Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-libs/openssl/files
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2015-09-02 01:04:23 -0400
committerMike Frysinger <vapier@gentoo.org>2015-09-02 01:04:23 -0400
commitd93bba52f83fea4e6393988686e10fb2da64a64b (patch)
treeccf9952870fc5d84a6b9a0a417d60b23549fec68 /dev-libs/openssl/files
parentnet-libs/nghttp2: mark 1.0.5 arm64/ia64/m68k/s390/sh stable #558734 (diff)
downloadgentoo-d93bba52f83fea4e6393988686e10fb2da64a64b.tar.gz
gentoo-d93bba52f83fea4e6393988686e10fb2da64a64b.tar.bz2
gentoo-d93bba52f83fea4e6393988686e10fb2da64a64b.zip
dev-libs/openssl: delete old
Diffstat (limited to 'dev-libs/openssl/files')
-rw-r--r--dev-libs/openssl/files/gentoo.config-1.0.0159
-rw-r--r--dev-libs/openssl/files/openssl-0.9.8ze-CVE-2015-0286.patch326
-rw-r--r--dev-libs/openssl/files/openssl-1.0.0e-parallel-build.patch315
-rw-r--r--dev-libs/openssl/files/openssl-1.0.0r-x32.patch76
-rw-r--r--dev-libs/openssl/files/openssl-1.0.1-parallel-build.patch354
-rw-r--r--dev-libs/openssl/files/openssl-1.0.1-x32.patch79
-rw-r--r--dev-libs/openssl/files/openssl-1.0.1e-s_client-verify.patch18
-rw-r--r--dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch642
-rw-r--r--dev-libs/openssl/files/openssl-1.0.1l-CVE-2015-0286.patch356
-rw-r--r--dev-libs/openssl/files/openssl-1.0.1m-parallel-build.patch364
-rw-r--r--dev-libs/openssl/files/openssl-1.0.1m-s_client-verify.patch21
-rw-r--r--dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch49
-rw-r--r--dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0288.patch31
-rw-r--r--dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch459
-rw-r--r--dev-libs/openssl/files/openssl-1.0.2-parallel-build.patch354
15 files changed, 0 insertions, 3603 deletions
diff --git a/dev-libs/openssl/files/gentoo.config-1.0.0 b/dev-libs/openssl/files/gentoo.config-1.0.0
deleted file mode 100644
index 475bda37925a..000000000000
--- a/dev-libs/openssl/files/gentoo.config-1.0.0
+++ /dev/null
@@ -1,159 +0,0 @@
-#!/usr/bin/env bash
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-#
-# Openssl doesn't play along nicely with cross-compiling
-# like autotools based projects, so let's teach it new tricks.
-#
-# Review the bundled 'config' script to see why kind of targets
-# we can pass to the 'Configure' script.
-
-
-# Testing routines
-if [[ $1 == "test" ]] ; then
- for c in \
- "arm-gentoo-linux-uclibc |linux-generic32 -DL_ENDIAN" \
- "armv5b-linux-gnu |linux-armv4 -DB_ENDIAN" \
- "x86_64-pc-linux-gnu |linux-x86_64" \
- "alphaev56-unknown-linux-gnu |linux-alpha+bwx-gcc" \
- "i686-pc-linux-gnu |linux-elf" \
- "whatever-gentoo-freebsdX.Y |BSD-generic32" \
- "i686-gentoo-freebsdX.Y |BSD-x86-elf" \
- "sparc64-alpha-freebsdX.Y |BSD-sparc64" \
- "ia64-gentoo-freebsd5.99234 |BSD-ia64" \
- "x86_64-gentoo-freebsdX.Y |BSD-x86_64" \
- "hppa64-aldsF-linux-gnu5.3 |linux-generic32 -DB_ENDIAN" \
- "powerpc-gentOO-linux-uclibc |linux-ppc" \
- "powerpc64-unk-linux-gnu |linux-ppc64" \
- "x86_64-apple-darwinX |darwin64-x86_64-cc" \
- "powerpc64-apple-darwinX |darwin64-ppc-cc" \
- "i686-apple-darwinX |darwin-i386-cc" \
- "i386-apple-darwinX |darwin-i386-cc" \
- "powerpc-apple-darwinX |darwin-ppc-cc" \
- "i586-pc-winnt |winnt-parity" \
- "s390-ibm-linux-gnu |linux-generic32 -DB_ENDIAN" \
- "s390x-linux-gnu |linux-s390x" \
- ;do
- CHOST=${c/|*}
- ret_want=${c/*|}
- ret_got=$(CHOST=${CHOST} "$0")
-
- if [[ ${ret_want} == "${ret_got}" ]] ; then
- echo "PASS: ${CHOST}"
- else
- echo "FAIL: ${CHOST}"
- echo -e "\twanted: ${ret_want}"
- echo -e "\twe got: ${ret_got}"
- fi
- done
- exit 0
-fi
-[[ -z ${CHOST} && -n $1 ]] && CHOST=$1
-
-
-# Detect the operating system
-case ${CHOST} in
- *-aix*) system="aix";;
- *-darwin*) system="darwin";;
- *-freebsd*) system="BSD";;
- *-hpux*) system="hpux";;
- *-linux*) system="linux";;
- *-solaris*) system="solaris";;
- *-winnt*) system="winnt";;
- x86_64-*-mingw*) system="mingw64";;
- *mingw*) system="mingw";;
- *) exit 0;;
-esac
-
-
-# Compiler munging
-compiler="gcc"
-if [[ ${CC} == "ccc" ]] ; then
- compiler=${CC}
-fi
-
-
-# Detect target arch
-machine=""
-chost_machine=${CHOST%%-*}
-case ${system} in
-linux)
- case ${chost_machine}:${ABI} in
- alphaev56*) machine=alpha+bwx-${compiler};;
- alphaev[678]*)machine=alpha+bwx-${compiler};;
- alpha*) machine=alpha-${compiler};;
- armv[4-9]*b*) machine="armv4 -DB_ENDIAN";;
- armv[4-9]*) machine="armv4 -DL_ENDIAN";;
- arm*b*) machine="generic32 -DB_ENDIAN";;
- arm*) machine="generic32 -DL_ENDIAN";;
- avr*) machine="generic32 -DL_ENDIAN";;
- bfin*) machine="generic32 -DL_ENDIAN";;
- # hppa64*) machine=parisc64;;
- hppa*) machine="generic32 -DB_ENDIAN";;
- i[0-9]86*|\
- x86_64*:x86) machine=elf;;
- ia64*) machine=ia64;;
- m68*) machine="generic32 -DB_ENDIAN";;
- mips*el*) machine="generic32 -DL_ENDIAN";;
- mips*) machine="generic32 -DB_ENDIAN";;
- powerpc64*) machine=ppc64;;
- powerpc*) machine=ppc;;
- # sh64*) machine=elf;;
- sh*b*) machine="generic32 -DB_ENDIAN";;
- sh*) machine="generic32 -DL_ENDIAN";;
- sparc*v7*) machine="generic32 -DB_ENDIAN";;
- sparc64*) machine=sparcv9;;
- sparc*) machine=sparcv8;;
- s390x*) machine=s390x;;
- s390*) machine="generic32 -DB_ENDIAN";;
- x86_64*:x32) machine=x32;;
- x86_64*) machine=x86_64;;
- esac
- ;;
-BSD)
- case ${chost_machine} in
- alpha*) machine=generic64;;
- i[6-9]86*) machine=x86-elf;;
- ia64*) machine=ia64;;
- sparc64*) machine=sparc64;;
- x86_64*) machine=x86_64;;
- *) machine=generic32;;
- esac
- ;;
-aix)
- machine=${compiler}
- ;;
-darwin)
- case ${chost_machine} in
- powerpc64) machine=ppc-cc; system=${system}64;;
- powerpc) machine=ppc-cc;;
- i?86*) machine=i386-cc;;
- x86_64) machine=x86_64-cc; system=${system}64;;
- esac
- ;;
-hpux)
- case ${chost_machine} in
- ia64) machine=ia64-${compiler} ;;
- esac
- ;;
-solaris)
- case ${chost_machine} in
- i386) machine=x86-${compiler} ;;
- x86_64*) machine=x86_64-${compiler}; system=${system}64;;
- sparcv9*) machine=sparcv9-${compiler}; system=${system}64;;
- sparc*) machine=sparcv8-${compiler};;
- esac
- ;;
-winnt)
- machine=parity
- ;;
-mingw*)
- # special case ... no xxx-yyy style name
- echo ${system}
- ;;
-esac
-
-
-# If we have something, show it
-[[ -n ${machine} ]] && echo ${system}-${machine}
diff --git a/dev-libs/openssl/files/openssl-0.9.8ze-CVE-2015-0286.patch b/dev-libs/openssl/files/openssl-0.9.8ze-CVE-2015-0286.patch
deleted file mode 100644
index facb77d203a1..000000000000
--- a/dev-libs/openssl/files/openssl-0.9.8ze-CVE-2015-0286.patch
+++ /dev/null
@@ -1,326 +0,0 @@
---- openssl-0.9.8ze/crypto/asn1/a_type.c
-+++ openssl-0.9.8ze/crypto/asn1/a_type.c
-@@ -121,6 +121,9 @@
- case V_ASN1_OBJECT:
- result = OBJ_cmp(a->value.object, b->value.object);
- break;
-+ case V_ASN1_BOOLEAN:
-+ result = a->value.boolean - b->value.boolean;
-+ break;
- case V_ASN1_NULL:
- result = 0; /* They do not have content. */
- break;
---- openssl-0.9.8ze/crypto/asn1/tasn_dec.c
-+++ openssl-0.9.8ze/crypto/asn1/tasn_dec.c
-@@ -128,11 +128,17 @@
- {
- ASN1_TLC c;
- ASN1_VALUE *ptmpval = NULL;
-- if (!pval)
-- pval = &ptmpval;
- c.valid = 0;
-- if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
-- return *pval;
-+ if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
-+ ptmpval = *pval;
-+ if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
-+ if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
-+ if (*pval)
-+ ASN1_item_free(*pval, it);
-+ *pval = ptmpval;
-+ }
-+ return ptmpval;
-+ }
- return NULL;
- }
-
-@@ -309,9 +315,16 @@
- if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
- goto auxerr;
-
-- /* Allocate structure */
-- if (!*pval && !ASN1_item_ex_new(pval, it))
-- {
-+ if (*pval) {
-+ /* Free up and zero CHOICE value if initialised */
-+ i = asn1_get_choice_selector(pval, it);
-+ if ((i >= 0) && (i < it->tcount)) {
-+ tt = it->templates + i;
-+ pchptr = asn1_get_field_ptr(pval, tt);
-+ ASN1_template_free(pchptr, tt);
-+ asn1_set_choice_selector(pval, -1, it);
-+ }
-+ } else if (!ASN1_item_ex_new(pval, it)) {
- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
- ERR_R_NESTED_ASN1_ERROR);
- goto err;
-@@ -405,6 +418,17 @@
- if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
- goto auxerr;
-
-+ /* Free up and zero any ADB found */
-+ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
-+ if (tt->flags & ASN1_TFLG_ADB_MASK) {
-+ const ASN1_TEMPLATE *seqtt;
-+ ASN1_VALUE **pseqval;
-+ seqtt = asn1_do_adb(pval, tt, 1);
-+ pseqval = asn1_get_field_ptr(pval, seqtt);
-+ ASN1_template_free(pseqval, seqtt);
-+ }
-+ }
-+
- /* Get each field entry */
- for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
- {
---- openssl-0.9.8ze/crypto/pkcs7/pk7_doit.c
-+++ openssl-0.9.8ze/crypto/pkcs7/pk7_doit.c
-@@ -151,6 +151,25 @@
- EVP_PKEY *pkey;
- ASN1_OCTET_STRING *os=NULL;
-
-+ if (p7 == NULL) {
-+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
-+ return NULL;
-+ }
-+ /*
-+ * The content field in the PKCS7 ContentInfo is optional, but that really
-+ * only applies to inner content (precisely, detached signatures).
-+ *
-+ * When reading content, missing outer content is therefore treated as an
-+ * error.
-+ *
-+ * When creating content, PKCS7_content_new() must be called before
-+ * calling this method, so a NULL p7->d is always an error.
-+ */
-+ if (p7->d.ptr == NULL) {
-+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
-+ return NULL;
-+ }
-+
- i=OBJ_obj2nid(p7->type);
- p7->state=PKCS7_S_HEADER;
-
-@@ -344,6 +363,16 @@
- STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
- PKCS7_RECIP_INFO *ri=NULL;
-
-+ if (p7 == NULL) {
-+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
-+ return NULL;
-+ }
-+
-+ if (p7->d.ptr == NULL) {
-+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
-+ return NULL;
-+ }
-+
- i=OBJ_obj2nid(p7->type);
- p7->state=PKCS7_S_HEADER;
-
-@@ -637,6 +666,16 @@
- STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
- ASN1_OCTET_STRING *os=NULL;
-
-+ if (p7 == NULL) {
-+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
-+ return 0;
-+ }
-+
-+ if (p7->d.ptr == NULL) {
-+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
-+ return 0;
-+ }
-+
- EVP_MD_CTX_init(&ctx_tmp);
- i=OBJ_obj2nid(p7->type);
- p7->state=PKCS7_S_HEADER;
-@@ -668,6 +707,7 @@
- /* If detached data then the content is excluded */
- if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
- M_ASN1_OCTET_STRING_free(os);
-+ os = NULL;
- p7->d.sign->contents->d.data = NULL;
- }
- break;
-@@ -678,6 +718,7 @@
- if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
- {
- M_ASN1_OCTET_STRING_free(os);
-+ os = NULL;
- p7->d.digest->contents->d.data = NULL;
- }
- break;
-@@ -815,6 +856,11 @@
-
- if (!PKCS7_is_detached(p7))
- {
-+ /*
-+ * NOTE(emilia): I think we only reach os == NULL here because detached
-+ */
-+ if (os == NULL)
-+ goto err;
- btmp=BIO_find_type(bio,BIO_TYPE_MEM);
- if (btmp == NULL)
- {
-@@ -849,6 +895,16 @@
- STACK_OF(X509) *cert;
- X509 *x509;
-
-+ if (p7 == NULL) {
-+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
-+ return 0;
-+ }
-+
-+ if (p7->d.ptr == NULL) {
-+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
-+ return 0;
-+ }
-+
- if (PKCS7_type_is_signed(p7))
- {
- cert=p7->d.sign->cert;
---- openssl-0.9.8ze/crypto/pkcs7/pk7_lib.c
-+++ openssl-0.9.8ze/crypto/pkcs7/pk7_lib.c
-@@ -70,6 +70,7 @@
-
- switch (cmd)
- {
-+ /* NOTE(emilia): does not support detached digested data. */
- case PKCS7_OP_SET_DETACHED_SIGNATURE:
- if (nid == NID_pkcs7_signed)
- {
-@@ -473,6 +474,8 @@
-
- STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
- {
-+ if (p7 == NULL || p7->d.ptr == NULL)
-+ return NULL;
- if (PKCS7_type_is_signed(p7))
- {
- return(p7->d.sign->signer_info);
---- openssl-0.9.8ze/doc/crypto/d2i_X509.pod
-+++ openssl-0.9.8ze/doc/crypto/d2i_X509.pod
-@@ -199,6 +199,12 @@
- persist if they are not present in the new one. As a result the use
- of this "reuse" behaviour is strongly discouraged.
-
-+Current versions of OpenSSL will not modify B<*px> if an error occurs.
-+If parsing succeeds then B<*px> is freed (if it is not NULL) and then
-+set to the value of the newly decoded structure. As a result B<*px>
-+B<must not> be allocated on the stack or an attempt will be made to
-+free an invalid pointer.
-+
- i2d_X509() will not return an error in many versions of OpenSSL,
- if mandatory fields are not initialized due to a programming error
- then the encoded structure may contain invalid data or omit the
-@@ -210,7 +216,9 @@
-
- d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
- or B<NULL> if an error occurs. The error code that can be obtained by
--L<ERR_get_error(3)|ERR_get_error(3)>.
-+L<ERR_get_error(3)|ERR_get_error(3)>. If the "reuse" capability has been used
-+with a valid X509 structure being passed in via B<px> then the object is not
-+modified in the event of error.
-
- i2d_X509() returns the number of bytes successfully encoded or a negative
- value if an error occurs. The error code can be obtained by
---- openssl-0.9.8ze/ssl/s2_lib.c
-+++ openssl-0.9.8ze/ssl/s2_lib.c
-@@ -410,7 +410,7 @@
-
- OPENSSL_assert(s->session->master_key_length >= 0
- && s->session->master_key_length
-- < (int)sizeof(s->session->master_key));
-+ <= (int)sizeof(s->session->master_key));
- EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
- EVP_DigestUpdate(&ctx,&c,1);
- c++;
---- openssl-0.9.8ze/ssl/s2_srvr.c
-+++ openssl-0.9.8ze/ssl/s2_srvr.c
-@@ -446,10 +446,6 @@
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
- return(-1);
- }
-- i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc,
-- &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
-- (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
--
- is_export=SSL_C_IS_EXPORT(s->session->cipher);
-
- if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
-@@ -467,21 +463,59 @@
- else
- ek=5;
-
-+ /*
-+ * The format of the CLIENT-MASTER-KEY message is
-+ * 1 byte message type
-+ * 3 bytes cipher
-+ * 2-byte clear key length (stored in s->s2->tmp.clear)
-+ * 2-byte encrypted key length (stored in s->s2->tmp.enc)
-+ * 2-byte key args length (IV etc)
-+ * clear key
-+ * encrypted key
-+ * key args
-+ *
-+ * If the cipher is an export cipher, then the encrypted key bytes
-+ * are a fixed portion of the total key (5 or 8 bytes). The size of
-+ * this portion is in |ek|. If the cipher is not an export cipher,
-+ * then the entire key material is encrypted (i.e., clear key length
-+ * must be zero).
-+ */
-+ if ((!is_export && s->s2->tmp.clear != 0) ||
-+ (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) {
-+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
-+ return -1;
-+ }
-+ /*
-+ * The encrypted blob must decrypt to the encrypted portion of the key.
-+ * Decryption can't be expanding, so if we don't have enough encrypted
-+ * bytes to fit the key in the buffer, stop now.
-+ */
-+ if ((is_export && s->s2->tmp.enc < ek) ||
-+ (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) {
-+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
-+ return -1;
-+ }
-+
-+ i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
-+ &(p[s->s2->tmp.clear]),
-+ &(p[s->s2->tmp.clear]),
-+ (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
-+ RSA_PKCS1_PADDING);
-+
- /* bad decrypt */
- #if 1
- /* If a bad decrypt, continue with protocol but with a
- * random master secret (Bleichenbacher attack) */
-- if ((i < 0) ||
-- ((!is_export && (i != EVP_CIPHER_key_length(c)))
-- || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
-- (unsigned int)EVP_CIPHER_key_length(c))))))
-- {
-+ if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
-+ || (is_export && i != ek))) {
- ERR_clear_error();
- if (is_export)
- i=ek;
- else
- i=EVP_CIPHER_key_length(c);
-- if (RAND_pseudo_bytes(p,i) <= 0)
-+ if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0)
- return 0;
- }
- #else
-@@ -505,7 +539,8 @@
- }
- #endif
-
-- if (is_export) i+=s->s2->tmp.clear;
-+ if (is_export)
-+ i = EVP_CIPHER_key_length(c);
-
- if (i > SSL_MAX_MASTER_KEY_LENGTH)
- {
diff --git a/dev-libs/openssl/files/openssl-1.0.0e-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.0e-parallel-build.patch
deleted file mode 100644
index e1a030f9ebf9..000000000000
--- a/dev-libs/openssl/files/openssl-1.0.0e-parallel-build.patch
+++ /dev/null
@@ -1,315 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=2084
-
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -247,17 +247,17 @@
- build_libs: build_crypto build_ssl build_engines
-
- build_crypto:
-- @dir=crypto; target=all; $(BUILD_ONE_CMD)
-+ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
--build_ssl:
-+build_ssl: build_crypto
-- @dir=ssl; target=all; $(BUILD_ONE_CMD)
-+ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
--build_engines:
-+build_engines: build_crypto
-- @dir=engines; target=all; $(BUILD_ONE_CMD)
-+ +@dir=engines; target=all; $(BUILD_ONE_CMD)
--build_apps:
-+build_apps: build_libs
-- @dir=apps; target=all; $(BUILD_ONE_CMD)
-+ +@dir=apps; target=all; $(BUILD_ONE_CMD)
--build_tests:
-+build_tests: build_libs
-- @dir=test; target=all; $(BUILD_ONE_CMD)
-+ +@dir=test; target=all; $(BUILD_ONE_CMD)
--build_tools:
-+build_tools: build_libs
-- @dir=tools; target=all; $(BUILD_ONE_CMD)
-+ +@dir=tools; target=all; $(BUILD_ONE_CMD)
-
- all_testapps: build_libs build_testapps
- build_testapps:
-@@ -497,9 +497,9 @@
- dist_pem_h:
- (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
-
--install: all install_docs install_sw
-+install: install_docs install_sw
-
--install_sw:
-+install_dirs:
- @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-@@ -508,6 +508,13 @@
- $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/private
-+ @$(PERL) $(TOP)/util/mkdir-p.pl \
-+ $(INSTALL_PREFIX)$(MANDIR)/man1 \
-+ $(INSTALL_PREFIX)$(MANDIR)/man3 \
-+ $(INSTALL_PREFIX)$(MANDIR)/man5 \
-+ $(INSTALL_PREFIX)$(MANDIR)/man7
-+
-+install_sw: install_dirs
- @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-@@ -511,7 +511,7 @@
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
-- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
-+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
- @set -e; for i in $(LIBS) ;\
- do \
- if [ -f "$$i" ]; then \
-@@ -593,12 +600,7 @@
- done; \
- done
-
--install_docs:
-- @$(PERL) $(TOP)/util/mkdir-p.pl \
-- $(INSTALL_PREFIX)$(MANDIR)/man1 \
-- $(INSTALL_PREFIX)$(MANDIR)/man3 \
-- $(INSTALL_PREFIX)$(MANDIR)/man5 \
-- $(INSTALL_PREFIX)$(MANDIR)/man7
-+install_docs: install_dirs
- @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
- here="`pwd`"; \
- filecase=; \
---- a/crypto/Makefile
-+++ b/crypto/Makefile
-@@ -85,11 +85,11 @@
- @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-
- subdirs:
-- @target=all; $(RECURSIVE_MAKE)
-+ +@target=all; $(RECURSIVE_MAKE)
-
- files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-- @target=files; $(RECURSIVE_MAKE)
-+ +@target=files; $(RECURSIVE_MAKE)
-
- links:
- @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -100,7 +100,7 @@
- # lib: $(LIB): are splitted to avoid end-less loop
- lib: $(LIB)
- @touch lib
--$(LIB): $(LIBOBJ)
-+$(LIB): $(LIBOBJ) | subdirs
- $(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB) || echo Never mind.
-
-@@ -110,7 +110,7 @@
- fi
-
- libs:
-- @target=lib; $(RECURSIVE_MAKE)
-+ +@target=lib; $(RECURSIVE_MAKE)
-
- install:
- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -119,7 +119,7 @@
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
-- @target=install; $(RECURSIVE_MAKE)
-+ +@target=install; $(RECURSIVE_MAKE)
-
- lint:
- @target=lint; $(RECURSIVE_MAKE)
---- a/engines/Makefile
-+++ b/engines/Makefile
-@@ -72,7 +72,7 @@
-
- all: lib subdirs
-
--lib: $(LIBOBJ)
-+lib: $(LIBOBJ) | subdirs
- @if [ -n "$(SHARED_LIBS)" ]; then \
- set -e; \
- for l in $(LIBNAMES); do \
-@@ -89,7 +89,7 @@
-
- subdirs:
- echo $(EDIRS)
-- @target=all; $(RECURSIVE_MAKE)
-+ +@target=all; $(RECURSIVE_MAKE)
-
- files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-@@ -128,7 +128,7 @@
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
- done; \
- fi
-- @target=install; $(RECURSIVE_MAKE)
-+ +@target=install; $(RECURSIVE_MAKE)
-
- tags:
- ctags $(SRC)
---- a/test/Makefile
-+++ b/test/Makefile
-@@ -123,7 +123,7 @@
- tags:
- ctags $(SRC)
-
--tests: exe apps $(TESTS)
-+tests: exe $(TESTS)
-
- apps:
- @(cd ..; $(MAKE) DIRS=apps all)
-@@ -345,106 +345,106 @@
- link_app.$${shlib_target}
-
- $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
-- @target=$(RSATEST); $(BUILD_CMD)
-+ +@target=$(RSATEST); $(BUILD_CMD)
-
- $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
-- @target=$(BNTEST); $(BUILD_CMD)
-+ +@target=$(BNTEST); $(BUILD_CMD)
-
- $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
-- @target=$(ECTEST); $(BUILD_CMD)
-+ +@target=$(ECTEST); $(BUILD_CMD)
-
- $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
-- @target=$(EXPTEST); $(BUILD_CMD)
-+ +@target=$(EXPTEST); $(BUILD_CMD)
-
- $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
-- @target=$(IDEATEST); $(BUILD_CMD)
-+ +@target=$(IDEATEST); $(BUILD_CMD)
-
- $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
-- @target=$(MD2TEST); $(BUILD_CMD)
-+ +@target=$(MD2TEST); $(BUILD_CMD)
-
- $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
-- @target=$(SHATEST); $(BUILD_CMD)
-+ +@target=$(SHATEST); $(BUILD_CMD)
-
- $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
-- @target=$(SHA1TEST); $(BUILD_CMD)
-+ +@target=$(SHA1TEST); $(BUILD_CMD)
-
- $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
-- @target=$(SHA256TEST); $(BUILD_CMD)
-+ +@target=$(SHA256TEST); $(BUILD_CMD)
-
- $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
-- @target=$(SHA512TEST); $(BUILD_CMD)
-+ +@target=$(SHA512TEST); $(BUILD_CMD)
-
- $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
-- @target=$(RMDTEST); $(BUILD_CMD)
-+ +@target=$(RMDTEST); $(BUILD_CMD)
-
- $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
-- @target=$(MDC2TEST); $(BUILD_CMD)
-+ +@target=$(MDC2TEST); $(BUILD_CMD)
-
- $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
-- @target=$(MD4TEST); $(BUILD_CMD)
-+ +@target=$(MD4TEST); $(BUILD_CMD)
-
- $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
-- @target=$(MD5TEST); $(BUILD_CMD)
-+ +@target=$(MD5TEST); $(BUILD_CMD)
-
- $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
-- @target=$(HMACTEST); $(BUILD_CMD)
-+ +@target=$(HMACTEST); $(BUILD_CMD)
-
- $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
-- @target=$(WPTEST); $(BUILD_CMD)
-+ +@target=$(WPTEST); $(BUILD_CMD)
-
- $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
-- @target=$(RC2TEST); $(BUILD_CMD)
-+ +@target=$(RC2TEST); $(BUILD_CMD)
-
- $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
-- @target=$(BFTEST); $(BUILD_CMD)
-+ +@target=$(BFTEST); $(BUILD_CMD)
-
- $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
-- @target=$(CASTTEST); $(BUILD_CMD)
-+ +@target=$(CASTTEST); $(BUILD_CMD)
-
- $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
-- @target=$(RC4TEST); $(BUILD_CMD)
-+ +@target=$(RC4TEST); $(BUILD_CMD)
-
- $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
-- @target=$(RC5TEST); $(BUILD_CMD)
-+ +@target=$(RC5TEST); $(BUILD_CMD)
-
- $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
-- @target=$(DESTEST); $(BUILD_CMD)
-+ +@target=$(DESTEST); $(BUILD_CMD)
-
- $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
-- @target=$(RANDTEST); $(BUILD_CMD)
-+ +@target=$(RANDTEST); $(BUILD_CMD)
-
- $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
-- @target=$(DHTEST); $(BUILD_CMD)
-+ +@target=$(DHTEST); $(BUILD_CMD)
-
- $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
-- @target=$(DSATEST); $(BUILD_CMD)
-+ +@target=$(DSATEST); $(BUILD_CMD)
-
- $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
-- @target=$(METHTEST); $(BUILD_CMD)
-+ +@target=$(METHTEST); $(BUILD_CMD)
-
- $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
-- @target=$(SSLTEST); $(BUILD_CMD)
-+ +@target=$(SSLTEST); $(BUILD_CMD)
-
- $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
-- @target=$(ENGINETEST); $(BUILD_CMD)
-+ +@target=$(ENGINETEST); $(BUILD_CMD)
-
- $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
-- @target=$(EVPTEST); $(BUILD_CMD)
-+ +@target=$(EVPTEST); $(BUILD_CMD)
-
- $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
-- @target=$(ECDSATEST); $(BUILD_CMD)
-+ +@target=$(ECDSATEST); $(BUILD_CMD)
-
- $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
-- @target=$(ECDHTEST); $(BUILD_CMD)
-+ +@target=$(ECDHTEST); $(BUILD_CMD)
-
- $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
-- @target=$(IGETEST); $(BUILD_CMD)
-+ +@target=$(IGETEST); $(BUILD_CMD)
-
- $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
-- @target=$(JPAKETEST); $(BUILD_CMD)
-+ +@target=$(JPAKETEST); $(BUILD_CMD)
-
- $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
-- @target=$(ASN1TEST); $(BUILD_CMD)
-+ +@target=$(ASN1TEST); $(BUILD_CMD)
-
- #$(AESTEST).o: $(AESTEST).c
- # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -457,7 +457,7 @@
- # fi
-
- dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
-- @target=dummytest; $(BUILD_CMD)
-+ +@target=dummytest; $(BUILD_CMD)
-
- # DO NOT DELETE THIS LINE -- make depend depends on it.
-
diff --git a/dev-libs/openssl/files/openssl-1.0.0r-x32.patch b/dev-libs/openssl/files/openssl-1.0.0r-x32.patch
deleted file mode 100644
index 2d715eb5af0e..000000000000
--- a/dev-libs/openssl/files/openssl-1.0.0r-x32.patch
+++ /dev/null
@@ -1,76 +0,0 @@
---- openssl-1.0.0r/Configure
-+++ openssl-1.0.0r/Configure
-@@ -353,6 +353,7 @@ my %table=(
- "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux-x32", "gcc:-DL_ENDIAN -DTERMIO -O2 -pipe -g -feliminate-unused-debug-types -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
- #### SPARC Linux setups
- # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
---- openssl-1.0.0r/crypto/bn/asm/x86_64-gcc.c
-+++ openssl-1.0.0r/crypto/bn/asm/x86_64-gcc.c
-@@ -55,7 +55,7 @@
- * machine.
- */
-
--# ifdef _WIN64
-+# if defined _WIN64 || !defined __LP64__
- # define BN_ULONG unsigned long long
- # else
- # define BN_ULONG unsigned long
-@@ -211,9 +211,9 @@ BN_ULONG bn_add_words(BN_ULONG *rp, cons
-
- asm volatile (" subq %2,%2 \n"
- ".p2align 4 \n"
-- "1: movq (%4,%2,8),%0 \n"
-- " adcq (%5,%2,8),%0 \n"
-- " movq %0,(%3,%2,8) \n"
-+ "1: movq (%q4,%2,8),%0 \n"
-+ " adcq (%q5,%2,8),%0 \n"
-+ " movq %0,(%q3,%2,8) \n"
- " leaq 1(%2),%2 \n"
- " loop 1b \n"
- " sbbq %0,%0 \n":"=&a" (ret), "+c"(n),
-@@ -235,9 +235,9 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, cons
-
- asm volatile (" subq %2,%2 \n"
- ".p2align 4 \n"
-- "1: movq (%4,%2,8),%0 \n"
-- " sbbq (%5,%2,8),%0 \n"
-- " movq %0,(%3,%2,8) \n"
-+ "1: movq (%q4,%2,8),%0 \n"
-+ " sbbq (%q5,%2,8),%0 \n"
-+ " movq %0,(%q3,%2,8) \n"
- " leaq 1(%2),%2 \n"
- " loop 1b \n"
- " sbbq %0,%0 \n":"=&a" (ret), "+c"(n),
---- openssl-1.0.0r/crypto/bn/bn_exp.c
-+++ openssl-1.0.0r/crypto/bn/bn_exp.c
-@@ -564,7 +564,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
- * multiple.
- */
- #define MOD_EXP_CTIME_ALIGN(x_) \
-- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ULONG)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
-+ ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
-
- /*
- * This variant of BN_mod_exp_mont() uses fixed windows and the special
---- openssl-1.0.0r/crypto/bn/bn.h
-+++ openssl-1.0.0r/crypto/bn/bn.h
-@@ -174,6 +174,15 @@ extern "C" {
- # endif
-
- /*
-+ * Address type.
-+ */
-+#ifdef _WIN64
-+#define BN_ADDR unsigned long long
-+#else
-+#define BN_ADDR unsigned long
-+#endif
-+
-+/*
- * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
- * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
- */
diff --git a/dev-libs/openssl/files/openssl-1.0.1-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.1-parallel-build.patch
deleted file mode 100644
index 19f859abb210..000000000000
--- a/dev-libs/openssl/files/openssl-1.0.1-parallel-build.patch
+++ /dev/null
@@ -1,354 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=2084
-
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -247,17 +247,17 @@
- build_libs: build_crypto build_ssl build_engines
-
- build_crypto:
-- @dir=crypto; target=all; $(BUILD_ONE_CMD)
-+ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
--build_ssl:
-+build_ssl: build_crypto
-- @dir=ssl; target=all; $(BUILD_ONE_CMD)
-+ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
--build_engines:
-+build_engines: build_crypto
-- @dir=engines; target=all; $(BUILD_ONE_CMD)
-+ +@dir=engines; target=all; $(BUILD_ONE_CMD)
--build_apps:
-+build_apps: build_libs
-- @dir=apps; target=all; $(BUILD_ONE_CMD)
-+ +@dir=apps; target=all; $(BUILD_ONE_CMD)
--build_tests:
-+build_tests: build_libs
-- @dir=test; target=all; $(BUILD_ONE_CMD)
-+ +@dir=test; target=all; $(BUILD_ONE_CMD)
--build_tools:
-+build_tools: build_libs
-- @dir=tools; target=all; $(BUILD_ONE_CMD)
-+ +@dir=tools; target=all; $(BUILD_ONE_CMD)
-
- all_testapps: build_libs build_testapps
- build_testapps:
-@@ -497,9 +497,9 @@
- dist_pem_h:
- (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
-
--install: all install_docs install_sw
-+install: install_docs install_sw
-
--install_sw:
-+install_dirs:
- @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-@@ -508,6 +508,13 @@
- $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/private
-+ @$(PERL) $(TOP)/util/mkdir-p.pl \
-+ $(INSTALL_PREFIX)$(MANDIR)/man1 \
-+ $(INSTALL_PREFIX)$(MANDIR)/man3 \
-+ $(INSTALL_PREFIX)$(MANDIR)/man5 \
-+ $(INSTALL_PREFIX)$(MANDIR)/man7
-+
-+install_sw: install_dirs
- @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-@@ -511,7 +511,7 @@
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
-- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
-+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
- @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
- do \
- if [ -f "$$i" ]; then \
-@@ -593,12 +600,7 @@
- done; \
- done
-
--install_docs:
-- @$(PERL) $(TOP)/util/mkdir-p.pl \
-- $(INSTALL_PREFIX)$(MANDIR)/man1 \
-- $(INSTALL_PREFIX)$(MANDIR)/man3 \
-- $(INSTALL_PREFIX)$(MANDIR)/man5 \
-- $(INSTALL_PREFIX)$(MANDIR)/man7
-+install_docs: install_dirs
- @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
- here="`pwd`"; \
- filecase=; \
---- a/Makefile.shared
-+++ b/Makefile.shared
-@@ -105,6 +105,7 @@ LINK_SO= \
- SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
- LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
- LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
- LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
- $${SHAREDCMD} $${SHAREDFLAGS} \
- -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-@@ -122,6 +124,7 @@ SYMLINK_SO= \
- done; \
- fi; \
- if [ -n "$$SHLIB_SOVER" ]; then \
-+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
- ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
- ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
- fi; \
---- a/crypto/Makefile
-+++ b/crypto/Makefile
-@@ -85,11 +85,11 @@
- @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-
- subdirs:
-- @target=all; $(RECURSIVE_MAKE)
-+ +@target=all; $(RECURSIVE_MAKE)
-
- files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-- @target=files; $(RECURSIVE_MAKE)
-+ +@target=files; $(RECURSIVE_MAKE)
-
- links:
- @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -100,7 +100,7 @@
- # lib: $(LIB): are splitted to avoid end-less loop
- lib: $(LIB)
- @touch lib
--$(LIB): $(LIBOBJ)
-+$(LIB): $(LIBOBJ) | subdirs
- $(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB) || echo Never mind.
-
-@@ -110,7 +110,7 @@
- fi
-
- libs:
-- @target=lib; $(RECURSIVE_MAKE)
-+ +@target=lib; $(RECURSIVE_MAKE)
-
- install:
- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -119,7 +119,7 @@
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
-- @target=install; $(RECURSIVE_MAKE)
-+ +@target=install; $(RECURSIVE_MAKE)
-
- lint:
- @target=lint; $(RECURSIVE_MAKE)
---- a/engines/Makefile
-+++ b/engines/Makefile
-@@ -72,7 +72,7 @@
-
- all: lib subdirs
-
--lib: $(LIBOBJ)
-+lib: $(LIBOBJ) | subdirs
- @if [ -n "$(SHARED_LIBS)" ]; then \
- set -e; \
- for l in $(LIBNAMES); do \
-@@ -89,7 +89,7 @@
-
- subdirs:
- echo $(EDIRS)
-- @target=all; $(RECURSIVE_MAKE)
-+ +@target=all; $(RECURSIVE_MAKE)
-
- files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-@@ -128,7 +128,7 @@
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
- done; \
- fi
-- @target=install; $(RECURSIVE_MAKE)
-+ +@target=install; $(RECURSIVE_MAKE)
-
- tags:
- ctags $(SRC)
---- a/test/Makefile
-+++ b/test/Makefile
-@@ -123,7 +123,7 @@
- tags:
- ctags $(SRC)
-
--tests: exe apps $(TESTS)
-+tests: exe $(TESTS)
-
- apps:
- @(cd ..; $(MAKE) DIRS=apps all)
-@@ -365,109 +365,109 @@
- link_app.$${shlib_target}
-
- $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
-- @target=$(RSATEST); $(BUILD_CMD)
-+ +@target=$(RSATEST); $(BUILD_CMD)
-
- $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
-- @target=$(BNTEST); $(BUILD_CMD)
-+ +@target=$(BNTEST); $(BUILD_CMD)
-
- $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
-- @target=$(ECTEST); $(BUILD_CMD)
-+ +@target=$(ECTEST); $(BUILD_CMD)
-
- $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
-- @target=$(EXPTEST); $(BUILD_CMD)
-+ +@target=$(EXPTEST); $(BUILD_CMD)
-
- $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
-- @target=$(IDEATEST); $(BUILD_CMD)
-+ +@target=$(IDEATEST); $(BUILD_CMD)
-
- $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
-- @target=$(MD2TEST); $(BUILD_CMD)
-+ +@target=$(MD2TEST); $(BUILD_CMD)
-
- $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
-- @target=$(SHATEST); $(BUILD_CMD)
-+ +@target=$(SHATEST); $(BUILD_CMD)
-
- $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
-- @target=$(SHA1TEST); $(BUILD_CMD)
-+ +@target=$(SHA1TEST); $(BUILD_CMD)
-
- $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
-- @target=$(SHA256TEST); $(BUILD_CMD)
-+ +@target=$(SHA256TEST); $(BUILD_CMD)
-
- $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
-- @target=$(SHA512TEST); $(BUILD_CMD)
-+ +@target=$(SHA512TEST); $(BUILD_CMD)
-
- $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
-- @target=$(RMDTEST); $(BUILD_CMD)
-+ +@target=$(RMDTEST); $(BUILD_CMD)
-
- $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
-- @target=$(MDC2TEST); $(BUILD_CMD)
-+ +@target=$(MDC2TEST); $(BUILD_CMD)
-
- $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
-- @target=$(MD4TEST); $(BUILD_CMD)
-+ +@target=$(MD4TEST); $(BUILD_CMD)
-
- $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
-- @target=$(MD5TEST); $(BUILD_CMD)
-+ +@target=$(MD5TEST); $(BUILD_CMD)
-
- $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
-- @target=$(HMACTEST); $(BUILD_CMD)
-+ +@target=$(HMACTEST); $(BUILD_CMD)
-
- $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
-- @target=$(WPTEST); $(BUILD_CMD)
-+ +@target=$(WPTEST); $(BUILD_CMD)
-
- $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
-- @target=$(RC2TEST); $(BUILD_CMD)
-+ +@target=$(RC2TEST); $(BUILD_CMD)
-
- $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
-- @target=$(BFTEST); $(BUILD_CMD)
-+ +@target=$(BFTEST); $(BUILD_CMD)
-
- $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
-- @target=$(CASTTEST); $(BUILD_CMD)
-+ +@target=$(CASTTEST); $(BUILD_CMD)
-
- $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
-- @target=$(RC4TEST); $(BUILD_CMD)
-+ +@target=$(RC4TEST); $(BUILD_CMD)
-
- $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
-- @target=$(RC5TEST); $(BUILD_CMD)
-+ +@target=$(RC5TEST); $(BUILD_CMD)
-
- $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
-- @target=$(DESTEST); $(BUILD_CMD)
-+ +@target=$(DESTEST); $(BUILD_CMD)
-
- $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
-- @target=$(RANDTEST); $(BUILD_CMD)
-+ +@target=$(RANDTEST); $(BUILD_CMD)
-
- $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
-- @target=$(DHTEST); $(BUILD_CMD)
-+ +@target=$(DHTEST); $(BUILD_CMD)
-
- $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
-- @target=$(DSATEST); $(BUILD_CMD)
-+ +@target=$(DSATEST); $(BUILD_CMD)
-
- $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
-- @target=$(METHTEST); $(BUILD_CMD)
-+ +@target=$(METHTEST); $(BUILD_CMD)
-
- $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
-- @target=$(SSLTEST); $(FIPS_BUILD_CMD)
-+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
-
- $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
-- @target=$(ENGINETEST); $(BUILD_CMD)
-+ +@target=$(ENGINETEST); $(BUILD_CMD)
-
- $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
-- @target=$(EVPTEST); $(BUILD_CMD)
-+ +@target=$(EVPTEST); $(BUILD_CMD)
-
- $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
-- @target=$(ECDSATEST); $(BUILD_CMD)
-+ +@target=$(ECDSATEST); $(BUILD_CMD)
-
- $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
-- @target=$(ECDHTEST); $(BUILD_CMD)
-+ +@target=$(ECDHTEST); $(BUILD_CMD)
-
- $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
-- @target=$(IGETEST); $(BUILD_CMD)
-+ +@target=$(IGETEST); $(BUILD_CMD)
-
- $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
-- @target=$(JPAKETEST); $(BUILD_CMD)
-+ +@target=$(JPAKETEST); $(BUILD_CMD)
-
- $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
-- @target=$(ASN1TEST); $(BUILD_CMD)
-+ +@target=$(ASN1TEST); $(BUILD_CMD)
-
- $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
-- @target=$(SRPTEST); $(BUILD_CMD)
-+ +@target=$(SRPTEST); $(BUILD_CMD)
-
- #$(AESTEST).o: $(AESTEST).c
- # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -480,7 +480,7 @@
- # fi
-
- dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
-- @target=dummytest; $(BUILD_CMD)
-+ +@target=dummytest; $(BUILD_CMD)
-
- # DO NOT DELETE THIS LINE -- make depend depends on it.
-
---- a/crypto/objects/Makefile
-+++ b/crypto/objects/Makefile
-@@ -44,11 +44,11 @@ obj_dat.h: obj_dat.pl obj_mac.h
- # objects.pl both reads and writes obj_mac.num
- obj_mac.h: objects.pl objects.txt obj_mac.num
- $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
-- @sleep 1; touch obj_mac.h; sleep 1
-
--obj_xref.h: objxref.pl obj_xref.txt obj_mac.num
-+# This doesn't really need obj_mac.h, but since that rule reads & writes
-+# obj_mac.num, we can't run in parallel with it.
-+obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h
- $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
-- @sleep 1; touch obj_xref.h; sleep 1
-
- files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
diff --git a/dev-libs/openssl/files/openssl-1.0.1-x32.patch b/dev-libs/openssl/files/openssl-1.0.1-x32.patch
deleted file mode 100644
index 5106cb6e82a3..000000000000
--- a/dev-libs/openssl/files/openssl-1.0.1-x32.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=51bfed2e26fc13a66e8b5710aa2ce1d7a04af721
-
-UpstreamStatus: Pending
-
-Received from H J Liu @ Intel
-Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors.
-Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
-
-ported the patch to the 1.0.0e version
-Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
-Index: openssl-1.0.0e/Configure
-===================================================================
---- openssl-1.0.0e.orig/Configure
-+++ openssl-1.0.0e/Configure
-@@ -393,6 +393,7 @@ my %table=(
- "debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux-x32", "gcc:-DL_ENDIAN -DTERMIO -O2 -pipe -g -feliminate-unused-debug-types -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "dist", "cc:-O::(unknown)::::::",
-
- # Basic configs that should work on any (32 and less bit) box
-Index: openssl-1.0.0e/crypto/bn/asm/x86_64-gcc.c
-===================================================================
---- openssl-1.0.0e.orig/crypto/bn/asm/x86_64-gcc.c
-+++ openssl-1.0.0e/crypto/bn/asm/x86_64-gcc.c
-@@ -55,7 +55,7 @@
- * machine.
- */
-
--#ifdef _WIN64
-+#if defined _WIN64 || !defined __LP64__
- #define BN_ULONG unsigned long long
- #else
- #define BN_ULONG unsigned long
-@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con
- asm (
- " subq %2,%2 \n"
- ".p2align 4 \n"
-- "1: movq (%4,%2,8),%0 \n"
-- " adcq (%5,%2,8),%0 \n"
-- " movq %0,(%3,%2,8) \n"
-+ "1: movq (%q4,%2,8),%0 \n"
-+ " adcq (%q5,%2,8),%0 \n"
-+ " movq %0,(%q3,%2,8) \n"
- " leaq 1(%2),%2 \n"
- " loop 1b \n"
- " sbbq %0,%0 \n"
-@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con
- asm (
- " subq %2,%2 \n"
- ".p2align 4 \n"
-- "1: movq (%4,%2,8),%0 \n"
-- " sbbq (%5,%2,8),%0 \n"
-- " movq %0,(%3,%2,8) \n"
-+ "1: movq (%q4,%2,8),%0 \n"
-+ " sbbq (%q5,%2,8),%0 \n"
-+ " movq %0,(%q3,%2,8) \n"
- " leaq 1(%2),%2 \n"
- " loop 1b \n"
- " sbbq %0,%0 \n"
-Index: openssl-1.0.0e/crypto/bn/bn.h
-===================================================================
---- openssl-1.0.0e.orig/crypto/bn/bn.h
-+++ openssl-1.0.0e/crypto/bn/bn.h
-@@ -172,6 +172,13 @@ extern "C" {
- # endif
- #endif
-
-+/* Address type. */
-+#ifdef _WIN64
-+#define BN_ADDR unsigned long long
-+#else
-+#define BN_ADDR unsigned long
-+#endif
-+
- /* assuming long is 64bit - this is the DEC Alpha
- * unsigned long long is only 64 bits :-(, don't define
- * BN_LLONG for the DEC Alpha */
diff --git a/dev-libs/openssl/files/openssl-1.0.1e-s_client-verify.patch b/dev-libs/openssl/files/openssl-1.0.1e-s_client-verify.patch
deleted file mode 100644
index 03e4f59989cb..000000000000
--- a/dev-libs/openssl/files/openssl-1.0.1e-s_client-verify.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-https://bugs.gentoo.org/472584
-http://rt.openssl.org/Ticket/Display.html?id=2387&user=guest&pass=guest
-
-fix verification handling in s_client. when loading paths, make sure
-we properly fallback to setting the default paths.
-
---- a/apps/s_client.c
-+++ b/apps/s_client.c
-@@ -899,7 +899,7 @@
- if (!set_cert_key_stuff(ctx,cert,key))
- goto end;
-
-- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
-+ if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) &&
- (!SSL_CTX_set_default_verify_paths(ctx)))
- {
- /* BIO_printf(bio_err,"error setting default verify locations\n"); */
-
diff --git a/dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch b/dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch
deleted file mode 100644
index 10c1ba222f1c..000000000000
--- a/dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch
+++ /dev/null
@@ -1,642 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
-
-Forward ported from openssl-1.0.1e-ipv6.patch
-
-Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
-
---- openssl-1.0.1h/apps/s_apps.h
-+++ openssl-1.0.1h/apps/s_apps.h
-@@ -148,7 +148,7 @@
- #define PORT_STR "4433"
- #define PROTOCOL "tcp"
-
--int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
-+int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6);
- #ifdef HEADER_X509_H
- int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
- #endif
-@@ -156,7 +156,7 @@
- int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
- int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
- #endif
--int init_client(int *sock, char *server, int port, int type);
-+int init_client(int *sock, char *server, int port, int type, int use_ipv4, int use_ipv6);
- int should_retry(int i);
- int extract_port(char *str, short *port_ptr);
- int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
---- openssl-1.0.1h/apps/s_client.c
-+++ openssl-1.0.1h/apps/s_client.c
-@@ -285,6 +285,10 @@
- {
- BIO_printf(bio_err,"usage: s_client args\n");
- BIO_printf(bio_err,"\n");
-+ BIO_printf(bio_err," -4 - use IPv4 only\n");
-+#if OPENSSL_USE_IPV6
-+ BIO_printf(bio_err," -6 - use IPv6 only\n");
-+#endif
- BIO_printf(bio_err," -host host - use -connect instead\n");
- BIO_printf(bio_err," -port port - use -connect instead\n");
- BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
-@@ -568,6 +572,7 @@
- int sbuf_len,sbuf_off;
- fd_set readfds,writefds;
- short port=PORT;
-+ int use_ipv4, use_ipv6;
- int full_log=1;
- char *host=SSL_HOST_NAME;
- char *cert_file=NULL,*key_file=NULL;
-@@ -613,7 +618,11 @@
- #endif
- char *sess_in = NULL;
- char *sess_out = NULL;
-- struct sockaddr peer;
-+#if OPENSSL_USE_IPV6
-+ struct sockaddr_storage peer;
-+#else
-+ struct sockaddr_in peer;
-+#endif
- int peerlen = sizeof(peer);
- int enable_timeouts = 0 ;
- long socket_mtu = 0;
-@@ -628,6 +637,12 @@
-
- meth=SSLv23_client_method();
-
-+ use_ipv4 = 1;
-+#if OPENSSL_USE_IPV6
-+ use_ipv6 = 1;
-+#else
-+ use_ipv6 = 0;
-+#endif
- apps_startup();
- c_Pause=0;
- c_quiet=0;
-@@ -949,6 +964,18 @@
- jpake_secret = *++argv;
- }
- #endif
-+ else if (strcmp(*argv,"-4") == 0)
-+ {
-+ use_ipv4 = 1;
-+ use_ipv6 = 0;
-+ }
-+#if OPENSSL_USE_IPV6
-+ else if (strcmp(*argv,"-6") == 0)
-+ {
-+ use_ipv4 = 0;
-+ use_ipv6 = 1;
-+ }
-+#endif
- #ifndef OPENSSL_NO_SRTP
- else if (strcmp(*argv,"-use_srtp") == 0)
- {
-@@ -1260,7 +1287,7 @@
-
- re_start:
-
-- if (init_client(&s,host,port,socket_type) == 0)
-+ if (init_client(&s,host,port,socket_type,use_ipv4,use_ipv6) == 0)
- {
- BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
- SHUTDOWN(s);
-@@ -1286,7 +1313,7 @@
- {
-
- sbio=BIO_new_dgram(s,BIO_NOCLOSE);
-- if (getsockname(s, &peer, (void *)&peerlen) < 0)
-+ if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0)
- {
- BIO_printf(bio_err, "getsockname:errno=%d\n",
- get_last_socket_error());
---- openssl-1.0.1h/apps/s_server.c
-+++ openssl-1.0.1h/apps/s_server.c
-@@ -560,6 +560,10 @@
- BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
- # endif
- #endif
-+ BIO_printf(bio_err," -4 - use IPv4 only\n");
-+#if OPENSSL_USE_IPV6
-+ BIO_printf(bio_err," -6 - use IPv6 only\n");
-+#endif
- BIO_printf(bio_err," -keymatexport label - Export keying material using label\n");
- BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n");
- }
-@@ -947,6 +951,7 @@
- int state=0;
- const SSL_METHOD *meth=NULL;
- int socket_type=SOCK_STREAM;
-+ int use_ipv4, use_ipv6;
- ENGINE *e=NULL;
- char *inrand=NULL;
- int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
-@@ -975,6 +980,12 @@
- #endif
- meth=SSLv23_server_method();
-
-+ use_ipv4 = 1;
-+#if OPENSSL_USE_IPV6
-+ use_ipv6 = 1;
-+#else
-+ use_ipv6 = 0;
-+#endif
- local_argc=argc;
- local_argv=argv;
-
-@@ -1323,6 +1334,18 @@
- jpake_secret = *(++argv);
- }
- #endif
-+ else if (strcmp(*argv,"-4") == 0)
-+ {
-+ use_ipv4 = 1;
-+ use_ipv6 = 0;
-+ }
-+#if OPENSSL_USE_IPV6
-+ else if (strcmp(*argv,"-6") == 0)
-+ {
-+ use_ipv4 = 0;
-+ use_ipv6 = 1;
-+ }
-+#endif
- #ifndef OPENSSL_NO_SRTP
- else if (strcmp(*argv,"-use_srtp") == 0)
- {
-@@ -1881,9 +1904,9 @@
- BIO_printf(bio_s_out,"ACCEPT\n");
- (void)BIO_flush(bio_s_out);
- if (www)
-- do_server(port,socket_type,&accept_socket,www_body, context);
-+ do_server(port,socket_type,&accept_socket,www_body, context, use_ipv4, use_ipv6);
- else
-- do_server(port,socket_type,&accept_socket,sv_body, context);
-+ do_server(port,socket_type,&accept_socket,sv_body, context, use_ipv4, use_ipv6);
- print_stats(bio_s_out,ctx);
- ret=0;
- end:
---- openssl-1.0.1h/apps/s_socket.c
-+++ openssl-1.0.1h/apps/s_socket.c
-@@ -97,16 +97,16 @@
- #include "netdb.h"
- #endif
-
--static struct hostent *GetHostByName(char *name);
-+static struct hostent *GetHostByName(char *name, int domain);
- #if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
- static void ssl_sock_cleanup(void);
- #endif
- static int ssl_sock_init(void);
--static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
--static int init_server(int *sock, int port, int type);
--static int init_server_long(int *sock, int port,char *ip, int type);
-+static int init_client_ip(int *sock,unsigned char *ip, int port, int type, int domain);
-+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6);
-+static int init_server_long(int *sock, int port,char *ip, int type, int use_ipv4, int use_ipv6);
- static int do_accept(int acc_sock, int *sock, char **host);
--static int host_ip(char *str, unsigned char ip[4]);
-+static int host_ip(char *str, unsigned char *ip, int domain);
-
- #ifdef OPENSSL_SYS_WIN16
- #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
-@@ -234,38 +234,68 @@
- return(1);
- }
-
--int init_client(int *sock, char *host, int port, int type)
-+int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6)
- {
-+#if OPENSSL_USE_IPV6
-+ unsigned char ip[16];
-+#else
- unsigned char ip[4];
-+#endif
-
-- memset(ip, '\0', sizeof ip);
-- if (!host_ip(host,&(ip[0])))
-- return 0;
-- return init_client_ip(sock,ip,port,type);
-- }
--
--static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
-- {
-- unsigned long addr;
-+ if (use_ipv4)
-+ if (host_ip(host,ip,AF_INET))
-+ return(init_client_ip(sock,ip,port,type,AF_INET));
-+#if OPENSSL_USE_IPV6
-+ if (use_ipv6)
-+ if (host_ip(host,ip,AF_INET6))
-+ return(init_client_ip(sock,ip,port,type,AF_INET6));
-+#endif
-+ return 0;
-+ }
-+
-+static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain)
-+ {
-+#if OPENSSL_USE_IPV6
-+ struct sockaddr_storage them;
-+ struct sockaddr_in *them_in = (struct sockaddr_in *)&them;
-+ struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them;
-+#else
- struct sockaddr_in them;
-+ struct sockaddr_in *them_in = &them;
-+#endif
-+ socklen_t addr_len;
- int s,i;
-
- if (!ssl_sock_init()) return(0);
-
- memset((char *)&them,0,sizeof(them));
-- them.sin_family=AF_INET;
-- them.sin_port=htons((unsigned short)port);
-- addr=(unsigned long)
-- ((unsigned long)ip[0]<<24L)|
-- ((unsigned long)ip[1]<<16L)|
-- ((unsigned long)ip[2]<< 8L)|
-- ((unsigned long)ip[3]);
-- them.sin_addr.s_addr=htonl(addr);
-+ if (domain == AF_INET)
-+ {
-+ addr_len = (socklen_t)sizeof(struct sockaddr_in);
-+ them_in->sin_family=AF_INET;
-+ them_in->sin_port=htons((unsigned short)port);
-+#ifndef BIT_FIELD_LIMITS
-+ memcpy(&them_in->sin_addr.s_addr, ip, 4);
-+#else
-+ memcpy(&them_in->sin_addr, ip, 4);
-+#endif
-+ }
-+ else
-+#if OPENSSL_USE_IPV6
-+ {
-+ addr_len = (socklen_t)sizeof(struct sockaddr_in6);
-+ them_in6->sin6_family=AF_INET6;
-+ them_in6->sin6_port=htons((unsigned short)port);
-+ memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr));
-+ }
-+#else
-+ return(0);
-+#endif
-
- if (type == SOCK_STREAM)
-- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
-+ s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL);
- else /* ( type == SOCK_DGRAM) */
-- s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
-+ s=socket(domain,SOCK_DGRAM,IPPROTO_UDP);
-
- if (s == INVALID_SOCKET) { perror("socket"); return(0); }
-
-@@ -277,29 +307,27 @@
- if (i < 0) { closesocket(s); perror("keepalive"); return(0); }
- }
- #endif
--
-- if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
-+ if (connect(s,(struct sockaddr *)&them,addr_len) == -1)
- { closesocket(s); perror("connect"); return(0); }
- *sock=s;
- return(1);
- }
-
--int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
-+int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6)
- {
- int sock;
- char *name = NULL;
- int accept_socket = 0;
- int i;
-
-- if (!init_server(&accept_socket,port,type)) return(0);
--
-+ if (!init_server(&accept_socket,port,type, use_ipv4, use_ipv6)) return(0);
- if (ret != NULL)
- {
- *ret=accept_socket;
- /* return(1);*/
- }
-- for (;;)
-- {
-+ for (;;)
-+ {
- if (type==SOCK_STREAM)
- {
- if (do_accept(accept_socket,&sock,&name) == 0)
-@@ -322,41 +350,88 @@
- }
- }
-
--static int init_server_long(int *sock, int port, char *ip, int type)
-+static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6)
- {
- int ret=0;
-+ int domain;
-+#if OPENSSL_USE_IPV6
-+ struct sockaddr_storage server;
-+ struct sockaddr_in *server_in = (struct sockaddr_in *)&server;
-+ struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server;
-+#else
- struct sockaddr_in server;
-+ struct sockaddr_in *server_in = &server;
-+#endif
-+ socklen_t addr_len;
- int s= -1;
-
-+ if (!use_ipv4 && !use_ipv6)
-+ goto err;
-+#if OPENSSL_USE_IPV6
-+ /* we are fine here */
-+#else
-+ if (use_ipv6)
-+ goto err;
-+#endif
- if (!ssl_sock_init()) return(0);
-
-- memset((char *)&server,0,sizeof(server));
-- server.sin_family=AF_INET;
-- server.sin_port=htons((unsigned short)port);
-- if (ip == NULL)
-- server.sin_addr.s_addr=INADDR_ANY;
-- else
--/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
--#ifndef BIT_FIELD_LIMITS
-- memcpy(&server.sin_addr.s_addr,ip,4);
-+#if OPENSSL_USE_IPV6
-+ domain = use_ipv6 ? AF_INET6 : AF_INET;
- #else
-- memcpy(&server.sin_addr,ip,4);
-+ domain = AF_INET;
- #endif
--
-- if (type == SOCK_STREAM)
-- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
-- else /* type == SOCK_DGRAM */
-- s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
-+ if (type == SOCK_STREAM)
-+ s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL);
-+ else /* type == SOCK_DGRAM */
-+ s=socket(domain, SOCK_DGRAM,IPPROTO_UDP);
-
- if (s == INVALID_SOCKET) goto err;
- #if defined SOL_SOCKET && defined SO_REUSEADDR
-+ {
-+ int j = 1;
-+ setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
-+ (void *) &j, sizeof j);
-+ }
-+#endif
-+#if OPENSSL_USE_IPV6
-+ if ((use_ipv4 == 0) && (use_ipv6 == 1))
-+ {
-+ const int on = 1;
-+
-+ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
-+ (const void *) &on, sizeof(int));
-+ }
-+#endif
-+ if (domain == AF_INET)
-+ {
-+ addr_len = (socklen_t)sizeof(struct sockaddr_in);
-+ memset(server_in, 0, sizeof(struct sockaddr_in));
-+ server_in->sin_family=AF_INET;
-+ server_in->sin_port = htons((unsigned short)port);
-+ if (ip == NULL)
-+ server_in->sin_addr.s_addr = htonl(INADDR_ANY);
-+ else
-+/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
-+#ifndef BIT_FIELD_LIMITS
-+ memcpy(&server_in->sin_addr.s_addr, ip, 4);
-+#else
-+ memcpy(&server_in->sin_addr, ip, 4);
-+#endif
-+ }
-+#if OPENSSL_USE_IPV6
-+ else
- {
-- int j = 1;
-- setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
-- (void *) &j, sizeof j);
-+ addr_len = (socklen_t)sizeof(struct sockaddr_in6);
-+ memset(server_in6, 0, sizeof(struct sockaddr_in6));
-+ server_in6->sin6_family = AF_INET6;
-+ server_in6->sin6_port = htons((unsigned short)port);
-+ if (ip == NULL)
-+ server_in6->sin6_addr = in6addr_any;
-+ else
-+ memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr));
- }
- #endif
-- if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
-+ if (bind(s, (struct sockaddr *)&server, addr_len) == -1)
- {
- #ifndef OPENSSL_SYS_WINDOWS
- perror("bind");
-@@ -375,16 +450,23 @@
- return(ret);
- }
-
--static int init_server(int *sock, int port, int type)
-+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6)
- {
-- return(init_server_long(sock, port, NULL, type));
-+ return(init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6));
- }
-
- static int do_accept(int acc_sock, int *sock, char **host)
- {
- int ret;
- struct hostent *h1,*h2;
-- static struct sockaddr_in from;
-+#if OPENSSL_USE_IPV6
-+ struct sockaddr_storage from;
-+ struct sockaddr_in *from_in = (struct sockaddr_in *)&from;
-+ struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from;
-+#else
-+ struct sockaddr_in from;
-+ struct sockaddr_in *from_in = &from;
-+#endif
- int len;
- /* struct linger ling; */
-
-@@ -431,13 +513,23 @@
- */
-
- if (host == NULL) goto end;
-+#if OPENSSL_USE_IPV6
-+ if (from.ss_family == AF_INET)
-+#else
-+ if (from.sin_family == AF_INET)
-+#endif
- #ifndef BIT_FIELD_LIMITS
-- /* I should use WSAAsyncGetHostByName() under windows */
-- h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
-- sizeof(from.sin_addr.s_addr),AF_INET);
-+ /* I should use WSAAsyncGetHostByName() under windows */
-+ h1=gethostbyaddr((char *)&from_in->sin_addr.s_addr,
-+ sizeof(from_in->sin_addr.s_addr), AF_INET);
- #else
-- h1=gethostbyaddr((char *)&from.sin_addr,
-- sizeof(struct in_addr),AF_INET);
-+ h1=gethostbyaddr((char *)&from_in->sin_addr,
-+ sizeof(struct in_addr), AF_INET);
-+#endif
-+#if OPENSSL_USE_IPV6
-+ else
-+ h1=gethostbyaddr((char *)&from_in6->sin6_addr,
-+ sizeof(struct in6_addr), AF_INET6);
- #endif
- if (h1 == NULL)
- {
-@@ -455,16 +547,25 @@
- }
- BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
-
-- h2=GetHostByName(*host);
-+#if OPENSSL_USE_IPV6
-+ h2=GetHostByName(*host, from.ss_family);
-+#else
-+ h2=GetHostByName(*host, from.sin_family);
-+#endif
-+
- if (h2 == NULL)
- {
- BIO_printf(bio_err,"gethostbyname failure\n");
- closesocket(ret);
- return(0);
- }
-- if (h2->h_addrtype != AF_INET)
-+#if OPENSSL_USE_IPV6
-+ if (h2->h_addrtype != from.ss_family)
-+#else
-+ if (h2->h_addrtype != from.sin_family)
-+#endif
- {
-- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
-+ BIO_printf(bio_err,"gethostbyname addr address is not correct\n");
- closesocket(ret);
- return(0);
- }
-@@ -480,7 +581,7 @@
- char *h,*p;
-
- h=str;
-- p=strchr(str,':');
-+ p=strrchr(str,':');
- if (p == NULL)
- {
- BIO_printf(bio_err,"no port defined\n");
-@@ -488,7 +589,7 @@
- }
- *(p++)='\0';
-
-- if ((ip != NULL) && !host_ip(str,ip))
-+ if ((ip != NULL) && !host_ip(str,ip,AF_INET))
- goto err;
- if (host_ptr != NULL) *host_ptr=h;
-
-@@ -499,48 +600,58 @@
- return(0);
- }
-
--static int host_ip(char *str, unsigned char ip[4])
-+static int host_ip(char *str, unsigned char *ip, int domain)
- {
-- unsigned int in[4];
-+ unsigned int in[4];
-+ unsigned long l;
- int i;
-
-- if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
-+ if ((domain == AF_INET) &&
-+ (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4))
- {
-+
- for (i=0; i<4; i++)
- if (in[i] > 255)
- {
- BIO_printf(bio_err,"invalid IP address\n");
- goto err;
- }
-- ip[0]=in[0];
-- ip[1]=in[1];
-- ip[2]=in[2];
-- ip[3]=in[3];
-- }
-+ l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]);
-+ memcpy(ip, &l, 4);
-+ return 1;
-+ }
-+#if OPENSSL_USE_IPV6
-+ else if ((domain == AF_INET6) &&
-+ (inet_pton(AF_INET6, str, ip) == 1))
-+ return 1;
-+#endif
- else
- { /* do a gethostbyname */
- struct hostent *he;
-
- if (!ssl_sock_init()) return(0);
-
-- he=GetHostByName(str);
-+ he=GetHostByName(str,domain);
- if (he == NULL)
- {
- BIO_printf(bio_err,"gethostbyname failure\n");
- goto err;
- }
- /* cast to short because of win16 winsock definition */
-- if ((short)he->h_addrtype != AF_INET)
-+ if ((short)he->h_addrtype != domain)
- {
-- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
-+ BIO_printf(bio_err,"gethostbyname addr family is not correct\n");
- return(0);
- }
-- ip[0]=he->h_addr_list[0][0];
-- ip[1]=he->h_addr_list[0][1];
-- ip[2]=he->h_addr_list[0][2];
-- ip[3]=he->h_addr_list[0][3];
-+ if (domain == AF_INET)
-+ memset(ip, 0, 4);
-+#if OPENSSL_USE_IPV6
-+ else
-+ memset(ip, 0, 16);
-+#endif
-+ memcpy(ip, he->h_addr_list[0], he->h_length);
-+ return 1;
- }
-- return(1);
- err:
- return(0);
- }
-@@ -577,7 +688,7 @@
- static unsigned long ghbn_hits=0L;
- static unsigned long ghbn_miss=0L;
-
--static struct hostent *GetHostByName(char *name)
-+static struct hostent *GetHostByName(char *name, int domain)
- {
- struct hostent *ret;
- int i,lowi=0;
-@@ -592,14 +703,20 @@
- }
- if (ghbn_cache[i].order > 0)
- {
-- if (strncmp(name,ghbn_cache[i].name,128) == 0)
-+ if ((strncmp(name,ghbn_cache[i].name,128) == 0) &&
-+ (ghbn_cache[i].ent.h_addrtype == domain))
- break;
- }
- }
- if (i == GHBN_NUM) /* no hit*/
- {
- ghbn_miss++;
-- ret=gethostbyname(name);
-+ if (domain == AF_INET)
-+ ret=gethostbyname(name);
-+#if OPENSSL_USE_IPV6
-+ else
-+ ret=gethostbyname2(name, AF_INET6);
-+#endif
- if (ret == NULL) return(NULL);
- /* else add to cache */
- if(strlen(name) < sizeof ghbn_cache[0].name)
diff --git a/dev-libs/openssl/files/openssl-1.0.1l-CVE-2015-0286.patch b/dev-libs/openssl/files/openssl-1.0.1l-CVE-2015-0286.patch
deleted file mode 100644
index 811f573a1107..000000000000
--- a/dev-libs/openssl/files/openssl-1.0.1l-CVE-2015-0286.patch
+++ /dev/null
@@ -1,356 +0,0 @@
---- openssl-1.0.1l/crypto/asn1/a_type.c
-+++ openssl-1.0.1l/crypto/asn1/a_type.c
-@@ -124,6 +124,9 @@
- case V_ASN1_OBJECT:
- result = OBJ_cmp(a->value.object, b->value.object);
- break;
-+ case V_ASN1_BOOLEAN:
-+ result = a->value.boolean - b->value.boolean;
-+ break;
- case V_ASN1_NULL:
- result = 0; /* They do not have content. */
- break;
---- openssl-1.0.1l/crypto/asn1/tasn_dec.c
-+++ openssl-1.0.1l/crypto/asn1/tasn_dec.c
-@@ -130,11 +130,17 @@
- {
- ASN1_TLC c;
- ASN1_VALUE *ptmpval = NULL;
-- if (!pval)
-- pval = &ptmpval;
- asn1_tlc_clear_nc(&c);
-- if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
-- return *pval;
-+ if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
-+ ptmpval = *pval;
-+ if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
-+ if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
-+ if (*pval)
-+ ASN1_item_free(*pval, it);
-+ *pval = ptmpval;
-+ }
-+ return ptmpval;
-+ }
- return NULL;
- }
-
-@@ -311,9 +317,16 @@
- if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
- goto auxerr;
-
-- /* Allocate structure */
-- if (!*pval && !ASN1_item_ex_new(pval, it))
-- {
-+ if (*pval) {
-+ /* Free up and zero CHOICE value if initialised */
-+ i = asn1_get_choice_selector(pval, it);
-+ if ((i >= 0) && (i < it->tcount)) {
-+ tt = it->templates + i;
-+ pchptr = asn1_get_field_ptr(pval, tt);
-+ ASN1_template_free(pchptr, tt);
-+ asn1_set_choice_selector(pval, -1, it);
-+ }
-+ } else if (!ASN1_item_ex_new(pval, it)) {
- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
- ERR_R_NESTED_ASN1_ERROR);
- goto err;
-@@ -407,6 +420,17 @@
- if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
- goto auxerr;
-
-+ /* Free up and zero any ADB found */
-+ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
-+ if (tt->flags & ASN1_TFLG_ADB_MASK) {
-+ const ASN1_TEMPLATE *seqtt;
-+ ASN1_VALUE **pseqval;
-+ seqtt = asn1_do_adb(pval, tt, 1);
-+ pseqval = asn1_get_field_ptr(pval, seqtt);
-+ ASN1_template_free(pseqval, seqtt);
-+ }
-+ }
-+
- /* Get each field entry */
- for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
- {
---- openssl-1.0.1l/crypto/pkcs7/pk7_doit.c
-+++ openssl-1.0.1l/crypto/pkcs7/pk7_doit.c
-@@ -272,6 +272,25 @@
- PKCS7_RECIP_INFO *ri=NULL;
- ASN1_OCTET_STRING *os=NULL;
-
-+ if (p7 == NULL) {
-+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
-+ return NULL;
-+ }
-+ /*
-+ * The content field in the PKCS7 ContentInfo is optional, but that really
-+ * only applies to inner content (precisely, detached signatures).
-+ *
-+ * When reading content, missing outer content is therefore treated as an
-+ * error.
-+ *
-+ * When creating content, PKCS7_content_new() must be called before
-+ * calling this method, so a NULL p7->d is always an error.
-+ */
-+ if (p7->d.ptr == NULL) {
-+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
-+ return NULL;
-+ }
-+
- i=OBJ_obj2nid(p7->type);
- p7->state=PKCS7_S_HEADER;
-
-@@ -433,6 +452,16 @@
- unsigned char *ek = NULL, *tkey = NULL;
- int eklen = 0, tkeylen = 0;
-
-+ if (p7 == NULL) {
-+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
-+ return NULL;
-+ }
-+
-+ if (p7->d.ptr == NULL) {
-+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
-+ return NULL;
-+ }
-+
- i=OBJ_obj2nid(p7->type);
- p7->state=PKCS7_S_HEADER;
-
-@@ -752,6 +781,16 @@
- STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
- ASN1_OCTET_STRING *os=NULL;
-
-+ if (p7 == NULL) {
-+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
-+ return 0;
-+ }
-+
-+ if (p7->d.ptr == NULL) {
-+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
-+ return 0;
-+ }
-+
- EVP_MD_CTX_init(&ctx_tmp);
- i=OBJ_obj2nid(p7->type);
- p7->state=PKCS7_S_HEADER;
-@@ -796,6 +835,7 @@
- /* If detached data then the content is excluded */
- if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
- M_ASN1_OCTET_STRING_free(os);
-+ os = NULL;
- p7->d.sign->contents->d.data = NULL;
- }
- break;
-@@ -806,6 +846,7 @@
- if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
- {
- M_ASN1_OCTET_STRING_free(os);
-+ os = NULL;
- p7->d.digest->contents->d.data = NULL;
- }
- break;
-@@ -878,24 +919,31 @@
- M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
- }
-
-- if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF))
-- {
-+ if (!PKCS7_is_detached(p7)) {
-+ /*
-+ * NOTE(emilia): I think we only reach os == NULL here because detached
-+ * digested data support is broken.
-+ */
-+ if (os == NULL)
-+ goto err;
-+ if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
- char *cont;
- long contlen;
-- btmp=BIO_find_type(bio,BIO_TYPE_MEM);
-- if (btmp == NULL)
-- {
-- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
-- goto err;
-- }
-+ btmp = BIO_find_type(bio, BIO_TYPE_MEM);
-+ if (btmp == NULL) {
-+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
-+ goto err;
-+ }
- contlen = BIO_get_mem_data(btmp, &cont);
-- /* Mark the BIO read only then we can use its copy of the data
-+ /*
-+ * Mark the BIO read only then we can use its copy of the data
- * instead of making an extra copy.
- */
- BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
- BIO_set_mem_eof_return(btmp, 0);
- ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
-- }
-+ }
-+ }
- ret=1;
- err:
- EVP_MD_CTX_cleanup(&ctx_tmp);
-@@ -971,6 +1019,16 @@
- STACK_OF(X509) *cert;
- X509 *x509;
-
-+ if (p7 == NULL) {
-+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
-+ return 0;
-+ }
-+
-+ if (p7->d.ptr == NULL) {
-+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
-+ return 0;
-+ }
-+
- if (PKCS7_type_is_signed(p7))
- {
- cert=p7->d.sign->cert;
---- openssl-1.0.1l/crypto/pkcs7/pk7_lib.c
-+++ openssl-1.0.1l/crypto/pkcs7/pk7_lib.c
-@@ -71,6 +71,7 @@
-
- switch (cmd)
- {
-+ /* NOTE(emilia): does not support detached digested data. */
- case PKCS7_OP_SET_DETACHED_SIGNATURE:
- if (nid == NID_pkcs7_signed)
- {
-@@ -459,6 +460,8 @@
-
- STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
- {
-+ if (p7 == NULL || p7->d.ptr == NULL)
-+ return NULL;
- if (PKCS7_type_is_signed(p7))
- {
- return(p7->d.sign->signer_info);
---- openssl-1.0.1l/doc/crypto/d2i_X509.pod
-+++ openssl-1.0.1l/doc/crypto/d2i_X509.pod
-@@ -199,6 +199,12 @@
- persist if they are not present in the new one. As a result the use
- of this "reuse" behaviour is strongly discouraged.
-
-+Current versions of OpenSSL will not modify B<*px> if an error occurs.
-+If parsing succeeds then B<*px> is freed (if it is not NULL) and then
-+set to the value of the newly decoded structure. As a result B<*px>
-+B<must not> be allocated on the stack or an attempt will be made to
-+free an invalid pointer.
-+
- i2d_X509() will not return an error in many versions of OpenSSL,
- if mandatory fields are not initialized due to a programming error
- then the encoded structure may contain invalid data or omit the
-@@ -210,7 +216,9 @@
-
- d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
- or B<NULL> if an error occurs. The error code that can be obtained by
--L<ERR_get_error(3)|ERR_get_error(3)>.
-+L<ERR_get_error(3)|ERR_get_error(3)>. If the "reuse" capability has been used
-+with a valid X509 structure being passed in via B<px> then the object is not
-+modified in the event of error.
-
- i2d_X509() returns the number of bytes successfully encoded or a negative
- value if an error occurs. The error code can be obtained by
---- openssl-1.0.1l/ssl/s2_lib.c
-+++ openssl-1.0.1l/ssl/s2_lib.c
-@@ -488,7 +488,7 @@
-
- OPENSSL_assert(s->session->master_key_length >= 0
- && s->session->master_key_length
-- < (int)sizeof(s->session->master_key));
-+ <= (int)sizeof(s->session->master_key));
- EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
- EVP_DigestUpdate(&ctx,&c,1);
- c++;
---- openssl-1.0.1l/ssl/s2_srvr.c
-+++ openssl-1.0.1l/ssl/s2_srvr.c
-@@ -454,10 +454,6 @@
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
- return(-1);
- }
-- i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc,
-- &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
-- (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
--
- is_export=SSL_C_IS_EXPORT(s->session->cipher);
-
- if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL))
-@@ -475,21 +471,59 @@
- else
- ek=5;
-
-+ /*
-+ * The format of the CLIENT-MASTER-KEY message is
-+ * 1 byte message type
-+ * 3 bytes cipher
-+ * 2-byte clear key length (stored in s->s2->tmp.clear)
-+ * 2-byte encrypted key length (stored in s->s2->tmp.enc)
-+ * 2-byte key args length (IV etc)
-+ * clear key
-+ * encrypted key
-+ * key args
-+ *
-+ * If the cipher is an export cipher, then the encrypted key bytes
-+ * are a fixed portion of the total key (5 or 8 bytes). The size of
-+ * this portion is in |ek|. If the cipher is not an export cipher,
-+ * then the entire key material is encrypted (i.e., clear key length
-+ * must be zero).
-+ */
-+ if ((!is_export && s->s2->tmp.clear != 0) ||
-+ (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) {
-+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
-+ return -1;
-+ }
-+ /*
-+ * The encrypted blob must decrypt to the encrypted portion of the key.
-+ * Decryption can't be expanding, so if we don't have enough encrypted
-+ * bytes to fit the key in the buffer, stop now.
-+ */
-+ if ((is_export && s->s2->tmp.enc < ek) ||
-+ (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) {
-+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
-+ return -1;
-+ }
-+
-+ i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
-+ &(p[s->s2->tmp.clear]),
-+ &(p[s->s2->tmp.clear]),
-+ (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
-+ RSA_PKCS1_PADDING);
-+
- /* bad decrypt */
- #if 1
- /* If a bad decrypt, continue with protocol but with a
- * random master secret (Bleichenbacher attack) */
-- if ((i < 0) ||
-- ((!is_export && (i != EVP_CIPHER_key_length(c)))
-- || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
-- (unsigned int)EVP_CIPHER_key_length(c))))))
-- {
-+ if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
-+ || (is_export && i != ek))) {
- ERR_clear_error();
- if (is_export)
- i=ek;
- else
- i=EVP_CIPHER_key_length(c);
-- if (RAND_pseudo_bytes(p,i) <= 0)
-+ if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0)
- return 0;
- }
- #else
-@@ -513,7 +547,8 @@
- }
- #endif
-
-- if (is_export) i+=s->s2->tmp.clear;
-+ if (is_export)
-+ i = EVP_CIPHER_key_length(c);
-
- if (i > SSL_MAX_MASTER_KEY_LENGTH)
- {
diff --git a/dev-libs/openssl/files/openssl-1.0.1m-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.1m-parallel-build.patch
deleted file mode 100644
index db92b79f6ae8..000000000000
--- a/dev-libs/openssl/files/openssl-1.0.1m-parallel-build.patch
+++ /dev/null
@@ -1,364 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=2084
-
---- openssl-1.0.1m/crypto/Makefile
-+++ openssl-1.0.1m/crypto/Makefile
-@@ -85,11 +85,11 @@
- @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-
- subdirs:
-- @target=all; $(RECURSIVE_MAKE)
-+ +@target=all; $(RECURSIVE_MAKE)
-
- files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-- @target=files; $(RECURSIVE_MAKE)
-+ +@target=files; $(RECURSIVE_MAKE)
-
- links:
- @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -100,7 +100,7 @@
- # lib: $(LIB): are splitted to avoid end-less loop
- lib: $(LIB)
- @touch lib
--$(LIB): $(LIBOBJ)
-+$(LIB): $(LIBOBJ) | subdirs
- $(AR) $(LIB) $(LIBOBJ)
- [ -z "$(FIPSLIBDIR)" ] || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
- $(RANLIB) $(LIB) || echo Never mind.
-@@ -111,7 +111,7 @@
- fi
-
- libs:
-- @target=lib; $(RECURSIVE_MAKE)
-+ +@target=lib; $(RECURSIVE_MAKE)
-
- install:
- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -120,7 +120,7 @@
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
-- @target=install; $(RECURSIVE_MAKE)
-+ +@target=install; $(RECURSIVE_MAKE)
-
- lint:
- @target=lint; $(RECURSIVE_MAKE)
---- openssl-1.0.1m/crypto/objects/Makefile
-+++ openssl-1.0.1m/crypto/objects/Makefile
-@@ -44,11 +44,11 @@
- # objects.pl both reads and writes obj_mac.num
- obj_mac.h: objects.pl objects.txt obj_mac.num
- $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
-- @sleep 1; touch obj_mac.h; sleep 1
-
--obj_xref.h: objxref.pl obj_xref.txt obj_mac.num
-+# This doesn't really need obj_mac.h, but since that rule reads & writes
-+# obj_mac.num, we can't run in parallel with it.
-+obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h
- $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
-- @sleep 1; touch obj_xref.h; sleep 1
-
- files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
---- openssl-1.0.1m/engines/Makefile
-+++ openssl-1.0.1m/engines/Makefile
-@@ -72,7 +72,7 @@
-
- all: lib subdirs
-
--lib: $(LIBOBJ)
-+lib: $(LIBOBJ) | subdirs
- @if [ -n "$(SHARED_LIBS)" ]; then \
- set -e; \
- for l in $(LIBNAMES); do \
-@@ -89,7 +89,7 @@
-
- subdirs:
- echo $(EDIRS)
-- @target=all; $(RECURSIVE_MAKE)
-+ +@target=all; $(RECURSIVE_MAKE)
-
- files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-@@ -128,7 +128,7 @@
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
- done; \
- fi
-- @target=install; $(RECURSIVE_MAKE)
-+ +@target=install; $(RECURSIVE_MAKE)
-
- tags:
- ctags $(SRC)
---- openssl-1.0.1m/Makefile.org
-+++ openssl-1.0.1m/Makefile.org
-@@ -273,17 +273,17 @@
- build_libs: build_crypto build_ssl build_engines
-
- build_crypto:
-- @dir=crypto; target=all; $(BUILD_ONE_CMD)
--build_ssl:
-- @dir=ssl; target=all; $(BUILD_ONE_CMD)
--build_engines:
-- @dir=engines; target=all; $(BUILD_ONE_CMD)
--build_apps:
-- @dir=apps; target=all; $(BUILD_ONE_CMD)
--build_tests:
-- @dir=test; target=all; $(BUILD_ONE_CMD)
--build_tools:
-- @dir=tools; target=all; $(BUILD_ONE_CMD)
-+ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
-+build_ssl: build_crypto
-+ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
-+build_engines: build_crypto
-+ +@dir=engines; target=all; $(BUILD_ONE_CMD)
-+build_apps: build_libs
-+ +@dir=apps; target=all; $(BUILD_ONE_CMD)
-+build_tests: build_libs
-+ +@dir=test; target=all; $(BUILD_ONE_CMD)
-+build_tools: build_libs
-+ +@dir=tools; target=all; $(BUILD_ONE_CMD)
-
- all_testapps: build_libs build_testapps
- build_testapps:
-@@ -538,9 +538,9 @@
- dist_pem_h:
- (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
-
--install: all install_docs install_sw
-+install: install_docs install_sw
-
--install_sw:
-+install_dirs:
- @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-@@ -549,12 +549,19 @@
- $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/private
-+ @$(PERL) $(TOP)/util/mkdir-p.pl \
-+ $(INSTALL_PREFIX)$(MANDIR)/man1 \
-+ $(INSTALL_PREFIX)$(MANDIR)/man3 \
-+ $(INSTALL_PREFIX)$(MANDIR)/man5 \
-+ $(INSTALL_PREFIX)$(MANDIR)/man7
-+
-+install_sw: install_dirs
- @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
-- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
-+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
- @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
- do \
- if [ -f "$$i" ]; then \
-@@ -634,12 +641,7 @@
- done; \
- done
-
--install_docs:
-- @$(PERL) $(TOP)/util/mkdir-p.pl \
-- $(INSTALL_PREFIX)$(MANDIR)/man1 \
-- $(INSTALL_PREFIX)$(MANDIR)/man3 \
-- $(INSTALL_PREFIX)$(MANDIR)/man5 \
-- $(INSTALL_PREFIX)$(MANDIR)/man7
-+install_docs: install_dirs
- @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
- here="`pwd`"; \
- filecase=; \
---- openssl-1.0.1m/Makefile.shared
-+++ openssl-1.0.1m/Makefile.shared
-@@ -105,6 +105,7 @@
- SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
- LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
- LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
- LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
- $${SHAREDCMD} $${SHAREDFLAGS} \
- -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-@@ -122,6 +123,7 @@
- done; \
- fi; \
- if [ -n "$$SHLIB_SOVER" ]; then \
-+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
- ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
- ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
- fi; \
---- openssl-1.0.1m/test/Makefile
-+++ openssl-1.0.1m/test/Makefile
-@@ -130,7 +130,7 @@
- tags:
- ctags $(SRC)
-
--tests: exe apps $(TESTS)
-+tests: exe $(TESTS)
-
- apps:
- @(cd ..; $(MAKE) DIRS=apps all)
-@@ -388,118 +388,118 @@
- link_app.$${shlib_target}
-
- $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
-- @target=$(RSATEST); $(BUILD_CMD)
-+ +@target=$(RSATEST); $(BUILD_CMD)
-
- $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
-- @target=$(BNTEST); $(BUILD_CMD)
-+ +@target=$(BNTEST); $(BUILD_CMD)
-
- $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
-- @target=$(ECTEST); $(BUILD_CMD)
-+ +@target=$(ECTEST); $(BUILD_CMD)
-
- $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
-- @target=$(EXPTEST); $(BUILD_CMD)
-+ +@target=$(EXPTEST); $(BUILD_CMD)
-
- $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
-- @target=$(IDEATEST); $(BUILD_CMD)
-+ +@target=$(IDEATEST); $(BUILD_CMD)
-
- $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
-- @target=$(MD2TEST); $(BUILD_CMD)
-+ +@target=$(MD2TEST); $(BUILD_CMD)
-
- $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
-- @target=$(SHATEST); $(BUILD_CMD)
-+ +@target=$(SHATEST); $(BUILD_CMD)
-
- $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
-- @target=$(SHA1TEST); $(BUILD_CMD)
-+ +@target=$(SHA1TEST); $(BUILD_CMD)
-
- $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
-- @target=$(SHA256TEST); $(BUILD_CMD)
-+ +@target=$(SHA256TEST); $(BUILD_CMD)
-
- $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
-- @target=$(SHA512TEST); $(BUILD_CMD)
-+ +@target=$(SHA512TEST); $(BUILD_CMD)
-
- $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
-- @target=$(RMDTEST); $(BUILD_CMD)
-+ +@target=$(RMDTEST); $(BUILD_CMD)
-
- $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
-- @target=$(MDC2TEST); $(BUILD_CMD)
-+ +@target=$(MDC2TEST); $(BUILD_CMD)
-
- $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
-- @target=$(MD4TEST); $(BUILD_CMD)
-+ +@target=$(MD4TEST); $(BUILD_CMD)
-
- $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
-- @target=$(MD5TEST); $(BUILD_CMD)
-+ +@target=$(MD5TEST); $(BUILD_CMD)
-
- $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
-- @target=$(HMACTEST); $(BUILD_CMD)
-+ +@target=$(HMACTEST); $(BUILD_CMD)
-
- $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
-- @target=$(WPTEST); $(BUILD_CMD)
-+ +@target=$(WPTEST); $(BUILD_CMD)
-
- $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
-- @target=$(RC2TEST); $(BUILD_CMD)
-+ +@target=$(RC2TEST); $(BUILD_CMD)
-
- $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
-- @target=$(BFTEST); $(BUILD_CMD)
-+ +@target=$(BFTEST); $(BUILD_CMD)
-
- $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
-- @target=$(CASTTEST); $(BUILD_CMD)
-+ +@target=$(CASTTEST); $(BUILD_CMD)
-
- $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
-- @target=$(RC4TEST); $(BUILD_CMD)
-+ +@target=$(RC4TEST); $(BUILD_CMD)
-
- $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
-- @target=$(RC5TEST); $(BUILD_CMD)
-+ +@target=$(RC5TEST); $(BUILD_CMD)
-
- $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
-- @target=$(DESTEST); $(BUILD_CMD)
-+ +@target=$(DESTEST); $(BUILD_CMD)
-
- $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
-- @target=$(RANDTEST); $(BUILD_CMD)
-+ +@target=$(RANDTEST); $(BUILD_CMD)
-
- $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
-- @target=$(DHTEST); $(BUILD_CMD)
-+ +@target=$(DHTEST); $(BUILD_CMD)
-
- $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
-- @target=$(DSATEST); $(BUILD_CMD)
-+ +@target=$(DSATEST); $(BUILD_CMD)
-
- $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
-- @target=$(METHTEST); $(BUILD_CMD)
-+ +@target=$(METHTEST); $(BUILD_CMD)
-
- $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
-- @target=$(SSLTEST); $(FIPS_BUILD_CMD)
-+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
-
- $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
-- @target=$(ENGINETEST); $(BUILD_CMD)
-+ +@target=$(ENGINETEST); $(BUILD_CMD)
-
- $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
-- @target=$(EVPTEST); $(BUILD_CMD)
-+ +@target=$(EVPTEST); $(BUILD_CMD)
-
- $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
-- @target=$(EVPEXTRATEST); $(BUILD_CMD)
-+ +@target=$(EVPEXTRATEST); $(BUILD_CMD)
-
- $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
-- @target=$(ECDSATEST); $(BUILD_CMD)
-+ +@target=$(ECDSATEST); $(BUILD_CMD)
-
- $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
-- @target=$(ECDHTEST); $(BUILD_CMD)
-+ +@target=$(ECDHTEST); $(BUILD_CMD)
-
- $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
-- @target=$(IGETEST); $(BUILD_CMD)
-+ +@target=$(IGETEST); $(BUILD_CMD)
-
- $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
-- @target=$(JPAKETEST); $(BUILD_CMD)
-+ +@target=$(JPAKETEST); $(BUILD_CMD)
-
- $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
-- @target=$(ASN1TEST); $(BUILD_CMD)
-+ +@target=$(ASN1TEST); $(BUILD_CMD)
-
- $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
-- @target=$(SRPTEST); $(BUILD_CMD)
-+ +@target=$(SRPTEST); $(BUILD_CMD)
-
- $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
-- @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
-+ +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
-
- $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
-- @target=$(CONSTTIMETEST) $(BUILD_CMD)
-+ +@target=$(CONSTTIMETEST) $(BUILD_CMD)
-
- #$(AESTEST).o: $(AESTEST).c
- # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -512,7 +512,7 @@
- # fi
-
- dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
-- @target=dummytest; $(BUILD_CMD)
-+ +@target=dummytest; $(BUILD_CMD)
-
- # DO NOT DELETE THIS LINE -- make depend depends on it.
-
diff --git a/dev-libs/openssl/files/openssl-1.0.1m-s_client-verify.patch b/dev-libs/openssl/files/openssl-1.0.1m-s_client-verify.patch
deleted file mode 100644
index 8aa29e488f52..000000000000
--- a/dev-libs/openssl/files/openssl-1.0.1m-s_client-verify.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-https://bugs.gentoo.org/472584
-http://rt.openssl.org/Ticket/Display.html?id=2387&user=guest&pass=guest
-
-fix verification handling in s_client. when loading paths, make sure
-we properly fallback to setting the default paths.
-
-Forward-ported from openssl-1.0.1e-s_client-verify.patch
-
-Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
-
---- openssl-1.0.1m/apps/s_client.c
-+++ openssl-1.0.1m/apps/s_client.c
-@@ -1177,7 +1177,7 @@ int MAIN(int argc, char **argv)
- if (!set_cert_key_stuff(ctx, cert, key))
- goto end;
-
-- if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
-+ if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) &&
- (!SSL_CTX_set_default_verify_paths(ctx))) {
- /*
- * BIO_printf(bio_err,"error setting default verify locations\n");
diff --git a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch
deleted file mode 100644
index 6d396b42bef5..000000000000
--- a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-https://bugs.gentoo.org/541502
-
-From 1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Mon, 9 Feb 2015 11:38:41 +0000
-Subject: [PATCH] Fix a failure to NULL a pointer freed on error.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>
-
-CVE-2015-0209
-
-Reviewed-by: Emilia Käsper <emilia@openssl.org>
----
- crypto/ec/ec_asn1.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
-index 30b7df4..d3e8316 100644
---- a/crypto/ec/ec_asn1.c
-+++ b/crypto/ec/ec_asn1.c
-@@ -1014,8 +1014,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
- ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-- if (a)
-- *a = ret;
- } else
- ret = *a;
-
-@@ -1067,10 +1065,12 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
- }
- }
-
-+ if (a)
-+ *a = ret;
- ok = 1;
- err:
- if (!ok) {
-- if (ret)
-+ if (ret && (a == NULL || *a != ret))
- EC_KEY_free(ret);
- ret = NULL;
- }
---
-2.3.1
-
diff --git a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0288.patch b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0288.patch
deleted file mode 100644
index a6a10b0a2ca1..000000000000
--- a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0288.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-https://bugs.gentoo.org/542038
-
-From 28a00bcd8e318da18031b2ac8778c64147cd54f9 Mon Sep 17 00:00:00 2001
-From: "Dr. Stephen Henson" <steve@openssl.org>
-Date: Wed, 18 Feb 2015 00:34:59 +0000
-Subject: [PATCH] Check public key is not NULL.
-
-CVE-2015-0288
-PR#3708
-
-Reviewed-by: Matt Caswell <matt@openssl.org>
----
- crypto/x509/x509_req.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
-index bc6e566..01795f4 100644
---- a/crypto/x509/x509_req.c
-+++ b/crypto/x509/x509_req.c
-@@ -92,6 +92,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
- goto err;
-
- pktmp = X509_get_pubkey(x);
-+ if (pktmp == NULL)
-+ goto err;
- i = X509_REQ_set_pubkey(ret, pktmp);
- EVP_PKEY_free(pktmp);
- if (!i)
---
-2.3.1
-
diff --git a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch
deleted file mode 100644
index 852d06e9181a..000000000000
--- a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch
+++ /dev/null
@@ -1,459 +0,0 @@
---- openssl-1.0.2/crypto/asn1/a_type.c
-+++ openssl-1.0.2/crypto/asn1/a_type.c
-@@ -119,6 +119,9 @@
- case V_ASN1_OBJECT:
- result = OBJ_cmp(a->value.object, b->value.object);
- break;
-+ case V_ASN1_BOOLEAN:
-+ result = a->value.boolean - b->value.boolean;
-+ break;
- case V_ASN1_NULL:
- result = 0; /* They do not have content. */
- break;
---- openssl-1.0.2/crypto/asn1/tasn_dec.c
-+++ openssl-1.0.2/crypto/asn1/tasn_dec.c
-@@ -140,11 +140,17 @@
- {
- ASN1_TLC c;
- ASN1_VALUE *ptmpval = NULL;
-- if (!pval)
-- pval = &ptmpval;
- asn1_tlc_clear_nc(&c);
-- if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
-- return *pval;
-+ if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
-+ ptmpval = *pval;
-+ if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
-+ if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
-+ if (*pval)
-+ ASN1_item_free(*pval, it);
-+ *pval = ptmpval;
-+ }
-+ return ptmpval;
-+ }
- return NULL;
- }
-
-@@ -304,9 +310,16 @@
- case ASN1_ITYPE_CHOICE:
- if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
- goto auxerr;
--
-- /* Allocate structure */
-- if (!*pval && !ASN1_item_ex_new(pval, it)) {
-+ if (*pval) {
-+ /* Free up and zero CHOICE value if initialised */
-+ i = asn1_get_choice_selector(pval, it);
-+ if ((i >= 0) && (i < it->tcount)) {
-+ tt = it->templates + i;
-+ pchptr = asn1_get_field_ptr(pval, tt);
-+ ASN1_template_free(pchptr, tt);
-+ asn1_set_choice_selector(pval, -1, it);
-+ }
-+ } else if (!ASN1_item_ex_new(pval, it)) {
- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
- goto err;
- }
-@@ -386,6 +399,17 @@
- if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
- goto auxerr;
-
-+ /* Free up and zero any ADB found */
-+ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
-+ if (tt->flags & ASN1_TFLG_ADB_MASK) {
-+ const ASN1_TEMPLATE *seqtt;
-+ ASN1_VALUE **pseqval;
-+ seqtt = asn1_do_adb(pval, tt, 1);
-+ pseqval = asn1_get_field_ptr(pval, seqtt);
-+ ASN1_template_free(pseqval, seqtt);
-+ }
-+ }
-+
- /* Get each field entry */
- for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
- const ASN1_TEMPLATE *seqtt;
---- openssl-1.0.2/crypto/pkcs7/pk7_doit.c
-+++ openssl-1.0.2/crypto/pkcs7/pk7_doit.c
-@@ -261,6 +261,25 @@
- PKCS7_RECIP_INFO *ri = NULL;
- ASN1_OCTET_STRING *os = NULL;
-
-+ if (p7 == NULL) {
-+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
-+ return NULL;
-+ }
-+ /*
-+ * The content field in the PKCS7 ContentInfo is optional, but that really
-+ * only applies to inner content (precisely, detached signatures).
-+ *
-+ * When reading content, missing outer content is therefore treated as an
-+ * error.
-+ *
-+ * When creating content, PKCS7_content_new() must be called before
-+ * calling this method, so a NULL p7->d is always an error.
-+ */
-+ if (p7->d.ptr == NULL) {
-+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
-+ return NULL;
-+ }
-+
- i = OBJ_obj2nid(p7->type);
- p7->state = PKCS7_S_HEADER;
-
-@@ -411,6 +430,16 @@
- unsigned char *ek = NULL, *tkey = NULL;
- int eklen = 0, tkeylen = 0;
-
-+ if (p7 == NULL) {
-+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
-+ return NULL;
-+ }
-+
-+ if (p7->d.ptr == NULL) {
-+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
-+ return NULL;
-+ }
-+
- i = OBJ_obj2nid(p7->type);
- p7->state = PKCS7_S_HEADER;
-
-@@ -707,6 +736,16 @@
- STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
- ASN1_OCTET_STRING *os = NULL;
-
-+ if (p7 == NULL) {
-+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
-+ return 0;
-+ }
-+
-+ if (p7->d.ptr == NULL) {
-+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
-+ return 0;
-+ }
-+
- EVP_MD_CTX_init(&ctx_tmp);
- i = OBJ_obj2nid(p7->type);
- p7->state = PKCS7_S_HEADER;
-@@ -746,6 +785,7 @@
- /* If detached data then the content is excluded */
- if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
- M_ASN1_OCTET_STRING_free(os);
-+ os = NULL;
- p7->d.sign->contents->d.data = NULL;
- }
- break;
-@@ -755,6 +795,7 @@
- /* If detached data then the content is excluded */
- if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
- M_ASN1_OCTET_STRING_free(os);
-+ os = NULL;
- p7->d.digest->contents->d.data = NULL;
- }
- break;
-@@ -820,22 +861,30 @@
- M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
- }
-
-- if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) {
-- char *cont;
-- long contlen;
-- btmp = BIO_find_type(bio, BIO_TYPE_MEM);
-- if (btmp == NULL) {
-- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
-- goto err;
-- }
-- contlen = BIO_get_mem_data(btmp, &cont);
-+ if (!PKCS7_is_detached(p7)) {
- /*
-- * Mark the BIO read only then we can use its copy of the data
-- * instead of making an extra copy.
-+ * NOTE(emilia): I think we only reach os == NULL here because detached
-+ * digested data support is broken.
- */
-- BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
-- BIO_set_mem_eof_return(btmp, 0);
-- ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
-+ if (os == NULL)
-+ goto err;
-+ if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
-+ char *cont;
-+ long contlen;
-+ btmp = BIO_find_type(bio, BIO_TYPE_MEM);
-+ if (btmp == NULL) {
-+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
-+ goto err;
-+ }
-+ contlen = BIO_get_mem_data(btmp, &cont);
-+ /*
-+ * Mark the BIO read only then we can use its copy of the data
-+ * instead of making an extra copy.
-+ */
-+ BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
-+ BIO_set_mem_eof_return(btmp, 0);
-+ ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
-+ }
- }
- ret = 1;
- err:
-@@ -910,6 +959,16 @@
- STACK_OF(X509) *cert;
- X509 *x509;
-
-+ if (p7 == NULL) {
-+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
-+ return 0;
-+ }
-+
-+ if (p7->d.ptr == NULL) {
-+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
-+ return 0;
-+ }
-+
- if (PKCS7_type_is_signed(p7)) {
- cert = p7->d.sign->cert;
- } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
---- openssl-1.0.2/crypto/pkcs7/pk7_lib.c
-+++ openssl-1.0.2/crypto/pkcs7/pk7_lib.c
-@@ -70,6 +70,7 @@
- nid = OBJ_obj2nid(p7->type);
-
- switch (cmd) {
-+ /* NOTE(emilia): does not support detached digested data. */
- case PKCS7_OP_SET_DETACHED_SIGNATURE:
- if (nid == NID_pkcs7_signed) {
- ret = p7->detached = (int)larg;
-@@ -444,6 +445,8 @@
-
- STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
- {
-+ if (p7 == NULL || p7->d.ptr == NULL)
-+ return NULL;
- if (PKCS7_type_is_signed(p7)) {
- return (p7->d.sign->signer_info);
- } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
---- openssl-1.0.2/crypto/rsa/rsa_ameth.c
-+++ openssl-1.0.2/crypto/rsa/rsa_ameth.c
-@@ -698,9 +698,10 @@
- RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
- return -1;
- }
-- if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey))
-+ if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey) > 0) {
- /* Carry on */
- return 2;
-+ }
- return -1;
- }
-
---- openssl-1.0.2/doc/crypto/d2i_X509.pod
-+++ openssl-1.0.2/doc/crypto/d2i_X509.pod
-@@ -207,6 +207,12 @@
- persist if they are not present in the new one. As a result the use
- of this "reuse" behaviour is strongly discouraged.
-
-+Current versions of OpenSSL will not modify B<*px> if an error occurs.
-+If parsing succeeds then B<*px> is freed (if it is not NULL) and then
-+set to the value of the newly decoded structure. As a result B<*px>
-+B<must not> be allocated on the stack or an attempt will be made to
-+free an invalid pointer.
-+
- i2d_X509() will not return an error in many versions of OpenSSL,
- if mandatory fields are not initialized due to a programming error
- then the encoded structure may contain invalid data or omit the
-@@ -233,7 +239,9 @@
-
- d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
- or B<NULL> if an error occurs. The error code that can be obtained by
--L<ERR_get_error(3)|ERR_get_error(3)>.
-+L<ERR_get_error(3)|ERR_get_error(3)>. If the "reuse" capability has been used
-+with a valid X509 structure being passed in via B<px> then the object is not
-+modified in the event of error.
-
- i2d_X509() returns the number of bytes successfully encoded or a negative
- value if an error occurs. The error code can be obtained by
---- openssl-1.0.2/ssl/d1_lib.c
-+++ openssl-1.0.2/ssl/d1_lib.c
-@@ -543,6 +543,9 @@
- {
- int ret;
-
-+ /* Ensure there is no state left over from a previous invocation */
-+ SSL_clear(s);
-+
- SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
- s->d1->listen = 1;
-
---- openssl-1.0.2/ssl/s2_lib.c
-+++ openssl-1.0.2/ssl/s2_lib.c
-@@ -493,7 +493,7 @@
-
- OPENSSL_assert(s->session->master_key_length >= 0
- && s->session->master_key_length
-- < (int)sizeof(s->session->master_key));
-+ <= (int)sizeof(s->session->master_key));
- EVP_DigestUpdate(&ctx, s->session->master_key,
- s->session->master_key_length);
- EVP_DigestUpdate(&ctx, &c, 1);
---- openssl-1.0.2/ssl/s2_srvr.c
-+++ openssl-1.0.2/ssl/s2_srvr.c
-@@ -454,11 +454,6 @@
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_PRIVATEKEY);
- return (-1);
- }
-- i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
-- &(p[s->s2->tmp.clear]),
-- &(p[s->s2->tmp.clear]),
-- (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
-- RSA_PKCS1_PADDING);
-
- is_export = SSL_C_IS_EXPORT(s->session->cipher);
-
-@@ -475,23 +470,61 @@
- } else
- ek = 5;
-
-+ /*
-+ * The format of the CLIENT-MASTER-KEY message is
-+ * 1 byte message type
-+ * 3 bytes cipher
-+ * 2-byte clear key length (stored in s->s2->tmp.clear)
-+ * 2-byte encrypted key length (stored in s->s2->tmp.enc)
-+ * 2-byte key args length (IV etc)
-+ * clear key
-+ * encrypted key
-+ * key args
-+ *
-+ * If the cipher is an export cipher, then the encrypted key bytes
-+ * are a fixed portion of the total key (5 or 8 bytes). The size of
-+ * this portion is in |ek|. If the cipher is not an export cipher,
-+ * then the entire key material is encrypted (i.e., clear key length
-+ * must be zero).
-+ */
-+ if ((!is_export && s->s2->tmp.clear != 0) ||
-+ (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) {
-+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
-+ return -1;
-+ }
-+ /*
-+ * The encrypted blob must decrypt to the encrypted portion of the key.
-+ * Decryption can't be expanding, so if we don't have enough encrypted
-+ * bytes to fit the key in the buffer, stop now.
-+ */
-+ if ((is_export && s->s2->tmp.enc < ek) ||
-+ (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) {
-+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
-+ return -1;
-+ }
-+
-+ i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
-+ &(p[s->s2->tmp.clear]),
-+ &(p[s->s2->tmp.clear]),
-+ (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
-+ RSA_PKCS1_PADDING);
-+
- /* bad decrypt */
- # if 1
- /*
- * If a bad decrypt, continue with protocol but with a random master
- * secret (Bleichenbacher attack)
- */
-- if ((i < 0) || ((!is_export && (i != EVP_CIPHER_key_length(c)))
-- || (is_export && ((i != ek)
-- || (s->s2->tmp.clear +
-- (unsigned int)i != (unsigned int)
-- EVP_CIPHER_key_length(c)))))) {
-+ if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
-+ || (is_export && i != ek))) {
- ERR_clear_error();
- if (is_export)
- i = ek;
- else
- i = EVP_CIPHER_key_length(c);
-- if (RAND_pseudo_bytes(p, i) <= 0)
-+ if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0)
- return 0;
- }
- # else
-@@ -513,7 +546,7 @@
- # endif
-
- if (is_export)
-- i += s->s2->tmp.clear;
-+ i = EVP_CIPHER_key_length(c);
-
- if (i > SSL_MAX_MASTER_KEY_LENGTH) {
- ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
---- openssl-1.0.2/ssl/s3_pkt.c
-+++ openssl-1.0.2/ssl/s3_pkt.c
-@@ -780,7 +780,7 @@
-
- i = ssl3_write_pending(s, type, &buf[tot], nw);
- if (i <= 0) {
-- if (i < 0) {
-+ if (i < 0 && (!s->wbio || !BIO_should_retry(s->wbio))) {
- OPENSSL_free(wb->buf);
- wb->buf = NULL;
- }
---- openssl-1.0.2/ssl/s3_srvr.c
-+++ openssl-1.0.2/ssl/s3_srvr.c
-@@ -2251,10 +2251,17 @@
- if (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) {
- int idx = -1;
- EVP_PKEY *skey = NULL;
-- if (n)
-+ if (n) {
- n2s(p, i);
-- else
-+ } else {
-+ if (alg_k & SSL_kDHE) {
-+ al = SSL_AD_HANDSHAKE_FAILURE;
-+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-+ SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
-+ goto f_err;
-+ }
- i = 0;
-+ }
- if (n && n != i + 2) {
- if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
---- openssl-1.0.2/ssl/t1_lib.c
-+++ openssl-1.0.2/ssl/t1_lib.c
-@@ -2965,6 +2965,7 @@
- if (s->cert->shared_sigalgs) {
- OPENSSL_free(s->cert->shared_sigalgs);
- s->cert->shared_sigalgs = NULL;
-+ s->cert->shared_sigalgslen = 0;
- }
- /* Clear certificate digests and validity flags */
- for (i = 0; i < SSL_PKEY_NUM; i++) {
-@@ -3618,6 +3619,7 @@
- if (c->shared_sigalgs) {
- OPENSSL_free(c->shared_sigalgs);
- c->shared_sigalgs = NULL;
-+ c->shared_sigalgslen = 0;
- }
- /* If client use client signature algorithms if not NULL */
- if (!s->server && c->client_sigalgs && !is_suiteb) {
-@@ -3640,12 +3642,14 @@
- preflen = c->peer_sigalgslen;
- }
- nmatch = tls12_do_shared_sigalgs(NULL, pref, preflen, allow, allowlen);
-- if (!nmatch)
-- return 1;
-- salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS));
-- if (!salgs)
-- return 0;
-- nmatch = tls12_do_shared_sigalgs(salgs, pref, preflen, allow, allowlen);
-+ if (nmatch) {
-+ salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS));
-+ if (!salgs)
-+ return 0;
-+ nmatch = tls12_do_shared_sigalgs(salgs, pref, preflen, allow, allowlen);
-+ } else {
-+ salgs = NULL;
-+ }
- c->shared_sigalgs = salgs;
- c->shared_sigalgslen = nmatch;
- return 1;
diff --git a/dev-libs/openssl/files/openssl-1.0.2-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.2-parallel-build.patch
deleted file mode 100644
index 31d3f1d634de..000000000000
--- a/dev-libs/openssl/files/openssl-1.0.2-parallel-build.patch
+++ /dev/null
@@ -1,354 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=2084&user=guest&pass=guest
-
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -247,17 +247,17 @@
- build_libs: build_crypto build_ssl build_engines
-
- build_crypto:
-- @dir=crypto; target=all; $(BUILD_ONE_CMD)
-+ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
--build_ssl:
-+build_ssl: build_crypto
-- @dir=ssl; target=all; $(BUILD_ONE_CMD)
-+ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
--build_engines:
-+build_engines: build_crypto
-- @dir=engines; target=all; $(BUILD_ONE_CMD)
-+ +@dir=engines; target=all; $(BUILD_ONE_CMD)
--build_apps:
-+build_apps: build_libs
-- @dir=apps; target=all; $(BUILD_ONE_CMD)
-+ +@dir=apps; target=all; $(BUILD_ONE_CMD)
--build_tests:
-+build_tests: build_libs
-- @dir=test; target=all; $(BUILD_ONE_CMD)
-+ +@dir=test; target=all; $(BUILD_ONE_CMD)
--build_tools:
-+build_tools: build_libs
-- @dir=tools; target=all; $(BUILD_ONE_CMD)
-+ +@dir=tools; target=all; $(BUILD_ONE_CMD)
-
- all_testapps: build_libs build_testapps
- build_testapps:
-@@ -497,9 +497,9 @@
- dist_pem_h:
- (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
-
--install: all install_docs install_sw
-+install: install_docs install_sw
-
--install_sw:
-+install_dirs:
- @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-@@ -508,6 +508,13 @@
- $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/private
-+ @$(PERL) $(TOP)/util/mkdir-p.pl \
-+ $(INSTALL_PREFIX)$(MANDIR)/man1 \
-+ $(INSTALL_PREFIX)$(MANDIR)/man3 \
-+ $(INSTALL_PREFIX)$(MANDIR)/man5 \
-+ $(INSTALL_PREFIX)$(MANDIR)/man7
-+
-+install_sw: install_dirs
- @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-@@ -511,7 +511,7 @@
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
-- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
-+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
- @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
- do \
- if [ -f "$$i" ]; then \
-@@ -593,12 +600,7 @@
- done; \
- done
-
--install_docs:
-- @$(PERL) $(TOP)/util/mkdir-p.pl \
-- $(INSTALL_PREFIX)$(MANDIR)/man1 \
-- $(INSTALL_PREFIX)$(MANDIR)/man3 \
-- $(INSTALL_PREFIX)$(MANDIR)/man5 \
-- $(INSTALL_PREFIX)$(MANDIR)/man7
-+install_docs: install_dirs
- @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
- here="`pwd`"; \
- filecase=; \
---- a/Makefile.shared
-+++ b/Makefile.shared
-@@ -105,6 +105,7 @@ LINK_SO= \
- SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
- LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
- LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
- LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
- $${SHAREDCMD} $${SHAREDFLAGS} \
- -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-@@ -122,6 +124,7 @@ SYMLINK_SO= \
- done; \
- fi; \
- if [ -n "$$SHLIB_SOVER" ]; then \
-+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
- ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
- ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
- fi; \
---- a/crypto/Makefile
-+++ b/crypto/Makefile
-@@ -85,11 +85,11 @@
- @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-
- subdirs:
-- @target=all; $(RECURSIVE_MAKE)
-+ +@target=all; $(RECURSIVE_MAKE)
-
- files:
- $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
-- @target=files; $(RECURSIVE_MAKE)
-+ +@target=files; $(RECURSIVE_MAKE)
-
- links:
- @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -100,7 +100,7 @@
- # lib: $(LIB): are splitted to avoid end-less loop
- lib: $(LIB)
- @touch lib
--$(LIB): $(LIBOBJ)
-+$(LIB): $(LIBOBJ) | subdirs
- $(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB) || echo Never mind.
-
-@@ -110,7 +110,7 @@
- fi
-
- libs:
-- @target=lib; $(RECURSIVE_MAKE)
-+ +@target=lib; $(RECURSIVE_MAKE)
-
- install:
- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -119,7 +119,7 @@
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
-- @target=install; $(RECURSIVE_MAKE)
-+ +@target=install; $(RECURSIVE_MAKE)
-
- lint:
- @target=lint; $(RECURSIVE_MAKE)
---- a/engines/Makefile
-+++ b/engines/Makefile
-@@ -72,7 +72,7 @@
-
- all: lib subdirs
-
--lib: $(LIBOBJ)
-+lib: $(LIBOBJ) | subdirs
- @if [ -n "$(SHARED_LIBS)" ]; then \
- set -e; \
- for l in $(LIBNAMES); do \
-@@ -89,7 +89,7 @@
-
- subdirs:
- echo $(EDIRS)
-- @target=all; $(RECURSIVE_MAKE)
-+ +@target=all; $(RECURSIVE_MAKE)
-
- files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-@@ -128,7 +128,7 @@
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
- done; \
- fi
-- @target=install; $(RECURSIVE_MAKE)
-+ +@target=install; $(RECURSIVE_MAKE)
-
- tags:
- ctags $(SRC)
---- a/test/Makefile
-+++ b/test/Makefile
-@@ -123,7 +123,7 @@
- tags:
- ctags $(SRC)
-
--tests: exe apps $(TESTS)
-+tests: exe $(TESTS)
-
- apps:
- @(cd ..; $(MAKE) DIRS=apps all)
-@@ -365,109 +365,109 @@
- link_app.$${shlib_target}
-
- $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
-- @target=$(RSATEST); $(BUILD_CMD)
-+ +@target=$(RSATEST); $(BUILD_CMD)
-
- $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
-- @target=$(BNTEST); $(BUILD_CMD)
-+ +@target=$(BNTEST); $(BUILD_CMD)
-
- $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
-- @target=$(ECTEST); $(BUILD_CMD)
-+ +@target=$(ECTEST); $(BUILD_CMD)
-
- $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
-- @target=$(EXPTEST); $(BUILD_CMD)
-+ +@target=$(EXPTEST); $(BUILD_CMD)
-
- $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
-- @target=$(IDEATEST); $(BUILD_CMD)
-+ +@target=$(IDEATEST); $(BUILD_CMD)
-
- $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
-- @target=$(MD2TEST); $(BUILD_CMD)
-+ +@target=$(MD2TEST); $(BUILD_CMD)
-
- $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
-- @target=$(SHATEST); $(BUILD_CMD)
-+ +@target=$(SHATEST); $(BUILD_CMD)
-
- $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
-- @target=$(SHA1TEST); $(BUILD_CMD)
-+ +@target=$(SHA1TEST); $(BUILD_CMD)
-
- $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
-- @target=$(SHA256TEST); $(BUILD_CMD)
-+ +@target=$(SHA256TEST); $(BUILD_CMD)
-
- $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
-- @target=$(SHA512TEST); $(BUILD_CMD)
-+ +@target=$(SHA512TEST); $(BUILD_CMD)
-
- $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
-- @target=$(RMDTEST); $(BUILD_CMD)
-+ +@target=$(RMDTEST); $(BUILD_CMD)
-
- $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
-- @target=$(MDC2TEST); $(BUILD_CMD)
-+ +@target=$(MDC2TEST); $(BUILD_CMD)
-
- $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
-- @target=$(MD4TEST); $(BUILD_CMD)
-+ +@target=$(MD4TEST); $(BUILD_CMD)
-
- $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
-- @target=$(MD5TEST); $(BUILD_CMD)
-+ +@target=$(MD5TEST); $(BUILD_CMD)
-
- $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
-- @target=$(HMACTEST); $(BUILD_CMD)
-+ +@target=$(HMACTEST); $(BUILD_CMD)
-
- $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
-- @target=$(WPTEST); $(BUILD_CMD)
-+ +@target=$(WPTEST); $(BUILD_CMD)
-
- $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
-- @target=$(RC2TEST); $(BUILD_CMD)
-+ +@target=$(RC2TEST); $(BUILD_CMD)
-
- $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
-- @target=$(BFTEST); $(BUILD_CMD)
-+ +@target=$(BFTEST); $(BUILD_CMD)
-
- $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
-- @target=$(CASTTEST); $(BUILD_CMD)
-+ +@target=$(CASTTEST); $(BUILD_CMD)
-
- $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
-- @target=$(RC4TEST); $(BUILD_CMD)
-+ +@target=$(RC4TEST); $(BUILD_CMD)
-
- $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
-- @target=$(RC5TEST); $(BUILD_CMD)
-+ +@target=$(RC5TEST); $(BUILD_CMD)
-
- $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
-- @target=$(DESTEST); $(BUILD_CMD)
-+ +@target=$(DESTEST); $(BUILD_CMD)
-
- $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
-- @target=$(RANDTEST); $(BUILD_CMD)
-+ +@target=$(RANDTEST); $(BUILD_CMD)
-
- $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
-- @target=$(DHTEST); $(BUILD_CMD)
-+ +@target=$(DHTEST); $(BUILD_CMD)
-
- $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
-- @target=$(DSATEST); $(BUILD_CMD)
-+ +@target=$(DSATEST); $(BUILD_CMD)
-
- $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
-- @target=$(METHTEST); $(BUILD_CMD)
-+ +@target=$(METHTEST); $(BUILD_CMD)
-
- $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
-- @target=$(SSLTEST); $(FIPS_BUILD_CMD)
-+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
-
- $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
-- @target=$(ENGINETEST); $(BUILD_CMD)
-+ +@target=$(ENGINETEST); $(BUILD_CMD)
-
- $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
-- @target=$(EVPTEST); $(BUILD_CMD)
-+ +@target=$(EVPTEST); $(BUILD_CMD)
-
- $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
-- @target=$(ECDSATEST); $(BUILD_CMD)
-+ +@target=$(ECDSATEST); $(BUILD_CMD)
-
- $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
-- @target=$(ECDHTEST); $(BUILD_CMD)
-+ +@target=$(ECDHTEST); $(BUILD_CMD)
-
- $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
-- @target=$(IGETEST); $(BUILD_CMD)
-+ +@target=$(IGETEST); $(BUILD_CMD)
-
- $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
-- @target=$(JPAKETEST); $(BUILD_CMD)
-+ +@target=$(JPAKETEST); $(BUILD_CMD)
-
- $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
-- @target=$(ASN1TEST); $(BUILD_CMD)
-+ +@target=$(ASN1TEST); $(BUILD_CMD)
-
- $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
-- @target=$(SRPTEST); $(BUILD_CMD)
-+ +@target=$(SRPTEST); $(BUILD_CMD)
-
- #$(AESTEST).o: $(AESTEST).c
- # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -480,7 +480,7 @@
- # fi
-
- dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
-- @target=dummytest; $(BUILD_CMD)
-+ +@target=dummytest; $(BUILD_CMD)
-
- # DO NOT DELETE THIS LINE -- make depend depends on it.
-
---- a/crypto/objects/Makefile
-+++ b/crypto/objects/Makefile
-@@ -44,11 +44,11 @@ obj_dat.h: obj_dat.pl obj_mac.h
- # objects.pl both reads and writes obj_mac.num
- obj_mac.h: objects.pl objects.txt obj_mac.num
- $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
-- @sleep 1; touch obj_mac.h; sleep 1
-
--obj_xref.h: objxref.pl obj_xref.txt obj_mac.num
-+# This doesn't really need obj_mac.h, but since that rule reads & writes
-+# obj_mac.num, we can't run in parallel with it.
-+obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h
- $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
-- @sleep 1; touch obj_xref.h; sleep 1
-
- files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO