BN_ASM_MONT) && defined(__sparc)
-+ if (t4) {
-+ typedef int (*bn_pwr5_mont_f)(BN_ULONG *tp,const BN_ULONG *np,
-+ const BN_ULONG *n0,const void *table,int power,int bits);
-+ int bn_pwr5_mont_t4_8(BN_ULONG *tp,const BN_ULONG *np,
-+ const BN_ULONG *n0,const void *table,int power,int bits);
-+ int bn_pwr5_mont_t4_16(BN_ULONG *tp,const BN_ULONG *np,
-+ const BN_ULONG *n0,const void *table,int power,int bits);
-+ int bn_pwr5_mont_t4_24(BN_ULONG *tp,const BN_ULONG *np,
-+ const BN_ULONG *n0,const void *table,int power,int bits);
-+ int bn_pwr5_mont_t4_32(BN_ULONG *tp,const BN_ULONG *np,
-+ const BN_ULONG *n0,const void *table,int power,int bits);
-+ static const bn_pwr5_mont_f pwr5_funcs[4] = {
-+ bn_pwr5_mont_t4_8, bn_pwr5_mont_t4_16,
-+ bn_pwr5_mont_t4_24, bn_pwr5_mont_t4_32 };
-+ bn_pwr5_mont_f pwr5_worker = pwr5_funcs[top/16-1];
-+
-+ typedef int (*bn_mul_mont_f)(BN_ULONG *rp,const BN_ULONG *ap,
-+ const void *bp,const BN_ULONG *np,const BN_ULONG *n0);
-+ int bn_mul_mont_t4_8(BN_ULONG *rp,const BN_ULONG *ap,
-+ const void *bp,const BN_ULONG *np,const BN_ULONG *n0);
-+ int bn_mul_mont_t4_16(BN_ULONG *rp,const BN_ULONG *ap,
-+ const void *bp,const BN_ULONG *np,const BN_ULONG *n0);
-+ int bn_mul_mont_t4_24(BN_ULONG *rp,const BN_ULONG *ap,
-+ const void *bp,const BN_ULONG *np,const BN_ULONG *n0);
-+ int bn_mul_mont_t4_32(BN_ULONG *rp,const BN_ULONG *ap,
-+ const void *bp,const BN_ULONG *np,const BN_ULONG *n0);
-+ static const bn_mul_mont_f mul_funcs[4] = {
-+ bn_mul_mont_t4_8, bn_mul_mont_t4_16,
-+ bn_mul_mont_t4_24, bn_mul_mont_t4_32 };
-+ bn_mul_mont_f mul_worker = mul_funcs[top/16-1];
-+
-+ void bn_mul_mont_vis3(BN_ULONG *rp,const BN_ULONG *ap,
-+ const void *bp,const BN_ULONG *np,
-+ const BN_ULONG *n0,int num);
-+ void bn_mul_mont_t4(BN_ULONG *rp,const BN_ULONG *ap,
-+ const void *bp,const BN_ULONG *np,
-+ const BN_ULONG *n0,int num);
-+ void bn_mul_mont_gather5_t4(BN_ULONG *rp,const BN_ULONG *ap,
-+ const void *table,const BN_ULONG *np,
-+ const BN_ULONG *n0,int num,int power);
-+ void bn_flip_n_scatter5_t4(const BN_ULONG *inp,size_t num,
-+ void *table,size_t power);
-+ void bn_gather5_t4(BN_ULONG *out,size_t num,
-+ void *table,size_t power);
-+ void bn_flip_t4(BN_ULONG *dst,BN_ULONG *src,size_t num);
-+
-+ BN_ULONG *np=mont->N.d, *n0=mont->n0;
-+ int stride = 5*(6-(top/16-1)); /* multiple of 5, but less than 32 */
-+
-+ /*
-+ * BN_to_montgomery can contaminate words above .top
-+ * [in BN_DEBUG[_DEBUG] build]...
-+ */
-+ for (i=am.top; i<top; i++) am.d[i]=0;
-+ for (i=tmp.top; i<top; i++) tmp.d[i]=0;
-+
-+ bn_flip_n_scatter5_t4(tmp.d,top,powerbuf,0);
-+ bn_flip_n_scatter5_t4(am.d,top,powerbuf,1);
-+ if (!(*mul_worker)(tmp.d,am.d,am.d,np,n0) &&
-+ !(*mul_worker)(tmp.d,am.d,am.d,np,n0))
-+ bn_mul_mont_vis3(tmp.d,am.d,am.d,np,n0,top);
-+ bn_flip_n_scatter5_t4(tmp.d,top,powerbuf,2);
-+
-+ for (i=3; i<32; i++) {
-+ /* Calculate a^i = a^(i-1) * a */
-+ if (!(*mul_worker)(tmp.d,tmp.d,am.d,np,n0) &&
-+ !(*mul_worker)(tmp.d,tmp.d,am.d,np,n0))
-+ bn_mul_mont_vis3(tmp.d,tmp.d,am.d,np,n0,top);
-+ bn_flip_n_scatter5_t4(tmp.d,top,powerbuf,i);
-+ }
-+
-+ /* switch to 64-bit domain */
-+ np = alloca(top*sizeof(BN_ULONG));
-+ top /= 2;
-+ bn_flip_t4(np,mont->N.d,top);
-+
-+ bits--;
-+ for (wvalue=0, i=bits%5; i>=0; i--,bits--)
-+ wvalue = (wvalue<<1)+BN_is_bit_set(p,bits);
-+ bn_gather5_t4(tmp.d,top,powerbuf,wvalue);
-+
-+ /* Scan the exponent one window at a time starting from the most
-+ * significant bits.
