SRC_FETCH_PATH="http://www.openssl.org/source/openssl-${PKGVER}.tar.gz"
SRC_FETCH_METHOD="http"

# The first 2 patches reduce the per-session memory usage from 72 to 38 kB
# during handshake (measured).
PATCH_LIST="
0001-ssl-don-t-allocate-the-write-buffer-during-the-hands.patch
0002-ssl-release-unused-read-buffer-on-incomplete-client-.patch
0003-rand-fix-null-pointer-dereference-caused-by-unchecke.patch
0004-ssl-change-default-cipher-string-to-AES-RC4-ALL-aNUL.patch

1000-Sort-sstacklst-correctly.patch
1001-Exit-on-error-in-ecparam.patch
1002-Fix-SSL_set_session_ticket_ext-when-used-with-SSLv23.patch
1003-RT3774-double-free-in-DSA.patch
1004-use-X9.31-keygen-by-default-in-FIPS-mode.patch
1005-Clear-BN-mont-values-when-free-ing-it.patch
1006-GH336-Return-an-exit-code-if-report-fails.patch
1007-Fix-warning-when-compiling-with-no-ec2m.patch
1008-RT3990-Fix-include-path.patch
1009-Fix-seg-fault-with-0-p-val-in-SKE.patch
1010-Check-for-0-modulus-in-BN_MONT_CTX_set.patch
1011-Fix-missing-return-value-checks-in-SCTP.patch
1012-Fix-make-test-seg-fault-with-SCTP-enabled.patch
1013-Err-isn-t-always-malloc-failure.patch
1014-Fix-memory-leak-if-setup-fails.patch
1015-Return-error-for-unsupported-modes.patch
1016-GH364-Free-memory-on-an-error-path.patch
1017-Fix-1.0.2-build-break.patch
1018-Fix-DTLS-session-ticket-renewal.patch
1019-Fixed-problem-with-multiple-load-unload-of-comp-zlib.patch
1020-GH354-Memory-leak-fixes.patch
1021-bntest-don-t-dereference-the-d-array-for-a-zero-BIGN.patch
1022-BN_mod_exp_mont_consttime-check-for-zero-modulus.patch
1023-check-bn_new-return-value.patch
1024-RT-3493-fix-RSA-test.patch
1025-RT4002-check-for-NULL-cipher-in-p12_crpt.c.patch
1026-Fix-building-with-OPENSSL_NO_TLSEXT.patch
1027-Fix-session-resumption.patch
1028-Fix-DTLS1.2-buffers.patch
1029-Fix-DTLS1.2-compression.patch
1030-Better-handling-of-verify-param-id-peername-field.patch
1031-Cleaner-handling-of-cnid-in-do_x509_check.patch
1032-Match-SUITEB-strings-at-start-of-cipher-list.patch
1033-RT3754-check-for-NULL-pointer.patch
1034-Use-default-field-separator.patch
1035-Use-memmove-instead-of-memcpy.patch
1036-Check-for-FIPS-mode-after-loading-config.patch
1037-Constify-ECDSA_METHOD_new.patch
1038-d2i-don-t-update-input-pointer-on-failure.patch
1039-Make-no-psk-compile-without-warnings.patch
1040-Fix-return-values-when-adding-serverinfo-fails.patch
1041-RT3757-base64-encoding-bugs.patch
1042-base64-decode-check-for-high-bit.patch
1043-Make-sure-OPENSSL_cleanse-checks-for-NULL.patch
1044-Make-SRP-work-with-www.patch
1045-Handle-SSL_ERROR_WANT_X509_LOOKUP.patch
1046-Fix-SRP-memory-leaks.patch
1047-RT3823-Improve-the-robustness-of-event-logging.patch
1048-RT3479-Add-UTF8-support-to-BIO_read_filename.patch
1049-Make-BUF_strndup-read-safe-on-arbitrary-inputs.patch
1050-BUF_strndup-tidy.patch
1051-BUF_strdup-and-friends-update-docs.patch
1052-SRP-memory-leak-fix.patch
1053-RT2772-accept-empty-SessionTicket.patch
1054-GH367-use-random-data-if-seed-too-short.patch
1055-Fix-more-d2i-cases-to-properly-update-the-input-poin.patch
1056-Validate-ClientHello-extension-field-length.patch
1057-Change-functions-to-pass-in-a-limit-rather-than-calc.patch
1058-Don-t-try-and-parse-boolean-type.patch
1059-Set-flags-to-0-before-calling-BN_with_flags.patch
1060-Properly-check-return-type-of-DH_compute_key.patch
1061-Move-BN_CTX_start-call-so-the-error-case-can-always-.patch
1062-When-ENGINE_add-finds-that-id-or-name-is-missing-act.patch
1063-Don-t-treat-a-bare-OCTETSTRING-as-DigestInfo-in-int_.patch
1064-Typo.patch
1065-RFC5753-compliance.patch
1066-Fix-self-signed-handling.patch
1067-Do-not-treat-0-return-value-from-BIO_get_fd-as-error.patch
1068-Replace-malloc-strlcpy-with-strdup.patch
1069-Fix-memory-leaks-and-other-mistakes-on-errors.patch
1070-Set-salt-length-after-the-malloc-has-succeeded.patch
1071-Check-memory-allocation.patch
1072-Remove-useless-code.patch
1073-BN_GF2m_mod_inv-check-bn_wexpand-return-value.patch

Fix-reference-count-on-error-path-in-SSL_new.patch
Fix-a-null-dereference-in-ssl3_free-upon-error.patch
"
# not ported yet :
#openssl-1.0.1c-flx2.2-cryptodev-1.5.diff
#small-records-1.0.1l.patch

function do_config {
        # To find these options, try "./Configure LIST" then "./Configure TABLE".
	# The colons are just delimiters and all words are allowed on the line.
	# Please read the Configure script in openssl to fin the relevant keywords,
	# as most of them are already implied by the OS target definition and the
	# default compiler !

	if [ "$FLXARCH" == "x86_64" ]; then
		os="linux-x86_64"
		opt=( $GCC_ARCH_CURRENT $GCC_CPU_CURRENT $GCC_OPT_FASTEST )
	elif [ "$FLX_ARCH_SMALL" == "i386" ]; then
		os="linux-elf"
		opt=( $GCC_ARCH_CURRENT $GCC_CPU_CURRENT $GCC_OPT_FASTEST )
	elif [ -n "$FLXARCH" -a -z "${FLXARCH##armv7*}" ]; then
		os="linux-armv4"
		opt=( $GCC_ARCH_CURRENT $GCC_CPU_CURRENT $GCC_OPT_FASTEST -march=armv7-a -D__ARM_MAX_ARCH__=7 )
	elif [ -n "$FLXARCH" -a -z "${FLXARCH##arm*}" ]; then
		os="linux-armv4"
		opt=( $GCC_ARCH_CURRENT $GCC_CPU_CURRENT $GCC_OPT_FASTEST -march=armv5te -D__ARM_MAX_ARCH__=5 )
	elif [ "$FLXARCH" == "sparc" ]; then
		os="linux-sparcv9"
		opt=""
	elif [ "$FLXARCH" == "sparc64" ]; then
		os="linux64-sparcv9"
		opt=""
	elif [ "$FLX_BITS" == "64" ]; then
		os="linux-generic64"
		opt=""
	elif [ "$FLX_BITS" == "32" ]; then
		os="linux-generic32"
		opt=""
	else
		echo "Error: cannot find a suitable OS configuration or this platform."
		echo "Please check instructions in do_config() using 'pkg cat'."
		exit 1
	fi

	# Do not enable cryptodev digests (-DUSE_CRYPTODEV_DIGESTS), as indicated in
	# the README, they significantly lower performance due to the high latency of
	# the ioctl required for cryptodev. Only enable HAVE_CRYPTODEV.

	# disable this if the crypto patch is not applied
	#opt=( "${opt[@]}" -DHAVE_CRYPTODEV )

	CC="$CC" ./Configure --prefix=/usr --openssldir=/usr/share/openssl threads shared "${opt[@]}" "$os"
}

function do_compile_only {
   $FLXMAKE CC=$CC  AR='${FLXCROSS}ar r' RANLIB='${FLXCROSS}ranlib' || exit $?
   $FLXMAKE build-shared CC=$CC AR='${FLXCROSS}ar r' RANLIB='${FLXCROSS}ranlib' || exit $?
   $FLXMAKE -C apps CC=$CC DLIBCRYPTO=../libcrypto.so AR='${FLXCROSS}ar r' RANLIB='${FLXCROSS}ranlib' || exit $?
}

function do_prepack {
    $FLXMAKE install LIBDIR=/lib INSTALL_PREFIX=$ROOTDIR || exit $?
    set_default_perm $ROOTDIR
}