if PACKAGE_libopenssl
-config OPENSSL_WITH_EC
+comment "Build Options"
+
+config OPENSSL_OPTIMIZE_SPEED
+ bool
+ prompt "Enable optimization for speed instead of size"
+ select OPENSSL_WITH_ASM
+ help
+ Enabling this option increases code size (around 20%) and
+ performance. The increase in performance and size depends on the
+ target CPU. EC and AES seem to benefit the most, with EC speed
+ increased by 20%-50% (mipsel & x86).
+ AES-GCM is supposed to be 3x faster on x86. YMMV.
+
+config OPENSSL_WITH_ASM
bool
default y
- prompt "Enable elliptic curve support"
+ prompt "Compile with optimized assembly code"
+ depends on !arc
+ help
+ Disabling this option will reduce code size and performance.
+ The increase in performance and size depends on the target
+ CPU and on the algorithms being optimized. As of 1.1.0i*:
-config OPENSSL_WITH_EC2M
- bool
- depends on OPENSSL_WITH_EC
- prompt "Enable ec2m support"
+ Platform Pkg Inc. Algorithms where assembly is used - ~% Speed Increase
+ aarch64 174K BN, aes, sha1, sha256, sha512, nist256, poly1305
+ arm 152K BN, aes, sha1, sha256, sha512, nist256, poly1305
+ i386 183K BN+147%, aes+300%, rc4+55%, sha1+160%, sha256+114%, sha512+270%, nist256+282%, poly1305+292%
+ mipsel 1.5K BN+97%, aes+4%, sha1+94%, sha256+60%
+ mips64 3.7K BN, aes, sha1, sha256, sha512, poly1305
+ powerpc 20K BN, aes, sha1, sha256, sha512, poly1305
+ x86_64 228K BN+220%, aes+173%, rc4+38%, sha1+40%, sha256+64%, sha512+31%, nist256+354%, poly1305+228%
-config OPENSSL_WITH_SSL3
+ * Only most common algorithms shown. Your mileage may vary.
+ BN (bignum) performance was measured using RSA sign/verify.
+
+config OPENSSL_WITH_SSE2
bool
- default n
- prompt "Enable sslv3 support"
+ default y if !TARGET_x86_legacy && !TARGET_x86_geode
+ prompt "Enable use of x86 SSE2 instructions"
+ depends on OPENSSL_WITH_ASM && i386
+ help
+ Use of SSE2 instructions greatly increase performance (up to
+ 3x faster) with a minimum (~0.2%, or 23KB) increase in package
+ size, but it will bring no benefit if your hardware does not
+ support them, such as Geode GX and LX. In this case you may
+ save 23KB by saying yes here. AMD Geode NX, and Intel
+ Pentium 4 and above support SSE2.
config OPENSSL_WITH_DEPRECATED
bool
default y
- prompt "Include deprecated APIs"
+ prompt "Include deprecated APIs (See help for a list of packages that need this)"
+ help
+ Squid currently requires this.
config OPENSSL_NO_DEPRECATED
bool
default !OPENSSL_WITH_DEPRECATED
-config OPENSSL_WITH_DTLS
+config OPENSSL_WITH_ERROR_MESSAGES
bool
- default n
- prompt "Enable DTLS support"
+ prompt "Include error messages"
+ help
+ This option aids debugging, but increases package size and
+ memory usage.
-config OPENSSL_WITH_COMPRESSION
+comment "Protocol Support"
+
+config OPENSSL_WITH_DTLS
bool
- default n
- prompt "Enable compression support"
+ prompt "Enable DTLS support"
+ help
+ Datagram Transport Layer Security (DTLS) provides TLS-like security
+ for datagram-based (UDP, DCCP, CAPWAP, SCTP & SRTP) applications.
config OPENSSL_WITH_NPN
bool
default y
prompt "Enable NPN support"
+ help
+ NPN is a TLS extension, obsoleted and replaced with ALPN,
+ used to negotiate SPDY, and HTTP/2.
+
+config OPENSSL_WITH_SRP
+ bool
+ default y
+ prompt "Enable SRP support"
+ help
+ The Secure Remote Password protocol (SRP) is an augmented
+ password-authenticated key agreement (PAKE) protocol, specifically
+ designed to work around existing patents.
+
+config OPENSSL_WITH_CMS
+ bool
+ default y
+ prompt "Enable CMS (RFC 5652) support"
+ help
+ Cryptographic Message Syntax (CMS) is used to digitally sign,
+ digest, authenticate, or encrypt arbitrary message content.
+
+comment "Algorithm Selection"
+
+config OPENSSL_WITH_EC
+ bool
+ default y
+ prompt "Enable elliptic curve support"
+ help
+ Elliptic-curve cryptography (ECC) is an approach to public-key
+ cryptography based on the algebraic structure of elliptic curves
+ over finite fields. ECC requires smaller keys compared to non-ECC
+ cryptography to provide equivalent security.
+
+config OPENSSL_WITH_EC2M
+ bool
+ depends on OPENSSL_WITH_EC
+ prompt "Enable ec2m support"
+ help
+ This option enables the more efficient, yet less common, binary
+ field elliptic curves.
config OPENSSL_WITH_PSK
bool
default y
prompt "Enable PSK support"
+ help
+ Build support for Pre-Shared Key based cipher suites.
-config OPENSSL_WITH_SRP
+comment "Less commonly used build options"
+
+config OPENSSL_WITH_CAMELLIA
bool
- default y
- prompt "Enable SRP support"
+ prompt "Enable Camellia cipher support"
+ help
+ Camellia is a bock cipher with security levels and processing
+ abilities comparable to AES.
-config OPENSSL_ENGINE_DIGEST
+config OPENSSL_WITH_IDEA
bool
- depends on OPENSSL_ENGINE_CRYPTO
- prompt "Digests acceleration support"
+ prompt "Enable IDEA cipher support"
+ help
+ IDEA is a block cipher with 128-bit keys.
-config OPENSSL_HARDWARE_SUPPORT
+config OPENSSL_WITH_SEED
bool
- default n
- prompt "Enable hardware support"
+ prompt "Enable SEED cipher support"
+ help
+ SEED is a block cipher with 128-bit keys broadly used in
+ South Korea, but seldom found elsewhere.
-config OPENSSL_OPTIMIZE_SPEED
+config OPENSSL_WITH_MDC2
bool
- default n
- prompt "Enable optimization for speed instead of size"
+ prompt "Enable MDC2 digest support"
-endif
+config OPENSSL_WITH_WHIRLPOOL
+ bool
+ prompt "Enable Whirlpool digest support"
+
+config OPENSSL_WITH_COMPRESSION
+ bool
+ prompt "Enable compression support"
+ help
+ TLS compression is not recommended, as it is deemed insecure.
+ The CRIME attack exploits this weakness.
+ Even with this option turned on, it is disabled by default, and the
+ application must explicitly turn it on.
+
+config OPENSSL_WITH_RFC3779
+ bool
+ prompt "Enable RFC3779 support (BGP)"
+ help
+ RFC 3779 defines two X.509 v3 certificate extensions. The first
+ binds a list of IP address blocks, or prefixes, to the subject of a
+ certificate. The second binds a list of autonomous system
+ identifiers to the subject of a certificate. These extensions may be
+ used to convey the authorization of the subject to use the IP
+ addresses and autonomous system identifiers contained in the
+ extensions.
+
+comment "Engine/Hardware Support"
+
+config OPENSSL_ENGINE
+ bool "Enable engine support"
+ help
+ This enables alternative cryptography implementations,
+ most commonly for interfacing with external crypto devices,
+ or supporting new/alternative ciphers and digests.
config OPENSSL_ENGINE_CRYPTO
bool
- select OPENSSL_HARDWARE_SUPPORT
- prompt "Crypto acceleration support" if PACKAGE_libopenssl
+ select OPENSSL_ENGINE
+ select PACKAGE_kmod-cryptodev
+ prompt "Acceleration support through /dev/crypto"
+ help
+ This enables use of hardware acceleration through OpenBSD
+ Cryptodev API (/dev/crypto) interface.
+ You must install kmod-cryptodev (under Kernel modules, Cryptographic
+ API modules) for /dev/crypto to show up and use hardware
+ acceleration; otherwise it falls back to software.
+
+config OPENSSL_ENGINE_DIGEST
+ bool
+ depends on OPENSSL_ENGINE_CRYPTO
+ prompt "/dev/crypto digest (md5/sha1) acceleration support"
+
+config OPENSSL_WITH_GOST
+ bool
+ prompt "Prepare library for GOST engine"
+ depends on OPENSSL_ENGINE
+ help
+ This option prepares the library to accept engine support
+ for Russian GOST crypto algorithms.
+
+endif
+
PKG_USE_MIPS16:=0
PKG_BUILD_PARALLEL:=0
-
+PKG_BUILD_DEPENDS:=cryptodev-linux
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:= \
http://www.openssl.org/source/ \
http://www.openssl.org/source/old/$(PKG_BASE)/
PKG_HASH:=5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684
+ENGINES_DIR=engines
PKG_LICENSE:=OpenSSL
PKG_LICENSE_FILES:=LICENSE
PKG_CPE_ID:=cpe:/a:openssl:openssl
PKG_CONFIG_DEPENDS:= \
+ CONFIG_OPENSSL_ENGINE \
CONFIG_OPENSSL_ENGINE_CRYPTO \
CONFIG_OPENSSL_ENGINE_DIGEST \
- CONFIG_OPENSSL_WITH_EC \
- CONFIG_OPENSSL_WITH_EC2M \
- CONFIG_OPENSSL_WITH_SSL3 \
- CONFIG_OPENSSL_HARDWARE_SUPPORT \
CONFIG_OPENSSL_NO_DEPRECATED \
- CONFIG_OPENSSL_WITH_DTLS \
+ CONFIG_OPENSSL_OPTIMIZE_SPEED \
+ CONFIG_OPENSSL_WITH_ASM \
+ CONFIG_OPENSSL_WITH_CAMELLIA \
+ CONFIG_OPENSSL_WITH_CMS \
CONFIG_OPENSSL_WITH_COMPRESSION \
+ CONFIG_OPENSSL_WITH_DTLS \
+ CONFIG_OPENSSL_WITH_EC \
+ CONFIG_OPENSSL_WITH_EC2M \
+ CONFIG_OPENSSL_WITH_ERROR_MESSAGES \
+ CONFIG_OPENSSL_WITH_GOST \
+ CONFIG_OPENSSL_WITH_IDEA \
+ CONFIG_OPENSSL_WITH_MDC2 \
CONFIG_OPENSSL_WITH_NPN \
CONFIG_OPENSSL_WITH_PSK \
+ CONFIG_OPENSSL_WITH_RFC3779 \
+ CONFIG_OPENSSL_WITH_SEED \
CONFIG_OPENSSL_WITH_SRP \
- CONFIG_OPENSSL_OPTIMIZE_SPEED
+ CONFIG_OPENSSL_WITH_SSE2 \
+ CONFIG_OPENSSL_WITH_WHIRLPOOL
include $(INCLUDE_DIR)/package.mk
define Package/openssl/Default
TITLE:=Open source SSL toolkit
URL:=http://www.openssl.org/
+ SECTION:=libs
+ CATEGORY:=Libraries
endef
define Package/libopenssl/config
define Package/openssl/Default/description
The OpenSSL Project is a collaborative effort to develop a robust,
-commercial-grade, full-featured, and Open Source toolkit implementing the Secure
-Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well
-as a full-strength general purpose cryptography library.
+commercial-grade, full-featured, and Open Source toolkit implementing the
+Transport Layer Security (TLS) protocol as well as a full-strength
+general-purpose cryptography library.
endef
define Package/libopenssl
$(call Package/openssl/Default)
- SECTION:=libs
SUBMENU:=SSL
- CATEGORY:=Libraries
DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib
TITLE+= (libraries)
ABI_VERSION:=1.0.0
This package contains the OpenSSL command-line utility.
endef
+define Package/libopenssl-gost
+ $(call Package/openssl/Default)
+ SUBMENU:=SSL
+ TITLE:=Russian GOST algorithms engine
+ DEPENDS:=libopenssl +@OPENSSL_WITH_GOST
+endef
+
+define Package/libopenssl-gost/description
+This package adds an engine that enables Russian GOST algorithms.
+To use it, you need to configure the engine in /etc/ssl/openssl.cnf
+See https://www.openssl.org/docs/man1.0.2/apps/config.html#ENGINE-CONFIGURATION-MODULE
+The engine_id is "gost"
+endef
-OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc5 no-sha0 no-camellia no-krb5 \
- no-whrlpool no-whirlpool no-seed no-jpake
-OPENSSL_OPTIONS:= shared no-err no-sse2 no-ssl2 no-ssl2-method no-heartbeats
+define Package/libopenssl-padlock
+ $(call Package/openssl/Default)
+ SUBMENU:=SSL
+ TITLE:=VIA Padlock hardware acceleration engine
+ DEPENDS:=libopenssl @OPENSSL_ENGINE @TARGET_x86 +kmod-crypto-hw-padlock
+endef
-ifdef CONFIG_OPENSSL_ENGINE_CRYPTO
- OPENSSL_OPTIONS += -DHAVE_CRYPTODEV
- ifdef CONFIG_OPENSSL_ENGINE_DIGEST
- OPENSSL_OPTIONS += -DUSE_CRYPTODEV_DIGESTS
- endif
-else
- OPENSSL_OPTIONS += no-engines
-endif
+define Package/libopenssl-padlock/description
+This package adds an engine that enables VIA Padlock hardware acceleration.
+To use it, you need to configure it in /etc/ssl/openssl.cnf.
+See https://www.openssl.org/docs/man1.0.2/apps/config.html#ENGINE-CONFIGURATION-MODULE
+The engine_id is "padlock"
+endef
+
+OPENSSL_OPTIONS:= shared no-heartbeats no-sha0 no-ssl2-method no-ssl3-method
ifndef CONFIG_OPENSSL_WITH_EC
OPENSSL_OPTIONS += no-ec
OPENSSL_OPTIONS += no-ec2m
endif
-ifndef CONFIG_OPENSSL_WITH_SSL3
- OPENSSL_OPTIONS += no-ssl3 no-ssl3-method
+ifndef CONFIG_OPENSSL_WITH_ERROR_MESSAGES
+ OPENSSL_OPTIONS += no-err
+endif
+
+ifndef CONFIG_OPENSSL_WITH_CAMELLIA
+ OPENSSL_OPTIONS += no-camellia
+endif
+
+ifndef CONFIG_OPENSSL_WITH_IDEA
+ OPENSSL_OPTIONS += no-idea
+endif
+
+ifndef CONFIG_OPENSSL_WITH_SEED
+ OPENSSL_OPTIONS += no-seed
endif
-ifndef CONFIG_OPENSSL_HARDWARE_SUPPORT
- OPENSSL_OPTIONS += no-hw
+ifndef CONFIG_OPENSSL_WITH_MDC2
+ OPENSSL_OPTIONS += no-mdc2
+endif
+
+ifndef CONFIG_OPENSSL_WITH_WHIRLPOOL
+ OPENSSL_OPTIONS += no-whirlpool
+endif
+
+ifndef CONFIG_OPENSSL_WITH_CMS
+ OPENSSL_OPTIONS += no-cms
+endif
+
+ifdef CONFIG_OPENSSL_WITH_RFC3779
+ OPENSSL_OPTIONS += enable-rfc3779
endif
ifdef CONFIG_OPENSSL_NO_DEPRECATED
OPENSSL_OPTIONS += no-deprecated
endif
+ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED),y)
+ TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS)) -O3
+else
+ OPENSSL_OPTIONS += -DOPENSSL_SMALL_FOOTPRINT
+endif
+
+ifdef CONFIG_OPENSSL_ENGINE
+ ifdef CONFIG_OPENSSL_ENGINE_CRYPTO
+ OPENSSL_OPTIONS += -DHAVE_CRYPTODEV
+ ifdef CONFIG_OPENSSL_ENGINE_DIGEST
+ OPENSSL_OPTIONS += -DUSE_CRYPTODEV_DIGESTS
+ endif
+ endif
+ ifndef CONFIG_PACKAGE_libopenssl-padlock
+ OPENSSL_OPTIONS += no-hw-padlock
+ endif
+else
+ OPENSSL_OPTIONS += no-engine
+endif
+
+ifndef CONFIG_OPENSSL_WITH_GOST
+ OPENSSL_OPTIONS += no-gost
+endif
+
+# Even with no-dtls and no-dtls1 options, the library keeps the DTLS code,
+# but openssl util gets built without it
ifndef CONFIG_OPENSSL_WITH_DTLS
- OPENSSL_OPTIONS += no-dtls
+ OPENSSL_OPTIONS += no-dtls no-dtls1
endif
ifdef CONFIG_OPENSSL_WITH_COMPRESSION
OPENSSL_OPTIONS += no-srp
endif
-ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED),y)
- TARGET_CFLAGS := $(filter-out -Os,$(TARGET_CFLAGS)) -O3
+ifndef CONFIG_OPENSSL_WITH_ASM
+ OPENSSL_OPTIONS += no-asm
endif
-ifeq ($(CONFIG_x86_64),y)
- OPENSSL_TARGET:=linux-x86_64-openwrt
- OPENSSL_MAKEFLAGS += LIBDIR=lib
-else
- OPENSSL_OPTIONS+=no-sse2
- ifeq ($(CONFIG_mips)$(CONFIG_mipsel),y)
- OPENSSL_TARGET:=linux-mips-openwrt
- else ifeq ($(CONFIG_aarch64),y)
- OPENSSL_TARGET:=linux-aarch64-openwrt
- else ifeq ($(CONFIG_arm)$(CONFIG_armeb),y)
- OPENSSL_TARGET:=linux-armv4-openwrt
- else
- OPENSSL_TARGET:=linux-generic-openwrt
- OPENSSL_OPTIONS+=no-perlasm
+ifdef CONFIG_i386
+ ifndef CONFIG_OPENSSL_WITH_SSE2
+ OPENSSL_OPTIONS += no-sse2
endif
endif
+OPENSSL_TARGET:=linux-$(call qstrip,$(CONFIG_ARCH))-openwrt
+
STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | mkhash md5)
define Build/Configure
(cd $(PKG_BUILD_DIR); \
./Configure $(OPENSSL_TARGET) \
--prefix=/usr \
+ --libdir=lib \
--openssldir=/etc/ssl \
$(TARGET_CPPFLAGS) \
- $(TARGET_LDFLAGS) -ldl \
- $(if $(CONFIG_OPENSSL_OPTIMIZE_SPEED),,-DOPENSSL_SMALL_FOOTPRINT) \
- $(OPENSSL_NO_CIPHERS) \
+ $(TARGET_LDFLAGS) \
$(OPENSSL_OPTIONS) \
)
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
depend
endef
-TARGET_CFLAGS += $(FPIC) -I$(CURDIR)/include -ffunction-sections -fdata-sections
+TARGET_CFLAGS += $(FPIC) -ffunction-sections -fdata-sections
TARGET_LDFLAGS += -Wl,--gc-sections
define Build/Compile
endef
define Package/libopenssl/install
+ $(INSTALL_DIR) $(1)/etc/ssl/certs
+ $(INSTALL_DIR) $(1)/etc/ssl/private
+ chmod 0700 $(1)/etc/ssl/private
$(INSTALL_DIR) $(1)/usr/lib
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libcrypto.so.* $(1)/usr/lib/
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libssl.so.* $(1)/usr/lib/
+ $(if $(CONFIG_OPENSSL_ENGINE),$(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR))
endef
define Package/openssl-util/install
$(INSTALL_DIR) $(1)/etc/ssl
$(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/
- $(INSTALL_DIR) $(1)/etc/ssl/certs
- $(INSTALL_DIR) $(1)/etc/ssl/private
- chmod 0700 $(1)/etc/ssl/private
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openssl $(1)/usr/bin/
endef
+define Package/libopenssl-padlock/install
+ $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/*padlock.so $(1)/usr/lib/$(ENGINES_DIR)
+endef
+
+define Package/libopenssl-gost/install
+ $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/libgost.so $(1)/usr/lib/$(ENGINES_DIR)
+endef
+
$(eval $(call BuildPackage,libopenssl))
+$(eval $(call BuildPackage,libopenssl-gost))
+$(eval $(call BuildPackage,libopenssl-padlock))
$(eval $(call BuildPackage,openssl-util))
+++ /dev/null
-/* This is a source compatible implementation with the original API of
- * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h.
- * Placed under public domain */
-
-#ifndef L_CRYPTODEV_H
-#define L_CRYPTODEV_H
-
-#include <linux/types.h>
-#ifndef __KERNEL__
-#define __user
-#endif
-
-/* API extensions for linux */
-#define CRYPTO_HMAC_MAX_KEY_LEN 512
-#define CRYPTO_CIPHER_MAX_KEY_LEN 64
-
-/* All the supported algorithms
- */
-enum cryptodev_crypto_op_t {
- CRYPTO_DES_CBC = 1,
- CRYPTO_3DES_CBC = 2,
- CRYPTO_BLF_CBC = 3,
- CRYPTO_CAST_CBC = 4,
- CRYPTO_SKIPJACK_CBC = 5,
- CRYPTO_MD5_HMAC = 6,
- CRYPTO_SHA1_HMAC = 7,
- CRYPTO_RIPEMD160_HMAC = 8,
- CRYPTO_MD5_KPDK = 9,
- CRYPTO_SHA1_KPDK = 10,
- CRYPTO_RIJNDAEL128_CBC = 11,
- CRYPTO_AES_CBC = CRYPTO_RIJNDAEL128_CBC,
- CRYPTO_ARC4 = 12,
- CRYPTO_MD5 = 13,
- CRYPTO_SHA1 = 14,
- CRYPTO_DEFLATE_COMP = 15,
- CRYPTO_NULL = 16,
- CRYPTO_LZS_COMP = 17,
- CRYPTO_SHA2_256_HMAC = 18,
- CRYPTO_SHA2_384_HMAC = 19,
- CRYPTO_SHA2_512_HMAC = 20,
- CRYPTO_AES_CTR = 21,
- CRYPTO_AES_XTS = 22,
- CRYPTO_AES_ECB = 23,
- CRYPTO_AES_GCM = 50,
-
- CRYPTO_CAMELLIA_CBC = 101,
- CRYPTO_RIPEMD160,
- CRYPTO_SHA2_224,
- CRYPTO_SHA2_256,
- CRYPTO_SHA2_384,
- CRYPTO_SHA2_512,
- CRYPTO_SHA2_224_HMAC,
- CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
-};
-
-#define CRYPTO_ALGORITHM_MAX (CRYPTO_ALGORITHM_ALL - 1)
-
-/* Values for ciphers */
-#define DES_BLOCK_LEN 8
-#define DES3_BLOCK_LEN 8
-#define RIJNDAEL128_BLOCK_LEN 16
-#define AES_BLOCK_LEN RIJNDAEL128_BLOCK_LEN
-#define CAMELLIA_BLOCK_LEN 16
-#define BLOWFISH_BLOCK_LEN 8
-#define SKIPJACK_BLOCK_LEN 8
-#define CAST128_BLOCK_LEN 8
-
-/* the maximum of the above */
-#define EALG_MAX_BLOCK_LEN 16
-
-/* Values for hashes/MAC */
-#define AALG_MAX_RESULT_LEN 64
-
-/* maximum length of verbose alg names (depends on CRYPTO_MAX_ALG_NAME) */
-#define CRYPTODEV_MAX_ALG_NAME 64
-
-#define HASH_MAX_LEN 64
-
-/* input of CIOCGSESSION */
-struct session_op {
- /* Specify either cipher or mac
- */
- __u32 cipher; /* cryptodev_crypto_op_t */
- __u32 mac; /* cryptodev_crypto_op_t */
-
- __u32 keylen;
- __u8 __user *key;
- __u32 mackeylen;
- __u8 __user *mackey;
-
- __u32 ses; /* session identifier */
-};
-
-struct session_info_op {
- __u32 ses; /* session identifier */
-
- /* verbose names for the requested ciphers */
- struct alg_info {
- char cra_name[CRYPTODEV_MAX_ALG_NAME];
- char cra_driver_name[CRYPTODEV_MAX_ALG_NAME];
- } cipher_info, hash_info;
-
- __u16 alignmask; /* alignment constraints */
- __u32 flags; /* SIOP_FLAGS_* */
-};
-
-/* If this flag is set then this algorithm uses
- * a driver only available in kernel (software drivers,
- * or drivers based on instruction sets do not set this flag).
- *
- * If multiple algorithms are involved (as in AEAD case), then
- * if one of them is kernel-driver-only this flag will be set.
- */
-#define SIOP_FLAG_KERNEL_DRIVER_ONLY 1
-
-#define COP_ENCRYPT 0
-#define COP_DECRYPT 1
-
-/* input of CIOCCRYPT */
-struct crypt_op {
- __u32 ses; /* session identifier */
- __u16 op; /* COP_ENCRYPT or COP_DECRYPT */
- __u16 flags; /* see COP_FLAG_* */
- __u32 len; /* length of source data */
- __u8 __user *src; /* source data */
- __u8 __user *dst; /* pointer to output data */
- /* pointer to output data for hash/MAC operations */
- __u8 __user *mac;
- /* initialization vector for encryption operations */
- __u8 __user *iv;
-};
-
-/* input of CIOCAUTHCRYPT */
-struct crypt_auth_op {
- __u32 ses; /* session identifier */
- __u16 op; /* COP_ENCRYPT or COP_DECRYPT */
- __u16 flags; /* see COP_FLAG_AEAD_* */
- __u32 len; /* length of source data */
- __u32 auth_len; /* length of auth data */
- __u8 __user *auth_src; /* authenticated-only data */
-
- /* The current implementation is more efficient if data are
- * encrypted in-place (src==dst). */
- __u8 __user *src; /* data to be encrypted and authenticated */
- __u8 __user *dst; /* pointer to output data. Must have
- * space for tag. For TLS this should be at least
- * len + tag_size + block_size for padding */
-
- __u8 __user *tag; /* where the tag will be copied to. TLS mode
- * doesn't use that as tag is copied to dst.
- * SRTP mode copies tag there. */
- __u32 tag_len; /* the length of the tag. Use zero for digest size or max tag. */
-
- /* initialization vector for encryption operations */
- __u8 __user *iv;
- __u32 iv_len;
-};
-
-/* In plain AEAD mode the following are required:
- * flags : 0
- * iv : the initialization vector (12 bytes)
- * auth_len: the length of the data to be authenticated
- * auth_src: the data to be authenticated
- * len : length of data to be encrypted
- * src : the data to be encrypted
- * dst : space to hold encrypted data. It must have
- * at least a size of len + tag_size.
- * tag_size: the size of the desired authentication tag or zero to use
- * the maximum tag output.
- *
- * Note tag isn't being used because the Linux AEAD interface
- * copies the tag just after data.
- */
-
-/* In TLS mode (used for CBC ciphers that required padding)
- * the following are required:
- * flags : COP_FLAG_AEAD_TLS_TYPE
- * iv : the initialization vector
- * auth_len: the length of the data to be authenticated only
- * len : length of data to be encrypted
- * auth_src: the data to be authenticated
- * src : the data to be encrypted
- * dst : space to hold encrypted data (preferably in-place). It must have
- * at least a size of len + tag_size + blocksize.
- * tag_size: the size of the desired authentication tag or zero to use
- * the default mac output.
- *
- * Note that the padding used is the minimum padding.
- */
-
-/* In SRTP mode the following are required:
- * flags : COP_FLAG_AEAD_SRTP_TYPE
- * iv : the initialization vector
- * auth_len: the length of the data to be authenticated. This must
- * include the SRTP header + SRTP payload (data to be encrypted) + rest
- *
- * len : length of data to be encrypted
- * auth_src: pointer the data to be authenticated. Should point at the same buffer as src.
- * src : pointer to the data to be encrypted.
- * dst : This is mandatory to be the same as src (in-place only).
- * tag_size: the size of the desired authentication tag or zero to use
- * the default mac output.
- * tag : Pointer to an address where the authentication tag will be copied.
- */
-
-
-/* struct crypt_op flags */
-
-#define COP_FLAG_NONE (0 << 0) /* totally no flag */
-#define COP_FLAG_UPDATE (1 << 0) /* multi-update hash mode */
-#define COP_FLAG_FINAL (1 << 1) /* multi-update final hash mode */
-#define COP_FLAG_WRITE_IV (1 << 2) /* update the IV during operation */
-#define COP_FLAG_NO_ZC (1 << 3) /* do not zero-copy */
-#define COP_FLAG_AEAD_TLS_TYPE (1 << 4) /* authenticate and encrypt using the
- * TLS protocol rules */
-#define COP_FLAG_AEAD_SRTP_TYPE (1 << 5) /* authenticate and encrypt using the
- * SRTP protocol rules */
-#define COP_FLAG_RESET (1 << 6) /* multi-update reset the state.
- * should be used in combination
- * with COP_FLAG_UPDATE */
-
-
-/* Stuff for bignum arithmetic and public key
- * cryptography - not supported yet by linux
- * cryptodev.
- */
-
-#define CRYPTO_ALG_FLAG_SUPPORTED 1
-#define CRYPTO_ALG_FLAG_RNG_ENABLE 2
-#define CRYPTO_ALG_FLAG_DSA_SHA 4
-
-struct crparam {
- __u8 *crp_p;
- __u32 crp_nbits;
-};
-
-#define CRK_MAXPARAM 8
-
-/* input of CIOCKEY */
-struct crypt_kop {
- __u32 crk_op; /* cryptodev_crk_op_t */
- __u32 crk_status;
- __u16 crk_iparams;
- __u16 crk_oparams;
- __u32 crk_pad1;
- struct crparam crk_param[CRK_MAXPARAM];
-};
-
-enum cryptodev_crk_op_t {
- CRK_MOD_EXP = 0,
- CRK_MOD_EXP_CRT = 1,
- CRK_DSA_SIGN = 2,
- CRK_DSA_VERIFY = 3,
- CRK_DH_COMPUTE_KEY = 4,
- CRK_ALGORITHM_ALL
-};
-
-#define CRK_ALGORITHM_MAX (CRK_ALGORITHM_ALL-1)
-
-/* features to be queried with CIOCASYMFEAT ioctl
- */
-#define CRF_MOD_EXP (1 << CRK_MOD_EXP)
-#define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT)
-#define CRF_DSA_SIGN (1 << CRK_DSA_SIGN)
-#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY)
-#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY)
-
-
-/* ioctl's. Compatible with old linux cryptodev.h
- */
-#define CRIOGET _IOWR('c', 101, __u32)
-#define CIOCGSESSION _IOWR('c', 102, struct session_op)
-#define CIOCFSESSION _IOW('c', 103, __u32)
-#define CIOCCRYPT _IOWR('c', 104, struct crypt_op)
-#define CIOCKEY _IOWR('c', 105, struct crypt_kop)
-#define CIOCASYMFEAT _IOR('c', 106, __u32)
-#define CIOCGSESSINFO _IOWR('c', 107, struct session_info_op)
-
-/* to indicate that CRIOGET is not required in linux
- */
-#define CRIOGET_NOT_NEEDED 1
-
-/* additional ioctls for AEAD */
-#define CIOCAUTHCRYPT _IOWR('c', 109, struct crypt_auth_op)
-
-/* additional ioctls for asynchronous operation.
- * These are conditionally enabled since version 1.6.
- */
-#define CIOCASYNCCRYPT _IOW('c', 110, struct crypt_op)
-#define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op)
-
-#endif /* L_CRYPTODEV_H */
--- /dev/null
+From 1ce02d8c7ce3e4a2c16b92968c8aea5a15746917 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Wed, 26 Sep 2018 16:21:27 -0300
+Subject: Add openwrt targets
+
+Targets are named: linux-$(CONFIG_ARCH)-openwrt
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+--- a/Configure
++++ b/Configure
+@@ -470,6 +470,32 @@ my %table=(
+ "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+ "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+
++# OpenWrt targets
++# from linux-aarch64
++"linux-aarch64-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++# from linux-generic32
++"linux-arc-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++# from linux-armv4
++"linux-arm-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++# from linux-armv4
++"linux-armeb-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++# from linux-elf
++"linux-i386-openwrt", "gcc:-DL_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++# from linux-mips32
++"linux-mips-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++# from linux64-mips64
++"linux-mips64-openwrt", "gcc:-mabi=64 -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++# from linux64-mips64
++"linux-mips64el-openwrt", "gcc:-mabi=64 -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++# from linux-mips32
++"linux-mipsel-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++# from linux-ppc
++"linux-powerpc-openwrt", "gcc:-DB_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++# from linux-x86_64
++"linux-x86_64-openwrt", "gcc:-m64 -DL_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++# from linux-generic32
++"linux-generic32-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++
+ # Android: linux-* but without pointers to headers and libs.
+ "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+++ /dev/null
---- a/Configure
-+++ b/Configure
-@@ -470,6 +470,13 @@ my %table=(
- "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
- "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
-
-+# OpenWrt targets
-+"linux-armv4-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-aarch64-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-x86_64-openwrt", "gcc:-m64 -DL_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux-mips-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-generic-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+
- # Android: linux-* but without pointers to headers and libs.
- "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--- /dev/null
+--- a/Configure
++++ b/Configure
+@@ -1,4 +1,4 @@
+-:
++#!/usr/bin/perl
+ eval 'exec perl -S $0 ${1+"$@"}'
+ if $running_under_some_shell;
+ ##
+--- a/tools/c_rehash.in
++++ b/tools/c_rehash.in
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl
++#!/usr/bin/perl
+
+ # Perl c_rehash script, scan all files in a directory
+ # and add symbolic links to their hash values.
+--- a/util/clean-depend.pl
++++ b/util/clean-depend.pl
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl -w
++#!/usr/bin/perl
+ # Clean the dependency list in a makefile of standard includes...
+ # Written by Ben Laurie <ben@algroup.co.uk> 19 Jan 1999
+
+--- a/util/mkdef.pl
++++ b/util/mkdef.pl
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl -w
++#!/usr/bin/perl
+ #
+ # generate a .def file
+ #
+--- a/util/mkerr.pl
++++ b/util/mkerr.pl
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl -w
++#!/usr/bin/perl
+
+ my $config = "crypto/err/openssl.ec";
+ my $hprefix = "openssl/";
+--- a/util/mkstack.pl
++++ b/util/mkstack.pl
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl -w
++#!/usr/bin/perl
+
+ # This is a utility that searches out "DECLARE_STACK_OF()"
+ # declarations in .h and .c files, and updates/creates/replaces
+--- a/util/pod2man.pl
++++ b/util/pod2man.pl
+@@ -1,4 +1,4 @@
+-: #!/usr/bin/perl-5.005
++#!/usr/bin/perl
+ eval 'exec /usr/bin/perl -S $0 ${1+"$@"}'
+ if $running_under_some_shell;
+
+--- a/util/selftest.pl
++++ b/util/selftest.pl
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl -w
++#!/usr/bin/perl
+ #
+ # Run the test suite and generate a report
+ #
--- /dev/null
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -137,7 +137,7 @@ FIPSCANLIB=
+
+ BASEADDR=
+
+-DIRS= crypto ssl engines apps test tools
++DIRS= crypto ssl engines apps
+ ENGDIRS= ccgost
+ SHLIBDIRS= crypto ssl
+
--- /dev/null
+--- a/Makefile
++++ b/Makefile
+@@ -139,7 +139,7 @@ FIPSCANLIB=
+
+ BASEADDR=0xFB00000
+
+-DIRS= crypto ssl engines apps test tools
++DIRS= crypto ssl engines apps tools
+ ENGDIRS= ccgost
+ SHLIBDIRS= crypto ssl
+
+@@ -157,7 +157,7 @@ SDIRS= \
+
+ # tests to perform. "alltests" is a special word indicating that all tests
+ # should be performed.
+-TESTS = alltests
++TESTS =
+
+ MAKEFILE= Makefile
+
+@@ -171,7 +171,7 @@ SHELL=/bin/sh
+
+ TOP= .
+ ONEDIRS=out tmp
+-EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
++EDIRS= times bugs util include certs ms shlib mt demos perl sf dep VMS
+ WDIRS= windows
+ LIBS= libcrypto.a libssl.a
+ SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
+@@ -276,7 +276,7 @@ reflect:
+
+ sub_all: build_all
+
+-build_all: build_libs build_apps build_tests build_tools
++build_all: build_libs build_apps build_tools
+
+ build_libs: build_libcrypto build_libssl openssl.pc
+
+@@ -542,7 +542,7 @@ dist:
+ @$(MAKE) SDIRS='$(SDIRS)' clean
+ @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
+
+-install: all install_docs install_sw
++install: all install_sw
+
+ install_sw:
+ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -540,7 +540,7 @@ dist:
+ @$(MAKE) SDIRS='$(SDIRS)' clean
+ @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
+
+-install: all install_docs install_sw
++install: all install_sw
+
+ install_sw:
+ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+++ /dev/null
---- a/Configure
-+++ b/Configure
-@@ -1,4 +1,4 @@
--:
-+#!/usr/bin/perl
- eval 'exec perl -S $0 ${1+"$@"}'
- if $running_under_some_shell;
- ##
---- a/tools/c_rehash.in
-+++ b/tools/c_rehash.in
-@@ -1,4 +1,4 @@
--#!/usr/local/bin/perl
-+#!/usr/bin/perl
-
- # Perl c_rehash script, scan all files in a directory
- # and add symbolic links to their hash values.
---- a/util/clean-depend.pl
-+++ b/util/clean-depend.pl
-@@ -1,4 +1,4 @@
--#!/usr/local/bin/perl -w
-+#!/usr/bin/perl
- # Clean the dependency list in a makefile of standard includes...
- # Written by Ben Laurie <ben@algroup.co.uk> 19 Jan 1999
-
---- a/util/mkdef.pl
-+++ b/util/mkdef.pl
-@@ -1,4 +1,4 @@
--#!/usr/local/bin/perl -w
-+#!/usr/bin/perl
- #
- # generate a .def file
- #
---- a/util/mkerr.pl
-+++ b/util/mkerr.pl
-@@ -1,4 +1,4 @@
--#!/usr/local/bin/perl -w
-+#!/usr/bin/perl
-
- my $config = "crypto/err/openssl.ec";
- my $hprefix = "openssl/";
---- a/util/mkstack.pl
-+++ b/util/mkstack.pl
-@@ -1,4 +1,4 @@
--#!/usr/local/bin/perl -w
-+#!/usr/bin/perl
-
- # This is a utility that searches out "DECLARE_STACK_OF()"
- # declarations in .h and .c files, and updates/creates/replaces
---- a/util/pod2man.pl
-+++ b/util/pod2man.pl
-@@ -1,4 +1,4 @@
--: #!/usr/bin/perl-5.005
-+#!/usr/bin/perl
- eval 'exec /usr/bin/perl -S $0 ${1+"$@"}'
- if $running_under_some_shell;
-
---- a/util/selftest.pl
-+++ b/util/selftest.pl
-@@ -1,4 +1,4 @@
--#!/usr/local/bin/perl -w
-+#!/usr/bin/perl
- #
- # Run the test suite and generate a report
- #
--- /dev/null
+--- a/util/domd
++++ b/util/domd
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/usr/bin/env bash
+ # Do a makedepend, only leave out the standard headers
+ # Written by Ben Laurie <ben@algroup.co.uk> 19 Jan 1999
+
+++ /dev/null
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -137,7 +137,7 @@ FIPSCANLIB=
-
- BASEADDR=
-
--DIRS= crypto ssl engines apps test tools
-+DIRS= crypto ssl apps
- ENGDIRS= ccgost
- SHLIBDIRS= crypto ssl
-
--- /dev/null
+--- a/Makefile.shared
++++ b/Makefile.shared
+@@ -95,7 +95,6 @@ LINK_APP= \
+ LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
+ LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+- LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+ $${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} )
+
+ LINK_SO= \
+@@ -105,7 +104,6 @@ LINK_SO= \
+ SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+ LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+- LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+ $${SHAREDCMD} $${SHAREDFLAGS} \
+ -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+ $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
+++ /dev/null
---- a/Configure
-+++ b/Configure
-@@ -2144,6 +2144,11 @@ EOF
- close(OUT);
- }
-
-+# ugly hack to disable engines
-+if($target eq "mingwx") {
-+ system("sed -e s/^LIB/XLIB/g -i engines/Makefile");
-+}
-+
- print <<EOF;
-
- Configured for $target.
---- a/util/libeay.num
-+++ b/util/libeay.num
-@@ -2075,7 +2075,6 @@ PKCS7_ATTR_SIGN_it
- UI_add_error_string 2633 EXIST::FUNCTION:
- KRB5_CHECKSUM_free 2634 EXIST::FUNCTION:
- OCSP_REQUEST_get_ext 2635 EXIST::FUNCTION:
--ENGINE_load_ubsec 2636 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
- ENGINE_register_all_digests 2637 EXIST::FUNCTION:ENGINE
- PKEY_USAGE_PERIOD_it 2638 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- PKEY_USAGE_PERIOD_it 2638 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-@@ -2549,7 +2548,6 @@ OCSP_RESPONSE_new
- AES_set_encrypt_key 3024 EXIST::FUNCTION:AES
- OCSP_resp_count 3025 EXIST::FUNCTION:
- KRB5_CHECKSUM_new 3026 EXIST::FUNCTION:
--ENGINE_load_cswift 3027 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
- OCSP_onereq_get0_id 3028 EXIST::FUNCTION:
- ENGINE_set_default_ciphers 3029 EXIST::FUNCTION:ENGINE
- NOTICEREF_it 3030 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -2580,7 +2578,6 @@ ASN1_primitive_free
- i2d_EXTENDED_KEY_USAGE 3052 EXIST::FUNCTION:
- i2d_OCSP_SIGNATURE 3053 EXIST::FUNCTION:
- asn1_enc_save 3054 EXIST::FUNCTION:
--ENGINE_load_nuron 3055 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
- _ossl_old_des_pcbc_encrypt 3056 EXIST::FUNCTION:DES
- PKCS12_MAC_DATA_it 3057 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- PKCS12_MAC_DATA_it 3057 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-@@ -2604,7 +2601,6 @@ asn1_get_choice_selector
- i2d_KRB5_CHECKSUM 3072 EXIST::FUNCTION:
- ENGINE_set_table_flags 3073 EXIST::FUNCTION:ENGINE
- AES_options 3074 EXIST::FUNCTION:AES
--ENGINE_load_chil 3075 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
- OCSP_id_cmp 3076 EXIST::FUNCTION:
- OCSP_BASICRESP_new 3077 EXIST::FUNCTION:
- OCSP_REQUEST_get_ext_by_NID 3078 EXIST::FUNCTION:
-@@ -2671,7 +2667,6 @@ OCSP_CRLID_it
- OCSP_CRLID_it 3127 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- i2d_KRB5_AUTHENTBODY 3128 EXIST::FUNCTION:
- OCSP_REQUEST_get_ext_count 3129 EXIST::FUNCTION:
--ENGINE_load_atalla 3130 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
- X509_NAME_it 3131 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- X509_NAME_it 3131 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- USERNOTICE_it 3132 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -2766,8 +2761,6 @@ DES_read_2passwords
- DES_read_password 3207 EXIST::FUNCTION:DES
- UI_UTIL_read_pw 3208 EXIST::FUNCTION:
- UI_UTIL_read_pw_string 3209 EXIST::FUNCTION:
--ENGINE_load_aep 3210 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
--ENGINE_load_sureware 3211 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
- OPENSSL_add_all_algorithms_noconf 3212 EXIST:!VMS:FUNCTION:
- OPENSSL_add_all_algo_noconf 3212 EXIST:VMS:FUNCTION:
- OPENSSL_add_all_algorithms_conf 3213 EXIST:!VMS:FUNCTION:
-@@ -2776,7 +2769,6 @@ OPENSSL_load_builtin_modules
- AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES
- AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES
- AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES
--ENGINE_load_4758cca 3218 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
- _ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES
- EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES
- EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES
-@@ -3111,7 +3103,6 @@ EC_GFp_nist_method
- STORE_meth_set_modify_fn 3530 NOEXIST::FUNCTION:
- STORE_method_set_modify_function 3530 NOEXIST::FUNCTION:
- STORE_parse_attrs_next 3531 NOEXIST::FUNCTION:
--ENGINE_load_padlock 3532 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
- EC_GROUP_set_curve_name 3533 EXIST::FUNCTION:EC
- X509_CERT_PAIR_it 3534 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- X509_CERT_PAIR_it 3534 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+++ /dev/null
---- a/Makefile
-+++ b/Makefile
-@@ -139,7 +139,7 @@ FIPSCANLIB=
-
- BASEADDR=0xFB00000
-
--DIRS= crypto ssl engines apps test tools
-+DIRS= crypto ssl engines apps tools
- ENGDIRS= ccgost
- SHLIBDIRS= crypto ssl
-
-@@ -157,7 +157,7 @@ SDIRS= \
-
- # tests to perform. "alltests" is a special word indicating that all tests
- # should be performed.
--TESTS = alltests
-+TESTS =
-
- MAKEFILE= Makefile
-
-@@ -171,7 +171,7 @@ SHELL=/bin/sh
-
- TOP= .
- ONEDIRS=out tmp
--EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
-+EDIRS= times bugs util include certs ms shlib mt demos perl sf dep VMS
- WDIRS= windows
- LIBS= libcrypto.a libssl.a
- SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
-@@ -276,7 +276,7 @@ reflect:
-
- sub_all: build_all
-
--build_all: build_libs build_apps build_tests build_tools
-+build_all: build_libs build_apps build_tools
-
- build_libs: build_libcrypto build_libssl openssl.pc
-
-@@ -542,7 +542,7 @@ dist:
- @$(MAKE) SDIRS='$(SDIRS)' clean
- @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
-
--install: all install_docs install_sw
-+install: all install_sw
-
- install_sw:
- @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -540,7 +540,7 @@ dist:
- @$(MAKE) SDIRS='$(SDIRS)' clean
- @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
-
--install: all install_docs install_sw
-+install: all install_sw
-
- install_sw:
- @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
--- /dev/null
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -185,7 +185,7 @@ TARFILE= ../$(NAME).tar
+ EXHEADER= e_os2.h
+ HEADER= e_os.h
+
+-all: Makefile build_all
++all: build_all
+
+ # as we stick to -e, CLEARENV ensures that local variables in lower
+ # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
+@@ -404,11 +404,6 @@ openssl.pc: Makefile
+ echo 'Version: '$(VERSION); \
+ echo 'Requires: libssl libcrypto' ) > openssl.pc
+
+-Makefile: Makefile.org Configure config
+- @echo "Makefile is older than Makefile.org, Configure or config."
+- @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
+- @false
+-
+ libclean:
+ rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib
+
+++ /dev/null
---- a/util/domd
-+++ b/util/domd
-@@ -1,4 +1,4 @@
--#!/bin/sh
-+#!/usr/bin/env bash
- # Do a makedepend, only leave out the standard headers
- # Written by Ben Laurie <ben@algroup.co.uk> 19 Jan 1999
-
--- /dev/null
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -282,17 +282,17 @@ build_libcrypto: build_crypto build_engi
+ build_libssl: build_ssl libssl.pc
+
+ build_crypto:
+- @dir=crypto; target=all; $(BUILD_ONE_CMD)
++ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
+ build_ssl: build_crypto
+- @dir=ssl; target=all; $(BUILD_ONE_CMD)
++ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
+ build_engines: build_crypto
+- @dir=engines; target=all; $(BUILD_ONE_CMD)
++ +@dir=engines; target=all; $(BUILD_ONE_CMD)
+ build_apps: build_libs
+- @dir=apps; target=all; $(BUILD_ONE_CMD)
++ +@dir=apps; target=all; $(BUILD_ONE_CMD)
+ build_tests: build_libs
+- @dir=test; target=all; $(BUILD_ONE_CMD)
++ +@dir=test; target=all; $(BUILD_ONE_CMD)
+ build_tools: build_libs
+- @dir=tools; target=all; $(BUILD_ONE_CMD)
++ +@dir=tools; target=all; $(BUILD_ONE_CMD)
+
+ all_testapps: build_libs build_testapps
+ build_testapps:
+@@ -473,7 +473,7 @@ update: errors stacks util/libeay.num ut
+ @set -e; target=update; $(RECURSIVE_BUILD_CMD)
+
+ depend:
+- @set -e; target=depend; $(RECURSIVE_BUILD_CMD)
++ +@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
+
+ lint:
+ @set -e; target=lint; $(RECURSIVE_BUILD_CMD)
+@@ -535,9 +535,9 @@ dist:
+ @$(MAKE) SDIRS='$(SDIRS)' clean
+ @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
+
+-install: all install_sw
++install: install_sw
+
+-install_sw:
++install_dirs:
+ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
+@@ -546,12 +546,19 @@ install_sw:
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/private
++ @$(PERL) $(TOP)/util/mkdir-p.pl \
++ $(INSTALL_PREFIX)$(MANDIR)/man1 \
++ $(INSTALL_PREFIX)$(MANDIR)/man3 \
++ $(INSTALL_PREFIX)$(MANDIR)/man5 \
++ $(INSTALL_PREFIX)$(MANDIR)/man7
++
++install_sw: install_dirs
+ @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
++ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+ do \
+ if [ -f "$$i" ]; then \
+@@ -635,12 +642,7 @@ install_html_docs:
+ done; \
+ done
+
+-install_docs:
+- @$(PERL) $(TOP)/util/mkdir-p.pl \
+- $(INSTALL_PREFIX)$(MANDIR)/man1 \
+- $(INSTALL_PREFIX)$(MANDIR)/man3 \
+- $(INSTALL_PREFIX)$(MANDIR)/man5 \
+- $(INSTALL_PREFIX)$(MANDIR)/man7
++install_docs: install_dirs
+ @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
+ here="`pwd`"; \
+ filecase=; \
+--- a/Makefile.shared
++++ b/Makefile.shared
+@@ -120,6 +120,7 @@ SYMLINK_SO= \
+ done; \
+ fi; \
+ if [ -n "$$SHLIB_SOVER" ]; then \
++ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
+ ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
+ ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
+ fi; \
+--- a/crypto/Makefile
++++ b/crypto/Makefile
+@@ -87,11 +87,11 @@ testapps:
+ @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+
+ subdirs:
+- @target=all; $(RECURSIVE_MAKE)
++ +@target=all; $(RECURSIVE_MAKE)
+
+ files:
+ $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
+- @target=files; $(RECURSIVE_MAKE)
++ +@target=files; $(RECURSIVE_MAKE)
+
+ links:
+ @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+@@ -102,7 +102,7 @@ links:
+ # lib: $(LIB): are splitted to avoid end-less loop
+ lib: $(LIB)
+ @touch lib
+-$(LIB): $(LIBOBJ)
++$(LIB): $(LIBOBJ) | subdirs
+ $(AR) $(LIB) $(LIBOBJ)
+ test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
+ $(RANLIB) $(LIB) || echo Never mind.
+@@ -113,7 +113,7 @@ shared: buildinf.h lib subdirs
+ fi
+
+ libs:
+- @target=lib; $(RECURSIVE_MAKE)
++ +@target=lib; $(RECURSIVE_MAKE)
+
+ install:
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+@@ -122,7 +122,7 @@ install:
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+- @target=install; $(RECURSIVE_MAKE)
++ +@target=install; $(RECURSIVE_MAKE)
+
+ lint:
+ @target=lint; $(RECURSIVE_MAKE)
+--- a/engines/Makefile
++++ b/engines/Makefile
+@@ -72,7 +72,7 @@ top:
+
+ all: lib subdirs
+
+-lib: $(LIBOBJ)
++lib: $(LIBOBJ) | subdirs
+ @if [ -n "$(SHARED_LIBS)" ]; then \
+ set -e; \
+ for l in $(LIBNAMES); do \
+@@ -89,7 +89,7 @@ lib: $(LIBOBJ)
+
+ subdirs:
+ echo $(EDIRS)
+- @target=all; $(RECURSIVE_MAKE)
++ +@target=all; $(RECURSIVE_MAKE)
+
+ files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+@@ -128,7 +128,7 @@ install:
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
+ done; \
+ fi
+- @target=install; $(RECURSIVE_MAKE)
++ +@target=install; $(RECURSIVE_MAKE)
+
+ tags:
+ ctags $(SRC)
+--- a/test/Makefile
++++ b/test/Makefile
+@@ -145,7 +145,7 @@ install:
+ tags:
+ ctags $(SRC)
+
+-tests: exe apps $(TESTS)
++tests: exe $(TESTS)
+
+ apps:
+ @(cd ..; $(MAKE) DIRS=apps all)
+@@ -593,7 +593,7 @@ $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssl
+ # fi
+
+ dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
+- @target=dummytest; $(BUILD_CMD)
++ +@target=dummytest; $(BUILD_CMD)
+
+ # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+++ /dev/null
---- a/Makefile.shared
-+++ b/Makefile.shared
-@@ -95,7 +95,6 @@ LINK_APP= \
- LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
- LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
- LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-- LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
- $${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} )
-
- LINK_SO= \
-@@ -105,7 +104,6 @@ LINK_SO= \
- SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
- LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
- LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-- LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
- $${SHAREDCMD} $${SHAREDFLAGS} \
- -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
- $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
--- /dev/null
+From f17f027c258338994a6167091a398c0cc1588acb Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Wed, 26 Sep 2018 18:04:58 -0300
+Subject: Avoid exposing build directories
+
+The CFLAGS contain the build directories, and are shown by calling
+SSLeay_version(SSLEAY_CFLAGS), or running openssl version -a
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+--- a/crypto/Makefile
++++ b/crypto/Makefile
+@@ -57,7 +57,7 @@ top:
+ all: shared
+
+ buildinf.h: ../Makefile
+- $(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" >buildinf.h
++ $(PERL) $(TOP)/util/mkbuildinf.pl "$(filter-out -I% -iremap% -fmacro-prefix-map%,$(CC) $(CFLAGS))" "$(PLATFORM)" >buildinf.h
+
+ x86cpuid.s: x86cpuid.pl perlasm/x86asm.pl
+ $(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+++ /dev/null
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -185,7 +185,7 @@ TARFILE= ../$(NAME).tar
- EXHEADER= e_os2.h
- HEADER= e_os.h
-
--all: Makefile build_all
-+all: build_all
-
- # as we stick to -e, CLEARENV ensures that local variables in lower
- # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
-@@ -404,11 +404,6 @@ openssl.pc: Makefile
- echo 'Version: '$(VERSION); \
- echo 'Requires: libssl libcrypto' ) > openssl.pc
-
--Makefile: Makefile.org Configure config
-- @echo "Makefile is older than Makefile.org, Configure or config."
-- @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
-- @false
--
- libclean:
- rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib
-
+++ /dev/null
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -282,17 +282,17 @@ build_libcrypto: build_crypto build_engi
- build_libssl: build_ssl libssl.pc
-
- build_crypto:
-- @dir=crypto; target=all; $(BUILD_ONE_CMD)
-+ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
- build_ssl: build_crypto
-- @dir=ssl; target=all; $(BUILD_ONE_CMD)
-+ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
- build_engines: build_crypto
-- @dir=engines; target=all; $(BUILD_ONE_CMD)
-+ +@dir=engines; target=all; $(BUILD_ONE_CMD)
- build_apps: build_libs
-- @dir=apps; target=all; $(BUILD_ONE_CMD)
-+ +@dir=apps; target=all; $(BUILD_ONE_CMD)
- build_tests: build_libs
-- @dir=test; target=all; $(BUILD_ONE_CMD)
-+ +@dir=test; target=all; $(BUILD_ONE_CMD)
- build_tools: build_libs
-- @dir=tools; target=all; $(BUILD_ONE_CMD)
-+ +@dir=tools; target=all; $(BUILD_ONE_CMD)
-
- all_testapps: build_libs build_testapps
- build_testapps:
-@@ -473,7 +473,7 @@ update: errors stacks util/libeay.num ut
- @set -e; target=update; $(RECURSIVE_BUILD_CMD)
-
- depend:
-- @set -e; target=depend; $(RECURSIVE_BUILD_CMD)
-+ +@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
-
- lint:
- @set -e; target=lint; $(RECURSIVE_BUILD_CMD)
-@@ -535,9 +535,9 @@ dist:
- @$(MAKE) SDIRS='$(SDIRS)' clean
- @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
-
--install: all install_sw
-+install: install_sw
-
--install_sw:
-+install_dirs:
- @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-@@ -546,12 +546,19 @@ install_sw:
- $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/private
-+ @$(PERL) $(TOP)/util/mkdir-p.pl \
-+ $(INSTALL_PREFIX)$(MANDIR)/man1 \
-+ $(INSTALL_PREFIX)$(MANDIR)/man3 \
-+ $(INSTALL_PREFIX)$(MANDIR)/man5 \
-+ $(INSTALL_PREFIX)$(MANDIR)/man7
-+
-+install_sw: install_dirs
- @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
-- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
-+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
- @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
- do \
- if [ -f "$$i" ]; then \
-@@ -635,12 +642,7 @@ install_html_docs:
- done; \
- done
-
--install_docs:
-- @$(PERL) $(TOP)/util/mkdir-p.pl \
-- $(INSTALL_PREFIX)$(MANDIR)/man1 \
-- $(INSTALL_PREFIX)$(MANDIR)/man3 \
-- $(INSTALL_PREFIX)$(MANDIR)/man5 \
-- $(INSTALL_PREFIX)$(MANDIR)/man7
-+install_docs: install_dirs
- @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
- here="`pwd`"; \
- filecase=; \
---- a/Makefile.shared
-+++ b/Makefile.shared
-@@ -120,6 +120,7 @@ SYMLINK_SO= \
- done; \
- fi; \
- if [ -n "$$SHLIB_SOVER" ]; then \
-+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
- ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
- ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
- fi; \
---- a/crypto/Makefile
-+++ b/crypto/Makefile
-@@ -85,11 +85,11 @@ testapps:
- @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-
- subdirs:
-- @target=all; $(RECURSIVE_MAKE)
-+ +@target=all; $(RECURSIVE_MAKE)
-
- files:
- $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
-- @target=files; $(RECURSIVE_MAKE)
-+ +@target=files; $(RECURSIVE_MAKE)
-
- links:
- @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -100,7 +100,7 @@ links:
- # lib: $(LIB): are splitted to avoid end-less loop
- lib: $(LIB)
- @touch lib
--$(LIB): $(LIBOBJ)
-+$(LIB): $(LIBOBJ) | subdirs
- $(AR) $(LIB) $(LIBOBJ)
- test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
- $(RANLIB) $(LIB) || echo Never mind.
-@@ -111,7 +111,7 @@ shared: buildinf.h lib subdirs
- fi
-
- libs:
-- @target=lib; $(RECURSIVE_MAKE)
-+ +@target=lib; $(RECURSIVE_MAKE)
-
- install:
- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -120,7 +120,7 @@ install:
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
-- @target=install; $(RECURSIVE_MAKE)
-+ +@target=install; $(RECURSIVE_MAKE)
-
- lint:
- @target=lint; $(RECURSIVE_MAKE)
---- a/engines/Makefile
-+++ b/engines/Makefile
-@@ -72,7 +72,7 @@ top:
-
- all: lib subdirs
-
--lib: $(LIBOBJ)
-+lib: $(LIBOBJ) | subdirs
- @if [ -n "$(SHARED_LIBS)" ]; then \
- set -e; \
- for l in $(LIBNAMES); do \
-@@ -89,7 +89,7 @@ lib: $(LIBOBJ)
-
- subdirs:
- echo $(EDIRS)
-- @target=all; $(RECURSIVE_MAKE)
-+ +@target=all; $(RECURSIVE_MAKE)
-
- files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-@@ -128,7 +128,7 @@ install:
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
- done; \
- fi
-- @target=install; $(RECURSIVE_MAKE)
-+ +@target=install; $(RECURSIVE_MAKE)
-
- tags:
- ctags $(SRC)
---- a/test/Makefile
-+++ b/test/Makefile
-@@ -145,7 +145,7 @@ install:
- tags:
- ctags $(SRC)
-
--tests: exe apps $(TESTS)
-+tests: exe $(TESTS)
-
- apps:
- @(cd ..; $(MAKE) DIRS=apps all)
-@@ -593,7 +593,7 @@ $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssl
- # fi
-
- dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
-- @target=dummytest; $(BUILD_CMD)
-+ +@target=dummytest; $(BUILD_CMD)
-
- # DO NOT DELETE THIS LINE -- make depend depends on it.
-