-+ */
-+ while (bits >= 0) {
-+ if (bits < stride)
-+ stride = bits+1;
-+ bits -= stride;
-+ wvalue = (bn_get_bits(p,bits+1));
-+
-+ if ((*pwr5_worker)(tmp.d,np,n0,powerbuf,wvalue,stride))
-+ continue;
-+ /* retry once and fall back */
-+ if ((*pwr5_worker)(tmp.d,np,n0,powerbuf,wvalue,stride))
-+ continue;
-+
-+ bits += stride-5;
-+ wvalue >>= stride-5;
-+ wvalue &= 31;
-+ bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top);
-+ bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top);
-+ bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top);
-+ bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top);
-+ bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top);
-+ bn_mul_mont_gather5_t4(tmp.d,tmp.d,powerbuf,np,n0,top,wvalue);
-+ }
-+
-+ bn_flip_t4(tmp.d,tmp.d,top);
-+ top *= 2;
-+ /* back to 32-bit domain */
-+ tmp.top=top;
-+ bn_correct_top(&tmp);
-+ OPENSSL_cleanse(np,top*sizeof(BN_ULONG));
-+ } else
-+#endif
- #if defined(OPENSSL_BN_ASM_MONT5)
- if (window == 5 && top > 1) {
- /*
-@@ -844,6 +1017,15 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
- }
-
- /* Convert the final result from montgomery to standard format */
-+#if defined(OPENSSL_BN_ASM_MONT) && (defined(__sparc__) || defined(__sparc))
-+ if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3|SPARCV9_PREFER_FPU)) {
-+ am.d[0] = 1; /* borrow am */
-+ for (i = 1; i < top; i++)
-+ am.d[i] = 0;
-+ if (!BN_mod_mul_montgomery(rr,&tmp,&am,mont,ctx))
-+ goto err;
-+ } else
-+#endif
- if (!BN_from_montgomery(rr, &tmp, mont, ctx))
- goto err;
- ret = 1;
-Index: openssl/apps/speed.c
-===================================================================
-diff -ru openssl-1.0.1e/apps/spped.c openssl-1.0.1e/apps/speed.c
---- openssl-1.0.1e/apps/speed.c 2011-05-24 17:02:24.000000000 -0700
-+++ openssl-1.0.1e/apps/spped.c 2011-07-27 10:48:17.817470000 -0700
-@@ -1586,8 +1586,7 @@
- print_message(names[D_MD5], c[D_MD5][j], lengths[j]);
- Time_F(START);
- for (count = 0, run = 1; COND(c[D_MD5][j]); count++)
-- EVP_Digest(&(buf[0]), (unsigned long)lengths[j], &(md5[0]),
-- NULL, EVP_get_digestbyname("md5"), NULL);
-+ MD5(buf, lengths[j], md5);
- d = Time_F(STOP);
- print_result(D_MD5, j, count, d);
- }
-@@ -1622,8 +1621,7 @@
- print_message(names[D_SHA1], c[D_SHA1][j], lengths[j]);
- Time_F(START);
- for (count = 0, run = 1; COND(c[D_SHA1][j]); count++)
-- EVP_Digest(buf, (unsigned long)lengths[j], &(sha[0]), NULL,
-- EVP_sha1(), NULL);
-+ SHA1(buf, lengths[j], sha);
- d = Time_F(STOP);
- print_result(D_SHA1, j, count, d);
- }
-Index: openssl/crypto/aes/Makefile
-===================================================================
---- Makefile Thu May 2 13:42:37 2013
-+++ Makefile.orig Thu May 2 13:41:51 2013
-@@ -69,6 +69,9 @@
- aes-sparcv9.s: asm/aes-sparcv9.pl
- $(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@
-
-+aest4-sparcv9.s: asm/aest4-sparcv9.pl
-+ $(PERL) asm/aest4-sparcv9.pl $(CFLAGS) > $@
-+
- aes-ppc.s: asm/aes-ppc.pl
- $(PERL) asm/aes-ppc.pl $(PERLASM_SCHEME) $@
-
-Index: openssl/crypto/evp/e_aes.c
-===================================================================
---- e_aes.c Mon Feb 11 07:26:04 2013
-+++ e_aes.c.56 Thu May 2 14:26:35 2013
-@@ -56,12 +58,11 @@
- # include <assert.h>
- # include <openssl/aes.h>
- # include "evp_locl.h"
--# ifndef OPENSSL_FIPS
- # include "modes_lcl.h"
- # include <openssl/rand.h>
-
- typedef struct {
-- AES_KEY ks;
-+ union { double align; AES_KEY ks; } ks;
- block128_f block;
- union {
- cbc128_f cbc;
-@@ -70,7 +69,7 @@
- } EVP_AES_KEY;
-
- typedef struct {
-- AES_KEY ks; /* AES key schedule to use */
-+ union { double align; AES_KEY ks; } ks; /* AES key schedule to use */
- int key_set; /* Set if key initialised */
- int iv_set; /* Set if an iv is set */
- GCM128_CONTEXT gcm;
-@@ -83,7 +82,7 @@
- } EVP_AES_GCM_CTX;
-
- typedef struct {
-- AES_KEY ks1, ks2; /* AES key schedules to use */
-+ union { double align; AES_KEY ks; } ks1, ks2; /* AES key schedules to use */
- XTS128_CONTEXT xts;
- void (*stream) (const unsigned char *in,
- unsigned char *out, size_t length,
-@@ -92,7 +91,7 @@
- } EVP_AES_XTS_CTX;
-
- typedef struct {
-- AES_KEY ks; /* AES key schedule to use */
-+ union { double align; AES_KEY ks; } ks; /* AES key schedule to use */
- int key_set; /* Set if key initialised */
- int iv_set; /* Set if an iv is set */
- int tag_set; /* Set if tag is valid */
-@@ -155,7 +154,7 @@
- defined(_M_AMD64) || defined(_M_X64) || \
- defined(__INTEL__) )
-
--extern unsigned int OPENSSL_ia32cap_P[2];
-+extern unsigned int OPENSSL_ia32cap_P[];
-
- # ifdef VPAES_ASM
- # define VPAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
-@@ -297,7 +296,7 @@
- if (!iv && !key)
- return 1;
- if (key) {
-- aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
-+ aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
- CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) aesni_encrypt);
- gctx->ctr = (ctr128_f) aesni_ctr32_encrypt_blocks;
- /*
-@@ -336,17 +335,17 @@
- if (key) {
- /* key_len is two AES keys */
- if (enc) {
-- aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
-+ aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
- xctx->xts.block1 = (block128_f) aesni_encrypt;
- xctx->stream = aesni_xts_encrypt;
- } else {
-- aesni_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
-+ aesni_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
- xctx->xts.block1 = (block128_f) aesni_decrypt;
- xctx->stream = aesni_xts_decrypt;
- }
-
- aesni_set_encrypt_key(key + ctx->key_len / 2,
-- ctx->key_len * 4, &xctx->ks2);
-+ ctx->key_len * 4, &xctx->ks2.ks);
- xctx->xts.block2 = (block128_f) aesni_encrypt;
-
- xctx->xts.key1 = &xctx->ks1;
-@@ -371,7 +370,7 @@
- if (!iv && !key)
- return 1;
- if (key) {
-- aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
-+ aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks);
- CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
- &cctx->ks, (block128_f) aesni_encrypt);
- cctx->str = enc ? (ccm128_f) aesni_ccm64_encrypt_blocks :
-@@ -432,6 +431,364 @@
- const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
- { return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; }
-
-+#elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
-+
-+#include "sparc_arch.h"
-+
-+extern unsigned int OPENSSL_sparcv9cap_P[];
-+
-+#define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES)
-+
-+void aes_t4_set_encrypt_key (const unsigned char *key, int bits,
-+ AES_KEY *ks);
-+void aes_t4_set_decrypt_key (const unsigned char *key, int bits,
-+ AES_KEY *ks);
-+void aes_t4_encrypt (const unsigned char *in, unsigned char *out,
-+ const AES_KEY *key);
-+void aes_t4_decrypt (const unsigned char *in, unsigned char *out,
-+ const AES_KEY *key);
-+/*
-+ * Key-length specific subroutines were chosen for following reason.
-+ * Each SPARC T4 core can execute up to 8 threads which share core's
-+ * resources. Loading as much key material to registers allows to
-+ * minimize references to shared memory interface, as well as amount
-+ * of instructions in inner loops [much needed on T4]. But then having
-+ * non-key-length specific routines would require conditional branches
-+ * either in inner loops or on subroutines' entries. Former is hardly
-+ * acceptable, while latter means code size increase to size occupied
-+ * by multiple key-length specfic subroutines, so why fight?
-+ */
-+void aes128_t4_cbc_encrypt (const unsigned char *in, unsigned char *out,
-+ size_t len, const AES_KEY *key,
-+ unsigned char *ivec);
-+void aes128_t4_cbc_decrypt (const unsigned char *in, unsigned char *out,
-+ size_t len, const AES_KEY *key,
-+ unsigned char *ivec);
-+void aes192_t4_cbc_encrypt (const unsigned char *in, unsigned char *out,
-+ size_t len, const AES_KEY *key,
-+ unsigned char *ivec);
-+void aes192_t4_cbc_decrypt (const unsigned char *in, unsigned char *out,
-+ size_t len, const AES_KEY *key,
-+ unsigned char *ivec);
-+void aes256_t4_cbc_encrypt (const unsigned char *in, unsigned char *out,
-+ size_t len, const AES_KEY *key,
-+ unsigned char *ivec);
-+void aes256_t4_cbc_decrypt (const unsigned char *in, unsigned char *out,
-+ size_t len, const AES_KEY *key,
-+ unsigned char *ivec);
-+void aes128_t4_ctr32_encrypt (const unsigned char *in, unsigned char *out,
-+ size_t blocks, const AES_KEY *key,
-+ unsigned char *ivec);
-+void aes192_t4_ctr32_encrypt (const unsigned char *in, unsigned char *out,
-+ size_t blocks, const AES_KEY *key,
-+ unsigned char *ivec);
-+void aes256_t4_ctr32_encrypt (const unsigned char *in, unsigned char *out,
-+ size_t blocks, const AES_KEY *key,
-+ unsigned char *ivec);
-+
-+static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-+ const unsigned char *iv, int enc)
-+{
-+ int ret, mode, bits;
-+ EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
-+
-+ mode = ctx->cipher->flags & EVP_CIPH_MODE;
-+ bits = ctx->key_len*8;
-+ if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && !enc) {
-+ ret = 0;
-+ aes_t4_set_decrypt_key(key, bits, ctx->cipher_data);
-+ dat->block = (block128_f)aes_t4_decrypt;
-+ switch (bits) {
-+ case 128:
-+ dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ?
-+ (cbc128_f)aes128_t4_cbc_decrypt :
-+ NULL;
-+ break;
-+ case 192:
-+ dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ?
-+ (cbc128_f)aes192_t4_cbc_decrypt :
-+ NULL;
-+ break;
-+ case 256:
-+ dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ?
-+ (cbc128_f)aes256_t4_cbc_decrypt :
-+ NULL;
-+ break;
-+ default:
-+ ret = -1;
-+ }
-+ } else {
-+ ret = 0;
-+ aes_t4_set_encrypt_key(key, bits, ctx->cipher_data);
-+ dat->block = (block128_f)aes_t4_encrypt;
-+ switch (bits) {
-+ case 128:
-+ if (mode==EVP_CIPH_CBC_MODE)
-+ dat->stream.cbc = (cbc128_f)aes128_t4_cbc_encrypt;
-+ else if (mode==EVP_CIPH_CTR_MODE)
-+ dat->stream.ctr = (ctr128_f)aes128_t4_ctr32_encrypt;
-+ else
-+ dat->stream.cbc = NULL;
-+ break;
-+ case 192:
-+ if (mode==EVP_CIPH_CBC_MODE)
-+ dat->stream.cbc = (cbc128_f)aes192_t4_cbc_encrypt;
-+ else if (mode==EVP_CIPH_CTR_MODE)
-+ dat->stream.ctr = (ctr128_f)aes192_t4_ctr32_encrypt;
-+ else
-+ dat->stream.cbc = NULL;
-+ break;
-+ case 256:
-+ if (mode==EVP_CIPH_CBC_MODE)
-+ dat->stream.cbc = (cbc128_f)aes256_t4_cbc_encrypt;
-+ else if (mode==EVP_CIPH_CTR_MODE)
-+ dat->stream.ctr = (ctr128_f)aes256_t4_ctr32_encrypt;
-+ else
-+ dat->stream.cbc = NULL;
-+ break;
-+ default:
-+ ret = -1;
-+ }
-+ }
-+
-+ if (ret < 0) {
-+ EVPerr(EVP_F_AES_T4_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
-+ return 0;
-+ }
-+
-+ return 1;
-+}
-+
-+#define aes_t4_cbc_cipher aes_cbc_cipher
-+static int aes_t4_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
-+ const unsigned char *in, size_t len);
-+
-+#define aes_t4_ecb_cipher aes_ecb_cipher
-+static int aes_t4_ecb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
-+ const unsigned char *in, size_t len);
-+
-+#define aes_t4_ofb_cipher aes_ofb_cipher
-+static int aes_t4_ofb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
-+ const unsigned char *in,size_t len);
-+
-+#define aes_t4_cfb_cipher aes_cfb_cipher
-+static int aes_t4_cfb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
-+ const unsigned char *in,size_t len);
-+
-+#define aes_t4_cfb8_cipher aes_cfb8_cipher
-+static int aes_t4_cfb8_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
-+ const unsigned char *in,size_t len);
-+
-+#define aes_t4_cfb1_cipher aes_cfb1_cipher
-+static int aes_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
-+ const unsigned char *in,size_t len);
-+
-+#define aes_t4_ctr_cipher aes_ctr_cipher
-+static int aes_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t len);
-+
-+static int aes_t4_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-+ const unsigned char *iv, int enc)
-+{
-+ EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
-+ if (!iv && !key)
-+ return 1;
-+ if (key) {
-+ int bits = ctx->key_len * 8;
-+ aes_t4_set_encrypt_key(key, bits, &gctx->ks.ks);
-+ CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
-+ (block128_f)aes_t4_encrypt);
-+ switch (bits) {
-+ case 128:
-+ gctx->ctr = (ctr128_f)aes128_t4_ctr32_encrypt;
-+ break;
-+ case 192:
-+ gctx->ctr = (ctr128_f)aes192_t4_ctr32_encrypt;
-+ break;
-+ case 256:
-+ gctx->ctr = (ctr128_f)aes256_t4_ctr32_encrypt;
-+ break;
-+ default:
-+ return 0;
-+ }
-+ /* If we have an iv can set it directly, otherwise use
-+ * saved IV.
-+ */
-+ if (iv == NULL && gctx->iv_set)
-+ iv = gctx->iv;
-+ if (iv) {
-+ CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
-+ gctx->iv_set = 1;
-+ }
-+ gctx->key_set = 1;
-+ } else {
-+ /* If key set use IV, otherwise copy */
-+ if (gctx->key_set)
-+ CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
-+ else
-+ memcpy(gctx->iv, iv, gctx->ivlen);
-+ gctx->iv_set = 1;
-+ gctx->iv_gen = 0;
-+ }
-+ return 1;
-+}
-+
-+#define aes_t4_gcm_cipher aes_gcm_cipher
-+static int aes_t4_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t len);
-+
-+static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-+ const unsigned char *iv, int enc)
-+{
-+ EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
-+ if (!iv && !key)
-+ return 1;
-+
-+ if (key) {
-+ int bits = ctx->key_len * 4;
-+ /* key_len is two AES keys */
-+ if (enc) {
-+ aes_t4_set_encrypt_key(key, bits, &xctx->ks1.ks);
-+ xctx->xts.block1 = (block128_f)aes_t4_encrypt;
-+#if 0 /* not yet */
-+ switch (bits) {
-+ case 128:
-+ xctx->stream = aes128_t4_xts_encrypt;
-+ break;
-+ case 192:
-+ xctx->stream = aes192_t4_xts_encrypt;
-+ break;
-+ case 256:
-+ xctx->stream = aes256_t4_xts_encrypt;
-+ break;
-+ default:
-+ return 0;
-+ }
-+#endif
-+ } else {
-+ aes_t4_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
-+ xctx->xts.block1 = (block128_f)aes_t4_decrypt;
-+#if 0 /* not yet */
-+ switch (bits) {
-+ case 128:
-+ xctx->stream = aes128_t4_xts_decrypt;
-+ break;
-+ case 192:
-+ xctx->stream = aes192_t4_xts_decrypt;
-+ break;
-+ case 256:
-+ xctx->stream = aes256_t4_xts_decrypt;
-+ break;
-+ default:
-+ return 0;
-+ }
-+#endif
-+ }
-+
-+ aes_t4_set_encrypt_key(key + ctx->key_len/2,
-+ ctx->key_len * 4, &xctx->ks2.ks);
-+ xctx->xts.block2 = (block128_f)aes_t4_encrypt;
-+
-+ xctx->xts.key1 = &xctx->ks1;
-+ }
-+
-+ if (iv) {
-+ xctx->xts.key2 = &xctx->ks2;
-+ memcpy(ctx->iv, iv, 16);
-+ }
-+
-+ return 1;
-+}
-+
-+#define aes_t4_xts_cipher aes_xts_cipher
-+static int aes_t4_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t len);
-+
-+static int aes_t4_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-+ const unsigned char *iv, int enc)
-+{
-+ EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
-+ if (!iv && !key)
-+ return 1;
-+ if (key) {
-+ int bits = ctx->key_len * 8;
-+ aes_t4_set_encrypt_key(key, bits, &cctx->ks.ks);
-+ CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
-+ &cctx->ks, (block128_f)aes_t4_encrypt);
-+#if 0 /* not yet */
-+ switch (bits) {
-+ case 128:
-+ cctx->str = enc?(ccm128_f)aes128_t4_ccm64_encrypt :
-+ (ccm128_f)ae128_t4_ccm64_decrypt;
-+ break;
-+ case 192:
-+ cctx->str = enc?(ccm128_f)aes192_t4_ccm64_encrypt :
-+ (ccm128_f)ae192_t4_ccm64_decrypt;
-+ break;
-+ case 256:
-+ cctx->str = enc?(ccm128_f)aes256_t4_ccm64_encrypt :
-+ (ccm128_f)ae256_t4_ccm64_decrypt;
-+ break;
-+ default:
-+ return 0;
-+ }
-+#endif
-+ cctx->key_set = 1;
-+ }
-+ if (iv) {
-+ memcpy(ctx->iv, iv, 15 - cctx->L);
-+ cctx->iv_set = 1;
-+ }
-+ return 1;
-+}
-+
-+#define aes_t4_ccm_cipher aes_ccm_cipher
-+static int aes_t4_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t len);
-+
-+#define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
-+static const EVP_CIPHER aes_t4_##keylen##_##mode = { \
-+ nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
-+ flags|EVP_CIPH_##MODE##_MODE, \
-+ aes_t4_init_key, \
-+ aes_t4_##mode##_cipher, \
-+ NULL, \
-+ sizeof(EVP_AES_KEY), \
-+ NULL,NULL,NULL,NULL }; \
-+static const EVP_CIPHER aes_##keylen##_##mode = { \
-+ nid##_##keylen##_##nmode,blocksize, \
-+ keylen/8,ivlen, \
-+ flags|EVP_CIPH_##MODE##_MODE, \
-+ aes_init_key, \
-+ aes_##mode##_cipher, \
-+ NULL, \
-+ sizeof(EVP_AES_KEY), \
-+ NULL,NULL,NULL,NULL }; \
-+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
-+{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; }
-+
-+#define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
-+static const EVP_CIPHER aes_t4_##keylen##_##mode = { \
-+ nid##_##keylen##_##mode,blocksize, \
-+ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
-+ flags|EVP_CIPH_##MODE##_MODE, \
-+ aes_t4_##mode##_init_key, \
-+ aes_t4_##mode##_cipher, \
-+ aes_##mode##_cleanup, \
-+ sizeof(EVP_AES_##MODE##_CTX), \
-+ NULL,NULL,aes_##mode##_ctrl,NULL }; \
-+static const EVP_CIPHER aes_##keylen##_##mode = { \
-+ nid##_##keylen##_##mode,blocksize, \
-+ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
-+ flags|EVP_CIPH_##MODE##_MODE, \
-+ aes_##mode##_init_key, \
-+ aes_##mode##_cipher, \
-+ aes_##mode##_cleanup, \
-+ sizeof(EVP_AES_##MODE##_CTX), \
-+ NULL,NULL,aes_##mode##_ctrl,NULL }; \
-+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
-+{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; }
-+
- # else
-
- # define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
-@@ -480,7 +837,7 @@
- && !enc)
- # ifdef BSAES_CAPABLE
- if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) {
-- ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks);
-+ ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
- dat->block = (block128_f) AES_decrypt;
- dat->stream.cbc = (cbc128_f) bsaes_cbc_encrypt;
- } else
-@@ -487,7 +844,7 @@
- # endif
- # ifdef VPAES_CAPABLE
- if (VPAES_CAPABLE) {
-- ret = vpaes_set_decrypt_key(key, ctx->key_len * 8, &dat->ks);
-+ ret = vpaes_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
- dat->block = (block128_f) vpaes_decrypt;
- dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
- (cbc128_f) vpaes_cbc_encrypt : NULL;
-@@ -494,7 +851,7 @@
- } else
- # endif
- {
-- ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks);
-+ ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
- dat->block = (block128_f) AES_decrypt;
- dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
- (cbc128_f) AES_cbc_encrypt : NULL;
-@@ -508,7 +865,7 @@
- # endif
- # ifdef VPAES_CAPABLE
- if (VPAES_CAPABLE) {
-- ret = vpaes_set_encrypt_key(key, ctx->key_len * 8, &dat->ks);
-+ ret = vpaes_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
- dat->block = (block128_f) vpaes_encrypt;
- dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
- (cbc128_f) vpaes_cbc_encrypt : NULL;
-@@ -515,7 +872,7 @@
- } else
- # endif
- {
-- ret = AES_set_encrypt_key(key, ctx->key_len * 8, &dat->ks);
-+ ret = AES_set_encrypt_key(key, ctx->key_len*8, &dat->ks.ks);
- dat->block = (block128_f) AES_encrypt;
- dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
- (cbc128_f) AES_cbc_encrypt : NULL;
-@@ -810,7 +1167,7 @@
- do {
- # ifdef BSAES_CAPABLE
- if (BSAES_CAPABLE) {
-- AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
-+ AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
- CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
- (block128_f) AES_encrypt);
- gctx->ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks;
-@@ -819,7 +1176,7 @@
- # endif
- # ifdef VPAES_CAPABLE
- if (VPAES_CAPABLE) {
-- vpaes_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
-+ vpaes_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
- CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
- (block128_f) vpaes_encrypt);
- gctx->ctr = NULL;
-@@ -828,7 +1185,7 @@
- # endif
- (void)0; /* terminate potentially open 'else' */
-
-- AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
-+ AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
- CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
- (block128_f) AES_encrypt);
- # ifdef AES_CTR_ASM
-@@ -1049,15 +1406,15 @@
- # ifdef VPAES_CAPABLE
- if (VPAES_CAPABLE) {
- if (enc) {
-- vpaes_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
-+ vpaes_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
- xctx->xts.block1 = (block128_f) vpaes_encrypt;
- } else {
-- vpaes_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
-+ vpaes_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
- xctx->xts.block1 = (block128_f) vpaes_decrypt;
- }
-
- vpaes_set_encrypt_key(key + ctx->key_len / 2,
-- ctx->key_len * 4, &xctx->ks2);
-+ ctx->key_len * 4, &xctx->ks2.ks);
- xctx->xts.block2 = (block128_f) vpaes_encrypt;
-
- xctx->xts.key1 = &xctx->ks1;
-@@ -1067,15 +1424,15 @@
- (void)0; /* terminate potentially open 'else' */
-
- if (enc) {
-- AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
-+ AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
- xctx->xts.block1 = (block128_f) AES_encrypt;
- } else {
-- AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
-+ AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
- xctx->xts.block1 = (block128_f) AES_decrypt;
- }
-
- AES_set_encrypt_key(key + ctx->key_len / 2,
-- ctx->key_len * 4, &xctx->ks2);
-+ ctx->key_len * 4, &xctx->ks2.ks);
- xctx->xts.block2 = (block128_f) AES_encrypt;
-
- xctx->xts.key1 = &xctx->ks1;
-@@ -1196,7 +1553,7 @@
- do {
- # ifdef VPAES_CAPABLE
- if (VPAES_CAPABLE) {
-- vpaes_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
-+ vpaes_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks);
- CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
- &cctx->ks, (block128_f) vpaes_encrypt);
- cctx->str = NULL;
-@@ -1204,7 +1561,7 @@
- break;
- }
- # endif
-- AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
-+ AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks);
- CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
- &cctx->ks, (block128_f) AES_encrypt);
- cctx->str = NULL;
-@@ -1285,5 +1642,4 @@
- EVP_CIPH_FLAG_FIPS | CUSTOM_FLAGS)
- BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
- EVP_CIPH_FLAG_FIPS | CUSTOM_FLAGS)
--# endif
- #endif
-Index: openssl/crypto/evp/evp.h
-===================================================================
---- evp.h Mon Feb 11 07:26:04 2013
-+++ evp.h.new Thu May 2 14:31:55 2013
-@@ -1325,6 +1325,7 @@
- # define EVP_F_AESNI_INIT_KEY 165
- # define EVP_F_AESNI_XTS_CIPHER 176
- # define EVP_F_AES_INIT_KEY 133
-+# define EVP_F_AES_T4_INIT_KEY 178
- # define EVP_F_AES_XTS 172
- # define EVP_F_AES_XTS_CIPHER 175
- # define EVP_F_ALG_MODULE_INIT 177
-Index: openssl/crypto/evp/evp_err.c
-===================================================================
---- evp_err.c Mon Feb 11 07:26:04 2013
-+++ evp_err.c.new Thu May 2 14:33:24 2013
-@@ -73,6 +73,7 @@
- {ERR_FUNC(EVP_F_AESNI_INIT_KEY), "AESNI_INIT_KEY"},
- {ERR_FUNC(EVP_F_AESNI_XTS_CIPHER), "AESNI_XTS_CIPHER"},
- {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
-+ {ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "AES_T4_INIT_KEY"},
- {ERR_FUNC(EVP_F_AES_XTS), "AES_XTS"},
- {ERR_FUNC(EVP_F_AES_XTS_CIPHER), "AES_XTS_CIPHER"},
- {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"},
--- a/components/openssl/openssl-1.0.1/patches/38_remove_illegal_instruction_calls.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,219 +0,0 @@
-#
-# This patch was developed in house.
-# This is Solaris-specific: not suitable for upstream.
-#
---- openssl-1.0.1g/crypto/sparcv9cap.c.~1~ Thu May 1 13:07:00 2014
-+++ openssl-1.0.1g/crypto/sparcv9cap.c Thu May 1 13:11:33 2014
-@@ -2,10 +2,10 @@
- #include <stdlib.h>
- #include <string.h>
- #include <setjmp.h>
--#include <signal.h>
- #include <sys/time.h>
- #include <unistd.h>
- #include <openssl/bn.h>
-+#include <sys/auxv.h>
-
- #include "sparc_arch.h"
-
-@@ -59,13 +59,8 @@
- }
-
- unsigned long _sparcv9_rdtick(void);
--void _sparcv9_vis1_probe(void);
- unsigned long _sparcv9_vis1_instrument(void);
--void _sparcv9_vis2_probe(void);
--void _sparcv9_fmadd_probe(void);
- unsigned long _sparcv9_rdcfr(void);
--void _sparcv9_vis3_probe(void);
--unsigned long _sparcv9_random(void);
- #ifndef _BOOT
- size_t _sparcv9_vis1_instrument_bus(unsigned int *,size_t);
- size_t _sparcv9_vis1_instrument_bus2(unsigned int *,size_t,size_t);
-@@ -235,18 +235,11 @@
-
- #else
-
--static sigjmp_buf common_jmp;
--static void common_handler(int sig)
--{
-- siglongjmp(common_jmp, sig);
--}
--
- void OPENSSL_cpuid_setup(void)
- {
- char *e;
-- struct sigaction common_act, ill_oact, bus_oact;
-- sigset_t all_masked, oset;
- static int trigger = 0;
-+ uint_t ui = 0;
-
- if (trigger)
- return;
-@@ -259,80 +247,40 @@
- return;
- }
-
-+ (void) getisax(&ui, 1);
-+
- /* Initial value, fits UltraSPARC-I&II... */
-- OPENSSL_sparcv9cap_P[0] = SPARCV9_PREFER_FPU | SPARCV9_TICK_PRIVILEGED;
-+ OPENSSL_sparcv9cap_P[0] = SPARCV9_BLK;
-
-- sigfillset(&all_masked);
-- sigdelset(&all_masked, SIGILL);
-- sigdelset(&all_masked, SIGTRAP);
--# ifdef SIGEMT
-- sigdelset(&all_masked, SIGEMT);
--# endif
-- sigdelset(&all_masked, SIGFPE);
-- sigdelset(&all_masked, SIGBUS);
-- sigdelset(&all_masked, SIGSEGV);
-- sigprocmask(SIG_SETMASK, &all_masked, &oset);
--
-- memset(&common_act, 0, sizeof(common_act));
-- common_act.sa_handler = common_handler;
-- common_act.sa_mask = all_masked;
--
-- sigaction(SIGILL, &common_act, &ill_oact);
-- sigaction(SIGBUS, &common_act, &bus_oact); /* T1 fails 16-bit ldda [on
-- * Linux] */
--
-- if (sigsetjmp(common_jmp, 1) == 0) {
-- _sparcv9_rdtick();
-- OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
-- }
--
-- if (sigsetjmp(common_jmp, 1) == 0) {
-- _sparcv9_vis1_probe();
-- OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1 | SPARCV9_BLK;
-+ if (ui & AV_SPARC_VIS) {
- /* detect UltraSPARC-Tx, see sparccpud.S for details... */
-- if (_sparcv9_vis1_instrument() >= 12)
-- OPENSSL_sparcv9cap_P[0] &= ~(SPARCV9_VIS1 | SPARCV9_PREFER_FPU);
-- else {
-- _sparcv9_vis2_probe();
-- OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2;
-- }
-+ if (_sparcv9_vis1_instrument() < 7)
-+ OPENSSL_sparcv9cap_P[0] |= SPARCV9_TICK_PRIVILEGED;
-+ if (_sparcv9_vis1_instrument() < 12) {
-+ OPENSSL_sparcv9cap_P[0] |= (SPARCV9_VIS1 | SPARCV9_PREFER_FPU);
-+ if (ui & AV_SPARC_VIS2)
-+ OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2;
-+ }
- }
-
-- if (sigsetjmp(common_jmp, 1) == 0) {
-- _sparcv9_fmadd_probe();
-+ if (ui & AV_SPARC_FMAF)
- OPENSSL_sparcv9cap_P[0] |= SPARCV9_FMADD;
-- }
-
- /*
- * VIS3 flag is tested independently from VIS1, unlike VIS2 that is,
- * because VIS3 defines even integer instructions.
- */
-- if (sigsetjmp(common_jmp,1) == 0) {
-- _sparcv9_vis3_probe();
-- OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3;
-- }
-+ if (ui & AV_SPARC_VIS3)
-+ OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3;
-
-- if (sigsetjmp(common_jmp,1) == 0) {
-- (void)_sparcv9_random();
-- OPENSSL_sparcv9cap_P[0] |= SPARCV9_RANDOM;
-- }
-+#define AV_T4_MECHS (AV_SPARC_AES | AV_SPARC_DES | AV_SPARC_KASUMI | \
-+ AV_SPARC_CAMELLIA | AV_SPARC_MD5 | AV_SPARC_SHA1 | \
-+ AV_SPARC_SHA256 | AV_SPARC_SHA512 | AV_SPARC_MPMUL | \
-+ AV_SPARC_CRC32C)
-
-- /*
-- * In wait for better solution _sparcv9_rdcfr is masked by
-- * VIS3 flag, because it goes to uninterruptable endless
-- * loop on UltraSPARC II running Solaris. Things might be
-- * different on Linux...
-- */
-- if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS3) &&
-- sigsetjmp(common_jmp, 1) == 0) {
-+ if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS3) && (ui & AV_T4_MECHS))
- OPENSSL_sparcv9cap_P[1] = (unsigned int)_sparcv9_rdcfr();
-- }
-
-- sigaction(SIGBUS, &bus_oact, NULL);
-- sigaction(SIGILL, &ill_oact, NULL);
--
-- sigprocmask(SIG_SETMASK, &oset, NULL);
--
- if (sizeof(size_t) == 8)
- OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK;
- #ifdef __linux
---- openssl-1.0.1g/crypto/sparccpuid.S.~1~ Thu May 1 13:07:00 2014
-+++ openssl-1.0.1g/crypto/sparccpuid.S Thu May 1 13:11:33 2014
-@@ -236,16 +236,6 @@
- .type _sparcv9_rdtick,#function
- .size _sparcv9_rdtick,.-_sparcv9_rdtick
-
--.global _sparcv9_vis1_probe
--.align 8
--_sparcv9_vis1_probe:
-- .word 0x81b00d80 !fxor %f0,%f0,%f0
-- add %sp,BIAS+2,%o1
-- retl
-- .word 0xc19a5a40 !ldda [%o1]ASI_FP16_P,%f0
--.type _sparcv9_vis1_probe,#function
--.size _sparcv9_vis1_probe,.-_sparcv9_vis1_probe
--
- ! Probe and instrument VIS1 instruction. Output is number of cycles it
- ! takes to execute rdtick and pair of VIS1 instructions. US-Tx VIS unit
- ! is slow (documented to be 6 cycles on T2) and the core is in-order
-@@ -307,24 +297,6 @@
- .type _sparcv9_vis1_instrument,#function
- .size _sparcv9_vis1_instrument,.-_sparcv9_vis1_instrument
-
--.global _sparcv9_vis2_probe
--.align 8
--_sparcv9_vis2_probe:
-- retl
-- .word 0x81b00980 !bshuffle %f0,%f0,%f0
--.type _sparcv9_vis2_probe,#function
--.size _sparcv9_vis2_probe,.-_sparcv9_vis2_probe
--
--.global _sparcv9_fmadd_probe
--.align 8
--_sparcv9_fmadd_probe:
-- .word 0x81b00d80 !fxor %f0,%f0,%f0
-- .word 0x85b08d82 !fxor %f2,%f2,%f2
-- retl
-- .word 0x81b80440 !fmaddd %f0,%f0,%f2,%f0
--.type _sparcv9_fmadd_probe,#function
--.size _sparcv9_fmadd_probe,.-_sparcv9_fmadd_probe
--
- .global _sparcv9_rdcfr
- .align 8
- _sparcv9_rdcfr:
-@@ -333,22 +305,6 @@
- .type _sparcv9_rdcfr,#function
- .size _sparcv9_rdcfr,.-_sparcv9_rdcfr
-
--.global _sparcv9_vis3_probe
--.align 8
--_sparcv9_vis3_probe:
-- retl
-- .word 0x81b022a0 !xmulx %g0,%g0,%g0
--.type _sparcv9_vis3_probe,#function
--.size _sparcv9_vis3_probe,.-_sparcv9_vis3_probe
--
--.global _sparcv9_random
--.align 8
--_sparcv9_random:
-- retl
-- .word 0x91b002a0 !random %o0
--.type _sparcv9_random,#function
--.size _sparcv9_random,.-_sparcv9_vis3_probe
--
- .global OPENSSL_cleanse
- .align 32
- OPENSSL_cleanse:
--- a/components/openssl/openssl-1.0.1/patches/39_internal_tests.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,17 +0,0 @@
-#
-# Patch developed in-house. Solaris-specific; not suitable for upstream.
-#
-# Remove test 'test_ca' because it depends on directories
-# not present in the build directory. The rest of tests are ok.
-#
---- a/test/Makefile.orig Thu Apr 2 12:11:12 2015
-+++ b/test/Makefile Thu Apr 2 12:11:21 2015
-@@ -142,7 +142,7 @@
- test_rand test_bn test_ec test_ecdsa test_ecdh \
- test_enc test_x509 test_rsa test_crl test_sid \
- test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
-- test_ss test_ca test_engine test_evp test_evp_extra test_ssl test_tsa test_ige \
-+ test_ss test_engine test_evp test_evp_extra test_ssl test_tsa test_ige \
- test_jpake test_srp test_cms test_heartbeat test_constant_time
-
- test_evp:
--- a/components/openssl/openssl-1.0.1/patches/40_suppress_v8plus_abi_warnings.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,46 +0,0 @@
-#
-# Patch developed in-house. Solaris-specific; not suitable for upstream.
-#
-# Suppress warnings about sparcv8+ ABI violation
-# when building T4-specific modules as 32-bit:
-# v8+ ABI violation: illegal use of %i or %l register as rs1 in "brnz,a" instruction
-# This has been confirmed as a valid usecase and is thus intentional.
-#
---- a/crypto/aes/Makefile.orig čt dub 30 03:15:03 2015
-+++ b/crypto/aes/Makefile čt dub 30 03:19:32 2015
-@@ -72,6 +72,9 @@
- aest4-sparcv9.s: asm/aest4-sparcv9.pl
- $(PERL) asm/aest4-sparcv9.pl $(CFLAGS) > $@
-
-+aest4-sparcv9.o: aest4-sparcv9.s
-+ $(AS) $(ASFLAGS) -Wa,-n -o $@ $^
-+
- aes-ppc.s: asm/aes-ppc.pl
- $(PERL) asm/aes-ppc.pl $(PERLASM_SCHEME) $@
-
---- a/crypto/sha/Makefile.orig čt dub 30 14:37:32 2015
-+++ b/crypto/sha/Makefile čt dub 30 14:40:49 2015
-@@ -71,6 +71,8 @@
- sha1-sparcv9.S: asm/sha1-sparcv9.pl; $(PERL) asm/sha1-sparcv9.pl $@ $(CFLAGS)
- sha256-sparcv9.S:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS)
- sha512-sparcv9.S:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS)
-+sha512-sparcv9.o: sha512-sparcv9.S
-+ $(CC) $(CFLAGS) -Wa,-n -c -o $@ $^
-
- sha1-ppc.s: asm/sha1-ppc.pl; $(PERL) asm/sha1-ppc.pl $(PERLASM_SCHEME) $@
- sha256-ppc.s: asm/sha512-ppc.pl; $(PERL) asm/sha512-ppc.pl $(PERLASM_SCHEME) $@
---- a/crypto/bn/Makefile.orig čt dub 30 14:43:20 2015
-+++ b/crypto/bn/Makefile čt dub 30 14:45:11 2015
-@@ -79,8 +79,12 @@
- $(PERL) asm/sparcv9-mont.pl $(CFLAGS) > $@
- vis3-mont.s: asm/vis3-mont.pl
- $(PERL) asm/vis3-mont.pl $(CFLAGS) > $@
-+vis3-mont.o: vis3-mont.s
-+ $(AS) $(ASFLAGS) -Wa,-n -o $@ $^
- sparct4-mont.S: asm/sparct4-mont.pl
- $(PERL) asm/sparct4-mont.pl $(CFLAGS) > $@
-+sparct4-mont.o: sparct4-mont.S
-+ $(CC) $(CFLAGS) -Wa,-n -c -o $@ $^
- sparcv9-gf2m.S: asm/sparcv9-gf2m.pl
- $(PERL) asm/sparcv9-gf2m.pl $(CFLAGS) > $@
-
--- a/components/openssl/openssl-1.0.1/patches/41_uninitialized_ctx.patch Wed May 27 17:12:47 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,14 +0,0 @@
-#
-# This was developed in house. Upstreadm notified (PR#277).
-#
-diff -ru openssl-1.0.1m/crypto/evp/evp_enc.c openssl-1.0.1m/crypto/evp/evp_enc.c.new
---- openssl-1.0.1m/crypto/evp/evp_enc.c Thu May 7 09:46:32 2015
-+++ openssl-1.0.1m/crypto/evp/evp_enc.c.new Thu May 7 09:46:23 2015
-@@ -179,6 +179,7 @@
- EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
- return 0;
- }
-+ (void) memset(ctx->cipher_data, 0, ctx->cipher->ctx_size);
- } else {
- ctx->cipher_data = NULL;
- }