20735615 Upgrade OpenSSL version to 1.0.1m s11u2-sru
authorRon Jordan <ron.jordan@oracle.com>
Tue, 24 Mar 2015 20:05:38 -0700
branchs11u2-sru
changeset 4016 7f9e1e7611b8
parent 4013 29dc96079508
child 4019 825fa37cfbe0
20735615 Upgrade OpenSSL version to 1.0.1m 20735495 problem in LIBRARY/OPENSSL 20735520 problem in LIBRARY/OPENSSL 20735531 problem in LIBRARY/OPENSSL 20735537 problem in LIBRARY/OPENSSL 20735541 problem in LIBRARY/OPENSSL 20735555 problem in LIBRARY/OPENSSL 20735563 problem in LIBRARY/OPENSSL 20688058 problem in LIBRARY/OPENSSL
components/openssl/openssl-1.0.1-fips-140/Makefile
components/openssl/openssl-1.0.1-fips-140/openssl-1.0.1-fips-140.p5m
components/openssl/openssl-1.0.1-fips-140/patches/15-pkcs11_engine-0.9.8a.patch
components/openssl/openssl-1.0.1-fips-140/patches/26-openssl_fips.patch
components/openssl/openssl-1.0.1-fips-140/patches/28-enginesdir.patch
components/openssl/openssl-1.0.1-fips-140/patches/29_fork_safe.patch
components/openssl/openssl-1.0.1-fips-140/patches/32_aes_cbc_len_check.patch
components/openssl/openssl-1.0.1-fips-140/patches/33_cert_chain.patch
components/openssl/openssl-1.0.1-fips-140/patches/36_evp_leak.patch
components/openssl/openssl-1.0.1-fips-140/patches/38_remove_illegal_instruction_calls.patch
components/openssl/openssl-1.0.1/Makefile
components/openssl/openssl-1.0.1/openssl-1.0.1.p5m
components/openssl/openssl-1.0.1/patches/15-pkcs11_engine-0.9.8a.patch
components/openssl/openssl-1.0.1/patches/18-compiler_opts.patch
components/openssl/openssl-1.0.1/patches/28-enginesdir.patch
components/openssl/openssl-1.0.1/patches/29_fork_safe.patch
components/openssl/openssl-1.0.1/patches/30_wanboot.patch
components/openssl/openssl-1.0.1/patches/32_aes_cbc_len_check.patch
components/openssl/openssl-1.0.1/patches/33_cert_chain.patch
components/openssl/openssl-1.0.1/patches/36_evp_leak.patch
components/openssl/openssl-1.0.1/patches/37_openssl-t4-inline.patch
components/openssl/openssl-1.0.1/patches/37_openssl_t4_inline.patch
components/openssl/openssl-1.0.1/patches/38_remove_illegal_instruction_calls.patch
--- a/components/openssl/openssl-1.0.1-fips-140/Makefile	Tue Mar 24 10:15:01 2015 -0700
+++ b/components/openssl/openssl-1.0.1-fips-140/Makefile	Tue Mar 24 20:05:38 2015 -0700
@@ -29,14 +29,14 @@
 COMPONENT_NAME =	openssl-fips-140
 # Note that this is the OpenSSL version that is used to build FIPS-140 certified
 # libraries. However, we use the FIPS canister version for the IPS package.
-COMPONENT_VERSION =	1.0.1k
+COMPONENT_VERSION =	1.0.1m
 IPS_COMPONENT_VERSION = 2.0.6
 COMPONENT_PROJECT_URL=	http://www.openssl.org/
 COMPONENT_SRC_NAME =	openssl
 COMPONENT_SRC =		$(COMPONENT_SRC_NAME)-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE =	$(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH=	\
-    sha256:8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c
+    sha256:095f0b7b09116c0c5526422088058dc7e6e000aa14d22acca6a4e2babcdfef74
 COMPONENT_ARCHIVE_URL =	$(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
 COMPONENT_BUGDB=	library/openssl
 
--- a/components/openssl/openssl-1.0.1-fips-140/openssl-1.0.1-fips-140.p5m	Tue Mar 24 10:15:01 2015 -0700
+++ b/components/openssl/openssl-1.0.1-fips-140/openssl-1.0.1-fips-140.p5m	Tue Mar 24 20:05:38 2015 -0700
@@ -34,7 +34,7 @@
 set name=pkg.human-version value=$(COMPONENT_VERSION)
 set name=com.oracle.info.description \
     value="the FIPS 140-2 Capable OpenSSL libraries"
-set name=com.oracle.info.tpno value=21111 
+set name=com.oracle.info.tpno value=21965 
 set name=info.classification value=org.opensolaris.category.2008:System/Security
 set name=info.source-url value=$(COMPONENT_ARCHIVE_URL)
 set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
--- a/components/openssl/openssl-1.0.1-fips-140/patches/15-pkcs11_engine-0.9.8a.patch	Tue Mar 24 10:15:01 2015 -0700
+++ b/components/openssl/openssl-1.0.1-fips-140/patches/15-pkcs11_engine-0.9.8a.patch	Tue Mar 24 20:05:38 2015 -0700
@@ -1,3 +1,7 @@
+#
+# This patch file adds the Solaris's pkcs11 engine.
+# This is Solaris-specific (developed in house): not suitable for upstream.
+#
 --- /tmp/Configure	Fri Feb 11 14:40:39 2011
 +++ openssl-1.0.0d/Configure	Fri Feb 11 14:41:36 2011
 @@ -10,7 +10,7 @@
@@ -29,7 +33,7 @@
  my $prefix="";
  my $libdir="";
  my $openssldir="";
[email protected]@ -876,6 +879,10 @@
[email protected]@ -882,6 +888,10 @@
 				$_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
 				$flags.=$_." ";
 				}
@@ -40,7 +44,7 @@
 			elsif (/^--prefix=(.*)$/)
 				{
 				$prefix=$1;
[email protected]@ -1043,6 +1054,13 @@
[email protected]@ -1049,6 +1059,13 @@
  	exit 0;
  }
  
@@ -54,7 +58,7 @@
  if ($target =~ m/^CygWin32(-.*)$/) {
  	$target = "Cygwin".$1;
  }
[email protected]@ -1209,6 +1226,8 @@
[email protected]@ -1215,6 +1232,8 @@
  if ($flags ne "")	{ $cflags="$flags$cflags"; }
  else			{ $no_user_cflags=1;       }
  
@@ -63,12 +67,12 @@
  # Kerberos settings.  The flavor must be provided from outside, either through
  # the script "config" or manually.
  if (!$no_krb5)
[email protected]@ -1598,6 +1617,7 @@
[email protected]@ -1604,6 +1623,7 @@
  	s/^VERSION=.*/VERSION=$version/;
  	s/^MAJOR=.*/MAJOR=$major/;
  	s/^MINOR=.*/MINOR=$minor/;
 +	s/^PK11_LIB_LOCATION=.*/PK11_LIB_LOCATION=$pk11_libname/;
-	s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
+ 	s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
  	s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
  	s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
 --- /tmp/Makefile.org	Fri Feb 11 14:41:54 2011
@@ -83,32 +87,32 @@
  # Do not edit this manually. Use Configure --openssldir=DIR do change this!
  OPENSSLDIR=/usr/local/ssl
  
---- openssl-1.0.1e/engines/Makefile.~1~        Fri Nov 22 13:40:31 2013
-+++ openssl-1.0.1e/engines/Makefile    Fri Nov 22 13:43:46 2013
+--- /tmp/Makefile	Mon Feb 14 14:59:22 2011
++++ openssl-1.0.0d/engines/Makefile	Mon Feb 14 15:00:35 2011
 @@ -26,7 +26,8 @@
  APPS=
  
  LIB=$(TOP)/libcrypto.a
 -LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi
 +LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi \
-+	pk11
++	  pk11
  
  LIBSRC=	e_4758cca.c \
-	e_aep.c \
+ 	e_aep.c \
 @@ -38,7 +39,8 @@
-	e_sureware.c \
-	e_ubsec.c \
-	e_padlock.c \
+ 	e_sureware.c \
+ 	e_ubsec.c \
+ 	e_padlock.c \
 -	e_capi.c
 +	e_capi.c \
 +	e_pk11.c
  LIBOBJ= e_4758cca.o \
-	e_aep.o \
-	e_atalla.o \
+ 	e_aep.o \
+ 	e_atalla.o \
 @@ -49,7 +51,8 @@
-	e_sureware.o \
-	e_ubsec.o \
-	e_padlock.o \
+ 	e_sureware.o \
+ 	e_ubsec.o \
+ 	e_padlock.o \
 -	e_capi.o
 +	e_capi.o \
 +	e_pk11.o
@@ -116,9 +120,9 @@
  SRC= $(LIBSRC)
  
 @@ -63,7 +66,8 @@
-	e_nuron_err.c e_nuron_err.h \
-	e_sureware_err.c e_sureware_err.h \
-	e_ubsec_err.c e_ubsec_err.h \
+ 	e_nuron_err.c e_nuron_err.h \
+ 	e_sureware_err.c e_sureware_err.h \
+ 	e_ubsec_err.c e_ubsec_err.h \
 -	e_capi_err.c e_capi_err.h
 +	e_capi_err.c e_capi_err.h \
 +	e_pk11.h e_pk11_uri.h e_pk11_err.h e_pk11_pub.c e_pk11_uri.c e_pk11_err.c
@@ -126,23 +130,23 @@
  ALL=    $(GENERAL) $(SRC) $(HEADER)
  
 @@ -78,7 +82,7 @@
-		for l in $(LIBNAMES); do \
-			$(MAKE) -f ../Makefile.shared -e \
-				LIBNAME=$$l LIBEXTRAS=e_$$l.o \
+ 		for l in $(LIBNAMES); do \
+ 			$(MAKE) -f ../Makefile.shared -e \
+ 				LIBNAME=$$l LIBEXTRAS=e_$$l.o \
 -				LIBDEPS='-L.. -lcrypto $(EX_LIBS)' \
 +				LIBDEPS='-L.. -lcrypto -lcryptoutil $(EX_LIBS)' \
-				link_o.$(SHLIB_TARGET); \
-		done; \
-	else \
---- openssl-1.0.1e/crypto/engine/eng_all.c.~1~       Mon Feb 11 07:26:04 2013
-+++ openssl-1.0.1e/crypto/engine/eng_all.c   Wed Nov 20 11:38:05 2013
[email protected]@ -59,6 +59,16 @@
+ 				link_o.$(SHLIB_TARGET); \
+ 		done; \
+ 	else \
+--- crypto/engine/eng_all.c Thu Sep  5 12:59:50 2013
++++ openssl-1.0.1e/crypto/engine/eng_all.c Thu Sep  5 12:59:50 2013
[email protected]@ -60,6 +60,16 @@
  #include "cryptlib.h"
  #include "eng_int.h"
- 
+
 +/*
 + * pkcs11 engine no longer is a built-in engine, and ENGINE_load_pk11() needs to be
-+ * defined in libcrypto.so for ssh. Instead of load pkcs11 engine, it loads dynamic
++ * defined in libcrypto.so for ssh.  Instead of load pkcs11 engine, it load dynamic
 + * engines.
 + */
 +void ENGINE_load_pk11(void)
@@ -151,52 +155,50 @@
 +	}
 +
  void ENGINE_load_builtin_engines(void)
-	{
-	/* Some ENGINEs need this */
+ {
+     /* Some ENGINEs need this */
 @@ -80,6 +90,9 @@
-	ENGINE_load_rdrand();
+     ENGINE_load_rdrand();
  #endif
-	ENGINE_load_dynamic();
+     ENGINE_load_dynamic();
 +#ifndef OPENSSL_NO_HW_PKCS11
-+	ENGINE_load_pk11();
++    ENGINE_load_pk11();
 +#endif
  #ifndef OPENSSL_NO_STATIC_ENGINE
- #ifndef OPENSSL_NO_HW
- #ifndef OPENSSL_NO_HW_4758_CCA
---- openssl-1.0.1e/crypto/dso/dso_lib.c.~1~       Wed Nov 20 13:10:57 2013
-+++ openssl-1.0.1e/crypto/dso/dso_lib.c   Wed Nov 20 13:30:46 2013
[email protected]@ -426,6 +426,26 @@
-		DSOerr(DSO_F_DSO_CONVERT_FILENAME,DSO_R_NO_FILENAME);
-		return(NULL);
-		}
-+	/*
-+	 * For pkcs11 engine, use libpk11.so (instead of libpkcs11.so) to
-+	 * avoid the name collision with PKCS#11 library.
-+	 */
-+	if (strcmp(filename, "pkcs11") == 0)
-+		{
-+#ifdef _LP64
-+		static const char fullpath[] = "/lib/openssl/engines/64/libpk11.so";
+ # ifndef OPENSSL_NO_HW
+ #  ifndef OPENSSL_NO_HW_4758_CCA
+--- crypto/dso/dso_lib.c Thu Sep  5 12:59:50 2013
++++ openssl-1.0.1e/crypto/dso/dso_lib.c Thu Sep  5 12:59:50 2013
[email protected]@ -396,6 +396,24 @@
+         DSOerr(DSO_F_DSO_CONVERT_FILENAME, DSO_R_NO_FILENAME);
+         return (NULL);
+     }
++    /*
++     * For pkcs11 engine, use libpk11.so (instead of libpkcs11.so) to
++     * avoid the name collision with PKCS#11 library.
++     */
++    if (strcmp(filename, "pkcs11") == 0) {
++#ifdef  _LP64
++        static const char fullpath[] = "/lib/openssl/engines/64/libpk11.so";
 +#else
-+		static const char fullpath[] = "/lib/openssl/engines/libpk11.so";
++        static const char fullpath[] = "/lib/openssl/engines/libpk11.so";
 +#endif
-+		result = OPENSSL_malloc(strlen(fullpath) + 1);
-+		if(result == NULL)
-+			{
-+			DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE);
-+			return(NULL);
-+			}
-+		BUF_strlcpy(result, fullpath, sizeof(fullpath));
-+		return(result);
-+		}
-	if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0)
-		{
-		if(dso->name_converter != NULL)
---- /tmp/engine.h	Fri Feb 11 14:46:24 2011
-+++ openssl-1.0.0d/crypto/engine/engine.h	Fri Feb 11 14:47:32 2011
[email protected]@ -351,6 +351,7 @@
- #endif
- #endif
++        result = OPENSSL_malloc(strlen(fullpath) + 1);
++        if(result == NULL) {
++            DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE);
++            return(NULL);
++        }
++        BUF_strlcpy(result, fullpath, strlen(fullpath) + 1);
++        return (result);
++    }
+     if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
+         if (dso->name_converter != NULL)
+             result = dso->name_converter(dso, filename);
+--- /tmp/engine.h       Fri Feb 11 14:46:24 2011
++++ openssl-1.0.0d/crypto/engine/engine.h       Fri Feb 11 14:47:32 2011
[email protected]@ -413,6 +413,7 @@
+ #  endif
+ # endif
  void ENGINE_load_cryptodev(void);
 +void ENGINE_load_pk11(void);
  void ENGINE_load_rsax(void);
--- a/components/openssl/openssl-1.0.1-fips-140/patches/26-openssl_fips.patch	Tue Mar 24 10:15:01 2015 -0700
+++ b/components/openssl/openssl-1.0.1-fips-140/patches/26-openssl_fips.patch	Tue Mar 24 20:05:38 2015 -0700
@@ -1,82 +1,85 @@
+#
+# Patch developed in-house.  Solaris-specific; not suitable for upstream. 
+#
 --- openssl-0.9.8m/apps/openssl.c	Thu Oct 15 19:28:02 2009
 +++ openssl-0.9.8m/apps/openssl.c	Fri Feb 26 16:12:30 2010
[email protected]@ -134,6 +134,9 @@
- #include <openssl/fips.h>
[email protected]@ -135,6 +135,9 @@
+ # include <openssl/fips.h>
  #endif
  
 +/* Solaris OpenSSL */
 +#include <dlfcn.h>
 +
- /* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
-  * base prototypes (we cast each variable inside the function to the required
-  * type of "FUNCTION*"). This removes the necessity for macro-generated wrapper
[email protected]@ -153,9 +156,10 @@
+ /*
+  * The LHASH callbacks ("hash" & "cmp") have been replaced by functions with
+  * the base prototypes (we cast each variable inside the function to the
[email protected]@ -155,9 +158,10 @@
+ BIO *bio_err = NULL;
  #endif
  
- 
 +static int *modes;
 +
  static void lock_dbg_cb(int mode, int type, const char *file, int line)
- 	{
--	static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
- 	const char *errstr = NULL;
- 	int rw;
- 	
[email protected]@ -166,7 +170,7 @@
- 		goto err;
- 		}
+ {
+-    static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
+     const char *errstr = NULL;
+     int rw;
+ 
[email protected]@ -167,7 +168,7 @@
+         goto err;
+     }
  
--	if (type < 0 || type >= CRYPTO_NUM_LOCKS)
-+	if (type < 0 || type >= CRYPTO_num_locks())
- 		{
- 		errstr = "type out of bounds";
- 		goto err;
[email protected]@ -311,6 +315,14 @@
- 	if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
+-    if (type < 0 || type >= CRYPTO_NUM_LOCKS) {
++    if (type < 0 || type >= CRYPTO_num_locks()) {
+         errstr = "type out of bounds";
+         goto err;
+     }
[email protected]@ -305,6 +306,14 @@
+     if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
  #endif
- 		{
-+		modes = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (int));
-+		if (modes == NULL) {
-+			ERR_load_crypto_strings();
-+			BIO_printf(bio_err,"Memory allocation failure\n");
-+			ERR_print_errors(bio_err);
-+			EXIT(1);
-+		}
-+		memset(modes, 0, CRYPTO_num_locks() * sizeof (int));
- 		CRYPTO_set_locking_callback(lock_dbg_cb);
- 		}
+     {
++        modes = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (int));
++        if (modes == NULL) {
++            ERR_load_crypto_strings();
++            BIO_printf(bio_err,"Memory allocation failure\n");
++            ERR_print_errors(bio_err);
++            EXIT(1);
++        }
++        memset(modes, 0, CRYPTO_num_locks() * sizeof (int));
+         CRYPTO_set_locking_callback(lock_dbg_cb);
+     }
  
[email protected]@ -314,18 +326,28 @@
- 		CRYPTO_set_locking_callback(lock_dbg_cb);
- 		}
[email protected]@ -308,18 +320,28 @@
+         CRYPTO_set_locking_callback(lock_dbg_cb);
+     }
  
 +/*
 + * Solaris OpenSSL
 + * Add a further check for the FIPS_mode_set() symbol before calling to
 + * allow openssl(1openssl) to be run against both fips and non-fips libraries.
 + */
- 	if(getenv("OPENSSL_FIPS")) {
+     if (getenv("OPENSSL_FIPS")) {
 -#ifdef OPENSSL_FIPS
--		if (!FIPS_mode_set(1)) {
+-        if (!FIPS_mode_set(1)) {
 +
-+	int (*FIPS_mode_set)(int);
-+	FIPS_mode_set = (int (*)(int)) dlsym(RTLD_NEXT, "FIPS_mode_set");
++        int (*FIPS_mode_set)(int);
++        FIPS_mode_set = (int (*)(int)) dlsym(RTLD_NEXT, "FIPS_mode_set");
 +
-+	if (FIPS_mode_set != NULL) {
-+		if (!(*FIPS_mode_set)(1)) {
- 			ERR_load_crypto_strings();
- 			ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
- 			EXIT(1);
- 		}
++        if (FIPS_mode_set != NULL) {
++            if (!(*FIPS_mode_set)(1)) {
+             ERR_load_crypto_strings();
+             ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE));
+             EXIT(1);
+         }
 -#else
--		fprintf(stderr, "FIPS mode not supported.\n");
-+	} else {
-+			fprintf(stderr, "Failed to enable FIPS mode. "
-+			    "For more information about running in FIPS mode see openssl(5).\n");
- 		EXIT(1);
+-        fprintf(stderr, "FIPS mode not supported.\n");
++    } else {
++            fprintf(stderr, "Failed to enable FIPS mode. "
++                "For more information about running in FIPS mode see openssl(5).\n");
+         EXIT(1);
 -#endif
- 		}
-+		}
+     }
++    }
  
- 	apps_startup();
+     apps_startup();
  
--- a/components/openssl/openssl-1.0.1-fips-140/patches/28-enginesdir.patch	Tue Mar 24 10:15:01 2015 -0700
+++ b/components/openssl/openssl-1.0.1-fips-140/patches/28-enginesdir.patch	Tue Mar 24 20:05:38 2015 -0700
@@ -1,3 +1,7 @@
+#
+# This was developed in house to configure the engine dir.
+# Not suitable for upstream.
+#
 --- /tmp/18/Configure	Fri Feb 11 15:15:50 2011
 +++ openssl-1.0.0d/Configure	Fri Feb 11 15:18:09 2011
 @@ -18,6 +18,8 @@
@@ -9,7 +13,7 @@
  #
  # --pk11-libname  PKCS#11 library name.
  #               (Default: none)
[email protected]@ -672,6 +672,7 @@
[email protected]@ -679,6 +679,7 @@
  my $prefix="";
  my $libdir="";
  my $openssldir="";
@@ -17,7 +21,7 @@
  my $exe_ext="";
  my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
  my $cross_compile_prefix="";
[email protected]@ -904,6 +904,10 @@
[email protected]@ -917,6 +920,10 @@
  				{
  				$openssldir=$1;
  				}
@@ -28,7 +32,7 @@
  			elsif (/^--install.prefix=(.*)$/)
  				{
  				$install_prefix=$1;
[email protected]@ -1211,6 +1218,10 @@
[email protected]@ -1224,6 +1231,10 @@
  # we're ready to tolerate, so don't...
  $multilib="" if !-d "$prefix/lib$multilib";
  
@@ -39,7 +43,7 @@
  $libdir="lib$multilib" if $libdir eq "";
  
  $cflags = "$cflags$exp_cflags";
[email protected]@ -1830,7 +1841,7 @@
[email protected]@ -1846,7 +1857,7 @@
  		}
  	elsif	(/^#define\s+ENGINESDIR/)
  		{
--- a/components/openssl/openssl-1.0.1-fips-140/patches/29_fork_safe.patch	Tue Mar 24 10:15:01 2015 -0700
+++ b/components/openssl/openssl-1.0.1-fips-140/patches/29_fork_safe.patch	Tue Mar 24 20:05:38 2015 -0700
@@ -13,18 +13,19 @@
 +#include <pthread.h>
  
  #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
- static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
[email protected]@ -181,6 +182,7 @@
-    numbers.  */
- static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL;
+ static double SSLeay_MSVC5_hack = 0.0; /* and for VC1.5 */
[email protected]@ -184,6 +185,8 @@
+  */
+ static STACK_OF(CRYPTO_dynlock) *dyn_locks = NULL;
  
 +static pthread_mutex_t *solaris_openssl_locks;
- 
- static void (MS_FAR *locking_callback)(int mode,int type,
- 	const char *file,int line)=0;
[email protected]@ -406,6 +409,79 @@
- 	return(add_lock_callback);
- 	}
++
+ static void (MS_FAR *locking_callback) (int mode, int type,
+                                         const char *file, int line) = 0;
+ static int (MS_FAR *add_lock_callback) (int *pointer, int amount,
[email protected]@ -402,6 +405,79 @@
+     return (add_lock_callback);
+ }
 
 +/*
 + * This is the locking callback function which all applications will be
@@ -97,24 +98,24 @@
 +		}
 +	locking_callback = solaris_locking_callback;
 +
-+	}
++}
 +
- void CRYPTO_set_locking_callback(void (*func)(int mode,int type,
- 					      const char *file,int line))
- 	{
[email protected]@ -413,7 +478,11 @@
- 	 * are started.
- 	 */
- 	OPENSSL_init();
--	locking_callback=func;
+ void CRYPTO_set_locking_callback(void (*func) (int mode, int type,
+                                                const char *file, int line))
+ {
[email protected]@ -410,7 +486,11 @@
+      * started.
+      */
+     OPENSSL_init();
+-    locking_callback = func;
 +
 +	/*
 +	 * we now setup our own locking callback and mutexes, and disallow
 +	 * setting of another locking callback.
 +	 */
- 	}
+ }
  
- void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type,
+ void CRYPTO_set_add_lock_callback(int (*func) (int *num, int mount, int type,
 --- openssl-1.0.1f/crypto/cryptlib.h.~1~	Fri Feb  7 10:41:42 2014
 +++ openssl-1.0.1f/crypto/cryptlib.h	Thu Feb  6 16:04:16 2014
 @@ -104,6 +104,8 @@
--- a/components/openssl/openssl-1.0.1-fips-140/patches/32_aes_cbc_len_check.patch	Tue Mar 24 10:15:01 2015 -0700
+++ b/components/openssl/openssl-1.0.1-fips-140/patches/32_aes_cbc_len_check.patch	Tue Mar 24 20:05:38 2015 -0700
@@ -1,14 +1,18 @@
+#
+# This was developed in house and reported to the upstream.
+#
 --- openssl-1.0.1e/crypto/evp/e_aes.c        Tue Jul  2 11:03:12 2013
 +++ openssl-1.0.1e/crypto/evp/e_aes.c.new    Tue Jul  2 11:04:56 2013
[email protected]@ -574,8 +574,11 @@
- static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
- 	const unsigned char *in, size_t len)
[email protected]@ -536,8 +536,12 @@
+ static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t len)
  {
-+	size_t	bl = ctx->cipher->block_size;
- 	EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
++    size_t	bl = ctx->cipher->block_size;
+     EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data;
  
-+	if (len<bl)	return 1;
++    if (len < bl)
++        return 1;
 +
- 	if (dat->stream.cbc)
- 		(*dat->stream.cbc)(in,out,len,&dat->ks,ctx->iv,ctx->encrypt);
- 	else if (ctx->encrypt)
+     if (dat->stream.cbc)
+         (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv, ctx->encrypt);
+     else if (ctx->encrypt)
--- a/components/openssl/openssl-1.0.1-fips-140/patches/33_cert_chain.patch	Tue Mar 24 10:15:01 2015 -0700
+++ b/components/openssl/openssl-1.0.1-fips-140/patches/33_cert_chain.patch	Tue Mar 24 20:05:38 2015 -0700
@@ -6,200 +6,205 @@
 Index: openssl/crypto/x509/x509_trs.c
 ============================================================================
 $ diff -ru crypto/x509/x509_trs.c crypto/x509/x509_trs.c 
---- openssl/crypto/x509/x509_trs.c.orig	4 Dec 2012 17:26:04 -0000	1.133.2.11.2.6.2.3
-+++ openssl/crypto/x509/x509_trs.c	14 Dec 2012 14:30:45 -0000	1.133.2.11.2.6.2.4
[email protected]@ -114,6 +114,15 @@ int X509_check_trust(X509 *x, int id, int flags)
- 	X509_TRUST *pt;
- 	int idx;
- 	if(id == -1) return 1;
-+	/* We get this as a default value */
-+	if (id == 0)
-+		{
-+		int rv;
-+		rv = obj_trust(NID_anyExtendedKeyUsage, x, 0);
-+		if (rv != X509_TRUST_UNTRUSTED)
-+			return rv;
-+		return trust_compat(NULL, x, 0);
-+		}
- 	idx = X509_TRUST_get_by_id(id);
- 	if(idx == -1) return default_trust(id, x, flags);
- 	pt = X509_TRUST_get0(idx);
+--- openssl/crypto/x509/x509_trs.c.orig    4 Dec 2012 17:26:04 -0000    1.133.2.11.2.6.2.3
++++ openssl/crypto/x509/x509_trs.c    14 Dec 2012 14:30:45 -0000    1.133.2.11.2.6.2.4
[email protected]@ -119,6 +119,14 @@ int X509_check_trust(X509 *x, int id, int flags)
+     int idx;
+     if (id == -1)
+         return 1;
++    /* We get this as a default value */
++    if (id == 0) {
++        int rv;
++        rv = obj_trust(NID_anyExtendedKeyUsage, x, 0);
++        if (rv != X509_TRUST_UNTRUSTED)
++            return rv;
++        return trust_compat(NULL, x, 0);
++    }
+     idx = X509_TRUST_get_by_id(id);
+     if (idx == -1)
+         return default_trust(id, x, flags);
 Index: openssl/crypto/x509/x509_vfy.c
 ============================================================================
 $ cvs diff -u -r1.105.2.9.2.4.2.3 -r1.105.2.9.2.4.2.4 x509_vfy.c
---- openssl/crypto/x509/x509_vfy.c	14 Dec 2012 12:53:48 -0000	1.105.2.9.2.4.2.3
-+++ openssl/crypto/x509/x509_vfy.c	14 Dec 2012 14:30:46 -0000	1.105.2.9.2.4.2.4
[email protected]@ -150,6 +150,33 @@
- 	}
+--- openssl/crypto/x509/x509_vfy.c    14 Dec 2012 12:53:48 -0000    1.105.2.9.2.4.2.3
++++ openssl/crypto/x509/x509_vfy.c    14 Dec 2012 14:30:46 -0000    1.105.2.9.2.4.2.4
[email protected]@ -149,6 +149,33 @@
+ }
  #endif
  
 +/* Given a certificate try and find an exact match in the store */
 +
 +static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x)
-+	{
-+	STACK_OF(X509) *certs;
-+	X509 *xtmp = NULL;
-+	int i;
-+	/* Lookup all certs with matching subject name */
-+	certs = ctx->lookup_certs(ctx, X509_get_subject_name(x));
-+	if (certs == NULL)
-+		return NULL;
-+	/* Look for exact match */
-+	for (i = 0; i < sk_X509_num(certs); i++)
-+		{
-+		xtmp = sk_X509_value(certs, i);
-+		if (!X509_cmp(xtmp, x))
-+			break;
-+		}
-+	if (i < sk_X509_num(certs))
-+		CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);
-+	else
-+		xtmp = NULL;
-+	sk_X509_pop_free(certs, X509_free);
-+	return xtmp;
-+	}
++    {
++    STACK_OF(X509) *certs;
++    X509 *xtmp = NULL;
++    int i;
++    /* Lookup all certs with matching subject name */
++    certs = ctx->lookup_certs(ctx, X509_get_subject_name(x));
++    if (certs == NULL)
++        return NULL;
++    /* Look for exact match */
++    for (i = 0; i < sk_X509_num(certs); i++)
++        {
++        xtmp = sk_X509_value(certs, i);
++        if (!X509_cmp(xtmp, x))
++            break;
++        }
++    if (i < sk_X509_num(certs))
++        CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);
++    else
++        xtmp = NULL;
++    sk_X509_pop_free(certs, X509_free);
++    return xtmp;
++    }
 +
 +
  int X509_verify_cert(X509_STORE_CTX *ctx)
- 	{
- 	X509 *x,*xtmp,*chain_ss=NULL;
[email protected]@ -307,8 +307,13 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
+ {
+     X509 *x, *xtmp, *chain_ss = NULL;
[email protected]@ -304,8 +331,17 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
  
- 	/* we now have our chain, lets check it... */
+     /* we now have our chain, lets check it... */
  
--	/* Is last certificate looked up self signed? */
--	if (!ctx->check_issued(ctx,x,x))
-+	i = check_trust(ctx);
+-    /* Is last certificate looked up self signed? */
+-    if (!ctx->check_issued(ctx, x, x)) {
++    i = check_trust(ctx);
 +
-+	/* If explicitly rejected error */
-+	if (i == X509_TRUST_REJECTED)
-+		goto end;
-+	/* If not explicitly trusted then indicate error */
-+	if (i != X509_TRUST_TRUSTED)
- 		{
- 		if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss))
- 			{
[email protected]@ -346,12 +351,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
- 	
- 	if (!ok) goto end;
++    /* If explicitly rejected error */
++    if (i == X509_TRUST_REJECTED)
++        goto end;
++    /*
++     * If not explicitly trusted then indicate error unless it's a single
++     * self signed certificate in which case we've indicated an error already
++     * and set bad_chain == 1
++     */
++    if (i != X509_TRUST_TRUSTED && !bad_chain) {
+         if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) {
+             if (ctx->last_untrusted >= num)
+                 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
[email protected]@ -340,14 +376,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
+     ok = check_name_constraints(ctx);
  
--	/* The chain extensions are OK: check trust */
+     if (!ok)
+-        goto end;
 -
--	if (param->trust > 0) ok = check_trust(ctx);
+-    /* The chain extensions are OK: check trust */
 -
--	if (!ok) goto end;
+-    if (param->trust > 0)
+-        ok = check_trust(ctx);
 -
- 	/* We may as well copy down any DSA parameters that are required */
- 	X509_get_pubkey_parameters(NULL,ctx->chain);
+-    if (!ok)
+         goto end;
  
[email protected]@ -642,28 +641,54 @@ static int check_name_constraints(X509_STORE_CTX *ctx)
+     /* We may as well copy down any DSA parameters that are required */
[email protected]@ -630,28 +658,53 @@ static int check_name_constraints(X509_STORE_CTX *ctx)
  
  static int check_trust(X509_STORE_CTX *ctx)
  {
 -#ifdef OPENSSL_NO_CHAIN_VERIFY
--	return 1;
+-    return 1;
 -#else
- 	int i, ok;
--	X509 *x;
-+	X509 *x = NULL;
- 	int (*cb)(int xok,X509_STORE_CTX *xctx);
- 	cb=ctx->verify_cb;
+     int i, ok;
+-    X509 *x;
++    X509 *x = NULL;
+     int (*cb) (int xok, X509_STORE_CTX *xctx);
+     cb = ctx->verify_cb;
 -/* For now just check the last certificate in the chain */
--	i = sk_X509_num(ctx->chain) - 1;
--	x = sk_X509_value(ctx->chain, i);
--	ok = X509_check_trust(x, ctx->param->trust, 0);
--	if (ok == X509_TRUST_TRUSTED)
--		return 1;
--	ctx->error_depth = i;
--	ctx->current_cert = x;
--	if (ok == X509_TRUST_REJECTED)
--		ctx->error = X509_V_ERR_CERT_REJECTED;
--	else
--		ctx->error = X509_V_ERR_CERT_UNTRUSTED;
--	ok = cb(0, ctx);
--	return ok;
+-    i = sk_X509_num(ctx->chain) - 1;
+-    x = sk_X509_value(ctx->chain, i);
+-    ok = X509_check_trust(x, ctx->param->trust, 0);
+-    if (ok == X509_TRUST_TRUSTED)
+-        return 1;
+-    ctx->error_depth = i;
+-    ctx->current_cert = x;
+-    if (ok == X509_TRUST_REJECTED)
+-        ctx->error = X509_V_ERR_CERT_REJECTED;
+-    else
+-        ctx->error = X509_V_ERR_CERT_UNTRUSTED;
+-    ok = cb(0, ctx);
+-    return ok;
 -#endif
-+	/* Check all trusted certificates in chain */
-+	for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++)
-+		{
-+		x = sk_X509_value(ctx->chain, i);
-+		ok = X509_check_trust(x, ctx->param->trust, 0);
-+		/* If explicitly trusted return trusted */
-+		if (ok == X509_TRUST_TRUSTED)
-+			return X509_TRUST_TRUSTED;
-+		/* If explicitly rejected notify callback and reject if
-+		 * not overridden.
-+		 */
-+		if (ok == X509_TRUST_REJECTED)
-+			{
-+			ctx->error_depth = i;
-+			ctx->current_cert = x;
-+			ctx->error = X509_V_ERR_CERT_REJECTED;
-+			ok = cb(0, ctx);
-+			if (!ok)
-+				return X509_TRUST_REJECTED;
-+			}
-+		}
-+	/* If we accept partial chains and have at least one trusted
-+	 * certificate return success.
-+	 */
-+	if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN)
-+		{
-+		X509 *mx;
-+		if (ctx->last_untrusted < sk_X509_num(ctx->chain))
-+			return X509_TRUST_TRUSTED;
-+		x = sk_X509_value(ctx->chain, 0);
-+		mx = lookup_cert_match(ctx, x);
-+		if (mx)
-+			{
-+			(void)sk_X509_set(ctx->chain, 0, mx);
-+			X509_free(x);
-+			ctx->last_untrusted = 0;
-+			return X509_TRUST_TRUSTED;
-+			}
-+		}
++    /* Check all trusted certificates in chain */
++    for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) {
++        x = sk_X509_value(ctx->chain, i);
++        ok = X509_check_trust(x, ctx->param->trust, 0);
++        /* If explicitly trusted return trusted */
++        if (ok == X509_TRUST_TRUSTED)
++            return X509_TRUST_TRUSTED;
++        /*
++         * If explicitly rejected notify callback and reject if not
++         * overridden.
++         */
++        if (ok == X509_TRUST_REJECTED) {
++            ctx->error_depth = i;
++            ctx->current_cert = x;
++            ctx->error = X509_V_ERR_CERT_REJECTED;
++            ok = cb(0, ctx);
++            if (!ok)
++                return X509_TRUST_REJECTED;
++        }
++    }
++    /*
++     * If we accept partial chains and have at least one trusted certificate
++     * return success.
++     */
++    if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
++        X509 *mx;
++        if (ctx->last_untrusted < sk_X509_num(ctx->chain))
++            return X509_TRUST_TRUSTED;
++        x = sk_X509_value(ctx->chain, 0);
++        mx = lookup_cert_match(ctx, x);
++        if (mx) {
++            (void)sk_X509_set(ctx->chain, 0, mx);
++            X509_free(x);
++            ctx->last_untrusted = 0;
++            return X509_TRUST_TRUSTED;
++        }
++    }
 +
-+	/* If no trusted certs in chain at all return untrusted and
-+	 * allow standard (no issuer cert) etc errors to be indicated.
-+	 */
-+	return X509_TRUST_UNTRUSTED;
++    /*
++     * If no trusted certs in chain at all return untrusted and allow
++     * standard (no issuer cert) etc errors to be indicated.
++     */
++    return X509_TRUST_UNTRUSTED;
  }
  
  static int check_revocation(X509_STORE_CTX *ctx)
[email protected]@ -1602,6 +1641,8 @@ static int internal_verify(X509_STORE_CTX *ctx)
- 		xs=xi;
- 	else
- 		{
-+		if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN && n == 0)
-+			return check_cert_time(ctx, xi);
- 		if (n <= 0)
- 			{
- 			ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
[email protected]@ -1526,6 +1579,8 @@ static int internal_verify(X509_STORE_CTX *ctx)
+     if (ctx->check_issued(ctx, xi, xi))
+         xs = xi;
+     else {
++        if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN && n == 0)
++            return check_cert_time(ctx, xi);
+         if (n <= 0) {
+             ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
+             ctx->current_cert = xi;
 Index: openssl/crypto/x509/x509_vfy.h
 ============================================================================
 $ cvs diff -u -r1.67.2.3.4.1 -r1.67.2.3.4.2 x509_vfy.h
---- openssl/crypto/x509/x509_vfy.h	26 Sep 2012 13:50:42 -0000	1.67.2.3.4.1
-+++ openssl/crypto/x509/x509_vfy.h	14 Dec 2012 14:30:46 -0000	1.67.2.3.4.2
[email protected]@ -390,6 +390,8 @@
+--- openssl/crypto/x509/x509_vfy.h    26 Sep 2012 13:50:42 -0000    1.67.2.3.4.1
++++ openssl/crypto/x509/x509_vfy.h    14 Dec 2012 14:30:46 -0000    1.67.2.3.4.2
[email protected]@ -406,6 +406,9 @@
  /* Check selfsigned CA signature */
- #define X509_V_FLAG_CHECK_SS_SIGNATURE		0x4000
+ # define X509_V_FLAG_CHECK_SS_SIGNATURE          0x4000
  
 +/* Allow partial chains if at least one certificate is in trusted store */
-+#define X509_V_FLAG_PARTIAL_CHAIN		0x80000
- 
- #define X509_VP_FLAG_DEFAULT			0x1
- #define X509_VP_FLAG_OVERWRITE			0x2
++# define X509_V_FLAG_PARTIAL_CHAIN               0x80000
++
+ # define X509_VP_FLAG_DEFAULT                    0x1
+ # define X509_VP_FLAG_OVERWRITE                  0x2
+ # define X509_VP_FLAG_RESET_FLAGS                0x4
 Index: openssl/apps/apps.c
 ============================================================================
 $ cvs diff -u -r1.133.2.11.2.6.2.3 -r1.133.2.11.2.6.2.4 apps.c
---- openssl/apps/apps.c	4 Dec 2012 17:26:04 -0000	1.133.2.11.2.6.2.3
-+++ openssl/apps/apps.c	14 Dec 2012 14:30:45 -0000	1.133.2.11.2.6.2.4
[email protected]@ -2361,6 +2361,8 @@
- 		flags |= X509_V_FLAG_NOTIFY_POLICY;
- 	else if (!strcmp(arg, "-check_ss_sig"))
- 		flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
-+	else if (!strcmp(arg, "-partial_chain"))
-+		flags |= X509_V_FLAG_PARTIAL_CHAIN;
- 	else
- 		return 0;
+--- openssl/apps/apps.c    4 Dec 2012 17:26:04 -0000    1.133.2.11.2.6.2.3
++++ openssl/apps/apps.c    14 Dec 2012 14:30:45 -0000    1.133.2.11.2.6.2.4
[email protected]@ -2238,6 +2238,8 @@
+         flags |= X509_V_FLAG_NOTIFY_POLICY;
+     else if (!strcmp(arg, "-check_ss_sig"))
+         flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
++    else if (!strcmp(arg, "-partial_chain"))
++        flags |= X509_V_FLAG_PARTIAL_CHAIN;
+     else
+         return 0;
  
--- a/components/openssl/openssl-1.0.1-fips-140/patches/36_evp_leak.patch	Tue Mar 24 10:15:01 2015 -0700
+++ b/components/openssl/openssl-1.0.1-fips-140/patches/36_evp_leak.patch	Tue Mar 24 20:05:38 2015 -0700
@@ -1,144 +1,144 @@
 Patch developed in-house.  Solaris-specific; not suitable for upstream.
 
