From 9146ff723d151751476c066f06bfa52b2b991aa9 Mon Sep 17 00:00:00 2001
From: Adrien Destugues <pulkomandy@pulkomandy.tk>
Date: Mon, 9 Nov 2015 21:37:56 +0100
Subject: [PATCH] Add recipe for openSSL 1.0.2

* This includes a new algorithm for validating certificate chains, which
  is compatible with the current versions of the ca_root_certificates
  data.
* The libraries are still binary compatible, so the soname still doesn't
  change.
---
 dev-libs/openssl/openssl-1.0.2d.recipe        | 116 ++++++++++++
 .../openssl/patches/openssl-1.0.2d.patchset   | 172 ++++++++++++++++++
 2 files changed, 288 insertions(+)
 create mode 100644 dev-libs/openssl/openssl-1.0.2d.recipe
 create mode 100644 dev-libs/openssl/patches/openssl-1.0.2d.patchset

diff --git a/dev-libs/openssl/openssl-1.0.2d.recipe b/dev-libs/openssl/openssl-1.0.2d.recipe
new file mode 100644
index 000000000..fb07c4b64
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.0.2d.recipe
@@ -0,0 +1,116 @@
+SUMMARY="Full-strength general purpose cryptography library (with SSL/TLS)"
+DESCRIPTION="
+The OpenSSL Project is a collaborative effort to develop a robust, \
+commercial-grade, full-featured, and Open Source toolkit implementing the \
+Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) \
+protocols as well as a full-strength general purpose cryptography library. The \
+project is managed by a worldwide community of volunteers that use the \
+Internet to communicate, plan, and develop the OpenSSL toolkit and its related \
+documentation.
+OpenSSL is based on the excellent SSLeay library developed by Eric A. Young \
+and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-style \
+licence, which basically means that you are free to get and use it for \
+commercial and non-commercial purposes subject to some simple license \
+conditions.
+"
+HOMEPAGE="http://www.openssl.org/"
+SOURCE_URI="http://www.openssl.org/source/openssl-${portVersion}.tar.gz"
+CHECKSUM_SHA256="671c36487785628a703374c652ad2cebea45fa920ae5681515df25d9f2c9a8c8"
+LICENSE="OpenSSL"
+COPYRIGHT="
+	1995-1998 Eric Young
+	1998-2015 The OpenSSL Project.
+	"
+REVISION="4"
+ARCHITECTURES="x86_gcc2 x86 ?x86_64"
+SECONDARY_ARCHITECTURES="x86_gcc2 x86"
+
+PATCHES="openssl-1.0.2d.patchset"
+
+PROVIDES="
+	openssl$secondaryArchSuffix = $portVersion compat >= 1.0.2
+	lib:libcrypto$secondaryArchSuffix = 1.0.0 compat >= 1.0
+	lib:libssl$secondaryArchSuffix = 1.0.0 compat >= 1.0
+	"
+if [ -z "$secondaryArchSuffix" ]; then
+	PROVIDES="$PROVIDES
+		cmd:c_rehash = $portVersion compat >= 1
+		cmd:openssl = $portVersion compat >= 1
+		"
+fi
+
+REQUIRES="
+	haiku$secondaryArchSuffix
+	lib:libz$secondaryArchSuffix >= 1.2.3
+	ca_root_certificates
+	"
+
+BUILD_REQUIRES="
+	devel:libz$secondaryArchSuffix >= 1.2.3
+	"
+BUILD_PREREQUIRES="
+	haiku${secondaryArchSuffix}_devel
+	cmd:gcc${secondaryArchSuffix}
+	cmd:ld${secondaryArchSuffix}
+	cmd:make
+	cmd:perl >= 5
+	cmd:sed
+	"
+
+PATCH()
+{
+	# fix hard-coded perl path
+	sed -i 's,/usr/bin/perl,/bin/env perl,g' apps/tsget
+}
+
+BUILD()
+{
+	PERL="/bin/env perl" \
+	./config --prefix=$prefix --libdir=$relativeLibDir \
+		--openssldir=$dataRootDir/ssl \
+		zlib shared
+	make
+		# multi-job builds don't work correctly
+}
+
+INSTALL()
+{
+	make MANDIR=$manDir install
+
+	# move include dir to correct location
+	mkdir -p $(dirname $includeDir)
+	mv $prefix/include $includeDir
+
+	# prepare develop/lib
+	prepareInstalledDevelLibs libcrypto libssl
+	fixPkgconfig
+
+	# devel package
+	packageEntries devel \
+		$developDir \
+		$manDir/man3
+
+	# Remove stuff we don't need in the secondary architecture base package,
+	# since we make it depend on the primary package.
+	if [ -n "$secondaryArchSuffix" ]; then
+		rm -rf $prefix/bin
+		rm -rf $dataRootDir/ssl
+		rm -rf $documentationDir
+	fi
+}
+
+TEST()
+{
+	make test
+}
+
+# ----- devel package -------------------------------------------------------
+
+PROVIDES_devel="
+	openssl${secondaryArchSuffix}_devel = $portVersion
+	devel:libcrypto${secondaryArchSuffix} = 1.0.0 compat >= 1.0
+	devel:libssl${secondaryArchSuffix} = 1.0.0 compat >= 1.0
+	"
+REQUIRES_devel="
+	openssl${secondaryArchSuffix} == $portVersion base
+	"
diff --git a/dev-libs/openssl/patches/openssl-1.0.2d.patchset b/dev-libs/openssl/patches/openssl-1.0.2d.patchset
new file mode 100644
index 000000000..49504cae8
--- /dev/null
+++ b/dev-libs/openssl/patches/openssl-1.0.2d.patchset
@@ -0,0 +1,172 @@
+From a04261aa0fa37e850a29526769fa48c81c4a3b54 Mon Sep 17 00:00:00 2001
+From: Alexander von Gluck IV <kallisti5@unixzen.com>
+Date: Wed, 18 Jun 2014 02:37:21 +0000
+Subject: Haiku: build fixes
+
+
+diff --git a/Configure b/Configure
+index d99eed7..b52eba7 100755
+--- a/Configure
++++ b/Configure
+@@ -498,6 +498,10 @@ my %table=(
+ "beos-x86-r5",   "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lnet:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC -DPIC:-shared:.so",
+ "beos-x86-bone", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lbind -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC:-shared:.so",
+ 
++##### Haiku
++"haiku-x86",   "gcc:-DL_ENDIAN -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::-lnetwork:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:haiku-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"haiku-x86_64",        "gcc:-m64 -DL_ENDIAN -O2 -Wall -DMD32_REG_T=int::-D_REENTRANT::-lnetwork:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:haiku-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++
+ #### SCO/Caldera targets.
+ #
+ # Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc.
+diff --git a/Makefile.shared b/Makefile.shared
+index e753f44..cce510f 100644
+--- a/Makefile.shared
++++ b/Makefile.shared
+@@ -594,10 +594,10 @@ symlink.hpux:
+ symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath symlink.beos:
+ 
+ # Compatibility targets
+-link_o.bsd-gcc-shared link_o.linux-shared link_o.gnu-shared: link_o.gnu
+-link_a.bsd-gcc-shared link_a.linux-shared link_a.gnu-shared: link_a.gnu
+-link_app.bsd-gcc-shared link_app.linux-shared link_app.gnu-shared: link_app.gnu
+-symlink.bsd-gcc-shared symlink.bsd-shared symlink.linux-shared symlink.gnu-shared: symlink.gnu
++link_o.bsd-gcc-shared link_o.linux-shared link_o.gnu-shared link_o.haiku-shared: link_o.gnu
++link_a.bsd-gcc-shared link_a.linux-shared link_a.gnu-shared link_a.haiku-shared: link_a.gnu
++link_app.bsd-gcc-shared link_app.linux-shared link_app.gnu-shared link_app.haiku-shared: link_app.gnu
++symlink.bsd-gcc-shared symlink.bsd-shared symlink.linux-shared symlink.gnu-shared symlink.haiku-shared: symlink.gnu
+ link_o.bsd-shared: link_o.bsd
+ link_a.bsd-shared: link_a.bsd
+ link_app.bsd-shared: link_app.bsd
+diff --git a/config b/config
+index 77f730f..d2a0c95 100755
+--- a/config
++++ b/config
+@@ -134,6 +134,14 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
+ 	echo "${MACHINE}-dg-dgux"; exit 0
+ 	;;
+ 
++    Haiku:*:BePC)
++        echo "i586-pc-haiku"; exit 0
++        ;;
++
++    Haiku:*:*)
++        echo "${MACHINE}-unknown-haiku"; exit 0
++        ;;
++
+     HI-UX:*)
+ 	echo "${MACHINE}-hi-hiux"; exit 0
+ 	;;
+@@ -848,6 +856,9 @@ case "$GUESSOS" in
+ 	    options="$options no-asm"
+ 	fi
+ 	;;
++  i586-*-haiku) OUT="haiku-x86" ;;
++  x86_64-*-haiku) OUT="haiku-x86_64" ;;
++
+   # these are all covered by the catchall below
+   # *-dgux) OUT="dgux" ;;
+   mips-sony-newsos4) OUT="newsos4-gcc" ;;
+-- 
+2.2.2
+
+
+From 3db79f59be0febb0db6060dbdf6ac106c1abc692 Mon Sep 17 00:00:00 2001
+From: Alexander von Gluck IV <kallisti5@unixzen.com>
+Date: Wed, 18 Jun 2014 02:39:12 +0000
+Subject: Haiku: Modify default Root CA filename
+
+
+diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h
+index fba180a..40c32df 100644
+--- a/crypto/cryptlib.h
++++ b/crypto/cryptlib.h
+@@ -82,7 +82,7 @@ extern "C" {
+ # ifndef OPENSSL_SYS_VMS
+ #  define X509_CERT_AREA          OPENSSLDIR
+ #  define X509_CERT_DIR           OPENSSLDIR "/certs"
+-#  define X509_CERT_FILE          OPENSSLDIR "/cert.pem"
++#  define X509_CERT_FILE          OPENSSLDIR "/CARootCertificates.pem"
+ #  define X509_PRIVATE_DIR        OPENSSLDIR "/private"
+ # else
+ #  define X509_CERT_AREA          "SSLROOT:[000000]"
+-- 
+2.2.2
+
+
+From f3427de441d7d0444bdb5347df3bc46bcfec5bef Mon Sep 17 00:00:00 2001
+From: Adrien Destugues <pulkomandy@pulkomandy.tk>
+Date: Mon, 9 Nov 2015 19:44:10 +0100
+Subject: Do not use __INTEL__ to detect x86_64.
+
+* Haiku defines it for 32-bit x86 as well.
+
+diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
+index 8330964..8980582 100644
+--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
++++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
+@@ -91,8 +91,7 @@ typedef struct {
+ 
+ # if     defined(AES_ASM) &&     ( \
+         defined(__x86_64)       || defined(__x86_64__)  || \
+-        defined(_M_AMD64)       || defined(_M_X64)      || \
+-        defined(__INTEL__)      )
++        defined(_M_AMD64)       || defined(_M_X64)      )
+ 
+ extern unsigned int OPENSSL_ia32cap_P[];
+ #  define AESNI_CAPABLE   (1<<(57-32))
+-- 
+2.2.2
+
+
+From be8424d5e95e856981decedec9e0d4127920c1b0 Mon Sep 17 00:00:00 2001
+From: Adrien Destugues <pulkomandy@pulkomandy.tk>
+Date: Mon, 9 Nov 2015 20:32:09 +0100
+Subject: more __intel__ fixes...
+
+
+diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
+index b1c586e..63bc0e8 100644
+--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
++++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
+@@ -91,8 +91,7 @@ typedef struct {
+ 
+ # if     defined(AES_ASM) &&     ( \
+         defined(__x86_64)       || defined(__x86_64__)  || \
+-        defined(_M_AMD64)       || defined(_M_X64)      || \
+-        defined(__INTEL__)      )
++        defined(_M_AMD64)       || defined(_M_X64)      )
+ 
+ extern unsigned int OPENSSL_ia32cap_P[];
+ #  define AESNI_CAPABLE   (1<<(57-32))
+diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c
+index 2da1117..d41ba7f 100644
+--- a/crypto/evp/e_rc4_hmac_md5.c
++++ b/crypto/evp/e_rc4_hmac_md5.c
+@@ -101,8 +101,7 @@ static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx,
+ 
+ # if     !defined(OPENSSL_NO_ASM) &&     ( \
+         defined(__x86_64)       || defined(__x86_64__)  || \
+-        defined(_M_AMD64)       || defined(_M_X64)      || \
+-        defined(__INTEL__)              ) && \
++        defined(_M_AMD64)       || defined(_M_X64)      ) && \
+         !(defined(__APPLE__) && defined(__MACH__))
+ #  define STITCHED_CALL
+ # endif
+diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
+index 603c285..fac5d3c 100644
+--- a/ssl/s3_pkt.c
++++ b/ssl/s3_pkt.c
+@@ -125,8 +125,7 @@
+ #if     defined(OPENSSL_SMALL_FOOTPRINT) || \
+         !(      defined(AES_ASM) &&     ( \
+                 defined(__x86_64)       || defined(__x86_64__)  || \
+-                defined(_M_AMD64)       || defined(_M_X64)      || \
+-                defined(__INTEL__)      ) \
++                defined(_M_AMD64)       || defined(_M_X64)      ) \
+         )
+ # undef EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+ # define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0
+-- 
+2.2.2
+