---- openssl-1.0.1f/crypto/evp/evp_enc.c.orig	Mon Feb 11 07:26:04 2013
-+++ openssl-1.0.1f/crypto/evp/evp_enc.c	Mon Feb  3 16:40:48 2014
[email protected]@ -394,10 +394,14 @@
- 		{
- 		ret = M_do_cipher(ctx, out, NULL, 0);
- 		if (ret < 0)
--			return 0;
-+			{
-+			ret = 0;
-+			goto cleanup;
-+			}
- 		else 
- 			*outl = ret;
--		return 1;
-+		ret = 1;
-+		goto cleanup;
- 		}
+--- openssl-1.0.1f/crypto/evp/evp_enc.c.orig    Mon Feb 11 07:26:04 2013
++++ openssl-1.0.1f/crypto/evp/evp_enc.c    Mon Feb  3 16:40:48 2014
[email protected]@ -379,11 +379,13 @@
+
+     if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
+         ret = M_do_cipher(ctx, out, NULL, 0);
+-        if (ret < 0)
+-            return 0;
+-        else
++        if (ret < 0) {
++            ret = 0;
++            goto cleanup;
++        } else
+             *outl = ret;
+-        return 1;
++        ret = 1;
++        goto cleanup;
+     }
+
+     b = ctx->cipher->block_size;
[email protected]@ -390,7 +392,8 @@
+     OPENSSL_assert(b <= sizeof ctx->buf);
+     if (b == 1) {
+         *outl = 0;
+-        return 1;
++        ret = 1;
++        goto cleanup;
+     }
+     bl = ctx->buf_len;
+     if (ctx->flags & EVP_CIPH_NO_PADDING) {
[email protected]@ -397,10 +400,12 @@
+         if (bl) {
+             EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,
+                    EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+-            return 0;
++            ret = 0;
++            goto cleanup;
+         }
+         *outl = 0;
+-        return 1;
++        ret = 1;
++        goto cleanup;
+     }
  
- 	b=ctx->cipher->block_size;
[email protected]@ -405,7 +409,8 @@
- 	if (b == 1)
- 		{
- 		*outl=0;
--		return 1;
-+		ret = 1;
-+		goto cleanup;
- 		}
- 	bl=ctx->buf_len;
- 	if (ctx->flags & EVP_CIPH_NO_PADDING)
[email protected]@ -413,10 +418,12 @@
- 		if(bl)
- 			{
- 			EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
--			return 0;
-+			ret = 0;
-+			goto cleanup;
- 			}
- 		*outl = 0;
--		return 1;
-+		ret = 1;
-+		goto cleanup;
- 		}
- 
- 	n=b-bl;
[email protected]@ -428,6 +435,12 @@
- 	if(ret)
- 		*outl=b;
+     n = b - bl;
[email protected]@ -411,6 +416,11 @@
+     if (ret)
+         *outl = b;
  
 +cleanup:
-+	if (ctx->cipher->cleanup)
-+		{
-+		ctx->cipher->cleanup(ctx);
-+		}
++    if (ctx->cipher->cleanup) {
++        ctx->cipher->cleanup(ctx);
++    }
 +
- 	return ret;
- 	}
- 
[email protected]@ -501,6 +501,7 @@
- int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
- 	{
- 	int i,n;
-+	int err = 1;
- 	unsigned int b;
- 	*outl=0;
+     return ret;
+ }
  
[email protected]@ -508,10 +509,14 @@
- 		{
- 		i = M_do_cipher(ctx, out, NULL, 0);
- 		if (i < 0)
--			return 0;
-+			{
-+			err = 0;
-+			goto cleanup;
-+			}
- 		else
- 			*outl = i;
--		return 1;
-+		err = 1;
-+		goto cleanup;
- 		}
[email protected]@ -478,6 +488,7 @@
+ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+ {
+     int i, n;
++    int err = 1;
+     unsigned int b;
+     *outl = 0;
  
- 	b=ctx->cipher->block_size;
[email protected]@ -520,10 +525,12 @@
- 		if(ctx->buf_len)
- 			{
- 			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
--			return 0;
-+			err = 0;
-+			goto cleanup;
- 			}
- 		*outl = 0;
--		return 1;
-+		err = 1;
-+		goto cleanup;
- 		}
- 	if (b > 1)
- 		{
[email protected]@ -530,7 +537,8 @@
- 		if (ctx->buf_len || !ctx->final_used)
- 			{
- 			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
--			return(0);
-+			err = 0;
-+			goto cleanup;
- 			}
- 		OPENSSL_assert(b <= sizeof ctx->final);
[email protected]@ -483,11 +494,13 @@
+
+     if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
+         i = M_do_cipher(ctx, out, NULL, 0);
+-        if (i < 0)
+-            return 0;
+-        else
++        if (i < 0) {
++            err = 0;
++            goto cleanup;
++        } else
+             *outl = i;
+-        return 1;
++        err = 1;
++        goto cleanup;
+     }
+
+     b = ctx->cipher->block_size;
[email protected]@ -495,10 +508,12 @@
+         if (ctx->buf_len) {
+             EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
+                    EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+-            return 0;
++            err = 0;
++            goto cleanup;
+         }
+         *outl = 0;
+-        return 1;
++        err = 1;
++        goto cleanup;
+     }
+     if (b > 1) {
+         if (ctx->buf_len || !ctx->final_used) {
[email protected]@ -503,7 +518,8 @@
+     if (b > 1) {
+         if (ctx->buf_len || !ctx->final_used) {
+             EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
+-            return (0);
++            err = 0;
++            goto cleanup;
+         }
+         OPENSSL_assert(b <= sizeof ctx->final);
  
[email protected]@ -542,7 +550,8 @@
- 		if (n == 0 || n > (int)b)
- 			{
- 			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
--			return(0);
-+			err = 0;
-+			goto cleanup;
- 			}
- 		for (i=0; i<n; i++)
- 			{
[email protected]@ -549,7 +558,8 @@
- 			if (ctx->final[--b] != n)
- 				{
- 				EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
--				return(0);
-+				err = 0;
-+				goto cleanup;
- 				}
- 			}
- 		n=ctx->cipher->block_size-n;
[email protected]@ -559,7 +569,13 @@
- 		}
- 	else
- 		*outl=0;
--	return(1);
-+	err = 1;
[email protected]@ -514,7 +530,8 @@
+         n = ctx->final[b - 1];
+         if (n == 0 || n > (int)b) {
+             EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
+-            return (0);
++            err = 0;
++            goto cleanup;
+         }
+         for (i = 0; i < n; i++) {
+             if (ctx->final[--b] != n) {
[email protected]@ -519,7 +536,8 @@
+         for (i = 0; i < n; i++) {
+             if (ctx->final[--b] != n) {
+                 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
+-                return (0);
++                err = 0;
++                goto cleanup;
+             }
+         }
+         n = ctx->cipher->block_size - n;
[email protected]@ -528,7 +546,12 @@
+         *outl = n;
+     } else
+         *outl = 0;
+-    return (1);
++    err = 1;
 +cleanup:
-+	if (ctx->cipher->cleanup)
-+		{
-+		ctx->cipher->cleanup(ctx);
-+		}
-+	return err;
- 	}
++    if (ctx->cipher->cleanup) {
++        ctx->cipher->cleanup(ctx);
++    }
++    return err;
+ }
  
  void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
--- a/components/openssl/openssl-1.0.1-fips-140/patches/38_remove_illegal_instruction_calls.patch	Tue Mar 24 10:15:01 2015 -0700
+++ b/components/openssl/openssl-1.0.1-fips-140/patches/38_remove_illegal_instruction_calls.patch	Tue Mar 24 20:05:38 2015 -0700
@@ -1,60 +1,157 @@
 #
-# This patch was developed in-house.
+# This patch was developed in house.
 # This is Solaris-specific: not suitable for upstream.
 #
---- openssl-1.0.1h/crypto/sparcv9cap.c.~1~	Mon Aug  4 15:18:42 2014
-+++ openssl-1.0.1h/crypto/sparcv9cap.c	Mon Aug  4 15:30:21 2014
[email protected]@ -5,6 +5,7 @@
- #include <signal.h>
+--- openssl-1.0.1g/crypto/sparcv9cap.c.~1~	Thu May  1 13:07:00 2014
++++ openssl-1.0.1g/crypto/sparcv9cap.c	Thu May  1 13:11:33 2014
[email protected]@ -2,9 +2,9 @@
+ #include <stdlib.h>
+ #include <string.h>
+ #include <setjmp.h>
+-#include <signal.h>
  #include <sys/time.h>
  #include <openssl/bn.h>
 +#include <sys/auxv.h>
  
- #define SPARCV9_TICK_PRIVILEGED	(1<<0)
- #define SPARCV9_PREFER_FPU	(1<<1)
[email protected]@ -31,7 +32,6 @@
- void		_sparcv9_vis1_probe(void);
- unsigned long	_sparcv9_vis1_instrument(void);
- void		_sparcv9_vis2_probe(void);
--void		_sparcv9_fmadd_probe(void);
+ #define SPARCV9_TICK_PRIVILEGED (1<<0)
+ #define SPARCV9_PREFER_FPU      (1<<1)
[email protected]@ -11,6 +11,7 @@
+ #define SPARCV9_VIS1            (1<<2)
+ #define SPARCV9_VIS2            (1<<3) /* reserved */
+ #define SPARCV9_FMADD           (1<<4) /* reserved for SPARC64 V */
++#define SPARCV9_BLK             (1<<5)
+ 
+ static int OPENSSL_sparcv9cap_P = SPARCV9_TICK_PRIVILEGED;
+ 
[email protected]@ -31,10 +31,7 @@
+ }
+
+ unsigned long _sparcv9_rdtick(void);
+-void _sparcv9_vis1_probe(void);
+ unsigned long _sparcv9_vis1_instrument(void);
+-void _sparcv9_vis2_probe(void);
+-void _sparcv9_fmadd_probe(void);
  
  unsigned long OPENSSL_rdtsc(void)
- 	{
[email protected]@ -171,6 +171,7 @@
- 	struct sigaction	common_act,ill_oact,bus_oact;
- 	sigset_t		all_masked,oset;
- 	static int trigger=0;
-+	uint_t ui = 0;
+ {
[email protected]@ -170,18 +167,11 @@
+
+ #else
+
+-static sigjmp_buf common_jmp;
+-static void common_handler(int sig)
+-{
+-    siglongjmp(common_jmp, sig);
+-}
+-
+ void OPENSSL_cpuid_setup(void)
+ {
+     char *e;
+-    struct sigaction common_act, ill_oact, bus_oact;
+-    sigset_t all_masked, oset;
+     static int trigger = 0;
++    uint_t ui = 0;
+
+     if (trigger)
+         return;
[email protected]@ -192,54 +182,24 @@
+         return;
+     }
  
- 	if (trigger) return;
- 	trigger=1;
[email protected]@ -183,6 +184,7 @@
- 
- 	/* Initial value, fits UltraSPARC-I&II... */
- 	OPENSSL_sparcv9cap_P = SPARCV9_PREFER_FPU|SPARCV9_TICK_PRIVILEGED;
-+	(void) getisax(&ui, 1);
++    (void) getisax(&ui, 1);
++
+     /* Initial value, fits UltraSPARC-I&II... */
+-    OPENSSL_sparcv9cap_P = SPARCV9_PREFER_FPU | SPARCV9_TICK_PRIVILEGED;
++    OPENSSL_sparcv9cap_P = SPARCV9_BLK;
  
- 	sigfillset(&all_masked);
- 	sigdelset(&all_masked,SIGILL);
[email protected]@ -222,11 +224,8 @@
- 			}
- 		}
+-    sigfillset(&all_masked);
+-    sigdelset(&all_masked, SIGILL);
+-    sigdelset(&all_masked, SIGTRAP);
+-# ifdef SIGEMT
+-    sigdelset(&all_masked, SIGEMT);
+-# endif
+-    sigdelset(&all_masked, SIGFPE);
+-    sigdelset(&all_masked, SIGBUS);
+-    sigdelset(&all_masked, SIGSEGV);
+-    sigprocmask(SIG_SETMASK, &all_masked, &oset);
+-
+-    memset(&common_act, 0, sizeof(common_act));
+-    common_act.sa_handler = common_handler;
+-    common_act.sa_mask = all_masked;
+-
+-    sigaction(SIGILL, &common_act, &ill_oact);
+-    sigaction(SIGBUS, &common_act, &bus_oact); /* T1 fails 16-bit ldda [on
+-                                                * Linux] */
+-
+-    if (sigsetjmp(common_jmp, 1) == 0) {
+-        _sparcv9_rdtick();
+-        OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED;
+-    }
+-
+-    if (sigsetjmp(common_jmp, 1) == 0) {
+-        _sparcv9_vis1_probe();
+-        OPENSSL_sparcv9cap_P |= SPARCV9_VIS1;
+-        /* detect UltraSPARC-Tx, see sparccpud.S for details... */
+-        if (_sparcv9_vis1_instrument() >= 12)
+-            OPENSSL_sparcv9cap_P &= ~(SPARCV9_VIS1 | SPARCV9_PREFER_FPU);
+-        else {
+-            _sparcv9_vis2_probe();
+-            OPENSSL_sparcv9cap_P |= SPARCV9_VIS2;
++    if (ui & AV_SPARC_VIS) {
++        /* detect UltraSPARC-Tx, see sparccpuid.S for details... */
++        if (_sparcv9_vis1_instrument() < 7)
++            OPENSSL_sparcv9cap_P |= SPARCV9_TICK_PRIVILEGED;
++        if (_sparcv9_vis1_instrument() < 12) {
++            OPENSSL_sparcv9cap_P |= SPARCV9_VIS1|SPARCV9_PREFER_FPU;
++            if (ui & AV_SPARC_VIS2)
++                OPENSSL_sparcv9cap_P |= SPARCV9_VIS2;
+         }
+     }
  
--	if (sigsetjmp(common_jmp,1) == 0)
--		{
--		_sparcv9_fmadd_probe();
-+	if (ui & AV_SPARC_FMAF)
- 		OPENSSL_sparcv9cap_P |= SPARCV9_FMADD;
--		}
+-    if (sigsetjmp(common_jmp, 1) == 0) {
+-        _sparcv9_fmadd_probe();
++    if (ui & AV_SPARC_FMAF)
+         OPENSSL_sparcv9cap_P |= SPARCV9_FMADD;
+-    }
+-
+-    sigaction(SIGBUS, &bus_oact, NULL);
+-    sigaction(SIGILL, &ill_oact, NULL);
+-
+-    sigprocmask(SIG_SETMASK, &oset, NULL);
+ }
+ 
+ #endif
+--- openssl-1.0.1g/crypto/sparccpuid.S.~1~      Thu May  1 13:07:00 2014
++++ openssl-1.0.1g/crypto/sparccpuid.S  Thu May  1 13:11:33 2014
[email protected]@ -232,16 +232,6 @@
+ .type	_sparcv9_rdtick,#function
+ .size	_sparcv9_rdtick,.-_sparcv9_rdtick
  
- 	sigaction(SIGBUS,&bus_oact,NULL);
- 	sigaction(SIGILL,&ill_oact,NULL);
---- openssl-1.0.1h/crypto/sparccpuid.S.~1~	Mon Aug  4 15:18:57 2014
-+++ openssl-1.0.1h/crypto/sparccpuid.S	Mon Aug  4 15:30:34 2014
[email protected]@ -304,16 +304,6 @@
- .type	_sparcv9_vis2_probe,#function
- .size	_sparcv9_vis2_probe,.-_sparcv9_vis2_probe
+-.global	_sparcv9_vis1_probe
+-.align	8
+-_sparcv9_vis1_probe:
+-	add	%sp,BIAS+2,%o1
+-	.word	0xc19a5a40	!ldda	[%o1]ASI_FP16_P,%f0
+-	retl
+-	.word	0x81b00d80	!fxor	%f0,%f0,%f0
+-.type	_sparcv9_vis1_probe,#function
+-.size	_sparcv9_vis1_probe,.-_sparcv9_vis1_probe
+-
+ ! Probe and instrument VIS1 instruction. Output is number of cycles it
+ ! takes to execute rdtick and pair of VIS1 instructions. US-Tx VIS unit
+ ! is slow (documented to be 6 cycles on T2) and the core is in-order
[email protected]@ -296,24 +286,6 @@
+ .type	_sparcv9_vis1_instrument,#function
+ .size	_sparcv9_vis1_instrument,.-_sparcv9_vis1_instrument
  
+-.global	_sparcv9_vis2_probe
+-.align	8
+-_sparcv9_vis2_probe:
+-	retl
+-	.word	0x81b00980	!bshuffle	%f0,%f0,%f0
+-.type	_sparcv9_vis2_probe,#function
+-.size	_sparcv9_vis2_probe,.-_sparcv9_vis2_probe
+-
 -.global	_sparcv9_fmadd_probe
 -.align	8
 -_sparcv9_fmadd_probe:
--- a/components/openssl/openssl-1.0.1/Makefile	Tue Mar 24 10:15:01 2015 -0700
+++ b/components/openssl/openssl-1.0.1/Makefile	Tue Mar 24 20:05:38 2015 -0700
@@ -28,15 +28,15 @@
 # When upgrading OpenSSL, please, DON'T FORGET TO TEST WANBOOT too. 
 # For more information about wanboot-openssl testing, please refer to
 # ../README.
-COMPONENT_VERSION =	1.0.1k
+COMPONENT_VERSION =	1.0.1m
 # Version for IPS. It is easier to do it manually than convert the letter to a
 # number while taking into account that there might be no letter at all.
-IPS_COMPONENT_VERSION = 1.0.1.11
+IPS_COMPONENT_VERSION = 1.0.1.13
 COMPONENT_PROJECT_URL=	http://www.openssl.org/
 COMPONENT_SRC =		$(COMPONENT_NAME)-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE =	$(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH=	\
-    sha256:8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c
+    sha256:095f0b7b09116c0c5526422088058dc7e6e000aa14d22acca6a4e2babcdfef74
 
 COMPONENT_ARCHIVE_URL =	$(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
 COMPONENT_BUGDB=	library/openssl
--- a/components/openssl/openssl-1.0.1/openssl-1.0.1.p5m	Tue Mar 24 10:15:01 2015 -0700
+++ b/components/openssl/openssl-1.0.1/openssl-1.0.1.p5m	Tue Mar 24 20:05:38 2015 -0700
@@ -30,7 +30,7 @@
     value="OpenSSL is a full-featured toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library."
 set name=pkg.human-version value=$(COMPONENT_VERSION)
 set name=com.oracle.info.description value=OpenSSL
-set name=com.oracle.info.tpno value=21111 
+set name=com.oracle.info.tpno value=21965 
 set name=info.classification value=org.opensolaris.category.2008:System/Security
 set name=info.source-url value=$(COMPONENT_ARCHIVE_URL)
 set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
--- a/components/openssl/openssl-1.0.1/patches/15-pkcs11_engine-0.9.8a.patch	Tue Mar 24 10:15:01 2015 -0700
+++ b/components/openssl/openssl-1.0.1/patches/15-pkcs11_engine-0.9.8a.patch	Tue Mar 24 20:05:38 2015 -0700
@@ -1,3 +1,7 @@
+#
+# This patch file adds the Solaris's pkcs11 engine.
+# This is Solaris-specific (developed in house): not suitable for upstream.
+#
 --- /tmp/Configure	Fri Feb 11 14:40:39 2011
 +++ openssl-1.0.0d/Configure	Fri Feb 11 14:41:36 2011
 @@ -10,7 +10,7 @@
@@ -29,7 +33,7 @@
  my $prefix="";
  my $libdir="";
  my $openssldir="";
[email protected]@ -876,6 +879,10 @@
[email protected]@ -882,6 +888,10 @@
 				$_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
 				$flags.=$_." ";
 				}
@@ -40,7 +44,7 @@
 			elsif (/^--prefix=(.*)$/)
 				{
 				$prefix=$1;
[email protected]@ -1043,6 +1054,13 @@
[email protected]@ -1049,6 +1059,13 @@
  	exit 0;
  }
  
@@ -54,7 +58,7 @@
  if ($target =~ m/^CygWin32(-.*)$/) {
  	$target = "Cygwin".$1;
  }
[email protected]@ -1209,6 +1226,8 @@
[email protected]@ -1215,6 +1232,8 @@
  if ($flags ne "")	{ $cflags="$flags$cflags"; }
  else			{ $no_user_cflags=1;       }
  
@@ -63,7 +67,7 @@
  # Kerberos settings.  The flavor must be provided from outside, either through
  # the script "config" or manually.
  if (!$no_krb5)
[email protected]@ -1598,6 +1617,7 @@
[email protected]@ -1604,6 +1623,7 @@
  	s/^VERSION=.*/VERSION=$version/;
  	s/^MAJOR=.*/MAJOR=$major/;
  	s/^MINOR=.*/MINOR=$minor/;
@@ -83,8 +87,8 @@
  # Do not edit this manually. Use Configure --openssldir=DIR do change this!
  OPENSSLDIR=/usr/local/ssl
  
---- openssl-1.0.1f/engines/Makefile.~1~	Thu Jan 30 10:42:05 2014
-+++ openssl-1.0.1f/engines/Makefile	Thu Jan 30 10:45:27 2014
+--- /tmp/Makefile	Mon Feb 14 14:59:22 2011
++++ openssl-1.0.0d/engines/Makefile	Mon Feb 14 15:00:35 2011
 @@ -26,7 +26,8 @@
  APPS=
  
@@ -134,15 +138,15 @@
  				link_o.$(SHLIB_TARGET); \
  		done; \
  	else \
---- openssl-1.0.1f/crypto/engine/eng_all.c.~1~	Thu Jan 30 10:55:48 2014
-+++ openssl-1.0.1f/crypto/engine/eng_all.c	Thu Jan 30 10:57:29 2014
[email protected]@ -59,6 +59,16 @@
+--- crypto/engine/eng_all.c Thu Sep  5 12:59:50 2013
++++ openssl-1.0.1e/crypto/engine/eng_all.c Thu Sep  5 12:59:50 2013
[email protected]@ -60,6 +60,16 @@
  #include "cryptlib.h"
  #include "eng_int.h"
- 
+
 +/*
 + * pkcs11 engine no longer is a built-in engine, and ENGINE_load_pk11() needs to be
-+ * defined in libcrypto.so for ssh. Instead of load pkcs11 engine, it loads dynamic
++ * defined in libcrypto.so for ssh.  Instead of load pkcs11 engine, it load dynamic
 + * engines.
 + */
 +void ENGINE_load_pk11(void)
@@ -151,42 +155,40 @@
 +	}
 +
  void ENGINE_load_builtin_engines(void)
- 	{
- 	/* Some ENGINEs need this */
---- openssl-1.0.1f/crypto/dso/dso_lib.c.~1~	Thu Jan 30 11:04:41 2014
-+++ openssl-1.0.1f/crypto/dso/dso_lib.c	Thu Jan 30 11:29:40 2014
[email protected]@ -426,6 +426,26 @@
- 		DSOerr(DSO_F_DSO_CONVERT_FILENAME,DSO_R_NO_FILENAME);
- 		return(NULL);
- 		}
-+/*
-+ * For pkcs11 engine, use libpk11.so (instead of libpkcs11.so) to
-+ * avoid the name collision with PKCS#11 library.
-+ */
-+	if (strcmp(filename, "pkcs11") == 0)
-+		{
-+#ifdef _LP64
-+		static const char fullpath[] = "/lib/openssl/engines/64/libpk11.so";
+ {
+     /* Some ENGINEs need this */
+--- crypto/dso/dso_lib.c Thu Sep  5 12:59:50 2013
++++ openssl-1.0.1e/crypto/dso/dso_lib.c Thu Sep  5 12:59:50 2013
[email protected]@ -396,6 +396,24 @@
+         DSOerr(DSO_F_DSO_CONVERT_FILENAME, DSO_R_NO_FILENAME);
+         return (NULL);
+     }
++    /*
++     * For pkcs11 engine, use libpk11.so (instead of libpkcs11.so) to
++     * avoid the name collision with PKCS#11 library.
++     */
++    if (strcmp(filename, "pkcs11") == 0) {
++#ifdef  _LP64
++        static const char fullpath[] = "/lib/openssl/engines/64/libpk11.so";
 +#else
-+		static const char fullpath[] = "/lib/openssl/engines/libpk11.so";
++        static const char fullpath[] = "/lib/openssl/engines/libpk11.so";
 +#endif
-+		result = OPENSSL_malloc(strlen(fullpath) + 1);
-+		if (result == NULL)
-+			{
-+			DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE);
-+			return(NULL);
-+			}
-+		BUF_strlcpy(result, fullpath, sizeof(fullpath));
-+		return(result);
-+		}
- 	if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0)
- 		{
- 		if(dso->name_converter != NULL)
++        result = OPENSSL_malloc(strlen(fullpath) + 1);
++        if(result == NULL) {
++            DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE);
++            return(NULL);
++        }
++        BUF_strlcpy(result, fullpath, strlen(fullpath) + 1);
++        return (result);
++    }
+     if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
+         if (dso->name_converter != NULL)
+             result = dso->name_converter(dso, filename);
 --- /tmp/engine.h       Fri Feb 11 14:46:24 2011
 +++ openssl-1.0.0d/crypto/engine/engine.h       Fri Feb 11 14:47:32 2011
[email protected]@ -351,6 +351,7 @@
- #endif
- #endif
[email protected]@ -413,6 +413,7 @@
+ #  endif
+ # endif
  void ENGINE_load_cryptodev(void);
 +void ENGINE_load_pk11(void);
  void ENGINE_load_rsax(void);
--- a/components/openssl/openssl-1.0.1/patches/18-compiler_opts.patch	Tue Mar 24 10:15:01 2015 -0700
+++ b/components/openssl/openssl-1.0.1/patches/18-compiler_opts.patch	Tue Mar 24 20:05:38 2015 -0700
@@ -1,3 +1,7 @@
+#
+# This was developed in house to support Solaris-specific options.
+# Not suitable for upstream.
+#
 --- openssl-1.0.0d/Configure	Thu Feb 10 20:02:41 2011
 +++ /tmp/Configure	Thu Feb 10 20:01:51 2011
 @@ -257,6 +257,19 @@
@@ -19,4 +23,4 @@
 +
  #### IRIX 5.x configs
  # -mips2 flag is added by ./config when appropriate.
- "irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "irix-gcc","gcc:-O3 -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--- a/components/openssl/openssl-1.0.1/patches/28-enginesdir.patch	Tue Mar 24 10:15:01 2015 -0700
+++ b/components/openssl/openssl-1.0.1/patches/28-enginesdir.patch	Tue Mar 24 20:05:38 2015 -0700
@@ -1,3 +1,7 @@
+#
+# This was developed in house to configure the engine dir.
+# Not suitable for upstream.
+#
 --- /tmp/18/Configure	Fri Feb 11 15:15:50 2011
 +++ openssl-1.0.0d/Configure	Fri Feb 11 15:18:09 2011
 @@ -18,6 +18,8 @@
@@ -17,7 +21,7 @@
  my $exe_ext="";
  my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
  my $cross_compile_prefix="";
[email protected]@ -911,6 +911,10 @@
[email protected]@ -917,6 +920,10 @@
  				{
  				$openssldir=$1;
  				}
@@ -28,7 +32,7 @@
  			elsif (/^--install.prefix=(.*)$/)
  				{
  				$install_prefix=$1;
[email protected]@ -1218,6 +1225,10 @@
[email protected]@ -1224,6 +1231,10 @@
  # we're ready to tolerate, so don't...
  $multilib="" if !-d "$prefix/lib$multilib";
  
@@ -39,7 +43,7 @@
  $libdir="lib$multilib" if $libdir eq "";
  
  $cflags = "$cflags$exp_cflags";
[email protected]@ -1837,7 +1848,7 @@
[email protected]@ -1846,7 +1857,7 @@
  		}
  	elsif	(/^#define\s+ENGINESDIR/)
  		{
--- a/components/openssl/openssl-1.0.1/patches/29_fork_safe.patch	Tue Mar 24 10:15:01 2015 -0700
+++ b/components/openssl/openssl-1.0.1/patches/29_fork_safe.patch	Tue Mar 24 20:05:38 2015 -0700
@@ -1,6 +1,6 @@
 #
 # This file adds the code to setup internal mutexes and callback function.
-# 	PSARC/2014/077
+#	PSARC/2014/077
 # This change was implemented in-house.  The issue was brought up to
 # the upstream engineers, but there was no commitment.
 #
@@ -13,18 +13,19 @@
 +#include <pthread.h>
  
  #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
- static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
[email protected]@ -181,6 +182,7 @@
-    numbers.  */
- static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL;
+ static double SSLeay_MSVC5_hack = 0.0; /* and for VC1.5 */
[email protected]@ -184,6 +185,8 @@
+  */
+ static STACK_OF(CRYPTO_dynlock) *dyn_locks = NULL;
  
 +static pthread_mutex_t *solaris_openssl_locks;
- 
- static void (MS_FAR *locking_callback)(int mode,int type,
- 	const char *file,int line)=0;
[email protected]@ -406,6 +409,79 @@
- 	return(add_lock_callback);
- 	}
++
+ static void (MS_FAR *locking_callback) (int mode, int type,
+                                         const char *file, int line) = 0;
+ static int (MS_FAR *add_lock_callback) (int *pointer, int amount,
[email protected]@ -402,6 +405,79 @@
+     return (add_lock_callback);
+ }
 
 +/*
 + * This is the locking callback function which all applications will be
@@ -97,24 +98,24 @@
 +		}
 +	locking_callback = solaris_locking_callback;
 +
-+	}
++}
 +
- void CRYPTO_set_locking_callback(void (*func)(int mode,int type,
- 					      const char *file,int line))
- 	{
[email protected]@ -413,7 +478,11 @@
- 	 * are started.
- 	 */
- 	OPENSSL_init();
--	locking_callback=func;
+ void CRYPTO_set_locking_callback(void (*func) (int mode, int type,
+                                                const char *file, int line))
+ {
[email protected]@ -410,7 +486,11 @@
+      * started.
+      */
+     OPENSSL_init();
+-    locking_callback = func;
 +
 +	/*
 +	 * we now setup our own locking callback and mutexes, and disallow
 +	 * setting of another locking callback.
 +	 */
- 	}
+ }
  
- void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type,
+ void CRYPTO_set_add_lock_callback(int (*func) (int *num, int mount, int type,
 --- openssl-1.0.1f/crypto/cryptlib.h.~1~	Fri Feb  7 10:41:42 2014
 +++ openssl-1.0.1f/crypto/cryptlib.h	Thu Feb  6 16:04:16 2014
 @@ -104,6 +104,8 @@
--- a/components/openssl/openssl-1.0.1/patches/30_wanboot.patch	Tue Mar 24 10:15:01 2015 -0700
+++ b/components/openssl/openssl-1.0.1/patches/30_wanboot.patch	Tue Mar 24 20:05:38 2015 -0700
@@ -36,7 +36,7 @@
 
 --- openssl-1.0.0e/crypto/cryptlib.c	2011-06-22 08:39:00.000000000 -0700
 +++ openssl-1.0.0e_patched/crypto/cryptlib.c	2011-12-12 06:17:45.422476900 -0800
[email protected]@ -415,6 +415,7 @@
[email protected]@ -412,6 +412,7 @@
  static void solaris_locking_callback(int mode, int type, const char *file,
      int line)
  	{
@@ -44,15 +44,15 @@
  	if (mode & CRYPTO_LOCK)
  		{
  		pthread_mutex_lock(&solaris_openssl_locks[type]);
[email protected]@ -423,6 +424,7 @@
[email protected]@ -420,6 +421,7 @@
  		{
  		pthread_mutex_unlock(&solaris_openssl_locks[type]);
  		}
 +#endif
  	}
-
-
[email protected]@ -456,6 +458,12 @@
+ 
+ 
[email protected]@ -453,6 +455,12 @@
  		}
  
  	/*
@@ -65,164 +65,169 @@
  	 * Set atfork handler so that child can setup its own mutexes and
  	 * locking callbacks when it is forked
  	 */
[email protected]@ -478,7 +486,7 @@
[email protected]@ -475,7 +483,7 @@
  		pthread_mutex_init(&solaris_openssl_locks[i], NULL);
  		}
  	locking_callback = solaris_locking_callback;
 -
 +#endif
- 	}
+ }
  
- void CRYPTO_set_locking_callback(void (*func)(int mode,int type,
[email protected]@ -979,6 +979,10 @@
- 	MessageBox (NULL,buf,_T("OpenSSL: FATAL"),MB_OK|MB_ICONSTOP);
+ void CRYPTO_set_locking_callback(void (*func) (int mode, int type,
[email protected]@ -1021,6 +1029,12 @@
+         MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONSTOP);
  }
  #else
-+/* Solaris libsa.a used for WAN boot doesn't provide for vfprintf(). Since
-+ *  * OPENSSL_showfatal() is not used anywhere else then here we can safely use
-+ *   * the code from 0.9.7d version. */
++/*
++ * Solaris libsa.a used for WAN boot doesn't provide for vfprintf(). Since
++ * OPENSSL_showfatal() is not used anywhere else then here we can safely use
++ * the code from 0.9.7d version.
++ */
 +#ifndef	_BOOT
- void OPENSSL_showfatal (const char *fmta,...)
- { va_list ap;
- 
[email protected]@ -986,14 +990,21 @@
-     vfprintf (stderr,fmta,ap);
-     va_end (ap);
+ void OPENSSL_showfatal(const char *fmta, ...)
+ {
+     va_list ap;
[email protected]@ -1029,6 +1043,7 @@
+     vfprintf(stderr, fmta, ap);
+     va_end(ap);
  }
 +#endif	/* _BOOT */
- int OPENSSL_isservice (void) { return 0; }
- #endif
+ 
+ int OPENSSL_isservice(void)
+ {
[email protected]@ -1038,9 +1053,15 @@
  
- void OpenSSLDie(const char *file,int line,const char *assertion)
- 	{
+ void OpenSSLDie(const char *file, int line, const char *assertion)
+ {
 +#ifndef	_BOOT		
- 	OPENSSL_showfatal(
- 		"%s(%d): OpenSSL internal error, assertion failed: %s\n",
- 		file,line,assertion);
+     OPENSSL_showfatal
+         ("%s(%d): OpenSSL internal error, assertion failed: %s\n", file, line,
+          assertion);
 +#else
 +	fprintf(stderr,
 +		"%s(%d): OpenSSL internal error, assertion failed: %s\n",
 +		file,line,assertion);
 +#endif	
  #if !defined(_WIN32) || defined(__CYGWIN__)
- 	abort();
+     abort();
  #else
 --- openssl-1.0.0e/crypto/err/err_all.c	2009-08-09 07:58:05.000000000 -0700
 +++ openssl-1.0.0e_patched/crypto/err/err_all.c	2011-12-13 05:22:01.205351400 -0800
 @@ -148,7 +148,9 @@
- 	ERR_load_X509V3_strings();
- 	ERR_load_PKCS12_strings();
- 	ERR_load_RAND_strings();
+     ERR_load_X509V3_strings();
+     ERR_load_PKCS12_strings();
+     ERR_load_RAND_strings();
 +#ifndef _BOOT
- 	ERR_load_DSO_strings();
+     ERR_load_DSO_strings();
 +#endif /* _BOOT */
- 	ERR_load_TS_strings();
- #ifndef OPENSSL_NO_ENGINE
- 	ERR_load_ENGINE_strings();
+     ERR_load_TS_strings();
+ # ifndef OPENSSL_NO_ENGINE
+     ERR_load_ENGINE_strings();
 --- openssl-1.0.0e/crypto/evp/evp_key.c	2010-03-27 12:27:50.000000000 -0700
 +++ openssl-1.0.0e_patched/crypto/evp/evp_key.c	2011-12-13 05:19:32.956908600 -0800
[email protected]@ -84,7 +84,7 @@
- 	else
- 		return(prompt_string);
- 	}
[email protected]@ -83,7 +83,7 @@
+     else
+         return (prompt_string);
+ }
 -
 +#ifndef	_BOOT
- /* For historical reasons, the standard function for reading passwords is
-  * in the DES library -- if someone ever wants to disable DES,
-  * this function will fail */
[email protected]@ -111,6 +111,7 @@
- 	OPENSSL_cleanse(buff,BUFSIZ);
- 	return ret;
- 	}
+ /*
+  * For historical reasons, the standard function for reading passwords is in
+  * the DES library -- if someone ever wants to disable DES, this function
[email protected]@ -115,6 +115,7 @@
+     OPENSSL_cleanse(buff, BUFSIZ);
+     return ret;
+ }
 +#endif	/* !_BOOT */
  
- int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, 
- 	     const unsigned char *salt, const unsigned char *data, int datal,
+ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
+                    const unsigned char *salt, const unsigned char *data,
 --- openssl-1.0.0e/crypto/rand/rand_unix.c	2009-04-06 07:31:36.000000000 -0700
 +++ openssl-1.0.0e_patched/crypto/rand/rand_unix.c	2011-12-19 07:28:39.988944800 -0800
 @@ -122,7 +122,11 @@
- #include <sys/time.h>
- #include <sys/times.h>
- #include <sys/stat.h>
+ # include <sys/time.h>
+ # include <sys/times.h>
+ # include <sys/stat.h>
 +#ifdef	_BOOT
-+#include <sys/fcntl.h>
++# include <sys/fcntl.h>
 +#else
- #include <fcntl.h>
+ # include <fcntl.h>
 +#endif
- #include <unistd.h>
- #include <time.h>
- #if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually everywhere */
[email protected]@ -253,6 +257,11 @@
- 	const char **egdsocket = NULL;
- #endif
+ # include <unistd.h>
+ # include <time.h>
+ # if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually
[email protected]@ -259,6 +263,11 @@
+     const char **egdsocket = NULL;
+ #  endif
  
 +#ifdef _BOOT
 +/* open() is provided by standalone libsa not visible from here */
 +extern int open(const char *, int);
 +#endif
 +
- #ifdef DEVRANDOM
- 	memset(randomstats,0,sizeof(randomstats));
- 	/* Use a random entropy pool device. Linux, FreeBSD and OpenBSD
[email protected]@ -295,9 +304,13 @@
- 				{
- 				int try_read = 0;
- 
--#if defined(OPENSSL_SYS_BEOS_R5)
-+#if defined(OPENSSL_SYS_BEOS_R5) || defined(_BOOT)
- 				/* select() is broken in BeOS R5, so we simply
- 				 *  try to read something and snooze if we couldn't */
-+				/* 
-+				 * select() is not available when linking stand-alone
-+				 * library for wanboot 
-+				 */
- 				try_read = 1;
+ #  ifdef DEVRANDOM
+     memset(randomstats, 0, sizeof(randomstats));
+     /*
[email protected]@ -307,11 +316,15 @@
+             do {
+                 int try_read = 0;
+
+-#   if defined(OPENSSL_SYS_BEOS_R5)
++#   if defined(OPENSSL_SYS_BEOS_R5) || defined(_BOOT)
+                 /*
+                  * select() is broken in BeOS R5, so we simply try to read
+                  * something and snooze if we couldn't
+                  */
++               /*
++                * select() is not available when linking stand-alone
++                * library for wanboot
++                */
+                 try_read = 1;
  
- #elif defined(OPENSSL_SYS_LINUX)
[email protected]@ -355,6 +368,7 @@
- 				else
- 					r = -1;
- 				
-+#ifndef	_BOOT				
- 				/* Some Unixen will update t in select(), some
- 				   won't.  For those who won't, or if we
- 				   didn't use select() in the first place,
[email protected]@ -366,13 +380,17 @@
- 				}
- 			while ((r > 0 ||
- 			       (errno == EINTR || errno == EAGAIN)) && usec != 0 && n < ENTROPY_NEEDED);
-+#else	/* _BOOT */
-+				}
-+			while (r > 0 && n < ENTROPY_NEEDED);
-+#endif	/* _BOOT */			
- 
- 			close(fd);
- 			}
- 		}
- #endif /* defined(DEVRANDOM) */
- 
--#ifdef DEVRANDOM_EGD
-+#if defined(DEVRANDOM_EGD) && !defined(_BOOT)
- 	/* Use an EGD socket to read entropy from an EGD or PRNGD entropy
- 	 * collecting daemon. */
- 
[email protected]@ -395,6 +413,7 @@
- 		}
- #endif
+ #   elif defined(OPENSSL_SYS_LINUX)
[email protected]@ -365,6 +378,7 @@
+                 } else
+                     r = -1;
+
++#ifndef        _BOOT
+                 /*
+                  * Some Unixen will update t in select(), some won't.  For
+                  * those who won't, or if we didn't use select() in the first
[email protected]@ -377,13 +391,17 @@
+             while ((r > 0 ||
+                     (errno == EINTR || errno == EAGAIN)) && usec != 0
+                    && n < ENTROPY_NEEDED);
++#else  /* _BOOT */
++            }
++            while (r > 0 && n < ENTROPY_NEEDED);
++#endif /* _BOOT */
+
+             close(fd);
+         }
+     }
+ #  endif                        /* defined(DEVRANDOM) */
+
+-#  ifdef DEVRANDOM_EGD
++#  if defined(DEVRANDOM_EGD) && !defined(_BOOT)
+     /*
+      * Use an EGD socket to read entropy from an EGD or PRNGD entropy
+      * collecting daemon.
[email protected]@ -407,6 +424,7 @@
+     }
+ #  endif
  
 +#ifndef	_BOOT
- 	/* put in some default random data, we need more than just this */
- 	l=curr_pid;
- 	RAND_add(&l,sizeof(l),0.0);
[email protected]@ -403,6 +422,7 @@
+     /* put in some default random data, we need more than just this */
+     l = curr_pid;
+     RAND_add(&l, sizeof(l), 0.0);
[email protected]@ -415,6 +433,7 @@
  
- 	l=time(NULL);
- 	RAND_add(&l,sizeof(l),0.0);
+     l = time(NULL);
+     RAND_add(&l, sizeof(l), 0.0);
 +#endif /* !_BOOT */	
  
- #if defined(OPENSSL_SYS_BEOS)
- 	{
-
+ #  if defined(OPENSSL_SYS_BEOS)
+     {
 --- openssl-1.0.0e/crypto/rand/randfile.c	2011-03-19 02:44:37.000000000 -0700
 +++ openssl-1.0.0e_patched/crypto/rand/randfile.c	2011-12-13 05:26:51.884824200 -0800
 @@ -57,9 +57,11 @@
@@ -231,137 +236,135 @@
  /* We need to define this to get macros like S_IFBLK and S_IFCHR */
 +#ifndef	_BOOT
  #if !defined(OPENSSL_SYS_VXWORKS)
- #define _XOPEN_SOURCE 500
+ # define _XOPEN_SOURCE 500
  #endif
 +#endif	/* _BOOT */
  
  #include <errno.h>
  #include <stdio.h>
[email protected]@ -179,6 +181,7 @@
- 	return(ret);
- 	}
[email protected]@ -191,6 +193,7 @@
+     return (ret);
+ }
  
 +#ifndef	_BOOT
  int RAND_write_file(const char *file)
- 	{
- 	unsigned char buf[BUFSIZE];
[email protected]@ -327,3 +330,5 @@
+ {
+     unsigned char buf[BUFSIZE];
[email protected]@ -335,3 +338,5 @@
  #endif
- 	return(buf);
- 	}
+     return (buf);
+ }
 +
 +#endif /* _BOOT */
 --- openssl-1.0.0e/crypto/x509v3/v3_utl.c	2009-07-27 14:08:53.000000000 -0700
 +++ openssl-1.0.0e_patched/crypto/x509v3/v3_utl.c	2011-12-13 05:10:08.844191400 -0800
[email protected]@ -659,9 +659,52 @@
- 		}
- 	}
[email protected]@ -715,9 +715,50 @@
+     }
+ }
  
 +#if	defined(_BOOT)
 +/* This function was copied from bio/b_sock.c */
 +static int get_ip(const char *str, unsigned char ip[4])
-+	{
-+	unsigned int tmp[4];
-+	int num=0,c,ok=0;
++{
++    unsigned int tmp[4];
++    int num = 0, c, ok = 0;
 +
-+	tmp[0]=tmp[1]=tmp[2]=tmp[3]=0;
++    tmp[0]=tmp[1]=tmp[2]=tmp[3]=0;
 +
-+	for (;;)
-+		{
-+		c= *(str++);
-+		if ((c >= '0') && (c <= '9'))
-+			{
-+			ok=1;
-+			tmp[num]=tmp[num]*10+c-'0';
-+			if (tmp[num] > 255) return(0);
-+			}
-+		else if (c == '.')
-+			{
-+			if (!ok) return(-1);
-+			if (num == 3) return(0);
-+			num++;
-+			ok=0;
-+			}
-+		else if (c == '\0' && (num == 3) && ok)
-+			break;
-+		else
-+			return(0);
-+		}
-+	ip[0]=tmp[0];
-+	ip[1]=tmp[1];
-+	ip[2]=tmp[2];
-+	ip[3]=tmp[3];
-+	return(1);
-+	}
++    for (;;) {
++        c = *(str++);
++        if ((c >= '0') && (c <= '9')) {
++            ok = 1;
++            tmp[num] = tmp[num]*10+c-'0';
++            if (tmp[num] > 255)
++                return(0);
++        } else if (c == '.') {
++            if (!ok)
++                return (-1);
++            if (num == 3)
++                return (0);
++            num++;
++            ok = 0;
++        } else if (c == '\0' && (num == 3) && ok)
++            break;
++        else
++            return(0);
++        }
++    ip[0]=tmp[0];
++    ip[1]=tmp[1];
++    ip[2]=tmp[2];
++    ip[3]=tmp[3];
++    return(1);
++}
 +#endif /* _BOOT */
 +
  static int ipv4_from_asc(unsigned char *v4, const char *in)
- 	{
- 	int a0, a1, a2, a3;
+ {
+     int a0, a1, a2, a3;
 +
 +#if	defined(_BOOT)
 +	if (get_ip(in, v4) != 1)
 +		return 0;
 +#else	/* _BOOT */
- 	if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
- 		return 0;
- 	if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255)
[email protected]@ -671,6 +716,7 @@
- 	v4[1] = a1;
- 	v4[2] = a2;
- 	v4[3] = a3;
+     if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
+         return 0;
+     if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255)
[email protected]@ -727,6 +768,7 @@
+     v4[1] = a1;
+     v4[2] = a2;
+     v4[3] = a3;
 +#endif	/* _BOOT */
- 	return 1;
- 	}
- 
+     return 1;
+ }
+
 --- openssl-1.0.0e/e_os.h	2011-12-19 04:17:51.631087400 -0800
 +++ openssl-1.0.0e_patched/e_os.h	2011-12-19 04:15:15.776668900 -0800
[email protected]@ -206,10 +206,19 @@
- #define get_last_socket_error()	errno
- #define clear_socket_error()	errno=0
- #define ioctlsocket(a,b,c)	ioctl(a,b,c)
[email protected]@ -213,10 +213,19 @@
+ #  define get_last_socket_error() errno
+ #  define clear_socket_error()    errno=0
+ #  define ioctlsocket(a,b,c)      ioctl(a,b,c)
 +#ifdef	_BOOT
 +#include <netinet/in.h>
 +extern int socket_read(int, void *, size_t, int);
 +extern int socket_close(int);
-+#define	closesocket(s)		socket_close(s)
-+#define	readsocket(s,b,n)	socket_read((s),(b),(n), 200)
-+#define	writesocket(s,b,n)	send((s),(b),(n), 0)
++#  define closesocket(s)          socket_close(s)
++#  define readsocket(s,b,n)       socket_read((s),(b),(n), 200)
++#  define writesocket(s,b,n)      send((s),(b),(n), 0)
 +#else  /* !_BOOT */
- #define closesocket(s)		close(s)
- #define readsocket(s,b,n)	read((s),(b),(n))
- #define writesocket(s,b,n)	write((s),(b),(n))
- #endif
+ #  define closesocket(s)          close(s)
+ #  define readsocket(s,b,n)       read((s),(b),(n))
+ #  define writesocket(s,b,n)      write((s),(b),(n))
+ # endif
 +#endif
  
- #ifdef WIN16 /* never the case */
- #  define MS_CALLBACK	_far _loadds
+ # ifdef WIN16                   /* never the case */
+ #  define MS_CALLBACK   _far _loadds
 --- openssl-1.0.0e/crypto/sparcv9cap.c	2010-09-05 12:48:01.000000000 -0700
 +++ openssl-1.0.0e_patched/crypto/sparcv9cap.c	2011-12-23 05:24:02.011607700 -0800
 @@ -12,7 +12,11 @@
- #define SPARCV9_VIS2		(1<<3)	/* reserved */
- #define SPARCV9_FMADD		(1<<4)	/* reserved for SPARC64 V */
- 
-+#ifndef	_BOOT
- static int OPENSSL_sparcv9cap_P=SPARCV9_TICK_PRIVILEGED;
+ #define SPARCV9_VIS2            (1<<3) /* reserved */
+ #define SPARCV9_FMADD           (1<<4) /* reserved for SPARC64 V */
+
++#ifndef        _BOOT
+ static int OPENSSL_sparcv9cap_P = SPARCV9_TICK_PRIVILEGED;
 +#else
 +static int OPENSSL_sparcv9cap_P = SPARCV9_VIS1;
 +#endif
  
- int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num)
- 	{
[email protected]@ -33,6 +37,7 @@
- void		_sparcv9_vis2_probe(void);
- void		_sparcv9_fmadd_probe(void);
+ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                 const BN_ULONG *np, const BN_ULONG *n0, int num)
[email protected]@ -36,6 +40,7 @@
+ void _sparcv9_vis2_probe(void);
+ void _sparcv9_fmadd_probe(void);
  
 +#ifndef _BOOT
  unsigned long OPENSSL_rdtsc(void)
- 	{
- 	if (OPENSSL_sparcv9cap_P&SPARCV9_TICK_PRIVILEGED)
[email protected]@ -44,8 +49,19 @@
- 	else
- 		return _sparcv9_rdtick();
- 	}
+ {
+     if (OPENSSL_sparcv9cap_P & SPARCV9_TICK_PRIVILEGED)
[email protected]@ -47,8 +52,19 @@
+     else
+         return _sparcv9_rdtick();
+ }
 +#endif
 +
 +#if defined(_BOOT)
@@ -370,15 +373,15 @@
 + * Older CPUs are EOLed anyway.
 + */
 +void OPENSSL_cpuid_setup(void)
-+	{
-+	OPENSSL_sparcv9cap_P = SPARCV9_VIS1;
-+	}
- 
++       {
++       OPENSSL_sparcv9cap_P = SPARCV9_VIS1;
++       }
+
 -#if 0 && defined(__sun) && defined(__SVR4)
 +#elif 0 && defined(__sun) && defined(__SVR4)
- /* This code path is disabled, because of incompatibility of
-  * libdevinfo.so.1 and libmalloc.so.1 (see below for details)
-  */
+ /*
+  * This code path is disabled, because of incompatibility of libdevinfo.so.1
+  * and libmalloc.so.1 (see below for details)
 --- openssl-1.0.0e/crypto/sparccpuid.S	2010-09-05 12:48:01.000000000 -0700
 +++ openssl-1.0.0e_patched/crypto/sparccpuid.S	2012-02-13 07:42:58.259478325 -0800
 @@ -397,8 +397,13 @@
@@ -397,7 +400,7 @@
 +#endif
 --- openssl-1.0.1c/crypto/Makefile      Thu Aug  2 12:56:38 2012
 +++ openssl-1.0.1c/crypto/Makefile.new  Thu Aug  2 12:59:43 2012
[email protected]@ -35,9 +35,9 @@
[email protected]@ -36,9 +36,9 @@
  LIB= $(TOP)/libcrypto.a
  SHARED_LIB= libcrypto$(SHLIB_EXT)
  LIBSRC=	cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
@@ -411,31 +414,29 @@
 
 --- openssl-1.0.1f/ssl/s3_clnt.c    Thu Jan 30 02:53:33 2014
 +++ openssl-1.0.1f/ssl/s3_clnt.c.new   Thu Jan 30 02:57:51 2014
[email protected]@ -681,8 +681,13 @@
[email protected]@ -668,7 +668,11 @@
  
- 		p=s->s3->client_random;
- 
+         p = s->s3->client_random;
+
 +#ifndef	_BOOT
- 		if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
- 			goto err;
+         if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
 +#else
-+		if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0)
-+			goto err;
++        if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0)
 +#endif
+             goto err;
  
- 		/* Do the message type and length last */
- 		d=p= &(buf[4]);
+         /* Do the message type and length last */
 --- openssl-1.0.1f/ssl/s3_lib.c       Wed Oct 15 11:18:30 2014
 +++ openssl-1.0.1f/ssl/s3_lib.c.new    Wed Oct 15 11:20:07 2014
[email protected]@ -3364,7 +3364,11 @@
- 			return 1;
- 		/* Apparently we're using a version-flexible SSL_METHOD
- 		 * (not at its highest protocol version). */
[email protected]@ -3343,7 +3343,11 @@
+          * Apparently we're using a version-flexible SSL_METHOD (not at its
+          * highest protocol version).
+          */
 +#ifndef	_BOOT
- 		if (s->ctx->method->version == SSLv23_method()->version)
+         if (s->ctx->method->version == SSLv23_method()->version) {
 +#else
-+		if (s->ctx->method->version == TLS1_2_VERSION)
++        if (s->ctx->method->version == TLS1_2_VERSION) {
 +#endif
- 			{
  #if TLS_MAX_VERSION != TLS1_2_VERSION
- #  error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION.
+ # error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION.
+ #endif
--- a/components/openssl/openssl-1.0.1/patches/32_aes_cbc_len_check.patch	Tue Mar 24 10:15:01 2015 -0700
+++ b/components/openssl/openssl-1.0.1/patches/32_aes_cbc_len_check.patch	Tue Mar 24 20:05:38 2015 -0700
@@ -1,14 +1,18 @@
+#
+# This was developed in house and reported to the upstream.
+#
 --- openssl-1.0.1e/crypto/evp/e_aes.c        Tue Jul  2 11:03:12 2013
 +++ openssl-1.0.1e/crypto/evp/e_aes.c.new    Tue Jul  2 11:04:56 2013
[email protected]@ -574,8 +574,11 @@
- static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
- 	const unsigned char *in, size_t len)
[email protected]@ -536,8 +536,12 @@
+ static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t len)
  {
-+	size_t	bl = ctx->cipher->block_size;
- 	EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
++    size_t	bl = ctx->cipher->block_size;
+     EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data;
  
-+	if (len<bl)	return 1;
++    if (len < bl)
++        return 1;
 +
- 	if (dat->stream.cbc)
- 		(*dat->stream.cbc)(in,out,len,&dat->ks,ctx->iv,ctx->encrypt);
- 	else if (ctx->encrypt)
+     if (dat->stream.cbc)
+         (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv, ctx->encrypt);
+     else if (ctx->encrypt)
--- a/components/openssl/openssl-1.0.1/patches/33_cert_chain.patch	Tue Mar 24 10:15:01 2015 -0700
+++ b/components/openssl/openssl-1.0.1/patches/33_cert_chain.patch	Tue Mar 24 20:05:38 2015 -0700
@@ -6,200 +6,205 @@
 Index: openssl/crypto/x509/x509_trs.c
 ============================================================================
 $ diff -ru crypto/x509/x509_trs.c crypto/x509/x509_trs.c 
---- openssl/crypto/x509/x509_trs.c.orig	4 Dec 2012 17:26:04 -0000	1.133.2.11.2.6.2.3
-+++ openssl/crypto/x509/x509_trs.c	14 Dec 2012 14:30:45 -0000	1.133.2.11.2.6.2.4
[email protected]@ -114,6 +114,15 @@ int X509_check_trust(X509 *x, int id, int flags)
- 	X509_TRUST *pt;
- 	int idx;
- 	if(id == -1) return 1;
-+	/* We get this as a default value */
-+	if (id == 0)
-+		{
-+		int rv;
-+		rv = obj_trust(NID_anyExtendedKeyUsage, x, 0);
-+		if (rv != X509_TRUST_UNTRUSTED)
-+			return rv;
-+		return trust_compat(NULL, x, 0);
-+		}
- 	idx = X509_TRUST_get_by_id(id);
- 	if(idx == -1) return default_trust(id, x, flags);
- 	pt = X509_TRUST_get0(idx);
+--- openssl/crypto/x509/x509_trs.c.orig    4 Dec 2012 17:26:04 -0000    1.133.2.11.2.6.2.3
++++ openssl/crypto/x509/x509_trs.c    14 Dec 2012 14:30:45 -0000    1.133.2.11.2.6.2.4
[email protected]@ -119,6 +119,14 @@ int X509_check_trust(X509 *x, int id, int flags)
+     int idx;
+     if (id == -1)
+         return 1;
++    /* We get this as a default value */
++    if (id == 0) {
++        int rv;
++        rv = obj_trust(NID_anyExtendedKeyUsage, x, 0);
++        if (rv != X509_TRUST_UNTRUSTED)
++            return rv;
++        return trust_compat(NULL, x, 0);
++    }
+     idx = X509_TRUST_get_by_id(id);
+     if (idx == -1)
+         return default_trust(id, x, flags);
 Index: openssl/crypto/x509/x509_vfy.c
 ============================================================================
 $ cvs diff -u -r1.105.2.9.2.4.2.3 -r1.105.2.9.2.4.2.4 x509_vfy.c
---- openssl/crypto/x509/x509_vfy.c	14 Dec 2012 12:53:48 -0000	1.105.2.9.2.4.2.3
-+++ openssl/crypto/x509/x509_vfy.c	14 Dec 2012 14:30:46 -0000	1.105.2.9.2.4.2.4
[email protected]@ -150,6 +150,33 @@
- 	}
+--- openssl/crypto/x509/x509_vfy.c    14 Dec 2012 12:53:48 -0000    1.105.2.9.2.4.2.3
++++ openssl/crypto/x509/x509_vfy.c    14 Dec 2012 14:30:46 -0000    1.105.2.9.2.4.2.4
[email protected]@ -149,6 +149,33 @@
+ }
  #endif
  
 +/* Given a certificate try and find an exact match in the store */
 +
 +static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x)
-+	{
-+	STACK_OF(X509) *certs;
-+	X509 *xtmp = NULL;
-+	int i;
-+	/* Lookup all certs with matching subject name */
-+	certs = ctx->lookup_certs(ctx, X509_get_subject_name(x));
-+	if (certs == NULL)
-+		return NULL;
-+	/* Look for exact match */
-+	for (i = 0; i < sk_X509_num(certs); i++)
-+		{
-+		xtmp = sk_X509_value(certs, i);
-+		if (!X509_cmp(xtmp, x))
-+			break;
-+		}
-+	if (i < sk_X509_num(certs))
-+		CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);
-+	else
-+		xtmp = NULL;
-+	sk_X509_pop_free(certs, X509_free);
-+	return xtmp;
-+	}
++    {
++    STACK_OF(X509) *certs;
++    X509 *xtmp = NULL;
++    int i;
++    /* Lookup all certs with matching subject name */
++    certs = ctx->lookup_certs(ctx, X509_get_subject_name(x));
++    if (certs == NULL)
++        return NULL;
++    /* Look for exact match */
++    for (i = 0; i < sk_X509_num(certs); i++)
++        {
++        xtmp = sk_X509_value(certs, i);
++        if (!X509_cmp(xtmp, x))
++            break;
++        }
++    if (i < sk_X509_num(certs))
++        CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);
++    else
++        xtmp = NULL;
++    sk_X509_pop_free(certs, X509_free);
++    return xtmp;
++    }
 +
 +
  int X509_verify_cert(X509_STORE_CTX *ctx)
- 	{
- 	X509 *x,*xtmp,*chain_ss=NULL;
[email protected]@ -307,8 +307,13 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
+ {
+     X509 *x, *xtmp, *chain_ss = NULL;
[email protected]@ -304,8 +331,17 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
  
- 	/* we now have our chain, lets check it... */
+     /* we now have our chain, lets check it... */
  
--	/* Is last certificate looked up self signed? */
--	if (!ctx->check_issued(ctx,x,x))
-+	i = check_trust(ctx);
+-    /* Is last certificate looked up self signed? */
+-    if (!ctx->check_issued(ctx, x, x)) {
++    i = check_trust(ctx);
 +
-+	/* If explicitly rejected error */
-+	if (i == X509_TRUST_REJECTED)
-+		goto end;
-+	/* If not explicitly trusted then indicate error */
-+	if (i != X509_TRUST_TRUSTED)
- 		{
- 		if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss))
- 			{
[email protected]@ -346,12 +351,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
- 	
- 	if (!ok) goto end;
++    /* If explicitly rejected error */
++    if (i == X509_TRUST_REJECTED)
++        goto end;
++    /*
++     * If not explicitly trusted then indicate error unless it's a single
++     * self signed certificate in which case we've indicated an error already
++     * and set bad_chain == 1
++     */
++    if (i != X509_TRUST_TRUSTED && !bad_chain) {
+         if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) {
+             if (ctx->last_untrusted >= num)
+                 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
[email protected]@ -340,14 +376,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
+     ok = check_name_constraints(ctx);
  
--	/* The chain extensions are OK: check trust */
+     if (!ok)
+-        goto end;
 -
--	if (param->trust > 0) ok = check_trust(ctx);
+-    /* The chain extensions are OK: check trust */
 -
--	if (!ok) goto end;
+-    if (param->trust > 0)
+-        ok = check_trust(ctx);
 -
- 	/* We may as well copy down any DSA parameters that are required */
- 	X509_get_pubkey_parameters(NULL,ctx->chain);
+-    if (!ok)
+         goto end;
  
[email protected]@ -642,28 +641,54 @@ static int check_name_constraints(X509_STORE_CTX *ctx)
+     /* We may as well copy down any DSA parameters that are required */
[email protected]@ -630,28 +658,53 @@ static int check_name_constraints(X509_STORE_CTX *ctx)
  
  static int check_trust(X509_STORE_CTX *ctx)
  {
 -#ifdef OPENSSL_NO_CHAIN_VERIFY
--	return 1;
+-    return 1;
 -#else
- 	int i, ok;
--	X509 *x;
-+	X509 *x = NULL;
- 	int (*cb)(int xok,X509_STORE_CTX *xctx);
- 	cb=ctx->verify_cb;
+     int i, ok;
+-    X509 *x;
++    X509 *x = NULL;
+     int (*cb) (int xok, X509_STORE_CTX *xctx);
+     cb = ctx->verify_cb;
 -/* For now just check the last certificate in the chain */
--	i = sk_X509_num(ctx->chain) - 1;
--	x = sk_X509_value(ctx->chain, i);
--	ok = X509_check_trust(x, ctx->param->trust, 0);
--	if (ok == X509_TRUST_TRUSTED)
--		return 1;
--	ctx->error_depth = i;
--	ctx->current_cert = x;
--	if (ok == X509_TRUST_REJECTED)
--		ctx->error = X509_V_ERR_CERT_REJECTED;
--	else
--		ctx->error = X509_V_ERR_CERT_UNTRUSTED;
--	ok = cb(0, ctx);
--	return ok;
+-    i = sk_X509_num(ctx->chain) - 1;
+-    x = sk_X509_value(ctx->chain, i);
+-    ok = X509_check_trust(x, ctx->param->trust, 0);
+-    if (ok == X509_TRUST_TRUSTED)
+-        return 1;
+-    ctx->error_depth = i;
+-    ctx->current_cert = x;
+-    if (ok == X509_TRUST_REJECTED)
+-        ctx->error = X509_V_ERR_CERT_REJECTED;
+-    else
+-        ctx->error = X509_V_ERR_CERT_UNTRUSTED;
+-    ok = cb(0, ctx);
+-    return ok;
 -#endif
-+	/* Check all trusted certificates in chain */
-+	for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++)
-+		{
-+		x = sk_X509_value(ctx->chain, i);
-+		ok = X509_check_trust(x, ctx->param->trust, 0);
-+		/* If explicitly trusted return trusted */
-+		if (ok == X509_TRUST_TRUSTED)
-+			return X509_TRUST_TRUSTED;
-+		/* If explicitly rejected notify callback and reject if
-+		 * not overridden.
-+		 */
-+		if (ok == X509_TRUST_REJECTED)
-+			{
-+			ctx->error_depth = i;
-+			ctx->current_cert = x;
-+			ctx->error = X509_V_ERR_CERT_REJECTED;
-+			ok = cb(0, ctx);
-+			if (!ok)
-+				return X509_TRUST_REJECTED;
-+			}
-+		}
-+	/* If we accept partial chains and have at least one trusted
-+	 * certificate return success.
-+	 */
-+	if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN)
-+		{
-+		X509 *mx;
-+		if (ctx->last_untrusted < sk_X509_num(ctx->chain))
-+			return X509_TRUST_TRUSTED;
-+		x = sk_X509_value(ctx->chain, 0);
-+		mx = lookup_cert_match(ctx, x);
-+		if (mx)
-+			{
-+			(void)sk_X509_set(ctx->chain, 0, mx);
-+			X509_free(x);
-+			ctx->last_untrusted = 0;
-+			return X509_TRUST_TRUSTED;
-+			}
-+		}
++    /* Check all trusted certificates in chain */
++    for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) {
++        x = sk_X509_value(ctx->chain, i);
++        ok = X509_check_trust(x, ctx->param->trust, 0);
++        /* If explicitly trusted return trusted */
++        if (ok == X509_TRUST_TRUSTED)
++            return X509_TRUST_TRUSTED;
++        /*
++         * If explicitly rejected notify callback and reject if not
++         * overridden.
++         */
++        if (ok == X509_TRUST_REJECTED) {
++            ctx->error_depth = i;
++            ctx->current_cert = x;
++            ctx->error = X509_V_ERR_CERT_REJECTED;
++            ok = cb(0, ctx);
++            if (!ok)
++                return X509_TRUST_REJECTED;
++        }
++    }
++    /*
++     * If we accept partial chains and have at least one trusted certificate
++     * return success.
++     */
++    if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
++        X509 *mx;
++        if (ctx->last_untrusted < sk_X509_num(ctx->chain))
++            return X509_TRUST_TRUSTED;
++        x = sk_X509_value(ctx->chain, 0);
++        mx = lookup_cert_match(ctx, x);
++        if (mx) {
++            (void)sk_X509_set(ctx->chain, 0, mx);
++            X509_free(x);
++            ctx->last_untrusted = 0;
++            return X509_TRUST_TRUSTED;
++        }
++    }
 +
-+	/* If no trusted certs in chain at all return untrusted and
-+	 * allow standard (no issuer cert) etc errors to be indicated.
-+	 */
-+	return X509_TRUST_UNTRUSTED;
++    /*
++     * If no trusted certs in chain at all return untrusted and allow
++     * standard (no issuer cert) etc errors to be indicated.
++     */
++    return X509_TRUST_UNTRUSTED;
  }
  
  static int check_revocation(X509_STORE_CTX *ctx)
[email protected]@ -1602,6 +1641,8 @@ static int internal_verify(X509_STORE_CTX *ctx)
- 		xs=xi;
- 	else
- 		{
-+		if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN && n == 0)
-+			return check_cert_time(ctx, xi);
- 		if (n <= 0)
- 			{
- 			ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
[email protected]@ -1526,6 +1579,8 @@ static int internal_verify(X509_STORE_CTX *ctx)
+     if (ctx->check_issued(ctx, xi, xi))
+         xs = xi;
+     else {
++        if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN && n == 0)
++            return check_cert_time(ctx, xi);
+         if (n <= 0) {
+             ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
+             ctx->current_cert = xi;
 Index: openssl/crypto/x509/x509_vfy.h
 ============================================================================
 $ cvs diff -u -r1.67.2.3.4.1 -r1.67.2.3.4.2 x509_vfy.h
---- openssl/crypto/x509/x509_vfy.h	26 Sep 2012 13:50:42 -0000	1.67.2.3.4.1
-+++ openssl/crypto/x509/x509_vfy.h	14 Dec 2012 14:30:46 -0000	1.67.2.3.4.2
[email protected]@ -390,6 +390,8 @@
+--- openssl/crypto/x509/x509_vfy.h    26 Sep 2012 13:50:42 -0000    1.67.2.3.4.1
++++ openssl/crypto/x509/x509_vfy.h    14 Dec 2012 14:30:46 -0000    1.67.2.3.4.2
[email protected]@ -406,6 +406,9 @@
  /* Check selfsigned CA signature */
- #define X509_V_FLAG_CHECK_SS_SIGNATURE		0x4000
+ # define X509_V_FLAG_CHECK_SS_SIGNATURE          0x4000
  
 +/* Allow partial chains if at least one certificate is in trusted store */
-+#define X509_V_FLAG_PARTIAL_CHAIN		0x80000
- 
- #define X509_VP_FLAG_DEFAULT			0x1
- #define X509_VP_FLAG_OVERWRITE			0x2
++# define X509_V_FLAG_PARTIAL_CHAIN               0x80000
++
+ # define X509_VP_FLAG_DEFAULT                    0x1
+ # define X509_VP_FLAG_OVERWRITE                  0x2
+ # define X509_VP_FLAG_RESET_FLAGS                0x4
 Index: openssl/apps/apps.c
 ============================================================================
 $ cvs diff -u -r1.133.2.11.2.6.2.3 -r1.133.2.11.2.6.2.4 apps.c
---- openssl/apps/apps.c	4 Dec 2012 17:26:04 -0000	1.133.2.11.2.6.2.3
-+++ openssl/apps/apps.c	14 Dec 2012 14:30:45 -0000	1.133.2.11.2.6.2.4
[email protected]@ -2361,6 +2361,8 @@
- 		flags |= X509_V_FLAG_NOTIFY_POLICY;
- 	else if (!strcmp(arg, "-check_ss_sig"))
- 		flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
-+	else if (!strcmp(arg, "-partial_chain"))
-+		flags |= X509_V_FLAG_PARTIAL_CHAIN;
- 	else
- 		return 0;
+--- openssl/apps/apps.c    4 Dec 2012 17:26:04 -0000    1.133.2.11.2.6.2.3
++++ openssl/apps/apps.c    14 Dec 2012 14:30:45 -0000    1.133.2.11.2.6.2.4
[email protected]@ -2238,6 +2238,8 @@
+         flags |= X509_V_FLAG_NOTIFY_POLICY;
+     else if (!strcmp(arg, "-check_ss_sig"))
+         flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
++    else if (!strcmp(arg, "-partial_chain"))
++        flags |= X509_V_FLAG_PARTIAL_CHAIN;
+     else
+         return 0;
  
--- a/components/openssl/openssl-1.0.1/patches/36_evp_leak.patch	Tue Mar 24 10:15:01 2015 -0700
+++ b/components/openssl/openssl-1.0.1/patches/36_evp_leak.patch	Tue Mar 24 20:05:38 2015 -0700
@@ -1,144 +1,144 @@
 Patch developed in-house.  Solaris-specific; not suitable for upstream.
 
---- openssl-1.0.1f/crypto/evp/evp_enc.c.orig	Mon Feb 11 07:26:04 2013
-+++ openssl-1.0.1f/crypto/evp/evp_enc.c	Mon Feb  3 16:40:48 2014
[email protected]@ -394,10 +394,14 @@
- 		{
- 		ret = M_do_cipher(ctx, out, NULL, 0);
- 		if (ret < 0)
--			return 0;
-+			{
-+			ret = 0;
-+			goto cleanup;
-+			}
- 		else 
- 			*outl = ret;
--		return 1;
-+		ret = 1;
-+		goto cleanup;
- 		}
+--- openssl-1.0.1f/crypto/evp/evp_enc.c.orig    Mon Feb 11 07:26:04 2013
++++ openssl-1.0.1f/crypto/evp/evp_enc.c    Mon Feb  3 16:40:48 2014
[email protected]@ -379,11 +379,13 @@
+
+     if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
+         ret = M_do_cipher(ctx, out, NULL, 0);
+-        if (ret < 0)
+-            return 0;
+-        else
++        if (ret < 0) {
++            ret = 0;
++            goto cleanup;
++        } else
+             *outl = ret;
+-        return 1;
++        ret = 1;
++        goto cleanup;
+     }
+
+     b = ctx->cipher->block_size;
[email protected]@ -390,7 +392,8 @@
+     OPENSSL_assert(b <= sizeof ctx->buf);
+     if (b == 1) {
+         *outl = 0;
+-        return 1;
++        ret = 1;
++        goto cleanup;
+     }
+     bl = ctx->buf_len;
+     if (ctx->flags & EVP_CIPH_NO_PADDING) {
[email protected]@ -397,10 +400,12 @@
+         if (bl) {
+             EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,
+                    EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+-            return 0;
++            ret = 0;
++            goto cleanup;
+         }
+         *outl = 0;
+-        return 1;
++        ret = 1;
++        goto cleanup;
+     }
  
- 	b=ctx->cipher->block_size;
[email protected]@ -405,7 +409,8 @@
- 	if (b == 1)
- 		{
- 		*outl=0;
--		return 1;
-+		ret = 1;
-+		goto cleanup;
- 		}
- 	bl=ctx->buf_len;
- 	if (ctx->flags & EVP_CIPH_NO_PADDING)
[email protected]@ -413,10 +418,12 @@
- 		if(bl)
- 			{
- 			EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
--			return 0;
-+			ret = 0;
-+			goto cleanup;
- 			}
- 		*outl = 0;
--		return 1;
-+		ret = 1;
-+		goto cleanup;
- 		}
- 
- 	n=b-bl;
[email protected]@ -428,6 +435,12 @@
- 	if(ret)
- 		*outl=b;
+     n = b - bl;
[email protected]@ -411,6 +416,11 @@
+     if (ret)
+         *outl = b;
  
 +cleanup:
-+	if (ctx->cipher->cleanup)
-+		{
-+		ctx->cipher->cleanup(ctx);
-+		}
++    if (ctx->cipher->cleanup) {
++        ctx->cipher->cleanup(ctx);
++    }
 +
- 	return ret;
- 	}
- 
[email protected]@ -501,6 +501,7 @@
- int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
- 	{
- 	int i,n;
-+	int err = 1;
- 	unsigned int b;
- 	*outl=0;
+     return ret;
+ }
  
[email protected]@ -508,10 +509,14 @@
- 		{
- 		i = M_do_cipher(ctx, out, NULL, 0);
- 		if (i < 0)
--			return 0;
-+			{
-+			err = 0;
-+			goto cleanup;
-+			}
- 		else
- 			*outl = i;
--		return 1;
-+		err = 1;
-+		goto cleanup;
- 		}
[email protected]@ -478,6 +488,7 @@
+ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+ {
+     int i, n;
++    int err = 1;
+     unsigned int b;
+     *outl = 0;
  
- 	b=ctx->cipher->block_size;
[email protected]@ -520,10 +525,12 @@
- 		if(ctx->buf_len)
- 			{
- 			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
--			return 0;
-+			err = 0;
-+			goto cleanup;
- 			}
- 		*outl = 0;
--		return 1;
-+		err = 1;
-+		goto cleanup;
- 		}
- 	if (b > 1)
- 		{
[email protected]@ -530,7 +537,8 @@
- 		if (ctx->buf_len || !ctx->final_used)
- 			{
- 			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
--			return(0);
-+			err = 0;
-+			goto cleanup;
- 			}
- 		OPENSSL_assert(b <= sizeof ctx->final);
[email protected]@ -483,11 +494,13 @@
+
+     if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
+         i = M_do_cipher(ctx, out, NULL, 0);
+-        if (i < 0)
+-            return 0;
+-        else
++        if (i < 0) {
++            err = 0;
++            goto cleanup;
++        } else
+             *outl = i;
+-        return 1;
++        err = 1;
++        goto cleanup;
+     }
+
+     b = ctx->cipher->block_size;
[email protected]@ -495,10 +508,12 @@
+         if (ctx->buf_len) {
+             EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
+                    EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+-            return 0;
++            err = 0;
++            goto cleanup;
+         }
+         *outl = 0;
+-        return 1;
++        err = 1;
++        goto cleanup;
+     }
+     if (b > 1) {
+         if (ctx->buf_len || !ctx->final_used) {
[email protected]@ -503,7 +518,8 @@
+     if (b > 1) {
+         if (ctx->buf_len || !ctx->final_used) {
+             EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
+-            return (0);
++            err = 0;
++            goto cleanup;
+         }
+         OPENSSL_assert(b <= sizeof ctx->final);
  
[email protected]@ -542,7 +550,8 @@
- 		if (n == 0 || n > (int)b)
- 			{
- 			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
--			return(0);
-+			err = 0;
-+			goto cleanup;
- 			}
- 		for (i=0; i<n; i++)
- 			{
[email protected]@ -549,7 +558,8 @@
- 			if (ctx->final[--b] != n)
- 				{
- 				EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
--				return(0);
-+				err = 0;
-+				goto cleanup;
- 				}
- 			}
- 		n=ctx->cipher->block_size-n;
[email protected]@ -559,7 +569,13 @@
- 		}
- 	else
- 		*outl=0;
--	return(1);
-+	err = 1;
[email protected]@ -514,7 +530,8 @@
+         n = ctx->final[b - 1];
+         if (n == 0 || n > (int)b) {
+             EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
+-            return (0);
++            err = 0;
++            goto cleanup;
+         }
+         for (i = 0; i < n; i++) {
+             if (ctx->final[--b] != n) {
[email protected]@ -519,7 +536,8 @@
+         for (i = 0; i < n; i++) {
+             if (ctx->final[--b] != n) {
+                 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
+-                return (0);
++                err = 0;
++                goto cleanup;
+             }
+         }
+         n = ctx->cipher->block_size - n;
[email protected]@ -528,7 +546,12 @@
+         *outl = n;
+     } else
+         *outl = 0;
+-    return (1);
++    err = 1;
 +cleanup:
-+	if (ctx->cipher->cleanup)
-+		{
-+		ctx->cipher->cleanup(ctx);
-+		}
-+	return err;
- 	}
++    if (ctx->cipher->cleanup) {
++        ctx->cipher->cleanup(ctx);
++    }
++    return err;
+ }
  
  void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
--- a/components/openssl/openssl-1.0.1/patches/37_openssl-t4-inline.patch	Tue Mar 24 10:15:01 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,2323 +0,0 @@
-#
-# This file adds inline T4 instruction support to OpenSSL upstream code.
-# The change was brought in from OpenSSL 1.0.2.
-#
-Index: Configure
-===================================================================
-diff -ru openssl-1.0.1e/Configure openssl-1.0.1e/Configure
---- openssl-1.0.1e/Configure 2011-05-24 17:02:24.000000000 -0700
-+++ openssl-1.0.1e/Configure 2011-07-27 10:48:17.817470000 -0700
[email protected]@ -135,7 +135,7 @@
-
- my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o modexp512-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o:";
- my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void";
--my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::ghash-sparcv9.o::void";
-+my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o:des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::ghash-sparcv9.o::void";
- my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::::void";
- my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o:::::sha1-alpha.o:::::::ghash-alpha.o::void";
- my $mips32_asm=":bn-mips.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o::::::::";
-Index: crypto/sparccpuid.S
-===================================================================
-diff -ru openssl-1.0.1e/crypto/sparccpuid.S openssl-1.0.1e/crypto/sparccpuid.S
---- openssl-1.0.1e/crypto/sparccpuid.S 2011-05-24 17:02:24.000000000 -0700
-+++ openssl-1.0.1e/crypto/sparccpuid.S 2011-07-27 10:48:17.817470000 -0700
[email protected]@ -1,3 +1,7 @@
-+#ifdef OPENSSL_FIPSCANISTER
-+#include <openssl/fipssyms.h>
-+#endif
-+
- #if defined(__SUNPRO_C) && defined(__sparcv9)
- # define ABI64  /* They've said -xarch=v9 at command line */
- #elif defined(__GNUC__) && defined(__arch64__)
[email protected]@ -123,7 +127,7 @@
- 			fmovs	%f1,%f3
- 			fmovs	%f0,%f2
- 
--	add	%fp,BIAS,%i0	! return pointer to callerīs top of stack
-+	add	%fp,BIAS,%i0	! return pointer to caller?s top of stack
- 
- 	ret
- 	restore
[email protected]@ -235,10 +239,10 @@
- .global	_sparcv9_vis1_probe
- .align	8
- _sparcv9_vis1_probe:
-+	.word	0x81b00d80	!fxor	%f0,%f0,%f0
- 	add	%sp,BIAS+2,%o1
--	.word	0xc19a5a40	!ldda	[%o1]ASI_FP16_P,%f0
- 	retl
--	.word	0x81b00d80	!fxor	%f0,%f0,%f0
-+	.word	0xc19a5a40	!ldda	[%o1]ASI_FP16_P,%f0
- .type	_sparcv9_vis1_probe,#function
- .size	_sparcv9_vis1_probe,.-_sparcv9_vis1_probe
- 
[email protected]@ -251,7 +255,12 @@
- !	UltraSPARC IIe		7
- !	UltraSPARC III		7
- !	UltraSPARC T1		24
-+!	SPARC T4		65(*)
- !
-+! (*)	result has lesser to do with VIS instruction latencies, rdtick
-+!	appears that slow, but it does the trick in sense that FP and
-+!	VIS code paths are still slower than integer-only ones.
-+!
- ! Numbers for T2 and SPARC64 V-VII are more than welcomed.
- !
- ! It would be possible to detect specifically US-T1 by instrumenting
[email protected]@ -260,6 +269,8 @@
- .global	_sparcv9_vis1_instrument
- .align	8
- _sparcv9_vis1_instrument:
-+	.word	0x81b00d80	!fxor	%f0,%f0,%f0
-+	.word	0x85b08d82	!fxor	%f2,%f2,%f2
- 	.word	0x91410000	!rd	%tick,%o0
- 	.word	0x81b00d80	!fxor	%f0,%f0,%f0
- 	.word	0x85b08d82	!fxor	%f2,%f2,%f2
[email protected]@ -314,6 +325,30 @@
- .type	_sparcv9_fmadd_probe,#function
- .size	_sparcv9_fmadd_probe,.-_sparcv9_fmadd_probe
- 
-+.global	_sparcv9_rdcfr
-+.align	8
-+_sparcv9_rdcfr:
-+	retl
-+	.word	0x91468000	!rd	%asr26,%o0
-+.type	_sparcv9_rdcfr,#function
-+.size	_sparcv9_rdcfr,.-_sparcv9_rdcfr
-+
-+.global	_sparcv9_vis3_probe
-+.align	8
-+_sparcv9_vis3_probe:
-+	retl
-+	.word	0x81b022a0	!xmulx	%g0,%g0,%g0
-+.type	_sparcv9_vis3_probe,#function
-+.size	_sparcv9_vis3_probe,.-_sparcv9_vis3_probe
-+
-+.global	_sparcv9_random
-+.align	8
-+_sparcv9_random:
-+	retl
-+	.word	0x91b002a0	!random	%o0
-+.type	_sparcv9_random,#function
-+.size	_sparcv9_random,.-_sparcv9_vis3_probe
-+
- .global	OPENSSL_cleanse
- .align	32
- OPENSSL_cleanse:
[email protected]@ -398,6 +433,102 @@
- .size	OPENSSL_cleanse,.-OPENSSL_cleanse
- 
- #ifndef _BOOT
-+.global	_sparcv9_vis1_instrument_bus
-+.align	8
-+_sparcv9_vis1_instrument_bus:
-+	mov	%o1,%o3					! save cnt
-+	.word	0x99410000	!rd	%tick,%o4	! tick
-+	mov	%o4,%o5					! lasttick = tick
-+	set	0,%g4					! diff
-+
-+	andn	%o0,63,%g1
-+	.word	0xc1985e00	!ldda	[%g1]0xf0,%f0	! block load
-+	.word	0x8143e040	!membar	#Sync
-+	.word	0xc1b85c00	!stda	%f0,[%g1]0xe0	! block store and commit
-+	.word	0x8143e040	!membar	#Sync
-+	ld	[%o0],%o4
-+	add	%o4,%g4,%g4
-+	.word	0xc9e2100c	!cas	[%o0],%o4,%g4
-+
-+.Loop:	.word	0x99410000	!rd	%tick,%o4
-+	sub	%o4,%o5,%g4				! diff=tick-lasttick
-+	mov	%o4,%o5					! lasttick=tick
-+
-+	andn	%o0,63,%g1
-+	.word	0xc1985e00	!ldda	[%g1]0xf0,%f0	! block load
-+	.word	0x8143e040	!membar	#Sync
-+	.word	0xc1b85c00	!stda	%f0,[%g1]0xe0	! block store and commit
-+	.word	0x8143e040	!membar	#Sync
-+	ld	[%o0],%o4
-+	add	%o4,%g4,%g4
-+	.word	0xc9e2100c	!cas	[%o0],%o4,%g4
-+	subcc	%o1,1,%o1				! --$cnt
-+	bnz	.Loop
-+	add	%o0,4,%o0				! ++$out
-+
-+	retl
-+	mov	%o3,%o0
-+.type	_sparcv9_vis1_instrument_bus,#function
-+.size	_sparcv9_vis1_instrument_bus,.-_sparcv9_vis1_instrument_bus
-+
-+.global	_sparcv9_vis1_instrument_bus2
-+.align	8
-+_sparcv9_vis1_instrument_bus2:
-+	mov	%o1,%o3					! save cnt
-+	sll	%o1,2,%o1				! cnt*=4
-+
-+	.word	0x99410000	!rd	%tick,%o4	! tick
-+	mov	%o4,%o5					! lasttick = tick
-+	set	0,%g4					! diff
-+
-+	andn	%o0,63,%g1
-+	.word	0xc1985e00	!ldda	[%g1]0xf0,%f0	! block load
-+	.word	0x8143e040	!membar	#Sync
-+	.word	0xc1b85c00	!stda	%f0,[%g1]0xe0	! block store and commit
-+	.word	0x8143e040	!membar	#Sync
-+	ld	[%o0],%o4
-+	add	%o4,%g4,%g4
-+	.word	0xc9e2100c	!cas	[%o0],%o4,%g4
-+
-+	.word	0x99410000	!rd	%tick,%o4	! tick
-+	sub	%o4,%o5,%g4				! diff=tick-lasttick
-+	mov	%o4,%o5					! lasttick=tick
-+	mov	%g4,%g5					! lastdiff=diff
-+.Loop2:
-+	andn	%o0,63,%g1
-+	.word	0xc1985e00	!ldda	[%g1]0xf0,%f0	! block load
-+	.word	0x8143e040	!membar	#Sync
-+	.word	0xc1b85c00	!stda	%f0,[%g1]0xe0	! block store and commit
-+	.word	0x8143e040	!membar	#Sync
-+	ld	[%o0],%o4
-+	add	%o4,%g4,%g4
-+	.word	0xc9e2100c	!cas	[%o0],%o4,%g4
-+
-+	subcc	%o2,1,%o2				! --max
-+	bz	.Ldone2
-+	nop
-+
-+	.word	0x99410000	!rd	%tick,%o4	! tick
-+	sub	%o4,%o5,%g4				! diff=tick-lasttick
-+	mov	%o4,%o5					! lasttick=tick
-+	cmp	%g4,%g5
-+	mov	%g4,%g5					! lastdiff=diff
-+
-+	.word	0x83408000	!rd	%ccr,%g1
-+	and	%g1,4,%g1				! isolate zero flag
-+	xor	%g1,4,%g1				! flip zero flag
-+
-+	subcc	%o1,%g1,%o1				! conditional --$cnt
-+	bnz	.Loop2
-+	add	%o0,%g1,%o0				! conditional ++$out
-+
-+.Ldone2:
-+	srl	%o1,2,%o1
-+	retl
-+	sub	%o3,%o1,%o0
-+.type	_sparcv9_vis1_instrument_bus2,#function
-+.size	_sparcv9_vis1_instrument_bus2,.-_sparcv9_vis1_instrument_bus2
-+
- .section	".init",#alloc,#execinstr
- 	call	solaris_locking_setup
- 	nop
-Index: crypto/sparcv9cap.c
-===================================================================
-diff -ru openssl-1.0.1e/crypto/sparcv9cap.c openssl-1.0.1e/crypto/sparcv9cap.c
---- openssl-1.0.1e/crypto/sparcv9cap.c 2011-05-24 17:02:24.000000000 -0700
-+++ openssl-1.0.1e/crypto/sparcv9cap.c 2011-07-27 10:48:17.817470000 -0700
[email protected]@ -4,31 +4,55 @@
- #include <setjmp.h>
- #include <signal.h>
- #include <sys/time.h>
-+#include <unistd.h>
- #include <openssl/bn.h>
- 
--#define SPARCV9_TICK_PRIVILEGED	(1<<0)
--#define SPARCV9_PREFER_FPU	(1<<1)
--#define SPARCV9_VIS1		(1<<2)
--#define SPARCV9_VIS2		(1<<3)	/* reserved */
--#define SPARCV9_FMADD		(1<<4)	/* reserved for SPARC64 V */
-+#include "sparc_arch.h"
- 
-+#if defined(__GNUC__) && defined(__linux)
-+__attribute__((visibility("hidden")))
-+#endif
- #ifndef	_BOOT
--static int OPENSSL_sparcv9cap_P=SPARCV9_TICK_PRIVILEGED;
-+unsigned int OPENSSL_sparcv9cap_P[2]={SPARCV9_TICK_PRIVILEGED,0};
- #else
--static int OPENSSL_sparcv9cap_P = SPARCV9_VIS1;
-+unsigned int OPENSSL_sparcv9cap_P[2]={SPARCV9_VIS1,0};
- #endif
- 
- int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num)
- 	{
-+	int bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num);
- 	int bn_mul_mont_fpu(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num);
- 	int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num);
- 
--	if (num>=8 && !(num&1) &&
--	    (OPENSSL_sparcv9cap_P&(SPARCV9_PREFER_FPU|SPARCV9_VIS1)) ==
--		(SPARCV9_PREFER_FPU|SPARCV9_VIS1))
--		return bn_mul_mont_fpu(rp,ap,bp,np,n0,num);
--	else
--		return bn_mul_mont_int(rp,ap,bp,np,n0,num);
-+	if (!(num&1) && num>=6)
-+		{
-+		if ((num&15)==0 && num<=64 &&
-+		    (OPENSSL_sparcv9cap_P[1]&(CFR_MONTMUL|CFR_MONTSQR))== 
-+		    			     (CFR_MONTMUL|CFR_MONTSQR))
-+			{
-+			typedef int (*bn_mul_mont_f)(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0);
-+			int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0);
-+			int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0);
-+			int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0);
-+			int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0);
-+			static const bn_mul_mont_f funcs[4] = {
-+				bn_mul_mont_t4_8,	bn_mul_mont_t4_16,
-+				bn_mul_mont_t4_24,	bn_mul_mont_t4_32 };
-+			bn_mul_mont_f worker = funcs[num/16-1];
-+
-+			if ((*worker)(rp,ap,bp,np,n0)) return 1;
-+			/* retry once and fall back */
-+			if ((*worker)(rp,ap,bp,np,n0)) return 1;
-+			return bn_mul_mont_vis3(rp,ap,bp,np,n0,num);
-+			}
-+		if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS3))
-+			return bn_mul_mont_vis3(rp,ap,bp,np,n0,num);
-+		else if (num>=8 &&
-+			(OPENSSL_sparcv9cap_P[0]&(SPARCV9_PREFER_FPU|SPARCV9_VIS1)) ==
-+			(SPARCV9_PREFER_FPU|SPARCV9_VIS1))
-+			return bn_mul_mont_fpu(rp,ap,bp,np,n0,num);
-+		}
-+	return bn_mul_mont_int(rp,ap,bp,np,n0,num);
- 	}
- 
- unsigned long	_sparcv9_rdtick(void);
[email protected]@ -36,11 +60,18 @@
- unsigned long	_sparcv9_vis1_instrument(void);
- void		_sparcv9_vis2_probe(void);
- void		_sparcv9_fmadd_probe(void);
-+unsigned long	_sparcv9_rdcfr(void);
-+void		_sparcv9_vis3_probe(void);
-+unsigned long	_sparcv9_random(void);
-+#ifndef _BOOT
-+size_t 	_sparcv9_vis1_instrument_bus(unsigned int *,size_t);
-+size_t		_sparcv9_vis1_instrument_bus2(unsigned int *,size_t,size_t);
-+#endif
- 
- #ifndef _BOOT
- unsigned long OPENSSL_rdtsc(void)
- 	{
--	if (OPENSSL_sparcv9cap_P&SPARCV9_TICK_PRIVILEGED)
-+	if (OPENSSL_sparcv9cap_P[0]&SPARCV9_TICK_PRIVILEGED)
- #if defined(__sun) && defined(__SVR4)
- 		return gethrtime();
- #else
[email protected]@ -49,6 +80,24 @@
- 	else
- 		return _sparcv9_rdtick();
- 	}
-+
-+size_t OPENSSL_instrument_bus(unsigned int *out,size_t cnt)
-+	{
-+	if ((OPENSSL_sparcv9cap_P[0]&(SPARCV9_TICK_PRIVILEGED|SPARCV9_BLK)) ==
-+			SPARCV9_BLK)
-+		return _sparcv9_vis1_instrument_bus(out,cnt);
-+	else
-+		return 0;
-+	}
-+
-+size_t OPENSSL_instrument_bus2(unsigned int *out,size_t cnt,size_t max)
-+	{
-+	if ((OPENSSL_sparcv9cap_P[0]&(SPARCV9_TICK_PRIVILEGED|SPARCV9_BLK)) ==
-+			SPARCV9_BLK)
-+		return _sparcv9_vis1_instrument_bus2(out,cnt,max);
-+	else
-+		return 0;
-+	}
- #endif
-
- #if defined(_BOOT)
[email protected]@ -58,7 +107,7 @@
-  */
- void OPENSSL_cpuid_setup(void)
- 	{
--	OPENSSL_sparcv9cap_P = SPARCV9_VIS1;
-+	OPENSSL_sparcv9cap_P[0] = SPARCV9_VIS1;
- 	}
- 
- #elif 0 && defined(__sun) && defined(__SVR4)
[email protected]@ -85,11 +116,11 @@
- 	if (!strcmp (name,"SUNW,UltraSPARC") ||
- 	    !strncmp(name,"SUNW,UltraSPARC-I",17))  /* covers II,III,IV */
- 		{
--		OPENSSL_sparcv9cap_P |= SPARCV9_PREFER_FPU|SPARCV9_VIS1;
-+		OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU|SPARCV9_VIS1;
- 
- 		/* %tick is privileged only on UltraSPARC-I/II, but not IIe */
- 		if (name[14]!='\0' && name[17]!='\0' && name[18]!='\0')
--			OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED;
-+			OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
- 
- 		return DI_WALK_TERMINATE;
- 		}
[email protected]@ -96,7 +127,7 @@
- 	/* This is expected to catch remaining UltraSPARCs, such as T1 */
- 	else if (!strncmp(name,"SUNW,UltraSPARC",15))
- 		{
--		OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED;
-+		OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
- 
- 		return DI_WALK_TERMINATE;
- 		}
[email protected]@ -115,7 +146,7 @@
- 
- 	if ((e=getenv("OPENSSL_sparcv9cap")))
- 		{
--		OPENSSL_sparcv9cap_P=strtoul(e,NULL,0);
-+		OPENSSL_sparcv9cap_P[0]=strtoul(e,NULL,0);
- 		return;
- 		}
- 
[email protected]@ -123,17 +154,17 @@
- 		{
- 		if (strcmp(si,"sun4v"))
- 			/* FPU is preferred for all CPUs, but US-T1/2 */
--			OPENSSL_sparcv9cap_P |= SPARCV9_PREFER_FPU;
-+			OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU;
- 		}
- 
- 	if (sysinfo(SI_ISALIST,si,sizeof(si))>0)
- 		{
- 		if (strstr(si,"+vis"))
--			OPENSSL_sparcv9cap_P |= SPARCV9_VIS1;
-+			OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1|SPARCV9_BLK;
- 		if (strstr(si,"+vis2"))
- 			{
--			OPENSSL_sparcv9cap_P |= SPARCV9_VIS2;
--			OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED;
-+			OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2;
-+			OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
- 			return;
- 			}
- 		}
[email protected]@ -193,12 +224,14 @@
-  
- 	if ((e=getenv("OPENSSL_sparcv9cap")))
- 		{
--		OPENSSL_sparcv9cap_P=strtoul(e,NULL,0);
-+		OPENSSL_sparcv9cap_P[0]=strtoul(e,NULL,0);
-+		if ((e=strchr(e,':')))
-+			OPENSSL_sparcv9cap_P[1]=strtoul(e+1,NULL,0);
- 		return;
- 		}
- 
- 	/* Initial value, fits UltraSPARC-I&II... */
--	OPENSSL_sparcv9cap_P = SPARCV9_PREFER_FPU|SPARCV9_TICK_PRIVILEGED;
-+	OPENSSL_sparcv9cap_P[0] = SPARCV9_PREFER_FPU|SPARCV9_TICK_PRIVILEGED;
- 
- 	sigfillset(&all_masked);
- 	sigdelset(&all_masked,SIGILL);
[email protected]@ -221,20 +254,20 @@
- 	if (sigsetjmp(common_jmp,1) == 0)
- 		{
- 		_sparcv9_rdtick();
--		OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED;
-+		OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
- 		}
- 
- 	if (sigsetjmp(common_jmp,1) == 0)
- 		{
- 		_sparcv9_vis1_probe();
--		OPENSSL_sparcv9cap_P |= SPARCV9_VIS1;
-+		OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1|SPARCV9_BLK;
- 		/* detect UltraSPARC-Tx, see sparccpud.S for details... */
- 		if (_sparcv9_vis1_instrument() >= 12)
--			OPENSSL_sparcv9cap_P &= ~(SPARCV9_VIS1|SPARCV9_PREFER_FPU);
-+			OPENSSL_sparcv9cap_P[0] &= ~(SPARCV9_VIS1|SPARCV9_PREFER_FPU);
- 		else
- 			{
- 			_sparcv9_vis2_probe();
--			OPENSSL_sparcv9cap_P |= SPARCV9_VIS2;
-+			OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2;
- 			}
- 		}
- 
[email protected]@ -241,13 +274,53 @@
- 	if (sigsetjmp(common_jmp,1) == 0)
- 		{
- 		_sparcv9_fmadd_probe();
--		OPENSSL_sparcv9cap_P |= SPARCV9_FMADD;
-+		OPENSSL_sparcv9cap_P[0] |= SPARCV9_FMADD;
- 		}
- 
-+	/*
-+	 * VIS3 flag is tested independently from VIS1, unlike VIS2 that is,
-+	 * because VIS3 defines even integer instructions.
-+	 */
-+	if (sigsetjmp(common_jmp,1) == 0)
-+		{
-+		_sparcv9_vis3_probe();
-+		OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3;
-+		}
-+
-+	if (sigsetjmp(common_jmp,1) == 0)
-+		{
-+		(void)_sparcv9_random();
-+		OPENSSL_sparcv9cap_P[0] |= SPARCV9_RANDOM;
-+		}
-+
-+	/*
-+	 * In wait for better solution _sparcv9_rdcfr is masked by
-+	 * VIS3 flag, because it goes to uninterruptable endless
-+	 * loop on UltraSPARC II running Solaris. Things might be
-+	 * different on Linux...
-+	 */
-+	if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS3) &&
-+	    sigsetjmp(common_jmp,1) == 0)
-+		{
-+		OPENSSL_sparcv9cap_P[1] = (unsigned int)_sparcv9_rdcfr();
-+		}
-+
- 	sigaction(SIGBUS,&bus_oact,NULL);
- 	sigaction(SIGILL,&ill_oact,NULL);
- 
- 	sigprocmask(SIG_SETMASK,&oset,NULL);
-+
-+	if (sizeof(size_t)==8)
-+		OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK;
-+#ifdef __linux
-+	else
-+		{
-+		int ret = syscall(340);
-+
-+		if (ret>=0 && ret&1)
-+			OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK;
-+		}
-+#endif
- 	}
- 
- #endif
-Index: crypto/md5/Makefile
-===================================================================
-diff -ru openssl-1.0.1e/crypto/md5/Makefile openssl-1.0.1e/crypto/md5/Makefile
---- openssl-1.0.1e/crypto/md5/Makefile    2011-05-24 17:02:24.000000000 -0700
-+++ openssl-1.0.1e/crypto/md5/Makefile    2011-07-27 10:48:17.817470000 -0700
[email protected]@ -52,6 +52,9 @@
- 	$(CC) $(CFLAGS) -E asm/md5-ia64.S | \
- 	$(PERL) -ne 's/;\s+/;\n/g; print;' > [email protected]
- 
-+md5-sparcv9.S:	asm/md5-sparcv9.pl
-+	$(PERL) asm/md5-sparcv9.pl [email protected] $(CFLAGS)
-+
- files:
- 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
- 
-Index: crypto/md5/md5_locl.h
-===================================================================
-diff -ru openssl-1.0.1e/crypto/md5/md5_locl.h openssl-1.0.1e/crypto/md5/md5_locl.h
---- openssl-1.0.1e/crypto/md5/md5_locl.h    2011-05-24 17:02:24.000000000 -0700
-+++ openssl-1.0.1e/crypto/md5/md5_locl.h    2011-07-27 10:48:17.817470000 -0700
[email protected]@ -71,6 +71,8 @@
- #  define md5_block_data_order md5_block_asm_data_order
- # elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
- #  define md5_block_data_order md5_block_asm_data_order
-+# elif defined(__sparc) || defined(__sparc__)
-+#  define md5_block_data_order md5_block_asm_data_order
- # endif
- #endif
-
-Index: crypto/sha/Makefile
-===================================================================
-diff -ru openssl-1.0.1e/crypto/sha/Makefile openssl-1.0.1e/crypto/sha/Makefile
---- openssl-1.0.1e/crypto/sha/Makefile    2011-05-24 17:02:24.000000000 -0700
-+++ openssl-1.0.1e/crypto/sha/Makefile    2011-07-27 10:48:17.817470000 -0700
[email protected]@ -68,9 +68,9 @@
- sha1-x86_64.s:	asm/sha1-x86_64.pl;	$(PERL) asm/sha1-x86_64.pl $(PERLASM_SCHEME) > [email protected]
- sha256-x86_64.s:asm/sha512-x86_64.pl;	$(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) [email protected]
- sha512-x86_64.s:asm/sha512-x86_64.pl;	$(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) [email protected]
--sha1-sparcv9.s:	asm/sha1-sparcv9.pl;	$(PERL) asm/sha1-sparcv9.pl [email protected] $(CFLAGS)
--sha256-sparcv9.s:asm/sha512-sparcv9.pl;	$(PERL) asm/sha512-sparcv9.pl [email protected] $(CFLAGS)
--sha512-sparcv9.s:asm/sha512-sparcv9.pl;	$(PERL) asm/sha512-sparcv9.pl [email protected] $(CFLAGS)
-+sha1-sparcv9.S:	asm/sha1-sparcv9.pl;	$(PERL) asm/sha1-sparcv9.pl [email protected] $(CFLAGS)
-+sha256-sparcv9.S:asm/sha512-sparcv9.pl;	$(PERL) asm/sha512-sparcv9.pl [email protected] $(CFLAGS)
-+sha512-sparcv9.S:asm/sha512-sparcv9.pl;	$(PERL) asm/sha512-sparcv9.pl [email protected] $(CFLAGS)
- 
- sha1-ppc.s:	asm/sha1-ppc.pl;	$(PERL) asm/sha1-ppc.pl $(PERLASM_SCHEME) [email protected]
- sha256-ppc.s:	asm/sha512-ppc.pl;	$(PERL) asm/sha512-ppc.pl $(PERLASM_SCHEME) [email protected]
-Index: crypto/sha/asm/sha1-sparcv9.pl
-===================================================================
-diff -ru openssl-1.0.1e/crypto/sha/asm/sha1-sparcv9.pl openssl-1.0.1e/crypto/sha/asm/sha1-sparcv9.pl
---- openssl-1.0.1e/crypto/sha/asm/sha1-sparcv9.pl 2011-05-24 17:02:24.000000000 -0700
-+++ openssl-1.0.1e/crypto/sha/asm/sha1-sparcv9.pl 2011-07-27 10:48:17.817470000 -0700
[email protected]@ -5,6 +5,8 @@
- # project. The module is, however, dual licensed under OpenSSL and
- # CRYPTOGAMS licenses depending on where you obtain it. For further
- # details see http://www.openssl.org/~appro/cryptogams/.
-+#
-+# Hardware SPARC T4 support by David S. Miller <[email protected]>.
- # ====================================================================
- 
- # Performance improvement is not really impressive on pre-T1 CPU: +8%
[email protected]@ -18,6 +20,11 @@
- # ensure scalability on UltraSPARC T1, or rather to avoid decay when
- # amount of active threads exceeds the number of physical cores.
- 
-+# SPARC T4 SHA1 hardware achieves 3.72 cycles per byte, which is 3.1x
-+# faster than software. Multi-process benchmark saturates at 11x
-+# single-process result on 8-core processor, or ~9GBps per 2.85GHz
-+# socket.
-+
- $bits=32;
- for (@ARGV)	{ $bits=64 if (/\-m64/ || /\-xarch\=v9/); }
- if ($bits==64)	{ $bias=2047; $frame=192; }
[email protected]@ -183,11 +190,93 @@
- .register	%g3,#scratch
- ___
- $code.=<<___;
-+#include "sparc_arch.h"
-+
- .section	".text",#alloc,#execinstr
- 
-+#ifdef __PIC__
-+SPARC_PIC_THUNK(%g1)
-+#endif
-+
- .align	32
- .globl	sha1_block_data_order
- sha1_block_data_order:
-+	SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5)
-+	ld	[%g1+4],%g1		! OPENSSL_sparcv9cap_P[1]
-+
-+	andcc	%g1, CFR_SHA1, %g0
-+	be	.Lsoftware
-+	nop
-+
-+	ld	[%o0 + 0x00], %f0	! load context
-+	ld	[%o0 + 0x04], %f1
-+	ld	[%o0 + 0x08], %f2
-+	andcc	%o1, 0x7, %g0
-+	ld	[%o0 + 0x0c], %f3
-+	bne,pn	%icc, .Lhwunaligned
-+	 ld	[%o0 + 0x10], %f4
-+
-+.Lhw_loop:
-+	ldd	[%o1 + 0x00], %f8
-+	ldd	[%o1 + 0x08], %f10
-+	ldd	[%o1 + 0x10], %f12
-+	ldd	[%o1 + 0x18], %f14
-+	ldd	[%o1 + 0x20], %f16
-+	ldd	[%o1 + 0x28], %f18
-+	ldd	[%o1 + 0x30], %f20
-+	subcc	%o2, 1, %o2		! done yet? 
-+	ldd	[%o1 + 0x38], %f22
-+	add	%o1, 0x40, %o1
-+
-+	.word	0x81b02820		! SHA1
-+
-+	bne,pt	`$bits==64?"%xcc":"%icc"`, .Lhw_loop
-+	nop
-+
-+.Lhwfinish:
-+	st	%f0, [%o0 + 0x00]	! store context
-+	st	%f1, [%o0 + 0x04]
-+	st	%f2, [%o0 + 0x08]
-+	st	%f3, [%o0 + 0x0c]
-+	retl
-+	st	%f4, [%o0 + 0x10]
-+
-+.align	8
-+.Lhwunaligned:
-+	alignaddr %o1, %g0, %o1
-+
-+	ldd	[%o1 + 0x00], %f10
-+.Lhwunaligned_loop:
-+	ldd	[%o1 + 0x08], %f12
-+	ldd	[%o1 + 0x10], %f14
-+	ldd	[%o1 + 0x18], %f16
-+	ldd	[%o1 + 0x20], %f18
-+	ldd	[%o1 + 0x28], %f20
-+	ldd	[%o1 + 0x30], %f22
-+	ldd	[%o1 + 0x38], %f24
-+	subcc	%o2, 1, %o2		! done yet?
-+	ldd	[%o1 + 0x40], %f26
-+	add	%o1, 0x40, %o1
-+
-+	faligndata %f10, %f12, %f8
-+	faligndata %f12, %f14, %f10
-+	faligndata %f14, %f16, %f12
-+	faligndata %f16, %f18, %f14
-+	faligndata %f18, %f20, %f16
-+	faligndata %f20, %f22, %f18
-+	faligndata %f22, %f24, %f20
-+	faligndata %f24, %f26, %f22
-+
-+	.word	0x81b02820		! SHA1
-+
-+	bne,pt	`$bits==64?"%xcc":"%icc"`, .Lhwunaligned_loop
-+	for	%f26, %f26, %f10	! %f10=%f26
-+
-+	ba	.Lhwfinish
-+	nop
-+
-+.align	16
-+.Lsoftware:
- 	save	%sp,-$frame,%sp
- 	sllx	$len,6,$len
- 	add	$inp,$len,$len
[email protected]@ -279,6 +368,62 @@
- .align	4
- ___
- 
--$code =~ s/\`([^\`]*)\`/eval $1/gem;
--print $code;
-+# Purpose of these subroutines is to explicitly encode VIS instructions,
-+# so that one can compile the module without having to specify VIS
-+# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
-+# Idea is to reserve for option to produce "universal" binary and let
-+# programmer detect if current CPU is VIS capable at run-time.
-+sub unvis {
-+my ($mnemonic,$rs1,$rs2,$rd)[email protected]_;
-+my $ref,$opf;
-+my %visopf = (	"faligndata"	=> 0x048,
-+		"for"		=> 0x07c	);
-+
-+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
-+
-+    if ($opf=$visopf{$mnemonic}) {
-+	foreach ($rs1,$rs2,$rd) {
-+	    return $ref if (!/%f([0-9]{1,2})/);
-+	    $_=$1;
-+	    if ($1>=32) {
-+		return $ref if ($1&1);
-+		# re-encode for upper double register addressing
-+		$_=($1|$1>>5)&31;
-+	    }
-+	}
-+
-+	return	sprintf ".word\t0x%08x !%s",
-+			0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
-+			$ref;
-+    } else {
-+	return $ref;
-+    }
-+}
-+sub unalignaddr {
-+my ($mnemonic,$rs1,$rs2,$rd)[email protected]_;
-+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
-+my $ref="$mnemonic\t$rs1,$rs2,$rd";
-+
-+    foreach ($rs1,$rs2,$rd) {
-+	if (/%([goli])([0-7])/)	{ $_=$bias{$1}+$2; }
-+	else			{ return $ref; }
-+    }
-+    return  sprintf ".word\t0x%08x !%s",
-+		    0x81b00300|$rd<<25|$rs1<<14|$rs2,
-+		    $ref;
-+}
-+
-+foreach (split("\n",$code)) {
-+	s/\`([^\`]*)\`/eval $1/ge;
-+
-+	s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
-+		&unvis($1,$2,$3,$4)
-+	 /ge;
-+	s/\b(alignaddr)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/
-+		&unalignaddr($1,$2,$3,$4)
-+	 /ge;
-+
-+	print $_,"\n";
-+}
-+
- close STDOUT;
-
-Index: crypto/sha/asm/sha512-sparcv9.pl
-===================================================================
-diff -ru openssl-1.0.1e/crypto/sha/asm/sha512-sparcv9.pl openssl-1.0.1e/crypto/sha/asm/sha512-sparcv9.pl
---- openssl-1.0.1e/crypto/sha/asm/sha512-sparcv9.pl 2011-05-24 17:02:24.000000000 -0700
-+++ openssl-1.0.1e/crypto/sha/asm/sha512-sparcv9.pl 2011-07-27 10:48:17.817470000 -0700
[email protected]@ -5,6 +5,8 @@
- # project. The module is, however, dual licensed under OpenSSL and
- # CRYPTOGAMS licenses depending on where you obtain it. For further
- # details see http://www.openssl.org/~appro/cryptogams/.
-+#
-+# Hardware SPARC T4 support by David S. Miller <[email protected]>.
- # ====================================================================
- 
- # SHA256 performance improvement over compiler generated code varies
[email protected]@ -41,6 +43,12 @@
- #	loads are always slower than one 64-bit load. Once again this
- #	is unlike pre-T1 UltraSPARC, where, if scheduled appropriately,
- #	2x32-bit loads can be as fast as 1x64-bit ones.
-+#
-+# SPARC T4 SHA256/512 hardware achieves 3.17/2.01 cycles per byte,
-+# which is 9.3x/11.1x faster than software. Multi-process benchmark
-+# saturates at 11.5x single-process result on 8-core processor, or
-+# ~11/16GBps per 2.85GHz socket.
-+
- 
- $bits=32;
- for (@ARGV)	{ $bits=64 if (/\-m64/ || /\-xarch\=v9/); }
[email protected]@ -386,6 +394,8 @@
- .register	%g3,#scratch
- ___
- $code.=<<___;
-+#include "sparc_arch.h"
-+
- .section	".text",#alloc,#execinstr
- 
- .align	64
[email protected]@ -457,8 +467,196 @@
- }
- $code.=<<___;
- .size	K${label},.-K${label}
-+
-+#ifdef __PIC__
-+SPARC_PIC_THUNK(%g1)
-+#endif
-+
- .globl	sha${label}_block_data_order
-+.align	32
- sha${label}_block_data_order:
-+	SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5)
-+	ld	[%g1+4],%g1		! OPENSSL_sparcv9cap_P[1]
-+
-+	andcc	%g1, CFR_SHA${label}, %g0
-+	be	.Lsoftware
-+	nop
-+___
-+$code.=<<___ if ($SZ==8); 		# SHA512
-+	ldd	[%o0 + 0x00], %f0	! load context
-+	ldd	[%o0 + 0x08], %f2
-+	ldd	[%o0 + 0x10], %f4
-+	ldd	[%o0 + 0x18], %f6
-+	ldd	[%o0 + 0x20], %f8
-+	ldd	[%o0 + 0x28], %f10
-+	andcc	%o1, 0x7, %g0
-+	ldd	[%o0 + 0x30], %f12
-+	bne,pn	%icc, .Lhwunaligned
-+	 ldd	[%o0 + 0x38], %f14
-+
-+.Lhwaligned_loop:
-+	ldd	[%o1 + 0x00], %f16
-+	ldd	[%o1 + 0x08], %f18
-+	ldd	[%o1 + 0x10], %f20
-+	ldd	[%o1 + 0x18], %f22
-+	ldd	[%o1 + 0x20], %f24
-+	ldd	[%o1 + 0x28], %f26
-+	ldd	[%o1 + 0x30], %f28
-+	ldd	[%o1 + 0x38], %f30
-+	ldd	[%o1 + 0x40], %f32
-+	ldd	[%o1 + 0x48], %f34
-+	ldd	[%o1 + 0x50], %f36
-+	ldd	[%o1 + 0x58], %f38
-+	ldd	[%o1 + 0x60], %f40
-+	ldd	[%o1 + 0x68], %f42
-+	ldd	[%o1 + 0x70], %f44
-+	subcc	%o2, 1, %o2		! done yet?
-+	ldd	[%o1 + 0x78], %f46
-+	add	%o1, 0x80, %o1
-+
-+	.word	0x81b02860		! SHA512
-+
-+	bne,pt	`$bits==64?"%xcc":"%icc"`, .Lhwaligned_loop
-+	nop
-+
-+.Lhwfinish:
-+	std	%f0, [%o0 + 0x00]	! store context
-+	std	%f2, [%o0 + 0x08]
-+	std	%f4, [%o0 + 0x10]
-+	std	%f6, [%o0 + 0x18]
-+	std	%f8, [%o0 + 0x20]
-+	std	%f10, [%o0 + 0x28]
-+	std	%f12, [%o0 + 0x30]
-+	retl
-+	 std	%f14, [%o0 + 0x38]
-+
-+.align	16
-+.Lhwunaligned:
-+	alignaddr %o1, %g0, %o1
-+
-+	ldd	[%o1 + 0x00], %f18
-+.Lhwunaligned_loop:
-+	ldd	[%o1 + 0x08], %f20
-+	ldd	[%o1 + 0x10], %f22
-+	ldd	[%o1 + 0x18], %f24
-+	ldd	[%o1 + 0x20], %f26
-+	ldd	[%o1 + 0x28], %f28
-+	ldd	[%o1 + 0x30], %f30
-+	ldd	[%o1 + 0x38], %f32
-+	ldd	[%o1 + 0x40], %f34
-+	ldd	[%o1 + 0x48], %f36
-+	ldd	[%o1 + 0x50], %f38
-+	ldd	[%o1 + 0x58], %f40
-+	ldd	[%o1 + 0x60], %f42
-+	ldd	[%o1 + 0x68], %f44
-+	ldd	[%o1 + 0x70], %f46
-+	ldd	[%o1 + 0x78], %f48
-+	subcc	%o2, 1, %o2		! done yet?
-+	ldd	[%o1 + 0x80], %f50
-+	add	%o1, 0x80, %o1
-+
-+	faligndata %f18, %f20, %f16
-+	faligndata %f20, %f22, %f18
-+	faligndata %f22, %f24, %f20
-+	faligndata %f24, %f26, %f22
-+	faligndata %f26, %f28, %f24
-+	faligndata %f28, %f30, %f26
-+	faligndata %f30, %f32, %f28
-+	faligndata %f32, %f34, %f30
-+	faligndata %f34, %f36, %f32
-+	faligndata %f36, %f38, %f34
-+	faligndata %f38, %f40, %f36
-+	faligndata %f40, %f42, %f38
-+	faligndata %f42, %f44, %f40
-+	faligndata %f44, %f46, %f42
-+	faligndata %f46, %f48, %f44
-+	faligndata %f48, %f50, %f46
-+
-+	.word	0x81b02860		! SHA512
-+
-+	bne,pt	`$bits==64?"%xcc":"%icc"`, .Lhwunaligned_loop
-+	for	%f50, %f50, %f18	! %f18=%f50
-+
-+	ba	.Lhwfinish
-+	nop
-+___
-+$code.=<<___ if ($SZ==4); 		# SHA256
-+	ld	[%o0 + 0x00], %f0
-+	ld	[%o0 + 0x04], %f1
-+	ld	[%o0 + 0x08], %f2
-+	ld	[%o0 + 0x0c], %f3
-+	ld	[%o0 + 0x10], %f4
-+	ld	[%o0 + 0x14], %f5
-+	andcc	%o1, 0x7, %g0
-+	ld	[%o0 + 0x18], %f6
-+	bne,pn	%icc, .Lhwunaligned
-+	 ld	[%o0 + 0x1c], %f7
-+
-+.Lhwloop:
-+	ldd	[%o1 + 0x00], %f8
-+	ldd	[%o1 + 0x08], %f10
-+	ldd	[%o1 + 0x10], %f12
-+	ldd	[%o1 + 0x18], %f14
-+	ldd	[%o1 + 0x20], %f16
-+	ldd	[%o1 + 0x28], %f18
-+	ldd	[%o1 + 0x30], %f20
-+	subcc	%o2, 1, %o2		! done yet?
-+	ldd	[%o1 + 0x38], %f22
-+	add	%o1, 0x40, %o1
-+
-+	.word	0x81b02840		! SHA256
-+
-+	bne,pt	`$bits==64?"%xcc":"%icc"`, .Lhwloop
-+	nop
-+
-+.Lhwfinish:
-+	st	%f0, [%o0 + 0x00]	! store context
-+	st	%f1, [%o0 + 0x04]
-+	st	%f2, [%o0 + 0x08]
-+	st	%f3, [%o0 + 0x0c]
-+	st	%f4, [%o0 + 0x10]
-+	st	%f5, [%o0 + 0x14]
-+	st	%f6, [%o0 + 0x18]
-+	retl
-+	 st	%f7, [%o0 + 0x1c]
-+
-+.align	8
-+.Lhwunaligned:
-+	alignaddr %o1, %g0, %o1
-+
-+	ldd	[%o1 + 0x00], %f10
-+.Lhwunaligned_loop:
-+	ldd	[%o1 + 0x08], %f12
-+	ldd	[%o1 + 0x10], %f14
-+	ldd	[%o1 + 0x18], %f16
-+	ldd	[%o1 + 0x20], %f18
-+	ldd	[%o1 + 0x28], %f20
-+	ldd	[%o1 + 0x30], %f22
-+	ldd	[%o1 + 0x38], %f24
-+	subcc	%o2, 1, %o2		! done yet?
-+	ldd	[%o1 + 0x40], %f26
-+	add	%o1, 0x40, %o1
-+
-+	faligndata %f10, %f12, %f8
-+	faligndata %f12, %f14, %f10
-+	faligndata %f14, %f16, %f12
-+	faligndata %f16, %f18, %f14
-+	faligndata %f18, %f20, %f16
-+	faligndata %f20, %f22, %f18
-+	faligndata %f22, %f24, %f20
-+	faligndata %f24, %f26, %f22
-+
-+	.word	0x81b02840		! SHA256
-+
-+	bne,pt	`$bits==64?"%xcc":"%icc"`, .Lhwunaligned_loop
-+	for	%f26, %f26, %f10	! %f10=%f26
-+
-+	ba	.Lhwfinish
-+	nop
-+___
-+$code.=<<___;
-+.align	16
-+.Lsoftware:
- 	save	%sp,`-$frame-$locals`,%sp
- 	and	$inp,`$align-1`,$tmp31
- 	sllx	$len,`log(16*$SZ)/log(2)`,$len
[email protected]@ -589,6 +787,62 @@
- .align	4
- ___
- 
--$code =~ s/\`([^\`]*)\`/eval $1/gem;
--print $code;
-+# Purpose of these subroutines is to explicitly encode VIS instructions,
-+# so that one can compile the module without having to specify VIS
-+# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
-+# Idea is to reserve for option to produce "universal" binary and let
-+# programmer detect if current CPU is VIS capable at run-time.
-+sub unvis {
-+my ($mnemonic,$rs1,$rs2,$rd)[email protected]_;
-+my $ref,$opf;
-+my %visopf = (	"faligndata"	=> 0x048,
-+		"for"		=> 0x07c	);
-+
-+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
-+
-+    if ($opf=$visopf{$mnemonic}) {
-+	foreach ($rs1,$rs2,$rd) {
-+	    return $ref if (!/%f([0-9]{1,2})/);
-+	    $_=$1;
-+	    if ($1>=32) {
-+		return $ref if ($1&1);
-+		# re-encode for upper double register addressing
-+		$_=($1|$1>>5)&31;
-+	    }
-+	}
-+
-+	return	sprintf ".word\t0x%08x !%s",
-+			0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
-+			$ref;
-+    } else {
-+	return $ref;
-+    }
-+}
-+sub unalignaddr {
-+my ($mnemonic,$rs1,$rs2,$rd)[email protected]_;
-+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
-+my $ref="$mnemonic\t$rs1,$rs2,$rd";
-+
-+    foreach ($rs1,$rs2,$rd) {
-+	if (/%([goli])([0-7])/)	{ $_=$bias{$1}+$2; }
-+	else			{ return $ref; }
-+    }
-+    return  sprintf ".word\t0x%08x !%s",
-+		    0x81b00300|$rd<<25|$rs1<<14|$rs2,
-+		    $ref;
-+}
-+
-+foreach (split("\n",$code)) {
-+	s/\`([^\`]*)\`/eval $1/ge;
-+
-+	s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
-+		&unvis($1,$2,$3,$4)
-+	 /ge;
-+	s/\b(alignaddr)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/
-+		&unalignaddr($1,$2,$3,$4)
-+	 /ge;
-+
-+	print $_,"\n";
-+}
-+
- close STDOUT;
-Index: crypto/des/Makefile
-===================================================================
-diff -ru openssl-1.0.1e/crypto/des/Makefile.orig openssl-1.0.1e/crypto/des/Makefile
---- a/crypto/des/Makefile
-+++ b/crypto/des/Makefile
[email protected]@ -61,6 +61,8 @@ des: des.o cbc3_enc.o lib
- 
- des_enc-sparc.S:	asm/des_enc.m4
- 	m4 -B 8192 asm/des_enc.m4 > des_enc-sparc.S
-+dest4-sparcv9.s:	asm/dest4-sparcv9.pl
-+	$(PERL) asm/dest4-sparcv9.pl $(CFLAGS) > [email protected]
- 
- des-586.s:	asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
- 	$(PERL) asm/des-586.pl $(PERLASM_SCHEME) $(CFLAGS) > [email protected]
-Index: crypto/evp/e_des.c
-===================================================================
-diff -ru openssl-1.0.1e/crypto/evp/e_des.c.orig openssl-1.0.1e/crypto/evp/e_des.c
---- a/crypto/evp/e_des.c
-+++ b/crypto/evp/e_des.c
[email protected]@ -65,6 +65,30 @@
- #include <openssl/des.h>
- #include <openssl/rand.h>
- 
-+typedef struct
-+	{
-+	union { double align; DES_key_schedule ks; } ks;
-+	union {
-+		void (*cbc)(const void *,void *,size_t,const void *,void *);
-+	} stream;
-+	} EVP_DES_KEY;
-+
-+#if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
-+/* ---------^^^ this is not a typo, just a way to detect that
-+ * assembler support was in general requested... */
-+#include "sparc_arch.h"
-+
-+extern unsigned int OPENSSL_sparcv9cap_P[];
-+
-+#define SPARC_DES_CAPABLE	(OPENSSL_sparcv9cap_P[1] & CFR_DES)
-+
-+void	des_t4_key_expand(const void *key, DES_key_schedule *ks);
-+void	des_t4_cbc_encrypt(const void *inp,void *out,size_t len,
-+				DES_key_schedule *ks,unsigned char iv[8]);
-+void	des_t4_cbc_decrypt(const void *inp,void *out,size_t len,
-+				DES_key_schedule *ks,unsigned char iv[8]);
-+#endif
-+
- static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- 			const unsigned char *iv, int enc);
- static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
[email protected]@ -99,6 +123,13 @@ static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- 			  const unsigned char *in, size_t inl)
- {
-+	EVP_DES_KEY *dat = (EVP_DES_KEY *)ctx->cipher_data;
-+
-+	if (dat->stream.cbc)
-+		{
-+		(*dat->stream.cbc)(in,out,inl,&dat->ks.ks,ctx->iv);
-+		return 1;
-+		}
- 	while(inl>=EVP_MAXCHUNK)
- 		{
- 		DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
[email protected]@ -176,18 +207,18 @@
-     return 1;
-     }
- 
--BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
-+BLOCK_CIPHER_defs(des, EVP_DES_KEY, NID_des, 8, 8, 8, 64,
- 			EVP_CIPH_RAND_KEY, des_init_key, NULL,
- 			EVP_CIPHER_set_asn1_iv,
- 			EVP_CIPHER_get_asn1_iv,
- 			des_ctrl)
- 
--BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1,
-+BLOCK_CIPHER_def_cfb(des,EVP_DES_KEY,NID_des,8,8,1,
- 		     EVP_CIPH_RAND_KEY, des_init_key,NULL,
- 		     EVP_CIPHER_set_asn1_iv,
- 		     EVP_CIPHER_get_asn1_iv,des_ctrl)
- 
--BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8,
-+BLOCK_CIPHER_def_cfb(des,EVP_DES_KEY,NID_des,8,8,8,
- 		     EVP_CIPH_RAND_KEY,des_init_key,NULL,
- 		     EVP_CIPHER_set_asn1_iv,
- 		     EVP_CIPHER_get_asn1_iv,des_ctrl)
[email protected]@ -196,8 +227,25 @@ static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- 			const unsigned char *iv, int enc)
- 	{
- 	DES_cblock *deskey = (DES_cblock *)key;
-+	EVP_DES_KEY *dat = (EVP_DES_KEY *)ctx->cipher_data;
-+
-+	dat->stream.cbc = NULL;
-+#if defined(SPARC_DES_CAPABLE)
-+	if (SPARC_DES_CAPABLE)
-+		{
-+		int mode = ctx->cipher->flags & EVP_CIPH_MODE;
-+
-+		if (mode == EVP_CIPH_CBC_MODE)
-+			{
-+			des_t4_key_expand(key,&dat->ks.ks);
-+			dat->stream.cbc = enc ? des_t4_cbc_encrypt :
-+						des_t4_cbc_decrypt;
-+			return 1;
-+			}
-+		}
-+#endif
- #ifdef EVP_CHECK_DES_KEY
--	if(DES_set_key_checked(deskey,ctx->cipher_data) != 0)
-+	if(DES_set_key_checked(deskey,dat->ks.ks) != 0)
- 		return 0;
- #else
- 	DES_set_key_unchecked(deskey,ctx->cipher_data);
-Index: crypto/evp/e_des3.c
-===================================================================
-diff -ru openssl-1.0.1e/crypto/evp/e_des3.c.orig openssl-1.0.1e/crypto/evp/e_des3.c
---- a/crypto/evp/e_des3.c
-+++ b/crypto/evp/e_des3.c
[email protected]@ -65,6 +65,33 @@
- #include <openssl/des.h>
- #include <openssl/rand.h>
- 
-+typedef struct
-+	{
-+	union { double align; DES_key_schedule ks[3]; } ks;
-+	union {
-+		void (*cbc)(const void *,void *,size_t,const void *,void *);
-+	} stream;
-+	} DES_EDE_KEY;
-+#define ks1 ks.ks[0]
-+#define ks2 ks.ks[1]
-+#define ks3 ks.ks[2]
-+
-+#if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
-+/* ---------^^^ this is not a typo, just a way to detect that
-+ * assembler support was in general requested... */
-+#include "sparc_arch.h"
-+
-+extern unsigned int OPENSSL_sparcv9cap_P[];
-+
-+#define SPARC_DES_CAPABLE	(OPENSSL_sparcv9cap_P[1] & CFR_DES)
-+
-+void	des_t4_key_expand(const void *key, DES_key_schedule *ks);
-+void	des_t4_ede3_cbc_encrypt(const void *inp,void *out,size_t len,
-+				DES_key_schedule *ks,unsigned char iv[8]);
-+void	des_t4_ede3_cbc_decrypt(const void *inp,void *out,size_t len,
-+				DES_key_schedule *ks,unsigned char iv[8]);
-+#endif
-+
- #ifndef OPENSSL_FIPS
- 
- static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
[email protected]@ -75,13 +100,6 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- 
- static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
- 
--typedef struct
--    {
--    DES_key_schedule ks1;/* key schedule */
--    DES_key_schedule ks2;/* key schedule (for ede) */
--    DES_key_schedule ks3;/* key schedule (for ede3) */
--    } DES_EDE_KEY;
--
- #define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data)
- 
- /* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */
[email protected]@ -121,6 +141,8 @@ static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- 			      const unsigned char *in, size_t inl)
- {
-+	DES_EDE_KEY *dat = data(ctx);
-+
- #ifdef KSSL_DEBUG
- 	{
-         int i;
[email protected]@ -132,10 +154,16 @@
- 	printf("\n");
- 	}
- #endif    /* KSSL_DEBUG */
-+	if (dat->stream.cbc)
-+		{
-+		(*dat->stream.cbc)(in,out,inl,&dat->ks,ctx->iv);
-+		return 1;
-+		}
-+
- 	while (inl>=EVP_MAXCHUNK)
- 		{
- 		DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
--			     &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
-+			     &dat->ks1, &dat->ks2, &dat->ks3,
- 			     (DES_cblock *)ctx->iv, ctx->encrypt);
- 		inl-=EVP_MAXCHUNK;
- 		in +=EVP_MAXCHUNK;
[email protected]@ -143,7 +169,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- 		}
- 	if (inl)
- 		DES_ede3_cbc_encrypt(in, out, (long)inl,
--			     &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
-+			     &dat->ks1, &dat->ks2, &dat->ks3,
-                              (DES_cblock *)ctx->iv, ctx->encrypt);
- 	return 1;
- }
[email protected]@ -208,9 +234,8 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-     }
- 
- BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
--			EVP_CIPH_RAND_KEY, des_ede_init_key, NULL, 
--			EVP_CIPHER_set_asn1_iv,
--			EVP_CIPHER_get_asn1_iv,
-+			EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_DEFAULT_ASN1,
-+			des_ede_init_key, NULL, NULL, NULL,
- 			des3_ctrl)
- 
- #define des_ede3_cfb64_cipher des_ede_cfb64_cipher
[email protected]@ -219,37 +246,53 @@
- #define des_ede3_ecb_cipher des_ede_ecb_cipher
- 
- BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
--			EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, 
--			EVP_CIPHER_set_asn1_iv,
--			EVP_CIPHER_get_asn1_iv,
--			des3_ctrl)
-+		EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
-+		des_ede3_init_key, NULL, NULL, NULL,
-+		des3_ctrl)
- 
- BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
--		     EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
--		     EVP_CIPHER_set_asn1_iv,
--		     EVP_CIPHER_get_asn1_iv,
--		     des3_ctrl)
-+		EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
-+		des_ede3_init_key, NULL, NULL, NULL,
-+		des3_ctrl)
- 
- BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
--		     EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
--		     EVP_CIPHER_set_asn1_iv,
--		     EVP_CIPHER_get_asn1_iv,
--		     des3_ctrl)
-+		EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
-+		des_ede3_init_key, NULL, NULL, NULL,
-+		des3_ctrl)
- 
- static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- 			    const unsigned char *iv, int enc)
- 	{
- 	DES_cblock *deskey = (DES_cblock *)key;
-+	DES_EDE_KEY *dat = data(ctx);
-+
-+	dat->stream.cbc = NULL;
-+#if defined(SPARC_DES_CAPABLE)
-+	if (SPARC_DES_CAPABLE)
-+		{
-+		int mode = ctx->cipher->flags & EVP_CIPH_MODE;
-+
-+		if (mode == EVP_CIPH_CBC_MODE)
-+			{
-+			des_t4_key_expand(&deskey[0],&dat->ks1);
-+			des_t4_key_expand(&deskey[1],&dat->ks2);
-+			memcpy(&dat->ks3,&dat->ks1,sizeof(dat->ks1));
-+			dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt :
-+						des_t4_ede3_cbc_decrypt;
-+			return 1;
-+			}
-+		}
-+#endif
- #ifdef EVP_CHECK_DES_KEY
--	if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1)
--		!! DES_set_key_checked(&deskey[1],&data(ctx)->ks2))
-+	if (DES_set_key_checked(&deskey[0],&dat->ks1)
-+		!! DES_set_key_checked(&deskey[1],&dat->ks2))
- 		return 0;
- #else
--	DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);
--	DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);
-+	DES_set_key_unchecked(&deskey[0],&dat->ks1);
-+	DES_set_key_unchecked(&deskey[1],&dat->ks2);
- #endif
--	memcpy(&data(ctx)->ks3,&data(ctx)->ks1,
--	       sizeof(data(ctx)->ks1));
-+	memcpy(&dat->ks3,&dat->ks1,
-+		sizeof(dat->ks1));
- 	return 1;
- 	}
- 
[email protected]@ -257,6 +300,8 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- 			     const unsigned char *iv, int enc)
- 	{
- 	DES_cblock *deskey = (DES_cblock *)key;
-+	DES_EDE_KEY *dat = data(ctx);
-+
- #ifdef KSSL_DEBUG
- 	{
-         int i;
[email protected]@ -268,15 +313,32 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- 	}
- #endif	/* KSSL_DEBUG */
- 
-+	dat->stream.cbc = NULL;
-+#if defined(SPARC_DES_CAPABLE)
-+	if (SPARC_DES_CAPABLE)
-+		{
-+		int mode = ctx->cipher->flags & EVP_CIPH_MODE;
-+
-+		if (mode == EVP_CIPH_CBC_MODE)
-+			{
-+			des_t4_key_expand(&deskey[0],&dat->ks1);
-+			des_t4_key_expand(&deskey[1],&dat->ks2);
-+			des_t4_key_expand(&deskey[2],&dat->ks3);
-+			dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt :
-+						des_t4_ede3_cbc_decrypt;
-+			return 1;
-+			}
-+		}
-+#endif
- #ifdef EVP_CHECK_DES_KEY
--	if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1)
--		|| DES_set_key_checked(&deskey[1],&data(ctx)->ks2)
--		|| DES_set_key_checked(&deskey[2],&data(ctx)->ks3))
-+	if (DES_set_key_checked(&deskey[0],&dat->ks1)
-+		|| DES_set_key_checked(&deskey[1],&dat->ks2)
-+		|| DES_set_key_checked(&deskey[2],&dat->ks3))
- 		return 0;
- #else
--	DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);
--	DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);
--	DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3);
-+	DES_set_key_unchecked(&deskey[0],&dat->ks1);
-+	DES_set_key_unchecked(&deskey[1],&dat->ks2);
-+	DES_set_key_unchecked(&deskey[2],&dat->ks3);
- #endif
- 	return 1;
- 	}
-Index: openssl/crypto/bn/Makefile
-===================================================================
-diff -ru openssl-1.0.1e/crypto/bn/Makefile openssl-1.0.1e/crypto/bn/Makefile.new
---- openssl-1.0.1e/crypto/bn/Makefile 2011-05-24 17:02:24.000000000 -0700
-+++ openssl-1.0.1e/crypto/bn/Makefile 2011-07-27 10:48:17.817470000 -0700
[email protected]@ -77,6 +77,12 @@
- 	$(PERL) asm/sparcv9a-mont.pl $(CFLAGS) > [email protected]
- sparcv9-mont.s:		asm/sparcv9-mont.pl
- 	$(PERL) asm/sparcv9-mont.pl $(CFLAGS) > [email protected]
-+vis3-mont.s:		asm/vis3-mont.pl
-+	$(PERL) asm/vis3-mont.pl $(CFLAGS) > [email protected]
-+sparct4-mont.S:	asm/sparct4-mont.pl
-+	$(PERL) asm/sparct4-mont.pl $(CFLAGS) > [email protected]
-+sparcv9-gf2m.S:	asm/sparcv9-gf2m.pl
-+	$(PERL) asm/sparcv9-gf2m.pl $(CFLAGS) > [email protected]
- 
- bn-mips3.o:	asm/mips3.s
- 	@if [ "$(CC)" = "gcc" ]; then \
-Index: openssl/crypto/bn/bn_exp.c
-===================================================================
-diff -ru openssl-1.0.1e/crypto/bn/bn_exp.c openssl-1.0.1e/crypto/bn/bn_exp.c.new
---- bn_exp.c	2011/10/29 19:25:13	1.38
-+++ bn_exp.c	2012/11/17 10:34:11	1.39
[email protected]@ -123,8 +123,15 @@
- # ifndef alloca
- #  define alloca(s) __builtin_alloca((s))
- # endif
-+#else
-+#include <alloca.h>
- #endif
- 
-+#if defined(OPENSSL_BN_ASM_MONT) && defined(__sparc)
-+# include "sparc_arch.h"
-+extern unsigned int OPENSSL_sparcv9cap_P[];
-+#endif
-+
- /* maximum precomputation table size for *variable* sliding windows */
- #define TABLE_SIZE	32
- 
[email protected]@ -467,7 +467,15 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
- 	wstart=bits-1;	/* The top bit of the window */
- 	wend=0;		/* The bottom bit of the window */
- 
-+#if 1	/* by Shay Gueron's suggestion */
-+	j = mont->N.top;	/* borrow j */
-+	if (bn_wexpand(r,j) == NULL) goto err;
-+	r->d[0] = (0-m->d[0])&BN_MASK2;		/* 2^(top*BN_BITS2) - m */
-+	for(i=1;i<j;i++) r->d[i] = (~m->d[i])&BN_MASK2;
-+	r->top = j;
-+#else
- 	if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
-+#endif
- 	for (;;)
- 		{
- 		if (BN_is_bit_set(p,wstart) == 0)
[email protected]@ -519,6 +527,17 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
- 		start=0;
- 		if (wstart < 0) break;
- 		}
-+#if defined(OPENSSL_BN_ASM_MONT) && (defined(__sparc__) || defined(__sparc))
-+	if (OPENSSL_sparcv9cap_P[0]&(SPARCV9_VIS3|SPARCV9_PREFER_FPU))
-+ 	{
-+ 		j = mont->N.top;	/* borrow j */
-+ 		val[0]->d[0] = 1;	/* borrow val[0] */
-+ 		for (i=1;i<j;i++) val[0]->d[i] = 0;
-+ 		val[0]->top = j;
-+ 		if (!BN_mod_mul_montgomery(rr,r,val[0],mont,ctx)) goto err;
-+ 		}
-+ 	else
-+#endif
- 	if (!BN_from_montgomery(rr,r,mont,ctx)) goto err;
- 	ret=1;
- err:
[email protected]@ -528,6 +547,28 @@ err:
- 	return(ret);
- 	}
- 
-+#if defined(OPENSSL_BN_ASM_MONT) && (defined(__sparc__) || defined(__sparc))
-+static BN_ULONG bn_get_bits(const BIGNUM *a, int bitpos)
-+	{
-+	BN_ULONG ret=0;
-+	int wordpos;
-+
-+	wordpos = bitpos/BN_BITS2;
-+	bitpos %= BN_BITS2;
-+	if (wordpos>=0 && wordpos < a->top)
-+		{
-+		ret = a->d[wordpos]&BN_MASK2;
-+		if (bitpos)
-+			{
-+			ret >>= bitpos;
-+			if (++wordpos < a->top)
-+				ret |= a->d[wordpos]<<(BN_BITS2-bitpos);
-+			}
-+		}
-+
-+	return ret&BN_MASK2;
-+}
-+#endif
- 
- /* BN_mod_exp_mont_consttime() stores the precomputed powers in a specific layout
-  * so that accessing any of these table values shows the same access pattern as far
[email protected]@ -587,6 +592,9 @@
- 	int powerbufLen = 0;
- 	unsigned char *powerbuf=NULL;
- 	BIGNUM tmp, am;
-+#if defined(OPENSSL_BN_ASM_MONT) && defined(__sparc)
-+	unsigned int t4=0;
-+#endif
- 
- 	bn_check_top(a);
- 	bn_check_top(p);
[email protected]@ -621,9 +629,18 @@
- 
- 	/* Get the window size to use with size of p. */
- 	window = BN_window_bits_for_ctime_exponent_size(bits);
-+#if defined(OPENSSL_BN_ASM_MONT) && defined(__sparc)
-+	if (window>=5 && (top&15)==0 && top<=64 &&
-+	    (OPENSSL_sparcv9cap_P[1]&(CFR_MONTMUL|CFR_MONTSQR))==
-+	    			     (CFR_MONTMUL|CFR_MONTSQR) &&
-+	    (t4=OPENSSL_sparcv9cap_P[0]))
-+		window=5;
-+	else
-+#endif
- #if defined(OPENSSL_BN_ASM_MONT5)
- 	if (window==6 && bits<=1024) window=5;	/* ~5% improvement of 2048-bit RSA sign */
- #endif
-+	(void)0;
- 
- 	/* Allocate a buffer large enough to hold all of the pre-computed
- 	 * powers of am, am itself and tmp.
[email protected]@ -656,13 +715,13 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
- 	tmp.flags = am.flags = BN_FLG_STATIC_DATA;
- 
- 	/* prepare a^0 in Montgomery domain */
--#if 1
-- 	if (!BN_to_montgomery(&tmp,BN_value_one(),mont,ctx))	goto err;
--#else
-+#if 1	/* by Shay Gueron's suggestion */
- 	tmp.d[0] = (0-m->d[0])&BN_MASK2;	/* 2^(top*BN_BITS2) - m */
- 	for (i=1;i<top;i++)
- 		tmp.d[i] = (~m->d[i])&BN_MASK2;
- 	tmp.top = top;
-+#else
-+	if (!BN_to_montgomery(&tmp,BN_value_one(),mont,ctx))	goto err;
- #endif
- 
- 	/* prepare a^1 in Montgomery domain */
[email protected]@ -673,6 +690,121 @@
- 		}
- 	else	if (!BN_to_montgomery(&am,a,mont,ctx))		goto err;
- 
-+#if defined(OPENSSL_BN_ASM_MONT) && defined(__sparc)
-+    if (t4)
-+	{
-+	typedef int (*bn_pwr5_mont_f)(BN_ULONG *tp,const BN_ULONG *np,
-+			const BN_ULONG *n0,const void *table,int power,int bits);
-+	int bn_pwr5_mont_t4_8(BN_ULONG *tp,const BN_ULONG *np,
-+			const BN_ULONG *n0,const void *table,int power,int bits);
-+	int bn_pwr5_mont_t4_16(BN_ULONG *tp,const BN_ULONG *np,
-+			const BN_ULONG *n0,const void *table,int power,int bits);
-+	int bn_pwr5_mont_t4_24(BN_ULONG *tp,const BN_ULONG *np,
-+			const BN_ULONG *n0,const void *table,int power,int bits);
-+	int bn_pwr5_mont_t4_32(BN_ULONG *tp,const BN_ULONG *np,
-+			const BN_ULONG *n0,const void *table,int power,int bits);
-+	static const bn_pwr5_mont_f pwr5_funcs[4] = {
-+			bn_pwr5_mont_t4_8,	bn_pwr5_mont_t4_16,
-+			bn_pwr5_mont_t4_24,	bn_pwr5_mont_t4_32 };
-+	bn_pwr5_mont_f pwr5_worker = pwr5_funcs[top/16-1];
-+
-+	typedef int (*bn_mul_mont_f)(BN_ULONG *rp,const BN_ULONG *ap,
-+			const void *bp,const BN_ULONG *np,const BN_ULONG *n0);
-+	int bn_mul_mont_t4_8(BN_ULONG *rp,const BN_ULONG *ap,
-+			const void *bp,const BN_ULONG *np,const BN_ULONG *n0);
-+	int bn_mul_mont_t4_16(BN_ULONG *rp,const BN_ULONG *ap,
-+			const void *bp,const BN_ULONG *np,const BN_ULONG *n0);
-+	int bn_mul_mont_t4_24(BN_ULONG *rp,const BN_ULONG *ap,
-+			const void *bp,const BN_ULONG *np,const BN_ULONG *n0);
-+	int bn_mul_mont_t4_32(BN_ULONG *rp,const BN_ULONG *ap,
-+			const void *bp,const BN_ULONG *np,const BN_ULONG *n0);
-+	static const bn_mul_mont_f mul_funcs[4] = {
-+			bn_mul_mont_t4_8,	bn_mul_mont_t4_16,
-+			bn_mul_mont_t4_24,	bn_mul_mont_t4_32 };
-+	bn_mul_mont_f mul_worker = mul_funcs[top/16-1];
-+
-+	void bn_mul_mont_vis3(BN_ULONG *rp,const BN_ULONG *ap,
-+			const void *bp,const BN_ULONG *np,
-+			const BN_ULONG *n0,int num);
-+	void bn_mul_mont_t4(BN_ULONG *rp,const BN_ULONG *ap,
-+			const void *bp,const BN_ULONG *np,
-+			const BN_ULONG *n0,int num);
-+	void bn_mul_mont_gather5_t4(BN_ULONG *rp,const BN_ULONG *ap,
-+			const void *table,const BN_ULONG *np,
-+			const BN_ULONG *n0,int num,int power);
-+	void bn_flip_n_scatter5_t4(const BN_ULONG *inp,size_t num,
-+			void *table,size_t power);
-+	void bn_gather5_t4(BN_ULONG *out,size_t num,
-+			void *table,size_t power);
-+	void bn_flip_t4(BN_ULONG *dst,BN_ULONG *src,size_t num);
-+
-+	BN_ULONG *np=mont->N.d, *n0=mont->n0;
-+	int stride = 5*(6-(top/16-1));	/* multiple of 5, but less than 32 */
-+
-+	/* BN_to_montgomery can contaminate words above .top
-+	 * [in BN_DEBUG[_DEBUG] build]... */
-+	for (i=am.top; i<top; i++)	am.d[i]=0;
-+	for (i=tmp.top; i<top; i++)	tmp.d[i]=0;
-+
-+	bn_flip_n_scatter5_t4(tmp.d,top,powerbuf,0);
-+	bn_flip_n_scatter5_t4(am.d,top,powerbuf,1);
-+	if (!(*mul_worker)(tmp.d,am.d,am.d,np,n0) &&
-+	    !(*mul_worker)(tmp.d,am.d,am.d,np,n0))
-+		bn_mul_mont_vis3(tmp.d,am.d,am.d,np,n0,top);
-+	bn_flip_n_scatter5_t4(tmp.d,top,powerbuf,2);
-+
-+	for (i=3; i<32; i++)
-+		{
-+		/* Calculate a^i = a^(i-1) * a */
-+		if (!(*mul_worker)(tmp.d,tmp.d,am.d,np,n0) &&
-+		    !(*mul_worker)(tmp.d,tmp.d,am.d,np,n0))
-+			bn_mul_mont_vis3(tmp.d,tmp.d,am.d,np,n0,top);
-+		bn_flip_n_scatter5_t4(tmp.d,top,powerbuf,i);
-+		}
-+
-+	/* switch to 64-bit domain */ 
-+	np = alloca(top*sizeof(BN_ULONG));
-+	top /= 2;
-+	bn_flip_t4(np,mont->N.d,top);
-+
-+	bits--;
-+	for (wvalue=0, i=bits%5; i>=0; i--,bits--)
-+		wvalue = (wvalue<<1)+BN_is_bit_set(p,bits);
-+	bn_gather5_t4(tmp.d,top,powerbuf,wvalue);
-+
-+	/* Scan the exponent one window at a time starting from the most
-+	 * significant bits.
-+	 */
-+	while (bits >= 0)
-+		{
-+		if (bits < stride) stride = bits+1;
-+		bits -= stride;
-+		wvalue = (bn_get_bits(p,bits+1));
-+
-+		if ((*pwr5_worker)(tmp.d,np,n0,powerbuf,wvalue,stride)) continue;
-+		/* retry once and fall back */
-+		if ((*pwr5_worker)(tmp.d,np,n0,powerbuf,wvalue,stride)) continue;
-+
-+		bits += stride-5;
-+		wvalue >>= stride-5;
-+		wvalue &= 31;
-+		bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top);
-+		bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top);
-+		bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top);
-+		bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top);
-+		bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top);
-+		bn_mul_mont_gather5_t4(tmp.d,tmp.d,powerbuf,np,n0,top,wvalue);
-+		}
-+
-+	bn_flip_t4(tmp.d,tmp.d,top);
-+	top *= 2;
-+	/* back to 32-bit domain */
-+	tmp.top=top;
-+	bn_correct_top(&tmp);
-+	OPENSSL_cleanse(np,top*sizeof(BN_ULONG));
-+	}
-+    else
-+#endif
- #if defined(OPENSSL_BN_ASM_MONT5)
-     /* This optimization uses ideas from http://eprint.iacr.org/2011/239,
-      * specifically optimization of cache-timing attack countermeasures
[email protected]@ -816,6 +990,15 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
- 	}
- 
-  	/* Convert the final result from montgomery to standard format */
-+#if defined(OPENSSL_BN_ASM_MONT) && (defined(__sparc__) || defined(__sparc))
-+	if (OPENSSL_sparcv9cap_P[0]&(SPARCV9_VIS3|SPARCV9_PREFER_FPU))
-+		{
-+		am.d[0] = 1;	/* borrow am */
-+		for (i=1;i<top;i++) am.d[i] = 0;
-+		if (!BN_mod_mul_montgomery(rr,&tmp,&am,mont,ctx)) goto err;
-+		}
-+	else
-+#endif
- 	if (!BN_from_montgomery(rr,&tmp,mont,ctx)) goto err;
- 	ret=1;
- err:
-Index: openssl/apps/speed.c
-===================================================================
-diff -ru openssl-1.0.1e/apps/spped.c openssl-1.0.1e/apps/speed.c
---- openssl-1.0.1e/apps/speed.c 2011-05-24 17:02:24.000000000 -0700
-+++ openssl-1.0.1e/apps/spped.c 2011-07-27 10:48:17.817470000 -0700
[email protected]@ -1551,7 +1551,7 @@
- 			print_message(names[D_MD5],c[D_MD5][j],lengths[j]);
- 			Time_F(START);
- 			for (count=0,run=1; COND(c[D_MD5][j]); count++)
--				EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md5[0]),NULL,EVP_get_digestbyname("md5"),NULL);
-+				MD5(buf,lengths[j],md5);
- 			d=Time_F(STOP);
- 			print_result(D_MD5,j,count,d);
- 			}
[email protected]@ -1591,7 +1591,7 @@
- 			print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]);
- 			Time_F(START);
- 			for (count=0,run=1; COND(c[D_SHA1][j]); count++)
--				EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1(),NULL);
-+				SHA1(buf,lengths[j],sha);
- 			d=Time_F(STOP);
- 			print_result(D_SHA1,j,count,d);
- 			}
-Index: openssl/crypto/aes/Makefile
-===================================================================
---- Makefile    Thu May  2 13:42:37 2013
-+++ Makefile.orig       Thu May  2 13:41:51 2013
[email protected]@ -69,6 +69,9 @@
- aes-sparcv9.s: asm/aes-sparcv9.pl
- 	$(PERL) asm/aes-sparcv9.pl $(CFLAGS) > [email protected]
- 
-+aest4-sparcv9.s: asm/aest4-sparcv9.pl
-+	$(PERL) asm/aest4-sparcv9.pl $(CFLAGS) > [email protected]
-+
- aes-ppc.s:	asm/aes-ppc.pl
- 	$(PERL) asm/aes-ppc.pl $(PERLASM_SCHEME) [email protected]
-
-Index: openssl/crypto/evp/e_aes.c
-===================================================================
---- e_aes.c	Mon Feb 11 07:26:04 2013
-+++ e_aes.c.56	Thu May  2 14:26:35 2013
[email protected]@ -56,13 +58,12 @@
- #include <assert.h>
- #include <openssl/aes.h>
- #include "evp_locl.h"
--#ifndef OPENSSL_FIPS
- #include "modes_lcl.h"
- #include <openssl/rand.h>
- 
- typedef struct
- 	{
--	AES_KEY ks;
-+	union { double align; AES_KEY ks; } ks;
- 	block128_f block;
- 	union {
- 		cbc128_f cbc;
[email protected]@ -72,7 +73,7 @@
- 
- typedef struct
- 	{
--	AES_KEY ks;		/* AES key schedule to use */
-+	union { double align; AES_KEY ks; } ks;	/* AES key schedule to use */
- 	int key_set;		/* Set if key initialised */
- 	int iv_set;		/* Set if an iv is set */
- 	GCM128_CONTEXT gcm;
[email protected]@ -86,7 +87,7 @@
- 
- typedef struct
- 	{
--	AES_KEY ks1, ks2;	/* AES key schedules to use */
-+	union { double align; AES_KEY ks; } ks1, ks2;	/* AES key schedules to use */
- 	XTS128_CONTEXT xts;
- 	void     (*stream)(const unsigned char *in,
- 			unsigned char *out, size_t length,
[email protected]@ -96,7 +97,7 @@
- 
- typedef struct
- 	{
--	AES_KEY ks;		/* AES key schedule to use */
-+	union { double align; AES_KEY ks; } ks;	/* AES key schedule to use */
- 	int key_set;		/* Set if key initialised */
- 	int iv_set;		/* Set if an iv is set */
- 	int tag_set;		/* Set if tag is valid */
[email protected]@ -160,7 +161,7 @@
- 	defined(_M_AMD64)	|| defined(_M_X64)	|| \
- 	defined(__INTEL__)				)
- 
--extern unsigned int OPENSSL_ia32cap_P[2];
-+extern unsigned int OPENSSL_ia32cap_P[];
- 
- #ifdef VPAES_ASM
- #define VPAES_CAPABLE	(OPENSSL_ia32cap_P[1]&(1<<(41-32)))
[email protected]@ -310,7 +311,7 @@
- 		return 1;
- 	if (key)
- 		{
--		aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
-+		aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
- 		CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
- 				(block128_f)aesni_encrypt);
- 		gctx->ctr = (ctr128_f)aesni_ctr32_encrypt_blocks;
[email protected]@ -355,19 +356,19 @@
- 		/* key_len is two AES keys */
- 		if (enc)
- 			{
--			aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
-+			aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
- 			xctx->xts.block1 = (block128_f)aesni_encrypt;
- 			xctx->stream = aesni_xts_encrypt;
- 			}
- 		else
- 			{
--			aesni_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
-+			aesni_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
- 			xctx->xts.block1 = (block128_f)aesni_decrypt;
- 			xctx->stream = aesni_xts_decrypt;
- 			}
- 
- 		aesni_set_encrypt_key(key + ctx->key_len/2,
--						ctx->key_len * 4, &xctx->ks2);
-+						ctx->key_len * 4, &xctx->ks2.ks);
- 		xctx->xts.block2 = (block128_f)aesni_encrypt;
- 
- 		xctx->xts.key1 = &xctx->ks1;
[email protected]@ -394,7 +395,7 @@
- 		return 1;
- 	if (key)
- 		{
--		aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
-+		aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks);
- 		CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
- 					&cctx->ks, (block128_f)aesni_encrypt);
- 		cctx->str = enc?(ccm128_f)aesni_ccm64_encrypt_blocks :
[email protected]@ -456,6 +457,379 @@
- const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
- { return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; }
- 
-+#elif	defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
-+
-+#include "sparc_arch.h"
-+
-+extern unsigned int OPENSSL_sparcv9cap_P[];
-+
-+#define	SPARC_AES_CAPABLE	(OPENSSL_sparcv9cap_P[1] & CFR_AES)
-+
-+void	aes_t4_set_encrypt_key (const unsigned char *key, int bits,
-+				AES_KEY *ks);
-+void	aes_t4_set_decrypt_key (const unsigned char *key, int bits,
-+				AES_KEY *ks);
-+void	aes_t4_encrypt (const unsigned char *in, unsigned char *out,
-+				const AES_KEY *key);
-+void	aes_t4_decrypt (const unsigned char *in, unsigned char *out,
-+				const AES_KEY *key);
-+/*
-+ * Key-length specific subroutines were chosen for following reason.
-+ * Each SPARC T4 core can execute up to 8 threads which share core's
-+ * resources. Loading as much key material to registers allows to
-+ * minimize references to shared memory interface, as well as amount
-+ * of instructions in inner loops [much needed on T4]. But then having
-+ * non-key-length specific routines would require conditional branches
-+ * either in inner loops or on subroutines' entries. Former is hardly
-+ * acceptable, while latter means code size increase to size occupied
-+ * by multiple key-length specfic subroutines, so why fight?
-+ */
-+void	aes128_t4_cbc_encrypt (const unsigned char *in, unsigned char *out,
-+				size_t len, const AES_KEY *key,
-+				unsigned char *ivec);
-+void	aes128_t4_cbc_decrypt (const unsigned char *in, unsigned char *out,
-+				size_t len, const AES_KEY *key,
-+				unsigned char *ivec);
-+void	aes192_t4_cbc_encrypt (const unsigned char *in, unsigned char *out,
-+				size_t len, const AES_KEY *key,
-+				unsigned char *ivec);
-+void	aes192_t4_cbc_decrypt (const unsigned char *in, unsigned char *out,
-+				size_t len, const AES_KEY *key,
-+				unsigned char *ivec);
-+void	aes256_t4_cbc_encrypt (const unsigned char *in, unsigned char *out,
-+				size_t len, const AES_KEY *key,
-+				unsigned char *ivec);
-+void	aes256_t4_cbc_decrypt (const unsigned char *in, unsigned char *out,
-+				size_t len, const AES_KEY *key,
-+				unsigned char *ivec);
-+void	aes128_t4_ctr32_encrypt (const unsigned char *in, unsigned char *out,
-+				size_t blocks, const AES_KEY *key,
-+				unsigned char *ivec);
-+void	aes192_t4_ctr32_encrypt (const unsigned char *in, unsigned char *out,
-+				size_t blocks, const AES_KEY *key,
-+				unsigned char *ivec);
-+void	aes256_t4_ctr32_encrypt (const unsigned char *in, unsigned char *out,
-+				size_t blocks, const AES_KEY *key,
-+				unsigned char *ivec);
-+
-+static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-+		   const unsigned char *iv, int enc)
-+	{
-+	int ret, mode, bits;
-+	EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
-+
-+	mode = ctx->cipher->flags & EVP_CIPH_MODE;
-+	bits = ctx->key_len*8;
-+	if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
-+	    && !enc)
-+		{
-+		    ret = 0;
-+		    aes_t4_set_decrypt_key(key, bits, ctx->cipher_data);
-+		    dat->block	= (block128_f)aes_t4_decrypt;
-+		    switch (bits) {
-+		    case 128:
-+			dat->stream.cbc	= mode==EVP_CIPH_CBC_MODE ?
-+						(cbc128_f)aes128_t4_cbc_decrypt :
-+						NULL;
-+			break;
-+		    case 192:
-+			dat->stream.cbc	= mode==EVP_CIPH_CBC_MODE ?
-+						(cbc128_f)aes192_t4_cbc_decrypt :
-+						NULL;
-+			break;
-+		    case 256:
-+			dat->stream.cbc	= mode==EVP_CIPH_CBC_MODE ?
-+						(cbc128_f)aes256_t4_cbc_decrypt :
-+						NULL;
-+			break;
-+		    default:
-+			ret = -1;
-+		    }
-+		}
-+	else	{
-+		    ret = 0;
-+		    aes_t4_set_encrypt_key(key, bits, ctx->cipher_data);
-+		    dat->block	= (block128_f)aes_t4_encrypt;
-+		    switch (bits) {
-+		    case 128:
-+			if (mode==EVP_CIPH_CBC_MODE)
-+				dat->stream.cbc	= (cbc128_f)aes128_t4_cbc_encrypt;
-+			else if (mode==EVP_CIPH_CTR_MODE)
-+				dat->stream.ctr = (ctr128_f)aes128_t4_ctr32_encrypt;
-+			else
-+				dat->stream.cbc = NULL;
-+			break;
-+		    case 192:
-+			if (mode==EVP_CIPH_CBC_MODE)
-+				dat->stream.cbc	= (cbc128_f)aes192_t4_cbc_encrypt;
-+			else if (mode==EVP_CIPH_CTR_MODE)
-+				dat->stream.ctr = (ctr128_f)aes192_t4_ctr32_encrypt;
-+			else
-+				dat->stream.cbc = NULL;
-+			break;
-+		    case 256:
-+			if (mode==EVP_CIPH_CBC_MODE)
-+				dat->stream.cbc	= (cbc128_f)aes256_t4_cbc_encrypt;
-+			else if (mode==EVP_CIPH_CTR_MODE)
-+				dat->stream.ctr = (ctr128_f)aes256_t4_ctr32_encrypt;
-+			else
-+				dat->stream.cbc = NULL;
-+			break;
-+		    default:
-+			ret = -1;
-+		    }
-+		}
-+
-+	if(ret < 0)
-+		{
-+		EVPerr(EVP_F_AES_T4_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
-+		return 0;
-+		}
-+
-+	return 1;
-+	}
-+
-+#define aes_t4_cbc_cipher aes_cbc_cipher
-+static int aes_t4_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
-+	const unsigned char *in, size_t len);
-+
-+#define aes_t4_ecb_cipher aes_ecb_cipher 
-+static int aes_t4_ecb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
-+	const unsigned char *in, size_t len);
-+
-+#define aes_t4_ofb_cipher aes_ofb_cipher
-+static int aes_t4_ofb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
-+	const unsigned char *in,size_t len);
-+
-+#define aes_t4_cfb_cipher aes_cfb_cipher
-+static int aes_t4_cfb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
-+	const unsigned char *in,size_t len);
-+
-+#define aes_t4_cfb8_cipher aes_cfb8_cipher
-+static int aes_t4_cfb8_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
-+	const unsigned char *in,size_t len);
-+
-+#define aes_t4_cfb1_cipher aes_cfb1_cipher
-+static int aes_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
-+	const unsigned char *in,size_t len);
-+
-+#define aes_t4_ctr_cipher aes_ctr_cipher
-+static int aes_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+		const unsigned char *in, size_t len);
-+
-+static int aes_t4_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-+                        const unsigned char *iv, int enc)
-+	{
-+	EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
-+	if (!iv && !key)
-+		return 1;
-+	if (key)
-+		{
-+		int bits = ctx->key_len * 8;
-+		aes_t4_set_encrypt_key(key, bits, &gctx->ks.ks);
-+		CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
-+				(block128_f)aes_t4_encrypt);
-+		switch (bits) {
-+		    case 128:
-+			gctx->ctr = (ctr128_f)aes128_t4_ctr32_encrypt;
-+			break;
-+		    case 192:
-+			gctx->ctr = (ctr128_f)aes192_t4_ctr32_encrypt;
-+			break;
-+		    case 256:
-+			gctx->ctr = (ctr128_f)aes256_t4_ctr32_encrypt;
-+			break;
-+		    default:
-+			return 0;
-+		}
-+		/* If we have an iv can set it directly, otherwise use
-+		 * saved IV.
-+		 */
-+		if (iv == NULL && gctx->iv_set)
-+			iv = gctx->iv;
-+		if (iv)
-+			{
-+			CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
-+			gctx->iv_set = 1;
-+			}
-+		gctx->key_set = 1;
-+		}
-+	else
-+		{
-+		/* If key set use IV, otherwise copy */
-+		if (gctx->key_set)
-+			CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
-+		else
-+			memcpy(gctx->iv, iv, gctx->ivlen);
-+		gctx->iv_set = 1;
-+		gctx->iv_gen = 0;
-+		}
-+	return 1;
-+	}
-+
-+#define aes_t4_gcm_cipher aes_gcm_cipher
-+static int aes_t4_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+		const unsigned char *in, size_t len);
-+
-+static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-+                        const unsigned char *iv, int enc)
-+	{
-+	EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
-+	if (!iv && !key)
-+		return 1;
-+
-+	if (key)
-+		{
-+		int bits = ctx->key_len * 4;
-+		/* key_len is two AES keys */
-+		if (enc)
-+			{
-+			aes_t4_set_encrypt_key(key, bits, &xctx->ks1.ks);
-+			xctx->xts.block1 = (block128_f)aes_t4_encrypt;
-+#if 0 /* not yet */
-+			switch (bits) {
-+			    case 128:
-+				xctx->stream = aes128_t4_xts_encrypt;
-+				break;
-+			    case 192:
-+				xctx->stream = aes192_t4_xts_encrypt;
-+				break;
-+			    case 256:
-+				xctx->stream = aes256_t4_xts_encrypt;
-+				break;
-+			    default:
-+				return 0;
-+			    }
-+#endif
-+			}
-+		else
-+			{
-+			aes_t4_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
-+			xctx->xts.block1 = (block128_f)aes_t4_decrypt;
-+#if 0 /* not yet */
-+			switch (bits) {
-+			    case 128:
-+				xctx->stream = aes128_t4_xts_decrypt;
-+				break;
-+			    case 192:
-+				xctx->stream = aes192_t4_xts_decrypt;
-+				break;
-+			    case 256:
-+				xctx->stream = aes256_t4_xts_decrypt;
-+				break;
-+			    default:
-+				return 0;
-+			    }
-+#endif
-+			}
-+
-+		aes_t4_set_encrypt_key(key + ctx->key_len/2,
-+						ctx->key_len * 4, &xctx->ks2.ks);
-+		xctx->xts.block2 = (block128_f)aes_t4_encrypt;
-+
-+		xctx->xts.key1 = &xctx->ks1;
-+		}
-+
-+	if (iv)
-+		{
-+		xctx->xts.key2 = &xctx->ks2;
-+		memcpy(ctx->iv, iv, 16);
-+		}
-+
-+	return 1;
-+	}
-+
-+#define aes_t4_xts_cipher aes_xts_cipher
-+static int aes_t4_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+		const unsigned char *in, size_t len);
-+
-+static int aes_t4_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-+                        const unsigned char *iv, int enc)
-+	{
-+	EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
-+	if (!iv && !key)
-+		return 1;
-+	if (key)
-+		{
-+		int bits = ctx->key_len * 8;
-+		aes_t4_set_encrypt_key(key, bits, &cctx->ks.ks);
-+		CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
-+					&cctx->ks, (block128_f)aes_t4_encrypt);
-+#if 0 /* not yet */
-+		switch (bits) {
-+		    case 128:
-+			cctx->str = enc?(ccm128_f)aes128_t4_ccm64_encrypt :
-+				(ccm128_f)ae128_t4_ccm64_decrypt;
-+			break;
-+		    case 192:
-+			cctx->str = enc?(ccm128_f)aes192_t4_ccm64_encrypt :
-+				(ccm128_f)ae192_t4_ccm64_decrypt;
-+			break;
-+		    case 256:
-+			cctx->str = enc?(ccm128_f)aes256_t4_ccm64_encrypt :
-+				(ccm128_f)ae256_t4_ccm64_decrypt;
-+			break;
-+		    default:
-+			return 0;
-+		    }
-+#endif
-+		cctx->key_set = 1;
-+		}
-+	if (iv)
-+		{
-+		memcpy(ctx->iv, iv, 15 - cctx->L);
-+		cctx->iv_set = 1;
-+		}
-+	return 1;
-+	}
-+
-+#define aes_t4_ccm_cipher aes_ccm_cipher
-+static int aes_t4_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+		const unsigned char *in, size_t len);
-+
-+#define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
-+static const EVP_CIPHER aes_t4_##keylen##_##mode = { \
-+	nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
-+	flags|EVP_CIPH_##MODE##_MODE,	\
-+	aes_t4_init_key,		\
-+	aes_t4_##mode##_cipher,		\
-+	NULL,				\
-+	sizeof(EVP_AES_KEY),		\
-+	NULL,NULL,NULL,NULL }; \
-+static const EVP_CIPHER aes_##keylen##_##mode = { \
-+	nid##_##keylen##_##nmode,blocksize,	\
-+	keylen/8,ivlen, \
-+	flags|EVP_CIPH_##MODE##_MODE,	\
-+	aes_init_key,			\
-+	aes_##mode##_cipher,		\
-+	NULL,				\
-+	sizeof(EVP_AES_KEY),		\
-+	NULL,NULL,NULL,NULL }; \
-+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
-+{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; }
-+
-+#define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
-+static const EVP_CIPHER aes_t4_##keylen##_##mode = { \
-+	nid##_##keylen##_##mode,blocksize, \
-+	(EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
-+	flags|EVP_CIPH_##MODE##_MODE,	\
-+	aes_t4_##mode##_init_key,	\
-+	aes_t4_##mode##_cipher,		\
-+	aes_##mode##_cleanup,		\
-+	sizeof(EVP_AES_##MODE##_CTX),	\
-+	NULL,NULL,aes_##mode##_ctrl,NULL }; \
-+static const EVP_CIPHER aes_##keylen##_##mode = { \
-+	nid##_##keylen##_##mode,blocksize, \
-+	(EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
-+	flags|EVP_CIPH_##MODE##_MODE,	\
-+	aes_##mode##_init_key,		\
-+	aes_##mode##_cipher,		\
-+	aes_##mode##_cleanup,		\
-+	sizeof(EVP_AES_##MODE##_CTX),	\
-+	NULL,NULL,aes_##mode##_ctrl,NULL }; \
-+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
-+{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; }
-+
- #else
- 
- #define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
[email protected]@ -505,7 +879,7 @@
- #ifdef BSAES_CAPABLE
- 	    if (BSAES_CAPABLE && mode==EVP_CIPH_CBC_MODE)
- 		{
--		ret = AES_set_decrypt_key(key,ctx->key_len*8,&dat->ks);
-+		ret = AES_set_decrypt_key(key,ctx->key_len*8,&dat->ks.ks);
- 		dat->block	= (block128_f)AES_decrypt;
- 		dat->stream.cbc	= (cbc128_f)bsaes_cbc_encrypt;
- 		}
[email protected]@ -514,7 +888,7 @@
- #ifdef VPAES_CAPABLE
- 	    if (VPAES_CAPABLE)
- 		{
--		ret = vpaes_set_decrypt_key(key,ctx->key_len*8,&dat->ks);
-+		ret = vpaes_set_decrypt_key(key,ctx->key_len*8,&dat->ks.ks);
- 		dat->block	= (block128_f)vpaes_decrypt;
- 		dat->stream.cbc	= mode==EVP_CIPH_CBC_MODE ?
- 					(cbc128_f)vpaes_cbc_encrypt :
[email protected]@ -523,7 +897,7 @@
- 	    else
- #endif
- 		{
--		ret = AES_set_decrypt_key(key,ctx->key_len*8,&dat->ks);
-+		ret = AES_set_decrypt_key(key,ctx->key_len*8,&dat->ks.ks);
- 		dat->block	= (block128_f)AES_decrypt;
- 		dat->stream.cbc	= mode==EVP_CIPH_CBC_MODE ?
- 					(cbc128_f)AES_cbc_encrypt :
[email protected]@ -533,7 +907,7 @@
- #ifdef BSAES_CAPABLE
- 	    if (BSAES_CAPABLE && mode==EVP_CIPH_CTR_MODE)
- 		{
--		ret = AES_set_encrypt_key(key,ctx->key_len*8,&dat->ks);
-+		ret = AES_set_encrypt_key(key,ctx->key_len*8,&dat->ks.ks);
- 		dat->block	= (block128_f)AES_encrypt;
- 		dat->stream.ctr	= (ctr128_f)bsaes_ctr32_encrypt_blocks;
- 		}
[email protected]@ -542,7 +916,7 @@
- #ifdef VPAES_CAPABLE
- 	    if (VPAES_CAPABLE)
- 		{
--		ret = vpaes_set_encrypt_key(key,ctx->key_len*8,&dat->ks);
-+		ret = vpaes_set_encrypt_key(key,ctx->key_len*8,&dat->ks.ks);
- 		dat->block	= (block128_f)vpaes_encrypt;
- 		dat->stream.cbc	= mode==EVP_CIPH_CBC_MODE ?
- 					(cbc128_f)vpaes_cbc_encrypt :
[email protected]@ -551,7 +925,7 @@
- 	    else
- #endif
- 		{
--		ret = AES_set_encrypt_key(key,ctx->key_len*8,&dat->ks);
-+		ret = AES_set_encrypt_key(key,ctx->key_len*8,&dat->ks.ks);
- 		dat->block	= (block128_f)AES_encrypt;
- 		dat->stream.cbc	= mode==EVP_CIPH_CBC_MODE ?
- 					(cbc128_f)AES_cbc_encrypt :
[email protected]@ -828,7 +1202,7 @@
- #ifdef BSAES_CAPABLE
- 		if (BSAES_CAPABLE)
- 			{
--			AES_set_encrypt_key(key,ctx->key_len*8,&gctx->ks);
-+			AES_set_encrypt_key(key,ctx->key_len*8,&gctx->ks.ks);
- 			CRYPTO_gcm128_init(&gctx->gcm,&gctx->ks,
- 					(block128_f)AES_encrypt);
- 			gctx->ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks;
[email protected]@ -839,7 +1213,7 @@
- #ifdef VPAES_CAPABLE
- 		if (VPAES_CAPABLE)
- 			{
--			vpaes_set_encrypt_key(key,ctx->key_len*8,&gctx->ks);
-+			vpaes_set_encrypt_key(key,ctx->key_len*8,&gctx->ks.ks);
- 			CRYPTO_gcm128_init(&gctx->gcm,&gctx->ks,
- 					(block128_f)vpaes_encrypt);
- 			gctx->ctr = NULL;
[email protected]@ -849,7 +1223,7 @@
- #endif
- 		(void)0;	/* terminate potentially open 'else' */
- 
--		AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
-+		AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
- 		CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f)AES_encrypt);
- #ifdef AES_CTR_ASM
- 		gctx->ctr = (ctr128_f)AES_ctr32_encrypt;
[email protected]@ -1080,17 +1454,17 @@
- 		    {
- 		    if (enc)
- 			{
--			vpaes_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
-+			vpaes_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
- 			xctx->xts.block1 = (block128_f)vpaes_encrypt;
- 			}
- 		    else
- 			{
--			vpaes_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
-+			vpaes_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
- 			xctx->xts.block1 = (block128_f)vpaes_decrypt;
- 			}
- 
- 		    vpaes_set_encrypt_key(key + ctx->key_len/2,
--						ctx->key_len * 4, &xctx->ks2);
-+						ctx->key_len * 4, &xctx->ks2.ks);
- 		    xctx->xts.block2 = (block128_f)vpaes_encrypt;
- 
- 		    xctx->xts.key1 = &xctx->ks1;
[email protected]@ -1102,17 +1476,17 @@
- 
- 		if (enc)
- 			{
--			AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
-+			AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
- 			xctx->xts.block1 = (block128_f)AES_encrypt;
- 			}
- 		else
- 			{
--			AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
-+			AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
- 			xctx->xts.block1 = (block128_f)AES_decrypt;
- 			}
- 
- 		AES_set_encrypt_key(key + ctx->key_len/2,
--						ctx->key_len * 4, &xctx->ks2);
-+						ctx->key_len * 4, &xctx->ks2.ks);
- 		xctx->xts.block2 = (block128_f)AES_encrypt;
- 
- 		xctx->xts.key1 = &xctx->ks1;
[email protected]@ -1223,7 +1597,7 @@
- #ifdef VPAES_CAPABLE
- 		if (VPAES_CAPABLE)
- 			{
--			vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks);
-+			vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks.ks);
- 			CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
- 					&cctx->ks, (block128_f)vpaes_encrypt);
- 			cctx->str = NULL;
[email protected]@ -1231,7 +1605,7 @@
- 			break;
- 			}
- #endif
--		AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
-+		AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks);
- 		CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
- 					&cctx->ks, (block128_f)AES_encrypt);
- 		cctx->str = NULL;
[email protected]@ -1319,5 +1693,4 @@
- BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS)
- BLOCK_CIPHER_custom(NID_aes,256,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS)
- 
--#endif
- #endif
-Index: openssl/crypto/evp/evp.h
-===================================================================
---- evp.h	Mon Feb 11 07:26:04 2013
-+++ evp.h.new	Thu May  2 14:31:55 2013
[email protected]@ -1256,6 +1256,7 @@
- #define EVP_F_AESNI_INIT_KEY				 165
- #define EVP_F_AESNI_XTS_CIPHER				 176
- #define EVP_F_AES_INIT_KEY				 133
-+#define EVP_F_AES_T4_INIT_KEY				 178
- #define EVP_F_AES_XTS					 172
- #define EVP_F_AES_XTS_CIPHER				 175
- #define EVP_F_ALG_MODULE_INIT				 177
-Index: openssl/crypto/evp/evp_err.c
-===================================================================
---- evp_err.c	Mon Feb 11 07:26:04 2013
-+++ evp_err.c.new	Thu May  2 14:33:24 2013
[email protected]@ -73,6 +73,7 @@
- {ERR_FUNC(EVP_F_AESNI_INIT_KEY),	"AESNI_INIT_KEY"},
- {ERR_FUNC(EVP_F_AESNI_XTS_CIPHER),	"AESNI_XTS_CIPHER"},
- {ERR_FUNC(EVP_F_AES_INIT_KEY),	"AES_INIT_KEY"},
-+{ERR_FUNC(EVP_F_AES_T4_INIT_KEY),	"AES_T4_INIT_KEY"},
- {ERR_FUNC(EVP_F_AES_XTS),	"AES_XTS"},
- {ERR_FUNC(EVP_F_AES_XTS_CIPHER),	"AES_XTS_CIPHER"},
- {ERR_FUNC(EVP_F_ALG_MODULE_INIT),	"ALG_MODULE_INIT"},
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-1.0.1/patches/37_openssl_t4_inline.patch	Tue Mar 24 20:05:38 2015 -0700
@@ -0,0 +1,2267 @@
+#
+# This file adds inline T4 instruction support to OpenSSL upstream code.
+# The change was brought in from OpenSSL 1.0.2.
+#
+Index: Configure
+===================================================================
+diff -ru openssl-1.0.1e/Configure openssl-1.0.1e/Configure
+--- openssl-1.0.1e/Configure 2011-05-24 17:02:24.000000000 -0700
++++ openssl-1.0.1e/Configure 2011-07-27 10:48:17.817470000 -0700
[email protected]@ -135,7 +135,7 @@
+
+ my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o modexp512-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o:";
+ my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void";
+-my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::ghash-sparcv9.o::void";
++my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o:des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::ghash-sparcv9.o::void";
+ my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::::void";
+ my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o:::::sha1-alpha.o:::::::ghash-alpha.o::void";
+ my $mips32_asm=":bn-mips.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o::::::::";
+Index: crypto/sparccpuid.S
+===================================================================
+diff -ru openssl-1.0.1e/crypto/sparccpuid.S openssl-1.0.1e/crypto/sparccpuid.S
+--- openssl-1.0.1e/crypto/sparccpuid.S 2011-05-24 17:02:24.000000000 -0700
++++ openssl-1.0.1e/crypto/sparccpuid.S 2011-07-27 10:48:17.817470000 -0700
[email protected]@ -1,3 +1,7 @@
++#ifdef OPENSSL_FIPSCANISTER
++#include <openssl/fipssyms.h>
++#endif
++
+ #if defined(__SUNPRO_C) && defined(__sparcv9)
+ # define ABI64  /* They've said -xarch=v9 at command line */
+ #elif defined(__GNUC__) && defined(__arch64__)
[email protected]@ -235,10 +239,10 @@
+ .global	_sparcv9_vis1_probe
+ .align	8
+ _sparcv9_vis1_probe:
++	.word	0x81b00d80	!fxor	%f0,%f0,%f0
+ 	add	%sp,BIAS+2,%o1
+-	.word	0xc19a5a40	!ldda	[%o1]ASI_FP16_P,%f0
+ 	retl
+-	.word	0x81b00d80	!fxor	%f0,%f0,%f0
++	.word	0xc19a5a40	!ldda	[%o1]ASI_FP16_P,%f0
+ .type	_sparcv9_vis1_probe,#function
+ .size	_sparcv9_vis1_probe,.-_sparcv9_vis1_probe
+ 
[email protected]@ -251,7 +255,12 @@
+ !	UltraSPARC IIe		7
+ !	UltraSPARC III		7
+ !	UltraSPARC T1		24
++!	SPARC T4		65(*)
+ !
++! (*)	result has lesser to do with VIS instruction latencies, rdtick
++!	appears that slow, but it does the trick in sense that FP and
++!	VIS code paths are still slower than integer-only ones.
++!
+ ! Numbers for T2 and SPARC64 V-VII are more than welcomed.
+ !
+ ! It would be possible to detect specifically US-T1 by instrumenting
[email protected]@ -260,6 +269,8 @@
+ .global	_sparcv9_vis1_instrument
+ .align	8
+ _sparcv9_vis1_instrument:
++	.word	0x81b00d80	!fxor	%f0,%f0,%f0
++	.word	0x85b08d82	!fxor	%f2,%f2,%f2
+ 	.word	0x91410000	!rd	%tick,%o0
+ 	.word	0x81b00d80	!fxor	%f0,%f0,%f0
+ 	.word	0x85b08d82	!fxor	%f2,%f2,%f2
[email protected]@ -314,6 +325,30 @@
+ .type	_sparcv9_fmadd_probe,#function
+ .size	_sparcv9_fmadd_probe,.-_sparcv9_fmadd_probe
+ 
++.global	_sparcv9_rdcfr
++.align	8
++_sparcv9_rdcfr:
++	retl
++	.word	0x91468000	!rd	%asr26,%o0
++.type	_sparcv9_rdcfr,#function
++.size	_sparcv9_rdcfr,.-_sparcv9_rdcfr
++
++.global	_sparcv9_vis3_probe
++.align	8
++_sparcv9_vis3_probe:
++	retl
++	.word	0x81b022a0	!xmulx	%g0,%g0,%g0
++.type	_sparcv9_vis3_probe,#function
++.size	_sparcv9_vis3_probe,.-_sparcv9_vis3_probe
++
++.global	_sparcv9_random
++.align	8
++_sparcv9_random:
++	retl
++	.word	0x91b002a0	!random	%o0
++.type	_sparcv9_random,#function
++.size	_sparcv9_random,.-_sparcv9_vis3_probe
++
+ .global	OPENSSL_cleanse
+ .align	32
+ OPENSSL_cleanse:
[email protected]@ -398,6 +433,102 @@
+ .size	OPENSSL_cleanse,.-OPENSSL_cleanse
+ 
+ #ifndef _BOOT
++.global	_sparcv9_vis1_instrument_bus
++.align	8
++_sparcv9_vis1_instrument_bus:
++    mov    %o1,%o3                    ! save cnt
++    .word    0x99410000    !rd    %tick,%o4    ! tick
++    mov    %o4,%o5                    ! lasttick = tick
++    set    0,%g4                    ! diff
++
++    andn    %o0,63,%g1
++    .word    0xc1985e00    !ldda    [%g1]0xf0,%f0    ! block load
++    .word    0x8143e040    !membar    #Sync
++    .word    0xc1b85c00    !stda    %f0,[%g1]0xe0    ! block store and commit
++    .word    0x8143e040    !membar    #Sync
++    ld    [%o0],%o4
++    add    %o4,%g4,%g4
++    .word    0xc9e2100c    !cas    [%o0],%o4,%g4
++
++.Loop:    .word    0x99410000    !rd    %tick,%o4
++    sub    %o4,%o5,%g4                ! diff=tick-lasttick
++    mov    %o4,%o5                    ! lasttick=tick
++
++    andn    %o0,63,%g1
++    .word    0xc1985e00    !ldda    [%g1]0xf0,%f0    ! block load
++    .word    0x8143e040    !membar    #Sync
++    .word    0xc1b85c00    !stda    %f0,[%g1]0xe0    ! block store and commit
++    .word    0x8143e040    !membar    #Sync
++    ld    [%o0],%o4
++    add    %o4,%g4,%g4
++    .word    0xc9e2100c    !cas    [%o0],%o4,%g4
++    subcc    %o1,1,%o1                ! --$cnt
++    bnz    .Loop
++    add    %o0,4,%o0                ! ++$out
++
++    retl
++    mov    %o3,%o0
++.type    _sparcv9_vis1_instrument_bus,#function
++.size    _sparcv9_vis1_instrument_bus,.-_sparcv9_vis1_instrument_bus
++
++.global    _sparcv9_vis1_instrument_bus2
++.align    8
++_sparcv9_vis1_instrument_bus2:
++    mov    %o1,%o3                    ! save cnt
++    sll    %o1,2,%o1                ! cnt*=4
++
++    .word    0x99410000    !rd    %tick,%o4    ! tick
++    mov    %o4,%o5                    ! lasttick = tick
++    set    0,%g4                    ! diff
++
++    andn    %o0,63,%g1
++    .word    0xc1985e00    !ldda    [%g1]0xf0,%f0    ! block load
++    .word    0x8143e040    !membar    #Sync
++    .word    0xc1b85c00    !stda    %f0,[%g1]0xe0    ! block store and commit
++    .word    0x8143e040    !membar    #Sync
++    ld    [%o0],%o4
++    add    %o4,%g4,%g4
++    .word    0xc9e2100c    !cas    [%o0],%o4,%g4
++
++    .word    0x99410000    !rd    %tick,%o4    ! tick
++    sub    %o4,%o5,%g4                ! diff=tick-lasttick
++    mov    %o4,%o5                    ! lasttick=tick
++    mov    %g4,%g5                    ! lastdiff=diff
++.Loop2:
++    andn    %o0,63,%g1
++    .word    0xc1985e00    !ldda    [%g1]0xf0,%f0    ! block load
++    .word    0x8143e040    !membar    #Sync
++    .word    0xc1b85c00    !stda    %f0,[%g1]0xe0    ! block store and commit
++    .word    0x8143e040    !membar    #Sync
++    ld    [%o0],%o4
++    add    %o4,%g4,%g4
++    .word    0xc9e2100c    !cas    [%o0],%o4,%g4
++
++    subcc    %o2,1,%o2                ! --max
++    bz    .Ldone2
++    nop
++
++    .word    0x99410000    !rd    %tick,%o4    ! tick
++    sub    %o4,%o5,%g4                ! diff=tick-lasttick
++    mov    %o4,%o5                    ! lasttick=tick
++    cmp    %g4,%g5
++    mov    %g4,%g5                    ! lastdiff=diff
++
++    .word    0x83408000    !rd    %ccr,%g1
++    and    %g1,4,%g1                ! isolate zero flag
++    xor    %g1,4,%g1                ! flip zero flag
++
++    subcc    %o1,%g1,%o1                ! conditional --$cnt
++    bnz    .Loop2
++    add    %o0,%g1,%o0                ! conditional ++$out
++
++.Ldone2:
++    srl    %o1,2,%o1
++    retl
++    sub    %o3,%o1,%o0
++.type    _sparcv9_vis1_instrument_bus2,#function
++.size    _sparcv9_vis1_instrument_bus2,.-_sparcv9_vis1_instrument_bus2
++
+ .section	".init",#alloc,#execinstr
+ 	call	solaris_locking_setup
+ 	nop
+Index: crypto/sparcv9cap.c
+===================================================================
+diff -ru openssl-1.0.1e/crypto/sparcv9cap.c openssl-1.0.1e/crypto/sparcv9cap.c
+--- openssl-1.0.1e/crypto/sparcv9cap.c 2011-05-24 17:02:24.000000000 -0700
++++ openssl-1.0.1e/crypto/sparcv9cap.c 2011-07-27 10:48:17.817470000 -0700
[email protected]@ -4,34 +4,58 @@
+ #include <setjmp.h>
+ #include <signal.h>
+ #include <sys/time.h>
++#include <unistd.h>
+ #include <openssl/bn.h>
+ 
+-#define SPARCV9_TICK_PRIVILEGED (1<<0)
+-#define SPARCV9_PREFER_FPU      (1<<1)
+-#define SPARCV9_VIS1            (1<<2)
+-#define SPARCV9_VIS2            (1<<3) /* reserved */
+-#define SPARCV9_FMADD           (1<<4) /* reserved for SPARC64 V */
++#include "sparc_arch.h"
+ 
++#if defined(__GNUC__) && defined(__linux)
++__attribute__((visibility("hidden")))
++#endif
+ #ifndef        _BOOT
+-static int OPENSSL_sparcv9cap_P = SPARCV9_TICK_PRIVILEGED;
++unsigned int OPENSSL_sparcv9cap_P[2] = {SPARCV9_TICK_PRIVILEGED, 0};
+ #else
+-static int OPENSSL_sparcv9cap_P = SPARCV9_VIS1;
++unsigned int OPENSSL_sparcv9cap_P[2] = {SPARCV9_VIS1, 0};
+ #endif
+ 
+ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                 const BN_ULONG *np, const BN_ULONG *n0, int num)
+ {
++    int bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
++                         const BN_ULONG *np,const BN_ULONG *n0, int num);
+     int bn_mul_mont_fpu(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                         const BN_ULONG *np, const BN_ULONG *n0, int num);
+     int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                         const BN_ULONG *np, const BN_ULONG *n0, int num);
+ 
+-    if (num >= 8 && !(num & 1) &&
+-        (OPENSSL_sparcv9cap_P & (SPARCV9_PREFER_FPU | SPARCV9_VIS1)) ==
+-        (SPARCV9_PREFER_FPU | SPARCV9_VIS1))
+-        return bn_mul_mont_fpu(rp, ap, bp, np, n0, num);
+-    else
+-        return bn_mul_mont_int(rp, ap, bp, np, n0, num);
++    if (!(num&1) && num>=6) {
++        if ((num&15)==0 && num<=64 &&
++            (OPENSSL_sparcv9cap_P[1]&(CFR_MONTMUL|CFR_MONTSQR))== 
++                             (CFR_MONTMUL|CFR_MONTSQR))
++            {
++            typedef int (*bn_mul_mont_f)(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0);
++            int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0);
++            int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0);
++            int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0);
++            int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0);
++            static const bn_mul_mont_f funcs[4] = {
++                bn_mul_mont_t4_8,    bn_mul_mont_t4_16,
++                bn_mul_mont_t4_24,    bn_mul_mont_t4_32 };
++            bn_mul_mont_f worker = funcs[num/16-1];
++
++            if ((*worker)(rp,ap,bp,np,n0)) return 1;
++            /* retry once and fall back */
++            if ((*worker)(rp,ap,bp,np,n0)) return 1;
++            return bn_mul_mont_vis3(rp,ap,bp,np,n0,num);
++            }
++        if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS3))
++            return bn_mul_mont_vis3(rp,ap,bp,np,n0,num);
++        else if (num>=8 &&
++            (OPENSSL_sparcv9cap_P[0]&(SPARCV9_PREFER_FPU|SPARCV9_VIS1)) ==
++            (SPARCV9_PREFER_FPU|SPARCV9_VIS1))
++            return bn_mul_mont_fpu(rp,ap,bp,np,n0,num);
++        }
++    return bn_mul_mont_int(rp,ap,bp,np,n0,num);
+ }
+ 
+ unsigned long _sparcv9_rdtick(void);
[email protected]@ -39,11 +63,18 @@
+ unsigned long _sparcv9_vis1_instrument(void);
+ void _sparcv9_vis2_probe(void);
+ void _sparcv9_fmadd_probe(void);
++unsigned long _sparcv9_rdcfr(void);
++void _sparcv9_vis3_probe(void);
++unsigned long _sparcv9_random(void);
++#ifndef _BOOT
++size_t _sparcv9_vis1_instrument_bus(unsigned int *,size_t);
++size_t _sparcv9_vis1_instrument_bus2(unsigned int *,size_t,size_t);
++#endif
+ 
+ #ifndef _BOOT
+ unsigned long OPENSSL_rdtsc(void)
+ {
+-    if (OPENSSL_sparcv9cap_P & SPARCV9_TICK_PRIVILEGED)
++    if (OPENSSL_sparcv9cap_P[0] & SPARCV9_TICK_PRIVILEGED)
+ #if defined(__sun) && defined(__SVR4)
+         return gethrtime();
+ #else
[email protected]@ -52,6 +83,24 @@
+     else
+         return _sparcv9_rdtick();
+ }
++
++size_t OPENSSL_instrument_bus(unsigned int *out,size_t cnt)
++{
++    if ((OPENSSL_sparcv9cap_P[0]&(SPARCV9_TICK_PRIVILEGED|SPARCV9_BLK)) ==
++            SPARCV9_BLK)
++        return _sparcv9_vis1_instrument_bus(out,cnt);
++    else
++        return 0;
++}
++
++size_t OPENSSL_instrument_bus2(unsigned int *out,size_t cnt,size_t max)
++{
++    if ((OPENSSL_sparcv9cap_P[0]&(SPARCV9_TICK_PRIVILEGED|SPARCV9_BLK)) ==
++            SPARCV9_BLK)
++        return _sparcv9_vis1_instrument_bus2(out,cnt,max);
++    else
++        return 0;
++}
+ #endif
+
+ #if defined(_BOOT)
[email protected]@ -61,7 +110,7 @@
+  */
+ void OPENSSL_cpuid_setup(void)
+        {
+-       OPENSSL_sparcv9cap_P = SPARCV9_VIS1;
++       OPENSSL_sparcv9cap_P[0] = SPARCV9_VIS1;
+        }
+ 
+ #elif 0 && defined(__sun) && defined(__SVR4)
[email protected]@ -90,11 +139,11 @@
+     if (!strcmp(name, "SUNW,UltraSPARC") ||
+         /* covers II,III,IV */
+         !strncmp(name, "SUNW,UltraSPARC-I", 17)) {
+-        OPENSSL_sparcv9cap_P |= SPARCV9_PREFER_FPU | SPARCV9_VIS1;
++        OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU | SPARCV9_VIS1;
+ 
+         /* %tick is privileged only on UltraSPARC-I/II, but not IIe */
+         if (name[14] != '\0' && name[17] != '\0' && name[18] != '\0')
+-            OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED;
++            OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
+ 
+         return DI_WALK_TERMINATE;
+     }
[email protected]@ -100,7 +149,7 @@
+     }
+     /* This is expected to catch remaining UltraSPARCs, such as T1 */
+     else if (!strncmp(name, "SUNW,UltraSPARC", 15)) {
+-        OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED;
++        OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
+ 
+         return DI_WALK_TERMINATE;
+     }
[email protected]@ -119,7 +168,7 @@
+     trigger = 1;
+ 
+     if ((e = getenv("OPENSSL_sparcv9cap"))) {
+-        OPENSSL_sparcv9cap_P = strtoul(e, NULL, 0);
++        OPENSSL_sparcv9cap_P[0] = strtoul(e, NULL, 0);
+         return;
+     }
+ 
[email protected]@ -126,15 +175,15 @@
+     if (sysinfo(SI_MACHINE, si, sizeof(si)) > 0) {
+         if (strcmp(si, "sun4v"))
+             /* FPU is preferred for all CPUs, but US-T1/2 */
+-            OPENSSL_sparcv9cap_P |= SPARCV9_PREFER_FPU;
++            OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU;
+     }
+ 
+     if (sysinfo(SI_ISALIST, si, sizeof(si)) > 0) {
+         if (strstr(si, "+vis"))
+-            OPENSSL_sparcv9cap_P |= SPARCV9_VIS1;
++            OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1 | SPARCV9_BLK;
+         if (strstr(si, "+vis2")) {
+-            OPENSSL_sparcv9cap_P |= SPARCV9_VIS2;
+-            OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED;
++            OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2;
++            OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
+             return;
+         }
+     }
[email protected]@ -204,12 +253,14 @@
+     trigger = 1;
+ 
+     if ((e = getenv("OPENSSL_sparcv9cap"))) {
+-        OPENSSL_sparcv9cap_P = strtoul(e, NULL, 0);
++        OPENSSL_sparcv9cap_P[0] = strtoul(e, NULL, 0);
++        if ((e = strchr(e, ':')))
++            OPENSSL_sparcv9cap_P[1] = strtoul(e + 1, NULL, 0);
+         return;
+     }
+ 
+     /* Initial value, fits UltraSPARC-I&II... */
+-    OPENSSL_sparcv9cap_P = SPARCV9_PREFER_FPU | SPARCV9_TICK_PRIVILEGED;
++    OPENSSL_sparcv9cap_P[0] = SPARCV9_PREFER_FPU | SPARCV9_TICK_PRIVILEGED;
+ 
+     sigfillset(&all_masked);
+     sigdelset(&all_masked, SIGILL);
[email protected]@ -232,18 +283,18 @@
+ 
+     if (sigsetjmp(common_jmp, 1) == 0) {
+         _sparcv9_rdtick();
+-        OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED;
++        OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
+     }
+ 
+     if (sigsetjmp(common_jmp, 1) == 0) {
+         _sparcv9_vis1_probe();
+-        OPENSSL_sparcv9cap_P |= SPARCV9_VIS1;
++        OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1 | SPARCV9_BLK;
+         /* detect UltraSPARC-Tx, see sparccpud.S for details... */
+         if (_sparcv9_vis1_instrument() >= 12)
+-            OPENSSL_sparcv9cap_P &= ~(SPARCV9_VIS1 | SPARCV9_PREFER_FPU);
++            OPENSSL_sparcv9cap_P[0] &= ~(SPARCV9_VIS1 | SPARCV9_PREFER_FPU);
+         else {
+             _sparcv9_vis2_probe();
+-            OPENSSL_sparcv9cap_P |= SPARCV9_VIS2;
++            OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2;
+         }
+     }
+ 
[email protected]@ -249,13 +300,50 @@
+ 
+     if (sigsetjmp(common_jmp, 1) == 0) {
+         _sparcv9_fmadd_probe();
+-        OPENSSL_sparcv9cap_P |= SPARCV9_FMADD;
++        OPENSSL_sparcv9cap_P[0] |= SPARCV9_FMADD;
+     }
+ 
++    /*
++     * VIS3 flag is tested independently from VIS1, unlike VIS2 that is,
++     * because VIS3 defines even integer instructions.
++     */
++    if (sigsetjmp(common_jmp,1) == 0) {
++        _sparcv9_vis3_probe();
++        OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3;
++    }
++
++    if (sigsetjmp(common_jmp,1) == 0) {
++        (void)_sparcv9_random();
++        OPENSSL_sparcv9cap_P[0] |= SPARCV9_RANDOM;
++    }
++
++    /*
++     * In wait for better solution _sparcv9_rdcfr is masked by
++     * VIS3 flag, because it goes to uninterruptable endless
++     * loop on UltraSPARC II running Solaris. Things might be
++     * different on Linux...
++     */
++    if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS3) &&
++        sigsetjmp(common_jmp, 1) == 0) {
++        OPENSSL_sparcv9cap_P[1] = (unsigned int)_sparcv9_rdcfr();
++    }
++
+     sigaction(SIGBUS, &bus_oact, NULL);
+     sigaction(SIGILL, &ill_oact, NULL);
+ 
+     sigprocmask(SIG_SETMASK, &oset, NULL);
++
++    if (sizeof(size_t) == 8)
++        OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK;
++#ifdef __linux
++    else
++        {
++        int ret = syscall(340);
++
++        if (ret >= 0 && ret & 1)
++            OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK;
++        }
++#endif
+ }
+ 
+ #endif
+Index: crypto/md5/Makefile
+===================================================================
+diff -ru openssl-1.0.1e/crypto/md5/Makefile openssl-1.0.1e/crypto/md5/Makefile
+--- openssl-1.0.1e/crypto/md5/Makefile	2011-05-24 17:02:24.000000000 -0700
++++ openssl-1.0.1e/crypto/md5/Makefile	2011-07-27 10:48:17.817470000 -0700
[email protected]@ -52,6 +52,9 @@
+ 	$(CC) $(CFLAGS) -E asm/md5-ia64.S | \
+ 	$(PERL) -ne 's/;\s+/;\n/g; print;' > [email protected]
+ 
++md5-sparcv9.S:	asm/md5-sparcv9.pl
++	$(PERL) asm/md5-sparcv9.pl [email protected] $(CFLAGS)
++
+ files:
+ 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+ 
+Index: crypto/md5/md5_locl.h
+===================================================================
+diff -ru openssl-1.0.1e/crypto/md5/md5_locl.h openssl-1.0.1e/crypto/md5/md5_locl.h
+--- openssl-1.0.1e/crypto/md5/md5_locl.h    2011-05-24 17:02:24.000000000 -0700
++++ openssl-1.0.1e/crypto/md5/md5_locl.h    2011-07-27 10:48:17.817470000 -0700
[email protected]@ -71,6 +71,8 @@
+ #  define md5_block_data_order md5_block_asm_data_order
+ # elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
+ #  define md5_block_data_order md5_block_asm_data_order
++# elif defined(__sparc) || defined(__sparc__)
++#  define md5_block_data_order md5_block_asm_data_order
+ # endif
+ #endif
+
+Index: crypto/sha/Makefile
+===================================================================
+diff -ru openssl-1.0.1e/crypto/sha/Makefile openssl-1.0.1e/crypto/sha/Makefile
+--- openssl-1.0.1e/crypto/sha/Makefile    2011-05-24 17:02:24.000000000 -0700
++++ openssl-1.0.1e/crypto/sha/Makefile    2011-07-27 10:48:17.817470000 -0700
[email protected]@ -68,9 +68,9 @@
+ sha1-x86_64.s:	asm/sha1-x86_64.pl;	$(PERL) asm/sha1-x86_64.pl $(PERLASM_SCHEME) > [email protected]
+ sha256-x86_64.s:asm/sha512-x86_64.pl;	$(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) [email protected]
+ sha512-x86_64.s:asm/sha512-x86_64.pl;	$(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) [email protected]
+-sha1-sparcv9.s:	asm/sha1-sparcv9.pl;	$(PERL) asm/sha1-sparcv9.pl [email protected] $(CFLAGS)
+-sha256-sparcv9.s:asm/sha512-sparcv9.pl;	$(PERL) asm/sha512-sparcv9.pl [email protected] $(CFLAGS)
+-sha512-sparcv9.s:asm/sha512-sparcv9.pl;	$(PERL) asm/sha512-sparcv9.pl [email protected] $(CFLAGS)
++sha1-sparcv9.S:	asm/sha1-sparcv9.pl;	$(PERL) asm/sha1-sparcv9.pl [email protected] $(CFLAGS)
++sha256-sparcv9.S:asm/sha512-sparcv9.pl;	$(PERL) asm/sha512-sparcv9.pl [email protected] $(CFLAGS)
++sha512-sparcv9.S:asm/sha512-sparcv9.pl;	$(PERL) asm/sha512-sparcv9.pl [email protected] $(CFLAGS)
+ 
+ sha1-ppc.s:	asm/sha1-ppc.pl;	$(PERL) asm/sha1-ppc.pl $(PERLASM_SCHEME) [email protected]
+ sha256-ppc.s:	asm/sha512-ppc.pl;	$(PERL) asm/sha512-ppc.pl $(PERLASM_SCHEME) [email protected]
+Index: crypto/sha/asm/sha1-sparcv9.pl
+===================================================================
+diff -ru openssl-1.0.1e/crypto/sha/asm/sha1-sparcv9.pl openssl-1.0.1e/crypto/sha/asm/sha1-sparcv9.pl
+--- openssl-1.0.1e/crypto/sha/asm/sha1-sparcv9.pl 2011-05-24 17:02:24.000000000 -0700
++++ openssl-1.0.1e/crypto/sha/asm/sha1-sparcv9.pl 2011-07-27 10:48:17.817470000 -0700
[email protected]@ -5,6 +5,8 @@
+ # project. The module is, however, dual licensed under OpenSSL and
+ # CRYPTOGAMS licenses depending on where you obtain it. For further
+ # details see http://www.openssl.org/~appro/cryptogams/.
++#
++# Hardware SPARC T4 support by David S. Miller <[email protected]>.
+ # ====================================================================
+ 
+ # Performance improvement is not really impressive on pre-T1 CPU: +8%
[email protected]@ -18,6 +20,11 @@
+ # ensure scalability on UltraSPARC T1, or rather to avoid decay when
+ # amount of active threads exceeds the number of physical cores.
+ 
++# SPARC T4 SHA1 hardware achieves 3.72 cycles per byte, which is 3.1x
++# faster than software. Multi-process benchmark saturates at 11x
++# single-process result on 8-core processor, or ~9GBps per 2.85GHz
++# socket.
++
+ $bits=32;
+ for (@ARGV)	{ $bits=64 if (/\-m64/ || /\-xarch\=v9/); }
+ if ($bits==64)	{ $bias=2047; $frame=192; }
[email protected]@ -183,11 +190,93 @@
+ .register	%g3,#scratch
+ ___
+ $code.=<<___;
++#include "sparc_arch.h"
++
+ .section	".text",#alloc,#execinstr
+ 
++#ifdef __PIC__
++SPARC_PIC_THUNK(%g1)
++#endif
++
+ .align	32
+ .globl	sha1_block_data_order
+ sha1_block_data_order:
++    SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5)
++    ld    [%g1+4],%g1        ! OPENSSL_sparcv9cap_P[1]
++
++    andcc    %g1, CFR_SHA1, %g0
++    be    .Lsoftware
++    nop
++
++    ld    [%o0 + 0x00], %f0    ! load context
++    ld    [%o0 + 0x04], %f1
++    ld    [%o0 + 0x08], %f2
++    andcc    %o1, 0x7, %g0
++    ld    [%o0 + 0x0c], %f3
++    bne,pn    %icc, .Lhwunaligned
++     ld    [%o0 + 0x10], %f4
++
++.Lhw_loop:
++    ldd    [%o1 + 0x00], %f8
++    ldd    [%o1 + 0x08], %f10
++    ldd    [%o1 + 0x10], %f12
++    ldd    [%o1 + 0x18], %f14
++    ldd    [%o1 + 0x20], %f16
++    ldd    [%o1 + 0x28], %f18
++    ldd    [%o1 + 0x30], %f20
++    subcc    %o2, 1, %o2        ! done yet? 
++    ldd    [%o1 + 0x38], %f22
++    add    %o1, 0x40, %o1
++
++    .word    0x81b02820        ! SHA1
++
++    bne,pt    `$bits==64?"%xcc":"%icc"`, .Lhw_loop
++    nop
++
++.Lhwfinish:
++    st    %f0, [%o0 + 0x00]    ! store context
++    st    %f1, [%o0 + 0x04]
++    st    %f2, [%o0 + 0x08]
++    st    %f3, [%o0 + 0x0c]
++    retl
++    st    %f4, [%o0 + 0x10]
++
++.align    8
++.Lhwunaligned:
++    alignaddr %o1, %g0, %o1
++
++    ldd    [%o1 + 0x00], %f10
++.Lhwunaligned_loop:
++    ldd    [%o1 + 0x08], %f12
++    ldd    [%o1 + 0x10], %f14
++    ldd    [%o1 + 0x18], %f16
++    ldd    [%o1 + 0x20], %f18
++    ldd    [%o1 + 0x28], %f20
++    ldd    [%o1 + 0x30], %f22
++    ldd    [%o1 + 0x38], %f24
++    subcc    %o2, 1, %o2        ! done yet?
++    ldd    [%o1 + 0x40], %f26
++    add    %o1, 0x40, %o1
++
++    faligndata %f10, %f12, %f8
++    faligndata %f12, %f14, %f10
++    faligndata %f14, %f16, %f12
++    faligndata %f16, %f18, %f14
++    faligndata %f18, %f20, %f16
++    faligndata %f20, %f22, %f18
++    faligndata %f22, %f24, %f20
++    faligndata %f24, %f26, %f22
++
++    .word    0x81b02820        ! SHA1
++
++    bne,pt    `$bits==64?"%xcc":"%icc"`, .Lhwunaligned_loop
++    for    %f26, %f26, %f10    ! %f10=%f26
++
++    ba    .Lhwfinish
++    nop
++
++.align    16
++.Lsoftware:
+ 	save	%sp,-$frame,%sp
+ 	sllx	$len,6,$len
+ 	add	$inp,$len,$len
[email protected]@ -279,6 +368,62 @@
+ .align	4
+ ___
+ 
+-$code =~ s/\`([^\`]*)\`/eval $1/gem;
+-print $code;
++# Purpose of these subroutines is to explicitly encode VIS instructions,
++# so that one can compile the module without having to specify VIS
++# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
++# Idea is to reserve for option to produce "universal" binary and let
++# programmer detect if current CPU is VIS capable at run-time.
++sub unvis {
++my ($mnemonic,$rs1,$rs2,$rd)[email protected]_;
++my $ref,$opf;
++my %visopf = (    "faligndata"    => 0x048,
++        "for"        => 0x07c    );
++
++    $ref = "$mnemonic\t$rs1,$rs2,$rd";
++
++    if ($opf=$visopf{$mnemonic}) {
++    foreach ($rs1,$rs2,$rd) {
++        return $ref if (!/%f([0-9]{1,2})/);
++        $_=$1;
++        if ($1>=32) {
++        return $ref if ($1&1);
++        # re-encode for upper double register addressing
++        $_=($1|$1>>5)&31;
++        }
++    }
++
++    return    sprintf ".word\t0x%08x !%s",
++            0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
++            $ref;
++    } else {
++    return $ref;
++    }
++}
++sub unalignaddr {
++my ($mnemonic,$rs1,$rs2,$rd)[email protected]_;
++my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
++my $ref="$mnemonic\t$rs1,$rs2,$rd";
++
++    foreach ($rs1,$rs2,$rd) {
++    if (/%([goli])([0-7])/)    { $_=$bias{$1}+$2; }
++    else            { return $ref; }
++    }
++    return  sprintf ".word\t0x%08x !%s",
++            0x81b00300|$rd<<25|$rs1<<14|$rs2,
++            $ref;
++}
++
++foreach (split("\n",$code)) {
++    s/\`([^\`]*)\`/eval $1/ge;
++
++    s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
++        &unvis($1,$2,$3,$4)
++     /ge;
++    s/\b(alignaddr)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/
++        &unalignaddr($1,$2,$3,$4)
++     /ge;
++
++    print $_,"\n";
++}
++
+ close STDOUT;
+
+Index: crypto/sha/asm/sha512-sparcv9.pl
+===================================================================
+diff -ru openssl-1.0.1e/crypto/sha/asm/sha512-sparcv9.pl openssl-1.0.1e/crypto/sha/asm/sha512-sparcv9.pl
+--- openssl-1.0.1e/crypto/sha/asm/sha512-sparcv9.pl 2011-05-24 17:02:24.000000000 -0700
++++ openssl-1.0.1e/crypto/sha/asm/sha512-sparcv9.pl 2011-07-27 10:48:17.817470000 -0700
[email protected]@ -5,6 +5,8 @@
+ # project. The module is, however, dual licensed under OpenSSL and
+ # CRYPTOGAMS licenses depending on where you obtain it. For further
+ # details see http://www.openssl.org/~appro/cryptogams/.
++#
++# Hardware SPARC T4 support by David S. Miller <[email protected]>.
+ # ====================================================================
+ 
+ # SHA256 performance improvement over compiler generated code varies
[email protected]@ -41,6 +43,12 @@
+ #	loads are always slower than one 64-bit load. Once again this
+ #	is unlike pre-T1 UltraSPARC, where, if scheduled appropriately,
+ #	2x32-bit loads can be as fast as 1x64-bit ones.
++#
++# SPARC T4 SHA256/512 hardware achieves 3.17/2.01 cycles per byte,
++# which is 9.3x/11.1x faster than software. Multi-process benchmark
++# saturates at 11.5x single-process result on 8-core processor, or
++# ~11/16GBps per 2.85GHz socket.
++
+ 
+ $bits=32;
+ for (@ARGV)	{ $bits=64 if (/\-m64/ || /\-xarch\=v9/); }
[email protected]@ -386,6 +394,8 @@
+ .register	%g3,#scratch
+ ___
+ $code.=<<___;
++#include "sparc_arch.h"
++
+ .section	".text",#alloc,#execinstr
+ 
+ .align	64
[email protected]@ -457,8 +467,196 @@
+ }
+ $code.=<<___;
+ .size	K${label},.-K${label}
++
++#ifdef __PIC__
++SPARC_PIC_THUNK(%g1)
++#endif
++
+ .globl	sha${label}_block_data_order
++.align	32
+ sha${label}_block_data_order:
++    SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5)
++    ld    [%g1+4],%g1        ! OPENSSL_sparcv9cap_P[1]
++
++    andcc    %g1, CFR_SHA${label}, %g0
++    be    .Lsoftware
++    nop
++___
++$code.=<<___ if ($SZ==8);         # SHA512
++    ldd    [%o0 + 0x00], %f0    ! load context
++    ldd    [%o0 + 0x08], %f2
++    ldd    [%o0 + 0x10], %f4
++    ldd    [%o0 + 0x18], %f6
++    ldd    [%o0 + 0x20], %f8
++    ldd    [%o0 + 0x28], %f10
++    andcc    %o1, 0x7, %g0
++    ldd    [%o0 + 0x30], %f12
++    bne,pn    %icc, .Lhwunaligned
++     ldd    [%o0 + 0x38], %f14
++
++.Lhwaligned_loop:
++    ldd    [%o1 + 0x00], %f16
++    ldd    [%o1 + 0x08], %f18
++    ldd    [%o1 + 0x10], %f20
++    ldd    [%o1 + 0x18], %f22
++    ldd    [%o1 + 0x20], %f24
++    ldd    [%o1 + 0x28], %f26
++    ldd    [%o1 + 0x30], %f28
++    ldd    [%o1 + 0x38], %f30
++    ldd    [%o1 + 0x40], %f32
++    ldd    [%o1 + 0x48], %f34
++    ldd    [%o1 + 0x50], %f36
++    ldd    [%o1 + 0x58], %f38
++    ldd    [%o1 + 0x60], %f40
++    ldd    [%o1 + 0x68], %f42
++    ldd    [%o1 + 0x70], %f44
++    subcc    %o2, 1, %o2        ! done yet?
++    ldd    [%o1 + 0x78], %f46
++    add    %o1, 0x80, %o1
++
++    .word    0x81b02860        ! SHA512
++
++    bne,pt    `$bits==64?"%xcc":"%icc"`, .Lhwaligned_loop
++    nop
++
++.Lhwfinish:
++    std    %f0, [%o0 + 0x00]    ! store context
++    std    %f2, [%o0 + 0x08]
++    std    %f4, [%o0 + 0x10]
++    std    %f6, [%o0 + 0x18]
++    std    %f8, [%o0 + 0x20]
++    std    %f10, [%o0 + 0x28]
++    std    %f12, [%o0 + 0x30]
++    retl
++     std    %f14, [%o0 + 0x38]
++
++.align    16
++.Lhwunaligned:
++    alignaddr %o1, %g0, %o1
++
++    ldd    [%o1 + 0x00], %f18
++.Lhwunaligned_loop:
++    ldd    [%o1 + 0x08], %f20
++    ldd    [%o1 + 0x10], %f22
++    ldd    [%o1 + 0x18], %f24
++    ldd    [%o1 + 0x20], %f26
++    ldd    [%o1 + 0x28], %f28
++    ldd    [%o1 + 0x30], %f30
++    ldd    [%o1 + 0x38], %f32
++    ldd    [%o1 + 0x40], %f34
++    ldd    [%o1 + 0x48], %f36
++    ldd    [%o1 + 0x50], %f38
++    ldd    [%o1 + 0x58], %f40
++    ldd    [%o1 + 0x60], %f42
++    ldd    [%o1 + 0x68], %f44
++    ldd    [%o1 + 0x70], %f46
++    ldd    [%o1 + 0x78], %f48
++    subcc    %o2, 1, %o2        ! done yet?
++    ldd    [%o1 + 0x80], %f50
++    add    %o1, 0x80, %o1
++
++    faligndata %f18, %f20, %f16
++    faligndata %f20, %f22, %f18
++    faligndata %f22, %f24, %f20
++    faligndata %f24, %f26, %f22
++    faligndata %f26, %f28, %f24
++    faligndata %f28, %f30, %f26
++    faligndata %f30, %f32, %f28
++    faligndata %f32, %f34, %f30
++    faligndata %f34, %f36, %f32
++    faligndata %f36, %f38, %f34
++    faligndata %f38, %f40, %f36
++    faligndata %f40, %f42, %f38
++    faligndata %f42, %f44, %f40
++    faligndata %f44, %f46, %f42
++    faligndata %f46, %f48, %f44
++    faligndata %f48, %f50, %f46
++
++    .word    0x81b02860        ! SHA512
++
++    bne,pt    `$bits==64?"%xcc":"%icc"`, .Lhwunaligned_loop
++    for    %f50, %f50, %f18    ! %f18=%f50
++
++    ba    .Lhwfinish
++    nop
++___
++$code.=<<___ if ($SZ==4);         # SHA256
++    ld    [%o0 + 0x00], %f0
++    ld    [%o0 + 0x04], %f1
++    ld    [%o0 + 0x08], %f2
++    ld    [%o0 + 0x0c], %f3
++    ld    [%o0 + 0x10], %f4
++    ld    [%o0 + 0x14], %f5
++    andcc    %o1, 0x7, %g0
++    ld    [%o0 + 0x18], %f6
++    bne,pn    %icc, .Lhwunaligned
++     ld    [%o0 + 0x1c], %f7
++
++.Lhwloop:
++    ldd    [%o1 + 0x00], %f8
++    ldd    [%o1 + 0x08], %f10
++    ldd    [%o1 + 0x10], %f12
++    ldd    [%o1 + 0x18], %f14
++    ldd    [%o1 + 0x20], %f16
++    ldd    [%o1 + 0x28], %f18
++    ldd    [%o1 + 0x30], %f20
++    subcc    %o2, 1, %o2        ! done yet?
++    ldd    [%o1 + 0x38], %f22
++    add    %o1, 0x40, %o1
++
++    .word    0x81b02840        ! SHA256
++
++    bne,pt    `$bits==64?"%xcc":"%icc"`, .Lhwloop
++    nop
++
++.Lhwfinish:
++    st    %f0, [%o0 + 0x00]    ! store context
++    st    %f1, [%o0 + 0x04]
++    st    %f2, [%o0 + 0x08]
++    st    %f3, [%o0 + 0x0c]
++    st    %f4, [%o0 + 0x10]
++    st    %f5, [%o0 + 0x14]
++    st    %f6, [%o0 + 0x18]
++    retl
++     st    %f7, [%o0 + 0x1c]
++
++.align    8
++.Lhwunaligned:
++    alignaddr %o1, %g0, %o1
++
++    ldd    [%o1 + 0x00], %f10
++.Lhwunaligned_loop:
++    ldd    [%o1 + 0x08], %f12
++    ldd    [%o1 + 0x10], %f14
++    ldd    [%o1 + 0x18], %f16
++    ldd    [%o1 + 0x20], %f18
++    ldd    [%o1 + 0x28], %f20
++    ldd    [%o1 + 0x30], %f22
++    ldd    [%o1 + 0x38], %f24
++    subcc    %o2, 1, %o2        ! done yet?
++    ldd    [%o1 + 0x40], %f26
++    add    %o1, 0x40, %o1
++
++    faligndata %f10, %f12, %f8
++    faligndata %f12, %f14, %f10
++    faligndata %f14, %f16, %f12
++    faligndata %f16, %f18, %f14
++    faligndata %f18, %f20, %f16
++    faligndata %f20, %f22, %f18
++    faligndata %f22, %f24, %f20
++    faligndata %f24, %f26, %f22
++
++    .word    0x81b02840        ! SHA256
++
++    bne,pt    `$bits==64?"%xcc":"%icc"`, .Lhwunaligned_loop
++    for    %f26, %f26, %f10    ! %f10=%f26
++
++    ba    .Lhwfinish
++    nop
++___
++$code.=<<___;
++.align    16
++.Lsoftware:
+ 	save	%sp,`-$frame-$locals`,%sp
+ 	and	$inp,`$align-1`,$tmp31
+ 	sllx	$len,`log(16*$SZ)/log(2)`,$len
[email protected]@ -589,6 +787,62 @@
+ .align	4
+ ___
+ 
+-$code =~ s/\`([^\`]*)\`/eval $1/gem;
+-print $code;
++# Purpose of these subroutines is to explicitly encode VIS instructions,
++# so that one can compile the module without having to specify VIS
++# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
++# Idea is to reserve for option to produce "universal" binary and let
++# programmer detect if current CPU is VIS capable at run-time.
++sub unvis {
++my ($mnemonic,$rs1,$rs2,$rd)[email protected]_;
++my $ref,$opf;
++my %visopf = (    "faligndata"    => 0x048,
++        "for"        => 0x07c    );
++
++    $ref = "$mnemonic\t$rs1,$rs2,$rd";
++
++    if ($opf=$visopf{$mnemonic}) {
++    foreach ($rs1,$rs2,$rd) {
++        return $ref if (!/%f([0-9]{1,2})/);
++        $_=$1;
++        if ($1>=32) {
++        return $ref if ($1&1);
++        # re-encode for upper double register addressing
++        $_=($1|$1>>5)&31;
++        }
++    }
++
++    return    sprintf ".word\t0x%08x !%s",
++            0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
++            $ref;
++    } else {
++    return $ref;
++    }
++}
++sub unalignaddr {
++my ($mnemonic,$rs1,$rs2,$rd)[email protected]_;
++my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
++my $ref="$mnemonic\t$rs1,$rs2,$rd";
++
++    foreach ($rs1,$rs2,$rd) {
++    if (/%([goli])([0-7])/)    { $_=$bias{$1}+$2; }
++    else            { return $ref; }
++    }
++    return  sprintf ".word\t0x%08x !%s",
++            0x81b00300|$rd<<25|$rs1<<14|$rs2,
++            $ref;
++}
++
++foreach (split("\n",$code)) {
++    s/\`([^\`]*)\`/eval $1/ge;
++
++    s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
++        &unvis($1,$2,$3,$4)
++     /ge;
++    s/\b(alignaddr)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/
++        &unalignaddr($1,$2,$3,$4)
++     /ge;
++
++    print $_,"\n";
++}
++
+ close STDOUT;
+Index: crypto/des/Makefile
+===================================================================
+diff -ru openssl-1.0.1e/crypto/des/Makefile.orig openssl-1.0.1e/crypto/des/Makefile
+--- a/crypto/des/Makefile
++++ b/crypto/des/Makefile
[email protected]@ -61,6 +61,8 @@ des: des.o cbc3_enc.o lib
+ 
+ des_enc-sparc.S:	asm/des_enc.m4
+ 	m4 -B 8192 asm/des_enc.m4 > des_enc-sparc.S
++dest4-sparcv9.s:	asm/dest4-sparcv9.pl
++	$(PERL) asm/dest4-sparcv9.pl $(CFLAGS) > [email protected]
+ 
+ des-586.s:	asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+ 	$(PERL) asm/des-586.pl $(PERLASM_SCHEME) $(CFLAGS) > [email protected]
+Index: crypto/evp/e_des.c
+===================================================================
+diff -ru openssl-1.0.1e/crypto/evp/e_des.c.orig openssl-1.0.1e/crypto/evp/e_des.c
+--- a/crypto/evp/e_des.c
++++ b/crypto/evp/e_des.c
[email protected]@ -65,6 +65,30 @@
+ # include <openssl/des.h>
+ # include <openssl/rand.h>
+ 
++typedef struct {
++    union { double align; DES_key_schedule ks; } ks;
++    union {
++        void (*cbc)(const void *,void *,size_t,const void *,void *);
++    } stream;
++} EVP_DES_KEY;
++
++#if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
++/* ---------^^^ this is not a typo, just a way to detect that
++ * assembler support was in general requested...
++ */
++#include "sparc_arch.h"
++
++extern unsigned int OPENSSL_sparcv9cap_P[];
++
++#define SPARC_DES_CAPABLE    (OPENSSL_sparcv9cap_P[1] & CFR_DES)
++
++void    des_t4_key_expand(const void *key, DES_key_schedule *ks);
++void    des_t4_cbc_encrypt(const void *inp,void *out,size_t len,
++                DES_key_schedule *ks,unsigned char iv[8]);
++void    des_t4_cbc_decrypt(const void *inp,void *out,size_t len,
++                DES_key_schedule *ks,unsigned char iv[8]);
++#endif
++
+ static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc);
+ static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
[email protected]@ -102,6 +126,12 @@ static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl)
+ {
++    EVP_DES_KEY *dat = (EVP_DES_KEY *)ctx->cipher_data;
++
++    if (dat->stream.cbc) {
++        (*dat->stream.cbc)(in,out,inl,&dat->ks.ks,ctx->iv);
++        return 1;
++    }
+     while (inl >= EVP_MAXCHUNK) {
+         DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
+                          (DES_cblock *)ctx->iv, ctx->encrypt);
[email protected]@ -179,16 +209,16 @@
+     return 1;
+ }
+ 
+-BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
++BLOCK_CIPHER_defs(des, EVP_DES_KEY, NID_des, 8, 8, 8, 64,
+                   EVP_CIPH_RAND_KEY, des_init_key, NULL,
+                   EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
+ 
+ 
+-BLOCK_CIPHER_def_cfb(des, DES_key_schedule, NID_des, 8, 8, 1,
++BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1,
+                  EVP_CIPH_RAND_KEY, des_init_key, NULL,
+                  EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
+ 
+-BLOCK_CIPHER_def_cfb(des, DES_key_schedule, NID_des, 8, 8, 8,
++BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8,
+                      EVP_CIPH_RAND_KEY, des_init_key, NULL,
+                      EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
+ 
[email protected]@ -196,8 +226,23 @@ static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc)
+ {
+     DES_cblock *deskey = (DES_cblock *)key;
++    EVP_DES_KEY *dat = (EVP_DES_KEY *)ctx->cipher_data;
++
++    dat->stream.cbc = NULL;
++#if defined(SPARC_DES_CAPABLE)
++    if (SPARC_DES_CAPABLE) {
++        int mode = ctx->cipher->flags & EVP_CIPH_MODE;
++
++        if (mode == EVP_CIPH_CBC_MODE) {
++            des_t4_key_expand(key,&dat->ks.ks);
++            dat->stream.cbc = enc ? des_t4_cbc_encrypt :
++                        des_t4_cbc_decrypt;
++            return 1;
++        }
++    }
++#endif
+ # ifdef EVP_CHECK_DES_KEY
+-    if (DES_set_key_checked(deskey, ctx->cipher_data) != 0)
++    if (DES_set_key_checked(deskey, dat->ks.ks) != 0)
+         return 0;
+ # else
+     DES_set_key_unchecked(deskey, ctx->cipher_data);
+Index: crypto/evp/e_des3.c
+===================================================================
+diff -ru openssl-1.0.1e/crypto/evp/e_des3.c.orig openssl-1.0.1e/crypto/evp/e_des3.c
+--- a/crypto/evp/e_des3.c
++++ b/crypto/evp/e_des3.c
[email protected]@ -65,6 +65,32 @@
+ # include <openssl/des.h>
+ # include <openssl/rand.h>
+ 
++typedef struct {
++    union { double align; DES_key_schedule ks[3]; } ks;
++    union {
++        void (*cbc)(const void *,void *,size_t,const void *,void *);
++    } stream;
++} DES_EDE_KEY;
++#define ks1 ks.ks[0]
++#define ks2 ks.ks[1]
++#define ks3 ks.ks[2]
++
++#if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
++/* ---------^^^ this is not a typo, just a way to detect that
++ * assembler support was in general requested... */
++#include "sparc_arch.h"
++
++extern unsigned int OPENSSL_sparcv9cap_P[];
++
++#define SPARC_DES_CAPABLE    (OPENSSL_sparcv9cap_P[1] & CFR_DES)
++
++void    des_t4_key_expand(const void *key, DES_key_schedule *ks);
++void    des_t4_ede3_cbc_encrypt(const void *inp,void *out,size_t len,
++                DES_key_schedule *ks,unsigned char iv[8]);
++void    des_t4_ede3_cbc_decrypt(const void *inp,void *out,size_t len,
++                DES_key_schedule *ks,unsigned char iv[8]);
++#endif
++
+ # ifndef OPENSSL_FIPS
+ 
+ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
[email protected]@ -75,12 +100,6 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+
+ static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
+
+-typedef struct {
+-    DES_key_schedule ks1;       /* key schedule */
+-    DES_key_schedule ks2;       /* key schedule (for ede) */
+-    DES_key_schedule ks3;       /* key schedule (for ede3) */
+-} DES_EDE_KEY;
+-
+ #  define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data)
+
+ /*
[email protected]@ -123,6 +117,7 @@ static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t inl)
+ {
++    DES_EDE_KEY *dat = data(ctx);
+ #  ifdef KSSL_DEBUG
+     {
+         int i;
[email protected]@ -134,11 +155,15 @@
+         fprintf(stderr, "\n");
+     }
+ #  endif                        /* KSSL_DEBUG */
++    if (dat->stream.cbc) {
++        (*dat->stream.cbc)(in,out,inl,&dat->ks,ctx->iv);
++        return 1;
++    }
++
+     while (inl >= EVP_MAXCHUNK) {
+         DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
+-                             &data(ctx)->ks1, &data(ctx)->ks2,
+-                             &data(ctx)->ks3, (DES_cblock *)ctx->iv,
+-                             ctx->encrypt);
++                             &dat->ks1, &dat->ks2, &dat->ks3,
++                             (DES_cblock *)ctx->iv, ctx->encrypt);
+         inl -= EVP_MAXCHUNK;
+         in += EVP_MAXCHUNK;
+         out += EVP_MAXCHUNK;
[email protected]@ -145,9 +170,8 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+     }
+     if (inl)
+         DES_ede3_cbc_encrypt(in, out, (long)inl,
+-                             &data(ctx)->ks1, &data(ctx)->ks2,
+-                             &data(ctx)->ks3, (DES_cblock *)ctx->iv,
+-                             ctx->encrypt);
++                             &dat->ks1, &dat->ks2, &dat->ks3,
++                             (DES_cblock *)ctx->iv, ctx->encrypt);
+     return 1;
+ }
+
[email protected]@ -215,39 +239,58 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ }
+
+ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
+-                  EVP_CIPH_RAND_KEY, des_ede_init_key, NULL,
+-                  EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des3_ctrl)
++                  EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_DEFAULT_ASN1,
++                  des_ede_init_key, NULL, NULL, NULL,
++                 des3_ctrl)
+ #  define des_ede3_cfb64_cipher des_ede_cfb64_cipher
+ #  define des_ede3_ofb_cipher des_ede_ofb_cipher
+ #  define des_ede3_cbc_cipher des_ede_cbc_cipher
+ #  define des_ede3_ecb_cipher des_ede_ecb_cipher
+     BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
+-                  EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL,
+-                  EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des3_ctrl)
++        EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
++        des_ede3_init_key, NULL, NULL, NULL,
++        des3_ctrl)
+
+     BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
+-                     EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL,
+-                     EVP_CIPHER_set_asn1_iv,
+-                     EVP_CIPHER_get_asn1_iv, des3_ctrl)
++        EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
++        des_ede3_init_key, NULL, NULL, NULL,
++        des3_ctrl)
+
+     BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
+-                     EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL,
+-                     EVP_CIPHER_set_asn1_iv,
+-                     EVP_CIPHER_get_asn1_iv, des3_ctrl)
++        EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
++        des_ede3_init_key, NULL, NULL, NULL,
++        des3_ctrl)
+
+ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+ {
+     DES_cblock *deskey = (DES_cblock *)key;
++    DES_EDE_KEY *dat = data(ctx);
++
++    dat->stream.cbc = NULL;
++#if defined(SPARC_DES_CAPABLE)
++    if (SPARC_DES_CAPABLE) {
++        int mode = ctx->cipher->flags & EVP_CIPH_MODE;
++
++        if (mode == EVP_CIPH_CBC_MODE) {
++            des_t4_key_expand(&deskey[0],&dat->ks1);
++            des_t4_key_expand(&deskey[1],&dat->ks2);
++            memcpy(&dat->ks3,&dat->ks1,sizeof(dat->ks1));
++            dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt :
++                        des_t4_ede3_cbc_decrypt;
++            return 1;
++        }
++    }
++#endif
+ #  ifdef EVP_CHECK_DES_KEY
+-    if (DES_set_key_checked(&deskey[0], &data(ctx)->ks1)
+-        ! !DES_set_key_checked(&deskey[1], &data(ctx)->ks2))
++    if (DES_set_key_checked(&deskey[0],&dat->ks1)
++        !! DES_set_key_checked(&deskey[1],&dat->ks2))
+         return 0;
+ #  else
+-    DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1);
+-    DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2);
++    DES_set_key_unchecked(&deskey[0],&dat->ks1);
++    DES_set_key_unchecked(&deskey[1],&dat->ks2);
+ #  endif
+-    memcpy(&data(ctx)->ks3, &data(ctx)->ks1, sizeof(data(ctx)->ks1));
++    memcpy(&dat->ks3,&dat->ks1, sizeof(dat->ks1));
+     return 1;
+ }
+
[email protected]@ -255,6 +298,8 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                              const unsigned char *iv, int enc)
+ {
+     DES_cblock *deskey = (DES_cblock *)key;
++    DES_EDE_KEY *dat = data(ctx);
++
+ #  ifdef KSSL_DEBUG
+     {
+         int i;
[email protected]@ -272,15 +317,30 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+     }
+ #  endif                        /* KSSL_DEBUG */
+
++    dat->stream.cbc = NULL;
++#if defined(SPARC_DES_CAPABLE)
++    if (SPARC_DES_CAPABLE) {
++        int mode = ctx->cipher->flags & EVP_CIPH_MODE;
++
++        if (mode == EVP_CIPH_CBC_MODE) {
++            des_t4_key_expand(&deskey[0],&dat->ks1);
++            des_t4_key_expand(&deskey[1],&dat->ks2);
++            des_t4_key_expand(&deskey[2],&dat->ks3);
++            dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt :
++                        des_t4_ede3_cbc_decrypt;
++            return 1;
++        }
++    }
++#endif
+ #  ifdef EVP_CHECK_DES_KEY
+-    if (DES_set_key_checked(&deskey[0], &data(ctx)->ks1)
+-        || DES_set_key_checked(&deskey[1], &data(ctx)->ks2)
+-        || DES_set_key_checked(&deskey[2], &data(ctx)->ks3))
++    if (DES_set_key_checked(&deskey[0],&dat->ks1)
++        || DES_set_key_checked(&deskey[1],&dat->ks2)
++        || DES_set_key_checked(&deskey[2],&dat->ks3))
+         return 0;
+ #  else
+-    DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1);
+-    DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2);
+-    DES_set_key_unchecked(&deskey[2], &data(ctx)->ks3);
++    DES_set_key_unchecked(&deskey[0],&dat->ks1);
++    DES_set_key_unchecked(&deskey[1],&dat->ks2);
++    DES_set_key_unchecked(&deskey[2],&dat->ks3);
+ #  endif
+     return 1;
+ }
+Index: openssl/crypto/bn/Makefile
+===================================================================
+diff -ru openssl-1.0.1e/crypto/bn/Makefile openssl-1.0.1e/crypto/bn/Makefile.new
+--- openssl-1.0.1e/crypto/bn/Makefile 2011-05-24 17:02:24.000000000 -0700
++++ openssl-1.0.1e/crypto/bn/Makefile 2011-07-27 10:48:17.817470000 -0700
[email protected]@ -77,6 +77,12 @@
+ 	$(PERL) asm/sparcv9a-mont.pl $(CFLAGS) > [email protected]
+ sparcv9-mont.s:		asm/sparcv9-mont.pl
+ 	$(PERL) asm/sparcv9-mont.pl $(CFLAGS) > [email protected]
++vis3-mont.s:		asm/vis3-mont.pl
++	$(PERL) asm/vis3-mont.pl $(CFLAGS) > [email protected]
++sparct4-mont.S:	asm/sparct4-mont.pl
++	$(PERL) asm/sparct4-mont.pl $(CFLAGS) > [email protected]
++sparcv9-gf2m.S:	asm/sparcv9-gf2m.pl
++	$(PERL) asm/sparcv9-gf2m.pl $(CFLAGS) > [email protected]
+ 
+ bn-mips3.o:	asm/mips3.s
+ 	@if [ "$(CC)" = "gcc" ]; then \
+Index: openssl/crypto/bn/bn_exp.c
+===================================================================
+diff -ru openssl-1.0.1e/crypto/bn/bn_exp.c openssl-1.0.1e/crypto/bn/bn_exp.c.new
+--- bn_exp.c    2011/10/29 19:25:13    1.38
++++ bn_exp.c    2012/11/17 10:34:11    1.39
[email protected]@ -122,8 +122,15 @@
+ # ifndef alloca
+ #  define alloca(s) __builtin_alloca((s))
+ # endif
++#else
++#include <alloca.h>
+ #endif
+ 
++#if defined(OPENSSL_BN_ASM_MONT) && defined(__sparc)
++# include "sparc_arch.h"
++extern unsigned int OPENSSL_sparcv9cap_P[];
++#endif
++
+ /* maximum precomputation table size for *variable* sliding windows */
+ #define TABLE_SIZE      32
+ 
[email protected]@ -464,8 +471,16 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+     wstart = bits - 1;          /* The top bit of the window */
+     wend = 0;                   /* The bottom bit of the window */
+ 
++#if 1    /* by Shay Gueron's suggestion */
++    j = mont->N.top;    /* borrow j */
++    if (bn_wexpand(r,j) == NULL) goto err;
++    r->d[0] = (0-m->d[0])&BN_MASK2;        /* 2^(top*BN_BITS2) - m */
++    for(i=1;i<j;i++) r->d[i] = (~m->d[i])&BN_MASK2;
++    r->top = j;
++#else
+     if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
+         goto err;
++#endif
+     for (;;) {
+         if (BN_is_bit_set(p, wstart) == 0) {
+             if (!start) {
[email protected]@ -515,6 +530,17 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+         if (wstart < 0)
+             break;
+     }
++#if defined(OPENSSL_BN_ASM_MONT) && (defined(__sparc__) || defined(__sparc))
++    if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3|SPARCV9_PREFER_FPU)) {
++        j = mont->N.top;    /* borrow j */
++        val[0]->d[0] = 1;    /* borrow val[0] */
++        for (i=1;i<j;i++)
++            val[0]->d[i] = 0;
++        val[0]->top = j;
++        if (!BN_mod_mul_montgomery(rr, r, val[0], mont, ctx))
++            goto err;
++    } else
++#endif
+     if (!BN_from_montgomery(rr, r, mont, ctx))
+         goto err;
+     ret = 1;
[email protected]@ -526,6 +552,26 @@ err:
+     return (ret);
+ }
+
++#if defined(OPENSSL_BN_ASM_MONT) && (defined(__sparc__) || defined(__sparc))
++static BN_ULONG bn_get_bits(const BIGNUM *a, int bitpos) {
++    BN_ULONG ret = 0;
++    int wordpos;
++
++    wordpos = bitpos / BN_BITS2;
++    bitpos %= BN_BITS2;
++    if (wordpos>=0 && wordpos < a->top) {
++        ret = a->d[wordpos]&BN_MASK2;
++        if (bitpos) {
++            ret >>= bitpos;
++            if (++wordpos < a->top)
++                ret |= a->d[wordpos]<<(BN_BITS2-bitpos);
++        }
++    }
++
++    return ret & BN_MASK2;
++}
++#endif
++
+ /*
+  * BN_mod_exp_mont_consttime() stores the precomputed powers in a specific
+  * layout so that accessing any of these table values shows the same access
[email protected]@ -594,6 +640,9 @@
+     int powerbufLen = 0;
+     unsigned char *powerbuf = NULL;
+     BIGNUM tmp, am;
++#if defined(OPENSSL_BN_ASM_MONT) && defined(__sparc)
++    unsigned int t4=0;
++#endif
+
+     bn_check_top(a);
+     bn_check_top(p);
[email protected]@ -628,10 +677,18 @@
+
+     /* Get the window size to use with size of p. */
+     window = BN_window_bits_for_ctime_exponent_size(bits);
++#if defined(OPENSSL_BN_ASM_MONT) && defined(__sparc)
++    if (window>=5 && (top&15)==0 && top<=64 &&
++        (OPENSSL_sparcv9cap_P[1]&(CFR_MONTMUL|CFR_MONTSQR))==
++        (CFR_MONTMUL|CFR_MONTSQR) && (t4=OPENSSL_sparcv9cap_P[0]))
++            window=5;
++    else
++#endif
+ #if defined(OPENSSL_BN_ASM_MONT5)
+     if (window == 6 && bits <= 1024)
+         window = 5;             /* ~5% improvement of 2048-bit RSA sign */
+ #endif
++    (void) 0;
+
+     /*
+      * Allocate a buffer large enough to hold all of the pre-computed powers
[email protected]@ -670,14 +727,14 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+     tmp.flags = am.flags = BN_FLG_STATIC_DATA;
+
+     /* prepare a^0 in Montgomery domain */
+-#if 1
+-    if (!BN_to_montgomery(&tmp, BN_value_one(), mont, ctx))
+-        goto err;
+-#else
++#if 1    /* by Shay Gueron's suggestion */
+     tmp.d[0] = (0 - m->d[0]) & BN_MASK2; /* 2^(top*BN_BITS2) - m */
+     for (i = 1; i < top; i++)
+         tmp.d[i] = (~m->d[i]) & BN_MASK2;
+     tmp.top = top;
++#else
++    if (!BN_to_montgomery(&tmp,BN_value_one(),mont,ctx))
++        goto err;
+ #endif
+
+     /* prepare a^1 in Montgomery domain */
[email protected]@ -689,6 +746,122 @@
+     } else if (!BN_to_montgomery(&am, a, mont, ctx))
+         goto err;
+
++#if defined(OPENSSL_BN_ASM_MONT) && defined(__sparc)
++    if (t4) {
++        typedef int (*bn_pwr5_mont_f)(BN_ULONG *tp,const BN_ULONG *np,
++            const BN_ULONG *n0,const void *table,int power,int bits);
++        int bn_pwr5_mont_t4_8(BN_ULONG *tp,const BN_ULONG *np,
++            const BN_ULONG *n0,const void *table,int power,int bits);
++        int bn_pwr5_mont_t4_16(BN_ULONG *tp,const BN_ULONG *np,
++            const BN_ULONG *n0,const void *table,int power,int bits);
++        int bn_pwr5_mont_t4_24(BN_ULONG *tp,const BN_ULONG *np,
++            const BN_ULONG *n0,const void *table,int power,int bits);
++        int bn_pwr5_mont_t4_32(BN_ULONG *tp,const BN_ULONG *np,
++            const BN_ULONG *n0,const void *table,int power,int bits);
++        static const bn_pwr5_mont_f pwr5_funcs[4] = {
++            bn_pwr5_mont_t4_8,    bn_pwr5_mont_t4_16,
++            bn_pwr5_mont_t4_24,    bn_pwr5_mont_t4_32 };
++        bn_pwr5_mont_f pwr5_worker = pwr5_funcs[top/16-1];
++
++        typedef int (*bn_mul_mont_f)(BN_ULONG *rp,const BN_ULONG *ap,
++            const void *bp,const BN_ULONG *np,const BN_ULONG *n0);
++        int bn_mul_mont_t4_8(BN_ULONG *rp,const BN_ULONG *ap,
++            const void *bp,const BN_ULONG *np,const BN_ULONG *n0);
++        int bn_mul_mont_t4_16(BN_ULONG *rp,const BN_ULONG *ap,
++            const void *bp,const BN_ULONG *np,const BN_ULONG *n0);
++        int bn_mul_mont_t4_24(BN_ULONG *rp,const BN_ULONG *ap,
++            const void *bp,const BN_ULONG *np,const BN_ULONG *n0);
++        int bn_mul_mont_t4_32(BN_ULONG *rp,const BN_ULONG *ap,
++            const void *bp,const BN_ULONG *np,const BN_ULONG *n0);
++        static const bn_mul_mont_f mul_funcs[4] = {
++            bn_mul_mont_t4_8,    bn_mul_mont_t4_16,
++            bn_mul_mont_t4_24,    bn_mul_mont_t4_32 };
++        bn_mul_mont_f mul_worker = mul_funcs[top/16-1];
++
++        void bn_mul_mont_vis3(BN_ULONG *rp,const BN_ULONG *ap,
++            const void *bp,const BN_ULONG *np,
++            const BN_ULONG *n0,int num);
++        void bn_mul_mont_t4(BN_ULONG *rp,const BN_ULONG *ap,
++            const void *bp,const BN_ULONG *np,
++            const BN_ULONG *n0,int num);
++        void bn_mul_mont_gather5_t4(BN_ULONG *rp,const BN_ULONG *ap,
++            const void *table,const BN_ULONG *np,
++            const BN_ULONG *n0,int num,int power);
++        void bn_flip_n_scatter5_t4(const BN_ULONG *inp,size_t num,
++            void *table,size_t power);
++        void bn_gather5_t4(BN_ULONG *out,size_t num,
++            void *table,size_t power);
++        void bn_flip_t4(BN_ULONG *dst,BN_ULONG *src,size_t num);
++
++        BN_ULONG *np=mont->N.d, *n0=mont->n0;
++        int stride = 5*(6-(top/16-1));    /* multiple of 5, but less than 32 */
++
++        /*
++         * BN_to_montgomery can contaminate words above .top
++         * [in BN_DEBUG[_DEBUG] build]...
++         */
++        for (i=am.top; i<top; i++)    am.d[i]=0;
++        for (i=tmp.top; i<top; i++)    tmp.d[i]=0;
++
++        bn_flip_n_scatter5_t4(tmp.d,top,powerbuf,0);
++        bn_flip_n_scatter5_t4(am.d,top,powerbuf,1);
++        if (!(*mul_worker)(tmp.d,am.d,am.d,np,n0) &&
++        !(*mul_worker)(tmp.d,am.d,am.d,np,n0))
++        bn_mul_mont_vis3(tmp.d,am.d,am.d,np,n0,top);
++        bn_flip_n_scatter5_t4(tmp.d,top,powerbuf,2);
++
++        for (i=3; i<32; i++) {
++        /* Calculate a^i = a^(i-1) * a */
++        if (!(*mul_worker)(tmp.d,tmp.d,am.d,np,n0) &&
++            !(*mul_worker)(tmp.d,tmp.d,am.d,np,n0))
++            bn_mul_mont_vis3(tmp.d,tmp.d,am.d,np,n0,top);
++        bn_flip_n_scatter5_t4(tmp.d,top,powerbuf,i);
++        }
++
++        /* switch to 64-bit domain */
++        np = alloca(top*sizeof(BN_ULONG));
++        top /= 2;
++        bn_flip_t4(np,mont->N.d,top);
++
++        bits--;
++        for (wvalue=0, i=bits%5; i>=0; i--,bits--)
++        wvalue = (wvalue<<1)+BN_is_bit_set(p,bits);
++        bn_gather5_t4(tmp.d,top,powerbuf,wvalue);
++
++        /* Scan the exponent one window at a time starting from the most
++         * significant bits.
++         */
++        while (bits >= 0) {
++        if (bits < stride)
++            stride = bits+1;
++        bits -= stride;
++        wvalue = (bn_get_bits(p,bits+1));
++
++        if ((*pwr5_worker)(tmp.d,np,n0,powerbuf,wvalue,stride))
++            continue;
++        /* retry once and fall back */
++        if ((*pwr5_worker)(tmp.d,np,n0,powerbuf,wvalue,stride))
++            continue;
++
++        bits += stride-5;
++        wvalue >>= stride-5;
++        wvalue &= 31;
++        bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top);
++        bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top);
++        bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top);
++        bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top);
++        bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top);
++        bn_mul_mont_gather5_t4(tmp.d,tmp.d,powerbuf,np,n0,top,wvalue);
++        }
++
++        bn_flip_t4(tmp.d,tmp.d,top);
++        top *= 2;
++        /* back to 32-bit domain */
++        tmp.top=top;
++        bn_correct_top(&tmp);
++        OPENSSL_cleanse(np,top*sizeof(BN_ULONG));
++    } else
++#endif
+ #if defined(OPENSSL_BN_ASM_MONT5)
+     if (window == 5 && top > 1) {
+         /*
[email protected]@ -844,6 +1017,15 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+     }
+
+     /* Convert the final result from montgomery to standard format */
++#if defined(OPENSSL_BN_ASM_MONT) && (defined(__sparc__) || defined(__sparc))
++    if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3|SPARCV9_PREFER_FPU)) {
++        am.d[0] = 1;    /* borrow am */
++        for (i = 1; i < top; i++)
++            am.d[i] = 0;
++        if (!BN_mod_mul_montgomery(rr,&tmp,&am,mont,ctx))
++            goto err;
++    } else
++#endif
+     if (!BN_from_montgomery(rr, &tmp, mont, ctx))
+         goto err;
+     ret = 1;
+Index: openssl/apps/speed.c
+===================================================================
+diff -ru openssl-1.0.1e/apps/spped.c openssl-1.0.1e/apps/speed.c
+--- openssl-1.0.1e/apps/speed.c 2011-05-24 17:02:24.000000000 -0700
++++ openssl-1.0.1e/apps/spped.c 2011-07-27 10:48:17.817470000 -0700
[email protected]@ -1586,8 +1586,7 @@
+             print_message(names[D_MD5], c[D_MD5][j], lengths[j]);
+             Time_F(START);
+             for (count = 0, run = 1; COND(c[D_MD5][j]); count++)
+-                EVP_Digest(&(buf[0]), (unsigned long)lengths[j], &(md5[0]),
+-                           NULL, EVP_get_digestbyname("md5"), NULL);
++                MD5(buf, lengths[j], md5);
+             d = Time_F(STOP);
+             print_result(D_MD5, j, count, d);
+         }
[email protected]@ -1622,8 +1621,7 @@
+             print_message(names[D_SHA1], c[D_SHA1][j], lengths[j]);
+             Time_F(START);
+             for (count = 0, run = 1; COND(c[D_SHA1][j]); count++)
+-                EVP_Digest(buf, (unsigned long)lengths[j], &(sha[0]), NULL,
+-                           EVP_sha1(), NULL);
++                SHA1(buf, lengths[j], sha);
+             d = Time_F(STOP);
+             print_result(D_SHA1, j, count, d);
+         }
+Index: openssl/crypto/aes/Makefile
+===================================================================
+--- Makefile	Thu May  2 13:42:37 2013
++++ Makefile.orig	Thu May  2 13:41:51 2013
[email protected]@ -69,6 +69,9 @@
+ aes-sparcv9.s: asm/aes-sparcv9.pl
+ 	$(PERL) asm/aes-sparcv9.pl $(CFLAGS) > [email protected]
+ 
++aest4-sparcv9.s: asm/aest4-sparcv9.pl
++	$(PERL) asm/aest4-sparcv9.pl $(CFLAGS) > [email protected]
++
+ aes-ppc.s:	asm/aes-ppc.pl
+ 	$(PERL) asm/aes-ppc.pl $(PERLASM_SCHEME) [email protected]
+ 
+Index: openssl/crypto/evp/e_aes.c
+===================================================================
+--- e_aes.c    Mon Feb 11 07:26:04 2013
++++ e_aes.c.56    Thu May  2 14:26:35 2013
[email protected]@ -56,12 +58,11 @@
+ # include <assert.h>
+ # include <openssl/aes.h>
+ # include "evp_locl.h"
+-# ifndef OPENSSL_FIPS
+ #  include "modes_lcl.h"
+ #  include <openssl/rand.h>
+
+ typedef struct {
+-    AES_KEY ks;
++    union { double align; AES_KEY ks; } ks;
+     block128_f block;
+     union {
+         cbc128_f cbc;
[email protected]@ -70,7 +69,7 @@
+ } EVP_AES_KEY;
+
+ typedef struct {
+-    AES_KEY ks;                 /* AES key schedule to use */
++    union { double align; AES_KEY ks; } ks;    /* AES key schedule to use */
+     int key_set;                /* Set if key initialised */
+     int iv_set;                 /* Set if an iv is set */
+     GCM128_CONTEXT gcm;
[email protected]@ -83,7 +82,7 @@
+ } EVP_AES_GCM_CTX;
+
+ typedef struct {
+-    AES_KEY ks1, ks2;           /* AES key schedules to use */
++    union { double align; AES_KEY ks; } ks1, ks2;    /* AES key schedules to use */
+     XTS128_CONTEXT xts;
+     void (*stream) (const unsigned char *in,
+                     unsigned char *out, size_t length,
[email protected]@ -92,7 +91,7 @@
+ } EVP_AES_XTS_CTX;
+
+ typedef struct {
+-    AES_KEY ks;                 /* AES key schedule to use */
++    union { double align; AES_KEY ks; } ks;    /* AES key schedule to use */
+     int key_set;                /* Set if key initialised */
+     int iv_set;                 /* Set if an iv is set */
+     int tag_set;                /* Set if tag is valid */
[email protected]@ -155,7 +154,7 @@
+         defined(_M_AMD64)       || defined(_M_X64)      || \
+         defined(__INTEL__)                              )
+
+-extern unsigned int OPENSSL_ia32cap_P[2];
++extern unsigned int OPENSSL_ia32cap_P[];
+
+ #   ifdef VPAES_ASM
+ #    define VPAES_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
[email protected]@ -297,7 +296,7 @@
+     if (!iv && !key)
+         return 1;
+     if (key) {
+-        aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
++        aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
+         CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) aesni_encrypt);
+         gctx->ctr = (ctr128_f) aesni_ctr32_encrypt_blocks;
+         /*
[email protected]@ -336,17 +335,17 @@
+     if (key) {
+         /* key_len is two AES keys */
+         if (enc) {
+-            aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
++            aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
+             xctx->xts.block1 = (block128_f) aesni_encrypt;
+             xctx->stream = aesni_xts_encrypt;
+         } else {
+-            aesni_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
++            aesni_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
+             xctx->xts.block1 = (block128_f) aesni_decrypt;
+             xctx->stream = aesni_xts_decrypt;
+         }
+
+         aesni_set_encrypt_key(key + ctx->key_len / 2,
+-                              ctx->key_len * 4, &xctx->ks2);
++                              ctx->key_len * 4, &xctx->ks2.ks);
+         xctx->xts.block2 = (block128_f) aesni_encrypt;
+
+         xctx->xts.key1 = &xctx->ks1;
[email protected]@ -371,7 +370,7 @@
+     if (!iv && !key)
+         return 1;
+     if (key) {
+-        aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
++        aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks);
+         CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                            &cctx->ks, (block128_f) aesni_encrypt);
+         cctx->str = enc ? (ccm128_f) aesni_ccm64_encrypt_blocks :
[email protected]@ -432,6 +431,364 @@
+ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+ { return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; }
+
++#elif    defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
++
++#include "sparc_arch.h"
++
++extern unsigned int OPENSSL_sparcv9cap_P[];
++
++#define    SPARC_AES_CAPABLE    (OPENSSL_sparcv9cap_P[1] & CFR_AES)
++
++void    aes_t4_set_encrypt_key (const unsigned char *key, int bits,
++                AES_KEY *ks);
++void    aes_t4_set_decrypt_key (const unsigned char *key, int bits,
++                AES_KEY *ks);
++void    aes_t4_encrypt (const unsigned char *in, unsigned char *out,
++                const AES_KEY *key);
++void    aes_t4_decrypt (const unsigned char *in, unsigned char *out,
++                const AES_KEY *key);
++/*
++ * Key-length specific subroutines were chosen for following reason.
++ * Each SPARC T4 core can execute up to 8 threads which share core's
++ * resources. Loading as much key material to registers allows to
++ * minimize references to shared memory interface, as well as amount
++ * of instructions in inner loops [much needed on T4]. But then having
++ * non-key-length specific routines would require conditional branches
++ * either in inner loops or on subroutines' entries. Former is hardly
++ * acceptable, while latter means code size increase to size occupied
++ * by multiple key-length specfic subroutines, so why fight?
++ */
++void    aes128_t4_cbc_encrypt (const unsigned char *in, unsigned char *out,
++                size_t len, const AES_KEY *key,
++                unsigned char *ivec);
++void    aes128_t4_cbc_decrypt (const unsigned char *in, unsigned char *out,
++                size_t len, const AES_KEY *key,
++                unsigned char *ivec);
++void    aes192_t4_cbc_encrypt (const unsigned char *in, unsigned char *out,
++                size_t len, const AES_KEY *key,
++                unsigned char *ivec);
++void    aes192_t4_cbc_decrypt (const unsigned char *in, unsigned char *out,
++                size_t len, const AES_KEY *key,
++                unsigned char *ivec);
++void    aes256_t4_cbc_encrypt (const unsigned char *in, unsigned char *out,
++                size_t len, const AES_KEY *key,
++                unsigned char *ivec);
++void    aes256_t4_cbc_decrypt (const unsigned char *in, unsigned char *out,
++                size_t len, const AES_KEY *key,
++                unsigned char *ivec);
++void    aes128_t4_ctr32_encrypt (const unsigned char *in, unsigned char *out,
++                size_t blocks, const AES_KEY *key,
++                unsigned char *ivec);
++void    aes192_t4_ctr32_encrypt (const unsigned char *in, unsigned char *out,
++                size_t blocks, const AES_KEY *key,
++                unsigned char *ivec);
++void    aes256_t4_ctr32_encrypt (const unsigned char *in, unsigned char *out,
++                size_t blocks, const AES_KEY *key,
++                unsigned char *ivec);
++
++static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
++           const unsigned char *iv, int enc)
++{
++    int ret, mode, bits;
++    EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
++
++    mode = ctx->cipher->flags & EVP_CIPH_MODE;
++    bits = ctx->key_len*8;
++    if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && !enc) {
++            ret = 0;
++            aes_t4_set_decrypt_key(key, bits, ctx->cipher_data);
++            dat->block    = (block128_f)aes_t4_decrypt;
++            switch (bits) {
++            case 128:
++            dat->stream.cbc    = mode==EVP_CIPH_CBC_MODE ?
++                        (cbc128_f)aes128_t4_cbc_decrypt :
++                        NULL;
++            break;
++            case 192:
++            dat->stream.cbc    = mode==EVP_CIPH_CBC_MODE ?
++                        (cbc128_f)aes192_t4_cbc_decrypt :
++                        NULL;
++            break;
++            case 256:
++            dat->stream.cbc    = mode==EVP_CIPH_CBC_MODE ?
++                        (cbc128_f)aes256_t4_cbc_decrypt :
++                        NULL;
++            break;
++            default:
++            ret = -1;
++        }
++    } else    {
++            ret = 0;
++            aes_t4_set_encrypt_key(key, bits, ctx->cipher_data);
++            dat->block    = (block128_f)aes_t4_encrypt;
++            switch (bits) {
++            case 128:
++            if (mode==EVP_CIPH_CBC_MODE)
++                dat->stream.cbc    = (cbc128_f)aes128_t4_cbc_encrypt;
++            else if (mode==EVP_CIPH_CTR_MODE)
++                dat->stream.ctr = (ctr128_f)aes128_t4_ctr32_encrypt;
++            else
++                dat->stream.cbc = NULL;
++            break;
++            case 192:
++            if (mode==EVP_CIPH_CBC_MODE)
++                dat->stream.cbc    = (cbc128_f)aes192_t4_cbc_encrypt;
++            else if (mode==EVP_CIPH_CTR_MODE)
++                dat->stream.ctr = (ctr128_f)aes192_t4_ctr32_encrypt;
++            else
++                dat->stream.cbc = NULL;
++            break;
++            case 256:
++            if (mode==EVP_CIPH_CBC_MODE)
++                dat->stream.cbc    = (cbc128_f)aes256_t4_cbc_encrypt;
++            else if (mode==EVP_CIPH_CTR_MODE)
++                dat->stream.ctr = (ctr128_f)aes256_t4_ctr32_encrypt;
++            else
++                dat->stream.cbc = NULL;
++            break;
++            default:
++            ret = -1;
++        }
++    }
++
++    if (ret < 0) {
++        EVPerr(EVP_F_AES_T4_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
++        return 0;
++    }
++
++    return 1;
++}
++
++#define aes_t4_cbc_cipher aes_cbc_cipher
++static int aes_t4_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
++    const unsigned char *in, size_t len);
++
++#define aes_t4_ecb_cipher aes_ecb_cipher
++static int aes_t4_ecb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
++    const unsigned char *in, size_t len);
++
++#define aes_t4_ofb_cipher aes_ofb_cipher
++static int aes_t4_ofb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
++    const unsigned char *in,size_t len);
++
++#define aes_t4_cfb_cipher aes_cfb_cipher
++static int aes_t4_cfb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
++    const unsigned char *in,size_t len);
++
++#define aes_t4_cfb8_cipher aes_cfb8_cipher
++static int aes_t4_cfb8_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
++    const unsigned char *in,size_t len);
++
++#define aes_t4_cfb1_cipher aes_cfb1_cipher
++static int aes_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
++    const unsigned char *in,size_t len);
++
++#define aes_t4_ctr_cipher aes_ctr_cipher
++static int aes_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++        const unsigned char *in, size_t len);
++
++static int aes_t4_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
++                        const unsigned char *iv, int enc)
++{
++    EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
++    if (!iv && !key)
++        return 1;
++    if (key) {
++        int bits = ctx->key_len * 8;
++        aes_t4_set_encrypt_key(key, bits, &gctx->ks.ks);
++        CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
++                (block128_f)aes_t4_encrypt);
++        switch (bits) {
++        case 128:
++            gctx->ctr = (ctr128_f)aes128_t4_ctr32_encrypt;
++            break;
++         case 192:
++            gctx->ctr = (ctr128_f)aes192_t4_ctr32_encrypt;
++            break;
++         case 256:
++            gctx->ctr = (ctr128_f)aes256_t4_ctr32_encrypt;
++            break;
++         default:
++            return 0;
++     }
++        /* If we have an iv can set it directly, otherwise use
++         * saved IV.
++         */
++        if (iv == NULL && gctx->iv_set)
++            iv = gctx->iv;
++        if (iv) {
++            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
++            gctx->iv_set = 1;
++        }
++        gctx->key_set = 1;
++    } else {
++        /* If key set use IV, otherwise copy */
++        if (gctx->key_set)
++            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
++        else
++            memcpy(gctx->iv, iv, gctx->ivlen);
++        gctx->iv_set = 1;
++        gctx->iv_gen = 0;
++    }
++    return 1;
++}
++
++#define aes_t4_gcm_cipher aes_gcm_cipher
++static int aes_t4_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++        const unsigned char *in, size_t len);
++
++static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
++                        const unsigned char *iv, int enc)
++{
++    EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
++    if (!iv && !key)
++        return 1;
++
++    if (key) {
++        int bits = ctx->key_len * 4;
++        /* key_len is two AES keys */
++        if (enc) {
++            aes_t4_set_encrypt_key(key, bits, &xctx->ks1.ks);
++            xctx->xts.block1 = (block128_f)aes_t4_encrypt;
++#if 0 /* not yet */
++            switch (bits) {
++            case 128:
++                xctx->stream = aes128_t4_xts_encrypt;
++                break;
++            case 192:
++                xctx->stream = aes192_t4_xts_encrypt;
++                break;
++            case 256:
++                xctx->stream = aes256_t4_xts_encrypt;
++                break;
++            default:
++                return 0;
++            }
++#endif
++        } else {
++            aes_t4_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
++            xctx->xts.block1 = (block128_f)aes_t4_decrypt;
++#if 0 /* not yet */
++            switch (bits) {
++            case 128:
++                xctx->stream = aes128_t4_xts_decrypt;
++                break;
++            case 192:
++                xctx->stream = aes192_t4_xts_decrypt;
++                break;
++            case 256:
++                xctx->stream = aes256_t4_xts_decrypt;
++                break;
++            default:
++                return 0;
++                }
++#endif
++            }
++
++        aes_t4_set_encrypt_key(key + ctx->key_len/2,
++                        ctx->key_len * 4, &xctx->ks2.ks);
++        xctx->xts.block2 = (block128_f)aes_t4_encrypt;
++
++        xctx->xts.key1 = &xctx->ks1;
++    }
++
++    if (iv) {
++        xctx->xts.key2 = &xctx->ks2;
++        memcpy(ctx->iv, iv, 16);
++    }
++
++    return 1;
++}
++
++#define aes_t4_xts_cipher aes_xts_cipher
++static int aes_t4_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++        const unsigned char *in, size_t len);
++
++static int aes_t4_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
++                        const unsigned char *iv, int enc)
++{
++    EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
++    if (!iv && !key)
++        return 1;
++    if (key) {
++        int bits = ctx->key_len * 8;
++        aes_t4_set_encrypt_key(key, bits, &cctx->ks.ks);
++        CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
++                    &cctx->ks, (block128_f)aes_t4_encrypt);
++#if 0 /* not yet */
++       switch (bits) {
++        case 128:
++            cctx->str = enc?(ccm128_f)aes128_t4_ccm64_encrypt :
++                (ccm128_f)ae128_t4_ccm64_decrypt;
++            break;
++        case 192:
++            cctx->str = enc?(ccm128_f)aes192_t4_ccm64_encrypt :
++                (ccm128_f)ae192_t4_ccm64_decrypt;
++            break;
++        case 256:
++            cctx->str = enc?(ccm128_f)aes256_t4_ccm64_encrypt :
++                (ccm128_f)ae256_t4_ccm64_decrypt;
++            break;
++        default:
++            return 0;
++        }
++#endif
++        cctx->key_set = 1;
++    }
++    if (iv) {
++        memcpy(ctx->iv, iv, 15 - cctx->L);
++        cctx->iv_set = 1;
++    }
++    return 1;
++}
++
++#define aes_t4_ccm_cipher aes_ccm_cipher
++static int aes_t4_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++        const unsigned char *in, size_t len);
++
++#define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
++static const EVP_CIPHER aes_t4_##keylen##_##mode = { \
++    nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
++    flags|EVP_CIPH_##MODE##_MODE,    \
++    aes_t4_init_key,        \
++    aes_t4_##mode##_cipher,        \
++    NULL,                \
++    sizeof(EVP_AES_KEY),        \
++    NULL,NULL,NULL,NULL }; \
++static const EVP_CIPHER aes_##keylen##_##mode = { \
++    nid##_##keylen##_##nmode,blocksize,    \
++    keylen/8,ivlen, \
++    flags|EVP_CIPH_##MODE##_MODE,    \
++    aes_init_key,            \
++    aes_##mode##_cipher,        \
++    NULL,                \
++    sizeof(EVP_AES_KEY),        \
++    NULL,NULL,NULL,NULL }; \
++const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
++{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; }
++
++#define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
++static const EVP_CIPHER aes_t4_##keylen##_##mode = { \
++    nid##_##keylen##_##mode,blocksize, \
++    (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
++    flags|EVP_CIPH_##MODE##_MODE,    \
++    aes_t4_##mode##_init_key,    \
++    aes_t4_##mode##_cipher,        \
++    aes_##mode##_cleanup,        \
++    sizeof(EVP_AES_##MODE##_CTX),    \
++    NULL,NULL,aes_##mode##_ctrl,NULL }; \
++static const EVP_CIPHER aes_##keylen##_##mode = { \
++    nid##_##keylen##_##mode,blocksize, \
++    (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
++    flags|EVP_CIPH_##MODE##_MODE,    \
++    aes_##mode##_init_key,        \
++    aes_##mode##_cipher,        \
++    aes_##mode##_cleanup,        \
++    sizeof(EVP_AES_##MODE##_CTX),    \
++    NULL,NULL,aes_##mode##_ctrl,NULL }; \
++const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
++{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; }
++
+ #  else
+
+ #   define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
[email protected]@ -480,7 +837,7 @@
+         && !enc)
+ #  ifdef BSAES_CAPABLE
+         if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) {
+-            ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks);
++            ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
+             dat->block = (block128_f) AES_decrypt;
+             dat->stream.cbc = (cbc128_f) bsaes_cbc_encrypt;
+         } else
[email protected]@ -487,7 +844,7 @@
+ #  endif
+ #  ifdef VPAES_CAPABLE
+         if (VPAES_CAPABLE) {
+-            ret = vpaes_set_decrypt_key(key, ctx->key_len * 8, &dat->ks);
++            ret = vpaes_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
+             dat->block = (block128_f) vpaes_decrypt;
+             dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+                 (cbc128_f) vpaes_cbc_encrypt : NULL;
[email protected]@ -494,7 +851,7 @@
+         } else
+ #  endif
+         {
+-            ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks);
++            ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
+             dat->block = (block128_f) AES_decrypt;
+             dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+                 (cbc128_f) AES_cbc_encrypt : NULL;
[email protected]@ -508,7 +865,7 @@
+ #  endif
+ #  ifdef VPAES_CAPABLE
+     if (VPAES_CAPABLE) {
+-        ret = vpaes_set_encrypt_key(key, ctx->key_len * 8, &dat->ks);
++        ret = vpaes_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
+         dat->block = (block128_f) vpaes_encrypt;
+         dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+             (cbc128_f) vpaes_cbc_encrypt : NULL;
[email protected]@ -515,7 +872,7 @@
+     } else
+ #  endif
+     {
+-        ret = AES_set_encrypt_key(key, ctx->key_len * 8, &dat->ks);
++        ret = AES_set_encrypt_key(key, ctx->key_len*8, &dat->ks.ks);
+         dat->block = (block128_f) AES_encrypt;
+         dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+             (cbc128_f) AES_cbc_encrypt : NULL;
[email protected]@ -810,7 +1167,7 @@
+         do {
+ #  ifdef BSAES_CAPABLE
+             if (BSAES_CAPABLE) {
+-                AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
++                AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
+                 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+                                    (block128_f) AES_encrypt);
+                 gctx->ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks;
[email protected]@ -819,7 +1176,7 @@
+ #  endif
+ #  ifdef VPAES_CAPABLE
+             if (VPAES_CAPABLE) {
+-                vpaes_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
++                vpaes_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
+                 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+                                    (block128_f) vpaes_encrypt);
+                 gctx->ctr = NULL;
[email protected]@ -828,7 +1185,7 @@
+ #  endif
+                 (void)0;        /* terminate potentially open 'else' */
+
+-            AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
++            AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
+             CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+                                (block128_f) AES_encrypt);
+ #  ifdef AES_CTR_ASM
[email protected]@ -1049,15 +1406,15 @@
+ #  ifdef VPAES_CAPABLE
+             if (VPAES_CAPABLE) {
+                 if (enc) {
+-                    vpaes_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
++                    vpaes_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
+                     xctx->xts.block1 = (block128_f) vpaes_encrypt;
+                 } else {
+-                    vpaes_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
++                    vpaes_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
+                     xctx->xts.block1 = (block128_f) vpaes_decrypt;
+                 }
+
+                 vpaes_set_encrypt_key(key + ctx->key_len / 2,
+-                                      ctx->key_len * 4, &xctx->ks2);
++                                      ctx->key_len * 4, &xctx->ks2.ks);
+                 xctx->xts.block2 = (block128_f) vpaes_encrypt;
+
+                 xctx->xts.key1 = &xctx->ks1;
[email protected]@ -1067,15 +1424,15 @@
+                 (void)0;        /* terminate potentially open 'else' */
+
+             if (enc) {
+-                AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
++                AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
+                 xctx->xts.block1 = (block128_f) AES_encrypt;
+             } else {
+-                AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
++                AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
+                 xctx->xts.block1 = (block128_f) AES_decrypt;
+             }
+
+             AES_set_encrypt_key(key + ctx->key_len / 2,
+-                                ctx->key_len * 4, &xctx->ks2);
++                                ctx->key_len * 4, &xctx->ks2.ks);
+             xctx->xts.block2 = (block128_f) AES_encrypt;
+
+             xctx->xts.key1 = &xctx->ks1;
[email protected]@ -1196,7 +1553,7 @@
+         do {
+ #  ifdef VPAES_CAPABLE
+             if (VPAES_CAPABLE) {
+-                vpaes_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
++                vpaes_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks);
+                 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                                    &cctx->ks, (block128_f) vpaes_encrypt);
+                 cctx->str = NULL;
[email protected]@ -1204,7 +1561,7 @@
+                 break;
+             }
+ #  endif
+-            AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
++            AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks);
+             CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                                &cctx->ks, (block128_f) AES_encrypt);
+             cctx->str = NULL;
[email protected]@ -1285,5 +1642,4 @@
+                     EVP_CIPH_FLAG_FIPS | CUSTOM_FLAGS)
+     BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
+                     EVP_CIPH_FLAG_FIPS | CUSTOM_FLAGS)
+-# endif
+ #endif
+Index: openssl/crypto/evp/evp.h
+===================================================================
+--- evp.h    Mon Feb 11 07:26:04 2013
++++ evp.h.new    Thu May  2 14:31:55 2013
[email protected]@ -1325,6 +1325,7 @@
+ # define EVP_F_AESNI_INIT_KEY                             165
+ # define EVP_F_AESNI_XTS_CIPHER                           176
+ # define EVP_F_AES_INIT_KEY                               133
++# define EVP_F_AES_T4_INIT_KEY                            178
+ # define EVP_F_AES_XTS                                    172
+ # define EVP_F_AES_XTS_CIPHER                             175
+ # define EVP_F_ALG_MODULE_INIT                            177
+Index: openssl/crypto/evp/evp_err.c
+===================================================================
+--- evp_err.c	Mon Feb 11 07:26:04 2013
++++ evp_err.c.new	Thu May  2 14:33:24 2013
[email protected]@ -73,6 +73,7 @@
+     {ERR_FUNC(EVP_F_AESNI_INIT_KEY), "AESNI_INIT_KEY"},
+     {ERR_FUNC(EVP_F_AESNI_XTS_CIPHER), "AESNI_XTS_CIPHER"},
+     {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
++    {ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "AES_T4_INIT_KEY"},
+     {ERR_FUNC(EVP_F_AES_XTS), "AES_XTS"},
+     {ERR_FUNC(EVP_F_AES_XTS_CIPHER), "AES_XTS_CIPHER"},
+     {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"},
--- a/components/openssl/openssl-1.0.1/patches/38_remove_illegal_instruction_calls.patch	Tue Mar 24 10:15:01 2015 -0700
+++ b/components/openssl/openssl-1.0.1/patches/38_remove_illegal_instruction_calls.patch	Tue Mar 24 20:05:38 2015 -0700
@@ -2,9 +2,13 @@
 # This patch was developed in house.
 # This is Solaris-specific: not suitable for upstream.
 #
---- openssl-1.0.1h/crypto/sparcv9cap.c.~1~	Tue Aug  5 14:40:03 2014
-+++ openssl-1.0.1h/crypto/sparcv9cap.c	Tue Aug  5 15:05:26 2014
[email protected]@ -6,6 +6,7 @@
+--- openssl-1.0.1g/crypto/sparcv9cap.c.~1~	Thu May  1 13:07:00 2014
++++ openssl-1.0.1g/crypto/sparcv9cap.c	Thu May  1 13:11:33 2014
[email protected]@ -2,10 +2,10 @@
+ #include <stdlib.h>
+ #include <string.h>
+ #include <setjmp.h>
+-#include <signal.h>
  #include <sys/time.h>
  #include <unistd.h>
  #include <openssl/bn.h>
@@ -12,79 +16,171 @@
  
  #include "sparc_arch.h"
  
[email protected]@ -59,10 +60,8 @@
- void		_sparcv9_vis1_probe(void);
- unsigned long	_sparcv9_vis1_instrument(void);
- void		_sparcv9_vis2_probe(void);
--void		_sparcv9_fmadd_probe(void);
- unsigned long	_sparcv9_rdcfr(void);
- void		_sparcv9_vis3_probe(void);
--unsigned long	_sparcv9_random(void);
[email protected]@ -59,13 +59,8 @@
+ }
+ 
+ unsigned long _sparcv9_rdtick(void);
+-void _sparcv9_vis1_probe(void);
+ unsigned long _sparcv9_vis1_instrument(void);
+-void _sparcv9_vis2_probe(void);
+-void _sparcv9_fmadd_probe(void);
+ unsigned long _sparcv9_rdcfr(void);
+-void _sparcv9_vis3_probe(void);
+-unsigned long _sparcv9_random(void);
  #ifndef _BOOT
- size_t 	_sparcv9_vis1_instrument_bus(unsigned int *,size_t);
- size_t		_sparcv9_vis1_instrument_bus2(unsigned int *,size_t,size_t);
[email protected]@ -236,6 +235,7 @@
- 	struct sigaction	common_act,ill_oact,bus_oact;
- 	sigset_t		all_masked,oset;
- 	static int trigger=0;
-+	uint_t ui = 0;
+ size_t _sparcv9_vis1_instrument_bus(unsigned int *,size_t);
+ size_t _sparcv9_vis1_instrument_bus2(unsigned int *,size_t,size_t);
[email protected]@ -235,18 +235,11 @@
+
+ #else
+
+-static sigjmp_buf common_jmp;
+-static void common_handler(int sig)
+-{
+-    siglongjmp(common_jmp, sig);
+-}
+-
+ void OPENSSL_cpuid_setup(void)
+ {
+     char *e;
+-    struct sigaction common_act, ill_oact, bus_oact;
+-    sigset_t all_masked, oset;
+     static int trigger = 0;
++    uint_t ui = 0;
+
+     if (trigger)
+         return;
[email protected]@ -259,80 +247,40 @@
+         return;
+     }
  
- 	if (trigger) return;
- 	trigger=1;
[email protected]@ -250,6 +250,7 @@
- 
- 	/* Initial value, fits UltraSPARC-I&II... */
- 	OPENSSL_sparcv9cap_P[0] = SPARCV9_PREFER_FPU|SPARCV9_TICK_PRIVILEGED;
-+	(void) getisax(&ui, 1);
- 
- 	sigfillset(&all_masked);
- 	sigdelset(&all_masked,SIGILL);
[email protected]@ -289,11 +290,8 @@
- 			}
- 		}
++    (void) getisax(&ui, 1);
++
+     /* Initial value, fits UltraSPARC-I&II... */
+-    OPENSSL_sparcv9cap_P[0] = SPARCV9_PREFER_FPU | SPARCV9_TICK_PRIVILEGED;
++    OPENSSL_sparcv9cap_P[0] = SPARCV9_BLK;
  
--	if (sigsetjmp(common_jmp,1) == 0)
--		{
--		_sparcv9_fmadd_probe();
-+	if (ui & AV_SPARC_FMAF)
- 		OPENSSL_sparcv9cap_P[0] |= SPARCV9_FMADD;
--		}
+-    sigfillset(&all_masked);
+-    sigdelset(&all_masked, SIGILL);
+-    sigdelset(&all_masked, SIGTRAP);
+-# ifdef SIGEMT
+-    sigdelset(&all_masked, SIGEMT);
+-# endif
+-    sigdelset(&all_masked, SIGFPE);
+-    sigdelset(&all_masked, SIGBUS);
+-    sigdelset(&all_masked, SIGSEGV);
+-    sigprocmask(SIG_SETMASK, &all_masked, &oset);
+-
+-    memset(&common_act, 0, sizeof(common_act));
+-    common_act.sa_handler = common_handler;
+-    common_act.sa_mask = all_masked;
+-
+-    sigaction(SIGILL, &common_act, &ill_oact);
+-    sigaction(SIGBUS, &common_act, &bus_oact); /* T1 fails 16-bit ldda [on
+-                                                * Linux] */
+-
+-    if (sigsetjmp(common_jmp, 1) == 0) {
+-        _sparcv9_rdtick();
+-        OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
+-    }
+-
+-    if (sigsetjmp(common_jmp, 1) == 0) {
+-        _sparcv9_vis1_probe();
+-        OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1 | SPARCV9_BLK;
++    if (ui & AV_SPARC_VIS) {
+         /* detect UltraSPARC-Tx, see sparccpud.S for details... */
+-        if (_sparcv9_vis1_instrument() >= 12)
+-            OPENSSL_sparcv9cap_P[0] &= ~(SPARCV9_VIS1 | SPARCV9_PREFER_FPU);
+-        else {
+-            _sparcv9_vis2_probe();
+-            OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2;
+-        }
++        if (_sparcv9_vis1_instrument() < 7)
++            OPENSSL_sparcv9cap_P[0] |= SPARCV9_TICK_PRIVILEGED;
++        if (_sparcv9_vis1_instrument() < 12) {
++            OPENSSL_sparcv9cap_P[0] |= (SPARCV9_VIS1 | SPARCV9_PREFER_FPU);
++            if (ui & AV_SPARC_VIS2)
++                OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2;
++         }
+     }
  
- 	/*
- 	 * VIS3 flag is tested independently from VIS1, unlike VIS2 that is,
[email protected]@ -305,11 +303,9 @@
- 		OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3;
- 		}
+-    if (sigsetjmp(common_jmp, 1) == 0) {
+-        _sparcv9_fmadd_probe();
++    if (ui & AV_SPARC_FMAF)
+         OPENSSL_sparcv9cap_P[0] |= SPARCV9_FMADD;
+-    }
+ 
+     /*
+      * VIS3 flag is tested independently from VIS1, unlike VIS2 that is,
+      * because VIS3 defines even integer instructions.
+      */
+-    if (sigsetjmp(common_jmp,1) == 0) {
+-        _sparcv9_vis3_probe();
+-        OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3;
+-    }
++    if (ui & AV_SPARC_VIS3)
++            OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3;
  
--	if (sigsetjmp(common_jmp,1) == 0)
--		{
--		(void)_sparcv9_random();
--		OPENSSL_sparcv9cap_P[0] |= SPARCV9_RANDOM;
--		}
-+#define	AV_T4_MECHS	(AV_SPARC_AES | AV_SPARC_DES | AV_SPARC_KASUMI | \
-+			AV_SPARC_CAMELLIA | AV_SPARC_MD5 | AV_SPARC_SHA1 | \
-+			AV_SPARC_SHA256 | AV_SPARC_SHA512 | AV_SPARC_MPMUL | AV_SPARC_CRC32C)
+-    if (sigsetjmp(common_jmp,1) == 0) {
+-        (void)_sparcv9_random();
+-        OPENSSL_sparcv9cap_P[0] |= SPARCV9_RANDOM;
+-    }
++#define AV_T4_MECHS     (AV_SPARC_AES | AV_SPARC_DES | AV_SPARC_KASUMI | \
++                         AV_SPARC_CAMELLIA | AV_SPARC_MD5 | AV_SPARC_SHA1 | \
++                         AV_SPARC_SHA256 | AV_SPARC_SHA512 | AV_SPARC_MPMUL | \
++                         AV_SPARC_CRC32C)
+ 
+-    /*
+-     * In wait for better solution _sparcv9_rdcfr is masked by
+-     * VIS3 flag, because it goes to uninterruptable endless
+-     * loop on UltraSPARC II running Solaris. Things might be
+-     * different on Linux...
+-     */
+-    if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS3) &&
+-        sigsetjmp(common_jmp, 1) == 0) {
++    if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS3) && (ui & AV_T4_MECHS))
+         OPENSSL_sparcv9cap_P[1] = (unsigned int)_sparcv9_rdcfr();
+-    }
  
- 	/*
- 	 * In wait for better solution _sparcv9_rdcfr is masked by
[email protected]@ -318,10 +314,8 @@
- 	 * different on Linux...
- 	 */
- 	if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS3) &&
--	    sigsetjmp(common_jmp,1) == 0)
--		{
-+		(ui & AV_T4_MECHS))
- 		OPENSSL_sparcv9cap_P[1] = (unsigned int)_sparcv9_rdcfr();
--		}
+-    sigaction(SIGBUS, &bus_oact, NULL);
+-    sigaction(SIGILL, &ill_oact, NULL);
+-
+-    sigprocmask(SIG_SETMASK, &oset, NULL);
+-
+     if (sizeof(size_t) == 8)
+         OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK;
+ #ifdef __linux
+--- openssl-1.0.1g/crypto/sparccpuid.S.~1~      Thu May  1 13:07:00 2014
++++ openssl-1.0.1g/crypto/sparccpuid.S  Thu May  1 13:11:33 2014
[email protected]@ -236,16 +236,6 @@
+ .type	_sparcv9_rdtick,#function
+ .size	_sparcv9_rdtick,.-_sparcv9_rdtick
  
- 	sigaction(SIGBUS,&bus_oact,NULL);
- 	sigaction(SIGILL,&ill_oact,NULL);
---- openssl-1.0.1h/crypto/sparccpuid.S.~1~	Mon Aug  4 14:45:58 2014
-+++ openssl-1.0.1h/crypto/sparccpuid.S	Mon Aug  4 14:51:53 2014
[email protected]@ -315,16 +315,6 @@
- .type	_sparcv9_vis2_probe,#function
- .size	_sparcv9_vis2_probe,.-_sparcv9_vis2_probe
+-.global	_sparcv9_vis1_probe
+-.align	8
+-_sparcv9_vis1_probe:
+-	.word	0x81b00d80	!fxor	%f0,%f0,%f0
+-	add	%sp,BIAS+2,%o1
+-	retl
+-	.word	0xc19a5a40	!ldda	[%o1]ASI_FP16_P,%f0
+-.type	_sparcv9_vis1_probe,#function
+-.size	_sparcv9_vis1_probe,.-_sparcv9_vis1_probe
+-
+ ! Probe and instrument VIS1 instruction. Output is number of cycles it
+ ! takes to execute rdtick and pair of VIS1 instructions. US-Tx VIS unit
+ ! is slow (documented to be 6 cycles on T2) and the core is in-order
[email protected]@ -307,24 +297,6 @@
+ .type	_sparcv9_vis1_instrument,#function
+ .size	_sparcv9_vis1_instrument,.-_sparcv9_vis1_instrument
  
+-.global	_sparcv9_vis2_probe
+-.align	8
+-_sparcv9_vis2_probe:
+-	retl
+-	.word	0x81b00980	!bshuffle	%f0,%f0,%f0
+-.type	_sparcv9_vis2_probe,#function
+-.size	_sparcv9_vis2_probe,.-_sparcv9_vis2_probe
+-
 -.global	_sparcv9_fmadd_probe
 -.align	8
 -_sparcv9_fmadd_probe:
@@ -98,10 +194,18 @@
  .global	_sparcv9_rdcfr
  .align	8
  _sparcv9_rdcfr:
[email protected]@ -341,14 +331,6 @@
- .type	_sparcv9_vis3_probe,#function
- .size	_sparcv9_vis3_probe,.-_sparcv9_vis3_probe
[email protected]@ -333,22 +305,6 @@
+ .type	_sparcv9_rdcfr,#function
+ .size	_sparcv9_rdcfr,.-_sparcv9_rdcfr
  
+-.global	_sparcv9_vis3_probe
+-.align	8
+-_sparcv9_vis3_probe:
+-	retl
+-	.word	0x81b022a0	!xmulx	%g0,%g0,%g0
+-.type	_sparcv9_vis3_probe,#function
+-.size	_sparcv9_vis3_probe,.-_sparcv9_vis3_probe
+-
 -.global	_sparcv9_random
 -.align	8
 -_sparcv9_random: